Values for content-security-policy:
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 14,834
upgrade-insecure-requests 14,490
frame-ancestors 'self' 7,751
upgrade-insecure-requests; 6,019
frame-ancestors 'self'; 3,246
block-all-mixed-content 1,956
block-all-mixed-content; 1,280
frame-ancestors 'none' 1,116
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 917
frame-ancestors 'none'; 629
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 472
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 320
default-src https: data: 'unsafe-inline' 'unsafe-eval' 300
report-uri /report-csp-violation 297
265
object-src 'none' 252
frame-ancestors 'self' https://*.ally.ac; 246
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 227
script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 183
default-src * data: 'unsafe-eval' 'unsafe-inline' 173
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 164
frame-ancestors 'self' http://webvisor.com 153
upgrade-insecure-requests;object-src 'none' 153
frame-ancestors * 149
default-src 'self';     style-src 'unsafe-inline';     object-src 'none' 148
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 141
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 136
frame-ancestors 'self' ; 124
frame-ancestors 'self' godaddy.com *.godaddy.com 101
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 97
; 96
default-src 'none' 93
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 88
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 83
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 83
default-src 'self' http: https: data: blob: 'unsafe-inline' 81
report-uri /report-csp-violation; upgrade-insecure-requests 78
img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in data:;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 77
frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 75
frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com 74
* 73
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 71
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 71
self 68
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 67
upgrade-insecure-requests; frame-ancestors 'self' 66
upgrade-insecure-requests; block-all-mixed-content 64
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 61
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 59
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 58
frame-ancestors 'self'; upgrade-insecure-requests 57
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 56
frame-ancestors 'self' https://*.akifast.com akifast.com 56
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com 55
frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 55
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 54
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 52
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 50
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 49
frame-ancestors 'self' *.plentymarkets-cloud-de.com 48
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 47
frame-src * 47
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 46
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 45
upgrade-insecure-requests;connect-src * 44
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnxs.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.programattik.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tradingview.com *.tribalfusion.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ads.vidoomy.com api-maps.yandex.ru c1.imgiz.com cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.ravenjs.com gdetr.hit.gemius.pl google.com googlesyndication.com invstatic101.creativecdn.com lidertv.radyotelekom.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com script.4dex.io static-maps.yandex.ru tags.crwdcntrl.net trgde.adocean.pl yastatic.net; 44
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 43
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 43
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 42
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 42
default-src 'self' 42
frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 42
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 42
frame-ancestors 'self' https://cms.scrippsdigital.com 42
img-src https: data:; upgrade-insecure-requests 41
default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data: 'unsafe-inline'; 40
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 40
upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 39
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 39
base-uri 'self' 38
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 38
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 37
base-uri 'self'; 37
frame-ancestors 'self' ;upgrade-insecure-requests; 36
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 35
frame-ancestors 'self' azeu.marketing.adobe.com 35
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 35
block-all-mixed-content; upgrade-insecure-requests; 35
default-src 'self' 'unsafe-inline' 35
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 35
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 35
frame-ancestors 'self'; report-uri /report-csp-violation 33
frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camutik.com *.camutik.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com kinkyspa.com *.kinkyspa.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 33
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 32
child-src * blob: 32
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 32
frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 31
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 31
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 30
frame-ancestors 'self' www.bookends.info *.bookends.info 30
frame-ancestors 30
upgrade-insecure-requests; block-all-mixed-content; 30
object-src 'none'; 30
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 30
frame-ancestors  'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* *.espnqa.com:* 29
frame-ancestors self 29
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 29
frame-ancestors 'self' ; base-uri 'self'; 29
default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 29
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 29
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 29
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 29
frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 28
frame-ancestors 'self' *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com; 27
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 27
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl 27
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 26
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 25
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 25
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://vars.hotjar.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.loom.com/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 25
frame-ancestors 'self' https://app.contentful.com 25
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 25
frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 25
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 25
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 24
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 24
frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 24
default-src 'self'; script-src 'self' 'unsafe-inline' 24
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 24
script-src 'self' https://static.cloudflareinsights.com https://stage-rotators-cdn.griffona.app https://cdnboost.net *.google-analytics.com; connect-src * 24
frame-ancestors 'self'; upgrade-insecure-requests; 23
frame-ancestors none 23
frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 23
default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 23
frame-ancestors 'self' devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:*; 23
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com www.gstatic.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.oculuscdn.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk *.teststagram.com *.igsonar.com *.google-analytics.com *.whatsapp.net;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.giphy.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 22
img-src *; 22
block-all-mixed-content; upgrade-insecure-requests 22
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 22
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 22
block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 21
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 21
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 21
default-src 'self'; 21
frame-ancestors 'self' https://testbaba.virtualcms.it 21
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 21
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 21
upgrade-insecure-requests; frame-ancestors 'self'; 20
script-src 'self' 20
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 20
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net  *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackit.tk/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 20
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 20
frame-ancestors 'self' https://omnidoctor.ru/ 20
frame-ancestors 'self' xerox.com *.xerox.com 19
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 19
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 19
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 19
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 19
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 19
default-src 'self'; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src * ; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 19
frame-ancestors 'self' https://secure.safecharge.com; 19
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 18
block-all-mixed-content; frame-ancestors 'self' 18
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net be.durationmedia.net stage-be.durationmedia.net stage-tag.durationmedia.net tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com safeframe.googlesyndication.com cdn.confiant-integrations.net rumcdn.geoedge.be tr.snapchat.com;connect-src 'self' *.be.durationmedia.net *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com be.durationmedia.net geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com durationmedia-d.openx.net rtb.openx.net u.openx.net js-sec.indexww.com dsum.casalemedia.com htlb.casalemedia.com ssp.theadx.com bid.contextweb.com bh.contextweb.com t.pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image8.pubmatic.com ads.servenobid.com public.servenobid.com sync.1rx.io ap.lijit.com sync.adkernel.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.jebbit.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me;media-src www.lntvglobal.com *.livenationinternational.com video.amondo.com;worker-src 'self' blob: 18
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 18
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 18
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 18
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 18
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 17
frame-ancestors 'none'; upgrade-insecure-requests 17
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 17
frame-ancestors 'self' https://*.vmware.com; 17
frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 17
frame-ancestors 'self' https://app.storyblok.com 17
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 17
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 17
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 17
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri https://www.cgm.com/cspreporting.php; report-to csp-endpoint; 17
frame-ancestors 'self' https://staging-app.boxoffice.com https://app.boxoffice.com 17
default-src 'self' https://niccicms.raj.nic.in/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' 'unsafe-eval' data:; 17
default-src https: 'unsafe-inline' 'unsafe-eval' 17
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 17
frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 16
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 16
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 16
script-src 'unsafe-inline' 'unsafe-eval' http: https: 16
object-src 'none'; base-uri 'self' 16
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com chat.dropped.net.pl js.pusher.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 16
prefetch-src *.b-cdn.net *.metartnetwork.com *.metart.com *.hustler.com *.metartmoney.com *.google-analytics.com *.googletagmanager.com;default-src 'self' blob: *.b-cdn.net *.metartnetwork.com *.metart.com *.hustler.com;connect-src 'self' blob: wss: *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.sentry.io *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.vwo.com;script-src 'self' 'unsafe-inline' *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.hustler.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.hustlerlive.com *.barelylegallive.com *.vscdns.com;media-src 'self' data: blob: *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.hustler.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 16
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 16
script-src * 'unsafe-inline' 'unsafe-eval' 16
frame-ancestors none; 16
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 16
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 16
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 15
font-src 'self' 15
frame-ancestors 'self'; frame-src 'self' https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com 15
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 15
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 15
default-src='self' 15
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 15
default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 15
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.clevernt.com *.cleverwebserver.com 15
upgrade-insecure-requests; base-uri 'self' 15
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.dynatrace.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com  https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com blob:; 15
img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 15
frame-ancestors 'self'; object-src 'self' 15
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 15
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 15
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 15
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com  https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com; 14
upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roeyecdn.com *.unpkg.com *.googleadservices.com *.2checkout.com *.cookielaw.org *.criteo.com *.dwin1.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se *.bitdefender.co.jp bitdefender.co.jp bitdefender.applytojob.com *.adobe.com *.facebook.com *.facebook.net *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.ads-twitter.com  *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.hsforms.net *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de dpm.de *.mdex.net mdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net *.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net *.scarabresearch.com *.zenaps.com pixel.xonaz.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com *.outgrow.us *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com ad4m.at *.googletagmanager.com bat.bing.com *.impactradius-event.com *.outbrain.com *.gartner.com *.gstatic.com *.licdn.com *.bizible.com *.clarity.ms *.demandbase.com *.hs-scripts.com *.sf14g.com *.hsadspixel.net *.hs-analytics.net *.hsleadflows.net *.hs-banner.com *.usemessages.com *.company-target.com *.techtarget.com *.privacyportal-de.onetrust.com *.geolocation.onetrust.com *.avads.net; 14
frame-ancestors 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.disneyplus.com:*;worker-src 'self' blob:;manifest-src 'self' *.disneyplus.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 14
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 14
frame-ancestors 'self' app.storyblok.com 14
default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net; object-src 'none' 14
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 14
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 14
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 14
frame-ancestors 'self' https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://deco.cx https://admin.deco.cx 14
frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 14
connect-src http://ip-api.com/ 'self' https: data: 14
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 14
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 14
frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com 14
default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 14
default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 14
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js  https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation 13
require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 13
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com 13
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 13
upgrade-insecure-requests; frame-ancestors 'none' 13
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 13
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 13
frame-ancestors *; 13
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 13
frame-ancestors 'self' eu-app.contentstack.com/ app.contentstack.com/ 13
script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io https://www.google-analytics.com wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com 'self' 'unsafe-inline'; report-uri https://www.komaxchile.cl/rest/all/V1/cspmanager/frontend_report; 13
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 13
img-src * data: blob: 13
frame-ancestors 'self' https://preview.citynavigator.nl 13
frame-ancestors 'self' https://play.workadventu.re 13
default-src https://*.db.de https://wirsindgueter.de https://*.deutschebahn.com; media-src *; script-src https://*.adobedtm.com https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com 'self' 'unsafe-inline' https://dbsedbcgprod.112.2o7.net 'unsafe-eval'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com https://*.db.de https://dpm.demdex.net; img-src 'self' blob: data: https://*.deutschebahn.com https://*.db.de https://dbsedbcgprod.112.2o7.net dbsedbcgdev.112.2o7.net; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com https://*.youtube.com; font-src 'self'; manifest-src 'self'; frame-ancestors https://*.deutschebahn.com 13
frame-ancestors 'self' *; upgrade-insecure-requests; 13
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 12
frame-ancestors 'self' https://console.dnspod.cn 12
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 12
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 12
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la3-c1-fra.salesforceliveagent.com d.la3-c1-fra.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com c.la1-c2-par.salesforceagent.com d.la2-c2-cdg.salesforceliveagent.com bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com 12
reflected-xss block 12
default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; 12
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 12
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  prefetch-src 'self' ;  img-src https: data: ; 12
frame-ancestors 'self' https://virtual-tours.msccruises.com; 12
object-src 'self' 12
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 12
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 12
default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 12
frame-ancestors 'self' https://*.etracker.com 12
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 12
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 12
frame-ancestors 'self' *.facebook.com 12
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.69.121 http://62.210.201.98 http://195.154.189.204 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 12
form-action 'self' 12
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.us.coca-cola.com; frame-src  https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline' 'self' maps.google.com maps.googleapis.com www.google.com; 12
default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 12
upgrade-insecure-requests; frame-ancestors: self 12
frame-ancestors 'self' https://*.getresponse.com 12
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 12
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com 11
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com https://images.sw.broadcom.com/ *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 11
frame-ancestors 'self' https://metrika.yandex.ru/ 11
upgrade-insecure-requests; frame-ancestors *.stern.de *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.capital.de *.geo.de; frame-src *; 11
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 11
frame-ancestors 'self' letmedate.com www.letmedate.com 11
require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 11
img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com data: maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 11
report-to default 11
base-uri 'none'; default-src 'self'; connect-src 'self' https: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https: googleads.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' data: https:; object-src 'none'; prefetch-src dash.infinityfree.com forum.infinityfree.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: www.google-analytics.com pagead2.googlesyndication.com www.google.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; worker-src 'none'; block-all-mixed-content; report-uri https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e; 11
default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 11
policy-definition 11
default-src * 'unsafe-inline' 'unsafe-eval' data:; 11
worker-src 'self' 11
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 11
frame-ancestors 'self' *.affino.com; 11
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.yourhosting.nl *.freshdesk.com *.freshchat.com *.yourhosting.nl yourhosting.nl demo.arcade.software *.typeform.com *.hsforms.com *.doubleclick.net 11
frame-ancestors 'self' * 11
script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com; object-src 'none' 11
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 11
frame-ancestors 'self' *.deloitte.com; 11
frame-ancestors https://*.myshopify.com https://admin.shopify.com 11
font-src 'none' 11
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.awin1.com *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com www.googleoptimize.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.sovendus.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.teads.tv *.tealiumiq.com *.tiqcdn.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.google-analytics.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.pinterest.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.solutenetwork.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.teads.tv collect.tealiumiq.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud stihlb2bdocuments.blob.core.windows.net s.yimg.com *.youtube-nocookie.com www.wepowerconnections.com *.zenloop.com; img-src 'self' *.ad-stir.com *.360yield.com *.3lift.com *.addthis.com *.adingo.jp *.admixer.co.kr *.adscale.de *.adform.net *.adnxs.com *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.ants.vn *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.bing.com *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.fwnm.net *.foxbase.de *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.by *.google.ca *.google.cd *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.tg *.google.tn *.google.tt *.google.vu *.guuru.com *.gstatic.com *.herrenseite.de *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.rambler.ru *.revcontent.com *.rlcdn.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.sovendus.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.tremorhub.com *.turn.com *.twiago.com typekit.net *.typekit.net *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; style-src 'self' 'unsafe-inline' *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.onetrust.com *.sovendus.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com apps.bazaarvoice.com cdnjs.cloudflare.com *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com assets.oney.io cdn.parcellab.com *.sovendus.com *.stihl.de typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.google.com *.guuru.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com static.stihl.com *.dam.stihl.cloud *.stihl-dns.net *.teads.tv e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com; child-src 'self' blob: *.guuru.com 11
frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://www.dwin1.com; object-src 'none'; base-uri 'none'; 11
frame-ancestors 'self' *.hexia.io *.zigtools.nl 11
none 11
frame-ancestors 'none';upgrade-insecure-requests; 11
default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 11
default-src 'self' p11.techlab-cdn.com; script-src 'self' 'unsafe-eval' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de https://ucm-eu.verint-cdn.com p11.techlab-cdn.com; connect-src 'self' https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com wss://hoover-eu.verint-api.com p11.techlab-cdn.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net; frame-ancestors 'self'; style-src 'self' https://www.jsctool.com https://jsctool.com https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 11
frame-ancestors 'self' *.plentymarkets-cloud-ie.com 11
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 10
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 10
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 10
frame-ancestors 'self' https://www.thomsonreuters.com 10
frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 10
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10
frame-ancestors 'self' http://localhost:* https://*.bustle.com https://*.bdg.com 10
upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 10
object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 10
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 10
img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 10
frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn https://sqs-admin.biz.sheinbackend.com https://sqs-admin-gray01.biz.sheinbackend.com https://ccc.biz.sheincorp.cn https://ccc-store.biz.sheincorp.cn https://ccc-store.shein.com *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se 10
default-src 'self' https: data: blob: https://ct.pinterest.com https://s.amazon-adsystem.com https://*.fls.doubleclick.net https://trends.revcontent.com https://static.criteo.net https://gum.criteo.com https://maps.google.com https://www.google.com https://cdnapisec.kaltura.com https://www.pravaler.com.br https://cruzeirodosul.postclickmarketing.com https://www.youtube.com https://www.facebook.com https://cdn.cookielaw.org https://fonts.gstatic.com https://*.googleusercontent.com https://ka-f.fontawesome.com; object-src 'none'; connect-src 'self' https: data: blob: https://hxdaii.unicid.edu.br https://api.shopback.net https://ckies.net https://click.retargeter.com.br https://*.shoptarget.com.br https://server-side-tagging-vuffe35pkq-rj.a.run.app https://biblioteca.cruzeirodosul.edu.br https://biblioteca.unicid.edu.br https://biblioteca.unifran.edu.br https://biblioteca.unipe.edu.br https://biblioteca.udf.edu.br https://biblioteca.modulo.edu.br https://biblioteca.fass.edu.br https://biblioteca.ceunsp.edu.br https://biblioteca.cesuca.edu.br https://biblioteca.fsg.edu.br https://biblioteca.brazcubas.edu.br https://biblioteca.up.edu.br https://ct.pinterest.com https://s.yimg.com https://suite.linximpulse.net https://cdn.linkedin.oribi.io https://sslwidget.criteo.com https://geolocation.onetrust.com https://onesignal.com https://csmetrics.hotjar.com wss://ws.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://stats.g.doubleclick.net https://in.hotjar.com https://y.clarity.ms https://www.google.com.br https://analytics.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://ka-f.fontawesome.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: data: blob: https://analytics.tiktok.com https://100019114.collect.igodigital.com https://poscompra.shopconvert.com.br https://static.shopback.net https://app.shoptarget.com.br https://c.amazon-adsystem.com https://s.yimg.com https://s.pinimg.com https://suite.linximpulse.net https://sslwidget.criteo.com https://dynamic.criteo.com https://track.omguk.com https://snap.licdn.com https://ionfiles.scribblecdn.net https://widgets.ebscohost.com https://www.youtube.com https://script.hotjar.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://cdn.krxd.net https://www.clarity.ms https://googleads.g.doubleclick.net https://onesignal.com https://cdn.cookielaw.org https://kit.fontawesome.com https://*.googleusercontent.com https://cdn.onesignal.com https://www.googletagmanager.com; img-src 'self' https: data: blob: https://cruzeirodosulvirtual.com.br https://www.cruzeirodosulvirtual.com.br https://www.cruzeirodosul.edu.br https://www.unicid.edu.br https://www.unifran.edu.br https://www.unipe.edu.br https://www.udf.edu.br https://www.modulo.edu.br https://www.fass.edu.br https://www.ceunsp.edu.br https://www.cesuca.edu.br https://www.fsg.edu.br https://www.brazcubas.edu.br https://www.up.edu.br https://connect.facebook.net https://graph.facebook.com https://www.facebook.com https://ct.pinterest.com https://sp.analytics.yahoo.com https://dpm.demdex.net https://i6.liadm.com https://tags.bluekai.com https://dis.criteo.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://s.ad.smaato.net https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://i.liadm.com https://matching.ivitrack.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://gum.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://px.ads.linkedin.com https://c.bing.com https://*.googleusercontent.com https://c.clarity.ms https://res.cloudinary.com https://www.google.com https://www.google.com.br https://www.google-analytics.com https://www.googletagmanager.com https://noticias.cruzeirodosuleducacional.edu.br https://cdn.cookielaw.org https://immakers4ds10371783.o18.link; style-src 'unsafe-inline' 'self' https: data: blob: https://onesignal.com https://fonts.googleapis.com https://*.googleusercontent.com; frame-src https: https://*.kaltura.com https://ct.pinterest.com https://www.facebook.com https://gum.criteo.com https://s.amazon-adsystem.com https://*.fls.doubleclick.net https://simule.pravaler.com.br https://cadastro.creditouniversitario.com.br 10
frame-ancestors 'self' *.ci360.sas.com app.contentstack.com 10
default-src 'self'; connect-src 'self' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; frame-src 'self' *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com; img-src 'self' data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.youtube.com *.spotify.com; object-src 'self' *.oembed.com *.vimeo.com *.youtube.com; script-src 'self' 'unsafe-eval' *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com go.bonterratech.com www.googleadservices.com *.6sc.co cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.bonterratech.com/report-uri/enforce 10
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 10
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 10
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 10
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none' 10
default-src 'self' 'unsafe-inline' 'unsafe-eval' 10
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 10
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 10
frame-ancestors 'none' ; 10
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 10
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 10
frame-ancestors 'self' *.mydukaan.io; 10
frame-ancestors 'self' https://accept.authorize.net 10
frame-ancestors https://cms-prod.brxm.grandvision.io 10
unsafe-inline 10
script-src https: 'unsafe-inline' 'unsafe-eval' 10
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 10
frame-ancestors https://web.telegram.org 10
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 10
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com 10
frame-ancestors https://login.smartweb.test https://webshop.scannet.dk https://webshop-admin.scannet.dk https://admin.hostedshop.dk https://admin.hostedshop.io https://admin.hostedcms.nu https://admin.hostedcms.io https://webshop.dandomain.dk https://admin.smartweb.io 10
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 10
frame-ancestors 'self' *.intuit.com 9
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 9
frame-ancestors 'self' https://medium.com 9
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 9
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 9
script-src 'sha256-KXVenHG583A83LgYtdx9xEh45z4umJCe6yQqRczE4bs=' 'self' jobs.jobvite.com www.googletagmanager.com 9
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 9
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com; font-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net; base-uri 'self'; 9
form-action https: 9
default-src *.acer.com *.acer.com.cn https: blob: data: 'unsafe-inline' 'unsafe-eval';object-src *;script-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.acer.com *.acer.com.cn;img-src * 'self' data: https:;font-src * 'self' data: https:;worker-src 'self' blob:; 9
frame-ancestors *.ivanti.com https://dash.cloudflare.com 9
frame-ancestors https://*.marketo.com 9
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ 9
frame-ancestors 'self' https://es.chevrolet.com 9
report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 9
frame-ancestors 'self'; base-uri 'self'; 9
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9
frame-ancestors 'self'; base-uri 'self' 9
frame-ancestors 'self'; object-src 'none'; 9
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 9
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 9
base-uri 'self'; frame-ancestors 'self' 9
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar https://www.viajanet.com.br https://www.viajesfalabella.com.co https://superapplab.davivienda.com https://superapplabv2.davivienda.com https://superapp.davivienda.com https://transacciones.davivienda.com 9
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 9
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro accounts.google.com www.google.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 9
frame-ancestors 'self' https://translate.google.com 9
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 9
upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 9
frame-ancestors 'self' https://*.bdo.global 9
default-src * 'unsafe-inline' 'unsafe-eval' data: 9
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9
default-src  'self' *.fg.cz localhost localhost-promo;font-src  'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src  'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz;form-action  'self' *.fg.cz *.facebook.com;frame-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors  'self' *.fg.cz;img-src  'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src  'self' *.fg.cz 9
default-src * 'unsafe-inline' 'unsafe-eval'; 9
frame-ancestors 'self' *.hotmart.com *.buildstaging.com *.kpages.com.br *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 9
worker-src 'self' blob: 9
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com;  script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 9
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 9
frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 9
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 9
frame-ancestors 'self' http://*.elsevier.es/ 9
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 9
frame-ancestors 'self' https://gtranslate.io; 9
frame-ancestors 'self';  report-uri /log/csp-violation 9
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 8
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 8
base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' *.force.com *.media.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.eu.auth0.com *.usercentrics.eu adservice.google.com adservice.google.com api.dc.siemens.com assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com cognito-identity.eu-west-1.amazonaws.com data.cdn.siemens.com dataplane.rum.eu-west-1.amazonaws.com dc.oracleinfinity.io dev.api.dc.siemens.com edge.api.brightcove.com geolocation.onetrust.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com www.siemens.com *.ingest.sentry.io privacyportal-eu.onetrust.com profiles.siemens.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sts.eu-west-1.amazonaws.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w3.siemens.com www.facebook.com www.google.com www.google.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud mktdplp102cdn.azureedge.net 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com *.virtualevent.siemens.com go.cuenect.de partnerinfo.siemens.at hitech.at www.siemens.at resource.finnchat.com api-fra.livechatinc.com ue2gfcryae.execute-api.eu-central-1.amazonaws.com sea-api.siemens.cloud sleeknotestaticcontent.sleeknote.com images.sleeknote.com dvt4t9p29wi8.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com www.hqs.sbt.siemens.com www.cdn.botfriendsx.com *.smooch.io wss://*.smooch.io d1p0l0wtisukf7.cloudfront.net author.new.siemens.com cdn.linkedin.oribi.io rs.eu1.fullstory.com cert-portal.siemens.com api.demandbase.com www.yousty.ch survey.adlytics.net ghsszvtech.execute-api.us-east-1.amazonaws.com participant.connect.us-east-1.amazonaws.com wss://tufsuyburufn.transport.connect.us-east-1.amazonaws.com gbs-emobility-chat.s3.us-east-1.amazonaws.com irpages2.eqs.com api.maze.co prompts.maze.co fairtouch.siemens.com cdn.fairtouch.siemens.com author.new.siemens.com community.siemens.com directline.botframework.com api.xcelerator.siemens.com api.marketplace.siemens.com public-apim.siemens.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: tools.adlytics.net script.hotjar.com www.cdn.botfriendsx.com; frame-ancestors 'self' *.c2comms.cloud contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com; frame-src 'self' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu bid.g.doubleclick.net td.doubleclick.net cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com jobs.siemens-info.com pages.siemens-info.com playout.3qsdn.com sites.siemens-info.com tpc.googlesyndication.com www.facebook.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com secure-fra.livechatinc.com vars.hotjar.com *.c2comms.cloud *.siemens.com maestrobot.it-app.biz; img-src 'self' *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: dc.ads.linkedin.com dc.oracleinfinity.io googleads.g.doubleclick.net metrics.brightcove.com px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com siemens.mindsphere.io siemens.sc.omtrdc.net stats.adlytics.net t.co tr.outbrain.com trc.taboola.com www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com cdn.go.cuenect.net siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com partnerinfo.siemens.at hitech.at baudoku.1000eyes.de cdn.livechatinc.com cdn.livechat-files.com analytics.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud *.smooch.io ib.adnxs.com maestrobot.it-app.biz www.blids.de analytics.twitter.com *.prescreen.io; manifest-src 'self' *.c2comms.cloud; media-src 'self' *.cf.brightcove.com *.media.brightcove.com assets.new.siemens.com blob: data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net secure.brightcove.com; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ajax.googleapis.com analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com client.rum.us-east-1.amazonaws.com connect.facebook.net cookies.siemens.com d.oracleinfinity.io data.cdn.siemens.com dataplane.rum.eu-central-1.amazonaws.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com my.nanorep.com new.siemens.com www.siemens.com players.brightcove.net profiles.siemens.com scripts.demandbase.com siemensdigitalindustries.nanorep.co snap.licdn.com static.ads-twitter.com tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com mktdplp102cdn.azureedge.net wwwstage.siemens.com resource.finnchat.com cdn.livechatinc.com api.livechatinc.com api-fra.livechatinc.com secure-fra.livechatinc.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com *.smooch.io 322e30018b7e4846825041773c891f42.svc.dynamics.com www.sfs.siemens.de *.virtualevent.siemens.com *.c2comms.cloud edge.eu1.fullstory.com snippet.maze.co; style-src 'self' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com new.siemens.com www.siemens.com profiles.siemens.com tools.adlytics.net w3.siemens.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com www.sfs.siemens.de; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o4504753513824256.ingest.sentry.io/api/4505124930846720/security/?sentry_key=25c01f957d7a4a1887ecbe97323bdba6&sentry_environment=siemenscom-prod&sentry_release=1db8ce0f; 8
connect-src * 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com  tags.tiqcdn.com  www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com  *.licdn.com; connect-src 'self' *.scene7.com  target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com  *.linkedin.com  *.licdn.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 8
block-all-mixed-content;frame-ancestors *.mail.com 8
frame-ancestors 'self' https://guides.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https:; object-src https:; child-src https:; 8
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org; 8
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 8
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 8
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 8
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.app; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://www.energiewechsel.de; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 8
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 8
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/  https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net  *.verbraucherzentrale.de; 8
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 8
default-src 'self' *.miraheze.org *.mirabeta.org;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com scratchblocks.github.io openlayers.org phab.miraheze.wiki www.gstatic.cn hcaptcha.com *.hcaptcha.com;  style-src 'self' data: 'unsafe-inline' *.miraheze.org *.mirabeta.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com phab.miraheze.wiki hcaptcha.com *.hcaptcha.com;  img-src blob: 'self' data: *.miraheze.org *.mirabeta.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org scratchblocks.github.io docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com phab.miraheze.wiki *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc;  font-src 'self' data: *.miraheze.org *.mirabeta.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com phab.miraheze.wiki upload.wikimedia.org;  media-src 'self' blob: *.miraheze.org *.mirabeta.org upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com;  frame-src 'self' *.miraheze.org *.mirabeta.org www.google.com docs.google.com apis.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com;  connect-src 'self' *.miraheze.org *.mirabeta.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 8
; frame-ancestors 'self' 8
frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https:; style-src * 'self' 'unsafe-inline' https: 8
script-src 'self' 'unsafe-inline' 8
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 8
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 8
default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 8
frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 8
form-action 'self'; 8
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com 8
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 8
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 8
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 8
object-src 'self'; 8
frame-ancestors https:; default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://*.algolia.net https://*.algolianet.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.polyfill.io https://cdn.amplitude.com https://static.cloudflareinsights.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com *; form-action api-iam.intercom.io intercom.help; media-src *.intercomcdn.com; 8
frame-ancestors 'self' http://admin.bonami.cz 8
style-src * 'self' 'unsafe-inline'; 8
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc=' blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 8
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://js.monitor.azure.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/; img-src 'self' data: https://*.nhn.no https://www.fnsp.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; connect-src 'self' https://esp-eu.aptrinsic.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com/ https://youtu.be/ https://medfilm.se/ https://film.oslo-universitetssykehus.no/ https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://podcasts.apple.com https://ekstranett.helse-midt.no/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no https://fnsp.fnsp.nhn.no https://www.fnsp.no https://navikt.github.io https://acast.com/ https://www.acast.com/ https://hf02.totaldata.no/ https://players.brightcove.net/ https://*.fnsp.nhn.no; frame-ancestors 'self'; 8
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 8
worker-src 'self'; 8
frame-ancestors https://app.contentful.com 8
object-src 'self'; frame-ancestors 'self' 8
script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 8
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 8
frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443 'self' 8
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' https:; frame-src 'self' https: 8
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 8
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.nukeasset.com static.nukeasset.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.livechatinc.com; object-src 'self' data:; connect-src 'self' data: cdn.nukeasset.com static.nukeasset.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action *.tawk.to 8
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 8
upgrade-insecure-requests; frame-ancestors 'self'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 8
frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 8
base-uri 'self';frame-ancestors 'self' 8
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 7
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 7
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 7
frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 7
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 7
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 7
default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com blob: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;connect-src data: *;font-src 'self' *.vercel.com *.gstatic.com vercel.live;worker-src 'self' *.vercel.com blob: 7
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 7
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://lantern.roeyecdn.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.ca/ https://www.google.fr/ https://www.google.be/ https://www.google.ch/ https://bat.bing.com/ https://lantern.roeye.com/ https://c.clarity.ms/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.awin1.com/ https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/ https://td.doubleclick.net/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://bat.bing.com/ https://z.clarity.ms/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 7
default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snippet.maze.co https://feed.pghub.io https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src 'none'; 7
default-src * 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors *; upgrade-insecure-requests; object-src 'none' 7
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 7
default-src https: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; object-src 'none'; frame-ancestors 'none' 7
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 7
default-src 'self' https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://connect.facebook.net https://www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/ https://*.clarity.ms/ https://boards.greenhouse.io/ https://analytics.tiktok.com/ https://www.youtube.com/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://api.usercentrics.eu/; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://*.pcdn.co/ https://*.typeform.com/; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net https://www.snapengage.com https://*.pcdn.co/ https://*.typeform.com/; frame-src 'self' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://iframe.dacast.com https://www.facebook.com https://*.fls.doubleclick.net https://*.g.doubleclick.net www.snapengage.com https://boards.greenhouse.io/ https://*.pcdn.co/ https://*.typeform.com/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://www.canva.com/ https://dev.visualwebsiteoptimizer.com https://adservice.google.com/; font-src 'self' https://fonts.gstatic.com data: https://*.pcdn.co/ https://*.typeform.com/; connect-src 'self' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/ https://analytics.tiktok.com/ https://bat.bing.com/ https://*.clarity.ms/ https://*.pcdn.co/ https://*.typeform.com/ https://*.usercentrics.eu/; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests 7
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 7
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com blob:; 7
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/; upgrade-insecure-requests 7
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ihk-wahl.info  24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io  *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.powr.io app.sli.do auskunft.nvv.de baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de branchenpuls.odis-berlin.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net easy-feedback.com easy-feedback.de editor.signavio.com embed.nexx.cloud eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.selbstdenker.com ihk24.omq.de ihk24.omq.io ihknw.pi-asp.de ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: maps2.sylphen.com matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myjobboard.de n873043.websitebuilder.online pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de  smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vstdbv3 w.soundcloud.com walls.io web.inxmail.com wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.econda-monitor.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.media42day.com www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.total-lokal.de www.tvo.de www.vvs.de www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de  ;  report-uri /blueprint/servlet/csplogging/logViolation ; 7
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 7
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 7
object-src 'none'; frame-ancestors 'self'; 7
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 7
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 7
font-src 'self' * 'unsafe-inline' 'unsafe-eval' *.ascension.org ; 7
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 7
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 7
default-src 'self';frame-src 'self' player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com *.doubleclick.net *.facebook.com;media-src 'none';font-src 'self' blob: data: *.abtasty.com *.gstatic.com *.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com widget.dixa.io *.polyfill.io datadome.co *.app.cookieinformation.com *.google.com www.googletagmanager.com tagmanager.google.com *.sentry.io *.sentry-cdn.com *.bing.com blob: *.abtasty.com *.googleapis.com;img-src 'self' data: *.bing.com *.google.com tags.srv.stackadapt.com *.doubleclick.net *.linkedin.com *.facebook.com *.ytimg.com *.googletagmanager.com *.amazonaws.com *.abtasty.com *.hotjar.com *.google.es *.google.co.uk *.google.fr *.google.dk *.google.it *.google.de *.google.no *.google.pt *.google.ie *.google.ch *.google.nl *.google.be *.google.pl *.google.se *.google.at *.google.ca blob: *.abtasty.com *.amazonaws.com images.tgtg.ninja i.vimeocdn.com apptoogoodtogo.com;worker-src 'self' blob: www.google.com;style-src 'self' 'unsafe-inline' static.hotjar.com script.hotjar.com tags.srv.stackadapt.com *.gstatic.com *.googleapis.com unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com;connect-src 'self' *.bing.com cdn.linkedin.oribi.io tags.srv.stackadapt.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.facebook.com *.google.com *.linkedin.com localhost:* www.google-analytics.com *.abtasty.com *.sentry.io www.google.com logs1412.xiti.com *.app.cookieinformation.com mkt-cms.toogoodtogo.com mkt-cms.toogoodtogo.com adservice.google.com mkt-cms-staging.toogoodtogo.com;form-action 'self' *.google.com *.facebook.com *.facebook.net;script-src-elem 'self' 'unsafe-inline' localhost:* *.googleadservices.com *.google.com *.google.es *.google.co.uk *.google.fr *.google.dk *.google.it *.google.de *.google.no *.google.pt *.google.ie *.google.ch *.google.nl *.google.be *.google.pl *.google.se *.google.at *.google.ca connect.facebook.net snap.licdn.com *.realytics.io *.hotjar.com *.hotjar.io *.hotjar.com *.bing.com *.abtasty.com www.googletagmanager.com *.app.cookieinformation.com *.aticdn.net tags.srv.stackadapt.com;object-src 'none'; 7
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 7
frame-ancestors https://app.storyblok.com/ 7
frame-ancestors 'self' https://cms.hanleywood.com 7
frame-ancestors 'self' https://dato-plugin-3zrf.vercel.app *.factorial.be *.factorial.ch *.factorial.co *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.br *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.factorialhr.com 7
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 7
upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 7
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 7
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 7
default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none 7
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 7
'self' ; 7
default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com;upgrade-insecure-requests ;report-uri /csp/report 7
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self'  *.addthis.com *.clarity.ms *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.google.com *.hs-banner.com *.hsforms.com *.hscollectedforms.net *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.teamusa.org analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com dw5zrj66pk.execute-api.us-east-1.amazonaws.com edge.api.brightcove.com failover-k8s-widgets.sports.gracenote.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io ogdemo-api.sports.gracenote.com og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net sdk.classy.org siteintercept.qualtrics.com sportapi-widgets.sports.gracenote.com sportapi.widgets.sports.gracenote.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usopc.tfaforms.net widgets.sports.gracenote.com widgetfailover.sports.gracenote.com ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ ws://localhost:24678/ ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ www.facebook.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data://* data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org la28.qualtrics.com link.teamusa.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.safeframe.googlesyndication.com *.sport80.com *.tiktok.com *.tourneymachine.com *.ttwstatic.com *.twitter.com *.wufoo.com abc11.com anchor.fm app-ab22.marketo.com archivist.teamusa.org bbox.blackbaudhosting.com c.streamhoster.com cdn.flipsnack.com console.googletagservices.com content.usawmembership.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com judoreferee.com kingsumo.com livestream.com mdm-iframe.teamusa.com online.anyflip.com photos.pixlee.co player.vimeo.com players.brightcove.net public.tableau.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm snapwidget.com st.chatango.com streaming.enetlive.tv support.teamusa.org tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com usatt.simplycompete.com usawaterski.org vplayer.nbcolympics.com vplayer.nbcsports.com www.bullseyelocations.com www.buzzsprout.com www.classy.org www.givedirect.org www.googletagmanager.com www.instagram.com www.omegawatches.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com www.youtube.com www.youtube-nocookie.com; img-src 'self' https://usat-production.s3.amazonaws.com/ *.ads.linkedin.com *.adsafeprotected.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.twimg.com *.twitter.com barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.addthis.com *.adsafeprotected.com *.britecove.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.hubspot.com *.instagram.com *.pxlecdn.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com assets.pixlee.com/assets/fp.js az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com c.bing.com cdn.evgnet.com/beacon/usolympicparalympic/ cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com countdown.omegawatches.com cse.google.com feedback.hubapi.com images.teamusa.org kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com siteintercept.qualtrics.com stackpath.bootstrapcdn.com static.ads-twitter.com tableau.usoc.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com widgets.sports.gracenote.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com zn6x64ufidwjzj7w2-la28.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.fonts.net cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com images.teamusa.org www.google.com/cse/ lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org www.trackwrestling.com; worker-src 'self' blob: https://teamusa.report-uri.com/r/d/csp/enforce; report-uri ; 7
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 7
default-src 'self' data: *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self'; child-src 'self' ujet.co *.ujet.co blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com; connect-src 'self' *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io  kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com; img-src 'self' data: https://arttrk.com https://trkn.us https://rdcdn.com p.alocdn.com aa.trkn.us i.ytimg.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com  *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 7
block-all-mixed-content; frame-ancestors 'none'; 7
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 7
frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com; 7
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 7
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 7
default-src https: 'unsafe-eval' 'unsafe-inline' 7
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 7
frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://www.catorze.cat https://catorze.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vermuts.cat https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat; 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 7
<options and value> 7
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 7
child-src 'self' blob:;connect-src * ws-mt1.pusher.com rts-euc.freshworksapi.com https://accounts.google.com/gsi/;default-src 'self' assets.travix.com *.cdn-net.com;img-src 'self' * data:;font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com;object-src 'self';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdn.polyfill.io assets.travix.com six.cdn-net.com tagmanager.google.com *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com securepubads.g.doubleclick.net kayak.com static.ads-twitter.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net *.creativecdn.com cars.cartrawler.com cdn.euc-freshbots.ai rts-euc.freshworksapi.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com/gsi/client *.cartrawler.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com/gsi/style fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net cdn.euc-freshbots.ai https://accounts.google.com/gsi/style *.cartrawler.com;frame-src www.booking.com *.bstatic.com *.doubleclick.net ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://claims.cloud.hopper.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.creativecdn.com https://accounts.google.com/gsi/;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 7
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 7
default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 7
font-src *;img-src * data:; 7
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net  *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net data: 7
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 7
default-src https: 7
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr; 7
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' data: https: wss: 7
style-src 'self' blob: 'unsafe-inline' *.google.com *.crazyegg.com *.googleapis.com *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.google.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.sor-braun.fr *.crazyegg.com *.google.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io ; 7
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net; img-src 'self' data: *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com toycity.lt *.toycity.lt *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net; media-src data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com 7
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 7
img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 7
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 7
img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 7
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 7
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 7
default-src http: data: 'unsafe-inline' 'unsafe-eval' 7
block-all-mixed-content;upgrade-insecure-requests; 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; img-src 'self' data: https://api.cs.fail https://cs.fail https://api.csfail.net https://csfail.net https://api.csfail.pro https://csfail.pro https://api.csfail.org https://csfail.org https://csfail.live https://api.2cs.fail  https://2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net https://flagcdn.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://tra.cker.club; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://maps.googleapis.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://intercom-sheets.com https://intercom.help; frame-ancestors 'self' https://app.utorg.pro; connect-src 'self' data: wss://cs.fail/api/ws wss://csfail.net/api/ws wss://csfail.pro/api/ws wss://csfail.org/api/ws wss://csfail.live/api/ws https://api.cs.fail https://api.csfail.net https://api.csfail.pro https://api.csfail.org https://csfail.live https://*.giphy.com https://*.ingest.sentry.io wss://2cs.fail/api/ws https://api.2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.intercom.io wss://*.intercom.io wss://*.hotjar.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://tra.cker.club; object-src 'none'; 7
script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.getflowbox.com widgets.trustedshops.com www.googletagmanager.com tagmanager.google.com www.youtube.com widget.trustpilot.com www.google.com www.gstatic.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com; connect-src 'self' data: sockjs-us3.pusher.com *.sentry.io sentry.brandung-dev.de api.trustpilot.com eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu gtm.benuta.ch gtm.benuta.eu gtm.benuta.de gtm.benuta.it gtm.benuta.at gtm.benuta.gb gtm.benuta.se gtm.benuta.es gtm.benuta.dk gtm.benuta.nl gtm.benuta.fr gtm.benuta.pl www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com sumo.com ct.pinterest.com googleads.g.doubleclick.net js.klevu.com bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com *.benuta.com gtm.benuta.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' tagmanager.google.com wchat.freshchat.com www.benuta.eu; font-src 'self' data: assets.vercel.com; prefetch-src 'self'; img-src 'self' blob: data: widgets.trustedshops.com ssl.gstatic.com www.gstatic.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' videos.ctfassets.net; manifest-src 'self' 7
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 7
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; frame-ancestors 'self' wiseit.multiplan.com.br novowiseit-grupomultiplan.msappproxy.net *.force.com; 7
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com *.adobemc.com  https://api.useinsider.com/;script-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com unileverde.api.useinsider.com; 7
script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js cdn.speedcurve.com 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self'; 6
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 6
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com  cdnjs.cloudflare.com https://community.cisco.com/; 6
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 6
frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 6
frame-ancestors 'self' *.lycos.com 6
frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 6
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 6
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 6
frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6
frame-ancestors 'self' https://www.fortinet.com 6
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 6
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro  surfnl.piwik.pro; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro  surfnl.piwik.pro; report-uri /report-csp-violation; upgrade-insecure-requests 6
img-src 'self' data: https:; 6
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 6
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 6
frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz      *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 6
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 6
object-src 'none', frame-ancestors https://www.facebook.com 6
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 6
default-src http: 'unsafe-inline' 'unsafe-eval' 6
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 6
frame-ancestors 'self' https://*.refinitiv.com; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' https://*.revolve.com; 6
default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src     'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src   'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 6
frame-ancestors 'self' https://*.funkedigital.de; 6
default-src 'self' https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be 6
upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ 6
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 6
default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https: 6
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 6
default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob: 6
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 6
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 6
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 6
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockholm *.stockholm.se *.usabilla.com *.imbox.io static.mediaflowpro.com *.inviewer.se https://bygglov-stockholm.humany.net/stadens-grafiska-profil/embed.js https://bygglov-stockholm.humany.net/stadens-grafiska-profil/widgets.js *.piwik.pro https://dl.episerver.net/; img-src data: 'self' *.stockholm *.stockholm.se *.cloudfront.net *.usabilla.com *.inviewer.se https://static.mediaflowpro.com https://bygglov-stockholm.humany.net https://humany.blob.core.windows.net/bygglov-stockholm/ *.piwik.pro https://dl.episerver.net/ blob:; style-src 'self' 'unsafe-inline' *.stockholm *.stockholm.se *.cloudfront.net https://fonts.googleapis.com static.mediaflowpro.com https://bygglov-stockholm.humany.net/stadens-grafiska-profil/widgets.css https://bygglov-stockholm.humany.net/ClientLibraries/Supplementary/font-awesome-4.7.0/css/font-awesome.min.css *.piwik.pro https://dl.episerver.net; connect-src 'self' *.stockholm *.stockholm.se https://api.usabilla.com/v2/f/24517d6aaae6 https://bygglov-stockholm.humany.net/testboten/conversations *.piwik.pro; font-src *.stockholm *.stockholm.se https://fonts.gstatic.com static.mediaflowpro.com https://bygglov-stockholm.humany.net/ClientLibraries/Supplementary/ https://dl.episerver.net; frame-src *.stockholm.se play.mediaflowpro.com *.imbox.io ; frame-ancestors 'self' https://eu.opencitiesplanner.bentley.com; base-uri 'self'; form-action 'self'; 6
worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com;connect-src https://www.googletagmanager.com https://www.google-analytics.com  https://ui.customsearch.ai  https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io  https://siteintercept.qualtrics.com  https://rules.quantcount.com  https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.adsrvr.org https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com;frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://8305233.fls.doubleclick.net https://www.canva.com https://*.crazyegg.com https://go.computershare-loan-services.com https://www.youtube-nocookie.com; 6
frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 6
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 6
frame-ancestors https://app.kontent.ai; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src ; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content 6
default-src *; 		child-src 'self' blob:; 		connect-src * blob: ws: wss:; 		frame-src 'self' api.foxentry.cz www.databreakers.com cdn.msgok.net 			www.mall.tv mall.fameplay.tv fameplay.tv www.google.com 			www.youtube.com creativecdn.com sketchfab.com 			socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com 			www.zbozi.cz 			cj.dotomi.com 			payu.com secure.payu.com merch-prod.snd.payu.com 			data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com 			*.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com 			download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net 			c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 			code.jquery.com translate.google.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com 			www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com 			*.doubleclick.net *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz 			ssl.heureka.cz ssl.heureka.sk localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu 			tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ 			*.mczbf.com *.cj.com *.payu.com; 		style-src * 'unsafe-inline'; 		img-src * data:; 		object-src 'none' 6
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de rirekisho.jp *.rirekisho.jp onlinecurriculo.com.br *.onlinecurriculo.com.br career.io *.career.io cvapp.ro *.cvapp.ro cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu resume-test.io *.resume-test.io cvapp.nz *.cvapp.nz cvapp.ie *.cvapp.ie lebenslaufapp.ch *.lebenslaufapp.ch lebenslaufapp.at *.lebenslaufapp.at cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 6
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 6
default-src  https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 6
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 6
frame-ancestors resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 6
default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https: 6
frame-ancestors https://*.teknikproffset.se 'self' 6
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 6
frame-ancestors https://*.blackboard.com https://*.anthology.com; 6
default-src 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 6
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.crazyegg.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 6
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: *; media-src *; worker-src 'self' blob: *; 6
frame-ancestors 'self' https: 6
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 6
frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 6
frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 6
default-src https: 'unsafe-inline' 'unsafe-eval' data: 6
“upgrade-insecure-requests” 6
frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.youtube.com https://s.ytimg.com https://consent.cookiebot.com https://consentcdn.cookiebot.com lidlbe.bbvms.com d6qodzoew6e61.cloudfront.net *.bluebillywig.com *.google.com *.google.nl https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net lidlbe.bbvms.com cdn.bluebillywig.com www.google-analytics.com www.googletagmanager.com adservice.google.de adservice.google.com www.spott.tv spott.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com www.youtube.com https://www.googleadservices.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' cdn.bluebillywig.com https://fonts.googleapis.com; img-src * data: *.google.com *.google.de *.google-analytics.com *.doubleclick.net https://*.cat-ret.assets.lidl lidlbe.bbvms.com *.bluebillywig.com *.google.nl; media-src 'self' data: *.bluebillywig.com d6qodzoew6e61.cloudfront.net; form-action 'self' https://survey.g.doubleclick.net; frame-src 'self' *.recipes.vdc.lidl *.lidl.at *.lidl.bg *.lidl.ch *.lidl.com.cy *.lidl.dk *.lidl.es *.lidl.co.uk *.lidl.ie *.lidl.it *.lidl.lt *.lidl.nl *.lidl.ro *.lidl.si *.dekeukenvanlidl.be *.lacuisinedelidl.be *.lidl-kochen.de *.lidl-reseptit.fi *.lidl-recettes.fr *.lidlovakuhinja.hr *.services.lidl *.receitaslidl.pt *.lidlovirecepti.rs *.lidl-recept.se *.lidl-hellas.gr *.lidl-ni.co.uk *.lidlkonyha.hu https://www.youtube-nocookie.com https://consentcdn.cookiebot.com *.doubleclick.net; frame-ancestors 'self' *.recipes.vdc.lidl *.lidl.at *.lidl.bg *.lidl.ch *.lidl.com.cy *.lidl.dk *.lidl.es *.lidl.co.uk *.lidl.ie *.lidl.it *.lidl.lt *.lidl.nl *.lidl.ro *.lidl.si *.dekeukenvanlidl.be *.lacuisinedelidl.be *.lidl-kochen.de *.lidl-reseptit.fi *.lidl-recettes.fr *.lidlovakuhinja.hr *.services.lidl *.receitaslidl.pt *.lidlovirecepti.rs *.lidl-recept.se *.lidl-hellas.gr *.lidl-ni.co.uk *.lidlkonyha.hu; 6
frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 6
default-src https: data: 'unsafe-inline' 6
frame-src 'self' 6
upgrade-insecure-requests; block-all-mixed-content; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' www.google.com/pagead/landing adservice.google.com/pagead/regclk www.google-analytics.com/j/collect www.google-analytics.com/g/collect stats.g.doubleclick.net/j/collect region1.google-analytics.com region1.google-analytics.com/g/collect www.googletagmanager.com/a maps.googleapis.com/maps/api/mapsjs/ maps.googleapis.com/%24rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo bat.bing.com/action/0 bat.bing.com/actionp/0 www.facebook.com/tr/ api.personio.de/recruiting/applicant stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com data:;frame-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;child-src 'self' tpc.googlesyndication.com www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor bid.g.doubleclick.net www.facebook.com www.youtube.com/embed/ jira.jtl-software.de consent.jtl-software.de;img-src 'self' cdn.jtl-software.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.google.ae/pagead/ www.google.at/pagead/ www.google.ba/pagead/ www.google.be/pagead/ www.google.br/pagead/ www.google.ca/pagead/ www.google.co.in/pagead/ www.google.co.uk/pagead/ www.google.com/pagead/ www.google.com.au/pagead/ www.google.com.tr/pagead/ www.google.com.ua/pagead/ www.google.com.pk/pagead/ www.google.ch/pagead/ www.google.cz/pagead/ www.google.de/pagead/ www.google.dk/pagead/ www.google.es/pagead/ www.google.fr/pagead/ www.google.ge/pagead/ www.google.hr/pagead/ www.google.hu/pagead/ www.google.ie/pagead/ www.google.it/pagead/ www.google.lu/pagead/ www.google.nl/pagead/ www.google.pl/pagead/ www.google.com.sa/pagead/ www.google.se/pagead/ www.google.sk/pagead/ www.google.co.kr/pagead/ www.google-analytics.com/collect region1.google-analytics.com/g/collect www.googletagmanager.com/a  maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage maps.gstatic.com/mapfiles/ maps.googleapis.com/maps/vt lh3.ggpht.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com/maps/api/mapsjs/gen_204 bat.bing.com/action/0 www.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com img.youtube.com i.ytimg.com bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.google.com/pagead/conversion_async.js www.google.com/pagead/1p-conversion/ www.googleadservices.com/pagead/conversion_async.js www.googleadservices.com/pagead/conversion/ tpc.googlesyndication.com/sodar/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.recaptcha.net/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/api.js ssl.google-analytics.com/ga.js www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/ecommerce.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/js maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.youtube.com/iframe_api www.youtube.com/s/player/ jira.jtl-software.de stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com jira.jtl-software.de crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' blob:; 6
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 6
upgrade-insecure-requests; frame-ancestors 'self' https://www.domainsherpa.com; default-src 'self'; object-src 'none'; worker-src 'self'; frame-src 'self' https:; form-action 'self' https://www.paypal.com; font-src 'self' data: https://nameproscdn.com https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https: blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://www.google.com https://www.gstatic.com https://s.imgur.com https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'report-sample' 'self' 'unsafe-inline' https://nameproscdn.com https://platform.twitter.com; connect-src 'self' https://nameproscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://nameproscdn.com 6
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.sg  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  widgets.tipranks.com  site.recognia.com  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.ibkrcampus.com  ibkrcampus.com  *.traderstation-international.com; 6
frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; 6
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 6
frame-ancestors 'self' apac.marketing.adobe.com 6
frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 6
frame-ancestors 'self';frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://fonts.gstatic.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com *.crazyegg.com https://*.medcity.net *.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content; 6
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 6
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 6
style-src 'self' 'unsafe-inline' 6
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://prod-origin.truendo.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://www.googleadservices.com https://cdn.ampproject.org https://*.facebook.net https://*.facebook.com https://*.fontawesome.com https://monitor.azure.com https://*.monitor.azure.com https://e-js.zonka.co; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://accounts.google.com https://*.googletagmanager.com; frame-src 'self' https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr partner-bahn.de reiseauskunft.bahn.de; base-uri 'self' i.checkmybus.com 6
'self'; 6
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src *.gstatic.com *.googleapis.com data: 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: ws: wss: https://app.wotnot.io 'self'; worker-src blob:; child-src blob: 6
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/chromewebstore/2 6
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 6
default-src * data: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 6
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; object-src 'self' *; frame-src 'self' *; worker-src 'self' *; connect-src 'self' * 6
font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 6
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 6
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 6
default-src * data: 'unsafe-inline' 'unsafe-eval'; 6
default-src 'self' blob:; img-src 'self' 'unsafe-eval' data: blob: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.eu-central-1.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop http://localhost:60101 *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com connect.facebook.net blob: *.cookiepro.com s3.eu-central-1.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net; font-src 'self' *.eu-central-1.amazonaws.com photoservice.cloud oam-software.com om.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com http://localhost:60139 http://localhost:60600 http://localhost:60111 http://localhost:60101 http://localhost:49860 *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms c.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *; object-src 'none'; 6
frame-ancestors *;  report-uri /log/csp-violation 6
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 6
frame-ancestors 'self' https://test.authorize.net https://accept.authorize.net 6
default-src * https: data: blob: wss: 'unsafe-inline' 6
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.usablenet.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com bam.nr-data.net js-agent.newrelic.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com   cdnjs.cloudflare.com  polaris.truevaultcdn.com https://samples.woodstream.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com wss://*.hotjar.com/ *.mapbox.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ 'self' https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com *.mapbox.com   cdnjs.cloudflare.com  https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://prod-180.westus.logic.azure.com/workflows/c61f5e9b7f4245d98fc820a4ab13629c/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=HNuT5TPpgrl1LNzn7xuk_WUlpGyPvaU-91eKgfv_Osw dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com *.googleapis.com *.mmapiws.com *.tiktok.com recs.listrakbi.com paypal.com bam.nr-data.net *.leadmanagerfx.com *.marketingcloudfx.com *.truevaultcdn.com 'self' 'unsafe-inline'; 6
frame-ancestors 'self'; base-uri 'none'; object-src 'none' 6
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.snaping.net https://statique.snaping.net https://statique-ca.snaping.net https://static-fr.snaping.net https://static-ca.snaping.net https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.google-analytics.com https://securionpay.com https://optimize.google.com https://*.dplads.com https://*.zdassets.com https://apis.google.com https://js.stripe.com https://cdn.amplitude.com; base-uri 'self'; 6
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 6
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 6
default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 6
default-src https:;connect-src https: wss:;font-src https: data:;frame-src https: twitter:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 6
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 5
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com 5
frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 5
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 5
frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 5
frame-ancestors 'self' *.windy.com:* 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.pdst.fm *.doubleclick.net  *.google-analytics.com  *.bing.com  *.googleadservices.com  *.facebook.net  *.techtarget.com  *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com 5
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.contentsquare.net *.contentsquare.com *.fullstory.com *.yottaa.com *.yottaa.net *.ntcacdn.net *.recaptcha.net *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.tvpixel.com blob:; worker-src blob:; frame-ancestors *.dickssportinggoods.com; child-src documentservices.adobe.com *.attn.tv *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com *.radar.com *.recaptcha.net *.ntcacdn.net blob:; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.smarty.com *.crazyegg.com solutions.invocacdn.com pnapi.invoca.net dev.visualwebsiteoptimizer.com ndn.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io fidelitycommunications.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com www.googletagmanager.com support.sparklight.com static.zdassets.com maps.googleapis.com snapwidget.com fonts.googleapis.com ekr.zdassets.com maps.gstatic.com cableone.zendesk.com widget-mediator.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net wss://widget-mediator.zopim.com bat.bing.com *.google-analytics.com static.hotjar.com www.googleadservices.com connect.facebook.net cltgtstor001.blob.core.windows.net js.adsrvr.org *.fls.doubleclick.net *.g.doubleclick.net *.hotjar.com cdn.polyfill.io insight.adsrvr.org targetuscentral.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io blob: dev.visualwebsiteoptimizer.com;          style-src 'self' 'unsafe-inline' *.crazyegg.com https://fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us optimize.google.com;          img-src 'self' data: cableone1615402851.zendesk.com *.crazyegg.com dev.visualwebsiteoptimizer.com v2assets.zopim.io *.gstatic.com www.cableone.net www.sparklight.com *.fls.doubleclick.net www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net;          font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com;          upgrade-insecure-requests;          block-all-mixed-content; 5
frame-ancestors 'self' https://nurture.solarwinds.com/ 5
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com 5
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 5
base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://www.google-analytics.com https://tr.lfeeder.com https://www.google.ru https://tr-rc.lfeeder.com https://mc.yandex.ru *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://stats.g.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://analytics.google.com https://mc.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru wss://*.jivosite.com wss://*.jivo.ru *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru; frame-src 'self' *.jivo.ru *.jivosite.com https://*.youtube.com https://mc.yandex.ru https://*.facebook.com https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 5
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 5
frame-ancestors 'self' *.psplugin.com 5
frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 5
frame-ancestors 'self' https://app.contentful.com; 5
frame-ancestors 'self' https://*.cornerstoneondemand.com;upgrade-insecure-requests;default-src 'self';connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 5
default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com t.contentsquare.net track.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' data: *.contentsquare.net i.vimeocdn.com *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk script.hotjar.com; font-src data: 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local hosting.ing-dev.co.uk *.hosting.ing-dev.co.uk thghosting.com *.thghosting.com ingenuitycloudservices.com *.ingenuitycloudservices.com track.gaconnector.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com; 5
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 5
worker-src * 5
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
frame-ancestors 'self' https://*.commscope.com https://*.ruckusnetworks.com https://*.punchout2go.com 5
frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 5
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://places-dsn.algolia.net https://places-3.algolianet.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.streamlock.net/ https://*.ingest.sentry.io https://*.zeturf.com https://*.zeturf.be https://maps.googleapis.com https://zz.connextra.com; frame-src 'self' https://consentcdn.cookiebot.com/ https://vision.prod.thebetmakers.com/ https://api-vcs-awstbmtst002.mugbookie.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://td.doubleclick.net; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleusercontent.com data: https://*.zeturf.com https://*.zeturf.be https://*.ytimg.com https://zz.connextra.com https://*.adnxs.com https://*.bidr.io https://www.facebook.com https://*.cookiebot.com; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://github.com https://*.zeturf.com https://*.zeturf.be; media-src 'self' https://*.streamlock.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.zeturf.com https://*.zeturf.be https://*.sentry-cdn.com https://connect.facebook.net https://static.ads-twitter.com https://zz.connextra.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be 5
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.wistia.com http://*.wistia.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.pasapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie data:; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com blob: consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com *.salesforce.com *.salesforce-sites.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 5
frame-ancestors 'self' https://*.analog.com 5
frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com *.backoffice.mastermedia.orange-business.com 5
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 5
frame-ancestors https://app.storyblok.com; 5
default-src https: wss://*.hotjar.io wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 5
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 5
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 5
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
frame-ancestors 'self' *.saleshood.com 5
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.quantummetric.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.uplift.com  cloudfront.net  bing.com logx.optimizely.com *.nagich.com www.google-analytics.com *.quantummetric.com *.cdnbasket.net abgnz.wufoo.com *.online-metrix.net *.salecycle.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au abgnz.wufoo.com; 5
default-src 'self' data: blob:; 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://www.googleadservices.com/ https://online2.superoffice.com/ https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com siteimproveanalytics.com https://static.hotjar.com https://script.hotjar.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://go.kantarmarketplace.com https://js-na1.hsforms.net https://js-eu1.hsforms.net https://js.hsforms.net https://7f346aea2e09467584ee8045e9295981.js.ubembed.com https://www.cognitoforms.com/; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/  https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/ *.siteimproveanalytics.io https://static.hotjar.com https://script.hotjar.com https://forms-eu1.hsforms.com https://imgsct.cookiebot.com; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com https://vars.hotjar.com https://www2.kantar-xtel.com https://www.cognitoforms.com/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com https://script.hotjar.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 5
frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.collectivevoicelocal.com https://collectivevoicelocal.com https://*.collectivevoiceqa.com https://collectivevoiceqa.com https://*.collectivevoicedev.com https://collectivevoicedev.com https://*.collectivevoicebeta.com https://collectivevoicebeta.com https://*.collectivevoice.com https://collectivevoice.com; report-uri /csp-violation; 5
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 5
frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net *.tiktok.com *.ttwstatic.com; object-src 'none' 5
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 5
script-src 'self'; 5
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 5
default-src 'self' https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' data: https://pbs.twimg.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://cdn.m-t.io https://trk.m-t.io https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://chat-snippet.terminusplatform.com https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services; connect-src 'self' https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; object-src blob: ; frame-src https://www.google.com.pa https://www.facebook.com https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com 5
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://script.hotjar.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://js-eu1.hubspot.com cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms 5
upgrade-insecure-requests;block-all-mixed-content 5
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.uplift.com  cloudfront.net  bing.com logx.optimizely.com *.quantummetric.com *.nagich.com www.google-analytics.com *.quantummetric.com *.cdnbasket.net abgnz.wufoo.com *.online-metrix.net *.salecycle.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au  abgnz.wufoo.com *.qantas.com; 5
frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 5
frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 5
default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/ https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com https://app.contentful.com 'self' 5
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: *.tealiumiq.com connect.facebook.net www.dwin1.com snap.licdn.com api.eu.kaltura.com beursinfo.abnamro.nl tags.tiqcdn.com w.usabilla.com api.usabilla.com google-analytics.com googletagmanager.com; connect-src https: *.tealiumiq.com api.usabilla.com abnamro.sc.omtrdc.net dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net region1.google-analytics.com; style-src 'unsafe-inline' https: blob: fonts.googleapis.com; img-src data: https: abnamro.sc.omtrdc.net cfvod.eu.kaltura.com d6tizftlrpuof.cloudfront.net images.ctfassets.net google-analytics.com *.tealiumiq.com w.usabilla.com abnamro.sc.omtrdc.net www.facebook.com www.awin1.com cm.g.doubleclick.net px.ads.linkedin.com region1.google-analytics.com; font-src https: fonts.gstatic.com; media-src 'self' https: blob:; frame-src abnamrobank.qualtrics.com beursinfo.abnamro.nl d6tizftlrpuof.cloudfront.net *.fls.doubleclick.net www.awin1.com player.simplecast.com localfocuswidgets.net assets.abnamro.com www.youtube.com www.google.com; worker-src 'self' https: blob:; frame-ancestors https: beursinfo.abnamro.nl 5
img-src 'self' data: https: 5
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 5
frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 5
default-src https: 'self' wss: directline.botframework.com 'unsafe-inline' 'unsafe-eval' data: blob: 5
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 5
default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com go.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp go.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 5
connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' https://tre3content.develop.wunder.io https://tre3content.stage.wunder.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 5
default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.qualtrics.com; script-src https: 'unsafe-inline' 'unsafe-eval' https://*.qualtrics.com; style-src https: 'unsafe-inline' https://*.qualtrics.com; img-src https: data: https://*.qualtrics.com; font-src data: https:; connect-src https: wss://*.hotjar.com https://*.qualtrics.com; media-src blob: https:; object-src https:; frame-src http: https: https://*.qualtrics.com; worker-src blob: https:; frame-ancestors 'self' https://isrvr.com http://isrvr.com https://iportal.ajginternational.com http://iportal.ajginternational.com https://share.penunderwriting.co.uk http://share.penunderwriting.co.uk https://internal.client.gallagherheath.local http://internal.client.gallagherheath.local https://my2.siteimprove.com; form-action 'self' https://analytics.clickdimensions.com *.clickdimensions.com https://www.payconnexion.com  https://*.qualtrics.com; upgrade-insecure-requests; block-all-mixed-content; manifest-src https: ;  5
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 5
manifest-src 'self'; 5
default-src 'self' *.iphouse.com data: 'unsafe-inline' 'unsafe-eval'; 5
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.site.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com  https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://epsilon.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com;  style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com;  5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 5
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 5
frame-ancestors 'self' https://get.succeed.net; 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://iplogger.org/csp.php; 5
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 5
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: *.friendlycaptcha.com code.jquery.com *.gravatar.com ps.w.org klasresearch.com  *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com smartslider3.com *.twimg.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.xx.fbcdn.net *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 5
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com; worker-src 'self' blob: 5
connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net cdn.datatables.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 5
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 5
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ 5
frame-ancestors 'self' *.youtube.com *.vimeo.com; 5
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 5
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 5
frame-ancestors 'self' *.swoogo.com 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com/pagead/1p-conversion/ https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://*.talentbrew.com; worker-src 'self' blob: ; 5
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickiocmp.com luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru  www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 5
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.youtube.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.engagio.com *.googletagmanager.com *.google.com *.cookiebot.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.licdn.com *.bing.com *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.joinsherpa.io *.wistia.net *.airpr.com *.marketo.net *.zdassets.com *.zopim.com *.demandbase.com *.zoominfo.com *.expedia.com *.googleoptimize.com *.clarity.ms *.wistia.com *.pathfactory.com *.hotjar.com *.cookielaw.org *.stackadapt.com qvdt3feo.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googleapis.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.marketo.com *.joinsherpa.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.pathfactory.com *.hotjar.com *.stackadapt.com; img-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.gstatic.com *.expedia.com *.google-analytics.com *.linkedin.com *.adsymptotic.com *.bing.com *.doubleclick.net *.facebook.com data: *.joinsherpa.io *.joinsherpa.com *.airpr.com *.zopim.io *.zoominfo.com *.clarity.ms *.wistia.com *.wistia.net *.pathfactory.com *.hotjar.com *.cookielaw.org *.google.co.uk tags.srv.stackadapt.com; media-src 'self' *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.com *.egencia.ca *.egencia.ro *.youtube.com *.wistia.com *.vimeo.com *.zdassets.com *.cloudfront.net blob:; frame-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com www.google.com *.gstatic.com; frame-ancestors 'self' egencia.lookbookhq.com egencia.pathfactory.com *.egencia.com egencia--sitestudio.eu25.force.com; child-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com www.google.com *.gstatic.com; font-src 'self' *.amazonaws.com *.cloudfront.net fonts.gstatic.com fonts.googleapis.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca data: *.joinsherpa.io cdnjs.cloudflare.com *.pathfactory.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.google-analytics.com *.joinsherpa.io *.joinsherpa.com *.mktoresp.com *.zdassets.com *.zopim.com *.company-target.com wss://widget-mediator.zopim.com dpm.demdex.net *.expedia.com wss://*.iot.us-west-2.amazonaws.com *.clarity.ms *.ably.io *.ably-realtime.com  *.wistia.com *.wistia.net wss://*.ably.io *.cookiebot.com *.zoominfo.com *.pathfactory.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.cookielaw.org *.onetrust.com *.google.com *.doubleclick.net *.stackadapt.com; upgrade-insecure-requests 5
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 5
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 5
https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 5
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 5
default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 5
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud googleads.g.doubleclick.net https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.connect.facebook.net *.gstatic.com *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.google.com *.paypal.com *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.vimeo.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://ob.brilliantchap.com https://obs.brilliantchap.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://ob.brilliantchap.com https://obs.brilliantchap.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://ob.brilliantchap.com https://obs.brilliantchap.com;frame-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://go.ltgplc.com  https://go.to.peoplefluent.com https://optimize.google.com https://www.googletagmanager.com https://www.youtube.com 5
default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca blob: https://assets.gameduell.de https://media.gameduell.de https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca; report-uri /gd/rest/jslog/csp 5
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.youtube.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com www.googletagmanager.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com unsafe-inline https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5
frame-ancestors       'https://developer.livehelpnow.net/js/socket.js'; 5
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 5
object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 5
frame-ancestors https://*.builder.io https://builder.io 5
frame-src 'self' https://bahnhof-bot.deutschebahn.com/ https://ecm-mediathek-cdn.deutschebahn.com 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; connect-src *; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *; block-all-mixed-content 5
child-src 'self' blob: analytics.tiktok.com *.pinterest.com tr.snapchat.com sc-static.net static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com *.trustedshops.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il my.matterport.com *.myfeelback.com *.kameleoon.com *.kameleoon.eu https://somfyicebucket.com actorssl-5637.kxcdn.com *.smart-tribune.com cdnjs.cloudflare.com polyfill.io secure.livechatinc.com 5
default-src 'self' 'unsafe-inline'  https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com  https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com  https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com  https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com  https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com  https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.klarna.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.equalweb.com https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com;script-src-elem 'self' 'unsafe-inline' https://*.youtube.com https://cdnapisec.kaltura.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.equalweb.com https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net  https://*.linksynergy.com https://*.klarna.com; style-src-elem 'self' 'unsafe-inline' https://*.inside-graph.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net  https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 5
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 5
upgrade-insecure-requests; frame-ancestors 'self' https://*.schaeffler.com; img-src 'self'  https://maps.googleapis.com https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com  https://*.fbcdn.net  https://*.twimg.com/ https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com data: blob:; 5
default-src 'self' https://scripts.sirv.com; font-src 'self' data: https://scripts.sirv.com; connect-src blob: 'self' https://www.google.com https://assets.manufactum.de/ https://assets.magazin.com/ https://video.sirv.com https://scripts.sirv.com https://www.google-analytics.com https://region1.google-analytics.com https://ga-storage.manufactum.de https://adservice.google.com/ https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com https://manufactum.sirv.com; img-src 'self' data: https://www.google.com https://www.google.de https://assets.manufactum.de/ https://assets.magazin.com/ https://www.google-analytics.com https://region1.google-analytics.com  https://ga-storage.manufactum.de https://adservice.google.com/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com https://manufactum.sirv.com; child-src blob: https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; frame-src blob: https://bid.g.doubleclick.net https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com https://manufactum.sirv.com; worker-src blob:; media-src blob: data: 'self' https://assets.manufactum.de https://assets.magazin.com https://video.sirv.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://scripts.sirv.com https://video.sirv.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://region1.google-analytics.com  https://ga-storage.manufactum.de https://www.googleadservices.com https://adservice.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/ 'sha256-5VP9uvxfmd5dWHD/h/zPZJ0tXqP+FDE3PkUEK5ljc60=' 'sha256-wyAOKm4yiOxl/AA6YznUZtVrG0Rd+VWgvGm3fIlxPeo=' 'sha256-4MDHKMpGuDMac7ZezyhdYw+duJEFSzn0eI+w8GfulDY='; object-src 'none'; style-src 'self' 'unsafe-inline' https://scripts.sirv.com https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com ; report-uri /csp/sell; base-uri 'self' 5
base-uri 'none'; default-src 'self' https://accesso.com https://cdn.cookielaw.org https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://api.greenhouse.io/v1/boards/accesso/embed/departments; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://analytics.google.com https://app.marker.io https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://code.jquery.com https://edge.marker.io https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://marker.io https://pi.pardot.com https://secure.agileenterpriseintelligence.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://accesso.us11.list-manage.com/subscribe/post-json; style-src 'self' 'unsafe-inline' https://accesso.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://www.googletagmanager.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://privacy-policy.truste.com https://media.marker.io https://app.marker.io https://edge.marker.io https://scontent-sin6-4.cdninstagram.com blob: data:; connect-src 'self' https://analytics.google.com https://api.marker.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://idx.liadm.com https://privacyportal.onetrust.com https://ssr.marker.io https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments; font-src 'self' https://app.marker.io https://cloud.typography.com https://edge.marker.io https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com data:; frame-src 'self' https://bid.g.doubleclick.net https://hello.accesso.com/ https://app.marker.io https://player.vimeo.com/ https://polaris.brighterir.com https://www.youtube.com; 5
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com; 5
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz; 5
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 5
frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com; 5
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com 'unsafe-inline' 'unsafe-eval' data: 5
frame-ancestors 'self' https://www.mapama.gob.es https://miteco-stage.adobecqms.net https://portal-miteco-prod.adobecqms.net https://www.miteco.gob.es 5
frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://use.fontawesome.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com; connect-src self * blob: https://*.connectiverx.com data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; worker-src blob: data: gap: 5
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 5
frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 5
default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf; media-src 'self' blob: https://ooyalaeuwest.streaming.mediaservices.windows.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://*.2mdn.net/ https://*.gvt1.com/ https://www.tntv.pf https://*.youtube.com https://*.dailymotion.com; font-src 'self' data: https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.myligue.fr https://*.opta.net https://*.privacy-center.org https://*.newrelic.com https://story.tl https://widget.ausha.co https://az416426.vo.msecnd.net https://vjs.zencdn.net https://acdn.adnxs.com https://s0.2mdn.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.googletagservices.com https://*.google.fr https://*.googlesyndication.com https://*.googleapis.com https://*.doubleclick.net https://players.brightcove.net https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.youtube.com https://*.dailymotion.com ; style-src 'self' 'unsafe-inline' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.myligue.fr https://*.opta.net https://*.ausha.co https://story.tl https://use.fontawesome.com https://players.brightcove.net https://*.googleapis.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://*.twitter.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com; child-src 'self' blob: https://*.myligue.fr https://cartemercatoligue1.com https://www.cartemercatoligue1.com https://story.tl https://*.sporcle.com https://*.ausha.co https://*.global-mmk.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://*.doubleclick.net https://players.brightcove.net https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com https://*.linkedin.com https://*.spotify.com; img-src 'self' data: https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://lspprdglcdn.azureedge.net https://lfpimageproxy.azureedge.net https://cf-images.us-east-1.prod.boltdns.net https://cf-images.eu-west-1.prod.boltdns.net https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://play-lh.googleusercontent.com https://*.doubleclick.net https://secure-cf-c.ooyala.com https://publish.lfpstg.ooflex.net  https://metrics.brightcove.com https://*.opta.net https://*.privacy-center.org https://story.tl https://widget.ausha.co https://*.twitter.com/ https://*.instagram.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.twimg.com https://ib.adnxs.com; connect-src 'self' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.doubleclick.net https://dc.services.visualstudio.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.privacy-center.org; frame-ancestors 'self' https://*.myligue.fr; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 5
default-src https: data: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com https://6016449.global.siteimproveanalytics.io/heat.aspx https://6016449.global.siteimproveanalytics.io/image.aspx https://uploads.commoninja.com  *.optimizely.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com  screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/  https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net https://siteimproveanalytics.com/js/siteanalyze_6016449.js https://code.jquery.com/jquery-3.3.1.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js *.cdn.commoninja.com *.commoninja.com *.cdn.commoninja.com/wr/static https://code.jquery.com/jquery-3.6.3.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdn.optimizely.com/js/22793102135.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/22793102135.js  *.optimizely.com https://tags.srv.stackadapt.com https://js.monitor.azure.com *.herbgreencolumn.com;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly https://tags.srv.stackadapt.com;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/ https://calendar.google.com/ https://accounts.google.com/ https://a22793102135.cdn.optimizely.com/ https://capture.navattic.com/  https://td.doubleclick.net/ https://datawrapper.dwcdn.net;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://cdn.commoninja.com/api/v1/embed/e594afb2-85be-48ad-9c87-8296dafe748f *.optimizely.com *.hotjar.io *.linkedin.oribi.io  *.google.com https://maps.googleapis.com/ https://srv.stackadapt.com https://tags.srv.stackadapt.com *.googlesyndication.com; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 5
upgrade-insecure-requests; object-src 'none' 5
default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 5
default-src *;  object-src 'none';  base-uri 'none';  script-src * 'unsafe-eval' 'unsafe-inline';  style-src * 'unsafe-inline';  img-src * blob: data:;  font-src * data:;  frame-ancestors 'self' *.nyla.app *.vercel.app localhost:*; 5
frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 5
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 5
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 5
frame-ancestors *.df-automotive.de *.felgenshop.de 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org analytics.archive.org pragma.archivelab.org 5
frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 5
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors https://app.storyblok.com 5
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; report-uri https://revalize.report-uri.com/r/t/csp/enforce 5
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 5
default-src 'self';style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://design-system.webprod.eberry.digital https://static.webprod.eberry.digital https://static-north.webprod.eberry.digital tagmanager.google.com fonts.googleapis.com api.tiles.mapbox.com https://cloud.cention.com https://inbox.proposales.com https://widget.ybug.io https://ybug.io https://static.cention.com/ https://*.adyen.com;font-src 'self'  data: https://design-system.webprod.eberry.digital https://use.typekit.net fonts.gstatic.com https://script.hotjar.com https://cloud.cention.com https://static.webprod.eberry.digital https://static.cention.com/;img-src 'self' data: blob: images.ctfassets.net images.contentful.com static.webprod.eberry.digital www.google-analytics.com region1.google-analytics.com region1.analytics.google.com imgsct.cookiebot.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com t.co analytics.twitter.com bat.bing.com connect.facebook.net www.facebook.com px.ads.linkedin.com www.linkedin.com www.google.se www.google.no www.google.dk www.google.fi www.google.com www.tripadvisor.se static.tacdn.com https://cloud.cention.com https://cdn.pixabay.com https://design-system.webprod.eberry.digital https://widget.ybug.io https://ybug.io https://static.webprod.eberry.digital pagead2.googlesyndication.com www.googletagmanager.com https://*.hotjar.com/ https://static.tickster.com https://static.cention.com/ https://*.adyen.com;script-src 'self' 'unsafe-inline' blob: www.googletagmanager.com tagmanager.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com connect.facebook.net analytics.twitter.com static.ads-twitter.com bat.bing.com snap.licdn.com polyfill.io/v2/polyfill.min.js https://cdn.giftup.app/ https://js.stripe.com/v3/ api.tiles.mapbox.com https://*.hotjar.com/ https://unpkg.com/web-vitals/ static.webtest.eberry.digital https://script.hotjar.com/ https://cloud.cention.com https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://widget.ybug.io https://ybug.io static.webprod.eberry.digital static-north.webprod.eberry.digital consent.cookiebot.com consentcdn.cookiebot.com pagead2.googlesyndication.com pagead2.googlesyndication.com https://www.thehotelsnetwork.com https://js.sentry-cdn.com https://static.proposales.com/embed.js https://consent.cookiebot.com http://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com/ https://static.cention.com/ https://*.adyen.com;frame-src https://www.youtube.com https://www.facebook.com https://www.google.com/recaptcha/ https://download.yourgift.cards/ https://cdn.giftup.app/ https://inbound.giftup.app/ https://js.stripe.com/ https://social.loopon.com/ https://tbs.tradedoubler.com https://vars.hotjar.com/ https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://widget.ybug.io https://ybug.io pagead2.googlesyndication.com https://www.thehotelsnetwork.com https://bookingengine-mp.s3.eu-west-2.amazonaws.com https://www.thehotelsnetwork.com/ https://consentcdn.cookiebot.com https://gum.criteo.com/;media-src https://www.youtube.com https://youtu.be videos.ctfassets.net;connect-src 'self' analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com https://inbound.giftup.app/ api.mapbox.com events.mapbox.com sgtm.nordicchoicehotels.se https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://cloud.cention.com wss://cloud.cention.com https://www.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://widget.ybug.io https://ybug.io consent.cookiebot.com consentcdn.cookiebot.com pagead2.googlesyndication.com https://www.google.com/pagead/ https://www.thehotelsnetwork.com https://js.sentry-cdn.com https://cdn.linkedin.oribi.io https://secure.proposales.com https://www.thehotelsnetwork.com/ https://consentcdn.cookiebot.com https://*.adyen.com;worker-src blob:;child-src blob:;frame-ancestors self https://app.contentful.com 5
frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 5
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 5
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com wheelprossupport.zendesk.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; form-action 'self' https:; object-src https:; media-src blob: data: https:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://static.mysph.sph.com.sg;upgrade-insecure-requests; 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
frame-ancestors 'self' https://rewards.theexcellencecollection.com https://tecloyalty.c5.stage.livecms.site; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 5
frame-ancestors 'self' https://*.probikeshop.fr https://*.probikeshop.it https://*.bikeshop.es https://*.probikeshop.de https://*.probikeshop.pt https://*.probikeshop.com https://*.probikeshop.ch; 5
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 5
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; 5
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 5
media-src * 5
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; 5
'self' https://ajax.googleapis.com 5
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 5
object-src 'self' data: 5
frame-ancestors 'self' *.betssongroupaffiliates.com 5
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 5
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 5
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 5
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 5
frame-ancestors 'self' https://*.imperva.com 5
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; block-all-mixed-content; upgrade-insecure-requests 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' ws://localhost:1234/ https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com  https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 5
default-src *;   img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 5
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 5
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' scout.salesloft.com scout-cdn.salesloft.com *.driftt.com widget.drift.com *.smartrecruiters.com *.clickagy.com *.zoominfo.com *.coveo.com *.fluidads.com *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com c.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.terminus.services *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net; report-uri /api/csp-report 5
default-src 'self' data: *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.datatrics.com *.vimeo.com vimeo.com *.vimeocdn.com *.companda.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com *.optimize.google.com optimize.google.com googleoptimize.com *.googleoptimize.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.datatrics.com *.vimeo.com vimeo.com *.vimeocdn.com *.companda.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com *.optimize.google.com optimize.google.com googleoptimize.com *.googleoptimize.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.datatrics.com *.vimeo.com vimeo.com *.vimeocdn.com *.companda.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com *.optimize.google.com optimize.google.com googleoptimize.com *.googleoptimize.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wpsandwatch.com *.wpsandwatch.net *.collect.igodigital.com *.adyen.com apps.bazaarvoice.com whirlpool-cdn.thron.com *.algolianet.com *.algolia.net *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.sentry.io *.newrelic.com *.nr-data.net *.bazaarvoice.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.youtube.com *.ytimg.com https://flagcdn.com s3-eu-west-1.amazonaws.com *.execute-api.eu-west-1.amazonaws.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.paypal.com *.kitchenaid.ie *.airpr.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.hotjar.io *.dwin1.com *.awin1.com *.zenaps.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.upsellit.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://osm.klarnaservices.com/lib.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css; img-src * data: ; media-src *; frame-src *; frame-ancestors 'self' 5
img-src * 5
frame-ancestors 'self' https://app.socialscreen.com 5
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 5
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 5
frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com  http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/; object-src 'none'; 5
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5
default-src'self' 5
frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 5
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 4
frame-ancestors 'self' https://*.al-array.com/ 4
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 4
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-T7wrECq1xn0YM2QLoh1E2M9Uqf6wfmt2noqlHUzD+xk=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 4
default-src 'self' *.livejournal.com *.livejournal.net *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru ad.mail.ru api.giphy.com cdn.ampproject.org cdn.jsdelivr.net content.adriver.ru *.criteo.com *.criteo.net cstatic.weborama.fr data00.adlooxtracking.com data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com j.adlooxtracking.ru js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.weborama.fr static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com wcm-ru.frontend.weborama.fr weborama.fr *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.mail.ru api.giphy.com cdn.ampproject.org cls.ad-tech.ru *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: youtube.com *.youtube.com; child-src 'self' blob:; 4
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; media-src 'self' blob: data: https:; font-src 'self' data: https://jac.yahoosandbox.com https://use.typekit.net https://cdn.vidible.tv https://cdnjs.cloudflare.com https://fonts.gstatic.com https://s0.wp.com ; 4
script-src 'self' *.bac-assets.com cdn.cookielaw.org *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com api.boldchat.com anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com autocomplete.demandbase.com https://static.redhat.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 4
frame-ancestors 'self' https://*.rapid7.com 4
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 4
frame-ancestors https://*.mongodb.com 4
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com *.viceops.net 4
frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com *.autotask.net; report-uri https://www.datto.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 4
default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; report-uri /webhooks/csp-report; 4
default-src *.asus.com *.asus.com.cn *.freshworksapi.com https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' *.asus.com; 4
frame-ancestors *.gallupatwork.com *.gallup.com 4
object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 4
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.youtube.com https://platform.twitter.com https://p.trellocdn.com https://embedr.flickr.com https://widgets.flickr.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://code.highcharts.com https://content-service.ilo.org https://static.dwdn.net https://stats.datawrapper.de https://datawrapper.dwcdn.net https://ilc-live-2021-nea3b.ondigitalocean.app/; style-src 'self' 'unsafe-inline' 'report-sample' https://content-service.ilo.org https://fonts.googleapis.com https://www.gstatic.com https://www.youtube.com https://platform.twitter.com; img-src 'self' data: https://i.ytimg.com *.google-analytics.com https://www.ilo.org https://www.googletagmanager.com https://images.prismic.io https://syndication.twitter.com https://ilc-live-2021-nea3b.ondigitalocean.app https://pbs.twimg.com https://embedr.flickr.com *.staticflickr.com https://maps.gstatic.com *.googleapis.com *.ggpht.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://www.googletagmanager.com https://content-service.ilo.org https://global-forum-2022.prismic.io https://ilc-live-2021-nea3b.ondigitalocean.app https://maps.googleapis.com https://embedr.flickr.com; media-src 'self' *.oc.cetc.blue; object-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://audio.ilo.org; child-src 'self' https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://player.vimeo.com https://datastudio.google.com https://platform.twitter.com https://walls.io https://www.flickr.com https://www.facebook.com https://www.linkedin.com; frame-src 'self' https://youtube.com https://www.youtube.com https://player.youku.com https://syndication.twitter.com https://www.google.com https://w.soundcloud.com https://jotalab.com https://www.youtube-nocookie.com https://datawrapper.dwcdn.net https://player.vimeo.com https://datastudio.google.com https://www.googletagmanager.com https://platform.twitter.com https://walls.io https://www.flickr.com https://www.facebook.com https://www.linkedin.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://adestra.ilo.org/ https://ilo.msgfocus.com/; base-uri 'self'; manifest-src 'self'; report-to default 4
frame-src self *.microfocus.com *.ubembed.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://microfocus-education.sabacloud.com https://recaptcha.net https://html5-player.libsyn.com/; frame-ancestors self *.microfocus.com https://microfocus.lookbookhq.com https://microfocus-education.sabacloud.com https://recaptcha.net https://microfocuspartner.force.com; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 4
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 4
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 4
default-src 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com yolacom.yolacdn.net www.yola.com unpkg.com *.yolacdn.net polyfill.io cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.yola.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com ts.w.org *.wikimedia.org www.youtube.com wp-themes.com data: blob:;frame-ancestors 'self'; form-action 'self'; 4
default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://platform.linkedin.com https://embed.typeform.com https://js.driftt.com https://widget.drift.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://click.appcast.io https://bat.bing.com https://*.clarity.ms https://epam.widget.insent.ai https://www.redditstatic.com https://*.cookiepro.com https://*.onetrust.com https://rum-static.pingdom.net https://access.epam.com https://static.cloudflareinsights.com https://*.epam.com https://*.google-analytics.com https://maps.googleapis.com https://*.amplitude.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://embed.typeform.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://*.cookiepro.com https://*.onetrust.com https://cookies-data.onetrust.io https://apm-cluster6.cloudapp.epam.com https://apm-cluster12.cloudapp.epam.com https://access.epam.com https://service.infongen.com https://t.visitorqueue.com https://cdn.linkedin.oribi.io wss://*.epam.com https://*.epam.com https://www.googletagmanager.com https://*.amplitude.com https://*.cloudapp.epam.com https://maps.googleapis.com;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://api.linkedin.com https://form.typeform.com https://player.vimeo.com https://embed.podcasts.apple.com https://js.driftt.com https://widget.drift.com https://optimize.google.com https://epam.widget.insent.ai;img-src 'self' * data: blob: about: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com https://*.epam.com http://*.epam.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com https://i.vimeocdn.com https://unpkg.com https://online.swagger.io;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com https://*.hotjar.com https://*.epam.com;frame-ancestors 'self';report-uri /services/interaction/csp-report;report-uri /info/services/csp-report 4
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 4
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://cookies-data.onetrust.io https://eu.cobrowse.pega.com https://euassets.cobrowse.pega.com https://eur01.safelinks.protection.outlook.com https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://widget.euw1.chat.pega.digital sc-static.net;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 4
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 4
connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru chatwoot.selectel.ru wss://chatwoot.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://analytics.google.com https://statuspal.io/api/v2/status_pages/selectel/summary https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://selectel.ru https://top-fwz1.mail.ru https://tracker.softcube.com https://web.popmechanic.ru leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.google-analytics.com www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru chatwoot.selectel.ru https://api.mindbox.ru/ https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://s.ytimg.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com mc.yandex.ru personalization-web-stable.mindbox.ru selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://personalization-web-stable.mindbox.ru/; upgrade-insecure-requests; 4
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 4
connect-src 'self' data: blob: https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://*.etrusted.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com; form-action 'self' www.facebook.com feldtest.gigaset.com security.gigaset.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com accounts-eu.freshworks.com partner-service.gigaset.com; frame-ancestors 'self' www.gigaset.com *.etracker.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com https://*.etrusted.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu gigaset.my.salesforce-sites.com https://*.etrusted.com; 4
object-src 'none'; frame-ancestors *.tim.it; 4
frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com *.salesforce-sites.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' *.salesforce-sites.com 4
frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 4
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 4
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net ; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.vimeo.com/ apply.refline.ch https://engie.taleo.net/ www.google.com/ www.buzzsprout.com/ equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com; frame-ancestors 'self' https://n3g.4projects.com  n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.vimeo.com/ https://engie.taleo.net/; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com; upgrade-insecure-requests 4
frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net 4
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  intent:  wss://127.0.0.1:*  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://analytics.google.com  https://balancechecks.tx-gate.com  https://cloud.mail.lidl.de  https://dmp.theadex.com  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://h.online-metrix.net  https://lidlde.int.userwerk.com  https://tracking.s24.com  https://www.google-analytics.com  https://www.lacmp.net  https://www.moebel.de  https://*.tailortool.de  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  intent:  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.mynetfair.com  https://*.paypal.com  https://*.sit.sys.odj.cloud  https://*.vrxs.de  https://api.theadex.com  https://ar.lidl.com  https://balancechecks.tx-gate.com  https://facebook.com  https://h.online-metrix.net  https://lidl-giftcard.eu  https://lidlde.int.userwerk.com  https://*.sit.az.odj.cloud  https://review.apps.01.cf.eu01.stackit.cloud  https://www.edge-cdn.net  https://www.lidl-gewinnspiel.de  https://www.lidl-giftcard.eu; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  moz-extension:  https://*.adition.com  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.pubmatic.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://balancechecks.tx-gate.com  https://contextual.media.net  https://dmp.theadex.com  https://event.yoochoose.net  https://facebook.com  https://h.online-metrix.net  https://lh3.googleusercontent.com  https://lidlde.int.userwerk.com  https://match.sharethrough.com  https://pubsaf.global.ssl.fastly.net  https://sync.outbrain.com  https://translate.google.com  https://via.placeholder.com  https://visitor.omnitagjs.com  https://www.google-analytics.com  https://*.tailortool.de; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://*.lidl-info.com  https://*.online-metrix.net  https://facebook.com  https://h.online-metrix.net; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://adservice.google.de  https://ajax.googleapis.com  https://api.theadex.com  https://balancechecks.tx-gate.com  https://cdn.ravenjs.com  https://cloud.mail.lidl.de  https://cm.g.doubleclick.net  https://code.etracker.com  https://dmp.theadex.com  https://dsp.adfarm1.adition.com  https://facebook.com  https://h.online-metrix.net  https://lidlde.int.userwerk.com  https://s.ytimg.com  https://tracking.s24.com  https://www.dwin1.com  https://www.etracker.de  https://www.google-analytics.com  https://www.googleadservices.com  https://www.lacmp.net  https://www.moebel.de  https://*.tailortool.de; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.parcellab.com  https://*.sit.sys.odj.cloud  https://facebook.com; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://*.sit.az.odj.cloud; 4
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://*.hotjar.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com  https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com; style-src 'self' 'unsafe-inline' https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://ka-p.fontawesome.com https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://px.ads.linkedin.com https://vc.hotjar.io https://tr.snapchat.com https://kit.fontawesome.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://*.hotjar.com https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-src 'self' https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://www.google.com https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 4
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4
frame-ancestors 'self' *.lpl.com; 4
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.contentful.com 'self' 4
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__ 4
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 4
frame-ancestors 'self' https://*.facebook.com https://*.google.com 4
default-src 'self' data: https://*.commerce.gov https://www.eda.gov https://eda.gov https://*.eda.gov https://unpkg.com https://*.basemaps.cartocdn.com https://*.vimeo.com https://*.googletagmanager.com https://polyfill.io https://www.googletagmanager.com https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://emenuapps.ita.doc.gov https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://app.powerbigov.us https://*.googleapis.com https://www.youtube-nocookie.com https://api.data.gov https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 4
frame-ancestors 'self' app.storyblok.com; 4
frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com *.loudcrowd.com *.lookaside.fbsbx.com 4
frame-ancestors 'self' https://*.vfc.coremedia.cloud https://digital.vfc.com; child-src * blob:; worker-src * blob:; img-src * *.contentsquare.net blob: data:; connect-src * *.contentsquare.net blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: t.contentsquare.net contentsquare.com blob: 4
default-src 'self' https:; font-src 'self' data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; frame-ancestors vtr.com *.vtr.com ww2.movistar.cl/*; 4
frame-ancestors 'self' https://mgmt-prod-gcp.keurig.com; 4
frame-ancestors 'self' *.maxon.net 4
frame-ancestors 'self' commander.weatherops.com 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 4
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 4
frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 4
default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 4
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.botframework.com https://maps.googleapis.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io https://*.traumgutscheine.com https://myincert.com https://*.myincert.com; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://*.playertec.de https://api.siteimprove.com https://directline.botframework.com wss://directline.botframework.com https://powerva.microsoft.com https://maps.googleapis.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://api.userback.io https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at; frame-ancestors 'self' https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://maps.gstatic.com https://fonts.gstatic.com; child-src blob: https://www.traumgutscheine.com https://railtours.traumgutscheine.com; 4
upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.googleapis.com *.bing.com *.virtualearth.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 4
upgrade-insecure-requests; frame-ancestors 'none'; 4
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://ab-eu-prod-partner-locator.s3-eu-central-1.amazonaws.com/partnerlocator-bundle.js https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co/6si.min.js https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.allbound.eu/v5/public/ https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://ipv6.6sc.co https://*.hs-banner.com https://*.linkedin.oribi.io/event https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; 4
default-src 'self' www.app5.unisys.com js.qualified.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intentsify.io acdn.adnxs.com *.techtarget.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com js.qualified.com www.googleadservices.com *.optimizely.com *.twitter.com *.gartner.com cdn.pdst.fm www.gstatic.com *.6sc.co t.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com https://js.ipredictive.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.gartner.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.ipredictive.com www.googletagmanager.com *.contentsquare.net https://cdn.optimizely.com; font-src 'self' *.gartner.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' https://logx.optimizely.com *.techtarget.com *.demandbase.com https://*.optimizely.com https://us-central1-adaptive-growth.cloudfunctions.net *.optimizely.com *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src 'self' *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src *; worker-src 'self' blob: data: 4
frame-ancestors 'self' https://kisanuat.bankofbaroda.co.in https://kisan.bankofbaroda.com https://ams.techmahindra.com;upgrade-insecure-requests; block-all-mixed-content; 4
frame-ancestors https://www.cedars-sinai.org/ https://aem-dispatcher-dev.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 4
upgrade-insecure-requests ; 4
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 4
default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: *.googleapis.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.vwo.com *.visualwebsiteoptimizer.com widget.trustpilot.com *.zdassets.com brightdata.zendesk.com assets.brightdata.com *.userway.org cdn.mxpnl.com *.mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.thesmilingelbows.com *.bing.com *.clarity.ms p.clarity.ms *.baidu.com *.lfeeder.com widget.intercom.io *.linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.hsforms.net *.hsforms.com *.oribi.io *.gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.facebook.net *.facebook.com *.capterra.com *.netstar-inc.com *.gstatic.com yastatic.net cdn.datatables.net *.fleeq.io *.redditstatic.com *.6sc.co *.quora.com widget-mediator.zopim.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th  *.google.co.kr  *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.comeet.com *.reddit.com *.6sense.com *.ipqualityscore.com; frame-ancestors 'self'; worker-src blob:; report-uri https://brightdata.com/web_api/report_csp 4
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 4
frame-ancestors 'none'; object-src 'none' 4
default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *;  navigate-to *; connect-src *; 4
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in www.googleoptimize.com cdn.cookielaw.org privacyportal.onetrust.com *.clickagy.com  *.demandbase.com match.prod.bidr.io id.rlcdn.com *.company-target.com vimeo.com *.licdn.com *.linkedin.oribi.io *.hsforms.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hs-scripts.com *.hsforms.net 4
frame-ancestors 'self' https://*.yahooinc.com 4
default-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com;         object-src 'none';         connect-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com         https://*.hotjar.io https://*.livechatinc.com https://www.google-analytics.com         wss://*.hotjar.com https://nominatim.openstreetmap.org https://cloud.elegantthemes.com         https://api.signalize.com https://*.analytics.google.com https://analytics.google.com         https://*.hotjar.com https://www.etracker.de https://www.google.com.pk         https://get663.com https://www.google.de wss https://stats.g.doubleclick.net https://adservice.google.com         https://nitropack.io https://hornetsecurity.matomo.cloud https://yoast.com         https://to.getnitropack.com https://www.hornetsecurity.com https://api.wppopupmaker.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu;         script-src-elem 'self' 'unsafe-inline' blob: https://*.hornetsecurity.com https://*.nitrocdn.com         https://nitroscripts.com https://script.hotjar.com         https://www.googleadservices.com https://static.ads-twitter.com         https://cdn.jsdelivr.net https://*.kaspersky-labs.com https://pi.pardot.com https://*.livechatinc.com         https://api.signalize.com https://snap.licdn.com https://www.redditstatic.com https://connect.facebook.net         https://*.etracker.com https://tags.srv.stackadapt.com https://www.google.com https://maps.googleapis.com         https://*.hotjar.com https://www.etracker.de https://www.googletagmanager.com https://*.amazonaws.com         https://*.wistia.com https://fast.wistia.net https://platform.twitter.com http://cdn.livechatinc.com         http://cdn.pardot.com https://bat.bing.com https://www.gstatic.com https://www.google-analytics.com         https://nitropack.io https://cdn.matomo.cloud https://www.youtube.com https://cdnjs.cloudflare.com res;         worker-src blob: 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com;         style-src-elem 'self' 'unsafe-inline' https://*.hornetsecurity.com https://*.nitrocdn.com         https://www.googletagmanager.com https://api.signalize.com https://www.gstatic.com         https://use.fontawesome.com https://unpkg.com https://stackpath.bootstrapcdn.com https://*.googleapis.com         https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://adblockers.opera-mini.net         https://*.kaspersky-labs.com https://fast.wistia.com data https://www.hornetsecurity.com;         frame-src 'self' https://lcweb.dikelicensing.com https://*.hornetsecurity.com https://*.nitrocdn.com         https://www.youtube-nocookie.com https://*.livechatinc.com https://html5-player.libsyn.com         https://fast.wistia.net https://fast.wistia.com https://www.altaro.com https://www.youtube.com https://*.frcapi.com;         media-src 'self' https://*.hornetsecurity.com https://*.nitrocdn.com         https://cdn.livechatinc.com data https://ssl.gstatic.com;         img-src 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com https://www.linkedin.com         https://*.openstreetmap.org         https://ps.w.org https://cdn.gravity.com https://www.google-analytics.com https://bat.bing.com         https://www.facebook.com https://t.co https://px.ads.linkedin.com https://cdn.livechat-static.com         https://www.elegantthemes.com https://analytics.twitter.com https://alb.reddit.com https://www.google.com.ni         https://googleads.g.doubleclick.net android-webview-video-poster https://www.google.com.vn https://*.wistia.com         https://fast.wistia.net https://www.google.cn https://spamina.com https://www.google.az https://www.google.bs         https://www.google.mg https://www.google.com.tw https://www.google.com.lb https://www.google.com.ua         https://yastatic.net https://www.google.co.ug https://www.google.com.bo https://www.google.mn         https://www.google.com.qa https://www.google.co.bw https://www.hornetsecurity.com https://www.google.co.zw         https://www.google.com.kw blob file https://youtu.be https://www.google.is https://umt.ag https://www.google.iq         https://www.google.com.bn https://www.gstatic.com https://nitropack.io https://pos.baidu.com https://www.google.com.om https://www.google.sc https://www.google.sn https://assets.msn.com https://hornetsecurity.matomo.cloud https://www.google.com.jm https://www.google.am https://seclinks.cloud-security.net https://www.heise.de https://www.google.de https://www.google.com https://www.google.tg;         script-src eval 'self' 'unsafe-inline' 'unsafe-eval' https://*.hornetsecurity.com https://*.nitrocdn.com https://www.google.com https://cdn.livechatinc.com https://cdn.matomo.cloud https://www.youtube.com;         frame-ancestors 'self' https://*.hornetsecurity.com https://*.nitrocdn.com;         style-src 'self' 'unsafe-inline' https://*.hornetsecurity.com https://*.nitrocdn.com https://fonts.googleapis.com;         font-src 'self' data: https://*.hornetsecurity.com https://*.nitrocdn.com https://fonts.cdnfonts.com         https://fonts.gstatic.com https://cdn.livechatinc.com         https://github.com https://cdnjs.cloudflare.com;         child-src blob;         base-uri about https://www.xing.com; 4
frame-ancestors 'self' *.sportradarserving.com sportradarserving.com 4
img-src 'self' cbpssubscriber.mygov.in img.youtube.com *.s3waas.gov.in secure.gravatar.com data: www.nic.in informatics.nic.in xn--m1bet4hqd2b.xn--h2brj9c xn--m1bet4hqd2b.xn--h2brj9c;connect-src 'self' *.s3waas.gov.in www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in data: 4
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 4
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app jsv3.recruitics.com cse.google.com cdn.cookielaw.org www.redditstatic.com tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io ngc.avature.net/ngctalent www.googletagmanager.com www.youtube.com www.youtube.com/iframe_api code.jquery.com https://d35vb5cccm4xzp.cloudfront.net;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app jsv3.recruitics.com www.google.com www.redditstatic.com cse.google.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cdn.cookielaw.org ngc.avature.net ngc.avature.net/ngctalent www.googletagmanager.com code.jquery.com www.youtube.com www.youtube.com/iframe_api https://d35vb5cccm4xzp.cloudfront.net;connect-src 'self' *.vercel.app stats.g.doubleclick.net www.google-analytics.com www.googleapis.com privacyportal.onetrust.com api.company-target.com geolocation.onetrust.com cdn.cookielaw.org ngc.avature.net ngc.avature.net/ngctalent vitals.vercel-insights.com api-engage-us.sitecorecloud.io discover.sitecorecloud.io/;base-uri 'self';form-action 'self';font-src 'self' *.vercel.app ngc.avature.net ngc.avature.net/ngctalent use.typekit.net data:;style-src 'self' 'unsafe-inline' *.vercel.app ngc.avature.net www.google.com ngc.avature.net/ngctalent use.typekit.net p.typekit.net;frame-src 'self' *.vercel.app *.doubleclick.net login.goservicepro.com https://jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net ngc.avature.net/ngctalent jsv3.recruitics.com www.portalstospace.com cdn.prd.ngc.agencyq.site cdn.ngc.agencyq.site cdn-uat.northropgrumman.com www.northropgrumman.com www.youtube.com w.soundcloud.com data: blob:;img-src 'self' *.vercel.app *.doubleclick.net alb.reddit.com ngc.avature.net www.google.com alb.reddit.com segments.company-target.com www.google-analytics.com www.googletagmanager.com id.rlcdn.com ngc.avature.net/ngctalent cdn.cookielaw.org cdn.prd.ngc.agencyq.site wordpressagencyq.azurewebsites.net cdn.ngc.agencyq.site cdn-uat.northropgrumman.com www.northropgrumman.com img.youtube.com/ data:;media-src 'self' *.vercel.app ngc.avature.net ngc.avature.net/ngctalent cdn.prd.ngc.agencyq.site cdn.uat.ngc.agencyq.site cdn.ngc.agencyq.site cdn-uat.northropgrumman.com www.northropgrumman.com img.youtube.com data:; 4
frame-ancestors 'self' *.hillspetnutrition.com; 4
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 4
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com *.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  *.nr-data.net *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com  dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com *.aumago.com *.driftqa.com *.scribblecdn.net *.esg-global.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.clickagy.com *.nimblestory.com *.usemessages.com *.stackadapt.com *.googlesyndication.com ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net *.w55c.net *.demandbase.com *.company-target.com *.gstatic.com *.tiqcdn.com *.marketo.net *.newrelic.com *.facebook.net *.ads-twitter.com *.burly.io *.bizographics.com *.nr-data.net *.licdn.com *.tt.omtrdc.net *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com *.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.ubembed.com *.driftt.com *.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com *.adobe.com *.consensu.org *.bizible.com *.theadex.com *.aumago.com *.zoominfo.com *.clickagy.com *.redditstatic.com *.quantcount.com *.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hubapi.com *.hsforms.net *.hsforms.com geolocation-db.com *.drift.com *.jquery.com *.google.com *.hscollectedforms.net *.jsdelivr.net *.stackadapt.com *.googlesyndication.com *.simpleanalyticscdn.com; img-src * data: *; font-src 'self' *.google.com *.googleadservices.com; connect-src 'self' *.vwo.com *.demdex.net *.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com *.aumago.com *.google-analytics.com *.6sc.co *.adnxs.com *.vidyard.com *.6sense.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com api.hubapi.com *.hsforms.net *.hsforms.com *.s3.amazonaws.com *.drift.com *.clickagy.com *.facebook.com *.zoominfo.com geolocation-db.com cdn.linkedin.oribi.io *.hubspot.com *.hscollectedforms.net *.stackadapt.com *.google.com *.googletagmanager.com *.googleadservices.com google.com  *.googlesyndication.com *.linkedin.com ; report-uri /admin/config/system/seckit/csp-report 4
frame-src https://www.google.com https://app.hubspot.com https://forms.hsforms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js https://js.hsforms.net/forms/embed/v2.js https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com/v1/taas; 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 4
referrer no-referrer 4
frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 4
frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 4
frame-ancestors https://*.cspire.com:* 4
font-src 'self' www.alertlogic.com *.youtube.com *.fontawesome.com  *.intercomcdn.com *.google.com fonts.gstatic.com *.neverbounce.com data: 'unsafe-inline' 'unsafe-eval' data:; 4
default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval' 4
form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 4
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.api.bazaarvoice.com *.attentivemobile.com *.attn.tv *.bazaarvoice.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liadm.com *.mag.bazaarvoice.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com gepi.global-e.com webservices.global-e.com/ https://intgepi.bglobale.com https://gepi.bglobale.com https://www.bglobale.com/ https://web.global-e.com/ https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; upgrade-insecure-requests ; 4
frame-ancestors 'self' https://lojaonline.nos.pt 4
frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 4
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com code.jquery.com *.cloudinary.com cdn.cookielaw.org pr.globenewswire.com *.trustpilot.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.google-analytics.com *.youtube.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn https://static.meiqia.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.googleapis.cn pr.globenewswire.com *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png platform.twitter.com/css/ *.twimg.com data: blob: img.youtube.com hms-networks.com *.hms-networks.com *.intesis.com *.ixxat.com *.ewon.biz *.anybus.com *.sitefinity.cloud *.livechat-static.com *.livechat-files.com *.livechatinc.com *.cloudinary.com *.dynamics.com *.windows.net *.cookielaw.org pr.globenewswire.com ml-eu.globenewswire.com https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.azureedge.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com *.googletagmanager.com *.wistia.net *.hms-networks-data.com *.zdusercontent.com *.meiqia.com *.meiqiausercontent.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: fonts.gstatic.cn *.googleapis.cn cdnjs.cloudflare.com pr.globenewswire.com *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.alicdn.com; frame-src 'self' *.dynamics.com *.livechatinc.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com api.stockdio.com *.intesis.com www.google.com www.bihl-wiedemann.de pr.globenewswire.com *.trustpilot.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com *.azureedge.net *.google-analytics.com *.youtube.com cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.googletagmanager.com *.hms-networks.com *.wistia.net *.hms-networks-data.com *.swwtech.cn *.zendesk.com *.zdusercontent.com *.qq.com *.youku.com hms.neckarfreunde.net *.jacando.io *.cloudinary.com cloudinary.com licensing.bihl-wiedemann.de web-chat.nativechat.com; connect-src 'self' accounts.google.com cdn.linkedin.oribi.io cdnjs.cloudflare.com *.cloudinary.com *.onetrust.com cdn.cookielaw.org pr.globenewswire.com *.windows.net *.dynamics.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn *.meiqia.com wss://*.meiqia.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net; media-src 'self' data: blob: *.cloudinary.com pr.globenewswire.com ml-eu.globenewswire.com t2mstatus.com api.stockdio.com *.hms-networks.com *.azureedge.net *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com console.cloudinary.com cloudinary.com blob: *.youku.com pr.globenewswire.com *.trustpilot.com hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com *.dynamics.com *.google.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn media.hms-networks.com 'self' web-chat.nativechat.com; frame-ancestors 'self' *.bihl-wiedemann.de *.hms-networks-data.com hms-stg.sitefinity.cloud *.hms-networks.com hms-local.sitefinity.cloud *.zendesk.com *.zdusercontent.com 4
default-src 'self'; connect-src https: wss:; font-src https:; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 4
frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 4
frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 4
default-src 'self' data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;frame-src 'self' 'unsafe-inline' https://indd.adobe.com https://www.careerarc.com https://wwwsitecorecom.azureedge.net https://www.facebook.com https://www.google.com https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://w.soundcloud.com/ https://my.walls.io/ https://webinars.sitecore.com;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/gtm.js https://maps.googleapis.com/ 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://*.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net *.google-analytics.com *.google.com *.google.bg *.googletagmanager.com https://maps.googleapis.com/ https://www.gstatic.com https://*.jquery.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://*.rainfocus.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://api-engage-us.sitecorecloud.io https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js https://walls.io;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://*.rainfocus.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://community.sitecore.net https://community.sitecore.com https://sitecore--c.na116.content.force.com https://sitecore.file.force.com https://www.facebook.com *.google-analytics.com *.google.com *.google.bg *.google.ca *.google.dk https://maps.gstatic.com/ https://maps.googleapis.com/ *.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://*.rainfocus.com https://sitecorecdn.azureedge.net/ https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://symposium.sitecore.com https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://*.rainfocus.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://api-engage-us.sitecorecloud.io;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net https://sitecorecdn.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 4
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://snap.licdn.com https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://dev.visualwebsiteoptimizer.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googleoptimize.com; img-src 'self' https: data: blob:; connect-src 'self' https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fb-capi.rapyd.net https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://dev.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com 4
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 4
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://www.mdon-line.com/ https://inovalon.canto.com; 4
default-src *.crazyegg.com *.cognigy.ai blob: wss: https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; object-src 'self' blob:; media-src data:; 4
frame-ancestors 'self' https://olbsupport.cbvoyager.com https://banking.commercebank.com https://bankingapi.commercebank.com https://loans.commercebank.com https://solutions.commercebank.com https://go.pardot.com https://pi.pardot.com https://sb.commercebank.com/legacybillpayenrollment https://view.ceros.com https://transact.commercebank.com/ 4
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://*.contentsquare.net https://onesignal.com https://*.googleapis.com https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://documentservices.adobe.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.kching.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://*.googleapis.com; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob:;  4
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com *.apiairasia.com; frame-ancestors 'self'; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com apiairasia.com *.apiairasia.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 4
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com 4
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 4
object-src 'none'; frame-ancestors 'self' 4
frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 4
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src blob: 4
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 4
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 4
child-src 'self';worker-src * blob: 'unsafe-inline';font-src * data: 'unsafe-inline';frame-ancestors *;frame-src *;script-src-attr * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 4
default-src 'self' *.crazyegg.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js  https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/  *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://analytics.google.com/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com  https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/  https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/  https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/  https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 4
frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 4
frame-ancestors 'self' https://dashboard.sitew.com https://www.sitew.com; 4
base-uri 'self'; connect-src 'self' www.linkedin.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com script.hotjar.com img.youtube.com px4.ads.linkedin.com pro-myaccount-avatar.s3.eu-west-1.amazonaws.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es  mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com assets.universia.net assets.dispatcher.universia.net www.google.ie dispatcher.universia.net www.facebook.com api-manager.universia.net cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com; default-src 'self'; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.google.com td.doubleclick.net track.adform.net www.facebook.com sso.universia.net; img-src 'self' non-productive-alfred-s3.s3.eu-west-1.amazonaws.com www.universia.net api-manager.universia.net img.youtube.com assets.universia.net assets.dispatcher.universia.net pro-myaccount-avatar.s3.eu-west-1.amazonaws.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-dubi13asf985gfGDlmsnIot' www.google.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; worker-src www.universia.net dispatcher.universia.net; 4
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 4
default-src 'self'; img-src 'self' wss://*.caas4prd.worldline-solutions.com *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net cdn.cookielaw.org www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com cdn.cookielaw.org snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com cdn.cookielaw.org files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' wss://*.caas4prd.worldline-solutions.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net cdn.cookielaw.org privacyportal-eu.onetrust.com *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com geolocation.onetrust.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net cookies-data.onetrust.io vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; frame-ancestors 'self' https://frontend-v2.ocularium.be; 4
frame-ancestors https://app.contentful.com; base-uri 'self'; object-src 'self'; media-src 'self' https://videos.ctfassets.net; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://info.hireright.com https://www.youtube.com https://lpcdn.lpsnmedia.net https://assets.ctfassets.net; form-action 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://www.google.co.in https://www.linkedin.com https://*.ads.linkedin.com *.analytics.google.com https://lpcdn.lpsnmedia.net https://ha.prelytix.com https://b.6sc.co https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://dpm.demdex.net https://stags.bluekai.com *.agkn.com https://aorta.clickagy.com https://images.ctfassets.net https://cdn.sanity.io https://j.mrpdata.net https://px.ads.linkedin.com https://pixel-sync.sitescout.com *.rlcdn.com https://us-u.openx.net https://sync.crwdcntrl.net *.doubleclick.net *.clarity.ms https://c.bing.com https://*.google.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://j.6sc.co/6si.min.js http://info.hireright.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com *.doubleclick.net https://tags.clickagy.com *.pardot.com https://ws.zoominfo.com https://snap.licdn.com *.rlcdn.com *.clarity.ms https://www.youtube.com *.liveperson.net *.lpsnmedia.net https://assets.ctfassets.net; connect-src 'self' https://*.analytics.google.com https://*.googletagmanager.com https://ws.zoominfo.com https://aorta.clickagy.com https://secure.adnxs.com https://c.6sc.co/ https://ipv6.6sc.co/ https://analytics.google.com https://cdn.linkedin.oribi.io https://cdn.contentful.com *.google-analytics.com *.analytics.google.com *.algolianet.net *.algolianet.com *.algolia.net *.clickagy.com *.doubleclick.net https://insights.algolia.io *.clarity.ms https://hireright-com-resources-prod.netlify.app https://hireright-com-blog-prod.netlify.app https://hireright-com-pdfs-prod.netlify.app https://hireright-com-services-prod.netlify.app https://hireright-com-industries-prod.netlify.app https://hireright-com-campaign-prod.netlify.app; 4
frame-ancestors resources.levelaccess.com 'self'; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'  https://s45061.pcdn.co *.cloudfront.net https://tracking.g2crowd.com https://static.addtoany.com https://js.adsrvr.org https://cdn.wmxtools.com https://www.influ2.com https://ct.capterra.com https://fast.wistia.com *.wistia.com https://gdata.youtube.com https://www.adnxs-simple.com https://www.adnxs.com https://www.googletagservices.com https://s43627.pcdn.co *.s43627.pcdn.co https://www.googleadservices.com https://www.doubleclick.net https://www.google.com https://ajax.googleapis.com https://boards.greenhouse.io https://bat.bing.com https://cdnjs.cloudflare.com https://cta-service-cms2.hubspot.com https://code.jquery.com https://connect.facebook.net https://cdn.bizible.com https://content.linkedin.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://dsp-creative.demandbase.com https://d.adroll.com https://forms.hsforms.com https://graph.facebook.com https://googleads.g.doubleclick.net https://google-analytics.com https://googletagmanager.com https://js.hscta.net https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.qualified.com https://j.6sc.co https://resources.levelaccess.com https://a.levelaccess.com https://learn.levelaccess.com https://m.youtube.com https://stackpath.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://app.qualified.com/ https://platform.linkedin.com https://r.bing.com https://src.litix.io https://stackpath.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://s45061.pcdn.co https://levelaccess.com/a/ https://levelaccess.com/a/previous-channels-assets/ https://s45061.pcdn.co *.googlesyndication.com *.googleadservices.com https://resources.levelaccess.com www.googletagmanager.com *.google.nl *.google.ca  *.cookiebot.com *.addtoany.com *.formhq.net *.google-analytics.com *.zoominfo.com *.wistia.net *.s45061.pcdn.co https://js.adsrvr.org https://jsv3.recruitics.com/ https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://js.adsrvr.org/up_loader.1.1.0.js; default-src 'self' https://px.ads.linkedin.com https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co https://t.influ2.com https://ws.qualified.com https://stats.g.doubleclick.net wss://ws.qualified.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.formhq.net https://api.hubapi.com *.hubapi.com https://ws.zoominfo.com https://analytics.google.com https://api.hubapi.com *.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://fast.wistia.net *.wistia.com https://yoast.com/ https://s43627.pcdn.co *.s43627.pcdn.co *.bing.com https://www.google.com https://regional.google-analytics.com *.google-analytics.com *.googlesyndication.com *.google.nl *.google.ca *.googleadservices.com *.cookiebot.com; object-src embedwistia-a.akamaihd.net; child-src 'self' data: blob: https://www.google.com https://www.doubleclick.net https://www.googlesyndication.com https://www.adnxs.com https://www.facebook.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.ub-assets.com www.cloudfront.net www.unbounce.com www.static.addtoany.com www.googletagmanager.com *.cookiebot.com; base-uri 'self' https://www.adnxs.com; form-action 'self' https://www.google.com https://www.facebook.com connect.facebook.net download.essentialaccessibility.com forms.hubspot.com forms.hsforms.com; worker-src 'self' blob: https://www.google.com; frame-src 'self' https://insight.adsrvr.org/ https://fast.wistia.net https://static.addtoany.com/ https://match.adsrvr.org/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.youtube.com https://www.cloudfront.net/ https://www.unbounce.com/ https://www.surveymonkey.com https://www.ub-assets.com/ https://app.qualified.com/ https://www.wistia.net https://www.wistia.com https://fast.wistia.com https://gdata.youtube.com https://boards.greenhouse.io https://www.hubspot.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ forms.hsforms.com https://fast.wistia.net https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://jsv3.recruitics.com/ https://code.jquery.com/jquery-3.3.1.min.js blob:; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.google.com *.licdn.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.qualified.com *.bing.com *.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com https://tagmanager.google.com/ https://s43627.pcdn.co *.s43627.pcdn.co https://s45061.pcdn.co/ https://fonts.googleapis.com/ https://code.jquery.com/jquery-3.3.1.min.js https://js.adsrvr.org  https://js.adsrvr.org/up_loader.1.1.0.js fast.wistia.com gdata.youtube.com fonts.googleapis.com s45358.pcdn.co https://levelaccess.com/a/previous-channels-assets/ https://levelaccess.com/a/previous-channels-assets/ s45358.pcdn.co https://resources.levelaccess.com www.googletagmanager.com *.s45061.pcdn.co; manifest-src 'self'; media-src 'self' https://www.levelaccess.com blob: https://app.qualified.com data:; img-src 'self' https://forms-na1.hsforms.com https://www.google.de https://ps.w.org https://cdnassets.pagely.com https://levelaccess.com https://s43627.pcdn.co *.s43627.pcdn.co *.s45061.pcdn.co https://s45061.pcdn.co https://uploads-ssl.webflow.com https://imgsct.cookiebot.com *.linkedin.com https://s.w.org *.hubspot.com *.bing.com *.6sc.co *.facebook.com *.google.co.in *.google.com *.google.ca *.google.nl *.px.ads.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com https://fast.wistia.com data: *.wistia.com https://www.googletagmanager.com https://fast.wistia.net *.capterra.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com; font-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.gstatic.com https://s45061.pcdn.co/wp-content/themes/newptheme/assets/fonts/ *.s43627.pcdn.co https://s43627.pcdn.co https://fast.wistia.com https://s0.wp.com https://cdn.rollbar.com/ https://jsv3.recruitics.com/ *.wistia.com https://cdnjs.cloudflare.com https://fast.wistia.net *.google.nl *.google.ca https://s45061.pcdn.co data:; 4
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://tmlead.pl https://optimize.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://pixel.wp.pl https://my.tealiumiq.com https://*.googleapis.com https://adservice.google.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://collect.tealiumiq.com www.google.com https://dentsu-tracking.com www.google-analytics.com https://aff.sendhub.pl https://bat.bing.com https://rejestr.santander.pl static.yourcx.io https://www.google.pl https://maps.gstatic.com https://bankmozliwosci.santander.pl https://px.ads.linkedin.com https://www.googletagmanager.com https://google.com http://www.webankieta.pl https://app.revhunter.tech 'self' data:; frame-src http://bank.santander.pl https://www.figma.com https://invis.io https://optimize.google.com https://doladuj-tutaj.blue.pl opinia.santander.pl https://www.webankieta.pl https://www.facebook.com https://cloud.webankieta.pl http://datacloud.tealiumiq.com https://santandertfi.pl https://netevent.tv https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://fundusze.santandertfi.pl https://a25315130017.cdn.optimizely.com *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://library.startquestion.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://pixel.wp.pl https://unpkg.com https://maps.googleapis.com https://santandertfi.pl https://my.tealiumiq.com https://static.site24x7rum.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://cdn.optimizely.com https://maps.google.com https://code.jquery.com https://www.gstatic.com www.google.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://www.googleoptimize.com https://tags.tiqcdn.com https://s.ytimg.com https://cloud.webankieta.pl https://snap.licdn.com https://bat.bing.com static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://santander-prod.stanusch.com https://fundusze.santandertfi.pl https://www.googletagmanager.com https://www.google-analytics.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://aplikacje-pfrportal.pl https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.facebook.com https://my.tealiumiq.com https://maps.googleapis.com https://adservice.google.com https://omnibot.santander.pl https://app.startquestion.com https://col.site24x7rum.com https://region1.analytics.google.com cf.santander.pl https://santander-prod.stanusch.com https://collect.tealiumiq.com https://www.google-analytics.com https://logx.optimizely.com https://www.startquestion.com https://errors.client.optimizely.com 'self' 4
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 4
default-src 'self' data: blob: gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.akamaized.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://media-.akamaized.net https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://consent.trustarc.com https://fonts.gstatic.com data:; script-src 'self' https://s.gihwyz.com https://cdn.pdst.fm https://*.marketo.com https://*.mktoweb.com https://consent.trustarc.com https://polyfill.io https://consent-pref.trustarc.com https://fonts.googleapis.com https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.google.com https://snap.licdn.com https://*.gsacquisition.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://cdn.linkedin.oribi.io https://s.gihwyz.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.mktoresp.com https://*.marketo.com https://*.qualtrics.com https://*.akamaized.net https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com  https://*.gsamsymposium.com  https://consent-pref.trustarc.com https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline' data:; object-src 'self'; child-src blob: gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self'  https://*.marketo.com https://*.mktoweb.com  https://t2.jiji.com https://*.qualtrics.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.doubleclick.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com  https://consent-pref.trustarc.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' https://*.qualtrics.com https://www.commercefunds.com https://p.adsymptotic.com https://ds-aksb-a.akamaihd.net https://*.google.co.in https://*.google.gr https://*.google.co.uk https://*.google.ca https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it  https://*.google.com https://*.demdex.net https://*.gsam.com https://*.gs.com https://*.ads.linkedin.com https://*.doubleclick.net https://www.linkedin.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com https://consent.trustarc.com  https://consent-pref.trustarc.com data:; style-src 'self' https://s.gihwyz.com https://*.marketo.com https://*.mktoweb.com  https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.goldmansachs.com https://*.gsipventures.com https://*.gsamsymposium.com https://fonts.googleapis.com 'unsafe-inline'; 4
font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 4
default-src 'self' https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; 4
base-uri 'self'; object-src 'none'; frame-ancestors 'self' 4
frame-ancestors 'self' localhost:* *.helios.bethss.com helios.bethss.com adobe.com 4
frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 4
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; script-src https: 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline'; object-src 'none'; connect-src 'self' https: wss: 4
frame-ancestors self; 4
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl www.edeka-reisen.de www.edeka-urlaubswelt.de www.edeka-reiselust.de www.htc-reisen.de www.mein-kleiner-urlaub.de www.bungalowpark-veluwsehoevegaerde.nl www.deriethorst.com www.drentsewold.nl f.insocial.nl strandparkzeeland.nl www.globista.de www.holidayparkhellendoorn.com www.ferienparkhellendoorn.de uptour.de test.uptour.de www.deriethorst.com www.vakantieparkdeheihorsten.nl www.vakantieparkschaijk.nl www.uptour.de; report-to csp-endpoint; report-uri https://www.roompot.nl/cspreports/ 4
default-src 'self'; script-src 'report-sample' 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://polyfill.io/v3/polyfill.min.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js; style-src 'report-sample' 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com/css2; object-src 'none'; base-uri 'self'; connect-src 'self' wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@5.5.0/ https://unpkg.com/theoplayer@5.10.0/ https://unpkg.com/theoplayer@6.2.1/ https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://var.profiles.tagger.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net; frame-src 'self' https://vrt.be https://*.vrt.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/; img-src 'self' data: https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net; worker-src 'self' blob:; report-uri https://vrtbe.report-uri.com/r/d/csp/enforce; report-to default; 4
frame-ancestors 'self'  https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 4
default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; media-src 'self' https://*.libsyn.com 4
object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; 4
frame-ancestors 'self' https://*.wapcar.my 4
default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://polyfill.io https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 4
connect-src 'self' https://*.friendlycaptcha.com/ https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com.preprod/ https://apm-web.index-education.com/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com https://metrics-apm-d01.clients.dev.france:8200 http://*.datatables.net;default-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com;frame-ancestors 'self' ;frame-src https://metrics-apm-d01.clients.dev.france:8200 *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com;object-src 'self' https://*.index-education.com.preprod *.index-education.france *.index-education.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus  https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com code.jquery.com *.datatables.net https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com https://app.mailjet.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com;font-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com https://*.index-education.com.preprod http://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self' https://*.index-education.com https://*.index-education.com.preprod ndx.plus *.ndx.plus *.linkedin.com data:; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 4
style-src https: 'unsafe-inline' 4
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 4
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net https://s.ytimg.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport/allowlist 4
base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 4
frame-ancestors  https://*.netinfo.bg/ 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src-attr * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none';frame-src * data: blob:;form-action *;base-uri 'self';object-src 'none' 4
frame-ancestors 'self' https://onlinedegree.libf.ac.uk https://www.iu-akademie.de https://www.iu.de https://www.iu-dualesstudium.de https://www.iu-kombistudium.de https://www.iu-mystudium.de https://www.iu-group.com https://www.iu-careers.com https://www.iu.org https://www.iu-university.org https://www.iu-medicalschool.de https://www.iu-akademie.de https://app.storyblok.com; 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 4
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 4
default-src 'none'; frame-ancestors 'none'; script-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com; worker-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com blob:; connect-src 'self' api.segment.io cdn.segment.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com editor.ne16.com data: blob:; frame-src 'self' https://*.appcues.com; style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline'; img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net blob: data: *; font-src 'self' fonts.gstatic.com data:; report-uri /Analytics/api/Error/Csp; 4
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si intersport.si cdnjs.cloudflare.com www.google-analytics.com www.google.com www.google.si omara.cdn-cnj.si img.cdn-cnj.si www.google.de stats.g.doubleclick.net fonts.googleapis.com cpx.smind.si cpx.smind.hr cpx.smind.rs fonts.gstatic.com www.gstatic.com www.googletagmanager.com chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com www.googleadservices.com *.paypal.com www.paypal.com ajax.googleapis.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com googleads.g.doubleclick.net www.intersport.hr *.mercator.si maps.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com tagmanager.google.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.segmentify.com *.google.com  api.instacloud.io *.cdninstagram.com *.fna.fbcdn.net fcm.googleapis.com *.vimeo.com my.matterport.com my.mpskin.com graph.instagram.com *.fitanalytics.com www.googleoptimize.com cdn.sgmntfy.com cdn.crobox.io api.crobox.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.matomo.cloud/ https://verbund.matomo.cloud https://cdnjs.cloudflare.com https://www.googleadservices.com https://analytics.verbund.com/matomo.js https://consent.verbund.com https://snap.licdn.com https://unpkg.com https://webcast.a1.net https://vjs.zencdn.net https://googleadservices.com https://www.gstatic.com https://js.anyline.com https://dev.visualwebsiteoptimizer.com https://verbundblog.disqus.com https://connect.facebook.net https://*.google.com https://*.googleapis.com https://s.ytimg.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.linkedin.com https://code.jquery.com https://platform.twitter.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://apps.verbund.at https://emea3.recruitmentplatform.com https://code.createjs.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com/cachedClickId; font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; frame-src 'self' https://consent.verbund.com https://verbund.prosiebensat1puls4.tv/ https://base.streamdiver.com/ https://my.walls.io/ https://uvp-ots.sf.apa.at https://www.google.com https://optimize.google.com https://*.disqus.com https://disqus.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://staticxx.facebook.com https://*.doubleclick.net https://*.twitter.com https://accounts.google.com https://irs.tools.investis.com https://apps.verbund.at https://consentcdn.cookiebot.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://streamer.a1.net; media-src * blob: data:; img-src 'self' https://consent.verbund.com https://content.prescreen.io https://jobdata.prescreen.io https://px.ads.linkedin.com https://webcast.a1.net https://www.pw-footprints.de https://connect.facebook.net https://*.doubleclick.net https://3662592.fls.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.google.at https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.twitter.com https://www.foto-webcam.eu https://*.it-wms.com data: https://i.ytimg.com https://www.facebook.com https://c.disquscdn.com https://referrer.disqus.com https://maps.google.com https://cx.atdmt.com https://www.verbund.com https://tr.outbrain.com; connect-src 'self' https://verbund.matomo.cloud https://analytics.verbund.com/matomo.php https://cdn.linkedin.oribi.io/partner/4825250/domain/verbund.com/token https://consent.verbund.com https://at-cdn14.streamdiver.com https://metrics.articulate.com/v1/import https://streamer.a1.net https://webcast.a1.net https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://reporting.anyline.com https://js.anyline.com https://anyline-reporting.herokuapp.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://links.services.disqus.com https://dev.visualwebsiteoptimizer.com https://emea3.recruitmentplatform.com https://www.google.com/pagead/landing; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://consent.verbund.com https://webcast.a1.net https://optimize.google.com https://c.disquscdn.com https://fonts.googleapis.com https://tagmanager.google.com; worker-src blob: https://www.verbund.com https://*.verbund.com; frame-ancestors 'self' https://energiemanagement.verbund.at; 4
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 4
default-src 'self' data: *.storyblok.com *.newmotion.com *.shellrecharge.com *.googleusercontent.com; connect-src 'self' ws: *.g.doubleclick.net *.shell.com *.storyblok.com *.recruitee.com *.hsforms.net *.hsforms.com *.hubspot.com *.google.com *.googleusercontent.com *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com *.shellrecharge.com *.oribi.io *.force.com *.site.com *.zoominfo.com; frame-ancestors 'self' *.storyblok.com *.googleusercontent.com recharge.resultsdm.com; frame-src 'self' *.g.doubleclick.net *.hsforms.net *.hsforms.com *.newmotion.com *.pardot.com *.hsforms.com *.hubspot.com *.google.com *.googleusercontent.com *.goo.gl *.salesforce.com *.shellrecharge.com *.srstest.io *.youtube.com *.doubleclick.net *.livestorm.co *.alchemer.eu *.salesforceliveagent.com *.salesforce.com *.newmotion.com *.shell.us recharge.resultsdm.com; style-src 'self' *.storyblok.com 'unsafe-inline' *.shellrecharge.com *.salesforce.com *.googleusercontent.com *.force.com *.site.com; script-src 'self' *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.licdn.com *.shell.com *.storyblok.com *.google.com *.googleusercontent.com *.goo.gl *.youtube.com *.doubleclick.net *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com 'unsafe-inline' 'unsafe-eval' *.shellrecharge.com *.force.com *.site.com *.zoominfo.com; object-src 'self' data:; img-src 'self' data: *.chargetrip.io *.google.com *.google.nl *.google.be *.google.lu *.googletagmanager.com *.googleusercontent.com recruitee-main.s3.eu-central-1.amazonaws.com *.linkedin.com *.storyblok.com *.doubleclick.net *.my.salesforce.com *.shellrecharge.com *.force.com 4
default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://code.createjs.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; object-src 'none'; 4
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 4
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 4
default-src 'self'; img-src 'self' data: 4
frame-ancestors https:; 4
frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 4
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 4
default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.military.com *.cloudfront.net; img-src 'self' data: *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net; connect-src 'self' *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 4
frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch *.privent.ch *.upc-print.ch safeavenue.f-secure.com sunrisemoments.ch www.ticketcorner.ch; 4
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://js.monitor.azure.com http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://pixels.lemonpi.io https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://bat.bing.com/p/action/23001836.js https://bat.bing.com/p/action/23001835.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://d10lpsik1i8c69.cloudfront.net https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com https://static.queue-it.net/script/queueclient.min.js https://static.queue-it.net/script/queueconfigloader.min.js https://assets.queue-it.net/eneco/integrationconfig/javascript/queueclientConfig.js https://eneco.queue-it.net/javascriptqueue/ https://optimize.google.com https://www.googleoptimize.com https://www.redditstatic.com https://mktdplp102cdn.azureedge.net https://svc.dynamics.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css https://optimize.google.com;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://d10lpsik1i8c69.cloudfront.net https://optimize.google.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com https://www.google.com https://optimize.google.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/ https://cdn.conversationalsdevelopment.nl/eneco/;connect-src 'self' *.eneco.nl https://*.google-analytics.com/ https://*.analytics.google.com/ https://stats.g.doubleclick.net *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://api.adcalls.nl https://bat.bing.com https://api.salesfeed.com https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 4
default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com; font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net 25126500.fs1.hubspotusercontent-eu1.net blog.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net  https://app httpsdelen://app https://forms.office.com	https://oyensappsimulator.acpt.delen.be   https://delenappsimulator.acpt.delen.be   https://login.acpt.delen.be   https://online.acpt.delen.bank  https://loginoyens.acpt.delen.be   https://delenappsimulator.acpt.delen.lu   https://delenchappsimulator.acpt.delen.lu  https://login.acpt.delen.lu  https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com vimeo.com blog.delen.bank https://app.skeeled.com/api/offers https://js-eu1.hscollectedforms.net/collectedforms.js https://delen.bank/_hcms/api/apicall; upgrade-insecure-requests 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4
connect-src 'self' data:         https://*.zebet.be         https://*.zebet.com         https://*.zebet.es         https://*.zebet.fr         https://*.zebet.nl         https://*.zeturf.be         https://*.zeturf.com         https://*.zeturf.es         https://*.zeturf.fr         https://*.zeturf.nl         https://*.adyen.com         https://*.betradar.com         https://*.sportradar.com         https://*.sir.sportradar.com         https://sportradar.hs.llnwd.net         https://*.cookiebot.com         https://*.nr-data.net         https://code.jquery.com         https://fonts.googleapis.com         https://region1.analytics.google.com         https://stats.g.doubleclick.net         https://translate.googleapis.com         https://translate.google.com         https://www.google.com         https://www.google.es         https://www.google.fr         https://www.googletagmanager.com         https://www.google-analytics.com         https://analytics.google.com         https://www.google.co.ma         https://www.google.be         https://www.google.co.uk         https://www.google.nl         https://www.google.co.il         https://www.google.com.gh         https://www.google.com.mt         https://*.googlesyndication.com         https://region1.google-analytics.com         https://googleads.g.doubleclick.net         https://region1.google-analytics.com;    font-src 'self' data:         https://*.zebet.fr         https://*.zebet.com         https://*.zebet.be         https://*.zebet.es         https://*.zebet.nl         https://*.gstatic.com         https://cs.betradar.com         https://themes.googleusercontent.com         http://themes.googleusercontent.com         https://fonts.googleapis.com         https://cdnjs.cloudflare.com         https://fonts.gstatic.com         https://cdn.faceworks.nl         https://cdn.goin.cloud         https://github.com ;    img-src 'self' * data:         https://*.adyen.com         https://*.zeturf.fr         https://*.zeturf.com         https://*.zeturf.be         https://*.zeturf.nl         https://*.zeturf.es         https://www.google.com         https://*.googletagmanager.com         https://www.google-analytics.com ;    default-src 'self'         https://*.zebet.be         https://*.zebet.com         https://*.zebet.es         https://*.zebet.fr         https://*.zebet.nl         https://lco-a.cdn.sportradar.com ;    media-src 'self'         https://lco-a.cdn.sportradar.com         https://*.zebet.be         https://*.zebet.com         https://*.zebet.fr         https://*.zebet.es         https://*.zebet.nl         https://*.zeturf.fr         https://*.zeturf.com         https://*.zeturf.be         https://*.zeturf.nl         https://*.zeturf.es ;    object-src 'self';     manifest-src 'self'         https://*.zebet.be         https://*.zebet.com         https://*.zebet.es         https://*.zebet.fr         https://*.zebet.nl ;    frame-src 'self'         https://* ;    child-src 'self'        https://*.adyen.com         https://*.accengage.net         https://aswpsdkeu.com         https://*.cookiebot.com         https://*.zebet.fr         https://*.zebet.com         https://*.zebet.be         https://*.zebet.es         https://*.zebet.nl         https://*.zeturf.fr         https://*.zeturf.com         https://*.zeturf.be         https://*.zeturf.nl         https://*.zeturf.es ;    script-src 'self' 'unsafe-inline' 'unsafe-eval' data:         https://*.adyen.com         https://*.zebet.be         https://*.zebet.com         https://*.zebet.es         https://*.zebet.fr         https://*.zebet.nl         https://*.zeturf.be         https://*.zeturf.com         https://*.zeturf.es         https://*.zeturf.fr         https://*.zeturf.nl         https://zebet-by.accengage.net         https://aswpsdkeu.com         https://*.sir.sportradar.com         https://cs.betradar.com         https://*.google-analytics.com         https://*.googleapis.com         https://*.google.com         https://*.googlesyndication.com         https://html5shiv.googlecode.com         https://*.cookiebot.com         https://*.nr-data.net         https://*.newrelic.com         https://cdnjs.cloudflare.com         https://cdn.jsdelivr.net         https://connect.facebook.net         https://translate.googleapis.com         https://www.google-analytics.com         https://ajax.googleapis.com         https://googleads.g.doubleclick.net         https://www.googleadservices.com         https://*.googletagmanager.com ;    style-src 'self' 'unsafe-inline'         https://*.adyen.com         https://*.googleapis.com         https://cdnjs.cloudflare.com         https://*.sir.sportradar.com         https://fonts.googleapis.com         https://*.zebet.fr         https://*.zebet.com         https://*.zebet.be         https://*.zebet.es         https://*.zebet.nl         https://*.zeturf.com         https://*.zeturf.be         https://*.zeturf.nl         https://*.zeturf.es         https://*.zeturf.fr ;    worker-src 'self'; 4
report-uri https://o1077175.ingest.sentry.io/api/4505885719068672/security/?sentry_key=b6aebb41fe8678c142fa73198318922f 4
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 4
frame-ancestors *.tostadora.fr *.tostadora.co.uk *.tostadora.com *.tostadora.it *.latostadora.com tostadora.fr tostadora.co.uk tostadora.com tostadora.it latostadora.com www.latostadora.dock:* www.tostadora.fr.dock:* www.tostadora.it.dock:* www.tostadora.co.uk.dock:* www.tostadora.com.dock:* mx.latostadora.dock:*; 4
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 4
base-uri 4
frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 4
frame-ancestors 'self' https://*.m2.aeroflow.dev https://aeroflowbreastpumps.com https://*.aeroflowbreastpumps.com https://cpapsupplies.com https://*.cpapsupplies.com https://cheapcpapsupplies.com https://*.cheapcpapsupplies.com https://aeroflowsleep.com https://*.aeroflowsleep.com https://aeroflowdirect.com https://*.aeroflowdirect.com https://shop.aeroflowinc.com https://aeroflowurology.com https://*.aeroflowurology.com https://motifmedical.com https://*.motifmedical.com https://lactationlink.com https://*.lactationlink.com https://aeroflowdiabetes.com https://*.aeroflowdiabetes.com 4
upgrade-insecure-requests; base-uri 'self'; 4
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 4
frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://tagmanager.google.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://*.inmoment.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 4
script-src-elem link.sportsgirl.com.au *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://wisepops.net *.wisepops.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.slant.co cdn.neverbounce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de www.facebook.com *.stockinstore.net *.rakuten.com *.afterpay.com *.foursixty.com https://foursixty.com http://foursixty.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com *.wisepops.net *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com http://foursixty.com https://foursixty.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.wisepops.com *.getwisp.co *.wisepops.net *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com http://foursixty.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.foursixty.com foursixty.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.wisepops.com *.wisepops.net *.wisepops.co *.getwisp.co *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net https://wisepops.net/my-wisepop *.forter.com *.google.com *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self' feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 4
frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com; 4
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://siteimproveanalytics.com https://kit.fontawesome.com https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://*.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://app.wistia.com ; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://hello.myfonts.net https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://*.crazyegg.com ; font-src 'self' data: https://*.wistia.com https://ka-f.fontawesome.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://insights.hotjar.com https://static.hotjar.com https://embed-ssl.wistia.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://*.crazyegg.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://cdn.plyr.io https://ka-f.fontawesome.com https://*.hotjar.com:* wss://*.hotjar.com https://*.crazyegg.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://embed-cloudfront.wistia.com ; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://fast.wistia.net https://*.crazyegg.com https://services.bclplaw.marketing/infographics/ ; child-src 'self' blob: https://vars.hotjar.com ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net ; 4
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 4
default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 4
default-src https: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net  https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://feed.yellow.camera https://ct.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 4
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 4
default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4
default-src 'self' https: blob:;                                                   style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.cdn-prod *.cdn-prod.securiti *.securiti.ai *.app.securiti.ai;                                                    script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.bugherd.com *.liveperson.net *.lpsnmedia.net *.terminus.services *.jwpcdn.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com  *.adsrvr.org *.twitter.com *.twimg.com *.oktopost.com okt.to *.adroll.com *.adroll.mgr.consensu.org *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.cdn-prod *.cdn-prod.securiti *.securiti.ai *.app.securiti.ai;                                                    object-src 'self';                                                   connect-src 'self' *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com wss://*.ramblechat.com data:;                                                    font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:;                                                    img-src * *.jwpltx.com data:;                                                   frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com;                                                    4
object-src * 4
frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com; connect-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net; img-src 'self' *.doubleclick.net *.linkedin.com ks.b26net.com bat.bing.com *.google.com  s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src *.infrontfinance.com *.googleadservices.com *.infront.co munchkin.marketo.net static.r66net.com *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net 'self' 'unsafe-eval' 'unsafe-inline'; 4
upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 4
img-src data: 'self' https: blob: https://www.facebook.com https://images.prismic.io https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev https://px.ads.linkedin.com/collect; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://tr.snapchat.com https://www.paypal.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline'; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://tr.snapchat.com https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com; 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4
img-src * blob: data:;font-src * 4
default-src * blob: data: 'unsafe-inline' 'unsafe-eval';  4
frame-src 'self' https://app.aiden.cx https://api.dpdconnect.nl https://www.youtube.com https://www.obelink.be https://vars.hotjar.com https://www.facebook.com https://surfly.com https://www.google.com folder.obelink.nl flyer.obelink.de https://api.growthbook.io https://tcp.googlesyndication.com; 4
frame-ancestors 'self' https://aderantonline.force.com; 4
object-src 'self' *.youtube.com; frame-ancestors 'self' 4
default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 4
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 4
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com; object-src 'self' *.wcgclinical.com *.wcgirb.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net; font-src 'self' fast.wistia.com fonts.gstatic.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com www.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org data:; media-src 'self' *.wistia.com  embedwistia-a.akamaihd.net embed-fastly.wistia.com data: blob:; worker-src 'self' blob: 4
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://ws.zoominfo.com https://static.oktopost.com/ https://okt.to/;  connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/ https://ws.zoominfo.com https://cdn.linkedin.oribi.io;  object-src 'none';  media-src 'self' data:;  img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud;  frame-ancestors 'self';  child-src 'self';  frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/;  font-src 'self' https://use.typekit.net; 4
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 4
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu m.konto.onet.pl onet.pl *.onet.pl *.dreamlab.pl *.gstatic.com *.grupaonet.pl *.google.com *.google.pl *.hotjar.com; frame-ancestors 'self' https://www.onet.pl https://beta.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::PROD_REDIRECT_OLD_REGISTER_PATHS 4
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' *.authorize.net; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 4
SAMEORIGIN 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 4
default-src https://www.youtube-nocookie.com https://www.google.com/ 'self'; connect-src https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://cdn.jsdelivr.net https://in3.taskanalytics.com https://posten.boost.ai https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://utility.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://geocode.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://posten-bring.force.com https://livestats.kaltura.com https://pagead2.googlesyndication.com https://klive.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://tracking.qa.bring.com https://tracking.qa.bring.dk https://tracking.qa.bring.se https://sporing.qa.bring.no 'self'; script-src https://unpkg.com https://cdnapisec.kaltura.com https://in3.taskanalytics.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://posten-bring.force.com https://posten-bring.my.site.com https://widget.trustpilot.com 'unsafe-inline' 'unsafe-eval' 'self'; frame-src https://www.google.com https://www.gstatic.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com https://widget.trustpilot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net; object-src 'none'; img-src * data: blob:; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 4
connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 4
default-src 'self' *.googlesyndication.com;  connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.googlesyndication.com *.googleapis.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.bugsnag.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com *.usersnap.com *.yimg.com;  frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com;  frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com https://*.hotjar.com youtube.com www.youtube.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com aexp.demdex.net *.aexp.demdex.net  *.omtrdc.net *.braintreegateway.com;  style-src 'self' https://*.hotjar.com *.googleapis.com cloud.typography.com skymilesdining.com hello.myfonts.net/count/3b4b0c 'unsafe-inline';  font-src 'self' https://*.hotjar.com data: *.zopim.com *.gstatic.com;  img-src 'self' https://*.hotjar.com cdn.buttercms.com *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com dbgcbnch6yz43.cloudfront.net *.usersnap.com *.gravatar.com *.wp.com *.yahoo.com *.facebook.com;  script-src 'self' https://*.hotjar.com cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org nexus.ensighten.com *.netlify.com *.netlify.app *.stripe.com *.worldpay.com *.usersnap.com *.facebook.net *.yimg.com 'unsafe-inline' 'unsafe-eval';  form-action 'self';  media-src 'self' *.zdassets.com cdn.buttercms.com; 4
default-src 'self' unsafe-inliv.es; style-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.googleapis.com cdnjs.cloudflare.com unpkg.com; style-src-elem 'self' 'unsafe-inline' unpkg.com; font-src 'self' 'unsafe-inline' data: avatel.es *.avatel.es fonts.gstatic.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net player.vimeo.com code.jquery.com unpkg.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com unpkg.com; connect-src 'self' 'unsafe-inline' blob: blob:* avatel.es *.avatel.es clictv.es *.clictv.es *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googlesyndication.com player.vimeo.com; img-src 'self' 'unsafe-inline' blob: blob:* data: data:* avatel.es *.avatel.es secure.gravatar.com *.google.com *.google.es analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleapis.com maps.gstatic.com *.facebook.com correostelecom.es *.correostelecom.es *.doubleclick.net; frame-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.google.com *.doubleclick.net avatel.speedtestcustom.com *.facebook.com *.googletagmanager.com *.googlesyndication.com player.vimeo.com; 4
default-src 'self' blob: centinelapi.cardinalcommerce.com *.consentmanager.net *.doubleclick.net www.facebook.com ffin.global *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com *.mail.ru api.sumsub.com widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com *.tradernet.by; img-src 'self' 'unsafe-inline' data: *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net www.facebook.com ffin.global *.freedom24.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com top-fwz1.mail.ru content.mql5.com cdn-kz.kursiv.media *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com cdn.jsdelivr.net yastatic.net; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app wss://realtime-services-eu-chat-2.carrotquest.io realtime-services-eu-chat-2.carrotquest.io wss://rts-v2.carrotquest.app/websocket_connect_time rts-v2.carrotquest.app/websocket_connect_time api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props delivery.consentmanager.net/delivery/ *.clarity.ms suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.tradernet.am ffin.global mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com pay.google.com www.google.com google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivosite.com wss://*.jivosite.com top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.tradernet.com wss://wss.trader.az wss://wss.tradernet.by wss://wss.tradernet.com wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz tradernet.ru admin.tradernet.ru sentry.dev.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.ru ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com v2.zopim.com wss://widget-mediator.zopim.com mc.yandex.com; frame-ancestors 'self' https://*.bankffin.kz https://*.freedom24.com https://bankffin.kz https://freedom24.ru https://*.tradernet.com; 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 4
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://apis.google.com         data: www.google-analytics.com         data: www.googleadservices.com         data: www.googletagmanager.com         data: https://www.google.com/         data: https://www.gstatic.com/         data: https://www.googleadservices.com        data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         data: https://yastatic.net/share2/share.js         data: https://mc.yandex.ru/metrika/tag.js         data: https://dsp-media.eskimi.com         data: wcs.naver.net/wcslog.js         data: *.bing.com         data: *.twitter.com         data: *.adroll.com         data: widget.trustpilot.com         data: connect.facebook.net         data: https://www.aparat.com         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: https://www.google.com/         data: https://component.autochartist.com         data: *.ifcm-invest.com         data: https://www.tradays.com         data: https://www.mql5.com         data: https://www.facebook.com         data: https://www.youtube.com         data: https://chat.ifctr.asia         data: https://chat.ifcmarkets.com         data: https://chat.ifcmfx.com         data: https://chat.ifcmfx.cn         data: https://chat.ifcm.co.uk         data: https://chat.ifcmarkets.tw         data: https://chat.ifcmarkets.my         data: https://chat.ifcmarkets.net         data: https://chat.ifcmarkets.hk         data: https://chat.ifcmarkets.mx         data: https://chat.ifcmarkets.com.br         data: https://chat.ifcmarkets.co.id         data: https://chat.ifcmarkets.co.in         data: https://chat.ifcmarkets.co         data: https://chat.ifcmarkets.ae         data: https://trade.mql5.com         data: https://td.doubleclick.net         data: *.googletagmanager.com         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://www.facebook.com         data: https://docs.google.com         data: widget.trustpilot.com         data: https://www.aparat.com         data: https://web.facebook.com;     media-src *         data: https://www.ifcmarkets.com/downloads/video/;    object-src *;     style-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://fonts.googleapis.com         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;     manifest-src 'self'         data: https://ifccd.net         data: https://be1.ifcmfar.com         data: *.ifcmiran.asia 4
upgrade-insecure-requests;block-all-mixed-content; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  4
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
object-src data: 'unsafe-eval' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 4
https: data: wss: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://app.storyblok.com; 4
frame-ancestors 'self' weleda.sabio.de 4
policy 4
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4
default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4
worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 4
default-src 'none';base-uri 'self';child-src 'none';connect-src https://www.google-analytics.com https://*.google-analytics.com https://addons.mozilla.org;font-src https://addons.mozilla.org/static-frontend/;form-action 'self';frame-src 'none';img-src 'self' data: https://addons.mozilla.org/user-media/ https://addons.mozilla.org/static-frontend/ https://addons.mozilla.org/static-server/ https://addons.cdn.mozilla.net/;manifest-src 'none';media-src 'none';object-src 'none';script-src https://addons.mozilla.org/static-frontend/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js;style-src https://addons.mozilla.org/static-frontend/;worker-src 'none';report-uri /__cspreport__ 4
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 4
frame-ancestors 'self' dampsoft.de *.dampsoft.de 4
object-src 'none'; frame-ancestors 'none' 4
img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 4
default-src http: https: 'self' wss: ws:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://accounts.google.com https://pay.google.com https://*.stripe.com; style-src http: https: 'unsafe-inline'; img-src http: https: 'unsafe-inline' data:; font-src http: https: 'unsafe-inline' data:; 4
frame-ancestors 'self' *.cloversites.com 4
frame-ancestors 'self' dashboard.myrazz.com; report-uri /report-violation 4
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 4
base-uri 'none'; default-src: 'none'; block-all-mixed-content 4
default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net *.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://api.maptiler.com https://cdn.maptiler.com https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://kit.fontawesome.com/ https://api.mapbox.com/ https://*.hotjar.com https://*.hotjar.io https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o525197.ingest.sentry.io https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self'  https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://*.g.doubleclick.net https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.facebook.com https://api.stripe.com https://api.maptiler.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://ka-p.fontawesome.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://o525197.ingest.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-src 'self'  https://www.google.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://*.hotjar.com https://*.hotjar.io https://*.surveymonkey.com/ https://app.vwo.com https://*.visualwebsiteoptimizer.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://*.hotjar.com https://*.hotjar.io https://app.vwo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self'; object-src 'none' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.maptiler.com; 4
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 4
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 4
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 4
default-src 'self'; connect-src *; font-src 'self' data: fonts.gstatic.com *; frame-src *; img-src * blob: data:; media-src * blob:; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
'self' 4
connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com  *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com; default-src  'self' 'unsafe-inline' data:; font-src  'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com  terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co  onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data:; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 4
frame-src https: 4
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 4
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: flinkster.omq.de app.usercentrics.eu tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com assets.bahn-x.de www.gstatic.com https://www.gstatic.com www.google.com https://www.google.com *.payengine.de webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net; style-src 'self' 'unsafe-inline' webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de; img-src 'self' data: *.tile.openstreetmap.org https://*.usercentrics.eu webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de i.ytimg.com; 4
frame-ancestors 'self' https://app.storyblok.com/ 4
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net; 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com *.tawk.to analytics.ajla.net bam.nr-data.net 4
default-src https: ws: wss:; style-src 'self' https: 'unsafe-inline'; img-src * 'self' 'unsafe-inline' data: api.jokerguide.com; frame-ancestors 'self' live.harleyquinnwidget.live; object-src data: 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 4
script-src https://cdn.ampproject.org:*; https://i.postimg.cc:* 4
frame-ancestors 'self' *.roomlynx.net 4
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 4
frame-ancestors https://www2.cdkglobal.com; 4
default-src https: 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 4
media-src 'self'; 4
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc=' blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 4
default-src 'self' https://metrics.hotjar.io/ https://cdn-prod.securiti.ai/consent/ https://api-js.mixpanel.com/track/ https://analytics.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.google.com/;base-uri 'self';font-src 'self' https://*.hotjar.com https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https://storage.googleapis.com/alliar-jornada-digital-13c0.appspot.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net https://*.hotjar.io/ https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br/;connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://api-js.mixpanel.com/ https://analytics.google.com/ https://www.google.com.br/ads/ https://engineering.alliar.com/ https://tech.alliar.com/ https://app.securiti.ai/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br;script-src 'self' https://cdn-prod.securiti.ai/consent/ https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://api-js.mixpanel.com/track/ https://connect.facebook.net/ https://www.googleadservices.com/ https://*.googletagmanager.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com/ https://assets.allianca.com/;script-src-attr 'none';style-src 'self' https://*.hotjar.com https: 'unsafe-inline';upgrade-insecure-requests 4
script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 4
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 4
frame-ancestors 'self' *.etracker.com http://192.168.0.3; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   worker-src * 'self' blob: assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * 'self' api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 4
frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr  mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 4
default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 4
default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 3
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net;frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com;worker-src https: blob: 3
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 3
frame-ancestors *.mi.com; 3
frame-ancestors https://pam.mcafee.com 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 3
default-src 'self' *.gatsbyjs.io *.linktr.ee website.linktr.ee *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com tally.so *.tally.so; script-src 'self' *.jsdelivr.net jsdelivr.net *.ashbyhq.com ashbyhq.com *.mountain.com tiktok.com *.tiktok.com *.ttwstatic.com ttwstatic.com tally.so *.tally.so *.linktr.ee website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com *.featuregates.org featuregates.org *.trustpilot.com *.marker.io *.branch.io *.intercom.io intercom.io https://*.intercom.io https://*.intercom.com *.intercomcdn.com https://js.intercomcdn.com intercomcdn.io *.redditstatic.com *.sc-static.net sc-static.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com app.link *.exchangerate.host *.doubleclick.net *.cloudfunctions.net *.googleadservices.com public.profitwell.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.pdst.com cdn.pdst.fm *.facebook.net *.pinterest.com d.adroll.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee s.adroll.com analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.com *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.hsforms.net *.hsforms.com *.youtube.com *.lever.co *.profitwell.com *.sentry-cdn.com *.chargebee.com *.stripe.com *.snapchat.com *.tiktokcdn-us.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.facebook.net *.bing.com http://linktreestg.wpengine.com linktreestg.wpengine.com https://linktreestg.wpengine.com *.api.blog.production.linktr.ee https://api.blog.production.linktr.ee  tally.so *.tally.so *.linktr.ee website.linktr.ee *.gatsbyjs.io *.trustpilot.com *.branch.io *.intercomcdn.com intercomcdn.io *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io intercom.io *.intercom-attachments-1.com *.snapchat.com *.clarity.ms *.reddit.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.hsforms.com *.w55c.net *.stackadapt.com ml314.com *.cxense.com *.sharethis.com *.ctfassets.net q.quora.com bat.bing.com *.facebook.com heapanalytics.com *.linktr.ee *.google.com *.google.com.au t.co *.yahoo.com *.adnxs.com *.bidswitch.net *.openx.net *.rlcdn.com *.twitter.com *.facebook.com *.pinterest.com *.adroll.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com ; style-src 'self' *.ttwstatic.com *.tiktokcdn-us.com *.linktr.ee website.linktr.ee fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.linktr.ee website.linktr.ee *.gatsbyjs.io https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com; form-action 'self' *.facebook.com *.hsforms.com *.intercom.help *.intercom.io intercom.io https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io *.snapchat.com; connect-src 'self' *.browser-intake-datadoghq.com *.gstatic.com *.doubleclick.net *.statsigapi.net *.bing.com *.googlesyndication.com tiktok.com *.tiktok.com facebook.com *.facebook.com website.linktr.ee *.linktr.ee *.statsigapi.net *.statsig.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.exchangerate.host https://capi.tr.ee *.featuregates.org featuregates.org *.snapchat.com *.branch.io 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.lever.co *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.google.com *.cloudfunctions.net *.sentry.io *.profitwell.com wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com; media-src 'self' *.linktr.ee website.linktr.ee *.intercomcdn.com intercomcdn.io https://js.intercomcdn.com *.ctfassets.net; frame-src 'self' *.ttwstatic.com ttwstatic.com *.ashbyhq.com ashbyhq.com tiktok.com *.tiktok.com tally.so *.tally.so *.linktr.ee https://linktr.ee website.linktr.ee *.trustpilot.com *.branch.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.io *.snapchat.com *.pinterest.com *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com https://*.intercom.io https://*.intercom.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net spotify.com *.spotify.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3c5384c350f7b86c67a1cba0b315ee9d&dd-evp-origin=content-security-policy&ddsource=csp-report 3
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://businessmessages.google.com https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /business/_/AdsLpServingHttp/cspreport/allowlist;worker-src blob: 'self' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 3
default-src 'self';    object-src 'self' *.cdn.datatables.net cdn.datatables.net;    connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;    script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;    style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;    img-src 'self' data: i.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;    frame-src 'self' *.mt.lv youtu.be youtube.com www.youtube.com www.google.com;    font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;    frame-ancestors 'self' *.mt.lv; 3
block-all-mixed-content;         default-src https://loc.gov/ https://*.loc.gov/ ;         media-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             blob:;         worker-src https://loc.gov/ https://*.loc.gov/              blob:;         font-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             data:;         img-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://*.ssa.gov/             https://dpm.demdex.net/             https://cm.everesttech.net/             https://*.amazonaws.com             data:             blob:;         connect-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://chat-us.libanswers.com/             https://thelibraryofcongress.tt.omtrdc.net/             https://dpm.demdex.net/ 	        https://d3c605m4lmznjl.cloudfront.net/             https://*.s3.us-east-1.amazonaws.com/;         style-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.ssa.gov/             'unsafe-inline'             blob:;         script-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://ajax.googleapis.com/ajax/libs/jquery/             https://*.ssa.gov/             https://s.ytimg.com/             'unsafe-inline'             'unsafe-eval';         frame-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://www.nlstalkingbooks.org/             https://unitedstateslibraryofcongress.demdex.net             https://www.youtube-nocookie.com/;         frame-ancestors https://loc.gov/ https://*.loc.gov/              https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://loc.libwizard.com/;         report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 3
frame-ancestors 'self' https://aws.amazon.com *.pathfactory.com *.lookbookhq.com *.newrelic.com 3
frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; 3
frame-ancestors 'self' *.intranet *.uolinc.com; 3
style-src 'self' 'unsafe-inline' *.gov *.com; 3
frame-ancestors 'self' https://*.t-online.de; 3
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* *.twitter.com *.twimg.com *.ads-twitter.com ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com *.pushnotifications.pusher.com js.pusher.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com *.cloudflarestream.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft *.maze.co cdn.iframe.ly change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self'; frame-ancestors 'self' 3
frame-ancestors 'self'   https://partner.tp-link.com https://partner-test.tp-link.com 3
base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://api.mapbox.com https://*.clarity.ms https://api-fra.livechatinc.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://api.mapbox.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js 'nonce-7595dae9cde82218336a5457ed9d55ec898c51623f73a69eefaa57a2cc9194fc' https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://api.mapbox.com https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://api.mapbox.com https://cdn.livechat-files.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3
frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 3
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 3
frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3
default-src 'self' data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.fbcdn.net *.youtube.com connect.facebook.net gw.conversionsapigateway.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval' *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;connect-src blob: *.fbcdn.net www.meta.com *.www.meta.com www.facebook.com/tr/ gw.conversionsapigateway.com secure.facebook.com/payments/generate_token *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;font-src data: *.fbcdn.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com *.youtube.com *.ytimg.com www.facebook.com/tr/ *.cdninstagram.com gw.conversionsapigateway.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;media-src blob: data: *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.facebook.com/tr/ gw.conversionsapigateway.com www.meta.com/common/ *.www.meta.com/common/ *.fbsbx.com/ www.meta.com/tealium/ *.www.meta.com/tealium/ *.youtube.com www.meta.com/payments/ *.www.meta.com/payments/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com *.fbthirdpartypixel.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; 3
child-src data: https: blob:; default-src data: 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; connect-src https: wss: blob:; font-src data: https:; style-src data: 'unsafe-inline' https: blob:; style-src-elem data: 'unsafe-inline' https: blob:; media-src data: https: blob:; img-src data: https: blob:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; object-src https:; form-action https:; 3
frame-ancestors https://*.poki.io http://localhost:1234 3
default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net www.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com; object-src 'none' 3
default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com;connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com *;script-src 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://optimize.google.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://*.garmin.cn https://cdn.jsdelivr.net;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com;img-src https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://secure.adnxs.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn;frame-src https://*.doubleclick.net https://*.criteo.com *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://gum.criteo.com https://static.criteo.net;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none' 3
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://player.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io https://track.customer.io https://www.youtube.com https://www.youtube-nocookie.com https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://*.mutinycdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://player.vimeo.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://telemetry.transcend.io https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io https://track.customer.io https://www.youtube.com https://www.youtube-nocookie.com https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://*.api.gist.build https://*.cloud.gist.build https://api.palette.dev;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com https://fonts.gstatic.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://track.customer.io https://*.mutinycdn.com https://file.notion.so notion://file.notion.so https://*.mux.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://cdn.transcend.io https://fonts.googleapis.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' notion://www.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com 3
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com ; 3
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.app-us1.com *.omappapi.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; style-src 'unsafe-inline' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.app-us1.com *.omappapi.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; img-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.app-us1.com *.omappapi.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; connect-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.app-us1.com *.omappapi.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net 3
frame-ancestors 'self' *.bazaarvoice.com 3
frame-ancestors 'self' appsec.aarp.org  secure.aarp.org  feeds.aarp.org memberoffers.aarp.org aarp.org cdn.aarp.net appsec.aarp.org secure-pi.aarp.org test.elearn.aarp.org dev.livablemap.aarp.byf1.dev livablemap.aarp.org nextgen.jobs.aarp.org jobs.aarp.org arenax-testing-games.aarp.org games.aarp.org futureofhousing.aarp.org  aarpfutureodev.wpengine.com aarpfohstage.wpengine.com help.aarp.org test.elearn.aarp.org elearn.aarp.org local.aarp.org staging.local.aarp.org longtermscorecard.org careers.aarp.org www.aarp.org yqa.livetech.dev yqa.test caretotalk.aarp.org policybook.aarp.org  policybookdb8jfimehk.devcloud.acquia-sites.com livindexhub.aarp.org livabilityindex.aarp.org livablemap.aarp.org press.aarp.org stage.mediaroom.com veterans.aarp.org learn.aarp.org help.aarp.org community.aarp.org services.share.aarp.org secure.aarp.org virtualevents.aarp.org cdn.kitewheel.com aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org blog.aarp.org taxappointment.aarp.org banksafetraining.aarp.org virtualevents.aarp.org; 3
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com 3
frame-ancestors https://*.demandbase.com 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' *.cisco.com; 3
default-src 'self' http: https: 3
frame-ancestors 'self' *.d2l.com *.brightspace.com d2l.local d2lcorp.local; 3
default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com; block-all-mixed-content; upgrade-insecure-requests 3
frame-ancestors *.oray.com scrm-wx.weiling.cn 3
frame-src self *.microfocus.com *.ubembed.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://microfocus-education.sabacloud.com https://recaptcha.net https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors self *.microfocus.com https://microfocus.lookbookhq.com https://microfocus-education.sabacloud.com https://recaptcha.net https://microfocuspartner.force.com; 3
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 3
frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 3
default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 3
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 3
frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 3
default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com js.adsrvr.org analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com https://analytics.tiktok.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com cx.atdmt.com bat.bing.com d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com www.google-analytics.com *.google.com *.analytics.google.com www.google.com www.google.ca www.google.de www.google.ie *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io *.perka.com s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com cdn.vidyard.com play.vidyard.com *.vimeocdn.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com *.intercomcdn.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' c.6sc.co ipv6.6sc.co secure.adnxs.com collection.bgalytics.com bat.bing.com *.browser-intake-datadoghq.com https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com *.g.doubleclick.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net *.mktoresp.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net sentry.io *.sentry.io collection.sperse.io api.thelevelup.com https://analytics.tiktok.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3
default-src 'none'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; prefetch-src 'self'; connect-src 'self' https://matomo.org  https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://snap.licdn.com  https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org; img-src 'self'   https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data:  https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 3
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 3
script-src 'self' https://tag.simpli.fi https://bam-cell.nr-data.net https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline' 3
default-src 'self' blob: www.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' data:;worker-src blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ibot.icicibank.com assets.adobedtm.com *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self' smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://icicibankstt.senseforth.com/transcribe;img-src 'self' ibot.icicibank.com *.demdex.net cm.everesttech.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com;frame-src 'self' *.demdex.net www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net; 3
default-src 'self' blob: data: *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.sitescout.com *.driftt.com *.facebook.com *.doubleclick.net *.wistia.com *.bing.com *.ceros.com *.gstatic.com *.pagescdn.com *.youtube.com clickmeter.com *.clickmeter.com *.greenhouse.com *.fontawesome.com fast.wistia.net *.greenhouse.com *.services.greenhouse.com api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com;img-src 'self' blob: data: *.greenhouse.io *.6sc.co *.services.greenhouse.io *.b0e8.com *.g2.com *.linkedin.com *.google-analytics.com *.google.com *.bing.com *.adroll.com *.bizible.com *.taboola.com *.outbrain.com *.3lift.com *.sitescout.com *.driftt.com *.facebook.com *.adsymptotic.com *.rubiconproject.com *.casalemedia.com *.doubleclick.net *.pubmatic.com googletagmanager.com *.googletagmanager.com clarity.ms *.clarity.ms *.wistia.com *.rumiview.com *.kickfire.com *.bizibly.com grnhse-marketing-site-assets.s3.amazonaws.com *.capterra.com *.adnxs.com *.krxd.net *.gstatic.com *.cookielaw.org *.greenhouse.com *.services.greenhouse.com *.bidswitch.net *.openx.net ups.analytics.yahoo.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com *.reddit.com cdn.evalato.com *.cdn.evalato.com;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.cookielaw.org *.b0e8.com polyfill.io *.polyfill.io googletagmanager.com *.googletagmanager.com unpkg.com *.unpkg.com *.googleadservices.com *.google-analytics.com *.licdn.com *.crazyegg.com *.clearbit.com *.clearbitjs.com *.ipify.org *.driftt.com *.adobedtm.com *.adroll.com appvizer.one *.appvizer.one *.pdst.fm pixel.ad *.pixel.ad *.bing.com *.bizible.com *.facebook.net *.marketo.net *.marketo.com clarity.ms *.clarity.ms *.doubleclick.net *.g2crowd.com *.sitescout.com *.wistia.com *.rumiview.com *.kickfire.com inline: *.unpkg.com *.polyfill.io *.sitescdn.net *.intellimize.co *.clearbitjs.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googleadservices.com *.b0e8.com *.intellimizeio.com *.googletagmanager.com *.6sc.co *.pagescdn.com *.yext.com *.ceros.com view.ceros.com/scroll-proxy.min.js *.googleoptimize.com *.greenhouse.com *.fontawesome.com cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.min.js cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js fast.wistia.net cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js *.greenhouse.com *.services.greenhouse.com 13016699.fls.doubleclick.net cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js *.bigmarker.com ajax.googleapis.com web.cvent.com trk.crozdesk.com q.quora.com *.redditstatic.com/ads/pixel.js reddit.com cdn.evalato.com *.cdn.evalato.com js.qualified.com;style-src *.greenhouse.io *.sitescdn.net 'unsafe-inline' 'self' *.greenhouse.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css fast.wistia.com fast.wistia.net unpkg.com/flickity@2/dist/flickity.min.css *.greenhouse.com *.services.greenhouse.com *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com;connect-src 'self' *.intellimize.co *.cookielaw.org *.onetrust.com *.yext-pixel.com *.6sc.co *.6sense.com *.g2.com *.crazyegg.com *.cloudfunctions.net appvizer.one *.appvizer.one *.google-analytics.com *.doubleclick.net *.adroll.com *.mktoresp.com *.clarity.ms analytics.google.com *.analytics.google.com *.googletagmanager.com *.wistia.com *.bing.com *.facebook.com *.litix.io *.clearbit.com *.adnxs.com *.sitescdn.net *.bing.com *.yext.com *.intellimize.com 750-iss-976.mktoutil.com *.greenhouse.io embedwistia-a.akamaihd.net *.oribi.io cdn.linkedin.oribi.io *.greenhouse.com *.fontawesome.com *.greenhouse.com *.services.greenhouse.com api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com wss://ws.qualified.com;frame-src player.simplecast.com 117871812.intellimizeio.com go.greenhouse.io 9857173.fls.doubleclick.net pixel.sitescout.com view.ceros.com www.facebook.com js.driftt.com answers-embed.greenhouse.io.pagescdn.com boards.greenhouse.io *.g2.com *.greenhouse.io.pagescdn.com *.greenhouse.com *.clickmeter.com clickmeter.com embed.radiopublic.com 'self' go.greenhouse.com 13016699.fls.doubleclick.net api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com greenhouse.cventevents.com reddit.com cdn.evalato.com *.cdn.evalato.com 7480.evalato.com *.7480.evalato.com *.qualified.com;frame-ancestors support.greenhouse.io 'self'; 3
frame-ancestors https://*.phoenix.razer.com https://www.razer.com; 3
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://*.adobemsbasic.com https://*.adobe.com https://*.lingotek.com https://*.nuance.com https://nuance.seismic.com; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 3
frame-src 'self'; 3
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca https://sdk.privacy-center.org https://api.privacy-center.org; 3
frame-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com ;script-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline'; frame-src *; 3
default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.ctfassets.net/ https://images.squareup.com https://jumbotron-production-f.squarecdn.com https://api.squareup.com https://notify.bugsnag.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://api.cash.app https://rs.fullstory.com; media-src 'self' https://videos.ctfassets.net https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com; frame-src 'self' *.google.com https://www.google.ca https://assets.ctfassets.net https://player.vimeo.com squarecash: https://square.com *.google.com; object-src https://assets.ctfassets.net; script-src 'sha256-Ox3Lj+hPYMGTa8NlMTufnAf/vtPbDjZCIWHdhaNIPrA=' 'self' 'unsafe-inline' https://player.vimeo.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com squarecash: https://squareup.com https://*.googleapis.com https: 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com; connect-src 'self' https://api.smartrecruiters.com https://browser-intake-datadoghq.com/api/v2/rum https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://crz5fygf73g7.statuspage.io https://c2nqm6xyr4t4.statuspage.io https://squareup.com https://*.bugsnag.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://signal.cash.app https://edge.fullstory.com https://rs.fullstory.com; base-uri 'none'; report-uri /event/csp-report 3
frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 3
frame-ancestors 'self' https://splytech.io https://*.splytech.io 3
frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de 3
frame-ancestors 'self' *.mexc.me *.mexc.com *.mexceu.com *.mexc.kr *.mexc.co sensors.xiaoxiame.com *.365huo.xyz *.mexc.fm *.mexc.in *.mexc.us *.greentreeone.com *.gdiii.xyz *.mcaketech.com 3
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://billing-ads-qa-devel.corp.google.com https://payments.google.com/ https://www.youtube.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/;report-uri /_/Gstore/cspreport/allowlist 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com; img-src * data:; object-src 'none'; base-uri 'none'; 3
default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 3
report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.ameriprise.com *.ampf.com *.ameripriseadvisors.com  *.qualtrics.com *.glance.net  *.googleapis.com  *.google.com *.twitter.com *.twimg.com *.linkedin.com *.quantserve.com *.google-analytics.com *.egain.cloud *.analytics-egain.com *.akamaihd.net *.prod.boltdns.net https://ssl.google-analytics.com https://snap.licdn.com  https://bat.bing.com https://connect.facebook.net trkn.us s.ameriprisestats.com https://assets.adobedtm.com  https://rules.quantcount.com  https://maxcdn.bootstrapcdn.com https://trkn.us https://d.turn.com  *.doubleclick.net  https://s.ameriprisestats.com secure.img-cdn.mediaplex.com https://cdn.ameriprisecontent.com https://maps.googleapis.com *.zscalertwo.net *.online-metrix.net *.gstatic.com *.pietech.com/ https://www.refinitiv.com/  https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net http://www.sipc.org/ https://www.riversource.com/ *.investormailbox.com/  https://www.forefieldkt.com https://4266532.fls.doubleclick.net https://advisorcompass.112.2o7.net  https://fonts.googleapis.com https://uat-federation.usbank.com https://www.google.com https://pixel.quantserve.com  http://www.opinionlab.com  https://www.googletagmanager.com https://www.thompsonreuters.com https://stackoverflow.com https://brokerage.ameriprise.com https://www.quovo.com/  http://www.advicentsolutions.com/aup https://www.nmlsconsumeraccess.org/ https://www.fdic.gov/ https://newpublic.cfraresearch.com/legal/   https://secure.opinionlab.com http://brokercheck.finra.org/  http://www.prnewswire.com http://pdf.reuters.com http://www.jenner.com http://www.bankofengland.co.uk/PRA/ http://www.zillow.com/zestimate/ *.barclaycardus.com  16056.id.amgdgt.com/  http://www.moneyguidepro.com/ https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com    https://www.linkedin.com https://p.adsymptotic.com  https://dpm.demdex.net  https://googleads.g.doubleclick.net https://www.googleadservices.com https://cm.everesttech.net https://ad.doubleclick.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com  https://login.zscalertwo.net https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net *.ggpht.com https://edge.api.brightcove.com *.crwdcntrl.net https://cdn.gbqofs.com *.brightcove.net https://insight.adsrvr.org https://tags.w55c.net https://vjs.zencdn.net  https://metrics.brightcove.com  https://secure.brightcove.com  https://report.ameriprise.glassboxdigital.io https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://tags.w55c.net https://dsum-sec.casalemedia.com *.morningstar.com https://www.mediamath.com/ https://pixel.mathtag.com https://aa.agkn.com https://players.brightcove.net/ https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com https://ads.scorecardresearch.com https://us-u.openx.net https://contextual.media.net https://match.adsrvr.org https://ad.sxp.smartclip.net https://px.britepool.com *.bluekai.com https://idsync.rlcdn.com https://www.google.co.in https://ameriprisefinancial.egain.cloud https://ameriprisefinancialdev.egain.cloud https://cloud-us.analytics-egain.com/ *.glancecdn.net *.amazonaws.com  https://presence.glance.net https://ampf.htm2pdf.co.uk https://pixel.rubiconproject.com https://cdn.segment.com https://api.segment.io ameriprise-fsc.my.salesforce.com   *.launchdarkly.com cdn.linkedin.oribi.io js.adsrvr.org ameriprisefinancial.tt.omtrdc.net cdn.cookielaw.org geolocation.onetrust.com cobranding.ameriprise.com acas.acuant.net 3
default-src 'unsafe-inline' 'self' https: wss: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 3
frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 3
frame-ancestors 'self'; default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: *.arsys.dev *.arsysdesarrollo.lan *.arsysdesarrollo.lan:* *.arsys.es *.arsys.es:* *.arsys.net *.arsys.fr *.arsys.pt *.piensasolutions.com *.piensasolutions.com:* *.shop-mch.es *.soportetotal.es *.youtube.com *.youtube-nocookie.com *.ytimg.com *.office.net *.microsoft.com *.vimeo.com *.1and1.org *.rankingcoach.com *.marketingpanel.es *.tiktok.com *.facebook.com *.facebook.net *.twitter.com *.g.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.at *.google.bg *.google.ch *.google.cl *.google.co.ao *.google.co.id *.google.co.il *.google.co.in *.google.co.ma *.google.co.th *.google.co.uk *.google.co.ve *.google.com *.google.com.ar *.google.com.bo *.google.com.br *.google.com.co *.google.com.do *.google.com.eg *.google.com.et *.google.com.gh *.google.com.mx *.google.com.ng *.google.com.ni *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.py *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.ee *.google.es *.google.fr *.google.ge *.google.ie *.google.it *.google.kz *.google.lu *.google.nl *.google.pl *.google.pt *.google.ro *.google.ru *.google.sn *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com *.adition.com *.adfarm1.adition.com *.bing.com *.licdn.com *.doubleclick.net *.quantserve.com utt.pm *.utt.pm *.linkedin.com *.ads.linkedin.com *.oribi.io *.quantcount.com *.pexels.com *.moz.com *.consensu.org *.invisiblebits.com *.polyfill.io *.crazyegg.com installatron.com *.installatron.com *.slideshare.net *.clarity.ms *.arsys.server.lan uberall.com *.uberall.com *.pixel.ad *.sitescout.com *.adform.net *.sharepointonline.com *.qccerttest.com *.trustpilot.com *.byspotify.com; 3
worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 3
frame-ancestors 'self' https://dlink.com; 3
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://my.visme.co 3
frame-ancestors https://*.upwave.com 3
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se; child-src blob:; worker-src blob:; frame-src 'self' https://embed.sr.se; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://live-cdn.sr.se https://live.sr.se https://http-live.sr.se https://strcl-cdn.sr.se https://sverigesradio.se https://statistics-event-api-fe.sr.se https://api.sr.se; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://analytics.codigo.se https://trafficgateway.research-int.se 'sha256-pHni6kJGhNCOKWG9OigdueqJMEsmUqtwOwvu7gNefzU=' 'sha256-c+vAPn0C6itkskyJAZR4mi3JWrFmLrrFtjL9ZDJ5KeM=' 'sha256-rRuUsQ7oUtWSBJV4/PzIgeYtDWpPktQ18HwD1b1ChYw='; object-src 'none'; base-uri 'self'; 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com 3
frame-ancestors *.motor1.com 3
default-src 'self' data: blob: *.wien.gv.at *.data.gv.at *.magwien.gv.at sabio.magwien.gv.at *.vorarlberg.at *.cookiebot.com *.wien.at *.kavedo.com; connect-src 'self' *.magwien.gv.at *.wien.gv.at *.data.gv.at *.vorarlberg.at *.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.vorarlberg.at *.youtube.com *.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com *.wien.gv.at *.wien.at www.gstatic.com *.kavedo.com npmcdn.com nominatim.openstreetmap.org *.magwien.gv.at unpkg.com fonts.googleapis.com s3-shared.labs.sabio.de maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.vorarlberg.at *.data.gv.at *.magwien.gv.at *.wien.gv.at *.kavedo.com npmcdn.com unpkg.com *.sabio.de *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com; img-src 'self' data: blob: *.wien.gv.at *.cookiebot.com *.siteimproveanalytics.io siteimproveanalytics.io *.vorarlberg.at *.youtube.com *.ytimg.com *.wien.at *.kavedo.com npmcdn.com *.openstreetmap.org *.magwien.gv.at; frame-src 'self' api-mp.adrom.net basemap.at consentcdn.cookiebot.com *.data.gv.at *.vorarlberg.at e.issuu.com experience.arcgis.com issuu.com lvg.maps.arcgis.com public.tableau.com vimeo.com *.youtube.com kalender.digital *.wien.at *.wien.gv.at *.youtube-nocookie.com calendar.google.com accounts.google.com *.magwien.gv.at; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com *.kavedo.com *.vorarlberg.at *.wien.gv.at *.magwien.gv.at; 3
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; img-src data: *; 3
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 3
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 3
base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.was-1.pipedriveassets.com cdn.segment.com *.pipedrive.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.was-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.was-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-to csp-endpoint; report-uri https://www.pipedrive.com/api/csp-reports 3
frame-ancestors 'self'; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; base-uri 'none'; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; form-action 'self'; connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; default-src 'none'; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; object-src 'none'; manifest-src 'self' static.freeimages.com 3
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 3
frame-ancestors https://*.ooma.com http://*.ooma.com 3
frame-ancestors 'self' http://info.barchart.com 3
frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de *.mouseflow.com; 3
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com 'unsafe-eval' 'unsafe-inline'; 3
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self'; 3
frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 3
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.twitter.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.criteo.com *.dwin1.com *.tiktok.com *.facebook.net *.googleadservices.com *.criteo.net *.hotjar.com *.yimg.com *.rmp.rakuten.com *.yimg.com *.getblue.io *.doubleclick.net boards.greenhouse.io *.googleoptimize.com *.clarity.ms cdn.cookielaw.org *.retargetly.com *.teads.tv *.teads.com *.linkedin.com *.bizographics.com *.licdn.cn *.licdn.com *.linkedin.at *.linkedin.cn *.linkedin.com *.linkedinmobileapp.com *.linkedin.qtlcdn.com *.lnkd.in;  child-src 'self' *.picpay.com *.picpay.com.br *.youtube.com *.google.com *.twitter.com *.criteo.com *.facebook.net *.googleadservices.com *.criteo.net *.hotjar.com *.yimg.com *.rmp.rakuten.com *.yimg.com *.getblue.io *.doubleclick.net boards.greenhouse.io api.retargetly.com *.retargetly.com *.teads.tv *.teads.com *.linkedin.com;  style-src 'self' 'unsafe-inline' *.googleapis.com boards.greenhouse.io;  img-src * blob: data: www.googletagmanager.com boards.greenhouse.io;  media-src 'self' *.picpay.com;  connect-src *;  font-src 'self' data: *.gstatic.com; 3
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.symantec.com analytics.po.st po.st *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.ads-twitter.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.youvisit.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.stackadapt.com *.zemanta.com *.botframework.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.peerspot.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.stackadapt.com *.administrateweblink.com *.stripe.com;img-src 'self' *.cdw.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.symantec.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.twitter.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com *.insightexpressai.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com ads.yahoo.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com *.twitter.com p.adsymptotic.com *.adsrvr.org um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com *.adobe.com *.sc.omtrdc.net *.windows.net *.edgecastcdn.net *.licdn.com *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.stackadapt.com *.zemanta.com *.pactsafe.io *.administratehq.com *.peerspot.com;frame-src 'self' *.cdw.com *.qualtrics.com *.hotjar.com *.needle.com *.liadm.com *.doubleclick.net *.symantec.com *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.hotjar.io *.swcontentsyndication.com *.cisco.com *.exct.net *.youvisit.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.administrateweblink.com *.stripe.com;font-src *;connect-src 'self' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.twitter.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.leadsrx.com *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.stackadapt.com *.botframework.com wss://*.botframework.com *.administrateweblink.com *.pactsafe.io *.administratehq.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net;worker-src 'self' *.needle.com *.cloudfront.net blob:; 3
frame-src 'self' https://*.omniture.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com;frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com https://*.princesspromotions.com https://*.ocean.com  https://*.niceincontact.com https://*.adobeaemcloud.com; 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss://* http://* https://*; 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; worker-src 'self' blob: ; child-src 'self' https: blob: ; 3
frame-ancestors 'self' ssense.com *.ssense.com 3
frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com  www.outpayce.com  jobs.amadeus.com corporate.amadeus.com t3ch.amadeus.com digital-guidelines.internal.amadeus.com sales-playbook.internal.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com 3
frame-ancestors 'self' *.trekbikes.com 3
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3
frame-ancestors 'self' *.springernature.com; 3
frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://code.createjs.com data: 3
frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net; upgrade-insecure-requests 3
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://com-avaya.netmng.com https://cdn.avaya-learning.com https://js.zi-scripts.com https://maxcdn.bootstrapcdn.com https://*.oracleinfinity.io https://tags.clickagy.com https://s.go-mpulse.net https://*.zoominfo.com https://*.vidyard.com https://*.neverbounce.com https://*.avayacloud.com https://js.hsadspixel.net https://up.pixel.ad https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com  https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.linkedin.com https://*.serving-sys.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdn.avaya-learning.com https://*.cloudfront.net https://unpkg.com https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://js.zi-scripts.com https://*.onetrust.com https://cdn.linkedin.oribi.io https://*.akamaihd.net https://hemsync.clickagy.com https://aorta.clickagy.com https://*.vidyard.com https://*.zoominfo.com https://*.hotjar.com wss://*.hotjar.com https://*.lottiefiles.com https://avayabot.avaya.com https://*.hotjar.io https://bat.bing.com https://*.lottiefiles.com https://forms.visistat.com wss://*.hotjar.com https://*.hotjar.com https://analytics.google.com  https://*.analytics.google.com https://s1737033466.t.eloqua.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://*.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca https://geolocation.onetrust.com; frame-ancestors 'self' https://*.avaya.com ; 3
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 3
default-src'self'; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' getcody.ai trinketsofcody.com *.adsecurity.com *.qbigads.com *.mitgame.com *.mobmio.com *.univibes.ru *.admitad-connect.com *.bing.com *.clarity.ms *.ttwstatic.com  *.w.org  *.tapfiliate.com  *.convertsocial.net *.qbigtech.com *.admitad.ru *.stage.monetize *.tinkoff.ru *.smartredirect.de mtusgate.de linkitten.com mtusimg.de convertlink.com pmf.tech *.pmf.tech fairsavings.com *.fairsavings.com *.admitad.com *.admit.ad *.admitad.academy mitgo.com *.mitgo.com takeads.com *.takeads.com univibes.org *.univibes.org *.ads-twitter.com *.trustpilot.com *.zopim.io *.zopim.com *.smooch.io *.zdassets.com *.zendesk.com *.consentmanager.net *.mindbox.cloud *.popmechanic.ru *.gravatar.com *.facebook.net *.facebook.com *.fb.com *.consensu.org *.amazonaws.com *.twitter.com *.instagram.com *.tiktok.com *.webvisor.org *.quizyworld.tech *.linkedin.com *.ampproject.org yastatic.net *.yandex.com *.yandex.net *.yandex.ru *.ya.ru *.mail.ru vk.com *.scriptcdn.net *.typekit.net *.google.net *.google.io *.google.eu *.google.su *.gooogle.com *.gogle.com *.com.google *.google.be *.google.by *.google.ca *.google.cn *.g.cn *.google.dk *.google.ee *.google.fi *.google.gg *.google.gr *.google.hr *.google.hu *.google.is *.google.it *.google.co.jp *.google.kz *.google.lv *.google.md *.google.com.mx *.google.nl *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.com.ua *.google.ua *.google.us *.google.co.uz *.google.de *.google.cz *.google.at *.google.ae *.google.com.co *.google.com.do *.google.jo *.google.gl *.google.sc *.google.co.ve *.google.com.uv *.google.co.ao *.google.co.in *.google.bg *.google.com *.googleapis.com *.translate.goog *.gstatic.com *.google.co.uk *.google.com.tr *.google.fr *.google.es *.google.com.eg *.google.com.cy *.google.ge *.google.co.id *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.adwords.com *.adwords.ru *.adsense.com *.adsense.ru *.feedburner.com *.doubleclick.com *.doubleclick.net *.igoogle.com *.youtu.be *.youtube.com *.youtube.ru *.blogger.com *.chromium.com *.setka.io *.google.com.gh ymetrica1.com *.google.com.pk *.google.com.br *.google.co.th *.google.com.vn *.google.lt; report-uri /wp-json/csp-log/v1/report 3
frame-ancestors 'self' *.swp.de *.lr-online.de *.moz.de; 3
default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://1444264.collect.igodigital.com https://bam.nr-data.net https://js-agent.newrelic.com https://static.addtoany.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://analytics.twitter.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://bam-cell.nr-data.net/ https://cdnjs.cloudflare.com https://unpkg.com https://pi.pardot.com/analytics https://fast.wistia.com https://wistia.com https://fast.wistia.net https://www.googleadservices.com https://wistia.com https://hackerone.com https://cdn.cookielaw.org; object-src 'none'; img-src 'self' https://nova.collect.igodigital.com https://www.googletagmanager.com https://t.co data: https:; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com https://www.google.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com https://static.addtoany.com https://hackerone.com https://fast.wistia.com; frame-ancestors 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://privacyportal.onetrust.com https://bam-cell.nr-data.net https://pi.pardot.com/analytics https://cdn.cookielaw.org; report-uri https://jhcspviolation.report-uri.com/r/d/csp/reportOnly 3
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.hitachivantara.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com players.brightcove.net  *.cloudfront.net tags.tiqcdn.com *.hds.com; img-src https: data: blob: *; object-src 'self'  ; script-src-elem https: 'unsafe-inline' 'unsafe-eval' ; connect-src https: wss:; frame-src 'self' interactive.esg-global.com ws-assets.zoominfo.com *.zoominfo.com *.gartner.com *.hitachivantara.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com *.greenhouse.io *.google.com *.gstatic.com *.facebook.com *.hitachivantara.com *.dacast.com  hitachi.demdex.net  pages.hitachivantara.com *.hitachinext.com *.g.doubleclick.net *.amazonaws.com *.doubleclick.net *.company-target.com  *.ceros.com ibc-flow.techtarget.com  hdscorp.my.salesforce.com *.adsrvr.org *.rlcdn.com *.hotjar.com *.brightcove.net *.mathtag.com *.brighttalk.com *.tiqcdn.com *.tealiumiq.com *.sc.omtrdc.net *.youtube.com; worker-src 'self' blob: *.hitachinext.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com ; media-src 'self' blob: *.hitachinext.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com https: wss:; font-src 'self' data: *; 3
script-src 'self' assets.adobedtm.com *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com *.onetrust.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net saasfocus.com ideacouture.com digitally.cognizant.com originchddco.cognizant.com originchdai.cognizant.com originltfow.cognizant.com t.contentsquare.net t.contentsquare.net/uxa/* *.contentsquare.net api.company-target.com/* c.6sc.co cognizant.sc.omtrdc.net https: 'unsafe-inline' 'unsafe-eval' data: blob:; 3
frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 3
frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 3
frame-ancestors 'self' *.shangri-la.com facebook.com *.facebook.com 3
frame-ancestors 'self' https://*.sachsen.de; 3
default-src 'self' https://pfq-static.com https://checkout.stripe.com;img-src https: data:;style-src 'self' https://pfq-static.com 'unsafe-inline';connect-src 'self' https://api.stripe.com;frame-src 'self' https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com data:;script-src 'self' https://pfq-static.com https://www.google.com https://platform.twitter.com https://js.stripe.com;font-src https: data: 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 3
connect-src 'self' *.marketo.com *.marketo.net *.mktoresp.com *.onetrust.com *.adobedtm.com *.demdex.net *.googleapis.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.bnymellon.com *.pershing.com *.hcaptcha.com *.gstatic.com *.facebook.com *.facebook.net *.pinterest.com *.linkedin.oribi.io *.linkedin.com px.ads.linkedin.com *.twitter.com cookie-cdn.cookiepro.com *.cookielaw.org *.userway.org *.licdn.com bnymellon.tt.omtrdc.net *.everesttech.net api.company-target.com *.iconfinder.com *.vidyard.com *.adobecqms.net *.brighttalk.com *.tools.investis.com *.adobe.com *.qualtrics.com *.tt.omtrdc.net; frame-src *.vidyard.com *.hcaptcha.com *.bnymellon.com *.demdex.net *.userway.org *.adobecqms.net *.brighttalk.com *.facebook.net *.facebook.com *.tools.investis.com *.doubleclick.net *.qualtrics.com; object-src 'none'; 3
default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com;  img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 3
base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-na01.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://vjs.zencdn.net https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://about.sharecare.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io  https://cdn.cookielaw.org https://www.googletagmanager.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://about.sharecare.com; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io https://ssl.google-analytics.com https://code.jquery.com https://privacyportal-na01.onetrust.com https://players.brightcove.net https://ajax.googleapis.com https://cdn.krxd.net https://vjs.zencdn.net https://edge.api.brightcove.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic https: http: blob: data: *.osano.com;img-src * data:;object-src 'none';base-uri 'none';style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net; 3
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 3
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 3
default-src 'self'; worker-src blob:; child-src blob:; font-src * data: https:; img-src * data:; media-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' https:; style-src * 'unsafe-inline' https:; connect-src * https:; frame-src * https:; 3
frame-ancestors 'self' https://tiaa-stagingx.unqork.io https://tiaa-uatx.unqork.io https://digitalforms.tiaa.org 3
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/ 3
frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 3
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.ibkrcampus.com  ibkrcampus.com  *.greenwichcompliance.com; 3
frame-ancestors 'self' *.servicetitan.com; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com; frame-ancestors file: cdvfile: 'self'; 3
frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.hlx.page *.hlx.live 3
frame-ancestors 'self'; img-src 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://kit.fontawesome.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' https://*.fontawesome.com https://*.google-analytics.com https://stats.g.doubleclick.net; report-uri /csprep/ 3
frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com https://nva-av-tkweb1pr https://igrawsndc012r:10446 https://elibrary.tranetechnologies.com/ 3
default-src 'self'; media-src 'self'; img-src 'self' https://sgtm.airforce.com https://*.doubleclick.net https://sync.search.spotxchange.com https://dsum-sec.casalemedia.com https://sync.1rx.io https://ps.eyeota.net https://contextual.media.net https://tags.bluekai.com https://exchange-match.mediaplex.com https://ap.lijit.com https://dpm.demdex.net https://beacon.krxd.net https://ib.adnxs.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://*.pubmatic.com https://gsdmairforceprod.112.2o7.net/ https://eb2.3lift.com/ https://crb.kargo.com/ https://ups.analytics.yahoo.com https://cs.admanmedia.com https://ads.stickyadstv.com https://match.sharethrough.com https://us-u.openx.net https://match.adsrvr.org https://*.dotomi.com https://partners.tremorhub.com https://bh.contextweb.com https://simage2.pubmatic.com https://cms.analytics.yahoo.com https://*.googletagmanager.com https://*.google-analytics.com https://optimize.google.com https://cdn.cookielaw.org https://fonts.gstatic.com https://c.bing.com https://c.clarity.ms https://www.google.com.eg https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://bat.bing.com https://*.linkedin.com https://www.facebook.com https://tr.snapchat.com https://p.adsymptotic.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://login-ds.dotomi.com https://www.googleoptimize.com https://login.dotomi.com https://tr.snapchat.com https://*.google-analytics.com https://*.googleanalytics.com https://optimize.google.com https://cdn.cookielaw.org https://*.clarity.ms https://www.analytics.google.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://www.youtube.com https://maps.googleapis.com https://*.salesforceliveagent.com https://www.googleadservices.com https://*.googletagmanager.com https://assets.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' https://optimize.google.com https://*.doubleclick.net https://www.facebook.com https://www.youtube.com https://4136874.fls.doubleclick.net https://tr.snapchat.com https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://sgtm.airforce.com https://gsdm.tt.omtrdc.net https://maps.googleapis.com https://*.g.doubleclick.net https://*.google.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.googletagmanager.com https://www.google.com.eg https://d.clarity.ms https://www.clairty.ms https://*.clarity.ms https://tr.snapchat.com https://stats.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://bat.bing.com https://*.google-analytics.com 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl yourhosting.freshchat.com https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl *.google-analytics.com https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3
frame-ancestors 'self' *.finder.com *.finder.com.au https://foxbusiness.com https://www.foxbusiness.com https://superguide.com.au https://www.superguide.com.au; 3
default-src 'self' play.vidyard.com *.forsta.com *.g2crowd.com t.co; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com  'unsafe-inline' 'unsafe-eval'; style-src 'self' go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com www.googletagmanager.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com t.co 'unsafe-inline'; frame-ancestors 'none'; frame-src go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com www.googletagmanager.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com t.co td.doubleclick.net hemsync.clickagy.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.forsta.com; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com; font-src 'self' data: fonts.gstatic.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com t.co; media-src *.bc0a.com *.forsta.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 3
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self'  mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 3
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net; media-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net; block-all-mixed-content 3
frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://usertest-messages.sciquest.com https://integrations.sciquest.com https://int02.jaggaer.com https://uitint02.jaggaer.com 3
frame-ancestors 'self' http://webvisor.com https://docs.ispsystem.ru https://docs.ispsystem.com https://www.ispmanager.com 3
frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 3
frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; worker-src blob:; img-src * blob: data:; 3
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3
default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 3
default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js  https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com; 3
frame-ancestors 'self', upgrade-insecure-requests 3
frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com gsma.my.site.com 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 3
frame-ancestors secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; 3
default-src 'self' ; base-uri 'self'; form-action 'self' https://www.facebook.com https://mapscustomerdev.okta.com/app/mapscustomerdev_dttsamlstaging_1/exk8ecez003KbSmip417/sso/saml; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.clarity.ms https://*.googletagmanager.com https://apps.euw2.pure.cloud/genesys-bootstrap/plugins/genesysvendors.min.js https://apps.euw2.pure.cloud/genesys-bootstrap/genesys.min.js https://apps.euw2.pure.cloud/journey/messenger-plugins/offersHelper.min.js *.pensionsadvisoryservice.org.uk *.twitter.com https://apps.euw2.pure.cloud https://masassets.blob.core.windows.net *.ads-twitter.com c0.adalyser.com/adalyser.js https://cdn.jsdelivr.net/npm/search-insights@2.2.1 *.adsymptotic.com https://cdn.optimizely.com https://apis.google.com/js/platform.js https://js-agent.newrelic.com/nr-1210.min.js *.googleadservices.com *.bing.com https://snap.licdn.com *.doubleclick.net https://webchat.pensionsadvisoryservice.org.uk:8089 https://webchat.pensionsadvisoryservice.org.uk:8089/webchat/client/tracker.js https://webrtc.github.io/adapter/adapter-latest.js *.aspnetcdn.com connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com cc.cdn.civiccomputing.com insitez.blob.core.windows.net assets.adobedtm.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.pensionsadvisoryservice.org.uk https://masassets.blob.core.windows.net https://www.fingodev.co.uk https://www.fingo.co.uk fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.moneyhelper.org.uk *.algolianet.com wss://webchat.pensionsadvisoryservice.org.uk:8089 *.algolia.net https://insights.algolia.io ipapi.co *.informizely.com *.google.com *.doubleclick.net https://masassets.blob.core.windows.net https://webchat.pensionsadvisoryservice.org.uk:8089 wss://webmessaging.euw2.pure.cloud https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/80371e34-4cd8-4290-8b65-aa209edf410d/domains.json https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/80371e34-4cd8-4290-8b65-aa209edf410d/config.json https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/b497eee2-89d2-48a1-9c36-5c7d7fbebcbb/domains.json https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/b497eee2-89d2-48a1-9c36-5c7d7fbebcbb/config.json https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/f0f953c7-9a2a-4b99-bf3b-0a9e4dbc63f7/domains.json https://api-cdn.euw2.pure.cloud/webdeployments/v1/deployments/f0f953c7-9a2a-4b99-bf3b-0a9e4dbc63f7/config.json https://api.euw2.pure.cloud/api/v2/webmessaging/messages *.civiccomputing.com dpm.demdex.net https://*.google-analytics.com https://*.analytics.google.com maps-uk.sc.omtrdc.net https://*.googletagmanager.com https://moneypensions.tt.omtrdc.net https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com; font-src 'self' data: fonts.googleapis.com *.pensionsadvisoryservice.org.uk https://apps.euw2.pure.cloud https://at.alicdn.com https://masassets.blob.core.windows.net https://www.fingodev.co.uk https://www.fingo.co.uk fonts.gstatic.com; frame-src 'self' moneypensions.demdex.net https://apps.euw2.pure.cloud *.moneyhelper.org.uk pension-guid-aem-tools-xoekuj7.herokuapp.com https://benefits.inbest.ai www.pensionwise.gov.uk https://partner-tools.moneyadviceservice.org.uk https://www.youtube.com https://www.facebook.com forms.office.com mas-tad-consumer-aem-321.herokuapp.com https://*.fls.doubleclick.net; img-src 'self' data: https://*.google-analytics.com *.bing.com https://masassets.blob.core.windows.net *.facebook.net *.facebook.com *.linkedin.com *.google.com https://www.fingodev.co.uk https://*.oktacdn.com https://www.google.co.uk *.adalyser.com t.co cm.everesttech.net https://www.pensionsadvisoryservice.org.uk *.demdex.net *.omtrdc.net analytics.twitter.com https://*.googletagmanager.com https://img.youtube.com 3
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3
frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors 'self' https://app.experiencewelcome.com/ 3
frame-ancestors 'self' https://www.johnsoncontrols.com 3
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io *.cloudflare.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 3
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com  https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google.com;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 3
default-src https: 'unsafe-inline' 3
object-src 'none'; report-uri /report-csp-violation 3
upgrade-insecure-requests; frame-ancestors 'self' https://customer.norwegian.com 3
frame-ancestors 'self' hhs.gov *.hhs.gov 3
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 3
frame-ancestors 'self' https://uptime.betterstack.com https://logs.betterstack.com; 3
base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.adnxs.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud *.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.adnxs.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.chilipiper.com; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.adnxs.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.chilipiper.com; form-action 'self' webto.salesforce.com https://www.facebook.com/tr; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com *.chilipiper.com www.youtube.com https://www.youtube.com/ player.vimeo.com https://player.vimeo.com/; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; media-src 'self' 'unsafe-inline' videos.ctfassets.net nordlayer.com *.nordlayer.com false; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 3
frame-ancestors 'self' *.bnpparibas *.mosaic.fr *.biapi.pro *.dev.echonet *.bnpparibas.net *.protection24.com *.facil-iti.com *.herokuapp.com  *.matmut.com *.cardif-iard.fr; 3
frame-ancestors 'self' nielseniq.com *.nielseniq.com; 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 3
frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 3
frame-ancestors 'self' https://login.vodafonemail.de 3
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de; 3
default-src 'self'; 	style-src 'self' *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline';     script-src 'self' *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:;     img-src 'self'  *.google.com.mx/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/;     frame-src 'self' *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/;     connect-src 'self' *.google.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/  *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/;     font-src 'self' *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/;     media-src 'self' *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 3
connect-src 'self' https://analytics.pangle-ads.com https://analytics.tiktok.com https://api-js.mixpanel.com https://bat.bing.com https://d1lu3pmaz2ilpx.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://getroman.pxf.io https://*.clarity.ms https://stats.g.doubleclick.net https://www.google-analytics.com https://rum.browser-intake-datadoghq.com https://sslwidget.criteo.com https://dynamic.criteo.com https://www.facebook.com https://www.google.com https://adservice.google.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://client-analytics.braintreegateway.com https://payments.braintree-api.com https://maps.googleapis.com https://us-street.api.smartystreets.com https://measurement-api.criteo.com https://www.paypal.com https://vimeo.com https://api.braintreegateway.com https://assets.ctfassets.net https://t.co https://analytics.twitter.com https://ads-api.twitter.com https://sentry.ro.co https://sentry2.ro.co https://login.ro.co; font-src 'self' https: data:; frame-src https://gum.criteo.com https://www.facebook.com https://www.youtube.com https://iframe.ro.co https://gumi.criteo.com https://static.criteo.net https://js.stripe.com https://checkout.paypal.com https://www.sandbox.paypal.com https://td.doubleclick.net https://tpc.googlesyndication.com https://player.vimeo.com https://fledge.us.criteo.com https://www.paypal.com https://www.paypalobjects.com; img-src 'self' https: data:; media-src 'self' data: https://videos.ctfassets.net https://player.vimeo.com https://download-video.akamaized.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acdn.adnxs.com https://analytics.tiktok.com https://bat.bing.com https://connect.facebook.net https://d2hrivdxn8ekm8.cloudfront.net https://dynamic.criteo.com https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://start.ro.co https://utt.impactcdn.com https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://maps.googleapis.com https://polyfill.io https://static.legitscript.com https://stats.wp.com https://ajax.cloudflare.com https://js.stripe.com https://www.paypal.com https://js.braintreegateway.com https://player.vimeo.com https://www.paypalobjects.com https://cdn.jsdelivr.net/npm/@editorjs/ https://static.ads-twitter.com https://analytics.twitter.com; worker-src 'self' blob:; report-uri https://healthbyro.report-uri.com/r/t/csp/enforce 3
frame-ancestors 'self' https://*.riu.com https://*.apps.riu.com https://*.stay-app.com https://www.googleapis.com https://*.google.com https://connect.facebook.net https://*.akamaitechnologies.com https://*.yandex.com https://*.msn.com https://*.googlebot.com https://*.gstatic.com https://static.cloudflareinsights.com https://www.riuagents.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.akamaized.net *.cloudfront.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com www.mice-platform.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com; font-src 'self' data: *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.slidesync.com *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com blob:; img-src 'self' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com blob:; frame-ancestors 'self' file://* *.corpintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.w52.agency *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.here.com *.hereapi.com *.podigee-cdn.net *.podigee.io *.gomexlive.com 3
frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://goconnect.stackla.com https://info.evidon.com https://pilotadmin.wufoo.com/ https://l3.evidon.com https://*.surveymonkey.com 3
frame-ancestors https://*.tradestation.com https://*.tradestation.io 3
frame-ancestors 'self' *.backushospital.org  *.charlottehungerford.org  *.ctorthoinstitute.org  *.ctorthomidstate.org  *.ctorthostvincents.org  *.hartfordhealthcare.org  *.hartfordhealthcare.org  *.hartfordhealthcareathome.org  *.hartfordhealthcaremedicalgroup.org  *.hartfordhealthcarerehabnetwork.org  *.hartfordhospital.org  *.hartfordhospital.org  *.hhcandme.com  *.hhcbehavioralhealth.org  *.hhcconnect.com  *.hhcconnect.net  *.hhcconnect.org  *.hhchealth.com  *.hhchealth.net  *.hhchealth.org  *.hhcseniorservices.org  *.hhcsystem.org  *.instituteofliving.org  *.integratedcarepartners.org  *.midstatemedical.org  mychartplus.org *.mychartplus.org  *.natchaug.org  *.rushford.org  *.stvincents.org  *.thocc.org 3
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 3
frame-ancestors 'self' *.lovecrafts.com 3
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 3
default-src 'self' 'sha256-wnP+Lbj39ymMcEzqawDqMAU1J1IrwLHzIYIJK5A/4xM=' ;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ;    img-src 'self' data: https://*.usercentrics.eu https://www.google.com https://www.google.de https://i.ytimg.com https://hcaptcha.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://*.google-analytics.com https://www-htp-test01.servers.ip https://googleads.g.doubleclick.net ;     frame-src 'self' *.google.com https://*.hcaptcha.com https://www.youtube-nocookie.com https://www.youtube.de https://www.youtube.com https://www.enercity.de https://*.adform.net https://cdn2.spatialbuzz.com https://td.doubleclick.net;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.usercentrics.eu https://www.test-neu.htp-test.de https://www.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.matomo.cloud https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.adform.net https://hcaptcha.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://cdn2.spatialbuzz.com/cust/F884ECF1/js/ https://cdn2.spatialbuzz.com/cust/D092ABFD/js/ data: blob: https://htp.containers.piwik.pro;     connect-src 'self' data: blob: https://*.usercentrics.eu https://htp.matomo.cloud https://cdn2.spatialbuzz.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hcaptcha.com https://*.googleapis.com *.google.com https://*.gstatic.com https://www.google.de/ads/ga-audiences https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://htp.piwik.pro;    font-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com ;    worker-src blob:;    3
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx *.udemproxy.elogim.com creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet; 3
default-src 'self';  style-src 'self' *.arcgis.co  *.typeform.com *.bootstrapcdn.com *.doublethedonation.com doublethedonation.com *.chatbot.com 'unsafe-inline' *.google.com *.googleapis.com; script-src 'self' *.arcgis.co *.createjs.com *.typeform.com *.chatbot.co *.facebook.net *.bing.com youtube.com *.youtube.com *.pardot.com *.cookieinformation.com *.classy.org *.googletagmanager.com *.google-analytics.com *.doublethedonation.com doublethedonation.com *.newrelic.com *.sharethis.com *.googleoptimize.com *.rainforest-alliance.org *.google.com *.gstatic.co *.chatbot.com 'unsafe-inline' *.googleadservices.com *.doubleclick.net 'unsafe-eval';  img-src 'self' *.rainforest-alliance.org rainforest-alliance.org *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.facebook.com *.doublethedonation.com doublethedonation.com *.gravatar.com *.chatbot.com data: *.google.com *.gstatic.com; font-src 'self' *.rainforest-alliance.or *.doublethedonation.com doublethedonation.com data: *.googletagmanager.com *.google.com *.gravatar.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.hirehive.com *.cookieinformation.com *.google-analytics.com *.appspot.com *.doubleclick.net *.bing.com *.nr-data.net *.doublethedonation.com doublethedonation.com *.chatbot.com *.sharethis.com;  frame-src 'self' *.linkedin.com *.arcgis.com *.facebook.com *.typeform.com *.juicer.io *.vimeo.com *.cookieinformation.com *.rainforest-alliance.org *.classy.org *.powerbi.com *.google.com youtube.com *.youtube.com *.chatbot.co *.chatbot.com  *.doubleclick.net; 3
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 3
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net 3
frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 3
frame-ancestors 'self'; object-src 'self'; 3
frame-ancestors 'self' blank;object-src 'self' blank; 3
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai wss://api.botschool.ai https://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai wss://*.byside.com https://*.byside.com https://cdn-api-weglot.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://in.hotjar.com https://*.inmobi.com wss://*.inside-graph.com https://*.inside-graph.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.byside.com https://www.facebook.com https://connect.facebook.net https://gateway.zscaler.net; frame-ancestors 'self' https://www.meo.pt https://gateway.zscaler.net https://cinema.sapo.pt https://mag.sapo.pt; frame-src 'self' https://*.meo.pt https://stags.bluekai.com https://*.byside.com https://www.facebook.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' data: https://*.meo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://cdn.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.byside.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://cdn.weglot.com https://fast.fonts.net https://gateway.zscaler.net https://selo.confio.pt; worker-src 'self'; object-src 'none' 3
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 3
frame-ancestors 'self' https://duffandphelps.360learning.com 3
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src  blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co c.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com;  3
img-src * data: 3
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.iberdrola.es data: localhost:* iberdrola.it *.iberdrola.it iberdrola.es *.iberdrola.es iberdrola.de *.iberdrola.de iberdrola.fr *.iberdrola.fr iberdrola.pt *.iberdrola.pt curenergia.es *.curenergia.es *.google.com *.youtube.com *.gstatic.com *.googletagmanager.com *.womtp.com *.walmeric.com *.googleapis.com *.google-analytics.com *.cloud-care.it *.googleadservices.com *.google.es *.onetrust.com *.imbee.me *.krxd.net ipwhois.pro  *.sentry.io *.amazonaws.com *.pro *.lottiefiles.com *.doubleclick.net *.facebook.net *.facebook.com *.whisbi.com *.dwin1.com *.presage.io wss://liveservice.cloud-care.it/socketcluster/ *.tradedoubler.com *.iberdrola.com wss://wwe2.byside.com/socket.io/1/websocket/ *.byside.com https://www.googleoptimize.com/optimize.js js.adsrvr.org static.ads-twitter.com insight.adsrvr.org   analytics.twitter.com t.co https://match.adsrvr.org  *.googlesyndication.com s.go-mpulse.net https://c.go-mpulse.net px.ads.linkedin.com 684dd32b.akstat.io snap.licdn.com cdn.linkedin.oribi.io 684dd331.akstat.io *.akstat.io *.clarity.ms *.appspot.com *.jquery.com *.inbenta.io *.inbenta.com unpkg.com cdn.jsdelivr.net gsatag.makingscience.com view.genial.ly *.cloudflare.com cdn.evgnet.com *.kaltura.com *.visualwebsiteoptimizer.com *.redsys.es *.cdn-apple.com 3
default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
frame-ancestors 'self' https://*.paperflite.com 3
child-src blob:;connect-src 'self' https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io activity.wisepops.com accounts.google.com popup.wisepops.com tracking.wisepops.com notifications.wisepops.com app.getwisp.co wisepops.net backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ip2c.org autocomplete.search.hereapi.com lookup.search.hereapi.com revgeocode.search.hereapi.com geocode.search.hereapi.com *.batch.com *.axept.io *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3 api.maze.co prompts.maze.co region1.analytics.google.com stats.g.doubleclick.net cdn.growthbook.io growthbook-proxy.production.wttj.team;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io snippet.maze.co;form-action 'self' www.facebook.com;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com static.hotjar.com *.axept.io *.contentsquare.net cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net snippet.maze.co;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/ snippet.maze.co acdn.adnxs.com;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com snippet.maze.co static.hotjar.com script.hotjar.com;upgrade-insecure-requests;worker-src 'self' blob:;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 3
default-src 'self' https://edgestatic.azureedge.net https://*.microsoft.com; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.aspnetcdn.com https://az725175.vo.msecnd.net https://*.microsoft.com https://mem.gfx.ms https://edgestatic.azureedge.net https://js.monitor.azure.com https://mwf-service.akamaized.net https://*.clarity.ms https://*.bing.com http://*.bing.com https://acdn.adnxs.com https://connect.facebook.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net; font-src 'self' data: https://*.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net; connect-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.bing.com https://*.clarity.ms https://js.monitor.azure.com https://edgestatic.azureedge.net https://consentreceiverfd-prod.azurefd.net https://cdn.linkedin.oribi.io https://*.linkedin.com https://boost.mediation.trafficmanager.net; frame-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.msn.com https://*.msn.cn https://*.bing.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.microsoft.com https://*.bing.com; img-src * data:; media-src 'self' https://edgestatic.azureedge.net 3
default-src 'self' 'unsafe-inline' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 3
frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 3
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net  blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3
object-src 'none'; form-action 'self'; frame-ancestors 'none' 3
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com; object-src 'self' https:; connect-src 'self' https: wss://*.hotjar.com *.crazyegg.com; img-src 'self' data: https: blob: *.crazyegg.com; font-src 'self' data: https:; 3
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nuveen.com tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.omtrdc.net *.tiaa.org tiaa.org apps.nuveen.org *.nuveen.com optimize.google.com *.googleoptimize.com *.googleanalytics.com *.google-analytics.com ad.doubleclick.net *.googlesyndication.com tools.inviteeducation.com *.googletagmanager.com *.gstatic.com maps.googleapis.com cdn.cookielaw.org *.salesforceliveagent.com players.brightcove.net *.qualtrics.com *.google.com cdn.evgnet.com *.evgnet.com *.azurewebsites.net s.go-mpulse.net cdn.polyfill.io cdnjs.cloudflare.com *.morningstar.com *.akamaihd.net js-agent.newrelic.com *.nuveen.com tag.demandbase.com *.google-analytics.com script.crazyegg.com snap.licdn.com static.ads-twitter.com pi.pardot.com js.adsrvr.org connect.facebook.net info.nuveen.com action.dstillery.com googleads.g.doubleclick.net *.googleadservices.com api.ipify.org analytics.google.com stats.g.doubleclick.net *.nr-data.net action.media6degrees.com ajax.googleapis.com *.nuveen.com polyfill.io unpkg.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.broadridge.com *.bing.com *.clarity.ms *.callrail.com *.byspotify.com *.crazyegg.com blob:;style-src 'self' 'unsafe-inline' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net optimize.google.com *.googleoptimize.com fonts.googleapis.com *.morningstar.com *.broadridge.com *.crazyegg.com;img-src data: 'self' api.nuveen.com *.google-analytics.com ad.doubleclick.net d.turn.com *.gstatic.com cdn.cookielaw.org maps.gstatic.com maps.googleapis.com *.b2i.us *.nuveen.com id.rlcdn.com *.morningstar.com *.azurewebsites.net *.googletagmanager.com googleads.g.doubleclick.net *.google.com *.google.co.in *.facebook.com *.linkedin.com t.co analytics.twitter.com googleads.g.doubleclick.net segments.company-target.com *.google-analytics.com match.adsrvr.org beacon.krxd.net a.audrte.com stags.bluekai.com idsync.rlcdn.com ib.adnxs.com ce.lijit.com dt-secure.videohub.tv dpm.demdex.net aa.agkn.com us-u.openx.net *.akamaihd.net *.qualtrics.com *.nr-data.net *.bing.com *.clarity.ms pixel.byspotify.com *.crazyegg.com data:;font-src data: 'self' fonts.gstatic.com fonts.googleapis.com optimize.google.com *.morningstar.com;connect-src 'self' *.nuveen.com mboxedge34.tt.omtrdc.net tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.azurewebsites.net *.facebook.com connect.facebook.net *.googlesyndication.com ad.doubleclick.net bat.bing.com maps.googleapis.com siteintercept.qualtrics.com cdn.cookielaw.org/ tiaabank.us-4.evergage.com *.b2i.us c.go-mpulse.net *.akamaihd.net *.akstat.io *.morningstar.com api.company-target.com script.crazyegg.com *.google-analytics.com stats.g.doubleclick.net *.crazyegg.com analytics.google.com geolocation.onetrust.com privacyportal.onetrust.com *.nr-data.net cdn.linkedin.oribi.io *.hawkeye.epsilon.com *.fundslibrary.net *.services.visualstudio.com *.clarity.ms *.company-target.com tag-logger.demandbase.com *.callrail.com *.byspotify.com *.nuveen.com mboxedge34.tt.omtrdc.net tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.azurewebsites.net *.facebook.com connect.facebook.net *.googlesyndication.com ad.doubleclick.net bat.bing.com maps.googleapis.com siteintercept.qualtrics.com cdn.cookielaw.org/ tiaabank.us-4.evergage.com *.b2i.us c.go-mpulse.net *.akamaihd.net *.akstat.io *.morningstar.com api.company-target.com script.crazyegg.com *.google-analytics.com stats.g.doubleclick.net *.crazyegg.com analytics.google.com geolocation.onetrust.com privacyportal.onetrust.com *.nr-data.net cdn.linkedin.oribi.io *.hawkeye.epsilon.com *.fundslibrary.net *.services.visualstudio.com *.clarity.ms *.company-target.com tag-logger.demandbase.com *.callrail.com *.byspotify.com *.linkedin.com;media-src 'self' bcbolt446c5271-a.akamaihd.net;object-src 'none' ;child-src 'self' blob:;frame-ancestors 'self' ;frame-src 'self' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net c-pace.greenworkslending.com optimize.google.com *.googleoptimize.com v3.inviteeducation.com players.brightcove.net *.google.com *.adsrvr.org *.doubleclick.net *.facebook.com *.nuveen.com *.company-target.com reporting.nuveenglobal.info icx.efrontcloud.com *.googlesyndication.com;form-action 'self' ;manifest-src 'none' ; 3
default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https://m.lndg.page dash-staging.bounceexchange.com assets.bounceexchange.com *.fls.doubleclick.net bid.g.doubleclick.net https://player.vimeo.com/ *.photorank.me *.hotjar.com *.facebook.com *.google.com *.instagram.com *.youtube.com *.pinterest.com https://www.sandbox.paypal.com *.clarity.ms www.pinterest.co.uk *.openpay.mx  https://www.pinterest.ch https://www.pinterest.cl https://www.pinterest.es https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie tsdtocl.com *.tangiblee.com www.paypal.com www.paypalobjects.com www.googletagmanager.com emersya.com cdn.emersya.com *.opencontrol.mx https://www.recaptcha.net https://outlook.office365.com https://dem.mysingleromance.com https://us-device-pro1.csftr.com www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com csxd.victorinox.com csxd.swissarmy.com https://forms.office.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://victorinox.my-june.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com ; report-to csp-endpoint ; frame-ancestors 'self' https://develop--b2cstore-victorinox.netlify.app https://development--b2cstore-victorinox.netlify.app https://staging--b2cstore-victorinox.netlify.app https://b2cstore-victorinox.frontend.site https://prod-b2cstore-victorinox.netlify.app https://prdnew-www.victorinox.com https://stgnew-www.victorinox.com https://prod-b2cstore-victorinox.netlify.app/ https://prdnew-www.victorinox.com/ https://*.victorinox.com ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: https://api.qrserver.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com ; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com ; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org  https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com ; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com  https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com 3
frame-ancestors 'self' https://www.blinds.com https://blinds.homedepot.com https://custom.homedepot.com https://www.homedepot.ca https://www.blinds.ca https://www.americanblinds.com https://www.justblinds.com 3
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com; 3
default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com 'unsafe-inline'  'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net cdn.jsdelivr.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.google.gr *.youtube.com;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' data: easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to  fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com; frame-src 'self' easy.gr *.easy.gr  'unsafe-inline' *.paypal.com *.paypalobjects.com *.cookiebot.com *.tawk.to ; 3
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.doubleclick.net *.googleadservices.com *.google-analytics.com *.recaptcha.net https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com player.vimeo.com *.ssl.cf1.rackcdn.com *.youtube.com s3.amazonaws.com magna.us5.list-manage.com *.baidu.com *.usersnap.com *.adform.net *.adnxs.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com https://js-eu1.hsforms.net/ https://forms-eu1.hsforms.com/ https://cdn.mediavalet.com/ 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com https://www.youtube.com *.ssl.cf1.rackcdn.com https://form.asana.com/ 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://www.google.co.uk https://dec.azureedge.net https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com https://puui.qpic.cn https://cms.sps-digital.com https://stats.g.doubleclick.net https://www.google.ca https://hm.baidu.com https://mcusercontent.com https://cdn-images.mailchimp.com https://www.google.vg https://www.google.de https://www.google.fr *.rackcdn.com *.adnxs.com *.hsforms.com *.hubspot.com cdn.mediavalet.com https://insights.apps-magna.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com; frame-src 'self' https://mpt-product-information.com/ https://td.doubleclick.net/ https://www.recaptcha.net/ https://www.youtube.com/ https://magna.gcs-web.com/ https://my.walls.io/ https://www.google.com/ https://forms-eu1.hsforms.com/ https://www.facebook.com/ https://www.youtube-nocookie.com https://magna.s2.positionierung.at/ https://form.asana.com/ https://app.truelook.cloud/; connect-src 'self' accounts.google.com https://pagead2.googlesyndication.com https://*.dec.sitefinity.com https://forms-eu1.hsforms.com/ *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://hm.baidu.com https://www.google.ca https://www.google.vg https://www.google.de https://www.google.se *.linkedin.oribi.io *.addthis.com *.hs-banner.com *.hubspot.com *.hubapi.com forms-eu1.hscollectedforms.net http://magna-na.magna.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.ssl.cf1.rackcdn.com *.cf2.rackcdn.com *.cf1.rackcdn.com *.iosr.cf1.rackcdn.com https://cms.sps-digital.com https://cdn.mediavalet.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://embed.mediavalet.com/ https://td.doubleclick.net/ https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io https://www.magnapeople.com https://mpt-product-information.com/ https://magna-staging.jifflenow.com/ https://magna.jifflenow.com/ https://www.recaptcha.net https://www.mpt-product-information.com https://bid.g.doubleclick.net https://open.spotify.com/ https://www.youtube-nocookie.com/ https://forms-eu1.hsforms.com/ https://magna.s2.positionierung.at/ 3
default-src 'self';connect-src 'self' idfm-production-back.osc-secnum-fr1.scalingo.io *.contentsquare.net iledefrance-mobilites.matomo.cloud *.screeb.app;font-src 'self' data:;frame-src 'self' data.iledefrance-mobilites.fr www.youtube.com;img-src 'self' idfm-production-rp.osc-secnum-fr1.scalingo.io images.prismic.io portail-idfm.cdn.prismic.io *.contentsquare.net iledefrance-mobilites.fr data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.matomo.cloud t.screeb.app www.youtube.com blob: t.contentsquare.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 3
frame-ancestors 'self' https://dccp-qa.metronet.cloud https://dccp-preprod.metronet.cloud https://pega-dccp.metronet.cloud; 3
default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 3
frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.qualified.com https://tag.demandbase.com https://*.facebook.net https://*.facebook.com https://js.monitor.azure.com https://bat.bing.com https://www.google.nl https://www.google.fr https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://s.go-mpulse.net https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.googleadservices.com https://*.billtrust.com https://*.vimeo.com https://dwill530.github.io https://billtrust.containers.piwik.pro https://munchkin.marketo.net https://ws.zoominfo.com https://tracking.g2crowd.com https://snap.licdn.com https://ml314.com https://tracker.marinsm.com https://www.clickcease.com https://googleads.g.doubleclick.net https://cookie-cdn.cookiepro.com https://boards-api.greenhouse.io https://code.jquery.com https://pagead2.googlesyndication.com https://boards.greenhouse.io https://js.zi-scripts.com https://*.mutinycdn.com https://*.visualwebsiteoptimizer.com; style-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://*.typekit.net https://mktg.billtrust.com https://billtrust.containers.piwik.pro; object-src 'none'; base-uri 'self'; connect-src 'unsafe-inline' 'self' https://tag-logger.demandbase.com https://*.visualwebsiteoptimizer.com https://monitor.clickcease.com https://adservice.google.com https://api.company-target.com wss://ws.qualified.com https://cdn.linkedin.oribi.io https://*.in.applicationinsights.azure.com  https://*.cloud.coveo.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://billtrust.piwik.pro https://billtrust.containers.piwik.pro https://*.mktoresp.com https://ws.zoominfo.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://boards-api.greenhouse.io https://privacyportal.cookiepro.com https://www.google.com https://googleads.g.doubleclick.net https://js.zi-scripts.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://billtrust.containers.piwik.pro data:; frame-src 'self' https://s.company-target.com https://www.google.com https://*.doubleclick.net https://*.qualified.com https://www.npr.org https://www.youtube.com https://mktg.billtrust.com https://player.vimeo.com https://www.g2.com https://boards.greenhouse.io; img-src 'unsafe-inline' 'self' https://id.rlcdn.com/464526.gif https://*.mutinyhq.io https://mktg.billtrust.com https://*.taboola.com https://*.tapad.com https://*.pippio.com https://*.doubleclick.net https://*.yahoo.com https://*.bluekai.com https://segments.company-target.com https//sync.1rx.io https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://i.vimeocdn.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com https://dpm.demdex.net https://idsync.rlcdn.com https://match.adsrvr.org https://sync.crwdcntrl.net https://ps.eyeota.net https://ml314.com https://pixel.mathtag.com https://ib.adnxs.com https://loadus.exelator.com https://s.amazon-adsystem.com https://sync.srv.stackadapt.com https://www.google.com https://www.linkedin.com https://bat.bing.com https://billtrust.containers.piwik.pro https://*.mutinycdn.com https://*.visualwebsiteoptimizer.com data:; manifest-src 'self'; media-src 'self' https://*.qualified.com ; worker-src 'none'; frame-ancestors https://app.mutinyhq.com; upgrade-insecure-requests;block-all-mixed-content;report-uri /cspreports.xml 3
frame-ancestors 'self' *.pangle.io *.pangle-b.io 3
font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://www.concentrix.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com https://cdn.knightlab.com/; frame-ancestors https://munchkin.marketo.net https://www.concentrix.com https://cnxc.wpenginepowered.com https://www.concentrix.com 'self' https://gallery.concentrix.com www.concentrix.com; 3
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz sec.windcave.com uat.windcave.com hotels.airnewzealand.co.nz airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 3
default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://*.facebook.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/; block-all-mixed-content; 3
script-src 'self' 'unsafe-inline' adobedtm.com t.contentsquare.net connect.facebook.net blob: http: https:; object-src 'none'; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily; 3
default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://*.sciquest.com https://*.ariba.com; 3
frame-ancestors 'self' http://broadridge.lookbookhq.com https://broadridge.lookbookhq.com http://explore.broadridge.com https://explore.broadridge.com; 3
img-src * data:; 3
connect-src 'self' https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://api.userway.org https://cdn.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/11355970984.js https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://cdn.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://d11tldh9zr4z08.cloudfront.net https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://websitevisitorleads.com; object-src 'self'; frame-src 'self' https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://cloudinary.com/ https://console.cloudinary.com/ https://cdn.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://cdn.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://cdn.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com data: ; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 3
default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 3
frame-ancestors 'self' *.plentymarkets-cloud-hq.com *.myshopify.com *.plentymarkets.com *.digivent.stream 3
upgrade-insecure-requests; frame-ancestors 'self' blaetterkatalog.musicstore.de 3
connect-src 'self' google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com analytics.limesurvey.org salesiq.zohopublic.eu wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 3
default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de insights.sitesearch360.com api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud apps.mypurecloud.de *.ewe.de; media-src 'self' data.ewe.de; 3
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src fonts.gstatic.com use.fontawesome.com; frame-ancestors 'none'; 3
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://cspabuse.itpays.no 3
default-src * blob:;connect-src 'self' 'unsafe-inline' https://app.clearbit.com https://adservice.google.com https://cdn.bizible.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com  http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;frame-src 'self' https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://vars.hotjar.com https://game.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://x.clearbitjs.com https://www.youtube.com https://youtube.com https://tag.clearbitscripts.com https://cdn.bizible.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com  https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 3
default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob:; frame-ancestors https://app.storyblok.com; 3
frame-ancestors 'self' fnbo.com *.fnbo.com www.fnbo.com; 3
report-uri / 3
default-src 'self' p.typekit.net use.typekit.net sit.encoded.services live.encoded.services *.hotjar.io *.hotjar.com 'unsafe-inline' *.agendize.com vimeo.com *.vimeo.com *.openstreetmap.org *.instagram.com *.facebook.net www.youtube.com *.youtube.com www.google.com *.google.com googlesyndication.com *.googlesyndication.com *.www.isleofman.com 'unsafe-inline'  *.google.com googlesyndication.com *.googlesyndication.com sentry.yabsta.net cdn.ravenjs.com www.google.com *.www.isleofman.com *.gstatic.com www.googletagservices.com www.googletagmanager.com *.google-analytics.com *.twitter.com *.facebook.net *.simpli.fi www.facebook.com *.facebook.com *.twimg.com *.doubleclick.net *.googleapis.com;img-src * data: blob:;font-src * data:;frame-src *; 3
default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com  *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 3
default-src https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.adobe.com https://*.adobe.io https://*.adobe.net https://*.omniture.com; connect-src 'self' https: wss://*.hotjar.com; worker-src blob:; 3
frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 3
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https: wss:; media-src 'self' data: https: blob: 3
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3
default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com  *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com ; 3
frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 3
frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://vp.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu 3
base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js https://assets.adobedtm.com/launch-ENbe9d56e701d340938e112682ad21519f.min.js https://d2qrdklrsxowl2.cloudfront.net/api/configuration.js https://d2qrdklrsxowl2.cloudfront.net/api/viewer/setup/ https://d2qrdklrsxowl2.cloudfront.net/js/generated/bootstrap.built.js https://d2qrdklrsxowl2.cloudfront.net/js/generated/brightcove.v2.built.js https://d2qrdklrsxowl2.cloudfront.net/js/hapyak.js https://d2qrdklrsxowl2.cloudfront.net/js/partners/brightcovePlugin/brightcovePlugin.js https://players.brightcove.net/1485859309/experience_59ca4a72f0534d000fe052ff/live.js https://players.brightcove.net/1485859309/rJBq047Xx_default/index.min.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://a.quora.com/qevents.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/a620dac02c5d/launch-01674e2d033f.min.js https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000332.js https://cdn.mouseflow.com/projects/f51c3538-9092-4e2e-aae3-eff0161c955a.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.clarity.ms/tag/uet/135000332 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js  https://adservice.google.com.ph/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js https://assets.adobedtm.com/launch-EN2c0e28c6709c4e27a936ae1de1381bd2.min.js https://cdn.mouseflow.com/projects/4ac367e9-d555-45b8-8c1c-21159c893c86.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js https://tpc.googlesyndication.com/sodar/UFYwWwmt.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/8b34a42b9048/94b1f86a0642/EX982a457aa31f49e98223c06cfedf70f2-libraryCode_source.min.js https://assets.adobedtm.com/launch-EN4ac663097b4c4c6483086c5b1a46bf23.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032104.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *; script-src-elem 'unsafe-inline' *; style-src-elem 'unsafe-inline' *;frame-src 'unsafe-inline' *;worker-src 'unsafe-inline' blob: *;media-src 'unsafe-inline' blob: *; 3
child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3
frame-ancestors 'self' https://*.therapy.nethealth.com 3
frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 3
default-src 'self' https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://sharingbox.rhspecial.de https://*.google.com https://www.youtube-nocookie.com https://s7.addthis.com https://www.facebook.com/ https://vars.hotjar.com/ https://cdn.podigee.com/ https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de *.epccm19.com; connect-src 'self' https://trc.taboola.com https://*.ex.co https://*.issuu.com https://*.digitalstores.net https://www.facebook.com https://*.penguinrandomhouse.de https://*.penguin.de https://*.randomhouse.de  https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.google-analytics.com https://*.g.doubleclick.net https://*.playbuzz.com  https://*.addthis.com  https://*.hotjar.com:* https://vc.hotjar.io:* https://*.hotjar.io wss://*.hotjar.com https://ct.pinterest.com https://*.pinterest.de https://book-base.de https://*.tiktok.com https://*.taboola.com *.epccm19.com *.outbrain.com *.bing.com maps.googleapis.com api.friendlycaptcha.com; font-src 'self' fonts.gstatic.com https://use.typekit.net/ https://cdn.podlove.org/ https://script.hotjar.com https://*.podigee.com; frame-ancestors 'self' https://open.spotify.com http://rhdemobilepreview:28080/ http://rhdemobilepreview:28081/ https://internal-tools.penguinrandomhouse.de/; frame-src 'self' https://*.ex.co https://tpc.googlesyndication.com https://*.penguinrandomhouse.de/ https://*.randomhouse.de https://*.penguin.de https://audionow.de/ https://open.spotify.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://s7.addthis.com/ https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de  https://*.google.com  https://www.youtube-nocookie.com https://s7.addthis.com  https://cdn.podigee.com/  https://*.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.audionow.de https://book-base.de https://embed.plus.rtl.de *.epccm19.com; img-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; manifest-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; media-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de https://book-base.de; object-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de; report-to /ContentSecurityPolicyReporter; script-src 'self' 'wasm-unsafe-eval' https://bat.bing.com https://trc.taboola.com https://static.ex.co https://cdn.taboola.com/libtrc/unip/1423689/tfa.js https://tpc.googlesyndication.com https://snap.licdn.com https://*.outbrain.com/ https://s.pinimg.com *.penguinrandomhouse.de *.penguin.de 'unsafe-eval' 'unsafe-inline' https://e.issuu.com/embed.js https://*.googleapis.com *.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://randomhouse.scnem.com  https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de https://secure.quantserve.com https://rules.quantcount.com  https://*.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.gstatic.com https://connect.facebook.net  https://cdn.adrtx.net  https://vgrh.stage.digitalstores.net https://stage.digitalstores.net https://www.googleadservices.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://www.bic-media.com https://*.g.doubleclick.net https://www.facebook.com https://*.playbuzz.com https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://m.addthis.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com https://tagmanager.google.com https://s.ytimg.com https://*.podigee.com https://randomhouse.digitalstores.net/pbs.2.js https://cdn.podlove.org  https://*.hotjar.com https://www.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.tiktok.com *.epccm19.com api.friendlycaptcha.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://platform.twitter.com https://*.twimg.com  https://res-format-story.playbuzz.com https://optimize.google.com https://*.typekit.net https://cdn.podlove.org/ https://*.podigee.com *.epccm19.com; worker-src * blob: 3
frame-ancestors 'self' https://*.wynnlasvegas.com 3
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-f07442d3-bf42-4c16-a880-8b5c5f6ce916'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-f07442d3-bf42-4c16-a880-8b5c5f6ce916'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 3
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline';font-src 'self'; connect-src 'self' https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443; block-all-mixed-content;upgrade-insecure-requests; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self' https://www.facebook.com https://nmdp.okta.com; 3
img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src  'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://*.vgrblogg.se/ https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/  https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 3
frame-ancestors 'self' https://sites-ms.lumapps.com https://dwp.geodis.com https://wishes.geodis.com 3
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.evgnet.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net; connect-src 'self' dpm.demdex.net https://wexinc2.us-5.evergage.com https://cdn.evergage.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;frame-ancestors 'self';; 3
frame-ancestors 'self'  http://nocowanie.pl http://*.nocowanie.pl https://nocowanie.pl https://*.nocowanie.pl http://nocowanie.eu http://*.nocowanie.eu https://nocowanie.eu https://*.nocowanie.eu http://de.nocowanie.pl http://*.de.nocowanie.pl https://de.nocowanie.pl https://*.de.nocowanie.pl http://nocowanie.cz http://*.nocowanie.cz https://nocowanie.cz https://*.nocowanie.cz http://nocowanie.sk http://*.nocowanie.sk https://nocowanie.sk https://*.nocowanie.sk http://nocowanie.it http://*.nocowanie.it https://nocowanie.it https://*.nocowanie.it http://nocowanie.com.hr http://*.nocowanie.com.hr https://nocowanie.com.hr https://*.nocowanie.com.hr; 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 3
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3
default-src 'self' https:; style-src 'self' 'unsafe-inline' vytag.humany.net entur.humany.net wds.ace.teliacompany.com tagmanager.google.com fonts.googleapis.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' dd.cloud.vy.no js.api.here.com ct.captcha-delivery.com az416426.vo.msecnd.net wds.ace.teliacompany.com connect.facebook.net *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.hotjar.com bat.bing.com cdn.moengage.com *.openstreetmap.org; connect-src blob: 'self' *.cloud.vy.no *.cloud.vy.se *.adyen.com *.hereapi.com js.api.here.com *.ace.teliacompany.net dc.services.visualstudio.com/v2/track stats.g.doubleclick.net www.facebook.com/tr/ vytag.humany.net entur.humany.net *.hotjar.com *.hotjar.io bat.bing.com www.google.com google.com adservice.google.com api.bring.com cloudflare-dns.com sdk-02.moengage.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com eyx1eny7.apicdn.sanity.io; img-src data: images.vy.no ts.tradetracker.net *.openstreetmap.org js.api.here.com 'self' *.adyen.com cdn.sanity.io view-components.cloud.nsb.no moe-email-campaigns.s3.amazonaws.com image.moengage.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.no googleads.g.doubleclick.net www.google.com bat.bing.com www.facebook.com/tr/ ad.doubleclick.net; font-src 'self' *.vy.no js.api.here.com vytag.humany.net entur.humany.net ace-knowledge-cdn.teliacompany.net fonts.gstatic.com *.hotjar.com; frame-src 'self' *.id.vy.no id.vy.no *.adyen.com geo.captcha-delivery.com wds.ace.teliacompany.com *.hotjar.com *.doubleclick.net www.facebook.com cdn.moengage.com; frame-ancestors 'self' registration.vulog.center; report-uri /web-services/web-logger 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 'unsafe-inline' 'unsafe-eval' *.vimeo.com 'unsafe-inline' 'unsafe-eval' *.boards-api.greenhouse.io *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://cdn.bizible.com https://cdn-cookieyes.com/ cdn.hu-manity.co/ https://tags.clickagy.com/ cdn.jsdelivr.net pages.e2open.com pages.e2open.com/js/forms2/css/forms2.css blob: *.ep-mimecast.ads-twitter.com *.doubleclick.net *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.marketo.com *.nr-data.net https://analytics.twitter.com https://bat.bing.com https://bam.nr-data.net https://cdn.abrankings.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://j.6sc.co https://js.adsrvr.org https://js.facebook.com https://js-agent.newrelic.com https://munchkin.marketo.net https://okt.to https://platform.linkedin.com https://platform.twitter.com https://play.vidyard.com https://player.vimeo.com https://r.bing.com https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://static.oktopost.com https://tagmanager.google.com https://t.co https://visitor.reactful.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vimeo.com https://ws.zoominfo.com https://app-sj31.marketo.com/index.php/form/getForm https://bam.nr-data.net/1/NRJS-861f3eedf716c4eaf11 https://bat.bing.com/bat.js https://cdn.abrankings.com/js/client.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/722106568/ https://j.6sc.co/6si.min.js https://js-agent.newrelic.com/nr-1216.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.e2open.com/js/forms2/js/forms2.min.js https://platform.twitter.com/js/moment~timeline.d73eae5387f08ab9f8b71dcf9d12d391.js https://play.vidyard.com/embed/v4.js https://player.vimeo.com/api/player.js https://script.crazyegg.com/pages/scripts/0104/0422.js https://script.hotjar.com/modules.86ab03b5bc9b930d4f53.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2184122.js https://static.oktopost.com/oktrk.js https://visitor.reactful.com/dist/main.rtfl.js https://ws.zoominfo.com/pixel/61eeeb0bcd134a001e3eda0d https://www.clarity.ms/tag/uet/17464652 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js *.vimeo.com *.vimeocdn.com *.newrelic.com www.googletagservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: 'unsafe-inline' 'report-sample' 'unsafe-inline' https://pages.e2open.com cdn.jsdelivr.net *.marketo.net *.marketo.com *.licdn.com *.google.com *.bing.com fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.vimeocdn.com maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: 'unsafe-inline' data: https://ad.doubleclick.net https://dev-e2open-2018.pantheonsite.io https://cdn.bizible.com https://pages.e2open.com https://cdn-cookieyes.com https://abs.twimg.com https://p.adsymptotic.com https://id.rlcdn.com https://px.ads.linkedin.com px.ads.linkedin.com https://aorta.clickagy.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://secure.gravatar.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com *.vidyard.com *.twimg.com *.twitter.com *.clarity.ms *.linkedin.com *.t.co *.bing.com t.co facebook.com zoominfo.com *.google.com *.6sc.co privacy-policy.truste.com px.ads.linkedin.com www.google.com.au *.google.co https://px.ads.linkedin.com/collect s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://809-eog-429.mktoresp.com https://directory.cookieyes.com https://log.cookieyes.com/ https://cdn.bizibly.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://epsilon-globalaccelerator.6sense.com  https://designer-api.hu-manity.co/ https://hemsync.clickagy.com https://aorta.clickagy.com/ cdn.linkedin.oribi.io https://ad.doubleclick.net https://api.redirect.li/v1/ https://bam.nr-data.net https://bat.bing.com https://cdn.abrankings.com https://d.clarity.ms https://epsilon.6sense.com https://in.hotjar.com https://ipv6.6sc.co https://script.crazyegg.com https://sheets.googleapis.com https://stats.g.doubleclick.net https://tracking.reactful.com https://visitor.reactful.com https://ws.zoominfo.com https://ws31.hotjar.com https://www.google-analytics.com wss://ws31.hotjar.com *.6sc.co *.facebook.com *.hotjar.com *.clarity.ms secure.adnxs.com *.google-analytics.com vc.hotjar.io assets-tracking.crazyegg.com pages.e2open.com tracking.crazyegg.com pagestates-tracking.crazyegg.com 809-eog-429.mktoutil.com ws32.hotjar.com f.clarity.ms wss://ws30.hotjar.com wss://ws41.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com boards-api.greenhouse.io https://809-eog-429.mktoresp.com https://hemsync.clickagy.com https://aorta.clickagy.com/ *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: https://fonts.gstatic.com data: fonts.gstatic.com fonts.googleapis.com connecteurope.e2open.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' *.googlesyndication.com *.boards-api.greenhouse.io; media-src 'self' ; frame-src 'self' 'unsafe-inline' play.vidyard.com td.doubleclick.net pages.e2open.com https://11817530.fls.doubleclick.net https://match.adsrvr.org https://app-sj31.marketo.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com *.vimeocdn.com www.youtube.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob: www.google.com; base-uri 'self' ; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net pages.e2open.com; frame-ancestors 'self' t.co twitter.com https://*.paperflite.com; upgrade-insecure-requests; report-uri https://62cf790d4226858c368f8a9c.endpoint.csper.io?v=3;; 3
default-src 'self' p11.techlab-cdn.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' * blob: p11.techlab-cdn.com; script-src-elem 'unsafe-inline' 'self' * p11.techlab-cdn.com; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' * data: ; frame-src 'self' *; connect-src 'self' * p11.techlab-cdn.com; img-src 'self' * data:; 3
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/; 3
default-src * http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: portalcloud.oni.pt; frame-ancestors 'self' *.gigas.com portalcloud.oni.pt;img-src data: 'self' 'unsafe-inline' 'unsafe-eval' http: https:; 3
frame-ancestors deny 3
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 3
frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ https://www.jobs.ch/ 3
frame-ancestors admin.shopify.com *.myshopify.com online-store-web.shopifyapps.com; 3
frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mktdplp102cdn.azureedge.net/ https://*.dynamics.com https://tietoevry-ext.boost.ai/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://s.usea01.idio.episerver.net/ https://cdnjs.cloudflare.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/ https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://tietoevry.piwik.pro/ https://ajax.googleapis.com/ https://angular-ui.github.io/ https://netdna.bootstrapcdn.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://www.gstatic.com https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://player.vimeo.com; object-src 'none' 3
frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com 3
frame-ancestors 'self' mijn.hosting.nl 3
default-src 'self' http: https: blob: ws:  https://cdn.proactiveinvestors.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdn.proactiveinvestors.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'   http: https: data: https://cdn.proactiveinvestors.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: https://cdn.proactiveinvestors.com blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://cdn.proactiveinvestors.com https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 3
frame-ancestors 'self' https://copeland.pathfactory.com 3
default-src 'self' https://*.tellja.eu https://siteintercept.qualtrics.com https://*.clarity.ms https://bat.bing.com https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; connect-src 'self' https://www.sjwoe.com https://www.emjcd.com https://*.analytics.google.com wss://lo.msg.liveperson.net/ https://*.googlesyndication.com https://www.google-analytics.com https://*.tellja.eu https://*.bing.com https://*.doubleclick.net https://*.metrics.convertexperiments.com https://*.convertexperiments.com https://*.optimizetoolkit.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://pix.hyj.mobi https://d.hyj.mobi https://*.tellja.eu https://*.googletagmanager.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://gist.github.com https://my.tealiumiq.com http://tags.tiqcdn.com https://*.clarity.ms https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://tags.tiqcdn.com https://*.cloudstorage.secureserver.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://fonts.gstatic.com https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.bidswitch.net https://*.casalemedia.com https://*.tellja.eu https://*.tellja.de https://*.tellja.eu https://my.tealiumiq.com https://collect.tealiumiq.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://siteintercept.qualtrics.com https://*.google.co.uk https://analytics.twitter.com https://paintbrush.heg-cp.com https://*.clarity.ms https://*.bing.com https://irp.cdn-website.com https://*.atdmt.com https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.liveperson.net/ https://*.tellja.eu https://*.df.eu https://*.dftest.eu https://*.qualtrics.com/ https://*.doubleclick.net https://www.youtube-nocookie.com https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com  https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 3
frame-src 'self' *.bilimal.kz *.pscloud.io *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz *.2gis.com portal.kundelik.kz; frame-ancestors http: https: ionic: ; script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *.bilimal.kz *.pscloud.io *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz portal.kundelik.kz; default-src * data: 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors *.multiplan.us; object-src 'none'; img-src 'self' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com docasap.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http: 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3
default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.google.com *.gstatic.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mgm.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mgm.mo 'self'; img-src *.mgm.mo *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.facebook.com data: blob: 'self';media-src 'self' *.mgm.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' *.youtube.com *.ytimg.com *.recaptcha.net *.facebook.com *.google.com; connect-src 'self' *.mgm.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; 3
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3
frame-ancestors 'self' https://*.xealth.io; 3
object-src 'none'; base-uri 'none'; 3
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 3
frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 3
script-src 'self' 'unsafe-inline' munchkin.marketo.net *.facebook.net *.googletagmanager.com *.mxpnl.com *.chtbl.com *.barracudamsp.com *.cookielaw.org *.marketo.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.demandbase.com *.vidyard.com *.adroll.com *.licdn.com *.redditstatic.com *.liveperson.net *.lpsnmedia.net assets.adobedtm.com *.driftt.com *.searchcdn.com unpkg.com *.youtube.com *.highcharts.com 3
upgrade-insecure-requests;, upgrade-insecure-requests 3
font-src *; 3
default-src 'self' blob: https://10web.io *.10web.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' *.googleoptimize.com *.tiktok.com https://*.smooch.io https://*.zendesk.com https://widget.trustpilot.com/ *.hotjar.com https://api.smooch.io/ https://cdn.jsdelivr.net/* *.luckyorange.com https://api.smooch.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com  *.hubspot.com *.hubspot.net *.hs-scripts.com  *.hs-analytics.net jsfiddle.net *.jsfiddle.net *.bing.com *.datatables.net *.gstatic.com instagram.com *.instagram.com instagr.am https://10web.io *.10web.io *.twitter.com twitter.com *.google.com google.com *.firstpromoter.com firstpromoter.com *.facebook.net *.facebook.com facebook.com *.fbcdn.net reddit.com *.reddit.com redditstatic.com *.redditstatic.com quora.com *.quora.com *.cloudflare.com cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net *.googleapis.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com *.google-analytics.com google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://googletagmanager.com https://www.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com producthunt.com *.producthunt.com *.fontawesome.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js data:; style-src 'self' 'unsafe-inline' 'report-sample' https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com https://hello.myfonts.net/count/36f1f3 https://tools.luckyorange.com *.datatables.net https://d10lpsik1i8c69.cloudfront.net *.googleapis.com *.googleusercontent.com googleusercontent.com google.com *.google.com *.googletagmanager.com googletagmanager.com *.sentry-cdn.com *.fontawesome.com data: blob: https://10web.io *.10web.io; img-src * 'self' data: blob:; font-src 'self' data:  https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com *.gstatic.com *.googleusercontent.com googleusercontent.com storage.googleapis.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ hello.myfonts.net *.fontawesome.com; connect-src * 'self'; media-src 'self' https://10web.io *.10web.io *.s3.us-west-2.amazonaws.com *.amazonaws.com https://s3-us-west-2.amazonaws.com/10web-tts/audios/* *.s3.amazonaws.com *.imgur.com imgur.com https://d10lpsik1i8c69.cloudfront.net wss://*.smooch.io https://*.smooch.io https://*.zendesk.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.google.com google.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com *.firstpromoter.com firstpromoter.com; frame-src 'self'   jsfiddle.net https://demo.arcade.software https://widget.trustpilot.com https://forms.hsforms.com/ https://app.hubspot.com *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com jsfiddle.net https://app.hubspot.com  *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com; base-uri 'self' https://10web.io *.10web.io; manifest-src 'self' https://10web.io *.10web.io; report-uri https://o397950.ingest.sentry.io/api/5263028/security/?sentry_key=8444a18b08184aef960a8eded99e7e7a; 3
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl 3
default-src 'self' *.capitaland.com *.capitastar.com the-ascott.com *.the-ascott.com *.adobedtm.com *.instagram.com *.facebook.com *.twitter.com *.linkedin.com youtube.com *.youtube.com *.trustarc.com googletagmanager.com *.googletagmanager.com *.googleadservices.com *.nr-data.net *.newrelic.com *.addthis.com *.googleapis.com *.addthisedge.com *.moatads.com *.adobedtm.com *.stackla.com *.google.com *.google.com.vn *.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com *.baidu.com *.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com *.google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.licdn.com *.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com *.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg www.discoverasr.com *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net *.force.com *.salesforce.com *.salesforceliveagent.com kuula.co *.outbrain.com unpkg.com ir.capitalandinvest.com *.ttwstatic.com *.datawrkz.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://capitaland-studio.vercel.app https://trk.ultraind.in capitaland.my.site.com *.spaceconnect.co cdn.linkedin.oribi.io addtoany.com *.addtoany.com *.outbrain.com gv.com.sg *.gv.com.sg snow-shaw-cdn.azureedge.net *.snow-shaw-cdn.azureedge.net data: 'unsafe-eval' 'unsafe-inline' blob:; 3
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: blob: cdn.ckeditor.com via.placeholder.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com widget.trustpilot.com cdn.dynamicyield.com pagead2.googlesyndication.com *.scarabresearch.com www.paypalobjects.com js.braintreegateway.com cdn.cookielaw.org; style-src 'self' https: 'unsafe-inline' cdn.ckeditor.com fonts.googleapis.com data:; connect-src 'self' https: data: blob: api.sofort.com 3
manifest-src 'self' *.mywebinar.net;default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.net *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net client.crisp.chat storage.crisp.chat chimpstatic.com yoast.com my.yoast.com p.clarity.ms www.googletagmanager.com *.google-analytics.com;frame-src 'self' *.myownconference.com *.mywebinar.com *.youtube.com yoa.st tpc.googlesyndication.com bid.g.doubleclick.net app.essential-addons.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat yoast.com chimpstatic.com www.clarity.ms www.google.com apis.google.com maps.googleapis.com www.gstatic.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com googleads.g.doubleclick.net cdnjs.cloudflare.com plausible.io cdn.matomo.cloud;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io client.crisp.chat www.google.com www.googletagmanager.com fonts.googleapis.com;font-src 'self' data: *.mywebinar.net *.mywebinar.io client.crisp.chat fonts.gstatic.com *.akamaihd.net *.sharepointonline.com;object-src 'self' *.mywebinar.net *.mywebinar.io;frame-ancestors 'self';upgrade-insecure-requests 3
default-src 'unsafe-inline' 3
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 3
default-src https:; style-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'none'; base-uri 'self'; form-action * 3
default-src 'self' https://*.tataplay.com blob:; connect-src 'self' https://www.clarity.ms/ https://*.clarity.ms/ https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://helpchat.tataplay.com/ ; img-src 'self' https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com https://www.googletagmanager.com https://uat.tstatic.videoready.tv/ https://tstatic.videoready.tv/ data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' bytedance: https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://helpchat.tataplay.com/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ data: blob:; object-src 'self' https://docs.google.com/ data: blob:; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 3
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com wss://*.screenmeet.com https://*.screenmeet.com 3
frame-ancestors 'self'; form-action 'self'; 3
frame-ancestors 'self' https://m.v12finance.com/; 3
frame-ancestors * ; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com https://s.pointerpro.com https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com https://cdn-app.pathfactory.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com https://tag-logger.demandbase.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://*.gartner.com https://tag-logger.demandbase.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com https://s.pointerpro.com https://s.company-target.com https://apptio.jifflenow.com; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com https://media.trustradius.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; 3
base-uri 'self'; frame-ancestors *;frame-src *;child-src 'self';block-all-mixed-content;object-src 'none'; prefetch-src 'self';worker-src 'self'; default-src https: data: ws:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 3
default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 3
object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.vacaturesonline.nl; default-src blob: https://cdn.livechatinc.com https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://accounts.google.com https://maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://www.dropbox.com https://apis.google.com https://api.smooch.io; connect-src 'self' http://maps.googleapis.com https://www.google.nl https://api.livechatinc.com https://*.analytics.google.com https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com https://*.vacaturesonline.nl; frame-src 'self' https://secure.livechatinc.com https://*.google.com/ https://www.youtube.com https://vars.hotjar.com https://www.werkzoeken.nl https://www.ictergezocht.nl https://www.technicus.nl; font-src 'self' data: https://cdn.livechatinc.com https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com; img-src 'self' blob: data: https://cdn.livechat-files.com https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 3
frame-ancestors 'self' https://www.spikenow.com/ https://spikenow.com/ 3
default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 3
block-all-mixed-content; default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://sc.lfeeder.com https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tr-rc.lfeeder.com https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; font-src 'self' data: fonts.googleapis.com use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com; connect-src 'self' *.ingest.sentry.io *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-src *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/; worker-src 'self' blob:; media-src 'self' https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be; 3
frame-ancestors https://xxl.sanity.studio 3
default-src 'self' *.d41.co cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io *.demandbase.com api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co; img-src 'self' t.co c.bing.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com; frame-src 'self' i.ytimg.com www.youtube.com *.company-target.com view.ceros.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.youtube.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.google-analytics.com www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src 'self' tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com  use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com static.ads-twitter.com view.ceros.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; 3
default-src http: https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 3
script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cookielaw.org d10lpsik1i8c69.cloudfront.net secure.quantserve.com api.amnhealthcare.io bat.bing.com app.leadsrx.com *.americanmobile.com rules.quantcount.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com www.gstatic.com twin-iq.kickfire.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com ssl.luckyorange.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com  'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 3
default-src 'unsafe-inline' * 'unsafe-eval' data: https: blob:; img-src 'unsafe-inline' data: mediastream: blob: * android-webview-video-poster:; font-src 'unsafe-inline' * 'unsafe-eval' data:; form-action https:; report-uri https://sagvhts6ostb5kz5guxaxuzi.httpschecker.net/report 3
nosniff 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com:443 https://cdnjs.cloudflare.com:443; font-src 'self' https://fonts.gstatic.com:443 https://cdnjs.cloudflare.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://cdnjs.cloudflare.com:443; connect-src 'self' https://dpm.demdex.net:443; frame-src 'self' https://newsquestdigital.demdex.net:443; img-src 'self' https://dpm.demdex.net:443 https://prime-magazine.co.uk:443/assets/images/PrimeLogoOnWhite.jpg https://www.living-magazines.co.uk:443/assets/images/logo.png https://newsquestdigitalmedia.d2.sc.omtrdc.net:443 https://*:443/resources/images/sitelogo 3
frame-ancestors 'self' https://newapp.etracker.com; 3
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 3
frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://lsapp.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://testing.connectedinvestors.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://members-beta.dginstitute.com.au https://members.dginstitute.co/ https://members-beta.dginstitute.co/ https://honcho.com.au https://classic.honcho.com.au https://honcho.com.au:8080 https://classic.honcho.com.au:8080 http://app.loc.srv:18002 https://hon.dev-t-syd.honcho.be http://hon.dev-t-syd.honcho.be https://infinitedocs.com http://affiliateprototype.lawdepot.com https://members-beta.propertylovers.com.au https://members.propertylovers.com.au;https://www.lawpassport.com;https://lawpassport.com; 3
frame-ancestors 'self' *.thalesgroup.com; report-uri https://cpl.thalesgroup.com/report-uri/enforce 3
default-src 'self'; img-src 'self' data: *; media-src *; script-src 'self' *.threatbook.com *.threatbook.cn  https://fxgate.baidu.com https://fclog.baidu.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; connect-src *.threatbook.com *.threatbook.cn  https://fxgate.baidu.com https://fclog.baidu.com 'self'; font-src 'self' data:; 3
frame-ancestors 'self'; object-src 'none' 3
default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors *.zywave.com *.zywave.net:; img-src * data:; font-src * data:; media-src * blob:; report-uri zywave.com 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 3
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; object-src 'none'; frame-ancestors *.optimizely.com; report-uri /api/csp-report; report-to csp-report-endpoint; 3
object-src 'none'; base-uri 'none' 3
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 3
default-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.google.com *.googleapis.com *.wistia.com api.hubapi.com forms.hubspot.com wss://auntbertha.zendesk.com; script-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-eval' 'unsafe-inline' *.demdex.net *.google.com *.googleapis.com *.gstatic.com *.statuspage.io *.wistia.com api.rollbar.com assets.adobedtm.com cdn.rollbar.com cdnjs.cloudflare.com/ajax/libs/ connect.facebook.net facebook.com https://*.zopim.com https://*.zopim.io https://chat-api.spartez-software.com https://ekr.zdassets.com https://spartezchatfiles.b-cdn.net https://static.zdassets.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js-na1.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com js.usemessages.com static.cloudflareinsights.com track.hubspot.com www.atlassian.com/software/statuspage www.googleadservices.com www.google-analytics.com www.statuspage.com https://cdn.amplitude.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/; style-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com blob: data: file: filesystem: https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/; img-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hubspot.com *.wistia.com data: https://*.zopim.com https://*.zopim.io https://www.googletagmanager.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/ https://program-api-bqlyzw342a-uc.a.run.app/; font-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.gstatic.com data: https://*.zopim.com https://*.zopim.io https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/; frame-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.careunify.com *.google.com *.periscopedata.com *.statuspage.io *.stripe.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/; connect-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.googleapis.com *.hubapi.com *.hubspot.com *.rollbar.com *.wistia.com auntbertha.zendesk.com ekr.zdassets.com wss://*.zopim.com www.google-analytics.com https://api.ipify.org/ https://chat-api.spartez-software.com/ wss://chat-ws.spartez-software.com/ https://api2.amplitude.com/2/httpapi https://program-api-bqlyzw342a-uc.a.run.app/; object-src 'none'; media-src 'self' blob: data:; 3
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net geoid.investisdigital.com www.google-analytics.com *.doubleclick.net bam.nr-data.net cookiemanager.investisdigital.com www.googletagmanager.com www.iff.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com geoid.investisdigital.com cdn.rawgit.com www.recaptcha.net *.googletagmanager.com www.iff.com snap.licdn.com https://consent.trustarc.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com geoid.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com www.iff.com www.instagram.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com ir.iff.com  www.facebook.com https://consent-pref.trustarc.com video.miskinkalamar.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com https://consent.trustarc.com; connect-src house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.media.brightcove.com edge.api.brightcove.com 'self' 'unsafe-inline' bam.nr-data.net www.google-analytics.com iff-corp-rev.pid2-e1.investis.com stats.g.doubleclick.net cookiemanager.investisdigital.com www.iff.com geoid.investisdigital.com  cdn.linkedin.oribi.io https://www.facebook.com *.google-analytics.com 3
frame-ancestors 'self' https://pdftron.sanity.studio; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com s.ytimg.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com zz.connextra.com s.btstatic.com s.thebrighttag.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 3
frame-ancestors 'self' https://ccm.com https://www.ccm.com https://forms.crosscountrymortgage.com https://forms.test.crosscountrymortgage.com https://forms.dev.crosscountrymortgage.com https://application.crosscountrymortgage.com https://app.crosscountrymortgage.com https://app.vlgloan.com https://apps.crosscountrymortgage.com https://apps.test.crosscountrymortgage.com https://dev.thehomebuyerseminar.net https://thehomebuyerseminar.net 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 3
default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 3
frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 3
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 3
frame-ancestors 'self' https://careerkarma.com 3
default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; style-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http: 3
frame-ancestors 'self'; report-uri /csp-log.php 3
frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com js.stripe.com/v3 3
font-src https: data: blob:; frame-ancestors 'self' medialibrarycdn.blueyonder.com cdn.blueyonder.com by-media-library.azureedge.net blueyonder.com; img-src https: data: blob:; default-src https: data: blob: wss:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
frame-ancestors 'self' https://fx.gl https://*.fx.gl https://*.fxgam.es https://vk.com https://ok.ru https://vkplay.ru https://yandex.ru https://*.yandex.ru  https://yandex.com https://*.yandex.com https://ya.ru https://*.ya.ru https://galaxycontrol.app https://dragonlord.games 3
default-src 'self' 'unsafe-inline' *.website-files.com *.bam-x.com *.narrativ.com *.planethowl.com *.braze.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.hotjar.com *.klaviyo.com *.segment.com *.segment.io *.webflow.com webflow.com d3e54v103j8qbb.cloudfront.net js.appboycdn.com wss://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/jquery-nice-select/ *.googleapis.com *.hubspot.com *.hs-scripts.com *.google.pl unpkg.com weblocks.io *.jsdelivr.net *.hsforms.com *.hsforms.net *.hscollectedforms.net js.hs-analytics.net js.hs-banner.com i.vimeocdn.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ vimeo.com *.vimeo.com cdn.embedly.com vimeocdn.com *.vimeocdn.com *.gstatic.com; font-src 'self' data: *.webflow.com fonts.gstatic.com; object-src 'none'; style-src 'unsafe-inline' https:; base-uri 'self'; form-action 'self' webto.salesforce.com forms.hsforms.com; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' data: vimeo.com cdn.embedly.com *.vimeo.com vimeocdn.com *.vimeocdn.com www.google.com forms.hsforms.com *.website-files.com; img-src http: https: data:; 3
frame-ancestors http://workflow.tyson.com/ http://workflow-test.tyson.com/ https://tysononline.sharepoint.com https://www.tysonfoods.com https://www-test.tysonfoods.com; 3
frame-ancestors self *.contorion.net *.storyblok.com 3
default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.salzburg-ag.tech cdn.linkedin.oribi.io *.mouseflow.com *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track  *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at *.pinimg.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' reglist24.com *.reglist24.com  my.matterport.com *.svc.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 3
frame-ancestors 'none'; object-src 'none'; 3
frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.dev.gri.rate.com https://grate-cms.prate-dev.com https://grate-cms.prate-stage.com https://grate-cms.gr-stage.com grate-cms-stage.dev.gri.rate.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://*.originpoint.com https://www.atproperties.com https://atproperties.com https://www.myatproperties.com https://myatproperties.com https://www.staging.atproperties.com https://staging.atproperties.com https://www.staging-website.myatproperties.com https://staging-website.myatproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com https://*.yextpages.net http://*.yextpages.net https://rcm.rockco.com https://www.yourhomehub.com/ https://yourhomehub.com https://kbhshomeloans.com https://www.kbhshomeloans.com https://citywidehomeloans.com https://www.citywidehomeloans.com https://certaintyhomeloans.com https://www.certaintyhomeloans.com https://premiarelocationmortgage.com https://www.premiarelocationmortgage.com https://equitymortgagegroup.com https://www.equitymortgagegroup.com https://ansleyre.com https://www.ansleyre.com https://owning.com https://www.owning.com https://advhypo.morningstar.com https://advhypo-uat.morningstar.com https://awsstghypo.morningstar.com https://awse2webqa.morningstar.com https://dev.certaintyhomelending.com https://staging.certaintyhomelending.com https://certaintyhomelending.com https://searchdfwareahomes.com https://www.searchdfwareahomes.com https://www.ericatexada.com https://www.sellatexashome.com https://ericatexada-brawnsterling.sites.erarealestate.com https://www.brawnsterling.com https://www.discoverrealestate.org https://www.corcoran.com 3
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://forms.hubspot.com www.connectidfeed.com otp.tools.investis.com irs.tools.investis.com https://www.youtube.com/ https://youtu.be/ https://www.youtube.com/iframe_api *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services player.vimeo.com players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud unpkg.com tools.luckyorange.com *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net ; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net *.wpengine.com https://exceptions.hs-embed-reporting.com wec-assets.terminus.services match.adsrvr.org; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud settings.luckyorange.com wss://mqtt.luckyorange.com/mqtt public-auth-dot-lucky-orange.appspot-preview.com api-preview.luckyorange.com wss://realtime.luckyorange.com app.posthog.com cdn.linkedin.oribi.io analytics.google.com *.visitors.live *.live; report-uri /report-csp-violation 3
default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 3
frame-ancestors 'self' *.storyblok.com; 3
font-src 'self' prd-cdn.abrdn.com data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com *.qumucloud.com *.abrdn.com; frame-ancestors 'self' *.abrdn.com *.qumucloud.com https://www.asia-focus.co.uk https://www.asian-income.co.uk https://www.abrdnchina.co.uk https://www.abrdndiversified.co.uk https://www.abrdnequityincome.com https://www.eurologisticsincome.co.uk https://www.abrdnjapan.co.uk https://www.latamincome.co.uk https://www.newdawn-trust.co.uk https://www.abrdnnewindia.co.uk https://www.abrdnpeot.co.uk https://www.abrdnpit.co.uk https://www.abrdnsmallercompaniesincome.co.uk https://www.abrdnuksmallercompaniesgrowthtrust.co.uk https://www.asiadragontrust.co.uk https://www.ceibalimited.co.uk https://www.dunedinincomegrowth.co.uk https://www.murray-income.co.uk https://www.murray-intl.co.uk https://www.shiresincome.co.uk https://www.northamericanincome.co.uk https://www.ukcpreit.com https://www.invtrusts.co.uk https://dqm.crownpeak.com; upgrade-insecure-requests; 3
frame-ancestors  'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com ;  3
default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3 cdn.conversationalsdevelopment.nl/oxxio/client/v3/sounds/beep.mp3;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com static.hotjar.com script.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js d10lpsik1i8c69.cloudfront.net tools.luckyorange.com s.pinimg.com static.queue-it.net assets.queue-it.net eneco.queue-it.net www.reddit.com ads.reddit.com www.redditstatic.com tdn.r42tag.com api.salesfeed.com d3or5d0jdz94or.cloudfront.net static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com stm.eneco.nl stm.oxxio.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com settings.luckyorange.com settings.luckyorange.net *.visitors.live pubsub.googleapis.com api.luckyorange.com login.eneco.be ct.pinterest.com www.reddit.com insights.eneco.be d3or5d0jdz94or.cloudfront.net collect.kosi-analytics.io api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl www.googletagmanager.com ssl.gstatic.com www.gstatic.com script.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com t.svtrd.com analytics.twitter.com t.co w.usabilla.com d6tizftlrpuof.cloudfront.net;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com script.hotjar.com d6tizftlrpuof.cloudfront.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net www.google.com vars.hotjar.com ct.pinterest.com t.svtrd.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 3
frame-ancestors 'self' https://*.teemill.com teemill.com 3
frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com *.3ds.com 3
default-src: * 3
frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 3
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 3
default-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *//manifest.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ; img-src 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com; frame-src 'self' ir.connectidfeed.com *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app ; style-src 'self' 'unsafe-inline' 'unsafe-eval' staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com ; font-src 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net 'unsafe-eval' blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ;connect-src 'self' *.linkedin.com region1.google-analytics.com staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net;base-uri 'self'; form-action 'self' 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 3
default-src 'none'; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com https://nagra.matomo.cloud/; font-src 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/; img-src 'self' data: https://px.ads.linkedin.com https://img.youtube.com https://forms.hsforms.com https://forms-na1.hsforms.com; manifest-src 'self'; media-src 'self'; script-src 'self' https://snap.licdn.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://nagra.matomo.cloud cdnjs.cloudflare.com 'unsafe-inline' https://nagra.matomo.cloud/; style-src 'self' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 3
connect-src 'self' *.google-analytics.com *.doubleclick.net  *.consentmanager.net *.dynamics.com *.lanxess.com *.etracker.de maps.googleapis.com;default-src 'self' fonts.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bayferrox.com *.lanxess.com *.linkedin.com media.bayferrox.com;frame-ancestors 'self' https://*.etracker.com;frame-src 'self' *.lanxess.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.investis.com digitizer.app *.equitystory.com *.vara-services.com vara-services.com *.dynamics.com towercam.cologne *.linkedin.com pmr.lanxess.com pmr.lanxess.de www.aplf.com vidicast.de iframe.cvwarehouse.com;img-src 'self' data: *.google-analytics.com * *.linkedin.com *.google.com *.google.de  *.consentmanager.net *.vimeocdn.com *.lanxess.com;script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com * 'unsafe-eval' *.licdn.com *.consentmanager.net *.lanxess.com;style-src 'self' 'unsafe-inline' *.lanxess.com fonts.googleapis.com; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src data: 'self' https://*.kiavi.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://bat.bing.com https://d.adroll.com https://f.hubspotusercontent20.net https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com; upgrade-insecure-requests 3
frame-ancestors 'self' https://chayns.de 3
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com  twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:;                      frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871 tools.eurolandir.com tools.euroland.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;                       connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com  www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa;                       img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat       data:;                       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com  *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com  geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 3
default-src 'self'; frame-src *; connect-src *; font-src *; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *, style-src-elem 'unsafe-inline' * 3
frame-ancestors self www.voetbalshop.nl 3
default-src 'self' assets.retarus.com; style-src 'self' 'unsafe-inline' assets.retarus.com   www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets.retarus.com consentcdn.cookiebot.com region1.google-analytics.com *.leadlab.click px.ads.linkedin.com; font-src 'self' data: www.retarus.com assets.retarus.com; frame-src 'self' assets.retarus.com webexpress.retarus.com consentcdn.cookiebot.com www.gartner.com player.vimeo.com; img-src 'self' data: imgsct.cookiebot.com pci.usd.de *.retarus.com i.vimeocdn.com *.ads.linkedin.com www.googletagmanager.com *.gartner.com assets.retarus.com ; manifest-src 'self' assets.retarus.com ; media-src 'self' assets.retarus.com; frame-ancestors 'self' assets.retarus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.retarus.com snap.licdn.com *.leadlab.click play.vidyard.com www.gartner.com analytics-eu.clickdimensions.com code.createjs.com code.jquery.com *.cookiebot.com cdnjs.cloudflare.com www.googletagmanager.com ; 3
frame-ancestors 'self' https://borisfx.com/documentation/silhouette/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022.5/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2023/;, frame-ancestors 'self' https://borisfx.com/documentation/optics/; 3
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3
default-src 'self' cdn.invicti.com static.getclicky.com embed-ssl.wistia.com/deliveries/8e4be7011c8173f56f7717e7332cd52a7803b61e.bin; script-src 'self' 'unsafe-eval' 'unsafe-inline' go2.invicti.com cdn.invicti.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tcp.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net *.greenhouse.io *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.hotjar.com connect.facebook.net www.facebook.com bat.bing.com *.mutinycdn.com px.ads.linkedin.com www.linkedin.com snap.licdn.com sjs.bizographics.com js.driftt.com *.clearbitjs.com *.marketo.net *.mktoresp.com cdn.bizible.com *.calendly.com vidassets.terminus.services static.getclicky.com anchor.fm ct.capterra.com/capterra_tracker.js tag.demandbase.com *.newrelic.com js.zi-scripts.com/zi-tag.js schedule-staging.zoominfo.com/zischedule.js schedule.zoominfo.com/zischedule.js ws-assets-staging.zoominfo.com/formcomplete.js ws-assets.zoominfo.com/formcomplete.js; style-src 'self' 'unsafe-inline' www.invicti.com go2.invicti.com cdn.invicti.com *.googleapis.com *.vwo.com; frame-src go2.invicti.com cdn.invicti.com *.googletagmanager.com bid.g.doubleclick.net docs.google.com/presentation/ *.greenhouse.io app.vwo.com *.hotjar.com www.facebook.com *.youtube.com *.youtube-nocookie.com *.youtube.com player.vimeo.com *.driftt.com calendly.com anchor.fm *.soundcloud.com *.slideshare.net; frame-ancestors 'self' *.invicti.com *.acunetix.com app.mutinyhq.com; font-src 'self' data: cdn.invicti.com *.gstatic.com app.vwo.com *.hotjar.com; img-src 'self' data: www.invicti.com *.invicti.com cdn.invicti.com go2.invicti.com ssl.gstatic.com www.gstatic.com *.googleusercontent.com *.google.com *.google.co.uk *.google.de *.google.fr *.google.ar *.google.com.br *.google.com.tr *.google.nl *.google.cn *.google.ca *.google.it *.google.co.il *.googleapis.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.visualwebsiteoptimizer.com www.facebook.com *.bing.com bat.bing.com *.ytimg.com *.vimeocdn.com *.mutinyhq.io images.mutinycdn.com *.linkedin.com px.ads.linkedin.com cdn.bizible.com cdn.bizibly.com p.adsymptotic.com vidassets.terminus.services *.gravatar.com match.prod.bidr.io id.rlcdn.com e-2072.adzerk.net/e/2072/419463/e.gif; object-src 'self' cdn.invicti.com; media-src 'self' blob: cdn.invicti.com js.driftqa.com; connect-src 'self' cdn.invicti.com go2.invicti.com *.google.com *.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com/pagead/buyside_topics/set/ boards-api.greenhouse.io/v1/boards/invictisecurity/jobs *.visualwebsiteoptimizer.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.facebook.com *.vimeo.com vimeo.com *.mutinycdn.com api-v2.mutinyhq.io api.mutinyhq.io cdn.linkedin.oribi.io px.ads.linkedin.com/wa *.clearbit.com *.mktoresp.com *.mktoutil.com *.adnxs.com js-staging.zi-scripts.com/unified/v1/master/getSubscriptions js.zi-scripts.com/unified/v1/master/getSubscriptions ws.zoominfo.com; worker-src 'self' blob: dev.visualwebsiteoptimizer.com 3
img-src 'self' data: https://secure.gravatar.com  https://forms.hsforms.com  https://track.hubspot.com  https://px.ads.linkedin.com  https://www.google-analytics.com  https://www.google.be  https://c.clarity.ms  https://www.googletagmanager.com  https://www.google.nl  https://forms-na1.hsforms.com  https://itrp-blog.s3-accelerate.amazonaws.com  https://lh6.googleusercontent.com  https://lh5.googleusercontent.com  https://googleads.g.doubleclick.net  https://www.google.de  https://lh3.googleusercontent.com  https://www.google.ca  https://www.google.co.uk  https://www.google.at  https://i.vimeocdn.com  https://www.g2.com  https://pagead2.googlesyndication.com  https://www.google.com.ph  https://www.google.co.kr  https://www.google.fr  https://www.google.ro  https://www.google.com.tr  https://i.ytimg.com  https://www.google.rs  https://www.google.co.in  https://www.google.co.za  https://www.google.com.vn  https://www.google.fi  https://s.w.org  https://www.google.it  https://www.google.pt  https://www.google.es  https://adservice.google.com  https://stats.g.doubleclick.net  https://www.google.rw  https://translate.google.com  https://fonts.gstatic.com  https://www.google.ch  https://www.google.is  https://www.google.com.eg  https://www.google.pl  https://www.google.dk  https://www.google.ie  https://www.google.com.ng  https://www.google.com.au  https://www.google.hr  https://www.google.com.sa  https://www.google.com.tw  https://www.google.co.jp  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://www.gstatic.com  https://www.google.ru  https://safetyculture.com  https://www.shutterstock.com  https://www.nationalretail.org.au  https://www.google.lu  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.google.se  https://www.google.li  https://www.google.no  https://www.google.co.nz  https://www.google.co.id  https://region1.google-analytics.com  https://d3fvlpdr5b7667.cloudfront.net  https://lh4.googleusercontent.com  https://www.google.si  https://www.google.com.co  https://www.google.com.mx  https://www.google.com.sg  https://www.google.com.hk  https://www.google.co.th  https://www.google.am  https://www.google.co.ke  https://www.google.com.gh  https://www.google.com.br  https://c.bing.com  https://www.google.com.bd  https://secure.herb2warn.com  https://dc.ads.linkedin.com  https://www.google.ae  https://www.google.cz  https://www.google.ge  https://www.linkedin.com  https://www.google.com.ua  https://www.google.bg  https://www.google.com.qa  https://www.google.hu  https://really-simple-ssl.com  https://www.google.com.mm  https://www.google.ps  https://www.google.com.do  https://www.google.lk  https://imgsct.cookiebot.com  https://www.google.mu  https://www.google.im  https://www.google.com.my  https://www.google.com.np  https://www.google.by  https://www.google.tn  https://www.google.co.il  https://www.google.lt  https://www.google.gr  https://www.google.co.ug  https://ssl.google-analytics.com  https://www.google.ee  https://exceptions.hs-embed-reporting.com  https://www.google.me  https://www.google.com.ar  https://www.google.com.pk  https://b.6sc.co  ; default-src 'self'; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; connect-src 'self' https://forms.hscollectedforms.net  https://consentcdn.cookiebot.com  https://www.google-analytics.com  https://4me-status.instatus.com  https://px.ads.linkedin.com  https://region1.google-analytics.com  https://reallyfreegeoip.org  https://analytics.google.com  https://api.hubapi.com  https://v.clarity.ms  https://forms.hsforms.com  https://pagead2.googlesyndication.com  https://forms.hubspot.com  https://region1.analytics.google.com  https://u.clarity.ms  https://adservice.google.com  https://s.clarity.ms  https://stats.g.doubleclick.net  https://y.clarity.ms  https://p.clarity.ms  https://n.clarity.ms  https://t.clarity.ms  https://j.clarity.ms  https://o.clarity.ms  https://r.clarity.ms  https://x.clarity.ms  https://k.clarity.ms  https://www.google.at  https://f.clarity.ms  https://z.clarity.ms  https://www.g2.com  https://w.clarity.ms  https://www.google.de  https://www.google.nl  https://www.google.fr  https://q.clarity.ms  https://d.clarity.ms  https://i.clarity.ms  https://www.google.co.za  https://www.google.be  https://hubspot-forms-static-embed.s3.amazonaws.com  https://e.clarity.ms  https://www.google.dk  https://www.google.ie  https://www.google.com.tr  https://b.clarity.ms  https://www.google.com.eg  https://www.google.ca  data:  https://www.google.ch  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://ldynamicspublicapi.leadforensics.com  https://www.google.co.uk  https://www.google.pl  https://www.google.es  https://yoast.com  https://www.google.ru  https://h.clarity.ms  https://www.google.com.au  https://www.google.co.id  https://www.google.com.my  https://www.google.co.kr  https://www.google.co.in  https://www.google.com.hk  https://www.google.hr  https://l.clarity.ms  https://a.clarity.ms  https://www.google.lu  https://googleads.g.doubleclick.net  https://www.google.pt  https://www.google.com.ng  https://www.google.com.ua  https://www.clarity.ms  https://www.google.hu  https://www.google.com.br  https://www.google.se  https://www.google.com.do  https://www.google.lk  https://m.clarity.ms  https://www.google.it  https://www.google.li  https://www.google.ae  https://www.google.com.ph  https://g.clarity.ms  https://www.google.co.ke  https://www.google.com.sg  https://www.google.rs  https://www.google.co.th  https://www.google.co.jp  https://www.google.no  https://www.google.com.mx  https://securepubads.g.doubleclick.net  https://www.google.com.sa  https://www.google.fi  https://c.6sc.co  https://ipv6.6sc.co  https://www.google.bg;  media-src 'self' data:  https://upload.wikimedia.org;  font-src 'self' https://fonts.gstatic.com  data:  https://cdn.jsdelivr.net  https://static.hsappstatic.net  https://static.zohocdn.com;  frame-src 'self' https://4me-status.instatus.com  https://consentcdn.cookiebot.com  https://td.doubleclick.net  https://www.youtube.com  https://boards.greenhouse.io  https://player.vimeo.com  https://tpc.googlesyndication.com  https://forms.hsforms.com  blob:  https://www.googletagmanager.com  null  https://static.hsappstatic.net  https://js.hscollectedforms.net  https://js.stripe.com  https://block.opendns.com  http://td.doubleclick.net.x.144ddf7b0b3b2047fd0a87d06c30fb8b7f64.d0452397.id.opendns.com  https://gateway.zscalertwo.net;  worker-src 'self' blob:; 3
default-src 'self'; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline'; frame-src 'self' www.google.com 'unsafe-inline'; connect-src *.google-analytics.com 'self'; img-src 'self' cdn.redoc.ly data:; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; worker-src 'self' blob: 3
default-src 'self' https://*.hexa3d.io https://*.h3dstaging.com; img-src 'self' data: w3.org/svg/2000 images.ctfassets.net https://www.google-analytics.com https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://maps.googleapis.com https://maps.gstatic.com https://v2assets.zopim.io https://tr.snapchat.com https://www.facebook.com https://ct.pinterest.com https://www.pinterest.com https://network-stg.bazaarvoice.com https://d.adroll.com https://services.postcodeanywhere.co.uk http://services.postcodeanywhere.co.uk https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://*.pubmatic.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://idsync.rlcdn.com https://us-u.openx.net https://ib.adnxs.com https://cm.g.doubleclick.net https://10800822.fls.doubleclick.net https://sync.mathtag.com https://match.adsrvr.org https://rc.rlcdn.com https://edge.curalate.com https://bat.bing.com https://cdn.feedbackify.com https://tag.yieldoptimizer.com https://*.bazaarvoice.com https://production-web-michaelhill.demandware.net https://prod-sfcc-api.michaelhill.com https://www.michaelhill.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.zip.co https://zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://barilliance.com https://*.s3.amazonaws.com https://*.amazonaws.com https://amazonaws.com https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://cdn.optimizely.com https://*.contentsquare.net https://*.shophumm.com.au; style-src 'self' https://www.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js 'unsafe-inline' https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.carousel.css https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.theme.css https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://*.hexa3d.io https://*.h3dstaging.com https://*.shophumm.com.au; font-src 'self' data: localhost https://fonts.gstatic.com https://*.inside-graph.com; media-src 'self' https://player.vimeo.com/ https://static.zdassets.com https://*.akamaized.net https://*.hexa3d.io https://*.h3dstaging.com https://*.curalate.com https://services.postcodeanywhere.co.uk; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js https://maps.googleapis.com www.googleadservices.com https://*.hotjar.com https://sc-static.net https://unpkg.com https://*.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://static.zdassets.com https://connect.facebook.net https://googleads.g.doubleclick.net https://s.pinimg.com https://analytics.tiktok.com https://s.adroll.com https://cdn.rudderlabs.com http://edge.curalate.com https://d.adroll.com https://cdn.feedbackify.com https://www1.feedbackify.com https://ajax.googleapis.com https://s3.amazonaws.com https://bat.bing.com https://*.barilliance.com https://www.barilliance.net https://www.google.com https://www.googleanalytics.com https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://d3aq2u4yw77ivo.cloudfront.net https://*.hexa3d.io https://*.h3dstaging.com https://www.paypal.com https://tr.snapchat.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://t.contentsquare.net https://app.contentsquare.com https://cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au; connect-src 'self' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://www.googleapis.com https://maps.googleapis.com https://ekr.zdassets.com https://michaelhill.zendesk.com wss://widget-mediator.zopim.com https://ct.pinterest.com https://apps.bazaarvoice.com https://api.rudderlabs.com https://michaelhill-dataplane.rudderstack.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://in.hotjar.com https://edge.curalate.com https://tr.snapchat.com https://bat.bing.com https://api.pinpiaa.com https://d.adroll.com https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com wss://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.fls.doubleclick.net https://fls.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://www.barilliance.net https://brauz-api-netlify.netlify.app https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://*.paypal.com https://gcr-albatros-eu-prod-europe-west1-mtg-j7ib225lma-ew.a.run.app http://localhost:3000 http://localhost:8181 http://localhost:8181 https://logx.optimizely.com https://*.optimizely.com https://*.contentsquare.net https://*.flexiti.fi https://*.cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au; frame-ancestors 'self' https://*.hexa3d.io https://*.h3dstaging.com; object-src 'none'; frame-src https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net https://tr.snapchat.com https://vars.hotjar.com https://www.facebook.com https://www.pinterest.com https://www.pinterest.com.au https://ct.pinterest.com https://www.youtube.com https://widgets.shophumm.com.au https://*.zipmoney.com.au https://widgets.partpay.co.nz https://*.bazaarvoice.com https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://www.barilliance.net https://reserve-in-store-michael-hill-ca.netlify.app https://reserve-in-store-michael-hill-nz.netlify.app https://reserve-in-store-michael-hill-au.netlify.app https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://*.paypal.com https://www.recaptcha.net/ https://a24400620820.cdn.optimizely.com https://a24400620820.cdn-pci.optimizely.com https://a24400620820.cdn.optimizely.com https://a24634220027.cdn-pci.optimizely.com https://a24633620082.cdn.optimizely.com https://a24633620082.cdn-pci.optimizely.com https://www.google.com https://online-mi.flexiti.fi https://static.zip.co https://*.adsrvr.org 3
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://*.hana.ondemand.com; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline'       https://analytics.twitter.com      https://api.datatrics.com      https://assetscdn-wchat.freshchat.com      https://bat.bing.com      https://c.clarity.ms      https://cdn.mouseflow.com      https://chimpstatic.com      https://connect.facebook.net      https://cdn.mouseflow.com      https://ct.pinterest.com      https://data.kameleoon.io      https://dynamic.criteo.com      https://fledge.eu.criteo.com      https://fonts.googleapis.com      https://googleads.g.doubleclick.net      https://gum.criteo.com      https://maps.googleapis.com      https://maps.gstatic.com      https://measurement-api.criteo.com      https://p.clarity.ms      https://pagead2.googlesyndication.com      https://region1.analytics.google.com      https://region1.google-analytics.com      https://s.pinimg.com      https://sc-static.net      https://script.hotjar.com      https://snippets.freshchat.com      https://static.ads-twitter.com      https://static.hotjar.com      https://static.kameleoon.com      https://stats.g.doubleclick.net      https://sslwidget.criteo.com      https://t.co      https://td.doubleclick.net      https://tpc.googlesyndication.com      https://tr.datatrics.com      https://tr.snapchat.com      https://wchat.freshchat.com      https://www.clarity.ms      https://www.facebook.com      https://www.google.com      https://www.google.nl      https://www.google-analytics.com      https://www.googleadservices.com      https://www.googletagmanager.com      https://www.gstatic.com      https://www.mollie.com      https://www.youtube.com       https://api.smulderstextiel.nl       https://beheer.smulderstextiel.nl       https://static.smulderstextiel.nl       https://static.smulderstextiel.be       https://static.smulderstextiles.be       https://static.smulderstextiles.fr       https://www.smulderstextiel.nl       https://www.smulderstextiel.be       https://www.smulderstextiles.be        https://www.smulderstextiles.fr       https://www.smulderstextiles.com      https://ybcb728h6d.kameleoon.eu/kameleoon.js      https://8o0oimi6gl.kameleoon.eu/kameleoon.js      https://19ioe2nlda.kameleoon.eu/kameleoon.js      https://kzb464zpgv.kameleoon.eu/kameleoon.js;            frame-ancestors 'self'       https://app.kameleoon.com       https://kameleoon.com       https://www.kameleoon.com; 3
default-src 'self'   google.com/forms/ 	*.ak.facebook.com 	*.arrivabus.co.uk 	*.betrad.com 	*.bing.com 	*.facebook.com 	*.google.com 	*.spotify.com 	*.tiqcdn.com 	*.twitter.com 	*.youtube.com 	akamaiedge.net 	api.braintreegateway.com 	api.instagram.com 	apps.spotify.edgekey.net 	arriva.acquiadam.com 	arrivabus.zendesk.com 	cloudfront.net 	crowdfunding.justgiving.com/justgiving.com/ 	d2c87l0yth4zbw.cloudfront.net 	ekr.zdassets.com 	facebook.co.uk 	facebook.com 	fbcdn.netfbsbx.com 	googlesyndication.com 	googlevideo.com 	instagram.com 	locpub.com 	mixcoud.com 	origin-analytics.braintree-api.com 	pinimg.com 	pinterest.com 	play.spotify.edgekey.net 	polldaddy.com 	rtb.locpub.com 	scontent-sjc3-1.cdninstagram.com 	s-media-cache-ak0.pinimg.com 	soundcloud.com 	spapps.cosp 	s-passets-cache-ak0.pinimg.com 	star.c10r.facebook.com 	static.zdassets.com 	t.co 	twimg.com 	twimg0-a.akamaihd.net 	twitter.com 	vimeo.com 	vimeocdn.com 	vupload2.t.facebook.com 	wss://*.zendesk.com 	wss://*.zopim.com 	www.google-analytics.com 	www.googletagmanager.com 	www.paypal.com  google.com/pay 	pay.google.com/* 	www.slideshare.net 	www.youtube-nocookie.com 	youtube.com 	youtube.l.google.com 	ytimg.com 	ytimg.l.google.com 	'unsafe-eval' 	'unsafe-inline' 	; script-src 'self' 	*.audiencemanager.de 	*.cardinalcommerce.com 	*.dynatrace.com 	*.facebook.net 	*.quantcount.com 	*.quantserve.com 	*.surveymonkey.com 	*.teads.tv 	ajax.googleapis.com 	analytics.tiktok.com 	apis.google.com 	assets.zendesk.com 	audiencemanager.de 	az416426.vo.msecnd.net 	clarity.microsoft.com 	ads.tiktok.com 	tiktok.com 	code.jquery.com 	leadforensics.com 	maps.googleapis.com 	my.tealiumiq.com 	optimize.google.com 	pay.google.com 	pfw-prod-ukwest-safespaceonline.azurewebsites.net s.yimg.com 	secure.adnxs.com 	sp.analytics.yahoo.com 	static.zdassets.com 	surveymonkey.com 	tags.tiqcdn.com 	translate.google.com translate.googleapis.com 	visitor-service-eu-central-1.tealiumiq.com 	widget-mediator.zopim.com 	www.clarity.ms 	www.googleadservices.com 	www.google-analytics.com 	www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com 	www.microsoft.com 	www.paypal.com 	www.paypalobjects.com 	www.webinsights.com 	'unsafe-eval' 	'unsafe-inline' 	; script-src-elem 'self' 	*.audiencemanager.de 	*.cardinalcommerce.com 	*.dynatrace.com 	*.facebook.net 	*.quantcount.com 	*.quantserve.com 	*.surveymonkey.com 	*.teads.tv 	ajax.googleapis.com 	api.exponea.arriva.co.uk 	apis.google.com 	assets.zendesk.com 	audiencemanager.de 	az416426.vo.msecnd.net 	bat.bing.com 	c.clarity.ms 	clarity.microsoft.com 	code.jquery.com 	connect.facebook.net 	googleads.g.doubleclick.net 	googleoptimize.com 	leadforensics.com 	maps.googleapis.com 	my.tealiumiq.com 	optimize.google.com 	pay.google.com 	pfw-prod-ukwest-safespaceonline.azurewebsites.net 	s.yimg.com 	secure.adnxs.com 	secure.leadforensics.com 	sp.analytics.yahoo.com 	static.zdassets.com 	surveymonkey.com 	tags.tiqcdn.com 	translate.google.com 	translate.googleapis.com visitor-service-eu-central-1.tealiumiq.com 	widget-mediator.zopim.com 	www.clarity.ms 	www.facebook.com 	www.google.ca 	www.google.co.uk 	www.google.com 	www.google.com.br 	www.google.com.hk 	www.google.com.my 	www.google.com.om 	analytics.tiktok.com 	ads.tiktok.com 	tiktok.com 	www.google.com.ua 	www.google.cz 	www.google.it 	www.google.lt 	www.google.nl 	www.google.pl 	www.googleadservices.com 	www.googleanalytics.com 	www.google-analytics.com 	www.googleoptimize.com 	www.googletagmanager.com 	www.microsoft.com 	www.paypal.com 	www.paypalobjects.com 	www.webinsights.com 	'unsafe-inline' 	; connect-src 'self' 	*.arrivabus.co.uk 	*.cardinalcommerce.com 	*.dynatrace.com 	*.teads.tv 	*.zendesk.com 	analytics.google.com 	analytics.tiktok.com 	api.braintreegateway.com 	api.exponea.arriva.co.uk 	apps.parcelforce.com 	bat.bing.com 	client-analytics.braintreegateway.com 	ads.tiktok.com 	tiktok.com 	collect.tealiumiq.com 	connect.facebook.net 	ekr.zdassets.com 	googleads.g.doubleclick.net 	googleoptimize.com 	maps.googleapis.com 	my.tealiumiq.com 	origin-analytics.braintree-api.com 	payments.braintree-api.com 	region1.analytics.google.com 	region1.google-analytics.com 	s.yimg.com 	secure.leadforensics.com 	stats.g.doubleclick.net 	translate.googleapis.com ukwest-0.in.applicationinsights.azure.com 	widget-mediator.zopim.com 	wss://widget-mediator.zopim.com 	www.clarity.ms 	www.facebook.com  google.com/pay 	pay.google.com/* 	www.google.ca 	www.google.co.uk 	www.google.com 	www.google.com.br 	www.google.com.hk 	www.google.com.my 	www.google.com.om 	www.google.com.ua 	www.google.cz 	www.google.it 	www.google.lt 	www.google.nl 	www.google.pl 	www.google-analytics.com 	www.paypal.com 	'unsafe-inline' 	; img-src 'self' 	*.audiencemanager.de 	*.google.com 	*.quantcount.com 	*.quantserve.com 	*.surveymonkey.com 	*.teads.tv 	ajax.googleapis.com 	analytics.tiktok.com 	arrivabus.prod.acquia-sites.com 	audiencemanager.de 	bat.bing.com 	c.bing.com 	c.clarity.ms 	collect.tealiumiq.com 	connect.facebook.net 	content.api.arrivabus.co.uk 	googleads.g.doubleclick.net 	googleoptimize.com 	linkmaker.itunes.apple.com 	maps.googleapis.com 	maps.gstatic.com 	optimize.google.com 	pfw-prod-ukwest-safespaceonline.azurewebsites.net 	region1.analytics.google.com 	region1.google-analytics.com 	s.yimg.com 	secure.adnxs.com 	secure.leadforensics.com 	sp.analytics.yahoo.com rtb.locpub.com 	locpub.com 	t.paypal.com 	ads.tiktok.com 	tiktok.com 	translate.google.com 	translate.googleapis.com 	www.clarity.ms 	www.facebook.com 	www.google.ca 	www.google.co.in 	www.google.co.uk 	www.google.com 	www.google.com.br 	www.google.com.hk 	www.google.com.my 	www.google.com.om 	www.google.com.pk 	www.google.com.ua 	www.google.cz 	www.google.de 	www.google.ie 	www.google.it 	www.google.lt 	www.google.nl 	www.google.pl 	www.google-analytics.com 	www.googletagmanager.com  google.com/pay 	pay.google.com/* 	www.gstatic.com 	blob: 	data: 	'unsafe-inline' 	; media-src *.audiencemanager.de 	*.surveymonkey.com 	ajax.googleapis.com 	audiencemanager.de 	secure.adnxs.com 	static.zdassets.com 	surveymonkey.com 	; font-src 'self' 	*.fls.doubleclick.net 	*.google.com 	ajax.googleapis.com 	app-nc.global.ssl.fastly.net 	arrivabus.cloudflareaccess.com 	assets.braintreegateway.com 	assets.zendesk.com 	fonts.googleapis.com 	fonts.gstatic.com 	pfw-prod-ukwest-safespaceonline.azurewebsites.net 	secure.adnxs.com 	surveymonkey.com 	www.facebook.com 	; frame-src 'self'  accounts.google.com  * *.audiencemanager.de 	*.cardinalcommerce.com 	*.surveymonkey.com 	9458815.fls.doubleclick.net 	ajax.googleapis.com 	assets.braintreegateway.com 	bytedance: 	c.clarity.ms 	checkout.paypal.com 	connect.facebook.net 	googleoptimize.com 	optimize.google.com 	pay.google.com 	secure.adnxs.com 	secure.leadforensics.com 	sslocal: 	surveymonkey.com 	www.paypal.com 	www.youtube.com 	; style-src *.arrivabus.co.uk 	*.audiencemanager.de 	*.surveymonkey.com 	ajax.googleapis.com 	assets.braintreegateway.com audiencemanager.de 	fonts.googleapis.com 	optimize.google.com 	pfw-prod-ukwest-safespaceonline.azurewebsites.net 	secure.adnxs.com 	surveymonkey.com 	translate.googleapis.com vimeo.com 	www.paypal.com 	www.youtube.com 	'unsafe-inline' 	; worker-src 'self' 	c.clarity.ms 	googleoptimize.com 	secure.leadforensics.com 	www.google.ca 	www.google.co.uk 	www.google.com 	www.google.com.br 	www.google.com.hk 	www.google.com.my 	www.google.com.om 	www.google.com.ua 	www.google.cz 	www.google.it 	www.google.lt 	www.google.nl 	www.google.pl 	blob: 	; script-src-attr ajax.googleapis.com 	; 3
frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; child-src blob:; script-src 'unsafe-inline' https: 'self' *.youtube.com *.ometria.com *.googletagmanager.com *.google-analytics.com *.visualwebsiteoptimizer.com *.msecnd.net *.responsetap.com *.livechatinc.com *.facebook.net *.criteo.com *.adalyser.com *.klarnaservices.com *.google.com *.postcodeanywhere.co.uk *.tangiblee.com *.googlesyndication.com *.hotjar.com *.infinity-tracking.com *.bing.com *.googleoptimize.com *.contentsquare.net *.zdassets.com *.gstatic.com *.googleadservices.com *.contentsquare.net *.contentsquare.com ; img-src https: data: blob: 'self' *.youtube.com *.contentsquare.net *.googletagmanager.com *.google-analytics.com; connect-src https: 'self' *.contentsquare.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.infinity-tracking.net *.infinity-tracking.com; frame-src https: 'self' *.youtube.com 3
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3
frame-ancestors api.chamberlain.com:443 hybris.chamberlain.com:443 arqadm.chamberlain.com:443 adm.myq.com:443 adm.chamberlain.com:443 adm.liftmaster.com:443 arq.chamberlain.com:443 www.myq.com:443 www.chamberlain.com:443 www.liftmaster.com:443 3
upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 3
frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; 3
object-src 'none'; script-src 'self' https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://ads.scored.co 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' https://ww2.paytronix.com; script-src 'self' 'unsafe-inline' https://*.hs-scripts.com/ https://*.hsforms.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://*.zoominfo.com/ https://player.vimeo.com/ https://j.6sc.co https://optimize.google.com https://www.google.com https://ajax.googleapis.com/ https://script.hotjar.com/ https://cdnjs.cloudflare.com http://pi.pardot.com https://snap.licdn.com https://static.hotjar.com http://cdn.pardot.com http://static.ads-twitter.com https://www.google-analytics.com https://nodetracker.datawrkz.com https://fonts.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googleoptimize.com http://www.googleadservices.com https://www.googleadservices.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://dmp.datawrkz.com https://www.googletagmanager.com https://px.ads.linkedin.com https://ww2.paytronix.com http://ww2.paytronix.com; img-src 'self' https://*.hsforms.com/ https://*.hubspot.com/ https://i.vimeocdn.com/ https://*.6sc.co https://www.gstatic.com https://linkedin.com https://*.linkedin.com https://p.adsymptotic.com https://t.co https://analytics.twitter.com https://www.google.com https://fonts.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googleoptimize.com http://www.googleadservices.com https://www.googleadservices.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://dmp.datawrkz.com https://www.googletagmanager.com https://px.ads.linkedin.com https://ww2.paytronix.com http://ww2.paytronix.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://ww2.paytronix.com https://fonts.googleapis.com; child-src 'self' https://*.hsforms.com/ https://optimize.google.com https://www.facebook.com/ https://bid.g.doubleclick.net https://vars.hotjar.com/ https://player.vimeo.com/ https://registration.socio.events https://ww2.paytronix.com https://ajax.googleapis.com/;connect-src 'self' https://*.hsforms.com/ https://cdn.linkedin.oribi.io/ https://*.6sc.co https://secure.adnxs.com https://facebook.com https://*.facebook.com https://hotjar.io https://*.hotjar.io https://in.hotjar.com/ https://nodetracker.datawrkz.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://ww2.paytronix.com; 3
default-src 'self' *.greenlight.com *.gl-tech.io web.cdn.greenlight.com web.cdn.staging.greenlight.com web.cdn.dev.greenlight.com;media-src videos.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.greenlight.com *.gl-tech.io *.optimizely.com cdn.segment.com cdn.segment.com/v1/projects/* cdn.segment.com/analytics-next/bundles/* cdn.segment.com/next-integrations/integrations/* *.vimeo.com graph.facebook.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com pay.google.com *.growsumo.com connect.facebook.net maps.googleapis.com app.link sc-static.net s.yimg.com bam.nr-data.net js-agent.newrelic.com cdn.mxpnl.com sp.analytics.yahoo.com cdn.plaid.com *.fullstory.com js.adsrvr.org bat.bing.com *.criteo.com acdn.adnxs.com js.braintreegateway.com assets.braintreegateway.com paypalobjects.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com getrockerbox.com conoret.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com *.bc0a.com googleadservices.com outgrow.us outgrow.co dyv6f9ner1ir9.cloudfront.net *.byspotify.com;connect-src data: 'self' *.greenlight.com *.gl-tech.io *.greenlight.me *.auth.us-east-1.amazoncognito.com api.lever.co *.vimeo.com graph.facebook.com facebook.com *.mixpanel.com api.segment.io api.segment.io/v1/p cdn.segment.com *.nr-data.net *.optimizely.com dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.amazonaws.com microk8s.gl *.microk8s.gl *.braintreegateway.com *.braintreegateway.co *.braintree-api.com detx.test-app.link bnc.lt *.plaid.com grsm.io s.yimg.com *.logs.datadoghq.com *.browser-intake-datadoghq.com maps.googleapis.com *.fullstory.com *.analytics.google.com *.g.doubleclick.net d1lu3pmaz2ilpx.cloudfront.net *.cardinalcommerce.com adservice.google.com analytics.google.com google.com/ measurement-api.criteo.com/ *.paypal.com/ ad.doubleclick.net bat.bing.com *.hubspot.com *.hubapi.com *.bc0a.com googleadservices.com pay.google.com https://www.google.com/pay *.byspotify.com;img-src 'self' data: *.greenlight.com *.gl-tech.io greenlightcard.com images.ctfassets.net *.vimeocdn.com facebook.com *.facebook.com csi.gstatic.com google-analytics.com *.google-analytics.com maps.googleapis.com googletagmanager.com *.fullstory.com jadserve.postrelease.com exchange.mediavine.com *.bidr.io *.adnxs.com *.bing.com *.analytics.yahoo.com trends.revcontent.com *.ad.smaato.net tapestry.tapad.com criteo-partners.tremorhub.com ade.clmbtech.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com idsync.rlcdn.com x.bidswitch.net *.g.doubleclick.net partner.mediawallahscript.com r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com tg.socdm.com visitor.omnitagjs.com aa.agkn.com *.criteo.com data.adxcel-ec2.com nytrng.com tags.bluekai.com pt.ispot.tv tags.w55c.net dpm.demdex.net google.com assets.braintreegateway.com *.paypal.com gstatic.com matching.ivitrack.com i.liadm.com google.kz google.es google.com.pr google.co.uk google.ru google.co.jp adservice.google.com analytics.google.com i6.liadm.com csm.va.us.criteo.net csm.da.us.criteo.net sp.analytics.yahoo.com segment.prod.bidr.io e1.emxdgt.com *.hsforms.com *.hubspot.com greenlight-stage.s3-accelerate.amazonaws.com greenlightme.s3-accelerate.amazonaws.com ads.stickyadstv.com e.dlx.addthis.com cdn.filestackcontent.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg trkn.us;child-src blob: assets.braintreegateway.com *.paypal.com;frame-src *;frame-ancestors none;object-src 'self' data: images.ctfassets.net;style-src 'self' 'unsafe-inline' *.greenlight.com *.gl-tech.io *.greenlightcard.com greenlightcard.com greenlight.com cdnjs.cloudflare.com assets.braintreegateway.com dyv6f9ner1ir9.cloudfront.net fonts.googleapis.com;font-src 'self' data: *.greenlight.com *.gl-tech.io paypalobjects.com cdn.honey.io fonts.gstatic.com;worker-src blob:;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6740cfe27eae28719b3b2ce1f5bc35f2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production%2Cservice:greenlight-website-next; 3
frame-ancestors 'self' https://desipapa.com https://www.desipapa.com https://desipapa.vip https://www.desipapa.vip http://desi-fantasy.com http://www.desi-fantasy.com http://indiansexstories.desipapa.com http://www.suniasharma.com https://www.doodhwali.com https://www.doodhwali.xxx 3
default-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://*.recaptcha.net https://*.twitter.com *.bing.com https://*.fonts.net https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com https://*.recaptcha.net  https://*.twimg.com https://*.bing.com https://*.gstatic.com https://*.google.com https://*.everesttech.net https://*.dotomi.com https://*.iovation.com  https://*.bridgestonetire.com https://*.iesnare.com https://*.akamaihd.net https://*.bazaarvoice.com https://*.jquery.com  https://*.twitter.com https://*.ads-twitter.com https://*.virtualearth.net https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://pixel.everesttech.net https://*.pinimg.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://*.everestjs.net https://www.youtube.com https://*.firestonecompleteautocare.com https://*.tiresplus.com https://*.wheelworks.net https://*.hibdontire.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net; connect-src *; frame-src 'self' https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.doubleclick.net https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.bazaarvoice.com; img-src * data: blob:;  media-src 'self' https://*.iesnare.com; font-src 'self' https://*.bazaarvoice.com https://*.fonts.net data: 3
frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; report-to default; 3
default-src 'self' *.amazonaws.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;style-src 'self' 'unsafe-inline' *.teliacompany.com *.google.com *.humany.net *.googleapis.com *.gstatic.com *.amazonaws.com;connect-src 'self' *.google-analytics.com *.googletagmanager.com *.amazonaws.com *.humany.net *.google.com *.google.se *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi *.resurs.com *.integration.resurs.com *.doubleclick.net *.googleapis.com *.amplitude.com *.teliacompany.net *.resurs.loc *.ellos.resursbank.24hr.se wss://*.resurs.se wss://*.resurs.fi wss://*.resurs.dk wss://*.resurs.no *.hotjar.io widget.datablocks.se *.mfn.se;form-action 'self';frame-ancestors 'self';frame-src 'self' *.youtube.com player.vimeo.com *.google.com *.teliacompany.com resurs.onfluid.dk *.doubleclick.net *.office365.com *.googletagmanager.com;child-src 'self';font-src * data:;object-src 'none';manifest-src 'self' 'unsafe-inline' data:;upgrade-insecure-requests 3
frame-ancestors 'self' http://project44.lookbookhq.com https://project44.lookbookhq.com http://project44.pathfactory.com https://project44.pathfactory.com http://discover.project44.com https://discover.project44.com; 3
default-src 'self' 'unsafe-inline' *.mouseflow.com newsletter.abacus.ch fonts.googleapis.com; img-src 'self' www.linkedin.com *.googleapis.com www.googletagmanager.com/a px4.ads.linkedin.com www.google-analytics.com www.google.com www.google.ch maps.gstatic.com maps.google.com googleads.g.doubleclick.net px.ads.linkedin.com data:; connect-src 'self' o2.mouseflow.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com cdn.linkedin.oribi.io; font-src 'self' fonts.gstatic.com; script-src 'self' snap.licdn.com cdn.mouseflow.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com newsletter.abacus.ch maps.googleapis.com maps.google.com googleads.g.doubleclick.net stats.g.doubleclick.net ajax.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' td.doubleclick.net app.livestorm.co; 3
base-uri 'self'; connect-src 'self' www.gk-software.com dmndfrcstng.com; frame-src 'self' www.gk-software.com www.youtube.com www.youtube-nocookie.com forms.office.com; font-src 'self' fonts.gstatic.com data:; worker-src 'self' blob:; frame-ancestors 'self'; object-src 'self'; child-src 'self'; form-action 'self'; 3
default-src 'self' blob: *.persistent.com *.crazyegg.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tags.clickagy.com/  *.crazyegg.com  https://unpkg.com/ https://script.crazyegg.com/ https://www.gartner.com/ https://js.qualified.com/  https://cookie-cdn.cookiepro.com/  https://www.googleoptimize.com/  https://d.clarity.ms/ https://g.clarity.ms/ https://f.clarity.ms/  https://www.clarity.ms/ https://a.clarity.ms/  https://e.clarity.ms/ https://bat.bing.com/  https://ws.zoominfo.com/ https://view.ceros.com/  https://vidassets.terminus.services/  https://j.6sc.co/ https://cdn.mouseflow.com/  https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://match.prod.bidr.io/  https://d26x5ounzdjojj.cloudfront.net/ https://plugins.eventable.com/ https://www.recaptcha.net/  https://add.eventable.com  https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net  https://tagmanager.google.com https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.persistent.com  https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://hello.myfonts.net/ *.crazyegg.com https://cdn.jsdelivr.net https://www.gartner.com/ https://cdnjs.cloudflare.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com  https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com https://www.persistent.com  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://cdnjs.cloudflare.com  https://script.hotjar.com https://www.gartner.com/ https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://13529497.fls.doubleclick.net/ https://www.ceros.com/ *.crazyegg.com  https://td.doubleclick.net/ https://www.gartner.com/ https://app.qualified.com/  https://view.ceros.com/  https://www.recaptcha.net/  https://accounts.google.com/ http://cal.events https://outlook.live.com/ https://login.yahoo.com/ https://calendar.yahoo.com/  https://calendar.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://add.eventable.com/ https://vars.hotjar.com/ http://go.persistent.com/  https://bid.g.doubleclick.net/ http://get.adobe.com/  https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://ad.doubleclick.net/ https://cookie-cdn.cookiepro.com/ *.crazyegg.com https://aorta.clickagy.com/ https://reviews.static.gartner.com/ https://wec-assets.terminus.services/  https://wec-assets-api.terminus.services/ https://c.clarity.ms/ https://bat.bing.com/ https://wec-assets-api.terminus.services/ https://wec-assets-api.terminus.services/  https://match.adsrvr.org/ https://vidassets.terminus.services/  https://b.6sc.co/ https://www.google.com.np/  https://www.googletagmanager.com/  https://plugins.eventable.com/ https://add.eventable.com/  https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in  https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net  http://www.persistent.com https://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://o.clarity.ms/collect https://cookie-cdn.cookiepro.com/ https://api.ipregistry.co/ https://p.clarity.ms/ https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://ipv6.6sc.co/ https://r.clarity.ms/ https://ws.zoominfo.com/ wss://ws.qualified.com/ *.crazyegg.com https://app.qualified.com/ https://geolocation.onetrust.com/  https://b.clarity.ms/ https://www.clarity.ms/ https://e.clarity.ms/ https://epsilon.6sense.com/v3/company/details https://o2.mouseflow.com/ https://secure.adnxs.com/ https://c.6sc.co/ https://stats.g.doubleclick.net/ http://go.persistent.com/  https://www.google-analytics.com  https://go.persistent.com https://com-thebigwillow-prod1.collector.snplow.net/ https://www.googleapis.com/  https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/  https://in.hotjar.com/ wss://ws6.hotjar.com  https://www.facebook.com/  https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://persistentcontenthub.enablix.com/ https://accounts.google.com/  https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 3
frame-ancestors 'self' https://buttercms.com; 3
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pl https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.pl https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.pl  https://smetrics.vwfs.pl https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pl https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pl https://smetrics.vwfs.pl https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://smetrics.vwfs.tools;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://nbw.vwfs.pl;            media-src https://www.youtube-nocookie.com 'self' ; 3
frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com 3
frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 3
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com; block-all-mixed-content; upgrade-insecure-requests; 3
frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 3
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 3
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com *.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com datawrapper.dwcdn.net; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com static.dwcdn.net datawrapper.dwcdn.net; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com unstats.un.org forms.office.com player.youku.com *.qq.com data.uninfo.org *.tableau.com; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com  static.dwcdn.net; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com analytics.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com datawrapper.dwcdn.net; upgrade-insecure-requests 3
base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; report-uri https://www.linkedin.com/security/csp?f=m 3
base-uri 'self'; connect-src 'self' data: https://matomo.dekra.bawue.com https://*.clarity.ms https://*.g.doubleclick.net https://dekra-dev-search-api.e-spirit.cloud https://dekra-search-api.e-spirit.cloud https://*.google.at https://*.google.be https://*.google.cl https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.br https://*.google.com.tw https://*.google.com.ua https://*.google.co.cr https://*.google.cz https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.in https://*.google.it https://*.google.co.kr https://*.google.lu https://*.google.co.ma https://*.google.com.mx https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.se https://*.google.sk https://*.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://*.linkedin.com https://api.newsletter2go.com https://*.snapengage.com; default-src 'none'; manifest-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting; frame-src 'self' https://*.doubleclick.net https://vars.hotjar.com https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://media.dekra.com https://media-test.dekra.com https://*.g.doubleclick.net https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://connect.facebook.net https://*.google.at https://*.google.be https://*.google.cl https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.br https://*.google.com.tw https://*.google.com.ua https://*.google.co.cr https://*.google.cz https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.hr https://*.google.hu https://*.google.co.in https://*.google.it https://*.google.co.kr https://*.google.lu https://*.google.co.ma https://*.google.com.mx https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.se https://*.google.sk https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hotjar.com https://px.ads.linkedin.com https://*.snapengage.com https://i.ytimg.com; media-src https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com https://matomo.dekra.bawue.com https://www.clarity.ms https://googleads.g.doubleclick.net https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapengage.com https://webforms-live.dekra.com/static/webforms.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; upgrade-insecure-requests 3
frame-ancestors 'self' *.drugsredalert.nl *.drugs-test.nl *.medialift.nl *.drugsinfo.nl *.readymag.com readymag.com *.alcoholinfo.nl *.allesoverdrinken.nl *.ledd.nl *.trimbos.nl *.drugsenuitgaan.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl *.helderopschool.nl *.geweldinjeugdzorginfo.nl *.nationaledrugmonitor.nl *.trimbosportaal.nl *.ican-app.nl ican-app.nl; 3
font-src mm-static.mustcheck.com shopping.qantas.com sc-static.net ecomm-cdn.trurating.com static.zip.co *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action ct.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src start.zip.co block.opendns.com security-au.mimecast.com m.cmpgn.page gateway.zscloud.net gateway.zscalerthree.net gateway.zscalerone.net www.paypalobjects.com *.googlesyndication.com clickmeter.com rebrandly.com *.teads.tv *.adsrvr.org fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com *.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src blob: *.googlesyndication.com media.littlebirdie.com.au api.fillr.com beacon.krxd.net zip.co pixel.rubiconproject.com olapic.s3.amazonaws.com www.google.co.nz photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net z3photorankmedia-a.akamaihd.net www.vanheusen.com.au au.tommy.com www.calvinklein.com.au *.calvinklein.com analytics.pangle-ads.com bpi.zip.co pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com prreqcroab.icu analytics.tiktok.com ecomm-cdn.trurating.com df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net d3nocrch4qti4v.cloudfront.net au.tommy.com *.pvh-staging.com pixel.quantserve.com *.analytics.yahoo.com *.contentsquare.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net static.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.calvinklein.co.nz *.abtasty.com *.adnxs.com *.adobe.com *.adobedtm.com *.afterpay.com *.afterpay.com *.akamaihd.net *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.calvinklein.com.au *.cardinalcommerce.com *.ccdc02.com *.cfjump.com *.cloudflare.com *.cloudfront.net *.contentsquare.net app.contentsquare.com *.doubleclick.net *.facebook.net *.force.com *.forter.com *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.luckyorange.net *.my.salesforce.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.roymorgan.com *.salesforceliveagent.com *.stockinstore.net *.teads.tv *.tiktok.com *.tommy.com *.trurating.com *.usabilla.com *.vanheusen.com.au *.vimeocdn.com *.yimg.com *.ytimg.com *.zdassets.com *.zipmoney.com.au 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com acdn.adnxs.com analytics-static.ugc.bazaarvoice.com analytics.tiktok.com api.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com apps-stg.nexus.bazaarvoice.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com assets.braintreegateway.com c.paypal.com cdn.attraqt.io cdn.particularaudience.com cfjump.tommy.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net display.ugc.bazaarvoice.com ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io geoapi.cardinalcommerce.com geostag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.js https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.3/handlebars.min.js https://js.afterpay.com https://js.sandbox.afterpay.com https://portal.afterpay.com https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.sandbox.clearpay.co.uk https://static.afterpay.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js.adsrvr.org js.braintreegateway.com mpsnare.iesnare.com network-stg.bazaarvoice.com network.bazaarvoice.com p.teads.tv pay.google.com photorankstatics-a.akamaihd.net rules.quantcount.com s.pinimg.com s.yimg.com s.ytimg.com s7.addthis.com sc-static.net secure.authorize.net secure.quantserve.com songbird.cardinalcommerce.com static.zdassets.com static.zip.co static.zipmoney.com.au stg.api.bazaarvoice.com t.cfjump.com t.paypal.com test.authorize.net tr.snapchat.com vimeo.com wss://widget-mediator.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.vimeo.com zip.co; style-src 'self' 'unsafe-inline' d1m2uzvk8r2fcn.cloudfront.net www.gstatic.com *.abtasty.com *.adobe.com *.akamaihd.net *.bazaarvoice.com *.force.com *.googleapis.com *.klarnacdn.net *.stockinstore.net assets.stockinstore.net bpi.zip.co display.ugc.bazaarvoice.com fonts.googleapis.com js.afterpay.com js.sandbox.afterpay.com photorankstatics-a.akamaihd.net service.force.com static.afterpay.com static.zip.co www.google.com www.googletagmanager.com; object-src 'self' 'unsafe-inline'; media-src data: vod-progressive.akamaized.net player.vimeo.com *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googletagmanager.com pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pixel.quantcount.com network-a.bazaarvoice.com *.sandbox.my.site.com *.pvh-staging.com www.facebook.com pvh-brands.imgix.net tru-live-eventhubs.servicebus.windows.net analytics.pangle-ads.com *.googlesyndication.com *.yimg.com *.contentsquare.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com zip.co *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; worker-src blob:; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline' 3
default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.googleapis.com maps.gstatic.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.google-analytics.com *.googleoptimize.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com www.shrfbdg004.com *.playbuzz.com *.ex.co *.hotjar.com *.hotjar.io *.infinity-tracking.net p.teads.tv go.affec.tv *.permutive.com secure.adnxs.com c1.rfihub.net *.youtube.com *.ytimg.com *.liveperson.net *.lpsnmedia.net widgets-eu.reputation.com ir.tools.investis.com *.eventbrite.co.uk emac-direct.service-plan.co.uk s.pinimg.com cdn.worldpay.com static.analytics.netdirector.auto secure.hiss3lark.com s3.amazonaws.com *.list-manage.com *.research-tree.com *.evanshalshaw.com *.stratstone.com *.carstore.com intranet.local *.pendragonplc.com *.pendragonvehiclemanagement.co.uk; frame-src * 'self' data: 'unsafe-inline' *.fls.doubleclick.net *.socialsignin.net ir.tools.investis.com *.evanshalshaw.com *.stratstone.com *.carstore.com; object-src 'none'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; img-src * 'self' data: pplc-p-001.sitecorecontenthub.cloud; child-src * 'self' pplc-p-001.sitecorecontenthub.cloud; connect-src * 'self' data: pplc-p-001.sitecorecontenthub.cloud; worker-src data: blob:; upgrade-insecure-requests; block-all-mixed-content; 3
upgrade-insecure-requests; report-uri 3
frame-ancestors https://accounts.cft.ru 3
frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk https://*.cheltenham.ecctis.co.uk; 3
frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninassau.digital *.unama.digital *.univeritas.digital *.uninorte.digital *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br *.fasb.edu.br *.rdstation.com.br *.cursoscdmv.com.br https://cursoscdmv.com.br https://unijuazeiro.edu.br https://websdk.hyperflowapis.global *.cloudfront.net *.unescnet.br *.fael.edu.br *.unifael.edu.br *.uni7.edu.br; 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3
upgrade-insecure-requests;frame-ancestors 'self'; 3
report-uri /report-csp-violation; upgrade-insecure-requests; 3
frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com; base-uri 'self' 3
frame-ancestors 'self' https://2gis.ru https://zoon.ru https://sravni.ru 3
frame-ancestors 'self' https://www.growingio.com 3
default-src 'self' *.isitesoftware.com *.digitaldisplays.io digitaldisplays.io *.schoolnutritionandfitness.com schoolnutritionandfitness.com http://district.schoolnutritionandfitness.com onlineordering-images.s3.amazonaws.com digitaldisplays-media.s3.amazonaws.com d36ka9bgcta1yj.cloudfront.net cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gstatic.com *.googleapis.com www.google-analytics.com *.google.com *.amazonaws.com *.twitter.com cdn.syndication.twimg.com *.youtube.com connect.facebook.net *.facebook.com *.instagram.com *.vimeo.com *.payaconnect.com frontierchildnutrition.com *.myschoolmenuboards.com myschoolmenuboards.com translate.google.com unpkg.com 'unsafe-inline' 'unsafe-eval' data:; img-src * data: blob: about:; report-uri https://cgc5aq2c40.execute-api.us-west-2.amazonaws.com/dev/csp-violation-report; 3
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com gateway.foresee.com happy-hill-0c4c4691e.azurestaticapps.net p.typekit.net translate.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com experience.adobe.com gateway.foresee.com googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com platform.twitter.com/js/ platform.twitter.com/widgets.js services.cognitoforms.com static.cognitoforms.com tags.tiqcdn.com tags.tiqcdn.com tpc.googlesyndication.com/sodar/ twemoji.maxcdn.com unpkg.com use.typekit.net www.cognitoforms.com www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleadservices.com/pagead/ *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com api.clearsensecloud.com assets.gyant.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: developers.google.com dpm.demdex.net googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net i.ytimg.com login.commonspirit.org rtd-tm.everesttech.net s3.amazonaws.com static.cognitoforms.com syndication.twitter.com twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.foresee.com analytics.google.com api.ipify.org apiprod.commonspirit.org bam.nr-data.net brain.foresee.com commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com dpm.demdex.net fid.agkn.com fonts.googleapis.com happy-hill-0c4c4691e.azurestaticapps.net identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com rxnav.nlm.nih.gov survey.foreseeresults.com translate.googleapis.com www.cognitoforms.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com happy-hill-0c4c4691e.azurestaticapps.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.slant.co; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; object-src 'none'; style-src 'self' data: https://assets.braintreegateway.com https://widget.reviews.co.uk https://svc.webspellchecker.net https://*.klaviyo.com https://api-js.datadome.co https://fonts.googleapis.com https://assets.reviews.io 'unsafe-inline' 3
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https:; 3
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.contactoffice.com https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 3
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://www.googletagmanager.com https://connect.facebook.net https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com; 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.dualstackdns.com 3
default-src 'self' dev-182207.okta.com *.oktacdn.com; connect-src 'self' dev-182207.okta.com dev-182207-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' dev-182207.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' dev-182207.okta.com *.oktacdn.com; frame-src 'self' dev-182207.okta.com dev-182207-admin.okta.com login.okta.com; img-src 'self' dev-182207.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' dev-182207.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 3
default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.recaptcha.net; script-src *.gstatic.com *.recaptcha.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.recaptcha.net 'self'; 3
default-src 'self' https://optimize.google.com; frame-src 'self' data: bytedance: sslocal: https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://oc-assets.klarnaservices.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.trustpilot.com; script-src 'self' data: https://*.adsrvr.org https://*.adunion.com.au https://t.cfjump.com https://*.criteo.com https://*.criteo.net https://oc-library.klarnaservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.api.useinsider.com https://*.useinsider.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.ozsale.com.au https://*.singsale.com.sg https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com https://*.openpay.com.au/ https://*.trustpilot.com https://tools.luckyorange.com analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.google.com; style-src 'self' https://*.klarnacdn.net https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://*.googleapis.com https://*.api.useinsider.com https://*.useinsider.com 'unsafe-inline'; font-src 'self' data: https://*.api.useinsider.com/ https://*.useinsider.com/ https://font.static.useinsider.com/ https://static.zipmoney.com.au https://*.klarnacdn.net https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net; connect-src 'self' https://*.adunion.com.au https://*.adsrvr.org https://*.criteo.com https://*.klarnaservices.com https://*.useinsider.com https://*.api.useinsider.com https://*.g.doubleclick.net https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbcb.nzsale.co.nz wss://fbcb.identitydirect.com.au https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://*.useinsider.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 3
<policy directive>; 3
frame-ancestors app.storyblok.com 3
frame-ancestors 'self' https://tmw.secure.vmd.ca; 3
default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://data.boerse-go.de https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://modules.wikifolio.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com; font-src 'self' https://fonts.gstatic.com 3
default-src 'self' www.googletagmanager.com https://d1af033869koo7.cloudfront.net;; script-src 'self' app.cdn.lookbookhq.com tracker.engageclick.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com consent.trustarc.com extend.vimeocdn.com www.linkedin.com 074-hbw-141.mktoutil.com *.cloudfront.net unpkg.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js cdpn-js.figureone.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' 'unsafe-inline' https://d1af033869koo7.cloudfront.net https://*.247-inc.net consent.trustarc.com ws-assets.zoominfo.com schedule.zoominfo.com js.zi-scripts.com www.recaptcha.net www.gstatic.com tag.demandbase.com;; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data: 'unsafe-inline' https://d1af033869koo7.cloudfront.net; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.247.ai/*  tfscorp.intelliresponse.com;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com www.youtube.com boards.greenhouse.io info.247.ai https://d1af033869koo7.cloudfront.net https://*.247-inc.net career4.successfactors.com www.recaptcha.net customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; frame-ancestors 'self' consent-pref.trustarc.com https://www.linkedin.com customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob: https://d1af033869koo7.cloudfront.net https://*.247-inc.net;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com info.247.ai;; connect-src 'self' info.247.ai www.google.co.in wss: secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com dev-new.www.247.ai *.mktoresp.com 074-hbw-141.mktoutil.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net bam.nr-data.net api.247-inc.net fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com staging.api.cloud.247-inc.net https://d1af033869koo7.cloudfront.net api.cloud.247-inc.net https://*.247-inc.net target-web-staging.247-inc.net target-web.247-inc.net ws.zoominfo.com api.schedule.zoominfo.com js.zi-scripts.com; 3
block-all-mixed-content; object-src 'none'; 3
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 3
frame-src  'self' youtube.com www.youtube.com www.dailymotion.com assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; worker-src 'self' assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; child-src 'self' assirmforum21-backend.liveforum.space assirmforum21.liveforum.space 3
frame-ancestors https://learningguild.com https://devlearn.com; 3
default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.buzzsprout.com unpkg.com cdn.dxpr.com www.googletagmanager.com www.gstatic.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com *.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.dxpr.com cdn.jsdelivr.net; img-src 'self' reedexhibitions.com www.rxglobal.com rxglobal.com *.google-analytics.com www.google.com www.google.co.uk *.googletagmanager.com data.shorthand.com iframely.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com cdn.dxpr.com cdn.cookielaw.org maps.gstatic.com data: ; frame-src www.buzzsprout.com cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src data: 'unsafe-eval'; connect-src 'self' blob: rxglobal.com rxglobal.at cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.google-analytics.com gateway.shorthand.com www.gstatic.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io cdn.dxpr.com maps.googleapis.com; base-uri 'none'; worker-src blob: 3
frame-ancestors flashpoint-intel.com *.flashpoint-intel.com flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net; frame-src 'self' flashpoint-intel.com *.flashpoint-intel.com app.flashpoint.io *.app.flashpoint.io flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.youtube.com youtube.com linkedin.com *.linkedin.com 3
frame-ancestors: 'self' 3
default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 3
frame-ancestors 'self' localhost *.ct.com 3
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add; 3
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.pagbank.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.pagbank.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.pagbank.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 3
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests;  frame-ancestors 'self' http://cority.lookbookhq.com https://cority.lookbookhq.com http://cority.pathfactory.com https://cority.pathfactory.com http://discover.cority.com https://discover.cority.com https://corityconnect.com/ 3
default-src 'self' *.wseengine.com localhost:*; child-src 'self' *.nanocosmos.de; connect-src 'self' wss: ws: *.wseengine.com *.streace.dev *.streace.io *.hotjar.com *.hotjar.io *.nanocosmos.de *.google-analytics.com *.googleoptimize.com localhost:*; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com *.googleanalytics.com *.hotjar.com *.hotjar.io *.wseengine.com *.nanocosmos.de *.azshopp.com localhost:*; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net optimize.google.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net *.hotjar.com *.hotjar.io; frame-src *.hotjar.com *.hotjar.io optimize.google.com; img-src 'self' data: *.wseengine.com *.islive.nl *.pay.nl islive.com cdn.streace.dev cdn.streace.io *.hotjar.io *.hotjar.com flagcdn.com localhost:* optimize.google.com *.google-analytics.com *.googletagmanager.com storage.googleapis.com; media-src 'self' blob: *.wseengine.com *.nanocosmos.de cdn.streace.dev cdn.streace.io localhost:*; form-action 'self'; frame-ancestors 'self' *.nanocosmos.de; object-src 'none' 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
https://*; img-src * data:; 3
frame-ancestors 'self' *.zs.com https://zsprize.zs.com/; frame-src https://app.altrulabs.com/ *.surveymonkey.com *.google.com *.ampproject.org *.vimeo.com *.adobe.com *.zs.com *.hotjar.com *.doubleclick.net *.facebook.com *.demdex.net *.youtube.com *.buzzsprout.com *.ceros.com *.company-target.com; img-src *.zs.com 'self' *.clarity.ms *.smassets.net *.twitter.com *.cookielaw.org *.ampproject.org *.scene7.com *.company-target.com https://match.prod.bidr.io *.doubleclick.net *.google.com *.google.co.in *.linkedin.com *.google-analytics.com *.facebook.com https://t.co *.adsymptotic.com *.akamaihd.net https://zs.sc.omtrdc.net *.everesttech.net *.ytimg.com *.googletagmanager.com *.demdex.net *.rlcdn.com; style-src 'self' 'unsafe-inline' *.ampproject.org *.buzzsprout.com *.zs.com; font-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms *.googleapis.com *.surveymonkey.com *.go-mpulse.net *.gstatic.com *.google.com *.ampproject.org *.zs.com *.adobe.com *.adobedtm.com *.googletagmanager.com *.demandbase.com https://www.googleadservices.com *.youtube.com *.doubleclick.net *.licdn.com *.google-analytics.com *.ads-twitter.com https://s.ytimg.com *.facebook.net *.hotjar.com *.cookielaw.org *.marketo.net https://analytics.twitter.com *.onetrust.com *.akamaihd.net *.buzzsprout.com *.ceros.com *.zs.com; connect-src *.clarity.ms 'self' *.akstat.io/ *.go-mpulse.net *.demandbase.com *.linkedin.oribi.io *.google.com *.ampporject.org *.ampproject.org  *.company-target.com *.tt.omtrdc.net *.cookielaw.org *.mktoresp.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.hotjar.io; worker-src blob:; 3
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com; form-action *; worker-src * blob:; 3
script-src https://avdonl-s-checkout-fe.azureedge.net/cdn/static/js/main.js https://avdonl-p-checkout-fe.azureedge.net/cdn/static/js/main.js https://checkout-cdn.avarda.com/cdn/static/js/main.js https://stage.checkout-cdn.avarda.com/cdn/static/js/main.js https://bat.bing.com https://*.clerk.io https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.med24.dk/ blob: https://*.med24.no/ blob: https://*.med24.se/ https://connect.facebook.net https://*.getsitecontrol.com 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarna.com https://*.playground.klarnaevt.com https://chimpstatic.com https://at.med24.dk https://at.med24.se https://at.med24.no https://s.kk-resources.com https://*.fls.doubleclick.net https://*.crazyegg.com https://js.go2sdk.com/v2/tune.js https://*.mouseflow.com 'unsafe-eval' 'unsafe-inline' https://*.perfectcorp.com 'unsafe-eval' 'unsafe-inline' https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com; font-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/ https://avdonl-s-checkout-fe.azureedge.net/cdn/ 'self' data: https://*.getsitecontrol.com https://*.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://*.mouseflow.com https://*.perfectcorp.com; img-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/images/ https://avdonl-p-checkout-fe.azureedge.net/cdn/images/ https://avarda.com/media/ https://bat.bing.com https://*.commerce-connector.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://*.getsitecontrol.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://ade.googlesyndication.com https://static.intercomassets.com https://js.intercomcdn.com https://gifs.intercomcdn.com https://downloads.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarnaevt.com https://s.kelkoogroup.net https://collect.med24.dk https://collect.med24.no https://collect.med24.se https://miljoevenlig-pakning.dk https://*.mouseflow.com https://www.partner-ads.com https://*.perfectcorp.com https://*.makeupar.com https://*.beautycircle.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consentcdn.cookiebot.com https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://*.getsitecontrol.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://adservice.google.com/ https://*.klarna.com https://*.klarnacdn.net https://form.jotform.com https://submit.jotformeu.com https://*.fls.doubleclick.net https://*.mouseflow.com https://*.perfectcorp.com https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.sleeknote.com; connect-src 'self' https://*.getsitecontrol.com https: wss://*.intercom.io https://*.mouseflow.com https://*.perfectcorp.com; object-src 'self'; worker-src 'self'; child-src https://*.getsitecontrol.com https://*.mouseflow.com https://*.perfectcorp.com; media-src https://*.gstatic.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com  https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://plausible.io https://tag.goadopt.io https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self'  https://api.rd.services  https://analytics.tiktok.com https://cms.webbytelecom.com.br https://disclaimer-api.goadopt.io https://pagead2.googlesyndication.com https://plausible.io https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data:  https://dwu86ft0a6abz.cloudfront.net https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.facebook.com; img-src 'self' data: https://cms.webbytelecom.com.br https://dwu86ft0a6abz.cloudfront.net https://www.facebook.com https://www.google.com https://www.google.com.br; manifest-src 'self'; media-src 'self'; worker-src 'none'; 3
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors 'self' https://data.dolcemaster.co.il https://dapi.dolcemaster.co.il https://m.youtube.com https://www.youtube.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://info.dentsu.com https://pi.pardot.com http://pi.pardot.com https://cdn.pardot.com http://cdn.pardot.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com/ http://info.dentsu.com/ https://info.dentsu.com/ https://vercel.live https://app.storyblok.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.gstatic.com https://ipwhois.pro https://geolocation.onetrust.com https://vercel.live https://px.ads.linkedin https://api.storyblok.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; frame-ancestors https://app.storyblok.com storyblok.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://a.storyblok.com https://cdn.cookielaw.org https://i.vimeocdn.com/; manifest-src 'self'; media-src 'self' https://a.storyblok.com; report-uri https://6551f73079107a8bf3ffdb54.endpoint.csper.io; worker-src blob:; 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 3
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://cdnapisec.kaltura.com/ https://*.gstatic.com/ 'self'; child-src  'self'; connect-src https://zendesk-eu.my.sentry.io/ https://medischcontact.zendesk.com/ https://ekr.zdassets.com/ https://artsportaal.nl/ https://*.artsportaal.nl/ https://vod.nucleusvideo.astrazeneca.com/ https://cdnapisec.kaltura.com/ https://analytics.kaltura.com/ https://stats.kaltura.com/ https://*.omappapi.com/ wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ wss://pod-28.zendesk.com/ https://*.zdassets.com/ https://medischcontact.zendesk.com/ 'self'; frame-src https://knmg.zevenmijls.nl/ https://www.mysitemapgenerator.com/ https://feed.surfing-waves.com/ https://public.tableau.com/ https://mcads.nl/ https://omny.fm https://docs.google.com/ https://quadia.webtvframework.com/ http://quadia.webtvframework.com/ https://share.transistor.fm/ https://www.bbc.com/ https://dms.licdn.com/ https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.bbci.co.uk/ https://cfvod.kaltura.com/ https://www.facebook.com/ https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ https://medischcontact.zendesk.com/ https://*.zdassets.com/ 'self' data:; media-src https://cdnapisec.kaltura.com/ blob: 'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 3
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 3
frame-src https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.google.com https://yellohvillage.demdex.net https://*.admin.yellohvillage.fr https://admin.yellohvillage.fr https://*.iadvize.com https://*.criteo.com https://static.criteo.net https://*.facebook.com https://*.omtrdc.net ; script-src-elem 'self' https://*.addthis.com https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com  https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://*.script.admo.tv https://js-agent.newrelic.com https://www.googletagmanager.com https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com https://www.facebook.com https://*.criteo.com https://static.criteo.net https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.iadvize.com https://bat.bing.com https://assets.adobedtm.com https://yellohvillage.admo.tv  https://*.yellohvillage.fr https://*.omtrdc.net 'unsafe-eval' 'unsafe-inline'; script-src 'self' data: blob: https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://static.criteo.net https://*.script.admo.tv  https://js-agent.newrelic.com https://www.googletagmanager.com  https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com  https://www.facebook.com https://*.criteo.com https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://*.iadvize.com https://bat.bing.com  https://assets.adobedtm.com https://yellohvillage.admo.tv https://*.yellohvillage.fr https://*.omtrdc.net 'unsafe-eval' 'unsafe-inline'; img-src https: data: 'self' 'unsafe-inline'; default-src 'self' data: wss://*.iadvize.com https://*.googleapis.com https://adservice.google.com/ https://*.datacamping.com/ https://www.photoscamping.com https://*.yellohvillage.fr https://bam.nr-data.net https://yellohvillage.d3.sc.omtrdc.net https://bat.bing.com https://*.admo.tv https://ad.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://*.iadvize.com https://dpm.demdex.net https://api.privacy-center.org https://www.facebook.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://o2.mouseflow.com https://*.criteo.com https://*.omtrdc.net 'unsafe-inline'; object-src 'none' ; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.tarteaucitron.io; img-src * 'self' data:; font-src 'self' data: fonts.gstatic.com; connect-src * 'self'; object-src 'none'; frame-src * 'self'; upgrade-insecure-requests 3
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.ouhealth.com 3
default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://vars.hotjar.com https://optimize.google.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube-nocookie.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://lltrck.com https://www.clarity.ms https://www.googleoptimize.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com;frame-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://go.ltgplc.com  https://go.openlms.net https://vars.hotjar.com https://weareclasstech.wistia.com https://optimize.google.com https://www.googletagmanager.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 3
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com bat.bing.com https://www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/* browser.sentry-cdn.com *.mkt.autofact.cl mkt.autofact.qa *.mkt.autofact.qa mautic.autofact.qa mautic.autofact.cl optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net *.match.autofact.qa *.match.autofact.cl data: www.google-analytics.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com https://vars.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com  *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com *.match.autofact.qa *.match.autofact.cl www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com *.sibautomation.com; prefetch-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com; object-src 'self' *.autofactpro.com *.autofact.cl; connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com; 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com; media-src 'self' ; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com; font-src 'self' data:; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com  https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 3
default-src 'self' 'unsafe-inline' region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com https://platform.twitter.com https://www.linkedin.com https://indd.adobe.com https://syndication.twitter.com/; font-src *; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://imtcast.imt.fr/ https://haltools.archives-ouvertes.fr/ https://indd.adobe.com/ https://barometredelascienceouverte.esr.gouv.fr/ https://www.rcf.fr https://platform.twitter.com https://www.linkedin.com https://syndication.twitter.com/; img-src *; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com/ https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io localhost:35729 yui.yahooapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.imt-atlantique.fr/fr/report-uri/enforce 3
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https: blob:; report-uri /csp-violation-report/ 3
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.facebook.net static.ads-twitter.com snap.licdn.com sc-static.net *.pubble.io *.snapchat.com *.doubleclick.net www.googleadservices.com *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io cdn.jsdelivr.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.google.co.uk *.google.com *.google.ie *.pubble.io *.facebook.com *.snapchat.com *.ads.linkedin.com analytics.twitter.com t.co *.doubleclick.net *.googleapis.com *.gstatic.com unpkg.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io cdn.jsdelivr.net secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com cdn.cookielaw.org noembed.com *.onetrust.com cdn.plyr.io yoast.com *.snapchat.com tr.snapchat.com *.analytics.google.com www.google.co.uk *.pubble.io *.linkedin.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net; frame-src 'self' www.google.com www.yumpu.com blob: *.snapchat.com *.doubleclick.net *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; report-uri https://tus.ie?gdsih-csp-report; 3
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://unpkg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.lightning.force.com/; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com ; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; report-uri /report-csp-violation 3
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 3
frame-ancestors 'self' https://*.moody.edu 3
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; 3
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://* 3
default-src 'self'; font-src data: 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; img-src data: blob: 'self'; frame-ancestors 'self'; frame-src 'self' https:; script-src 'self' 'unsafe-eval'; upgrade-insecure-requests; connect-src 'self' https:; object-src 'none'; base-uri 'self'; 3
default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 3
connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com https://cdn.optimizely.com/ app.vwo.com https://dev.visualwebsiteoptimizer.com https://snapwidget.com/ https://prd3-staging-my-global.sites.brunel.net/ https://cdn01.brunel.net/ https://script.hotjar.com/ https://www.recaptcha.net/ https://hcaptcha.com/ https://www.gstatic.com/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googleanalytics.com https://www.googletagmanager.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://dtch.brunel.nl/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://bat.bing.com/ https://www.redditstatic.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://track.adform.net/ https://www.youtube.com/ https://mc.yandex.ru/ https://static.hotjar.com/ https://az416426.vo.msecnd.net/ https://www.clarity.ms/ https://api-publication-search-prd.azurewebsites.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; style-src 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://fonts.googleapis.com https://optimize.google.com/ https://prd3-staging-my-global.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://www.brunel.net/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunel.at/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://privacyportalde-cdn.onetrust.com/ https://fonts.googleapis.com/ https://acc2-my-nl.sites.brunel.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; img-src 'unsafe-inline' data: https://ad.doubleclick.net *.visualwebsiteoptimizer.com https://cdn.optimizely.com/ https://www.google.be/ https://px4.ads.linkedin.com/ chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://dev.visualwebsiteoptimizer.com https://prd3-staging-my-global.sites.brunel.net/ https://maps.googleapis.com/ https://www.gstatic.com/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://analytics.twitter.com/ https://www.linkedin.com/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://optimize.google.com/ https://script.hotjar.com/ https://snapwidget.com/ https://pagead2.googlesyndication.com/ https://prod.smassets.net/ https://prod.smassets.net/ https://click.werkzoeken.nl/ https://click.technicus.nl/ https://click.ictergezocht.nl/ https://googleads.g.doubleclick.net/ https://lt45.net/ https://conv.indeed.com/ https://online.brunel.nl/ https://maps.gstatic.com/ https://optanon.blob.core.windows.net/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://img.youtube.com/ https://www.brunel.net/ http://www.w3.org/ https://acc2-www-nl.sites.brunel.net/ http://www.w3.org/ https://acc2-my-nl.sites.brunel.net/ https://dc.ads.linkedin.com/ https://alb.reddit.com/ https://t.co/ https://bat.bing.com/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://c.clarity.ms/ https://www.google.com/ https://www.google.nl/ https://c.bing.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; connect-src 'unsafe-inline' *.optimizely.com https://tapi.optimizely.com/ https://pagead2.googlesyndication.com/ https://errors.client.optimizely.com/ https://*.hotjar.io https://logx.optimizely.com/ https://*.hotjar.com wss://*.hotjar.com/  *.visualwebsiteoptimizer.com wss://wsp6.hotjar.com/ https://wsp6.hotjar.com/ https://csmetrics.hotjar.com/ app.vwo.com wss://ws24.hotjar.com/ wss://ws35.hotjar.com/ https://cdn.linkedin.oribi.io/ https://prd3-staging-my-global.sites.brunel.net/ https://optimize.google.com/ https://pp-public-p-swe.piwik.pro/ https://ws21.hotjar.com/ wss://ws21.hotjar.com/ wss://ws26.hotjar.com/ https://ws26.hotjar.com/ wss://ws25.hotjar.com/ wss://ws29.hotjar.com/ https://ws29.hotjar.com/ https://ws10.hotjar.com/ wss://ws10.hotjar.com/ https://ws42.hotjar.com/ wss://ws42.hotjar.com/ https://ws5.hotjar.com/ wss://ws5.hotjar.com/ wss://ws37.hotjar.com/ https://www.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://ws24.hotjar.com/ wss://ws8.hotjar.com/ https://prd3-staging-www-net.sites.brunel.net/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunel.at/ https://region1.google-analytics.com/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://surveystats.hotjar.io/ https://optanon.blob.core.windows.net/ https://dtch.brunel.nl/ https://geolocation.onetrust.com/ https://dtch.brunel.nl/wss:// ws1.hotjar.com/ https://k.clarity.ms/ https://mc.yandex.ru/ https://snapwidget.com/ https://bat.bing.com/ https://acc2-my-nl.sites.brunel.net/ https://privacyportal-de.onetrust.com/ https://privacyportalde-cdn.onetrust.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://dc.services.visualstudio.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://in.hotjar.com/ wss://ws17.hotjar.com/ https://ws17.hotjar.com/ https://j.clarity.ms/ https://www.clarity.ms/ https://api-publication-search-prd.azurewebsites.net/ https://acc2-www-nl.sites.brunel.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://a.clarity.ms/ https://b.clarity.ms/ https://c.clarity.ms/ https://d.clarity.ms/ https://e.clarity.ms/ https://f.clarity.ms/ https://g.clarity.ms/ https://h.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://k.clarity.ms/ https://l.clarity.ms/ https://m.clarity.ms/ https://n.clarity.ms/ https://o.clarity.ms/ https://p.clarity.ms/ https://q.clarity.ms/ https://r.clarity.ms/ https://s.clarity.ms/ https://t.clarity.ms/ https://u.clarity.ms/ https://v.clarity.ms/ https://w.clarity.ms/ https://x.clarity.ms/ https://y.clarity.ms/ https://z.clarity.ms/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; frame-src 'unsafe-inline' https://embed-standalone.spotify.com/ app.vwo.com *.visualwebsiteoptimizer.com *.cdn.optimizely.com https://www.brunel.net/ https://widgets.bnr.nl/ https://td.doubleclick.net https://brunel-career.talent-soft.com/ https://snapwidget.com/ https://www.ecomatcher.com/ https://newassets.hcaptcha.com/ https://optimize.google.com/ https://cm.to/ https://hmmh.scnem.com/ https://45years.brunel.net/ https://open.spotify.com/ https://pages.cm.com/ https://werkenbij.brunel.nl/ https://www.pingvp.com/ https://www.surveymonkey.com/ https://tpc.googlesyndication.com/ https://www.recaptcha.net/ https://www.youtube.com/ https://vars.hotjar.com/ https://track.adform.net/ https://mc.yandex.ru/ https://track.adform.net/ https://api-publication-search-prd.azurewebsites.net/ https://www.facebook.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://10418678.fls.doubleclick.net/ https://cm.to/ https://pages.cm.com/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; script-src-elem 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://optimizely.s3.amazonaws.com/ https://cdn3.optimizely.com/ https://app.optimizely.com/ https://cdn-assets-prod.s3.amazonaws.com/ https://cdn.optimizely.com/ austlria.com https://prd3-staging-my-global.sites.brunel.net/ https://hcaptcha.com/ https://optimize.google.com/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://snapwidget.com/ https://acc2-www-nl.sites.brunel.net/ https://ajax.googleapis.com/ https://tpc.googlesyndication.com/ https://click.werkzoeken.nl/ https://www.clear-reports.com/ https://widget.surveymonkey.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://s2.adform.net/ https://analytics.twitter.com/ https://script.hotjar.com/  https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://acc2-www-nl.sites.brunel.net/FED/UMB/static/js/ https://acc2-my-nl.sites.brunel.net/ https://dtch.brunel.nl/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://bat.bing.com/ https://www.redditstatic.com/ https://snap.licdn.com/ https://track.adform.net/ https://www.youtube.com/ https://mc.yandex.ru/ https://static.hotjar.com/ https://az416426.vo.msecnd.net/ https://www.clarity.ms/  https://connect.facebook.net/ https://a.clarity.ms/ https://b.clarity.ms/ https://c.clarity.ms/ https://d.clarity.ms/ https://e.clarity.ms/ https://f.clarity.ms/ https://g.clarity.ms/ https://h.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://k.clarity.ms/ https://l.clarity.ms/ https://m.clarity.ms/ https://n.clarity.ms/ https://o.clarity.ms/ https://p.clarity.ms/ https://q.clarity.ms/ https://r.clarity.ms/ https://s.clarity.ms/ https://t.clarity.ms/ https://u.clarity.ms/ https://v.clarity.ms/ https://w.clarity.ms/ https://x.clarity.ms/ https://y.clarity.ms/ https://z.clarity.ms/ https://privacyportalde-cdn.onetrust.com/ https://tst4-www-nl.sites.brunel.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/; font-src 'unsafe-inline' https://script.hotjar.com/ https://optimize.google.com/ https://prd3-staging-my-global.sites.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://privacyportalde-cdn.onetrust.com/ https://acc2-my-nl.sites.brunel.net/ https://acc2-www-nl.sites.brunel.net/ https://fonts.gstatic.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://px.ads.linkedin.com/ https://brunel.containers.piwik.pro/; media-src 'unsafe-inline' https://cdn01.brunel.net/ https://brunel.net; 3
default-src 'self' *.uat.tenethealth.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com *.google-analytics.com https://syndication.twitter.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://w3.cdn.anvato.net/ https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://support.doctorpodcasting.com https://tenethealth.outgrow.us/ https://dyv6f9ner1ir9.cloudfront.net/* https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* https://tags.tiqcdn.com https://tags.tiqcdn.com/utag/tenet/main/prod/utag.js https://tags.tiqcdn.com/utui/utui.tagcompanion.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com https://optimize.google.com https://tagmanager.google.com platform.twitter.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com *.twimg.com data: blob: https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.google-analytics.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com platform.twitter.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://i.vimeocdn.com https://www.hvsh.org https://pc-hmt-collect.tealiumiq.com *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src *.marketo.com *.sitefinity.xyz *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://w3.cdn.anvato.net/ https://cdns.snacktools.net/ https://support.doctorpodcasting.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/ https://i.vimeocdn.com https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://cdnjs.cloudflare.com https://support.doctorpodcasting.com https://assets-usa.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net public-usa.mkt.dynamics.com https://pc-hmt-collect.tealiumiq.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://media.tenethealth.com https://i.vimeocdn.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com 'self' web-chat.nativechat.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com https://validate.perfdrive.com https://cdnjs.cloudflare.com https://service-prep.tenethealth.com 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com  https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; img-src https: http: data: blob: 'self'; script-src https: 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ajax.googleapis.com https://bat.bing.com https://*.crazyegg.com https://static.hotjar.com https://www.googleadservices.com 'self'; style-src https: 'unsafe-inline' https://resources.surveymonkey.com 'self'; 3
font-src *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.newrelic.com *.herokuapp.com *.weltpixel.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com.ar *.instagram.com *.cdninstagram.com *.gstatic.com www.iochile.cl *.facebook.com *.newrelic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.woowup.com *.herokuapp.com *.instagram.com *.facebook.net *.newrelic.com *.google.com/ onesignal.com *.onesignal.com *.avada.io player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.herokuapp.com *.newrelic.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doubleclick.com *.doubleclick.net *.newrelic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' https://royalcanin-rh.vh.localhost http://dev-eus-sc-rh.f4bf3cb6a5fb409d9866.eastus.aksapp.io http://dev-weu-sitecore-01-rh.6952f9b6f3ab41099033.westeurope.aksapp.io https://dev-weu-sitecore-02-rh.b8e8c0835ea74914b2ec.westeurope.aksapp.io https://rh-sc-stg-weu-01.staging.royalcanin.com https://rh-sc-rlt-weu-01.rlt.royalcanin.com https://stg-royalcanin-cm-01.royalcanin.com https://rh-sc-prd-weu-01.royalcanin.com https://cm-sc-rlt-weu-01.rlt.royalcanin.com https://cm-sc-prd-weu-01.royalcanin.com https://rh-sc-uat-weu-01.uat.royalcanin.com ; 3
default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net; font-src * data:; img-src * data:; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src 'self' blob: https://*.akamaihd.net; img-src 'self' data: https://images.ctfassets.net/ https://*.azure.net https://americanspecialtyhealth.nanorep.co https://*.hubspot.com https://*.hsforms.com https://*.fod247.io https://*.amazonaws.com http://*.boldchat.com https://*.boldchat.com http://via.placeholder.com/ https://seal.websecurity.norton.com https://*.internal.ashfitness.net/ https://*.ashconnect.com http://*.gstatic.com http://*.googleapis.com https://app.validic.com https://*.typekit.net https://*.ashcompanies.com https://*.api.ashcompanies.com https://*.googleapis.com  https://csi.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://dev.api.healthyroads.com https://stg.api.healthyroads.com/ https://preprod.api.healthyroads.com https://api.healthyroads.com/ https://www.googletagmanager.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://cdn.fod247.com https://*.ooyala.com https://*.brightcove.com https://*.boltdns.net https://*.choosehealthy.com https://*.akamaihd.net https://*.googleadservices.com https://*.doubleclick.net https://assets.prod.validic.com; media-src 'self' blob: https://*.silverandfit.com/ http://*.boldchat.com https://*.boldchat.com https://*.internal.ashfitness.net https://dev.api.healthyroads.com  https://preprod.api.healthyroads.com  https://api.healthyroads.com/ https://stg.api.healthyroads.com/ https://*.api.ashcompanies.com https://*.ooyala.com https://*.akamaized.net https://*.choosehealthy.com https://*.boltdns.net https://*.akamaihd.net https://*.azure.net https://*.ptrx.org https://*.amazonaws.com; frame-src 'self' data: application/pdf 'unsafe-inline' https://*.api.ashcompanies.com https://vimeo.com/ http://*.boldchat.com https://*.boldchat.com https://www.youtube.com/  https://www.facebook.com/ https://connect.facebook.net/ https://*.vimeo.com https://api.recurly.com/ https://*.networksearch.api.ashcompanies.com https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.choosehealthy.com https://youtu.be/ https://*.usw2.pure.cloud; font-src 'self' 'unsafe-inline' data: http://*.boldchat.com https://*.boldchat.com https://*.api.ashcompanies.com/ https://*.ashconnect.com http://*.gstatic.com https://*.typekit.net https://*.ui.api.ashcompanies.com https://fonts.gstatic.com http://fonts.gstatic.com https://*.ooyala.com https://*.choosehealthy.com; connect-src 'self' blob: wss://*.bold360.com https://*.applicationinsights.azure.com https://www.google-analytics.com https://ak-use.akamaized.net/ https://metrics-api.librato.com http://americanspecialtyhealth.nanorep.co https://visitor-services.nanorep.com http://*.boldchat.com https://*.boldchat.com https://*.silverandfit.com https://silverandfit.com http://dc.services.visualstudio.com/v2/track https://dc.services.visualstudio.com/v2/track https://api.healthyroads.com/ https://*.api.healthyroads.com https://*.ashconnect.com https://*.activeandfit.com https://activeandfit.com https://*.exerciserewards.com https://*.typekit.net/ https://*.api.ashcompanies.com https://api.recurly.com https://connect.facebook.net https://dc.services.visualstudio.com/ https://*.choosehealthynext.com https://*.ooyala.com https://*.bitmovin.com https://*.brightcove.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.akamaihd.net https://*.choosehealthy.com https://*.azure.net https://*.ashcompanies.com https://*.azurefd.net https://*.azure-api.net https://*.hubspot.com https://*.ashcompanies.com https://*.googleapis.com https://*.facebook.com https://syncmydevice.com https://www.google.com https://googleads.g.doubleclick.net https://*.amazonaws.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud; worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ssqt.io https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://www.googleoptimize.com http://americanspecialtyhealth.nanorep.co http://*.boldchat.com https://*.boldchat.com https://seal.verisign.com/ https://*.typekit.net http://noembed.com/ https://noembed.com/ https://api.healthyroads.com https://*.ui.api.ashcompanies.com/ https://*.api.ashcompanies.com https://*.api.healthyroads.com https://*.exerciserewards.com http://tagmanager.google.com https://tagmanager.google.com http://*.googleapis.com https://js.recurly.com/v4/recurly.js  https://www.googletagmanager.com http://www.google-analytics.com/ https://www.google-analytics.com/ https://analytics.clickdimensions.com https://az416426.vo.msecnd.net/ https://connect.facebook.net/ http://analytics.clickdimensions.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.brightcove.net https://*.gstatic.com https://*.choosehealthy.com https://*.ashcompanies.com https://*.googleadservices.com https://*.hsadspixel.net https://js.monitor.azure.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://googleads.g.doubleclick.net https://apps.usw2.pure.cloud; style-src 'self' http://*.boldchat.com https://*.boldchat.com https://js.recurly.com/ http://tagmanager.google.com https://tagmanager.google.com https://*.googleapis.com http://*.googleapis.com https://api.healthyroads.com/ https://*.api.ashcompanies.com/ https://*.api.healthyroads.com https://*.choosehealthynext.com 'unsafe-inline' https://optimize.google.com https://seal.websecurity.norton.com http://optimize.google.com https://*.ooyala.com https://*.googletagmanager.com https://*.typekit.net; child-src 'self' 'unsafe-inline' blob: data:; frame-ancestors 'self' https://vimeo.com/ https://*.choosehealthy.com; object-src 'self' data: application/pdf  blob: filesystem:; 3
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 3
frame-ancestors https://tools.univer.se 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://cdn.territories.bnpparibas https://cdn-preprod.territories.bnpparibas https://cdn-staging.territories.bnpparibas; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 3
frame-ancestors 'self' analytics.pt-dlr.de 3
default-src 'self' blob: data: gap: *.proxify.com *.upsideout.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.googleapis.com *.googlevideo.com 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' gather.town *.kopano.io *.kopano.com; 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com https://cdn4.mxpnl.com http://fast.appcues.com https://*.freshworks.com https://js.mollie.com/v1/mollie.js https://*.freshchat.com https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js https://cdn.wootric.com/wootric-sdk.js https://*.wootric.eu https://cdn-visma-app-switcher-faatcndaebg3hqhu.z01.azurefd.net/webcomponents/index.js https://*.securelogin.nu https://uptime.betterstack.com/widgets/announcement.js;      frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com; img-src 'self' https: data: http:; 3
default-src *; font-src * data:; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 3
object-src 'none'; frame-ancestors 'self'; report-uri https://ribboncommunications.com/report-uri/enforce 3
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 3
frame-ancestors 'self' https://admin.emeraldconnect.com https://admin2.emeraldconnect.com 3
manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 3
frame-ancestors 'self' *.funbridge.com ggdev08.csgames.net 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; connect-src ws: https: wss:; img-src https: data: *; font-src https: data:; frame-ancestors 'self'; 3
frame-ancestors 'self' https://*.locasun.com; 3
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/  https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ ;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ;                                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js blob: 'self';                                     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ ;                                     frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ ;                                     worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ;                                     media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 3
frame-ancestors 'self' https://flocktory.com https://*.flocktory.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net ; 3
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 3
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src https://cdn.pricespider.com/ http://embeddedcloud.pricespider.com http://embeddedcloud.pricespider.com/ http://omni.pricespider.com/ https://wtbng.pricespider.com/ https://wtbstream.pricespider.com/ * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 3
frame-ancestors 'self' https://mcnk64xr71xx8t-v1mr4dcx1zk84.pub.sfmc-content.com 3
block-all-mixed-content; report-uri https://tfyre.co.za/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=ed9bc3938e 3
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; prefetch-src 'self' 3
default-src *  blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.w3schools.com https://iframetester.com 3
default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 3
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob: https://*.googlevideo.com:443 https://*.youtube.com:443; child-src 'self' blob:; frame-src 'self'; frame-ancestors 'none' 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 3
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ;frame-ancestors 'self' https://paghe.passepartout.sm/ https://paghe-testupd.passepartout.sm https://paghe.passstage.cloud/ 3
frame-ancestors 'self';frame-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com *.cleverwebserver.com *.clevernt.com; 3
default-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data: 3
frame-ancestors https://100jahre.caritas-stpoelten.at/ https://abrakadabra.caritas-tirol.at/ https://abz-wielandgasse.caritas-steiermark.at/ https://agyoungcaritas.caritas.at/ https://www.caritas-stadtteilarbeit.at/ https://freiwillige.caritas-wien.at/ https://fs-grabenstrasse.caritas-steiermark.at/ https://spenden.helfen.at/ https://hlw.caritas-kaernten.at/ https://intern.sob-linz.at/ https://jahresbericht.caritas-stpoelten.at/ https://la-rottenmann.caritas-steiermark.at/ https://seegasse.caritas-wien.at/ https://sob.caritas-kaernten.at/ https://sob.caritas-wien.at/ https://test04.caritas.at/ https://test11.caritas.at/ https://test13.caritas.at/ https://test20.caritas.at/ https://vorlagen.caritas.at/ https://wirkungsbericht.caritas-burgenland.at/ https://wirkungsbericht.caritas-salzburg.at/ https://wirkungsbericht.caritas-wien.at/ https://www.caritas.at/ https://www.caritas-austria.at/ https://www.caritas-bigs.at/ https://www.caritas-bildungszentrum.at/ https://www.caritas-burgenland.at/ https://www.caritas-commit.at/ https://www.caritas-foundation.at/ https://www.caritas-jobs.at/ https://www.caritas-kaernten.at/ https://www.caritas-leo.at/ https://www.caritas-linz.at/ https://www.caritas-ooe.at/ https://www.caritas-pflege.at/ https://www.caritas-rundumbetreut.at/ https://www.caritas-salzburg.at/ https://www-caritas-salzburg-at.caritas.host https://www.caritas-schulen.at/ https://www.caritas-steiermark.at/ https://www.caritas-stiftung.at/ https://www.caritas-stpoelten.at/ https://www.caritas-tirol.at/ https://www.caritas-vorarlberg.at/ https://www.caritas-wien.at/ https://www.caritas-wiewirwirken.at/ https://www.caritasabend.at/ https://www.caritasakademie.at/ https://www.carla.at/ https://www.carla-vorarlberg.at/ https://www.carla-wien.at/ https://www.diesozialschule.at/ https://www.fsbwr-neustadt.ac.at/ https://www.hilfswerk-sr-emmanuelle.at/ https://www.homelessworldcup.at/ https://www.internationalerfreiwilligeneinsatz.at/ https://www.josee.at/ https://www.junges-wohnen.at/ https://www.lebensraeume-caritas.at/ https://www.neuearbeit.or.at/ https://www.obenauf.cc/ https://www.paraplue-steyr.at/ https://www.patenschaften.at/ https://www.perspektive-handel.at/ https://www.project-bera.eu/ https://www.schule-am-himmel.at/ https://www.schwangerenberatung.at/ https://www.sob-caritas.at/ https://www.sob-linz.at/ https://www.speisewagen-caritas.at/ https://www.unser-wirken.caritas-kaernten.at/ https://www.winternothilfe.at/ https://www.zeitschenken.at/ https://www.gruft.at/ https://www.opentalk.at/ https://caritas-wegweiser.at/ https://www.krone.at/ https://vka.or.at/ https://open2chat.at/ https://www.ausbildungszentrum-linz.at/ https://triptalks.at/ https://www.lena.or.at/ https://www.streetfootball.at/ https://www.carotte-caritas.at/ https://sozialberufe-wolfsberg.caritas-kaernten.at/ https://annualreport.caritas.at/ https://typo3.caritas.at/ https://haus-antonius.caritas-kaernten.at/ https://wirkungsbericht.caritas-tirol.at/ https://wirkungsbericht.caritas.at/; 3
default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 3
default-src 'self' *.berger-levrault.com; img-src 'self' data: *.analytics.google.com *.google.es *.wistia.com  wp-rocket.me *.google-analytics.com *.gravatar.com https://s.w.org https://gravityforms.s3.amazonaws.com https://gravityforms.s3.amazonaus.com *.gstatic.com *.googleapis.com; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' *.google.ca google.ca *.google.com google.com *.en25.com *.licdn.com *.facebook.net *.google.es *.googleadservices.com googleadservices.com *.helpscout.net *.wistia.com *.hcaptcha.com *.matomo.cloud *.mxpnl.com https://hcaptcha.com *.cloudflare.com *.googleapis.com *.googletagmanager.com https://www.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.berger-levrault.com *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.gstatic.com; connect-src 'self' *.analytics.google.com *.helpscout.net *.wistia.com *.litix.io *.cloudfront.net *.matomo.cloud *.hcaptcha.com *.gstatic.com *.googleapis.com *.google-analytics.com *.yoast.com yoast.com *.berger-levrault.com; frame-src 'self' mailto: tel: *.facebook.net *.berger-levrault.com *.hcaptcha.com *.youtube.com *.youtube-nocookie.com wp-rocket.me; media-src 'self' blob: *.berger-levrault.com *.wistia.net 3
default-src 'self' www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.in adservice.google.com *.fls.doubleclick.net insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com *.onetrust.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.hotjar.com *.moengage.com *.adnxs.com *.googleoptimize.com *.mookie1.com *.fls.doubleclick.net *.doubleclick.net *.outbrain.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://platform-api.sharethis.com https://buttons-config.sharethis.com unpkg.com/@frontify/ brandportal.ihhhealthcare.com assets.gathercontent.com www.googletagmanager.com media.istockphoto.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg http://admin-beta-mountelizabeth.com.sg insight.adsrvr.org quantserve.com googletagmanager.com secure.quantserve.com js.adsrvr.org rules.quantcount.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net admin-gleneagles.parkwayhealth.local admin-parkwayeast.parkwayhealth.local bat.bing.com staticcdn.enzymic.co cdn.polyfill.io https://unpkg.com/web-vitals/dist static.site24x7rum.com www.google.co.in s.yimg.com www.instagram.com www.sc.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com https://rawgit.com https://cdnjs.cloudflare.com https://cdn.tailwindcss.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com beta.mountelizabeth.com.sg http://fonts.cdnfonts.com https://cdnjs.cloudflare.com googletagmanager.com *.googletagmanager.com *.bunny.net *.moengage.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.mountelizabeth.com.sg https://cdn-assets-eu.frontify.com simsys.ent.ap-southeast-1.aws.found.io www.gleneagles.com.sg https://www.parkwayhospitals.com.cn *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com i.vimeocdn.com www.googletagmanager.com *.hotjar.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com countryflagsapi.com mountelizabeth.com *.mookie1.com *.google.com *.google.com.sg *.adnxs.com *.quantserve.com flagcdn.com ad.doubleclick.net google.co.in sdms-country-flag.s3.ap-southeast-1.amazonaws.com http://sitefinityprodpp.blob.core.windows.net googleads.g.doubleclick.net www.google.com/pagead bat.bing.com *.outbrain.com www.googleadservices.com www.google.co.in adservice.google.com fls.doubleclick.net insight.adsrvr.org quantserve.com s.yimg.com www.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com *.amazonaws.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com cdnjs.cloudflare.com https://fonts.cdnfonts.com; frame-src https://www.google.com/ https://www.youtube.com https://vimeo.com https://player.vimeo.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com brandportal.ihhhealthcare.com https://vars.hotjar.com https://*.moengage.com https://www.facebook.com https://m.facebook.com *.fls.doubleclick.net insight.adsrvr.org www.instagram.com adservice.google.com td.doubleclick.net 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://l.sharethis.com *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://parkway-elastic-production.ent.ap-southeast-1.aws.found.io http://admin-beta-mountelizabeth.com.sg wss://*.hotjar.com *.hotjar.com *.hotjar.io *.moengage.com stats.g.doubleclick.net admin-parkwayeast.parkwayhealth.local admin-gleneagles.parkwayhealth.local analytics.google.com static.enzymic.co www.facebook.com metrics.mountelizabeth.com.sg insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com sp.analytics.yahoo.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com *.onetrust.com tr.outbrain.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://*.moengage.com countryflagsapi.com 'self' web-chat.nativechat.com 3
default-src 'self';               frame-src 'self' www.google.com www.youtube.com live.brame-gamification.com *.paypal.com www.facebook.com weatherwidget.io tpc.googlesyndication.com td.doubleclick.net;              media-src 'self';               img-src 'self' data: maps.gstatic.com sp.analytics.yahoo.com maps.googleapis.com *.paypal.com uip.semasio.net www.google.com www.facebook.com www.google.gr bold.adman.gr cdn.cookielaw.org www.googletagmanager.com www.google.nl ads.travelaudience.com sherlock.adman.gr ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com tr.outbrain.com cm.g.doubleclick.net ad.yieldlab.net pixel.rubiconproject.com image2.pubmatic.com ice.360yield.com ih.adscale.de ib.adnxs.com ads.betweendigital.com p1.zemanta.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.paypalobjects.com *.braintreegateway.com sp.analytics.yahoo.com connect.facebook.net s.yimg.com maps.googleapis.com www.googletagmanager.com www.google.com www.youtube.com www.gstatic.com cdn.cookielaw.org weatherwidget.io ads.travelaudience.com www.googleadservices.com theferries.com tpc.googlesyndication.com tr.outbrain.com amplify.outbrain.com wave.outbrain.com js-tag.zemanta.com;               connect-src 'self' maps.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com cdn.cookielaw.org *.analytics.google.com stats.g.doubleclick.net s.yimg.com privacyportal-eu.onetrust.com geolocation.onetrust.com adservice.google.com www.google.com www.google.gr tr.outbrain.com;              style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;       object-src 'none' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 3
script-src 'self' addtoany.com *.addtoany.com capitaland.my.site.com ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com *.thehotelsnetwork.com thehotelsnetwork.com *.stackla.com stackla.com *.accesstrade.ne.jp accesstrade.ne.jp *.clarity.ms clarity.ms *.taboola.com taboola.com *.hybridtheory.com hybridtheory.com *.go.affec.tv go.affec.tv *.accesstrade.co.id accesstrade.co.id *.sojern.com sojern.com *.consent-pref.trustarc.com consent-pref.trustarc.com *.ailab.criteo.com ailab.criteo.com *.criteo.com criteo.com *.p.relay-t.io p.relay-t.io *.policies.google.com policies.google.com *.privacy.yahoo.co.jp privacy.yahoo.co.jp *.googleadservices.com googleadservices.com *.s.yimg.jp s.yimg.jp *.numberly.com numberly.com *.xandr.com xandr.com *.pinterest.com pinterest.com *.ir.baidu.com ir.baidu.com *.hm.baidu.com hm.baidu.com *.js.adsrvr.org js.adsrvr.org *.insight.adsrvr.org insight.adsrvr.org *.adsrvr.org adsrvr.org *.tawk.to tawk.to *.embed.tawk.to embed.tawk.to *.instagram.com instagram.com *.relay-t.io relay-t.io *.secure-relay.com secure-relay.com 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' http://duravit.com https://dna.duravit.com http://staffbase.com capacitor://duravit.com capacitor://staffbase.com localhost:*; 3
frame-ancestors 'self' https://c360.cricketwireless.com; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 3
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://embed.typeform.com *.googleapis.com https://www.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org https://cdnjs.cloudflare.com https://unpkg.com *.typekit.net https://static.geetest.com *.gbox.me; connect-src 'self' *.amazonaws.com *.googlesyndication.com/ https://pct.formstack.com https://api.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ https://api.typeform.com *.datadome.co ct.captcha-delivery.com; img-src https: data:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' *.culturaldistrict.org; frame-src 'self' https://widgets.resy.com *.approveforgood.com/ https://geo.captcha-delivery.com *.applytojob.com/ *.doubleclick.net *.culturaldistrict.org *.formstack.com *.googlesyndication.com/ *.pittsburghsymphony.org https://form.typeform.com/ *.youtube.com https://www.youtube-nocookie.com/ https://w.soundcloud.com/ https://e.issuu.com https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.google.com https://www.recaptcha.net https://online.anyflip.com https://albumizr.com/ https://checkoutshopper-live-us.adyen.com/; frame-ancestors 'self'; 3
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval';    frame-ancestors 'self' https://one-time-offer.com https://cashbackprog.completesavings.co.uk 3
default-src 'self' www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; img-src 'self' 'unsafe-inline' www.google-analytics.com secure.gravatar.com *.tile.openstreetmap.org data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google.com *.openstreetmap.org; object-src 'none'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; 3
frame-ancestors 'self' https://planner.dbcargo.com 3
... 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' *.hubgets.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com; 3
object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 3
script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * data: blob: 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; img-src * data: blob: 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src * data: blob: 'unsafe-inline' https://fonts.gstatic.com; frame-src * data: blob: https://optimize.google.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl *.clarity.ms *.pixad.com.tr *.taboola.com *.criteo.com *.rtb.pixad.com.tr bs.yandex.ru 3
frame-ancestors 'self' chromacam.me personifyinc.com 3
default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 3
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3
child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net vimeo.com https: consentcdn.cookiebot.com consent.cookiebot.com; default-src 'self' https:; font-src data: 'self' https: *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https: consentcdn.cookiebot.com consent.cookiebot.com; img-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'wasm-unsafe-eval' 'self' https: www.googletagmanager.com *.hsforms.net vimeo.com *.vimeocdn.com player.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com; style-src data: 'unsafe-inline' 'self' https: *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https:; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 3
default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; 3
frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io;  font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 3
script-src 'unsafe-inline' 'self' *.redditstatic.com https://tagmanager.google.com https://*.googletagmanager.com connect.facebook.net data: 'unsafe-eval' blob: www.google.com www.gstatic.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com assets.adobedtm.com;frame-src 'self' www.google.com www.googletagmanager.com www.youtube.com https://4333818.fls.doubleclick.net 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.christianjobs.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com support.salemchurchproducts.com conversations.app-us1.com *.ably.io realtime.ably.io *.ably-realtime.com trackcmp.net n.clarity.ms *.stripe.com *.survicate.com youthworker.com www.youthworker.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com *.unpkg.com unpkg.com *.clarity.ms api.sermonsearch.com *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com salemchurchproducts.s3.amazonaws.com *.google.com *.bing.com *.facebook.com *.facebook.net connect.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.kissmetrics.com *.googlesyndication.com kit-free.fontawesome.com *.fontawesome.com *.yahoo.com srv3.wa.marketingsolutions.yahoo.com flex.atdmt.com *.atdmt.com widget.freshworks.com *.freshworks.com salemchurchproducts.freshdesk.com *.freshdesk.com cdn.linkedin.oribi.io api.omappapi.com *.omappapi.com snap.licdn.com *.linkedin.com googletagservices.com *.googletagservices.com whm.attn.tv *.attn.tv events.attentivemobile *.attentivemobile.com *.hellopastors.com ;
	script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' data: api.sermonsearch.com www.youthworker.com youthworker.com *.unpkg.com unpkg.com api.omappapi.com *.omappapi.com www.childrens-ministry-deals.com childrens-ministry-deals.com *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.facebook.net *.googlesyndication.com *;
	img-src 'unsafe-inline' 'unsafe-eval' data: *;
	frame-src 'unsafe-inline' 'unsafe-eval' data: youthworker.com www.youthworker.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com api.sermonsearch.com *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 3
frame-ancestors http://*.campogrande.ms.gov.br 3
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 3
style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com partners.designmynight.com atlas.microsoft.com *.cdn-cookieyes.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css; font-src 'self' data: *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com atlas.microsoft.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.hotjar.com cdn-cookieyes.com *.tiktok.com *.licdn.com *.ads-twitter.com *.twitter.com *.bing.com *.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.exponea.com *.tenkites.com tkmenus.com *.braintreegateway.com menus.tenkites.com partners.designmynight.com code.jquery.com secure.livebookings.com bda.bookatable.com atlas.microsoft.com connect.facebook.net *.liveres.co.uk https://songbird.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/intlTelInput.min.js https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/utils.min.js *.recaptcha.net *.sevenrooms.com; worker-src 'self' blob: atlas.microsoft.com; frame-ancestors 'self' *.googleapis.com *.google.com *.google.com *.gstatic.com menus.tenkites.com *.sevenrooms.com; object-src 'none' 3
default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://js.intercomcdn.com; frame-src 'self' *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a 3
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 3
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 3
font-src 'self'; 3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://s3-eu-west-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://s3.amazonaws.com https://s3-ca-central-1.amazonaws.com https://s3-ap-southeast-2.amazonaws.com https://s3-eu-west-3.amazonaws.com https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data:; font-src * data:; media-src 'self' https://eu.ftp.opendatasoft.com/odsacademy/; connect-src 'self' *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://s3-eu-west-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://s3.amazonaws.com https://s3-ca-central-1.amazonaws.com https://s3-ap-southeast-2.amazonaws.com https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://s3-eu-west-3.amazonaws.com https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php; 3
default-src 'none'; base-uri 'self'; media-src 'self'; frame-src https://www.youtube.com/ https://docs.google.com/ https://forms.gle/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.google.com/translate_a/element.js https://translate.googleapis.com https://translate-pa.googleapis.com/v1/supportedLanguages; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com/css2; font-src https://fonts.gstatic.com https://ka-f.fontawesome.com; img-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://www.google.com/images/cleardot.gif https://translate.googleapis.com/translate_static/img/loading.gif https://translate.google.com; connect-src 'self' https://dream-platform.net https://ka-f.fontawesome.com https://translate.googleapis.com; object-src 'self' 3
object-src 'none'; form-action 'self' 3
upgrade-insecure-requests; frame-ancestors 'self' https://avalara.sb.amp.vg https://avalara.amp.vg 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
report-uri https://allegrocredit.report-uri.com/r/d/csp/reportOnly;frame-ancestors 'self' 3
frame-ancestors 'self' https://brita-int.ff360.de 3
default-src 'self';     style-src 'self' 'unsafe-inline' *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/;     img-src 'self' data: *.adition.com/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/;     frame-src 'self' *.addthis.com *.adsrvr.org/ *.adyen.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com;     connect-src 'self' *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com;     font-src 'self' data: *.adyen.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/;     media-src 'self' *.briteverify.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ 3
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-0cea9cd7-8340-4a50-bb59-65f7fc85d235'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-0cea9cd7-8340-4a50-bb59-65f7fc85d235'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 3
default-src 'self' *.noibu.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' api.addressy.com data: bat.bing.com *.onetrust.com cookies-data.onetrust.io cdn.cookielaw.org *.browser-intake-datadoghq.eu *.mcangelus.com *.mapbox.com *.google.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net res.cloudinary.com *.contentsquare.net *.facebook.com ct.pinterest.com rd.livesupportserver.de *.uk.auth0.com *.eu.auth0.com *.abtasty.com *.feefo.com *.noibu.com wss://*.noibu.com vc-service.saleago.com *.salesmanago.pl the.sciencebehindecommerce.com *.wepowerconnections.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mcangelus.com *.googletagmanager.com cdn.cookielaw.org media-library.cloudinary.com *.google-analytics.com *.google.com *.teads.tv bat.bing.com *.gstatic.com *.contentsquare.net *.trustpilot.com *.abtasty.com *.googleapis.com *.feefo.com dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com; script-src-elem 'self' 'unsafe-inline' wss: app.storyblok.com *.salesmanago.pl *.g.doubleclick.net *.doubleclick.net cdn.cookielaw.org *.googletagmanager.com *.google.com *.gstatic.com bat.bing.com p.teads.tv connect.facebook.net *.adalyser.com *.contentsquare.net tag.rmp.rakuten.com *.widgets.webengage.com c.webengage.com s.pinimg.com *.mcangelus.com *.google-analytics.com *.liveperson.net *.lpsnmedia.net *.googlesyndication.com rd.livesupportserver.de *.dwin1.com *.cleverpush.com inteliwise-client.s3-eu-west-1.amazonaws.com cdn.inteliwise.com *.app.inteliwi.se *.googleadservices.com *.trustpilot.com *.noibu.com *.realytics.io *.realytics.net *.teads.tv *.abtasty.com sslwidget.criteo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.abtasty.com *.gstatic.com; frame-src 'self' https://* *.awin1.com *.zenaps.com; media-src 'self' res.cloudinary.com *.feefo.com *.vzaar.com; img-src 'self' res.cloudinary.com *.abtasty.com *.amazonaws.com *.feefo.com *.vzaar.com *.awin1.com *.zenaps.com blob: data: https:; font-src 'self' *.abtasty.com *.gstatic.com *.googleapis.com cdn.honey.io; frame-ancestors 'self' app.storyblok.com 3
same-origin 3
frame-ancestors 'self' *.11freunde.de *; 3
default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://fonts.googleapis.com/ https://services.postcodeanywhere.co.uk/ 'unsafe-inline'; img-src * 'self' data: https:; 3
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
frame-ancestors https://next.ritr.eu https://www.alfagames.sk https://alfagames.sk; 3
frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 3
frame-ancestors 'self' https://*.ageoflearning.com; 3
frame-ancestors 'self' http://*.synsam.com 3
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 3
base-uri 'self'; connect-src 'self' *.cookiepro.com *.google.com www.google.com.co www.google.com.br www.google.pt *.hotjar.com wss://ws26.hotjar.com *.hotjar.io *.googleapis.com *.onetrust.com cdn.cookielaw.org www.google-analytics.com *.readspeaker.com stats.g.doubleclick.net yoast.com; default-src 'self' ; font-src fonts.gstatic.com *.hotjar.com 'self' data:; frame-src *.doubleclick.net www.google.com 'self' www.youtube-nocookie.com *.hotjar.com cdn.cookielaw.org *.readspeaker.com gamma.euroland.com tools.eurolandir.com e.infogram.com art.kunstmatrix.com; img-src blob: 'self' data: i.ytimg.com cookie-cdn.cookiepro.com www.googletagmanager.com fonts.gstatic.com maps.googleapis.com *.google.com www.google.pt www.google.com.br www.google.com.co maps.gstatic.com www.google-analytics.com 0.gravatar.com *.hotjar.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com secure.gravatar.com www.google-analytics.com ps.w.org s.chkmkt.com; manifest-src 'self';media-src 'self'; object-src 'none';script-src www.youtube.com player.vimeo.com w.soundcloud.com www.google.com www.gstatic.com *.onetrust.com cdn.cookielaw.org *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiepro.com *.onetrust.com cdn.cookielaw.org p-eu.chkmkt.com *.readspeaker.com www.googletagmanager.com ajax.googleapis.com maps.gstatic.com maps.googleapis.com tools.eurolandir.com www.google-analytics.com e.infogram.com www.youtube-nocookie.com p-eu.chkmkt.com; style-src 'unsafe-inline' 'self' www.googletagmanager.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com tagmanager.google.com *.readspeaker.com s.chkmkt.com; worker-src 'self' blob:; 3
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com *.stripe.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.adsrvr.org; object-src *.googlesyndication.com; media-src dai.google.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com 3
frame-ancestors "none" 3
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 3
frame-ancestors 'self' https://trustseal.enamad.ir; 3
frame-ancestors 'self' https://showroom.alh.de https://www.hallesche.de https://www.alte-leipziger.de https://hallesche.de https://alte-leipziger.de https://vermittlerportal.al-h-konzern.de 3
form-action 'self', frame-ancestors 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3
default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com *.artfut.com zailaf.org *.yellowmessenger.com tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.tryndbuy.com widget.usersnap.com wd-ret.io tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://integration.richrelevance.com/* http://integration.richrelevance.com http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com  *.elastic-cloud.com *.scene7.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' zailaf.org tr.snapchat.com *.paytm.in afftracer.g2afse.com tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src  *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 3
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 3
font-src *.fonts.gstatic.com *.gstatic.com 'self' data: *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; form-action *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.authorize.net *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com 'self' data: *.hotjar.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.cheneliere.ca *.somabec.com *.editionscaractere.com *.erpi.com *.cloudfront.net *.zopim.com *.zopim.io cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.authorize.net sandbox-assets.secure.checkout.visa.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com *.googletagmanager.com *.cloudfront.net *.zdassets.com *.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.authorize.net t.elasticsuite.io *.google-analytics.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com *.hotjar.io *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.amazonaws.com *.pearsonerpi.com *.tcerpi.com *.zdassets.com *.zendesk.com zendesk-eu.my.sentry.io *.zopim.com *.zopim.io wss://widget-mediator.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' * 'unsafe-inline' data: blob: ws: wss: gap://ready file//*; child-src *; object-src *; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline'; font-src *; connect-src * ws: wss:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 3
default-src 'self'; connect-src 'self' yandex.ru *.yandex.ru *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.flomni.com *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net wss://link.v2.flomni.com react.bookieratings.net *.plat.services *.plat.direct; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com *.flomni.com *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net react.bookieratings.net *.googleoptimize.com; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com *.flomni.com *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net *.yandex.ru/ads/system/context.js react.bookieratings.net *.googleoptimize.com; img-src 'self' bookmaker-ratings.ru data: bookmaker-ratings.ru *.wp.com *.w.org *.gravatar.com *.facebook.com *.youtube.com *.flomni.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru *.ligastavok.ru ligastavok.ru *.yandex.net *.ytimg.com react.bookieratings.net cdn.promo.plat.services cdn.pb.plat.services cdn.promo.plat.direct cdn.pb.plat.direct cdn.np.plat.direct bookmaker-ratings.com.ua; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.flomni.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net react.bookieratings.net; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.flomni.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net vimeo.com sportrecs.com react.bookieratings.net; font-src 'self' 'unsafe-inline' *.gstatic.com *.flomni.com data:; media-src 'self' *.flomni.com *.yastatic.net *.adfox.ru *.yandex.net react.bookieratings.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 3
script-src  'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://cdn.siftscience.com/s.js  https://checkout.wompi.co/widget.js https://cdnjs.cloudflare.com https://secure.livechatinc.com https://cdn.livechatinc.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com; img-src 'self' blob: javascript: https://secure.livechatinc.com http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com data: *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co; font-src 'self' *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self' data:; frame-ancestors 'self' *.tableau.com  3
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 3
script-src *.pinterest.com ssl.gstatic.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.instagram.com js.stripe.com code.jquery.com *.qrplanet.com *.qrd.by *.qr1.at maps.googleapis.com maps.google.com maps.gstatic.com *.facebook.net *.twitter.com *.tawk.to cdnjs.cloudflare.com cdn.datatables.net ajax.cloudflare.com data: blob: 'unsafe-inline' 'unsafe-eval' 'self';                              connect-src *.qrplanet.com *.qr1.at *.qrd.by jungidee.at *.googleapis.com *.facebook.com *.tawk.to wss://*.tawk.to 'self';                                     img-src *.pinterest.com i.pinimg.com *.google.at *.google.com *.google-analytics.com app.statuscake.com *.qrplanet.com *.qrd.by *.qr1.at s3.amazonaws.com maps.gstatic.com maps.googleapis.com maps.google.com secure.gravatar.com s.w.org tawk.link *.tawk.to cdn.jsdelivr.net media.licdn.com *.fbcdn.net *.fbsbx.com *.twitter.com *.facebook.com *.google.com blob: data: 'self';                                         style-src *.qrplanet.com *.qrd.by *.qr1.at *.tawk.to cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline' 'self';                                            font-src *.tawk.to fonts.gstatic.com fonts.googleapis.com data: * 'self';                                   default-src * data: blob:; 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;frame-ancestors 'self' https://*.singtel.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: intent: fb-messenger:; frame-ancestors self; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3
frame-ancestors 'self' https://*.biahosted.com https://*.safecharge.com https://*.paymentiq.io 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3
“default-src" 3
default-src 'self'; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; connect-src *; object-src 'none'; form-action *; frame-ancestors 'self'; child-src *; 3
frame-ansectors 'self' 3
: upgrade-insecure-requests 3
default-src 'none'; connect-src 'self' https://094-chh-722.mktoresp.com https://api.hubapi.com https://basemaps.arcgis.com https://cdn.arcgis.com https://dc.services.visualstudio.com https://dpm.demdex.net https://esp-eu.aptrinsic.com https://forms.hubspot.com https://js.arcgis.com https://ocm.elase.pohjolavakuutus.fi https://ocm.op-media.fi https://opservicesltd.d3.sc.omtrdc.net https://pui.episerver.net https://static.arcgis.com https://www.arcgis.com https://northeurope-4.in.applicationinsights.azure.com; font-src 'self' https://fonts.gstatic.com https://dhm5hy2vn8l0l.cloudfront.net https://js.arcgis.com; frame-ancestors 'self'; frame-src 'self' https://c1.adform.net https://cdn.krxd.net https://email.op-media.fi https://episerveridentity.b2clogin.com https://manager.emea01.idio.episerver.net https://survey.zef.fi https://tr.snapchat.com https://w.soundcloud.com http://www.youtube-nocookie.com http://www.youtube.com https://cg.optimizely.com; img-src 'self' data: https://a.emea01.idio.episerver.net https://a.usea01.idio.episerver.net https://beacon.krxd.net https://cdn.arcgis.com https://dl.episerver.net http://i.idio.co https://i.ytimg.com https://js.arcgis.com https://opservicesltd.d3.sc.omtrdc.net https://px.ads.linkedin.com https://server.seadform.net https://t.co https://track.hubspot.com https://www.facebook.com https://www.google.com https://www.google.fi https://www.linkedin.com https://www.op.fi; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vo.msecnd.net https://ajax.googleapis.com https://analytics.twitter.com https://a.emea01.idio.episerver.net https://api.emea01.idio.episerver.net https://assets.adobedtm.com https://beacon.krxd.net https://cdn.jsdelivr.net https://cdn.krxd.net https://connect.facebook.net https://consumer.krxd.net https://dl.episerver.net https://googleads.g.doubleclick.net https://js.arcgis.com https://munchkin.marketo.net https://s.emea01.idio.episerver.net https://s.usea01.idio.episerver.net https://s2.adform.net https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://tags.op-palvelut.fi https://track.adform.net https://www.googleadservices.com https://www.googletagmanager.com https://web-sdk-eu.aptrinsic.com https://www.youtube.com https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dl.episerver.net https://js.arcgis.com https://web-sdk-eu.aptrinsic.com; media-src 'self'; worker-src blob: 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; img-src 'self' https://marvel-b1-cdn.bc0a.com https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net *; upgrade-insecure-requests; script-src https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' * blob:; block-all-mixed-content; 3
default-src 'self' *.facebook.com; media-src *.tidiochat.com; style-src 'self' 'unsafe-inline' *.on.aws *.popt.in *.tidiochat.com code.tidio.co cdn.datatables.net cdnjs.cloudflare.com *.bootstrapcdn.com *.google.com *.googleapis.com *.klarnacdn.net *.ladesk.com *.mailchimp.com static.bambora.com *.trackjs.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.clarity.ms cdn.popt.in back.verkter.net verkter.net *.irankiai.lt *.tidiochat.com code.tidio.co cdnjs.cloudflare.com *.bootstrapcdn.com *.facebook.net cdn.datatables.net *.google.com *.googleapis.com googleads.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.jquery.com *.hotjar.com *.klarna.com *.klarnacdn.net *.ladesk.com *.mokilizingas.lt *.newrelic.com *.nr-data.net *.trustpilot.com static.bambora.com *.trackjs.com omnisrc.com *.soundestlink.com omnisnippet1.com; img-src * data:; font-src 'self' data: *.popt.in *.cloudflare.com *.tidiochat.com *.bootstrapcdn.com *.gstatic.com *.klarnacdn.net code.tidio.co *.trackjs.com; frame-src 'self' *.doubleclick.net *.tidiochat.com bid.g.doubleclick.net *.bonusway.com *.facebook.com *.google.com *.googletagmanager.com *.hotjar.com *.klarna.com *.ladesk.com *.liisi.ee *.mokilizingas.lt *.trustpilot.com *.youtube.com *.trackjs.com omniform1.com code.tidio.co; connect-src 'self' *.clarity.ms *.cloudfront.net *.popt.in google.com *.google-analytics.com *.google.com *.google.lt *.analytics.google.com wss: *.tidiochat.com *.klarnaevt.com *.playground.klarnaevt.com *.hotjar.com *.facebook.com *.google-analytics.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarna.com *.nr-data.net *.postit.lt postit.lt stats.g.doubleclick.net *.googleapis.com code.tidio.co static.bambora.com verkter.net *.verkter.net *.trackjs.com; report-uri /csp.php 3
frame-ancestors 'self' *.ikost.com 3
default-src 'self' 'unsafe-inline' *.circlys.com *.google.com unpkg.com cdn.jsdelivr.net static.cloudflareinsights.com www.youtube.com www.googletagmanager.com code.jquery.com *.gstatic.com googleads.g.doubleclick.net static.doubleclick.net *.googleapis.com seal.digicert.com cybercube.co.in ajax.cloudflare.com cdn.leantech.me static.cloudflareinsights.com www.google-analytics.com cdn.growthbook.io; form-action 'self'; frame-ancestors 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 3
script-src 'self'; object-src 'self' 3
img-src *; object-src 'none'; frame-ancestors 'none' 3
img-src 'self' data:; 3
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: ws: 3
default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' *  'unsafe-inline' ; 3
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 3
frame-src https://*; child-src https://*; report-uri /report-csp-violation; upgrade-insecure-requests 3
default-src  'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src  'self' *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com  https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src  'self' 3
frame-ancestors 'self' https://tm.bestbuy.com https://tracker-cloud.prod.greatcall.com https://inventory-tracking-scan-app-prod.apps.kmtah5fd.centralus.aroapp.io https://coreblue-blue.na.bestbuy.com https://coreblue-green.na.bestbuy.com https://coreblue.na.bestbuy.com https://bby.crm.dynamics.com https://order-pickup.bdc.dc.containers.bestbuy.com https://mfa1.bestbuy.com https://pdw01sucwb01c.na.bestbuy.com:6443 https://pdw01sucwb02c.na.bestbuy.com:6443 https://pdw01sucwb03c.na.bestbuy.com:6443 https://pdw01sucwb04c.na.bestbuy.com:6443 https://pdw01sucwb05c.na.bestbuy.com:6443 https://pdw01sucwb06c.na.bestbuy.com:6443 https://pdw02sucwb01d.na.bestbuy.com:6443 https://pdw02sucwb02d.na.bestbuy.com:6443 https://pdw02sucwb03d.na.bestbuy.com:6443 https://pdw02sucwb04d.na.bestbuy.com:6443 https://pdw02sucwb05d.na.bestbuy.com:6443 https://pdw02sucwb06d.na.bestbuy.com:6443 https://pdw01sucwb01c.na.bestbuy.com:9443 https://pdw01sucwb02c.na.bestbuy.com:9443 https://pdw01sucwb03c.na.bestbuy.com:9443 https://pdw01sucwb04c.na.bestbuy.com:9443 https://pdw01sucwb05c.na.bestbuy.com:9443 https://pdw01sucwb06c.na.bestbuy.com:9443 https://pdw02sucwb01d.na.bestbuy.com:9443 https://pdw02sucwb02d.na.bestbuy.com:9443 https://pdw02sucwb03d.na.bestbuy.com:9443 https://pdw02sucwb04d.na.bestbuy.com:9443 https://pdw02sucwb05d.na.bestbuy.com:9443 https://pdw02sucwb06d.na.bestbuy.com:9443 https://pdw01khuwb01a.na.bestbuy.com:6443 https://pdw01khuwb01b.na.bestbuy.com:6443 https://pdw01khuwb02a.na.bestbuy.com:6443 https://pdw01khuwb02b.na.bestbuy.com:6443 https://pdw02khuwb01d.na.bestbuy.com:6443 https://pdw02khuwb02d.na.bestbuy.com:6443 https://pdw02khuwb03d.na.bestbuy.com:6443 https://pdw02khuwb04d.na.bestbuy.com:6443 https://eappwebv1-bdc.na.bestbuy.com https://eappwebv1-hdc.na.bestbuy.com https://eappwebv1.na.bestbuy.com https://eappwebv2-bdc.na.bestbuy.com https://eappwebv2-hdc.na.bestbuy.com https://eappwebv2.na.bestbuy.com https://eappwebv1-ws-bdc.na.bestbuy.com https://eappwebv1-ws-hdc.na.bestbuy.com https://eappwebv1-ws.na.bestbuy.com https://pos.na.bestbuy.com https://pos-pd.na.bestbuy.com https://poslocal.naretail.na.bestbuy.com https://backroom-mobile.bdc.dc.containers.bestbuy.com https://backroom-desktop.bdc.dc.containers.bestbuy.com https://backroom-cfc-mobile-webapp-int-backroom.bdc.dc.containers.bestbuy.com https://backroom-cfc-desktop-webapp-int-backroom.bdc.dc.containers.bestbuy.com https://pdw01khuwb01a.na.bestbuy.com:9443 https://pdw01khuwb01b.na.bestbuy.com:9443 https://pdw01khuwb02a.na.bestbuy.com:9443 https://pdw01khuwb02b.na.bestbuy.com:9443 https://pdw02khuwb01d.na.bestbuy.com:9443 https://pdw02khuwb02d.na.bestbuy.com:9443 https://pdw02khuwb03d.na.bestbuy.com:9443 https://pdw02khuwb04d.na.bestbuy.com:9443 https://eapplicationvs-hdc.na.bestbuy.com https://eapplicationvs-bdc.na.bestbuy.com https://eapplicationvs.na.bestbuy.com; 3
script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com; 3
default-src blob: https: wss: 'unsafe-eval' 'unsafe-inline' 'self'; style-src https: 'unsafe-inline'; frame-ancestors https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.doubleclick.net 'self'; frame-src https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.google.com  https://*.doubleclick.net 'self'; object-src 'none'; font-src https: data:; img-src https: data:; 3
default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 3
default-src *.bbb.org *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.benlomandconnect.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co billing.benlomandconnect.com *.cooperative.com *.google-analytics.com cloudfront.net *.ctctcdn.com *.marketingautomation.services gmpg.org *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com speedcheck.blomand.net *.azgt.coop; 3
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 3
default-src 'self'; script-src 'self'  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: http://c.seznam.cz; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; 3
script-src 'self' cdnpt.com *.cdnpt.com *.priceres.com.mx *.priceres.com *.priceres.co *.googleapis.com *.googletagmanager.com onesignal.com *.onesignal.com *.google-analytics.com *.hotjar.com *.ladesk.com 'unsafe-inline' 'unsafe-eval' connect.facebook.net api.beyond-experience.com www.thehotelsnetwork.com js.hs-scripts.com services.xg4ken.com static.sojern.com snap.licdn.com svht.tradedoubler.com cdn.mouseflow.com tracker.metricool.com assets.anytrack.io cdnjs.cloudflare.com cdn.jsdelivr.net 3
default-src https:; connect-src https:; font-src https: data:; frame-src https: com.amazon.mobile.shopping.web:; img-src http: https: data: blob:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: 3
frame-ancestors 'self' https://*.storyblok.com/ 3
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://ssol.co https://*.inchcapedigital.com; 3
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudflareinsights.com https://bat.bing.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.google.co.uk https://*.google.com https://bat.bing.com; connect-src 'self' https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://bat.bing.com; object-src 'none'; upgrade-insecure-requests; 3
default-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.adform.net *.gstatic.com fonts.googleapis.com;             style-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gstatic.com fonts.googleapis.com 'unsafe-inline';             script-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl 'unsafe-inline' 'unsafe-eval';             img-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee vimeo.com *.vimeo.com *.vimeocdn.com *.every-pay.com *.every-pay.eu data: filesystem: blob:;             connect-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee;             frame-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net vimeo.com *.vimeo.com *.vimeocdn.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl data:;             frame-ancestors 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee  ;             object-src 'none';             sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-popups-to-escape-sandbox allow-downloads; 3
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/  https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.cdninstagram.com *.fbcdn.net *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ *.userway.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ *.userway.org https://assets-cdn.woowup.com https://js.pusher.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com thm.visa.com ekr.zdassets.com/ *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://fonts.gstatic.com/ https://fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://h.online-metrix.net/ *.h.online-metrix.net https://*.cardinalcommerce.com/ 'self' 'unsafe-inline'; 3
script-src 'unsafe-eval' 'unsafe-inline' 'self' widget-mediator.zopim.com anglingdirect.de *.anglingdirect.de *.cloudmaestro.com js.stripe.com static.klaviyo.com *.anglingdirect.fr *.anglingdirect.nl www.googletagmanager.com www.google-analytics.com *.cloudfront.net static.hotjar.com www.anglingdirect.de www.anglingdirect.fr www.anglingdirect.nl script.hotjar.com connect.facebook.net x.klarnacdn.net polyfill.io expressentry.melissadata.net register.feefo.com api.feefo.com static-tracking.klaviyo.com js-agent.newrelic.com r.stripe.com bam.eu01.nr-data.net static.mention-me.com tag.mention-me.com anglingdirect.mention-me.com mention-me.com www.dwin1.com www.zenaps.com www.awin1.com *.braintreegateway.com www.google.com www.gstatic.com *.paypal.com *.crazyegg.com blob: *.mouseflow.com www.youtube.com lantern.roeyecdn.com; report-uri /.webscale/csp-report 3
img-src 'self' * blob: data:;script-src 'self' https://static.line-scdn.net;default-src 'self' https://api.line.me;frame-src 'self' *;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3
script-src 'self' http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://tiles.apache.org/tags-tiles 'unsafe-inline' 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.brightcove.com *.brightcove.net *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.ca *.franklintempleton.com *.ftsites.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.mypurecloud.com *.outbrain.com *.usw2.pure.cloud *.qualtrics.com *.twimg.com *.yimg.com amplify.outbrain.com analytics.twitter.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net connect.facebook.net dhqbrvplips7x.cloudfront.net leadlogic.aimlogic.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.clarity.ms www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ;  connect-src 'self' *.akamaihd.net *.analytics.google.com *.apolloplatform.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.franklintempleton.ca *.canadaaccounts.ca *.frk.com *.ftsites.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.kampyle.com *.marketo.com *.mktoresp.com *.mktoutil.com *.mypurecloud.com *.usw2.pure.cloud *.onetrust.com *.onetrust.io *.outbrain.com *.qualtrics.com *.widen.net *.widencdn.net 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io dc.services.visualstudio.com dhqbrvplips7x.cloudfront.net franklin2022cr.q4web.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io 1g2bbb8lqj.execute-api.us-east-1.amazonaws.com n85sog88a3.execute-api.us-east-1.amazonaws.com qhqt7tkknl.execute-api.us-east-1.amazonaws.com pdswebapi.fti-cloud.com resources.digital-cloud-west.medallia.com s.yimg.com wss://*.decibelinsight.com wss://*.decibelinsight.net wss://cobrowse.mypurecloud.com wss://streaming.mypurecloud.com wss://streaming.usw2.pure.cloud www.facebook.com www.fti.wallst.com www.google-analytics.com www.google.at www.google.be www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk ;  img-src 'self' data: *.adroll.com *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.co.in *.google.co.uk *.google.com *.google.pl *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.mypurecloud.com *.outbrain.com *.qualtrics.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net analytics.twitter.com bat.bing.com browser-update.org c.clarity.ms d21y75miwcfqoq.cloudfront.net di.rlcdn.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk ;  font-src 'self' data: *.franklintempleton.com *.franklintempleton.lu *.ftsites.com dhqbrvplips7x.cloudfront.net fonts.googleapis.com fonts.gstatic.com templeton.com ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com *.mypurecloud.com dhqbrvplips7x.cloudfront.net fonts.googleapis.com fonts.gstatic.com platform.twitter.com ;  worker-src blob: ; 3
default-src * 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors https://*.qq.com 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com; img-src 'self' data: *.cloudfront.net *.google-analytics.com *.google.com *.kaptcha.com *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net; connect-src 'self' *.roblox.com *.robloxlabs.com *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net; 2
default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.facebook.com *.fbcdn.net *.whatsapp.com *.whatsapp.net https://*.facebook.net;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com *;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: *;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests; 2
base-uri 'self'; default-src *; img-src * data:; object-src 'none'; script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='; style-src 'unsafe-inline' https://archive.org/ https://*.archive.org/ https://offshoot.prod.archive.org/; 2
frame-ancestors 'self' https://cms.w3.org/; upgrade-insecure-requests 2
frame-ancestors 'self' https://*.un.org; 2
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 2
frame-ancestors 'self' *.cnbc.com *.acorns.com; 2
upgrade-insecure-requests; frame-ancestors 'self'  *.webex.com *.cisco.com app.socio.events https://app.socio.events; 2
default-src https: 'unsafe-inline' data: blob:; frame-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; media-src https: 'unsafe-inline' blob:; img-src https: http: data: blob:; frame-ancestors https: 2
form-action https:; frame-ancestors https://app.contentful.com 2
frame-ancestors 'self' https://www.entrust.com; default-src https: data: wss://*.hotjar.com; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data: blob: mediastream:; child-src https: blob:; worker-src blob:; connect-src https:; 2
frame-ancestors 'self' https://braze.com https://*.braze.com https://braze.co.jp https://www.braze.co.jp 2
frame-ancestors https://voxmedia.stories.usechorus.com 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com; media-src * blob:; worker-src * blob:; 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 2
frame-ancestors 'self' https://*.target.com; 2
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.amplitude.com https://websdk.appsflyer.com https://acdn.adnxs.com/ https://app.viralsweep.com/ https://s.yimg.com https://sp.analytics.yahoo.com https://widget.surveymonkey.com https://www.youtube.com/ https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/tiktok/falcon/embed/ js.adsrvr.org ajax.googleapis.com www.googleadservices.com https://static.zdassets.com https://widget-mediator.zopim.com life360.zendesk.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net static.ads-twitter.com analytics.twitter.com analytics.tiktok.com bat.bing.com sf16-scmcdn-va.ibytedtos.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://www.datadoghq-browser-agent.com/ https://js.appboycdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://use.fontawesome.com/ https://lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/tiktok/falcon/embed/embed_lib_v1.0.11.css; connect-src 'self' https://www.google.com/pagead/landing https://adservice.google.com https://wa.appsflyer.com https://www.facebook.com https://privacyportal.onetrust.com https://static.zdassets.com wss://widget-mediator.zopim.com https://sdk.iad-01.braze.com/api/v3/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://geolocation.onetrust.com https://amplitude.life360.com/ https://amplitude.qa.life360.com/ https://api.amplitude.com https://life360.onelink.me https://wa.onelink.me https://bat.bing.com https://s.yimg.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://ekr.zdassets.com https://life360.onelink.me https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com stats.g.doubleclick.net cdn.cookielaw.org life360.zendesk.com support.life360.com https://boards-api.greenhouse.io analytics.tiktok.com; img-src 'self' https://www.google.ca/ads https://ib.adnxs.com https://adservice.google.com https://fonts.gstatic.com https://a-tiles.locationiq.org https://b-tiles.locationiq.org https://c-tiles.locationiq.org https://braze-images.com/appboy/communication/assets/ life360-wordpress.s3.amazonaws.com https://www.cloudfront.net life360.zendesk.com https://segment.prod.bidr.io https://cdn.blisspointmedia.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io cdn.cookielaw.org insight.adsrvr.org support.life360.com www.googletagmanager.com https://www.google-analytics.com/ https://www.analytics.google.com https://www.google.com t.co www.facebook.com https://bat.bing.com https://sp.analytics.yahoo.com https://i.ytimg.com https://v2assets.zopim.io https://static.zdassets.com data: 0.gravatar.com https://secure.gravatar.com/; child-src 'self' https://www.surveymonkey.com https://platform.twitter.com/ https://www.tiktok.com/ https://app.viralsweep.com/ cdn.cookielaw.org insight.adsrvr.org www.ajax.googleapis.com www.youtube.com www.youtube-nocookie.com www.google.com www.facebook.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://cdn.braze.com/appboy/communication/assets/ data:; worker-src blob:; 2
frame-ancestors 'self' https://mycourses.w3schools.com; 2
frame-ancestors *.mediafire.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
block-all-mixed-content; default-src * data: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: data: 'unsafe-inline' 'unsafe-eval'; child-src * blob: data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline' 'unsafe-eval'; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 2
report-uri /v1/csplog; block-all-mixed-content 2
report-uri https://cspreport.bol.com/report/b/16218 ; default-src https://tpc.googlesyndication.com https://www.bol.com https://beta.bol.com ;  connect-src https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://api.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://firefly.bol.com https://spoor.bol.com https://suggestions.bol.com https://swa.bol.com https://txrx.bol.com https://www.bol.com https://beta.bol.com ;  font-src data: https://*.s-bol.com https://fonts.gstatic.com https://partner.bol.com https://secure.ogone.com https://www.bol.com https://beta.bol.com ;  frame-src https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.safeframe.googlesyndication.com https://*.youtube-nocookie.com https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://www.bol.com https://www.facebook.com https://www.google.com https://beta.bol.com ;  img-src blob: data: https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.contentstack.com https://*.contentstack.eu https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.moatads.com https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://cdn.kobo.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://getbook.kobo.com https://img.youtube.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://txrx.bol.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.ups.com https://beta.bol.com ;  manifest-src https://static.bol.com ;  media-src blob: https://*.contentstack.com https://*.contentstack.eu https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com https://beta.bol.com ;  object-src https://www.bol.com https://beta.bol.com ;  script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.adyen.com https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.moatads.com https://*.s-bol.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://firefly.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://txrx.bol.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://beta.bol.com ;  style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://txrx.bol.com https://www.bol.com https://beta.bol.com ;  worker-src blob: https://www.bol.com https://beta.bol.com ;  frame-ancestors 'self' ; 2
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de tile.tracestrack.com *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.pl  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.lpsnmedia.net *.liveperson.net *.doubleclick.net analytics.twitter.com assets.adobedtm.com bat.bing.com *.clicktale.net *.tvsquared.com connect.facebook.net *.googlesyndication.com secure.quantserve.com *.qualtrics.com smct.co track.uniqodo.com www.dwin1.com www.google-analytics.com www.googletagmanager.com static.ads-twitter.com staging-liveperson-dtm.herokuapp.com cdn.tt.omtrdc.net *.demdex.net ssl.google-analytics.com britishskybroadcasti.tt.omtrdc.net platform.twitter.com s0.2mdn.net www.zenaps.com *.google.com *.google.co.uk *.google.ie www.facebook.com *.optimizely.com cdn.spatialbuzz.com cdn.privacy-mgmt.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com www.gstatic.com cdnjs.cloudflare.com rules.quantcount.com t.contentsquare.net contentsquare.com app.contentsquare.com cdn-assets-prod.s3.amazonaws.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com dmp.vfwmrm.net *.snapchat.com secure.adnxs.com www.uqd.io *.yimg.com yahoo.com smct.co js.smct.co smct.io js.smct.io js-cdn.dynatrace.com unpkg.com maps.googleapis.com cdn.co-buying.com *.yext-pixel.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com assets.sitescdn.net content.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com *.awin1.com the.sciencebehindecommerce.com edge.adobedc.net t.promotionx.io analytics.tiktok.com c.amazon-adsystem.com; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com www.google-analytics.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com fonts.googleapis.com assets.sitescdn.net; font-src 'self' data: *.sky.com fonts.gstatic.com *.skyassets.com use.typekit.net *.google.com *.google.co.uk *.google.ie sky.lucidcx.com *.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io fonts.gstatic.com; img-src 'self' data: android-webview-video-poster: *.sky.com *.doubleclick.net *.skyassets.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com www.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com *.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io maps.gstatic.com maps.googleapis.com a.mktgcdn.com *.yext-pixel.com aax-eu.amazon-adsystem.com a.promotionx.io cm.g.doubleclick.net cms.quantserve.com mwzeom.zeotap.com c.amazon-adsystem.com analytics.tiktok.com; connect-src 'self' blob: android-webview-video-poster: *.sky.com wss://*.sky.com *.skyassets.com *.bskyb.com api.amplitude.com bat.bing.com *.bf.dynatrace.com britishskybroadcasti.tt.omtrdc.net *.clicktale.net *.optimizely.com cdn.privacy-mgmt.com *.demdex.net *.doubleclick.net *.assistant.watson.appdomain.cloud *.qualtrics.com vip.timezonedb.com www.google-analytics.com api.amplitude.com *.akstat.io api.iperceptions.com www.facebook.com www.zenaps.com https://google.com *.google.com *.google.co.uk *.google.ie s0.2mdn.net *.contentstack.io help-search-api-stage.herokuapp.com wss://*.liveperson.net *.lpsnmedia.net cdn.spatialbuzz.com prod-my-photo-api.herokuapp.com track.uniqodo.com connect.facebook.net engagement.uniqodo.com www.gstatic.com *.liveperson.net assets.adobedtm.com *.tvsquared.com *.googlesyndication.com www.googletagmanager.com *.contentsquare.net www.googleadservices.com *.lucidcx.com awk.epgsky.com production-retriever.herokuapp.com cdn-assets-prod.s3.amazonaws.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com *.snapchat.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk *.yimg.com smct.co smct.co js.smct.co smct.io js.smct.io ipb.smct.co ipb.smct.io cfg.smct.co cfg.smct.io ep.smct.co ep.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com maps.googleapis.com liveapi.yext.com poc.idscan.cloud prod.idscan.cloud *.yext-pixel.com spl.zeotap.com api.taggstar.com *.taggstar.com cdn.taggstar.com qa.taggstar.com the.sciencebehindecommerce.com *.wepowerconnections.com edge.adobedc.net a.promotionx.io t.promotionx.io insights.uniqodo.com justo.uniqodo.com mwzeom.zeotap.com analytics.tiktok.com c.amazon-adsystem.com; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net www.google-analytics.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net *.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com www.awin1.com c.amazon-adsystem.com; frame-ancestors 'self'; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob:; media-src 'self' data: *.sky.com *.skyassets.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com www.google-analytics.com *.contentsquare.net *.googlesyndication.com; object-src 'self' *.sky.com; report-uri /csp-reports 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 2
frame-ancestors 'self' https://*.mglu.io https://*.magalu.com https://*.luizalabs.com https://*.magazineluiza.com.br; 2
frame-ancestors 'self' https://*.sli.ke https://economictimes.indiatimes.com https://navbharattimes.indiatimes.com https://m.timesofindia.com https://m.economictimes.com https://gadgetsnow.com https://www.gadgetsnow.com https://www.google.com https://google.com https://static-toiimg-com.cdn.ampproject.org https://m-timesofindia-com.cdn.ampproject.org https://www.newspointapp.com https://timesofindia.indiatimes.com https://auto.timesofindia.com https://timesofindia-indiatimes-com.cdn.ampproject.org; 2
base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 2
frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 2
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2
frame-ancestors 'self'; script-src https://cfnimg.joyclub.de/ *.joyclub.de https://aa.joyclub.com/ https://maps.googleapis.com/ https://www.google.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://s.ytimg.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://connect.facebook.net/ blob: https://googleads.g.doubleclick.net/ https://paygate.novalnet.de/v2/ https://static.zdassets.com/ https://www.joyclub.de/cdn-cgi/ https://www.joyclub.com/cdn-cgi/ https://pagead2.googlesyndication.com/; upgrade-insecure-requests 2
frame-ancestors 'self' www.lgechat.com lgechat.com *.lgsolutions.com b2bmkt.lge.com; 2
frame-ancestors https://www.evernote.com https://stage.evernote.com https://app.preprod3.evernote.com 2
upgrade-insecure-requests; frame-ancestors *.cisco.com 2
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' http: https: 'strict-dynamic' 'sha256-XXdWM2WyPnxdbGkabhd+Z0MHKdvjaIHjYBIqwpQQv9E=' 'sha256-R/CAGqFl6mgfyijXO4RVSoiPYelEM4FX6oiLbfIAhQ8=' 'sha256-Z/J+GXilQFq6xrxWRqMxEnjc9k+nD3SWlIhWtr/920o=' 'sha256-eaRhvxD1NyP8b9GsCnJn4shBsc7mJmqH8vusmC6VJrs=' 'sha256-lntt6xwZpMVJD8VYW4eiAJ6xx2lnIJitf2UHpoGi0r4=' 'sha256-83juvUupKRYSMragzlotHzGgvCtWKBTR0kQDUyr+AmQ=' 'sha256-lSBqat2xN7xm/ycHlDdBg7UJJIcBn7WDifKUmXVtgT4=' 'sha256-V/TheyMCmwgw+8Nfml0ZvvAkVu61Dg6RiSSf1+LhPvI=' 'sha256-SeNJn0793awLPmzXvK4ocgge6Ni1c8lS1FkCdHGzUHc=' 'sha256-MkAmvDBlVwfQ+jrWZuqQd4TmRPa0m83PajZ/HzpWm6Y=' 'sha256-Z/t/BIMaLjizflJUbtyDXwjEAvBAy2E25xzCRtAmEFg=' 'sha256-IvePtD10kk8DeRtzeIDNWUDtgB+kA3gIJUccfguNWYk=' 'sha256-HfPhlS3ijO85KB6uXrhlnczNd/um/MwHWUp8dLX8dCw=' 'sha256-FnC/GFXRQ6pQY+VvM0zriP2+NARtSPc9aiiwJYsSB0k=' 'sha256-2B1kVvWX6lDFaomt4qrgzoOTL+RDIaREht/gwf+dmrc=' 'sha256-ATvSPXoPoVZMw1XRWhVtiK4jjAB2KcCt3ceOf/kA+QU=' 'sha256-iU7DDN0S6+7Lazzqnx27f7s++kdFdpHPrMW49FpecIc=' 'sha256-xbQmtG6w61ivvPsp1j2ylmBFe7I7x0BpkKvhBHZcJII='; style-src 'self' https: http: 'unsafe-inline'; font-src 'self' https: http:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.waze.com wac-stg.sandbox.google.com *.wikipedia.org clouderrorreporting.googleapis.com; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com www.gcp.wazestg.com www.waze.com; object-src 'none'; base-uri 'self'; default-src 'self'; img-src 'self' data: https: http: data:; report-uri https://csp.withgoogle.com/csp/wazelivemap/20240123_experiment 2
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'strict-dynamic' 'nonce-be80bf6072db0e05eb52542eae56db19' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com 2
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.ua  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 2
frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com  http://webvisor.com ; 2
report-uri https://csp-central.appspot.com/report_csp 2
default-src 'self' https://cutt.ly https://www.cutt.ly https://www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://cutt.ly https://www.cutt.ly;  img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.gstatic.com https://scontent.xx.fbcdn.net https://platform-lookaside.fbsbx.com https://www.facebook.com https://cutt.ly https://www.cutt.ly;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://cutt.ly https://www.cutt.ly;  font-src 'self' data: https://fonts.gstatic.com https://platform.twitter.com;  connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.fbcdn.net https://graph.facebook.com https://api.twitter.com https://cutt.ly https://www.cutt.ly;  frame-src 'self' https://challenges.cloudflare.com https://www.google.com https://www.facebook.com https://platform.twitter.com;  object-src 'none';  frame-ancestors 'self'; worker-src 'self' blob: https://challenges.cloudflare.com; 2
frame-ancestors 'self' https://yotpo--uat.sandbox.my.site.com https://partners.yotpo.com https://www.yotpo.com https://*.paperflite.com https://content.yotpo.com https://yotpo.app.workramp.com 2
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval';style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 2
default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 2
base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; 2
frame-ancestors http://*.wps.com https://*.wps.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.remotepc.com https://*.remotedesktop.com https://media.twiliocdn.com https://sdk.amazonaws.com https://static.idriveonlinebackup.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://api.maxaccess.io https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://*.stripe.com https://cdnjs.cloudflare.com https://bat.bing.com https://www.googletagmanager.com https://www.clarity.ms https://hcaptcha.com https://*.hcaptcha.com; img-src https://* 'self' data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.remotepc.com https://*.remotedesktop.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://catamphetamine.gitlab.io https://*.bootstrapcdn.com; font-src https://* data: ;object-src 'self' https://secure.livechatinc.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 2
frame-ancestors https://*.mintegral.com 2
frame-ancestors 'self' https://afiliados.locaweb.com.br 2
frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com mathworks--uat.sandbox.my.site.com mathworks--dev2.sandbox.my.site.com mathworks--dev1.sandbox.my.site.com mathworks--test3.sandbox.my.site.com mathworks--mangesha.sandbox.my.site.com; 2
frame-ancestors *.adguard.com *.adguard.app *.adguard.info 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org *.adguard.com *.adguard.app *.adguard.info 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.adguard.com *.adguard.app *.adguard.info 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.adguard.com *.adguard.app *.adguard.info 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard.app *.adguard.info 'self'; frame-src *; font-src *.adguard.org *.adguard.com *.adguard.app *.adguard.info 'self' data:; object-src https://cdn.adtidy.org *.adguard.com *.adguard.app *.adguard.info 'self'; media-src cdn.adtidy.org *.adguard.com *.adguard.app *.adguard.info 'self'; report-uri /api/141/security/?sentry_key=25d351967596406c8824d0677089b8ea; default-src *.adguard.com *.adguard.app *.adguard.info 'self' 2
frame-ancestors 'self' https://app.optimizely.com 2
default-src 'self' *.collegeboard.org; script-src 'self' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com assets.adobedtm.com cdn.cookielaw.org bat.bing.com www.clarity.ms d.clarity.ms 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net analytics.tiktok.com cdn.heapanalytics.com widgets.getsitecontrol.com www.youtube.com *.salesforceliveagent.com pixel.admedia.com pixel.s3xified.com service.force.com s.yimg.com connect.facebook.net ajax.cloudflare.com st.getsitecontrol.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ sc-static.net js.adsrvr.org match.adsrvr.org www.google.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js tpc.googlesyndication.com cdn.aimtell.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com conoret.com ucads-cdn.ucweb.com www.google-analytics.com www.pagespeed-mod.com bytedance.com sp.analytics.yahoo.com static.jungroup.com trkn.us serve.uberads.com *.stackadapt.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com *.appcues.net; style-src 'self' *.collegeboard.org 'unsafe-inline' service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com  *.my.salesforce-sites.com cdn.tt.omtrdc.net/cdn/adobetarget/admin.css d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css *.stackadapt.com wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net fonts.googleapis.com fonts.google.com 'unsafe-inline'; img-src 'self' *.collegeboard.org data: bat.bing.com www.facebook.com www.google.com *.doubleclick.net googleads.g.doubleclick.net *.clarity.ms *.heapanalytics.com app.getsitecontrol.com *.analytics.yahoo.com *.bing.com heapanalytics.com www.googletagmanager.com www.google.co.jp www.google.ca www.googletagmanager.com www.google.co www.google.com www.google.jo translate.google.com ssl.google-analytics.com d10lpsik1i8c69.cloudfront.net adservice.google.com *.appcues.com *.appcues.net res.cloudinary.com twemoji.maxcdn.com *; frame-src 'self' *.collegeboard.org www.surveygizmo.com bid.g.doubleclick.net googleads.g.doubleclick.net service.force.com js.adsrvr.org match.adsrvr.org beacon.aimtell.com tr.snapchat.com tpc.googlesyndication.com datacloudstat.com www.facebook.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com s3.amazonaws.com/cdn.aimtell.com/ *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org event.webcasts.com; frame-ancestors 'self' credentialfinder.org; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: st.getsitecontrol.com moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/ fonts.gstatic.com; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com www.facebook.com analytics.tiktok.com *.clarity.ms bat.bing.com app.getsitecontrol.com lambda.us-east-1.amazonaws.com signals.aimtell.com bam.nr-data.net settings.luckyorange.net cdn.aimtell.io log.aimtell.com s.yimg.com cognito-identity.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com beacon.aimtell.com adservice.google.com www.google.com api.ultimateaderaser.com privacyportal.onetrust.com  adtonus.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com gjtrack.ucweb.com/collect heapanalytics.com log.kslogs.ru/timesince plugin.ucads.ucweb.com/api rdtds.net/siblings/find stats.g.doubleclick.net www.google-analytics.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com get663.com support.adcleanerpage.com tr.snapchat.com hm.baidu.com/hm.gif dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net static.doubleclick.net full-apform.cs190.force.com yt3.ggpht.com cdn.mouseflow.com n2.mouseflow.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com *.stackadapt.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com 2
frame-ancestors 'self' *.quantcast.com *.quantcast.mgr.consensu.org quantcast.mgr.consensu.org *.eks.qcinternal.io 2
frame-ancestors 'self' azd.marketing.adobe.com 2
frame-ancestors https://playersupport.my.salesforce.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests 2
frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2
default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self'; default-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com; style-src 'self' 'unsafe-inline' *.walkme.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com; connect-src 'self' *.walkme.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors 'self' https://*.adobe.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://www.netsuite.com https://*.app.netsuite.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://netsuite-salechat-it.custhelp.com  https://netsuite-salechat-pl.custhelp.com https://netsuite-salechat-ru.custhelp.com https://netsuite-salechat-tr.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://tracking.netsuite.com https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net wss://idcs-oda-7fa1f5c9fa1841329f72d8695ac98c9a-da3.data.digitalassistant.oci.oraclecloud.com; font-src 'self' data: https://www.netsuite.com; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self'; object-src 'none'; report-uri https://tsddev.report-uri.com/r/d/csp/enforced; report-to default; 2
frame-ancestors 'self' https://webvisor.com 2
<csp_policy> 2
default-src https: blob: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src none; frame-src 'self' https: mailto: tel: *.usercentrics.com https://vars.hotjar.com; block-all-mixed-content 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors https://poshmark.com https://external.poshmark.com https://poshmark.lightning.force.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 2
default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com *.greenhouse.io 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://www.googleoptimize.com https://script.crazyegg.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.mutinycdn.com https://*.mutinyhq.io https://ajax.googleapis.com https://*.chilipiper.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.clearbit.com https://www.google.com https://www.googleanalytics.com https://optimize.google.com https://*.qualified.com https://assets-global.website-files.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://dev.visualwebsiteoptimizer.com; connect-src blob: data: 'self' https://sprig.com https://*.sprig.com *.userleap.com *.ingest.sentry.io https://api.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://script.crazyegg.com https://cdn.segment.com https://api.segment.io https://events.launchdarkly.com https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://ws.zoominfo.com https://scout-cdn.salesloft.com https://scout.salesloft.com https://boards-api.greenhouse.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.chilipiper.com https://*.mux.com https://storage.googleapis.com https://*.clearbit.com https://*.crazyegg.com https://cdn.linkedin.oribi.io wss://ws.qualified.com https://assets-global.website-files.com https://px.ads.linkedin.com https://forms.hscollectedforms.net; img-src https://*.sprig.com *.userleap.com *.assets-servd.host data: 'self' https://track.hubspot.com https://heapanalytics.com https://*.linkedin.com https://t.co https://p.adsymptotic.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.analytics.google.com https://*.doubleclick.net/ https://userleap.ghost.io https://*.hsforms.com https://i.vimeocdn.com https://www.gravatar.com https://*.googleadservices.com/ https://js.na.chilipiper.com https://*.mux.com https://*.mutinycdn.com https://analytics.twitter.com https://api.producthunt.com https://optimize.google.com https://uploads-ssl.webflow.com https://assets-global.website-files.com; style-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.na.chilipiper.com https://optimize.google.com https://fonts.googleapis.com https://assets-global.website-files.com; worker-src blob:; font-src https://*.sprig.com *.userleap.com 'self' data: https://fonts.gstatic.com https://app.sprig.com https://*.mutinycdn.com https://fonts.gstatic.com https://uploads-ssl.webflow.com https://assets-global.website-files.com; frame-src blob: https://sprig.com https://*.sprig.com *.userleap.com *.greenhouse.io 'self' https://meetings.hubspot.com/ https://player.vimeo.com/ https://app.hubspot.com/ https://share.transistor.fm/ https://www.facebook.com/ https://*.hsforms.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://*.chilipiper.com https://*.wistia.net https://optimize.google.com https://*.qualified.com https://cdn.embedly.com; media-src blob: 'self' https://*.mux.com https://sprig.com https://servd-white-cougar.b-cdn.net https://assets-global.website-files.com; form-action 'self' https://www.facebook.com/ https://*.hsforms.com/; frame-ancestors 'self'; 2
default-src 'self'; script-src 'report-sample' 'self' www.gstatic.com www.recaptcha.net; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' www.recaptcha.net; frame-ancestors 'none';  img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://656773b8ce75a73f0a4049d0.endpoint.csper.io/?v=0; worker-src 'none'; 2
frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com https://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://*.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.polyfill.io https://polyfill.io https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://secure.gravatar.com https://*.embed.ly https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://connect.facebook.net https://www.facebook.com https://adservice.google.co.in https://adservice.google.com.au https://adservice.google.ca https://*.verticalhealth.net https://d.turn.com https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://bcg.coupons.com https://*.embedly.com https://*.flashtalking.com https://*.adnxs.com https://*.adnxs-simple.com https://tracker.samplicio.us https://choices.truste.com https://choices.trustarc.com https://cf.adxcel.com https://*.accelerator.ibm.com https://*.serving-sys.com https://cdn.besafe.global https://api.lever.co https://*.segment.io https://*.segment.com https://sc.iasds01.com https://sb.voicefive.com https://*.scorecardresearch.com https://*.iqfp1.com https://*.dvtps.com https://*.pxsrv.net https://*.zentrick.com https://*.zentrick.name https://*.unwrapper.io https://*.dvva.io https://js.stripe.com https://fast.wistia.com https://platform.twitter.com https://*.doceree.com https://www.medtargetsystem.com https://*.hcn.health https://thrtle.com https://trc.lhmos.com https://api.prod.projectexodus.us https://js.appboycdn.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com https://intercom-sheets.com https://*.heydoctor.io https://*.deepintent.com https://*.moatads.com https://*.s.moatpixel.com https://*.adform.net https://*.jwpcdn.com https://*.jwplayer.com https://*.jwplatform.com https://*.jwpltx.com https://*.jwpsrv.com https://*.mux.com https://videos-fms.jwpsrv.com https://videos-cloudflare.jwpsrv.com https://*.datadoghq.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://pswec.com https://*.pswec.com https://sync.graph.bluecava.com https://*.adsrvr.org https://*.parsely.com https://*.qualtrics.com https://res.lassomarketing.io https://*.gvt1.com https://*.googlevideo.com https://*.quantummetric.com https://*.innovid.com https://btloader.com https://*.btloader.com https://ad-delivery.net https://*.ad-delivery.net https://*.ads2ads.net https://*.ads.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://*.videoamp.com https://secure-gl.imrworldwide.com https://*.trustpilot.com https://*.hcpverify.com https://*.iassist.com https://bid.contextweb.com https://rampjs-cdn.system1.com https://soflopxl.com https://p.alcmpn.com https://partners-medicare.askchapter.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://www.redditstatic.com https://alb.reddit.com https://use.fontawesome.com https://pixel.sbal4kp.com https://wsdk.rokt.com https://*.liadm.com https://*.braze.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' https://*.softpedia.com/; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 2
default-src 'self' *.vidyard.com *.onetrust.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval';                     img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;                     connect-src *;                     frame-src *;                     font-src * data:;                     media-src *; 2
frame-ancestors frame-ancestors 'self' 2
default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; frame-src https://hcaptcha-assets.threema.ch; img-src 'self' https://static.threema.ch data:; media-src 'self' data:; connect-src 'self' https://bugs.threema.ch https://hcaptcha-assets.threema.ch; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://work.threema.ch; upgrade-insecure-requests; block-all-mixed-content; base-uri https://threema.ch; report-uri https://bugs.threema.ch/api/14/security/?sentry_key=744c2cdf2cab49a492d3f26ff8733d0a; report-to default 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com *.rchsd.org *.ceros.com; 2
frame-ancestors 'self' *.grammarly.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2
frame-ancestors 'self' embed-v1.handelsblatt.com hbapp.handelsblatt.com amp2.handelsblatt.com grafik.handelsblatt.com preview-www.handelsblatt.com; 2
default-src 'self' *.gstatic.com *.guestplan.com *.weborama.fr https://cdn.guestplan.com/ https://pathenederland.qualifioapp.com https://files.qualifio.com *.googlesyndication.com *.bluebillywig.com https://www.cm.com data:; script-src-elem 'unsafe-inline' 'self' https://analytics.tiktok.com https://oa.openxcdn.net/esp.js https://cdn.prod.uidapi.com/uid2SecureSignal.js https://static.criteo.net/js/ld/publishertag.ids.js https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js https://cdn.id5-sync.com/api/1.0/esp.js https://cdn.guestplan.com *.googleadservices.com https://www.googletagservices.com  https://pathe.bbvms.com *.weborama.fr https://www.gstatic.com https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.emsecure.net *.bluebillywig.com *.bbvms.com *.mathtag.com *.googlesyndication.com *.jwpcdn.com *.360yield.com *.google.com *.moatads.com *.google.nl *.cloudflare.com *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.blueconic.net https://p969.pathe.nl *.googletagmanager.com *.pathe.nl https://webchat.digitalcx.com; frame-src 'self' https://cdn.guestplan.com https://www.360superview.nl https://media.adrcdn.com *.weborama.fr https://www.google.com/ https://pathenederland.qualifioapp.com https://files.qualifio.com *.360yield.com *.hostedbypoort80.nl *.poort80.nl *.pathe.nl *.doubleclick.net *.openstreetmap.org *.googlesyndication.com *.facebook.com; img-src 'self' *.media.tumblr.com https://gstpln-cdn-img-prod.azureedge.net https://cdn.guestplan.com https://images.assettype.com https://gifimage.net *.gifs.com *.giphy.com *.kinja-img.com https://pathe-cdp.triple-it.nl https://pathe.blueconic.net https://p969.pathe.nl *.weborama.fr connect.facebook.net  *.omnidesk.io *.kijkwijzer.nl https://gifimage.net *.adform.net *.adnxs.com https://id5-sync.com *.adyen.com *.bluebillywig.com *.bbvms.com *.gifs.com *.giphy.com *.kinja-img.com https://jwpltx.com *.doubleclick.net *.moatads.com *.smadex.com *.bidswitch.net *.crwdcntrl.net *.e-planning.net *.360yield.com *.googlesyndication.com *.hostedbypoort80.nl *.poort80.nl *.google-analytics.com *.pathe.nl *.facebook.com *.google.com *.google.nl data:; style-src 'self' https://fonts.googleapis.com/ https://cdn.guestplan.com https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.bluebillywig.com *.blueconic.net https://p969.pathe.nl 'unsafe-inline'; connect-src 'self' https://analytics.tiktok.com https://localhost:5013 https://etender-connect.com https://cdn.guestplan.com https://nominatim.openstreetmap.org https://pathenederland.qualifioapp.com https://files.qualifio.com wss://*.omnidesk.io *.omnidesk.io *.bbvms.com *.google-analytics.com *.360yield.com *.googlesyndication.com *.gstatic.com *.blueconic.net https://p969.pathe.nl *.doubleclick.net *.facebook.com *.hostedbypoort80.nl *.poort80.nl *.pathe.nl https://cxcomlive-webconvwa-weu.azurewebsites.net wss://cxcomlive-webconvwa-weu.azurewebsites.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bluebillywig.com https://www.googleadservices.com https://www.googletagservices.com https://partner.googleadservices.com *.weborama.fr https://cdn.guestplan.com https://pathenederland.qualifioapp.com https://files.qualifio.com *.hostedbypoort80.nl *.poort80.nl wss://*.omnidesk.io *.omnidesk.io https://pathe.bbvms.com   *.moatads.com *.mathtag.com *.jwpcdn.com *.cloudflare.com https://*.facebook.com https://*.facebook.net https://*.hostedbypoort80.nl https://*.poort80.nl     https://*.blueconic.net https://p969.pathe.nl https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com   https://*.gstatic.com https://*.doubleclick.net/ https://pathe.emsecure.net/ *.google.com *.google.nl *.360yield.com *.googlesyndication.com; frame-ancestors 'self' *.weborama.fr https://pathenederland.qualifioapp.com https://files.qualifio.com *.pathe.nl *.hostedbypoort80.nl *.poort80.nl; media-src 'self' wss://*.omnidesk.io https://cdn.guestplan.com https://pathe.blueconic.net https://p969.pathe.nl *.omnidesk.io *.bluebillywig.com *.cloudfront.net *.pathe.nl *.hostedbypoort80.nl *.poort80.nl *.triple-it.nl data:; 2
frame-ancestors 'self' https://cp.sprinthost.ru https://cp.sprintbox.ru https://metrika.yandex.ru http://webvisor.com; 2
base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io;frame-ancestors 'self'; 2
object-src 'none'; frame-ancestors 'self' https://www.ada-education.com/ https://*.mutinycdn.com/ *.ada.cx *.ada.support *.ada-dev.support *.ada-stage.support *.pendo.io *.okta.com *.ada-dev2.support; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.ada.support/ https://*.vidyard.com/ https://cdn.jsdelivr.net/ https://*.6sc.co/ https://*.twitter.com/ https://*.ads-twitter.com/ https://*.hubspot.com/ https://*.clarity.ms/ https://*.g2crowd.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsleadflows.net/ https://*.hscollectedforms.net/ https://*.hsadspixel.net/ https://*.hs-banner.com/ https://*.licdn.com/ https://www.google.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://bat.bing.com/ https://tribl.io/ https://tags.srv.stackadapt.com/ https://connect.facebook.net/ https://cmp.osano.com/ https://api.ipify.org/ https://*.zoominfo.com/ https://*.linkedin.com/ https://cdnjs.cloudflare.com/ https://adasupportinc.widget.insent.ai/ https://*.hscta.net/ https://*.github.io/ https://www.googleadservices.com/ https://*.hsappstatic.net/ https://embed.sounder.fm/ https://*.clearbitscripts.com/ https://*.clearbitjs.com https://*.mutinycdn.com/ https://*.hubspot.net/ https://*.smooch.io https://*.fullstory.com https://*.leandata.com https://clearout.io/ https://ajax.googleapis.com/ https://www.gstatic.com/recaptcha/ https://js.zi-scripts.com; upgrade-insecure-requests 2
child-src blob:;default-src 'self' https://*.wistia.com https://*.wistia.net;connect-src https://cdn.acsbapp.com https://analytics.google.com https://dogfood.blueconic.com https://pl21.blueconic.com https://assets.ctfassets.net https://viewlicense.adobe.io https://ngmrewndgx-dsn.algolia.net https://ngmrewndgx-2.algolianet.com https://ngmrewndgx-3.algolianet.com https://ngmrewndgx-1.algolianet.com https://ngmrewndgx-dsn.algolia.net https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://l.clarity.ms https://*.clarity.ms https://bat.bing.com https://ipv6.6sc.co/ https://c.6sc.co/ https://secure.adnxs.com https://cdn.linkedin.oribi.io https://epsilon.6sense.com https://358-xtm-616.mktoresp.com https://js.zi-scripts.com https://ws.zoominfo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://j.6sc.co https://acsbapp.com https://ws.zoominfo.com https://js.zi-scripts.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com https://munchkin.marketo.net https://secure.adnxs.com https://js.zi-scripts.com https://ipv4.d.adroll.com/ https://www.googleanalytics.com google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com www.google-analytics.com www.googletagmanager.com https://pl21.blueconic.com https://code.jquery.com https://cdn.jsdelivr.net https://dogfood.blueconic.com https://fast.wistia.com https://documentcloud.adobe.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://s.adroll.com/j/roundtrip.js https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://s.adroll.com https://d.adroll.com https://www.clarity.ms https://connect.facebook.net https://*.clarity.ms;style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fast.wistia.com https://pl21.blueconic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com/;font-src 'self' data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net https://fonts.gstatic.com https://*.wistia.com https://fonts.gstatic.com;img-src 'self' data: https://b.6sc.co https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com https://embed-ssl.wistia.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://pl21.blueconic.com pl21.blueconic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://bat.bing.com https://px.ads.linkedin.com https://d.adroll.com https://c.clarity.ms https://*.clarity.ms https://www.facebook.com https://c.bing.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://us-u.openx.net https://image2.pubmatic.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://ib.adnxs.com https://sync.taboola.com https://idsync.rlcdn.com https://image2.pubmatic.com https://px4.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://global.ib-ibi.com https://odr.mookie1.com https://privacy-policy.truste.com https://acsbapp.com;media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;worker-src 'self' blob:;frame-src 'self' https://358-xtm-616.mktoweb.com/ https://acsbapp.com http://358-xtm-616.mktoweb.com https://more.blueconic.com https://documentcloud.adobe.com https://fast.wistia.com https://fast.wistia.net 2
upgrade-insecure-requests; default-src 'self' https://pdfbuilder.mca.gov.in http://pdfbuilder.mca.gov.in http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ https://www.boportal.mca.gov.in/ http://www.boportal.mca.gov.in/ https://sso.mca.gov.in/ http://sso.mca.gov.in/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/disable-devtool http://cdn.jsdelivr.net/npm/disable-devtool https://v3chat.mca.gov.in/ http://v3chat.mca.gov.in/ http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ http://www.feedrapp.info https://www.feedrapp.info https://feedrapp.info seal.entrust.net; img-src 'self' https://cbpssubscriber.mygov.in http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/ seal.entrust.net  data: blob: filesystem:;style-src 'self' 'unsafe-inline' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; font-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; child-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; object-src 'self' http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; media-src 'self' blob: mediastream http://mca.gov.in/ https://mca.gov.in/ http://www.mca.gov.in/ https://www.mca.gov.in/ http://mca21.gov.in/ https://mca21.gov.in/ http://www.mca21.gov.in/ https://www.mca21.gov.in/ https://www.mygov.in/; connect-src 'self' https://pdfbuilder.mca.gov.in http://pdfbuilder.mca.gov.in http://www.mca.gov.in/ https://www.mca.gov.in/  wss: ws: https: ; frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ http://www.feedrapp.info data: blob: 2
frame-ancestors 'self' *.ais.co.th, font-src 'self'  *.ais.co.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com 2
report-uri /csp; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://lux.speedcurve.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com https://transferwise.com https://bidr.io https://cdn.speedcurve.com https://lux.speedcurve.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com; frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com https://transferwise.com 2
default-src * blob:; img-src * data: blob: resource: *.xmcdn.com *.ximalaya.com; connect-src * wss: blob: resource:; frame-src 'self' *.ximalaya.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com s.union.360.cn 360fenxi.mediav.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.xmcdn.com *.ximalaya.co hm.baidu.com s.union.360.cn cpro.baidustatic.com pos.baidu.com dup.baidustatic.com zz.bdstatic.com b.bdstatic.com jspassport.ssl.qhimg.com webcert.cnmstl.net; style-src 'self' 'unsafe-inline' *.xmcdn.com *.ximalaya.com resource:; frame-ancestors *.ximalaya.com; 2
default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2
child-src blob:; connect-src *.decibel.com edgeapi.ace.teliacompany.net awseukpi.whisbi.com t944.telia.se webprovisions-labs.humany.net 'self' https://*.doubleclick.net api.whisbi.com telia-natcenter.humany.net s3.eu-west-1.amazonaws.com/whi-deck-bucket-001/ *.kampyle.com chat.ace.teliacompany.net wss://*.decibelinsight.net eucentral1-widget.whisbi.com frontend-pre.s3-eu-west-1.amazonaws.com n467.telia.se nupload.whisbi.com widget.whisbi.com telia-se.blueconic.net api.ace.teliacompany.net wds.ace.teliacompany.com *.decibelinsight.net telia-se-b2b.blueconic.net chat2.ace.teliacompany.net static.whisbi.com https://ssgtm.telia.se cgchat.callguide.telia.com pwe.callguide.telia.com https://www.google-analytics.com eucentral1-nodeupload.whisbi.com telia.humany.net chat.ace.teliacompany.com geolocation.onetrust.com cdn.cookielaw.org eucentral1-api.whisbi.com *.medallia.eu; default-src localhost:41680 'self'; font-src webprovisions-labs.humany.net 'self' fonts.gstatic.com widget.whisbi.com wds.ace.teliacompany.com telia-natcenter.humany.net static.whisbi.com *.kampyle.com telia.humany.net eucentral1-widget.whisbi.com eucentral1-api.whisbi.com frontend-pre.s3-eu-west-1.amazonaws.com data: *.medallia.eu; frame-src www.telia.se 'self' *.kampyle.com https://*.doubleclick.net wds-s.ace.teliacompany.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com *.medallia.eu; img-src t944.telia.se webprovisions-labs.humany.net 'self' telia-natcenter.humany.net http://awseurtv3.whisbi.com *.kampyle.com https://www.google.se www.haynespro-services.com eucentral1-widget.whisbi.com frontend-pre.s3-eu-west-1.amazonaws.com humany.blob.core.windows.net https://www.google.com img.youtube.com n467.telia.se www.google.es/ads/ga-audiences widget.whisbi.com telia-se.blueconic.net telia-se-b2b.blueconic.net static.whisbi.com https://www.facebook.com/ awseurtv3.whisbi.com s3-eu-west-1.amazonaws.com/whi-deck-bucket-001/ https://www.googletagmanager.com www.haynespro-assets.com https://www.google-analytics.com telia.humany.net cdn.cookielaw.org plugins.blueconic.net *.medallia.eu data:; media-src 'self'; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src *.decibel.com t944.telia.se 'unsafe-inline' webprovisions-labs.humany.net 'self' telia-natcenter.humany.net *.kampyle.com core.dch.got.telia.se wds-s.ace.teliacompany.com eucentral1-widget.whisbi.com frontend-pre.s3-eu-west-1.amazonaws.com portal-hosting.humany.net pi.pardot.com https://connect.facebook.net core.dc.teliacompany.net n467.telia.se widget.whisbi.com blob: telia-se.blueconic.net wds.ace.teliacompany.com *.decibelinsight.net library.whisbi.com telia-se-b2b.blueconic.net static.whisbi.com cdn.pardot.com https://ssgtm.telia.se https://www.googletagmanager.com https://www.google-analytics.com telia.humany.net cdn.cookielaw.org geolocation.onetrust.com eucentral1-api.whisbi.com plugins.blueconic.net 'unsafe-eval' *.medallia.eu; style-src t944.telia.se core.dc.teliacompany.net 'unsafe-inline' n467.telia.se webprovisions-labs.humany.net 'self' widget.whisbi.com telia-se.blueconic.net wds.ace.teliacompany.com telia-se-b2b.blueconic.net telia-natcenter.humany.net *.kampyle.com core.dch.got.telia.se wds-s.ace.teliacompany.com telia.humany.net eucentral1-widget.whisbi.com plugins.blueconic.net *.medallia.eu; worker-src blob: 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com *.webex.com ciscosales.my.site.com *.sandbox.my.site.com 2
frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com https://appnews.ajc.com http://localhost:* 2
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com *.livechat.s3.amazonaws.com *.livechat-files.com; frame-ancestors 'self' directnic.net; 2
connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'unsafe-inline' https://chat.elster.de 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.hsn.com https://*.hsn.net 2
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 2
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' js.adsrvr.org *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;style-src 'self' data: 'unsafe-inline' *.sas.com fast.fonts.net *.cloudflare.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.brightcove.com *.googleapis.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;font-src * 'self' data: *.sas.com fast.fonts.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.adsrvr.org *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.service-now.com *.visualize-roi.com *.brightcove.com;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 2
default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn *.event.qnap.com  *.static.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src wss: http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com *.firebaseio.com 2
frame-ancestors 'self' *.appfolio.com *.appfolioinc.com *.appfolioinvestmentmanagement.com *.folio-guard.com *.storyblok.com 2
frame-ancestors 'self'; report-uri https://www.cbp.gov/report-uri/enforce 2
default-src https://s3.ap-northeast-1.amazonaws.com https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://static.ada.support https://wallet.advcash.com https://t.co https://analytics.twitter.com https://h.online-metrix.net https://*.kucoin.plus https://www.googleadservices.com https://googleads.g.doubleclick.net https://revain.org https://api.mobilum.com https://mc.yandex.ru https://widget.mobilum.com https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co  https://*.xcoinsystem.com https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://ekr.zdassets.com  https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com https://*.kucoin.work https://api.smooch.io https://*.legendtrading.com https://*.googleapis.com https://fastly.jsdelivr.net https://legendtrading.zendesk.com https://*.ckotech.co https://*.checkout.com https://*.veriff.me https://*.forter.com https://dkupaw9ae63a8.cloudfront.net https://monitor.geetest.com https://api.geevisit.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.plaid.com https://rpc.walletconnect.org https://rpc.walletconnect.com https://api.web3modal.org https://api.web3modal.com https://verify.walletconnect.org https://verify.walletconnect.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline' ; connect-src https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://kucoin.eu.ada.support https://rollout.eu.ada.support https://bigdata-scfx-push.kucoin.plus https://*.sentry.io https://www.googleadservices.com https://googleads.g.doubleclick.net  https://revain.org  https://api.mobilum.com  https://mc.yandex.ru  https://widget.mobilum.com  https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co https://*.kucoin.plus  https://*.xcoinsystem.com  https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io  https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://ekr.zdassets.com  https://www.tradingview.com https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com https://*.kucoin.work https://www.google.com.hk https://analytics.google.com https://api.smooch.io https://kucoinvip.zendesk.com https://api.legendtrading.com https://legendtrading.zendesk.com https://maps.googleapis.com https://*.ckotech.co https://*.checkout.com https://*.veriff.me https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com https://kucoinservice.zendesk.com https://hcaptcha.com https://*.hcaptcha.com https://rpc.walletconnect.org https://rpc.walletconnect.com https://api.web3modal.org https://api.web3modal.com https://verify.walletconnect.org https://verify.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline'; font-src http: https: data:; img-src http: https: data: blob:; worker-src http: https: data: blob:; child-src http: https: data: blob:; frame-ancestors 'self' https://kucoin.eu.ada.support https://www.google.co.jp https://www.google.com https://*.kucoin.com https://*.kucoin.biz https://*.kucoin.fit https://*.xcoinsystem.com https://*.kucoin.cloud https://*.kucoin.plus https://*.kucoin.work 2
default-src 'self' *.kpn.com; script-src 'self' cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self' kpn.blueconic.net; object-src 'self' 2
frame-ancestors 'self' refreshthis.com *.refreshthis.com 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
frame-ancestors https://*.storyblok.com https://*.complex.com 2
object-src 'none'; connect-src 'self' https://identitytoolkit.googleapis.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://hbopenbid.pubmatic.com https://pagead2.googlesyndication.com *.pubmatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.googlesyndication.com *.safeframe.googlesyndication.com https://ads.pubmatic.com https://www.google.com; worker-src 'none';manifest-src 'self'; 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2
frame-ancestors 'self' *.kugou.com 2
default-src 'self' customer-cubrih08bflu3z2b.cloudflarestream.com pages.churnbuster.io ghbtns.com *.algolia.net help.ghost.io resources.ghost.io tutorials.ghost.io changelog.ghost.io t.firstpromoter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://cdn.firstpromoter.com proxy-assets.churnbuster.io https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' proxy-assets.churnbuster.io; font-src 'self' rsms.me/inter/font-files/; img-src 'self' 'unsafe-inline' data: supapjpiqdfzuaordcdx.supabase.co/storage/ analytics.twitter.com https://t.co; connect-src 'self' https://*.algolia.net https://*.algolianet.com analytics.twitter.com https://ads-api.twitter.com/ t.firstpromoter.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 2
default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
frame-ancestors 'self' *.ncaa.com *.sdata-cloud.com 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 2
default-src 'self' data: https://cloud.ccm19.de wss://api.session-replays.io https://api.session-replays.io https://lb-api.visitor-analytics.io https://app-worker.visitor-analytics.io https://visits.visitor-analytics.io https://*.tum.de https://tum.de https://www.google.com/ https://ajax.googleapis.com https://cse.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.br.de https://maps.google.de https://geoportal.bayern.de https://www.googleapis.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://ngp.zdf.de https://www.arte.tv https://zdfvodnone-vh.akamaihd.net https://img.youtube.com https://www.ardaudiothek.de https://tum.cloud.panopto.eu https://vimeo.com https://player.vimeo.com https://open.spotify.com https://spotify.com https://anchor.fm/ https://www.ardmediathek.de 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
frame-ancestors 'self' sdiapi.com; 2
child-src 'self' *.catawiki.com *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net blob: cdn.catawiki.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; connect-src * wss://*.catawiki.com wss://*.hotjar.com wss://*.pusher.com; default-src 'self' *.catawiki.com cdn.catawiki.net; font-src 'self' *.catawiki.com cdn.catawiki.net cdn.kustomerapp.com fonts.gstatic.com script.hotjar.com static.criteo.net; form-action 'self' *.catawiki.com www.facebook.com; frame-src *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com www.google.com www.recaptcha.net widget.trustpilot.com; img-src * blob: data:; media-src *.catawiki.com cdn.catawiki.net cdn.builder.io videos.ctfassets.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.catawiki.com *.criteo.com amplify.outbrain.com assets.pinterest.com assets.zendesk.com bat.bing.com cdn.catawiki.net cdn4.userzoom.com connect.facebook.net google-analytics.com googleads.g.doubleclick.net js.stripe.com maps.googleapis.com platform.twitter.com s.pinimg.com script.hotjar.com cdn.kustomerapp.com snap.licdn.com ssl.google-analytics.com static.criteo.net static.hotjar.com tpc.googlesyndication.com w.usabilla.com widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com www.gstatic.com www.recaptcha.net www.redditstatic.com; style-src 'self' 'unsafe-inline' *.catawiki.com cdn.catawiki.net fonts.googleapis.com; worker-src 'self' *.catawiki.com blob: cdn.catawiki.net 2
frame-ancestors 'self' https://*.tiscali.it 2
"unsafe-inline"; 2
upgrade-insecure-requests, upgrade-insecure-requests 2
object-src 'none'; base-uri 'none'; frame-ancestors 'self', 2
frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 2
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 2
object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.o2.com *.o2.de *.spatialbuzz.com *.usercentrics.eu *.baqend.com *.o2online.de *.telefonica.de *.o9.de *.googletagmanager.com *.trbo.com *.google-analytics.com *.kampyle.com *.adoberesources.net *.matelso.de *.contentsquare.net *.nowinteract.com *.demoup.com *.auracognitive.com *.adtelligence.de *.aklamio.com *.promisejs.org *.usabilla.com *.jsdelivr.net *.cloudflare.com *.abtasty.com *.blob.core.windows.net *.blau.o9.de *.blau.de *.ad4m.at track.adform.net www.facebook.com *.doubleclick.net adservice.google.com a.twiago.com www.youtube.com o2-music-cms-a.preprod.ava-digi.de www.google.co.in analytics.google.com dpm.demdex.net www.google-analytics.com imagesrv.adition.com www.google.com dsum-sec.casalemedia.com rtb-csync.smartadserver.com ih.adscale.de trc.taboola.com ad11.adfarm1.adition.com ad4m.at *.spatialbuzz.net, frame-ancestors 'self' https://deploy.mca.tid.es https://deploy.tid.es *.o2.de *.o2.com *.o2online.de *.telefonica.com; 2
default-src 'self' data: blob: *;script-src secure.facebook.com internalfb.com *.internalfb.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:*;style-src data: blob: 'unsafe-inline' *;connect-src internalfb.com *.internalfb.com secure.facebook.com *.facebook.com *.fbcdn.net graph.intern.facebook.com wss://*.internalfb.com wss://*.internalfb.com:* wss://*.facebook.com:* https://*.whatsapp.com/graphql/ facebook.com *.facebook.net wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';font-src data: internalfb.com *.internalfb.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com internalfb.com *.internalfb.com data: blob: *;media-src *.fbcdn.net internalfb.com *.internalfb.com data: blob: *;frame-src internalfb.com *.internalfb.com data: blob: *;block-all-mixed-content;upgrade-insecure-requests; 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://challenges.cloudflare.com; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com blob:; frame-src 'self' https: https://challenges.cloudflare.com; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com; script-src 'self' https://gab.com https://*.gab.com https://challenges.cloudflare.com 2
img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 2
default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 2
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors 'self' *.activenetwork.com *.active.com *.activekids.com; worker-src * blob:; object-src *; 2
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' * 'unsafe-eval' blob: *; worker-src 'self' blob:; 2
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
script-src blob: 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://mc.yandex.ru/metrika/tag.js  https://www.gstatic.com https://*.google-analytics.com https://code.jivo.ru https://*.cloudflareinsights.com https://browser.sentry-cdn.com https://*.sharethis.com https://mc.yandex.ru/watch/35663 https://mc.yandex.com/watch/35663 https://www.google.com https://yastatic.net https://*.jivosite.com https://*.cyberity.ru https://cdn.tiny.cloud https://challenges.cloudflare.com 2
frame-ancestors 'self' www.underdogmedia.com; 2
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://code.jquery.com;         style-src 'self' 'unsafe-inline'         https://*.cybersource.com         https://*.ceros.com         https://*.eloqua.com         https://*.google.com         https://*.gsatic.com         https://*.licdn.com         https://*.optimizely.com         https://*.visa.com         https://fonts.googleapis.com;         font-src 'self'         data:         https://*.cybersource.com         https://*.eloqua.com         https://*.visa.com         https://fonts.googleapis.com         https://fonts.gstatic.com;         img-src 'self'         data:         https://*.ads-twitter.com         https://*.adsrvr.org         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://i.ytimg.com         https://ib.adnxs.com         https://p.adsymptotic.com         https://t.co         https://yt3.ggpht.com;         frame-src 'self'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.ceros.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com;         connect-src 'self'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.googleapis.com         https://*.googlesyndication.com         https://*.google-analytics.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.visa.com         https://*.youtube.com;         object-src 'self';         media-src 'self';         worker-src 'self'         blob:         https://*.cybersource.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.google.com; 2
default-src 'none';block-all-mixed-content;connect-src 'self' blob: https://*.autoblog.com https://*.here.com https://*.hereapi.com https://*.safeframe.googlesyndication.com https://*.spot.im https://*.yahoo.com https://*.yahoo.net https://api.taboola.com https://csi.gstatic.com https://googleads.g.doubleclick.net https://hbopenbid.pubmatic.com https://htlb.casalemedia.com https://i.clean.gg https://jac.yahoosandbox.com https://pagead2.googlesyndication.com https://prebid.media.net https://sb.scorecardresearch.com https://securepubads.g.doubleclick.net https://video.adaptv.advertising.com https://www.google-analytics.com https://www.instagram.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://js.api.here.com https://maxcdn.bootstrapcdn.com https://s.aolcdn.com;frame-ancestors 'self';frame-src 'self' 'unsafe-inline' https://*.autoblog.com https://*.safeframe.googlesyndication.com https://*.yahoo.com https://*.yahoo.net https://ads.pubmatic.com https://console.googletagservices.com https://contextual.media.net https://embed.scribblelive.com https://flo.uri.sh https://jac.yahoosandbox.com https://js-sec.indexww.com https://platform.twitter.com https://s.yimg.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://tsdtocl.com https://www.facebook.com https://www.google.com https://www.instagram.com https://www.linkedin.com https://www.tiktok.com https://www.youtube-nocookie.com https://www.youtube.com;img-src 'self' data: https: https://ups.analytics.yahoo.com;manifest-src 'self';media-src blob: https://*.yahoo.com https://*.yahoo.net https://media.blubrry.com https://media.zenfs.com https://s.aolcdn.com;object-src 'none';sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation allow-modals;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.autoblog.com https://*.spot.im https://*.tiktokcdn-us.com https://*.yahoo.com https://*.yahoo.net https://adservice.google.com https://assets.video.yahoo.net https://cadmus.script.ac https://consent.cmp.oath.com https://console.googletagservices.com https://jac.yahoosandbox.com https://js.api.here.com https://o.aolcdn.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s.aolcdn.com https://s.yimg.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://webc2s-oao.pubgw.yahoo.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.tiktok.com;style-src 'self' 'unsafe-inline' https://*.aolcdn.com https://*.tiktokcdn-us.com https://assets.video.yahoo.net https://fonts.googleapis.com https://js.api.here.com https://maxcdn.bootstrapcdn.com https://s.yimg.com;upgrade-insecure-requests;worker-src 'self' blob:; 2
frame-ancestors 'self' *.tvsvizzera.it *.ebu.io 2
default-src 'self';script-src https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com 'self' 'unsafe-inline';base-uri 'none';object-src 'none';img-src 'self' data: https://*.amazonaws.com wcs.naver.com http://t.co https://t.co https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com;frame-src www.facebook.com staticxx.facebook.com connect.facebook.net bid.g.doubleclick.net www.google.com accounts.google.com connect.tosspayments.com stdpay.inicis.com postcode.map.daum.net;connect-src 'self' https://*.amazonaws.com https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com;font-src 'self' https: data: 2
frame-ancestors http://localhost:* file: *.sf.intra.laposte.fr *.labanquepostale.fr; 2
frame-ancestors 'self' https://*.fdj.fr; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data:; form-action *; frame-src blob: *; frame-ancestors 'self'; connect-src *; upgrade-insecure-requests; 2
frame-ancestors 'self' https://www.grainger.com; 2
frame-ancestors 'self' https://learningedge.skillsoft.com/ 2
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https: blob:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 2
frame-ancestors *.toast.com *.dooray.com dooray.com 2
frame-ancestors https://www.livehindustan.com https://*.girnarsoft.com https://agent.botsdekho.com 2
frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 2
frame-ancestors 'self' *.intuit.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 2
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 2
default-src 'self'  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  https://csp.cre.lidl-shop.com; frame-src https://*.doubleclick.net  https://*.discoverfy.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.aplazame.com/  https://checkout.aplazame.com/  https://consentcdn.cookiebot.com/  https://creativecdn.com  https://*.creativecdn.com  https://form.lidl.com/  https://forms-prod.enc-test.de/  https://gum.criteo.com  https://sorteo.esdelidl.es  https://static.criteo.net  https://www.google.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; img-src 'self'  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; object-src https://*.leaflets.schwarz  https://*.livebuy.io  https://*.tradedoubler.com; script-src 'self'  'unsafe-eval'  'unsafe-inline'  https:  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://ajax.googleapis.com  https://c.searchhub.io  https://creativecdn.com  https://*.creativecdn.com  https://recommendations.lidl-shop.com  https://www.googletagmanager.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; style-src 'self'  'unsafe-inline'  https:  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; frame-ancestors 'self'  https://*.lidl.com  https://*.lidl.es  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; 2
frame-ancestors https://hpsecurity.my.salesforce.com; 2
frame-ancestors none; report-uri /report-csp-violation 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://*.peta.org https://*.petalatino.com https://*.peta2.com; 2
default-src 'self' *.10086.cn pcache.cmam.migu.cn ccdownucrm.migudm.cn https://pc-dl.migufun.com:8443 pc-dl.migufun.com open.tyst.migu.cn p.cnwza.cn *.govwza.cn api.map.baidu.com *.bdimg.com *.baidu.com mgcdnvod.migucloud.com mgcdn.vod.migucloud.com *.cmpassport.com res.wx.qq.com 111.7.203.227 111.7.203.228 111.7.202.175 111.7.202.179 blob: data: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 2
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.demoup.com  https://www.dwin1.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.demoup.com; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://www.lidl.fr; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://*.demoup.com  https://www.dwin1.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 2
base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de broschuerenservice.land.nrw *.flockler.com platform.twitter.com www.instagram.com *.twimg.com;    style-src   'self' 'unsafe-inline' *.nrw.de *.flockler.com;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de;    worker-src  'self' *.nrw.de;    frame-src   'self' *.nrw.de app.sli.do broschuerenservice.land.nrw www.youtube.com platform.twitter.com www.instagram.com www.facebook.com www.youtube-nocookie.com;    object-src  'self';    connect-src 'self' *.nrw.de *.flockler.com api.flockler.app;    media-src *; upgrade-insecure-requests; 2
frame-ancestors *.procore.com https://app.contentful.com 2
frame-ancestors 'self' *.dimelochat.com *.engagement.dimelo.com 2
default-src https: wss://floatbot.ai *.gstatic.com *.googleapis.com data: https://*.zscalerthree.net 'self' https://www.google-analytics.com https://fonts.gstatic.com https://floatbot.ai https://cdn.jsdelivr.net; script-src https://*.zscalerthree.net https://offerswidget.visa.com https://apis.mapmyindia.com https://www.mappls.com 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com *.googleapis.com https://floatbot.ai *.gstatic.com www.google.com *.google-analytics.com apis.google.com https://www.googletagmanager.com https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' * https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com www.google.com ; 2
frame-ancestors 'self' https://webhare.utwente.nl https://portal-test.utsp.utwente.nl 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com ;worker-src blob: 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'none'; 2
script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' blob: data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; worker-src blob:; report-uri https://www.startpage.com/do/cspvr 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk  www.schweizeraktien.net fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com *.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com; img-src https: data:; report-uri /api/six/cspreport; report-to csp-endpoint; 2
frame-ancestors 'self' https://logmein.lookbookhq.com https://logmein.pathfactory.com https://explore.logmein.com https://web-eugamma.boldchat.com https://web-gamma.boldchat.com https://web-eu.boldchat.com https://logmeinrescue.lookbookhq.com https://logmeinrescue.pathfactory.com https://explore.logmeinrescue.com https://bold360.lookbookhq.com https://bold360.pathfactory.com https://explore.bold360.com https://explore.goto.com ; object-src 'none'; 2
frame-ancestors 'self' https://landing.weddingwire.com 2
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  2
default-src 'self' *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leadoo.com *.trustpilot.com *.newrelic.com *.google.com *.gstatic.com *.vimeo.com *.youtube.com *.googleapis.com *.sharethis.com *.salesforceliveagent.com *.cloudflare.com *.jsdelivr.net *.googletagmanager.com *.cookiebot.com *.adsrvr.org *.google-analytics.com *.hotjar.com; form-action https: 'self'; object-src 'none'; style-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline'; frame-src 'self' *.adsrvr.org *.cookiebot.com *.google.com; child-src 'self' *.google.com *.vimeo.com *.googleapis.com  *.sharethis.com *.salesforceliveagent.com *.youtube.com; font-src 'self' fonts.gstatic.com *.leadoo.com data:; connect-src 'self' *.nr-data.net *.googleapis.com *.sharethis.com *.salesforceliveagent.com *.leadoo.com *.crwdcntrl.net *.google.com *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 2
default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net www.google-analytics.com;style-src data: blob: 'unsafe-inline' * *.workplace.com *.facebook.com;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* wss://*.fbcdn.net ws://localhost:* blob: 'self' *.mktoresp.com *.workplace.tools;img-src * data: blob: lookaside.fbsbx.com;frame-src * data: blob: *.fbthirdpartypixel.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 2
default-src 'none'; child-src 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://analytics.google.com *.analytics.google.com googletagmanager.com *.fullstory.com *.usgbc.org https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net *.slideshare.net prd-msearch.usgbc.org ekr.zdassets.com *.zendesk.com *.zendesk-eu.my.sentry.io *.zdassets.com *.google.ca *.google.com.bd https://platform-api.usgbc.org https://platform-api.usgbc.org/; font-src *; frame-src 'self' *.youtube.com *.usgbc.org *.slideshare.net build.usgbc.org *.recaptcha.net cert-xiecomm.paymetric.com xiecomm.paymetric.com *.google.com *.soundcloud.com; img-src * data:; media-src 'self' *.usgbc.org *.slideshare.net *.s3.amazonaws.com; object-src 'self'; script-src 'self' snap.licdn.com ajax.aspnetcdn.com analytics.kapost.com cdn.ckeditor.com netdna.bootstrapcdn.com/ www.google-analytics.com/ s3.amazonaws.com/gbci/ use.typekit.com *.fullstory.com pi.pardot.com *.usgbc.org fullstory.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com https://pi.pardot.com https://build.usgbc.org https://www.googletagmanager.com googletagmanager.com ajax.googleapis.com https://ajax.googleapis.com googleadservices.com www.googleadservices.com recaptcha.net https://www.recaptcha.net gstatic.com https://www.gstatic.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.zdassets.com https://unpkg.com https://www.google.com https://www.googleoptimize.com; script-src-attr 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com use.fontawesome.com maxcdn.bootstrapcdn.com cloud.typography.com *.s3.amazonaws.com *.usgbc.org fonts.googleapis.com *.typekit.com *.typekit.net *.zdassets.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.linearicons.com https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; base-uri 'self'; form-action 'self' cert-xiecomm.paymetric.com xiecomm.paymetric.com login.usgbc.org platform-api.usgbc.org usgbc-users-prd.us.auth0.com; frame-ancestors 'self' *.usgbc.org *.slideshare.net 2
object-src 'none'; frame-ancestors 'self'; report-uri https://www.edf.fr/report-uri/enforce 2
frame-ancestors *.cas.cn 2
default-src * 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com app.contentsquare.com https://www.google.com; img-src 'self' data: itu.kacst.gov.sa c.az.contentsquare.net log.opentracker.net https://www.google-analytics.com https://www.google.com https://www.google.com.sa; script-src 'unsafe-eval' * ; script-src-elem * 'unsafe-inline'; worker-src * blob:; 2
frame-ancestors 'self' https://app.chime.com https://penny.chime.com; base-uri 'none'; form-action 'self' https://www.facebook.com/tr/; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; media-src https:; style-src 'unsafe-inline' https:; worker-src https:; img-src https: data: 2
default-src ‘self’ object-src ‘none' form-action 'none’ report-to csp-endpoint; 2
frame-ancestors https://webvisor.com http://webvisor.com https://*.webvisor.com http://*.webvisor.com https://live.ratelook.org https://www.letu.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr  https://mc.yandex.ru 2
default-src 'self' *.commonsensemedia.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.commonsensemedia.org https://js-agent.newrelic.com bam.nr-data.net https://bam.nr-data.net *.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://commonsense.tfaforms.net https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://insitez.blob.core.windows.net https://js.stripe.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://v.fastcdn.co https://g.fastcdn.co *.instapage.com *.instapagemetrics.com https://www.googleoptimize.com https://optimize.google.com https://tgbwidget.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://*.twitter.com https://static.cloudflareinsights.com https://cs-formassembly.s3.amazonaws.com *.convertexperiments.com https://sdk.classy.org/embedded-giving.js; style-src 'self' 'unsafe-inline' *.commonsensemedia.org https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.lightboxcdn.com https://www.googletagmanager.com *.google-analytics.com https://optimize.google.com https://commonsense.tfaforms.net https://cs-formassembly.s3.amazonaws.com; img-src 'self' data: *.commonsensemedia.org https://d2hralswu9lj8u.cloudfront.net *.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn-ukwest.onetrust.com https://www.lightboxcdn.com https://v.fastcdn.co *.instapage.com *.instapagemetrics.com https://fonts.gstatic.com https://bam.nr-data.net https://optimize.google.com https://www.gstatic.com https://www.tfaforms.com https://commonsense.tfaforms.net https://i.ytimg.com https://*.twitter.com https://www.google.com/pagead/; media-src 'self' https://video.internetvideoarchive.net https://dlza6g8e6iucb.cloudfront.net https://d1pmarobgdhgjx.cloudfront.net https://video.commonsensemedia.org; frame-src 'self' *.commonsensemedia.org https://commonsense.tfaforms.net https://js.stripe.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://optimize.google.com https://tgbwidget.com https://www.google.com https://www.youtube.com https://d1pmarobgdhgjx.cloudfront.net https://*.twitter.com; child-src https://commonsense.tfaforms.net; font-src 'self' data: *.commonsensemedia.org https://fonts.gstatic.com https://d2hralswu9lj8u.cloudfront.net https://s3.amazonaws.com; connect-src 'self' *.commonsensemedia.org https://bam.nr-data.net *.google-analytics.com https://analytics.google.com https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://www.googletagmanager.com https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com https://geolocation.onetrust.com https://d.fastcdn.co/submissions https://feedback.informizely.com https://us-east-1-otel.formassembly.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com http://api.recaptcha.net https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googleadservices.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com  https://cdn.jotfor.ms https://fonts.googleapis.com http://api.recaptcha.net 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com http://images.phonepe.com http://api.recaptcha.net https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://adservice.google.com https://css.page-source.com https://www.google.com https://www.google.co.in https://www.facebook.com https://analytics.twitter.com https://t.co; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://www.google-analytics.com https://boards-api.greenhouse.io https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com https://sentry.phonepe.com https://page-source.com https://css.page-source.com https://logo.page-source.com https://cdn.page-source.com 'self'; frame-src http://www.greenhouse.io https://script.google.com/a/macros/phonepe.com/ https://boards.greenhouse.io https://boards-api.greenhouse.io http://api.recaptcha.net https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/ https://*.doubleclick.net; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com; report-uri https://csp.phonepe.com/log 2
frame-ancestors 'self' lokalise.com *.lokalise.com landing.test.lokalise.cloud 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; frame-ancestors 'self'; frame-src 'self' * 2
frame-ancestors 'self' https://www.conservativereview.com/ 2
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com optimize.google.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com optimize.google.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://www.surveymonkey.com https://boards.greenhouse.io https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com https://platform.twitter.com https://optimize.google.com https://www.g2.com *.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.influxstaging.com *.google-analytics.com optimize.google.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net platform.twitter.com www.googleanalytics.com www.googleoptimize.com js.chilipiper.com; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; media-src 'self' https://345197-1067112-raikfcquaxqncofqfm.stackpathdns.com; frame-ancestors 'self' https: *.influxdata.com; object-src 'self' blob: 2
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://vorschau.computerbild.de https://rendering.computerbild.de 2
frame-src 'self' bat.bing.com https://*.blackbaudhosting.com https://blackbaud.com https://*.doubleclick.net https://embed.tawk.to https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.kaltura.com https://snap.licdn.com https://www.podbean.com sc-static.net *.snapchat.com https://www.youtube-nocookie.com https://www.youtube.com https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://www.google.com https://www.facebook.com https://libraryhelp.shef.ac.uk https://theaccessplatform.com https://tappage.theaccessplatform.com https://www.googletagmanager.com https://www.findaphd.com https://player.vimeo.com https://app.geckoform.com https://roundme.com https://spaces.wondavr.com https://wvr.li https://api3-eu.libcal.com https://calendar.google.com https://payments.blackbaud.com https://*.shef.ac.uk/ https://my.matterport.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.blackbaud.com *.blackbaudhosting.com geolocation.onetrust.com https://*.bing.com https://*.blackbaudhosting.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.kaltura.com https://*.shef.ac.uk https://*.sheffield.ac.uk https://*.snapchat.com https://*.theaccessplatform.com https://*.twitter.com https://ajax.googleapis.com https://analytics.tiktok.com https://app.geckoform.com https://bat.bing.com https://blackbaud.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.theaccessplatform.com https://connect.facebook.net https://discoveruni.gov.uk https://embed.geckochat.io https://embed.tawk.to https://libraryhelp.shef.ac.uk https://player.vimeo.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com/ https://tagmanager.google.com https://tappage.theaccessplatform.com https://theaccessplatform.com https://tr.snapchat.com https://translate.google.com https://widget.discoveruni.gov.uk https://www.facebook.com https://www.findaphd.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.podbean.com https://www.youtube-nocookie.com https://www.youtube.com *.newrelic.com https://api.mapbox.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.sheffield.ac.uk *.theaccessplatform.com https://bbox.blackbaudhosting.com https://embed.geckochat.io https://fonts.geckoform.com https://fonts.googleapis.com https://payments.blackbaud.com https://www.findaphd.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.sheffield.ac.uk https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk; frame-ancestors 'self'; report-uri https://shef.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' https://news.powerfront.com https://*.inside-graph.net https://*.inside-graph.com https://*.inside-graph.cn 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' *.usask.ca https: data: blob:; media-src 'self' *.usask.ca https: blob:; font-src 'self' *.usask.ca https: data:; worker-src 'self' *.usask.ca https: blob:; frame-ancestors self *.usask.ca; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' https://www.googletagmanager.com data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com  www.gameloop.com 2
frame-ancestors 'self' https://store-qa2.enphase.com https://store.enphase.com/; report-uri https://enphase.com/report-uri/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/maps/api/geocode/json https://www.google-analytics.com/analytics.js  https://cr.testfreaks.com https://d1le22hyhj2ui8.cloudfront.net https://js.testfreaks.com https://se-content-b.psplugin.com https://w8db611c3.api.esales.apptus.cloud https://wff10df68.api.esales.apptus.cloud https://cdn.esales.apptus.com/api/apptus-esales-api-2.0.1.js https://co1078.clasohlson.se/nl https://co1078.clasohlson.se/webApp https://www.gstatic.com/recaptcha images.clasohlson.com checkout-eu.playground.klarna.com se-content-f.psplugin.com https://www.google.com/recaptcha/api.js www.gstatic.com clasohlson.psplugin.com content.psplugin.com co.clasohlson.com co1078.clasohlson.se 04uatcrmm.clasohlson.com maps.gstatic.com https://www.google-analytics.com fonts.gstatic.com fonts.googleapis.com https://www.googletagmanager.com maps.googleapis.com account.psplugin.com x.klarnacdn.net evt.playground.klarna.com https://*.youtube.com https://js.playground.klarna.com  https://eu.playground.klarnaevt.com https://widget.porterbuddy.com https://careoffunctionsuatstor.blob.core.windows.net/rentalscripts/rental.js https://reviews.testfreaks.com/ https://www.google.com https://ds-aksb-a.akamihd.net/aksb.min.js https://api.porterbuddy-test.com/availability https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/id https://adtr.io https://connect.facebook.net  https://translate.googleapis.com https://googleads.g.doubleclick.net https://segment.api.useinsider.com  https://w76e66a6f.api.esales.apptus.cloud/ https://static.hotjar.com https://in.hotjar.com https://vars.hotjar.com/ https://vc.hotjar.io https://script.hotjar.com https://assets.api.useinsider.com https://stats.g.doubleclick.net https://www.facebook.com https://location.api.useinsider.com https://clasohlson.api.useinsider.com https://hit.api.useinsider.com https://adservice.google.com https://5756990.fls.doubleclick.net https://socialproof.api.useinsider.com https://tpc.googlesyndication.com https://cnv.adt662.net https://unification.useinsider.com https://api.porterbuddy.com  https://s2.adform.net https://track.adform.net https://js.klarna.com https://eu.klarnaevt.com https://ds-aksb-a.akamaihd.net https://www.googleadservices.com https://translate.google.com https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.ttf https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.woff https://se-content-a.psplugin.com https://bat.bing.com/ https://*.psplugin.com https://*.hotjar.com https://*.cloudflare.com wss://*.hotjar.com https://optimize.google.com https://rum-static.pingdom.net https://*.pingdom.net https://cert.tryggehandel.se/ wss://*.vergic.com wss://*.psplugin.com https://*.getflowbox.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://cicptqmkej.execute-api.eu-west-1.amazonaws.com https://images.clasohlson.com/fonts/cofonts.css https://10773067.fls.doubleclick.net/ https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Regular.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-RegularItalic.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Medium.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-MediumItalic.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Bold.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-BoldItalic.woff2 cdn.flbx.io https://digitalfeedback.euro.confirmit.com https://survey.euro.confirmit.com/ https://apim-stream00-prod-apim.azure-api.net/ https://cop-order-prod-cdnendpoint.azureedge.net/ https://coporderprodretuistor.blob.core.windows.net/ https://cert.tryggehandel.net/js/script.js?id=a810f736-42fe-49e5-8280-1ace6e8dd290 https://*.plerdy.com/ https://cert.tryggehandel.net/ https://*.smartlook.com https://translate-pa.googleapis.com https://*.smartlook.cloud https://r.testfreaks.com https://analytics.clasohlson.com http://www.bing.com https://*.google-analytics.com https://*.analytics.google.com https://www.analytics.clasohlson.com https://ad.doubleclick.net https://www.google.se https://td.doubleclick.net https://static.clasohlson.se/returns/returns.js https://static.clasohlson.se/dep/deliveryexperience.js https://static.clasohlson.se/co-shared-css/styles.min.css https://static.clasohlson.se/inventory/co-online-inventory.iife.js https://static.clasohlson.se https://pagead2.googlesyndication.com https://*.tiktok.com https://analytics.pangle-ads.com; img-src 'self' data: *; 2
default-src 'self' 'unsafe-inline' blob: data: *.contentful.com *.ctfassets.net *.idomoo.com web.ccpgamescdn.com; base-uri 'self'; object-src 'self' ctfassets.net https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.clarity.ms *.google.com *.googlesyndication.com *.linksynergy.com *.rakuten.com *.redditstatic.com *.twitch.tv *.twitter.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com app.getstream.com b92.yahoo.co.jp ccpcommunity.zendesk.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com ethn.io google.com google.co.jp google.co.uk google.co.za google.de googleoptimize.com graphql.contentful.com hello.myfonts.net https://bat.bing.com https://cdn.taboola.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/cBaCB1PHCwXVd4yY/delighted.js https://googleads.g.doubleclick.net https://player.idomoo.com https://s.yimg.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://tagmanager.google.com https://widget-mediator.zopim.com https://www.artfut.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://maps.googleapis.com mc.yandex.com mc.yandex.ru recaptcha.net s.yimg.jp s.ytimg.jp s.ytimg.com speedof.me static.ads-twitter.com tpc.googlesyndication.com web.ccpgamescdn.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.cn www.gstatic.com www.youtube.com yastatic.net yimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net https://tagmanager.google.com optimize.google.com web.ccpgamescdn.com; connect-src 'self' *.clarity.ms *.cloudapp.azure.com *.extccp.com *.eveonline.com *.evetech.net *.google.com *.idomoo.co *.idomoo.com *.launchdarkly.com *.linksynergy.com *.rakuten.com *.taboola.com *.testeveonline.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com api.ccpgames.com app.getstream.com b92.yahoo.co.jp cb2dzccayg.execute-api.eu-west-1.amazonaws.com ccp-gap-export.ew.r.appspot.com ccp-recruitmentservice-dev.azurewebsites.net ccpcommunity.zendesk.com consentcdn.cookiebot.com ethn.io graphql.contentful.com google.is google.com google.co.jp google.co.uk google.co.za google.de googleoptimize.com http://localhost:3274 https://bat.bing.com https://ccp-gap-export.ew.r.appspot.com https://consentcdn.cookiebot.com https://eur-api.idomoo.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://login.microsoftonline.com https://login.windows.net https://peerserver.westus.cloudapp.azure.com https://s.yimg.com https://s.ytimg.com https://s3.amazonaws.com images.ctfassets.net j62tyvg8r3.execute-api.eu-west-1.amazonaws.com mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz run.mocky.io s.yimg.jp sentry.io signup.ccpeveweb.com speedof.me stats.g.doubleclick.net steamdatasuite.com umip1v3tqb.execute-api.eu-west-1.amazonaws.com w778zk1gu3.execute-api.eu-west-1.amazonaws.com web.delighted.com wss://peerserver.westus.cloudapp.azure.com wss://*.cloudapp.azure.com wss://widget-mediator.zopim.com www.endgame42.com www.facebook.com www.google-analytics.com www.google.com www.google.co.kr www.mocky.io/v2/5e1ed5ca3100003600189501 yo2vtgum73.execute-api.eu-west-1.amazonaws.com localhost:3274; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com hello.myfonts.net web.ccpgamescdn.com; img-src 'self' https: data: blob: *.ctfassets.net *.reddit.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' *.ctfassets.net *.doubleclick.net *.twitch.tv challonge.com *.challonge.com cdn.knightlab.com consentcdn.cookiebot.com https://recaptcha.net https://www.facebook.com optimize.google.com mc.yandex.com mc.yandex.ru speedof.me tpc.googlesyndication.com videos.ctfassets.net webvisor.com www.google.com www.googletagmanager.com www.ostlon.com www.youtube.com; frame-ancestors 'self' http://webvisor.com app.contentful.com; report-uri https://ccpgames.report-uri.com/r/t/csp/enforce; 2
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com static.hotjar.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com app.hubspot.com js.usemessages.com plugin.handtalk.me px.ads.linkedin.com snap.licdn.com static.hsappstatic.net unpkg.com www.googletagmanager.com www.gupy.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com www.gupy.io; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io; connect-src 'self' blob: 'self' fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *;media-src *.hubspotusercontent-na1.net ; frame-src gupy.com.br gupy.io www.youtube.com app.hubspot.com td.doubleclick.net www.facebook.com forms.hsforms.com; frame-ancestors 'self' gupy.com.br gupy.io; 2
frame-ancestors 'self' https://www.tail.digital https://tail.digital; 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr *.banquepopulaire.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com *.linkeo.com *.banquepopulaire.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr; frame-src https: *; report-uri https://www.csp.bpce.fr/v1/record; 2
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com  https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://*.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline' 2
base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:;media-src blob: https:;upgrade-insecure-requests 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 2
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 2
frame-ancestors https://offers.monlix.com https://freecash.com 2
default-src data: https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src  data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2
frame-ancestors 'self' https://*.kinsta.com https://*.kinsta.ninja 2
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://www.dm.de; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.de https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.de https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://signin.dm.de; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 2
frame-ancestors 'self' http://localhost:80 https://localhost:443 http://127.0.0.1:80 https://127.0.0.1:443; 2
script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net cdn.raekdata.com cdn.raek.net api.raek.net www.google-analytics.com www.googleadservices.com https://*.googletagmanager.com boards.greenhouse.io forms.hsforms.com static.hsappstatic.net js.hs-scripts.com js.hs-banner.com js.hsforms.net js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net d2hrivdxn8ekm8.cloudfront.net cdn.segment.com snap.licdn.com connect.facebook.net acdn.adnxs.com *.elfsight.com player.vimeo.com https://ssl.google-analytics.com https://tagmanager.google.com static.ads-twitter.com/uwt.js https://*.bugherd.com www.google.com https://*.clarity.ms https://c.bing.com https://www.gstatic.com https://*.hotjar.com;img-src 'self' data: images.ctfassets.net downloads.ctfassets.net www.facebook.com www.linkedin.com px.ads.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com www.google-analytics.com www.google.com www.google.com.co forms.hsforms.com track.hubspot.com px4.ads.linkedin.com p.adsymptotic.com ib.adnxs.com *.bidr.io *.elfsightcdn.com instagram.fisb6-2.fna.fbcdn.net fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com forms-na1.hsforms.com t.co googleads.g.doubleclick.net static.ads-twitter.com/uwt.js https://*.bugherd.com https://*.cloudfront.net https://*.twitter.com;media-src 'self' videos.ctfassets.net proxy.elfsightcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com https://*.bugherd.com www.google.com;frame-src 'self' 12718623.fls.doubleclick.net boards.greenhouse.io player.vimeo.com www.youtube.com bid.g.doubleclick.net www.facebook.com forms.hsforms.com meetings.hubspot.com https://tagmanager.google.com https://fonts.googleapis.com https://*.bugherd.com www.google.com;connect-src 'self' forms.hubspot.com cdn.linkedin.oribi.io api.raek.net hubspot-forms-static-embed.s3.amazonaws.com dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net api.hubapi.com stats.g.doubleclick.net *.elfsight.com api.instacloud.io js.hs-banner.com forms.hsforms.com https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.clarity.ms https://c.bing.com https://forms.hscollectedforms.net wss://ws.hotjar.com https://content.hotjar.io;font-src https://fonts.gstatic.com 'self' data: https:;manifest-src 'self';script-src-attr 'unsafe-hashes' 'sha256-hHMj6URimdwm/eebDz6Ps3a9UISacWioqz0VhVnA4/4=' 'sha256-mE2Sue9x2tPYXe5wD3/bNMAoYp1vE3PP4Icteq+n41c=' 'sha256-Arr7x/SXAsY+4LBbFzxP4LKiHh6YLTr+rjbBNdx/97I=' 'sha256-ETMkYGr64NuWLo2aIWZEvKHGVs9Wq8LWclcet//PuFQ=' 'sha256-ngsgvh35vKAW0HsigL3+045h46cLflDfEmS0+mB//us=' 'sha256-9Il6HKwDiwmpXJu4QoxD54NR8sBLtNpr2qBEScT+xC8=' 'sha256-urUVqS12IdRmdBhml1sezblpRr5mR7cSUSQT+F93qIc=' 'sha256-COSpebTAxe9i9r5TJiG4ygq20eMVJII9NTixwATe/30=' 'sha256-+IaYIz0FRQinGgFoh8xvErnqguPM0LCku6hdsWok0D0=' 'sha256-1+iHnKfE2PkjS/TCR4R34CfAh4CYQJwLZGGwqnZwwPU=' 'sha256-solehzLTPn8iTd7mo8ff8/OyxxwdMU36fp87zlEYOs4=' 'sha256-D+Fzgy+dhBbr+1YZmlnawNoDrTg3mfNJDZ8ddhEJ+Jk=';default-src 'self';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 2
frame-ancestors check24.de *.check24.de 2
frame-ancestors 'self' *.mastercard.com *.cardinalcommerce.com *.adyen.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd sin-col.eum-appdynamics.com cdn.appdynamics.com *.mastercard.com *.cardinalcommerce.com *.adyen.com dbs-widgets.factsetdigitalsolutions.com dbs-api.factsetdigitalsolutions.com *.agoda.net *.travelapi.com api.emmprd.asia.manulife.com ap-gateway.mastercard.com adservice.google.com.sg www.prv.dbs.com.sg adservice.google.com.tw *.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com www.google.com.tw csi.gstatic.com pagead2.googlesyndication.com securepubads.g.doubleclick.net www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com https://go.dbs.com www.gstatic.com fonts.gstatic.com www.google-analytics.com analytics.google.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net bid.g.doubleclick.net securepubads.g.doubleclick.net http://q-xx.bstatic.com http://dom.jtb.co.jp secure.worldpay.com centinelapi.cardinalcommerce.com images.krisshop.com http://pix6.agoda.net maps.gstatic.com *.googleapis.com *.ggpht.com edge.prod-ext.api.manulife.com  cm.g.doubleclick.net fcmatch.google.com fcmatch.youtube.com www.trinaxmind.com api-us.faceplusplus.com cdn.glassboxcdn.com report.gbpilot.glassboxdigital.io report.dbs.glassboxdigital.io s.ytimg.com  idealanalyticsapi.dbs.com vc.hotjar.io dbs.com.sg https://qmslivechat.dbs.com www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com collect-ap-northeast-1.tealiumiq.com collect-ap-northeast-2.tealiumiq.com collect-ap-northeast-3.tealiumiq.com collect.tealiumiq.com visitor-service-ap-northeast-1.tealiumiq.com visitor-service-ap-northeast-2.tealiumiq.com visitor-service-ap-northeast-3.tealiumiq.com visitor-service.tealiumiq.com api.tealiumiq.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 2
default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 2
frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.shorthand.com penguinrandomhouseuk.shorthandstories.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com https://www.everestjs.net; object-src 'self'; worker-src blob 'self'; frame-ancestors 'self'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.parismatch.com https://*.lejdd.fr 2
default-src 'none';  base-uri 'self';  frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tags.tiqcdn.com collect.tealiumiq.com beacon.krxd.net cdn.krxd.net consumer.krxd.net gateway.answerscloud.com s.go-mpulse.net www.media.barclays.co.uk maps.googleapis.com www.google.com www.gstatic.com api.travelex.net resources.barclays.co.uk barclaysbankplc.tt.omtrdc.net barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  style-src 'self' 'unsafe-inline' www.media.barclays.co.uk fonts.googleapis.com;  object-src 'self';  worker-src 'self';  child-src demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  frame-src 'self' demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  img-src 'self' data: demo.barclays.co.uk collect.tealiumiq.com cdnjs.cloudflare.com adservice.google.co.uk ad.doubleclick.net adservice.google.com apiservices.krxd.net beacon.krxd.net googleads.g.doubleclick.net googleads4.g.doubleclick.net jslog.krxd.net smetrics.barclays.co.uk www.facebook.com www.google.co.uk www.google.com maps.googleapis.com maps.google.com www.google.fr adservice.google.fr www.google.de www.google.es adservice.google.es www.google.nl www.google.se www.google.co.id www.google.co.il www.google.be www.google.sk www.google.co.nz www.google.co.za www.google.com.sg www.google.pt www.google.ca www.google.cz www.google.com.cy www.google.com.au adservice.google.com.au www.google.mk www.google.je adservice.google.je www.google.co.ug www.google.com.hk www.google.ro www.google.bg www.google.im www.google.co.ao www.google.ie adservice.google.ie www.google.com.ng www.google.it adservice.google.it www.google.lt www.google.ae www.google.gr www.google.com.mx www.google.hu www.google.ch www.google.ru www.google.com.eg www.google.com.pk www.google.com.bh www.google.pl adservice.google.pl www.google.co.in www.gstatic.com www.google-analytics.com www.google.lu www.google.co.jp www.google.com.tr adservice.google.co.il adservice.google.co.zw adservice.google.com.sa adservice.google.ae adservice.google.pt www.google.com.my adservice.google.nl www.google.gg adservice.google.be adservice.google.cz www.google.co.th adservice.google.de www.google.com.gh www.google.com.sa www.google.ge www.google.com.br www.google.com.tw www.google.dk www.google.com.ph adservice.google.co.za www.google.lv adservice.google.gg adservice.google.ca www.google.at www.google.rs www.google.com.mt adservice.google.com.hk www.google.no www.google.com.qa www.google.co.ke www.barclays.co.uk adservice.google.gr www.google.fi adservice.google.co.jp adservice.google.co.in www.google.com.vc www.google.lk adservice.google.ch www.google.com.ua www.google.az www.google.by www.google.com.kw adservice.google.com.sg adservice.google.im adservice.google.no www.google.co.zw www.google.mu www.google.com.vn adservice.google.com.br adservice.google.lv adservice.google.com.kw adservice.google.com.tr www.google.co.kr adservice.google.az adservice.google.hu adservice.google.co.th www.google.cm www.google.mw www.google.com.ar www.google.co.ma www.google.com.gi www.google.co.tz www.google.com.om www.google.com.af adservice.google.lt adservice.google.co.nz www.google.tt www.google.ms adservice.google.ro www.google.dz adservice.google.com.my www.google.com.pe www.google.com.jm www.google.com.sl adservice.google.com.cy adservice.google.se www.google.com.ec www.google.hr www.google.al adservice.google.ru www.google.co.mz adservice.google.com.ng www.google.com.et www.google.com.bn www.google.sh www.google.com.pa www.google.ci www.google.cl adservice.google.bg www.google.co.ve www.google.bs www.google.com.ag www.google.hn adservice.google.hn www.google.iq www.google.so www.google.com.np maps.gstatic.com www.media.barclays.co.uk 5452834.fls.doubleclick.net dev.day.com pixel.quantserve.com bclays-ads.aimatch.com barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  connect-src 'self' formsdss-v3.uk.barclays bclays-ads.aimatch.com search.barclays.co.uk collect.tealiumiq.com *.akamaihd.net *.akstat.io beacon.krxd.net c.go-mpulse.net jslog.krxd.net www.media.barclays.co.uk device.4seeresults.com dpm.demdex.net barclaysbankplc.tt.omtrdc.net smetrics.barclays.co.uk *.siteintercept.qualtrics.com maps.googleapis.com;  font-src 'self' data: fonts.gstatic.com www.media.barclays.co.uk;  manifest-src 'self';  media-src 'self' demo.barclays.co.uk www.media.barclays.co.uk;  prefetch-src 'self'; 2
connect-src 'self' https://fastmail.innocraft.cloud https://*www*.fastmail.com; media-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://*.surveymonkey.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://*.surveymonkey.com https://widget.surveymonkey.com https://*.googleapis.com https://ajax.googleapis.com; child-src 'self' https://*.libsyn.com; worker-src 'self'; object-src 'none'; frame-src https://*.fastmail.com https://*.hcaptcha.com https://*.surveymonkey.com https://*.googleapis.com https://*.libsyn.com https://www.youtube.com; form-action 'self'; frame-ancestors 'none' 2
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com https://www.post.ch/cross-domain-bridge.html 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/ *.googlesyndication.com/ tagmanager.google.com *.googletagmanager.com/ *.facebook.net/ *.typekit.net/ *.google-analytics.com/ *.lightwidget.com/ *.youtube.com/ *.ytimg.com/ *.lightwidget.com/ fast.fonts.net/ cdn.inspectlet.com/ *.bing.com/ *.gstatic.com/ *.google.com/recaptcha/ maps.googleapis.com/ *.googleadservices.com/ *.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net/ fonts.googleapis.com/ ; img-src 'self' about: *.google-analytics.com/ *.typekit.net/ *.g.doubleclick.net/ *.googletagmanager.com/ *.carilionclinic.ovidds.com/ *.i.ytimg.com/ *.img.youtube.com/ *.youtube.com/ *.google.com/ads/ *.facebook.com/ *.bing.com/ *.googleapis.com/ carilionclinicliving.com/ *.ytimg.com/ *.flaticon.com *.w3.org/ maps.gstatic.com/ *.clarity.ms/; media-src 'self'; frame-src 'self' *.lightwidget.com/ *.facebook.com/ *.vimeo.com/ *.youtube.com/ *.google.com/ *.carilionclinic.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' *.googleusercontent.com/ *.typekit.net/ fast.fonts.net/ fonts.gstatic.com/; connect-src 'self' *.inspectlet.com/ *.google-analytics.com/ *.g.doubleclick.net/ carilionclinic.ovidds.com/ *.googleadservices.com/ *.google.com/pagead/ *.facebook.com/tr/ *.googleapis.com/ bat.bing.com/ *.clarity.ms/ analytics.google.com/; report-uri /report-csp-violation 2
default-src *.hoka.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net d3nocrch4qti4v.cloudfront.net *.arcot.com  api.v2.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net nono-hoka.stage.onelink-translations.com cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com chat-sdk.cdn.gladly.com api.us-1.cdn.gladly.chat chat-assets.cdn.gladly.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca google.com www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org app.midtrans.com *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com map9067.zendesk.com pod-15.zendesk.com hokaid.zendesk.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit nono-hoka.stage.onelink-translations.com *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net *.medallia.eu *.kampyle.com; style-src *.hoka.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com nono-hoka.stage.onelink-translations.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com assets.sprocket.bz *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com *.wlp-acs.com *.modirum.com *.arcot.com *.wibmo.com *.americanexpress.com *.cardinalcommerce.com *.nbg.gr *.global-e.com *.swedbank.se *.ing.de static.rakuten.com *.monext.fr *.3dsecure.no *.secure.lcl.fr *.creditmutuel.fr *.sparebank1.no *.edb.com *.3dsecure-csas.cz *.nedsecure.co.za *.secure22gw.ro *.revolut.com *.cardcomplete.com *.sparkasse.at *.acs2-3dsecure.cm-cic.com *.paylife.at *.citadele.lv *.sbanken.no *.citibank.co.in *.sibs.pt *.comdirect.de *.n26.com *.commerzbank.de *.nexigroup.com *.adyen.com *.rabobank.nl *.crqsbiacs.sbi *.rpc-raiffeisen.com *.cic.fr *.secure.dkb.de *.eewosecure.com *.secure5gw.ro *.esecure.sia.eu *.sparda.de *.fio.cz *.bunq.com *.firstdata.de *.bankmillennium.pl *.americanexpress.com.sa *.nexi.it *.gpesecure.com *.otpbank.hu *.icicibank.com *.pluscard.de *.apata.io *.redsys.es *.luminorgroup.com *.rietumu.lv *.luottokunta.fi *.rsa3dsauth.co.uk *.vinea.es *.sebkort.com *.bezpecneplatby.rb.cz *.abanca.com *.secure2gw.ro *.mercurypaymentservices.it *.securesuite.co.uk *.3dsecure-vrp.de *.slsp.sk *.moneta.cz *.borica.bg *.asseco-see.hr *.sparkassen-kreditkarten.de *.monzo.com *.mycardplace.com *.3dsecure.ing.ro *.marqeta.com *.zetacipher.io *.maybank.com.my *.mbank.cz; media-src *.hoka.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com; worker-src *.hoka.com blob: *.osano.com; child-src *.hoka.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.securesuite.co.uk sg-3ds-vdm.wlp-acs.com *.rsa3dsauth.co.uk verify.monzo.com 3ds.redsys.es *.wlp-acs.com acs2-3dsecure.cic.fr *.cardinalcommerce.com 3ds.nexigroup.com 3dspayment.paylife.at tdschmut.monext.fr *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.arcot.com assets.v2.sprocket.bz *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai *.medallia.eu app.midtrans.com app.collectivevoice.com *.kampyle.com; report-uri https://www.hoka.com/_/csp-reports 2
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.mbiscuit.mbank.pl https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://cdn.mbiscuit.mbank.pl https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.pl https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 2
frame-ancestors https://*.dnevnik.hr https://beta-showbuzz.dnevnik.hr https://dnevnik.hr 2
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 2
frame-ancestors localhost:* 2
frame-ancestors 'self' https://api.securedvisit.com https://track.securedvisit.com https://content.securedvisit.com https://images.securedvisit.com https://track.sv.rkdms.com 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' script-src: https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com object-src: https://fonts.gstatic.com connect-src: *.google-analytics.com *.analytics.google.com img-src: *.google-analytics.com *.analytics.google.com; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net *.brightcovecdn.com adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.demdex.net *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2
default-src 'self' 'unsafe-inline' www.sgs.com *.sgsgroup.com.cn onlinestore.sgs.com *.google.com fonts.googleapis.com cdn.cookielaw.org www.googletagmanager.com *.imgix.net f7132108c1tst-store.occa.ocs.oraclecloud.com www.google-analytics.com cdn.jsdelivr.net bot.leadoo.com pagead2.googlesyndication.com res.leadoo.com jobpal-sm.s3.amazonaws.com *.coveo.com;
			font-src 'self' data: fonts.googleapis.com fonts.gstatic.com res.leadoo.com jobpal-sm.s3.amazonaws.com *.hotjar.com *.hotjar.io *.smooch.io;
			script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.google.com *.googletagmanager.com www.gstatic.com *.google-analytics.com cdn.jsdelivr.net *.leadoo.com cdn.cookielaw.org pagead2.googlesyndication.com *.en25.com *.eloqua.com www.youtube.com static.hotjar.com script.hotjar.com s.go-mpulse.net jobpal-sm.s3.amazonaws.com *.hotjar.com *.hotjar.io *.smooch.io https://www.googleadservices.com *.doubleclick.net https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.recaptcha.net https://www.googleanalytics.com https://www.googleoptimize.com https://unpkg.com *.coveo.com *.beyondwords.io;
			style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com jobpal-sm.s3.amazonaws.com *.leadoo.com *.sgs-next.com *.coveo.com;
			frame-src 'self' tools.eurolandir.com *.google.com youtu.be www.sgs.com www.youtube.com www.youtube-nocookie.com *.hotjar.com *.sgs.com www.sgs.pl *.sgsgroup.com.cn *.hotjar.com *.hotjar.io *.smooch.io *.doubleclick.net www.linkedin.com *.facebook.com connect.facebook.net *.leadoo.com https://www.recaptcha.net *.doubleclick.net https://*.acast.com *.spotify.com;
			child-src 'self' *.youtube-nocookie.com www.youtube.com v.qq.com *.google.com *.sgs.com *.facebook.com connect.facebook.net;
			frame-ancestors 'self' www.googletagmanager.com *.sgs.com www.sgs.pl;
			connect-src 'self' f7132108c1tst-store.occa.ocs.oraclecloud.com onlinestore.sgs.com cdn.cookielaw.org *.leadoo.com anl.leadoo.com pagead2.googlesyndication.com *.google-analytics.com *.google.com *.doubleclick.net privacyportal-de.onetrust.com *.go-mpulse.net jobpal-sm.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.smooch.io *.googletagmanager.com *.linkedin.com *.licdn.com *.facebook.com connect.facebook.net *.akstat.io https://cdn.linkedin.oribi.io https://geolocation.onetrust.com *.coveo.com;
			img-src 'self' data: *.sgsgroup.com.cn *.sgs.com *.sgs-next.com *.imgix.net *.leadoo.com *.eloqua.com i.ytimg.com cdn.cookielaw.org *.cdninstagram.com *.hotjar.com *.hotjar.io *.doubleclick.net *.smooch.io *.gstatic.com *.linkedin.com *.licdn.com p.adsymptotic.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com;
			worker-src 'self' https: blob:;
			media-src 'self' media.licdn.com;
			form-action 'self' *.facebook.com connect.facebook.net; 2
frame-ancestors 'self' https://nch-dev-healthdirect.crm6.dynamics.com https://nch-healthdirect.crm6.dynamics.com https://nch-test-healthdirect.crm6.dynamics.com https://nch-trn-healthdirect.crm6.dynamics.com 2
default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://polyfill.io/v3/polyfill.min.js https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com http://mackeeper.com https://mackeeper.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ 2
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 2
frame-ancestors 'self' https://www.gi-de.com/ https://gi-de-ms.my.salesforce.com/ https://gi-de-ms--uat.my.salesforce.com/ https://gi-de-ms--dev.my.salesforce.com/ https://gi-de-ct--test.my.salesforce.com/ https://gi-de-ct.my.salesforce.com/ https://gi-de-vd.my.salesforce.com/ https://gi-de-vd--vduat.my.salesforce.com/; 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src *; frame-ancestors 'self' https://citizensadvicegateshead.org.uk; 2
frame-ancestors 'self' https://digi.hu https://salesweb.digi.hu; object-src 'self'; 2
frame-ancestors 'self' *.sncf-connect.com *.aws.vsct.fr *.sncf-voyageurs.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
base-uri 'self'; default-src 'self' blob: data: https: ; worker-src 'self' blob:; frame-ancestors 'self' *.paddle.com *.prismic.io https://www.profitwell.com https://paddle.enablix.com; media-src 'self' blob: data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com *.twitter.com *.iubenda.com *.facebook.net *.cloudfront.net *.hsforms.com googleads.g.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.net *.hsleadflows.net *.hotjar.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.redditstatic.com *.youtube.com *.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com https: ; script-src-elem 'self' 'unsafe-inline' *.youtube.com *.wistia.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.hotjar.com *.redditstatic.com *.bing.com js.hubspot.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net www.clarity.ms *.hs-scripts.com *.facebook.net *.rudderlabs.com *.influ2.com *.stackadapt.com *.metadata.io *.clearbitscripts.com *.clearbitjs.com *.kustomerapp.com *.qualified.com *.iubenda.com *.netlify.app *.hsforms.net *.googletagmanager.com *.googleapis.com prismic.io *.prismic.io *.mplat-ppcprotect.com status.io *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https: blob: ; object-src 'none'; font-src 'self' *.cloudfront.net *.gstatic.com data: https: ; connect-src 'self' *.sentry.io *.visualwebsiteoptimizer.com *.qualified.com app.vwo.com ws: wss: https: data: ; img-src 'self' *.googletagmanager.com *.ctfassets.net *.reddit.com *.cloudfront.net *.ytimg.com *.adsymptotic.com *.ads.linkedin.com t.co *.hubspot.com *.facebook.com *.google.com *.youtube.com *.ggpht.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com data: https:; frame-src 'self' *.youtube.com *.wistia.net *.wistia.com *.hsforms.com paddle.kustomer.help *.kustomerapp.com *.qualified.com app.netlify.com *.doubleclick.net *.prismic.io www.slideshare.net app.vwo.com *.visualwebsiteoptimizer.com; upgrade-insecure-requests; report-uri https://o522631.ingest.sentry.io/api/6141897/security/?sentry_key=543039e78e964ab2b1ae4c577751b645; 2
frame-ancestors 'self' https://*.kamihq.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com  *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/; media-src 'self' *.googleapis.com webtest2.geotab.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 2
frame-ancestors 'self' *.simplilearn.com gamooga.com careerkarma.com ifacet.iitk.ac.in 2
frame-ancestors 'self' https://*.funkedigital.de https://hamburgerwochenblatt.de/; 2
frame-ancestors 'self' *.crestron.com *.crestron.com:81; 2
default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio  app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group *.hotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.googlesyndication.com *.doubleclick.net; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com *.googletagmanager.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.analytics.google.com *.mktorest.com *.clearbit.com *.linkedin.oribi.io; img-src 'self' blob: *.fitchratings.com data: *.evidon.com *.googletagmanager.com trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.linkedin.com p.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net *.hotjar.com *.google-analytics.com *.analytics.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.com *.google.co.uk *.google.com.hk; font-src 'self' data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; frame-src 'self' *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net *.doubleclick.net; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 2
frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com https://cdn.carbonads.com https://srv.carbonads.net; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net https://plausible.io, img-src 'self' data: https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', form-action 'self' 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' http: data: *.cdnpandadoc.com; connect-src 'self' http:; font-src 'self' 'unsafe-inline' http: data:; media-src 'self' https: blob: 2
default-src 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net; base-uri 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://augloop-dogfood.officeppe.com wss://*.augloop-dogfood.officeppe.com wss://augloop.office.com wss://*.augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self'; media-src 'none'; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src 'self' *.qurancdn.com cdn.plaid.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://vitals.vercel-insights.com  https://www.givingloop.org https://code.jquery.com https://www.google.com https://js.stripe.com https://ipinfo.io https://snap.licdn.com https://cdn.mouseflow.com https://www.paypal.com  https://wchat.eu.freshchat.com https://cdn.plaid.com https://cdnjs.cloudflare.com https://cdn.amplitude.com https://cdn.logrocket.io https://www.gstatic.com https://js.stripe.com;  font-src 'self' 'unsafe-inline' 'unsafe-eval' givingloop.org fonts.gstatic.com https://www.givingloop.org;  frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 js.stripe.com  https://www.paypal.com www.paypal.com https://wchat.eu.freshchat.com https://www.google.com www.google.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval' *.givingloop.org givingloop.org fonts.googleapis.com fonts.googleapis.com wchat.eu.freshchat.com;   img-src * data:;  media-src 'self' *.quranicaudio.com *.qurancdn.com https://qurancdn.com;  connect-src *; 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 2
frame-ancestors www.red-gate.com; 2
frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://*.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.executiveinterviews.com https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://fonts.googleapis.com https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://*.force.com https://*.my.salesforce-sites.com https://cdn.fonts.net https://analytics.tiktok.com https://i.ytimg.com https://go.chevron.email https://get.geojs.io; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'none';script-src 'self' 'unsafe-inline' https://pi.pardot.com https://info.anchor.com.au https://widget.trustpilot.com https://www.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://static.ads-twitter.com https://s.pinimg.com https://s.yimg.com https://static.getclicky.com https://sys.greechat.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://cdn.livechatinc.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://secure.livechatinc.com https://d.adroll.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://hostopia.bamboohr.com https://f.vimeocdn.com https://in.getclicky.com; img-src 'self' https://mlvgk8mdrlmi.i.optimole.com https://secure.gravatar.com https://t.co https://www.google-analytics.com https://ct.pinterest.com https://www.facebook.com https://syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.au https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://eb2.3lift.com https://x.bidswitch.net https://sync.taboola.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://match.adsrvr.org https://rc.rlcdn.com https://csyn-r.cxense.com https://seg.sharethis.com https://resources.bamboohr.com https://crucialau.activehosted.com data: 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.formstack.com https://hostopia.bamboohr.com;font-src 'self' https://static.formstack.com https://themes.googleusercontent.com data: 'unsafe-inline'; frame-src https://widget.trustpilot.com https://platform.twitter.com https://www.facebook.com https://secure.livechatinc.com https://player.vimeo.com https://www.youtube.com; connect-src https://www.google-analytics.com https://s.yimg.com https://ct.pinterest.com https://hostopia.bamboohr.com; media-src https://cdn.livechatinc.com; 2
report-uri https://sportsmole.report-uri.com/r/d/csp/wizard 2
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 2
connect-src 'self' 'unsafe-inline' www.google-analytics.com collect.tealiumiq.com; script-src 'self' 'unsafe-inline' tags.tiqcdn.com www.youtube.com img6.wsimg.com img1.wsimg.com www.google-analytics.com s.ytimg.com; object-src 'none'; default-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; style-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; img-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com www.google-analytics.com; font-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com 2
default-src 'self' *.getunleash.io *.list-manage.com *.hsforms.com *.hsforms.net *.hotjar.com *.gstatic.com *.plausible.io *.youtube.com hubspot-forms-static-embed.s3.amazonaws.com; script-src 'report-sample' 'self' 'unsafe-eval' *.calendly.com *.getunleash.io *.hotjar.com *.hsforms.net *.youtube.com *.google.com *.gstatic.com optimize.google.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net snap.licdn.com static.ads-twitter.com *.analytics.google.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com js.hs-banner.com 'unsafe-inline' plausible.io *.lfeeder.com *.clearbitscripts.com *.clearbitjs.com static.reo.dev ipapi.co *.convertexperiments.com; style-src 'report-sample' 'self' *.getunleash.io optimize.google.com fonts.googleapis.com 'unsafe-inline' *.calendly.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.getunleash.io *.github.com calendly.com *.google.com *.hotjar.com *.hotjar.io *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com plausible.io api.hubapi.com forms.hubspot.com js.hs-banner.com stats.g.doubleclick.net wss://*.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com *.hscollectedforms.net *.oribi.io *.clearbit.com googleads.g.doubleclick.net *.googlesyndication.com api.reo.dev ipapi.co *.linkedin.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src app.hubspot.com *.hotjar.com *.youtube.com *.hsforms.com *.hsforms.net *.google.com optimize.google.com *.doubleclick.net calendly.com; img-src 'self' data: *.getunleash.io *.calendly.com *.githubusercontent.com *.linkedin.com *.google.com *.google.pl *.google.no *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hsforms.com optimize.google.com analytics.twitter.com t.co track.hubspot.com *.hotjar.com *.hsforms.net *.lfeeder.com *.youtube.com *.ytimg.com; manifest-src 'self'; worker-src 'none' 2
frame-ancestors 'self' lk21official.skin https://*.lk21official.live https://*.lk21official.bio https://*.lk21official.lol https://*.nontondrama.lol https://*.lk21official.co https://*.nontondrama.click https://*.lk21official.plus https://*.lk21official.shop https://*.lk21official.pro https://*.btsremade.org https://*.love-local.com https://*.lk21official.wiki https://*.era316dev.com https://lk21official.baby https://lk21official.homes https://mamamas.xyz https://lk21official.co https://www.layarkaca21.icu https://lk21official.vip https://*.layarkaca21.autos https://*.lk21official.blog 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.bing.com *.calltrk.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-script.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspi.com *.hubspot.com *.licdn.com *.loopanalytics.com *.linkedin.com *.quora.com *.rackcdn.com *.salesloft.com *.oribi.io *.typekit.net *.upsellit.com *.wp.com *.youtube.com fonts.googleapis.com js.hs-scripts.com data:; 2
frame-ancestors demdex.net *.demdex.net storyblok.com *.storyblok.com iq.com.br *.iq.com.br azulis.com.br *.azulis.com.br salveospequenos.com.br *.salveospequenos.com.br br.originhosting.io *.br.originhosting.io itau.com.br *.itau.com.br credicard.com.br *.credicard.com.br acordocerto.com.br *.acordocerto.com.br consumidorpositivo.com.br *.consumidorpositivo.com.br 2
frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.tarimorman.gov.tr *.com.tr *.gov.tr *.com 2
default-src 'self';  script-src 'self' 'unsafe-inline'  stats.epic.com;	child-src embed-ssl.ted.com embed.ted.com e.issuu.com secure.quantserve.com sentry.issuu.com pingback.issuu.com www.youtube.com;	style-src 'self' 'unsafe-inline';	form-action 'self';  font-src 'self';  connect-src 'self' stats.epic.com;  img-src 'self' data: stats.epic.com i.ytimg.com media.epic.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://hyperchat-us.inbenta.chat:8000 https://miclaroasesor.com.co:9443 http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io http://cms.analytics.yahoo.com http://sp.analytics.yahoo.com http://pixel.claro.com.br http://idsyncmxedge.com  http://*.claro.com.co http://idsyncapp.claro.com.ar http://infored.lcdn.claro.net.co https://hyperchat-us.inbenta.chat:8000 https://app-eyn.cx.claro.com.co:8445 https://chat-eyn.cx.claro.com.co:8443 https://*.hotjar.io http://*.affperformance.com https://*.qualtrics.com https://*.teads.tv http://affperformance.com http://gurmelgyo.com http://won-digital.g2afse.com https://*.gstatic.com https://static.ads-twitter.com https://analytics.twitter.com https://code.jquery.com https://t.co https://cx.atdmt.com https://1mvl.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://api.retargetly.com https://apim3w.com https://*.g.doubleclick.net https://9436341.fls.doubleclick.net https://cbks0.googleapis.com https://www.landingsclaro.com https://*.embluemail.com https://claroparatiprimero.co https://nominatim.openstreetmap.org https://connect.facebook.net https://fonts.googleapis.com https://geo0.ggpht.com https://lh3.ggpht.com https://*.google.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://raw.githubusercontent.com https://s.yimg.com https://sp.analytics.yahoo.com https://speedtest.claro.net.co https://*.inbenta.io https://*.inbenta.com https://sdk.inbenta.chat https://continua.com.mx https://www.claroparatiprimero.co https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.facebook.com https://www.google.com.co https://www.google.com.mx https://www.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://cms.analytics.yahoo.com https://pixel.claro.com.br https://idsyncmxedge.com https://img.youtube.com https://www.youtube-nocookie.com https://storage.googleapis.com https://postpago.eresclaro.com https://*.claro.com.co https://www.sostenibilidad-claro.com.co https://idsyncapp.claro.com.ar https://www.crcom.gov.co https://platform.twitter.com https://snap.licdn.com https://9621199.fls.doubleclick.net https://*.idx.lat https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://*.office.com https://*.hbomax.com https://won-digital.g2afse.com https://aurora.stefaninicolombia.com https://tags.bkrtx.com https://*.analytics.google.com https://analytics.tiktok.com https://*.cloudfront.net https://analytics.google.com https://*.retargetly.com https://stags.bluekai.com https://runtime.lappiz.io https://*.prod.clarodigital.net https://*.clarity.ms https://c.bing.com https://www.youtube.com; media-src mediastream: data: blob:; frame-ancestors 'self' https://*.claro.com.co; 2
frame-ancestors 'self' https://*.clio.com https://cliocloudconference.com https://events1.social27.com https://kba.freestonelms.com 2
connect-src 'self' *.licdn.com  *.goldenbees.fr  *.doubleclick.net  *.indeed.com  https://tools.euroland.com  https://pr.globenewswire.com/  https://player.podigee-cdn.net/  https://tools.eurolandir.com/  https://ing.blueconic.net  https://plugins.blueconic.net  *.readspeaker.com  https://assets.adobedtm.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://working2.ad.ing.net  https://getxmlfeed.000webhostapp.com  https://cdn.dimml.io  https://www.youtube.com  https://www.youtube-nocookie.com  https://platform.twitter.com  https://w.soundcloud.com  https://cdn.podigee.com  https://emplocity.com  https://connect.facebook.net  https://open.spotify.com; child-src 'self' *.licdn.com  *.goldenbees.fr  *.doubleclick.net  *.indeed.com  https://www.flickr.com/  https://activitymap.adobe.com/  https://tools.euroland.com  https://pr.globenewswire.com/  https://tools.eurolandir.com/  https://syndication.twitter.com/  https://player.podigee-cdn.net/  *.readspeaker.com  https://www.youtube.com  https://www.youtube-nocookie.com  https://platform.twitter.com  https://w.soundcloud.com  https://cdn.podigee.com  https://emplocity.com  https://connect.facebook.net  https://open.spotify.com; report-uri /csp-violation-report-endpoint/ 2
default-src 'self' data: 'unsafe-inline'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.cloudflareinsights.com; media-src *; img-src 'self' data: www.facebook.com *.tawk.to *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com *.google.co.in *.s3.eu-west-2.amazonaws.com *.g.doubleclick.net www.trustlogo.com *.paypal.com *.paypalobjects.com *.cloudflareinsights.com content:; script-src 'self' 'unsafe-inline' data: *.paypal.com *.paypalobjects.com js.stripe.com widget.trustpilot.com *.tawk.to *.googletagmanager.com *.cloudflareinsights.com; frame-src 'self' data: widget.trustpilot.com *.cloudflareinsights.com www.sandbox.paypal.com *.paypal.com *.paypalobjects.com js.stripe.com *.tawk.to; connect-src 'self' data: *.cloudflareinsights.com www.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.tawk.to wss://*.tawk.to *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; script-src-elem 'self' data: connect.facebook.net *.paypal.com *.paypalobjects.com js.stripe.com widget.trustpilot.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.cloudflareinsights.com www.trustlogo.com 'unsafe-inline'; font-src 'self' data: *.tawk.to *.cloudflareinsights.com fonts.gstatic.com/; 2
frame-ancestors 'self' https://*.breuninger.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com fonts.gstatic.com use.fontawesome.com www.google.co.uk *.dwin1.com www.google.com *.puzzel.com *.bing.com static.addtoany.com m.addthisedge.com *.addthis.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.qualtrics.com *.cloudfront.net widget.trustpilot.com fp.gdmdigital.com *.linkedin.com *.facebook.com *.typekit.net ajax.googleapis.com analytics.google.com v2.visualwebsiteoptimizer.com useruploads.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com livechat.uk2group.com www.googleadservices.com tagmanager.google.com www.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net *.uk2.net code.jquery.com *.steelhousemedia.com *.adroll.com connect.facebook.net platform.twitter.com apis.google.com tracking.websitealive.com www.gstatic.com https://www.google-analytics.com secure.leadforensics.com *.adnxs.com https://optimize.google.com *.hcaptcha.com; img-src 'self' 'unsafe-inline' *.thgingenuity.com img.zohostatic.eu googletagmanager.com canarytokens.com *.uk2.net data: *.typekit.net *.gstatic.com *.bing.com secure.gravatar.com *.pingdom.net v2.visualwebsiteoptimizer.com placehold.it useruploads.visualwebsiteoptimizer.com syndication.twitter.com https://script.hotjar.com http://script.hotjar.com dev.visualwebsiteoptimizer.com livechat.uk2group.com googleads.g.doubleclick.net www.googleadservices.com *.steelhousemedia.com chart.googleapis.com widget.trustpilot.com notify.bugsnag.com stats.g.doubleclick.net www.google.com www.google.co.uk https://www.google-analytics.com 55b558c7-resources.bk-partnersasia.com csi.gstatic.com www.facebook.com images.websitealive.com tracking.websitealive.com https://optimize.google.com; style-src 'self' 'unsafe-inline' *.uk2.net www.google.co.uk *.puzzel.com *.pingdom.net https://use.fontawesome.com maxcdn.bootstrapcdn.com *.steelhousemedia.com fonts.gstatic.com www.google.com tagmanager.google.com dev.visualwebsiteoptimizer.com livechat.uk2group.com  tracking.websitealive.com widget.trustpilot.com fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; frame-src 'self' *.hcaptcha.com *.uk2.net cdn.forms-content.sg-form.com static.addtoany.com https://vars.hotjar.com *.twitter.com *.addthis.com www.google.co.uk www.google.com *.steelhousemedia.com player.vimeo.com a5.websitealive.com www.youtube.com widget.trustpilot.com tracking.websitealive.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com dev.visualwebsiteoptimizer.com livechat.uk2group.com https://optimize.google.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.paypal.com *.io.thehut.local mw-uk2-uat.thehut.net mw.thghosting.com static.addtoany.com googleadservices.com stats.g.doubleclick.net *.puzzel.com *.pingdom.net widget.trustpilot.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com *.uk2.net *.addthis.com dev.visualwebsiteoptimizer.com livechat.uk2group.com mw-uk2-uat.thehut.net mw.thghosting.com fonts.googleapis.com https://www.google-analytics.com www.gstatic.com connect.facebook.net bat.bing.com *.sentry.io; font-src 'self' *.uk2.net data: http://script.hotjar.com https://script.hotjar.com fonts.gstatic.com use.typekit.net *.puzzel.com https://use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com; default-src 'self' data: *.puzzel.com *.uk2.net; object-src 'none'; 2
img-src 'self' data:;font-src 'none' 2
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://alteryx.lookbookhq.com https://alteryx.lookbookhq.com http://alteryx.pathfactory.com https://alteryx.pathfactory.com; 2
base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src *.googletagmanager.com cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src *.rocketcdn.me tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 2
frame-ancestors 'self' *.eur.nl 2
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; font-src 'self'; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 2
frame-ancestors mein-mmo.de *.mein-mmo.de *.google.de *.google.com *.cdn.ampproject.org 2
font-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com fonts.gstatic.com cdn.fonts.net; img-src 'self' data: *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com *.googleapis.com www.googleadservices.com *.googletagmanager.com *.gstatic.com tagmanager.google.com profity.ch *.profity.ch *.xcampaign.ch image.migros.ch migros-test.rokka.io migros-coupons-test.rokka.io *.google.com googleads.g.doubleclick.net ad.doubleclick.net www-leshop-ch-cld-res.cloudinary.com res.cloudinary.com bat.bing.com images.ctfassets.net siteintercept.qualtrics.com *.teads.tv; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com www.googleadservices.com *.googletagmanager.com tagmanager.google.com www.google.com googleads.g.doubleclick.net bat.bing.com static.profity.ch siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.teads.tv; style-src 'self' 'unsafe-inline' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com tagmanager.google.com cdn.fonts.net; child-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com *.youtube.com pay.sandbox.datatrans.com pay.datatrans.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com migroscx.qualtrics.com; connect-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com www-leshop-ch-cld-res.cloudinary.com res.cloudinary.com *.contentful.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com s.qualtrics.com https://browser-intake-datadoghq.eu *.teads.tv https://cdn-eu.configcat.com; default-src 'self'; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com wss://directline.botframework.com; 2
frame-ancestors https://*.kennesaw.edu; 2
frame-ancestors 'self' https://*.wikiloc.com; 2
require-trusted-types-for 'script';report-uri /cspreport 2
frame-ancestors 'self' https://www.99.co; 2
frame-ancestors 'self' https://*.salliemae.com 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 2
frame-ancestors 'self' *.bonhams.com 2
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' data:; media-src data: about:; frame-src 'self' about: https:; object-src 'self' about: 2
frame-ancestors 'self' https://*.adaptavist.com 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 2
frame-ancestors 'self' *.virginmoney.com; 2
default-src 'self'; child-src 'self' blob: https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com; connect-src 'self' https://geohub.lacity.org https://opendata.arcgis.com https://s3-us-west-1.amazonaws.com/drupals3test01/311-feed/totals.json https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/front.json https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/public_trends.json https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/trending_v2.json https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://calendar.lacity.org https://www.lacity.org/feeds/city-directory wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://c.go-mpulse.net https://*.akstat.io https://api.lacity.org https://*.akamaihd.net https://surveystats.hotjar.io https://bam.nr-data.net https://api.userway.org/api/ https://maps.googleapis.com https://l.sharethis.com https://www.lacity.gov/feeds/city-directory https://*.userway.org https://public.gis.lacounty.gov https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/public_trends_test_beta.json https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/trending_v2_test_beta.json https://s3-us-west-1.amazonaws.com/drupals3test01/twitter-feed/front_test_beta.json https://kit.fontawesome.com/ https://ka-p.fontawesome.com/; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://use.fontawesome.com https://pro.fontawesome.com https://stackpath.bootstrapcdn.com https://*.hotjar.com https://cdn.userway.org/widgetapp/bundles/udf/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com https://player.vimeo.com/ https://cdn.userway.org/ https://snapwidget.com/; img-src 'self' https: blob: data:; manifest-src 'none'; media-src 'self' https: blob:; object-src 'none'; prefetch-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ https://snapwidget.com/js/snapwidget.js cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ https://snapwidget.com/js/snapwidget.js cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com;  img-src 'self' https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es  *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src data: 'self' https://lf16-tiktok-web.ttwstatic.com https://*.tiktok.com track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com *.adobe.io tag.oniad.com  sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com *.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js  https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://*.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' data: https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 2
frame-ancestors 'self' https://*.arg.igrupobbva 2
base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.conetix.com.au https://info.conetix.com https://www.google-analytics.com https://ekr.zdassets.com https://i.clarity.ms https://conetix.zendesk.com https://ekr.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://m.addthis.com https://api-public.addthis.com https://*.clarity.ms https://conetix.sendsafely.com https://static-conetix.sendsafely.com https://conetix.sendsafely-au.com https://connect.facebook.net https://graph.facebook.com/ https://analytics.google.com 2
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 2
frame-ancestors *.peugeot.ba *.olx.com olx.ba 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com https://letscast.fm; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2
frame-ancestors 'self' https://*.mobiauto.com.br https://*.mobigestor.com.br https://*.passecarros.com.br https://*.suaoficinaonline.com.br 2
default-src 'self' https://*.iec.ch/ https://iec.ch/; font-src *;img-src 'self' https://*.s3.eu-west-1.amazonaws.com/ https://*.iec.ch/ https://iec.ch/ data: https://*.gstatic.com/ https://*.google.com/ http://*.google.com/ http://*.googleapis.com/ https://*.mapbox.com/ https://*.openstreetmap.org/ https://*.google-analytics.com/ https://*.fastly.net/ https://*.cloudfront.net/; script-src 'self' https://*.iec.ch/ https://iec.ch/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.iec.ch/ https://iec.ch/ https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://unpkg.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/;style-src-elem * 'unsafe-inline';script-src-elem * 'unsafe-inline';frame-src 'self' https://app.powerbi.com https://*.surveymonkey.com https://*.widgets.sociablekit.com/ https://widgets.sociablekit.com/ https://*.tiktok.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://*.vimeo.com/ https://*.mtcaptcha.com/ https://*.mikle.com/ https://*.google.com/ https://*.iec.ch/ https://iec.eu.qlikcloud.com/ https://*.eu.qlikcloud.com/ https://iec.ch/;frame-ancestors 'self' https://*.youtube-nocookie.com/ https://*.youtube.com/ https://*.vimeo.com/ https://*.mtcaptcha.com/ https://*.mikle.com/ https://*.google.com/ https://*.iec.ch/ https://iec.ch/;connect-src *; 2
default-src 'self' 'unsafe-inline' *.website-files.com; script-src-elem 'unsafe-inline' https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://assets-global.website-files.com/ https://static.zdassets.com; font-src https://assets.website-files.com data:; frame-src https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co 2
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com  *.unesco.de *.readspeaker.com datawrapper.dwcdn.net https://streaming.sendewerk.berlin app.sli.do *.unitylivestream.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net; 2
frame-ancestors 'self' https://microsites.audi.com *.audi-boerse.de https://mtt.avp.tech; 2
base-uri 'none'; object-src 'none';             style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.securiti.ai *.onetrust.com *.googleapis.com *.lightboxcdn.com *.google.com;             script-src 'nonce-wMxiyjGfKr2uX7WywAxv0A==' 'strict-dynamic' 'unsafe-eval'; frame-ancestors *.onetrust.com *.nonprod-asurion53.com *.asurion.com *.asurion53.com *.google.com;             frame-src https://www.google.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com             https://10177734.fls.doubleclick.net https://assets.contently.com https://docs.google.com/             https://form.jotform.com/ https://submit.jotform.com/ https://aa.trkn.us https://www.lightboxcdn.com             https://lightboxapi.azurewebsites.net https://asurion.az1.qualtrics.com https://siteintercept.qualtrics.com             https://webforms.pipedrive.com https://*.cdn.optimizely.com https://cdn.jsdelivr.net/ https://my.asurion.com; 2
default-src 'self' 'unsafe-inline' data: gap: content: blob: https://aena.sc.omtrdc.net https://estadisticaswpa.aena.es https://external.airport.ai https://fonts.googleapis.com https://fonts.gstatic.com https://parceiros.estapar.com.br/widgets/4927 https://parceiros.estapar.com.br/widgets/4928 https://parceiros.estapar.com.br/widgets/4929 https://player.vimeo.com https://tools.euroland.com https://tools.eurolandir.com https://www.facebook.com https://www.google.com https://www.youtube.com https://www.gstatic.com https://assets.adobedtm.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://vars.hotjar.com https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://connect.facebook.net https://8010328.fls.doubleclick.net https://cookiescdn.elixregtech.com https://informeswpa.aena.es https://*.qualtrics.com https://clubcliente.aena.es/;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://assets.adobedtm.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://external.airport.ai/js/sdk/web.js https://maps.googleapis.com https://s.go-mpulse.net https://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com https://maps.google.com https://static.hotjar.com https://script.hotjar.com https://html2canvas.hertzen.com https://cookiescdn.elixregtech.com https://*.qualtrics.com;frame-ancestors 'self' https://informeswpa.aena.es;object-src 'none';connect-src 'self' https://*.akstat.io https://aena.sc.omtrdc.net https://aena-indoor-read-api.geographica.com https://api.ipify.org https://basemaps.cartocdn.com https://c.go-mpulse.net https://cartocdn-geuw-a.global.ssl.fastly.net https://cartocdn-geuw-b.global.ssl.fastly.net https://cartocdn-geuw-c.global.ssl.fastly.net https://cartocdn-geuw-d.global.ssl.fastly.net https://cdn.cookielaw.org https://dpm.demdex.net https://external.airport.ai https://player.vimeo.com https://stats.g.doubleclick.net https://tiles.basemaps.cartocdn.com https://tiles-a.basemaps.cartocdn.com https://tiles-b.basemaps.cartocdn.com https://tiles-c.basemaps.cartocdn.com https://tiles-d.basemaps.cartocdn.com https://www.facebook.com https://www.google-analytics.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://in.hotjar.com https://aena.sc.omtrdc.net https://a.geuw.cartocdn.com https://b.geuw.cartocdn.com https://c.geuw.cartocdn.com https://d.geuw.cartocdn.com https://cookies-data.onetrust.io https://xhs59014.live.dynatrace.com/bf 'self' https://aena-indoor-read-api.geographica.com https://api.ipify.org https://basemaps.cartocdn.com https://cartocdn-geuw-a.global.ssl.fastly.net https://cartocdn-geuw-b.global.ssl.fastly.net https://cartocdn-geuw-c.global.ssl.fastly.net https://cartocdn-geuw-d.global.ssl.fastly.net https://cdn.cookielaw.org https://dpm.demdex.net https://external.airport.ai https://player.vimeo.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net https://tiles.basemaps.cartocdn.com https://tiles-a.basemaps.cartocdn.com https://tiles-b.basemaps.cartocdn.com https://tiles-c.basemaps.cartocdn.com https://tiles-d.basemaps.cartocdn.com https://www.facebook.com https://www.google-analytics.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://in.hotjar.com https://aena.sc.omtrdc.net https://a.geuw.cartocdn.com https://b.geuw.cartocdn.com https://c.geuw.cartocdn.com https://d.geuw.cartocdn.com https://cookies-data.onetrust.io https://xhs59014.live.dynatrace.com/bf https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net  https://cookies-api-pro.elixregtech.com https://aena.tt.omtrdc.net https://*.qualtrics.com;img-src 'self' data: blob: https://aena.sc.omtrdc.net https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.es https://www.google-analytics.com https://www.googletagmanager.com https://developers.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://8010328.fls.doubleclick.net https://www.google.fr https://www.google.de https://cookiescdn.elixregtech.com https://pubads.g.doubleclick.net https://*.qualtrics.com; 2
frame-ancestors 'self' https://sonae.outsystemsenterprise.com outsystems://sonae.outsystemsenterprise.com https://cartaocontinente.pt outsystems://cartaocontinente.pt 2
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.daytondailynews.com https://editions.daytondailynews.com 2
default-src 'self' *.orange.be *.google.es  *.abtasty.com *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com brand-messenger.app.khoros.com *.khoros.com wss://brandmessenger-ws.euw1.khoros.com ssl://brandmessenger-ws.euw1.khoros.com:8883 proactive-chat-server-eu.prod.aws.lcloud.com messaging-auth-eu-west-1.prod.aws.lcloud.com;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://googleads.g.doubleclick.net  https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http//www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com  https://widgets.pinterest.com;  object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com;  style-src 'unsafe-inline' 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com;  img-src * blob: https://optimize.google.com *.orange.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com *.fls.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com  https://log.pinterest.com;  media-src 'self' data: *.mobistar.be  *.orange.be *.netdna-ssl.com https://v.pinimg.com;  frame-src 'self'  https://optimize.google.com * emsecure.net  *.orange.be https://assets.pinterest.com;  font-src 'self' https://fonts.gstatic.com *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com  *.typekit.net *.fontawesome.com;  connect-src 'self' *.googlesyndication.com *.gstatic.com https://uq5v1rcrhz-dsn.algolia.net *.algolianet.com *.cloudfront.net *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.khoros.com *.eshop.orange.be *.orange.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com *.abtasty.com *.contentsquare.net *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com  *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com browser-update.org *.googleapis.com *.tiqcdn.com *.teads.tv *.pinterest.com *.taboola.com *.clarity.ms *.gsitrix.com *.adensemble.com *.cookieless-data.com bbd-tag.de admaxium.com *.perfectaudiencertg.com *.netdna-ssl.com *.twitter.com *.bing.com *.pinimg.com *.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://img.netaffiliation.com https://files.qualifio.com *.khoros.com; frame-ancestors 'self' https://mobile.kbc-group.com https://kbctouch.kbc.be https://cbctouch.cbc.be https://touch.kbcbrussels.be https://mobileyoungsterapp.kbc-group.com ; 2
default-src 'self'; worker-src 'self' blob: https://www.youtube.com/ https://fast.wistia.com https://s7.addthis.com https://forms.hubspot.com https://forms.hsforms.com; frame-src 'self' https://player.vimeo.com/ https://www.google.com/ https://optimize.google.com https://youtube.com https://platform.twitter.com https://vars.hotjar.com https://www.youtube.com/ https://fast.wistia.com https://fast.wistia.net/ https://s7.addthis.com https://forms.hubspot.com https://forms.hsforms.com https://www.facebook.com https://td.doubleclick.net https://app.vwo.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://cdn.linkedin.oribi.io/ https://neo.tildacdn.com https://boards-api.greenhouse.io https://forms.tildacdn.com https://search.tildacdn.com https://feeds.tildacdn.com https://insta.tildacdn.com https://js.hs-banner.com https://assets8.lottiefiles.com https://assets9.lottiefiles.com https://assets10.lottiefiles.com https://thumb.tildacdn.com https://stat.tildacdn.com https://sysstat.tildacdn.com https://assets6.lottiefiles.com https://hubspot-forms-static-embed.s3.amazonaws.com wss://ws2.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com https://ws2.hotjar.com https://ws6.hotjar.com https://ws7.hotjar.com https://in.hotjar.com https://trc-events.taboola.com/ https://api.hubapi.com/ https://www.facebook.com/tr/ https://www.google-analytics.com https://embed-ssl.wistia.com https://api.hubspot.com https://forms.hsforms.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embedwistia-a.akamaihd.net https://m.addthis.com https://s7.addthis.com https://stats.g.doubleclick.net https://analytics.google.com https://cta-service-cms2.hubspot.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://dev.visualwebsiteoptimizer.com; img-src 'self' data: blob: https://px4.ads.linkedin.com/ https://i.ytimg.com https://forms-na1.hsforms.com https://sc.lfeeder.com https://tr.lfeeder.com/ https://lftracker.leadfeeder.com https://scontent-frt3-1.cdninstagram.com https://scontent-frx5-1.cdninstagram.com https://scontent-frx5-2.cdninstagram.com https://www.googletagmanager.com https://img.youtube.com https://assets8.lottiefiles.com https://tr.outbrain.com https://thumb.tildacdn.com https://s-insta.tildacdn.com https://stat.tildacdn.com https://static.tildacdn.com https://static3.tildacdn.com https://www.entersekt.com https://trc.taboola.com https://p.adsymptotic.com/d/px/ https://www.linkedin.com https://cds.taboola.com https://www.facebook.com/tr/ https://www.google.com/pagead/ https://www.google.co.za/pagead/ https://googleads.g.doubleclick.net/pagead/ https://px.ads.linkedin.com https://extensionscdn.joomla.org https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://track.hubspot.com https://stats.g.doubleclick.net https://embed-ssl.wistia.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://forms.hsforms.com https://no-cache.hubspot.com https://perf.hsforms.com https://perf-na1.hsforms.com https://dev.visualwebsiteoptimizer.com; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://cdn.matomo.cloud/entersekt.matomo.cloud/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sc.lfeeder.com https://tr.lfeeder.com https://lftracker.leadfeeder.com https://neo.tildacdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://neo.tildacdn.com https://stat.tildacdn.com https://tr.outbrain.com https://script.hotjar.com https://amplify.outbrain.com https://static.tildacdn.com https://www.entersekt.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://platform.twitter.com https://static.hotjar.com  https://trc.taboola.com https://cdn.taboola.com https://connect.facebook.net https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://www.google.co.za/pagead/ https://www.googleadservices.com/pagead/ https://js.hs-banner.com https://js.hsadspixel.net https://appscdn.joomla.org https://ajax.googleapis.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://js.hs-analytics.net https://api.usemessages.com https://js.usemessages.com https://s.ytimg.com https://src.litix.io https://www.youtube.com https://js.hs-scripts.com https://fast.wistia.com https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://fast.wistia.net https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com/px/li_sync https://secure.hiss3lark.com/Track/Capture.aspx https://js.hubspot.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' 'unsafe-inline' https://static.tildacdn.com https://www.entersekt.com https://use.fontawesome.com https://entersekt.info  https://optimize.google.com https://fonts.googleapis.com https://app.vwo.com 2
frame-ancestors 'self' *.mega.cl *.meganoticias.cl *.etc.cl *.google.com www-meganoticias-cl.cdn.ampproject.org 2
style-src   'self' *.googleapis.com se-forms.cz 'unsafe-inline';     default-src 'self' *.googleapis.com *.googletagmanager.com *.gstatic.com *.smartemailing.cz;     connect-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz stats.g.doubleclick.net 'unsafe-inline';     script-src  'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';     frame-src   'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';     img-src     'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com images.ctfassets.net *.google.com *.google.cz data: 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline'; connect-src 'self' blob: *; font-src 'self' https://images.mutinycdn.com/ https://livestorm.imgix.net; frame-ancestors 'self' https://app.mutinyhq.com https://preview.mutinyhq.com; frame-src *; img-src 'self' data: *; media-src 'self' blob: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: https: 'unsafe-inline'; 2
frame-ancestors *.benq.com *.benq.eu 2
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com *.optimizely.com *.eu-central-1.compute.amazonaws.com *.onfastspring.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 2
report-uri https://csp.crexi.com; report-to csp-endpoint 2
frame-ancestors https://experience.adobe.com https://snagajob.com.experiencecloud.adobe.com 2
default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://*.hotjar.com https://*.ads-twitter.com; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://*.force.com https://*.salesforce.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com; 2
frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2
frame-ancestors https://*.sevenrooms.com 2
default-src 'none'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://dam.santander.co.uk https://t.contentsquare.net https://app.contentsquare.com https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk; connect-src 'self' 'unsafe-inline' https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://*.contentsquare.net https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://*.contentsquare.net https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src https://lpcdn.lpsnmedia.net; worker-src blob:; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; frame-src https://* about: javascript:; frame-ancestors 'self' http://*.vegas.com https://*.vegas.com 2
default-src 'self' *.sensortower.com *.sensortower-china.com *.facebook.com; connect-src 'self' *.sensortower.com *.sensortower-china.com *.netlify.app *.bugsnag.com *.lever.co *.doubleclick.net *.adroll.com *.google-analytics.com analytics.google.com cdn.cookielaw.org *.mktoutil.com *.mktoresp.com *.salesloft.com *.pubmatic.com *.advertising.com *.taboola.com *.3lift.com *.clickagy.com *.zoominfo.com *.osano.com *.linkedin.oribi.io; base-uri 'none'; form-action *.facebook.com connect.facebook.net; img-src * data:; media-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' *.sensortower.com *.sensortower-china.com *.zoominfo.com *.google-analytics.com *.facebook.net *.bizible.com *.licdn.com *.cookielaw.org *.googletagmanager.com *.marketo.net *.salesloft.com *.adroll.com *.vidyard.com *.clickagy.com *.osano.com; style-src 'self' 'unsafe-inline' *.sensortower.com *.sensortower-china.com fonts.googleapis.com *.googletagmanager.com; font-src 'self' *.sensortower.com *.sensortower-china.com fonts.gstatic.com data:; frame-src 'self' *.sensortower.com *.sensortower-china.com *.vidyard.com; frame-ancestors 'self' https://app.contentful.com; 2
frame-ancestors 'self' https://*.unige.it 2
default-src *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.ingest.sentry.io *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline moz-extension 'self' 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline 'self' 'unsafe-inline'; frame-src *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.openstreetmap.fr *.pop.culture.gouv.fr *.readspeaker.com *.soundcloud.com *.tolk.ai *.twitter.com *.vimeo.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://semrecf2.culture.fr https://sesame.culture.fr https://sf1-eu.readspeaker.com https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline 'self' 'unsafe-inline'; script-src *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://app.readspeaker.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://sf1-eu.readspeaker.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline moz-extension 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-VGhpc0V6UGxhdGZvcm1Ub2tlbklzTm90U29TZWNyZXRfUGxlYXNlQ2hhbmdlSXQ='; style-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://sf1-eu.readspeaker.com inline 'self' 'unsafe-inline'; report-uri /nelmio/csp/report 2
frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:*; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.ytimg.com https://go.onsemi.com blob: data:  https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.xsolla.com https://*.xsolla.net; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' www.googletagmanager.com 'sha256-H37SquAxnCovYKQ5UcPozCmVVFCEkKb/7Zk4YDdYWzY=' https://connect.facebook.net 'sha256-DLvjV1tVrqrWlJw/KUGFA2ZjG9tYWwr5/e4TwzJ/oa8=' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net; script-src 'self' 'unsafe-eval' www.googletagmanager.com https://*.xsolla.com https://*.xsolla.net; connect-src 'self' https://api.gxc.gg https://api.gx.games https://api.stats.gx.games https://sentry-relay.opera-api.com https://s3.eu-north-1.amazonaws.com/prod.cloudsaves/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.xsolla.com https://*.xsolla.net; img-src 'self' data: blob: https://play.gxc.gg https://play.gx.games www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net; media-src https://play.gxc.gg https://play.gx.games; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; base-uri 'self'; manifest-src 'self'; frame-src https://play.gxc.gg https://play.gx.games https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net 2
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.de https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.de https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.awin1.com https://*.tealiumiq.com https://*.doubleclick.net;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.de  https://smetrics.vwfs.de https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.de https://*.tiqcdn.com https://*.tealiumiq.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.de https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.de https://smetrics.vwfs.de https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://*.tealiumiq.com https://*.doubleclick.net;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 2
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; connect-src 'self' wss://tsock.us1.twilio.com/v3/wsconnect https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data: 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; media-src https: blob:; img-src https: data:; font-src https: data:; worker-src https: blob:; connect-src https: wss: 2
frame-src *.pff.com www.facebook.com www.youtube.com 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 2
default-src https: 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' https://app-demo.standardnotes.com https://extensions.standardnotes.com *.stripe.com donorbox.org/embed/standard-notes paypalobjects.com *.paypal.com; connect-src 'self' *.stripe.com *.paypal.com https://extensions.standardnotes.com https://api.standardnotes.com *.braintreegateway.com *.coinbase.com *.braintree-api.com client-analytics.braintree.com plausible.standardnotes.com; frame-src 'self' *.youtube-nocookie.com *.braintreegateway.com client-analytics.braintree.com *.coinbase.com *.paypal.com www.paypalobjects.com *.stripe.com donorbox.org/embed/standard-notes *.standardnotes.com; font-src 'self'; form-action 'self' *.list-manage.com; frame-ancestors 'self' https://app-demo.standardnotes.com https://extensions.standardnotes.com https://api.standardnotes.com; img-src * data:; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' plausible.standardnotes.com *.stripe.com donorbox.org/widget.js *.paypal.com www.paypalobjects.com *.braintreegateway.com client-analytics.braintree.com *.coinbase.com; style-src 'self' 'unsafe-inline' *.braintreegateway.com client-analytics.braintree.com *.coinbase.com; 2
base-uri 'self'; default-src 'self' *.google-analytics.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  www.ssa.gov  cdn.mathjax.org www.opengl.org *.gstatic.com unpkg.com www.recaptcha.net *.disquscdn.com *.disqus.com *.google.com www.google-analytics.com *.cloudflare.com acsbapp.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.n *.googletagmanager.com googleadmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.ssa.gov  cdn.mathjax.org *.gstatic.com www.recaptcha.net *.polyfill.io *.disquscdn.com *.disqus.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.net img.shields.io unpkg.com cdnjs.cloudflare.com   www.youtube.com; style-src 'self' 'unsafe-inline' www.ssa.gov fonts.googleapis.com *.bootstrapcdn.com platform.twitter.com *.google.com  *.cloudflare.com *.disquscdn.com; frame-ancestors 'self'; frame-src 'self' cdn.knightlab.com www.youtube-nocookie.com tamrat-b.github.io  sketchfab.com *.babylonjs.com disqus.com  www.recaptcha.net www.youtube.com *.google.com; img-src 'self' data: blob: www.ssa.gov  wikimedia.org *.disquscdn.com *.disqus.com *.gstatic.com *.googleapis.com github.com cdn.khronos.org img.shields.io *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src 'self' www.youtube.com; object-src  data: *.github.io *.babylonjs.com; connect-src blob: 'self' *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; form-action 'self' www.paypal.com cdn.khronos.org ; 2
upgrade-insecure-requests;frame-ancestors 'self' https://*.apus.edu 2
default-src recreativdesign.com fonts.gstatic.com www.google.com data: 'self' st11.rcvlink.com;img-src recreativdesign.com recreativ.com image/svg+xml data: www.google.com.ua www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.iubenda.com st11.rcvlink.com;style-src 'unsafe-inline' *.iubenda.com recreativdesign.com fonts.googleapis.com;script-src recreativdesign.com recreativ.com www.google.com www.googletagmanager.com www.google.com.ua ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net cdnjs.cloudflare.com *.iubenda.com crypto.dev2.rcrtv.net payfor.dev 'unsafe-inline' 'unsafe-eval' 'self';connect-src *.iubenda.com pagead2.googlesyndication.com crypto.dev2.rcrtv.net payfor.dev recreativdesign.com 'self';frame-src *.iubenda.com www.google.com td.doubleclick.net www.gstatic.com crypto.dev2.rcrtv.net payfor.dev;base-uri 'self';object-src 'self';style-src-elem recreativdesign.com recreativ.com www.google.com www.googletagmanager.com ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net fonts.googleapis.com cdnjs.cloudflare.com *.iubenda.com 'unsafe-inline' 'unsafe-eval' 'self' 2
default-src 'self' data: blob: https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com https://*.mux.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com http://*.googleapis.com http://*.yotpo.com https://*.klaviyo.com https://*.klarnacdn.net https://*.adoric.com https://*.googletagmanager.com/ https://*.tiktokcdn-us.com; child-src 'self'; connect-src 'self' false https://atlas-api-mauve.nzxt.com https://store-atlas-api.nzxt.com https://sentry.io/api/ https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.civiccomputing.com https://*.zdassets.com https://*.affirm.com https://*.zendesk.com https://*.ent-search.us-central1.gcp.cloud.es.io https://*.vercel-insights.com wss://*.zopim.com https://*.sentry.io https://*.g.doubleclick.net https://*.signifyd.com https://*.cloudflare.com https://*.facebook.com https://*.pinterest.com https://*.quantserve.com https://*.mgr.consensu.org https://quantcount.org https://*.googlesyndication.com https://google.com https://*.snapchat.com http://*.yotpo.com https://*.extend.com https://*.klaviyo.com https://*.helloextend.com https://*.adsrvr.org https://*.klarnaservices.com https://*.tiktok.com https://*.kaltura.com https://*.adoric-om.com https://*.amplitude.com https://*.smooch.io https://*.datadome.co https://*.snapchat.com https://*.sjv.io https://vercel.live https://*.pusher.com wss://*.zendesk.com wss://*.smooch.io wss://*.pusher.com https://*.nzxt.com; font-src 'self' data: https://*.gstatic.com https://*.yotpo.com https://nzxt.com https://*.klarnacdn.net; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://*.youtube-nocookie.com https://w.soundcloud.com https://*.affirm.com https://*.mux.com https://*.fls.doubleclick.net https://*.facebook.com https://*.signifyd.com https://h.online-metrix.net https://*.typeform.com/ https://*.pinterest.com https://*.snapchat.com https://*.helloextend.com https://*.extend.com https://*.klarnaservices.com/ https://*.adsrvr.org https://vercel.live https://*.tiktok.com https://*.snapchat.com; img-src 'self' data: https://*.shopify.com https://*.google-analytics.com https://*.datocms-assets.com https://*.netdna-ssl.com https://*.letsbld.com https://*.s3-us-west-2.amazonaws.com https://*.zopim.io https://*.zdassets.com https://*.zendesk.com https://*.mux.com https://*.facebook.com https://*.gstatic.com https://*.g.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.google.com https://*.signifyd.com https://*.d.aa.online-metrix.net https://*.pinterest.com https://*.reddit.com https://*.quantserve.com https://*.mgr.consensu.org https://quantcount.org https://*.snapchat.com https://*.s3.amazonaws.com https://*.amazonaws.com http://*.yotpo.com https://i.ytimg.com https://*.cloudfront.net https://*.kaltura.com https://*.adoric.com https://*.googleapis.com https://*.zdusercontent.com https://*.cloudflare.com https://*.loggly.com https://*.vercel.com https://*.ojrq.net; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.affirm.com https://*.zdassets.com https://*.cdn.civiccomputing.com https://*.google-analytics.com https://*.zopim.com https://*.facebook.net https://*.signifyd.com https://s.pinimg.com https://*.quantcount.com https://*.quantserve.com https://*.mgr.consensu.org https://quantcount.org https://*.redditstatic.com https://sc-static.net https://*.helloextend.com https://*.extend.com https://*.googleadservices.com http://*.yotpo.com https://*.klaviyo.com https://*.adsrvr.org https://*.klarnaservices.com https://*.tiktok.com https://*.kaltura.com https://*.adoric-om.com https://vercel.live https://www.googletagmanager.com https://*.youtube.com https://*.snapchat.com https://*.zendesk.com https://*.smooch.io http://*.youtube.com https://*.impactcdn.com https://*.snapchat.com https://*.tiktokcdn-us.com https://*.ttwstatic.com https://*.threadai.zip 2
default-src * 'unsafe-inline' 'unsafe-eval' data:;img-src * 'unsafe-inline' 'unsafe-eval' 'self' data:;worker-src blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.uk2group.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com *.hcaptcha.com; img-src 'self' *.thgingenuity.com img.zohostatic.eu *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data: https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net; frame-src 'self' *.midphase.com cdn.forms-content.sg-form.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com https://vars.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com *.hcaptcha.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com ws://127.0.0.1:35729 http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com mw.thghosting.com bat.bing.com; font-src 'self' data: *.midphase.com http://script.hotjar.com https://script.hotjar.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.puzzel.com; frame-ancestors 'self'; 2
frame-ancestors 'self' *.winfuture.de; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crowdin.com *.taximaxim.com *.taximaxim.ge *.taximaxim.by *.taximaxim.ir *.taximaxim.com.ua *.taxsee.ru *.taxsee.com *.youtube.com *.taximaxim.ru www.google.com www.googletagmanager.com www.google-analytics.com www.googleoptimize.com optimize.google.com vk.com *.vk.com yastatic.net *.yandex.md *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com top-fwz1.mail.ru *.facebook.net *.facebook.com analytics.tiktok.com cdn.yektanet.com s.zzcdn.me; style-src 'self' 'unsafe-inline' optimize.google.com cdn.crowdin.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net optimize.google.com www.google.com www.google.ru analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com mc.yandex.ru cdn.crowdin.com trustseal.enamad.ir logo.samandehi.ir *.google.com log.adtimaserver.vn; connect-src 'self' mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com *.yektanet.com *.google.com log.adtimaserver.vn; font-src 'self' data: *.gstatic.com *.taxsee.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' www.google.com optimize.google.com *.g.doubleclick.net *.taxsee.com *.taximaxim.com *.taximaxim.ge *.taximaxim.by *.taximaxim.ir *.taximaxim.com.ua *.taximaxim.ru *.yandex.ru yandex.ru *.youtube.com; child-src 'self'; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 2
frame-src 'self'  https://*.zf.com https://*.dynamics.com/ https://embed.neospace.io/ https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://players.brightcove.net https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self'  https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://cdnapi.kaltura.com https://api.de.kaltura.com https://cdnapisec.kaltura.com https://*.zf.com  https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://vjs.zencdn.net  https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro   https://maps.googleapis.com; frame-ancestors 'self' https://*.zf.com https://araiv.com https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net; 2
base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob: https://*.siemens-healthineers.com; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://img.en25.com/i/elqCfg.min.js https://cdns.gigya.com; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 2
default-src 'self' scribehow.com cursive.io twitter.com ads-twitter.com *.crazyegg.com g.tenor.com okta.scribehow.com okta.cursive.io; script-src 'self' 'unsafe-inline' blob: *.bing.com *.crazyegg.com scribe.involve.me/ *.ubembed.com/ *.google.com *.launchnotes.io/ *.sentry-cdn.com *.outbrain.com embed.typeform.com js.stripe.com *.profitwell.com profitwell.com scribehow.com okta.scribehow.com assets.customer.io *.clickagy.com connect.facebook.net assets.calendly.com www.google-analytics.com *.googletagmanager.com snap.licdn.com www.googleanalytics.com platform.twitter.com/ static.ads-twitter.com/uwt.js analytics.twitter.com www.googleadservices.com *.flagsmith.com cdn.rollbar.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net analytics.tiktok.com www.googleoptimize.com ws.zoominfo.com/ r.wdfl.co/rw.js www.googletagmanager.com/gtag/ connect.facebook.net/signals/ bat.bing.com/ ajax.googleapis.com/ assets-global.website-files.com/ cdn.jsdelivr.net/npm/ cdn.mxpnl.com/libs/mixpanel-2-latest.min.js connect.facebook.net/en_US/fbevents.js *.cloudfront.net/js/ js.intercomcdn.com/ widget.intercom.io/widget/ www.googleoptimize.com/optimize.js www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' *.google.com embed.typeform.com assets.calendly.com assets-global.website-files.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets-global.website-files.com app.launchnotes.io/ *.crazyegg.com *.ubembed.com/ *.cloudimg.io *.profitwell.com profitwell.com scribe-api-dev.scribehow-dev.com scribe-api-stage.scribehow-stage.com scribe-api-prod.scribehow-prod.com scribe-api-okta.scribehow-okta.com scribe-api.cursive.io scribe-api.scribehow.com scribe-api-okta.scribehow.com scribe-api-okta.cursive.io scribe-llm-service.scribehow.com scribe-llm-service-okta.scribehow.com *.google-analytics.com *.customer.io api-js.mixpanel.com/ *.calendly.com facebook.com/tr stats.g.doubleclick.net/ *.s3-accelerate.amazonaws.com colony-labs-public.s3.us-east-2.amazonaws.com *.google.com o385127.ingest.sentry.io *.flagsmith.com api.rollbar.com/ bam.nr-data.net bam-cell.nr-data.net *.clickagy.com g.tenor.com ws.zoominfo.com *.analytics.google.com *.googletagmanager.com www.facebook.com/ analytics.tiktok.com api-iam.intercom.io api-js.mixpanel.com bat.bing.com stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io; font-src 'self' data: *.google.com assets.launchnotes.io/fonts/ fonts.gstatic.com assets.website-files.com; frame-src 'self' *.google.com *.ubembed.com/ *.crazyegg.com cdn.embedly.com *.launchnotes.io/ player.vimeo.com platform.twitter.com/ embed.typeform.com form.typeform.com scribe.involve.me/ calendly.com *.clickagy.com js.stripe.com/ scribehow.com okta.scribehow.com app.gong.io *.app.gong.io www.loom.com www.facebook.com www.youtube.com; frame-ancestors 'self' scribehow.com okta.scribehow.com; img-src 'self' data: media.tenor.com blob: content: t.co assets.scribehow.com *.google.com/ *.profitwell.com *.crazyegg.com *.bing.com tr.outbrain.com/ *.s3.amazonaws.com track.customer.io scribehow.com okta.scribehow.com *.s3-accelerate.amazonaws.com *.s3.us-east-2.amazonaws.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com www.google.by assets.calendly.com *.clickagy.com d3m1fwcc59lqhy.cloudfront.net www.facebook.com id.rlcdn.com *.ads.linkedin.com p.adsymptotic.com connect.facebook.com api.faviconkit.com googleads.g.doubleclick.net *.gstatic.com twemoji.maxcdn.com www.googletagmanager.com gravatar.com image.scribehow-prod.com image.scribehow-okta.com www.googletagmanager.com/ pixel-sync.sitescout.com/connectors/clickagy/ *.doubleclick.net/ sync.crwdcntrl.net/map/ stags.bluekai.com/site/ *.agkn.com/ dpm.demdex.net/ us-u.openx.net/w/ idsync.rlcdn.com/ id.rlcdn.com/ analytics.twitter.com assets-global.website-files.com bat.bing.com www.google.rs dna8twue3dlxq.cloudfront.net; manifest-src 'self'; media-src 'self' assets-global.website-files.com; worker-src 'self' blob:; child-src blob:; 2
default-src 'self' https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; worker-src 'self' blob: https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; img-src 'self' https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/ data: blob:; font-src 'self' data:; media-src 'self' https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/ data:; object-src 'none'; frame-ancestors 'self' https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; connect-src 'self' https://www.gstatic.com/ https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/ blob: data:; child-src blob: https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; style-src 'self' 'unsafe-inline' data: blob: https://*.storyblok.com https://s3.amazonaws.com https://localhost:3010 http://localhost:3000 https://gapi.storyblok.com/v1/api https://*.mapbox.com https://*.optimizely.com https://*.onetrust.com https://*.stickyadstv.com https://*.yahoo.com https://*.pubmatic.com https://exclaimer.pinpointhq.com/jobs.json https://*.driftt.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.netlify.app https://*.netlify.com https://*.linkedin.com https://*.google.co.uk https://*.vimeo.com https://*.wistia.com https://*.youtube.com https://*.googleoptimize.com https://*.google.com https://*.googlesyndication.com https://*.6sc.co https://*.pro-market.net https://*.simpli.fi https://*.zopim.com https://*.zendesk.com https://*.exclaimer.com https://*.pardot.com https://*.hotjar.com https://*.hotjar.io https://*.ads-twitter.com https://*.bing.com https://*.redditstatic.com https://*.reddit.com https://*.googleadservices.com https://*.doubleclick.net https://*.tremorhub.com https://*.tapad.com https://*.exelator.com https://*.intentiq.com https://*.bluekai.com https://*.crwdcntrl.net https://*.openx.net https://*.adnxs.com https://*.navattic.com https://*.zdassets.com https://*.licdn.com https://*.lijit.com https://*.spotxchange.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.zoominfo.com https://*.cloud-ingenuity.com https://*.oribi.io https://*.agkn.com https://*.salesloft.com https://*.6sense.com https://*.twitter.com https://*.liadm.com https://t.co/ https://*.bfmio.com https://*.rlcdn.com https://*.rubiconproject.com https://*.1rx.io https://*.3lift.com wss://*.zopim.com wss://ws.hotjar.com https://*.calendly.com https://calendly.com/ https://www.surveymonkey.com/ https://widget.surveymonkey.com/* https://widget.surveymonkey.co.uk/ https://widget.surveymonkey.com/ *.surveymonkey.com *.surveymonkey.net https://www.surveymonkey.co.uk/ https://fast.wistia.net/ https://cdn.heapanalytics.com/ heapanalytics.com/ https://*.auryc.com/; 2
frame-ancestors 'self' https://gocardless.lookbookhq.com https://gocardless.pathfactory.com https://content.gocardless.com;report-uri https://o405487.ingest.sentry.io/api/5312304/security/?sentry_key=9f3af8ac83c84627bbdbe45a80a061aa 2
frame-ancestors 'self' *.paessler.com 2
frame-ancestors 'self' https://www.vodafone.de https://kabel.vodafone.de https://gigakombi.vodafone.de 2
frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 2
frame-ancestors 'self' qr-generator.test *.qr-generator.test egodit.org *.egodit.org qr-code-generator.com *.qr-code-generator.com qr-code-generator.de *.qr-code-generator.de qrcode-generator.de *.qrcode-generator.de egoditor.com *.egoditor.com 2
script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://*.adobedtm.com https://*.paypal.com https://*.paypalobjects.com https://*.gstatic.com https://*.braintreegateway.com https://*.google.com https://*.sezzle.com https://*.iseeme.com https://*.cloudflare.com https://cdn.inspectlet.com https://*.turnto.com https://*.googletagmanager.com https://connect.facebook.net https://www.googlecommerce.com https://dev.visualwebsiteoptimizer.com https://*.olark.com https://cdn.ywxi.net https://www.googleadservices.com https://bat.bing.com https://cdn.datasteam.io https://amplify.outbrain.com https://cdn.attn.tv https://s.pinimg.com https://snip.bronto.com https://collector-12391.tvsquared.com https://www.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.steelhousemedia.com https://*.adsrvr.org https://*.clarity.ms https://*.g.doubleclick.net https://*.cloudflare.net https://*.cloudfront.net https://*.criteo.net https://*.criteo.com https://*.outbrain.com https://*.scarabresearch.com https://*.emarsys.net https://*.trustpilot.com https://*.cookielaw.org https://*.trustedsite.com https://*.youtube.com https://*.tiktok.com https://*.cardinalcommerce.com https://*.ads-twitter.com https://*.mountain.com https://*.adnxs.com https://*.boldcommerce.com https://static.xx.fbcdn.net https://*.kaptcha.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://*.zopim.com https://*.zendesk.com wss://*.zopim.com wss://*.zendesk.com; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://www.google.com/recaptcha/* https://campsi-eu.s3.eu-west-1.amazonaws.com https://cdn.amplitude.com https://*.fullstory.com/ https://perfalytics.com https://*.partnerpage.io https://*.clarity.ms https://c.bing.com https://static.zdassets.com ads-api.twitter.com https://*.hsleadflows.net https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://static.hsappstatic.net https://js.hscta.net https://googleads.g.doubleclick.net https://app-worker.visitor-analytics.io https://*.hotjar.com https://*.usemessages.com https://*.hs-banner.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.ads-twitter.com https://static.affilae.com https://static.axept.io https://tag.aticdn.net https://www.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://content.hotjar.io; style-src 'unsafe-inline' 'report-sample' 'self' https://design.axept.io https://cdn.partnerpage.io https://*.hotjar.com https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net cdn2.hubspot.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ads.linkeding.com https://static.axept.io https://campsi-eu.s3.eu-west-1.amazonaws.com https://admin.partnerpage.io https://*.ingest.sentry.io https://*.amplitude.com/ https://*.fullstory.com/ https://*.perfalytics.com https://perfalytics.com https://ekr.zdassets.com https://*.ads-twitter.com https://analytics.twitter.com https://lb.affilae.com https://*.hs-analytics.net https://*.hubapi.com https://*.hsforms.com https://*.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.hs-banner.com https://www.google.com https://googleads.g.doubleclick.net https://vc.hotjar.io https://api.axept.io https://*.hubspot.com https://js.hscta.net https://axeptiosupport.zendesk.com https://client.axept.io https://logs1412.xiti.com https://o561678.ingest.sentry.io https://pagead2.googlesyndication.com https://visits.visitor-analytics.io https://content.hotjar.io https://cdn.linkedin.oribi.io https://*.clarity.ms https://c.bing.com https://bat.bing.com; font-src 'self' data: https://design.axept.io https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://lb.affilae.com https://www.youtube.com https://s3-us-west-1.amazonaws.com https://vimeo.com https://admin.axeptio.eu https://*.hubapi.com https://*.hsforms.net https://*.hsforms.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hubspot.com https://*.hs-sites.com https://www.googletagmanager.com; img-src 'self' data: https://campsi-eu.s3.eu-west-1.amazonaws.com  https://img.youtube.com https://static.axept.io https://*.amazonaws.com/partnerpage.prod/media/ https://*.partnerpage.io https://*.clarity.ms https://c.bing.com https://*.ads-twitter.com https://ads-api.twitter.com www.googletagmanager.com https://static.affilae.com https://lb.affilae.com https://v2assets.zopim.io https://static.zdassets.com https://www.google.com https://www.google.fr www.googletagmanager.com https://*.hotjar.com https://cdn2.hubspot.net https://*.ads.linkedin.com https://www.facebook.com https://bat.bing.com https://*.gstatic.com/faviconV2 https://analytics.twitter.com https://axeptio-referrals.s3.eu-west-1.amazonaws.com https://axeptio.cdn.prismic.io https://axeptio.imgix.net https://favicons.axept.io https://images.prismic.io https://t.co https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://*.hubspot.net https://no-cache.hubspot.com https://js.hscta.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://uploads-ssl.webflow.com; manifest-src 'self'; media-src 'self'; report-uri https://64f74a7015b491ee72713009.endpoint.csper.io/?v=1; worker-src 'none'; child-src https://*.hsforms.com; 2
frame-ancestors onlineislemler.turktelekom.com.tr www.turktelekom.com.tr turktelekom.com.tr bireysel.turktelekom.com.tr kurumsal.turktelekom.com.tr corechatbotai.turktelekom.com.tr testcorechatbotai.turktelekom.com.tr 2
default-src 'self'; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.youtube.com *.wistia.net api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com *.piktochart.com *.youtu.be; report-uri https://www.euronext.com/en/report-uri/enforce; upgrade-insecure-requests 2
frame-ancestors 'self' https://*.toyota-europe.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com *.leadfamly.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 2
frame-ancestors 'self' https://cms.wellcome.org https://wt-corporated8-develop.codeenigma.net https://wt-corporated8-master.codeenigma.net; 2
frame-ancestors 'self' https://*.charlotte.edu https://*.uncc.edu https://uncc.instructure.com; frame-src 'self' comgooglemaps: gsa: https://9572357.fls.doubleclick.net https://accounts.google.com https://adservices.brandcdn.com https://airtable.com https://anchor.fm https://api.recollect.net https://apis.google.com https://app.smartsheet.com https://*.arcgis.com https://bid.g.doubleclick.net https://bot.ivy.ai https://calendar.google.com https://calendly.com https://cdnapisec.kaltura.com https://cdn.exchmapdata.com https://cdn.knightlab.com https://cdn.youvisit.com https://*.charlotte.edu https://chart-studio.plotly.com https://c.sharethis.mgr.consensu.org https://d1eoo1tco6rr5e.cloudfront.net https://datastudio.google.com https://datawrapper.dwcdn.net https://docs.google.com https://drive.google.com https://edabroad.h5p.com https://e.infogram.com https://e.issuu.com https://embed.financialaidtv.com https://embed.ocelotbot.com https://embed.podcasts.apple.com https://embed.styledcalendar.com https://*.flowpaper.com https://flowpaper.com https://*.github.io https://*.hotjar.com https://*.hotjar.io https://insight.adsrvr.org https://libraryh3lp.com https://livestream.com https://loader.webspellchecker.net https://lookerstudio.google.com https://maphub.net https://maps.google.com https://match.adsrvr.org https://mcmap.org https://m.facebook.com https://my.matterport.com https://*.netlify.app https://platform.twitter.com https://player.vimeo.com https://public.tableau.com https://pub.s10.exacttarget.com https://*.rlets.com https://*.shinyapps.io https://*.skedda.com https://*.spotify.com https://syndication.twitter.com https://t.sharethis.com https://*.uncc.edu https://uncc.financialaidtv.com https://uncc-mps-training.s3.amazonaws.com https://view-awesome-table.com https://vimeo.com https://web.facebook.com https://whova.com https://w.soundcloud.com https://ws.sharethis.com https://www.buzzsprout.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.theweather.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://youtube.com 2
default-src 'none'; form-action 'self' 'report-sample' https://phpmyadmin.adm.tools https://phpmyadmin.mysql.network https://ua.team; child-src 'self'; frame-src 'self' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://apis.google.com https://accounts.google.com https://www.google.com https://js.stripe.com https://play.google.com https://pay.google.com; script-src-attr 'report-sample' 'unsafe-inline'; script-src 'self' 'report-sample' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://js.stripe.com https://play.google.com https://pay.google.com 'unsafe-inline'; img-src 'self' 'report-sample' blob: data: https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.es https://*.google.fr https://*.google.nl https://*.google.kz https://*.google.by https://*.google.de https://*.google.pl https://*.google.ae https://*.google.md https://*.google.ca https://*.google.hu https://*.google.com.ua https://*.google.com.tr https://*.google.co.uk https://*.google.at https://*.google.az https://*.google.jo https://*.google.be https://*.google.it https://*.google.com.cy https://*.google.com.ph https://*.google.kz https://*.google.co.uz https://*.google.dk https://*.google.se https://*.googleapis.com https://analytics.google.com https://www.google-analytics.com https://cdn.adm.tools/ https://storage.adm.tools/ https://cdn.webmail.online/ https://opendata.cdn.express/ https://staff.cdn.express/ https://www.gravatar.com; connect-src 'self' 'report-sample' http://localhost:3000 ws://localhost:3000 https://socket.ua.team wss://socket.ua.team https://emi.webmail.online wss://emi.webmail.online wss://ctl.adm.tools https://tools.adm.tools wss://tools.adm.tools wss://staff.adm.tools wss://emi.adm.tools wss://cmd.adm.tools https://cmd.adm.tools wss://ssh.adm.tools https://ssh.adm.tools wss://chat.adm.tools https://chat.adm.tools https://cam.ukraine.com.ua https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools https://www.facebook.com https://accounts.google.com https://*.stripe.com https://play.google.com https://pay.google.com https://google.com https://cdn.jsdelivr.net https://*.default-host.net https://sentry.adm.tools https://cdn.adm.tools/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; media-src 'self' 'report-sample' 'unsafe-inline' blob: https://cam.ukraine.com.ua https://staff.cdn.express/ https://storage.adm.tools/; manifest-src 'self'; worker-src 'self' blob:; report-uri https://sentry.adm.tools/api/8/security/?sentry_key=05c167ddbc674f3da4da07b891f0bdec; 2
default-src 'self' *.uat.tenethealth.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com *.google-analytics.com https://syndication.twitter.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://w3.cdn.anvato.net/ https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://support.doctorpodcasting.com https://tenethealth.outgrow.us/ https://dyv6f9ner1ir9.cloudfront.net/* https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* https://tags.tiqcdn.com https://tags.tiqcdn.com/utag/tenet/main/prod/utag.js https://tags.tiqcdn.com/utui/utui.tagcompanion.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com https://optimize.google.com https://tagmanager.google.com platform.twitter.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com *.twimg.com data: blob: https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.google-analytics.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com platform.twitter.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://i.vimeocdn.com https://www.hvsh.org https://pc-hmt-collect.tealiumiq.com *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src *.marketo.com *.sitefinity.xyz *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://w3.cdn.anvato.net/ https://cdns.snacktools.net/ https://support.doctorpodcasting.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/ https://i.vimeocdn.com https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://cdnjs.cloudflare.com https://support.doctorpodcasting.com https://assets-usa.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net public-usa.mkt.dynamics.com https://pc-hmt-collect.tealiumiq.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://media.tenethealth.com https://i.vimeocdn.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com 'self' web-chat.nativechat.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com https://validate.perfdrive.com https://cdnjs.cloudflare.com https://service-prep.tenethealth.com 2
default-src 'self' https:; connect-src https: wss:; font-src 'self' https: data:; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com http://s3.amazonaws.com/ https://donorbox.org/ https://public.flourish.studio/ http://pagead2.googlesyndication.com/ https://partner.googleadservices.com/ https://adservice.google.com/ https://tpc.googlesyndication.com/ https://lawfareblog.us3.list-manage.com/ https://cdn.sajari.com/ http://cdn.sajari.com/ https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://use.typekit.net/ https://p.typekit.net/ http://cdn-images.mailchimp.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.typekit.net/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://via.placeholder.com/ http://cdn-images.mailchimp.com/ https://public.flourish.studio/ https://pagead2.googlesyndication.com/ https://lawfare-dev.idevdesign.net/ https://lawfare-qa.idevdesign.net/ https://lawfare-assets-new.azureedge.net http://lawfare-dev.idevdesign.net/ http://lawfare-qa.idevdesign.net/ https://re.sajari.com/ assets.documentcloud.org ir-na.amazon-adsystem.com lawfare.s3-us-west-2.amazonaws.com 25.media.tumblr.com assets.rappler.com azelin.files.wordpress.com b-i.forbesimg.com blogs.piie.com brightcove.vo.llnwd.net c.gigcount.com cdn.c.photoshelter.com cdn.static-economist.com cdn.theatlantic.com cdn2.i-scmp.com chertoffgroup.com clausewitzforkids.files.wordpress.com cloudfront-media.reason.com cnnphilippines.com cnponline.org d1udmfvw0p7cd2.cloudfront.net drawnward.com ecx.images-amazon.com edge.alluremedia.com.au en.dangcongsan.vn globalnation.inquirer.net graphics8.nytimes.com gunpowderandlead.org htmlimg1.scribdassets.com i.dailymail.co.uk i.ndtvimg.com i.telegraph.co.uk i1.cpcache.com i2.cdn.turner.com ichef-1.bbci.co.uk images.chinatopix.com images.en.yibada.com imgs.xkcd.com law.fordham.edu law.pepperdine.edu law.rwu.edu law.wlu.edu libertasq.files.wordpress.com media.hoover.org media.nola.com media.npr.org media.philstar.com media.wwnorton.com moritzlaw.osu.edu ngrams.googlelabs.com normanweaver.files.wordpress.com o.onionstatic.com pop.h-cdn.co s15.postimg.org s2.reutersmedia.net s3.reutersmedia.net s4.reutersmedia.net sa.kapamilya.com static.thanhniennews.com static2.businessinsider.com t1.gstatic.com thediplomat.com thumbs.media.smithsonianmag.comfiler ukcatalogue.oup.com upload.wikimedia.org veggiebunch.co.za web.law.columbia.edu ws-na.amazon-adsystem.com www.bangkokpost.com www.bloomberg.com www.brookings.edu www.channelnewsasia.com www.charliesavage.com www.dw.com www.ethanzuckerman.com www.fcps.edu www.fed-soc.org www.hrw.org www.intellectualventures.com www.journalism.org www.law.harvard.edu www.law.leeds.ac.uk www.law.pitt.edu www.law.uchicago.edu www.law.unimelb.edu.au www.lawandsecurity.org www.lawfareblog.com www.liquidplanner.com www.maritime-executive.com www.ohchr.org www.pclob.gov www.people-press.org www.postwritersgroup.com www.skatingonstilts.com www.smbc-comics.com www.straitstimes.com www.telegraph.co.uk www.theonion.com www.vermontlaw.edu www.washington.edu www.washingtoninstitute.org www.washingtonpost.com www.wired.com www.zazzle.com aoav.org.uk assets.libsyn.com chart.googleapis.com d2mxuefqeaa7sj.cloudfront.net dl.dropboxusercontent.com docs.google.com e-estonia.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com fbcdn-sphotos-h-a.akamaihd.net gallery.mailchimp.com i.guim.co.uk i0.wp.com i2.wp.com image.ibb.co images.duckduckgo.com img.washingtonpost.com immersion.media.mit.edu lawfareblog.com lh3.googleusercontent.com lh4.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com media.defense.gov media2.wnyc.org news.usni.org pbs.twimg.com politicalscience.stanford.edu prod01-cdn03.cdn.firstlook.org s.yimg.com s22.postimg.cc scontent-iad3-1.xx.fbcdn.net screenshotscdn.firefoxusercontent.com shop.americanbar.org si.wsj.net spaghettionthewallproductions.files.wordpress.com ssl.gstatic.com static01.nyt.com timedotcom.files.wordpress.com twimg0-a.akamaihd.net twitframe.com web.archive.org www.ejiltalk.org www.paypalobjects.com www.steptoecyberblog.com www.whitehouse.gov www.yahoo.com www.yapsody.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-src *; child-src 'self' https://video.ibm.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://embed.acast.com https://player.blubrry.com/ http://html5-player.libsyn.com/ https://donorbox.org/ https://flo.uri.sh/ https://www.ustream.tv/ http://www.ustream.tv/ https://www.npr.org/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/ http://jsonapi.sajari.net/ https://embed.podcasts.apple.com/ https://embed.documentcloud.org/ https://www.c-span.org/ http://c-span.org/ https://www.senate.gov/ https://senate.gov/ https://v.24liveblog.com/ http://v.24liveblog.com/ https://open.acast.com/ https://sphinx.acast.com/ https://stitcher2.acast.com/ https://securepubads.g.doubleclick.net/; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com http://www.ustream.tv/ https://www.ustream.tv/ https://www.npr.org/ https://pagead2.googlesyndication.com/ http://jsonapi.sajari.net/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.storyblok.com *.clarity.ms https://beacon-v2.helpscout.net https://connect.facebook.net/ https://googleads.g.doubleclick.net/ *.baidu.com/ *.hs-analytics.net/ *.hs-banner.com/ *.hscollectedforms.net/ *.usemessages.com/ *.hs-scripts.com/ https://mc.yandex.ru/ *.hotjar.com/ https://snap.licdn.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googleoptimize.com/optimize.js *.googletagmanager.com/ https://multilogin.postaffiliatepro.com/ 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net;object-src https://beacon-v2.helpscout.net;connect-src 'self' *.google.com *.clarity.ms *.hubspot.com https://chatapi.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://cdn.linkedin.oribi.io *.cloudfront.net *.hscollectedforms.net *.hotjar.com https://mc.yandex.ru https://mc.yandex.md *.analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hsforms.com;font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net;frame-src 'self' https://mc.yandex.md/ https://www.youtube.com https://beacon-v2.helpscout.net;img-src data: *;manifest-src 'self';media-src 'self' https://beacon-v2.helpscout.net *.storyblok.com;worker-src 'none';frame-ancestors 'self' *.storyblok.com;base-uri https://docs.helpscout.net; 2
frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co  https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/; 2
frame-ancestors 'self' *.telia.ee 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.mymercy.net *.tt.omtrdc.net *.vjs.zencdn.net *.adobedtm.com *.googleapis.com *.gstatic.com *.cloudfront.net mercyhealth.sc.omtrdc.net st1.dialogtech.com *.dialogtech.com *.demdex.net cm.everesttech.net *.mymercy.net *.mercy.net dev.day.com *.healthwise.net *.docscores.com *.google-analytics.com *.youtube.com *.zencdn.net *.selfcare.info *.ytimg.com *.boltdns.net *.alexametrics.com *.brightcove.com *.brightcove.net bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com *.2o7.net *.omtrdc.net stats.g.doubleclick.net *.googletagmanager.com *.yextpages.net *.yext-static.com *.yext-pixel.com *.flickr.com *.googleadservices.com googleads.g.doubleclick.net *.google.com bid.g.doubleclick.net *.ggpht.com *.doubleclick.net *.mouseflow.com *.adobe.com *.omniture.com *.google.ca *.cloudflare.com *.sitescdn.net *.yext.com *.pagescdn.com cyberscript.ais-rx.com *.cloudhub.io *.a2z.com *.facebook.net *.facebook.com *.evergage.com *.evgnet.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com mercyhealthcare.s3.us-west-1.amazonaws.com *.avaamo.com H1avaamo.s3.us-west-2.amazonaws.com questionnaire.canceriq.com; frame-ancestors https://*.mercy.net https://*.mymercy.net https://www.mtsmychart.com https://www.chistvincentonecare.com 2
frame-ancestors 'self' dw.beyondtrustcloud.com; 2
base-uri 'none'; child-src 'report-sample' 'self' blob: https://*.e-i.com https://td.doubleclick.net https://www.linkedin.com https://www.youtube-nocookie.com; connect-src 'report-sample' 'self' https://*.e-i.com https://cmcic.matomo.cloud https://logs1412.xiti.com https://stats.g.doubleclick.net https://zkkwkzt.pa-cd.com; default-src 'report-sample' 'self' https://*.e-i.com; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; img-src 'report-sample' 'self' blob: data: https://*.e-i.com https://conv.indeed.com/pagead/ https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com; media-src 'report-sample' 'self' blob: https://*.e-i.com; navigate-to https:; object-src 'none'; report-uri ; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://tag.aticdn.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.e-i.com 2
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp&d=2024-01-23 2
default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net https://*.googletagmanager.com; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com  https://*.googletagmanager.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.castlighthealth.com *.mapbox.com *.google-analytics.com *.adobe.com *.gstatic.com  *.googletagmanager.com *.google.com *.fontawesome.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: ajax.aspnetcdn.com www.gstatic.com s7.addthis.com assets.transparently.com ajax.googleapis.com www.google.com vjs.zencdn.net mychart.piedmont.org maps.googleapis.com ie7-js.googlecode.com apis.google.com maxcdn.bootstrapcdn.com cdn.kyruus.com z.moatads.com www.google-analytics.com siteimproveanalytics.com www.googletagmanager.com connect.facebook.net cdn.krxd.net d10lpsik1i8c69.cloudfront.net v1.addthisedge.com m.addthis.com guide.loyalhealth.com www.googleadservices.com piedmont.netmng.com secure-ds.serving-sys.com solutions.invocacdn.com *.krxd.net bs.serving-sys.com googleads.g.doubleclick.net js.adsrvr.org assets.pinterest.com log.pinterest.com *.elfsight.com code.jquery.com tagmanager.google.com bbox.blackbaudhosting.com *.wufoo.com *.invoca.net s.pinimg.com assets.sitescdn.net static.hotjar.com script.hotjar.com answers-embed.piedmont.com.pagescdn.com ads.nextdoor.com touchpoint-sdk.alida.com mychart.piedmont.org dexcareapi-piedmont.azureedge.net www.care.piedmont.org 2
default-src 'self' *.ometria.com *.6sense.com *.typeform.com *.youtube.com youtube.com *.youtube-nocookie.com *.hubspot.com *.geoplugin.net ometria.workable.com forms.hsforms.com *.hotjar.com player.vimeo.com cookie-cdn.cookiepro.com www.google.com www.google.co.uk w3.org; script-src 'self' *.typeform.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com *.facebook.net www.googleadservices.com secure.easy7bear.com s.adroll.com *.hotjar.com d.adroll.com googleads.g.doubleclick.net www.google.com www.google.co.uk cookie-cdn.cookiepro.com www.googletagmanager.com www.gstatic.com js.hsforms.net www.google-analytics.com j.6sc.co snap.licdn.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.6sense.com *.hubspot.com *.oribi.io *.hotjar.io www.google-analytics.com *.6sc.co *.hotjar.com secure.adnxs.com geolocation.onetrust.com c.6sc.co ib.adnxs.com cookie-cdn.cookiepro.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cookiepro.blob.core.windows.net; img-src https: data:; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 2
default-src 'self' *.quantummetric.com hawaiianairlinesinc.marketing.adobe.com 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src blob:; child-src blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com https://www.kayak.com/; media-src 'self' *.s-hawaiianairlines.com 2
frame-ancestors 'self' https://*.forumfree.it/ 2
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com 2
default-src 'none';img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:;style-src 'unsafe-inline' https:;font-src data: https:;frame-ancestors 'self';connect-src https: wss://supchat.politiken.supwizapp.com; media-src blob: https:;frame-src https: data: blob:;child-src https:;worker-src blob: https:;base-uri https:;form-action https: 2
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com 2
default-src 'self'; block-all-mixed-content; child-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com www.google.com; connect-src 'self' *.schiphol.nl *.digitalredesign.nl *.schiphol.dev wss://ws-eu.pusher.com api.usabilla.com app.getsentry.com sentry.io *.ingest.sentry.io *.nr-data.net d6tizftlrpuof.cloudfront.net doubleclickadexchange.net *.google-analytics.com pagead2.googlesyndication.com jy11djjhoa.execute-api.eu-west-1.amazonaws.com *.g.doubleclick.net *.tiles.mapbox.com api.mapbox.com obipubvideo.s3.eu-central-1.amazonaws.com ws-eu.pusher.com stats.pusher.com events.mapbox.com api-cdn.embed.ly chat-schipholccc.cs83.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com *.facebook.com *.appspot.com *.dynamics.com *.azureedge.net *.microsoft.com api.leadinfo.com collector.leadinfo.net consentcdn.cookiebot.com; font-src 'self' data: fonts.gstatic.com tagmanager.google.com themes.googleusercontent.com cdn.schiphol.nl fonts.googleapis.com cdn.leadinfo.net; frame-ancestors 'self' *.my.salesforce.com www.kcmsurvey.com *.schiphol.nl *.digitalredesign.nl *.schiphol.dev *.dynamics.com *.azureedge.net *.microsoft.com; frame-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com www.google.com html5-player.libsyn.com cdn.embedly.com service.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com *.my.salesforce.com www.kcmsurvey.com consentcdn.cookiebot.com customer.bookingbug.com; img-src 'self' https: data: blob: *.ctfassets.net *.nr-data.net bat.bing.com bat.r.msn.com cdncash.org d6tizftlrpuof.cloudfront.net doubleclick.net ge0ip.com ge0ip.net ge0ip.org *.doubleclick.net lancheck.net maps.googleapis.com *.schiphol.nl *.digitalredesign.nl *.schiphol.dev schiphol.mobi tagmanager.google.com takethatad.com tm.tradetracker.net ts.tradetracker.net tl.tradetracker.net w.usabilla.com *.google-analytics.com www.google.com www.google.nl www.googleadservices.com www.gstatic.com www.seebuyflyhappyhour.nl connect.facebook.net www.facebook.com s.ytimg.com lh3.googleusercontent.com ad.doubleclick.net adservice.google.com adservice.google.nl assets.libsyn.com ssl-static.libsyn.com *.content.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com opt.objectiveportal.com *.linkedin.com *.appspot.com collector.leadinfo.net cdn.leadinfo.net; manifest-src 'self' cdn.schiphol.nl; script-src 'self' data: asset: blob: 'unsafe-inline' 'unsafe-eval' *.schiphol.nl *.digitalredesign.nl *.schiphol.dev ajax.googleapis.com api.usabilla.com apps-analytics.net *.nr-data.net bat.bing.com cdn.optimizely.com cdncash.org d1fc8wv8zag5ca.cloudfront.net d6tizftlrpuof.cloudfront.net d19tqk5t6qcjac.cloudfront.net ge0ip.com ge0ip.net ge0ip.org js-agent.newrelic.com tagmanager.google.com tm.tradetracker.net w.usabilla.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com connect.facebook.net www.facebook.com *.tiles.mapbox.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net www.google.com *.dynamics.com *.azureedge.net *.microsoft.com js.pusher.com stats.pusher.com *.salesforceliveagent.com *.my.salesforce.com service.force.com ajax.cloudflare.com cdn.embedly.com chat-schipholccc.cs83.force.com static.lightning.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com consent.cookiebot.com opt.objectiveportal.com snap.licdn.com sentry.io *.sentry-cdn.com cdn.leadinfo.net consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com d6tizftlrpuof.cloudfront.net www.gstatic.com api.tiles.mapbox.com cdn.schiphol.nl cdn.embedly.com static.libsyn.com service.force.com *.my.salesforce.com chat-schipholccc.cs83.force.com schipholccc.secure.force.com schipholccc.my.salesforce.com schipholccc.my.salesforce-sites.com www.googletagmanager.com fonts.googleapis.com cdn.leadinfo.net; worker-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com *.facebook.com *.dynamics.com *.azureedge.net *.microsoft.com www.google.com 2
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2
upgrade-insecure-requests; frame-ancestors 'none' *.parchment.com; 2
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com; script-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com blob: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com polyfill.io unpkg.com storage.googleapis.com www.google-analytics.com www.snapengage.com code.jquery.com cdn.jsdelivr.net api.mapbox.com cdn.skypack.dev d3js.org cse.google.com www.google.com maps.googleapis.com; font-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com data: fonts.gstatic.com cdnjs.cloudflare.com unpkg.com; style-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com hosteduxprod.blob.core.windows.net www.google.com; img-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com https://* data:; connect-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com api.mapbox.com www.google-analytics.com cdn.jsdelivr.net www.snapengage.com ui.customsearch.ai maps.googleapis.com; frame-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com www.google.com 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; script-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com payanyway.ru https://pay.google.com https://pay.yandex.ru https://mc.yandex.ru https://api-maps.yandex.ru 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru www.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; connect-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru sbp.payanyway.ru *.payanyway.com https://mc.yandex.ru https://qr.nspk.ru ; frame-src https: sberpay: sbolpay: qr.nspk.ru ; report-uri /cspreport.htm 2
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 2
frame-ancestors https://docs.google.com https://*.googleusercontent.com; 2
frame-ancestors 'self' editor.construct.net preview.construct.net animate.construct.net; script-src construct-static.com www.construct.net www.youtube.com www.gstatic.com www.paypal.com js.braintreegateway.com www.paypalobjects.com accounts.google.com www.googletagmanager.com www.google.com apis.google.com js.stripe.com connect.facebook.net 'unsafe-inline' 'unsafe-hashes'; 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
default-src 'self' undefined https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 2
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 2
default-src 'self' *.materialdesignicons.com *.jsdelivr.net *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.talkjs.com *.googleapis.com *.3playmedia.com s3.amazonaws.com https://unpkg.com *.jsdelivr.net *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.simpli.fi www.gstatic.com *.licdn.com *.knightlab.com blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us wss://*.osa.org wss://*.talkjs.com *.talkjs.com blob:; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net blob:; object-src 'self' cdn.opticsinfobase.org cdn.materialdesignicons.com *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.brightcove.net *.cloudfront.net *.osa.org *.talkjs.com cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://titanembeds.com; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.google.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net 'self' cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'self' *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 2
frame-ancestors 'self' *.ibm.com ; child-src blob: * 2
frame-ancestors *.waves.com 2
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2
base-uri 'self'; default-src 'none'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; frame-src https:; frame-ancestors 'none'; connect-src 'self' https: blob: data: ws:; font-src 'self' data:; manifest-src 'self' 2
worker-src blob: *.uhhospitals.org; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org *.typekit.net *.uhhospitals.org *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com *.bananatag.com bananatag.com *.alpixtrack.com alpixtrack.com *.adxcel-ec2.com *.data.adxcel-ec2.com data.adxcel-ec2.com adxcel-ec2.com *.cancer.gov cancer.gov *.kramesstaywell.com kramesstaywell.com *.nextdoor.com nextdoor.com *.youtube-nocookie.com youtube-nocookie.com *.licdn.com licdn.com *.stackadapt.com stackadapt.com *.hepdata.com hepdata.com *.jsdelivr.net cdn.jsdelivr.net *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.googleoptimize.com *.domo.com domo.com *.marketingcloudapis.com marketingcloudapis.com *.epic.com *.vfpnext.com *.adobedtm.com *.adobedc.net https://adobedc.demdex.net http://edge.adobedc.net https://atlas.microsoft.com *.visualstudio.com atlas.min.js; frame-ancestors 'self' *.uhhospitals.org; 2
frame-ancestors 'self' https://*.uchealth.org 2
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https:;img-src https: data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com;style-src 'self' 'unsafe-inline' https:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io *.tinymce.com cdnjs.cloudflare.com uicdn.toast.com matchbox.hepdata.com *.technolutions.net; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; worker-src blob:; img-src 'self' https: data:; font-src 'self' https: data: 2
object-src 'none'; script-src 'unsafe-eval' https://snap.licdn.com/ https://cdn.calibermind.com/ https://a.quora.com/ https://app.cdn.lookbookhq.com/ https://connect.facebook.net/ https://ct.capterra.com/ https://ga.clearbit.com/ https://js.adsrvr.org/ https://munchkin.brightfunnel.com/ https://munchkin.marketo.net/ https://static.ads-twitter.com/ 'unsafe-inline' http://schema.org https://*.cloudfront.net/ https://*.googletagmanager.com https://a.omappapi.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://cdn.abrankings.com https://cdn.abrankings.com/ https://cdn.cookielaw.org/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdn.onesignal.com/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://code.jquery.com/ https://collector-5527.tvsquared.com/ https://fonts.googleapis.com/ https://go.sentinelone.com/ https://googleads.g.doubleclick.net/ https://j.6sc.co/ https://js.maxmind.com/ https://js.qualified.com/ https://onesignal.com/ https://pixel-geo.prfct.co/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://pt.ispot.tv/ https://pubads.g.doubleclick.net/ https://px.spiceworks.com/ https://script.hotjar.com/ https://scripts.demandbase.com/ https://sentinelone.com https://ssl.google-analytics.com https://staging.s1preview.com/ https://static.hotjar.com/ https://tag.marinsm.com/ https://ws.qualified.com/ https://www.clickcease.com/ https://www.google-analytics.com https://www.google-analytics.com/ https://www.google.com/* https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.redditstatic.com/ https://www.vantajs.com/ https://www.youtube.com/ https://yoast.com/ https://www.google.com/ https://qualified.com/ https://www.vantajs.com/ https://js.maxmind.com/ https://cdn.onesignal.com/ https://cdn.datatables.net/ https://platform-api.sharethis.com/ https://yoast.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://js-agent.newrelic.com/ https://www.sentinelone.com/ https://boards.greenhouse.io/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://bam.nr-data.net/ https://cdn.linkedin.oribi.io/ https://fr.sentinelone.com/ https://it.sentinelone.com/ https://jp.sentinelone.com/ https://de.sentinelone.com/ https://it.sentinelone.com/ https://es.sentinelone.com/ https://nl.sentinelone.com/ https://kr.sentinelone.com/ https://www.google.it/ https://www.google.co.jp/ https://www.google.de/ https://ar.sentinelone.com/ https://www.google.es/ https://www.google.fr/ https://www.google.nl/ https://sonix.ai https://bam.nr-data.net/ https://docs.google.com/ https://apis.google.com/js/api.js/ https://accounts.google.com/ https://*.googleapis.com *.google.com https://*.gstatic.com https://sheets.googleapis.com/ https://tags.srv.stackadapt.com/events.js https://js.storylane.io/ https://qvdt3feo.com/ https://javascript.heeet.io/ https://api.brightfunnel.com; frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://appassets.mvtdev.com/mobile/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob:;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://timetables-embed.nxbus.co.uk https://www.nationalexpress.com https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com;frame-ancestors 'self' https://www.facebook.com 2
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://assets.adobedtm.com https://*.google-analytics.com https://*.serving-sys.com https://player.vimeo.com https://www.googletagmanager.com https://*.g.doubleclick.net https://dc.ads.linkedin.com https://connect.facebook.net https://www.facebook.com  https://www.google.it https://www.google.com https://luxottica.122.2o7.net https://*.linkedin.com https://explore.eyemed.com https://p.adsymptotic.com https://s3-us-west-2.amazonaws.com  https://ajax.googleapis.com https://preview.luxotticaeyecare.luxottica.com https://www.youtube.com https://code.jquery.com https://cdnjs.cloudflare.com https://fast.wistia.net https://eyemed.com https://vimeo.com https://soundcloud.com https://docs.google.com https://up.pixel.ad https://*.basis.net https://*.sitescout.com https://*.doubleclick.net https://region1.analytics.google.com https://*.clarip.com ; 2
default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com *.google.fr *.google.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.facebook.com *.sc-static.net snap.licdn.com insight.adsrvr.org googleads.g.doubleclick.net www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app https://ecb.qualquantsignals.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://ecb.qualquantsignals.com; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/ https://www.googletagmanager.com/ https://orano.kantree.io/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ga.jspm.io/npm:es-module-shims@1.7.1/dist/es-module-shims.js https://kit.fontawesome.com/ https://kit.fontawesome.com/29b2028b7f.js https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js *.swmed.edu *.utsouthwestern.edu https://tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js *.taggbox.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://w.soundcloud.com/player/api.js https://siteimproveanalytics.com/js/siteanalyze_67564.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://utsw.flintbox.com/embed.js https://utsw.flintbox.com/assets/iframe-container-5933c9a9de9740bee358da320c7bf82406da2e2f6e93843b06b4514c2030dfd9.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.swmed.edu *.utsouthwestern.edu https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://lm.serving-sys.com *.taggbox.com *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://listgrowth.ctctcdn.com/v1/5626582cad2b3868b069a1d065b39fd3.json https://visitor2.constantcontact.com/api/v1/signup_forms/ https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.swmed.edu https://app.powerbi.com/ *.utsouthwestern.edu https://app.truelook.com/ https://utsw.flintbox.com/ https://td.doubleclick.net *.taggbox.com https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2
frame-ancestors 'self' *.hivelocity.net 2
report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com pixel.mathtag.com n26.go2cloud.org tr.snapchat.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * fonts.googleapis.com https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' fonts.googleapis.com tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors 'self' *.n26.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://*.clean.gg https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 2
style-src 'self' https: 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com cdn.jsdelivr.net www.googletagmanager.com https://www.netsurion.com; img-src 'self' https: data: https://bat.bing.com https://clients1.google.com https://px.ads.linkedin.com https://tribl.io https://www.google-analytics.com https://www.google.com https://www.netsurion.com;  script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.netsurion.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.calendly.com https://www.google.com https://cse.google.com  https://clients1.google.com https://www.googletagmanager.com https://googletagmanager.com   https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com/ https://ssl.google-analytics.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://apis.google.com  https://www.recaptcha.net https://recaptcha.net  https://www.gstatic.cn/recaptcha/  https://www.google.com/recaptcha/ https://www.gstatic.com https://snap.licdn.com https://bat.bing.com https://ajax.googleapis.com   https://ws.zoominfo.com  https://www.netsurion.com https://www.google.co.uk https://www.google.nl https://www.google.de https://www.google.fr https://www.google.co.in https://www.google.pl  https://www.google.com.au  https://www.google.co.id https://www.google.it https://www.google.co.il  https://www.google.com.ph https://www.google.ie   https://www.google.be https://www.google.ru  https://www.google.se  https://www.google.co.nz  https://www.google.com.co  https://www.google.com.mx https://www.google.pt https://www.google.co.th  https://www.google.com.ng https://www.google.ca  https://www.google.es  https://www.google.no https://www.google.dk  https://www.google.com.bd https://www.google.ch  https://www.google.com.my https://www.google.co.za  https://www.google.cz https://www.google.com.pk https://www.google.co.ma https://www.google.si https://www.google.com.tr https://www.google.com.tw https://www.google.com.br https://www.google.bg https://www.google.co.kr https://www.google.com.ua https://www.google.co.cr https://www.google.com.pe https://www.google.fi https://www.google.lt https://www.google.ge https://www.google.com.ar https://www.google.com.pr https://www.google.com.sg https://www.google.gr https://www.google.lk https://www.google.co.jp https://www.google.ae https://www.google.com.eg https://www.google.com.sa https://www.google.com.do https://www.google.com.pa https://www.google.ro https://www.google.hu https://www.google.cl https://www.google.hr  https://www.google.lv https://www.google.at https://www.google.com.ec https://www.google.com.vn https://www.google.cn https://www.google.com.hk https://www.google.rs https://www.google.com.cy https://www.google.al https://www.google.com.py https://www.google.co.ke https://www.google.ee https://www.google.com.sv https://www.google.com.np https://www.google.co.ug https://www.google.kz  https://www.google.com.jm   https://www.google.lu  https://www.google.mu https://www.google.com.kw https://www.google.iq https://www.google.com.gh  https://www.google.by  https://www.google.mk  https://www.google.co.mz https://www.google.com.uy https://www.google.sk https://www.google.md https://www.google.hn https://www.google.jo https://www.google.dz https://www.google.com.et https://www.google.am  https://www.google.co.ve https://tribl.io https://scout-cdn.salesloft.com www.google.com/jsapi https://partner.googleadservices.com/gampad/cookie.js https://tags.clickagy.com/data.js https://pi.pardot.com https://info.netsurion.com https://j.6sc.co/6si.min.js;  connect-src 'self' https://px.ads.linkedin.com/wa/ https://csp.withgoogle.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com  https://adservice.google.com/ https://analytics.google.com/ https://www.netsurion.com https://scout.salesloft.com/ https://cdn.linkedin.oribi.io/ https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://ipv6.6sc.co/;   frame-src 'self' blob: https://www.netsurion.com/latest-news https://www.netsurion.com/latest-news/news https://www.google.com/recaptcha/ https://cse.google.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net  https://www.youtube.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://cdn.embedly.com/ https://tribl.io  https://www.netsurion.com/ https://info.netsurion.com/ https://td.doubleclick.net/;  child-src https://www.googletagmanager.com/ns.html; object-src 'none';   base-uri 'self';  manifest-src 'self';   media-src 'self' https://www.netsurion.com; worker-src 'none';form-action 'self' https://www.netsurion.com/assessments/gap-analysis https://www.netsurion.com/campaigns/ppc-gap-analysis https://www.netsurion.com/campaigns/cmit-gap-analysis; 2
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io; default-src 'none'; font-src static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 2
default-src 'none'; media-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.cookielaw.org static.cloudflareinsights.com www.googletagmanager.com hotjar.com static.hotjar.com script.hotjar.com ajax.cloudflare.com static.amondo.com embed.tawk.to mediacentre.eurovision.tv mcs-va.tiktok.com sf16-website-login.neutral.ttwstatic.com https://cdn.iframe.ly https://cdnjs.cloudflare.com 2
frame-ancestors 'self' *.optimizely.com 2
default-src 'self'; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' staticcontents.investis.com 77d8e64489354683a242e226ad9ed96b.svc.dynamics.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net staticzone.idigitalcontents.com viz.tools.investis.com form.typeform.com matt317952.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net embed.typeform.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' mktdplp102cdn.azureedge.net staticcontents.investis.com js-agent.newrelic.com otp.tools.investis.com staticzone.idigitalcontents.com viz.tools.investis.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com embed.typeform.com; media-src 'self' *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net viz.tools.investis.com; connect-src 'self' *.linkedin.com px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io bam.eu01.nr-data.net *.googlesyndication.com *.analytics.google.com *.google.com *.google-analytics.com www.google.co.in analytics.google.com www.facebook.com/tr/ in.hotjar.com staticzone.idigitalcontents.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 2
base-uri 'none'; report-uri /security/csp-report/; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' platform.twitter.com twittercommunity.com cdn.syndication.twimg.com *.sharethis.com matomo.ecritel.net bb01-xperf.cshield.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.deportes13.cl https://*.13.cl https://*.t13.cl 2
frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' perf-na1.hsforms.com td.doubleclick.net pagead2.googlesyndication.com app.qualified.com wss://ws.qualified.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com slideshare.net youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com 2
object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://securegw.paytm.in/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/; 2
frame-ancestors 'self' *.kanopy.com 2
frame-ancestors 'self' https://*.forumcommunity.net/ 2
default-src 'self' 'unsafe-inline'; frame-ancestors 'none';object-src 'none'; 2
frame-ancestors 'self' https://*.swansea.ac.uk https://*.swan.ac.uk https://app.myday.cloud myday://app.myday.cloud https://swanseauni.myday.cloud https://swansea-uk.libwizard.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 2
frame-ancestors 'self' https://tryamp.msiteproject.com https://your-domain.cdn.ampproject.org https://your-domain.amp.cloudflare.com https://cdn.ampproject.org https://mytaj.tajhotels.com/ https://uatmytaj.tajhotels.com/ https://author-taj-prod65a.adobecqms.net/ https://honohr.com/ https://uat.honohr.com/ https://mytajsats.honohr.com/ 2
frame-ancestors 'self' https://*.ecplaza.net; 2
frame-ancestors 'self' https://tt.payloadcms.app; font-src https://discover.teamtailor.com https://www.teamtailor.com https://web.teamtailor.com https://fonts.intercomcdn.com *.netlify.app; 2
default-src 'self' https://cdn.zp.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.zarplata.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru googleads.g.doubleclick.net *.gstatic.com https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://stats.seedr.com https.www.googleadservices.com https://hhcdn.ru https://hhcdn.ru https://*.hhcdn.ru https://*.hhcdn.ru https://hh.ru https://img.hhcdn.ru https://feedback.hh.ru data: https://i.giphy.com https://media.giphy.com  https://ad.adriver.ru https://connect.facebook.net https://analytics.google.com https://www.googletagmanager.com https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com https://statad.ru/pixel.gif  https://gum.criteo.com  https://www.journal.zarplata.ru https://*.adfox.ru https://yandex.ru/ https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://*.pyn.ru https://*.hh.ru https://p.adsymptotic.com https://px.ads.linkedin.com https://statsb.nativeroll.tv https://statsa.nativeroll.tv https://*.yandex.ru avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net https://static.zdassets.com  https://stats.seedr.com ; child-src 'self' *.zarplata.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://optimize.google.com https://yandex.ru https://yastatic.net https://www.youtube.com https://reklama.zp.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://*.adfox.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://cdn01.nativeroll.tv  https://www.google.com/recaptcha/ https://*.fls.doubleclick.net; style-src 'self' https://optimize.google.com https://feedback.hh.ru 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.zp.ru; script-src 'self' https://snap.licdn.com https://apis.google.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.googleadservices.com https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.zp.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net https://statad.ru/tracker.js https://feedback.hh.ru https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com https://*.adfox.ru https://code.createjs.com https://yandex.ru/ads/system/context.js https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.facebook.net https://*.facebook.com https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com https://*.maps.yandex.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' yastatic.net data: https://*.adfox.ru https://fonts.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src 'self' https://sgtm.zarplata.com https://hashproof.zp.ru https://analytics.google.com https://*.zp.ru https://*.zarplata.ru https://sentry.zp.ru https://*.zarplata.ru https://top-fwz1.mail.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://vk.com/rtrg  'self' https://zarplata.ghost.io https://*.adfox.ru https://api.rabota.ru https://yandex.ru https://stats.g.doubleclick.net https://*.facebook.com https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com https://*.pyn.ru https://*.hh.ru https://api.zarplata.ru https://hr.zarplata.ru https://*.yandex.ru yandex.st yastatic.net  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/; report-uri https://portlandgov.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js accounts.google.com *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.kaltura.com *.wistia.com fast.wistia.com *.wistia.co *.pardot.com *.cloudflare.com *.litix.io *.mktoresp.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.akamaihd.net *.googletagmanager.com *.demandbase.com siteimproveanalytics.com my.hellobar.com snap.licdn.com bat.bing.com *.googleadservices.com *.snapengage.com *.doubleclick.net *.healthstream.com *.crazyegg.com *.driftt.com consent.cookiebot.com consentcdn.cookiebot.com *.zoominfo.com *.clarity.ms www.redditstatic.com www.clickcease.com *.ceros.com sc.lfeeder.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org scout-cdn.salesloft.com https://dec.azureedge.net web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.falcon-software.com *.crazyegg.com www.googletagmanager.com 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.kaltura.com *.wistia.com *.wistia.co *.litix.io *.mktoresp.com *.akamaihd.net bat.bing.com segments.company-target.com id.rlcdn.com px.ads.linkedin.com match.prod.bidr.io *.global.siteimproveanalytics.io *.google.ca *.google.com *.adsymptotic.com *.crazyegg.com https://embedwistia-a.akamaihd.net *.ads.linkedin.com *.clarity.ms c.bing.com alb.reddit.com hi.hellobar.com my.hellobar.com aorta.clickagy.com tr-rc.lfeeder.com www.googletagmanager.com 'self' https://delicious.com https://dec.azureedge.net *.eloqua.com track.hubspot.com imgsct.cookiebot.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.kaltura.com *.wistia.com *.wistia.co *.falcon-software.com hs.healthstream.com go.pardot.com; frame-src *.kaltura.com *.wistia.com fast.wistia.com *.wistia.co *.akamaihd.net *.pardot.com *.healthstream.com *.litix.io *.mktoresp.com *.doubleclick.net data: teamampt.amptnow.com *.google.com *.crazyegg.com *.facebook.com *.driftt.com/ consentcdn.cookiebot.com https://www.youtube.com *.ceros.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com *.kaltura.com *.wistia.com *.wistia.co *.litix.io *.akamaihd.net *.google-analytics.com www.google.com *.doubleclick.net *.crazyegg.com hs.healthstream.com go.pardot.com consentcdn.cookiebot.com *.clarity.ms cdn.linkedin.oribi.io ws.zoominfo.com analytics.google.com pagead2.googlesyndication.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com px.ads.linkedin.com scout.salesloft.com; media-src 'self' data: blob: *.wistia.com https://embedwistia-a.akamaihd.net *.youtube.com *.wistia.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.kaltura.com *.wistia.com *.wistia.co *.falcon.local *.litix.io *.mktoresp.com *.akamaihd.net blob: 'self' web-chat.nativechat.com; form-action 'self' healthstream--hstm.my.salesforce.com webto.salesforce.com *.facebook.com; frame-ancestors 'self' 2
frame-ancestors https://app.contentful.com 'self' 2
frame-ancestors 'self' https://translate.google.com https://electrolux.registria.com https://app.optimizely.com ; object-src 'self'  https://*.electroluxmedia.com; report-uri /CSP-report; 2
style-src 'self' 'unsafe-inline' api-maps.yandex.ru fonts.googleapis.com www.youtube.com broker-vb-temp.halykbank.kz; 2
default-src 'self' blob: https: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *;style-src 'self' 'unsafe-inline' https://secure.bngpaymentgateway.com/token/ ;img-src 'self' https://walkme.psa.datto.com/Images/ https://walkme.psa.datto.com/prod/player/ https://walkme.psa.datto.com/prod/qaPrevious/player/ https://s3.walkmeusercontent.com https://*.walkme.com https://k1-west-us-storage-prod.azureedge.net/launcher/ https://k1-storage-csi.azureedge.net/ https://k1-storage-csi-qa.azureedge.net/ https://k1-storage-dev.azureedge.net/launcher/  data: https://www.datto.com/img/  2
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com js-cdn.dynatrace.com static.lightning.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com secure.force.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.doubleclick.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://bf51204epo.bf.dynatrace.com/bf eu36.salesforce.com int-crm.my.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com service.force.com *.salesforceliveagent.com *.googleapis.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.google.com *.doubleclick.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com static.lightning.force.com secure.force.com *.salesforceliveagent.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com *.gstatic.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://external-content.aldi-sued.de eu36.salesforce.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com hofer.force.com *.salesforce-sites.com *.salesforce.com *.googletagmanager.com *.bing.com *.adsrvr.org; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com https://aldigo.aldi-sued.de https://virtueller-rundgang.aldi-sued.de 2
default-src 'none';  script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net connect.facebook.net;  style-src 'self' 'unsafe-inline' cdn.yellowmap.de;  connect-src 'self' *.sparkasse.de autocomplete.smartmaps.cloud events.flagship.io *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.sparkassen-finanzportal.de eu-api.friendlycaptcha.eu www.facebook.com;  img-src data: 'self' 'unsafe-inline' i.ytimg.com map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.sparkasse.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com www.google.com www.google.de api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com *.doubleclick.net images.podigee-cdn.net feeds.sparkassen-finanzportal.de events.flagship.io www.facebook.com;  media-src api.sparkassen-mediacenter.de kvp-skmc.dbc-gmbh.com youtu.be www.youtube.com;  frame-src data: 'self' cdn.trustcommander.net widget.civey.com sparkasse.linda-chatbot.de www.youtube.com player.podigee-cdn.net stage-if-egs.s-communication.de if-egs.s-communication.de;  font-src 'self' webfonts.sparkasse.de cdn.yellowmap.de;  object-src 'self';  manifest-src 'self';  worker-src 'self' blob:; 2
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.dvic-banner-svc-wdw.wdprapps.disney.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; connect-src * blob: 'self' *.disney.com *.go.com *.demdex.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 2
default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com 'unsafe-inline'; frame-ancestors 'none'; frame-src play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com *.google.com pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com; connect-src 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://www.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.advantshop.net *.advantshop.by *.advantshop.com *.advantshop.kz *.advstatic.ru  *.advant.shop www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net apis.google.com vk.com www.facebook.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com counter.rambler.ru cdn.jsdelivr.net ymetrica.com mc.yandex.ru yastatic.net api-maps.yandex.ru top-fwz1.mail.ru counter.yadro.ru top-abd.mail.ru *.jivosite.com *.chat2desk.com static.woopra.com www.woopra.com dadata.ru advantshop.disqus.com www.googletagmanager.com tagmanager.google.com ajax.googleapis.com advantschool.ru data:; 2
frame-ancestors 'self' login.microsoftonline.com teams.microsoft.com *.teams.microsoft.com 2
report-uri https://www.barmer.de/report; frame-ancestors 'self' https://lernen.barmer.de 2
block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 2
frame-ancestors 'self' https://*.particle.io http://particle.lookbookhq.com https://particle.lookbookhq.com http://particle.pathfactory.com https://particle.pathfactory.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com http://visit.smartjailmail.com https://visit.smartjailmail.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://www.gstatic.com https://sjm-photos.s3.amazonaws.com; report-uri https://smart.report-uri.io/r/default/csp/enforce; 2
default-src 'self' style-src 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com https://s.ytimg.com https://plausible.io; img-src 'self' data: https://cdn.prgloo.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com https://img.youtube.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com; object-src 'self'; report-uri /service/csp; 2
frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src *; 2
frame-ancestors 'none'; report-uri https://prod-plk-csp-service.rbictg.com/csp; report-to csp-endpoint 2
frame-ancestors 'self'  app.pendo.io https://datamma.guides.nelnet.com 2
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 2
default-src 'self' osbasahpublisher-ac-europewest3.lfr.cloud ; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.ipredictive.com *.datadoghq-browser-agent.com *.hubspot.com s.yimg.jp analytics-js-cdn.liferay.com *.monsido.com  ce.lijit.com *.clarity.ms view.ceros.com mc.yandex.ru www.gstatic.com www.google.com www.otis.com geolocation.onetrust.com googleads.g.doubleclick.net heyotis.appspot.com js.hsforms.net  *.opendns.com survey.survicate.com forms.hsforms.com fm.ipinyou.com stats.ipinyou.com www2-heyotis.snapengage.com stm-cdn.cn.miaozhen.com www.googleadservices.com console.e-bot7.de fm.ipinyou.com surveys-static.survicate.com www.googletagmanager.com cdn.cookielaw.org bat.bing.com omuscmslfrpcdn03.azureedge.net storage.googleapis.com bat.bing.com connect.facebook.net heyotis.appspot.com j.6sc.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net omuscmslfrpcdn03.azureedge.net secure.loki8lave.com snap.licdn.com storage.googleapis.com www.google-analytics.com hm.baidu.com mc.yandex.ru ; style-src 'self' 'unsafe-inline' *.survicate.com www.google.com www.otis.com fonts.googleapis.com omuscmslfrpcdn03.azureedge.net; object-src 'none'; base-uri 'self'; connect-src 'self' rum.browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.hubspot.com osbasahpublisher-ac-europewest3.lfr.cloud cdn.linkedin.oribi.io idx.liadm.com surveys-static.survicate.com analytics.google.com *.clarity.ms geolocation.onetrust.com www.clarity.ms b.clarity.ms f.clarity.ms mc.yandex.ru console.e-bot7.de www.google.com www.facebook.com omuscmslfrpcdn03.azureedge.net www2-heyotis.snapengage.com privacyportal.onetrust.com www.otis.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com heyotis.appspot.com stm-collect.cn.miaozhen.com c.6sc.co  respondent.survicate.com cdn.cookielaw.org api.hubapi.com bat.bing.com forms.hubspot.com secure.adnxs.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' data: www.google.com www.otis.com *.survicate.com omuscmslfrpcdn03.azureedge.net fonts.gstatic.com; frame-src  'self' ad.ipredictive.com forms.office.com service.otiselevator.com view.ceros.com mc.yandex.md players.brightcove.net console.e-bot7.de js.hsforms.net www.facebook.com www.google.com www.gstatic.com www.otis.com forms.hsforms.com 9915888.fls.doubleclick.net 9915888.fls.doubleclick.net; img-src 'self' https: http: data: ; media-src 'self' www2-heyotis.snapengage.com www.google.com www.otis.com heyotis.appspot.com omuscmslfrpcdn03.azureedge.net ; worker-src 'self' blob: www.otis.com; 2
font-src 'self' data: https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.cipd.org https://*.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com https://p.typekit.net https://use.typekit.net https://web-sdk-eu.aptrinsic.com; style-src https://*.cipd.org https://*.hotjar.com https://*.typekit.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.collect.igodigital.com https://*.googletagmanager.com https://*.hotjar.com https://*.infogram.com https://*.onetrust.com https://*.youtube.com https://7227074.collect.igodigital.com https://auth.cipd.co.uk https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://connect.facebook.net https://e.infogram.com https://infogram.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://metrics.responsetap.com https://s3.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://static-ssl.responsetap.com https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zingtree.com; style-src-attr 'unsafe-inline'; frame-src 'self' https://*.siteimprove.com https://e.infogram.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://zingtree.com; img-src 'self' data: https://*.ads.linkedin.com https://*.cipd.co.uk https://*.cipd.org https://*.facebook.net https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.hotjar.com https://*.linkedin.com https://cdn-ukwest.onetrust.com https://i.ytimg.com https://nova.collect.igodigital.com https://px.ads.linkedin.com https://region1.google-analytics.com https://www.google.co.uk https://www.googletagmanager.com; connect-src 'self' https://*.ads.linkedin.com https://*.cipd.co.uk https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.services.visualstudio.com https://*.siteimprove.com https://cdn-ukwest.onetrust.com https://cdn.linkedin.oribi.io https://esp-eu.aptrinsic.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net wss://*.hotjar.com; default-src 'self' 'unsafe-eval' https://*.cipd.co.uk https://*.cipd.org https://auth.cipd.co.uk https://p.typekit.net https://use.typekit.net; form-action 'self'; script-src 'self' 'unsafe-eval' https://*.hotjar.com https://*.infogram.com; script-src-attr 'unsafe-eval'; 2
frame-ancestors 'self' https://microapps.google.com https://workspace.hansel.io https://www.atlasobscura.com https://www.flyertalk.com https://www.smartertravel.com https://www.afar.com https://roadtrippers.com https://matadornetwork.com https://www.cloudsdeal.com https://www.top10coupons.in https://www.oyoos.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=undefined&dd-evp-origin=content-security-policy&ddsource=csp-report 2
style-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; frame-ancestors 'self' https://dev.vatrix.eu; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline' 2
img-src 'self' *.google-analytics.com img.youtube.com *.s3waas.gov.in secure.gravatar.com *.twimg.com *.twitter.com data:;connect-src 'self' *.s3waas.gov.in *.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.google.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 2
frame-ancestors https://*.randstad.es; 2
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; worker-src blob: https:; connect-src ws: wss: https:; 2
frame-ancestors 'self' https://samsungfood.kinsta.cloud 2
base-uri 'self'; style-src 'self' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com *.twimg.com fonts.googleapis.com gateway.foresee.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com *.dignityhealth.org *.evaliahealth.com *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.mktoutil.com *.recaptcha.net/recaptcha/ *.recaptcha.net/recaptcha/ *.youtube.com ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.jsdelivr.net/npm/twemoji@13 cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com dignityhealth.hrm.healthgrades.com experience.adobe.com gateway.foresee.com google-analytics.com googleads.g.doubleclick.net hipaa.jotform.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com platform.twitter.com s.yimg.com solutions.invocacdn.com support.doctorpodcasting.com/widget/easyXDM.js tags.tiqcdn.com tags.tiqcdn.com twemoji.maxcdn.com unpkg.com use.typekit.net www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com calendar.google.com commonspirit.demdex.net dignityhealth.hrm.healthgrades.com docasap.com identityspa.dignityhealth.org support.doctorpodcasting.com www.cognitoforms.com www.google.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.stackadapt.com *.twimg.com *.vimeocdn.com *.youtube.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org qvdt3feo.com s3.amazonaws.com s3.amazonaws.com/assets.gyant.com/ twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com api.ipify.org app-w2-owrapi-prd.azurewebsites.net bam-cell.nr-data.net bam.nr-data.net commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com pnapi.invoca.net readaloud.googleapis.com s.yimg.com s3.amazonaws.com/assets.gyant.com/ translate.googleapis.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org analytics.foresee.com commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.gstatic.com *.slant.co cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net; 2
frame-ancestors http://www.ironplanet.com https://www.ironplanet.com 2
default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com.au; connect-src 'self' blob: https://*.adyen.com https://*.akamaihd.net https://*.braintreegateway.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.tiktok.com https://app.vwo.com https://bat.bing.com https://payments.braintree-api.com https://pixel.tapad.com https://sink.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google-analytics.com; form-action 'self' https://*.stan.com.au https://www.facebook.com https://checkoutshopper-live-au.adyen.com; font-src 'self' data: https://www.stan.com.au; frame-src 'self' https://*.amazon-adsystem.com https://*.doubleclick.net https://*.paypal.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://apps.rokt.com https://checkoutshopper-live-au.adyen.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://platform.twitter.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' blob: data: https://*.adyen.com https://*.akamaihd.net https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com.au https://*.google.com https://*.paypal.com https://*.stan.com.au https://*.visualwebsiteoptimizer.com https://alb.reddit.com https://analytics.twitter.com https://app.vwo.com https://chart.googleapis.com https://i.ytimg.com https://t.co https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.clarity.ms https://*.doubleclick.net https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.tiktok.com https://analytics.twitter.com https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://js.adsrvr.org https://redditstatic.s3.amazonaws.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 2
frame-ancestors 'self' https://top.gg 2
default-src 'self' fl.ru *.fl.ru flstatic-a.akamaihd.net *.facebook.com client.getinchat.com *.jivosite.com *.mail.ru *.yandex.ru *.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru flstatic-a.akamaihd.net *.acstat.com client.getinchat.com cityadstrack.com www.cityadstrack.com artfut.com www.artut.com cdn.userecho.com connect.facebook.net *.adriver.ru counter.rambler.ru *.newrelic.com *.nr-data.net mc.yandex.ru *.doubleclick.net *.criteo.com *.criteo.net *.mail.ru pagead2.googlesyndication.com tpc.googlesyndication.com *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com adservice.google.com adservice.google.ru adservice.google.com.ua *.tns-counter.ru x.cnt.my d31j93rd8oukbv.cloudfront.net *.jivosite.com; img-src data: blob: *; media-src *.fl.ru *.usedesk.ru flstatic-a.akamaihd.net *.carrotquest.app *.jivosite.com; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru flstatic-a.akamaihd.net client.getinchat.com fonts.googleapis.com *.jivosite.com; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru web.kyc.dev.homeoperator.net kyc-web.beorg.ru flstatic-a.akamaihd.net *.hcaptcha.com *.soundcloud.com fl.userecho.com *.sumsub.com *.cyberity.ru direct.yandex.ru mc.yandex.ru *.yandex.md yastatic.net *.typeform.com client.getinchat.com *.criteo.com *.criteo.net *.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com *.adriver.ru *.doubleclick.net *.google.com *.google.ru *.indeed.com onesignal.com rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru flstatic-a.akamaihd.net; connect-src 'self' *.fl.ru fl.ru fl.ru:* *.fl.ru:* ws://fl.ru:* wss://fl.ru:* ws://*.fl.ru:* wss://*.fl.ru:* ws://*.usedesk.ru *.usedesk.ru *.hcaptcha.com err.t8h.io *.popmechanic.ru api.mindbox.ru *.ingest.sentry.io *.topmind.io *.mradx.net *.mail.ru vk.com *.vk.com ads.betweendigital.com *.bidvol.com *.buzzoola.com *.google.com *.adriver.ru *.advcake.com *.acstat.com flstatic-a.akamaihd.net *.doubleclick.net *.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com *.google-analytics.com *.mail.ru client.getinchat.com *.jivosite.com *.yandex.ru yandex.ru ymetrica1.com wss://*.jivosite.com ws://*.carrotquest.app *.carrottrack.app *.carrotquest.app *.carrotquest.io *.nr-data.net; report-uri https://flru.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.youtube.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com; 2
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.ovp.kaltura.com *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bundeswehr.de/report-uri/ 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.czater.pl https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com *.audiencemanager.de cdn.matomo.cloud widget.spreaker.com eqy.link js.hs-scripts.com stats.webleads-tracker.com get.smart-data-systems.com serve.albacross.com f.vimeocdn.com www.linkedin.com *.serving-sys.com *.lfeeder.com secure-ds.serving-sys.com static.ads-twitter.com *.clarity.ms *.google.com https://*.gstatic.com *.twitter.com s.ytimg.com www.youtube.com *.googletagmanager.com https://optimize.google.com https://www.googleanalytics.com https://*.google-analytics.com https://www.googleoptimize.com https://*.googleapis.com https://*.ggpht.com *.googleusercontent.com connect.facebook.net marketing-comarch.pl *.hotjar.com snap.licdn.com lftracker.leadfeeder.com *.livechatinc.com widget.contactleader.pl *.googleadservices.com www.catvertiser.com track.adform.net *.comarch.com *.mautic.krakow.comarch assets.livecall.io googleads.g.doubleclick.net *.outbrain.com *.bing.com; connect-src 'self' wss://s4.czater.pl wss://s3.czater.pl wss://s2.czater.pl wss://s1.czater.pl https://cdn.linkedin.oribi.io https://*.linkedin.com https://forms.hubspot.com widget.contactleader.pl comarch.matomo.cloud new-collect.albacross.com stats.webleads-tracker.com bat.bing.com lm.serving-sys.com secure-ds.serving-sys.com *.clarity.ms *.comarch.fr *.comarch.com *.comarch.pl *.comarch.de *.comarch.be *.comarch.it *.comarch.es *.comarch.com.br *.comarch.ru *.comarch.jp wss://*.hotjar.com/api/v2/client/ws *.hotjar.com noembed.com cdn.plyr.io *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.mautic.krakow.comarch *.g.doubleclick.net www.google.pl www.facebook.com marketing-comarch.pl *.livecall.io maps.googleapis.com *.hotjar.com *.hotjar.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; img-src 'self' https://forms.hsforms.com https://track.hubspot.com https://optimize.google.com https://analytics.twitter.com widget.contactleader.pl assets.livecall.io *.doubleclick.net new-collect.albacross.com *.google.com t.co *.lfeeder.com *.clarity.ms www.linkedin.com *.outbrain.com *.bing.com i.ytimg.com https://*.google-analytics.com *.analytics.google.com *.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com www.facebook.com *.hotjar.com data: *.comarch.fr *.comarch.com *.comarch.pl *.comarch.de *.comarch.be *.comarch.it *.comarch.es *.comarch.com.br *.comarch.ru *.comarch.jp www.google.com px.ads.linkedin.com www.google.pl marketing-comarch.pl *.googletagmanager.com *.googleusercontent.com; media-src 'self' widget.contactleader.pl assets.livecall.io www.google.com; style-src 'self' 'unsafe-inline' https://www.czater.pl https://optimize.google.com https://fonts.googleapis.com widget.contactleader.pl marketing-comarch.pl fonts.googleapis.com/css assets.livecall.io; font-src 'self' https://fonts.gstatic.com *.hotjar.com; frame-src 'self' https://www.czater.pl https://optimize.google.com widget.contactleader.pl secure.livechatinc.com *.audiencemanager.de www.youtube-nocookie.com *.doubleclick.net *.comarch.com *.comarch.pl *.google.com www.youtube.com open.spotify.com *.facebook.com *.hotjar.com www.linkedin.com; manifest-src 'self' 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; font-src 'self' data:  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; connect-src 'self'  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184; object-src data:  *.adform.net *.ads-twitter.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.0.184 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' tracking.netmind-cloud.com *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.start.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 2
script-src 'unsafe-inline' 'unsafe-eval' *.azblue.com azblue.com *.siteimproveanalytics.com siteimproveanalytics.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.formstack.com formstack.com *.google-analytics.com google-analytics.com googletagmanager.com *.googletagmanager.com ajax.googleapis.com http://ajax.googleapis.com *.ajax.googleapis.com vercel.live *.vercel.live gateway.id.swg.umbrella.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com netreturns.biz *.netreturns.biz player.vimeo.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com static.cloudflareinsights.com connect.facebook.net *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com; style-src 'unsafe-inline' fonts.googleapis.com *.fonts.googleapis.com *.azblue.com azblue.com *.formstack.com formstack.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com; img-src data: *.azblue.com azblue.com assets.azblue.com *.assets.azblue.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.siteimproveanalytics.io siteimproveanalytics.io google.com *.google.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ytimg.com *.vimeocdn.com gateway.id.swg.umbrella.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.my.salesforce-sites.com; font-src data: *.azblue.com azblue.com assets.azblue.com fonts.googleapis.com fonts.gstatic.com *.formstack.com formstack.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com; connect-src *.azblue.com azblue.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.google-analytics.com google-analytics.com *.doubleclick.net doubleclick.net *.siteimproveanalytics.io siteimproveanalytics.io *.cloudflare.com cloudflare.com *.coveo.com coveo.com analytics.google.com siteintercept.qualtrics.com vitals.vercel-insights.com gateway.id.swg.umbrella.com *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com; media-src *.azblue.com azblue.com *.youtube.com youtube.com *.vimeo.com vimeo.com; frame-src *.doubleclick.net *.google.com *.azblue.com azblue.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.youtube.com youtube.com *.vimeo.com vimeo.com azblue.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com 2
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-ancestors 'self' https://*.plugshare.com *.google-analytics.com *.analytics.google.com 2
frame-ancestors https://*.powerdms.com; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' *.bzga.de data:; script-src 'self' 'unsafe-inline' *.bzga.de; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com/; img-src 'self' data: *.ytimg.com *.bzga.de 2
frame-ancestors 'self' https://agcovirtualshowroom.com https://www.agcovirtualshowroom.com; 2
default-src 'self'  *.arista.com;  frame-ancestors 'self'  *.arista.com;  form-action 'self'  *.arista.com  *.onelogin.com  *.salesforce.com  forms.hsforms.com  syndication.twitter.com;  script-src 'self'  'unsafe-inline'  'unsafe-eval'  customer.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  js.hsforms.net  forms.hsforms.com  js-na1.hs-scripts.com  js.hs-analytics.net  js.hs-banner.com  js.hsleadflows.net  *.smartrecruiters.com  www.google.com  *.gstatic.com  www.google-analytics.com  *.googletagmanager.com  maps.google.com  maps.googleapis.com  *.googleapis.com  platform.twitter.com  cdn.syndication.twimg.com  connect.facebook.net  platform.linkedin.com  www.youtube.com;  connect-src 'self'  api-eu1.cludo.com  api.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  privacyportal.onetrust.com  forms.hsforms.com  forms.hubspot.com  stats.g.doubleclick.net  www.google-analytics.com *.analytics.google.com *.googletagmanager.com;  child-src 'self'  forms.hsforms.com  js.hs-analytics.net  www.youtube.com  www.facebook.com  web.facebook.com  platform.twitter.com  syndication.twitter.com  web.facebook.com  www.google.com  www.google-analytics.com  *.livestream.com  vimeo.com  player.vimeo.com;  style-src 'self'  'unsafe-inline'  fonts.googleapis.com  platform.twitter.com  *.twimg.com;  font-src  'self'  fonts.gstatic.com;  img-src 'self' data:  customer.cludo.com  cdn.cookielaw.org  perf.hsforms.com  track.hubspot.com  forms-na1.hsforms.com  forms.hsforms.com  i.ytimg.com  *.gstatic.com  maps.google.com  maps.googleapis.com  *.googleapis.com  *.ggpht.com  www.google-analytics.com  *.googletagmanager.com  stats.g.doubleclick.net  platform.twitter.com  *.twimg.com  syndication.twitter.com  www.facebook.com  i.vimeocdn.com;  upgrade-insecure-requests;  report-uri /csp-report/ 2
frame-ancestors 'self' login.transporeon.com login.int.transporeon.nil login.dev.transporeon.nil login.test.transporeon.com www.transporeon.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com  *.stitcher.com use.typekit.net https://fonts.gstatic.com data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.gstatic.com *.bakermckenzie-podcastlibrary-wordpress.onenorth.com bakermckenzie-podcastlibrary-wordpress.onenorth.com blob: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.oribi.io *.onetrust.com  *.stitcher.com *.google-analytics.com translate.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org *.mktoresp.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com translate.google.com *.google-analytics.com app-static.turtl.co static.ads-twitter.com munchkin.marketo.net cdn.cookielaw.org snap.licdn.com *.ceros.com connect.facebook.net *.cloudfront.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: filesystem: *.google-analytics.com *.bakermckenzie.com bakermckenzie.com *.googletagmanager.com gstatic.com *.gstatic.com translate.google.com *.siteimproveanalytics.io px.ads.linkedin.com *.linkedin.com p.adsymptotic.com  cdn.cookielaw.org; frame-src 'self' gateway.zscalertwo.net *.youtube.com *.stitcher.com *.libsyn.com *.buzzsprout.com *.spotify.com *.podbean.com *.soundcloud.com *.podcasts.apple.com omny.fm *.vbrick.com *.bryter.io *.bakermckenzie.com *.youtube-nocookie.com *.vimeo.com *.google.com *.googletagmanager.com *.yoshki.com app-static.turtl.co view.ceros.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viewpoint.com https://go.trimble.com https://get.trimble.com https://*.inventiveperception365.com https://*.visualwebsiteoptimizer.com https://unpkg.com https://*.6sc.co https://viewpoint.us12.list-manage.com https://cdn.cookielaw.org https://*.vidyard.com https://js-agent.newrelic.com https://secure.coax7nice.com https://*.facebook.com https://*.marketo.net https://*.marketo.com https://*.driftt.com https://*.adroll.com https://*.sumo.com https://*.sumome.com https://sumo.com https://content.cdntwrk.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://*.vimeo.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://siteimproveanalytics.com https://*.wistia.net https://*.wistia.com https://*.doubleclick.net https://www.reddit.com https://reddit.com https://*.pinterest.com https://api.bufferapp.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://d.adroll.mgr.consensu.org https://tribl.io https://*.uberflip.com https://*.calendly.com; img-src 'self' data: https://*.viewpoint.com https://*.pubmatic.com https://*.linkedin.com https://*.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://*.vidyard.com https://*.6sc.co https://s.amazon-adsystem.com https://*.krxd.net https://fcmatch.youtube.com https://sync.mathtag.com https://www.google.ca https://www.google.co.uk https://*.adroll.com https://s3-us-west-2.amazonaws.com https://cdn.bizibly.com https://gum.criteo.com https://www.google.com https://px.ads.linkedin.com https://www.linkedin.com https://*.sumo.com https://*.sumome.com https://sumo.com https://privacy-policy.truste.com https://c.bing.com https://match.prod.bidr.io https://tags.rd.linksynergy.com https://cw.addthis.com https://segments.company-target.com https://sync.ipredictive.com https://sync.tidaltv.com https://epiv.cardlytics.com https://aa.agkn.com https://px.owneriq.net https://dpm.demdex.net https://bttrack.com https://pixel.spotify.com https://usersync-b3.videoamp.com https://srv4j.net https://usersync-b3.videoamp.com https://ssum.casalemedia.com https://a.tribalfusion.com https://dps.admission.net https://ps.eyeota.net https://segments.company-target.com https://um.simpli.fi https://pixel.tapad.com https://match.adsrvr.org https://px.surveywall-api.survata.com https://sync.srv.stackadapt.com https://rtb.adentifi.com https://bcp.crwdcntrl.net https://pm.w55c.net https://p.rfihub.com https://idsync.reson8.com https://tribl.io https://sync-tm.everesttech.net https://loadm.exelator.com https://secure-gl.imrworldwide.com https://d3sut91l4ajo4b.cloudfront.net https://d3lziyk5qr4b9v.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://optimize.google.com https://*.gstatic.com https://*.bluekai.com https://d3sut91l4ajo4b.cloudfront.net https://s-static.ak.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://www.youtube.com https://*.siteimproveanalytics.io https://x.dlx.addthis.com https://s3.amazonaws.com https://driftt.imgix.net https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://cdn.bizible.com https://pixel.quantserve.com https://www.facebook.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://*.adroll.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://pippio.com https://tr.snapchat.com https://*.wistia.net https://sync.outbrain.com https://simage2.pubmatic.com https://tag.apxlv.com https://tag.cogocast.net https://x.dlx.addthis.com https://maps.googleapis.com https://www.googleoptimize.com https://go.trimble.com https://get.trimble.com https://*.marketo.com https://*.wistia.com https://pluginicons.craft-cdn.com https://*.akamaihd.net https://content.cdntwrk.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.viewpoint.com https://*.google.com https://*.viewpoint.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://go.trimble.com https://get.trimble.com https://*.marketo.net https://*.marketo.com https://js.driftt.com https://hello.myfonts.net https://cdn.jsdelivr.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fast.fonts.net; font-src 'self' data: https://*.viewpoint.com https://*.fonts.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.gstatic.com https://*.vimeo.com https://connect.facebook.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://api2.fonts.com; object-src 'self' https://*.viewpoint.com; child-src 'self' https://*.viewpoint.com; frame-src 'self' https://*.spotify.com https://*.vidyard.com https://www.youtube.com https://w.soundcloud.com https://*.doubleclick.net https://vimeo.com https://*.vimeo.com https://optimize.google.com https://go.trimble.com https://get.trimble.com https://info.viewpoint.com https://*.marketo.com https://*.wistia.com https://*.wistia.net https://*.driftt.com https://*.facebook.com https://calendly.com https://*.calendly.com; connect-src 'self' https://*.adnxs.com https://*.sumome.com https://sumome.com https://*.visualwebsiteoptimizer.com https://*.6sense.com https://*.6sc.co https://analytics.google.com https://maps.googleapis.com https://*.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://*.viewpoint.com https://*.sumo.com https://*.sumome.com https://sumo.com https://v2.api.uberflip.com https://clients6.google.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.wistia.com https://*.litix.io https://*.akamaihd.net https://*.mktoutil.com https://bam.nr-data.net; report-uri https://ca1fe692b8b29170cd9bd1769d468774.report-uri.com/r/d/csp/enforce 2
default-src https://appdsv.omie.com.br https://vc.hotjar.io https://js.intercomcdn.com https://in.hotjar.com https://api.hubapi.com https://www.facebook.com wss://nexus-websocket-a.intercom.io https://forms.hubspot.com https://api.hubspot.com https://ws6.hotjar.com wss://ws6.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dataunion.com.br https://api-iam.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob:  https://apis.google.com https://analytics.tiktok.com https://appdsv.omie.com.br https://dev.visualwebsiteoptimizer.com https://snap.licdn.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://cse.google.com https://www.google.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://js.usemessages.com https://stackpath.bootstrapcdn.com https://www.dataunion.com.br https://js.hscollectedforms.net https://www.googletagmanager.com https://*.hotjar.com https://*.tailtarget.com https://*.intercom.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://www.googleadservices.com https://js.hsforms.net https://js.hs-scripts.com https://connect.facebook.net https://forms.hsforms.com https://www.google-analytics.com https://app.omie.com.br https://cdnjs.cloudflare.com https://js.intercomcdn.com https://*.criteo.com https://static.criteo.net https://preview-new.mkt.omie.us; style-src 'self' 'unsafe-inline' 'report-sample' https://optimize.google.com https://preview-new.mkt.omie.us https://cdn.omie.com.br https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; frame-src https://*.omie.com.br https://chat-convecao24.firebaseapp.com https://www.googletagmanager.com https://td.doubleclick.net https://intercom-sheets.com/ https://cdn.omie.com.br/ https://cdndsv.omie.com.br/ https://www.intercom-reporting.com/ *.google.com https://www.facebook.com/ https://player.vimeo.com/ youtube.com https://www.youtube.com https://optimize.google.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://tags.t.tailtarget.com/ https://forms.hsforms.com/ https://*.criteo.com https://static.criteo.net; img-src 'self' data: blob: https://www.googletagmanager.com https://s3-sa-east-1.amazonaws.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://sync-t1.taboola.com https://*.criteo.com https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://dev.visualwebsiteoptimizer.com https://cm.g.doubleclick.net https://track.hubspot.com https://*.omie.com.br https://conpass.blob.core.windows.net https://fast.conpass.io https://static.intercomassets.com https://omie-b8c3f6a65bc3.intercom-attachments-5.com https://app.intercom.com/ https://*.intercomcdn.com/ https://omiexperience-sa.intercom-attachments-7.com/ https://omie-b8c3f6a65bc3.intercom-attachments-1.com/ https://omie-b8c3f6a65bc3.intercom-attachments-9.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.br *.googleusercontent.com *.facebook.net *.facebook.com https://*.hsforms.com; font-src 'self' data: https://use.typekit.net https://script.hotjar.com https://js.intercomcdn.com https://fonts.gstatic.com https://*.omie.com.br/omiesaga/ https://use.fontawesome.com; connect-src 'self' https://google.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://analytics.tiktok.com https://px.ads.linkedin.com https://analytics.google.com https://dev.visualwebsiteoptimizer.com https://sslwidget.criteo.com https://blog.omie.com.br https://forms.hscollectedforms.net https://viacep.com.br https://appdsv.omie.com.br https://api.crm.ops.omie.us https://apidev.crm.ops.omie.us https://api.plm.ops.omie.us https://www.omie.com.br https://app.omie.com.br https://forms.hsforms.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://www.dataunion.com.br https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.facebook.com/ https://*.hubspot.com https://*.hubapi.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com; form-action https://intercom.help https://api-iam.intercom.io https://www.facebook.com https://*.omie.com.br https://omie.clickmeeting.com/ https://*.omie.com.br https://app.omie.com.br https://www.omie.com.br https://forms.hsforms.com; media-src blob: https://js.intercomcdn.com https://preview.omie.com.br https://www.omie.com.br https://omie.com.br; frame-ancestors 'none'; object-src 'none'; worker-src https://*.omie.com.br; base-uri 'self';  2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; frame-ancestors *; 2
frame-ancestors 'self' https://plusoneportal.com; default-src 'self'; script-src 'unsafe-eval' 'report-sample' 'unsafe-inline' 'self' https://api.ipdata.co https://ipdata.co https://azurefd.net https://lwpixel.azurefd.net https://lwjs.azureedge.net/cjs/ahsv3.js https://lwjs.azureedge.net https://azureedge.net https://collector-22761.us.tvsquared.com/tv2track.js https://collector-22761.us.tvsquared.com https://tvsquared.com https://ipredictive.com https://ad.ipredictive.com https://js.ipredictive.com/adelphic_universal_pixel.js https://ad.ipredictive.com/d/track/event https://frontdoor.quiq-api.com https://static.quiq-cdn.com https://*.sentry-cdn.com https://s.go-mpulse.net https://*.stripe.com https://*.pinimg.com https://*.adroll.com https://*.impactradius-event.com https://cdn.split.io https://apis.google.com https://bat.bing.com https://solutions.invocacdn.com https://connect.facebook.net https://zncisnbbpkikmevsx-americanhomeshield.siteintercept.qualtrics.com https://d.impactradius-event.com https://pnapi.invoca.net https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://proconnect-com.webengine.origin.zesty.zone https://s994zgsm.media.zestyio.com https://*.youtube.com https://*.bizrate.com https://*.frontdoorhome.com https://*.tealium.com https://*.tealiumiq.com https://*.ahsfriends.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://optimizely-hrd.appspot.com https://cdn-assets-prod.s3.amazonaws.com https://ext.chtbl.com https://googleads.g.doubleclick.net https://*.hotjar.com https://aa.agkn.com https://rdata.mpio.io https://rum-static.pingdom.net https://overflowworks.com https://request.eprotect.vantivpostlive.com https://com-ahs.netmng.com https://pixel.mathtag.com https://request.eprotect.vantivcnp.com https://*.qualtrics.com https://seal.digicert.com https://tag.havasedge.com https://tags.tiqcdn.com https://www.ahs.com https://l360.ahs.com https://cdn.aimtell.com https://dashboard.aimtell.com https://s3.amazonaws.com/cdn.aimtell.com/trackpush https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://*.observepoint.com https://*.adsrvr.org https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://unpkg.com https://lwpixel2.azurewebsites.net https://frontdoor.blueconic.net https://businessmessages.google.com https://consent.trustarc.com; style-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://*.googleapis.com https://*.frontdoorhome.com https://p.typekit.net https://*.typekit.net https://cdn.optimizely.com https://*.bizrate.com; object-src 'none'; base-uri 'self'; child-src 'self' https://assets.braintreegateway.com https://*.paypal.com; connect-src 'self' https://api.serviz.com https://api.ipdata.co https://a51p.s3-us-west-2.amazonaws.com https://frontdoor.quiq-api.com https://static.quiq-cdn.com https://frontdoorhome.fusionauth.io/oauth2/token https://refer.ahsfriends.com https://*.frontdoorhome.fusionauth.io https://*.api.shieldnhd.com https://prod.api.shieldnhd.com https://prod.api.shieldnhd.com/nhd-core/userprofile https://*.shieldnhd.com https://*.ahs.com https://*.adsrvr.org https://*.stripe.com https://*.google.co.in https://s3-us-west-2.amazonaws.com https://*.advertising.com https://*.rubiconproject.com https://*.casalemedia.com https://*.outbrain.com https://draftmag.com https://*.energy.gov https://*.sensibo.com https://*.spotify.com https://*.instagram.com https://*.cdn-redfin.com https://*.smartzip.com https://*.hud.gov https://*.amana.com https://*.nfpa.org https://*.hvi.org https://*.ml.com https://*.mixcord.co https://*.designblendz.com https://*.modularclosets.com https://*.amwater.com https://safepaw.com https://*.leeo.com https://*.insteon.com https://*.smarthome.com https://*.frontpointsecurity.com https://*.google.com https://*.gstatic.com https://*.aga.org https://allyearaustin.com https://apsp.org https://*.abt.com https://*.linerworld.com https://*.welcomehomeresource.com https://*.homevalueleads.com https://*.osha.gov https://*.zendesk.com https://*.homestratosphere.com https://*.truevalueprojects.com https://*.bls.gov https://august.com https://*.texasrealestate.com https://*.pacificpower.net https://*.zillow.com https://*.googleusercontent.com https://*.federalreserve.gov https://*.coldwellbanker.com https://*.servicechampions.net https://*.realestatemarketingblog.org https://*.boschtools.com https://*.cpsc.gov https://*.pubmatic.com https://*.yahoo.com https://*.taboola.com https://*.3lift.com https://*.bidswitch.net https://*.adnxs.com https://*.openx.net https://*.rubiconproject.com https://d.adroll.mgr.consensu.org https://proconnect.formstack.com https://ct.pinterest.com https://*.sentry-cdn.com https://*.googleapis.com https://*.gstatic.com https://*.pinimg.com https://*.adroll.com https://*.bootstrapcdn.com https://*.zesty.zone https://code.jquery.com https://*.cloudflare.com https://*.youtube.com https://*.zestyio.com https://*.bizrate.com https://*.frontdoorhome.com https://*.rfihub.com https://*.rezync.com https://*.rlcdn.com https://*.netmng.com https://*.typekit.net https://*.invocacdn.com https://*.impactradius-event.com https://*.g.doubleclick.net https://*.chtbl.com https://*.facebook.net https://www.googleadservices.com https://googleadservices.com https://*.adxcel-ec2.com https://*.mpio.io https://www.facebook.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://overflowworks.com https://pixel.mathtag.com https://*.tiqcdn.com https://*.tealium.com https://*.tealiumiq.com https://*.hotjar.io https://*.akstat.io https://stats.g.doubleclick.net https://*.zesty.dev https://www.google-analytics.com https://pnapi.invoca.net https://*.split.io https://*.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.zesty.io https://request.eprotect.vantivpostlive.com https://american-home-shield.sjv.io https://bat.bing.com https://c.go-mpulse.net https://*.ingest.sentry.io https://*.qualtrics.com https://*.akamaihd.net https://log.aimtell.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://*.paypal.com; font-src 'self' https://*.zestyio.com https://fonts.gstatic.com https://*.ahs.com https://*.frontdoorhome.com https://*.zesty.io https://*.typekit.net; frame-src 'self' https://*.ftdrinternal.com https://static.quiq-cdn.com https://*.preview.zesty.io https://shieldnhd-fdbp730m.zesty.dev https://*.plusoneportal.com https://*.stripe.com https://embed.neomam.com https://*.fls.doubleclick.net https://pixel.mathtag.com https://*.spotify.com https://embed.neomam.com https://bid.g.doubleclick.net https://*.hotjar.com https://*.youtube.com https://*.eprotect.vantivpostlive.com https://*.optimizely.com https://cookie.havasedge.com https://*.eprotect.vantivcnp.com https://*.frontdoorhome.com https://*.adsrvr.org https://*.google.com https://assets.braintreegateway.com https://*.paypal.com https://frontdoor.quiq-api.com https://consent-pref.trustarc.com; img-src 'self' https://lwpixel.azurefd.net https://lwjs.azureedge.net https://azureedge.net https://collector-22761.us.tvsquared.com https://tvsquared.com https://ipredictive.com https://ad.ipredictive.com https://ad.ipredictive.com/d/track/event https://*.micpn.com https://*.bizrate.com https://*.mi-content.com https://*.facebook.net https://*.facebook.com https://*.pippio.com https://*.google.co.in https://*.stripe.com https://ahstrax.com https://*.ahs.com https://s3-us-west-2.amazonaws.com https://*.youtube.com https://movableink-assets-production.s3.amazonaws.com https://*.energy.gov https://*.sensibo.com https://*.spotify.com https://*.instagram.com https://*.cdn-redfin.com https://*.hud.gov https://*.amana.com https://*.nfpa.org https://*.hvi.org https://*.ml.com https://*.mixcord.co https://*.designblendz.com https://*.modularclosets.com https://*.amwater.com https://safepaw.com https://*.leeo.com https://*.insteon.com https://*.smarthome.com https://*.frontpointsecurity.com https://*.google.com https://*.aga.org https://allyearaustin.com https://apsp.org https://*.abt.com https://*.linerworld.com https://*.homevalueleads.com https://*.osha.gov https://*.zendesk.com https://*.homestratosphere.com https://*.truevalueprojects.com https://*.bls.gov https://august.com https://*.texasrealestate.com https://*.pacificpower.net https://*.zillow.com https://*.googleusercontent.com https://*.federalreserve.gov https://*.coldwellbanker.com https://*.servicechampions.net https://*.realestatemarketingblog.org https://*.boschtools.com https://*.cpsc.gov https://*.cogocast.net https://*.tealium.com https://*.tealiumiq.com https://*.trueleadid.com https://*.apxlv.com https://*.doubleclick.net https://www.googletagmanager.com https://pippio.com https://dpm.demdex.net https://tags.bluekai.com https://p.alcmpn.com https://i.liadm.com https://*.media.zestyio.com https://bat.bing.com https://live.rezync.com https://p.rfihub.com https://*.frontdoorhome.com https://data.adxcel-ec2.com https://event.havasedge.com https://i.simpli.fi https://idsync.rlcdn.com https://pixel.mathtag.com https://*.qualtrics.com https://cds.taboola.com https://trc-events.taboola.com https://cdn.optimizely.com https://*.adsrvr.org https://cookie.havasedge.com https://seal.digicert.com https://assets.braintreegateway.com https://checkout.paypal.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://consent.trustarc.com https://arttrk.com data:; manifest-src 'self'; media-src 'self' https://cdn.frontdoorhome.com; worker-src 'self' https://www.ahs.com https://ahs.com; 2
connect-src 'self' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.google-analytics.com https://*.qualified.com wss://*.qualified.com *.cookielaw.org *.onetrust.com *.pathfactory.com *.6sc.co *.6sense.com *.adnxs.com https://images.ctfassets.net https://adservice.google.com js.zi-scripts.com ws.zoominfo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com https://js.qualified.com https://vercel.live *.cookielaw.org *.pathfactory.com https://www2.ncino.com *.6sc.co cdn.sendergen.com js.zi-scripts.com ws-assets.zoominfo.com; img-src 'self' *.linkedin.com https://www.google.com data: images.ctfassets.net www.googletagmanager.com www.google-analytics.com assets.vercel.com *.wistia.com *.cookielaw.org *.6sc.co *.pathfactory.com; child-src *.wistia.net www.google.com https://vercel.live https://*.qualified.com; style-src 'self' 'unsafe-inline' *.pathfactory.com https://*.qualified.com; font-src 'self' data: *.pathfactory.com; object-src 'none'; frame-src *.wistia.net www.google.com explore.ncino.com https://vercel.live https://*.qualified.com; frame-ancestors 'self' *.wistia.net bankr.cloudforce.com *.ncino.com https://vercel.live https://*.qualified.com https://ncino-fe-preview.vercel.app https://app.contentful.com *.salesforce.com; media-src mediastream: https://*.qualified.com; 2
default-src 'self' asmlcom-kv0cq3x6t-asml.vercel.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' asmlcom-kv0cq3x6t-asml.vercel.app https://cdn.cookielaw.org https://assets.adobedtm.com https://static.ads-twitter.com https://zn5mvwfi1g8ili9hu-asmlcx.siteintercept.qualtrics.com https://*.qualtrics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.mouseflow.com https://sc-static.net https://*.googletagmanager.com https://*.facebook.net https://*.licdn.com https://*.redditstatic.com https://*.cloudfront.net https://*.snapchat.com https://*.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.asml.com https://*.quadia.net https://*.euroland.com https://vercel.live blob:; child-src 'self' https://*.mouseflow.com asmlcom-kv0cq3x6t-asml.vercel.app; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.asml.com asmlcom-kv0cq3x6t-asml.vercel.app; img-src 'self' https://asml.picturepark.com * data:; connect-src 'self' https://api-engage-eu.sitecorecloud.io https://*.vercel-insights.com https://cdn.cookielaw.org https://*.demdex.net https://*.asml.com https://*.qualtrics.com https://*.youtube.com https://*.onetrust.com https://google.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.snplow.net https://*.mouseflow.com https://*.asml.com https://*.quadia.net asmlcom-kv0cq3x6t-asml.vercel.app data: blob:; font-src 'self' https://fonts.gstatic.com https://*.asml.com asmlcom-kv0cq3x6t-asml.vercel.app; ; object-src 'none'; base-uri 'self'; frame-src 'self' https://asml.demdex.net https://*.youtube.com https://*.google.com https://*.asml.com https://*.qualtrics.com https://asmllaserbox.com https://*.doubleclick.net https://*.everesttech.net https://*.adobedc.net https://*.adobedtm.com https://*.quadia.net https://*.mouseflow.com https://*.eurolandir.com https://*.snapchat.com asmlcom-kv0cq3x6t-asml.vercel.app; manifest-src 'self'; media-src 'self' https://asml.corptv.datiq.net https://corptv.datiq.net asmlcom-kv0cq3x6t-asml.vercel.app; worker-src 'none'; 2
base-uri 'self' https://optimize.google.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.doubleclick.net *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.google.com https://www.google.com www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://pubads.g.doubleclick.net *.criteo.net *.criteo.com ajax.cloudflare.com analytics.tiktok.com bat.bing.com *.clarity.ms *.amazon-adsystem.com ; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.c6bank.com.br *.googletagmanager.com; font-src 'self' data: *.gstatic.com *.c6bank.com.br; object-src 'none'; form-action 'self'; img-src 'self' data: *; report-uri /api/csp 2
frame-ancestors 'unsafe-inline' 'self' 2
base-uri *; font-src *; form-action *; frame-ancestors *; img-src * data: blob:; object-src *; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * https: 'unsafe-inline'; upgrade-insecure-requests 2
frame-ancestors 'self' support.azazie.com customerservice.azazie.com 2
default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/; img-src 'self' https://www.google-analytics.com https://maps.gstatic.com https://i.ytimg.com/vi_webp/kt7RdwfZ2dg/mqdefault.webp https://*.global.siteimproveanalytics.io https://maps.gstatic.com/mapfiles https://maps.googleapis.com/maps/ data:; media-src 'self'; object-src 'self'; script-src 'self' https://maps.googleapis.com/ https://maps.googleapis.com/maps-api-v3/api/js/ http://www.timevaluecalculators.com https://www.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net/ ajax.googleapis.com www.googletagmanager.com siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://www.timevaluecalculators.com/timevaluecalculators/Includes/Calculators_DefaultStyles.css; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 2
frame-ancestors 'self' https://reittiopas.hsl.fi https://dev.reittiopas.fi/ https://next-dev.digitransit.fi 2
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://www.needlefresh.co.uk; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
default-src 'self' cradlepoint.com; font-src 'self' cradlepoint.com maxcdn.bootstrapcdn.com cdn.pathfactory.com fonts.gstatic.com cdnjs.cloudflare.com data: 'unsafe-inline'; img-src 'self' cradlepoint.com blob: res.cloudinary.com *.cradlepoint.com ik.imagekit.io *.youtube.com i.ytimg.com *.pathfactory.com www.glassdoor.com px.ads.linkedin.com bat.bing.com t.co *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ca *.google.ch *.google.de *.google.es *.google.fr *.google.it *.google.co.uk *.google.nl *.google.no *.google.pt *.google.se *.facebook.com d.adroll.com *.twitter.com *.techtarget.com cdn.bizible.com cdn.bizibly.com *.linkedin.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com ups.analytics.yahoo.com image2.pubmatic.com sync.taboola.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net match.prod.bidr.io id.rlcdn.com segments.company-target.com cdn.cookielaw.org *.marketo.com data:; style-src 'self' *.cradlepoint.com app.cdn.lookbookhq.com *.pathfactory.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net app-sjo.marketo.com 'unsafe-inline'; style-src-elem 'self' *.cradlepoint.com www.unpkg.com unpkg.com maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com *.pathfactory.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net *.marketo.com 'unsafe-inline'; script-src 'self' cradlepoint.com *.cradlepoint.com *.pathfactory.com *.buzzsprout.com app.cdn.lookbookhq.com cdnjs.cloudflare.com cdn.jsdelivr.net js.driftt.com widget.drift.com cdn.cookielaw.org maxcdn.bootstrapcdn.com js-agent.newrelic.com assets.calendly.com bam.nr-data.net code.jquery.com www.unpkg.com unpkg.com app-sjo.marketo.com cdn.datatables.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.doubleclick.net www.brighttalk.com snap.licdn.com cdn.mouseflow.com s.adroll.com d.adroll.com connect.facebook.net web-analytics.engagio.com bat.bing.com static.ads-twitter.com cdn.bizible.com trk.techtarget.com munchkin.marketo.net tag.demandbase.com yoast.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' cradlepoint.com *.cradlepoint.com cradlepoint-certificates.vercel.app js.driftt.com widget.drift.com app-sjo.marketo.com *.company-target.com *.facebook.com *.doubleclick.net drift-lp-61234949.drift.click *.youtube-nocookie.com *.youtube.com calendly.com forms.office.com *.buzzsprout.com 'unsafe-inline'; frame-ancestors 'self' cradlepoint.lookbookhq.com cradlepoint.pathfactory.com *.cradlepoint.com; connect-src 'self' cradlepoint.com res.cloudinary.com *.pathfactory.com cdn.cookielaw.org *.onetrust.com bam.nr-data.net *.google.com *.google.ca *.google.ch *.google.de *.google.es *.google.fr *.google.it *.google.co.uk *.google.nl *.google.no *.google.pt *.google.se *.googleadservices.com *.google-analytics.com *.doubleclick.net *.techtarget.com *.company-target.com *.demandbase.com cdn.linkedin.oribi.io 473-zzr-267.mktoresp.com d.adroll.com n2.mouseflow.com data:; media-src 'self' cradlepoint.com js.driftt.com; object-src 'none'; 2
frame-ancestors 'self' *.inforcloudsuite.com 2
default-src https://*.bidtheatre.com https://*.addsearch.com https://*.weglot.com https://*.clarity.ms https://*.hotjar.io https://*.bing.com https://fonts.gstatic.com https://s1.adform.net https://s2.adform.net https://adform.net https://ib.adnxs.com https://connect.facebook.net https://s2.adform.net wss://druidbotapi.druidplatform.com wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com https://cdn-api-weglot.com https://*.weglot.com https://urlgeni.us/ https://analytics.tiktok.com https://www.googletagmanager.com https://www.linkedin.com/ https://px.ads.linkedin.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cx.atdmt.com https://www.gravatar.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://*.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ https://hcaptcha.com https://*.hcaptcha.com blob: data:;media-src 'self';object-src 'none'; script-src https://unpkg.com https://*.jsdelivr.net https://www.clarity.ms https://*.hotjar.io https://*.bing.com https://*.adform.net https://*.hotjar.com/ https://www.googleadservices.com https://www.google.com https://*.google-analytics.com/ https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google-analytics.com/ https://*.g.doubleclick.net/ https://*.doubleclick.net/ https://diviziapentrumedici.ro/ https://www.google.by/ https://*.googlesyndication.com/ https://*.weglot.com https://maps.googleapis.com https://*.bancatransilvania.ro https://*.datadoghq-browser-agent.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.twitter.com https://*.tiktok.com https://*.google-analytics.com https://*.licdn.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com https://*.gstatic.com 'unsafe-eval' 'unsafe-inline' ;style-src 'self' 'unsafe-inline' https://*.weglot.com https://*.typekit.net https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com ; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.invgate.com https://www.google-analytics.com *.hubspot.com https://scripts.claspo.io ; script-src-elem 'self' *.invgate.com https://snid.snitcher.com *.hubspot.net *.hubspot.com *.claspo.io https://logs.convertexperiments.com/log *.convertexperiments.com https://cdn-4.convertexperiments.com *.hotjar.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://q.quora.com https://a.quora.com https://clarity.microsoft.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://js-na1.hs-scripts.com https://js.usemessages.com https://js.intercomcdn.com https://widget.intercom.io https://api.ipify.org https://www.clickcease.com https://web-sdk.smartlook.com https://www.clarity.ms https://s3.amazonaws.com/scripts-clickmeter-com/js/conversion.js https://tpc.googlesyndication.com https://grow.clearbitjs.com https://reveal.ip2c.net https://www.gstatic.com https://www.invgate.com https://cdn.claspo.io https://c.sf-syn.com https://www.googleanalytics.com https://www.google.com https://www.google.com.ar https://www.googleadservices.com https://www.redditstatic.com https://www.invgate.com https://script.claspo.io https://scripts.claspo.io https://static.hsappstatic.net https://platform.linkedin.com https://cdnjs.cloudflare.com https://js.hsleadflows.net https://connect.facebook.net https://js.hs-analytics.net https://platform.twitter.com https://www.googletagmanager.com https://www.googleoptimize.com https://cdn-cookieyes.com https://bat.bing.com https://thedigitalprojectmanager.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://px.ads.linkedin.com https://js.hsforms.net https://js.hs-banner.com https://js.hsadspixel.net  https://www.google-analytics.com https://js.hs-scripts.com https://snap.licdn.com https://*.getkoala.com https://*.cdn.getkoala.com 'unsafe-inline' ; style-src 'self' https://optimize.google.com https://cdn2.hubspot.net https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com https://www.invgate.com  https://www.googletagmanager.com *.invgate.com 'unsafe-inline' https://*.getkoala.com https://*.cdn.getkoala.com ; img-src 'self' data: *.hubspot.net *.hubspot.com *.googleusercontent.com *.googleusercontent.google.com *.invgate.com  *.claspo.io *.clarity.ms *.bing.com *.hotjar.com https://dev.visualwebsiteoptimizer.com https://c.clarity.ms https://connect.facebook.net https://is1-ssl.mzstatic.com https://grow.clearbitjs.com https://cdn-cookieyes.com https://alb.reddit.com https://ct.capterra.com https://www.googletagmanager.com https://www.invgate.com https://invgate.com https://api-na1.hubapi.com https://i.ytimg.com https://forms.hsforms.com https://forms-na1.hsforms.com https://q.quora.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ar https://t.co https://analytics.twitter.com https://2529496.fs1.hubspotusercontent-na1.net  https://bat.bing.com https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com  https://www.google-analytics.com https://optimize.google.com https://perf.hsforms.com https://cdn.claspo.io https://*.getkoala.com https://*.cdn.getkoala.com https://*.google.co.ve/ ; font-src 'self' data: *.invgate.com *.hotjar.com https://fonts.intercomcdn.com https://www.invgate.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com ; connect-src 'self' https://snid.snitcher.com https://www.google.com.ar/ads *.convertexperiments.com *.invgate.com https://q.quora.com *.hubspot.net *.hubspot.com *.claspo.io *.clarity.ms *.hotjar.io https://dev.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://monitor.clickcease.com https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://metrics.hotjar.io wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://manager.eu.smartlook.cloud https://analytics.google.com https://e.clarity.ms https://reveal.ip2c.net https://www.facebook.com https://www.invgate.com https://script.claspo.io https://adservice.google.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://log.cookieyes.com https://cdn-cookieyes.com  https://api.hubapi.com https://www.google-analytics.com https://directory.cookieyes.com https://bat.bing.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://connect.facebook.net https://googleads.g.doubleclick.net https://*.getkoala.com wss: wss://*.getkoala.com https://*.analytics.google.com https://*.ads.linkedin.com/wa/ ; frame-src 'self' *.hubspot.com https://www.youtube-nocookie.com https://td.doubleclick.net https://optimize.google.com https://embed-standalone.spotify.com https://embed.podcasts.apple.com https://tpc.googlesyndication.com https://fast.wistia.net https://www.google.com https://conversions.clickmeter.com https://clickmeter.com https://c.sf-syn.com/conversion_zone_announce/InvGate-Service-Desk https://forms.hsforms.com https://www.invgate.com https://www.googletagmanager.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com https://open.spotify.com https://play.hubspotvideo.com https://meetings.hubspot.com ; report-uri https://invgate.report-uri.com/r/d/csp/reportOnly ; report-to default 2
frame-ancestors 'self'; report-uri https://www.ge.com/report-uri/enforce 2
default-src 'self' 'unsafe-inline' fellow.app; connect-src 'self' api.hubapi.com api.hubspot.com api.segment.io cdn.segment.com fellow.app forms.hsforms.com forms.hubspot.com heapanalytics.com https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com monitor.clickcease.com stats.g.doubleclick.net www.facebook.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com bat.bing.com yoast.com my.wpengine.com cdn.linkedin.oribi.io forms.hscollectedforms.net *.chilipiper.com *.clarity.ms c.bing.com app.clearbit.com share.cello.so growthbook-proxy.fellow.app; img-src 'self' blob: data: https: monitor.clickcease.com script.hotjar.com static.hotjar.com js.chilipiper.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com; media-src 'self' *.cloudfront.net *.vidyard.com fellow.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.hs-banner.com *.hs-scripts.com *.twimg.com *.twitter.com *.youtube.com *.cloudflare.com bat.bing.com cdn.heapanalytics.com cdn.segment.com connect.facebook.net ct.capterra.com d.adroll.mgr.consensu.org fellow.app forms.hubspot.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net monitor.clickcease.com optimize.google.com script.hotjar.com static.hotjar.com snap.licdn.com static.cloudflareinsights.com static.hotjar.com www.clickcease.com google-analytics.com *.google-analytics.com www.google.com googleadservices.com *.googleadservices.com *.googletagmanager.com www.gstatic.com *.googleoptimize.com youtube.com js.usemessages.com *.vidyard.com www.gstatic.com js.chilipiper.com use.fontawesome.com yoast.com fellowapp.bamboohr.com *.clarity.ms c.bing.com tag.clearbitscripts.com *.clearbitjs.com assets.cello.so embed.typeform.com; frame-src 'self' fellow.app app.hubspot.com forms.hubspot.com vars.hotjar.com www.facebook.com player.vimeo.com vimeo.com www.youtube.com youtube.com optimize.google.com anchor.fm *.twitter.com open.spotify.com embed-standalone.spotify.com *.vidyard.com www.google.com recaptcha.google.com *.chilipiper.com clarity.microsoft.com form.typeform.com; font-src 'self' data: fellow.app fonts.gstatic.com script.hotjar.com; style-src 'self' 'unsafe-inline' *.twitter.com fellow.app fonts.googleapis.com optimize.google.com static.hotjar.com script.hotjar.com embed.typeform.com; report-uri https://sentry.io/api/4544941/security/?sentry_key=56a1c09c71c34e06b631424f04467745 2
frame-ancestors 'self' https://tongji.baidu.com; 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com https://forms.hubspot.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
frame-ancestors *.pennymac.com *.adobe.com 2
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net;img-src 'self' data: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com www.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io bat.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com forms.hsforms.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com placekitten.com;frame-src *.flipsnack.com *.crazyegg.com *.aciworldwide.com player.vimeo.com *.libsyn.com;worker-src 'self' blob:; 2
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com https://embed.typeform.com/next/embed.js https://tgtag.io;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai *.typeform.com *.typekit.net;  font-src    'self' data: *.googleapis.com *.adyen.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com *.typekit.net;  object-src  'self' *.adyen.com;  frame-src   'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com *.rsa3dsauth.co.uk *.arcot.com *.cardinalcommerce.com *.mycardsecure.com *.monzo.com *.capitalone.com *.touch.tech *.wibmo.com *.mncbank.co.id *.typeform.com *.revolut.com *.sparkassen-kreditkarten.de *.swedbank.se *.wlp-acs.com *.rabobank.nl *.tsys.co.uk *.authentication-acs.marqeta.com *.viseca.ch *.apata.io;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 2
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/corplogin 2
default-src 'self' video.tophotels.ru *.tophotels.ru www.google-analytics.com mc.yandex.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; font-src 'self' hotelscheck.com.ru; connect-src 'self' video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' blob: data: *; media-src 'self' blob: video.tophotels.ru *.tophotels.ru; frame-src 'self' video.tophotels.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com; script-src 'self' video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self';  style-src 'self' carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com 'unsafe-inline' 'self'; 2
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com https://app.tuta.com wss://app.tuta.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com cdnjs.cloudflare.com assets.adobedtm.com www.googletagmanager.com www.google-analytics.com snap.licdn.com connect.facebook.net googleads.g.doubleclick.net pixel.everesttech.net www.everestjs.net bat.bing.com a.quora.com *.plusgrade.com *.awswaf.com *.dynatrace.com; frame-src 'self' www.google.com book.airvistara.com www.youtube.com www.timaticweb2.com vistara.demdex.net; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' px.ads.linkedin.com cm.everesttech.net tatasiaairlinesltd.sc.omtrdc.net bat.bing.com q.quora.com www.linkedin.com www.google.com www.google.co.in dpm.demdex.net www.googletagmanager.com data:; connect-src 'self' tatasiaairlinesltd.tt.omtrdc.net tatasiaairlinesltd.sc.omtrdc.net dpm.demdex.net lasteventf-tm.everesttech.net cdn.linkedin.oribi.io *.campaign.adobe.com fcm.googleapis.com services.airvistara.com *.amadeus.com analytics.google.com stats.g.doubleclick.net t.email.clubvistara.com www.google-analytics.com *.awswaf.com *.dynatrace.com; worker-src 'self' blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com j.6sc.co bam.nr-data.net cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com *.cloudfront.net *.netlify.app plausible.io *.cookielaw.org *.onetrust.com *.buzzsprout.com *.lingotek.com *.boldchat.com *.nanorep.co *.microsoftstream.com cdn.ampproject.org *.force.com *.site.com *.salesforce.com *.salesforceliveagent.com cdn.jsdelivr.net servicesupport.bakerhughesds.com *.acuityplatform.com; media-src 'self' *.vimeo.com *.youtube.com https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net  *.cloudfront.net bakerhughes.nanorep.co *.evolutioneng.com dam.bakerhughes.com; frame-src 'self' *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net *.doubleclick.net youtu.be *.google.com *.yammer.com login.microsoftonline.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com player.vimeo.com *.buzzsprout.com anchor.fm apps.kaonadn.net *.boldchat.com web.microsoftstream.com https://infogram.com service.force.com https://play.goconsensus.com podcasters.spotify.com; frame-ancestors 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com *.smartsheet.com s3.amazonaws.com https://play.goconsensus.com *.lingotek.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com d8ejoa1fys2rk.cloudfront.net use.typekit.net; report-uri /report-csp-violation 2
report-to csp-endpoint; report-uri https://mon.tiktokv.com/log/sentry/v2/api/slardar/main/?bid=tiktok_pns&ev_type=csp&revision=233d210f-67d2-4ed5-9578-a0407f64a5a8; upgrade-insecure-requests  2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru eda.yandex.ru eda.yandex eda.yandex.kz eats.yandex.com eda.yandex.by yastatic.net mc.yandex.ru; style-src blob: data: 'self' 'unsafe-inline' yandex.ru eda.yandex eda.yandex.ru yastatic.net *.yandex.ru *.yandex.net *.foodfox.ru; font-src 'self' eda.yandex eda.yandex.ru yastatic.net *.yandex.net; object-src 'none'; img-src data: blob: *; connect-src 'self' mc.yandex.ru yandex.ru; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adobe.com https://*.franke.com https://*.scene7.com https://*.franke.coffee https://*.pardot.com https://*.googleadservices.com https://*.facebook.net https://*.licdn.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.adobedtm.com https://*.go-mpulse.net https://*.cookiebot.com https://www.googletagmanager.com https://*.clarity.ms https://*.yimg.jp https://*.pinimg.com https://*.doubleclick.net https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.franke.com https://*.scene7.com https://*.googleapis.com; connect-src 'self' https://*.adobe.io https://*.franke.com https://*.scene7.com https://*.oribi.io https://*.akamaihd.net https://*.akstat.io https://*.franke.com https://*.azurewebsites.net https://*.googleapis.com https://*.go-mpulse.net https://*.demdex.net https://*.omtrdc.net https://*.clarity.ms https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com https://*.cookiebot.com https://*.linkedin.com; frame-src 'self' https://*.adobe.com https://*.facebook.com https://*.google.com https://*.demdex.net https://www.youtube.com https://player.vimeo.com https://player.youku.com https://*.cookiebot.com https://*.doubleclick.net https://*.pinterest.com; img-src 'self' * data://*; font-src 'self' https://*.gstatic.com data://*; media-src 'self' https://*.franke.com; 2
default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval'; 2
connect-src 'self' *.ispapi.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.hubspot.com https://*.hubapi.com https://*.g.doubleclick.net https://www.facebook.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.zdassets.com wss://api.smooch.io https://zendesk-eu.my.sentry.io https://hexonetbrand.zendesk.com ;default-src 'self';img-src 'self' https://script.hotjar.com https://static.hotjar.com https://*.google-analytics.com https://t.co https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://cdn-cookieyes.com https://hexonetbrand.zendesk.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com data: ;media-src 'self' https://*.zdassets.com ;script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.twitter.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://connect.facebook.net https://www.googletagmanager.com https://cdn-cookieyes.com https://log.cookieyes.com https://js-eu1.hsleadflows.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.net https://js-eu1.hs-banner.com https://platform.instagram.com https://www.instagram.com https://*.zdassets.com https://api.smooch.io 'unsafe-inline' 'unsafe-eval' ;style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' ;frame-src 'self' https://vars.hotjar.com https://*.hubspot.com https://www.instagram.com ;font-src 'self' https://script.hotjar.com ;frame-ancestors 'self' https://*.hexonet.net ; 2
script-src blob: 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com; img-src 'self' blob: data: *.interempresas.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.youtube.com *.gstatic.com *; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.gstatic.com * 2
default-src 'none'; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com *.bluesnap.com *.hotjar.com *.google.com https://visomdm.com/ ; connect-src https://visomdm.com wss://visomdm.com https://pro.ip-api.com *.hotjar.io *.glbth.com *.visomdm.com *.atvmanager.com *.teacherview.live https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com wss://*.glbth.com wss://*.visomdm.com wss://*.atvmanager.com wss://*.teacherview.live wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.ggpht.com tawk.link blob: *.googleusercontent.com *.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com *.tile.openstreetmap.org data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.hotjar.com *.tawk.to *.openstreetmap.org *.google.com *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' https://itunes.apple.com/ ; frame-ancestors 'self' https://visomdm.com/ 2
frame-ancestors 'self' https://*.cae.plexusvirtual.com https://*.caeoneworld2020.com http://3.23.73.238; 2
default-src 'self' blob: *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com cloud.typography.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; aman-d8.my127.site; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com cdn.rudderlabs.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js *.api.rudderlabs.com *.analytics.google.com s.yimg.jp snap.licdn.com connect.facebook.net d.line-scdn.net p.relay-t.io js.sentry-cdn.com *.yahoo.co.jp *.clarity.ms static.sojern.com bat.bing.com cdn.linkedin.oribi.io https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput-jquery.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/utils.js fxgate.baidu.com secure-hotel-tracker.com newbooking.azds.com *.cinnox.cn https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css newbooking.azds.com cdnjs.cloudflare.com *.cinnox.cn aman-d8.my127.site; img-src 'self' data: *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com https://www.google.com https://www.google.com.uk https://www.google.co.uk https://px.ads.linkedin.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png bat.bing.com tr.line.me ad.doubleclick.net doubleclick.net www.facebook.com *.clarity.ms newbooking.azds.com dbmajt85xhr99.cloudfront.net controlcenter-p1.synxis.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.bing.com *.linkedin.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com aman-d8.my127.site; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net aman-d8.my127.site; frame-src *; frame-ancestors 'self'; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.cinnox.cn aman-d8.my127.site; connect-src 'self' *.aman.com *.boltdns.net  *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com  *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io api.rudderlabs.com *.rudderstack.com sessions.bugsnag.com p.relay-t.io cdn.linkedin.oribi.io pagead2.googlesyndication.com *.clarity.ms newbooking.azds.com *.analytics.google.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google. aman-d8.my127.site; upgrade-insecure-requests 2
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 2
default-src 'self' data: 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.brightcove.com *.akamaihd.net *.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://*.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com https://public.tableau.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://*.classmarker.com https://cdn.ckeditor.com https://code.jquery.com https://cdn.jsdelivr.net https://public.tableau.com blob:; style-src 'self' 'unsafe-inline' http://opgtest https://tagmanager.google.com https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com players.brightcove.net https://cdn.jsdelivr.net; img-src 'self' 'unsafe-inline'  https://d3qoh5n5udjkx5.cloudfront.net https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.crossref.org https://stats.g.doubleclick.net https://*.brightcove.com http://*.brightcove.com *.boltdns.net https://imagebank.osa.org https://imagebank.optica.org https://account.optica.org https://cdn.ckeditor.com https://public.tableau.com https://www.osapublishing.org https://players.brightcove.net *.akamaihd.net; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com about:; connect-src 'self' https://opgadmin https://*.optica.org https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://players.brightcove.net edge.api.brightcove.com *.boltdns.net *.akamaihd.net; media-src 'self' 'unsafe-inline' https://opg.optica.org https://www.osapublishing.org *.boltdns.net https://*.brightcove.com *.brightcovecdn.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com blob: data:; object-src 'self' 'unsafe-inline' *.akamaihd.net *.boltdns.net; prefetch-src 'self' *.boltdns.net 2
frame-ancestors 'self' https://app.contentful.com *.saucelabs.com:8000 *.saucelabs.com *.saucelabs.net; 2
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 2
default-src 'none'; script-src 'self' 'sha256-+bciAoXo8tqxurJAfFdRHhPFvC+ti9sSCf6nP1Mq0zk='; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self' data: blob:; object-src 'self'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' https://docs.immerda.ch/de/search; base-uri 'self'; manifest-src 'none'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src assets.sitescdn.net *.confirmit.eu *.techtarget.com bat.bing.com *.baidu.com *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.ceros.com *.marketo.net *.marketo.com siteimproveanalytics.com *.adobe.com *.rlcdn.com *.doubleclick.net *.googleadservices.com *.google-analytics.com  *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.bizible.com *.facebook.net *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net  'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2
default-src 'self' *.youtube.com *.typeform.com; script-src 'self' *.typeform.com *.youtube.com vercel.live *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.digitaloceanspaces.com cdn.jsdelivr.net cdn.sanity.io umami-do.vercel.app *.recaptcha.net 'sha256-QCpDOfPEObH+FDjO1a0btxA3R4yGSV0m7yegNuFZo68='; img-src *; style-src 'self' 'unsafe-inline' cdn.plyr.io *.cloudflare.com *.gstatic.com *.typeform.com; font-src * data:; media-src 'self' *.digitaloceanspaces.com; frame-src 'self' *.gstatic.com *.recaptcha.net *.google.com *.youtube.com *.typeform.com; connect-src 'self' *.google-analytics.com *.cdn.sanity.io *.apicdn.sanity.io *.digitaloceanspaces.com *.multiversx.com *.elrond.com *.madebyburo.com unpkg.com cdn.plyr.io umami-do.vercel.app noembed.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com; 2
form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 2
default-src https:  wss://*.hotjar.com wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 2
block-all-mixed-content; upgrade-insecure-requests; require-trusted-types-for 'script' 2
default-src https: 'unsafe-inline' 'unsafe-eval' wss: data: 'unsafe-eval'; frame-ancestors 'self' *.applytojob.com; 2
default-src 'self' blob:; img-src 'self' *.boxcdn.net *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com *.ytimg.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com *.amazonaws.com *.gstatic.com *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.myecheck.com *.oppwa.com  *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com  stats.g.doubleclick.net www.google.com www.google.com.sg data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com x1.xingassets.com  blob:  oppwa.com *.google-analytics.com data: s3-us-west-2.amazonaws.com *.facebook.com *.googletagmanager.com optimize.google.com *.boxcloud.com *.fedex.com *.google.co.uk *.google.ie widgets.trustedshops.com *.google.com.mm; script-src 'self' *.userlike.com *.cdn01.boxcdn.net api.smooch.io *.adyen.com *.nexiopay.com *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com *.myecheck.com *.googleapis.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.dropbox.com *.nextsphere.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com   *.clicksafe.lloydstsb.com oppwa.com acaptureservices.com  consent.cookiefirst.com www.dropbox.com content.googleapis.com dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net *.paypal.com *.b-cdn.net connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net static-resource.com *.nexiopaysandbox.com cdn-javascript.net *.paypalobjects.com widgets.trustedshops.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.livehelpnow.net *.adyen.com *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.nexiopaysandbox.com *.nexiopay.com *.boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' *.boxcdn.net *.cdn01.boxcdn.net *.nexiopay.com *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net *.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.bootstrapcdn.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.b-cdn.net *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' wss://umd.userlike.com wss://chat.userlike.com *.nexiopay.com *.s3.us-east-2.amazonaws.com v2.zopim.com ekr.zdassets.com flp-service.zendesk.com *.1drv.com *.nexiopay.com *.cloudfront.net *.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org *.livehelpnow.net *.consensu.org *.vimeocdn.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  *.myecheck.com *.oppwa.com *.flpi.com *.nstitan.com  s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com oppwa.com *.mgipayments.com *.google-analytics.com www.googletagmanager.com graph.microsoft.com google.com *.worldpay.com *.zdassets.com *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com content.googleapis.com dl.dropboxusercontent.com *.google.co.in youtube.com static.zdassets.com *.boxcdn.net *.youtube.com wss://api.smooch.io *.s3-eu-west-1.amazonaws.com js.live.net sandbox.mgipayments.com cdn.worldpay.com sandbox.mgipayments.com  connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net  *.nexiopaysandbox.com cdn.worldpay.com *.flptitan.com flptitan.com foreverliving.com *.fbo.flptitan.com *.foreverliving.com *.fbo.foreverliving.com www.gstatic.com www.dropbox.com zendesk-eu.my.sentry.io data: blob:; media-src 'self' *.boxcdn.net *.amazonaws.com *.userlike.com *.flptitan.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com  blob:; frame-src 'self' *.datatrans.com *.mfgroup.ch *.nexiopay.com *.ngenius-payments.com *.boxcdn.net api.nexiopay.com *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.mgr.consensu.org  walls.io *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com *.google.com *.vimeo.com oppwa.com  dl.dropboxusercontent.com graph.microsoft.com  acs-public.tp.mastercard.com content.googleapis.com *.nexiopaysandbox.com youtu.be youtube.com *.cardinalcommerce.com; frame-ancestors 'self' *.socialsales.io socialsales.io *.nexiopay.com foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com flp360-tools.flptitan.com youtu.be flpqa.com flp.com flp360.social *.flpqa.com *.nexiopaysandbox.com *.boxcdn.net *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com youtube.com *.worldpay.com 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sauto.cz admin.sauto.cz *.sauto.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.sauto.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.sauto.cz blob: login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam 2
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: *; child-src blob: ; 2
frame-ancestors 'self' https://manage.electronicdesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2
frame-ancestors 'self' https://support.phorest.com/ https://phorest1547654878.zendesk.com/ https://phorest.zendesk.com/ https://www.salonownersummit.com/host 2
default-src https://www.mcdonalds.fr *.mcdonalds.fr *.contentstack.com *.woosmap.com *.googleapis.com *.privacy-center.org *.gstatic.com *.as8677.net *.mcdonalds.fr *.googletagmanager.com *.google-analytics.com *.brig.ht *.youtube-nocookie.com *.youtube.com *.amazoncognito.com *.twitter.com *.algolia.com *.algolia.net *.admo.tv mcdonalds-operations.fr *.mcdonalds-operations.fr *.worldline-solutions.com *.ads-twitter.com *.abtasty.com *.sentry.io analytics.google.com *.analytics.google.com snap.licdn.com *.outbrain.com *.presage.io *.capadresse.com *.datadome.co  *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 'unsafe-eval' 'unsafe-inline' ; img-src data: https: http: ; frame-src www.mcdonalds.fr *.brig.ht *.youtube-nocookie.com *.youtube.com *.twitter.com mcdonalds-operations.fr *.mcdonalds-operations.fr *.abtasty.com *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 2
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://inductiveautomation.com http://account.ia.local/ https://*.inductiveautomation.com https://*.inductiveuniversity.com https://inductiveuniversity.com https://s3.amazonaws.com https://files.inductiveautomation.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.youtube.com https://disqus.com https://*.disqus.com https://*.disquscdn.com https://*.wistia.com https://*.wistia.net http://embedwistia-a.akamaihd.net https://*.typekit.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.twitter.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.licdn.com https://cdn.viglink.com https://cdn.jsdelivr.net https://*.adsymptotic.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net https://*.vimeocdn.com https://*.vimeo.com https://*.podbean.com https://*.cdninstagram.com https://*.fontawesome.com https://canny.io https://*.rawgit.com https://*.cloudflare.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.googleadservices.com https://*.doubleclick.net https://js.hs-scripts.com https://*.mouseflow.com https://unpkg.com data: blob:; block-all-mixed-content 2
default-src 'self' https://dayone.app http://localhost:3000 https://stg.dayone.app https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-app-staging-data.s3.amazonaws.com https://dayone-app-staging-data.s3.us-east-1.amazonaws.com https://dayone-app-staging-syncmedia.s3.amazonaws.com https://dayone-app-staging-syncmedia.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com; connect-src 'self' https://dayone.app http://localhost:3000 https://stg.dayone.app https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://dayone-app-staging-data.s3.amazonaws.com https://dayone-app-staging-data.s3.us-east-1.amazonaws.com https://dayone-app-staging-syncmedia.s3.amazonaws.com https://dayone-app-staging-syncmedia.s3.us-east-1.amazonaws.com https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current; frame-src https://accounts.google.com/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com *.adyen.com adyen.com *.scene7.com adgrx.com demdex.net ads.yieldmo.com a.bigcontent.io adnxs.com attentivemobile.com *.attn.tv attn.tv *.audioeye.com audioeye.com bidswitch.net *.btttag.com www.bluecore.com bluekai.com *.creativecdn.com certona.net www.res-x.com cloudflare.com *.cloudfront.net cloudfront.net *.coach.com *.cquotient.com cquotient.com *.criteo.net criteo.net *.criteo.com criteo.com w55c.net *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net *.fonts.net *.fonts.com *.forter.com forter.com stickyadstv.com v.fwmrm.net www.google.co.in *.google.com www.google.de www.googleadservices.com googleapis.com cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com casalemedia.com ivitrack.com *.kargo.com kargo.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com *.klarnaservices.com liadm.com addressy.com media.net mediavine.com mediawallahscript.com cookielaw.org postrelease.com needle.com agkn.com *.onetrust.com onetrust.com *.optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com pinterest.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com *.quantummetric.com quantummetric.com rmp.rakuten.com revcontent.com rubiconproject.com sharethrough.com *.shoprunner.com smartadserver.com *.stuartweitzman.com stuartweitzman.com *.stuartweitzman.ca taboola.com www.talkable.com tangiblee.com tapad.com teads.tv *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org tremorhub.com 3lift.com truefitcorp.com ad.smaato.net clmbtech.com mdhv.io postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com udmserve.net www.yext-pixel.com pcapredict.com *.bing.com api.bluecore.com api.bluecore.app edge1.certona.net cdnjs.cloudflare.com maps.googleapis.com us-central1-cohinc-146020.cloudfunctions.net cdn.cookielaw.org *.needle.com ct.pinterest.com *.rmp.rakuten.com cdn.tangiblee.com p11.techlab-cdn.com dpm.demdex.net ib.adnxs.com secure.adnxs.com x.bidswitch.net tags.bluekai.com www.gstatic.com fonts.gstatic.com aa.agkn.com s.pinimg.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com pixel.tapad.com *.truefitcorp.com ice.360yield.com dsum-sec.casalemedia.com hbx.media.net ssp-csync.smartadserver.com sync.taboola.com sync.teads.tv eb2.3lift.com services.postcodeanywhere.co.uk tapes11111.pcapredict.com tapestry.a.bigcontent.io api.addressy.com js-agent.newrelic.com sessions.bugsnag.com bam.nr-data.net events.attentivemobile.com exchange.mediavine.com r.casalemedia.com s.ad.smaato.net sync-t1.taboola.com cm.adgrx.com sync-criteo.ads.yieldmo.com *.pubmatic.com ad.360yield.com ads.stickyadstv.com criteo-sync.teads.tv contextual.media.net fluentdapi.stg.shoprunner.io i8.amplience.net *.amazonaws.com *.drivecommerce.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com rt.udmserve.net cdn.static.amplience.net partner.mediawallahscript.com matching.ivitrack.com i.liadm.com jadserve.postrelease.com tapestry.tapad.com trends.revcontent.com criteo-partners.tremorhub.com ade.clmbtech.com sync.outbrain.com mathtag.com dwin1.com iesnare.com mpsnare.iesnare.com bh.contextweb.com pixel.s3xified.com s.seedtag.com mixer.mobon.net sync.cootlogix.com cm-exchange.toast.com *.33across.com 33across.com *.lijit.com sync.bidence.net sync.1rx.io cm.mgid.com csync.loopme.me sync.e-planning.net idsync.rlcdn.com sync.console.adtarget.com.tr dynl.mktgcdn.com 1f2e7.v.fwmrm.net adx.dable.io cs.adingo.jp tg.socdm.com adgen.socdm.com sync.aralego.com us-u.openx.net vid.vidoomy.com cdn.honey.io cloudinary.com res.cloudinary.com usersync.gumgum.com sync.connectad.io inv-nets.admixer.net *.googlesyndication.com sync.addlv.smt.docomo.ne.jp t.adx.opera.com visitor.omnitagjs.com ad.tpmn.co.kr tst.kaptcha.com crwdcntrl.net www.google.com.ua *.Yahoo.com ad-stir.com sync.ad-stir.com gssprt.jp cs.gssprt.jp send.microad.jp s-cs.send.microad.jp www.google.ca simpli.fi ad.yieldlab.net sync.targeting.unrulymedia.com onetag-sys.com beacon.krxd.net cm.adform.net *.shoppinggives.com pippio.com tapestry.support jira.tapestry.support sentry.io *.mapbox.com *.force.com www.google.es www.google.by www.google.fr www.google.co.uk www.google.co.il www.google.com.sa www.google.com.vn www.google.rs www.google.com.bh www.google.com.br www.google.com.eg www.google.se www.google.it www.google.com.uy www.google.co.nz www.google.com.gt www.google.co.th www.google.co.kr www.google.ie www.google.bs www.google.pl www.google.com.mx www.google.com.sv www.google.co.cr www.google.ru www.google.tt www.google.co.ug www.google.rw www.google.com.pe www.google.com.lb www.google.com.hk www.google.com.ec www.google.com.gh www.google.com.ng www.google.com.co www.google.com.ar www.google.tn consent.linksynergy.com *.demandware.net *.katespade.com *.coachoutlet.com cm.meba.kr us.ck-ie.com b.admedia.com *.instagram.com api.capitaloneshopping.com cm.igaw.io rstyle.me cdn.ivaws.com link.shoplooks.com *.rewardstyle.com www.metziahs.com safe.menlosecurity.com us.ck-ie.com *.thebrighttag.com *.semasio.net sync.srv.stackadapt.com *.kampyle.com *.medallia.com *.aralego.net app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com google.com cdn.wyng.com data: blob:; 2
frame-ancestors *.firsthorizon.com 2
report-to 'self' ; child-src 'self' ; connect-src 'self' ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com wss: *.litix.io *.wistia.com *.hubspot.com *.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com wss://ws40.hotjar.com content.hotjar.io *.hotjar.com www.trumba.com forms.hsforms.com *.s3.amazonaws.com cdn.linkedin.oribi.io geolocation.onetrust.com cookie-cdn.cookiepro.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.nitrocdn.com *.getnitropack.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com  fonts.gstatic.com cdn.jsdelivr.net *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self'  'unsafe-inline'  'unsafe-eval' forms.hsforms.com; frame-src 'self' app.hubspot.com ppd.turtl.co *.twitter.com forms.hsforms.com player.vimeo.com biz.mosio.com www.buzzsprout.com vars.hotjar.com static.addtoany.com players.brightcove.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.nitrocdn.com nitroscripts.com blob: www.google.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' cgtkiosk.immersive.tf; img-src 'self' assets.turtl.co syndication.twitter.com *.wistia.com no-cache.hubspot.com i.vimeocdn.com cf-images.us-east-1.prod.boltdns.net metrics.brightcove.com *.dialogtech.com *.kickfire.com www.trumba.com *.hsforms.com www.linkedin.com p.adsymptotic.com track.hubspot.com *.ads.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.nitrocdn.com  ts.w.org s.w.org ps.w.org nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  'unsafe-inline'  'unsafe-eval' blob: *.wistia.com s.w.org ; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com; style-src 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com; worker-src 'self'  'unsafe-inline'  'unsafe-eval' blob: ;  upgrade-insecure-requests; 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com; frame-ancestors 'self' https://kuka.presono.com 2
frame-ancestors 'self' https://planeetta.ladesk.com 2
default-src https://player.vimeo.com splash-screen.net https://optimize.google.com https://www.splash-screen.net https://cdn.cookielaw.org https://maps.googleapis.com optimize.google.com stats.g.doubleclick.net *.ratatu.pl https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com https://www.clarity.ms https://bat.bing.com analytics.twitter.com widget.user.com https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://leads.sandboxbnpparibas.pl https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl widget.user.com https://api.ehoundplatform.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.google.com *.ratatu.pl https://9274211.fls.doubleclick.net data: 'self'; style-src https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net https://tagmanager.google.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com https://cdn.cookielaw.org https://maps.googleapis.com www.googleapis.com https://www.s.ytimg.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com www.google.com *.google.com *.ratatu.pl https://9274211.fls.doubleclick.net https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://optimize.google.com https://img.youtube.com https://*.bing.com https://www.facebook.com https://cdn.cookielaw.org https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net www.google.com bcp.crwdcntrl.net *.ratatu.pl https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net leads.sandboxbnpparibas.pl https://www.i1.ytimg.com bnp-paribas.user.com ads-twitter.com https://www.clarity.ms *.gstatic.com https://www.googleapis.com widget.user.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com https://ib.adnxs.com region1.google-analytics.com https://dot.wp.pl https://i.ytimg.com googleapis.com https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com https://*.clarity.ms https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com www.linkedin.com region1.analytics.google.com https://s1.2mdn.net https://bat.bing.com *.ggpht.com https://www.google.pl analytics.twitter.com https://sp.analytics.yahoo.com https://api.ehoundplatform.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://s-static.ak.facebook.com http://*.fls.doubleclick.net https://www.s-static.ak.facebook.com https://www.facebook.com stats.g.doubleclick.net https://platform.linkedin.com www.google.com static.ak.facebook.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl www.facebook.com *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com widget.user.com https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://optimize.google.com https://app.ehoundplatform.com https://cdn.cookielaw.org https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://platform.linkedin.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://www.google.com https://leads.sandboxbnpparibas.pl https://cse.google.com *.vimeo.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com https://partner.googleadservices.com https://www.clarity.ms www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://emplocity.com https://px.wp.pl splash-screen.net https://www.googleadservices.com https://www.s-static.ak.facebook.com https://www.splash-screen.net https://www.oauth.googleusercontent.com https://maps.googleapis.com https://www.s.ytimg.com https://ssl.google-analytics.com googleapis.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com https://cdn.jsdelivr.net clients1.google.com https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com https://leads.sanboxbnpparibas.pl http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bat.bing.com https://www.bnpparibas.pl https://www.google.pl analytics.twitter.com https://api.ehoundplatform.com https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com https://prospectleads.bnpparibas.pl www.platform.twitter.com https://www.apis.google.com 52.166.95.107 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl https://stats.g.doubleclick.net bnp-paribas.user.com https://cdn.cookielaw.org https://maps.googleapis.com https://bat.bing.com stats.g.doubleclick.net widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net *.ad.doubleclick.net *.google.com *.ratatu.pl https://9274211.fls.doubleclick.net https://www.youtube.com 52.166.95.107 'self'; connect-src https://emplocity.com https://v.clarity.ms https://www.splash-screen.net https://www.facebook.com https://cdn.cookielaw.org https://maps.googleapis.com region1.google-analytics.com stats.g.doubleclick.net https://app.userengage.com wss://bnp-paribas.user.com www.googletagmanager.com *.ratatu.pl https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com region1.analytics.google.com ads-twitter.com www.splash-screen.net https://www.clarity.ms https://bat.bing.com analytics.twitter.com https://www.google.pl widget.user.com https://y.clarity.ms https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net https://www.google-analytics.com qtank.salesmore.pl *.google.com https://csp.withgoogle.com 52.166.95.107 'self' 2
script-src 'self' https://connect.facebook.net https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://google.com https://google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://googleadservices.com https://googletagmanager.com https://gstatic.com https://www.snrcdn.net https://chat.pekao.com.pl https://chatvideo.pekao.com.pl https://vv.pekao.com.pl https://www.googleadservices.com https://public.tableau.com https://bat.bing.com https://ngcct.cn.in.pekao.com.pl https://platform.twitter.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; object-src 'none'; 2
default-src 'self'; script-src 'self' https://*.staging.skyra.no/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uxsignals-frontend.uxsignals.app.iterate.no *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no https://*.vergic.com https://*.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://region1.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vergic.com https://*.psplugin.com 'unsafe-inline'; connect-src 'self' https://*.skyra.no blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no https://*.boost.ai https://api.uxsignals.com https://chat.puzzel.com https://www.google-analytics.com https://region1.google-analytics.com https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com wss:;form-action 'self';font-src https://*.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com https://static2.sharepointonline.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no https://*.psplugin.com https://img.freepik.com/free-vector/businessman-character-avatar-isolated_24877-60111.jpg https://*.vergic.com data:; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.zerobounce.net/* https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/recaptcha__en.js https://www.googletagmanager.com/ https://script.tapfiliate.com/tapfiliate.js https://static.zdassets.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://www.calendly.com https://assets.calendly.com/assets/external/widget.js https://bat.bing.com/p/action/5725668.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://script.tapfiliate.com/tapfiliate.js https://static.zdassets.com/ekr/snippet.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://gtm.zerobounce.net/gtm.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js https://bat.bing.com/bat.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://static.zdassets.com/ekr/snippet.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://static.zdassets.com/web_widget/latest/web-widget-82496-589058dacc8ab84d7796.js https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com/iframe_api https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ru.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ro.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__hr.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en_gb.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__pl.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__hu.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__it.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-listjanitor-html-js-7f91fae646918536a529.js https://www.zerobounce.net/component---src-pages-integrations-sendinblue-html-js-7e025c6ada37a2858501.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-emailquickfix-html-js-8240bfa25f0164494358.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__de.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-sparkemail-html-js-8aa91f407b148af4bea8.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__tr.js https://static.zdassets.com/web_widget/latest/web-widget-lazy/web_widget-24755e48c6465f6effb4.js https://static.zdassets.com/web_widget/latest/web-widget-82496-589058dacc8ab84d7796.js https://static.zdassets.com/web_widget/latest/web-widget-39900-bad8471d2b7add37a93f.js https://static.zdassets.com/web_widget/latest/web-widget-chat-sdk-58987df92c8073e96c0f.js https://static.zdassets.com/web_widget/latest/web-widget-framework-c89f2cabb37233fdb333.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__zh_cn.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ar.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__es.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__nl.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__fr.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en_gb.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__es_419.j https://www.zerobounce.net/adlock/injections/script.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-verifalia-html-js-e27c0dc77f5c20492432.js https://www.zerobounce.net/component---src-pages-integrations-instapage-html-js-638cf3d53ceb90756ac6.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__zh_cn.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-listjoy-html-js-09caef132a2e710d8f6c.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-b-2-bsprout-html-js-ba11e5060a0612c6fdad.js https://www.zerobounce.net/component---src-pages-integrations-autopilot-html-js-e93bdd9cdcb782527d28.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__es.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__sl.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__pt_br.js https://www.zerobounce.net/assets/js/functions.js https://assets.calendly.com/assets/external/widget.js https://hcaptcha.com/1/api.js *; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://gtm.zerobounce.net/gtm.js https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com/analytics.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/* https://script.tapfiliate.com/tapfiliate.js *; connect-src 'self' https://bat.bing.com https://www.zerobounce.net/blog https://ekr.zdassets.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.zbapis.net https://zerobounce.zendesk.com wss://widget-mediator.zopim.com https://www.zerobounce.net *; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.calendly.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; frame-src 'self' https://calendly.com https://www.facebook.com https://www.google.com https://www.youtube.com https://competitivecomparisons.capterra.com https://competitivecomparisons.softwareadvice.com https://competitivecomparisons.getapp.com https://www.trustpilot.com https://widget.trustpilot.com https://streamyard.com https://i.zerobounce.net https://datainsights-cdn.dm.aws.gartner.com; worker-src 'self'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: https://zerobounce.net/* https://c.bing.co https://v2assets.zopim.io https://assets.calendly.com https://bat.bing.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.ro https://www.googletagmanager.com http://*.gravatar.com/avatar/ *; frame-ancestors 'self'; object-src 'self' https://www.zerobounce.net/docs/pdf/UK_Data_Processing_Agreement_Offline-08-24-22.pdf https://www.zerobounce.net/docs/assets/zb_data_processing_agreement-12-15-22.pdf; base-uri 'self'; report-uri https://zero.report-uri.com/r/t/csp/enforce; report-to default; 2
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com d32u6scf3pzwp7.cloudfront.net;frame-ancestors 'self' https://www.gifts.com;object-src 'self' https://www.gifts.com;upgrade-insecure-requests 2
frame-ancestors 'self' app.hubspot.com; 2
default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 2
frame-ancestors self googleads.g.doubleclick.net www.youtube.com propellerads.com 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.clarity.ms ncua.mpeasylink.com dap.digitalgov.gov ncua.mpeasylink.com *.google-analytics.com *.typekit.net *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.googletagmanager.com *.googletagmanager.com; img-src 'self' blob: data: *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.google-analytics.com *.typekit.net *.amazonaws.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self' s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com; connect-src 'self' x.clarity.ms performance.typekit.net *.google-analytics.com *.googletagmanager.com *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov; frame-src 'self' ncua.mpeasylink.com *.youtube.com 2
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src https://civi.digitalcourage.de https://digitalcourage.video https://streaming.media.ccc.de; frame-ancestors https://*.rc3.world https://*.rc3.cccv.de https://party.tabascoeye.de; 2
default-src 'none'; style-src 'self'; img-src 'self'; 2
default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 2
default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 2
frame-ancestors 'self' https://microapps.google.com/ 2
upgrade-insecure-requests;         default-src 'self'             https://*.canadalife.com;         connect-src 'self'             https://*.canadalife.com             https://*.greatwestlife.com             https://www.google-analytics.com             https://pdx-col.eum-appdynamics.com             https://greatwestlife.sc.omtrdc.net             https://dpm.demdex.net             https://maps.googleapis.com             https://greatwestlife.tt.omtrdc.net             https://*.fls.doubleclick.net             https://stats.g.doubleclick.net             https://*.qualtrics.com             https://*.tt.omtrdc.net             https://analytics.google.com              https://ct.pinterest.com             https://*.force.com             https://*.salesforce-sites.com             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://edge.adobedc.net             https://analytics.tiktok.com             https://*.onetrust.com             https://cdn.cookielaw.org             https://pagead2.googlesyndication.com;         script-src 'self' 'unsafe-eval';        script-src-attr 'unsafe-hashes'             'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4=';         script-src-elem 'self'             'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk='             'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM='             'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec='             'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY='             'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg='             'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA='             'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g='             'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs='             'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg='             'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340='             'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA='             'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ='             'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA='             'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM='             'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg='             'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA='             'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY='             'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM='             'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc='             'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg='             'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI='             'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4='             'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU='             'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ='             'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4='             'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg='             'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM='             'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ='             https://*.canadalife.com             https://assets.adobedtm.com             https://cdn.appdynamics.com             https://www.google-analytics.com/analytics.js             https://connect.facebook.net/en_US/fbevents.js             https://connect.facebook.net/signals/             https://*.qualtrics.com             https://dpm.demdex.net             https://ad.doubleclick.net             https://*.fls.doubleclick.net             https://snap.licdn.com             https://static.ads-twitter.com             https://analytics.twitter.com             https://px.ads.linkedin.com             https://secure.adnxs.com             https://maps.googleapis.com/maps/             https://maps.googleapis.com/maps-api-v3/             https://play.vidyard.com             https://p.adsymptotic.com             https://www.googletagmanager.com/gtag/             https://mboxedge35.tt.omtrdc.net             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://googleads.g.doubleclick.net             https://bat.bing.com/bat.js             https://bat.bing.com/p/action/11042675.js             https://bat.bing.com/p/insights/t/11042675             https://www.googleadservices.com             https://analytics.google.com             https://*.force.com             https://*.salesforce.com             https://*.salesforce-sites.com             https://*.salesforceliveagent.com             https://*.mouseflow.com             https://www.gstatic.com             https://www.google.com/recaptcha/enterprise.js             https://www.redditstatic.com/ads/pixel.js             https://analytics.tiktok.com             https://cdn.cookielaw.org;         style-src 'self' blob: 'unsafe-inline'             https://*.canadalife.com             https://*.vidyard.com             https://*.qualtrics.com             https://*.force.com             https://*.salesforce-sites.com             https://fonts.googleapis.com;         img-src 'self' data:             https://*.canadalife.com             https://*.ggpht.com             https://*.googleapis.com/             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net             https://www.facebook.com             https://*.qualtrics.com             https://cm.everesttech.net             https://*.fls.doubleclick.net             https://maps.googleapis.com             https://px.ads.linkedin.com             https://www.linkedin.com             https://ad.doubleclick.net             https://secure.adnxs.com             https://analytics.twitter.com             https://p.adsymptotic.com             https://adservice.google.com/ddm/             https://adservice.google.ca/ddm/             https://dpm.demdex.net             https://maps.gstatic.com             https://*.vidyard.com             https://*.qualtrics.com             https://www.google.ca/ads/             https://www.google.com/ads/             https://www.google-analytics.com             https://www.google.com/pagead/             https://www.google.ca/pagead/             https://www.googletagmanager.com             https://t.co             https://s.pinimg.com/ct/             https://ct.pinterest.com             https://bat.bing.com             https://*.force.com             https://*.salesforce-sites.com             https://ca-gmtdmp.mookie1.com             https://cdn.cookielaw.org             https://alb.reddit.com             https://www.redditstatic.com;         font-src 'self' data:             https://*.canadalife.com             https://fonts.googleapis.com             https://fonts.gstatic.com             https://*.qualtrics.com             https://*.vidyard.com;         frame-src 'self'             https://play.vidyard.com             https://*.qualtrics.com             https://www.youtube.com             https://www.pinterest.com             https://gwl.demdex.net             https://*.force.com             https://www.google.com             https://td.doubleclick.net             https://ct.pinterest.com;         child-src             https://*.canadalife.com             https://*.qualtrics.com             https://greatwestlife.sc.omtrdc.net             https://greatwestlife.tt.omtrdc.net;         object-src 'none';         base-uri 'none'; 2
frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;style-src-elem data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 2
frame-ancestors 'self' *.calsaws.net https://id-at.calsaws.net 2
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 2
default-src 'self' ; connect-src 'self' https://*.twimg.com https://*.twitter.com https://api.meetup.com https://s1259914507.t.eloqua.com; font-src 'self' https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.cms-twdigitalassets.com data:; frame-src 'self' https://twitter.com https://*.twitter.com https://www.gstatic.com https://www.google.com https://docs.google.com https://www.youtube.com https://glitch.com https://trello.com https://iframe.arkoselabs.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://twitter.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cms-twdigitalassets.com https://*.g.doubleclick.net https://www.google.com/pagead/1p-user-list/780419404/ https://maps.googleapis.com https://s1259914507.t.eloqua.com https://px.ads.linkedin.com https://p.adsymptotic.com/d/px https://maps.gstatic.com https://udc-neb.kampyle.com/ data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com; object-src 'self' ; script-src 'self' 'sha256-9G5TwxImuKFNB+uY9x5+mjMfXDSza+S1DEsjxK1xeWw=' https://*.twimg.com https://*.twitter.com https://www.gstatic.com https://www.google.com https://api.meetup.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://cdn.cms-twdigitalassets.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://cdn.cms-twdigitalassets.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self' 2
frame-ancestors 'self' https://service.valooto.com/; 2
frame-ancestors home.siberianhealth.com; 2
default-src wss://phantombuster.zendesk.com wss://*.zopim.com wss://*.hotjar.com wss://*.appcues.net wss://*.appcues.com wss://*.userpilot.io https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; frame-ancestors 'none' 2
frame-ancestors https://www.emaar.com; upgrade-insecure-requests; 2
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com; 2
frame-ancestors 'self' www.google.com www.izzi.mx www.wizz.mx www.wizzplus.mx www.izziflex.mx izzimovil.mx www.izzimovil.mx paypal.com u.mitec.com.mx web.izzidigital.mx script.crazyegg.com 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob: data:; child-src 'self' blob: players.brightcove.net; font-src 'self' blob: data: fonts.gstatic.com; frame-src 'self' players.brightcove.net siemens.demdex.net charts3.equitystory.com irpages2.eqs.com new.siemens.com *.usercentrics.eu; connect-src 'self' blob: data: *.ingest.sentry.io search.new.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net api.dc.siemens.com api.dc.siemens-energy.com searchapi.new.siemens.com assets.new.siemens.com assets.siemens-energy.com manifest.prod.boltdns.net edge.api.brightcove.com metrics.brightcove.com secure.brightcove.com *.media.brightcove.com *.akamaihd.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com w3.siemens.com privacyportal-eu.onetrust.com profiles.siemens.com dpm.demdex.net api.swarm.app tools.adlytics.net *.usercentrics.eu internal.gdwp-ggm.siemens-energy.net p3.aprimocdn.net; img-src 'self' data: android-webview-video-poster: blob: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com cf-images.eu-west-1.prod.boltdns.net siemens.sc.omtrdc.net siemens.tt.omtrdc.net img.en25.com images.response.siemens-info.com stats.adlytics.net assets.siemens-energy.com cookies.siemens-energy.com c.jabmo.app cm.everesttech.net www.gstatic.com dpm.demdex.net search.dc.siemens-energy.com press.siemens-energy.com www.google.com www.facebook.com *.usercentrics.eu secure.adnxs.com track.accountinsight.cloud ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com pixel.quantserve.com insight.adsrvr.org p3.aprimocdn.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com uct.service.usercentrics.eu; media-src 'self' data: android-webview-video-poster: blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com f12.cf.brightcove.com p3.aprimocdn.net; object-src players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com prod.ste.dc.siemens.com tools.adlytics.net geolocation.onetrust.com players.brightcove.net vjs.zencdn.net assets.adobedtm.com profiles.siemens.com img.en25.com cookies.siemens-energy.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.usercentrics.eu googleads.g.doubleclick.net s.kmtx.io adservice.google.com code.jquery.com static.siemens-energy.com protect-eu.mimecast.com cdn.siemens-web.com; style-src 'self' 'unsafe-inline' tools.adlytics.net profiles.siemens.com *.usercentrics.eu; report-uri https://o4504753513824256.ingest.sentry.io/api/4505998249885696/security/?sentry_key=7715b374f84de8d2bc8575092ce39ff6&sentry_environment=sites-prod&sentry_release=74dff0cf; 2
default-src 'self'; script-src 'self' js.stripe.com static.cloudflareinsights.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; frame-src js.stripe.com www.google.com; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval'  https:; worker-src 'self' blob:; child-src 'self' blob:;  style-src 'unsafe-inline' https:; 2
default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.youtube.com https://www.googleoptimize.com https://uimarketpro.com https://static-prod.uberall.com/ https://uberall.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://*.adform.net; connect-src 'self' https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://geolocation.onetrust.com https://pubsub.googleapis.com https://uberall.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: https://i.ytimg.com https://www.googletagmanager.com https://static-prod.uberall.com http://www.acens.com https://*.acens.com https://panel.acens.net https://cdn.cookielaw.org https://img.youtube.com https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://centrodedatos.com/ https://td.doubleclick.net/ https://www.google.com https://www.facebook.com/ https://www.youtube.com/; manifest-src 'self'; 2
frame-ancestors 'self' https://*.santander.pt 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: data: wss:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' *; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.viu.ca/ advisories.web.viu.ca/ *.heatmap.it/ *.newrelic.com/ *.nr-data.net/ *.google.com/ www.googletagmanager.com/ *.google-analytics.com/ www.googleadservices.com/ www.gstatic.com/ googleads.g.doubleclick.net/ static.ads-twitter.com/ analytics.twitter.com/ platform.twitter.com/ cdn.syndication.twimg.com/ connect.facebook.net/ s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js www.eventbrite.ca/ cdn.lightwidget.com/ www.youtube.com/ www.opentable.com/ *.hotjar.com/ www.socialintents.com/ e.issuu.com/ public.tableau.com/ bbox.blackbaudhosting.com/ www.librarything.com/ live-viu-technology.pantheonsite.io/ cdn.jsdelivr.net/gh/bramstein/ www.pagespeed-mod.com/ *.sharethis.com/ unpkg.com/tippy.js@6 unpkg.com/@popperjs/core@2 cdn.rawgit.com/bramstein/ static.addtoany.com/  https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@4.2.10/js/iframeResizer.min.js https://www.instagram.com/embed.js; img-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.beuth.de https://blickinsbuch.de/gateway/ https://*.blickinsbuch.de/gateway/ *.podigee-cdn.net *.etracker.com *.etracker.de *.ytimg.com *.hotjar.com *.soundcloud.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.youtube.com/iframe_api https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://code.jquery.com https://public.flourish.studio/resources/embed.js *.freshworks.com *.bing.com siteimproveanalytics.com https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.module.min.js; style-src 'self' 'unsafe-inline' *.podigee-cdn.net https://fonts.googleapis.com *.freshworks.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.freshdesk.com https://beuth.prudsys-rde.de https://*.hotjar.com https://stats.g.doubleclick.net https://*.hotjar.io *.etracker.de wss://*.hotjar.com *.freshworks.com *.openstreetmap.org *.friendlycaptcha.com; font-src 'self' *.podigee-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://*.blickinsbuch.de *.soundcloud.com *.podigee-cdn.net https://googleads.g.doubleclick.net https://*.hotjar.com *.google.com *.google.de *.youtube-nocookie.com *.youtube.com https://flo.uri.sh https://www.openstreetmap.org https://cdn.knightlab.com/; img-src * data:; frame-ancestors 'self' *.beuth.de *.din.de *.etracker.com; worker-src 'self' blob:; 2
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 2
frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2
frame-ancestors 'self'; report-uri https://scan.campusgroups.com/csp_reports; 2
frame-ancestors nuinvest.com.br *.nuinvest.com.br nubank.com.br *.nubank.com.br 2
base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 2
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com tagmanager.google.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.google.com js.stripe.com cdn.plaid.com maps.googleapis.com eu-cdn.walkme.com cdn.walkme.com eu-playerserver.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-GNTGX7BhgMv3AL+bv0bfF+5DVGhSrLhYL7AM7TSnAcY=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' 'sha256-zrkY8YxXr6/SilHSYKlWjWW9kOSQsVsrlGluj7eTzoc=' 'sha256-C1JoeFOby67/dRbyCdcT9jfKk3K2hJnqpQZ3LrmmGzs=' 'sha256-k6J1oE8SmewVpG2+marpuZHcoWF8GNDw9oPpqE2vKeI='; style-src track.easypost.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com assets.easypost.com www.gstatic.com eu-cdn.walkme.com cdn.walkme.com; img-src easypost-files.s3.us-west-2.amazonaws.com assets.easypost.com assets.track.easypost.com brand.easypostpartnercontent.com cdn.walkme.com d27zb0m07iyic6.cloudfront.net d2qhvajt3imc89.cloudfront.net d3sbxpiag177w8.cloudfront.net dzjsfasj4n94t.cloudfront.net data: ec.walkme.com eu-cdn.walkme.com eu-ec.walkme.com googleads.g.doubleclick.net q.stripe.com region1.analytics.google.com region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com support.easypost.com track.easypost.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com assets.ctfassets.net images.ctfassets.net videos.ctfassets.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://track.hubspot.com https://embedwistia-a.akamaihd.net; font-src data: assets.easypost.com track.easypost.com fonts.gstatic.com https://*.wistia.com; connect-src easypost-files.s3.us-west-2.amazonaws.com adservice.google.com api-canary.easypost.com api.easypost.com api.lever.co assets.easypost.com cdn.walkme.com ec.walkme.com eu-ec.walkme.com eu-papi.walkme.com eu-rapi.walkme.com https://www.google.com js.stripe.com maps.googleapis.com papi.walkme.com production.plaid.com rapi.walkme.com region1.analytics.google.com region1.google-analytics.com sentry.io track.easypost.com usps.easypost.com www-canary.easypost.com www.easypost.com www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.wistia.com https://embedwistia-a.akamaihd.net; worker-src assets.easypost.com www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com eu-cdn.walkme.com cdn.walkme.com js.stripe.com player.captivate.fm track.easypost.com tagmanager.google.com www.googletagmanager.com www.google.com www.youtube.com https://*.hsforms.com https://*.hsforms.net; media-src blob: assets.easypost.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' 2
script-src 'self' https://*.savana.cz 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src https:; object-src 'none' 2
frame-ancestors 'self' mycharttst.aurora.org mycharttstval.aurora.org livewell.aah.org; 2
frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 2
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 2
default-src 'self' assets.adobedtm.com; img-src * data:; font-src * data:; style-src 'self' 'unsafe-inline' data: s7e5a.scene7.com vestas.scene7.com fonts.googleapis.com; media-src s7e5a.scene7.com vestas.scene7.com s7mbrstream-g1.scene7.com *.spotify.com; frame-src policy.app.cookieinformation.com video.vestas.com newsroom.cision.com www.google.com www.video.vestas.com www.facebook.com cloud.marketing.vestas.com www.youtube.com www.arcgis.com vestas-english.newsroom.cision.com survey.extellio.com *.spotify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.app.cookieinformation.com script.e-space.se script.hotjar.com siteimproveanalytics.com snap.licdn.com static.hotjar.com www.googletagmanager.com www.google-analytics.com assets.adobedtm.com www.gstatic.com www.google.com sc.lfeeder.com connect.facebook.net s7e5a.scene7.com vestas.scene7.com maps.googleapis.com consent.app.cookieinformation.com region1.google-analytics.com www.youtube.com m.extellio.com script.extellio.com sfxway.com *.spotify.com; connect-src 'self' assets.adobedtm.com policy.app.cookieinformation.com publish.ne.cision.com cdn.linkedin.oribi.io vestas.tt.omtrdc.net in.hotjar.com www.google-analytics.com maps.googleapis.com s7e5a.scene7.com vestas.scene7.com consent.app.cookieinformation.com region1.google-analytics.com m.extellio.com s7mbrstream-g1.scene7.com; worker-src blob:; 2
upgrade-insecure-requests;connect-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io avplayer-cdn.akamaized.net 'unsafe-inline'; img-src data: 'self' siteimproveanalytics.com *.siteimproveanalytics.io; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com avplayer-cdn.akamaized.net audiovisual.ec.europa.eu; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://*.clarity.ms https://www.notifyvisitors.com https://static.ads-twitter.com https://www.linkedin.com https://web-in21.mxradon.com https://bat.bing.com http://*.googleadservices.com https://f1.leadsquaredcdn.com https://*.notifyvisitors.com wss://kotaksecurities-uat.allincall.in wss://*.notifyvisitors.com https://fonts.gstatic.com https://*.googleapis.com https://kotak9-securities-acc.allincall.in https://kotak-securities-acc.allincall.in https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://accounts.google.com https://kotaksecurities-uat.allincall.in https://kotak-securities-acc-uat.allincall.in https://*.doubleclick.net https://*.amazonaws.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.js https://*.cloudfront.net/Simplify360Chat.js https://www.youtube.com https://www.gstatic.com https://websdk.appsflyer.com 2
default-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://success.alkira.com/ https://unpkg.com/@lottiefiles/lottie-player@1.5.5/dist/lottie-player.js https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://assets.adoberesources.net https://documentcloud.adobe.com https://npmcdn.com/@reactivex/ https://nitropack.io/asset/js/ https://assets.calendly.com/assets/external/widget.js https://success.alkira.com/index.php/form/ https://www.google.com/recaptcha/api.js https://alkira.bamboohr.com/js/embed.js https://www.alkira.com/ https://www.google.com/pagead/conversion_async.js https://app-sj32.marketo.com/js/forms2/js/forms2.min.js https://app-sj32.marketo.com/index.php/ https://cdn-cmfkg.nitrocdn.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://tribl.io/h.js https://tribl.io/footer.js https://tribl.io/analytics.js https://js.driftt.com/include/ https://*.js.driftt.com/ https://js.driftt.com/conductor/ https://munchkin.marketo.net/ https://script.hotjar.com/ https://static.hotjar.com/c/ https://trk.techtarget.com/tracking.js https://ws.zoominfo.com/pixel/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.gstatic.com/recaptcha/releases/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' https://success.alkira.com/ https://*.typekit.net https://fonts.googleapis.com https://app-sj32.marketo.com https://cdn-cmfkg.nitrocdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://npmcdn.com/@reactivex/* https://my.yoast.com/api/ https://api2.amplitude.com/2/httpapi https://graphql.lottiefiles.com/2022-08 https://success.alkira.com/getCookie https://266-wjt-883.mktoutil.com/mktoutil/ https://nitropack.io/integration/ *.adobe.io wss://*.adobe.io https://*.hotjar.com/api/ wss://*.hotjar.com/api/ https://alkira.bamboohr.com/jobs/embed2.php https://vc.hotjar.io https://266-wjt-883.mktoresp.com https://in.hotjar.com https://stats.g.doubleclick.net https://to.getnitropack.com https://www.google-analytics.com https://cdn-cmfkg.nitrocdn.com/; font-src data: 'self' https://cdn-cmfkg.nitrocdn.com https://*.typekit.net https://static2.lottiefiles.com/fonts/avertastd-regular-webfont.woff2 https://static2.lottiefiles.com/fonts/avertastd-bold-webfont.woff2 https://static2.lottiefiles.com/fonts/avertastd-semibold-webfont.woff2 https://static2.lottiefiles.com/fonts/avertastd-extrabold-webfont.woff2 https://fonts.gstatic.com; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://capture.navattic.com/ https://documentcloud.adobe.com  https://*.js.driftt.com/ https://packetpushers.net/ https://share.transistor.fm/ https://success.alkira.com/ https://www.youtube.com/ https://app-sj32.marketo.com https://bid.g.doubleclick.net https://js.driftt.com https://vars.hotjar.com https://www.google.com https://calendly.com/alkira/30mindemo; img-src 'self' data: https://px.ads.linkedin.com/collect https://nitropack.io/asset/ https://assets.adoberesources.net https://lh3.googleusercontent.com https://www.googletagmanager.com/ https://alkira.com/wp-content/ https://resources.bamboohr.com/images/ https://tribl.io/_t.gif https://secure.gravatar.com https://apt.techtarget.com https://cdn-cmfkg.nitrocdn.com https://img.youtube.com https://www.google-analytics.com https://www.google.com https://www.google.com.pk https://i.ytimg.com/; manifest-src 'self'; media-src 'self' https://*.js.driftt.com/conductor/assets/media/ https://js.driftt.com/conductor/assets/media/; 2
frame-ancestors www.googletagmanager.com; 2
default-src 'self' *; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' *; font-src 'self' * data:; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; base-uri 'self'; form-action 'self' *; report-to default 2
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 2
frame-ancestors 'self' https://*.e-conomic.com https://*.secure.e-conomic.com http://localhost:3000; 2
frame-ancestors 'self'; report-uri /__csp-report 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 2
default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com; connect-src 'self' https://bcdn.screen9.com https://h61q9gi9.api.sanity.io https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://eac.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://h61q9gi9.api.sanity.io http://localhost:3333; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 2
default-src *.crazyegg.com https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' *.crazyegg.com https://crossway.my.salesforce.com; style-src 'unsafe-inline' https: *.crazyegg.com; font-src https: data:; media-src http: https:; img-src http: https: data: *.crazyegg.com 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://www.googletagmanager.com 'sha256-Dx27nJacTJnwhtDLRsHGASB9VX+OjI0kkwC4KqW9uWE=' 'sha256-Uat8f2TlJaGiTp3+3JnDx/qOYFdPOSX6IcGnbcsktag=' https://widget.netigate.se https://widget-api.netigate.se https://widgetapi-stage.netigate.se https://netigate.se https://devwidgetstatic.z6.web.core.windows.net; frame-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://s20.video-stream-hosting.de https://start.video-stream-hosting.de; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com https://cdn.cookielaw.org 2
report-uri /csp-report.php; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com; connect-src 'self' *.analytics.google.com *.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
default-src *.crazyegg.com https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https: *.crazyegg.com; style-src 'unsafe-inline' https: *.crazyegg.com; font-src https: data:; media-src http: https:; img-src http: https: data: *.crazyegg.com 2
upgrade-insecure-requests; default-src blob: 'self' 'unsafe-inline' *.twitter.com *.chilipiper.com *.adswizz.com *.nitropack.io *.nitrocdn.com *.getnitropack.com bugcrowd.com assets.bugcrowdusercontent.com *.crazyegg.com; img-src 'self' *.nivaai.com *.google.com *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googletagmanager.com *.adswizz.com *.reddit.com *.nitropack.io *.nitrocdn.com data: *.adroll.com d.adroll.mgr.consensu.org eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com *.linkedin.com pixel.advertising.com snap.licdn.com sync.outbrain.com *.taboola.com ads.yahoo.com *.facebook.com idsync.rlcdn.com *.adsrvr.org dpm.demdex.net tags.bluekai.com pixel.tapad.com *.agkn.com pixel.rubiconproject.com *.adnxs.com uipglob.semasio.net *.pubmatic.com *.addthis.com s.thebrighttag.com x.bidswitch.net *.exelator.com ads.scorecardresearch.com ups.analytics.yahoo.com *.krxd.net sync.mathtag.com dsum-sec.casalemedia.com *.doubleclick.net match.sharethrough.com tribl.io s3.amazonaws.com a.remarketstats.com a.clickcertain.com *.crazyegg.com avatars0.githubusercontent.com * https://cdn-igcff.nitrocdn.com/; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' *.nivaai.com nitropack.io *.chilipiper.com *.clarity.ms *.adswizz.com *.redditstatic.com *.getnitropack.com *.nitropack.io *.nitrocdn.com *.buzzsprout.com *.soundcloud.com *.clickagy.com *.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com *.linkedin.com pixel.advertising.com pixel.rubiconproject.com *.pubmatic.com sync.outbrain.com *.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net ajax.googleapis.com *.steelhousemedia.com *.adsrvr.org *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 *.pathmonk.com *.hsleadflows.net bugcrowd.com assets.bugcrowdusercontent.com fast.wistia.net player.vimeo.com accellion.widget.insent.ai cdn.syndication.twimg.com *.twitter.com tribl.io *.influ2.com *.omappapi.com a.remarketstats.com a.clickcertain.com *.crazyegg.com *.cisostreet.com *.akamaihd.net *.zi-scripts.com *.zoominfo.com *.intercomcdn.com *.wistia.com *.hsforms.com *.doubleclick.net *.hs-scripts.com *.datadome.co js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net pixel.dealtale.io snap.licdn.com *.rightmessage.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.youtube.com *.gstatic.com *.dealtale.com *.googleadservices.com https://cdn-igcff.nitrocdn.com/ https://nitroscripts.com/; font-src *.getnitropack.com *.nitropack.io *.nitrocdn.com *.omappapi.com *.wistia.com fonts.gstatic.com 'self' data: js.intercomcdn.com https://cdn-igcff.nitrocdn.com/; style-src 'self' 'unsafe-inline' *.chilipiper.com *.googletagmanager.com *.google.com *.googleapis.com *.getnitropack.com *.nitropack.io *.nitrocdn.com *.pathmonk.com accellion.widget.insent.ai tribl.io *.twimg.com *.twitter.com *.omappapi.com *.crazyegg.com fonts.googleapis.com blob: 'unsafe-eval' https://cdn-igcff.nitrocdn.com/; connect-src *.nivaai.com nitropack.io *.clarity.ms *.chilipiper.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google.com *.g.doubleclick.net *.googletagmanager.com *.analytics.google.com *.google-analytics.com accellion.widget.insent.ai cdn.linkedin.oribi.io *.getnitropack.com *.nitropack.io *.nitrocdn.com *.clickagy.com *.pathmonk.com *.hubspot.com tribl.io *.zi-scripts.com *.zoominfo.com *.influ2.com *.omappapi.com *.crazyegg.com api.glitch.com *.hsforms.com *.akamaihd.net *.rightmessage.com 'self' *.litix.io *.intercom.io *.datadome.co *.hubapi.com *.wistia.com *.dealtale.com *.doubleclick.net wss://nexus-websocket-a.intercom.io rmbutterfly.com https://cdn-igcff.nitrocdn.com/ https://to.getnitropack.com/; frame-src 'self' blob: 'unsafe-inline' *.chilipiper.com clarity.microsoft.com *.clickagy.com *.nitropack.io *.nitrocdn.com *.getnitropack.com data: *.buzzsprout.com *.soundcloud.com *.youtube.com *.pathmonk.com bugcrowd.com assets.bugcrowdusercontent.com fast.wistia.net *.wistia.com accellion.widget.insent.ai tribl.io *.twitter.com a.remarketstats.com a.clickcertain.com *.crazyegg.com *.hsforms.com *.doubleclick.net; media-src 'self' *.twitter.com updates.themepunch.tools *.nitropack.io *.nitrocdn.com *.getnitropack.com *.pathmonk.com *.wistia.com *.intercomcdn.com *.w.org *.wistia.net *.akamaihd.net blob: data:; child-src blob:; worker-src blob: 'self' 'unsafe-inline' *.nitropack.io *.getnitropack.com *.nitrocdn.com https://cdn-igcff.nitrocdn.com/ 2
default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 2
frame-ancestors https://engage.bruker.com https://tongji.baidu.com self; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' http://www.instagram.com/ https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com https://va.ecitizen.gov.sg http://assets.adobedtm.com *.demdex.net http://wogadobeanalytics.sc.omtrdc.net http://va.ecitizen.gov.sg https://www.google.com https://s3-us-west-2.amazonaws.com http://fonts.googleapis.com http://ajax.googleapis.com https://fonts.gstatic.com cm.everesttech.net http://fast.wogaa.demdex.net https://tools.onemap.sg https://www.gstatic.com https://forms.cwp.gov.sg https://www.google-analytics.com wogadobeanalytics.sc.omtrdc.net https://assets.juicer.io https://connect.facebook.net https://www.facebook.com https://www.juicer.io https://graph.facebook.com https://static.juicer.io https://i.imgur.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://external.xx.fbcdn.net https://twitter.com https://wogaa.demdex.net https://www.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.onemap.sg http://www.moh.gov.sg http://www.youtube.com https://www.youtube.com https://static.pigeonhole.at https://pigeonhole.at form.gov.sg https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com.sg *.hotjar.com:* *.hotjar.io wss://*.hotjar.com https://*.wogaa.sg assets.adobedtm.com https://youtu.be https://*.arcgis.com https://assets.dcube.cloud https://staging-dot-mol-cp-moh-1.df.r.appspot.com/ https://mol-cp-moh-1.web.app;frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 2
frame-ancestors *.wizard101.com *.pirate101.com 2
always 2
frame-ancestors *; default-src 'self'; frame-src 'self' unicaja.webfg.com unicaja-uat.webfg.com www.liberbank.es www.tarjetaplaystation.com univia.unicaja.es univiapru.unicaja.es hola.unicajabanco.es 8020496.fls.doubleclick.net www.youtube.com www.google.com asp.quefondos.com unicajabanco-backend.flumotion.com player.vimeo.com www.facebook.com track.adform.net vars.hotjar.com optimize.google.com; media-src *; img-src 'self' *.contentsquare.net data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com www.gstatic.com 8020496.fls.doubleclick.net www.unicajabanco.es www.youtube.com www.google.com www.google-analytics.com maps.googleapis.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.unicajabanco.com unicaja-prod.adobecqms.net chat.kommunicate.io *.adform.net *.googletagmanager.com cdnjs.cloudflare.com widget.kommunicate.io www.unicajabanco.es.seg.js www.unicajabanco.com.seg.js cdn.kommunicate.io cdn.applozic.com cdn.cookielaw.org uimarketpro.com asp.quefondos.com storage.googleapis.com static.hotjar.com script.hotjar.com www.googleoptimize.com optimize.google.com tagmanager.google.com hercial-thurch.com t.contentsquare.net app.contentsquare.com; child-src blob:; worker-src blob:; style-src * 'unsafe-inline'; font-src *; connect-src 'self' *.contentsquare.net blob: data: * 2
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 2
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://adservice.google.co.il https://adservice.google.com https://bravo.israelinfo.co.il https://google-analytics.com https://partner.googleadservices.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://www.google-analytics.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com fonts.googleapis.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 2
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/violation; 2
frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 2
default-src 'self' gso.amocrm.com gso.kommo.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://assets.calendly.com https://platform.twitter.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://my.hellobar.com https://www.google-analytics.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com https://assets.calendly.com https://cdn.jsdelivr.net q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com gso.amocrm.com gso.kommo.com connect.facebook.net; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.kommo.com chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl; worker-src blob:; object-src 'none'; font-src 'self' data: q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.kommo.com https://*.amocrm.com https://seal.godaddy.com https://px.ads.linkedin.com https://partnersus.s3.amazonaws.com https://partnersus-test.s3.eu-west-1.amazonaws.com https://amocrm.com https://kommo.com https://giphy.com https://*.giphy.com https://pbs.twimg.com https://i.ytimg.com https://www.statista.com https://syndication.twitter.com https://bat.bing.com q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://i.postimg.cc https://widgets.amocrm.com https://widgets.kommo.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md; media-src 'self' q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com; frame-src 'self' www.facebook.com socialplugin.facebook.net www.googletagmanager.com forms.amocrm.com forms.kommo.com calendly.com platform.twitter.com d562488024744908ac9e9fa9d3112067.pages.ubembed.com giphy.com td.doubleclick.net piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com button.kommo.com button.amocrm.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.kommo.com https://cdn.linkedin.oribi.io https://connect.ok.ru https://appbroker.amostage.com https://appbroker.amocrm.com https://pagead2.googlesyndication.com gso.amocrm.com gso.kommo.com lc-en.amocrm.com lc-en.kommo.com https://pro.ip-api.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md; base-uri 'self'; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.applicationinsights.microsoft.com *.doubleclick.net *.facebook.com *.facebook.net *.instagram.com *.tiktok.com lf16-tiktok-web.ttwstatic.com *.fonts.com *.fonts.net *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jsdelivr.net *.moatads.com *.penguin.co.nz *.penguin.com.au *.recaptcha.net *.ubembed.com *.youtube.com *.klaviyo.com *.static.klaviyo.com az416426.vo.msecnd.net dc.services.visualstudio.com penguin-random-house.involve.me rt.services.visualstudio.com secure-ds.serving-sys.com *.typeform.com; object-src 'none'; img-src 'self' https: data:; upgrade-insecure-requests; report-uri https://penguin.report-uri.com/r/d/csp/enforce 2
frame-src 'self' *.adyen.com *.braintreegateway.com *.paypal.com *.salesforce.com *.doubleclick.net *.api.useinsider.com *.adsrvr.org https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://embed.acast.com;object-src 'none' 2
report-uri https://o71799.ingest.sentry.io/api/6273697/security/?sentry_key=30207946c3414d4295b4280d5610f6f9; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: knotch.com *.knotch.com knotch-cdn.com *.knotch-cdn.com pactsafe.io *.pactsafe.io prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io ironclad.partner-experience.com *.yoast.com *.algolianet.com *.algolia.net *.spotify.com *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.mutinycdn.com *.litix.io *.tryinteract.com *.knotch.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: www.knotch-cdn.com *.knotch-cdn.com yoast.com *.yoast.com prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io *.spotify.com *.cloudfront.net *.pactsafe.io *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com; img-src 'self' blob: data: wss: *.addevent.com *.spotify.com *.akamaihd.net *.cloudfront.net *.pactsafe.io ironcladapp.com *.storylane.io *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it; font-src 'self' wss: blob: data: *.transcend.io *.mutinycdn.com ipinfo.io ironcladapp.com *.ironcladapp.com *.storylane.io *.wpengine.com *.wpenginepowered.com *.wistia.net *.wistia.com *.gstatic.com *.tryinteract.com fast.wistia.net; media-src 'self' blob: data: wss: *.transcend.io ironcladapp.com *.ironcladapp.com *.wpengine.com ipinfo.io *.wpenginepowered.com *.storylane.io *.mutinycdn.com *.litix.io *.tryinteract.com *.wistia.com fast.wistia.net; frame-ancestors *.wistia.net *.wistia.com; 2
upgrade-insecure-requests; frame-ancestors 'self' *.ibercajadirecto.com *.ibercaja.es; 2
script-src 'self' https://2checkout.com http://* https://*  'unsafe-inline' 'report-sample' disqus.com c.disquscdn.com platform.instagram.com cdnjs.cloudflare.com z.moatads.com tpcf.feedify.net cdn.feedify.net feedify.net www.google.com/ www.gstatic.com/ call.chatra.io code.jquery.com cdn.amcharts.com code.highcharts.com kenwheeler.github.io cdn.jsdelivr.net a.disquscdn.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com gist.github.com/ScottHelme/ static.cloudflareinsights.com js.stripe.com https://unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' 'report-sample' c.disquscdn.com a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.feedify.net feedify.net kenwheeler.github.io platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: www.gravatar.com cdn.feedify.net feedify.net links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com www.google-analytics.com stripe.com/ 2checkout.com/; frame-ancestors 'none'; report-uri https://cdn.feedify.net.report-uri.com/r/d/csp/enforce; report-to default 2
object-src 'none'; script-src 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 2
default-src  'self' 'unsafe-inline' 'unsafe-eval' data: wss://*.corezoid.com/ws wss://ws.corezoid.com https://snap.licdn.com https://connect.facebook.net https://*.facebook.com https://simulator.company https://*.simulator.company https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.control.events https://fonts.gstatic.com https://*.corezoid.com https://*.google.com/ https://accounts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://www.youtube-nocookie.com https://www.youtube.com/embed/ https://checkout.stripe.com https://b.stripecdn.com https://q.stripe.com https://*.doubleclick.net https://widget.sender.mobi https://www.googletagmanager.com https://*.hotjar.com https://*.polyfill.io https://*.gstatic.com https://www.googleadservices.com https://www.google.com.ua https://*.hotjar.com https://admin.corezoid.com https://widget.sender.mobi https://*.gravatar.com wss://ws.corezoid.com https://*.sharethis.com https://widget.control.events 2
default-src 'self' https://spaceship-cdn.com; connect-src 'self' https://spaceship-cdn.com https://s3.us-west-2.amazonaws.com/production-pdf-generation-api-pdf-documents/ https://s3.us-west-2.amazonaws.com/production-website-featurerequesthub-storage/ https://production-hosting-cpaneltransferin-bff-storage.s3.us-west-2.amazonaws.com/ https://premiums.namecheapapi.com https://aftermarket.namecheapapi.com https://api.revved.com https://bam.nr-data.net wss://notification.www.spaceship.com wss://domains-ws.revved.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com wss://www.spaceship.com https://*.crazyegg.com https://chat.engagement.ai https://sb-asp-admin.et.namecheap.tech wss://sb-asp-admin.et.namecheap.tech https://api.stripe.com https://maps.googleapis.com; script-src https://spaceship-cdn.com https://*.paypal.com https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://*.crazyegg.com https://cdn.engagement.ai https://maps.googleapis.com https://challenges.cloudflare.com; style-src https://spaceship-cdn.com 'unsafe-inline' https://*.crazyegg.com; font-src https://spaceship-cdn.com https://fonts.googleapis.com data:; frame-src https://*.paypal.com https://js.stripe.com https://www.google.com https://*.doubleclick.net https://*.crazyegg.com https://chat.engagement.ai blob: https://hooks.stripe.com https://challenges.cloudflare.com; img-src 'self' https://spaceship-cdn.com https://*.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://bam.nr-data.net data: https://*.crazyegg.com https://api.producthunt.com; worker-src blob:; report-uri /report/csp-violation 2
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufel.de zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 2
frame-ancestors 'self' *.telekurier.at; 2
default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 2
default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 2
frame-ancestors www.priceless.com; 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.europe-west1.firebasedatabase.app https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.google.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com *.doubleclick.net https://connect.facebook.net https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://*.onetrust.com;connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk https://*.sndcdn.com; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com https://*.typekit.net https://*.nts.live; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://*.google.com *.doubleclick.net *.firebaseapp.com https://js.stripe.com *.paypal.com https://www.paypalobjects.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.cloudfront.net *.idomoo.com *.queue-it.net *.mopinion.com *.piwikpro.com siteimproveanalytics.com *.siteimproveanalytics.com *.googleadservices.com *.cdn-0.d41.co *.w9shetvlr6.d41.co *.vattenfall.nl tdn.r42tag.com admin.relay42.com w.usabilla.com api.usabilla.com www.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com dl.episerver.net www.youtube.com az416426.vo.msecnd.net opt.objecttiveportal.com web.telemetric.dk vattenfalltesting.24sessions.com connect.facebook.net img06.en25.com r2eu01.visualwebsiteoptimizer.com dc.services.visualstudio.com t.svtrd.com businessspecificapimanglobal.azure-api.ne googleads.g.doubleclick.net cep-api.vattenfall.com td.doubleclick.net googleadservices.com *.bing.com *.lt45.net snap.licdn.com *.visualwebsiteoptimizer.com *.google.com *.google.co.uk pingvp.com *.pingvp.com *.clarity.ms; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com datawrapper.dwcdn.net *.dwcdn.net *.bbvms.com *.idomoo.com *.zonatlas.nl *.spotify.com *.cloudfront.net *.queue-it.net *.vattenfall.nl tdn.r42tag.com admin.relay42.com w.usabilla.com api.usabilla.com www.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com dl.episerver.net www.youtube.com az416426.vo.msecnd.net opt.objecttiveportal.com web.telemetric.dk vattenfalltesting.24sessions.com connect.facebook.net img06.en25.com r2eu01.visualwebsiteoptimizer.com dc.services.visualstudio.com t.svtrd.com businessspecificapimanglobal.azure-api.ne googleads.g.doubleclick.net cep-api.vattenfall.com td.doubleclick.net googleadservices.com *.cdn-0.d41.co *.w9shetvlr6.d41.co *.bing.com *.lt45.net snap.licdn.com *.visualwebsiteoptimizer.com *.google.com *.google.co.uk pingvp.com *.pingvp.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.bing.com *.idomoo.com *.queue-it.net *.vattenfall.nl tdn.r42tag.com admin.relay42.com w.usabilla.com api.usabilla.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com dl.episerver.net *.youtube.com az416426.vo.msecnd.net opt.objecttiveportal.com web.telemetric.dk vattenfalltesting.24sessions.com connect.facebook.net img06.en25.com r2eu01.visualwebsiteoptimizer.com dc.services.visualstudio.com t.svtrd.com businessspecificapimanglobal.azure-api.ne googleads.g.doubleclick.net cep-api.vattenfall.com td.doubleclick.net googleadservices.com *.cdn-0.d41.co *.w9shetvlr6.d41.co *.bing.com *.lt45.net snap.licdn.com *.visualwebsiteoptimizer.com *.google.nl *.google.com *.google.co.uk pingvp.com *.pingvp.com; style-src 'self' 'unsafe-inline' *.googlesyndication.com *.vattenfall.nl *.idomoo.com *.cloudfront.net opt.objecttiveportal.com web.telemetric.dk vattenfalltesting.24sessions.com connect.facebook.net img06.en25.com r2eu01.visualwebsiteoptimizer.com dc.services.visualstudio.com t.svtrd.com businessspecificapimanglobal.azure-api.ne googleads.g.doubleclick.net cep-api.vattenfall.com td.doubleclick.net googleadservices.com *.cdn-0.d41.co *.w9shetvlr6.d41.co *.bing.com *.lt45.net snap.licdn.com *.googleapis.com *.gstatic.com dl.episerver.net pingvp.com *.pingvp.com; img-src 'self' *.googlesyndication.com *.vattenfall.nl *.google.nl *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.linkedin.com tdn.r42tag.com admin.relay42.com cm.g.doubleclick.net ad.doubleclick.net *.piwikpro.com *.facebook.com *.clarity.ms *.bing.com *.svtrd.com *.cloudfront.net w.usabilla.com opt.objecttiveportal.com web.telemetric.dk vattenfalltesting.24sessions.com connect.facebook.net img06.en25.com r2eu01.visualwebsiteoptimizer.com dc.services.visualstudio.com t.svtrd.com businessspecificapimanglobal.azure-api.ne googleads.g.doubleclick.net cep-api.vattenfall.com td.doubleclick.net googleadservices.com *.cdn-0.d41.co *.w9shetvlr6.d41.co *.bing.com *.lt45.net snap.licdn.com *.visualwebsiteoptimizer.com *.google.com *.google.co.uk *.googleapis.com *.gstatic.com dl.episerver.net pingvp.com *.pingvp.com *.openstreetmap.org data:; font-src 'self' *.googlesyndication.com *.vattenfall.nl *.googleapis.com *.gstatic.com dl.episerver.net pingvp.com *.pingvp.com data:; frame-ancestors 'self' *.vattenfall.nl pingvp.com *.pingvp.com; worker-src 'self' *.googlesyndication.com *.vattenfall.nl *.visualwebsiteoptimizer.com dl.episerver.net blob:; block-all-mixed-content 2
default-src 'self'; connect-src 'self' piwik.itzbund.de cldf-wzw-od.r53.cdn.tv1.eu; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.materna.de *.cdninstagram.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.twitter.com *.instagram.com *.cdninstagram.com *.youtube-nocookie.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.twitter.com *.cdninstagram.com *.youtube-nocookie.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' *.force.com *.salesforce.com; 2
frame-src 'self' *; object-src 'self' 2
frame-src my.walls.io google.com *.google.com www.nobelbiocare.com *.fls.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com oc-cdn-ocprod.azureedge.net *.qualtrics.com td.doubleclick.net; frame-ancestors www.nobelbiocare.com nobel.metamark-dev.com *.metamark-dev.com; report-uri /report-csp-violation 2
script-src blob: https://*.virginplus.ca https://*.vpc.ca https://*.bell.ca https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://www.googletagmanager.com https://assets.adobedtm.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://solutions.invocacdn.com https://*.google-analytics.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.licdn.com https://sc-static.net https://virgin.know-where.com https://maps.googleapis.com https://bellmaps.korem.com https://*.ss-omtrdc.net https://*.invoca.net https://*.tiktok.com https://*.bing.com https://*.googleadservices.com https://*.clarity.ms https://*.schemaapp.com https://*.medallia.ca https://*.googlesyndication.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.acuityplatform.com https://*.stackadapt.com https://*.outbrain.com https://*.adnxs.com https://*.cluep.com https://*.snapchat.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; frame-ancestors *.bell.ca *.virginplus.ca *.vpc.ca; object-src https://*.virginplus.ca; 2
upgrade-insecure-requests; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: matomo-kb.finalist.nl; object-src 'none'; base-uri 'none'; 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com streamstudio.world-television.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 2
connect-src 'self' wss://app.bitgo.com bitgo.com openpgpkey.bitgo.com *.bitgo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com *.hsforms.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com *.g.doubleclick.net fonts.googleapis.com https://analytics.google.com; font-src 'self'; frame-ancestors 'self'; frame-src *.stripe.com withpersona.com *.googletagmanager.com *.google.com; img-src 'self' data: *.bitgo.com images.ctfassets.net *.google-analytics.com *.googletagmanager.com *.hubspot.com *.google.co.in *.google.com https://googleads.g.doubleclick.net; object-src 'none'; script-src 'self' 'sha256-o8/B65mp14vE/VisCbscLi6ul0GpbWzTwGGaaAKZ+R4=' 'sha256-RFUWCuJ8HHZfIBqtGaY7HV9yURmuodvcW0LVth+LEcg=' 'sha256-/JheBQo8zngg+5vHRIX/QNvr1ByByfgi9QCQnAbks6c=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-Jr+UYZNi4mC3eaOrVHrSWKrnFJsbd2Z2H6kC8y1KnPc=' 'sha256-gfxaZBtLG6iJhfVf6Dp9ppzDuR7XyfVLGuHv1QCDSbw=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-f4b7rBPvi31A16IdFzFJ0WLjQhPQTVnBawkEVn1oJ8w=' 'sha256-HOOdAB25XoL5GyreygJQ8OZ7hg5xF60xZIgtJS0rt+s=' 'sha256-NMfoNGOY8cJIkH8JBZOZ+/t2PXUfgxzx565/Lsi53pU=' 'wasm-unsafe-eval' *.googletagmanager.com *.stripe.com *.google-analytics.com *.bitgo.com *.hs-scripts.com *.gstatic.com *.google.com *.google.co.in *.googleadservices.com *.licdn.com *.cookielaw.org *.hs-analytics.net *.hs-banner.com https://analytics.google.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob; 2
frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 2
script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 2
frame-ancestors 'self' https://dbrand.sanity.studio 2
policy-uri /'self' 2
frame-ancestors 'self' https://next-henkel-adhesives-com.ref.web.raqn.io https://next.henkel-adhesives.com 2
default-src data: https: 'unsafe-inline' 2
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 2
default-src 'self' ; prefetch-src https://entel-cl.notificaciones-web.com https://www.notificaciones.entelofertas.cl *.entel.cl *.cookielaw.org *.googletagmanager.com https://www.barilliance.net ; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.entel.cl *.ampproject.org *.cliengo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.adnxs.com *.doubleclick.net *.rfihub.com *.digitalbeat.cl *.vimeo.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.qualtrics.com *.cloudfront.net *.google-analytics.com *.youtube.com https://cdn.cookielaw.org/ https://api.onesignal.com https://ws01.a365.com.pe:5443 https://ad.soicos.com https://api.instanda.us https://widget.ocularsolution.com https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://entel.sistemaimpulsa.com https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://ds-aksb-a.akamaihd.net/aksb.min.js https://front.optimonk.com/public/122144/js/preload.js https://gs-cdn.optimonk.com/jfclientsdk/latest/jfclientsdk.min.js https://hit.uptrendsdata.com/rum.min.js https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://unpkg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://entel.sistemaimpulsa.com/catchform-oportunidades.js https://js.hs-analytics.net/ https://js.hs-banner.com/6758175.js https://js.hs-scripts.com/6758175.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://prism.app-us1.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://track.neianalytics.com/piwik.js https://trackcmp.net/t_prism_sitemessages.php https://www.googleadservices.com https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net/ https://snap.licdn.com/ https://www.gstatic.com https://smtpjs.com/v3/smtp.js https://polyfill.io/v3/polyfill.min.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/releases/v5.0.6/js/all.js https://www.google-analytics.com/analytics.js https://embedded-files.tryadviser.com https://cloudfront.barilliance.com/entel.cl https://cloudfront.barilliance.com/entel.cl/cbar.js.php https://www.barilliance.net https://static.barilliance.com/web-push/service-worker.js https://assets.videsk.io https://api.telegram.org https://www.google.cl http://js.hsforms.net/forms/v2.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://hcaptcha.com *.ocularsolution.com *.run.app https://header-menu-widget-bundle-zz66vo2nua-tl.a.run.app/bundle.js https://www.googleoptimize.com/optimize.js https://cdn.alive.haus/ https://api-events.alive.haus/ https://www.liveentel.cl/ https://site.golive.haus/ https://*.maze.co/ https://tags.tiqcdn.com/libs/tealiumjs/latest/tealium_collect.min.js https://tags.tiqcdn.com/shared/tms/ *.bing.com ; style-src 'unsafe-inline' 'report-sample' 'self' *.digitalbeat.cl *.google.com *.entel.cl *.en.tel *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://embedded-files.tryadviser.com https://assets.videsk.io *.ocularsolution.com https://www.barilliance.net https://*.maze.co/ *.bing.com ; font-src 'self' 'unsafe-inline' data: *.entel.cl *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://*.maze.co/ ; object-src 'self' ; base-uri 'self' ; connect-src 'self' *.googleapis.com *.entel.cl *.digitalbeat.cl *.google.com *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net *.rfihub.com *.zendesk.com *.en.tel *.onetrust.com https://notifications-icommkt.com https://track-icommkt.com https://connect.facebook.net https://graph.instagram.com/ wss://olivia-bff-web-production.coffeew.net https://api.onesignal.com https://entel.sistemaimpulsa.com https://api.hsforms.com https://ws01.a365.com.pe:5443 *.googletagmanager.com https://api.instanda.us https://content-sheets.googleapis.com https://corsanywhereentel.herokuapp.com https://corsanywhereentel-dot-entel-vm-md-run.rj.r.appspot.com https://entel-vm-md-ct.rj.r.appspot.com/ https://front.optimonk.com https://hit.uptrendsdata.com https://jfapiprod.optimonk.com https://n2.mouseflow.com https://54.94.191.152 *.qualtrics.com *.google-analytics.com https://api.hubapi.com https://entel-flujo-unificado-logs-prd.herokuapp.com https://entel-texting2.herokuapp.com https://forms.hubspot.com https://hooks.zapier.com http://200.27.23.102/Test_WF_ENTEL6/WebServices/WorkflowEngineSOA.asmx https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net https://cdn.ampproject.org https://gcs-storage.airavirtual.com https://track-icommkt.com https://portal.cci-entel.cl https://eccnetserver.entelcallcenter.cl https://vssnippets-deployer-dot-entel-vm-md.uc.r.appspot.com/ https://vssnippets-deployer-dot-entel-vm-md-run.uc.r.appspot.com/ https://cdn.cookielaw.org/ https://api.videsk.io wss://api.videsk.io https://api.telegram.org https://www.google.cl https://api.hubapi.com https://forms.hsforms.com https://forms.hubspot.com https://us-central1-entel-vm-md-run.cloudfunctions.net/ *.ocularsolution.com https://js.hs-banner.com https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://api.ipify.org https://api-ip-entel.herokuapp.com https://www.barilliance.net https://*.maze.co/ https://prompts.maze.co/ https://graph.microsoft.com/ https://mindicador.cl/api/uf https://fonts.gstatic.com/ https://www.gstatic.com/ https://www.googleoptimize.com https://cdn.mouseflow.com/ https://www.youtube.com/iframe_api https://collect.tealiumiq.com/entel/ https://lh3.googleusercontent.com/ ; frame-src 'self' *.entel.cl *.ocularsolution.com *.doubleclick.net *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.rfihub.com *.vimeo.com https://entel-vm-md.firebaseapp.com https://entel-vm-md-run.firebaseapp.com/ https://individeo.com/ *.google.com *.digitalbeat.cl *.en.tel *.ventastecnicas.cl *.qualtrics.com *.doubleclick.net https://gum.criteo.com https://www.youtube.com https://digitalcorp.cl/ https://eccnetserver.entelcallcenter.cl https://entelfidelizacion.cl https://lw.cliengo.com https://www.youtube-nocookie.com https://www.facebook.com https://entelchile.speedtestcustom.com https://qaentel.autoasegurado.cl https://amp-publisher-samples-staging.herokuapp.com https://www.entel.cl/tiendas/totalpack https://entelagenda.totalpack.cl https://entelecommerce.speedtestcustom.com https://entel.tryadviser.com https://forms.hsforms.com https://bop-tde.brightstar.com/ https://alb-alive-1021733634.us-west-2.elb.amazonaws.com/ https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://www.barilliance.net https://bop-tde.brightcell-logistics.com ; frame-ancestors 'self' https://miperfil.entel.cl https://miportal.entel.cl https://bop-tde.brightcell-logistics.com ; img-src 'self' data: *.entel.cl *.digitalbeat.cl *.rfihub.com *.doubleclick.net *.onesignal.com *.cliengo.com *.adnxs.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.googleusercontent.com *.ocularsolution.com *.qualtrics.com https://clients1.google.com https://ds-aksb-a.akamaihd.net https://maps.googleapis.com *.google-analytics.com *.google.cl https://www.google.com *.google.com.br *.googletagmanager.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://scontent.cdninstagram.com https://graph.instagram.com/ https://maps.gstatic.com https://pixel-rmk.blueknow.com http://testentel.i2b.cl https://f.hubspotusercontent20.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://track.neianalytics.com https://p.adsymptotic.com https://pixel.rubiconproject.com https://ad.soicos.com/conv.php https://www.linkedin.com/px/li_sync https://maps.google.com https://embedded-files.tryadviser.com https://cdn.cookielaw.org https://assets.videsk.io https://videsk.io https://track.hubspot.com *.barilliance.com https://bimgs.s3.amazonaws.com *.hubspotusercontent-na1.net https://firebasestorage.googleapis.com *.googleapis.com https://www.barilliance.net https://*.maze.co/ https://storage.cloud.google.com *.bing.com ; manifest-src 'self' ; media-src 'self' *.entel.cl *.vimeo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://www.entel.cl https://entel.cl https://vod-progressive.akamaized.net *.ocularsolution.com https://www.barilliance.net ; worker-src 'self' https://www.entel.cl/public/js/importer.js https://d196nughcth94f.cloudfront.net/service-worker_icomm.js https://notifications-icommkt.com https://track-icommkt.com https://www.barilliance.net https://www.entel.cl/* blob: ; upgrade-insecure-requests; 2
frame-src 'self' vimeo.com player.vimeo.com www.googletagmanager.com  www.youtube.com *.marketo.com *.widencdn.net *.spe.org cdn.knightlab.com widget.taggbox.com www.google.com www.slideshare.net share.transistor.fm spe.widen.net www.podbean.com  player.flipsnack.com ;  report-uri https://www.spe.org/csp/log/ 2
default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.azure.com *.braintree-api.com *.braintreegateway.com *.cloudflareinsights.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hoyts.co.nz *.hoyts.com.au *.in.applicationinsights.azure.com *.jsdelivr.net *.paypal.com *.paypalobjects.com *.recaptcha.net *.report-uri.com *.smooch.io *.snapchat.com *.vimeo.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com analytics.tiktok.com apps.rokt.com az416426.vo.msecnd.net cdn.jsdelivr.net emailvalidatoruatfunc.azurewebsites.net google.com insights.algolia.io js.monitor.azure.com sc-static.net stream.mux.com; object-src 'none'; img-src 'self' https: data:;upgrade-insecure-requests;report-uri https://hoyts.report-uri.com/r/d/csp/enforce 2
frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 2
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com *.demandbase.com *.intercom.io *.intercomcdn.com https://play.vidyard.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.hsforms.net https://*.usercentrics.eu *.6sc.co *.6sense.com https://scripts.simpleanalyticscdn.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net https://play.vidyard.com *.hsforms.com;         style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com *.intercomcdn.com;         media-src 'self' data: www.qualia.com js.driftt.com *.intercomcdn.com *.hubspotusercontent00.net;         manifest-src 'self' data: *.google.com;         prefetch-src 'self' data: https://play.vidyard.com;         object-src 'none';         upgrade-insecure-requests 2
frame-ancestors 'self' https://*.embibe.com https://jiomeetpro.jio.com https://*.embibe.co.in 2
frame-ancestors 'self' *; default-src 'self' data: wss: mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru *.freekassa.ru *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.jivosite.com *.google.com.ua *.freekassa.ru; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.googleapis.com *.freekassa.ru 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru freekassa.ru 'unsafe-inline'; 2
img-src data: *; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu oribi.io *.oribi.io secure.gravatar.com google-analytics.com *.google-analytics.com youtube-nocookie.com *.youtube-nocookie.com consentmanager.net *.consentmanager.net google.com *.google.com google.de *.google.de linkedin.com *.linkedin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com  usercentrics.eu *.usercentrics.eu secure.gravatar.com *.w.org consentmanager.net *.consentmanager.net linkedin.com *.linkedin.com ytimg.com *.ytimg.com google.de *.google.de data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu ajax.googleapis.com consentmanager.net *.consentmanager.net licdn.com *.licdn.com linkedin.com *.linkedin.com youtube.com *.youtube.com googletagmanager.com *.googletagmanager.com data: blob:; 2
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 2
frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr 2
frame-ancestors 'self' https://sites.ncleg.gov 2
frame-ancestors 'self' *dol.com.br *elitecs.gruporba.com.br 2
default-src 'self' 'unsafe-inline' blob: 8c1aab619aac40b3b3c7f4e8f3ca02ba.js.ubembed.com *.trustpilot.com; font-src data: 'self' https://talkdeskchatsdk.talkdeskapp.com fonts.gstatic.com fonts.googleapis.com *.monetate.net 8c1aab619aac40b3b3c7f4e8f3ca02ba.js.ubembed.com *.nitrocdn.com *.sentimentmetrics.com;  frame-src 'self' 'unsafe-inline' data: nitroscripts.com marketer.monetate.net *.doubleclick.net *.youtube.com youtube.com 8c1aab619aac40b3b3c7f4e8f3ca02ba.pages.ubembed.com *.hotjar.com *.amazon-adsystem.com www.facebook.com *.trustpilot.com *.fls.doubleclick.net player.vimeo.com; img-src data: 'self' fonts.gstatic.com *.youtube.com qa-cdn-talkdesk.talkdeskdev.com https://talkdeskchatsdk.talkdeskapp.com *.upsellit.com adservice.google.com ad.doubleclick.net lshieldusstg.wpengine.com *.vimeocdn.com *.legalshield.com www.legalshield.com legalshield.com 8c1aab619aac40b3b3c7f4e8f3ca02ba.events.ubembed.com *.legalshield.com *.w.org nitropack.io 8c1aab619aac40b3b3c7f4e8f3ca02ba.pages.ubembed.com logs-01.loggly.com *.monetate.net *.clarity.ms *.wpengine.com *.nitrocdn.com uat201.local legalshield.com avatars.legalshield.com *.monetate.netsecure.gravatar.com www.google.com www.googletagmanager.com www.google-analytics.com www.facebook.com alb.reddit.com *.adsymptotic.com *.sentimentmetrics.com *.bing.com linkedin.com *.linkedin.com *.ads.linkedin.com px.ads.linkedin.com; script-src 'self' nitroscripts.com design.api.legalshield.com https://tags.srv.stackadapt.com https://talkdeskchatsdk.talkdeskapp.com 'unsafe-eval' https://tags.srv.stackadapt.com 'unsafe-inline' www.legalshield.com lshieldusstg.wpengine.com 8c1aab619aac40b3b3c7f4e8f3ca02ba.js.ubembed.com hooks.zapier.com utt.impactcdn.com unpkg.com nitropack.io *.hotjar.com ajax.googleapis.com blob: legalshield.com www.legalshield.com www.googletagmanager.com *.nitrocdn.com *.invocacdn.com *.invoca.net *.monetate.net *.sentimentmetrics.com *.cloudflareinsights.com *.amazon-adsystem.com www.google-analytics.com *.pepperjam.com www.redditstatic.com *.licdn.com *.facebook.net facebook.com *.getdrip.com tags.srv.stackadapt.com *.ubembed.com clarity.ms *.clarity.ms *.doubleclick.net *.bing.com *.reddit.com *.linkedin.com *.doubleclick.net *.google.com google.com *.cloudfront.net *.ubembed.com *.getdrip.com builder-assets.unbounce.com *.upsellit.com *.trustpilot.com acsbapp.com redditstatic.s3.amazonaws.com *.cloudflareinsights.com; script-src-attr 'unsafe-eval' 'unsafe-inline' tags.srv.stackadapt.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ux-framework-release.legalshield.com design.api.legalshield.com *.nitrocdn.com tags.srv.stackadapt.com lshieldusstg.wpengine.com legalshield.com tags.srv.stackadapt.com; style-src-attr 'self' 'unsafe-inline' tags.srv.stackadapt.com *.stackadapt.com; style-src-elem 'self' 'unsafe-inline' www.googletagmanager.com design.api.legalshield.com ux-framework-release.legalshield.com fonts.googleapis.com www.legalshield.com yoast.com *.monetate.net tags.srv.stackadapt.com *.nitrocdn.com; connect-src 'self' wss://tsock.us1.twilio.com https://api.talkdeskapp.com https://talkdeskchatsdk.talkdeskapp.com legalshield.sjv.io wss://ws.hotjar.com content.hotjar.io ws.hotjar.com *.hotjar.com metrics.hotjar.io queries.api.legalshield.com queries.api.legalshield.com 8c1aab619aac40b3b3c7f4e8f3ca02ba.events.ubembed.com 'unsafe-inline' orders.api.legalshield.com to.getnitropack.com bat.bing.com orders.api.legalshield.com yoast.com www.facebook.com 8c1aab619aac40b3b3c7f4e8f3ca02ba.pages.ubembed.com *.wpengine.com nitropack.io *.nitrocdn.com www.googletagmanager.com www.google-analytics.com wss://livechat.sentimentmetrics.com stats.g.doubleclick.net tags.srv.stackadapt.com *.clarity.ms analytics.google.com livechat.sentimentmetrics.com cdn.linkedin.oribi.io px.ads.linkedin.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com *.imi.chat js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net cds-sdkcfg.onlineaccess1.com d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' *.imi.chat https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com;  img-src 'self' 'unsafe-inline' *.imi.chat https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co  x.bidswitch.net   dsum-sec.casalemedia.com  simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' *.imi.chat wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' *.imi.chat https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com;font-src 'self' 'unsafe-inline' *.imi.chat https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com  data:; 2
default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'report-sample' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ssl.google-analytics.com https://static.getclicky.com/js https://in.getclicky.com https://*.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com/charts/ https://get.microsoft.com; img-src 'self' data: https://*.google-analytics.com https://in.getclicky.com https://fsmktingcdn-a82e.kxcdn.com https://*.g.doubleclick.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.ytimg.com https://*.analytics.google.com https://*.google.com https://get.microsoft.com; connect-src 'self' https://*.google-analytics.com https://in.getclicky.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com https://get.microsoft.com; object-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com/charts/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-ancestors 'none'; report-uri https://www.remoteutilities.com/csp-report.php; 2
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: stackpath.bootstrapcdn.com rawgit.com *.googleapis.com tpc.googlesyndication.com www.youtube.com ad-log.dable.io pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; frame-src 'self' www.youtube-nocookie.com tpc.googlesyndication.com omny.fm assets.bwbx.io www.youtube.com www.google.com td.doubleclick.net *.fls.doubleclick.net pixel.mathtag.com; style-src 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; img-src * data:;  font-src 'self' * data:; connect-src 'self' stats.g.doubleclick.net pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *;  upgrade-insecure-requests; 2
'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 2
base-uri 'none';frame-ancestors https://*.montecarlosbm.com;form-action 'self' javascript:; manifest-src 'self';default-src 'none';frame-src https:;style-src-elem https: 'unsafe-inline';script-src 'unsafe-eval';style-src https: 'unsafe-inline';script-src-elem https: 'unsafe-inline'; media-src blob:; img-src https: data:; font-src 'self' data: https:; worker-src 'self' blob:;connect-src * wss: https:; 2
default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://abs.firstdedic.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.1dedic.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstdedic.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors https://metrika.yandex.ru http://webvisor.com/; 2
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
frame-ancestors https://specialty-care-pavilion-latest.jefferson.edu https://specialty-care-pavilion.jefferson.edu https://specialty-care-pavilion-dev.jefferson.edu; 2
object-src 'none'; base-uri 'none'; form-action 'self' https://*.hsforms.com https://cloud.getdbt.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-inline' nonce sha256 data: *.zenarmor.com cdn.jsdelivr.net/npm/@docsearch/ calendly.com *.calendly.com consent.cookiebot.com consentcdn.cookiebot.com *.hs-scripts.com *.hubapi.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net challenges.cloudflare.com *.algolia.net *.zdassets.com ekr.zendesk.com wss://*.zopim.com sunnyvalleyhelp.zendesk.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.recaptcha.net *.gstatic.com; img-src https://* data:; font-src 'self' data: *.gstatic.com; 2
script-src 'unsafe-eval' 'self' blob: *.hcsctest.net *.hcsc.net 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-faXCajxRfsxc0bae7+yr2K8V6v+j+fXiAfrDzmO7g4o=' 'sha256-GvTqW2N1yqVSPv2NunuZcmhuOzJPlyqjIbTCod/tAWo=' 'sha256-DmzNnZo/dKWxeeIrc7o2Qln6ZXMz6DCUkXbQ9r/1uBM=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com, worker-src 'self' blob: 2
child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.vimeo.com *.isnetworld.com *.mypurecloud.com; frame-ancestors 'self' *.lightning.force.com; form-action 'self'; 2
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' *.buderus.com *.googlesyndication.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com www.facebook.com wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com  *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' http://suno-noticias-develop.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ 2
frame-ancestors 'self' https://*.nexhealth.com https://nexhealth.com https://nexhealth.info 2
frame-ancestors 'self' https://flex.twilio.com 2
frame-ancestors https://ads.tiktok.com 2
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.rwjbh.org www.mychart.com; 2
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 2
default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data: https://use.typekit.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 2
frame-ancestors 'self' https://*.solutionreach.com 2
frame-ancestors https://cue.mediahuis.cue.cloud 2
frame-ancestors 'self' https://polkadot-website-staging.netlify.app/ https://polkadot-website.netlify.app/ https://polkadot.ghost.io/ https://cms.polkadot.network/ https://polkadot.network/ 2
object-src 'none'; script-src 'self' 'unsafe-inline' addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com https://universe-static.elfsightcdn.com addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://idrc-crdi.ca/en/report-uri/enforce 2
default-src 'self' media.better.com; connect-src wss://*.twilio.com wss://*.ably.io wss://*.ably-realtime.com wss://*.pusher.com wss://*.pusherapp.com *.ably.io *.ably-realtime.com *.pusherapp.com https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self' https://mobile2.accountchek.net https://borrower.accountchek.com https://web.pointserv.com https://flex.twilio.com https://builder.io https://*.frontapplication.com https://better1.followupboss.com https://better2.followupboss.com https://better3.followupboss.com https://bre1.followupboss.com https://bre2.followupboss.com https://bre3.followupboss.com https://bre4.followupboss.com https://bre5.followupboss.com https://bre6.followupboss.com https://bre7.followupboss.com https://bre8.followupboss.com https://bre9.followupboss.com https://bre10.followupboss.com https://better-mortgage.frontapp.com https://app.datadoghq.com https://better.com https://*.better.com; frame-src https://*.hellosign.com https://accounts.google.com https://assets.braintreegateway.com https://cdn.plaid.com https://useast1.pcipal.cloud/ bid.g.doubleclick.net dntcl.qualaroo.com insight.adsrvr.org match.adsrvr.org player.vimeo.com www.google.com 'self' https: https://better.com https://*.better.com; img-src data: https: 'self' *.better.com images.ctfassets.net heapanalytics.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com media.better.com data: chat-assets.frontapp.com assets.twilio.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' data: blob: accounts.google.com fonts.googleapis.com assets.braintreegateway.com *.better.com cdn.jsdelivr.net assets.twilio.com; media-src media.better.com 'self' chat-assets.frontapp.com https://player.vimeo.com https:; object-src 'self' 2
default-src: 'none' 2
frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://*.kappa.mgmaglev.xyz https://*.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com 2
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://open.spotify.com https://iveco.ubiest.com https://tools.eurolandir.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com;frame-ancestors 'self'; 2
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER https://optmize.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com https://mcstaging.russellstover.com https://mcstaging.lindtusa.com https://mcstaging.ghirardelli.com https://mcprod.lindtusa.com *.googleadservices.com *.yieldify.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-static.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com landofcoder.com https://www.youtube.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.noibu.com/collect.js https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER *.yieldify.com *.fraud0.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://cdn.attn.tv https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src landofcoder.com tinyurl.com/LINDT-LAUNCHER 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com landofcoder.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js *.fraud0.com *.lindtusa.com *.yieldify.com *.googleapis.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://lindt-us.attn.tv https://events.attentivemobile.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://viewer.byondxr.com https://web-apps.byondxr.com https://app.byondxr.com https://byondxr-viewer.byondxr.com https://app.byondvr.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.doubleclick.net api.mapbox.com consentcdn.cookiebot.com consent.cookiebot.com 'self';  object-src 'none'; worker-src blob: ; child-src www.google.com consentcdn.cookiebot.com assist.zoho.eu blob: 'self' ; img-src imgsct.cookiebot.com data: blob: 'self' www.google.ch www.google.com www.google-analytics.com; connect-src 'self' *.tiles.mapbox.com consentcdn.cookiebot.com api.mapbox.com events.mapbox.com www.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; frame-ancestors 'self' 2
frame-ancestors speedtest.pucsp.br www.pucsp.br www5.pucsp.br www.unifai.edu.br unifai.edu.br speedtest.pucsp.br speedtest.fundasp.org.br www.fundasp.org.br fundasp.org.br velocidadedainternet.fundasp.org.br velocidadeinternet.fundasp.org.br www.hospitalsantalucinda.com.br 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com https://www.energiaxxi.com 2
base-uri 'self';form-action 'self';frame-ancestors *.max.co.il; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; base-uri 'none'; 2
frame-ancestors 'self' https://app.kontent.ai http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com;frame-src https://2486383.hs-sites.com https://app.hubspot.com https://s7.addthis.com https://players.brightcove.net https://6519012.fls.doubleclick.net https://bid.g.doubleclick.net https://js.driftt.com https://www.facebook.com https://www.gartner.com https://www.google.com https://forms.hsforms.com https://forms.office.com https://app.kontent.ai https://forms.monday.com http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com https://js.stripe.com https://tribl.io https://platform.twitter.com https://www.youtube.com; 2
frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com; 2
frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2
default-src 'self';  style-src 'self' 'unsafe-inline' https://*.inside-graph.com https://fonts.googleapis.com https://*.typekit.net;  media-src 'self';  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.queue-it.net https://*.krxd.net https://bam.nr-data.net https://*.adsrvr.org https://*.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://pixel.mathtag.com https://*.visualwebsiteoptimizer.com https://*.analytics.yahoo.com https://www.google-analytics.com https://s.yimg.com https://js-agent.newrelic.com https://*.inside-graph.com https://staticcdn.co.nz;  img-src 'self' data: https://*.krxd.net https://*.mylotto.co.nz https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.nz https://staticcdn.co.nz https://shielded.co.nz https://*.adsrvr.org https://*.doubleclick.net;  connect-src 'self' https://*.mylotto.co.nz https://misnwhpjb8.execute-api.ap-southeast-2.amazonaws.com https://bam.nr-data.net wss://*.inside-graph.com https://*.inside-graph.com https://*.google-analytics.com https://*.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com;  frame-src 'self' https://cornerstonecx.co.nz https://*.krxd.net https://*.adsrvr.org https://*.windcave.com https://*.paymentexpress.com https://*.doubleclick.net https://*.mathtag.com https://*.finrings.com https://*.youtube.com https://*.vimeo.com https://*.wagerworks.com https://*.nz.rgsgames.com https://*.az4.rgsgames.com https://*.i-w-g.com https://*.mylotto.co.nz https://*.flashtalking.com https://staticcdn.co.nz;  font-src 'self' data: https://*.mylotto.co.nz https://mylotto.co.nz https://*.inside-graph.com https://fonts.gstatic.com 2
frame-ancestors 'self' https://nobudget.media/ 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdnjs.cloudflare.com https://multicare.jotform.com https://js.jotform.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.evaliahealth.com https://*.issuu.com https://*.isu.pub https://*.jotfor.ms https://*.marketo.com https://*.moatads.com https://*.multicare.org https://*.nrchealth.com https://*.sitkainsights.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.licdn.com https://*.facebook.net https://siteimproveanalytics.com https://*.calltrk.com https://*.marketo.net https://*.adsrvr.org https://*.google-analytics.com https://*.applozic.com https://*.facebook.com https://*.googleadservices.com https://*.healthrecordwizard.com https://*.cloudflare.com https://*.us.tvsquared.com https://*.legitscript.com/ https://*.redditstatic.com https://*.moz.com https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.freshpaint.io/ https://*.monsido-consent.com https://*.monsido.com https://perfalytics.com https://*.freshpaint.io/ https://*.tctm.xyz; frame-src 'self' https://*.evaliahealth.com https://*.issuu.com https://*.marketo.com https://*.multicare.org https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.jotform.io https://*.google.com https://*.mom365.com https://*.jotform.com https://*.fls.doubleclick.net https://*.adsrvr.org https://bid.g.doubleclick.net https://*.facebook.com https://*.googleadservices.com https://*.healthrecordwizard.com https://*.moz.com https://*.tctm.xyz; object-src 'none' 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
frame-ancestors https://*.1-grid.com/ 'self'; 2
default-src 'self'; script-src 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/; style-src 'unsafe-inline' 'self'; frame-src https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://www.youtube.com/; child-src 'self'; img-src 'self' data: https://www.google-analytics.com; font-src data:; connect-src blob: https://dev3-api.textures.com/ https://api.textures.com/ https://api-v3.textures.com/ https://www.textures.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://stats.g.doubleclick.net https://www.google-analytics.com/; worker-src 'self'; form-action 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/; upgrade-insecure-requests; media-src 'self'; prefetch-src 'self'; manifest-src 'self'; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net *.narvar.com *.narvar.qa *.yotpo.com *.typekit.net *.charlottesweb.com acsbapp.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com *.yotpo.com swellrewards.com *.swellrewards.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net *.snapchat.com *.salesforce.com *.facebook.com *.recruiterbox.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com core.spreedly.com *.weltpixel.com checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.youtube-nocookie.com *.pardot.com *.vimeo.com *.google.com *.paycomonline.net *.bounceexchange.com *.demdex.net *.snapchat.com *.adsrvr.org *.adform.net *.pepperjamnetwork.com *.revoffers.com *.ometrics.com www.youtube.com s.ytimg.com *.kaptcha.com *.shoprunner.com *.shoppinggives.com *.addthis.com *.force.com *.kargo.com charlotteswebcbd.sjv.io app.vwo.com *.visualwebsiteoptimizer.com *.recruiterbox.com app.hubspot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.googleapis.com *.gstatic.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ media.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.youtube.com *.narvar.com *.narvar.qa *.ometrics.com *.bouncex.net *.bounceexchange.com *.bizrate.com *.demdex.net *.cdnwidget.com *.adsrvr.org charlotteswebglobaldev.112.2o7.net *.seadform.net *.everesttech.net *.placeholder.com pippio.com *.shoprunner.com *.amazonaws.com *.shoppinggives.com Bidtellect APIs  charlotteswebdevrelaunch.112.2o7.net *.google.com *.google.co.in bttrack.com *.acsbapp.com *.yahoo.com *.doubleclick.net *.rubiconproject.com *.charlottesweb.com *.linkedin.com beacon.lynx.cognitivlabs.com charlotteswebcbd.sjv.io *.ojrq.net ojrq.net logs-01.loggly.com *.rlcdn.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.cloudfront.net *.recruiterbox.com track.hubspot.com forms.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.googleapis.com *.gstatic.com core.spreedly.com *.subscribepro.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.yotpo.com swellrewards.com *.swellrewards.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.googletagmanager.com *.google.com *.google-analytics.com *.youtube.com *.adform.net *.adobedtm.com *.bibblio.org *.yottaa.com *.yottaa.net *.cloudflare.com *.facebook.net *.pepperjam.com *.revoffers.com *.klaviyo.com *.newrelic.com *.adsrvr.org *.ometrics.com *.hrmdirect.com *.addthis.com *.bounceexchange.com *.acsbap.com acsbapp.com sc-static.net *.zendesk.com *.zdassets.com *.charlottesweb.com *.nr-data.net *.netlify.app *.netlify.com www.youtube.com *.shoppinggives.com *.cardinalcommerce.com *.shoprunner.com *.shoprunner.io *.wknd.ai *.force.com *.rakuten.com *.noibu.com *.moatads.com *.addthisedge.com *.salesforceliveagent.com *.cloudflareinsights.com *.kargo.com *.salesforce.com charlottesweb.my.site.com *.ordergroove.com linkedin.com media-akam.licdn.com snap.licdn.com utt.impactcdn.com pixel.byspotify.com a.tribalfusion.com *.visualwebsiteoptimizer.com app.vwo.com *.byspotify.com *.recruiterbox.com *.mountain.com mountain.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com js.usemessages.com js.hscollectedforms.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.subscribepro.com *.fontawesome.com https://static.klaviyo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net *.googleapis.com *.klaviyo.com *.bibblio.org *.typekit.net *.hrmdirect.com *.ometrics.com *.sp-prev-charlottesweb.netlify.app *.shoprunner.com *.sezzle.com *.bounceexchange.com *.force.com charlottesweb.my.site.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.recruiterbox.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; connect-src https://perf-api.wknd.ai/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.subscribepro.com core.spreedly.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.yotpo.com swellrewards.com *.swellrewards.com hiconversion.com *.hiconversion.com obviyo.net *.obviyo.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ *.cdn-loyalty.yotpo.com *.klaviyo.com *.omtrdc.net *.demdex.net *.revoffers.com *.acsbapp.com *.zdassets.com *.zendesk.com *.zopim.com *.cdnbasket.net *.cdnwidget.com *.charlottesweb.com *.bouncex.net *.doubleclick.net *.google-analytics.com *.nr-data.net *.cardinalcommerce.com *.typekit.net *.adobedtm.com *.adobedc.net *.paypal.com *.magento.com *.adobe.net *.magedevteam.com *.spreedly.com *.facebook.net *.facebook.com *.shoppinggives.com *.shoprunner.com *.shoprunner.io *.sezzle.com *.yottaa.net pippio.com *.noibu.com wss://input.noibu.com/pv_part *.kargo.com *.force.com service.force.com *.ordergroove.com *.linkedin.com *.linkedin.oribi.io acsbapp.com charlotteswebcbd.sjv.io *.visualwebsiteoptimizer.com app.vwo.com *.byspotify.com *.recruiterbox.com api.hubspot.com forms.hscollectedforms.net 'self' 'unsafe-inline'; 2
default-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.de cdn.jsdelivr.net *.online-metrix.net *.trbo.com *.unzer.com cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.visualwebsiteoptimizer.com blob: d2bgdldl6xit7z.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net *.trbo.com *.unzer.com cdnjs.cloudflare.com paypalobjects.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.visualwebsiteoptimizer.com blob:; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net; base-uri 'self'; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.kameleoon.com *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.unzer.com *.magnolia-platform.com data.kameleoon.io *.kik.de *.kik.at *.kik.pl *.trbo.com *.visualwebsiteoptimizer.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com; frame-src 'self' *.usercentrics.eu *.trbo.com *.unzer.com; frame-ancestors 'self' *.magnolia-platform.com; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kameleoon.com *.kik.de *.kik.at *.kik.pl *.trbo.com *.unzer.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com www.google.com www.google.de *.visualwebsiteoptimizer.com static.phrase.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: 2
default-src 'self' https://www.mpsv.cz https://data.mpsv.cz https://*.google-analytics.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://stats.g.doubleclick.net/ https://mapserver.mapy.cz https://api.mapy.cz https://test-chatbot.mpsv.cz:9000  https://test-chatbot.uradprace.cz:9000 https://stjprpsvchatbot001.blob.core.windows.net https://pomoc.mluvii.com wss://pomoc.mluvii.com wss://test-chatbot.mpsv.cz:9001 wss://test-chatbot.uradprace.cz:9001 wss://*.predu.sk; img-src 'self' data: https://*.gstatic.com https://www.google-analytics.com https://c.seznam.cz/retargeting https://www.google.com/ads/ https://www.google.com/pagead/ https://www.google.cz/pagead/ https://api.mapy.cz https://mapserver.mapy.cz https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://*.predu.sk ; frame-src 'self' formapps: https://www.google.com https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.youtube.com https://player.rss.com/ https://www.youtube-nocookie.com https://chatbot.mpsv.cz https://chatbot.uradprace.cz https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://*.predu.sk data:; child-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.mpsv.cz https://*.gstatic.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://api.mapy.cz https://www.google.com https://www.google-analytics.com https://chatbot.mpsv.cz https://chatbot.uradprace.cz https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://czmpsvstorage.blob.core.windows.net https://portal.gov.cz https://*.predu.sk; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://api.mapy.cz https://pomoc.mluvii.com https://test-chatbot.mpsv.cz:9000/ https://test-chatbot.uradprace.cz:9000/ https://stjprpsvchatbot001.blob.core.windows.net https://*.predu.sk; font-src 'self' data:  https://api.mapy.cz 2
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; connect-src * ws:; font-src *; frame-src *; media-src * 2
frame-ancestors 'self' https://assets.apilayer.com 2
default-src 'self' *.novica.com *.novica.net;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;frame-src *;connect-src *;media-src *;font-src *;worker-src * blob:; 2
frame-ancestors 'self' https://*.bidorbuy.co.za https://*.bobshop.co.za https://*.bob.co.za; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; frame-src> 2
object-src 'none'; block-all-mixed-content 2
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=i9gE7Db1YHRlhG3zay2o0CqzmhioS0PFn7T3oeRGdqOIKIwKWs4nP67GGYXys%2FYcdbNHHbG3DNYaT2qBE%2F6BAQ%3D%3D; 2
default-src 'self'; connect-src 'self' https://block.opendns.com https://coopbank.tt.omtrdc.net https://thecooperativebank.d1.sc.omtrdc.net https://www.googleapis.com https://dpm.demdex.net https://www.youtube-nocookie.com *.googleapis.com *.googlevideo.com https://play.google.com https://d2hpwsdp0ihr0w.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static-assets-cdn.i.cloud.panopto.eu data:; frame-src 'self' https://www.youtube-nocookie.com https://cooperativebank.demdex.net https://cdn.embedly.com https://bpp.cloud.panopto.eu https://widget.trustpilot.com; img-src 'self' data: https://thecooperativebank.d1.sc.omtrdc.net https://www.fscs.org.uk https://cm.everesttech.net https://static-assets-cdn.i.cloud.panopto.eu https://d2hpwsdp0ihr0w.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://bat.bing.com https://tags.tiqcdn.com https://my.tealiumiq.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://static-assets-cdn.i.cloud.panopto.eu https://cdn.eu.pendo.io https://cdn.embed.ly https://bpp.cloud.panopto.eu https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://static-assets-cdn.i.cloud.panopto.eu; media-src 'self' blob: 2
default-src *.gstatic.com blob: *.wistia.com wistia.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.unpkg.com unpkg.com *.wufoo.com *.wistia.com wistia.com *.litix.io litix.io *.akamaihd.net akamaihd.net blob: static.zohocdn.com equisolve.zohorecruit.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.unpkg.com unpkg.com *.wufoo.com *.wistia.com wistia.com *.litix.io litix.io *.akamaihd.net akamaihd.net blob: static.zohocdn.com equisolve.zohorecruit.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.unpkg.com unpkg.com static.zohocdn.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com *.wistia.com wistia.com data: ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com *.vimeocdn.com vimeocdn.com *.google-analytics.com google-analytics.com *.openstreetmap.org openstreetmap.org *.unpkg.com unpkg.com *.wistia.com wistia.com d32z8e2q3dzvu4.cloudfront.net data:  ir.stockpr.com www.equisolve.com *.equisolve-dev.com *.equisolve.net 'unsafe-inline' 'unsafe-eval'; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com *.wufoo.com blob: ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com blob: *.wistia.com wistia.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.dkv.com; 2
frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il 2
frame-ancestors 'self' tsssb.unifi.com.my; 2
frame-ancestors 'self' *.wrike.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.scalink.com.br *.youtube.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.retargetly.com *.googletagmanager.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; object-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; base-uri *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; worker-src blob: 'self'; 2
frame-src 'self' https://193.105.74.4/  https://62.140.31.104/ https://www.gstatic.com/ https://www.google.com/recaptcha/ https://platform-use.ci360.sas.com https://individeo.com/ https://www.youtube.com/ https://www.produbanco.com.ec/ https://estella01.prd.net.ec/api/heartbeat https://cdn.botframework.com/ https://*.hotjar.com https://*.hotjar.io 2
frame-ancestors 'self' goqubit.net ; 2
upgrade-insecure-requests; report-uri /csp/report; 2
base-uri 'www.axelspringer.com'; upgrade-insecure-requests 1; 2
upgrade-insecure-requests; default-src https://*.idnet.com https://*.idnet.net 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.google.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com  https://widget.trustpilot.com https://fast.fonts.net https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.stripe.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com  data: ; img-src https: data: android-webview-video-poster: ; font-src https: data: ;  object-src 'self';  base-uri 'self'; form-action https://www.idnet.com https://idnet.us4.list-manage.com; report-uri https://www.idnet.com/api/csp_receiver.php; 2
frame-ancestors http://webvisor.com; 2
frame-ancestors 'self'; report-uri https://www.hec.edu/en/report-uri/enforce 2
frame-ancestors 'self' *.mapfretecuidamos.com *.mapfre.com *.mapfre.es; 2
frame-ancestors 'self' http://webvisor.com; 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info t.a3cloud.net ib.adnxs.com auth.airnewzealand.co.nz auth.airnewzealand.com ssl.google-analytics.com cdnjs.cloudflare.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' video.cdnvue.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
report-uri ; 2
frame-ancestors https://timestation.uservoice.com; 2
frame-ancestors 'self' https://www.trusselltrust.org/ 2
default-src 'unsafe-inline'  'unsafe-eval' 'self' zz.ha.cn *.sdoodo.com info.sdoodo.com art.shangdu.com  shangdu.com *.shangdu.com thangdu.com *.thangdu.com *.shangdu.net *.baidu.com *.qq.com *.weibo.com *.huliang.com *.shangdu.pro *.online.cn  *.zz.ha.cn *.entshangdu.com 2
default-src 'self' https://play.vidyard.com; connect-src 'self' https://*.zi-scripts.com https://*.googlesyndication.com https://*.calibermind.com https://*.visualwebsiteoptimizer.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://*.yoast.com https://*.certinia.com https://*.metarouter.io https://*.6sc.co https://analytics.google.com https://*.6sense.com https://*.mktoutil.com https://*.chilipiper.com https://c.6sc.co https://secure.adnxs.com https://ws.zoominfo.com https://*.pathfactory.com https://bidr.io https://rlcdn.com https://stats.g.doubleclick.net https://*.marketo.com https://munchkin.marketo.net https://*.mktoresp.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://bat.bing.com https://cdn.cookielaw.org https://play.vidyard.com https://web-analytics.engagio.com https://www.google-analytics.com https://www.googletagmanager.com https://*.onetrust.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.zi-scripts.com https://unpkg.com https://yoast.com https://*.yoast.com https://static.srcspot.com https://*.clarity.ms https://*.calibermind.com https://*.metarouter.io https://www.googleoptimize.com https://js.chilipiper.com https://j.6sc.co https://cdn-app.pathfactory.com https://s.adroll.com https://ws-assets.zoominfo.com https://*.certinia.com https://*.google.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://app.cdn.lookbookhq.com https://*.marketo.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://play.vidyard.com https://*.netdna-ssl.com https://www.googletagmanager.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.vidyard.com https://img.en25.com http://ct.capterra.com https://tribl.io https://munchkin.marketo.net https://bat.bing.com https://snap.licdn.com https://a.quora.com https://web-analytics.engagio.com https://googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net https://platform.twitter.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://ml314.com https://www.googleadservices.com; img-src https: data: https://www.google-analytics.com https://optimize.google.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com; frame-src 'self' mailto: api-cbb17618.duosecurity.com https://*.doubleclick.net https://public-profile.whistic.com https://financialforce.outgrow.us https://financialforce.chilipiper.com https://securityscorecard.com https://player.vimeo.com  https://*.certinia.com https://*.twitter.com https://bid.g.doubleclick.net https://*.vidyard.com https://app-sjg.marketo.com https://tribl.io https://*.google.com; font-src 'self' data: https://*.pathfactory.com https://*.netdna-ssl.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.certinia.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://js.chilipiper.com https://*.certinia.com https://cdnjs.cloudflare.com https://*.google.com https://fonts.googleapis.com https://platform.twitter.com https://app.cdn.lookbookhq.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://tribl.io https://*.netdna-ssl.com https://www.googletagmanager.com https://code.jquery.com https://gmpg.org https://maxcdn.bootstrapcdn.com https://tribl.io https://cdn.cookielaw.org https://app-sjg.marketo.com https://cdn-app.pathfactory.com; frame-ancestors 'self' https://library.certinia.com; object-src 'none'; upgrade-insecure-requests; worker-src 'self' blob:; 2
frame-ancestors 'self' http://dds-simplicit-prod.s3-website-ap-southeast-2.amazonaws.com http://dds-simplicit-v2-prod.s3-website-ap-southeast-2.amazonaws.com https://test.salesforce.com *.suncorpbank.com.au https://home.suncorp.com.au *.home.suncorp.com.au https://motor.suncorp.com.au *.motor.suncorp.com.au https://online1.test.suncorp.com.au https://online.suncorp.com.au https://pvt-online.suncorp.com.au https://online1.test.bingle.com.au https://online2.test.bingle.com.au https://online3.test.bingle.com.au https://online.bingle.com.au https://pvt-online.bingle.com.au; 2
default-src 'self'; frame-ancestors 'self' areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.krxd.net www.repsol.com www.dev-com.repsol.com www.google.com cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com tienda.dev-es.repsol.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 2
frame-ancestors 'self' *.shopdutyfree.com; upgrade-insecure-requests; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data: filesystem: 'unsafe-inline'; img-src https: data: ; 2
frame-ancestors 'none'; report-uri https://prod-th-csp-service.rbictg.com/csp; report-to csp-endpoint 2
default-src 'none'; script-src 'self' https://*.hcaptcha.com https://hcaptcha.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com https://hcaptcha.com; frame-ancestors 'self'; frame-src 'self' https://*.hcaptcha.com https://hcaptcha.com; connect-src https://*.hcaptcha.com https://hcaptcha.com; object-src 'self'; base-uri 'self'; img-src 'self'; font-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-script.monsido.com/ https://cdn-apac.onetrust.com/ https://u.heatmap.it/ https://cdn.yellowmessenger.com/ https://www.google.com/ https://www.gstatic.com/ https://static.elfsight.com/platform/platform.js https://www.petronas.com/608242b4-6b3e-4aff-8979-014519414d0c https://app-script.monsido.com/ https://static.elfsight.com/ https://api.swiftype.com/ https://geotargetly-api-1.com/ https://g10498469755.co/ https://code.jquery.com/; object-src 'none'; upgrade-insecure-requests 2
default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self'; img-src 'self' 2
frame-ancestors 'self' *.exocad.com *.excocad.net; 2
frame-ancestors lincolnelectric.com *.lincolnelectric.com 2
frame-ancestors 'self' *.beautiful.ai 2
default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com https://viewlicense.adobe.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://*.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://ajax.googleapis.com/ https://ws-assets.zoominfo.com/ https://schedule.zoominfo.com https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com https://www.lionbridge.com; script-src-elem 'self' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://js.zi-scripts.com/zi-tag.js https://googleads.g.doubleclick.net/* https://ws-assets.zoominfo.com/formcomplete.js https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com; script-src-attr https://*.brand-portal.adobe.com; style-src * 'self' https://*.brand-portal.adobe.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://*.brand-portal.adobe.com; style-src-attr 'self' 'unsafe-inline' https://*.brand-portal.adobe.com; img-src 'self' https://www.lionbridge.com https://play.vidyard.com https://five.fourtimessmelly.com https://cdn.cookielaw.org https://cdn.vidyard.com https://*.brand-portal.adobe.com https://b.6sc.co/ https://www.facebook.com https://trackingapi.trendemon.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google.com https://www.google.ie https://cm.everesttech.net https://pic.trendemon.com/ https://dpm.demdex.net/ https://a.mktgcdn.com https://t.co https://analytics.twitter.com https://dpm.demdex.net https://www.google-analytics.com; connect-src 'self' https://ws.zoominfo.com https://api.schedule.zoominfo.com https://five.fourtimessmelly.com/mon https://*.lionbridge.com https://cdn.cookielaw.org https://answersstatus.pagescdn.com https://liveapi-cached.yext.com https://ipv6.6sc.co https://geolocation.onetrust.com https://five.fourtimessmelly.com https://dpm.demdex.net https://js.zi-scripts.com https://epsilon.6sense.com https://*.brand-portal.adobe.com https://cdn.linkedin.oribi.io https://lionbridge.tt.omtrdc.net https://dayintegrationintern.tt.omtrdc.net https://viewlicense.adobe.io https://liveapi.yext.com https://answers.yext-pixel.com https://privacyportal-de.onetrust.com https://c.6sc.co https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://www.google-analytics.com https://secure.adnxs.com; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com; frame-ancestors 'self' http://lionbridge.com:8000 https://*.brand-portal.adobe.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2
default-src 'self' secure.test.bs.ch secure.bs.ch www.staatskalender.bs.ch www.tiefbauamt.test.bs.ch www.tiefbauamt.bs.ch egov-by-zid.ch www.leastyger-photography.ch www.regierungsrat.bs.ch *.showare.ch *.solique.ch de.wikipedia.org *.youtube.com map.geo.test.bs.ch map.geo.bs.ch *.abel-systems.ch www.eventdb.bs.ch www.rechtsprechung.gerichte-bs.ch *.basleratlas.ch *.google.com staticweb.bs.ch statabs.github.io statabs-test.github.io public.tableau.com cdn.knightlab.com service.buschviper.ch hit.uptrendsdata.com draeggwaegg.ch www.ub.basleratlas.ch eepurl.com www.tageskarte-gemeinde.ch blog.staatsarchiv-bs.ch data.bs.ch muenzwurf.statabs.ch marketing.us8.list-manage.com basleratlas.ch 1270.appointmind.net avenue.argusdatainsights.ch seu2.cleverreach.comi multimedia-bs.ch klv.egov.bs.ch *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io proxydk1si.siteimprove.systemsi www.linkedin.com static.licdn.com;script-src 'self' bdm-bs.bot.abraxas-apis.ch standortmarketing.prog.online s.ytimg.com *.youtube.com *.piwikpro.com 'unsafe-inline' multimedia-bs.ch hit.uptrendsdata.com baselstadt.containers.piwik.pro baselstadt.piwik.pro bot.bs-kt.prod.byerley.ch embed.typeform.com chat.aiaibot.com 'unsafe-eval' map.geo.bs.ch siteimproveanalytics.com platform.twitter.com static.licdn.com www.linkedin.com;connect-src 'self' standortmarketing.prog.online hit.uptrendsdata.com *.piwikpro.com *.piwik.pro *.containers.piwik.pro api.aiaibot.com klv.egov.bs.ch map.geo.bs.ch www.linkedin.com static.licdn.com;img-src 'self' bdm-bs.bot.abraxas-apis.ch bdm-bs.bot.abraxas-apps.ch *.prog.online multimedia-bs.ch *.piwikpro.com *.abel-systems.ch www.test.bs.ch www.bs.ch hit.uptrendsdata.com *.piwik.pro data: 'unsafe-eval' bot.bs-kt.prod.byerley.ch www.pd-bs.ch *.siteimproveanalytics.io static.licdn.com www.linkedin.com;style-src 'self' bdm-bs.bot.abraxas-apis.ch 'unsafe-inline' bot.bs-kt.prod.byerley.ch map.geo.bs.ch www.linkedin.com;frame-src * mailto:; 2
default-src *.teva.com *.teva-eu.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com api.us-1.gladly.chat chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.teva.com *.teva-eu.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; media-src *.teva.com *.teva-eu.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com; worker-src *.teva.com *.teva-eu.com blob: *.osano.com; child-src *.teva.com *.teva-eu.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.teva.com/_/csp-reports 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' plans.billetel.fr www.youtube.com *.prowebce.net *.nr-data.net *.onetrust.com *.contentsquare.net js-agent.newrelic.com cdn.cookielaw.org *.abtasty.com stats.g.doubleclick.net *.aticdn.net *.xiti.com *.google-analytics.com *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com code.jquery.com *.walkme.com www5.easiware.fr/prowebce/ cdnjs.cloudflare.com/ajax/libs/bootstrap-switch/ cdnjs.cloudflare.com/ajax/libs/highlight.js/ cdnjs.cloudflare.com/ajax/libs/popper.js/ cdnjs.cloudflare.com/ajax/libs/validate.js/ cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/ oss.maxcdn.com/respond/1.4.2/respond.min.js oss.maxcdn.com/html5shiv/ oss.maxcdn.com/libs/html5shiv/ oss.maxcdn.com/libs/respond.js/ cdn.jsdelivr.net/npm/roboto-font@0.1.0/ edenred-faq.mayday.cx/embedded/md-selfcare.umd.js public.mayday.fr logs-service.mayday.fr ka-p.fontawesome.com/releases/ cdnjs.cloudflare.com/ajax/libs/Swiper/5.3.7/css/swiper.min.css; img-src * data:; media-src * data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net/npm/roboto-font@0.1.0/ ka-p.fontawesome.com/releases/ data:; worker-src 'self' blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleadservices.com *.google.com *.firebaseio.com *.gtgnetwork.com *.googleapis.com *.gstatic.com *.geniusgames.com.au *.wistia.com 2
frame-ancestors 'self' *.salesforce.com *.force.com; 2
default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src 'self' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com *.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com https://partner.dev.gopay.cz p.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com use.typekit.net p.typekit.net *.googletagmanager.com fonts.googleapis.com *.gopaycdn.com *.gopaycdn-test.com; frame-src *; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com; object-src 'none'; report-to 'default'; 2
default-src *; img-src * 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; connect-src 'self' https://euc-widget.freshworks.com https://*.google-analytics.com https://carenzorgt.freshdesk.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src https://wchat.eu.freshchat.com https://513969701343894.eu.webpush.freshchat.com; img-src 'self' data: blob: https://p.typekit.net https://d1yim1i5ghw5xv.cloudfront.net https://*.mijnio.nl https://www.google-analytics.com https://euc-widget.freshworks.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://use.typekit.net https://euc-widget.freshworks.com https://*.google-analytics.com https://wchat.eu.freshchat.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://euc-widget.freshworks.com https://wchat.eu.freshchat.com; report-uri /csp_reports 2
frame-ancestors 'self' http://www.1001games.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 2
frame-ancestors 'self' https://www.einpresswire.com 2
connect-src   log.wien maps.nextbike.net *.googleapis.com *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' jobs.wienerstadtwerke.at https://www.facebook.com/tr/; style-src   static.dvinci-easy.com https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri   'self' *.onlim.com; script-src   https://app.onlim.com/chat-app/js/host.js *.onlim.com *.adform.net *.googletagmanager.com connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.onlim.com/ https://googleads.g.doubleclick.net/ *.usabilla.com/ https://siteimproveanalytics.com *.googletagmanager.com/ *.googleadservices.com static.dvinci-easy.com; frame-src   *.wienit.at lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' https://langenacht.orf.at youtu.be *.wienit.at/ *.wienernetze.at/ *.facebook.com embeds.whatchado.com https://terminreservierung.reinisch.tech/ https://terminreservierung.staging.reinisch.tech/ *.youtu.be; media-src   'self' data: *.onlim.com; img-src   *.wienernetze.at/ wienitedv.d3.sc.omtrdc.net facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' *.siteimproveanalytics.io https://siteimproveanalytics.com https://googleads.g.doubleclick.net *.facebook.com https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self'; 2
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' clientelastaging.papersource.com https://www.papersource.com/ www.papersource.com https://design.papersource.com/ https://*.rewardstyle.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com https://design.papersource.com/ https://*.bizrate.com  geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com https://cdn.cookielaw.org https://*.rewardstyle.com *.googletagmanager.com *.impactcdn.com https://*.bizrate.com  *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv *.mouseflow.com  https://cdn.cookielaw.org https://secure.quantserve.com/quant.js https://*.channeladvisor.com/ https://connect.facebook.net/ https://*.pinimg.com/ https://bat.bing.com/ https://rules.quantcount.com/ https://*.go-mpulse.net/ https://*.pinterest.com/ https://*.sli-spark.com/  https://embed.acuityscheduling.com/ https://*.rewardstyle.com https://*.arttrk.com/ *.impactcdn.com https://utt.impactcdn.com https://*.bizrate.com  assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.customily.com https://*.amazonaws.com *.vantivprelive.com *.vantivcnp.com https://www.mczbf.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com *.adobe.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com  https://cdn.cookielaw.org https://*.pinterest.com/ https://www.google.com.ua/ https://papersource.resultspage.com/ https://design.papersource.com/ https://*.rewardstyle.com https://*.arttrk.com/ *.impactcdn.com papersource.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://*.bizrate.com  assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv https://ct.pinterest.com/ https://www.facebook.com/ https://*.attn.tv/ https://*.paypalobjects.com/ https://app.squarespacescheduling.com/ https://*.rewardstyle.com papersource.pxf.io https://*.bizrate.com  fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com creatives.attn.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com https://papersource.resultspage.com/ fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: data: 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com  https://cdn.cookielaw.org  https://*.googleapis.com https://*.go-mpulse.net/ https://*.akstat.io/ https://www.sjwoe.com/ https://geolocation.onetrust.com/ https://*.akamaihd.net/ https://*.rewardstyle.com https://*.arttrk.com/ papersource.pxf.io https://*.bizrate.com  dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.customily.com https://*.amazonaws.com 'self' data: *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.attentivemobile.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* https://*.rewardstyle.com https://*.arttrk.com/ https://*.bizrate.com  'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://core.spreedly.com https://s7.addthis.com https://www.youtube.com/embed/*; 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src 'none'; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 2
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.es *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://maps.googleapis.com simuladores.afi.es https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: openbanksimuladores.afi.es unpkg.com www.googleoptimize.com;  connect-src 'self' *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.es px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com;  media-src 'self' *.openbank.com *.youtube.com; frame-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es *.doubleclick.net blob: openbanksimuladores.afi.es; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es blob: openbanksimuladores.afi.es ;frame-ancestors 'self' api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 2
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' blob: data: localhost localhost:3000 cdn.matomo.cloud sosafeawareness.matomo.cloud apis.google.com www.googletagmanager.com sosafe.local *.sosafe-awareness.com sosafe-awareness.com www.google-analytics.com snap.licdn.com bat.bing.com px.ads.linkedin.com adservice.google.com *.doubleclick.net *.gravatar.com boards-api.greenhouse.io boards.eu.greenhouse.io js.hsforms.net www.youtube.com www.youtube-nocookie.com play.google.com www.googleadservices.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net js-na1.hs-scripts.com connect.facebook.net cdn.transifex.com widget.amazd.co widget-staging.amazd.co *.wistia.com *.wistia.net *.requestmetrics.com humanfirewallconference.kinsta.cloud humanfirewallconference.com human-firewall-conference.com *.podigee-cdn.net 2
default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 2
object-src 'none'; frame-ancestors 'self' https://*.docebo.com https://*.docebosaas.com 2
frame-ancestors 'self' *.westchestergov.com *.westchestercatalyst.com westchestercatalyst.com *.westchesterputnamonestop.com *.westchesterda.net westchesterda.net *.westchesterlegislators.com westchesterlegislators.com; 2
frame-ancestors 'self' *.strumentimusicali.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; default-src 'self' https: wss:; trusted-types default; font-src 'self' data:; 2
frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com *.dynamics.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://platform.twitter.com/ https://twitter.com/ https://ir.oms.no/ https://kongsberg.easycruit.com https://tools.eurolandir.com https://asia.tools.euroland.com https://tools.euroland.com https://gamma.euroland.com ; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://static.mne.pt https://static.mne.gov.pt https://www.googletagmanager.com/; child-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; frame-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'none'; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com; worker-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.cloudflare.com *.facebook.net *.googletagmanager.com *.jsdelivr.net maps.googleapis.com *.newrelic.com polyfill.io *.siteimprove.net siteimproveanalytics.com ui.customsearch.ai unpkg.com *.wisconsin.gov; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com hosteduxprod.blob.core.windows.net *.jsdelivr.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com hosteduxprod.blob.core.windows.net maps.googleapis.com maps.gstatic.com *.siteimproveanalytics.io; frame-src *; frame-ancestors *; child-src *; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com maps.googleapis.com *.nr-data.net *.siteimprove.com *.siteimproveanalytics.com ui.customsearch.ai; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'unsafe-inline' 'unsafe-eval' https://*.vrr.de/ https://www.cookiebot.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.youtube.com https://sc-static.net https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com https://*.hotjar.com https://*.vrr.de  https://*.flockler.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.cookiebot.com/ https://smck-chat-msg.labs.sabio.de/ https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud; font-src 'self' https://fonts.gstatic.com data:; style-src 'unsafe-inline' 'self' https://*.vrr.de/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.vrr.de https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.flockler.app https://chatnrw-api-production-messaging.patty-awseuc1.swops.cloud https://chatnrw-production-messaging-webmain.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; frame-src 'self' blob: https://*.vrr.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.snapchat.com https://*.vrr.de https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://umap.openstreetmap.de; img-src 'self' data: https: https://*.cdninstagram.com https://*.vrr.de https://*.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://i.ytimg.com https://media.licdn.com https://*.xx.fbcdn.net https://*.flockler.com https://img.youtube.com; object-src 'self' blob: https://*.vrr.de 2
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://lidl-latuaopinioneconta.it  https://lidl-fatturaelettronica.it  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://lidl-latuaopinioneconta.it  https://lidl-fatturaelettronica.it; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.googletagmanager.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 2
frame-ancestors 'self' www.neoenergia.com 2
frame-ancestors 'self' v9.jarvisexch.com 99exch.com www.99exch.com cricbet99.com www.cricbet99.com 11xplay.com www.11xplay.com play247.win www.play247.win laser247.com www.laser247.com play99exch.com www.play99exch.com laser247.online www.laser247.online play247.online www.play247.online play99exch.win www.play99exch.win cricbet99.win www.cricbet99.win 11xplay.online www.11xplay.online 11xplay.pro www.11xplay.pro 99exch.live www.99exch.live 99exch.win www.99exch.win 99exch.green www.99exch.green cricbet99.club www.cricbet99.club cricbet99.green www.cricbet99.green 11xplay.green www.11xplay.green play247exch.win www.play247exch.win play247.green www.play247.green laser247.club www.laser247.club laser247.pro www.laser247.pro play99exch.live www.play99exch.live play99exch.club www.play99exch.club 2
frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ;  connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io resources.digital-cloud-west.medallia.com pdswebapi.fti-cloud.com s.yimg.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com wss://*.adobe.io ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms d21y75miwcfqoq.cloudfront.net di.rlcdn.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ;  font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ;  worker-src blob: *.decibel.net ; 2
script-src 'unsafe-inline' data: blob: http: https: https://www.homeagain.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.homeagain.com/; worker-src 'self' data: blob: http: https: https://www.homeagain.com/; img-src data: blob: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self' data: blob: http: https: https://www.homeagain.com/; font-src 'self' data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.zuora.com *.google.com *.googletagmanager.com cloud.emailca.merck-animal-health-usa.com cloud.email3.homeagain.com cl.s11.exct.net webto.salesforce.com csxd.contentsquare.net; 2
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src 'self' blob: 2
default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' noembed.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: ; worker-src 'none'; 2
default-src 'self' play.vidyard.com cdn.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com blob: *.datasite.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com play.vidyard.com www.google-analytics.com assets.adobedtm.com service.force.com datasite.my.salesforce.com datasite--staging.lightning.force.com contact-datasite.secure.force.com staging-contact-datasite.cs191.force.com *.salesforceliveagent.com snap.licdn.com s.adroll.com bat.bing.com static.ads-twitter.com scout-cdn.salesloft.com secure.golp4elik.com s.yimg.com d.adroll.mgr.consensu.org sp.analytics.yahoo.com d.adroll.com pi.pardot.com analytics.twitter.com go.datasite.com www.googleadservices.com googleads.g.doubleclick.net code.createjs.com ct.capterra.com lltrck.com static.lightning.force.com *.clarity.ms *.dca0.com cookie-cdn.cookiepro.com geolocation.onetrust.com *.zoominfo.com *.clickagy.com *.hotjar.com js.zi-scripts.com tracking.g2crowd.com js.monitor.azure.com zi-tag.js wcs.naver.net cdn.vidyard.com dc.services.visualstudio.com *.pendo.io https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.datasite.com stackpath.bootstrapcdn.com use.fontawesome.com tagmanager.google.com service.force.com contact-datasite.secure.force.com staging-contact-datasite.cs191.force.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com cookie-cdn.cookiepro.com *.pendo.io *.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: tagmanager.google.com cdnjs.cloudflare.com *.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com play.vidyard.com lltrck.com t.co analytics.twitter.com sp.analytics.yahoo.com bat.bing.com www.google.com px.ads.linkedin.com px4.ads.linkedin.com data.useranalytics.global.datasite.com www.google-analytics.com cookie-cdn.cookiepro.com ct.capterra.com cdn.vidyard.com googleads.g.doubleclick.net analytics.google.com *.pendo.io https://cdn.insight.sitefinity.com https://dec.azureedge.net; media-src 'self' data: blob: cdn.vidyard.com; form-action 'self' localhost:5001 localhost:18080 datasite.sitefinity.cloud datasite-stg.sitefinity.cloud login.microsoftonline.com go.datasite.com event.on24.com webto.salesforce.com syndication.twitter.com platform.twitter.com gateway.on24.com; frame-src 'self' play.vidyard.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com twitter.com service.force.com merrillcorp.demdex.net platform.twitter.com syndication.twitter.com bid.g.doubleclick.net td.doubleclick.net; frame-ancestors 'self' https://*.datasite.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; connect-src 'self' 'unsafe-inline' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com wss: *.datasite.com www.google-analytics.com tagmanager.google.com *.tt.omtrdc.net s.yimg.com stats.g.doubleclick.net play.vidyard.com bat.bing.com dpm.demdex.net scout.salesloft.com contact-datasite.secure.force.com staging-contact-datasite.cs191.force.com *.salesforce-communities.com secure.adnxs.com *.clarity.ms *.dca0.com *.adroll.com cookie-cdn.cookiepro.com geolocation.onetrust.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.hotjar.com *.hotjar.io js.zi-scripts.com analytics.google.com *.analytics.google.com dc.services.visualstudio.com wcs.naver.com px.ads.linkedin.com *.pendo.io https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' cdn.vidyard.com 2
default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net; 2
default-src 'none';media-src https://media.equityapartments.com https://www.youtube.com;connect-src 'self' https://cdn.cookielaw.org https://ka-f.fontawesome.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com  https://stats.g.doubleclick.net https://www.youtube.com/;frame-src https://6677643.fls.doubleclick.net https://www.youtube.com/ https://my.matterport.com/ https://viewer.panoskin.com/;form-action 'self';img-src * 'self' data: *;object-src 'none';sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.google.com ka-f.fontawesome.com www.youtube.com www.google.com maps.googleapis.com googleads.g.doubleclick.net tracker.marinsm.com bat.bing.com connect.facebook.net www.googleadservices.com maps.google.com ajax.googleapis.com code.jquery.com www.google-analytics.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.cookielaw.org www.googletagmanager.com kit.fontawesome.com cdn.cookielaw.org b.clarity.ms e.clarity.ms f.clarity.ms d.clarity.ms g.clarity.ms s.dca0.com;style-src-elem 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ka-f.fontawesome.com; 2
default-src *.stlouisfed.org https://*.cloudflare.com https://*.juicer.io https://*.googletagmanager.com https://*.chicagofed.org https://*.frbdiscountwindow.org https://chicagofed.org https://frbdiscountwindow.org https://*.brightcove.net https://*.qualtrics.com  https://*.libsyn.com https://*.youtube.com https://*.appointment-plus.com  https://*.googleapis.com  https://*.google.com https://*.google-analytics.com 'self' * data:;img-src * https://public.tableau.com *.public.tableau.com *.stlouisfed.org *.brightcove.net *.boltdns.net *.akamaihd.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://*.libsyn.com https://*.youtube.com https://chicagofed.org https://*.twitter.com https://frbdiscountwindow.org https://*.qualtrics.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com 'self' data: blob:;connect-src *.stlouisfed.org http://manifest.prod.boltdns.net *.boltdns.net https://*.akamaihd.net *.brightcove.net *.brightcove.com https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://*.gstatic.com https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://stats.g.doubleclick.net https://*.qualtrics.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.googletagmanager.com 'self'; script-src  https://public.tableau.com *.public.tableau.com https://*.pigeonhole.at *.pigeonhole.at *.stlouisfed.org *.boltdns.net *.brightcove.net *.brightcove.com *.zencdn.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://data.chicagofed.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://*.google-analytics.com https://*.qualtrics.com https://*.google.com https://*.googleapis.com https://www.gstatic.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; frame-src https://public.tableau.com *.public.tableau.com https://pigeonhole.at https://*.pigeonhole.at *.stlouisfed.org https://frbanks.okta.com https://*.hapyak.com *.brightcove.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.appointment-plus.com https://*.twitter.com https://frbdiscountwindow.org https://*.qualtrics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com 'self';style-src *.stlouisfed.org *.brightcove.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://*.googleapis.com 'self' 'unsafe-inline';media-src *.stlouisfed.org *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcove.net https://*.chicagofed.org https://*.cloudflare.com https://*.juicer.io https://*.frbdiscountwindow.org https://chicagofed.org https://*.libsyn.com https://*.youtube.com https://*.twitter.com https://frbdiscountwindow.org https://*.googleapis.com 'self' blob:; 2
frame-ancestors 'self' http://*.vde.com; 2
default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 2
default-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cms.globalconnect.net https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://unpkg.com/axios/dist/ https://unpkg.com/vue@3/dist/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://*.globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.no https://*.globalconnect.de https://*.globalconnect.se https://bat.bing.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://apps.mypurecloud.de https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://*.adform.net; style-src 'unsafe-inline' 'self' https://cms.globalconnect.net; img-src 'self' data: blob: https://cms.globalconnect.net https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://secure.gravatar.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.se/ https://www.google.dk/ https://www.google.fi/ https://www.google.de/ https://www.google.no/ https://www.facebook.com/ https://bat.bing.com/ https://ade.googlesyndication.com https://googleads.g.doubleclick.net/ https://i.ytimg.com https://i.vimeocdn.com https://wp.gcweb.live https://imgsct.cookiebot.com https://ad.doubleclick.net; connect-src 'self' https://*.globalconnect.no https://*.globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.de https://*.globalconnect.se https://api.dataforsyningen.dk/ https://consentcdn.cookiebot.com/ https://yoast.com/ https://api.ip-only.net https://www.google.com/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com https://bat.bing.com/ https://api-cdn.mypurecloud.de wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://api.mypurecloud.de wss://webmessaging.mypurecloud.de; frame-src 'self' data: blob: https://cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://globalconnect.bbvms.com/ https://player.vimeo.com/ https://response.questback.com/ https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://apps.mypurecloud.de https://www.youtube.com/ https://player.vimeo.com/ https://*.doubleclick.net/ https://c1.adform.net; media-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://globalconnect.bbvms.com/ https://www.youtube.com/ https://player.vimeo.com/; form-action 'self' https://cms.globalconnect.net; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 2
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.lidl.pt; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
default-src 'self'  *.oda.com;img-src 'self' *.oda.com  bilder.kolonial.no cdn.sanity.io i.vimeocdn.com beacon-v2.helpscout.net translate.googleapis.com ct.pinterest.com log.pinterest.com www.facebook.com connect.facebook.net *.google-analytics.com www.google.no *.google.com *.g.doubleclick.net 11208031.fls.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com *.ads.linkedin.com www.linked.com www.google.de www.google.fi www.google.no www.google.se *.googletagmanager.com oda.com storage.googleapis.com checkoutshopper-live.adyen.com;style-src 'unsafe-inline' 'self' *.oda.com translate.googleapis.com;script-src 'self' 'unsafe-eval' *.oda.com  'sha256-pEzLvJItiQGQJ0zolcUJWOk0OpSglbs1/WfQMp5FVIE=' 'sha256-GIKHZq3/oZOJA16n4m3gG5ugPl1bXeVAFq2HXhRl2k4=' 'sha256-QLN4/tVmbx4rIRUIwpoTvMI9PyCLdP+V6RSDfQMVEfM=' 'sha256-I86ExWGTaxyCe8DO2enl0FVeI1Ffn2hvJKffQ7mMDr0=' 'sha256-urQLf6bE4FO6GrZtzzHQ9bRTiY1ICV0Iz8pQHuGb5ws=' 'sha256-WOTsCzNkUvdK3fcFeeRSZ6QC7z2q/rpB+2w0fBAOw3s=' 'sha256-N4/5hGfx8xkPtfVswEIqYnX0T8THpCSI4Z57gINwoUw=' js.sentry-cdn.com browser.sentry-cdn.com beacon-v2.helpscout.net messenger.dixa.io script.hotjar.com static.hotjar.com csmetrics.hotjar.com widget.trustpilot.com connect.facebook.net s.pinimg.com www.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com *.doubleclick.net tpc.googlesyndication.com snap.licdn.com tagmanager.google.com;connect-src 'self' *.oda.com   o353884.ingest.sentry.io 1teetjp9.apicdn.sanity.io 1teetjp9.api.sanity.io cdn.sanity.io translate.googleapis.com beaconapi.helpscout.net chatapi.helpscout.net sockjs-helpscout.pusher.com wss://ws-helpscout.pusher.com d33v4339jhl8k0.cloudfront.net d3hb14vkzrxvla.cloudfront.net messenger.dixa.io messenger-edge.dixa.io in.hotjar.com wss://*.hotjar.com *.hotjar.io csmetrics.hotjar.com www.facebook.com ct.pinterest.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.de www.google.fi www.google.no pagead2.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net cdn.linkedin.oribi.io checkoutshopper-live.adyen.com;frame-src acs.3dsecure.no player.vimeo.com messenger.dixa.io widget.trustpilot.com vars.hotjar.com ct.pinterest.com www.facebook.com *.g.doubleclick.net 11208031.fls.doubleclick.net 10181747.fls.doubleclick.net td.doubleclick.net tpc.googlesyndication.com checkoutshopper-live.adyen.com;font-src 'self' *.oda.com script.hotjar.com;media-src beacon-v2.helpscout.net;base-uri 'none';object-src 'none'; 2
default-src blob: data: file: 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com https://*.gstatic.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://*.google.com https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com https://www.googleadservices.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ http://imasdk.googleapis.com/ https://accounts.google.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://player.live-video.net https://www.googleadservices.com https://cdn.jsdelivr.net https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://cdn-ops.verloop.io/livechat-script/1.1.23/script.min.js; connect-src 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.loco.gg https://loco.gg https://*.getloconow.com https://*.easyvideo.in https://player.live-video.net/ https://api.amplitude.com https://*.sentry.io wss://*.getloconow.com:9002 wss://cf-mqtt-ws.getloconow.com wss://dev-cf-mqtt-ws.getloconow.com https://*.googleapis.com http://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.livelikecdn.com https://*.pubnubapi.com https://global.poe.live-video.net/ https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/; style-src 'self' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://www.facebook.com/ https://*.googleapis.com https://*.getloconow.com https://*.easyvideo.in https://*.google.com https://*.loco.gg https://loco.gg https://media.vmax.com/ https://as.vmax.com/getad.php https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/; frame-ancestors 'self' https://*.getloconow.com https://*.easyvideo.in https://*.loco.gg https://loco.gg https://liquipedia.net/; img-src * data:; media-src * blob: data: file:; font-src 'self' fonts.gstatic.com data:; object-src 'none'; worker-src * blob: data: file:; 2
form-action 'self'; block-all-mixed-content 2
frame-ancestors 'self' https://manage.hcinnovationgroup.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2
default-src 'self' data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;frame-src 'self' 'unsafe-inline' https://indd.adobe.com https://www.careerarc.com https://wwwsitecorecom.azureedge.net https://www.facebook.com https://www.google.com https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://w.soundcloud.com/ https://my.walls.io/ https://webinars.sitecore.com;frame-ancestors 'self' https://*.sitecore.com https://*.storylane.io;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/gtm.js https://maps.googleapis.com/ 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://*.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net *.google-analytics.com *.google.com *.google.bg *.googletagmanager.com https://maps.googleapis.com/ https://www.gstatic.com https://*.jquery.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://*.rainfocus.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://api-engage-us.sitecorecloud.io https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js https://walls.io;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://*.rainfocus.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://community.sitecore.net https://community.sitecore.com https://sitecore--c.na116.content.force.com https://sitecore.file.force.com https://www.facebook.com *.google-analytics.com *.google.com *.google.bg *.google.ca *.google.dk https://maps.gstatic.com/ https://maps.googleapis.com/ *.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://*.rainfocus.com https://sitecorecdn.azureedge.net/ https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://symposium.sitecore.com https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://*.rainfocus.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://api-engage-us.sitecorecloud.io;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net https://sitecorecdn.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 2
frame-ancestors https://caramel.la https://caramel.la/* 'self' 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; 2
frame-ancestors 'self' https://*.trendmicro.com https://*.trendmicro.net; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src *.qare.fr *.public-prod.qare.tech *.public-dev.qare.tech *.public-staging.qare.tech *.eks.testing.qare.tech *.eks.dynamic.qare.tech *.public-external.qare.tech *.qare.io www.gstatic.com blob:; font-src * 2
object-src 'none'; form-action https://www.traceparts.com https://ws-edition.tracepartsonline.net https://cdn.tracepartsonline.net https://forms.hsforms.com; frame-ancestors 'none' 2
frame-ancestors 'self' 'trifork.com' 'gotocon.com' 'trifork.dk'; 2
default-src 'self' 'unsafe-inline' data: *.kameleoon.io *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googlesyndication.com *.run.app *.googleapis.com *.akamaihd.net *.crossengage.io *.usercentrics.eu *.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io *.kameleoon.com *.kameleoon.eu *.dat.de *.datgroup.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com mailings.dat.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.crossengage.io *.usercentrics.eu *.mouseflow.com *.akamaihd.net *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.kameleoon.eu *.dat.de *.datgroup.com *.twitter.com *.twimg.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.kameleoon.com *.kameleoon.eu *.googleapis.com *.twitter.com *.twimg.com *.googleapis.com *.fairgarage.de *.fairgarage.com *.dat.de *.datgroup.com *.googletagmanager.com *.google-analytics.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com; frame-src data: 'self' *.doubleclick.net *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.dat.de *.datgroup.com *.usercentrics.eu *.google.com *.googleapis.com *.gstatic.com *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de *.fairgarage.com *.google-analytics.com; font-src 'self' data: *.fairgarage.com; object-src 'none'; 2
default-src 'self' * script-src 'self' 'unsafe-eval'  style-src * 'unsafe-inline' data: 2
default-src 'self' data: blob: *.facebookcareers.com *.metacareers.com *.fbcdn.net *.facebook.com connect.facebook.net 'unsafe-inline' 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' data: blob: www.google-analytics.com www.googletagmanager.com/gtag/js www.youtube.com 'self';style-src data: blob: 'unsafe-inline' *.facebookcareers.com *.metacareers.com *.fbcdn.net *.facebook.com 'unsafe-eval';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.facebookcareers.com *.metacareers.com *.analytics.google.com *.googletagmanager.com *.google-analytics.com;img-src jsv3.recruitics.com 'self' data: blob: *.facebookcareers.com *.metacareers.com www.google-analytics.com *.fbcdn.net *.facebook.com *.googletagmanager.com;frame-src www.youtube.com www.google-analytics.com *.facebook.com *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors 'self' app.bankid.no; 2
connect-src 'self' https://publish.ne.cision.com https://ssm.teliacompany.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://stage.prod.teliacompany.com https://teliacompany.com wss://collection.decibelinsight.net *.decibelinsight.net https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google.com https://www.google.se https://app.lifeinside.io https://backend.lifeinside.io https://media.lifeinside.io; default-src 'self' https://www.googletagmanager.com; font-src 'self' https://cdn.voca.teliacompany.com https://stage.prod.teliacompany.com https://teliacompany.com https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net https://cdn-assets-eu.frontify.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.voca.teliacompany.com https://stage.prod.teliacompany.com https://teliacompany.com https://mb.cision.com data: https://ssm.teliacompany.com blob: https://px.ads.linkedin.com https://www.googletagmanager.com https://media.lifeinside.io; media-src 'self' https://cdn-assets-eu.frontify.com https://media.lifeinside.io; script-src 'self' 'unsafe-eval' blob: https://ssm.teliacompany.com https://cdn.cookielaw.org https://cdn.decibelinsight.net https://www.google.com https://www.gstatic.com https://snap.licdn.com https://stats.g.doubleclick.net https://app.lifeinside.io https://widget.lifeinside.io https://tools.euroland.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; frame-src 'self' https://telia-external.videomarketingplatform.co https://tools.eurolandir.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://telia.videosync.fi https://ssm.teliacompany.com; object-src 'none' 2
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://ats.ccmp.eu  https://www.lidljatek.hu  https://lidljatek.hu  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://ats.ccmp.eu  https://www.lidljatek.hu  https://lidljatek.hu; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 2
default-src 'self' assets-eu.cdn.systems cdnstatic.thstatic.com *.hlisgames.com *.firebaseio.com https://run.evoplay.games rgw.c00.gcsd.io *.chipy.com *.youtube.com *.datamother.com https://www.google.com https://yard.gcsd.io *.mascot.games *.endorphina.fun; frame-src 'self' https://www.google.com https://vimeo.com https://www.youtube.com https://player.vimeo.com https://www.dailymotion.com https://geo.dailymotion.com https://yard.gcsd.io https://www.hlisgames.com https://run.evoplay.games https://game.chipy.com https://cdnstatic.thstatic.com https://*.mascot.games https://*.perfecttlos.com https://*.mancala66.com https://static.cdngri.com https://*.endorphina.fun; script-src 'self' data: https://*.getsitecontrol.com https://*.getsitectrl.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://region1.google-analytics.com https://*.getsitecontrol.com https://*.getsitectrl.com *.firebaseio.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://events.getsitectrl.com wss: datamother.com; img-src 'self' https://region1.google-analytics.com https://dev.chipy.com https://admin.chipy.com https://chipy.com https://*.getsitecontrol.com https://*.getsitectrl.com https://www.google-analytics.com  https://www.googletagmanager.com https://i.ytimg.com https://i.vimeocdn.com https://videoapi-muybridge.vimeocdn.com data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 2
default-src 'self' https://irxcm.com/ https://preferencecenter.pg.com/ https://p192909.pg.promosvcs.com/ https://td.doubleclick.net/ https://*.doubleclick.net/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://login.windows.net.rproxy.goskope.com/ https://cdn.cpnscdn.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://rpxnow.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.incentives.gcp.pgcloud.com https://*.crazyegg.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com/ data: feed.pghub.io pandg.tapad.com ; img-src * 'self' https://*.ctfassets.net/ https://cdn.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com https://images.ctfassets.net/ blob: data: https: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://pixel.tapad.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://cdn.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com https://optimize.google.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://irxcm.com/ https://preferencecenter.pg.com/ https://p192909.pg.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://objects.githubusercontent.com/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://analytics.tiktok.com/ https://api.ipify.org/ https://www.instagram.com/embed.js https://z.moatads.com/ https://pghub.io/ https://www.tp88trk.com/ https://cdn.cookielaw.org/ https://*.cookielaw.org/ https://script.crazyegg.com/ https://container.pepperjam.com/ https://connect.facebook.net/ https://www.gstatic.com https://www.google.com https://c.lytics.io https://www.youtube.com https://www.youtube-nocookie.com https://procter-gamble-qa.us-dev.janraincapture.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://rpxnow.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://www.googleadservices.com/ https://pge.segmanta.com/ https://js.adsrvr.org/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://secure.addrexx10.com/ https://github.com/Cognigy/ https://endpoint-trial.cognigy.ai/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ https://app.launchdarkly.com/ https://events.launchdarkly.com/ https://40n23zgkic3y-a.akamaihd.net https://*.incentives.gcp.pgcloud.com https://*.crazyegg.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://quilt-cdn.janrain.com/ https://fonts.googleapis.com/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com https://script.crazyegg.com feed.pghub.io pandg.tapad.com ; frame-src 'self' https://irxcm.com/ https://zsec.ltimindtree.com/ https://*.zscaler.com/ https://preferencecenter.pg.com/ https://ad.doubleclick.net/ https://td.doubleclick.net/ https://*.doubleclick.net/ https://p192909.pg.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://pah.quotient.com/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://api.ipify.org/ https://pg-lex.my.salesforce-sites.com/ https://*.azurewebsites.net.rproxy.goskope.com/ https://www.instagram.com/ https://pandg.tapad.com/ https://*.pepperjamnetwork.com/ https://sg.pggoodeveryday.com/ https://*.pg.promosvcs.com/ https://www.facebook.com/ https://*.fls.doubleclick.net/ https://www.coupons.com/ https://consumersupport.pg.com/ https://consumeraccessapi.smartsource.com https://gears.websaver.ca/ https://pgsurveys.segmanta.com/ https://9942807.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://stagegears.websaver.ca/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/ https://match.adsrvr.org/ https://procter-gamble-qa.us-dev.janraincapture.com/ https://gateway.zscaler.net/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.crazyegg.com https://*.incentives.gcp.pgcloud.com https://jebbit.tide.com feed.pghub.io pandg.tapad.com ; object-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' https://dc---services.visualstudio.com.rproxy.goskope.com/ https://dc.services.visualstudio.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://cdn-uat.pg-campaigns.com/ https://cdn.pg-campaigns.com/ https://events.launchdarkly.com/ https://irxcm.com/ https://app.launchdarkly.com/ https://web-sandbox.pypestream.com/ https://web.pypestream.com/ wss://endpoint-app.cognigy.ai/ https://endpoint-app.cognigy.ai/ https://pg-lex--dev.sandbox.file.force.com/ https://pg-lex.file.force.com/ wss://endpoint-trial.cognigy.ai/ https://objects.githubusercontent.com/ https://github.com/Cognigy/ https://endpoint-trial.cognigy.ai/ https://consent-api.onetrust.com/ https://*.onetrust.com/ https://api.ipify.org/ https://www.instagram.com/embed.js https://pgcouponnpsausuat01---blob---core.windows.net.rproxy.goskope.com/ https://pgcouponcdndev.coupon.pg.com/ https://qacdn.coupon.pg.com/ https://uatcdn.coupon.pg.com/ https://cdn.coupon.pg.com/ https://gateway.zscaler.net/ https://pgcouponnpsausqa01---blob---core.windows.net.rproxy.goskope.com/ https://api.contentful.com https://z.moatads.com/ https://px.moatads.com/ https://*.bf.dynatrace.com/ https://cdn.cpnscdn.com/ https://*.ctfassets.net/ https://images.ctfassets.net/ https://ups.analytics.yahoo.com/ https://trk.shophermedia.net/ https://pghub.io/ https://www.tp88trk.com/ https://*.pepperjam.com/ https://www.facebook.com/ https://connect.facebook.net/ https://*.algolianet.com/ https://*.onetrust.io/ https://*.algolia.net/ https://*.crazyegg.com https://cdn.cookielaw.org/ https://*.cookielaw.org/ https://dc---services.visualstudio.com.rproxy.goskope.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://pixel.rubiconproject.com https://mediaid.pg.com/ https://insight.adsrvr.org https://www.gstatic.com https://s.amazon-adsystem.com https://c.lytics.io https://api.segment.io https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://analytics.tiktok.com/ https://rpxnow.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://js-cdn.dynatrace.com/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/ https://*.janraincapture.com/ https://optimize.google.com https://xxredda.s3.amazonaws.com/ https://40n23zgkic3y-a.akamaihd.net https://*.crazyegg.com https://*.incentives.gcp.pgcloud.com https://secure.addrexx10.com/ feed.pghub.io pandg.tapad.com ; 2
frame-ancestors 'self'; default-src https: data: blob: wss:; object-src 'none'; upgrade-insecure-requests; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; worker-src 'self' blob:; 2
default-src 'self' *.1mp.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.amazonaws.com *.walkmeusercontent.com *.vimeo.com *.google.com *.googleapis.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com www.gstatic.com www.google-analytics.com translate.google.com *.googleapis.com *.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; style-src 'self' 'unsafe-inline' *.googleapis.com www.gstatic.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com cdn.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; font-src 'self' data:; worker-src 'self' blob:; frame-src 'self' *.1mp.com www.screencast.com www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.walkmeusercontent.com *.vimeo.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com 2
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com https://www.google-analytics.com https://iptrack.io;  font-src https: data:; img-src 'self' data: https://dashboard.whoisvisiting.com https://www.google-analytics.com https://resources.bamboohr.com https://vimeo.com https://i.vimeocdn.com https://i.ytimg.com; style-src https: 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://virtual1.bamboohr.com https://api.craftcms.com; media-src *; child-src https://player.vimeo.com https://www.youtube.com https://www.eventbrite.co.uk https://virtual1.mudbank.uk https://virtual1.com https://stage01.virtual1.com 2
default-src 'none'; connect-src 'self' https://www.google-analytics.com ; font-src 'self'; form-action 'self' https://lmra.us11.list-manage.com; frame-src 'self' https://cse.google.com https://www.google.com https://www.questionpro.com https://outlook.office365.com https://login.microsoftonline.com https://res.cdn.office.net; img-src data: 'self' https://www.google-analytics.com  https://*.google.com https://*.gstatic.com https://img.youtube.com https://lmra.bh https://ssl.gstatic.com https://www.google.com https://www.googleapis.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com  https://cse.google.com https://www.google.com https://www.gstatic.com https://www.questionpro.com; style-src 'self' 'unsafe-inline' https://www.google.com; frame-ancestors 'self'; manifest-src 'self' 2
default-src ws: wss: http: https: about: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://app.cyberimpact.com/csp-violation-report/ 2
default-src 'self' *.statistik.at *.local *.google.com *.gstatic.com *.statistik *.openstreetmap.org 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com *.doubleclick.net *.bing.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 2
frame-ancestors self cms.iffr.com iffr.com iffr.com.main-bvxea6i-qfyruyad6alua.eu-4.platformsh.site *.platform.sh tickets.iffr.com *.ticketworks.nl 2
script-src 'self' 'unsafe-inline' 'strict-dynamic' https://use.typekit.net cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://polyfill.io https://unpkg.com https://use.fontawesome.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com https://*.azureedge.net https://*.googleadservices.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://polyfill.io https://unpkg.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com blob: cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://fonts.googleapis.com https://p.typekit.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; frame-ancestors 'self' 2
object-src 'unsafe-inline' 2
frame-src 'self'; frame-ancestors 'self' https://chalk.charter.com https://*.figaro.spectrumtoolbox.com https://*.corp.chartercom.com https://astro.pi-charter.net https://astro.pi.spectrum.net https://support.spectrumtoolbox.com; object-src 'none'; 2
frame-ancestors https://www.cwtanalytiqs.com https://int.cwtanalytiqs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.cookielaw.org https://cdnjs.cloudflare.com service.maxymiser.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://img04.en25.com https://connect.facebook.net https://fonts.googleapis.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://bugcrowd.com https://assets.bugcrowdusercontent.com https://geolocation.onetrust.com https://www.youtube.com img04.en25.com/i/elqCfg.min.js https://s.go-mpulse.net siteimproveanalytics.com *.contentsquare.com *.infogram.com *.contentsquare.net *.adobe.com *.turtl.co *.vimeo.com *.joinsherpa.io https://snap.licdn.com https://s2068514591.t.eloqua.com https://www.buzzsprout.com; object-src 'self'; 2
default-src https: blob: data: 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src https: blob: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.hotjar.com; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 2
frame-ancestors 'self' *.oakgov.com *.okta.com *.g2gcloud.com; 2
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 2
frame-ancestors 'self'; report-uri https://csp-reports.apis.cuf.pt/_csp 2
frame-src 'self' https://optimize.google.com https://staging.eigendev.com https://ms1.eigendev.com https://bid.g.doubleclick.net *.lpsnmedia.net *.liveperson.net *.hotjar.com *.fls.doubleclick.net *.salecycle.com https://www.google.com https://customersso.rvs.com https://customersso-stage.rvs.com https://customer-sso-api.kong.test.site-testing.com https://gsclaimsubmissions.wufoo.com https://acquire1.comenity.net *.youtube.com *.googlesyndication.com https://console.googletagservices.com https://td.doubleclick.net 2
frame-ancestors wakefit.co cont-sites.bajajfinserv.in 2
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2
default-src * 'unsafe-inline' data: blob: https:; script-src 'self' https://api.geevisit.com https://*.geetest.com https://dn-staticdown.qbox.me https://*.waves.exchange https://cdn.ravenjs.com https://wavesplatform.innocraft.cloud https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://www.googletagmanager.com https://widget.intercom.io/widget/ibdxiwmt https://js.intercomcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://coinomat.com https://*.wavesplatform.com https://*.wvservices.com https://*.wavesnodes.com https://connect.facebook.net https://keycloak.wvservices.exchange https://impersonate-dev.wvservices.exchange 'unsafe-inline' 'unsafe-eval' blob:; upgrade-insecure-requests; report-uri https://waves-exchange.report-uri.com/r/d/csp/enforce 2
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://cdnjs.cloudflare.com *.cloudfront.net *.gstatic.com *.googleapis.com *.webformatlabs.com *.pu.subcom.it *.passioneunghie.com *.passionebeauty.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://forms-eu1.hsforms.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.youtube.com integration.api.scalapay.com api.scalapay.com consentcdn.cookiebot.com www.paypalobjects.com *.paypal.com *.hipay-tpp.com *.hipay.com *.facebook.com www.youtube.com www.twitter.com *.nr-data.net *.criteo.net/ *.criteo.com/ *.hotjar.com https://optimize.google.com youtube.com https://*.adform.net https://cdn.smooch.io/ *.hsforms.com *.hubspot.com https://*.hs-sites-eu1.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr integration.api.scalapay.com api.scalapay.com www.sandbox.paypal.com *.hipay-tpp.com *.hipay.com *.paypal.com *.cloudfront.net *.googleadservices.com *.google-analytics.com https://www.googletagmanager.com www.google.it *.google.com *.webformatlabs.com *.pu.subcom.it *.passioneunghie.com *.passionebeauty.com *.criteo.net/ *.criteo.com/ *.facebook.com https://s.thebrighttag.com https://beacon.krxd.net https://ad.yieldlab.net https://matching.ivitrack.com https://visitor.omnitagjs.com https://*.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://exchange.mediavine.com https://contextual.media.net https://ad.360yield.com https://ib.adnxs.com https://dis.criteo.com https://cm.g.doubleclick.net https://x.bidswitch.net https://r.casalemedia.com https://sync.outbrain.com https://match.sharethrough.com https://id5-sync.com https://criteo-partners.tremorhub.com https://sync-criteo.ads.yieldmo.com *.hsforms.com *.hubspot.com https://track.hubspot.com https://perf-eu1.hsforms.com https://cta-eu1.hubspot.com https://js-eu1.hubspot.com https://static.hubspot.com *.hsappstatic.net https://optimize.google.com *.googleapis.com *.gstatic.com *.etrusted.com https://analytics.tiktok.com https://cdn.qapla.it https://s.pinimg.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com commerce.adobe.io geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://cdnjs.cloudflare.com integration.api.scalapay.com api.scalapay.com *.cloudfront.net *.fontawesome.com *.google-analytics.com googletagmanager.com *.gstatic.com js-agent.newrelic.com *.webformatlabs.com *.pu.subcom.it *.passioneunghie.com *.passionebeauty.com consent.cookiebot.com consentcdn.cookiebot.com bam.eu01.nr-data.net https://www.googleoptimize.com https://optimize.google.com *.criteo.net/ *.criteo.com/ *.hotjar.com s7.addthis.com *.hipay-tpp.com *.hipay.com zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com www.recaptcha.net *.facebook.com *.doubleclick.net https://*.adform.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hubspot.com *.hubspotfeedback.com https://www.googleanalytics.com https://cdn.logico3c.com *.webgains.io *.solocpm.com *.tangooserver.com https://api.qapla.it *.googleapis.com ws.colissimo.fr *.onyourmap.com *.mapbox.com https://analytics.tiktok.com *.euh.stape.io *.euh.stape.net https://ajax.googleapis.com https://s.pinimg.com https://cdn.scalapay.com *.google.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com integration.api.scalapay.com api.scalapay.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.hipay-tpp.com *.hipay.com *.paypal.com *.cloudfront.net *.gstatic.com js-agent.newrelic.com *.webformatlabs.com *.pu.subcom.it *.passioneunghie.com *.passionebeauty.com *.facebook.com https://optimize.google.com *.etrusted.com https://api.qapla.it *.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://nominatim.openstreetmap.org consentcdn.cookiebot.com api-staging.oney.io api.oney.io integration.api.scalapay.com api.scalapay.com *.hipay-tpp.com *.hipay.com *.paypal.com *.cloudfront.net consent.cookiebot.com *.doubleclick.net *.pu.subcom.it *.webformatlabs.com *.passioneunghie.com *.passionebeauty.com bam.eu01.nr-data.net pagead2.googlesyndication.com *.facebook.com zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com www.recaptcha.net *.hotjar.com *.google.com *.criteo.net/ *.criteo.com/ *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://*.adform.net *.webgains.io *.googleapis.com ws.colissimo.fr *.onyourmap.com *.mapbox.com api.qapla.it https://analytics.tiktok.com *.euh.stape.io *.euh.stape.net https://s.pinimg.com *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self' *.meutudo.app https://www.google.com https://meutudo.api.useinsider.com https://event.getblue.io https://s.amazon-adsystem.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://no-cdn.convertexperiments.com https://app.varify.io https://editor.varify.io *.api.useinsider.com https://www.trustedsite.com/rpc/ajax *.amazon-adsystem.com *.gstatic.com https://cdn-4.convertexperiments.com/js/10041799-10042103.js https://cdn.ywxi.net *.facebook.net https://event.getblue.io https://meutudo.api.useinsider.com https://api.useinsider.com/sw.js https://s1.kwai.net/ https://static.hotjar.com https://script.hotjar.com https://widget.getblue.io/event/ https://www.clarity.ms/ *.google.com https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com; 2
default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com https://www.shoplooks.com https://api.bam-x.com https://app.qubit.com https://www.pinterest.com blob: https://*.attn.tv https://*.powerreviews.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.hotjar.com wss://*.hotjar.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://api.bam-x.com https://events.release.narrativ.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.skinstore.com https://tr.snapchat.com https://*.contentsquare.net https://*.attn.tv https://events.attentivemobile.com https://*.criteo.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.skinstore.com https://m.skinstore.com https://checkout.skinstore.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.pinimg.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://analytics.tiktok.com https://*.ibytedtos.com https://static.narrativ.com https://static.goqubit.com https://*.qubit.com https://d3drxpsm374orh.cloudfront.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.attn.tv https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com https://*.powerreviews.com; upgrade-insecure-requests; report-to report-endpoint 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://fpnpmcdn.net https://fpjscdn.net wpext.pl *.wpext.pl *.survicate.com *.doubleverify.com s1.adform.net track.adform.net rt.inistrack.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.sensic.net system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl pocztanh.wpcdn.pl *.wpcdn.pl *.tradedoubler.com *.hit.gemius.pl *.adocean.pl *.salesmore.pl onapi.o2.pl *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.2mdn.net *.googleadservices.com d.rxthdr.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.moatads.com ib.adnxs.com adservice.google.pl adservice.google.com *.meetrics.net *.mxcdn.net static.criteo.net imasdk.googleapis.com cdn.netsco.re 3p.ampproject.net *.payu.com *.doubleverify.com ho.novem.pl embed.typeform.com grid.grupawp.pl; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.survicate.com pocztanh.wpcdn.pl s1.adform.net track.adform.net rt.inistrack.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl; img-src 'self' data: blob: res.cloudinary.com *.nsaudience.pl *.survicate.com events.mediarithmics.com s1.adform.net track.adform.net rt.inistrack.net *.exactag.com a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl zasobygwp.pl zasoby.tlen.pl pl-gmtdmp.mookie1.com system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl rek.www.wp.pl *.adocean.pl *.wpimg.pl *.wpcdn.pl *.moatads.com *.tradedoubler.com ads.salesmore.pl *.doubleclick.net *.2mdn.net bs.serving-sys.com *.googlesyndication.com *.google.com delivery.way2traffic.com *.hit.gemius.pl t.qservz.com cdn.qservz.com beta.pocketads.pl ssl.google-analytics.com dmp.adform.net asa.allegro.pl ad.atdmt.com ads.businessclick.com/mailing/ *.meetrics.net *.mxcdn.net stags.bluekai.com idea-bank-kredyty.sjv.io www.ojrq.net/p/ secure-gl.imrworldwide.com www.facebook.com *.payu.com *.doubleverify.com ho.novem.pl; media-src 'self' v.wpimg.pl adv.wp.pl *.wpcdn.pl data:; child-src 'self' blob: a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net my.adocean.pl *.bing.com adexa.me googleads.g.doubleclick.net; frame-src 'self' blob: *.survicate.com *.wpext.pl wpext.pl a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.wpimg.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl *.wpcdn.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net my.adocean.pl *.bing.com adexa.me www.google.com/recaptcha/ *.criteo.com googleads.g.doubleclick.net masscdn.com *.payu.com *.doubleverify.com ho.novem.pl gwp.typeform.com; font-src 'self' data: *.survicate.com a.wpimg.pl a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.wpcdn.pl; connect-src 'self' https://fpnpmcdn.net https://api.fpjs.io https://*.api.fpjs.io *.survicate.com *.wpext.pl wpext.pl *.sensic.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.videostar.pl *.hit.gemius.pl imppl.tradedoubler.com secure.espago.com wp.tv csi.gstatic.com static.criteo.net bidder.criteo.com *.moatads.com *.meetrics.net wss://poczta.o2.pl wss://nowy.tlen.pl wss://poczta.wp.pl wss://nowapoczta.wp.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpcdn.pl *.money.pl www.google.com pubs2-eu.creativecdn.com v.wpimg.pl a.wpimg.pl profil.o2.pl *.netscore.eu/v2/api/adinfo/ ib.adnxs.com/ptv *.googlesyndication.com *.payu.com *.doubleverify.com ho.novem.pl; report-uri /csp-reports; manifest-src 'self' 'unsafe-eval' 2
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://tigo.us18.list-manage.com https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-7Fp7MEYPiWwFlFSMtMrgFGtyV65kiMzqzrPzl5b9JcE=' 'sha256-1eitAMOMBEWQWrEo2CI2KMY9gYgxOeJjntcD0Puyirw=' 'sha256-kw7rMCesUws2kQMU9IXUxO6kflQ3bRrMMDWqFbNNfHs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.quantserve.com/ https://www.instagram.com/ https://app.termly.io/ https://www.google.com/ https://www.gstatic.com/ http://rules.quantcount.com/ http://cdn.scarabresearch.com/ https://assets.juicer.io/ https://www.googletagmanager.com/ http://cdn.scarabresearch.com/ https://cdn.levelaccess.net/ https://www.google-analytics.com/ https://www.googleadservices.com/ http://pixel.quantserve.com/ http://connect.facebook.net/ https://secure-ds.serving-sys.com/ https://s.pinimg.com/ http://xfqprspx.micpn.com/ https://static.bytedance.com/ http://www.lightboxcdn.com/ http://api.lightboxcdn.com/ https://bs.serving-sys.com/ http://www.juicer.io/; object-src 'none' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.milliman.com https://www.googletagmanager.com https://www.google-analytics.com https://www.buzzsprout.com https://bat.bing.com https://solutions.invocacdn.com https://milliman.aiproxies.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://analytics.cdn.aimediagroup.com https://pnapi.invoca.net https://googleads.g.doubleclick.net https://analytics.aimediagroup.com https://maps.googleapis.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://public.tableau.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://static.hotjar.com https://script.hotjar.com https://*.6sc.co https://static.cloud.coveo.com https://siteimproveanalytics.com https://www.clarity.ms; img-src 'self' data: https://*.milliman.com https://assets.buzzsprout.com https://www.google-analytics.com https://bat.bing.com https://cf-images.us-east-1.prod.boltdns.net https://analytics.aimediagroup.com https://milliman.aiproxies.com https://www.google.com https://www.google.ca https://match.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com *.googleapis.com *.ggpht https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://public.tableau.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.6sc.co https://*.siteimproveanalytics.io; style-src 'self' 'unsafe-inline' https://*.milliman.com https://fonts.googleapis.com https://cloud.typenetwork.com https://assets.buzzsprout.com https://platform.twitter.com https://ton.twimg.com; font-src 'self' https://*.milliman.com https://fonts.gstatic.com https://cloud.typenetwork.com https://ton.twimg.com https://fastly-cloud.typenetwork.com; frame-src 'self' https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://platform.twitter.com https://html5-player.libsyn.com https://bid.g.doubleclick.net https://www.youtube.com https://public.tableau.com https://vars.hotjar.com https://syndication.twitter.com https://milliman.aiproxies.com https://*.vimeo.com; child-src 'self' https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://www.twitter.com html5-player.libsyn.com https://bid.g.doubleclick.net; connect-src 'self' https://*.milliman.com https://cdn.linkedin.oribi.io https://assets5.lottiefiles.com https://*.analytics.org.coveo.com https://*.clarity.ms https://lottie.host https://assets9.lottiefiles.com https://analytics.cloud.coveo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com  https://pnapi.invoca.net https://bam.nr-data.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://usageanalytics.coveo.com https://platform.cloud.coveo.com https://www.milliman.com https://us.milliman.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://milliman.aiproxies.com https://*.6sc.co https://geolocation.onetrust.com https://secure.adnxs.com; upgrade-insecure-requests;  block-all-mixed-content; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; upgrade-insecure-requests; base-uri 'self'; 2
frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 2
frame-ancestors 'none'; report-uri https://prod-fhs-rn-csp-service.rbictg.com/csp; report-to csp-endpoint 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://js-agent.newrelic.com https://player.vimeo.com https://polyfill.io/v3/polyfill.min.js https://unpkg.com https://www.google-analytics.com https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://connect.facebook.net https://polyfill.io https://cdn.ckeditor.com https://cdn.jsdelivr.net https://docx-converter.cke-cs.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://fast.fonts.net https://demo.dashboardpack.com https://cdn.jsdelivr.net; img-src 'self' https://i.vimeocdn.com https://www.google-analytics.com https://www.googletagmanager.com data: https://*.google-analytics.com; media-src 'self'; frame-src 'self' https://player.vimeo.com https://cdn.yoshki.com https://api-6fc85ce3.duosecurity.com; child-src 'self' https://player.vimeo.com; font-src 'self' https://demo.dashboardpack.com data:; connect-src 'self' https://bam.nr-data.net https://*.algolia.net https://www.google-analytics.com https://*.algolianet.com https://*.google-analytics.com https://www.googletagmanager.com https://*.cke-cs.com; report-uri /report-csp-violation 2
frame-ancestors https://*.nowaera.pl 2
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.five9.com https://*.hotjar.com https://*.mktoresp.com https://*.pointillist.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://*.marketo.com https://*.jotform.com https://*.jotformpro.com https://*.arvig.com https://*.arvig.net https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://*.opendns.com/; frame-ancestors 'none'; frame-src 'self' https://*.jotform.com https://*.jotformpro.com https://*.marketo.com https://*.youtube.com https://youtu.be https://*.arvig.com https://*.arvig.net https://*.five9.com https://*.google.com https://*.paymentus.com https://*.hotjar.com https://maps.googleapis.com https://*.opendns.com/; img-src 'self' https://*.youtube.com https://*.five9.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagemanager.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://maps.gstatic.com; manifest-src 'none'; media-src https://*.five9.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://*.marketo.net https://*.five9.com https://www.googletagmanager.com https://*.hotjar.com https://*.pointillist.com https://www.google-analytics.com https://*.mktoresp.com https://tagmanager.google.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://maps.googleapis.com https://translate-pa.googleapis.com https://translate-pa.googleapis.com/*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.marketo.com https://*.five9.com https://*.hotjar.com https://www.google-analytics.com https://tagmanager.google.com https://translate.google.com https://translate.google.com/* https://translate.googleapis.com https://translate.googleapis.com/* https://www.gstatic.com https://www.gstatic.com/* https://maps.googleapis.com; worker-src 'none' 2
frame-ancestors 'self' *.orange.ro  2
upgrade-insecure-requests; default-src 'self'; frame-src 'self' vimeo.com *.vimeo.com *.linkedin.com linkedin.com snap.licdn.com *.elfsight.com *.googleapis.com *.lamapoll.de *.microsoftonline.com *.podigee.com *.podigee-cdn.net *.tuv-nord.com *.tuvnordegypt.com *.yammer.com lamapoll.de microsoftonline.com partner.vytal.org www.google.com www.youtube-nocookie.com www.youtube.com yammer.com *.whatchado.com whatchado.com crm.de player.vimeo.com; style-src 'self' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.googleapis.com *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.walkme.com tuev-nord.de www.nord-kurs.de www.youtube.com *.moin.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.linkedin.com linkedin.com *.consentmanager.net consentmanager.net *.b-cdn.net snap.licdn.com *.amazonaws.com *.assets-yammer.com *.bing.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.elfsight.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.jquery.com *.lamapoll.de *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.userlike.com *.walkme.com assets-yammer.com connect.facebook.net f.vimeocdn.com hs-analytics.net lamapoll.de tuev-nord.de tuvnordvietnam.com.vn *.google-analytics.com www.google-analytics.com targetbox.de *.targetbox.de www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.nord-kurs.de www.youtube.com *.hs-banner.com js-hs-banner.com *.hs-scripts.com hs-scripts.com js.hsleadflows.net js.hsadspixel.net *.createjs.com zingtree.com *.moin.ai blob:; font-src 'self' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.cloudfront.net *.gstatic.com *.podigee.com *.podigee-cdn.net *.tuev-nord.de tuev-nord.de www.nord-kurs.de *.moin.ai data:; connect-src 'self' *.recruitmentplatform.com recruitmentplatform.com *.oribi.io *.hs-banner.com js-hs-banner.com *.hs-scripts.com snap.licdn.com *.amazonaws.com *.bbbserver.de *.bing.com *.clarity.ms *.consentmanager.mgr.consensu.org *.doubleclick.net *.elfsight.com *.googleapis.com *.herokuapp.com *.tuev-nord.de *.tuv-nord.com *.userlike.com targetbox.de *.targetbox.de bbbserver.de tuev-nord.de wss://tuev-academy-chatbot.herokuapp.com wss://umd.userlike.com *.google-analytics.com www.google-analytics.com www.youtube.com www.nord-kurs.de api.hubapi.com forms.hubspot.com *.moin.ai wss://bot.moin.ai; img-src * data:; media-src * blob:; 2
frame-ancestors 'self' https://www.baby.ru https://postila.ru https://www.neboleem.net https://www.beautyinsider.ru 2
base-uri 'self'; script-src 'self' https://apis.google.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' *.uniserve.com s3.amazonaws.com cdnjs.cloudflare.com www.google-analytics.com www.google.com www.gstatic.com; upgrade-insecure-requests; 2
frame-ancestors 'self' *.pucv.cl; 2
default-src 'self' localhost:* ws://localhost:*              framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx      www.youtube.com *.www.youtube.com              www.loterianacional.gob.mx               www.pronosticos.gob.mx               www.lotenal.gob.mx               www.google.com *.www.google.com               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               w3.org *.w3.org               www.googletagmanager.com *.www.googletagmanager.com               www.google-analytics.com *.www.google-analytics.com      documentservices.adobe.com *.documentservices.adobe.com      viewlicense.adobe.io *.viewlicense.adobe.io               unpkg.com *.unpkg.com;                            object-src 'self' localhost:* ws://localhost:*;font-src 'self'               fonts.gstatic.com *.fonts.gstatic.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               kit-pro.fontawesome.com *.kit-pro.fontawesome.com      data:               localhost:* ws://localhost:*;              style-src 'self' 'unsafe-inline'               www.googletagmanager.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               kit-pro.fontawesome.com *.kit-pro.fontawesome.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              media-src *;              img-src * data:;              script-src 'self' 'unsafe-inline'               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               www.googletagmanager.com *.www.googletagmanager.com               www.google.com *.www.google.com               www.gstatic.com *.www.gstatic.com      documentservices.adobe.com *.documentservices.adobe.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              frame-ancestors 'self' www.google.com localhost:*;               2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src 'self' data: https: 'unsafe-inline'; frame-src 'self' https:; style-src 'self' https: 'unsafe-inline' 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.mql5.com search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.mql5.com chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.mql5.com https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.mql5.com www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
frame-ancestors 'none', upgrade-insecure-requests 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.segment.com cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com boards.greenhouse.io *.algolia.net *.algolianet.com buttons.github.io yastatic.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net js-agent.newrelic.com discover.clickhouse.com munchkin.marketo.net player.vimeo.com connect.facebook.net cdn-prod.securiti.ai cookie-cdn.cookiepro.com www.youtube.com https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://app.clearbit.io https://cdn-prod.securiti.ai marketo.clearbit.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com discover.clickhouse.com https://cdn-prod.securiti.ai;img-src * 'self' data: https:;object-src 'self' blog-images.clickhouse.com;connect-src 'self' https://boards-api.greenhouse.io/ https://apim.workato.com/ https://api.segment.io/v1/ https://api.segment.io/ https://cdn.segment.com/v1/projects/dZuEnmCPmWqDuSEzCvLUSBBRt8Xrh2el/settings https://cdn.segment.com/v1/projects/pYKX60InlEzX6aI1NeyVhSF3pAIRj4Xo/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* http://clickhouse.com *.google-analytics.com api.github.com cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com bam.nr-data.net *.mktoresp.com yoast.com cdn.segment.com api.vimeo.com cdn-prod.securiti.ai app.securiti.ai cookie-cdn.cookiepro.com geolocation.onetrust.com privacyportal.cookiepro.com *.clickhouse.com https://cdn.plyr.io https://noembed.com https://cdn.linkedin.oribi.io https://app.clearbit.io https://app.clearbit.com;frame-src blob: https://www.youtube-nocookie.com www.youtube.com player.vimeo.com blog-images.clickhouse.com boards.greenhouse.io discover.clickhouse.com webto.salesforce.com bid.g.doubleclick.net app.hex.tech *.clickhouse.com https://js.driftt.com https://widget.drift.com;font-src 'self' fonts.gstatic.com data:;form-action 'self' webto.salesforce.com;frame-ancestors https://*.clickhouse.com;prefetch-src 'self'; 2
frame-ancestors 'self' http://app.reskyt.com/ ; 2
script-src *.bigcommerce.com *.betrad.com *.ipify.org *.kaptcha.com *.jebbit.com *.lightboxcdn.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.devcloudsoftware.com *.zmags.com *.jquery.com *.crazyegg.com *.adsrvr.org sc-static.net *.pinimg.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.stripe.com *.doubleclick.net *.googletagmanager.com *.agkn.com *.pgsitecore.com  *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.rewardstyle.com *.adsrvr.org *.adsrvr.org *.moatads.com *.attn.tv *.linkedin.com *.youtube.com *.ytimg.com *.bing.com *.gstatic.com smileadvisor.crest.com *.addthis.com *.addthisedge.com *.moatads.com *.agkn.com *.online-metrix.net *.ravenjs.com *.addrexx10.com *.bizographics.com *.cardinalcommerce.com *.bazaarvoice.com *.yotpo.com  cdn.cookielaw.org  *.cloudfront.net *.rpxnow.com *.iesnare.com *.polyfill.io geolocation.onetrust.com *.sharethis.com *.tapad.app *.pepperjam.com *.segment.com *.affirm.com *.minibc.com *.pricespider.com *.mapbox.com *.lytics.io *.ordergroove.com *.pepperjamnetwork.com *.tp88trk.com *.snapchat.com *.tiktok.com *.rokt.com *.ssacdn.com *.swaven.com pghub.io https://tapjoy.go2cloud.org/SL2Wm https://shareasale-analytics.com/j.js optanon.blob.core.windows.net b-code.liadm.com 'self' 'unsafe-eval' 'unsafe-inline' blob: 2
base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 2
frame-ancestors 'self' https://analyse.dipf.de/ http://analyse.dipf.de/; 2
base-uri 'self';frame-ancestors 'self';object-src 'none' 2
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.branch.io cdn.moengage.com https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: https://img.riskified.com moe-email-campaigns.s3.amazonaws.com image.moengage.com https://web-elb https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com rb-plus.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com http://origin-st.redbus.in https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' st.redbus.in payment.pagoefectivo.pe *.firebaseapp.com *.firebaseio.com  www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com xds.gsecondscreen.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' wss://rbpub.redbus.com s3-ap-southeast-1.amazonaws.com *.moengage.com analytics.google.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com wss://*.gamooga.com www.google-analytics.com graph.facebook.com accounts.google.com 2
default-src 'self' https://www.gravatar.com https://player.vimeo.com *.vimeocdn.com https://packages.umbraco.org https://our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gl-prod-portal-cache.azureedge.net https://glprodportal.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://fonts.googleapis.com https://apis.google.com https://use.typekit.net https://www.youtube.com https://*.vo.msecnd.net https://gl-wip-portal-umb.azurewebsites.net https://gl-test-portal-umb.azurewebsites.net https://gl-prod-portal-umb.azurewebsites.net https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://atlas.microsoft.com https://www.instagram.com https://ajax.googleapis.com https://connect.facebook.net https://fast.fonts.net https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://az416426.vo.msecnd.net https://analytics.google.com https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://gl-prod-portal-cache.azureedge.net https://glprodportal.blob.core.windows.net unsafe-inline https://fonts.googleapis.com https://fast.fonts.net https://tagmanager.google.com https://plus.browsealoud.com https://www.browsealoud.com https://use.typekit.net https://p.typekit.net https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://atlas.microsoft.com https://www.google.com https://www.gstatic.com;img-src 'self' https://gl-prod-portal-cache.azureedge.net https://glprodportal.blob.core.windows.net https://www.google-analytics.com https://p.typekit.net https://atlas.microsoft.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://browsealoud-webservices-8.texthelp.com https://plus.browsealoud.com https://www.browsealoud.com https://bbox.blackbaudhosting.com https://events.glasgowlife.org.uk https://i.vimeocdn.com https://www.gravatar.com https://umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org https://our.umbraco.com https://www.google.com https://www.google.co.uk https://www.facebook.com;media-src 'self' https://gl-prod-portal-cache.azureedge.net https://glprodportal.blob.core.windows.net blob: https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net;font-src 'self' https://gl-prod-portal-cache.azureedge.net https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://plus.browsealoud.com https://www.browsealoud.com data: https://atlas.microsoft.com https://fast.fonts.net;connect-src 'self' https://dc.services.visualstudio.com https://gl-wip-portal.azurewebsites.net https://gl-test-portal.azurewebsites.net https://gl-prod-portal.azurewebsites.net https://www.google-analytics.com https://region1.google-analytics.com https://plus.browsealoud.com https://www.browsealoud.com https://our.umbraco.com/webapi/packages/v1 https://browsealoud-webservices-8.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://atlas.microsoft.com https://siteintercept.qualtrics.com https://events.glasgowlife.org.uk https://payments.blackbaud.com https://analytics.google.com https://region1.analytics.google.com https://www.google.co.uk;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://datastudio.google.com https://www.facebook.com https://plus.browsealoud.com https://www.browsealoud.com https://content.googleapis.com https://www.googletagmanager.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.instagram.com https://www.google.com https://anchor.fm https://podcasters.spotify.com https://vimeo.com https://www.soundcloud.com https://w.soundcloud.com https://api-widget.soundcloud.com;worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://stormid.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 2
frame-ancestors https://*.visitestonia.com https://*.puhkaeestis.ee https://turismikiosk.ee https://*.dev.visitestonia.com https://*.test.visitestonia.com https://*.dev.puhkaeestis.ee https://*.test.puhkaeestis.ee 2
default-src * data: blob: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unroll.me *.unroll.me *.google-analytics.com *.google.com *.yahoo.com *.youtube.com  *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.co.in *.branch.io *.rakuten.com *.facebook.net bat.bing.com *.doubleclick.net ut.ra.linksynergy.com https://app.link *.yimg.com *.msauth.net *.azureedge.net https://cdn.heapanalytics.com https://heapanalytics.com; style-src data: 'unsafe-inline' *; connect-src unroll.me *.unroll.me *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.google.co.in *.googlevideo.com *.youtube.com bat.bing.com *.google.com *.gstatic.com *.doubleclick.net *.branch.io *.rakuten.com *.yahoo.com *.live.com *.aol.com https://heapanalytics.com; 2
default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net; font-src 'self' data: https://ucarecdn.com https://*.ucarecdn.com https://fonts.gstatic.com; frame-src 'self' https://ucarecdn.com https://*.uploadcare.com https://js.stripe.com https://calendly.com https://*.google.com https://*.youtube.com https://*.facebook.com https://codepen.io https://codesandbox.io https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net; child-src 'self' blob:; media-src blob: data: https://ucarecdn.com https://*.ucarecdn.com; style-src 'self' 'unsafe-inline' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://unpkg.com https://js.stripe.com https://*.calendly.com https://*.googleapis.com https://*.zapier.com https://*.integrately.com; connect-src 'self' blob: https://*.cloudfront.net https://*.uploadcare.com https://*.s3-accelerate.amazonaws.com https://ucarecdn.com https://*.ucarecdn.com https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.statuspage.io https://*.pingdom.net wss://ws.pusherapp.com https://api.rollbar.com https://*.helpscout.net https://zapier.com https://*.zapier.com/ https://*.integrately.com https://api.getrewardful.com/ https://*.segment.io https://cdn.segment.com https://forms.hubspot.com https://*.hscollectedforms.net https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.linkedin.com/; img-src 'self' blob: data: https://*.uploadcare.com https://ucarecdn.com https://*.ucarecdn.com https://*.ucr.io https://q.stripe.com https://*.calendly.com https://zapier-images.imgix.net https://zapier.com https://*.zapier.com https://integrately.com https://*.amazonaws.com https://*.travis-ci.com https://*.travis-ci.org https://github.com https://codesandbox.io https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.g.doubleclick.net https://i.ytimg.com https://bat.bing.com *.google.com *.google.at *.google.com.au *.google.be *.google.bg *.google.com.br *.google.by *.google.ca *.google.ch *.google.cn *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.hr *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.co.in *.google.it *.google.co.jp *.google.co.kr *.google.kz *.google.lt *.google.lv *.google.me *.google.com.mx *.google.com.my *.google.nl *.google.no *.google.co.nz *.google.com.ph *.google.pl *.google.pt *.google.ru *.google.se *.google.com.sg *.google.si *.google.sk *.google.co.th *.google.com.tr *.google.com.tw *.google.com.ua *.google.co.uk *.google.com.vn *.google.rs *.google.cl *.google.com.ar *.google.com.ph *.google.ee https://*.customer.io https://*.hubspot.com https://forms.hsforms.com https://*.facebook.com https://cx.atdmt.com https://p.adsymptotic.com https://*.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://js.stripe.com https://m.stripe.network https://*.statuspage.io https://*.pingdom.net https://zapier.com https://cdn.zapier.com https://*.integrately.com https://r.wdfl.co https://*.codepen.io https://*.helpscout.net/ https://*.google.com https://*.gstatic.com https://cdnjs.cloudflare.com https://cdn.rollbar.com https://assets.customer.io https://cdn.segment.com https://cdn.segment.io https://js.hs-analytics.net https://js.hs-banner.com https://*.hscollectedforms.net https://*.hs-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://tpc.googlesyndication.com https://*.facebook.net https://snap.licdn.com https://bat.bing.com; frame-ancestors 'self'; report-uri https://app.uploadcare.com/apps/api/v0.1/csp/report/ 2
frame-ancestors 'self' https://cdn.evgnet.com https://cdn.evergage.com https://comercialdportenissadecv.us-7.evergage.com; 2
frame-ancestors 'self' https://*.faucetcrypto.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://newassets.hcaptcha.com/ https://*.doubleclick.net https://connect.facebook.net https://cdn.seon.io https://mc.yandex.ru/metrika/ http://bat.bing.com/bat.js https://bat.bing.com/p/ https://mc.yandex.ru/metrika/ https://apis.google.com https://*.adform.net/ https://t.gamdom.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-assets.net https://*.nr-ext.net https://*.nr-data.net https://static-stg.hacksawgaming.com https://static-live.hacksawgaming.com https://widget.intercom.io https://js.intercomcdn.com https://static.cloudflareinsights.com/ https://static.hotjar.com 2
default-src 'self' https://*.marc-o-polo.com;style-src 'self' 'unsafe-inline' https://*.sevensenders.com https://*.aboutyou.cloud https://*.googleapis.com https://*.googletagmanager.com *.fitanalytics.com https://*.vimeo.com https://*.unown-fashion.de https://*.azureedge.net https://*.abtasty.com https://*.bglobale.com https://*.global-e.com https://*.oppwa.com https://oppwa.com https://*.adyen.com https://*.marc-o-polo.com https://*.sevensenders.com https://*.storyblok.com https://saiz-widget.azurewebsites.net https://saiz-widget-staging.azurewebsites.net https://*.arvato-scs.digital;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://*.cloudfront.net https://*.amazonaws.com *.fitanalytics.com https://mop.azure-api.net https://*.googletagmanager.com https://*.googleapis.com https://*.sevensenders.com https://*.unown-fashion.de https://*.visualstudio.com https://*.marc-o-polo.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://*.cdn-eso.me https://*.omnichannelengagementhub.com https://*.facebook.net https://*.facebook.com https://*.mediards.de https://*.mediards.com https://*.scarabresearch.com https://*.criteo.net https://*.criteo.com https://*.adnymics.com https://www.googlecommerce.com https://www.googleadservices.com https://*.pinimg.com *.outbrain.com https://bat.bing.com https://book.timify.com https://static.ads-twitter.com https://*.twitter.com https://*.stylight.net https://*.clarity.ms https://*.serving-sys.com https://*.abtasty.com https://*.bglobale.com https://*.global-e.com https://*.pinterest.com https://*.pinterest.de https://*.pinterest.fr https://*.pinterest.dk https://*.adscale.com https://*.google-analytics.com https://*.analytics.google.com https://*.epoq.de https://analytics.tiktok.com https://sc-static.net https://*.dwin1.com https://*.awin1.com https://*.sentry.io https://*.storyblok.com https://*.azureedge.net https://*.fittingbox.com https://*.aboutyou.cloud https://*.oppwa.com https://oppwa.com https://*.adyen.com https://*.przelewy24.pl https://przelewy24.pl https://*.paypal.com https://saiz-widget.azurewebsites.net https://saiz-widget-staging.azurewebsites.net https://*.arvato-scs.digital https://tags.creativecdn.com wss://localhost:*;img-src 'self' https: data:;connect-src 'self' https:;object-src 'self';frame-src 'self' https: data:;font-src 'self' https://*.marc-o-polo.com;form-action 'self' https://*.global-e.com https://*.cardinalcommerce.com https://*.arcot.com https://*.przelewy24.pl https://przelewy24.pl https://*.ppipe.net https://*.paypal.com https://*.oppwa.com https://oppwa.com https://*.adyen.com https://*.marc-o-polo.com https://*.storyblok.com;manifest-src 'self' https://*.marc-o-polo.com;frame-ancestors 'self' https://*.marc-o-polo.com https://*.storyblok.com https://*.netlify.app 2
default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com https://zn03toxqjbt4lyznh-expediainc.siteintercept.qualtrics.com data: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors "self" 2
frame-ancestors 'self' https://marchedufilm.online 2
frame-ancestors 'self' https://apps.bernina.com https://bernina.at https://www.bernina.at https://www.bernette.com/ https://bernette.com/ 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.ecift.com *.ecift.de *.elitpay.net *.google.com *.google.de *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.facebook.net *.facebook.com *.manychat.com mccdn.me code.jquery.com *.taboola.com *.tiktok.com *.twitter.com unpkg.com cdn.jsdelivr.net 2
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https: data: blob: *.fls.doubleclick.net *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org www.googletagmanager.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com www.google-analytics.com t.co adservice.google.com *.linkedin.com region1.google-analytics.com app.santanderopenacademy.com fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net api-manager.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com sso.santanderopenacademy.com; frame-ancestors 'self' https://*.santanderopenacademy.com; report-uri /csp_report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: http://c.statcounter.com https://www.google.com http://www.google.com http://csi.gstatic.com http://localhost:29838; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
frame-ancestors *.softnyx.com 2
connect-src *; 2
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfretecuidamos *.digitalhealth.com; 2
child-src 'self' *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidolprod.com flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net; report-uri https://legalandgeneral.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://*.tenniswarehouse-europe.com https://*.tennis-warehouse.com https://*.runningwarehouse.com https://*.runningwarehouse.eu https://www.runningwarehouse.de https://www.runningwarehouse.it https://www.runningwarehouse.es https://www.runningwarehouse.fr; 2
child-src 'self' ; connect-src 'self'  'unsafe-inline'  'unsafe-eval' *.consentmanager.net *.googlesyndication.com *.smartlook.cloud *.exponea.com *.creativecdn.com *.sentry.io *.lmc.cz *.ecomailapp.cz *.googleapis.com *.google-analytics.com *.google.com *.g.doubleclick.net *.google.cz *.google-analytics.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.bing.com *.biano.cz *.amazonaws.com *.pinterest.com *.clarity.ms *.mczbf.com *.facebook.com *.homecredit.cz *.jsdelivr.net *.packeta.com ws: ; default-src 'self' ; font-src 'self' *.mapy.cz *.lmc.cz *.typekit.net *.gstatic.com *.mczbf.com *.clarity.ms data: ; form-action * 'unsafe-inline' ; frame-src 'self' *.google.com *.youtube.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.sproutvideo.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.facebook.com *.vub.sk *.zbozi.cz *.szn.cz *.packeta.com ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline'  'unsafe-eval' 'unsafe-hashes' *.orangeclickmedia.com *.sonobi.com *.rubiconproject.com *.seedtag.com *.adnxs.com *.mapy.cz *.typekit.net *.gstatic.com *.googleapis.com *.zasilkovna.cz *.zasielkovna.sk *.packeta.com *.packeta.sk *.google.cz *.google.com creativecdn.com *.creativecdn.com *.biano.cz *.mczbf.com *.pinterest.com *.consentmanager.net *.seznam.cz *.bing.com *.cloudfront.net *.google-analytics.com *.facebook.com *.clarity.ms *.rooom.com *.yahoo.com *.amazonaws.com *.consentmanager.net *.ecpaper.cz *.doubleclick.net *.homecredit.cz *.creativecdn.com *.payu.com *.googlesyndication.com *.smartsuppcdn.com *.kdukvh.com *.googletagmanager.com *.heureka.cz *.dotomi.com data: ; manifest-src 'self' ; media-src 'self' *.smartsuppcdn.com ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.exponea.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.jsdelivr.net *.exponea.com *.mapy.cz *.lmc.cz *.twitter.com *.packeta.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.typekit.net *.etargetnet.com *.googlesyndication.com *.googleapis.com *.zbozi.cz *.heureka.cz *.im9.cz im9.cz ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.mapy.cz *.lmc.cz *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz; worker-src 'self' ; 2
frame-ancestors https:// https://admin.shopify.com; 2
frame-src https://www.youtube.com/ https://*.partners.gupshup.io https://ssl-proxy.quickwork.co https://api.gupshup.io https://console.gupshup.io https://www.gupshup.io;frame-ancestors self https://console.gupshup.io https://www.gupshup.io https://api.gupshup.io https://ssl-proxy.quickwork.co https://*.partners.gupshup.io https://www.youtube.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.os.uk *.silktide.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com siteimproveanalytics.com www.googletagmanager.com www.google-analytics.com cdn.siteimprove.net *.recruitmentplatform.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; style-src 'self' 'unsafe-inline' *.os.uk *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com use.fontawesome.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; media-src 'self' *.somerset.gov.uk *.euw2.pure.cloud; frame-ancestors *.euw2.pure.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2
default-src  https: unsafe-inline ;          script-src 'self' https: 'unsafe-inline' 'unsafe-eval';          style-src 'self' https: 'unsafe-inline';          img-src 'self' https: data:;          connect-src 'self' https:;          font-src 'self' https:; 2
img-src 'self' data:; default-src 'self' 'unsafe-inline' 2
default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/; connect-src 'self' http://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://*.jwpltx.com/ https://ssl.p.jwpcdn.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ https://*.piwik.pro/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/; font-src 'self' data: http://localhost http://localhost:3000 https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.piwik.pro/; frame-src 'self' https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/; img-src 'self' data: blob: android-webview-video-poster: http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://*.hotjar.com/ https://*.jwpltx.com/ https://*.jwpsrv.com/ https://*.trafficjunky.net/ https://*.piwik.pro/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://cdn.jwplayer.com/ https://content.jwplatform.com/ https://ssl.p.jwpcdn.com/ https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.piwik.pro/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/; style-src 'self' 'unsafe-inline' data: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.piwik.pro/ https://knpb-media.zammad.com/; media-src 'self' blob: data: https://*.dvdl.net/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 2
default-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net; style-src 'self' 'unsafe-inline' https://marketing.space.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://marketing.space.net/ https://*.vimeocdn.com/; form-action 'self' https://www.facebook.com/ *.space.net/; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://marketing.space.net/; img-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net/ data:; object-src 'none'; font-src 'self'; frame-ancestors: 'self'; 2
frame-ancestors 'self' *.dorotheum.com *.google.com *.barnebys.de *.barnebys.com *.artnet.com *.artnet.de *.artprice.com *.drouot.com *.auction.fr *art-spotter.net *.lot-tissimo.com *.sixbid.com *.numisbids.com; 2
frame-ancestors 'self' backoffice.cmrcmm6y-boelstoph1-d1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-s1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://plausible.io *.beslist.nl; report-uri https://www.lobbes.nl/CspReport; report-to https://www.lobbes.nl/CspReport; 2
frame-ancestors 'self' edhec.edu; 2
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:; 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov http://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'unsafe-inline' blob: https:; 2
frame-ancestors https://*.news.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 2
frame-ancestors 'self' gather.town; 2
frame-ancestors https://listado-ofertas.trabajando.cl https://*.trabajando.cl https://laboral.inacap.cl 2
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
frame-ancestors 'self'  http://*.storyblok.com/ https://*.storyblok.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl alwingulla.com goomaphy.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'https://www.example.com/scripts/*' '*.googleapis.com https://www.example.*' 2
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://sentry.io https://*.ingest.sentry.io https://*.vimeocdn.com/ https://*.googletagmanager.com; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://staticcdn.co.nz https://*.vimeo.com/; img-src 'self' https://*.google-analytics.com https://shielded.co.nz https://staticcdn.co.nz https://*.vimeo.com/ https://*.vimeocdn.com/ https://*.googletagmanager.com blob: data:; media-src https://*.vimeocdn.com/; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.gstatic.com https://static.doubleclick.net https://polyfill.io https://staticcdn.co.nz/ https://browser.sentry-cdn.com https://*.vimeocdn.com/ 'unsafe-inline'; style-src 'self' https://hello.myfonts.net https://*.vimeocdn.com/ 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6521288/security/?sentry_key=a79b5568564347a2937890e4932796e3&sentry_environment=live; upgrade-insecure-requests 2
frame-ancestors 'self' https://portalzp.praha.eu http://portalzp.praha.eu *.praha.eu; 2
frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 2
default-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' *.littleforest.co.uk https://s2.adform.net/ https://www.google-analytics.com/ https://res.cloudinary.com wss://lo.msg.liveperson.net *.everesttech.net *.google.com *.google.it *.vodafone.al *.google.al *.liveperson.com *.lpsnmedia.net *.liveperson.net *.kampyle.com *.youtube.com *.googleapis.com https://www.facebook.com  https://connect.facebook.net https://fonts.gstatic.com  https://fonts.googleapis.com https://vodafonealbania.tt.omtrdc.net https://c1.adform.net/ *.vodafone.al vodafone.al *.akstat.io https://c.go-mpulse.net https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tags.tiqcdn.com https://track.adform.net https://vodafonealbania.d2.sc.omtrdc.net https://vodafonealbania.demdex.net https://www.google.com https://www.google.gr https://www.youtube.com *.vodafone.com  *.msg.liveperson.com lo.msg.liveperson.com *.msg.liveperson.net lo.msg.liveperson.net https://www.googletagmanager.com *.googletagmanager.com https://embed.binkies3d.com binkiesproductionweu.servicebus.windows.net binkiescontentnode.blob.core.windows.net az589851.vo.msecnd.net https://cdn.cookielaw.org https://tags.tiqcdn.com apps.euw2.pure.cloud; 2
default-src 'self' https://*.ost.ch https://*.gstatic.com https://*.ostpunktabo.ch https://ostpunktabo.ch https://login.windows.net; 		object-src 'self' https://*.ost.ch; 		connect-src 'self' https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/ https://linkedin.oribi.io/ https://login.windows.net https://login.microsoft.com https://region1.analytics.google.com wss://io.fusedeck.net https://*.flickr.com https://flickr.com https://*.ost.ch https://io.fusedeck.net https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com/ https://region1.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 		frame-src data: 'self' https://login.microsoftonline.com https://login.windows.net https://www.matthiasbaldauf.com https://e.issuu.com https://ostpunktabo.ch https://ostpunktabo.ch https://ost.privent.ch https://*.google.com/ https://google.com/ https://*.buzzsprout.com https://buzzsprout.com https://*.flickr.com https://flickr.com https://*.vimeo.com https://vimeo.com https://*.walls.io https://walls.io https://*.ost.ch https://*.bu.ost.ch https://elearning.fhsg.ch https://www.facebook.com https://www.youtube.com https://*.podigee-cdn.net https://*.podigee.com https://matthiasbaldauf.com https://simdec.ch https://vars.hotjar.com https://www.youtube-nocookie.com/ wiqqi.de; 		script-src data: 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://login.windows.net https://bat.bing.com https://*.ostpunktabo.ch https://ostpunktabo.ch https://ost.privent.ch https://*.flickr.com https://flickr.com https://*.buzzsprout.com https://buzzsprout.com https://walls.io https://*.fusedeck.net https://*.gstatics.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net/ https://*.ost.ch https://snap.licdn.com/ https://www.youtube.com https://*.podigee-cdn.net https://*.podigee.com https://static.hotjar.com https://script.hotjar.com; 		img-src data: 'self' https://*.linkedin.com/ https://bat.bing.com https://*.googletagmanager.com/ https://io.fusedeck.net https://*.staticflickr.com https://staticflickr.com https://*.ost.ch https://www.google-analytics.com https://www.google.com https://www.google.ch https://www.google.at https://www.google.it https://track.adform.net https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://px.ads.linkedin.com https://img.youtube.com https://i.ytimg.com https://images.podigee-cdn.net https://h5p.org https://*.hotjar.com; 		style-src 'self' 'unsafe-inline' https://login.windows.net https://ostpunktabo.ch https://*.ostpunktabo.ch https://ost.privent.ch https://*.googleapis.com https://*.ost.ch https://player.podigee-cdn.net https://*.podigee.com https://*.hotjar.com;  		font-src 'self' https://fonts.googleapis.com https://*.ost.ch https://*.gstatic.com https://player.podigee-cdn.net https://*.podigee.com https://script.hotjar.com; 2
base-uri 'self'; connect-src 'self' https://*.hathway.com https://maps.googleapis.com https://analytics.google.com https://jsonip.com https://cloud.yellow.ai wss://cloud.yellow.ai https://www.google-analytics.com; default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.hathway.com blob:; font-src 'self' https://*.hathway.com https://fonts.gstatic.com https://cdn.yellowmessenger.com https://cdnjs.cloudflare.com; frame-src 'self' https://*.hathway.com https://www.youtube.com https://youtube.com https://mumbaispeed.hathway-connect.com:9090 https://www.google.com; img-src 'self' data: https://*.hathway.com https://maps.googleapis.com https://maps.gstatic.com https://*.google.co.in https://imageshathway.whatsonindia.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.yellowmessenger.com; manifest-src 'self'; media-src 'self'; object-src https://*.hathway.com https://mumbaispeed.hathway-connect.com:9090; script-src 'self' 'unsafe-inline' https://*.hathway.com https://maps.googleapis.com https://*.google.com https://*.google.co.in https://www.google.com https://www.gstatic.com http://tinyurl.com https://cdn.yellowmessenger.com https://www.googletagmanager.com https://code.jquery.com https://www.google-analytics.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.hathway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.yellowmessenger.com; worker-src 'self' 'unsafe-inline' https://*.hathway.com blob: 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.gstatic.com/recaptcha https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en.js https://www.google.com/recaptcha/api.js https://munchkin.marketo.net/munchkin.js https://munchkin.marketo.net/161/munchkin.js https://cdn.thinglink.me/jse/responsive.js https://www.google-analytics.com/analytics.js https://cdn.segment.com/analytics.js/v1/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/analytics.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js https://unpkg.com/@segment/consent-manager@4.2.2/standalone/consent-manager.js https://www.google.com/jsapi https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cdn-cookieyes.com/assets/images/ https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://i.ytimg.com https://secure.gravatar.com https://tags.w55c.net; font-src * data:; connect-src 'self' https: https://178-gyd-668.mktoresp.com/webevents https://ecostruxureit.com/wp-json/ http://ecostruxureit.com/wp-json/ https://api.segment.io https://my.wpengine.com https://178-gyd-668.mktoresp.com/webevents/visitWebPage https://cdn.segment.com/v1/projects/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/integrations; media-src 'self' https://www.youtube.com; object-src 'self'; frame-src 'self' https://www.thinglink.com/ http://localhost:9100/ https://www.youtube.com; frame-ancestors 'self' http://localhost:9100/ https://app.ecostruxureit.com/ https://dev-app.ecostruxureit.xyz/; report-to https://ecostruxureit.report-uri.com/a/t/g 2
default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
frame-ancestors 'self' ai.nb.no tools.nb.no; 2
form-action https:; upgrade-insecure-requests 2
frame-src https://www.wienerborse.at/ https://www.youtube.com/ https://hcaptcha.com https://*.hcaptcha.com https://td.doubleclick.net 2
default-src https:; img-src 'self' data: i.vimeocdn.com maps.gstatic.com *.googleapis.com *.ggpht.com *.linkedin.com *.google.com *.google.co.in; script-src 'self' *.googleadservices.com *.google.com *.googleapis.com *.vimeo.com *.worley.com snap.licdn.com *.pardot.com *.googletagmanager.com *.doubleclick.net 'unsafe-eval' 'unsafe-inline';  style-src 'self' fonts.googleapis.com *.typekit.net 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net; media-src i.vimeocdn.com; object-src i.vimeocdn.com; upgrade-insecure-requests; block-all-mixed-content; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' playcanvas.com msg.playcanvas.com code.playcanvas.com relay.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src https://playcanvas.com 'self' data:; 2
object-src 'none';frame-ancestors 'self' 2
frame-ancestors 'self' https://cookbook.hg.dir https://cookbook.test.hg.dir 2
frame-ancestors 'self' https://cockroachlabs.app.workramp.com 2
frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onenorth.com *.ropesgray.com *.cookielaw.org *.google.com *.gstatic.com *.googletagmanager.com *.sharethis.com siteimproveanalytics.com *.passle.net *.linkedin.com *.licdn.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.lfeeder.com *.vimeo.com *.twitter.com; img-src 'self' data: *.onenorth.com *.ropesgray.com *.sharethis.com *.googletagmanager.com *.linkedin.com *.siteimproveanalytics.io *.adsymptotic.com *.lfeeder.com *.google.com *.google-analytics.com *.doubleclick.net *.twitter.com *.passle.net *.cookielaw.org *.ropesgray.com *.onenorth.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.myfonts.net *.sharethis.com *.passle.net *.cloudflare.com *.cloudfront.net *.typekit.net *.googleapis.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.myfonts.com *.cloudfront.net *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.sharethis.com *.passle.net *.taleo.net *.brightcove.net *.google.com *.youtube.com *.vimeo.com *.yoshki.com *.twitter.com *.transistor.fm; connect-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.sharethis.com *.google-analytics.com *.doubleclick.net *.passle.net *.crwdcntrl.net *.oribi.io; upgrade-insecure-requests; block-all-mixed-content; 2
style-src 'self' 'unsafe-inline' https: data: ; script-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: https: ; font-src 'self' https: data: ; media-src 'self' http: blob: ; connect-src 'self' https: blob: ; object-src 'self' blob:; frame-src 'self' *.vimeo.com https: ; 2
'' 2
default-src 'self' https://www.stepstone.com *.plausible.io ; img-src 'self' https://cdn.sanity.io/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ data:; script-src 'self' https://plausible.io/js/script.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';  font-src 'self'; media-src 'self' https://www.thestepstonegroup.com https://cdn.sanity.io/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ ; frame-src 'none'; object-src 'none'; connect-src 'self' https://www-preview.stepstone.com  https://ds22ymgxvkksfetpaze5k22oom0wznbn.lambda-url.eu-central-1.on.aws/  https://plausible.io/ *.plausible.io https://plausible.io ; 2
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2
frame-ancestors 'self' https://*.daiken.jp https://*.daiken.co.jp; 2
frame-ancestors 'self' arthrex.com *.arthrex.com orthoillustrated.com *.orthoillustrated.com surgicaloutcomesystem.com *.surgicaloutcomesystem.com arthrex-celltherapy.com *.arthrex-celltherapy.com arthrex.xyz *.arthrex.xyz arthrex.io *.mwprod.arthrex.io *.arthrex.io orthopedia.com *.orthopedia.com anklesprain.com *.anklesprain.com arthrex.virtualevents-hub.com arthrexemea.sharepoint.com arthrex.sharepoint.com myarthrex.sharepoint.com arthrexapac.sharepoint.com bunionpain.com *.bunionpain.com shoulderreplacement.com *.shoulderreplacement.com acltear.com *.acltear.com arthrex-russia.ru arthrex.at arthrex.be arthrex.co.jp arthrex.co.uk arthrex.com.au arthrex.cz arthrex.dk arthrex.fr arthrex.it arthrex.mx arthrex.nl arthrex.pl arthrex.pt arthrex.se *.arthrex-russia.ru *.arthrex.at *.arthrex.be *.arthrex.co.jp *.arthrex.co.uk *.arthrex.com.au *.arthrex.cz *.arthrex.dk *.arthrex.fr *.arthrex.it *.arthrex.mx *.arthrex.nl *.arthrex.pl *.arthrex.pt *.arthrex.se hallux-valgus-behandlung.de *.hallux-valgus-behandlung.de mis-bunion-patient-site.webflow.io arthroplasty-narrative-home.webflow.io discover.acp-therapie.de mis-bunion-patient-site.webflow.io mis-bunion-surgeon-site-c07373b5fb6b0bc.webflow.io arthrex-design-system-4dd8ae96a06c10be9.webflow.io anklesprain.webflow.io srlp.webflow.io arthroplasty-narrative-home.webflow.io korea-global-landing-page.webflow.io global-landingpage-mexico.webflow.io inc-acltear-patient-en-working.webflow.io arthrex-jobs-site.webflow.io marketingintakeportal.webflow.io orthopedia-landing-page1.webflow.io arthrex-history.webflow.io arthrex-design-system.webflow.io arthrex-design-system-de8e093c0a3bf70d8.webflow.io arthrex-endoscopy.webflow.io case-reports.webflow.io synergy-integrated-or.de *.synergy-integrated-or.de arthrex.kr *.arthrex.kr gmbh-pct.webflow.io *.gmbh-pct.webflow.io sis-preview-03-809ae25532a090913a51d7a6.webflow.io *.sis-preview-03-809ae25532a090913a51d7a6.webflow.io arthrex-technical-support-services.webflow.io *.arthrex-technical-support-services.webflow.io digital-agenda-emea.webflow.io *.digital-agenda-emea.webflow.io thenanoexperience.com *.thenanoexperience.com arthrexmexico.webflow.io arthrexbrazil.webflow.io; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.oncehub.com/mergedjs/so.js https://dataart.my.site.com https://static.lightning.force.com https://d.la5-c1-ia4.salesforceliveagent.com https://dataart.my.salesforce.com  https://js.zi-scripts.com/zi-tag.js scout-cdn.salesloft.com/sl.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/jquery.matchHeight-min.js https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://pi.pardot.com https://lp.dataart.com https://widget.clutch.co https://cdn.cookielaw.org https://www.youtube.com https://websitesapi.dataart.com https://widget.clutch.co/static/js/widget.js https://websitesapi.dataart.com https://d.clarity.ms/s/0.6.31/clarity.js https://bat.bing.com https://www.dataart.com/ https://*.clarity.ms https://www.google-analytics.com https://go.pardot.com/ https://snap.licdn.com/ https://www.google.com/pagead/conversion_async.js https://cdn.polyfill.io/v2/polyfill.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://optimize.google.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://bat.bing.com/bat.js https://code.jquery.com/jquery-3.3.1.min.js https://connect.facebook.net/en_US/fbevents.js https://a.quora.com/qevents.js https://www.gstatic.com https://salespanel.io https://analytics.twitter.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/* https://connect.facebook.net https://js.hs-scripts.com/5318857.js https://sc.lfeeder.com/lftracker_v1_bElvO73KyQb7ZMqj.js https://script.hotjar.com/ https://www.google-analytics.com/gtm/* https://js.hs-banner.com/5318857.js https://js.hs-analytics.net https://js.usemessages.com/conversations-embed.js https://js.hsadspixel.net/fb.js https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com/gtm/js https://maps.googleapis.com/ 2
connect-src   maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com jobs.wienerstadtwerke.at log.wien; style-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css static.dvinci-easy.com 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri   'self' *.onlim.com; script-src   https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' *.adform.net https://siteimproveanalytics.com/ static.dvinci-easy.com *.googleadservices.com; frame-src   https://langenacht.orf.at *.wienit.at/ *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' *.facebook.com https://terminreservierung.staging.reinisch.tech/ *.youtu.be embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src   'self' data: *.onlim.com; img-src   wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' https://googleads.g.doubleclick.net *.facebook.com https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://sbnation.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktacdn.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;style-src 'self' 'unsafe-inline' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;object-src 'self'; base-uri 'self'; connect-src 'self' wss: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; img-src 'self' 'unsafe-inline' data: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.wpmudev.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; manifest-src 'self'; media-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;frame-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; font-src 'self' *.gstatic.com *.doubleclick.net *.livehelpnow.net *.hotjar.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com 2
frame-ancestors 'self' *.yourpayroll.com.au ; 2
default-src * https://*.google.com https://*.decameron.com https://*.multivacaciones.net https://idpi.decameron.com; script-src * 'unsafe-inline' 'unsafe-eval' *.decameron.com https://storage.googleapis.com/botmaker/*; style-src * 'unsafe-inline'; img-src * 'self' data:; object-src 'none';worker-src https://idpi.decameron.com/* https://go.botmaker.com/rest/webchat/* *.decameron.com *.pruebaswww.decameron.com/* storage.googleapis.com/botmaker blob:; 2
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MDJlODk4NTVjYTRjNGVkZWE5ZGNlNzdkMmNmYzBiZDA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ssc-ict.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ssc-ict.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ssc-ict.nl; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.google.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 2
upgrade-insecure-requests; manifest-src 'self'; worker-src 'self' blob:; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://yoshki.com/ https://cdn.yoshki.com/ https://email.es-notifications.com/ https://sites-eversheds-sutherland.vuture.net/ https://es-notifications.com/ https://eversheds-sutherland.vuture.net/ https://es.vuturevx.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://10542.global.siteimproveanalytics.io/ https://api.mapbox.com/ data:; connect-src 'self' https://api.mapbox.com/ https://events.mapbox.com/ https://px.ads.linkedin.com/ https://evershedssutherland.piwik.pro/; font-src 'self'; media-src 'self'; frame-src https://yoshki.com/ https://cdn.yoshki.com/ https://email.es-notifications.com/ https://sites-eversheds-sutherland.vuture.net/ https://es-notifications.com/ https://watch.eversheds-sutherland.com/ https://video.twentythree.com/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; 2
default-src https://matomojs.trackify.info 'unsafe-inline' 'unsafe-eval' https://matomo.pernod-ricard.io 'self' https: data: blob:; frame-ancestors https://matomojs.trackify.info https://matomo.pernod-ricard.io 'self'; frame-src https://www.google.com https://www.youtube.com https://iframe-mdm.chivas.com https://mydrinkexperience.com/chivas/blending-kit/ https://connect.eventtia.com/ https://integrationssite.sleeknote.com 'self' blob:; worker-src blob: 'self' 2
frame-ancestors 'self' *.a-trust.at *.handy-signatur.at a-trust.at handy-signatur.at *.a-trust.de a-trust.de *.a-trust-tse.de a-trust-tse.de; 2
frame-ancestors 'self' https://app.hubspot.com https://app-eu1.hubspot.com https://static.hsappstatic.net https://www.sits.ch https://www.sits-group.ch https://www.gcl-it.de https://www.sits-d.de https://www.pallas.com;block-all-mixed-content;default-src https://www.sits.ch https://www.sits-group.ch;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hsforms.net https://js.hsformsqa.net https://js-eu1.hsadspixel.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-scripts.com https://www.sits-group.ch https://connect.facebook.net https://matomo.sits-group.ch https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/jsapi https://www.gstatic.com/charts/ https://ajax.googleapis.com/ajax/libs/scriptaculous/ https://ajax.googleapis.com/ajax/libs/prototype/ https://cdnjs.cloudflare.com/ajax/libs/ https://www.youtube.com https://boards.eu.greenhouse.io;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.pallas.com https://www.sits-group.ch https://fonts.googleapis.com;object-src https://www.sits-group.ch https://www.sits-d.de https://www.pallas.com https://www.sits.ch;frame-src https://forms-eu1.hsforms.com https://static.hsappstatic.net https://app-eu1.hubspot.com https://app.hubspot.com https://www.sits.ch https://www.sits-group.ch https://www.youtube-nocookie.com https://www.pallas.com https://www.sits-d.de https://mozbar.moz.com https://www.youtube.com https://www.gcl-it.de https://boards.eu.greenhouse.io/;child-src blob: https://www.sits-group.ch;img-src 'self' data: https://static.hsappstatic.net https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://forms.hsforms.com https://www.google.ch/pagead  https://secure.gravatar.com https://s.w.org https://www.sits-d.de https://i.ytimg.com https://ps.w.org https://www.sits.ch https://library.elementor.com https://www.gcl-it.de https://www.pallas.com https://matomo.sits-group.ch https://jobs.sits-group.ch https://api.unlimited-elements.com https://www.facebook.com https://www.gstatic.com https://devweb.sits-group.ch https://www.sits-group.ch;font-src 'self' data: https://fonts.gstatic.com;connect-src https://api-eu1.hubapi.com https://js-eu1.hs-banner.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com  https://forms-eu1.hsforms.com https://forms-eu1.hubspot.com https://exceptions.hubspot.com https://salesviewer.org https://api.friendlycaptcha.com https://www.sits.ch https://www.gcl-it.de https://www.pallas.com https://yoast.com https://www.sits-d.de https://devweb.sits-group.ch https://matomo.sits-group.ch https://www.sits-group.ch https://fonts.gstatic.com https://s.w.org;manifest-src 'none';base-uri 'self';form-action https://forms-eu1.hsforms.com https://www.gcl-it.de https://www.pallas.com https://www.sits-d.de https://www.sits-group.ch https://www.sits.ch;media-src data: https://s.w.org/images/core/;worker-src blob: https://www.sits.ch https://www.sits-group.ch https://www.pallas.com https://www.gcl-it.de https://www.sits-d.de; 2
style-src 'unsafe-inline' fonts.googleapis.com https: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/; 2
default-src 'self' 'unsafe-inline'; media-src *.wistia.com blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: *.wistia.com *.fontawesome.com *.googletagmanager.com *.google-analytics.com *.google.com *.cookiebot.com; img-src * data:; style-src 'self' 'unsafe-inline' *.fontawesome.com; frame-src 'self' *.jazzpharma.com *.youtube.com *.wistia.com *.cookiebot.com *.docusign.com *.docusign.net; font-src 'self' 'unsafe-inline' data: *.fontawesome.com fonts.googleapis.com ajax.googleapis.com; connect-src 'self' 'unsafe-inline' *.wistia.com *.fontawesome.com *.litix.io *.google.com *.google-analytics.com *.doubleclick.net *.cookiebot.com 2
default-src 'self' https://*.mhh.de chrome-extension; script-src 'self' 'unsafe-inline' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com  ; script-src-elem 'self' 'unsafe-inline' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://cdnjs.cloudflare.com  ; script-src-attr 'self' 'unsafe-inline' https://*.mhh.de; connect-src 'self' https://*.mhh.de https://*.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://*.mhh.de; img-src 'self' data: https://*.mhh.de https://*.ytimg.com  ; frame-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; child-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://www.mhh.de/_mc/csp; report-to https://www.mhh.de/_mc/csp 2
default-src 'self';script-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://*.pardot.com https://player.vimeo.com https://www.youtube.com https://*.googleapis.com https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://o1000039.ingest.sentry.io https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stats.g.doubleclick.net https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://cdn.cookielaw.org https://assets.adobedtm.com https://*.analytics.google.com https://static.hotjar.com/ https://a.omappapi.com https://*.kerry.com https://app-ab33.marketo.com https://munchkin.marketo.net https://platform.twitter.com https://platform.linkedin.com https://www.googletagmanager.com https://code.jquery.com https://dnn506yrbagrg.cloudfront.net https://siteimproveanalytics.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://script.hotjar.com https://www.gstatic.com https://a.opmnstr.com https://*.kerry.com https://kerry.tt.omtrdc.net https://snap.licdn.com https://connect.facebook.net https://*.marketo.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerry.cnddtid.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://www.google.ie https://www.linkedin.com https://i.ytimg.com https://d25zu39ynyitwy.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://s7g10.scene7.com https://cdnkdc.azureedge.net https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://*.kerry.com https://6071260.global.siteimproveanalytics.io https://*.google-analytics.com data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://x.bidswitch.net https://www.facebook.com https://syndication.twitter.com https://*.hotjar.com https://www.kerrygroup.com https://insight.adsrvr.org https://match.sharethrough.com https://p.adsymptotic.com https://a.omappapi.com https://dev.day.com https://tags.bluekai.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure-gl.imrworldwide.com https://tags.rd.linksynergy.com https://match.adsrvr.org https://ads.scorecardresearch.com https://s.thebrighttag.com https://i.liadm.com https://ml314.com https://mid.rkdms.com https://match.sync.ad.cpe.dotomi.com https://odr.mookie1.com https://uipglob.semasio.net https://secure.insightexpressai.com https://eb2.3lift.com https://loadm.exelator.com https://usermatch.krxd.net https://su.addthis.com https://dmp.truoptik.com https://*.global.siteimproveanalytics.io https://www.google.com/ads/ga-audiences https://kerryportaldevreportsuite.112.2o7.net https://images.salsify.com; style-src 'self' 'unsafe-inline' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://*.kerry.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s7g10.scene7.com https://use.typekit.net https://p.typekit.net https://*.kerry.com https://*.marketo.com/ https://a.omappapi.com; connect-src 'self' https://maps.googleapis.com https://*.analytics.google.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://dpm.demdex.net https://cdn.cookielaw.org https://s7mbrstream-g1.scene7.com https://s7g10.scene7.com https://privacyportal-de.onetrust.com https://*.algolia.net https://*.google-analytics.com https://stats.g.doubleclick.net https://www.kerrygroup.com https://*.hotjar.io https://in.hotjar.com wss://*.hotjar.com https://a.opmnstr.com https://munchkin.marketo.net https://117-tlu-222.mktoresp.com https://geolocation.onetrust.com https://smetrics.kerry.com https://*.hotjar.com https://*.kerry.com https://kerry.tt.omtrdc.net https://*.mktoresp.com https://*.omappapi.com https://*.tt.omtrdc.net/ https://*.marketo.com https://*.algolianet.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerryluxembourgsarl.hb.omtrdc.net https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com; font-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://*.kerry.com https://script.hotjar.com; frame-src 'self' https://5722629.fls.doubleclick.net/ https://www.youtube-nocookie.com https://kerry.demdex.net https://irs.tools.investis.com https://otp.tools.investis.com https://platform.twitter.com https://*.kerry.com https://vars.hotjar.com/ https://www.youtube.com https://www.google.com https://*.marketo.com/ https://www.facebook.com; media-src 'self' blob: https://*.kerry.com https://*.scene7.com http://*.scene7.com https://cdnkdc.azureedge.net; worker-src 'self' blob: 2
default-src 'self'; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
upgrade-insecure-requests; frame-src 'self' https://www3.mogroup.com https://www3.metso.com https://irs.tools.investis.com https://otp.tools.investis.com https://viz.tools.investis.com https://secure.flife.de https://browserapps.mogroup.com https://browserapps.metso.com https://service.force.com https://vars.hotjar.com https://policy.app.cookieinformation.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://www.youtube.com https://player.youku.com https://www.facebook.com https://live.mogroup.com https://live.metso.com https://cloud.mc.metso.com *.doubleclick.net *.videosync.fi 2
base-uri 'self'; script-src 'self' 'unsafe-eval' *.usercentrics.eu *.theadex.com/ *.doubleclick.net https://aswpsdkeu.com/notify/v1/ua-sdk.min.js https://www.googletagmanager.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://dmp.theadex.com https://aswpsdkeu.com/notify/v1/ua-html-prompt.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.usercentrics.eu *.theadex.com/ *.doubleclick.net; frame-ancestors 'self'; form-action 'self'; default-src 'none'; worker-src 'self' https://aswpsdkeu.com/notify/v1/ua-sdk.min.js; object-src 'none'; img-src * data:; manifest-src 'self' https://login.windows.net; connect-src 'self' *.usercentrics.eu *.mixpanel.com *.theadex.com analytics.google.com *.analytics.google.com *.analytics-google.com *.google-analytics.com *.doubleclick.net *.marktguru.de *.marktguru.at *.google.com *.googleapis.com; font-src fonts.gstatic.com; 2
default-src https://cdn.qapitalapp.net 'self'; style-src https://cdn.qapitalapp.net 'self' 'unsafe-inline'; script-src https://cdn.qapitalapp.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net 'self' 'unsafe-inline'; object-src 'none'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://www.facebook.com 'self'; connect-src https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://stats.g.doubleclick.net https://analytics.tiktok.com 'self'; frame-ancestors 'none' 2
default-src 'none';font-src 'self';img-src 'self';script-src 'unsafe-inline';style-src 'unsafe-inline'; 2
frame-ancestors 'self' https://*.zbj.com https://*.tianpeng.com https://*.chatm.com https://*.mysipo.com https://*.zhubajie.la *.zbjdev.com hljcg.hlj.gov.cn *.qjzbj.com 2
default-src https: 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline';style-src-elem * 'unsafe-eval'; 2
default-src 'self' *.wikiforge.net *.wikitide.net *.wikitide.org *.your.wf;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.wikiforge.net *.wikitide.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com platform.twitter.com hcaptcha.com *.hcaptcha.com code.jquery.com cdn.jsdelivr.net;  style-src 'self' data: 'unsafe-inline' *.wikiforge.net *.wikitide.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com;  img-src blob: 'self' data: static.wikiforge.net *.wikitide.net *.wikitide.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com mirrors.creativecommons.org www.gnu.org cdn.geogebra.org scratchblocks.github.io tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com discordapp.com;  font-src 'self' data: *.wikiforge.net *.wikitide.net *.wikitide.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org cdnjs.cloudflare.com;  media-src 'self' blob: *.wikiforge.net *.wikitide.net *.wikitide.org upload.wikimedia.org *.youtube.com *.youtube-nocookie.com;  frame-src 'self' *.wikiforge.net *.wikitide.net *.wikitide.org www.google.com docs.google.com web.libera.chat *.youtube-nocookie.com www.youtube.com platform.twitter.com discord.com discordapp.com syndication.twitter.com www.gofundme.com archive.org query.wikidata.org www.bing.com hcaptcha.com *.hcaptcha.com open.spotify.com;  connect-src 'self' *.wikiforge.net *.wikitide.net *.wikitide.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 2
object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; worker-src 'none'; report-to default; 2
default-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://ka-p.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com; connect-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://ka-p.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://www.google-analytics.com; font-src 'self' data: https:; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://*.livestream.com https://www.youtube-nocookie.com https://*.google.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://app.powerbigov.us https://*.recollect.net https://visualping.io https://www.youtube.com https://w3.mp.lura.live https://player.vimeo.com https://*.apptoto.com https://cityeconomy.org/; img-src 'self' about: data: https: http://www.tampa.gov http://www.tampagov.net blob:; media-src 'self' https://*.livestream.com https://curator-assets.b-cdn.net https://video.twimg.com https://*.s3.amazonaws.com; object-src 'self' http://www.tampa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.livestream.com https://*.windows.net https://maps.floridadisaster.org https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://bam.nr-data.net https://*.surveymonkey.com browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://*.list-manage.com https://*.google.com https://*.recollect.net https://pagecorrect.monsido.com https://spark.adobe.com https://cdn.apptoto.com blob: cdn.jsdelivr.net https://app-script.monsido.com https://cdn.curator.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://controlpanel.opengov.com https://kit.fontawesome.com https://maps.googleapis.com https://polyfill.io https://translate.google.com https://unpkg.com https://use.fontawesome.com https://www.google.com maps.googleapis.com mdbootstrap.com; style-src 'self' 'unsafe-inline' cdn.curator.io translate.googleapis.com vuetampaservices2.z13.web.core.windows.net https://*.mailchimp.com https://recollect.a.ssl.fastly.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;child-src 'self' * 2
script-src http: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 2
frame-ancestors self *.uhg.com *.optum.com *.uhc.com; 2
frame-ancestors 'self' https://inside.polo-motorrad.com https://polo-motorrad.staffbase.com http://staffbase.com localhost:* 2
object-src 'self' data: blob: https://*.atende.net https://*.ipm.com.br https://*.nfs-e.net https://seal.digicert.com; block-all-mixed-content; form-action 'self' *.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; frame-ancestors 'self' https://*.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; 2
frame-ancestors 'self' *.logo.pt *.force.com *.tranquilidade.cst *.tranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 2
connect-src 'self' https://*.wistia.com https://api.segment.io https://analytics.google.com https://app.getvero.com https://cdn.segment.com https://cdn.segment.io https://cdn.linkedin.oribi.io https://embedwistia-a.akamaihd.net https://sentry.io https://o74703.ingest.sentry.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.facebook.com/ https://*.algolia.net https://fonts.gstatic.com https://images.ctfassets.net https://px.ads.linkedin.com https://*.intercom.io wss://*.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com; default-src 'self' https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://*.wistia.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://*.stripe.com https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://webhook.frontapp.com/ https://www.google.com https://calendly.com https://open.spotify.com/ https://www.facebook.com https://www.youtube.com/; img-src 'self' blob: data: https://dovetail.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://analytics.google.com https://cdn.shopify.com https://cdn.zapier.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://images.ctfassets.net https://images.unsplash.com https://optimize.google.com https://ssl.gstatic.com https://tagmanager.google.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bs https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ch https://www.google.co.cr https://www.google.co.hp https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.ec https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.vn https://www.google.com https://www.google.cl https://www.google.cz https://www.google.de https://www.google.dk https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hu https://www.google.hr https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lk https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.google.tr https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://zapier-images.imgix.net https://*.linkedin.com https://*.licdn.com https://p.adsymptotic.com https://www.facebook.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; media-src 'self' blob: data: https://dovetail.com https://*.wistia.com https://*.wistia.net https://*.ctfassets.net https://embedwistia-a.akamaihd.net https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://api.segment.io https://cdn.segment.com https://cdn.segment.io https://optimize.google.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://connect.facebook.net https://static.hotjar.com https://*.intercom.io https://js.intercomcdn.com https://accounts.google.com/gsi/client; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; worker-src 'self' blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com/ http://s7.addthis.com/ https://m.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://mma.prnewswire.com/ https://www.addthis.com/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://s7.addthis.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com/; 2
frame-ancestors 'self' https://explore.medius.com 2
default-src 'self' *.albridge.com:* *.bnymellon.net *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com; 2
frame-ancestors 'self' http://webvisor.com https://webvisor.com 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uz www.google.com.bh www.google.co.nz www.google.com.gi www.google.ms www.google.com.ni *.adobe.com *.googleadservices.com static.mobilemonkey.com www.google.com.tw www.google.ch www.google.hr www.google.co.za appspot.com cdn.userway.org www.google.com.ph www.google.com.om www.google.com.au *.siteimproveanalytics.io cdnjs.cloudflare.com www.recaptcha.net m.me translate.google.com cdn77.api.userway.org demdex.net www.google.com.sa www.gstatic.com *.fbsbx.com onlinebanktours.com www.google.com.py hipotecas.1firstbank.com www.google.cz api.userway.org www.google.ru www.google.be www.google.com.do *.everesttech.net www.google.sn *.ganalytics-data.1firstbank.com www.google.com.et cdn77.api.qa.userway.dev www.google.gm www.google.fr www.google.com.kh www.google.com.br www.google.com.jm www.google.co.ke www.google.com.mx www.google.com.ec www.google.co.ug use.fontawesome.com www.google.pl www.google.dk applications.1firstbank.com assets.adobedtm.com www.google.co.cr www.google.co.bw *.gstatic.com www.google.az youtube.com *.omtrdc.net www.google.com.ua www.google.ne www.google.com.cu www.google.com.bz www.google.com.gt *.ibosscloud.com googleadservices.com www.google.nl *.youtube-nocookie.com www.google.lv ytimg.com www.google.com.my www.google.vg *.googleapis.com cloudflare.com everesttech.net www.google.com.pr recaptcha.net www.google.com www.google.ee pro.fontawesome.com www.google.co.ve *.adobedtm.com 1firstbank.com www.google.it www.google.se www.google.jo web13.secureinternetbank.com www.google.com.af www.google.fi www.google.pt rewardsfirstbank.com www.google.com.pa comercial.1firstbank.com analytics.google.com www.google.mg www.google.tg www.google.com.pk www.google.ba *.youtube.com www.google.com.co i.ytimg.com www.google.dz www.google.kz www.google.lu www.google.com.ag www.google.bj *.mobilemonkey.com facebook.com *.google-analytics.com www.google.cn www.google.com.sv www.google.is www.google.ps *.recaptcha.net www.google.kg www.google.cl 1firstbank.io www.google.iq facebook.net www.google.ga *.cloudflare.com adservice.google.com *.1firstbank.com www.google.lk www.google.sk www.google.com.cy region1.analytics.google.com www.google.ae localizador.1firstbank.com googleapis.com ssl.google-analytics.com www.google.co.tz www.google.lt www.google.cd www.google.hn adservice.google.com.pr *.googlesyndication.com www.google.cm www.google.sc api.mobilemonkey.com www.google.com.tr www.google.com.sg www.google.mv www.google.la www.google-analytics.com www.google.com.eg userway.org www.google.hu google.com *.onlinebanktours.com www.google.co.kr www.google.ro mobilemonkey.com www.google.ad www.google.co.th www.google.es *.siteimprove.com www.google.com.bd *.googletagmanager.com www.google.mn www.google.com.ai *.facebook.com www.google.tn www.google.am www.google.gr www.google.co.uk firstbankbeyond.com www.google.mw www.google.com.ar www.google.co.in www.google.com.ng www.google.de adobedtm.com www.google.at www.google.gy www.google.ht www.google.com.qa doubleclick.net digitalbanking.1firstbank.com www.google.com.hk ganalytics-data.1firstbank.com googletagmanager.com *.siteimproveanalytics.com apis.google.com cdn.jsdelivr.net www.google.li www.google.com.mt errors.adobeaemcloud.com www.google.com.ly *.doubleclick.net www.google.com.pe www.google.tm www.google.al www.google.sr www.google.bg www.google.com.bn omtrdc.net google-analytics.com *.facebook.net google.com.co www.google.ie *.appspot.com www.1firstbank.com www.google.com.vc solicitudes.1firstbank.com www.google.co.vi www.google.com.mm www.google.tt www.youtube.com fonts.gstatic.com www.google.no www.google.ci www.google.com.gh www.google.as *.google.com fbsbx.com www.google.com.kw gstatic.com www.google.co.id youtube-nocookie.com 6253864.global.siteimproveanalytics.io www.google.dm www.google.com.bo www.google.co.jp *.demdex.net siteimproveanalytics.io *.ytimg.com www.google.com.np digitalone.firstbank.local m.youtube.com siteimproveanalytics.com www.google.com.uy www.google.tl www.google.co.il www.google.ca www.googletagmanager.com www.google.bf maxcdn.bootstrapcdn.com *.userway.org www.google.co.ma; frame-ancestors 'self' cloudflare.com google.com.co digitalone.1firstbank.local appspot.com onlinebanktours.com author-p64062-e536422.adobeaemcloud.com facebook.com google-analytics.com youtube-nocookie.com demdex.net userway.org youtube.com ganalytics-data.1firstbank.com ytimg.com googleadservices.com solicitudes.1firstbank.com www.google.com applications.1firstbank.com google.com 1firstbank.com everesttech.net  2
frame-ancestors 'self' https://backoffice.shoppster.com 2
connect-src 'self' blob: data: gap: https://*.allocatesoftware.com https://*.allocatesoftware.co.uk https://*.allocatesoftware.com.au https://*.allocatesoftware.se https://*.allocatesoftware.de https://*.rldatix.de https://*.rldatix.com https://*.rldatixlifesciences.com https://*.osano.com https://*.mktoresp.com https://*.wpo365.com/ https://*.cloudfront.net https://*.marketo.net https://*.linkedin.com https://*.linkedin.oribi.io https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hirebridge.com https://yoast.com/ https://*.hopin.com https://*.jaaq.org https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://www.semrush.com/ https://*.amplitude.com; font-src 'self' data: https://static2.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.bunny.net https://s0.wp.com; 2
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://objects.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com 'self'; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://story.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com; upgrade-insecure-requests 2
default-src 'self' https:; connect-src 'self' https: wss: http://*.mktoresp.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: http://js.hs-scripts.com/ http://munchkin.marketo.net/ http://unpkg.com/ http://js.hsforms.net/forms/v2.js; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https: http://*.libsyn.com/; img-src 'self' https: data: http://images.ctfassets.net/ blob:; frame-ancestors 'self' https://app.contentful.com; 2
frame-ancestors 'self'; base-uri 'none'; form-action 'self' *.readspeaker.com 2
default-src 'self' static.dnsbelgium.be; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com   *.ads.linkedin.com; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net; connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud; worker-src 'self'; object-src 'self' 2
frame-ancestors 'self' https://*.melissa.com 2
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' ; img-src 'self' * https: http: data:  2
frame-ancestors   'self'; default-src   'self'   'unsafe-inline'   'unsafe-eval'   data: blob: https:;; upgrade-insecure-requests 2
frame-ancestors 'self' localhost:* *.cossette.digital *.quebec-cite.com 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:  https://*.googleapis.com; worker-src 'self' blob:; 2
object-src 'self'; frame-ancestors 'self' *.publicissapient.com www.publicissapient.fr publicissapient.fr sites-us.lumapps.com vox.publicissapient.com; 2
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekonomen.se *.mekonomen.no *.firebase.com *.zendesk.com mekonomen.customer.eclub.se *.myvisitors.se *.triggerbee.com google-analytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekonomen.se *.mekonomen.no *.facebook.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.doubleclick.net *.hotjar.com mekonomen.boost.ai *.promeisterportal.com *.googletagmanager.com *.google-analytics.com mekonomen-booking.promeisterportal.com code.jquery.com *.googleapis.com mekonomen.customer.eclub.se c2m.c2management.se *.reco.se mekonomenno.customer.eclub.se *.resurs.com *.signicat.com *.promeister.com staging-booking.promeister.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no cdn.cookielaw.org *.google.com *.google.co.in *.ytimg.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.adnxs.com *.mookie1.com *.googletagmanager.com *.facebook.net *.google-analytics.com mekonomen.customer.eclub.se *.magentocommerce.com *.demdex.net *.googleadservices.com *.paypalobjects.com *.paypal.com *.sandbox.paypal.com *.bing.com *.doubleclick.net *.facebook.com *.jobylon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.bing.com *.google.com *.adtraction.com *.adnxs.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.hotjar.com mekonomen.boost.ai *.mookie1.com *.promeisterportal.com code.jquery.com google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net cdn.cookielaw.org *.onetrust.com mekonomen.customer.eclub.se *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.dnky.co *.dotdigital.com *.addthis.com *.doubleclick.net *.myvisitors.se *.triggerbee.com *.dep-x.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com *.google.com *.googleapis.com *.googletagmanager.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; object-src *.mekonomen.se *.mekonomen.no *.cloudfront.net *.zendesk.com code.jquery.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.mekonomen.se *.mekonomen.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com *.googleapis.com *.myvisitors.se *.triggerbee.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.algolia.io *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.hotjar.com mekonomen.boost.ai *.getsentry.com *.promeisterportal.com code.jquery.com cdn.cookielaw.org *.onetrust.com webborder-test.mekonline.com webborder.mekonline.com *.redeal.se 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2
default-src 'self' *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ *.kampyle.com *.medallia.eu assets.cytivalifesciences.com *.demo.app.cytiva.com *.zoovu.com assets-barracuda-runner.azureedge.net static.cloud.coveo.com/ acms-ext.pall.com acms-ext.pall.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com static.cloud.coveo.com google.com googleads.g.doubleclick.net *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/ hm.baidu.com info.cytivalifesciences.com info.cytivalifesciences.com/ d22d1xpx4ztuef.cloudfront.net secure.adnxs.com secure.marx7loki.com *.jsdelivr.net blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ cdn.mxpnl.com d35vb5cccm4xzp.cloudfront.net/ d35vb5cccm4xzp.cloudfront.net cdn.cookielaw.org *.adsrvr.org chat.cytivalifesciences.com cdn.livechatinc.com api.livechatinc.com assets.cytivalifesciences.com *.demo.app.cytiva.com global.localizecdn.com *.zoovu.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co *.6sense.com cytivatrackinglibsanbox.z33.web.core.windows.net cdn.rudderlabs.com acms-ext.pall.com acms-ext.pall.com/; img-src * data: *.kampyle.com *.medallia.eu secure.adnxs.com ib.adnxs.com *.zoovu.com assets-barracuda-runner.azureedge.net; media-src 'self' *.youtube.com cdn.livechatinc.com cdn.cytivalifesciences.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: static3.avast.com *.kampyle.com *.medallia.eu cdn.livechatinc.com *.zoovu.com assets-barracuda-runner.azureedge.net; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net info.cytivalifesciences.com info.cytivalifesciences.com/ www.cytivalifesciences.com/ www.cytivalifesciences.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ insight.adsrvr.org match.adsrvr.org embed.podcasts.apple.com secure.livechatinc.com *.demo.app.cytiva.com open.spotify.com/ chat.cytivalifesciences.com/ cdn.cytivalifesciences.com podcasters.spotify.com *.zoovu.com td.doubleclick.net/ assets.cytivalifesciences.com; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/ hm.baidu.com api.ipify.org c.jabmo.app acapgenertedreports-prod.s3.amazonaws.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ *.mixpanel.com cytivalifesciences.data.adobedc.cn cdn.cookielaw.org cookies-data.onetrust.io *.blob.core.windows.net idx.liadm.com directline.botframework.com wss://directline.botframework.com api.livechatinc.com cdn.linkedin.oribi.io global.localizecdn.com app.localizejs.com api-barracuda.zoovu.com *.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co api.cytivalifesciences.com pagead2.googlesyndication.com api.rudderlabs.com cytiva-dataplane.rudderstack.com acms-ext.pall.com acms-ext.pall.com/ api.rudderstack.com px.ads.linkedin.com; report-uri https://www.cytivalifesciences.com/api/csp/report 2
worker-src blob:; block-all-mixed-content; font-src fonts.gstatic.com *.amazonaws.com cdn.axminstertools.com cdn.honey.io *.bglobale.com *.global-e.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.userway.org *.yotpo.com *.googleapis.com *.gstatic.com blog.axminstertools.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypalobjects.com js.braintreegateway.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn-ukwest.onetrust.com *.authorize.net *.paypal.com *.algolianet.com *.algolia.net *.apple-mapkit.com cdn.axminstertools.com bat.bing.com www.clarity.ms static.cloudflareinsights.com *.doubleclick.net suite22.emarsys.net connect.facebook.net wchat.freshchat.com apis.google.com ssl.google-analytics.com tpc.googlesyndication.com www.googleadservices.com www.google.com/pagead/ tagmanager.google.com *.googletagmanager.com *.hotjar.com js-agent.newrelic.com *.nr-data.net *.scarabresearch.com *.sentry-cdn.com widget.trustpilot.com *.twitter.com *.ads-twitter.com www.youtube.com *.online-metrix.net https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net https://angus.finance-calculator.co.uk *.bglobale.com *.global-e.com *.yotpo.com swellrewards.com *.swellrewards.com widget.freshworks.com m2epro.freshdesk.com cdn.userway.org testflex.cybersource.com flex.cybersource.com pay.google.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com blogcdn.axminstertools.com stats.wp.com talk.hyvor.com cdnapisec.kaltura.com blog.axminstertools.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; manifest-src cdn.axminstertools.com 'self'; base-uri 'self' 'unsafe-inline'; report-uri https://o321468.ingest.sentry.io/api/1815626/security/?sentry_key=4be58bfe3e5a4d6590b3f5022cda615a; report-to report-endpoint; 2
default-src 'self'; connect-src 'self' analytics.gov.yk.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca https://widget.time.is static.addtoany.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com https://player.vimeo.com; 2
default-src 'self'; script-src *.maps.yandex.net  *.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src  'self'  'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru  *.1c-bitrix.ru 'self' 2
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data:; worker-src 'self' blob:; child-src blob:; frame-src *; frame-ancestors 'self' https://my.yano.digital 2
default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi  'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com  https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2
frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 2
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2
connect-src 'self' https://*.analytics.google.com https://*.arcot.com https://*.doubleclick.net https://*.google-analytics.com https://*.onetrust.com https://*.optimizely.com https://ade.googlesyndication.com https://api.github.com https://api.mypurecloud.ie https://pagead2.googlesyndication.com https://www.google.hu wss://carrier-pigeon.mypurecloud.ie https://*.bankofireland.com https://*.bsw-dev.net https://*.cludo.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.pingdom.net https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.twitter.com https://app.altocloud.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://gkcpri.boi.com https://gkcsec.boi.com https://gmspri.boi.com https://gmssec.boi.com https://privacyportal.cookiepro.com https://stats.g.doubleclick.net https://www.google-analytics.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' px.ads.linkedin.com *.ads.linkedin.com *.cookiebot.com *.facebook.com *.facebook.net *.g.doubleclick.net *.gigya.com *.go-mpulse.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.ivoclar.com *.ivoclarvivadent.com *.ownid.com *.pardot.com *.purechat.com *.purechatcdn.com *.vimeo.com *.youtube.com api.ipify.org cdn.fusedeck.net challenges.cloudflare.com g.doubleclick.net io.fusedeck.net js.hsforms.net script.hotjar.com service.excentos.com snap.licdn.com static.hotjar.com www.eventbrite.com www.googletagmanager.com www.linkedin.com yastatic.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net iytimg.com;img-src 'self' data: px.ads.linkedin.com cdn.jsdelivr.net *.ivoclar.com *.ivoclarvivadent.com *.gigya.com *.google.com google.com *.google.at *.gstatic.com *.googleapis.com *.google-analytics.com *.purechat.com *.purechatcdn.com *.googleapis.com *.facebook.net *.facebook.com *.google-analytics.com *.pardot.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.youtube.com *.ads.linkedin.com *.vimeo.com *.excentos.com excentos.com *.google.com.sa google.com.sa *.google.de google.de cdn01.basis.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com;style-src 'self' data: blob: 'unsafe-inline' px.ads.linkedin.com cdn.jsdelivr.net *.google.com *.googleapis.com *.ivoclarvivadent.com *.ivoclar.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googlesyndication.com cdn.fusedeck.net *.youtube.com *.vimeo.com *.excentos.com cdn01.basis.net tags.srv.stackadapt.com www.google.co.th *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com;object-src 'self';upgrade-insecure-requests ;frame-ancestors 'self' data: px.ads.linkedin.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.gigya.com *.cookiebot.com *.purechat.com *.purechatcdn.com *.googleapis.com *.google-analytics.com *.go-mpulse.net *.ivoclarvivadent.com *.ivoclar.com *.vimeo.com challenges.cloudflare.com;connect-src 'self' wss: https:;default-src https:;base-uri 'self';form-action 'self' https:; 2
frame-ancestors https://admin.devby.io https://devby.io 2
script-src 'self' http://app.storyblok.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com/ http://www.youtube.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' https://res.cloudinary.com https://www.google.com https://www.google.de https://www.google.lt https://www.google-analytics.com https://px.ads.linkedin.com https://pubads.g.doubleclick.net data:;media-src https://res.cloudinary.com;font-src 'self' data:;worker-src blob: 2
font-src *.fontawesome.com data: *.fonts.googleapis.com *.gstatic.com *.cloudflare.com *.etudehouse.com *.etude.com *.typekit.net acsbapp.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.etude.com *.besweeton.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com https://pwgateway.com https://api.paymentwall.com/ *.google.com *.addthis.com *.mathtag.com *.api.useinsider.com gum.criteo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://api.paymentwall.com/ *.cloudflare.com cdn.klarna.com s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.cdninstagram.com *.doubleclick.net *.mathtag.com *.amorepacific.com *.google.com *.google.co.kr *.etudehouse.com *.etude.com www.facebook.com *.paygate.net *.cookielaw.org *.besweeton.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com s7.addthis.com *.avada.io https://api.paymentwall.com/ https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com *.googleapis.com *.addthis.com *.addthisedge.com *.facebook.com connect.facebook.net cdn.cookielaw.org rum.beusable.net *.mathtag.com *.etudehouse.com *.etude.com *.criteo.net *.criteo.com *.api.useinsider.com cdnjs.cloudflare.com *.paygate.net *.google.com *.gstatic.com acsbapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.etudehouse.com *.etude.com *.typekit.net *.paygate.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com ekr.zdassets.com/ https://pwgateway.com https://api.paymentwall.com/ *.cloudflare.com *.googleapis.com *.addthis.com graph.instagram.com cdn.cookielaw.org *.etudehouse.com *.etude.com *.facebook.com *.api.useinsider.com stats.g.doubleclick.net *.onetrust.com *.acsbapp.com acsbapp.com pagead2.googlesyndication.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.vystarcu.org; 2
default-src 'self' deskline.net 'unsafe-inline' 'unsafe-eval' https: data: blob: 2
frame-ancestors 'self' https://mychart.riversideonline.com 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.branch.io https://cdn.jsdelivr.net https://polyfill.io https://*.trustpilot.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.exponea.com https://api.network.exponea.com https://*.exponea.com https://www.googletagmanager.com https://*.algolia.net https://www.google-analytics.com https://analytics.twitter.com https://connect.facebook.net https://static.ads-twitter.com https://platform.twitter.com https://s7.addthis.com https://app.link https://z.moatads.com https://v1.addthisedge.com https://*.addthis.com https://static.zdassets.com https://use.typekit.net https://activewin.co.uk https://code.jquery.com https://m.addthis.com https://*.quotezone.co.uk https://*.github.io https://*.cloudflare.com https://uicdn.toast.com https://*.google.com https://*.gstatic.com https://assets.pinterest.com https://analytics.tiktok.com https://*.onetrust.com https://*.shareaholic.net https://snap.licdn.com https://*.stackpathcdn.com https://cdn.viglink.com https://*.shareaholic.net https://partner.shareaholic.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com https://*.hotjar.com https://dsms0mj1bbhn4.cloudfront.net https://cdn.openshareweb.com;style-src 'self' 'unsafe-inline' data: https://ajax.googleapis.com https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://*.typekit.net https://*.cloudflare.com https://*.toast.com https://*.hotjar.com https://fonts.bunny.net/ https://cdn.openshareweb.com;font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://*.stackpathcdn.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/ https://dsms0mj1bbhn4.cloudfront.net/v2/ https://dsms0mj1bbhn4.cloudfront.net/v2/ https://fonts.bunny.net/ https://cdn.openshareweb.com;connect-src 'self' https://api.exponea.com https://api.network.exponea.com https://*.exponea.com https://*.algolia.net https://*.algolia.io https://stats.g.doubleclick.net https://*.addthis.com https://bat.bing.com https://www.google-analytics.com https://analytics.tiktok.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.shareaholic.com https://*.shareaholic.net https://api.viglink.com https://*.hotjar.com wss://ws34.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ads.linkedin.com;frame-src 'self' https://*.addthis.com https://www.googletagmanager.com https://*.quotezone.co.uk https://*.youtube.com https://*.youtube-nocookie.com https://www.pages04.net http://images.healthservicediscounts.com https://images.healthservicediscounts.com https://perk.ee.co.uk https://s7.addthis.com https://*.facebook.com https://*.trustpilot.com/ https://*.google.com https://assets.pinterest.com https://vars.hotjar.com https://*.doubleclick.net/;img-src 'self' data: https://t.co https://*.execute-api.eu-west-1.amazonaws.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://*.healthservicediscounts.com https://*.discountsforteachers.co.uk https://*.discountsforcarers.com https://*.charityworkerdiscounts.com https://*.typekit.net https://*.toast.com https://*.google-analytics.com https://*.googletagmanager.com https://i.pinimg.com https://log.pinterest.com https://www.addthis.com https://*.atdmt.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://*.analytics.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://alb.reddit.com https://*.hotjar.com https://*.twitter.com https://images-static.trustpilot.com https://ajax.googleapis.com/; 2
default-src http: https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; object-src 'none'; frame-ancestors 'self'; 2
default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.g.doubleclick.net/ *.hotjar.io/ cdn.linkedin.oribi.io/; frame-src *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io; style-src 'unsafe-inline' 'self' *.typekit.net/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.nextdoor.com/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.googletagmanager.com/ googleoptimize.com/ googleads.g.doubleclick.net/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ *.googleoptimize.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.g.doubleclick.net/ smct.co/; 2
default-src 'self' mychart.org *.mychart.org;        script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com;        connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com;        style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline';        font-src 'self' mychart.org *.mychart.org fonts.gstatic.com;        img-src 'self' mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com;        media-src 'self' mychart.org *.mychart.org cdn.epic.com;        frame-src 'self' mychart.org *.mychart.org www.youtube-nocookie.com mychartvideo-dev.azurewebsites.net patientexperiencevideoplayer.epic.com; 2
font-src * data:; 2
frame-ancestors 'self' landmarkglobal.be; 2
report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' https://backend.novozymes.com; 2
frame-ancestors 'self' *.wescom.org https://wescom.org; 2
frame-ancestors https://*.pironet-ndh.com:4433 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.adobedtm.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.addtoany.com *.mktoweb.com *.marketo.net *.licdn.com *.doubleclick.net *.vimeocdn.com *.optmnstr.com *.vimeo.com *.bing.com *.jotform.com *.jotfor.ms *.newrelic.com www.google.com cdnjs.cloudflare.com browser.sentry-cdn.com *.nr-data.net static.hotjar.com *.hotjar.com ajax.googleapis.com  *.omappapi.com static.ads-twitter.com *.zoominfo.com *.salesloft.com *.drift.com *.driftt.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com *.6sc.co *.g2crowd.com *.googlesyndication.com *.bizible.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mktoweb.com *.jotfor.ms *.omappapi.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.driftt.com; frame-src player.vimeo.com *.doubleclick.net static.addtoany.com *.mktoweb.com vars.hotjar.com rocketsoftware.demdex.net *.facebook.com *.google.com *.jotform.io *.jotform.us *.jotform.com *.youtube.com *.captivate.fm *.drift.com *.driftt.com; frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de; child-src 'self'; font-src 'self' script.hotjar.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' info.rocketsoftware.com *.mktoresp.com *.omappapi.com *.omtrdc.net *.demdex.net *.google-analytics.com *.bing.com api.company-target.com *.nr-data.net *.hotjar.com *.hotjar.io *.google.com www.facebook.com *.mktoutil.com wss://*.hotjar.com *.jotform.us *.salesloft.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com cdn.linkedin.oribi.io *.6sc.co *.6sense.com *.adnxs.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests; form-action 'self' *.facebook.com *.jotform.us *.jotform.com; base-uri 'self' 2
default-src 'self' https://*.fresenius.com https://*.fresenius.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fresenius.com https://*.fresenius.de https://cdn.cookielaw.org/ https://www.youtube.com https://s.ytimg.com https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://geolocation.onetrust.com https://privacyportal-de.onetrust.com  https://*.fresenius-kabi.com https://api.deepl.com https://jira.fresenius-netcare.com https://*.azureedge.net/ https://*.facebook.net https://*.instagram.com https://*.twitter.com  https://*.twimg.com; connect-src 'self' https://*.fresenius.com https://*.fresenius.de https://*.web01.intra.fresenius.com/ https://cdn.cookielaw.org/ https://mc.yandex.ru https://privacyportal-de.onetrust.com https://api.deepl.com https://login.microsoftonline.com https://jira.fresenius-netcare.com https://irpages2.equitystory.com https://*.onetrust.io; style-src blob: 'self' 'unsafe-inline' https://cdn.my-styles.ru https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com https://*.azureedge.net https://*.twitter.com https://*.twimg.com; img-src 'self' https://*.youtube.com https://youtu.be https://*.azureedge.net https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com https://*.openstreetmap.org https://www.fresucare.de https://cdn.cookielaw.org https://*.twimg.com https://*.twitter.com https://eqs-cockpit.com blob: 'self' data:; media-src 'self' https://*.youtube.com https://youtu.be https://*.azureedge.net https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com; child-src 'self' https://player.vimeo.com https://www.youtube.com https://youtu.be https://www.dailymotion.com/ https://mc.yandex.ru https://api-maps.yandex.ru blob:; frame-src 'self' https://www.youtube.com/ https://youtu.be https://api-maps.yandex.ru https://yandex.ru https://player.vimeo.com https://jira.intra.fresenius.de https://jira.fresenius-netcare.com https://jira.fresenius.com https://tools.eurolandir.com https://vara-services.com https://login.doccheck.com/ https://*.facebook.com https://*.instagram.com https://*.twitter.com; font-src 'self' https://*.fresenius-kabi.com https://*.fresenius.com https://*.azureedge.net/ data:; worker-src 'self' https://*.fresenius.com https://*.fresenius.de; 2
script-src 'self' racing.hkjc.com ssl.p.jwpcdn.com blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none' 2
frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 2
frame-ancestors 'self' *.ariba.com *.gn.com 2
default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com ; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net ; upgrade-insecure-requests 2
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; 2
default-src 'none'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.trustedshops.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' *.trustedshops.com data:; font-src 'self' *.trustedshops.com https://manage.chilly.domains https://swiss.chilly.domains; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com https://host19.ssl-gesichert.at/; form-action *; connect-src 'self' *.trustedshops.com 2
frame-ancestors 'self'  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com  https://platform.cloud.coveo.com  https://search.cloud.coveo.com 2
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; object-src 'self'; font-src *; connect-src *; img-src 'self' data: *; frame-src *; media-src *; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com ikeausacustomersupport.my.salesforce.com *.afterpay.com *.ingka.dev seal.digicert.com *.taskrabbit.com pro.ip-api.com api.everythinglocation.com bpi.briteverify.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.jivox.com cdn.pdst.fm *.pinterest.com s.pinimg.com api.pinpiaa.com survey.survicate.com surveys-static.survicate.com analytics.tiktok.com trkn.us *.yimg.com p.placed.com *.pulseinsights.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.breadpayments.com *.kmsmep.com kmsmep.s3.amazonaws.com *.comenity.net sasadseus2fmcprd02.blob.core.windows.net assets.adobedtm.com alliancefrictionless.112.2o7.net api.alldata.net; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; style-src 'unsafe-inline' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 2
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; block-all-mixed-content 2
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * blob: ; object-src * ; child-src * ; frame-src * ; worker-src * blob: ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 2
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 2
frame-ancestors 'self' *.axisdirect.in 2
frame-ancestors 'self' *.zinghr.com ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com tags.srv.stackadapt.com/events.js *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com tags.srv.stackadapt.com/events.js id.eu.siteimprove.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com; report-uri /report-csp-violation 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; child-src *  data: blob: 'unsafe-inline' ; frame-ancestors : *  data: blob: ; worker-src: * 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' data: *; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://snap.licdn.com https://*.googlesyndication.com https://img.en25.com https://connect.facebook.net https://static.ads-twitter.com https://ws.zoominfo.com https://*.googleadservices.com https://*.google.com https://*.brightcove.com https://*.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://vjs.zencdn.net https://secure.p04.eloqua.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://*.opendns.com https://opencdn.fpjs.sh https://fpnpmcdn.net https://*.linkedin.com https://*.gartner.com https://cdnjs.cloudflare.com https://openfpcdn.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.viavisolutions.com https://*.googleapis.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://players.brightcove.net https://www.gartner.com; img-src 'self' data: about:blank https://*.viavisolutions.com http://comms.viavisolutions.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com  https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.facebook.com https://*.brightcove.com https://ws.zoominfo.com https://*.boltdns.net https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tags.srv.stackadapt.com https://stickerly.pstatic.net https://players.brightcove.net https://*.gartner.com; media-src 'self' blob: https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.akamaihd.net https://*.cf.brightcove.com; frame-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://td.doubleclick.net https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; frame-ancestors 'self' https://*.viavisolutions.com https://viavi.seismic.com; child-src 'self' blob: https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://players.brightcove.net; connect-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://*.gstatic.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://maps.googleapis.com https://*.g.doubleclick.net https://tags.srv.stackadapt.com https://*.brightcove.com https://ws.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.boltdns.net https://*.akamaihd.net https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com https://tag-logger.demandbase.com https://*.opendns.com https://px.ads.linkedin.com https://api.fpjs.io https://www.feedrapp.info; report-uri /en-us/report-csp-violation 2
default-src 'self' https://script.hotjar.com https://fonts.gstatic.com https://*.turkiyefinans.com.tr/ https://webplugin.signfordeaf.com https://cdn01.signfordeaf.com  https://kor01rp02.signfordeaf.com; img-src 'self' https://mc.yandex.ru/ https://api-maps.yandex.ru/ https://script.hotjar.com  https://stats.g.doubleclick.net http://tr-gmtdmp.mookie1.com  http://www.google-analytics.com www.googleadservices.com https://www.facebook.com/ https://*.turkiyefinans.com.tr/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://googleads.g.doubleclick.net  https://www.google.com https://www.google.com.tr  https://vec01.maps.yandex.net/ https://vec02.maps.yandex.net/ https://vec03.maps.yandex.net/ https://vec04.maps.yandex.net/ https://core-renderer-tiles.maps.yandex.net/ data: https://a.twiago.com https://ad.360yield.com  https://ad.as.amanad.adtdp.com https://ad.mail.ru https://ad.yieldlab.net https://ads.stickyadstv.com https://ads.yahoo.com https://api-maps.yandex.ru https://c.bing.com https://cm.adform.net https://cm.g.doubleclick.net  https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com https://id5-sync.com https://ih.adscale.de https://jadserve.postrelease.com https://match.sharethrough.com https://matching.ivitrack.com https://pixel.advertising.com https://pixel.rubiconproject.com  https://pixel.tapad.com https://profile.ssp.rambler.ru https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com  https://sp.analytics.yahoo.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.aralego.com https://sync.outbrain.com https://trends.revcontent.com https://ups.analytics.yahoo.com  https://visitor.omnitagjs.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.tr https://www.googletagmanager.com https://x.bidswitch.net ; connect-src 'self' https://webplugin.signfordeaf.com  https://cdn01.signfordeaf.com https://kor01rp02.signfordeaf.com https://mc.yandex.ru/ https://stats.g.doubleclick.net https://www.google-analytics.com/ https://in.hotjar.com/ https://surveystats.hotjar.io  https://*.turkiyefinans.com.tr/ https://www.googletagmanager.com https://www.facebook.com https://analytics.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; base-uri 'self'; script-src 'self'  http://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://ajax.googleapis.com https://t.qservz.com https://maps.googleapis.com www.googleadservices.com https://*.turkiyefinans.com.tr/   https://tpc.googlesyndication.com https://mc.yandex.ru https://api-maps.yandex.ru https://mc.yandex.ru/metrika/tag.js https://unpkg.com/web-vitals https://yastatic.net  https://static.hotjar.com/  https://googleads.g.doubleclick.net/pagead/viewthroughconversion/  https://static.criteo.net/js/ld/ld.js https://dis.eu.criteo.com/  https://tagmanager.google.com/ https://sslwidget.criteo.com/  https://github.com/RobinHerbots/Inputmask/blob/5.x/dist/inputmask.min.js https://yastatic.net/s3/front-maps-static/front-jsapi-v2-1/2.1.78-7/build/release/full-ffb813a29f30feadb63b5654242d042b7b6a91aa.js  https://script.hotjar.com/ 'unsafe-eval' 'unsafe-inline' https://api-maps.yandex.ru/2.1/ https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/ https://script.hotjar.com/  https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://static.hotjar.com/ https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://www.google-analytics.com/analytics.js  https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://yastatic.net/; frame-src 'self' https://*.turkiyefinans.com.tr/ https://www.facebook.com/ https://ad.adrttt.com/  https://tpc.googlesyndication.com www.youtube.com  https://vars.hotjar.com/ https://api-maps.yandex.ru/ https://9795545.fls.doubleclick.net/ https://mc.yandex.ru/ https://9887073.fls.doubleclick.net/ https://static.criteo.net  https://gum.criteo.com/  https://bid.g.doubleclick.net/ ; media-src 'self' https://webplugin.signfordeaf.com https://cdn01.signfordeaf.com https://kor01rp02.signfordeaf.com http://webplugin.signfordeaf.com http://cdn01.signfordeaf.com http://kor01rp02.signfordeaf.com 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline' 2
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com www.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src www.youtube.com tools.euroland.com www.google.com open.spotify.com embed-standalone.spotify.com ;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com ds-onetrust.securitas.com analytics.google.com region1.analytics.google.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-ancestors 'none'; 2
font-src 'self' themes.googleusercontent.com data:; frame-src 'self' https://player.vimeo.com/ https://www.dailymotion.com/ https://youtu.be/ https://www.youtube.com/ https://simulaides.ademe.fr/ https://bo-ris.ademe.fr/ https://preprod-simulaidesv2.ademe-dri.fr/ http://preprod-ris.ademe.fr/ https://prod-ris.ademe-dri.fr/ https://www3.ademe.fr/ https://experience.arcgis.com/ https://geo.dailymotion.com/; img-src 'self' data: https://logs1412.xiti.com https://vocalcom01.teleperformance.fr http://gva.et-gv.fr; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/ wss://widget-mediator.zopim.com https://static.zdassets.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com http://gva.et-gv.fr; style-src 'self' 'unsafe-inline' https://vocalcom01.teleperformance.fr; style-src-attr 'self' 'unsafe-inline' 2
default-src 'self' *.chengmail.cn *.mail.top *.cndns.com *.chengpan.vip at.alicdn.com *.51.la *.idccenter.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cndns.com *.cnzz.com cdn.jsdelivr.net unpkg.com *.51.la *.idccenter.net www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.cndns.com cdn.jsdelivr.net unpkg.com at.alicdn.com *.idccenter.net;img-src * 'self' data: https: blob:;frame-src 'self' *.chengmail.cn *.chengmail.me *.chengpan.vip *.idccenter.net;font-src 'self' data: cdn.jsdelivr.net at.alicdn.com unpkg.com *.idccenter.net 2
default-src 'self' http: https:  cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 2
default-src * 'self' https://pic.yeshiva.org.il *.yeshiva.org.il *.yeshiva.co https://securepubads.g.doubleclick.net *.safeframe.googlesyndication.com *.googlesyndication.com https://www.googletagmanager.com https://cdn.rtlcss.com https://www.gstatic.com https://accessibility.f-static.com https://adservice.google.co.il https://fonts.gstatic.com *.gstatic.com https://yeshiv.activetrail.biz *.youtube.com https://closeapp.co.il *.googleapis.com *.google.com https://www.charidy.com *.facebook.com https://www.youtube-nocookie.com https://youtu.be https://trailer.web-view.net *.hotjar.com *.crwdcntrl.net *.doubleclick.net *.sekindo.com https://console.googletagservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://browser-update.org https://ssl.google-analytics.com *.google-analytics.com https://www.google.co.il *.google.co.il https://cdnjs.cloudflare.com https://www.googletagservices.com *.cloudflare.com https://angular-ui.github.io https://maxcdn.bootstrapcdn.com https://csp.withgoogle.com data: blob: 'unsafe-inline'; font-src *; style-src * 'unsafe-inline'; frame-ancestors *; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 2
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; base-uri 'self'; child-src blob:; connect-src 'self' https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://tattle.api.osano.com; img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com; font-src 'self' data: ; form-action 'self' https://forms.hsforms.com https://www.facebook.com; frame-ancestors 'none'; frame-src https://*.doubleclick.net https://boards.greenhouse.io https://s.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com; manifest-src 'self'; object-src 'none'; report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub41b0937554d4ab91e35c9ae62433371b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://amplify.outbrain.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://cmp.osano.com https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://tag.clearbitscripts.com https://tags.clickagy.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com; style-src 'self' 'unsafe-inline' https://libraries.hund.io; worker-src 'self' blob: 2
default-src * 'self' data: 'unsafe-inline'; 2
connect-src 'self' https://* http://* wss://* 2
default-src 'self' https://graphcdn.io https://*.graphcdn.io https://*.stellate.co;  script-src 'self' https://shoutout.io https://*.stripe.com https://canny.io https://*.intercom.io https://*.intercomcdn.com https://player.vimeo.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://snap.licdn.com/ https://*.linkedin.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://vercel.live/ https://va.vercel-scripts.com/ https://munchkin.marketo.net/ 'nonce-xnsA3nOAhoQpKxGo7h1wQQ==' 'nonce-wg8mH/4XL+9SBJO08+iYDw==' 'sha256-eoRpynDWsQnhwmlFBPR+mMmKkc/qOONWZ8dTR+MOvpA=' 'sha256-LJCumvdHtXpk6bfrP8i7wH14BsQeFdKZCKfcxVKxqLc=' 'unsafe-eval'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://stellate.co https://*.graphcdn.io https://*.stellate.co https://fonts.googleapis.com https://www.googletagmanager.com/; font-src 'self' data: https://stellate.co https://*.graphcdn.io https://*.stellate.co https://*.intercomcdn.com https://fonts.gstatic.com; frame-src 'self' https://learn.stellate.co https://shoutout.io https://*.stripe.com https://*.canny.io https://canny.io https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://share-eu1.hsforms.com; connect-src 'self' https: wss:; frame-ancestors 'self'; 2
frame-ancestors 'self' *.myfitapp.de *.myfitapp.com cockpit.mobilepro.uk.com myfitapp.brightlime.com mobileapp.legendonlineservices.co.uk; 2
default-src 'self' cloudflare-quic.com; script-src 'self' d10zminp1cyta8.cloudfront.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com challenges.cloudflare.com cdnjs.cloudflare.com *.licdn.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.cookiebot.com; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.cookiebot.com challenges.cloudflare.com; object-src 'none'; connect-src 'self' career.recruitee.com *.plyr.io *.linkedin.oribi.io *.cookiebot.com *.google-analytics.com px.ads.linkedin.com; 2
default-src 'self' *.hs-mittweida.de blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; frame-src 'self' *.hs-mittweida.de *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; img-src 'self' *.hs-mittweida.de data: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; style-src 'self' *.hs-mittweida.de 'unsafe-inline' *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; script-src 'self' *.hs-mittweida.de 'unsafe-inline' 'unsafe-eval' blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; 2
base-uri 'self'; default-src * 'self' 'report-sample' data:; img-src * 'self' data:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src * 'self' 'unsafe-inline' 'report-sample'; form-action 'self' https://*.inseego.com 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sibforms.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'none'; connect-src *; font-src 'self'; frame-src 'self' app.storylane.io *.sentry.io; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://www.googletagmanager.com/debug/* https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://capig.bhd.com.do https://*.analytics.google.com https://analytics.google.com https://tagmanager.google.com/ https://us-central1-bhd-global.cloudfunctions.net https://api.sendgrid.com https://eg320nrx9b.execute-api.us-east-1.amazonaws.com https://static.bhd.com.do https://backend.bhd.com.do https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://search.bhd.com.do https://connect.facebook.net https://stats.g.doubleclick.net; img-src 'self' data: https://static.bhd.com.do https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.com.ar https://*.google.as https://*.google.com.bd https://*.google.be https://*.google.com.bo https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.de https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.es https://*.google.com.et https://*.google.fr https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gr https://*.google.com.gt https://*.google.hn https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.in https://*.google.je https://*.google.co.jp https://*.google.com.kh https://*.google.ki https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.co.ma https://*.google.mg https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.ni https://*.google.nl https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.com.sb https://*.google.sh https://*.google.sn https://*.google.sm https://*.google.st https://*.google.co.th https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.com.uy https://*.google.com.vc https://*.google.co.ve https://*.google.com.vn https://*.google.vu https://*.google.co.za https://*.google.cat https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.gstatic.com https://fonts.googleapis.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://static.bhd.com.do; manifest-src 'self'; worker-src 'self' blob:; 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/ 2
object-src none; report-uri /report-csp-violation 2
frame-ancestors 'self' https://*.castlery.com https://app.storyblok.com 2
base-uri 'self'; upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 2
object-src 'self' https://skymediaglobal.b-cdn.net; 2
default-src 'self' https://apim.directverify.in https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.directverify.in https://cdn.jsdelivr.net https://static.directverify.in https://applydirect.org https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com  https://code.jquery.com https://cdn.cookielaw.org https://geolocation.onetrust.com blob: https://directverify.in 'unsafe-eval' 'unsafe-inline';                  style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net https://static.directverify.in 'unsafe-inline';                  font-src 'self' https://static.directverify.in https://fonts.googleapis.com https://fonts.gstatic.com;   img-src 'self' https://static.directverify.in https://static.directverify.in https://cdn.cookielaw.org https://img.icons8.com    2
frame-ancestors https://development.maritim.de https://karriere.maritim.de https://www.maritim.de https://www.maritim.com https://www.maritim-hotels.cn https://www.orangerie-timmendorfer-strand.de https://www.maritim-reisedienst.de https://www.reinhardtundsander.de 2
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com; object-src 2
img-src * data:; frame-ancestors 'self' 2
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2
default-src 'none'; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://fonic.novomind.com https://fonic-oat.novomind.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com https://app.vwo.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://sentry.fonic.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com analytics.google.com https://fonic-iq.novomind.com https://fonic.novomind.com wss://fonic.novomind.com https://fonic-oat.novomind.com wss://fonic-oat.novomind.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode https://stats.g.doubleclick.net https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com *.hotjar.io; font-src 'self' script.hotjar.com https://fonts.gstatic.com data:; frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://app.vwo.com/ https://td.doubleclick.net; img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com https://app.vwo.com *.google-analytics.com *.analytics.google.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com https://script.hotjar.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://sentry.fonic.de/api/2/security/?sentry_key=38cf201186774063918a253e28caadce 2
frame-ancestors 'self' https://www.p3tips.com/ https://www.p3campus.com/ https://tips.sandyhookpromise.org/ 2
frame-ancestors 'self' https://www.bharatpetroleum.in 2
default-src 'self'; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net  https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com data:; media-src https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*; style-src 'unsafe-inline' 'self' https://*; connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://*; worker-src blob:; child-src blob:; font-src 'self' https://*.googleapis.com/ https://*.gstatic.com; 2
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 2
require-sri-for script style 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;img-src * 'self' data: https:; connect-src * blob:;report-uri https://twsec.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src *; media-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 2
frame-src 'self';                                                      img-src  *.mysedgwick.com  https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ 'self' data:;                                                     child-src 'self';                                                     object-src 'none';                                                     base-uri 'self';                                                     frame-ancestors 'self';                                                     default-src 'self' https://geolocation.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://fonts.gstatic.com/ https://storage.googleapis.com/co;                                                     style-src 'self' https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com 'unsafe-inline';                                                     script-src 'self' https://cdn.cookielaw.org https://storage.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 2
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.altice.pt https://*.byside.com wss://s1.byside.com https://cdn-api-weglot.com https://*.google-analytics.com https://*.analytics.google.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.doubleclick.net https://gateway.zscaler.net; default-src 'self'; font-src 'self' data: https://*.altice.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://s1.byside.com https://gateway.zscaler.net; frame-ancestors 'self' https://www.altice.pt https://gateway.zscaler.net; frame-src 'self' https://s1.byside.com https://cdn.embedly.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://gateway.zscaler.net; img-src 'self' data: https:; media-src 'self' data:; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/Oy7m2UgneY/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.altice.pt https://*.meo.pt https://*.byside.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://cdn.weglot.com https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.altice.pt https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 2
default-src * data:; script-src https: http://suzukicycles.local http://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src https: http://suzukicycles.local 'unsafe-inline' 2
object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 2
upgrade-insecure-requests; block-all-mixed-content; disown-opener 2
frame-ancestors *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; frame-src *; font-src *.adguard.org *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' data:; object-src https://cdn.adtidy.org *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; media-src cdn.adtidy.org *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://americannational.com https://*.lifeannuitydi.com https://*.inmoment.com https://tagmanager.google.com https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.assistant.watson.appdomain.cloud https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
connect-src 'self' wss: *.citydrive.ru *.2gis.com *.calltouch.ru https://vk.com https://ad.adriver.ru https://bitrix.info https://mc.yandex.ru https://www.google.com https://mapgl.2gis.com https://top-fwz1.mail.ru https://st.top100.ru https://yastatic.net https://kraken.rambler.ru *.googleoptimize.com *.googletagmanager.com *.mail.ru *.rambler.ru *.cloudflareinsights.com *.googleapis.com *.gstatic.com https://cdn-ru.bitrix24.ru https://b24-glztdv.bitrix24.ru; font-src 'self' wss: data: *.googleapis.com *.gstatic.com *.calltouch.ru; frame-src 'self' *.youtube.com *.google.com *.yandex.ru; script-src 'self' wss: 'unsafe-inline' *.citydrive.ru *.2gis.com *.calltouch.ru https://vk.com https://ad.adriver.ru https://bitrix.info https://mc.yandex.ru https://www.google.com https://mapgl.2gis.com https://top-fwz1.mail.ru https://st.top100.ru https://yastatic.net https://kraken.rambler.ru *.googleoptimize.com *.googletagmanager.com *.mail.ru *.rambler.ru *.cloudflareinsights.com *.googleapis.com *.gstatic.com https://cdn-ru.bitrix24.ru https://b24-glztdv.bitrix24.ru 'unsafe-eval';style-src 'self' wss: 'unsafe-inline' *.googleapis.com https://b24-glztdv.bitrix24.ru; frame-ancestors 'self'; img-src 'self' wss: blob: data: *.citydrive.ru *.2gis.com *.calltouch.ru https://vk.com https://ad.adriver.ru https://bitrix.info https://mc.yandex.ru https://www.google.com https://mapgl.2gis.com https://top-fwz1.mail.ru https://st.top100.ru https://yastatic.net https://kraken.rambler.ru *.googleoptimize.com *.googletagmanager.com *.mail.ru *.rambler.ru *.cloudflareinsights.com *.googleapis.com *.gstatic.com https://cdn-ru.bitrix24.ru https://b24-glztdv.bitrix24.ru; manifest-src 'self'; media-src 'self' wss: *.calltouch.ru;object-src 'self' wss: blob: *.citydrive.ru *.2gis.com *.calltouch.ru https://vk.com https://ad.adriver.ru https://bitrix.info https://mc.yandex.ru https://www.google.com https://mapgl.2gis.com https://top-fwz1.mail.ru https://st.top100.ru https://yastatic.net https://kraken.rambler.ru *.googleoptimize.com *.googletagmanager.com *.mail.ru *.rambler.ru *.cloudflareinsights.com *.googleapis.com *.gstatic.com https://cdn-ru.bitrix24.ru https://b24-glztdv.bitrix24.ru; worker-src 'self' wss: blob: *.citydrive.ru *.2gis.com *.calltouch.ru https://vk.com https://ad.adriver.ru https://bitrix.info https://mc.yandex.ru https://www.google.com https://mapgl.2gis.com https://top-fwz1.mail.ru https://st.top100.ru https://yastatic.net https://kraken.rambler.ru *.googleoptimize.com *.googletagmanager.com *.mail.ru *.rambler.ru *.cloudflareinsights.com *.googleapis.com *.gstatic.com https://cdn-ru.bitrix24.ru https://b24-glztdv.bitrix24.ru; 2
frame-ancestors 'self' https://www.hs-fresenius.de https://www.hs-fresenius.com 2
default-src 'none'; connect-src 'self'; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; media-src 'self'; frame-ancestors 'self'; font-src 'self' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self';frame-src 'self' https://*.sonicwall.com/ 2
default-src 'self'  https://*.learningcaregroup.com https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://pixel.sitescout.com https://cdn.linkedin.oribi.io ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.learningcaregroup.com https://media.winnie.com https://cdn.segment.com *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.licdn.com ;style-src 'self' 'unsafe-inline' https://*.learningcaregroup.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self'  http://* https://* data: ; 2
worker-src 'none'; 2
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; report-uri /csp-reports 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://discoverireland.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://*.googlesyndication.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://*.vimeo.com; img-src 'self' data: blob: https://*.cloudfront.net https://*.amazonaws.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://discoverireland.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://*.googlesyndication.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://*.vimeo.com; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 2
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' https://prd-cd-01-mdc-us-ce.wsf-e-loreal.com https://prd-cd-01-mdc-us-tc.wsf-e-loreal.com https://prd-cd-01-mdc-us-us.wsf-e-loreal.com https://prd-cd-mdc-us-ce.wsf-e-loreal.com https://prd-cd-mdc-us-tc.wsf-e-loreal.com https://prd-cd-mdc-us-us.wsf-e-loreal.com https://www.makeup.com https://www.skincare.com 2
default-src 'none'; manifest-src 'self'; script-src 'self' https://*.opportunity.de; style-src 'self' 'unsafe-inline' 'unsafe-inline'; img-src 'self' https://*.openstreetmap.org https://*.opportunity.de data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; frame-src 'self' https://*.opportunity.de; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-violation.php; 2
font-src 'self' https://*.googleapis.com/  https://*.gstatic.com/  *.bootstrapcdn.com *.fontawesome.com *.jsdelivr.net  ; 2
frame-ancestors *.muctr.ru 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.boxever.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 2
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 2
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com; object-src 2
default-src*; font-src*;img-src* data:; script-src*; style-src*; 2
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com *.zingtree.com 2
default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src https: data:; form-action https:; connect-src https: wss:; object-src 'none'; upgrade-insecure-requests 2
frame-ancestors 'self' https://app.vendr.com; 2
default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.opmnstr.com *.omappapi.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.ahfproducts.com *.dev.ahfproducts.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.addthis.com *.addthisedge.com *.moatads.com *.hs-scripts.com *.hsforms.net *.hsforms.com *.getcandid.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hscollectedforms.net *.hs-analytics.net content-getcandid.netdna-ssl.com googleads.g.doubleclick.net *.8x8.com widgets.pinterest.com *.roomvo.com *.bruce.com *.hartco.com *.robbins.com *.ahfcontract.com *.armstrongflooring.com *.usemessages.com sibforms.com widget.tagembed.com cdn.tagembed.com kit.fontawesome.com cdn.oribi.io vidassets.terminus.services snap.licdn.com pi.pardot.com; frame-src 'self'  *.youtube.com *.addthis.com *.getcandid.com *.facebook.com *.8x8.com *.roomvo.com *.hsforms.com *.google.com sibforms.com; object-src 'self' 2
default-src 'unsafe-inline'; connect-src *; font-src 'self' fonts.gstatic.com fonts.intercomcdn.com; frame-src *; img-src * data: ; script-src-elem 'self' 'unsafe-inline' *; script-src 'unsafe-eval' *; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com; worker-src 'self'; object-src 'none'; manifest-src 'self'; media-src 'self' https://www.datocms-assets.com; 2
connect-src 'self' consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com p.typekit.net region1.analytics.google.com analytics.google.com maxcdn.bootstrapcdn.com use.typekit.net cdn.linkedin.oribi.io translate.googleapis.com play.vidyard.com stats.g.doubleclick.net 573-jlc-716.mktoresp.com 677-qfu-507.mktoresp.com 677-qfu-507.mktoutil.com www.google-analytics.com region1.google-analytics.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.googletagmanager.com www.greatamericaninsurancegroup.com www.gstatic.com www.linkedin.com; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self'; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' consent-pref.trustarc.com td.doubleclick.net fast.wistia.net podcasters.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm app-ab02.marketo.com platform.twitter.com play.vidyard.com specialty.gaig.com www.google.com www.youtube.com www.surveymonkey.com www.google-analytics.com region1.google-analytics.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com app-ab02.marketo.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com specialty.gaig.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' consent.trustarc.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com widget.surveymonkey.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com app-ab02.marketo.com munchkin.marketo.net platform.twitter.com play.vidyard.com specialty.gaig.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com specialty.gaig.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.surveymonkey.com specialty.gaig.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net app-ab02.marketo.com www.googletagmanager.com use.typekit.net munchkin.marketo.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' specialty.gaig.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' app-ab02.marketo.com play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 2
frame-ancestors https://app.smartsheet.com http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com https://stateoflearning.curriculumassociates.com https://horizon.dev-web01.curriculumassociates.com https://horizon.stg.curriculumassociates.com https://horizon.prd.curriculumassociates.com https://horizon.curriculum-associates.local.dev/  'self'; 2
frame-ancestors 'self' www.dbresearch.com www.dbresearch.de *.zoom.us *.db.com *.db.com:* localhost:* localhost *research-db-a2.wsodqa.com; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
base-uri 'self';connect-src 'self' wss: *.oribi.com *.adnxs.com *.google.com *.bing.com *.visualwebsiteoptimizer.com *.metarouter.io *.6sc.co *.addthis.com *.clarity.ms *.doubleclick.net *.stackadapt.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.oribi.io *.popupsmart.com *.intercom.io *.sharethis.com;default-src 'self';font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com;frame-src 'self' *.twitter.com *.surveymonkey.com *.doubleclick.net *.learninga-z.com *.vimeo.com *.addthis.com *.facebook.com *.youtube.com *.google.com *.getreprise.com intercom-sheets.com;img-src 'self' data: *.adsymptotic.com *.trinity.one *.vimeocdn.com *.pinterest.com *.twitter.com *.6sc.co *.bing.com *.visualwebsiteoptimizer.com *.linkedin.com *.googleapis.com *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com www.foundationsa-z.com *.popupsmart.com downloads.intercomcdn.com static.intercomassets.com *.sharethis.com;media-src 'self' js.intercomcdn.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.popupsmart.com *.twitter.com *.pinterest.com *.surveymonkey.com *.googleapis.com *.bing.com *.metarouter.io *.facebook.net *.visualwebsiteoptimizer.com *.learninga-z.com *.vimeocdn.com *.doubleclick.net *.6sc.co *.addthis.com snap.licdn.com *.stackadapt.com *.addthisedge.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.moatads.com qvdt3feo.com widget.intercom.io js.intercomcdn.com *.sharethis.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.stackadapt.com *.popupsmart.com;worker-src blob:; 2
default-src 'self' *.instabot.io freetrial.experianaperture.io freetrial.staging.saas.edq.com *.coveo.com trial.staging.saas.qas.com trial.saas.qas.com ui.customsearch.ai 6sense.com optimize.google.com adnxs.com adobe.com *.adobedtm.com www.adsymptotic.com *.akamaihd.net b.6sc.co *.boltdns.net manifest.prod.boltdns.net *.experian.com *.brightcove.com *.brightcove.net www.crwdcntrl.net *.demdex.net *.doubleclick.net *.eloqua.com img.en25.com www.everesttech.net www.facebook.com connect.facebook.net www.google.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io ipv6.6sc.co www.jsdelivr.net www.lfeeder.com *.licdn.com *.linkedin.com www.livechat-files.com *.livechatinc.com www.ma-attr.com www.ml-api.io *.omtrdc.net *.taboola.com *.zencdn.net *.zoominfo.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src https:; connect-src https:; frame-ancestors 'self' https://stellartechnologysolutions.sharepoint.com https://qa-sts.stellartechsol.com; block-all-mixed-content 2
frame-ancestors 'self' https://student-stg.elsanow.co https://student.elsaspeak.com 2
default-src'none';script-src'self''unsafe-inline''unsafe-eval';style-src'self''unsafe-inline';img-src'self';font-src'self';connect-src'self';form-action'self''unsafe-inline' 2
frame-ancestors *.austinisd.org; 2
default-src 'none'; object-src 'none'; script-src 'self' https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.chargebeestatic.com; img-src 'self' data: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com https://*.openproject.org https://openproject.org; media-src 'self' data: https://*.openproject.org https://openproject.org https://openproject-docs.s3.eu-central-1.amazonaws.com; frame-src 'self' https://js.chargebee.com https://www.youtube-nocookie.com https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud https://opf.github.io https://enterprise-quote-form-prod.s3-eu-west-1.amazonaws.com https://enterprise-quote-form-edge.s3-eu-west-1.amazonaws.com; font-src 'self'; connect-src 'self' https://api.github.com/repos/opf/openproject https://*.openproject.com https://*.openproject.org https://openproject.matomo.cloud 2
frame-ancestors 'self';manifest-src 'self'; 2
frame-ancestors 'self' https://support.turbovpn.com https://admin.turbovpn.com 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com analytics.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://www.upm.com t.lianacem.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; frame-src 'none'; frame-ancestors 'none'; script-src 'self' https://lugeja.e-tervis.ee; style-src 'self' 'unsafe-inline'; img-src 'self' https://lugeja.e-tervis.ee data:; connect-src 'self' https://lugeja.e-tervis.ee; 2
frame-ancestors 'self' https://dvag.testfc.dlstages01.dvag.de https://dvag.devfc.dlstages01.dvag.de  https://static.testfc.dlstages01.dvag.de  https://static.devfc.dlstages01.dvag.de  https://berater.finanzanalyse.dvag https://uat.berater.finanzanalyse.dvag https://staging.berater.deutschefin.tech https://dev.berater.deutschefin.tech https://vpd.finanzanalyse.dvag https://uat.vpd.finanzanalyse.dvag https://dev.vpd.deutschefin.tech https://d01.vpd.deutschefin.tech https://d02.vpd.deutschefin.tech https://d03.vpd.deutschefin.tech https://d04.vpd.deutschefin.tech https://d05.vpd.deutschefin.tech https://d06.vpd.deutschefin.tech https://d07.vpd.deutschefin.tech https://d08.vpd.deutschefin.tech https://d09.vpd.deutschefin.tech https://d10.vpd.deutschefin.tech https://d11.vpd.deutschefin.tech https://d12.vpd.deutschefin.tech https://d13.vpd.deutschefin.tech https://d14.vpd.deutschefin.tech https://d15.vpd.deutschefin.tech https://www.finanzanalyse.dvag https://uat.finanzanalyse.dvag https://dev.deutschefin.tech 2
frame-ancestors http://webvisor.com/ http://testweb.ibar.az/ https://www.googleapis.com/ http://localhost/ https://ibar.az/ https://abb-bank.az/ https://iba-telegram.ibar.az/ https://facebook.com/ https://www.facebook.com/ https://www.developers.facebook.com/ https://ibahackathon.com/ http://10.129.24.26/   2
default-src https: data:; img-src https: data:; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors https://www.thefabulous.co https://*.thefabulous.co 2
default-src 'unsafe-inline' 'self' https://*.clearygottlieb.com https://*.truste.com https://*.nr-data.net https://*.siteimproveanalytics.io https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.doubleclick.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clearygottlieb.com https://*.jquery.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.nr-data.net; style-src 'unsafe-inline' 'self' https://*.clearygottlieb.com; img-src 'self' https://*.clearygottlieb.com https://*.google.com https://*.truste.com https://*.siteimproveanalytics.io https://*.google-analytics.com https://*.trustarc.com data:; media-src https://*.clearygottlieb.com https://*.vimeo.com https://*.akamaized.net data:; child-src https://*.clearygottlieb.com https://*.vimeo.com; frame-src https://*.clearygottlieb.com https://*.trustarc.com https://*.vimeo.com; upgrade-insecure-requests; block-all-mixed-content; 2
default-src https: data: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; connect-src https: ws: 'self'; frame-ancestors 'self' 2
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2
upgrade-insecure-requests;                                                                        default-src 'none';                                                                                            base-uri 'self';                                                                                           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com;                   img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr  https://img.youtube.com data:;                   media-src 'self';                                                                          frame-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   frame-ancestors 'self';                                                                            font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr;                   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/;                   form-action 'self' ;                   connect-src  'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://wxs.ign.fr/calcul/ols/apis/ https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/;                   manifest-src 'self';                   child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   object-src 'self';              report-uri /_csp; 2
frame-ancestors 'self' https://integrityline-preview.3q5.de www.integrityline-preview.3q5.de; 2
default-src 'self';style-src 'self' 'unsafe-inline' *.webflow.com assets-global.website-files.com *.googleapis.com *.weglot.com *.audiense.com *.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouseflow.com *.hubspot.com *.webflow.com assets-global.website-files.com *.google.com *.googletagmanager.com *.googleapis.com *.partnerstack.com *.mxpnl.com *.weglot.com d3e54v103j8qbb.cloudfront.net *.hs-scripts.com *.profitwell.com snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net js.hsadspixel.net js.hs-banner.com *.hs-analytics.net js.hsleadflows.net js.usemessages.com www.datadoghq-browser-agent.com *.facebook.net *.calconic.com *.hsappstatic.net *.hsforms.net *.audiense.com *.hotjar.com *.g2crowd.com;img-src 'self' *.mouseflow.com data: *.webflow.com *.hsforms.com *.linkedin.com assets-global.website-files.com *.googletagmanager.com *.hubspot.com *.google-analytics.com *.google.com *.google.es *.facebook.com *.hsforms.com *.audiense.com *.hotjar.com d3e54v103j8qbb.cloudfront.net;connect-src 'self' *.mouseflow.com *.hubspot.com *.google-analytics.com *.google.com pagead2.googlesyndication.com assets-global.website-files.com *.cdn-api-weglot.com partnerlinks.io *.weglot.com *.webflow.com *.hubapi.com *.hubspot.com stats.g.doubleclick.net rum.browser-intake-datadoghq.com app.calconic.com *.facebook.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com cdn.linkedin.oribi.io statistics-dot-calconic-app.appspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.linkedin.com https://cdn-api-weglot.com https://http-intake.logs.datadoghq.com *.google.es;font-src 'self' *.mouseflow.com data: *.gstatic.com *.hotjar.com;frame-src 'self' *.mouseflow.com td.doubleclick.net app.calconic.com *.hubspot.com https://www.g2.com/ cdn.embedly.com *.hotjar.com;media-src 'self' *.audiense.com;child-src 'self' *.mouseflow.com; 2
frame-ancestors 'self' *.virginmedia.ie  *.upc.biz; 2
default-src 'self' cms.ubank.com.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.appsflyer.com *.jst.ai; font-src 'self' *.86400.com.au *.wpengine.com status.ubank.com.au fonts.gstatic.com; script-src 'self' pippio.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/ www.googleadservices.com/pagead/ *.widgetworks.com.au *.jobadder.com www.googletagmanager.com www.google-analytics.com analytics.google.com js.adsrvr.org connect.facebook.net *.appsflyer.com *.jst.ai https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com *.bing.com tags.tiqcdn.com *.tealiumiq.com *.glassboxdigital.io *.gbqofs.com *.gbqofs.io 'unsafe-inline'; frame-src 'self' *.jst.ai *.jobadder.com *.widgetworks.com.au keyfactssheet.infochoice.com.au www.google.com recaptcha.google.com insight.adsrvr.org match.adsrvr.org *.flashtalking.com; img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com; connect-src 'self' collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com; object-src 'none'; 2
frame-ancestors 'self'  https://*.house.gov; form-action 'self' https://*.house.gov https://congress.gov https://www.congress.gov https://www.google.com https://vekeo.com https://republicanwhip.us21.list-manage.com;  font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://maps.google.com https://cse.google.com https://ajax.googleapis.com https://maps.googleapis.com https://video.teleforumonline.com https://platform.twitter.com https://widgets.twimg.com https://cdn.syndication.twimg.com https://static.sk.facebook.com https://connect.facebook.net https://www.instagram.com/embed.js https://js.arcgis.com https://video.foxbusiness.com https://rumble.com https://code.jquery.com https://platform-api.sharethis.com https://ws.sharethis.com https://s7.addthis.com https://s3.amazonaws.com;  object-src 'none';; upgrade-insecure-requests 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * javascript: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2
frame-ancestors 'self' http://*.olympus-ims.com http://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com pi.pardot.com *.cassiecloud.com *.wistia.com static.ada.support js.zi-scripts.com script.hotjar.com https://static.hotjar.com/ *.chilipiper.com *.forchili.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com https://www.google.com/recaptcha/api.js *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com https://secure.geobytes.com/;style-src 'self' 'unsafe-inline' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com fonts.googleapis.com *.cassiecloud.com www.googletagmanager.com;object-src 'none';base-uri 'self';connect-src 'self' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com *.cassiecloud.com ipapi.co js.zi-scripts.com *.chilipiper.com *.forchili.com *.ada.support ws.zoominfo.com *.wistia.com https://*.litix.io analytics.google.com *.analytics.google.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net;font-src 'self' data: *.livingstonintl.com *.livingston.com *.gstatic.com *.wistia.com;frame-src 'self' *.livingstonintl.com *.livingston.com *.ada.support td.doubleclick.net https://www.google.com/ https://www.youtube.com *.chilipiper.com *.forchili.com;img-src 'self' data: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com cscript-cdn-use.cassiecloud.com *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com *.gstatic.com *.googleapis.com secure.gravatar.com *.chilipiper.com;manifest-src 'self';media-src 'self' blob: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com;worker-src 'none'; 2
frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2
frame-ancestors 'self' statistiques-opus-prod.chambres-agriculture.fr 2
default-src 'self' data: blob: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.octopus-cards.com *.oepay.octopus-cards.com *.comm.octopus.com.hk *.youtube.com *.google.com *.google.com.hk *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com ade.googlesyndication.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net www.facebook.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; 2
default-src *; style-src 'self' https://p.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com  https://www.googleadservices.com  https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://tag.simpli.fi https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org https://maps.googleapis.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; upgrade-insecure-requests; object-src 'none'; form-action 'self'; img-src * data:; 2
frame-ancestors: 'none' 2
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com public.tableau.com nonce-hEoHQqKBwLW0hOWZj-wzog; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://cse.google.com https://polyfill.io https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
default-src https: wss: ; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' * 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://webmessaging.usw2.pure.cloud/v1 wss://cobrowse-v2.usw2.pure.cloud; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com http://flex.msn.com http://www.googleadservices.com https://seal.digicert.com https://seal.verisign.com https://www.google.com https://www.googleadservices.com https://app-ab16.marketo.com https://www.gstatic.com https://www.googletagmanager.com https://s.go-mpulse.net https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' http://localhost:9002 https://magtek.acipayonline.com:9002 *.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.officialpayments.com https://www.google.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://privacy-policy.truste.com https://seal.digicert.com *.google-analytics.com https://app-ab16.marketo.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://app-ab16.marketo.com; style-src 'self' 'unsafe-inline' https://app-ab16.marketo.com; object-src 'self' *.google-analytics.com; report-uri https://acipayonline.com/CSPFailuresHandler; frame-ancestors 'self' https://sa.peralta.edu 2
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src  https://*.albert.cz https://d1ammsvb8n71kb.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.albert.cz https://*.svc.albert.cz https://d1ammsvb8n71kb.cloudfront.net; 2
manifest-src 'self'  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: ws: *.bankofamerica.com *.ml.com institute1.bofa.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net brightcove04pmdo-a.akamaihd.net hlsak-a.akamaihd.net hslsslak-a.akamaihd.net www.ustrust.ml.bac-assets.com www1.bac-assets.com c.betrad.com cf-images.us-east-1.prod.boltdns.net manifest.prod.boltdns.net edge.api.brightcove.com metrics.brightcove.com sadmin.brightcove.com secure.brightcove.com players.brightcove.net api.company-target.com cdn.cookielaw.org data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com dpm.demdex.net 1359940.fls.doubleclick.net www.glance.net storage.glancecdn.net www.glancecdn.net www.myglance.net cobrowse-location.glance.net s1056.glance.net www-bofa.myglance.net cdn-bofa.myglance.net googleads.g.doubleclick.net stats.g.doubleclick.net c.evidon.com dgcollector.evidon.com l.evidon.com www.facebook.com adservice.google.com cct.google.com www.google.com www.googleadservices.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com dc.ads.linkedin.com etui.fs.ml.com rg.ml.com bankofamerica.tt.omtrdc.net cdn.tt.omtrdc.net mboxedge34.tt.omtrdc.net akamai.tiqcdn.com tags.tiqcdn.com analytics.twitter.com vjs.zencdn.net cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com geolocation.onetrust.com *.glance.net assets.adobedtm.com;font-src 'self' http: https: vjs.zencdn.net data:; 2
frame-ancestors *; upgrade-insecure-requests 2
default-src 'self';img-src 'self' https://* data: ;style-src 'self' https://* 'unsafe-inline' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com www.amcharts.com www.googletagmanager.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com pro.fontawesome.com data:; connect-src 'self' *.englishforward.com fonts.gstatic.com pro.fontawesome.com *.googleapis.com www.googletagmanager.com  2
frame-ancestors 'self' cooper.fastcommand.com cooperhealth.org cooperhealth.edu *.cooperhealth.org *.cooperhealth.edu 2
frame-ancestors 'self' *.martech.zone 2
base-uri 'self'; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net arriva-api.test.perplex.eu webapi-arrivanl.acc.perplex.eu arriva-api.prod.perplex.eu webapi.arriva.nl wss://cxcomlive-webconvwa-weu.azurewebsites.net www.clarity.ms *.clarity.ms https://c.bing.com google-analytics.com https://*.google-analytics.com https://*.doubleclick.net; default-src 'self'; font-src 'self' data: https://aurora.cmtelecom.com https://fonts.gstatic.com https://www.cm.com; form-action 'self' *.buckaroo.nl; frame-ancestors 'self'; frame-src 'self' data: *.youtube.com *.vimeo.com *.google.com; img-src 'self' data: *.arriva.nl *.google-analytics.com i.vimeocdn.com www.google.com www.google.nl *.windows.net alert-web-info.arriva.nl alert-web-info-acc.arriva.nl www.facebook.com *.cm.com www.clarity.ms *.clarity.ms https://c.bing.com https://*.ytimg.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.facebook.net www.clarity.ms *.clarity.ms https://c.bing.com *.elitechnology.com https://*.digitalcx.com https://*.scribit.pro; style-src 'self' 'unsafe-inline' fonts.googleapis.com 2
default-src 'self'; media-src 'self' newsonair.gov.in newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' https://m.addthis.com https://s7.addthis.com air.pc.cdn.bitgravity.com *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com ssl.p.jwpcdn.com www.gstatic.com api-public.addthis.com https://api-public-oci-origin.addthis.com https://m.addthis.com https://q.addthis.com https://s7.addthis.com https://www.addthis.com https://v1.addthisedge.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com *.youtube.com *.https://s7.addthis.com *.google.com s.ytimg.com; img-src * data: *; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.s7.addthis.com *.youtube.com *.facebook.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com stackpath.bootstrapcdn.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com 2
frame-ancestors 'self' localhost:* aaalifefield--full.sandbox.my.salesforce.com aaalife--agentone.vf.force.com aaalifeinsurance--agentone.vf.force.com *.salesforce.com *.lightning.force.com *.google-analytics.com *.analytics.google.com *.aaalife.com app.optimizely.com *.onelogin.com *.aaalifedesk.com *.ipipeline.com  aaalife.my.salesforce.com aaalifeinsurance.lightning.force.com *.visual.force.com; report-uri https://wwwaaalife.report-uri.com/r/t/csp/enforce 2
frame-ancestors meet.virtualstore.jp 2
frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2
base-uri 'self';	default-src 'self';	connect-src 'self' https://reseau.coraxis.fr/ https://faq.coraxis.fr/ https://whois.coraxis.fr/;	style-src 'unsafe-inline' 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com; font-src 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://fonts.gstatic.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.transform.coraxis.fr https://www.gstatic.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://ajax.googleapis.com; 	img-src 'self' https://media.transform.coraxis.fr https://js.transform.coraxis.fr https://css.transform.coraxis.fr https://maps.googleapis.com https://maps.gstatic.com data:;  child-src 'self' https://www.youtube.com https://www.google.com/recaptcha/;	media-src 'self';	form-action 'self'   https://faq.coraxis.fr/ https://admin.coraxis.fr;	frame-ancestors 'self'; 2
frame-ancestors https://resources.accusoft.com https://staging.accusoft.usdphosting.com 'self' 2
default-src * blob: data:; frame-ancestors 'self'; img-src * data: maps.googleapis.com maps.gstatic.com i.ytimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.analytics.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net maps.googleapis.com *.usercentrics.eu *.cookiebot.com myaskai.com cdn.amplitude.com sentry.io; font-src 'self' data: fonts.gstatic.com myaskai.com; connect-src 'self' maps.googleapis.com www.youtube.com s.ytimg.com *.analytics.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net *.usercentrics.eu *.cookiebot.com stats.g.doubleclick.net noembed.com myaskai.com; frame-src 'self' *.usercentrics.eu *.cookiebot.com gematik.capita-europe.com ti-lage.prod.ccs.gematik.solutions ti-lage-editor.prod.ccs.gematik.solutions login.microsoftonline.com www.youtube-nocookie.com www.youtube.com www.facebook.com *.emailsys1a.net *.int.gematik.de myaskai.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss://* https://*; 2
img-src 'self' data: *.hypernode.com *.hypernode.nl *.hubspot.com *.linkedin.com *.licdn.com p.adsymptotic.com *.google-analytics.com *.google.com www.google.com.bd www.google.pl www.google.nl www.google.de www.google.co.uk www.google.co.in www.google.ae www.google.fr www.google.ge www.google.co.tz www.google.pk www.google.be www.google.ro www.google.com.ua www.google.by www.google.it www.google.dk www.google.hu www.gstatic.com *.gravatar.com www.googletagmanager.com t.co cdn2.hubspot.net *.hubspotusercontent-na1.net *.hsforms.com www.facebook.com https://collector.leadinfo.net https://cdn.leadinfo.net https://i.ytimg.com motu.teamblue.services *.srv.isy-teamblue.services *.twitter.com https://*.hotjar.com;; script-src-elem 'unsafe-inline' 'self' data: *.hubspot.com js.hs-analytics.net js.hs-banner.com *.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com cdn.leadinfo.net motu.teamblue.services *.srv.isy-teamblue.services fast.wistia.com https://*.hotjar.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com *.hypernode.com https://*.hotjar.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com www.youtube.com cdn.leadinfo.net snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com motu.teamblue.services *.srv.isy-teamblue.services https://platform.linkedin.com https://*.hotjar.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com https://cdn.leadinfo.net;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src *.oribi.io *.google.com *.hubspot.com api.hubapi.com www.facebook.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com stats.g.doubleclick.net *.google-analytics.com 'self' www.google.co.in www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be *.cdn77.org code.jquery.com *.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com *.hypernode.io *.make.com https://api.leadinfo.com https://collector.leadinfo.net *.teamblue.services *.gcp.cloud.es.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl cdn.megabonus.com use.typekit.net *.hypernode.nl *.hypernode.com https://cdn.leadinfo.net https://*.hotjar.com;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com www.facebook.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com recaptcha.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com www.facebook.com td.doubleclick.net www.googletagmanager.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com 'self' yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 2
frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th smart.amway.co.th admin.smart.amway.co.th bodykeychallenge.amway.co.th amway-th.ada.support bodykeymentor.amway.co.th creatorschallenge.amway.co.th challenge.amway.co.th 2
font-src *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com data: 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com static.ecorebates.com hayward.ecorebates.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://hayward-pool-assets.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src www.haywardnet.com/ https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:; 2
frame-ancestors 'self'; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.gls.de; img-src 'self' *.gls.de data: https://i.vimeocdn.com https://cartodb-basemaps-a.global.ssl.fastly.net https://cartodb-basemaps-b.global.ssl.fastly.net https://cartodb-basemaps-c.global.ssl.fastly.net; font-src 'self'; connect-src 'self' *.gls.de; object-src 'self'; base-uri 'none'; frame-src 'self' *.glsbank.de *.gls.de *.gls-bank.de https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://vr-international.vr-bankenportal.de; form-action 'self'; 2
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com wss://*.hotjar.com *.hotjar.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.platypusshoes.com.au/ *.adobetm.com *.afterpay.com *.cloudfront.net *.demdex.net *.forter.com *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.contentsquare.net *.useinsider.com *.roymorgan.com sha256-QbiTetPBJzD3st2q/dMWhIYIp6nbp7aPVEnq1vNaaDw=; style-src 'self' https: 'unsafe-inline' https://www.platypusshoes.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.useinsider.com developers.google.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.criteo.com *.demdex.net *.forter.com *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com bcp.crwdcntrl.net facebook.com *.contentsquare.net *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com wss://cdn0.forter.com api.useinsider.com api.myunidays.com wss://*.hotjar.com *.hotjar.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com *.useinsider.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com wss://*.hotjar.com *.hotjar.com; worker-src 'self' blob:; 2
Content-Security-Policy-Report-Only 2
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://*;connect-src 'self' https://*;img-src 'self' data: blob: https://*;frame-ancestors 'self' https://*.i-goddard.com;frame-src 'self' https://*;font-src 'self' data: https://fonts.gstatic.com;worker-src blob:;child-src blob: 2
frame-ancestors 'self' http://localhost:3000 http://localhost:8081 https://*.local.com https://*.letsroam.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 2
default-src 'self' data:; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.youtube.com https://statistik.kug.ac.at; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistik.kug.ac.at data:; img-src 'self' https://img.youtube.com https://tiles.wmflabs.org https://c.tile.openstreetmap.org; form-action 'self' https://search-kug.obvsg.at; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://services.phaidra.kug.ac.at; media-src 'self'; child-src 'self' blob: https://player.vimeo.com https://www.youtube.com 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src	'self' 'unsafe-inline' *; img-src 'self' data: *;font-src 'self' data: *; report-uri https://ee33uafj.uriports.com/reports/enforce; report-to default 2
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://wds.ace.teliacompany.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wds.ace.teliacompany.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.googleadservices.com https://connect.facebook.net https://extend.vimeocdn.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://geolocation.onetrust.com https://noembed.com https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://platform.instagram.com https://www.instagram.com https://static.ads-twitter.com https://webanalytics.digiaiiris.com https://analytics.twitter.com https://analytics.twitter.com/i/adsct https://static.hotjar.com https://script.hotjar.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hubspot.com https://*.hubspot.net https://play.hubspotvideo.com https://hubspotfeedback.com https://*.hubapi.com https://*.usemessages.com https://static.hsappstatic.net https://*.hs-sites.com https://no-cache.hubspot.com https://js.hscta.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hs-sites-eu1.com/; font-src 'self' 'unsafe-inline' * https://wds.ace.teliacompany.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' * data:; connect-src 'self' 'unsafe-inline' * https://wds.ace.teliacompany.com; frame-src 'self' 'unsafe-inline' https://wds.ace.teliacompany.com https://player.vimeo.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.youtube-nocookie.com/ https://www.youtube.com https://www.instagram.com https://vars.hotjar.com https://td.doubleclick.net/ https://*.hubspot.com https://*.hubspot.net https://*.hs-sites.com https://play.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://*.hs-sites-eu1.com/ 2
frame-ancestors trendsales.dk *.trendsales.dk ts.dk *.ts.dk trendsale.dk *.trendsale.dk tradono.dk tradono.com *.tradono.com 2
child-src 'self' https://*.hotjar.com https://www.rightworks.com; connect-src 'self' https://*.abtasty.com https://*.clarity.ms https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.mktoresp.com https://*.olark.com https://*.parsely.com https://*.sitesearch360.com https://*.wistia.com https://*.youtube.com https://c.6sc.co https://cdn.linkedin.oribi.io https://designer-api.hu-manity.co https://grsm.io https://happyfoxchat.com https://ipv6.6sc.co https://js.callrail.com https://maps.googleapis.com https://o132438.ingest.sentry.io https://pagead2.googlesyndication.com https://partnerlinks.io https://scout.salesloft.com https://secure.adnxs.com https://tagmanager.google.com https://transactional-api.hu-manity.co https://www.googletagmanager.com https://www.rightworks.com wss://*.hotjar.com; default-src 'self' https://rightworks.com https://www.rightworks.com; font-src 'self' data: https://*.gstatic.com https://*.sfdcstatic.com https://*.wp.com https://common-fonts.abtasty.com https://fonts.googleapis.com https://fonts.gstatic.com https://static.olark.com https://www.rightworks.com; frame-ancestors 'self' https://*.smartvault.com https://www.rightworks.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.rightnetworks.com https://*.sitescout.com https://*.smartvault.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://d1l7z5ofrj6ab8.cloudfront.net https://js.driftt.com https://open.spotify.com https://qa-assistant.abtasty.com/ https://s-static.ak.facebook.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://widget.drift.com https://widget.happyfoxchat.com https://widgets.wp.com https://www.g2.com https://www.rightworks.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.linkedin.com https://*.parsely.com https://*.sitesearch360.com https://*.vimeocdn.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://alb.reddit.com https://analytics.twitter.com https://attr.ml-api.io https://b.6sc.co https://bat.bing.com https://c.clarity.ms https://editor-assets.abtasty.com https://googleads.g.doubleclick.net https://img.youtube.com https://info.rightnetworks.com https://info.rightworks.com https://log.olark.com https://maps.googleapis.com https://pixel.wp.com https://s.ml-attr.com https://s.w.org https://secure.adnxs.com https://storage.pardot.com https://t.co https://teddytor.abtasty.com https://tr.outbrain.com/ https://www.googletagmanager.com https://www.rightworks.com; media-src 'self' blob: data: file: https://*.wistia.com/ https://js.driftt.com https://static.olark.com https://www.rightworks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adroll.com https://*.ads-twitter.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.olark.com https://*.pardot.com https://*.parsely.com https://*.redditstatic.com https://*.rightnetworks.com https://*.rightworks.com https://*.salesforceliveagent.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://*.wp.com https://amplify.outbrain.com/cp/obtp.js https://bat.bing.com https://cdn.callrail.com https://cdn.hu-manity.co https://cdn.sitesearch360.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d1l7z5ofrj6ab8.cloudfront.net https://extend.vimeocdn.com https://j.6sc.co https://js.callrail.com https://js.driftt.com https://lex.33across.com https://qa-assistant.abtasty.com/bundle.js https://s3.amazonaws.com https://scout-cdn.salesloft.com https://service.force.com https://snap.licdn.com https://snippet.growsumo.com https://tagmanager.google.com https://teddytor.abtasty.com https://tr.outbrain.com/ https://transactionpro.us20.list-manage.com https://try.abtasty.com https://widget.drift.com https://widget.happyfoxchat.com https://wistia.com https://www.clarity.ms https://www.googleadservices.com https://www.googletagmanager.com https://www.rightworks.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://*.wp.com https://cdnjs.cloudflare.com https://code.jquery.com https://common-fonts.abtasty.com https://service.force.com https://static.olark.com https://tagmanager.google.com https://teddytor.abtasty.com https://www.rightworks.com; worker-src 'self' blob: data: file: filesystem: https://www.rightworks.com unsafe-eval unsafe-inline 2
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.com https://refinemirror.com https://*.affirm.com https://mirror.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self'  https://*.affirm.com https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.com https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://static.cloudflareinsights.com https://maxcdn.bootstrapcdn.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://blog.geaerospace.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://reactjs.org https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.ge.com https://www.gepowerconversion.com https://view.ceros.com https://pdfjs-express.s3-us-west-2.amazonaws.com https://c.evidon.com https://www.googletagmanager.com https://ge.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://stats.g.doubleclick.net https://optoutapi.evidon.com https://l3.evidon.com https://graph.instagram.com https://js-agent.newrelic.com *.nr-data.net https://fssfedpitc.ge.com https://cdn.taboola.com https://secure.adnxs.com https://pubads.g.doubleclick.net https://ad.doubleclick.net https://trc.taboola.com https://trc-events.taboola.com https://ajax.cloudflare.com https://cds.taboola.com https://pips.taboola.com https://tags.crwdcntrl.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://bcp.crwdcntrl.net/6/map *.google-analytics.com *.analytics.google.com https://cdn.nmgassets.com https://tsdtocl.com https://www.googleadservices.com https://acsbapp.com https://cdn.acsbapp.com https://l.evidon.com https://bid.g.doubleclick.net https://fonts.googleapis.com https://captcha.gecirtnotification.com *.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://analytics.google.com; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 2
frame-ancestors 'self' *.vietgiaitri.com 2
frame-ancestors 'self' panther.com *.panther.com app.folloze.com; 2
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://signrequest.com https://cdn.signrequest.com https://signrequest-static.s3.amazonaws.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.stripe.com https://*.zapier.com https://zapier.com https://www.dropbox.com https://*.cookiebot.com https://ct.capterra.com https://connect.facebook.net https://static.zdassets.com https://62vqqh6qv58h.statuspage.io https://snap.licdn.com https://survey.survicate.com https://surveys-static.survicate.com https://trackcmp.net https://diffuser-cdn.app-us1.com https://prism.app-us1.com ; style-src 'self' 'unsafe-inline' https://signrequest-static.s3.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://zapier.com https://*.webflow.com ; img-src * data:; font-src 'self' data: https://signrequest-static.s3.amazonaws.com https://assets.website-files.com https://assets-global.website-files.com https://*.website-files.com https://*.webflow.com https://fonts.gstatic.com; report-uri https://sentry.sr-staging-1.com/api/2/security/?sentry_key=a6f9acd3a2264908b8efd53f59f51fe3 2
object-src 'none'; upgrade-insecure-requests 2
worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors https://docs.singlestore.com https://staging.docs.singlestore.com https://app.contentstack.com; 2
frame-ancestors 'self' esrgear.com esrgear.jp  esrgear.fr esrgear.de esrgear.es esrgear.it *.esrgear.com  *.esrgear.jp *.esrgear.de *.esrgear.fr *.esrgear.es *.esrgear.it 2
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: connect-src: wss://chat.sbservers.cz wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io img-src: https://chat.supportbox.cz script-src: 'unsafe-inline' https://chat.supportbox.cz style-src: https://chat.supportbox.cz blob: 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.onenorth.com https://goodwinlaw102u0.admin.oniqa.com *.oniqa.com *.onistaged.com public.flourish.studio *.amazonaws.com public.flourish.studio flo.uri.sh *.googletagmanager.com *.google-analytics.com *.google.com *.ceros.com clarity.ms *.clarity.ms *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.simplecast.com *.cookielaw.org *.typekit.net cdnjs.cloudflare.com us1.siteimprove.com cdnjs.cloudflare.com *.brightcove.net siteimproveanalytics.com cdn.yoshki.com 61282325.global.siteimproveanalytics.io w.soundcloud.com goodwin.photoshelter.com photoshelter.com player.vimeo.com cdn.cookielaw.org geolocation.onetrust.com drive.google.com code.jquery.com yoshki.com *.adnxs.com *.6sc.co *.hotjar.com *.hotjar.io *.cvent.com wss://*.hotjar.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com *.parsely.com ; img-src * data:; font-src 'self' data: *.typekit.net; 2
default-src 'none';               script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com apps.elfsight.com static.elfsight.com;               img-src * 'self' data: btckstaging.blob.core.windows.net btckstorage.blob.core.windows.net;               style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com www.gstatic.com;               connect-src 'self' www.google-analytics.com apps.elfsight.com;               font-src 'self' fonts.gstatic.com;               frame-src *;               frame-ancestors 'self' http://www.denbowlingclub.co.uk http://denbowlingclub.co.uk http://www.aftereightsocialclub.co.uk/ http://aftereightsocialclub.co.uk/ http://www.garstangfairtrade.org.uk/ http://garstangfairtrade.org.uk/ http://www.merlinbraewaterski.co.uk/ http://merlinbraewaterski.co.uk/ http://dmsa.org.uk http://www.dmsa.org.uk http://www.busheyandoxhey-methodist.org.uk http://www.samcbh.org.uk http://www.cpsomc.org.uk http://stockportwalkingoutdoor.org.uk http://www.stockportwalkingoutdoor.org.uk http://www.garstangmillenniumgreen.org.uk; 2
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2
worker-src * data: https://tiflux.com/ blob:; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://crm.tiflux.com/ https://tiflux.com/ https://d335luupugsy2.cloudfront.net/ https://cdn.ampproject.org/ https://www.googleadservices.com https://www.google.com https://snap.licdn.com https://d335luupugsy2.cloudfront.net/ https://*.clarity.ms https://cdnjs.cloudflare.com https://cdn.bitrix24.com.br https://connect.facebook.net https://i.clarity.ms https://px.ads.linkedin.com https://secure.gravatar.com https://snap.lidcdn.com https://tiflux.bitrix24.com.br https://www.clarity.ms https://www.clickcease.com https://www.facebook.com https://www.google-analytics.com https://google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://crm.tiflux.com/ https://cdnjs.cloudflare.com/ https://fonts.bitrix24.com.br https://fonts.googleapis.com https://tiflux.bitrix24.com.br; font-src 'self' data: https://fonts.bitrix24.com.br https://fonts.gstatic.com ; img-src 'self' data: https://cdn.bitrix24.com.br/ https://tiflux.bitrix24.com.br/ https://www.googletagmanager.com/ https://c.bing.com/ https://c.clarity.ms/ https://d335luupugsy2.cloudfront.net/ https://stats.g.doubleclick.net/ https://wp.stories.google https://storage.googleapis.com https://*.ads.linkedin.com https://secure.gravatar.com https://ct.capterra.com https://p.adsymptotic.com https://www.google.com https://www.google.com.br https://dcnt5qvi2hv76.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.google-analytics.com; 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://estate.myccv.eu/ 2
frame-ancestors 'self' https://egypt-now.net https://alarabnow.net https://saudi-now.com; 2
frame-ancestors 'self'; frame-src *; 2
object-src; worker-src 'self' blob: *.cyres.fr ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.cyres.fr *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.youtube.com cdn-cookieyes.com code.createjs.com; frame-src 'self' *.youtube.com *.google.com;font-src 'self' https://www.cyres.fr https://cyres.fr https://fonts.gstatic.com data:; 2
manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, report-uri https://sentry.diemayrei.de/api/9/security/?sentry_key=ee7352f1fa3f42b59178fe6bcb4855f7;, frame-ancestors 'self'; 2
default-src 'self';  connect-src 'self' https://*.g.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/;  frame-src 'self' https://securepubads.g.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/;  media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://securepubads.g.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/;  style-src 'self' 'unsafe-inline';  img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/;  font-src 'self';  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 2
connect-src 'self' core.tuerchen.com tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de; default-src 'self'; font-src 'self' data:  *.novomind.com font.gstatic.com; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur-video.de *.hanse-merkur.de *.ad-srv.net *.mein-hmrv.de; img-src 'self' data: tuerchen.app core.tuerchen.com *.hmrv.de *.hansemerkur.de tile.geofabrik.de *.etracker.de *.etracker.com *.gstatic.com *.google-analytics.com *.novomind.com *.bing.com *.doubleclick.net *.usercentrics.eu *.google.com *.google.de *.trbo.com ekomi-ui.s3.amazonaws.com www.facebook.com *.quantcount.com *.quantserve.com lantern.roeye.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.tradedoubler.com *.googletagmanager.com; media-src 'self' *.hansemerkur-video.de *.youtube.com; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' tuerchen.app www.happymo.re *.etracker.de *.etracker.com *.googletagmanager.com www.dwin1.com *.usercentrics.eu *.novomind.com *.bing.com *.google.com *.google-analytics.com *.kasko.io *.kaskojs.com *.ekomiapps.de *.doubleclick.net *.googleadservices.com *.trbo.com connect.facebook.net *.hanse-merkur.de *.quantserve.com *.quantcount.com lantern.roeyecdn.com *.signalize.com *.tradedoubler.com; style-src 'self'  'unsafe-inline' tuerchen.app www.etracker.de fonts.googleapis.com tagmanager.google.com *.googletagmanager.com *.novomind.com *.ekomiapps.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: blob:; img-src 'self' https: data:; frame-ancestors 'self' 2
frame-ancestors 'self' *.myworkdayjobs.com *.hbm.com; upgrade-insecure-requests; script-src hbkworld.com *.hbkworld.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.google.com *.google-analytics.com *.crazyegg.com *.licdn.com static.cloudflareinsights.com *.cookieinformation.com *.ipify.org *.zoominfo.com *.matomo.cloud  *.piwik.pro *.wistia.com *.rlcdn.com *.doubleclick.net *.adsymptotic.com *.facebook.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net *.doubleclick.net *.google.com *.linkedin.com *.cloudfront.net *.clickagy.com dqm.crownpeak.com *.myworkdayjobs.com *.force.com *.gstatic.com *.clarity.ms *.cloudflare.com *.a1.typesense.net js.zi-scripts.com *.bing.com dpm.demdex.net 'unsafe-inline' blob:; 2
frame-ancestors 'self' https://www.sierrarosealpacas.com/ 2
frame-ancestors 'self' versapay.com staging.versapay.com; 2
frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com https://*.cloudfront.net  https://*.cloudflare.com https://*.youtube.com https://*.xy.finance; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.thundercore.com https://*.cloudflare.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com; style-src * data: 'unsafe-inline'; font-src 'self' data: https://*.gstatic.com; connect-src https://*.thundercore.com https://prod-official-backend.platform.dev.tt-eng.com https://*.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 'unsafe-inline'; object-src 'none'; img-src * data: 'unsafe-inline';frame-src 'self' data: https://*.youtube.com https://*.xy.finance; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; report-uri https://www.thundercore.com 2
base-uri 'self'; form-action 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net m.addthis.com api-public.addthis.com; default-src 'self' fonts.gstatic.com www.google.com; frame-src www.youtube.com s7.addthis.com www.google.com; img-src 'self'  s3.amazonaws.com  mkt-prod-gsg-wordpress.s3.amazonaws.com ; script-src 'self' 'unsafe-inline' www.google-analytics.com s7.addthis.com 'unsafe-eval' z.moatads.com v1.addthisedge.com m.addthis.com api-public.addthis.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' ; 2
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.google.com https://accounts.google.com/ https://cdn.cookielaw.org https://mavieencouleurs.matomo.cloud https://www.facebook.com https://9295380.fls.doubleclick.net/ https://api.flymenu.fr/ https://app.flymenu.fr https://www.google.mu https://graph.facebook.com/ https://www.google.fr https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com https://appleid.cdn-apple.com/ https://privacyportal.onetrust.com https://front-secure.pixibox.com/ https://z-m-graph.facebook.com https://unilever.demdex.net/ https://www.youtube.com/ https://dpm.demdex.net/ https://kx1.co/ https://td.doubleclick.net/ *.mavieencouleurs.fr data:; font-src 'self' *.mavieencouleurs.fr localhost https://fonts.gstatic.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com data:; img-src 'self' https://kwptg.kantarworldpanel.fr https://ad.doubleclick.net/ https://www.google-analytics.com/ https://td.doubleclick.net/ https://www.facebook.com https://www.google-analytics.com https://ct.pinterest.com/ https://www.google.mu https://www.google.fr https://cdn.cookielaw.org/ https://www.google.com/ https://www.googletagmanager.com/ *.mavieencouleurs.fr data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://kx1.co http://ajax.googleapis.com https://connect.facebook.net https://cdn.cookielaw.org https://s.pinimg.com/ https://www.google-analytics.com https://app.flymenu.fr cdn.rawgit.com https://accounts.google.com https://api.flymenu.fr https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://unilever.d3.sc.omtrdc.net http://kx1.co http://ajax.googleapis.com https://connect.facebook.net https://cdn.cookielaw.org https://s.pinimg.com https://www.google-analytics.com https://cdn.matomo.cloud https://assets.adobedtm.com https://app.flymenu.fr https://appleid.cdn-apple.com/ https://www.youtube.com/ cdn.rawgit.com https://accounts.google.com https://api.flymenu.fr https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com *.mavieencouleurs.fr data: https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.mavieencouleurs.fr https://api.flymenu.fr/ https://accounts.google.com data: https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.mavieencouleurs.fr/report-uri/enforce; upgrade-insecure-requests 2
script-src-elem 'self' 'unsafe-inline' *; 2
default-src 'self'; connect-src 'self'  https://api.userback.io/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://api.userlike.com/ https://www.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://*.commander1.com/ https://privacy.trustcommander.net https://*.tagcommander.com https://*.commandersact.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.rs; font-src 'self' data: https://static.userback.io/ https://userlike-cdn-umm.b-cdn.net/; frame-ancestors 'self'; frame-src 'self' https://tools.eurolandir.com https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://app.23degrees.io/ https://cdn.trustcommander.net/ https://livestream.bevideo.tv/ https://my.walls.io/; img-src 'self' data: https://via.placeholder.com/ https://dashboard.umbraco.com/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://www.google-analytics.com https://app.23degrees.io/ https://manager.tagcommander.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tools.euroland.com/ https://www.google.com/ https://www.gstatic.com/ https://static.userback.io/ https://app.23degrees.io/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-umm.b-cdn.net/ https://cdn.tagcommander.com/ https://cdn.trustcommander.com/ https://cdn.trustcommander.net/ https://www.googletagmanager.com https://www.google-analytics.com/ https://walls.io/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://static.userback.io/; worker-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ga.dorcel.com contentnotif.dorcel.com www.dorcelclub.com www.account-dorcel.com cdnjs.cloudflare.com track.dorcelcash.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com bat.bing.com www.clarity.ms *.streaming.in2ip.nl; style-src 'self' 'unsafe-inline' ga.dorcel.com *.streaming.in2ip.nl; img-src 'self' data: https: blob:; media-src 'self' data: *.streaming.in2ip.nl blob:; font-src 'self' data: ga.dorcel.com fonts.gstatic.com *.streaming.in2ip.nl; frame-src 'self' contentnotif.dorcel.com *.netverify.com www.dorcelclub.com msurvey.orange.com www.account-dorcel.com www.google.com; connect-src 'self' region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.streaming.in2ip.nl; form-action 'self' https: http://*.streaming.in2ip.nl; worker-src blob:; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.googleapis.com https://youtube.com https://s.ytimg.com https://www.youtube.googleapis.com https://static.corp.google.com blob:;report-uri /_/MeetingsUi/cspreport/allowlist 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.westernstandard.news;block-all-mixed-content; 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.securiti.ai https://cdn-prod.securiti.ai https://www.googletagmanager.com/debug/badge.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdn-prod.securiti.ai https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.js; img-src 'self' https://www.google-analytics.com https://app.securiti.ai data: https:; connect-src 'self' https://www.google-analytics.com https://cdn-prod.securiti.ai https://app.securiti.ai; font-src 'self' https://fonts.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai; frame-src 'self' https://www.youtube.com https://cdn-prod.securiti.ai https://app.securiti.ai https://www.google.com/ https://chatgptprestadores.orizon.com.br; frame-ancestors 'none'; 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://ea04e958cc13a15d0bbc4cbc506ff315.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world https://prod.id.westfield.com/ https://id.westfield.com/ https://turan-v2.urw.com/ https://turan-web3.preprod.cloud.coreoz.com/ https://unibail-turan-web.int.coreoz.com/ 2
frame-ancestors https://wpp-wdcee.wirecard.com 2
frame-ancestors 'self' https://*.smoove.io https://*.wix.com https://*.editorx.com 2
object-src 'none'; frame-ancestors 'self'; report-uri http://www.securite-routiere.gouv.fr/report-uri/enforce 2
font-src *.commerce-connector.com *.hotjar.com *.hotjar.io static.criteo.net *.fontawesome.com https://geowidget.easypack24.net *.googleapis.com *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com https://seo.mageplaza.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com sketchfab.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.youtube.com *.google.com/ pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.commerce-connector.com *.commerce-connector.de s3.eu-central-1.amazonaws.com *.erecruiter.pl *.google.pl *.snrcdn.net *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.criteo.com *.criteo.net *.amica.pl amica.pl *.gramagd.pl gramagd.pl *.fagorelectrodomestico.es *.fagor-electrodomestico.cz *.fagorelectrodomestico.pt *.taboola.com *.facebook.com *.doubleclick.net https://ssl.gstatic.com https://fonts.gstatic.com https://trafficscanner.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.googleapis.com *.gstatic.com *.google.com static.przelewy24.pl www.gstatic.com gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.commerce-connector.com *.erecruiter.pl *.gstatic.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com https://snr-sdk.amica.pl *.newrelic.com https://bam.nr-data.net *.google.com/recaptcha/ *.hotjar.com *.hotjar.io https://optimize.google.com *.cookiebot.com https://*.criteo.com https://static.criteo.net *.doubleclick.net https://snr-api.amica.pl https://marketing.amica.pl *.facebook.net *.taboola.com https://tagmanager.google.com *.googletagmanager.com *.clarity.ms *.amica3d.pl https://trafficscanner.pl blob: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.youtube.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com/ *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.commerce-connector.com *.erecruiter.pl *.gstatic.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com *.newrelic.com https://bam.nr-data.net https://optimize.google.com *.cookiebot.com *.amica.pl https://tagmanager.google.com *.fontawesome.com https://geowidget.easypack24.net fonts.googleapis.com 'self' 'unsafe-inline'; object-src *.cookiebot.com 'self' 'unsafe-inline'; media-src *.adobe.com *.amica.pl static.criteo.net amica.pl https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.erecruiter.pl *.gstatic.com *.adobe.com *.googleapis.com *.przelewy24.pl *.snrcdn.net *.snrbox.com *.newrelic.com https://bam.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com *.criteo.com *.criteo.net *.commerce-connector.com *.doubleclick.net https://snr-api.amica.pl https://marketing.amica.pl *.taboola.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.clarity.ms *.amica3d.pl *.googlesyndication.com https://trafficscanner.pl wss://trafficscanner.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.plyr.io noembed.com *.easypack24.net *.inpost.pl *.openstreetmap.org https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src * blob: data:; connect-src * 2
default-src 'self'; img-src 'self' *.allfunds.com https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://linkedin.com https://*.linkedin.com  https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com 'self' data:;; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://*.googleapis.com https://*.recaptcha.net https://recaptcha.net https://www.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://apis.google.com https://www.google-analytics.com https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; font-src 'self' https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; connect-src 'self' https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://allfunds.com https://*.googleapis.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev wss://app.allfunds.com https://cdn.plyr.io https://region1.google-analytics.com https://region1.analytics.google.com https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com; frame-src 'self' https://www.google.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://intranet.allfunds.com https://app.allfunds.com https://*.recaptcha.net https://recaptcha.net https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev https://player.vimeo.com https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com; object-src 'none'; 2
frame-ancestors ‘none’; default-src ‘self’, script-src ‘*://*.payfast.io:*’ 2
frame-ancestors 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co shop.basketful.co bid.g.doubleclick.net optimize.google.com *.onetrust.com *.juicer.io, img-src 'self' chimpstatic.com *.bing.com mcusercontent.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co images.basketful.co *.juicer.io shop.basketful.co insight.adsrvr.org us-gmtdmp.mookie1.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.co.in www.google-analytics.com optimize.google.com *.onetrust.com googleads.g.doubleclick.net www.google.com www.google.be www.kwpsurveys.com *.cdninstagram.com  *.typesquare.com t.teads.tv ct.pinterest.com ad.ipredictive.com www.facebook.com consumer.krxd.net apps.jobadder.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id images.ctfassets.net cdnjs.cloudflare.com *.destinilocators.com bat.bing.com *.ytimg.com *.zemanta.com *.clarity.ms data:, form-action 'self' chimpstatic.com *.facebook.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co *.juicer.io, font-src 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co shop.basketful.co *.juicer.io ka-f.fontawesome.com fonts.gstatic.com use.fontawesome.com *.typesquare.com www.zespri.eu fonts.gstatic.com zespri.com.isgoingto.be *.destinilocators.com *.onetrust.com destinilocators.com data:, object-src 'self' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co *.juicer.io, style-src 'self' 'unsafe-inline' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co shop.basketful.co unpkg.com tagmanager.google.com fonts.googleapis.com www.zespri.eu zespri.com.isgoingto.be use.fontawesome.com *.destinilocators.com destinilocators.com bat.bing.com optimize.google.com *.onetrust.com fonts.googleapis.com *.juicer.io, script-src 'self' 'unsafe-inline' 'unsafe-eval' chimpstatic.com *.us9.list-manage.com *.us21.list-manage.com *.mailchimp.com fastfinch.co *.juicer.io js.adsrvr.org cdn-akamai.mookie1.com insight.adsrvr.org us-gmtdmp.mookie1.com widget.taggbox.com kit.fontawesome.com unpkg.com  shop.basketful.co cdn.jsdelivr.net typesquare.com cdn.krxd.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.co.in www.googleadservices.com www.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com *.onetrust.com www.kwpsurveys.com p.teads.tv *.cdninstagram.com www.facebook.com connect.facebook.net s.pinimg.com t.teads.tv ct.pinterest.com beacon.krxd.net consumer.krxd.net apps.jobadder.com ajax.googleapis.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id recaptcha.net destinilocators.com *.destinilocators.com api.destinilocators.com stackpath.bootstrapcdn.com *.arcgis.com fonts.gstatic.com www.gstatic.com s3.amazonaws.com use.fontawesome.com pw.qpleshq.com us-central1-zespri-2020.cloudfunctions.net www.shareasungold.zespristore.com irxcm.com api2.autopilothq.com googleads.g.doubleclick.net bat.bing.com rec.smartlook.com *.clarity.ms *.youtube.com blob: 2
frame-ancestors 'self' https://*.sonepar.coremedia.cloud/; 2
default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net; child-src blob:; worker-src 'self' blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.facebook.net ajax.aspnetcdn.com *.youtube.com *.twitter.com s.ytimg.com *.twimg.com *.linkedin.com platform.stumbleupon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com *.live2support.com *.feathr.co *.napco.com *.piworld.com *.cloudflare.com *.printing.org *.dpmsrv.com *.clarity.ms *.proprofschat.com *.adnxs.com *.vo.msecnd.net *.googleoptimize.com *.lytics.io snap.licdn.com *.linkedin.com ws.zoominfo.com tags.clickagy.com *.googlesyndication.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.google.com cdn.insight.sitefinity.com https://dec.azureedge.net *.twitter.com *.twimg.com *.fontawesome.com *.live2support.com *.feathr.co *.napco.com *.piworld.com *.typekit.net *.lytics.io *.googletagservices.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com *.live2support.com *.napco.com *.piworld.com data: *.typekit.net *.googlesyndication.com *.doubleclick.net *.googletagservices.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net platform.tumblr.com *.facebook.com www.redditstatic.com static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com *.twitter.com *.twimg.com data: blob: *.eloqua.com *.hubspot.com *.live2support.com *.sgia.org *.google.com *.feathr.co https://match.adsrvr.org *.napco.com *.piworld.com *.ytimg.com *.vimeocdn.com *.picsum.photos *.adnxs.com *.rlcdn.com *.azurewebsites.net *.s3.amazonaws.com *.live2support.com *.sitescout.com *.linkedin.com *.lytics.io *.zoominfo.com *.clickagy.com *.printing.org *.googlesyndication.com *.doubleclick.net *.googletagservices.com; media-src 'self' data: blob: *.live2support.com; frame-src 'self' *.google.com *.live2support.com *.youtube.com *.napco.com *.piworld.com *.vimeo.com *.printing.org *.facebook.com pixel.sitescout.com hemsync.clickagy.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.brightcove.net; child-src 'self' *.twitter.com https://www.youtube.com/ *.napco.com www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ *.facebook.com badge.stumbleupon.com *.live2support.com *.googleapis.com *.google.com *.piworld.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.live2support.com *.feathr.co *.napco.com *.piworld.com *.clarity.ms *.services.visualstudio.com *.google-analytics.com *.linkedin.oribi.io aorta.clickagy.com hemsync.clickagy.com *.zoominfo.com *.linkedin.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com; 2
frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com *.9fftech.com https://*.9fftech.com https://*.tau2904.com  https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cms-uat.ttbbank.local 2
frame-ancestors 'self' *.firstbet.co.za *.tabonline.co.za *.gbets.co.za 10bet.co.tz *.10bet.co.tz *.playingops.com *.betway.co.za *.mp4racing.com *.tsretail.co.za *.turfsport.co.za *.payu.co.za *.mojabet.co.ke *.gbets.co.ls *.regularbet.com *.4racing.com localhost localhost:8100 localhost:8080 *.tab4racing.com tab4racing.com www.tab4racing.com play.tabonline.co.za efx.deod.tv az-4r-accountregister4racing.azurewebsites.net mashonaland.tab.co.za m.4racing.com web.4racing.com bet.4racing.com uat.betway.co.za qa.betway.co.za betway.co.za test.mojabet.co.ke mojabet.co.ke; block-all-mixed-content;  object-src 'none'; base-uri 'self'; 2
frame-ancestors http://www.teleb.ch https://www.teleb.ch http://www.karoag.ch https://www.karoag.ch http://www.qline.swiss https://www.qline.swiss http://lkwg.ch https://lkwg.ch http://gbm-muri.ch https://gbm-muri.ch https://www.lkwg.ch http://relaunch.ga-weissenstein.ch http://www.ga-weissenstein.ch http://ga-weissenstein.ch http://www.cubera.ch http://www.gbm-muri.ch https://lkw004.dev.cubera.ch http://renet-ag.ch https://renet-ag.ch https://www.yetnet.swiss https://www.ziknet.ch http://www.ziknet.ch https://www.kfn-ag.ch http://www.kfn-ag.ch https://www.valaiscom.ch http://www.valaiscom.ch https://ggs.ch http://ggs.ch https://intergga-ag.ch http://intergga-ag.ch https://www.flimselectric.ch http://www.flimselectric.ch http://qline.swiss https://qline.swiss http://www.ewaarberg.ch https://www.ewaarberg.ch https://www.renet-ag.ch https://energie-belp.ch https://esag-lyss.ch http://ewaarberg.ch https://www.ews-energie.ch https://www.flimselectric.ch https://ewk.ch https://www.gagnet.ch https://www.ga-weissenstein.ch https://www.gbm-telecom.ch https://natuerlich-luthertal.ch https://ggs.ch https://intergga.ch https://kfn-ag.ch https://www.lkwg.ch https://www.localnet.ch https://qline.swiss https://www.renet-ag.ch https://www.valaiscom.ch https://willisau.ch https://www.wwz.ch https://www.yetnet.swiss https://www.ziknet.ch https://www.feracom.ch https://stage.quickline.ch https://dev.quickline.ch https://natuerlich-luthertal.ch https://gfa.testkopie.ch https://intergga-ag.ch https://glasfaser-fuer-alle.ch https://natuerlich-luthertal.ch/ https://quickline.energie-belp.ch/  https://www.yetnet-seon.ch/ https://yetnet-seon.ch/ https://www.yeru.ch/ https://yeru.ch/ http://www.agh-unzenschwil.ch/ http://agh-unzenschwil.ch/ https://www.ags-schafisheim.ch/ https://ags-schafisheim.ch/ https://fg-dulliken.ch/ https://www.fg-dulliken.ch/ https://www.yetnet-gipf-oberfrick.ch/ https://yetnet-gipf-oberfrick.ch/ https://www.kabelnetz-schoenenwerd.ch/ https://kabelnetz-schoenenwerd.ch/ http://localhost:2937/ https://order-office.quickline.ch https://order-office.quickline.ch/ https://ql.bytesatwork.de https://ql.bytesatwork.de/ https://quickline.ch/ https://www.dev.ga-buchsi.ch/ https://dev.ga-buchsi.ch/ https://www.ga-buchsi.ch/ https://ga-buchsi.ch/ https://ewaarberg.visions.page/ 2
default-src *; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; base-uri * 2
default-src 'self'  https://*.cryptorg.net https://cryptorg.net:* https://*.cryptorg.io https://cryptorg.io:* https://cryptorg.net https://*.cryptorg.io https://cryptorg.io http://*.cloudflare.com https://*.cloudflare.com http://monitorings.local:8038 https://api.bybit.com ; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.tradingview.com http://cdn.datatables.net https://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.tradingview.com https://tradingview.com https://unpkg.com https://*.googleapis.com https://*.sumsub.com https://api.bybit.com ; script-src-elem  blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.tradingview.com http://cdn.datatables.net https://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.tradingview.com https://tradingview.com https://unpkg.com https://*.sumsub.com https://api.bybit.com ; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://fonts.gstatic.com http://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://unpkg.com https://*.sumsub.com https://api.bybit.com ; style-src-elem  'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://fonts.gstatic.com http://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.sumsub.com https://api.bybit.com ; font-src  'self' 'unsafe-eval' data: https://fonts.googleapis.com http://cdn.datatables.net https://fonts.gstatic.com https://cdn.jsdelivr.net ; img-src 'self' data:  blob: https://tradingbeep.com https://www.google-analytics.com https://*.google-analytics.com http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.googleapis.com https://*.sumsub.com https://api.bybit.com ; media-src 'self' blob: data: https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://youtu.be https://www.youtube.com ; frame-src 'self' blob: data: https://youtu.be https://www.youtube.com https://*.tradingview.com https://*.sumsub.com https://api.bybit.com ; connect-src 'self' https://api.coingecko.com https://*.tradingview.com   https://www.google-analytics.com  https://*.google-analytics.com https://fonts.googleapis.com https://www.googletagmanager.com  http://monitorings.local:8038 http://cdn.datatables.net https://binance.com  https://*.binance.com  wss://binancefuture.com  wss://*.binancefuture.com  wss://stream.binance.com:9443 https://*.cryptorg.net https://cryptorg.net:* https://*.cryptorg.io https://cryptorg.io:* wss://cryptorg.net wss://*.cryptorg.net https://*.sumsub.com wss://stream.bybit.com wss://ws2.bybit.com https://api.bybit.com wss: ws: ; object-src 'none' ; base-uri 'self' ; 2
frame-src *; frame-ancestors *; 2
default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; report-uri /report/content-security-policy 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: noi.bg www.noi.bg nssi.bg www.nssi.bg; frame-ancestors 'none' 2
default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.doubleclick.net td.doubleclick.net *.td.doubleclick.net *.fitchsolutions.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.ampproject.org app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com *.googletagmanager.com players.brightcove.net *.google-analytics.com *.analytics.google.com analytics.google.com *.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com *.clearbitscripts.com *.clearbit.com *.clearbitjs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com *.googletagmanager.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net ; object-src 'none'; frame-src 'self' *.fitchsolutions.com *.doubleclick.net *.hotjar.com  bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net *.td.doubleclick.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com *.evidon.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.co.uk *.fitchsolutions.com metrics.brightcove.com *.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co *.google-analytics.com *.analytics.google.com www.google.com www.google.co td.doubleclick.net *.td.doubleclick.net www.google.co.uk; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net; prefetch-src 'self' *.fitchsolutions.com *.google-analytics.com *.analytics.google.com; connect-src 'self' blob: *.fitchsolutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io notify.bugsnag.com *.clearbit.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.clearbit.com *.linkedin.oribi.io td.doubleclick.net *.td.doubleclick.net *.google.com 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai *.youtube.com *.vimeo.com *.vimeocdn.com; font-src 'self' *.realperson.cloud; object-src 'self'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de; worker-src 'self' blob:; 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com bam.eu01.nr-data.net sjpdigital.fra1.qualtrics.com *.qualtrics.com api.edq.com stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://ws7.hotjar.com  partnership-site-api.sjp.co.uk maps.googleapis.com ict.infinity-tracking.net *.hotjar.com *.intercom.io cdn.linkedin.oribi.io *.intercom.io vc.hotjar.io https://content.hotjar.io/ wss://*.nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io *.region1.analytics.google.com region1.analytics.google.com region1.google-analytics.com *.analytics.google.com *.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com qaotp.tools.investisdigital.com sjp.getmediamanager.com bam.eu01.nr-data.net code.highcharts.com viz.tools.investis.com jquery.magnific-popup.min sjpdigital.fra1.qualtrics.com *.qualtrics.com *.googleadservices.com *.licdn.com *.googleadservices.com *.licdn.com *.doubleclick.net sjp.secure.force.com www3.sjp.co.uk *.intercom.io *.intercomcdn.com *.trustarc.com consent.trustarc.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js *.region1.analytics.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.googletagmanager.com *.googletagmanager.com consent.trustarc.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sjp.getmediamanager.com digital.feprecisionplus.com play.acast.com viz.tools.investis.com embed.acast.com staging-digital.feprecisionplus.com https://surveys.sjp.co.uk trustarc.com *.fls.doubleclick.net *.amazon-adsystem.com *.fls.doubleclick.net *.amazon-adsystem.com *.hotjar.com *.trustarc.com sjp.secure.force.com https://widget.trustpilot.com/ cloud.comms.sjp.co.uk sjp.my.salesforce-sites.com studio.h2creative.co.uk https://td.doubleclick.net/ prod.respondselfserve.com partnership.sjp.co.uk/ open.spotify.com; frame-ancestors 'self' https://sjp.secure.force.com https://www.sjp.co.uk/ sjp-corp.pid2-e1.investis.com sjp.my.salesforce-sites.com partnership.sjp.co.uk sjp-partner-nginx-stg.uk.deptagency.com; child-src https://partnership.sjp.co.uk/, https://sjp-partner-nginx-stg.uk.deptagency.com/; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.loom.com consent.trustarc.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval'  *.region1.analytics.google.com region1.google-analytics.com *.analytics.google.com *.google.com *.google-analytics.com https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://vc.hotjar.io/ https://in.hotjar.com/ https://api-iam.eu.intercom.io/ https://cdn.linkedin.oribi.io/ https://stats.g.doubleclick.net/ wss://ws.hotjar.com/ https://content.hotjar.io/ wss://nexus-europe-websocket.intercom.io/ maps.googleapis.com consent-pref.trustarc.com api.investisdigital.com dev-assets.investisdigital.com https://pagead2.googlesyndication.com/ assets.investisdigital.com px.ads.linkedin.com 2
default-src 'none';script-src 'unsafe-inline' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://maps.googleapis.com https://az416426.vo.msecnd.net/scripts/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;connect-src 'self' https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/j/collect;font-src 'self' https://fonts.gstatic.com/s/;img-src 'self' blob: data: https://www.google.com/ https://www.google.com.au/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://img.youtube.com; child-src https://www.youtube.com https://www.google.com/ 2
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 2
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' wss://*.highmark.com https://*.highmark.com https://*.hmhs.com https://maps.googleapis.com https://www.google-analytics.com https://identitytoolkit.googleapis.com https://siteintercept.qualtrics.com; 2
default-src 'self' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' * 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * data: 2
frame-ancestors  'self'  t.co  twitter.com; block-all-mixed-content; script-src  'self'  'sha256-8aUfZ6OfkbCvDlwL3X6v8O9A1hr/8YqzQCWm+QOkViQ='  'sha256-LCTxXkd3guWgmVlqVe2udJCJ+Rym798wMUvLlv6365Q='  'sha256-h9drxXDJnKxzozUKKGq2WFRPSK3Tsxgj7pCkKr0diRE='  'sha256-vPUfbaHq9rZbd/RaSkAV1CXDxte8tJqZMhEcbyaeZKk='  'sha256-wOoB7PackRG1ZntccQg3MFGznphhf4p4QCrF+jZVjGo='  'sha256-d/d3L2uVri+tpvEWC1iR9dH/WT1Ec2yIwbIhpocYxxo='  'sha256-WLg7p6AInstQdLsXMhbpWmn6B0j3OnLaNEc3s9sZk7w='  'sha256-2wH0B0yJ4ArnRr/aWfcn2UuA7ACS1qCMp8txWrGljsw='  'sha256-vI/vbRhxmjoU0jkdu63unk/rGDDg0oPeI5fm3YtsENs='  'report-sample'  'unsafe-inline'  'unsafe-eval'  https://*.ep-mimecast.ads-twitter.com  https://*.moatads.com  https://ajax.googleapis.com  https://analytics.twitter.com  https://browser-update.org  https://cdn.syndication.twimg.com  https://en.twitter.com  https://google-analytics.com  https://googletagmanager.com  https://kit.fontawesome.com  https://m.addthis.com  https://m.youtube.com  https://platform.twitter.com  https://s7.addthis.com  https://static.ads-twitter.com  https://ssl.google-analytics.com  https://tagmanager.google.com  https://t.co  https://use.fontawesome.com  https://v1.addthisedge.com  https://www.clarity.ms  https://www.google-analytics.com  https://www.googletagmanager.com  https://api-public.addthis.com  https://*.azureedge.net  https://public.flourish.studio  https://play.libsyn.com  https://www.bugherd.com  https://flo.uri.sh  https://*.svc.dynamics.com  https://nefeorg.bamboohr.com  https://www.youtube.com  https://embed-cdn.gettyimages.com  https://platform-api.sharethis.com  https://buttons-config.sharethis.com  https://gdpr-api.sharethis.com  https://public.tableau.com  https://my.visme.co  https://www.bugherd.com  https://sidebar.bugherd.com; style-src  'self'  'report-sample'  'unsafe-inline'  *.fontawesome.com  ajax.googleapis.com  fonts.googleapis.com  platform.twitter.com  tagmanager.google.com  ton.twimg.com  www.googletagmanager.com; object-src  'none'; child-src  'self'  platform.twitter.com  *.svc.dynamics.com  flo.uri.sh  public.flourish.studio  play.libsyn.com  s7.addthis.com  www.googletagmanager.com  www.youtube.com  *.gettyimages.com gdpr-api.sharethis.com; base-uri  'self'  *.moatads.com; form-action  'self'  *.twitter.com; worker-src  'self'; frame-src   'self'  public.tableau.com  *.youtube.com flo.uri.sh play.libsyn.com *.svc.dynamics.com *.azureedge.net embed.gettyimages.com my.visme.co sidebar.bugherd.com; 2
default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.andanet.com https://*.andameds.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://col.eum-appdynamics.com https://*.google-analytics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpsrv-vh.akamaihd.net https://vc.hotjar.io https://stats.g.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.adsymptotic.com https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.force.com wss://*.salesforce-sites.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.andanet.com https://*.andameds.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.bizographics.com https://*.linkedin.com https://*.linkedin.oribi.io https://chimpstatic.com https://*.mailchimp.com https://*.vimeo.com https://*.vimeocdn.com https://*.licdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com;img-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.adnxs.com https://placehold.it https://*.hotjar.com https://*.hotjar.io http://via.placeholder.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.doubleclick.net https://*.linkedin.com https://*.linkedin.oribi.io https://openbadges.blob.core.windows.net https://*.vimeo.com https://*.vimeocdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andanet.com https://*.andameds.com https://*.googleapis.com https://*.gstatic.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://*.mailchimp.com https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andanet.com https://*.andameds.com https://*.cybersource.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://col.eum-appdynamics.com https://*.mailchimp.com https://*.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
frame-ancestors 'self' *.anthembluecross.com; 2
script-src  'self' blob: 'unsafe-inline' 'unsafe-eval' http://51.81.49.98 https://platform.bluemessaging.net *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com; img-src 'self' blob: *.googleusercontent.com https://platform.bluemessaging.net  *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com data: *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' https://platform.bluemessaging.net *.tableau.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co; font-src 'self' https://platform.bluemessaging.net *.tableau.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self'; frame-ancestors 'self' https://platform.bluemessaging.net *.tableau.com ; media-src 'self' blob: https://radiolatina.info https://radiolatina.info:10840/stream http://51.81.49.98:8318/stream http://51.81.49.98 https://platform.bluemessaging.net *.tableau.com http://smartlink.cool *.smartlink.cool; 2
frame-ancestors 'self' ia.ca *.ia.ca *.inalco.com *.ia.iafg.net *.iteslive.tv iplayerbridge://* 2
frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google-analytics.com https://www.google.com https://cdn.acsbapp.com https://googleads.g.doubleclick.net https://analytics.google.com https://stats.g.doubleclick.net https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io; 2
script-src 'unsafe-inline' 'self' cdn.matomo.cloud https://marellisitecert.azurewebsites.net https://*.marelli.com hub09.matomo.cloud www.googletagmanager.com 'unsafe-eval'; default-src 'unsafe-inline' 'self' cdn.matomo.cloud hub09.matomo.cloud https://marellisitecert.azurewebsites.net https://*.marelli.com www.googletagmanager.com; img-src 'self' data: https://*.marelli.com cdn.matomo.cloud hub09.matomo.cloud https://marellisitecert.azurewebsites.net www.googletagmanager.com; 2
default-src 'self'; base-uri 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src * 'unsafe-inline' 2
frame-ancestors 'self' http://www.philips.com.au *.philips.com *.philips.com.au https://philipsigtdpv.com 2
upgrade-insecure-requests; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://mng.gdtv.cn/ http://test-mp-gdtv.itouchtv.cn/ 2
frame-ancestors 'self'; report-uri https://r4com.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com https://nordfx.com https://nuode.me https://nuode.info/, object-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com ; img-src 'self' https://ambank.amonline.com.my data: blob: ; font-src 'self' data: ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com ;object-src 'none'; frame-ancestors 'none'; 2
frame-ancestors 'self' *.unitybyhardrock.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.clinicaalemana.cl *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com *.googletagmanager.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com *.google.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:*; style-src 'self' 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.google.com tagmanager.google.com *.twimg.com; font-src 'self' c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl *.clinicaalemana.cl stats.g.doubleclick.net *.google.com *.youtube.com *.google.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl *.alemana.cl i.stack.imgur.com *.cloudflare.com *.clinicaalemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.google.com data: blob: *.eloqua.com track.hubspot.com *.cloudfront.net; media-src 'self' data: blob: *.cloudfront.net; frame-src portal.alemana.cl * 'self' *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/; child-src blob: www.clinicaalemanatemuco.cl 'self' *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com; connect-src app.tuotempo.com 'self'  www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com  https://accounts.spotify.com  https://api.spotify.com https://api-js.datadome.co  api.usabilla.com  *.google-analytics.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl *.clinicaalemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com  ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.hotjar.io *.hotjar.com *.alemana.cl www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:*; 2
default-src 'self'; img-src 'self' https://*.onetrust.com https://cdn.cookielaw.org www.google.com *.cloudfront.net *.doubleclick.net data:; script-src 'self' https://*.onetrust.com https://cdn.cookielaw.org www.gstatic.com maps.googleapis.com www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.split.io w.usabilla.com *.cloudfront.net cdn.segment.com cdn.mxpnl.com https://static.ada.support 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.split.io *.cloudfront.net fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src fonts.gstatic.com 'self'; object-src 'self'; connect-src 'self' https://*.onetrust.com https://cdn.cookielaw.org api.segment.io *.split.io *.rollbar.com *.mixpanel.com *.doubleclick.net *.rewardlink.io https://static.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://rollout.ada.support/tangocard/client.json https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cookies-data.onetrust.io; frame-src www.google.com  https://www.google.com/recaptcha/ https://tangocard.ada.support https://*.rewardlink.io https://*.rewardlink.com d6tizftlrpuof.cloudfront.net 2
default-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com api.hubapi.com stats.g.doubleclick.net forms.hubspot.com; script-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com snap.licdn.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.googleadservices.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net googleads.g.doubleclick.net js.stripe.com www.youtube.com https://s.ytimg.com js.usemessages.com *.hotjar.com *.hotjar.io merch.directpos.de 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.gstatic.com *.hotjar.com *.hotjar.io data:; style-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.googleapis.com 'unsafe-inline'; img-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com px.ads.linkedin.com www.linkedin.com *.google-analytics.com *.googletagmanager.com *.google.com forms.hsforms.com track.hubspot.com https://i.ytimg.com p.adsymptotic.com px4.ads.linkedin.com *.hotjar.com *.hotjar.io data:; frame-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com js.stripe.com hooks.stripe.com www.youtube.com www.youtube-nocookie.com *.hotjar.com *.hotjar.io *.hubspot.com merch.directpos.de; connect-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com api.stripe.com https://noembed.com https://cdn.plyr.io *.google.de *.google-analytics.com api.hubspot.com api.hubapi.com forms.hubspot.com *.googleadservices.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io merch.directpos.de 2
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; connect-src 'self' wss: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zerofox.wpenginepowered.com https://*.zerofox.com https://munchkin.marketo.net https://*.wistia.com https://*.wistia.net https://assets.calendly.com https://js.driftt.com https://widget.drift.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://optimize.google.com https://maps.googleapis.com https://www.youtube.com https://www.google.com/pagead/conversion_async.js https://*.wistia.com https://*.wistia.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://j.6sc.co https://ws.zoominfo.com https://bat.bing.com https://tags.srv.stackadapt.com https://unpkg.com/flickity@2/dist/flickity.pkgd.min.js https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js https://tags.clickagy.com/data.js https://cdn.leandata.com https://app.leandata.com https://js.zi-scripts.com https://beacon-v2.helpscout.net https://tag.clearbitscripts.com https://x.clearbitjs.com https://reveal.clearbit.com https://tracking.g2crowd.com https://yoast.com https://www.buzzsprout.com; style-src 'self' 'unsafe-inline' blob: https://zerofox.wpenginepowered.com https://get.zerofox.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://fast.wistia.com https://tags.srv.stackadapt.com https://unpkg.com/flickity@2/dist/flickity.min.css https://cdnjs.cloudflare.com/ajax/libs/element-ui/2.4.9/theme-chalk/index.css; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com https://cdnjs.cloudflare.com/ajax/libs/element-ui/2.4.9/theme-chalk/fonts/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.leandata.com; frame-src 'self' https://zerofox.wpenginepowered.com https://get.zerofox.com https://cdn.forms-content.sg-form.com https://www.google.com https://optimize.google.com https://calendly.com https://js.driftt.com https://widget.drift.com https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://app.leandata.com https://open.spotify.com https://www.buzzsprout.com https://www.g2.com; frame-ancestors https://*.zerofox.com; img-src 'self' 'unsafe-inline' data: https://*.zerofox.com https://zerofox.wpenginepowered.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://d21y75miwcfqoq.cloudfront.net https://googleads.g.doubleclick.net https://p.adsymptotic.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://www.linkedin.com https://px.ads.linkedin.com https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://b.6sc.co https://media.giphy.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.zerofox.com https://i.imgur.com https://s.w.org https://ps.w.org https://wpmudev.com https://yoa.st https://yoast.com https://958978.smushcdn.com https://cdn.onetrust.com https://tags.srv.stackadapt.com https://bat.bing.com https://aorta.clickagy.com https://id.rlcdn.com/711861.gif https://stags.bluekai.com https://px4.ads.linkedin.com https://app.leandata.com; connect-src 'self' https://*.zerofox.com https://zerofox.wpenginepowered.com https://api.vercel.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://get.zerofox.com https://*.litix.io https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net https://script.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://secure.adnxs.com/getuidj https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://ws.zoominfo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://tags.srv.stackadapt.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://aorta.clickagy.com https://hemsync.clickagy.com https://my.yoast.com https://d3hb14vkzrxvla.cloudfront.net/v1/1ae02e91-5865-4f13-b220-7daed946ba25 https://app.clearbit.com https://app.leandata.com https://tracking.g2crowd.com https://js.zi-scripts.com; media-src 'self' blob: data: https://zerofox.wpenginepowered.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://js.driftt.com; base-uri 'self'; manifest-src 'self'; object-src 'self' blob: https://zerofox.wpenginepowered.com; worker-src 'self' blob:; 2
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-gtm-9e636f0d-442b-4c0f-88d1-1e39f19e4397' 'nonce-seed-3ecbb171-943c-43a7-a0c3-aaad4a775d59' 'nonce-prefetech-952bbe7e-b06d-4d46-85a3-f6244bfe4eeb' 'nonce-tapfiliate-29d66cd8-f845-4b60-856b-dbc1e9d7679d' 'nonce-matomo-acd9fbf8-4c18-4a9a-9020-0cece4251b53' 'nonce-helpscout-47433c72-dbe0-4d43-9d19-8a3f68bb198b';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 2
default-src 'self'; img-src 'self' data: https://api.study-in-germany.de *.daad.de *.study-in-germany.de *.tile.openstreetmap.de *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.ytimg.com *.gravatar.com *.dw.com *.openstreetmap.de *.openstreetmap.org; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'self' 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com *.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com *.youtube.com 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data data:;; connect-src 'self' https://api.study-in-germany.de *.google-analytics.com *.googletagmanager.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; media-src *.youtube-nocookie.com; frame-src *.youtube.com *.youtube-nocookie.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://claro.clientcampaigns.live https://*.google.com.mx https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.com.hn https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://api-prod-hn.prod.clarodigital.net https://stackpath.bootstrapcdn.com https://*.claro.com.hn https://*.clarity.ms https://claro.clientcampaigns.live; media-src mediastream:; 2
frame-ancestors 'self' https://www.gobio.com *.gobio.com *.gobio.com 2
default-src * 'unsafe-eval' 'unsafe-inline' data: about: 2
frame-ancestors 'self' *.einnews.com *.einpresswire.com; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de 2
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 2
object-src 'none'; frame-ancestors 'self'; report-uri https://www.mastercardservices.com/en/report-uri/enforce 2
base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chilipiper.com https://translate.googleapis.com https://js.partnerstack.com/v1/ https://next-test-dot-strapi-database-392409.an.r.appspot.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.google.com *.googleoptimize.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.gstatic.com 1gbg1hfkyvry.statuspage.io *.profitwell.com *.wpengine.com *.ketchcdn.com *.ketchjs.com *.datadoghq-browser-agent.com *.sentry-cdn.com *.redditstatic.com s.pinimg.com ct.pinterest.com *.pinimg.com https://1gbg1hfkyvry.statuspage.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com  https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://js.stripe.com https://checkout.stripe.com https://ajax.googleapis.com  https://*.quora.com https://ajax.googleapis.com *.uniqode.com *.beaconstac.com https://storage.googleapis.com https://static.uniqode.com https://static.beaconstac.com dna8twue3dlxq.cloudfront.net cdn.auth0.com *.privy.com static.ads-twitter.com *.twitter.com snap.licdn.com *.bing.com  *.clarity.ms *.quora.com connect.facebook.net www.facebook.com *.typeform.com z.moatads.com cdn.firstpromoter.com cdnjs.cloudflare.com *.wistia.com src.litix.io *.wistia.net *.calendly.com *.salesloft.com *.zoominfo.com https://getrockerbox.com https://*.getrockerbox.com https://*.uniqode.com https://*.beaconstac.com cdn.taboola.com trc.taboola.com  ;child-src 'self' data: blob: https:  https://next-test-dot-strapi-database-392409.an.r.appspot.com *.profitwell.com www.youtube.com *.wistia.com  *.privy.com  *.calendly.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com  https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com;form-action  https://www.uniqode.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ *.pinterest.com *.profitwell.com *.sentry-cdn.com;frame-ancestors  'self';style-src 'self' 'unsafe-inline' *.uniqode.com https://www.gstatic.com *.wpengine.com *.beaconstac.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css storage.googleapis.com  https://next-test-dot-strapi-database-392409.an.r.appspot.com *.privy.com s.pinimg.com ct.pinterest.com fonts.googleapis.com *.calendly.com tagmanager.google.com *.google.com fast.wistia.com *.profitwell.com;img-src * 'self' data: blob: https:;font-src 'self' data: blob: https:  https://next-test-dot-strapi-database-392409.an.r.appspot.com https://*.wistia.com fonts.gstatic.com storage.googleapis.com static.uniqode.com static.beaconstac.com optimize.google.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.profitwell.com;media-src 'self' data: blob: https: https://next-test-dot-strapi-database-392409.an.r.appspot.com *.youtube.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://js.intercomcdn.com *.profitwell.com; object-src 'none' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 2
default-src 'self';report-uri https://sentry.ladderlife.com/api/5/security/?sentry_key=256f94429c2e43ef8fadcb036d4c7e92 ;manifest-src https://ddw3p1oh0ex89.cloudfront.net;script-src https://*.adroll.com https://*.facebook.net https://sdk.twilio.com https://cdn.humanapi.co/ https://ekr.zendesk.com 'sha256-c7M5EaJ4WdOCgAf4VR5PNAIx8Tfot/Q3Nsu8lkLFXlU=' https://static.zdassets.com https://cdn.jsdelivr.net/fingerprintjs2/1.5.1/fingerprint2.min.js 'sha256-28pWGDRYnND+KcXkQSsC8a7TlpIi4HPpfQ4OvqTUNY8=' https://*.zopim.com 'sha256-ZKu42s6NuuaVSSaKshRcJFOs1ctAeLMINp2+/JEaBWM=' https://*.linkedin.com/ https://ddw3p1oh0ex89.cloudfront.net https://*.adnxs.com/ https://www.googletagmanager.com https://*.twitter.com https://app.getsentry.com https://*.g.doubleclick.net https://maps.googleapis.com https://*.plaid.com wss://ladderlife.zendesk.com https://cdn.pbbl.co https://*.googlesyndication.com https://ads.nextdoor.com/public/pixel/ndp.js https://collector-9169.us.tvsquared.com/tv2track.js 'sha256-+9xfK56z1o8LjCn+r6aZvibnWQ4slrvpI04piONRQ5U=' 'sha256-I4sssOimP4aqQ3guQTL1/GuKKN/qcNxjkHE09MYMLQA=' https://www.google-analytics.com/analytics.js https://*.bizographics.com/ https://*.newrelic.com https://ekr.zdassets.com https://bam.nr-data.net https://www.google.com https://qp.delty.io/q1/HdwFxDxD.js https://zendesk-eu.my.sentry.io https://cdn.cookielaw.org/scripttemplates/ wss://api.smooch.io 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' 'sha256-EhImtpQrxfrzkUueM3popkaGrI5KZmBuHLwfmTZTphA=' https://*.bing.com 'sha256-lpUhVVDo2EzRH5vTU08BulB+rpSke0YpGJ6ZmllJNys=' https://api.smooch.io https://qp.delty.io/q1/t/client.min.js https://media.smooch.io https://static.ads-twitter.com/uwt.js https://*.licdn.com/ 'sha256-a9K368kgMI7sk9t0Bk3PLOztxYxCDfIYzxgb6aA1dEg=' https://ladderlife.zendesk.com wss://voice-js.roaming.twilio.com 'sha256-LROnOwSP0gZe2prEj+944RV8WJ3wSYUdpLr1amrGxFE=' https://*.googleadservices.com https://*.stripe.com https://eventgw.*.twilio.com;child-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;frame-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';media-src https://static.zdassets.com https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net;img-src https://static.zdassets.com https://ddw3p1oh0ex89.cloudfront.net https: data: blob: https://accounts.zendesk.com https://*.zdusercontent.com https://media.smooch.io https://ladderlife.zendesk.com 'self';font-src https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net data: https://fonts.gstatic.com;connect-src https://www.google-analytics.com/ https://ekr.zendesk.com https://adservice.google.com https://eng.trkcnv.com/postBack https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net https://api.segment.io https://*.twitter.com https://maps.googleapis.com https://www.facebook.com wss://ladderlife.zendesk.com https://stats.g.doubleclick.net/ https://*.googlesyndication.com https://ekr.zdassets.com https://cdn.cookielaw.org/ https://bam.nr-data.net https://www.google.com https://geolocation.onetrust.com/ https://stripe.com https://sentry.ladderlife.com wss://*.zopim.com https://ladderlife.zendesk.com https://fonts.googleapis.com https://out.stashinvest.com/event https://*.stripe.com 'self' https://privacyportal.onetrust.com/;frame-ancestors https://banking.radiusbank.com/ https://*.lendingclub.com/; 2
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: https://*.cookiebot.com ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://*.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://*.cookiebot.com https://edgecdnhd2-vh.akamaihd.net 2
frame-ancestors 'self' kedge.edu *.kedge.edu; 2
default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc=' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 2
default-src 'self';worker-src blob: https://*.contentsquare.net https://*.royalcanin.fr/ https://*.wikichat.fr/ https://*.wikichien.fr/;connect-src 'self' blob: https://*.onetrust.io https://*.cookielaw.org https://*.contentsquare.net https://*.royalcanin.fr/ https://*.googlesyndication.com https://*.googleapis.com https://*.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://connect.facebook.net https://*.facebook.com https://*.sharethis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.g.doubleclick.net https://*.jeu-semaine-du-chat.com https://adbx.io https://amplify.outbrain.com https://*.bing.com https://*.contentsquare.net https://*contentsquare.com https://*.quantserve.com https://*.cloudfront.net https://*.cookielaw.org https://*.quantcount.com https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.instagram.com https://*.sharethis.com https://*.ytimg.com https://*.youtube.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.iadvize.com https://*.evidon.com https://*.cloudflare.com https://*.jsdelivr.net https://*.mars.com https://connect.facebook.net;img-src 'self' blob:  https://*.vo.msecnd.net https://*.royalcanin-weshare-online.io https://*.contentsquare.net https://*.southwatts.com https://*.facebook.net https://*.sharethis.com https://*.onclixray.com https://*.blob.core.windows.net https://*.org data:  https://*.quantserve.com https://*.quantcount.com https://*.betrad.com https://*.royalcanin.fr/ https://*.wikichat.fr/ https://*.wikichien.fr/ https://*.google-analytics.com https://*.google.com https://*.evidon.com https://*.google.fr https://*.doubleclick.net maps.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.facebook.com https://*.mars.com; style-src 'self' 'unsafe-inline' https://optanon.blob.core.windows.net https://*.google.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.mars.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://*.mars.com https://*.bootstrapcdn.com; frame-src https://*.jeu-semaine-du-chat.com https://adbx.io https://*.wikichien.fr/ https://*.wikichat.fr/ https://*.royalcanin.com/ https://*.royalcanin.fr/ https://*.calameo.com https://*.evidon.com https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com  https://*.digitaddict.com https://*.facebook.com https://c.sharethis.mgr.consensu.org; object-src 'self' 2
style-src 'unsafe-inline' 'self' https://*.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hospitalitysem.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.vizergy.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.googleapis.com https://*.zi-scripts.com https://ws.zoominfo.com; default-src 'self' https://*.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://player.vimeo.com  https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.fbcdn.net https://*.cdninstagram.com https://*.googleusercontent.com https://www.youtube.com https://*.zi-scripts.com https://ws.zoominfo.com data: 2
frame-ancestors https://eu.beanworks.com https://*.eu.beanworks.com https://*.beandev.com https://*.beanworks.ca https://*.beandev.eu https://*.sageapa.com https://beanworks.ca https://sageapa.com 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
default-src 'self' http: https: ws: wss: 'unsafe-inline' 'unsafe-eval' data:; child-src 'self' blob: https:; img-src 'self' blob: data: https:; worker-src 'self' blob: https: 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com siteimproveanalytics.com cdn.userway.org platform.linkedin.com platform.twitter.com connect.facebook.net *.wave2.io app.textrecruit.com *.force.com www.googletagmanager.com *.bing.com sc-static.net www.googleadservices.com *.licdn.com *.google-analytics.com *.doubleclick.net www.redditstatic.com www.google.com www.gstatic.com *.msecnd.net www.calcxml.com api.glia.com libs.salemove.com d4hldqmvpzsy0.cloudfront.net code.jquery.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.force.com www.calcxml.com fonts.googleapis.com cdnjs.cloudflare.com libs.salemove.com cdn.userway.org d4hldqmvpzsy0.cloudfront.net; frame-ancestors 'self'; img-src data: https: 2
default-src 'self' https://8gvyw6q6yj.execute-api.eu-west-1.amazonaws.com https://argentwebsite.prismic.io argentwebsite.cdn.prismic.io images.prismic.io platform.twitter.com syndication.twitter.com twitter.com https://optimize.google.com https://script.google.com https://script.googleusercontent.com https://api.compound.finance/api/v2/ctoken https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com syndication.twitter.com platform.twitter.com *.twimg.com https://optimize.google.com https://snap.licdn.com 'unsafe-inline'; style-src 'self' platform.twitter.com https://optimize.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com https://dv3jj1unlp2jl.cloudfront.net api.producthunt.com images.prismic.io argentwebsite.cdn.prismic.io prismic-io.s3.amazonaws.com stats.g.doubleclick.net syndication.twitter.com *.twimg.com platform.twitter.com https://www.google.co.uk https://www.google.com https://fonts.gstatic.com data: www.google-analytics.com https://twitter.com 'self'; font-src 'self' https://fonts.gstatic.com data: 'self'; frame-src https://dune.xyz https://www.youtube.com https://optimize.google.com https://platform.twitter.com https://twitter.com https://syndication.twitter.com https://duneanalytics.com https://embed.theblockcrypto.com; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hightext.de *.googletagservices.com *.doubleclick.net *.ibusiness.de *.onetoone.de *.versandhausberater.de *.press1.de *.google.de *.google.com *.googlesyndication.com; 2
default-src https:; frame-src https: blob:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 2
frame-ancestors 'self' https://app.gather.town; 2
frame-ancestors 'self' https:;default-src 'self' discordapp.com controllers.babylonjs.com www.youtube.com blob: plausible.io sdk.twilio.com *.crvox.com cryptovoxels.com *.cryptovoxels.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.babylonjs.com plausible.io sdk.twilio.com cryptovoxels.com *.cryptovoxels.com;style-src 'self' 'unsafe-inline' cryptovoxels.com *.cryptovoxels.com;media-src * blob:;img-src data: blob: *;object-src 'self' cryptovoxels.com *.cryptovoxels.com discordapp.com *.crvox.com;connect-src * 'self' data:;frame-src 'self' cryptovoxels.com *.cryptovoxels.com www.youtube.com opensea.io player.twitch.tv *.crvox.com;worker-src 'self' blob: cryptovoxels.com *.cryptovoxels.com;font-src 'self';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;script-src-attr 'none' 2
frame-ancestors 'self' localhost:* *.pages.dev *.tickettando.it tickettando.it; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 2
frame-ancestors https://app.zoominfo.com 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 2
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 2
font-src 'self' fonts.gstatic.com cdn.jotfor.ms; 2
default-src 'self' mailto: https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://e.infogram.com/js/dist/embed-loader-min.js https://dyv6f9ner1ir9.cloudfront.net/assets/js/nloader.js https://widget.surveymonkey.com https://e.infogram.com/js/dist/embed.js https://code.jquery.com/ https://iframely.shorthand.com https://embed.shorthand.com https://gowling-wlg.shorthandstories.com https://*.clarity.ms https://platform-api.sharethis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://edge.addthis.com/ https://optimize.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com http://localhost:50029 https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com stats.g.doubleclick.net https://angular-ui.github.io https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://siteimproveanalytics.com/ https://policy.cookiereports.com/ https://connect.facebook.net https://*.twitter.com https://www.googleadservices.com/pagead/conversion_async.js https://v1.addthisedge.com https://v1.addthis.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com https://*.youtube.com https://s.ytimg.com https://c.bing.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net/ https://gowling-wlg.shorthandstories.com https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://*.twitter.com; img-src 'self' https://brandconnect.gowlingwlg.com https://platform-cdn.sharethis.com https://prod.smassets.net https://gowlingprodblobstorage.blob.core.windows.net https://harpn.s3-eu-west-2.amazonaws.com/gowlingwlg/ https://*.shorthand.com https://gowling-wlg.shorthandstories.com/ https://www.googletagmanager.com https://gowlingwlg.com *.google.com https://www.google.co.uk http://*.twimg.com https://*.twimg.com https://www.google.ca/ https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://us2.siteimprove.com stats.g.doubleclick.net https://loupedin.blog data: https://*.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://61281065.global.siteimproveanalytics.io https://p.adsymptotic.com https://stats.g.doubleclick.net https://www.linkedin.com https://i.ytimg.com; font-src 'self' https://*.typekit.net https://gowling-wlg.shorthandstories.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' https://views.unsplash.com https://cdn.linkedin.oribi.io/ https://*.shorthand.com https://*.clarity.ms https://gowling-wlg.shorthandstories.com http://localhost:50029 https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; report-uri /WebResource.axd?cspReport=true https://m.addthis.com; frame-src 'self' https://gowling-wlg.shorthandstories.com https://www.facebook.com https://gowlingwlg884.outgrow.us/ https://www.surveymonkey.com https://e.infogram.com/ https://iframely.shorthand.com/ https://marketing.uk.gowlingwlg.com/ https://*.spotify.com https://*.libsyn.com https://mozbar.moz.com/ https://edge.addthis.com/ https://optimize.google.com s7.addthis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.media-server.com https://*.slideshare.net https://*.vuturevx.com https://*.gowlingwlg.com https://cdn.yoshki.com/ https://w.soundcloud.com/ https://html5-player.libsyn.com https://player.vimeo.com https://*.twitter.com https://twitter.com https://www.google.com; media-src 'self' https://*.gowlingwlg.com http://*.libsyn.com https://gowling-wlg.shorthandstories.com 2
base-uri 'self'; connect-src 'self' https://google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://ws.zoominfo.com https://stats.g.doubleclick.net https://o445690.ingest.sentry.io https://app.webinargeek.com https://o445690.ingest.sentry.io https://bc0796d.svc.dynamics.com https://bc0796dc698c4cf5862b2b14545170a9.svc.dynamics.com https://app22web.anywhere365.net/WebChat_2.4.0/webchat.bootstrap.js https://cors-anywhere.herokuapp.com/ http://catfacts-api.appspot.com/api/ https://app22web.anywhere365.net/WebChat_2.4.0/translations/en.json https://app22web.anywhere365.net/WebChat_2.4.0/config/config.json https://app22web.anywhere365.net/WebChatDialogueProvider2/ucchub/v1.0/ wss://app22web.anywhere365.net/WebChatDialogueProvider2/ucchub/ https://app22web.anywhere365.net/WebChatDialogueProvider2/ucchub/ https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/message https://app22web.anywhere365.net/WebChatDialogueProvider2/chathub/v1.0/ https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/ wss://app22web.anywhere365.net/WebChatDialogueProvider2/chathub/ https://app22web.anywhere365.net/WebChatDialogueProvider2/chathub/ https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/818ccf45-92d3-4ccc-9d3b-b3f30e646919 https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/f2c6fa84-bc6f-48dd-9dd0-647d12c72749/message/842a6eb1-df99-4bea-8195-a830609e7ab8 https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/f2c6fa84-bc6f-48dd-9dd0-647d12c72749 https://app22web.anywhere365.net/WebChatDialogueProvider2/api/v1/dialogue/  https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChat20_ucc_sales_text_ds/ https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/ucchub/v1.0/  wss://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/ucchub/ https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/ucchub/ https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/api/v1/dialogue/ https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/chathub/v1.0/ wss://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/chathub/ https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/chathub/ wss://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/chathub/v1.0 https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChatDialogueProvider2_ucc_sales_text_ds/chathub/v1.0 https://dc.services.visualstudio.com/v2/track    https://dc.services.visualstudio.com/v2/ https://dc.services.visualstudio.com/v2/track/ https://plausible.io/api/  https://plausible.io/api/event https://plausible.io/  *.visualwebsiteoptimizer.com app.vwo.com *.analytics.google.com/g/ ; default-src 'self' blob:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' https://platform.twitter.com https://twitter.com https://consentcdn.cookiebot.com https://bc0796dc698c4cf5862b2b14545170a9.svc.dynamics.com https://www.google.com https://syndication.twitter.com https://forms.hsforms.com https://www.youtube.com/ https://play.vidyard.com https://c1.adform.net app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' https://google-analytics.com https://www.google.com https://www.google.nl   https://www.google-analytics.com https://syndication.twitter.com https://staging-anywhere365.kinsta.cloud https://forms.hsforms.com https://bc0796dc698c4cf5862b2b14545170a9.svc.dynamics.com https://px.ads.linkedin.com https://forms-na1.hsforms.com https://tr.lfeeder.com https://bat.bing.com https://www.linkedin.com https://static.webinargeek.com https://i.ytimg.com https://app22web.anywhere365.net/WebChat_2.4.0/webchat.bootstrap.js https://cors-anywhere.herokuapp.com/http://catfacts-api.appspot.com/api/ https://www.googletagmanager.com/ https://anywhere365.io/wp-content/uploads/ data:   *.visualwebsiteoptimizer.com  chart.googleapis.com  wingify-assets.s3.amazonaws.com  app.vwo.com cdn.pushcrew.com chart.googleapis.com ; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google-analytics.com https://www.google-analytics.com https://bat.bing.com https://s2.adform.net  https://google.com https://sc.lfeeder.com https://ajax.googleapis.com https://platform.twitter.com https://twitter.com https://ws.zoominfo.com https://consent.cookiebot.com https://js.hsforms.net https://mktdplp102cdn.azureedge.net https://secure.wait8hurl.com https://snap.licdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://track.adform.net https://consentcdn.cookiebot.com https://platform.linkedin.com https://malong.webinargeek.com https://www.youtube.com https://cust-sales-text-01.emea-weu.anywhere365.cloud/WebChat20_ucc_sales_text_ds/ https://plausible.io/js/plausible.outbound-links.tagged-events.js https://plausible.io/js/ https://plausible.io/ https://www.google.com/recaptcha https://dev.visualwebsiteoptimizer.com/j.php?a=736080&u=https%3A%2F%2Fanywhere365.io%2F&f=1&vn=1.5 https://dev.visualwebsiteoptimizer.com/ https://anywhere365.io/91a84b39-ae4d-4b2e-af7d-9c34a9ebc84f https://anywhere365.io  *.visualwebsiteoptimizer.com  app.vwo.com cdn.pushcrew.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; worker-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: 2
default-src 'self' *.malvernpanalytical.com *.malvernpanalytical.com.cn; connect-src 'self' https://*.clarity.ms/ https://*.hotjar.com wss://*.hotjar.com https://bat.bing.com https://segments.company-target.com https://cdn.cookielaw.org https://www.google-analytics.com *.g.doubleclick.net https://api.company-target.com https://surveystats.hotjar.io https://analytics.google.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com https://privacyportal-de.onetrust.com v2.clickguardian.app *.google-analytics.com *.analytics.google.com geolocation.onetrust.com api.bizzabo.com *.google.com malvernpanalytical.matomo.cloud unpkg.com cdn.jsdelivr.net cdn.linkedin.oribi.io gateway.zscalertwo.net mp-production.ent.eu-west-1.aws.found.io mp-uat.ent.eu-west-1.aws.found.io mp-development.ent.eu-west-1.aws.found.io mpfinder.azurewebsites.net www.googleapis.com prompts.maze.co pagead2.googlesyndication.com tag-logger.demandbase.com px.ads.linkedin.com cdn.horizons.confirmit.eu; font-src 'self' unpkg.com cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com gateway.zscalertwo.net; frame-src 'self' https://virtualshowroom.tech/ *.google.com *.google.co.uk *.google.ie https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com *.recaptcha.net https://www.youtube-nocookie.com https://www.youtub.com *.youtube.com https://player.youku.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ *.visualwebsiteoptimizer.com app.vwo.com gateway.zscalertwo.net td.doubleclick.net s.company-target.com feedback.malvernpanalytical.com; frame-ancestors 'self' https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com; img-src 'self' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn data: https://c.bing.com/ https://c.clarity.ms/ https://linkedin.com/px/ https://malvern.dist.sdlmedia.com https://p3.aprimocdn.net https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www.materials-talks.com https://www.materials-talks.kr https://www.materials-talks.jp unpkg.com cdn.jsdelivr.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://match.prod.bidr.io https://bat.bing.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://segments.company-target.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://id.rlcdn.com https://googleads.g.doubleclick.net https://hm.baidu.com http://api.share.baidu.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.hotjar.com https://*.linkedin.com https://cdn.cookielaw.org https://p.adsymtotic.com *.google-analytics.com *.analytics.google.com *.baidu.com gateway.zscalertwo.net res.cloudinary.com sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com; media-src 'self' https://p3.aprimocdn.net gateway.zscalertwo.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn https://*.clarity.ms/ https://www.google.com/pagead https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www2.malvernpanalytical.com https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://zz.bdstatic.com/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://www.recaptcha.net https://www.youtube.com https://www.googletagmanager.com unpkg.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://www.google-analytics.com http://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://bat.bing.com http://bat.bing.com https://tag.demandbase.com http://*.pardot.com https://script.hotjar.com https://googleads.g.doubleclick.net http://www.googletagmanager.com  https://*.baidu.com http://push.zhanzhang.baidu.com http://ada.baidu.com https://fe-resource.cdn.bcebos.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com v2.clickguardian.app *.googlesyndication.com cdn.heeet.io *.matomo.cloud gateway.zscalertwo.net sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com snippet.maze.co cdn.horizons.confirmit.eu; style-src 'self' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn unpkg.com cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com gateway.zscalertwo.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com translate.googleapis.com; worker-src blob: blob: *.malvernpanalytical.com data:; base-uri 'self'; report-to csp-endpoint; 2
default-src 'self' https: http:; font-src 'self' https: data: https://js.intercomcdn.com; object-src 'self' https: http:; form-action 'self' https: http: https://intercom.help https://api-iam.intercom.io; media-src https://js.intercomcdn.com; img-src 'self' http: https: blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; child-src 'self' blob: https: https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'unsafe-eval' 'unsafe-inline' https: http: https://js.stripe.com https://hooks.stripe.com; script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' https: http: https://canny.io/sdk.js https://app.intercom.io https://widget.intercom.io https://api.duosecurity.com https://js.intercomcdn.com https://widget.intercom.io https://js.stripe.com d2iiunr5ws5ch1.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' https: 'unsafe-inline' blob:; connect-src 'self' https: http: data: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://api.stripe.com http://localhost:3035 ws://localhost:3035 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit https://51degrees.tv/ch-test-api https://raw.githubusercontent.com/51Degrees/ https://raw.githubusercontent.com/actions/;font-src 'self';img-src 'self' data: http://images.51degrees.mobi https://51degrees.cachefly.net https://m.media-amazon.com https://raw.githubusercontent.com/51Degrees/;frame-src 'self' https://player.vimeo.com http://player.vimeo.com; 2
frame-ancestors 'self' http://*.di.dk; 2
default-src 'self'; script-src 'unsafe-eval' 'self' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'nonce-azlQRGFCaEpHY1JZczVXcEtNVTc=' https://mktdplp102cdn.azureedge.net/public/latest/js/ *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://recaptcha.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.nrk.no https://static.zdassets.com https://*.cookiebot.com https://consentcdn.cookiebot.eu https://dev-consent-cookiebot-com.cookiebot.dev https://consentcdn.cookiebot.com https://connect.facebook.net https://sc-static.net https://tr.snapchat.com; img-src 'self' data: https://cdn-cms-prod.cappelendamm.no *.dynamics.com https://fonts.gstatic.com https://*.cookiebot.com https://consentcdn.cookiebot.eu https://dev-consent-cookiebot-com.cookiebot.dev https://*.google-analytics.com https://*.analytics.google.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.no https://www.facebook.com https://i.vimeocdn.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' blob:  https:; font-src data: https:; media-src *.cappelendamm.no http://pre-cappelendamm.dev.cappelendamm.no/ http://utv-cappelendamm.dev.cappelendamm.no/ https://*.bokbasen.io/audiosample/; frame-src 'self' https://mktdplp102cdn.azureedge.net *.google.com/recaptcha/ https://recaptcha.net https://tr.snapchat.com https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://static.nrk.no https://smovie.no https://analytics-eu.clickdimensions.com *.dynamics.com static.zdassets.com https://*.cookiebot.com https://consentcdn.cookiebot.eu https://dev-consent-cookiebot-com.cookiebot.dev https://consentcdn.cookiebot.com; connect-src  'self' https://tr.snapchat.com https://*.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://static.zdassets.com https://consentcdn.cookiebot.com  https://connect.facebook.net https://sc-static.net *.dynamics.com; 2
default-src 'self' data: https://uoflhealth.org https://*.typekit.net/ https://fonts.gstatic.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net/ https://www.mealpro.net/ https://browser.sentry-cdn.com/ https://player.vimeo.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://script.crazyegg.com/ https://www.google.com/ https://*.tvsquared.com/ https://connect.facebook.net/ https://up.pixel.ad/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.instagram.com/ https://*.hotjar.com/; connect-src 'self' https://px.ads.linkedin.com/wa/ https://jelly-v6.mdhv.io/ https://jelly.mdhv.io/ https://www.mealpro.net/ https://ipapi.co/ https://*.yoast.com/ https://*.typekit.net/ https://vimeo.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://sentry.io/api/ https://maps.googleapis.com/ https://www.gstatic.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: https://embed-ssl.wistia.com/ https://www.mealpro.net/ https://qr-code.ithemes.com/ https://uoflhealth.org https://secure.gravatar.com/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.google-analytics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://pixel.tapad.com/ https://match.sharethrough.com/ https://collector-16691.us.tvsquared.com/ https://www.linkedin.com/ https://pixel.sitescout.com/ https://contextual.media.net/ https://px4.ads.linkedin.com/ https://match.adsrvr.org/ https://www.google.com/ https://p.adsymptotic.com/ https://ad.sxp.smartclip.net/ https://px.britepool.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.vimeocdn.com/ https://ps.w.org/ https://www.googletagmanager.com https://cdn.hub.visualcomposer.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://jelly-v6.mdhv.io/ https://*.hotjar.com/ https://collector-22595.us.tvsquared.com/; style-src 'self' 'unsafe-inline' https://www.mealpro.net/ https://*.typekit.net/ https://fonts.googleapis.com/ https://sync.1rx.io/ https://bh.contextweb.com/ https://*.hotjar.com/; frame-src 'self' https://www.cdc.gov/ https://www.mealpro.net/ https://*.ket.org/ https://ket.org/ https://ondemand.viewmedica.com/ https://widget.spreaker.com/ https://www.youtube-nocookie.com/ https://www.whas11.com/ https://www.youtube.com/ https://www.facebook.com/ https://pixel.sitescout.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://embed.sounder.fm/ https://vimeo.com/ https://mychart.uoflhealth.org/ https://docs.google.com/ https://www.practicematch.com/ https://www.ket.org/ https://peace-podcast.sounder.fm/ https://maps.google.com/ https://www.instagram.com/ https://player.pbs.org/ https://*.hotjar.com/ https://*.google.com; 2
default-src 'self' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://www.google.com   https://stream.tribeca.vidavee.com https://stbg.stanbic.co.ug https://stbg.stanbicbank.co.bw https://stbg.stanbicbank.com.gh https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz https://stbg.standardbank.co.mw https://stbg.standardbank.mu https://stbg.standardbank.com.na https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd   *.tt.omtrdc.net  https://www.google.com  https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com  https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net cdn.cookielaw.org *.onetrust.com http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com https://stbg.stanbic.co.ug https://stream.tribeca.vidavee.com  https://stbg.stanbicbank.co.bw  https://stbg.stanbicbank.com.gh  https://stbg.stanbicbank.co.zm https://stbg.standardbank.co.sz  https://stbg.standardbank.co.mw https://stbg.standardbank.com.na https://stbg.standardbank.mu https://stbg.sbgsecurities.co.ke https://stbg.stanbicbank.com.ci* https://stbg.standardbank.cd  stbg.standardbank.co.za stbg.standardbank.com https://blitsproduction.blob.core.windows.net https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://www.google.com  https://stream.tribeca.vidavee.com https://stbg.standardbank.mu https://stbg.stanbicbank.com.ci* https://stbg.sbgsecurities.co.ke https://stbg.standardbank.cd  https://www.google.com   https://platform.blits.ai https://blitsproduction.z6.web.core.windows.net https://directline.botframework.com wss://directline.botframework.com https://tribeca.vidavee.com https://img.youtube.com cdn.cookielaw.org *.onetrust.com https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net  https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://cdn.evgnet.com https://cdn.evergage.com https://standardbank.germany-2.evergage.com  https://stbg.stanbicbank.com.ci* stbg.standardbank.co.za stbg.standardbank.com https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self' https://stbg.stanbicbank.com.ci*; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.googleadservices.com *.iqm.com *.cookielaw.org *.vimeo.com tags.srv.stackadapt.com resources.forvis.com *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com resources.forvis.com *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; child-src 'self' resources.forvis.com *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com; connect-src 'self' accounts.google.com *.g.doubleclick.net *.cookielaw.org *.onetrust.com tags.srv.stackadapt.com *.google-analytics.com *.google.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com *.googleapis.com *.mktoresp.com; 2
frame-ancestors https://transportesostenible.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com  https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://cdn-web.citrix.com/can.cdn/marketing/assets/fonts/citrix-fonts-linking.css; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: blob:; font-src 'self' data: https://cdn-web.citrix.com/can.cdn/marketing/assets/fonts/citrix-sans/; frame-ancestors 'self'; object-src 'none'; 2
connect-src 'self' analytics.pangle-ads.com www.google.com pagead2.googlesyndication.com analytics.tiktok.com https://euc-widget.freshworks.com https://realsociedad.freshdesk.com  https://firebaseinstallations.googleapis.com *.doubleclick.net    https://www.google-analytics.com       https://open.http.mp.streamamg.com    *.matterport.com  *.schema.org   *.streamamg.com  https://cf.vod.mp.streamamg.com   *.matterport.com     http://www.aragontelevision.es       *.twitch.tv    *.cloudfront.net       *.yourcommunify.com       yourcommunify.com        *.google-analytics.com   *.analytics.google.com  *.realsociedad.eus   https://firebase.googleapis.com    https://www.googleapis.com    cloudflareinsights.com;           default-src   www.google.com *.doubleclick.net  *.realsociedad.com       *.realsociedad.eus       blob:       'self';              style-src 'self' https://euc-widget.freshworks.com 'unsafe-inline'  *.doubleclick.net  *.realsociedad.eus  *.schema.org *.streamamg.com  *.cloudfront.net       *.googleapis.com;              img-src 'self' pagead2.googlesyndication.com https://euc-widget.freshworks.com    *.schema.org    *.realsociedad.eus    *.streamamg.com     http://placehold.it        https://twitter.github.io        https://stats.g.doubleclick.net        https://www.google.com        https://www.facebook.com/        https://www.google.es   https://www.googletagmanager.com     http://realsociedadcdnpre.barrabes.biz                       https://cdn.realsociedad.eus        https://cdntienda.realsociedad.eus                       https://cdntienda.realsociedad.com                        http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com        *.cloudfront.net         *.vimeo.com              https://img.youtube.com    *.genial.ly    *.azureedge.net        *.google-analytics.com        https://cdn.realsociedad.com   https://firebaseinstallations.googleapis.com     data:  *.doubleclick.net  *.schema.org *.streamamg.com    https://maps.googleapis.com        https://open.http.mp.streamamg.com        https://cdn.bleacherreport.net/        *.w55c.net         *.gstatic.com;              media-src 'self'               *.schema.org *.streamamg.com         https://cdn.realsociedad.eus          https://tag.realsociedad.eus              https://cdntienda.realsociedad.com        https://cdntienda.realsociedad.eus                              http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com         *.vimeo.com     *.genial.ly         https://img.youtube.com    *.matterport.com    http://www.aragontelevision.es        *.twimg.com;              font-src 'self'   *.doubleclick.net  *.schema.org *.streamamg.com   https://open.http.mp.streamamg.com       *.gstatic.com;               script-src 'self' analytics.tiktok.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com https://www.google.com https://euc-widget.freshworks.com               https://entradium.com/      *.googlesyndication.com     'unsafe-inline'   https://*.vimeocdn.com/      https://stats.mp.streamamg.com       http://open.http.mp.streamamg.com                         https://www.realsociedad.com       https://www.realsociedad.eus          https://mkt.realsociedad.eus               https://www.googletagmanager.com                          http://www.google-analytics.com       https://ssl.google-analytics.com       'unsafe-eval'  *.vimeo.com   *.genial.ly  https://www.youtube.com     *.twitch.tv     https://connect.facebook.net       *.ytimg.com       *.cloudfront.net       *.w55c.net        *.hspvst.com       *.yourcommunify.com       yourcommunify.com       https://maps.googleapis.com    https://www.gstatic.com    https://apis.google.com     ajax.cloudflare.com     static.cloudflareinsights.com;    object-src https://www.realsociedad.eus                          https://fundazioa.realsociedad.eus;    frame-src googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net *.realsociedad.com https://www.google.com      *.realsociedad.eus     https://entradium.com/   https://kuula.co/   *.cloudfront.net   outlook.office365.com     *.yourcommunify.com       yourcommunify.com   *.vimeo.com  *.genial.ly   http://www.youtube.com       https://www.youtube.com   https://youtu.be    https://connect.facebook.net       https://www.facebook.com       https://open.http.mp.streamamg.com/       https://www.eitb.eus   *.matterport.com    https://www.aragontelevision.es       http://www.aragontelevision.es      *.twitch.tv    *.powerbi.com *.flipsnack.com   https://realzale-pro.firebaseapp.com   https://firebaseinstallations.googleapis.com  https://gameside.playeron.es     https://mycrocast-webplayer.s3.eu-central-1.amazonaws.com  https://forms.office.com; 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
frame-ancestors https://*.wika.com/ 'self'; 2
frame-ancestors 'self' https://*.hhsva.ca https://*.teamhhsva.ca https://*.hhsvaagm.ca https://*.preferredcatering.ca ; script-src https://cdn.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.connect.facebook.net https://*.youtube.com https://*.google-analytics.com https://*.hotjar.com https://*.googletagmanager.com https://*.facebook.net https://*.twitter.com 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; style-src https://use.fontawesome.com https://cdn.jsdelivr.net https://*.googleapis.com https://unpkg.com https://www.gstatic.com 'self' 'unsafe-inline'; 2
img-src 'self' data: *.insurance188.com brace.video.qq.com *.ebay.com *.salesforce.com *.ebay.cn myun-hw-s3.myun.tv *.myun.tv static.mudu.tv www.google-analytics.com *.salesforce.com *.force.com btrace.video.qq.com vm.gtimg.cn vpic.video.qq.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 2
default-src 'self'; frame-ancestors 'self' 2
frame-ancestors 'self' *.arcfast.se arcfast.se *.ehcc.se ehcc.se *.amynefastigheter.se amynefastigheter.se www-amynefastigheter-se.filesusr.com *.lawa.nu lawa.nu *.re-eqt.com re-eqt.com *.stibix.se *.stibix.i-page.se stibix.se stibix.i-page.se *.hvetstrom.com hvetstrom.com 2
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://optimize.google.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://optimize.google.com https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.intercom.io wss://*.blanc.ru wss://*.vestabankdev.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://group-ib.ru https://sbbe.group-ib.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com https://optimize.google.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; img-src https: http: data:; object-src 'none'; 2
default-src 'self' https://*.dormakabagroup.com blob: ; prefetch-src 'self' https://*.dormakabagroup.com ; frame-src 'self' https://*.dormakabagroup.com https://*.dormakaba.com https://*.equitystory.com https://cdn.iframe.ly https://*.vimeo.com https://*.vimeocdn.com https://irs.tools.investis.com https://*.jotformeu.com https://*.jotform.com https://*.pardot.com https://www.youtube.com https://*.storelocatorwidgets.com https://web.inxmail.com https://fbweb.cypheme.com; frame-ancestors 'self' https://*.dormakabagroup.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dormakabagroup.com https://www.googletagmanager.com https://*.equitystory.com https://*.google-analytics.com https://*.eqs.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.cookielaw.org https://*.hotjar.com https://*.storelocatorwidgets.com ; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.eqs.com https://*.storelocatorwidgets.com ; img-src 'self' data: blob: https://*.dormakabagroup.com https://*.ctfassets.net https://*.eqs.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://www.google-analytics.com https://fonts.gstatic.com https://cdn.cookielaw.org https://*.storelocatorwidgets.com; media-src 'self' https://*.ctfassets.net data: blob: ; font-src 'self' https://fonts.gstatic.com https://*.storelocatorwidgets.com data: ; connect-src 'self' https://*.dormakabagroup.com https://*.contentful.com https://*.equitystory.com https://*.cms-eqs.com https://*.storelocatorwidgets.com https://cdn.cookielaw.org https://*.google-analytics.com https://maps.googleapis.com https://*.onetrust.com https://analytics.google.com https://*.doubleclick.net https://*.eqs.com ; worker-src 'self' ; upgrade-insecure-requests ; block-all-mixed-content ; manifest-src 'self' ; 2
base-uri 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' https://cdn.zapier.com 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' https://www.googleadservices.com https://www.google.com https://*.leadinfo.net 'sha256-FXWsZZqcOYsq1NVBThmi3kxKhOetuth7XXym/Ocr0y8=' https://*.refiner.io https://*.googletagmanager.com https://www.googleoptimize.com 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-4UhLCgKlVNhASJe4pv87BqrVAtuWHCCIL4vLrQaArvE=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-Mxnb8njYCq/sJ5nPwFja7Y1ELih6lxVS1vAKGHhEJSg=' 'sha256-24o6OM5PoOi5rwi2lA5g56AneTODqSBx1054LKHdyCU='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.bing.com https://cdn.zapier.com https://www.googletagmanager.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com https://zapier.com https://*.zapier.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://cdn.linkedin.oribi.io https://*.leadinfo.net https://*.leadinfo.com https://*.refiner.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.be https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu *.bing.com *.microsoft.com https://zapier.com https://zapier-images.imgix.net https://www.google.de https://www.google.nl https://adservice.google.com https://www.google.co.uk https://www.google.lu https://www.google.co.in https://www.google.es https://www.google.ch https://www.google.it https://www.google.ca https://*.google-analytics.com https://*.googletagmanager.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com sdx.microsoft.com https://return.flexmail.eu https://*.refiner.io http://open.spotify.com/; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src 'self' data: 2
child-src 'self' https://ksms-p-001.sitecorecontenthub.cloud/;connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com localhost:44001 *.hotjar.com *.hotjar.io *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.sumo.com sumo.com *.bc0a.com *.brightedge.com *.vidyard.com *.comm100.io *.googleadservices.com *.google.com *.milestoneinternet.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ *.sumome.com https://sumome.com *.surveymonkey.com;default-src 'self' *.googleapis.com *.gstatic.com fonts.gstatic.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.gstatic.com www.google.com *.comm100.com *.hotjar.com share.kelsey-seybold.com  https://apps.sitecore.net https://ksms-p-001.sitecorecontenthub.cloud/;font-src 'self' https://fonts.gstatic.com;frame-ancestors 'self' *.kelsey-seybold.com  *.promotionsdev.com promotionsdev.com *.whyilike.com whyilike.com *.mykelseyonline.com https://www.clinicadekelsey.com https://temp-www.kelsey-seybold.com temp-www.kelsey-seybold.com www.mykelseyonline.com https://www.kelsey-seybold.com *.kelsey-seybold.com *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud;frame-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net fonts.gstatic.com www.googletagmanager.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.vidyard.com *.addthis.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.google.com *.kelsey-seybold.com *.mykelseyonline.com *.whyilike.com whyilike.com *.promotionsdev.com promotionsdev.com *.googleservices.com *.doubleclick.net webto.salesforce.com *.salesforce.com *.podsnack.com *.flipsnack.com *.youtube.com *.understand.com  *.typeform.com  *.mykelseyonline.com https://www.clinicadekelsey.com https://www.kelsey-seybold.com *.kelsey-seybold.com https://www.facebook.com https://mykelseyonline.com/ *.adsrvr.org *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com https://temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/  *.sitecorecontenthub.cloud  *.surveymonkey.com;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.doubleclick.net *.google-analytics.com www.googletagmanager.com *.vidyard.com *.kelsey-seybold.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.b0e8.com *.simpli.fi *.googleadservices.com *.bc0a.com *.pro-market.net  *.igodigital.com *.google.com *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com  *.bluekai.com *.crwdcntrl.net *.lijit.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pippio.com pippio.com *.apxlv.com *.trueleadid.com *.cogocast.net *.comm100.io  *.hotjar.com https://usermatch.krxd.net https://beacon.krxd.net https://sync.mathtag.com *.adsrvr.org *.nextdoor.com share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/ https://sumome.com *.sumome.com *.surveymonkey.com;media-src 'self' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net  share.kelsey-seybold.com   https://ksms-p-001.sitecorecontenthub.cloud/;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com code.jquery.com 'unsafe-eval' 'unsafe-inline' *.hotjar.com unpkg.com *.cloudflare.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.googleservices.com *.doubleclick.net *.google.com *.sumo.com sumo.com *.bc0a.com *.b0e8.com *.igodigital.com *.googleadservices.com geo-targetly.com  *.mykelseyonline.com *.comm100.com *.comm100vue.com  *.typeform.com browser-update.org *.milestoneinternet.com mykelseyonline.com *.mykelseyonline.com kelsey-seybold.com *.nextdoor.com *.kelsey-seybold.com *.adsrvr.org *.googletagmanager.com  mycharttst.kelsey-seybold.com *.mycharttst.kelsey-seybold.com *.kelsey-seybold.com temp-www.kelsey-seybold.com  share.kelsey-seybold.com www.kelsey-seybold.com *.sumome.com *.surveymonkey.com;style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net  *.typeform.com mykelseyonline.com *.mykelseyonline.com temp-www.kelsey-seybold.com *.kelsey-seybold.com  mycharttst.kelsey-seybold.com www.kelsey-seybold.com share.kelsey-seybold.com; 2
object-src 'none'; script-src 'self' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aesindiana.com/report-uri/enforce 2
reflected-xss 'none' 2
default-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net;script-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net 'unsafe-inline' *.facebook.com;connect-src 'self' https://*.about.meta.com *.facebook.com *.fbcdn.net;font-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: https://*.about.meta.com *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.fbsbx.com;media-src 'self' data: blob: https://*.about.meta.com *.fbcdn.net;frame-src 'self' data: blob: https://*.about.meta.com https://*.fbcdn.net *.facebook.com *.meta.com *.fbsbx.com fbsbx.com metadotcom.fbthirdpartypixel.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 2
frame-ancestors 'self' https://*.xtransfer.cn https://*.xtransfer.com https://*.xtadmins.com; 2
script-src 'unsafe-eval' 'self' wss://*.zopim.com wss://*.hotjar.com secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com  *.evgnet.com  secure.adnxs.com  *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com   *.audioboom.com  secure-ds.serving-sys.com  secure.adnxs.com  *.acsbapp.com  acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com  *.d3fw5vlhllyvee.cloudfront.net *.criteo.com  vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com https://forms.hscollectedforms.net https://api.hubspot.com https://consentcdn.cookiebot.com https://d8ejoa1fys2rk.cloudfront.net https://connect.facebook.net https://platform.twitter.com https://analytics.twitter.com https://en.twitter.com https://cdn.syndication.twimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://unpkg.com https://js.hs-banner.com https://www.cookiebot.com https://www.facebook.com https://www.facebook.net https://www.visualwebsiteoptimizer.com https://www.youtube.com https://www.doubleclick.net https://js.hs-scripts.com https://www.jquery.com https://www.google-analytics.com https://snap.licdn.com  https://static.ads-twitter.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.usemessages.com https://js.hsleadflows.net https://js.hscollectedforms.net https://www.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://www.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://www.usemessages.com https://www.googleoptimize.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://embed.calculoid.com https://ajax.googleapis.com https://boards.greenhouse.io https://cdn.pushcrew.com https://www.cloudfront.net https://js.hsforms.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget-hosts.mavenoid.com/custom-embedding-scripts/ https://app.mavenoid.com/embedded/ https://cdn.matomo.cloud/evbox.matomo.cloud/ https://open.spotify.com/embed/iframe-api/v1 https://embed-cdn.spotifycdn.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' ton.twimg.com licdn.com platform.twitter.com fonts.googleapis.com https://unpkg.com https://cdn.pushcrew.com;object-src 'none';base-uri 'self';connect-src 'self' *.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://forms.hscollectedforms.net https://branding.evbox.com https://consentcdn.cookiebot.com https://api.hubspot.com https://consentcdn.cookiebot.com https://forms.hubspot.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com fonts.googleapis.com fonts.gstatic.com embed.calculoid.com www.gstatic.com api.calculoid.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://byndair.bynder.com blob: https://preproduction.evbox.com https://evbox.com https://cdn.linkedin.oribi.io https://o442183.ingest.sentry.io/api/5440054/envelope/ https://app.mavenoid.com/embedded/ https://api.mavenoid.com/api/graphql https://pagead2.googlesyndication.com/pagead/ wss://tsock.us1.twilio.com/v3/wsconnect https://evbox.matomo.cloud/ https://lottie.host/;font-src 'self' data: https://embed.calculoid.com https://fonts.gstatic.com https://app.mavenoid.com/fonts/;frame-src 'self' https://oplaadpalen.nl https://chargepoints.eco-movement.com https://www.zeemaps.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.youtube.com https://boards.greenhouse.io https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://map.openchargemap.io/ https://lottie.host/ https://open.spotify.com/;img-src 'self' data: https://volt-staging.evbox.com https://volt-preprod.evbox.com https://volt.evbox.com https://evbox.com https://p.adsymptotic.com https://www.linkedin.com https://analytics.twitter.com https://community.modx.com https://forms.hsforms.com https://staging.evbox.com https://modx-community.s3.dualstack.us-east-1.amazonaws.com https://px.ads.linkedin.com https://t.co https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.fr https://www.googletagmanager.com https://www.gravatar.com https://googleads.g.doubleclick.net https://bynder-public-eu-central-1.s3.amazonaws.com https://www.googleusercontent.com https://ev-database.org https://cdn.pushcrew.com https://lh1.googleusercontent.com https://lh2.googleusercontent.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://i1.ytimg.com https://mavenoidfiles.com/;manifest-src 'self';media-src 'self' https://app.mavenoid.com/sounds/;worker-src 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sunypoly.edu *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net www.suny.edu *.office365.com *.cdninstagram.com *.instagram.com *.youtube.com *.livechatinc.com *.twitter.com *.twimg.com *.knowmia.com  tscpressunypoly.azureedge.net *.techsmith.com *.useriq.com *.paypal.com iframe.dacast.com *.heyhalda.com sc-static.net *.snapchat.com *.facebook.net *.facebook.com *.issuu.com *.technolutions.net; 2
frame-ancestors 'self' https://shopby.co.kr https://shopby.works https://nhn-commerce.com https://builder.io; child-src https://shopby.co.kr https://shopby.works https://nhn-commerce.com https://www.youtube.com https://kcp.co.kr; frame-src https://shopby.co.kr https://shopby.works https://nhn-commerce.com https://builder.io https://www.youtube.com https://kcp.co.kr https://web.nicepay.co.kr; 2
frame-ancestors 'self' *, object-src 'none', font-src 'self' https://fonts.gstatic.com https://script.hotjar.com/, frame-src 'self' https://www.google.com/  https://consentcdn.cookiebot.com/ https://outlook.office365.com/ https://sflink.maltego.com/ https://www.youtube.com/ https://app.vwo.com/ https://www.youtube-nocookie.com/, img-src 'self' data: https://analytics.twitter.com https://chart.googleapis.com https://company.g2.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://t.co https://useruploads.visualwebsiteoptimizer.com https://wingify-assets.s3.amazonaws.com https://www.google.com https://www.google.com.br https://imgsct.cookiebot.com/ https://www.google-analytics.com/ https://px4.ads.linkedin.com/ https://bat.bing.com/ https://www.fbi.gov/ https://static.maltego.com/cdn/ 2
upgrade-insecure-requests; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com squeezely.tech www.clarity.ms tr.snapchat.com snap.licdn.com *.tiktok.com cdn.jsdelivr.net cdnjs.cloudflare.com tr.datatrics.com malong.webinargeek.com webinargeek.com www.google-analytics.com www.googleadservices.com sc-static.net connect.facebook.net chimpstatic.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.youtube.com www.google.com ajax.googleapis.com www.googletagmanager.com consentcdn.cookiebot.com consent.cookiebot.com polyfill.io unpkg.com static.doubleclick.net cdn.unibuddy.co buas.easycruit.com; 2
default-src 'self'; font-src 'self' cdn.taxsee.com fonts.gstatic.com https://*.gstatic.com data: fonts.gstatic.com *.imgsmail.ru *.mail.ru *.mradx.net; frame-src 'self' https://*.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.youtube.com www.google.com mediacdn.mediaad.org *.yektanet.com optimize.google.com *.fls.doubleclick.net www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com; img-src 'self' data: cdn.taxsee.com *.gstatic.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md data: optimize.google.com www.google.com www.google.ru www.google.kz log.adtimaserver.vn analytics.pangle-ads.com *.imgsmail.ru *.mail.ru mail.ru; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://top-fwz1.mail.ru https://analytics.tiktok.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://*.youtube.com 'unsafe-eval' *.yektanet.com *.mediaad.org unpkg.com www.gstatic.com www.googleoptimize.com optimize.google.com *.yandex.net *.google.ru *.google.kz *.g.doubleclick.net gstatic.com s.zzcdn.me www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com *.ads-twitter.com; media-src 'self' https://*.youtube.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://top-fwz1.mail.ru https://analytics.tiktok.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.doubleclick.net *.yektanet.com api.mediaad.org ma-cdn.pegah.tech log.adtimaserver.vn analytics.pangle-ads.com *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com; form-action 'self'; manifest-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.taxsee.com fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com unpkg.com optimize.google.com *.imgsmail.ru *.mail.ru *.mradx.net; worker-src 'self'; frame-ancestors DENY; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co; form-action *; worker-src * blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com sibforms.com bam.eu01.nr-data.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com snap.licdn.com userlike-cdn-umm.b-cdn.net userlike-cdn-umm.b-cdn.net/umm-runtime.1f38f7aa8916e520c5c1.js *.userlike.com *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net; img-src * data:; frame-src *; connect-src *; font-src * data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com  https://cdn.knightlab.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api.integrations.services.siag.it https://sis.prod.apimanagement.eu20.hana.ondemand.com https://redas.services.siag.it https://civis.bz.it https://static.provinz.bz.it https://www.openstreetmap.org https://www.iubenda.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://cs.iubenda.com/; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; 2
default-src 'self' *.usu.com; connect-src 'self' api-js.mixpanel.com api.hubapi.com api-eu1.hubapi.com salesviewer.org *.salesviewer.org usu.concludis.de hubspot-forms-static-embed.s3.amazonaws.com *.usu.com *.usu.de *.cookiefirst.com *.hsforms.com *.doubleclick.net *.googleapis.com *.hubspot.com *.google-analytics.com *.googlesyndication.com *.lfeeder.com *.google.com ws.zoominfo.com cdn.linkedin.oribi.io *.visitors.live *.clarity.ms px.ads.linkedin.com tracking.g2crowd.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' s3.amazonaws.com *.echobot.de fonts.gstatic.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.cookiefirst.com; frame-src 'self' irpages2.equitystory.com www.gartner.com www.youtube.com www.youtube-nocookie.com *.tradingview.com *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.cookiefirst.com play.workadventu.re app-eu.wrike.com *.vimeo.com vimeo.com www.google.com *.facebook.net *.facebook.com *.hs-sites-eu1.com td.doubleclick.net; img-src 'self' *.hubspotusercontent-eu1.net *.echobot.de *.quora.com img.youtube.com reviews.static.gartner.com www.googletagmanager.com *.google-analytics.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.google.com t.co *.linkedin.com *.hubspot.com *.cloudfront.net *.google.de data: *.lfeeder.com fonts.gstatic.com app-eu.wrike.com *.twitter.com vumbnail.com *.facebook.net *.facebook.com *.bing.com *.hsappstatic.net i.vimeocdn.com *.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.cloudfront.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws.zoominfo.com use.fontawesome.com *.echobot.de *.google.com www.youtube.com js-eu1.hsadspixel.net www.gartner.com *.doubleclick.net *.googleadservices.com blob: www.googletagmanager.com *.google-analytics.com usu.concludis.de *.hsforms.net *.hsforms.com *.cloudfront.net *.usu.com *.usu.de *.cookiefirst.com *.hs-scripts.com *.ads-twitter.com *.twitter.com *.licdn.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net sc.lfeeder.com www.gstatic.com *.facebook.net *.bing.com *.hubspot.com *.clarity.ms tracking.g2crowd.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js-eu1.hsforms.net https://unpkg.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com *.echobot.de www.gartner.com fonts.googleapis.com usu.concludis.de *.usu.com *.usu.de *.cloudfront.net *.cookiefirst.com *.hsforms.com *.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self' *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com; frame-ancestors 'self' 2
frame-ancestors members.rexmd.com members.navamd.com members.lifemd.com *.lifemd.com 2
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.sticky.io https://marketing.hachette-partworks.com https://cdn.wishpond.net/connect.js https://u.videostep.com https://analytics.tiktok.com https://www.clarity.ms https://static.r66net.com https://k.r66net.com https://ks.invibes.com https://www.paypalobjects.com https://tag.aticdn.net https://cdn3.actito.com/legacy/actito-goal/goal.js https://www.awin1.com/ https://www.dwin1.com/ https://www.paypal.com https://geolocation.onetrust.com/ https://fevoki.wejekihota.com https://apis.google.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://ws1.postescanada-canadapost.ca https://cdnjs.cloudflare.com https://cdn.doofinder.com https://cdn.hachette-collections.com https://www.google-analytics.com https://www.google.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://autroliner.com https://cilkonlay.com https://bat.bing.com https://s.pinimg.com https://sp.analytics.yahoo.com https://s.yimg.com https://www.redditstatic.com https://www3.actito.com https://widget.trustpilot.com https://invitejs.trustpilot.com; style-src 'self' 'unsafe-inline' https://www.hachette-collections.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://cdn.hachette-collections.com https://hachettepartworks.com; img-src 'self' data: *.bing.com *.xiti.com *.clarity.ms https://fonts.gstatic.com https://www.paypalobjects.com https://analytics.tiktok.com https://s.videostep.com https://ks.b26net.com https://ks.invibes.com https://tbs.tradedoubler.com https://tbl.tradedoubler.com https://t.paypal.com https://www.hachette-collections.com https://cdn.cookielaw.org https://www.google.co.il https://www.facebook.com https://ws1.postescanada-canadapost.ca https://hachettepartworks.com https://cdn.hachette-collections.com https://bat.bing.com https://www.google.be https://www.google.com https://www.gstatic.com https://www.google.fr https://www.google-analytics.com https://www.google.ca https://autroliner.com https://www.googletagmanager.com https://www.google.ch https://ct.pinterest.com https://www.google.de https://www.google.co.uk https://www.google.lu https://www.google.it https://www.google.pt https://www.google.co.ma https://scontent-cdg2-1.cdninstagram.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.dk https://scontent-cdt1-1.cdninstagram.com https://info.hachette-collections.com https://www.google.gr https://www.google.tn; font-src 'self' https://www.hachette-collections.com/ https://fonts.gstatic.com https://cdn.hachette-collections.com https://static3.avast.com; media-src 'self' https://cdn.hachette-collections.com https://www.hachette-collections.com https://workbench-www.hachette-collections.com https://hachettepartworks.com; connect-src 'self' https://google.com https://hachettepartworks.sticky.io https://marketing.hachette-partworks.com *.xiti.com *.google.fr *.analytics.google.com https://content.hotjar.io *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.clarity.ms *.invibes.com/ https://analytics.tiktok.com https://region1.google-analytics.com https://geolocation.onetrust.com https://www.sandbox.paypal.com https://www.paypal.com https://privacyportal-eu.onetrust.com https://privacyportal-fr.onetrust.com https://1637314617.rsc.cdn77.org https://cdn.cookielaw.org https://stage-secure2-vault.hipay-tpp.com https://ws1.postescanada-canadapost.ca https://eu1-search.doofinder.com https://secure2-vault.hipay-tpp.com https://bat.bing.com https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://s.yimg.com https://vc.hotjar.io https://www.facebook.com; frame-src 'self' https://td.doubleclick.net https://cdn.sticky.io https://cdn.wishpond.net/ https://www.paypalobjects.com/ https://www.facebook.com/ https://tbs.tradedoubler.com/ https://www.pinterest.fr/ https://www.pinterest.com/ https://www.sandbox.paypal.com https://www.paypal.com https://checkout.slimpay.net https://checkout.preprod.slimpay.com https://accounts.google.com https://www.youtube.com *.moneris.com *.sticky.io https://w.soundcloud.com https://vars.hotjar.com https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://widget.trustpilot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /report.php 2
frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
default-src 'self' *.wirth-horn.de 'unsafe-eval' 'unsafe-inline' *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 2
default-src 'self' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com; worker-src 'self' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com blob: data:; child-src 'self' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com blob: data:; media-src 'self' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com blob: data:; img-src 'self' https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com data:; font-src 'self' data: https: *.cowen.com cowen.com vimeo.com *.vimeo.com gravatar.com *.gravatar.com *.cowen-com.local cowen-com.local http://cowen-com.local *.pressdns.com http://www.cowen.com http://cowen.com https://*.pressdns.com http://s32735.p1146.sites.pressdns.com *.pcdn.co https://*.pcdn.co http://*.pcdn.co https://s33007.pcdn.co http://s33007.pcdn.co http://s32735.pcdn.co http://brightcove.net players.brightcove.net *.brightcove.net clientapi.gcs-web.com http://10.0.14.213:9200 api.ipstack.com ipstack.com *.microsoft.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.konverto.eu/ https://konvertoinbound.activehosted.com https://connect.facebook.net *.google-analytics.com https://www.analytics.konverto.eu/* www.googletagmanager.com https://ssl.google-analytics.com https://my.konverto.eu https://cdn1.onboard.org https://www.gstatic.com https://www.google.com;font-src 'self' fonts.gstatic.com;style-src 'unsafe-inline' https://unpkg.com fonts.googleapis.com hello.myfonts.net https://my.konverto.eu 'self';img-src 'self' data: *.facebook.com/ *.google-analytics.com/ *.google.com/ *.google.it/ https://stats.g.doubleclick.net/ https://i.ytimg.com/;frame-src player.vimeo.com www.youtube.com www.youtube-nocookie.com www.google.com konverto.onboard.org;connect-src 'self' https://analytics.konverto.eu/ *.doubleclick.net *.google-analytics.com/ wss://rol.vip.rolvoice.it/ https://my.konverto.eu https://cdn1.onboard.org/ https://country.api.rollive.it/; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://connect.facebook.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com/493234.js https://js-eu1.hubspot.com https://knapp.piwik.pro https://snap.licdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://cta-eu1.hubspot.com https://knapp.piwik.pro https://px.ads.linkedin.com; img-src 'self' data: https://px4.ads.linkedin.com https://perf-eu1.hsforms.com https://px.ads.linkedin.com https://track-eu1.hubspot.com https://www.facebook.com; font-src 'self' data:; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; 2
script-src *.bancfirst.tv *.cloudflare.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none';  frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com 2
default-src 'self'; script-src 'self' 'nonce-pub1f79f8ac903a5872ae5f53026d20a77c' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com https://oaistatic.com https://*.oaistatic.com https://widget.intercom.io https://chat.openai.com https://tcr9i.chat.openai.com https://chatgpt.com https://*.chatgpt.com https://snc.apps.openai.com js.stripe.com; script-src-elem 'unsafe-inline' js.intercomcdn.com https://oaistatic.com https://*.oaistatic.com https://widget.intercom.io challenges.cloudflare.com https://chat.openai.com auth0.openai.com https://tcr9i.chat.openai.com https://chatgpt.com https://*.chatgpt.com https://snc.apps.openai.com js.stripe.com; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://chat.openai.com https://tcr9i.chat.openai.com https://chatgpt.com https://*.chatgpt.com https://oaistatic.com https://*.oaistatic.com https://snc.apps.openai.com; font-src 'self' data: https://*.oaistatic.com; connect-src 'self' api-js.mixpanel.com wss://fp-async-webps-staging.webpubsub.azure.com https://tcr9i.chat.openai.com browser-intake-datadoghq.com http://localhost:* statsigapi.net fileserviceuploadsperm.blob.core.windows.net wss://fp-async-webps-prod.webpubsub.azure.com o33249.ingest.sentry.io https://oaistatic.com https://*.oaistatic.com https://events.statsigapi.net https://chat.openai.com https://chatgpt.com https://*.chatgpt.com https://snc.apps.openai.com api-iam.intercom.io *.oaiusercontent.com https://featuregates.org; frame-src tcr9i.chat.openai.com challenges.cloudflare.com js.stripe.com; worker-src blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1f79f8ac903a5872ae5f53026d20a77c&dd-evp-origin=content-security-policy&ddsource=csp-report; 2
default-src 'unsafe-inline' https:; img-src data: https: 2
default-src 'none'; img-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' blob:; media-src 'self' 2
default-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com unpkg.com googletagmanager.com rum-static.pingdom.net rum-collector-2.pingdom.net servedby.flashtalking.com www.google-analytics.com data: audio: kit.fontawesome.com ka-f.fontawesome.com fonts.gstatic.com connect.facebook.net www.facebook.com stats.g.doubleclick.net lifeblood.clevertar.app ctweb.azureedge.net dc.services.visualstudio.com webau.blob.core.windows.net my-opa.donateblood.com.au www.youtube.com www.google.com oembed.libsyn.com optimize.google.com fls.doubleclick.net https://in.hotjar.com/ wss://ws2.hotjar.com https://ws2.hotjar.com components.clevertar.app js.clevertar.app voices.clevertar.app https://bcvipsd20.rightnowtech.com/engagement/api/consumer/ https://my-opa.donateblood.com.au/web-determinations/redirectQuery aurcbloodservices.widget.custhelp.com region1.google-analytics.com region1.analytics.google.com https://aurcbloodservices.widget.custhelp.com https://characters.clevertar.app https://speak.clevertar.com https://components.clevertar.app https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com www.google.com.au/ads/ga-audiences cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads cdn.pdst.fm; font-src 'self' kit.fontawesome.com cdnjs.cloudflare.com ka-f.fontawesome.com data: application: fonts.gstatic.com clevertar.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/euf/core/3.3/thirdParty/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; frame-src 'self' www.youtube.com www.facebook.com optimize.google.com oembed.libsyn.com www.google.com *.fls.doubleclick.net vars.hotjar.com https://platform.twitter.com/ www.instagram.com www.linkedin.com https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au feedback.inmoment.com.au; img-src 'self' www.w3.org/* data: https: http: image: blob: region1.google-analytics.com region1.analytics.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.facebook.com kit.fontawesome.com www.youtube.com www.google-analytics.com rum-static.pingdom.net img.en25.com ka-f.fontawesome.com googleads.g.doubleclick.net amplify.outbrain.com tr.outbrain.com my-opa.donateblood.com.au www.w3.org code.jquery.com clevertar.azureedge.net www.googletagmanager.com rum-collector-2.pingdom.net servedby.flashtalking.com lifeblood.clevertar.app ctweb.azureedge.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ aurcbloodservices.widget.custhelp.com/ci/oit https://aurcbloodservices.widget.custhelp.com https://www.rnengage.com/api https://api.experianaperture.io/ https://aurcbloodservices.widget.custhelp.com/s/oit/latest/common/v0/libs/oit/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com kit.fontawesome.com www.youtube.com code.jquery.com img.en25.com my-opa.donateblood.com.au amplify.outbrain.com/ rum-static.pingdom.net www.googleadservices.com/ www.w3.org/* code.jquery.com/jquery-3.5.0.min.js www.googletagmanager.com connect.facebook.net www.google-analytics.com clevertar.azureedge.net tr.outbrain.com googleads.g.doubleclick.net ctweb.azureedge.net www.gstatic.com/recaptcha/releases/ optimize.google.com https://static.hotjar.com/ https://script.hotjar.com/ aurcbloodservices.widget.custhelp.com https://my-opa.donateblood.com.au/web-determinations/staticresource/ www.rnengage.com/api/ https://platform.twitter.com/ https://www.instagram.com/ https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' ka-f.fontawesome.com/* https://fonts.googleapis.com/css https://clevertar.azureedge.net/UserInterface/evo/classic.css https://ctweb.azureedge.net/clients/lifeblood/css/theme.css https://clevertar.azureedge.net/UserInterface/evo/modern.css fonts.googleapis.com www.googletagmanager.com my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://ctweb.azureedge.net/ https://clevertar.azureedge.net/ https://ctweb.azureedge.net/clients/lifeblood/css/bubble-theme.css https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' maps.googleapis.com/* unpkg.com fonts.googleapis.com kit.fontawesome.com www.googletagmanager.com clevertar.azureedge.net ctweb.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au optimize.google.com aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://cdn.jsdelivr.net; report-uri https://www.lifeblood.com.au/report-uri/enforce; upgrade-insecure-requests 2
default-src 'self' ; base-uri 'self' ; frame-ancestors 'self' ; form-action 'self' https://js.createsend1.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://info.viterra.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://pi.pardot.com https://analytics.tiktok.com https://static.ads-twitter.com https://connect.facebook.net https://www.work.ua https://js.createsend1.com/ https://createsend.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com ; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.ggpht.com https://*.youtube.com https://*.google-analytics.com https://stats.g.doubleclick.net https://mobilews.viterra.com.au https://priceapi.viterra.com.au https://analytics.tiktok.com https://static.ads-twitter.com https://connect.facebook.net https://createsend.com/ ; img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.youtube.com https://*.ggpht.com https://i.ytimg.com https://newscorpau.demdex.net https://*.facebook.com https://*.twitter.com https://t.co/ ; frame-src 'self' https://www.youtube.com https://*.googletagmanager.com https://*.google.com https://pr.globenewswire.com https://admin10.rabota.ua ; child-src 'self' https://www.youtube.com https://*.googletagmanager.com https://*.google.com https://pr.globenewswire.com https://admin10.rabota.ua ; 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 2
upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; connect-src 'self' www.google-analytics.com consentcdn.cookiebot.com *.wistia.com *.sharethis.com wss://localhost:* *.b2clogin.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: *.wistia.com; object-src 'none'; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com ajax.googleapis.com ajax.aspnetcdn.com consent.cookiebot.com www.recaptcha.net www.googletagmanager.com *.wistia.com code.jquery.com www.google-analytics.com www.gstatic.com *.wistia.net *.sharethis.com 'report-sample'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; media-src 'self' blob: assets.maxlinear.com; frame-ancestors 'self' *.maxlinear.com; base-uri 'self'; frame-src 'self' consentcdn.cookiebot.com www.recaptcha.net *.wistia.net *.wistia.com www.google.com 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com api.salesfeed.com *.googleadservices.com *.facebook.net *.doubleclick.net *.cloudflare.com seomator.com cdn.leadinfo.net cdn.oribi.io *.seranking.com *.clickcease.com https://monitor.fraudblocker.com; object-src *; style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net seomator.com fonts.googleapis.com; img-src * data:; media-src *; frame-src *; font-src *; connect-src * 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; 2
default-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; connect-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; img-src 'self' data: mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; base-uri 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; form-action 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; object-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; 2
default-src blob: data: mediastream: filesystem: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.civiccomputing.com *.analytics.google.com *.google-analytics.com *.typekit.net *.typekit.com *.sproutvideo.com ipinfo.io api.ipify.org static.addtoany.com *.googletagmanager.com *.neotalogic.com *.vuturevx.com *.joseflegal.com *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ctnsnet.com *.civiccomputing.com *.typekit.net *.typekit.com *.webtrends.com *.webtrendslive.com svc.webspellchecker.net *.google-analytics.com *.analytics.google.com bs.serving-sys.com static.addtoany.com js-agent.newrelic.com bam.nr-data.net *.career-inspiration.com *.pathmotion.com view.ceros.com *.googletagmanager.com *.sproutvideo.com www.buzzsprout.com snap.licdn.com *.neotalogic.com *.vuturevx.com *.joseflegal.com i.ctnsnet.com *.crazyegg.com; style-src 'self' 'unsafe-inline' themes.googleusercontent.com svc.webspellchecker.net cloud.typography.com *.typekit.net *.typekit.com cloud.typography.com careers.herbertsmithfreehills.com *.neotalogic.com *.vuturevx.com *.joseflegal.com *.sharethis.com; img-src 'self' * data: *.typekit.net *.webtrends.com *.webtrendslive.com svc.webspellchecker.net images.sproutvideo.com *.google-analytics.com *.analytics.google.com *.neotalogic.com *.vuturevx.com *.joseflegal.com; media-src 'self' *.sproutvideo.com; frame-src 'self' 'unsafe-inline' *.youtube.com *.sproutvideo.com player.vimeo.com *.career-inspiration.com *.pathmotion.com static.addtoany.com *.fls.doubleclick.net view.ceros.com w.soundcloud.com *.youtube.com youtube.com *.spotify.com *.googletagmanager.com www.buzzsprout.com *.neotalogic.com *.vuturevx.com *.joseflegal.com cdn.yoshki.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.typekit.net *.typekit.com *.neotalogic.com *.vuturevx.com *.joseflegal.com; connect-src 'self' *.doubleclick.net *.civiccomputing.com api.ipify.org performance.typekit.net *.typekit.net *.typekit.com *.sproutvideo.com svc.webspellchecker.net api.ipify.org ipinfo.io svc.webspellchecker.net *.google-analytics.com *.analytics.google.com bam.nr-data.net *.googletagmanager.com *.neotalogic.com *.vuturevx.com *.joseflegal.com *.google.com *.crazyegg.com *.googlesyndication.com *.sharethis.com https://cdn.linkedin.oribi.io; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-src 'self' https://www.recaptcha.net/ https://*.youtube.com; frame-ancestors 'self' https://*.krka.si https://*.ezdravje.com https://*.edit.krkawp https://*.final.krkawp; object-src 'none'; 2
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2
frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 2
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/; img-src * data: *.crazyegg.com acsbapp.com *.acsbapp.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com; report-uri /report-csp-violation 2
frame-ancestors https://builder.io 2
default-src https: data: wss://*.hotjar.com https://calculator.value-cloud.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self' https://calculator.value-cloud.com; object-src 'self' blob; upgrade-insecure-requests; 2
frame-src 'self' *; child-src 'self' *; object-src 'self' *; 2
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 2
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com https://geowidget.easypack24.net *.thulium.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com https://geowidget-app.inpost.pl/ secure.payu.com merch-prod.snd.payu.com *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.payu.com/ *.youtube.com/ *.go2cloud.org/ *.clarity.ms *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.payu.com *.google.pl *.google.de *.paynow.pl https://jannowak.com/ https://diablochairs.com/ https://sofandi.store/ https://domator24.com/ *.trackjs.com *.bing.com *.clarity.ms *.thulium.com/ https://integrations.etrusted.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com *.hotjar.com/ *.hotjar.io/ *.thulium.com/ https://orbitvu.co/ *.orbitvu.co/ *.gopay.com/ *.payu.com/ https://geowidget.easypack24.net/ https://jannowak.com https://jannowak.pre.aur.ac https://diablochairs.com https://diablo.pre.aur.ac https://domator24.com https://domator-com.pre.aur.ac https://sofandi.store https://sofandi.pre.aur.ac https://pixel.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ *.trackjs.com https://bat.bing.com/ *.clarity.ms *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://integrations.etrusted.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.thulium.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com wss://*.thulium.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.doubleclick.net/ *.orbitvu.cloud/ *.gopay.com/ wss://*.hotjar.com/ *.payu.com/ *.googlesyndication.com/ https://p.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ https://www.googletagmanager.com/ *.google.com/ https://google.com/ccm/ https://google.com/pagead/ *.google.pl *.google.de *.trackjs.com *.clarity.ms https://bat.bing.com/ https://integrations.etrusted.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors *.nha.nl *.nha.be *.nhad.de *.buddywise.nl 2
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 2
default-src 'self' telit.com *.telit.com blob: bing.com *.bing.com licdn.com  google-analytics.com *.google-analytics.com demandbase.com *.demandbase.com company-target.com *.company-target.com *.licdn.com *.recaptcha.net recaptcha.net gstatic.com *.gstatic.com google.com youtube-nocookie.com *.youtube-nocookie.com  youtube.com *.youtube.com ggpht.com *.ggpht.com googleapis.com *.googleapis.com ytimg.com *.ytimg.com *.doubleclick.net googletagmanager.com *.googletagmanager.com pardot.com *.pardot.com osano.com *.osano.com driftt.com *.driftt.com oribi.io *.oribi.io linkedin.com *.linkedin.com rlcdn.com *.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat gravatar.com *.gravatar.com w.org *.w.org wpengine.com *.wpengine.com yoast.com *.yoast.com jsdelivr.net *.jsdelivr.net wistia.com *.wistia.com helpscout.net *.helpscout.net *.litix.io litix.io cloudfront.net *.cloudfront.net *.devmobo.com cinterion.com *.cinterion.com securityscorecard.com *.securityscorecard.com *.googlesyndication.com googlesyndication.com *.facebook.net *.facebook.com *.alicdn.com *.typekit.net *.vimeo.com *.indeed.com *.killadsapi.com *.zi-scripts.com *.zoominfo.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://telit-newsletter.devmobo.com/l.php 2
frame-ancestors 'self' https://*.voya.com https://mybetterworld.es https://*.mybetterworld.es; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'none'; 2
frame-ancestors https://*.dsw.nl https://*.d1.dsw.lan 2
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.userback.io *.readspeaker.com https://www.canto.com https://www.dacast.com https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.userback.io *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.canto.com https://www.dacast.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; img-src 'self' 'unsafe-inline' data: https://www.canto.com https://*.tile.openstreetmap.org https://cdn.jsdelivr.net https://*.google.com https://maps.gstatic.com https://api.mapbox.com; media-src 'self' *.canto.global *.cloudfront.net; frame-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; frame-ancestors 'self'; child-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; font-src 'self' data: https://fonts.gstatic.com *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com; connect-src 'self' https://skaoint.matomo.cloud; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' data:; 2
script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 2
base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 2
frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self'; font-src 'self'; frame-src *; img-src 'self' data:; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; 2
report-uri https://dev.apicodo.de/csp/report/ 2
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src 'self' data:; object-src 'none'; 2
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com wpmudev.com *.6sc.co *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscta.net *.hs-analytics.net *.wistia.com *.wistia.net *.cloudfront.net *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.co.uk *.google.dk *.google.com *.googlesyndication.com  *.doubleclick.net *.hotjar.com *.facebook.net *.twitter.com *.twimg.com *.litix.io *.yoast.com yoast.com *.clicktale.net *.cloudflare.com *.helpforsmartphone.com *.usemessages.com *.licdn.com *.linkedin.com *.pardot.com *.gamma.co.uk *.luckyorange.net *.luckyorange.com *.qualified.com *.ampproject.org *.bing.com *.nitrocdn.com nitropack.io *.mutinycdn.com *.adroll.com *.zoominfo.com; connect-src 'self' 'unsafe-inline' *.sleeknote.com cdnjs.cloudflare.com fonts.googleapis.com images.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com wpmudev.com *.fullstory.com *.mutinycdn.com *.mutinyhq.io *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.com *.google.co.uk *.google.fi *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.net *.litix.io *.yoast.com yoast.com ws.zoominfo.com *.polyfill.io *.luckyorange.net *.luckyorange.com wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ *.socket.io *.qualified.com wss://*.qualified.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.apps.gamma.co.uk *.ampproject.org wss://*.visitors.live *.luckyorange.com *.adnxs.com *.nitrocdn.com *.getnitropack.com nitropack.io; style-src 'self' 'unsafe-inline' data: sleeknotestaticcontent.sleeknote.com *.wpengine.com *.bootstrapcdn.com *.googleapis.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.twitter.com *.twimg.com *.qualified.com *.typekit.net *.nitrocdn.com; font-src 'self' data: fonts.gstatic.com sleeknotestaticcontent.sleeknote.com *.mutinycdn.com *.wpengine.com *.bootstrapcdn.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.slideshare.net *.slidesharecdn.com *.qualified.com *.typekit.net *.gamma.co.uk *.wearegamma.co.uk *.nitrocdn.com *.adroll.com; frame-src 'self' blob: 'unsafe-inline' *.maptive.com *.linkedin.com *.wpengine.com *.hsforms.com *.hsforms.net *.vimeo.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.twitter.com *.slideshare.net *.helpforsmartphone.com *.googlesyndication.com *.google.se *.google.com *.youtube.com *.hubspot.com *.qualified.com *.mobilethink.net *.instagram.com; child-src 'self' blob: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.slideshare.net *.qualified.com; media-src * blob: *.wpengine.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.akamaihd.net *.qualified.com *.sleeknote *.nitrocdn.com; object-src 'self' *.cloudfront.net; img-src 'self' data: blob: 'unsafe-inline' sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com *.mutinycdn.com *.wpengine.com *.wp.com *.yoast.com yoast.com *.cloudfront.net *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com *.google.co.uk *.google.se *.google.ae *.google.nl *.google.es *.google.ie *.google.lv *.googleapis.com *.wpmudev.org *.adroll.com *.doubleclick.net *.hotjar.com *.akamaihd.net *.rubiconproject.com *.advertising.com *.facebook.com *.twitter.com *.twimg.com *.casalemedia.com *.outbrain.net *.outbrain.com *.pubmatic.net *.pubmatic.com *.taboola.net *.taboola.com *.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.digitru.st *.3lift.com *.adsymptotic.com *.rundsp.com *.bidr.io *.w55c.net *.adsrvr.org *.placelocal.com *.demdex.net *.nexac.com *.gravatar.com *.bing.com *.mathtag.com *.yume.com *.liadm.com *.exelator.com *.turn.com *.undertone.com *.tidaltv.com *.w.org *.everesttech.net *.pippio.com *.eyeviewads.com *.mxptint.net *.cardlytics.com *.ml314.com *.crwdcntrl.net *.simpli.fi *.addthis.com *.insightexpressai.com *.entitytag.co.uk *.rfihub.com *.adlucent.com https://qualified-production.s3.amazonaws.com *.qualified.com *.linkedin.com *.scatec.io *.nitrocdn.com *.nitropack.io *.getnitropack.com; 2
frame-ancestors 'self' https://ptcarena.lookbookhq.com https://ptcarena.pathfactory.com; 2
* data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 'self'; * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self'; none; self; * data: blob: 'unsafe-inline' 'self'; * data: blob: 'unsafe-inline' 'self'; * data: blob: self; * data: blob: 'unsafe-inline'; * data: blob: 'unsafe-inline' 'self'; self; self; https://6512fbc708615f75764fb2da.endpoint.csper.io/?v=0; none 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://tag.aticdn.net;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media https://www.google.com https://www.google.co.uk;media-src 'none';frame-src 'self' http://players.brightcove.net https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consentcdn.cookiebot.com;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com https://our.umbraco.com https://our.umbraco.org https://www.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://log.xiti.com https://*.analytics.google.com/ https://*.google-analytics.com/ https://a1.api.bbc.com;report-uri /WebResource.axd?cspReport=true 2
default-src *.acscan.org *.fightcancer.org 'unsafe-inline'; script-src *.acscan.org *.fightcancer.org platform.twitter.com cdn.cookielaw.org cdn.fundraiseup.com www.googleoptimize.com www.google.com www.gstatic.com www.googletagmanager.com c.shpg.org static.fundraiseup.com static.tagboard.com *.addthis.com js.adsrvr.org *.addthisedge.com cdn.everwall.com z.moatads.com script.crazyegg.com connect.facebook.net www.google-analytics.com static.ads-twitter.com cdn.addpipe.com ajax.googleapis.com static.addtoany.com 'unsafe-inline' 'unsafe-eval'; style-src *.acscan.org *.fightcancer.org maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net cdn.addpipe.com static.tagboard.com cdn.everwall.com script.crazyegg.com fonts.googleapis.com 'unsafe-inline'; img-src cdn.cookielaw.org script.crazyegg.com data: *; media-src *.youtube.com *.addpipe.com 'self'; frame-src script.crazyegg.com *.addthis.com *.youtube.com www.google.com insight.adsrvr.org cdn.everwall.com act.fightcancer.org 4635225.fls.doubleclick.net td.doubleclick.net *.doubleclick.net insight.adsrvr.org match.adsrvr.org www.facebook.com static.contextall.com platform.twitter.com static.addtoany.com 'self'; child-src 'self' blob:; font-src *.acscan.org *.fightcancer.org fonts.gstatic.com themes.googleusercontent.com maxcdn.bootstrapcdn.com use.typekit.net cdn.everwall.com; connect-src *.acscan.org *.fightcancer.org *.crazyegg.com *.google-analytics.com translate.googleapis.com cdn.cookielaw.org fndrsp.net api.fundraiseup.com sentry.fundraiseup.com geolocation.onetrust.com privacyportal.onetrust.com m.addthis.com stats.g.doubleclick.net www.facebook.com stats.addtoany.com *.addpipe.com wss://*.addpipe.com; report-uri /report-csp-violation 2
frame-ancestors 'self' localhost:9002 https://*.corona.co 2
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 2
style-src 'self' 'unsafe-inline';  2
report-uri https://circaworks.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://privacyportal.onetrust.com/request/v1/consentreceipts; font-src 'self' https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data:; img-src 'self' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io https://stats.g.doubleclick.net https://cdn.cookielaw.org/ data:; object-src 'self'; frame-src 'self' https://information.huntonak.com https://cdn.yoshki.com https://www.youtube.com https://player.vimeo.com https://app.powerbi.com https://share.hsforms.com/ https://www.youtube-nocookie.com; 2
: block-all-mixed-content 2
base-uri 'none'; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; object-src 'none'; default-src 'none'; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; form-action 'self'; frame-ancestors 'self'; manifest-src 'self' static.freeimages.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://player.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://player.vimeo.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://cdn.transcend.io https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://api.palette.dev;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://file.notion.so notion://file.notion.so https://*.mux.com https://track.customer.io;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://cdn.transcend.io https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self';worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com 2
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 2
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self' designit-web.imgix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com ssl.google-analytics.com tagmanager.google.com connect.facebook.net www.eventbrite.com https://*.hs-scripts.com https://*.hsforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net secure.haig7anax.com https://static.hotjar.com https://script.hotjar.com https://*.hsadspixel.net https://snap.licdn.com; connect-src 'self' api.craftcms.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net https://idx.liadm.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com designit-web.imgix.net wss://ws.hotjar.com https://*.hotjar.io https://*.hubapi.com https://cdn.linkedin.oribi.io; img-src 'self' data: designit-web.imgix.net www.facebook.com www.googletagmanager.com www.google.com www.google.no googleads.g.doubleclick.net *.google-analytics.com ssl.gstatic.com www.gstatic.com secure.spit0stge.com https://forms-eu1.hsforms.com https://*.hubspot.com https://*.hsforms.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; base-uri 'self'; form-action 'self' www.facebook.com https://*.hsforms.com; frame-src 'self' www.youtube.com player.vimeo.com www.eventbrite.com www.facebook.com embed.podcasts.apple.com www.googletagmanager.com bid.g.doubleclick.net https://*.hsforms.com; frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://tags.bkrtx.com https://stags.bluekai.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://programarcita.claro.com.sv/ https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://*.twitter.com https://digitasgt.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://players.brightcove.net https://e.issuu.com https://*.claro.com.sv https://www.googleoptimize.com https://*.google.com https://*.google.com.mx https://*.bing.com https://*.prod.clarodigital.net https://*.claro.com.gt https://static.ads-twitter.com https://*.clarity.ms https://connect.facebook.net; media-src mediastream:; 2
default-src: https: 'unsafe-inline'; 2
frame-ancestors *.fraport.com *.fraport.de https://fraportag.sharepoint.com http://www.fra-spotterforum.de; 2
frame-ancestors 'self' *.kumulusvape.fr *.kmls.fr *.facebook.com *.youtube.com *.payplug.com *.getalma.eu kmls.lmdv.pro *.botmind.ai *.vimeo.com 2
frame-ancestors 'self' wishaudit.com callmacro.com CommandStock.com charityfruit.com earlyshore.com DailyOwner.com EcoDefine.com loveoutput.com InterHonor.com proxysmile.com frontsmile.com AskCold.com cresttoday.com WorkCold.com metalcyber.com mb8box.com 2
frame-ancestors 'self';frame-src 'self'; 2
default-src 'self' naturaprende.net *.naturaprende.net escuelanaturayavon.net *.escuelanaturayavon.net *.jsdelivr.net unpkg.com cdnjs.cloudflare.com cdn.datatables.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com.ar *.google.com *.youtube.com *.ytimg.com naturamediaawsbucket.s3.sa-east-1.amazonaws.com 'unsafe-inline' data:; frame-src * 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdn.datatables.net/ https://www.pagespeed-mod.com/; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://code.jquery.com/ https://cdn.datatables.net/ https://www.pagespeed-mod.com/; media-src *; img-src * 'self' filesystem: data: blob:; 2
frame-ancestors 'self' *.microsoft.com *.microsoft365.com *.google.com *.lumapps.com *.office.com; 2
frame-ancestors 'self' https://californiaclosets.mx; 2
frame-ancestors 'none'; upgrade-insecure-requests; 2
frame-ancestors 'self' https://mynfon.net https://partners.nfon.com; 2
default-src 'none'; script-src 'self' 'unsafe-eval' data: health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net *.youtube.com ytimg.com *.ytimg.com maps.googleapis.com *.readspeaker.com subscribe.health.vic.gov.au app-script.monsido.com *.openforms.com; style-src 'self' 'unsafe-inline' health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au fonts.googleapis.com tagmanager.google.com *.readspeaker.com subscribe.health.vic.gov.au drwgdblqzrfiz.cloudfront.net *.openforms.com; img-src 'self' data: health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au *.amazee.io tracking.monsido.com curator-assets.b-cdn.net developers.google.com maps.gstatic.com *.googleapis.com subscribe.health.vic.gov.au developers.google.com *.ggpht.com scontent-lga3-1.xx.fbcdn.net drwgdblqzrfiz.cloudfront.net www.facebook.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; font-src 'self' data: health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au fonts.gstatic.com subscribe.health.vic.gov.au *.readspeaker.com data:; frame-src 'self' *.health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net prevention.health.vic.gov.au subscribe.health.vic.gov.au app.powerbi.com w.soundcloud.com dhhs.carto.com dhhs.cartodb.com public.tableau.com flo.uri.sh bettersynd.betterhealth.vic.gov.au form.business.vic.gov.au *.openforms.com; manifest-src 'self'; media-src content.health.vic.gov.au; connect-src 'self' health.vic.gov.au content.health.vic.gov.au *.content.health.vic.gov.au https://hotjar.com https://hotjar.io wss://hotjar.com *.sdp.vic.gov.au api.ipify.org drwgdblqzrfiz.cloudfront.net *.doubleclick.net *.google-analytics.com analytics.google.com prevention.health.vic.gov.au subscribe.health.vic.gov.au *.readspeaker.com maps.googleapis.com; 2
frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 2
font-src * 2
frame-ancestors https://*.westmonroe.com 2
upgrade-insecure-requests; frame-ancestors 'self' www.newamericanfunding.com thebrokernetwork.com www.thebrokernetwork.com qa.thebrokernetwork.com staging.thebrokernetwork.com uat.thebrokernetwork.com https://patch.com https://mortgage.patch.com; default-src 'unsafe-eval' 'unsafe-inline' data: https:; script-src 'unsafe-eval' 'unsafe-inline' data: https: blob:; style-src 'unsafe-inline' data: https:; img-src data: https:  blob:; font-src data: https:; connect-src https: blob:; media-src data: https: blob:; object-src https:; frame-src data: https:; child-src data: https: blob:; form-action https:; 2
child-src 'self'; connect-src 'self' *.bluecrossma.com *.googleapis.com *.kampyle.com *.apigee.net *.brightcove.com *.boltdns.net *.akamaihd.net *.medallia.com *.nr-data.net *.brightcove.net *.bluecrossma.org; frame-src 'self' *.amelia.com *.apigee.net *.medallia.com *.google.com ahealthymelhnsearch.wholehealthmd.com *.bluecrossma.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kampyle.com *.adobedtm.com *.medallia.com *.cloudflare.com *.apigee.net *.brightcove.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' *.kampyle.com *.adobedtm.com *.medallia.com *.cloudflare.com *.zencdn.net *.newrelic.com *.bluecrossma.org *.apigee.net *.brightcove.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.kampyle.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob: *.bluecrossma.com; frame-ancestors 'self' *.caremark.com *.fepblue.com; report-uri https://www.bluecrossma.org/report-uri/enforce 2
frame-ancestors *.pfister.ch:9002 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.clarity.ms https://connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; img-src 'self' data: *; frame-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.google.com https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.googlesyndication.com https://*.linkedin.com; report-uri /report-csp-violation 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; object-src 'none'; font-src 'self' data: https://static.rain.com; media-src * blob:; frame-ancestors 'self'; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * blob:; style-src * 'unsafe-inline'; 2
default-src 'self' lipseys.uservoice.com www.google.com google.com userway.org cdn.userway.org gunstreamer.com next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com docs.google.com www.youtube-nocookie.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com www.lipseys.com lipseys.com www.clarity.ms www.google.com google.com gstatic.com www.gstatic.com cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com ajax.googleapis.com cdn.jsdelivr.net cdn.ravenjs.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com kit.fontawesome.com; style-src 'self' 'unsafe-inline' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com fonts.googleapis.com maxcdn.bootstrapcdn.com kit-free.fontawesome.com ka-f.fontawesome.com; connect-src 'self' cdn.userway.org wss://live.lipseysdistribution.net contentapi.lipseysdistribution.net itemsapi.lipseysdistribution.net live.lipseysdistribution.net docs.google.com ka-f.fontawesome.com api.userway.org userway.org *.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com api.lipseys.com sentry.io www.google-analytics.com *.clarity.ms c.bing.com; font-src 'self' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com ka-f.fontawesome.com; img-src * data: blob:; upgrade-insecure-requests 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:;media-src blob: 'self' data:;worker-src blob: 'self' data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com www.google-analytics.com www.googleoptimize.com optimize.google.com *.wayin.com *.mouseflow.com unpkg.com assets.adobedtm.com www.rockomni.com *.rocketmortgage.com api.lincx.com code.jquery.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com optimize.google.com fonts.googleapis.com; font-src 'self' use.typekit.net www.rockomni.com cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com optimize.google.com *.g.doubleclick.net *.google.com cm.everesttech.net *.cloudfront.net *.demdex.net; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.mouseflow.com *.rocketmortgage.com somni.rocketmortgage.com assets.adobedtm.com geometer.lincx.la *.demdex.net api.lincx.com somni.quickenloans.com somni.moneytips.com; frame-src 'self' *.wayin.com quicken.demdex.net optimize.google.com; 2
frame-ancestors 'self' https://www.escanav.com; 2
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-eval' https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://www.naha.ae https://app-as.readspeaker.com wss://directline.botframework.com https://tamm.abudhabi https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com  https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://unpkg.com https://www.google-analytics.com https://tamm.abudhabi https://www.naha.ae https://naha.ae https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae http://w3.org  https://httpbin.org https://directline.botframework.com  https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://sandboxadmin.prioticket.com https://static.ads-twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://oc-cdn-ocuae-uae.azureedge.net https://cdn.jsdelivr.net oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://*.screenmeet.com https://edge.screenmeet.com wss://*.screenmeet.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.scrn.mt https://tamm-chatbot-prod.azurewebsites.net https://connect.facebook.net https://analytics.tiktok.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://static.tamm.abudhabi https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://schdmngr.tamm.abudhabi https://myland.dmt.gov.ae https://recaptcha.net  https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com  https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi blob:; connect-src 'self' wss://pub-csm-plce-01-t.trouter.skype.com wss://pub-csm-plce-02-t.trouter.skype.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://www.gstatic.com wss://trouter-azsc-euno-0-a.trouter.skype.com https://trouter-azsc-euno-0-b.trouter.skype.com https://adda-chatbot-r2-prod.azurewebsites.net https://*.omnichannelengagementhub.com https://ProdCRM-APIM.tammcrm.abudhabi.ae/ wss://trouter-azsc-ukwe-0-b.trouter.skype.com wss://trouter-azsc-ukwe-0-a.trouter.skype.com wss://trouter-azsc-euno-0-b.trouter.skype.com wss://trouter-azsc-asse-0-b.trouter.skype.com wss://trouter-azsc-asse-0-a.trouter.skype.com https://adda-bot-preprod.azurewebsites.net/api https://PreprodCRM-APIM.tammcrm.abudhabi.ae https://*.communication.azure.com https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.skype.com/* https://*.trouter.skype.com https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://cdn.botframework.com/botframework-webchat https://ocsdk-prod.azureedge.net8 https://*.service.signalr.net https://ecs.office.com https://browser.pipe.aria.microsoft.com https://oc-cdn-ocprod.azureedge.net/livechatwidget https://cdn.botframework.com/botframework-webchat wss://trouter2-azsc-sece-8-a.trouter.teams.microsoft.com wss://trouter2-azsc-euno-4-b.trouter.teams.microsoft.com wss://trouter2-azsc-euwe-2-a.trouter.teams.microsoft.com https:; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinim.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com/ *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com/ *.hotjar.io/ https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://*.pinterest.com/ https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com/ *.hotjar.io/ *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com/ https://consentcdn.cookiebot.com https://www.google.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com/ https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com/ *.hotjar.io/ *.formdesk.com/ https://tr.snapchat.com https://live.netcamviewer.nl;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com/ *.hotjar.io/;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://stats.g.doubleclick.net *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com;base-uri 'self' 2
frame-ancestors 'self' *.checkout.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none' 2
frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 2
frame-ancestors 'self' cdn.matrixlms.com 2
child-src * blob: gap:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 2
default-src https: data: wss://*.hotjar.com wss://*.zopim.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; style-src https: 'unsafe-inline' *.crazyegg.com; img-src data: https: 'unsafe-inline' *.crazyegg.com; font-src data: https: 'unsafe-inline' *.crazyegg.com; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 2
worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://test.fenixdirecto.com https://www.fenixdirecto.com; 2
frame-src 'self' *; 2
frame-ancestors 'self' https://app.safe.global; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.cib.bnpparibas cdn.cookielaw.org www.google-analytics.com www.googleadservices.com https://*.googletagmanager.com www.youtube.com js-agent.newrelic.com bam.eu01.nr-data.net player.ausha.co cdn.polyfill.io snap.licdn.com https://*.teads.tv https://*.bnpparibas.com https://www.google.com https://*.gstatic.com https://platform.twitter.com https://player.ausha.co https://cvn.bnpparibas.com https://activitymap.adobe.com https://cdn.jsdelivr.net https://*.doubleclick.net; style-src 'self' 'unsafe-inline' 'report-sample' js-agent.newrelic.com https://*.cib.bnpparibas https://*.bnpparibas.com https://*.mediahub.bnpparibas https://cdn.jsdelivr.net https://fonts.googleapis.com/ https://googletagmanager.com https://*.googletagmanager.com https://*.gstatic.com/ ; object-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://*.cib.bnpparibas cdn.cookielaw.org bam.eu01.nr-data.net geolocation.onetrust.com bnp-privacy.my.onetrust.com https://cdn.linkedin.oribi.io https://*.teads.tv https://*.bnpparibas.com https://adservice.google.com; font-src 'self' 'unsafe-inline' data: https://*.cib.bnpparibas https://*.gstatic.com https://*.doubleclick.net; frame-src 'self' 'unsafe-inline' www.youtube.com player.ausha.co https://*.bnpparibas.com https://www.google.com https://embed.podcasts.apple.com https://players.brightcove.net https://player.vimeo.com https://open.spotify.com https://www3.actito.com https://*.doubleclick.net https://*.teads.tv/ ; img-src 'self' 'unsafe-inline' https://*.cib.bnpparibas https://cib.bnpparibas data: cib.sc.omtrdc.net www.google.com pbs.twimg.com www.google.fr secure.gravatar.com i.ytimg.com px.ads.linkedin.com https://*.teads.tv https://cdn.cookielaw.org https://*.doubleclick.net https://*.gstatic.com https://*.googletagmanager.com; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline' https://*.mediahub.bnpparibas https://mediahub.bnpparibas https://dam.bnpparibas.com 2
frame-ancestors https://*.rsca.be https://*.rsca.infosupport.com  https://*.ddev.site; report-uri /report-csp-violation 2
child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net https://*.plausible.io; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.hotjar.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.redsift.com *.google.com https://*.google.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://plausible.io/js/script.js; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://tagmanager.google.com https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com/ https://*.g.doubleclick.net https://*.googlesyndication.com https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://www.youtube.com www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net; connect-src 'self' https://*.redsift.com https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://www.google-analytics.com https://region1.google-analytics.com https://adservice.google.com https://*.g.doubleclick.net https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://hook.integromat.com/ https://api.github.com/repos/redsift/red-sift-website/dispatches https://webto.salesforce.com https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://pagead2.googlesyndication.com https://pagead2.googlesyndication.com/pagead https://adservice.google.com https://googleads.g.doubleclick.net https://ipforensics-svc.redsift.io/graphql https://www.googletagmanager.com https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://google.com/pagead/form-data/869175686 https://google.com/ccm/form-data/869175686 https://www.google.com https://www.google.de https://www.google.no https://www.google.ca https://www.google.ch https://www.google.es https://www.google.it https://www.google.co.uk https://www.google.co.nz https://www.google.co.au https://www.google.nl https://www.google.fr https://www.google.be https://www.google.se https://www.google.pt https://c.6sc.co/ https://ipv6.6sc.co/ https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://plausible.io/api/event; worker-src 'self' blob:; frame-ancestors 'self' https://*.redsift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 2
default-src 'self';script-src 'self' cdn.jsdelivr.net cdn.bc0a.com consents-cf.bc0a.com ixfd1-api.bc0a.com cdn.b0e8.com img.en25.com img04.en25.com www.googletagmanager.com api.brightedge.com www.google-analytics.com jobs.jobvite.com s1503422690.t.eloqua.com www.datadoghq-browser-agent.com ixcontents.b4e0.com js.zi-scripts.com ws-assets.zoominfo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn.b0e8.com 'unsafe-inline';connect-src 'self' ws://alliant.com http://alliant.com ws://umbracoalliant-admin-prod-windows-app.azurewebsites.net http://umbracoalliant-admin-prod-windows-app.azurewebsites.net ixfd1-api.bc0a.com www.google-analytics.com stats.g.doubleclick.net s1503422690.t.eloqua.com api.brightedge.com jobs.jobvite.com cookie-cdn.bc0a.com rum.browser-intake-us3-datadoghq.com js.zi-scripts.com ws.zoominfo.com;font-src 'self';img-src 'self' marvel-b1-cdn.bc0a.com marvel-processor.bc0a.com a1.b0e8.com dashboard.umbraco.com www.google-analytics.com s1503422690.t.eloqua.com;media-src 'none';object-src 'none';frame-ancestors 'self';frame-src 'self' w.soundcloud.com jobs.jobvite.com www.youtube-nocookie.com player.vimeo.com;report-uri /csp-report 2
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data:; frame-src https:; 2
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self' 2
base-uri 'self'; default-src 'self'; object-src 'none'; connect-src 'self' https://forms-eu1.hscollectedforms.net https://events.eu1.segmentapis.com https://popup.wisepops.com https://app.ewebinar.com https://embedwistia-a.akamaihd.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.google.com https://*.google.fr https://api.ewebinar.com https://*.inspectlet.com wss://ws.inspectlet.com https://my.yoast.com/api/ https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://ibabs.ewebinar.com https://cdn.wisepops.com https://tracking.wisepops.com https://squeaky.ai/api/graphql wss://gateway.squeaky.ai wss://squeaky.ai/api/graphql https://*.clarity.ms https://cdn.segment.com https://*.doubleclick.net *.hs-banner.com *.hubspot.com *.hubapi.com *.hsforms.com *.wistia.com https://fast.wistia.net *.litix.io *.facebook.com *.segment.io *.salesfeed.com stats.g.doubleclick.net https://*.googlesyndication.com https://www.google.nl/ads/ https://*.google-analytics.com https://app.ewebinar.com https://ibabs.ewebinar.com https://bat.bing.com; font-src 'self' 'unsafe-inline' data: *.ibabs.eu *.ibabsonline.eu *.gstatic.com https://js-eu1.hs-banner.com/v2/ https://fast.wistia.com; frame-src 'self' https://*.doubleclick.net *.youtube-nocookie.com *.youtube.com youtube.com https://sdk.companywebcast.com https://*.google.com *.facebook.com *.hsforms.com *.hubspot.com *.hs-sites-eu1.com https://app.ewebinar.com https://ibabs.ewebinar.com https://platform.twitter.com; img-src 'self' 'unsafe-inline' data: *.ibabs.eu *.ibabsonline.eu *.ibabs.fr *.facebook.com https://*.google.com https://*.google.co.uk https://*.google.fr https://connect.facebook.net https://*.inspectlet.com https://fast.wistia.com https://bat.bing.com https://c.bing.com https://*.clarity.ms https://ewebinar.imgix.net https://4788601.fs1.hubspotusercontent-na1.net https://4788601.fs1.hubspotusercontent-eu1.net https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://assets.ewebinar.com https://app.ewebinar.com https://ibabs.ewebinar.com https://cdn.wisepops.com *.wistia.com https://syndication.twitter.com https://*.hsappstatic.com https://*.hsappstatic.net https://*.googletagmanager.com https://*.hubspot.com *.hubspotusercontent00.net *.hubspot.net *.hs-sites.com *.hsforms.com *.salesfeed.com https://*.lfeeder.com https://*.w.org https://*.google.com https://*.google.nl *.google-analytics.com *.doubleclick.net *.azurewebsites.net *.ibabs.co.uk *.gravatar.com *.linkedin.com; script-src 'self' blob: *.ibabs.eu *.ibabs.com *.ibabsonline.eu https://yoast.com/shared-assets/ https://loader.wisepops.com https://cdn.linkedin.oribi.io https://cdn.wisepops.com https://tracking.wisepops.com https://*.clarity.ms https://cdn.squeaky.ai https://www.youtube.com/iframe_api https://px.ads.linkedin.com https://fast.wistia.com https://app.wistia.com *.hsforms.net *.hscollectedforms.net *.usemessages.com *.segment.com *.hs-banner.com *.hsforms.com *.hsadspixel.net https://app.ewebinar.com https://assets.ewebinar.com https://ibabs.ewebinar.com *.licdn.com *.lfeeder.com *.companywebcast.com https://*.inspectlet.com https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/plugins/ua/linkid.js https://bat.bing.com/bat.js *.salesfeed.com https://googleads.g.doubleclick.net/j/collect https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://*.google.com https://*.google.fr https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/gtm.js https://platform.twitter.com https://platform.linkedin.com https://www.link-page.info/tracking_19299.js https://bat.bing.com https://www.link-page.info/tracking_19299/ 'unsafe-inline' 'unsafe-eval' *.facebook.net *.hs-analytics.net *.hs-scripts.com *.hubspot.com *.hscta.net *.hsleadflows.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ibabs.com *.wistia.com https://fast.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' *.ibabsonline.eu *.hs-sites.com *.salesfeed.com *.googleapis.com; 2
script-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://* data: 2
base-uri 'self';frame-ancestors 'self'; 2
default-src 'self'; connect-src 'self' https://images.ctfassets.net https://videos.ctfassets.net https://cdn.cookielaw.org https://p.typekit.net https://use.typekit.net https://geolocation.onetrust.com https://recaptcha.net https://i.ytimg.com https://www.youtube.com https://www.gstatic.com https://api.mapbox.com https://events.mapbox.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://analytics.google.com https://static.oktopost.com https://okt.to https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com https://recaptcha.net; img-src 'self' https://images.ctfassets.net https://i.ytimg.com https://cdn.cookielaw.org https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://analytics.google.com https://px.ads.linkedin.com data: https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' https://videos.ctfassets.net; object-src 'self' data:; script-src 'self' https://sgtm.essencemediacom.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com https://cdn.cookielaw.org https://recaptcha.net https://www.gstatic.com https://ajax.cloudflare.com https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://static.oktopost.com https://okt.to https://unpkg.com 'unsafe-inline' ; style-src 'self' https://p.typekit.net https://use.typekit.net https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.contentful.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.gstatic.com https://*.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://*.google.com https://www.facebook.com https://connect.facebook.net https://*.link.sg https://storage.googleapis.com https://*.googleapis.com https://s.go-mpulse.net https://*.nedigital.sg; script-src-elem 'self' 'unsafe-inline' https://s.go-mpulse.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://*.google.com; connect-src 'self' https://pagead2.googlesyndication.com https://*.google.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://pass.link.sg https://*.fairprice.com.sg https://*.web.plus.com.sg https://digital.plus.com.sg https://rum.browser-intake-datadoghq.com https://web.plus.com.sg https://*.split.io https://api.link.sg https://stats.g.doubleclick.net https://c.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://www.google.com.sg; img-src 'self' data: https://*.google-analytics.com https://*.prod-media.nedigital.sg https://*.cloudfront.net *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.gstatic.com https://*.googleapis.com https://*.nedigital.sg; frame-src 'self' https://td.doubleclick.net https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: blob: https://*.gstatic.com https://*.googleapis.com https://*.nedigital.sg; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.link.sg; 2
frame-ancestors 'none'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com *.amazonaws.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com; object-src 'none'; img-src 'self' blob: red2023dev.wpengine.com red.org p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.cloudfront.net https://sidebar.bugherd.com https://bugherd-attachments.s3.amazonaws.com *.google-analytics.com *.analytics.google.com is1-ssl.mzstatic.com https://www.google.com https://www.google.ca https://tr.snapchat.com view.ceros.com; script-src 'self' 'unsafe-inline' https://use.typekit.net https://www.bugherd.com devserver.red.localhost https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com *.amazonaws.com *.greenhouse.io red.us20.list-manage.com/ *.googletagmanager.com https://sc-static.net/scevent.min.js https://analytics.tiktok.com https://tr.snapchat.com https://www.youtube.com https://view.ceros.com/scroll-proxy.min.js https://www.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com; style-src 'unsafe-inline' 'self' *.typekit.net cdn-images.mailchimp.com https://lf16-tiktok-web.tiktokcdn-us.com; font-src 'self' data: *.typekit.net; frame-src 'self' *.youtube.com https://sidebar.bugherd.com *.greenhouse.io embed.podcasts.apple.com/ embed.music.apple.com/ https://tr.snapchat.com https://view.ceros.com https://www.tiktok.com; default-src 'self' 2
frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self' 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' 796-pbw-559.mktoresp.com *.algolianet.com *.twitter.com *.company-target.com *.qualified.com boards.greenhouse.io cdn.cookielaw.org content.hotjar.io ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.wistia.com embedwistia-a.akamaihd.net *.wistia.net *.onetrust.com *.orca.security googleads.g.doubleclick.net *.googleusercontent.com *.marketo.net orca.security *.wp.com *.linkedin.com static.ads-twitter.com *.hotjar.com stats.g.doubleclick.net t.co *.demandbase.com tracking.g2crowd.com *.hotjar.io wss wss://ws.hotjar.com wss://ws.qualified.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.googleoptimize.com www.googletagmanager.com www.youtube.com *.gravatar.com ad.doubleclick.net analytics.twitter.com boards.cdn.greenhouse.io fonts.gstatic.com mc.yandex.ru pagead2.googlesyndication.com pos.baidu.com translate.googleapis.com *.bing.com region1.analytics.google.com api.mkmediaworks.com blob: https://orca.security/5fc9ffbb-97f6-4f2c-b9d4-572461ee66bf cdn.linkedin.oribi.io obseu.segreencolumn.com www.google.cn www.google.com.eg www.google.kg www.google.tm www.gstatic.com www.google.com.bo *.adsrvr.org sentry.io euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms www.googleadservices.com 5f6b2d0bd0ea9d00689c778b.services.infinigrow.com lh7-us.googleusercontent.com cm.g.doubleclick.net ssl.google-analytics.com www.facebook.com id.rlcdn.com dsum-sec.casalemedia.com partners.tremorhub.com pixel.rubiconproject.com s.w.org token.rubiconproject.com rapidsec.com munchkin.marketo.net o95209.ingest.sentry.io s3.eu-west-1.amazonaws.com translate-pa.googleapis.com *.linkedin.com *.algolia.net orca-2024.go-vip.net *.6sc.co *.6sense.com js.zi-scripts.com ws.zoominfo.com secure.adnxs.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' boards.greenhouse.io cdn.cookielaw.org ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net euob.segreencolumn.com fast.wistia.com fast.wistia.net go.orca.security googleads.g.doubleclick.net js.qualified.com munchkin.marketo.net orca.security pi.pardot.com script.hotjar.com static.ads-twitter.com static.hotjar.com stats.wp.com tag.demandbase.com tracking.g2crowd.com try.orca.security www.google-analytics.com www.googleoptimize.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com js.adsrvr.org edge.marker.io obseu.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com www.clarity.ms www.googleadservices.com tpc.googlesyndication.com snap.licdn.com *.6sc.co *.6sense.com; script-src-elem 'self' data: 'unsafe-inline' app.vwo.com boards.greenhouse.io cdn.cookielaw.org cdnjs.cloudflare.com connect.facebook.net ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.wistia.com *.wistia.net *.orca.security googleads.g.doubleclick.net *.qualified.com munchkin.marketo.net orca.security *.hotjar.com ssl.google-analytics.com static.ads-twitter.com *.wp.com *.demandbase.com tpc.googlesyndication.com tracking.g2crowd.com *.googleapis.com *.google.com www.google-analytics.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com yoast.com rapidsec.com s3.eu-central-1.amazonaws.com www.gstatic.com www.youtube.com js.adsrvr.org edge.marker.io api.company-target.com euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms obseu.segreencolumn.com snap.licdn.com shortstack.services.atlassian.com *.google.ca *.6sc.co *.6sense.com js.zi-scripts.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' orca.security *.orca.security fonts.googleapis.com; style-src-elem 'self' data: 'unsafe-inline' *.qualified.com fonts.googleapis.com *.orca.security orca.security www.googletagmanager.com www.gstatic.com p.typekit.net *.wp.com; style-src-attr 'unsafe-inline'; font-src 'self' data: assets.qualified.com fast.wistia.com fast.wistia.net fonts.gstatic.com github.com *.fontawesome.com orca.security themes.googleusercontent.com use.typekit.net fonts.cdnfonts.com static.zip.co fonts.googleapis.com at.alicdn.com *.orca.security *.wp.com; media-src 'self' app.qualified.com *.wistia.com embedwistia-a.akamaihd.net *.wistia.net ssl.gstatic.com blob: data: www.youtube.com; object-src 'self' *.wistia.com embedwistia-a.akamaihd.net orca.security; child-src 'self' app.qualified.com boards.greenhouse.io fast.wistia.com fast.wistia.net go.orca.security s.company-target.com try.orca.security www.youtube.com blob: *.google.com *.adsrvr.org insight.adsrvr.cn; frame-src 'self' 5gtvu7km85.execute-api.us-east-1.amazonaws.com *.google.com app.qualified.com *.opendns.com boards.greenhouse.io fast.wistia.com fast.wistia.net *.orca.security orca.security s.company-target.com td.doubleclick.net tpc.googlesyndication.com www.googletagmanager.com www.youtube.com *.adsrvr.cn *.adsrvr.org app.marker.io lsrelay-config-production.s3.amazonaws.com obseu.segreencolumn.com obseu.itstarsbuilding.com schools-blocked.s3-website-us-east-1.amazonaws.com login.microsoftonline.us widgets.wp.com; worker-src blob:; frame-ancestors 'self'; form-action 'self' *.orca.security orca.security; manifest-src 'self' orca.security *.orca.security; report-uri https://osweb25b8034a79abb3.report-uri.com/r/t/csp/reportOnly 2
default-src 'none';  script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com www.yellowmap.de cdn.yellowmap.de cdn.trustcommander.net www.youtube.com www.google-analytics.com *.doubleclick.net;  style-src 'self' 'unsafe-inline' cdn.yellowmap.de;  connect-src 'self' *.lbs.de *.ingest.sentry.io autocomplete.smartmaps.cloud *.yellowmap.de *.trustcommander.net *.commander1.com *.google-analytics.com  *.analytics.google.com www.google.com www.google.de *.doubleclick.net  eu-api.friendlycaptcha.eu global.sitesearch360.com external-proxy-immobilien.sparkasse.de stage-service.lbs.de service.lbs.de;  img-src data: 'self' 'unsafe-inline' map.iib-institut.de *.yellowmaps.eu www.yellowmap.de *.lbs.de *.trustcommander.net *.commander1.com img.youtube.com *.google-analytics.com www.googletagmanager.com www.google.com www.google.de api.sparkassen-mediacenter.de *.doubleclick.net images.podigee-cdn.net www.sparkasse.de stage-www.sparkasse.de stage-static-immobilien.sparkasse.de static-immobilien.sparkasse.de;  media-src api.sparkassen-mediacenter.de youtu.be www.youtube.com;  frame-src data: 'self' cdn.trustcommander.net widget.civey.com www.youtube.com player.podigee-cdn.net;  font-src www.lbs.de live-www.lbs.de cdn.yellowmap.de;  object-src 'self';  manifest-src 'self';  worker-src 'self' blob:; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 2
default-src https: 'unsafe-inline' object-src data: 'unsafe-eval' 2
default-src 'self'; script-src 'self' *.youtube.com https://unpkg.com vjs.zencdn.net cdnjs.cloudflare.com *.matomo.cloud 'unsafe-inline' *.matomo.cloud; style-src 'self' fonts.googleapis.com *.youtube.com https://unpkg.com cdnjs.cloudflare.com 'unsafe-inline' vjs.zencdn.net; img-src 'self' data: *.youtube.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.matomo.cloud; report-uri /report-csp-violation 2
frame-ancestors 'self' *.ssnc.cloud learningcenter.wealthmsi.com learningcenter-uat.wealthmsi.com betaretirement.financialtrans.com retirement.financialtrans.com; 2
frame-ancestors 'self', upgrade-insecure-requests; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com  cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; style-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: data:; font-src https: data:; upgrade-insecure-requests; 2
frame-ancestors 'self' http://*.storyblok.com/ https://*.storyblok.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src data: 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com https://geoportal.bayern.de/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.piwik.bayern.de/piwik/piwik.js https://*.assistent.bayern.de/static/ 2
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.opennms.com *.opennms.ca wpengine.com forms.hsforms.com secure.gravatar.com track.hubspot.com forms-na1.hsforms.com px.ads.linkedin.com dify.wpengine.com updates.theme-fusion.com www.googletagmanager.com googleads.g.doubleclick.net analytics.google.com alb.reddit.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' *.opennms.com *.opennms.ca www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com js.hs-scripts.com js.hsforms.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net snap.licdn.com js.hsadspixel.net ws.zoominfo.com www.redditstatic.com js.usemessages.com connect.facebook.net; frame-src 'self' www.google.com static.hsappstatic.net app.hubspot.com forms.hsforms.com www.facebook.com *.statuspage.io; connect-src 'self' forms.hubspot.com static.hsappstatic.net app.hubspot.com www.google-analytics.com js.hs-banner.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io api.hubapi.com yoast.com my.wpengine.com forms.hscollectedforms.net ws.zoominfo.com analytics.google.com stats.g.doubleclick.net api.hubspot.com www.facebook.com; frame-ancestors 'self'; 2
frame-ancestors 'self' https://*.kontent.ai https://app.kontent.ai 2
script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'     adsrvr.org *.adsrvr.org    adventurervsales.com *.adventurervsales.com     amazonaws.com *.amazonaws.com    arrkannrv.com *.arrkannrv.com    asrvm.com *.asrvm.com    auryc.com *.auryc.com     automanager.com *.automanager.com    authorize.net *.authorize.net     calendly.com *.calendly.com     callersiq.com *.callersiq.com    cdninstagram.com *.cdninstagram.com    chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay-var.com     chasepaymentechhostedpay.com *.chasepaymentechhostedpay.com    cliffjonesrv.com *.cliffjonesrv.com    cloudflare.com *.cloudflare.com    coloradorvcenter.com *.coloradorvcenter.com     crowleyauto.com *.crowleyauto.com    ddrv.com *.ddrv.com    dealer-cdn.com *.dealer-cdn.com     dealerspike.com *.dealerspike.com     dlrwebservice.com *.dlrwebservice.com    doubleclick.net *.doubleclick.net     dynamicweb.com *.dynamicweb.com    emfluence.com *.emfluence.com cdn.emailer.emfluence.com     facebook.com *.facebook.com connect.facebook.net    formstack.com *.formstack.com winnebago.formstack.com    foursixty.com *.foursixty.com    funtimecampers.com *.funtimecampers.com     google.com *.google.com     gstatic.com *.gstatic.com     googleapis.com *.googleapis.com      googleadservices.com *.googleadservices.com     googletagmanager.com *.googletagmanager.com     google-analytics.com *.google-analytics.com     gorollick.com *.gorollick.com    greatalaskanholidays.com *.greatalaskanholidays.com    inboundapi.com *.inboundapi.com    inboundgeo.com *.inboundgeo.com    interactcp.com *.interactcp.com     jquery.com *.jquery.com code.jquery.com     lamesarv.com *.lamesarv.com     level5marketing.com *.level5marketing.com     linkedin.com *.linkedin.com    licdn.com *.licdn.com snap.licdn.com     lmrvwebsite.blob.core.windows.net     mantellirv.com *.mantellirv.com    matterport.com *.matterport.com my.matterport.com    microsoftonline-p.com *.microsoftonline-p.com    minardsleisureworld.com *.minardsleisureworld.com    moixrvsupercenter.com *.moixrvsupercenter.com    netsourcemedia.com *.netsourcemedia.com    nhtsa.gov *.nhtsa.gov api.nhtsa.gov    nirvc.com *.nirvc.com     netdna-ssl.com *.netdna-ssl.com    northtrailrv.com *.northtrailrv.com     office.com *.office.com    owascorv.com *.owascorv.com    pixelmotiondemo.com *.pixelmotiondemo.com    polyfill.io *.polyfill.io     poulsborv.com *.poulsborv.com    reliablerv.com *.reliablerv.com    rexandsonsrvs.com *.rexandsonsrvs.com    rnrrv.com *.rnrrv.com     rv-inventory.s3.amazonaws.com    rollick.io *.rollick.io    roysrv.com *.roysrv.com     rvhotlinecanada.com *.rvhotlinecanada.com    rvonedata.com *.rvonedata.com    rvtrader.com *.rvtrader.com    rvwsplatform.com *.rvwsplatform.com    secureoffersites.com *.secureoffersites.com    stlrv.net *.stlrv.net     transwest.com *.transwest.com    trianglerv.com *.trianglerv.com    r.turn.com     van.life *.van.life    vimeo.com *.vimeo.com    voyagerrv.ca *.voyagerrv.ca     ws.aimbase.com    wsqa.aimbase.com     youtube.com *.youtube.com    youtube-nocookie.com *.youtube-nocookie.com     i3.ytimg.com    *.cwsplatform.com       blob: data:; 2
default-src 'self' https://hhglobal.com https://www.hhglobal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://www.googletagmanager.com https://player.vimeo.com https://www.youtube.com https://snap.licdn.com/ https://secure.intelligent-business-wisdom.com/ https://marketing.hhglobal.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://decoupledhhg.wpengine.com/; img-src 'self' data: https://www.hhglobal.com https://www.googletagmanager.com/ https://ps.w.org https://secure.gravatar.com/ https://px.ads.linkedin.com/ https://i.vimeocdn.com https://cdn.cookielaw.org/ https://marketing.hhglobal.com; object-src 'none' ; font-src 'self' data: ; frame-src 'self' https://player.vimeo.com/; connect-src 'self' https://region1.google-analytics.com/ https://submit-form.com https://px.ads.linkedin.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://idx.liadm.com/; worker-src 'self' https://hhglobal.com https://www.hhglobal.com; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/5f78583775.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/is-in-viewport/3.0.4/isInViewport.min.js https://cdnjs.cloudflare.com/ajax/libs/autosize.js/5.0.1/autosize.min.js https://cdnjs.cloudflare.com/ajax/libs/sharer.js/0.5.1/sharer.min.js https://email.efex.com.au/resources/sharing/embed.js https://unpkg.com/@lottiefiles/lottie-player@1.6.0/dist/lottie-player.js https://www.googletagmanager.com/gtag/js https://unpkg.com/@lottiefiles/lottie-interactivity@1.6.2/dist/lottie-interactivity.min.js https://vimeo.com/api/oembed.json https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js https://www.gstatic.com/eureka/clank/117/cast_sender.js https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js  https://www.gstatic.com/eureka/clank/117/cast_sender.js https://email.efex.com.au/assets/scripts/LandingPagesEmbedded1_2 https://email.efex.com.au/Resources/LandingPagesEmbedded/localised/strings.js https://www.googletagmanager.com/gtm.js https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://www.vimeo.com/api/oembed.json https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/infowindow.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/onion.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/marker.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/map.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/util.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/controls.js https://maps.googleapis.com/maps/api/js https://polyfill.io/v3/polyfill.min.js ; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://kit.fontawesome.com/5f78583775.js; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://www.google-analytics.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://email.efex.com.au https://player.vimeo.com https://r1.dotdigital-pages.com; img-src data: 'self' https://www.googletagmanager.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://i.vimeocdn.com https://lh3.ggpht.com https://lh3.ggpht.com https://i.vimeocdn.com/video/1568323917-4ccc690ec25da531eae5861e5c1a7b7c5b2d65f5ae8f2ac91fc18315e4d8471c-d; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 2
default-src 'self'; connect-src 'self' https://*.sata.pt https://*.proscloud.com https://o210366.ingest.sentry.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.paypal.com https://*.azoresairlines.pt https://azo-cdn.azureedge.net https://tracking.monsido.com https://*.inside-graph.com wss://*.inside-graph.com https://*.googlesyndication.com https://*.quantcast.com https://*.inmobi.com https://www.facebook.com/tr/; font-src 'self' https://i.icomoon.io https://fonts.gstatic.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://azo-cdn.azureedge.net; form-action 'self' https://*.proscloud.com https://*.paypal.com https://*.iata.org https://payments.sata.pt https://*.azoresairlines.pt https://*.sata.pt https://www.facebook.com/tr/; frame-src 'self' https://www.google.com https://www.recaptcha.net https://bid.g.doubleclick.net https://*.paypal.com https://static.sojern.com https://*.inside-graph.com https://*.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; object-src 'none'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://quantcast.mgr.consensu.org https://secure.quantserve.com https://cmp.quantcast.com https://cmp.inmobi.com https://rules.quantcount.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://storage.googleapis.com https://www.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://static.sojern.com/utils/sjrn_autocx.js https://cdn.monsido.com https://*.inside-graph.com https://connect.facebook.net https://static.connect.travelaudience.com https://azo-cdn.azureedge.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.inside-graph.com https://i.icomoon.io https://azo-cdn.azureedge.net; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self' *.qbrick.com; media-src * blob:; worker-src * blob:; object-src 'self'; connect-src wss: https: 2
frame-ancestors 'self' *.allwaysvip.com *.plazapremiumlounge.com *.myaerotel.com 2
default-src *; font-src * data:;img-src * data:;frame-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 2
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.edgepilot.com *.onelink-edge.com *.reddit.com *.ipredictive.com data: blob: search.adspipe.com.pagescdn.com *.yext.com adspipe.tfaforms.net assets.ads-pipe.com assets.adspipe.com assets.sitescdn.net *.cmp.osano.com cmp.osano.com adswww.azureedge.net go.adspipe.com ndn.statistinamics.com *.facebook.com *.livechatinc.com *.juicer.io *.googleapis.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google.com *.evgnet.com *.evergage.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/ platform.twitter.com *.googleadservices.com https://snap.licdn.com https://syndication.twitter.com/ *.ytimg.com https://publish.twitter.com *.twimg.com *.linkedin.com http://platform.stumbleupon.com/1/widgets.js ucv.bynder.com cdn.adspipe.com adspipeca.mpeasylink.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org use.typekit.net kit.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sharethis.com *.kbmax.com *.pardot.com *.ads-pipe.com *.qualtrics.com *.bing.com netdna.bootstrapcdn.com kendo.cdn.telerik.com https://dec.azureedge.net *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com https://p.adsymptotic.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com *.cloudfront.net https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com *.eloqua.com track.hubspot.com p.typekit.net *.ads-pipe.com *.nyloplast-us.com https://assets.sitescdn.net/answers-search-bar analytics.convertlanguage.com *.fontawesome.com fr-ca.adspipe.ca; child-src 'self' *.ipredictive.com blob: search.adspipe.com.pagescdn.com *.ads-pipe.com *.adspipe.com adspipe.tfaforms.net *.juicer.io *.doubleclick.net https://platform.twitter.com/ https://info.nyloplast-us.com *.sharethis.com *.livechatinc.com https://platform.twitter.com/ https://*.google.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com *.hotjar.io https://c.sharethis.mgr.consensu.org *.kbmax.com *.qualtrics.com *.juicer.io adspipeca.mpeasylink.com; connect-src 'self' blob: *.googlesyndication.com *.onelink-edge.com *.linkedin.oribi.io bcp.crwdcntrl.net/6/map *.facebook.com *.evergage.com *.evgnet.com *.qualtrics.com *.livechatinc.com accounts.google.com https://maps.googleapis.com https://*.dec.sitefinity.com *.mktoresp.com *.hotjar.io performance.typekit.net wss://ws.hotjar.com https://*.hotjar.com vc.hotjar.io wss://*.hotjar.io *.fontawesome.com https://www.google-analytics.com *.doubleclick.net *.google-analytics.com analytics.google.com answers.yext-pixel.com *.yext.com *.api.osano.com *.sharethis.com *.kbmax.com *.ads-pipe.com *.dec.sitefinity.com *.nyloplast-us.com *.bing.com www.google.com google.com *.linkedin.com; object-src none; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://* https://* data:; 2
default-src 'self' data:;child-src blob:;style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud *.stackadapt.com ifaqs.flexanswer.com du89v9a480hlb.cloudfront.net *.jquery.com heapanalytics.com;img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net analytics.twitter.com googleads.g.doubleclick.net *.stackadapt.com *.azr.footprintdns.com *.hsforms.com *.6sc.co *.6sense.com *.jquery.com heapanalytics.com;font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud heapanalytics.com;media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com *.atmrum.net *.stackadapt.com www.googleoptimize.com resources.customersure.com du89v9a480hlb.cloudfront.net js.hubspot.com *.6sc.co *.6sense.com cdn.heapanalytics.com heapanalytics.com;connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net *.stackadapt.com maps.googleapis.com api.investisdigital.com hubspot-forms-static-embed.s3.amazonaws.com gbg.customersure.com *.6sc.co *.6sense.com uksouth-1.in.applicationinsights.azure.com cdn.linkedin.oribi.io heapanalytics.com;frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com www.edisoninvestmentresearch.com otp.tools.investis.com www.connectidfeed.com gbg.customersure.com *.6sc.co *.6sense.com;frame-ancestors 'self' *.loqate.com gbgplc.interactgo.com;worker-src  blob:; 2
frame-ancestors 'self' *.everwisecu.com *.zagclients.net 2
frame-ancestors https://tiger-corporation.com https://*.tiger-corporation.com https://community.tigerbottles.com; 2
frame-ancestors *; report-uri /report-csp-violation 2
default-src 'self' *.mapfredigitalhealth.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.hotjar.com d2oh4tlt9mrke9.cloudfront.net mapfresaluddigital.my.salesforce-sites.com mapfresaluddigital.my.salesforce.com www.youtube.com assets.ubembed.com snap.licdn.com 0247afab1fe544fbb43871d326b38e0f.js.ubembed.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net *.bootstrapcdn.com *.cloudflare.com *.sandbox.my.salesforce.com *.mapfredigitalhealth.com *.force.com *.gstatic.com *.salesforceliveagent.com *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com js.stripe.com code.jquery.com cdn.usefathom.com *.cookielaw.org *.googlesyndication.com *.force.com *.sandbox.my.salesforce-sites.com; img-src 'self' blob: data: googleads.g.doubleclick.net pagead2.googlesyndication.com  *.events.ubembed.com *.google.com.mx *.pro.mapfredigitalhealth.com mapfresaluddigital.my.salesforce-sites.com i.ytimg.com px.ads.linkedin.com *.google.es bat.bing.com *.mapfre.com *.google.com *.facebook.com *.googleapis.com *.google-analytics.com *.saludsavia.com img.youtube.com www.googletagmanager.com cdn.usefathom.com *.gstatic.com cdn.cookielaw.org *.force.com *.eu-central-1.amazonaws.com; style-src 'self' 'unsafe-inline' data: *.pro.mapfredigitalhealth.com *.jquery.com *.salesforce-sites.com *.force.com *.saludsavia.com *.googleapis.com *.sandbox.my.salesforce-sites.com; font-src 'self' data: *.pro.mapfredigitalhealth.com *.saludsavia.com *.gstatic.com *.s3.eu-west-1.amazonaws.com; connect-src 'self' data:image/png data: pagead2.googlesyndication.com *.events.ubembed.com bat.bing.com *.google.com.mx api.smartdyspnea.com stats.g.doubleclick.net googleads.g.doubleclick.net *.docline.com *.my.salesforce-sites.com *.saludsavia.com *.googleapis.com *.googlesyndication.com api-demo.docline.eu *.pro.mapfredigitalhealth.com *.analytics.google.com *.google.es *.google.com *.google-analytics.com *.salesforceliveagent.com *.advance-telehealth.com wss: *.meetingdoctors.com *.sentry.io *.cookielaw.org www.googletagmanager.com *.onetrust.com *.meetingdoctors.com *.force.com *.googleapis.com *.sandbox.my.salesforce-sites.com *.opinator.com; frame-src 'self' savia.enola.app mapfre.es 0247afab1fe544fbb43871d326b38e0f.pages.ubembed.com td.doubleclick.net savia-forms-pro-xkitxpfeaq-no.a.run.app *.saludsavia.com *.youtube.com *.youtube-nocookie.com *.google.com *.advance-telehealth.com *.meetingdoctors.com *.pro.mapfredigitalhealth.com *.stripe.com *.google.com *.facebook.com *.force.com *.opinator.com; 2
child-src 'self' blob: https://www.bilibili.com https://tongji.baidu.com https://passport.jlc.com https://www.youtube.com https://player.bilibili.com; frame-ancestors 'self' https://tongji.baidu.com https://passport.jlc.com https://www.youtube.com https://player.bilibili.com https://www.bilibili.com 2
default-src 'self'; script-src data: blob: 'unsafe-inline' 'self' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net snap.licdn.com *.k-analytix.com *.wp.com *.igodigital.com *.privacytools.com.br *.fullstory.com *.facebook.net *.k-analytix.com *.online-metrix.net *.gstatic.com *.handtalk.me plugin.handtalk.me; style-src data: blob: 'self' 'unsafe-inline' *.wp.com *.privacytools.com.br *.googleapis.com *.handtalk.me; img-src 'self' data: blob: *.bvsnet.com.br *.wp.com boavistaservicos.com.br *.boavistaservicos.com.br *.ytimg.com *.gravatar.com *.igodigital.com *.privacytools.com.br *.doubleclick.net *.googletagmanager.com *.google.com *.google.com.br *.facebook.com.br *.facebook.com *.linkedin.com *.google-analytics.com *.handtalk.me plugin.handtalk.me; font-src 'self' data: blob: *.wp.com 'unsafe-inline' *.gstatic.com; connect-src 'self' data: blob: ws: wss: *.konduto.com *.fullstory.com *.oribi.io *.privacytools.com.br *.google.com *.google-analytics.com *.doubleclick.net *.handtalk.me; frame-src 'self' data: blob: *.wp.com *.boavistaservicos.com.br *.youtube.com *.facebook.com *.doubleclick.net *.google.com *.google-analytics.com *.handtalk.me 2
default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none' 2
default-src 'self' blob: *.ctfassets.net *.pinterest.com *.contentful.com *.tiktok.com *.oribi.io *.osano.com *.vwo.com *.usabilla.com *.google.com *.visualwebsiteoptimizer.com *.google.ca *.jst.ai *.segment.com *.segment.io *.amazonaws.com *.googleadservices.com *.attraqt.io *.bootstrapcdn.com *.addthis.com *.pixlee.com *.gildanbrands.com *.bc0a.com *.typekit.net *.azure-api.net *.getshogun.com *.bronto.com *.bigcommerce.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.shgcdn.com *.cdninstagram.com https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net email.gildanbrands.com *.klaviyo.com *.kmail-lists.com *.doubleclick.net *.ubembed.com *.googleapis.com; script-src 'self' blob: *.pinimg.com *.redditstatic.com *.adsrvr.org *.tiktok.com *.media6degrees.com *.dstillery.com *.osano.com 'unsafe-inline' 'unsafe-eval' *.vwo.com *.youtube.com *.b0e8.com *.doubleclick.net *.googleadservices.com *.licdn.com *.outbrain.com *.jst.ai *.cloudflareinsights.com *.segment.io *.segment.com *.gstatic.com *.google.com *.attraqt.io *.cloudfront.net *.addthisedge.com *.moatads.com *.cloudflare.com *.pixlee.com *.bc0a.com *.googleapis.com *.gildanbrands.com *.pxlecdn.com *.addthis.com *.usabilla.com *.getshogun.com *.bronto.com *.bigcommerce.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.shgcdn.com *.cdninstagram.com https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net email.gildanbrands.com *.klaviyo.com *.kmail-lists.com *.ubembed.com; style-src 'self' 'unsafe-inline' *.vwo.com *.jst.ai *.cloudfront.net *.typekit.net *.getshogun.com *.bronto.com *.bigcommerce.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.shgcdn.com *.cdninstagram.com https://www.googletagmanager.com *.klaviyo.com *.kmail-lists.com *.ubembed.com;img-src 'self' placehold.jp gildan.blob.core.windows.net *.pinterest.com *.ctfassets.net *.yahoo.com *.rubiconproject.com *.cloudflare.com *.pixlee.com *.reddit.com *.advanseads.com *.adnxs.com *.visualwebsiteoptimizer.com *.amazonaws.com *.adsrvr.org *.webdamdb.com *.youtube.com *.ytimg.com *.jst.ai *.googleapis.com *.b0e8.com *.gstatic.com *.google.com *.google.ca *.outbrain.com *.adsymptotic.com *.linkedin.com *.bc0a.com *.mybigcommerce.com *.usabilla.com *.pxlecdn.com *.cloudfront.net *.gildanprod.com *.getshogun.com *.bronto.com *.bigcommerce.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.shgcdn.com *.cdninstagram.com https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net email.gildanbrands.com *.klaviyo.com *.kmail-lists.com data: *.ubembed.com; frame-src 'self' *.pinterest.com *.adsrvr.org *.mygildan.com *.pixlee.co *.addthis.com *.gildanbrands.com *.sp-prod.net *.cloudfront.net *.youtube.com *.jst.ai *.doubleclick.net *.facebook.com *.vwo.com *.datasubject.com *.visualwebsiteoptimizer.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.youtube.com https://js.hsforms.net http://js.hs-scripts.com https://js.hubspot.com/web-interactives-embed.js https://www.googleadservices.com http://*.googlesyndication.com https://www.google.com https://www.google.nl; connect-src 'self' 'unsafe-inline' https://api.hubspot.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://in.hotjar.com https://metrics.hotjar.io https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com wss://ws.hotjar.com https://*.hsforms.com https://*.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hubspot.com; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://www.google.nl https://www.googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://*.ads.linkedin.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://googleads.g.doubleclick.net https://www.google.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://app.hubspot.com https://player.vimeo.com https://www.youtube.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://*.hs-sites.com http://tpc.googlesyndication.com https://td.doubleclick.net; 2
block-all-mixed-content; frame-ancestors 'self'; form-action 'self'; object-src 'none'; base-uri 'self'; 2
frame-ancestors 'self' network.napco.com; 2
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com  *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 2
report-uri https://your-domain.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io https://cdn.jsdelivr.net/npm/@emoji-mart/; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io  https://*.inexweb.fr https://*.inexweb.io 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net b.6sc.co c.6sc.co j.6sc.co secure.adnxs.com *.adobe.com assets.adobedtm.com *.adsrvr.org static.ads-twitter.com p.adsymptotic.com *.advancedfundsolutions.com *.akafms.net *.akamaihd.net ingestion-upload-production.s3.amazonaws.com/ platform.asset.tv *.atlcap.com *.bcovlive.io *.bcvp0rtal.com match.prod.bidr.io bat.bing.com tags.bluekai.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.calvert.com *.morganstanley.com *.ms.com *.msim.com cdn.polyfill.io/v2/polyfill.sj cdnjs.cloudflare.com *.cloudfront.net api.company-target.com segments.company-target.com *.custombeta.com *.demandbase.com *.demdex.net dev-drwebsite www.dianomi.com *.doubleclick.net *.eatonvance.at *.eatonvance.ch *.eatonvance.co.kr *.eatonvance.co.uk *.eatonvance.com *.eatonvance.com.au *.eatonvance.de *.eatonvance.dk *.eatonvance.fi *.eatonvance.ie *.eatonvance.jp *.eatonvance.nl *.eatonvance.no *.eatonvance.se *.eatonvance.sg proxy-bedford.eatonvance.com:8443 *.eatonvancecounsel.com eatonvanceinvestment.tt *.eatonvancerealestate.com *.analytics.edgekey.net ejohn.org cm.everesttech.net *.evmanagement.com *.evwateroak.com xbrl.fasb.org servedby.flashtalking.com fluidproject.org *.fml-x.com fml-x.com *.gallerysites.net gateway.zscalertwo.net getbootstrap.com www.giftcalcs.com www.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com vds.issgovernance.com weblogs.java.net www.joostdevalk.nl code.jquery.com static.knowledgevision.com www.kryogenix.org snap.licdn.com *.linkedin.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net *.morningstar.com hello.myfonts.net js-agent.newrelic.com *.nextshares.com bam.nr-data.net javascript.nwbox.com *.omtrdc.net onlinexperiences.com *.parametricportfolio.com pi.pardot.com cdn.polyfill.io www.riddle.com id.rlcdn.com xbrl.sec.gov seekingalpha.com t.sf14g.com www.storygize.net t.co analytics.twitter.com platform.twitter.com cloud.typography.com ww.math.ubc.ca *.uscharitablegifttrust.org *.uslegacyincometrusts.org bcove.video www.w3.org xbrl.org youtube.com vjs.zencdn.net *.dynatrace.com *.evidon.com blob: data: 2
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 2
script-src 'self'; frame-ancestors 'none' 2
frame-ancestors 'self' *.amerigroup.com; 2
default-src 'self' data: blob: *.conac.cn *.bdimg.com *.360eol.com  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://s.yimg.jp/images/listing/tool/cv/ytag.js https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://s.yimg.jp/images/listing/tool/cv/conversion.js https://bid.g.doubleclick.net *.facebook.net https://cdn.syndication.twimg.com https://static.ads-twitter.com *.karte.io *.twitter.com *.pardot.com facebook.com graph.facebook.com ; child-src 'self' https://platform.twitter.com https://syndication.twitter.com *.facebook.com https://www.youtube.com *.pardot.com *.ebay.co.jp *.doubleclick.net; 2
connect-src 'self' https://matomo.ria.ee/ *.siteimprove.com https://harno.ee https://www.perearstiselts.ee https://www.google-analytics.com search.service.test.vportal.ee search.service.vportal.ee https://byk.ttja.ee form.service.vportal.ee https://piwik.smit.ee https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://ban.service.vportal.ee https://form.service.vportal.ee/;  font-src 'self' data: https://fonts.gstatic.com https://xgis.maaamet.ee https://harno.ee https://www.perearstiselts.ee;  frame-src 'self' https://juhtimislauad.stat.ee/ https://piwik.smit.ee/matomo.js https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee https://harno.ee https://www.perearstiselts.ee https://siseministeerium.ee/;  img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://xgis.maaamet.ee https://harno.ee https://www.perearstiselts.ee *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee https://www.google.com/ https://www.google.ee/ads/*;  script-src 'self' 'unsafe-inline' https://piwik.smit.ee/matomo.js https://*.cloudflare.com https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://www.perearstiselts.ee https://ajax.cloudflare.com https://*.cloudflareinsights.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://ajax.cloudflare.com https://region1.google-analytics.com https://byk.ttja.ee 'unsafe-eval';  script-src-attr 'self' 'unsafe-inline';  X-Content-Type-Option 'nosniff';  script-src-elem 'self' https://matomo.ria.ee/ https://piwik.smit.ee/matomo.js https://*.cloudflareinsights.com https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://www.perearstiselts.ee cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://ajax.cloudflare.com https://byk.ttja.ee  'unsafe-inline';  style-src 'self' 'unsafe-inline' https://www.gstatic.com https://xgis.maaamet.ee https://harno.ee https://www.perearstiselts.ee  cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com unpkg.com;  style-src-attr 'self' 'unsafe-inline' ;  style-src-elem 'self' https://piwik.smit.ee https://www.gstatic.com https://xgis.maaamet.ee https://harno.ee https://www.perearstiselts.ee  cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com unpkg.com 'unsafe-inline' https://inaadress.maaamet.ee;  frame-ancestors 'self'; upgrade-insecure-requests 2
default-src 'self' *.streamlinehq.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; frame-src *.streamlinehq.com https://tally.so/;img-src 'self' *.streamlinehq.com *.cloudinary.com *.google.com *.google-analytics.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat blob: data:; connect-src 'self' https: wss://nexus-websocket-a.intercom.io;font-src 'self' https://fonts.intercomcdn.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none';block-all-mixed-content;upgrade-insecure-requests; 2
frame-src *; 2
default-src https: data: blob:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com *.nhsggc.org.uk msk.testing.nhsscotland.net; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2
default-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com blob: data:; base-uri 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; form-action 'self' https://www.facebook.com/tr/ https://kleio-public.spgroup-prod.magnolia-platform.com; frame-ancestors 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; object-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; img-src * 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; font-src 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://maxcdn.bootstrapcdn.com *.dacast.com https://kleio-public.spgroup-prod.magnolia-platform.com; connect-src 'self' data: *.google-analytics.com https://kinesis.us-east-1.amazonaws.com *.doubleclick.net *.teads.tv *.spdigital.io https://www.facebook.com *.dacast.com https://dacastmmod-mmd-cust.lldns.net https://license.theoplayer.com https://www.cloudflare.com https://cdn.linkedin.oribi.io https://register.mediamelon.com https://caspersky-api.tkg-qa.spdigital.io/v1/help/send-email https://caspersky-api.tkg.spdigital.io/v1/help/send-email https://kleio-public.spgroup-prod.magnolia-platform.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://www.googletagmanager.com https://view.vzaar.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://www.youtube.com https://10931905.fls.doubleclick.net https://match.adsrvr.org https://kleio-public.spgroup-prod.magnolia-platform.com; script-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' *.dacast.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.googletagmanager.com https://www.google-analytics.com https://js.adsrvr.org https://acdn.adnxs.com https://secure.quantserve.com https://p.teads.tv https://connect.facebook.net https://snap.licdn.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://kleio-public.spgroup-prod.magnolia-platform.com; media-src 'self' blob: *.dacast.com https://dacastmmod-mmd-cust.lldns.net https://kleio-public.spgroup-prod.magnolia-platform.com; 2
default-src 'self' play.vidyard.com; connect-src 'self' *.kampyle.com play.vidyard.com stats.g.doubleclick.net www.google-analytics.com; media-src 'self' play.vidyard.com; font-src 'self' use.fontawesome.com fonts.gstatic.com use.typekit.net data:; style-src 'self' *.kampyle.com *.readyclassroomcentral.com *.i-readycentral.com 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net http://*.i-readycentral.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com use.typekit.net *.eloqua.com img.en25.com play.vidyard.com www.googletagmanager.com *.kampyle.com www.google-analytics.com http://*.i-readycentral.com; img-src 'self' *.i-readycentral.com ps.w.org cdn.vidyard.com play.vidyard.com *.eloqua.com *.googletagmanager.com *.kampyle.com www.google.com www.google-analytics.com secure.gravatar.com s.w.org data:; frame-src *.i-readycentral.com play.vidyard.com *.kampyle.com; frame-ancestors 'self' 2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: wss://*.happymoney.com wss://*.usw2.pure.cloud *.happymoney.com https://happymoney.com https://*.cloudflare.com https://cdn.siftscience.com https://*.digify.com https://*.readme.io https://cdn.plaid.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.googleadservices.com https://fonts.gstatic.com https://cdn.segment.com https://*.segment.io https://*.livechatinc.com https://*.fullstory.com https://*.payoff.com https://stats.g.doubleclick.net https://unpkg.com https://*.ingest.sentry.io https://js.live.net https://use.typekit.net https://sjrtp2-cdn.marketo.com https://munchkin.marketo.net https://script.crazyegg.com https://bat.bing.com https://api.instagram.com https://connect.facebook.net https://*.launchdarkly.com https://*.oktapreview.com https://*.okta.com https://static.cdn.prismic.io https://happymoney-marketing.prismic.io https://www.youtube.com https://*.amazonaws.com https://*.iovation.com https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://point-break.cdn.prismic.io https://images.prismic.io https://cdn.livechat-static.com https://cdn.livechat-files.com https://hexagon-analytics.com https://i.imgur.com https://www.facebook.com https://p.typekit.net https://secure.gravatar.com https://*.usw2.pure.cloud https://snap.licdn.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.oktacdn.com https://*.lever.co https://*.ipify.org https://*.twitter.com https://*.ads-twitter.com https://*.pangle-ads.com https://t.co https://*.citadelid.com https://*.truv.com https://happymoney.gw-dv.vip https://happymoney.ck123.io; frame-ancestors 'self' 2
frame-ancestors 'self' https://*.axesor.es https://*.google.es https://*.google.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com https://points.boxberry.de https://widget.cdek.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastatic.net; style-src 'self' 'unsafe-inline' https://points.boxberry.de https://widget.cdek.ru; img-src 'self' data: https://mc.yandex.ru https://www.google-analytics.com https://points.boxberry.de https://api-maps.yandex.ru https://*.maps.yandex.net https://widget.cdek.ru https://pvzimage.cdek.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://widget.cdek.ru https://pim.solvos.ru; font-src 'self' https://fonts.gstatic.com; frame-src https://points.boxberry.de; manifest-src 'self'; 2
default-src 'self' whatsapp:; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleoptimize.com/ https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://cdn-atgvision-live2.rackfish.net https://geoip-js.com https://*.appsflyer.com https://bat.bing.com https://*.oscato.com https://t.co https://google.com https://*.appsync-api.eu-west-2.amazonaws.com wss://*.appsync-realtime-api.eu-west-2.amazonaws.com https://*.tote.ie https://*.clarity.ms https://*.sports.tote.co.uk https://*.test.sports.tote.co.uk wss://*.sports.tote.co.uk wss://*.test.sports.tote.co.uk https://zz.connextra.com https://*.vercel.app/ https://*.hasura.app/ https://region1.google-analytics.com https://*.worldpay.com https://*.8count.tv/api/ https://www.google.com https://googleads.g.doubleclick.net/ https://pcast.phenixrts.com https://tote-dev4.abetting.co https://*.performgroup.com/ https://*.idscan.cloud/; form-action 'self' https://*.aircall.io https://js.intercomcdn.com https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com https://*.oscato.com https://webapp.securetrading.net https://danskebank-3ds-vdm.wlp-acs.com https://www.clicksafe.lloydstsb.com https://*.arcot.com https://*.worldpay.com https://*.securesuite.co.uk https://*.cardinalcommerce.com; frame-ancestors 'self' https://*.idscan.cloud/; frame-src 'self' https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.test.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://minigame.tote.co.uk https://minigame.tote.digital https://colossus.stage.tote.co.uk https://colossus.tote.co.uk https://development.tote.digital https://test.tote.digital https://stage.tote.co.uk https://tote.co.uk https://test-branch.tote.digital https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com https://*.inseincvirtuals.com/ https://*.oscato.com https://*.prerelease-env.biz/ https://*.pragmaticplay.net/ https://wa.me/ https://*.userzoom.com https://app-pp.trunarrative.cloud https://app.trunarrative.cloud https://development-aws.tote.co.uk https://test-aws.tote.co.uk https://stage-aws.tote.co.uk https://*.pplivedealer.com https://*.lxy511.com https://*.pragmaticplaylive.net https://analytics.twitter.com https://c.bing.com https://www.googleoptimize.com https://*.vercel.app/ https://*.hasura.app/ https://pixel.mathtag.com https://*.tote.ie https://*.worldpay.com https://*.8count.tv/api/ https://lb.1x2nwh.com https://1x2-cloud-1.com https://www.1x2gamingcdn.com https://www.1x2-nwh-int-staging.com https://static-live.hacksawgaming.com https://static-stg.hacksawgaming.com https://pcast.phenixrts.com https://tote-dev4.abetting.co https://*.idscan.cloud/; img-src 'self' blob: data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://*.tote.ie https://images.ctfassets.net https://images.racingpost.com https://*.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://connect.facebook.net https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://www.google.ie https://insight.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://servedby.flashtalking.com https://cdn.sportcaller.com https://*.oscato.com https://googleads.g.doubleclick.net https://*.userzoom.com https://*.clarity.ms https://*.vercel.app/ https://*.hasura.app/ https://sync.mathtag.com https://secure.adnxs.com https://segment.prod.bidr.io https://secure.adnxs.com https://match.prod.bidr.io https://zz.connextra.com/ https://cnv.event.prod.bidr.io/log/cnv https://pixel.mathtag.com https://*.worldpay.com https://*.8count.tv/api/ https://analytics.twitter.com https://pcast.phenixrts.com https://tote-dev4.abetting.co https://*.idscan.cloud/; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://*.googletagmanager.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://websdk.appsflyer.com https://*.userzoom.com https://*.oscato.com https://*.clarity.ms https://zz.connextra.com https://www.youtube.com/ https://*.vercel.app/ https://*.hasura.app/ https://www.googleoptimize.com/ https://pixel.mathtag.com/ https://*.worldpay.com/ https://*.8count.tv/api/ https://cdn.seondf.com/js/v5/agent.js https://*.performgroup.com/; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://cdn.tote.co.uk; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.oscato.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.ie https://*.tote.co.uk https://*.userzoom.com https://*.worldpay.com; media-src 'self' https://js.intercomcdn.com https://customer-n3fizij3iayvp17p.cloudflarestream.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.secure.footprint.net https://*.atgvision.com https://cdn-atgvision-live2.rackfish.net https://wab-visualisation.performgroup.com/ blob: https://betsmart-cms.vercel.app/api/get-jwt https://betsmart-app.hasura.app/api/rest/video https://betsmart-cms-git-staging-8count.vercel.app/api/get-jwt https://betsmart-app-stg.hasura.app/api/rest/video https://videodelivery.net/ https://*.8count.tv/api/ https://pcast.phenixrts.com; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.attheraces.com https://*.oscato.com blob: https://betsmart-cms.vercel.app/api/get-jwt https://betsmart-app.hasura.app/api/rest/video https://betsmart-cms-git-staging-8count.vercel.app/api/get-jwt https://betsmart-app-stg.hasura.app/api/rest/video https://*.worldpay.com https://*.8count.tv/api/ https://pcast.phenixrts.com; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://consent.cookiebot.com https://cdn.userway.org/ https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/Swiper/6.5.0/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.8.2/dist/lazyload.min.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ 2
frame-ancestors 'self' http://webvisor.com https://webvisor.com; 2
default-src 'self' data: blob: terranovasecurity.com *.terranovasecurity.com terranovacorporation.com *.terranovacorporation.com *.youtube.com platform-cdn.sharethis.com *.sharethis.com *.twitter.com *.doubleclick.net *.google-analytics.com *.ads-twitter.com *.linkedin.com *.salesforceliveagent.com *.gstatic.com cdn.jsdelivr.net *.googleapis.com terranova.my.salesforce.com *.salesforce.com bat.bing.com *.hotjar.com *.pardot.com snap.licdn.com *.googletagmanager.com *.googleoptimize.com t.co *.google.com *.google.ca *.adsymptotic.com platform-api.sharethis.com embedwistia-a.akamaihd.net *.terranovasite.com *.oribi.io  *.omappapi.com *.hotjar.com *.hsforms.net *.6sc.co *.hsforms.com *.hs-scripts.com js.hs-scripts.com *.hs-analytics.net js.usemessages.com js.hsleadflows.net js.hs-banner.com track.hubspot.com js.hubspot.com connect.facebook.net consent.trustarc.com consent-pref.trustarc.com js.driftt.com s.adroll.com d.adroll.com *.wistia.com *.visualwebsiteoptimizer.com *.vwo.com 'unsafe-eval' 'unsafe-inline'; object-src 'none';connect-src 'self' ws: https: 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 2
default-src 'self' https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com/pagead/ https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ https://www.gstatic.com/firebasejs/ https://bat.bing.com/p/action/142000372.js 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 'sha256-vaidju6iPAqrzAKHHTJ7WgrOWFUrGPmQaly1j3t1DY8=' 'sha256-uh667NeereZvBOYau+jJp/Viq4Hwe4sCK0Xj5u3oztg='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/ https://www.google.pl/ads/ga-audiences https://analytics.twitter.com/i/adsct https://bat.bing.com/action/0; frame-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://consentcdn.cookiebot.com/consentconfig/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com/pagead/landing https://www.google-analytics.com/j/collect https://googleads.g.doubleclick.net/pagead https://www.facebook.com/tr/ https://pagead2.googlesyndication.com/pagead/landing 2
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; script-src * data: 'unsafe-inline' 'unsafe-eval' blob:; style-src * data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: 'unsafe-inline' 'unsafe-eval' blob:; font-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors scoresense.com freescoreonline.com nationalcreditreport.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' http://*.essilor.com https://*.essilor.com; 2
default-src 'self'; frame-src * ; media-src *; img-src * 'self' data: https:; script-src * 'unsafe-eval' 'unsafe-inline' wwp.dwh.enagas.eng; style-src * 'unsafe-inline'; font-src * data:; connect-src * 2
object-src 'none';default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';report-uri;worker-src 'self' blob: 2
frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 2
script-src healthy.spartanburgregional.com 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com https://www.googletagmanager.com app.ecwid.com siteimproveanalytics.com translate.google.com *.cloudfront.net https://builder.lift.acquia.com ecomm.events translate.googleapis.com https://www.discoverhealth.org https://translate-pa.googleapis.com js.adsrvr.org scripts.cip.healthgrades.com connect.facebook.net https://www.google-analytics.com https://discoverhealth.org bam.nr-data.net maps.googleapis.com www.google.com www.gstatic.com www.youtube.com *.epichosted.com https://www.googleadservices.com *.cloudflare.com *.jsdelivr.net bam.nr-data.net *.fontawesome.com solutions.invocacdn.com script-app.mercuryhealthcare.com widgets.mindbodyonline.com assets.healcode.com brandedweb.mindbodyonline.com https://srhs-cp.srhs.com https://app.truelook.cloud; frame-src 'self' adfs.srhs.com  www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io  srhs-cp.srhs.com *.facebook.com https://app.truelook.cloud; child-src 'self' adfs.srhs.com  www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com  *.epichosted.com https://www.hapyak.com  https://embed.mindstamp.io https://app.truelook.cloud; connect-src 'self' https://www.discoverhealth.org https://sessions.bugsnag.com *.lift.acquia.com  app.ecwid.com/ ecomm.events https://www.google-analytics.com/ bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com api.clockwisemd.com www.facebook.com *.webdamdb.com translate.googleapis.com *.fontawesome.com adfs.srhs.com https://analytics.google.com https://widgets.mindbodyonline.com  https://srhs-cp.srhs.com  https://us.perz-api.cloudservices.acquia.io *.truelook.cloud 2
default-src https: data: blob 'unsafe-inline' 'unsafe-eval'; connect-src wss: ws: https:; 2
upgrade-insecure-requests; frame-ancestors https:; 2
frame-ancestors 'self' https://*.bigbrotherawards.nl 2
frame-ancestors 'self' levelone.com *.levelone.com www.realpage.com 2
script-src 'self'; object-src 'self'; base-uri 'none'; 2
default-src 'none';    connect-src 'self' https://*.googlesyndication.com https://matomo.adimedia.net https://*.google.es https://*.taboola.com https://play.google.com https://csp.withgoogle.com https://client.crisp.chat https://stats.g.doubleclick.net wss://client.relay.crisp.chat https://shop.sansebastianturismoa.eus/ https://api-public.addthis.com/url/serviceapi/ https://m.addthis.com/live/red_lojson/ https://maps.googleapis.com/ https://maps.googleapis.com/maps/ https://region1.analytics.google.com/g/collect https://s7.addthis.com/l10n/client.es.min.json https://s7.addthis.com/ https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://*.google-analytics.com/ wss://client.relay.crisp.chat/w/f3/;    font-src 'self' https://www.sansebastianturismoa.eus https://client.crisp.chat https://fonts.gstatic.com;    frame-src 'self' https://*.doubleclick.net https://sustainabletravel.org https://w.soundcloud.com https://docs.google.com https://cse.google.com https://www.hayquever.com https://www.facebook.com/ https://player.vimeo.com/ http://ww1.sansebastiantourvirtual.com https://snapwidget.com https://sansebastiantourvirtual.com https://www.youtube.com/ https://www.google.com/ https://maps.google.com https://s7.addthis.com;    img-src 'self' data: https://matomo.adimedia.net https://ad.doubleclick.net https://*.zemanta.com https://tracker.metricool.com https://*.gstatic.com https://*.google.com https://www.googleapis.com https://maps.googleapis.com http://*.sansebastianturismoa.eus https://*.sansebastianturismoa.eus https://googleads.g.doubleclick.net https://i.ytimg.com https://analytics.twitter.com https://image.crisp.chat https://maps.google.com https://maps.gstatic.com https://t.co https://www.facebook.com https://*.google-analytics.com https://www.google.com https://*.google.es https://www.googletagmanager.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.adimedia.net https://*.zemanta.com https://*.taboola.com https://bucket.cdnwebcloud.com https://tracker.metricool.com https://tracker.metr https://*.google.com https://partner.googleadservices.com https://cse.google.com https://www.gstatic.com https://www.google.com https://www.sansebastianturismoa.eus https://www.googleadservices.com https://snapwidget.com https://polyfill.io https://unpkg.com https://ajax.googleapis.com/ajax/libs/ https://www.youtube.com/ https://api-public.addthis.com/url/shares.json https://cdnjs.cloudflare.com/ajax/ https://client.crisp.chat/ https://code.jquery.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://connect.facebook.net/signals/config/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://m.addthis.com/live/red_lojson/300lo.json https://maps.google.com/ https://maps.googleapis.com/ https://s7.addthis.com/js/ https://s7.addthis.com/static/ https://static.ads-twitter.com/uwt.js https://v1.addthisedge.com/live/ https://widgets.pinterest.com/v1/urls/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://z.moatads.com/;    style-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.sansebastianturismoa.eus https://unpkg.com https://client.crisp.chat/static/stylesheets/ https://fonts.googleapis.com/;    media-src 'self' https://press.sansebastianturismoa.eus;    frame-ancestors 'self'; 2
connect-src * https://*.decibelinsight.net * https://*.decibel.com * wss://collection.decibelinsight.net/i/14080/  * wss://*.decibelinsight.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' https://flemingcollege.ca https://*.flemingcollege.ca https://*.flemingc.on.ca:* https://fleming.desire2learn.com; 2
connect-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; font-src 'self'; frame-src 'self'; img-src 'self' https://cdn.redoc.ly/redoc/; object-src 'self'; script-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; style-src 'self'; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.heinlein-support.de/report-uri/enforce 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com; connect-src 'self' https://*.google-analytics.com; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com; report-uri https://difer.report-uri.com/r/d/csp/enforce; report-to default 2
default-src 'none'; frame-ancestors 'self' *.bluemod.me *.truliantfcu.org *.truliantfcu.org:8443; object-src data: 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truliantfcu.org *.google.com maps.googleapis.com *.quantcount.com *.doubleclick.net *.newrelic.com js.adsrvr.org *.quantserve.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.poshdevelopment.com https://apps.mypurecloud.com *.cloudfront.net *.mouseflow.com *.inmarkethub.com *.sitescout.com *.amazon-adsystem.com widgets.hive.genesys.com *.ads-twitter.com connect.facebook.net; connect-src 'self' *.truliantfcu.org *.doubleclick.net *.mouseflow.com www.google-analytics.com api.poshdevelopment.com/api/ dev.poshdevelopment.com/api/ *.googleapis.com; img-src 'self' placeimg.com www.facebook.com t.co analytics.twitter.com *.truliantfcu.org *.doubleclick.net *.gstatic.com *.googleapis.com www.google-analytics.com *.quantserve.com www.google.com *.youtube.com *.mouseflow.com *.inmarkethub.com *.sitescout.com *.amazon-adsystem.com data:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.truliantfcu.org fonts.googleapis.com agentchat.truliantfcu.org; base-uri 'self'; form-action 'self' *.truliantfcuonline.org *.truliantfcu.org; frame-src 'self' *.truliantfcu.org *.doubleclick.net *.mouseflow.com *.newrelic.com *.adsrvr.org truliantfcu.locatorsearch.com truliantfcu.locatorsearch.net *.hcdigital.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.poshdevelopment.com https://apps.mypurecloud.com *.amazon-adsystem.com https://truliantcareers.hua.hrsmart.com/; media-src 'self' *.youtube.com 2
default-src 'self'; connect-src 'self' s3.us-west-2.amazonaws.com/upload.com.fmod/uploads/ d1s9dnlmdewoh1.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com; font-src 'self' cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com blob:; img-src 'self' d1s9dnlmdewoh1.cloudfront.net d26jga8jjsa591.cloudfront.net; frame-src 'self' www.youtube.com player.twitch.tv; media-src 'self' d26jga8jjsa591.cloudfront.net; worker-src 'self' blob: 2
frame-ancestors 'self' https://testbed.filecloudlabs.com https://ce.filecloud.com; 2
frame-ancestors *.ncsoft.jp lineagem-jp.com *.plaync.com 2
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests;  block-all-mixed-content; 2
default-src 'self';                      img-src * data:;                      script-src 'self' 'unsafe-eval' 'unsafe-inline'                                                 fonts.gstatic.com *.googleapis.com apis.google.com googleads.g.doubleclick.net/pagead/id static.doubleclick.net www.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/                         *.nelsonmullins.com cdn-cookieyes.com *.cookieyes.com s.swiftypecdn.com siteimproveanalytics.com api.podcache.net *.amazonaws.com educationcounsel.us11.list-manage.com;                      frame-src sites-nelsonmullins.vuture.net www.youtube.com www.youtube-nocookie.com                          www.google.com/maps/ lookerstudio.google.com content.googleapis.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/                         connect.nelsonmullins.com e.issuu.com redcircle.com player.vimeo.com;                      font-src 'self' fonts.gstatic.com s.swiftypecdn.com;                      style-src 'self' 'unsafe-inline' fonts.googleapis.com s.swiftypecdn.com *.mailchimp.com;                      connect-src 'self' *.cookieyes.com cdn-cookieyes.com s.swiftypecdn.com www.google-analytics.com; 2
frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 2
frame-ancestors 'self' capacitor://app.virginmegastore.ae  https://app.virginmegastore.ae 2
default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com https://*.delivery.consentmanager.net https://cdn.consentmanager.net;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io https://www.youtube.com;img-src 'self' data: https://www.youtube.com https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/ https://*.delivery.consentmanager.net;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io  data:;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net  https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org https://*.delivery.consentmanager.net;frame-src https://www.youtube.com https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/;media-src 'self' blob: https://curator-assets.b-cdn.net https://www.youtube.com *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 2
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://api.na.chilipiper.com/marketing/getkisi https://a.clickcertain.com https://a.omappapi.com https://a.optmnstr.com https://w.appzi.io/ https://a.quora.com https://a.remarketstats.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.chatbase.co/ https://www.chatbase.co/embed.min.js https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.na.chilipiper.com/marketing.js https://js.usemessages.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app https://netlify-cdp-loader.netlify.app https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://use.typekit.net https://optimize.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.ads-twitter.com https://static.ads-twitter.com/uwt.js https://www.redditstatic.com https://www.youtube.com https://*.smartlook.cloud https://*.smartlook.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: 2
default-src 'self' https: wss:; media-src 'self' https://a.storyblok.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.userback.io https://a.storyblok.com https://api.storyblok.com https://app.storyblok.com https://www.googletagmanager.com https://cdn.iubenda.com https://cs.iubenda.com nonce-ZjZhNDBmMjktYWE3Zi00MmJhLWFiZDItMmMyZGRiY2EzMTMy strict-dynamic; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://static.userback.io nonce-ZjZhNDBmMjktYWE3Zi00MmJhLWFiZDItMmMyZGRiY2EzMTMy; img-src 'self' 'unsafe-inline' https://a.storyblok.com https://www.googletagmanager.com blob: data:; font-src 'self' https://use.typekit.net; base-uri 'self'; form-action 'self'; frame-ancestors https://app.storyblok.com 2
frame-src 'self' https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net ;          default-src 'self';          script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms  https://t.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com  https://*.tvsquared.com/tv2track.js  https://qvdt3feo.com/events.js   https://tags.srv.stackadapt.com https://connect.facebook.net  https://*.adform.net https://www.clarity.ms  https://ads.nextdoor.com  https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com;         img-src blob: data: 'self' https://www.facebook.com https://*.stackadapt.com  https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js  https://*.mdhv.io   https://*.clarity.ms  https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/;          object-src 'self';          plugin-types application/x-shockwave-flash application/pdf;         style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/;          connect-src 'self' https://connect.facebook.net https://*.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js  https://y.clarity.ms https://t.clarity.ms  https://tags.srv.stackadapt.com  https://*.adform.net  https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com;         form-action 'none';         frame-ancestors 'self';         report-uri /api/sessions/CspViolationLog/ReportViolation/ 2
frame-ancestors https://preview.themeforest.net/; 2
default-src 'self'; connect-src *; img-src 'self' data: 2
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js https://knrpc.olark.com https://static.olark.com https://www.google-analytics.com 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.olark.com;  object-src 'none';  base-uri 'self';  connect-src 'self' https://knrpc.olark.com https://www.google-analytics.com;  font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.olark.com;  frame-src 'self' https://static.olark.com;  img-src 'self' https://www.google-analytics.com https://log.olark.com;  manifest-src 'self';  media-src 'self';  worker-src 'none'; 2
form-action 'self' https://*.entorno.es; frame-ancestors 'none'; report-uri https://nicdev9.entorno.es/scp-report.php 2
default-src 'self' https://*.enviam.de https://*.mitgas.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.enviam.de https://*.mitgas.de https://*.myaccount.private.enviam.de https://*.myaccount.private.mitgas.de  https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://*.vo.msecnd.net https://app.easy-feedback.com https://connect.facebook.net https://bat.bing.com https://js.adsrvr.org https://api.eu-1.smooch.io  https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.cdn.botfriendsx.com  https://cdn.insight.sitefinity.com https://dec.azureedge.net/ https://iona-counter-ocr.sdacehub.de; style-src 'self' 'unsafe-inline'  https://*.enviam.de https://*.mitgas.de  https://netdna.bootstrapcdn.com https://kendo.cdn.telerik.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://www.cdn.botfriendsx.com; font-src 'self' https://www.cdn.botfriendsx.com https://script.hotjar.com data:; img-src 'self' https://*.enviam.de https://*.mitgas.de data:  https://app.usercentrics.eu https://uct.service.usercentrics.eu https://www.cdn.botfriendsx.com https://app.easy-feedback.com  https://bat.bing.com https://www.facebook.com https://www.google-analytics.com https://ad.doubleclick.net https://storage.googleapis.com/media-im/ https://media.eu-1.smooch.io; media-src 'self' data: https://www.cdn.botfriendsx.com; frame-src 'self' https://*.enviam.de https://*.mitgas.de  https://app.usercentrics.eu https://td.doubleclick.net https://*.fls.doubleclick.net; frame-ancestors 'self' https://idm.enviam.de https://*.enviam.de; child-src 'self' https://idm.enviam.de  blob: https://*.myaccount.private.enviam.de https://*.myaccount.private.mitgas.de  https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ https://apis.google.com https://accounts.google.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://badge.stumbleupon.com https://iona-counter-ocr.sdacehub.de; connect-src 'self' https://*.enviam.de https://*.mitgas.de  https://api.usercentrics.eu https://graphql.usercentrics.eu https://privacy-proxy.usercentrics.eu https://aggregator.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://europe-west1-prj-bq-enviam001-51-b97c.cloudfunctions.net/ingest https://metrics.hotjar.io https://eu-api.friendlycaptcha.eu  https://dc.services.visualstudio.com  https://accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.gstatic.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://stats.g.doubleclick.net wss://ws.hotjar.com https://content.hotjar.io https://www.cdn.botfriendsx.com https://*.config.eu-1.smooch.io https://api.eu-1.smooch.io wss://api.eu-1.smooch.io/faye https://www.facebook.com/tr/ https://bat.bing.com https://iona-counter-ocr.sdacehub.de; 2
frame-ancestors 'self' sketchfab.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.noibu.com wss://*.dixa.io 2
default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 2
connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms https://www.google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com  api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk *.csob.cz;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net;report-uri /csp-report-endpoint; 2
default-src 'self' c.upstract.com; font-src 'self' c.upstract.com; style-src 'self' 'unsafe-inline' c.upstract.com https://*.typeform.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' c.upstract.com https://*.typeform.com/ https://appleid.cdn-apple.com/ https://hcaptcha.com/; img-src 'self' data: c.upstract.com cw.upstract.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.tiktok.com/ https://rumble.com/ https://embed.ted.com/ https://*.typeform.com/ https://*.hcaptcha.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 2
frame-ancestors 'self' *.futuoa.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 2
frame-ancestors https://myaccount.payz.com https://secure.payz.com https://payz.com https://*.payz.eco2g.com; default-src 'self' https://www.google-analytics.com *.googleapis.com www.youtube.com *.addthis.com cdn.syndication.twimg.com *.twitter.com ton.twimg.com platform.twitter.com v1.addthisedge.com z.moatads.com ecostaging.disqus.com *.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.google.com https://www.google.com/recaptcha https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://static.ads-twitter.com/ connect.facebook.net https://googleads.g.doubleclick.net/ www.google.com https://fonts.googleapis.com/ maxcdn.bootstrapcdn.com c1console.composite.net c.disquscdn.com disqus.com *.disqus.com *.bing.com *.clarity.ms data:; 2
frame-ancestors 'self' *.storyblok.com 2
default-src 'self' https://*.ipc-computer.de https://*.ipc-computer.eu https://*.ipc-computer.fr https://*.ipc-computer.es https://*.sparepartworld.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipc-computer.de https://widgets.trustedshops.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.paypalobjects.com https://checkout.dibspayment.eu https://unpkg.com; style-src 'self' 'unsafe-inline' https://checkout.dibspayment.eu https://*.googleapis.com https://www.googletagmanager.com https://*.ipc-computer.de; img-src 'self' data: https://*.ipc-computer.de https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.ytimg.com https://img.youtube.com https://widgets.trustedshops.com; media-src 'self' data:; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://*.ipc-computer.de https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.etrusted.com https://*.trustedshops.com https://checkout.dibspayment.eu https://vendorlist.consensu.org; object-src 'none'; frame-src 'self' https://*.ipc-computer.de https://*.paypal.com https://checkout.dibspayment.eu https://www.google.com https://www.youtube-nocookie.com; worker-src 'none'; report-uri https://www.ipc-computer.de/csp-violation-log.php 2
frame-ancestors www.homecredit.cz www.homecredit.sk *.ci360.sas.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.homecredit.cz www.homecredit.sk www.youtube.com *.doubleclick.net cdn.siteone.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.homecredit.cz www.homecredit.sk execution-360.homecredit.cz www.googleadservices.com *.googleadservices.com www.googletagmanager.com cdn.cookielaw.org *.bing.com www.youtube.com *.seznam.cz *.smartlook.com *.googleadservices.com *.googleadservices.net *.doubleclick.net *.facebook.net cdn.siteone.io; connect-src 'self' execution-360.homecredit.cz geolocation.onetrust.com cdn.cookielaw.org sentry.siteone.cz *.google-analytics.com *.bing.com *.smartlook.cloud *.facebook.net *.googlesyndication.com cdn.siteone.io; img-src 'self' data: www.homecredit.cz www.homecredit.sk content-360.homecredit.cz *.siteone.io *.siteone.cz cdn.cookielaw.org *.bing.com *.seznam.cz *.googlesyndication.com www.google.com www.google.cz www.facebook.com googleads.g.doubleclick.net ; 2
frame-ancestors 'self 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru ajax.googleapis.com blob:; block-all-mixed-content; upgrade-insecure-requests; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:; connect-src wss: https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2
upgrade-insecure-requests;frame-ancestors 'self' 2
img-src 'unsafe-eval' 'unsafe-inline' blob: http: https: data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https: http:; default-src 'self' data: gap: https: wss://*.gubagoo.io wss://*.visitor.chat 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.hubspot.net *.hsforms.net *.hs-scripts.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsforms.com static.hsappstatic.net https://www.googletagmanager.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com vercel.live vercel.com https://*.clarity.ms *.doubleclick.net *.usemessages.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hubspotfeedback.com feedback.hubapi.com *.onetrust.com connect.facebook.net blob:; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com cdn2.hubspot.net static.hsappstatic.net https://www.googletagmanager.com/debug/badge.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hsforms.com js.hscta.net https://*.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com https://*.clarity.ms https://*.hubapi.com js.hscta.net https://*.doubleclick.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.onetrust.com *.pusher.com *.googlesyndication.com data: blob:; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://my.matterport.com https://booking.trafalgartickets.com https://www.youtube.com *.google.com vercel.com *.vercel.com vercel.live https://*.doubleclick.net https://*.hsforms.com *.hsforms.net *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.com; img-src 'self' data: *.hsforms.com https://images.ctfassets.net https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.uk *.googleusercontent.com vercel.com *.vercel.com *.clarity.ms https://*.hubspot.com https://*.bing.com js.hscta.net *.hubspot.net *.hsforms.net *.doubleclick.net *.onetrust.com data:; manifest-src 'self'; media-src 'self'; worker-src blob:; child-src *.hsforms.com; frame-ancestors https://app.contentful.com; 2
default-src * 'unsafe-inline'; img-src http://* https://* data:; child-src 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://* data:; frame-src https://*; worker-src https://* blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: 'self' data: 'self' https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com *.qualtrics.com *.optimizely.com *.cloudflare.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.google.com.au https://ajax.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net www.google.com.au/ads/ www.google-analytics.com https://analytics.google.com https://fonts.gstatic.com https://www.gstatic.com *.youtube.com *.bootstrapcdn.com *.doubleclick.net *.australianretirementtrust.com.au *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.vo.msecnd.net bat.bing.com connect.facebook.net *.facebook.com static.wondaris.com dc.services.visualstudio.com snap.licdn.com *.fontawesome.com *.mouseflow.com boxcast.tv playlist.megaphone.fm viewpoint.glasslewis.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.sunsuper.com.au *.googleusercontent.com https://www.googleadservices.com 2
frame-ancestors 'self' https://e-activist.com; 2
default-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://static.apester.com/ https://www.gstatic.com/  https://www.google-analytics.com/ https://www.googleadservices.com/  https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.googleapis.com/ https://seal.entrust.net/ ; style-src 'self' 'unsafe-inline' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://fonts.googleapis.com/ https://fast.fonts.net/ https://*.cloudfront.net; img-src 'self' data: https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google.com/ https://secure.gravatar.com/ https://wpsitesync.com/ https://s.w.org/ https://ps.w.org/ https://seal.entrust.net/; connect-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google-analytics.com/ https://events.apester.com/ https://stats.g.doubleclick.net/; font-src 'self' data: https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://*.cloudfront.net; frame-src 'self' https://*.shoppersvoice.com/ https://*.lavoixdelacheteur.com/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://vimeo.com/ 2
default-src * 'unsafe-inline' 'unsafe-eval' data:;frame-src * data: blob: intent:; 2
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 2
connect-src 'self' https://*.useinsider.com bots.kore.ai wss://rtm.kore.ai analytics.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net wss://*.useinsider.com api.trafficguard.ai; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' rcbcbankard.api.useinsider.com *.useinsider.com; frame-ancestors 'self' *.rcbcbankard.com *.useinsider.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: image.marketing.rcbcbankard.com image.marketing.rcbcbankard.com wp-log.api.useinsider.com *.useinsider.com rcbcbankard.api.useinsider.com www.google.com www.google.com.ph www.google-analytics.com https://stats.g.doubleclick.net www.facebook.com lh.trafficguard.ai; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.api.useinsider.com *.useinsider.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' rcbcbankard.api.useinsider.com assets.api.useinsider.com *.useinsider.com eitri.api.useinsider.com https://www.google-analytics.com www.google.com www.google-analytics.com tgtag.io www.googletagmanager.com www.gstatic.com apis.google.com connect.facebook.net bots.kore.ai; 2
img-src http: https: data: 2
default-src 'self' http: https: data: blob: 'unsafe-inline' script-src: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.iconnode.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.lexop.com https://*.segment.com https://*.segment.io https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://www.stanleysecuritysolutions.com https://*.adroll.mgr.consensu.org https://*.subscribers.com https://*.6sc.co https://*.adroll.com https://*.omappapi.com https://*.callrail.com https://*.police.uk https://*.stanleysecurity.com https://*.stanleycss.com https://*.pardot.com https://*.wistia.com https://*.google.com https://*.google.fr https://*.google.be https://*.google.nl https://*.google-analytics.com https://*.googleapis.com https://*.formstack.com https://*.jsdelivr.net https://*.addtoany.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.bing.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://*.rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.marketo.net https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.onetrust.com https://*.cookielaw.org https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.hotjar.com https://*.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net https://*.facebook.com https://rpxnow.com https://*.googleoptimize.com resource://pdf.js https://app-ab06.marketo.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com https://*.googleapis.com https://*.adnxs.com https://*.mktoweb.com https://*.visualwebsiteoptimizer.com https://*.iconnode.com https://tag.demandbase.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lexop.com https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.google.com https://*.google.nl https://*.google.fr https://*.police.uk https://*.google.be https://*.cloudflare.com https://*.formstack.com https://*.jsdelivr.net https://*.marketo.net https://*.marketo.com https://*.google-analytics.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://in.hotjar.com https://*.mapbox.com https://*.typekit.net https://p.typekit.net https://*.googletagmanager.com https://*.mktoweb.com; img-src 'self' data: blob: https://*.clarity.ms https://lxp-pr-cac-cdnve.azureedge.net https://*.lexop.com https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.google.com https://*.google.ae https://*.police.uk https://*.adroll.com https://*.subscribers.com https://*.6sc.co https://*.wistia.com https://*.cookielaw.org https://*.google.nl https://*.google.be https://*.google.fr https://*.jsdelivr.net https://s3.amazonaws.com https://*.formstack.com https://*.googleusercontent.com https://*.google.com.ua https://*.facebook.com https://*.facebook.net https://*.ads.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.linkedin.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.doubleclick.net https://*.bing.com https://*.hotjar.com https://*.marketo.com https://*.google.am https://*.google.co.uk https://*.google.ca https://*.securitastechnology.com https://*.mktoweb.com https://*.nr-data.net https://*.visualwebsiteoptimizer.com https://*.stanleysecurity.com; media-src 'self' data: blob: https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.driftqa.com https://*.driftt.com https://*.googletagmanager.com https://*.wistia.com https://*.stanleysecurity.com; frame-src 'self' https://*.google.com https://*.stanleysecurity.co.uk https://stanleyblackanddecker.ent.box.com https://*.police.uk https://*.twitter.com https://*.stanleysecurity.com https://*.stanleycss.com https://www.google.nl https://www.google.fr https://www.google.be https://*.marketo.net https://*.stanleyhealthcare.com https://*.stanleyaccess.com https://*.wistia.com https://*.wistia.net https://*.marketo.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.janraincapture.com https://*.youtube.com https://*.drift.com https://*.driftt.com https://*.drift.click https://*.reevoo.com https://*.pricespider.com https://*.reachmee.com https://*.stanleysecurity.fr https://*.mktoweb.com https://*.securitastechnology.com https://s.company-target.com; frame-ancestors 'self' https://*.clarity.ms https://lxp-pr-cac-cdnve.azureedge.net https://*.lexop.com https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.google.com https://*.google.ae https://*.police.uk https://*.adroll.com https://*.subscribers.com https://*.6sc.co https://*.wistia.com https://*.cookielaw.org https://*.google.nl https://*.google.be https://*.google.fr https://*.jsdelivr.net https://s3.amazonaws.com https://*.formstack.com https://*.googleusercontent.com https://*.google.com.ua https://*.facebook.com https://*.facebook.net https://*.ads.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.linkedin.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.bing.com https://*.hotjar.com https://*.stanleysecurity.com https://*.stanleycss.com https://*.securitastechnology.com; child-src 'self' https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.pardot.com https://*.stanleycss.com https://*.googletagmanager.com; worker-src 'self' data: blob: https://*.securitastechnology.com; font-src 'self' data: https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.cloudflare.com https://*.formstack.com https://*.jsdelivr.net https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net https://*.hotjar.com https://d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ https://*.googletagmanager.com https://*.wistia.com; connect-src 'self' https://*.segmentapis.com https://*.clarity.ms https://*.segment.io https://*.segment.com https://*.fontawesome.com https://*.wistia.net https://*.windows.net https://*.doubleclick.net https://*.6sense.com https://*.litix.io https://*.police.uk https://*.ip-api.com https://*.6sc.co https://*.adnxs.com https://*.subscribers.com https://*.wistia.com https://*.callrail.com https://*.google.com https://www.google.nl https://www.google.fr https://www.google.be https://*.facebook.com https://*.facebook.net wss://*.hotjar.com https://*.driftcdn.com https://*.googleapis.com https://*.google-analytics.com https://*.mktoresp.com https://*.bing.com https://*.googlevideo.com https://*.hotjar.com https://*.hotjar.io https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json https://*.bynder.cloud https://p11.techlab-cdn.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.oribi.io https://*.securitas.com https://*.mktoutil.com https://*.securitastechnology.com https://*.googleadservices.com https://*.googlesyndication.com https://*.visualwebsiteoptimizer.com https://*.iconnode.com https://*.ads.linkedin.com https://api.company-target.com/api/v2/ https://tag-logger.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://bat.bing.com https://blueconic.engie.nl https://plugins.blueconic.net https://cdn.blueconic.net https://engie.blueconic.net https://channel.me https://engie.conversationalsdevelopment.nl https://cdn.conversationalsdevelopment.nl https://api.seamly.ai wss://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://engie-engie.digitalcx.com https://api.digitalcx.com https://www.50five-engie.nl https://engie.pti.nl https://api.ipdata.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://google.com https://www.google.com https://www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://adservice.google.com https://storage.googleapis.com https://www.gstatic.com https://s.ytimg.com https://code.jquery.com https://snap.licdn.com https://px.ads.linkedin.com https://api.membergetmember.co https://embedded.membergetmember.co https://events.membergetmember.co https://heartbeat.membergetmember.co https://tracking.membergetmember.co https://prod-mgw.engie-app.nl/api/v1/opening-hours https://prod-mgw.engie-app.nl/api/v1/waiting-times https://prod-mgw.engie-app.nl/api/v1/opening-hours/waiting-time https://ws.pushcall.com https://smartcontactbutton.pushcall.com https://api.storyteq.com https://www.sungevity.nl https://www.youtube.com https://www.youtube-nocookie.com https://v2.zopim.com wss://widget-mediator.zopim.com https://static.zdassets.com https://ekr.zdassets.com;font-src 'self' data: https://fonts.gstatic.com;img-src https://bat.bing.com https://engie.blueconic.net https://blueconic.engie.nl https://cdn.conversationalsdevelopment.nl https://newstat.net https://ds1.nl https://www.google.nl https://www.google.com https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://snap.licdn.com https://px.ads.linkedin.com https://api.storyteq.com 'self' data:;style-src 'self' 'unsafe-inline' https://blueconic.engie.nl https://plugins.blueconic.net https://www.50five-engie.nl https://storage.googleapis.com https://fonts.googleapis.com https://cdn.conversationalsdevelopment.nl; 2
base-uri 'self'; object-src 'none'; 2
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* http://* data:; style-src 'self' 'unsafe-inline' https://* http://* data:; font-src 'self' https://* http://* data:; object-src 'self'; 2
frame-ancestors 'self' https://hmscloudstorage.blob.core.windows.net; 2
default-src 'self' wss://10.100.41.98:21021/ws; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://cdn.plyr.io https://player.vimeo.com https://s7.addthis.com https://z.moatads.com https://m.addthis.com https://careers.pageuppeople.com https://vimeo.com *.googletagmanager.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn.plyr.io; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://www.addthis.com https://fortescue-brand-dev-01.s3.amazonaws.com https://fmgl-dev.equ.com.au fortescue.tba.build fortescuecom-nonprod-env.eba-e36srkcg.ap-southeast-2.elasticbeanstalk.com fmgl-website-media-497161030042.s3.ap-southeast-2.amazonaws.com fmgl-website-media-497161030042.s3.amazonaws.com fmgl-website-media-281431401319.s3.amazonaws.com *.fortescue.com *.googletagmanager.com *.google.com.au *.doubleclick.net; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://fortescue-brand-dev-01.s3.amazonaws.com https://fmgl-dev.equ.com.au fortescue.tba.build fortescuecom-nonprod-env.eba-e36srkcg.ap-southeast-2.elasticbeanstalk.com fmgl-website-media-497161030042.s3.ap-southeast-2.amazonaws.com fmgl-website-media-497161030042.s3.amazonaws.com fmgl-website-media-281431401319.s3.amazonaws.com *.fortescue.com; child-src 'self' https://clients3.weblink.com.au/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ www.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://s7.addthis.com *.microsoftonline.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com https://noembed.com https://cdn.plyr.io https://m.addthis.com https://careers.pageuppeople.com *.google.com *.doubleclick.net *.microsoftonline.com; 2
block-all-mixed-content; base-uri 'self'; object-src 'self'; 2
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: http: https: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' *.deventre.com *.preprodentre.com *.entreblueprint.com *.entreinstitute.com *.entreinstitute.loc *.theentreinstitute.com app.entresoft.com classwithjeff.loc trackcmp.net successpathmasterclass.com www.successpathmasterclass.com theentreinstitute.com www.entredigest.com www.entrenewsletter.com www.entresuccesspath.com www.theentrepalooza.com www.entreunlimited.com www.entrepropulsion.com www.entregrowthclub.com app.gohighlevel.com www.entresdna.com www.entressuccessdna.com www.entrefreedombusiness.com 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
frame-src 'self' https://promericagt.custhelp.com https://promericaopa.custhelp.com https://wstasacambio.bancopromerica.com.gt https://stags.bluekai.com https://tags.bkrtx.com https://vars.hotjar.com/ https://promericagt--tst1.custhelp.com https://enlz-prod1-apps6.builder.ocp.oraclecloud.com https://ventus.enalog.se https://channels.onemarketer.cl https://www.gstatic.com/ https://www.google.com/recaptcha/ https://optimize.google.com https://www.youtube.com 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self'; report-uri /report-csp-violation 2
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2
default-src *;                     style-src 'self' 'unsafe-inline' data: https://www.publicpartnerships.com https://www.pathtohomecare.com https://www.gstatic.com https://translate.googleapis.com https://app.five9.com https://www.youtube.com https://d6tizftlrpuof.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.publicpartnerships.com https://www.pathtohomecare.com https://translate.googleapis.com https://translate-pa.googleapis.com/ https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://www.google.com https://w.usabilla.com https://www.google-analytics.com https://www.googletagmanager.com https://consent.cookiebot.com https://translate.google.com https://cdn.userway.org https://app.five9.com https://www.youtube.com https://consentcdn.cookiebot.com https://www.gstatic.com https://api.usabilla.com;                     img-src 'self' 'unsafe-inline' data: https://www.publicpartnerships.com https://www.pathtohomecare.com https://www.google.com https://www.gstatic.com https://cdn.userway.org https://consentcdn.cookiebot.com https://app.five9.com  https://d6tizftlrpuof.cloudfront.net/ https://w.usabilla.com https://px.ads.linkedin.com 2
frame-ancestors 'self' https://social.zalopay.vn https://socialstg.zalopay.vn https://socialdev.zalopay.vn 2
frame-ancestors 'self' app.storyblok.com *.omappapi.com *.optinmonster.com ; 2
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 2
script-src http: https: *.studentbeans.com *.newrelic.com *.nosto.com *.yotpo.com https://www.millet.com/ 'unsafe-eval' 'unsafe-inline'; connect-src http: https: *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' https://www.millet.com/; img-src data: http: https: *.nr-data.net; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.yotpo.com; frame-src *.captainwild.com *.studentbeans.com *.hotjar.com *.doubleclick.net assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.usercentrics.eu *.openstreetmap.fr; 2
default-src ‘self’ https: data: script-src 'self' style-src 'self' 2
default-src 'self' *.brandcdn.com *.adsrvr.org *.cloudfront.net https://www.youtube.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.brandcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com https://code.jquery.com https://secure.gravator.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.demdex.net *.adsrvr.org https://azekco-media.s3.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://*.w.org https://secure.gravatar.com data:; font-src 'self' data:; 2
default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com storage.bannernow.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io storage.bannernow.com;worker-src 'self' self blob: 'unsafe-inline'; 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.caf.io 2
frame-ancestors 'self'; frame-src enovationgroup.com *.enovationgroup.com *.stuurlui.dev *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.ont.stuurlui.dev *.ontw.stuurlui.dev *.zaurus.io *.doubleclick.net 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.leadinfo.net https://api.adcalls.nl https://api.leadinfo.com https://api.widget.futy.io https://consentcdn.cookiebot.com https://*.clarity.ms https://forms-eu1.hubspot.com https://*.g.doubleclick.net wss://*.hotjar.com https://*.dynamics.com https://js-eu1.hs-banner.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://www.facebook.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://static.addtoany.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://e.issuu.com https://forms.office.com https://player.vimeo.com https://vars.hotjar.com https://*.dynamics.com https://www.facebook.com https://analytics-eu.clickdimensions.com https://td.doubleclick.net; img-src 'self' data: https://www.google.com https://www.google.nl https://leadpack-cf.yourwoo.com https://*.svc.dynamics.com https://*.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://c.clarity.ms https://c.bing.com https://tr.lfeeder.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://*.lfeeder.com https://*.leadfeeder.com https://bat.bing.com https://imgsct.cookiebot.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.cookiebot.com https://koi-3qneu2w9pc.marketingautomation.services https://tag.perfectaudience.com https://pixel-geo.prfct.co https://static.addtoany.com https://www.google-analytics.com https://eu2.snoobi.eu https://www.gstatic.com https://www.googletagmanager.com https://snap.licdn.com https://*.hotjar.com https://connect.facebook.net https://www.clarity.ms https://script.adcalls.nl https://cdn.leadinfo.net https://static.mailerlite.com https://sc.lfeeder.com https://v1.widget.futy.io https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hsleadflows.net https://www.googleoptimize.com https://*.lfeeder.com https://*.leadfeeder.com https://www.youtube.com https://bat.bing.com https://www.googleadservices.com cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://static.mailerlite.com cdnjs.cloudflare.com 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2
default-src 'self' *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *arcot.com *.nutritionix.com lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self'  *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 2
default-src https: 'unsafe-eval' 'unsafe-inline' blob: data: wss:; img-src 'self' blob: data: https:; object-src 'self'; frame-src 'self' blob: data: https: lavitaapp:; report-uri https://sentry.lavita.io/api/7/security/?sentry_key=6ea35b7ebf064adb9ad7002afcbf1d53 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.images-home.com *.cloudflare.com *.licdn.com *.moatads.com *.hotjar.com stackpath.bootstrapcdn.com youtube.com.au *.youtube.com.au *.youtube.com *.gstatic.com *.weblink.com.au *.nr-data.net ajax.cloudflare.com js-agent.newrelic.com www.google.com *.google-analytics.com analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com www.youtube.com/iframe_api www.youtube.com.au/iframe_api platform.twitter.com syndication.twitter.com/ s.ytimg.com publish.twitter.com *.twimg.com platform.linkedin.com platform.stumbleupon.com/1/widgets.js dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com unpkg.com *.arcgis.com *.addthis.com *.addthisedge.com assets.juicer.io tagmanager.google.com www.googletagmanager.com app.hivo.com.au snap.licdn.com cdn.polyfill.io www.googleadservices.com googleads.g.doubleclick.net *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.arcgis.com assets.juicer.io app.hivo.com.au blob: * 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.arcgis.com *.arcgisonline.com static.juicer.io; img-src 'self' *.doubleclick.net *.equ.com.au *.linkedin.com *.woodside.com woodside-staging.s3.amazonaws.com woodside-development.s3.amazonaws.com *.images-home.com *.s3.amazonaws.com *.woodside *.adsymptotic.com www.gstatic.com gstatic.com ssl.gstatic.com scontent.cdninstagram.com i.imgur.com yt3.ggpht.com i.ytimg.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.googleapis.com *.google-analytics.com analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com delicious.com www.redditstatic.com www.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net *.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com app.hivo.com.au blob: *.eloqua.com *.arcgis.com *.arcgisonline.com assets.juicer.io *.fbcdn.net *.google.com *.google.com.au img.juicer.io *.fls.doubleclick.net; media-src 'self' *.equ.com.au woodside-staging.s3.amazonaws.com woodside-development.s3.amazonaws.com *.s3.amazonaws.com *.woodside *.woodside.com; frame-src 'self' *.addthis.com app.hivo.com.au *.hotjar.com *.twitter.com *.youtube.com.au *.youtube-nocookie.com *.youtube.com *.google.com *.weblink.com.au *.doubleclick.net *.facebook.com *.tryinteract.com; child-src 'self' *.google.com *.weblink.com.au platform.twitter.com syndication.twitter.com www.youtube.com player.vimeo.com w.soundcloud.com apis.google.com accounts.google.com staticxx.facebook.com *.facebook.com web.facebook.com badge.stumbleupon.com *.addthis.com *.youtube-nocookie.com *.weblink.com.au; connect-src 'self' *.googlesyndication.com api.cognitive.microsoft.com *.sentry.io *.hotjar.io *.hotjar.com ws://*.hotjar.com accounts.google.com apis.google.com *.dec.sitefinity.com *.mktoresp.com *.arcgis.com *.arcgisonline.com *.addthis.com *.juicer.io graph.facebook.com *.woodside.s3.amazonaws.com *.woodside bam.nr-data.net *.doubleclick.net *.google-analytics.com analytics.google.com *.linkedin.oribi.io; object-src 'none'; 2
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 2
connect-src https: 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2
default-src 'self' *.checkngo.com *.xact.com *.alliedcash.com *.pocket360.com *.mouseflow.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.tfaforms.net *.krxd.net *.quantcount.com *.googletagmanager.com *.quantserve.com *.fontawesome.com *.bootstrapcdn.com *.googleanalytics.com maps.google.com optimize.google.com tagmanager.google.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.msecnd.net *.hotjar.com tag.brandcdn.com adservices.brandcdn.com widget.trustpilot.com *.siteimproveanalytics.com *.mouseflow.com *.pinimg.com https://siteimproveanalytics.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.tfaforms.net *.fontawesome.com *.bootstrapcdn.com optimize.google.com tagmanager.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.myfonts.net *.mouseflow.com *.siteimproveanalytics.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.tfaforms.net pre-usermatch.targeting.unrulymedia.com e1.emxdgt.com beacon.krxd.net x.bidswitch.net pixel.advertising.com *.quantserve.com www.google.com dynl.mktgcdn.com maps.google.com optimize.google.com *.azureedge.net *.googletagmanager.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com adservices.brandcdn.com insight.adsrvr.org match.adsrvr.org *.doubleclick.net sync.search.spotxchange.com https://*.ggpht.com *.mouseflow.com *.google-analytics.com *.adswizz.com *.pinterest.com *.tapad.com *.tremorhub.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.bootstrapcdn.com *.mouseflow.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.trustpilot.com *.google.com *.mouseflow.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.doubleclick.net analytics.google.com *.pinterest.com *.contextine.com *.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ipinfo.io/ip https://icanhazip.com https://api.ipify.org *.mouseflow.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' *.checkngo.com *.alliedcash.com cdn.krxd.net *.hotjar.com www.googletagmanager.com *.doubleclick.net adservices.brandcdn.com insight.adsrvr.org *.mouseflow.com *.trustpilot.com *.pinterest.com *.google.com; object-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/ https://*.googleapis.com/ https://maps.google.com https://api-maps.yandex.ru https://an.yandex.ru https://mc.yandex.ru https://yastatic.net https://*.youtube.com https://www.youtube-nocookie.com https://vk.com https://ok.ru/videoembed https://yandex.ru/ads/system/context.js  https://www.acint.net; frame-src 'self' https://maps.google.com https://www.google.com/maps/ https://login.vk.com/ https://vk.com/video_ext.php https://an.yandex.ru https://mc.yandex.ru https://yastatic.net https://*.youtube.com https://www.youtube-nocookie.com https://ok.ru/videoembed; img-src * data:; media-src * data: 2
frame-ancestors 'self' *.arcgis.com *.esri.com 2
base-uri 'none'; child-src 'self' blob: data: volvoconnect.com api.volvoconnect.com app.volvoconnect.com; connect-src 'self' *.api.here.com *.api.sanity.io *.apicalsolutions.com *.apicdn.sanity.io *.app.prod.shared.eu.vgtng.volvo.com *.demo.api.here.com *.execute-api.eu-north-1.amazonaws.com *.googleapis.com *.here.com *.hereapi.com *.lottiefiles.com *.ls.hereapi.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us-east-1.prod.aws.vgthosting.net *.prod.shared.us.vgtng.volvo.com *.pusherplatform.io *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com *.youtube.com api.volvoconnect.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.vgcs.volvo.com api.sanity.io api.volvotrucks.com apical.uksouth.cloudapp.azure.com apicdn.sanity.io assets.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gateway-prod.azure-api.net gdsp-resources.azureedge.net https://iot-vgcs-dc-gw.apicalsolutions.com/api/ prod-vgcs-dc-gw.apicalsolutions.com https://qa-vgcs-dc-gw.apicalsolutions.com/api/ login.volvoconnect.com login.microsoftonline.com login.prod.volvoconnect.com login.support.na.prod.vg-cs.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net oprepo.prod.shared.eu.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vconnect.sems.ws vfs-customerconnect-api.azurewebsites.net vfsvolvoconnectapidev.azurewebsites.net vg-vfs-volvoconnect-api-dev.azurewebsites.net vgcs-atom.s3.eu-north-1.amazonaws.com vtrucks.prod.sems.ws wss://*.app.prod.shared.eu.vgtng.volvo.com wss://*.app.prod.shared.us.vgtng.volvo.com wss://*.prod.shared.eu.vgtng.volvo.com wss://*.prod.shared.us.vgtng.volvo.com wss://*.pusherplatform.io wss://*.sendbird.com wss://api.volvoconnect.com wss://oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net wss://sendbird.com www.google-analytics.com www.volvobuses.com wss://57tklffer0.execute-api.eu-north-1.amazonaws.com nln43j2hm8.execute-api.eu-west-1.amazonaws.com vfsvolvoconnectapiqa.azurewebsites.net vfsvolvoconnectapiprod.azurewebsites.net *.vgcs-atom.com wss://logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net *.vgcs-atom.com wss://ws.transport-engine.prod.vgcs-atom.com transport-pattern.prod.vgcs-atom.com wss://*.vgcs-atom.com neuronths.com logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net resources.gdsp.volvo.com qa.natelematics.com *.adobedtm.com *.assetsadobe.com s3-eu.walkmeusercontent.com ec.walkme.com maps.gstatic.com api.natelematics.com us-east-1.quicksight.aws.amazon.com api.natelematics.com privacyportal-de.onetrust.com api.na.vgcs.volvo.com api.optifleet-evol.net demdex.net volvogroup.data.adobedc.net *.demdex.net *.everesttech.net everesttech.net *.adobedc.net adobedc.net api.optifleet.net api.renault-trucks.com *.volvobuses.com s3.eu-west-1.amazonaws.com volvobuses.com api.met.no volvobuses.com de.qa.l-os.com vbap-dev-euw-func-01.azurewebsites.net asddkawasdsdasd api.ko.vgcs.volvo.com *.prod.vg-cs.com wss://api.eu.vgcs.volvo.com wss://api.na.vgcs.volvo.com *.gdsp.volvo.com stage-volvobuses-com.aws.43636.vnonprod.com vbap-prod-euw-func-01.azurewebsites.net sentry.io *.sentry.io s3.eu-central-1.amazonaws.com api.eu.vgcs.volvo.com bbb; default-src volvoconnect.com; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.volvoconnect.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.volvoconnect.com blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.volvoconnect.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net *.gdsp.volvo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.volvoconnect.com api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.volvoconnect.com login.prod.volvoconnect.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org tag.manager.google.com tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; font-src 'self' *.googleapis.com *.screencast.com *.sendbird.com *.walkme.com 3b3ehuo35wzeh.cloudfront.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com chrome-extension: data: doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.volvoconnect.com maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com *.gdsp.volvo.com; form-action 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com volvoconnect.com api.volvoconnect.com login.volvoconnect.com api.na.vgcs.volvo.com api.eu.vgcs.volvo.com; frame-ancestors 'self'; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.volvoconnect.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.volvoconnect.com blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.volvoconnect.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net; img-src 'self' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com assets.volvo.com blob: buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d2qhvajt3imc89.cloudfront.net d3b3ehuo35wzeh.cloudfront.net data: dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.volvoconnect.com maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com ssl.gstatic.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com some.domain.somewhere s3-eu.walkmeusercontent.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.everesttech.net *.demdex.net demdex.net everesttech.net adobedc.net *.adobedc.net *.gdsp.volvo.com s3.eu-central-1.amazonaws.com asd; manifest-src 'self'; media-src assets.volvo.com *.vgcs-atom.com 'self' s3.eu-central-1.amazonaws.com; object-src 'none'; report-to csp-endpoint; report-uri https://55dafc20b00345383dabdc090f37b786.report-uri.com/r/t/csp/enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.volvoconnect.com api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.volvoconnect.com login.prod.volvoconnect.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org tag.manager.google.com tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net; style-src 'self' 'unsafe-inline' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.volvoconnect.com login.prod.volvoconnect.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; upgrade-insecure-requests; worker-src 'self' blob: data: eu-cdn.walkme.com *.walkme.com walkme.com; 2
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://js.appboycdn.com https://polyfill.io https://analytics.tiktok.com https://cdn.pdst.fm 'sha256-tugJqoPf7X2uqHgOWaae7aTIM3YprRfpRxsis23ke8Q=' 'sha256-ZhFP87cciS37uYEvdfRm4n49sodK2ZxPv7jiEYYS5i8=' 'sha256-zhPZteDOZxJblI6dgWh+atU2QJ64sivXUL15V31StCk=' 'sha256-aG6kMMHdH/Z9hK+eMaZJANrW2wsK8sGYz5UyFH+i3/o=' 'sha256-XPnKX8fj+vZrtZAoom2lMV0etZnxXrjAf7yWO4QeLaM=' 'sha256-iAydicCfNoGpOAtTWXbvR8Yzp1eueUQZrA16wIE1OL4=' 'sha256-pSpy+pBPy0HUQiY46i94MfLT2EoGVnP2733S63YC1og=' 'sha256-KKNq/1OtpqYzS4u4dTttf3kz3uCITT0ZYPGgTIzOmoo=' 'sha256-8dsSIGz252sz7rOLTvszqt/2gCg33KX3RJxjLtKxwMA=' 'sha256-uK3yorDdOTqp0AyWRVqBW/qKtFZ8jyTpHWQBWEPtEGA=' 'sha256-1R0R5FKN+G/4swwDHMpqIDgVMcCJFZ8fhAIwvCudQ7c=' 'sha256-cshYyI2jskutxB0i89pcV+W2nPo5iJIXE+1oL1ufyAU=' 'sha256-6hNtX4kWtSgUDaXQfYFXPC3Tzi0I6aBJ4qTGDy2Dasw=' https://staticcdn.co.nz; connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://*.sharesies.com https://*.uat.opsies.net.nz https://sdk.iad-05.braze.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.google-analytics.com https://rs.sharesies.com https://cdn.growthbook.io https://assets.ctfassets.net https://cdn.contentful.com https://api.convertkit.com https://analytics.tiktok.com https://analytics.pangle-ads.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://tagmanager.google.com https://use.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://use.fontawesome.com; img-src 'self' data: https://*.sharesies.com https://*.uat.opsies.net.nz https://*.sharesies.nz https://*.sharesies.com.au https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.intercomcdn.com https://*.intercomassets.com https://fairfax.demdex.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://adservice.google.co.nz https://adservice.google.com.au https://www.googleadservices.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.facebook.com https://connect.facebook.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu https://images.ctfassets.net https://sharesies.imgix.net https://beacon.krxd.net https://i.ytimg.com https://staticcdn.co.nz; media-src 'self' https://*.intercomcdn.com https://videos.ctfassets.net; frame-src https://intercom-sheets.com https://anchor.fm https://www.youtube.com https://embed.podcasts.apple.com https://open.spotify.com https://podcasters.spotify.com https://embed-standalone.spotify.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://omny.fm https://td.doubleclick.net/ https://staticcdn.co.nz; manifest-src 'self'; 2
default-src 'unsafe-inline' 'self' https://*.clarity.ms https://*.clarity.ms; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 2
default-src 'self' https://*.jeroenboschziekenhuis.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn1.readspeaker.com https://livechat.zaurus.io; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://hello.myfonts.net https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com; frame-src 'self' *.youtube.com player.vimeo.com app.readspeaker.com https://livechat.zaurus.io indiveo.services; child-src 'self' https://*.youtube.com https://player.vimeo.com https://*.readspeaker.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://www.google-analytics.com https://cdn1.readspeaker.com; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.readspeaker.com https://maps.googleapis.com; report-uri https://jeroenboschziekenhuis.report-uri.com/r/d/csp/enforce 2
default-src 'self'; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org https://ssl.google-analytics.com https://connect.facebook.net https://expressentry.melissadata.net https://globalemail.melissadata.net https://www.gstatic.com https://use.fontawesome.com https://calendar.time.ly https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://www.paypal.com/ https://www.sandbox.paypal.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com/ data:; connect-src 'self' https://globalemail.melissadata.net https://cdn.cookielaw.org/ https://biext.jafra.com https://www.google-analytics.com https://globalphone.melissadata.net https://personator.melissadata.net/ https://stats.g.doubleclick.net https://biextqa.jafra.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com; frame-src *; media-src * 2
default-src 'self' https://*.wistia.com https://*.wistia.net;         child-src blob:;          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.juicer.io/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://cc.cdn.civiccomputing.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/  https://tools.eurolandir.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://player.vimeo.com/api/player.js http://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://assets.calendly.com/ https://*.googletagmanager.com;          media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;          font-src 'self' data: https://fast.wistia.net/ https://static.juicer.io/fonts/ https://*.wistia.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ ;          style-src 'self' 'unsafe-inline' blob: https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fonts.googleapis.com/ https://assets.calendly.com/;          connect-src 'self' https://fast.wistia.net/ https://craneware-prelive.emperordev.com/ https://www.thecranewaregroup.com/ https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/  https://maps.googleapis.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ;          frame-src 'self' https://td.doubleclick.net/ https://craneware.my.salesforce-sites.com/ https://craneware.secure.force.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fast.wistia.net https://craneware.wistia.com/ https://tools.eurolandir.com/ https://fast.wistia.net/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://calendly.com/;         img-src 'self' data:  https://media.licdn.com/dms/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net  https://dashboard.umbraco.org/ https://public.craneware.com/  https://assets.calendly.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;          worker-src 'self' blob: 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.google.com *.google.ca *.omappapi.com *.hotjar.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.paypal.com *.kaptcha.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.google.com *.google.ca *.bing.com *.facebook.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.freshbots.ai *.paypal.com *.gstatic.com *.googletagmanager.com *.shopperapproved.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.youtube.com *.google.com *.google.ca *.doubleclick.net *.facebook.net *.facebook.com *.hotjar.com *.riskified.com *.clarity.ms *.cloudfront.net *.omappapi.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.forter.com *.cloudfront.net *.optnmstr.com *.newrelic.com *.hotjar.com *.nr-data.net *.shopperapproved.com *.bing.com *.freshbots.ai *.clarity.ms *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.addthisedge.com *.moatads.com *.nort.ca *.youtube.com *.google.com *.google.ca *.omappapi.com *.facebook.net *.facebook.com *.riskified.com *.doubleclick.net *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.noibu.com *.attn.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.omappapi.com *.freshbots.ai fonts.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.shopperapproved.com *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudfront.net *.forter.com *.omappapi.com *.hotjar.com *.doubleclick.net *.nr-data.net *.shopperapproved.com *.freshbots.ai *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.clarity.ms *.youtube.com *.google.com *.google.ca *.facebook.net *.facebook.com *.bing.com *.riskified.com *.klaviyo.com *.crazyegg.com *.hotjar.io *.pusher.com *.freshworksapi.com wss://rts-us.freshworksapi.com wss://ws.hotjar.com *.noibu.com wss://*.noibu.com *.attn.tv events.attentivemobile.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default 2
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: 'self' *; media-src *; object-src *; script-src data: 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://*.googletagmanager.com http://widget.trustpilot.com https://widget.trustpilot.com http://*.trustpilot.com https://*.trustpilot.com http://eu.fw-cdn.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://fonts.gstatic.com http://1786062.fls.doubleclick.net https://*.google.com https://cdn.mouseflow.com https://connect.facebook.net http://cdn.segment.com http://www.googleadservices.com https://www.facebook.com https://wchat.eu.freshchat.com https://580252997365538.eu.webpush.freshchat.com https://*.freshchat.com https://*.google.pl https://*.google.be https://*.google.ie https://*.google.nl https://*.google.co.za https://*.google.ae https://*.google.co.uk https://www.travelcounsellors.co.uk https://o2.mouseflow.com https://src.freshmarketer.eu https://mediacdn.travelcounsellors.com https://vjs.zencdn.net https://files.travelcounsellors.com https://content.travelcounsellors.com https://maps.googleapis.com https://www.youtube.com https://maps.gstatic.com https://cdn.cookielaw.org https://*.google.co.in https://p.typekit.net https://use.typekit.net *.typekit.net *.mouseflow.com https://geolocation.onetrust.com https://asset-store.public.qa.travelcounsellors.io https://testqa.travelcounsellors.com  data: w3.org/svg/2000; script-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://*.googletagmanager.com http://widget.trustpilot.com https://widget.trustpilot.com http://*.trustpilot.com https://*.trustpilot.com http://eu.fw-cdn.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://fonts.gstatic.com http://1786062.fls.doubleclick.net https://*.google.com https://cdn.mouseflow.com https://connect.facebook.net http://cdn.segment.com http://www.googleadservices.com https://www.facebook.com https://wchat.eu.freshchat.com https://580252997365538.eu.webpush.freshchat.com https://*.freshchat.com https://*.google.pl https://*.google.be https://*.google.ie https://*.google.nl https://*.google.co.za https://*.google.ae https://*.google.co.uk https://www.travelcounsellors.co.uk https://o2.mouseflow.com https://src.freshmarketer.eu https://mediacdn.travelcounsellors.com https://vjs.zencdn.net https://files.travelcounsellors.com https://content.travelcounsellors.com https://maps.googleapis.com https://www.youtube.com https://maps.gstatic.com https://cdn.cookielaw.org https://*.google.co.in https://p.typekit.net https://use.typekit.net *.typekit.net *.mouseflow.com https://geolocation.onetrust.com https://asset-store.public.qa.travelcounsellors.io https://testqa.travelcounsellors.com; object-src 'self'; frame-ancestors 'self' https://googletagmanager.com https://widget.trustpilot.com; 2
base-uri 'self'; connect-src 'self' https://netitwork.de https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://fast.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io; default-src data: ; font-src * 'self' data:; frame-src 'self' data: https://netitwork.de https://wp-rocket.me; img-src 'self' data: https://s.w.org https://ps.w.org https://netitwork.de https://wp-rocket.me https://fast.wistia.com https://distillery.wistia.com https://embed-ssl.wistia.com; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; script-src 'self' https://netitwork.de https://yoast.com https://beacon-v2.helpscout.net https://fast.wistia.com https://distillery.wistia.com https://embed-ssl.wistia.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com/s/ https://fonts.googleapis.com; worker-src 'self' blob: data:; 2
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; 2
frame-ancestors *.flock.com *.advantageclub.co https://teams.microsoft.com *.microsoft.com *.live.com *.outlook.com *.office365.com *.office.com *.greythr.com *.repute.net 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ad.ad-srv.net ad4m.at *.adition.com *.adsrvr.org api.xs2a.com *.audiencemanager.de *.bankofscotland.de *.ccm19.net *.ccm19.de cdn.cookielaw.org cdn.mateti.net connect.facebook.net *.cookiebot.com *.doubleclick.net *.facebook.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.intelliad.de *.kuponacdn.de netzwerk.uppr.de responder.wt-safetag.com siteimproveanalytics.com *.hotjar.com *.wcfbc.net *.webtrekk.net *.windows.net *.vimeo.com mastertag.kpcustomer.de *.hstatic.nl; style-src 'self' 'unsafe-inline' api.xs2a.com *.ccm19.de *.gstatic.com *.googleapis.com *.windows.net; object-src 'self' blob: *.lloydsbank.nl; base-uri 'self'; connect-src 'self' web.bankofscotland.de consentcdn.cookiebot.com r.mateti.net *.ccm19.de *.webtrekk.net api.xs2a.com  *.audiencemanager.de *.doubleclick.net *.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.vimeo.com vimeo.com *.uppr.de; font-src 'self' blob: data: *.gstatic.com *.googleapis.com *.googleusercontent.com; frame-src 'self' blob: hal9000.redintelligence.net ad.ad-srv.net *.vimeo.com vimeo.com consentcdn.cookiebot.com *.audiencemanager.de ad.ad-srv.net youtube-nocookie.com *.lloydsbank.nl *.advieskeuze.nl *.tools.hypotheekbond.nl ad4m.at opt.kuponacdn.de insight.adsrvr.org consentcdn.cookiebot.com *.adsrvr.org; img-src 'self' data: blob: x.bidswitch.net adservice.google.de *.adnxs.com *.ccm19.de *.amazonaws.com *.googletagmanager.com *.bankofscotland.de *.lloydsbank.nl *.doubleclick.net *.google-analytics.com *.intelliad.de api.xs2a.com *.siteimproveanalytics.io *.wcfbc.net *.webtrekk.net *.windows.net *.intelliad.de *.ad4m.at *.adserver01.de *.adition.com track.adform.net adservice.google.com *.smartadserver.com *.adscale.de *.twiago.com *.casalemedia.com *.financeads.net; manifest-src 'self'; media-src 'self'; worker-src 'none' 2
default-src 'self'; script-src 'self' 'unsafe-eval' *.pendo.io *.fullstory.com *.googleapis.com *.sharpen.cx *.fonticons.com *.cloudflare.com apps.usw2.pure.cloud 'sha256-l+mamxSQd/E6LJDBYU93M/9TOrNqGKLzCkpiM+TOdb8=' ; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharpen.cx *.fortawesome.com ; img-src 'self' blob: data: *.octanner.io *.appreciatehub.com *.octanner.com *.pendo.io *.cloudinary.com *.googleapis.com *.giphy.com; font-src data: *.appreciatehub.com *.gstatic.com *.amazonaws.com *.sharpen.cx *.fortawesome.com; connect-src 'self' blob: ws: wss: www.culturecloud.com *.octanner.io *.pendo.io *.fullstory.com *.googleapis.com *.sharpencx.com *.sharpen.cx *.launchdarkly.com *.giphy.com api-cdn.usw2.pure.cloud api.usw2.pure.cloud; frame-src app.pendo.io apps.usw2.pure.cloud; worker-src 'self' blob: ; media-src 'self' blob: *.sharpen.cx *.octanner.io *.appreciatehub.com; 2
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.here.tv https://appcmsprod.viewlift.com/;font-src https: data: 'self' code.ionicframework.com;img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 2
default-src 'self' ;style-src 'self' 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com/ https://www.googletagmanager.com/ blob:; img-src 'self' data: blob: ; font-src 'self' data:;frame-src youtube.com www.youtube.com www.google.com https://youtu.be/;child-src 'self' youtube.com www.youtube.com; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com/; 2
default-src 'self' 'unsafe-inline' *.snu.edu.in *.ytimg.com *.doubleclick.net *.sharethis.com *.googletagmanager.com *.google.com *.youtube.com *.youtube-nocookie.com *.googleusercontent.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.youtube.com *.jsdelivr.net *.googleapis.com *.google.com;frame-ancestors 'self' *.youtube.com; font-src 'self' *.gstatic.com *.cloudflare.com *.jsdelivr.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.jquery.com *.googletagmanager.com *.google.com *.gstatic.com *.youtube.com *.tradingview.com *.google-analytics.com *.googleadservices.com *.cloudflare.com 2
frame-ancestors 'self' http://testbaba.virtualcms.it 2
default-src 'self' gopuff.okta.com *.oktacdn.com; connect-src 'self' gopuff.okta.com gopuff-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com gopuff.kerberos.okta.com gopuff.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' gopuff.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' gopuff.okta.com *.oktacdn.com; frame-src 'self' gopuff.okta.com gopuff-admin.okta.com login.okta.com; img-src 'self' gopuff.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' gopuff.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 2
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net 2
frame-ancestors 'self' http://*.spok.com https://*.spok.com; font-src 'self' data: fonts.gstatic.com; 2
frame-ancestors https://*.passware.com 2
frame-ancestors 'self' *.netcine.ws netcine.ws 2
default-src 'self' https://wchat.freshchat.com https://hooks.stripe.com https://js.stripe.com;style-src 'self' 'unsafe-inline'  https://baremetrics-dunning.baremetrics.com/css/barepay.css https://wchat.freshchat.com/css/widget.css https://js.stripe.com/v3/* https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com/checkout.js https://www.google-analytics.com https://ajax.googleapis.com https://script.crazyegg.com use.fontawesome.com www.google.com cdnjs.cloudflare.com www.gstatic.com grok-2018.local:8890 www.googletagmanager.com d36mpcpuzc4ztk.cloudfront.net baremetrics-dunning.baremetrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://wchat.freshchat.com/js/widget.js  https://js.stripe.com https://hooks.stripe.com https://js.stripe.com/v3/*;connect-src 'self'  https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://dunning.baremetrics.com/customer_status https://script.crazyegg.com https://www.google-analytics.com https://checkout.stripe.com;object-src 'none';font-src 'self' data: https://fonts.gstatic.com/;img-src 'self' data: https://secure.gravatar.com https://www.google.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com https://q.stripe.com;frame-src https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://platform.twitter.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' libeskind.com *.libeskind.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com snap.licdn.com www.google-analytics.com www.googleadservices.com connect.facebook.net; frame-src 'self' libeskind.com *.libeskind.com www.facebook.com www.youtube.com player.vimeo.com; object-src 'self' 2
default-src 'self' data: https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net  https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://ssl.gstatic.com https://www.nzonscreen.com https://www.youtube.com https://boost.ngataonga.org.nz https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://connect.facebook.net https://linkhelp.clients.google.com https://www.youtube.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://l.yimg.com https://www.google-analytics.com; object-src 'self' https://www.nzonscreen.com https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz; img-src 'self' data: *.digitalnz.org *.natlib.govt.nz https://www.facebook.com https://www.nzhistory.net.nz https://cdn.knightlab.com https://teara.govt.nz https://www.googletagmanager.com https://maps.gstatic.com *.googleapis.com https://translate.google.com https://www.nzonscreen.com https://www.teara.govt.nz https://img.youtube.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://i.ytimg.com https://gg.govt.nz https://maps.google.com *.google-analytics.com *.analytics.google.com https://www.gstatic.com https://players.brightcove.net https://christchurchcitylibraries.com https://www.nzhistory.net.nz; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://cdn.knightlab.com https://www.youtube.com https://www.nzonscreen.com https://www.podbean.com https://www.google.com https://maps.google.co.nz https://www.googletagmanager.com https://players.brightcove.net; frame-ancestors 'self' https://player.vimeo.com https://www.nzonscreen.com https://www.youtube.com https://maps.google.co.nz https://www.podbean.com https://www.google.com https://cdn.knightlab.com https://players.brightcove.net https://www.youtube-nocookie.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://static3.avast.com; report-uri /report-csp-violation; upgrade-insecure-requests; form-action 'self'; base-uri 'self' 2
default-src 'self' bam-cell.nr-data.net bam.nr-data.net cm.everesttech.net thomsonreuterscorporategroupweb.sc.omtrdc.net *.demdex.net www.google-analytics.com www.googletagmanager.com www.adobetag.com *.facebook.net api.nasdaqomx.wallst.com www.google.com *.addthis.com *.addthisedge.com www.googleadservices.com thomsonreuterscorporategroupweb.d2.sc.omtrdc.net stats.g.doubleclick.net *.sharethis.com *.pixel.parsely.com www.recaptcha.net www.gstatic.com c212.net pixel.mathtag.com *.kscope.io *.globenewswire.com *.accesswire.com *.businesswire.com *.prnewswire.com *.c212.net *.youtube.com *.vimeo.com *.media-server.com ds-aksb-a.akamaihd.net media.corporate-ir.net *.unisonir.com http://cloudinary.com *.segment.com uninav.notified.com; connect-src 'self' *.uni.wdc.west.com *.sharethis.com *.unisonir.com *.demdex.net bam-cell.nr-data.net bam.nr-data.net api.segment.io thomsonreuterscorporategroupweb.sc.omtrdc.net *.akamaihd.net uninav.notified.com www.google-analytics.com *.kscope.io; font-src 'self' fonts.googleapis.com cloud.typography.com fonts.gstatic.com uninav.notified.com *.kscope.io; frame-src 'self' s7.addthis.com tools.eurolandir.com www.google.com *.sharethis.com api.nasdaqomx.wallst.com *.demdex.net www.recaptcha.net cloudinary.com https://player.cloudinary.com http://login.notified.com *.google.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.recaptcha.net js-agent.newrelic.com *.jquery.com *.gstatic.com bam-cell.nr-data.net bam.nr-data.net *.akamaihd.net uninav.notified.com assets.adobedtm.com https://code.jquery.com https://media-library.cloudinary.com https://uninav.notified.com https://unpkg.com https://upload-widget.cloudinary.com https://www.google.com www.google.com; script-src-elem 'self' 'unsafe-inline' *.uni.wdc.west.com s7.addthis.com www.google.com www.googletagmanager.com www.google-analytics.com siteimproveanalytics.com cdn.parsely.com www.adobetag.com www.recaptcha.net www.gstatic.com *.sharethis.com ds-aksb-a.akamaihd.net *.kscope.io *.unisonir.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net code.jquery.com cdn.segment.com browser-update.org assets.adobedtm.com https://code.jquery.com https://media-library.cloudinary.com https://uninav.notified.com https://unpkg.com https://upload-widget.cloudinary.com https://www.google.com; style-src 'self' 'unsafe-inline' uninav.notified.com fonts.googleapis.com https://uninav.notified.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.uni.wdc.west.com *.sharethis.com www.google.com ajax.googleapis.com *.kscope.io *.unisonir.com www.gstatic.com https://uninav.notified.com https://unpkg.com; form-action 'self' 2
default-src 'self' https://*; script-src  http://* https://* 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src 'self' https://* 'unsafe-inline'; img-src * data: 2
frame-ancestors https://www.facebook.com 2
frame-ancestors https://medinet.mediclin.de 2
frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/enforce; 2
default-src 'self' data: https: wss: 'unsafe-inline' 'unsafe-eval'; font-src data: https:; media-src blob: data: https: 2
frame-ancestors https: 2
frame-ancestors 'self' http://*.bokklubben.no:* https://*.bokklubben.no https://*.bokkilden.no 2
"upgrade-insecure-requests;" 2
default-src 'self' https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' 'unsafe-inline' http: https: data: blob:; connect-src 'self' https: blob:; worker-src 'self' https: blob: 2
default-src https: blob: 'self' 'unsafe-inline' 'unsafe-eval' http://ngl.cengage.com https://embed.widencdn.net https://cengage.widen.net https://ngl.cengage.com https://*.cengage.com/; connect-src http://ngl.cengage.com https://ngl.cengage.com https://*.survicate.com wss://*.zopim.com https://*.company-target.com https://*.demandbase.com https://*.zendesk.com https://*.zdassets.com  https://*.cengage.com https://*.cengage.ca https://analytics.pangle-ads.com/api/v2/pangle_pixel https://*.cengage.info https://*.googleapis.com https://*.optimizely.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.cookielaw.org https://*.bing.com https://*.onetrust.com https://*.hotjar.com http://*.hotjar.io wss://*.hotjar.com https://*.supporthero.io https://*.addthis.com https://cengage.force.com https://tr.snapchat.com https://*.snapchat.com https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com https://*.evergage.com https://*.mouseflow.com https://*.evgnet.com https://cdn.linkedin.oribi.io https://qvdt3feo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://*.zdassets.com https://*.evergage.com https://*.survicate.com https://*.demandbase.com https://*.company-target.com https://id.rlcdn.com https://*.cengage.com https://*.gstatic.com https://*.bing.com https://*.cookielaw.org https://*.onetrust.com https://*.rackcdn.com https://*.googleapis.com https://*.force.com https://cengage.my.salesforce.com https://*.salesforceliveagent.com https://sc-static.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://www.google.com https://snap.licdn.com https://*.vidyard.com https://cdn-cf.vidyard.com https://*.optimizely.com https://www.google-analytics.com https://img.en25.com https://*.eloqua.com https://static.ads-twitter.com https://analytics.twitter.com https://static.hotjar.com https://script.hotjar.com https://instant.page https://connect.facebook.net https://*.cloudfront.net https://www.youtube.com https://*.addthis.com https://*.addthisedge.com https://*.scribblecdn.net https://*.moatads.com https://*.clickcease.com https://*.tribalfusion.com https://analytics.tiktok.com https://cdn.evgnet.com https://cdn.evergage.com https://evergage.com https://dev.visualwebsiteoptimizer.com https://tags.srv.stackadapt.com https://*.mouseflow.com https://*.evgnet.com https://*.evergage.com https://cdn.linkedin.oribi.io https://tr.snapchat.com https://qvdt3feo.com; style-src 'self' 'unsafe-inline' data: *.visualwebsiteoptimizer.com https://*.evergage.com app.vwo.com s3.amazonaws.com http://ngl.cengage.com https://cengage.force.com https://service.force.com https://*.googleapis.com https://tags.srv.stackadapt.com/sa.css https://*.survicate.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com https://*.company-target.com https://td.doubleclick.net/ https://*.cengage.com https://*.google.com https://cengage.widen.net https://*.widencdn.net/ https://*.force.com https://*.goconsensus.com https://*.supporthero.io https://*.approvemyviews.com/ https://*.optimizely.com https://*.hotjar.com https://*.snapchat.com https://*.fls.doubleclick.net https://*.vidyard.com https://cdn-cf.vidyard.com https://*.adobe.com https://cengage.postclickmarketing.com https://*.addthis.com https://*.mayvenstudios.com https://www.youtube.com https://*.mouseflow.com; frame-ancestors 'self'; font-src 'self' data: https://*.gstatic.com https://*.googleapis.com https://*.mouseflow.com https://*.survicate.com; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com https://*.mouseflow.com wingify-assets.s3.amazonaws.com app.vwo.com https: data:; worker-src 'self' blob:; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://pininfarina.altamiraweb.com cdn.iubenda.com www.googletagmanager.com connect.facebook.net *.iubenda.com cdnjs.cloudflare.com www.mahindra.com vangogh-creative.it hits-i.iubenda.com www.facebook.com www.gravatar.com www.google-analytics.com www.gstatic.it widget.gleamjs.io *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdn.iubenda.com www.googletagmanager.com connect.facebook.net *.iubenda.com cdnjs.cloudflare.com www.mahindra.com vangogh-creative.it hits-i.iubenda.com www.facebook.com www.gravatar.com www.google-analytics.com www.gstatic.it *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com; img-src 'self' data: cdn.iubenda.com www.googletagmanager.com connect.facebook.net *.iubenda.com cdnjs.cloudflare.com www.mahindra.com vangogh-creative.it hits-i.iubenda.com www.facebook.com www.gravatar.com www.google-analytics.com www.gstatic.it secure.gravatar.com *.gleam.io *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com; connect-src 'self' *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: cdn.iubenda.com www.googletagmanager.com connect.facebook.net *.iubenda.com cdnjs.cloudflare.com www.mahindra.com vangogh-creative.it hits-i.iubenda.com www.facebook.com www.gravatar.com www.google-analytics.com www.gstatic.it data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' cdn.iubenda.com www.googletagmanager.com connect.facebook.net *.iubenda.com cdnjs.cloudflare.com www.mahindra.com vangogh-creative.it hits-i.iubenda.com www.facebook.com www.gravatar.com www.google-analytics.com www.gstatic.it; frame-src 'self' gleam.io *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; report-uri https://pininfarina.it/en/?gdsih-csp-report; 2
default-src 'self' 'unsafe-eval' *.sentry.io *.zopim.com *.zendesk.com *.zdassets.com wss://*.zendesk.com wss://*.zopim.com *.consentmanager.net *.giftmio.com *.posthog.com *.mitgo.tech *.gstatic.com *.google-analytics.com https://stats.g.doubleclick.net *.googletagmanager.com *.mindbox.cloud *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: gap: ws: wss: 'unsafe-inline'; child-src blob:; worker-src blob:; frame-src *.consentmanager.net *.google.com *.giftmio.com; img-src * data: blob: 'unsafe-inline'; 2
default-src 'self' hellonext.co *.hellonext.co *.stripe.com twitter.com *.twitter.com *.github.com *.workers.dev https://*.googletagmanager.com:* wss://*.hellonext.com localhost:* chrome-extension://* https://*.posthog.com https://app.posthog.com *.skcript.com cdn.skcript.com assets.production.skcript.com *.workers.dev *.cal.com;  child-src 'self' blob: https://featureos.app https://*.hellonext.co https://intercom-sheets.com https://share.intercom.io assets.production.skcript.com *.workers.dev;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.workers.dev hellonext.co *.hellonext.co https://*.hellonext.co https://*.posthog.com https://app.posthog.com https://*.intercom.io https://js.intercomcdn.com https://*.calendly.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com http://www.youtube.com/iframe_api *.ytimg.com *.twimg.com *.pirsch.io *.crisp.chat ajax.cloudflare.com static.cloudflareinsights.com *.cloudflareinsights.com cdn-serve.hellonext.co assets.production.skcript.com f.convertkit.com *.skcript.com *.featureos.app *.workers.dev *.cal.com;  style-src 'self' 'unsafe-inline' https://featureos.app https://*.hellonext.co *.crisp.chat https://*.posthog.com https://app.posthog.com *.skcript.com cdn.skcript.com *.googleapis.com assets.production.skcript.com *.workers.dev;  img-src * blob: data:;  media-src 'self';  connect-src *;  object-src *;  font-src 'self' https://api-iam.intercom.io https://intercom.help *.crisp.chat https://app-static-prod.posthog.com *.posthog.com *.hellonext.co *.skcript.com cdn.skcript.com *.googleapis.com *.gstatic.com cal.com;  frame-src giscus.app https://*.featureos.app https://featureos.app https://*.hellonext.co https://*.intercom.io https://calendly.com https://www.youtube-nocookie.com http://www.youtube.com/iframe_api *.alphaos.app https://www.youtube.com https://www.youtube.com/iframe_api https://embed.music.apple.com https://*.apple.com https://app.cal.com; 2
default-src https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: blob:; worker-src blob:; font-src data: https:; report-uri /internal/csp_report; connect-src https: wss://stage-ws.beaconama.net 2
frame-ancestors 'self' https://*.ariba.com https://fswlcdcqvm01.nyumc.org:8071 https://peoplesoftfscm.nyumc.org https://fswlcdcpvm01.nyumc.org:8236 https://psfsprd.shawinc.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' forms.rniito.ru formdesigner.ru rutube.ru yandex.ru vk.com login.vk.com; 2
upgrade-insecure-requests; frame-ancestors 'self'  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.fundlater.com.au; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.fundlater.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com intercom-sheets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com *.reviews.io *.reviews.co.uk *.redditstatic.com *.reddit.com *.spotify.com *.taboola.com pixel.byspotify.com evnt.byspotify.com streamyard.com *.streamyard.com https://streamyard.com/ *.oktopost.com *.okt.to okt.to *.linkedin.com *.licdn.com *.oribi.io *.googlesyndication.com analytics.tiktok.com 2
default-src 'none'; object-src 'none'; form-action 'self' https://sbsctest.e-paycapita.com:443/scp/scpws https://sbs.e-paycapita.com/scp/scpws/scpClient ; base-uri 'self'; connect-src 'self' *.google-analytics.com wss://iow.gov.uk/; img-src 'self' data: https: www.googletagmanager.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js https://browser-update.org/update.min.js https://browser-update.org https://widget.surveymonkey.com https://content.govdelivery.com https://content.govdelivery.com/accounts/UKIOW/widgets/UKIOW_WIDGET_1.js;style-src 'self' 'unsafe-inline' https://external-test.iow.gov.uk/; frame-src www.google.com https://iwc.maps.arcgis.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://app.powerbi.com/ https://widget.surveymonkey.com; font-src 'self' https://external-test.iow.gov.uk/; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' crm.zoho.com https://stats.wp.com https://c0.wp.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://c0.wp.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com *.vervent.com; frame-src 'self'; img-src 'self' https://i0.wp.com https://pixel.wp.com https://www.google.com https://www.google-analytics.com https://www.facebook.com; media-src 'self'; worker-src 'self' blob:; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.dokom21.de c.leadlab.click *.googleadservices.com *.trustedshops.com *.hotjar.com snap.licdn.com *.onlyfy.jobs www.youtube.com; connect-src 'self' wss://*.hotjar.com *.onlyfy.jobs *.usercentrics.eu *.analytics.google.com content.hotjar.io wss://wsp33.hotjar.com cdn.linkedin.oribi.io *.googletagmanager.com *.google-analytics.com *.iadvize.com *.googleapis.com *.dokom21.de t.leadlab.click *.hotjar.com stats.g.doubleclick.net *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; img-src 'self' *.dokom21.de maps.gstatic.com maps.googleapis.com googletagmanager.com data: googletagmanager.com *.tradedoubler.com *.usercentrics.eu www.google-analytics.com *.iadvize.com *.trustedshops.com *.linkedin.com *.google.com *.google.de; style-src 'self' 'unsafe-inline' fast.fonts.net *.iadvize.com; base-uri 'self';form-action 'self' *.dokom21.de service.dokom.net www.dokom21-webagent.de; object-src 'none'; frame-src 'self' *.onlyfy.jobs playout.3qsdn.com frontend.vlink.com *.google.com *.iadvize.com *.usercentrics.eu *.hotjar.com dokom21.jobbase.io www.youtube-nocookie.com; worker-src 'self' 'unsafe-inline' *.dokom21.de blob: ; frame-ancestors 'self' *.ipcentrex21.de http://127.0.0.1 http://localhost 2
frame-ancestors 'self' https://api.opentlv.com https://borne-leclerc.opentlv.com 2
frame-ancestors https://io.apply.creditkarma.com https://embedded.creditkarma.com 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.matchawards.com https://*.openplatform.us; font-src 'self' http://matchawards.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; img-src 'self' https: data: blob: http://matchawards.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css https://*.www.clickcease.com; media-src 'self' https: data: http://matchawards.com; frame-src 'self' https:; manifest-src 'self' http://matchawards.com; connect-src 'self' blob: http://matchawards.com ws://localhost:4000 ws://localhost:3035 http://localhost:3035 https://*.facebook.net https://*.facebook.com https://*.clarity.ms https://*.matchawards.com https://maps.googleapis.com http://172.16.13.226:8020 https://www.google-analytics.com https://apxl.io/script.js https://apxl.io/34cf5d42-e9e9-48ef-ba2d-59ed2c6f0c7e/tag https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com https://*.linkedin.com https://cdn.linkedin.oribi.io/partner/4032836/domain/localhost/token https://cdn.linkedin.oribi.io/partner/4032836/domain/matchawards.com/token https://*.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://matchawards.com https://*.facebook.net https://*.facebook.com https://*.clarity.ms https://*.matchawards.com https://www.google.com/recaptcha/api.js https://maps.googleapis.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://apxl.io/script.js https://apxl.io/34cf5d42-e9e9-48ef-ba2d-59ed2c6f0c7e/tag https://*.www.clickcease.com https://www.clickcease.com/monitor/stat.js https://cdn.useproof.com/proof.js https://*.hotjar.com/ https://a.remarketstats.com/px/smart/ https://a.clickcertain.com/px/smart/a/ https://*.hotjar.io wss://*.hotjar.com https://*.licdn.com https://*.doubleclick.net https://*.googlesyndication.com 2
default-src 'self' *.hotetec.com; worker-src 'self' blob:; connect-src 'self' ws: *.hotetec.com *.google.com *.googleapis.com *.optimizely.com one2guest.com consentimientos.com *.epica.ai *.useinsider.com *.hijiffy.com *.dataria.com *.talentclue.com *.yandex.ru *.aplazame.com *.relay-t.io *.hotelinking.com secure-relay.com *.secure-relay.com secure-hotel-tracker.com *.secure-hotel-tracker.com *.asksuite.com *.turitop.com api-oa.com *.oastatic.com *.criteo.com *.bing.com *.joyned.app *.cdnwebcloud.com *.clarity.ms *.smooch.io *.quicktext.im *.sendpulse.com *.reviewpro.com backend.fideltour.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.hotjar.com *.123compare.me 123compareme.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.pushtech.com *.thorbooking.com formbuilder.online *.affilired.com www.googleadservices.com www.google.es *.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com clientes.alisys.net *.majestic-resorts.com *.chatbot.com *.yandex.ru; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://www.studi.com/fr/report-uri/enforce 2
style-src https: 'self' 'unsafe-inline'; font-src https: 'self' data:; default-src https: wss://hotjar.com wss://*.hotjar.com; img-src https: 'self' data:; script-src https: 'self' 'unsafe-inline' 'self' 'unsafe-eval' 'self' blob: 2
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 2
default-src blob: * data: 'unsafe-inline' 'unsafe-hashes' 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';      script-src * data: blob: 'unsafe-inline' 'unsafe-eval';     connect-src * data: blob: 'unsafe-inline';     img-src * data: blob: 'unsafe-inline';     frame-src * data: blob: ;     style-src * data: blob: 'unsafe-inline';     font-src * data: blob: 'unsafe-inline';     frame-ancestors * data: blob:; 2
default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
frame-ancestors 'self' *; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2
frame-ancestors https://jionews.com/ https://jionewsdev1.jio.ril.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *  'self' data: https; style-src 'self' 'unsafe-inline';  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-inline' 'unsafe-eval' https://www.roechling.com https://jobs.roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://editors.roechling.com *.algolia.net *.algolianet.com; style-src 'unsafe-inline' https://www.roechling.com/ https://jobs.roechling.com https://editors.roechling.com *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro; img-src 'self' https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro data: *; frame-src 'self' https://player.vimeo.com/ *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://www.youtube-nocookie.com/ ; connect-src https://www.roechling.com/ https://jobs.roechling.com/ https://editors.roechling.com https://recruiting.roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro *.algolia.net *.algolianet.com; font-src 'self' https://jobs.roechling.com https://www.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro filesystem: *.algolia.net *.algolianet.com; object-src 'self' https://www.roechling.com *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro; 2
frame-ancestors 'self' https://*.free-work.com 2
worker-src 'self' blob: https: 'unsafe-inline' https://mcprod.hortifruti.com.br/; script-src http: https: https://mcprod.hortifruti.com.br/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' https://mcprod.hortifruti.com.br/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.adyen.com *.doubleclick.net *.getblue.io *.criteo.com *.googlesyndication.com *.facebook.com *.crazyegg.com https://trackcmp.net; 2
default-src: 'self'; 2
default-src 'self'; script-src 'self' chariz.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' chariz.com cdnjs.cloudflare.com; img-src 'self' data: blob: chariz.com activitypub.chariz.com *.chariz.cloud; font-src 'self' chariz.com cdnjs.cloudflare.com; connect-src 'self' api.chariz.com pkg.chariz.com wss://pkg.chariz.com chariz.nyc3.digitaloceanspaces.com *.ingest.sentry.io; media-src 'self' data: chariz.com activitypub.chariz.com cdn.chariz.cloud; child-src www.youtube-nocookie.com; frame-ancestors cydia.saurik.com; upgrade-insecure-requests; block-all-mixed-content; disown-opener 2
frame-ancestors https://events.searchengineland.com https://searchengineland.com 2
img-src 'self' www.google-analytics.com img.youtube.com *.s3waas.gov.in secure.gravatar.com *.twimg.com *.twitter.com data:;connect-src 'self' www.google-analytics.com *.s3waas.gov.in;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.google.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 2
frame-ancestors 'self' simplicate.nl; 2
script-src 'self' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net; frame-ancestors 'self' 2
frame-ancestors 'self' *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de; 2
frame-ancestors 'self' *.ardennes-etape.com ardennes-etape.com *.ardennes-etape.be ardennes-etape.be *.ardennes-etape.de ardennes-etape.de *.ardennes-etape.nl ardennes-etape.nl *.ardennes-etape.co.uk ardennes-etape.co.uk *.ardennes-etape.fr ardennes-etape.fr *.ardennes-neige.be ardennes-neige.be *.ardennen-sneeuw.be ardennen-sneeuw.be *.esoledad.net *.ster.esoledad.dom esoledad.net *.ster.esoledad.dom *.aev5.loc aev5.loc *.google-analytics.com *.analytics.google.com loc.ardennes-etape.com *.loc.ardennes-etape.com 2
frame-ancestors ‘self’ 2
default-src https: https://*.clarity.ms https://c.bing.com data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; object-src 'none'; img-src https: data:; connect-src https: wss:; frame-src  https: blob:; frame-ancestors https: https://*.studentbeans.com 2
default-src='self'; 2
https: 2
default-src 'self'; manifest-src https://book.thenetworkstate.com/ 'self'; img-src 'self' https://book.thenetworkstate.com/ blob:  https://thenetworkstate.com https://content.1729.com https://thenetworkstate.com https://*.thenetworkstate.com https://www.gravatar.com/avatar/ https://www.google.com/ads/ga-audiences https://www.google-analytics.com/collect https://*.twimg.com https://images.unsplash.com https://assets.thenetworkstate.com data:; script-src https://book.thenetworkstate.com/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'self'; style-src https://book.thenetworkstate.com/ 'unsafe-inline' blob: https://fonts.googleapis.com 'self'; frame-src 'self' https://platform.twitter.com https://docs.google.com https://www.youtube.com https://vars.hotjar.com https://www.eventbrite.com/checkout-external https://airtable.com; connect-src 'self' https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com  https://book.thenetworkstate.com/ https://content.1729.com https://devmirror.1729.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; object-src 'none'; base-uri https://book.thenetworkstate.com/; font-src https://book.thenetworkstate.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.googleapis.com blob: 'self'; frame-ancestors 'self' http://localhost:8000; form-action 'self'; upgrade-insecure-requests; report-uri https://o554709.ingest.sentry.io/api/5683592/security/?sentry_key=18129131b13248c9a875e0f224dfa881; 2
frame-ancestors 'self' *.k-asap.eu; 2
default-src 'self' 'unsafe-inline' data: sberanalytics.ru *.sberanalytics.ru 8kwky1agm3.a.trbcdn.net mc.yandex.ru *.adriver.ru *.sbermarketing.ru *.sberbank.ru kraken.rambler.ru top-fwz1.mail.ru yandex.ru 2
default-src 'self'; script-src 'self'  'unsafe-eval' 'unsafe-inline' *.googletagmanager.com https://silverairwayscorp.freshdesk.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://widget.freshworks.com https://visitor2.constantcontact.com/api/v1/signup_forms/39278f38-d530-4461-b7fa-f27d8eef9c05 https://web.powerva.microsoft.com/* https://*.googleadservices.com *.googleapis.com *.gstatic.com https://googleads.g.doubleclick.net/* www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com http://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://silverairwayscorp.freshdesk.com https://widget.freshworks.com http://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css *.googleapis.com https://web.powerva.microsoft.com *.googletagmanager.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://widget.freshworks.com https://silverairwayscorp.freshdesk.com *.googletagmanager.com *.azureedge.net *.gstatic.com www.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' *.azureedge.net data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; frame-src 'self' https://www.youtube.com https://silverairwayscorp.freshdesk.com https://silverairwayscorp.freshdesk.com/widgets/feedback_widget/new https://forms.office.com/Pages/ResponsePage.aspx?id=KJycH5sV70GXn0F7r1N4hB69l1YDxIxEooAkzy56W3JUQkZHM09XS1pVMlRGR1lRN0hBU0FCWVNXQy4u https://web.powerva.microsoft.com/environments/Default-1f9c9c28-159b-41ef-979f-417baf537884/bots/new_bot_422d86f741024235b3eae28e328b18bb/webchat https://www.google.com/recaptcha/ www.google.com%0d%0a  https://recaptcha.google.com; connect-src 'self' 'unsafe-inline' https://listgrowth.ctctcdn.com/v1/a18d6b97e126cb9e1d703077aa9824b0.json 'https://visitor2.constantcontact.com/api/* https://visitor2.constantcontact.com/api/v1/signup_forms/39278f38-d530-4461-b7fa-f27d8eef9c05  https://web.powerva.microsoft.com/* https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken* https://widget.freshworks.com https://silverairwayscorp.freshdesk.com *.googletagmanager.com *.googleadservices.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.google-analytics.com *.mktoresp.com *.visualstudio.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com community.narscosmetics.co.uk https://try.abtasty.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   worker-src * 'self' blob: assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * 'self' api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 2
default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com 2
upgrade-insecure-requests; default-src 'self' https:; style-src-elem 'self' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; frame-ancestors 'self' https: 2
frame-ancestors https://lunar-website-studio.vercel.app https://lunar-website-studio-staging.vercel.app https://lunar-website-studio-dev.vercel.app https://www.lunar.app 2
default-src 'self'; media-src 'self' 203.122.51.205 newsonair.gov.in newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' air.pc.cdn.bitgravity.com *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.p.jwpcdn.com www.gstatic.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com *.youtube.com *.google.com s.ytimg.com; img-src * data: *; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.youtube.com *.facebook.com; font-src 'self' data: use.fontawesome.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com; 2
frame-ancestors cases4real.org 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com cdn.optimizely.com lptag.liveperson.net www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com s7.addthis.com api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com turing.captcha.qcloud.com turing.captcha.gtimg.com www.clarity.ms;         img-src 'self' data: *.advantech.com *.advantech.com.cn www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.com.tw dev.visualwebsiteoptimizer.com px.ads.linkedin.com dashboard.whoisvisiting.com www.google-analytics.com fast.wistia.com embed-ssl.wistia.com advdownload.blob.core.windows.net hm.baidu.com img.videocc.net www.facebook.com advantechfiles.blob.core.windows.net www.googletagmanager.com www.linkedin.com c.clarity.ms; style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com; font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fonts.gstatic.com script.hotjar.com;         frame-ancestors 'self' *.advantech.com *.advantech.com.cn;         object-src 'none'; 2
script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.statcounter.com/counter/counter.js https://www.google.com/recaptcha/api.js; frame-ancestors 'none';child-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://vimeo.com; 2
default-src *; script-src *  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: https:; font-src * data: https:; 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 2
Content-Security-Policy: default-src https:; upgrade-insecure-requests 2
default-src 'self' blob: wss: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 2
default-src 'none'; style-src 'unsafe-inline' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https:; img-src data: https: blob:; connect-src https:; media-src https:; frame-src https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dev.azure.com https://login.microsoftonline.com/ https://spsprodcus2.vssps.visualstudio.com https://www.datadoghq-browser-agent.com http://www.datadoghq-browser-agent.com https://rum.browser-intake-datadoghq.com http://rum.browser-intake-datadoghq.com https://prefund-reporting.PROD.encompass-suite.com https://prefund-reporting-api.PROD.encompass-suite.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4558985839575040.storage.googleapis.com data.pendo.io; 2
default-src 'self' 'unsafe-inline' https://www.ifsttar.fr https://plausible.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tarteaucitron.io https://plausible.io https://*.tiktok.com https://*.facebook.net https://public.tableau.com https://*.audiomeans.fr https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://webapi.affluences.com/ https://ajax.googleapis.com/ajax/ https://static.affluences.media/ https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com api-public.addthis.com https://api-public-oci-origin.addthis.com https://*.addthis.com https://v1.addthisedge.com graph.facebook.com https://graph.facebook.com https://z.moatads.com https://widgets.pinterest.com https://vk.com/share.php https://www.odnoklassniki.ru/dk https://connect.ok.ru/dk; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://static.affluences.media https://platform.twitter.com https://*.twimg.com; font-src 'self' https://*.gstatic.com https://static.affluences.media/ data: ; frame-src 'self' https://www.dailymotion.com https://*.google.com https://spectremedia.org https://public.tableau.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://*.ephoto.fr https://*.univ-eiffel.fr https://*.univ-gustave-eiffel.fr https://maps.google.fr/ https://static.affluences.media/ https://embed.acast.com https://cdn.theconversation.com https://podcasts.ouest-france.fr https://datawrapper.dwcdn.net https://counter.theconversation.com  https://*.audiomeans.fr https://player.vimeo.com/ https://www.geoportail.gouv.fr/ https://www.facebook.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://clap.univ-eiffel.fr https://haltools.archives-ouvertes.fr https://archives-ouvertes.fr https://*.twitter.com https://www.youtube-nocookie.com http://*.u-pem.fr https://*.u-pem.fr https://*.vimeo.com https://upem.moveonfr.com https://view.genial.ly https://s7.addthis.com; img-src 'self' data: https://*.googletagmanager.com https://modele.univ-gustave-eiffel.fr https://*.tiktok.com https://*.facebook.com https://www.univ-gustave-eiffel.fr https://public.tableau.com https://*.twitter.com https://gallery.mailchimp.com/ https://*.google.fr https://*.google.com https://www.ifsttar.fr/ https://images.theconversation.com https://counter.theconversation.com https://i.ytimg.com https://gallery.mailchimp.com/ https://www.google-analytics.com https://template.univ-gustave-eiffel.fr https://static.affluences.media/ https://template.univ-gustave-eiffel.fr https://ssl.google-analytics.com https://*.twimg.com https://platform.twitter.com https://analytics.google.com https://www.addthis.com; connect-src 'self' 'unsafe-inline' https://plausible.io https://*.tiktok.com https://*.facebook.com https://*.doubleclick.net https://api.countapi.xyz/ https://www.ifsttar.fr https://media-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://cdn-eu.readspeaker.com/ https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com https://*.analytics.google.com https://www.google.fr https://*.addthis.com https://api-public.addthis.com; media-src 'self' 'unsafe-inline' https://podcast.u-pem.fr https://*.addthis.com https://api-public.addthis.com; frame-ancestors 'self' https://*.eudonet.com 2
frame-ancestors agom.net 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms ; connect-src 'self' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.intercom.io *.tawk.to cdnjs.cloudflare.com connect.facebook.net i.imgur.com js.intercomcdn.com plausible.io uploads.intercomcdn.com uploads.intercomusercontent.com wss://www.smsapi.bg wss://www.smsapi.com wss://www.smsapi.pl wss://www.smsapi.ro wss://www.smsapi.se wss://*.hotjar.com wss://*.intercom.io wss://*.tawk.to www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ bat.bing.com sgtm.smsapi.pl *.clarity.ms *.oribi.io *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https://*.googlesyndication.com/ px.ads.linkedin.com/wa/ ; frame-src *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube-nocookie.com *.youtube.com youtube.com consentcdn.cookiebot.eu www.facebook.com www.google.com/recaptcha/ www.googletagmanager.com ; img-src data: blob: 'self' *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.facebook.com *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.intercomcdn.com *.smsapi.com *.smsapi.pl *.tawk.to *.twimg.com *.youtube.com *.ytimg.com *.zapier.com cdn.jsdelivr.net i.imgur.com messenger-apps.intercom.io *.linkedin.com static.intercomassets.com uploads.intercomusercontent.com www.googletagmanager.com zapier-images.imgix.net *.bing.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws img.sct.eu1.usercentrics.eu; style-src 'unsafe-inline' 'self' *.erecruiter.pl *.fontawesome.com *.smsapi.com *.smsapi.pl *.tawk.to fonts.googleapis.com ; font-src 'self' *.fontawesome.com *.hotjar.com *.hotjar.io *.tawk.to cdnjs.cloudflare.com fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com ; child-src fast.wistia.net intercom-sheets.com player.vimeo.com share.intercom.io www.intercom-reporting.com www.youtube.com ; form-action 'self' *.facebook.com api-iam.intercom.io app.marketingplatform.com intercom.help ; media-src 'self' *.tawk.to js.intercomcdn.com ; worker-src 'self'; report-to csp-report-endpoint; report-uri /api/next/report-csp; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net sanomapro.containers.piwik.pro sanomapro.piwik.pro www.youtube-nocookie.com api.addsearch.com zefzhat.appspot.com storage.googleapis.com commondatastorage.googleapis.com stats.livezhat.com yoast.com unpkg.com youtube-nocookie.com google.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' sanomapro.containers.piwik.pro cdn.jsdelivr.net connect.facebook.net googleads.g.doubleclick.net google.com www.google.com www.gstatic.com zefzhat.appspot.com storage.googleapis.com commondatastorage.googleapis.com stats.livezhat.com yoast.com unpkg.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdn.jsdelivr.net google.com www.google.com commondatastorage.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: s3-eu-west-1.amazonaws.com d20vwa69zln1wj.cloudfront.net spro-trinity-wordpress-prod.s3.eu-west-1.amazonaws.com spro-magento2-prod.sanomapro.fi i.ytimg.com www.facebook.com www.google.com www.google.es www.google.fi zefzhat.appspot.com tuotteet.sanomapro.fi s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: www.googletagmanager.com; connect-src 'self' sanomapro.containers.piwik.pro sanomapro.piwik.pro api.addsearch.com stats.livezhat.com zefzhat.appspot.com www.googletagmanager.com; font-src 'self' data: storage.googleapis.com data:; frame-src 'self' youtube-nocookie.com www.youtube-nocookie.com www.google.com td.doubleclick.net www.facebook.com plugins.flockler.com www.youtube.com www.googletagmanager.com; child-src 'self' *.sanomapro.fi blob: www.youtube.com www.googletagmanager.com; 2
frame-ancestors 'self' *.vu.lt 2
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 2
frame-ancestors live-75396-nim-nestlecorporate-unitedstatesofamerica.pantheonsite.io 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://s.adroll.com https://d.adroll.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://*.yinshen.top https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.site https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.xjpy8.com https://*.cnbitget.com https://*.bitget.fit https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://cdn.builder.io https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.glassgs.com https://*.bitget.media;connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com wss://*.bitget.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://s.adroll.com https://d.adroll.com https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://*.yinshen.top https://gateway.test.95516.com wss://*.itbitget.com https://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com wss://*.bitget.site https://*.bitget.site https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.xjpy8.com https://*.cnbitget.com https://*.bitget.fit wss://*.bitget.live wss://*.bitget.cloud wss://*.bitgetapp.com wss://*.bitget.vin wss://*.bgportable.com wss://*.bitget.style wss://*.bjxnyj.com wss://*.94wz.xyz wss://*.59ow.com wss://*.bitget.fit wss://*.pujieco.com wss://*.xjpy8.com wss://*.cnbitget.com wss://*.gdrichem.com wss://*.yinshen.top https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.gdrichem.com https://*.yinshen.top:8443 https://*.omkbic.com:8443 https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com wss://*.d14x4.com wss://*.minigitlab.top wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com wss://*.ada.support wss://*.checkout.com https://cdn.builder.io https://*.onfido.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com wss://*.bitget.media https://*.bitget.media https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443; frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.bitgetimg.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://*.yinshen.top https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.site https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.xjpy8.com https://*.cnbitget.com https://*.bitget.fit https://*.saintpay.com https://*.skypay.space https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://*.glassgs.com https://www.bitgetwidget.com https://*.nihaopay.com https://onramp.money https://*.bitget.media; frame-ancestors 'self' https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin; report-uri https://64daf6801f5fef086f32761c.endpoint.csper.io?v=22; 2
default-src 'self'; style-src  'unsafe-inline' 'self'     https://ajax.googleapis.com/      https://fonts.googleapis.com ; style-src-elem  'unsafe-inline' 'self'     https://fonts.googleapis.com/     https://ajax.googleapis.com/     https://cdn.jsdelivr.net/ ; img-src 'self' 'unsafe-inline' data:     https://waitlistcheck.com/     https://www.waitlistcheck.com/     https://i.vimeocdn.com/     https://paymentrouter-trunk.redmz.mrisoftware.com/     https://beta.waitlistcheck.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://www.googleapis.com/     https://www.google-analytics.com/; script-src  https://www.google-analytics.com/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/     'unsafe-inline' 'unsafe-eval' 'self' ; script-src-elem 'self' 'unsafe-inline'     https://stackpath.bootstrapcdn.com/     https://cdn.jsdelivr.net/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/ ;font-src 'self' data: https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com/  ; frame-src 'self'     https://www.youtube.com/     https://youtube.com/     https://player.vimeo.com/     https://www.google.com/ 2
frame-ancestors https://hub.balaan.io https://*.balaan.co.kr https://balaan.co.kr https://admin.balaan.io 2
default-src 'self' region1.google-analytics.com region1.analytics.google.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com; base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://teddytor.abtasty.com https://api2.abtasty.com try.abtasty.com region1.google-analytics.com region1.analytics.google.com analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.addthis.com *.addthisedge.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net comptoir.candidats.talents-in.com r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com z.moatads.com; connect-src 'self' *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.addthis.com *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net comptoir.candidats.talents-in.com consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gtm.js wss://*.bing.com; img-src 'self' editor-assets.abtasty.com *.contentsquare.net data: *; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' csxd.comptoirdesvoyages.fr *.addthis.com *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com; object-src 'none' 2
default-src 'self' 'unsafe-inline' cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; img-src delivery.consentmanager.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org cdn.consentmanager.net b.delivery.consentmanager.net 'self' data: image; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.psw-group.de consent.cookiebot.com consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src-elem 'self' 'unsafe-inline' matomo.psw-group.de consent.cookiebot.com consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org delivery.consentmanager.net cdn.consentmanager.net b.delivery.consentmanager.net; script-src-attr 'self' 'unsafe-inline' matomo.psw-group.de consent.cookiebot.com consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com; connect-src 'self' matomo.psw-group.de *.consentmanager.net consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com cdn.consentmanager.mgr.consensu.org region1.google-analytics.com; style-src-elem cdn.consentmanager.mgr.consensu.org delivery.consentmanager.net cdn.consentmanager.net 'self' 'unsafe-inline'; frame-src 'self' consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com cdn.consentmanager.mgr.consensu.org cdn.consentmanager.net 2
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fensterversand.com *.fensterversand.at *.fenetre24.com *.fenetre24.be *.haustueren.de *.finestre.com *.ventanas.es *.windows24.com *.k8s.nng-stage.de *.nng-prod.de *.amazonaws.com *.cloudflare.com *.cloudfront.net *.google.com *.google.de *.googleapis.com *.googlecode.com *.googletagmanager.com *.gstatic.com *.attributy.com *.spoteffects.net *.google-analytics.com *.googlecommerce.com *.googleadservices.com unpkg.com *.matomo.cloud *.etrusted.com *.trustedshops.com *.bootstrapcdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.jquery.com *.typeform.com *.doubleclick.net *.userlike.com wss://*.userlike.com userlike-cdn-umm.b-cdn.net *.optimizely.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io data: *.geschuetzteinkaufen.commerzbank.de *.usd.de *.ogone.com *.sofort.com *.billpay.de *.paypal.de *.paypal.com *.paypalobjects.com *.pay1.de *.klarnacdn.net *.klarna.com *.klarnaevt.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.hotjarconsent.com *.mouseflow.com *.bing.com *.mozilla.org *.jsdelivr.net *.trackjs.com *.consensu.org *.consentmanager.net *.taboola.com *.googleusercontent.com cdn.datatables.net *.criteo.com *.twiago.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.emxdgt.com 2
object-src 'self' blob; 2
default-src 'self'; font-src 'self' *.bootstrapcdn.com https://fonts.googleapis.com *.gstatic.com https://*.hotjar.com data:; img-src 'self' *.linkedin.com *.facebook.com *.adsymptotic.com *.google-analytics.com *.brf-global.com https://optanon.blob.core.windows.net *.googletagmanager.com *.gravatar.com *.cookielaw.org *.google.com *.google.com.br *.gstatic.com *.googleapis.com *.google.com https://*.hotjar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.google-analytics.com *.cookielaw.org *.cloudflare.com https://connect.facebook.net https://snap.licdn.com *.bootstrapcdn.com https://www.googletagmanager.com *.google.com *.google.com.br *.gstatic.com *.youtube.com https://cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://*.hotjar.com *.addtoany.com *.instagram.com https://viacep.com.br; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.hotjar.com; connect-src 'self' *.cookielaw.org *.onetrust.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.google.com *.linkedin.com https://cdn.linkedin.oribi.io *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' *.service-now.com *.google.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.hotjar.com *.addtoany.com *.instagram.com *.facebook.com 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com http://*.scarabresearch.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://pay.google.com https://trck.spoteffects.net https://googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://www.google.com/pagead/ https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com https://googleads.g.doubleclick.net https://*.creativecdn.com https://website-overlay.zenloop.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://tagmanager.google.com www.googletagmanager.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com https://*.creativecdn.com https://website-overlay.zenloop.com; font-src 'self' https://themes.googleusercontent.com data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://pay.google.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com https://pay.google.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: https://www.google-analytics.com https://analytics.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://*.taboola.com https://ctx-nsp-sell-watches-stage.s3.eu-central-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://pricing-engine.ful.chronext.com https://pay.google.com https://prs.stage.chronext.com https://prs.ful.chronext.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://api.zenloop.com https://maps.googleapis.com https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://workshop.stage.chronext.com https://workshop.ful.chronext.com https://support-service.stage.chronext.com https://support-service.ful.chronext.com https://google.com https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2
frame-ancestors https://cms.talent-pool.com 2
img-src 'self' https://hkemobility.gov.hk blob: data: https://*.hkemobility.gov.hk https://api.hkmapservice.gov.hk https://resource.data.one.gov.hk https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://*.ggpht.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; font-src 'self' data: https://fonts.gstatic.com; default-src 'self'; script-src 'self' 'sha256-YovJ3kTtWMqDNag5s4GloG0bOrUzSG2d62fMKN55J74=' 'sha256-Oc6dELoS6GoAdiVKwoOr0fZdgIjnvecIsBzZtCiBi9Q=' 'sha256-PEK7EhnUsVK79aa+ZQNCURBIsCfE7tMImnV4+cCNjEA=' https://www.google.com/recaptcha/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; media-src 'self' blob: https://www.gstatic.com/recaptcha/; frame-src 'self' https://*.google.com/; connect-src 'self' https://maps.googleapis.com/; worker-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net connect.facebook.net www.facebook.com www.googletagmanager.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests 2
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval'; 2
default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/; media-src * data: blob:; worker-src * data: blob: 2
frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 2
connect-src https://*.ospito.nl https://*.googleapis.com https://*.gstatic.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://api.thegreenwebfoundation.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 2
default-src 'self' https: 'unsafe-inline';img-src 'self' data: https:;font-src 'self' data: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:;object-src 'none';form-action 'self';frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
script-src 'unsafe-inline' 'self' 'unsafe-eval'; style-src * 'unsafe-inline' data: ; img-src * data: blob:; frame-src 'self' buildamerica.com creditsummaries.assuredguaranty.com *.lumesis.com munipoints.com www.munipoints.com; connect-src www.google-analytics.com 'self' ; default-src 'self' data:; report-uri /tmc/servlet/error/csp 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.k-24.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 2
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';   script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://analitica.dacoruna.gal https://www.youtube.com;   img-src 'self' data: blob: https://cas.dacoruna.gal;   frame-src 'self' https://www.google.com https://www.youtube.com https://calendar.google.com https://accounts.google.com;   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com;   connect-src 'self' https://analitica.dacoruna.gal; 2
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2
frame-ancestors https://www.facebook.com/ 2
frame-ancestors tarketthome.com www.tarketthome.com 2
script-src 'self' https://masterbot-chat-onemrva-ori-prod.apps.cloud.sodigital.io https://masterbot-chat-onemrva-ori-dev.apps.cloud.sodigital.io https://web-chat.global.assistant.watson.appdomain.cloud https://analytics.onem.be https://cdn.gcloud.belgium.be https://analytics.socialsecurity.be https://www.flexmail.eu https://openfed.github.io https://squizlabs.github.io; frame-ancestors 'self' https://masterbot-chat-onemrva-ori-prod.apps.cloud.sodigital.io https://masterbot-chat-onemrva-ori-dev.apps.cloud.sodigital.io 2
default-src blob: data: http: https: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.bathandbodyworks.pl *.bathandbodyworks.ro; style-src 'unsafe-inline' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; 2
frame-ancestors 'self' https://atletismofaa.es http://fvaeaf.org https://fvaeaf.org http://www.fvaeaf.org https://www.fvaeaf.org https://www.facv.es 2
default-src ws: http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-src 'self' *.amazon.de *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self' www.livechat.com *.livechatinc.com data:; style-src 'self' 'unsafe-inline' cdn.livechat-static.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.livechatinc.com; font-src 'self' data:; connect-src 'self' https://geoip.nekudo.com 2
default-src 'self' https://player.vimeo.com https://www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://player.vimeo.com https://www.google-analytics.com https://www.buzzsprout.com https://www.termsfeed.com https://analytics.tiktok.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com https://pro.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://use.typekit.net/ https://p.typekit.net;font-src 'self' data: https://fonts.gstatic.com https://unpkg.com https://pro.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://use.typekit.net/;img-src 'self' data: https://www.poetryinternational.org https://www.google-analytics.com;connect-src 'self' https://ka-p.fontawesome.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://kit.fontawesome.com/;frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.educaplay.com https://www.buzzsprout.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data:; media-src * blob: 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com *.analytics.google.com https://www.google.com *.gstatic.com maps.googleapis.com www.facebook.com baramundi.live; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gartner.com; img-src * data: blob: 'unsafe-inline' 'self' data: https://www.google-analytics.com www.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net maps.googleapis.com *.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.gartner.com https://www.facebook.com/ https://baramundi.live/; connect-src 'self' https://www.google.de/ https://cdn.linkedin.oribi.io/ https://cdn.consentmanager.net/ https://d.delivery.consentmanager.net/ https://www.google-analytics.com *.analytics.google.com maps.googleapis.com https://maps.googleapis.com/ www.google-analytics.com https://stats.g.doubleclick.net http://ipinfo.io https://www.google.com https://googleads.g.doubleclick.net; frame-ancestors 'self' https://www.it-daily.net/ https://www.dataconnector1.com https://dataconnector1.com https://plugilo.com/ https://www.plugilo.com/ 2
default-src: 'self'; script-src: 'self' www.your-freedom.net 2
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; 2
default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-r1eFpru1CrxDaAH5d03flbU3Dd2prcWxvprI2COfRII=' 'self' 2
default-src 'self' *.googlesyndication.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 2
default-src 'self' *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ *.googlesyndication.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/  *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/; style-src 'self' *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/  *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ 'unsafe-inline'; script-src 'self' https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.adnxs.com/ *.vivenio.de/ *.doubleclick.net/ *.amazon-adsystem.com/ *.google.ie/ *.google.co.in/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr  *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.sxp.smartclip.net/ *.rubiconproject.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.force.com/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/; frame-src 'self' *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.paypal.com  *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.tagcommander.com/ *.force.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/; connect-src 'self' https://bam.eu01.nr-data.net/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.de/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.my.site.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.force.com/ *.salesforce-sites.com/ *.google-analytics.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/; font-src 'self' *.danone-dtc.net *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/  https://squarelovin.com/ *.googlesyndication.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/; media-src 'self' *.lpsnmedia.net/ *.squarelovin.com/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/ *.googlesyndication.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ 2
default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; worker-src blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' *.dja.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net checkout.wompi.co *app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 2
frame-ancestors 'self' https://www.slipcase.com http://marketplace.marsh.com https://www.insubuy.com https://brokersnexus.com https://www.ficoh.com/world-trips/ 2
frame-ancestors 'self' https://*.youtube.com 2
frame-ancestors https://*.procampaign.net 2
upgrade-insecure-requests; default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com https://s.yimg.com https://sp.analytics.yahoo.com *.fihtrader.com *.vestle.com appleid.cdn-apple.com *.livechatinc.com *.appier.net https://sc-static.net https://*.snapchat.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com *.wistia.com *.livechatinc.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net *.iforex.co.uk *.vestle.com https://s.yimg.com *.fihtrader.com *.google.com *.iforex.eu *.iforexcrypto.com https://api.livechatinc.com *.twitter.com *.naver.com *.appier.net *.snapchat.com; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com *.iforex.co.uk *.fihtrader.com *.livechatinc.com *.snapchat.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com *.wistia.com *.livechatinc.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.iforex.co.uk *.vestle.com *.iforex.eu *.iforexcrypto.com *.fihtrader.com; report-uri https://content.webapi-services.net/api/cspreport; 2
script-src 'report-sample' 'self' https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js https://chat-plugin.easychat.co/easychat.js https://turing.captcha.qcloud.com/TCaptcha.js https://connect.facebook.net/en_US/fbevents.js fast.wistia.com  www.googletagmanager.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net turing.captcha.gtimg.com turing.captcha.qcloud.com wasm-eval 'unsafe-inline' 'unsafe-eval' blob: ; 2
default-src 'self' *.googleapis.com https://s.ytimg.com *.ytimg.com *.youtube.com spie-web.azurewebsites.net http://spie-web.azurewebsites.net spie-web-preprod.azurewebsites.net tagmanager.google.com www.youtube-nocookie.com www.google.com *.google.com https://system.erecruiter.pl https://spie-medientechnik.de/ https://smartfm.force.com/smartfm https://player.podigee-cdn.net https://forms.office.com https://lib.spie.com https://lib.spie.com/media/ https://keepeek.spie.com *.piwik.pro *.cookiebot.com https://arcg.is/KueT4 https://experience.arcgis.com/experience/21bd688ae2024b4886b32559d4c2dca4/?draft=true&org=SPIE https://spie-sempercon.azurewebsites.net/ https://spie.dvinci-hr.com https://static.dvinci-easy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://az416426.vo.msecnd.net www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com tagmanager.google.com *.cookiebot.com https://skk.erecruiter.pl https://system.erecruiter.pl https://player.podigee-cdn.net *.piwik.pro *.cookiebot.com https://spie.dvinci-hr.com https://static.dvinci-easy.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com tagmanager.google.com https://skk.erecruiter.pl *.cookiebot.com https://static.dvinci-easy.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cookiebot.com; img-src 'self' spie.azureedge.net *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com http://spie-qa.azurewebsites.net *.ytimg.com tagmanager.google.com https://system.erecruiter.pl spie.dvinci-hr.com *.piwik.pro; media-src 'self' data: blob: spie.azureedge.net www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self'; 2
script-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.gstatic.com https://az416426.vo.msecnd.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.datatables.net https://www.google.com https://maxcdn.bootstrapcdn.com/;form-action 'self'; style-src 'self' 'unsafe-inline' https://maps.googleapis.com/  https://fonts.googleapis.com  https://cdn.datatables.net https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/;font-src 'self' https://fonts.gstatic.com/ https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self'; img-src 'self' https://cms.chathamcountyga.gov/ https://i.vimeocdn.com https://cccdn.blob.core.windows.net/ https://www.google-analytics.com/ https://i.ytimg.com https://ytimg.com 2
frame-ancestors thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 2
frame-ancestors 'self' *.enagic.mobi *.enagic.com *.enagic.ca *.enagiceu.com *.enagicwebsystem.com 2
default-src 'self'; script-src 'self' 2
default-src 'self' https: wss:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https:;font-src 'self' data: https: 2
frame-ancestors 'self' *.volusion.com 2
frame-ancestors https://plm.corp.global https://plm.corp.global:4430 https://partmatrix.ad.corp.global https://partmatrix.ad.corp.global:2100 https://partmatrix.ad.corp.global:3100 https://nva-av-partm01p.ad.corp.global:3100 https://plmuat.corp.global https://plmuat.corp.global:4430 https://plmuat.corp.global:443 https://partmatrixawsdev.ad.corp.global:8100 https://partmatrixawsdev.ad.corp.global https://plmdr.corp.global https://plmtrn.corp.global https://staging.portal.mythermoking.com https://nva-av-tkweb1pr.ad.corp.global https://login.microsoftonline.com 2
default-src 'unsafe-inline' 'self' https:; img-src 'self' data: https:; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; 2
default-src 'none'; script-src 'self'; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 2
frame-ancestors 'self';script-src 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; 2
default-src 'self' 'unsafe-inline' https: 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com http://manager.agilitycms.com *.scotiabank.com *.scotiabank.fi.cr;script-src 'self' 'unsafe-inline'  *.agilitycms.com *.google.com *.google.ca *.google.co.cr *.google.com.br www.googletagmanager.com  *.google-analytics.com  *.googleadservices.com  googleads.g.doubleclick.net  *.gstatic.com assets.adobedtm.com  *.clicktale.net *.contentsquare.net  *.contentsquare.com  *.scotiabank.fi.cr  *.scotiabank.com  chat02.emg-livechat.com  site02.emg-livechat.com:8443   www.beneficiosenlinea.com  sbcrbienesalaventa.com  www.elempleo.com  code.jquery.com  prod2-live-chat.sprinklr.com  live-chat-static.sprinklr.com www.scotiabankcr.com;worker-src blob:;img-src 'self'  *.agilitycms.com  *.google.com  *.google.ca  *.google.co.cr  *.google.com.br  www.googletagmanager.com  *.google-analytics.com   *.googleadservices.com   googleads.g.doubleclick.net   *.gstatic.com  assets.adobedtm.com  *.clicktale.net  *.contentsquare.net   *.contentsquare.com   *.scotiabank.fi.cr  *.scotiabank.com  scotiabankfiles.azureedge.net  chat02.emg-livechat.com  site02.emg-livechat.com:8443  www.beneficiosenlinea.com  sbcrbienesalaventa.com  dpm.demdex.net  www.elempleo.com  prod2-live-chat.sprinklr.com   live-chat-static.sprinklr.com   prod2-sprcdn-assets.sprinklr.com ;connect-src 'self' 'unsafe-inline'  *.agilitycms.com *.google.com *.google.ca *.google.co.cr *.google.com.br www.googletagmanager.com *.google-analytics.com  *.googleadservices.com  *.g.doubleclick.net  *.gstatic.com assets.adobedtm.com *.clicktale.net *.contentsquare.net  *.contentsquare.com  *.scotiabank.fi.cr *.scotiabank.com scotiabankfiles.azureedge.net chat02.emg-livechat.com www.beneficiosenlinea.com sbcrbienesalaventa.com dpm.demdex.net www.elempleo.com  prod2-live-chat.sprinklr.com  live-chat-static.sprinklr.com  prod2-sprcdn-assets.sprinklr.com www.scotiabankcr.com; 2
frame-ancestors *.mcdonalds.cz *.mcdonalds.sk *.mcdonalds360.cz *.mcdonalds360.sk; form-action *.mcdonalds.sk *.mcdonalds.cz tr.snapchat.com; object-src 'none'; 2
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; media-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookielaw.org *.facebook.net *.pricespider.com *.segment.com pghub.io *.doubleclick.net *.crazyegg.com *.zeotap.com *.adsrvr.org *.mapbox.com cdnjs.cloudflare.com *.googleapis.com *.googletagmanager.com *.google-analytics.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: cdn.pricespider.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io *.adsrvr.org *.facebook.com *.tapad.com *.doubleclick.net *.pg.com ; img-src 'self' data: images.ctfassets.net *.tapad.com *.google-analytics.com *.google.com *.google.cz *.facebook.com *.cookielaw.org *.googleapis.com *.pricespider.com *.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.adsrvr.org *.segment.io *.segment.com *.crazyegg.com *.zeotap.com *.facebook.com *.doubleclick.net *.mapbox.com *.pricespider.com www.googletagmanager.com *.googleapis.com *.google-analytics.com *.googlesyndication.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 2
default-src 'self'; connect-src 'self' cdn.cookielaw.org privacyportal-de.onetrust.com onetrust.com prowebce.com metrics.prowebce.com *.google-analytics.com cdn.linkedin.oribi.io www.google-analytics.com stats.g.doubleclick.net *.analytics.google.com google.fr www.googletagmanager.com googletagmanager.com *.g.doubleclick.net *.google.com; frame-src 'self' https://www.facebook.com bid.g.doubleclick.net; img-src 'self' data: cdn.cookielaw.org www.facebook.com www.google-analytics.com *.google-analytics.com px.ads.linkedin.com metrics.prowebce.com www.google.com www.google.fr www.googletagmanager.com googletagmanager.com px4.ads.linkedin.com *.g.doubleclick.net *.google.com googleads.g.doubleclick.net ade.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.google.com googleads.g.doubleclick.net mdbootstrap.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' googleoptimize.com www.googleoptimize.com cdn.cookielaw.org googletagmanager.com www.googletagmanager.com get.smart-data-systems.com connect.facebook.net eqy.link stats.webleads-tracker.com www.google-analytics.com snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net *.googleadservices.com mdbootstrap.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self'; report-uri https://prowebce.com/report-uri/enforce 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.aspnetcdn.com *.ajax.googleapis.com maps.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.cookie-script.com *.addthis.com *.addthisedge.com *.ytimg.com *.twitter.com *.msecnd.net *.facebook.net; style-src 'self' 'unsafe-inline' *.fonts.net; 2
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 2
frame-ancestors 'self' https://*.biahosted.com https://*.paymentiq.io https://*.safecharge.com 2
default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.juicer.io *.hijiffy.com *.hotjar.com *.optimonk.com *.pusher.com *.onetrust.com 2
default-src 'self' https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://www.youtube.com/ https://www.google.com https://maps.googleapis.com; script-src * 'self' https://www.ificbank.com.bd https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://polyfill.io https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css https://use.fontawesome.com/ea731dcb6f.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://cdn.datatables.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://unpkg.com/swiper/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com; object-src 'self'; img-src 'self' data: https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://lh3.googleusercontent.com/7KVxxD0HSHA_a1nb3O5xjXyhDojE1lDwdA-f3a5dCZt5351i5cOKnZT_JzIbaBpU6Ds=s180-rw https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com https://cdn.datatables.net; 2
default-src 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'self' blob: 2
script-src 'self' *.googleapis.com *.google-analytics.com *.googlesyndication.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googletagmanager.com *.google.com *.gstatic.com *.igodigital.com *.cloudflare.com *.livehelpnow.net static.hotjar.com *.hotjar.com *.licdn.com *.cookiebot.com *.bazaarvoice.com api.bazaarvoice.com *.gstatic.com *.polyfill.io *.tundrafmp.com *.restaurantessentials.com *.etundra.com *.cenpos.com images.dfsupply.com/tundra/magic360/magic360.js mpsnare.iesnare.com/snare.js secure.wufoo.com/scripts/embed/form.js *.wufoo.com static.wufoo.com/scripts/embed/form.js tag.rmp.rakuten.com/118496.ct.js *.cloudfront.net *.freshrelevance.com connect.facebook.net/en_US/sdk.js  *.googleadservices.com  *.paypal.com *.paypalobjects.com bat.bing.com *.clarity.ms/tag/uet/5000225 *.clarity.ms/s/0.7.8/clarity.js *.clarity.ms/s/0.7.10/clarity.js www.clarity.ms mpsnare.iesnare.com/script/logo.js s.saleswingsapp.com/sw.prod.min.js 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: *.amazonaws.com *.igodigital.com *.linkedin.com *.bazaarvoice.com *.gstatic.com *.livehelpnow.net *.dfsupply.com *.tundrafmp.com *.restaurantessentials.com *.etundra.com; frame-ancestors *.etundra.com *.tundrafmp.com *.restaurantessentials.com 2
frame-ancestors 'self' travel-dealz.de travel-dealz.com forum.travel-dealz.de; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 2
frame-ancestors http://*.nip.io/ 'self' www.miclaroapp.com.co miclaroapp.com.co www.claroaparatiprimero.co claroparatiprimero.co www.apiselfservice.co apiselfservice.co https://servidorclaro-cristianfuentes.c9users.io/ https://www.claro.com.co/ https://miclaroweb-fabricadigital.codeanyapp.com/ sscoqa.tmx-internacional.net www.miclaro.com.co http://aplicaciones.claro.com.co/ http://52.73.130.145/ http://54.82.32.88/; 2
frame-ancestors 'self' https://www.quironsalud.com https://betaweb.quironsalud.es https://international.quironsalud.com https://intranetfjd.idc.local https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.imbanaco.com https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.es https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.es 2
default-src 'self' comic-meteor.jp comic-polaris.jp *.comic-meteor.jp *.comic-polaris.jp flex-comix.jp booklive.jp *.flex-comix.jp *.booklive.jp *.gstatic.com *.google.co.jp *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.media-amazon.com *.googlesyndication.com *.amazon-adsystem.com *.amazon.co.jp *.ssl-images-amazon.com *.google.com *.doubleclick.net *.twitter.com *.fontawesome.com npmcdn.com *.npmcdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' comic-meteor.jp comic-polaris.jp *.comic-meteor.jp *.comic-polaris.jp flex-comix.jp booklive.jp *.flex-comix.jp *.booklive.jp *.gstatic.com *.google.co.jp *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.media-amazon.com *.googlesyndication.com *.amazon-adsystem.com *.amazon.co.jp *.ssl-images-amazon.com *.google.com *.doubleclick.net *.twitter.com *.fontawesome.com npmcdn.com *.npmcdn.com;style-src 'self' 'unsafe-inline' *;img-src * data: blob: ;font-src 'self' *;frame-src 'self' *;connect-src 'self' * 2
frame-ancestors 'self' https://*.visitor.chat 2
default-src 'self'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.gstatic.com https://*.googleusercontent.com https://*.cookielaw.org *.natwestmentor.co.uk *.rbsmentor.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://px.ads.linkedin.com https://*.linkedin.com https://*.facebook.com https://*.reddit.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://*.cookielaw.org https://*.onetrust.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://snap.licdn.com https://*.facebook.net https://www.datadoghq-browser-agent.eu https://*.googlesyndication.com https://*.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.googletagmanager.com; object-src 'none'; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.amazonaws.com https://*.path.co.uk https://*.natwestmentor.co.uk https://*.rbsmentor.co.uk https://*.cookielaw.org https://*.onetrust.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.browser-intake-datadoghq.eu https://cdn.linkedin.oribi.io; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com *.natwestmentor.co.uk *.rbsmentor.co.uk; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com https://view.officeapps.live.com *.natwestmentor.co.uk *.rbsmentor.co.uk https://*.doubleclick.net; worker-src blob:;form-action 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk;manifest-src 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors http://*.viewlift.com 2
frame-ancestors 'self' fc-hosting.de www.fc-hosting.de;frame-src 'self'; font-src 'self';object-src 'self'; script-src 'self' 'sha256-GMowYlwZJ739rUVLO0lnbn7DR10Zr6h62m4lOdvSnIg=' 'sha256-FVNxVFMytptJSxOEQB0In6UwyXSshrZERUJ0DEJjucQ=' 'sha256-ynvkXOjRttaBCfQ6jNvqIFlUhbzyHBIik6oZdCGTYjs=' 'sha256-S8LIDZFTqs+e1vyY4XZVjIT7++hvpZLSNhMAsUxdsnE='; base-uri 'self'; 2
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com wss://*.hotjar.com *.hotjar.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.drmartens.com.au/ *.adobetm.com *.afterpay.com *.cloudfront.net *.demdex.net *.forter.com *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.contentsquare.net *.useinsider.com *.roymorgan.com; style-src 'self' https: 'unsafe-inline' https://www.drmartens.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.useinsider.com developers.google.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com *.usehero.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.criteo.com *.demdex.net *.forter.com *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com bcp.crwdcntrl.net facebook.com *.contentsquare.net *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com wss://cdn0.forter.com api.useinsider.com api.myunidays.com wss://*.hotjar.com *.hotjar.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com *.useinsider.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com wss://*.hotjar.com *.hotjar.com; worker-src 'self' blob: *.accentgra.com *.drmartens.co.nz *.drmartens.com.au; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; connect-src 'self' https: wss://*.hotjar.com wss://*.hotjar.io 2
default-src https: 'unsafe-inline' data:; frame-ancestors 'self' https://web.wysa.io https://staging-web.wysa.io https://dev-web.wysa.io https://dev.bot.touchkin.com https://staging.bot.touchkin.com https://bot.touchkin.com https://bot.wysa.io; 2
default-src 'self'; connect-src 'self' https://www.google-analytics.com/ https://maps.googleapis.com https://tawk.to https://*.tawk.to wss://*.tawk.to ;font-src 'self' https://*.gstatic.com https://*.tawk.to https://static-v.tawk.to ;frame-src 'self' https://*.tawk.to  https://www.google.com ;img-src 'self' https://www.softhost.com.br/sistema/index.php https://www.google-analytics.com/ https://*.jsdelivr.net/emojione/ https://*.tawk.to https://tawk.link https://static-v.tawk.to *.gravatar.com https://www.facebook.com ;media-src 'self' https://*.tawk.to https://static-v.tawk.to ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://*.jsdelivr.net/emojione/ https://ajax.googleapis.com https://www.googletagmanager.com/ https://*.tawk.to https://embed.tawk.to https://oss.maxcdn.com https://connect.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://maps.googleapis.com ;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.jsdelivr.net/emojione/ https://embed.tawk.to ; 2
child-src * 2
font-src 'self' https:; base-uri 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbqofs.io *.gbqofs.com *.google.com *.googletagmanager.com *.googleadservices.com *.evidon.com *.gstatic.com *.youtube.com *.facebook.net *.google-analytics.com *.cloudfront.net *.force.com *.salesforce.com *.salesforceliveagent.com *.sessioncam.com *.doubleclick.net cdn.jsdelivr.net *.cloudflare.com js.adsrvr.org snap.licdn.com t23.intelliad.de *.usabilla.com *.fusepump.com *.adimo.co *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net secure.cavy9soho.com *.amazon-adsystem.com static.ads-twitter.com static.hotjar.com ict.infinity-tracking.net script.crazyegg.com *.brand-display.com *.pricespider.com *.ktxlytics.io *.bazaarvoice.com *.tiles.mapbox.com blob: d6tizftlrpuof.cloudfront.net *.amazonaws.com cdn.hypemarks.com cdn.cookielaw.org unpkg.com apps.nestle.co.uk ndeuprpromotheuseuwesta.z6.web.core.windows.net *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; frame-ancestors 'self'; connect-src 'self' *.gbqofs.io *.gbqofs.com *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.evidon.com *.secure.force.com *.sessioncam.com *.fusepump.com *.amazonaws.com *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net *.ktxlytics.io *.mapbox.com *.pricespider.com d6tizftlrpuof.cloudfront.net *.usabilla.com cdn.linkedin.oribi.io collect.analyze.ly cdn.growthbook.io cdn.cookielaw.org apps.nestle.co.uk *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com api-ikea.pl *.adform.net acdn.adnxs.com secure.adnxs.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.pl *.loyaltypoint.pl owoo86.dashboard.wedare.pl track.omgpl.com *.pinterest.com s.pinimg.com api.pinpiaa.com simplylease.pl contactform-dot-ikea-poland-zoo-prod.appspot.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 2
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.jquery.com *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google.com *.googletagmanager.com *.gstatic.com *.facebook.net *.google-analytics.com dnn506yrbagrg.cloudfront.net *.youtube.com *.ytimg.com *.crazyegg.com *.opinionstage.com *.clarity.ms *.bing.com; connect-src 'self' script.crazyegg.com stats.g.doubleclick.net *.cwp.govt.nz wss://*.inside-graph.com *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google-analytics.com *.google.com *.googletagmanager.com *.optimalworkshop.com *.opinionstage.com *.facebook.com *.clarity.ms; img-src 'self' data: *.google.com *.google.co.nz *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.typekit.net *.doubleclick.net *.gstatic.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.inside-graph.com gtrk.s3.amazonaws.com *.opinionstage.com *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.googleapis.com *.google.com *.opinionstage.com; font-src 'self' data: *.gstatic.com *.typekit.net ; frame-src 'self' *.inside-graph.com *.youtube.com *.doubleclick.net *.google.com *.opinionstage.com *.facebook.com; manifest-src 'self'; frame-ancestors 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; base-uri 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; form-action 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.opinionstage.com *.facebook.com; 2
style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; connect-src * ws: wss:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 2
default-src 'self' *.doubleclick.net *.googlesyndication.com *.twitter.com https://disqus.com https://*.disqus.com https://*.disquscdn.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.osa.org *.disqus.com code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com www.youtube.com blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' *.osa.org *.brightcove.net *.fontawesome.com *.google.com www.google-analytics.com *.brightcove.com *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net *.gstatic.com; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net blob:; object-src 'self' *.googlesyndication.com blob:; frame-src 'self' *.osa.org *.doubleclick.net https://*.youtube.com *.google.com *.disqus.com https://*.kaltura.com https://disqus.com https://*.googlesyndication.com https://*.twitter.com *.brightcove.net 2
image-src 'self'; iframe-src 'self' https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.facebook.com https://connect.facebook.net/ https://twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ http://free.timeanddate.com/ https://www.youtube.com/ http://translate.google.com/ https://translate.googleapis.com/ https://code.jquery.com/ http://code.jquery.com/ http://widget.supercounters.com/ http://www.supercounters.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ http://crypto-js.googlecode.com/ https://translate-pa.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net *.eloqua.com https://js.hs-scripts.com https://js.hs-analytics.net *.en25.com https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://script.crazyegg.com/ https://errors-tracking.crazyegg.com https://tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com *.helpshift.com *.defaqto.com https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk *.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com *.defaqto.com *.wirewax.com https://*.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net 'self' web-chat.nativechat.com; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.mktoresp.com chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.justmotorinsurance.com *.just-motorcycleinsurance.com *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 2
default-src https: 'self';base-uri 'self';object-src 'self';form-action https: 'self';img-src https: 'self' data: blob:;connect-src https: 'self';child-src https: 'self' blob:;frame-src https: 'self' blob:;worker-src https: 'self' blob:;font-src https: 'self' data:;script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:;style-src https: 'self' 'unsafe-inline' 2
base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *.navigator.nl *.kluwer.nl *.my.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.force.com eu2.thunderhead.com eu2.cdn.thunderhead.com login.wolterskluwer.eu login-stg.wolterskluwer.eu ciam.wolterskluwer.eu myprofile.wolterskluwer.eu cdn.wolterskluwer.io cdn.userdatatrust.com service.force.com www.google-analytics.com www.googletagmanager.com cdn.pendo.io cdn.eu.pendo.io data.eu.pendo.io app.eu.pendo.io *.sleeknote.com region1.google-analytics.com www.google.com www.google.nl www.google.pl www.google.hu *.storage.googleapis.com fonts.googleapis.com stats.g.doubleclick.net navigator.kluwer.nl inview.nl www.inview.nl www.navigator.nl; font-src 'self' data: *.wolterskluwer.io fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' data: service.force.com *.salesforce-sites.com *.storage.googleapis.com cdn.wolterskluwer.io cdn.eu.pendo.io 2
frame-ancestors 'self' app.firedrumemailmarketing.com fdsend.com fdhv1.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval' mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com googletagmanager.com google.com google.cz seznam.cz wss: websocket-visitors.smartsupp.com rec.smartlook.com googletagmanager.com heureka.cz imedia.cz data: 2
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-eval' https://validator.swagger.io; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' data: 'unsafe-eval' 2
default-src 'self';connect-src *; child-src *; frame-src *; img-src * data:; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 2
script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' publish-p53544-e423795.adobeaemcloud.com publish-p53544-e423852.adobeaemcloud.com s7.addthis.com j.6sc.co www.googletagmanager.com secure.ship7oven.com z.moatads.com m.addthis.com player.vimeo.com v1.addthisedge.com go.prounlimited.com documentcloud.adobe.com www.google-analytics.com ajax.cloudflare.com www.google.com www.gstatic.com www.googleadservices.com platform.twitter.com munchkin.marketo.net static.ads-twitter.com static.ads-twitter.com snap.licdn.com cdn.jsdelivr.net documentservices.adobe.com static.hotjar.com script.hotjar.com assets.adoberesource.net assets.adoberesources.net 2
default-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br; media-src 'self' *; connect-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mobi.com.br *.sigasuaencomenda.com.br blob: https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://microsoft.github.io https://maps.googleapis.com code.jquery.com https://ssl.google-analytics.com; img-src 'self' blob: *.mobi.com.br *.sigasuaencomenda.com.br https://secure.gravatar.com/avatar/ *.wp.com/ https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net https://streetviewpixels-pa.googleapis.com data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://mobi.com.br https://sigasuaencomenda.com.br https://127.0.0.1:18619 https://www.google.com.br https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://maps.gstatic.com data: *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/; frame-src 'self' https://sigasuaencomenda.com.br/ https://sftp.mobilogistica.com.br:5000 https://sftp.mobilogistica.com.br https://app.powerbi.com blob: *.mobi.com.br *.sigasuaencomenda.com.br https://www.google.com https://maps.google.com https://bid.g.doubleclick.net/; object-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br 2
default-src 'self' https://www.google-analytics.com https://cdn.cookielaw.org https://bam.nr-data.net https://analytics.google.com https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect; font-src 'self' data:; frame-src 'self' http://youtube.com; img-src * data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self' 2
default-src 'self'; connect-src 'self' analytics.google.com *.hubspot.com *.snapengage.com forms.hubspot.com forms.hsforms.com api.hubapi.com stats.g.doubleclick.net in.hotjar.com www.google-analytics.com www.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' *.hubspot.com www.google.com www.gstatic.com www.googletagmanager.com use.typekit.net static.hotjar.com script.hotjar.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net/fb.js js.hsforms.net js.hs-scripts.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.youtube.com www.youtube-nocookie.com browser-update.org commondatastorage.googleapis.com/code.snapengage.com/js/ *.snapengage.com 'sha256-nFCe5uZBSuGJf69pMQRfp3hPNzx1+eso5yVxe8XDF4o=' 'sha256-wcm4BPB4hhn1AUmUek5ZjyqsI3Zrg0AGAcUr8XINH0g=' 'sha256-P7g7x6PKCz6oTx71rQzOPI5l9+gQk35p2HtfFcWuF2Q=' ''sha256-wcm4BPB4hhn1AUmUek5ZjyqsI3Zrg0AGAcUr8XINH0g='' 'sha256-TN9XffNdOttQ/NwIyDzjeAZFRHVWN5GReO1EG1eipJ4=' 'sha256-0oDHnQ3ZklgBFtGDG961Z2JL6+iBCQKGsBGFB9lREWA=' storage.googleapis.com/code.snapengage.com/js/ www.googleapis.com www.snapengage.com/ player.vimeo.com/api/player.js s.adroll.com d.adroll.com newton.newtonsoftware.com recruitingbypaycor.com 'sha256-OeU58bQiDSDNLIw7HbMbpO7mc2JJROIZSExHjmb5fqQ=' 'sha256-z/XnaTm086xqpJ8cSUo/sPcRCQIB5W4qwH/VjRbt498=' 'sha256-TK7VUHQ8HTJ78fTNlslNY5l/rtp/PxzTXoYAjLw2Mrc=' 'sha256-gfMoxVIAP1BJ9/4JY3EA2HKXxtjJRld8Z6O2l9mGctc=' 'sha256-fJNfE2XX99XR3hDeUue9rGYI1RU4XEaN/jedYV89Ozc=' 'sha256-mjvEJL+3119dPBdxlLNInVke44Zrc022wzI7ZCxakKM=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-90mXPEL9e10EmWkdI9nSXAngR4Zoo6OkRaTgmO1peJg=' 'sha256-03XNNmNx/MmW0JdMecaanjuVho/Do1L8Mwd6fT0TrdE=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-4LKkXJEzare8pwn8fXm0CckRS2UQ3t4vDACjJuGseAk=' 'sha256-/NEE3nNa6L2VXMbvZlnGZ40HFhuG/XiiXXX2ETFINmE=' 'sha256-TevvCsBFaAkJKsFvt1lG5h7p/UDmLvOxTveaPTqZrpE=' 'sha256-MCKvVebMO8hN+eBr5s7tdt2jQmZ1+/e0RhLKMQ33VGs=' 'sha256-q05p806vY7RbA7REENnk6iyeU5uEwCE3lR+kNOkdLoQ=' 'sha256-xQ9tNNt8y/F9WPq5bSuWY5MTl8H1nL+S2XOcI4fkQZY=' 'sha256-ME8iqFVcFFUxOE9IcljTa3BqjwmDkl+iBjPJpAgD96M=' 'sha256-XNXGPkziHqQ9GQh2FQA35UROqwL4kjV93wpdS2c8uOI=' 'sha256-EPYEwfJvupPVNF/iwOzS5GWMK70IilwW5QTaUSQkmlY=' 'sha256-DB0gahX8xq4l54iKiFrV/qkwK7r42Rc71jinvU/7Bjw=' 'sha256-rhkOxE1D1bZW/PuCGyy3z2NC8loolQrqdKR9ZFoMNM8=' 'sha256-y24V+foX8w5+XuCTUkC/G/n9/d2n7w6CkWWyPVG6xQo=' 'sha256-kjCxrbMl9xFPdCfZfdFrWfhO9BMoclEjKzdGwdI5S+w=' 'sha256-xSnB1Uq690pARzFp/oUNd0wNsXVz/FVtUUtFv0PQntQ=' 'sha256-EWuDzbvh019ADTsAn4i+V6uwBot6HuHPBtIH3TUlabw=' 'sha256-mp58D5qrhFhS0tSN62n0d1jFcKZQGsgGC3d1Y4LH5FQ=' 'sha256-BKUdKnlbmTemPvgxrg9bOrffzsnGrM1u/3JnGEgMpY4=' 'sha256-hglnLPv+SKRUJo/f6kWeUF18ghtdCg4NSqSDCNqru44=' 'sha256-vTY2p5jnvSteYfsv4QT7Y5RV/g+nceJQxYU3CndQClk=' 'sha256-ALcRKTNGGxJp4g1OybrSoacp+PSg3l8E241A4xecAhM=' 'sha256-gk7ZjIII8qg5N/uDrs/zSYv9gaoG9wkKqPVr8GYAZbM=' 'sha256-5Wz/cNwO+5tT0YvBBQKE+gY4nMeQT9a8Oq1J/Jc+PoQ=' 'sha256-0+5o3PAmAzod7UlJwISyRW5/h+tsgWyu3fuMhsyr3bg=' 'sha256-9LHIkt6vdCmS32NL5LgF9j6oFpxskiv9rlHIx8Knomg=' 'sha256-/vJIHUIUDk7JHyJuhvahk+9clhS4de1W8uUf06JU29Q=' 'sha256-BLZ0UZBZ7uDDVrh/KWwMPYhbHek7rsF7fBlfwcFcB7I=' 'sha256-lIjUSAHqfdpFiSNmGZ1ieWjmRqmjstWEJOYezCW+HWg=' 'sha256-7EbQmLksnVAuUhW/8latlRYh/4TCSVVQOSPD9lXwjYY=' 'sha256-QFA9Ao+FQzWXIj4b2/4sA/AHp2XC6AwA0XRtEev51C0=' 'sha256-3K+FXNNrJCg5paM9HIg6yPPFNu3xAxupBce4QTB1qus=' 'sha256-I4W/f+5oYG8PiG7g6hrlu0DRmkKwpkTGIljZGhgnjAg=' 'sha256-TSnXjV15noXy8YpPz7dXXKql877SbEVMNedyKncrzK0=' 'sha256-kdDotZealiX7/ouzmFFCHdVz+zr6TUgT6KukJLFjmNE=' 'sha256-dXWxTWQp8PXradXfzmme/09Hn9Up9AL53Lx7KgTP/xY=' 'sha256-0udymYiO1s5XIvODdo+qYJ1aRMOSoRiUh3fQtVNe+Ak=' 'sha256-aHSENrY9jn3jpv79enkSAR7PrxjRlU7ELDmtBvH75Jg=' 'sha256-F6ahYekKwmnSLY3AfNrEUHOSdS5tYgRupNXWIJY1ZoU=' 'sha256-2d0PwGP/Ifr1zbjYIfnHXY4MIToz/0q5/z4kTdSKqOM=' 'sha256-ZJkINw2cD+VJLmDQki3ZcDHd+J/DXd9NZLVnxY2U6Vs=' 'sha256-RVv3Ku/cMcTOQWyRpwNpPFdCZ+paGon2VWttEZakntg='; media-src 'self' www.snapengage.com/; img-src * data:; font-src 'self' data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com/font-awesome/; frame-src 'self' softpro.screenconnect.com player.vimeo.com www.facebook.com vars.hotjar.com www.snapengage.com googleads.g.doubleclick.net www.google.com www.youtube.com www.youtube-nocookie.com newton.newtonsoftware.com recruitingbypaycor.com forms.hsforms.com; 2
connect-src https://unique-dialect-319704--staging-g1a4tm40.web.app/* https://cdn.growthbook.io https://api.getrewardful.com https://firebaseinstallations.googleapis.com https://script.crazyegg.com https://firebase.googleapis.com https://www.google-analytics.com/ https://api.stripe.com https://maps.googleapis.com https://api.paraphrase.app/ https://staging-api.paraphrasingtool.io/ 'self' blob: 2
policy-uri /'none' 2
default-src 'self'; font-src 'self' fonts.gstatic.com use.typekit.net data:; script-src 'self' *.scene7.com cse.google.com *.google-analytics.com *.googletagmanager.com www.google.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net fonts.googleapis.com fonts.gstatic.com player.vimeo.com f.vimeocdn.com i.vimeocdn.com snap.licdn.com use.typekit.net vjs.zencdn.net *.cloudfront.net *.amazonaws.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.zimvie.com *.scene7.com zimvie.sc.omtrdc.net *.google-analytics.com *.googletagmanager.com clients1.google.com www.google.com www.googleapis.com *.gstatic.com cse.google.com cdn.cookielaw.org i.vimeocdn.com www.facebook.com *.linkedin.com dev.day.com; style-src 'self' www.google.com fonts.googleapis.com p.typekit.net use.typekit.net f.vimeocdn.com 'unsafe-inline'; connect-src 'self' *.googleapis.com *.google-analytics.com analytics.google.com *.googletagmanager.com csp.withgoogle.com cdn.cookielaw.org *.onetrust.com zimmerinc.tt.omtrdc.net *.doubleclick.net player.vimeo.com app.e2ma.net dpm.demdex.net cdn.linkedin.oribi.io; frame-src *.e2ma.net cse.google.com player.vimeo.com www.facebook.com zimmerinc.demdex.net; frame-ancestors 'self' zimvie.tdicompliancecloud.com; worker-src 'self' blob:; child-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' use.fontawesome.com netdna.bootstrapcdn.com www.chatbase.co cdn.jsdelivr.net *.mauve.work *.google-analytics.com www.googletagmanager.com unpkg.com; img-src https://* data: *.mauve.work; font-src 'self' netdna.bootstrapcdn.com use.fontawesome.com data:; script-src 'self' 'unsafe-inline' platform.twitter.com www.privacypolicies.com www.chatbase.co consent.comply-app.com privacy-policy-sync.comply-app.com ajax.googleapis.com data: www.google-analytics.com www.googletagmanager.com cdn.ckeditor.com unpkg.com www.google.com www.gstatic.com cdn.jsdelivr.net 'unsafe-eval'; child-src 'none'; frame-src 'self' *.twitter.com www.google.com outlook.office365.com www.youtube-nocookie.com www.youtube.com www.chatbase.co *.spotify.com forms.office.com; worker-src blob:; connect-src 'self' api.comply-app.com www.google-analytics.com www.chatbase.co; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 2
frame-ancestors https://*.ariba.com https://*.jaggaer.com https://*.onninen.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.addtoany.com  https://*.ads-twitter.com https://*.adsymptotic.com  https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.buzzsprout.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.fullstory.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com  https://*.gravatar.com https://*.gravityforms.com  https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.imagify.io https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://*.netdna-ssl.com https://*.newrelic.com https://*.pardot.com https://*.paypalobjects.com https://*.ravenjs.com https://*.sharethis.com https://*.soundcloud.com  https://*.tablepress.org https://*.tablepress.org https://*.tandf.co.uk https://*.tandfonline.com  https://*.taylorandfrancis.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.yoast.com https://*.youku.com https://*.youtube.com https://*.yumpu.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://imagify.io https://placehold.it https://t.co https://tandfapi.co.uk https://wpengine.com https://wpmudev.com https://yoast.com https://*.thinglink.com https://*.thinglink.me https://servedbyadbutler.com https://bioethicstoday.org 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; 2
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.hitachivantara.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com players.brightcove.net  *.cloudfront.net tags.tiqcdn.com *.hds.com; img-src https: data: blob: *; object-src 'self'  ; script-src-elem https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; frame-src 'self'  interactive.esg-global.com  ws-assets.zoominfo.com *.zoominfo.com *.gartner.com *.hitachivantara.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com *.greenhouse.io *.google.com *.gstatic.com *.facebook.com *.hitachivantara.com *.dacast.com  hitachi.demdex.net  pages.hitachivantara.com *.hitachinext.com *.g.doubleclick.net *.amazonaws.com *.doubleclick.net *.company-target.com  *.ceros.com ibc-flow.techtarget.com  hdscorp.my.salesforce.com *.adsrvr.org *.rlcdn.com *.hotjar.com *.brightcove.net *.mathtag.com *.brighttalk.com *.tiqcdn.com *.tealiumiq.com *.sc.omtrdc.net *.youtube.com; worker-src 'self' blob: *.hitachinext.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com ; media-src 'self' blob: *.hitachinext.com *.adobeaemcloud.com  *.agora.io  *.edge.agora.io *.sd-rtn.com *.edge.sd-rtn.com author-p120002-e1240831.adobeaemcloud.com  author-p120002-e1162760.adobeaemcloud.com  author-p120002-e1162814.adobeaemcloud.com  author-p120002-e1162813.adobeaemcloud.com https: wss:; font-src 'self' data: *; 2
default-src 'self' *.semikron.com *.semikron-danfoss.com *.localhost.com *.semikron.local *.semikron-danfoss.local *.local *.mm-rh3.net *.etracker.de *.cookielaw.org stats.g.doubleclick.net *.google-analytics.com data:; style-src 'self' 'unsafe-inline' *.semikron.com *.semikron-danfoss.com *.semikron.local *.semikron-danfoss.local *.mm-rh3.net *.mellowdomain.biz *.localhost.com *.local *.googleapis.com *.google.com; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de *.fontdeck.com *.localhost.com *.local *.semikron.com *.semikron-danfoss.com *.semikron.local *.semikron-danfoss.local *.mm-rh3.net *.mellowdomain.biz *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.cookielaw.org; font-src 'self' *.local *.localhost.com *.semikron.local *.semikron-danfoss.local *.semikron.com *.semikron-danfoss.com *.mm-rh3.net *.mellowdomain.biz *.fontdeck.com *.gstatic.com tagmanager.google.com  data:; frame-src *.youtube.com *.youtube-nocookie.com *.youku.com *.semikron.com *.semikron-danfoss.com semikron.com semikron-danfoss.com *.semikron.local  *.semikron-danfoss.local *.mm-rh3.net *.mellowdomain.biz *.doubleclick.net *.cookielaw.org  https://s3.amazonaws.com; child-src *.youtube.com *.youtube-nocookie.com *.youku.com *.semikron.com *.semikron-danfoss.com *.semikron.local *.semikron-danfoss.local *.mm-rh3.net *.mellowdomain.biz *.doubleclick.net *.cookielaw.org https://s3.amazonaws.com 2
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self' ; base-uri 'self'; 2
frame-ancestors 'self' meinwerbetechniker.de *.meinwerbetechniker.de 2
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: assets-cdn.skynetworkcdn.com *.stackpathstorage.com; object-src 'self' https:; script-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline' assets-cdn.skynetworkcdn.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline'; media-src 'self' https: blob: 2
frame-ancestors 'self' www.google.com; 2
default-src 'self' https://*.crazyegg.com; connect-src https://www.facturadorelectronico.com/js/banners.json https://www.facturadorelectronico.com/js/planes.json https://www.facturadorelectronico.com/js/coments.json https://www.facturadorelectronico.com/landing/assets/js/coments.json https://admin-api.facturador.com https://asociados-api.facturador.com https://oc-cdn-ocprod.azureedge.net https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com *.google-analytics.com *.analytics.google.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com/ https://enviarcorreosventacontabilidad.azurewebsites.net https://*.crazyegg.com https://*.google.com https://google.com https://*.google.com.mx; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; frame-src 'self' https://oc-cdn-ocprod.azureedge.net https://www.google.com https://www.youtube.com https://www.facebook.com https://*.doubleclick.net; img-src 'self' https://analytics.google.com *.google-analytics.com *.analytics.google.com https://v2.zopim.com https://*.crazyegg.com data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://oc-cdn-ocprod.azureedge.net https://analytics.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org https://connect.facebook.net https://v2.zopim.com https://static.zdassets.com https://*.crazyegg.com blob: https://*.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://oc-cdn-ocprod.azureedge.net https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://*.crazyegg.com; frame-ancestors 'self'; 2
upgrade-insecure-requests; report-uri https://achtzig20.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/ https://app.five9.com/; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app.five9.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://edge.marker.io/latest/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
frame-ancestors  'self' https://testdk.game.daum.net https://dk.game.daum.net https://game.daum.net http://fishinghero.game.picaon.com http://nativex.game.picaon.com http://pristontale.hangame.com https://ace.game.naver.com 2
script-src data: http: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' https://apim.istudio.store/ *.kasikornbank.com api.useinsider.com partnername.api.useinsider.com *.facebook.com; style-src data: blob: https: 'unsafe-eval' 'unsafe-inline' 'self' https://apim.istudio.store/ *.kasikornbank.com api.useinsider.com partnername.api.useinsider.com; img-src data: http: https: 'unsafe-eval' 'unsafe-inline' 'self' *.kasikornbank.com api.useinsider.com partnername.api.useinsider.com; font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com partnername.api.useinsider.com; connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com partnername.api.useinsider.com; object-src 'none'; base-uri 'none'; child-src 'self'; frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.kasikornbank.com *.facebook.com *.forms.app *.priceza.com *.line.me api.useinsider.com partnername.api.useinsider.com; frame-ancestors 'self' https://api.useinsider.com/ 2
default-src 'self' https://imperialroadsafety.bastionstudio.co.za https://p.typekit.net https://use.typekit.net https://ton.twimg.com https://pbs.twimg.com https://www.overend.co.za https://vod.overendstudio.co.za https://fonts.googleapis.com https://fonts.gstatic.com http://vod.overendstudio.co.za https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.za https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://consent.cookiebot.com/; img-src * data: about:;frame-src 'self' https://imperialroadsafety.bastionstudio.co.za https://irhosted.profiledata.co.za https://consentcdn.cookiebot.com/ https://fonts.gstatic.com https://fonts.googleapis.com https://twitter.com https://platform.twitter.com/ https://www.twitter.com https://www.facebook.com https://9954673.fls.doubleclick.net https://maps.google.com https://www.google.com https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://platform.twitter.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://imperialroadsafety.bastionstudio.co.za https://use.typekit.net https://code.createjs.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://cdn.syndication.twimg.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://9954673.fls.doubleclick.net http://code.jquery.com https://code.highcharts.com https://abs.twimg.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://imperialroadsafety.bastionstudio.co.za https://fonts.googleapis.com/ https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://consent.cookiebot.com; 2
default-src 'self' https://www.google.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk wss://*.tawk.to https://asset.gomoxie.solutions https://location.uk.gomoxie.solutions https://hn.inspectlet.com wss://ws.inspectlet.com https://*.typekit.net https://app.powerbi.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://events-love2shopdigital.uk.gomoxie.solutions https://parkretail.ehosts.net https://connector-love2shoprewards.uk.gomoxie.solutions https://*.uk.gomoxie.solutions https://ka-f.fontawesome.com https://cdn.jsdelivr.net https://www.be2b.co.uk; frame-src 'self' https://*.google.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://*.simplythankyou.co.uk http://*.simplythankyou.co.uk wss://*.tawk.to https://asset.gomoxie.solutions https://hn.inspectlet.com wss://ws.inspectlet.com https://*.typekit.net https://app.powerbi.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://events-love2shopdigital.uk.gomoxie.solutions https://parkretail.ehosts.net https://parkretailsurvey.ehosts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com https://storage.googleapis.com https://*.pcapredict.com https://services.postcodeanywhere.co.uk https://www.snapengage.com https://asset.gomoxie.solutions https://*.hotjar.com https://cdn.plot.ly https://embed.tawk.to https://cdn.inspectlet.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://d3js.org/d3.v3.min.js https://www.googletagmanager.com https://www.clarity.ms https://m.clarity.ms https://unpkg.com/ https://kit.fontawesome.com https://ajax.cloudflare.com https://platform-api.sharethis.com https://l.sharethis.com https://buttons-config.sharethis.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.tawk.to https://asset.gomoxie.solutions https://cdn.rawgit.com https://*.typekit.net https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://www.onecode.co.uk http://www.onecode.co.uk http://www.love2shoprewards.co.uk https://unpkg.com/ https://cdn.jsdelivr.net; img-src 'self' data: https://ssl.google-analytics.com https://www.google-analytics.com https://fonts.gstatic.com https://www.snapengage.com https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://www.love2shoprewards.co.uk https://hn.inspectlet.com https://services.postcodeanywhere.co.uk https://www.love2shoprewards.co.uk http://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://media.4rgos.it https://api.iconify.design https://www.simplythankyou-corporate.com https://insiem.co.uk https://www.cramptonandmoore.co.uk https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://embed.tawk.to https://www.appliancesdirect.co.uk https://furniture123.co.uk https://www.laptopsdirect.co.uk https://www.aircondirect.co.uk https://www.serversdirect.co.uk https://www.betterbathrooms.com https://c.clarity.ms https://c.bing.com https://stats.g.doubleclick.net https://*.google.com https://*.google.co.uk https://sty-corporate.fra1.cdn.digitaloceanspaces.com https://sty-corporate.fra1.digitaloceanspaces.com https://perscent.imgix.net https://platform-cdn.sharethis.com https://brain-images-ssl.cdn.dixons.com https://www.be2b.co.uk https://be2b.co.uk https://www.googletagmanager.com; media-src 'self' https://www.simplythankyou-corporate.com https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://*.tawk.to https://evolveuk-media.s3.eu-west-2.amazonaws.com https://www.love2shoprewards.co.uk http://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://asset.gomoxie.solutions https://sty-corporate.fra1.cdn.digitaloceanspaces.com; connect-src 'self' https://asset.gomoxie.solutions https://*.uk.gomoxie.solutions https://connector-love2shoprewards.uk.gomoxie.solutions https://client.simplythankyou.co.uk https://admin.simplythankyou-corporate.com https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://www.love2shoprewards.co.uk https://www.love2shopdigital.co.uk https://love2shoprewards.co.uk https://love2shopdigital.co.uk https://in.hotjar.com/ https://vc.hotjar.com/ https://services.postcodeanywhere.co.uk https://*.static-v.tawk.to wss://*.tawk.to https://c.clarity.ms https://www.clarity.ms https://*.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://m.clarity.ms https://zerobounce1.p.rapidapi.com https://api.zerobounce.net https://ka-f.fontawesome.com https://l.sharethis.com https://region1.anaLytics.google.com https://data.stbuttons.click 2
script-src 'unsafe-inline' 'self' fonts.googleapis.com www.google.com www.gstatic.com recaptcha.msgapp.com cdn.ampproject.org www.google-analytics.com braintree-api.com sandbox.braintree-api.com client-analytics.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.sandbox.braintreegateway.com sandbox.braintreegateway.com gstatic.sandbox.braintreegateway.com payments.sandbox.braintree-api.com www.braintreegateway.com gstatic.braintreegateway.com payments.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com js.braintreegateway.com marketing.suzohapp.com stats.g.doubleclick.net maps.googleapis.com maps.google.com ajax.googleapis.com mts1.googleapis.com www.kota3chat.com; frame-ancestors 'self' http://*.suzohapp.com https://*.suzohapp.com http://*.happcontrols.com https://*.happcontrols.com 2
worker-src 'self' blob:; 2
frame-ancestors 'self' http://*.letsdeal.com https://*.letsdeal.com 2
default-src 'self'; script-src 'self' https://*.involve.me https://app.mailjet.com https://hcaptcha.com https://*.hcaptcha.com *.amazonaws.com calendar.google.com *.edoobox.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google-analytics.com https://region1.analytics.google.com; font-src 'self'; frame-src 'self' https://*.involve.me https://hcaptcha.com https://*.hcaptcha.com clvr.ch outlook.office365.com calendar.google.com *.edoobox.com www.gotostage.com tools.untis.at youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com my.walls.io www.ait.ac.at untis.apcloud.one *.mailjet.com https://email-marketing.ionos.de https://e.issuu.com; img-src 'self' *.amazonaws.com https://www.youtube.com https://www.googletagmanager.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.at data: https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; 2
frame-ancestors https://*.smartrecruiters.com 2
img-src * blob: data:; 2
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self' 2
media-src *; img-src * data:; 2
style-src 'unsafe-inline' 'self' https://*.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com https://*.plyr.io https://*.quantserve.com https://*.demdex.net https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.evidon.com https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.quantserve.com https://rules.quantcount.com https://*.plyr.io https://www.redditstatic.com https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com blob:; default-src 'self' https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.plyr.io https://*.quantserve.com https://*.fontawesome.com https://*.evidon.com https://*.rlcdn.com https://*.reddit.com https://*.ads-twitter.com tdameritradenetwork.com https://bat.bing.com https://*.schwab.com blob: data:; 2
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com ; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com; object-src 'none'; upgrade-insecure-requests; 2
default-src https: 'self'; connect-src 'self' https://dock.ui.bosch.tech https://region1.google-analytics.com https://www.google-analytics.com https://svrdntfctn.com https://api.friendlycaptcha.com; font-src 'self' data: ; frame-src 'self' https://scnem.com https://www.youtube-nocookie.com https://www.buzzsprout.com https://td.doubleclick.net; img-src 'self' https://www.kununu.com https://www.glassdoor.ie https://region1.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net data: ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.buzzsprout.com https://www.googletagmanager.com https://dock.ui.bosch.tech https://www.google-analytics.com https://svrdntfctn.com https://cdn.jsdelivr.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' data: fast.fonts.net; frame-ancestors 'self'; report-uri /csp_.php; worker-src 'self' blob: ; 2
default-src https: data: 'unsafe-hashes' 'unsafe-inline'; form-action https: 'self'; upgrade-insecure-requests 2
base-uri 'self';block-all-mixed-content; frame-ancestors 'self';worker-src 'none' 2
default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 2
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 2
frame-ancestors cms-app.dagacube.net 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' analytics.google.com www.google-analytics.com stats.g.doubleclick.net jobs.htcinc.com; img-src 'self' data: *; font-src 'self' data: *; object-src 'self'; media-src 'self'; child-src 'self'; frame-src 'self' www.google.com www.recaptcha.net securityscorecard.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; form-action 'self'; frame-ancestors 'self'; 2
default-src 'self'; frame-ancestors https://*.greenwheels.com ; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 2
default-src 'self' https://db-engineering-consulting.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com https://assets.bahn-x.de https://app.usercentrics.eu https://dbwas.service.deutschebahn.com https://www.youtube.com; img-src 'self' https://db-engineering-consulting.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://db-eco.com https://privacy-proxy-server.usercentrics.eu https://i.ytimg.com https://secure.gravatar.com data:; style-src 'self' 'unsafe-inline'; connect-src https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://graphql.usercentrics.eu https://consent-layer.analytics.bahn-x.de https://dbwas.service.deutschebahn.com https://csp.bahn-x.de https://aggregator.service.usercentrics.eu https://db-engineering-consulting.com https://db-eco.com https://yoast.com; font-src 'self' data:; object-src 'none'; frame-ancestors 'self'; frame-src https://www.youtube-nocookie.com/ 2
default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ; 2
default-src https: data: 'unsafe-inline'; script-src https: data: 'unsafe-inline'; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data:; connect-src https:; media-src https:; object-src https:; child-src https:; frame-src https:; worker-src https:; manifest-src https:; prefetch-src https:; frame-ancestors https://fampay.in https://*.fampay.in https://www.famapp.in https://*.famapp.in; base-uri https://fampay.in https://*.fampay.in https://www.famapp.in https://*.famapp.in; form-action https://fampay.in https://*.fampay.in https://www.famapp.in https://*.famapp.in; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.bulgarianproperties.bg https://*.bulgarianproperties.com https://*.bulgarianproperties.ru; object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com play.google.com youtube.com *.instagram.com *.gstatic.com ytimg.com maps.googleapis.com apis.google.com cdninstagram.com instagram.com google.com platform.twitter.com *.istaging.com *.bulgarianproperties.com *.bulgarianproperties.com.ua *.bulgarianproperties.bg *.bulgarianproperties.ru fonts.gstatic.com static.bulgarianproperties.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com connect.facebook.net googleads.g.doubleclick.net www.facebook.com img.youtube.com googlevideo.com www.youtube-nocookie.com www.youtube.com googleads.g.doubleclick.net 2
frame-ancestors 'self' https://st-martin-kub.crono.travel 2
'self' https://www.indiabullshomeloans.com/ 2
frame-ancestors 'self'; object-src 'none'; form-action 'self' 2
frame-ancestors 'self' https://*.izvratfilm.com https://google.com https://google.ru https://google.com.ua https://webcache.googleusercontent.com https://go.mail.ru https://www.bing.com http://cc.bingj.com; 2
default-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net; script-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.salesforceliveagent.com c.la4-c2-dfw.salesforceliveagent.com c.la1-c1-ord.salesforceliveagent.com *.facebook.net *.doubleclick.net 'unsafe-inline'; style-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org; font-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.hsforms.com *.doubleclick.net; object-src 'none' 2
default-src https: data: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 2
font-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com; img-src 'self' https://*.patton.io http://*.w3.org https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net https://*.slack-edge.com https://img.youtube.com data:; media-src 'self' https://*.patton.io https://notificationsounds.com data:; script-src 'self' https://*.patton.io https://www.google.com https://*.gstatic.com https://*.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.patton.io https://*.google.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net http://*.w3.org https://*.slack-edge.com https://notificationsounds.com wss:; frame-src 'self' https://*.patton.io https://*.google.com https://www.youtube.com; default-src 'self' https://*.patton.io 2
frame-ancestors https://touchscreens.mitsishotels.com https://mitsis365.sharepoint.com 2
default-src * https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://*.gstatic.com https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://obchod.eset.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 2
frame-ancestors 'self' https://web.sorunapp.com/ 2
default-src 'self' *.smartbox.com *.bongo.be *.bongo.nl *.emozione3.it *.lavidaesbella.es *.dakotabox.es *.dakotabox.fr *.cadeaubox.be *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net t.contentsquare.net app.contentsquare.com static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io sts.comp.eu blob: sts.ccmp.eu s.kk-resources.com px.ads.linkedin.com xd.wayin.com u360.d-bi.fr demob2c.wbe.travel c7.dycdn.net *.cloudfront.net am.freshrelevance.com c.contentsquare.net cm.everesttech.net smartbox.demdex.net img-statics.com get.smart-data-systems.com stats.webleads-tracker.com precart-js.s3-website-eu-west-1.amazonaws.com sp.analytics.yahoo.com eqy.link track.adform.net s.yimg.com s2.adform.net ws: wss: cdn.wisepops.com loader.wisepops.com popup.wisepops.com tracking.wisepops.com pixel.bsmartdata.com creativecdn.com payments-de-sandbox.amazon.com *.outbrain.com widget.trustpilot.com sc-static.net tr.snapchat.com cdn.jsdelivr.net ga-demographics-into-adobe.ew.r.appspot.com smartbox-france.my.join-stories.com www.link-page.info *.criteo.com exchange.mediavine.com sync-t1.taboola.com criteo-sync.teads.tv visitor.omnitagjs.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com tags.creativecdn.com ams.creativecdn.com fledge-eu.creativecdn.com images.unsplash.com unsplash.com fonts.join-stories.com images.join-stories.com videos.join-stories.com api.stories.studio *.my.join-stories.com s3.eu-west-3.amazonaws.com s.pinimg.com signals.aimtell.com content.wbeapi.com *.adn.cloud static.ada.support rollout.ada.support smartbox.ada.support cdn.linkedin.oribi.io s.wayin.com unpkg.com stats.g.doubleclick.net k-aeul.contentsquare.net c.contentsquare.net wss://am.freshrelevance.com region1.google-analytics.com measurement-api.criteo.com td.doubleclick.net analytics.tiktok.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; img-src https: data: ; worker-src blob: https: ; connect-src https: wss: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cloudflare.com https://unpkg.com *.unpkg.com *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.vimeo.com *.onetrust.com *.newrelic.com *.nr-data.net *.hotjar.com *.jsdelivr.net *.pingdom.net *.klastaf.com *.cqc.org.uk *.carehome.co.uk *.facebook.com *.facebook.net *.gtranslate.net; object-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.googleapis.com *.jsdelivr.net *.cloudflare.com *.hotjar.com *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.gtranslate.net; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.co.uk *.google.com *.google.de *.google.com.mx *.doubleclick.net *.onetrust.com *.jsdelivr.net *.hotjar.com *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.gtranslate.net; media-src 'self'; frame-src 'self' *.vimeo.com *.youtube.com *.hotjar.com *.google.com *.google.co.uk *.doubleclick.net *.matterport.com *.gstatic.com *.facebook.com https://tour.vieweet.com https://after-image.co.uk https://app.cloudpano.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.gstatic.com *.hotjar.com *.gtranslate.net; connect-src 'self' *.nr-data.net *.googleapis.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.co.uk *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.onetrust.com *.onetrust.io *.pingdom.net *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.facebook.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' https://client.closd.com 2
frame-ancestors 'self'                     https://tijdelijk.rvr.org          https://www.ouders-uit-elkaar.nl          https://ouders-uit-elkaar.nl          https://www.rvr.org          https://rvr.org          https://redactie.rvr.org          https://www.raadvoorrechtsbijstand.org          https://www.bureauwsnp.nl        https://www.bureauwbtv.nl       https://rechtwijzer.nl        https://www.rechtwijzer.nl        https://www.rechtsbijstand.nl        https://rechtsbijstand.nl         https://rvr.iprox.nl         https://redactie-rvr.iprox.nl 2
frame-ancestors 'self' https://*.tennislegend.fr;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.clarity.ms *.cloudflare.com *.cookielaw.org *.doubleclick.net *.early-birds.fr *.facebook.com *.facebook.net *.geoplugin.net *.google-analytics.com *.google.com *.google.fr *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.sendinblue.com *.trustedshops.com *.luckycart.com *.pcapredict.com sibautomation.com 2
frame-ancestors 'self' https://*.compilator.com; 2
frame-ancestors 'self';; upgrade-insecure-requests 2
default-src 'self'; connect-src 'self' https://www.cnt.com.ec https://cnt.com.ec http://localhost:3000 http://localhost:8000 http://localhost:8081 https://sheetdb.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.net https://*.clarity.ms; media-src 'self'; object-src 'none'; font-src 'self' https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://www.youtube.com https://*.hotjar.com/ https://*.hotjar.io/ https://www.googletagmanager.com https://www.google.com/recaptcha/ https://*.youtube-nocookie.com https://hey.isbel.com.uy:8312/; img-src 'self' data: https://www.cnt.com.ec https://cnt.com.ec https://cnt-media.boxqos.com https://www.google-analytics.com https://script.hotjar.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://px.ads.linkedin.com/ https://*.adsymptotic.com/ https://cnt-cdn-test.nyc3.cdn.digitaloceanspaces.com https://c.clarity.ms/; script-src 'sha256-IXB8ExWOg8veJRoBlRXhn9oAm01/gkUa5kPnqn0xrVo=' 'self' 'sha256-1rbDzM8rknJRvmqAwOz0VTE+V9sYBI3N6l2LPiNh2Tw=' https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cnt-media.boxqos.com https://snap.licdn.com/ https://hey.isbel.com.uy:8312/ https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://hey.isbel.com.uy:8312/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get.mycounter.ua https://*.googletagmanager.com https://*.google-analytics.com ; img-src * data: ; style-src 'self' 'unsafe-inline'; frame-src 'self'  https://maps.google.com https://www.google.com https://pretchernet.speedtestcustom.com; connect-src 'self' https://www.google-analytics.com ; 2
frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.corpinter.net https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com  https://cdn.jsdelivr.net https://*.mb-lounge.com  https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com  https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net https://*.akstat.io data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 2
form-action 'self' www.facebook.com; frame-src 'self' swisslife.demdex.net europace.nc.econ-application.de player.podigee-cdn.net www.youtube-nocookie.com www.facebook.com; 2
frame-ancestors self https://api.cftbeyzkhd-whirlpool2-p1-public.model-t.cc.commerce.ondemand.com:443  https://api-hybris-cprod.whirlpool.com:443  https://whirlpoolportal.com:443 https://www.whirlpoolportal.com:443 https://whirlpoolportal.ca:443 https://www.whirlpoolportal.ca:443 https://partsales.whirlpoolcorp.com:443 https://serviceparts.whirlpoolcorp.com:443 2
default-src 'self' https: http:; media-src 'self' https: http: 'unsafe-eval' 'unsafe-inline' data: mediastream: blob:; img-src 'self' https: http: data:; font-src 'self' https: data:; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src 'self' https: 'unsafe-inline' 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' *.motionpoint.com https://www.ncl.com 2
default-src https:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' * data:; style-src https: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.youtube.com *.gstatic.com cdn.jsdelivr.net *.pageuppeople.com *.recaptcha.net snap.licdn.com connect.facebook.net *.newrelic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.youtube.com *.googletagmanager.com *.vimeocdn.com *.ytimg.com www.facebook.com px.ads.linkedin.com www.linkedin.com; media-src 'self'; frame-src 'self' youtube.com *.youtube.com *.vimeo.com *.google.com *.recaptcha.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data: *.typekit.net; connect-src 'self' *.google-analytics.com *.googleapis.com px.ads.linkedin.com *.nr-data.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' https://*.pdichile.cl https://pdichile.cl/*; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://code.jquery.com/jquery-3.6.0.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://www.google-analytics.com *.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.pdichile.cl https://pdichile.cl web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com/; frame-src 'self' https://www.youtube.com/ https://cdn.knightlab.com/ https://roundme.com/ https://h5.veer.tv/ https://open.spotify.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 2
default-src 'self' *.posti.fi *.googlesyndication.com; style-src 'unsafe-inline' 'self' *.posti.fi optimize.google.com tagmanager.google.com fonts.googleapis.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.salesforce.com *.euc-freshbots.ai; font-src 'self' data: *.posti.fi *.hotjar.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.sfdcstatic.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.posti.fi cdn.ampproject.org *.doubleclick.net https://www.googleoptimize.com/ adservice.google.fi adservice.google.com optimize.google.com *.usemessages.com *.adform.net *.leadoo.com analytics.tiktok.com forms.hsforms.com *.hsforms.net *.hubspot.com *.hscollectedforms.net *.hs-banner.com js-agent.newrelic.com bam.eu01.nr-data.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net sb.scorecardresearch.com connect.facebook.net www.googletagservices.com *.typeform.com *.krxd.net *.force.com posti.my.salesforce-sites.com posti.my.site.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.hotjar.com maps.googleapis.com locationservice.posti.com/location *.my.salesforce.com *.salesforceliveagent.com *.declaration.postinext.fi *.lfeeder.com *.euc-freshbots.ai *.declaration.posticloud.fi *.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi ajax.googleapis.com *.googlesyndication.com www.googleadservices.com cdnjs.cloudflare.com www.google.com *.licdn.com code.jquery.com *.hsadspixel.net api.hubapi.com www.gstatic.com https://videobot.com; frame-src optimize.google.com *.adform.net *.typeform.com *.krxd.net app.hubspot.com www.googletagmanager.com www.googletagservices.com forms.hsforms.com *.googlesyndication.com *.hotjar.com *.posti.fi www.facebook.com www.youtube.com *.force.com posti.my.salesforce-sites.com posti.my.site.com *.salesforce.com *.onetrust.mgr.consensu.org *.leadoo.com client.myzef.com www.google.com postidigital.github.io jakelu.posti.fi *.doubleclick.net; child-src 'self' *.hotjar.com https://videobot.com; img-src 'self' blob: data: *.posti.fi *.adform.net optimize.google.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.krxd.net *.force.com posti.my.salesforce-sites.com posti.my.site.com www.facebook.com www.googletagmanager.com sb.scorecardresearch.com *.hubspot.net *.hubspot.com maps.googleapis.com ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.fi www.google.com www.netposti.fi *.doubleclick.net *.hotjar.com *.ctfassets.net maps.gstatic.com *.lfeeder.com *.freshbots.ai *.euc-freshbots.ai *.cookielaw.org *.onetrust.com code.jquery.com *.postinext.fi *.linkedin.com dmp.adform.net www.googleadservices.com *.adsymptotic.com cdn.posti.fi analytics.tiktok.com https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; connect-src 'self' *.posti.fi adservice.google.fi adservice.google.com optimize.google.com maps.googleapis.com bam.eu01.nr-data.net *.salesforceliveagent.com vc.hotjar.io api.posti.com *.api.posti.com *.api.posti.fi *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hubapi.com vbvavibkgkermrl.form.io *.google-analytics.com www.google-analytics.com *.doubleclick.net *.force.com posti.my.salesforce-sites.com posti.my.site.com locationservice.posti.com *.leadoo.com analytics.tiktok.com *.hotjar.io *.hotjar.com wss://*.hotjar.com picc.posti.fi:* picc8.posti.fi:* *.form.io www.facebook.com *.declaration.postinext.fi *.declaration.posticloud.fi *.euc-freshbots.ai *.pusher.com wss://*.pusher.com prd.graphql.posticloud.fi/graphql *.cookielaw.org *.onetrust.com *.postinext.fi *.googlesyndication.com *.execute-api.eu-west-1.amazonaws.com www.google.com forms.hsforms.com https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; media-src 'self' blob: *.ctfassets.net https://customer-rcv5hn1o7pwty4ce.cloudflarestream.com; frame-ancestors 'self' apps.itella.com salesfra.me *.posti.fi *.posticloud.fi itella.ee; object-src 'none'; 2
default-src 'none'; script-src https://cdn.matomo.cloud https://*.usercentrics.eu 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://netlify-cdp-loader.netlify.app; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.ctfassets.net https://res.cloudinary.com https://*.usercentrics.eu; font-src 'self'; connect-src 'self' https://*.usercentrics.eu https://jvm.matomo.cloud https://jvm.matomo.cloudmatomo.php; media-src 'self' https://*.ctfassets.net https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://app.netlify.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 2
report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors *; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';    base-uri 'self';    frame-ancestors 'self' https: ;    object-src 'none'; 2
default-src 'self' *.google.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ajax.googleapis.com www.youtube.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' v1.addthisedge.com z.moatads.com *.marker.io *.addthis.com ajax.aspnetcdn.com  *.google.com *.doubleclick.net *.facebook.net *.google.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ajax.googleapis.com www.youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' *.google.com *.google.co.uk *.facebook.com *.linkedin.com *.google-analytics.com data: dashboard.umbraco.org umbraco.tv csi.gstatic.com maps.gstatic.com maps.googleapis.com mt.google.com; frame-src 'self' *.marker.io *.addthis.com *.cookiebot.com *.vimeo.com *.google.com www.gstatic.com/recaptcha/ www.youtube.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss: blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://connect.facebook.net https://www.google-analytics.com https://apis.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://www.paypalobjects.com https://www.paypal.com https://app-customerrors-uat-cc-1.azurewebsites.net https://www.magazinesocan.ca https://www.socanmagazine.ca https://secure.gravatar.com https://ps.w.org https://s.w.org https://i.ytimg.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://www.google-analytics.com https://yoast.com; media-src 'self'; object-src 'none'; frame-src 'self' https://content.googleapis.com https://www.youtube.com; worker-src 'self' blob:; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' c.a.kaldewei.com assets.cdn.kaldewei.com staging.cdn.kaldewei.de kald1.secure2.footprint.net kald-a1.secure2.footprint.net kald-b1.secure2.footprint.net kaldewei-fa1.secure.footprint.net kald.secure2.footprint.net kald-a.secure2.footprint.net kald-b.secure2.footprint.net kaldewei-fa.secure.footprint.net https://www.kaldewei.de *.kaldewei.de https://www.kaldewei.com http://test-lieferzeitenauskunft.kaldewei.de test-lieferzeitenauskunft.kaldewei.de lieferzeitenauskunft.kaldewei.de *.hotjar.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com jwpsrv.com www.polantis.com maps.googleapis.com maps.gstatic.com bat.bing.com https://interaktiv.contilla.de/15012d2d2e303369c8628723/0/webapp.js https://www.recaptcha.net/recaptcha/api.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/206776544034462 privacy-proxy-server.usercentrics.eu privacy-proxy.usercentrics.eu app.usercentrics.eu mediaintelligence.de *.mediaintelligence.de *.min-cdn.net ad4m.at *.ad4mat.net *.adform.net ad.trcksrv.de *.taboola.com; 2
upgrade-insecure-requests; default-src 'self' https:; frame-ancestors 'self'; font-src 'self' data: https:; img-src 'self' data: https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline';form-action 'self'; 2
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' * t.contentsquare.net app.contentsquare.com; child-src blob:; worker-src blob:; frame-src *; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * *.contentsquare.net data: blob:; connect-src * *.contentsquare.net; font-src *; object-src *; media-src * 2
frame-src 'self' www.youtube.com; media-src 'self' https://storage.googleapis.com; default-src 'self' *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com; img-src 'self' data: https://storage.googleapis.com https://creators.google *.ytimg.com *.googleusercontent.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src 'self' unpkg.com chimpstatic.com *.cloudflare.com *.unsplash.com *.us5.list-manage.com mcusercontent.com *.ytimg.com *.youtube.com *.vimeo.com *.mailchimp.com *.jsdelivr.net *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google.ch empathy-portal.de *.doubleclick.net *.m-pathy.com fast.fonts.net *.facebook.net *.facebook.com *.adform.net bat.bing.com 'unsafe-eval'  'unsafe-inline' data:; 2
frame-src 'self' * 2
base-uri 'self'; connect-src 'self' https://tablet.sigwebtablet.com:47290 wss:; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com; object-src 'none'; script-src 'self' blob: 'unsafe-inline' https://js.stripe.com https://www.gstatic.com https://cdn.jsdelivr.net https://tablet.sigwebtablet.com; img-src * blob: data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; form-action 'self' 2
frame-ancestors 'self' X-Frame-Options: DENY 2
frame-ancestors 'self' https://cdn.eizo.de; block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://tags.creativecdn.com https://*.outbrain.com https://cdn.jsdelivr.net https://www.paypal.com https://www.googleadservices.com https://s2.adform.net https://*.adform.net https://js.adsrvr.org https://*.delivery.consentmanager.net https://acdn.adnxs.com https://*.teads.tv https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://bat.bing.com https://c.delivery.consentmanager.net/ https://cdn.consentmanager.net/ https://ajax.googleapis.com https://cdn.eizo.de/ https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://unpkg.com https://f.vimeocdn.com https://m.youtube.com https://player.vimeo.com https://www.vimeo.com https://www.youtube.com;; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com ajax.googleapis.com https://cdn.eizo.de/ unpkg.com; object-src 'none'; frame-src 'self' https://p.teads.tv https://creativecdn.com https://*.creativecdn.com https://td.doubleclick.net https://*.doubleclick.net/ https://fledge.teads.tv https://*.teads.tv https://insight.adsrvr.org https://match.adsrvr.org https://cdn.eizo.de *.youtube.com *.vimeo.com vimeo.com *.youtube-nocookie.com www.youtube-nocookie.com; child-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com www.youtube.com *.youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' https://cdn.jsdelivr.net https://insight.adsrvr.org/ https://ad.yieldlab.net https://ssp-csync.smartadserver.com https://s.ad.smaato.net https://t.adx.opera.com/ https://bh.contextweb.com https://t.visx.net https://*.mgid.com https://us-u.openx.net https://fast.nexx360.io https://visitor.omnitagjs.com https://hbx.media.net https://csync.loopme.me https://sync.1rx.io https://ssc-cms.33across.com https://router.infolinks.com/ https://*.pubmatic.com/ https://sync.go.sonobi.com/ https://sync.cenarius.orangeclickmedia.com https://*.outbrain.com/ https://*.adscale.de/ https://sync.taboola.com https://ups.analytics.yahoo.com https://bat.bing.com https://ice.360yield.com https://www.google.com https://googleads.g.doubleclick.net https://track.adform.net https://*.doubleclick.net https://*.delivery.consentmanager.net https://ib.adnxs.com https://*.teads.tv https://www.google.de https://www.googletagmanager.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.consentmanager.net https://region1.google-analytics.com https://c.delivery.consentmanager.net https://gethatch.com https://cdn.eizo.de data: ajax.googleapis.com d2u1aaftdsxbyu.cloudfront.net unpkg.com via.placeholder.com *.ytimg.com *.youtube.com *.vimeocdn.com *.vimeo.com; font-src 'self' data: *.bootstrapcdn.com unpkg.com; connect-src 'self' https://ams.creativecdn.com https://www.google.de https://*.outbrain.com https://bat.bing.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.teads.tv blob: ajax.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net eu-api.friendlycaptcha.eu friendlycaptcha.com https://cdn.eizo.de/ vimeo.com youtube-nocookie.com youtube.com; manifest-src https://cdn.eizo.de/ 'self'; base-uri 'self'; form-action 'self' https://www.paypal.com https://*.list-manage.com https://ipayment.de https://www.saferpay.com; media-src 'self' https://cdn.eizo.de d2u1aaftdsxbyu.cloudfront.net *.vimeo.com vimeo.com *.youtube.com youtube.com; worker-src 'self' blob:; 2
frame-ancestors https://apps.usw2.pure.cloud 2
Deny 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' data: blob: 2
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 2
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: wss://widget.apibcknd.com wss://widget.me-talk.ru wss://realtime-services-chat-2.carrotquest.app wss://rts-v2.carrotquest.app  wss://realtime-services-chat-1.carrotquest.app; frame-ancestors 'self' https://*.webvisor.com https://*.flocktory.com https://*.yandex.ru https://*.yandex.com https://*.carrotquest.app wss://*.carrotquest.app https://*.carrotquest.io wss://*.carrotquest.io https://*.carrottrack.io wss://*.carrottrack.io https://cdn.carrotquest.app 2
frame-ancestors http://ecomdisplay.int/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; 2
default-src 'self' https://*.readspeaker.com ; connect-src 'self' https://*.readspeaker.com ; font-src 'self' data: ; script-src 'self' https://*.readspeaker.com http://siteimproveanalytics.com  http://docs.netpublicator.com  'unsafe-inline' 'unsafe-eval' ; style-src 'self' data: https://*.readspeaker.com  'unsafe-inline'; frame-src 'self' https://*.readspeaker.com  http://www.youtube.com  regionkalmar.imagevault.app sts.regionkalmar.se 'unsafe-inline'; img-src 'self' data: https://*.readspeaker.com regionkalmar.imagevault.app 7535.global.siteimproveanalytics.io cdn.varbi.com data:; 2
frame-ancestors 'self' *.egovcdn.com 2
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; worker-src https: data: blob: 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; font-src https: data: 'self'; connect-src https: wss: 'self'; img-src https: data: 'self'; media-src https: blob: 'self'; style-src https: 'unsafe-inline' 'self'; frame-src https: blob:; frame-ancestors 'self'; 2
default-src 'self' https: 'unsafe-inline' 2
default-src 'none'; img-src * data:; media-src *; font-src * data:; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://stats.sandberg.world https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://maps.google.com https://maps.googleapis.com https://player.vimeo.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://www.gstatic.com https://www.google.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://fonts.googleapis.com; connect-src 'self' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://sandberg.com.ua https://sandberg.hu https://sandberg.gr https://sandberg.sk https://sandberg.com.mx https://sandberg.hr https://sandberg.lv https://sandberg.ro https://sandberg.it https://stats.sandberg.world https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vimeo.com https://stats.g.doubleclick.net https://www.facebook.com https://zeroheight.com https://maps.google.com https://maps.googleapis.com https://analytics.tiktok.com https://*.analytics.google.com https://*.analytics.pangle-ads.com https://*.googlesyndication.com https://*.pangle-ads.com 2
default-src 'unsafe-inline' https: data: script-src: 'self' 'unsafe-eval' https: connect-src: 'self' 'unsafe-eval' 'unsafe-inline' wss: https: 2
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://*.teads.tv wss://webchat.smartly.ai https://webchat.smartly.ai https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://cdn.smartly.ai https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://offerswidget.visa.com; frame-src 'self' https://*.teads.tv https://bid.g.doubleclick.net https://platform.twitter.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com; img-src 'self' *.bicis.sn *.bmci.ma *.ubci.tn *.bnpparibas.dz *.bicici.com *.biciab.bf *.bicigui.org *.bicibourse.com *.stagingirb.bnpparibas *.teads.tv media.smartly.ai data: apis.smartly.ai cdn.smartly.ai bots.smartly.ai maps.gstatic.com *.googleapis.com *.ggpht https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.fr https://www.google.com https://central.stagingirb.bnpparibas https://irb-central.bnpparibas.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://offerswidget.visa.com https://www.visa.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.stagingirb.bnpparibas https://www.googletagmanager.com/ https://p.teads.tv/ https://pagead2.googlesyndication.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.smartly.ai https://cdn.smartly.ai https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://apis.google.com https://code.jquery.com/ui/1.10.1/jquery-ui.js https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://maps.googleapis.com https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/controls.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/infowindow.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/map.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/marker.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/onion.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/stats.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/util.js https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://maps.googleapis.com/maps/vt https://offerswidget.visa.com/api/v1.1/jsonp/destinations https://offerswidget.visa.com/api/v1.1/jsonp/offersListing https://offerswidget.visa.com/api/v1.1/jsonp/refData https://offerswidget.visa.com/vos/i18n/vosw.messages_en.js https://offerswidget.visa.com/vos/scripts/VisaSyndicationWidget.js https://platform.linkedin.com/in.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://cdn.smartly.ai https://tagmanager.google.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ https://offerswidget.visa.com/vos/styles/ https://offerswidget.visa.com/vos/styles/syndication/; object-src 'self'; manifest-src 'self' 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.bern-altstadt.ch https://www.mediservice-news.ch https://rechner.soziale-sicherheit-chss.ch https://bsv.admin.ch https://www.bsv.admin.ch https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://www.mediapulse.ch https://app.diespeisekarte.ch https://www.diespeisekarte.ch https://transport.opendata.ch https://www.agfs.ch; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * data:; media-src 'self';object-src 'none'; base-uri 'self';frame-ancestors 'self' https://www.jobs-im-allgaeu.de;form-action 'self' https://*.tq-group.com https://*.facebook.com; 2
default-src https: blob: data:;font-src https: data:;img-src https: data:;script-src 'unsafe-inline' 'unsafe-eval' * https://player.vimeo.com/api/ blob:;style-src 'unsafe-inline' https:; 2
frame-ancestors 'self' http://localhost:8080 http://alpitour-magnolia-helm-author-b2x-dev.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-author-b2x-test.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-public-b2x-test.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-author-b2x-pre-prod.apps-uat.alpitour-aws.local https://magnolia.alpitour.it https://www.lonelyplanetitalia.it lonelyplanetitalia.local; 2
default-src 'unsafe-inline' 'unsafe-eval' 10.100.100.127:* localhost:* localhostbh:* localhostfp:* localhostsb:* localhostur:* localhostmn:* localhostwl:* localhostbf:* speedybooker.com *.speedybooker.com *.wordpress.com *.speedybooker.com:44343 speedybooker.com:44343 hostelhunter.com *.hostelhunter.com caravanrentals.com *.caravanrentals.com beachhuts.com monasteries.com universityrooms.com *.fishannan.co.uk *.fishbann.co.uk *.fishchalkstreams.com *.fishchalkstreams.com *.fishcumbria.co.uk *.fishdee.co.uk *.fishdurham.co.uk *.fisheasterross.co.uk *.fishesks.co.uk *.fishfoyle.com *.fishgalloway.co.uk *.fishiceland.com *.fishkyle.co.uk *.fishmiramichi.com *.fishspey.com *.fishtay.com *.fishtestanditchen.com *.fishtweed.com *.fishtyne.com *.fishyorkshire.co.uk britainsfinest.co.uk *.beachhuts.com *.monasteries.com *.universityrooms.com *.britainsfinest.co.uk *.cmail20.com *.clarity.ms d3dc1lgancj6l0.cloudfront.net d3upe020n1uosc.cloudfront.net *.securesuite.co.uk *.bing.com *.gstatic.com *.sagepay.com *.elavon.com *.rsa3dsauth.co.uk *.createsend1.com classic.avantlink.com *.avantlink.com *.cmail19.com *.cloudfront.net *.google.com *.googleapis.com *.googlesyndication.com embed.windy.com *.amazonaws.com *.recaptcha.net *.fontawesome.com *.twitter.com *.jsdelivr.net *.twimg.com *.facebook.com *.msecnd.net *.visualstudio.com *.googletagservices.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.facebook.net *.youtube.com *.vimeo.com *.cloudflare.com *.cloudflareinsights.com *.turbo-pms.com *.fishpal.com *.sat24.com *.windyty.com *.meteoradar.co.uk *.uricache.com *.tile.openstreetmap.org *.ampproject.org maps.googleapis.com *.datatables.net data: blob: *.fontawesome.com flex.msn.com; 2
frame-ancestors https://metrika.yandex.ru https://webvisor.com http://webvisor.com 2
frame-ancestors 'self' *.calbar.ca.gov *.force.com *.salesforce.com *.youtube.com *.youtu.be app.powerbigov.us calbar.az1.qualtrics.com 2
default-src 'self' https://www.mgweb.co.il; frame-ancestors 'self'; connect-src https:; frame-src https:; font-src https: 'unsafe-inline'; img-src https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
script-src 'self' data: da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com www.google-analytics.com *.google.com www.googletagmanager.com *.twitter.com cdn.syndication.twimg.com cdn.jsdelivr.net hdv-beethoven.de mirador-dev.netlify.app; img-src 'self' *.ggpht.com *.googleusercontent.com swiperjs.com www.googleadservices.com *.gstatic.com www.googletagmanager.com *.googleapis.com *.google.com data: *.twitter.com *.twimg.com *.paypal.com *.paypalobjects.com *.ytimg.com hdv-beethoven.de mirador-dev.netlify.app; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com www.youtube-nocookie.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com panorama.beethoven.de data: *.google.com walls.io my.walls.io mirador-dev.netlify.app; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twitter.com *.twimg.com *.google.com hdv-beethoven.de mirador-dev.netlify.app; media-src 'self' internet.beethoven.de hdv-beethoven.de mirador-dev.netlify.app; object-src 'self' hdv-beethoven.de mirador-dev.netlify.app; connect-src 'self' www.beethoven.de hdv-beethoven.de mirador-dev.netlify.app; font-src 'self' fonts.googleapis.com fonts.gstatic.com hdv-beethoven.de mirador-dev.netlify.app; 2
default-src 'self' 'unsafe-inline' data: wss: *.google-analytics.com maps.google.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com checkout.stripe.com js.stripe.com cdn.ravenjs.com sentry.io *.authorize.net; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src https: data:; 2
default-src https: *.theturkey.dev 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com  *.libsyn.com  *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net  *.cookielaw.org  cdn.matomo.cloud  *.vimeo.com  *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com  *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; img-src * 'self' data: blob:;frame-ancestors 'self'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.cookiefirst.com https://www.google-analytics.com https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://derby.managed-otrs.com https://static.hotjar.com https://script.hotjar.com https://zenloop-website-overlay-production.s3.amazonaws.com https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com; img-src 'self' data: https://assets.zenloop.com https://muleapiservice.focus-kalkhoff-dealer.com https://focus-kalkhoff-dealer.com https://www.googletagmanager.com https://www.google.com https://www.google.de https://i.ytimg.com https://www.google-analytics.com https://consent.cookiefirst.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://script.hotjar.com; font-src 'self' https://script.hotjar.com https://consent.cookiefirst.com https://zenloop-assets.s3.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com https://derby.managed-otrs.com https://zenloop-website-overlay-production.s3.amazonaws.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://derby.managed-otrs.com https://zenloop-website-overlay-production.s3.amazonaws.com/ https://26323667.hs-sites-eu1.com https://26545664.hs-sites-eu1.com https://app-eu1.hubspot.com/ ; object-src 'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://cdn.messengerpeople.com https://www.googleadservices.com/ https://www.googletagmanager.com https://www.gstatic.com https://app.usercentrics.eu https://privacy-proxy-server.usercentrics.eu https://salesviewer.org salesviewer.org https://privacy-proxy.usercentrics.eu https://use.typekit.net/ https://www.google-analytics.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://app.usercentrics.eu https://app.eu.usercentrics.eu https://sdp.eu.usercentrics.eu https://static.ads-twitter.com https://analytics.twitter.com https://cdn.leadinfo.net https://connect.facebook.net https://config.eu.usercentrics.eu https://snap.licdn.com data: 2
default-src 'self' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 2
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://www.southerncarlson.com/stores/store/redirect/ https://www.clavos.com/stores/store/redirect/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.adobe.com *.bluecore.com *.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com/ https://api.bluecore.com/ https://bam.nr-data.net/ https://blueacorn.atlassian.net/ https://h.online-metrix.net/ https://imgs.signifyd.com/ https://js-agent.newrelic.com/ https://polyfill.io/ https://request.eprotect.vantivprelive.com/ https://storage.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://assets.adobedtm.com/ https://web-sdk.aptrinsic.com/ https://request.eprotect.vantivcnp.com/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bluecore.com *.googleapis.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://imgs.signifyd.com/ https://*.e.aa.online-metrix.net/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.com.ua/ https://www.googletagmanager.com/ https://amcglobal.sc.omtrdc.net/ https://web1.acsbapp.com/apps/app/dist/media/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bluecore.com *.googleapis.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; frame-src https://h.online-metrix.net/ https://imgs.signifyd.com/ https://request.eprotect.vantivprelive.com/ https://www.google.com/ https://request.eprotect.vantivcnp.com/ fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api.bluecore.app/ https://bam.nr-data.net/ https://bt.signifyd.com:1103/ https://cdn.acsbapp.com/ https://imgs.signifyd.com/ https://stats.g.doubleclick.net/ https://td73zulx99-dsn.algolia.net/ https://www.google-analytics.com/ https://esp-m.aptrinsic.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.bluecore.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; default-src 'none' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src https://www.google.com/; 2
default-src 'self' 'unsafe-inline' data: www.google-analytics.com;  script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'unsafe-inline' 'self' https://www.google.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' 'unsafe-inline' data: https://sistema.messagecenter.com.br; 2
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' data: wss: www.youtube.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com 'sha256-VWlS8Ik7XRVhz/AxeiqW/Fz0x8ZwAlOO7KdRrOwgP0Q='; frame-src www.youtube.com 2
default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; worker-src * blob:; font-src * data: 2
default-src 'self' wss: localhost:14186 www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src 'self' data: fonts.gstatic.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://maps.google.com/ https://maps.googleapis.com/ ; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com/ ; object-src 'none'; base-uri 'self'; connect-src 'self' wss: data: https://maps.googleapis.com/ ; font-src 'self' data: blob: https://fonts.gstatic.com/ ; frame-ancestors 'self'; frame-src 'self' about: https://pay.datatrans.com/ https://ais-sas.swisscom.com/ https://ais-sas.pre.swissdigicert.ch/ https://ais-sas.swissdigicert.ch/; img-src 'self' blob: data: about: https://maps.google.com/maps/ https://maps.gstatic.com/ https://maps.googleapis.com/ ; manifest-src 'self' data:; media-src 'self'; 2
frame-ancestors 'self' '*.onlineplasticsgroup.com' 2
default-src 'self' *.quantummetric.com 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; object-src 'self'; style-src * 'unsafe-inline';  media-src * 'unsafe-inline'; script-src 'self' *.privy.com cnstrc.com *.wufoo.com *.gstatic.com js.hsforms.net  *.orders.com *.googleapis.com *.navitor.com *.google.com *.yieldify.com *.hs-scripts.com *.visualwebsiteoptimizer.com tag.rmp.rakuten.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.rd.linksynergy.com *.googleadservices.com *.xg4ken.com *.andersons.com *.paperdirect.com *.rhymeuniversity.com *.alphabetu.com *.itselementary.com *.littlegraduates.com *.paradefloatsuppliesnow.com *.promnite.com *.yimg.com *.pinterest.com *.quantummetric.com *.pinimg.com *.google-analytics.com *.privy.com cnstrc.com  *.googletagmanager.com *.sc.pages03.net *.groupbycloud.com *.pinimg.com *.bing.com *.google-analytics.com *.g.doubleclick.net *.privy.com cnstrc.com   *.powerreviews.com *.pubhtml5.com *.facebook.net 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; worker-src blob:; child-src blob:;  2
frame-ancestors 'self' https://accounts.highbond.com https://accounts.aclgrc.com https://accounts.highbond-gov.com https://accounts.highbond-gov2.com https://accounts.highbond-s1.com https://accounts.highbond-s2.com https://accounts.highbond-s3.com https://accounts.highbond-gov-s1.com https://accounts.highbond-dod.com https://highbond-gov3.com https://accounts.highbond-gov3.com https://accounts.highbond.mil https://eco.accuvio.com https://devlim3.accuvio.com 2
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com *.usercentrics.eu data: *.motel-one.com *.the-cloud-one.com *.usercentrics.eu; script-src *.motel-one.com *.the-cloud-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com *.smartrecruiters.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com squarelovin.com ik.imagekit.io *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com *.the-cloud-one.com *.gstatic.com *.usercentrics.eu *.pinimg.com *.pinterest.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.squarelovin.com squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com *.dialogshift.com; connect-src 'self' *.motel-one.com *.the-cloud-one.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com core.prod.co25.net; font-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.dialogshift.com; frame-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com *.pinimg.com *.pinterest.com *.surveysparrow.com surveysparrow.com *.dialogshift.com *.smartrecruiters.com; 2
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' *.ofbusiness.com 2
{"frame-src"=>"'self' https://transparencia.gob.pe/ https://*.transparencia.gob.pe"} 2
object-src 'self';script-src * 'unsafe-eval' 'unsafe-inline' data: blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; 2
frame-ancestors 'self' 'swiftkanban.com' 'swift-ease.com' 'saas.digite.com' 'nimblework.com'; 2
default-src 'none'; base-uri 'none'; form-action 'self' https://news.addy.io; connect-src 'self' https://app.addy.io/default-currency; manifest-src 'self'; frame-ancestors 'none'; script-src 'self' 'sha256-6qQWTVhBNcsGRyT26G26ZSIfLs+60+VhhX0ppPSgd50='; img-src 'self' data:; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/8CvIhEkJqzXuPzY8k7p4wTZ1zjLlE7mi3UcNExd8ao='; font-src 'self'; frame-src 'none'; object-src 'none'; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self'  https://fonts.gstatic.com/; object-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'self'; media-src 'self' 2
default-src 'self' https://www.excelsoftcorp.com https://www.google.com; script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://nitroscripts.com https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://snap.licdn.com https://unpkg.com https://consentcdn.cookiebot.com https://*.nitrocdn.com https://consent.cookiebot.com https://code.jquery.com https://connect.facebook.net https://beacon-v2.helpscout.net https://tag.getdrip.com https://nitropack.io https://static.zdassets.com https://*.nitrocdn.com https://www.youtube.com https://www.google.com/recaptcha/ https://*.zoho.com https://crm.zohopublic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://code.jquery.com https://unpkg.com https://*.nitrocdn.com https://beacon-v2.helpscout.net https://fonts.googleapis.com;img-src 'self' data: https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://px4.ads.linkedin.com https://smartslider3.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://code.jquery.com https://s.w.org https://beacon-v2.helpscout.net https://api.monsterinsights.com https://nitropack.io https://*.nitrocdn.com https://secure.gravatar.com https://www.google-analytics.com https://crm.zohopublic.com https://www.youtube.com https://www.google.com https://www.linkedin.com https://www.facebook.com https://www.twitter.com https://www.google.co.in https://*.nitrocdn.com https://pagead2.googlesyndication.com https://*.cookiebot.com; font-src 'self' https://cdnjs.cloudflare.com https://*.nitrocdn.com https://fonts.gstatic.com https://www.google-analytics.com data: ;connect-src 'self' https://excelsoftcorp.zohorecruit.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com https://crm.zohopublic.com https://px.ads.linkedin.com https://*.linkedin.oribi.io https://www.googletagmanager.com https://*.nitrocdn.com https://consentcdn.cookiebot.com https://*.cloudfront.net https://nitropack.zendesk.com https://zendesk-eu.my.sentry.io https://ekr.zdassets.com https://nitropack.io https://yoast.com https://to.getnitropack.com https://*.zoho.com https://www.google-analytics.com https://stats.g.doubleclick.net;object-src 'none';frame-ancestors 'self';base-uri 'self';form-action 'self' https://*.zoho.com https://forms.zohopublic.com;frame-src 'self' data: https://youtube.com https://td.doubleclick.net https://smartslider3.com https://www.excelsoftcorp.com https://crm.zoho.com https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com; 2
default-src 'none'; base-uri 'self' *.dataprovider.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dataprovider.com prismic.io *.prismic.io vercel.live *.vercel.live *.vercel.app *.flourish.studio cdn-cookieyes.com js.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net snap.licdn.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net static.ads-twitter.com *.linkedin.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.dataprovider.com *.typekit.net; img-src 'self' data: *.dataprovider.com *.prismic.io *.cdn-cookieyes.com assets.vercel.com *.flourish.studio *.typekit.net *.hsforms.com track.hubspot.com *.google.com *.google.nl googleads.g.doubleclick.net t.co analytics.twitter.com *.linkedin.com; font-src 'self' data: *.typekit.net; connect-src 'self' wss: *.dataprovider.com *.vercel.app *.sentry.io *.hsforms.com cdn-cookieyes.com *.cookieyes.com *.hubapi.com *.hscollectedforms.net *.google.com *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.hotjar.com *.hotjar.io cdn.linkedin.oribi.io integration-prod-assets.s3.us-east-2.amazonaws.com; frame-src 'self' account.dataprovider.com dataprovider.prismic.io vercel.live flo.uri.sh *.google.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com; frame-ancestors 'self' *.google.com; form-action 'self' *.dataprovider.com *.hsforms.com; child-src 'self' blob:; 2
default-src * 'unsafe-eval'; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.recaptcha.net https://*.yimg.com https://*.onead.com.tw https://*.onevision.com.tw https://*.line-scdn.net https://*.virtualearth.net https://*.bing.com https://*.gstatic.com https://*.google.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://*.bridgestonetire.com https://*.akamaihd.net https://*.jquery.com  https://*.twitter.com https://*.ads-twitter.com https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://www.youtube.com https://*.firestonecompleteautocare.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net; object-src 'none'; base-uri 'self'; connect-src *; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.doubleclick.net; img-src * data: blob:; media-src 'self'; 2
default-src 'self' *.youtube.com *.youtube-nocookie.com *.twitter.com *.xing-events.com *.cookiebot.com *.fonts.net *.medienanstalt-nrw.de *.lfm-nrw.de *.amiando.com *.xing-events.com *.jwpcdn.com *.jwpltx.com *.google.com eveeno.com *.der-newstest.de *.nrwision.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.fonts.net *.medienanstalt-nrw.de *.lfm-nrw.de *.amiando.com *.xing-events.com *.jwpcdn.com *.jwpltx.com; style-src 'self' 'unsafe-inline' *.fonts.net; img-src 'self' data: w3.org/svg/2000 *.jwpltx.com zz.medienanstalt-nrw.de 2
connect-src 'self' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com;default-src 'self';frame-ancestors 'self';frame-src 'self' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com;object-src 'self'; media-src 'self' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com;img-src * data: blob: 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com;style-src 'self' 'unsafe-inline' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com;font-src 'self' *.doubleclick.net *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.cloudflare.com *.cloudflareinsights.com *.woobox.com *.pinimg.com *.hotjar.com *.jobillico.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.googletagmanager.com/ https://fast.fonts.net/ https://www.google.com/ https://www.gstatic.com/ https://s.go-mpulse.net/ https://app.usercentrics.eu/; img-src 'self' https://*.linkedin.com/ https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://contenthub.rosen-group.com/; font-src 'self' https://fast.fonts.net/ ; style-src 'unsafe-inline' https://www.rosen-group.com/ https://fast.fonts.net/; frame-src 'self' https://ww2.rosen-group.com/ https://forms.nintex.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://app.usercentrics.eu/; object-src 'none'; connect-src https://*.google-analytics.com https://*.usercentrics.eu https://*.akamaihd.net/ https://region1.google-analytics.com https://consent-api.service.consent.usercentrics.eu/ https://c.go-mpulse.net https://api.usercentrics.eu/ https://*.akstat.io/ https://aggregator.service.usercentrics.eu/ https://c.go-mpulse.net/ https://*.linkedin.com/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self' accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *;img-src * data:; script-src * www.google-analytics.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; 2
img-src 'self' data:; default-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://insiderdata360online.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://ws.sharethis.com https://ga.getresponse.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://crm.zoho.com https://c.sharethis.mgr.consensu.org https://l.sharethis.com https://ga.getresponse.com https://www.google.com https://analytics.google.com https://cdn.jsdelivr.net https://use.typekit.net https://fonts.googleapis.com/ https://stats.g.doubleclick.net https://p.typekit.net https://code.jquery.com https://www.gstatic.com https://player.vimeo.com http://www.w3.org https://www.youtube.com/ https://acsbapp.com/ https://licdn.com https://snap.licdn.com https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://extend.vimeocdn.com;  2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com consentcdn.cookiebot.com consent.cookiebot.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com www.gstatic.com www.youtube.com www.youtube-nocookie.com player.vimeo.com s.sonaesierra.info cdn.logwork.com; style-src 'report-sample' 'self' 'unsafe-inline' unpkg.com netdna.bootstrapcdn.com fonts.googleapis.com onesignal.com; object-src 'self'; base-uri 'self'; connect-src 'self' api-gateway.mappedin.com web-proxy.mappedin.com mappedin-web-load.mappedin.com cdn.mappedin.com search.mappedin.com d3j72de684fey1.cloudfront.net sentry.io consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com s.sonaesierra.info onesignal.com cdn.onesignal.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com use.typekit.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com tour.spacewerkhosting.de cdn.logwork.com logwork.com player.vimeo.com www.googletagmanager.com tourmkr.com cdn.flipsnack.com flipsnack.com player.flipsnack.com; img-src 'self' data: imgsct.cookiebot.com sonaesierracms.cdnpservers.net api.qrserver.com cdn.mappedin.com i.vimeocdn.com mipubapistorageprod.blob.core.windows.net sonaesierracms-v2.cdnpservers.net *.google-analytics.com *.googletagmanager.com www.google.com s.sonaesierra.info d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net i.ytimg.com onesignal.com cdn.onesignal.com img.onesignal.com secure.gravatar.com www.instagram.com *.cdninstagram.com www.gstatic.com ssl.gstatic.com fusionpt.slbpservers.net sierrahubstorage.blob.core.windows.net; manifest-src 'self'; media-src 'self'; report-uri https://sierra.report-uri.com/r/d/csp/enforce; worker-src 'self'; form-action 'self'; 2
frame-src 'self' *.ggd.nl *.ghor.nl *.ggdghor.nl *.cookiebot.com *.hotjar.com *.youtube.com *.soundcloud.com 2
connect-src 'self' www.bugherd.com bugherd-attachments.s3.amazonaws.com *.omappapi.com *.grupotriples.com *.hotjar.com *.google.com *.google-analytics.com 2
default-src 'self' data: blob: https:; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; 2
media-src 'self' 2
default-src 'self' *.geovelo.fr; frame-src 'self' *.geovelo.fr accounts.google.com new-geovelo.prismic.io geovelo-fr-geovelo.firebaseapp.com www.youtube.com webforms.pipedrive.com platform.twitter.com www.facebook.com www.welcometothejungle.com; connect-src 'self' *.geovelo.fr wss://client.relay.crisp.chat/  px.ads.linkedin.com px4.ads.linkedin.com client.crisp.chat data: geovelo.matomo.cloud *.ingest.sentry.io mo.cloud s3.fr-par.scw.cloud www.facebook.com wxs.ign.fr wmts10.geo.admin.ch www.ign.es identitytoolkit.googleapis.com firebasedynamiclinks.googleapis.com accounts.google.com http://new-geovelo.cdn.prismic.io/ api.eu.amplitude.com www.google-analytics.com wss://client.relay.crisp.chat client.crisp.chat stats.g.doubleclick.net www.welcomekit.co; style-src 'self' *.geovelo.fr api.mapbox.com fonts.googleapis.com cdn.tiny.cloud https://accounts.google.com/gsi/ client.crisp.chat platform.twitter.com ton.twimg.com 'unsafe-inline'; img-src 'self' *.geovelo.fr data: blob: px.ads.linkedin.com px4.ads.linkedin.com  s3.fr-par.scw.cloud *.s3.fr-par.scw.cloud www.facebook.com sp.tinymce.com static.cdn.prismic.io images.prismic.io new-geovelo.cdn.prismic.io https://prismic-io.s3.amazonaws.com/ accounts.google.com www.googletagmanager.com www.google-analytics.com image.crisp.chat platform.twitter.com syndication.twitter.com abs.twimg.com pbs.twimg.com https://ton.twimg.com about://ton.twimg.com; font-src 'self' *.geovelo.fr client.crisp.chat data: fonts.gstatic.com client.crisp.chat; script-src 'self' *.geovelo.fr snap.licdn.com client.crisp.chat geovelo.matomo.cloud cdn.matomo.cloud apis.google.com connect.facebook.net appleid.cdn-apple.com cdn.tiny.cloud static.cdn.prismic.io prismic.io https://accounts.google.com/gsi/client cdn.syndication.twimg.com webforms.pipedrive.com cdn.eu-central-1.pipedriveassets.com pipedrive.com platform.twitter.com twitter.com facebook.com www.googletagmanager.com client.crisp.chat www.google-analytics.com www.welcomekit.co 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.geovelo.fr blob: ; media-src 'self' *.geovelo.fr geovelo-annual-recaps-dev.s3.fr-par.scw.cloud child-src 'self' *.geovelo.fr blob: ; 2
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.tt.se *.cookiebot.com *.browsealoud.com *.youtube.com sibautomation.com apps.moderaterna.se;style-src 'self' 'unsafe-inline' apps.moderaterna.se;font-src 'self' data:;frame-src 'self' *.youtube.com *.vimeo.com *.twitter.com *.facebook.com *.tt.se *.cookiebot.com sibautomation.com *.spotify.com;img-src 'self' *.gravatar.com data: *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.facebook.com *.doubleclick.net *.creative-serving.com *.bidswitch.net *.yieldlab.net *.kargo.com;connect-src 'self' *.membercare.se *.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.browsealoud.com *.speechstream.net in-automate.sendinblue.com https://id5-sync.com apps.moderaterna.se *.moderaterna.se *.ordningpasverige.se *.brevo.com; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; connect-src * data:; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; 2
default-src    'self'  cdn.staging.sigmasoftware.pp.ua cdn.sigma.software; script-src   'nonce-4baymDLvjSZ3laloZfZDVWhsD1kkLRm5' 'sha256-x5/Wpvmgi/b94lESssE71PTBYgd6Mx4P6NpAyLwz1qI=' 'sha256-HH/bz5PkgmJywIYn4ev/qmwwQ+qAFSt4jvF3vMNyzCc=' 'sha256-1VDFRQ4Ld2qO0b1bq1HR+WmTsA4+ndSkCyhXXikt9XM=' 'sha256-tM+MTwJg0/y7RZXRg1sBIZXKicmsojbDdlMxJ7Y2SEU=' 'sha256-FTNeBqquNuBhHaNZc8wTDo/rUGf3rCftdPtVU04t4YY=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io  bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com blob:; style-src      'self' 'unsafe-inline' cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com code.jquery.com cdn.jsdelivr.net www.google.com images.dmca.com; img-src        'self' 'unsafe-inline' cdn.staging.sigmasoftware.pp.ua cdn.cookielaw.org cdn.sigma.software sigma.software data: sc.lfeeder.com px.ads.linkedin.com *.bing.com www.facebook.com tr.lfeeder.com p.adsymptotic.com *.google-analytics.com *.analytics.google.com www.google.com www.google.com.ua *.gstatic.com www.googletagmanager.com maps.googleapis.com secure.gravatar.com wpmudev.com c.clarity.ms mir-s3-cdn-cf.behance.net assets.goodfirms.co www.googleapis.com clients1.google.com *.google.com; font-src       'self'  cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net; frame-src      'self' 'unsafe-inline' cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software *.jotform.com www.facebook.com www.youtube.com submit.jotformeu.com player.vimeo.com cse.google.com bid.g.doubleclick.net td.doubleclick.net; connect-src    'self'  ipinfo.io maps.googleapis.com *.google-analytics.com *.analytics.google.com cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software stats.g.doubleclick.net yoast.com cdn.cookielaw.org *.clarity.ms geolocation.onetrust.com www.facebook.com privacyportal-eu.onetrust.com bat.bing.com cse.google.com cdn.linkedin.oribi.io analytics.google.com pagead2.googlesyndication.com my.yoast.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com; base-uri       'self'; script-src-elem   'self' 'unsafe-inline' 'unsafe-eval' cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io  bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com px.ads.linkedin.com *.hotjar.com blob:; 2
script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 2
frame-ancestors 'self' https://s1-eu.ariba.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 2
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-itops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-bau-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-qa-sair-static-assets.s3.eu-west-1.amazonaws.com eu01-dev-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.sgsonline.net iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com; 2
default-src https://*.google-analytics.com https://*.analytics.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline' data: https: blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.umbraco.io *.local 2
frame-ancestors 'self' *.contentstack.com 2
default-src https://www.youtube.com https://*.netcoresmartech.com https://*.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://uatcopsapi.shriramlife.me https://securepg.paynimo.com https://www.paynimo.com https://api.shriramlife.com https://cdn.shriramlife.com https://www.shriramlife.com https://shriramlife.com https://kalam.shriramlife.com data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com paynimo.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://*.netcoresmartech.com https://connect.facebook.net https://app.yellowmessenger.com https://cdn.yellowmessenger.com https://www.paynimo.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://bat.bing.com https://*.clarity.ms https://cdpanalytics.novactech.in; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://www.paynimo.com 'unsafe-inline' ; font-src 'self' https://cdn.yellowmessenger.com https://cdn.shriramlife.com https://www.paynimo.com https://fonts.gstatic.com data:; worker-src 'self'; media-src 'self' https://cdn.yellowmessenger.com; connect-src 'self' https://*.googleapis.com https://*.netcoresmartech.com https://*.oribi.io https://*.google.com https://*.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com wss://app.yellowmessenger.com  https://uatcopsapi.shriramlife.me  https://api.shriramlife.com https://app.yellowmessenger.com https://kalam.shriramlife.com https://www.paynimo.com https://securepg.paynimo.com https://shriramlife.com https://www.shriramlife.com https://px.ads.linkedin.com https://*.clarity.ms data:; img-src 'self' https://i.ytimg.com https://*.googleapis.com https://*.linkedin.com https://*.facebook.com https://*.doubleclick.net https://cdn.yellowmessenger.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://maps.gstatic.com https://maps.googleapis.com https://www.paynimo.com https://www.shriramlife.com https://cdn.shriramlife.com https://shriamlife.com https://*.netcoresmartech.com https://bat.bing.com data: ; frame-ancestors 'self' https://www.googletagmanager.com; 2
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *; style-src 'self' 'unsafe-inline' * 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com 'unsafe-inline' data: *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.list-manage.com *.sjv.io *.stripe.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.google.com.vn *.hotjar.com jardindeville.com maisoncorbeil.com mustsociete.com *.o2web.ws *.pinterest.com *.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.bird.eu *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.bing.com *.flexiti.fi *.google.ca *.google.com *.googleadservices.com *.google-analytics.com *.google.com.au *.google.com.vn jardindeville.com *.klarna.com *.lightemporium.com maisoncorbeil.com *.maisoncorbeil.com *.maisonco.local mcusercontent.com *.mustsociete.com *.paypal.com *.pinterest.com *.placeholder.com *.o2web.ws *.twimg.com *.twitter.com *.usercentrics.eu *.vimeo.com *.jsdelivr.net *.ytimg.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.exponea.com https://sdk.privacy-center.org/ *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cloudfront.net *.bing.com *.doubleclick.net *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.hotjar.com *.sjv.io *.newrelic.com *.nr-data.net *.pinimg.com *.stripe.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.zdassets.com *.zopim.com *.noibu.com *.criteo.com *.jsdelivr.net *.impactcdn.com pay.google.com js.klevu.com *.ksearchnet.com *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.doubleclick.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com *.affirm.com *.affirm.ca *.exponea.com *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ssgtm.maisoncorbeil.com ssgtm.mustsociete.com ssgtm.jardindeville.com *.paypal.com *.pinterest.com *.twimg.com *.twitter.com *.zdassets.com *.zendesk.com wss://*.zopim.com wss://*.noibu.com *.noibu.com *.privacy-center.org *.sjv.io *.stripe.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src https://sdk.privacy-center.org/ *.zopim.com *.noibu.com *.sjv.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' fast.fonts.net kit.fontawesome.com ka-p.fontawesome.com gstatic.com fast.fonts.net fast.fast-fonts.net; script-src  'self' 'unsafe-inline' 'unsafe-eval' cdn.evgnet.com www.google-analytics.com analytics.google.com connect.facebook.net api.mapbox.com kit.fontawesome.com fonts.net tagmanager.google.com www.googletagmanager.com doubleclick.net ajax.googleapis.com maps.googleapis.com code.jquery.com munchkin.marketo.net code.jquery.com fast.fonts.net; style-src   'self' 'unsafe-inline' kit.fontawesome.com www.googleapis.com api.mapbox.com fast.fonts.net fast.fast-fonts.net; connect-src 'self' maps.googleapis.com https://maps.googleapis.com cdn.evgnet.com kit.fontawesome.com www.google-analytics.com 540-icv-234.mktoresp.com analytics.google.com events.mapbox.com api.mapbox.com stats.g.doubleclick.net ka-p.fontawesome.com fast.fonts.net fast.fonts.net; frame-src   'self' www.google.com www.youtube.com youtube.com vimeo.com www.vimeo.com player.vimeo.com; img-src     'self' www.google-analytics.com https: data: blob:; worker-src  blob:; object-src  'none' 2
frame-ancestors 'self' *.thelandoflegendsthemepark.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.browsealoud.com https://www.googletagmanager.com https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://player.vimeo.com https://*.googleapis.com https://*.google.com; object-src 'self' 2
frame-ancestors 'self' chat.compass.church 2
default-src 'self' https:  'unsafe-inline'; object-src 'none'; img-src 'self' https: data: blob:; style-src https: blob: 'unsafe-inline'; worker-src 'self' blob:; font-src 'self' https: data: blob:;  child-src 'self' https: data: blob:; frame-src 'self' https: data: blob:; script-src 'self'  'unsafe-inline'; frame-ancestors 'self'; form-action 'self' https:  'unsafe-inline'; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com s.ytimg.com cm.g.doubleclick.net soma.smaato.net us-u.openx.net bossgmarketingmedia.blob.core.windows.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com *.adobedtm.com *.demdex.net ocbcbosdev.112.2o7.net *.ocbc.demdex.net *.everesttech.net *.tt.omtrdc.net *.omtrdc.net *.bankofsingapore.com *.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com px4.ads.linkedin.com sjs.bizographics.com p.adsymptotic.com *.xerevo.com https://anchor.fm; img-src 'self' 'unsafe-inline' *.google.com *.googleapis.com bossgmarketingmedia.blob.core.windows.net *.google.com.sg *.google-analytics.com stats.g.doubleclick.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net *.sc.omtrdc.net *.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com dc.ads.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com p.adsymptotic.com *.xerevo.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com; child-src 'self' *.ocbc.com; frame-src 'self' *.ocbc.com productgroup.bankofsingapore.com *.youtube.com bossgmarketingmedia.blob.core.windows.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com ocbcbosdev.112.2o7.net ocbc.demdex.net *.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.demdex.net https://anchor.fm; media-src 'self' 'unsafe-inline' productgroup.bankofsingapore.com bossgmarketingmedia.blob.core.windows.net *.youtube.com cm.g.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com *.doubleclick.net *.google.com *.googleapis.com; connect-src 'self' 'unsafe-inline' *.google-analytics.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.amazonaws.com *.googletagmanager.com *.google.com *.googleapis.com snap.licdn.com cdn.linkedin.oribi.io gw.linkedin.oribi.io ocbc.sc.omtrdc.net stats.g.doubleclick.net stats.g.doubleclick.net; 2
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests 2
frame-ancestors 'self' https://my.sectorlink.com; 2
script-src: https://www.google-analytics.com 2
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' www.acuant.com cdnjs.cloudflare.com use.fontawesome.com use.typekit.net p.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com www.googletagmanager.com cdnjs.cloudflare.com www.acuant.com www.google.com fast.wistia.com fast.wistia.net cdn-ukwest.onetrust.com www.gstatic.com snap.licdn.com www.google-analytics.com scout-cdn.salesloft.com js.hsforms.net jsd-widget.atlassian.com ssl.google-analytics.com yoast.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net connect.facebook.net blob: js.hubspot.com go.idology.com; img-src 'self' 'unsafe-inline' * data: blob: ; font-src 'self' data: * ; connect-src 'self' px.ads.linkedin.com cdn-ukwest.onetrust.com geolocation.onetrust.com www.google-analytics.com scout.salesloft.com stats.g.doubleclick.net cdn.linkedin.oribi.io forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com api-private.atlassian.com jsd-widget.atlassian.com my.yoast.com api.hubapi.com forms.hubspot.com region1.google-analytics.com www.facebook.com cta-service-cms2.hubspot.com; frame-src 'self' *.idology.com www.youtube-nocookie.com idology.atlassian.net privacyportal-uk.onetrust.com www.google.com api-5a95881e.duosecurity.com forms.hsforms.com www.googletagmanager.com fast.wistia.com www.facebook.com; frame-ancestors 'self' *.idologylive.com 2
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self' app.contentful.com 2
frame-ancestors 'self' *.ally.com; 2
default-src *; style-src 'self' horde.max.md  admin.max.md www.max.md www.maxmddirect.com www.directmdemail.com registration.directmdemail.com www.gstatic.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com gitcdn.github.io blueimp.github.io fonts.googleapis.com 'unsafe-inline'; frame-src 'self' www.max.md www.linkedin.com www.google.com chart.googleapis.com assets-cdn.github.com www.youtube.com  ghbtns.com mdo.github.io; img-src 'self' maps.gstatic.com maps.googleapis.com i.ibb.co ibb.co sealserver.trustwave.com ssl.google-analytics.com www.paypalobjects.com www.paypal.com avatars3.githubusercontent.com avatars2.githubusercontent.com avatars1.githubusercontent.com avatars0.githubusercontent.com raw.github.com assets-cdn.github.com www.googleadservices.com wwwt.maxsignatures.com www.max.md www.mdemail.md registration.directmdemail.com data:; script-src 'self' siteseal.thawte.com apis.google.com maps.google.com assets-cdn.github.com oss.maxcdn.com www.googleadservices.com gist.github.com gitcdn.github.io maps.googleapis.com ssl.google-analytics.com sealserver.trustwave.com code.highcharts.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com kit.fontawesome.com code.jquery.com blueimp.github.io www.google.com www.gstatic.com  ajax.googleapis.com assets.adobedtm.com platform.linkedin.com www.linkedin.com 'unsafe-inline' 'unsafe-eval' 2
default-src psabdp.com 'self' *.google-analytics.com *.doubleclick.net * data:; style-src 'unsafe-inline' psabdp.com 'self' fonts.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' psabdp.com 'self' *.google-analytics.com *.doubleclick.net *.googletagmanager.com *; font-src psabdp.com 'self' fonts.gstatic.com data: *; frame-src 'self' *.youtube.com *.vimeo.com * 2
frame-ancestors 'self' https://fx.gl https://*.fx.gl https://id.fx.gl https://id-dev.fx.gl https://*.fxgam.es https://vk.com https://ok.ru https://vkplay.ru https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com https://ya.ru https://*.ya.ru https://galaxycontrol.app https://dragonlord.games https://*.ag.ru https://dev.ag.ru https://ag.ru https://www.kongregate.com https://m.vk.com https://*.facebook.com https://*.crazygames.com https://*.1001juegos.com 2
frame-ancestors 'self' https://*.hotjar.com 2
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline' blob: data:; img-src * 'unsafe-inline' blob: data:; frame-src * ; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors *; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:;font-src https: data:; style-src https: 'unsafe-inline' api.mapbox.com;img-src * data:; worker-src blob: 2
script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com unpkg.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com maps.googleapis.com connect.facebook.net fonts.gstatic.com www.google-analytics.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdn.ckeditor.com www.googletagmanager.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adform.net https://*.appboycdn.com https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.btncdn.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.iteratehq.com https://*.klarnacdn.net https://*.mention-me.com https://*.paypal.com https://*.paypalobjects.com https://*.pinimg.com https://*.pusher.com https://*.rmtag.com https://*.stripe.com https://*.tvsquared.com https://*.spoteffects.net https://*.twitter.com https://*.xg4ken.com https://*.zdassets.com https://*.zenaps.com https://*.zopim.com https://ad4m.at https://app.link https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.klarnaservices.com https://*.appsflyer.com https://*.inflcr.co https://*.clarity.ms https://*.keyivr.com https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://cdn.optimizely.com/ https://api.smooch.io; script-src-elem 'self' 'unsafe-inline' https://*.appboycdn.com https://*.bing.com https://*.branch.io https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.pinimg.com https://*.rmtag.com https://*.tvsquared.com https://*.spoteffects.net https://*.zdassets.com https://*.zenaps.com https://app.link https://*.stripe.com https://*.zopim.com https://ad4m.at https://*.pusher.com https://*.braintreegateway.com https://*.mention-me.com https://*.klarnacdn.net https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.appsflyer.com https://*.inflcr.co https://cdn.jsdeliver.net https://*.keyivr.com https://*.clarity.ms https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://*.google.com https://cdn.optimizely.com/ https://api.smooch.io; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://cdn.honey.io https://*.klarna.com https://*.appsflyer.com https://*.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://*.bing.com https://*.braintree-api.com https://*.braintreegateway.com https://*.branch.io https://*.braze.com https://*.bugsnag.com https://*.contentful.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.klarnaevt.com https://*.pinterest.com https://*.postcodeanywhere.co.uk https://*.pusher.com wss://*.pusher.com https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://bw-contact-uploads.s3-eu-west-1.amazonaws.com https://vimeo.com wss://*.pusherapp.com wss://*.zopim.com https://*.sciencebehindecommerce.com wss://*.hotjar.com https://*.heapanalytics.com https://heapanalytics.com https://*.mention-me.com https://bw-form-uploads.s3-eu-west-1.amazonaws.com https://*.cookiebot.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.klarna.com https://*.klarnauserservices.com https://*.appsflyer.com https://*.onelink.me https://capi.bloomandwild.com https://www.instagram.com https://*.google.com https://google.com  https://*.clarity.ms https://*.keyivr.com https://analytics.tiktok.com https://*.auryc.com https://cdn.optimizely.com/ https://logx.optimizely.com/ wss://api.smooch.io https://api.smooch.io; font-src 'self' data: https://*.fontawesome.com https://cdn.honey.io https://*.hotjar.com https://fonts.gstatic.com https://*.klarna.com https://*.appsflyer.com https://*.auryc.com; frame-src 'self' https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://bloomwild.typeform.com https://bloomandwild.typeform.com https://www.mainadv.com https://www.pinterest.de https://www.pinterest.dk https://www.pinterest.co.uk https://*.pinterest.com https://*.pinterest.fr https://*.pinterest.com.au https://*.pinterest.ie https://*.pinterest.at https://*.pinterest.ca https://*.pinterest.es https://*.pinterest.nz https://*.braintreegateway.com https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://*.klarna.com https://*.paypal.com https://*.stripe.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.zenaps.com https://ad4m.at https://ad4mat.net https://mention-me.com https://*.mention-me.com https://*.cookiebot.com https://*.appsflyer.com https://*.inflcr.co https://*.keyivr.com https://*.google.com; child-src 'self' blob: https://*.braintreegateway.com https://*.paypal.com https://*.klarna.com https://*.appsflyer.com; manifest-src 'self'; media-src 'self' https://*.zdassets.com https://*.klarna.com https://*.appsflyer.com; img-src 'self' data: https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.co.in https://*.google.co.nz https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.sg https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.lk https://*.google.nl https://*.google.ro https://*.google.ch https://*.google.pt https://*.google.fi https://*.google.co.za https://*.google.lt https://*.google.cz https://*.google.com.ph https://*.google.lv https://*.google.kz https://*.google.com.hk https://*.google.at https://*.google.be https://*.google.se https://*.google.no https://*.google.je https://*.google.com.qa https://*.google.pl https://*.google.gr https://*.google.com.sa https://*.google.ru https://*.google.hu https://*.google.com.pk https://*.google.com.np https://*.google.com.gh https://*.google.com.cy https://*.google.lu https://*.google.com.tr https://*.google.co.uk https://*.ad4mat.net https://*.adform.net https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.adserver01.de https://*.amazon-adsystem.com https://*.atdmt.com https://*.bidswitch.net https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.contentful.com https://*.creative-serving.com https://*.ctfassets.net https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.gstatic.com https://cdn.honey.io https://*.linksynergy.com https://*.mention-me.com https://*.paypal.com https://*.pinterest.com https://*.rubiconproject.com https://*.stripe.com https://*.taboola.com https://*.tvsquared.com https://*.spoteffects.net https://*.twiago.com https://*.twitter.com https://*.yieldlab.net https://*.zenaps.com https://ad4m.at https://as.ad4m.at https://heapanalytics.com https://id5-sync.com https://carrier-logos.s3-eu-west-1.amazonaws.com https://*.trustedshops.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.appsflyer.com https://*.inflcr.co https://impressions.onelink.me https://www.instagram.com https://*.bloomandwild.zendesk.com https://bloomandwild.zendesk.com https://*.keyivr.com https://*.clarity.ms https://prf.hn https://*.hotjar.com https://static.zdassets.com; report-uri https://api.bloomandwild.com/csp-violations; report-to {"max_age":86400,"endpoints":[{"url":"https://api.bloomandwild.com/csp-violations"}]} 2
script-src about: 'self' 'unsafe-inline' 'unsafe-eval' newarkmuseum.wpengine.com newarkmuseum.org snap.licdn.com *.google.com *.googleapis.com translate-pa.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.ensighten.com *.blackbaudhosting.com payments.blackbaud.com; style-src 'self' 'unsafe-inline' newarkmuseum.wpengine.com newarkmuseum.org *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.blackbaudhosting.com payments.blackbaud.com; object-src data: 'unsafe-eval' newarkmuseum.wpengine.com newarkmuseum.org; img-src data: 'self' newarkmuseum.wpengine.com newarkmuseum.org *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.blackbaudhosting.com *.ytimg.com px.ads.linkedin.com 2
frame-ancestors 'self' https://www.mscbook.com https://virtual-tours.msccruises.com; 2
frame-ancestors https://ekoop.tarimkredi.org.tr https://narline.bereket.com.tr/ https://rcnarline.bereket.com.tr/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.fnordserver.eu; style-src 'self' 'unsafe-inline'; img-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; connect-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; frame-ancestors 'none'; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 2
frame-ancestors 'self' https://trustseal.enamad.ir/; img-src 'self' data: *; default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: wss://*.tawk.to wss://*.hotjar.com; 2
font-src *.relaxzona.bg *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.twitter.com *.ita-bg.com *.stativi.bg *.ita-art.shop *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.tbibank.support tbibank.support maxcdn.bootstrapcdn.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.relaxzona.bg *.google.com *.doubleclick.net *.retargeting.biz *.retargeting.app *.facebook.com *.google-analytics.com googletagmanager.com *.googlesyndication.com *.ita-bg.com *.stativi.bg *.ita-art.shop *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.tbibank.support *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.relaxzona.bg tbibank.support *.cloudflare.com *.google-analytics.com *.paypal.com *.twitter.com *.contentsquare.net *.google.bg *.googletagmanager.com *.tbibank.support *.ita-bg.com *.stativi.bg *.ita-art.shop *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.retargeting.app *.b-cdn.net *.retargeting.biz *.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.klarna.com *.googleadservices.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.google.com/ *.google.bg *.facebook.com *.doubleclick.net *.google-analytics.com googletagmanager.com *.gstatic.com *.moatads.com *.trustpilot.com widgets.pinterest.com *.contentsquare.com *.contentsquare.net *.ita-bg.com *.retargeting.biz *.retargeting.app *.cloudflareinsights.com *.googlesyndication.com *.stativi.bg *.ita-art.shop *.relaxzona.bg *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.b-cdn.net *.tbibank.support *.googletagmanager.com *.facebook.net *.avada.io player.vimeo.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.twitter.com *.ita-bg.com *.googlesyndication.com *.stativi.bg *.ita-art.shop *.facebook.com *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.b-cdn.net *.tbibank.support tbibank.support *.relaxzona.bg maxcdn.bootstrapcdn.com unsafe-inline *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.relaxzona.bg *.cloudflare.com *.paypal.com *.twitter.com *.contentsquare.net *.doubleclick.net tbibank.support *.ita-bg.com *.retargeting.biz *.retargeting.app *.facebook.com *.google-analytics.com googletagmanager.com *.googlesyndication.com *.stativi.bg *.ita-art.shop *.itazone.com *.onlinecosmetic.eu *.apollo-lifestyle.com *.tbibank.support https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.twimg.com *.google.com *.youtube.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
upgrade-insecure-requests; frame-ancestors 'self' *.empro.com.br *.riopreto.sp.gov.br; 2
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; worker-src blob: 2
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data: ; 2
frame-ancestors 'self' https://www.youtube.com 2
font-src cdn.giosgusercontent.com fonts.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.maksuturva.fi *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi *.collector.se *.signicat.com *.collectorbank.se *.walley.se *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.giosgusercontent.com *.giosg.com www.facebook.com *.google.com *.doubleclick.net *.api.ditto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.instru.fi *.keops.fi *.nissen.fi *.consentmanager.net *.qa.ambientia.fi secure.adnxs.com c.delivery.consentmanager.net www.google.fi *.google.com www.facebook.com maps.googleapis.com *.gstatic.com www.maksuturva.fi www.googleoptimize.com *.googletagmanager.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com jquery.sellxed.com *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net static.hotjar.com script.hotjar.com bsdk.api.ditto.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com service.giosg.com embed.upseller.cloud googleads.g.doubleclick.net *.adform.net connect.facebook.net *.google.com www.googleoptimize.com *.googletagmanager.com https://api.unifaun.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net *.qa.ambientia.fi hello.myfonts.net service.giosg.com embed.upseller.cloud fonts.googleapis.com *.google.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.api.ditto.com maps.googleapis.com service.giosg.com vc.hotjar.io www.google.com *.analytics.google.com *.doubleclick.net www.facebook.com www.google.fi *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: mediastream: blob: *.dm.files.1drv.com pointerpro.com *.pointerpro.com www.facebook.com connect.facebook.net *.velosio.com unpkg.com *.linkedin.com *.licdn.com assets.calendly.com calendly.com google.com *.google.com google.ca *.google.ca  *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net  stats.g.doubleclick.net *.googleadservices.com youtube.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com *.typekit.net cdn.jsdelivr.net unpkg.com *.cloudflare.com *.clickdimensions.com  *.statcounter.com  secure.gravatar.com *.socialintents.com *.clarity.ms *.wp.com *.omappapi.com c35a98.velosio.com dynamics365.files.wordpress.com sandeepchaudhury.files.wordpress.com  sbsgroupusa.files.wordpress.com docs.microsoft.com app.powerbi.com *.azureedge.net muse.ai *.muse.ai *.akamaized.net cdn-uicons.flaticon.com ; report-to main-endpoint 2
default-src 'self' https://*.userlane.com; script-src 'self' https://*.azureedge.net https://*.dynamics.com https://www.googleanalytics.com https://optimize.google.com https://*.mailplus.nl https://connect.facebook.net https://*.clickdimensions.com https://www.gstatic.com https://www.google.com https://www.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://script.hotjar.com https://tag.static.eu.context.cloud.sap https://www.google-analytics.com https://*.hotjar.com 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://*.vo.msecnd.net https://*.userlane.com https://www.googleoptimize.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.clickdimensions.com https://*.vo.msecnd.net https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://*.userlane.com 'unsafe-inline'; connect-src 'self' https://*.westeurope.logic.azure.com https://*.azureedge.net https://*.dynamics.com https://o1121245.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://htp741805396-hamiplant.api.eu.context.cloud.sap/ https://htp741805397-hamiplant.api.eu.context.cloud.sap/ https://htp741805396.api.eu.context.cloud.sap/ https://htp741805397.api.eu.context.cloud.sap/ https://tag.static.eu.context.cloud.sap/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.userlane.com; img-src 'self' https://*.1ps.nl https://*.florinet.nl https://*.azureedge.net https://*.dynamics.com https://freshandeasy.nl https://image.floriday.io https://shop.florashopping.nl https://www.flowersplantsandmore.com https://AlfaPro-Online.com https://www.terhaarornamental.nl https://zentoo.florinet.nl https://mijoflowers.com https://pictures.flowerwebshop.net https://023.kbt-pro.nl https://images.easyflor.nl https://webshop3.florashopping.nl https://pictures.flowersales.nl https://vmp.starflor.nl https://img.greenmaster.nl https://webshop.welyflor.com https://webshop3.wbe.nl https://4att.uniware.nl https://services.sdf.nl https://groenenmeer.sdfcloud.nl https://webshop.gdekoning.nl https://webshop.rotoflowers.nl  https://img.img20.match-online.nl https://img20.match-online.nl https://winco.florisoftcloud.nl https://summit.florinet.nl https://webshop.freshcap.eu https://webshop.eijkpotplanten.nl https://www.tgca.nl https://webshop.hpvannieuwkerk.nl https://webshop.floraunited.nl https://*.hotjar.com https://floralwebshop.com https://img.floraplaza.nl https://optimize.google.com https://test-pictures.flowerwebshop.com https://www.google-analytics.com https://*.analytics.google.com https://webshop.mdk.nl https://website.pfitzer.nl https://www.duif.nl https://www.facebook.com https://webshop.fsq.nl/ https://webshop.demooij-import.com/ https://www.ccpictures.net/ https://res.cloudinary.com/ https://*.userlane.com http://83.98.232.238/ https://webshop.frescoflowers.nl/ http://zentoo.florinet.nl/ https://webshop.arendroses.nl/ https://webshop.decofresh.com/ http://summit.florinet.nl/ http://winco.florisoftcloud.nl/ https://www.paypalobjects.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://p7.1ps.nl/ https://hus.1ps.nl/ https://api.floriday.io/ http://images.duif.nl/ http://213.125.32.122:81/ https://image.freshportal.com/ http://85.17.33.195/ http://img.logicab.nl/ http://lw-fps-img-01.freshportal.nl/ http://img20.match-online.nl/ https://images.connectwebshop.nl/ https://*.ozplanten.nl https://shop.floraplaza.nl/ data: https://*.google-analytics.com http://webshop.hamifleurs.nl http://webshop.flowertrading.nl https://ssl.google-analytics.com https://www.googletagmanager.com https://floraxchange.blob.core.windows.net http://shop.flowertrading.nl http://accp.flowertrading.nl https://dutchplantshop.nl https://img20.match-online.nl http://www.gasagroup.com https://img.ozexport.nl https://images.connectwebshop.nl http://webshop.flowertrading.nl https://services.sdf.nl/ https://ozplanten.nl https://garden-line.nl https://plantsplaza.com https://alfapro-online.com https://*.freshportal.nl https://img.logicab.nl https://beeldbankfotos.royalfloraholland.com https://api.floriday.com https://images.duif.nl https://023.kbt-pro.nl https://img.greenmaster.nl https://cms.pt-creations.nl; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.userlane.com data:; frame-src 'self' https://optimize.google.com https://*.hotjar.com https://player.cloudinary.com https://login.microsoftonline.com https://login.windows.net https://forms.office.com https://e.issuu.com https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.vimeo.com/ https://*.youtube.com/ https://*.twitter.com https://*.facebook.com/ https://*.pinterest.com/ https://issuu.com/ https://*.google.com; frame-ancestors 'self' https://accstorefront.cuyu7qqhig-dutchflow1-p2-public.model-t.cc.commerce.ondemand.com/; 2
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' https://*; frame-ancestors https://*; 2
default-src 'self'; 	style-src 'self' *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.live2support.com/ *.bootstrapcdn.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ 'unsafe-inline'; 	script-src 'self' *.usercentrics.eu/ *.scene7.com/ https://live2support.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ blob: 'unsafe-inline' 'unsafe-eval'; 	img-src 'self' data: *.usercentrics.eu/ *.scene7.com/ *.digital4danone.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.live2support.com/ *.doubleclick.net/ *.google-analytics.com/ *.danone.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.facebook.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.youtube.com; 	frame-src 'self' *.tohklom.com/ *.live2support.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.cloudfront.net/; 	connect-src 'self' *.usercentrics.eu/ *.scene7.com/ *.digital4danone.com/ *.commander1.com/ *.trustcommander.net/ *.live2support.com/ *.addthis.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.sharethis.com/ *.doubleclick.net/; 	font-src 'self' data:  *.scene7.com/ *.adobeaemcloud.com/ *.live2support.com/ *.gstatic.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ https://vjs.zencdn.net/; 	media-src 'self'  *.scene7.com/ *.danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.digital4danone.com/ blob: 2
default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://connect.facebook.net https://www.tiktok.com https://*.2performant.com https://ajax.googleapis.com https://attr-2p.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.tiktok.com https://fonts.googleapis.com; font-src 'self' data: https:; connect-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' nonce cdn.mdmgames.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.mdmgames.com https://use.fontawesome.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com http://bat.bing.com http://js-tag.zemanta.com https://js-tag.zemanta.com https://www.clarity.ms https://c.clarity.ms https://connect.facebook.net https://www.facebook.com https://securegw.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.polyfill.io https://www.googletagmanager.com https://maps.googleapis.com https://apis.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google-analytics.com; object-src https://myreports.agilus.in https://newapi.srlworld.com https://api.agilusdiagnostics.com https://newcmsapi.srlworld.com https://cmsapi.agilusdiagnostics.com https://www.mysrl.in https://srlcare.srl.in:86; img-src 'self' blob: data: https://bat.bing.com https://p1.zemanta.com http://p1.zemanta.com https://c.clarity.ms http://c.clarity.ms https://c.bing.com  http://c.bing.com https://srlworld.com https://www.srlworld.com https://srlcare.srl.in:92 https://newapi.srlworld.com https://api.agilusdiagnostics.com https://newcmsapi.srlworld.com https://cmsapi.agilusdiagnostics.com https://srlworldstorage.blob.core.windows.net https://staticgw1.paytm.in https://staticgw2.paytm.in https://staticgw3.paytm.in https://staticgw4.paytm.in https://staticpg.paytm.in https://staticgw5.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com/ https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com googleads.g.doubleclick.net https://www.google.co.in https://srlclientsit.ochumanoid.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com; worker-src blob: https://srlworld.com  https://agilusdiagnostics.com  http://20.204.170.182 https://www.srlworld.com https://www.agilusdiagnostics.com/; 2
default-src 'self' https:;img-src blob: data: *;worker-src 'self' blob:;child-src 'self' blob:;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsuppchat.com https://*.smartsupp.com https://fonts.googleapis.com https://*.smartform.cz https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://*.ttwstatic.com/;font-src 'self' data: chrome-extensio: chrome-extension-resource: https://use.fontawesome.com https://*.gstatic.com https://webfonts.zohostatic.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsuppchat.com https://*.smartsupp.com https://cdnjs.cloudflare.com;object-src 'self' https://smartsupp-widget-161959.c.cdn77.org;script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.packeta.com https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://c.seznam.cz https://*.zbozi.cz https://*.im9.cz https://im9.cz https://*.facebook.net https://*.facebook.com https://*.analytics.google.com https://*.googlesyndication.com https://*.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.cz https://*.google.sk https://c.imedia.cz https://*.imedia.cz https://*.smartsupp.com https://*.smartsuppchat.com https://smartsupp-widget-161959.c.cdn77.org https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://fpnpmcdn.net https://*.smartform.cz https://beacon-v2.helpscout.net https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://fpjscdn.net/;script-src-elem 'self' 'unsafe-inline' https://*.packeta.com https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://c.seznam.cz https://*.zbozi.cz https://*.im9.cz https://im9.cz https://*.facebook.net https://*.facebook.com https://*.analytics.google.com https://*.googlesyndication.com https://*.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.cz https://*.google.sk https://c.imedia.cz https://*.imedia.cz https://*.smartsupp.com https://*.smartsuppchat.com https://smartsupp-widget-161959.c.cdn77.org https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://fpnpmcdn.net https://*.smartform.cz https://beacon-v2.helpscout.net https://cdn.jsdelivr.net https://*.twitter.com/ https://*.tiktok.com https://*.ttwstatic.com/ https://fpjscdn.net/;connect-src 'self' blob: https://*.google.com https://google.com https://*.google.cz https://*.packeta.com https://*.google.sk https://*.googleapis.com https://*.seznam.cz https://*.facebook.com https://*.facebook.net https://*.mmapiws.com https://*.doubleclick.net https://img.hk1.cz https://*.analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://smartsupp-widget-161959.c.cdn77.org https://*.smartsupp.com https://*.smartlook.cloud https://s12.smartsupp.com wss://*.smartsupp.com wss://ws.inspectlet.com https://*.inspectlet.com https://*.smartlook.com https://*.pingdom.net https://media.herni-kupony.cz https://api.sjpf.io/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://*.fptls4.com https://*.fpjs.io https://*.api.fpjs.io https://*.fpapi.io/ https://fp.herni-kupony.cz/ https://fp.herne-kupony.sk/ https://*.smartform.cz https://www.instagram.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net https://*.googlesyndication.com wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com;frame-src 'self' https://*.packeta.com https://*.zbozi.cz https://*.imedia.cz https://c.imedia.cz https://www.seznam.cz https://*.seznam.cz https://h.seznam.cz https://*.csob.cz https://*.monetplus.cz https://*.google.com https://*.google.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.net https://*.facebook.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartform.cz https://*.twitter.com/ https://twitter.com/ https://*.tiktok.com;form-action 'self' https://*.facebook.com https://*.facebook.net https://secure.payu.com https://www.platnosci.pl https://*.gpwebpay.com https://pay.platbamobilom.sk https://form.hk1.cz https://*.csob.cz https://server.smartsupp.com;report-uri https://egitcz.uriports.com/reports/enforce; report-to default 2
default-src https:  wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 2
img-src https: 2
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://grafana.litmind.com *.litmind.com cdn.jsdelivr.net cdnjs.cloudflare.com *.amazonaws.com garfield.tin.cat wss://*.hotjar.com *.hotjar.io *.hotjar.com *.googleapis.com *.gstatic.com *.vimeo.com *.youtube.com *.ytimg.com *.google.com stripe.com *.stripe.com *.facebook.net *.facebook.com https://cdn.ampproject.org https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' *.litmind.com *.googleapis.com *.gstatic.com *.vimeo.com *.youtube.com *.ytimg.com *.google.com stripe.com *.stripe.com *.facebook.net *.facebook.com cdn.jsdelivr.net cdnjs.cloudflare.com *.amazonaws.com wss://*.hotjar.com *.hotjar.io *.hotjar.com data: 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data: 2
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline' 2
frame-ancestors https://tabory.mojeup.sk 2
default-src https: data: blob: 'unsafe-inline' 2
upgrade-insecure-requests; default-src 'self'; connect-src *; font-src *; frame-ancestors *; frame-src *; media-src *; img-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://hukv3.hyperion.acsitefactory.com eu-central-1-decisionapi.lift.acquia.com bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com https://online.howdengroup.com https://podcasters.spotify.com https://open.spotify.com https://www.buzzsprout.com; connect-src 'self' eu-central-1-decisionapi.lift.acquia.com https://bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net http://hits-i.iubenda.com https://rs.fullstory.com https://respondent.survicate.com https://forms.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.co.uk *.google.com svc.webspellchecker.net consent.iubenda.com https://js.hs-banner.com https://forms.hubspot.com https://cdn.linkedin.oribi.io https://online.howdengroup.com https://forms.hscollectedforms.net https://edge.fullstory.com https://bat.bing.com https://podcasters.spotify.com https://open.spotify.com https://www.buzzsprout.com https://px.ads.linkedin.com https://j.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://hukv3.hyperion.acsitefactory.com fast.fonts.net https://fonts.gstatic.com svc.webspellchecker.net surveys-static.survicate.com https://online.howdengroup.com https://podcasters.spotify.com https://open.spotify.com https://www.buzzsprout.com; frame-src 'self' www.youtube.com player.vimeo.com www.google.com https://hukv3.hyperion.acsitefactory.com forms.hsforms.com https://cdn.iubenda.com http://cdn.iubenda.com https://optimize.google.com https://psrat.herokuapp.com https://www.buzzsprout.com http://psrat.herokuapp.com https://online.howdengroup.com https://13711133.fls.doubleclick.net/ https://td.doubleclick.net/ https://podcasters.spotify.com https://open.spotify.com https://app.powerbi.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://hukv3.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://www.googleoptimize.com https://snap.licdn.com player.vimeo.com www.youtube.com https://edge.fullstory.com/s/fs.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js https://survey.survicate.com https://www.buzzsprout.com https://online.howdengroup.com https://podcasters.spotify.com https://open.spotify.com cdn.jsdelivr.net https://assets.pinterest.com https://cdnjs.cloudflare.com https://polyfill.io https://secure.ewaypayments.com https://www.google.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://hukv3.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com player.vimeo.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://snap.licdn.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.iife.js https://edge.fullstory.com/s/fs.js https://rs.fullstory.com https://survey.survicate.com https://surveys-static.survicate.com www.youtube.com https://optimize.google.com https://www.googleoptimize.com http://cdnjs.cloudflare.com svc.webspellchecker.net https://www.buzzsprout.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js-na1.hs-scripts.com raw.githubusercontent.com psrat.herokuapp.com https://edge.fullstory.com https://online.howdengroup.com https://cs.iubenda.com https://bat.bing.com/bat.js https://bat.bing.com/p/action/187070795.js https://podcasters.spotify.com https://open.spotify.com https://www.clarity.ms cdn.jsdelivr.net https://assets.pinterest.com https://cdnjs.cloudflare.com https://polyfill.io https://secure.ewaypayments.com https://www.google.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://hukv3.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://hukv3.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css https://optimize.google.com svc.webspellchecker.net surveys-static.survicate.com https://cdnjs.cloudflare.com; base-uri 'self' https://hukv3.hyperion.acsitefactory.com; frame-ancestors 'self' https://online.howdengroup.com https://podcasters.spotify.com https://open.spotify.com https://www.buzzsprout.com 2
frame-ancestors 'self' http://localhost:4200 http://localhost:4400 *.vercel.app *.lcieducation.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com https://www.googleadservices.com https://www.google.com *.googleapis.com *.google.com *.google.com.sg *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.bing.com *.virtualearth.net *.youtube.com *.vimeo.com *.tofriso.com *.cookieLaw.org *.facebook.net *.facebook.com *.googleadservices.com *.doubleclick.net *.newrelic.com *.r42tag.com *.yimg.com *.turn.com *.hotjar.com *.monitor.azure.com *.acquia.com https://frieslandcampina.tfaforms.net *.nr-data.net https://cscoreproweustor.blob.core.windows.net *.kampyle.com *.frieslandcampinaconsumentenservice.com *.shopifycdn.com *.bazaarvoice.com *.iesnare.com *.channelsight.com *.live.com *.onetrust.com *.gameloft.com *.gstatic.com *.cookiepro.com *.zalo.me *.zdn.vn *.jsdelivr.net *.stamped.io secure.quantserve.com *.adsrvr.org analytics.tiktok.com; frame-src 'self' *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.facebook.net *.facebook.com *.frieslandcampinaconsumentenservice.com *.hotjar.com *.kampyle.com *.bazaarvoice.com *.iesnare.com *.googlesyndication.com *.googletagmanager.com *.acquia.com *.monitor.azure.com *.zalo.me *.zdn.vn *.adsrvr.org; frame-ancestors 'self' test-web-app-friso.fractal.vn uloyalty.friso.com.vn loyalty.friso.com.vn; child-src 'self' *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.facebook.net *.facebook.com *.frieslandcampinaconsumentenservice.com *.hotjar.com *.kampyle.com *.bazaarvoice.com *.iesnare.com *.googlesyndication.com *.googletagmanager.com *.acquia.com *.monitor.azure.com *.zalo.me *.zdn.vn *.adsrvr.org; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' data: https://sn2.org *; connect-src 'self' https://sn2.org *; base-uri 'self' *; form-action 'self' *; img-src 'self' data: https://sn2.org *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sn2.org *; style-src 'self' 'unsafe-inline' https://sn2.org *; 2
default-src 'self' https: data:  'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://go.id-systems.com https://go.powerfleet.com https://pi.pardot.com  https://snap.licdn.com https://www.googletagmanager.com/ https://dc.ads.linkedin.com https://i0.wp.com https://i1.wp.com https://c0.wp.com https://stats.wp.com https://www.google.com; 2
script-src 'unsafe-inline' 'unsafe-eval' https: 2
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://178.32.155.95 http://62.210.201.98 http://195.154.189.204 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js translate.google.com https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://unpkg.com/ https://z.moatads.com https://*.mouseflow.com https://*.vimeo.com https://*.doubleclick.net https://*.brazenconnect.com https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://*.govdelivery.com https://*.tvsquared.com https://api.mapbox.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net https://unpkg.com *.typekit.net https://*.brazenconnect.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net *.eloqua.com track.hubspot.com *.fastly.net https://unpkg.com https://news.trimet.org *.mouseflow.com https://*.vimeocdn.com https://*.google-analytics.com https://analytics.google.com https://*.tvsquared.com https://api.mapbox.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.mouseflow.com; frame-src https://*.mouseflow.com https://player.vimeo.com/ https://www.google.com/ https://*.youtube.com https://www.facebook.com https://*.brazenconnect.com https://*.doubleclick.net https://www.adzuna.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com translate.google.com *.googleapis.com *.amazonaws.com *.ibi-transit.com *.commtrans.org commtrans-gtfs.azurewebsites.net commtrans-gtfs-qa.azurewebsites.net *.search.hereapi.com *.mouseflow.com commtrans-data.azurewebsites.net commtrans-data-qa.azurewebsites.net https://*.doubleclick.net https://*.brazenconnect.com https://*.google-analytics.com https://analytics.google.com https://api.mapbox.com https://*.cartocdn.com https://api.maptiler.com https://www.facebook.com/tr/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.mouseflow.com https://www.google.com blob: 'self' web-chat.nativechat.com 2
object-src 'none'; frame-ancestors 'self' https://*.flashgamesplayer.com/ https://*.juegosipo.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.googleapis.com ; 2
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://*.viasante.fr https://matomojs.trackify.info https://*.app.smart-tribune.com  https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com  https://www.gstatic.com https://*.facebook.com https://*.facebook.net https://polyfill.io https://www.youtube.com https://bat.bing.com  https://*.g.doubleclick.net; connect-src 'self' https://*.viasante.fr https://api.mapbox.com https://api-gateway.app.smart-tribune.com https://*.google-analytics.com https://www.googletagmanager.com https://*.g.doubleclick.net https://www.facebook.com https://polyfill.io https://11683785.fls.doubleclick.net https://bat.bing.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://viasante.fr https://*.viasante.fr https://www.google.com https://www.youtube.com https://*.calameo.com https://*.acast.com; img-src 'self' data: http://pbs.twimg.com https://api.mapbox.com https://*.app.smart-tribune.com https://bat.bing.com https://bo.viasante.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://tiles.stadiamaps.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://www.jevisbienetre.fr; object-src 'none'; 2
frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.myscience.at *.myscience.ca *.myscience.es *.myscience.fr *.myscience.de *.myscience.co.nl *.myscience.uk *.myscience.org *.bing.com *.bingj.com *.clarity.ms *.doubleclick.net *.dailymotion.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.switch.ch *.youtube.com *.ytimg.com  *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-src 'self' *.dailymotion.com *.paypal.com *.switch.ch *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' *.paypal.com *.paypalobjects.com; base-uri 'self'; object-src 'none' ; 2
default-src 'none'; prefetch-src *; connect-src http://pagead2.googlesyndication.com *.yandex.ru  https://csi.gstatic.com  https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com yandex.ru https://ymetrica1.com *.google.com 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://player.vimeo.com https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://ad.mail.ru https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.hk https://adservice.google.com.lb https://adservice.google.com.mx https://adservice.google.com.ng https://adservice.google.com.pa https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.tm https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; report-uri /csp-report.php 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://api-maps.yandex.ru yastatic.net 2
default-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self';style-src 'unsafe-inline' * data:;form-action 'self' *.twitter.com va.tawk.to https://cp.payguru.com https://www.testgpay.com https://www.gpay.com.tr https://gpay.com.tr https://demo.gpay.com.tr https://www.paytr.com https://www.playanka.com https://test.papara.com https://www.papara.com https://papara.com https://payment.paybrothers.com https://stg.paybrothers.com https://api.paym.es https://checkout.test.pay.g2a.com https://checkout.pay.g2a.com;frame-ancestors 'self' http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to https://chat.utechsoft.com.tr;worker-src 'self' blob: 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.googleadservices.com siteimproveanalytics.com *.doubleclick.net *.adnxs.com *.facebook.com *.amp.travel;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com *.amp.travel;img-src 'self' data: localhost:* localtest.com:* *.jquery.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.crowdriff.com *.cloudfront.net *.doubleclick.net *.arrivalist.com *.google.com *.sa-as.com *.adnxs.com *.siteimproveanalytics.io *.linkedin.com *.facebook.com *.adsymptotic.com *.ytimg.com *.google.ca *.googletagmanager.com amptravel.imgix.net *.googleapis.com storage.googleapis.com;media-src *.spindustry.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com *.googleapis.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.google-analytics.com *.facebook.com *.linkedin.oribi.io *.licdn.com analytics.google.com *.amp.travel *.googlesyndication.com *.linkedin.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com *.facebook.net *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 2
frame-ancestors 'self' *.purevoltage.com 2
frame-ancestors https://backis.evoca.am:8521; 2
default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
frame-ancestors 'self' *.bcicentral.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ylt.nl data: 'self' *.ylt.nl *.googlesyndication.com *.cloudflare.com *.bootstrapcdn.com *.instagram.com *.googletagservices.com *.doubleclick.net *.pushbird.com *.onetrust.com *.cookielaw.org *.gstatic.com *.google.be *.google.nl *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.indeed.com *.facebook.net *.facebook.com *.twitter.com *.typekit.net *.fontawesome.io *.github.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.ubembed.com;img-src * data: ;frame-ancestors 'self' *.ylt.nl 2
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 2
font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com; media-src 'self'; style-src 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com googletagmanager.com cdnjs.cloudflare.com fonts.googleapis.com 'unsafe-inline' 'self' *.ckeditor.com *.countryflags.io fonts.gstatic.com; default-src 'self'  'unsafe-inline' 'self' 'unsafe-eval' stats.g.doubleclick.net albaraka.com.sy telegram.org cdn.rawgit.com unpkg.com cdn.jsdelivr.net epaytest.albaraka.com.sy *.albaraka.com.sy *.googletagmanager.com *.youtube.com *.countryflags.io *.openlayers.org api.mapbox.com  openlayers.org *.openstreetmap.org *.flexsolutions.biz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.youtube.com https://ajax.googleapis.com  https://ssl.google-analytics.com https://www.googletagmanager.com/gtag/js?id=G-683CLL81Q1; 2
default-src 'self' ;child-src 'self';connect-src 'self' cdn.cookielaw.org privacyportal-eu.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://delapreprod.slgnt.eu https://*.google.<TLD>;font-src 'self' https://fonts.gstatic.com data:;frame-src 'self' https://delapreprod.slgnt.eu;img-src 'self' data: blob: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://delapreprod.slgnt.eu https://*.google.<TLD>;media-src 'self';object-src 'self' https://delapreprod.slgnt.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://delapreprod.slgnt.eu;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://delapreprod.slgnt.eu 2
frame-ancestors 'self' https://*.boditrax.com/; 2
default-src 'self' assets.adobedtm.com *.google.com *.gstatic.com *.googleapis.com *.iovation.com *.typekit.net cdn.cookielaw.org *.onetrust.com *.krxd.net *.demdex.net *.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net mpsnare.iesnare.com philipmorrisintmanagementsa.d3.sc.omtrdc.net data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 2
default-src https:; connect-src https: wss:; script-src cookies.praguebest.cz 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' cdn.foxentry.cz fonts.googleapis.com *.google.com media.flixcar.com d10lpsik1i8c69.cloudfront.net onesignal.com cookies.praguebest.cz 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src https: data: 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://www.onlinebanktours.com/ https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://*.go-mpulse.net https://bat.bing.com https://www.clarity.ms https://cdn.lr-ingest.com https://cdn.evgnet.com https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://snap.licdn.com https://s.pinimg.com https://www.google-analytics.com https://i.loopme.me https://action.dstillery.com http://action.dstillery.com https://action.media6degrees.com https://match.adsrvr.org 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net https://www.onlinebanktours.com/ https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://cdn.oectours.com/ https://www.onlinebanktours.com/ https://*.google-analytics.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://9135826.fls.doubleclick.net https://ade.googlesyndication.com https://www.google.com https://*.akstat.io https://bat.bing.com https://c.clarity.ms https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://c.bing.com https://px.ads.linkedin.com https://ct.pinterest.com https://px4.ads.linkedin.com https://insight.adsrvr.org https://kcc0.com https://tk0x1.com https://match.adsrvr.org/ https://*.adsrvr.org 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onlinebanktours.com/ https://9135826.fls.doubleclick.net/ https://bid.g.doubleclick.net/ https://*.adsrvr.org/ https://9113559.fls.doubleclick.net/ https://6589934.fls.doubleclick.net/ https://s.amazon-adsystem.com/ http://s.amazon-adsystem.com/ https://ct.pinterest.com/ https://td.doubleclick.net/ https://insight.adsrvr.org https://match.adsrvr.org; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com https://www.onlinebanktours.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.akstat.io https://*.go-mpulse.net https://*.clarity.ms https://r.lr-ingest.com https://cdn.evergage.com https://farmcreditmidamerica.us-7.evergage.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.akamaihd.net https://analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://ct.pinterest.com https://gdpr.loopme.com https://bat.bing.com https://*.adsrvr.org 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' data: blob: 2
frame-ancestors 'self' https://*.krakensports.ca https://krakensports.ca; 2
frame-ancestors 'self' https://platform.fynd.com 2
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; worker-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 2
default-src * 'unsafe-inline' 'unsafe-eval'   ; style-src * 'unsafe-inline'; script-src  * 'self' 'unsafe-inline' 'unsafe-eval'  2
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 2
script-src 'self' https://js.brickowl.com/ https://platform.twitter.com/ https://www.googletagmanager.com/ https://js.stripe.com/v3/ https://forum.brickowl.com/plugins/embedvanilla/remote.js https://maps.googleapis.com https://widget.packeta.com/ https://www.paypalobjects.com/ https://www.paypal.com/  https://connect.facebook.net/en_US/fbevents.js;style-src 'self' https://css.brickowl.com/ https://js.brickowl.com/ 'unsafe-inline'; 2
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ;frame-ancestors 'self' 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' cdn.kustomerapp.com ;                      script-src                'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net:*                https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:               https://connect.facebook.net/en_US/fbevents.js                https://script.hotjar.com:*                https://static.hotjar.com/c/hotjar-1954484.js                https://www.googletagmanager.com/gtag/js                https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js                https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/jquery.inputmask.bundle.js                https://wchat.freshchat.com/js/widget.js                https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://code.jquery.com/ui/1.11.0/jquery-ui.js                https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/inputmask/phone-codes/phone.js                *.google.com *.gstatic.com                https://code.jquery.com/jquery-1.8.3.js                https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/jquery-ui.min.js                https://www.google-analytics.com/analytics.js                *.googletagmanager.com cdn.kustomerapp.com ;                   style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fonts.googleapis.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://rawgit.com https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css cdn.kustomerapp.com https://*.gstatic.com:*;               object-src 'self' cdn.kustomerapp.com ;                   base-uri 'self' cdn.kustomerapp.com ;                   connect-src * 'self' data:  cdn.kustomerapp.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;                   font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com cdn.kustomerapp.com ;                   frame-src * 'self' https://vars.hotjar.com https://maps.google.com/ https://app.powerbi.com/ https://www.youtube.com/ cdn.kustomerapp.com *.google.com;                   img-src 'self' cdn.kustomerhostedcontent.com https://connect.facebook.net:* https://script.hotjar.com:* data: cdn.kustomerapp.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:;                   manifest-src 'self' cdn.kustomerapp.com ;                  media-src * 'self' 2
default-src 'self' *.haitex.it 127.0.0.1 'unsafe-inline' 'unsafe-eval' cdn.datatables.net cdnjs.cloudflare.com *.scalapay.com *.zopim.com *.zdassets.com *.trustedshops.com malsup.github.io *.tiktok.com *.popupsmart.com sibautomation.com *.facebook.com *.facebook.net *.gstatic.com *.google.com *.google.ch *.google.hu *.google.es *.google.it *.google.ad *.google.de *.google.no *.google.sk *.google.tn *.google.fr translate-pa.googleapis.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.sendinblue.com *.worldztool.com *.oct8ne.com oct8necdneu.azureedge.net *.etrusted.com www.paypal.com *.paypalobjects.com payments-eu.amazon.com *.payments-amazon.com *.trovaprezzi.it *.nr-data.net *.newrelic.com data: ; img-src * data: ; frame-src *.youtube.com player.flipsnack.com sibautomation.com *.facebook.com *.google.com *.oct8ne.com www.worldztool.com *.braintreegateway.com *.paypal.com *.worldztool.com bid.g.doubleclick.net cdn.flipsnack.com *.media-amazon.com *.googlesyndication.com data: ; object-src 'none' ; connect-src *;  media-src *; report-uri /csp_collector.php ; report-to /csp_collector.php ; 2
default-src *.google-analytics.com *.snapengage.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com; font-src  'self' data: *.linkedin.com *.oribi.io *.clarity.ms cdn.builder.io cdnjs.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com sandbox.paypal.com *.snapengage.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com; img-src 'self' data: *.googleapis.com  *.gravatar.com *.google.de *.facebook.com *.google.com *.google-analytics.com *.snapengage.com *.vimeocdn.com fonts.gstatic.com  www.designenlassen.de www.designonclick.com www.designonclick.nl www.designonclick.fr www.designenlassen.at www.designen-lassen.ch www.designonclick.be www.testdl.de *.amazonaws.com *.licdn.com *.bing.com *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com *.superclix.de *.googleadservices.com *.doubleclick.net cdn.builder.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.etracker.de *.etracker.com *.licdn.com *.bing.com  *.linkedin.com *.oribi.io *.clarity.ms *.googletagmanager.com *.google.com *.gstatic.com *.paypalobjects.com *.paypal.com *.adroll.com *.ampproject.org *.jquerytools.org *.google-analytics.com *.snapengage.com *.facebook.net *.mouseflow.com *.doubleclick.net *.googleadservices.com cdn.builder.io; frame-src 'self' *.doubleclick.net *.paypal.com *.facebook.com *.google.com *.vimeo.com *.trustpilot.com/ *.builder.io; report-uri https://designenlassen.report-uri.com/r/d/csp/enforce; connect-src 'self' *.linkedin.com *.oribi.io *.clarity.ms *.doubleclick.net *.mouseflow.com *.snapengage.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com cdn.builder.io; 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.klarnacdn.net *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.azureedge.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.klarna.com *.google.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com corporate.drvranjes.com *.criteo.com *.hotjar.com *.facebook.com *.criteo.net *.cookiebot.com https://www.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.emjcd.com *.dotomi.com service.force.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com drvranjes.com drvranjes.it drvranjes.fr drvranjes.es drvranjes.co.uk drvranjes.de drvranjes.us drvranjes.ch *.drvranjes.com *.drvranjes.it *.drvranjes.fr *.drvranjes.es *.drvranjes.co.uk *.drvranjes.de *.drvranjes.us *.drvranjes.ch *.360yield.com *.yieldlab.net *.adform.net *.doubleclick.net *.media.net *.tremorhub.com *.teads.tv *.emxdgt.com *.3lift.com *.mediavine.com *.criteo.com *.adnxs.com id5-sync.com *.sharethrough.com *.ivitrack.com *.azureedge.net *.rubiconproject.com *.casalemedia.com *.smartadserver.com *.pubmatic.com *.yieldmo.com *.taboola.com *.outbrain.com *.yahoo.com *.omnitagjs.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.bidswitch.net *.ytimg.com *.krxd.net *.thebrighttag.com *.google.it *.paypalobjects.com https://www.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.emjcd.com *.dotomi.com *.magmodules.eu data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com *.outbrain.com *.clerk.io *.iubenda.com *.facebook.net *.dotomi.com *.hotjar.com *.criteo.com *.criteo.net *.google-analytics.com *.google.it *.googleadservices.com *.googletagmanager.com *.nr-data.net *.newrelic.com *.homelook.it *.paypalobjects.com *.braintreegateway.com maps.googleapis.com *.cookiebot.com https://www.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.emjcd.com mn.drvranjes.com *.salesforce.com *.salesforce-sites.com *.salesforceliveagent.com *.force.com cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com *.klarnacdn.net *.trustpilot.com *.salesforce.com *.salesforce-sites.com *.force.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.stripe.com klarna.com *.iubenda.com *.hotjar.com *.hotjar.io *.google.it *.google-analytics.com google-analytics.com *.nr-data.net *.trustpilot.com *.doubleclick.net *.braintreegateway.com *.braintree.com *.paypalobjects.com *.facebook.com wss://*.hotjar.com wss://*.hotjar.io *.cookiebot.com *.azurewebsites.net *.emjcd.com *.dotomi.com maps.googleapis.com *.salesforce-sites.com mn.drvranjes.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost data:; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com mldp.mercadopago.com www.mercadolibre.com td.doubleclick.net; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.mercadolivre.com www.mercadopago.com.ar *.google.com www.google.com.ar storage.googleapis.com www.google.com.mx www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost content.ib2c.com.ar player.vimeo.com pos.baidu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com geolocation.onetrust.com *.google-analytics.com web-sdk.aptrinsic.com esp-m.aptrinsic.com *.fontawesome.com static.hotjar.com script.hotjar.com *.behamics.com www.facebook.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com footer.mars.com web-sdk.aptrinsic.com esp-m.aptrinsic.com assets.adobedtm.com *.behamics.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; object-src esp-m.aptrinsic.com bam.nr-data.net js-agent.newrelic.com dpm.demdex.net assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.comapi.com bam.nr-data.net *.mercadopago.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com rcdfcdn.mars.com geolocation.onetrust.com dev.gtm.southwatts.com secure.mlstatic.com maps.googleapis.com www.mercadolivre.com www.mercadopago.com.ar *.google.com stats.g.doubleclick.net www.google.com.ar accounts.google.com web-sdk.aptrinsic.com esp-m.aptrinsic.com js-agent.newrelic.com assets.adobedtm.com pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src 'self' https://*.ggpht.com https://escorts.demdex.net https://*.yellow.ai https://*.yellowmessenger.com https://www.youtube.com  https://accounts.google.com/ https://content-people.googleapis.com/ https://content.googleapis.com/ https://www.google.com/ escorts.scene7.com https://smetrics.farmtracagri.com https://smetrics.powertracagri.com https://cdn.yellowmessenger.com sc-events-sdk.sharechat.com; img-src 'self' https://www.google-analytics.com https://*.ggpht.com https://*.demdex.net https://*.everesttech.net https://*.yellow.ai https://*.yellowmessenger.com *.2o7.net *.omtrdc.net https://s7ap1.scene7.com https://i.ytimg.com https://lh3.googleusercontent.com https://dev.day.com  https://maps.gstatic.com https://*.googleapis.com escorts.scene7.com data: https://smetrics.farmtracagri.com https://smetrics.powertracagri.com https://cdn.yellowmessenger.com sc-events-sdk.sharechat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.ggpht.com https://*.yellow.ai https://*.yellowmessenger.com https://*.2o7.net https://*.omtrdc.net *.farmtracagri.com.seg.js *.powertracagri.com.seg.js https://s7ap1.scene7.com https://assets.adobedtm.com https://www.youtube.com https://cdn.plyr.io https://unpkg.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://apis.google.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://maps.googleapis.com escorts.scene7.com https://smetrics.farmtracagri.com https://smetrics.powertracagri.com https://cdn.yellowmessenger.com sc-events-sdk.sharechat.com; style-src 'self' 'unsafe-inline' https://*.ggpht.com https://s7ap1.scene7.com https://cdn.plyr.io https://unpkg.com https://pro.fontawesome.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com escorts.scene7.com https://smetrics.farmtracagri.com https://smetrics.powertracagri.com https://cdn.yellowmessenger.com sc-events-sdk.sharechat.com 2
img-src * data:; font-src * data:; connect-src *; form-action *; frame-ancestors 'self' http://*.antstudio.cz http://*.antstudio.eu https://*.antstudio.cz https://*.antstudio.eu; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self'; base-uri 'none'; frame-ancestors 'none'; frame-src 'none'; object-src 'none'; media-src 'none'; child-src 'none'; form-action 'self'; worker-src 'none'; manifest-src 'none'; 2
img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval' https://skroutza.skroutz.gr; style-src https: 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' zhecgyj5b2o377ebbkvpe2zodk.speed-cdn.com swmo7mkzlg3nher6s82n5i2zi2.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 2
frame-ancestors 'self' *.lojavirtuolpro.com *.lvp.intranet *.minhalojanouol.com.br 2
frame-ancestors 'self'; form-action 'self' 2
report-uri /csp_report_parser 2
worker-src blob:; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2
frame-ancestors 'self';block-all-mixed-content;default-src 'self';base-uri 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://*.googletagmanager.com  https://ajax.googleapis.com code.jquery.com https://cdn.datatables.net https://cdn.iubenda.com https://d3e54v103j8qbb.cloudfront.net https://google-analytics.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://synlab.milklab.it https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.youtube.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.iubenda.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/ translate.google.com https://translate.googleapis.com;style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com ajax.googleapis.com cdn.iubenda.com cdn.datatables.net fonts.googleapis.com unpkg.com https://fonts.googleapis.com code.jquery.com https://cdn.jsdelivr.net/npm/ https://translate.googleapis.com;object-src 'none';frame-src 'self' *.youtube.com www.youtube-nocookie.com *.google.com;frame-ancestors 'self';child-src 'self' www.youtube.com;img-src 'self' data: blob: *.google-analytics.com *.google.com *.ytimg.com *.youtube.com ajax.googleapis.com fonts.gstatic.com unpkg.com translate.google.com https://www.google.com https://translate.googleapis.com https://www.gstatic.com;font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/ unpkg.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://*.google-analytics.com https://*.googletagmanager.com;connect-src 'self' https://*.googleapis.com *.google.com *.iubenda.com ajax.googleapis.com fonts.gstatic.com fonts.googleapis.com stats.g.doubleclick.net www.google-analytics.com https://*.gstatic.com data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.googleapis.com;manifest-src 'self';form-action 'self';media-src 'self';worker-src 'self' blob:; 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.twitter.com *.googleapis.com *.reginox.nl sibautomation.com *.hotjar.com *.squeezely.tech *.youtu.be youtu.be *.youtu.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.alothemes.com *.magepow.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.reginox.nl *.bing.com *.google.com *.google.nl *.squeezely.tech *.facebook.com *.zdassets.com *.adscience.nl *.optinadserving.com *.googletagmanager.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google.ie *.wiqhit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com jquery.sellxed.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.chimpstatic.com chimpstatic.com *.hotjar.com *.bing.com sibautomation.com *.opmnstr.com *.feedbackcompany.com *.doubleclick.net squeezely.tech *.facebook.net *.zdassets.com *.adscience.nl *.optinadserving.com *.zopim.com *.googletagmanager.com *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.omappapi.com *.bootstrapcdn.com *.squeezely.tech *.googletagmanager.com *.houseofadsperiment.nl *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.wiqhit.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.wiqhit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.omappapi.com *.doubleclick.net *.feedbackcompany.com *.sendinblue.com *.hotjar.com wss://*.hotjar.com *.squeezely.tech *.bootstrapcdn.com *.facebook.net *.zdassets.com *.zendesk.com *.adscience.nl *.zopim.com wss://*.zopim.com *.googleapis.com *.googletagmanager.com squeezely.tech *.youtu.be youtu.be *.youtu.com *.youtube.com *.vuurwerkmania.nl *.rubro.nl *.vuurwerkdiscount.nl *.google-analytics.com *.wiqhit.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-itops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-bau-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-devops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-dev-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com; 2
frame-ancestors 'self' https://*.mawebcenters.com 2
frame-ancestors 'self' *.lookbookhq.com *.pathfactory.com *.bizzdesign.com http://bizzDesign.lookbookhq.com https://bizzDesign.lookbookhq.com http://bizzDesign.pathfactory.com https://bizzDesign.pathfactory.com http://resources.bizzDesign.com https://resources.bizzDesign.com bizzdesign-academy.com *.bizzdesign-academy.com; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; connect-src * data: blob: 'unsafe-inline' 'report-sample'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' assurance.com *.assurance.com assurance.dev *.assurance.dev ; worker-src 'self' data: blob: cdn.trustedform.com; object-src 'self' ftp-assurance.s3.amazonaws.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io?v=10; 2
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src https:; 2
report-uri *; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; frame-ancestors *; object-src *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; worker-src *; manifest-src *; upgrade-insecure-requests 2
Content-Security-Policy: frame-ancestors 'self'; 2
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' data: https: 2
default-src 'self';connect-src 'self' https://api.hubapi.com https://surveystats.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://vc.hotjar.io https://junipercare.okta.com https://myirt.org.au https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://ausmed-cdn.s3.ap-southeast-2.amazonaws.com https://embed-cloudfront.wistia.com http://pipedream.wistia.com https://distillery.wistia.com https://fast.wistia.com https://pipedream.wistia.com https://fast.wistia.net https://www.facebook.com wss://cvsmaxmxeb.execute-api.ap-southeast-2.amazonaws.com https://ausmed-preview-video.s3.ap-southeast-2.amazonaws.com https://6ys8plbhzf.execute-api.ap-southeast-2.amazonaws.com/ https://vzztnoholj.execute-api.ap-southeast-2.amazonaws.com/ wss://ausmed.zendesk.com https://metrics.hotjar.io https://hooks.zapier.com/ https://www.ausmed.com https://api.hubspot.com/ http://api.amplitude.com https://cdn.linkedin.oribi.io wss://widget-mediator.zopim.com https://analytics.google.com https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://stats.g.doubleclick.net https://ausmed.zendesk.com https://ekr.zdassets.com https://video.ausmed.com https://video.ausmed.com.au https://video.ausmed.co.uk https://video.ausmed.co.nz https://ausmed.com https://ausmed.com.au https://ausmed.co.uk https://ausmed.co.nz https://api.ausmed.com https://api.ausmed.com.au https://api.ausmed.co.uk https://api.ausmed.co.nz https://api-read.ausmed.com https://api-read.ausmed.com.au https://api-read.ausmed.co.uk https://api-read.ausmed.co.nz https://analytics.tiktok.com https://ausmed-images.s3.ap-southeast-2.amazonaws.com https://static.hotjar.com https://connect.facebook.net/ https://snap.licdn.com/ https://ausmed-images.s3.amazonaws.com https://www.googletagmanager.com https://d3qxef4rp70elm.cloudfront.net https://cdn.amplitude.com https://js.hs-analytics.net https://fonts.googleapis.com https://static.zdassets.com https://www.google.com.au https://www.googleadservices.com https://js-na1.hs-scripts.com https://www.google.com https://googleads.g.doubleclick.net https://js.hs-banner.com https://js.usemessages.com https://js.hsforms.net/ https://*.linkedin.com https://fonts.gstatic.com https://cdn-images.ausmed.com.au https://content.jwplatform.com https://s3.ap-southeast-2.amazonaws.com https://api.getvero.com https://knowledge.organisations.ausmed.com.au https://i.ytimg.com https://ssl.p.jwpcdn.com https://media.stg.healthdirect.org.au https://www.gstatic.com https://prd.jwpltx.com https://scontent.xx.fbcdn.net https://www.youtube.com https://cdn.jsdelivr.net https://ausmed-cdn.s3-ap-southeast-2.amazonaws.com https://ausmed-images.s3-ap-southeast-2.amazonaws.com https://ausmed-cdn.s3.amazonaws.com https://i.vimeocdn.com https://pagead2.googlesyndication.com https://platform-lookaside.fbsbx.com https://www.ausmed.com.au https://www.ausmed.co.uk https://www.ausmed.co.nz https://cta-service-cms2.hubspot.com https://zendesk-eu.my.sentry.io https://api.hsforms.com/;script-src-elem 'self' 'unsafe-inline' https://js.hsadspixel.net https://js.hs-scripts.com https://script.hotjar.com https://player.vimeo.com https://fast.wistia.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://cdn.amplitude.com https://js.hs-analytics.net https://static.hotjar.com https://cdn.jsdelivr.net https://js.stripe.com http://www.gstatic.com http://ssl.p.jwpcdn.com https://www.youtube.com https://widget-mediator.zopim.com https://content.jwplatform.com http://connect.facebook.net/en_US/sdk.js https://static.zdassets.com https://www.google.com https://api.getvero.com https://connect.facebook.net/ https://snap.licdn.com/ http://js.hsforms.net/forms/v2.js https://cdn.segment.com/analytics.js/v1/UwcJ2uzKvDCFg5SoAHPXm9BAoroIGbJ4/analytics.min.js https://www.googletagmanager.com https://cdn.segment.com https://www.google-analytics.com http://d3qxef4rp70elm.cloudfront.net https://analytics.tiktok.com/i18n/pixel/ https://js.hubspot.com;script-src 'self' 'unsafe-eval';form-action 'self' https://www.facebook.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;media-src 'self' blob: https://video.ausmed.com.au https://video.ausmed.com https://video.ausmed.co.nz https://video.ausmed.co.uk https://static.zdassets.com https://video.ausmed.com.au https://ausmed-preview-video.s3.ap-southeast-2.amazonaws.com https://ausmed-cdn.s3.ap-southeast-2.amazonaws.com https://fast.wistia.com https://embed-cloudfront.wistia.com;worker-src 'self' https://www.ausmed.com.au blob:;font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com;frame-src 'self' https://player.vimeo.com https://forms.hsforms.com https://www.loom.com https://td.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://js.stripe.com https://www.facebook.com https://ausmed-account.s3.amazonaws.com https://www.youtube.com;frame-ancestors 'self' *;base-uri 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2
default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net *.bitmovin.com cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com;connect-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com dge.akamaized.net code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 2
default-src 'self' data: 'unsafe-inline' https://bewatec.virtual-spaces.de https://outlook.office365.com https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://bewatec.clickmeeting.com; font-src 'self' data:; img-src https: data: https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://snap.licdn.com; media-src https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' http://localhost:3000 https://matomo.bewatec.customer.planetary-quantum.net https://matomo.bewatec.com https://use.bewatec.com https://snap.licdn.com https://embed.clickmeeting.com https://bewatec.clickmeeting.com; form-action 'self' https://seu2.cleverreach.com; frame-ancestors 'self' https://app.bewatec.com https://app.staging.bewatec.com com.bewatec.inhospital; base-uri 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://internetstiftelsen.piwik.pro https://internetstiftelsen.containers.piwik.pro https://mfstatic.com https://matomo.internetstiftelsen.se https://accounts.google.com https://stage.graphtool.internetstiftelsen.se https://googleads.g.doubleclick.net https://static.internetstiftelsen.se https://cdnjs.cloudflare.com https://d2wy8f7a9ursnm.cloudfront.net https://graphtool.internetstiftelsen.se https://www.gstatic.com https://www.google.com https://www.google.se https://www.googleadservices.com https://teams.microsoft.com https://cdn1.readspeaker.com https://apis.google.com https://ajax.googleapis.com https://cdn.cookielaw.org https://privacyportal-eu-cdn.onetrust.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net; img-src 'self' data: https://mfstatic.com https://im16.inviewer.se https://fonts.gstatic.com https://matomo.internetstiftelsen.se https://i3.ytimg.com https://ps.w.org https://googleads.g.doubleclick.net https://img.youtube.com https://styleguide.internetstiftelsen.se https://ssl-static.libsyn.com https://i.ytimg.com https://ddgppes8y88eh.cloudfront.net https://www.googletagmanager.com https://s.w.org https://cdn.cookielaw.org https://static.internetstiftelsen.se https://internetstiftelsen.se https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://internetstiftelsen.containers.piwik.pro https://mfstatic.com https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com https://static.internetstiftelsen.se; font-src 'self' data: https://privacyportal-eu-cdn.onetrust.com https://static.internetstiftelsen.se https://fonts.gstatic.com; connect-src 'self' data: ws://127.0.0.1:9001 https://internetstiftelsen.piwik.pro https://im16.inviewer.se https://*.mediaflow.com https://graphtool.internetstiftelsen.se https://classroom.googleapis.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://www.googleapis.com https://cdn.lordicon.com https://*.readspeaker.com https://cdn.cookielaw.org https://privacyportal-eu-cdn.onetrust.com https://*.bugsnag.com https://stats.g.doubleclick.net https://*.google-analytics.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://yoast.com; frame-src 'self' https://wp.freemius.com https://internetstiftelsen.confetti.events https://scratch.mit.edu https://player.vimeo.com https://sverigesradio.se https://docs.google.com https://open.spotify.com https://www.facebook.com https://w.soundcloud.com https://content-classroom.googleapis.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://content.googleapis.com https://accounts.google.com https://www.google.com; manifest-src 'self' https://static.internetstiftelsen.se; media-src 'self' https://*.libsyn.com 2
default-src 'self' data: 'unsafe-inline'; script-src 'self'; style-src 'self' 'unsafe-inline' 2
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-YjNhMTA4NzgtOWNmMS00NWY5LThlMzYtZWI0NzE4NjY1ZDkw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
object-src 'none';base-uri 'self';script-src 'nonce-Jjc6kacFFjpmfbGhNnv2qA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self';base-uri 'self';script-src 'nonce-i64xef3VmUla9RyMd18BbA==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0ctie55iqu3vj&partner=; 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-4e070f58c4f7f1ae2807248c20851836' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=18.12.23; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-dc3b65e406fa734c9af59d4cce3acd7b' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1512605511956634; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1512605511956634 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-Z1yD13rbQJ-JkRFzmPobGQ' 'unsafe-inline' blob: https:; 1
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; font-src 'self'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com 1
connect-src 'self' blob: https://gcp.api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://aws.api.snapchat.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.snapchat.com https://app.snapchat.com https://sentry.sc-prod.net https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://staging-web-gcp.snap-dev.net https://web.snapchat.com https://accounts.snapchat.com ws: wss: https://static.snapchat.com https://sentry.sc-prod.net https://cdn.contentful.com https://story.snapchat.com https://graphql.contentful.com https://cf-st.sc-cdn.net https://app.snapchat.com https://s.sc-cdn.net https://bolt-gcdn.sc-cdn.net; img-src 'self' blob: data: https://support-tools.storage.googleapis.com https://www.snapchat.com https://story.snapchat.com https://cf-st.sc-cdn.net https://*.google-analytics.com https://*.googletagmanager.com data: https://www.google.com https://www.google.co.uk https://www.google.com.sa https://www.google.ca https://www.google.fr https://www.google.com.no https://www.google.com.au https://static.snapchat.com https://images.bitmoji.com https://impala-media-production.s3.amazonaws.com https://bolt-gcdn.sc-cdn.net https://lens-storage.storage.googleapis.com https://community-lens.storage.googleapis.com https://lens-preview-storage.storage.googleapis.com https://app.snapchat.com; media-src https://bolt-gcdn.sc-cdn.net https://static.snapchat.com https://s.sc-cdn.net https://cf-st.sc-cdn.net blob:; script-src 'self' https://static.snapchat.com https://www.google-analytics.com https://*.googletagmanager.com 'sha256-dQJQsgrl3uMVvy2BJYsaNKb5aPwwZP1Hxm/h8nPMYU8=' 'sha256-W180Lw4gMizxEUHmEThR7QFnAWtmFgcFnXafbGOe27I=' 'sha256-T+mJpzkspYbS2c9j2qrgyezx0+bxueaYNJwVB75pe3Y=' 'sha256-5rMxh1U6sIDlVjmobBQY89QTC9nNeK3hd9dsXpD2AYE=' 'sha256-SlyXqNpddFY9lxbguST5m22HifGELYV1FYec8XhHUkk=' 'sha256-FhUvlSz0BXj4r8M1nXAkVXmbcxiWrUXB6vNbCZ8A0Zk=' 'sha256-2LmOILM2HIS9pJC380owRlOYo+c5WOuuNL7oEMLss2I=' 'sha256-MNn0HyJxuyKnyn0lPM1hCzPzycraTm0TXEqX1khh/7k='; style-src 'self' https://static.snapchat.com 'unsafe-inline'; default-src 'self'; font-src 'self' https://snap-design-system.storage.googleapis.com https://ads-interfaces.sc-cdn.net https://static.snapchat.com; frame-ancestors 'none'; report-uri ; report-to ; block-all-mixed-content 1
default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-7fc28cbc6f394f29c90b77ea5d5a6536' 'self'; img-src 'self' 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-NJciQRxlSR1dPvnqw5ET' 'nonce-xal1ukQTCpJDYbZkFhrF' 1
upgrade-insecure-requests; default-src 'none'; script-src 'strict-dynamic' 'nonce-BwvUX5O6dyB04zwrCUFsDU2XwdRjhwZ9' 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.dev www.googletagmanager.com plausible.io *.plausible.io player.vimeo.com; connect-src 'self' sentry.io *.sentry.io *.sentry.dev reload.getsentry.net vimeo.com plausible.io *.plausible.io; img-src 'self' sentry.io *.sentry.io data: *.sentry.dev sentry-blog.storage.googleapis.com www.googletagmanager.com i.vimeocdn.com images.ctfassets.net; style-src 'self' 'unsafe-inline' *.sentry.dev; media-src 'self' videos.ctfassets.net; font-src 'self' *.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com demo.arcade.software recaptcha.google.com www.google.com; manifest-src 'self' *.sentry.dev; base-uri 'none'; frame-ancestors *.sentry.io; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src 'self' data: blob: e-cc01-i.sber247.ru *.diginetica.net sberdevices.ru *.sberdevices.ru *.google.com *.rambler.ru ad.adriver.ru messenger.online.sberbank.ru www.googletagmanager.com *.google-analytics.com *.analytics.google.com mc.yandex.ru *.mindbox.ru gw.sbdv.ru:8443 web.popmechanic.ru *.nativeroll.tv soloway.ru rutarget.ru *.mail.ru statad.ru andata.ru vk.com appsflyer.com adriver.ru programmatica.com *.programmatica.com; frame-src e-cc01-i.sber247.ru id.sber.ru online.sberbank.ru rutube.ru google.com www.google.com *.adriver.ru www.youtube.com *.rutarget.ru *.nativeroll.tv; frame-ancestors webvisor.com metrika.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' e-cc01-i.sber247.ru *.diginetica.net *.sbermarketing.ru *.andata.ru *.sberdevices.ru blob: *.2gis.com www.google.com google.com *.gstatic.com *.adriver.ru messenger.online.sberbank.ru *.mindbox.ru *.popmechanic.ru *.nativeroll.tv tags.soloway.ru cdn.rutarget.ru *.mail.ru statad.ru andata.ru vk.com appsflyer.com ad.adriver.ru www.googletagmanager.com *.google-analytics.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz yastatic.net mc.webvisor.com mc.webvisor.org st.top100.ru *.programmatica.com pxaction.com; connect-src 'self' *.diginetica.net e-cc01-i.sber247.ru *.mail.ru vk.com *.sbermarketing.ru *.rambler.ru ws: messenger.online.sberbank.ru:7764 id.sber.ru *.id.sber.ru online.sberbank.ru visor.sberbank.ru  *.online.sberbank.ru gw.sbdv.ru:8443 metrics.prom.third-party-app.sberdevices.ru *.2gis.com suggestions.dadata.ru *.andata.ru *.sberdevices.ru *.google-analytics.com *.google.com *.analytics.google.com web.popmechanic.ru stats.g.doubleclick.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz yastatic.net mc.webvisor.com mc.webvisor.org *.mindbox.ru *.programmatica.com; object-src 'self' *.sberdevices.ru; style-src 'self' 'unsafe-inline' e-cc01-i.sber247.ru *.sberdevices.ru static.popmechanic.ru fonts.googleapis.com; font-src 'self' *.sberdevices.ru fonts.gstatic.com fonts.googleapis.com; 1
script-src 'report-sample' 'nonce-jdvg603s03Cpqgtx2lZdfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-/TUG+uTIXwBkPCl3/vv6A8lGel+nEoBdloyRY5k/NFyuxpKY' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: 'unsafe-inline' https://www.apachecon.com/ https://analytics.apache.org/ http://analytics.apache.org/ https://www.google.com/cse/ https://cse.google.com/ https://www.googleapis.com/generate_204 http://*.google.com/generate_204 https://afs.googlesyndication.com/ https://csp.withgoogle.com/ https://www.google.com/images/ https://ssl.gstatic.com/ui/ https://docs.google.com/forms/ https://www.youtube.com/embed/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ http://analytics.apache.org/ https://cse.google.com/ http://cse.google.com/adsense/search/async-ads.js https://www.google.com/cse/ https://partner.googleadservices.com/; style-src 'self' 'unsafe-inline' https://www.google.com/cse/; frame-ancestors 'none'; 1
img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; font-src 'self'; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-inFHvZTY7XfOzCS6R16wtTmKqkaag3pZygijnp1v7SxmNEgy5R' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; base-uri 'none'; object-src 'none'; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-lgJnwAolJEfUZqcADCe937u5G/i9edAudHv5GJlMHHo=' 'sha256-f4ki6ad4xHBnfj+FbRBUifEbj0rzaa2pNLDbnZ3IEMs=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-Y/HIjyFCMWLG5aCowKhGBKP5em9S2M097hRagv3TXQ0=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-qmxgNLBk8DehEAH10pxGKDVGIrss69LIPlCGOCw3O78='; img-src * data: blob:; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org; media-src 'self' *.gstatic.com storage.googleapis.com *.googlevideo.com; default-src 'self' *.gstatic.com storage.googleapis.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; img-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de data: ; font-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; connect-src 'self' https://sso.myfritz.net https://gateway.myfritz.net wss://gateway.myfritz.net https://piwik.avm.de; frame-src 'self' https://sso.myfritz.net https://www.google.com/recaptcha/; media-src 'none'; object-src 'none'; worker-src 'none'; manifest-src https://www.myfritz.net/static/manifest.json https://sso.myfritz.net/static/manifest.json; frame-ancestors https://sso.myfritz.net https://www.myfritz.net; form-action 'self' https://www.myfritz.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-ODYsMTUyLDgyLDE3Niw4LDk3LDExMywyNDM=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
frame-ancestors 'self' https://web.mit.edu https://www.mit.edu http://web.mit.edu http://www.mit.edu 1
frame-ancestors https://academy.launchdarkly.com https://learn.launchdarkly.com; 1
default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-D48mWi2uwDZ9d1ZoeIo8UIjgOVV0I/' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-ModfjTuPhtK/O8G2jzjDUQ==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
child-src 'self' blob:; connect-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.perimeterx.net *.purpleportal.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.quantummetric.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com a02f69a90dstg.blob.core.windows.net ads01.groovinads.com api.bazaarvoice.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c.sspinc.io c0b535ed7astg.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com cdn.quantummetric.com content.jwplatform.com directline.botframework.com dw.wmt.co fitpredictor-api.sspinc.io gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ingest.quantummetric.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com secure.adnxs.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tps.doubleverify.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart-app.quantummetric.com walmart-sync.quantummetric.com walmart.sspinc.io wss://api.talkshop.live wss://directline.botframework.com wss://us.server.buywith.com wss://wm-converse-wss.dev.walmart.com wss://www-perf.walmart.com wss://www-stage.walmart.com wss://www-teflon.walmart.com wss://www.walmart.com www.facebook.com www.google.com www.gstatic.com zeekit.walmart.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantummetric.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; font-src 'self' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com fonts.gstatic.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com www.ezdia.com; frame-ancestors 'self' *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; frame-src 'self' *.1worldsync.com *.accenture.com *.affirm.com *.alldata.cashedge.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.countr.one *.digital-cloud.medallia.com *.eko.com *.fiservapps.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.one.app *.onefinance.com *.online-metrix.net *.quantummetric.com *.richcontext.com *.salsify.com *.shopstylecollective.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.vantivcnp.com *.vimeo.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com adclick.g.doubleclick.net app.collectivevoice.com app.collectivevoiceqa.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com content.jwplatform.com https://www-qa.walmart.com.mx ln-rules.rewardstyle.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwmpdscanoprod.z19.web.core.windows.net one.app.link photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com tpc.googlesyndication.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.google.com www.recaptcha.net; img-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.doubleverify.com *.flix360.com *.flix360.io *.geekseller.com *.imrworldwide.com *.kampyle.co *.kampyle.com *.ksckreate.net *.online-metrix.net *.paypal.com *.px-cdn.net *.px-cloud.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com 3d-qc.walmartimages.com 3d.walmartimages.com a.sellpoint.net a02f69a90dstg.blob.core.windows.net ad.doubleclick.net ads01.groovinads.com akamai.ksckreate.net aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c0b535ed7astg.blob.core.windows.net ccsprodus1.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com crtormassetmguseprod.blob.core.windows.net cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net data: dw.wmt.co gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ir.surveywall-api.survata.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net pixel.adsafeprotected.com player.cloudinary.com rackcdn.com res.cloudinary.com s0.2mdn.net salsify-ecdn.com secure.adnxs.com securepubads.g.doubleclick.net smedia.webcollage.net ssl.p.jwpcdn.com static.adsafeprotected.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tpc.googlesyndication.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart.ugc.bazaarvoice.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.gstatic.com; media-src *.1worldsync.com *.accenture.com *.akamaized.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.vimeo.com *.vimeocdn.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com a.sellpoint.net akamai.ksckreate.net assets-jpcust.jwpsrv.com assets.optiwise.ai blob: ca-media.contentanalyticsinc.com cc.cnetcontent.com cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn-azure.kwikee.com cdn.cnetcontent.com cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx images.salsify.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com vimeo.com ws.cnetcontent.com www.ezdia.com; object-src *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.px-cloud.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com cdn.quantummetric.com connect.facebook.net content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx ls.chatid.com maps.googleapis.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.recaptcha.net 'nonce-U-lEV9xuwF-s-tSu'; style-src 'self' 'unsafe-inline' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.kampyle.com *.ksckreate.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com salsify-ecdn.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com walmart.sspinc.io ws.cnetcontent.com www.ezdia.com; worker-src 'self' blob:; report-uri https://csp.walmart.com/c/r/gl 1
base-uri 'none'; default-src 'self' https: data: blob: wss: 'unsafe-inline'; script-src https://static.tradingview.com/static/ blob: https://*.ampproject.org/ https://*.paypal.com/ https://platform.twitter.com https://platform.x.com https://songbird.cardinalcommerce.com/edge/v1/ https://checkout.razorpay.com/ 'nonce-ysVKt3iX+GoU0Yzadwoaew=='; object-src 'none' 1
upgrade-insecure-requests; frame-ancestors 'self' https://resources.forter.com http://resources.forter.com http://forter.pathfactory.com https://forter.pathfactory.com https://resources.fraudlab.com http://resources.fraudlab.com; 1
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 1
default-src 'self'; manifest-src 'self'; font-src 'self' data: f1-eu.readspeaker.com netdna.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' webstatistics.telefonica.de f1-eu.readspeaker.com app.mailjet.com console.e-bot7.de; connect-src 'self' webstatistics.telefonica.de f1-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com console.e-bot7.de; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com; base-uri 'self'; form-action 'self' jobs.telefonica.com; frame-src 'self' charts3.equitystory.com www.youtube-nocookie.com app.mailjet.com console.e-bot7.de 1
default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-a41a741e3775ac02fb292c98f572c3d5' 'self'; img-src 'self' 1
base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud *.visammg.com apps.rokt.com hooks.stripe.com js.stripe.com recaptcha.google.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com *.sendbird.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.citrusad.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.rollbar.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com js.stripe.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com zapier.com https://api-57849742-3304-4834-ADC2-0C706B726101.sendbird.com wss://ws-57849742-3304-4834-ADC2-0C706B726101.sendbird.com https://p2blobstore.blob.core.windows.net; font-src 'self' data: *.kampyle.com *.medallia.com *.sendbird.com *.sprinklr.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com *.sendbird.com; frame-ancestors *.shipt.com; img-src 'self' data: * *.use1.pure.cloud *.sprinklr.com blob: p2blobstore.blob.core.windows.net; object-src 'none'; script-src 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.rollbar.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com *.sendbird.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.google.com/recaptcha/ www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ s.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.sendbird.com; worker-src 'self' blob:; default-src 'self'; upgrade-insecure-requests; media-src https://file-us-3.sendbird.com https://sendbird-us-3.s3.amazonaws.com *.shipt.com *.use1.pure.cloud *.sprinklr.com 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-3e96f072460246acf3ca4e9c0fdfe15e' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=18.12.23; 1
default-src 'self' *.baidu.com ; img-src https://* data:; child-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' marketing.mediatek.com *.baidu.com www.youtube.com cdn.plyr.io *.benchmarkemail.com js.hs-scripts.com connect.facebook.net www.googletagmanager.com js.hs-analytics.net js.hs-banner.com www.google-analytics.com; script-src-elem 'self' marketing.mediatek.com *.baidu.com www.youtube.com cdn.plyr.io *.benchmarkemail.com js.hs-scripts.com connect.facebook.net www.googletagmanager.com js.hs-analytics.net js.hs-banner.com www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdn.plyr.io marketing.mediatek.com; font-src 'self'  marketing.mediatek.com data:; connect-src 'self' feed-proxy.craftcms.com marketing.mediatek.com *.baidu.com analytics.google.com cdn.plyr.io www.google-analytics.com stats.g.doubleclick.net noembed.com www.facebook.com; frame-src 'self' www.facebook.com www.youtube.com marketing.mediatek.com www.mediatek.com; frame-ancestors 'self' https://marketing.mediatek.com https://www.mediatek.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com https://wwdr-aws-dev.apple.com 1
frame-ancestors 'self' *.ca.gov 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 1
report-uri https://www.yelp.com/csp_block?id=dff43c8977fa842b&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1705975683; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com ; font-src 'self' cdn.robinhood.com data: ; media-src 'self' cdn.robinhood.com *.usercentrics.eu ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net/5ft2qdzfrz9o/ images.ctfassets.net/mwphzyq69oso/ images.ctfassets.net/fomw95h5b4ty/ images.ctfassets.net/lnmc2aao6j57/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu ; frame-ancestors 'self' ; connect-src 'self' robinhood.com *.robinhood.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com analytics.tiktok.com boards-api.greenhouse.io preview.contentful.com cdn.contentful.com s.yimg.com *.usercentrics.eu api.instagram.com/ ; block-all-mixed-content; upgrade-insecure-requests; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 1
style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.com&showid=1705976276165921-917742864424641616-balancer-l7leveler-kubr-yp-vla-38-BAL-3414&h=stable-portal-mordago-57.sas.yp-c.yandex.net&yandexuid=8246416161705976276&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.com yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.com favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru;script-src 'nonce-mo5WEsCt2vjQ6EFiDPjCsg==' mc.yandex.com yastatic.net yandex.com mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.com mc.yandex.ru mc.yandex.md mc.yandex.com *.ya.ru *.yandex.ru ya.ru yandex.ru;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3659a101535ca40a90267323da436f25' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=5856140326966500; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=5856140326966500 1
default-src data: blob: *.fbcdn.net *.facebook.com *.fbsbx.com connect.facebook.net;script-src *.facebook.com static.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.fbsbx.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.doubleclick.net *.fbsbx.com;font-src fonts.gstatic.com *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.facebook.com *.fbsbx.com *.fbcdn.net data: blob:;frame-src www.youtube.com *.twitter.com *.instagram.com *.facebook.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1fnooh9iqu8nt&partner=; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-NjkyMDc5MWYtOTkyMS00Yzc0LWExNDYtZmZlODkzNzUxNTk2'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 1
default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: 'unsafe-inline'; manifest-src 'self'; media-src *; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; base-uri 'self'; form-action *; frame-ancestors 'self' http://content.to https://content.to 1
frame-ancestors 'self' https://ss.datasconsole.com; 1
frame-ancestors 'self' *.wallet.airpay.co.id *.shopee.kr *.airpay.co.id *.shopeemobile.com *.shopee.co.id *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
connect-src 'self' https://brave-software.ghost.io; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://try.bravesoftware.com https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://survey.brave.com https://contact.ads.brave.com https://html5-player.libsyn.com https://social-growth.bravesoftware.com https://try.bravesoftware.com https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://www.youtube-nocookie.com https://js.driftt.com https://app.boostr.com/; img-src 'self' data: https://analytics.brave.com https://boards.greenhouse.io; script-src 'self' https://analytics.brave.com https://boards.greenhouse.io https://js.driftt.com; style-src 'self' 'unsafe-inline'; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MjM4LDEyMywxMDUsMTM1LDU0LDE2NiwxMDksMjM4' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
frame-ancestors 'self' *.wallet.airpay.com.br *.shopee.kr *.airpay.com.br *.shopeemobile.com *.shopee.com.br *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'self';base-uri 'self';form-action platform.twitter.com syndication.twitter.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com code.jquery.com platform.twitter.com api.github.com https://cdn.jsdelivr.net https://datum.jsdelivr.com 'nonce-ODk2YmZlM2ItZTVkYy00ZGUyLWFmMmEtYzJjZDZjYWFjODcx';style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com platform.twitter.com https://cdn.jsdelivr.net;img-src 'self' data: bootswatch.com syndication.twitter.com stats.g.doubleclick.net ad.doubleclick.net *.convertro.com *.c3tag.com *.2mdn.net launchbit.com www.launchbit.com https://cdn.jsdelivr.net;font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://cdn.jsdelivr.net;frame-src 'self' img.shields.io platform.twitter.com syndication.twitter.com https://cdn.jsdelivr.net https://github.com/sponsors/jsdelivr/button;child-src 'self' img.shields.io platform.twitter.com syndication.twitter.com https://cdn.jsdelivr.net;connect-src syndication.twitter.com https://api.github.com/repos/jsdelivr/bootstrapcdn https://stats.g.doubleclick.net https://datum.jsdelivr.com/api/event;object-src img.shields.io;manifest-src 'self' 1
block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.kohls.com *.dotomi.com *.fastclick.net *.licdn.com *.pubmatic.com *.rubiconproject.com *.doubleclick.net *.iesnare.com www.youtube.com *.fontawesome.com kohlsblog.wpengine.com app.collectivevoice.com *.flippenterprise.net *.kohlslocal.com *.media.net *.syndigo.com *.syndigo.cloud *.rewardstyle.com *.adnxs-simple.com media.adcanvas.com *.loudcrowd.com *.2mdn.net c.tvpixel.com *.3lift.com *.flashtalking.com *.ampproject.org *.scorecardresearch.com *.evgnet.com survey.vovici.com *.casalemedia.com cdn.cookielaw.org app.contentsquare.com pixel.fohr.co cdnjs.cloudflare.com *.yahoo.com cdn.js7k.com *.doubleverify.com *.adnxs.com *.adsafeprotected.com kohls.sspinc.io *.webcollage.net cdns.brsrvr.com *.pinterest.com edge.curalate.com *.googleapis.com *.dynatrace.com *.snapchat.com *.go-mpulse.net *.adobedtm.com *.dynatrace.com *.coherentpath.com *.igodigital.com *.bing.com *.google.com *.paypalobjects.com *.braintreegateway.com *.dynamicyield.com *.gstatic.com *.paypal.com *.micpn.com *.clicktale.net *.yimg.com *.liadm.com *.ads-twitter.com *.pinimg.com *.facebook.net *.tiktok.com *.vibescm.com sc-static.net *.googletagmanager.com *.snapchat.com *.google-analytics.com *.cnnx.link *.taboola.com *.impactradius-event.com *.ada.support *.googletagservices.com *.indexww.com *.googlesyndication.com *.bazaarvoice.com *.stylitics.com *.tagdelivery.com *.bambuser.com *.googleadservices.com *.rokt.com *.fohr.co www.recaptcha.net cadent.tv z.moatads.com cdn.confiant-integrations.net *.crossingminds.com; style-src 'self' 'unsafe-inline' blob: data: *.kohls.com *.licdn.com kohlsblog.wpengine.com cdn.honey.io *.flippenterprise.net *.fontawesome.com *.kohlslocal.com *.loudcrowd.com *.quantcount.com fonts.googleapis.com *.bazaarvoice.com *.stylitics.com *.dynamicyield.com *.crossingminds.com; img-src 'self' blob: data: *.kohls.com *.dotomi.com *.fastclick.net *.adsensecustomsearchads.com *.doubleclick.net *.licdn.com *.scorecardresearch.com *.adnxs.com *.clicktale.net cdn.honey.io media.kohlsimg.com *.casalemedia.com *.yahoo.com *.fontawesome.com *.loudcrowd.com lookaside.fbsbx.com kohlsblog.wpengine.com *.syndigo.com *.syndigo.cloud *.adcanvas.com *.googleadservices.com *.quantserve.com *.vibescm.com *.quantcount.com www.ojrq.net *.flippenterprise.net *.liadm.com *.rlcdn.com *.media.net us-u.openx.net *.rubiconproject.com *.demdex.net *.everesttech.net prodeastusmappscreative.azureedge.net *.pubmatic.com s.yimg.com *.kohlslocal.com *.gstatic.com *.doubleverify.com *.flashtalking.com *.advertising.com chart.googleapis.com cdn.cookielaw.org pixel.fohr.co *.webcollage.net *.adsafeprotected.com edge.curalate.com *.3lift.com *.dynamicyield.com content.stylitics.com dpm.demdex.net *.micpn.com cm.everesttech.net maps.googleapis.com www.googletagmanager.com services.postcodeanywhere.co.uk *.bing.com *.paypal.com *.doubleclick.net *.google.com t.co *.twitter.com *.clicktale.net *.pinterest.com *.facebook.com *.google-analytics.com *.taboola.com *.2mdn.net *.admedia.com *.admarketplace.net *.igodigital.com trkn.us *.4cinsights.com *.bazaarvoice.com *.tagdelivery.com *.bizrate.com *.googlesyndication.com *.adxcel-ec2.com *.kohlsimg.com *.fohr.co cadent.tv z.moatads.com cdn.confiant-integrations.net; connect-src 'self' *.kohls.com *.domdog.io *.evergage.com *.casalemedia.com *.iesnare.com *.syndigo.com *.syndigo.cloud *.adeptmind.ai endpoint.dlp-webservices.prod.dlp.adeptmind.net plausible.io *.loudcrowd.com *.fontawesome.com *.flippenterprise.net *.flipp.com *.flippback.com *.ampproject.org s.update.ib.adnxs.net *.kohlslocal.com *.google-analytics.com *.flashtalking.com *.onetrust.com cdn.cookielaw.org pixel.fohr.co p.tvpixel.com *.tagdelivery.com *.doubleverify.com *.adnxs.com edge.curalate.com *.googleapis.com hb.emxdgt.com *.pubmatic.com *.gstatic.com api.rlcdn.com *.google.com *.yahoo.com *.facebook.com *.akstat.io *.rubiconproject.com *.3lift.com *.snapchat.com *.tiktok.com *.bing.com *.paypal.com *.techlab-cdn.com *.omtrdc.net *.go-mpulse.net *.dynatrace.com *.dynamicyield.com *.yimg.com *.liadm.com *.clicktale.net *.pinterest.com *.taboola.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.addressy.com dpm.demdex.net *.ada.support *.doubleclick.net *.googlesyndication.com *.bazaarvoice.com *.stylitics.com kohls.sjv.io *.coherentpath.com *.fohr.co *.contentsquare.net *.crossingminds.com; frame-src 'self' survey.vovici.com *.indexww.com *.brealtime.com *.2mdn.net *.adnxs.com *.rewardstyle.com *.googletagservices.com app.collectivevoice.com secure.opinionlab.com *.casalemedia.com player.vimeo.com www.youtube.com *.syndigo.com *.syndigo.cloud *.bambuser.com *.bazaarvoice.com eus.rubiconproject.com *.3lift.com contextual.media.net *.pubmatic.com core-gp.firstinsight.com tsdtocl.com tr.snapchat.com apps.rokt.com *.google.com *.liadm.com *.pinterest.com *.doubleclick.net kohls.demdex.net *.paypal.com *.facebook.com kohls.ada.support *.rlcdn.com *.googlesyndication.com *.flashtalking.com www.recaptcha.net; worker-src 'self' blob:; font-src 'self' data: cdn.honey.io cdnjs.cloudflare.com *.syndigo.com *.bazaarvoice.com *.syndigo.cloud *.fontawesome.com *.kohlslocal.com *.gstatic.com *.stylitics.com *.paypalobjects.com *.rakuten.com; form-action 'self' *.kohls.com *.facebook.com *.bazaarvoice.com secure.opinionlab.com *.snapchat.com *.pinterest.com; base-uri 'self' *.kohls.com; frame-ancestors 'self'; manifest-src 'self' *.kohls.com *.bazaarvoice.com; media-src 'self' blob: *.kohlsimg.com *.iesnare.com *.bazaarvoice.com *.loudcrowd.com lookaside.fbsbx.com www.bing.com *.syndigo.com *.syndigo.cloud edge.curalate.com; object-src 'self' *.bazaarvoice.com; report-uri https://csp38.domdog.io/report-uri/a9a6fb14-365a-4648-b17b-2e47930f8b49/1/1-45/block; 1
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; font-src 'self' 1
report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1705980154429218-9200674827407300205-balancer-l7leveler-kubr-yp-sas-58-BAL-6367&h=stable-portal-mordago-151.vla.yp-c.yandex.net&yandexuid=5073002051705980154&&version=2024-01-19-465&adb=0;script-src 'nonce-G2EFUT+IPb4fdtGOP2V99Q==' *.ya.ru mc.yandex.com yastatic.net yandex.ru ya.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com ya.ru yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: favicon.yandex.net avatars.mds.yandex.net blob: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
frame-ancestors 'self' *.deepl.com 1
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com https://client.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabtrustbankcollectives.com 1
frame-ancestors 'self' https://*.adroll.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co 'nonce-01204aad-2c9b-4571-b74a-75a3fcfdd521' https://log.bntrace.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://www.googleanalytics.com https://www.googleoptimize.com https://www.gstatic.com https://www.google.com https://accounts.google.com/gsi/client https://apis.google.com/js/api:client.js https://maps.googleapis.com https://optimize.google.com https://euob.segreencolumn.com https://bat.bing.com https://obseu.segreencolumn.com https://appleid.cdn-apple.com unsafe-inline https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://accounts.binance.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://api.smartling.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com unsafe-inline;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://api.smartling.com https://accounts.google.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.com https://*.binance.com https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://api.smartling.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://bat.bing.com https://obseu.segreencolumn.com https://logan-log.binance.gg wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://stream.binance.com wss://nbstream.binance.com wss://bstream.binance.com:9443 https://api.saasexch.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://static.devfdg.net https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://obseu.segreencolumn.com https://bat.bing.com https://sensors.binance.cloud https://bin.bnbstatic.com https://public.bnbstatic.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://api.smartling.com https://accounts.google.com https://fast.wistia.net blob:;frame-src 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://www.google.com https://optimize.google.com https://accounts.google.com/ https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net;object-src 'none';base-uri 'self';report-uri https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a;report-to https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sportskeeda.com https://www.google.com https://www-sportskeeda-com.cdn.ampproject.org https://hindi-sportskeeda-com.cdn.ampproject.org https://news.google.com https://www.google.co.in https://corp.nazara.com 1
frame-ancestors 'self'; default-src https: *.crazyegg.com blob:; frame-src https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com blob:; connect-src 'self' https: wss: *.crazyegg.com; img-src https: 'self' data: *.crazyegg.com; style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://trendyol.com https://*.trendyol.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.criteo.net https://connect.facebook.net https://edge.fullstory.com https://www.fullstory.com https://cdn.cookielaw.org https://creativecdn.com https://static.hotjar.com https://trendyolde.api.useinsider.com https://ct.pinterest.com https://cdn.taboola.com https://trc.taboola.com https://analytics.twitter.com  https://platform.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net  https://www.awin1.com https://cdn.dsmcdn.com/ https://static.dsmcdn.com https://js-agent.newrelic.com https://maps.googleapis.com https://static.cloudflareinsights.com https://bam-cell.nr-data.net https://widget.usersnap.com https://resources.usersnap.com https://sslwidget.criteo.com https://pay.google.com https://x.klarnacdn.net https://api.useinsider.com https://www.googleoptimize.com https://s.pinimg.com https://www.dwin1.com https://ln-rules.rewardstyle.com http://rewarstyle.com https://the.sciencebehindecommerce.com https://analytics.tiktok.com https://widgets.trustedshops.com https://bat.bing.com https://js.braintreegateway.com https://www.paypal.com https://www.mczbf.com https://c.paypal.com/ https://sc-static.net https://tags.creativecdn.com https://www.google.com https://www.gstatic.com https://checkout.tabby.ai 1
frame-ancestors 'self' pages.linode.com; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2024-01-23 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; media-src 'self' https: data: blob:; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 1
frame-ancestors 'self' *.gsmarena.com; 1
default-src 'self' bumbcdn.com *.bumbcdn.com us1.bumbcdn.com; connect-src 'self' bumble.com eu1.bumble.com us1.bumble.com am1.bumble.com gew3.bumble.com fr1.bumble.com bumbcdn.com *.bumbcdn.com us1.bumbcdn.com  *.api.here.com *.paypal.com https://google.com *.googlesyndication.com *.gstatic.com api.giphy.com api.tenor.com g.tenor.com *.doubleclick.net *.mapbox.com https://www.facebook.com wss://badoocdn.com:* wss://*.badoocdn.com:* *.bumble.com blob: t.co analytics.twitter.com wa.appsflyer.com wa.onelink.me youtube.com *.doubleclick.net *.squarespace.com *.facebook.com *.pinterest.com s.pinimg.com *.taboola.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google.com https://cdn.ampproject.org https://analytics.google.com https://tr.snapchat.com https://analytics.tiktok.com https://atr.veritonicmetrics.com https://cdn.linkedin.oribi.io api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com https://bic-core.dlocal.com/ *.akamaized.net *.akamaihd.net livestreamapis.com *.livestreamapis.com *.prod.boltdns.net brightcovecdn.com *.brightcovecdn.com img.new.livestream.com;  script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-OeNIEriYMWwoaRPSvv8X2M4fzgM=' 'report-sample' bumbcdn.com *.bumbcdn.com us1.bumbcdn.com  *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.bumble.com blob: *.doubleclick.net *.appsflyer.com s.pinimg.com https://cdn.ampproject.org https://sc-static.net/scevent.min.js https://static.bytedance.com/pixel/sdk.js https://s0.ipstatp.com https://sc-static.net/js-sha256-v1.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://px.ads.linkedin.com js.braintreegateway.com assets.braintreegateway.com https://consent.bumble.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com us1.bumbcdn.com assets.braintreegateway.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com us1.bumbcdn.com fonts.googleapis.com fonts.gstatic.com;  prefetch-src 'self'  bumbcdn.com *.bumbcdn.com us1.bumbcdn.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com ; img-src * data: blob: assets.braintreegateway.com; child-src 'self' blob: assets.braintreegateway.com; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  bumbcdn.com *.bumbcdn.com us1.bumbcdn.com; base-uri 'self'; manifest-src 'self' bumble.com eu1.bumble.com us1.bumble.com am1.bumble.com gew3.bumble.com fr1.bumble.com; form-action 'self'  * *.snapchat.com https://www.facebook.com/tr/; frame-src * *.bumble.com; frame-ancestors 'self' safety.bumble.com; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=bumble_web&release=30309&env=production 1
frame-ancestors *.ouest-france.fr www.google.com https://amp-ouest--france-fr.cdn.ampproject.org http://www.ultimedia.com https://fr.ouestfrance.OuestFrance *.presseocean.fr *.courrierdelouest.fr *.lemainelibre.fr *.maville.com *.francelive.fr *.sipaof.fr ouest-france.geovoile.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' clapi.civiccomputing.com cc.cdn.civiccomputing.com apikeys.civiccomputing.com data:;; frame-ancestors 'self' canvas.ox.ac.uk; report-uri /report-csp-violation 1
upgrade-insecure-requests; frame-ancestors *.centurylink.com *.corp.intranet; 1
frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
frame-ancestors 'self' https://*.apa.org; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ZDUyYTFhMzQtMGUyYy00MzkxLTg5MWEtZDI4NGEzNDNjMzQ3'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors https://admarket.no https://admarket.schibsted.se https://schibsted.dredition-beta.aptoma.no/ https://schibsted.dredition.aptoma.no/; upgrade-insecure-requests 1
default-src 'self';media-src 'self' https://*.divarcdn.com;script-src https://divar.ir https://*.divarcdn.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://cdn.yektanet.com https://audience-cdn.yektanet.com https://s1.mediaad.org https://cdn.sanjagh.com https://www.googleadservices.com https://www.gstatic.com;worker-src 'self' https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://*.divarcdn.com https://fonts.googleapis.com https://www.googletagmanager.com;img-src 'self' data: blob: https://divar.ir https://*.divarcdn.com https://trustseal.enamad.ir https://www.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.googletagmanager.com https://*.openstreetmap.org https://*.balad.ir https://*.cafebazaar.ir https://www.google.com https://www.google.nl https://www.google.de https://www.google.ae https://www.google.fr https://www.google.ca https://www.google.co.uk https://www.google.com.au https://logo.samandehi.ir https://cdn.karnameh.com https://map.divar.ir;connect-src 'self' https://divar.ir https://*.divar.ir https://*.divarcdn.com https://www.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://*.delivery.zeerak.cloud https://*.leogames.co https://*.hotjar.com https://*.googleapis.com https://api.mediaad.org https://ua.yektanet.com https://audience.yektanet.com https://api.sanjagh.com https://api.karnameh.com https://sentry.divar.cloud wss://submit-warning.divar.ir;font-src 'self' https://*.divarcdn.com https://fonts.gstatic.com data:;object-src 'none';frame-ancestors 'none';base-uri 'self';frame-src 'self' https://*.hotjar.com https://ua.yektanet.com https://mediacdn.mediaad.org;manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.abcya.com/ https://*.ads-twitter.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.cloudflarestream.com/ https://*.cloudfunctions.net/ https://*.criteo.com/ https://*.criteo.net/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.hellomedian.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.jwpcdn.com/ https://*.jwplayer.com/ https://*.kaltura.com/ https://*.olark.com/ https://*.traversedlp.com/ https://accounts.google.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://ajax.cloudflare.com/ https://ajax.googleapis.com/ https://analytics.tiktok.com/ https://analytics.twitter.com/ https://api.traversedlp.com/ https://apis.google.com/ https://apps.rokt.com/ https://boards.greenhouse.io/ https://cdn.embed.ly/ https://cdn.mathjax.org/ https://cdn.pbbl.co/ https://cdn.pdst.fm/ https://cdn-assets-prod.s3.amazonaws.com/ https://cdnjs.cloudflare.com/ https://collector-30533.us.tvsquared.com/ https://connect.facebook.net/ https://ct.pinterest.com/ https://cx.atdmt.com/ https://d1fc8wv8zag5ca.cloudfront.net/ https://d38xvr37kwwhcm.cloudfront.net/ https://googleads.g.doubleclick.net/ https://ndn.statistinamics.com/ https://optimize.google.com/ https://platform.twitter.com/ https://players.brightcove.net/ https://plus.google.com/ https://s.pinimg.com/ https://s.yimg.com/ https://s3.amazonaws.com/ https://snap.licdn.com/ https://sp.analytics.yahoo.com/ https://stats.g.doubleclick.net/ https://utt.impactcdn.com/ https://vjs.zencdn.net/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.sc.pages02.net/ https://tagmanager.google.com/ https://www.wyzant.com/ http://ie7-js.googlecode.com/ https://*.ipqscdn.com/ ; style-src 'self' 'unsafe-inline' https://*.olark.com/ https://accounts.google.com/ https://cdn.honey.io/ https://fast.fonts.net/ https://fonts.googleapis.com/ https://optimize.google.com/ https://tagmanager.google.com/ https://translate.googleapis.com/ https://www.wyzant.com/ ; img-src 'self' data: blob: https://*.abcya.com https://*.abcya.com/ https://*.adsrvr.org/ https://*.bing.com/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.clarity.ms/ https://*.criteo.com/ https://*.criteo.net/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.googleusercontent.com/ https://*.gstatic.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.jwplatform.com/ https://*.jwplayer.com/ https://*.jwpltx.com/ https://*.jwpsrv.com/ https://*.kaltura.com/ https://*.linkedin.com/ https://*.olark.com/ https://*.pages02.net/ https://*.pbbl.co/ https://*.pinterest.com/ https://aa.agkn.com/ https://ad.doubleclick.net/ https://adservice.google.ae/ https://adservice.google.ca/ https://adservice.google.co.in/ https://adservice.google.co.nz/ https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.com.au/ https://adservice.google.es/ https://adservice.google.fr/ https://adservice.google.ie/ https://analytics.pangle-ads.com/ https://analytics.twitter.com/ https://api.traversedlp.com/ https://cdn.honey.io/ https://collector-30533.us.tvsquared.com/ https://cx.atdmt.com/ https://drive.google.com/ https://googleads.g.doubleclick.net/ https://ixl.sjv.io/ https://logs-01.loggly.com/ https://olark-file-uploads.s3.us-west-1.amazonaws.com/ https://optimize.google.com/ https://p.adsymptotic.com/ https://pinterest.adsymptotic.com/ https://via.placeholder.com/ https://pointclicktrack.com/ https://gtrk.s3.amazonaws.com/ https://q.quora.com/ https://rwedge-webservices.texthelp.com/ https://rwgoogle-webservices-7.texthelp.com/ https://secure.adnxs.com/ https://sp.analytics.yahoo.com/ https://stats.g.doubleclick.net/ https://t.co/ https://trail.grin.co/ https://translate.google.com/ https://trkn.us/ https://user-event-tracker.crazyegg.com/ https://www.bizographics.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.au/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.kidsafeseal.com/ https://www.ojrq.net/ https://www.w3.org/ https://www.wyzant.com/ https://trail.grin.co/ ; frame-src 'self' https://*.abcya.com/ https://*.criteo.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.olark.com/ https://*.pinterest.com/ https://accounts.google.com/ https://apps.rokt.com/ https://boards.greenhouse.io/ https://cdn.pbbl.co/ https://cdnapisec.kaltura.com/ https://classroom.google.com/ https://iframe.cloudflarestream.com/ https://ixl.sjv.io/ https://optimize.google.com/ https://players.brightcove.net/ https://www.gstatic.com/ https://www.recaptcha.net/recaptcha/ https://www.wyzant.com/ https://www.youtube.com/ https://*.ipqscdn.com/ ; object-src 'self' https://www.wyzant.com/ ; media-src 'self' data: blob: https://*.akamaihd.net/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.jwplayer.com/ https://*.kaltura.com/ https://*.olark.com/ https://rwforg.speechstream.net/ https://www.wyzant.com/ ; connect-src 'self' https://*.abcya.com/ https://*.akamaihd.net/ https://*.analytics.google.com/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.greenhouse.io/ https://*.hellomedian.com/ https://*.hotjar.com/ https://*.instructure.com/ https://*.ixl.com/ https://*.jwplayer.com/ https://*.jwpsrv.com/ https://*.kaltura.com/ https://*.linkedin.com/ https://*.olark.com/ https://*.traversedlp.com/ https://accounts.google.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://analytics.pangle-ads.com/ https://analytics.tiktok.com/ https://api.traversedlp.com/ https://bat.bing.com/ https://cdn.linkedin.oribi.io/ https://csm.sv.us.criteo.net/ https://ct.pinterest.com/ https://cx.atdmt.com/ https://docs.google.com/ https://fast.wistia.com/ https://googleads.g.doubleclick.net/ https://iframe.videodelivery.net/ https://ixl.sjv.io/ https://olark-file-uploads.s3-us-west-1.amazonaws.com/ https://rwedge-webservices.texthelp.com/ https://rwforg.speechstream.net/ https://rwgoogle-webservices-7.texthelp.com/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://us-central1-adaptive-growth.cloudfunctions.net/ https://www.cloudflare.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.wyzant.com/ https://www.youtube.com/ wss://*.hotjar.com/ wss://socket.hellomedian.com/ https://*.ipqscdn.com/ https://www.cloudflare.com/ https://pubsub.ixl.com wss://pubsub.ixl.com; font-src 'self' data: chrome-extension https://*.hotjar.com/ https://*.kaltura.com/ https://*.olark.com/ https://cdn.honey.io/ https://fonts.gstatic.com/ https://www.wyzant.com/ ; frame-ancestors 'self' https://*.abcya.com/ https://*.brightspace.com/ https://*.instructure.com/ https://*.ixl.com/ https://*.schoology.com/ https://canvas.nz.oneschoolglobal.com/ https://classroom.google.com/ https://elearning.donegalsd.org/ https://elearning.tisd.org/ https://epiccharterschools.schoologytest.com/ https://goarrows.instructure.com/ https://ixl.d2l-partners.brightspace.com/ https://learn.ocusd.net/ https://lms.lausd.net/ https://lms.lfdcs.org/ https://my.otus.com/ https://odlss.spedcol.org/ https://odlssparentresources.com/ https://odlssparentresources.org/ https://polaris.jackson.sparcc.org/home/ https://schoology.apollocc.org/ https://schoology.conestogavalley.org/ https://schoology.conradweiser.org/ https://schoology.isd191.org/ https://schoology.lancaster.k12.pa.us/ https://schoology.LSR7.org/ https://schoology.manheimcentral.org/ https://schoology.mesd.us/ https://schoology.rocklinusd.org/ https://schoology.spps.org/ http://learn.d64.org/ http://support/ http://support.quiacorp.com/ http://supportvm/ http://supportvm.quiacorp.com/ http://try.quiacorp.com/ https://schoology.isd623.org https://canvas.k12.hi.us/ https://dev-odlss.spedcol.org/ https://schoology.colheights.k12.mn.us https://learn.sowashco.org https://learn.yeshivatnoam.org https://online.spartan.org https://schoology.dpsk12.org https://lms.jasdmuskies.com https://schoology.wcasd.net https://schoology.pickens.k12.sc.us https://schoology.bcpsk12.net https://*.lausd.iap.allhere.co; report-uri /actions/csp/report; report-to csp-endpoint; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.cdn-tinkoff.ru acdn.tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru business.tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com https://*.1tv.ru/; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru rtb-eu.b.otm-r.com sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com 'self' data: *.tcsbank.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com https://*.1tv.ru/; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org 'self' blob: data: *.tinkoff.ru *.tcsbank.ru https://www.youtube.com https://*.1tv.ru/; font-src *.cdn-tinkoff.ru 'self' *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/pfphome/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src data:; font-src https: data:; frame-ancestors 'self' https://wpe.codes https://my.wpengine.com https://app.kameleoon.com; connect-src https: wss:; img-src https: data:; worker-src blob: https:; media-src https: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 1
frame-ancestors 'self' http://actu.fr https://melody.publihebdos.demainunautrejour.com 1
frame-ancestors 'self' http://hwifi.hinet.net https://times.hinet.net https://www.hinet.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.love4porn.com love4porn.com a.magsrv.com ajax.cloudflare.com strbh.com ads.exoclick.com creative.videostube.live www.googletagmanager.com www.google-analytics.com; 1
default-src 'self'; script-src 'self' ads.dragonfru.it js-agent.newrelic.com bam.nr-data.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ 'nonce-tBTUvY4oWRRyf0neSznFqw=='; style-src 'self' 'unsafe-inline'; connect-src 'self' ads.dragonfru.it bam.nr-data.net plausible.dragonfru.it; object-src 'self' static1.e621.net static1.e926.net; media-src 'self' static1.e621.net static1.e926.net; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/; font-src 'self'; img-src 'self' data: static1.e621.net static1.e926.net ads.dragonfru.it; child-src 'none'; form-action 'self' discord.e621.net discord.com 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=00v53i9iqu5nd&partner=; 1
frame-ancestors 'self' https://www.ruliweb.com https://bbs.ruliweb.com https://m.ruliweb.com https://market.ruliweb.com https://mypi.ruliweb.com https://user.ruliweb.com https://api.ruliweb.com https://bbs.ruliweb.com 1
frame-ancestors 'self' https://*.betway.co.za; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.xvideos.es *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.xvideos.es *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.es/csp-reports; report-to csp-endpoint 1
script-src 'nonce-EACgZtEo49Ia5lo6FmBAG8pp2vM=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample'; object-src 'self' *.content.kidsa-z.com; frame-ancestors 'self' https://*.kidsa-z.com https://*.readinga-z.com https://*.raz-plus.com https://*.raz-kids.com https://*.headsprout.com https://*.sciencea-z.com https://*.writinga-z.com https://*.vocabularya-z.com https://*.readytesta-z.com https://*.foundationsa-z.com;base-uri 'none'; report-uri /api/strict-csp-report; 1
frame-ancestors https://*.prokerala.com; 1
font-src 'self'; frame-src 'self' https://www.youtube.com http://www.google.com http://maps.google.com https://live.teletip.saglik.gov.tr https://mhrstest.sagliknet.saglik.gov.tr/ https://mhrstest.sagliknet.saglik.gov.tr/responsive https://testnvcovid.saglik.gov.tr https://www.mhrs.gov.tr https://prd.mhrs.gov.tr https://msrstest.mhrs.gov.tr https://healthpass.saglik.gov.tr/ https://sec.teletip.saglik.gov.tr https://teleradyoloji.saglik.gov.tr https://neyimvar.gov.tr/ connect-src 'self' https://msrstest.mhrs.gov.tr 1
frame-ancestors 'self' ebooks.t4edu.com ebooks.madrasati.sa iencontent.ien.edu.sa lti.server.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://ajax.googleapis.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/pichu-static 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-54c2479b-2b1e-4b7c-91f6-16dd9c42f4a9' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://l.sharethis.com https://maps.googleapis.com  https://aiprd.nbf.ae https://www.googletagmanager.com                                                                 https://buttons-config.sharethis.com https://l.sharethis.com https://platform-api.sharethis.com https://connect.facebook.net                                                                  https://snap.licdn.com https://www.google-analytics.com https://t.sharethis.com https://www.facebook.com https://platform-cdn.sharethis.com http://tools.euroland.com https://z.moatads.com https://www.visa.com https://bcp.crwdcntrl.net https://youtube.com https://www.youtube.com;  img-src 'self' https://www.facebook.com https://platform-cdn.sharethis.com https://px.ads.linkedin.com https://t.sharethis.com https://platform-cdn.sharethis.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://s7.addthis.com https://z.moatads.com https://buttons-config.sharethis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://t.sharethis.com  https://v1.addthisedge.com https://m.addthis.com;   connect-src 'self' https://l.sharethis.com https://l.sharethis.com/pview https://maps.googleapis.com https://stats.g.doubleclick.net; frame-src 'self' https://nbf.bankbuddy.ai https://t.sharethis.com https://s7.addthis.com https://aiprd.nbf.ae https://www.facebook.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;                                                      style-src-elem 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdnjs.cloudflare.com; 1
script-src *.airslate.com *.googleapis.com *.pdffiller.com *.mrkhub.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.bing.com *.googleadservices.com *.facebook.net *.fullstory.com *.doubleclick.net *.google.com *.google.com.ua *.twitter.com *.usrsprt.com *.gstatic.com *.stripe.com *.ads-twitter.com *.hotjar.com *.aspnetcdn.com *.ckeditor.com *.cloudflare.com *.clarity.ms *.zoominfo.com *.clickagy.com *.driftt.com *.sc-static.net *.wpengine.com *.orpluto.com *.quora.com 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' https://*.tealiumiq.com; img-src 'self' https://*.tiqcdn.com https://tealium.com https://*.tealium.com https://*.tealium.net https://*.tealiumlabs.com https://cdn.pendo.io https://app.pendo.io https://data.pendo.io https://pendo-static-6231259435368448.storage.googleapis.com https://*.tealiumiq.com https://image-charts.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tiqcdn.com https://play.vidyard.com https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://data.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-6231259435368448.storage.googleapis.com https://*.tealiumiq.com https://*.tealium.com https://*.tealium.net https://*.tealiumlabs.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://pendo-static-6231259435368448.storage.googleapis.com https://app.pendo.io https://cdn.pendo.io https://*.tealiumiq.com https://*.tealium.com https://*.tealium.net https://*.tealiumlabs.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://*.tealium.com https://*.tealium.net https://*.tealiumlabs.com https://*.tealiumiq.com data:; child-src https://fonts.gstatic.com https://*.typekit.net https://*.tealium.com https://*.tealium.net https://*.tealiumlabs.com https://*.tealiumiq.com data:; connect-src 'self' wss://*.tealiumiq.com ws://*.tealiumiq.com https://*.tealiumiq.com https://*.tealium.com https://*.optimizely.com https://solutions.tealium.net https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://api.feedback.us.pendo.io https://pendo-static-6231259435368448.storage.googleapis.com https://*.split.io https://rum.browser-intake-datadoghq.com https://*.tealium.com https://*.tealiumlabs.com https://*.tlium.com; object-src 'none' ; frame-ancestors 'self' https://app.pendo.io; frame-src 'self' https://app.pendo.io *.workato.com *.quicksight.aws.amazon.com https://*.tealium.com https://*.tealium.net https://*.youtube.com https://*.vimeo.com https://*.figma.com; report-uri /urest/datacloud/csp; media-src 'self' https://*.youtube.com https://*.vimeo.com; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.eloqua.com *.en25.com *.id.opendns.com *.msecnd.net *.youtube.com cdn.ampproject.org cse.google.com http://assets.rulis.fao.org http://cdn.matomo.cloud http://clients1.google.com http://foris.fao.org https://api.altmetric.com/ https://buttons-config.sharethis.com https://cdn.amcharts.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/flatpickr https://cdn.matomo.cloud https://cdn.tiny.cloud https://code.jquery.com https://count-server.sharethis.com https://dec.azureedge.net/ https://d1bxh8uas1mnw7.cloudfront.net/ https://embedr.flickr.com https://fao.matomo.cloud https://form.jotform.com https://npmcdn.com/flatpickr/dist/l10n/ https://platform-api.sharethis.com https://public.tableau.com/ https://rulis.dev.aws.fao.org https://rulis.fao.org https://tableau.apps.fao.org https://w.soundcloud.com https://widgets.flickr.com https://www.fao.org https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net s3.amazonaws.com unpkg.com www.googletagmanager.com https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/ https://cdn.datatables.net/ https://public.flourish.studio/ https://www.google-analytics.com/ https://fao-test.atmire.com/ https://fao-prod.atmire.com/ https://openknowledge.fao.org/ https://ui.customsearch.ai/api/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.cdn.jsdelivr.net *.opendns.com cdn.jsdelivr.net http://assets.rulis.fao.org http://foris.fao.org http://www.ipcinfo.org https://cdn.firebase.com/libs/firebaseui/ https://cdn.tiny.cloud https://d1bxh8uas1mnw7.cloudfront.net https://design-system.fao.org https://p.typekit.net https://platform-api.sharethis.com https://rulis.dev.aws.fao.org https://rulis.fao.org https://use.typekit.net https://www.fao.org https://www.fao.org/fileadmin unpkg.com http://code.jquery.com/ https://cdnjs.cloudflare.com/ data: https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/ https://cdn.datatables.net/ https://faodata.wufoo.com/ https://player.4am.ch/ https://hosteduxprod.blob.core.windows.net/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net *.eloqua.com *.nocs.fao.org clients1.google.com cse.google.com http://nocs.fao.org http://public.tableau.com/ https://*.dec.sitefinity.com https://*.insight.sitefinity.com https://badges.altmetric.com https://code.jquery.com/ https://farm8.staticflickr.com https://fenixrepo.fao.org https://geoservices.un.org https://img.youtube.com https://www.ipcinfo.org/ https://l.sharethis.com https://live.staticflickr.com https://nocs.fao.org https://pro-ags1.dfs.un.org https://sp.tinymce.com https://unpkg.com https://vumbnail.com https://www.fao.org platform-cdn.sharethis.com track.hubspot.com www.google.com www.googletagmanager.com www.fao.org http://code.jquery.com/ https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ www.facebook.com http://www.fao.org/3/ https://public.flourish.studio/ https://www.google-analytics.com/ https://coin.fao.org/ https://sfcs.fao.org/images/ https://website-assets.commoninja.com/ https://hosteduxprod.blob.core.windows.net/ https://openknowledge.fao.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.opendns.com cdn.jsdelivr.net http://fenixrepo.fao.org/ https://p.typekit.net https://rulis.dev.aws.fao.org/ https://rulis.fao.org/ https://use.typekit.net https://www.fao.org https://www.ipcinfo.org https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/; frame-src 'self' http://assets.rulis.fao.org/ http://foris.fao.org/ http://newsletters.fao.org/ http://public.tableau.com/ http://www.fao.org/ https://c.sharethis.mgr.consensu.org/ https://cse.google.com/ https://data.apps.fao.org/ https://datawrapper.dwcdn.net/ https://flickrembed.com/ https://form.jotform.com/ https://forms.office.com/ https://map.ipcinfo.org/ https://my.walls.io/ https://open.spotify.com/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://tableau.apps.fao.org/ https://w.soundcloud.com/ https://www.fao.org/ https://www.google.com/ https://www.youtube.com/ https://foodandagricultureorganization.shinyapps.io/ https://uploads.knightlab.com/ https://fao-gift2-review.firebaseapp.com/ https://fao-gift2.firebaseapp.com/ https://app.powerbi.com/ https://datalab.fao.org/ https://flo.uri.sh/ https://faoeventregistration.powerappsportals.com/ https://food-systems.rowsquared.com/ https://faodata.wufoo.com/ https://docs.google.com/ https://mediafao00-meride-tv.akamaized.net/ https://player.4am.ch/; connect-src 'self' accounts.google.com *.g4qlhfvv80.execute-api.eu-west-1.amazonaws.com *.mktoresp.com *.visualstudio.com https://api.ipcinfo.org https://embedr.flickr.com https://fao.matomo.cloud https://fao-pws-prod.appspot.com/ https://g4qlhfvv80.execute-api.eu-west-1.amazonaws.com https://gift-api-flex-dot-fao-gift2-review.appspot.com/ https://ipc-api-ch-v1.s3.amazonaws.com/ https://l.sharethis.com https://maps.googleapis.com https://nominatim.openstreetmap.org https://platform-api.sharethis.com https://rulis.dev.aws.fao.org https://rulis.fao.org/ http://restapi/adminapp/ https://gift-api-flex-dot-fao-gift2.appspot.com/ https://www.googleapis.com/ https://firestore.googleapis.com/ https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com http://intranet-meetings.aws.fao.org https://www.fao.org https://accounts.accesscontrol.windows.net https://unfao.sharepoint.com https://datalab.fao.org https://www.google-analytics.com/ https://region1.google-analytics.com https://pbf8yxe90a.execute-api.eu-west-1.amazonaws.com/ https://fao-test.atmire.com/ https://fao-prod.atmire.com/ https://ui.customsearch.ai/api/ https://openknowledge.fao.org/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; frame-ancestors 'self' https://faoeventregistration.powerappsportals.com/ 1
frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com ppe.sps.honeywell.com; 1
default-src 'self' gso.amocrm.ru; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com http://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://seal.starfieldtech.com 'sha256-6/v+FSMWnmvsGNghwyNkr2VwAMemIky1qH4GhuhErw8=' 'unsafe-hashes' piper.amocrm.ru gso.amocrm.ru https://my.hellobar.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com gso.amocrm.ru connect.facebook.net; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.amocrm.ru chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl; worker-src 'none'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.postimg.cc https://seal.godaddy.com https://widgets.amocrm.ru piper.amocrm.ru gso.amocrm.ru https://assets.hellobar.com https://www.google-analytics.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md; frame-src 'self' www.facebook.com www.googletagmanager.com piper.amocrm.ru gso.amocrm.ru forms.amocrm.ru button.amocrm.ru https://www.youtube.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.amocrm.ru https://appbroker.amostage.ru https://appbroker.amocrm.ru gso.amocrm.ru lc-ru.amocrm.com https://pro.ip-api.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md; base-uri 'self'; 1
default-src 'self' ; img-src * data: ; script-src 'unsafe-eval' 'self' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com tagmanager.google.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mailto: data: census.gov *.census.gov http://www.census.gov house.gov *.house.gov senate.gov *.senate.gov *.ytimg.com *.youtube.com *.twitter.com *.facebook.net *.facebook.com touchpoints.app.cloud.gov *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.doubleclick.net *.jquery.com *.govdelivery.com *.highcharts.com *.adobe.com *.adobedtm.com *.amsadobe.com *.demdex.net *.omtrdc.net *.everesttech.net *.arcgisonline.com *.digitalgov.gov *.tableau.com *.instagram.com *.go-mpulse.net *.askstat.io *.c-span.org sitecatalyst.omniture.com authorize.omniture.com; 1
base-uri 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; form-action *; frame-ancestors 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; object-src 'none'; 1
style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' https: blob:; frame-src 'self' https: https://optimize.google.com; font-src 'self' data: https: https://fonts.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; upgrade-insecure-requests; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com 1
default-src 'self'; img-src 'self' task.gda.pl *.task.gda.pl; script-src 'self'; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://bdr.piwik.pro https://bdr.containers.piwik.pro; img-src 'self' data:; script-src 'self' 'nonce-2uwnFjFVplycN0peNGP6vCSC8FfHy/ZTBq4R3zCue+E=' https://bdr.piwik.pro https://bdr.containers.piwik.pro; style-src 'self' 'nonce-2uwnFjFVplycN0peNGP6vCSC8FfHy/ZTBq4R3zCue+E='; font-src 'self' data:; 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-ap9bxAGARbh4YWYIOJ0Vbivmq1uu2URQ+CqnrfFUoLKHw3w1TG' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com; 1
script-src 100027498.collect.igodigital.com cdns.brsrvr.com servedby.flashtalking.com *.googletagservices.com *.wal.co *.samsclubresources.com *.googletagmanager.com *.google.com *.doubleclick.net bam.nr-data.net cdn.ampproject.org d1n00d49gkbray.cloudfront.net connect.facebook.net tr6.smarterhq.io *.googleadservices.com intljs.rmtag.com *.mparticle.com cdn.branch.io acdn.adnxs.com app.link *.linksynergy.com *.criteo.net *.walmart.com *.googlesyndication.com *.typekit.net gf47k2jv.micpn.com content.syndigo.com services.xg4ken.com *.criteo.com *.recaptcha.net *.samsclub.com *.googleapis.com bat.bing.com pixel.mathtag.com *.bazaarvoice.com *.microsoft.com cdn.cookielaw.org *.gstatic.com *.demdex.net salsify-ecdn.com *.brightcove.net media.flixfacts.com a.sellpoint.net *.moatads.com media.flixcar.com *.cnetcontent.com *.webcollage.net *.doubleverify.com *.perimeterx.net *.iesnare.com *.brightcove.com *.zencdn.net *.affirm.com resources.xg4ken.com *.px-cdn.net *.quantummetric.com *.arkoselabs.com *.oraclecloud.com s.pinimg.com ct.pinterest.com *.livelook.com *.flix360.io *.widget.custhelp.com *.fbot.me *.rewardstyle.com *.tiktok.com i5.walmartimages.com edge.curalate.com cdn.cs.1worldsync.com cdn.cnetcontent.com cc.cnetcontent.com cc.cs.1worldsync.com js.adsrvr.org play.eko.com *.1worldsync.com *.adsafeprotected.com blob: 'self' 'unsafe-inline' 'unsafe-eval';  object-src 'none'; base-uri 'self'; report-uri  https://csp.walmart.com/c/r/sams 1
default-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/; style-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ 'unsafe-inline'; script-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ https://ssl.google-analytics.com/ga.js 'unsafe-inline' resource: data: blob:; img-src 'self' https://www.freebsd.org/ https://docs.freebsd.org https://ssl.google-analytics.com/ https://chart.googleapis.com/ data: blob:; upgrade-insecure-requests 1
default-src 'none'; connect-src 'self'  https://medlineplus.gov www.google-analytics.com stats.g.doubleclick.net *.crazyegg.com *.qualtrics.com; font-src 'self' data: https://medlineplus.gov ; media-src 'self' https://medlineplus.gov ; worker-src 'self' blob: https://medlineplus.gov ; frame-src https://medlineplus.gov  www.googletagmanager.com https://platform.twitter.com:443 https://syndication.twitter.com:443; frame-ancestors 'self' https://guides.nnlm.gov https://medlineplus.gov; img-src 'self' data: https://medlineplus.gov https://accreditnet.urac.org https://content.govdelivery.com https://ssl.adam.com/ www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net https://syndication.twitter.com:443 https://platform.twitter.com:443 *.twimg.com *.qualtrics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443 syndication.twitter.com https://dap.digitalgov.gov *.crazyegg.com www.google-analytics.com www.googletagmanager.com *.cloudfront.net *.nlm.nih.gov ajax.googleapis.com cdn.syndication.twimg.com *.qualtrics.com; style-src 'self' 'unsafe-inline' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443; object-src 'none'; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' apikeys.civiccomputing.com app.vacancy-filler.co.uk s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; style-src 'self' 'unsafe-inline' apikeys.civiccomputing.com app.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/css/; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.cloudflare.com analytics.silktide.com https://js.monitor.azure.com/scripts/b/ai.2.min.js ajax.aspnetcdn.com/ajax/signalr/jquery.signalr-2.1.2.min.js apikeys.civiccomputing.com apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/ app.vacancy-filler.co.uk cc.cdn.civiccomputing.com/8/cookieControl-8.2.min.js cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.8/FileSaver.min.js clapi.civiccomputing.com content.googleapis.com/ https://*.speechstream.net https://20.26.48.39 https://apis.google.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk  https://wikisum.texthelp.com/ player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ webservices.data-8.co.uk/javascript/predictiveaddress.js wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/js/; img-src 'self' data: https://i.vimeocdn.com/video/ https://icostorageprod.blob.core.windows.net https://our.umbraco.com/ https://dashboard.umbraco.org/ https://umbraco.tv/ apikeys.civiccomputing.com app.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org https://webservices.data-8.co.uk player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/image/ https://chatbot.ico.org.uk/image/; child-src 'self' https://secure6.arcot.com/ https://pay.realexpayments.com/ apikeys.civiccomputing.com https://app.powerbi.com app.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://content.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/; connect-src 'self' blob: a.eu.silktide.com https://our.umbraco.com/ https://dc.services.visualstudio.com/v2/track apikeys.civiccomputing.com app.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://*.speechstream.net https://20.26.48.39 https://babm.texthelp.com https://en.wikipedia.org/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://speechstreamv3-webservices-8.texthelp.com/ https://webservices.data-8.co.uk https://wikisum.texthelp.com/ https://www.gravatar.com/avatar/ player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; media-src 'self' blob: apikeys.civiccomputing.com app.vacancy-filler.co.uk clapi.civiccomputing.com content.googleapis.com/ https://*.speechstream.net https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk  player.vimeo.com/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/ s3-eu-west-1.amazonaws.com/smartfeed.vacancy-filler.co.uk/ICO/smartfeed.js smartfeed.vacancy-filler.co.uk/ICO/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; object-src 'none'; frame-src *; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-4e952091e8f8bba33aeaead8759185e7' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=2367186432715505; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=2367186432715505 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-5goHRzayb28rCK5T6FiizdZYWjQYXL' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 1
default-src 'self'; script-src 'self' analytics.hcaptcha.com a.hcaptcha.com js.hcaptcha.com newassets.hcaptcha.com assets.website-files.com assets-global.website-files.com d3e54v103j8qbb.cloudfront.net hcaptcha.com static.cloudflareinsights.com intuitionmachines.widget.insent.ai embed.typeform.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets-global.website-files.com embed.typeform.com 'unsafe-hashes'; object-src 'self' uploads-ssl.webflow.com; base-uri 'self'; connect-src 'self' analytics.hcaptcha.com a.hcaptcha.com accounts.hcaptcha.com newassets.hcaptcha.com assets.hcaptcha.com webflow.com cloudflareinsights.com; font-src 'self' embed.typeform.com data:; frame-src 'self' newassets.hcaptcha.com assets.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com form.typeform.com; img-src 'self' assets.website-files.com assets-global.website-files.com uploads-ssl.webflow.com embed.typeform.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' newassets.hcaptcha.com assets.hcaptcha.com a.hcaptcha.com dashboard.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com; upgrade-insecure-requests 1
report-uri /csp-violation; default-src 'self' https://*.huntress.io https://huntresscdn.com; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://huntresscdn.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://checkout.stripe.com https://huntresscdn.com https://static.hotjar.com https://script.hotjar.com https://api.canny.io; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://checkout.stripe.com https://huntresscdn.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://api.canny.io https://assets.canny.io https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://widget-mediator.zopim.com https://api.smooch.io https://huntresscdn.com; connect-src 'self' https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net wss://*.pusher.com https://*.sumologic.com https://checkout.stripe.com https://canny.io https://*.canny.io wss://*.canny.io https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://huntress.zendesk.com https://*.zopim.com https://api.smooch.io wss://huntress.zendesk.com wss://*.zopim.com wss://api.smooch.io https://sessions.bugsnag.com https://notify.bugsnag.com https://huntresscdn.com https://us-autocomplete-pro.api.smartystreets.com https://international-autocomplete.api.smarty.com https://webhooks.fivetran.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://beacon-v2.helpscout.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://changelog-widget.canny.io; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://www.google-analytics.com https://static.hotjar.com/ https://script.hotjar.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://linkmaker.itunes.apple.com https://*.stripe.com https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://media.smooch.io https://huntresscdn.com https://s3-eu-west-1.amazonaws.com; media-src 'self' https://beacon-v2.helpscout.net https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://huntresscdn.com 1
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 1
frame-ancestors 'self' https://*.tamu.edu 1
frame-ancestors 'self'; upgrade-insecure-requests;form-action 'self' slashdot.org slashdot.us15.list-manage.com;frame-src 'self' slashdot.org *.lijit.com *.btloader.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net challenges.cloudflare.com *.recaptcha.net recaptcha.net *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com slashdotmedia.com; object-src http://*.youtube.com;script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.jobbio.com *.script.ac *.defybrick.com *.aniview.com *.vidazoo.com *.pubmatic.com chimpstatic.com *.mailchimp.com mc.us15.list-manage.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com translate.google.cn *.gstatic.cn *.google.com *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.recaptcha.net recaptcha.net *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com adservice.google.ad adservice.google.ae adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.kr adservice.google.co.th adservice.google.co.uk adservice.google.co.zw adservice.google.com.au adservice.google.com.bo adservice.google.com.hk adservice.google.com.mx adservice.google.com.ph adservice.google.com.pk adservice.google.com.sa adservice.google.com.sg adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.hu adservice.google.ie adservice.google.it adservice.google.li adservice.google.lu adservice.google.mu adservice.google.mv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.se adservice.google.sk adservice.google.com.br adservice.google.com.ar adservice.google.cl adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.es adservice.google.hr adservice.google.im adservice.google.lk adservice.google.me adservice.google.mg adservice.google.com.mm adservice.google.com.ng adservice.google.com.np adservice.google.com.pr adservice.google.com.uy adservice.google.co.za adservice.google.jo adservice.google.bs adservice.google.al adservice.google.co.tz adservice.google.rw adservice.google.hn adservice.google.lt adservice.google.iq adservice.google.si adservice.google.bj adservice.google.co.ao adservice.google.com.gh adservice.google.kz adservice.google.com.eg adservice.google.com.ec adservice.google.co.ve adservice.google.com.py adservice.google.lv adservice.google.mn adservice.google.com.bn adservice.google.tn adservice.google.ml adservice.google.is adservice.google.com.sv adservice.google.com.bz adservice.google.az adservice.google.gt adservice.google.sn adservice.google.cm adservice.google.com.kh adservice.google.ge adservice.google.com.et adservice.google.com.pe adservice.google.com.ly adservice.google.co.mz adservice.google.com.bh adservice.google.com.mt adservice.google.ps adservice.google.so adservice.google.bf adservice.google.co.nz adservice.google.com.gt adservice.google.co.zm adservice.google.je adservice.google.cv adservice.google.la adservice.google.bi adservice.google.com.jm adservice.google.tt adservice.google.com.kw adservice.google.cd adservice.google.gy adservice.google.tg adservice.google.com.af adservice.google.com.lb adservice.google.sr adservice.google.com.ni adservice.google.ki adservice.google.com.na adservice.google.ht adservice.google.nr adservice.google.td adservice.google.co.ls adservice.google.gl adservice.google.bt adservice.google.tm adservice.google.com.vc adservice.google.co.bw adservice.google.vg adservice.google.as adservice.google.cg adservice.google.com.ag adservice.google.com.tj adservice.google.dm adservice.google.to adservice.google.dj adservice.google.cf adservice.google.ws adservice.google.st adservice.google.gm adservice.google.fm adservice.google.com.sb adservice.google.com.pg adservice.google.com.gi adservice.google.com.ai adservice.google.co.ck adservice.google.ru adservice.google.nu adservice.google.com.my adservice.google.com.bd adservice.google.ci adservice.google.co.cr adservice.google.co.ke adservice.google.co.ug adservice.google.co.uz adservice.google.co.vi adservice.google.ms adservice.google.com.fj adservice.google.com.om adservice.google.com.pa adservice.google.com.qa adservice.google.ga adservice.google.gg adservice.google.kg adservice.google.md adservice.google.mk adservice.google.mw adservice.google.ne adservice.google.sm adservice.google.tl adservice.google.sc adservice.google.vu 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https: *.treasuredata.com 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-FkeF0Y3NQ5-gkhQaoMPzzQ' 'unsafe-inline' blob: https:; 1
default-src 'self' spotify.okta.com *.oktacdn.com; connect-src 'self' spotify.okta.com spotify-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com spotify.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spotify.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' spotify.okta.com *.oktacdn.com; frame-src 'self' spotify.okta.com spotify-admin.okta.com login.okta.com ok4-devicetrust.okta.com com-okta-authenticator: api-0f3c7c4d.duosecurity.com; img-src 'self' spotify.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' spotify.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://dashboards.spotify.net; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-dgrKMMC1v/OQ/wKvfi8V9dm0xQFjjn' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'none';manifest-src 'self';object-src 'none';worker-src 'self' blob:; 1
default-src 'self' *.uspto.gov *.qualtrics.com data: https:;  frame-ancestors 'self' *.youtube.com *.ytimg.com *.govdelivery.com; img-src 'self' *.uspto.gov *.googletagmanager.com *.qualtrics.com *.jwpltx.com data: *.govdelivery.com *.google-analytics.com *.gstatic.com *.youtube.com *.ytimg.com; style-src 'self' *.uspto.gov *.googleapis.com addtocalendar.com *.govdelivery.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' *.uspto.gov addtocalendar.com *.qualtrics.com *.jwpcdn.com *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.youtube.com  *.ytimg.com search.usa.gov *.govdelivery.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' 'https://karnataka.gov.in' 1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-9yDsPlSG8JD9OCto4jC0NQ==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1705973700046831-17340401273072714435-balancer-l7leveler-kubr-yp-vla-163-BAL-597&yandexuid=6727144351705973700&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=&yandexuid=; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net ya.ru *.ya.ru; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' 1
font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-lgJnwAolJEfUZqcADCe937u5G/i9edAudHv5GJlMHHo=' 'sha256-f4ki6ad4xHBnfj+FbRBUifEbj0rzaa2pNLDbnZ3IEMs=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-Y/HIjyFCMWLG5aCowKhGBKP5em9S2M097hRagv3TXQ0=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-qmxgNLBk8DehEAH10pxGKDVGIrss69LIPlCGOCw3O78='; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net; base-uri 'none'; object-src 'none'; img-src * data: blob:; default-src 'self' *.gstatic.com storage.googleapis.com; require-trusted-types-for 'script'; media-src 'self' *.gstatic.com storage.googleapis.com *.googlevideo.com 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-6708c541-f85f-4eb5-ad37-46fac88f21aa' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-6708c541-f85f-4eb5-ad37-46fac88f21aa' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-6708c541-f85f-4eb5-ad37-46fac88f21aa' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-6708c541-f85f-4eb5-ad37-46fac88f21aa' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://cdn.transcend.io; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-SCXp7QTwQ0X+1UGAk+TRYQ=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-Zjk0YjhlMjMtZDlhOC00MDY4LWI1M2UtMjg4YjJlNjlhMmRi'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
frame-ancestors *.icann.org 1
default-src 'self' https://d3ds6z1w6yhmzj.cloudfront.net; script-src-elem 'self' 'strict-dynamic' 'nonce-e140a569ad2f2b9b121a0569046be28324cf4df2415517591b724a5e584923c9' 'unsafe-inline' 'unsafe-eval' https: https://d3ds6z1w6yhmzj.cloudfront.net https://analytics.twitter.com https://cdn.jsdelivr.net https://code.jquery.com https://ispottv.widget.insent.ai https://kit.fontawesome.com https://pi.pardot.com https://static.ads-twitter.com https://tagmanager.google.com https://track.gaconnector.com https://tracker.gaconnector.com https://www.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://www2.ispot.tv; style-src-elem 'self' 'nonce-e140a569ad2f2b9b121a0569046be28324cf4df2415517591b724a5e584923c9' https://d3ds6z1w6yhmzj.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; script-src 'self' 'strict-dynamic' 'nonce-e140a569ad2f2b9b121a0569046be28324cf4df2415517591b724a5e584923c9' 'unsafe-inline' 'unsafe-eval' https: https://d3ds6z1w6yhmzj.cloudfront.net https://analytics.twitter.com https://cdn.jsdelivr.net https://code.jquery.com https://ispottv.widget.insent.ai https://kit.fontawesome.com https://pi.pardot.com https://static.ads-twitter.com https://tagmanager.google.com https://track.gaconnector.com https://tracker.gaconnector.com https://www.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://www2.ispot.tv; style-src 'self' 'nonce-e140a569ad2f2b9b121a0569046be28324cf4df2415517591b724a5e584923c9' https://d3ds6z1w6yhmzj.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://event.ispot.tv https://ispottv.widget.insent.ai https://ka-p.fontawesome.com https://static.ads-twitter.com https://track.gaconnector.com https://www.google-analytics.com https://stats.g.doubleclick.net https://videos-cdn.ispot.tv https://analytics.google.com https://ispottv.api.insent.ai https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.linkedin.oribi.io https://translate.googleapis.com https://readaloud.googleapis.com https://region1.analytics.google.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://ispottv.widget.insent.ai https://www.google.com https://www.youtube.com https://www2.ispot.tv https://platform.twitter.com https://app.vwo.com https://boards.greenhouse.io https://e.infogram.com https://td.doubleclick.net https://infogram-download-eu.s3.eu-west-1.amazonaws.com; media-src 'self' blob: https://videos-cdn.ispot.tv https://d3ds6z1w6yhmzj.cloudfront.net https://hub-cdn.ispot.tv; font-src 'self' https://d3ds6z1w6yhmzj.cloudfront.net data: https://fonts.gstatic.com; img-src 'self' data: https:; manifest-src 'self'; base-uri 'self' https://d3ds6z1w6yhmzj.cloudfront.net https://images-cdn.ispot.tv https://videos-cdn.ispot.tv; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self' *.ispot.tv; 1
img-src 'self' data: https://api.starlink.com https://analytics.starlink.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://cdn.cookielaw.org https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://t.co https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://*.cdn.adyen.com; connect-src 'self' https://api.starlink.com https://www.starlink.com https://analytics.starlink.com https://maps.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ https://*.tiles.mapbox.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googleapis.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; script-src 'self' 'unsafe-eval' 'sha256-2DEjUdQEjzQwkkDbMWsYDL4QmKAW/lOUg2LW1jQZICo=' 'sha256-2NpbIZvRgAEhRKnMNR6HJ9vRUbZu2P6w97ajM3zGN+8=' 'sha256-nzQvvRV+mw+Ved4Bd/Y4TPL8+F+jjs4Yt7M2sMSLO0s=' https://api.starlink.com https://maps.googleapis.com/ https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://analytics.starlink.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://static.ads-twitter.com https://connect.facebook.net https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; font-src 'self' https://api.starlink.com https://fonts.gstatic.com data: application/font-woff; style-src 'self' 'unsafe-inline' https://api.starlink.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://fonts.googleapis.com; frame-ancestors 'self' https://api.starlink.com; frame-src https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com; worker-src 'self' blob: ; child-src 'self' blob: ; 1
worker-src blob:; frame-ancestors 'self' https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com https://academy.asana.com; report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://js.driftt.com https://cdnjs.cloudflare.com https://api.ipify.org https://cdn.pdst.fm https://*.vimeocdn.com https://js.driftt.com https://widget.drift.com https://resources.asana.com https://w58858w0sjxx.statuspage.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.logs.datadoghq.com https://www.datadoghq-browser-agent.com https://tagmanager.google.com/debug https://t.contentsquare.net contentsquare.com app.contentsquare.com https://solve-widget.forethought.ai https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/ https://v2.listenloop.com https://boards.greenhouse.io/embed/job_board/js https://www.redditstatic.com/ads/pixel.js https://yjtag.jp/tag.js https://s.yjtag.jp/tag.js https://s.yimg.jp/ https://yjtag.yahoo.co.jp/tag https://analytics.tiktok.com/i18n/pixel/ https://s.pinimg.com/ct/ https://tag.demandbase.com/37001681d9f07945.min.js https://tag.clearbitscripts.com https://x.clearbitjs.com https://b92.yahoo.co.jp/rt/ https://t-antenna.asana.com/ https://scripts.postie.com/wbgboxjj/lp.1.js https://b91.yahoo.co.jp/pagead/ https://b98.yahoo.co.jp/ https://accounts.google.com/gsi/client  https://js.adstk.io/convpixel.js https://a.quora.com/qevents.js https://d34r8q7sht0t9k.cloudfront.net/tag.js 1
base-uri 'self'; block-all-mixed-content; child-src 'self' ; connect-src 'self' *.adobe.io *.adobelogin.com *.services.adobe.com wwwimages2.adobe.com sstats.adobe.com performance.typekit.net wss://performance.typekit.net use.typekit.net p.typekit.net primer.typekit.net api2.branch.io geo-dc.adobe.com prod.adobeccstatic.com *.behance.net ans.oobesaas.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com dc-api.adobecontent.io files.acrobat.com files-download2.acrocomcontent.com createpdf.acrobat.com/createpdf/api/ *.amazonaws.com prod.wopi.acrobat.adobe.com *.blob.core.windows.net cdn-sharing.adobecc.com files-asr.acrobat.com createpdf-asr.acrobat.com cloud-asr.acrobat.com upload2-asr.files.acrobat.com files-download2-asr.acrocomcontent.com jobtracker-asr.acrobat.com dc-api-v2.adobecontent.io cvs.adobe.com/content/ detect.adobedccdn.com:* *.sentry.io *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com fillsign.acrobat.com/api/ fillsign-asr.acrobat.com comments.acrobat.com send.acrobat.com send-asr.acrobat.com *.demdex.net adobe.tt.omtrdc.net commerce.adobe.com plan.adobe.com odin.adobe.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com/cookieconsentpub/ by2.uservoice.com client.messaging.adobe.com server.messaging.adobe.com graph.microsoft.com *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms *.storage.live.com blob: apis.google.com *.googleapis.com *.googleusercontent.com accounts.google.com/gsi/status accounts.google.com/gsi/log docs.google.com/feeds/ faster.typekit.net express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com *.go-mpulse.net *.akstat.io; default-src 'self' *.adobelogin.com/favicon.ico express.adobe.com; font-src 'self' data: *.adobe.com *.typekit.com *.typekit.net *.adobeccstatic.com *.behance.net *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com fonts.gstatic.com; form-action *.adobelogin.com *.officeapps.live.com login.live.com; frame-src 'self' data: blob: documentcloud.adobe.com acrobat.adobe.com *.adobe.io *.adobelogin.com *.services.adobe.com dc-api.adobecontent.io *.amazonaws.com *.blob.core.windows.net cdn-sharing.adobecc.com dc-api-v2.adobecontent.io *.officeapps.live.com login.live.com *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com *.demdex.net commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ acrobat.uservoice.com video.tv.adobe.com ui.messaging.adobe.com zeonchatclient-va6.cloud.adobe.io *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms content.googleapis.com/static/ accounts.google.com drive.google.com express.adobe.com express-embed.adobe.com express-embed.adobe.com new.express.adobe.com auth-light.identity.adobe.com; img-src 'self' about: blob: data: *.adobe.com p.typekit.net *.adobelogin.com *.acrobat.com *.acrocomcontent.com *.adobecontent.io *.adobe.io *.adobeccstatic.com *.behance.net www.facebook.com/tr *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com api.rocketlawyer.com ab.adobe-identity.com dpm.demdex.net cm.everesttech.net *.googleusercontent.com cdn.cookielaw.org; media-src 'self' ; manifest-src 'self'; script-src 'self' 'unsafe-eval' www.adobe.com wwwimages2.adobe.com *.adobelogin.com use.typekit.com use.typekit.net auth.services.adobe.com prod.adobeccstatic.com *.behance.net www.adobe.com/content/dam/cc/ www.adobe.com/content/dam/dx-dc/ static.adobesigncdn.com assets.adobedtm.com api.demandbase.com/api/v2/ip.json www.adobe.com/marketingtech/ commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/privacy.min.js www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/privacy-standalone.js cdn.cookielaw.org/scripttemplates/ cdn.cookielaw.org/consent/ cdn.cookielaw.org/logos/ geolocation.onetrust.com/cookieconsentpub/ geo2.adobe.com/json/ widget.uservoice.com by2.uservoice.com client.messaging.adobe.com apis.google.com/js/ accounts.google.com/gsi/client express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com c.go-mpulse.net s.go-mpulse.net 'sha256-8Va66obQmX/9ZIBcSdIDvQ3toMCglSOBRDmTDJCfgn8='; style-src *.adobe.com use.typekit.com use.typekit.net *.adobeccstatic.com *.adobesigncdn.com accounts.google.com/gsi/style 'self' 'unsafe-inline'; worker-src 'self' ; report-uri https://dc-api.adobe.io/system/csp; 1
frame-ancestors https://teams.powerbi.com 'self' https://teams.microsoft.com https://gov.teams.microsoft.us https://dod.teams.microsoft.us https://outlook.office.com https://outlook-sdf.office.com https://outlook.office365.com https://outlook-sdf.office365.com https://www.office.com https://scuprodprv.www.office.com https://www.microsoft365.com 1
frame-ancestors 'self' *.coe.int 1
base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://api-v1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: blob: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-YmE4NjJmODctMzg5Yy00YmQ5LWFmODktZmRjOTQ5NjU4NTY0' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 1
default-src 'self' data: *.atu.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.google.com https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://www.google.com; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors *.makerbot.com *.thingiverse.com *.mbot.me *.onshape.com *.makerbot.local *.thingiverse.local; 1
default-src 'self';base-uri 'self';script-src 'nonce-8ILEJ+w3MN83jM/w2a46Vg==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
default-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.minzdrav.gov.ru *.rosminzdrav.ru https://stat.sputnik.ru connect.mail.ru ok.ru vk.com connect.ok.ru pos.gosuslugi.ru; style-src 'self' 'unsafe-inline' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; media-src 'self' data: *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; img-src 'self' data: *; font-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; frame-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; connect-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru stat.sputnik.ru pos.gosuslugi.ru; upgrade-insecure-requests; 1
frame-ancestors 'self' *.wildberries.ru 1
frame-ancestors 'self' https://*.brightsites.co.uk; 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://seekingalpha.com/report/csp 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-ba97d00ae0e9ea75e03b18b6763c5892' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9511623619081957; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9511623619081957 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com 'unsafe-inline'; script-src 'nonce-aEjgwh25cR9rscbo2wd2ADNXlFpIRRYTlwE6OP4pktbj1gv7' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://nexus.ensighten.com https://*.go-mpulse.net https://*.akstat.io https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri https://*.ryanair.com https://*.laudamotion.com; child-src https://*.hotjar.com https://*.hotjar.io 'self'; worker-src https://*.ryanair.com 'self'; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.hotjar.com https://smetrics.ryanair.com https://*.hotjar.com https://*.hotjar.io https://*.boxever.com https://www.gstatic.com https://news.ryanair.com wss://*.hotjar.com https://www.rentalcars.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ad.doubleclick.net https://www.google.com https://www.ryanair.com https://api.ryanair.com https://assets.ryanair.com https://desktopapps.ryanair.com https://places-rooms.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; default-src 'self' https://ajax.googleapis.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; frame-src 'self' https://*.ryanair.com https://ryanair.demdex.net https://*.hotjar.com https://*.hotjar.io https://*.cdn-net.com https://*.accdab.net https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://ajax.googleapis.com https://assets.ryanair.com; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://dpm.demdex.net https://smetrics.ryanair.com https://www.gstatic.com https://cm.g.doubleclick.net https://*.criteo.com https://www.facebook.com https://play-lh.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com https://s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://v2uploads.zopim.io https://pixel.quantserve.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://play-lh.googleusercontent.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.fr164-11.ryanair.com https://assets.ryanair.com/; manifest-src https://*.ryanair.com https://*.laudamotion.com; object-src 'self' https://*.cdn-net.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.boxever.com https://*.cdn-net.com https://*.googleapis.com https://*.launchdarkly.com https://assets.ryanair.com https://bam.nr-data.net https://d1mj578wat5n4o.cloudfront.net https://js-agent.newrelic.com https://*.hotjar.com https://*.hotjar.io https://www.gstatic.com https://cdnjs.cloudflare.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.googleadservices.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://polyfill.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri /csp-report?app=homepage; 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn *.googleapis.com blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' zalo://* *.zalo.me zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com data: blob:; 1
default-src data: blob: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net;script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* static.cdninstagram.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.threads.net *.facebook.com *.instagram.com static.cdninstagram.com;connect-src blob: 'self' *.threads.net wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* *.instagram.com *.cdninstagram.com wss://*.instagram.com:*;font-src data: static.cdninstagram.com;img-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com about.fb.com engineering.fb.com www.gstatic.com *.fbsbx.com *.giphy.com pps.whatsapp.net;media-src data: blob: android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com www.gstatic.com *.fbsbx.com *.giphy.com;frame-src *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
frame-ancestors 'self'; report-uri https://logs.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pube4f163c23bbf91c16b8f57f56af9fc58&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=site%3Adatadoghq.eu 1
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 1
default-src 'self' curl.haxx.se www.curl.se curl.se; style-src 'unsafe-inline' 'self' curl.haxx.se www.curl.se curl.se; require-trusted-types-for 'script'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com s.ytimg.com *.googlesyndication.com *.hotjar.com *.createsend1.com *.newrelic.com *.nr-data.net blob:; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net *.google.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.vimeo.com; font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com use.typekit.net; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com *.google-analytics.com stats.g.doubleclick.net www.google.com *.hotjar.com wss://*.hotjar.com createsend.com; report-uri /report-csp-violation 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-MWEzZGVhMjAtOGRiNC00ZWNjLWIyYmYtYmY3MjQ2NDFjMTk0'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src https:;connect-src https:;font-src https: data:;frame-src http: https:;img-src https: data:;media-src https: data: blob:;object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src 'none'; form-action 'self' admin.hostpoint.ch www.facebook.com; frame-ancestors 'self' https://www.jobs.ch; frame-src 'self' *.fls.doubleclick.net *.hotjar.com maps.google.com optimize.google.com td.doubleclick.net tpc.googlesyndication.com www.facebook.com www.google.com www.googletagmanager.com; connect-src 'self' admin.hostpoint.ch adservice.google.com analytics.google.com *.analytics.google.com analytics.twitter.com bat.bing.com cdn.linkedin.oribi.io *.clarity.ms hostpointag.recruitee.com *.hotjar.com *.hotjar.io wss://*.hotjar.com maps.googleapis.com stats.g.doubleclick.net t.co www.facebook.com www.google.ch www.google.com *.google-analytics.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.analytics.google.com *.google-analytics.com www.googletagmanager.com optimize.google.com *; media-src 'self' hostpoint-static.ch; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' analytics.twitter.com bat.bing.com connect.facebook.net googleapis.com *.hotjar.com maps.googleapis.com optimize.google.com px.ads.linkedin.com snap.licdn.com sjs.bizographics.com ssl.google-analytics.com static.ads-twitter.com tpc.googlesyndication.com twitter.com *.clarity.ms www.gstatic.com www.google.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com www.linkedin.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com optimize.google.com; block-all-mixed-content; report-uri https://hostpoint.uriports.com/reports/report; report-to default; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-3f8419502ac648c2af32bf9c383b1d32'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'report-sample'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'report-sample' 'strict-dynamic' 'nonce-5cfb4f21b4e714e3b85f25fab924b41b'; connect-src 'self' https://api2.nicehash.com https://capture.trackjs.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.google.com/pagead https://www.google.com/pagead/landing https://adservice.google.com https://stats.g.doubleclick.net https://accounts.google.com/gsi/ wss://*.nicehash.com wss://*.ws.nicex.com http://localhost:18000 http://localhost:18001; img-src 'self' 'report-sample' https://api2.nicehash.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://adservice.google.com https://stats.g.doubleclick.net https://usage.trackjs.com https://i.ytimg.com https://img.youtube.com https://www.gstatic.com https://www.google.com https://play-lh.googleusercontent.com https://static.nicehash.com https://nicex.banxa.com/images/payment-providers/ data:; base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' https://static.nicehash.com data:; form-action 'self' https://api.nicehash.com; child-src 'self' https://recaptcha.net https://www.google.com https://youtube.com https://www.youtube.com https://api.sumsub.com https://widget.nicehash.com https://accounts.google.com/gsi/; report-uri /_csp_; report-to active 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com *.pdst.fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com; frame-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com *.pdst.fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com; media-src 'self' *.vgdynamic.info *.youtube-nocookie.com *.limelight.com *.llnw.net blob:; worker-src 'self' blob:; font-src 'self' *.vanguard.com *.vgcontent.info *.vgdynamic.info *.vgdynamic.info:* *.vgcontent.info:* data:; 1
script-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://fast.appcues.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' features.hrw.org www.googletagmanager.com static.chartbeat.com bat.bing.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com googleads.g.doubleclick.net *.clarity.ms js-agent.newrelic.com bam.nr-data.net www.instagram.com ajax.googleapis.com www.google-analytics.com code.jquery.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com www.youtube.com www.google.com maps.google.com maps.googleapis.com fast.wistia.net fast.wistia.com www.giftcalcs.com open-analytics.hrw.org open-analytics-dashboard.hrw.org www.googleanalytics.com www.googleoptimize.com *.crazyegg.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'report-sample' features.hrw.org maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com fonts.googleapis.com open-analytics-dashboard.hrw.org *.crazyegg.com blob: *.typekit.net fast.fonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; frame-ancestors 'self' features.hrw.org 1
script-src https://www.airtable.com https://airtable-marketing.herokuapp.com https://airtable.com https://static.airtable.com/ 'unsafe-inline' 'unsafe-eval' 'report-sample' https: blob:; style-src 'unsafe-inline' https:; block-all-mixed-content; object-src //pages.airtable.com; base-uri 'none'; report-uri https://airtable.com/.csp/report 1
frame-ancestors 'self' https://*.clickup.com 1
frame-ancestors 'self' pananames.com *.pananames.com 1
script-src 'nonce-f505d5b698bd44919352c2eec801e1d2' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytedance.net;connect-src 'self' http://localhost:25171 vc-gate.ndcpp.com *.hypercachenet.com:* *.ugslb.com *.vvipquan.com *.livehwc3.cn *.smtcdns.net *.bytefcdnrd.com zone1-services-cdn.com *.yhgfb-cn-static.com skincareadvertsking.com infragrid.v.network *.ksyungslb.com *.ksyungslb2.com  code.jquery.com ws://127.0.0.1:* www.wetab.link *.toutiaostatic.com *.douyinvod.com meetlookup.com *.sinaimg.cn xg.eggvod.cn tl.ytlogs.ru ocs-cn-north1.heytapcs.com analytics.google.com scriptcat.org tvax2.sinaimg.cn test.jpnet.cc q.qlogo.cn greasyfork.org translate.googleapis.com stats.g.doubleclick.net chrome-tools.shank.ifeng.com v7.pstatp.com wv.china.expressplay.cn cdnmd.global-cache.online safe.usergrowth.com.cn hm.baidu.com *.byteacctimg.com *.tbcache.com *.jomodns.com *.volcsiriusbd.com:* *.volcsirius.com:* *.bsgslb.cn:* *.zzcdnx.com:* *.bsccdn.net:* *.ourdvsss.com:* *.idouyinvod.com:* *.snssdk.com *.volcimagex.net *.bdxiguaimg.com *.toutiaoimg.com *.bytedance.com *.bdxiguastatic.com *.ixigua.com *.byteeffecttos.com *.itoutiaoimg.com *.toutiao.com *.365yg.com *.govwza.cn trans.xdtsmart.com *.douyinpic.com wx.qlogo.cn *.google-analytics.com *.zijieapi.com *.byteimg.com *.bytescm.com *.bytedance.net;report-to slardar-endpoint; 1
form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com api-a3b78b57.duosecurity.com; img-src 'self' data: caltech-prod.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com googleapis.com www.facebook.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com; media-src 'self' www.youtube.com player.vimeo.com; default-src 'self'; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com googleapis.com api.duosecurity.com browser.sentry-cdn.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net cdn.datatables.net www.youtube.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; base-uri 'self' *.caltech.edu; connect-src 'self' www.google-analytics.com stats.addtoany.com sentry.io maps.googleapis.com googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net api-a3b78b57.duosecurity.com cdn.knightlab.com www.buzzsprout.com caltech.us5.list-manage.com eyes.nasa.gov; frame-ancestors 'self' *.caltech.edu; font-src 'self' public.slidesharecdn.com fonts.gstatic.com https://script.hotjar.com data:; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com googleapis.com *.google.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com; report-uri /_csp 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1
default-src 'self' *.depositphotos.com depositphotos.com; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src * blob: data:; child-src *; media-src * blob:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.zeotap.com; default-src https:; connect-src https://*.zeotap.com wss://*.zeotap.com api.amplitude.com *.googleapis.com; object-src 'none'; font-src * https://fonts.gstatic.com; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *.zeotap.com online.tableau.com cdn.amplitude.com; style-src 'unsafe-inline' *.zeotap.com cdnjs.cloudflare.com unpkg.com fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://cdnjs.cloudflare.com https://cdn.pardot.com https://cdn.plot.ly https://*.doubleclick.net https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.libanswers.com https://*.mcgill.ca https://mcgill.flintbox.com https://pardot.analytics.mcgill.ca https://pi.pardot.com https://public.tableau.com https://*.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://tableau.apb.mcgill.ca https://*.technolutions.net https://*.twitter.com https://unpkg.com https://www.facebook.com https://www.gstatic.com https://www.youtube.com https://*.youvisit.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://cdnjs.cloudflare.com https://cdn.pardot.com https://cdn.plot.ly https://*.doubleclick.net https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.libanswers.com https://*.mcgill.ca https://mcgill.flintbox.com https://pardot.analytics.mcgill.ca https://pi.pardot.com https://public.tableau.com https://*.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://tableau.apb.mcgill.ca https://*.technolutions.net https://*.twitter.com https://unpkg.com https://www.facebook.com https://www.gstatic.com https://www.youtube.com https://*.youvisit.com; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://*.googleapis.com https://*.technolutions.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://*.googleapis.com https://*.mcgill.ca https://*.technolutions.net https://www.gstatic.com; img-src https: http: data: blob: ; media-src 'self' data: https://*.gstatic.com https://www.youtube.com; frame-src 'self' https://app.powerbi.com https://*.doubleclick.net https://forms.office.com https://*.googlesyndication.com https://*.libanswers.com https://login.microsoft.com https://login.microsoftonline.com https://*.mcgill.ca https://mcgill.flintbox.com https://pardot.analytics.mcgill.ca https://platform.twitter.com https://public.tableau.com https://syndication.twitter.com https://tableau.apb.mcgill.ca https://www.facebook.com https://www.googleadservices.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://*.youvisit.com ms-appx-web://; font-src 'self' data: https://*.gstatic.com https://*.typekit.net chrome-extension ms-browser-extension moz-extension; connect-src 'self' data: properties https://adservice.google.com https://*.analytics.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.doubleclick.net https://*.g.doubleclick.net https://future.mcgill.ca https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google-analytics.com https://*.googleapis.com https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.com https://*.google.co.ma https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.googlesyndication.com https://*.googletagmanager.com https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vu https://*.google.ws https://*.hotjar.com https://*.hotjar.io https://*.libanswers.com https://*.qualtrics.com https://*.technolutions.net https://www.facebook.com wss://*.hotjar.com; worker-src 'self' blob:; report-uri /report-csp-violation 1
child-src 'self' blob:;connect-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi blob: https://*.akamaized.net https://*.kaltura.com https://endpoint.finnpanel.fi https://*.chartbeat.net https://api.mapbox.com https://events.mapbox.com https://api.flockler.com https://plugins.flockler.com https://*.stat.fi https://sak.userreport.com https://*.enetscores.com/ wss://migratory.enetpulse.com https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;default-src 'self';font-src data: https://yle.fi https://*.yle.fi https://*.enetscores.com/;frame-src 'self' https://docs.google.com/forms/ https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://infogram.com https://e.infogram.com https://platform.twitter.com https://www.instagram.com https://tag.userreport.com https://chartbeat.com https://static2.chartbeat.com https://flockler.com/plugins/upload-form/ https://assets-decodeurs.lemonde.fr;img-src 'self' data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://ping.chartbeat.net https://*.akamaized.net https://*.akamaihd.net https://*.analytics.edgekey.net https://*.cloudinary.com https://*.kaltura.com https://syndication.twitter.com https://visitanalytics.userreport.com https://flockler.com https://media-api.flockler.com https://fl-1.cdn.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;manifest-src 'self';media-src blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaihd.net https://*.akamaized.net https://*.kaltura.com;object-src 'none';script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://static.chartbeat.com https://static2.chartbeat.com https://tunnus-sdk.yle.fi https://*.analytics.edgekey.net https://*.kaltura.com https://www.gstatic.com https://sak.userreport.com https://infogram.com https://e.infogram.com https://platform.twitter.com/ https://www.instagram.com/embed.js https://platform.instagram.com/ https://embed-cdn.flockler.com/embed-v2.js https://fl-1.cdn.flockler.com/ https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;style-src 'self' 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://fl-1.cdn.flockler.com/ https://*.enetscores.com/;style-src-elem 'self' 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://api.mapbox.com/ https://*.enetscores.com/;upgrade-insecure-requests;report-to csp-report-endpoint;report-uri https://csp.aws.yle.fi/index 1
default-src *.msi.com *.msi.cn https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.msi.com *.msi.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.msi.com sdqk.me giphy.com *.youtube.com www.youtube-nocookie.com http://www.youtube.com *.facebook.com *.doubleclick.net *.hotjar.com frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://optimize.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.redditstatic.com https://connect.facebook.net https://analytics.tiktok.com https://analytics.twitter.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://secure.adnxs.com 'unsafe-inline'; style-src 'self' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://consentcdn.cookiebot.com https://vitals.vercel-insights.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://analytics.tiktok.com https://t.co https://cds.taboola.com https://trc-events.taboola.com https://kite-web.production.data.aws.jagex.com; img-src 'self' data: https://images.ctfassets.net https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://*.fls.doubleclick.net https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://optimize.google.com https://i.ytimg.com https://img.youtube.com https://alb.reddit.com https://secure.adnxs.com https://www.facebook.com https://t.co; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://*.fls.doubleclick.net https://www.facebook.com https://optimize.google.com; object-src 'none'; child-src 'none'; media-src 'self' https://videos.ctfassets.net https://cdn.runescape.com https://www.youtube.com; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' 1
default-src 'self' fastly-insights.com *.fastly-insights.com blob: https://www.google-analytics.com https://docs.google.com 'unsafe-inline' 1
frame-ancestors 'self' http://tanium.lookbookhq.com https://tanium.lookbookhq.com http://tanium.pathfactory.com https://tanium.pathfactory.com *.tanium.com 1
frame-ancestors 'self' *.wallet.airpay.vn *.shopee.kr *.airpay.vn *.shopeemobile.com *.shopee.vn *.shopee.cn *.shopee.io *.facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://edit.staging.fema.gov https://edit.staging.fema.gov/:178 https://edit.fema.gov https://edit.fema.gov/:178 https://www.fema.gov https://www.fema.gov/:178 https://content.govdelivery.com https://cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.fema.gov/report-uri/enforce 1
frame-ancestors 'self' www.sprint.com shop.sprint.com mysprint.sprint.com m.sprint.com es.sprint.com sprint.inq.com static.inq.com api-sprint.touchcommerce.com auth-sprint.touchcommerce.com portal-sprint.touchcommerce.com chatrouter-sprint.inq.com cobrowse-sprint.inq.com forms-sprint.inq.com media-sprint.inq.com api.touchcommerce.com auth.touchcommerce.com portal.touchcommerce.com chatrouterv3.inq.com cobrowse.inq.com formsv3.inq.com mediav3.inq.com business.sprint.com smallbusiness.sprint.com stage-er-www.sprint.com opmt.sprint.com tc.sprint.com storelocator.sprint.com storelocator-staging.sprint.com *.t-mobile.com *.corp.sprint.com *.digital.nuance.com tvmke559.test.sprint.com:8446 1
script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' blob:; img-src * data: blob:; media-src * data: 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 'unsafe-eval'; media-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
frame-ancestors 'self' https://tpc.googlesyndication.com 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-ba2a8c34-a519-41d1-a7b6-59e42c9a43ce' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src-elem 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://www.redditstatic.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.nextdoor.com https://*.paypal.com https://www.paypalobjects.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://*.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://*.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://*.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net https://click.exacttarget.com https://click.s11.exacttarget.com https://analytics.tiktok.com https://*.liadm.com https://alb.reddit.com/ https://analytics.twitter.com https://*.akstat.io https://www.googleadservices.com https://trkn.us https://*.kaptcha.com https://*.w55c.net https://pixel.rubiconproject.com https://idsync.rlcdn.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://*.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.youtube.com https://x.skimresources.com bytedance: sslocal: https://*.powerbi.com https://www.paypalobjects.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://*.kaptcha.com; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://*.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com https://*.liadm.com/ https://analytics.tiktok.com https://*.snapchat.com https://*.quantummetric.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net https://*.kaptcha.com https://*.googlesyndication.com https://*.microsoftonline.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://polygon.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 1
default-src 'none';              img-src 'self';              style-src 'self';              script-src 'self' https://www.openhub.net;              font-src 'self';              child-src 'self' https://peer.tube https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com https://video.blender.org;              object-src 'none';              media-src 'self' https://download.gimp.org https://download-fallback.gimp.org https://www.mirrorservice.org https://*.ftp.acc.umu.se https://ftp.rrze.uni-erlangen.de;              base-uri 'self';              form-action 'self' https://www.paypal.com https://gitlab.gnome.org;              frame-ancestors 'self'; 1
frame-ancestors 'self' www.911tabs.com metrika.yandex.ru metrika.yandex.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
default-src https:; img-src 'self' data: https:; script-src 'unsafe-inline' https:;style-src 'unsafe-inline' https:; object-src 'self' https:; font-src https: data:; worker-src blob:; connect-src https:; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Z046lsNxQ4PHcP0zL+97' 'nonce-tcUi7b/6NbVBqMUScCQX' 1
frame-ancestors https://*.skysports.com http://*.skysports.com *.norkon.net *.google.com *.google.co.uk *.ampproject.org; 1
base-uri https://www.amnesty.org;frame-ancestors https://oneamnesty.sharepoint.com;upgrade-insecure-requests; default-src 'self' data: https://www.amnesty.org; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.google.com https://my2.siteimprove.com https://googleads.g.doubleclick.net https://id.siteimprove.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://contentassistant.eu.siteimprove.com https://public.flourish.studio https://oneamnesty.sharepoint.com/; font-src 'self' data: https://www.amnesty.org https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' data: https://amnesty-crisis-evidence-lab.github.io https://amnestywebsite.github.io https://e.infogram.com https://flo.uri.sh https://public.flourish.studio https://infogram.com https://join.amnesty.org https://js.stripe.com https://platform.twitter.com https://recaptcha.google.com https://story.mapme.com https://www.facebook.com https://www.google.com https://www.recaptcha.net https://www.youtube-noocookie.com https://www.youtube.com https://youtu.be https://w.soundcloud.com https://play.prx.org https://viewer.mapme.com https://vars.hotjar.com https://my2.siteimprove.com https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app; img-src 'self' 'strict-dynamic' data: https://www.amnesty.org https://public.flourish.studio https://www.gstatic.com https://www.google-analytics.com https://podfollow.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://static.hotjar.com https://script.hotjar.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com; manifest-src 'self'; media-src 'self' https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.stripe.com https://static.hotjar.com https://script.hotjar.com https://player.vimeo.com https://datawrapper.dwcdn.net https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com; script-src-attr 'self' 'strict-dynamic'; script-src-elem 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://js.stripe.com https://www.google-analytics.com https://platform.twitter.com https://cdn.siteimprove.net https://www.googleoptimize.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://platform.twitter.com https://public.flourish.studio https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://www.amnesty.org https://static.hotjar.com https://script.hotjar.com; style-src-attr 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.wallet.airpay.ph *.shopee.kr *.airpay.ph *.shopeemobile.com *.shopee.ph *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-ee62d85cc48d688f6258be8e0f516511' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=7944739747479238; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=7944739747479238 1
default-src * blob: data:; style-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * data: blob: 'unsafe-inline' ; connect-src * 'unsafe-inline'  data: blob:; frame-src * blob: data:;font-src * data: blob:;report-to default; 1
script-src 'sha256-K3Sb/JaMDmzwZpMx1PUVSxZViUx9LCU8UwKfBJ5/VXc=' 'nonce-S5df5aoVnxt4ug+w8jHAug==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://cdn.st-note.com https://polyfill.io https://www.googletagmanager.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com/firebasejs https://*.facebook.net https://*.instagram.com https://platform.twitter.com https://*.twimg.com cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.flickr.com https://*.mul-pay.jp https://stage-travel.fraudprevention.jp https://travel.fraudprevention.jp https://www.datadoghq-browser-agent.com http://cloudfront.loggly.com https://*.canva.com https://*.ttwstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.kurashiru.com/ https://cdn2.hubspot.net https://*.hubspot.com https://*.hubspotusercontentxx.net https://*.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://static.ads-twitter.com https://static.paypay.ne.jp; object-src 'none'; base-uri 'self' 1
default-src 'self' *.onetrust.com *.oribi.io *.facebook.com *.google-analytics.com *.doubleclick.net; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src *; connect-src *; frame-src *; 1
frame-ancestors 'self' *.wallet.airpay.tw *.shopee.kr *.airpay.tw *.shopeemobile.com *.shopee.tw *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
upgrade-insecure-requests; frame-ancestors 'self' https://*.traveloka.com 1
frame-ancestors 'none'; default-src 'self' www.google.com www.google-analytics.com *.osano.com *.hotjar.com *.phenom.pub *.hindawi.com connect.facebook.net s.yimg.com *.hotjar.io bat.bing.com static.ads-twitter.com www.youtube.com snap.licdn.com t.co stats.g.doubleclick.net *.analytics.google.com *.facebook.com cdn.linkedin.oribi.io ads.google.com https://static.hindawi.com data: *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.analytics.google.com *.hotjar.com *.osano.com www.google-analytics.com *.hotjar.io www.googletagmanager.com cdnjs.cloudflare.com connect.facebook.net s.yimg.com bat.bing.com static.ads-twitter.com snap.licdn.com ads.google.com t.co https://static.hindawi.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com vjs.zencdn.net https://static.hindawi.com data: ; img-src 'self' *.hindawi.com www.google-analytics.com *.cloudfront.net *.phenom.pub t.co analytics.twitter.com *.facebook.com *.bing.com *.analytics.yahoo.com *.linkedin.com *.google.com www.googletagmanager.com ads.google.com https://static.hindawi.com  data: blob: *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' fonts.gstatic.com *.hindawi.com data: https://static.hindawi.com 1
frame-ancestors 'self' *.wallet.airpay.com.my *.shopee.kr *.airpay.com.my *.shopeemobile.com *.shopee.com.my *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
report-uri /public/php/csp.php;         frame-ancestors              'self'         ;         default-src             'self'             'unsafe-eval'             'unsafe-inline'             blob:             data:             *.amazonaws.com             *.adobedtm.com             *.bazaarvoice.com             *.geico.com             *.google.com             *.googleapis.com             *.gstatic.com             *.omtrdc.net             *.optimizely.com             *.qualaroo.com             *.ringcentral.com             *.youtube.com             https://*.amazon-adsystem.com              https://*.bing.com             https://*.branch.io             https://*.ceros.com             https://*.clarity.ms             https://*.cloudflare.com             https://*.cookielaw.org             https://*.demdex.net             https://*.doubleclick.net             https://*.evergage.com             https://*.facebook.com             https://*.force.com             https://*.google-analytics.com             https://*.instagram.com             https://*.onetrust.com             https://*.qualtrics.com             https://*.quantummetric.com             https://*.radar.com             https://*.radar.io             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.salesforce-sites.com             https://*.sundaysky.com             https://*.twitter.com             https://*.typekit.net             https://app.link             https://cdn.ampproject.org             https://cdn.evgnet.com             https://cm.everesttech.net             https://connect.facebook.net             https://ct.pinterest.com             https://gateway.zscalerthree.net             https://geicoinsurance.my.site.com             https://geicoinsurance--hotfix.sandbox.my.site.com             https://geicoinsurance--botsdev.sandbox.my.site.com             https://geicoinsurance--perftest.sandbox.my.site.com             https://geicoinsurance--sit2.sandbox.my.site.com             https://geicoinsurance--uat2.sandbox.my.site.com             https://i.ytimg.com             https://insight.adsrvr.org             https://maxcdn.bootstrapcdn.com             https://rts.persado.com             https://s.w.org             https://sc-static.net             https://sealserver.trustwave.com             https://static.cdn-apple.com             https://tr.snapchat.com             https://www.googleadservices.com             https://www.googletagmanager.com             https://www.paypalobjects.com         ;      1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.youtube.com www.youtube-nocookie.com www.buzzsprout.com https://challenges.cloudflare.com; img-src 'self' data: https://www.raspberrypi.org https://rpf-futurelearn.s3-eu-west-1.amazonaws.com https://*.google-analytics.com https://images.ctfassets.net https://*.hotjar.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ https://*.google-analytics.com https://*.googletagmanager.com *.fastly-insights.com *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com 1
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com www.mobilevirtualtour.com samsung-tmo-stage.herokuapp.com 5g.samsungtmobile.com www.uscellular.com wesit11.we-nonprod.uscc.com wesitaem.we-nonprod.uscc.com www.walmart.com tempo.cxtools-stg.walmart.com www-stage.walmart.com virtualstore.att.com att.beta.obsessvr.com i5.walmartimages.com wesit7.we-nonprod.uscc.com/ wesit7.we-nonprod.uscc.com/samsung *.samsungsupport.com *.samsung.com *.us.samsung.com 1
default-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com; connect-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com; script-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'nonce-OxmVQDn9Qdy10sl6CqwToA' data: https://consent.truste.com https://consent.trustarc.com; style-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'unsafe-inline'; img-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com data: https://www.ziprecruiter.com https://static.ziprecruiter.com https://privacy-policy.truste.com https://consent.trustarc.com https://consent-pref.trustarc.com; frame-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com https://consent-pref.trustarc.com 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-RjfRWn8iFrFjvebqAVyFuDZKuiZPFt' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' *.wallet.airpay.co.th *.shopee.kr *.airpay.co.th *.shopeemobile.com *.shopee.co.th *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-XeijYAiwSmFndh+hm2GqbA==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1705975964135909-1902276389379430931-l6re7ufhyytlzopg-BAL-4325&yandexuid=163844531705975964&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=&yandexuid=163844531705975964; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net ya.ru *.ya.ru; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-f16dcf5763d0960ddd0adc6e16eca87a' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=3278364618258383; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=3278364618258383 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi data: blob:; upgrade-insecure-requests; 1
upgrade-insecure-requests; frame-ancestors 'self' localhost:* *.aftonbladet.localhost *.aftonbladet.dev *.aftonbladet.se *.aftonbladet-cdn.se admarket.schibsted.se www.europeanpressprize.com; default-src http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co 'nonce-35dc20bd-267b-4aa8-a9b0-619e2040c198' https://log.bntrace.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://www.googleanalytics.com https://www.googleoptimize.com https://www.gstatic.com https://www.google.com https://accounts.google.com/gsi/client https://apis.google.com/js/api:client.js https://maps.googleapis.com https://optimize.google.com https://euob.segreencolumn.com https://bat.bing.com https://obseu.segreencolumn.com https://appleid.cdn-apple.com unsafe-inline https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://accounts.binance.info https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://api.smartling.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com unsafe-inline;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://api.smartling.com https://accounts.google.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.info https://*.binance.info https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://api.smartling.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://bat.bing.com https://obseu.segreencolumn.com https://logan-log.binance.gg wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://stream.binance.com wss://nbstream.binance.com wss://bstream.binance.com:9443 https://api.saasexch.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://static.devfdg.net https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://obseu.segreencolumn.com https://bat.bing.com https://sensors.binance.cloud https://bin.bnbstatic.com https://public.bnbstatic.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://api.smartling.com https://accounts.google.com https://fast.wistia.net blob:;frame-src 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://www.google.com https://optimize.google.com https://accounts.google.com/ https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net;object-src 'none';base-uri 'self';report-uri https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a;report-to https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a 1
default-src blob: data: https://*.akamaihd.net https://*.akamaized.net https://*.footprint.net https://*.imrworldwide.com/ https://*.scribblelive.com https://*.svt.se https://*.twimg.com https://analytics.codigo.se https://cl-eu2.k5a.io https://firestore.googleapis.com https://kloss.imgix.net https://sb.scorecardresearch.com https://sentry.io https://svt.html.infostradasports.com https://event-center-whb-2023.sports.gracenote.com https://event-center-hbl-ech-2024.sports.gracenote.com https://time.akamai.com https://trafficgateway.research-int.se https://www-svt-se.translate.goog https://web.archive.org https://www.google.com https://www.gstatic.com https://www.svtstatic.se https://svt-direktcenter-avatar.imgix.net https://svt-direktcenter.imgix.net https://media-svt.stormgeo.com 'self' 'unsafe-eval' 'unsafe-inline';frame-ancestors https://*.svt.se 1
frame-ancestors 'self' porkbun.weeblycloud.com; default-src 'none'; object-src 'self' porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com; media-src 'self' beacon-v2.helpscout.net; frame-src service.mtcaptcha.com service2.mtcaptcha.com widget.trustpilot.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com www.recaptcha.net *.paypal.com assets.braintreegateway.com www.facebook.com hooks.stripe.com stripe.com www.youtube.com bid.g.doubleclick.net 'self' www.google.com www.googletagmanager.com *.fls.doubleclick.net js.stripe.com nonce-36d72411c3ac013b68911791f3bb42444ba19229; script-src data: 'self' 'unsafe-eval' www.clarity.ms bat.bing.com code.jquery.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js snap.licdn.com service.mtcaptcha.com service2.mtcaptcha.com cdn.veriff.me analytics.tiktok.com www.redditstatic.com analytics.twitter.com static.ads-twitter.com *.crazyegg.com chimpstatic.com widget.trustpilot.com www.recaptcha.net www.paypalobjects.com *.paypal.com js.braintreegateway.com tpc.googlesyndication.com beacon-v2.helpscout.net translate.google.com translate.googleapis.com www.gstatic.com www.gstatic.cn js.stripe.com use.fontawesome.com googleads.g.doubleclick.net www.googletagmanager.com *.analytics.google.com *.google-analytics.com www.googleadservices.com connect.facebook.net www.google.com js.stripe.com 'unsafe-inline'; connect-src 'self' nonce-36d72411c3ac013b68911791f3bb42444ba19229 bat.bing.com *.clarity.ms analytics.google.com www.facebook.com cdn.linkedin.oribi.io api.veriff.me stationapi.veriff.com analytics.tiktok.com q.stripe.com wss://ws-helpscout.pusher.com *.crazyegg.com *.paypal.com core33-helpscout.pusher.com *.braintree-api.com *.braintreegateway.com sentry.io sockjs-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net translate.googleapis.com translate.google.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com; img-src 'self' blob: data: *.clarity.ms *.bing.com analytics.twitter.com px.ads.linkedin.com alb.reddit.com easy-links.s3.us-west-2.amazonaws.com pubads.g.doubleclick.net chatapi-prod.s3.amazonaws.com t.co porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3.us-west-2.amazonaws.com porkbun-media.s3-us-west-2.amazonaws.com *.crazyegg.com *.paypal.com beacon-v2.helpscout.net porkbun.com q.quora.com d33v4339jhl8k0.cloudfront.net porkbunblog.files.wordpress.com www.googletagmanager.com www.gstatic.com www.gstatic.cn translate.google.com translate.googleapis.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.facebook.com q.stripe.com nonce-36d72411c3ac013b68911791f3bb42444ba19229; style-src 'self' assets.braintreegateway.com translate.googleapis.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' www.paypalobjects.com fonts.gstatic.com nonce-36d72411c3ac013b68911791f3bb42444ba19229; 1
default-src 'self' data: https://*.gstatic.com https://*.tawk.to https://*.cloudflare.com https://fonts.bunny.net https://*.googlesyndication.com https://*.segment.com https://*.lottiefiles.com https://*.hotjar.com https://www.google.com https://api.segment.io ; img-src 'self' data: https://*.hotjar.com https://www.google.com https://*.google.es https://*.google.pl https://*.google.co.uk https://*.google.it https://*.google.de https://*.google.fr https://*.google.ca https://*.doubleclick.net https://*.twitter.com https://t.co https://embed.tawk.to https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.co.in https://*.linkedin.com https://*.clarity.ms https://c.bing.com https://*.cloudflare.com https://cookieyes.com https://*.googleusercontent.com https://*.cookieserve.com https://*.gravatar.com https://www.facebook.com https://i.ytimg.com https://*.gr-cdn-3.com https://cdn-cookieyes.com https://*.google-analytics.com;object-src 'none'; child-src 'self' https://www.google.com https://*.googlesyndication.com https://*.doubleclick.net https://calendly.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://www.googleadservices.com https://*.googlesyndication.com https://*.ads-twitter.com https://*.tawk.to https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.calendly.com https://snap.licdn.com https://*.cookieyes.com https://unpkg.com https://cdn.jsdelivr.net https://script.tapfiliate.com https://connect.facebook.net https://cdn.segment.com https://www.google.com https://www.gstatic.com https://*.getresponse.com https://*.clarity.ms https://*.gr-cdn.com https://*.googletagmanager.com https://*.hotjar.com https://*.googleoptimize.com https://*.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://www.gstatic.com https://fonts.bunny.net ;connect-src https://frstre.com https://googleads.g.doubleclick.net https://*.linkedin.com https://*.google.com https://*.tawk.to wss://*.tawk.to https://lottie.host https://*.googlesyndication.com https://*.lottiefiles.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://stats.g.doubleclick.net https://api.segment.io https://*.segment.com https://*.cookieserve.com https://*.cookielawinfo.com https://*.getresponse.com https://cdn-cookieyes.com https://log.cookieyes.com https://*.cookieyes.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com; upgrade-insecure-requests; block-all-mixed-content 1
connect-src 'self' wss://*.nrk.no http://*.nrk.no https://*.nrk.no https://nrk-recommendations.appspot.com https://*.akstat.io https://*.go-mpulse.net https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.k5a.io https://log.medietall.no https://www.google-analytics.com https://*.scorecardresearch.com https://ssl-nrkstream.tns-cs.net https://cws.conviva.com https://stats.g.doubleclick.net *.analytics.edgesuite.net *.analytics.edgekey.net dc.services.visualstudio.com dc.applicationinsights.microsoft.com https://*.ip-only.net https://o124059.ingest.sentry.io/api https://no-nrk-prod1.mini.snplow.net/nrk/wd6 https://nrkhd-osl-rr.netwerk.no https://*.dna.contentdelivery.net https://*.nrk.cloud;default-src 'self' blob: https://*.nrk.no;frame-src 'self' https://*.nrk.no https://cdn-gl.imrworldwide.com;img-src 'self' data: https://*.k5a.io https://*.tns-cs.net https://www.google-analytics.com https://*.nrk.no https://*.nrk.cloud https://*.akamaized.net https://*.akamaihd.net https://*.scorecardresearch.com https://*.googleusercontent.com https://ssl-nrkstream.tns-cs.net https://stats.g.doubleclick.net https://secure-nor.imrworldwide.com https://secure-sdk.imrworldwide.com https://cookie.norstatsurveys.com https://log.medietall.no *.scorecardresearch.com *.analytics.edgesuite.net *.analytics.edgekey.net https://www.images-home.com;media-src 'self' blob: data: https://*.nrk.no https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.ip-only.net https://*.dna.contentdelivery.net;script-src 'self' blob: https://*.nrk.no https://www.google-analytics.com https://*.k5a.io https://log.medietall.no https://*.scorecardresearch.com https://www.gstatic.com https://cws.conviva.com https://ssl-nrkstream.tns-cs.net https://*.go-mpulse.net https://cdn-gl.imrworldwide.com *.analytics.edgesuite.net *.analytics.edgekey.net az416426.vo.msecnd.net https://*.nrk.cloud 'nonce-xJ1B24TDp5S/a3Ep7Z8MRw==';style-src 'self' https: 'unsafe-inline';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https://*.audioeye.com https://s3.tradingview.com https://*.prismic.io https://prismic.io https://js.driftt.com https://widget.drift.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://*.youtube.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://client-api.auryc.com https://mt.auryc.com https://api.hubapi.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://js.driftt.com https://widget.drift.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://tags.clickagy.com https://js.hsadspixel.net/fb.js https://*.mutinycdn.com; style-src 'self' 'unsafe-inline' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com; img-src 'self' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://dev.visualwebsiteoptimizer.com https://*.mutinycdn.com data: ; worker-src blob:; font-src 'self' https://s3.tradingview.com https://*.prismic.io https://prismic.io https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://diffuser-cdn.app-us1.com https://*.audioeye.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://audioeye.activehosted.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://trackcmp.net https://*.vimeo.com https://*.partnerstack.com https://*.adsymptotic.com https://*.quotemedia.com https://cdnjs.cloudflare.com https://*.gstatic.com https://googleads.g.doubleclick.net https://fonts.googleapis.com https://*.growsumo.com https://grsm.io https://*.ads-twitter.com https://t.co https://*.twitter.com https://api.airtable.com https://*.hs-scripts.com https://hs-scripts.com https://*.hotjar.com https://hotjar.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.mixpanel.com wss://*.hotjar.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.io https://*.usemessages.com https://*.hsappstatic.net https://*.nr-data.net https://*.ably.io https://*.heapanalytics.com https://heapanalytics.com https://js.chargebee.com https://audioeye.chargebee.com https://audioeye-test.chargebee.com https://*.stripe.com https://*.clickcease.com https://boards-api.greenhouse.io https://netlify-cdp-loader.netlify.app https://*.netlify.com https://html2canvas.hertzen.com https://*.googleoptimize.com https://*.browser-intake-datadoghq.com https://dev.visualwebsiteoptimizer.com data: ; manifest-src 'self' ; upgrade-insecure-requests; block-all-mixed-content ; 1
img-src 'self' blob: data: icloud.com.cn *.icloud.com.cn *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com.cn *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com.cn *.icloud.com.cn *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com.cn *.icloud.com.cn *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com.cn *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com.cn *.apple.com; form-action 'self' *.icloud.com.cn *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com.cn *.cdn-apple.com; report-uri https://feedbackws.icloud.com.cn/reportRaw 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://d2c7xlmseob604.cloudfront.net/tracker.min.js http://js.hs-scripts.com/21672897.js http://js.hs-scripts.com/7668309.js http://munchkin.marketo.net/munchkin.js http://translate.google.com/translate_a/element.js http://web.bentley.com/js/forms2/js/forms2.min.js https://*.ads-twitter.com https://*.amazonaws.com https://*.bentley.com https://*.bing.com https://*.brightcove.net https://*.cloudflare.com https://*.cloudfront.net https://*.company-target.com https://*.demandbase.com https://*.doubleclick.net https://*.facebook.net https://*.feedbackify.com https://*.flockler.com https://*.getsmartling.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.hsforms.net https://*.jotform.com https://*.marketo.com https://*.marketo.net https://*.mouseflow.com https://*.onetrust.com https://*.pagespeed-mod.com https://*.pingdom.net https://*.recaptcha.net https://*.redditstatic.com https://*.salesloft.com https://*.surveysparrow.com https://*.twitter.com https://*.userway.org https://*.visualwebsiteoptimizer.com https://*.youtube.com https://*.zencdn.net https://1.safecdn01.com/api/get.convert.v2 https://accessibilityserver.org https://accessibilityserver.org/widget.js https://api.hubspot.com https://bat.bing.com/bat.js https://beacon-v2.helpscout.net/ https://bentleypocstg.wpengine.com/wp-includes/js/jquery/jquery.min.js https://blibok.com/impl.php https://c.itaozi.cn/api/get.convert.js https://cdn.cookielaw.org https://cdn.cookielaw.org/consent/0101b409-56f1-4f7c-ba35-2bb79cbe0f0e/OtAutoBlock.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mathjax.org/mathjax/contrib/a11y/accessibility-menu.js https://cdn.mouseflow.com/projects/6b9f4cf9-56fe-4918-b64d-cfce7b4f3d43.js https://cdn.userway.org/widgetapp/2023-04-24/remediation/remediation_1682329338831.js https://cdn.userway.org/widgetapp/2023-05-01/widget_app_base_1682942134842.js https://cdn.userway.org/widgetapp/2023-05-04/widget_app_base_1683207791108.js https://click.easypower.com/index.php/form/getForm https://click.easypower.com/js/forms2/js/forms2.min.js https://client.prod.mplat-ppcprotect.com/jtcQFl2_oy3VObbo4unTdPMw2mqLv6iwSs8Wtt94.js https://client.prod.mplat-ppcprotect.com/M49MyB_LGD8mTAid8NNHLFzDanNQVi4g74Q_9uo8.js  https://client.prod.mplat-ppcprotect.com https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://conoret.com https://cookie-cdn.cookiepro.com https://d2c7xlmseob604.cloudfront.net/tracker.min.js https://fast.wistia.com https://form.jotform.com/static/feedback.js https://forms.hubspot.com https://gateway.on24.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070419797/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/625339966/ https://images.uc.cn/s/uae/g/6h/papilio/globalvcreader/pro/3.59.23-rc1/loadExtractor.js https://js.hs-analytics.net https://js.hs-analytics.net/analytics/1682537100000/7668309.js https://js.hs-analytics.net/analytics/1683030300000/7668309.js https://js.hs-analytics.net/analytics/1683030600000/7668309.js https://js.hs-analytics.net/analytics/1683217200000/7668309.js https://js.hs-banner.com https://js.hs-banner.com/7668309.js https://js.hs-scripts.com https://js.hs-scripts.com/21672897.js https://js.hsadspixel.net https://js.hsadspixel.net/fb.js https://js.hscollectforms.net https://js.hsforms.net/forms/embed/v2.js https://js.hsforms.net/forms/v2.js https://js.hsleadflows.net https://js.hubspot.com/web-interactives-embed.js  https://js.usemessages.com https://js.usemessages.com/conversations-embed.js https://mstat.acestream.net/ace-cast/metrika.js https://mstat.acestream.net/p2p-search/metrika.js https://munchkin.marketo.net/munchkin.js https://ob.segreencolumn.com/i/640e5da41f6c671fb8898047121f3c60.js https://obs.segreencolumn.com/ct https://players.brightcove.net/5209582030001/S9cOVXpbV_default/index.min.js https://relatedgamesnet-a.akamaihd.net/tvpt/pubjs https://scout-cdn.salesloft.com/sl.js https://search.imtt.qq.com/search_static/other_search_files/landing-page-perf-h5-new.min.js  https://service.excentos.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tag.demandbase.com/7acc19e1b17b93f2.min.js https://ucads-cdn.ucweb.com/ltjs/3.3.0/ltjs.js https://unpkg.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.zhimg.com/za-js-monitor@v0.2.8/dist/za-js-monitor.umd.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://w8o39.m70vee7.com https://www.clarity.ms/tag/uet/23586152 https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js https://www.youtube.com/iframe_api *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' data: https: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; object-src 'self' https://*.brightcove.net; connect-src 'self' data: http://127.0.0.1:36623 http://127.0.0.1:44305 http://127.0.0.1:45791 http://127.0.0.1:49336 http://127.0.0.1:49987 http://127.0.0.1:58155 http://ad.doubleclick.net http://gjtrack.ucweb.com https: https://*.doubleclick.net https://*.hubspot.com https://adservice.google.com https://bcbolt446c5271-a.akamaihd.net https://bcsecure01-a.akamaihd.net https://forms.hubspot.com https://stats.g.doubleclick.net wss://view-localhost:53773 wss://www.bentley.com  *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: http://themes.googleusercontent.com https:; frame-ancestors 'self' *.bentley.com https://bentleysystems.gcs-web.com/ https://bentleysystems-preview.gcs-web.com/; frame-src https://7668309.hs-sites.com/  http://10.116.174.40:15871 http://10.67.1.203:8080 http://192.168.61.203:15871 http://203.249.224.137 http://www.facebook.com https://*.bentley.com https://*.brightcove.net https://*.core.windows.net https://*.doubleclick.net https://*.facebook.com https://*.flickr.com https://*.getsmartling.com https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.jotform.com https://*.menlosecurity.com https://*.on24.com https://*.onetrust.com https://*.recaptcha.net https://*.surveysparrow.com https://*.twitter.com https://*.userway.org https://*.wpengine.com https://*.youtube.com https://*.zscalerthree.net https://7rx80283.ibosscloud.com https://block.opendns.com https://blocked.freedom.to https://bpb.opendns.com https://cdn.cookielaw.org https://click.easypower.com https://div.show https://gateway.zscaler.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://leap13.github.io https://login.zscloud.net https://mozbar.moz.com https://n329vvnsz6n7.statuspage.io https://remove.video https://s.company-target.com https://skytraf.xyz https://www.ciuvo.com https://zswpmanager.wip.mmc.com https://wp-rocket.me/ app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' blob: data: http://www.bentley.com https: https://t.co *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; manifest-src 'self'; media-src 'self' blob: data: https:; report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7; worker-src 'self' blob:; 1
default-src 'self' maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com in.hotjar.com *.in.hotjar.com *.hotjar.com *.licdn.com stats.g.doubleclick.net *.stats.g.doubleclick.net ajax.googleapis.com *.ajax.googleapis.com apis.google.com *.apis.google.com google.com *.google.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com ajax.googleapis.com *.ajax.googleapis.com google-analytics.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.js.ubembed.com *.ads.linkedin.com *.linkedin.com *.google.com.ua *.facebook.com *.gravatar.com q.quora.com *.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com api-iam.intercom.io *.licdn.com cdn.linkedin.oribi.io *.taboola.com; img-src * data:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src * 'unsafe-inline'; media-src *; frame-src *;font-src * 'self' data:; 1
frame-ancestors https://adm.findagrave.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.min.js https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.ui.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/jquery.dataTables.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/dataTables.bootstrap.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/* https://www.googletagmanager.com/* https://cdn.popt.in/pixel.js https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js https://player.ooyala.com/static/v4/production/analytics-plugin/googleAnalytics.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://www.googletagmanager.com/gtag/js https://analytics.google.com/* https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://web-chat.nativechat.com/3.12.2/sdk/nativechat.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/css/dataTables.bootstrap.min.css https://cdn.popt.in/css/heb-fonts.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.popt.in/css/poptin-style-en.css https://cdn.popt.in/css/poptin-animations.css https://www.gpo.gov/CustomResources/css/scrolling-nav-index.css https://www.googletagmanager.com/debug/badge.css https://fonts.popt.in https://cdn.popt.in https://web-chat.nativechat.com/3.12.2/sdk/nativechat.css; font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.ttf kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: https://cdn.popt.in/fonts/fontawesome/fa-brands-400.woff2 https://cdn.popt.in/fonts/fontawesome/fa-brands-400.ttf; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://web-chat.nativechat.com/; media-src 'self' data: blob:; frame-src https://www.google.com/ https://www.facebook.com/ https://www.gpo.gov/ https://www.youtube.com/ https://web-chat.nativechat.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' d3lopmpcew67el.cloudfront.net accounts.google.com https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://display.popt.in/APIRequest/68463719072e4 https://display.popt.in/APIRequest/viewed/ee6c12968a725 https://display.popt.in/APIRequest/conversion/ https://analytics.google.com/* https://www.googletagmanager.com/* https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-a0adb01185952212c3304500052710f2' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1129368593600385; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1129368593600385 1
default-src 'self' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com; connect-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com  https://*.amazon-adsystem.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://google.com https://*.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://cdn.ampproject.org https://api.giphy.com https://www.googleadservices.com https://attestation.android.com https://csi.gstatic.com https://s0.2mdn.net https://api.tenor.com https://g.tenor.com https://maps.googleapis.com https://consent.badoo.com https://essentialaccessibility.com https://tr.snapchat.com https://bic-core.dlocal.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-i8utystRHXS+tchTuTwy3dJSDgY=' 'report-sample' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com  https://*.googletagmanager.com https://connect.facebook.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s0.2mdn.net https://cdn.ampproject.org https://c.amazon-adsystem.com https://www.google-analytics.com https://pay.google.com https://adservice.google.com https://www.googletagservices.com https://maps.googleapis.com https://dashboard.essentialaccessibility.com https://consent.badoo.com https://essentialaccessibility.com https://www.google.com https://cdn.plaid.com https://tr.snapchat.com https://cdn.plaid.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://fonts.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://fonts.gstatic.com https://tpc.googlesyndication.com;  prefetch-src 'self'  bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://cdn.plaid.com ; img-src * data: blob: android-webview-video-poster:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com; base-uri 'self'; manifest-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app; form-action 'self'  https://www.facebook.com; frame-src * hon:; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=hotornot_mobile_web&release=30309&env=production 1
font-src 'self' fonts.gstatic.com p.typekit.net fonts.typekit.net use.typekit.net https://js.intercomcdn.com http://*.hotjar.com https://*.hotjar.com data: ; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; worker-src *.deltadna.net blob: 'self' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ ; frame-src https://deltadna.freshdesk.com/ *.deltadna.net https://*.deltadna.com https://deltadna.com https://www.google.com https://checkout.stripe.com https://vars.hotjar.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net font-src: https://js.intercomcdn.com ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.io data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://api-iam.intercom.io https://api.amplitude.com/ https://cdn.cookielaw.org/ script-src: https://browser.sentry-cdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ https://widget.intercom.io https://js.intercomcdn.com https://cdn.cookielaw.org/ *.onetrust.com image-src: media-src: https://static.intercomassets.com https://api.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ https://cdn.cookielaw.org/ *.onetrust.com https://browser.sentry-cdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com https://cdn.cookielaw.org/ ; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net font-src: https://js.intercomcdn.com ; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://js.intercomcdn.com 1
default-src 'self' data: https://fonts.gstatic.com/ https://cdn.podigee.com/ https://*.podigee-cdn.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; connect-src 'self' https://cdn.cookielaw.org/ https://*.onetrust.com/ https://quality.dpdhl.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://assets.adobedtm.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://meinservice-dhl-sites.secure.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://depst-salaut-prod1.pegacloud.net/ https://depst-mara-dt1-decisionhub.pegacloud.net/ https://depst-mara-stg1-decisionhub.pegacloud.net/ https://depst-mara-prod1-decisionhub.pegacloud.net/ https://t.ssl.ak.tiles.virtualearth.net/ https://*.dynamic.tiles.ditu.live.com/ https://*.braintreegateway.com/ https://*.braintree-api.com/ https://braintree-sample-merchant.herokuapp.com/ https://*.heidelpay.com/ https://autocomplete2.postdirekt.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; img-src https: data:; form-action 'self' https://*.dhl.de/ https://*.deutschepost.de/ https://www.sofort.com/ https://*.dhl.com/ https://meinservice.my.salesforce-sites.com/; frame-ancestors 'self' https://facebook.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://deutschepost.elaine-asp.de/ https://*.plentymarkets-cloud-de.com/ https://*.plentymarkets-cloud-ie.com/ https://dhl.vendidero.de/ https://dhl-paket.plentymarkets-cloud02.com/ https://*.billbee.io/ https://*.dreamrobot.de/ https://tl-meinservice-dhl.cs107.force.com/; frame-src 'self' https://www.simplydhl.com/ https://deutschepost.elaine-asp.de/ https://www.youtube.com/ https://www.google.com/ https://assets.adobedtm.com/ https://rdevpro-meinservice-dhl.cs160.force.com/ https://gateway.zscalerthree.net/ https://*.braintreegateway.com/ https://payment.heidelpay.com/ https://dhlglobalmail.secure.force.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://dhlglobalmail.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://dhlglobalmail.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://assets.adobedtm.com/ https://cdn.tt.omtrdc.net/ https://*.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://meinservice-dhl-sites.secure.force.com/ https://assets.braintreegateway.com/ https://static.heidelpay.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://googletagmanager.com/ https://track.adform.net/ https://www.youtube.com/ https://connect.facebook.net/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://assets.braintreegateway.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; style-src 'self' 'unsafe-inline' https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; 1
script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample' 'nonce-0GA3WboP+fJbJlOVwoQkHpyrVY+xlI78hiS1nNjdFlY='; object-src 'none'; base-uri 'self'; frame-src player.vimeo.com w.soundcloud.com www.slideshare.net www.youtube.com bandcamp.com sketchfab.com *.google.com *.facebook.com *.facebook.net *.twitter.com social-plugins.line.me *.g.doubleclick.net www.googletagmanager.com booth.karakuri.ai manage-booth.karakuri.ai point.widget.rakuten.co.jp hub.vroid.com ext.nicovideo.jp www.recaptcha.net https://booth.pm https://*.booth.pm https://*.fanbox.cc https://booth.pximg.net https://connect.buyee.jp https://www.googletagmanager.com; connect-src 'self' data: *.pixiv.net *.pawoo.net www.google-analytics.com analytics.google.com www.facebook.com connect.facebook.net www.googletagmanager.com www.googleadservices.com www.google.co.jp b92.yahoo.co.jp *.buyee.jp d.line-scdn.net stats.g.doubleclick.net ekr.zdassets.com *.zendesk.com errortrace.dev onesignal.com https://booth.pm https://*.booth.pm https://*.fanbox.cc https://booth.pximg.net https://connect.buyee.jp https://www.googletagmanager.com 1
default-src 'self' *.mo.gov; connect-src 'self' *.google-analytics.com *.usgs.gov *.googleapis.com *.bam.nr-data.net *.nr-data.net *.mixpanel.com https://data.mo.gov/ *.mo.gov *.mxpnl.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.cloudfront.net *.d1l6p2sc9645hc.cloudfront.net *.ytimg.com *.youtube.com *.govdelivery.com *.google-analytics.com *.jquery.com *.wufoo.com https://wufoo.com *.googleapis.com *.google.com *.mo.gov *.gosquared.com *.newrelic.com *.twimg.com *.twitter.com *.nr-data.net *.kxcdn.com *.datatables.net *.thinglink.me *.thinglink.com *.addthisedge.com *.addthis.com *.d3js.org *.js-agent.newrelic.com *.bam.nr-data.net *.www.google-analytics.com *.html5shiv.googlecode.com *.translate.google.com ; style-src 'unsafe-inline' *.mo.gov *.gstatic.com *.googleapis.com *.twimg.com *.twitter.com *.datatables.net *.thinglink.me ; frame-src *.mo.gov *.vimeo.com vimeo.com *.facebook.com *.adobe.com *.soundcloud.com *.w.soundcloud.com *.thinglink.me *.youtube-nocookie.com *.youtube.com *.wufoo.com *.twitter.com *.google.com *.addthis.com *.cdc.gov *.arcgis.com ; object-src 'self' *.mo.gov *.flickr.com *.brightcove.com ; font-src * 'unsafe-inline'  data: ; img-src * 'unsafe-inline' *.twimg.com data:  1
frame-ancestors 'self' *.benzinga.com *.benzinga.com:* *.nxt.benzinga.dev *.benzinga.dev jionews.com:* jionewsdev1.jio.ril.com:* 1
font-src 'self' fonts.gstatic.com; media-src 'self' *.googleapis.com; object-src 'none'; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; default-src 'self'; connect-src *.google.com 'self' https://analytics.google.com https://www.google-analytics.com https://releases.wagtail.io https://stats.g.doubleclick.net https://adservice.google.com/pagead/regclk *.google-analytics.com *.analytics.google.com *.googlesyndication.com https://accounts.google.com/gsi/ https://www.gstatic.com https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://optimize.google.com https://www.gstatic.com https://gstatic.com *.googletagmanager.com https://www.thinkwithgoogle.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://ssl.gstatic.com/brand-architecture/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://*.youtube.com https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client https://www.googleoptimize.com https://www.gstatic.com https://ajax.googleapis.com *.thinkwithgoogle.com *.thinkwithgoogle.goog 'strict-dynamic' 'sha256-vi9h3P9VjInsPsB9kwZuXKMHKiagz9KnOkuXOVX7O1g=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-niUgG4ChWvW/z2qZLGjXATgbPm7xEiQOwFelweUfAuI=' 'sha256-6MAtiH3nKhs3pPODS8FGHaYy+lVAsIOG7qtjsDXoiGI=' 'sha256-5ZYQZbSDXHiq7Ah2brCxM88kr3r4esTrsuuZ29F0p4U=' 'sha256-Q6WEaEVeLip353B+a9OqeJkwUHRDfZIxaBlJpp2O4ns=' https://www.thinkwithgoogle.com 'nonce-9+3U8k+5jCA6cEu1b36Rwg==' *.google.com; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com https://www.google.com.co/ads/ga-audiences https://csi.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://www.thinkwithgoogle.com *.google.com; base-uri 'none' 1
script-src 'nonce-VJEYGZx_t4Atn4yn-Ys5dg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg; base-uri 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
default-src 'self' ; style-src  https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://top-fwz1.mail.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://morp.firstvds.ru/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstvds.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https://analytics.google.com/ https://stats.g.doubleclick.net/ https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://mc.yandex.ru/ https://mc.yandex.com/ https://*.chathost.ru/; frame-src 'self' https://mc.yandex.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru/ http://webvisor.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.datastax.com https://trk.techtarget.com https://marketo.clearbit.com https://code.jquery.com https://js.chilipiper.com https://munchkin.marketo.net https://pages.datastax.com https://app-ab17.marketo.com https://connect.facebook.net https://cdn.mxpnl.com https://*.googletagmanager.com https://widget.intercom.io https://www.google-analytics.com https://www.recaptcha.net https://js.intercomcdn.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://katacoda.com https://cdn.bizible.com *.zoominfo.com https://*.fullstory.com *.demandscience.com cdn.jsdelivr.net tracking.contanuity.com match.prod.bidr.io *.demandbase.com *.company-target.com scheduler.ringlead.com https://snap.licdn.com https://bat.bing.com https://www.clarity.ms https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://static.ads-twitter.com https://js.ipredictive.com; connect-src 'self' https://a.datastax.com https://b.datastax.com https://astra.datastax.com https://api.segment.io https://api-js.mixpanel.com https://cdn.growthbook.io https://cdn.sanity.io https://259-ifz-779.mktoresp.com https://259-ifz-779.mktoutil.com https://*.g.doubleclick.net https://api-iam.intercom.io https://bbnkhnhl.api.sanity.io https://bbnkhnhl.apicdn.sanity.io https://vitals.vercel-insights.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://*.google-analytics.com https://sessions.bugsnag.com https://notify.bugsnag.com wss://nexus-websocket-a.intercom.io *.algolia.net https://katacoda.com https://api.chilipiper.com https://tracking.chilipiper.com *.recaptcha.net https://www.facebook.com https://*.fullstory.com *.zoominfo.com *.demandscience.com cdn.jsdelivr.net tracking.contanuity.com match.prod.bidr.io *.demandbase.com *.company-target.com wss://block.prod.cloud.datastax.com/subscriptions https://block.prod.cloud.datastax.com/graphql scheduler.ringlead.com https://cdn.linkedin.oribi.io https://ibc-flow.techtarget.com https://bat.bing.com https://pages.datastax.com *.clarity.ms https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.googlesyndication.com https://*.twitter.com https://ads-twitter.com https://td.doubleclick.net https://pagead2.googlesyndication.com https://pricing-calculator-4m3f3wckfa-uc.a.run.app; img-src 'self' data: https: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.twitter.com https://ads-twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://pages.datastax.com https://js.chilipiper.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://*.googletagmanager.com https://scripts.demandbase.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://js.intercomcdn.com https://dudodiprj2sv7.cloudfront.net; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-src https://pages.datastax.com https://www.facebook.com https://youtu.be https://www.youtube.com https://bid.g.doubleclick.net https://omny.fm https://player.simplecast.com https://player.resonaterecordings.com http://katacoda.com https://embed.killercoda.com https://datastax.chilipiper.com *.recaptcha.net https://w.soundcloud.com https://embed.podcasts.apple.com https://open.spotify.com https://*.googletagmanager.com https://www.google.com/ https://privacyportal-eu-cdn.onetrust.com/ *.company-target.com https://td.doubleclick.net/ https://ad.ipredictive.com; media-src 'self' https://cdn.sanity.io https://js.intercomcdn.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: android-webview-video-poster:;font-src 'self' data: https:;connect-src 'self' https: wss: blob: android-webview-video-poster:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 1
default-src https://*.zoomgov.com https://zoomgov.com blob: 'self'; script-src https://zoomgov.com  https://*.zoomgov.com 'unsafe-eval' 'unsafe-inline' blob: about: https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn-javascript.net https://cdn-js.net https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://ruanshi2.8686c.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://hcaptcha.com https://assets.hcaptcha.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com https://www.youtube.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.google.com https://*.hotjar.com https://*.linkedin.com  https://*.zoomcloudpbx.com https://*.zopim.com https://adroll.com https://google.com https://cdn.cookielaw.org  https://linkedin.com 'self'; img-src https: http: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self' 1
frame-ancestors 'self'; report-uri https://gcucgkgd.uriports.com/reports/report; report-to default 1
upgrade-insecure-requests; script-src 'self' *.harborfreight.com ads.nextdoor.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net cdn.mxpnl.com s.trackonomics.net client.px-cloud.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net tpc.googlesyndication.com ygscdn.azureedge.net analytics.tiktok.com login-ds.dotomi.com login.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com tr2.smarterhq.io d1n00d49gkbray.cloudfront.net members.cj.com cj.com cdn.480app.com cdn.cookielaw.org view.publitas.com pixel.mathtag.com *.cdn-net.com *.accdab.net *.dynamicyield.com *.oracleinfinity.io *.googletagmanager.com docs.paymentjs.firstdata.com bat.bing.com www.youtube.com s.ytimg.com *.bing.com *.vimeo.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net px.owneriq.net *.res-x.com seal.verisign.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.doubleclick.net *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.payeezy.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harborfreight.com rwww.bing.com www.bing.com r.bing.com members.cj.com cj.com *.dynamicyield.com *.googleapis.com *.akamaihd.net *.turnto.com *.vimeo.com *.fontawesome.com tagmanager.google.com 'unsafe-inline'; img-src 'self' blob: data: icon.parcellab.com cdn.parcellab.com ad.doubleclick.net flask.nextdoor.com pippio.com www.bing.com r.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net region1.google-analytics.com region1.analytics.google.com login.dotomi.com 805793671.privacysandbox.googleadservices.com crrecommendedmark.org analytics.tiktok.com 10563850.fls.doubleclick.net login-ds.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com *.cdnwidget.com tr2.smarterhq.io cdn.cookielaw.org cdn.dynamicyield.com *.harborfreight.com pixel.mathtag.com *.oracleinfinity.io *.googletagmanager.com cx.atdmt.com www.googleadservices.com bat.bing.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com *.marinsm.com cdn.ywxi.net; worker-src blob: 'self' *.akamaihd.net player.vimeo.com www.google.com *.youtube.com youtube.com *.cloudinary.com *.facebook.com *.nr-data.net *.apply2jobs.com; connect-src 'self' *.harborfreight.com *.brsrvr.com www.googletagmanager.com analytics.pangle-ads.com pagead2.googlesyndication.com direct-collect.dy-api.com gs.nmgassets.com *.px-client.net privacyportal-harborfreight.my.onetrust.com s.tracknomics.net *.px-cdn.net *.px-cloud.net *.pxchk.net t.ssl.ak.tiles.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net www.bing.com region1.google-analytics.com region1.analytics.google.com ascpqnj-oam.global.ssl.fastly.net maps.googleapis.com analytics.google.com crrecommendedmark.org analytics.tiktok.com *.cdnwidget.com *.cdnbasket.net tr2.smarterhq.io pixel.mathtag.com privacyportal.onetrust.com cdn.cookielaw.org *.accdab.net *.dynamicyield.com www.facebook.com *.nmgplatform.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net vimeo.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com bat.bing.com 1
connect-src 'self' *.googleapis.com *.google.com *.gstatic.com *.vimeo.com/api/ vimeo.com/api/ *.bc0a.com/ *.google-analytics.com/ *.zoomph.com youtube.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.withgoogle.com *.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com *.googleusercontent.com; frame-src 'self' *.google.com player.vimeo.com/video/ *.dartmouth.edu/ *.amazonaws.com *.zoomph.com *.youtube.com youtube.com twitter.com *.spotify.com *.soundcloud.com soundcloud.com pollev-embeds.com mosaically.com lottiefiles.com giphy.com *.bc0a.com marvel-b1-cdn.bc0a.com home.dartmouth.edu *.withgoogle.com *.googleadservices.com www.vimeo.com *.twitter.com orders-bb.us-east-1.widencdn.net *.widencdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.bc0a.com *.zoomph.com *.youtube.com youtube.com marvel-b1-cdn.bc0a.com *.dartmouth.edu *.withgoogle.com *.googleadservices.com *.google-analytics.com www.vimeo.com *.googletagmanager.com *.global.siteimproveanalytics.io orders-bb.us-east-1.widencdn.net *.widencdn.net data: www.w3.org/2000/svg https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.vimeo.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.google.com *.vimeo.com vimeo.com siteimproveanalytics.com *.googleapis.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleusercontent.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.rocketalumnisolutions.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com orders-bb.us-east-1.widencdn.net *.widencdn.net 1
default-src *.openstreetmap.org *.openlayers.org *.arcgisonline.com 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.openstreetmap.org *.openlayers.org *.cnil.fr; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.openstreetmap.org *.openlayers.org *.cnil.fr; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com *.openstreetmap.org *.openlayers.org *.cnil.fr; img-src 'self' *.openstreetmap.org *.openlayers.org *.cnil.fr data:; font-src 'self' *.openstreetmap.org *.openlayers.org *.cnil.fr; object-src 'self' *.openstreetmap.org *.openlayers.org *.cnil.fr; frame-src 'self' *.openstreetmap.org *.openlayers.org *.cnil.fr; frame-ancestors 'self' *.openstreetmap.org *.openlayers.org *.cnil.fr ; form-action 'self' *.signal-spam.fr *.cnil.fr *.economie.gouv.fr ; block-all-mixed-content; base-uri 'self' 1
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 1
child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.by mc.yandex.ru mc.yandex.md mc.yandex.by *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.by&showid=1705983039552121-14049009509254365991-balancer-l7leveler-kubr-yp-vla-99-BAL-6575&h=stable-portal-mordago-161.vla.yp-c.yandex.net&yandexuid=8543659911705983039&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.by yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.by;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.by favicon.yandex.net avatars.mds.yandex.net blob: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.by mc.yandex.ru;script-src 'nonce-uf2XxdZJMD99pg158c7FyA==' mc.yandex.com yastatic.net yandex.by mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.by;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-a829f2c981bbabb5'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 1
frame-ancestors 'self' *.tcgplayer.com app.optimizely.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' https: blob: 1
font-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://s7.addthis.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-elem 'self' 'unsafe-inline' https://nb-sec-nber.pantheonsite.io https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; style-src-elem 'self' 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' https://*; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*; frame-src 'self' https://*; connect-src 'self' data: blob: 'unsafe-inline' https://*; img-src 'self' data: blob: 'unsafe-inline' https://*; manifest-src 'self' https://*; style-src 'self' data: blob: 'unsafe-inline' https://*; font-src 'self' data: blob: 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-ancestors 'self' https://*; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com *.googleapis.com *.googletagmanager.com *.google-analytics.com  *.jquery.com *.ud-sandbox.com unstoppabledomains.com *.stripe.com *.gmo.jp cdn.jsdelivr.net siteseal.gmo-cybersecurity.com translate.google.com www.gstatic.com connect.facebook.net s.yimg.jp static-fe.payments-amazon.com *.cloudfront.net payments.amazon.co.jp *.amazon.com auth.login.yahoo.co.jp cdnjs.cloudflare.com fonts.gstatic.com data: blob: *.zopim.com *.zdassets.com wss: *.zopim.io cdn.datatables.net  *.google.com gmo-cybersecurity.com *.epsilon.jp *.webmoney.ne.jp *.ssl-images-amazon.com *.media-amazon.com cdn.polyfill.io platform.twitter.com kit.fontawesome.com *.globalsign.com *.doubleclick.net *.ads-twitter.com *.ebis.ne.jp minerva-deliver.sp.gmossp-sp.jp analytics.twitter.com t.co minerva-js.sp.gmossp-sp.jp *.yahoo.co.jp *.google.co.jp www.facebook.com analytics.google.com www.googleadservices.com *.fontawesome.com unpkg.com maxcdn.bootstrapcdn.com oss.maxcdn.com *.clarity.ms *.googlesyndication.com ajax.cloudflare.com c.bing.com *.docsbot.ai docsbot.ai; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://googleads.g.doubleclick.net https://www.googleoptimize.com https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru https://connect.facebook.net https://www.youtube.com https://bs-dante.ru https://*.farpost.ru https://www.dvhab.ru https://*.drom.ru https://*.rdrom.ru https://*.vl.ru https://*.jivo.ru https://*.jivosite.com; connect-src 'self' https://bs-dante.ru https://*.bs-dante.ru https://*.google-analytics.com https://*.google.ru https://*.google.com https://translate.googleapis.com https://stats.g.doubleclick.net https://api-maps.yandex.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://top-fwz1.mail.ru https://www.facebook.com https://counter.yadro.ru wss://*.farpost.ru wss://*.drom.ru wss://*:444 https://api2.nrg-tk.ru https://*.vl.ru https://*.drom.ru https://*.farpost.ru https://www.dvhab.ru https://*.jivo.ru https://*.jivosite.com wss://*.jivo.ru 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com public.tableau.com nonce-RB7zpJJFKJXw4AMtaZhmgg; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://cse.google.com https://polyfill.io https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 1
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://*.carnivalcloud.net https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.nonprod.carnivalcloud.net https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.googletagmanager.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com; upgrade-insecure-requests; object-src *.ubs.com *.ubs.net https://players.brightcove.net; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch *.immoscout24.ch *.acheter-louer.ch *.buy-rent.ch *.kaufen-mieten.ch; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net https://outlook.office365.com *.omniture.com *.adobe.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.brightcove.services *.boltdns.net *.brightcovecdn.com *.googleapis.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.google-analytics.com tt.ubs.com; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.yahoo.co.jp *.adform.net *.akamaihd.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.google.com.au *.google.com.br *.google.ca *.google.cn *.google.fr *.google.de *.google.com.hk *.google.co.in *.google.co.id *.google.co.il *.google.it *.google.co.jp *.google.com.mx *.google.com.sa *.google.com.sg *.google.com.tw *.google.ae *.google.co.uk 1
frame-ancestors 'self' https://*.arvato-systems-media.net http://*.arvato-systems-media.net https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks https://studio.coremedia.pandora.net 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat.nic.cz https://test-ipv6.cz https://*.test-ipv6.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz https://test-ipv6.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://test-ipv6.cz https://*.test-ipv6.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://dns53.check.odvr.cz https://dot.check.odvr.cz https://doh.check.odvr.cz https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://sentry.nic.cz/api/13/security/?sentry_key=fc89cece4f7d45e3b49d1ef9d0b48bf5 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.social; img-src 'self' data: blob: https://mastodon.social https://files.mastodon.social; style-src 'self' https://mastodon.social 'nonce-/k+AjwZPh4ObZkaXkW4sEQ=='; media-src 'self' data: https://mastodon.social https://files.mastodon.social; frame-src 'self' https:; manifest-src 'self' https://mastodon.social; form-action 'self'; child-src 'self' blob: https://mastodon.social; worker-src 'self' blob: https://mastodon.social; connect-src 'self' data: blob: https://mastodon.social https://files.mastodon.social wss://streaming.mastodon.social; script-src 'self' https://mastodon.social 'wasm-unsafe-eval' 1
default-src 'self' aclu.org *.aclu.org peoplepower.org *.peoplepower.org *.mapbox.com heapanalytics.com *.heapanalytics.com *.youtube.com *.youtube-nocookie.com https://*.optimizely.com https://aclu.hosted.jacksonriverdev.com https://w.soundcloud.com *.instagram.com infogram.com e.infogram.com *.givingdocs.com givingdocs.com *.doublethedonation.com https://doublethedonation.com; style-src 'self' 'unsafe-inline' aclu.org *.aclu.org peoplepower.org *.peoplepower.org heapanalytics.com *.givingdocs.com givingdocs.com *.doublethedonation.com https://doublethedonation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' aclu.org *.aclu.org peoplepower.org *.peoplepower.org *.mapbox.com heapanalytics.com *.heapanalytics.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com *.instagram.com assets.gospringboard.io infogram.com e.infogram.com https://js-agent.newrelic.com https://bam.nr-data.net *.youtube.com *.youtube-nocookie.com *.doublethedonation.com https://doublethedonation.com; img-src 'self' data: blob: aclu.org *.aclu.org peoplepower.org *.peoplepower.org *.mapbox.com heapanalytics.com https://*.optimizely.com *.gospringboard.io https://secure.gravatar.com *.doublethedonation.com https://doublethedonation.com; font-src 'self' data: *.aclu.org *.doublethedonation.com https://doublethedonation.com *.auryc.com; connect-src 'self' https://bam.nr-data.net https://*.optimizely.com https://*.aclu.org https://aclu.hosted.jacksonriverdev.com *.doublethedonation.com https://doublethedonation.com *.auryc.com; 1
img-src 'self' 'unsafe-inline' images.logitech.com cdn-cx-images.dynamite.myharmony.com cdn.cookielaw.org cdn-cx-images.dynamite.myharmony.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' cdn.cookielaw.org recaptcha.net static.zdassets.com;connect-src 'self' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com privacyportal.onetrust.com;script-src-attr 'unsafe-inline';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
connect-src *.strm.yandex.net mc.yandex.com yandex.com.tr yabs.yandex.com.tr yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.com.tr;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.com.tr favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.tr mc.yandex.ru;script-src 'nonce-uUUjL+tW49A/lWnO620kXw==' mc.yandex.com yastatic.net yandex.com.tr mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.tr;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.com.tr mc.yandex.ru mc.yandex.md mc.yandex.com.tr *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.com.tr&showid=1705973671877460-5209163632967121408-balancer-l7leveler-kubr-yp-sas-83-BAL-4835&h=stable-portal-mordago-42.sas.yp-c.yandex.net&yandexuid=2671214081705973671&&version=2024-01-19-465&adb=0;media-src yastatic.net;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
script-src 'nonce-lX6F5gV4vC1tBmbnIVLwbQ==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https:; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=WXgEKEUb_xZ7YvZwkniQuxE5CeIloBevVOEc1FxA-lY9DgiDp4O8QJuA3UKLJRLV&policy_id=10&user_id=&request_id=de70f3df-fed5-4f58-ac89-8a515659534b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
connect-src 'self' https://*.i-ready.com https://*.trackjs.com https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'none'; 1
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.filezilla-project.org; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * blob: 1
connect-src 'self' https: https://api.hubapi.com *.hscollectedforms.net *.hsforms.com https://disclosure.api.osano.com https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/21693537/ *.osano.com *.hubspot.com *.google-analytics.com https://widget.freshworks.com https://raw.githubusercontent.com/JuliaCI/NanosoldierReports/master/pkgeval/by_date/latest https://forms.hsforms.com/embed/v3/form/21693537/ https://quest.juliahub.com https://tattle.api.osano.com https://api.stripe.com https://maps.googleapis.com; font-src 'self' data: https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://js.stripe.com https://hooks.stripe.com *.hsforms.net *.hsforms.com; img-src 'self' https://img.shields.io https://coveralls.io https://shields.io/endpoint https://api.cirrus-ci.com https://ci.appveyor.com https://travis-ci.com https://api.travis-ci.com https://api.travis-ci.org https://codecov.io https://app.codecov.io https://badge.buildkite.com https://travis-ci.com https://travis-ci.org https://www.repostatus.org https://github.com https://www.google-analytics.com *.juliahub.com *.juliacomputing.io data: blob: developers.google.com *.hsforms.com *.hsforms.net *.githubusercontent.com; script-src 'self' 'unsafe-eval' blob: *.osano.com https://*.hs-scripts.com https://js.hubspot.com https://js.hs-analytics.net https://js.hs-banner.com/v2/21693537/banner.js https://js.hscollectedforms.net/collectedforms.js https://js.usemessages.com/conversations-embed.js *.hsforms.net *.hsforms.com *.hscollectedforms.net https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/chosen.jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://widget.freshworks.com 'sha256-mde36GgyH+s2KkJIg7EIjgUGiXBu+S2svz9sTsYJxLU=' https://www.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://quest.juliahub.com https://js.stripe.com https://maps.googleapis.com; style-src 'self' https://hello.myfonts.net https://widget.freshworks.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/chosen.min.css *.osano.com 'unsafe-inline' https:; default-src 'self'; object-src 'none'; worker-src 'self' blob: *.osano.com; upgrade-insecure-requests ; child-src *.hsforms.com; report-uri https://juliacomputing.report-uri.com/r/t/csp/enforce; 1
frame-ancestors https://segmento.ru http://webvisor.com https://*.segmento.ru;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.bitrix24.ru https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://image.sendsay.ru https://googletagmanager.com https://js.facebook.com https://graph.facebook.com https://connect.facebook.net https://mc.yandex.com https://*.yandex.net https://yastatic.net https://*.yandex.ru https://*.yandex.by https://top-fwz1.mail.ru https://mc.yandex.ru https://*.rutarget.ru https://www.youtube.com https://*.google-analytics.com https://bitrix.info https://*.sber247.ru https://static.hotjar.com https://script.hotjar.com;style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com https://*.sber247.ru https://*.google.com https://translate.googleapis.com https://fonts.googleapis.com https://*.bitrix24.ru;object-src 'none';frame-src dzen.ru vars.hotjar.com https://*.yandex.ru https://*.google.com www.googletagmanager.com connect.facebook.net *.facebook.com https://segmento.ru https://*.sber247.ru https://mc.yandex.com https://mc.yandex.md https://www.facebook.com https://*.rutarget.ru https://www.youtube.com https://www.googletagmanager.com https://*.segmento.ru;child-src www.googletagmanager.com connect.facebook.net *.facebook.com;img-src 'self' data: script.hotjar.com blob: www.googletagmanager.com fonts.gstatic.com *.fbcdn.net *.facebook.net *.facebook.com www.google.ru https://yandex.ru https://fonts.gstatic.com https://*.sber247.ru https://*.yandex.net https://*.yandex.by https://*.digitaltarget.ru https://*.moevideo.biz https://*.kost.tv https://*.aidata.io https://*.1dmp.io https://*.otm-r.com https://*.videonow.ru https://*.republer.com https://*.betweendigital.com https://*.buzzoola.com https://*.andata.ru https://*.google.com https://*.weborama.fr https://*.rutarget.ru https://*.doubleclick.net https://yastatic.net https://*.yandex.ru https://*.mail.ru https://instreamvideo.ru https://*.mts.ru https://connect.facebook.net https://mc.yandex.com https://www.googletagmanager.com http://*.google-analytics.com https://*.google-analytics.com https://mc.yandex.ru https://www.gstatic.com https://favicon.yandex.net https://www.facebook.com https://segmento.ru https://*.segmento.ru;font-src 'self' data: script.hotjar.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com;connect-src *.hotjar.com *.hotjar.io https://*.bitrix24.ru https://bitrix.info wss://*.hotjar.com fonts.gstatic.com analytics.google.com www.google.ru www.googletagmanager.com fonts.googleapis.com connect.facebook.net *.facebook.com https://*.yandex.ru https://api-maps.yandex.ru https://*.yandex.by https://yandexmetrica.com:30103 https://yandexmetrica.com:29010 https://mc.yandex.com https://ymetrica1.com https://mc.yandex.md https://*.yandexmetrica.com https://www.facebook.com https://*.doubleclick.net https://top-fwz1.mail.ru https://mc.yandex.ru https://www.google-analytics.com https://segmento.ru https://catds.net https://code.jquery.com https://*.sber247.ru https://www.1c-bitrix.ru https://*.segmento.ru;manifest-src https://segmento.ru https://*.segmento.ru;base-uri 'self';form-action connect.facebook.net *.facebook.com https://segmento.ru https://www.facebook.com https://*.segmento.ru;media-src data: https://*.segmento.ru https://segmento.ru;prefetch-src 'none';worker-src blob: https://*.segmento.ru https://segmento.ru;report-uri https://sentry.rutarget.ru/api/4/security/?sentry_key=3aa395c30abf409cac1fe5892afa65dd; 1
script-src 'sha256-1az3CiAdXAaMP3TFl5msfrDjNuSHMdg1ecAgxfZPR50=' 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/chromium-website/ 1
default-src 'self' https://api.zotero.org; script-src 'self' https://api.zotero.org 'nonce-jbu4gwh22m'; style-src 'self' hello.myfonts.net 'nonce-r1dx7yzoux'; img-src 'self' https://s3.amazonaws.com/; frame-src 'self'; connect-src 'self' https://api.zotero.org https://api.zotero.org https://www.zotero.org https://zoterofilestorage.s3.amazonaws.com https://zoterofilestorage.s3.us-east-1.amazonaws.com/ https://t0guvf0w17.execute-api.us-east-1.amazonaws.com wss://stream.zotero.org https://files.zotero.net; child-src 'self'; worker-src 'self' 1
font-src 'self' data:; frame-ancestors 'none' 1
frame-ancestors 'self' https://t.contentsquare.net https://r.contentsquare.net https://uxanalytics.content-square.fr https://app.contentsquare.com https://nectar360.citrusad.com https://testers.sainsburys.co.uk https://demo3.citrusad.com; report-uri https://www.sainsburys.co.uk/csp-report 1
frame-ancestors 'self' https://www.lightinthebox.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.doorbell.io *.crazyegg.com https://*.ravelrycache.com https://*.chatlio.com plausible.io https://*.hotjar.com https://*.raygun.io https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com *.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com  https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.crazyegg.com *.gstatic.com *.raygun.io; frame-src 'self' https://*.facebook.com https://*.hotjar.com  https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.spotify.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com doorbell.io:443 *.crazyegg.com https://*.raygun.io https://*.nr-data.net https://plausible.io https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com *.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 1
font-src use.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.paypalobjects.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com fast.wistia.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com use.typekit.net js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.adobe.com stats.g.doubleclick.net adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com sandbox.api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://vodafone.lookbookhq.com https://vodafone.lookbookhq.com http://*.vodafone.com https://*.vodafone.com https://app.contentful.com; 1
frame-ancestors 'self' https://*.contentful.com 1
default-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob: 1
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob: *.hushly.com; script-src 'self' https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net *.mountain.com trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com *.hushly.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com *.hushly.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com *.hushly.com; connect-src 'self' blob: https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/ *.hushly.com https://px.ads.linkedin.com/wa/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com; 1
script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.truefitcorp.com http://*.truefitcorp.com https://www.googletagmanager.com http://*.bazaarvoice.com https://*.bazaarvoice.com https://code.jquery.com https://*.evergage.com http://*.evergage.com http://*.academy.com https://*.academy.com https://*.iesnare.com https://*.amazonaws.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.scene7.com http://*.scene7.com https://*.firstdata.com https://*.google.com https://*.paypalobjects.com https://unpkg.com https://*.evgnet.com http://www.youtube.com https://www.youtube.com https://*.go-mpulse.net http://*.go-mpulse.net https://*.ytimg.com https://*.googleadservices.com https://cdn.b0e8.com https://*.micpn.com https://*.pbbl.co https://*.pinimg.com https://*.myvisualiq.net https://*.facebook.net https://*.doubleclick.net http://*.googleapis.com https://*.googleapis.com https://*.evgnet.com https://tagmanager.google.com https://*.cdn-net.com http://*.cdn-net.com https://*.akamaihd.net https://*.paymentjs.firstdata.com https://*.paypal.com https://*.rfihub.net https://*.rfihub.com https://*.dealtime.com http://*.myregistry.com https://*.myregistry.com https://*.gstatic.com http://incl-v2.academy.com.searchdex.net https://incl-v2.academy.com.searchdex.net https://*.bing.com http://*.bing.com https://*.iovation.com https://*.googletagservices.com https://*.rewardstyle.com https://*.kaptcha.com https://*.pingdom.net https://*.quantummetric.com https://*.adsrvr.org https://*.criteo.net http://*.criteo.net https://*.criteo.com http://*.criteo.com https://*.tokenex.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://accessibe.com https://acsbapp.com https://ace.accessibe.com https://*.listrakbi.com https://*.listrak.com https://assets.sitescdn.net https://*.tvpage.com https://assets.contentstack.io https://cdn.jsdelivr.net https://*.mczbf.com https://*.monetate.net https://client.px-cloud.net https://*.perimeterx.net https://*.perimeterx.com https://*.px-cdn.net https://*.px-cloud.net https://*.pxchk.net https://*.px-client.net https://*.curalate.com https://logs-01.loggly.com https://ojrq.net https://utt.impactcdn.com https://academysportsoutdoors.sjv.io https://*.klarnaservices.com https://*.klarna.com https://*.klarnacdn.net https://analytics-sm.com https://*.cluep.com https://insitez.blob.core.windows.net https://*.creativecdn.com https://*.stylitics.com https://*.adnxs.com https://tags.tiqcdn.com https://my.tealiumiq.com https://*.ocs.oraclecloud.com https://*.custhelp.com https://*.zineone.com https://*.flippenterprise.net https://*.flippenterprise.com https://*.wishabi.com https://*.wishabi.net https://*.flipp.com https://*.flippback.com https://*.klarna.com https://*.rnengage.com https://visitor-service-us-east-1.tealiumiq.com https://visitor-service-us-east-2.tealiumiq.com https://visitor-service-us-west-1.tealiumiq.com https://visitor-service-us-west-2.tealiumiq.com https://visitor-service.tealiumiq.com https://*.rightnowtech.com https://activitymap.adobe.com https://*.sezzle.com 1
script-src 'nonce-k/ThpQFJnLFrcYfk0k+iiw==' 'strict-dynamic' 'self' dgbricks.foxycart.com cdnjs.cloudflare.com www.google-analytics.com connect.liblynx.com www.googletagmanager.com tag.manager.google.com mozilla.github.io cc.cdn.civiccomputing.com; object-src 'self' www.googletagmanager.com; base-uri 'none' 1
frame-ancestors 'self' *.signupgenius.com *.signupgenius.rocks *.signupgenius.dev 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3833600928d6ac3b1569097ccc9bd4fb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1609564264720126; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1609564264720126 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hmv.com https://*.usefathom.com https://*.googleapis.com https://*.addressy.com https://*.brcdn.com https://*.brsrvr.com https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.msecnd.net https://*.scarabresearch.com https://*.visualstudio.com https://*.worldpay.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.sessioncam.com https://*.facebook.com https://*.google.com https://*.google.co.uk https://*.twitter.com https://hmvliveblobstorage.blob.core.windows.net https://*.emarsys.net https://*.hotjar.com wss://*.hotjar.com https://*.queue-fair.net https://widget.trustpilot.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.simplecast.com https://hmv.com https://*.trustpilot.com https://*.mention-me.com https://mention-me.com https://*.uk.exponea.com https://*.klarna.com https://*.klarnaevt.com; img-src 'self' data: https://*.hmv.com https://*.usefathom.com https://*.googleapis.com https://*.addressy.com https://*.brcdn.com https://*.brsrvr.com https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.msecnd.net https://*.scarabresearch.com https://*.visualstudio.com https://*.worldpay.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.sessioncam.com https://*.facebook.com https://*.google.com https://*.google.co.uk https://*.twitter.com https://hmvliveblobstorage.blob.core.windows.net https://*.emarsys.net https://*.hotjar.com wss://*.hotjar.com https://*.queue-fair.net https://widget.trustpilot.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.simplecast.com https://hmv.com https://*.trustpilot.com https://*.mention-me.com https://mention-me.com https://*.uk.exponea.com https://*.klarna.com https://*.klarnaevt.com; frame-ancestors 1
default-src https: data: vine:;img-src 'self' data: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://t.co https://analytics.twitter.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://twemoji.maxcdn.com https://twitter.github.io/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vine.co https://*.twitter.com https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co https://platform.vine.co https://stats.g.doubleclick.net https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;media-src 'self' blob: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://*.vncdn.co https://media.vineapp.com;object-src 'self' blob: https://vine.co https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com;connect-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://graph.facebook.com;font-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;report-uri https://twitter.com/i/csp_report?a=OZUW4ZI=&ro=false 1
frame-ancestors 'self' https://fws.gov; 1
base-uri 'self';frame-ancestors 'self' https://apac1-proxy.adobemc.com https://experience.adobe.com https://widget.bajajfinserv.in/ org.altruist.BajajExperia com.Bajaj.bajajexperia https://www.bajajfinservmarkets.in/ org.altruist.BajajExperia  com.Bajaj.bajajexperia 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com *.seznamakce.cz www.novinky.cz admin.novinky.cz *.novinky.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.novinky.cz https://www.novinky.cz 1
frame-ancestors 'self' https://bluebelldigital.com/; report-to default 1
frame-ancestors 'self' https://m.economictimes.com/ https://m.timesofiindia.com/ https://timesofindia.indiatimes.com/ https://navbharattimes.indiatimes.com/ http://www.google.com/ https://www.google.com/ https://m-economictimes-com.cdn.ampproject.org/ 1
default-src *.ugg.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net *.arcot.com api.v2.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.securesuite.co.uk www.rsa3dsauth.co.uk *.wlp-acs.com 3ds.redsys.es paiment2.secure.lcl.fr 3ds.nexigroup.com *.creditmutuel.fr *.cardinalcommerce.com acs2-3dsecure.cic.fr acs.revolut.com *.creditmutuel.fr 3dsecure.vrp.de *.mercurypaymentservices.it 3dsecure.nexi.it 3ds-challenge.n26.com sicher-bezahlen.sparkasse.at *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com api.us-1.gladly.chat chat-assets.cdn.gladly.com chat-sdk.cdn.gladly.com cdn.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.ugg.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com static.rakuten.com *.medallia.eu *.kampyle.com; style-src *.ugg.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io cdn.gladly.com chat-sdk.cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com assets.sprocket.bz *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.ugg.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk 3ds-challenge.n26.com *.sparkasse.at 3d-secure.pluscard.de *.creditmutuel.fr 3ds.redsys.es acs.apata.io acs.mercurypaymentservices.it authentication.cardinalcommerce.com 3ds.nexigroup.com *.revolut.com *.cic.fr *.americanexpress.com paiement1.secure.lcl.fr paiement2.secure.lcl.fr verify.monzo.com *.rsa3dsauth.co.uk *.wlp-acs.com *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com *.arcot.com accentgroup.formstack.com; media-src *.ugg.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com; worker-src *.ugg.com blob: *.osano.com; child-src *.ugg.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com chat-sdk.cdn.gladly.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.arcot.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com assets.v2.sprocket.bz *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com acs2-3dsecure.cic.fr verify.monzo.com paiement2.secure.lcl.fr www.rsa3dsauth.co.uk channel-cards-html.loydsbankinggroup.com *.creditmutuel.fr acs.mercurypaymentservice.it 3ds.redsys.es acs.revolut.com www.securesuite.co.uk 3dsecure.nexi.it www.rsa3dsauth.co.uk *.wlp-acs.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.ugg.com/_/csp-reports 1
frame-ancestors 'self' *.kufar.by 1
default-src 'self'  https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://api.data.gov https://maxcdn.bootstrapcdn.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; object-src 'unsafe-inline' 'self' ; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://api.data.gov  https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com https://api.data.gov https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://api.data.gov https://analytics.govinfo.gov; frame-src 'self'  https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-C7vkNTU8CNa/2UKDjB60nA=='  'sha256-5yLEE/jUF5eoOefsINotD+tXeklSYMKlhm5Zl+biNrg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com 1
frame-ancestors default-src 'self' https://d2l.ucalgary.ca; 1
frame-ancestors *.ndtv.com *.gadgets360.com hotdeals360.com pricee.com gadgets360.com jionews.com *.google.com google.com; 1
frame-ancestors 'self' adria.contentexchange.me adria.ign.com alo.contentexchange.me alo.rs b92.net bastabalkana.com bgonline.rs bulevar.b92.net citymagazine.rs color.rs crvenazvezdainfo.com direktno.rs dnevnik.rs edukujse.com fantasticna.com gloria.rs goglasi.com grand.online hellomagazin.rs horoskopzadanas.com hotsport.rs hrana-pice-price.com idjtv.com informer.rs ispovesti.com k-013.com kokosovoulje.com krstarica.rs kupujemprodajem.com lepotaizdravlje.rs limundo.com ljubavni-stihovi.com logicno.com luftika.rs luftika.rs mojamakuvabolje.prva.rs mojauto.rs mojkvadrat.rs mojtrg.rs mojtrg.rs moodiranje.rs najboljicajevi.com najcestitkezarodjendan.com najzdravijahrana.com najzdravlje.com naslovi.net nedeljnik.rs niskevesti.rs nova.rs polovniautomobili.com pressserbia.com prva.rs prvaplus.prva.rs recepti-kuvar.rs receptizajela.com republika.rs ringier.contentexchange.me rs.n1info.com rs.sputniknews.com sanovniksanjarica.com sanovniksnova.com savrsena.com sportske.net sportklub.rs srbijadanas.rs story.rs superzena.b92.net svetplus.com svetputovanja.info teenstars.rs telegraf.rs titlovi.com tracara.com tvin.rs vrelegume.rs zdravino.com livepreview.adform.com 1
frame-ancestors 'self' http://signifyd.lookbookhq.com https://signifyd.lookbookhq.com http://signifyd.pathfactory.com https://signifyd.pathfactory.com http://resources.signifyd.com https://resources.signifyd.com https://www.signifyd.com 1
default-src 'self' wss: data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.wolframcloud.com localhost:* *.adroll.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com connect.facebook.net ajax.googleapis.com *.adroll.com *.wolframalpha.tw *.cloudflare.com; img-src 'self' http://*.wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.adroll.com www.facebook.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ; 1
connect-src 'self' *.linkedin.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.sequel.io *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self'; 1
default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-zsdRBSH3ThPcyYunR1Xiwg=='; style-src 'self' 'unsafe-inline' 1
default-src afirma://* ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/  afirma://* ; connect-src 'self' ; img-src 'self' eur-lex.europa.eu data: ; style-src 'unsafe-inline' 'self' *.boe.es ; font-src 'self' ; child-src 'self'  www.youtube.com afirma://* ; object-src 'self' ; media-src 'self' 1
default-src 'none'; object-src https://*.covers.com; base-uri https://*.covers.com; form-action https://www.facebook.com/tr/ https://forms.hsforms.com https://*.covers.com;  frame-ancestors https://*.covers.com;  block-all-mixed-content; img-src data: https://d29xw9s9x32j3w.cloudfront.net https://*.scorecardresearch.com https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://*.hotjar.com https://alb.reddit.com https://t.co https://pixel.mathtag.com https://evanalytics.com https://script.hotjar.com https://*.covers.com https://www.google-analytics.com https://triathlon.sc.omtrdc.net https://www.googletagmanager.com https://*.hubspot.com/ https://www.facebook.com  https://triathlon.sc.omtrdc.net https://useruploads.visualwebsiteoptimizer.com https://*.twimg.com https://*.brid.tv  https://dev.visualwebsiteoptimizer.com https://dpm.demdex.net  https://*.twitter.com  https://translate.google.com  https://*.s3.amazonaws.com https://www.gannett-cdn.com https://cm.everesttech.net https://userimages-covers.imgix.net https://public.flourish.studio https://i.ytimg.com https://ajax.googleapis.com; script-src blob: https://www.redditstatic.com/ads/pixel.js https://static.ads-twitter.com https://evanalytics.com https://triathlon.sc.omtrdc.net https://activitymap.adobe.com https://e.clarity.ms https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' https://*.covers.com https://www.facebook.com/ https://pixel.mathtag.com https://connect.facebook.net/ https://forms.hsforms.com https://js.hsforms.net https://www.datadoghq-browser-agent.com https://*.datadoghq.com https://www.google-analytics.com https://www.googletagservices.com https://ajax.googleapis.com https://assets.adobedtm.com https://code.jquery.com https://*.cookiebot.com https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.ampproject.org  https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://imasdk.googleapis.com https://*.brid.tv https://platform.twitter.com https://public.flourish.studio https://*.hotjar.com https://apis.google.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://certify.gpwa.org https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline'  https://*.covers.com https://evanalytics.com https://kit.fontawesome.com https://covers.com https://localhost:44383 https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://accounts.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.brid.tv https://www.gstatic.com https://platform.twitter.com https://ton.twimg.com; style-src-elem 'unsafe-inline' https://accounts.google.com https://evanalytics.com https://unpkg.com https://*.covers.com https://covers.com https://localhost:44383 https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.brid.tv https://www.gstatic.com https://platform.twitter.com https://ton.twimg.com; script-src-elem 'unsafe-inline' https://accounts.google.com https://*.sendtonews.com https://d29xw9s9x32j3w.cloudfront.net https://*.amazon-adsystem.com https://*.googlesyndication.com https://*.indexww.com https://*.2mdn.net https://*.resonate.com https://*.fastclick.net https://www.everestjs.net https://www.redditstatic.com/ads/pixel.js https://static.ads-twitter.com https://evanalytics.com https://activitymap.adobe.com https://www.clarity.ms https://e.clarity.ms https://connect.facebook.net https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com/ https://iframe.fresh8.co/ https://stackpath.bootstrapcdn.com https://suggestqueries.google.com https://www.datadoghq-browser-agent.com https://*.datadoghq.com https://bam-cell.nr-data.net https://js-agent.newrelic.com https://pixel.mathtag.com https://unpkg.com https://*.covers.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com https://assets.adobedtm.com https://cdnjs.cloudflare.com https://*.hotjar.com https://static.zdassets.com  https://*.googleapis.com  https://*.cookiebot.com https://apis.google.com https://code.jquery.com https://www.google.com https://www.googletagservices.com https://translate.googleapis.com https://www.gstatic.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://*.brid.tv https://public.flourish.studio https://cdn.ampproject.org https://certify.gpwa.org https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com; connect-src https://localhost:44379 https://*.hotjar.io https://accounts.google.com https://*.doubleclick.net https://*.amazon.dev https://d29xw9s9x32j3w.cloudfront.net https://*.sendtonews.com https://*.casalemedia.com https://*.amazon-adsystem.com https://*.covers.com wss://*.covers.com https://evanalytics.com https://e.clarity.ms/collect https://www.clarity.ms/collect https://surveystats.hotjar.io https://www.facebook.com/tr/ https://www.datadoghq-browser-agent.com https://*.datadoghq.com https://*.twitter.com https://*.ampproject.net https://cdn.cookielaw.org https://triathlon.sc.omtrdc.net https://hubspot-forms-static-embed.s3.amazonaws.com/ https://www.googleapis.com https://consentcdn.cookiebot.com https://*.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://api.clarifyip.com https://api.hubspot.com https://cdn.ampproject.org https://cdn.brid.tv https://covers.zendesk.com https://csi.gstatic.com https://dpm.demdex.net https://ekr.zdassets.com https://forms.hubspot.com https://forms.hsforms.com/ https://services.brid.tv https://vc.hotjar.io wss://widget-mediator.zopim.com https://*.googlesyndication.com https://redir.adap.tv wss://*.hotjar.com https://lasteventf-tm.everesttech.net; font-src data: https://img.sportsbookreview.com https://script.hotjar.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com https://*.covers.com; frame-src https://accounts.google.com/ https://activitymap.adobe.com https://forms.hsforms.com/ https://iframe.fresh8.co/ https://open.spotify.com/ https://www.facebook.com/tr/ https://*.ampproject.net https://pixel.mathtag.com https://html5-player.libsyn.com https://*.twitter.com https://vars.hotjar.com https://www.google.com https://consentcdn.cookiebot.com https://*.covers.com https://www.googletagmanager.com https://www.youtube.com https://flo.uri.sh https://imasdk.googleapis.com https://services.brid.tv https://tri.demdex.net https://*.googlesyndication.com https://art19.com https://embeds.audioboom.com; media-src data: blob: https://d29xw9s9x32j3w.cloudfront.net https://cdn.brid.tv https://www.covers.com; 1
default-src https:; img-src data: https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https:; font-src data: https:; media-src blob: https:; worker-src https: 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-53b69f845e16dce3f922e0299f611383' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9217433746769478; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9217433746769478 1
frame-ancestors 'self' *.miami.edu; 1
frame-ancestors 'self' https://alz.6connex.com act.alz.org alzwalk.giving 1
frame-ancestors 'self' *.chefkoch.de *.chefkoch-cdn.de www-chefkoch-de.cdn.ampproject.org 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-IX7q4EimmpjDXbCVLsS+ZA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.ro  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-37cd83844af402da70c149c9309c67de' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1079842622023149; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1079842622023149 1
default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; img-src 'self' data: blob: fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; frame-src 'self' youtube.com www.youtube.com cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; font-src 'self' fonts.googleapis.com; 1
default-src 'self' *.hkcsl-5g.com *.facebook.com *.instagram.com *.doubleclick.net *.google-analytics.com *.ytimg.com *.netvigator.com *.kudostat.com *.google.com *.google.com.hk;       connect-src 'self' s.yimg.com *.tealiumiq.com *.hkcsl-5g.com *.netvigator.com *.google.com *.google.com.hk *.google-analytics.com *.doubleclick.net;       script-src 'self' *.createjs.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com *.tiqcdn.com *.jquery.com *.google.com *.hkcsl-5g.com *.cheqzone.com *.echarts.baidu.com *.netvigator.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googleadservices.com *.kudostat.com *.googletagmanager.com *.doubleclick.net *.facebook.net  *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';      img-src 'self' *.yahoo.com *.tealiumiq.com *.pccw.com *.googleadservices.com *.hkcsl-5g.com *.facebook.net *.w3.org *.ytimg.com *.cheqzone.com *.netvigator.com *.google.com *.google.com.hk *.kudostat.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.instagram.com ;      style-src 'self' *.hkcsl-5g.com *.googleapis.com *.netvigator.com *.hkt.com *.shop.hkt.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net 'unsafe-inline';      frame-src 'self' key2connect.com *.hkcsl-5g.com *.hkt.com *.shop.hkt.com *.cheqzone.com *.facebook.com *.instagram.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com;      font-src 'self' *.hkcsl-5g.com *.cheqzone.com *.facebook.com *.instagram.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com *.gstatic.com; 1
frame-ancestors statsig.com *.statsig.com 'self' 1
frame-ancestors 'self' https://*.momoshop.com.tw http://*.momoshop.com.tw; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools 1
default-src 'self'; frame-src 'self' https://static.rustore.ru https://id.vk.com https://login.vk.com https://vk.com https://api.cyberity.ru https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.rustore.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com  http://webvisor.com http://*.webvisor.com https://mc.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rustore.ru https://*.mail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://mc.yandex.ru https://yastatic.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.cloudfront.net https://www.googletagmanager.com; connect-src 'self' blob: https://*.rustore.ru https://*.mail.ru https://mc.yandex.ru https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src data: blob: https://*; media-src data: blob: https://*.rustore.ru 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com; frame-ancestors 'self' https://*.rustore.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com  http://webvisor.com http://*.webvisor.com; report-uri /csp-violation-report 1
default-src 'self' *.bayern.de *.youtube.co *.youtube.com *.whappodo.com *.youtube-nocookie.com *.podigee.io *.podigee-cdn.net *.readspeaker.com *.linguatec.org 'unsafe-inline' 'unsafe-eval' data: 1
script-src https: http: 'unsafe-eval' 'unsafe-inline'; frame-ancestors https://*.browserstack.com; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' d3svog4tlx445w.cloudfront.net *.fullstory.com *.appsflyer.com *.googletagmanager.com *.google.com *.smooch.io *.getclicky.com *.getdrip.com *.pingdom.net *.pardot.com *.freshdesk.com *.sovrn.com *.freshchat.com data:  *.chilipiper.com *.forchili.com *.kscope.io; style-src * 'self' 'unsafe-inline' d34uoa9py2cgca.cloudfront.net d3svog4tlx445w.cloudfront.net unpkg.com d36mpcpuzc4ztk.cloudfront.net; img-src * data: blob:; font-src * data:; connect-src * 'self' *.fullstory.com *.appsflyer.com *.googletagmanager.com *.google.com *.smooch.io *.getclicky.com *.chilipiper.com *.forchili.com; media-src * *.getdrip.com *.pingdom.net d36mpcpuzc4ztk.cloudfront.net *.freshdesk.com *.sovrn.com *.freshchat.com; frame-src * ; worker-src * blob: ; child-src * 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com 1
default-src 'self' 'nonce-xQz6YMYKC0O-4lFHcc1pHw==' data: d1qwl4ymp6qhug.cloudfront.net;style-src 'self' 'unsafe-inline' d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com d3m86d30627p3p.cloudfront.net d1mh8m8kfx8806.cloudfront.net d1m1bhqxdvcj7y.cloudfront.net d1qwl4ymp6qhug.cloudfront.net embed.typeform.com;font-src 'self' data: d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com fonts.gstatic.com;script-src-elem 'self' 'nonce-xQz6YMYKC0O-4lFHcc1pHw==' data: d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com cdn.mxpnl.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d17lvj5xn8sco6.cloudfront.net dbjkgof3vqn8e.cloudfront.net d2pxv2t07pst90.cloudfront.net d24ba410swlaj9.cloudfront.net d2pxv2t07pst90.cloudfront.net d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net googleads.g.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com my.visme.co platform-api.sharethis.com buttons-config.sharethis.com count-server.sharethis.com;script-src 'self' 'nonce-xQz6YMYKC0O-4lFHcc1pHw==' 'unsafe-eval' data: 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-beizslr6wW+733xFasCV0KHlmMzMj58NVIf2AVyJgEs=' 'sha256-nGHSZHe91dno5IugG5CzpYMY3VpExAeYdL+l7Tqkq6E=' d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com cdn.mxpnl.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d17lvj5xn8sco6.cloudfront.net dbjkgof3vqn8e.cloudfront.net d2pxv2t07pst90.cloudfront.net d24ba410swlaj9.cloudfront.net d2pxv2t07pst90.cloudfront.net d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net googleads.g.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com www.google.com;connect-src 'self' https: wss: data: blob: http://ad.doubleclick.net;frame-src 'self' *.flippingbook.com catalogs.your-brand.org cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com js.driftt.com www.youtube.com bid.g.doubleclick.net *.ep-mimecast.doubleclick.net *.addthis.com www.g2.com *.typeform.com securityscorecard.com widgets.tree-nation.com m.youtube.com my.visme.co player.vimeo.com;img-src 'self' blob: data: https: http://ad.doubleclick.net;media-src 'self' blob: data: https:; 1
frame-ancestors 'self' *.wallet.airpay.sg *.shopee.kr *.airpay.sg *.shopeemobile.com *.shopee.sg *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors store.bricklink.com www.bricklink.com 1
script-src 'nonce-RDQuNZ_pUO37nzor3Gw_Tg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook; base-uri 'none' 1
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
script-src 'nonce-jqcvm6w4rW4Ol-T7ka-Y3A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google; base-uri 'none' 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-IuGoY8PysIZJWCczqILon7SvGD4pmh' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
object-src 'none'; script-src 'nonce-LGDb8p1JyfcS2ZrW0detyw==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
frame-ancestors https://app.roll20.net https://roll20.net https://marketplace.roll20.net https://*.inspectlet.com 1
default-src https: wss:; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' wss: https://*.idc.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.gstatic.cn https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.youtube.com https://*.ytimg.com https://*.insideidc.com https://d1f8f9xcsvx3ha.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://*.hotjar.com https://*.hotjar.io https://*.addevent.com https://addthisevent.com https://munchkin.marketo.net https://*.recaptcha.net https://consent.trustarc.com https://consent.truste.com https://api.map.baidu.com https://*.typekit.net https://*.pusher.com https://acsbapp.com/ https://*.vidyard.com https://*.userguiding.com https://idc.widget.insent.ai/ https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://snap.licdn.com/ https://www.ssa.gov/ https://kf.tag.foundryco.com/ https://*.fullstory.com https://*.maze.co; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss: blob:; font-src https: data: wss: 'self'; connect-src 'self' https: wss:; frame-ancestors 'self'; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 1
upgrade-insecure-requests; frame-ancestors https://*.therapynotes.com https://*.therapyportal.com https://support.therapynotes.com; form-action https://*.therapynotes.com https://*.therapyportal.com https://*.therapysearch.com; 1
frame-ancestors 'self' braintreegateway.com assets.braintreegateway.com googletagmanager.com 1
script-src 'self' www.google-analytics.com blockchain.info static.moonpay.com 'unsafe-inline' 1
default-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-kkUhawQJEA' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' checkout.stripe.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' *.carbonads.net carbonads.net checkout.stripe.com www.google-analytics.com;frame-src 'self' checkout.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com;img-src * data:; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com p.teads.tv t.contentsquare.net contentsquare.com admo.tv capture.trackjs.com widgets.trustedshops.com *.adition.com sdk.teester.com *.iadvize.com *.cloudflare.com *.jsdelivr.net *.amazonaws.com *.valiuz.com unpkg.com *.numerized.com numerized.fr numerized.com *.pinimg.com *.mopinion.com *.tradelab.fr *.rakuten.com *.yimg.com s.kk-resources.com *.mediarithmics.com *.trustedshops.com *.segment.com *.target2sell.com player.vimeo.com intljs.rmtag.com *.trackjs.com use.fontawesome.com *.smartsuppchat.com *.flagship.com app.contentsquare.com www.mobsuccess.com ad.atdmt.com *.hotjar.io party.spockee.io *.cloudfront.net aac.artengo-tennis.com widget.spockee.io decathlon.script.admo.tv *.tokbox.com *.opentok.com *.deafiline.net swrap.tradedoubler.com *.spockee.io d3o3q2c2a135bm.cloudfront.net d1qsuwoy74mm6g.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com act-eu.rd.linksynergy.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.decathlon.fr *.dotomi.com *.decathlon.co.uk pay.google.com analytics.tiktok.com s.kelkoogroup.net view.publitas.com scripts.publitas.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://caast.tv https://*.caast.tv;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ capture.trackjs.com *.api.gouv.fr *.amazonaws.com *.iadvize.com *.valiuz.com *.luckyorange.com *.luckyorange.net *.mopinion.com *.numerized.com numerized.fr numerized.com api.teester.com ct.pinterest.com tracking-api-qk77g3b4wa-ew.a.run.app transaction-api-qk77g3b4wa-ew.a.run.app *.segment.com *.target2sell.com *.tradelab.fr wss://*.visitors.live vimeo.com *.yimg.com *.webgeoservices.com app.contentsquare.com decision.flagship.io cookie-matching.mediarithmics.com ib.adnxs.com manifest.prod.boltdns.net wss://xmpp-ha-alb.iadvize.com api.spockee.io aac.artengo-tennis.com wss://*.iadvize.com decathlon.mypangee.com decathlon.admo.tv www.google.com adservice.google.com t.teads.tv *.tokbox.com *.opentok.com *.spockee.io d3o3q2c2a135bm.cloudfront.net daxg4zxtk3miz.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com cm.teads.tv player.teester.com image.teester.com sdk.teester.com decathlon-ttpx.com sheets.googleapis.com tracking-api-fr-4lasu2nlcq-ew.a.run.app fpc.decathlon.fr *.loadbee.com maintenance.decathlon.fr pay.google.com s.kelkoogroup.net s.kk-resources.com ws://*.spockee.io *.twilio.com wss://*.twilio.com lp.decathlon.fr https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net img.youtube.com capture.trackjs.com *.amazonaws.com *.bing.com *.flagship.com *.iadvize.com *.valiuz.com *.linksynergy.com *.mopinion.com prod.y-medialink.com *.pinimg.com ext-inv-cdn.presage.io *.pinterest.com widgets.trustedshops.com *.mediaforge.com *.rakuten.com *.segment.com *.target2sell.com *.tradelab.fr *.yahoo.com *.omnitagjs.com consent.jrs5.com sync.adotmob.com idsync.rlcdn.com consent.nxtck.com consent.dc-storm.com nxtck.com t.teads.tv cm.teads.tv *.hotjar.com *.hotjar.io www.mobsuccess.com aac.artengo-tennis.com *.deafiline.net swrap.tradedoubler.com l.teads.tv daxg4zxtk3miz.cloudfront.net image.teester.com play-lh.googleusercontent.com marketing.net.idealo-partner.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.loadbee.com s.kelkoogroup.net s.kk-resources.com spockee-cdn.s3.ca-central-1.amazonaws.com https://*.caast.tv https://i.ytimg.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com *.amazonaws.com unpkg.com *.mopinion.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com aac.artengo-tennis.com *.deafiline.net *.iadvize.com *.loadbee.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.amazonaws.com *.mopinion.com *.trustedshops.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com *.deafiline.net *.loadbee.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io;object-src view.publitas.com;base-uri 'self' pay.google.com;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' decathlon.deafiline.net push-app-dev.deafiline.net push-app-dev.deafiline.net:1440 ws: player.teester.com image.teester.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.amazonaws.com *.akamaihd.net *.akafms.net *.deafiline.net player.teester.com https://*.mux.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com decathlon-fr-fr--tst2.custhelp.com *.calameo.com halc.iadvize.com *.vimeo.com unequestion.decathlon.fr widget.activites.decathlon.fr *.hotjar.io *.cloudfront.net repair-hub.decathlon.net emersya.com decathlon.deafiline.net www.google.com app.livestorm.co video.eko.com www.shape3d.com d1di987mdgym2l.cloudfront.net player.teester.com image.teester.com www.pinterest.fr *.loadbee.com s.kelkoogroup.net s.kk-resources.com *.spockee.io d2smzkbxwgpfsi.cloudfront.net https://caast.tv https://*.caast.tv https://www.youtube-nocookie.com https://www.youtube.com https://*.youtube.com;frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mediastream: data: blob: https:; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com www.metatrader5.com metatraderweb.app www.mql5.com content.mql5.com search.mql5.com https://c.paypal.com https://pay.google.com maps.googleapis.com maps.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src c.mql5.com www.tradays.com 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; img-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.mql5.com www.tradays.com www.metatrader5.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.gstatic.com csi.gstatic.com maps.gstatic.com maps.google.com maps.googleapis.com chart.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com; media-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com www.metatrader5.com; font-src c.mql5.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' metatraderweb.app www.mql5.com www.metatrader5.com https://msg1.mql5.com wss://msg1.mql5.com https://msg2.mql5.com https://msg3.mql5.com https://msg4.mql5.com wss://msg2.mql5.com wss://msg3.mql5.com wss://msg4.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com maps.googleapis.com; frame-src 'self' c.mql5.com www.tradays.com trade.metatrader5.com metatraderweb.app www.youtube.com https://c.paypal.com https://pay.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; worker-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-UET8XxbOy8DCYvuaw/bXhQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' https://catchplugins.com; 1
frame-ancestors https://origin.immersivelabs.team https://*.origin.immersivelabs.team; report-uri https://api.immersivelabs.online/csp_reports 1
base-uri 'self';child-src 'self' blob: https://*.googletagmanager.com https://*.doubleclick.net;font-src 'self' data: https://fonts.googleapis.com https://fancode.com https://*.fancode.com https://fonts.gstatic.com https://fonts.googleapis.com;frame-ancestors 'self' 'self' https://fancode.com https://*.fancode.com https://dream11.com https://*.dream11.com;frame-src 'self' blob: https://*.googletagmanager.com https://*.doubleclick.net https://*.googleapis.com https://*.googlesyndication.com https://*.google.com;img-src 'self' data: https://images.fancode.com https://images.dream11.com https://fancode.com https://*.fancode.com https://fonts.gstatic.com https://*.googlesyndication.com https://*.google-analytics.com https://*.googletagmanager.com https://d13ir53smqqeyp.cloudfront.net https://www.googletagmanager.com https://www.google.co.in https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.facebook.com * https://*.google.com https:;media-src 'self' blob: *;object-src 'none';script-src 'self' 'nonce-0ed126ea90be6636ba325ddcb5e3e0dd' 'unsafe-inline' 'strict-dynamic' https://fancode.com https://*.fancode.com https://wzrkt.com https://www.gstatic.com https://*.googletagmanager.com https://accounts.google.com https://service.google.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googleapis.com https://analytics.google.com https://*.googletagservices.com https://d2r1yp2w7bby2u.cloudfront.net https://*.dream11.com https://www.facebook.com https://apis.google.com https://static.clevertap.com https://*.cloudfront.net https://connect.facebook.net https://s3-eu-west-1.amazonaws.com https://*.googletagservices.com;style-src 'self' 'unsafe-inline' https://fancode.com https://*.fancode.com https://accounts.google.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com;worker-src 'self' blob:;upgrade-insecure-requests; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-301b84b6143316d04104dba70c22bbed' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=6920320111354227; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=6920320111354227 1
frame-ancestors 'self' https://fizy.com https://play.fizy.com; 1
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be https://*.edu.kuleuven.cloud ; 1
default-src 'self' https://omny.fm;connect-src 'self' https: https://*.googletagmanager.com https://*.google-analytics.com;script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://static.cloudflareinsights.com 'sha256-6pA+OLZkWFNcDsOkbEY8B8aF2uV+AHr8J3RzrTdq8j0=' https://connect.facebook.net;style-src 'self' 'unsafe-inline';font-src 'self';img-src 'self' data: https://www.omnycontent.com https:;media-src 'self' https:;worker-src 'none';object-src 'none' 1
frame-ancestors 'self' https://*.pigeon.revolut.codes https://pigeon.revolut.codes https://pigeon.revolut.com; 1
frame-ancestors 'self'; worker-src blob: *.indigo.ca; media-src 'self' com.amazonaws.global.cloudfront.origin-facing https://*.publitas.com https://*.cloudfront.net https://*.indigoimages.ca; object-src 'none'; child-src blob:; default-src 'self' 'unsafe-inline' https://*.iesnare.com https://*.indigoimages.ca https://*.youtube.com https://*.ytimg.com https://maps.gstatic.com https://www.paypalobjects.com p11.techlab-cdn.com; img-src 'self' data: blob: *.bazaarvoice.com *.doubleclick.net *.indigo.ca *.indigoimages.ca *.nr-data.net *.omtrdc.net *.paypalobjects.com https://*.akstat.io https://*.bugsnag.com https://*.cdninstagram.com https://*.cloudfront.net https://*.emjcd.com https://*.facebook.com https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.online-metrix.net https://*.paypal.com https://*.pinimg.com https://*.webtype.com https://a.adrsp.net https://alb.reddit.com https://bam-cell.nr-data.net https://bam.nr-data.net https://cj.dotomi.com https://cm.everesttech.net https://colres.sitelabweb.com https://*.pinterest.com https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://googleads.g.doubleclick.net https://gtrk.s3.amazonaws.com https://ib.adnxs.com https://icedfa100-ds-aksb-a.akamaihd.net https://kbimages1-a.akamaihd.net https://metrics.chapters.indigo.ca https://pixel.mathtag.com https://s3.amazonaws.com https://scontent.xx.fbcdn.net https://seal.verisign.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.cnn.com https://www.globalnews.ca https://www.deviantart.com https://www.microsoftcasualgames.com https://ca.finance.yahoo.com https://www.usmagazine.com https://readsnovelonline.com https://www.themodernnonna.com https://*.criteo.net https://*.criteo.com https://*.kobo.com; script-src 'self' https://*.cnstrc.com https://cnstrc.com https://*.publitas.com https://*.yottaa.com 'unsafe-eval' 'unsafe-inline' blob: *.bazaarvoice.com *.indigo.ca *.indigoimages.ca *.omtrdc.net *.newrelic.com www.googleadservices.com www.paypal.com www.paypalobjects.com ajax.aspnetcdn.com ajax.googleapis.com code.jquery.com https://*.chapters.indigo.ca/proxydirectory/ https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.forter.com https://*.go-mpulse.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.iesnare.com https://*.segment.com https://*.segment.io https://*.smartrecruiters.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://analytics.tiktok.com https://api.instagram.com https://api.pinterest.com https://assets.adobedtm.com https://bam-cell.nr-data.net https://bam.nr-data.net https://c212.net https://cdn-akamai.mookie1.com https://cdn.c212.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://edge.fullstory.com https://fbstatic-a.akamaihd.net https://fullstory.com https://googleads.g.doubleclick.net https://indigo.soapboxhq.com https://ln-rules.rewardstyle.com https://maps.googleapis.com https://maps.gstatic.com https://members.cj.com https://pixel.mathtag.com https://s.pinimg.com https://s.yimg.com https://s3.amazonaws.com https://segment-api.indigo.ca https://segment.indigo.ca https://sp.analytics.yahoo.com https://static.ada.support https://tpc.googlesyndication.com https://www.babylist.com https://www.buyatab.com https://www.googletagmanager.com https://www.myregistry.com https://www.redditstatic.com https://cdn.auth0.com https://*.cquotient.com https://*.criteo.net https://*.criteo.com https://cdn.480app.com p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.indigo.ca https://*.indigoimages.ca https://*.smartrecruiters.com https://*.webtype.com https://fonts.googleapis.com https://fonts.gstatic.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.cnstrc.com https://cnstrc.com https://*.kobo.com https://*.pangle-ads.com *.omtrdc.net https://*.akstat.io https://*.bazaarvoice.com https://*.chapters.indigo.ca/proxydirectory/ https://*.facebook.com https://*.forter.com https://*.fullstory.com https://*.go-mpulse.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.indigo.ca https://*.indigoimages.ca https://*.moneris.com https://*.segment.com https://*.segment.io https://*.tt.omtrdc.net https://analytics.tiktok.com https://bam-cell.nr-data.net https://bam.nr-data.net https://ct.pinterest.com https://*.cloudfront.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://graph.instagram.com https://indigo-dev.ada.support https://indigo.ada.support https://kbepubs1-a.akamaihd.net https://kbget1-a.akamaihd.net https://metrics.chapters.indigo.ca https://rollout.ada.support https://s.yimg.com https://segment-api.indigo.ca https://segment.indigo.ca https://sp.analytics.yahoo.com https://static.ada.support https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://www.paypal.com https://www.paypalobjects.com https://www.pinterest.ca https://www.pinterest.com https://www.sjwoe.com wss://cdn0.forter.com www.chapters.indigo.ca https://*.criteo.net https://*.criteo.com https://*.paypal.com https://www.mczbf.com p11.techlab-cdn.com; font-src 'self' data: blob: https://*.googleapis.com https://*.gstatic.com https://*.indigo.ca https://*.indigoimages.ca https://*.webtype.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com https://members.cj.com https://static.hotjar.com https://static.indigoimages.ca; frame-src 'self' blob: *.lrgrewards.com https://*.publitas.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.moneris.com https://*.paypal.com https://*.vimeo.com https://*.youtube.com https://bid.g.doubleclick.net https://cdn-akamai.mookie1.com https://display.ugc.bazaarvoice.com https://dpm.demdex.net https://esqa.moneris.com https://h.online-metrix.net https://indigo-dev.ada.support https://indigo.ada.support https://indigo.demdex.net https://indigo.soapboxhq.com https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://pixel.mathtag.com https://player.simplecast.com https://wellsaid.simplecast.com https://www.babylist.com https://www.buyatab.com https://www.myregistry.com https://www.pinterest.ca https://www.pinterest.com https://ct.pinterest.com https://www3.moneris.com www.paypalobjects.com https://*.criteo.com https://*.criteo.net https://*.akamaihd.net; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 1
script-src 'nonce-ZQ+1StPTgFCQ0h92AOMlrA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https:; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=WXgEKEUb_xZ7YvZwkniQuxE5CeIloBevVOEc1FxA-lY9DgiDp4O8QJuA3UKLJRLV&policy_id=10&user_id=&request_id=aa987920-6538-4180-b13f-ed8d98d34383; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' *.rajasthan.gov.in; frame-src *; font-src *; media-src *; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rajasthan.gov.in *.maps.api.here.com; style-src * 'unsafe-inline'; connect-src 'self' *; object-src 'none'; base-uri 'self' 1
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'         blob:         https://*.ads-twitter.com         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://code.jquery.com;         style-src 'self' 'unsafe-inline'         https://*.authorize.net         https://*.ceros.com         https://*.eloqua.com         https://*.google.com         https://*.gsatic.com         https://*.licdn.com         https://*.optimizely.com         https://*.visa.com         https://fonts.googleapis.com;         font-src 'self'         data:         https://*.authorize.net         https://*.eloqua.com         https://*.visa.com         https://fonts.googleapis.com         https://fonts.gstatic.com;         img-src 'self'         data:         https://*.ads-twitter.com         https://*.adsrvr.org         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://i.ytimg.com         https://ib.adnxs.com         https://p.adsymptotic.com         https://t.co         https://yt3.ggpht.com;         frame-src 'self'         https://*.ads-twitter.com         https://*.authorize.net         https://*.ceros.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com;         connect-src 'self'         https://*.ads-twitter.com         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.googleapis.com         https://*.googlesyndication.com         https://*.google-analytics.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.visa.com         https://*.youtube.com;         object-src 'self';         media-src 'self';         worker-src 'self'         blob:         https://*.authorize.net         https://*.contentsquare.net         https://*.contentsquare.com         https://*.google.com; 1
default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com 1
frame-src 'self' 'unsafe-inline' https://www.youtube.com https://sg.mmstat.com https://g.alicdn.com; object-src 'none'; media-src 'self'; img-src 'self' data: https://lazada-com.oss-ap-southeast-1.aliyuncs.com/ https://www.google-analytics.com https://g.alicdn.com https://dev.g.alicdn.com https://lzd-aut-lazada-com-staging.oss-ap-southeast-1.aliyuncs.com/ https://sg.mmstat.com https://umdc.alibaba-inc.com/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://lazada-com.oss-ap-southeast-1.aliyuncs.com https://code.jquery.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com/bootstrap/ https://www.google-analytics.com/analytics.js https://unpkg.com/aos@3.0.0-beta.6/dist/aos.js https://g.alicdn.com https://dev.g.alicdn.com https://www.youtube.com https://sg.mmstat.com; style-src 'self' 'unsafe-inline' https://lazada-com.oss-ap-southeast-1.aliyuncs.com https://unpkg.com/aos@3.0.0-beta.6/dist/aos.css https://g.alicdn.com https://dev.g.alicdn.com; font-src 'self' https://lazada-com.oss-ap-southeast-1.aliyuncs.com; connect-src 'self' 'unsafe-inline' https://sg.mmstat.com https://www.google-analytics.com https://g.alicdn.com; default-src 'self'; frame-ancestors 'self' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.google.com www.gstatic.com www.recaptcha.net ; style-src 'self' 'unsafe-inline' ; img-src * data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; connect-src 'self' opencollective.com www.google-analytics.com stats.g.doubleclick.net ; object-src 'none' ; child-src 'self' www.youtube.com www.google.com www.recaptcha.net ; frame-ancestors 'none' ; form-action 'self' www.paypal.com www.sandbox.paypal.com ; media-src 'self' pub.rachni.com ; block-all-mixed-content 1
frame-ancestors 'self' *.gsmarena.com *.killerfeatures.com *.91mobiles.com *.mysmartprice.com 1
worker-src 'self' blob: https:; connect-src 'self' https: data: blob: ws:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; frame-src 'self' https:; style-src 'self' https: 'unsafe-inline'; default-src 'self' https: data: 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'none'; img-src 'self' data: https://admin.media.liu.se https://post-image.getflowbox.com https://storage.gra.cloud.ovh.net https://www.liu.se https://liu.diva-portal.org https://www2.bibl.liu.se https://i.ytimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://d2rfa446ja7yzb.cloudfront.net; connect-src 'self' wss://ebbot.eu https://ebbot.eu https://storage.gra.cloud.ovh.net https://search.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://chat-eu.libanswers.com https://vod-progressive.akamaized.net https://cicptqmkej.execute-api.eu-west-1.amazonaws.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://a.getflowbox.com https://gateway.getflowbox.com https://powerva.microsoft.com https://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com wss://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com https://directline.botframework.com wss://directline.botframework.com; frame-ancestors 'self' ; script-src 'self' https://storage.gra.cloud.ovh.net https://www.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://liu-se.libanswers.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com https://www.gstatic.com https://connect.getflowbox.com https://gateway.getflowbox.com https://www.youtube.com https://cdn.botframework.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://storage.gra.cloud.ovh.net https://www.liu.se https://www2.bibl.liu.se https://platform.twitter.com; frame-src 'self' https://www2.bibl.liu.se https://api.screen9.com https://liu-se.libanswers.com https://admin.media.liu.se https://vimeo.com https://player.vimeo.com https://embed.ur.se https://www.youtube.com https://www.podbean.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com; form-action 'self' https://search.liu.se *.ebscohost.com publications.ebsco.com libris.kb.se *.diva-portal.org search.scifree.se; font-src 'self' https://storage.gra.cloud.ovh.net; media-src 'self' https://admin.media.liu.se https://player.vimeo.com https://*.akamaized.net https://cdn.flbx.io; base-uri 'none' 1
default-src data: blob: 'unsafe-inline'  v2assets.zopim.io wss://*.zopim.com static.zdassets.com ekr.zdassets.com ekr.zendesk.com webnovelhelp.zendesk.com  *.zopim.com zendesk-eu.my.sentry.io *.webnovel.com *.yueimg.com  *.google-analytics.com *.facebook.com *.cos.na-toronto.myqcloud.com *.cos.na-toronto.myqcloud.com *.picca.myqcloud.com *.quora.com *.taboola.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.file.myqcloud.com *.tenor.com *.yuewen.com *.gstatic.com  *.g.doubleclick.net *.googlesyndication.com *.googleapis.com *.facebook.net ads.trafficjunky.net; script-src  data: 'nonce-d2Vibm92ZWw=' 'unsafe-eval' *.webnovel.com *.yueimg.com *.googleapis.com *.google-analytics.com *.facebook.net *.facebook.com *.quora.com *.taboola.com *.googletagmanager.com *.google.com *.googletagservices.com *.g.doubleclick.net *.gstatic.com *.googlesyndication.com *.ampproject.org static.zdassets.com ekr.zdassets.com ekr.zendesk.com webnovelhelp.zendesk.com  *.zopim.com zendesk-eu.my.sentry.io; style-src data: 'unsafe-inline' *.webnovel.com *.yueimg.com *.googleapis.com *.google.com; frame-ancestors  *.webnovel.com *.google.com m-webnovel-com.cdn.ampproject.org webapp.gameloop.com; frame-src *.yueimg.com *.webnovel.com *.g.doubleclick.net *.facebook.com *.google.com *.twitter.com *.googletagmanager.com *.googlesyndication.com; font-src blob: *.webnovel.com data: *; report-uri /csp-report/release/csp-log 1
frame-ancestors 'self' *.twitter.com; frame-src *.unodc.org *.twitter.com *.youtube.com *.powerbi.com *.youtube-nocookie.com public.tableau.com *.google.com mailchi.mp *.facebook.com 1
upgrade-insecure-requests;default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;media-src https: blob:;child-src https: blob:;font-src https: data:; img-src https: data:; 1
default-src 'self' fonts.googleapis.com *.gstatic.com data: 'unsafe-inline' 'unsafe-eval' blob: zenodo-broker.web.cern.ch zenodo-broker-qa.web.cern.ch maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com webanalytics.web.cern.ch 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://cdn.syndication.twimg.com https://s.ytimg.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://api-public.addthis.com https://www.youtube.com https://d3js.org https://dap.digitalgov.gov https://www.google-analytics.com https://s7.addthis.com https://vjs.zencdn.net https://platform.twitter.com https://www.google.com https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.fontawesome.com https://*.addtoany.com https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com https://*.govdelivery.com https://cdnjs.cloudflare.com https://unpkg.com https://*.highcharts.com https://naver.github.io; img-src 'self' data: https://www.googletagmanager.com https://rtb.adentifi.com  https://px.adentifi.com https://www.cpsc.gov https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com https://i.ytimg.com https://jwpltx.com https://www.google-analytics.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://cdn.jsdelivr.net https://*.govdelivery.com; style-src 'self' 'unsafe-inline' https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://vjs.zencdn.net https://cpsc-d8-media-stg.s3.amazonaws.com https://cpsc-d8-media-prod.s3.amazonaws.com https://cdn.jsdelivr.net https://*.gstatic.com https://cdnjs.cloudflare.com https://naver.github.io; font-src 'self' data: https://fonts.gstatic.com https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net; frame-src 'self' http://*.cpsc.gov https://*.searchblox.com https://s7.addthis.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.google.com https://static.addtoany.com https://public.govdelivery.com https://open.spotify.com; connect-src 'self' https://vod.cpsc.gov https://m.addthis.com https://www.google-analytics.com https://www.saferproducts.gov https://stats.addtoany.com https://public.govdelivery.com https://analytics.google.com; object-src 'none'; frame-ancestors 'self'; media-src 'self' blob: https://cpsc-d8-media-prod.s3.amazonaws.com https://cpsc-d8-media-stg.s3.amazonaws.com 1
base-uri 'self'; default-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data: www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; script-src 'self' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com 'nonce-yDVQREaheE2eE3f7ahcqbUh9G1f7fAee'; style-src 'self' https: data: 'unsafe-inline' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; object-src 'self'; form-action 'self'; 1
default-src 'self' http: https: data: 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' 'unsafe-inline' *.royalroad.com fonts.googleapis.com ajax.googleapis.com www.google.com challenges.cloudflare.com www.gstatic.com; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src 'self' www.royalroadl.com www.royalroad.com cdn.royalroadlegends.com www.royalroadcdn.com www.gravatar.com data:; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
script-src 'self' 'unsafe-eval' https://*.usajobs.gov/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://gateway.answerscloud.com https://dap.digitalgov.gov https://*.bing.com https://*.virtualearth.net https://cdn.ampproject.org https://go.usa.gov https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com https://*.fr011.ttecfed.com https://*.azure.com https://www.ssa.gov 'nonce-hIUUXp5gM3iRs/4ByHWfpQiTqPBD6zbIo00gLSc7UoA='; form-action 'self' * https://*.usajobs.gov/; object-src 'none'; frame-ancestors 'self'; frame-src 'self' *; img-src 'self' data: https://*.usajobs.gov/ https://*.usajobs.gov https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.bing.com https://*.virtualearth.net https://*.foresee.com https://*.fr011.ttecfed.com; connect-src https://*.usajobs.gov/ https://*.bing.com https://*.dev.virtualearth.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://*.fr011.ttecfed.com https://dap.digitalgov.gov https://*.intelligencecareers.gov https://*.azure.com; font-src 'self' data: https://*.usajobs.gov/ https://cxsurvey.foresee.com2 https://gateway.foresee.com https://*.fr011.ttecfed.com; report-uri https://data.usajobs.gov/csp-report; upgrade-insecure-requests 1
object-src 'self'; script-src 'self' 'nonce-YzYzMGQwN2YtMDc3Mi00YTYyLTg3MTktM2U3MTFmNzVhYjZj' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' 'sha256-CD2LEDjz/KtOaC5rzryax+qZEQVmnKcZAQsqnSqAIXw=' 'sha256-FKJXEsmjg1Bgqi33LGcZCFxDahpEPN6prnNBVDxvfhc=' 'sha256-GNXg66Qlqpdgh9Nsv/+xAVNgfxsTWLi+TUdpxamXMuU=' 'sha256-TKtnYUWk/B6gzo2immnWBOjewDye+cXQBoAlykzhX/s=' 'sha256-BMQXzfchDpNs+zYF2cO7o9iAJtoSq+2OX45TfNM/cdA=' 'sha256-IECBAorlkKUYQadvB50kjQC3oIqb9xKfOB+cVXdarE0=' 'sha256-c+xyt9U1PbPeI7Pot035l4MckCT6qHAzxiBA5t+7KPE=' 'sha256-bZ4r9bNMpnkokR0Gwp+X+Y0qYhZKQwglL8B9TAvMsrA=' 'sha256-GNsgzTmK93RFT4ppB/KnAwm9wVkth71ceJVqrzSGC6M=' 'sha256-NMtcHh/vZkcUq5lHSUz2dzv8n1jv1SFeNewgEGvik4k=' 'sha256-qNQx9jt8qaEBXM11NIr686AfxMFZ5JdLDih1v53gg58=' 'sha256-V3cvEVskzD9prkzxm7tqKYfGLb9bWJvWCtL+JIITaS0=' 'sha256-waeaCDLj6GQjXDbMrbks0tMGletGWM4yUCtZexjXtQ4=' 'sha256-NqbLH0mR4blvVOwz3czIHomPHCsoQ0Wm41wF1kBSvZU=' https://code.jquery.com https://pages.secureworks.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com *.gartner.com *.gtnr.io *.marketo.com https://play.vidyard.com https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://script.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://*.redditstatic.com https://*.ensighten.com https://*.ml314.com https://*.choozle.com https://*.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://*.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://*.cloudfunctions.net https://tag.demandbase.com https://*.bidr.io https://*.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' reviews.static.gartner.com *.vidyard.com cdn.jsdelivr.net *.teads.tv https://*.vimeo.com https://*.vimeocdn.com *.vumbnail.com vumbnail.com content.secureworks.com *.secureworks.com id.rlcdn.com *.googletagmanager.com cdn.cookielaw.org *.gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com *.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com *.adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.redditstatic.com alb.reddit.com *.ensighten.com ml314.com *.choozle.com *.bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com *.clarity.ms analytics.twitter.com t.co *.bidr.io *.company-target.com www.facebook.com t.teads.tv https://ssl.gstatic.com *.secureworks.com https://www.gstatic.com blob: data:; frame-ancestors 'self' *.folloze.com *.secureworks.com; worker-src 'self' blob: data:; 1
default-src 'self';style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval';script-src   https: 'unsafe-inline' 'unsafe-eval';img-src 'self' https://*.google.co.in https://*.google.co.id https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://js.xendit.co/v1/xendit.min.js https://www.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://twemoji.maxcdn.com https://s3.eu-west-1.amazonaws.com https://tidio-images-messenger.s3.amazonaws.com https://ciwss.com https://media.glassdoor.com https://halolab-assets.prod.halodoc.com https://braze-images.com;connect-src 'self' https://pinimg.com https://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://fcm.googleapis.com *.midtrans.com *.xendit.co *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://web.prod.halodoc.com https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event https://js.xendit.co/v1/xendit.min.js https://api.xendit.co https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co wss://sentry-new.tidio.co wss://socket.tidio.co wss://api-v2.tidio.co https://sdk.iad-05.braze.com https://magneto.api.halodoc.com https://magneto-stage.api.halodoc.com https://erx.halodoc.com/ https://cdn.linkedin.oribi.io https://widget-v4.tidiochat.com https://bam.nr-data.net https://maps.googleapis.com https://pagead2.googlesyndication.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://cdn.appsflyer.com data:;object-src 'none';frame-src *;media-src 'self' https://*.cloudfront.net http://*.cloudfront.net;base-uri 'self';form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self'; connect-src *; frame-src *; font-src * data:;img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline';worker-src * blob: data:; 1
frame-ancestors 'self' *.purestorage.com *.flashstack.com; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss://socket.showtalk.jp wss://guest-agent.mobilus.me wss://agent.trial-mobilus.chat blob: 1
default-src 'self' *.google-analytics.com *.google.com analytics.google.com *.irancell.ir *.mtnirancell.ir trustseal.enamad.ir www.googletagmanager.com tagmanager.google.com *.openstreetmap.org stats.g.doubleclick.net say.ir 'unsafe-inline' 'unsafe-eval' data: blob: ws: ; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.irancell.ir *.mtnirancell.ir 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.paypalobjects.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none' 1
frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ https://service.force.com 1
default-src  'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1
frame-ancestors 'self' https://static1.lacoste.com https://*.omni.manh.com https://*.sharinpix.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unequalbrake.com a.pub.network *.adswizz.com *.a-f.io *.google-analytics.com *.quantserve.com *.googletagmanager.com *.google.com *.nr-data.net www.gstatic.com *.quantcast.com *.scorecardresearch.com *.consensu.org *.mxpnl.com *.newrelic.com *.hadronid.net *.adsafeprotected.com *.quantcount.com *.videoplayerhub.com www.googletagservices.com *.facebook.com *.confiant-integrations.net *.facebook.net *.cdn-apple.com *.twitter.com *.stripe.com btloader.com *.amazon-adsystem.com *.doubleclick.net *.criteo.net *.googlesyndication.com *.cookielaw.org secure.cdn.fastclick.net cdn.id5-sync.com https://*; img-src 'self' data: *.audiomack.com *.google-analytics.com merequartz.com *.adsafeprotected.com *.facebook.com *.scorecardresearch.com google-analytics.com data: *; connect-src 'self' 'unsafe-inline' *.audiomack.com *.a-f.io *.quantcast.com *.pub.network *.mxpnl.com *.advertising.com *.adswizz.com *.quantcount.com *.doubleclick.net audiomack.test *.googleapis.com optimise.net *.facebook.com *.consensu.org *.newrelic.com *.gstatic.com *.facebook.net unequalbrake.com *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.google.com data: *; frame-src 'self' *.audiomack.com *.google.com *.googlesyndication.com *.adswizz.com *.stripe.com *.pubmatic.com *.openx.net *.3lift.com *.casalemedia.com *.indexww.com gum.criteo.com cdn.undertone.com *.lijit.com ads.yieldmo.com contextual.media.net js-sec.indexww.co ads.pubmatic.com eus.rubiconproject.com *.facebook.com *; font-src 'self' data: fonts.gstatic.com; object-src 'self'; media-src 'self' *.audiomack.com * data:; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.stripe.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.amplitude.com; connect-src 'self' 'unsafe-inline' blob: https://*.unsplash.com https://*.gimkit.com wss://*.gimkitconnect.com https://*.gimkitconnect.com https://*.stripe.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.amplitude.com; img-src * 'self' blob: data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.pharmeasy.in https://tracking.pharmeasy.in https://d10lpsik1i8c69.cloudfront.net https://dsikjkliznac3.cloudfront.net https://d2y2l77dht9e8d.cloudfront.net https://d2r1yp2w7bby2u.cloudfront.net https://d3ow2108bmqeui.cloudfront.net https://consumer-app-images.pharmeasy.in https://assets.pharmeasy.in https://cdn.ravenjs.com https://browser.sentry-cdn.com https://ajax.googleapis.com https://ajax.googleapis.com https://storage.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://optimize.google.com https://tagmanager.google.com https://www.googleadservices.com/pagead/conversion.js https://www.googletagservices.com https://www.google.com https://cdn.appsflyer.com/web-sdk/banner/latest/sdk.min.js https://s3-eu-west-1.amazonaws.com/static.wizrocket.com/js/sw_webpush.js https://cdnjs.cloudflare.com/ajax/libs/intro.js/3.0.1/intro.min.js https://script.mfilterit.net https://pagead2.googlesyndication.com https://traqkar.com https://paisawapas.com https://connect.facebook.net https://wzrkt.com https://bat.bing.com https://wchat.freshchat.com https://chuknu.sokrati.com https://tracking.sokrati.com https://checkout.razorpay.com https://www.googleadservices.com https://play.gramombird.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://cdn.asbmit.com/static/js/npixel.js https://track.click2com.com/aff_l https://coupondunia.go2cloud.org/aff_l https://track.in.omgpm.com/1064240/transaction.asp https://tracking.kartofads.com/aff_l https://tracking.affiliatehub.co.in/SL295 https://opicle.go2cloud.org/aff_l https://tracking.proformics.com/aff_l https://ade.clmbtech.com/cde/eventTracking.htm https://tracking.vcommission.com/SLDbz https://maxcdn.bootstrapcdn.com https://tracking.salesleaf.com https://t.dcmn.io/ https://www.gstatic.com/ https://event.getblue.io https://sslwidget.getblue.io https://cdn.mxpnl.com https://ad.doubleclick.net https://a.optmnstr.com https://doubleclick.net https://pixel.everesttech.net https://www.everestjs.net https://add.gotrackier.com https://techaffy.o18.click/p https://affnetmed.go2cloud.org/aff_l https://primedigital.go2cloud.org/aff_l https://livingconsumerpvtltd.go2cloud.org/aff_l https://cdn.taboola.com https://trc.taboola.com https://inls.in https://dnectar.gotrackier.com https://trk.mrndigital.in/pixel https://unpkg.com/web-vitals@2.1.3/dist/web-vitals.iife.js https://www.artfut.com https://www.googleoptimize.com https://eum.instana.io https://eum-green-saas.instana.io https://*.dotomi.com; frame-ancestors https://kubeqa1.docprime.com https://kubeqa2.docprime.com https://kubeqa3.docprime.com https://kubeqa4.docprime.com https://kubeqa5.docprime.com https://docprime.com 'self' 1
default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* *.facebook.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com ; frame-src 'self' boardgamearena.com *.boardgamearena.com:* www.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com nextstationlondon.blueorangegames.eu nextstationtokyo.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; report-uri /web/scriptlogger/cspReport.html 1
frame-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; report-uri https://prodoctorov.ru/cspreport/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.contentsquare.com my.tealiumiq.com t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net https://googleads.g.doubleclick.net https://www.googleadservices.com googletagmanager.com *.googletagmanager.com collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net snap.licdn.com code.highcharts.com http://pbs.twimg.com irs.tools.investis.com maps.googleapis.com s.ytimg.com http://i3.ytimg.com www.youtube.com blob: www.recaptcha.net www.gstatic.com brightcove.net *.brightcove.net brightcove.com  *.brightcove.com tags.tiqcdn.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com hsbcglobalcommon.tt.omtrdc.net vjs.zencdn.net pws.internal.hsbc *.pws.internal.hsbc hsbc.com; connect-src 'self' pagead2.googlesyndication.com cdn.linkedin.oribi.io t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net manifest.prod.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net cf.brightcove.com *.cf.brightcove.com ingestion-upload-production.s3.amazonaws.com bcvp0rtal.com *.bcvp0rtal.com gallerysites.net *.gallerysites.net vjs.zencdn.net *.vjs.zencdn.net hlstoken-a.akamaihd.net *.hlstoken-a.akamaihd.net media.brightcove.com *.media.brightcove.com cloudfront.net *.cloudfront.net analytics.edgekey.net *.analytics.edgekey.net akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net brightcove.vo.llnwd.net *.brightcove.vo.llnwd.net uds.ak.o.brightcove.com *.uds.ak.o.brightcove.com hls.ak.o.brightcove.com *.hls.ak.o.brightcove.com players.brightcove.net *.players.brightcove.net o.brightcove.com *.o.brightcove.com bcovlive-a.akamaihd.net *.bcovlive-a.akamaihd.net sep.bcovlive.io *.sep.bcovlive.io bcovlive.io *.bcovlive.io api.bcovlive.io *.api.bcovlive.io api.brightcove.com *.api.brightcove.com bcove.video *.bcove.video brightcove.net *.brightcove.net *.brightcovecdn.com boltdns.net *.boltdns.net hsbcglobalcommon.sc.omtrdc.net dpm.demdex.net brightcove.com *.brightcove.com bcsecure01-a.akamaihd.net *.akamaihd.net hsbcglobalcommon.tt.omtrdc.net brightcove.com *.brightcove.com www.youtube.com; img-src 'self' adservice.google.com ad.doubleclick.net my.tealiumiq.com dpm.demdex.net t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net boltdns.net media.licdn.com *.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net https://www.google.com https://www.google.co.uk px.ads.linkedin.com pxl.yoptima.com pixel.quantserve.com i.ytimg.com http://i3.ytimg.com data:  http://pbs.twimg.com sprcdn-assets.sprinklr.com media-exp1.licdn.com dms.licdn.com brightcove.net  *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com hsbcglobalcommon.tt.omtrdc.net hsbcglobalcommon.sc.omtrdc.net akamaihd.net *.akamaihd.net maps.gstatic.com maps.googleapis.com blob: pws.internal.hsbc *.pws.internal.hsbc hsbc.com; style-src 'self' 'unsafe-inline' players.brightcove.net; base-uri 'self'; form-action 'self'; font-src 'self' data:; frame-src 'self' https://td.doubleclick.net csxd.hsbc.com *.demdex.net youtube-nocookie.com *.youtube-nocookie.com *.recaptcha.net recaptcha.net players.brightcove.net www.youtube.com www.google.com irs.tools.investis.com; media-src 'self' blob: akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net media.brightcove.com *.media.brightcove.com brightcovecdn.com *.brightcovecdn.com boltdns.net *.boltdns.net video.twimg.com dms.licdn.com pws.internal.hsbc *.pws.internal.hsbc hsbc.com hsbcbankcommon.demdex.net brightcove.com *.brightcove.com *.akamaihd.net t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net; 1
upgrade-insecure-requests; default-src 'self' cdn1.svenskaspel.net;script-src 'self' cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net track.adform.net s1.adform.net s2.adform.net https://*.hotjar.com gtm.www.svenskaspel.se;style-src 'self' 'unsafe-inline' cdn1.svenskaspel.net tagmanager.google.com https://*.hotjar.com;img-src https://api.www.svenskaspel.se 'self' data: cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com https://www.facebook.com gtm.www.svenskaspel.se https://*.hotjar.com *.cloudfront.net *.solidtango.com;font-src 'self' cdn1.svenskaspel.net data: https://*.hotjar.com;media-src 'none';frame-src 'self' api.www.svenskaspel.se https://www.facebook.com https://connect.facebook.net https://vars.hotjar.com *.solidtango.com;object-src 'none';frame-ancestors 'none';worker-src *.svenskaspel.se:*;connect-src 'self' https://api.www.svenskaspel.se cdn1.svenskaspel.net api.www.svenskaspel.se wss://api.www.svenskaspel.se www.google-analytics.com region1.google-analytics.com www.google.com gtm.www.svenskaspel.se https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com targettur.www.svenskaspel.se otlp.svenskaspel.net; 1
frame-ancestors https://www.postermywall.com/ 1
policy-uri /parivahan//'self' 1
frame-ancestors *.n11.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov dap.digitalgov.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov optimize.google.com fonts.googleapis.com api.mapbox.com; font-src 'self' fonts.gstatic.com; media-src 'self' *.consumerfinance.gov; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com 1
default-src 'self'; style-src 'self' https://p.typekit.net; font-src 'self' https://use.typekit.net; object-src 'none' 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalav.com https://award.totalav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalav.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalav.com http://url.totalav.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalav.com https://www.google.com/; connect-src 'self' https://my.totalav.com https://ajax.totalav.com https://login.totalav.com https://signup.totalav.com https://my.totalav.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalav.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' attentivemobile.com events.attentivemobile.com demdex.net dpm.demdex.net *.amazonaws.com m.media-amazon.com static-na.payments-amazon.com apay-us.amazon.com www.dwin1.com *.a.bigcontent.io *.adnxs.com adnxs.com bidswitch.net x.bidswitch.net bluekai.com *.bluekai.com cloudflare.com *.cloudflare.com *.cloudfront.net cohimg.net *.coachoutlet.com coachoutlet.com *.stuartweitzman.com *.criteo.com *.facebook.com *.facebook.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com www.googleadservices.com *.gstatic.com adservice.google.co.id 360yield.com ad.360yield.com *.yahoo.com casalemedia.com ivitrack.com matching.ivitrack.com cm.adgrx.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com jsdelivr.net *.jsdelivr.net liadm.com *.liadm.com media.net contextual.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com mountain.com *.mountain.com micpn.com pmwclnsg.micpn.com postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com *.online-metrix.net online-metrix.net outbrain.com *.outbrain.com pinimg.com s.pinimg.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com simage2.pubmatic.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com *.my.salesforce.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com shoprunner.com *.shoprunner.com *.signifyd.com signifyd.com smartadserver.com rtb-csync.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com sync-t1.taboola.com tapad.com tapestry.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com trackjs.com *.trackjs.com tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com ad.smaato.net s.ad.smaato.net rqtrk.eu ws.rqtrk.eu wknd.ai tag.wknd.ai *.attn.tv *.bing.com *.btttag.com *.bluecore.com *.creativecdn.com certona.net *.certona.net www.res-x.com cloudfront.net *.coach.com coach.com *.cquotient.com cquotient.com *.criteo.net *.doubleclick.net doubleclick.net facebook.net *.google.com www.google.com.gt www.google.jo www.google.az *.google.com.lb *.google.co.ma www.google.com.ag www.google.com.jm www.google.mk www.google.com.om www.google.com.my www.google.co.nz www.google.com.au www.google.al www.google.se www.google.com.uy *.google.co.in www.google.co.cr www.google.co.uk www.google.cn www.google.com.ar www.google.hn *.google.iq www.google.ps www.google.hr www.google.com.np www.google.co.za www.google.com.ec www.google.com.kw www.google.com.bd www.google.at *.google.com.gh www.google.ro *.google.am www.google.ca www.google.com.mm *.google.it www.google.kg www.google.pt www.google.com.tw www.google.sr www.google.rw www.google.com.ng www.google.co.jp www.google.ba www.google.bg www.google.com.bo www.google.com.tj ww.google.com.cy www.google.co.tz www.google.rs *.google.bs www.google.ci www.google.im www.google.es www.google.ga www.google.co.ug www.google.co.vi www.google.gy www.google.mn www.google.com.cy www.google.com.vc www.google.com.pg www.google.com.qa www.google.dz www.google.cl www.google.so www.google.la *.google.com.sg *.google.com.co www.google.by www.google.com.sv www.google.com.br *.google.ae www.google.com.do *.google.com.mx *.google.co.il www.google.sn www.google.com.fj www.google.si www.google.dk www.google.lv *.google.com.pe www.google.tn www.google.md *.google.com.ua www.google.com.ly www.google.com.bn www.coachoutlet.cn www.google.tt www.google.gr www.google.co.id www.google.ch www.google.be www.google.mu www.forbes.com www.google.lk www.google.com.mt *.google.com.sa www.google.com.eg www.google.de www.google.cz *.google.lt *.google.com.bh *.google.com.ph www.google.com.pa *.cloudfunctions.net www.googletagmanager.com *.google.co.th www.google.nl www.google.co.ke www.google.pl www.google.com.bz www.google.mw www.google.ht www.google.ge www.google.mv www.google.ee www.google.lu *.google.ie www.google.sk www.google.mg www.google.co.uz www.google.com.ni www.google.hu www.google.com.cu www.google.com.py *.google.com.kh www.google.co.kr www.google.no www.google.fi www.google.co.zm *.google.co.ve www.google.fr *.google.com.vn *.google.com.tr *.google-analytics.com *.google.kz www.google.com.hk *.google.ru *.google.com.pr *.cookielaw.org onetrust.com *.onetrust.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com pinterest.com *.pinterest.com *.quantummetric.com *.rakuten.com tangiblee.com *.tangiblee.com adsrvr.org *.adsrvr.org techlab-cdn.com p11.techlab-cdn.com *.bounceexchange.com api.bluecore.app cnstrc.com *.cnstrc.com *.audioeye.com *.shoppinggives.com api.images.drivecommerce.com api.addressy.com sync-criteo.ads.yieldmo.com services.postcodeanywhere.co.uk *.adyen.com tapes11111.pcapredict.com *.googleapis.com img1.cohimg.net match.prod.bidr.io jelly.mdhv.io images.coach.comis visitor.omnitagjs.com *.socdm.com *.casalemedia.com ade.clmbtech.com events.bouncex.net *.shoprunner.io adx.dable.io ad.tpmn.co.kr cdn.aralego.net sync.1rx.io he.lijit.com cm.adform.net e.dlx.addthis.com 68794905.akstat.io trial-eum-clienttons-s.akamaihd.net login.dotomi.com s.thebrighttag.com ad.yieldlab.net beacon.krxd.net *.amplience.net aorta.clickagy.com thrtle.com p.alcmpn.com *.googlesyndication.com statsigapi.net sync.aralego.com cs.adingo.jp *.rlcdn.com us-u.openx.net cdn.wyng.com pippio.com fast.fonts.net api2.fonts.com www.yext-pixel.com *.drrv.co tapestry.support jira.tapestry.support *.needle.com *.my.salesforce-sites.com *.mapbox.com dynl.mktgcdn.com www.upsellit.com api.bounce-commerce.de smct.co edgeshoppingstatic.azureedge.net cdn.honey.io t.co cdn.ivaws.com sentry.io *.sentry.io api.fillr.com sas.selleramp.com 905trk.com *.instagram.com ln-rules.rewardstyle.com www.coachthailand.win www.shopstyle.com www.foxnews.com *.dealmoon.com tracking.narvar.com go.magik.ly mostlycoupons.com yandex.ru rd.bizrate.com lustrelife.com *.55haitao.com www.bradsdeals.com www.dealmoon.ca rstyle.me www.groupon.com coccoc.com *.coachoutlet.co *.youtube.com youtube.com capitaloneshopping.com www.retailmenot.com www.buyandship.today thecouponboutique.com www.premiumoutlets.com m.baidu.com www.supermama.lt www.simon.com ww55.affinity.net www.savewithsydney.com *.securedvisit.com *.qualtrics.com *.linksynergy.com mpsnare.iesnare.com www.wepowerconnections.com *.loveslisa.tech id5-sync.com *.simpli.fi *.talkable.com track.sv.rkdms.com cdn.shopping.gives *.cloudinary.com cms.katespade.com yastatic.net www.buyma.com tapestryinc.us-7.evergage.com fonts.cdnfonts.com safe.menlosecurity.com s.pubmine.com i.ytimg.com brandcycle.trackonomics.net www.metziahs.com *.kampyle.com *.medallia.com *.fwmrm.net tag.yieldoptimizer.com shareasale.com *.scene7.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.monetate.net *.kargo.com data: blob:; 1
default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com  https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' silverdaddies.com *.silverdaddies.com *.google.com *.googleapis.com *.gstatic.com 1
frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 1
frame-ancestors dr.paziresh24.com *.paziresh24.com https://user.paziresh24.com 1
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://cdn.greenhousegroup.com https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.js https://cdn.jsdelivr.net/gh/bramkorsten/; connect-src 'self' https://*.lemonpi.io https://cdn.jsdelivr.net/gh/bramkorsten/ ws:; img-src * data: blob:; media-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.css https://cdnjs.cloudflare.com/ajax/libs/css-spinning-spinners/1.1.1/load4.css https://unpkg.com/balloon-css/balloon.min.css data:; frame-ancestors 'self' https://*.lemonpi.io; font-src 'self' data: https://*.lemonpi.io https://fonts.gstatic.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net chrome-extension:; frame-src https://lemonpi-prod-templates.s3.amazonaws.com https://lemonpi-test-templates.s3.amazonaws.com https://www.google.com; report-uri https://sentry.lemonpi.io/api/37/security/?sentry_key=2a59c9b4a41445c69bb6e35986859c5e 1
default-src 'self' https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' dev.ncsl.org.dnn4less.net *.cloudinary.com microsoftonline.com console.cloudinary.com ; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.iadvize.com app.sealmetrics.com script.google.com widget.fitanalytics.com *.adition.com *.pinimg.com *.akafms.net *.akamaihd.net *.akstat.io *.algolia.io *.algolianet.com *.algolia.net *.bing.com *.boltdns.net *.cloudfront.net *.jsdelivr.net *.fitanalytics.com *.googleusercontent.com *.s3.eu-west-1.amazonaws.com *.tiktok.com api.vid-adblocker.com cdnjs.cloudflare.com spain-tradetrackerscript.decathlon.net *.tradetracker.net *.indigitall.com p.teads.tv afiliacion.decathlon.es *.sunmedia.tv *.efike.co pay.google.com *.aploze.com px.reprise-kleup.com/tre payment.direct.ingenico.com payment.direct.worldline-solutions.com *.trustedshops.com widgets.trustedshops.com static.usizy.es media.usizy.es view.publitas.com scripts.publitas.com googlesyndication.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io wss://*.iadvize.com *.iadvize.com *.sealmetrics.com *.dynamicyield.com *.dynamicyield.eu *.algolia.io *.algolianet.com *.algolia.net *.pinterest.com direct.dy-api.eu *.tiktok.com api.vid-adblocker.com cdnjs.cloudflare.com *.fitanalytics.com script.google.com script.googleusercontent.com *.indigitall.com *.teads.tv afiliacion.decathlon.es pay.google.com applepay.cdn-apple.com fpc.decathlon.es wss://*.twilio.com *.trackingplan.com *.aploze.com config.trackingplan.com api.trackingplan.com *.trustedshops.com api.trustbadge.etrusted.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com widgets.trustedshops.com usizy.com media.usizy.es googlesyndication.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.iadvize.com sync.adotmob.com *.dynamicyield.com *.pinimg.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.sunmedia.tv *.pinterest.com *.googleusercontent.com *.fitanalytics.com *.sealmetrics.com cdnjs.cloudflare.com st-filebanking.igstatic.com pixel.efike.co *.tradetracker.net urldefense.com *.teads.tv afiliacion.decathlon.es *.efike.co *.zemanta.com ks.invibes.com *.aploze.com prod-aploze.imgix.net widgets.trustedshops.com media.usizy.es static.usizy.es googlesyndication.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.iadvize.com *.criteo.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.fitanalytics.com booxi-api-be.appspot.com *.dynamicyield.com afiliacion.decathlon.es *.aploze.com static.usizy.es;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.brightcove.com *.decathlon.es *.dynamicyield.com *.dynamicyield.eu *.iadvize.com blob: cdn.jsdelivr.net cdnjs.cloudflare.com *.fitanalytics.com maxcdn.bootstrapcdn.com players.brightcove.net static-cdn.mydecathlon.com vjs.zencdn.net data.decathlon.es *.cloudfront.net afiliacion.decathlon.es s3-eu-west-1.amazonaws.com/dktexpimgcat *.trustedshops.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.decathlon.es afiliacion.decathlon.es;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.decathlon.es brightcove.hs.llnwd.net brightcove.vo.llnwd.net media.alltricks.com pixel.efike.co players.brightcove.net *.iadvize.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net p.teads.tv afiliacion.decathlon.es track.adform.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.iadvize.com *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.sunmedia.tv decathlon-es-es--tst2.custhelp.com serviciousuario.decathlon.es return.celeritastransporte.com qa-assistant.abtasty.com www.pinterest.fr www.pinterest.es afiliacion.decathlon.es data: applepay.cdn-apple.com serveiusuari.decathlon.es *.aploze.com payment.direct.ingenico.com payment.direct.worldline-solutions.com;frame-ancestors 'self'; 1
frame-ancestors 'self' *.marmara.edu.tr 1
frame-ancestors https://stat-01.ccc.eu https://ccc.eu 1
frame-ancestors https://www.yealink.com https://search.google.com https://analytics.google.com https://tagmanager.google.com 1
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com  bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; 1
default-src 'self';child-src 'self' blob:;connect-src 'self' maps.tilehosting.com api.maptiler.com allegro.pl ngastatic.com *.allegrogroup.com storage.googleapis.com rs.fullstory.com wss://*.allegrosandbox.pl:* wss://*.allegrogroup.com:* wss://allegrolokalnie.pl wss://*.allegrolokalnie.pl:* sentry.io *.easypack24.net www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net ngacm.com *.qualaroo.com osm.inpost.pl connect.facebook.net www.google.com www.facebook.com googleads.g.doubleclick.net maps.googleapis.com edge.allegro.pl;font-src 'self' data: geowidget.easypack24.net fonts.googleapis.com *.analytics.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com lokalnie-prod-assets.storage.googleapis.com;img-src 'self' data: blob: storage.googleapis.com *.allegroimg.allegrosandbox.pl *.allegroimg-test.qxlint *.allegroimg.pl *.allegroimg.com www.google.com geowidget.easypack24.net maps.gstatic.com maps.googleapis.com www.google.pl www.google-analytics.com analytics.google.com *.analytics.google.com www.facebook.com *.openstreetmap.org osm.inpost.pl api.mapbox.com *.googleapis.com optimize.google.com rs.fullstory.com lokalnie-prod-assets.storage.googleapis.com;style-src 'self' 'unsafe-inline' api.tiles.mapbox.com cdn.klokantech.com geowidget.easypack24.net fonts.googleapis.com *.analytics.google.com unpkg.com api.mapbox.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com optimize.google.com assets.allegrostatic.com lokalnie-prod-assets.storage.googleapis.com;script-src 'self' polyfill.io maps.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com cl.qualaroo.com ngastatic.com *.google-analytics.com *.analytics.google.com edge.fullstory.com *.allegrogroup.com 'unsafe-inline' 'unsafe-eval' data: geowidget.easypack24.net turbo.qualaroo.com unpkg.com api.mapbox.com cdn.jsdelivr.net osm.inpost.com optimize.google.com *.googleoptimize.com connect.facebook.net www.recaptcha.net www.gstatic.com rs.fullstory.com assets.allegrostatic.com lokalnie-prod-assets.storage.googleapis.com;frame-src 'self' optimize.google.com dntcl.qualaroo.com www.recaptcha.net www.gstatic.com www.facebook.com;frame-ancestors 'self' https://*.allegrogroup.com http://localhost:* 1
frame-ancestors 'self' https://liveshopping.bonprix.de/ https://www.liveshopping.bonprix.de/ https://app.eu.contentful.com 1
frame-ancestors 'self' https://*.magazinevoce.com.br; 1
frame-ancestors 'self' https://*.canalrcn.com https://canalrcn.com https://*.canalrcndigital.com https://*.canalrcn.tech https://noticiasrcn.com https://*.noticiasrcn.com; 1
default-src https://www.myherbalife.com/f2_nObM_0yGkK6PMlg/f5mEQDkhN2E7Qa/ag8GYDNC/LGZ/ESXt1Sik  * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 1
default-src ; script-src yastatic.net yandex.ru yandex.st cloud-api.yandex.net clck.yandex.ru an.yandex.ru bs-meta.yandex.ru frontend.vh.yandex.ru blob: 'self' 'nonce-16642458399435522' 'unsafe-eval' 'unsafe-inline' mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org storage.mds.yandex.net; style-src yastatic.net yandex.st 'unsafe-inline' 'self'; media-src yandex.st blob: data: yastatic.net downloader.disk.yandex.com 'self' *.storage.yandex.net *.disk.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net; object-src yastatic.net yandex.st downloader.disk.yandex.com *.video.yandex.net 'self' *.storage.yandex.net *.disk.yandex.net; img-src data: yandex.st yastatic.net yandex.com *.downloader.disk.yandex.com downloader.disk.yandex.com www.tns-counter.ru an.yandex.ru *.verify.yandex.ru verify.yandex.ru tps.doubleverify.com pixel.adsafeprotected.com ad.doubleclick.net impression.appsflyer.com strm.yandex.ru *.yandex.net 'self' mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.tns-counter.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl pixel.adlooxtracking.com pixel.adlooxtracking.ru; frame-src yandex.com docviewer.yandex.com downloader.disk.yandex.com *.mail.yandex.net *.video.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net 'self' blob: mc.yandex.ru mc.yandex.md yandex-disk: forms.yandex.ru trust.yandex.com trust.yandex.ru *.storage.yandex.net *.disk.yandex.net; connect-src yandex.ru *.yandex.com an.yandex.ru strm.yandex.ru log.strm.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru yandexmetrica.com:* *.disk.yandex.net *.mail.yandex.net *.storage.yandex.net *.video.yandex.net frontend.vh.yandex.ru quasar.yandex.com cloud-api.yandex.ru wss://*.mail.yandex.net cloud-api.yandex.com wss://push.yandex.com blob: 'self' 'self' blob: *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru; font-src yastatic.net; report-uri https://csp.yandex.net/csp?from=disk-client&project=disk-client&yandexuid=4165402791705979281; child-src blob: yandex.com docviewer.yandex.com downloader.disk.yandex.com *.mail.yandex.net *.video.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net 'self' blob: mc.yandex.ru mc.yandex.md yandex-disk: forms.yandex.ru trust.yandex.com trust.yandex.ru *.storage.yandex.net *.disk.yandex.net 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.goodsync.com https://www.google-analytics.com https://api.reviews.co.uk https://knrpc.olark.com https://*.doubleclick.net https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com/ https://tagmanager.google.com/ https://static.olark.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://assets.olark.com https://api.olark.com https://knrpc.olark.com https://static.olark.com https://widget.reviews.co.uk https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com https://static.olark.com; frame-src 'self' https://control.goodsync.com/ https://www.goodsync.com https://jobs.goodsync.com https://docs.google.com https://www.google.com https://static.olark.com https://widget.reviews.co.uk https://widget.reviews.io/ https://*.doubleclick.net/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; media-src 'self' https://static.olark.com 1
frame-ancestors *.indiatimes.com *.zigwheels.com *.google.com *.cdn.ampproject.org app.zigchat.com 1
upgrade-insecure-requests; default-src https: wss: data: blob:; base-uri 'self'; connect-src 'self' *.ozone.ru *.ozonusercontent.com *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me enterprise.api-maps.yandex.ru wss:; worker-src 'self' blob:; font-src 'self' cdn1.ozone.ru cdn2.ozone.ru; style-src 'self' 'unsafe-inline' cdn1.ozone.ru cdn2.ozone.ru; object-src 'none'; frame-ancestors 'self' *.ozon.ru *.ozonru.me:* *.ozon.by *.kz.ozon.com *.ozon.kz *.by-stg.ozonru.me *.kz-stg.ozoncom.me; frame-src 'self' form.privetmir.ru privetmir.ru *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me www.youtube.com cdn1.ozone.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' bundle.ozon.ru cdn2.ozone.ru cdn6.ozone.ru *.ozon.ru yastatic.net/s3/front-maps-static/ enterprise.api-maps.yandex.ru suggest-maps.yandex.ru api-maps.yandex.ru *.o3.ru 'nonce-3b3d27ba-3142-411b-a53a-18634b8979be'; report-uri https://xapi.ozon.ru/csp-log/ 1
default-src 'self' blob: https://jump-cloud.navattic.com wss://*.intercom.io https://*.intercom.io https://*.google.com https://bam.nr-data.net https://ct.capterra.com https://cdn.linkedin.oribi.io/partner/373868/domain/jumpcloud.com/token https://jumpcloud940.outgrow.us/ https://*.takingbackjuly.com https://optanon.blob.core.windows.net https://segmentcdn.jumpcloud.com https://c.6sc.co/ https://ipv6.6sc.co/ https://scout.salesloft.com https://www.youtube.com https://secure.adnxs.com https://xd.adobe.com https://embedwistia-a.akamaihd.net https://bat.bing.com https://api.segment.io https://*.litix.io https://calendly.com https://*.wistia.com https://*.wistia.net https://bam-cell.nr-data.net https://privacyportal.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://js.driftt.com https://analytics.google.com/ https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com *.split.io; font-src 'self' data: fonts.gstatic.com use.typekit.net; img-src 'self' data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: https://widget.intercom.io/widget/wgmb0rm8 https://js.intercomcdn.com https://www.youtube.com https://bam.nr-data.net https://static.cloudflareinsights.com https://*.takingbackjuly.com https://cdn-assets-prod.s3.amazonaws.com https://segmentcdn.jumpcloud.com https://cdn.jsdelivr.net https://*.clarity.ms https://cloud.jumpcloud.com https://*.calendly.com https://cdn.pdst.fm https://cdn.pdst.fm https://bam-cell.nr-data.net https://pi.pardot.com https://js-agent.newrelic.com https://analytics.twitter.com https://platform.twitter.com https://grow.clearbitjs.com https://a.smtrk.net https://trk.techtarget.com https://static.ads-twitter.com https://*.wistia.net https://*.wistia.com https://js.driftt.com https://a.quora.com https://scout-cdn.salesloft.com https://www.redditstatic.com https://connect.facebook.net https://bat.bing.com https://j.6sc.co https://snap.licdn.com https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com https://geolocation.onetrust.com https://www.gstatic.com https://www.googleadservices.com https://dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js; style-src 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net https://*.calendly.com; media-src 'self' data: blob: *; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1
default-src 'self'; connect-src * 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https:;  img-src * 'self' data: https: blob:; script-src 'self' 'nonce-TT8fraQKaZHR9cJmIsYUph0O3gGi8PbxtIKsakD1b9Q=' 'strict-dynamic' ; style-src 'self' 'unsafe-inline' *; form-action 'self' data: https:; media-src 'self' data: https: blob: 1
frame-ancestors 'self' https://lckm.dev02.vobacom.info https://www.sse.lodz.pl https://www.zjazdowa.com.pl https://www.lcf.pl https://makis.pl https://www.mpolodz.pl https://www.mcmsrodmiescie.pl https://expo-lodz.pl http://expo-lodz.pl http://bionanopark.pl/ https://www.wtbs.pl https://www.lodz-airport.pl https://*.lodz.pl https://ads.biblioteka.lodz.pl; default-src 'self'; connect-src https://lodz.pl https://*.lodz.pl https://*.analytics.google.com https://pagead2.googlesyndication.com/getconfig/ https://fundingchoicesmessages.google.com/ https://p.clarity.ms/collect https://region1.google-analytics.com https://*.facebook.com/ https://ads.biblioteka.lodz.pl/www/delivery/asyncspc.php https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://connect.facebook.net/; font-src 'self'  https://fonts.gstatic.com/; form-action 'self' https://newsletter.uml.lodz.pl https://www.facebook.com/; frame-src 'self' https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://www.google.com/ https://kuula.co/ https://www.youtube-nocookie.com https://ads.biblioteka.lodz.pl https://newsletter.uml.lodz.pl https://platform.twitter.com https://uml.lodz.pl https://*.facebook.com/ https://connect.facebook.net; img-src 'self' https://c.clarity.ms https://www.gstatic.com/ https://fundingchoicesmessages.google.com/ https://lh3.googleusercontent.com/ https://widget.jutromedical.com https://2k.trackgecko.pl https://region1.google-analytics.com https://googleads.g.doubleclick.net https://ads.biblioteka.lodz.pl/www/  https://multimedia.newsletter.uml.lodz.pl data: https://www.facebook.com/ https://www.google-analytics.com https://www.google.com https://www.google.pl; media-src 'self'; script-src 'self' 'unsafe-inline' https://tpc.googlesyndication.com/ https://www.clarity.ms/s/0.7.20/clarity.js https://fundingchoicesmessages.google.com/ https://www.clarity.ms/tag/jnbug4lfqt https://pagead2.googlesyndication.com/pagead/ https://widget.jutromedical.com https://www.googleadservices.com/ https://www.google.com/pagead/ https://www.google.pl https://googleads.g.doubleclick.net https://ads.biblioteka.lodz.pl https://connect.facebook.net/ https://newsletter.uml.lodz.pl/ https://platform.twitter.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://widget.jutromedical.com https://newsletter.uml.lodz.pl/; worker-src 'self'; 1
default-src * 'unsafe-inline' blob: wss://ai.ocelotbot.com; img-src www.pima.edu prodclstorage.blob.core.windows.net *.crazyegg.com *.siteimproveanalytics.io *.ocelotbot.com www.google.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com www.facebook.com 'unsafe-inline' 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: embed.financialaidtv.com *.ocelotbot.com libanswers.pima.edu v2.libanswers.com lgapi.libapps.com imageserver.ebscohost.com www.youtube.com polyfill.io www.googletagmanager.com *.google.com www.gstatic.com s.ytimg.com translate.google.com *.googleapis.com *.google-analytics.com *.crazyegg.com connect.facebook.net us2.siteimprove.com siteimproveanalytics.com sc.pima.edu 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://ec.monplat-cdn.com  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.lidl.pl  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://balancechecks.tx-gate.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.lidl.pl  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.smartclip.net  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.news.lidl.pl  https://content.odj.cloud  https://contextual.media.net  https://criteo-sync.teads.tv  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://i.liadm.com  https://im9.cz  https://imedia.cz  https://lh3.googleusercontent.com  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://lidl.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://adservice.google.de  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://ec.monplat-cdn.com  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pixel.wp.pl  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.lidl-shop.cz  https://*.lidl-shop.pl  https://*.lidl-sklep.pl  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.pl  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.pl  https://lidl-sklep.pl  https://ligadx.com  https://ligatus.com  https://login.dognet.pl  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.br doctoraliaone-br2-candidate.azurewebsites.net 1
default-src http: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com https://pie.news; 1
frame-ancestors 'self' https://ch3plus.com https://*.ch3plus.com https://*.mello.me https://beci.incart.co 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru; style-src 'self' 'unsafe-inline' https: ; frame-ancestors 'self' https://masterhost.ru https://*.masterhost.ru https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://admin.verbox.ru; frame-src 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru https://me-talk.ru https://pic.me-talk.ru https://twemoji.maxcdn.com; connect-src 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru wss://widget.me-talk.ru wss://widget.apibcknd.com; media-src data: 'self' https://me-talk.ru https://pic.me-talk.ru https://twemoji.maxcdn.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://storage.unctad.org https://ws.sharethis.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://t.sharethis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com mdbootstrap.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://storage.unctad.org https://ws.sharethis.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://datawrapper.dwcdn.net https://t.sharethis.com https://static.dwcdn.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com mdbootstrap.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://ws.sharethis.com https://storage.unctad.org/ https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://ws.sharethis.com https://storage.unctad.org/ https://ajax.cloudflare.com https://static.dwcdn.net https://cdn-images.mailchimp.com https://datawrapper.dwcdn.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com mdbootstrap.com use.fontawesome.com; report-uri https://unctad.org/report-uri/enforce 1
block-all-mixed-content; connect-src 'self' wss://*.amateri.com *.google-analytics.com *.analytics.google.com amateri-video-original.s3.eu-west-1.amazonaws.com amateri-file-upload.s3.eu-west-1.amazonaws.com sentry.amateri.com *.clarity.ms *.doubleclick.net; default-src 'self'; font-src 'self' data: *.gstatic.com; frame-src 'self' www.google.com bngpt.com; img-src 'self' blob: *.amateri.com data: *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net chart.googleapis.com *.clarity.ms; media-src 'self' blob: https://cf-cdn.amateri.com https://video-cdn77.amateri.com https://videopreview-cdn77.amateri.com https://file-video-cdn77.amateri.com; script-src 'unsafe-inline' 'self' www.google-analytics.com www.google.com www.gstatic.com browser.sentry-cdn.com 'nonce-bZ+e8JzaUysG/lKNqzyifA==' 'strict-dynamic' blob:; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https://*.google.com https://auth.zonatelecom.ru/ https://*.zonatelecom.ru *.zonatelecom.ru ws://*.zonatelecom.ru wss://*.zonatelecom.ru *.svc.team www.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.doubleclick.net http://*.zonatelecom.ru https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://*.carrotquest.app http://*.carrotquest.app wss://*.carrotquest.app ws://*.carrotquest.app https://*.carrottrack.io wss://*.carrottrack.io ;base-uri 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.zonatelecom.ru blob:;img-src 'self' https://cdn.zonatelecom.ru *.svc.team *.zonatelecom.ru https://www.google.com https://www.google.ru www.googletagmanager.com https://www.google-analytics.com https://vk.com https://*.vk.com https://mc.yandex.ru https://*.mail.ru https://*.maps.yandex.net https://*.yandex.ru https://*.carrotquest.app http://*.carrotquest.app data: blob: https:;connect-src https: 'self' ws://*.carrotquest.app wss: ws://bitrix24.zonatelecom.ru uaas.yandex.ru *.zonatelecom.ru;font-src 'self' fonts.gstatic.com;manifest-src 'self';object-src 'none';script-src 'self' https://*.svc.team http://*.svc.team https://auth.zonatelecom.ru/ https://*.zonatelecom.ru 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://popup-static.unisender.com abt.s3.yandex.net https://*.carrotquest.app http://*.carrotquest.app wss://*.carrotquest.app ws://*.carrotquest.app https://*.carrottrack.io http://*.carrottrack.io wss://*.carrottrack.io  ws://*.carrottrack.io ;frame-src https://widget.cloudpayments.ru https://www.google.com https://bitrix24.zonatelecom.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://*.carrotquest.app http://*.carrotquest.app https://*.auth.svc.team 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; connect-src 'self' https: wss://*.intercom.io/; font-src 'self' https: data:; media-src https:; child-src 'self' https:; form-action 'self' https:; frame-ancestors 'none'; object-src 'none'; frame-src 'self' https:; worker-src 'self' https:; manifest-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io www.dwin1.com www.awin1.com analytics.tiktok.com *.iadvize.com *.tagcommander.com cdn-assets-italy.decathlon.net pay.google.com s2.adform.net the.sciencebehindecommerce.com track.adform.net www.google.com view.publitas.com scripts.publitas.com adform.com s.pinimg.com *.ad4m.at ad4m.at;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io the.sciencebehindecommerce.com www.google.it *.iadvize.com *.mediadecathlon.com *.numerized.com track.adform.net wss://*.iadvize.com *.criteo.com *.criteo.net pagead2.googlesyndication.com analytics.tiktok.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.criteo.com *.criteo.net www.awin1.com *.ad4m.at ad4m.at *.iadvize.com *.tagcommander.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com cdn-assets-italy.decathlon.net connect.facebook.net cubedecathlonit.commander1.com decathlonit.commander1.com evt-eu.klarnaservices.com prod.y-medialink.com track.adform.net translate.google.com s2.adform.net adform.com ct.pinterest.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.iadvize.com track.adform.net;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.iadvize.com cdn-assets-italy.decathlon.net eu-assets.klarnaservices.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net cdn-assets-italy.decathlon.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com www.dwin1.com help.decathlon.it awin1.com *.ad4m.at ad4m.at *.criteo.net *.criteo.com *.iadvize.com track.adform.net www.google.com s2.adform.net;frame-ancestors 'self'; 1
frame-ancestors 'self' https://console.wetest.net https://beacon.woa.com/ https://*.qq.com https://*.wetest.net 1
frame-ancestors https://*.orbi.kr 1
frame-ancestors 'self' https://*.enuygun.com https://*.wingie.com https://*.wingie.de https://*.wingie.es https://*.wingie.co.uk https://*.wingie.ae https://*.wingie.qa https://*.wingie.co.in https://*.wingie.pk https://*.enuygunsigorta.com https://mulk.net https://*.mulk.net https://enuygun.com https://admin.sonsomon.com https://www.mulk.net; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-c215447229f0a6d730f43153768a0531' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1111462729399481; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1111462729399481 1
frame-ancestors 'self' https://*.contentful.com https://*.ushmm.org https://*.main.ushmm.org 1
frame-ancestors 'self' http://*.szextarskereso.hu http://*.bizarr.hu https://szex.com http://sweetescortgirls.com https://www.amator-szex.hu https://szexpartner.szex.hu/ https://porn.sex.hu/ https://kupak.hu https://budapestcsajok.hu https://csucscsajok.hu https://erotikmarket.hu https://extazis.com https://fotogarancia.net https://hotel69.hu https://kimaradas.hu https://magyarescort.com https://masszazs.co.hu https://masszazs.xxx https://pinaparade.hu https://szex.pixelnet.hu https://szexeslanyok.hu https://szexhungary.hu https://szexkapcsolat.hu https://szexlesz.hu https://szexma.hu https://szexpartner.info.hu https://szexpartner.xxx https://aprohirdetesingyen.hu https://fotogarancia.hu https://megdugnad.com; 1
default-src 'self'; img-src 'self' *.cloudfront.net http://img.youtube.com/ https://winzo.onelink.me/ https://i.ytimg.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://www.winzogames.com/ https://www.google.com/ https://www.google.co.in/ http://www.google-analytics.com/ https://www.googletagmanager.com/ https://rest.entitysport.com/ https://googleads.g.doubleclick.net/ https://app.appsflyer.com/ https://api.mythad.com/ https://www.adsnebula.com/ https://logsdk.kwai-pro.com/ https://ads.kwai.com/ data: ; media-src 'self' *.cloudfront.net http://img.youtube.com/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://d3g4wmezrjkwkg.cloudfront.net/ https://use.typekit.net/; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' data:; connect-src 'self' https://www.google-analytics.com/ https://analytics.google.com/ https://d3g4wmezrjkwkg.cloudfront.net/ https://www.winzogames.com/ https://api.ipify.org/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://*.clarity.ms/ https://*.googlesyndication.com/ https://api.mythad.com/ https://www.adsnebula.com/ https://logsdk.kwai-pro.com/ https://ads.kwai.com/ https://www.winzopoker.live/ https://adservice.google.com/ https://www.google.co.in/; frame-src https://www.facebook.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://td.doubleclick.net/; 1
script-src 'self' https://cdn.matomo.cloud/met.matomo.cloud/matomo.js https://www.google-analytics.com/analytics.js;default-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src met.matomo.cloud/matomo.php https://www.met.no/; 1
default-src https:;img-src 'self' https: data:;connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://www.googletagmanager.com http://www.google.com;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;font-src 'self' data: https:;worker-src 'self' https: blob: 1
frame-ancestors 'self' *.atomex.net ; 1
frame-ancestors 'self' https://*.bluestone.com 1
frame-ancestors https://*.kincir.com/ https://*.valofe.com/ https://*.wavepoint.co.id/ https://*.unipin.com/ https://gamebrott.com/ https://gamebuff.id/ https://kiosgamer.co.id/ https://shop.garena.my/ https://teknologi.id/ https://www.indosport.com/ https://*.teknologi.id/ https://*.hitekno.com/ https://www.facebook.com/ https://iframehost.iframehost.com/ https://www.upstation.asia/ https://*.detik.com/ https://*.indosport.com/ https://*.upstation.media/ https://gamezero.co/ https://h5.nevv.online77.cn/*; 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:; worker-src    * blob:; font-src      *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://livserv.in https://*.livserv.in https://connect.facebook.net https://code.jquery.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://static.hotjar.com https://www.google-analytics.com https://js.zi-scripts.com https://www.clarity.ms https://salesiq.zoho.com https://sjrtp9.marketo.com https://sjrtp9-cdn.marketo.com https://js.zohocdn.com https://www.googletagmanager.com https://www.youtube.com https://rtp-static.marketo.com https://*.marketo.net https://vlog.leadformix.com https://www.google.com/recaptcha/api.js https://crm.zohopublic.com https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://ajax.googleapis.com https://crm.zoho.com/ https://static.zohocdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://rtp-static.marketo.com https://css.zohocdn.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/; img-src 'self' data: https://www.google.co.in https://livserv.in https://*.livserv.in https://www.ctrls.in https://c.bing.com https://www.google.co.nz https://salesiq.zohopublic.com https://c.clarity.ms https://crm.zoho.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.google.com.sg https://css.zohocdn.com https://www.google.co.in/ads/ https://ssl.google-analytics.com https://secure.gravatar.com https://crm.zohopublic.com; font-src 'self' https://css.zohocdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' ; frame-src 'self' https://livserv.in https://*.livserv.in https://www.youtube.com https://www.google.com https://salesiq.zohopublic.com; object-src 'self' ; connect-src https://www.ctrls.in https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://*.clarity.ms https://salesiq.zoho.com https://ws.zoominfo.com https://224-ahc-158.mktoresp.com https://sjrtp9.marketo.com https://js.zi-scripts.com wss://vts.zohopublic.com https://salesiq.zohopublic.com https://crm.zohopublic.com/ 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; media-src 'self' blob: data: https:; object-src https://flash.sitepoint.com; frame-ancestors 'self' 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src * blob: ; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' https://*.akifast.com akifast.com 1
default-src 'self' *.googleapis.com *.landbot.io wss://*.firebaseio.com *.youtube.com vimeo.com *.vimeo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://ds-aksb-a.akamaihd.net *.landbot.io *.firebaseio.com cdn.jsdelivr.net/ *.youtube.com vimeo.com *.vimeo.com *.go-mpulse.net https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https: http://fonts.googleapis.com; img-src * 'self' data: https:; media-src * 'self' data: https:; frame-src * 'self' data: https:; child-src * 'self' data: https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.landbot.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; report-uri /report-csp-violation 1
default-src 'self' blob: https://*.futurelearn.com; object-src https://*.vzaar.com https://vzaar-video.ccindex.cn https://vjs.zencdn.net; base-uri 'self' https://*.futurelearn.com; frame-ancestors 'self' https://*.futurelearn.com; frame-src 'self' *; connect-src 'self' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about: *; style-src 'self' 'unsafe-inline' blob: *; img-src 'self' data: *; media-src 'self' * blob:; font-src 'self' about: data: *;report-uri /csp-violation 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.pornorama.com/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self'; report-uri https://pc.moppy.jp/csp-report.php 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.iliad.it *.beta.iliad.it osm.proxad.net *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr www.youtube.com aax-eu.amazon-adsystem.com acsbapp.com *.acsbapp.com *.adform.net traffic.outbrain.com paid.outbrain.com recommend.outbrain.com creativecdn.com libjs.s4mdsp.comevt.s4mdsp.com tracking.lqm.io app.contentsquare.com *.contentsquare.net c.amazon-adsystem.com td.doubleclick.net pagead2.googlesyndication.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com 1
default-src https: wss: blob: *.demandbase.com *.visualwebsiteoptimizer.com *.evergage.com foxit.us-6.evergage.com; img-src 'self' data: www.google.com www.google-analytics.com optimize.google.com www.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com *.gravatar.com secure.gravatar.com *.paypal.com www.google.com.hk www.google.com.tw dev.visualwebsiteoptimizer.com/v.gif *.visualwebsiteoptimizer.com segments.company-target.com tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com www.googletagmanager.com *.googleadservices.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com www.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com public.profitwell.com *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw dev.visualwebsiteoptimizer.com paapi8916.d41.co dev.visualwebsiteoptimizer.co cdn-0.d41.co a.quora.com *.visualwebsiteoptimizer.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com optimize.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.demandbase.com foxit.us-6.evergage.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com foxit.us-6.evergage.com; object-src 'self' *.foxitsoftware.com; worker-src 'self' blob: 'unsafe-inline'; 1
default-src 'self';img-src 'self' data: *;font-src 'self' data:;connect-src 'self' *.daserste.de *.ardmediathek.de *.ardaudiothek.de *.tagesschau.de *.sportschau.de *.kika.de;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src blob: data: wss://*.8888.bg:* wss://8888.bg:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://8888.bg https://*.8888.bg https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://vgcommon-vs001.akamaized.net/ https://*.doubleclick.net ; frame-ancestors 'self' https://*.8888.bg https://8888.bg 1
upgrade-insecure-requests ; frame-src 'self' *.algolia.com *.ceros.com *.js.driftt.com *.pendo.io app-ab39.marketo.com codesandbox.io js.driftt.com res.cloudinary.com vars.hotjar.com www.facebook.com www.welcometothejungle.com www.youtube-nocookie.com www.youtube.com calendly.com play.vidyard.com *.codesandbox.io *.arcade.software s.company-target.com ; frame-ancestors 'self' algolia.sitespect.com *.algolia.com 1
frame-ancestors https://*.myworldfix.com https://*.beesads.com 1
default-src 'self' https://*; media-src 'self' https://* blob:; font-src 'self' https://* data:; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:; 1
Upgrade-Insecure-Requests; object-src 'none'; frame-ancestors https://*.nutanix.com https://*.nutanix.cn https://*.ziftsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.2o7.net https://*.6sc.co https://*.addtoany.com https://*.adobe.com https://*.adobedtm.com https://*.bing.com https://*.baidu.com https://*.brightcove.com https://*.brightcove.net https://*.bttrack.com https://*.cheqzone.com https://*.clarity.ms https://*.clearbit.com https://*.cloudflare.com https://*.cookielaw.org https://*.d41.co https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.engagio.com https://*.everestjs.net https://*.facebook.net https://*.fullstory.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.hotjar.com https://*.hushly.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.listenloop.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.nutanix.cn https://*.nutanix.com https://*.outbrain.com https://*.peerspot.com https://*.recaptcha.net https://*.redditstatic.com https://*.sndcdn.com https://*.twitter.com https://*.zemanta.com https://*.zencdn.net https://bttrack.com https://ml314.com https://*.jquery.com https://unpkg.com https://*.ziftsolutions.com https://ziftsolutions.com; worker-src 'self' blob:; 1
default-src 'self' blob: *.wistia.com/ https://embedwistia-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ss-consent-or.trustarc.com/ https://googleads.g.doubleclick.net/ https://assets.bugcrowdusercontent.com/ https://bugcrowd.com/ https://j.6sc.co/ https://static.addtoany.com/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://fast.wistia.com/ *.adroll.com/ *.geocomply.net/ *.geocomply.com/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://snap.licdn.com/ https://pi.pardot.com/ https://tracking.g2crowd.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://copytocdn.s3.amazonaws.com/ https://ss-consent-or.trustarc.com/ https://www.google.com/ https://localhost:* https://www.google.de/ https://no-cdn.shortpixel.ai/ *.linkedin.com/ https://p.adsymptotic.com/ https://www.google.com.ua/ https://b.6sc.co/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ *.wistia.com/ https://consent-pref.trustarc.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://ups.analytics.yahoo.com/ *.geocomply.com/ *.geocomply.net/ https://analytics.twitter.com/i/ https://www.google.pl/ https://www.google.ca/ https://www.linkedin.com/px/ https://google.com.ua/ https://t.co/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ads/ https://px.ads.linkedin.com/ data:; style-src 'self' 'unsafe-inline' https://fast.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ https://fonts.googleapis.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/; font-src 'self' https://ss-consent-or.trustarc.com/ https://fast.wistia.com/ https://consent.trustarc.com/ https://fast.wistia.net/ *.geocomply.com/ https://themes.googleusercontent.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' https://td.doubleclick.net/ https://bugcrowd.com/ https://static.addtoany.com/ https://consent-pref.trustarc.com/ https://fast.wistia.net/embed/ https://applications.zoom.us/ *.geocomply.com/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.youtube.com/ https://www.google.com/;  frame-ancestors 'self' https://applications.zoom.us/; connect-src 'self' https://pagead2.googlesyndication.com/ https://ss-consent-or.trustarc.com/ https://consent.trustarc.com/ https://www.g2.com/ https://www.g2.com/ https://consent-reporting.trustarc.com/ https://consent-pref.trustarc.com/ https://www.google.de/ https://epsilon.6sense.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com.ua/ https://www.google.pl https://stats.g.doubleclick.net/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://analytics.google.com/ *.analytics.google.com/ https://embedwistia-a.akamaihd.net/ *.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ *.geocomply.net/ https://www.google-analytics.com/; object-src 'self' 1
frame-ancestors 'self' https://*.taz.de https://taz.de 1
frame-ancestors *.american.edu 1
base-uri 'self'; connect-src 'self' https://mypertamina.id/api/ 'unsafe-inline' blob: data: gap:; default-src 'self'; font-src 'self' https://fonts.gstatic.com 'unsafe-inline'; frame-src 'self' https://www.google.com/ https://www.youtube.com; img-src 'self' 'unsafe-inline' shieldon-io.github.io data: 'unsafe-eval' https://build.mypertamina.id/ https://www.facebook.com https://www.google.co.id https://www.google.com https://mypertamina.id https://via.placeholder.com/ https://sp.tinymce.com/; manifest-src 'self'; media-src 'self' 'unsafe-inline'; object-src 'none'; report-uri https://mypertamina.id/disclaimer; script-src 'self' https://analytics.tiktok.com/i18n/pixel/events.js https://cdn.datatables.net/v/bs5/dt-1.11.5/datatables.min.js https://connect.facebook.net https://www.googletagmanager.com/gtag/js https://cdn.tiny.cloud 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.tiny.cloud https://cdn.datatables.net https://fonts.googleapis.com; worker-src 'none'; 1
default-src 'self'; connect-src 'self' https://webtv.bundestag.de https://playerservice.cdn.tv1.eu https://statistik.bundestag.de; font-src 'self' data:; form-action 'self'; frame-src 'self' https://www.bundestag.de https://webtv.bundestag.de https://*.bundestag.de https://bundestag.de https://*.tv1.eu; img-src https: data: *; object-src 'self' https://www.bundestag.de https://bundestag.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://statistik.bundestag.de https://webtv.bundestag.de https://*.tv1.eu; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.bundestag.de https://bundestag.de https://www.bundestag.de.staging.babiel.com https://bundestag.de.staging.babiel.com https://www.bundestag.de.dev.babiel.com https://bundestag.de.dev.babiel.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NzgzYzhhNGE5MTliNDMxNjlmM2QxYTYxZDQxZGVlMzA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com; style-src 'unsafe-inline' data: *.qwant.com *.qwantjunior.com qwant.com; object-src 'self'; connect-src *.qobuz.com *.apple.com *.qwant.com qwant.com extras.qwantjunior.com; img-src blob: 'self' s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com data: s-lite.qwant.com www.qwant.com; frame-ancestors *.qwant.com *.qwantjunior.com lmqt.fyi; form-action 'self'; font-src 'self'; worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com; frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com players-cdn.vidmizer.com players-cdn-v2.vidmizer.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com *.tvlocale.fr *.smartrezo.com *.femmesetcitoyennete.fr *.jeunesreporterssansfrontieres.fr *.medias-francophones.com *.trendy-community.fr *.tvcitoyenne.com *.veitech.com *.localetv.eu player.myvideoplace.tv net.geo.opera.com geo.captcha-delivery.com; media-src blob: *.qwant.com *.apple.com *.qobuz.com *.vid.web.acsta.net; base-uri 'self'; block-all-mixed-content; 1
frame-ancestors https://staging.certification.vuejs.org https://certification.vuejs.org https://certificates.dev https://staging.certificates.dev https://alemira.com https://*.alemira.com 1
default-src 'self' fs.betunit.com;style-src 'self' fs.betunit.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com embed.tawk.to 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';script-src 'self' *.gstatic.com *.google.com tvbetframe7.com tvbetframe24.com *.facebook.com *.facebook.net *.onesignal.com www.google-analytics.com google-analytics.com static.hotjar.com embed.tawk.to script.hotjar.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';connect-src 'self' *.vamos.bet wss://cgo-live.vamos.bet/connection/websocket nrgaming.games *.nrgaming.games *.energaming.systems *.betunit.com betunit.com *.doubleclick.net www.google-analytics.com google-analytics.com live5.betunit.com *.tawk.to wss://*.tawk.to ws://*.tawk.to ws://turbo.energaming.systems:4444 wss://turbo.energaming.systems:4444 turbo.energaming.systems ws://transport.energaming.systems:4444 wss://transport.energaming.systems:4444 transport.energaming.systems chukuatano.co.tz *.chukuatano.co.tz;frame-src 'self' *.atlas-v.com playbetman.com *.playbetman.com nrgaming.games *.nrgaming.games *.google.com vars.hotjar.com *.energaming.systems *.betunit.com betunit.com *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz;font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com embed.tawk.to;img-src * 'self' *.tawk.link *.energaming.systems *.betunit.com betunit.com *.facebook.com *.tawk.to *.google-analytics.com google-analytics.com  *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz cdn.jsdelivr.net nrgaming.games *.nrgaming.games 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data: blob:; connect-src https: data: blob: wss: 'self'; report-uri https://www.naturabuy.fr/reportCSP.php 1
frame-ancestors https://*.meijer.com 1
upgrade-insecure-requests;frame-ancestors 'self';object-src 'none';base-uri 'self';script-src 'report-sample' https: 'unsafe-inline' 'strict-dynamic' 'sha256-wDkOnY488UsdiT+Fni3PAYzYjaXqcMGJsemH5GvnTDE=' 'sha256-J+mZo5GYyZXBeHoU84oUVsC9U5xAlmbRg/PaF5WIczc=' 'sha256-EhG/h/RqHxTHE7up89blJbhWNGWdDgROL67iVto2piQ=' 'sha256-kxfWe5OS4NAeYgfcNsuaY1cqEa9FV67g1vjbOGu7Y+Q=' 'sha256-Zwfu6qy5T3ojGBL4VV/4IusRvdP+Cq8mR9iyWJAAiZ4=' 'sha256-RpSarVFfx06Pq2iwXnztpyqpJbJQ/274fjc/ujbRrT4=' 'sha256-QPUH5vXz1LK7GJI0vO1fP3HJiHZ5Dfkik0mkx9ReaCw=' 'sha256-zKMJo2omh7lSMErndri8oFvJyw9yurcfdMjIXS5/DHQ=' 'sha256-Z+Gt/2SZlkeEPSlcRd8F7Nw0Rw80vSoOwuAepWeUWwg=' 'sha256-9t1q7fLa7dAWW4n1ZKt0R8TvvT+L0lCUaOd+SYksrOY=' 'sha256-Hd3+wFtt0Bs9B9CWaaMYP/Guqb9U+XSx3ExF3Oezy6o=' 'sha256-jyo5ILuUFRn0BHLReyTHIDimABy55WkKZLqSHdBi0U8=' 'sha256-cl1eMRv3g4NMaI9CYyzZW8gHzLE1jev317XcvoKz0Hw=' 'sha256-nwf8APss9J2CZcGrxT4wydAOh4TQNiiLW7N7nDHtcBA=' 'sha256-e5G38orGjz6iDgRdJ2tZRzAhUQWtGR2cwkhNLUMjR8c=' 'sha256-jqiucsIU7f1+S9YmQPSbTgEnW/XkaTvE9axnG8ZMrsM=';worker-src blob:;report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc504e1394818288959b4d64fb38efebe&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awolt.com%2Cversion%3A1.10.140 1
frame-ancestors 'self' https://esirket.com https://app.mukellef.co https://app-beta.mukellef.co https://app.bizimsiparis.com https://bizimsiparis.com https://findara.co https://dgpfdemo.dgpays.com https://bilanco.co https://app.bilanco.co 1
frame-ancestors 'self' https://*.sdsu.edu https://a.cms.omniupdate.com; 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.kiskegyed.hu::PROD_1_0_4 1
frame-ancestors 'self' https://etrain.info https://m.etrain.info https://www.trippozo.com; 1
default-src 'self'; script-src 'self' wcs.naver.net *.spring.wfp.org cdn.wfp.org *.jwplatform.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com survey.g.doubleclick.net *.doubleclick.net *.adalyser.com *.jwpcdn.com www.gstatic.com adservice.google.com connect.facebook.net www.facebook.com squizlabs.github.io cdnjs.cloudflare.com unpkg.com cdn.sparkcentral.com *.smooch.io *.user1st.info www.googleadservices.com bat.bing.com sixeleven.involve.me assets.juicer.io *.typekit.net *.hotjar.com *.hotjar.io platform.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.spring.wfp.org cdn.wfp.org tagmanager.google.com fonts.googleapis.com *.bootstrapcdn.com squizlabs.github.io cdn.sparkcentral.com *.user1st.info assets.juicer.io *.typekit.net; img-src 'self' blob: https: data:; media-src 'self' content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com cdn.sparkcentral.com *.user1st.info blob:; frame-src 'self' *.jwpsrv.com www.google.com survey.g.doubleclick.net *.doubleclick.net cdn.knightlab.com forms.office.com content.jwplatform.com *.user1st.info www.youtube-nocookie.com sixeleven.involve.me saveful.com *.hotjar.com *.hotjar.io datawrapper.dwcdn.net platform.twitter.com; child-src 'self' blob:; font-src 'self' cdn.wfp.org *.jwpcdn.com fonts.gstatic.com *.bootstrapcdn.com cdn.sparkcentral.com *.user1st.info static.juicer.io *.typekit.net *.hotjar.com *.hotjar.io data:; connect-src 'self' data: wcs.naver.com tiles.arcgis.com spring.wfp.org *.spring.wfp.org cdn.wfp.org geonode.wfp.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com analytics.google.com api.mapbox.com geoip.nekudo.com api.ipify.org api.ip2country.info mycountry.picktek.org content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com acr.api.spring.wfp.org cdn.sparkcentral.com *.smooch.io *.user1st.info stats.g.doubleclick.net fh.mg.wfp.org geoip.maxmind.com www.juicer.io juicer.io graph.facebook.com *.typekit.net *.sentry.io bat.bing.com *.hotjar.com *.hotjar.io *.jwpltx.com 'self' ws: https://o274918.ingest.sentry.io/api/5249464/store/ https://o274918.ingest.sentry.io/api/5249464/envelope/; upgrade-insecure-requests 1
default-src 'none';script-src 'self' 'nonce-435gjCJUbeW0achx6jqr' www.google-analytics.com www.google.com www.gstatic.com cdnjs.cloudflare.com az416426.vo.msecnd.net ajax.cloudflare.com challenges.cloudflare.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com;img-src 'self' www.google-analytics.com stats.g.doubleclick.net www.gstatic.com logos.haveibeenpwned.com;font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com;connect-src 'self' api.pwnedpasswords.com www.google-analytics.com stats.g.doubleclick.net dc.services.visualstudio.com;base-uri 'self';child-src www.google.com challenges.cloudflare.com;form-action 'self' accounts.google.com www.paypal.com billing.stripe.com checkout.stripe.com billing.haveibeenpwned.com;frame-ancestors 'none';worker-src 'self';upgrade-insecure-requests;report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/; font-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com/; img-src 'self' blob: data: ;  1
frame-ancestors https://*.artsy.net; 1
default-src 'self' data: *.6sc.co *.akamaihd.net *.bugcrowd.com *.cookielaw.org *.clearbit.com *.company-target.com *.contentsquare.net *.craftcms.com *.doubleclick.net *.google.com *.google-analytics.com *.gstatic.com *.litix.io *.lever.co *.mktoresp.com *.oribi.io *.onetrust.com *.mutinyhq.com *.mutinycdn.com *.mutinyhq.io cdn-mktg.outreach-staging.com *.outreach-staging.com cdn-mktg.outreach.io *.outreach.io *.fullstory.com *.quora.com *.rollbar.com *.segment.io *.sharethis.com *.terminus.services *.vercel-insights.com *.wistia.com 'self' *.pusher.com *.yext.com sessions.bugsnag.com *.contentsquare.net *.cookielaw.org *.mutinycdn.com ws:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: search.outreach.io.pagescdn.com *.6sc.co *.bugherd.com *.pusher.com *.quantserve.com *.quantcount.com *.adsrvr.org *.bizzabo.com https://bugcrowd.com *.bugcrowdusercontent.com *.bugcrowd.com *.consensu.org *.cookielaw.org *.capterra.com *.cloudflare.com *.cloudfront.net *.company-target.com app.contentsquare.com t.contentsquare.net *.demandbase.com *.facebook.com *.g2crowd.com *.google.com *.google-analytics.com *.gstatic.com *.linkedin.com *.doubleclick.net *.influitive.com *.fullstory.com *.licdn.com *.marketo.net *.mutinyhq.com *.mutinycdn.com *.mutinyhq.io *.onetrust.com *.oribi.io *.wistia.com *.pushcrew.com *.redditstatic.com *.sharethis.com *.terminus.services *.quora.com *.googletagmanager.com *.bing.com *.googleadservices.com *.facebook.net *.adroll.com *.driftt.com *.outreach.io *.fullstory.com *.madkudu.com *.greenhouse.io *.google-analytics.com *.fontawesome.com *.segment.com *.googleapis.com *.clearbit.com *.clearbitjs.com *.stripe.com; style-src 'self' 'unsafe-inline' *.bugcrowd.com *.cloudfront.net data: *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com *.pushcrew.com insights.outreach.io *.outreach.io *.typekit.net https://outreach.io https://www.outreach.io; img-src * 'self' data: *.mutinycdn.com; media-src 'self' blob: data: *.outreach.io *.akamaihd.net *.wistia.com; frame-src *; font-src 'self' data: *.fontawesome.com *.cloudfront.net *.gstatic.com *.typekit.net *.outreach.io *.mktoweb.com; frame-ancestors 'self' data: https://app.mutinyhq.com 1
default-src 'none'; base-uri 'none'; connect-src 'self' data: *.credit-suisse.com *.oribi.io *.frontify.com *.hedani.net  *.decibelinsight.net *.demdex.net *.doubleclick.net *.inbenta.com *.inbenta.io *.knowledgevision.com *.omtrdc.net *.qualtrics.com www.google-analytics.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net *.facebook.com *.googletagmanager.com soundcloud.com cdn.ampproject.org *.bing.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cookielaw.org *.onetrust.com *.pinterest.com webexapis.com *.wbx2.com *.ciscospark.com wss://*.ciscospark.com analytics.tiktok.com *.teads.tv *.googleapis.com edge.adobedc.net;font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.hedani.net *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net *.qumucloud.com; frame-ancestors 'self' *.students.ch *.rowini.net *.ch.hedani.net content-uat.csintra.net content.csintra.net *.credit-suisse.com *.hedani.net *.adobedtm.com *.abusizz.ch *.maglr.com; frame-src 'self' blob: *.adobedtm.com *.spotify.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com *.youtube-nocookie.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com *.pinterest.com anchor.fm *.microad.jp analytics.tiktok.com bugcrowd.com; img-src 'self' data: *.hedani.net *frontify.com *.credit-suisse.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ch t.co *.quantserve.com *.everesttech.net *.demdex.net *.youtube.com *.facebook.com *.facebook.net *.inbenta.com maps.gstatic.com maps.googleapis.com *.linkedin.com *.qualtrics.com *.gstatic.com *.inbenta.io  *.mathtag.com *.bing.com gateway.zscloud.net *.googletagmanager.com *.glassdoor.com *.cookielaw.org *.qq.com *.adsymptotic.com *.pinterest.com *.teads.tv *.microad.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com; object-src 'self' blob: *.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.adobedtm.com *.ads-twitter.com cdn.ampproject.org *.anychart.com *.credit-suisse.com *.hedani.net  *.everesttech.net *.facebook.net *.forms.credit-suisse.com *.google.ch *.google-analytics.com *.googleapis.com *.googletagmanager.com *.inbenta.com *.inbenta.io *.jquery.com *.knowledgevision.com *.licdn.com *.linkedin.com *.qualtrics.com *.twitter.com *.youtube.com *.ytimg.com maps.google.com tagmanager.google.com sc-static.net *.googleadservices.com googleads.g.doubleclick.net *.ampproject.org *.mathtag.com *.bing.com gateway.zscloud.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.ceros.com *.cookielaw.org *.qq.com *.qumucloud.com *.pinimg.com *.teads.tv *.microad.jp s.yimg.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com bugcrowd.com *.bugcrowdusercontent.com tr.snapchat.com; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.hedani.net *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net analytics.tiktok.com *.teads.tv; style-src-elem 'self' 'unsafe-inline' data: *.credit-suisse.com *.inbenta.com *.inbenta.io; manifest-src 'self' data: *.credit-suisse.com; 1
default-src https: data:; img-src https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-xnpYZsEFsz+eNiETqlUzSw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.t-mobile.pl; frame-src 'self' https://*.t-mobile.pl https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com https://*.creativecdn.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.medallia.eu https://*.revhunter.tech; 1
default-src 'self' http://localhost:60400 https://pfms.nic.in/FidoApi ; script-src 'self' https://pfms.nic.in/ http://localhost:60400    https://pfms.nic.in/FidoApi   'unsafe-inline' 'unsafe-eval' https://pfms.nic.in/ http://localhost:60400 https://pfms.nic.in/FidoApi ;  style-src 'self' 'unsafe-inline' 'unsafe-eval'    https://pfms.nic.in/ ; frame-src 'self'    http://localhost:60400; img-src * 'self' data: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.cdnjs.network https://cdn.amplitude.com https://cdn.madkudu.com https://cdn.segment.com https://*.clickagy.com https://*.confirmic.com https://cdn-cookieyes.com https://*.sleeknote.com https://*.maze.co https://snap.licdn.com https://*.twitter.com https://static.ads-twitter.com https://*.zoominfo.com https://js.zi-scripts.com https://connect.facebook.net https://www.google-analytics.com https://*.googletagmanager.com https://js.chilipiper.com https://*.hotjar.com https://*.6sc.co https://*.youengage.me https://youengage.me https://*.cloudfront.net https://netlify-cdp-loader.netlify.app https://code.tidio.co https://widget-v4.tidiochat.com https://bat.bing.com https://*.demandbase.com; style-src 'self' 'unsafe-inline' https://*.maze.co https://fonts.googleapis.com https://*.hotjar.com https://*.youengage.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.datocms-assets.com https://*.maze.co https://js.zi-scripts.com https://ws.zoominfo.com https://api.schedule.zoominfo.com https://*.chilipiper.com https://api.amplitude.com https://cdn.segment.com https://api.segment.io https://*.cookieyes.com https://cdn-cookieyes.com https://*.confirmic.com https://*.clickagy.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.simplecast.com https://*.oribi.io https://*.6sc.co https://*.6sense.com https://*.facebook.com https://*.goldcast.io https://*.adnxs.com https://*.youengage.me https://*.outgrow.us https://*.tidio.co sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https://px.ads.linkedin.com https://*.demandbase.com https://*.company-target.com wss://*.hotjar.com wss:; font-src 'self' data: https://*.maze.co https://fonts.gstatic.com https://*.chilipiper.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://www.youtube.com https://*.tidiochat.com; frame-src 'self' https://*.maze.co https://*.hotjar.com https://www.facebook.com https://*.chilipiper.com https://platform.twitter.com https://*.spotify.com https://player.simplecast.com https://www.youtube.com https://player.vimeo.com https://*.wistia.net https://*.clickagy.com https://youengage.me https://*.outgrow.us https://v2-embednotion.com/ https://*.company-target.com https://app.netlify.com; frame-ancestors 'self'; img-src 'self' https://*.maze.co https://cdn-cookieyes.com https://*.rlcdn.com https://ws.zoominfo.com https://*.6sc.co https://*.doubleclick.net https://*.chilipiper.com https://analytics.sleeknote.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.clickagy.com https://www.datocms-assets.com https://analytics.twitter.com https://t.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://i.vimeocdn.com https://i.ytimg.com https://*.facebook.com https://*.youengage.me https://tidio-images-messenger.s3.amazonaws.com cdnjs.cloudflare.com https://bat.bing.com blob: data:; manifest-src 'self'; media-src 'self' https://*.maze.co https://cdn.simplecast.com https://*.scdn.co widget-v4.tidiochat.com; worker-src 'none'; 1
base-uri 'self'; frame-ancestors 'self'; report-uri https://www.paho.org/en/report-uri/enforce 1
default-src 'self' *.thehartford.com *.hfdstatic.com aa.agkn.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io; font-src 'self' *.thehartford.com *.hfdstatic.com fonts.gstatic.com *.kampyle.com; frame-ancestors 'self' *.thehartford.com; frame-src *.optimizely.com *.thehartford.com *.kampyle.com cl.exct.net www.youtube.com pub.s1.exacttarget.com *.doubleclick.net hosted.where2getit.com uk132.infusionsoft.com *.tealiumiq.com connect.facebook.net *.akamaihd.net pinecast.com storage.pinecast.net insight.adsrvr.org match.adsrvr.org mc3jl4gfl2432w-98y2stw11txh8.pub.sfmc-content.com www.google.com *.qualtrics.com; connect-src *.tealiumiq.com *.thehartford.com *.kampyle.com *.powerreviews.com rules.atgsvcs.com www.google-analytics.com *.doubleclick.net img.c3tag.com www.googletagmanager.com ampcid.google.com s.srvsynd.com api.genesyscloud.com 530-ct.c3tag.com *.akamaihd.net *.optimizely.com www.google.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.qualtrics.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io *.hfdstatic.com hartfordinsurancegroup.pxf.io; img-src 'self' data: *.thehartford.com *.optimizely.com *.hfdstatic.com *.kampyle.com *.powerreviews.com ecf.d41.co aa.agkn.com so.rlcdn.com http://image.insurance.thehartford.com res.cloudinary.com aa.agkn.com *.tealiumiq.com da.usaa.com uk132.infusionsoft.com hits.convergetrack.com www.google-analytics.com *.doubleclick.net www.google.com www.facebook.com secure.adnxs.com www.googletagmanager.com sp.analytics.yahoo.com bat.bing.com analytics.convertlanguage.com *.akamaihd.net thumb.service.pinecast.com px.ads.linkedin.com insight.adsrvr.org px.ads.linkedin.com p.adsymptotic.com www.linkedin.com cookie.havasedge.com event.havasedge.com tag.havasedge.com cx.atdmt.com match.sharethrough.com gw.helixbi.io api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com region1.google-analytics.com region1.analytics.google.com data.adxcel-ec2.com match.adsrvr.org *.qualtrics.com ib.adnxs.com *.cookielaw.org *.onetrust.com https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io; style-src 'self' *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com fonts.googleapis.com *.custhelp.com *.akamaihd.net 'unsafe-inline' www.gstatic.com *.cookielaw.org *.cookiepro.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tealiumiq.com *.optimizely.com *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com vsvipmw01.rightnowtech.com *.custhelp.com rules.atgsvcs.com www.linkedin.com *.doubleclick.net *.akamaihd.net secure.adnxs.com insight.adsrvr.org data.adxcel-ec2.com aa.agkn.com aa.agkn.com sp.analytics.yahoo.com static.atgsvcs.com beacon.krxd.net bat.bing.com sjs.bizographics.com 530-ct.c3tag.com hits.convergetrack.com s.delvenetworks.com as00.estara.com conv-tm.everesttech.net www.facebook.com connect.facebook.net adservice.google.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com mpsnare.iesnare.com uk132.infusionsoft.com solutions.invocacdn.com secure.leadforensics.com px.ads.linkedin.com www.livelook.com cdn.mouseflow.com mpp.mxptint.net onlinebusinessservicsc60333118us1.cobrowse.oraclecloud.com public.cobrowse.oraclecloud.com pixelg.adswizz.com www.rackcdn.com bcvipmw11.rightnowtech.com www.rnengage.com s.srvsynd.com trc.taboola.com tags.tiqcdn.com www.youtube.com i.ytimg.com i9.ytimg.com s.ytimg.com adadvisor.net cdn.ampproject.org analytics.convertlanguage.com so.rlcdn.com ecf.d41.co cdn.embed.ly js.adsrvr.org cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com cdn.invoca.solutions pnapi0.invoca.net sdk.helixbi.io snap.licdn.com pnapi.invoca.net api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.qualtrics.com *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io; media-src storage.pinecast.net pinecast.com; 1
default-src 'self'; connect-src 'self' *.adac.de *.adac.biz reisecheck.adac.wiif.com api-eu.cleverpush.com geoip-api.cleverpush.com static-eu.cleverpush.com adacstaging.mycleverpush.com adacde.mycleverpush.com delivery.consentmanager.net d.delivery.consentmanager.net adac.containers.piwik.pro adac.piwik.pro widget.moin.ai api.moin.ai wss://bot.moin.ai/primus data.kameleoon.io na-data.kameleoon.io editor.kameleoon.com api.kameleoon.com customers.kameleoon.com old.kameleoon.com logger.kameleoon.eu static.kameleoon.com xqo3vq9f2l.kameleoon.eu uku18p2r38.kameleoon.eu cdn.jsdelivr.net www.pincamp.de; font-src 'self' assets.adac.de widget.moin.ai; frame-src 'self' adac.de www.adac.de si.adac.de assets.adac.de cdn.consentmanager.net adacstaging.mycleverpush.com adacde.mycleverpush.com login.adac.de login-i.adac.de login-t.adac.de; frame-ancestors 'self' app.contentful.com *.song-club.de; img-src 'self' data: blob: assets.adac.de cdn.consentmanager.net delivery.consentmanager.net d.delivery.consentmanager.net adac.containers.piwik.pro adac.piwik.pro static-eu.cleverpush.com media.moin.ai static.kameleoon.com storage.kameleoon.eu xqo3vq9f2l.kameleoon.eu uku18p2r38.kameleoon.eu www.pincamp.de tracking.xadspoteffects.com; object-src 'self'; media-src 'self' blob: assets.adac.de media.moin.ai; script-src 'nonce-Ov04iOmH4LizjbmXkp7Mpg==' 'strict-dynamic'; style-src 'self' 'unsafe-inline' adac.containers.piwik.pro widget.moin.ai cdn.jsdelivr.net; report-uri https://apim-p-gw02.adac.de/browser-reporting/csp?source=v3-3-0; report-to main-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; object-src 'none'; media-src 'none'; font-src 'self'; plugin-types 'none' ; reflected-xss 'block' 1
frame-ancestors 'self' *.jetblue.com 1
base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://api-v1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: blob: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-MDc5MjM0MjAtMjFhZC00ZGY5LThlNzctMWJiOGI4ZjhmMTdk' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.kz  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
script-src 'nonce-SZpRD3OGADmUlao9Wg5+KSmmwFZDmd62wm2ZDdPsqIQ=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'self'; 1
default-src 'self' data: blob: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://api.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com 1
connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ; 1
script-src *.micron.com *.googletagservices.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.Clickserv.sitescout.com *.Pixel.sitescout.com https://up.pixel.ad https://cdn.cookielaw.org https://analytics.talentegy.com https://cdn.levelaccess.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://gateway.zscloud.net https://acdn.adnxs.com https://analytics.twitter.com https://connect.facebook.net https://www.everestjs.net https://www.youtube.com https://www.googletagmanager.com https://assets.adobedtm.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://pixel.mathtag.com https://gateway.foresee.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://tag.demandbase.com https://www.clarity.ms https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https: http:  data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.mercola.com/ *.mercolamarket.com/ assets.adobedtm.com/ *.adobe.com/ ajax.googleapis.com/ *.google.com/ www.gstatic.com/ code.jquery.com/ connect.facebook.net/ platform.twitter.com/ assets.pinterest.com/ platform.linkedin.com/ cdn.ywxi.net/ www.trustedsite.com/ privacy-policy.truste.com/ *.google-analytics.com/ *.googleadservices.com/ cdn.jsdelivr.net/ cdn.addsearch.com/ www.youtube.com/ www.mealmixfordogs.com/ www.statcounter.com/ *.yandex.ru/ yastatic.net/ use.typekit.net/ s7.addthis.com/ s3.amazonaws.com/ toxicteeth.us1.list-manage.com/ static.ak.fbcdn.net/ www.grassrootshealth.net/ 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; form-action 'self' https: http:; frame-ancestors 'self' *.mercola.com/ *.mercolamarket.com/ 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-5fa0bfb3070cf931588ca447a248d711' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9766773870767356; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9766773870767356 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src https: 'self' 'unsafe-inline' *.onetrust.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.force.com *.cookiebanners.com *.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' *.adobedtm.com *.demdex.net *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.googleapis.com *.chargebee.com *.jquery.com *.fullstory.com js.chargebee.com *.chargebeestatic.com *.1trust.app *.cloudfront.net *.cookiepro.com *.bing.com *.en25.com *.intercom.io *.intercomcdn.com *.gstatic.com *.google.com *.driftt.com *.force.com *.cookiebanners.com *.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com *.licdn.com *.linkedin.com *.marketo.net *.cloudflare.com *.stripe.com;font-src https: 'self' data: *.onetrust.com *.googletagmanager.com fonts.google.com *.force.com;img-src 'self' data: *; media-src 'self' blob:  data: *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookiebanners.com cookiebanner-dev.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com;object-src 'none'; base-uri 'none'; frame-ancestors 'self'; frame-src 'self' *.demdex.net *.onetrust.com *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.google.com *.driftt.com *.force.com *.cookiebanners.com cookiebanner-dev.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com *.cloudflare.com *.stripe.com;connect-src 'self' data: * ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: 'unsafe-inline' https: 'unsafe-eval' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-sandbox.intsig.net https://*.geevisit.com https://res.wx.qq.com  https://*.geevisit.com/ https://static12013.intsig.net https://static.intsig.net https://www.googletagmanager.com https://hm.baidu.com https://www.google-analytics.com/ https://cs-msg.intsig.net https://cs-msg-us.intsig.net https://b.bdstatic.com https://*.geetest.com/ https://bakapi.gtapp.xyz/ https://webcert.cnmstl.net https://kxlogo.knet.cn https://*.digicert.com https://static-cdn.camscanner.com https://res2.wx.qq.com https://cdnjs.cloudflare.com/ https://accounts.google.com https://appleid.cdn-apple.com; worker-src 'self' blob: 1
frame-ancestors 'self' *.parentlink.com *.parentlink.net *.parlant.com *.cloudspeaker.com *.memberspark.com 1
base-uri 'self'; child-src 'self' blob:; connect-src 'self' https://*.qualtrics.com https://rivian-privacy.my.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://rum.browser-intake-datadoghq.com https://rum-http-intake.logs.datadoghq.com webpack: https://rivian.com/api/gql/orders/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/orders/graphql https://analytics.google.com https://script.crazyegg.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://media.rivian.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://stats.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://*.connect.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com; default-src 'self'; font-src 'self' https://assets.rivian.com https://fonts.gstatic.com https://fonts.googleapis.com data:; form-action 'self'; frame-ancestors 'self' https://*.splashthat.com https://splashthat.com; frame-src 'self' https://optimize.google.com https://www.google.com https://*.splashthat.com https://splashthat.com; img-src 'self' https://cdn.cookielaw.org https://images.rivian.com https://media.rivian.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.com https://assets.rivian.com https://optimize.google.com data:; manifest-src 'self'; media-src 'self' https://media.rivian.com https://videos.rivian.com blob:; object-src 'none'; prefetch-src 'self' https://script.crazyegg.com; script-src 'self' https://*.qualtrics.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://cdn.cookielaw.org https://script.crazyegg.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://splashthat.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://optimize.google.com https://script.crazyegg.com; worker-src blob:; 1
connect-src 'self' consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com data: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com https://*.hotjar.com; frame-src 'self' youtube.com www.youtube.com consentcdn.cookiebot.com *.google.com www.google.com/recaptcha recaptcha.google.com/recaptcha/; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com  www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.hotjar.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com https://*.hotjar.com;; frame-ancestors 'self' ; 1
frame-ancestors 'self' 'https://moscowtimes.ru' 'https://www.moscowtimes.ru'; 1
default-src 'none';frame-ancestors chrome-extension://neebplgakaahbhdphmkckjjcegoiijjo/ *.keepa.com https://keepa.com *.amazon.com *.amazon.co.uk *.amazon.de *.amazon.fr *.amazon.co.jp *.amazon.ca *.amazon.nl *.amazon.cn *.amazon.it *.amazon.es *.amazon.in *.amazon.com.mx *.amazon.com.au *.amazon.com.br; frame-src https://*.keepa.com https://keepa.com https://player.vimeo.com/ https://*.stripe.com https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' https://*.keepa.com https://apis.google.com https://*.stripe.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://completion.amazon.com https://completion.amazon.co.uk https://completion.amazon.de https://completion.amazon.fr https://completion.amazon.co.jp https://completion.amazon.ca https://completion.amazon.cn https://completion.amazon.it https://completion.amazon.es https://completion.amazon.in https://completion.amazon.nl https://completion.amazon.com.mx https://completion.amazon.com.au https://completion.amazon.com.br; connect-src 'self' https://*.keepa.com wss://*.keepa.com https://*.stripe.com; child-src 'self' blob: data: *; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://*.keepa.com https://*.googleapis.com;font-src 'self' data: *.keepa.com; manifest-src 'self' *.keepa.com; worker-src 'self' blob: data: *.keepa.com; 1
frame-ancestors 'self' fozzy.com *.fozzy.com; 1
frame-ancestors 'self' *.ci360.sas.com; 1
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.poe.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://d3div1mtym39ic.cloudfront.net https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.criteo.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.ads-twitter.com https://*.awin1.com https://*.dwin1.com https://*.zenaps.com https://*.the.sciencebehindecommerce.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com https://cdn.embedly.com https://qinternal.quora.net https://*.sprig.com https://*.userleap.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://*.sng.link https://*.apple.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com https://*.poe.com https://quora.okta.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.rubiconproject.com https://*.casalemedia.com https://*.adnxs.com https://*.pubmatic.com https://*.openx.net https://*.criteo.com https://*.sharethrough.com https://*.snigelweb.com https://*.iteratehq.com https://iteratehq.com https://*.sprig.com https://*.userleap.com https://app.adjust.com https://app.appsflyer.com https://*.onelink.me https://branchster.app.link https://control.kochava.com https://c.singular.net https://*.sng.link https://*.apple.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.linkedin.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com https://d3div1mtym39ic.cloudfront.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1
default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rhrz.uni-bonn.de https://*.hrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://maps.google.com https://maps.googleapis.com https://apis.google.com https://ajax.googleapis.com https://pjdcqgnb0lmk.statuspage.io https://*.siteimprove.com; img-src 'self' data: https://*.rhrz.uni-bonn.de https://i.ytimg.com https://maps.gstatic.com https://maps.google.com https://www.uni-bonn.de https://*.googleapis.com https://*.uni-bonn.de https://*.youtube.com https://uni-bn.de/ https://*.siteimprove.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.siteimprove.com data:; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://www.youtube.com https://www.youtube-nocookie.com https://content-youtube.googleapis.com https://content.googleapis.com https://pjdcqgnb0lmk.statuspage.io mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://shortener.rhrz.uni-bonn.de https://apis.google.com https://uni-bn.de https://webstat.hrz.uni-bonn.de https://cms-proxy.uni-bonn.de; 1
frame-ancestors 'self' admin.allafrica.com fr.admin.allafrica.com editorial.allafrica.com fr.editorial.allafrica.com 1
frame-ancestors 'self' moddb.com *.moddb.com 1
frame-ancestors https://www.wrike.com https://app-eu.wrike.com https://app-us2.wrike.com https://trial.wrike.com; report-uri https://csp-global.wrike.com/csp-report?website 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.bs www.google.co.in *.lpsnmedia.net s.ytimg.com cdn.walkme.com track.adform.net bt-token.ecustomersupport.com www.uqd.io snapchat.com www.pagespeed-mod.com algolianet.com www.google.lu www.google.dz www.google.com.hk ads.avct.cloud prod-browsext.pricesearcher.com rtb.gumgum.com gjtrack.ucweb.com www.google.cv cdn.co-buying.com *.doubleclick.net payments.braintree-api.com www.google.co.ke www.google.com.ar pixel.tapad.com *.everesttech.net md-scp.kampyle.com www.dwin1.com unpkg.com www.google-analytics.com www.google.cd acs2.swedbank.se www.paypal.com snappcm-dev.com lpcdn.lpsnmedia.net www.google.com.pe www.rsa3dsauth.co.uk www.redditstatic.com www.google.co.ug sentry.io www.google.lt authentication.cardinalcommerce.com *.thisisdax.com ls.smct.io use.typekit.net btsecurepayments.bt.com i.salecycle.com *.youtube-nocookie.com www.google.sk cdn.smct.co accounts.studentbeans.com www.google.so *.lijit.com www.google.dk cognito-identity.eu-west-1.amazonaws.com uniqodo.com www.google.com.tr idomoo.com 3dsecure.bnpparibas.pl secure4.arcot.com microsoft.com udc-neb.kampyle.com bat.bing.com www.google.com.bd opendns.com www.google.com.cy gateway.zscalerone.net criteo.com production-3d-device-assets.s3-eu-west-1.amazonaws.com www.google.fr www.google.pt btbsecure.business.bt.com *.cloudiq.com tracking.audio.thisisdax.com translate.google.com www.google.jo rialto-gms.s3.amazonaws.com match.sharethrough.com www.google.nl *.criteo.com www.google.lv t.paypal.com liveengage.com *.bidswitch.net googleadservices.com ss-analytics.ee.co.uk sitecatalyst.omniture.com wss://ee.co.uk *.uqd.io www.google.ca assets.revlifter.io acs3.mpts.modirum.com www.google.mu bt.canto.global connect.studentbeans.com assets.adobedtm.com consent-pref.trustarc.com facebook.com online-metrix.net sync.bfmio.com omtrdc.net www.google.co.uk *.adobedtm.com secure7.arcot.com fonts.googleapis.com region1.google-analytics.com fonts.smct.io bh.contextweb.com *.pinterest.com www.google.co.th www.google.com.et saltcdn2.instagram.com sync.teads.tv www.google.ru api.home.bt.com www.google.ie accdn.lpsnmedia.net www.google.co.zm cpm.convergeselect.net ee.co.uk casalemedia.com algolia.net ipb.smct.co *.gstatic.com www.google.hr js.smct.co eeuk.queueit.net liveengage.net contextual.media.net www.google.com.vn api.opmnstr.com df0b7f32-3ds.sibs.ro zr.ee.co.uk resources.digital-cloud-uk.medallia.eu onetag-sys.com px.ads.linkedin.com ads.avocet.io www.google.com.gi adservice.google.co.uk *.amazon-adsystem.com 15gifts-public-assets.s3.amazonaws.com *.algolia.net liveperson.com adservice.google.com wss://lo.msg.liveperson.net cdn.syndication.twimg.com www.google.com.do www.google.tn www.google.com.au www.google.am smartadserver.com www.google.gr prf.hn *.ads-twitter.com code.jquery.com *.2o7.net www.google.com.tw www.awin1.com imp2.nowinteract.com www.google.com.ph www.google.hu pinterest.com eeretailapp.co.uk cloudfront.net www.google.me assets.queue-it.net partners.tremorhub.com criteo.net www.google.com.bh ee.cloud-iq.com www.google.co.id gateway.zscalertwo.net mp.4dex.io www.google.mv *.googlesyndication.com builder.adobedemo.com www.googletagmanager.com snappcm.com sync.lemmatechnologies.com *.tiktok.com www.google.al *.akamaihd.net www.google.co.ma www.google.md gstatic.com api.greenadblocker.com demdex.net www.google.com.sa the.sciencebehindecommerce.com sync.search.spotxchange.com *.twitter.com www.zenaps.com www.google.com.kw www.google.de *.cloudfront.net *.openx.net www.google.com.gh engagement.uniqodo.com wmstatic.global.ssl.fastly.net *.promotionx.io promotionx.io noop.style lijit.com amazon-adsystem.com www.google.is *.online-metrix.net vkanalytics.net wss://mpsnare.iesnare.com t.co adobedtm.com *.idomoo.com www.google.co.cr liveperson.net www.google.com.mt www.google.cn client-api.arkoselabs.com twitter.com google-analytics.com usersync.gumgum.com *.paypal.com client-analytics.braintreegateway.com www.google.je www.google.com.qa *.smct.io www.google.com.ng at.alicdn.com d169-54-eu-west-2.api.decibelinsight.net google.com ad.360yield.com uqd.io www.google.com.eg u.4dex.io sofia.trustx.org *.rubiconproject.com api.braintreegateway.com ee.15gifts.com cb2d09ce-3ds.sibs.ro *.contentsquare.net consent.trustarc.com mpsnare.iesnare.com reevoo.com www.google.ae cdn.smct.io ws.cs.1worldsync.com p0.mycdn.co *.facebook.com wss://collection.decibelinsight.net plugin.ucads.ucweb.com www.google.lk www.google.com.sg public-prod-dspcookiematching.dmxleo.com sync.go.sonobi.com gdata.youtube.com 3dsportal.ecustomerpayments.com rules.quantcount.com www.google.co.za thisisdax.com *.omtrdc.net js.smct.io *.smartadserver.com googleapis.com www.google.co.nz 3dsecure.zen.com www.gov.uk ee-tagging.s3.amazonaws.com medallia.eu ee.real-digital.co.uk decibelinsight.net www.google.az alb.reddit.com openx.net ws.sessioncam.com facebook.net static3.avast.com plugin.monotote.com ads.betweendigital.com smct.io *.casalemedia.com www.google.pl collection.decibelinsight.net *.sentry.io lpsnmedia.net wss://cdn.decibelinsight.net i.ytimg.com www.google.rs akamaihd.net www.google.gm region1.analytics.google.com www.google.fi bidswitch.net www.google.com.pk www.wepowerconnections.com *.microsoft.com *.snapchat.com analytics.google.com www.google.ee cdnjs.cloudflare.com ee-embedded.myunidays.com ads-twitter.com www.google.it *.google-analytics.com www.google.se everesttech.net production-3d-device-assets.s3.eu-west-1.amazonaws.com e1.emxdgt.com liveper.sn update.adblock360.org rubiconproject.com contentsquare.net www.google.com.co acs.revolut.com dmx.districtm.io tags.tiqcdn.com secure.quantserve.com www.google.bf ee-datacalc.s3.amazonaws.com *.smct.co app.wizdom.ai www.google.gg cdn.studentbeans.com static.queue-it.net social.hotukdeals.com portal.decibel.com bt-verify.arkoselabs.com www.google.com cdn.decibelinsight.net fonts.gstatic.com www.google.com.my www.google.tt www.google.no vip.timezonedb.com cdn.scite.ai *.googleapis.com www.slant.co nebula-cdn.kampyle.com firehose.eu-west-1.amazonaws.com authorize.omniture.com ping.pdst.fm doubleclick.net www.google.cz www.google.co.kr www.google.mk www.google.be www.linkedin.com p294588.clksite.com *.criteo.net track.uniqodo.com www.myunidays.com www.google.com.ua c.cnzz.com s.pubmine.com smct.co ee-outage.s3.amazonaws.com www.google.im events.smct.co www.google.com.br www.google.com.jm www.google.com.mx simage2.pubmatic.com ee-dtp-static.s3.amazonaws.com googlesyndication.com jadserve.postrelease.com www.google.ch cloudiq.com verify.monzo.com api.uniqodo.com *.ee.co.uk insights.uniqodo.com www.google.cl www.google.iq www.google.co.zw *.liveperson.net www.google.es *.opendns.com eb2.3lift.com api.experianaperture.io lh3.ggpht.com ms-cookie-sync.presage.io snap.licdn.com *.alicdn.com www.google.co.il *.algolianet.com www.google.by youtube-nocookie.com secure5.arcot.com scp.kampyle.com ajax.googleapis.com *.uniqodo.com www.google.ro tiktok.com dispatcher.adxcore.com www.google.com.lb *.reevoo.com *.googleadservices.com c.s-microsoft.com *.facebook.net bt-api.arkoselabs.com cdn.nowinteract.com ep.smct.co *.demdex.net www.google.bg sc-static.net edge.adobedc.net ee-uk-ppf.wm-staging.com cdn.honey.io www.hotukdeals.com channel-cards-html.lloydsbankinggroup.com www.google.co.jp a.optmnstr.com www.youtube.com www.google.at *.google.com vimeo.com s.salecycle.com *.tags.tiqcdn.com; frame-ancestors 'self' ee.co.uk www.youtube.com www.google.co.uk t.co www.google.com.au btsecurepayments.bt.com idomoo.com broadband.ee.co.uk ls.smct.io www.google.com *.facebook.com *.ee.co.uk ;  1
default-src https: wss: 'self' 'unsafe-inline' blob:; img-src https: 'self' data:; style-src https: 'self' 'unsafe-inline'; frame-ancestors 'self' https://app.storyblok.com https://*.luckyorange.com 1
default-src 'none'; connect-src 'self' www.google-analytics.com; font-src 'self' data:; img-src 'self' www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com; style-src 'unsafe-inline' 'self' 1
frame-ancestors 'self' *.uab.edu uab.instructure.com exploreuab.my.salesforce.com; 1
frame-ancestors 'self' https://*.weheartit.com https://weheartit.com https://*.fooducate.com https://fooducate.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 1
frame-ancestors https://*.wm.com 1
frame-ancestors https://*.deichmann.com/ https://*.myshoes.de/ 'self'; 1
frame-src 'self' *.google.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'  *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com ssgtm-sbyzlt5hyq-ey.a.run.app; 1
frame-ancestors 'self' https://citiapac.tt.omtrdc.net https://citiapac.demdex.net https://assets.adobedtm.com https://cm.everesttech.net https://mboxedge31.tt.omtrdc.net https://mboxedge32.tt.omtrdc.net https://mboxedge33.tt.omtrdc.net https://mboxedge34.tt.omtrdc.net https://mboxedge35.tt.omtrdc.net https://mboxedge36.tt.omtrdc.net https://mboxedge37.tt.omtrdc.net https://mboxedge38.tt.omtrdc.net https://mboxedge39.tt.omtrdc.net 1
frame-ancestors *.catonetworks.com 1
default-src 'self';frame-src 'self' auth.yads.tech blob: https://mc.yandex.ru;worker-src 'self' blob:;font-src 'self' static.yads.tech;img-src 'self' data: air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru static.yads.tech;style-src 'self' 'unsafe-inline';child-src blob: https://mc.yandex.ru;connect-src 'self' auth.yads.tech air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru app.yads.tech;script-src-elem https://mc.yandex.ru https://yastatic.net static.yads.tech 'self' 'nonce-f4d3c26a9d58393b7e3395018ed54cd2';script-src https://mc.yandex.ru https://yastatic.net static.yads.tech 'self' 'nonce-f4d3c26a9d58393b7e3395018ed54cd2' 1
frame-src self allevents.in *.facebook.com *.google.com *.refiner.io 1
frame-ancestors *.adspower.net 1
frame-src https://*.xenial.com https://player.vimeo.com 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.pt  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors 'self' https://*.tps.lv https://tps.lv https://*.readspeaker.com 1
default-src *.marxists.org 'self'; script-src *.marxists.org 'self' 'unsafe-inline' 'unsafe-eval'; worker-src *.marxists.org 'self'; img-src *.marxists.org 'self'; style-src *.marxists.org 'self' 'unsafe-inline'; connect-src 'self'; object-src 'self'; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' *.flexport.com *.wistia.com *.wistia.net;base-uri 'self' *.flexport.com;object-src 'none';child-src blob:;connect-src 'self' *.doubleclick.net *.google-analytics.com *.googletagmanager.com api.amplitude.com cdn.linkedin.oribi.io *.fullstory.com embedwistia-a.akamaihd.net *.litix.io *.wistia.com *.wistia.net rum-http-intake.logs.datadoghq.com sentry.io *.browser-intake-datadoghq.com ws.zoominfo.com *.getsitecontrol.com *.getsitectrl.com *.algolia.net *.algolianet.com *.algolia.io noembed.com www.facebook.com api-cdn.embed.ly *.mapbox.com *.clarity.ms *.bing.com ingesteer.services-prod.nsvcs.net api.growsurf.com js.zi-scripts.com *.auryc.com aorta.clickagy.com hemsync.clickagy.com api.schedule.zoominfo.com flexport.widget.insent.ai *.googlesyndication.com *.unifygtm.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws;font-src 'self' data: *.wistia.com *.wistia.net fonts.gstatic.com cdn.embedly.com *.auryc.com *.typekit.net;form-action 'self' tech.flexport.com www.facebook.com;frame-src 'self' mailto: js.driftt.com www.facebook.com hackerone.com fast.wistia.com fast.wistia.net www.youtube.com public.tableau.com www.recaptcha.net td.doubleclick.net *.flexport.com cdn.embedly.com tpc.googlesyndication.com hemsync.clickagy.com flexport.widget.insent.ai;img-src 'self' data: *.doubleclick.net *.google-analytics.com *.googletagmanager.com analytics.twitter.com purecatamphetamine.github.io *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.ctfassets.net *.linkedin.com rs.fullstory.com t.co www.facebook.com i.ytimg.com i-cdn.embed.ly *.mapbox.com *.bing.com *.clarity.ms *.getsitecontrol.com *.getsitectrl.com heapanalytics.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws;script-src 'self' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com connect.facebook.net edge.fullstory.com *.wistia.com *.wistia.net googleads.g.doubleclick.net js.driftt.com *.getsitecontrol.com *.getsitectrl.com pi.pardot.com snap.licdn.com static.ads-twitter.com tech.flexport.com ws.zoominfo.com www.googleadservices.com www.recaptcha.net www.gstatic.com www.gstatic.cn *.algolianet.com *.algolia.net cdn.embedly.com www.youtube.com *.bing.com *.clarity.ms *.mapbox.com netlify-rum.netlify.app cdn.heapanalytics.com flexport.widget.insent.ai js.zi-scripts.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com *.growsurf.com *.unifygtm.com 'sha256-vQzQszwswMOWyMHEQ87UcD/4pcT0FTZRhH1utYO3dMw=' 'sha256-Sd5i4Hpq5vnevEslYSz86Pc+dJwR0/Xx+m9QvADxDQY=' 'sha256-eLOfYH9EQFm+zDuIeewTxCQJuvXcC+WX4Vfb8C/PkEU=' 'sha256-5xQLbpK/VFJMsgHUfqXi8zHwbPlJzuxtfINjByxjSIw=' 'nonce-fqBb6jnu1C2r1dXt2q4kfg==';style-src 'self' 'unsafe-inline' fast.wistia.com fonts.googleapis.com cdn.embedly.com *.typekit.net;worker-src 'self' blob:;media-src 'self' blob: js.driftt.com videos.ctfassets.net *.wistia.com *.wistia.net;report-uri https://o26092.ingest.sentry.io/api/1847116/security/?sentry_key=89a88bc5d40744adacdc99621950997c 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.invocacdn.com *.invoca.net wss://hoover.foresee.com https://hoover.foresee.com *.flashtalking.com *.flashtalking.net *.adoberesources.net *.w55c.net *.adsrvr.org *.appserviceenvironment.net *.m-pathy.com *.amazon-adsystem.com *.ampproject.org *.glassboxdigital.io *.glassboxcdn.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.ytimg.com *.facebook.com *.healthwise.net *.humanavitality.com *.go365.com *.requirejs.org *.cdc.gov *.outbrain.com *.eloqua.com *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com humananews.com *.humananews.com *.en25.com *.msecnd.net *.visualstudio.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.ads-twitter.com *.3lift.com *.everesttech.net *.gumgum.com *.deepintent.com *.teads.tv *.everestjs.net *.googletagmanager.com *.mathtag.com *.mediaalpha.com *.demdex.net *.coveo.com https://pt.ispot.tv/v2/ cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com activitymap.adobe.com data: blob:; object-src 'none'; 1
frame-ancestors https://*.pogo.com:* http://localhost:* 1
default-src 'self' https://www.geni.com https://*.geni.com; script-src 'report-sample' 'self' https://www.geni.com https://*.geni.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://platform.twitter.com https://cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'report-sample' 'self' https://www.geni.com https://*.geni.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://platform.twitter.com https://cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://www.geni.com https://*.geni.com https://fonts.googleapis.com https://www.gstatic.com https://*.google-analytics.com https://platform.twitter.com https://ton.twimg.com blob: 'unsafe-inline'; font-src 'self' https://www.geni.com https://*.geni.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.alicdn.com; img-src 'self' https://www.geni.com https://*.geni.com http://* https://* data: blob:; connect-src 'self' https://www.geni.com https://*.geni.com http://assets10.geni.com/504.html https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://www.facebook.com wss://ws.geni.com:*; frame-src 'self' https://www.geni.com https://*.geni.com https://www.google.com https://www.googletagmanager.com https://*.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com 1
default-src 'self' *.lexmark.com lexmark.122.2o7.net activitymap.adobe.com assets.adobedtm.com bat.bing.com *.addressy.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com api.cloudinary.com res.cloudinary.com *.powerreviews.com mpsnare.iesnare.com s.amazon-adsystem.com s3.amazonaws.com s3.eu-central-1.amazonaws.com *.boldchat.com ipinfo.io maxcdn.bootstrapcdn.com *.channeladvisor.com dpm.demdex.net lexmark.demdex.net *.digitalriver.com *.doubleclick.net *.eloqua.com img.en25.com cm.everesttech.net www.facebook.com connect.facebook.net google.com www.google.com *.google-analytics.com adservice.google.com analytics.google.com www.googleadservices.com www.googletagmanager.com maps.googleapis.com ajax.googleapis.com www.gstatic.com ssl.p.jwpcdn.com jwpltx.com snap.licdn.com www.linkedin.com *.mgid.com oc-cdn-ocprod.azureedge.net *.omnichannelengagementhub.com *.omtrdc.net *.outbrain.com *.salesloft.com *.srv.stackadapt.com *.taboola.com tribl.io lexmark.verifyit.us *.pagead2.googlesyndication.com pagead2.googlesyndication.com *.paypal.com 'unsafe-eval' 'unsafe-inline';       font-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com fonts.gstatic.com;       style-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com oc-cdn-ocprod.azureedge.net ui.powerreviews.com fonts.googleapis.com tags.srv.stackadapt.com 'unsafe-inline';       img-src 'self' https: data:;       object-src 'none';       form-action 'self' *;       frame-ancestors 'self' https://oc-cdn-ocprod.azureedge.net https://lexmark.center-suite.com https://lexmark.hub.nexuscenter.io;       frame-src *;       upgrade-insecure-requests;       report-uri /bin/lexmark/csp-report;       report-to lxk-report 1
default-src 'self'; script-src 'self' https://contentassistant.eu.siteimprove.com https://piwik.mw.uni-freiburg.de https://*.google.com https://siteimproveanalytics.com https://cdn.siteimprove.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.siteimprove.com https://*.siteimproveanalytics.io https://piwik.mw.uni-freiburg.de; img-src 'self' data:  https://public.tableau.com https://*.w.org https://*.uni-freiburg.de https://*.google.com https://*.googleapis.com https://*.siteimproveanalytics.io; style-src 'self' https://*.google.com  https://piwik.mw.uni-freiburg.de 'unsafe-inline'; font-src 'self' https://piwik.mw.uni-freiburg.de data:; base-uri 'self' https://piwik.mw.uni-freiburg.de/central/; frame-ancestors 'self' https://bz-medien.expo-ip.com/; frame-src 'self' https://my2.siteimprove.com https://piwik.mw.uni-freiburg.de https://videoportal.uni-freiburg.de https://*.google.com; form-action 'self'; block-all-mixed-content 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontier&region=US&lang=en-US&device=desktop&yrid=4phrpidiqu9ap&partner=ftr; 1
style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.eu&showid=1705977222497838-4079486171930175869-balancer-l7leveler-kubr-yp-sas-136-BAL-3652&h=stable-portal-mordago-170.sas.yp-c.yandex.net&yandexuid=3301758691705977222&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.eu yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.eu;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.eu favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu mc.yandex.ru;script-src 'nonce-VBfokfi7KZLQtMGVXjPscA==' mc.yandex.com yastatic.net yandex.eu mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.eu mc.yandex.ru mc.yandex.md mc.yandex.eu *.ya.ru *.yandex.ru ya.ru yandex.ru;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.jquery.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net; connect-src 'self' *.informz.net *.google-analytics.com polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com; 1
default-src https: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.googletagmanager.com https://*.cookiebot.com https://mailtrack.me ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; 1
default-src 'none';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self';media-src 'none';frame-src 'none';font-src 'none';connect-src 'self';report-uri /WebResource.axd?cspReport=true 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-aFC1B7dekpdPQ6dI3qhErv9wJmqfut/qge88nMoUBQulyvXQ'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors self *.vipdev.lndo.site *.nybooks.com 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * data: blob:; style-src * 'unsafe-inline'; font-src * data:; connect-src *; 1
frame-ancestors https://purpleads.io https://www.purpleads.io https://publishers.purpleads.io https://advertisers.purpleads.io 1
default-src 'self'; img-src 'self' https://www.ncsc.gov.uk/ data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/ blob: https://www.ncsc.gov.uk/* https://www.tapestryprod.ncscdev.co.uk/* 'unsafe-inline' https://ssl.gstatic.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com; media-src 'self' data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/* https://www.googleoptimize.com/ ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/ ; style-src 'self' 'unsafe-inline'  https://optimize.google.com https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net  https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; worker-src 'self'; frame-src 'self' https://optimize.google.com https://www.youtube.com/ https://www.youtube-nocookie.com  https://open.spotify.com/; object-src 'self' 1
default-src 'self'; script-src 'self' 'nonce-408071268674485a7f310ead79a4e406' https://bs6an3.world4you.com https://www.googletagmanager.com https://www.redditstatic.com https://connect.facebook.net https://widget.trustpilot.com https://webcachex-eu.datareporter.eu; style-src 'self' 'nonce-408071268674485a7f310ead79a4e406' https://webcachex-eu.datareporter.eu; frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://widget.trustpilot.com; child-src 'self'; connect-src 'self' https://domainchecker.world4you.com https://bs6an3.world4you.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://webcachex-eu.datareporter.eu https://c.datareporter.eu https://swarmcrawler.datareporter.eu/; img-src 'self' https://www.world4you.com https://www.googletagmanager.com https://www.google.com https://www.google.at https://alb.reddit.com https://www.facebook.com; font-src 'self'; object-src 'none'; media-src 'none'; form-action 'self' https://www.world4you.com https://www.facebook.com; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests 1
default-src 'none'; frame-src 'self' https://*.configcat.com https://www.google.com https://challenges.cloudflare.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.configcat.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.configcat.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://codecov.io https://img.shields.io https://github.com https://snyk.io https://sonarcloud.io https://data.jsdelivr.com https://maven-badges.herokuapp.com https://javadoc.io https://ci.appveyor.com https://buildstats.info https://goreportcard.com https://godoc.org https://poser.pugx.org https://badge.fury.io https://coveralls.io https://pkg.go.dev https://s3.amazonaws.com https://*.cloudfront.net https://img.youtube.com https://thepracticaldev.s3.amazonaws.com https://raw.githubusercontent.com https://blog.ladeak.net; connect-src 'self' https://*.configcat.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.com https://*.amplitude.com https://*.cloudflareinsights.com https://*.algolia.net; object-src 'self'; child-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
frame-ancestors 'self' https://*.gotquestions.org 1
default-src 'self'; connect-src 'self' rdap.nic.scb rdap1.nic.scb rdap2.nic.scb rdap.thains.co.th www.google-analytics.com; frame-src 'self' www.google.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com; img-src 'self' www.thnic.or.th www.google-analytics.com data:; 1
default-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * data: blob:; font-src * data:; frame-src * data:; frame-ancestors *; media-src * blob:; worker-src * blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-fdf80f98ebe6462ec61e9c3c29c34568' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://content.linkedin.com https://platform.linkedin.com https://services.tmpwebeng.com https://static-exp1.licdn.com https://snap.licdn.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn-ukwest.onetrust.com https://code.jquery.com https://geolocation.onetrust.com https://googletagmanager.com https://google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' *.google.com code.jquery.com fonts.googleapis.com privacyportal-cdn.onetrust.com www.googletagmanager.com https://services.tmpwebeng.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://www.youtube.com https://privacyportal.onetrust.com https://www.linkedin.com; 1
frame-ancestors 'self' *.svd.se; default-src https: data: blob: wss: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 1
default-src 'none'; img-src 'self' sa.geojs.io api.simpleanalytics.io; script-src 'self' get.geojs.io w.geojs.io/traffic sa.geojs.io scripts.simpleanalyticscdn.com geojs.us14.list-manage.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; connect-src sa.geojs.io api.simpleanalytics.io simpleanalytics.com; manifest-src 'self'; form-action 'self' geojs.us14.list-manage.com; frame-src www.google.com simpleanalytics.com simpleanalytics.io; frame-ancestors 'none'; report-uri https://jloh.report-uri.com/r/d/csp/enforce https://reports.jloh.co/r/csp/enforce 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; frame-ancestors https://cms.prod.nypr.digital https://cms.demo.nypr.digital; worker-src blob:; object-src 'none'; report-uri https://nypr.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self' partners.securiti.ai 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app clearbit.com clearbitjs.com cdn.jsdelivr.net apis.google.com www.googletagmanager.com tag.clearbitscripts.com platform.twitter.com vercel.live cdn.vercel-insights.com cdn.lr-ingest.com x.clearbitjs.com googleads.g.doubleclick.net googleadservices.com;  style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.vercel-insights.com;  img-src * blob: data: exafunction.github.io;  media-src 'self' exafunction.github.io;  connect-src * data:;  font-src 'self' cdn.jsdelivr.net assets.vercel.com fonts.gstatic.com;  frame-src giscus.app exa2-fb170.firebaseapp.com platform.twitter.com vercel.live youtube.com www.youtube.com codeium-staging.firebaseapp.com exafunction.github.io;  worker-src blob:; 1
frame-ancestors chrome-extension://hjcneejoopafkkibfbcaeoldpjjiamog 1
default-src 'self' api.balena-cloud.com; script-src 'self' 'unsafe-eval' 'nonce-balena-inline-config' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net cdn.mxpnl.com js.intercomcdn.com widget.intercom.io cdn.statuspage.io/se-v2.js js.recurly.com; connect-src 'self' api.balena-cloud.com builder.balena-cloud.com data.balena-cloud.com webresources.balena-cloud.com actions.balena-devices.com terminal.balena-devices.com wss://terminal.balena-devices.com *.sentry.io sentry.io app.getsentry.com raw.githubusercontent.com api.github.com maps.googleapis.com api.recurly.com www.google-analytics.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com *.statuspage.io *.algolia.net; frame-src 'self' api.recurly.com www.google.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src 'self' data: raw.githubusercontent.com files.balena-cloud.com webresources.balena-cloud.com *.gstatic.com *.googleapis.com *.google-analytics.com *.intercomcdn.com *.intercomassets.com stats.g.doubleclick.net *.gravatar.com; media-src *.intercomcdn.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com; report-uri https://api.balena-cloud.com/csp-report; object-src 'none'; base-uri 'self' 1
default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net googleads.g.doubleclick.net go.rioseo.com *.smartrecruiters.com js.driftt.com cdn.bizible.com cdn-app.pathfactory.com region1.analytics.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com go.rioseo.com region1.analytics.google.com 'unsafe-inline'; frame-ancestors 'none'; frame-src play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com *.google.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com go.rioseo.com *.smartrecruiters.com js.driftt.com region1.analytics.google.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com go.rioseo.com region1.analytics.google.com; connect-src 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 425-fdd-771.mktoresp.com jukebox.pathfactory.com region1.google-analytics.com region1.analytics.google.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com *.smartrecruiters.com region1.analytics.google.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com region1.analytics.google.com; img-src https: data:; report-uri https://rioseo.report-uri.com/r/t/csp/enforce 1
frame-ancestors s.syzs.qq.com webapp.gameloop.com *.nimo.tv; report-uri https://csp.nimo.tv/csp?sentry_id=160&sentry_key=da306e6f5c0246cebb17c067f24a8795 1
default-src data: bama.ir *.bama.ir; font-src bama.ir *.bama.ir https://fonts.gstatic.com data:; img-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir https://*.google.com https://google-analytics.com https://*.google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://ssl.gstatic.com https://www.gstatic.com blob: data:; worker-src bama.ir *.bama.ir; style-src 'unsafe-inline' bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bama.ir *.bama.ir https://m.asanpardakht.com/cdn/asanbridge-1.0.2.min.js https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js; connect-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir apm.bama.ir https://apm.bama.ir      https://*.google.com https://www.google-analytics.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://*.g.doubleclick.net ; form-action bama.ir *.bama.ir; frame-ancestors bama.ir *.bama.ir https://m.asanpardakht.ir https://m.asanpardakht.com https://pwa.dev.tasn.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; frame-src bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; object-src 'none'; base-uri bama.ir *.bama.ir; upgrade-insecure-requests 1
default-src 'self' uni-tuebingen.de https://*.uni-tuebingen.de https://vitruv.uni-tuebingen.de https://*.tile.openstreetmap.org https://www.youtube-nocookie.com https://*.ytimg.com https://pbs.twimg.com 'unsafe-inline'; frame-ancestors 'self' https://backend.uni-tuebingen.de https://vitruv.uni-tuebingen.de 1
frame-ancestors 'self' https://*.zoosk.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; object?src'none' 1
frame-ancestors 'self' https://www.arm.com assets.adobedtm.com reveal.clearbit.com ga.clearbit.com settings.luckyorange.net https://d10lpsik1i8c69.cloudfront.net https://api.luckyorange.com https://tagmanager.google.com https://*.hotjar.com:*  https://*.hotjar.io https://cdn-assets-prod.s3.amazonaws.com; object-src 'self' https://www.arm.com https://*.arm.com https://armkeil.blob.core.windows.net; 1
frame-ancestors 'self' *.geoguessr.com 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://next-landing-pages-mtwpand26a-ew.a.run.app *.veed.dev *.veed.io *.veed.com https://storage.googleapis.com *.amplitude.com ws://localhost:* wss://*.veed.dev wss://*.staging.veed.dev wss://*.veed.io localhost:* https://*.sentry.io/ https://cms.veed.io https://cms.veed.dev https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://rest.ably.io https://*.ably-realtime.com wss://*.ably-realtime.com wss://realtime.ably.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.getrewardful.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://uploads.intercomusercontent.com https://hooks.zapier.com https://*.algolianet.com https://*.algolia.net https://pagead2.googlesyndication.com https://forms-eu1.hscollectedforms.net https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com https://cdn-public.veed.io https://static-assets.veed.io https://*.hotjar.com https://*.intercomcdn.com; img-src 'self' data: blob: * https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.gstatic.com https://optimize.google.com https://*.hotjar.com https://veed-assets https://static-assets.veed.io https://cdn-site-assets.veed.io https://assets-global.website-files.com https://storage.googleapis.com/veed-prod-strapi-bucket* https://*.intercomcdn.com https://*.intercom.io https://uploads.intercomusercontent.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercomassets.eu https://*.intercomassets.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.gstatic.com/ https://apis.google.com https://cdn.amplitude.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://*.google.com https://*.hotjar.com https://r.wdfl.co/rw.js https://snap.licdn.com http://www.youtube.com https://cdn.cookielaw.org https://js.stripe.com https://*.intercom.io https://js.intercomcdn.com http://connect.facebook.net https://static.hsappstatic.net https://static.ads-twitter.com http://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com/ https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://*.google.com; frame-src 'self' https://*.hotjar.com https://optimize.google.com * blob:; media-src 'self' https://assets-global.website-files.com https://ssl.gstatic.com https://cdn.veed.dev https://cdn.staging.veed.dev https://cdn.veed.io https://cdn-user.veed.dev https://cdn-user.staging.veed.dev https://cdn-user.veed.io https://veed.dev https://staging.veed.dev https://veed.io https://cdn.veed.com https://storage.googleapis.com/veed-prod-strapi-bucket* https://cdn-site-assets.veed.io https://cdn-site-assets.veed.dev localhost:* https://js.intercomcdn.com https://static-assets.veed.io; object-src data:; 1
frame-ancestors 'self'; script-src 'self' 'nonce-mpTccuvnXStvQjNO' 'unsafe-eval' https://js.stripe.com 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.plyr.io cdnjs.cloudflare.com *.click4assistance.co.uk *.discoveruni.gov.uk discoveruni.gov.uk www.googleoptimize.com www.googletagmanager.com www.google-analytics.com *.blackbaudhosting.com cdn.jsdelivr.net polyfill.io i.vimeocdn.com *.unibuddy.co cdn.matomo.cloud snap.licdn.com acdn.adnxs.com static.ads-twitter.com *.quantserve.com *.hotjar.com www.google.com www.google.co.uk www.googleadservices.com *.google.com gtm *.gstatic.com wss://*.hotjar.com in.hotjar.com *.hotjar.io *.facebook.com *.twitter.com *.ads-twitter.com t.co *.ads.linkedin.com *.g.doubleclick.net snap.licdn.com *.youtube-nocookie.com www.youtube.com payments.blackbaud.com *.quantcount.com *.doubleclick.net player.vimeo.com developers.panopto.com www.instagram.com connect.facebook.net optimize.google.com surrey.matomo.cloud js-agent.newrelic.com googletagmanager.com bam.nr-data.net dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com app.vwo.com sky.blackbaudcdn.net; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.plyr.io cdnjs.cloudflare.com cdn.jsdelivr.net polyfill.io i.vimeocdn.com *.unibuddy.co fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com surrey.matomo.cloud optimize.goo optimize.google.com hello.myfonts.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: www.googletagmanager.com *.twimg.com scontent.cdninstagram.com *.instagram.com s.ytimg.com i.ytimg.com youtu.be www.facebook.com *.google.com *.quantserve.com analytics.twitter.com *.linkedin.com www.google.co.uk ib.adnxs.com t.co www.google-analytics.com *.click4assistance.co.uk *.doubleclick.net surrey.cloud.panopto.eu bbox.blackbaudhosting.com i.vimeocdn.com *.cloudfront.net discoveruni.gov.uk bbox.blackbaudhosting.com optimize.google.com fonts.googleapis.com optimize.google.com surrey.matomo.cloud google.co.in prreqcroab.icu googleads.g.doubleclick.net gstatic.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.gstatic.com dev.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com; media-src 'self'; frame-src 'self' www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co open.spotify.com platform.twitter.com www.facebook.com www.instagram.com www.google.com *.click4assistance.co.uk popcard.unibuddy.co surrey.cloud.panopto.eu bbox.blackbaudhosting.com optimize.google.com embedder.wirewax.com payments.blackbaud.com *.doubleclick.net www.youtube-nocookie.com app.vwo.com *.visualwebsiteoptimizer.com embed-standalone.spotify.com *.360marketinglab.org.uk host.nxt.blackbaud.com; child-src www.youtube.com youtu.be *.vimeo.com vimeo.com unibuddy.co blob:; font-src 'self' hello.myfonts.net fonts.gstatic.com surrey.matomo.cloud hotjar.com script.hotjar.com; connect-src  'self' noembed.com *.linkedin.com *.googleapis.com connect.facebook.net www.facebook.com ws.sessioncam.com surrey-search.clients.uk.funnelback.com connect.facebook.net surrey.matomo.cloud www.google-analytics.com pixel.quantcount.com *.google.com *.doubleclick.net *.linkedin.oribi.io prod-discoveruni.azure-api.net payments.blackbaud.com services.postcodeanywhere.co.uk vc.hotjar.io in.hotjar.com google.co.uk cdn.plyr.io *.visualwebsiteoptimizer.com app.vwo.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; frame-ancestors 'self' *.salarynet.local:* *.salary.com trustmineral.com/ *.trustmineral.com *; font-src *;img-src data: about: * ; worker-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; media-src 'self' blob: *; 1
frame-ancestors 'self' *.bloomreach.cloud 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:; frame-ancestors 'self' mytjx.com www.mytjx.com 1
frame-ancestors https://*.lilithgame.com https://*.lilithgames.com https://*.farlightgames.com https://*.farlightgame.com 1
base-uri 'self'; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.usercentrics.eu https://www.googletagmanager.com/; img-src * 'self' data: https://*.usercentrics.eu; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src; object-src 'self' https://*.usercentrics.eu; connect-src 'self' https://*.usercentrics.eu https://*.google-analytics.com; 1
base-uri *.rivals.com;frame-ancestors  'self' *.rivals.com *.rivals.com *.yahoo.com; sandbox allow-downloads allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-modals allow-top-navigation-by-user-activation; report-uri https://csp.rivals.com/api/v1/content_security_policy_reports 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-sd6xRO9ysCK2ezEDqV+ZeqBn4Q0VWk' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
object-src * 'unsafe-inline' 1
default-src 'self' static.flightstats.com/ www.google-analytics.com securepubads.g.doubleclick.net www.google-analytics.com https://*.googlesyndication.com *.onetrust.com geolocation.onetrust.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'none';img-src 'self' data: *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.cirium.com *.cirium.com *.google-analytics.com *.googlesyndication.com *.google.com *.googletagmanager.com assets.braintreegateway.com checkout.paypal.com *.eloqua.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com;object-src 'none';script-src 'self' 'sha256-LtTzENrCXCQCBUtkD4RrXKmfwmT7WSTvkY2Y/FLADts=' *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.google.com/ www.gstatic.com/recaptcha/ www.googletagmanager.com/gtag/ www.googletagservices.com adservice.google.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com img.en25.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com 'nonce-trmped3AAUf5G6KnonW2+g==';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;frame-src *.googlesyndication.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.doubleclick.net/ https://www.youtube.com/ assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com;connect-src *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io https://static.flightstats.com https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ www.google-analytics.com *.googlesyndication.com *.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com 1
frame-ancestors 'self' https://kundkundtc.com/ https://www.jagran.com/ https://www.jagran.com/markets.html/ https://staging.jagran.com/ https://m.jagran.com/ https://m.jagran.com/markets.html https://mstaging.jagran.com/ https://mstaging.jagran.com/markets.html/ https://stagenglish.jagran.com/ http://punjabijagran.com/ https://stagenglish.jagran.com/ https://www.money9.com/ https://hindi.money9.com/ https://marathi.money9.com/ https://telugu.money9.com/ https://bangla.money9.com/ https://kannada.money9.com/ https://gujarati.money9.com/ 1
frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests; 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.uz  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors 'self' https://gallery.jalbum.net http://gallery.jalbum.net 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.newindianexpress.com;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src * blob:; connect-src * wss:; 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src http: https://*.livemaster.ru https://*.googlesyndication.com 'self'; script-src http: https://*.livemaster.ru https://googletagmanager.com https://*.cloudfront.net https://*.maps.yandex.net https://secure.payu.ru https://*.jivo.ru https://*.jivosite.com https://use.fontawesome.com https://adservice.google.com https://adservice.google.ru https://*.google-analytics.com https://www.googletagservices.com https://*.yandex.ru https://mc.webvisor.org https://www.googletagmanager.com https://*.google.com https://securepubads.g.doubleclick.net https://cdn.jsdelivr.net https://www.gstatic.com https://*.pinterest.com https://i.pinimg.com https://*.twitter.com https://twitter.com https://connect.facebook.net https://yastatic.net https://vk.com https://cdn.ampproject.org https://pagead2.googlesyndication.com https://top-fwz1.mail.ru https://api.vk.com https://connect.ok.ru https://connect.mail.ru https://checkout.rbk.money 'unsafe-inline' 'unsafe-eval' 'self' blob: data:; font-src http: https://*.livemaster.ru 'self' https://fonts.gstatic.com; img-src https://*.livemaster.ru https://www.livemaster.ru:1812 https://csi.gstatic.com https://log.pinterest.com https://*.adfox.ru https://*.googlesyndication.com https://*.googletagmanager.com https://syndication.twitter.com https://top-fwz1.mail.ru https://*.google-analytics.com https://*.facebook.com https://*.google.com https://*.google.ru https://counter.yadro.ru https://*.yandex.ru https://*.yandex.net https://mc.webvisor.org https://vk.com https://*.vk.com https://*.g.doubleclick.net https://*.livemaster.ru https://*.livemaster.com 'self' data: blob: http:; frame-src http: https://*.livemaster.ru 'self' https://*.facebook.net https://*.googlesyndication.com https://dl.metabar.ru https://static.cmptch.com https://www.livemaster.ru:1862 https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://*.google.com https://player.vimeo.com https://mc.webvisor.org; frame-ancestors 'self' https://*.livemaster.ru https://www.livemaster.ru:1862 https://*.payu.ru https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://www.google.com https://player.vimeo.com https://mc.webvisor.org https://webvisor.com http://webvisor.com; style-src http: https://*.livemaster.ru 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://www.livemaster.ru:1862 https://*.livemaster.ru; connect-src https://*.livemaster.ru https://*.googlesyndication.com https://yandex.ru https://yandex.com  https://mc.webvisor.org https://login.vk.com http: https://yandexmetrica.com:29010 https://*.payu.ru https://*.payu.com https://www.livemaster.ru:1862 https://*.lmteam.ru https://*.yandex.net https://ymetrica.com https://ymetrica1.com https://ymetrica2.com https://*.google-analytics.com http://*.google.com https://www.googleapis.com wss://*.livemaster.ru wss://*.jivo.ru wss://*.jivosite.com https://*.livemaster.ru https://*.livemaster.com https://graph.facebook.com https://matchid.adfox.yandex.ru https://*.g.doubleclick.net https://top-fwz1.mail.ru https://*.adfox.ru https://*.yandex.ru https://*.yandex.com https://getyabrowser.com https://*.appmetrica.webvisor.com https://www.facebook.com https://csi.gstatic.com https://player.vimeo.com https://*.clickmeeting.com 'self'; object-src http: https://*.livemaster.ru 'self' https://player.vimeo.com https://www.youtube.com; report-uri /ajax/cspcollector.php 1
media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.md yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.md;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.md favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.md mc.yandex.ru;script-src 'nonce-TCQdH1cSK41oB9ZLQ1USvA==' mc.yandex.com yastatic.net yandex.md mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.md;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.md mc.yandex.ru mc.yandex.md *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.md&showid=1705975984585488-13585491151897383322-balancer-l7leveler-kubr-yp-sas-36-BAL-650&h=stable-portal-mordago-131.vla.yp-c.yandex.net&yandexuid=7973833221705975984&&version=2024-01-19-465&adb=0;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src 'self' 'unsafe-eval' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; script-src 'self' 'unsafe-eval' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; script-src-elem 'self' 'unsafe-inline' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; style-src 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; style-src-attr 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; object-src none; img-src 'self'  data: * cdn.axieinfinity.com *.axieinfinity.com *.google.com *.storage.googleapis.com storage.googleapis.com; frame-src 'self' https://www.youtube.com; font-src 'self' *.axieinfinity.com cdn.axieinfinity.com data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.axieinfinity.com cdn.axieinfinity.com *.axieinfinity.com axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co staging.axieinfinity.co api.roninchain.com *.roninchain.com *.google.com *.storage.googleapis.com *.google-analytics.com; media-src 'self'  data: cdn.axieinfinity.com *.axieinfinity.com https://youtube.com/* https://cdn-marketplace.skymavis.com/; base-uri 'self'; frame-ancestors 1
default-src 'self' https://cdn.fwupd.org/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.fwupd.org/;img-src 'self' https://cdn.fwupd.org/ data:;style-src 'self' 'unsafe-inline' https://cdn.fwupd.org/;font-src 'self' https://cdn.fwupd.org/;frame-ancestors 'none';object-src 'none' 1
frame-ancestors https://*.cloud.contensis.com https://*.birmingham.ac.uk https://*.bham.ac.uk 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-8IBTHwOdqNKAWeKl7plt8g==' 'sha256-19u28QzS8xnVb9Ypt/ZiKZJNc3edsV83AE+VeJhtkXs=' 'sha256-Cd9BxjXA45+g9ilMVZziEheylRbyzhknECCmXFjo7yA=' 'sha256-pC5mAmCjphcyCzqsmju1DolR172c3rTjHM/rshbHqnY=' 'sha256-tz7P6xDwST55gSO8oq9QrhENM33ITe2799F49Wts530=' https: 'sha256-bTWAFxc+LE6qgEPIpWUMXautT6sNYFli7B2q/n/hGOs=' 'sha256-qlwY4O0ZPltjwgIPEr9IhaJQ1fJ5mlSTuYqQ/0KO4FY=' 'sha256-Ep5PD7gP/BbQ/R7tfgVK4ouuex+DFAENqTtAGke3WrA=' 'sha256-8agKNPqnF7M/EuVXb/OM9BNepbA1V4JXmaIh0xqs6s0=' 'sha256-E8BjKjOFgCHDinIIiOe4BxBzy9NvGc2v21sC3xT4Pro=' 'sha256-ifIAVjaxIdTqlzFJUuIP2kHGXKnkbLARbrBheBSLFxQ=' ; style-src 'self' 'unsafe-hashes' cloud.typography.com fonts.googleapis.com fontserver.umu.se oc-cdn-public-eur.azureedge.net use.typekit.com p.typekit.net mfstatic.com 'sha256-HFU921d2osL0VXptuMRmzekyzELdEKfmwcauN1Gj6mQ=' 'sha256-/cTmSdRnv+G3ZWp+/LZ3EMXWDwe4pTTOaUhaqMZj29c=' ; font-src 'self' data: fonts.gstatic.com use.typekit.com mfstatic.com ; img-src 'self' data: *.umu.se *.episerver.net *.gstatic.com survey.userneeds.com *.googleusercontent.com  *.vimeocdn.com *.youtube.com *.ytimg.com streaming.kaltura.nordu.net *.mediaflowpro.com ; connect-src 'self' oc-cdn-public-eur.azureedge.net digitalfeedback.euro.confirmit.com stats.userneeds.com www.google-analytics.com matomo.analys.cloud *.mediaflow.com *.mediaflowpro.com mfstatic.com *.dna.ip-only.net ; base-uri 'self' ; frame-ancestors 'self' ; form-action 'self' ; object-src 'none' ; media-src blob: *.mediaflow.com mfstatic.com ; worker-src blob: ; frame-src 'self' oc-cdn-public-eur.azureedge.net www.google.com *.vimeo.com *.youtube.com api.kaltura.nordu.net *.cloudfront.net survey.userneeds.com stats.userneeds.com ; report-uri /api/CspReport;report-to csp-endpoint 1
frame-ancestors 'self' https://wendy.westpac.com.au; 1
frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://alphauniverse.com; 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;object-src *;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src * data:;connect-src *;child-src * callback:;form-action *;frame-ancestors *;worker-src * blob: 1
frame-ancestors 'self' *.zabbix.com https://challenges.cloudflare.com 1
frame-ancestors 'self' 192.168.7.18 1
default-src 'none'; base-uri 'none'; frame-src 'self' js.stripe.com www.google.com embeds.audioboom.com; font-src 'self' static0.audioboom.com; connect-src 'self' blob: https: wss://audioboom.com; img-src 'self' data: https:; media-src 'self' blob: https:; script-src 'self' static0.audioboom.com www.google-analytics.com js-agent.newrelic.com js.stripe.com bam.nr-data.net bam-cell.nr-data.net www.recaptcha.net sentry.io 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-H2wXOHSMKf3RqiMCCLpX5Q=='; manifest-src 'self'; style-src 'self' static0.audioboom.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'self' static0.audioboom.com 'nonce-H2wXOHSMKf3RqiMCCLpX5Q==' 1
img-src 'self' *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.nl portal.ru.nl portal-acc.uci.ru.nl https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: *.vimeocdn.com *.vimeo.com *.ytimg.com *.youtube.com *.facebook.com *.crazyegg.com *.linkedin.com *.pinimg.com *.pinterest.com *.twitter.com *.instagram.com; object-src 'none'; script-src 'self' cdn.livechatinc.com api.livechatinc.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com connect.facebook.net *.crazyegg.com platform.twitter.com www.instagram.com platform.instagram.com www.youtube-nocookie.com https://cdn.jsdelivr.net https://cdn.unibuddy.co https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com 'nonce-XPvVK48snl2297a1TGuzJUH+/KI='; worker-src 'self' blob:; base-uri 'none'; frame-ancestors 'self' *.totalservices.io *.radboudrecharge.nl; report-uri https://www.ru.nl/report-uri/enforce 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.freehostia.com http://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://connect.facebook.net/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://*.emjcd.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://*.kdukvh.com  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://*.mczbf.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.openx.net  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://content.odj.cloud  https://contextual.media.net  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://*.emjcd.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://*.kdukvh.com  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://lidl.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://yahoo.com  https://yieldlab.net; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://*.mczbf.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://yahoo.com  https://yieldlab.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://*.mczbf.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none' 1
default-src https:; connect-src * data: blob: filesystem: https://adservice.google.com https://api.sitesearch360.com https://api.tapfiliate.com https://www.clarity.ms/ https://*.clarity.ms/ https://p.clarity.ms/ https://j.clarity.ms/ https://t.clarity.ms/ https://z.clarity.ms/ https://www.googleapis.com https://sheets.googleapis.com https://o151188.ingest.sentry.io/ https://bat.bing.com https://script.google.com https://script.crazyegg.com https://script.googleusercontent.com https://www.google-analytics.com https://events-writer.smartlook.com https://*.smartlook.cloud https://livesupport-app.appspot.com wss://rtmserver.anywhereworks.com https://stats.g.doubleclick.net https://www.google.com https://tracking.crazyegg.com https://frstre.com https://monitor.clickcease.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://my.setmore.com https://t.dca0.com https://sn.dca0.com https://*.dca0.com https://l15.dca0.com https://sn36.dca0.com https://idsync.rlcdn.com https://optout.dca0.com https://www.facebook.com https://analytics.google.com https://hooks.zapier.com https://storage.googleapis.com/ https://www.setmore.com/blog/ https://assets.setmore.com https://accounts.google.com https://staging.setmore.com/ https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.chatsupport.co https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage https://api-dot-stag-fullstorage.appspot.com https://api-dot-live-fullstorage.appspot.com wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://live-cwa.appspot.com https://stagingclientwebaccess-hrd.appspot.com https://dev.setmore.info; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms/ https://*.clarity.ms/ https://optimize.google.com https://app.chatsupport.co https://assets.setmore.com/ https://*.googleapis.com https://www.googletagmanager.com http://script.crazyegg.com https://script.tapfiliate.com http://www.google-analytics.com https://connect.facebook.net http://bat.bing.com https://cdnjs.cloudflare.com https://www.googleoptimize.com https://embed.typeform.com https://rec.smartlook.com https://snap.licdn.com https://s.adroll.com https://www.googleadservices.com https://dnn506yrbagrg.cloudfront.net https://www.pagespeed-mod.com https://ip.freshmarketer.com https://butavu.zawaceboji.com https://www.google.com https://www.clickcease.com https://mocadi.wisoyekivo.com https://wl3olebc.6v5f3l.com http://localhost:8080 blob: https://d.adroll.mgr.consensu.org https://d.adroll.com https://www-widgetapi.js https://www.youtube.com https://www.youtube.com/s/player/4bc55fd6/www-widgetapi.vflset/www-widgetapi.js https://accounts.google.com http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://tracking.g2crowd.com https://unpkg.com https://*.chatsupport.co; font-src 'self' data: https://*.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://static3.avast.com https://www.slant.co https://script.hotjar.com chrome-extension: https://use.typekit.net https://assets.setmore.com; img-src 'self' data: https://c.bing.com https://optimize.google.com https://www.googletagmanager.com https://www.clarity.ms/ https://*.clarity.ms/ https://c.clarity.ms https://c.clarity.ms/c.gif https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://bat.bing.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com https://www.google.co.uk https://www.google.co.za https://www.google.cl https://www.google.it https://www.google.fi https://www.google.dk https://www.google.ee https://www.google.fr https://www.google.no https://www.google.be https://www.google.de https://www.google.pl https://www.google.si https://www.google.ru https://www.google.lv https://www.google.co.zw https://www.google.im https://www.google.lk https://www.google.com.tr https://www.google.com.cy https://www.google.com.sv https://www.google.com.mm https://www.google.com.uy https://www.google.com.kh https://www.google.com.br https://www.google.com.hk https://www.google.com.sa https://www.google.com.pr https://www.google.com.ar https://www.google.com.ph https://www.google.com https://www.google.co.in https://www.google.co.id https://www.google.co.kr https://www.google.com.my https://www.google.es https://www.google.ca https://www.google.pt https://www.google.ch https://p.adsymptotic.com https://www.setmore.com https://www.linkedin.com https://www.facebook.com https://www.gstatic.com https://fonts.gstatic.com https://www.google.com.au https://www.google.com.mx https://www.google.com.do https://www.google.com.ng https://www.google.com.sg https://www.google.com.co https://www.google.gr https://www.google.mv https://www.google.ie https://i.ytimg.com https://www.google.co.nz https://www.google.ro https://www.google.lt https://www.google.co.th https://www.google.com.eg https://www.google.md https://www.google.tt https://www.google.nl https://www.google.co.ma https://www.google.com.kw https://www.google.com.qa https://www.google.ae https://www.google.ba https://my.setmore.com https://www.google.bg https://www.google.sr https://www.google.co.jp https://lh3.googleusercontent.com https://www.google.com.na https://www.tailwindapp.com https://www.google.com.jm https://www.google.rw https://heapanalytics.com https://www.google.bs https://www.google.com.bh https://www.google.az https://translate.google.com http://www.google.co.ug https://yastatic.net https://www.google.ps https://www.google.jo https://avatar.anywhere.app https://www.google.so https://loungesrc.net https://www.google.com.gt https://www.google.com.np https://www.google.mu https://cdnjs.cloudflare.com https://www.google.hn https://www.google.com.ec https://www.google.co.ve https://www.google.co.ke https://www.google.com.bd https://www.google.com.pe https://www.google.sk https://www.google.se https://www.google.hu https://www.google.com.mt https://www.google.com.lb https://www.google.hr https://www.google.co.cr https://s3.amazonaws.com https://www.google.com.ua https://www.google.com.gh https://www.google.cz https://www.google.is https://www.google.com.pk https://www.google.at https://www.google.co.tz https://www.google.ad https://storage.googleapis.com https://www.google.com.om https://www.google.by https://www.google.kg https://www.google.vu https://www.google.kz https://www.google.com.bn https://www.google.com.bz https://joshtower.net https://www.google.com.pa https://www.google.com.vn https://mstat.acestream.net https://www.google.co.il https://downloads.intercomcdn.com https://www.google.tn https://rest.exchmapdata.com https://us-u.openx.net https://x.bidswitch.net https://idsync.rlcdn.com https://ads.yahoo.com https://subscription.omnithrottle.com https://rc.rlcdn.com https://pippio.com https://ib.adnxs.com https://pm.w55c.net https://fcmatch.youtube.com https://fcmatch.google.com https://tags.rd.linksynergy.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://sync.outbrain.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.taboola.com https://ups.analytics.yahoo.com https://www.google-analytics.com https://sync.mathtag.com https://gpush.cogocast.net https://segments.company-target.com https://s.amazon-adsystem.com https://pixel.mathtag.com https://x.dlx.addthis.com https://e.dlx.addthis.com https://beacon.krxd.net https://usermatch.krxd.net https://match.adsrvr.org https://www.google.bt https://www.google.dz https://www.google.sc https://sync-tm.everesttech.net https://d.adroll.com https://tag.cogocast.net https://tag.apxlv.com https://deviceid.trueleadid.com https://i.liadm.com https://dpm.demdex.net https://tags.bluekai.com https://www.google.com.vc https://login.dotomi.com https://www.google.co.uz https://tapestry.tapad.com https://track.reson8.com https://connect.facebook.net https://csyn-r.cxense.com https://www.google.cn https://match.prod.bidr.io https://www.google.rs https://chatsupport-dot-live-fullstorage.appspot.com https://www.entitytag.co.uk https://accounts.google.com https://assets.chatsupport.co/ https://assets.setmore.com https://tracking.g2crowd.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.chatsupport.co; style-src 'self' https: data: 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://*.googleapis.com https://cdnjs.cloudflare.com https://pwm-image.trendmicro.com https://my.setmore.com https://www.googletagmanager.com https://accounts.google.com; frame-src 'self' data: https://optimize.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://my.setmore.com https://pwm-image.trendmicro.com https://mozbar.moz.com https://tpc.googlesyndication.com https://accounts.google.com https://widget.trustpilot.com https://moarshath.weebly.com/ https://www.youtube-nocookie.com/; media-src * data: blob: filesystem: https://*.googleapis.com https://stats3.unrulymedia.com https://assets.setmore.com https://assets.chatsupport.co https://*.chatsupport.co; object-src 'none'; child-src 'self' blob: gap:; worker-src 'self' blob:; report-uri https://o151188.ingest.sentry.io/ 1
upgrade-insecure-requests; frame-ancestors 'self' https: 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.sharethis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.sharethis.com *.googlesyndication.com www.decathlon.com.tr decathlon.com.tr *.personaclick.com *.go2sdk.com *.thequin.ai *.scarabresearch.com *.preciso.net *.mndtrk.com *.adition.com clk.2trk.info static.zdassets.com linkadoo.co *.zopim.com *.poltio.com *.adrtt.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com jsd-widget.atlassian.com mc.yandex.ru cdn.segmentify.com app2.abtasty.com hotjar.com www.linkadoo.com analytics.tiktok.com *.segmentify.com img2-digitouch.mncdn.com view.publitas.com scripts.publitas.com https://www.rtbhouse.com/;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.sharethis.com *.personaclick.com *.thequin.ai *.scarabresearch.com *.zdassets.com decathlontr.zendesk.com wss://ws1.hotjar.com *.zopim.com wss://widget-mediator.zopim.com *.thequin.xyz iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com fpc.decathlon.com.tr ekr.zdassets.com static.zdassets.com widget-mediator.zopim.com v2assets.zopim.io *.segmentify.com decathlon.alo-tech.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.commander1.com *.adotmob.com *.goldenbees.fr *.criteo.com *.sharethis.com *.addthis.com rtgcloudsgl.2trk.info iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com img.segmentify.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.personaclick.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com *.hotjar.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net static.zdassets.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.criteo.com linkadoo.co ck.2trk.info *.adrttt.com *.poltio.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com www.linkadoo.co tr.rdrtr.com help.decathlon.com.tr/;frame-ancestors 'self'; 1
frame-ancestors *.104.com.tw 1
frame-ancestors 'self' *.kotak.com netbanking.kotak.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.kotak.com *.google.com *.allincall.in *.youtube.com *.kotakcherry.com *.lemnisk.co *.google.com *.cloudflare.com *.adobedtm.com *.facebook.com *.demdex.net *.omtrdc.net www.googletagmanager.com  *.googleapis.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com *.notifyvisitors.com connect.facebook.net ad.doubleclick.net px.ads.linkedin.com *.kotakmahindrageneralinsurance.com  *.jquery.com  googleads.g.doubleclick.net payments.billdesk.com seal.verisign.com; img-src * 'self' data: blob: https:; worker-src 'self' data: blob: https:; connect-src 'self' data: https:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.le.ac.uk https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://www.clarity.ms https://cdnjs.cloudflare.com https://cdn.curator.io https://embedsocial.com https://www.findaphd.com https://fonts.googleapis.com https://www.gstatic.com https://meetandengage.com https://*.flockler.com https://*.flockler.app https://tagmanager.google.com https://www.googletagmanager.com; img-src 'self' blob: data: https://c.bing.com https://pool.adizio.com https://c.clarity.ms https://test-uol.azorus.com https://*.spotify.com https://pool.a8723.com https://*.adnxs.com https://cdn.curator.io https://*.cdninstagram.com https://*.doubleclick.net https://connect.facebook.net https://discoveruni.gov.uk https://www.facebook.com https://*.fbcdn.net https://www.findaphd.com https://*.flockler.com https://flockler.com https://*.flockler.app https://*.google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://i.ytimg.com https://www.instagram.com https://le.ac.uk https://www.linkedin.com https://livestream.com https://meetandengage.com https://pbs.twimg.com https://px.ads.linkedin.com https://*.rackcdn.com https://*.scdn1.secure.raxcdn.com https://stats.g.doubleclick.net https://t.co https://www.tag4arm.com https://*.twitter.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.le.ac.uk https://test-uol.azorus.com https://cdn.botframework.com/botframework-webchat/ https://unpkg.com/react@17.0.2/umd/react.production.min.js https://unpkg.com/react-dom@17.0.2/umd/react-dom.production.min.js https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://acdn.adnxs.com/dmp/up/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://libraryhelp.le.ac.uk https://ajax.googleapis.com https://www.clarity.ms https://cdn.curator.io https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://cdn.oribi.io https://cdn.unibuddy.co https://connect.facebook.net https://discoveruni.gov.uk https://dnn506yrbagrg.cloudfront.net https://embedsocial.com https://fl-cdn.scdn1.secure.raxcdn.com https://www.findaphd.com https://*.flockler.com https://flockler.embed.codes https://*.flockler.app https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googleadservices.com https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.ibytedtos.com https://www.linkedin.com https://meetandengage.com https://popcard.unibuddy.co https://px.ads.linkedin.com https://s.ytimg.com https://s0.ipstatp.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://www.tag4arm.com https://*.tiktok.com https://*.twitter.com https://widget.discoveruni.gov.uk https://widget.unistats.ac.uk https://www.youtube.com; frame-src 'self' https://*.le.ac.uk https://iframe.dacast.com https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net https://*.spotify.com https://sketchfab.com https://embedsocial.com https://www.facebook.com https://*.flipsnack.com https://*.doubleclick.net https://forms.office.com https://www.google.com https://www.googleapis.com https://www97.lamp.le.ac.uk https://libservices.le.ac.uk https://leicester.cloud.panopto.eu https://livestream.com https://www.linkedin.com https://www.le.ac.uk https://meetandengage.com https://myleicester.le.ac.uk https://vimeo.com https://player.vimeo.com https://podcasts.le.ac.uk https://popcard.unibuddy.co https://w.soundcloud.com https://static.ads-twitter.com https://staticxx.facebook.com https://www.tag4arm.com https://tourmkr.com https://platform.twitter.com https://tr.snapchat.com https://unibuddy.co https://*.hotjar.com https://www.viewmake.com https://widget.unistats.ac.uk https://www.youtube.com https://www.youtube-nocookie.com https://momento360.com;frame-ancestors 'self'; connect-src 'self' https://*.microsoft.com https://*.omnichannelengagementhub.com https://*.clarity.ms https://*.le.ac.uk https://*.spotify.com https://apikeys.civiccomputing.com https://api.curator.io https://stats.g.doubleclick.net https://www.facebook.com https://*.flockler.com https://*.flockler.app https://*.google.com https://*.google-analytics.com https://www.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www97.lamp.le.ac.uk https://gw.oribi.io https://prod-discoveruni.azure-api.net https://tr.snapchat.com https://www.tag4arm.com https://analytics.tiktok.com https://tourmkr.com https://ekr.zdassets.com https://*.azurewebsites.net/ https://directline.botframework.com wss://directline.botframework.com;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://cdn.curator.io https://fonts.gstatic.com https://le.ac.uk https://meetandengage.com https://*.hotjar.com; object-src 'self' https://*.spotify.com https://forms.office.com; media-src 'self' https://le.ac.uk https://*.le.ac.uk https://*.spotify.com https://pool.a8723.com https://*.fbcdn.net https://*.xx.fbcdn.net https://*.flockler.com https://*.flockler.app https://*.cdninstagram.com https://video.twimg.com https://videos.dailymail.co.uk; upgrade-insecure-requests 1
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 129.210.247.132 1
frame-ancestors 'self' https://ugyfelkapu.digi.hu https://salesweb.digi.hu; object-src 'self'; 1
frame-ancestors 'self' *.q10soluciones.com *.q10.com sm.q10.com webvisor.com 1
img-src 'self' www.technolife.ir trustseal.enamad.ir data: www.google-analytics.com *.najva.com *.google.com *.goftino.com https://*.livechatinc.com https://*.livechat-static.com;default-src 'self' blob: 'unsafe-inline' *.google.com https://static.getclicky.com https://in.getclicky.com wss://*.goftino.com https://*.livechatinc.com https://*.livechat-static.com https://stats.g.doubleclick.net https://www.goftino.com/ https://www.clarity.ms https://c.clarity.ms cdn.yektanet.com *.yektanet.com w3.org https://www.technolife.ir phcm.ir *.technolife.ir *.newtechnolife.ir *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ *.google-analytics.com *.analytics.google.com plus.sabavision.com https://cdn.sanjagh.com https://api.sanjagh.com https://n1.sanjagh.com/ google.com/recaptcha https://www.google.com/recaptcha https://www.google.com/recaptcha/ recaptcha.net https://*.goftino.com https://www.technolifenew.ir https://fcm.googleapis.com https://www.googletagmanager.com https://fcm.googleapis.com/fcm/connect/subscribe https://www.google.com/ads/* https://trustseal.enamad.ir/ https://core.affili.ir/api/v2/clients/conversion https://www.google.com/ads/ga-audiences https://www.aparat.com/ wss://*.goftino.com https://*.clarity.ms https://deemanetwork.com https://if-cdn.com https://player.arvancloud.com van.najva.com *.najva.com https://app.najva.com *.najva.com https://app.raychat.io data: wss://se3.raychat.io https://analytics.takhfifan.com/ https://trk.chavosh.org https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe https://cr.najva.com https://client.crisp.chat https://cdn.parsimap.ir/ https://tracker.chavosh.org/ app.raychat.io cdn.raychat.io report.najva.com https://s.goftino.com https://client.crisp.chat https://ma-cdn.pegah.tech/ https://api.mediaad.org https://api.parsimap.ir/ https://api2.parsimap.ir/ https://*.goftino.com https://*.clarity.ms https://technofestivals.arvanvod.com https://unpkg.com/ https://mediacdn.mediaad.org/ *.mouseflow.com *.goftino.com;script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://in.getclicky.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://www.clarity.ms https://stats.g.doubleclick.net https://*.goftino.com cdn.yektanet.com *.yektanet.com w3.org https://www.technolife.ir phcm.ir shop.technolife.ir *.newtechnolife.ir *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.googletagmanager.com https://www.google.com/recaptcha https://www.google.com/recaptcha/ https://www.gstatic.com recaptcha.net van.najva.com *.najva.com https://app.najva.com/ https://click.najva.com https://app.raychat.io plus.sabavision.com https://unpkg.com/  https://se3.raychat.io https://deemanetwork.com https://trustseal.enamad.ir/ *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://n1.sanjagh.com/ https://cdn.jsdelivr.net https://app.najva.com *.najva.com https://yektanet.com https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe https://cr.najva.com app.raychat.io cdn.raychat.io report.najva.com https://*.clarity.ms https://www.aparat.com/ wss://cdn.goftino.com/ https://cdn.parsimap.ir/ https://trk.chavosh.org wss://*.goftino.com https://*.goftino.com https://client.crisp.chat https://analytics.takhfifan.com/ https://www.technolifenew.ir/* https://tracker.chavosh.org/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://*.goftino.com https://*.clarity.ms https://s1.mediaad.org https://plus.sabavision.com/ https://ma-cdn.pegah.tech/ https://api.mediaad.org https://cdn.sanjagh.com https://api.sanjagh.com https://mediacdn.mediaad.org *.mouseflow.com *.goftino.com;style-src 'self' 'unsafe-inline' *.google.com https://www.technolife.ir https://in.getclicky.com *.newtechnolife.ir https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://ajax.cloudflare.com https://static.cloudflareinsights.com/ w3.org phcm.ir https://*.goftino.com https://cdn.goftino.com/ fonts.googleapis.com https://www.googletagmanager.com https://app.najva.com *.najva.com *.googletagmanager.com *.cloudflare.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.google.com/recaptcha recaptcha.net https://van.najva.com https://app.raychat.io https://cdn.jsdelivr.net https://cdn.parsimap.ir/ plus.sabavision.com https://n1.sanjagh.com/ https://cdn.fontcdn.ir wss://*.goftino.com wss://ws.goftino.com https://*.goftino.com https://if-cdn.com https://player.arvancloud.com https://trustseal.enamad.ir/ https://deemanetwork.com https://analytics.takhfifan.com/ https://www.technolifenew.ir https://api.parsimap.ir/ https://api2.parsimap.ir/ https://trk.chavosh.org https://tracker.chavosh.org/ https://mediacdn.mediaad.org https://if-cdn.com https://player.arvancloud.com https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://unpkg.com/ *.mouseflow.com *.goftino.com;font-src 'self' 'unsafe-inline' *.google.com https://in.getclicky.com https://www.googletagmanager.com https://www.technolife.ir *.newtechnolife.ir *.cloudflare.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com https://www.goftino.com/ data: shop.technolife.ir w3.org phcm.ir fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha recaptcha.net https://cdn.goftino.com/ https://mediacdn.mediaad.org https://van.najva.com https://app.najva.com *.najva.com https://app.raychat.io https://cdn.fontcdn.ir https://fdn.fontcdn.ir wss://cdn.goftino.com/ wss://ws.goftino.com https://*.goftino.com https://deemanetwork.com https://client.crisp.chat https://analytics.takhfifan.com/ https://cdn.parsimap.ir/ https://trustseal.enamad.ir/ https://n1.sanjagh.com/ https://www.technolifenew.ir https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://trk.chavosh.org https://tracker.chavosh.org/ https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://*.goftino.com plus.sabavision.com https://unpkg.com/ *.mouseflow.com *.goftino.com;object-src 'none';upgrade-insecure-requests;frame-ancestors https://trustseal.enamad.ir/;base-uri 'self';form-action 'self';script-src-attr 'none' 1
default-src https: wss: data: blob:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.somosbelcorp.com www.google.com *.gstatic.com *.fullstory.com *.googleapis.com *.google-analytics.com analytics.google.com *.googleadservices.com *.survicate.com *.cloudfront.net s3.amazonaws.com *.belcorp.biz web.emtelco.co h.online-metrix.net www.googletagmanager.com *.facebook.net *.facebook.com *.youtube.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.useinsider.com *.treasuredata.com; img-src * data: blob: 1
frame-ancestors https://*.visme.co 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.essence.com 1
frame-ancestors https://trustseal.enamad.ir 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-RDULgS0tc5cb9AAc3pYp' 'nonce-ImZp2yvb8Yr2Q0szuLAf' 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.funnelback.com https://*.abs.gov.au https://analytics.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.facebook.com/ https://web.facebook.com/ https://maps.abs.gov.au/ https://absstats.maps.arcgis.com https://storymaps.arcgis.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: blob: http://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.ytimg.com https://analytics.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://platform.twitter.com/ https://connect.facebook.net https://analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdn.jsdelivr.net connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob: https://*.hotjar.com https://*.hotjar.io; base-uri 'none'; form-action 'self' https://*.clients.funnelback.com https://*.abs.gov.au; frame-ancestors 'none'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' *.ci360.sas.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; font-src * data:; frame-src *; style-src * 'unsafe-inline'; frame-ancestors https://*.fluke.com; object-src 'none'; 1
font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' www.w3.org; object-src 'none'; frame-ancestors 'self'; report-uri https://www.opengroup.org/report-uri/enforce 1
frame-ancestors https://*.bancopan.com.br 1
frame-ancestors *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; frame-src *; font-src *.adguard.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self' data:; object-src https://cdn.adtidy.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; media-src cdn.adtidy.org *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-dns.io *.adguard-dns.com *.adguard.app *.adguard.info 'self' 1
default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com ipropertyexpress.com virtual-tour.ipropertyexpress.com envisionvr.net https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ https://*.app.trade.me https://vimeo.com https://*.vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://static.instavid360.com/ https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.trademepayments.co.nz:* *.pingauth.trademe.co.nz:* mfa.trademe.co.nz;font-src 'self' data: www.trademe.co.nz fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://api.trademe.co.nz/graphql/ https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz https://images.tmsandbox.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com https://static.instavid360.com/;media-src https://static.instavid360.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-XLQkQ8in0kV+VzJk+MGHmOGcA6MASpuKodiX7GlEyKc=' 'sha256-nLJR3hobId5sFEi+fSoRD+x3EbYu9cAoiIK2HKHZ6i4=' 'report-sample' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com www.gstatic.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://api.trademe.co.nz/graphql/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn google.com *.doubleclick.net *.googlesyndication.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.afterpay.com api.amplitude.com https://*.app.trade.me https://*.nr-data.net https://api.topsort.com/v2/events;child-src 'self';worker-src 'self';object-src 'none';report-uri https://www.trademe.co.nz/a/csp-report-uri 1
default-src 'self'; manifest-src 'self'; connect-src 'self' https://*.ezodn.com https://*.ezoic.net; font-src 'self'; img-src data: *; script-src 'self' 'unsafe-inline' https://*.ezodn.com; style-src 'self' 'unsafe-inline' * 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
frame-ancestors 'self' https://www.canaoeste.com.br/ 1
style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-FSaEVZddMfVCGB21jmMo/w=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' ruckuswireless.com www.ruckuswireless.com 192.168.1.0/24 1
default-src 'self' https://files.labcorp.com https://static.cloudflareinsights.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com; connect-src 'self' https://ad.doubleclick.net https://www.googletagmanager.com https://script.crazyegg.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://api.company-target.com https://www.google-analytics.com https://stats.g.doubleclick.net https://insights.algolia.io https://vc.hotjar.io https://us-autocomplete.api.smartystreets.com/suggest https://maps.googleapis.com https://m.addthis.com https://in.hotjar.com https://nexus.ensighten.com https://cs.choozle.com https://cdn.linkedin.oribi.io https://www.juicer.io https://ws9.hotjar.com https://www.facebook.com *.algolianet.com *.algolia.net *.linkedin.com *.licdn.com *.onetrust.com *.qualtrics.com *.fontawesome.com *.pinterest.com wss://ws9.hotjar.com wss://ws6.hotjar.com wss://ws5.hotjar.com https://content.hotjar.io covancelabcorpsite.112.2o7.net https://api.howuku.com https://bugcrowd.com https://assets.bugcrowdusercontent.com; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://fonts.gstatic.com/s/sourcesanspro/v21/ https://fonts.gstatic.com/s/sourceserifpro/v15/ https://fonts.gstatic.com https://stats.g.doubleclick.net https://use.fontawesome.com/releases/v5.0.13/webfonts/ https://*.fontawesome.com https://static.juicer.io; frame-src 'self' https://www.googletagmanager.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://s7.addthis.com https://insight.adsrvr.org https://d1eoo1tco6rr5e.cloudfront.net https://bid.g.doubleclick.net https://match.adsrvr.org https://labcorp.labcorpwomenshealth.com https://public.tableau.com https://ct.pinterest.com https://www.youtube.com *.vimeo.com *.linkedin.com *.doubleclick.net *.qualtrics.com https://files.labcorp.com https://app.smartsheet.com https://bugcrowd.com https://assets.bugcrowdusercontent.com; img-src 'self' https://dpm.demdex.net https://connect.facebook.net https://s409256115.t.eloqua.com https://www.facebook.com https://www.pages03.net https://www.google-analytics.com https://analytics.twitter.com https://www.google.com https://t.co https://segments.company-target.com https://match.prod.bidr.io https://id.rlcdn.com https://maps.googleapis.com https://maps.gstatic.com https://files.labcorp.com https://tags.bluekai.com https://insight.adsrvr.org https://content.labcorp.com https://content.labcorp.com-d9 https://labcorp-content.tronestaging.com https://public.tableau.com https://imageproxy.juicer.io https://flask.nextdoor.com https://i.vimeocdn.com https://mms.businesswire.com https://cts.businesswire.com covancedrugdevdevlc.112.2o7.net https://cdn.cookielaw.org https://covancedrugdevdevlc.112.2o7.net *.labcorp.com *.choozle.com *.ensighten.com *.linkedin.com *.licdn.com *.pinterest.com p.adsymptotic.com *.qualtrics.com data: covancelabcorpsite.112.2o7.net https://mma.prnewswire.com https://c212.net https://dev.visualwebsiteoptimizer.com; media-src 'self' media.licdn.com files.labcorp.com; object-src 'self' *.googlesyndication.com https://files.labcorp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://extend.vimeocdn.com https://connect.facebook.net https://cdn5.userzoom.com https://static.ads-twitter.com https://snap.licdn.com https://img03.en25.com https://www.google-analytics.com https://script.crazyegg.com https://static.hotjar.com https://www.sc.pages03.net https://secure.otto5loki.com https://bugcrowd.com https://assets.bugcrowdusercontent.com https://cdn.cookielaw.org https://nexus.ensighten.com https://scripts.demandbase.com https://geolocation.onetrust.com https://script.hotjar.com https://www.gstatic.com/recaptcha/ https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com/ https://files.labcorp.com https://js.adsrvr.org https://bh.contextweb.com https://tr.contextweb.com https://urldefense.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://cs.choozle.com *.qualtrics.com https://*.fontawesome.com https://s.pinimg.com https://public.tableau.com https://assets.adobedtm.com https://assets.juicer.io https://ads.nextdoor.com https://www.youtube.com img.en25.com https://static.cloudflareinsights.com https://cdn.mouseflow.com https://dev.visualwebsiteoptimizer.com https://cdn.howuku.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.google.com *.fontawesome.com *.choozle.com *.ensighten.com files.labcorp.com platform.twitter.com ton.twimg.com www.googletagmanager.com assets.juicer.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.typekit.net; worker-src 'self' blob: www.google.com; frame-ancestors 'self' t.co twitter.com; block-all-mixed-content 1
default-src 'self' *.tonic.to 1
object-src 'self'; script-src 'nonce-cd8802ea50ddaed5e56ceeff9d803815' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self';frame-ancestors 'self'; report-uri /html/cspReport.jsp 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' extremecloudiq.com *.extremecloudiq.com *.xcloudiq.com *.aerohive.com cdn.walkme.com *.googleapis.com *.google.com server.arcgisonline.com *.gstatic.com *.cloudflare.com *.gstatic.com *.alicdn.com *.pendo.io bit.ly cloud.kapostcontent.net; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' avatars.githubusercontent.com; frame-src 'self' player.vimeo.com 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://secure.gaug.es https://gravatar.com https://www.gravatar.com https://secure.gravatar.com https://*.fastly-insights.com https://avatars.githubusercontent.com; object-src 'none'; script-src 'self' https://secure.gaug.es https://www.fastly-insights.com https://unpkg.com/@hotwired/stimulus/dist/stimulus.umd.js https://unpkg.com/stimulus-rails-nested-form/dist/stimulus-rails-nested-form.umd.js 'nonce-'; style-src 'self' https://fonts.googleapis.com 'nonce-'; connect-src 'self' https://s3-us-west-2.amazonaws.com/rubygems-dumps/ https://*.fastly-insights.com https://fastly-insights.com https://api.github.com http://localhost:*; form-action 'self' https://github.com/login/oauth/authorize; frame-ancestors 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub852fa3e2312391fafa5640b60784e660&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Arubygems.org%2Cversion%3Aedb231ecccebbc9899ce65602312868809357bc0%2Cenv%3Aproduction%2Ctrace_id%3A2456268344139356921 1
base-uri 'none'; child-src blob: *; connect-src 'self' https://maps.sgcdn.cz https://*.google-analytics.com https://*.googleapis.com/ wss://www.slevomat.cz https://www.facebook.com https://connect.facebook.net https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.cz https://*.google.sk https://*.googlesyndication.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://*.crazyegg.com https://directline.botframework.com wss://directline.botframework.com/ blob: https://api.amplitude.com https://cdn.optimizely.com https://secure.curl7bike.com https://analytics.tiktok.com https://h.seznam.cz https://*.clarity.ms; default-src 'self'; font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://pay.google.com; frame-ancestors 'self'; frame-src *; img-src blob: data: *; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'nonce-ZTllYWQ1NDA1ZjAwNGI1MzlkY2VjMzNkNjhmM2IyNjg=' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; worker-src 'self' blob:; report-uri /csplog 1
base-uri 'self'; frame-ancestors 'self' https://*.smartinsights.com; frame-src 'self' https://intercom-sheets.com  https://ff.doubleclick.net https://cdn.embedly.com https://www.google.com https://td.doubleclick.net https://securepubads.g.doubleclick.net https://staticxx.facebook.com https://www.facebook.com https://www.g2.com https://www.g2crowd.com/ https://vars.hotjar.com https://go.pardot.com https://*.smartinsights.com https://optimize.google.com https://checkout.stripe.com  http://www.scribd.com https://www.slideshare.net/ https://js.stripe.com https://*.twitter.com https://*.vimeo.com https://youtu.be https://*.youtube.com https://www.youtube-nocookie.com https://*.seedprod.com; img-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.omappapi.com https://4screens.net https://ws.amazon.co.uk https://z-eu.amazon-adsystem.com https://s3-us-west-1.amazonaws.com https://cdn.ampproject.org https://sjs.bizographics.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://secure.comodo.com https://*.convertexperiments.com https://*.g.doubleclick.net https://connect.facebook.net https://t.gatorleads.co.uk https://adservice.google.co.uk https://adservice.google.com https://apis.google.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://optimize.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.googletagservices.com https://googletagservices.com https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hotjar.com https://instant.page https://widget.intercom.io https://js.intercomcdn.com https://e.issuu.com https://code.jquery.com https://cdn.jsdelivr.net https://snap.licdn.com/ https://platform.linkedin.com https://*.newrelic.com https://bam.nr-data.net https://a.opmnstr.com https://api.opmnstr.com https://*.pardot.com https://assets.pinterest.com https://secure.polldaddy.com https://scout-cdn.salesloft.com https://app.seedprod.com https://*.smartinsights.com https://checkout.stripe.com https://js.stripe.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com https://unpkg.com https://platform.vine.co https://visual.ly https://fast.wistia.com https://t.wowanalytics.co.uk; style-src 'self' 'unsafe-inline' https://code.ionicframework.com https://fonts.googleapis.com https://optimize.google.com https://cdn.jsdelivr.net https://cdn.pardot.com https://pi.pardot.com https://checkout.stripe.com https://static.ads-twitter.com https://*.twitter.com https://*.smartinsights.com https://*.omappapi.com; 1
frame-ancestors 'self' *.learningcloud.me 1
frame-ancestors 'self' https://mtt.avp.tech; 1
frame-ancestors 'self' *.anthem.com; 1
default-src 'self' altium.com *.altium.com; connect-src 'self' altium.com *.altium.com *.hotjar.com *.hotjar.io *.devstages.com v2.api.uberflip.com play.vidyard.com cdn.bizible.com 817-sfw-071.mktoresp.com api.segment.io api.amplitude.com bat.bing.com d.adroll.com https://*.optimizely.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.googleapis.com *.firebaseio.com wss://*.firebaseio.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com mc.yandex.ru *.clarity.ms https://boards-api.greenhouse.io/v1/boards/braze/departments https://boards-api.greenhouse.io/v1/boards/altium/departments https://boards-api.greenhouse.io/v1/boards/*/departments https://boards-api.greenhouse.io/v1/boards/altium/jobs https://apihub.document360.io/v1/articles/ https://apihub.document360.io/v1/projectversions/ https://cdn.cookielaw.org *.onetrust.com ajax.googleapis.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.segment.com https://www.google-analytics.com https://www.googletagmanager.com https://o406350.ingest.sentry.io/api/4504513653833728/envelope/; font-src 'self' data: altium.com *.altium.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net dhm5hy2vn8l0l.cloudfront.net themes.googleusercontent.com fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' altium.com *.altium.com *.hotjar.com *.doubleclick.net *.fls.doubleclick.net http://4296759.fls.doubleclick.net *.marketo.com *.twitter.com play.vidyard.com d3l9fju211jpzs.cloudfront.net js.driftt.com www.instagram.com www.youtube.com www.google.com www.facebook.com http://altium.force.com/* http://altium.force.com https://altium.secure.force.com https://altium-dev.os.tc *.getfeedback.com *.addtoany.com *.firebaseio.com https://vars.hotjar.com https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://boards.greenhouse.io/* https://Altium.drift.click; img-src * data:; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' altium.com *.altium.com *.adroll.com *.marketo.com *.hotjar.com *.twitter.com d2ns91cgb08z5o.cloudfront.net d3l9fju211jpzs.cloudfront.net d25n9y37pkfre9.cloudfront.net analytics.twitter.com bat.bing.com cdn.bizible.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.segment.com cdn.syndication.twimg.com cdn.amplitude.com connect.facebook.net content.cdntwrk.com dev.visualwebsiteoptimizer.com ml314.com *.ml314.com d.adroll.mgr.consensu.org js.driftt.com go.toutapp.com googleads.g.doubleclick.net munchkin.marketo.net pixel-geo.prfct.co play.vidyard.com snap.licdn.com static.addtoany.com static.ads-twitter.com tag.marinsm.com tag.bounceexchange.com www.upsellit.com www.instagram.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.gstatic.com www.redditstatic.com www.youtube.com onesignal.com *.onesignal.com *.getfeedback.com *.firebaseio.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.clarity.ms mc.yandex.ru https://cdn.cookielaw.org ajax.googleapis.com cdnjs.cloudflare.com go.altium.com https://cdn-shared.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://demotest.altium.com https://https https://play.vidyard.com https://profile.altium.com https://profile.dev1.altium.com https://service.force.com https://static.addtoany.com https://unpkg.com https://www.altium.com https://www.google.com https://www.gstatic.com viewer.altium.com www.altium.com; style-src 'self' 'unsafe-inline' altium.com *.altium.com *.marketo.com *.twitter.com *.twimg.com cloud.typography.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net onesignal.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com https://cdn-shared.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://https www.altium.com; worker-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms; frame-src 'self' *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me; object-src 'self'; worker-src blob:; connect-src 'self' *.wpml.org https://*.doubleclick.net q.quora.com *.clarity.ms *.helpscout.net *.wistia.com d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com wss://chat-support.wpml.org https://chat-support.wpml.org wss://activity-tracker.wpml.org https://activity-tracker.wpml.org ams.wpml.org https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 1
default-src 'self'; script-src 'unsafe-inline' *.addevent.com info.factsmgt.com *.gstatic.com *.vimeo.com 'self' *.cookielaw.org *.hotjar.com *.google-analytics.com *.google.com ajax.googleapis.com *.facebook.net googleads.g.doubleclick.net *.facebook.com addevent.com static.addtoany.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com *.pardot.com *.googletagmanager.com whova.com *.factsmgt.com factsmgt.com *.cloudfront.net *.googleadservices.com 'unsafe-eval'; style-src *.bootstrapcdn.com 'unsafe-inline' *.fontawesome.com 'self' *.googleapis.com *.cloudfront.net; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.w.org *.facebook.com *.gravatar.com *.nelnet.net data: *.s3.amazonaws.com *.cloudfront.net; connect-src 'self' *.bugsnag.com *; font-src *.fontawesome.com *.gstatic.com 'self' * data:; media-src 'self'; frame-src *.pardot.com *.evnt.is *.google.com *.vimeo.com *.factsmgt.com *.addtoany.com *.hotjar.com factsmgt.com *.facebook.com *.doubleclick.net *.youtube.com https://whova.com *.whova.com; 1
frame-ancestors 'self' studio.yourstory.com; 1
default-src 'none';base-uri 'self';block-all-mixed-content;connect-src 'self';font-src 'self';form-action 'self' https://search.f-droid.org;frame-ancestors 'self';img-src 'self' https://f-droid.org;manifest-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline'; 1
frame-ancestors view.publitas.com www.publitas.com 1
frame-ancestors 'self' *.chilis.com 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self' https://canny.io https://*.canny.io; child-src 'self' blob: https://canny.io https://*.canny.io *.wistia.net https://*.loom.com https://*.stripe.com https://*.useloom.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://intercom-sheets.com https://loom.com https://recaptcha.recaptcha.net/recaptcha/ https://share.intercom.io https://useloom.com https://td.doubleclick.net https://vimeo.com https://platform.twitter.com/ https://www.facebook.com https://www.recaptcha.net/recaptcha/ https://www.intercom-reporting.com https://youtu.be https://youtube.com; connect-src 'self' https://canny.io https://*.canny.io *.wistia.com *.wistia.net https://api.hubapi.com https://api.zapier.com https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hubspot.com https://*.intercom.io https://*.litix.io https://*.stripe.com https://bat.bing.com https://td.doubleclick.net https://px.ads.linkedin.com/wa/ https://cdn.linkedin.oribi.io https://embedwistia-a.akamaihd.net https://google.com https://heapanalytics.com https://pubsub.googleapis.com https://edge.fullstory.com https://rs.fullstory.com https://api.luckyorange.com https://api-preview.luckyorange.com https://settings.luckyorange.com https://api-js.mixpanel.com https://in.visitors.live https://sentry.io https://stats.g.doubleclick.net https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.facebook.com https://www.redditads.com https://cdn.jsdelivr.net/npm/@emoji-mart/data@1.1.2/sets/14/native.json wss://*.intercom.io wss://realtime.luckyorange.com wss://*.visitors.live; font-src * data:; form-action https://canny.io https://*.canny.io https://api-iam.intercom.io https://intercom.help https://www.facebook.com; img-src * data: https://ct.capterra.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com; media-src * blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://canny.io https://*.canny.io *.wistia.com cdn.heapanalytics.com https://*.atl-paas.net https://*.clarity.ms https://*.googletagmanager.com https://platform.twitter.com/ https://*.hubspot.com https://*.intercom.io https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://a.quora.com https://bat.bing.com https://cdnjs.cloudflare.com https://cdn.zapier.com https://connect.facebook.net https://www.redditstatic.com https://edge.fullstory.com https://tools.luckyorange.com https://g.microsoft.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.intercomcdn.com https://googleads.g.doubleclick.net https://heapanalytics.com https://snap.licdn.com https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/; style-src 'self' 'unsafe-inline' https://canny.io https://*.canny.io https://*.atlassian.com https://*.zdassets.com https://*.zendesk.com https://cdnjs.cloudflare.com https://cdn.zapier.com https://heapanalytics.com; worker-src blob:; report-uri https://canny.io/api/csp/report 1
default-src 'self'; script-src 'self' *.youtube.com *.googleapis.com *.googletagmanager.com 'nonce-wcUVTsX8n49wLHXAHjEPFeFvcp65ULV5'; media-src 'self' *.googleapis.com; connect-src 'self' *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com; frame-src *.google.com *.youtube.com *.culturalspot.org *.appspot.com; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; script-src-elem 'self' *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.googleapis.com *.googletagmanager.com 'nonce-wcUVTsX8n49wLHXAHjEPFeFvcp65ULV5'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: *.googleapis.com *.ytimg.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com 1
frame-ancestors 'self' *.google.com *.amp.colgate.com amp.colgate.com *.colgate.com colgate.com; 1
script-src 'self' www.tiktok.com lf16-tiktok-web.ttwstatic.com *.twitter.com 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' pagead2.googlesyndication.com googleads.g.doubleclick.net 'self' 'unsafe-eval' 'nonce-csp-script-inline' polyfill.io *.madcat.tv *.trovo.live astatic.trovocdn.net connect.facebook.net 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-G5gTuBIY0B0A928ho6zDtB8xjEJUVQzb8RILYuCebLE=' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.gtimg.cn websdk.appsflyer.com h.online-metrix.net dev.api.unipay.qq.com *.midasbuy.com guigu.singaporepaya.com cdn.midasbuy.com imasdk.googleapis.com securepubads.g.doubleclick.net yandex.ru yastatic.net; style-src 'self' 'unsafe-inline' *.madcat.tv *.trovo.live astatic.trovocdn.net lf16-tiktok-web.ttwstatic.com; worker-src 'self' 'unsafe-eval' *.trovo.live astatic.trovocdn.net *.madcat.tv connect.facebook.net blob: www.google.com; connect-src * 'self' data: blob:; media-src * blob: data: 1
frame-ancestors 'self' *.zwift.com 1
connect-src venus.yidianzixun.com:9001 venus.yidianzixun.com:3081 venus.yidianzixun.com:3082 venus.yidianzixun.com:3083 http://dev.yidianzixun.com:3080 http://*.yidianzixun.com https://*.yidianzixun.com http://yun.lvehaisen.com http://*.go2yd.com http://*.baidu.com https://*.baidu.com https://*.baidustatic.com http://www.qchannel03.cn http://engine.tuistone.com; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' blob: 'unsafe-inline' https://*.cloudfront.net https://*.google-analytics.com https://tags.tiqcdn.com https://app.gotowebinar.com 'unsafe-eval' https://www.youtube.com https://www.google.com https://www.gstatic.com https://s.ytimg.com https://api.swiftype.com https://my.nanorep.com https://logmeinsupport.nanorep.co/ https://s3.amazonaws.com/scripts-clickmeter-com/js/pixelNew.js https://ssl.p.jwpcdn.com https://support.logmeininc.com/assets/scripts/libs/plugins/lscache.min.js https://assets.cdngetgo.com https://www.googleapis.com https://api.microsofttranslator.com https://*.boldchat.com https://www.googletagmanager.com https://sjs.bizographics.com https://www.googleadservices.com https://connect.facebook.net https://c.pmsrv.co https://d.impactradius-event.com https://cdnssl.clicktale.net https://pixel.pmsrv.co https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://getgo.app.box.com https://cl.qualaroo.com https://tag.demandbase.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.qualtrics.com https://support.logmeininc.com https://munchkin.marketo.net https://bat.bing.com https://demandpro.iljmp.com https://vidassets.terminus.services https://js.adsrvr.org https://cdnjs.cloudflare.com https://partner.stage.aur.goto.com  https://partner.goto.com  https://*.app.khoros.com https://*.smooch.io https://*.app.lithium.com https://netdna.bootstrapcdn.com https://support.goto.com https://static.cloud.coveo.com https://platform.cloud.coveo.com https://*.coveo.com/ https://getgo-bsp.s3.amazonaws.com/just-validate-3.8.1.production.min.js https://getgo-bsp.s3.amazonaws.com/just-validate-3.8.1.production.ie.min.js https://feedback.goto.com https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.dante-ai.com/ https://*.trustarc.com/ https://www.clarity.ms/tag/jukzfgg3la; img-src 'self' https://*.cloudfront.net https://*.google-analytics.com https://citrixsaas.d1.sc.omtrdc.net https://img.youtube.com data: https://jwpltx.com https://assets.cdngetgo.com https://avatars.servers.getgo.com https://s3.amazonaws.com https://lmi.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://*.boldchat.com https://logmeinsupport.nanorep.co https://nr1.s3.amazonaws.com https://*.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://pixel.pmsrv.co https://www.googletagmanager.com https://static1.squarespace.com https://www.grasshopper.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://avatarsed1.serversdev.getgo.com https://*.qualtrics.com https://j.mrpdata.net https://logmeincdn.azureedge.net https://bat.bing.com https://i.ytimg.com https://match.adsrvr.org https://vidassets.terminus.services https://c.clicktale.net https://sp.analytics.yahoo.com  https://conductor.clicktale.net https://www.google.com https://www.google.com.gt https://www.google.hu https://*.app.khoros.com https://*.gravatar.com https://*.googleapis.com https://static.cloud.coveo.com https://*.coveo.com/ https://feedback.goto.com https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.dante-ai.com/ https://*.trustarc.com/; connect-src 'self' https://www.google-analytics.com https://s3.amazonaws.com https://telemetry.servers.getgo.com https://ggc-gateway-prod.servers.getgo.com https://iam.servers.getgo.com https://dpm.demdex.net https://lmi.sc.omtrdc.net/ https://citrixsaas.dt.sc.omtrdc.net https://omahaproxy.appspot.com/all.json https://product-details.mozilla.org https://citrixsaas.d1.sc.omtrdc.net https://livechat.boldchat.com https://authentication.logmeininc.com/ https://*.mktoresp.com https://ing-district.clicktale.net https://stats.g.doubleclick.net https://logmeinsupport.nanorep.co https://prod.getgo.psdops.com/ https://api.company-target.com https://s.yimg.com https://conductor.clicktale.net https://*.qualtrics.com https://support.logmeininc.com https://vms.boldchat.com wss://websocket.bold360.com https://visitor-services.boldchat.com https://insight.adsrvr.org https://telemetrystage.servers.getgo.com https://*.serversdev.getgo.com https://*.clicktale.net https://www.goto.com https://admin.lastpass.com https://auth.lastpass.com https://dpm.demdex.net https://auth-rc.dev.lastpass.com https://visitor-services.nanorep.com https://*.app.khoros.com https://proactive-chat-server-us.prod.aws.lcloud.com https://*.smooch.io wss://api.smooch.io/faye https://*.app.lithium.com https://netdna.bootstrapcdn.com https://support.goto.com https://platform.cloud.coveo.com  https://analytics.cloud.coveo.com  https://*.coveo.com/ https://www.goto.com/api/geoip/getcountry https://support.grasshopper.com https://cloudflare.com/cdn-cgi/trace https://feedback.goto.com data: https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.usw2.khoros.com wss://*.usw2.khoros.com ssl://*.usw2.khoros.com:8883 https://*.aws.lcloud.com https://*.googlesyndication.com/ https://*.dante-ai.com/ https://*.trustarc.com/; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://fonts.googleapis.com https://assets.cdngetgo.com https://*.qualtrics.com https://*.app.khoros.com https://*.app.lithium.com https://static.cloud.coveo.com https://*.coveo.com/ https://*.dante-ai.com/ https://*.trustarc.com/; frame-src 'self' https://www.google.com https://www.youtube.com/ https://logmeinsupport.nanorep.co/ https://pixel.watch/ https://s3.amazonaws.com/ https://lmi.demdex.net/ https://www.youtube-nocookie.com/ https://bid.g.doubleclick.net https://getgo.app.box.com https://dnt.qualaroo.com https://api.boldchat.com https://*.fls.doubleclick.net https://dntcl.qualaroo.com https://*.qualtrics.com https://www.facebook.com https://support.logmeininc.com https://feedback.goto.com https://*.siteintercept.qualtrics.com https://support.goto.com https://search.cloud.coveo.com https://*.coveo.com/ https://join.gotoresolve.com/ https://feedback-us.app.khoros.com/ https://*.dante-ai.com/ https://*.trustarc.com/; child-src 'self' https://www.google.com https://www.youtube.com/ https://logmeinsupport.nanorep.co/ https://pixel.watch/ https://s3.amazonaws.com/ blob:; font-src 'self' https://*.cloudfront.net https://fonts.gstatic.com data: https://ssl.p.jwpcdn.com https://assets.cdngetgo.com https://*.qualtrics.com https://*.app.khoros.com https://*.app.lithium.com https://*.coveo.com/ https://*.dante-ai.com/ https://*.trustarc.com/; object-src 'none'; media-src 'self' blob: data: https://logmeinsupport.nanorep.co https://*.app.khoros.com https://*.app.lithium.com https://*.trustarc.com/; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.yieldify.com/ 1
frame-ancestors vanderbilt.edu/AEA 'self' 1
def-src 'self' 1
child-src 'self' *.facebook.com connect.facebook.net; frame-src 'self' https://www.google.com https://www.youtube.com https://*.vimeo.com https://static.addtoany.com *.facebook.com connect.facebook.net https://www.googletagmanager.com https://www.instagram.com/ https://bbb.ut.ee/ https://ois2.ut.ee/ https://utinfo.sendsmaily.net/ https://www.uttv.ee/ https://maps.google.com/ https://services.err.ee/ https://kuku.pleier.ee https://my.visme.co https://open.spotify.com/ https://podcasters.spotify.com/ https://kaart.delfi.ee https://panopto.ut.ee https://calendar.google.com/ https://twitter.com https://platform.twitter.com https://www.ut.ee https://bid.g.doubleclick.net *.sendsmaily.net/ https://tpc.googlesyndication.com https://ut.ee https://www.flipsnack.com/ https://kuula.co/ https://pivot.proquest.com https://survey.ut.ee/ https://survey-test.ut.ee https://*.soundcloud.com https://forms.office.com; img-src 'self' data: *.facebook.com *.facebook.net *.fbcdn.net https://www.google-analytics.com *.ut.ee/ https://i.ytimg.com https://www.googletagmanager.com https://www.gstatic.com/ https://twitter.com https://platform.twitter.com https://www.google.com https://www.google.ee https://www.google.com.cy https://www.google.com.uz https://cache.uttv.ee https://www.google.kg https://www.google.dz https://www.google.cm https://googleads.g.doubleclick.net https://www.google.si https://www.google.cz https://www.google.co.uz https://www.google.co.in https://www.google.se https://www.google.ru https://www.google.az https://www.google.com.tr https://www.google.ng https://www.google.com.bd https://www.google.co.uk https://www.google.co.ng https://www.google.ge https://www.google.com.pk https://www.google.com.ua https://www.translate.google.com https://www.google.nl https://www.google.co.id https://www.google.de https://www.google.fi https://translate.google.com https://www.google.it https://www.google.com.ng https://www.google.lv https://www.google.cl https://www.google.com.pe https://www.google.com.hk https://www.google.com.tw https://www.google.com.br https://www.google.kz https://www.google.com.vn https://www.google.ro https://www.google.lk https://www.google.ae https://www.google.co.jp https://www.google.co.kr https://www.google.com.gh https://www.google.ch https://www.google.pl https://www.google.com.co https://www.google.hu https://www.google.co.tz https://enlight-eu.org https://www.google.sk https://www.google.lt https://www.google.mn https://www.google.com.mx https://www.google.gr https://www.google.by https://www.google.md https://www.google.at https://www.google.es https://www.google.no https://www.google.is https://www.google.co.th https://www.google.am https://www.google.co.ma https://www.google.be https://www.google.co.ug https://www.google.fr https://www.google.com.do https://www.google.iq https://www.google.dk https://www.google.sn https://www.google.com.sg https://www.google.com.np https://www.google.co.il https://www.google.ca https://www.google.ie https://www.google.co.za https://www.google.co.ke https://www.google.com.mt https://www.google.bg https://www.google.pt https://www.google.al https://www.google.jo https://www.google.com.lb https://www.google.com.sa https://www.google.com.ec https://www.google.ml https://www.google.com.au https://www.google.ps https://www.google.com.my https://www.google.com.qa https://www.google.rw https://www.google.co.mz https://www.google.com.tj https://ut.ee https://www.google.com.eg https://www.google.ba https://www.google.mv https://www.google.mk https://www.google.ga https://www.google.com.ar https://www.google.td https://www.google.tm https://www.google.com.ph https://www.google.com.cu https://www.google.com.bh https://www.google.gm https://www.google.bt https://www.google.lu https://www.google.hr https://www.google.ci https://www.google.co.nz https://www.google.tn https://www.google.co.cr https://www.google.com.sl https://www.google.com.et https://www.google.hn https://www.google.co.bw https://www.google.com.ly https://www.google.mu https://www.google.com.kw https://www.google.so; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.instagram.com/ https://www.gstatic.com https://googleadsservices.com https://static.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com  https://cdnjs.cloudflare.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://www.gstatic.com https://kuku.pleier.ee https://services.err.ee/ https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.instagram.com https://static.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.translate.google.cn https://ssl.google-analytics.com  https://cdnjs.cloudflare.com https://www.google.com; style-src 'self' fonts.googleapis.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com; frame-ancestors 'self' https://ut.ee; report-uri https://ut.ee/et/report-uri/enforce 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-CVPLElErgLopVoWESOoYkGnBr9L0zi' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors *.hoopladigital.com 1
frame-ancestors 'self' https: https://www.databeatomni.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com.sg *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com ajax.aspnetcdn.com www.redditstatic.com *.linkedin.com https://www.youtube.com *.bilibili.com *.youtube-nocookie.com https://player.vimeo.com https://platform.twitter.com https://w.soundcloud.com platform.tumblr.com fonts.gstatic.com kendo.cdn.telerik.com https://libapp.ntu.edu.sg https://cdn.knightlab.com https://syndication.twitter.com https://static.licdn.com https://s.ytimg.com https://publish.twitter.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js *.insight.sitefinity.com https://dec.azureedge.net/ https://*.dec.sitefinity.com https://dc.services.visualstudio.com *.mktoresp.com pbs.twimg.com platform.twitter.com munchkin.marketo.net *.eloqua.com track.hubspot.com https://i.ytimg.com netdna.bootstrapcdn.com https://nostalgic-roentgen-a5aaef.netlify.app *.cloudfront.net https://www.thinglink.com data: blob: js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org *.ntu.edu.sg https://ntu-cris-test.4science.cloud https://az416426.vo.msecnd.net/scripts/a/ai.0.js *.mapsindoors.com https://cdn.applozic.com/applozic/applozic.chat-6.1.min.js *.cognitoforms.com *.usetiful.com https://a.opmnstr.com https://snap.licdn.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net *.g.doubleclick.net badge.stumbleupon.com wss://socket2.applozic.com *.typeform.com *.omappapi.com *.hubspotusercontent40.net *.hubapi.com *.hubspot.com *.hsforms.com *.dialogflow.com walls.io *.walls.io *.surveysparrow.com app.sli.do www.pbrain.biz cdn.unibuddy.co unibuddy.co *.launchpad6.com *.hscta.net *.hscollectedforms.net *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent-na1.net *.tableau.com www.google.co.id https://analytics.tiktok.com *.accredify.io cdnjs.cloudflare.com schemata.openattestation.com www.w3.org *.comm100.com *.comm100vue.com *.comm100.io *.viewin360.co *.viziofly.com *.hs-sites.com https://popcard.unibuddy.co/ https://pages.kuula.co/ http://cdn.thinglink.me/jse/responsive.js *.sharethis.com *.dacast.com bcp.crwdcntrl.net https://ntu.imail-host.com https://polyfill.io https://cdn.jsdelivr.net *.maglr.com https://forms.office.com *.superchar.xyz; 1
default-src *; font-src * data:;img-src 'self' * blob:  data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://*.bni.co.id; 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-b8b4edbbc52380fbe12bef7ad2fe4caf' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=18.12.23; 1
frame-ancestors vidiq-marketing-cms.now.sh vidiq-marketing-cms.vercel.app vidiq-marketing-cms-git-staging-vidiq.vercel.app vidiq-marketing-cms-git-dev-vidiq.vercel.app vidiq-marketing-cms-git-dev.vidiq.now.sh vidiq-marketing-cms-git-staging.vidiq.now.sh vitals.vercel-analytics.com localhost:3333 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.go-mpulse.net *.akstat.io *.aexp-static.com *.americanexpress.com tag.yieldoptimizer.com hm.baidu.com *.bambuser.com x.bidswitch.net bat.bing.com *.branch.io app.link s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net *.brightcovecdn.com dpdb.webvr.rocks *.boltdns.net *.llnwd.net *.llnw.net vjs.zencdn.net *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net collect-eu.attraqt.io analytics.google.com *.analytics.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com cdn.grata.cn *.usehero.com *.twilio.com wss://*.vss.twilio.com *.us1.twilio.com wss://*.us1.twilio.com *.eu1.twilio.com wss://*.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.liveperson.net wss://*.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com *.paypal.com www.personifyxpassets.com 7vr7bv2vla.execute-api.eu-west-1.amazonaws.com ct.pinterest.com s.pinimg.com *.qudini.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi dabs7b6g7t59l.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com com-burberry-prod1.mini.snplow.net s3.global-e.com webservices.global-e.com utils.global-e.com gepi.global-e.com web.global-e.com securev2.global-e.com www.global-e.com  hcaptcha.com *.hcaptcha.com web-assets-cdn.momentfeed.com api.momentfeed.com api.mapbox.com events.mapbox.com cdn.jsdelivr.net uberall.com maps.google.com *.configcat.com *.shopstylecollective.com app.collectivevoice.com app.collectivevoiceqa.com analytics.tiktok.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; base-uri 'self'; upgrade-insecure-requests; report-uri https://csp.apps.burberry.com/brby 1
style-src 'unsafe-inline' 'self' *; font-src 'self' * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; object-src 'self' *; frame-src 'self' *; connect-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; 1
default-src 'self' 'unsafe-inline' *.scene7.com *.marketo.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.infinity-tracking.com *.adsrvr.org *.demandbase.com *.bing.com *.google.com *.cookielaw.org *.doubleclick.net *.adobedtm.com *.everestjs.net *.clarity.ms *.marketo.com *.scene7.com *.qualtrics.com *.conductor.com *.viasat.com *.amazonaws.com qvdt3feo.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.adobedtm.com *.sftoaa.com *.everestjs.net *.invocacdn.com *.invoca.net *.marketo.net *.crazyegg.com *.licdn.com *.facebook.net viasatinc.data.adobedc.net *.raygun.io *.bizible.com siteintercept.qualtrics.com *.icat.viasat.io tags.srv.stackadapt.com  ; frame-src 'self' *.youtube.com *.marketo.com *.adsrvr.org *.facebook.com *.company-target.com *.az1.qualtrics.com *.opendns.com *.adsrvr.cn *.doubleclick.net *.everesttech.net *.demdex.net *.everestjs.net *.force.com *.crazyegg.com ca-viasat-status.s3.amazonaws.com  ; img-src 'self' https: data:  ; media-src 'self' *.scene7.com  ; script-src-elem 'self' https: 'unsafe-inline'  ; connect-src 'self' 'unsafe-inline' *.demandbase.com *.infinity-tracking.net *.infinity-tracking.com *.onetrust.com *.company-target.com *.oribi.io *.clarity.ms *.scene7.com *.qualtrics.com *.facebook.com *.cookielaw.org *.everesttech.net google.com *.google.com *.google-analytics.com *.viasat.com *.doubleclick.net *.googleapis.com *.demdex.net *.omtrdc.net *.mktoresp.com *.crazyegg.com *.ads.linkedin.com cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com *.icat.viasat.io *.raygun.io *.bing.com *.invoca.net *.mktoutil.com tags.srv.stackadapt.com *.phonetrack.com * *.sftoaa.com  ; font-src 'self' fonts.gstatic.com *.googleapis.com *.icat.viasat.io *.typekit.net  ; style-src 'self' 'unsafe-inline' *.scene7.com *.marketo.com *.googleapis.com *.amazonaws.com *.scene7.com *.gstatic.com *.miaprova.com tags.srv.stackadapt.com  ; report-uri https://report-to-api.raygun.com/reports-csp?apikey=4uWKnPZoEmyV7vSRKJeHw report-to csp-endpoint 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.com.hk:* *.walkme.com bat.bing.com *.recaptcha.net *.gstatic.cn *.biocatch.com s.yimg.com tpc.googlesyndication.com connect.facebook.net tags.tiqcdn.com www.google.com.hk www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.hk:* *.walkme.com bat.bing.com *.biocatch.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk ad.doubleclick.net www.facebook.com maps.googleapis.com *.siteintercept.qualtrics.com adservice.google.com manifest.prod.boltdns.net *.brightcovecdn.com www.google.com http://127.0.0.1:5000 http://127.0.0.1:5000/* translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com.hk connect.facebook.net lptag.liveperson.net accdn.lpsnmedia.net *.v.liveperson.net s.yimg.com cdn.appdynamics.com cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.walkme.com *.googletagmanager.com *.recaptcha.net www.facebook.com tpc.googlesyndication.com connect.facebook.net gateway.zscalertwo.net gateway.zscloud.net sts-aad.auth.hsbc.com lpcdn.lpsnmedia.net 8694241.fls.doubleclick.net; frame-ancestors 'self' *.liveperson.net www.hsbc.com.hk; font-src 'self' data: *.hsbc.com.hk *.walkme.com fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob: *.walkme.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com; object-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com players.brightcove.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://yoast.com; font-src 'self' data:; frame-src 'self'; img-src 'self' data: https://secure.gravatar.com https://s.w.org; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 1
default-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net *.facebook.net *.facebook.com *.snapchat.com *.criteo.com unpkg.com *.fontawesome.com *.newrelic.com *.linkedin.com *.licdn.com *.atlasante.fr bam.eu01.nr-data.net; script-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net *.facebook.net *.snapchat.com sc-static.net secure.adnxs.com ads-engagement.presage.io *.criteo.com unpkg.com *.fontawesome.com *.newrelic.com *.linkedin.com *.licdn.com *.atlasante.fr bam.eu01.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net *.facebook.net unpkg.com *.fontawesome.com *.newrelic.com *.linkedin.com *.licdn.com *.atlasante.fr bam.eu01.nr-data.net 'unsafe-inline'; img-src * data:; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * data:; report-uri /report-csp-violation 1
frame-ancestors 'self' https://content.amplience.net https://primark.app.amplience.net https://app.amplience.net; 1
frame-ancestors 'self' *.healio.com:* *.blueconic.net:* *.slackbooks.com:* healiossdev.wpengine.com:* healiostrategicsolutions.com:* vindicocme.com:* wyanokegroup.com:* 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com *.seznamakce.cz www.seznamzpravy.cz admin.seznamzpravy.cz *.seznamzpravy.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.seznamzpravy.cz https://www.seznamzpravy.cz 1
frame-ancestors 'self'; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' www.gwdg.de keycloak.sso.gwdg.de 1
base-uri 'none';child-src 'self' * blob:;connect-src 'self' https://cdn.coda.io wss://coda.io https://coda.io wss://*.intercom.io https://coda-us-west-2-prod-blobs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs-upload.s3-accelerate.amazonaws.com https://coda-us-west-2-prod-packs.s3.us-west-2.amazonaws.com https://codahosted.io https://codacontent.io https://coda.io https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://sdk.iad-05.braze.com https://accounts.google.com https://app.getsentry.com https://iframe.ly https://cdn.iframe.ly https://api.rollbar.com https://baconipsum.com https://api.trello.com https://api.stripe.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://cdn.cookielaw.org https://*.onetrust.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://grsm.io https://partnerlinks.io https://pixel.pvd.to https://tracker.pixeltracker.co https://pixelconnector.pixeltracker.co https://login.microsoftonline.com https://graph.microsoft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.api.sanity.io https://*.apicdn.sanity.io https://statsig.coda.io https://statsigapi.net https://app.clearbit.com https://cdn.linkedin.oribi.io https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://api.sprig.com https://cdn.sprig.com ;default-src 'self' https://cdn.coda.io https://codacontent.io https://coda-us-west-2-prod-blobs.s3.us-west-2.amazonaws.com https://coda.io;font-src data: https://cdn.coda.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com;form-action 'self' https://api-iam.intercom.io https://intercom.help *.coda.io;frame-ancestors  *.coda.io *.intercom-sheets.com teams.microsoft.com  *.sanity.studio  ;frame-src *;img-src * blob: data:;media-src 'self' https://cdn.coda.io https://js.intercomcdn.com https://cdn.sanity.io;object-src 'none';report-uri /csp-violation;script-src  'unsafe-inline' 'unsafe-eval' https: https://*.mutinycdn.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com https://cdn.coda.io https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://use.fontawesome.com  https://*.mktoweb.com;worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emergencysavings.axisbank.com *.axisbank.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.msecnd.net/ https://*.lemnisk.co https://mu-ax-s.lemnisk.co https://cdn12-s.lemnisk.co https://cdn25-s.lemnisk.co https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://axisbank.demdex.net https://axisbank.demdex.com https://mu-pl-s.lemnisk.co https://*.adobedtm.com *.vizury.com https://snap.licdn.com/ https://4714706.fls.doubleclick.net/ https://cdn.linkedin.oribi.io/partner/2739201/domain/axisbank.com/token https://px.ads.linkedin.com/collect *.notifyvisitors.com wss://*.notifyvisitors.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://emergencysavings.axisbank.com *.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://*.lemnisk.co https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.notifyvisitors.com; img-src 'self' *.notifyvisitors.com https://emergencysavings.axisbank.com https://www.google.co.in www.google.com *.google.com https://www.google.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.doubleclick.net *.vizury.com *.lemnisk.co *.axisbank.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://px.ads.linkedin.com/collect https://4714706.fls.doubleclick.net/; font-src 'self' https://emergencysavings.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net https://*.axisbank.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.notifyvisitors.com data:; connect-src 'self' *.notifyvisitors.com https://emergencysavings.axisbank.com *.axisbank.com  https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net accounts.google.com https://stats.g.doubleclick.net/ https://ilsmartsearch.search.windows.net https://search-index-uat.search.windows.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com wss://nb-s.lemnisk.co https://*.lemnisk.co https://*.demdex.net https://axisbank.tt.omtrdc.net https://cdn12-s.lemnisk.co https://cdn25-s.lemnisk.co https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://axisbank.demdex.net https://mu-pl-s.lemnisk.co https://assets.adobedtm.com https://axisbank.demdex.net https://*.visualstudio.com https://cdn.linkedin.oribi.io/partner/2739201/domain/axisbank.com/token; media-src 'self' *.notifyvisitors.com data: blob:; child-src 'self' https://emergencysavings.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.axisbank.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.notifyvisitors.com; frame-src 'self' https://c4c.phonon.in/ https://www.youtube.com https://www.emergencysavings.axisbank.com https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net https://*.lemnisk.co https://*.demdex.net https://*.axisbank.co.in https://ai.axisbank.co.in/morfeuswebsdk https://axisbank.demdex.net https://application.axisbank.co.in https://branch.axisbank.com https://mu-pl-s.lemnisk.co https://platform.twitter.com https://chatbot.axisbank.com/ http://fip.staging.axisb.com https://4714706.fls.doubleclick.net/ *.notifyvisitors.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  weatherwidget.io *.flickr.com player.vimeo.com mun.ca www.mun.ca bat.bing.com cse.google.com www.google.com t4content.mun.ca t4content.ucs.mun.ca t4-fe2.ucs.mun.ca webstaging.mun.ca clf.mun.ca www.googletagmanager.com www.googleadservices.com www.gstatic.com googleads.g.doubleclick.net google-analytics.com analytics.twitter.com cdn.syndication.twimg.com www.google-analytics.com static.ads-twitter.com platform.twitter.com connect.facebook.net snapwidget.com streaming.citl.mun.ca ssl.p.jwpcdn.com im.citl.mun.ca www.youtube.com mun.us8.list-manage.com code.jquery.com cdn.jsdelivr.net webstaging.mun.ca bbox.blackbaudhosting.com calendar.time.ly snap.licdn.com cdn.datatables.net uk.smartthing.org c.bing.com ajax.googleapis.com; frame-ancestors 'self' *.vanillasoft.net vanillasoft.net webapps-qa.mun.ca 1
img-src http://* https://* data: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s7ap1.scene7.com/ https://authapp.ultimatix.net/ https://auth.ultimatix.net/ https://fonts.googleapis.com/ https://gateway.zscalerthree.net/; frame-src 'self' https://content.dionglobal.in/ https://td.doubleclick.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://11821448.fls.doubleclick.net/ https://gateway.on24.com/ https://s.company-target.com/ https://stories.storifyme.com/ https://www.google.com/ https://www.yputube.com/ https://gateway.zscalerthree.net/ https://www.recaptcha.net recaptcha.google.com tcs.demdex.net https://www.linkedin.com https://px.ads.linkedin.com/ https://storifyme.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.trustarc.com gateway.zscalerthree.net https://s7ap1.scene7.com https://acdn.adnxs.com https://unpkg.com/  https://www.recaptcha.net https://s.yimg.jp/ https://www.google-analytics.com https://snap.licdn.com/ https://gateway.on24.com/ https://am.yahoo.co.jp/ https://www.googleadservices.com/ https://cdn.storifyme.com/ https://storifyme.xyz/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://auth.ultimatix.net/ https://authapp.ultimatix.net/ https://www.gstatic.com/ https://assets.adobedtm.com assets.adobedtm.com/launch-ENf1df16a3f7b54565aae5a7b51c3e89ed-staging.min.js ds-aksb-a.akamaihd.net https://www.youtube.com https://play.google.com/ https://youtube.com https://www.google.com onetrust.com ajax.googleapis.com https://fonts.googleapis.com/ https://maps.googleapis.com/ platform.twitter.com https://d36cz9buwru1tt.cloudfront.net cdn.ampproject.org maxcdn.bootstrapcdn.com https://code.jquery.com/ cdn.datatables.net https://cdnjs.cloudflare.com/ https://content.dionglobal.in/ https://maxcdn.bootstrapcdn.com https://twitter.com/ https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com/ https://connect.facebook.net/ https://www.facebook.net https://www.instagram.com/ https://www.w3.org/ sites.tcs.com https://www.googletagmanager.com tata.com tcs.com business4.tcs.com slideshare.net https://api.company-target.com/ https://tcs.tt.omtrdc.net/ tcscom.sc.omtrdc.net https://www.google.co.in googleads.g.doubleclick.net https://ogp.me/ https://sling.apache.org/ https://jcp.org/ https://www.tcs.com/partners itunes.apple.com mboxedge31.tt.omtrdc.net dpm.demdex.net cm.everesttech.net adsymptotic.com https://p.adsymptotic.com/ bid.g.doubleclick.net nasscom.in in.explara.com store.mortgagebankers.org netdna.bootstrapcdn.com static.doubleclick.net i.ytimg.com https://www.businessofapps.com/ https://www.nytimes.com/ ibegin.tcs.com icandidateuat.ultimatix.net https://ims-na1.adobelogin.com/ https://www.demandbase.com/ https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ smetrics.tcs.com https://cdn.cookielaw.org/ https://munchkin.marketo.net/ tag.demandbase.com apache.org schema.org code.eligrey.com github.com developer.mozilla.org scottjehl.github.io https://github.com/ https://pages.github.com/ w3c.github.io modernjavascript.blogspot.com tc39.github.io modernizr.com vimeo.com blob:; media-src 'self' https://s7ap1.scene7.com/ https://s7mbrstream-ap1.scene7.com/ data: blob:; img-src 'self' https://cm.everesttech.net/ https://authapp.ultimatix.net/ https://www.google.co.in/ https://facebook.com https://ad.doubleclick.net/ https://ib.adnxs.com https://www.facebook.com https://www.google.com/ https://googleads.g.doubleclick.net/ https://am.yahoo.co.jp/ https://auth.ultimatix.net/ https://segments.company-target.com/ https://match.prod.bidr.io/ https://pbs.twimg.com/ https://match.prod.bidr.io/ https://id.rlcdn.com/ https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com/ https://gateway.zscalerthree.net/ https://cdn.storifyme.com/ https://www.tcs.com/ https://www.google-analytics.com https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net/ https://tcs.demdex.net/ smetrics.tcs.com s7ap1.scene7.com https://cdn.cookielaw.org/ data:; connect-src 'self' https://content.dionglobal.in https://tag-logger.demandbase.com/ https://facebook.com https://www.facebook.com https://pagead2.googlesyndication.com/ https://privacyportal.onetrust.com/ https://cdn.linkedin.oribi.io/ https://www.linkedin.com https://geoip-js.com/ https://704-zbe-801.mktoutil.com/ https://geolocation.onetrust.com/ https://maps.googleapis.com https://privacyportaluat.onetrust.com/ https://s7mbrstream-ap1.scene7.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ https://assets.adobedtm.com https://api.company-target.com/ cdn.cookielaw.org tcs.tt.omtrdc.net https://dpm.demdex.net/ https://tcs.demdex.net/ onetrust.com smetrics.tcs.com storifyme.com https://cdn.storifyme.com/ https://s7ap1.scene7.com; base-uri 'none' ; object-src https://authapp.ultimatix.net https://auth.ultimatix.net; frame-ancestors 'self' ; font-src 'self' https://fonts.gstatic.com/ data: 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-84fa84ed-0661-4687-8394-f09cc9ba09b2' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-84fa84ed-0661-4687-8394-f09cc9ba09b2' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-84fa84ed-0661-4687-8394-f09cc9ba09b2' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-84fa84ed-0661-4687-8394-f09cc9ba09b2' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://cdn.transcend.io; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
frame-ancestors https://*.deutsche-bank.de 1
sandbox; default-src 'unsafe-inline' data:; script-src 'none' 1
script-src 'self' https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com; style-src 'self'; img-src 'self' data: 1
frame-ancestors  https://app.reskyt.com/ https://app.casadellibro.com/ https://www.casadellibro.com/ https://p.casadellibro.com/; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.tiny.cloud partner.hostnet.de assets.zendesk.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net static.zdassets.com; connect-src 'self' spelling.tiny.cloud hyperlinking.tiny.cloud hostnet.zendesk.com ekr.zdassets.com; img-src 'self' data: sp.tinymce.com partner.hostnet.de stats.g.doubleclick.net *.vimeocdn.com cdnjs.cloudflare.com cdn.hostnet.de www.facebook.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.tiny.cloud *.vimeocdn.com; media-src 'self' player.vimeo.com; frame-src 'self' player.vimeo.com https://vnc.hostnet.de:*; font-src 'self' data:; 1
frame-ancestors drunkenslug.com 1
style-src 'self' *.fontawesome.com 'unsafe-inline'  fonts.googleapis.com *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com;  font-src 'self' fonts.gstatic.com *.fontawesome.com *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com;  script-src 'unsafe-inline' 'self' 'unsafe-eval' *.fontawesome.com *.userway.org chat.kerala.gov.in *.googletagmanager.com *.youtube.com ajax.googleapis.com; img-src   blob: data: *.userway.org chat.kerala.gov.in 'self' https:;frame-ancestors 'self' *.kerala.gov.in *.ckeditor.com ; connect-src 'self' blob: data: image/svg+xml *.userway.org chat.kerala.gov.in *.google-analytics.com;frame-src 'self' *.userway.org chat.kerala.gov.in *.youtube.com ajax.googleapis.com *.google.com *.vimeo.com; object-src 'none'; media-src 'self'; manifest-src 'self';  default-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; form-action 'self'; 1
default-src 'self' https://*.dotdash.com:* cdn.tailwindcss.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com *.zdassets.com *.zopim.com *.appcues.com g.3gl.net data: 'unsafe-inline' 'unsafe-eval' https://*.polaris.me https://vpaid.doubleverify.com https://s-static.innovid.com https://imasdk.googleapis.com;connect-src 'self' https: wss:;font-src 'self' https: data:;frame-src 'self' https:;img-src 'self' https: data: blob:;media-src 'self' https: data:;frame-ancestors 'self' https://*.dotdash.com:*;style-src 'self' 'unsafe-inline' https:;object-src 'none';block-all-mixed-content;upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com/ https://hm.baidu.com https://www.zblogcn.com https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js; style-src 'self' 'unsafe-inline' https://*.zblogcn.com; font-src 'self' https://*.zblogcn.com; img-src 'self' https://* data: 1
frame-ancestors 'self'  wbpa-runet.lstprod.net tanksblitz.ru 1
connect-src 'self' https://stats.g.doubleclick.net https://ampcid.google.com https://adservice.google.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://api2.abtasty.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://try.abtasty.com https://widgets.abtasty.com https://in.api4load.net https://prf.audiencemanager.de https://bat.bing.com https://f.clarity.ms https://g.clarity.ms https://k.clarity.ms https://www.clarity.ms https://cdn.cookielaw.org https://bam.nr-data.net https://bam-cell.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://o2.mouseflow.com https://privacyportal-eu.onetrust.com https://vimeo.com wss://chat-eu.freshdesk.com https://cdn.linkedin.oribi.io https://eu.mouseflow.com https://ct.pinterest.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://tr.snapchat.com https://assetscdn.stackla.com https://web-assets.stackla.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com https://id.siteimprove.com https://my2.siteimprove.com; default-src 'self' ; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://common-fonts.abtasty.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com https://maxcdn.bootstrapcdn.com https://cdn.mouseflow.com http://rtr.tolunastart.com; frame-src 'self' ms-appx-web: https://embed.acast.com https://cp.bhf.org.uk https://extras.bhf.org.uk https://embed.podcasts.apple.com https://www.typeform.com https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com https://www.google.com gsa://onpageload https://qa-assistant.abtasty.com https://player.acast.com https://track.adform.net https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.audiencemanager.de https://www.boombox.com https://view.ceros.com https://www.facebook.com https://wchat.eu.freshchat.com https://280841640230733.eu.webpush.freshchat.com https://graphs.healthlumen.com https://www.ons.gov.uk https://irewind.com https://cdn.knightlab.com https://zswpmanager.wip.mmc.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://ct.pinterest.com https://www.pinterest.co.uk https://www.pinterest.com https://dntcl.qualaroo.com https://app.qzzr.com https://www.qzzr.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20782822p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://20782821p.rfihub.com https://20822326p.rfihub.com https://20823015p.rfihub.com https://20823018p.rfihub.com https://www.riddle.com https://my2.siteimprove.com https://support.siteimprove.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://widget.trustpilot.com/ https://player.vimeo.com https://www.vimeo.com https://vimeo.com https://embed.wirewax.com https://config1.veinteractive.com https://help.siteimprove.com https://siteimprove-org.myfreshworks.com https://www.youtube-nocookie.com; img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://i.vimeocdn.com https://8455068.fls.doubleclick.net https://ad.doubleclick.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://pubads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://analytics.google.com https://optimize.google.com https://play.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://i.ytimg.com https://796129.global.siteimproveanalytics.io https://editor-assets.abtasty.com https://teddytor.abtasty.com https://c5.adalyser.com https://ib.adnxs.com https://s3.amazonaws.com https://tools.applemediaservices.com https://cx.atdmt.com https://www.audiencemanager.de https://prf.audiencemanager.de https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://c.bing.com https://scontent-iad3-1.cdninstagram.com https://scontent-syd2-1.cdninstagram.com https://c.clarity.ms https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://dpm.demdex.net https://e1.emxdgt.com https://connect.facebook.net https://www.facebook.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://gorentoys.net https://assets.hu-production.be https://images.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://zswpmanager.wip.mmc.com https://eu.mouseflow.com https://flask.nextdoor.com https://bam.nr-data.net https://ct.pinterest.com https://pixel.quantserve.com https://idsync.rlcdn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://uploads-cdn.stackla.com https://t.co https://trc.taboola.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://collector-31032.tvsquared.com https://analytics.twitter.com https://gjtrack.ucweb.com https://cookiee1.veinteractive.com https://a.volvelle.tech; media-src 'self' https://ssl.gstatic.com https://download-video.akamaized.net https://dop9av6nvryqq.cloudfront.net https://player.vimeo.com; script-src 'self' 'unsafe-inline'  'unsafe-eval'  blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.googleoptimize.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://try.abtasty.com https://s2.adform.net https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://cdn.audiencemanager.de https://prf.audiencemanager.de https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://b.clarity.ms https://d.clarity.ms https://f.clarity.ms https://g.clarity.ms https://i.clarity.ms https://www.clarity.ms https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://assets.healthunlocked.com https://healthunlocked.com https://wusote.hirizasune.com https://assets.hu-production.be https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://cdn.mouseflow.com https://ads.nextdoor.com https://ads.nextdoor-test.com https://assets.nhs.uk https://ls.northchaddertonschool.co.uk https://z.moatads.com https://eu.mouseflow.com https://secure.myshopcouponmac.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.oracle.com https://quantcast.com https://quantcount.com https://edge.quantserve.com https://secure.quantserve.com https://eu.questionpro.com https://s.pinimg.com https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://rules.quantcount.com https://ws.sessioncam.com https://tr.snapchat.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://collector-31032.tvsquared.com https://analytics.twitter.com https://use.typekit.net https://config1.veinteractive.com https://player.vimeo.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com http://rtr.tolunastart.com https://cdn.siteimprove.net; style-src 'self' 'unsafe-inline'  'unsafe-eval'  https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://common-fonts.abtasty.com https://teddytor.abtasty.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://cdn.mouseflow.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net; 1
frame-ancestors 'self' *.pdf24.devel *.pdf24.org pdf24 1
default-src 'self' https:; img-src https: data:; style-src https: chrome: 'sha256-R5o0c2W6sdXkPgWe5N/6Vl+OQHsLAv++2DuKSAY03Dw=' 'sha256-TJWjzDONyOvyPEjND6ryqHZEKY2qnPlHJWVzYmB0lnY='; script-src 'self' https://mirror.explodie.org https://platform.twitter.com https://cdn.syndication.twimg.com moz-extension: chrome-extension:; script-src-elem 'self' https://mirror.explodie.org https://platform.twitter.com moz-extension: chrome-extension:; script-src-attr 'none'; object-src 'none'; connect-src 'self' https://syndication.twitter.com; frame-src https://platform.twitter.com https://syndication.twitter.com https://twitter.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; font-src 'self' https:; 1
frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; 1
default-src 'self' *.canadianwebhosting.com *.idig.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.canadianwebhosting.com *.idig.net www.google.com *.google-analytics.com www.gstatic.com connect.facebook.net analytics.twitter.com static.ads-twitter.com cdn.optimizely.com js.hs-analytics.net static-rtb.adkernel.com s.yimg.com sp.analytics.yahoo.com snap.licdn.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.canadianwebhosting.com *.idig.net *.fontawesome.com fonts.googleapis.com www.gstatic.com; img-src 'self' data: *.canadianwebhosting.com *.idig.net analytics.twitter.com www.gstatic.com *.google-analytics.com seal-mbc.bbb.org t.co www.facebook.com *.adkernel.com ib.adnxs.com; font-src 'self' *.idig.net *.fontawesome.com fonts.gstatic.com; connect-src 'self' *.idig.net *.google-analytics.com tor-speedtest.canadianwebhosting.com van-speedtest.canadianwebhosting.com; frame-src 'self' static-rtb.adkernel.com www.google.com www.youtube.com 1
frame-ancestors *.london.gov.uk 1
frame-ancestors 'self' https://*.fanbox.cc 1
frame-ancestors 'self' https://www.fireflyz.com.my http://www.kayak.com.au https://checkin.si.amadeus.net https://pdt.checkin.amadeus.net http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ https://ma-stage64-01.adobecqms.net/ https://ma-sit64.adobecqms.net/ https://ma-dev64.adobecqms.net/ https://goingplacesmy.staging.wpengine.com/ https://goingplaces.malaysiaairlines.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
script-src 'nonce-c6d0cea238cb44f5ddede3f8b733a1c2' 'nonce-LaDUNIllqhumG1JA1Fff03wwwD32SRfs4rBhwtlENeg=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI=' 'sha256-yntX1DMo3v8w5zK0Wt5LS96gm1dTl95wU0As+x8+vsU=' blob:; frame-ancestors 'none' 1
frame-ancestors 'self' *.weather.gov 1
frame-ancestors 'self' yamada-denkiweb.com *.yamada-denkiweb.com yamada-denki.jp *.yamada-denki.jp ymall.jp *.ymall.jp nojima.co.jp *.nojima.co.jp edion.com *.edion.com edion.co.jp *.edion.co.jp biccamera.com *.biccamera.com biccamera.co.jp *.biccamera.co.jp kojima.net *.kojima.net sofmap.com *.sofmap.com sofmap.co.jp *.sofmap.co.jp joshinweb.jp *.joshinweb.jp joshin.co.jp *.joshin.co.jp ksdenki.com *.ksdenki.com ksdenki.co.jp *.ksdenki.co.jp yodobashi.com *.yodobashi.com yodobashi.co.jp *.yodobashi.co.jp xprice.co.jp *.xprice.co.jp cocorostore.jp.sharp st-cocorostore.jp.sharp st.jp.sharp; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ipp/Nv/xtkjbVfQLma4ti5eet0RIQda0vGOiIFHxUNFjKnqP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src cdn.report-uri.com 'nonce-7N8arzG4chSUYbDt4YbEZbCA' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; frame-src 'self' cdn.forms-content.sg-form.com; frame-ancestors 'none'; form-action 'self'; connect-src 'self'; upgrade-insecure-requests; base-uri 'none'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
script-src 'nonce-5cc5CQTx8XQTQs5Im+SSiA==' mc.yandex.com yastatic.net yandex.uz mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.uz;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.uz mc.yandex.ru mc.yandex.md mc.yandex.uz *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.uz&showid=1705974564763500-7950588687140122523-balancer-l7leveler-kubr-yp-vla-27-BAL-9635&h=stable-portal-mordago-91.vla.yp-c.yandex.net&yandexuid=2401225231705974564&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.uz yabs.yandex.uz yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.uz;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.uz favicon.yandex.net avatars.mds.yandex.net blob: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.uz mc.yandex.ru;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' http://cdnjs.cloudflare.com/ajax/libs/babel-core/5.6.15/browser-polyfill.min.js https://cdnjs.cloudflare.com https://www.gstatic.com *.google.com www.google-analytics.com https://js-agent.newrelic.com https://aamc.tfaforms.net https://www.googletagmanager.com https://gateway.foresee.com https://www.youtube.com https://bam.nr-data.net https://bam-cell.nr-data.net https://platform.twitter.com https://api.connectedcommunity.org https://unpkg.com https://cdn.jsdelivr.net https://extend.vimeocdn.com https://ajax.googleapis.com/ https://code.highcharts.com/ https://public.tableau.com/ *.aamc.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.co.in https://player.vimeo.com/ *.hotjar.com/ https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://gateway.foresee.com https://fonts.googleapis.com *.aamc.org https://aamc.tfaforms.net https://unpkg.com https://player.vimeo.com/; img-src 'self' https://www.google-analytics.com https://gateway.foresee.com https://feedback-logo.foresee.com data: *.aamc.org https://www.googletagmanager.com https://bam.nr-data.net https://aamc.tfaforms.net https://i.vimeocdn.com https://i.ytimg.com/ https://public.tableau.com/ https://www.google.com https://www.google.co.in https://googleads.g.doubleclick.net https://px.ads.linkedin.com/collect https://player.vimeo.com/ https://px4.ads.linkedin.com/; frame-src 'self' https://www.youtube.com *.google.com https://player.vimeo.com https://platform.twitter.com https://api.connectedcommunity.org *.simplecast.com https://aamc-medical-breakthroughs.netlify.com https://public.tableau.com https://aamc-shub.s3.amazonaws.com https://aamc-shub2.s3.amazonaws.com *.aamc.org prezi.com https://td.doubleclick.net; child-src 'self' https://www.youtube.com *.google.com https://player.vimeo.com https://platform.twitter.com https://api.connectedcommunity.org *.simplecast.com https://aamc-medical-breakthroughs.netlify.com https://aamc-shub.s3.amazonaws.com https://aamc-shub2.s3.amazonaws.com *.aamc.org prezi.com https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://gateway.foresee.com https://themes.googleusercontent.com https://fonts.gstatic.com data data:; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.paperflite.com https://experience.chargebee.com 1
frame-ancestors self https://askfm.adspirit.de 1
default-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov *.e.internal.r1s-prod.com 'self' blob: ; script-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://*.dialogflow.com https://dialogflow.cloud.google.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://*.kampyle.com https://*.medallia.com https://www.google.com/recaptcha/ https://connect.facebook.net https://*.sharethis.com https://www.ssa.gov https://*.hotjar.com https://*.hotjar.io https://bugcrowd.com https://*.bugcrowdusercontent.com https://unpkg.com/web-vitals@0.2.4/dist/web-vitals.es5.umd.min.js 'unsafe-eval' 'unsafe-inline' https://prs.payments.r1s-prod.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://global.localizecdn.com:*; style-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://use.fontawesome.com https://*.mapbox.com https://mapbox.com https://fonts.googleapis.com https://tagmanager.google.com https://*.kampyle.com https://*.medallia.com https://*.googletagmanager.com 'unsafe-inline' https://*.hotjar.com 'unsafe-inline' ; img-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://cdn.recreation.gov https://stats.g.doubleclick.net https://recaptcha.net https://*.mapbox.com https://mapbox.com https://browser-update.org https://*.gstatic.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://ridb.recreation.gov https://fs.usda.gov https://www.fs.usda.gov https://*.googleusercontent.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.kampyle.com https://*.medallia.com https://*.sharethis.com https://*.hotjar.com https://*.hotjar.io https://global.localizecdn.com:* https://*.servicenowservices.com 'self' data: blob: ; media-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtu.be 'self' ; font-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://fonts.gstatic.com https://use.fontawesome.com https://*.kampyle.com https://*.medallia.com https://*.hotjar.com https://*.hotjar.io https://applepay.cdn-apple.com; connect-src https://recreation.gov https://*.recreation.gov https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.servicenowservices.com https://stats.g.doubleclick.net https://cdn.recreation.gov https://*.mapbox.com https://mapbox.com https://freegeoip.net https://*.launchdarkly.com https://*.dialogflow.com https://dialogflow.cloud.google.com https://*.kampyle.com https://*.medallia.com https://*.sharethis.com https://data.stbuttons.click https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'self' https://prs.payments.r1s-prod.com https://global.localizecdn.com:*; object-src 'self' blob: ; worker-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com 'self' blob: ; frame-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com https://tagmanager.google.com https://www.googletagmanager.com https://*.consensu.org https://*.kampyle.com https://*.medallia.com https://*.hotjar.com https://*.hotjar.io https://bugcrowd.com https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov 'self' blob: ; frame-ancestors 'self' https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://cdn.recreation.gov https://bugcrowd.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' https://* 1
script-src 'self' vimeo.com https://gist.github.com www.slideshare.net 'unsafe-eval' https://assets.hackmd.io https://www.google.com https://apis.google.com https://docs.google.com https://accounts.google.com https://www.dropbox.com https://*.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://js.stripe.com 'nonce-6c045ba4-65da-486d-80cf-31d4815dbcfa' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=' 'sha256-NZb7w9GYJNUrMEidK01d3/DEtYztrtnXC/dQw7agdY4=' 'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=' 'sha256-8HvL1KRq6jEwDkuVgxMDK7Gag1vnT70L0Lfoa1E3YsY=' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=' https://tally.so https://tracks.hackmd.io; img-src * data:; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://github.githubassets.com https://assets.hackmd.io https://www.google.com https://fonts.gstatic.com https://*.disquscdn.com; font-src 'self' data: https://public.slidesharecdn.com https://assets.hackmd.io https://*.disquscdn.com https://script.hotjar.com; object-src *; media-src *; frame-src *; child-src *; connect-src *; base-uri 'none'; form-action 'self' https://www.paypal.com; upgrade-insecure-requests 1
default-src 'self'; frame-src https://js.stripe.com https://newassets.hcaptcha.com https://www.paypal.com https://www.sandbox.paypal.com; connect-src 'self' https://*.mullvad.net; font-src 'self' data:; img-src 'self' data: https://www.paypalobjects.com; object-src 'none'; script-src 'self' https://js.stripe.com https://js.hcaptcha.com https://newassets.hcaptcha.com https://www.paypal.com https://www.sandbox.paypal.com 'nonce-uZW/6Xg8+EO2QuWiURsS7w=='; style-src 'self' 'unsafe-inline'; base-uri 'self' 1
default-src 'self' https://*.iwara.tv * data:;script-src 'self' 'unsafe-inline' https://*.iwara.tv * data:;style-src 'self' 'unsafe-inline';font-src https://*.iwara.tv data:;connect-src 'self' https://*.iwara.tv *;frame-ancestors https://*.iwara.tv; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *; report-uri /actions/csp/report; report-to csp-endpoint 1
child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com.cn/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; font-src 'self'; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com images.ctfassets.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.mochahost.com https://worldhostgroup-j2qbv.ondigitalocean.app https://analytics.sleeknote.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 1
default-src 'none'; base-uri 'none'; img-src 'self' https:; style-src 'self'; font-src 'self'; connect-src 'self'; script-src 'nonce-GyfqAn7rqflTZOtc2Cp3o7vhihcYjttO8ShnnQSZ+ENi7+68' 1
default-src 'none'; base-uri 'self'; img-src 'self' data: https://iatv.pt https://bee.fe.uc.pt https://www.googletagmanager.com https://www.startupcapitalsummit.com https://startupcapitalsummit.com https://ucnext.pt https://www.facebook.com https://i.ytimg.com https://*.cdninstagram.com https://www.uc.pt https://ssl.google-analytics.com https://pages.uc.pt https://ucpages.uc.pt; font-src 'self' data: https://unpkg.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://fonts.googleapis.com https://cdn.plyr.io https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://cdn.rawgit.com https://www.googletagmanager.com https://player.vimeo.com https://ajax.googleapis.com https://apis.google.com https://ssl.google-analytics.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.plyr.io https://www.youtube.com https://connect.facebook.net; frame-src 'self' *.cloudflarestream.com https://virtual-tours.4dvirtual-lab.com https://my.matterport.com https://open.spotify.com https://felt.com https://w.soundcloud.com https://iframe.videodelivery.net iframe.mediadelivery.net https://web.facebook.com http://pages.uc.pt https://startupcapitalsummit.com https://www.startupcapitalsummit.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; child-src blob: https://youtube.com https://iframe.mediadelivery.net; connect-src 'self' https://videodelivery.net https://*.google-analytics.com https://noembed.com https://cdn.plyr.io; media-src 'self' blob: https://videodelivery.net https://pages.uc.pt https://noticias.uc.pt; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.sport.cz https://www.sport.cz;frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com *.seznamakce.cz www.sport.cz admin.sport.cz https://hc-vitkovice.cz https://www.hc-vitkovice.cz https://hcltv.cz https://www.hcltv.cz https://hcmotor.cz https://www.hcmotor.cz https://hokejkv.cz https://www.hokejkv.cz https://apklh.cz https://www.apklh.cz https://bkboleslav.cz https://www.bkboleslav.cz https://hc-kometa.cz https://www.hc-kometa.cz https://hc-olomouc.cz https://www.hc-olomouc.cz https://hcbilitygri.cz https://www.hcbilitygri.cz https://hcdynamo.cz https://www.hcdynamo.cz https://hcocelari.cz https://www.hcocelari.cz https://hcplzen.cz https://www.hcplzen.cz https://hcsparta.cz https://www.hcsparta.cz https://hokej.cz https://www.hokej.cz https://mountfieldhk.cz https://www.mountfieldhk.cz https://rytirikladno.cz https://www.rytirikladno.cz https://hcverva.cz https://www.hcverva.cz https://hcvl.cz https://www.hcvl.cz 1
default-src 'self' *.ok.ru  blob:; script-src st.mycdn.me *.tamtam.chat tamtam.chat mc.yandex.ru mc.yandex.md yastatic.net *.googletagmanager.com *.google-analytics.com top-fwz1.mail.ru 'self' blob: 'unsafe-eval' 'unsafe-inline'; style-src *.tamtam.chat 'unsafe-inline'; img-src tamtam.chat api.mapbox.com *.mycdn.me *.ok.ru *.tamtam.chat *.tenor.com/ mc.yandex.ru mc.yandex.md mc.yandex.com yastatic.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.ytimg.com top-fwz1.mail.ru blob: data: 'self'; connect-src tamtam.chat *.tamtam.chat wss://*.tamtam.chat *.mycdn.me *.vkuser.net ok.ru *.ok.ru *.mapbox.com *.tenor.com api.ipdata.co mc.yandex.ru mc.yandex.md mc.yandex.com *.google-analytics.com *.doubleclick.net top-fwz1.mail.ru 'self' blob: data:; media-src *.tamtam.chat *.mycdn.me *.ok.ru *.vkuser.net *.tenor.com blob: data:; child-src blob: mc.yandex.ru mc.yandex.md mc.yandex.com; frame-src tamtam.chat *.tamtam.chat *.ok.ru ok.ru mc.yandex.ru mc.yandex.com mc.yandex.md youtube.com *.youtube.com coub.com vk.com *.vk.com vk.ru *.vk.ru blob:; font-src * data: blob:; worker-src blob: 'self'; frame-ancestors 'self' *.ok.ru; report-uri /csp/report; 1
frame-src https://*.farnell.com https://*.element14.com https://*.newark.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com adgrx.com demdex.net dpm.demdex.net *.scene7.com *.adyen.com adyen.com ads.yieldmo.com sync-criteo.ads.yieldmo.com *.amazonaws.com adnxs.com *.adnxs.com *.attn.tv attentivemobile.com events.attentivemobile.com attn.tv audioeye.com *.audioeye.com bidswitch.net x.bidswitch.net *.bing.com *.btttag.com btttag.com bluekai.com tags.bluekai.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net creativecdn.com *.creativecdn.com certona.net edge1.certona.net www.res-x.com cloudflare.com cdnjs.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com cnstrc.com *.cquotient.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com w55c.net *.doubleclick.net doubleclick.net *.facebook.com *.facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com *.fwmrm.net *.google.com www.google.com.lb www.google.nl www.google.co.id www.google.com.sv www.google.at www.google.tt www.google.com.my www.google.hu www.google.dk www.google.com.br www.google.hn www.google.co.cr www.google.co.za www.google.com.sg www.google.com.pa www.google.cl *.google.com.ec www.google.com.mx www.google.bg www.google.com.tw www.google.es www.google.com.ua www.google.co.jp www.google.co.kr www.google.com.au www.google.gr www.google.kz www.google.com.ph www.google.co.uk www.google.fr www.google.tn www.google.it www.google.com.hk www.google.com.vn www.google.co.in www.google.com.co adservice.google.com.gh adservice.google.ca www.google.com.do www.google.co.th www.google.se www.google.com.tr www.google.ca *.gstatic.com www.googleadservices.com googleapis.com *.googleapis.com *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com ad.360yield.com casalemedia.com *.casalemedia.com ivitrack.com matching.ivitrack.com kargo.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com linksynergy.com *.linksynergy.com liadm.com *.liadm.com addressy.com api.addressy.com pcapredict.com tapes11111.pcapredict.com crwdcntrl.net media.net contextual.media.net mathtag.com mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com micpn.com *.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com *.onetrust.com onetrust.com *.online-metrix.net online-metrix.net *.optimizely.com optimizely.com outbrain.com sync.outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com www.pinterest.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com simage2.pubmatic.com qualtrics.com *.qualtrics.com *.quantummetric.com quantummetric.com *.rakuten.com rmtag.com intljs.rmtag.com rlcdn.com *.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com my.salesforce.com *.my.salesforce.com *.salesforceliveagent.com tapestry.my.salesforce-site.com sharethrough.com match.sharethrough.com shoprunner.com *.shoprunner.com signifyd.com *.signifyd.com sitescout.com smartadserver.com rtb-csync.smartadserver.com sc-static.net *.snapchat.com stylitics.com *.stylitics.com loopassets.net taboola.com *.taboola.com tangiblee.com *.tangiblee.com tapad.com *.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com trackjs.com usage.trackjs.com adsrvr.org *.adsrvr.org tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com truefitcorp.com *.truefitcorp.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co ad.smaato.net s.ad.smaato.net clmbtech.com ade.clmbtech.com *.kargo.com mdhv.io postcodeanywhere.co.uk services.postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai www.yext-pixel.com typekit.net *.typekit.net cdnwidget.com *.cdnwidget.com pippio.com bazaarvoice.com bootstrapcdn.com maxcdn.bootstrapcdn.com katespade.com *.katespade.com cdnbasket.net *.cdnbasket.net azurewebsites.net monetate.net *.monetate.net squadded.co static.squadded.co loopgift.com *.cnstrc.com zineone.com *.zineone.com ct.pinterest.com *.adroll.com static-na.payments-amazon.com apay-us.amazon.com m.media-amazon.com api.images.drivecommerce.com api2.fonts.com *.yahoo.com yahoo.com visitor.omnitagjs.com ad.tpmn.co.kr tg.socdm.com static.squad-shopping.com dynl.mktgcdn.com a.bigcontent.io *.googlesyndication.com cdn.honey.io *.youtube.com youtube.com rstyle.me coupons.cnn.com www.shopittome.com ww55.affinity.net track.celtra.com www.marieclaire.com shopsquareone.com www.ecosia.org www.forbes.com appium.io *.narvar.com naver.com *.naver.com outlook.live.com *.shopstyle.com heymodernmom.com *.instagram.com www.retailmenot.com www.offers.com www.lovetoknow.com www.latimes.com www.eonline.com search.xfinity.com www.dealmoon.com www.bravocoupons.ca thatsnotmyage.com www.goodhousekeeping.com ntp.msn.com ca.shop.com www.myunidays.com katespade.thredup.com aax.amazon-adsystem.com www.joinhoney.com *.shoprunner.io *.amplience.net *.mapbox.com *.needle.com tapestry.support jira.tapestry.support katespade.promo.eprize.com *.my.salesforce-sites.com www.cosmopolitan.com www.instyle.com www.elle.com www.foxnews.com api.fillr.com www.thepioneerwoman.com www.couponcabin.com www.aadvantageeshopping.com aeroplan.rewardops.com www.topcashback.com kiwiki.vn knoji.com tapestryinc.us-7.evergage.com capitaloneshopping.com www.groupon.com legendsshopping.com mcsweenphotography.com *.cloudinary.com mpsnare.iesnare.com www.thebudgetfashionista.com rvaeyecare.com yandex.ru *.stuartweitzman.com *.coachoutlet.com www.superoffers.com jac.yahoosandbox.com images.katespade.comis tst.kaptcha.com sentry.io *.jotfor.ms *.jotform.com *.kampyle.com *.medallia.com adx.dable.io katespade.a.bigcontent.io adgen.socdm.com *.bluecore.com api.pinpiaa.com static.lisa-cdn.net *.loveslisa.tech cdn.katespade.tech mon-va.byteoversea.com sync.aralego.com cdn.aralego.net cs.adingo.jp e1.emxdgt.com api.bluecore.app cdn.ivaws.com snap.licdn.com email.traversedlp.com match.prod.bidr.io e.dlx.addthis.com login.dotomi.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop cdn.wyng.com qa.res-x.com data: blob:; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-71e46b10fd51440581f2ff285a1d5e6c'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
frame-ancestors https://*.1stdibs.com; 1
default-src * https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'nonce-80284e10b06142327ad24e97d913337d' 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 1
base-uri https://*.avo.app; default-src 'self'; script-src 'self' 'nonce-80gEW63RsqwHCUDsZ0IOdpAafRBLAQWk' 'strict-dynamic' https://cdn.avo.app https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.segment.com https://*.mxpnl.com https://edge.fullstory.com https://rs.fullstory.com https://cdn.amplitude.com https://cdn.iubenda.com https://widget.intercom.io https://cdn.jsdelivr.net https://canny.io https://js.intercomcdn.com https://www.iubenda.com https://www.youtube.com https://s.ytimg.com https://ajax.googleapis.com https://www.google-analytics.com https://optimize.google.com https://grow.clearbitjs.com https://www.googleoptimize.com https://snap.licdn.com https://www.googleanalytics.com https://embed.typeform.com; style-src 'self' 'unsafe-inline' https://cdn.avo.app https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.iubenda.com https://fonts.googleapis.com https://optimize.google.com https://github.githubassets.com https://www.googletagmanager.com https://embed.typeform.com https://rsms.me; img-src 'self' data: blob: https://jitpack.io/v/avohq/android-avo-inspector.svg https://badge.fury.io/js/avo-inspector.svg https://img.shields.io https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://heapanalytics.com https://www.google.co.uk https://www.google.is https://static.intercomassets.com https://lh3.googleusercontent.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://api.producthunt.com https://www.facebook.com https://grow.clearbitjs.com https://p.adsymptotic.com https://rs.fullstory.com https://track.hubspot.com https://forms.hsforms.com https://*.hubspotusercontent-na1.net https://js.hsleadflows.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; font-src 'self' data: https://*.website-files.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://rsms.me; connect-src 'self' https://*.mixpanel.com https://consent.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://edge.fullstory.com https://rs.fullstory.com https://*.googleapis.com *.google.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://api.mixpanel.com https://heapanalytics.com https://www.google-analytics.com https://hits-i.iubenda.com https://canny.io/api/ https://api.canny.io/ https://webflow.com https://cdn.dreamdata.cloud https://app.posthog.com/ https://app.clearbit.com/v1/ https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://gtm-wgcclnd-n2zkm.uc.r.appspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.dopt.com wss://*.dopt.com https://*.gstatic.com data: blob:; media-src https://js.intercomcdn.com https://cdn.avo.app https://www.avo.app https://*.website-files.com; object-src 'none'; frame-src https://www.avo.app https://cdn.iubenda.com https://js.stripe.com https://www.youtube.com https://canny.io https://changelog-widget.canny.io https://optimize.google.com https://share.transistor.fm  https://intercom-sheets.com https://forms.hubspot.com https://my.causal.app https://form.typeform.com; frame-ancestors 'self' http://localhost:1235/ http://avo.localhost https://*.avo-dev.app/ https://*.avo.app/ https://*.mixpanel.com https://consent.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://*.fullstory.com https://www.googleapis.com https://firestore.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://securetoken.googleapis.com https://api.mixpanel.com https://heapanalytics.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://hits-i.iubenda.com https://canny.io/api/users/identify https://webflow.com https://cdn.dreamdata.cloud https://firebaselogging-pa.googleapis.com/ https://app.posthog.com/; upgrade-insecure-requests; report-uri https://o998558.ingest.sentry.io/api/5957408/security/?sentry_key=1866be293d8e4d708c3551795e7aeea8 1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
default-src 'self' https://*.booksamillion.com; connect-src 'self' https://*.booksamillion.com https://* wss://*; font-src 'self' https://*.booksamillion.com  https://* data:; frame-src 'self' https://*.booksamillion.com https://*; img-src 'self' https://*.booksamillion.com data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.booksamillion.com https://*; style-src 'self' 'unsafe-inline' https://*.booksamillion.com https://*; object-src 'none'; media-src 'self' https://*.booksamillion.com https://*.zdassets.com; frame-ancestors https://kiosknew.booksamillion.com https://kiosk.booksamillion.com https://service.booksamillion.com https://service-2nc.booksamillion.com https://customerservice.booksamillion.com https://s1.buyerquest.net; 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
base-uri 'self';default-src 'self';connect-src 'self' https://matomo.ingenuitylite.com https://salesiq.zoho.eu wss://vts.zohopublic.eu https://salesiq.zohopublic.eu https://stats.g.doubleclick.net https://vts.zohopublic.eu https://www.facebook.com https://css.zohocdn.com https://www.google-analytics.com;frame-ancestors 'none';font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com https://cdn.jsdelivr.net https://css.zohostatic.eu;frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://ir.design-portfolio.co.uk https://js.stripe.com https://bugcrowd.com https://*.facebook.com https://ddlnk.net;img-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://www.googletagmanager.com https://*.thcdn.com data: https://salesiq.zohopublic.eu https://www.google-analytics.com https://www.facebook.com https://matomo.ingenuitylite.com;child-src 'self';script-src 'self' 'unsafe-eval' 'nonce-a79aebdc7da0cbe8a25579b08e768819' 'strict-dynamic' https://matomo.ingenuitylite.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://www.google-analytics.com https://connect.facebook.net https://js.zohocdn.com https://salesiq.zoho.eu;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com https://css.zohostatic.eu;style-src-attr 'self' 'unsafe-inline';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://matomo.ingenuitylite.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.stripe.com https://www.google-analytics.com https://connect.facebook.net https://salesiq.zoho.eu https://js.zohostatic.eu https://js.zohocdn.com;worker-src 'none';media-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://blogscdn.thehut.net https://*.gstatic.com;report-uri https://csp.ingenuitylite.com/ajax/csp-report;report-to csp-endpoint 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.bg  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors 'self' explore.mavenlink.com explore.kantata.com; 1
img-src * data:; font-src * data:;  connect-src *; media-src * data: blob:; object-src *; frame-ancestors "self" https://advancedmd-hub.knowledgeowl.com https://static-100.advancedmd.com https://static-999.advancedmd.com; 1
default-src *; base-uri *; font-src data: *; frame-src 'self' fbrpc: *; img-src data: *; media-src 'self' www-assets.bradsdeals.com www-assets-staging.bradsdeals.com blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: * 1
connect-src 'self' https://www.comdirect.de https://protrader.comdirect.de https://kunde.comdirect.de https://b2b.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de https://cfdapp.comdirect.de https://static.comdirect.de https://api.comdirect.de https://community.comdirect.de/ https://eurex.comdirect.de https://chartanalyzer.comdirect.de https://chartanalyzer-test.comdirect.de ;style-src 'self' https://static.comdirect.de/ccf2/ 'unsafe-inline' ;script-src 'self' 'strict-dynamic' 'nonce-19b6539b9da44337a29fae0e2bb8384d' https://static.comdirect.de/ccf2/ https://www.comdirect.de/cms/ https://www.comdirect.de/ngtx/assets/ https://www.comdirect.de/ngbrk/assets/ https://static.comdirect.de/ngtx/assets/ https://static.comdirect.de/ngbrk/assets/ 'unsafe-eval' 'unsafe-inline' ;base-uri 'self' ;form-action 'self' https://www.comdirect.de https://kunde.comdirect.de https://protrader.comdirect.de https://b2b.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de https://cfdapp.comdirect.de https://static.comdirect.de https://api.comdirect.de https://geldautomaten.comdirect.de/ https://cfd.comdirect.de/ https://community.comdirect.de/ https://wissen-stage.comdirect.de/ https://chartanalyzer.comdirect.de https://chartanalyzer-test.comdirect.de https://eurex.comdirect.de ;media-src https://www.comdirect.de https://kunde.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de ;frame-src 'self' https://www.comdirect.de https://b2b.comdirect.de https://static.comdirect.de https://kunde.comdirect.de ;frame-ancestors 'self' ;img-src data: 'self' https://www.comdirect.de https://kunde.comdirect.de https://protrader.comdirect.de https://b2b.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de https://cfdapp.comdirect.de https://static.comdirect.de https://api.comdirect.de https://charts.comdirect.de https://charts.test.comdirect.de https://daten.comdirect.de https://community.comdirect.de https://eurex.comdirect.de ;default-src 'self' ;font-src data: 'self' https://static.comdirect.de/ccf2/ ;report-uri https://www.comdirect.de/cp/csp/reports ; 1
base-uri 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' https://www.tiktok.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.cloudflareinsights.com https://embed.cloudflarestream.com https://cdn.amplitude.com; style-src 'self' 'unsafe-inline'; font-src 'self'; form-action 'none'; img-src 'self' data: https://images.ctfassets.net https://content.clipchamp.com https://www.google.com.au https://www.google-analytics.com; media-src 'self' https://videos.ctfassets.net https://content.clipchamp.com; manifest-src 'self' https://login.microsoftonline.com; connect-src 'self' https://app.clipchamp.com https://content-repo.clipchamp.com https://analytics.google.com https://sentry.io https://sdk.iad-06.braze.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cloudflareinsights.com https://api.amplitude.com; frame-src https://www.youtube.com https://iframe.cloudflarestream.com 1
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https: blob:; connect-src 'self' wss: https: blob:; font-src 'self' data: https:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' app.optimizely.com *.facebook.com app.optinmonster.com video214.com animoto.com; img-src 'self' data: https: blob: android-webview-video-poster:; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'self' www.paypalobjects.com d150hyw1dtprld.cloudfront.net; prefetch-src 'self' https:; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://sentry.io/api/1401029/security/?sentry_key=b94ac67e5c014425a0fe8cb868528601 1
default-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simoncentral.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; frame-ancestors 'self'; img-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src-elem 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=etWhA4-bSWUsVg 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-201258fae675b1fd' 'unsafe-inline' blob: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; img-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; media-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; font-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; connect-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; upgrade-insecure-requests 1
script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; 1
frame-ancestors *.reviews.co.uk *.reviews.io 1
default-src 'self' *.overcast-cdn.com; script-src 'self' *.overcast-cdn.com 'nonce-5Srb8gLeLL9RAWeJMTpE3A=='; style-src 'self' *.overcast-cdn.com 'nonce-XR7X1opNK1voVwwBOa9x/Q=='; object-src 'none'; frame-src 'none'; media-src * http://*; connect-src * http://* *.overcast-cdn.com 1
frame-ancestors https://www.enel.it https://enelpremia.enel.it https://*.force.com  https://*.salesforce.com https://*.visualforce.com https://corporate.enel.it 1
default-src 'self' https://*.google.com/ https://*.pandabuy.com https://*.worldpay.com/ https://*.fisglobal.com/; font-src * data:; img-src * data: blob:;connect-src 'self' https://*.pandabuy.com https://*.aliyuncs.com https://*.taobao.global https://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com wss://*.intercom.io https://*.googleapis.com https://*.google-analytics.com https://*.worldpay.com/; script-src 'self' https://*.alicdn.com https://*.google.com/ https://*.airwallex.com https://*.worldpay.com/ https://h.online-metrix.net/ https://firebase.googleapis.com https://www.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com https://*.pandabuy.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.pandabuy.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action https://intercom.help https://*.alipay.com; media-src https://js.intercomcdn.com; frame-src 'self' https://www.youtube.com https://intercom-sheets.com/ https://*.cardinalcommerce.com/ https://*.worldpay.com/ https://*.firebaseapp.com/ 1
connect-src https: wss://api-alb.rainn.org 'unsafe-inline' 'unsafe-eval' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline';media-src blob: https:; worker-src blob: https://*.zacks.com; style-src https: 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self' zacks.com *.zacks.com; 1
object-src 'self'; frame-src 'self' https://www.google.com/maps/embed/v1/; child-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' http://register.rcsreg.com 1
frame-ancestors 'self' https://ilconference.co.il/ 1
script-src 'script-src-elem' 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://script.crazyegg.com http://script.crazyegg.com http://munchkin.marketo.net http://concurtechnologies.sc.omtrdc.net http://*.facebook.net http://munchkin.marketo.net http://tags.tiqcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://consent.trustarc.com https://consent.trustarc.com https://*.addtoany.com https://cdn.jsdelivr.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com/@lottiefiles/lottie-player@2.0.2/dist/lottie-player.js https://zn5i4efhc5klaftno-sapinsights.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.google.com https://static.ads-twitter.com https://js.adsrvr.org https://pixel.everesttech.net https://snap.licdn.com https://js.driftt.com https://*.taboola.com https://*.bing.com https://*.demandbase.com https://www.clarity.ms; report-uri /report-csp-violation 1
frame-ancestors 'self' stc.marketing.adobe.com https://cloud.alerts.savethechildren.org https://savethechildren.us-7.evergage.com 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 1
font-src https://cdn.checkout.com *.fontawesome.com fonts.gstatic.com cdn.checkout.com script.hotjar.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com affiliates.cdkeys.com tr.snapchat.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.cdkeys.com app.storyblok.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://js.checkout.com *.klarna.com landofcoder.com *.addthis.com *.facebook.com *.twitter.com fp.cdkeys.com ad4m.at widget.trustpilot.com simplicity.trustpilot.com www.facebook.com js.checkout.com embed.twitch.tv accounts.google.com web.facebook.com www.trustpilot.com vars.hotjar.com sandbox-checkout.epag.io checkout.epag.io tr.snapchat.com www.emjcd.com static.criteo.net cj.dotomi.com *.doubleclick.net *.paypal.com www.paypalobjects.com pay.google.com unpkg.com optimize.google.com apps.rokt.com wsdk.rokt.com platform.twitter.com ad.ad-srv.net analytics.fatmedia.io shop.spreadshirt.com cdkeys.myspreadshop.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.addthisedge.com *.twitter.com *.cdkeys.com *.omn-it.net www.gravatar.com *.paypal.com steamcdn-a.akamaihd.net *.storyblok.com www.google.tm optimize.google.com *.doubleclick.net ssl.gstatic.com www.gstatic.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.spreadshirt.com image.spreadshirtmedia.com cdkeys.myspreadshop.com cm.everesttech.net www.facebook.com static.xx.fbcdn.net alb.reddit.com tr.snapchat.com t.co cw.addthis.com syndication.twitter.com ad.360yield.com *.3lift.com sync.ad-stir.com *.adform.net *.adnxs.com *.adscale.de *.amazon-adsystem.com anymindgroup.go2cloud.org pixel.advertising.com x.bidswitch.net bat.bing.com www.bizrate.com tags.bluekai.com match.bnmla.com r.casalemedia.com usersync.cdglib.com www.chinesean.com *.criteo.com dpm.demdex.net *.dotomi.com sync.e-planning.net secure.getprice.com.au matching.ivitrack.com beacon.krxd.net *.liadm.com contextual.media.net visitor.omnitagjs.com *.openx.net sync.outbrain.com jadserve.postrelease.com *.pubmatic.com idsync.rlcdn.com pixel.rubiconproject.com match.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net tg.socdm.com *.stickyadstv.com *.taboola.com pixel.tapad.com criteo-sync.teads.tv s.thebrighttag.com criteo-partners.tremorhub.com *.yahoo.com ad.yieldlab.net ads.yieldmo.com sync-criteo.ads.yieldmo.com lt45.net ds1.net dt51.net ndt5.net fr135.net as.ad4m.at ad.ad-srv.net *.clarity.ms *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com *.loggly.com www.ojrq.net cdkeys.pxf.io cdkeys.sjv.io delight-magento.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com tvspix.com tvpix.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net landofcoder.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com widget.trustpilot.com invitejs.trustpilot.com connect.facebook.net cdn.checkout.com *.algolia.net embed.twitch.tv *.google.com platform.twitter.com www.google.com www.gstatic.com cdn.simility.com static.hotjar.com script.hotjar.com sandbox-checkout.epag.io checkout.epag.io *.doubleclick.net *.zoho.com *.criteo.net *.criteo.com sc-static.net analytics.twitter.com *.ads-twitter.com *.bing.com www.redditstatic.com maillist-manage.com *.paypal.com *.cnnx.io unpkg.com ad4m.at/osij2yav.js optimus.360and1.com www.googleoptimize.com optimize.google.com apps.rokt.com wsdk.rokt.com *.clarity.ms *.cdkeys.com *.omn-it.net *.spreadshirt.com adtm.spreadshirts.net cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com/ *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com analytics.fatmedia.io utt.impactcdn.com delight-magento.fly.dev analytics.tiktok.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com cdn.checkout.com maxcdn.bootstrapcdn.com optimize.google.com adtm.spreadshirts.net cdkeys.myspreadshop.com delight-magento.fly.dev *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src cdn.cdkeys.com static.zdassets.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io https://js.checkout.com *.klarnaevt.com landofcoder.com www.facebook.com js.checkout.com *.simility.com graph.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws *.google.com google.com *.doubleclick.net freegeoip.app maillist-manage.com invitejs.trustpilot.com bat.bing.com unpkg.com insights.algolia.io *.clarity.ms *.spreadshirt.com cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com ekr.zdassets.com cdkeys.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io api.delightglobal.io pro.ip-api.com analytics.tiktok.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-D0DAy22GOPtrtTaU5o40Kw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' blob:;connect-src 'self' https://daemonclicks.com https://static.daemonclicks.com *.google-analytics.com *.analytics.google.com;img-src 'self' data: https://static.porngameshub.com https://themes.porngameshub.com https://static.daemonclicks.com *.googletagmanager.com  *.google-analytics.com *.analytics.google.com https://cdn.gme-trking.com;media-src https://static.porngameshub.com https://themes.porngameshub.com https://static.daemonclicks.com *.hwcdn.net;style-src 'self' 'unsafe-inline' https://static.porngameshub.com https://themes.porngameshub.com;font-src 'self' data: https://static.porngameshub.com https://themes.porngameshub.com *.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.porngameshub.com https://themes.porngameshub.com https://static.daemonclicks.com *.googletagmanager.com  *.google-analytics.com *.analytics.google.com;form-action 'self';frame-src * blob:;child-src *.porngameshub.com;manifest-src 'self' https://static.porngameshub.com https://themes.porngameshub.com; 1
frame-src 'self' https://*.youtube.com; manifest-src https://support.allizom.org https://support.mozilla.org; form-action 'self' https://accounts.firefox.com https://accounts.stage.mozaws.net; default-src 'none'; style-src 'self' https://*.webservices.mozgcp.net https://*.jsdelivr.net; script-src 'self' https://*.mozilla.org https://*.webservices.mozgcp.net https://*.google-analytics.com https://*.googletagmanager.com https://pontoon.mozilla.org https://*.jsdelivr.net; connect-src 'self' https://*.google-analytics.com https://location.services.mozilla.com https://accounts.firefox.com/metrics-flow https://accounts.stage.mozaws.net/metrics-flow https://basket.mozilla.org; font-src 'self' https://*.webservices.mozgcp.net; media-src 'self' https://*.webservices.mozgcp.net; img-src 'self' data: https://*.mozaws.net https://*.webservices.mozgcp.net https://*.google-analytics.com https://profile.accounts.firefox.com https://firefoxusercontent.com https://secure.gravatar.com https://i1.wp.com https://mozillausercontent.com 1
frame-src https://*; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.uibk.ac.at; style-src 'self' 'unsafe-inline' https://*.uibk.ac.at; img-src 'self' data: https://*.uibk.ac.at; media-src 'self' blob: https://*.uibk.ac.at; font-src 'self' data: https://*.uibk.ac.at; object-src 'self'; default-src 'self' https://*.uibk.ac.at; 1
frame-ancestors 'self' https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/; 1
frame-ancestors https://tongji.baidu.com/ https://www.jiguang.cn/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com *.livechat.s3.amazonaws.com; frame-ancestors 'self' directnic.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.infoblox.com *.pantheonsite.io *.infoblox.local *.vimeo.com *.addthis.com *.typekit.net *.driftt.com *.drift.com *.google-analytics.com *.eloqua.com *.nr-data.net *.doubleclick.net *.linkedin.com *.vidyard.com *.google.com *.captivate.fm *.soundcloud.com *.youtube.com *.6sense.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.pathfactory.com *.mktoresp.com *.google.co.in *.adnxs.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ *.use.fontawesome *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.widgets.peerspot.com https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ https://cdn.bizible.com/scripts/bizible.js *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.cookielaw.org *.driftt.com *.bidr.io *.cloudfront.net *.bing.com *.linkedin.com *.licdn.com *.typekit.net *.googletagmanager.com js.driftt.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.newrelic.com *.nr-data.net *.vidyard.com *.captivate.fm *.soundcloud.com https://cdnjs.cloudflare.com *.jobvite.com *.infoblox.com *.lltrck.com lltrck.com https://lltrck.com https://ajax.googleapis.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.adnxs.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.widgets.peerspot.com https://widgets.peerspot.com/ https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ https://cdn.bizible.com/scripts/bizible.js *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.google.com *.googleapis.com *.typekit.net *.gstatic.com *.googleusercontent.com https://info.infoblox.com/js/forms2/css/  *.infoblox.com  *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.bootstrapcdn.com *.google.co.in https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.trustarc.com *.widgets.peerspot.com https://ca.app.wednesdaytalent.com/static/cafe/widget.js *.ca.app.wednesdaytalent.com https://ca.app.wednesdaytalent.com/candidate_app_by_url https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com; img-src 'self' https: data: blob: *.infoblox.com https://infoblox.com *.bing.com *.adsymptotic.com *.googleusercontent.com *.gstatic.com *.pantheonsite.io *.infoblox.local *.linkedin.com *.drift.com *.eloqua.com *.typekit.net *.google-analytics.com *.google.com *.doubleclick.net *.gravatar.com https://play.vidyard.com https://cdn.vidyard.com https://i.ytimg.com *.vimeocdn.com https://share.vidyard.com/ *.googletagmanager.com https://lltrck.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com *.google.co.in *.snaproute.com snaproute.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com *.kaltura.com *.hotjar.com *.trustarc.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ www.infoblox.com; font-src 'self' https: data: filesystem: use.typekit.net *.use.fontawesome.com; media-src 'self' mediastream: blob: filesystem: *.driftqa.com *.kaltura.com js.driftt.com; frame-ancestors 'self' https: data: http://*.infoblox.com https://*.infoblox.com https://sites.google.com/infoblox.com https://sites.google.com/infoblox.com/salesworkspace/ https://infoblox.litmos.com/ http://infoblox.litmos.com/ https://infoblox.mindtickle.com/ https://infobloxpartners.mindtickle.com/ https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.driftt.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/; frame-src 'self' blob: https://www.youtube-nocookie.com https://play.vidyard.com https://www.google.com *.youtube.com *.vimeo.com https://w.soundcloud.com/ https://player.captivate.fm/ jobs.jobvite.com info.infoblox.com *.infoblox.com *.crazyegg.com *.youtube.com *.reactful.com *.6sc.co *.lookbookhq.com *.facebook.net *.techtarget.com *.marketo.net *.facebook.com https://infoblox.litmos.com/ *.use.fontawesome.com *.info.infoblox.com https://internetidentity.com https://widgets.itcentralstation.com *.kaltura.com *.hotjar.com *.trustarc.com *.driftt.com *.widgets.peerspot.com https://main.d32i5xvw3fvi3u.amplifyapp.com/ https://ca.app.wednesdaytalent.com/ *.getsmartling.com https://cdn.linkedin.oribi.io/ https://cdn.bizible.com/ 1
form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://ajax.googleapis.com  https://cdn.jsdelivr.net https://323725.tctm.co https://d3e54v103j8qbb.cloudfront.net https://assets-global.website-files.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome https://fonts.intercomcdn.com/messenger-m4 https://dev.visualwebsiteoptimizer.com https://crm.zoho.com https://www.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://px.ads.linkedin.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://www.clickcease.com https://ws.zoominfo.com https://unpkg.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com; font-src https://assets.website-files.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com https://fonts.gstatic.com data:; frame-ancestors 'none' 1
font-src 'self' fonts.gstatic.com cdn.appsflyer.com/creatives-fonts/ cs.inappstory.ru/ cdn.zvuk.com sber-zvuk.com;form-action 'self' sber-zvuk.com;base-uri 'self' sber-zvuk.com;manifest-src 'self' sber-zvuk.com;style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com fonts.googleapis.com cdn.zvuk.com sber-zvuk.com *.mindbox.ru;frame-ancestors 'self' *.sber.ru *.sber.com *.championat.com https://id.zvuk.com https://pr.zvuk.com;object-src 'none';media-src data: 'self' blob: *.zvuk.com unisound.cdnvideo.ru/static/creative/audio/ r.mradx.net *.emgsound.ru *.cdnvideo.ru *.101.ru:* *.n340.com:8443 *.hostingradio.ru:* icecast-zvezda.mediacdn.ru/radio/zvezda/zvezda_128 online.uniton.ru/uniton live.rzs.ru/ka.128.mp3 radio.mediacdn.ru radio.nikatv.ru online.mariafm.ru:8443/MariaFM 21220.web.hosting-russia.ru/transmit1044 stream.newradio.ru stream.studio21.ru online-fefm.signaltv.net:8443 hls.studio21.ru hls.newradio.ru air.unmixed.ru/lradio256 streamer01.1028.fm:8443/arstream microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64_reg_44 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_dacha_64_reg_1093 microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_14_dacha_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_18_vostok_64_reg_1 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_13_taxi_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_19_ruhit_64_reg_1 mg-kompas.ru/k1074 mg-kompas.ru/k1067 mg-kompas.ru/t1001 online2.gkvr.ru:8001/europa_eka_64.aac cdn.pifm.ru/mp3 hls.kalina.fm hls-radiokrasnodar.cdnvideo.ru radio.izhlife.ru hit.trkeurasia.ru sber-zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com cdn64.zvuk.com cdn.zvuk.com;child-src 'self' blob: sber-zvuk.com;frame-src 'self' *.fls.doubleclick.net/ sberzvook.clients.webcaster.pro hcaptcha.com *.hcaptcha.com mc.yandex.ru/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru sportrecs.com/embed/ secure.payture.com www.youtube.com/ online.sberbank.ru/CSAFront/oidc/authorizelow.do id.sber.ru content.adriver.ru sber-zvuk.com www.afisha.ru https://id.zvuk.com https://pr.zvuk.com vast.playmatic.video/ api.flocktory.com/ games.inappstory.com/;img-src 'self' data: blob: *.sber-zvuk.com *.zvuk.com *.zvooq.com zvooq.com zvuk.com www.tns-counter.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru/ profile.ssp.rambler.ru/ *.instreamatic.com unisound.cdnvideo.ru/static/creative/image/ *.adriver.ru x01.aidata.io pixel.konnektu.ru ad.mail.ru/ rtb-moscow.mail.ru *.ops.beeline.ru/ *.rtb.mts.ru/ an.yandex.ru/ rs.mail.ru/pixel/ r.mradx.net ad.doubleclick.net/ddm/trackimp/ kraken.rambler.ru/cnt/ login.vk.com cdn.appsflyer.com/creatives-mgmt/static-content/ analytics.tiktok.com impressions.onelink.me image-service.obs.ru-moscow-1.hc.sbercloud.ru obs-image-service-mz.obs.ru-moscow-1.hc.sbercloud.ru www.gstatic.com ssl.gstatic.com favicon.yandex.net/favicon/v2/zvuk.com cs.inappstory.ru/ sber-zvuk.com *.mindbox.ru secure.usedesk.ru vma.mts.ru/match/second api.flocktory.com/ ssp.rambler.ru mts-dsp-sync.rutarget.ru get4click.ru cdn.zvuk.com;connect-src data: 'self' catch.sbervisor.ru online.sberbank.ru id.sber.ru cms-res.online.sberbank.ru sve.online.sberbank.ru visor.sberbank.ru report.zvuk.com ads.adfox.ru *.adriver.ru tns-counter.ru ssp.rambler.ru kraken.rambler.ru dsp-rambler.ru *.ssp.rambler.ru *.instreamatic.com analytics.tiktok.com af-event-logger.appsflyer.com banner.appsflyer.com hcaptcha.com *.hcaptcha.com api.inappstory.ru/v2/ *.emgsound.ru hls.studio21.ru hls.newradio.ru hls-radiokrasnodar.cdnvideo.ru hls.kalina.fm *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr  *.sd-rtn.com wapi.afisha.ru creatives-cdn.appsflyer.com api.usedesk.ru pubsubsec2.usedesk.ru secure.usedesk.ru fcm.googleapis.com upload-bff.zvuk.com *.adlooxtracking.com:* zvuk.com msdrm.zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com   cdn64.zvuk.com zvuk.com monolith.zvq.me zvuk.com federation.zvq.me id.sber.ru wss://pubsubsec2.usedesk.ru firebase.googleapis.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com www.google-analytics.com cms-res-web.online.sberbank.ru/sberid/BlackList/Button/No_Button.json *.2gis.com *.2gis.ru;script-src 'nonce-8a197e17-941f-484e-9983-e00a589b0d30' 'self' ssp.rambler.ru/capirs_async.js hcaptcha.com *.hcaptcha.com dsp-rambler.ru/tpl/Unbounded/ ads.adfox.ru/getid content.adriver.ru ad.adriver.ru analytics.tiktok.com *.instreamatic.com websdk.appsflyer.com synchrobox.adswizz.com adlooxtracking.ru *.adlooxtracking.ru top-fwz1.mail.ru/js/code.js cdn.jsdelivr.net/npm/hls.js@latest sdk.inappstory.com/ sdk.inappstory.ru/ api.inappstory.ru/ *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr lib.usedesk.ru www.googletagmanager.com www.afisha.ru/w/ticketmanager.js get4click.ru api.flocktory.com partners.sbermarketing.ru/api/tracker/sdk.js 'sha256-ChUScVqwlZ5LajFSOi49H77LqYNje29cTNZM2V00VTM=' 'sha256-BvaZL6lFd0cUnpTj8qIXeZzuk2OsocIfThlS8sMe/D8=' *.2gis.com;default-src 'none';report-uri https://report.zvuk.com/api/21/security/?sentry_key=15d647f4c7eb422d98dc820cfc9b311f 1
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 1
default-src 'self' https https://*.wistia.com https://*.wistia.net www.google.com stats.g.doubleclick.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ *.prismhr.com *.marketo.com *.clickagy.com cdn-cookieyes.com snap.licdn.com bat.bing.com/ snap.licdn.com connect.facebook.net ws.zoominfo.com connect.facebook.net/ *.google-analytics.com organizer.bizzabo.com/ www.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.wistia.com *.wistia.net src.litix.io js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com script.hotjar.com static.hotjar.com/ munchkin.marketo.net/munchkin.js ucarecdn.com/;  style-src 'self' 'unsafe-inline' *.stackadapt.com fast.wistia.com tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/;  frame-src *.wrike.com *.doubleclick.net *.storylane.io https://www.prismhrlive.com *.youtube.com https://bid.g.doubleclick.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com fast.wistia.com fast.wistia.net https://vars.hotjar.com https://www.facebook.com https://player.vimeo.com *.google.com;  child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;  img-src 'self' *.hsforms.com *.linkedin.com https://tags.srv.stackadapt.com *.demdex.net *.crwdcntrl.net *.openx.net *.doubleclick.net *.sitescout.com *.rlcdn.com *.agkn.com *.clickagy.com https://cdn-cookieyes.com https://c.clarity.ms/c.gif data: https://px.ads.linkedin.com/ https://bat.bing.com/ https://p.adsymptotic.com https://www.facebook.com *.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com googleads.g.doubleclick.net www.google.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.facebook.com *.wpengine.com;  font-src 'self' data: *.wistia.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;  connect-src 'self' *.bing.com *.googlesyndication.com *.cookieyes.com *.stackadapt.com *.hotjar.io *.google.com wss://*.hotjar.com *.clickagy.com *.oribi.io *.hotjar.com *.zoominfo.com https://log.cookieyes.com https://cdn-cookieyes.com https://events.bizzabo.com *.google-analytics.com *.hubspot.com https://stats.g.doubleclick.net/ api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.litix.io *.wistia.com https://yoast.com https://my.wpengine.com embedwistia-a.akamaihd.net;  form-action 'self' forms.hsforms.com forms.hubspot.com https://www.facebook.com;  media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net;  worker-src 'self' blob:;  frame-ancestors 'self' *.prismhr.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.lafeltrinelli.it *.googleapis.com *.gravatar.com http://p2c.xplace.de *.sciencebehindecommerce.com *.klarnacdn.net *.jsdelivr.net *.flixfacts.com *.addthisedge.com *.dwin1.com *.azure.net *.monitor.azure.net *.moatads.com *.awin1.com *.addtoany.com apis.google.com *.igodigital.com *.googleadservices.com *.appspot.com *.bing.com *.kk-resources.com *.cloudflare.com *.googlesyndication.com *.creativecdn.com *.cloudfront.net *.tiktok.com *.criteo.com *.googleadservices.com *.doubleclick.net  criteo-partners.tremorhub.com *.mediavine.com *.teads.tv sync-criteo.ads.yieldmo.com *.richrelevance.com  *.sharethrough.com *.facebook.net *.clarity.ms *.bidswitch.net secure.adnxs.com *.youtube-nocookie.com *.msecnd.net *.omnitagjs.com *.3lift.com *.taboola.com *.smartadserver.com *.googleoptimize.com *.polyfill.io *.googletagmanager.com *.googletagservices.com contextual.media.net *.go-mpulse.net bsa-media.s3.amazonaws.com samples.findawayworld.com *.cookielaw.org *.google-analytics.com *.tradedoubler.com *.tradetracker.com ts.tradetracker.net /ad.yieldlab.net *.ivitrack.com *.mainadv.com *.riskified.com *.mndtrk.com ups.analytics.yahoo.com *.jquery.com *.rubiconproject.com *.bootstrapcdn.com nxtck.com *.gstatic.com *.facebook.com *.crystal-blocker.com *.onetrust.com sync.outbrain.com *.casalemedia.com *.salecycle.com *.lgw.io *.pubmatic.com *.algolia.net *.visualstudio.com *.akstat.io *.akamaihd.net *.kobo.com *.criteo.net *.tangooserver.com *.creativecdn.com bofcom-cms.prd.life-cloud.net fibs-prd-apim-gw.life-cloud.net fibs-prd-apim.azure-api.net europe.directline.botframework.com *.blob.core.windows.net *.ibs.it https: wss: blob: data: properties: filesystem:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/fcom-v1/Track 1
default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io wss://ws.hotjar.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
upgrade-insecure-requests; frame-ancestors https://www.reutersconnect.com 1
default-src https: 'self' data:; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src data: https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://d13h4w8gjgv887.cloudfront.net https://*.riskified.com https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://*.trustedshops.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://www.google.com https://google.com https://pay.google.com https://sentry.joom.it https://www.joom.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC4xNDk0MDk=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6&sentry_release=web-client@4.8.5-1705927326&sentry_environment=prod 1
frame-ancestors 'self' googletagmanager.com cerebro.alibaba.ir *.alibaba.ir *.altrabotopsellers.ir *.altrabocorp.ir *.altrabo.com www.alibaba.ir www.alibabatravels.co 1
default-src 'none';child-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=';worker-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' blob:;frame-src 'self' 'unsafe-eval' data: *.kakao.com *.daum.net *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.teledit.com *.google.com *.youtube.com *.instagram.com *.facebook.com *.twitter.com *.onesignal.com onesignal.com *.amazonaws.com 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' blob:;frame-ancestors 'self';script-src 'self' 'unsafe-eval' data: blob: resource: 202.150.191.199 *.google.com *.googleapis.com *.gstatic.com localhost:5000 localhost:8080 localhost:8081 *.upbit.io *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.kakao.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.facebook.com api.calq.io *.twitter.com *.twimg.com *.onesignal.com onesignal.com *.nr-data.net *.newrelic.com *.datadoghq-browser-agent.com 'sha256-AmiIBiDMlUtAs2tJB7jErMe/d3rBPYNUQQIZZdI0/mw=' 'sha256-tR4f5esF7ogSmVINwuWYjYLydFvDU/NenPTDeJQHINs=' 'sha256-b0JiL6WgW/t6gnaiUl78Mlg1q3/pUtetuNGA6BYlnH4=' 'sha256-6j87i3n9lWPVmuX+Udb9PQmkHb7ucVoDtHD6HKJXPLI=' 'sha256-t6C3BkAxW5wuha7GldeGWafgEpleF3eDfNI3xT52/eU=' 'sha256-EQmj6Ha49NOPh0LdNXNUL4d1kUdtlRkdWwcOBab0Ut0=' 'sha256-nNAB7wzHoZ2H2aPXc92gTFy5PUJbI0DgcTKKke1IAME=' 'sha256-f1HK/Dqj6PZZhqO05NmaOi3WSD+H8wH+8Hf8e1w8vQc=' 'sha256-a3jrMYVXEEA6OiADmrxAYVqEyCuvciqKxYphw6Z0AiY=' 'sha256-lo7ZdP6kFds+wf1WMWvn7MhcFVFJV44kAXODRevzRZ8=' 'sha256-/LzxZZCN0YqeSff/J4EBdtuOn2O0NSITdBZkJFIk+Ko=' 'sha256-pq6kbeGlAEeHYBthGd32bJmZGkgiqvxz5199By9lOcY=' 'sha256-NnrjSbntVW306IHkOlwVBC4qIdqWhdj8mf62RaIn6Hw=' 'sha256-SXfx+5vjh9r66UjLQcTxkeAHyelEt20ClYWC4Eabjc4=' 'sha256-S/WWv1gyiLN0ksV2n8CoNhT3b1aJlAFVOTaNCsXDIdY=' 'sha256-WmnJ6wW5Y2n0gjbKF1mSQxGVPY6EC3wHJX7vX/T3HsI=' 'sha256-+3W9zufhVFpD1XwP4aFx3yWExD//7uoJ+EnLO3a9V0Q=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U='  'sha256-FmdBlmHfq2ipjnGx6IJZaa/6JOMfaapW3QEKwsm1cgM=' cdn.cresendo.net t1.daumcdn.net 'sha256-IMdN53tk7OcIZHNwMvJ59oRkqceBtZMr6bYtJF9HXCs=' 'sha256-uLgqDY2zTj8QoNL2D4QW24EH2OURSBWPBCJ5KsHR+vE=' www.googleadservices.com googleads.g.doubleclick.net 'nonce-b6913d3cb00a87c274c8a28d6e52b6e1';connect-src 'self' wss: https: *.upbit.io *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.dunamu.com *.upbit.io:8080 *.browser-intake-datadoghq.com;font-src 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me ;form-action 'self' *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me facebook.com *.twitter.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.twitter.com *.twimg.com *.onesignal.com onesignal.com *.google.com *.googletagmanager.com ;img-src 'self' data: blob: *.luniverse.io *.cur-google.com *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.amazonaws.com *.google-analytics.com *.facebook.com *.google.com *.google.co.kr stats.g.doubleclick.net *.twitter.com *.x.com *.twimg.com *.onesignal.com onesignal.com *.googletagmanager.com via.placeholder.com placeimg.com placekitten.com cdnjs.cloudflare.com  clickstream.cresendo.net bc.ad.daum.net;media-src 'self' data: blob: *.luniverse.io *.cur-google.com *.googleapis.com *.gstatic.com *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.amazonaws.com *.google-analytics.com *.facebook.com *.google.com *.google.co.kr stats.g.doubleclick.net *.twitter.com *.x.com *.twimg.com *.onesignal.com onesignal.com *.googletagmanager.com via.placeholder.com placeimg.com placekitten.com cdnjs.cloudflare.com  clickstream.cresendo.net bc.ad.daum.net;manifest-src 'self';object-src 'self' data: *.upbit.com *.upbitit.com *.upbitit.sh *.upbitit.cool *.upbitit.tv *.upbitit.in *.upbitit.me *.amazonaws.com *.twitter.com;base-uri 'self';block-all-mixed-content;script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.kariyer.net 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; media-src 'self' *.gstatic.com storage.googleapis.com *.googlevideo.com; script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-lgJnwAolJEfUZqcADCe937u5G/i9edAudHv5GJlMHHo=' 'sha256-f4ki6ad4xHBnfj+FbRBUifEbj0rzaa2pNLDbnZ3IEMs=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-Y/HIjyFCMWLG5aCowKhGBKP5em9S2M097hRagv3TXQ0=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-qmxgNLBk8DehEAH10pxGKDVGIrss69LIPlCGOCw3O78='; require-trusted-types-for 'script'; base-uri 'none'; img-src * data: blob:; object-src 'none'; default-src 'self' *.gstatic.com storage.googleapis.com 1
default-src 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://*.linkedin.oribi.io https://*.applicationinsights.azure.com https://westeurope.livediagnostics.monitor.azure.com *.consentmanager.net promo.skf.com *.promo.skf.com *.actonservice.com *.ads.linkedin.com skfsso-test.skf.com skfsso-qa.skf.com skfsso.skf.com https: ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.googleapis.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://mc.yandex.ru https://yastatic.net https://www.google.iq https://www.google.com.eg https://www.google.com.co https://www.google.co.kr https://www.google.com.sa https://www.google.com.ni https://www.google.rs https://www.google.com.pk https://www.google.com.gt https://www.google.al https://www.google.hn https://www.google.dz https://www.google.com.ec https://www.google.jo https://www.gstatic.com https://remote.captcha.com https://www.google.com.bh https://www.googleadservices.com https://*.doubleclick.net https://az416426.vo.msecnd.net https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.slim.min.js https://connect.facebook.net https://*.promo.skf.com https://js-agent.newrelic.com https://*.googleapis.com https://promo.skf.com https://script.hotjar.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://service.giosg.com https://bookeo.com https://*.bookeo.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.go-mpulse.net https://*.giosg.com;style-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.googleapis.com https://use.fontawesome.com https://service.giosg.com; media-src blob: https://skfsso.skf.com https://skfsso-test.skf.com https://staging.prod.skf.com https://skf.com https://www.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://www.youtube.com https://hiresmedia.skf.com;connect-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://*.actonsoftware.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.applicationinsights.azure.com https://*.linkedin.oribi.io https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://skfcom-stag-fileupload.azurewebsites.net https://skfcom-staging-contactskfservice.azurewebsites.net https://skfcom-prod-fileupload.azurewebsites.net https://skfcom-prod-contactskfservice.azurewebsites.net https://p11.techlab-cdn.com https://*.googleapis.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com https://*.googlevideo.com https://*.doubleclick.net https://webapi.partcommunity.com https://bam.nr-data.net https://search.skf.com https://webassistants.partcommunity.com https://*.google-analytics.com https://*.analytics.google.com https://*.giosg.com https://bookeo.com https://*.bookeo.com https://*.hotjar.io https://dc.services.visualstudio.com/v2/track wss://messagerouter.giosg.com https://*.akstat.io https://*.go-mpulse.net https://traceparts-cache.s3.eu-west-1.amazonaws.com https://*.giosgusercontent.com https://px.ads.linkedin.com;font-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://fonts.skf.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com https://*.giosgusercontent.com data: ;frame-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://www.skf.com https://webapi.partcommunity.com https://www.youtube.com/ https://vars.hotjar.com https://www.google.com https://bookeo.com https://*.bookeo.com https://*.clients.giosgusercontent.com https://service.giosg.com https://www.facebook.com https://www.traceparts.com;img-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://*.googleapis.com https://www.google.com https://*.ggpht.com https://www.gstatic.com https://www.google.co.bw https://www.google.az https://www.google.am https://www.google.co.ke https://www.google.is https://www.google.hr https://www.google.sr https://www.google.mk https://www.google.com.py https://www.google.co.uz https://www.google.com.uy https://www.google.com.do https://www.google.com.bz https://www.google.com.na https://www.google.co.zm https://www.google.cm https://www.google.bg https://www.google.iq https://www.google.co.tz https://www.google.com.bh https://www.google.com.ec https://www.google.com.ph https://www.google.com.om https://www.google.al https://www.google.gr https://www.google.dz https://www.google.com.mt https://www.google.lt https://www.google.rs https://www.google.co.ma https://www.google.com.sa https://www.google.jo https://www.google.com.co https://www.google.co.kr https://www.google.mg https://www.google.com.eg https://www.google.com.pk https://www.google.rw https://www.google.ba https://www.google.co.il https://www.google.lu https://www.google.ge https://www.google.hn https://www.google.com.ua https://www.google.com.my https://www.google.co.jp https://www.google.sk https://www.google.co.nz https://www.google.ae https://www.google.co.id https://www.google.kz https://www.google.ro https://www.google.com.tw https://www.google.com.sg https://www.google.com.bd https://www.google.com.vn https://www.google.com.hk https://www.google.com.ar https://www.google.pt https://www.google.co.ve https://www.google.hu https://www.google.com.qa https://www.google.lv https://www.google.si https://www.google.ie https://vehicleaftermarket.skf.com https://www.google.com.sv https://www.google.dk https://www.google.co.th https://www.google.co.za https://www.google.cl https://www.google.tt https://www.google.com.ar https://www.google.ee https://www.google.ru https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.co.in https://www.google.com.ng https://www.google.cz https://www.google.ca https://www.google.fr https://www.google.com.br https://www.google.pl https://www.google.de https://www.google.ch https://www.google.com.pe https://*.ads.linkedin.com https://www.google.tn https://www.google.be https://www.google.by https://www.google.es https://www.google.com.tr https://www.google.com.au https://www.google.com.mx https://www.google.at https://www.google.fi https://www.google.co.uk https://www.google.nl https://www.google.it https://search.skf.com https://yt3.ggpht.com https://*.ytimg.com https://img.youtube.com http://www.skf.com https://*.promo.skf.com https://*.googleapis.com https://maps.gstatic.com https://promo.skf.com https://www.linkedin.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.no https://www.google.se https://cdn.giosgusercontent.com https://static.giosg.com https://www.googletagmanager.com https://script.hotjar.com https://*.akstat.io data:; 1
frame-ancestors 'self'; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.komputerswiat.pl::mototech_master-1.63.0 1
default-src 'none'; base-uri 'self'; form-action 'self'; connect-src 'self' *.licdn.com *.licdn.cn *.linkedin.com *.linkedin.cn dpm.demdex.net/id lnkd.demdex.net blob: linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn s.c.lnkd.licdn.com s.c.lnkd.licdn.cn platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn s.c.lnkd.licdn.com s.c.lnkd.licdn.cn; media-src *.licdn.com *.licdn.cn; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn s.c.lnkd.licdn.com s.c.lnkd.licdn.cn; frame-src 'self' lnkd.demdex.net *.qq.com webcompt:; frame-ancestors 'none'; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=wf 1
frame-ancestors 'self' *.griffith.edu.au 1
frame-ancestors 'self' https://www.stems-music.com; 1
default-src 'self' fstcdn.net *.fstcdn.net us1.fstcdn.net; connect-src 'self' heyfiesta.com eu1.heyfiesta.com us1.heyfiesta.com am1.heyfiesta.com gew3.heyfiesta.com fr1.heyfiesta.com fstcdn.net *.fstcdn.net us1.fstcdn.net  *.api.here.com *.paypal.com https://google.com *.googlesyndication.com *.gstatic.com api.giphy.com api.tenor.com g.tenor.com *.doubleclick.net *.mapbox.com https://www.facebook.com wss://badoocdn.com:* wss://*.badoocdn.com:*;  script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-L5eu2wstY17OiQnCGKQTvVdMXTQ=' 'report-sample' fstcdn.net *.fstcdn.net us1.fstcdn.net  *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; style-src 'self' 'unsafe-inline' fstcdn.net *.fstcdn.net us1.fstcdn.net vk.com *.vk.me *.googleapis.com; font-src 'self' data: fstcdn.net *.fstcdn.net us1.fstcdn.net fonts.googleapis.com fonts.gstatic.com;  prefetch-src 'self'  fstcdn.net *.fstcdn.net us1.fstcdn.net *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com ; img-src * data: blob:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  fstcdn.net *.fstcdn.net us1.fstcdn.net; base-uri 'self'; manifest-src 'self' heyfiesta.com eu1.heyfiesta.com us1.heyfiesta.com am1.heyfiesta.com gew3.heyfiesta.com fr1.heyfiesta.com; form-action 'self'  *; frame-src * fiesta:; frame-ancestors 'self' apps.facebook.com; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=fiesta_web&release=30309&env=production 1
require-trusted-types-for 'script' 1
frame-ancestors 'self' http://alienvault.lookbookhq.com/ https://alienvault.lookbookhq.com/ http://learn-cybersecurity.att.com https://learn-cybersecurity.att.com http://walkme.com https://walkme.com http://www.alienvault-demo-usm-anywhere.com https://www.alienvault-demo-usm-anywhere.com always; 1
frame-ancestors 'self'; report-uri https://www.wwu.edu/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com directline.botframework.com wss://directline.botframework.com; font-src 'self' data: fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org; img-src data: blob: *; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; object-src 'none'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com; style-src 'unsafe-inline' www.youtube.com; base-uri 'none'; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://*.daad.com http://*.daad.com 1
frame-ancestors 'self' www.googletagmanager.com *.doubleclick.net *.fls.doubleclick.net pixel-a.basis.net secure.img-cdn.mediaplex.com pixel.dsp.townsquaremedia.com insight.adsrvr.org pixel-a.basis.net www.oesv.at www.mlp-academics-heidelberg.de www.skiweltcup-dresden.de apps.de.etix.com ci6.googleusercontent.com; 1
upgrade-insecure-requests; frame-ancestors 'self' *.newbathpros.com *.cabinetremodelpros.com *.gutterguardpros.com *.viewhudforeclosures.com *.newhvacquotes.com *.newbathroomquotes.com *.coolingheatingpros.com *.windowreplacepros.com *.newwindowquotes.com *.bankforeclosureslisting.com *.contractors.com *.imotors.com *.insurecenter.com *.leadingroofingpros.com *.online-home-values.com *.homepaintingestimates.com *.heatproestimates.com *.localcoolingpros.com *.generator-installers.com *.electricianprices.com *.generator-installers.com *.localwaterheaterpros.com *.localroofpro.com *.realtynow.com *.remodelrepairreplace.com *.solarenergyquotes.com *.homegain.com *.newroofingpro.com *.contractorsmith.com *.fha-approved.com *.newforeclosedhomes.com *.lawyerfinderpro.com *.nationalhomeproject.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-GKcF/fpPEWSWE1iMzkPfvg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com https://unpkg.com *.webspellchecker.net *.epo.org *.jquery.com *.cloudflare.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' *.webspellchecker.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css; img-src 'self' 'unsafe-inline' *.pixabay.com data: *.iconify.design *.ytimg.com *.google.com *.epo.org; frame-src *.youtube.com 'self' *.epo.org *.epoline.org; frame-ancestors 'self'; child-src blob:; font-src 'self' *.fontawesome.com *.webspellchecker.net data:; connect-src 'self' *.fontawesome.com *.webspellchecker.net *.epo.org storage.googleapis.com *.friendlycaptcha.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; frame-ancestors 'self' https://content.anaconda.com/ 1
frame-ancestors 'self' https://*.collegedunia.com 1
frame-ancestors 'self' https://photo.riteaid.com/ https://photocar.riteaid.com/ https://chat.riteaid.com/ 1
report-uri https://www.yelp.com/csp_block?id=9bd18fbba946bce6&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1705983806; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totaladblock.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totaladblock.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totaladblock.com http://url.totaladblock.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totaladblock.com https://www.google.com/; connect-src 'self' https://my.totaladblock.com https://ajax.totaladblock.com https://login.totaladblock.com https://signup.totaladblock.com https://my.totaladblock.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totaladblock.com; frame-ancestors 'self' 1
default-src 'self' https: blob:; object-src 'none'; font-src 'self' *.hotjar.com https: data:; frame-src 'self' *.hotjar.com *.youtube.com *.recaptcha.net https:; img-src 'self' dev.visualwebsiteoptimizer.com *.google.co.jp *.google.com *.hotjar.com d35ldbtxkyypa3.cloudfront.net https: data:; script-src 'self' buttons.github.io d35ldbtxkyypa3.cloudfront.net *.dreamdata.cloud glass.io *.glass.io *.googletagmanager.com *.google.com googleads.g.doubleclick.net *.google-analytics.com *.gstatic.com *.hotjar.com *.intercomcdn.com *.intercom.io *.packagecloud.io *.recaptcha.net *.segment.com *.statuspage.io *.stripe.com dev.visualwebsiteoptimizer.com *.woopra.com *.wootric.com hooks.zapier.com https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' maxcdn.bootstrapcdn.com *.packagecloud.io d35ldbtxkyypa3.cloudfront.net glass.io *.glass.io *.hotjar.com https: 'unsafe-inline'; connect-src 'self' *.ably.io wss://*.ably.io/ *.bugsnag.com d35ldbtxkyypa3.cloudfront.net *.daily.co wss://*.wss.daily.co *.dreamdata.cloud *.doubleclick.net glass.io *.glass.io *.google.com *.google-analytics.com *.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.intercom.io *.intercomcdn.com prod-ks.pluot.blue *.packagecloud.io *.segment.com *.segment.io *.sessionstack.com wss://*.sessionstack.com *.statuspage.io *.stripe.com dev.visualwebsiteoptimizer.com *.woopra.com *.wootric.com wss://nexus-websocket-a.intercom.io hooks.zapier.com; report-uri https://3uj2qkwpvhafs5c5u4oinchrlq0ubfxg.lambda-url.us-east-1.on.aws/ 1
default-src * blob: 'unsafe-eval' data: 'unsafe-inline' 1
frame-ancestors https://*.smartprix.com 1
default-src 'self'; base-uri 'self'; script-src 'nonce-259bead9f191aff2c3eb5d2b0151eb16' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.eharmony.com https://tms.eharmony.com https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors 'self'; default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net *.hubspot.com *.akamaihd.net *.vimeo.com *.hsforms.net *.sharethis.com *.google-analytics.com *.gstatic.com *.twitter.com *.addthis.com *.googleapis.com *.youtube.com *.adyen.com *.hs-scripts.com *.hs-analytics.net *.twimg.com *.wowza.com *.pcissc.org latencytimer.azurewebsites.net cc.cdn.civiccomputing.com cdnjs.cloudflare.com cdn.parsely.com api.parsely.com p1.parsely.com *.googletagmanager.com stats.g.doubleclick.net apikeys.civiccomputing.com *.cludo.com *.pcisecuritystandards.org *.force.com pcisecuritystandards.studio *.hsforms.com blob: data:; img-src https: data:; 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-e159cee0020e83e1'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.recaptcha.net/recaptcha/api.js https://c0.pubmine.com https://s.pubmine.com https://criteo.com https://*.criteo.com https://criteo.net https://*.criteo.net https://*.vexowi.com https://vexowi.com https://c.amazon-adsystem.com https://*.3lift.com https://3lift.com https://z.moatads.com https://*.moatads.com https://*.smartadserver.com https://app.link https://*.sascdn.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagservices.com/ https://cdn.parsely.com https://a.teads.tv/analytics/tag.js https://assets.tumblr.com https://ads.pubmatic.com https://cdn.jsdelivr.net https://*.privacymanager.io https://*.rlcdn.com https://s3-us-west-2.amazonaws.com/sftemp/sf_v1.0.1/ https://assets.tumblr.com/pop/ 'nonce-MDJmNjg5ZTA2NmE0ZWQzZjM3ZWE2OWUxM2Q1YjI4MDU='; report-uri /svc/cspreports; object-src 'none'; worker-src blob: 'self'; base-uri 'self' 1
frame-ancestors 'self' https://*.ohio.edu https://*.oit.ohio.edu; 1
default-src 'self' *.ibs.it 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.awin1.com yourcitynolimits.com edgeshoppingstatic.azureedge.net *.lafeltrinelli.it maxcdn.bootstrapcdn.com mozbar.moz.com *.calicluo.com *.stoploco.com *.colloquiumz.com eu.klarnaevt.com api.clean-blocker.com js.klarna.com *.jsdelivr.net *.bing.com api.blocksly.org a.twiago.com *.thebrighttag.com jadserve.postrelease.com jwpltx.com trends.revcontent.com fibs-prd-apim-gw.life-cloud.net europe.directline.botframework.com europe.directline.botframework.com *.lacedefe.com s.ad.smaato.net *.zunelrish.com *.demdex.net s.kelkoogroup.net *.go-mpulse.net http://p2c.xplace.de code.jquery.com sync.aralego.com creativecdn.com *.creativecdn.com *.3lift.com trk.lgw.io insights.algolia.io alemobility.com icecat.biz tapestry.tapad.com *.algolianet.com *.tradedoubler.com *.socdm.com *.tradetracker.com *.tradetracker.net ray.st i.liadm.com the.sciencebehindecommerce.com tafopo.navahididi.com g.alicdn.com pubmatic.com *.criteo.net *.criteo.com criteo-partners.tremorhub.com *.avast.com *.azure.net *.monitor.azure.net conoret.com *.bidswitch.net contextual.media.net ads.stickyadstv.com *.clmbtech.com *.logitalie.com *.jwpcdn.com *.moiziq.com data1.pakolir.com *.krxd.net *.ampproject.org *.adform.net id5-sync.com *.moz.com pixel.rubiconproject.com ups.analytics.yahoo.com *.dable.com ibs-prod.mirakl.net sync-criteo.ads.yieldmo.com ad.yieldlab.net criteo-partners.tremorhub.com idsync.rlcdn.com ad.tpmn.co.kr *.mediawallahscript.com *.kk-resources.com *.igodigital.com *.smartadserver.com *.w3.org *.googletagmanager.com bsa-media.s3.amazonaws.com *.pubmatic.com *.googletagservices.com inishop.com www.youtube-nocookie.com *.googleoptimize.com *.blob.core.windows.net samples.findawayworld.com *.akamaihd.net *.kobo.com *.klarnacdn.net *.b-cdn.net *.sharethrough.com *.lift.com *.pletar.com *.adingo.jp *.bidswitch.com *.adnxs.com *.casalemedia.com *.salemedia.com *.mediavine.com *.googleadservices.com conversiontag.commerce-connector.com *.youtube.com *.360yield.com *.ivitrack.com *.clarity.com *.clarity.ms cr-input.mxpnl.net *.tiktok.com *.outbrain.com criteo-sync.teads.tv *.taboola.com *.omnitagjs.com *.facebook.com *.facebook.net *.onetrust.com fibs-prd-apim.azure-api.net *.riskified.com *.icecat.biz *.cookielaw.org *.addtoany.com *.cloudflare.com *.cloudfront.net *.nedua *.doubleclick.net *.wepowerconnections.com *.richrelevance.com *.msecnd.net *.gstatic.com polyfill.io *.algolia.net *.googlesyndication.com *.google-analytics.com *.addthisedge.com *.googleapis.com *.moatads.com *.dwin1.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat properties: blob: data: https: wss:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/ibs-v1/Track 1
frame-ancestors *.insideevs.com insideevs.com 1
frame-ancestors 'self' appsonline.income.com.sg http://wcmadmin12.income.com.sg 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rV8E+/uo41reG9PS6sjI2Sr0H/9sVMz2jlb1VGjcdeXDIkeK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors *.dowjones.net *.mansionglobal.com *.huanyuju.com *.onservo.com 1
frame-ancestors 'self' https://pass.nishinippon.co.jp/; 1
object-src 'none'; script-src 'report-sample' 'sha256-+Aq++ST2Ovr4mF339T+uuFF4xb/VVxOYB+HUBL174oI=' 'sha256-u8RZvo+bPJvqRStOptKkD9rZzDk/Fy+hN0BQQS+Xhv8=' https://924vgradmin.boost.ai/ https://cdn.cookielaw.org/ https://dl.episerver.net/ https://maps.googleapis.com/ https://webanalytics.inera.se/ 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/izYzAkC5/7WrHjskv9k9VbVFtGt7kWQVfPVkYmSeyw=' 'self'; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; style-src-elem 'report-sample' https://fonts.googleapis.com/ 'unsafe-inline' 'self'; base-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-uri https://www.1177.se/api/v1/csp/report; img-src data: https://*.amazonaws.com/ https://*.inviewer.se/ https://924vgradmin.boost.ai/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://webanalytics.inera.se/ 'self'; font-src data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ 'self'; connect-src https://924vgradmin.boost.ai/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://webanalytics.inera.se/ 'self'; frame-src https://924vgradmin.boost.ai/ https://dreambroker.com/ https://play.mediaflowpro.com/; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://media.web.dnb.no https://s7mbrstream-g1.scene7.com https://assets.adobedtm.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.screen9.com https://chat.screen9.com https://dnbbankasa.tt.omtrdc.net https://mboxedge37.tt.omtrdc.net https://cognito-identity.eu-north-1.amazonaws.com https://pzoi5kbexnfyvaotpsa7pjcvnq.appsync-api.eu-north-1.amazonaws.com https://dtm-psg.rovca.eu https://um.web.dnb.no https://ametrics.web.dnbbank.no https://mobilbank.api.dnb.no/ https://m.dnb.no https://www.dnb.no https://dnb.no https://api-open.ccp.dnb.no; font-src 'self' data:; form-action https://dnb.no https://www.dnb.no https://m.dnb.no; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://api.screen9.com https://chat.screen9.com https://chat.dnb.no; img-src 'self' data: https://media.web.dnb.no https://i.ytimg.com https://ametrics.web.dnbbank.no https://m.dnb.no https://www.dnb.no https://dnb.no; manifest-src 'self'; media-src blob: https://media.web.dnb.no https://s7mbrstream-g1.scene7.com; report-uri /portalfront/csp/cspreportlog.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://media.web.dnb.no https://assets.adobedtm.com https://dtm-psg.rovca.eu https://um.web.dnb.no https://ametrics.web.dnbbank.no; style-src 'self' 'unsafe-inline' https://media.web.dnb.no; worker-src blob: 'self'; 1
style-src 'self' 'unsafe-inline' https://flipkartads.azureedge.net https://fonts.googleapis.com/ https://fonts.googleapis.com/icon; default-src 'self'  https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://fonts.googleapis.com https://*.flipkart.com https://www.google.com/ blob:; connect-src 'self' *;; script-src 'nonce-PVDFX/9tdaiv6FIrTOppwg==' 'self' 'unsafe-inline' 'strict-dynamic' https: https://www.google.com https://www.gstatic.com https://google-analytics.com https://www.googletagmanager.com; object-src 'none'; img-src 'self' * data: blob:; base-uri 'self'; worker-src 'self' https://*.flipkart.com blob: 1
frame-ancestors https://*.postbank.de 1
default-src 'self' my.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com assets.adobedtm.com dynatrace.humanservices.gov.au; connect-src blob: 'self' adobedc.demdex.net docs.apigw.my.gov.au edge.adobedc.net *.my.gov.au my.gov.au mygov-dls-bff.apps.openshift-prod1-dca1.csda.gov.au mygov-dls-bff.apps.openshift-prod1-dcb1.csda.gov.au swift.csda.gov.au stats.g.doubleclick.net www.google-analytics.com dynatrace.humanservices.gov.au *.dynamsoft.com https://127.0.0.1:* ws://127.0.0.1:* wss://127.0.0.1:* data: cdn.jsdelivr.net w3.org/svg/2000; img-src 'self' data: blob: stats.g.doubleclick.net swift.csda.gov.au www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'self' blob: swift.csda.gov.au; frame-src 'self' blob: bluey-webchat.azurewebsites.net my.gov.au *.my.gov.au swift.csda.gov.au www.youtube.com www.youtube-nocookie.com 1
img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.paddle.com https://v2.zopim.com https://*.zopim.io; media-src https://v2.zopim.com https://static.zdassets.com; object-src 'none'; worker-src 'none'; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; frame-ancestors 'none'; report-uri /api/v1/reports; 1
default-src 'self' 'unsafe-inline' *.stripe.com *.paypal.com *.paypalobjects.com platform.twitter.com syndication.twitter.com code.jquery.com cdn.jsdelivr.net www.gstatic.com www.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.googleapis.com *.fontawesome.com api.ipdata.co 1
default-src 'self' data: maps.googleapis.com fonts.googleapis.com *.gstatic.com talos.adman.gr *.pstatic.gr www.bestprice.gr https://static.pexels.com https://accounts.google.com 'unsafe-eval'; script-src 'unsafe-inline' connect.facebook.com www.google-analytics.com *.analytics.google.com *.google.gr www.googletagmanager.com *.cloudflareinsights.com *.google.com talos.adman.gr connect.facebook.net graph.facebook.com googleads.g.doubleclick.net *.googleadservices.com *.googlecode.com *.googleapis.com *.adman.gr *.bestprice.gr *.pstatic.gr *.getsentry.com *.sentry.io *.adsafeprotected.com pagead2.googlesyndication.com adservice.google.gr *.instagram.com 'unsafe-eval' *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.pstatic.gr *.adman.gr *.facebook.com *.twitter.com *.gravatar.com *.google.com *.adsafeprotected.com *.fonts.google.com; frame-src 'self' data: *.adman.gr *.facebook.com bs.serving-sys.com *.youtube.com *.adsafeprotected.com *.instagram.com https://accounts.google.com/ https://www.youtube-nocookie.com/ googleads.g.doubleclick.net ads.eu.criteo.com https://embed.playbuzz.com; frame-ancestors 'self' *.googleusercontent.com content.bestprice.gr *.adsafeprotected.com https://*.playbuzz.com ads.eu.criteo.com; connect-src 'self' stats.g.doubleclick.net api.airtable.com accounts.google.com rpc.bestprice.gr local.bestprice.gr:4002 hal.bestprice.gr maps.googleapis.com www.google-analytics.com www.googletagmanager.com script.google.com pubsub.bestprice.gr cloudflareinsights.com ws://pubsub.bestprice.gr wss://pubsub.bestprice.gr script.googleusercontent.com graph.facebook.com www.bestprice.gr www.sentry.io app.getsentry.com *.ingest.sentry.io *.pstatic.gr *.adman.gr *.adsafeprotected.com *.instagram.com api.github.com georgep.bestprice.gr or.bestprice.gr *.google-analytics.com *.analytics.google.com *.google.gr https://oauth2.googleapis.com https://*.googleusercontent.com *.clarity.ms; img-src 'self' data: www.bestprice.gr graph.facebook.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.cloudflareinsights.com platform-lookaside.fbsbx.com *.google.com *.doubleclick.net *.google.gr *.pstatic.gr *.gstatic.com *.githubusercontent.com *.youtube.com *.googleapis.com *.googlecode.com *.facebook.com *.twimg.com *.fbcdn.net www.google.com www.google.gr *.fbsbx.com *.googleusercontent.com *.adsafeprotected.com *.googlesyndication.com *.adman.gr ad.doubleclick.net *.openstreetmap.org bpcdn.gr https://www.youtube-nocookie.com/ bs.serving-sys.com *.demdex.net https://hal.bestprice.gr *.clarity.ms *.bing.com; object-src 'none'; child-src 'self' blob; base-uri 'self'; font-src fonts.gstatic.com fonts.googleapis.com data:; worker-src *.bestprice.gr blob: 'self' 1
connect-src * 'self' 1
default-src 'self' https://apis.mapmyindia.com https://img1.digitallocker.gov.in *.dl6.in *.gov.in; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://apis.mappls.com https://*.dl6.in https://code.highcharts.com https://cdn.jsdelivr.net https://static.addtoany.com https://cdn.datatables.net https://code.jquery.com https://ajax.googleapis.com https://img1.digitallocker.gov.in https://www.gstatic.com https://www.googletagmanager.com http://*.dl6.in http://*.gov.in https://betadigiyuva.dl6.in; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://img1.digitallocker.gov.in *.dl6.in; img-src * data: blob: 'unsafe-inline'; media-src 'self' https://shilafalkam.s3.ap-south-1.amazonaws.com https://img1.digitallocker.gov.in; frame-src 'self' https://www.google.com https://img1.digitallocker.gov.in https://static.addtoany.com https://www.youtube.com https://maps.google.com; font-src 'self' https://db.onlinewebfonts.com https://fonts.gstatic.com https://img1.digitallocker.gov.in https://maxcdn.bootstrapcdn.com https://*.dl6.in; connect-src 'self' https://geoanalytics.mapmyindia.com https://www.mappls.com https://mt2.mapmyindia.com https://yuvastats.dl6.in https://nadstats.dl6.in https://img1.digitallocker.gov.in https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://www.google-analytics.com *.dl6.in *.gov.in; 1
default-src https: 'unsafe-inline' data: blob:; connect-src https: wss://messages.rebelmouse.io wss://chat.rebelmouse.io; frame-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; media-src https: 'unsafe-inline' blob:; img-src https: http: data: blob:; frame-ancestors https: 1
default-src * self blob: data: gap:; style-src * self 'unsafe-inline'; object-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: data: gap:;  frame-src * self blob: data: gap:;font-src * 'self' blob: data: gap:; 1
default-src https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com 'self'; img-src data: https://pagead2.googlesyndication.com https://click.topturizm.ru https://d2ttnongggltje.cloudfront.net https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://matchid.adfox.yandex.ru https://*.adfox.ru http://banners.adfox.ru https://hexagon-analytics.com https://*.g.doubleclick.net https://s.youtube.com https://www.kayak.com https://*.facebook.com https://*.clicktripz.com https://*.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://img.twiket.cfafom.ua https://media.expedia.com https://www.google-analytics.com https://servedbyadbutler.com https://b.siftscience.com https://usage.trackjs.com https://*.amadeus.com https://*.onetwotrip.com https://*.google.com https://www.google.ru https://ads.otthyper.com https://*.rackcdn.com https://*.mapbox.com https://*.bstatic.com https://img.twiket.com.ua https://cdn.cartrawler.com https://www.tcsbank.ru https://level.travel https://*.4sqi.net https://d2f9dw3b0opbul.cloudfront.net https://www.sixt.de https://*.olt.su https://s3.level.travel https://static.europcar.com https://*.vk.com https://vk.com https://an.yandex.ru https://tpc.googlesyndication.com https://www.google.com.ua https://ad.mail.ru https://mc.yandex.ru https://*.googleusercontent.com 'self'; script-src https://*.googletagmanager.com https://cdn.polyfill.io https://partner.tophotels.ru https://banners.adfox.ru https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://*.doubleclick.net https://*.clicktripz.com https://matchid.adfox.yandex.ru https://ads.adfox.ru https://npmcdn.com https://connect.mail.ru https://static.olark.com https://*.gstatic.com https://www.odnoklassniki.ru https://connect.ok.ru https://*.facebook.net https://*.facebook.com https://*.amazonaws.com https://*.googleapis.com https://*.addthis.com https://yastatic.net https://*.criteo.com https://static.criteo.net https://*.google.com https://*.google.com.ua https://www.googleadservices.com https://*.otthyper.com https://www.google-analytics.com https://www.googletagservices.com https://adservice.google.ru https://cdn.ampproject.org https://*.googlesyndication.com https://*.onetwotrip.com https://vk.com https://www.tns.counter.ru https://bs.serving-sys.com https://adriver.ru https://gemius.pl https://weborama.com https://*.splitmetrics.com https://dalusewymm5m7.cloudfront.net https://*.googletagmanager.com.ua https://*.googletagmanager.de https://adservice.google.com https://js.crypto.com https://*.bridgerpay.com https://*.googleusercontent.com https://appleid.cdn-apple.com https://mc.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; frame-src https: ; connect-src https://pagead2.googlesyndication.com https://*.g.doubleclick.net https://csi.gstatic.com https://ads.adfox.ru https://translate.yandex.net https://servedbyadbutler.com https://*.onetwotrip.com https://ads.otthyper.com https://capture.trackjs.com https://*.youtube.com https://www.google-analytics.com https://www.tcsbank.ru https://connect.mail.ru https://onesignal.com https://*.onesignal.com https://*.blablacar.com https://*.clicktripz.com https://top-fwz1.mail.ru https://*.splitmetrics.com wss://*.onetwotrip.com https://tpc.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://mc.yandex.ru 'self'; style-src https://tagmanager.google.com https://partner.tophotels.ru https://npmcdn.com https://*.amazonaws.com https://*.googleapis.com https://onesignal.com https://*.onesignal.com https://*.facebook.com https://partner.onetwotrip.com https://*.googletagmanager.com.ua https://*.googletagmanager.de https://www.google-analytics.com https://fonts.googleapis.com 'self' 'unsafe-inline'; font-src https://static.onetwotrip.com https://fonts.gstatic.com https://partner.onetwotrip.com https://fonts.googleapis.com 'self' data: ; form-action *; report-uri https://www.onetwotrip.com/_api/statistics/addCSPR; object-src https://ott-static.s3.eu-central-1.amazonaws.com; frame-ancestors https://*.onetwotrip.com https://vk.com https://*.vk.com https://trvl.spasibosberbank.travel 'self'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MTFjYThhZTAyODVjNGM1NWIwZGJhOTkwNDJlZWNlZTE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.government.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.government.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.government.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://data.rlp.de; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.rlp.de/; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com; font-src 'self'; manifest-src 'self' 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com assets.rescuetime.com assets-dev.rescuetime.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net stats.g.doubleclick.net *.sumologic.com sentry.io *.ingest.sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com *.asana.com trello.com *.atlassian.com github.com *.google.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build blog.rescuetime.com *.fontawesome.com *.getharvest.com; font-src 'self' data: d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build *.fontawesome.com; form-action 'self' community.rescuetime.com blog.rescuetime.com *.welltory.com slack.com *.asana.com trello.com *.atlassian.com github.com *.github.com google.com *.google.com *.microsoftonline.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com spotify.com *.spotify.com getharvest.com *.getharvest.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com bid.g.doubleclick.net *.facebook.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.userreport.com *.gist.build; img-src 'self' data: d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com www.google.com googleads.g.doubleclick.net *.adsymptotic.com *.visualwebsiteoptimizer.com *.ads.linkedin.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.scdn.co *.userreport.com *.gist.build; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net support-media-storage.s3.amazonaws.com d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net assets.rescuetime.com assets-dev.rescuetime.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.licdn.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.sentry-cdn.com *.gist.build gist-queue-consumer-api.cloud.gist.build ajax.googleapis.com blog.rescuetime.com *.userreport.com *.fontawesome.com; style-src 'self' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build; upgrade-insecure-requests; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://td.doubleclick.net https://analytics.tiktok.com https://pagead2.googlesyndication.com http://fanibotdev.eastus.cloudapp.azure.com https://fanibotdev.eastus.cloudapp.azure.com https://appsrv-openia-fanibot-dev.azurewebsites.net https://appsrv-webfanibotdev.azurewebsites.net https://lynn-latam-testing-br-ch-reg-t2913.azurewebsites.net https://appsrv-webfanibotsb.azurewebsites.net https://vision.googleapis.com https://firebasestorage.googleapis.com https://firestore.googleapis.com https://*.clarity.ms http://portalpersonas.bancochile.cl https://snippet.maze.co https://t.maze.co www.appsbch.cl *.google.com wss://*.hotjar.com https://*.qualtrics.com https://*.hotjar.io https://vc.hotjar.io *.hotjar.com https://ad.doubleclick.net https://*.nr-data.net https://*.newrelic.com https://*.bancochile.cl https://*.bancoedwards.cl https://lib-us-3.brilliantcollector.com https://lib-us-1.brilliantcollector.com https://www.google-analytics.com https://connect.facebook.net https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com *.nr-data.net *.cn-dev.ocilab.labchile.cl *.sb-onboarding-persona.cn-dev.ocilab.labchile.cl sitiospublicos.bchpreproductivos.com *.google-analytics.com optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://bancochile-promociones.cl https://*.bancochile-promociones.cl https://ww3.bancochile.cl https://www.google-analytics.com https://www.facebook.com https://*.bancochile.cl https://*.bancoedwards.cl www.google.com www.google.com.ar https://maps.gstatic.com https://maps.googleapis.com https://www.google.cl optimize.google.com https://sucursales.bancochile-promociones.cl https://*.bancochile.cl https://*.bancoedwards.cl https://fonts.googleapis.com *.youtube.com www.googleadservices.com dynamic.criteo.com dynamic.criteo.net stats.g.doubleclick.net bat.bing.com static.criteo.net googleads.g.doubleclick.net gum.criteo.com sslwidget.criteo.com bid.g.doubleclick.net https://10743875.fls.doubleclick.net https://*.teads.tv https://mdstrm.com https://eu2.device-api.indigitall.com https://entelvisa2.recoline.cl console.dialogflow.com static.dialogflow.com dialogflow.cloud.google.com jv30gcqsq7.execute-api.us-east-1.amazonaws.com tubanco.typeform.com typeform.com *.mopinion.com www.gfl85trk.com https://9879117.fls.doubleclick.net https://api.openweathermap.org https://www.googleoptimize.com gw.api.bancochile.cl https://ads.sonataplatform.com https://listado-sucursales-default-rtdb.firebaseio.com https://identitytoolkit.googleapis.com https://static.dialogflow.com https://cdn.tailwindcss.com https://*.launchdarkly.com https://*.unpkg.com https://unpkg.com;  1
frame-ancestors 'self' https://move.mvg.de; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.soulapp.cn hm.baidu.com; style-src 'self' 'unsafe-inline' *.soulapp.cn; img-src 'self' *.soulapp.cn hm.baidu.com; font-src 'self' *.soulapp.cn; media-src 'self' *.soulapp.cn 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.adition.com *.amazonaws.com *.baqend.com *.booxi.com *.booxi.eu *.braintree-api.com *.cloudfront.net *.cube-net.pub *.decathlon.de *.decathlon.io *.decathlon.net *.excentos.com *.go-mpulse.net *.google.de *.googleadservices.com *.intelliad.de *.online-metrix.net *.pinimg.com *.pinterest.com *.privacy-center.org *.tagcommander.com *.trustedshops.com *.userlike.com adservice.google.com api.usabilla.com cdn.conative.de cdn.dynamicyield.com connect.facebook.net d6tizftlrpuof.cloudfront.net fast.smarketer.de/ fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com ib.adnxs.com js-cdn.dynatrace.com maps.gstatic.com s3-eu-west-1.amazonaws.com scripts.publitas.com ssl.hurra.com st-eu.dynamicyield.com stage.excentos.com staticxx.facebook.com storage.googleapis.com tpc.googlesyndication.com ui.onepay.decathlon.io usabilla.com/ view.publitas.com w.usabilla.com widget.fintanalytics.com widgets.trustedshops.com www.awin1.com www.dwin1.com www.facebook.com www.google-analytics.com www.google.at www.google.com www.google.fr www.gstatic.com c.searchhub.io euob.roundprinceweb.com obseu.roundprinceweb.com userlike-cdn-umm.b-cdn.net widget.simplybook.pro rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com pagead2.googlesyndication.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.akafms.net *.akstat.io *.amazonaws.com *.baqend.com *.booxi.com *.cloudfront.net *.decathlon.de *.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.dynatrace.com *.excentos.com *.facebook.net *.go-mpulse.net *.google.com *.google.de *.googleadservices.com *.intelliad.de *.mediadecathlon.com *.online-metrix.net *.paypalobjects.com *.pinimg.com *.pinterest.com *.privacy-center.org *.publitas.com *.tagcommander.com *.trustedshops.com *.trylive.com *.usabilla.com *.userlike.com adm.dynamicyield.eu adventori.com api.decathlon.de api.trustbadge.etrusted.com api.trustedshops.com api.usabilla.com async-px-eu.dynamicyield.com c.go-mpulse.net cdn-eu.dynamicyield.com cdn-eu.dynamicyield.eu cdn.conative.de cdn.dynamicyield.com ce.lijit.com commander1.com connect.facebook.net content.decathlon.de contents.mediadecathlon.com ct.pinterest.com d6tizftlrpuof.cloudfront.net d6tizftlrpuof.cloudfront.net/ data.decathlon.de fast.smarketer.de/ fm.flashtalking.com gum.criteo.com ib.adnxs.com logging.trustbadge.com media.marktjagd.com opt-eu.euc1.dynamicyield.com p.crm4d.com player.vimeo.com px-eu.dynamicyield.com rcom-eu.dynamicyield.com s3-eu-west-1.amazonaws.com shops-si.trustedshops.com sofia.trustx.org spotlight.offerista.com ssl.hurra.com st-eu.dynamicyield.com staticxx.facebook.com storage.googleapis.com sync.adotmob.com tpc.googlesyndication.com trustbadge.api.etrusted.com ui.onepay-qualification.decathlon.io ui.onepay.decathlon.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com visitor.omnitagjs.com w.usabilla.com widgets.trustedshops.com wurfl.io www.awin1.com www.dwin1.com www.google-analytics.com www.google.at www.google.co.uk www.google.com www.google.com.hk www.google.com.tr www.google.cz www.google.es www.google.fr www.google.hr www.google.pt www.googleadservices.com www.gstatic.com www.mediadecathlon.com www.youtube.com wss://umd.userlike.com fpc.decathlon.de saas.searchhub.io euob.roundprinceweb.com obseu.roundprinceweb.com pagead2.googlesyndication.com *.criteo.com *.criteo.net 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com cdn.tagcommander.com platform.commandersact.com *.commander1.com *.adnxs.com *.salecycle.com redirect3536.tagcommander.com *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com creativecdn.com *.adition.com *.cube-net.pub adservice.google.com fonts.gstatic.com googleads.g.doubleclick.net js-cdn.dynatrace.com maps.gstatic.com scripts.publitas.com stage.excentos.com usabilla.com/ view.publitas.com widget.fintanalytics.com c.searchhub.io userlike-cdn-umm.b-cdn.net widget.simplybook.pro rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com data: blob: *.cube-net.org prod-wt.aws.y-track.com manager.tagcommander.com www.google.it www.google.nl www.google.be www.google.pl *.gstatic.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net icons.batch.com p.searchhub.io cdn.speedsize.com https://userlike-cdn-operators.userlike.com *.imagekit.io fonts.googleapis.com https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ scripts.publitas.com/ paypalobjects.com players.brightcove.net chat.userlike.com secure.brightcove.com bcboltbde696aa-a.akamaihd.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com pay.google.com decathlon-de-de--tst2.custhelp.com kundenservice.decathlon.de www.pinterest.de decathlon.simplybook.pro https://widget.simplybook.pro;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.baqend.com *.booxi.com *.booxi.eu *.braintree-api.com *.braintreegateway.com *.decathlon.de *.excentos.com *.go-mpulse.net *.google.de *.online-metrix.net *.oppwa.com *.pinimg.com *.pinterest.com *.y-track.com api.usabilla.com cdn.dynamicyield.com ce.lijit.com connect.facebook.net d6tizftlrpuof.cloudfront.net fm.flashtalking.com fonts.gstatic.com googleads.g.doubleclick.net maps.gstatic.com onepay-ui.decathlon.net oppwa.com p.crm4d.com s3-eu-west-1.amazonaws.com sofia.trustx.org ssl.hurra.com staticxx.facebook.com sync.adotmob.com tpc.googlesyndication.com ui.onepay.decathlon.io visitor.omnitagjs.com w.usabilla.com widgets.trustedshops.com www.awin1.com www.dwin1.com www.google.at www.google.co.uk www.google.com.hk www.google.com.tr www.google.cz www.google.hr www.google.pt www.googletagmanager.com www.gstatic.com icons.batch.com p.searchhub.io cdn.speedsize.com euob.roundprinceweb.com obseu.roundprinceweb.com userlike-cdn-umm.b-cdn.net https://userlike-cdn-operators.userlike.com rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com *.imagekit.io;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.dynamicyield.com *.dynamicyield.eu *.excentos.com *.google.de *.googleadservices.com *.usabilla.com cdn-eu.dynamicyield.com cdn-eu.dynamicyield.eu cdn.dynamicyield.com d6tizftlrpuof.cloudfront.net scripts.publitas.com/ *.squarelovin.com squarelovin.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.baqend.com *.brightcove.net *.cloudfront.net *.decathlon.de *.dynamicyield.com *.dynamicyield.eu *.excentos.com *.google.de *.googleadservices.com *.paypalobjects.com *.trustedshops.com *.usabilla.com media.marktjagd.com paypalobjects.com players.brightcove.net spotlight.offerista.com stage.excentos.com widget.fintanalytics.com saas.searchhub.io;object-src view.publitas.com;base-uri 'self' *.cloudfront.net *.decathlon.de euob.roundprinceweb.com obseu.roundprinceweb.com;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.decathlon.de *.paypal.com *.userlike.com chat.userlike.com fm.flashtalking.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.decathlon.de *.google.de *.pinterest.com www.google-analytics.com rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com *.imagekit.io;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.cloudfront.net *.google.de *.googleadservices.com *.online-metrix.net *.usabilla.com d6tizftlrpuof.cloudfront.net decathlon-de-de--tst2.custhelp.com googleads.g.doubleclick.net kundenservice.decathlon.de player.vimeo.com ssl.hurra.com tpc.googlesyndication.com www.awin1.com www.dwin1.com www.pinterest.de *.paypal.com www.youtube.com euob.roundprinceweb.com obseu.roundprinceweb.com decathlon.simplybook.pro https://widget.simplybook.pro;frame-ancestors 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' miamidade.granicus.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-R2R3mi+lcrtjrwfSSScGcw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
form-action https://webto.salesforce.com/servlet/servlet.WebToLead https://www.kaleidescape.com https://kaleidescape.com; 1
object-src none 1
default-src 'self'  https://*.eib.org; connect-src vimeo.com eib.containers.piwik.pro infogram.com  *.readspeaker.com *.eib.org eib.piwik.pro *.hotjar.com *.fontawesome.com *.googletagmanager.com *.google-analytics.com *.google.com *.demdex.net *.curator.io fonts.googleapis.com unpkg.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net googleads.g.doubleclick.net eib.piwik.pro  *.smartsurvey.co.uk eib.containers.piwik.pro *.eib.org *.hotjar.com unpkg.com *.tt.omtrdc.net *.fontawesome.com infogram.com *.infogram.com *.syndication.twimg.com *.google.com *.facebook.net *.twitter.com *.gstatic.com *.europa.eu *.jquery.com *.bit.ly *.demdex.net *.adobedtm.com *.googleapis.com *.googletagmanager.com www.googleadservices.com  *.youtube.com *.mailjet.com *.google-analytics.com s.ytimg.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudfare.com *.visme.co europa.eu *.curator.io cdn1.readspeaker.com; style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.eib.org eib.containers.piwik.pro unpkg.com *.fontawesome.com *.googletagmanager.com *.google.com *.twitter.com *.gstatic.com *.europa.eu fonts.googleapis.com *.bootstrapcdn.com app.mailjet.com europa.eu *.curator.io cdn1.readspeaker.com; object-src 'self'; worker-src 'none'; child-src 'self'; frame-src data: *.eib.org www.weforum.org datawrapper.dwcdn.net *.smartsurvey.co.uk *.hotjar.com *.3dvista.com livestream.com infogram.com *.infogram.com *.sli.do *.vimeo.com vimeo.com *.europa.eu *.exposure.co *.tiesraides.lv *.twitter.com *.google.com youtu.be *.acast.com *.visme.co *.mailjet.com *.mjt.lu *.youtube.com europa.eu *.curator.io cdn1.readspeaker.com player.clevercast.com; font-src 'self' data: *.eib.org fonts.gstatic.com eib.containers.piwik.pro  *.fontawesome.com  europa.eu *.curator.io; img-src 'self' data: *.vimeocdn.com *.google.com *.google.fr *.google.lu *.google.de googleads.g.doubleclick.net infogram-thumbs-1024.s3-eu-west-1.amazonaws.com infogram.com  *.eib.org *.youtube.com eib.piwik.pro eib.containers.piwik.pro *.mailjet.com *.facebook.com *.twitter.com *.googletagmanager.com *.twimg.com *.europa.eu *.google-analytics.com eib.sc.omtrdc.net europa.eu *.fastly.net server.arcgisonline.com *.curator.io; form-action 'self' https://*.eib.org; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-reports.php; upgrade-insecure-requests; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; script-src 'nonce-sgwscorp' 'strict-dynamic' 'self' https://assets.southernglazers.com https://assets.adobedtm.com/ https://web.miappi.com https://open.spotifycdn.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.googleoptimize.com https://static.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com; 1
font-src *.dyson.cn *.alicdn.com fonts.gstatic.com *.assetsadobe2.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com qiyukf.com *.vhallyun.com *.vhall.com open.weixin.qq.com bcvideo.dyson.cn 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.dyson.cn qiyukf.nosdn.127.net da.qiyukf.com *.assetsadobe2.com *.map.qq.com *.map.gtimg.com mapapi.qq.com *.vhall.com privacy.dyson.com dyson-magento-prd.oss-cn-shanghai.aliyuncs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.decibelinsight.net qiyukf.com *.sensorsdata.cn *.vhallyun.com *.vhall.com *.doubleclick.net *.assetsadobe2.com *.cstaticdun.126.net *.360buyimg.com map.qq.com *.map.qq.com res.wx.qq.com mapapi.qq.com *.map.gtimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.vhallyun.com *.vhall.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com ysf.nosdn.127.net *.dyson.cn *.brightcove.net *.assetsadobe2.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com qiyukf.com da.qiyukf.com cntrack.dyson.cn wss://collection.decibelinsight.net *.decibelinsight.net *.doubleclick.net *.amazonaws.com.cn *.apple.com *.vhallyun.com *.vhall.com mapstyle.qpic.cn *.map.qq.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com http://local.app.logos.com:* https://app.logos.com https://*.app.logos.com logos-app://*; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://*.gbox.me https://*.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.ballerine.io https://plausible.io https://*.plausible.io;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.geetest.com https://*.googletagmanager.com https://*.geevisit.com https://*.gsensebot.com https://*.gbox.me https://*.ballerine.io https://plausible.io https://*.plausible.io;img-src 'self' data: blob: https://objects-eu.idanalyzer.com https://*.geetest.com https://*.google-analytics.com https://*.googletagmanager.com https://*.twitter.com https://*.xeggex.com https://*.ballerine.io https://plausible.io https://*.plausible.io;connect-src 'self' https://*.google-analytics.com https://*.geetest.com wss://*.xeggex.com wss://xeggex.com https://*.xeggex.com https://*.ballerine.io https://plausible.io https://*.plausible.io;frame-src 'self' https://*.twitter.com https://*.ballerine.io https://plausible.io https://*.plausible.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none' 1
connect-src 'self' https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.mktoresp.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.youtube.com https://box.kaspersky.com https://consentcdn.cookiebot.com https://e.infogram.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com https://www.googletagmanager.com; default-src 'self' https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://box.kaspersky.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://box.kaspersky.com https://fonts.googleapis.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googletagservices.com https://*.infogram.com https://*.instagram.com https://*.kasperskycontenthub.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.yandex.ru https://*.youtube.com https://box.kaspersky.com https://consentcdn.cookiebot.com https://dzen.ru https://go.kaspersky.com https://infogram.com https://kaspersky.demdex.net https://kasperskycontenthub.com https://player.vimeo.com https://securelist.com https://tpc.googlesyndication.com https://vk.com https://www.brighttalk.com; img-src 'self' data: http://*.wordpress.com http://*.wp.com http://assets.kasperskydaily.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.kasperskydaily.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.staticflickr.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.vk.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://assets.kasperskydaily.com https://box.kaspersky.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://kaspersky.d2.sc.omtrdc.net https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://maps.googleapis.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://securelist.com https://securelist.lat https://securelist.ru https://stats.g.doubleclick.net https://t.co https://threatpost.com https://tpc.googlesyndication.com https://vk.com https://www.googletagmanager.com; object-src 'self' https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://box.kaspersky.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.marketo.com https://*.marketo.net https://*.polldaddy.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://assets.adobedtm.com https://box.kaspersky.com https://cdnjs.cloudflare.com https://connect.mail.ru https://consent.cookiebot.com https://consentcdn.cookiebot.com https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://s.ytimg.com https://securelist.com https://share.yandex.ru/ https://tpc.googlesyndication.com https://vk.com https://www.brighttalk.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.kasperskycontenthub.com https://*.marketo.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://box.kaspersky.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com https://www.googletagmanager.com 1
frame-ancestors 'self' https://areaxt.com https://staging.areaxt.com 1
style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com platform.twitter.com ton.twimg.com use.typekit.net cdn.crowdin.com cdn.jsdelivr.net cdn-resources.ableton.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com s.ytimg.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com www.instagram.com cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com use.typekit.net cdn.crowdin.com crowdin.com cdn.matomo.cloud analytics.ableton.com cdn.jsdelivr.net cdn-resources.ableton.com; frame-ancestors 'self' ableton.lightning.force.com; frame-src 'self' ableton: bandcamp.com www.facebook.com optimize.google.com embed.spotify.com open.spotify.com w.soundcloud.com player.vimeo.com www.youtube-nocookie.com www.youtube.com ljsp.lwcdn.com brandfolder.com www.instagram.com crowdin.com; object-src 'self'; default-src 'self' blob: data: https: ableton:; report-uri /csp/report/ 1
frame-ancestors 'self' https://*.unisa.edu.au https://unisa.edu.au https://mod.org.au; 1
frame-ancestors *.wetv.vip wetv.vip *.pptvthailand.com *.pptvhd36.com 1
frame-src *; child-src *; report-uri /report-csp-violation 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
frame-ancestors 'self' https://app.cux.io https://pracujew.rossmann.pl 1
worker-src 'self' *.austlii.edu.au *.austlii.unsw.edu.au *.datalex.org www.lawnet.sg; 1
default-src data: blob: https:; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
base-uri 'none'; object-src 'none'; img-src *; style-src 'unsafe-inline' 'self'; script-src https: 'nonce-d9df0a2353e242c81374dc74d96ef6f6' 'strict-dynamic' 'unsafe-inline'; 1
default-src 'self';object-src 'self';frame-src 'self' blob: https://*.youtube.com https://*.youtube-nocookie.com https://consentcdn.cookiebot.eu https://www.aerzteblatt.de https://www.blutspenden.de https://www.swr.de https://www.tagesschau.de https://www.iwkoeln.de https://ngp.zdf.de https://players.brightcove.net https://www.facebook.com https://europa.eu https://dk2wss784le25.cloudfront.net https://www.intermedia-solutions.net https://webtv.bundestag.de https://api.de.kaltura.com https://newsroom.consilium.europa.eu/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://siteimproveanalytics.com;style-src 'self' data: 'unsafe-inline';img-src 'self' data:;font-src 'self' data: 'unsafe-inline';connect-src 'self' https://consentcdn.cookiebot.eu;manifest-src 'self' 1
frame-ancestors 'self' https://bgsu.experiencecloud.adobe.com https://experience.adobe.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com jivo.ru jivo.chat; 1
frame-ancestors 'self' https://de-ecom-1411-fb-storeappl-prod.firebaseapp.com https://de-ecom-1411-fb-storeappl-prod.web.app https://de-ecom-1411-fb-storeappl-test.firebaseapp.com https://de-ecom-1411-fb-storeappl-test.web.app 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.roboform.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://api.reviews.co.uk https://api.reviews.io https://analytics.google.com https://www.google.com https://adservice.google.com https://www.rsbrjk4ik.com https://pagead2.googlesyndication.com https://gtm.roboform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.rsbrjk4ik.com/ https://gtm.roboform.com/ https://tpc.googlesyndication.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com; frame-src 'self' https://docs.google.com/ https://widget.reviews.io/ https://*.doubleclick.net/ https://www.google.com https://www.facebook.com https://www.emjcd.com https://cj.dotomi.com https://www.youtube.com https://tpc.googlesyndication.com; frame-ancestors 'self' 1
style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' *.thinglink.com cdn.thinglink.me *.tlsrv.net teams.microsoft.com *.teams.microsoft.com *.skype.com *.itslearning.com *.itsltest.com; 1
default-src 'self'; script-src 'self' qrc: 'nonce-YjcwZDVmMjQtOTZiMy00YWFhLTk2MzEtMzkzYjBmYzg3Y2Mz' 'strict-dynamic' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com googletagmanager.com tagmanager.google.com; img-src 'self' blob: data: https:; font-src 'self' data: fonts.gstatic.com fonts.gstatic.googlefonts.cn; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https:; frame-src www.youtube.com www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/_csp_report; 1
default-src 'self' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com; connect-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com  https://*.amazon-adsystem.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://google.com https://*.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://cdn.ampproject.org https://api.giphy.com https://www.googleadservices.com https://attestation.android.com https://csi.gstatic.com https://s0.2mdn.net https://api.tenor.com https://g.tenor.com https://maps.googleapis.com https://consent.badoo.com https://essentialaccessibility.com https://tr.snapchat.com https://bic-core.dlocal.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-PenqCyxM7WYfIDMBWIXl12762qE=' 'report-sample' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com  https://*.googletagmanager.com https://connect.facebook.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s0.2mdn.net https://cdn.ampproject.org https://c.amazon-adsystem.com https://www.google-analytics.com https://pay.google.com https://adservice.google.com https://www.googletagservices.com https://maps.googleapis.com https://dashboard.essentialaccessibility.com https://consent.badoo.com https://essentialaccessibility.com https://www.google.com https://cdn.plaid.com https://tr.snapchat.com https://cdn.plaid.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://fonts.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://fonts.gstatic.com https://tpc.googlesyndication.com;  prefetch-src 'self'  bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com https://cdn.plaid.com ; img-src * data: blob: android-webview-video-poster:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  bumbcdn.com *.bumbcdn.com eu1.bumbcdn.com; base-uri 'self'; manifest-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app; form-action 'self'  https://www.facebook.com; frame-src * hon:; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=hotornot_mobile_web&release=30309&env=production 1
default-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wireclub.com apis.google.com www.google-analytics.com *.googleapis.com connect.facebook.net https://graph.facebook.com platform.twitter.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' *.wireclub.com fonts.googleapis.com 1
frame-ancestors 'self' admin.shopify.com *.myshopify.com *.mybigcommerce.com *.yotpo.com *.boldcommerce.com 1
frame-ancestors 'self' *.dailynews.co.th *.odds.team iframetester.com;  1
default-src 'self' blob: data: wss: *; script-src http: 'unsafe-inline' 'unsafe-eval'; worker-src http: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src data: http: 'unsafe-inline' 'unsafe-eval'; frame-src *; object-src data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; connect-src 'self' *.bmstores.co.uk *.algolia.io *.algolia.net *.algolianet.com cdn.cookielaw.org stats.g.doubleclick.net *.facebook.com *.google-analytics.com *.api.here.com *.pinterest.com *.amazonaws.com geolocation.onetrust.com; font-src 'self' maxcdn.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com; frame-src www.cashforkidsgive.co.uk bmstores.pgtb.me *.bmstores.co.uk *.facebook.com *.hotukdeals.com snapwidget.com *.twitter.com *.vimeo.com *.youtube.com *.instagram.com *.pgtb.me; img-src 'self' blob: data: *.bmstores.co.uk *.google-analytics.com *.googleusercontent.com *.cloudinary.com *.gravatar.com *.pinterest.com *.twitter.com *.vimeocdn.com *.facebook.com cdn.cookielaw.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com *.cookielaw.org *.facebook.com *.facebook.net www.google.com *.google-analytics.com www.googletagmanager.com www.gstatic.com *.api.here.com code.jquery.com cdn.jsdelivr.net *.onetrust.com *.pinterest.com snapwidget.com *.twitter.com *.vimeo.com *.instagram.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com ajax.googleapis.com code.jquery.com www.gstatic.com 1
style-src 'self' 'unsafe-inline' www.cbs.nl cdn.cbs.nl cdn.jsdelivr.net cdnjs.cloudflare.com d6tizftlrpuof.cloudfront.net cbs.containers.piwik.pro;font-src 'self' data: www.cbs.nl cdn.cbs.nl cdnjs.cloudflare.com api.eu.kaltura.com api.irp2.ovp.kaltura.com cfvod.irp2.ovp.kaltura.com d6tizftlrpuof.cloudfront.net cbs.containers.piwik.pro;img-src 'self' data: blob: www.cbs.nl cdn.cbs.nl www.google-analytics.com api.eu.kaltura.com api.irp2.ovp.kaltura.com cfvod.irp2.ovp.kaltura.com d6tizftlrpuof.cloudfront.net w.usabilla.com cfvod.eu.kaltura.com cbs.piwik.pro validator.swagger.io api.pdok.nl service.pdok.nl public.tableau.com *.tile.openstreetmap.org cbs.containers.piwik.pro;default-src 'self' data: blob: www.cbs.nl cdn.cbs.nl www.cbs.nl odata4.cbs.nl cbs.piwik.pro cbs.containers.piwik.pro analytics.eu.kaltura.com cfvod.eu.kaltura.com api.eu.kaltura.com api.irp2.ovp.kaltura.com analytics.irp2.ovp.kaltura.com cfvod.irp2.ovp.kaltura.com api.cdnjs.com vodcdn.eu.kaltura.com api.usabilla.com opendata.cbs.nl dataderden.cbs.nl www.pingvp.com www.google.com geodata.nationaalgeoregister.nl public.tableau.com localfocus2.appspot.com cbsnl.maps.arcgis.com ec.europa.eu livecdn.eu.kaltura.com d6tizftlrpuof.cloudfront.net api.pdok.nl service.pdok.nl  cbsnlproductiondiag.blob.core.windows.net challenges.cloudflare.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.cbs.nl cdn.cbs.nl api.eu.kaltura.com w.usabilla.com api.usabilla.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com api.cdnjs.com cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com api.irp2.ovp.kaltura.com analytics.irp2.ovp.kaltura.com d3js.org www.google.com www.gstatic.com public.tableau.com ajax.googleapis.com d6tizftlrpuof.cloudfront.net api.pdok.nl cbsnlproductiondiag.blob.core.windows.net challenges.cloudflare.com 1
connect-src https://api.posteo.de https://payment.posteo.de https://cdn.posteo.de wss://posteo.de 'self'; child-src 'self'; font-src 'self' data:; form-action https://www.paypal.com https://hooks.stripe.com 'self' data:; frame-ancestors 'self'; frame-src 'self' blob:; img-src data: *; manifest-src 'self'; media-src 'self' https://cdn.posteo.de; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'none'; reflected-xss block; referrer no-referrer; 1
connect-src 'self' https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://*.miniclip.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://jobvite.com https://*.jobvite.com  https://www.google.com; img-src 'self' data: 'unsafe-inline' https://static-prod-web.miniclip.com; media-src 'self' https://static-prod-web.miniclip.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jobvite.com https://www.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com translate.google.com translate.googleapis.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net z.moatads.com v1.addthisedge.com m.addthis.com www.ebmcdn.net ssl.p.jwpcdn.com blob: cdn.rawgit.com public.tableau.com bam-cell.nr-data.net translate-pa.googleapis.com www.addevent.com cdn.addevent.com static.cloudflareinsights.com connect.facebook.net www.facebook.com cdn.gtranslate.net addevent.com cdn.jsdelivr.net https://polyfill.io s7.addthis.com static.addtoany.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com translate.googleapis.com addtocalendar.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.znanylekarz.pl doctoraliaone-pl2-candidate.azurewebsites.net 1
frame-ancestors 'self' checkmategaming.com test.authorize.net accept.authorize.net; 1
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com *.carros24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 1
frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.facebook.com *.googleadservices.com *.gstatic.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.easyence.com *.hotjar.io *.przelewy24.pl *.rtbhouse.com *.searchnode.io *.tagcommander.com *.trustcommander.net *.useinsider.com appserver-develop.app.inteliwi.se bht.loyaltypoint.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net converti.se decathlon.behtar.io pay.google.com pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google.com trafficscanner.pl ib.adnxs.com *.adventori.com *.adition.com *.searchnode.net web.snrbox.com synerise.decathlon.pl *.oxitpl.com *.lamoda.pl *.bnpparibas.pl proxy.synerise.com ocdn.eu *.fitanalytics.com api-shipx-pl.easypack24.net act-eu.rd.linksynergy.com snrlink-page.com *.tradedoubler.com *.chatbotize.com *.googleoptimize.com *.trbo.com optimize.google.com abtshield.com pragmaticbox.com ad.pragmaticbox.com *.tiktok.com *.abtshield.com unpkg.com euob.healthroundprince.com obseu.healthroundprince.com view.publitas.com scripts.publitas.com *.chat.getzowie.com core-chat.chatbotize.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.synerise.com proxy.synerise.com *.lamoda.pl ocdn.eu *.fitanalytics.com api-shipx-pl.easypack24.net act-eu.rd.linksynergy.com *.tradedoubler.com appserver-develop.app.inteliwi.se appserver.app.inteliwi.se inteliwise-eu.s3.amazonaws.com *.chatbotize.com *.googleoptimize.com *.oxitpl.com *.trbo.com fpc.decathlon.pl optimize.google.com abtshield.com pragmaticbox.com *.tiktok.com *.criteo.com *.criteo.net adventori.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.trylive.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.adnxs.com www.googleadservices.com *.salecycle.com redirect3536.tagcommander.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com www.youtube.com *.loadbee.com *.dynamicyield.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com creativecdn.com www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.pl *.facebook.com *.googleadservices.com *.gstatic.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.easyence.com *.przelewy24.pl *.rtbhouse.com *.searchnode.io *.tagcommander.com *.trustcommander.net *.useinsider.com bht.loyaltypoint.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net converti.se decathlon.behtar.io pay.google.com pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google.com trafficscanner.pl ib.adnxs.com *.adventori.com *.adition.com *.searchnode.net web.snrbox.com synerise.decathlon.pl *.bnpparibas.pl snrlink-page.com ad.pragmaticbox.com *.abtshield.com unpkg.com euob.healthroundprince.com obseu.healthroundprince.com view.publitas.com scripts.publitas.com *.chat.getzowie.com core-chat.chatbotize.com data: blob: contents.mediadecathlon.com prod-wt.aws.y-track.com manager.tagcommander.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.mediadecathlon.com adservice.google.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net *.tenor.com *.openstreetmap.org *.seadform.net *.trackjs.com inteliwise-client.s3.amazonaws.com mystore.decathlon.com www.google-analytics.com prod-js.aws.y-track.com sync.adotmob.com match.adsrvr.org p.crm4d.com *.snrcdn.net rtb-csync.smartadserver.com simage2.pubmatic.com pixel.rubiconproject.com r.casalemedia.com sync-t1.taboola.com ads.yahoo.com ups.analytics.yahoo.com criteo-sync.teads.tv x.bidswitch.net eb2.3lift.custom sync.outbrain.com contextual.media.net ad.360yield.com cotads.adscale.de s.ad.smaato.net c.bing.com pixel.advertising.com match.sharethrough.com visitor.omnitagjs.com us-u.openx.net sync-criteo.ads.yieldmo.com sp.analytics.yahoo.com idsync.rlcdn.com partner.mediawallahscript.com dis.criteo.com gum.criteo.com ih.adscale.de eb2.3lift.com *.emxdgt.com fonts.googleapis.com https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ widget.fitanalytics.com customizations.fitanalytics.com fonts.gstatic.com *.decathlon.pt decathlon.pt *.baqend.com www.decathlon.pl ws: secure.brightcove.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com players.brightcove.net;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.decathlon.pl *.facebook.com *.tenor.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.custhelp.com *.easyence.com *.hotjar.com *.hotjar.io *.openstreetmap.org *.przelewy24.pl *.rtbhouse.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.useinsider.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net converti.se inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com mystore.decathlon.com pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io ui.onepay-qualification.decathlon.io www.google-analytics.com www.googletagmanager.com www.youtube.com onepay-ui.decathlon.net prod-js.aws.y-track.com trafficscanner.pl sync.adotmob.com match.adsrvr.org p.crm4d.com synerise.decathlon.pl *.bnpparibas.pl *.fitanalytics.com snrlink-page.com *.snrcdn.net *.chatbotize.com rtb-csync.smartadserver.com simage2.pubmatic.com pixel.rubiconproject.com r.casalemedia.com sync-t1.taboola.com ads.yahoo.com ups.analytics.yahoo.com criteo-sync.teads.tv x.bidswitch.net eb2.3lift.custom sync.outbrain.com contextual.media.net ad.360yield.com cotads.adscale.de s.ad.smaato.net c.bing.com pixel.advertising.com match.sharethrough.com visitor.omnitagjs.com us-u.openx.net sync-criteo.ads.yieldmo.com sp.analytics.yahoo.com idsync.rlcdn.com partner.mediawallahscript.com dis.criteo.com gum.criteo.com ih.adscale.de eb2.3lift.com optimize.google.com *.emxdgt.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.pl *.app.baqend.com *.useinsider.com trustmate.io *.lamoda.pl widget.fitanalytics.com customizations.fitanalytics.com *.fitanalytics.com *.chatbotize.com optimize.google.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.decathlon.pt decathlon.pt trafficscanner.pl *.baqend.com www.decathlon.pl *.lamoda.pl *.fitanalytics.com *.chatbotize.com optimize.google.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com *.cube-net.org *.cube-net.pub *.decathlon.pl ws:;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net data: optimize.google.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.dynatrace.com *.facebook.com *.adform.net *.custhelp.com *.hotjar.io *.tagcommander.com *.useinsider.com converti.se www.youtube.com www.google.com *.paypal.com *.bnpparibas.pl *.tradedoubler.com *.chatbotize.com *.criteo.com *.chat.getzowie.com core-chat.chatbotize.com;frame-ancestors 'self' *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.facebook.com; 1
default-src 'self'  s3-eu-west-1.amazonaws.com  in.hotjar.com  s7g10.scene7.com  static-jmpovh.hyperlab.pl  maps.googleapis.com  analytics.tiktok.com  popups.landingi.com  stats.landingi.com  region1.google-analytics.com  vc.hotjar.io  lightboxes.landingi.com  tagmanager.landingi.io  app.push-ad.com  www.google-analytics.com  geolocation.onetrust.com  stats.g.doubleclick.net  api3.push-ad.com  ct.pinterest.com  app2.push-api.pl  track.push-ad.com  cdn.cookielaw.org  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  pagead2.googlesyndication.com  www.google.com  googleads.g.doubleclick.net tr.snapchat.com dmp.push-api.pl ams.creativecdn.com jmp-privacy.my.onetrust.com cdn.jsdelivr.net tr6.snapchat.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  s7g10.scene7.com  cdn-jmpovh.hyperlab.pl  static-jmpovh.hyperlab.pl  maps.googleapis.com  code.jquery.com  www.youtube.com  lf16-tiktok-web.ttwstatic.com  www.tiktok.com  s3-eu-west-1.amazonaws.com  stats.landingi.com  old.assets-landingi.com  assetslp.link  popups.landingi.com  scripts.assets-landingi.com  ucarecdn.com  script.hotjar.com  app.push-ad.com  analytics.tiktok.com  acdn.adnxs.com  code.createjs.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  connect.facebook.net  www.googletagmanager.com  biedronka.push-ad.com  myao.adocean.pl  cdn.cookielaw.org  www.google.com  www.gstatic.com  www.google-analytics.com  s.pinimg.com  static.hotjar.com  googleads.g.doubleclick.net sc-static.net tr.snapchat.com landingistats.com tags.creativecdn.com ams.creativecdn.com ssl.p.jwpcdn.com cdn.jsdelivr.net; style-src 'self'  'unsafe-inline'  s7g10.scene7.com  static-jmpovh.hyperlab.pl  p.typekit.net  use.typekit.net  lf16-tiktok-web.ttwstatic.com  s3-eu-west-1.amazonaws.com  styles.assets-landingi.com  api3.push-ad.com  app2.push-api.pl  app.push-ad.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  fonts.googleapis.com www.googletagmanager.com; font-src 'self'  data:  static-jmpovh.hyperlab.pl  use.typekit.net  s3-eu-west-1.amazonaws.com  styles.assets-landingi.com  fonts.assets-landingi.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  fonts.gstatic.com; img-src 'self'  data:  http:  https:  cdn.biedronka.pl  s7g10.scene7.com  cdn-jmpovh.hyperlab.pl  static-jmpovh.hyperlab.pl  maps.googleapis.com  maps.gstatic.com  pl-gmtdmp.mookie1.com  icons.assets-landingi.com  www.facebook.com  ib.adnxs.com  cdn.lugc.link  images.assets-landingi.com  s3-eu-west-1.amazonaws.com  app.push-api.pl  www.google-analytics.com  www.google.pl  www.google.com  ct.pinterest.com  static.biedronka.local  static-wwwbiedronkapl-dev-php56.hyperlab.pl  static.biedronka.pl  secure.adnxs.com  cdn2-wwwbiedronkapl-dev-php56.hyperlab.pl  cdn.biedronka.pl  cdn2.biedronka.pl  cdn.cookielaw.org  www.googletagmanager.com; frame-src 'self'  www.tiktok.com  www.youtube.com  landingipopups.com  creativecdn.com  ct.pinterest.com  biedronka.push-ad.com  www.google.com tr.snapchat.com td.doubleclick.net ams.creativecdn.com; 1
script-src 'nonce-0b9D93vCuJnEj159Ou81Fw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/searchplayground_google; base-uri 'none' 1
default-src 'self' *.fec.gov *.app.cloud.gov; connect-src 'self' *.fec.gov *.app.cloud.gov https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; img-src 'self' *.fec.gov *.app.cloud.gov data: https://*.ssl.fastly.net https://www.google-analytics.com https://tiles.stadiamaps.com/tiles/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dap.digitalgov.gov https://polyfill.io/ https://www.google.com/recaptcha/ https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' data:; object-src 'none'; 1
script-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google 'sha256-t/YlRDrQTIQPJZ1PXPDZlsH1Exz7C5jk6vKZtJQmJ0Q='; style-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google 'unsafe-inline'; default-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google; img-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google *.googleusercontent.com 1
script-src 'self' blob: https://www.google-analytics.com https://js.pusher.com https://cdn.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com https://stats.pusher.com https://static.floqast.app https://static.floqast.com https://services.floqast.app https://resource-maps.floqast.app https://fq-production-internal-ip-restricted.s3-us-west-2.amazonaws.com https://super-assets.floqast.app https://*.churnzero.net https://cdnjs.cloudflare.com/ajax/libs/react/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/ https://cdnjs.cloudflare.com/ajax/libs/react-router-dom/ https://cdnjs.cloudflare.com/ajax/libs/react-is/ https://cdnjs.cloudflare.com/ajax/libs/styled-components/ https://cdnjs.cloudflare.com/ajax/libs/pusher/ *.aptrinsic.com https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5739703306813440.storage.googleapis.com https://data.pendo.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://static.floqast.app https://static.floqast.com https://services.floqast.app https://cdn.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com https://fq-production-internal-ip-restricted.s3-us-west-2.amazonaws.com https://super-assets.floqast.app https://*.churnzero.net https://fonts.gstatic.com *.aptrinsic.com https://app.pendo.io https://cdn.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://s3.amazonaws.com https://app.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com https://s3-us-west-2.amazonaws.com https://static.floqast.app https://services.floqast.app https://static.floqast.com https://fq-production-internal-ip-restricted.s3-us-west-2.amazonaws.com https://super-assets.floqast.app https://*.churnzero.net *.aptrinsic.com https://cdn.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com https://data.pendo.io https://avatars-production.floqast.engineering https://avatars.floqast.app https://storage.googleapis.com; connect-src 'self' wss://ws.pusherapp.com wss://ws-eu.pusher.com wss://ws-mt1.pusher.com https://app.pendo.io https://api.floqast.app https://api.floqast.com https://fq-production-txm.s3.us-west-2.amazonaws.com https://fq-production-txm.s3-accelerate.amazonaws.com https://pendo-static-5739703306813440.storage.googleapis.com/ https://*.churnzero.net https://*.floqast.app https://www.floqast.app/ https://stitch.mongodb.com https://us-west-2.aws.stitch.mongodb.com https://fq-production-amortization-uploaded-items.s3.us-west-2.amazonaws.com https://fq-production-amortization-export-rec.s3.us-west-2.amazonaws.com https://production-accruals-bucket.s3.us-west-2.amazonaws.com https://production-large-payload-store.s3.us-west-2.amazonaws.com https://fq-production-collaborate-dirty-bucket.s3.us-west-2.amazonaws.com https://production-serverless-document-request.s3.us-west-2.amazonaws.com https://fq-production-application-temporary-exports.s3.us-west-2.amazonaws.com *.aptrinsic.com https://data.pendo.io https://pendo-static-5739703306813440.storage.googleapis.com sentry.io *.sentry.io https://floqademy.floqast.com https://test-floqademy.skilljar.com https://px-esp.floqast.app; font-src 'self' data: https://fonts.gstatic.com https://static.floqast.app https://static.floqast.com https://fq-production-internal-ip-restricted.s3-us-west-2.amazonaws.com https://super-assets.floqast.app https://fonts.googleapis.com https://*.churnzero.net; object-src 'none'; media-src 'self' https://*.churnzero.net; frame-src 'self' https://*.churnzero.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://app.pendo.io https://drive.google.com; frame-ancestors 'self' https://app.pendo.io; worker-src 'self' blob:; child-src 'self' blob: https://*.churnzero.net https://www.youtube.com http://www.youtube.com https://player.vimeo.com http://player.vimeo.com https://play.vidyard.com http://play.vidyard.com https://app.pendo.io 1
default-src *;script-src 'unsafe-eval' 'unsafe-inline' * data:;child-src *;connect-src *;font-src * data:;form-action *;frame-src *;frame-ancestors 'self';img-src * data:;media-src *;object-src *;style-src 'unsafe-inline' * data:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://yoti.report-uri.io/r/default/csp/reportOnly; 1
frame-ancestors 'self' https://*.tu-chemnitz.de/ 1
default-src 'self' *.easybell.de *.schema.org *.bootstrapcdn.com *.typekit.net *.easybell.de *.trustpilot.com *.googletagmanager.com *.adobe.com *.trustami.com *.ekomi.de; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.surveymonkey.com *.googleapis.com *.ekomi.de *.trustami.com *.easybell.de www.google-analytics.com www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/ *.typekit.net; style-src 'self' 'unsafe-inline' *.easybell.de *.typekit.net *.trustami.com *.trustpilot.com; img-src 'self' *.smassets.net *.easybell.de *.trustami.com *.google.de *.google.com *.google-analytics.com *.typekit.net *.googleusercontent.com data:; frame-src *.surveymonkey.com *.surveymonkey.de *.youtube-nocookie.com *.trustpilot.com; frame-ancestors 'self' *.easybell.de localhost; connect-src *.google-analytics.com *.doubleclick.net *.easybell.de *.schema.org *.bootstrapcdn.com *.typekit.net *.easybell.de *.trustpilot.com *.googletagmanager.com *.adobe.com *.trustami.com *.ekomi.de; report-uri https://sentry.easybell.de/api/24/security/?sentry_key=9f7c25aeb5204caa81eaf9f0e7aecfd3; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.isbank.com.tr *.google.com *.google.com.tr *.efilli.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.yandex.ru *.taboola.com *.intisbank *.uatisbank *.dmzisbank *.taboola.com *.signfordeaf.com *.youtube.com *.facebook.net *.facebook.com *.adform.net *.googleapis.com *.gstatic.com *. data: 1
default-src 'self'; media-src 'self' blob: *.akamaihd.net *.ctfassets.net *.streamyard.com *.zdassets.com *.wistia.com storage.googleapis.com js.driftt.com *.global.ssl.fastly.net https://*.mux.com; script-src 'self' bat.bing.com blob: cdnjs.cloudflare.com cdn.firstpromoter.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.rollbar.com *.facebook.com *.facebook.net *.twitter.com *.ads-twitter.com *.licdn.com *.profitwell.com *.wistia.com *.zopim.com *.zdassets.com *.stripe.com *.segment.com *.sentry.io *.streamyard.com js.driftt.com *.sentry-cdn.com *.chilipiper.com apis.google.com *.vectorly.io cdn.announcekit.app *.newrelic.com *.nr-data.net https://edge.fullstory.com https://rs.fullstory.com *.osano.com s.pinimg.com ct.pinterest.com *.youtube.com *.youtube-nocookie.com https://www.instagram.com/embed.js https://cdn.sprig.com accounts.google.com https://t.cometlytrack.com https://cdn.bitmovin.com *.mountain.com 'unsafe-eval' 'nonce-Wdr4GWC+J+HXGWyFhZb9CQ=='; connect-src 'self' bat.bing.com *.google.com *.google-analytics.com *.rollbar.com api.amplitude.com *.doubleclick.net *.zdassets.com *.wistia.com *.typeform.com embedwistia-a.akamaihd.net *.litix.io *.firstpromoter.com *.profitwell.com *.profitwell-events.com wss://*.streamyard.com wss://streamyard.com wss://*.pusher.com *.pusher.com *.streamyard.com streamyard.zendesk.com *.segment.com *.segment.io *.sentry.io *.chilipiper.com *.zopim.com wss://*.zopim.com storage.googleapis.com res.cloudinary.com *.checkstep.com *.hopin.com hopin.com wss://chat.stream-io-api.com https://chat.stream-io-api.com *.newrelic.com *.nr-data.net *.bitmovin.com https://edge.fullstory.com https://rs.fullstory.com *.osano.com https://t.cometlytrack.com *.vectorly.io https://unpkg.com/detect-gpu@3.1.27/ https://unpkg.com/detect-gpu@4.0.6/ https://unpkg.com/detect-gpu@4.0.7/ https://unpkg.com/detect-gpu@4.0.12/ https://unpkg.com/detect-gpu@4.0.14/ https://unpkg.com/detect-gpu@4.0.31/ data: snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.global.ssl.fastly.net https://api.sprig.com https://cdn.sprig.com https://*.mux.com https://cdn.userleap.com accounts.google.com *.fbsbx.com *.fbcdn.net *.licdn.com *.ggpht.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; img-src data: blob: * https://rs.fullstory.com https://*.mux.com; style-src 'self' fonts.googleapis.com js.chilipiper.com accounts.google.com 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://storage.googleapis.com/streamyard-app/ https://storage.googleapis.com/streamyard-dev-app/ https://storage.googleapis.com/streamyard-staging-app/ https://storage.googleapis.com/streamyard-staging-eu-app/; frame-src 'self' docs.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.stripe.com *.chilipiper.com *.typeform.com js.driftt.com *.youtube.com *.youtube-nocookie.com *.streamyard.com *.osano.com *.instagram.com accounts.google.com streamable.com; worker-src 'self' blob: data:; frame-ancestors 'self' 1
default-src  'self' ; img-src      'self' blob: 'unsafe-inline' 'unsafe-eval' data: mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  script-src   'self' 'unsafe-inline' 'unsafe-eval' mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  style-src    'self' 'unsafe-inline' 'unsafe-eval' mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  font-src     'self' data: mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  frame-src    'self' mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  object-src   'self' mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com;  connect-src   'self' blob: mobile-ab.moglix.com origin-ab.moglix.com origin-123.moglix.com m.moglix.com *.moglix.com *.moglilabs.com *.adobedtm.com *.google-analytics.com *.facebook.net *.criteo.com *.google.com *.whatsapp.com *.moglistat.com *.webengage.com *.schema.org * gstatic.com *.bootstrapcdn.com *.twitter.com *.facebook.com *.googletagmanager.com *.instagram.com *.linkedin.com *.youtube.com; 1
frame-ancestors https://www.toto.nl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://twitframe.com https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://platform.twitter.com https://app.powerbi.com https://cdnjs.cloudflare.com https://mc-cd8320d4-36a1-40ac-83cc-3389-cdn-endpoint.azureedge.net https://prod-cdn.irena.org https://fs27.formsite.com https://public.tableau.com https://s3.amazonaws.com https://irena.us18.list-manage.com https://apps.sitecore.net https://youtube.com https://www.youtube.com https://api.flickr.com https://e.infogram.com/ https://flagcdn.com/ https://fonts.googleapis.com https://img.youtube.com https://live.staticflickr.com https://flagcdn.com/ data: https://fonts.gstatic.com data: https://www.googletagmanager.com https://www.irena.org https://widget.usersnap.com https://static.addtoany.com/ https://resources.usersnap.com https://i.creativecommons.org; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';  1
frame-ancestors 'self' *.brandwatch.com; object-src 'none'; 1
frame-ancestors 'self' https://*.uit.no https://www.kunnskapscim.no https://uit.topdesk.net 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-OWIVm+HnfZcGoaxmhQ2AyQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors uni-jena.de *.uni-jena.de 1
img-src * data:;script-src service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com static.lightning.force.com tags.creativecdn.com cdn.pbbl.co d.la2-c1cs-ph2.salesforceliveagent.com https://*.forter.com https://dalv4le16pzj2.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d13vs86ckfnvoz.cloudfront.net https://dlthst9q2beh8.cloudfront.net 'self' 'unsafe-eval' 'unsafe-inline' *.sentry.io *.klarnaservices.com *.klarna.com *.staging.bigcontent.io *.sitevibes.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.bing.com *.evgnet.com *.sjwoe.com *.quantummetric.com *.pinimg.com *.foresee.com *.foreseeresults.com *.4seeresults.com *.clinch.co *.amplience.net *.facebook.net *.facebook.com *.zmags.com *.creativecdn.com *.liadm.com assets.bounceexchange.com tag.bounceexchange.com api.bounceexchange.com dash.bounceexchange.com dev.bounceexchange.com tag.wknd.ai *.cdnwidget.com *.cdnbasket.net *.pbbl.co *.attn.tv https://us.creativecdn.com/ *.wisepops.com https://wisepops.net *.tiktok.com *.pinterest.com *.upsellit.com *.powerreviews.com *.iesnare.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.thrive.today *.jsdelivr.net *.evergage.com *.evgnet.com *.ipredictive.com *.optimizely.com *.gstatic.com *.google.com *.youtube.com;script-src-attr 'unsafe-inline';connect-src service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com *.cdnwidget.com *.cdnbasket.net https://*.forter.com wss://cdn0.forter.com assets.bounceexchange.com coupons.bounceexchange.com events.bouncex.net dfp.bouncex.net perf-api.wknd.ai https://d2o5idwacg3gyw.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://d11bdev7tcn7wh.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://dzgwautxzdtn9.cloudfront.net https://d6rak4b14t5gp.cloudfront.net 'self' *.sentry.io *.klarnaservices.com *.klarnaevt.com api.cquotient.com https://*.algolia.net  https://*.algolianet.com https://*.algolia.io *.cdn.content.amplience.net *.bigcontent.io *.shoecarnival.com *.sitevibes.com *.addressy.com *.sjwoe.com *.bing.com *.creativecdn.com *.liadm.com *.powerreviews.com *.doubleclick.net https://analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.googleadservices.com https://www.mczbf.com *.sjwoe.com *.quantummetric.com *.pinimg.com *.foresee.com *.foreseeresults.com *.4seeresults.com *.clinch.co *.amplience.net *.facebook.net *.facebook.com *.zmags.com *.brainlabsdigital.com *.attn.tv *.wisepops.com https://wisepops.net *.tiktok.com *.pinterest.com *.upsellit.com *.attentivemobile.com *.cloudinary.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.klarna.com *.evergage.com *.evgnet.com *.mobify-storefront.com *.ipredictive.com *.optimizely.com *.google.com;default-src service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com assets.bounceexchange.com dash.bounceexchange.com ad.doubleclick.net td.doubleclick.net 9132531.fls.doubleclick.net 'self' 'unsafe-eval' *.sentry.io *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io *.googleapis.com *.attn.tv *.clinch.co https://us.creativecdn.com/ *.zmags.com *.pinterest.com *.paypal.com *.paypalobjects.com *.quantummetric.com *.truefitcorp.com *.wisepops.com https://wisepops.net tcapi.io *.facebook.com *.facebook.net *.doubleclick.net *.pbbl.co *.optimizely.com *.google.com *.youtube.com *.klarnaservices.com *.foresee.com *.foreseeresults.com *.4seeresults.com;frame-ancestors 'self' *.amplience.net *.googleapis.com;worker-src blob: 'self' *.mobify-storefront.com *.shoecarnival.com;upgrade-insecure-requests;form-action 'self' *.opinionlab.com *.pinterest.com api.bounceexchange.com dev.bounceexchange.com;base-uri 'self';font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self'  https://itemku.com ;script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.talkjs.com *.tiktok.com *.facebook.net *.doubleclick.net *.gstatic.com *.hotjar.com *.crazyegg.com itemku-game.s3.ap-southeast-1.amazonaws.com d1ydmqq23rvhbb.cloudfront.net *.netcoresmartech.com cdn-sdk.hansel.io *.polyfill.io polyfill.io *.googlesyndication.com app.termly.io *.clarity.ms lbd.itemku.com  https://s.itemku.com https://itemku.com ;connect-src 'self' https: data: blob: ws: wss: *.crazyegg.com  https://itemku.com ;img-src 'self' https: http: blob: data: *.crazyegg.com  https://itemku.com ;font-src *.gstatic.com https: http:  https://itemku.com ;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.itemku.com *.talkjs.com *.crazyegg.com cdn-sdk.hansel.io https://s.itemku.com https://itemku.com ;frame-ancestors 'self' *.google.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.byte-stack.net *.ovo.id itemku.com *.dana.id  https://itemku.com ;media-src 'self' https: *.talkjs.com  https://itemku.com ;frame-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.youtube.com *.crazyegg.com *.byte-stack.net *.ovo.id itemku.com *.googlesyndication.com *.dana.id app.termly.io  https://itemku.com ;worker-src 'self' blob:  https://itemku.com 1
default-src 'self' data: *.aldi-international.com *.omtrdc.net *.demdex.net *.gstatic.com ws.sessioncam.com *.doubleclick.net assets.adobedtm.com *.everesttech.net *.pinterest.com; form-action 'self' *.snapchat.com *.facebook.com; frame-ancestors 'self' *.adobe.com help.aldi.us zx9mwudjzwjilqb68f4y.us.prod.ci-aldi.com account.aldi.us; frame-src 'self' data: blob: www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de live.tourdash.com wbiprod.storedvalue.com *.aldi-international.com tpc.googlesyndication.com home-c4.incontact.com *.demdex.net *.adobe-campaign.com *.adobe.com *.snapchat.com *.pinterest.com *.doubleclick.net *.pinterest.de account.aldi.us *.hotjar.com insight.adsrvr.org match.adsrvr.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.aldi-international.com www.googletagmanager.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com www.googleadservices.com platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com *.cloudfront.net ws.sessioncam.com tpc.googlesyndication.com *.facebook.net *.google.com *.google.de home-c4.incontact.com assets.adobedtm.com *.omtrdc.net *.everesttech.net sc-static.net activitymap.adobe.com *.doubleclick.net *.pinimg.com *.everestjs.net *.demdex.net cm.everesttech.net *.cookielaw.org *.onetrust.com *.snapchat.com *.hotjar.com analytics.tiktok.com js.adsrvr.org; style-src 'self' 'unsafe-inline' *.aldi-international.com *.tt.omtrdc.net *.adobe.com *.cookielaw.org *.onetrust.com; img-src 'self' https: data: *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookielaw.org *.onetrust.com www.googletagmanager.com analytics.tiktok.com; object-src 'self'; connect-src 'self' https: *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.everesttech.net assets.adobedtm.com ws.sessioncam.com *.snapchat.com *.pinterest.com *.cookielaw.org *.onetrust.com *.hotjar.io *.hotjar.com wss://*.hotjar.com analytics.tiktok.com; report-uri /CspReportLogger.php; 1
default-src 'self' *.quill.org quill.org 'unsafe-inline'; base-uri 'self'; connect-src 'self' *.quill.org quill.org *.amplitude.com *.segment.com *.segment.io *.nr-data.net *.google-analytics.com *.google.com *.inspectlet.com *.doubleclick.net *.pusherapp.com *.pusher.com wss://coview.com wss://*.coview.com wss://*.pusherapp.com wss://*.inspectlet.com *.intercom.io wss://*.intercom.io *.coview.com *.sentry.io wss://*.quill.org *.satismeter.com localhost:8080/ localhost:3200 localhost:3100 wss://localhost:3200 ws://localhost:3200 wss://localhost:3036 ws://localhost:3036 checkout.stripe.com capture-api.ap3prod.com pagead2.googlesyndication.com/; font-src 'self' coview.com *.coview.com intercomcdn.com *.intercomcdn.com quill.org *.quill.org *.typekit.net *.fontawesome.com *.gstatic.com rsms.me *.rsms.me; frame-src 'self' coview.com *.coview.com intercom-sheets.com stripe.com *.stripe.com youtube.com *.youtube.com *.amazonaws.com *.loom.com *.salesmate.io td.doubleclick.net/; img-src * data: blob:; media-src * data: blob:; object-src 'none'; script-src 'self' *.quill.org quill.org 'unsafe-inline' 'unsafe-eval' *.clever.com *.fontawesome.com *.typekit.net *.segment.com *.segment.io *.newrelic.com *.nr-data.net *.googleapis.com *.gstatic.com *.pusher.com *.google-analytics.com *.inspectlet.com *.satismeter.com stripe.com *.stripe.com *.amplitude.com *.doubleclick.net *.intercom.io *.intercomcdn.com *.coview.com *.sentry.io *.heapanalytics.com cdn.jsdelivr.net/npm/vanilla-lazyload@17.8.3/dist/lazyload.min.js *.salesmate.io *.googletagmanager.com code.jquery.com; style-src 'self' *.quill.org quill.org 'unsafe-inline' coview.com *.coview.com *.fontawesome.com *.googleapis.com *.gstatic.com rsms.me 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usz.ch https://*.usz.ch/hit.xiti https://player.captivate.fm https://*.youtube.com https://*.stripe.com https://*.googletagmanager.com https://*.yellow.camera https://*.doubleclick.net https://*.googleapis.com https://*.issuu.com https://*.zeotap.com https://*.adnxs.com; frame-ancestors 'self' https://intranet.sp.usz.ch https://intranet.spt.usz.ch https://intranet.spd.usz.ch; font-src 'self' data:; img-src 'self' data: https://*.usz.ch/hit.xiti https://*.yellow.camera https://*.babygalerie24.ch https://*.ytimg.com https://*.ggpht.com; media-src 'self' data:; connect-src 'self' https://player.captivate.fm https://yoast.com https://*.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookielaw.org https://*.googletagmanager.com https://*.aticdn.net https://*.jsdelivr.net https://*.google-analytics.com https://*.youtube.com 1
report-uri https://www.utusan.com.my 1
'frame-ancestors' 'self' 1
default-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/;base-uri 'self';script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-3k6eHE1Ewd' https://dqsvtm1sk5z3l.cloudfront.net/;style-src 'self' 'unsafe-inline';font-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/ data:;img-src 'self' https://adserver.cluep.com/ https://www.google-analytics.com/ https://cas.cluep.com https://i.vimeocdn.com/ data: https://dqsvtm1sk5z3l.cloudfront.net/;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.ingest.sentry.io;object-src 'none';manifest-src 'self' https://dqsvtm1sk5z3l.cloudfront.net/;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' img-src data: apis.google.com accounts.google.com maps.googleapis.com content.googleapis.com www.google-analytics.com adimg.daumcdn.net connect.facebook.net roi.emforce.co.kr aigkorea.tt.omtrdc.net assets.adobedtm.com cdn-aitg.widerplanet.com t.buzzad.io js.adsrvr.org insight.adsrvr.org www.googletagmanager.com www.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net www.facebook.com *.gstatic.com www.google.com www.google.co.kr fonts.googleapis.com www.google.co.il wat.ad.daum.net bc.ad.daum.net match.adsrvr.org wss://localhost:* 127.0.0.1:* www.aig.co.kr:* t1.daumcdn.net api.emforce.co.kr *.google-analytics.com *.analytics.google.com script-src: *.google-analytics.com analytics.google.com connect-src: *.google-analytics.com *.analytics.google.com bc.ad.daum.net match.adsrvr.org wcs.naver.net wcs.naver.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-kVAw9gmE0MBNB3SezjCWPw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' https://*.fes.de 1
frame-ancestors 'self'; object-src none; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob: 'self'; script-src 'sha256-uOS7fnamxP4dtOiIL6NmO9RASjdXhYt7usygXzkSF14=' 'nonce-dTscXcMc2F/b3B4/OG2tOQ==' 'strict-dynamic' 'self' www.google-analytics.com www.googletagmanager.com static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'self' 'unsafe-inline' at.alicdn.com coinex.zendesk.com coinex.zendesk.co static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src 'self' www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'self' at.alicdn.com data: unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src 'self' *.zendesk.com *.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src 'self' player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be blob: *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 1
frame-ancestors 'self' https://userheat.com http://localhost:3031 https://*.wantedly.com 1
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 1
default-src * data: 'unsafe-inline'; frame-ancestors 'self' *.metacpan.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org *.google-analytics.com *.google.com www.gstatic.com 1
frame-ancestors https://*.tinyspeck.com 1
frame-ancestors 'self' https://www.highspot.com https://app.highspot.com; 1
frame-ancestors 'none';report-to csp-endpoint 1
default-src 'self' *.talent.com *.neuvoo.com neuvoo.com neuvoo.ca *.acsbapp.com acsbapp.com js.stripe.com fonts.gstatic.com fonts.googleapis.com *.google.com *.doubleclick.net s3.amazonaws.com *.googlesyndication.com *.atlassian.net *.googleapis.com *.cookielaw.org *.onetrust.com *.bing.com *.cloudflare.com; img-src https: 'unsafe-inline' data: 'unsafe-eval' 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de www.med-jobs.com; frame-src *.google.com *.doubleclick.net *.googlesyndication.com *.talent.com talent.com *.stripe.com *.atlassian.net *.hotjar.com; worker-src data: *.talent.com 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self' *.gstatic.com; connect-src 'self' www.google-analytics.com *.gstatic.com; media-src 'self' https://*.googleusercontent.com/ https://storage.cloud.google.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/; img-src 'self' data: https://*.googleusercontent.com/ https://storage.cloud.google.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/ https://research.google *.ytimg.com; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com fonts.googleapis.com; frame-src 'self' www.youtube.com 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.mx doctoraliaone-mx2-candidate.azurewebsites.net 1
frame-ancestors 'self'; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.auto-swiat.pl::mototech_master-1.63.0 1
frame-ancestors *.relocation-portal.com; 1
connect-src https://teamup.com https://www.youtube.com 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; default-src 'self'; font-src https://fonts.gstatic.com data: 'self'; frame-src https://www.youtube.com https://teamup.com https://player.vimeo.com; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' https://abdm.gov.in http://localhost:3000 https://sandbox.abdm.gov.in/ https://sandbox.abdm.gov.in/api/sandbox/v1/dashboard https://connect.facebook.net/en_US/sdk.js http://www.youtube.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-2seS39WZ1-sbRL26qQQ6ag' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://statistics.uni-saarland.de; 1
default-src 'self';script-src 'self' cdnjs.cloudflare.com unpkg.com 'nonce-tiAnOFqie1wBS9iDnxzp' 'strict-dynamic' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com tag.clearbitscripts.com x.clearbitjs.com www.redditstatic.com px.ads.linkedin.com snap.licdn.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.6sc.co 6sense.com static.cdn.prismic.io prismic.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;connect-src 'self' https://home.stellarite.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://analytics.google.com aorta.clickagy.com hemsync.clickagy.com  app.clearbit.com cdn.linkedin.oribi.io px.ads.linkedin.com *.hs-banner.com api.hsforms.com api.hubapi.com *.6sc.co *.6sense.com material-site.cdn.prismic.io;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;img-src 'self' ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com alb.reddit.com px.ads.linkedin.com px4.ads.linkedin.com track.hubspot.com *.6sc.co images.prismic.io prismic-io.s3.amazonaws.com/material-site/ material-site.cdn.prismic.io/material-site/;media-src 'self' material-site.cdn.prismic.io;frame-src 'self' https://td.doubleclick.net hemsync.clickagy.com material-site.prismic.io https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ www.youtube.com www.vimeo.com open.spotify.com 1
frame-ancestors 'self' https://*.centris.ca; default-src 'self' https://*.centris.ca https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://qc.prospects.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'none'; font-src 'self' *.googleapis.com *.ecocert.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.matomo.cloud api.mapbox.com googleads.g.doubleclick.net api.privacy-center.org sdk.privacy-center.org www.googletagmanager.com groupe-ecocert.matomo.cloud; style-src 'self' data: 'unsafe-inline' *.googleapis.com sdk.privacy-center.org ecocert-master-data-re7.azurewebsites.net; connect-src 'self' *.googleapis.com *.matomo.cloud api.privacy-center.org sdk.privacy-center.org; frame-src groupe-ecocert.matomo.cloud; img-src 'self' data: *.ecocert.com api.mapbox.com api-prod.azurewebsites.net api-re7.azurewebsites.net api-preprod.azurewebsites.net ecocert-master-data-dev.azurewebsites.net ecocert-master-data-re7.azurewebsites.net *.google.fr *.google.com news-ecocert.azurewebsites.net news-ecocert-re7.azurewebsites.net ecocert-master-data-dev.azurewebsites.net ecocert-master-data-re7.azurewebsites.net sdk.privacy-center.org; 1
frame-ancestors 'self' promo.bank.gov.ua power.bank.gov.ua lp.bank.gov.ua stage.bank.gov.ua test.bank.gov.ua 1
default-src 'self' https://js.zi-scripts.com/ https://lonrtp1.marketo.com/ https://segments.company-target.com/ https://d.delivery.consentmanager.net/ https://region1.analytics.google.com/ https://tag-logger.demandbase.com/ https://kit.fontawesome.com https://cdn.linkedin.oribi.io/ https://www.foo.software/api/vitals https://region1.google-analytics.com https://ka-p.fontawesome.com/releases/ https://344-xtd-684.mktoresp.com/ https://api.company-target.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://dc.services.visualstudio.com/ https://www.egress.com/ https://www.google.com/ads/ https://support.egress.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://stats.g.doubleclick.net/ https://app-lon08.marketo.com/ https://player.vimeo.com/ https://i.vimeocdn.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://i.ytimg.com/ https://cdn.jsdelivr.net/npm/ https://snap.licdn.com/ https://munchkin.marketo.net/ https://edge.fullstory.com/ https://extend.vimeocdn.com/ https://js.driftt.com/ https://px.ads.linkedin.com/ https://rs.fullstory.com/ https://344-xtd-684.mktoresp.com/ https://service.force.com/ https://s.ml-attr.com/ https://d.la1-c2-lo2.salesforceliveagent.com/ https://d.la1-c2-lo3.salesforceliveagent.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://static.ads-twitter.com/ https://www.googleadservices.com/pagead/ https://tracking.g2crowd.com/attribution_tracking/ https://connect.facebook.net/en_US/ https://ws.zoominfo.com/pixel/ https://zndhhzqetu9yi6zqo-egress.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/dxjsmodule/ https://siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://siteintercept.qualtrics.com/ https://analytics.twitter.com/i/ https://connect.facebook.net/signals/ https://www.facebook.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://pages.egress.com/ https://surveys.egress.com/ https://support.egress.com//embeddedService/sidebarApp.app; style-src 'self' 'unsafe-inline' https://rtp-static.marketo.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://ton.twimg.com/tfw/css https://platform.twitter.com/css/ https://support.egress.com/ https://app-lon08.marketo.com/ https://service.force.com/  https://pages.egress.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.zi-scripts.com/ https://lonrtp1.marketo.com/ https://rtp-static.marketo.com/ https://lonrtp1-cdn.marketo.com/ https://d.delivery.consentmanager.net/ https://zn6vfpgmn82r1u6bk-egress.siteintercept.qualtrics.com/ https://delivery.consentmanager.net/ https://cdn.consentmanager.net/ https://unpkg.com/web-vitals https://kit.fontawesome.com/ https://static.lightning.force.com https://platform.twitter.com/js/ https://cdn.syndication.twimg.com/timeline/ https://platform.twitter.com/css/ https://platform.twitter.com/widgets.js https://munchkin.marketo.net/161/munchkin.js https://munchkin.marketo.net/munchkin.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://tag.demandbase.com/ad38cc32c9b91dac.min.js https://tag.demandbase.com https://j.6sc.co/6si.min.js https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.com/recaptcha/releases/BycHQdSIhzR_1EcOLw2mOzYQ/recaptcha__en.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en.js https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://support.egress.com/ https://egress.my.salesforce.com/lightning/lightning.out.delegate.js https://egress.my.salesforce.com/lightning/lightning.out.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/ https://www.youtube.com/ https://i.ytimg.com/ https://app-lon08.marketo.com/ https://snap.licdn.com/ https://munchkin.marketo.net/ https://edge.fullstory.com/ https://extend.vimeocdn.com/ https://js.driftt.com/ https://px.ads.linkedin.com/ https://rs.fullstory.com/ https://344-xtd-684.mktoresp.com/ https://service.force.com/ https://d.la1-c2-lo2.salesforceliveagent.com/ https://d.la1-c2-lo3.salesforceliveagent.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://static.ads-twitter.com/ https://www.googleadservices.com/pagead/ https://tracking.g2crowd.com/attribution_tracking/ https://connect.facebook.net/en_US/ https://ws.zoominfo.com/pixel/ https://zndhhzqetu9yi6zqo-egress.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/dxjsmodule/ https://siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://siteintercept.qualtrics.com https://analytics.twitter.com/i/ https://connect.facebook.net/signals/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://pages.egress.com/ https://player.vimeo.com/ https://az416426.vo.msecnd.net/; font-src 'self' https://fonts.gstatic.com/ https://kit.fontawesome.com  https://ka-f.fontawesome.com/ https://ka-p.fontawesome.com/; img-src 'self' data: https://api.ecologi.com/ https://www.egress.com/ https://d.delivery.consentmanager.net/ https://cdn.consentmanager.net/ https://fonts.gstatic.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://app-lon08.marketo.com/ https://i.vimeocdn.com/ https://www.googletagmanager.com/ https://id.rlcdn.com/ https://dashboard.umbraco.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://www.google.co.uk/ https://www.google.com/ ; frame-src 'self' https://cdn.consentmanager.net/ https://td.doubleclick.net/ https://s.company-target.com/ https://syndication.twitter.com/ https://view.ceros.com https://platform.twitter.com/ https://vimeo.com/ https://www.google.com/ https://www.facebook.com/ https://js.driftt.com/ https://service.force.com/ https://www.youtube.com/ https://player.vimeo.com/ https://app-lon08.marketo.com/ https://pages.egress.com/ https://surveys.egress.com/ connect-src: https://edge.fullstory.com https://rs.fullstory.com; form-action 'self' https://webto.salesforce.com/ https://pages.egress.com/ 1
frame-ancestors 'self'; script-src 'sha256-ZKnXMX+mgGWgG1VUicLeo3+RH7muqE5iPtcPp688zls=' 'sha256-P3eAdMXB/qPBpitXm2pmNaxyNdbQQNS7lf6TmUuxvEg=' 'sha256-UesI0e//wCIFQXwvFY41ghStU0c789lYbasA2PtBsrY=' 'sha256-xjrFHF2qMS8MOuxclCnqHR/R+FA6i/C5XGpaV7d9r3E=' 'sha256-vgajig2Zjx34zYi7ggH7kRp9zDU4NqiIbQCDw9vAaHA=' 'sha256-ha83F+qeByLop73rpzjQC76A80La6XeG8a0ToAGSlAY=' 'sha256-ZqkmaSq2jLyT4VCM0Gj5zAXeGucD4m2nJsgQRN110T8=' 'sha256-ffxKMxud3ihcqjPZ5dg/RQ0M9yReheae3zeh6Vlem+0=' 'sha256-qV5WzRVsUuqO2hB7xYGUZ9VNMer6XIEwv91h6VUK/TY=' 'sha256-vVzQnL66ZCtQYEhIJbXQHDh4GzdINTnLX7izp3gEZJc=' 'sha256-Gh13qv4C/cPKGgbgDXFFurZN7/3NZRXYrEL4HQHtdWk=' 'sha256-RAUKqFmfM/gj8DSqxhnKfbEiAdvfiu0W4R5axfDNeTc=' 'sha256-SvbPrFwUHy2nEMYxpwflSQkjF55LVY5vrrHVoSYD9Y8=' 'sha256-tMZGOH4QEgcZZJ5NEQD2gtsrsa2olWUvhtJAbMM7X6o=' 'sha256-pU2JaiUGEu9yR4AsCIUVdnK8Vc5T2ugHLZHY0IxUs4k=' 'sha256-6a+bIYAzSl30P9TyDDWqpfjAa/QP4SnWwg2fZ8NStV8=' 'sha256-on84V+Jcdy9+HceY5fOcB1LbqXCT9uls21w2W4rfj1E=' 'sha256-+ZrqHArl3YmSgjiFEHDpBUKLM+GHt5L873uBIRasdYA=' 'sha256-KkREf7H0LFdGhLeOjIADACtIaQOtx185cHAw2i+ooZk=' 'sha256-yqyUOePGrU/s8vLVniO30P/ZsqSIPLCNpX8M33S2q/w=' 'sha256-fxor26DzMj/H2Akpr5GACDtc+iKb3nRJSNhRdB6yaoY=' 'sha256-K5v9oKQmHLz30onk9dqvAEyQp0zhZ5gxL3xeqqjdU0M=' 'sha256-4u+vjw5+Yaqq3Ysdde7inoVd8NqA5oLQ6Pp3VbehInA=' 'sha256-/iNpOMu7JQP7yPi+u5oJ3f5Phl+4hkj9lgg4kpZBCjE=' 'sha256-9k3n0RHObF1mGCH0S7t9ijeJAWZMRmvMxDqrkCutz/w=' 'sha256-YNjd1vzpXnNNwgLQ5cWNp85iKQFplBF/OO1i9sCTSBA=' https://*.maxlifeinsurance.com https://*.visualwebsiteoptimizer.com https://omnisetup.silaris.in https://*.googleoptimize.com/ https://*.intellectadz.com/ https://*.gotrackier.com https://*.paytm.in https://*.google.com   https://optimize.google.com https://*.artfut.com https://*.paytm.com  https://*.akstat.io https://*.yahoo.com https://*.yimg.com https://a.mgid.com https://pixel.mathtag.com https://*.bing.com https://www.google-analytics.com https://*.amazon-adsystem.com https://TrackTrack.org   https://*.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://*.billdesk.com https://*.billdesk.io   https://*.netcoresmartech.com https://*.taboola.com https://www.tecprocesssolution.com https://www.paynimo.com https://schema.org https://maxneo.silaris.in   https://*.hotjar.io https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://*.ads-twitter.com https://www.invincibleiq.com/ https://www.youtube.com/iframe_api; connect-src 'self' https://*.visualwebsiteoptimizer.com https://*.googleapis.com https://tinyurl.com/ https://bitly.com/ https://agrim-uat-documents.s3.ap-south-1.amazonaws.com https://payments-uat.maxlifeinsurance.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.paytm.in https://*.paytm.com https://api.bigdatacloud.net https://optimize.google.com https://*.akstat.io   https://*.yahoo.com https://*.yimg.com wss://*.hotjar.com https://*.go-mpulse.net https://*.facebook.com https://*.hotjar.io https://*.bing.com   https://maxneoggn.silaris.in:* https://*.hotjar.com https://maxneo.silaris.in https://*.outbrain.com https://*.taboola.com https://ampcid.google.com   https://ampcid.google.co.in https://www.google-analytics.com https://*.g.doubleclick.net https://www.paynimo.com https://*.netcoresmartech.com   https://www.googletagmanager.com https://*.facebook.net https://*.billdesk.io https://*.billdesk.com https://analytics.google.com https://*.google.com https://www.google.co.in/ads https://api.interakt.ai https://tinyurl.com/ https://bitly.com/; img-src 'self' blob: data: https://dis.criteo.com https://*.visualwebsiteoptimizer.com https://*.o18.link https://pixel.rubiconproject.com https://u.openx.net https://*.quora.com/ https://*.paytm.in https://*.intellectadz.com/ https://*.gotrackier.com https://*.o18.link/ https://*.airtel.in/ http://*.offerstrack.net https://*.googleadservices.com https://*.atdmt.com https://www.gstatic.com https://*.bing.com https://*.skyfencenet.com https://fonts.gstatic.com https://script.hotjar.com https://optimize.google.com https://www.e-connect.in https://*.trackneo.com https://*.mathtag.com https://*.mgid.com https://*.yahoo.com https://*.clmbtech.com https://*.omguk.com https://*.go2cloud.org https://*.amazon-adsystem.com https://TrackTrack.org https://*.polyvalent.co.in https://adgebra.co.in https://*.taboola.com https://*.outbrain.com https://*.g.doubleclick.net https://*.facebook.com https://www.google.com https://www.google.co.in https://d28krgir60o432.cloudfront.net   https://www.google-analytics.com https://www.paynimo.com http://www.w3.org https://www.tpsl-india.in https://adcanopus.go2cloud.org https://1.policytriangle.com/   https://trk.opiclepxl.com https://omnisetup.silaris.in https://optimidea.go2cloud.org https://tracking.salesleaf.com https://ryt.clckon.in https://ttrk.ringocount.com https://click.performship.com https://*.adcanopus.com https://*.twitter.com https://track.adnextmedia.com/ https://affle.vnative.net/ https://tracking.primedigital.in/ https://affilsoft.gotrackier.com/ https://leadstores.in/ https://paytm43.gotrackier.com/ https://metrics.makemytrip.com/ https://*.admitad.com/ https://*.vcommission.com/ https://iqwebgroup.o18.click/ https://timesinternetlimited187.o18.click/ https://addensuremedia.o18.click/ https://staticgw1.paytm.in/ https://t.co/ data:; base-uri 'self';form-action 'self' * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.paytm.in https://*.paytm.com; media-src 'self'  https://*.paytm.in https://*.visualwebsiteoptimizer.com https://www.youtube.com;   font-src 'self'  https://*.paytm.in https://*.paytm.com https://www.paynimo.com https://fonts.gstatic.com https://script.hotjar.com data:; object-src 'none'; frame-src https://bot.maxlifeinsurance.com https://*.visualwebsiteoptimizer.com https://*.pruads.com/ https://*.iperformance.in/ https://*.clmbtrck.in/ https://s.docsapp.in/ https://*.gotrackier.com/ https://*.paytm.in https://*.doubleclick.net https://*.paytm.com   https://*.google.com https://*.skyfencenet.com https://*.amazon-adsystem.com https://*.mathtag.com https://*.icubeswire.co https://www.youtube.com   https://*.billdesk.com https://*.billdesk.io https://*.hotjar.com https://*.facebook.com  https://omnisetup.silaris.in https://*.g.doubleclick.net; manifest-src  'self'  https://*.paytm.in https://*.netcoresmartech.com https://omnisetup.silaris.in 1
frame-ancestors 'self' https://signalhire.sourceowls.com https://app.sourceowls.com https://App.sourceowls.com https://temp1.sourceowls.com https://demo.sourceowls.com; 1
block-all-mixed-content; default-src 'self'; img-src 'self' https://images.opencollective.com https://next-images.opencollective.com data: *.paypal.com opencollective.com blog.opencollective.com blob: opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://opencollective-prod-api.herokuapp.com https://pdf.opencollective.com https://rest.opencollective.com https://ml.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io atlas.shopifycloud.com atlas.shopifysvc.com country-service.shopifycloud.com maps.googleapis.com https://wise.com https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://www.google.com https://api.cryptonator.com https://plausible.io opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'nonce-f89a7907-0ec7-46a3-a112-562a4d0f7079' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com https://hcaptcha.com https://js.hcaptcha.com https://*.hcaptcha.com https://www.google.com https://plausible.io; frame-src blob: www.youtube.com www.youtube-nocookie.com opencollective.com anchor.fm podcasters.spotify.com player.vimeo.com js.stripe.com *.paypal.com *.openstreetmap.org https://wise.com https://transferwise.com https://sandbox.transferwise.tech https://hcaptcha.com https://*.hcaptcha.com https://www.google.com; object-src opencollective.com 1
default-src 'self' static.pib.gov.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.pib.gov.in; script-src-elem 'unsafe-inline' *; style-src 'self'  'unsafe-inline' static.pib.gov.in https://pib.gov.in/; style-src-elem 'self' 'unsafe-inline' static.pib.gov.in https://platform.twitter.com/ https://twitter.com/ https://www.facebook.com/  https://www.kooapp.com/ https://www.youtube.com/ https://d2aspyhfct5pw3.cloudfront.net/ https://pib.gov.in/; media-src https://www.youtube.com/ https://twitter.com/ https://www.facebook.com/ https://www.kooapp.com/ https://d2aspyhfct5pw3.cloudfront.net/ static.pib.gov.in; frame-src  https://pib.gov.in/ https://www.pib.gov.in/ static.pib.gov.in https://pib.gov.in/ https://platform.twitter.com/ https://twitter.com/ https://syndication.twitter.com/  https://www.facebook.com/ https://web.facebook.com/ https://www.kooapp.com/ http://youtube.com/ https://www.youtube.com/ http://www.youtube.com/ https://d2aspyhfct5pw3.cloudfront.net/; connect-src 'self' ; form-action 'self'; img-src * 1
default-src 'none'; img-src wtfismyip.com myip.wtf; script-src ipv4.wtfismyip.com wtfismyip.com myip.wtf ipv4.myip.wtf; style-src 'unsafe-inline' 1
frame-ancestors https://wear.jp https://wear.net https://wear.tw http://bo.wear.jp https://bo.wear.jp; 1
default-src 'self' https://*.euromonitor.com https://code.jquery.com https://fast.wistia.com https://cdn.jsdelivr.net https://seal.digicert.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.euromonitor.com https://*.episerver.net https://*.boldchat.com https://*.barilliance.com https://www.google-analytics.com/analytics.js https://js.monitor.azure.com https://munchkin.marketo.net https://js.stripe.com https://buttons-config.sharethis.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://web-sdk-eu.aptrinsic.com https://platform-api.sharethis.com https://cdn-ukwest.onetrust.com https://www.googletagmanager.com https://kit.fontawesome.com https://seal.digicert.com https://use.typekit.net https://code.jquery.com https://cdn.jsdelivr.net https://fast.wistia.com https://www.barilliance.net https://snap.licdn.com https://cdn.mouseflow.com/projects/2cc9ccaf-c228-44c1-9e49-3280baa47790.js https://bat.bing.com https://*.convertexperiments.com ;img-src 'self' data: https: ;media-src 'self' blob: https: data: ;connect-src 'self' wss: https://*.euromonitor.com https://emi-qa-countryreportapi-we-wa.azurewebsites.net https://407-fso-046.mktoresp.com https://*.boldchat.com https://www.barilliance.net https://*.google-analytics.com https://dc.services.visualstudio.com/v2/track https://*.onetrust.com https://l.sharethis.com https://esp-eu.aptrinsic.com https://*.typekit.net https://*.fontawesome.com https://*.wistia.com https://*.wistia.net https://fg8vvsvnieiv3ej16jby.litix.io https://805-kok-719.mktoresp.com/ https://*.analytics.google.com https://o2.mouseflow.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.convertexperiments.com https://px.ads.linkedin.com ;frame-src 'self' https://*.euromonitor.com https://embed.podcasts.apple.com https://player.vimeo.com https://iframe.iono.fm https://w.soundcloud.com https://app.stitcher.com https://play.libsyn.com https://js.stripe.com https://manager.changeme.idio.episerver.net https://indd.adobe.com https://www.google.com https://www.buzzsprout.com/ https://www.stitcher.com/ ;frame-ancestors 'self' https://go.euromonitor.com ;font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com https://use.typekit.net https://fast.wistia.com https://dhm5hy2vn8l0l.cloudfront.net https://cdn.mouseflow.com ;style-src 'self' 'unsafe-inline' https://*.euromonitor.com https://static.barilliance.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://web-sdk-eu.aptrinsic.com https://cdnjs.cloudflare.com ; 1
frame-ancestors 'self'; report-uri https://www.receitasnestle.com.br/report-uri/enforce 1
frame-ancestors *.mintegral.com *.mobvista.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/;style-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/; script-src-elem 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/ https://www.googleadservices.com/; img-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/ https://imgsrv.vakifbank.com.tr/ https://vakifbank.com.tr/ data: ; font-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/;frame-src 'self' 'unsafe-inline' https://basvuru.vakifbank.com.tr/ https://maps.vakifbank.com.tr/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google.com/ https://www.google.com.tr/ https://webservice.foreks.com/ https://www.youtube.com https://ytimg.com 1
style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in; 1
font-src 'self' https://fonts.gstatic.com https://www.google.com/recaptcha/ https://cdngovbr-ds.estaleiro.serpro.gov.br https://cdnjs.cloudflare.com https://fonts.cdnfonts.com 1
default-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; frame-ancestors 'self'; img-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org lh3.googleusercontent.com *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src-elem 3lift.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixel.sojern.com p.placed.com *.premiumoutlets.com *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=jwnWW90ZnBm4_w 1
frame-ancestors 'self';    default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline';    connect-src 'self';    font-src * data:;    img-src * data:;    style-src * 'unsafe-inline'; 1
default-src 'self';        connect-src 'self' https://images.ctfassets.net https://cdn.analytics.bitmex.com https://static.zdassets.com https://ekr.zdassets.com https://bitmex.zendesk.com https://bitmex15121659339916.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.analytics.bitmex.com https://o1146016.ingest.sentry.io;        script-src 'self' https://sentry.devsf.bitmex https://cdn.analytics.bitmex.com https://static.zdassets.com https://ekr.zdassets.com https://bitmex.zendesk.com https://bitmex15121659339916.zendesk.com https://api.smooch.io wss://api.smooch.io 'unsafe-eval' 'sha256-APiG0yUKOQw2LDH9HasopFfaktEy5JpbZB3OTpqesXs=' 'sha256-mLMgLV3Y3t2fDHTFU2tYdae69k7Lr9YM2X4yfwPyfJ4='        'sha256-2JbdNNJ5ZvUubGqE5zCYYAqMrVCmD5dV2RXyt1QbONM='         'nonce-iJDwxqAHVnPHLPgA';        style-src 'self' 'unsafe-inline';        child-src 'self' blob:;        img-src 'self' https://secure.adnxs.com https://insight.adsrvr.org https://sp.analytics.yahoo.com https://delivery.adnuntius.com https://ww2.affinity.net https://www.facebook.com https://q.quora.com https://tr.outbrain.com https://dsp-ap.eskimi.com data: blob: *;        media-src 'self' blob:;        object-src 'none';        font-src 'self';        form-action 'self';        frame-ancestors 'self';        block-all-mixed-content;        report-uri https://o1146016.ingest.sentry.io;        frame-src 'self' https://www.youtube.com https://bitmex.freshdesk.com/ https://player.vimeo.com/ blob:; 1
frame-ancestors 'self' *.richmond.edu; 1
frame-ancestors ui.dev sandiego.ares.atlas-sys.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' cdn.linkedin.oribi.io *.givelively.org *.mktoresp.com *.mktoutil.com region1.analytics.google.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com gtm-w82hjxd-otazy.uc.r.appspot.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com *.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com *.teamusa.org form.usoc.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net teamusa.us2.list-manage.com usateamhandball.us3.list-manage.com usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.givelively.org abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com classy.org *.classy.org  content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org *.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com *.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.givelively.org *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com region1.analytics.google.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.givelively.org adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net *.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/downloads.mailchimp.com/ teamusa.us2.list-manage.com sdk.classy.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com *.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.blokker.nl unsafe-inline 1
default-src 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://munchkin.marketo.net https://scripts.demandbase.com https://geolocation.onetrust.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://*.linkedin.com https://*.windows.net https://*.fullstory.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.windows.net; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.qlikdataengineering.com https://*.amazonaws.com https://*.launchdarkly.com https://api.rollbar.com https://*.zuora.com https://*.mktoresp.com https://api.company-target.com https://*.onetrust.com https://*.fullstory.com blob: https://login.qlik.com; frame-src 'self' https://*.zuora.com https://www.googletagmanager.com https://insight.adsrvr.org https://login.qlik.com; img-src 'self' https://*.gravatar.com https://*.wp.com https://*.zuora.com https://*.company-target.com https://match.prod.bidr.io https://www.google-analytics.com https://*.doubleclick.net https://*.facebook.com 1
frame-ancestors 'self' https://store.stamps.com https://*.mybigcommerce.com https://*.myshopify.com https://*.stamps.com https://*.endicia.com 1
frame-ancestors https://irs.zuvio.com.tw 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.poliziadistato.it:*  blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com *.googletagmanager.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com; img-src 'self' data: blob: i.rw.gs *.wowza.com *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it *.adobe.com; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com video.repubblica.it *.youtube-nocookie.com *.google.com *.googletagmanager.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com; frame-ancestors 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://marathi.indiatimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com  https://*.gadgetsnow.com https://eisamay.com https://*.economictimes.com https://*.slike* http*://*.slike* *.sli.ke http*://*.sli.ke https://*.sli.ke 1
report-uri https://events.mercadolibre.com/csp/reports?identifier=tpFCxdW6lNOGnH15sTJdeUQzpRD-xGHsezLRvhZyPNmLHy1wCJXXi2I6iT27ddXaEguSMmOxHPONBXX7S3-R2hzNfg==&policy_id=71&user_id=&request_id=abeca516-62d9-4c2c-91c9-b8d6e3a6224c; report-to csp-endpoint; frame-ancestors 'none' 1
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com d3vqdsjiuv1717.cloudfront.net frictionless-shopping-prod.unileversolutions.com 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.exactag.com  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.sk  https://*.lidl-shop.sk  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.mail.lidl.sk  https://cloud.news.lidl.sk  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://p.biano.sk  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  https://app.creaition.cz  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.sk  https://*.lidl-shop.sk  https://*.lidl.sk  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.sk  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.exactag.com  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.sk  https://*.lidl-shop.cz  https://*.lidl-shop.sk  https://*.lidl.sk  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.smartclip.net  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://cloud.news.lidl.sk  https://content.odj.cloud  https://contextual.media.net  https://criteo-sync.teads.tv  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://i.liadm.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://lidl.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.glami.sk  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.sk  https://*.lidl-shop.sk  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.sk  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.exactag.com  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.sk  https://*.lidl-shop.sk  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.mail.lidl.sk  https://cloud.news.lidl.sk  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://p.biano.sk  https://partners.webmasterplan.com  https://pixel.biano.sk  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  https://app.creaition.cz; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.exactag.com  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.sk  https://*.lidl-shop.sk  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://cloud.news.lidl.sk  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://glami.cz  https://hlserve.com  https://im9.cz  https://imedia.cz  https://lidl-shop.com  https://lidl-shop.sk  https://ligadx.com  https://ligatus.com  https://login.dognet.sk  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  https://app.creaition.cz; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors https://remitly.com https://preprod.dev.remitly.com https://help.remitly.com https://www.tangerine.ca https://online.expresscu.org https://www.expresscu.org https://www.sfcu.org 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev; img-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev tracker.switch.ch; frame-src 'self' *.youtube.com *.vimeo.com; media-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.ytimg.com; script-src-elem 'self' 'unsafe-inline' *.switch.ch tracker.switch.ch; script-src 'self' report-sample 'unsafe-inline' 'unsafe-eval' 1
connect-src 'self' 'unsafe-inline' https://*.google-analytics.com http://*.orange.mg https://www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twimg.com  https://*.twitter.com https://*.google-analytics.com  http://*.orange.mg https://*.orange.mg https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://www.googletagmanager.com; img-src 'self' data:  https://*.twitter.com https://*.twimg.com  http://www.orange.mg  https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.com http://*.facebook.com ; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.twitter.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com https://*.cloudflare.com ; child-src *; object-src 'none' 1
frame-ancestors 'self' *.logz.io; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;frame-ancestors 'self' https://jionews.com/ https://jionewsdev1.jio.ril.com/ https://prabhatkhabar.quintype.com/; 1
upgrade-insecure-requests; default-src https: wss: data: blob:; base-uri 'self'; connect-src 'self' *.ozone.ru *.ozonusercontent.com *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me enterprise.api-maps.yandex.ru wss:; worker-src 'self' blob:; font-src 'self' cdn1.ozone.ru cdn2.ozone.ru; style-src 'self' 'unsafe-inline' cdn1.ozone.ru cdn2.ozone.ru; object-src 'none'; frame-ancestors 'self' *.ozon.ru *.ozonru.me:* *.ozon.by *.kz.ozon.com *.ozon.kz *.by-stg.ozonru.me *.kz-stg.ozoncom.me; frame-src 'self' form.privetmir.ru privetmir.ru *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me www.youtube.com cdn1.ozone.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' bundle.ozon.ru cdn2.ozone.ru cdn6.ozone.ru *.ozon.ru yastatic.net/s3/front-maps-static/ enterprise.api-maps.yandex.ru suggest-maps.yandex.ru api-maps.yandex.ru *.o3.ru 'nonce-817ea813-aca3-42b8-bd3e-fb79bad77244'; report-uri https://xapi.ozon.ru/csp-log/ 1
frame-ancestors 'self';  default-src 'self' seed.net.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' seed.net.tw  ;  connect-src 'self' seed.net.tw  ;  frame-src seed.net.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
default-src 'none' ; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.12/jquery.validate.unobtrusive.min.js https://code.jquery.com/ui/1.13.0/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/jquery.validate.min.js   https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://transservice.ecinet.in/js/ https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.2/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.js https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-toast-plugin/1.3.2/jquery.toast.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js 'unsafe-inline' 'unsafe-eval' ;          style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.theme.min.css https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/jquery-toast-plugin/1.3.2/jquery.toast.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/fontawesome.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://transservice.ecinet.in/js/css/ https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css  https://fonts.googleapis.com  https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/css/all.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css 'unsafe-inline';          font-src 'self' https://transservice.ecinet.in/js/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.9.0/webfonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/  https://fonts.googleapis.com  https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ data:;          img-src 'self' https://transservice.ecinet.in/  data: blob:;          connect-src 'self' https://gisttransserver.in/  https://transservice.ecinet.in/;                base-uri 'self' 1
object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 1
font-src 'self' use.typekit.net data: https://*.crashplanpro.com:* https://*.crashplan.com:* https://at.alicdn.com; img-src 'self' p.typekit.net https://www.google-analytics.com https://www.googletagmanager.com data: blob: https://*.crashplanpro.com:* https://*.crashplan.com:* https://i.vimeocdn.com https://embedding.tableauusercontent.com https://dashboard.int.crashplan.com https://*.paddle.com; frame-ancestors 'self'; default-src 'unsafe-inline' 'unsafe-eval' https://*.crashplan.com:* https://*.crashplanpro.com:* https://www.google-analytics.com https://www.googletagmanager.com https://*.launchdarkly.com https://*.visualwebsiteoptimizer.com https://embedding.tableauusercontent.com https://dashboard.int.crashplan.com https://*.paddle.com; frame-src 'self' https://*.crashplan.com:* https://*.crashplanpro.com:* https://*.workato.com https://*.paddle.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net https://*.crashplan.com:* https://*.crashplanpro.com:* https://*.paddle.com; script-src 'unsafe-inline' 'unsafe-eval' use.typekit.net https://*.crashplan.com:* https://*.crashplanpro.com:* https://www.google-analytics.com https://www.googletagmanager.com https://*.launchdarkly.com https://app-sj02.marketo.com https://embedding.tableauusercontent.com https://dashboard.int.crashplan.com https://*.paddle.com; worker-src blob:; connect-src https://*.code42.com:* https://*.crashplan.com:* https://*.crashplanpro.com:* https://*.launchdarkly.com https://www.google-analytics.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.code42.com:* https://*.crashplan.com:* https://*.crashplanpro.com:* https://embedding.tableauusercontent.com https://www.googletagmanager.com https://dashboard.int.crashplan.com https://*.paddle.com; 1
block-all-mixed-content; script-src 'nonce-TGtQYF-rHOj2jawDNsRPgA==' 'strict-dynamic'; style-src 'nonce-TGtQYF-rHOj2jawDNsRPgA==' 1
frame-ancestors 'self' https://histoiredor.popsell.com https://orovivo-tablet.vercel.app 1
frame-ancestors 'self' *.flexibits.com 1
frame-ancestors 'self' https://www.liveshopping.bonprix.fr/ https://liveshopping.bonprix.fr/; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.filmcompanion.in;block-all-mixed-content; 1
default-src ws: data: 'self' 'unsafe-inline' 'unsafe-eval' *.pobeda.aero www.youtube.com mc.yandex.ru captcha-api.yandex.ru yastatic.net smartcaptcha.yandexcloud.net vk.com *.mindbox.ru *.tripster.ru 1
value="default-src 'self' ;" 1
default-src 'report-sample' 'none' ; img-src 'report-sample' 'self' data: https://prod-horizon.static.securetheorem.com https://caprica-static.securetheorem.com https://prod-caprica.firebaseapp.com https://educate.securetheorem.com https://disco-order-721.firebaseapp.com https://files-static.datatheorem.com/portal/ https://storage.googleapis.com/spa-screenshots/ https://storage.googleapis.com/spa-library-resources/ https://storage.googleapis.com/disco-order-721-app-store-privacy-screenshot/ https://lh3.googleusercontent.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.com https://lh6.ggpht.com https://play-lh.googleusercontent.com https://is1-ssl.mzstatic.com https://is2-ssl.mzstatic.com https://is3-ssl.mzstatic.com https://is4-ssl.mzstatic.com https://is5-ssl.mzstatic.com https://logo.clearbit.com https://d1nxzqpcg2bym0.cloudfront.net/itunes_connect/ https://d1nxzqpcg2bym0.cloudfront.net/google_play/ https://www.google-analytics.com https://www.googletagmanager.com ; media-src https://educate.securetheorem.com https://files-static.datatheorem.com/portal/ ; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net ; script-src 'report-sample' 'self' https://sentry.sourcetheorem.com https://www.google-analytics.com https://www.googletagmanager.com ; connect-src 'report-sample' 'self' blob: https://api.securetheorem.com https://storage.googleapis.com https://prod-dopinder-v2.securetheorem.com/ https://appupload.securetheorem.com https://sentry.sourcetheorem.com https://www.google-analytics.com https://www.googleapis.com ; frame-src 'report-sample' 'self' blob: https://educate.securetheorem.com https://www.youtube-nocookie.com https://zoom.us https://www.securetheorem.com ; font-src 'report-sample' 'self' data: https://fonts.gstatic.com https://use.typekit.net https://p.typekit.net ; object-src 'report-sample' 'none' ; frame-ancestors 'self' ; report-uri https://o1421491.ingest.sentry.io/api/6767243/security/?sentry_key=e958eee4d16443b4a6674cda8c008ca7 1
default-src 'self' *.passage.ai wss://tars-prod.passage.ai *.transunion.com *.cibil.com *.kore.ai wss://rtm.kore.ai *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net *.doubleclick.net *.company-target.com *.cibil.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; script-src 'self' *.adobedtm.com https://v1.addthisedge.com/live/boost/ra-55d22b77833cbaf1/_ate.track.config_resp  https://z.moatads.com/addthismoatframe568911941483/moatframe.js  *.passage.ai *.transunion.com *.cibil.com *.kore.ai *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.transunioncibil.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net *.liveperson.net *.lpsnmedia.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline' *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; child-src transunion.demdex.net *.transunion.com https://www.youtube-nocookie.com/  *.crwdcntrl.net  https://www.youtube.com/watch?v=FS08WcDyBkA&feature=youtu.be  *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com *.liveperson.net *.lpsnmedia.net app.trustev.com pixel.mathtag.com *.amazonaws.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; connect-src 'self' *.tt.omtrdc.net dpm.demdex.net https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-20374896-1&cid=287782927.1583428046&jid=448576890&gjid=1508426662&_gid=1862402324.1583743240&_u=SCCAiMAjBAAAAE~&z=690464725  https://in.hotjar.com/api/v2/client/sites/1118657/visit-data?sv=5 *.google-analytics.com google-analytics.com analytics.google.com *.passage.ai wss://tars-prod.passage.ai *.transunion.com https://cibil.com/jwtws/token/generate *.cibil.com *.kore.ai wss://rtm.kore.ai *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.amazonaws.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; media-src 'self' *.transunion.com blob: *.brightcove.com *.lpsnmedia.net *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; img-src * data:; font-src data: *.adobeaemcloud.com *.transunion.com *.cibil.com *.transunioncibil.com fonts.gstatic.com api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 1
default-src 'self' 'unsafe-inline'  'unsafe-eval' data: use.fontawesome.com www.mahadiscom.in mahadiscom.in 10.10.130.210 chatbot.mahadiscom.in fonts.googleapis.com ajax.googleapis.com cdn.datatables.net pro.fontawesome.com cdn.jsdelivr.net maps.googleapis.com secure.gravatar.com www.gstatic.com www.googletagmanager.com cse.google.com  www.google-analytics.com www.google.com player.vimeo.com blob: img.youtube.com code.jquery.com jquery.app www.jqueryscript.net cdnjs.cloudflare.com i.vimeocdn.com; font-src 'self' data:  use.fontawesome.com fonts.googleapis.com  fonts.gstatic.com encrypted-tbn2.gstatic.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://cdn.pbbl.co; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://unpkg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.lightning.force.com/ https://px0.pbbl.co/; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com ; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; report-uri /report-csp-violation 1
frame-ancestors *.194964.com *.dmm.co.jp *.dmm.com 1
frame-ancestors http://*.cac.gov.cn https://*.cac.gov.cn http://search.cac.gov.cn http://www.cac.gov.cn http://wap.cac.gov.cn 1
upgrade-insecure-requests; default-src 'self' data: blob: wss: https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self'; default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: *.arsys.local *.arsys.dev *.arsysdesarrollo.lan *.arsysdesarrollo.lan:* *.arsys.es *.arsys.es:* *.arsys.net *.arsys.fr *.arsys.pt *.piensasolutions.com *.piensasolutions.com:* *.shop-mch.es *.soportetotal.es *.youtube.com *.youtube-nocookie.com *.ytimg.com *.office.net *.microsoft.com *.vimeo.com *.1and1.org *.rankingcoach.com *.marketingpanel.es *.tiktok.com *.facebook.com *.facebook.net *.twitter.com *.google.com *.google.es *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com googlesyndication.com *.googlesyndication.com *.adition.com *.adfarm1.adition.com *.bing.com *.licdn.com *.doubleclick.net *.quantserve.com utt.pm *.utt.pm *.linkedin.com *.ads.linkedin.com *.oribi.io *.quantcount.com *.pexels.com *.moz.com *.consensu.org *.invisiblebits.com *.polyfill.io *.crazyegg.com installatron.com *.installatron.com *.slideshare.net *.clarity.ms *.arsys.server.lan uberall.com *.uberall.com *.pixel.ad *.sitescout.com *.adform.net *.sharepointonline.com *.qccerttest.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com pay.google.com *.amplitude.com privetmir.ru adservice.google.co.uk *.hotjar.com *.clicktripz.com *.intercom.io *.intercomcdn.com ads.adfox.ru banners.adfox.ru code.createjs.com ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru  ostrovokru006.webim.ru ostrovokru007.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com js.adara.com sdk.adara.com pay.yandex.ru thrtle.com ux-etg.surveysparrow.com assets.surveysparrow.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com tracking.bonusway.com checkout.paypal.com pay.google.com static.criteo.net pay.yandex.ru gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com  *.bluekai.com *.mail.ru ru.surveymonkey.com ux-etg.surveysparrow.com; frame-ancestors 'self' metrika.yandex.ru metrica.yandex.com *.webvisor.com webvisor.com; img-src * data:; report-uri /hc/csp 1
style-src https: 'unsafe-inline' https://services.postcodeanywhere.co.uk/; connect-src https: wss://*.hotjar.com; object-src 'none'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://services.postcodeanywhere.co.uk/ https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; base-uri 'none'; default-src https:; img-src https: data: www.googletagmanager.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net/ https://embed.tawk.to/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://www.buzzsprout.com/ https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/releases/ https://cdn-cookieyes.com/ https://log.cookieyes.com/ https://dev.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' 'unsafe-inline' https://embed.tawk.to https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com/ https://*.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.tawk.to https://*.tawk.to https://cdn.linkedin.oribi.io https://*.cookieyes.com/api/ https://cdn-cookieyes.com/client_data/ https://www.google.com/pagead/ https://dev.visualwebsiteoptimizer.com/; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com/; frame-src 'self' https://*.emsisoft.com  https://td.doubleclick.net https://www.buzzsprout.com https://www.facebook.com https://www.google.com https://www.youtube.com; frame-ancestors https://*.emsisoft.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; worker-src 'self' data: blob:  https://dev.visualwebsiteoptimizer.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.muicss.com fonts.googleapis.com optimize.google.com wwww.google.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.cloudfront.net *.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self'; img-src 'self' data: https:; font-src 'self' maxcdn.bootstrapcdn.com script.hotjar.com; frame-src 'self' hub.mender.io accounts.google.com www.google.com docs.google.com platform.twitter.com www.youtube.com www.youtube-nocookie.com s7.addthis.com vars.hotjar.com optimize.google.com player.vimeo.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self' hub.mender.io; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' data: ws: wss: blob: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.caremark.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.foresee.com *.flippenterprise.net *.youtube.com *.monetate.net *.go-mpulse.net *.bing.com *.virtualearth.net *.demdex.net healthlibrary.epnet.com druginfo.goldstandard.com *.akstat.io *.akamaihd.net *.everesttech.net *.bootstrapcdn.com *.distilnetworks.com cdnjs.com *.cloudflare.com *.vantivprelive.com *.jquery.com *.4seeresults.com *.webtrendslive.com *.youtube.com *.fepblue.org *.fepblue.org:* *.qualtrics.com *.googletagmanager.com *.doubleclick.net *.quantummetric.com *.googleapis.com cvshealth.tfaforms.net fonts.gstatic.com *.kampyle.com *.medallia.com *.fepblue*.com *.thconsumeradvantage.com *.fepordering.hartehanks.com fepordering.hartehanks.com fepblue.webmdhealth.com custserv.fepblue.org *.fepblue.org *.mybluewellness.fepblue.org *.adobedtm.com *.adoberesources.net *.adobedc.net *.tt.omtrdc.net *.eum-appdynamics.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.caremark.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.tiqcdn.com *.foresee.com *.monetate.net *.groupbycloud.com *.go-mpulse.net *.bazaarvoice.com *.bing.com *.lightboxcdn.com *.jsdelivr.com *.jquery.com *.virtualearth.net healthlibrary.epnet.com druginfo.goldstandard.com cdnjs.com *.cloudflare.com *.bootstrapcdn.com *.vantivprelive.com *.demdex.net *.webtrendslive.com *.fepblue.org *.fepblue.org:* *.qualtrics.com *.googletagmanager.com *.quantummetric.com *.googleapis.com cvshealth.tfaforms.net fonts.gstatic.com *.kampyle.com *.medallia.com *.fepblue*.com *.thconsumeradvantage.com *.fepordering.hartehanks.com fepordering.hartehanks.com fepblue.webmdhealth.com custserv.fepblue.org *.fepblue.org *.mybluewellness.fepblue.org *.adobedtm.com *.adoberesources.net *.adobedc.net *.appdynamics.com *.eum-appdynamics.com *.cdn.appdynamics.com cdn.appdynamics.com triggeredmail.appspot.com; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.caremark.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.tiqcdn.com *.foresee.com *.monetate.net *.groupbycloud.com *.go-mpulse.net *.bazaarvoice.com *.bing.com *.lightboxcdn.com *.jsdelivr.com *.jquery.com *.virtualearth.net healthlibrary.epnet.com druginfo.goldstandard.com cdnjs.com *.cloudflare.com *.bootstrapcdn.com *.vantivprelive.com *.demdex.net *.youtube.com *.doubleclick.net *.quantummetric.com *.googleapis.com cvshealth.tfaforms.net fonts.gstatic.com *.kampyle.com *.medallia.com *.fepblue*.com *.thconsumeradvantage.com *.fepordering.hartehanks.com fepordering.hartehanks.com fepblue.webmdhealth.com custserv.fepblue.org *.fepblue.org *.mybluewellness.fepblue.org *.cdn.appdynamics.com cdn.appdynamics.com 1
upgrade-insecure-requests;default-src 'self' https://*.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://*.zen.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://az416426.vo.msecnd.net https://*.bizographics.com https://snap.licdn.com https://*.hotjar.com https://bat.bing.com https://s3.amazonaws.com https://*.ads.linkedin.com https://errors.angularjs.org https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googleadservices.com https://tagmanager.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://secure.leadforensics.com https://secure.quantserve.com https://rules.quantcount.com https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://widget.trustpilot.com https://dec.azureedge.net https://cdn.insight.sitefinity.com https://static.mention-me.com https://tag.mention-me.com https://optimize.google.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://static.ads-twitter.com https://analytics.twitter.com https://secure.adnxs.com https://www.facebook.com https://websites.cdn.getfeedback.com https://*.popupsmart.com https://p.teads.tv https://player.vimeo.com https://tags.srv.stackadapt.com https://*.crazyegg.com https://*.expertrec.com blob: https://*.sub2tech.com https://ads.nextdoor.com https://service.force.com https://zeninternet.my.salesforce.com https://*.salesforceliveagent.com https://static.lightning.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://www.youtube.com https://d3gw8apj7f38d6.cloudfront.net;object-src 'none';style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://optimize.google.com https://*.popupsmart.com https://tags.srv.stackadapt.com https://*.crazyegg.com https://service.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com;img-src 'self' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://gtrk.s3.amazonaws.com https://*.zen.co.uk/ https://zen-marketingwebsite-data.s3.amazonaws.com https://zen-marketingwebsite2-data.s3.amazonaws.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn-ukwest.onetrust.com data: https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://t.co https://www.facebook.com https://*.ads.linkedin.com https://www.linkedin.com https://*.gstatic.com https://pixel.quantserve.com https://bat.bing.com https://secure.adnxs.com https://*.popupsmart.com https://*.teads.tv https://i.vimeocdn.com https://*.crazyegg.com https://d20j3a1e4m2ov9.cloudfront.net https://flask.nextdoor.com https://www.youtube.com;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://myaccount.zen.co.uk https://www.google.com https://maps.google.com https://optimize.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://identity.testing.zen.co.uk https://identity.zen.co.uk https://vars.hotjar.com https://widget.trustpilot.com https://mention-me.com https://zen.mention-me.com https://servedby.flashtalking.com https://www.getfeedback.com https://zeninternet.getfeedback.com https://dubb.com https://*.crazyegg.com https://12507069.fls.doubleclick.net https://td.doubleclick.net https://view.genial.ly https://cloud.e.zen.co.uk https://service.force.com https://zeninternet.my.salesforce.com;font-src 'self' https://use.fontawesome.com https://script.hotjar.com https://fonts.gstatic.com data:;connect-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://region1.google-analytics.com https://region1.analytics.google.com https://nl-api.dec.sitefinity.com https://nl-api.insight.sitefinity.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://tag.mention-me.com https://mention-me.com https://graph.facebook.com https://*.popupsmart.com https://*.teads.tv https://tags.srv.stackadapt.com https://cdn.linkedin.oribi.io https://*.crazyegg.com https://*.expertrec.com https://flask.nextdoor.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://apm.zen.co.uk https://ih4anl1qy8.execute-api.eu-west-1.amazonaws.com https://*.zen.co.uk;frame-ancestors 'self' https://portal.zenbusiness.co.uk https://enlighten2.testing.zen.co.uk https://enlighten2.zen.co.uk https://12507069.fls.doubleclick.net;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl www.youtube.com m.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.spotify.com webservices.kvk.nl webservices.acp.kvk.nl channel.me; child-src 'self' *.kvk.nl www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.spotify.com webservices.kvk.nl webservices.acp.kvk.nl; style-src 'self' 'unsafe-inline' data: *.kvk.nl tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.spotify.com *.kvk.bloomreach.cloud *.gstatic.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'nonce-lCHxlZeDsDqmkw+R0zVJog==' *.mopinion.com *.abtasty.com www.googletagmanager.com *.google-analytics.com maps.googleapis.com; img-src 'self' *.kvk.nl *.kvk.bloomreach.cloud production-site-nl.kvk.bloomreach.cloud production-site-en.kvk.bloomreach.cloud static.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com maps.gstatic.com maps.googleapis.com *.abtasty.com *.cloudfront.com *.mopinion.com *.spotify.com *.google.com *.gstatic.com i.ytimg.com *.zscaler.net; font-src 'self' blob: data: *.kvk.nl https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.spotify.com *.kvk.bloomreach.cloud fonts.bunny.net; connect-src 'self' *.kvk.nl *.kvk.bloomreach.cloud wss://*.kvk.nl opendata.ondernemersplein.nl translate.googleapis.com maps.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com script.google.com *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.ingest.sentry.io *.spotify.com wss://*.seamly-app.com *.seamly-app.com; frame-ancestors 'self' *.kvk.bloomreach.cloud https://*.kvk.nl; base-uri 'self' *.kvk.nl; report-uri https://acd4a6fc2b303186c154a28c8bda5e62.report-uri.com/r/t/csp/enforce https://o302809.ingest.sentry.io/api/5808560/security/?sentry_key=dfa2381926f54ce79df1ee6882b0144f ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com *.a.tile.openstreetmap.org *.b.tile.openstreetmap.org *.c.tile.openstreetmap.org api.amplitude.com *.amplitude.com *.homebank.kz *.halykbank.kz; img-src http: https: data:;worker-src blob:; 1
default-src data: wss://*.sptpub.com wss://*.ln.md:* wss://ln.md:* wss://*.7777.md:* wss://7777.md:* wss://*.7777gaming.tech:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://ln.md https://*.ln.md https://7777.md https://*.7777.md https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.comm100.io  https://*.comm100download.com https://www.googleadservices.com https://www.google.com https://*.google.bg https://*.google.md https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net  https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://*.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.adform.net/ https://*.hotjar.com https://*.trafficjunky.com/ https://*.cloudflareinsights.com https://cloudflareinsights.com https://7777gaming.xyz/ https://*.7777gaming.xyz  https://7777gaming.tech/ https://*.7777gaming.tech https://sb2integration-altenar2.biahosted.com https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2betslip-altenar2.biahosted.com https://wgt-s3-cdn.statscore.com https://widgets.sir.sportradar.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com/  https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com https://sb2betbuilder-altenar2.biahosted.com/ https://sb2streaming-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://sb2platformoperations-altenar2.biahosted.com/ https://hu-sb2frontend-altenar2.biahosted.com/ https://hu-sb2bets-altenar2.biahosted.com/ https://fbstreambro.cc https://embed.twitch.tv https://spbro.live https://*.spbro.live https://ctrack.trafficjunky.net/ https://storage.googleapis.com/ ; frame-ancestors 'self' *.ln.md *.7777.md 1
default-src 'self'; script-src 'self' *.liebherr.com bat.bing.com *.clarity.ms *.usercentrics.eu googleads.g.doubleclick.net www.googleadservices.com *.cloudflareinsights.com *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com siteseal.quovadisglobal.com c.evidon.com 'unsafe-inline' *.zencdn.net 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com *.google.com *.gstatic.com *.mds.eu *.youtube-nocookies.com *.cloudflare.com *.paypalobjects.com *.paypal.com aframe.io cdn.jsdelivr.net bing.com *.kameleoon.eu; style-src 'self' *.liebherr.com 'unsafe-inline' *.zencdn.net fonts.googleapis.com *.google.com *.gstatic.com *.mds.eu *.cloudflare.com; img-src 'self' *.liebherr.com *.usercentrics.eu googleads.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.google.de *.azurewebsites.net 'self' data: *.gstatic.com *.ytimg.com *.googletagmanager.com images.anythingabout.net *.cloudflare.com *.paypal.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' *.liebherr.com *.bing.com *.clarity.ms *.heidelpay.com *.zencdn.net *.gstatic.com *.cloudflare.com 'self' data:; media-src 'self' *.liebherr.com *.cloudflare.com; connect-src 'self' *.liebherr.com *.clarity.ms maps.googleapis.com *.usercentrics.eu stats.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com *.google-analytics.com *.mds.eu *.mds.eu:3000 *.cloudflare.com *.paypal.com www.google.com www.google.de *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; object-src 'self' *.liebherr.com *.cloudflare.com; frame-src 'self' *.liebherr.com *.usercentrics.eu bid.g.doubleclick.net *.heidelpay.com www.youtube.com *.youtube-nocookie.com *.mds.eu *.google.com *.cloudflare.com *.hpcgw.net 1
upgrade-insecure-requests; default-src 'self' blob:  https://*.rtp.pt:* http://*.rtp.pt:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src  data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' https://*.rtp.pt:* 1
frame-ancestors 'api.mandiri.co.id' 'registrasi.klikbca.com' 'app.doku.com' 1
frame-ancestors 'self' https://www.trendhunter.com https://www.jeremygutsche.com https://www.betterandfaster.com https://www.trendreports.com https://www.futurefestival.com https://www.keynotes.org https://www.exploitingchaos.com https://www.trendhunter.ai https://www.createthefuturebook.com https://go.trendhunter.com 1
default-src 'self' www.google-analytics.com privacy-policy.truste.com *.marchex.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com privacy-policy.truste.com *.marchex.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' privacy-policy.truste.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src 'self'; 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170592960953400' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://cafis.my.salesforce.com 1
default-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' www.googleadservices.com www.googletagmanager.com *.doubleclick.net www.youtube.com *.ads-twitter.com *.twitter.com connect.facebook.net api.ipify.org; frame-src *; connect-src * blob: data:; font-src * blob: data:; img-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' filesystem: 1
script-src 'nonce-kQ7L7rr+HdQyutE86xUCnQ==' *.ya.ru mc.yandex.com yastatic.net yandex.ru ya.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com ya.ru yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: favicon.yandex.net avatars.mds.yandex.net blob: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1705975782835870-7501843531282631677-balancer-l7leveler-kubr-yp-vla-63-BAL-5317&h=stable-portal-mordago-39.sas.yp-c.yandex.net&yandexuid=4826316771705975782&&version=2024-01-19-465&adb=0;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
frame-ancestors 'self' *.nhanh.vn 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: use.typekit.net *.criteo.com *.hotjar.com *.hotjar.io fonts.gstatic.com cdn.giosgusercontent.com media.flixcar.com media.flixfacts.com www.tokmanni.fi data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sign.visma.net *.solteqcloud.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com *.facebook.net *.azureedge.net *.b2clogin.com *.onnistuu.fi *.tokmanni.fi www.tokmanni.fi 'self' 'unsafe-inline'; frame-ancestors www.tokmanni.fi 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.googletagmanager.com *.weltpixel.com js.klarna.com sdx.microsoft.com www.youtube.com amc.demdex.net js.playground.klarna.com *.google.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com *.giosgusercontent.com *.youtube-nocookie.com *.app.cookieinformation.com customer-service-dev-cdne.azureedge.net customer-service-test-cdne.azureedge.net *.tokmanni.fi *.leadfamly.com *.playable.com media.flixcar.com *.cloudfront.net www.tokmanni.fi 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validate.fishpig.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bing.com  *.microsoft.com * *.wistia.com *.wistia.net *.clarity.ms *.google-analytics.com *.analytics.google.com res.cloudinary.com *.gstatic.com www.tokmanni.fi data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com js.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.avada.io https://bat.bing.com https://r.bing.com *.convertexperiments.com data: www.youtube.com www.google.com ajax.googleapis.com maps.googleapis.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com api.custobar.com googleads.g.doubleclick.net connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.gstatic.com *.confirmit.com *.doubleclick.net *.lekane.net *.jquery.com *.licdn.com *.cloudfront.net ats.talentadore.com cdnjs.cloudflare.com *.videoly.co *.analytics.solteq.solutions *.youtube-nocookie.com *.wistia.com *.wistia.net *.app.cookieinformation.com *.clarity.ms *.adform.net https://service.giosg.com https://adtr.io *.leadfamly.com *.playable.com https://media.flixfacts.com s3.eu-central-1.amazonaws.com *.flix360.io *.flixcar.com *.googleadservices.com https://www.googletagmanager.com www.tokmanni.fi 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.bing.com use.typekit.net p.typekit.net tagmanager.google.com fonts.googleapis.com ats.talentadore.com service.giosg.com *.leadfamly.com *.playable.com media.flixcar.com *.cloudfront.net/ www.tokmanni.fi 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.tokmanni.fi 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.frosmo.com maps.googleapis.com *.bing.com wss://*.bing.com env-6410208.paas.datacenter.fi bam.nr-data.net dpm.demdex.net eu.klarnaevt.com eu.playground.klarnaevt.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.google.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.lekane.net wss://*.lekane.net gtm-wgmks6q-ytfmm.uc.r.appspot.com *.metrics.convertexperiments.com logs.convertexperiments.com ats.talentadore.com *.deepvision.cloud.solteq.com *.analytics.solteq.solutions *.app.cookieinformation.com *.clarity.ms https://service.giosg.com front-end-staging.luottopaatos.fi media.flixcar.com https://www.google-analytics.com www.tokmanni.fi 'self' 'unsafe-inline'; child-src www.tokmanni.fi http: https: blob: 'self' 'unsafe-inline'; default-src env-6410208.paas.datacenter.fi www.tokmanni.fi 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.siteimprove.com *.facebook.com *.doubleclick.net *.facebook.net *.bing.com *.nr-data.net *.google-analytics.com *.medallia.com *.kampyle.com *.logtrackback.com *.googleapis.com www.clarity.ms *.fontawesome.com a.clarity.ms c.clarity.ms f.clarity.ms b.clarity.ms i.clarity.ms/collect *.clarity.ms n.clarity.ms/collect *.oribi.io *.socalgas.com blob:; script-src 'self' *.youtube.com 'unsafe-eval' 'unsafe-inline' data: *.bootstrapcdn.com *.siteimprove.net *.datatables.net siteimproveanalytics.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.googletagmanager.com *.twitter.com *.syndication.twimg.com snap.licdn.com *.google.com *.google-analytics.com *.gstatic.com *.krxd.net resources.xg4ken.com bat.bing.com px.owneriq.net *.facebook.net *.doubleclick.net *.googleadservices.com *.quantserve.com *.quantcount.com unpkg.com *.xg4ken.com *.newrelic.com *.nr-data.net interface.us.q-go.net *.brandcdn.com *.pixel.ad *.medallia.com *.kampyle.com *.acuityplatform.com browser-update.org *.googleapis.com *.cloudflareinsights.com *.socalgas.com  *.adsrvr.org www.clarity.ms *.clarity.ms *.fontawesome.com a.clarity.ms c.clarity.ms f.clarity.ms b.clarity.ms i.clarity.ms/collect *.content-cms.com *.socalgas.com blob:; style-src 'self' 'unsafe-inline' *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com *.cloudflare.com *.medallia.com *.kampyle.com; img-src 'self' data: 'unsafe-inline' *.google.com *.google.co.in *.googleapis.com *.gstatic.com twitter.com *.twitter.com *.twimg.com *.ytimg.com rs.gwallet.com *.linkedin.com bat.bing.com *.facebook.com px.owneriq.net *.krxd.net *.siteimproveanalytics.io *.googletagmanager.com *.adsymptotic.com *.socalgas.com *.vindicosuite.com *.quantserve.com *.doubleclick.net socalgas.com *.google-analytics.com *.agkn.com *.facebook.net *.fastclick.net *.socalgas.com *.atdmt.com *.sitescout.com *.medallia.com *.kampyle.com c.clarity.ms f.clarity.ms b.clarity.m c.clarity.ms/c.gif i.clarity.ms/collect c.bing.com *.bing.com; media-src 'self' data:; frame-src 'self' *.youtube.com *.twitter.com twitter.com sempra.mediaroom.com *.socalgas.com *.google.com *.pages02.net *.sempra.com *.doubleclick.net px.owneriq.net *.krxd.net *.siteimprove.net siteimproveanalytics.com *.sitescout.com *.medallia.com *.kampyle.com *.maps.arcgis.com *.vimeo.com *.issuu.com *.googleapis.com *.adsrvr.org *.clarity.ms *.facebook.com *.facebook.net *.content-cms.com *.powerbi.com; font-src 'self' *.fontawesome.com *.googleapis.com  *.gstatic.com 1
frame-ancestors 'self' https://admin.euronics.hu 1
default-src 'unsafe-inline' 'unsafe-eval' http://img.qianlong.com http://upload.qianlong.com *.qianlong.com http://slwza.qianlong.com https://tts.yunmd.net https://qlstats.bjnews.com.cn hm.baidu.com qlstats.bjnews.com.cn 1
script-src 'unsafe-inline' 'unsafe-eval' * blob:; frame-src 'unsafe-inline' *; Connect-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; Img-src * data:; upgrade-insecure-requests; 1
connect-src 'self' ws: *.sbi;  style-src 'self' 'unsafe-inline' *.sbi; object-src 'none'; img-src 'self' https://*.sbi/  data:; frame-src 'self' data: ; report-to /ndlogs/cspreport 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com https://*.economictimes.com 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://192.168.1.245 https://192.168.1.245 http://www.w3.org https://*.facebook.com https://*.youtube.com https://*.google.com https://*.trendnetrussia.ru https://*.firstdistribution.com https://*.trust-provider.com https://*.google-analytics.com https://*.doubleclick.net https://sectigo.com https://*.googletagmanager.com https://*.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.facebook.net https://*.google-analytics.com https://www.facebook.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com http://www.w3.org https://192.168.1.245 https://www.keebox.com https://*.cn.co.za https://*.firstdistribution.com https://*.sectigo.com https://*.trust-provider.com https://*.googleadservices.com; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' https://192.168.1.245 https://www.keebox.com https://*.cn.co.za https://*.firstdistribution.com; 1
default-src 'self';font-src 'self' https: data: *.hubstaff.com;img-src 'self' https: data: *.gstatic.com *.wistia.com *.wistia.net *.rlcdn.com *.hubstaff.com;object-src 'none';script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com *.sentry-cdn.com *.storyblok.com *.cloudflareinsights.com *.segment.com *.nr-data.net *.facebook.net *.twitter.com *.linkedin.com *.licdn.com *.woopra.com *.google.com *.googleapis.com gstatic.com www.googletagmanager.com google-analytics.com *.doubleclick.net www.googleadservices.com *.clarity.ms *.wistia.com *.wistia.net *.cloudfront.net *.app-us1.com *.hubstaff.com *.hs-analytics.net *.hs-scripts.com *.hubspotfeedback.com *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsforms.net *.hsforms.com *.profitwell.com *.workable.com *.bing.com *.zoominfo.com unpkg.com *.visionary-business-52.com *.hsadspixel.net *.hsleadflows.net app.posthog.com;style-src 'self' 'unsafe-inline' *.googleapis.com;connect-src 'self' wss: js.zi-scripts.com *.sentry.io *.licdn.com *.profitwell.com googleadservices.com *.hubstaff.com *.segment.io *.google-analytics.com *.woopra.com *.twitter.com *.facebook.com *.clarity.ms *.wistia.com *.litix.io *.nr-data.net *.doubleclick.net *.hubspot.com *.hsforms.com *.hubapi.com *.s3.amazonaws.com www2.profitwell.com *.segment.com *.zoominfo.com *.bing.com *.clickagy.com *.linkedin.com *.hscollectedforms.net *.google.com google.com *.amazonaws.com app.posthog.com;frame-src 'self' *.hsforms.net *.twitter.com *.facebook.com google.com *.wistia.com *.vimeo.com *.doubleclick.net today.com *.cnbc.com *.hubspot.com *.hsforms.com *.hsforms.net *.doubleclick.net;media-src 'self' blob: data: *.wistia.com *.s3.amazonaws.com *.cloudfront.net *.rlcdn.com *.hubstaff.com;child-src 'self' blob: *.wistia.com;manifest-src 'self';frame-ancestors *.hubstaff.com; 1
frame-ancestors 'self' https://*.stuba.sk http://*.stuba.sk; 1
frame-ancestors *.fruitmail.net 1
default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://utu.piwik.pro https://*.cookiebot.com https://mtm.utu.fi https://*.googletagmanager.com https://*.addtoany.com https://sc-static.net https://cdnjs.cloudflare.com https://*.leaddesk.com https://*.snapchat.com https://apps.utu.fi https://*.amazonaws.com https://*.infogram.com https://*.google-analytics.com https://analytics.utu.fi https://connect.facebook.net https://*.getjenny.com https://*.unibuddy.co; connect-src 'self' https://utu.piwik.pro ws://*.leaddesk.com https://*.cookiebot.com https://mtm.utu.fi https://ats.talentadore.com https://*.google-analytics.com https://analytics.utu.fi https://stats.g.doubleclick.net https://*.snapchat.com https://*.linkedin.oribi.io https://widget-telwin.getjenny.com; img-src 'self' data: https://*.utu.fi data://*.utu.fi https://*.vipunen.fi https://mtm.utu.fi https://*.google-analytics.com https://*.google.com https://*.google.fi https://*.googletagmanager.com https://*.leaddesk.com https://*.facebook.com https://px.ads.linkedin.com;  media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdnjs.cloudflare.com; font-src 'self' https://*.typekit.net; frame-src https: 'unsafe-inline'; frame-ancestors 'self' https: https://*.emaileri.fi/; object-src 'none'; 1
script-src https://webtrack.uni-marburg.de live.hrz.uni-marburg.de 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.youtube-nocookie.com ; child-src https://webtrack.uni-marburg.de 'self' https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be ; connect-src https://webtrack.uni-marburg.de 'self' https://www.youtube.com https://www.youtube-nocookie.com ; default-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://opencast.uni-marburg.de; img-src * data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;  1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://plan-salle-de-bain-3d.castorama.fr;style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src * 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lietou-static.com *.liepin.com *.alipay.com *.pstatp.com *.liepin.cn *.aliyuncs.com *.baidu.com *.tencent-cloud.com *.qcloud.com *.qq.com *.bdstatic.com unpkg.com lyra-wv-rpc://resource lyra-wv-rpc://rpc https://appx https://appx-t2 *.bytegoofy.com js.cdn.aliyun.dcloud.net.cn *.amap.com captcha.gtimg.com captcha.myqcloud.com *.qcloud.com *.gtimg.com cdn.jsdelivr.net www.googletagmanager.com https://g.alicdn.com https://wkbrs1.tingyun.com https://ssl-cdn.static.browser.mi-img.com data: blob:; child-src * data: blob: ; img-src * android-webview-video-poster: data: blob:; font-src * data: blob: moz-extension:; frame-src * bytedance://dispatch_message data: blob: wvjbscheme:; worker-src * data: blob: ; media-src * data: blob: ; report-uri https://alarmhook.liepin.com/hook/lpsoc-save-csp.json 1
default-src 'none';base-uri 'none';child-src 'self' https://www.youtube.com/embed/;connect-src 'self' https://ps.containers.piwik.pro https://ps.piwik.pro https://www.google.com/recaptcha/;font-src 'self';frame-src 'self' https://www.youtube.com/embed/ https://www.google.com/recaptcha/;img-src 'self' https://i.ytimg.com/;media-src 'self' https://d21v5rjx8s17cr.cloudfront.net/ https://d2gl1b374o3yzk.cloudfront.net/;script-src 'self' https://ps.containers.piwik.pro/ppms.js https://ps.piwik.pro/ppms.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'nonce-bEvZyG/pmGGMQJSaagqtju7sC1Ky3S6r' 'strict-dynamic';style-src 'self'; 1
frame-ancestors 'self' *.studying.jp studying.jp; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://uxdesign.cc https://*.uxdesign.cc https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src https: 1
default-src 'self' 'unsafe-inline' https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/geofeed  https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com; connect-src 'self' https://cdn-ukwest.onetrust.com https://www.gstatic.com/maps/ https://privacyportal-uk.onetrust.com/request/ https://privacyportaluatde.onetrust.com/request/ https://segments.company-target.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.company-target.com/api/ https://maps.googleapis.com/ https://dpm.demdex.net/id https://barclaysinternational.sc.omtrdc.net/b/ss/ https://barclaysbankplc.tt.omtrdc.net/m2/barclaysbankplc/mbox/ https://cdn.linkedin.oribi.io/partner/ https://www.media.barclays.co.uk/ https://segments.company-target.com/ https://px.ads.linkedin.com/; img-src 'self' data: https://www.googletagmanager.com https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.co.in/ https://maps.googleapis.com/ https://adservice.google.com/ https://ad.doubleclick.net/ddm/activity/ https://id.rlcdn.com/ https://cdn.cookielaw.org/ https://dev.day.com/  https://www.media.barclays.co.uk/assets/ https://px.ads.linkedin.com/ https://cm.everesttech.net/cm/ https://barclaysinternational.sc.omtrdc.net/b/ss/ https://maps.gstatic.com/ https://www.linkedin.com/ https://www.google.com.au https://www.google.co.bw https://www.google.com.br https://www.google.be https://www.google.ca https://www.google.cn https://www.google.com.cy https://www.google.dk https://www.google.com.eg https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gg https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.ie https://www.google.im https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.je https://www.google.co.ke https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.mu https://www.google.com.mx https://www.google.co.mz https://www.google.nl https://www.google.com.ng https://www.google.no https://www.google.com.pk https://www.google.com.ph https://www.google.pt https://www.google.com.pr https://www.google.com.qa https://www.google.ru https://www.google.com.sa https://www.google.sc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.tz https://www.google.com.tr https://www.google.co.th https://www.google.ae https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.co.zm https://www.google.co.zw; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com https://snap.licdn.com/li.lms-analytics/ https://code.highcharts.com/ https://www.highcharts.com https://platform.twitter.com/widgets.js https://assets.adobedtm.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://static.ads-twitter.com/ https://tag.demandbase.com/ https://www.media.barclays.co.uk/ https://googleads.g.doubleclick.net/ blob:; frame-src 'self' https://platform.twitter.com/ https://www.investmentbank.barclays.com https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://s.company-target.com/ https://barclaysbankplc.demdex.net/ 1
default-src 'self' fs.betunit.com;style-src 'self' fs.betunit.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com embed.tawk.to 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';script-src 'self' *.gstatic.com *.google.com tvbetframe7.com tvbetframe24.com *.facebook.com *.facebook.net *.onesignal.com www.google-analytics.com google-analytics.com static.hotjar.com embed.tawk.to script.hotjar.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';connect-src 'self' *.habeshabets.com wss://cgo-live.habeshabets.com/connection/websocket nrgaming.games *.nrgaming.games *.energaming.systems *.betunit.com betunit.com *.doubleclick.net www.google-analytics.com google-analytics.com live5.betunit.com *.tawk.to wss://*.tawk.to ws://*.tawk.to ws://turbo.energaming.systems:4444 wss://turbo.energaming.systems:4444 turbo.energaming.systems ws://transport.energaming.systems:4444 wss://transport.energaming.systems:4444 wss://live.habeshabets.com:4445 live.habeshabets.com transport.energaming.systems chukuatano.co.tz *.chukuatano.co.tz;frame-src 'self' *.atlas-v.com playbetman.com *.playbetman.com nrgaming.games *.nrgaming.games *.google.com vars.hotjar.com *.energaming.systems *.betunit.com betunit.com *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz;font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com embed.tawk.to;img-src * 'self' *.tawk.link *.energaming.systems *.betunit.com betunit.com *.facebook.com *.tawk.to *.google-analytics.com google-analytics.com  *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz cdn.jsdelivr.net nrgaming.games *.nrgaming.games 1
default-src 'self' blob: https://*.lamborghini.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.google.com https://*.akamaized.net https://*.akstat.io/ https://*.go-mpulse.net https://*.akamaihd.net https://*.onetrust.com https://stats.g.doubleclick.net https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lamborghini.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.go-mpulse.net https://*.akamaized.net https://*.onetrust.com https://polyfill.io https://js-agent.newrelic.com https://*.nr-data.net https://*.baidu.com https://*.analytics.edgekey.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * 'self' data: blob: android-webview-video-poster: https://*; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src * 'self'; media-src 'self' blob: data: https://*.akamaized.net; object-src 'none'; frame-src 'self' https://europe-west1-lamborghini-ai.cloudfunctions.net https://us-central1-lamborghini-ai.cloudfunctions.net https://cdn.flipsnack.com/ https://lamborghiniclubs.secure.force.com/ https://uat-lamborghiniclubs.cs107.force.com/ https://monitoring.datalytics.it/; worker-src 'self' blob:; manifest-src 'self'; report-uri https://csp-report.lamborghini.com/report-prod.php 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.googletagmanager.com https://connect.facebook.net; img-src 'self' data: https://static.uni-graz.at https://bezahlung.uni-graz.at https://online.uni-graz.at/ https://screenshot.uni-graz.at/ https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; style-src 'self' 'unsafe-inline' https://static.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/; font-src 'self' https://static.uni-graz.at; object-src 'self' https://static.uni-graz.at; frame-src 'self' https://static.uni-graz.at https://unitube.uni-graz.at https://open.spotify.com https://www.vimeo.com https://www.youtube.com; worker-src 'none'; connect-src 'self' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://search.uni-graz.at/rest/getSuggestions https://webstat.uni-graz.at https://ask.uni-graz.at/ wss://api.ug.leftshift.one/mqtt  https://beta.ug.aios.dev/ wss://api.azure-cloud.aios.dev/mqtt https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; report-uri /de/log.raw?context=CSP 1
default-src 'self' *.brightvpn.com ws://127.0.0.1:4560 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com *.google-analytics.com https://*.google.com https://csp.withgoogle.com https://www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net https://brightdata.com ajax.cloudflare.com *.facebook.net *.facebook.com https://*.appsflyer.com https://www.youtube.com https://i.ytimg.com https://wa.onelink.me https://*.gstatic.com yastatic.net https://*.gravatar.com https://*.googleapis.com *.googlevideo.com czedgingtenges.com *.yandex.ru *.yandex.net https://cdn.jsdelivr.net; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 1
frame-ancestors 'self' *.suunto.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.jatkoaika.com 1
default-src 'self'; script-src https://*.foiz.pro https://foiz.pro *.foiz.pro foiz.pro https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.ua  https://cdn.jsdelivr.net https://mc.yandex.ru https://*.jquery.com *.jquery.com https://www.paypal.com https://ajax.googleapis.com 'self' 'unsafe-inline'; style-src https://*.foiz.pro https://foiz.pro *.foiz.pro foiz.pro 'self' 'unsafe-inline'; img-src * 'self' data: https:; object-src https://*.fleshki.net 'self'; frame-src https://*.youtube.com *.youtube.com https://play.famobi.com https://games.cdn.famobi.com html5.gamedistribution.com http://rep4games.com/ https://files.acticdn.com https://games.ca.zone.msn.com/ https://yoomoney.ru/ *.paypal.com  'self'; connect-src https://*.google-analytics.com https://*.google.com https://*.google.com.ua https://mc.yandex.ru *.paypal.com https://stats.g.doubleclick.net 'self' 1
frame-ancestors https://8x8.vc 1
frame-ancestors https://*.burton.com 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=mafra&d=2024-01-23 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.blacknut.com *.blacknut.net *.blacknutlemag.com *.blacknut.biz *.google-analytics.com *.googletagmanager.com *.youtube.com *.googleapis.com *.stripe.com data: *.jsdelivr.net *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.fr *.gouv.fr js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net *.hubspot.com *.hubapi.com *.google.ie *.googleadservices.com *.metaffiliation.com api.mixpanel.com ipinfo.io freegeoip.net marketing-image-production.s3.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.usemessages.com u360.d-bi.fr analytics.google.com *.google.com *.google.ie *.clarity.ms clarity.microsoft.com *.gstatic.com *.firebaseio.com *.taboola.com *.adnxs.com *.affilae.com *.hs-banner.com *.blacknut.biz *.api.sanity.io *.sanity.build s3.eu-west-1.amazonaws.com blacknut-prod-images.b-cdn.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; base-uri 'self' 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.manappuram.com/report-uri/enforce 1
frame-ancestors 'self' gigazine.biz 1
script-src 'strict-dynamic' https: 'nonce-7d789bcf-1b3a-40b9-9cc6-31a1f8632091'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors https://account.krisp.ai https://dev.account.krisp.ai https://stage.account.krisp.ai https://krisp-blog-dev.krisp.ai https://krisp.ai https://highspot.com https://*.highspot.com 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-vmyGAAgprsnNOeqAcb98Pg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
script-src 'unsafe-inline' 'unsafe-eval' ct.captcha-delivery.com cdn.ampproject.org unpkg.com api.mapbox.com ajax.googleapis.com www.google-analytics.com assets.meilleursagents.com t.contentsquare.net app.contentsquare.com www.googletagmanager.com tags.tiqcdn.com  mitself.net t23.intelliad.de bat.bing.com www.everestjs.net secure.adnxs.com static.criteo.net creativecdn.com kautionsfrei.de *.sunvigo.de *.interhyp.de *.lichtblick.de *.hotjar.com *.doubleverify.com *.sascdn.com *.cleverpush.com *.aviv-seller-group.com *.umzugsauktion.de *.2mdn.net *.googletagservices.com *.asg-de.tech *.adition.com *.googlesyndication.com *.facebook.net *.typeform.com *.pendo.io *.amazon-adsystem.com *.yieldlove.com *.gstatic.com *.googleadservices.com *.google.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.datadoghq-browser-agent.com *.aws.aviv.eu *.immonet.de *.immowelt.org *.immowelt.de *.doubleclick.net *.kameleoon.eu *.usercentrics.eu *.criteo.com *.datadome.co; child-src blob: ads.revjet.com creativecdn.com geo.captcha-delivery.com prod.tahoe-analytics.publishers.advertising.a2z.com app.usercentrics.eu static.criteo.net js.adscale.de js.adscale.net ad.yieldlab.net eb2.3lift.com kautionsfrei.de *.sunvigo.de *.interhyp.de *.lichtblick.de *.hotjar.com *.doubleverify.com *.aviv-seller-group.com *.cleverpush.com *.sascdn.com *.umzugsauktion.de *.casalemedia.com *.rubiconproject.com *.doubleclick.net *.adsensecustomsearchads.com *.omnitagjs.com *.omnitag.js *.smartadserver.com *.pendo.io *.googlesyndication.com *.google.com *.openx.net *.indexww.com *.immonet.de *.immowelt.de *.criteo.com *.eu.criteo.com ; worker-src blob:; img-src * data:; connect-src api-js.datadome.co lb.eu-1-id5-sync.com id5-sync.com mitself.net btlr.sharethrough.com orbidder.otto.de addefend-platform.com cdn.jsdelivr.net rtb.openx.net a.teads.tv ad.yieldlab.net kautionsfrei.de *.sunvigo.de *.interhyp.de *.lichtblick.de *.aviv-seller-group.com *.doubleverify.com *.cleverpush.com *.umzugsauktion.de *.hotjar.io *.criteo.net *.smartadserver.com *.casalemedia.com *.omnitagjs.com *.kameleoon.io *.googletagservices.com *.googlesyndication.com *.yieldlove-ad-serving.net *.yieldlove.com *.gstatic.com *.googleadservices.com *.google.com *.amazon-adsystem.com *.google-analytics.com *.mapbox.com *.datadoghq.eu *.datadoghq-browser-agent.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.aws.aviv.eu *.immowelt.com *.immocloud.io *.immonet.de *.immowelt.org *.immowelt.de *.facebook.net *.pendo.io *.typeform.com *.doubleclick.net *.kameleoon.eu *.usercentrics.eu *.asg-de.tech *.jquery.com *.tealiumq.com *.criteo.com *.aviv.eu *.contentsquare.net wss://*.hotjar.com; 1
frame-ancestors 'self' *.sportsline.com *.cbssports.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; block-all-mixed-content; report-uri https://cbscom.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://balsamiq.report-uri.com/r/d/csp/reportOnly; report-to https://balsamiq.report-uri.com/r/d/csp/reportOnly 1
img-src * data: blob:; media-src * data: blob:; default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mailto:; frame-ancestors 'self' *.powtoon.com teams.microsoft.com *.teams.microsoft.com *.skype.com *.kaltura.com *.leidenuniv.nl *.schooltube.com *.umich.edu *.relay.edu *.unipd.it *.accenture.com *.gmfinancial.com *.avans.nl *.psvamb.io *.uplearning.nl *.mayo.edu *.sap.com *.saskpolytech.ca *.syngenta.com *.elearningmedia.es *.nvwa.nl *.assistmicro.co.jp *.abertay.ac.uk *.abnamro.video *.nyu.edu *.montpellier-bs.com scde-genius.mrooms.net *.bpglobal.com *.scania.com gscdigital.mcd.com bb.powtoon.co *.instructure.com; font-src * data: blob: 1
img-src 'self' https://img.awvvvvw.live; 1
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 1
frame-ancestors *.tipranks.com 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ;   report-uri https://odin.snapcomms.net:445; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' blob: https://api.prod.legislation.gov.au/ https://www.legislation.gov.au/; font-src 'self'; frame-src 'self' blob: https://www.legislation.gov.au/; img-src 'self' data: https://www.googletagmanager.com https://www.legislation.gov.au/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.legislation.gov.au/; style-src 'self' 'unsafe-inline' https://www.legislation.gov.au/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Bw0m2JhpPYx0yn1r8+UQTTRGwluda1nwuYPs0qCqMDzedZJR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src *.alicdn.com *.alipayobjects.com *.alipay.com *.cnzz.com res.wx.qq.com cf.aliyun.com ynuf.aliapp.org 'nonce-1DFUsP1uf0aEV0YU31iS' 'unsafe-eval' 'self' 'report-sample' cf.aliyun.com ynuf.aliapp.org *.nlark.com *.taobao.com; report-uri /r/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com get.alertmedia.com bat.bing.com cdn.bizible.com www.clarity.ms s.company-target.com cdn.cookielaw.org tag.demandbase.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com script.hotjar.com static.hotjar.com snap.licdn.com munchkin.marketo.net a.omappapi.com js.qualified.com www.redditstatic.com dev.visualwebsiteoptimizer.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' static.ads-twitter.com get.alertmedia.com bat.bing.com cdn.bizible.com ct.capterra.com www.clarity.ms cdn.cookielaw.org trk.crozdesk.com tag.demandbase.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.com www.googletagmanager.com boards.greenhouse.io www.gstatic.com script.hotjar.com static.hotjar.com snap.licdn.com app-sj30.marketo.com munchkin.marketo.net a.omappapi.com js.qualified.com www.redditstatic.com embed.sounder.fm platform.twitter.com dev.visualwebsiteoptimizer.com; script-src-attr 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' get.alertmedia.com fonts.googleapis.com a.omappapi.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' 'report-sample' get.alertmedia.com fonts.googleapis.com app-sj30.marketo.com a.omappapi.com; img-src 'self' data: *.ads.linkedin.com get.alertmedia.com bat.bing.com c.bing.com cdn.bizible.com cdn.bizibly.com c.clarity.ms t.co segments.company-target.com cdn.cookielaw.org trk.crozdesk.com www.facebook.com www.g2.com tracking.g2crowd.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.ae www.google.al www.google.am www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.at www.google.az www.google.be www.google.bf www.google.bs www.google.bt www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls adservice.google.com analytics.google.com translate.google.com www.google.com www.google.co.ma www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.gy www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.sk www.google.so www.googletagmanager.com www.google.tn www.google.tt secure.gravatar.com fonts.gstatic.com maps.gstatic.com www.linkedin.com yastatic.net a.omappapi.com alb.reddit.com id.rlcdn.com analytics.twitter.com syndication.twitter.com i.vimeocdn.com dev.visualwebsiteoptimizer.com i.ytimg.com; font-src 'self' data: fonts.gstatic.com cdn.scite.ai use.typekit.net; connect-src 'self' px.ads.linkedin.com get.alertmedia.com bat.bing.com *.clarity.ms api.company-target.com segments.company-target.com cdn.cookielaw.org www.facebook.com www.g2.com stats.g.doubleclick.net www.google.ae www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.be www.google.ca www.google.ch www.google.co.bw www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke *.google.com www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.eg www.google.com.et www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.vn www.google.co.nz www.google.co.ug www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.fr www.google.hu www.google.ie www.google.it www.google.kz www.google.lk www.google.lu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.se www.google.tt wss://ws.hotjar.com *.hotjar.io doublestat.info sentry.io cdn.linkedin.oribi.io *.mktoresp.com *.mktoutil.com *.omappapi.com geolocation.onetrust.com app.qualified.com wss://ws.qualified.com conversions-config.reddit.com analytics.twitter.com dev.visualwebsiteoptimizer.com ws.zoominfo.com; media-src 'self' data: podcasts.captivate.fm app.qualified.com; object-src 'self'; child-src 'none'; frame-src data: get.alertmedia.com player.captivate.fm s.company-target.com td.doubleclick.net www.facebook.com www.google.com boards.greenhouse.io app-sj30.marketo.com alertmedia.navattic.com capture.navattic.com block.opendns.com app.qualified.com platform.twitter.com player.vimeo.com dev.visualwebsiteoptimizer.com www.youtube.com gateway.zscloud.net; worker-src blob:; frame-ancestors 'none'; form-action 'self' www.facebook.com dev.visualwebsiteoptimizer.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; report-uri https://darwinapps.report-uri.com/r/d/csp/enforce 1
object-src 'none'; default-src * 'unsafe-eval' 'unsafe-inline' data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bkm.com.tr *.mastercard.com.tr *.payten.com.tr *.yandex.ru *.youtube.com *.google-analytics.com *.googleapis.com *.tarsicam.com *.theasys.io *.ziraatbank.com.tr prdcbotwidgetwebvip.zb *.gstatic.com data: 3dsecure.garanti.com.tr acs.bkm.com.tr goguvenliodeme.bkm.com.tr acs.qnbfinansbank.com 3dsecure.akbank.com.tr go.albarakaturk.com.tr acs.yapikredi.com.tr maxinet.isbank.com.tr; connect-src 'self' wss://livechat.ziraatbank.com.tr https://api.ziraatbank.com.tr *.googleapis.com zbmatomoapp.ziraatbank.com.tr 1
frame-ancestors 'self';  base-uri 'self'; object-src 'none';  1
object-src 'self';script-src 'nonce-c0524ec9d7f215aeb30c1576ad1d547d' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;base-uri 'none';frame-ancestors 'self' https://*.checkdomain.website 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.jameda.de doctoraliaone-de2-candidate.azurewebsites.net 1
default-src 'self' blob: * wss://wsp45.hotjar.com 'unsafe-inline' 'unsafe-eval' *.allin.com.br *.amazonaws.com *.clarity.ms data: *.doubleclick.net *.dynatrace.com *.evgnet.com *.facebook.com *.facebook.net *.geolocation-db.com *.google-analytics.com *.google.com *.google.com.br *.googleadservices.com *.google-optimize.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.handtalk.me *.hotjar.com *.hotjar.io *.onetrust.com *.online-metrix.net *.pinterest.com *.pinimg.com *.portoseguro.com.br *.portoseguro.us-7.evergage.com *.smartbmc.com.br *.tiktok.com *.unico.io *.unpkg.com *.visualwebsiteoptimizer.com *.vwo.com; frame-ancestors 'self' https://wwws.portoseguro.com.br 1
frame-ancestors 'self' https://app.mutinyhq.com; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://www.googletagmanager.com https://eref.uni-bayreuth.de https://www.uni-bayreuth.de https://*.usercentrics.eu; frame-src 'self' https://forms.zohopublic.eu https://zcmp.eu https://bayh-zcmp.maillist-manage.eu https://www.youtube-nocookie.com https://desk.zoho.eu https://salesiq.zohopublic.eu/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com http://www.test-unib.de/ 1
default-src 'self' ; img-src 'self' https://numbers.mailbox.org; script-src 'self' https://numbers.mailbox.org https://numbers.mailbox.org; style-src 'self' data: 'unsafe-inline' ; frame-src 'self'  https://manage.mailbox.org https://status.mailbox.org; frame-ancestors 'self'; object-src 'none'; connect-src 'self' https://numbers.mailbox.org; 1
connect-src 'self' https://*.swiftype.com https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.formstack.com data: https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com https://d2ub1k1pknil0e.cloudfront.net; default-src 'self'; manifest-src https://d2ub1k1pknil0e.cloudfront.net; img-src 'self' data: https: https://d2ub1k1pknil0e.cloudfront.net; object-src 'self' blob:; font-src 'self' data: *.googleapis.com https://*.gstatic.com https://d2ub1k1pknil0e.cloudfront.net; child-src https:; style-src 'self' 'unsafe-inline' https:; media-src 'self'; frame-src 'self' https://webcast.massey.ac.nz https://www.massey.ac.nz https://*.windcave.com https://*.paycorp.com.au https://*.hotjar.com https://*.hotjar.io https://*.clickdimensions.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.yimg.com https://*.matterport.com https://staticcdn.co.nz https://*.tiktok.com; report-uri https://o115950.ingest.sentry.io/api/5340269/csp-report/?sentry_key=fe8681a26224499cb51618fd877c5f4c&sentry_environment=production&sentry_release=a5b1a879 1
default-src 'none'; upgrade-insecure-requests; object-src 'self'; frame-src athabascau.kudoboard.com www.youtube-nocookie.com *.issuu.com *.statuspage.io *.hotjar.com *.osano.com *.brightcove.net livestream.com *.livestream.com *.doubleclick.net *.snapchat.com *.hsforms.com *.intelliresponse.com *.g.doubleclick.net *.adsrvr.org *.githubassets.com www-preview.athabascau.ca *.libanswers.com *.fls.doubleclick.net *.cloudfront.net airtable.com *.airtable.com *.athabascau.ca *.canadahelps.org *.youtube.com *.youtu.be *.google.com; media-src 'self' *.canadahelps.org *.athabascau.ca *.youtube.com *.youtu.be *.vimeo.com; manifest-src 'self'; connect-src 'self' wss: *.hotjar.com *.api.osano.com *.hubspot.com *.osano.com *.google.com *.googlesyndication.com wurfl.io *.snapchat.com *.oribi.io googleads.g.doubleclick.net analytics.google.com *.tiktok.com *.hotjar.io *.livestream.com *.on.aws *.dev.athabascau.cloud *.sitesearch360.com *.linkedin.com *.amazonaws.com livestream.com *.hsforms.com *.crazyegg.com *.wootric.com *.herokuapp.com *.facebook.com *.libanswers.com *.hubapi.com *.yimg.com *.cloudfront.net *.247-inc.net *.s3.amazonaws.com *.athabascau.ca *.google-analytics.com stats.g.doubleclick.net; worker-src 'self' *.osano.com *.athabascau.ca osano.js blob:; img-src *.adsymptotic.com *.linkedin.com *.cloud *.googlesyndication.com *.reddit.com *.sitesearch360.com *.snapchat.com *.gstatic.com *.hotjar.com *.bing.com *.hsforms.com *.doubleclick.net *.ads.linkedin.com *.analytics.yahoo.com t.co *.twitter.com *.hubspot.com www-preview.athabascau.ca *.facebook.com *.siteimproveanalytics.io *.google.com *.google.ca *.google-analytics.com 'self' *.athabascau.ca *.library.athabascau.ca www.googletagmanager.com data: *.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.github.com *.googlesyndication.com *.redditstatic.com *.google.ca *.osano.com *.bing.com *.snapchat.com *.adsymptotic.com static.hotjar.com *.hotjar.com sc-static.net *.tiktok.com *.sitesearch360.com unpkg.com livestream.com *.livestream.com *.tribalfusion.com *.githubassets.com *.acuityplatform.com *.wootric.com *.googleadservices.com *.ipify.org *.twitter.com t.co *.licdn.com googleads.g.doubleclick.net *.libanswers.com blob: http: https: *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.analytics.yahoo.com *.hs-scripts.com *.facebook.net siteimproveanalytics.com *.ads-twitter.com *.fls.doubleclick.net *.adsrvr.org *.yimg.com *.cloudfront.net *.eyereturn.com *.hscta.net *.athabascau.ca *.cloudfront.net *.hsforms.com *.hsforms.net *.canadahelps.org athabascau.acquiretm.com *.crazyegg.com *.youtube.com browser-update.org *.google-analytics.com *.googleapis.com code.jquery.com *.cloudflare.com wurfl.io *.googletagmanager.com *.athabascau.ca *.list-manage.com *.google.com *.gstatic.com; style-src blob: http: https: 'self' 'unsafe-inline' *.githubassets.com *.osano.com *.cloudflare.com *.googleapis.com *.google.com *.googleoptimize.com *.athabascau.ca; font-src 'self' *.athabascau.ca *.hotjar.com *.cloudflare.com *.gstatic.com; form-action 'self' *.search.serialssolutions.com *.snapchat.com *.hsforms.com *.athabascau.ca; base-uri 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1
frame-src 'self' 'unsafe-eval' 'unsafe-inline' player.vimeo.com *.vimeo.com googletagmanager.com *.googletagmanager.com youtube.com *.youtube.com facebook.com *.facebook.com google.com *.google.com *.googlesyndication.com *.adsensecustomsearchads.com *.syndicatedsearch.goog ff.doubleclick.net *.doubleclick.net *.criteo.com *.hotjar.com *.hotjar.io *.rlcdn.com *.useberry.com *.flashrecruit.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline'  fast.wistia.net fonts.bunny.net cdnjs.cloudflare.com fonts.gstatic.com *.stripe.com *.tawk.to *.google.com calendly.com ajax.aspnetcdn.com data: blob: *.maze.co;        connect-src 'self' *.google.com *.google-analytics.com *.stripe.com *.tawk.to wss://*.tawk.to *.wistia.com *.litix.io *.mixpanel.com *.hotjar.com *.hotjar.io *.maze.co *.tiny.cloud;        img-src 'self' https://* data: *.maze.co;        style-src 'self' 'unsafe-inline' *.rackcdn.com gitcdn.github.io cdn.datatables.net maxcdn.bootstrapcdn.com fonts.bunny.net *.tiny.cloud cdn.jsdelivr.net ajax.aspnetcdn.com *.google.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com unpkg.com *.stripe.com *.tawk.to *.maze.co;        script-src 'self' 'unsafe-inline' 'unsafe-eval' gurayyarar.github.io gitcdn.github.io cdn.datatables.net *.rackcdn.com use.fontawesome.com code.jquery.com static.cloudflareinsights.com *.tiny.cloud cdn.jsdelivr.net ajax.aspnetcdn.com *.google.com unpkg.com cdn.mxpnl.com *.googletagmanager.com fast.wistia.com cdnjs.cloudflare.com *.hotjar.com *.stripe.com *.tawk.to *.gstatic.com *.calendly.com *.maze.co;        object-src 'self' images.contactout.com;        media-src 'self' media.mixrank.com *.licdn.com; 1
frame-ancestors 'self' *.iza.org; 1
child-src 'self' *.adform.net *.cloudfront.net *.criteo.com *.criteo.net ivario.eu *.optimizely.com *.selbstbauprofi.de *.sindholm.com *.sociomantic.com *.toom.de *.tp-de.net  *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com form.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de wkdpw.boels.com; frame-src 'self' *.adform.net *.curanto.de *.cloudfront.net *.criteo.com *.criteo.net ivario.eu *.optimizely.com *.selbstbauprofi.de *.sindholm.com *.sociomantic.com *.toom.de *.tp-de.net *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com form.guuru.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.toom.de toom.de www.youtube.com www.youtube.de wkdpw.boels.com *.appointedd.com test-dm-iframe.surge.sh anfangendev.de; object-src 'self'; upgrade-insecure-requests; 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline' data:; child-src https: blob:; worker-src https: blob:; 1
frame-ancestors edge.arista.com *.edge.arista.com arista.com *.arista.com *.untangle.com untangle.com *.untanglesystems.com untanglesystems.com ws.zoominfo.com ws-assets.zoominfo.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.online; img-src 'self' data: blob: https://mastodon.online https://files.mastodon.online; style-src 'self' https://mastodon.online 'nonce-hYoaxGLrgvzHWjMlHW26Og=='; media-src 'self' data: https://mastodon.online https://files.mastodon.online; frame-src 'self' https:; manifest-src 'self' https://mastodon.online; form-action 'self'; child-src 'self' blob: https://mastodon.online; worker-src 'self' blob: https://mastodon.online; connect-src 'self' data: blob: https://mastodon.online https://files.mastodon.online wss://streaming.mastodon.online; script-src 'self' https://mastodon.online 'wasm-unsafe-eval' 1
base-uri 'self'; block-all-mixed-content; child-src: blob:; connect-src 'self' https://*.wistia.com https://*.wistia.net https://sentry.io; default-src 'self' https://sentry.io; font-src 'self' https://static-assets.life.church data: https://*.wistia.com; frame-ancestors 'self'; frame-src https://fast.wistia.com https://fast.wistia.net; img-src 'self' https://chop-marketing.imgix.net https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://cdn.sanity.io data:; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; object-src 'none'; script-src 'self' https://sentry.io https://*.wistia.com https://*.wistia.net https://src.litix.io https://www.googletagmanager.com https://static.hotjar.com 'sha256-0PHbIoXyixFP7hffHwEY/nnFE9IskXD8WOmtgIYl5HQ='; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com; upgrade-insecure-requests; 1
frame-ancestors *.gre.ac.uk 1
frame-ancestors 'self' https://preview.codecanyon.net 1
frame-ancestors 'self'; object-src https://*.ediblearrangements.com/; media-src https://*.ediblearrangements.com/ 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; connect-src 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; 1
script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-TktSHfutBLLqEPbrconWig' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'none' ; connect-src 'self' https://*.hubspot.com https://*.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://telemetry.stytch.com https://telemetry.staging.stytch.com https://*.6sc.co https://www.google-analytics.com https://api.stripe.com https://webto.salesforce.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://web.stytch.com https://web.stytch.com https://accounts.google.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.launchdarkly.com https://forms.hubspot.com https://cdn.segment.com https://api.segment.io https://api.chilipiper.com https://*.getkoala.com wss://*.getkoala.com https://analytics.twitter.com https://*.reddit.com https://browser-intake-datadoghq.com https://stats.g.doubleclick.net https://analytics.google.com https://px.ads.linkedin.com; img-src 'self' data: https://*.hsforms.com https://*.hubspot.com https://s3.us-west-2.amazonaws.com/secure.notion-static.com/ https://static.hotjar.com https://script.hotjar.com https://prod-files-secure.s3.us-west-2.amazonaws.com/ https://b.6sc.co https://stytch.imgix.net https://stytch.com https://www.google.com https://public-assets.stytch.com https://px.ads.linkedin.com https://customer-public-assets.stytch.com https://test-customer-public-assets.stytch.com https://www.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://*.reddit.com; frame-src https://*.hubspot.com https://js.stripe.com https://hooks.stripe.com https://js.verygoodvault.com https://js.stytch.com https://api.stytch.com https://api.stytch.com https://js.stytch.com https://bid.g.doubleclick.net https://www.google.com https://accounts.google.com https://stytch.chilipiper.com https://www.youtube.com https://td.doubleclick.net; script-src 'self'  'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-M0XRqix5O9M+87oe2SSnd65EtHegg8ZGZFv6ePpR5J8=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-Q5x69g12HaFTCBMantfrpFwjj69oKrc7Ph7MBYolzEo=' 'sha256-pI4tXjnqa9PaTEz8c6SsDFo5hwEDM6WvnVsQCjZJW6Q=' 'sha256-dWt6kO55E05TkaLJfw3kXwtfVc8n7QAE3G0AMrSJ2LA=' 'sha256-eCc9zUjGum0w0UuAM+lpo53F7jdY2Kj8PlJe0ynlyHQ=' 'unsafe-eval' https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com  https://forms.hsforms.com https://script.hotjar.com https://elements.stytch.com/telemetry.js https://elements.staging.stytch.com/telemetry.js https://www.googletagmanager.com https://js.stripe.com https://js.verygoodvault.com https://js.stytch.com https://js.stytch.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://dc.ads.linkedin.com https://p.adsymptotic.com https://accounts.google.com https://cdn.jsdelivr.net/npm/search-insights@2.0.3 https://js.hs-scripts.com/22036619.js https://js.hs-analytics.net https://js.hs-banner.com/22036619.js https://js.hscollectedforms.net/collectedforms.js https://*.getkoala.com https://www.redditstatic.com/ads/pixel.js https://*.ads-twitter.com https://j.6sc.co https://js.hs-banner.com https://*.usemessages.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com https://accounts.google.com https://cdn.jsdelivr.net/npm/instantsearch.css@7.3.1/themes/reset-min.css ; object-src 'none' ; manifest-src 'self' ; prefetch-src 'self' ; worker-src blob: ; font-src 'self' https://script.hotjar.com fonts.gstatic.com fonts.googleapis.com https://stytch.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-d3350e96b48cdbb5be0259682f5ed63c' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1734557891268538; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1734557891268538 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors *.newswire.com 1
frame-ancestors https://*.donorperfect.net; 1
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
script-src 'self' 'strict-dynamic' 'nonce-c841e8a6-1852-4c46-8bd6-e786fb3ad62b' 'unsafe-inline' 'unsafe-eval' *.amplitude.com *.freshchat.com *.servedby-buysellads.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com;style-src 'self' 'unsafe-inline' *.freshchat.com fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com;img-src * data:;font-src * data:;connect-src * ws: wss:;manifest-src 'self';media-src *;child-src 'self' data: blob:;frame-src * data: blob:;base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';default-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com https://s1.thcdn.com https://d2d7do8qaecbru.cloudfront.net https://tpc.googlesyndication.com https://api.bam-x.com https://www.awin1.com blob: https://gum.criteo.com https://www.pinterest.com https://www.pinterest.co.uk https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://maybelline-uk.beauty-campaigns.com https://qlic.it https://*.abtasty.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://ct.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://www.google.co.uk https://analytics.tiktok.com https://smct.co https://*.smct.co  https://api.bam-x.com https://*.contentsquare.net https://tr.snapchat.com https://ampcid.google.com.tw https://ampcid.google.com.hk https://ampcid.google.cn https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.criteo.net https://*.obsess-vr.com https://di.rlcdn.com https://api.rlcdn.com https://t.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.abtasty.com https://*.modiface.com https://us-east4-modiface-production.cloudfunctions.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://shadematching.modiface.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn; frame-ancestors 'self' https://live.lookfantastic.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://cdn.obsess-vr.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.lookfantastic.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://*.liveperson.com https://tpc.googlesyndication.com https://static.narrativ.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://app.contentsquare.com https://cdn.pubnub.com https://assets.dekopay.com https://*.modiface.com blob: https://*.abtasty.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://modules.obsess-vr.com https://*.abtasty.com https://*.gstatic.com https://cms-cdn.modiface.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-48a05857804f74343aa0575cfa8e291ce1253a7eecb2' 'nonce-a6ad955aa8858078d36b4f6c41afd5a7e29c9b64fa8b' 'nonce-26a977b23d20c08ee071db1da89165e118729595e0e5' 'nonce-d24f7d83719ff17337a566781d16d858d95bae16cc4d' 'nonce-d6809f72f87e807c561ef1c7623093919435b6dcd762'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self'; base-uri 'self' https:; child-src 'self' https:; connect-src 'self' https: wss:; font-src http: https: 'self' data:; form-action 'self' https:; frame-ancestors http://*.yardbarker.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' blob: https:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' http: https: 'self'; upgrade-insecure-requests; worker-src 'self' blob: https://*.sendtonews.com https://*.modxcloud.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://; font-src 'self' https:// http://; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.sharethis.com www.gstatic.com analytics.effo.gov.hk www.google.com *.addthis.com yt3.ggpht.com www.youtube.com *.firebaseio.com *.addthisedge.com ; frame-src 'self' https:// http:// www.youtube.com *.sharethis.com www.google.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' https:// http://* data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* www.google-analytics.com www.google.com yt3.ggpht.com *.sharethis.com www.youtube.com *.firebaseio.com ; font-src 'self' 'https://* http://* unsafe-inline' 'unsafe-eval' data:* 1
default-src 'self'; style-src 'self' s.weblate.org; img-src 'self' data: stats.cihar.com hosted.weblate.org blog.cihar.com www.thepay.cz *.githubusercontent.com; script-src 'self' cdn.ravenjs.com stats.cihar.com; connect-src 'self' stats.cihar.com; object-src 'none'; font-src 'self' s.weblate.org; frame-src 'none'; frame-ancestors 'none'; form-action 'self' weblate.org hosted.weblate.org www.thepay.cz;report-uri https://sentry.weblate.org/api/3/security/?sentry_key=f4089b47246947759114d23fc884d56e 1
default-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com; connect-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fast.fonts.net fonts.gstatic.com; img-src 'self' i.ytimg.com www.gstatic.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com stats.g.doubleclick.net ssl.p.jwpcdn.com content.jwplatform.com developer.jwplayer.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com ssl.p.jwpcdn.com content.jwplatform.com translate.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com fast.fonts.net kudo-widget.s3.amazonaws.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.neh.gov/report-uri/enforce 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-KIhzAssq6HlRSVBufXfySg==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' bam.nr-data.net/; font-src 'self' data: fonts.gstatic.com/; frame-ancestors dashboard.vibescm.com smsdashboard.fishbowl.com dashboardsms.pier1.com dashboard.campaignplatform.net mobile.smscge.com mobile.vmsfuture.com; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ js-agent.newrelic.com/ bam.nr-data.net/; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://aniwatch.to https://aniwatchtv.to https://aniwatch.nz https://aniwatch.se 1
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 1
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.ixsystems.net *.truenas.com; upgrade-insecure-requests; default-src 'self' mailto: https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 1
frame-ancestors https://oss.ctyun.cn  https://bcp.ctyun.cn https://www.ctyun.cn https://ocss.ctyun.cn 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://www.epidemicsound.com https://cdn.epidemicsound.com https://www.epidemicsound.com https://tagmanager.google.com https://assets.braintreegateway.com https://global.oktacdn.com/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/; frame-src 'self' blob: https://www.epidemicsound.com https://cdn.epidemicsound.com https://www.epidemicsound.com https://assets.braintreegateway.com https://*.cardinalcommerce.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://c.paypal.com https://paypal.com https://www.youtube.com https://www.paypal.com https://www.sandbox.paypal.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://api.recurly.com/ https://vars.hotjar.com bytedance: sslocal: https:; child-src 'self' blob: assets.braintreegateway.com c.paypal.com https://vars.hotjar.com; media-src 'self' https://*.epidemicsound.com blob: https://d34qmkt8w5wll9.cloudfront.net https://www.epidemicsound.com https://cdn.epidemicsound.com https://www.epidemicsound.com https://dkihjuum4jcjr.cloudfront.net https://audiocdn.epidemicsound.com https://s3-eu-west-1.amazonaws.com https://videos.ctfassets.net https://global.oktacdn.com/; worker-src blob:; default-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://www.epidemicsound.com https://www.epidemicsound.com https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com https://c.bing.com; font-src 'self' https://d34qmkt8w5wll9.cloudfront.net https://www.epidemicsound.com https://cdn.epidemicsound.com https://www.epidemicsound.com data: https://script.hotjar.com https://global.oktacdn.com/ https://fonts.gstatic.com/; img-src 'self' data: https: https://www.epidemicsound.com/staticfiles/player/v2024.01.22-rel6/ https://www.epidemicsound.com/staticfiles/player/v2024.01.22-rel6/ https://cdn.epidemicsound.com *.google-analytics.com *.analytics.google.com https://tr.snapchat.com/p https://static.hotjar.com https://script.hotjar.com analytics.tiktok.com; object-src 'self'; connect-src 'self' https://google.com https://www.google.se https://pay.google.com https://www.epidemicsound.com https://cdn.epidemicsound.com https://audiocdn.epidemicsound.com https://www.epidemicsound.com *.google-analytics.com *.analytics.google.com https://*.maze.co https://*.clarity.ms https://*.g.doubleclick.net https://*.epidemicsound.com https://www.googleapis.com https://storage.googleapis.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://api.braintreegateway.com https://*.cardinalcommerce.com https://client-analytics.braintreegateway.com https://sentry.io https://ingest.sentry.io https://www.facebook.com/tr/ https://*.braintree-api.com https://www.paypal.com https://cdn.contentful.com https://preview.contentful.com https://api.recurly.com/ https://cdn.ampproject.org/ https://www.googletagmanager.com https://gtm.epidemicsound.com https://tagmanager.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/pagead/ https://bat.bing.com https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com https://dev-557126.okta.com/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://unpkg.com/web-vitals/dist/web-vitals.iife.js com-epidemicsound-prod1.mini.snplow.net t.epidemicsound.com https://epidemicsound.okta.com/ analytics.tiktok.com https://dev-7536375.okta.com/ https://epidemicsound.oktapreview.com/api/v1/authn https://cdn.optimizely.com/datafiles/ https://logx.optimizely.com/v1/events https://ssl.kaptcha.com/ https://tst.kaptcha.com/ https://api.optimizely.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pay.google.com https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://www.epidemicsound.com https://www.epidemicsound.com https://*.clarity.ms https://*.googlesyndication.com https://bat.bing.com https://js.braintreegateway.com https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://www.paypalobjects.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://www.googletagmanager.com https://gtm.epidemicsound.com https://tagmanager.google.com https://www.google-analytics.com https://mbsy.co https://connect.facebook.net/ https://serve.albacross.com https://assets.braintreegateway.com https://www.paypal.com https://www.googleadservices.com https://code.jquery.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com https://www.gstatic.cn https://js.recurly.com/ https://cdn.ampproject.org/ https://static.ads-twitter.com/uwt.js https://static.hotjar.com https://script.hotjar.com https://sc-static.net/scevent.min.js https://sc-static.net/js-sha256-v1.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://px.ads.linkedin.com/collect https://global.oktacdn.com/ https://ajax.googleapis.com/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.cookiepro.com/ https://unpkg.com/web-vitals/dist/web-vitals.iife.js analytics.tiktok.com https://ssl.kaptcha.com/ https://tst.kaptcha.com/ https://*.maze.co https://*.maze.design https://mazetesting.com 1
frame-ancestors *.atauni.edu.tr 1
default-src 'self' about: data: blob: analytics.google.com bam.nr-data.net app.energycap.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.weather.gov; script-src 'self' about: data: blob: *.live-sdgov.pantheonsite.io *.twitter.com *.polyfill.io *.amazonaws.com *.hdrelay.com manage.hdrelay.com *.monsido.com *.googleapis.com 'unsafe-eval' 'unsafe-inline' *.kampyle.com *.medallia.com visualsponline.azurewebsites.net *.nr-data.net *.force.com *.newrelic.com *.google-analytics.com *.ads-twitter.com *.browsealoud.com *.cloudflare.com *.ctctcdn.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com t.ifvox.com v2.libanswers.com *.licdn.com www.peakdemocracy.com *.sharethis.com public.tableau.com cdn.syndication.twimg.com *.cloudfront.net connect.facebook.net *.newrelic.com vjs.zencdn.net firstsearch.oclc.org *.typeform.com *.instagram.com cdn.rawgit.com cdn.jsdelivr.net a.fsdn.com/con/js/sftheme/vendor/modernizr.3.3.1.custom.js cdn.datatables.net; style-src 'self' 'unsafe-inline' *.force.com *.browsealoud.com ws.sharethis.com events.constantcontact.com static.ctctcdn.com *.googleapis.com *.gstatic.com cdn-images.mailchimp.com static.mailerlite.com ton.twimg.com platform.twitter.com vjs.zencdn.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.datatables.net; img-src 'self' data: blob: * www.google.es *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com *.ytimg.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net firstsearch.oclc.org www.google.it www.google.pt www.google.com.ph www.google.com.om www.google.co.uk www.google.com.mx www.google.de www.google.co.in; frame-src 'self' td.doubleclick.net app.energycap.com api.exchqzdata.com datasd.typeform.com data: *.medallia.com *.amazonaws.com *.arcgis.com sandiego.bibliocommons.com www.facebook.com support.gale.com *.google.com portal.hdontap.com manage.hdrelay.com cdn.knightlab.com stories.opengov.com www.opentownhall.com www.peakdemocracy.com prezi.com sandiego.seamlessdocs.com public.tableau.com app.truelook.com *.twitter.com player.vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.sandiego.gov *.sharethis.com c.sharethis.mgr.consensu.org *.granicus.com app.powerbigov.us *.instagram.com *.hylandcloud.com app.truelook.cloud *.smartsheet.com padlet.com; font-src 'self' data: *.force.com themes.googleusercontent.com fonts.gstatic.com *.sandiego.gov vjs.zencdn.net fonts.googleapis.com cdnjs.cloudflare.com; connect-src 'self' data: blob: www.google.ca *.hdrelay.com *.kampyle.com *.nr-data.net *.force.com *.browsealoud.com *.constantcontact.com *.ctctcdn.com www.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com cascade2.libchat.com px.ads.linkedin.com track.mailerlite.com *.medallia.com *.monsido.com *.newrelic.com *.sdge.com *.sharethis.com speech.speechstream.net public.tableau.com *.twimg.com *.twitter.com www.wageworks.com static.wixstatic.com cola.unh.edu www.consumer.ftc.gov sandiego.gov *.sandiego.gov stats.g.doubleclick.net bam.nr-data.net speech.speechstream.net firstsearch.oclc.org *.granicus.com *.us-west-2.amazonaws.com wss://*.us-west-2.amazonaws.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://classroom.google.com; script-src 'nonce-8fe73f06e088b476b025cb9b9839d022' 'strict-dynamic' 'self' https://*.google.com https//*.gstatic.com; object-src 'none'; base-uri 'none' 1
frame-ancestors 'self' https://dj.radioparadise.com 1
connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com *.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.analytics.google.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net  *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com images.ctfassets.net *.serving-sys.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv ; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com  pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' *.googleapis.com *.mouseflow.com teads.tv s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com cdn.scaleflex.it analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src *.dynatrace.com assets.ducati.com platform.twitter.com  s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de *.googleapis.com *.mouseflow.com teads.tv s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; frame-src pixel.mathtag.com platform.twitter.com  www.youtube.com youtu.be www.facebook.com *.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv  ; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv 1
script-src *.braintreegateway.com *.abtasty.com https://www.paypalobjects.com/muse/muse.js *.addrexx10.com addrexx11.com xxredda.s3.amazonaws.com *.kaptcha.com *.paypal.com *cdn.pricespider.com *embeddedcloud.pricespider.com *embeddedcloud.pricespider.com/ *omni.pricespider.com *wtbng.pricespider.com *wtbstream.pricespider.com *.tiktok.com *.affirm.com *.adsrvr.org *.ajax.googleapis.com *.bazaarvoice.com *.upsellit.com *.attn.tv *.betrad.com *.bigcommerce.com *.cloudfront.net *.cookielaw.org api.ipify.org *.entrust.net *.getshogun.com *.google-analytics.com *.klaviyo.com *.facebook.net *.googletagmanager.com *.pricespider.com *.pypestream.com ajax.googleapis.com cdn.ravenjs.com code.jquery.com gateway.zscalertwo.net geolocation.onetrust.com getshogun-cache-production.s3.amazonaws.com h.online-metrix.net js.agkn.com m.addthis.com m.addthisedge.com optanon.blob.core.windows.net optimize.google.com s.ytimg.com s7.addthis.com script.crazyegg.com tagmanager.google.com *.youtube.com *.google.com *.gstatic.com z.moatads.com cdn11.bigcommerce.com optimize.google.com fonts.googleapis.com *.agkn.com *.akamaihd.net *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.privy.com  *.media-amazon.com *.moatads.com *.mybigcommerce.com *.adsrvr.org *.agkn.com *.bigcommerce.com *.agkn.com *.segment.com *.lytics.io *.lightboxcdn.com *.bazaarvoice https://mpsnare.iesnare.com/snare.js lightboxapi.azurewebsites.net lightboxapitest.azurewebsites.net sc-static.net https://pghub.io/js/pandg-sdk.js *.mapbox.com  *.minibc.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors 'self' https://*.csus.edu https://csus.cascadecms.com https://csus.service-now.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://app.ramp.com https://cohere-voice.ramp.com; report-uri https://ramp.report-uri.com/r/d/csp/enforce 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.flightglobal.com https://eme.abacusemedia.com; 1
frame-ancestors 'self' force.com *.force.com visualforce.com *.visualforce.com *.sandbox.vf.force 1
default-src https: http://*.miisolutions.net:1935; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; connect-src https:; font-src https: data: 'unsafe-inline'; object-src https: data: 'unsafe-inline'; media-src data: https: http://*.miisolutions.net:1935 http://c.brightcove.com https://brightcove.hs.llnwd.net https://secure.brightcove.com http://brightcove.vo.llnwd.net blob:; child-src data: https: 'self' blob:;  frame-src data: https: 'self'; form-action https: 'self'; frame-ancestors http: https: 'self' http://library.uml.edu 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.50webs.com http://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://www.googletagmanager.com/gtag/js http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.endnote.com *.clarivate.com *.famewall.io *.upsellit.com https://clarivate.com https://cdn.cookielaw.org https://www.googletagmanager.com https://s786780033.t.eloqua.com https://bam.nr-data.net https://dev.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com https://assets.vidyard.com https://play.vidyard.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.driftt.com https://js-agent.newrelic.com https://secure.quantserve.com https://bam-cell.nr-data.net https://analytics.twitter.com https://rules.quantcount.com https://cdnjs.cloudflare.com https://static-cf.cleverbridge.com https://img06.en25.com https://platform.twitter.com https://widget.trustpilot.com https://static.addtoany.com  https://bam.nr-data.net  https://googleads.g.doubleclick.net  https://googleads.g.doubleclick.net  https://www.google-analytics.com ; frame-ancestors 'self' *.clarivate.com; connect-src 'self' ws: wss: *; 1
default-src 'self'; font-src 'self' data:; script-src 'self' 'sha256-BX+m2ozQ6UItA7NjIMW2R/AW/I4to5F/IclJ6osGRAo=' 'sha256-/kFxJaJf602jU2XKQBKmfofYoD4XWTGc8Uv/7qYfMIU=' 'sha256-HiUN6TCPu8+aheowMFjtizAIjMi7zu3M+WeDDRFwrjI=' 'sha256-BX+m2ozQ6UItA7NjIMW2R/AW/I4to5F/IclJ6osGRAo=' 'sha256-bTYnzr8Vw3+zMpadrV4dXNm3/dCMpqS9McrTEilHMBM=' 'sha256-bTYnzr8Vw3+zMpadrV4dXNm3/dCMpqS9McrTEilHMBM=' 'sha256-BX+m2ozQ6UItA7NjIMW2R/AW/I4to5F/IclJ6osGRAo=' 'sha256-/kFxJaJf602jU2XKQBKmfofYoD4XWTGc8Uv/7qYfMIU=' 'sha256-HiUN6TCPu8+aheowMFjtizAIjMi7zu3M+WeDDRFwrjI=' 'sha256-bTYnzr8Vw3+zMpadrV4dXNm3/dCMpqS9McrTEilHMBM=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-DtkIb3h1BLnQyU9ZEjN/QtJn4zx8ybml29y8EYKIHT8=' 'sha256-MN8yd5lkIpDtH+0pez6E0q1QScbbv97CDaZJETxbYAY=' 'sha256-3t7FE4bQh/M9fJyQhfrXsO+oxPaOKW6aTSl0xajd0w8=' 'sha256-NSbI7jx80QgPWOzuPqP1yNmcVa3hEAlpQq9mml6wlSY=' 'sha256-tNyu9gblzxSsbQUQx+DLRzmOwFCI+vEuvuF89WYPEas=' www.google-analytics.com www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; form-action 'self' crm.zoho.com api.social.juspay.in; object-src 'none'; img-src 'self' crm.zoho.com; frame-src 'self' youtube.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.zohopublic.com/; frame-ancestors 'self'; connect-src 'self' api.social.juspay.in www.google-analytics.com www.googletagmanager.com; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-ZTQxYzllMzYtNThhZS00ZTE4LTgwOTUtYjlmOTc3YTZiYzFj'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
frame-ancestors 'self' file: filesystem: ionic: http://localhost:8080; 1
default-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; img-src 'self' data: *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; font-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; object-src 'self' frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://*.abcmouse.com; 1
default-src 'self' https://www.uva.es https://comunicacion.uva.es https://buendia.uva.es http://buendia.uva.es https://eventos.uva.es https://formulariows.uva.es  https://alojamientos.uva.es  https://albergueweb1.uva.es https://albergueweb.uva.es https://pod-des.uva.es https://pod.uva.es https://apps.stic.uva.es https://youtube.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://region1.google-analytics.com https://calendar.google.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.polyfill.io http://www.youtube.com https://www.youtube.com https://*.clarity.ms https://www.canva.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://www.clarity.ms  https://ajax.googleapis.com https://code.jquery.com https://ssl.google-analytics.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.polyfill.io  https://www.gstatic.com; img-src 'self' http://www.uva.es  https://comunicacion.uva.es https://buendia.uva.es http://buendia.uva.es https://stats.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://use.fontawesome.com https://*.clarity.ms ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com http://fonts.googleapis.com;font-src 'self' https://use.fontawesome.com; 1
default-src https: http: blob: data: javascript: 'unsafe-inline' 'unsafe-eval' 'self'; 1
default-src 'self' https://www-assets.kolide.com; font-src 'self' https://www-assets.kolide.com https://fonts.gstatic.com data:; img-src http://www.googletagmanager.com 'self' https: data:; media-src 'self' https://www-assets.kolide.com https://lp.kolide.co; object-src 'none'; style-src 'self' https: 'unsafe-inline' blob:; base-uri 'self'; frame-ancestors 'self' https://www-assets.kolide.com; script-src https://js.stripe.com https://www.googletagmanager.com/gtag/js https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.usemessages.com https://static.hsappstatic.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.23.0/tocbot.min.js https://cdnjs.cloudflare.com/ajax/libs/mermaid/9.3.0/mermaid.min.js https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://plausible.io https://www.redditstatic.com/ https://www-assets.kolide.com https://app.kolide.com https://k2.kolide.com https://auth.kolide.com https://k2-marketing.herokuapp.com https://www.kolide.com https://gist.github.com https://platform.twitter.com https://www.googletagmanager.com/gtm.js https://js.hsforms.net/forms/embed/v2.js 'nonce-ed3ec06d5796e7e35d760236100a0dd5'; frame-src https://www.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://js.stripe.com https://meetings.hubspot.com https://app.hubspot.com https://www.loom.com https://speakerdeck.com https://platform.twitter.com https://www.youtube.com https://open.spotify.com https://www.googletagmanager.com https://forms.hsforms.com; connect-src https://*.bugsnag.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com/ https://api.hubspot.com/ https://js.hs-banner.com https://plausible.io https://cdn.linkedin.oribi.io https://www-assets.kolide.com k2.kolide.com app.kolide.com auth.kolide.com k2-marketing.herokuapp.com www.kolide.com wss://k2-marketing.herokuapp.com wss://app.kolide.com wss://auth.kolide.com wss://k2.kolide.com wss://www.kolide.com https://forms.hsforms.com 1
default-src 'self' 'report-sample' *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.googleapis.com *.google.com *.tagcommander.com *.cookiebot.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.googleapis.com *.google.com *.tagcommander.com *.cloudflare.com *.consent.cookiebot.com *.analytics.com *.engie.fr *.google-analytics.com *.cookiebot.com siteimproveanalytics.com *.twitter.com *.linkedin.com *.en25.com *.bkrtx.com *.weborama.fr; style-src 'self' 'unsafe-inline' 'report-sample' *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.cookiebot.com *.cloudflare.com *.googleapis.com *.gstatic.com; img-src 'self' 'report-sample' data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.google-analytics.com *.engie.fr *.cookiebot.com *.commander1.com; font-src 'self' 'report-sample' data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.googleapis.com *.gstatic.com; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' media.isc2.org fonts.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com csi.gstatic.com maps.gstatic.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com www.googletagmanager.com www.google.com *.vo.msecnd.net www.google-analytics.com www.googleadservices.com dnn506yrbagrg.cloudfront.net sjs.bizographics.com www.googletagservices.com *.services.visualstudio.com adservice.google.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.ampproject.org www.brighttalk.com *.g.doubleclick.net *.ads.linkedin.com *.liveperson.net *.lpsnmedia.net cdn.snapapp.com scdn.snapapp.com *.snapapp.com use.fontawesome.com quizlet.com tagmanager.google.com static.ads-twitter.com analytics.twitter.com px.spiceworks.com ajax.googleapis.com cdn.jsdelivr.net snap.licdn.com *.safeframe.googlesyndication.com *.quantserve.com rules.quantcount.com connect.facebook.net *.uxtweak.com adservice.google.co.in *.microsoft.com *.bing.com cpe.isc2.org chapters.isc2.org checkout.isc2.org chat-widget.imi.chat *.imi.chat hit.uptrendsdata.com *.zoominfo.com cdn.linkedin.oribi.io *.mountain.com *.go-mpulse.net *.akstat.io *.azureedge.net data: filesystem: *.cloudfront.net *.sitecorecloud.io *.youtube.com cdn.cookielaw.org *.imi.chat *.onetrust.com unpkg.com *.amazonaws.com *.vercel.app *.algolia.net *.algolia.io *.algolianet.com salesforcesitedev.z13.web.core.windows.net *.google-analytics.com *.analytics.google.com analytics.google.com tags.srv.stackadapt.com *.redditstatic.com *.doubleclick.net *.facebook.net *.reddit.com *.facebook.com community.isc2.org 1
object-src https://www.youtube.com http://cdn.streamlike.com http://s.streamlike.com https://alstom.canto.global https://alstom.career-inspiration.com https://cdn.streamlike.com https://channel.royalcast.com https://facebook.com https://fr-fr.facebook.com https://ir.q4europe.com https://m.facebook.com https://maps.google.com https://maps.googleapis.com https://play.google.com https://static.cloudflareinsights.com https://static.pathmotion.io https://twitter.com https://www.facebook.com https://www.google.com https://www.google.fr https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://youtu.be https://www.alstom.com  https://insights.hotjar.com/ https://static.hotjar.com/  https://content.hotjar.io/; connect-src https://www.youtube.com http://cdn.streamlike.com http://s.streamlike.com https://alstom.canto.global https://alstom.career-inspiration.com https://cdn.streamlike.com https://channel.royalcast.com https://facebook.com https://fr-fr.facebook.com https://ir.q4europe.com https://m.facebook.com https://maps.google.com https://maps.googleapis.com https://play.google.com https://static.cloudflareinsights.com https://static.pathmotion.io https://twitter.com https://www.facebook.com https://www.google.com https://www.google.fr https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://youtu.be https://www.alstom.com https://cdn.cookielaw.org/ https://bam.nr-data.net/ https://alstom.piwik.pro/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://content.hotjar.io/ https://vc.hotjar.io/sessions/3821752 wss://ws.hotjar.com/api/v2/client/ws; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.forvo.com 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.online-metrix.net  https://*.parcellab.com  https://analytics.google.com  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://www.google-analytics.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.lidl-shop.nl  https://*.vrxs.de  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://www.edge-cdn.net; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  moz-extension:  https://*.advertising.com  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradetracker.net  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://awin1.com  https://content.odj.cloud  https://contextual.media.net  https://event.yoochoose.net  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://match.sharethrough.com  https://play-lh.googleusercontent.com  https://sync.outbrain.com  https://translate.google.com  https://translate.google.com  https://visitor.omnitagjs.com  https://www.google-analytics.com  https://www.lidl-shop.be; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://*.lidl-shop.nl  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.parcellab.com  https://*.semtrack.de  https://*.tradetracker.net  https://ajax.googleapis.com  https://cdn.ravenjs.com  https://code.etracker.com  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://s.ytimg.com  https://www.dwin1.com  https://www.google-analytics.com  https://www.googleadservices.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.parcellab.com  https://facebook.com  https://forms.office.com  https://lidl-shop.nl; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co  https://lidl-shop.nl; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors 'self' discussion.academyart.edu data.fineartstudioonline.com systems.academyart.edu catalog.academyart.edu 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-Fv2u89JtfltLZnrmR3XX5xObD/kgOsW8ZG3RikJGmhEmgmCf' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
frame-ancestors 'self' https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-8779af8b-eb0b-40a1-b2be-6663ac11d8c0' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src https: data: blob: https://resources.reputation.com http://resources.reputation.com https://reputation.pathfactory.com http://reputation.pathfactory.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.wistia.com https://*.wistia.net https://*.qualified.com wss://*.qualified.com 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://app.reputation.com/ https://app-eu.reputation.com/ http://reputation.lookbookhq.com https://reputation.lookbookhq.com http://reputation.pathfactory.com https://reputation.pathfactory.com http://resources.reputation.com https://resources.reputation.com 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.abtasty.com abtasty.com www.paypalobjects.com www.booxi.eu www.booxi.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com https://www.facebook.com https://idcheck.acs.touchtechpayments.com/v1/payerAuthentication https: https://cs22.salesforce.com/ https://webto.salesforce.com/ https://*/* 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.adyen.com magento-cloudflare.jetrails.com https://www.youtube.com *.google.com/ https://*.freecaster.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://vimeo.com https://s7.addthis.com https: https://*.online-metrix.net https://imgs.signifyd.com *.contentsquare.net abtasty.com *.abtasty.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.ytimg.com cdn.cookielaw.org https://www.magezon.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com https://imgs.signifyd.com https://*.online-metrix.net imgs.cdn-btsg.com *.facebook.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.doubleclick.net https://bat.bing.com *.google.com https://www.google.fr https://www.google.at https://www.google.bs https://maps.gstatic.com https://maps.googleapis.com https://chart.googleapis.com *.gstatic.com https://lh3.googleusercontent.com https://ct.pinterest.com *.teads.tv *.snapchat.com https://*.googletagmanager.com *.contentsquare.net https://analytics.tiktok.com *.abtasty.com abtasty.com a.mktgcdn.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com cdn.cookielaw.org www.datadoghq-browser-agent.com *.google.com/ https://cdnjs.cloudflare.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com imgs.cdn-btsg.com https://cdn-scripts.signifyd.com https://s.pinimg.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://cdn.mxpnl.com data: *.google.com *.googletagmanager.com https://polyfill.io *.google-analytics.com tpc.googlesyndication.com www.gstatic.com https://bat.bing.com https://maps.googleapis.com https://c.la1-c2-ord.salesforceliveagent.com https://www.gstatic.com https://bat.bing.com/bat.js *.facebook.net https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://assets.pinterest.com https://widgets.pinterest.com https://graph.facebook.com https://d.line-scdn.net https://analytics.tiktok.com https://sf16-scmcdn-va.ibytedtos.com *.instana.io *.salesforceliveagent.com https://europe-west1-consent-lab.cloudfunctions.net *.teads.tv sc-static.net https://www.datadoghq-browser-agent.com *.snapchat.com googleads.g.doubleclick.net stats.g.doubleclick.net *.salesforce.com *.salesforce-sites.com cdn.jsdelivr.net https://*.onetrust.com ajax.cloudflare.com https://static.lightning.force.com *.contentsquare.net *.cloudflareinsights.com *.target2sell.com https://tags.pw.adn.cloud *.abtasty.com abtasty.com www.booxi.eu www.booxi.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com data: https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://*.salesforce.com *.salesforce-sites.com *.abtasty.com abtasty.com www.booxi.eu www.booxi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.vimeo.com https://*.akamaized.net blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com *.adyen.com cdn.cookielaw.org geolocation.onetrust.com *.run.app https://static-us.christianlouboutin.com https://us.christianlouboutin.com https://*.christianlouboutin.com *.salesforce-sites.com googleads.g.doubleclick.net imgs.cdn-btsg.com https://us-central1-data-hal-9000.cloudfunctions.net *.algolia.net *.google-analytics.com stats.g.doubleclick.net https://bat.bing.com https://s7.addthis.com https://api-js.mixpanel.com *.facebook.com https://pinterest.com *.google.com https://analytics.tiktok.com *.instana.io https://ct.pinterest.com https://europe-west1-consent-lab.cloudfunctions.net https://rum.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu *.teads.tv *.snapchat.com https://*.googleapis.com https://*.onetrust.com *.paypal.com *.contentsquare.net *.target2sell.com *.cloudflareinsights.com https://*.freecaster.com *.adn.cloud *.abtasty.com abtasty.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'nonce-b2997d71-0171-4d4f-b2b9-8e0d5d4e5464' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri /csp-reports 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.social; img-src 'self' https: data: blob: https://mstdn.social; style-src 'self' https://mstdn.social 'nonce-SyGkMSEtlg7zGH5i/Qro+w=='; media-src 'self' https: data: https://mstdn.social; frame-src 'self' https:; manifest-src 'self' https://mstdn.social; form-action 'self'; child-src 'self' blob: https://mstdn.social; worker-src 'self' blob: https://mstdn.social; connect-src 'self' data: blob: https://mstdn.social https://media.mstdn.social wss://mstdn.social; script-src 'self' https://mstdn.social 'wasm-unsafe-eval' 1
default-src 'self' *.uni-ulm.de www.youtube-nocookie.com *.b-ite.com uni-ulm.zoom.us uni-ulm.router.strigiform.de; style-src 'self' 'unsafe-inline' *.uni-ulm.de *.b-ite.com uni-ulm.router.strigiform.de; script-src 'self' *.uni-ulm.de *.b-ite.com uni-ulm.zoom.us uni-ulm.router.strigiform.de 'unsafe-eval' 'unsafe-inline'; img-src 'self' *.uni-ulm.de *.openstreetmap.org  *.doubleclick.net data: uni-ulm.router.strigiform.de; frame-src 'self' *.uni-ulm.de *.openstreetmap.org *.openstreetmap.fr *.youtube-nocookie.com *.youtube.com *.vimeo.com *.duckduckgo.com m.osmtools.de uni-ulm.router.strigiform.de; object-src 'self' *.uni-ulm.de; 1
default-src self www.google.com www.youtube.com;script-src 'self' 'nonce-UQUkusBEEKxqlcJsc5LJ6g==' www.googletagmanager.com www.gstatic.com ajax.googleapis.com www.google.com cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js;style-src 'self' fonts.googleapis.com 'unsafe-inline' cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css;font-src 'self' fonts.googleapis.com fonts.gstatic.com;img-src 'self' www.googletagmanager.com;media-src 'self';connect-src 'self' firebase.googleapis.com firebaseinstallations.googleapis.com www.google-analytics.com cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js 1
frame-ancestors 'self' https://www2.proz.com https://www.proz.com 1
default-src 'self'; media-src blob: *.streamlock.net; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; object-src *; frame-ancestors 'self'; child-src * 'self' blob: http:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com cdn.jsdelivr.net *.akamaihd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net *.facebook.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1
frame-ancestors https://apps.facebook.com https://student.examus.net; 1
frame-src 'self' ibo.org www.ibo.org www-prod.ibo.org  1
img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.lv favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.lv mc.yandex.ru;script-src 'nonce-/MhDDqDwNHB2TOMLDoo+IQ==' mc.yandex.com yastatic.net yandex.lv mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.lv;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.lv mc.yandex.ru mc.yandex.md mc.yandex.lv *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.lv&showid=1705977179126965-8508286387675257711-balancer-l7leveler-kubr-yp-vla-90-BAL-8900&h=stable-portal-mordago-172.vla.yp-c.yandex.net&yandexuid=8752577111705977179&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.lv yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.lv;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src csoft.net www.csoft.net data: www.paypal.com www.paypalobjects.com www.googletagmanager.com www.google-analytics.com www.youtube.com; style-src csoft.net www.csoft.net 'unsafe-inline'; font-src csoft.net www.csoft.net data:; script-src csoft.net www.csoft.net 'unsafe-inline' blob: www.googletagmanager.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.elev.io *.google.com elev.io google.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com cdn.statuspage.io serve.albacross.com connect.facebook.net static.ads-twitter.com ws.zoominfo.com www.googleadservices.com cdn.segment.com googleads.g.doubleclick.net cdn.heapanalytics.com cdn.amplitude.com j.6sc.co snap.licdn.com *.iubenda.com client.prod.mplat-ppcprotect.com instantfox.co apis.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' rsms.me elev.io fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: cdn.elev.io rsms.me fonts.gstatic.com 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri /api/csp-report 1
default-src wss://comet.rabota.ru *.sbermarketing.ru sbermarketing.ru front-log.rabota.ru *.rabota.space rabota.ru *.rabota.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.mail.ru vk.com *.twitter.com *.odnoklassniki.ru *.rambler.ru *.adfox.ru *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.instagramm.ru *.ucweb.com *.newrelic.com *.nr-data.net *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com 2gis.github.io polyfill.io *.calltouch.ru ws://*.jivosite.com *.jivosite.com *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru *.coub.com *.imgsmail.ru *.dadata.ru *.mediator.media stat.media *.stat.media static.smi2.net smi2.ru *.smi2.ru e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js ad.adriver.ru rezumet.ru yandex.ru id.sber.ru yastatic.net;script-src 'unsafe-inline' 'unsafe-eval' sp.otm-r.com *.sbermarketing.ru sbermarketing.ru *.rabota.space rabota.ru *.rabota.ru yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.twitter.com *.odnoklassniki.ru *.mail.ru *.facebook.net *.instagramm.ru unpkg.com *.livetex.ru *.livetex.me *.google.com *.newrelic.com *.nr-data.net ws://*.jivosite.com *.jivosite.com *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com polyfill.io *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.jsdelivr.net *.ytimg.com static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com cdn.ampproject.org *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js st.top100.ru yastatic.net mc.yandex.ru www.artfut.com tags.soloway.ru/DSPCounter.min.js content.adriver.ru/AdRiverFPS.js ad.adriver.ru *.onef.pro telegram.org/js/telegram-web-app.js *.hybrid.ai rezumet.ru;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.yandex.md yandex.ru *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.jsdelivr.net e-cc01-i.sber247.ru sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners rezumet.ru;img-src * data: blob: mc.yandex.ru;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.jsdelivr.net *.livetex.ru *.livetex.me *.gstatic.com sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js rezumet.ru yastatic.net chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru rezumet.ru;frame-src blob: madte.st madtest.ru *.rabota.space rabota.ru *.rabota.ru oprosso.net creativecdn.com *.creativecdn.com *.facebook.com *.facebook.net *.instagramm.ru yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandex.tld *.yandexadexchange.net vk.com *.twitter.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.ytimg.com *.fls.doubleclick.net static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com w.soundcloud.com *.rambler.ru music.yandex.ru podcasts.apple.com podcasts.google.com *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io app.ex.co infogram.com embed.podcasts.apple.com interacty.me p.interacty.me recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js sber-zvuk.com webvisor.com *.webvisor.com mc.yandex.ru content.adriver.ru rezumet.ru;object-src 'self' blob:;media-src blob: *.rabota.ru rabota.ru *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.vimeocdn.com *.helpdeskeddy.com *.surveymonkey.com rezumet.ru;report-uri https://www.rabota.ru/snitch.txt;base-uri 'none';frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com https://*.webvisor.com https://*.telegram.org; 1
frame-ancestors www.facebook.com 'self' 1
connect-src 'self' https://api.github.com https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io https://content.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com  https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com https://optimize.google.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.ar https://www.google.es https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.facebook.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://www.linkedin.com/px/ https://script.hotjar.com http://script.hotjar.com https://alb.reddit.com https://t.co/i/adsct https://analytics.twitter.com/i/adsct data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com data: 1
frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com js.stripe.com; font-src 'self'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net 1
default-src *; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; img-src * data:; font-src * data: 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.es [fdbd:dc05:ff:ff:ed45:8231:234a:ac42]:9390 www.reebok.co www.google.co.tz [fdbd:dc05:ff:ff:e713:657c:7a34:bfb8]:9265 [fdbd:dc05:ff:ff:f7b8:7f78:49:8e4f]:9468 [fdbd:dc05:ff:ff:e91c:3dd2:a330:373a]:9433 adservice.google.com.tw recarga-daviplata.epayco.co [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9202 tags.bkrtx.com msecure.epayco.co [fdbd:dc05:ff:ff:e8ae:7e43:345a:8b4b]:9278 [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9479 adservice.google.com.bz mcidonaciones.com www.google.ad ssl.google-analytics.com [fdbd:dc05:ff:ff:fd37:60b0:c1b2:7eae]:9217 region1.analytics.google.com www.google.ro www.google.by 1.a79ab95c1589a13f8a4cab612bc71f9f7.com adservice.google.com.na [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9226 [fdbd:dc05:ff:ff:ee9:de75:a8a2:87ff]:9376 [fdbd:dc05:ff:ff:fe0e:7106:3dae:be95]:9235 checkout.placetopay.com [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9362 *.nr-data.net [fdbd:dc05:ff:ff:e514:50f8:3bcc:2716]:9367 adservice.google.com [fdbd:dc05:ff:ff:e514:50f8:3bcc:2716]:9209 [fdbd:dc05:ff:ff:ef97:b252:f11c:1e48]:9389 adservice.google.com.ec www.google.bg www.google.sr wss://webmessaging.mypurecloud.com www.avvillas.com.co fileupload.mypurecloud.com [fdbd:dc05:ff:ff:e37f:859f:6841:2719]:9286 adservice.google.ch [fdbd:dc05:ff:ff:f102:9bb2:2c89:ff5c]:9252 [fdbd:dc05:ff:ff:f343:254:879a:8095]:9382 independientes.miplanilla.com adservice.google.com.sa [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9446 ecommerce.credibanco.com www.pagodigital.co dynatrace.com www.google.com [fdbd:dc05:ff:ff:ef47:c605:2920:dc0]:9328 www.google.hn [fdbd:dc05:ff:ff:ea1e:793a:4c8f:bb05]:9408 [fdbd:dc05:ff:ff:ffff:455:14a:67bb]:9249 *.myshopify.com www.google.co.th rappi.com adservice.google.dk [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9408 adservice.google.com.au adservice.google.ge callback.payulatam.com [fdbd:dc05:ff:ff:e3ec:9b7a:9345:3685]:9377 www.google.com.fj www.enlace-apb.com [fdbd:dc05:ff:ff:f9c1:b387:3071:4a5d]:9361 www.google.ae www.google.iq incomedomain.sistecredito.com [fdbd:dc05:ff:ff:f0bd:3269:a9f4:8c8f]:9500 adservice.google.pt [fdbd:dc05:ff:ff:e244:c51b:f3f0:d342]:9492 [fdbd:dc05:ff:ff:e713:657c:7a34:bfb8]:9212 [fdbd:dc05:ff:ff:f947:9e88:9f15:ca33]:9342 [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9208 [fdbd:dc05:ff:ff:f1b5:d411:acbb:9c5a]:9315 www.google.com.sg www.google.com.eg adservice.google.com.py [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9266 secure.epayco.co adservice.google.co.id [fdbd:dc05:ff:ff:ed3d:ef74:10b8:c061]:9236 adservice.google.com.ph [fdbd:dc05:ff:ff:f8ad:37b2:d18f:12e4]:9357 www.google.cl www.google.co.uk [fdbd:dc05:ff:ff:e550:3edf:df13:4fd]:9238 mi.tigo.com.co adservice.google.fr [fdbd:dc05:ff:ff:fa01:e80b:a3d5:4c5]:9391 [fdbd:dc05:ff:ff:e727:776:74b1:d606]:9234 www.google.bj adservice.google.co.nz [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9339 [fdbd:dc05:ff:ff:fa93:ee5:442f:b357]:9387 adservice.google.vg [fdbd:dc05:ff:ff:e9eb:95f2:c4d7:cd57]:9300 www.ciuvo.com secure.safecharge.com [fdbd:dc05:ff:ff:f093:2413:ba53:69c]:9216 adservice.google.co.za pouch-global-font-assets.s3.eu-central-1.amazonaws.com secure.placetopay.com adservice.google.com.hk [fdbd:dc05:ff:ff:e256:c463:d9e1:485]:9345 [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9426 zswpmanager.wip.mmc.com [fdbd:dc05:ff:ff:f311:a22:b7ea:5f90]:9347 [fdbd:dc05:ff:ff:ed3b:b367:937a:201f]:9211 www.google.com.kh www.google.com.ec accounts.google.com api.solarspireconsulting.com bf52864zaf.bf.dynatrace.com [fdbd:dc05:ff:ff:f01b:c65d:a450:9a54]:9416 www.google.com.vn [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9260 adservice.google.ps [fdbd:dc05:ff:ff:efac:a555:370d:ff7d]:9237 [fdbd:dc05:ff:ff:f47:4ea7:91e1:4f84]:9448 adservice.google.com.gh [fdbd:dc05:ff:ff:ef24:eaee:9ac2:2d14]:9246 adservice.google.bs www39.todo1.com [fdbd:dc05:ff:ff:f257:a0b0:7127:f09a]:9414 [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9231 adservice.google.com.uy portalpagosapp.claro.com.co [fdbd:dc05:ff:ff:f25c:a29b:155:1ab6]:9277 [fdbd:dc05:ff:ff:fe63:c621:b2dc:c9e2]:9215 [fdbd:dc05:ff:ff:f89:4483:997f:514d]:9402 adservice.google.com.kw [fdbd:dc05:ff:ff:e38f:5e8b:fa18:4690]:9388 adservice.google.nl [fdbd:dc05:ff:ff:ed3b:b367:937a:201f]:9239 [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9228 www.google.com.af www.google.com.ag [fdbd:dc05:ff:ff:facb:69c4:f2e1:d125]:9450 adservice.google.com.pe api.openpay.co translate.google.com www.edificiosdavivienda.com [fdbd:dc05:ff:ff:e421:69b7:4768:702a]:9496 [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9290 [fdbd:dc05:ff:ff:e887:7f2:4f99:d7e7]:9493 trendlavida.com [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9200 www.google.ee [fdbd:dc05:ff:ff:fc8f:ba39:2eaa:60b0]:9295 adservice.google.lu api.highdataanalytics.com picoyplacasolidario.movilidadbogota.gov.co [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9282 *.googleapis.com [fdbd:dc05:ff:ff:e56c:14f9:3d27:657f]:9428 [fdbd:dc05:ff:ff:fe2e:722b:c353:7f14]:9487 [fdbd:dc05:ff:ff:e807:2350:d625:b06b]:9201 [fdbd:dc05:ff:ff:fe63:c621:b2dc:c9e2]:9321 www.google.com.co prod.claro-wallet.tpaga.co [fdbd:dc05:ff:ff:e3fe:b1bd:720d:d369]:9289 www.colsubsidio.com i.ytimg.com www.google.co.uz www.google.com.sv adservice.google.cv www.google.cn wss://directline.botframework.com account.yajuego.co [fdbd:dc05:ff:ff:f99:c278:5f84:abf7]:9433 [fdbd:dc05:ff:ff:e37c:aee1:ff1b:5dee]:9279 as-bot-empresas-pro.azurewebsites.net www.google.is [fdbd:dc05:ff:ff:e6b8:445a:2242:c56b]:9414 [fdbd:dc05:ff:ff:ea1c:5688:93a9:41fd]:9444 [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9270 adservice.google.ae www.google.pl [fdbd:dc05:ff:ff:ec30:42c9:38d6:49c2]:9358 www.google.az [fdbd:dc05:ff:ff:fd13:a875:8e04:54ff]:9220 www.google.com.sa www.google.com.au static.zohocdn.com www.intercom.com.co www13.epm.com.co adservice.google.hn [fdbd:dc05:ff:ff:ef43:2ff2:42f4:3ded]:9396 www.google.co.za [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9393 www.google.com.pg recarga.nequi.com.co adservice.google.com.ar [fdbd:dc05:ff:ff:ecf5:c2db:4101:a9ef]:9485 adservice.google.co.uk s3.amazonaws.com etb.com [fdbd:dc05:ff:ff:eefc:155f:6116:751b]:9279 [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9297 www.google.com.bh apm.safecharge.com ponos.zeronaught.com portalpagos.facture.co as-bot-empresassite-pro.azurewebsites.net adservice.google.iq [fdbd:dc05:ff:ff:e6bd:3789:fa79:2157]:9436 trii.ws [fdbd:dc05:ff:ff:e550:3edf:df13:4fd]:9488 adservice.google.cl [fdbd:dc05:ff:ff:e967:848c:1998:1e60]:9462 [fdbd:dc05:ff:ff:eed5:166a:456a:1b7a]:9472 www.google.com.py www.google.it www.google.se www.google.com.do [fdbd:dc05:ff:ff:eedc:33b5:1b53:7296]:9380 [fdbd:dc05:ff:ff:eefe:478b:2013:6cad]:9313 www.google.fi [fdbd:dc05:ff:ff:fd9b:8b77:b11e:c252]:9347 [fdbd:dc05:ff:ff:eadf:f227:8d5b:a779]:9493 www.google.com.na [fdbd:dc05:ff:ff:e9bb:f12c:7058:720a]:9402 adservice.google.ad adservice.google.ro [fdbd:dc05:ff:ff:f896:9869:914b:1633]:9415 [fdbd:dc05:ff:ff:ee8:d360:1386:5b60]:9476 adservice.google.es www.mipagoamigo.com [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9272 api.ciuvo.com www.google.com.tw www.oracle.com www.segurosbolivar.com [fdbd:dc05:ff:ff:fed8:d8a4:f84f:9359]:9485 eco.credibanco.com [fdbd:dc05:ff:ff:f218:3692:fc1d:e946]:9230 secure-checkout.payvalida.com [fdbd:dc05:ff:ff:f808:adcf:55bf:d0c1]:9500 [fdbd:dc05:ff:ff:e7d4:c752:2e96:70ef]:9259 [fdbd:dc05:ff:ff:e61d:5099:5ba8:60b8]:9220 www.google.hr [fdbd:dc05:ff:ff:efd5:3e2f:ea05:2990]:9469 [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9309 api.socialsolutionapp.com api.solaranalyticscorp.com www.aportesenlinea.com [fdbd:dc05:ff:ff:ee9:de75:a8a2:87ff]:9333 [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9207 [fdbd:dc05:ff:ff:e70e:911d:e697:9619]:9311 aplicaciones.icetex.gov.co www.google.com.et psedian.pse.com.co *.gstatic.com youtube.com stags.bluekai.com idata.easysol.net [fdbd:dc05:ff:ff:fd9a:cfc1:1488:8ddc]:9207 portalpagosempresa.claro.com.co www.e-collect.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9399 [fdbd:dc05:ff:ff:fad9:b9a7:ae0e:1fcc]:9446 www.google.co.cr [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9341 independientes2.miplanilla.com www.google.com.bz [fdbd:dc05:ff:ff:eed4:d6ec:48f0:9e7b]:9228 www.google.com.ly [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9367 *.davivienda.com [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9286 www.davivienda.cr serviciosweb.shd.gov.co [fdbd:dc05:ff:ff:ee5a:851c:bc23:471]:9355 [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9486 www.google.com.pe [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9246 api.global-data-lab.com *.facebook.com [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9207 [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9444 checkout.goupagos.com.co *.js-agent.newrelic.com www.despegar.com [fdbd:dc05:ff:ff:ecbb:7535:18f:a3c6]:9200 *.dvvapps.io [fdbd:dc05:ff:ff:f15f:9c2d:8a80:2e6e]:9431 region1.google-analytics.com adservice.google.bg api.payulatam.com adservice.google.sr [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9351 [fdbd:dc05:ff:ff:e8cd:b864:c72d:438]:9391 [fdbd:dc05:ff:ff:f61a:9771:d084:d603]:9355 [fdbd:dc05:ff:ff:fb64:f7f5:11d5:e26f]:9470 [fdbd:dc05:ff:ff:fce8:334:2226:f2c6]:9305 www.google.ie api.freevideoguard.org [fdbd:dc05:ff:ff:ee78:dae3:4810:1347]:9346 [fdbd:dc05:ff:ff:e50e:66c8:5058:c113]:9242 [fdbd:dc05:ff:ff:e8fe:af87:4342:ef7e]:9249 google.com transac.segurosbolivar.com www.miplanilla.com *.googleusercontent.com [fdbd:dc05:ff:ff:fdd8:d182:a3d3:3706]:9446 adservice.google.at [fdbd:dc05:ff:ff:e2e0:e206:8d76:e5e8]:9218 [fdbd:dc05:ff:ff:e3d4:67d6:c2d6:381f]:9380 api.kushkipagos.com banco-co-gateway-pagos.fif.tech www.google.ru [fdbd:dc05:ff:ff:eadf:f227:8d5b:a779]:9467 colvdox7cg.execute-api.us-east-1.amazonaws.com adservice.google.gy adservice.google.com.pr [fdbd:dc05:ff:ff:eb3f:d4e6:b807:1d4]:9462 www.googletagmanager.com [fdbd:dc05:ff:ff:ee70:8411:f0f1:9768]:9464 www.pagosvirtualesavvillas.com.co [fdbd:dc05:ff:ff:e7b9:751c:61f1:551f]:9327 [fdbd:dc05:ff:ff:f176:577f:83e9:1646]:9263 adservice.google.com.br www.abcpagos.com adservice.google.com.jm [fdbd:dc05:ff:ff:e945:c234:1186:8855]:9327 adservice.google.co.th www.google.com.hk [fdbd:dc05:ff:ff:f410:d915:d7e:c8a5]:9239 www.google.ht www.google.si [fdbd:dc05:ff:ff:f311:a22:b7ea:5f90]:9395 [fdbd:dc05:ff:ff:fd37:60b0:c1b2:7eae]:9200 [fdbd:dc05:ff:ff:ecc8:dd18:f77e:b56a]:9310 www.google.md *.cloudfront.net www.ktronix.com www.google.co.id adservice.google.be www.google.de www.youtube-nocookie.com [fdbd:dc05:ff:ff:fd9a:cfc1:1488:8ddc]:9461 www.google.com.kw adservice.google.cz mediosdepago.transfiriendo.com www.google.com.mm [fdbd:dc05:ff:ff:ee13:c7b8:aa6c:1b1e]:9350 www.psepagos.co [fdbd:dc05:ff:ff:fe0e:7106:3dae:be95]:9408 [fdbd:dc05:ff:ff:e948:544:34cb:9d26]:9392 www.google.ca adservice.google.tt www.google.co.ma [fdbd:dc05:ff:ff:f46c:3420:3b03:50de]:9340 [fdbd:dc05:ff:ff:e5f9:dae0:3a94:2626]:9416 adservice.google.no queue.eticket.com.co *.mypureclouod.com adservice.google.com.gt www.google.com.uy [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9370 adservice.google.co.in [fdbd:dc05:ff:ff:fc99:90ef:f75:30cc]:9284 [fdbd:dc05:ff:ff:fbc9:8db8:3847:33b9]:9323 [fdbd:dc05:ff:ff:ed66:9fe3:1632:b267]:9296 [fdbd:dc05:ff:ff:f49c:56af:b16b:f92d]:9459 s1585023691.t.eloqua.com adservice.google.hr booking.avianca.com [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9205 [fdbd:dc05:ff:ff:e61d:5099:5ba8:60b8]:9344 [fdbd:dc05:ff:ff:f48:1210:bfdf:86e1]:9414 www.google.tn [fdbd:dc05:ff:ff:ec5a:7a:796f:be8d]:9478 [fdbd:dc05:ff:ff:ea30:b3ca:f93e:e759]:9268 adservice.google.com.ua [fdbd:dc05:ff:ff:f553:4681:7e5c:8a6a]:9261 [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9251 [fdbd:dc05:ff:ff:f068:ab68:e4ae:504b]:9338 *.google.com pagos.eaab.gov.co www.mercadopago.com [fdbd:dc05:ff:ff:fcb:9a38:4eb2:2fec]:9473 *.eloqua.com [fdbd:dc05:ff:ff:e886:be65:7455:8ec]:9319 [fdbd:dc05:ff:ff:feef:5333:f563:9fb1]:9253 registro.pse.com.co [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9405 [fdbd:dc05:ff:ff:ea77:eb18:a52e:981a]:9318 [fdbd:dc05:ff:ff:f95b:64b5:5716:97d]:9484 *.dynatrace.com davivienda.com www.google.la transacciones.bancofinandina.com tl.ytlogs.ru [fdbd:dc05:ff:ff:ff41:ca84:5f1f:9893]:9419 [fdbd:dc05:ff:ff:f410:8934:f3df:db6d]:9211 cdnmi.global-cache.online www.google.hu [fdbd:dc05:ff:ff:f2d:91e3:72ca:6c68]:9354 www.google.al *.botframework.com [fdbd:dc05:ff:ff:e26:466a:fb4e:3420]:9287 colombia.recaudoexpress.com oppvm9uoxg.execute-api.us-east-1.amazonaws.com [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9485 lsrelay-config-production.s3.amazonaws.com www.google.co.mz adservice.google.com.mx payonline-web.sistecredito.com www.google.mv www.beneficiosdavivienda.com www.google.com.tr [fdbd:dc05:ff:ff:fdda:26f0:9b32:6899]:9302 www.google.cd [fdbd:dc05:ff:ff:f414:a673:3e2f:6cd0]:9243 [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9418 www.google.lt api.mypurecloud.com *.googlesyndication.com www.google.com.bd adservice.google.pl [fdbd:dc05:ff:ff:e9b8:accc:bea3:1064]:9430 www.google.com.cy production.wompi.co www.google.sk www.google.co.kr www.davivienda.com.co secure.payco.co [fdbd:dc05:ff:ff:f582:44f5:1f55:e366]:9212 [fdbd:dc05:ff:ff:fc86:42f1:dfab:2265]:9442 [fdbd:dc05:ff:ff:e2e4:15c6:6e28:3f40]:9241 [fdbd:dc05:ff:ff:f03f:27ec:1335:abf2]:9468 ecommerce.pagosinteligentes.com adservice.google.fi www.google-analytics.com [fdbd:dc05:ff:ff:f747:302:c81:cdb2]:9248 adservice.google.com.ni api.vkanalytics.net adservice.google.co.jp www.google.ga api.ipify.org cs.hae123.cn [fdbd:dc05:ff:ff:effe:3cd2:db57:2848]:9374 www.google.gr [fdbd:dc05:ff:ff:e82b:18f:7d34:9138]:9395 [fdbd:dc05:ff:ff:eaff:3c93:711e:279a]:9387 [fdbd:dc05:ff:ff:eefc:155f:6116:751b]:9269 www.google.am www.google.com.ar www.banco.colpatria.com.co qncdn.aoscdn.com www.google.mw [fdbd:dc05:ff:ff:eb3f:d4e6:b807:1d4]:9235 www.google.co.ao www.movilexito.com [fdbd:dc05:ff:ff:fb6d:6df7:c397:d163]:9290 [fdbd:dc05:ff:ff:ea24:22bd:62dc:9dde]:9200 [fdbd:dc05:ff:ff:f3cf:394b:81cb:add5]:9279 [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9344 [fdbd:dc05:ff:ff:fef3:5ddf:ad8c:14b0]:9475 [fdbd:dc05:ff:ff:fbd4:df8e:c4a9:aa6e]:9270 [fdbd:dc05:ff:ff:fe0b:4d69:a97f:ddb5]:9316 www.google.com.pr [fdbd:dc05:ff:ff:f792:cb4b:9497:522]:9464 [fdbd:dc05:ff:ff:e72:654b:e13:e2f9]:9408 landing.datawifi.co [fdbd:dc05:ff:ff:f6ae:7ef2:ebba:8c69]:9454 www.google.com.jm tramites.cancilleria.gov.co api-cdn.mypurecloud.com [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9355 [fdbd:dc05:ff:ff:fec8:b89:bef:b4c6]:9346 [fdbd:dc05:ff:ff:ed65:bd0b:a7af:44ab]:9203 [fdbd:dc05:ff:ff:eb2:729d:5ba0:8c3e]:9267 [fdbd:dc05:ff:ff:e807:2350:d625:b06b]:9249 www.google.com.br www.google.lu www.google.com.mx [fdbd:dc05:ff:ff:ecac:ffee:2509:4d06]:9496 adservice.google.it www.google.dz [fdbd:dc05:ff:ff:ffdf:83bb:c4dc:a8fe]:9447 adservice.google.com.bo [fdbd:dc05:ff:ff:f5b0:ddc6:ee05:51ad]:9261 adservice.google.se [fdbd:dc05:ff:ff:eda3:c8c1:87c7:a766]:9470 [fdbd:dc05:ff:ff:ebfd:74f1:834a:6696]:9437 [fdbd:dc05:ff:ff:fb96:a372:d850:1a8f]:9289 clientes.flypass.com.co www.google.com.my analytics.google.com adservice.google.is www.google.com.gt [fdbd:dc05:ff:ff:ea1c:5688:93a9:41fd]:9362 www.google.cv zscaler-blockpage.endress.com [fdbd:dc05:ff:ff:f5dc:55b3:1940:2450]:9466 [fdbd:dc05:ff:ff:e91c:3dd2:a330:373a]:9394 www.google.mg [fdbd:dc05:ff:ff:f189:9354:bf30:15c6]:9393 tags.bluekai.com partners.safetypay.com [fdbd:dc05:ff:ff:f006:97e0:a0d4:4c2e]:9238 link.globalpay.com.co [fdbd:dc05:ff:ff:ea4d:adb5:bb0f:6084]:9453 [fdbd:dc05:ff:ff:fbd4:df8e:c4a9:aa6e]:9247 www.google.com.pa www.google.co.ve [fdbd:dc05:ff:ff:e5d3:cb00:af4a:f25f]:9408 www.bancodeoccidente.com.co [fdbd:dc05:ff:ff:f167:4369:e1fc:a0d]:9441 secure-short.payv.co [fdbd:dc05:ff:ff:e9e0:846:5003:bf6e]:9400 empresas.miplanilla.com [fdbd:dc05:ff:ff:e9eb:95f2:c4d7:cd57]:9289 cos469m71m.execute-api.us-east-1.amazonaws.com [fdbd:dc05:ff:ff:f54b:122:2c3f:f8bc]:9396 www.google.vg www.google.nl [fdbd:dc05:ff:ff:e45f:8a22:4186:8d9e]:9465 ipn.depositcheckout.com 7896543.s3.amazonaws.com rialto-gms.s3.amazonaws.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9500 [fdbd:dc05:ff:ff:f6ae:7ef2:ebba:8c69]:9490 www.google.cf adservice.google.com.mt [fdbd:dc05:ff:ff:fb15:fc96:f921:2018]:9354 [fdbd:dc05:ff:ff:ea77:eb18:a52e:981a]:9392 www.google.lv www.nu.com.co as-bot-locationapi-lab.azurewebsites.net [fdbd:dc05:ff:ff:fc75:e423:4b99:4e59]:9294 [fdbd:dc05:ff:ff:ef47:a463:e130:7ab6]:9287 www.google.co.nz [fdbd:dc05:ff:ff:e8f6:35c3:deff:8f92]:9216 www.google.bs apps.mypurecloud.com www.google.ps independientes.aportesenlinea.com adservice.google.com.ng cdn.honey.io *.webmessaging.mypurecloud.com static3.avast.com [fdbd:dc05:ff:ff:fb6d:6df7:c397:d163]:9311 adservice.google.lt maps.gstatic.com www.google.dk adservice.google.co.ao bcdn-god.we-stats.com www.despegar.com.co www.google.fr api.amcreativemedia.com [fdbd:dc05:ff:ff:ee5a:851c:bc23:471]:9227 gateway1.ecollect.co [fdbd:dc05:ff:ff:ec6f:6073:c319:de42]:9231 leonisa.co adservice.google.com.eg *.*.mypurecloud.com www.google.sn [fdbd:dc05:ff:ff:f61a:9771:d084:d603]:9399 [fdbd:dc05:ff:ff:ed76:c9ea:31b8:8112]:9240 *.googleadservices.com [fdbd:dc05:ff:ff:e38e:7873:cf1f:e2cf]:9492 www.google.com.ni *.windows.net [fdbd:dc05:ff:ff:ea4e:e6ef:cce1:5754]:9435 cobrowse.mypurecloud.com despegar.com.co [fdbd:dc05:ff:ff:f962:94f2:8f88:9953]:9442 [fdbd:dc05:ff:ff:e33d:586f:b744:fc32]:9485 [fdbd:dc05:ff:ff:fa9a:e16b:420e:e9b7]:9462 www.google.jo adservice.google.sk adservice.google.com.sg [fdbd:dc05:ff:ff:ef47:c605:2920:dc0]:9215 [fdbd:dc05:ff:ff:f47:4ea7:91e1:4f84]:9204 [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9264 www.google.pt [fdbd:dc05:ff:ff:f25c:a29b:155:1ab6]:9479 [fdbd:dc05:ff:ff:e97e:182c:c5:de1f]:9457 www.google.com.ua betplay.com.co [fdbd:dc05:ff:ff:f006:97e0:a0d4:4c2e]:9234 www.gstatic.com [fdbd:dc05:ff:ff:ee93:7b07:93c7:7924]:9461 [fdbd:dc05:ff:ff:f719:78b2:b35f:e4aa]:9288 www.google.co.ug [fdbd:dc05:ff:ff:e7f4:2d7f:4b04:e056]:9240 [fdbd:dc05:ff:ff:e75c:968f:4e96:fc5f]:9346 www.google.com.lb [fdbd:dc05:ff:ff:ff07:64a2:97c:ae14]:9254 www.google.ch adservice.google.co.ve adservice.google.tn www.google.co.ke gateway2.tucompra.com.co adservice.google.gr [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9420 www.google.com.om *.doubleclick.net [fdbd:dc05:ff:ff:ec3f:3e9a:922:4158]:9357 [fdbd:dc05:ff:ff:ed6c:7973:6ec1:92f9]:9249 www.google.co.in [fdbd:dc05:ff:ff:ef24:eaee:9ac2:2d14]:9373 www.google.ge adservice.google.hu [fdbd:dc05:ff:ff:f0c7:20e9:4e2d:6118]:9228 [fdbd:dc05:ff:ff:eb9e:3f3a:b5b5:1194]:9211 transaction-redirect.wompi.co [fdbd:dc05:ff:ff:f9c6:ce1:7beb:ebd4]:9236 [fdbd:dc05:ff:ff:e466:1dd8:568e:20bc]:9497 [fdbd:dc05:ff:ff:f1ec:c470:54ea:fa2b]:9449 www.google.com.cu attestation.android.com [fdbd:dc05:ff:ff:f4fe:393d:c2ae:458a]:9230 www.zonapagos.com nuevaversion.bbvanet.com.co [fdbd:dc05:ff:ff:eefe:478b:2013:6cad]:9330 www.google.com.mt [fdbd:dc05:ff:ff:e7f4:2d7f:4b04:e056]:9229 [fdbd:dc05:ff:ff:f423:ec6d:c8a4:e20e]:9211 transacciones.tigo.com.co checkout.payulatam.com js-agent.newrelic.com *.bam.nr-data.net prod.daviviendaapp.com csi.gstatic.com [fdbd:dc05:ff:ff:f181:1f6d:a6b3:a847]:9493 [fdbd:dc05:ff:ff:f906:6873:314f:7424]:9351 googletagmanager.com [fdbd:dc05:ff:ff:ee27:1fad:1494:3b45]:9244 api.datacloudstat.com servicio.nuevosoi.com.co adservice.google.al [fdbd:dc05:ff:ff:f792:cb4b:9497:522]:9468 [fdbd:dc05:ff:ff:f6a7:c648:9d4e:1df8]:9273 adservice.google.co.zw [fdbd:dc05:ff:ff:e256:c463:d9e1:485]:9303 adservice.google.co.il [fdbd:dc05:ff:ff:f492:a9cf:cd64:4fa5]:9261 [fdbd:dc05:ff:ff:e9b2:5ae2:fe0b:713b]:9495 www.alkosto.com cdn.jsdelivr.net adservice.google.com.ag www.google.no www.google.com.ng www.hawkersco.com fonts.gstatic.com img03.en25.com www.google.ci www.google.tt www.googletagservices.com adservice.google.com.sv adservice.google.com.co www.google.mk webcheckout.payty.com [fdbd:dc05:ff:ff:f74c:491:d5b0:30c5]:9234 [fdbd:dc05:ff:ff:f0ab:6e89:26e3:b34a]:9358 adservice.google.de *.apps.mypurecloud.com ssl.gstatic.com www.google.be [fdbd:dc05:ff:ff:f88c:6120:46d3:68b1]:9276 [fdbd:dc05:ff:ff:f0d9:8d46:e05b:67f4]:9380 as-statistics-empresas-pro.azurewebsites.net www.google.cz [fdbd:dc05:ff:ff:fad8:7b5b:8efb:cd9f]:9256 maxcdn.bootstrapcdn.com [fdbd:dc05:ff:ff:ed66:9fe3:1632:b267]:9274 [fdbd:dc05:ff:ff:e397:f72c:d3f6:c46a]:9444 www.google.com.bo www.google.co.jp adservice.google.com.kh [fdbd:dc05:ff:ff:f8ad:37b2:d18f:12e4]:9216 *.despegar.com.co [fdbd:dc05:ff:ff:e887:7f2:4f99:d7e7]:9451 adservice.google.co.kr [fdbd:dc05:ff:ff:fcb6:3fab:7f1e:b884]:9384 adservice.google.com.af www.google.gy www.google.com.qa www.google.co.vi api.mkmediaworks.com www.pasarelapagosaval.com dvvapps.io directline.botframework.com adservice.google.ru [fdbd:dc05:ff:ff:eea:4168:5afd:5247]:9411 www.youtube.com *.mypurecloud.com [fdbd:dc05:ff:ff:fb9a:eb80:32d4:628f]:9486 www.rushbet.co www.google.co.zw www.google.com.vc [fdbd:dc05:ff:ff:fcb7:5350:af3c:1756]:9338 www.google.co.il www.google.at *.facebook.net [fdbd:dc05:ff:ff:f167:4369:e1fc:a0d]:9318 [fdbd:dc05:ff:ff:e23b:9735:58ef:2008]:9464 [fdbd:dc05:ff:ff:f9e2:a028:4b09:7ac2]:9341 1.b406929acabac9b095f124c81bdfcf57f.com adservice.google.ie [fdbd:dc05:ff:ff:f618:2501:6c:6d3]:9429 directv.paymentez.com www.pagos.alkomprar.com [fdbd:dc05:ff:ff:e6c1:77bd:1c0:da40]:9468 1.c81358859121583b7adf2ace89cb39f44.com [fdbd:dc05:ff:ff:ff3a:1296:8d03:d060]:9487 [fdbd:dc05:ff:ff:fd53:1637:2257:ab3e]:9428 [fdbd:dc05:ff:ff:f346:3b16:677f:cbec]:9376 [fdbd:dc05:ff:ff:ea4e:e6ef:cce1:5754]:9366 portalpagos.claro.com.co [fdbd:dc05:ff:ff:f27d:9f23:a4db:2c7]:9421 www.google.bf; frame-ancestors 'self' prod.uhrs.playmsn.com ;  1
default-src 'self' *; child-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; img-src 'self' * data: blob:; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * blob: data:; media-src 'self' * blob: data:; object-src 'self' *; 1
frame-ancestors 'self' https://piwik.kas.de; 1
default-src 'self';script-src 'nonce-XmhMsklIU11HDMOgF9PVeiMT' 'unsafe-eval' https://*.uwe.ac.uk https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://p.typekit.net https://embed.geckochat.io https://app.geckoform.com/gecko-embed/ https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://secure.adnxs.com https://polyfill.io/v3/polyfill.min.js 'sha256-AyRymE6ak+bH4ydAv1wJ89tx4wn8Ao6HwJLatEOus/M=' 'sha256-5lkPWtLCuQSKvgWb45HvtF3RMeYc5VpmwZzckz0K+70=' 'sha256-QvHOyumupilC6mKZMGO4JKBzGqUIezSLhrDQNLSeloI=' 'sha256-HXuPksdYgGVCWZW3Jout9JiRgQBVSTD2/0Tc5tYsfHc=' 'sha256-kvefD2Ndo4YusfwOjROflpjVzIMIpDnWkdcMll5uUgI=' 'sha256-Mb8Lae27VyQCOHsbMM01FwrEYv01xizfOz9YGchzWdU=' 'sha256-c8LNyKH3sxXn9/PcDglhseuT1BbBbIFSxK9e/lkVWqg=' 'sha256-P47zixDuDT29rO2YUp8jpK1fcTn6D/lB3t8fgBTOWQs=' 'sha256-sWwQJUNFSIOP2Z0Se9xDwz9zpeGtsE83nszd5wR6aj8=' 'sha256-DkIOMaD1ZGEvLMmW4Y1l7OqThW5jJr+NsIKFcm8lEj8=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-uRH3jzuA9wJNU8vEQ5Aj7OUe8UhkhInN1eyVD9Rq908=' 'sha256-WJon2J1Mv+aiR4/Ba6MhlQdPNZV3p2Qh4xbGfT1689k=' 'sha256-7mZR/eN14thXNRMQHdqJJquS20kQK0U16M3n17zi5cw=' 'sha256-xFL98wcvbygdKirXjIsY/ZTeOPtMeCUeiZiBeEbqtmc=' 'sha256-FfOg/Cbtl2AhRHgTnrdr2VSrg8VRrA+uFGR0PiZ22g8=' 'sha256-QI5Ymi8pBFYynihr8ZWGY9ZTgA/MgsYJy1K1Ae8k3QM=' 'sha256-CeAfkducFFPvg2UUyFJRCYc6syO+QQtwNRyYF4KV+jg=' 'sha256-u/AY/C4PWm42sRu9ZoU0Gj+rq1EAWQbObqIS8QpIU9I=' https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://track.adform.net/Serving/TrackPoint/ 'sha256-BBCw1wA4nDP4J26dnLNGcLyxnbQOPxEsnv2kybjdRcQ=' https://*.doubleclick.net https://*.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.googlesyndication.com https://www.googletagservices.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://sc-static.net/scevent.min.js https://tags.srv.stackadapt.com/events.js https://secure-ds.serving-sys.com https://bs.serving-sys.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://static-ssl.responsetap.com/static/scripts/rTapTrack.min.js 'sha256-xHJMT+ZUJXwtKHkz7LtBdCyxWtgh/tUzdxkDBf5s7/k=' https://metrics.responsetap.com/track/ https://analytics.twitter.com https://platform.twitter.com/widgets.js https://cdn.syndication.twimg.com https://platform.twitter.com/js/ https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com/s/player/f82a8c37/player_ias.vflset/en_US/remote.js https://www.youtube.com/s/player/77da52cd/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://lptag.liveperson.net/tag/ https://lptag.liveperson.net/lptag/api/account/38851187/configuration/applications/taglets/ https://accdn.lpsnmedia.net/api/account/38851187/ https://lo.v.liveperson.net/api/js/ https://lpcdn.lpsnmedia.net https://region-eu.libanswers.com https://uwelibrary.libanswers.com https://cdn.unibuddy.co/unibuddy-iframe.js https://cdn.unibuddy.app/unibuddy-iframe.js https://uwelibrary.libanswers.com/1.0/widgets/7390 https://uwelibrary.libanswers.com/js2.37.7/LibAnswers_widget.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static-assets-eu.libanswers.com https://library-apps.uwe.ac.uk https://tfaforms.com/js/iframe_resize_helper.js https://sitecoretest.uwe.ac.uk https://v4in1-si.click4assistance.co.uk https://script.hotjar.com https://sc-static.net 'sha256-z2gF2DcUe1wVcFEiD2h9XEfd26jRbdE2yzKT/4yKAVU=' https://uniquest-uwe.my.site.com https://service.force.com/embeddedservice/5.0/utils/common.min.js https://service.force.com/embeddedservice/5.0/utils/inert.min.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceMenu.jsonp https://service.force.com/embeddedservice/menu/1630076500/channelMenu.min.js https://service.force.com/embeddedservice/5.0/esw.min.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://uniquest-uwe.my.salesforce.com/lightning/lightning.out.js https://uniquest-uwe.my.salesforce.com/lightning/lightning.out.delegate.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceMenu.jsonp https://service.force.com/embeddedservice/menu/1678932281/channelMenu.min.js https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;object-src 'none';style-src 'unsafe-inline' https://*.uwe.ac.uk https://p.typekit.net https://use.typekit.net https://embed.geckochat.io/main.css https://fonts.geckoform.com/metropolis.css https://tagmanager.google.com https://fonts.googleapis.com https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://uwelibrary.libanswers.com/css2.37.7/LibAnswers_widget.min.css https://uwelibrary.libanswers.com/css2.39.0/LibAnswers_widget.min.css https://uwelibrary.libanswers.com https://static-assets-eu.libanswers.com https://service.force.com/embeddedservice/menu/1630076500/channelMenu.min.css https://service.force.com/embeddedservice/5.0/esw.min.css https://tags.srv.stackadapt.com https://service.force.com/embeddedservice/menu/1678932281/channelMenu.min.css https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;img-src * data: https://p.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://secure.adnxs.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://www.google.com;media-src https://audio.geckochat.io https://lpcdn.lpsnmedia.net;frame-src https://*.uwe.ac.uk https://w.soundcloud.com https://www.facebook.com https://app.geckoform.com https://*.doubleclick.net https://*.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://unibuddy.co/embed/uwe-bristol https://unibuddy.co https://unibuddy.app https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://uwe.cloud.panopto.eu https://e.issuu.com https://keyreporter.uwe.ac.uk https://platform.twitter.com https://syndication.twitter.com https://region-eu.libanswers.com http://www.robobraille.org https://uwelibrary.libanswers.com https://*.tfaforms.net/ https://www.tfaforms.com https://tfaforms.com https://v4in1-si.click4assistance.co.uk https://v4in1-ti.click4assistance.co.uk https://www.revolutionviewing.co.uk https://vars.hotjar.com https://www.google.com https://open.spotify.com https://forms.microsoft.com https://d.la1-c2-lo3.salesforceliveagent.com https://aax-eu.amazon-adsystem.com https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;font-src https://embed.geckochat.io/media/ https://fonts.geckoform.com https://components.uwe.ac.uk https://use.typekit.net https://*.uwe.ac.uk/assets/fonts/ https://maps.googleapis.com https://fonts.gstatic.com https://uniquest-uwe.my.site.com;connect-src https://*.uwe.ac.uk https://www.facebook.com/tr/ https://privacyportal.cookiepro.com https://api.geckochat.io https://*.geckochat.io/live_chat/ wss://router-euwest2.geckochat.io https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://cdn.linkedin.oribi.io/partner/ https://region1.google-analytics.com https://region1.analytics.google.com https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/4/1073749574 https://tags.srv.stackadapt.com/sa.jpeg https://lm.serving-sys.com https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking performance.typekit.net https://info.uwe.ac.uk/announcements/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://bat.bing.com wss://lo.msg.liveperson.net https://cascade2-eu.libchat.com https://chat-eu.libanswers.com https://uwelibrary.libanswers.com/1.0/form/submit https://*.hotjar.io/ https://*.hotjar.com/ wss://*.hotjar.com/ https://uniquest-uwe.my.site.com https://service.force.com https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com https://maps.googleapis.com https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net 1
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.linkedin.oribi.io *.intercomcdn.com *.hotjar.com *.licdn.com *.quora.com *.intercom.io *.woopra.com *.bing.com t.co *.ttwstatic.com *.intercomassets.com *.embedly.com *.posthog.com content.hotjar.io frstre.com www.redditstatic.com *.hsforms.net *.adsecurity.com *.qbigads.com *.mitgame.com *.mobmio.com *.univibes.ru *.admitad-connect.com *.bing.com *.clarity.ms *.ttwstatic.com  *.w.org  *.tapfiliate.com  *.convertsocial.net *.qbigtech.com *.admitad.ru *.stage.monetize *.tinkoff.ru *.smartredirect.de mtusgate.de linkitten.com mtusimg.de convertlink.com pmf.tech *.pmf.tech fairsavings.com *.fairsavings.com *.admitad.com *.admit.ad *.admitad.academy mitgo.com *.mitgo.com takeads.com *.takeads.com univibes.org *.univibes.org *.ads-twitter.com *.trustpilot.com *.zopim.io *.zopim.com *.smooch.io *.zdassets.com *.zendesk.com *.consentmanager.net *.mindbox.cloud *.popmechanic.ru *.gravatar.com *.facebook.net *.facebook.com *.fb.com *.consensu.org *.amazonaws.com *.twitter.com *.instagram.com *.tiktok.com *.webvisor.org *.quizyworld.tech *.linkedin.com *.ampproject.org yastatic.net *.yandex.com *.yandex.net *.yandex.ru *.ya.ru *.mail.ru vk.com *.scriptcdn.net *.typekit.net *.google.net *.google.io *.google.eu *.google.su *.gooogle.com *.gogle.com *.com.google *.google.be *.google.by *.google.ca *.google.cn *.g.cn *.google.dk *.google.ee *.google.fi *.google.gg *.google.gr *.google.hr *.google.hu *.google.is *.google.it *.google.co.jp *.google.kz *.google.lv *.google.md *.google.com.mx *.google.nl *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.com.ua *.google.ua *.google.us *.google.co.uz *.google.de *.google.cz *.google.at *.google.ae *.google.com.co *.google.com.do *.google.jo *.google.gl *.google.sc *.google.co.ve *.google.com.uv *.google.co.ao *.google.co.in *.google.bg *.google.com *.googleapis.com *.translate.goog *.gstatic.com *.google.co.uk *.google.com.tr *.google.fr *.google.es *.google.com.eg *.google.com.cy *.google.ge *.google.co.id *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.adwords.com *.adwords.ru *.adsense.com *.adsense.ru *.feedburner.com *.doubleclick.com *.doubleclick.net *.igoogle.com *.youtu.be *.youtube.com *.youtube.ru *.blogger.com *.chromium.com *.setka.io *.google.com.gh ymetrica1.com *.google.com.pk *.google.com.br *.google.co.th *.google.com.vn *.google.lt; report-uri /wp-json/csp-log/v1/report 1
frame-ancestors https://*.worldvision.org; 1
default-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' cdnapisec.kaltura.com; img-src 'self' data:; object-src 'none'; script-src 'self' cdn.jsdelivr.net mdbootstrap.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.brusselsairlines.com *.lufthansaexperts.com 1
frame-ancestors 'self' https://*.newspicks.com 1
manifest-src 'self' prodcd2.columbuschildrens.net prodcd2.onoursleeves.org; report-uri https://cahg.nationwidechildrens.org/CAHubGateway/api/Hub/ContentSecurityPolicyReport 1
frame-ancestors 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 1
default-src 'self' https:; connect-src 'self' https://*.adroll.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.growthbook.io/ http://cdn.treasuredata.com/ https://in.treasuredata.com/ https://privacyportal.onetrust.com https://ct.pinterest.com/ https://bat.bing.com/ https://analytics.tiktok.com/ https://*.snapchat.com/ https://s.yimg.com/ https://*.hotjar.com wss://*.hotjar.com https://*.snapshot.com/ https://*.twitter.com/ https://pxl.jivox.com/ https://*.ingest.sentry.io/ https://littlecaesars.fbmta.com/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org https://www.facebook.com/ https://polyfill.io/ https://sentry.io/ https://web-sdk.control.kochava.com/ http://web-sdk.control.kochava.com/ https://*.littlecaesars.com https://*.azurewebsites.net https://stats.g.doubleclick.net https://ssl.gstatic.com https://col.eum-appdynamics.com 'unsafe-eval' 'unsafe-inline' https://littlecaesars.fbmta.com/ https://*.virtualearth.net https://www.google-analytics.com/collect; font-src 'self' data: https://*.hotjar.com/ https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https://ct.pinterest.com/ https://*.hotjar.com/ https://*.littlecaesars.com https://*.cardinalcommerce.com/ https://*.cybersource.com https://*.snapchat.com https://d1eoo1tco6rr5e.cloudfront.net/ http://tagmanager.google.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://littlecaesarenterprises.formstack.com https://www.youtube.com/embed/ https://cdn.appdynamics.com https://request.eprotect.vantivcnp.com https://request.eprotect.vantivprelive.com https://libs.na.bambora.com https://insight.adsrvr.org/ https://match.adsrvr.org/ https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/; img-src 'self' data: https://*.adroll.com/ https://*.g.doubleclick.net/ https://match.adsrvr.org https://*.google-analytics.com/ https://*.analytics.google.com/ https://in.treasuredata.com/ https://cdn.cookielaw.org https://ct.pinterest.com/ https://alb.reddit.com/ https://*.hotjar.com https://px.gumgum.com/ https://*.twitter.com/ https://insight.adsrvr.org/ https://*.jivox.com/ https://*.littlecaesars.com/ https://www.google.com/ https://*.googleusercontent.com https://bat.bing.com/ https://hexagon-analytics.com/ https://www.datocms-assets.com https://lcemedia.blob.core.windows.net https://*.gstatic.com https://googleapis.com https://maps.googleapis.com https://col.eum-appdynamics.com https://www.facebook.com https://t.co https://mobileblobfiles.blob.core.windows.net/ https://fonts.gstatic.com/ https://sp.analytics.yahoo.com/ https://connect.facebook.net/; object-src https://littlecaesars.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.treasuredata.com/ https://in.treasuredata.com/ https://*.adroll.com/ https://*.googletagmanager.com/ https://s.pinimg.com/ https://*.hotjar.com/ https://*.twitter.com/ https://analytics.tiktok.com/ https://pxl.jivox.com/ https://geolocation.onetrust.com https://bat.bing.com/ https://cdn.cookielaw.org https://*.cybersource.com https://www.google.com https://*.snapchat.com https://sc-static.net https://googleads.g.doubleclick.net/ https://*.googleadservices.com/ https://*.sift.com/ https://*.virtualearth.net https://polyfill.io/ https://sentry.io/ https://request.eprotect.vantivcnp.com https://request.eprotect.vantivprelive.com https://s.ytimg.com/ https://www.youtube.com https://googleapis.com https://maps.googleapis.com https://cdn.appdynamics.com https://libs.na.bambora.com https://static.ads-twitter.com https://platform.twitter.com https://js.adsrvr.org https://connect.facebook.net https://analytics.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://web-sdk.control.kochava.com/ https://assets.kochava.com/ http://assets.kochava.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com/ https://www.redditstatic.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://googleapis.com https://fonts.googleapis.com https://*.virtualearth.net; 1
default-src 'self' https://auth.avl.com https://auth10.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://stats.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at  *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.sk *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.google.rs *.google.cat https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://zunshp.avl.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://zunshp.avl.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com https://imgsct.cookiebot.com https://px.ads.linkedin.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at  *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.sk *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.google.rs *.google.cat; frame-src 'self' https://www.youtube.com https://js.stripe.com https://consentcdn.cookiebot.com https://td.doubleclick.net; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com https://zunshp.avl.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://zunshp.avl.com https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net 1
default-src 'self' *.sitefinity.com *.clarity.ms *.technolutions.net *.visualwebsiteoptimizer.com *.google.com *.radartoolkit.com *.exactlylabs.com *.youtube.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google.com *.datatables.net *.google-analytics.com *.googleadservices.com *.youtube.com https://dec.azureedge.net/ munchkin.marketo.net *.typekit.net *.googletagmanager.com *.cmich.edu *.cmuhealth.org *.azure-api.net sc-static.net *.monsido.com monsido.com diffuser-cdn.app-us1.com *.technolutions.net *.crazyegg.com *.app-us1.com trackcmp.net *.sitefinity.com *.snapchat.com *.doubleclick.net *.clarity.ms *.facebook.net *.bing.com ionfiles.scribblecdn.net *.msecnd.net *.youvisit.com *.simpli.fi *.tiktok.com *.visualwebsiteoptimizer.com *.syndetics.com *.librarything.com tgbwidget.com adp.eab.com my.go-cmich.org *.liveperson.net *.lpsnmedia.net app.vwo.com *.radartoolkit.com *.exactlylabs.com bot.ivy.ai *.instagram.com onstipe.com cdn.jsdelivr.net momentjs.com https://lf16-tiktok-web.tiktokcdn-us.com unpkg.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com *.typekit.net *.cmich.edu *.cmuhealth.org *.datatables.net *.crazyegg.com *.technolutions.net *.googletagmanager.com *.librarything.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.radartoolkit.com *.exactlylabs.com my.go-cmich.org cdn.jsdelivr.net *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.cmich.edu googletagmanager.com *.googletagmanager.com monsido.com *.monsido.com *.clarity.ms cmich.edu *.cmuhealth.org *.typekit.net *.snapchat.com *.bing.com *.google.com *.crazyegg.com data.adxcel-ec2.com *.youvisit.com *.simpli.fi *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.pro-market.net *.stickyadstv.com *.pubmatic.com *.intentiq.com *.bfmio.com *.analytics.yahoo.com *.exelator.com *.bluekai.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.openx.net *.rubiconproject.com *.adnxs.com *.spotxchange.com *.librarything.com *.visualwebsiteoptimizer.com my.go-cmich.org *.lpsnmedia.net app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com ajeuwbhvhr.cloudimg.io ai1.ivy-cdn.com *.instagram.com www.buzzsprout.com img.youtube.com i.ytimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.cmich.edu *.cmuhealth.org *.typekit.net bot.ivy.ai widget.tagembed.com; frame-src *.youtube.com *.cmich.edu *.cmuhealth.org *.twitter.com *.vimeo.com *.sitefinity.com *.facebook.com *.snapchat.com *.crazyegg.com *.doubleclick.net *.google.com *.panopto.com *.youvisit.com *.librarything.com tgbwidget.com cdn.yoshki.com e.issuu.com *.liveperson.net *.lpsnmedia.net yoshki.com app.vwo.com *.radartoolkit.com *.exactlylabs.com scribehow.com bot.ivy.ai *.instagram.com onstipe.com widget.tagembed.com *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.youtube-nocookie.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com *.googleapis.com *.withgoogle.com *.cmich.edu cmich.azure-api.net *.visualstudio.com *.google-analytics.com *.googleanalyitcs.com googleanalytics.com *.google.com *.snapchat.com *.sitefinity.com *.doubleclick.net *.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.technolutions.net analytics.tiktok.com my.go-cmich.org *.visualwebsiteoptimizer.com app.vwo.com *.radartoolkit.com *.exactlylabs.com *.eab.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.cmich.edu *.cmuhealth.org *.lpsnmedia.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.sitefinity.com *.cmich.edu cmich.azure-api.net blob: *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' web-chat.nativechat.com; form-action 'self' *.cmich.edu cmich.azure-api.net *.sitefinity.com *.facebook.com *.exlibrisgroup.com *.snapchat.com *.radartoolkit.com *.exactlylabs.com; frame-ancestors 'self' *.youtube.com *.cmich.edu *.cmuhealth.org *.sitefinity.com *.twitter.com *.radartoolkit.com *.exactlylabs.com; object-src cmich.azure-api.net *.sitefinity.com *.crazyegg.com *.facebook.net *.cmich.edu *.technolutions.net *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' 1
frame-ancestors *.pinkoi.com 1
default-src 'none'; base-uri 'self'; child-src 'self' blob: accounts.google.com cdn.dochub.com content.googleapis.com docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.google.com www.youtube.com cdn.production.dochub.com; connect-src 'self' blob: *.gravatar.com *.zopim.com wss://*.zopim.com wss://dochub.com/api/cable *.google-analytics.com analytics.google.com *.analytics.google.com api.onedrive.com df.api.onedrive.com cdn.dochub.com checkout.stripe.com dochub.zendesk.com docs.google.com ekr.zdassets.com graph.microsoft.com macroplant.zendesk.com maps.gstatic.com platform.twitter.com sentry.io o40410.ingest.sentry.io stats.g.doubleclick.net www.dropbox.com api.dropboxapi.com www.google.com www.googleapis.com maps.googleapis.com api.iconify.design api.simplesvg.com api.unisvg.com api.box.com cdn01.boxcdn.net d0a8c51963c84ca7a30a1a17c2f0591c.apm.us-east-1.aws.cloud.es.io accounts.google.com/gsi/ api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.sandbox.paypal.com/ cloudflareinsights.com www.paypal.com client-analytics.braintreegateway.com api.braintreegateway.com sks-adm.tools.mr-dev.xyz sks.mrkhub.com www.facebook.com/ graph.facebook.com/ wss://production.dochub.com/api/cable cdn.production.dochub.com upload.production.dochub.com download.production.dochub.com; font-src 'self' data: cdn.dochub.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com pro.fontawesome.com cdn01.boxcdn.net cdn.production.dochub.com; form-action 'self' accounts.google.com; frame-ancestors 'self' mail.google.com chrome-extension://mjgcgnfikekladnkhnimljcalfibijha chrome-extension:; frame-src 'self' blob: accounts.google.com cdn.dochub.com checkout.stripe.com content.googleapis.com dochub.com td.doubleclick.net docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com www.youtube.com *.trustpilot.com/ content-classroom.googleapis.com classroom.google.com/ cdn01.boxcdn.net content-people.googleapis.com/ 8k6f03jsqt58.statuspage.io/ checkout.paypal.com/ *.paypal.com assets.braintreegateway.com/ www.paypalobjects.com/ accounts.google.com/gsi/ cdn.production.dochub.com upload.production.dochub.com download.production.dochub.com; img-src * blob: data:; manifest-src 'self'; media-src 'self' cdn.dochub.com docs.google.com static.zdassets.com cdn.production.dochub.com; object-src 'self'; script-src 'self' blob: 'unsafe-eval' *.gravatar.com ajax.googleapis.com apis.google.com cdn.dochub.com checkout.stripe.com content.googleapis.com docs.google.com js.live.net browser-update.org js.stripe.com static.zdassets.com www.dropbox.com api.dropboxapi.com www.google-analytics.com analytics.google.com accounts.google.com www.googleapis.com maps.googleapis.com www.googletagmanager.com www.google.com/recaptcha/api.js www.gstatic.com ajax.cloudflare.com cdn01.boxcdn.net api.box.com cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdn.skypack.dev 8k6f03jsqt58.statuspage.io bat.bing.com www.googleadservices.com tpc.googlesyndication.com www.paypalobjects.com *.paypal.com static.cloudflareinsights.com cdn.mr-dev.xyz/sks/js/sks_track.js cdn.mrkhub.com/sks/js/sks_track.js accounts.google.com/gsi/client challenges.cloudflare.com appleid.cdn-apple.com connect.facebook.net/en_US/sdk.js cdn.production.dochub.com dochub.com/cdn-cgi/challenge-platform/ 'nonce-e/Ly3ycjAt86qjNTehU05DTKTxv4ZMNeae/3OCJgREc=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdn.dochub.com docs.google.com fonts.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com pro.fontawesome.com cdn01.boxcdn.net accounts.google.com/gsi/style fast.fonts.net assets.braintreegateway.com cdn.production.dochub.com; report-uri /api/v1/csp-violation-reports 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.topfapgirls.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 1
default-src 'none'; frame-ancestors https://*.edadeal.ru https://edadeal.ru https://yandex.ru https://yandex.com https://yandex.by https://*.yandex.ru https://*.yandex.com https://*.yandex.by; connect-src 'self'; script-src 'nonce-045cec0e91d89b166989f4321fdbb158' 'self'; img-src 'self' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.healthday.com https://spanish.healthday.com;block-all-mixed-content; 1
default-src 'self'; frame-ancestors 'self' https://mclaren.bloomreach.io https://test-mclaren.bloomreach.io; style-src 'self' 'unsafe-inline' https://d7c4jjeuqag9w.cloudfront.net https://static-cdn.mclaren.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://mclaren.bloomreach.io; img-src 'self' data: *; media-src 'self' https://video.twimg.com https://mclaren.bloomreach.io https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; font-src 'self' https://d7c4jjeuqag9w.cloudfront.net https://static-cdn.mclaren.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://mclaren.bloomreach.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://region1.google-analytics.com https://tracking.client.com https://metrics.client.com https://ucarecdn.com/libs/widget/3.17.2/uploadcare.full.min.js https://platform.twitter.com https://d7c4jjeuqag9w.cloudfront.net https://apps.storystream.ai https://static-cdn.mclaren.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://cdn.usefathom.com/script.js https://i7bx8z.mclaren.com/script.js https://qd5tp4.mclaren.com/script.js https://rfa8z9.mclaren.com/script.js https://www.youtube.com https://connect.facebook.net https://platform.linkedin.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://collection.decibelinsight.net https://lcinternational.demdex.net https://cdnjs.cloudflare.com/ajax/libs/jsrender/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdn.jsdelivr.net/npm/twemoji@11.3.0/2/ https://twemoji.maxcdn.com/2/ https://mclaren.bloomreach.io; frame-src 'self' https://td.doubleclick.net https://platform.twitter.com https://www.youtube.com https://www.facebook.com https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://smc-lp.s4hana.ondemand.com https://my.forms.app https://cloud.email.racing.mclaren.com https://mclaren.bloomreach.io; connect-src 'self' *.google-analytics.com https://region1.google-analytics.com https://tracking.client.com https://metrics.client.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://syndication.twitter.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://www.google-analytics.com https://*.google-analytics.com/g/ https://stats.g.doubleclick.net https://*.kampyle.com https://*.medallia.com https://*.medallia.eu https://*.mclaren.com/racing-feeds/ https://*.hana.ondemand.com wss://f1-feed.mclaren.com/socket.io/ https://f1-feed.mclaren.com/socket.io/ https://collection.decibelinsight.net wss://collection.decibelinsight.net https://mclaren.bloomreach.io; manifest-src 'self' https://static-cdn.mclaren.com https://mclaren.bloomreach.io; worker-src 'self' blob:; object-src 'none'; 1
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com singtel.sharepoint.com; 1
upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.byteintlapi.com wss://*.byteoversea.com wss://*.tiktokglobalshop.com *.acestream.net *.adsintegrity.net *.agadata.online *.akamaized.net *.amazonaws.com *.bitssec.com *.byted-static.com *.bytedapm.com *.byteicdn.com *.byteimg.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cdn77.org *.cdnfonts.com *.ciuvo.com *.cloudflare.com *.doubleclick.net *.doublestat.info *.facebook.com *.facebook.net *.fbcdn.net *.fbsbx.com *.flaticon.com *.fontawesome.com *.g-p-static.com *.g-t-static.com *.global-cache.online *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.honey.io *.ibytedtos.com *.ibyteimg.com *.instagram.com *.isnssdk.com *.jonypractic.net *.jsdelivr.net *.kaspersky-labs.com *.launchdarkly.com *.line-scdn.net *.mlstatic.com *.moz.com *.msn.com *.mxpnl.net *.oecsccdn.com *.oecstatic.com *.pagespeed-mod.com *.sgsnssdk.com *.shopee.vn *.slant.co *.socialhead.io *.tiktok.com *.tiktok.shop *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokglobalshop-governance.com *.tiktokglobalshop.com *.tiktokglobalshopv.com *.tiktokshop.com *.tiktokv.com *.tiktokv.us *.tiktokw.eu *.toolszen.com *.tronex.io *.trongrid.io *.ttwstatic.com *.twimg.com *.typekit.net *.unpkg.com *.v.network *.vodupload.com *.webflow.com *.yandex.net *.yandex.ru *.yhgfb-static.com *.youtube.com *.ytimg.com *.ytlogs.ru agadata.online conoret.com dakotaram.com doublestat.info jonypractic.net noop.style skytraf.xyz unpkg.com; report-uri https://mon.tiktokv.com/log/sentry/v2/api/slardar/main/?bid=tiktok_pns&ev_type=csp&revision=d0881fab-4939-4cb7-865c-bbd24805e4cf; report-to csp-endpoint 1
base-uri 'self'; frame-ancestors https://*.tweaktown.com; 1
default-src blob: data: https://*.imrworldwide.com/ https://*.akamaihd.net https://*.akamaized.net https://*.footprint.net https://cl-eu2.k5a.io https://*.svt.se https://*.svtplay.se https://analytics.codigo.se https://sb.scorecardresearch.com https://sentry.io https://time.akamai.com https://www.gstatic.com http://www.gstatic.com https://www.svtstatic.se https://firestore.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' https://svt-direktcenter-avatar.imgix.net https://svt-direktcenter-avatar-stage.imgix.net https://svt-direktcenter.imgix.net https://svt-direktcenter-stage.imgix.net ws://localhost:* http://localhost:* https://accounts.google.com https://appleid.cdn-apple.com https://*.bidtheatre.com http://adsby.bidtheatre.com https://match.adsby.bidtheatre.com/adxcookie https://ib.adnxs.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://cm.g.doubleclick.net https://ad.sxp.smartclip.net https://synchroscript.deliveryengine.adswizz.com https://*.casalemedia.com http://*.casalemedia.com https://api.lvis.io http://api.lvis.io https://*.monterosa.cloud http://*.monterosa.cloud wss://*.monterosa.cloud/ ws://*.monterosa.cloud/;frame-ancestors 'self' https://*.svt.se *.zync.tv 1
default-src https://talkjs.com https://*.talkjs.com wss://talkjs.com wss://*.talkjs.com; font-src https: data:; img-src 'self' http: https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-src https://*.talkjs.com https://talkjs.retool.com; connect-src https://talkjs.com https://*.talkjs.com wss://*.talkjs.com https://api.hsforms.com https://www.google-analytics.com https://plausible.io https://*.doubleclick.net https://*.analytics.google.com https://*.trackjs.com; object-src 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self'; frame-src http: data:; connect-src http: data:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.cookielaw.org *.googletagmanager.com *.calendly.com *.visualwebsiteoptimizer.com *.fullstory.com *.crazyegg.com *.whova.com whova.com *.cloudfront.net *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms *.jotform.com static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com *.dafdirect.org *.jotfor.ms *.jotform.io *.jotform.com *.vidyard.com *.airpr.com *.dca0.com *.mountain.com *.doubleclick.net *.adsrvr.org *.steelhousemedia.com *.juicer.io *.hotjar.com utt.impactcdn.com *.vimeo.com *.fundraiseup.com *.fundraiseupobjects.com https://fundraiseupobjects.com/tb *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.paypalobjects.com *.optimizely.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms *.jotform.com csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org arborday.sjv.io ojrq.net logs-01.loggly.com *.hotjar.com *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com https://cdn.optimizely.com; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com *.jotfor.ms *.jotform.com *.juicer.io *.hotjar.com *.fundraiseup.com *.stripe.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net assets-cdn.github.com *.ckeditor.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms *.jotform.com www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com *.dafdirect.org *.jotfor.ms *.jotform.com *.typekit.net *.juicer.io *.hotjar.com; frame-src 'self' mailto: lltrck.com *.paycomonline.net *.doubleclick.net youtu.be *.soundcloud.com *.jotform.io calendly.com *.jotform.com whova.com *.whova.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.c e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com *.vidyard.com *.arcgis.com *.hotjar.com arborday.sjv.io *.givesmart.com *.fundraiseup.com *.stripe.com *.src.mastercard.com *.checkout.visa.com *.plaid.com *.paypal.com *.paypalobjects.com pay.google.com https://a25272300036.cdn.optimizely.com https://a25272300036.cdn-pci.optimizely.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org  *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' *.cookielaw.org arbordayblog.org *.saashr.com *.google-analytics.com *.fullstory.com *.jotform.com cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu *.vidyard.com *.dca0.com *.adroll.com *.juicer.io *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com arborday.sjv.io *.onetrust.com maps.googleapis.com fndrsp.net fndrsp-checkout.net *.fundraiseup.com *.fundraiseupobjects.com https://fundraiseupobjects.com/tb *.stripe.com *.paypal.com *.paypalobjects.com *.plaid.com *.mastercard.com *.checkout.visa.com pay.google.com https://google.com/pay api.addressy.com *.optimizely.com https://logx.optimizely.com https://*.optimizely.com; 1
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; frame-src 'self' * ; object-src 'self' 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
frame-ancestors https://*.arkadium-sandbox.com https://*.arkadium.com/ https://arenacloud.cdn.arkadiumhosted.com/ https://arenaxstorage.blob.core.windows.net; upgrade-insecure-requests 1
frame-ancestors 'self' https://jwuq7jeq.openweb.bbva https://*.igrupobbva  https://*.grupobbva.com  https://bbvanetcash.com  https://*.bbvanetcash.com  https://*.bbva.es; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-219f545bc66c986ec94559fd40de7222' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1389674905752722; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1389674905752722 1
frame-ancestors 'self' https://myiesetest.azurewebsites.net https://my.iese.edu https://web.iese.edu; 1
frame-ancestors 'self' edge.fullstory.com rs.fullstory.com 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com https://cdn.rollbar.com https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com https://platform.twitter.com https://js.sentry-cdn.com https://browser.sentry-cdn.com; form-action 'self'; media-src https: blob:; font-src https: data:; prefetch-src https: data:; style-src 'unsafe-inline' https: data:; img-src https: data:; connect-src https: wss: blob: data: *.sentry.io; worker-src 'self' blob:; frame-src https: dcl:; child-src https: blob:; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' http://ideas.cloudera.com https://ideas.cloudera.com http://pages.cloudera.com https://pages.cloudera.com  https://video.cloudera.com https://resources.cloudera.com http://resources.cloudera.com https://*.kampyle.com https://*.medallia.com 1
frame-ancestors 'self' https://vk.com https://m.vk.com http://awards.ratingruneta.ru https://sutochno.ru/ https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com https://metrika.yandex.com.tr https://webvisor.com; 1
script-src 'self' *.adform.net 360yield.com *.doubleclick.net adservice.google.com adservice.google.pl ahrefs.com analytics.tiktok.com apis.google.com app.usercentrics.eu connect.facebook.net doubleclick.net emplocity.com *.facebook.com *.facebook.net fintech.pkobp.pl fonts.googleapis.com fonts.gstatic.com iko.pkobp.plkredobank.com.ua ls.hit.gemius.pl m.emplobot.com maps.google.com maps.googleapis.com maps.gstatic.com media.pkobp.pl pagead2.googlesyndication.com platform.twitter.com pro.hit.gemius.pl pko.salesmanago.com https://programpartnerski.pkobp.pl googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com www.google.com www.google.pl www.googleadservices.com www.googletagmanager.com www.gstatic.com www.mojafirma.pkobp.pl www.obligacjeskarbowe.pl www.pkobh.pl www.pkobp.pl www.pkofaktoring.pl www.pkofinance.se www.pkoleasing.pl www.pkopte.pl www.pkotfi.pl www.polecam.pkobp.pl www.wspieramyeksport.pl www.youtube.com www.youtube-nocookie.com www.zakup.obligacjeskarbowe.pl 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp; 1
base-uri 'self' https://md-scp.kampyle.com; form-action 'self' https://asco1.qualtrics.com; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; media-src 'self' https: blob:; 1
frame-ancestors 'self' npg.org.uk npgshop.org.uk my.npg.org.uk 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' stats.g.doubleclick.net snap.licdn.com px.ads.linkedin.com privacyportal-de.onetrust.com cdn.cookielaw.org ajax.googleapis.com fast.fonts.net player.vimeo.com code.jquery.com geolocation.onetrust.com www.google-analytics.com www.lansrv090.com vimeo.com f.vimeocdn.com i.vimeocdn.com fresnel.vimeocdn.com player-telemetry.vimeo.com 117vod-adaptive.akamaized.net www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com static.doubleclick.net fonts.gstatic.com www.youtube.com players.brightcove.net metrics.brightcove.com vjs.zencdn.net edge.api.brightcove.com admin.brightcove.com 8vod-adaptive.akamaized.net blob: data:; form-action 'self' data:; plugin-types application/x-shockwave-flash application/pdf 1
default-src 'self' about: *.bmas.de  www.etracker.de api.flockler.com analytics-api.flockler.com; base-uri 'self'; connect-src 'self' 'unsafe-inline' *.etracker.de *.etracker.com analytics-api.flockler.com api.flockler.com streaming.bmas.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.delivery.consentmanager.net *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de tagmanager.google.com *.delivery.consentmanager.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.twitter.com *.twimg.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/headings.js code.highcharts.com about: ; object-src 'self'; font-src 'self' data: *.podigee.com fonts.googleapis.com; media-src 'self' blob: *.youtube.com *.bmas.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com *.podigee.com *.bmbf.de cdn.jwplayer.com player.vimeo.com *.video-stream-hosting.de cdn.consentmanager.mgr.consensu.org; img-src 'self' blob: data:  fonts.googleapis.com ssl.gstatic.com *.google.com *.bmas.de *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com  *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net media-api.flockler.com *.fbcdn.net scontent.cdninstagram.com *.cdninstagram.com about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org export.highcharts.com; frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.consentmanager.net *.delivery.consentmanager.net player.syecontentdelivery.de *.unitylivestream.com; frame-ancestors 'self' *.facebook.com 1
connect-src 'self' https://planner5d.com https://*.planner5d.com https://*.devtodev.com https://*.taboola.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://adservice.google.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.stripe.com https://*.paypal.com https://*.paymentwall.com https://*.surveymonkey.com https://vimeo.com https://*.vimeo.com https://bat.bing.com https://sentry.planner5d.com wss://planner5d.com:21344/ws wss://planner5d.com:31673/ws https://respondent.survicate.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://*.adjust.com https://*.adjust.world https://app.adjust.net.in https://*.pinterest.com https://*.webgains.io https://ab.planner5d.com:3100 https://planner5d.pro wss://planner5d.pro; report-uri /report/csp-violations; upgrade-insecure-requests; frame-src 'self' https://www.google.com https://optimize.google.com https://vars.hotjar.com https://*.planner5d.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://player.vimeo.com https://*.surveymonkey.com https://*.facebook.com https://*.pinterest.com https://*.youtube.com https://intercom-sheets.com/ https://planner5d.com https://tool.planner5d.com https://td.doubleclick.net https://*.xsolla.com/ https://info.lilibee.com.br https://calendly.com https://*.calendly.com https://planner5d.pro; style-src 'self' 'unsafe-inline' https://*.survicate.com https://*.fontawesome.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://optimize.google.com https://static.planner5d.com; script-src 'nonce-6017f75daaafb0375fad1a6fd8d9c815' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'unsafe-hashes' https://planner5d.com https://*.planner5d.com https://connect.facebook.net https://*.hotjar.com https://*.taboola.com https://*.devtodev.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://cdnjs.cloudflare.com https://*.vimeo.com https://*.surveymonkey.com https://bat.bing.com https://*.youtube.com https://*.intercom.io https://js.intercomcdn.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.survicate.com https://*.adjust.com https://s.pinimg.com https://xsolla.com https://*.xsolla.com https://webgains.io https://*.webgains.io https://*.google.com; frame-ancestors 'self' 1
frame-ancestors http://localhost:* https://localhost:* http://*.evo.com https://*.evo.com 1
frame-src *; frame-ancestors 'self'; 1
script-src 'self' 'sha256-152qnSojXPPJBO5ypmrZJeZhpvmsrci2Y3Qw5yXp7e0=' 'unsafe-inline' https://platform.twitter.com https://stats.hey.com https://sdks.shopifycdn.com; object-src 'self'; connect-src https://stats.hey.com https://monorail-edge.shopifysvc.com https://basecamp-kitsch.myshopify.com 'self'; 1
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.greentechmedia.com/?ACT=159 1
base-uri 'self'; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'nonce-23456789' 'nonce-34567891' 'nonce-45678912' 'nonce-56789123' https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.benefits.gov https://*.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://api.benefits.gov https://*.api.benefits.gov https://www.benefits.gov https://*.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; connect-src 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com https://gov1.siteIntercept.qualtrics.com https://*.gov1.siteIntercept.qualtrics.com https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net directline.botframework.com https://webto.salesforce.com data: blob: wss:; frame-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com https://www.google.com blob:; child-src 'self' https://api.benefits.gov https://*.api.benefits.gov https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; object-src 'self' blob:; img-src 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov https://analytics.twitter.com https://*.analytics.twitter.com https://platform.twitter.com https://t.co https//*.t.co https://static.ads-twitter.com https://*.static.ads-twitter.com https://ton.twitter.com https://*.ton.twitter.com https://syndication.twitter.com https://*.syndication.twitter.com https://connect.facebook.net https://*.connect.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.facebook.net https://*.fbcdn.net https://*.facebook.com https://*.fbcdn.net https://*.facebook.net https://www.google.com https://*.google.com https://www.googletagmanager.com https://*.www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net:* *.googleadservices.net https://*.www.google.com:* *.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com data: blob:; media-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube.com/iframe_api https://www.youtube.com/www-widgetapi https://i.ytimg.com https://*.ytimg.com https://noembed.com blob:; frame-ancestors 'self'; form-action 'self' https://www.benefits.gov https://*.benefits.gov https://api.benefits.gov https://*.api.benefits.gov; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.benefits.gov https://*.benefits.gov data: blob:; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.benefits.gov https://*.benefits.gov data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; worker-src 'self' directline.botframework.com data: blob:; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-29234743a1644df856d48fdc9a72d256' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=3621302027810713; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=3621302027810713 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com cdn.syndication.twimg.com digitalfeedback.euro.confirmit.com platform.twitter.com cdn.unibuddy.co cdn.pubble.io pubble.io www.pubble.io js.pusher.com media.pubble.io https://cse.google.com https://www.google.com www.google.com cse.google.com consent.cookiebot.com consentcdn.cookiebot.com assets.calendly.com dci2.ttl.ai static.ttlagency.uk https://cues.ttl.ai/ gstatic.com www.gstatic.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.js https://connect.facebook.net https://dcu-ie.libanswers.com/load_chat.php https://www.recaptcha.net/recaptcha/api.js https://track.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com digitalfeedback.euro.confirmit.com cdn.pubble.io pubble.io www.pubble.io platform.twitter.com cdn.syndication.twimg.com www.google.com consent.cookiebot.com consentcdn.cookiebot.com media.pubble.io cse.google.com assets.calendly.com cdn.unibuddy.co dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://dcu-ie.libanswers.com/load_chat.php https://www.cincopa.com/media-platform/runtime/libasync.js https://rtcdn.cincopa.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://bam.nr-data.net https://www.recaptcha.net/recaptcha/api.js https://embed.ycb.me https://track.adform.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' platform.twitter.com ton.twimg.com cdn.pubble.io pubble.io https://www.google.com consent.cookiebot.com consentcdn.cookiebot.com api.reciteme.com dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com fonts.googleapis.com instagram.com www.instagram https://sf16-scmcdn-sg.ibytedtos.com/goofy/tiktok/falcon/embed/embed_v0.0.8.js https://sf16-scmcdn-sg.ibytedtos.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://s16.tiktokcdn.com/tiktok/falcon/embed/embed_lib_v0.0.7.css https://rtcdn.cincopa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' dci2.ttl.ai static.ttlagency.uk gstatic.com www.gstatic.com 1
default-src https://yok.gov.tr https://*.yok.edu.tr https://*.yok.gov.tr https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com  'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
frame-ancestors 'self' https://*.toroinvestimentos.com.br https://app.hubspot.com; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' *.ingest.sentry.io https://docs.rs https://play.rust-lang.org https://static.crates.io; script-src 'self' 'unsafe-eval' 'sha256-n1+BB7Ckjcal1Pr7QNBh/dKRTtBQsIytFodRiIosXdE=' 'sha256-dbf9FMl76C7BnK1CC3eWb3pvsQAUaTYSHAlBy9tNTG0='; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' s7.addthis.com snap.licdn.com static.ads-twitter.com static.hotjar.com *.googletagmanager.com www.google-analytics.com maps.googleapis.com cdn.jsdelivr.net www.google.com sc.lfeeder.com www.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com;frame-src 'self' www.google.com www.youtube.com v.qq.com player.vimeo.com pc-api-public.sabic.com; connect-src *.google-analytics.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com *.analytics.google.com maps.googleapis.com 'self'; img-src 'self' data: *.googleapis.com  *.ggpht.com *.google-analytics.com *.googletagmanager.com productcatalogue.sabic.com maps.gstatic.com maps.googleapis.com tr-rc.lfeeder.com www.gstatic.com productcatalogue.sabic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://dap.digitalgov.gov; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://www2.donotcall.gov; base-uri 'none'; form-action 'self'; frame-src 'none'; frame-ancestors 'self'; report-uri https://telemetry.consumersentinel.gov/api/contentsecuritypolicy; 1
connect-src 'self' https://usage-stats.bundesbank.de https://api.statistiken.bundesbank.de https://bundesbank-http.mescdn.com https://*.etracker.de https://*.slidesync.com https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu; style-src 'self' blob: 'unsafe-inline' https://usage-stats.bundesbank.de/ https://assets.slidesync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://usage-stats.bundesbank.de https://assets.slidesync.com https://d3js.org https://*.etracker.com https://api.signalize.com https://*.etracker.de blob: https://cdn.jsdelivr.net; frame-src 'self' https://plugins.flockler.com/ https://slidesync.com https://www.youtube-nocookie.com https://www.podcaster.de https://usage-stats.bundesbank.de/ https://allplayces.de/; media-src 'self' https://*.slidesync.com https://bundesbank-http.mescdn.com blob: data:; frame-ancestors 'self' https://usage-stats.bundesbank.de/; img-src 'self' https://www.bundesbank.de https://www.news.bundesbank.de https://www.hochschule-bundesbank.de https://www.stiftung-geld-und-waehrung.de https://www.supervisory-disclosure.de https://www.ese-initiative.org https://www.euro20plus.de data:; default-src 'self' blob:; font-src 'self' data: 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.nearpod.com/ https://nearpod.com/ https://classroom.google.com/ https://*.gooru.org/ https://gooru.org/ https://*.powerschool.com https://powerschool.com 1
default-src 'self';frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usabilla.com *.chatlayer.ai *.politie.nl translate.google.com https://translate.googleapis.com;style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.politie.nl https://translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.politie.nl;object-src 'none';base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/;connect-src 'self' *.pdok.nl *.politie.nl api.usabilla.com https://translate.googleapis.com;font-src 'self' https://d6tizftlrpuof.cloudfront.net;frame-src 'self' *.chatlayer.ai *.youtube.com politie.bbvms.com art19.com *.twitter.com;img-src 'self' data: https://d6tizftlrpuof.cloudfront.net *.chatlayer.ai *.usabilla.com *.pdok.nl *.ytimg.com https://d6tizftlrpuof.cloudfront.net *.twitter.com translate.google.com https://www.google.com https://translate.googleapis.com https://www.gstatic.com;report-uri https://www.politie.nl/cspreports;worker-src 'none';script-src-elem 'self' 'unsafe-inline' www.youtube.com/iframe_api www.youtube.com/s/player/ *.usabilla.com *.chatlayer.ai *.twitter.com *.politie.nl chatbox.prod.europe-west1.gc.chatlayer.ai;upgrade-insecure-requests 1
default-src 'self' cdn.eurid.eu; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com eurid.matomo.cloud eurid.piwikpro.com www.gstatic.com *.riddle.com survey.alchemer.eu ; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com survey.alchemer.eu data:; script-src 'self' maxcdn.bootstrapcdn.com  'unsafe-inline' 'unsafe-eval' cdn.eurid.eu fonts.googleapis.com maps.google.com maps.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com connect.facebook.net *.twitter.com eurid.matomo.cloud www.googletagmanager.com www.google-analytics.com *.cookiebot.com *.riddle.com survey.alchemer.eu embed.ex.co *.playbuzz.com *.youtube.com *.youtube-nocookie.com *.googleadservices.com *.ytimg.com *.doubleclick.net f.vimeocdn.com *.recaptcha.net recaptcha.net js.sentry-cdn.com; img-src 'self' 'unsafe-inline' maps.google.com maps.googleapis.com maps.gstatic.com csi.gstatic.com www.gstatic.com www.google.com *.twitter.com www.facebook.com eurid.matomo.cloud eurid.piwikpro.com www.google-analytics.com data: *.outbrain.com *.playbuzz.com *.google.be *.ytimg.com *.doubleclick.net ; frame-src 'unsafe-inline' *.cookiebot.com *.riddle.com embed.ex.co *.youtube.com *.youtube-nocookie.com vimeo.com player.vimeo.com *.google.com *.recaptcha.net vod-progressive.akamaized.net survey.alchemer.eu ; child-src 'self' cdn.embedly.com www.youtube.com *.twitter.com staticxx.facebook.com www.facebook.com  www.gstatic.com www.google.com; connect-src 'self' *.ex.co *.playbuzz.com *.doubleclick.net eurid.matomo.cloud *.cookiebot.com sentry.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.hsadspixel.net g10498469755.co *.google-analytics.com g9904216750.co *.doubleclick.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent10.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com wire.com www.googletagmanager.com connect.facebook.net ; style-src 'self' 'unsafe-inline' *.hubspotusercontent10.net cdn2.hubspot.net *.hsappstatic.net wire.com; img-src 'self' data: js.hscta.net *.facebook.com *.google.de *.google.com no-cache.hubspot.com *.hubspot.com cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hubspot.net *.hubspotusercontent10.net *.hsappstatic.net wire.com; connect-src 'self' *.hubapi.com *.doubleclick.net *.google.com *.google-analytics.com js.hscta.net *.hs-banner.com *.hsforms.com *.hubspot.com *.hscollectedforms.netwire.com; frame-src 'self' *.google.com *.hsforms.net *.hsforms.com *.hubspot.net *.hubspot.com *.hs-sites.com wire.com; child-src 'self' *.hsforms.com wire.com; font-src 'self' *.hubspotusercontent10.net; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://serversignin.com/guard 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: * 'unsafe-inline' https://maps.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.co.in https://www.google.com/ https://business.lutron.info *.lutron.com https://ssl.google-analytics.com https://www.facebook.com https://maps.gstatic.com https://px.ads.linkedin.com; media-src 'self'; script-src 'self' 'unsafe-eval' https://www.redditstatic.com https://s.pinimg.com https://f.clarity.ms https://tpc.googlesyndication.com https://bat.bing.com/ http://*.hotjar.com https://*.hotjar.com https://*.clarity.ms http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' https://home-c29.incontact.com https://*.clarity.ms https://t.co https://px.ads.linkedin.com https://ssl.google-analytics.com *.lutron.com https://analytics.twitter.com/ http://business.lutron.info http://pi.pardot.com https://cdn.cookielaw.org https://www.youtube.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com http://static.ads-twitter.com/ https://snap.licdn.com/ https://pi.pardot.com  https://business.lutron.info https://www.google-analytics.com https://code.jquery.com https://connect.facebook.net https://www.google.com/ https://www.google.co.in https://js.adsrvr.org *.lutron.com https://maps.googleapis.com https://ajax.googleapis.com https://s.amazon-adsystem.com https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline'  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.googleapis.com https://cdn.cookielaw.org https://business.lutron.info https://maxcdn.bootstrapcdn.com *.lutron.com https://www.google-analytics.com/ https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' *.lutron.com https://ct.pinterest.com/ https://tpc.googlesyndication.com https://vimeo.com/ https://webto.salesforce.com/  https://match.adsrvr.org/ http://classic.lutron.com/ https://player.youku.com/ https://v.youku.com https://classic.lutron.com/ https://business.lutron.info/ https://home-c29.incontact.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ *.fls.doubleclick.net/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://insight.adsrvr.org/ https://www.youtube.com/ https://player.vimeo.com/ https://lutron.secure.force.com/ https://bid.g.doubleclick.net/; connect-src 'unsafe-inline' 'self' https://geolocation.onetrust.com https://cdn.linkedin.oribi.io/ https://ct.pinterest.com https://maps.googleapis.com *.clarity.ms/  https://www.clarity.ms/ cookies-data.onetrust.io cdn.cookielaw.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.lutron.com https://www.google-analytics.com/ https://www.facebook.com https://stats.g.doubleclick.net; font-src 'self' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com https://fonts.googleapis.com; 1
script-src www.google.co.uk 'self' 'unsafe-inline' 'unsafe-eval' request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com *.dwin1.com *.puzzel.com *.addtoany.com *.bing.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.trustpilot.com *.jquery.com ajax.googleapis.com platform.twitter.com *.adroll.com *.google.com *.facebook.net *.steelhousemedia.com *.qualtrics.com www.googleadservices.com *.uk2group.com maxcdn.bootstrapcdn.com privacy-policy.truste.com www.google.com www.gstatic.com *.visualwebsiteoptimizer.com www.googletagmanager.com www.google-analytics.com app.yieldify.com *.westhost.com t.trackedlink.net d33wq5gej88ld6.cloudfront.net s.adroll.com tracking.websitealive.com *.hcaptcha.com; img-src data: 'self' *.thgingenuity.com img.zohostatic.eu match.adsrvr.org *.gstatic.com *.uk2group.com *.bing.com *.gravatar.com *.puzzel.com *.pingdom.net *.uk2.net p.adsymptotic.com s.w.org csi.gstatic.com cj.dotomi.com widget.trustpilot.com www.privacytrust.com insight.adsrvr.org *.adroll.com *.adnxs.com *.yahoo.com *.facebook.com *.doubleclick.net *.bidswitch.net *.rlcdn.com *.twitter.com *.openx.net googleads.g.doubleclick.net *.googleadservices.com cdsusa.veinteractive.com shareasale.com www.emjcd.com *.westhost.com *.midphase.com privacy-policy.truste.com secure.etrust.org 55b558c7-resources.bk-partnersasia.com ib.adnxs.com *.visualwebsiteoptimizer.com www.google-analytics.com stats.g.doubleclick.net www.google.co.uk www.google.com https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' *.westhost.com *.google.com *.googleapis.com *.puzzel.com dwmvwp56lzq5t.cloudfront.net *.pingdom.net *.bootstrapcdn.com *.visualwebsiteoptimizer.com; frame-src 'self' *.hcaptcha.com *.westhost.com cdn.forms-content.sg-form.com www.google.co.uk www.google.com plus.google.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com https://vars.hotjar.com widget.trustpilot.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com livechat.uk2group.com *.puzzel.com *.pingdom.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com dev.visualwebsiteoptimizer.com geo.yieldify.com *.westhost.com widget.trustpilot.com bat.bing.com; font-src data: 'self' http://script.hotjar.com https://script.hotjar.com *.westhost.com *.gstatic.com *.googleapis.com *.puzzel.com maxcdn.bootstrapcdn.com *.visualwebsiteoptimizer.com stats.g.doubleclick.net; default-src 'self' *.westhost.com *.puzzel.com; object-src 'self' *.westhost.com *.visualwebsiteoptimizer.com; child-src *.westhost.com *.uk2group.com *.hotjar.com *.twitter.com *.puzzel.com *.addtoany.com googleads.g.doubleclick.net platform.twitter.com apis.google.com www.facebook.com staticxx.facebook.com accounts.google.com afftrk.biz www.googleadservices.com tracking.opienetwork.com youtu.be www.youtube.com *.visualwebsiteoptimizer.com www.google.com; media-src data: 'self' *.puzzel.com *.westhost.com; frame-ancestors 'self'; 1
frame-ancestors 'self' http://localhost:80 https://localhost:443 1
frame-ancestors 'self'; default-src data: 'self' *.ameren.com *.brilliantcollector.com *.google.com *.gstatic.com *.webtrends.com *.swiftypecdn.com *.allegiancetech.com *.swiftype.com *.doubleclick.net *.salesforceliveagent.com *.amerenlistens.com *.twitter.com *.twimg.com *.youtube.com *.facebook.com *.googletagmanager.com *.webtrendslive.com *.google-analytics.com *.googleapis.com *.lineicons.com *.inmoment.com *.vimeo.com *.googleusercontent.com *.webtrendslive.com *.facebook.net *.spot.stream *.peaktimerewards.com *.usemarketings.com *.googleadservices.com amerenliveagent.secure.force.com *.my.salesforce.com *.linkedin.com *.licdn.com *.adsymptotic.com share.earthcam.net sentry.ec-lan.net cdn.linkedin.oribi.io 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self'; form-action 'self' https://www.mnhn.fr; frame-ancestors 'self'; report-uri https://www.mnhn.fr/fr/report-uri/enforce 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-1da33c0f485705df906e3c22284d8e4b' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1597061705759080; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1597061705759080 1
frame-ancestors 'self' *.nyp.org *.prod.acquia-sites.com 1
default-src 'self'; connect-src *; font-src 'self' data: fonts.gstatic.com *.fontawesome.com *.answerdash.com *.bootstrapcdn.com; frame-ancestors *; frame-src *; img-src blob: data: *; script-src 'unsafe-inline' *; style-src 'unsafe-inline' * 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com https://js.usemessages.com https://js.hsforms.net https://www.google-analytics.com https://connect.facebook.net https://js.hs-scripts.com https://snap.licdn.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hsadspixel.net https://js-agent.newrelic.com https://bam.nr-data.net https://apis.google.com js.hs-banner.com *.wp.com *.cookiebot.com 1
object-src 'none'; base-uri 'none'; default-src https://isnic.is https://www.isnic.is/; style-src https://isnic.is https://www.isnic.is/; font-src https://isnic.is https://www.isnic.is/; script-src https://isnic.is https://www.isnic.is/; img-src https://isnic.is https://www.isnic.is/ https://www.rix.is; connect-src https://isnic.is https://www.isnic.is/; frame-ancestors 'none'; report-uri /default/csp; 1
default-src 'self' https: data: blob: wss: https://content.surveysparrow.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' ; frame-ancestors 'self' *.surveysparrow.com thrivesparrow.com *.thrivesparrow.com ; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co 'sha256-mBcgzZ36s/ssKaH7/DbbJEMtbumFZHsz1tRHoAWJISU=' 'sha256-4jLXDjttYgZGdR3ly3AXw5YG6hUiB0vhH49x3gF4v6o=' 'sha256-nSNutDm4b0xlOVJ6d2o6FfQtTqubddecmFK5u1bH9eQ=' 'sha256-2UoXH2Nxa9FD+HQj/Hp5juuacBa0PfUJVyanLHuDPOE=' 'sha256-ndwrZ6zP2oTUI+w2j6dZpKqLIRJPL6Dzo+eibGHpySA=' 'sha256-ISlsDOLXS/YaZ5Yp82THTVSNnRQlXpWmyA/JKprgPcs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-ZAPNZyoXMGV0VKftEBt7jQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors *.dowjones.net *.penews.com *.onservo.com 1
default-src 'self' yoast.com my.wpengine.com *.osano.com *.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.jsdelivr.net unpkg.com my.wpengine.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.osano.com *.piwik.pro; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com *.osano.com *.piwik.pro; img-src 'self' data: 1.gravatar.com secure.gravatar.com dify.wpengine.com www.google-analytics.com *.osano.com *.piwik.pro; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src 'self' www.youtube.com www.google.com *.osano.com *.piwik.pro; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
https: data: 1
frame-ancestors 'self' https://rtsports.com https://www.rtsports.com; 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-0be72c10-99bf-4c25-bd4d-4a5f02240602' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
frame-ancestors 'self' https://*.prometheanworld.com 1
default-src 'self' https://www.koodomobile.com https://koodomobile.com https://b.koodomobile.com https://du4n2wiaamtmk.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com https://nexus.ensighten.com https://assets.adobedtm.com telus.tt.omtrdc.net https://www.google.com https://www.youtube.com https://*.demdex.net https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.qualtrics.com https://dev.visualwebsiteoptimizer.com https://*.newrelic.com https://bam.nr-data.net https://static.ada.support https://koodo.ca.ada.support https://koodo-development.ca.ada.support https://widget.telus.tiia.ai https://w-kva.tiia.ai https://cm.everesttech.net https://*.adgear.com https://mobility.telus.com https://koodo.sds.modeaondemand.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://cas.cluep.com https://s.yimg.com https://*.analytics.yahoo.com https://analytics.twitter.com https://static.ads-twitter.com https://sc-static.net https://tr.snapchat.com https://*.quantserve.com https://*.quantcount.com https://s.amazon-adsystem.com https://embed.binkies3d.com https://binkiesproductionweu.servicebus.windows.net https://binkiescontentnode.blob.core.windows.net https://az589851.vo.msecnd.net https://bat.bing.com https://analytics.tiktok.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://www.koodomobile.com https://koodomobile.com https://www.google.com https://fonts.googleapis.com https://embed.binkies3d.com https://binkiescontentnode.blob.core.windows.net https://az589851.vo.msecnd.net 'unsafe-inline'; img-src 'self' blob: data: https://www.koodomobile.com https://koodomobile.com https://maps.gstatic.com https://maps.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.facebook.com https://b.koodomobile.com https://*.ensighten.com https://*.google-analytics.com https://www.googletagmanager.com https://*.youtube.com https://i.imgur.com https://static.ada.support https://www.google.com https://www.google.ca https://*.doubleclick.net https://cas.cluep.com https://t.co https://*.quantserve.com https://binkiescontentnode.blob.core.windows.net https://az589851.vo.msecnd.net https://bat.bing.com https://chart.googleapis.com; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.fanplayr.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://d38nbbai6u794i.cloudfront.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.fanplayr.com https://*.googletagmanager.com https://ajax.googleapis.com https://d38nbbai6u794i.cloudfront.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-4eea4fcd-7f62-4723-a4d25a950c74594a'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.fanplayr.com https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-4eea4fcd-7f62-4723-a4d25a950c74594a'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.fanplayr.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.fanplayr.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://d38nbbai6u794i.cloudfront.net https://t.co https://tarteaucitron.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://*.fanplayr.com https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
frame-ancestors *.odb.sh.cn www.dianchang.cn *.jiemian.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s0.wp.com https://s1.wp.com https://s2.wp.com; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://bam.nr-data.net https://privacyportal.onetrust.com https://geolocation.onetrust.com https://stats.wp.com https://js-agent.newrelic.com https://www.google-analytics.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://www.googletagmanager.com; frame-src 'self' https://widgets.wp.com/ https://player.vimeo.com/; frame-ancestors none; connect-src 'self' https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.google-analytics.com; img-src 'self' data: https://secure.gravatar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://pixel.wp.com https://i.vimeocdn.com/; font-src 'self' data: https://s0.wp.com https://s1.wp.com https://s2.wp.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-f3fa1806a9b804e5e1ee05fb246788f7' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=7461893876184319; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=7461893876184319 1
frame-ancestors 'self' www.landingpromo.it www.landing-promo.it 1
default-src 'self';   connect-src 'self' https://adalytics.adastra.digital https://adalytics.instarea.com https://api.adalytics.adastra.digital https://sdk-tracing.exponea.com https://*.ocp.orange.sk https://translate.googleapis.com https://onesignal.com https://sc-static.net https://analytics.algolia.com https://8gcm8o9vsa-1.algolianet.com https://8gcm8o9vsa-2.algolianet.com https://8gcm8o9vsa-3.algolianet.com https://8gcm8o9vsa-dsn.algolianet.com https://8gcm8o9vsa-dsn.algolia.net https://uq5v1rcrhz-1.algolianet.com https://uq5v1rcrhz-2.algolianet.com https://uq5v1rcrhz-3.algolianet.com https://uq5v1rcrhz-dsn.algolianet.com https://uq5v1rcrhz-dsn.algolia.net https://t8aek1p630-1.algolianet.com https://t8aek1p630-2.algolianet.com https://t8aek1p630-3.algolianet.com https://t8aek1p630-dsn.algolianet.com https://t8aek1p630-dsn.algolia.net https://*.orange.sk wss://www.orange.sk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.privacy-center.org https://t.leady.com https://translate.googleapis.com https://webchat.orange.sk https://tr.snapchat.com https://region1.google-analytics.com https://region1.analytics.google.com https://orange-p.containers.piwik.pro https://orange-p.piwik.pro https://logws1364.ati-host.net https://*.livecall.io wss://signalling.livecall.io https://*.itdesk.eu https://panel.callback24.io *.crazyegg.com;   font-src 'self' data: https://script.hotjar.com https://cdn.exponea.com https://cdn.instarea.com https://www.cloudfront.net https://*.orange.sk;   child-src 'self' blob: https://*.ocp.orange.sk https://onesignal.com https://vars.hotjar.com https://www.google.com https://www.googletagmanager.com https://www.creativecdn.com https://creativecdn.com https://www.youtube.com https://www.facebook.com https://www.doubleclick.net https://www.buzzsprout.com https://*.orange.sk https://tr.snapchat.com https://vimeo.com https://w.soundcloud.com https://10814970.fls.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com;   img-src 'self' data: https://lh3.ggpht.com https://cdn.exponea.com https://cdn.instarea.com https://img.onesignal.com https://video.orange.sk https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://www.scorecardresearch.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.sk https://img.youtube.com https://www.google.com https://www.facebook.com https://www.gstatic.com https://www.googleapis.com https://www.googletagmanager.com https://translate.googleapis.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://tr.snapchat.com https://secure.adnxs.com https://translate.google.com https://translate.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://sk-gmtdmp.mookie1.com https://www.linkedin.com https://px.ads.linkedin.com https://orange-p.containers.piwik.pro https://orange-p.piwik.pro https://assets.livecall.io https://panel.callback24.io *.crazyegg.com https://ad.doubleclick.net https://bat.bing.com https://*.ocp.orange.sk https://*.orange.sk;   script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com https://cdn.onesignal.com https://s2.adform.net https://track.adform.net https://api.adalytics.adastra.digital https://cdn.exponea.com https://cdn.instarea.com https://www.googleadservices.com https://*.ocp.orange.sk https://www.buzzsprout.com https://video.orange.sk https://www.algolia.net https://www.algolianet.com https://www.adform.net https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.scorecardresearch.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://translate.google.com https://*.arcgisonline.com https://api.adalytics.adastra.digital https://www.onesignal.com https://onesignal.com https://sc-static.net https://sdk.privacy-center.org https://t.leady.com https://translate-pa.googleapis.com https://sk.search.etargetnet.com https://snap.licdn.com https://orange-p.piwik.pro https://tag.aticdn.net https://*.livecall.io https://panel.callback24.io https://*.itdesk.eu https://cdnjs.cloudflare.com https://tpc.googlesyndication.com https://bat.bing.com *.crazyegg.com https://tr.snapchat.com https://*.orange.sk;   style-src 'unsafe-inline' 'self' https://cdn.exponea.com https://cdn.instarea.com https://onesignal.com https://*.orange.sk https://www.google.com https://translate.googleapis.com https://assets.livecall.io https://panel.callback24.io https://static.hotjar.com https://script.hotjar.com *.crazyegg.com https://*.arcgisonline.com;   media-src blob: https://assets.livecall.io https://*.orange.sk https://www.orange.sk;   object-src 'self';   report-uri https://www.orange.sk/scp-report;    1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.ldlc.com *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com www.googletagmanager.com *.gstatic.com *.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com connect.facebook.net www.google-analytics.com www.googlecommerce.com aswpapieu.com aswpsdkeu.com *.doubleclick.net stats.g.doubleclick.net *.groupe-ldlc.com *.google.com *.google.fr www.facebook.com www.gstatic.com *.googleapis.com www.youtube.com www.youtube-nocookie.com mpshare.iesnare.com *.trustpilot.com *.twitch.tv *.bimp.fr analytics.tiktok.com www.tiktok.com platform.twitter.com syndication.twitter.com *.ttwstatic.com dl.asnapieu.com mycliplister.com *.mycliplister.com events.demoup.com script.tapfiliate.com;img-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com *.gstatic.com *.hotjar.com *.hotjar.io *.ldlc.com *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com chat.userlike.com connect.facebook.net dl.asnapieu.com events.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com;connect-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com *.gstatic.com *.hotjar.com *.hotjar.io *.ldlc.com *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com wss://umd.userlike.com wss://*.hotjar.com chat.userlike.com connect.facebook.net dl.asnapieu.com events.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com frstre.com;frame-ancestors 'self';report-uri https://www.ldlc.com/sentry/api/2/security/?sentry_key=63d37e2da9034686986b325d703bf2bb; 1
base-uri 'self'; default-src 'self' data:; script-src 'self' 'unsafe-eval' 'nonce-44aedeb5-5159-4c0a-8fea-3ce0e4ebc072'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data: www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; script-src 'self' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com 'nonce-KG459VzjQERW24ucj3dMSM5XX5ucuWT6'; style-src 'self' https: data: 'unsafe-inline' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; object-src 'self'; form-action 'self'; 1
frame-ancestors 'self' deals.manning.com freecontent.manning.com liveproject.manning.com liveproject-qa.manning.com; 1
default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; media-src 'self' blob: data: *; img-src 'self' blob: data: *; font-src 'self' http://*.gstatic.com http://*.civicscience.com; frame-src 'self' *; object-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' http://*.uvn.io http://*.psdops.com; block-all-mixed-content; 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.enchantedlearning.com ajax.cloudflare.com static.cloudflareinsights.com *.doubleclick.net *.googleadservices.com *.google.com *.google.ad *.googlesyndication.com assets.pinterest.com widgets.pinterest.com; style-src 'unsafe-inline' 'self' *.enchantedlearning.com *.google.com *.googleapis.com; frame-ancestors 'self' enchantedlearning.com *.enchantedlearning.com; connect-src 'self' enchantedlearning.com *.enchantedlearning.com cloudflareinsights.com *.doubleclick.net *.google.com *.googlesyndication.com; img-src 'self' data: enchantedlearning.com *.enchantedlearning.com *.googlesyndication.com *.pinterest.com images.aiscribbles.com; child-src 'self' data: enchantedlearning.com *.enchantedlearning.com cloudflareinsights.com *.doubleclick.net *.google.com *.googlesyndication.com assets.pinterest.com; frame-src 'self' data: enchantedlearning.com *.enchantedlearning.com cloudflareinsights.com *.doubleclick.net *.google.com *.googlesyndication.com assets.pinterest.com 1
frame-ancestors 'self' https://www.domo.com https://ai.domo.com https://domo.seismic.com https://domo.lookbookhq.com https://domo.pathfactory.com; 1
default-src 'self' https: data: https://www.datadoghq-browser-agent.com/eu1/v4/datadog-rum.js https://rum.browser-intake-datadoghq.eu/ https://api-stage.clue.run/ https://images.ctfassets.net/ https://www.google-analytics.com/analytics.js https://webapi.helloclue.com https://www.googletagmanager.com https://cdn.polyfill.io/v3/polyfill.min.js https://www.youtube.com https://cdn.paddle.com/paddle/v2/paddle.js https://sandbox-cdn.paddle.com/paddle/v2/assets/css/paddle.css https://sandbox-cdn.paddle.com/paddle/v2/assets/css/animate.css https://cdn.paddle.com/ https://sandbox-buy.paddle.com/ https://buy.paddle.com/  https://cdn.taboola.com/libtrc/unip/1264181/tfa.js https://sync.taboola.com https://trc.taboola.com https://vidanalytics.taboola.com/putes https://trc-events.taboola.com https://collector-dev.clue.run/com; img-src 'self' data: https://cdn.paddle.com https://api-stage.clue.run/ https://images.ctfassets.net/ https://dev-helloclue.clue.run https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' https://www.datadoghq-browser-agent.com/eu1/v4/datadog-rum.js https://api-stage.clue.run/ https://helloclue.com https://dev-helloclue.clue.run https://images.ctfassets.net https://www.google-analytics.com/analytics.js https://webapi.helloclue.com https://www.googletagmanager.com https://cdn.polyfill.io/v3/polyfill.min.js https://www.youtube.com https://cdn.paddle.com/paddle/v2/paddle.js https://sandbox-buy.paddle.com/ https://buy.paddle.com/ https://cdn.taboola.com/libtrc/unip/1264181/tfa.js https://sync.taboola.com https://trc.taboola.com https://vidanalytics.taboola.com/putes https://trc-events.taboola.com; style-src 'self' 'unsafe-inline' https://sandbox-cdn.paddle.com https://api-stage.clue.run/ https://dev-helloclue.clue.run https://helloclue.com https://images.ctfassets.net/ 1
frame-ancestors 'self' https://*.synthesia.io http://10.4.130.137:3000/ 1
frame-ancestors 'self' *.betano.com; 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src https://fonts.gstatic.com https://fonts.googleapis.com 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: 'self'; worker-src blob:; child-src blob: 1
base-uri 'self';connect-src 'self' *.clarity.ms *.bing.com *.oribi.io *.facebook.com *.mktoresp.com *.ubembed.com *.google.com *.addthis.com *.company-target.com *.pinterest.com *.wistia.com *.akamaihd.net *.litix.io *.crazyegg.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.demandbase.com *.sharethis.com;default-src 'self';font-src 'self' data: *.typekit.net;frame-ancestors 'self';frame-src 'self' *.ubembed.com *.doubleclick.net *.vimeo.com *.sharethis.com *.facebook.com *.youtube.com *.pinterest.com *.explorelearning.com *.company-target.com;img-src 'self' data: *.bing.com *.twitter.com *.explorelearning.com *.pinterest.com *.wistia.com *.vimeocdn.com *.ytimg.com *.rlcdn.com *.bidr.io *.linkedin.com https://t.co *.facebook.com *.google-analytics.com *.google.com *.company-target.com *.adsymptotic.com *.googletagmanager.com *.clarity.ms *.sharethis.com;media-src 'self' *.explorelearning.com blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com *.google.com *.ubembed.com *.facebook.net *.wistia.com *.doubleclick.net *.addthis.com *.marketo.net *.pinimg.com *.addthis.com *.crazyegg.com *.licdn.com *.ads-twitter.com *.demandbase.com *.addthisedge.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.moatads.com *.explorelearning.com *.vimeo.com *.sharethis.com;style-src 'self' 'unsafe-inline' *.typekit.net *.explorelearning.com;worker-src blob:; 1
frame-ancestors 'self' http://www.philips.co.uk *.philips.com *.philips.co.uk https://philipsigtdpv.com 1
default-src 'self' blob:; base-uri 'self'; connect-src 'self' blob: *.googleapis.com *.googleadservices.com *.algolia.io *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.braintree-api.com *.braintreegateway.com *.envato-staging.com *.envato.com *.envato.market *.envato.test *.facebook.com *.doubleclick.net *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.ip-api.com *.maxmind.com *.nr-data.net *.olark.com *.pinterest.com *.placeit.net *.recurly.com *.segment.io *.thenounproject.com *.uservoice.com code.jquery.com httpbin.org smart-templates.us *.instagram.com *.pinpiaa.com wss://*.hotjar.com *.tiktok.com *.amplitude.com *.kaptcha.com wss://*.pusher.com *.paypal.com; font-src 'self' data: *.amazonaws.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com *.olark.com *.placeit.net *.quadpay.com *.zscalerone.net github.com use.typekit.net *.hotjar.com; form-action 'self' javascript: localhost:* *.twitter.com *.pinterest.com *.facebook.com *.envato.com *.placeit.net; frame-src 'self' *.braintreegateway.com *.doubleclick.net *.envato.market *.facebook.com *.freshdesk.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaptcha.com *.olark.com *.paypal.com *.recurly.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net *.pinterest.com gateway.zscalerone.net localhost:* *.googleapis.com *.instagram.com *.google.com *.placeit.net *.accounts.google.com; img-src 'self' blob: data: https: http:; media-src 'self' data: blob: *.olark.com *.placeit.net *.zscalerone.net ssl.gstatic.com *.amazonaws.com *.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: js.recurly.com js.braintreegateway.com *.speedcurve.com *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.impactradius-event.com *.jsdelivr.net *.linkedin.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.pinimg.com *.placeit.net *.segment.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net unpkg.com *.upscope.io *.clarity.ms *.tiktok.com *.amplitude.com *.kaptcha.com; style-src 'self' 'unsafe-inline' *.olark.com *.googleapis.com *.amazonaws.com *.bootstrapcdn.com *.cloudflare.com *.placeit.net *.zscalerone.net fast.fonts.net *.typekit.net *.cloudfront.net *.google.com; report-uri https://placeit.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com bat.bing.com *.stripe.com *.sift.com media.twiliocdn.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; style-src 'self' 'unsafe-inline' static0.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com; img-src 'self' data: blob: https:; font-src 'self' data: *.gstatic.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net d294caftvmxj2y.cloudfront.net; frame-src 'self' platform.twitter.com syndication.twitter.com *.stripe.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; frame-ancestors 'self'; connect-src 'self' *.stripe.com stats.g.doubleclick.net *.sentry.io bat.bing.com api.getaddress.io eventgw.twilio.com media.twiliocdn.com wss://chunderw-vpc-gll.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; object-src 'self' data:; media-src 'self' api.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net d294caftvmxj2y.cloudfront.net; worker-src 'self' blob; report-uri https://orreports2.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self' https://www.maykinmedia.nl https://www.lessonup.com https://lessonup.app 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://www.google-analytics.com https://www.googletagmanager.com http://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.gstatic.com https://b.delivery.consentmanager.net/delivery/ https://cdn.consentmanager.net/ http://cdn.consentmanager.net/ https://*.privacyrequest.net https://privacyrequest.net 'unsafe-inline'; 1
frame-ancestors 'self' *.wallet.airpay.com.mx *.shopee.kr *.airpay.com.mx *.shopeemobile.com *.shopee.com.mx *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
child-src data: https: 'unsafe-inline' https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src data: https: 'unsafe-inline' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com *.visualwebsiteoptimizer.com app.vwo.com; default-src data: https: 'unsafe-inline' 'self' blob:; font-src data: https: 'unsafe-inline' https://js.intercomcdn.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com player.vimeo.com youtube.com www.youtube.com youtube-nocookie.com https://www.youtube-nocookie.com/ calendar.google.com read.bookcreator.com platform.twitter.com facebook.com https://www.facebook.com instagram.com https://www.instagram.com linkedin.com https://www.linkedin.com quote.bookcreator.com https://quote.bookcreator.com/ https://docs.google.com/ https://forms.hsforms.com/ forms.hsforms.com https://app.hubspot.com/ app.hubspot.com https://embed.wakelet.com/ embed.wakelet.com; img-src data: https: 'unsafe-inline' blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com 'self' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; media-src data: https: 'unsafe-inline' https://js.intercomcdn.com; script-src data: https: http: 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.visualwebsiteoptimizer.com app.vwo.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com fonts.bunny.net; worker-src 'self' blob:; form-action https://bookcreator.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://forms.hsforms.com/ https://read.bookcreator.com; frame-ancestors 'self'; 1
frame-ancestors 'self' www.ed2go.com; upgrade-insecure-requests; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-2b31fe80a8e438784f98743aa0f3ce5b' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1279349159957344; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1279349159957344 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-d991ad50aadc7ecf'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
frame-ancestors 'self' independer.blueconic.net independer.frontify.com; default-src https: wss: tel: 'self' 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors https://*.zonos.com 1
default-src https: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com tagmanager.google.com pls.www.audiofanzine.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com tagmanager.google.com;font-src fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' www.google-analytics.com www.google.com www.google.fr www.google.de stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com www.facebook.com data:;connect-src 'self' pls.www.audiofanzine.com www.google-analytics.com stats.g.doubleclick.net;object-src www.google-analytics.com stats.g.doubleclick.net;media-src 'none';child-src 'self' www.google.com www.youtube.com td.doubleclick.net;form-action 'self'; 1
frame-ancestors 'self' *.hansel.io *.netcoresmartech.com 1
require-trusted-types-for 'script';report-uri /_/RcsAdamantiumHttp/cspreport 1
frame-ancestors 'self' *.brilliant.org *.online.tableau.com apps.facebook.com app.frontapp.com greatquestion.co 1
base-uri 'self'; default-src 'self' https:; object-src 'none'; img-src 'self' https://api-1.invencocloud.com https://module-prod.invencocloud.com https://*.s3.us-west-2.amazonaws.com https://*.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com blob: data:; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; font-src 'self' https://api-1.invencocloud.com https://module-prod.invencocloud.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api-1.invencocloud.com https://module-prod.invencocloud.com https://js-agent.newrelic.com https://www.google.com/recaptcha/ https://www.gstatic.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com https://bam.nr-data.net; frame-ancestors 'self'; form-action 'self' https://api-1.invencocloud.com https://module-prod.invencocloud.com; upgrade-insecure-requests; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; frame-ancestors https://*.frost.com https://*.customerleadershipcouncil.com/ https://*.gilcouncil.com; 1
frame-ancestors 'self' https://manage.industryweek.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' twitter.com 1
frame-ancestors 'self' *.knightlab.com *.biologicaldiversity.org biologicaldiversity.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https:; worker-src 'self' blob: 1
default-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com geoid.investisdigital.com www.googletagmanager.com www.connectidfeed.com; img-src 'self' 'unsafe-inline' data: naspers-corp-v2.cm.invdcloud-is.co.uk google-analytics.com naspers-corp-v2.cd.invdcloud-is.co.uk www.google.com www.google.co.in viz.tools.investis.com *.brightcove.com *.boltdns.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com www.connectidfeed.com p.typekit.net; frame-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk otp.tools.investis.com cdn.jsdelivr.net www.youtube.com cdnjs.cloudflare.com www.google.com code.jquery.com www.google-analytics.com fonts.googleapis.com www.googletagmanager.com www.connectidfeed.com irs.tools.investis.com; style-src assets.investisdigital.com 'self' 'unsafe-inline' 'unsafe-eval' p.typekit.net naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk viz.tools.investis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com use.typekit.net https://assets.investisdigital.com; script-src assets.investisdigital.com 'self' 'unsafe-inline' otp.tools.investis.com www.youtube.com connect.facebook.net 'unsafe-eval' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk unpkg.com www.google.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com viz.tools.investis.com www.google-analytics.com www.googletagmanager.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com use.typekit.net irs.tools.investis.com; media-src 'self' blob: naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk *.brightcovecdn.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com; connect-src assets.investisdigital.com www.google-analytics.com viz.tools.investis.com www.naspers.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk stats.g.doubleclick.net www.connectidfeed.com *.brightcove.com geoid.investisdigital.com region1.google-analytics.com cookiemanager.investisdigital.com www.youtube.com *.google.com fonts.googleapis.com; font-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk www.connectidfeed.com www.googletagmanager.com use.typekit.net; 1
frame-ancestors 'self' https://my.wealthsimple.com 1
default-src 'self' https://static.commex.com/static/cloud/shared https://static.commex.com https://*.wistia.com https://*.wistia.net;script-src blob: 'self' https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://static.commex.com/static/cloud/shared https://api.sumsub.com https://mc.yandex.ru https://www.google.com https://monitor.geetest.com https://static.geetest.com https://api.geetest.com https://api.geevisit.com 'unsafe-inline' https://accounts.commex.com https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://static.commex.com/static/cloud/shared https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://api.sumsub.com https://static.geetest.com;font-src 'self' data: https://static.commex.com/static/cloud/shared https://*.wistia.com https://at.alicdn.com https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://api.sumsub.com;connect-src 'self' https://static.commex.com/static/cloud/shared https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* https://bin-dev-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://bin-qa1-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://*.s3-accelerate.amazonaws.com wss://*.commex.com https://*.commex.com https://*.sentry.io https://stats.g.doubleclick.net https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://api.sumsub.com https://api.saasexch.com https://www.google.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://static.commex.com/static/cloud/shared https://api.sumsub.com https://static.geetest.com https://www.google.com https://static.pipsr.com https://staticrecap.cgicgi.io https://static.2meta.app/ https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://bin-dev-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://bin-qa1-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://t.co https://www.facebook.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://static.commex.com/static/cloud/shared https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://bin-dev-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://bin-qa1-file-center-client-upload.s3.ap-northeast-1.amazonaws.com https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://api.sumsub.com;frame-src 'self' https://api.commonservice.io https://www.gstatic.com https://static.commex.com https://log.bntrace.com wss://stream.commex.com/stream https://www.commex.com https://tf-standalone-prod-kyc.s3.ap-northeast-1.amazonaws.com wss://chat-ws.commonservice.io https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://static.saasexch.com wss://fstream.commex.com/compress/stream wss://nbstream.commex.com https://static.commex.com/static/cloud/shared https://api.sumsub.com https://www.google.com https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net;object-src 'none';base-uri 'self' 1
frame-ancestors 'self' *.zapxweb1.co.il *.weekend.co.il *.kamaze.co.il *.googlesyndication.com 1
frame-ancestors 'self' https://www.google.com/maps/ https://www.youtube.com/ http://milliemlak.gov.tr/ http://www.milliemlak.gov.tr/; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv; connect-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com; img-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.caast.tv; frame-src * data: blob: https://caast.tv https://*.caast.tv; style-src * data: blob: 'unsafe-inline' 'unsafe-eval';media-src * data: blob: 'unsafe-inline' 'unsafe-eval'; child-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://caast.tv https://*.caast.tv; font-src  * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://bam.nr-data.net https://doypq9et62aku.cloudfront.net/ https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com https://sdk.tigertext.me https://cdn.mxpnl.com https://js-agent.newrelic.com data:; style-src 'self' 'unsafe-inline' https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; ; frame-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com tigertext://* data:; connect-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com https://api.mixpanel.com/ https://bam.nr-data.net/ data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:; style-src 'self' 'unsafe-inline' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com https://static.cloudflareinsights.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.genetec.com https://*.marketo.com https://oc-cdn-public.azureedge.net; media-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://static.cloudflareinsights.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.genetec.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://youtu.be; frame-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://bid.g.doubleclick.net www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bloomreach.cloud https://*.doubleclick.net https://*.facebook.com https://*.genetec.com https://*.geneteccloud.com https://*.google.com https://*.livechatinc.com https://*.marketo.com https://*.podbean.com https://*.powerappsportals.com https://*.youtube.com https://static.addtoany.com https://oc-cdn-public.azureedge.net; img-src 'self' 'unsafe-inline' data: *; connect-src 'self' *; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com ajax.googleapis.com https://static.cloudflareinsights.com https://static.addtoany.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://oc-cdn-public.azureedge.net https://www.redditstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com https://static.cloudflareinsights.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://oc-cdn-public.azureedge.net; font-src 'self' 'unsafe-inline' data: https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://static.cloudflareinsights.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.cdntwrk.com https://*.genetec.com https://cdn.livechatinc.com https://oc-cdn-public.azureedge.net; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' https://*; script-src 'self' 'unsafe-inline' *.cloudfront.net/ https://assets.website-files.com/ https://assets-global.website-files.com/ https://cdn.segment.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://accounts.google.com/ https://www.googletagmanager.com https://use.typekit.net https://embed.typeform.com https://*.maze.co/ https://cdn.hopper.com https://cdn.jsdelivr.net/ https://websdk.appsflyer.com; img-src 'self' https://* data: https://*.maze.co/; style-src 'self' 'unsafe-inline' https://assets.website-files.com/ https://accounts.google.com/ https://assets-global.website-files.com/ https://fonts.googleapis.com https://optimize.google.com/ https://p.typekit.net https://use.typekit.net https://embed.typeform.com https://*.maze.co/; connect-src https://* https://*.maze.co/; font-src 'self' data: https://* https://fonts.gstatic.com https://*.maze.co/; frame-ancestors 'self' *.hopper.com https://* 1
default-src 'none';style-src 'self' yastatic.net 'unsafe-inline' 'unsafe-eval' s3.mds.yandex.net s3.mdst.yandex.net;script-src 'self' yastatic.net mc.admetrica.ru mc.yandex.ru chat.s3.yandex.net api-maps.yandex.ru suggest-maps.yandex.net export.yandex.ru 'unsafe-eval' 'unsafe-inline' 'nonce-9b026e42-b03b-4211-91f7-1571e15a9235' https://yastatic.net/s3/frontend/butterfly/latest/butterfly.js;img-src 'self' yastatic.net https://ysa-static.passport.yandex.ru https://ysa-static.passport.yandex.net yandex.st data: mc.admetrica.ru mc.yandex.ru api-maps.yandex.ru *.captcha.yandex.net s3.mds.yandex.net s3.mdst.yandex.net avatars.mds.yandex.net avatars.mdst.yandex.net clck.yandex.ru *.maps.yandex.net yapic.yandex.ru img.yandex.ru static-maps.yandex.ru https://video-tub-ru.yandex.net https://img0-tub-ru.yandex.net https://img1-tub-ru.yandex.net https://img2-tub-ru.yandex.net https://img3-tub-ru.yandex.net yango.com blob:  mc.webvisor.com mc.webvisor.org https://downloader.disk.yandex.ru;font-src 'self' data: yastatic.net;object-src yastatic.net;media-src *.captcha.yandex.net data: yastatic.net;connect-src mail.yandex.ru 'self' mc.admetrica.ru mc.yandex.ru trust.yandex.ru trust.yandex.com suggest-maps.yandex.net mc.webvisor.com mc.webvisor.org yandex.ru api.passport.yandex.ru *.disk.yandex.net;frame-ancestors 'self';frame-src 'self' yandex.st s4.money.yandex.net https://yandex.ru/chat split.yandex.ru yastatic.net yandex.ru sso.passport.yandex.ru sso.ya.ru null pass.yandex.ru passport.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru magic.passport.yandex.ru https://yandex.ru/forms https://forms.yandex.ru/;child-src 'self' yandex.st yandex.ru null passport.yandex.ru pass.yandex.ru https://trust.yandex.ru blob: mc.yandex.ru;report-uri https://csp.yandex.net/csp?from=passport&project=passport&yandex_login=&yandexuid=;manifest-src 'self' yastatic.net 1
script-src 'nonce-G1MLyi4AozILuRIre1FnXg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com; base-uri 'none' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.bam-x.com https://*.attn.tv https://ln-rules.rewardstyle.com https://cdn.pbbl.co https://www.pinterest.com https://app.qubit.com blob: https://*.awin1.com https://*.zenaps.com https://gum.criteo.com https://*.abtasty.com https://events.release.narrativ.com https://*.powerreviews.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://www.emjcd.com https://www.mczbf.com https://www.sjwoe.com https://*.attn.tv https://events.attentivemobile.com https://events.release.narrativ.com https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.dermstore.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://cdn.cookielaw.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://*.abtasty.com data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.dermstore.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://static.narrativ.com https://cdn.attn.tv https://ln-rules.rewardstyle.com https://collector-8550.tvsquared.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://app.contentsquare.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.cookielaw.org blob: https://*.abtasty.com https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://*.powerreviews.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors  'self' https://*.uworld.com https://www.rogercpareview.com https://*.zeqo.com/ http://*.zeqo.com/; 1
frame-ancestors 'self' apachearimlbvip.corpuk.net 1
frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; connect-src viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 1
frame-src 'self' https://t1-integration.ru https://www.google.com; frame-ancestors 'self' t1-integration.ru https://www.google.com; 1
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' mailto: tel: https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://iveco.com.br https://maps.google.com https://c.contentsquare.net https://t.contentsquare.net https://cnhidcx.fra1.qualtrics.com https://www.facebook.com https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.ivecogroup.com https://cpqr.iveco.com  https://open.spotify.com  https://iveco.ubiest.com  https://tools.eurolandir.com  https://vimeo.com  https://www.youtube-nocookie.com  https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://www.google.pl https://ad.doubleclick.net *.contentsquare.net https://l.contentsquare.net https://c.contentsquare.net https://maps.gstatic.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.google.it https://px4.ads.linkedin.com https://www.facebook.com https://www.google.com  https://www.googletagmanager.com https://fra1.qualtrics.com  https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline'  https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline'  https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://s.go-mpulse.net https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://c.contentsquare.net https://app.contentsquare.com https://t.contentsquare.net https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net  https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com  https://player.vimeo.com https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com  https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com  https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com https://vimeo.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://api.ipify.org https://rdap.arin.net https://maps.googleapis.com https://rdap.db.ripe.net *.akstat.io https://c.go-mpulse.net https://analytics.google.com https://dataplane.rum.eu-central-1.amazonaws.com https://sts.eu-central-1.amazonaws.com https://cognito-identity.eu-central-1.amazonaws.com https://px.ads.linkedin.com https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://www.facebook.com *.contentsquare.net https://iveco.com.br https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://c.contentsquare.net https://maps.googleapis.com https://region1.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.iveco.com https://cpqr.ivecogroup.com https://player.vimeo.com https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com https://vimeo.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://player.vimeo.com https://t.contentsquare.net https://app.contentsquare.com https://maps.googleapis.com   https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com; child-src blob:; worker-src blob:; 1
base-uri 'self' https://cdn.intersight.com/; child-src 'self' https://intersight.com/ https://cdn.intersight.com/ https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com; default-src 'self' https://cdn.intersight.com/; font-src 'self' data: https://cdn.intersight.com/; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://cdn.intersight.com/; object-src 'none'; img-src 'self' data: https://cdn.intersight.com/; form-action 'self' https://intersight.com/ https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com; script-src 'self' https://cdn.intersight.com/; sandbox allow-modals allow-scripts allow-same-origin allow-popups allow-forms allow-downloads; connect-src 'self' https://cdn.intersight.com/ https://status.intersight.com https://download.intersight.com/ wss://socket.intersight.com wss://intersight.com wss://*.intersight.com; frame-src 'self' data: blob: https://intersight.com/ https://cdn.intersight.com/  https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com https://www.youtube.com/; 1
default-src data: 'unsafe-inline' 'unsafe-eval'  			https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:;  			img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:;  			child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'self'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com https://*.facebook.com https://*.google.com; connect-src 'self' https://*.mopinion.com https://*.addthis.com https://www.clarity.ms https://www.google-analytics.com; font-src 'self' https://use.fontawesome.com https://*.mopinion.com https://fonts.gstatic.com https://unpkg.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://* * blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com https://*.mopinion.com https://connect.facebook.net https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://*.facebook.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://pagination.js.org https://cdnjs.cloudflare.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net https://*.mopinion.com https://use.fontawesome.com https://*.addthis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName; upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-5b3f524aecff96bf09e82b77fa3c22be'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.lovoo.com cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://*.onetrust.com wss://cl-messaging.lovoo.com https://*.facebook.com https://*.facebook.net; font-src 'self' https://*.lovoo.com https://cdnjs.cloudflare.com; frame-src 'self' https://js.stripe.com https://m.stripe.network https://www.google.com https://api.paymentwall.com https://*.googlesyndication.com https://*.lovoo.com https://giphy.com; img-src 'self' data: https://api.paymentwall.com https://cdn.cookielaw.org https://*.googlesyndication.com https://*.lovoo.com https://storage.googleapis.com/img.lovoo.com/; manifest-src 'self' https://*.lovoo.com; media-src 'self' https://*.lovoo.com; worker-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubee5d7575130b1e76f123c4bd27d709ad&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aweb-backend%2Cenv%3Aprod 1
default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.conversationalsdevelopment.nl cdn.seamly-app.com; style-src 'self' 'unsafe-inline' *.rvo.nl cdn.seamly-app.com; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rvochat.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.pusher.com wss://*.pusher.com *.obi4wan.com wss://api.seamly-app.com api.seamly-app.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.seamly-app.com *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self'; frame-src 'self' *.rvo.nl; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.seamly-app.com; upgrade-insecure-requests; report-uri https://sentry.dtnr.nl/api/23/security/?sentry_key=75abd3b6f5714c10b9152afedb286218&sentry_environment=prod 1
frame-ancestors 'self' https://www.thenation.com https://www.rfi.fr bo.francemm.com http://rec.bo.francemm.com https://rec.rfi.fr 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/20920185503.js https://www.googletagmanager.com/debug/ https://www.googleadservices.com/pagead/ https://www.googleadservices.com/pagead/conversion/ https://www.redditstatic.com/ads/pixel.js *.appsflyer.com appsflyer.com *.hotjar.com hotjar.com *.onelink.me *.onelink.me *.oribi.io bat.bing.com *.bat.bing.com code.jquery.com/jquery-3.6.0.min.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js *.optimizely.com optimizely.com cdn.segment.com cdn.segment.com/analytics.js/ taboola.com *.taboola.com clarity.ms *.clarity.ms connect.facebook.net googleads.g.doubleclick.net/pagead/viewthroughconversion/ googleadservices.com analytics.tiktok.com https://chatbot.backoffice.gympass.com/chatbot-site-gympass-com.js https://js-na1.hs-scripts.com https://js.hscollectedforms.net js.hs-analytics.net/analytics/ js.hs-banner.com/ js.hs-scripts.com/ js.hsadspixel.net/fb.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/ https://s3.amazonaws.com/raichu-beta/selos/bundle.js https://sdk.inbenta.io snap.licdn.com https://static.zdassets.com https://tags.crwdcntrl.net https://widget-mediator.zopim.com https://www.google-analytics.com/collect https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/gtm.js x.clearbitjs.com tag.clearbitscripts.com/v1/ j.6sc.co/6si.min.js js.driftt.com/include/ js.usemessages.com/conversations-embed.js rum-static.pingdom.net/ s.yimg.com/wi/ytc.js tpc.googlesyndication.com/ unpkg.com/blip-chat-widget https://static.play.ht/playht-pageplayer-plugin.js; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/debug/badge.css https://sdk.inbenta.io fonts.googleapis.com https://s3.amazonaws.com/raichu-beta/selos/styles.css https://static.play.ht/playht-pageplayer-plugin.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://w.clarity.ms/collect https://rum.browser-intake-datadoghq.com/api/v2/rum https://sdk.iad-03.braze.com/api/v3/data/ https://trc.taboola.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/20920185503.js https://www.google.com/pagead/ appsflyer.com *.appsflyer.com hotjar.com *.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com hubspot.com *.hubspot.com inbenta.io *.inbenta.io onelink.me *.onelink.me optimizely.com *.optimizely.com oribi.io *.oribi.io analytics.google.com https://www.google.com.br https://adservice.google.com api.hubapi.com api.segment.io cdn.segment.com app.clearbit.com bat.bing.com cds.taboola.com pips.taboola.com https://trc-events.taboola.com epsilon.6sense.com https://epsilon-cloudfront.6sense.com forms.hsforms.com https://analytics.tiktok.com https://c.6sc.co ipv6.6sc.co https://ekr.zdassets.com https://static.zdassets.com https://gympasshelp.zendesk.com https://gympasshelp.zendesk.com/embeddable_blip https://gympasshelp.zendesk.com/embeddable/config https://gympasshelp1633549875.zendesk.com https://iosite.reclameaqui.com.br https://maps.googleapis.com https://rum-http-intake.logs.datadoghq.com https://secure.adnxs.com https://tags.crwdcntrl.net unlogged.users.gympass-staging.com unlogged.users.gympass.com https://www.facebook.com https://www.google-analytics.com https://zendesk-eu.my.sentry.io js.hs-banner.com k.clarity.ms rum-collector-2.pingdom.net s.yimg.com stats.g.doubleclick.net wss://widget-mediator.zopim.com https://play.ht/api/v2/; font-src 'self' data: https://assets-cdn.gympass.com https://cdn.inbenta.io fonts.gstatic.com https://dhm5hy2vn8l0l.cloudfront.net https://script.hotjar.com https://s3.amazonaws.com/play-plugin/build/font; frame-src 'self' https://tsdtocl.com/ https://gympass.chat.blip.ai optimizely.com *.optimizely.com bid.g.doubleclick.net forms.hsforms.com js.driftt.com meetings.hubspot.com tpc.googlesyndication.com vars.hotjar.com facebook.com *.facebook.com; img-src 'self' data: https://s3.amazonaws.com/raichu-beta/ https://developers.google.com/maps/ https://assets-cdn.gympass.com https://assets-cdn.gympass.com https://www.googletagmanager.com/debug/ https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png https://alb.reddit.com/ https://p.adsymptotic.com https://www.googletagmanager.com *.inbenta.com inbenta.com https://gympass-staging-images-us.s3.amazonaws.com https://images.partners.gympass.com https://maps.googleapis.com https://maps.gstatic.com cloudfront.net *.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences b.6sc.co bat.bing.com cds.taboola.com forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net linkedin.com *.linkedin.com sp.analytics.yahoo.com track.hubspot.com facebook.com https://www.facebook.com https://www.google-analytics.com google.com google.com.br https://www.google.com/pagead/1p-user-list/ https://www.google.com.br/pagead/1p-user-list/ https://cdn.jsdelivr.net https://gympass-images-us.s3.amazonaws.com/image/ https://images.partners.gympass.com/image/ https://www.googleadservices.com/pagead/conversion/ https://trc.taboola.com/ https://c.bing.com https://c.clarity.ms https://script.hotjar.com https://cdn.optimizely.com https://connect.facebook.net https://www.google.com https://www.google.com.br https://gympass-images-us.s3.amazonaws.com; manifest-src 'self'; media-src 'self' https://static.zdassets.com; worker-src 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://cohere.io https://*.cohere.io https://*.visualforce.com; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.miodottore.it doctoraliaone-it2-candidate.azurewebsites.net 1
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.console.glassboxsaas.com *.coop.co.uk *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com *.google.com *.googleadservices.com *.quantserve.com *.ads-twitter.com *.g.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.teads.tv *.demdex.net rules.quantcount.com *.licdn.com *.onetrust.com https://cdn.indicative.com https://api.indicative.com https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.adalyser.com;  style-src * 'unsafe-inline';  img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com ads-twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com *.google.com pixel.quantserve.com t.co t.teads.tv *.linkedin.com https://*.thisisdax.com *.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.ie https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.adalyser.com;  font-src 'self' coop-fonts.s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk;  media-src *;  object-src youtube.com vimeo.com;  frame-src 'self' https://coop-csc.my.salesforce-sites.com https://cooperativegroup.demdex.net https://forms.office.com https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.googletagmanager.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com;  connect-src *.console.glassboxsaas.com https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.g.doubleclick.net *.onetrust.com https://api.indicative.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.ie https://optimisation.coop.co.uk https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.coop.co.uk ads-twitter.com ads-api.twitter.com https://analytics.twitter.com;  worker-src blob:; 1
frame-ancestors 'self' https://www.iprusalesbeta.com http://ribstg.icicibankltd.com:9082 https://*.iciciprulife.com https://*.icicibank.com https://www.cardekho.com http://www.firstcry.com http://www.moneycontrol.com https://economictimes.indiatimes.com http://www.mensxp.com http://www.idiva.com https://timesofindia.indiatimes.com http://www.businessinsider.in https://www.valueresearchonline.com https://www.indiatimes.com https://m.timesofindia.com https://m.economictimes.com https://secure.icicidirect.com https://*.addng.com https://*.gettng.com https://india-stage.icicibank.adobecqms.net/ https://country1.icicibank.adobecqms.net/ https://www.icicibank.com/ https://author-icicibank-stage.adobecqms.net/ https://author-icicibank-preprod.adobecqms.net/ https://author-icicibank-prod.adobecqms.net/; 1
report-uri https://milvus.com.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://assets.infosec.exchange 'wasm-unsafe-eval'; font-src 'self' https://assets.infosec.exchange; img-src 'self' data: blob: https://assets.infosec.exchange https://media.infosec.exchange; style-src 'self' https://assets.infosec.exchange 'nonce-o78PdchBcSE7NGd/v1bW8w=='; media-src 'self' data: https://assets.infosec.exchange https://media.infosec.exchange; frame-src 'self' https:; child-src 'self' blob: https://assets.infosec.exchange; worker-src 'self' blob: https://assets.infosec.exchange; connect-src 'self' blob: data: wss://streaming.infosec.exchange https://assets.infosec.exchange https://media.infosec.exchange; manifest-src 'self' https://assets.infosec.exchange; form-action 'self' 1
frame-ancestors 'self' ;report-uri /Handlers/Analytics/CspViolation.ashx 1
font-src *.fontawesome.com *.typekit.net *.twilio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.aurusepay.com *.auruspay.com h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com h.online-metrix.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.google.com *.googletagmanager.com s7d1.scene7.com *.rfksrv.com scene7.zumiez.com scene7.zumiez.ca *.gstatic.com *.crowdtwist.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com h.online-metrix.net *.googletagmanager.com tracking.deepsearch.adlucent.com *.newrelic.com *.twilio.com *.scarabresearch.com *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.typekit.net *.aurusepay.com *.auruspay.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com ws: h.online-metrix.net *.twilio.com *.zumiez.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net analytics.google.com bam.nr-data.net *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://uat.hlisb.com.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my 1
script-src 'strict-dynamic' 'nonce-55e6c3d03a0b4ee5b61ab1f1ec7cbf7b' https: 'unsafe-inline' 'unsafe-eval' 'sha256-Uso0LfeBshT35JP1WDzn9KF9S1vFB3Qjf3whX63+p9Y' 'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo' 'sha256-up0uZfQVTmUQiOTQxNJmLrgq6IRkI7viZcpQMmVQl4o' 'sha256-1DKvbN+HgsZeFhE0aOvW80/CLSZqmIf80iKV8fr7Zms' 'sha256-Cew3JHaYZQh1NXER6+zMiIs0A5T4VeVm7LE56DDuTeQ' 'sha256-7IWl402jAQKfrGk0oeHEc2rO55/ibilfjzw9t/wh2zE' 'sha256-7kB9hVY6TOyKnT4HzvfGkVb5WepuCfi78o2NoWu0diI' 'sha256-rugzeIeOAbHu8C2ZBKnm6BEVkJn83Qjckw74j9LCVhg' 'sha256-8RIg1eUhopcNp9CzGBkk+nhNOkAoJ38tBWvNCcqx42M' 'sha256-4kdQEMufGIybwc/IpC5J8LiTAYOZ3uyqXbdNNxR9G18' 'sha256-MujPPKAkqxKI8F8pVMdmvdGMYzioyawJAheU44lV+ZY'; object-src https://secure.donorschoose.org/ https://donorschoose-storage.s3.amazonaws.com/ https://h.online-metrix.net/; base-uri https://www.donorschoose.org/ https://secure.donorschoose.org/; report-uri https://www.donorschoose.org/common/csp-report.html; frame-ancestors 'self' https://*.donorschoose.org https://*.donorschoose.net 1
frame-ancestors 'self' *.facebook.com *.oponeo.pl 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; child-src blob:; frame-src https:; media-src https: blob:; 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.gstatic.com https://*.google.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://*.sharethis.com https://platform.twitter.com/widgets.js https://assets.juicer.io/embed.js https://pagecdn.io/ https://maps.googleapis.com https://cdn.jsdelivr.net https://www.recaptcha.net https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com https://www.googleoptimize.com/ https://connect.facebook.net *.flowpaper.com https://static.hotjar.com/ https://script.hotjar.com/ https://www.youtube.com/ https://static.userback.io/widget/v1.js https://px.ads.linkedin.com/ https://snap.licdn.com/ https://infogram.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://assets.juicer.io/embed.css https://fonts.googleapis.com/ https://tagmanager.google.com https://cdn.jsdelivr.net https://optimize.google.com *.flowpaper.com https://use.typekit.net/xys3hyc.css https://p.typekit.net/ https://static.userback.io/; img-src 'self' data: https:;; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://*.google.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org/ https://datawrapper.dwcdn.net/ https://player.vimeo.com/ https://platform.twitter.com/ *.salesforce.com *.force.com *.visualforce.com *.documentforce.com  https://www.slideshare.net/ *.flowpaper.com https://counter.theconversation.com https://www.recaptcha.net https://www.buzzsprout.com/ https://cdn.knightlab.com https://zhenmao.github.io/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://value-of-vaccination-nepej.ondigitalocean.app/ https://www.facebook.com/ https://public.tableau.com/ https://www.tiktok.com/ https://audiovisual.ec.europa.eu/ https://ec.europa.eu/ https://infogram.com https://*.maptiler.com; frame-ancestors 'self'; child-src blob:; font-src 'self' https://fonts.gstatic.com https://static.juicer.io https://www.slideshare.net/ https://use.typekit.net https://zhenmao.github.io/ https://script.hotjar.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://we.are.expensify.com www.expensify.com https://new.expensify.com 1
default-src 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors 'self' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data: 1
frame-ancestors 'self';  default-src 'self' tn.edu.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tn.edu.tw  ;  connect-src 'self' tn.edu.tw  ;  frame-src tn.edu.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: www.recaptcha.net/recaptcha www.google.com/recaptcha www.gstatic.com/recaptcha 'nonce-WQwSWccAWl1S+hMBUmXk5Q=='; style-src 'self' https: 'nonce-WQwSWccAWl1S+hMBUmXk5Q==' 1
frame-ancestors https://*.maropost.com https://*.neto.com.au https://netohq.com https://www.netohq.com; 1
frame-ancestors https://*.gap.im https://*.gaplication.com 1
default-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com media.ssr.nl www.rovid.nl app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline'; script-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.rechtspraak.nl d6tizftlrpuof.cloudfront.net 'unsafe-inline'; img-src 'self' data: *.rechtspraak.nl *.rechtspraak.nl rechtspraak.piwikpro.com virtuele-tour-rechtspraak.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.rovid.nl; frame-ancestors 'none' 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.dafdirect.org pay.google.com *.paypal.com *.paypalobjects.com https://www.instagram.com *.tiktokcdn-us.com https://pay.google.com https://static.fundraiseup.com https://cdn.fundraiseup.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com/ https://js.verygoodvault.com https://a.gusc.cartocdn.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://s7.addthis.com https://cdn.signalfx.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://www.tiktok.com https://cdn.insight.sitefinity.com https://unpkg.com/ https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://fastaction.ngpvan.com https://js2.verygoodvault.com https://profile.ngpvan.com https://d3rse9xjbp8270.cloudfront.net https://www.youtube-nocookie.com https://secure.everyaction.com https://rules.quantcount.com https://secure.quantserve.com https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://www.dafdirect.org *.tiktokcdn-us.com https://ci-sharks.s3.amazonaws.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://embed.typeform.com https://unpkg.com/ https://unpkg.com/leaflet@1.7.1 https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://ci-everyaction-public.s3.amazonaws.com https://d3rse9xjbp8270.cloudfront.net https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://ciorg.imgix.net https://www.dafdirect.org https://ad.doubleclick.net t.paypal.com pay.google.com *.paypalobjects.com https://ucarecdn.com https://ci-sharks.s3.amazonaws.com https://a.gusc.cartocdn.com https://static.everyaction.com https://sp.analytics.yahoo.com https://upload.wikimedia.org https://www.clker.com https://ci-everyaction.imgix.net https://storage.googleapis.com https://api.mapbox.com https://ci-ooh.s3.amazonaws.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d3rse9xjbp8270.cloudfront.net http://cicloud.s3.amazonaws.com https://cicloud.s3.amazonaws.com https://pixel.quantserve.com https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://static.fundraiseup.com https://static.everyaction.com https://d3rse9xjbp8270.cloudfront.net sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://www.google.com/pay https://google.com/pay pay.google.com *.paypalobjects.com *.paypal.com https://www.facebook.com https://fndrsp-checkout.net https://api.fundraiseup.com https://sentry.fundraiseup.com https://fndrsp.net https://api-public.addthis.com https://rum-ingest.us1.signalfx.com https://geolocation.onetrust.com https://api.insight.sitefinity.com https://fastaction.ngpvan.com https://profile.ngpvan.com https://actions.everyaction.com https://secure.everyaction.com *.crazyegg.com https://recording.crazyegg.com https://privacyportal-eu.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src https://ooh.ciapps-aws.org https://dow8iayks4wtt.cloudfront.net http://cicloud.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com civideos.ciapps.org 'self' data: blob:; child-src 'self' https://embed.ted.com https://www.paypal.com https://www.paypalobjects.com https://td.doubleclick.net https://player.pbs.org https://www.instagram.com https://pay.google.com https://conservation.maps.arcgis.com https://js.verygoodvault.com https://s7.addthis.com/ https://v.qq.com https://js2.verygoodvault.com https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 1
default-src 'self'; script-src https://www.dropbox.com https://api.trello.com 'self' https://viewer.diagrams.net https://apis.google.com https://*.pusher.com 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-PDJOTCOfwIg8Ri7U2PH1pIpx+haCyKsJEbFxlW6hdSI=' 'sha256-6zAB96lsBZREqf0sT44BhH1T69sm7HrN34rpMOcWbNo=' 'sha256-3SkDBaLE+ouvAOfTmG2TGwmQ2EE9AT0F2YcHvZmEMeo=' 'sha256-vrEVJkYyBW9H4tt1lYZtK5fDowIeRwUgYZfFTT36YpE=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' 'sha256-vS/MxlVD7nbY7AnV+0t1Ap338uF7vrcs7y23KjERhKc=' ; connect-src https://*.dropboxapi.com https://api.trello.com 'self' https://*.draw.io https://*.diagrams.net https://*.googleapis.com wss://app.diagrams.net wss://*.pusher.com https://*.pusher.com https://api.github.com https://raw.githubusercontent.com https://gitlab.com https://graph.microsoft.com https://*.sharepoint.com https://*.1drv.com https://api.onedrive.com https://dl.dropboxusercontent.com https://api.openai.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data: blob:; media-src * data:; font-src * about:; frame-src 'self' https://viewer.diagrams.net https://www.draw.io https://*.google.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; base-uri 'none';child-src 'self';object-src 'none'; frame-ancestors 'self' https://teams.microsoft.com; 1
frame-ancestors 'self' https://ipbes.net; 1
frame-ancestors 'self' accounts2.creately.com msteams.creately.com app.creately.com app2.creately.com app-eu.creately.com api-eu.creately.com app-au.creately.com api-au.creately.com app-uae.creately.com api-uae.creately.com api.creately.com accounts.google.com docs.google.com teams.microsoft.com *.ngrok.io *.atlassian.net *.fic.cloud *.fullyincontrol.cloud *.sharepoint.com; 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
frame-ancestors 'self' https://www.livescore.com https://livescorebet.com https://www.livescorebet.com; 1
script-src 'unsafe-eval' blob: 'self' 'nonce-viWZrIRgMsSpHnIpmI2M' youtube.com 'unsafe-inline'; default-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com; style-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
default-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://www.caa.co.uk; style-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com www.youtube.com; connect-src 'self' *.google-analytics.com ginfoapi.caa.co.uk aircraftapi.caa.co.uk; img-src 'self' data: corpwebprduksumbraco.blob.core.windows.net www.google-analytics.com; script-src 'self' www.google.com www.gstatic.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com; manifest-src 'self'; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.nz http://*.mega.io; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io https://*.googletagmanager.com data: blob:; connect-src *.mega.co.nz *.mega.nz *.mega.io http://*.mega.nz http://*.mega.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz; frame-ancestors 'self' https://mega.nz/; 1
default-src 'none'; base-uri 'self' matomo.sletat.ru; object-src 'none'; block-all-mixed-content; connect-src 'self' sentry.io *.sletat.ru *.sletat.travel *.google.com google.ru *.google-analytics.com *.g.doubleclick.net yandex.ru *.yandex.ru *.tildacdn.com app.comagic.ru *.maptiler.com *.sletat.net maker.ifttt.com *.amocrm.ru *.mcruises.ru api.dashmail.com netlog.ru top-fwz1.mail.ru www.google.ru; font-src 'self' data: *.sletat.ru *.gstatic.com *.mcruises.ru *.tildacdn.com *.tophotels.ru yastatic.net; form-action 'self' data: sletat.ru www.facebook.com; frame-ancestors 'self' https://webvisor.com http://webvisor.com; frame-src *.sletat.ru sletat.ostrovok.ru *.google.com *.youtube.com *.fls.doubleclick.net *.g.doubleclick.net *.yandex.ru landing1.vipcruise.ru search.vcruiz.ru *.googletagmanager.com www.facebook.com forms.tildacdn.com amosletat.ru *.amocrm.ru  rtb.com.ru blob: tag.rutarget.ru tp.media yandex.ru; child-src blob: https://mc.yandex.ru; img-src 'self' data: *.sletat.ru sletat.ru click.topturizm.ru sletat.ru *.gstatic.com *.googleapis.com *.google.com *.google.ru *.googletagmanager.com *.yandex.ru *.storage.yandexcloud.net storage.yandexcloud.net counter.yadro.ru *.g.doubleclick.net *.maps.yandex.net *.google-analytics.com *.gstatic.com www.facebook.com yandex.ru avatars.mds.yandex.net yandex.st www.bontour.ru partner.tophotels.ru *.amocrm.ru *.tildacdn.com *.mcruises.ru ads.adfox.ru vk.com google.co.th top-fwz1.mail.ru banners.adfox.ru blob:; manifest-src 'self'; media-src *.sletat.ru sletat.ru dl.dropboxusercontent.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sletat.ru *.calltouch.ru *.google.com *.google.ru *.googletagservices.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com connect.facebook.net *.yandex.ru yandex.ru *.maps.yandex.net *.fls.doubleclick.net *.g.doubleclick.net code.jquery.com cdn.ravenjs.com *.tildacdn.com tilda.ws app.comagic.ru yastatic.net *.recaptcha.net partner.tophotels.ru *.rutarget.ru vk.com amosletat.ru *.amocrm.ru *.mcruises.ru *.youtube.com *.onef.pro cdnjs.cloudflare.com top-fwz1.mail.ru data:; style-src 'self' data: 'unsafe-inline' *.sletat.ru *.google.com *.googleapis.com www.gstatic.com *.g.doubleclick.net *.yandex.ru *.maps.yandex.net counter.yadro.ru *.tildacdn.com tilda.ws partner.tophotels.ru *.amocrm.ru *.mcruises.ru; worker-src blob: ; 1
frame-ancestors 'self' https://checkout.aireuropa.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hse.ie *.jquery.com *.adobedtm.com *.googletagmanager.com *.force.com *.cloudfront.net  *.salesforceliveagent.com *.cookielaw.org *.google-analytics.com *.hotjar.com *.healthatlasireland.ie *.cloudflare.com *.gstatic.com *.osi.ie *.juicer.io naashospital.ie *.twitter.com *.fbcdn.net *.fontawesome.com *.contactcentrechat.com *.usabilla.com *.google.com *.salesforce.com *.squiz.cloud *.containers.piwik.pro;img-src 'self' *.hse.ie *.ytimg.com *.google-analytics.com *.2o7.net *.osi.ie *.googletagmanager.com data: *.gstatic.com *.googleapis.com *.ggpht *.cloudfront.net *.cookielaw.org *.usabilla.com *.gravatar.com 1
default-src 'self' https://static.umang.gov.in  https://app.umang.gov.in https://cache.umang.gov.in https://apigw.umang.gov.in/ https://www.googletagmanager.com https://social.api-setu.in  https://fonts.googleapis.com https://dashboard.umangapp.in/ https://firebaseremoteconfig.googleapis.com https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com wss://ai.umangapp.in https://firebaseinstallations.googleapis.com/ https://ai.umangapp.in https://www.google-analytics.com https://stats.g.doubleclick.net https://apigw.umangapp.in https://media.umangapp.in https://use.fontawesome.com; frame-ancestors 'self' https://uslpay.com/web  https://web.umangapp.in/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uat.ai.umangapp.in https://social.api-setu.in https://apigw.umang.gov.in https://dashboard.umangapp.in/ https://cache.umang.gov.in https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://ai.umangapp.in https://stats.g.doubleclick.net https://ras.gov.in https://fonts.googleapis.com wss://ai.umangapp.in https://use.fontawesome.com https://media.umangapp.in  https://apigw.umangapp.in   https://static.umang.gov.in https://125.21.22.149:8585 https://test.payu.in https://www.billdesk.com https://apitest.payu.in https://acssimuat.payubiz.in  https://app.umang.gov.in uat.ai.umangapp.in https://web.umang.gov.in https://www.google-analytics.com https://aware-commons.s3.ap-south-1.amazonaws.com ; img-src 'self' data: https://uat.ai.umangapp.in https://social.api-setu.in https://apigw.umang.gov.in https://dashboard.umangapp.in/ https://cache.umang.gov.in https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com https://firebaseremoteconfig.googleapis.com https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://ai.umangapp.in https://stats.g.doubleclick.net https://ras.gov.in https://fonts.googleapis.com wss://ai.umangapp.in https://use.fontawesome.com https://media.umangapp.in  https://apigw.umangapp.in   https://static.umang.gov.in https://125.21.22.149:8585 https://test.payu.in https://www.billdesk.com https://apitest.payu.in https://acssimuat.payubiz.in  https://app.umang.gov.in uat.ai.umangapp.in https://web.umang.gov.in https://www.google-analytics.com https://aware-commons.s3.ap-south-1.amazonaws.com ; media-src 'self' blob:  *.umang.gov.in https://firebaseremoteconfig.googleapis.com https://apigw.umang.gov.in https://social.api-setu.in https://dashboard.umangapp.in/ https://fonts.googleapis.com https://cache.umang.gov.in https://uat.ai.umangapp.in https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://ai.umangapp.in https://stats.g.doubleclick.net https://ras.gov.in https://fonts.googleapis.com wss://ai.umangapp.in https://use.fontawesome.com https://media.umangapp.in  https://apigw.umangapp.in   https://static.umang.gov.in https://125.21.22.149:8585 https://test.payu.in https://www.billdesk.com https://apitest.payu.in https://acssimuat.payubiz.in  https://app.umang.gov.in uat.ai.umangapp.in https://web.umang.gov.in https://www.google-analytics.com https://aware-commons.s3.ap-south-1.amazonaws.com ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://apigw.umang.gov.in https://social.api-setu.in https://cache.umang.gov.in https://dashboard.umangapp.in/ https://ai.umangapp.in https://firebaseinstallations.googleapis.com/ https://ai.umangapp.in https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ai.umangapp.in https://media.umangapp.in https://fonts.googleapis.com https://ras.gov.in wss://ai.umangapp.in https://test.payu.in https://www.google-analytics.com https://stgweb.umang.gov.in https://apigw.umangapp.in   https://acssimuat.payubiz.in https://www.billdesk.com https://apitest.payu.in https://acssimuat.payubiz.in https://stgweb.umang.gov.in  https://fonts.gstatic.com https://125.21.22.149:8585 https://uat.ai.umangapp.in https://app.umang.gov.in https://static.umang.gov.in https://www.googletagmanager.com https://app.umang.gov.in https://web.umang.gov.in https://aware-commons.s3.ap-south-1.amazonaws.com ; font-src 'self' https://use.fontawesome.com https://dashboard.umangapp.in/ https://firebaseremoteconfig.googleapis.com https://cache.umang.gov.in https://social.api-setu.in  https://apigw.umang.gov.in https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://fonts.googleapis.com https://apigw.umangapp.in https://media.umangapp.in  https://test.payu.in https://stgweb.umang.gov.in  wss://ai.umangapp.in https://ras.gov.in  https://www.billdesk.com  https://acssimuat.payubiz.in  https://apitest.payu.in  https://fonts.gstatic.com https://125.21.22.149:8585 uat.ai.umangapp.in https://app.umang.gov.in https://web.umang.gov.in https://ras.gov.in https://static.umang.gov.in https://jsbin-user-assets.s3.amazonaws.com  https://aware-commons.s3.ap-south-1.amazonaws.com data:; frame-src 'self' https://umangresults.digilocker.gov.in https://www.googletagmanager.com https://dashboard.umangapp.in/ https://ai.umangapp.in https://social.api-setu.in https://www.google-analytics.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://cache.umang.gov.in https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://ras.gov.in wss://ai.umangapp.in https://use.fontawesome.com https://media.umangapp.in  https://stgweb.umang.gov.in https://apigw.umangapp.in   https://test.payu.in https://apitest.payu.in https://www.billdesk.com https://acssimuat.payubiz.in  youtube.com https://125.21.22.149:8585 https://web.umang.gov.in https://accounts.google.com http://www.youtube.com http://www.youtube-nocookie.com https://aware-commons.s3.ap-south-1.amazonaws.com  https://static.umang.gov.in https://app.umang.gov.in ; connect-src 'self' https://apigw.umangapp.in https://stats.g.doubleclick.net https://firebaseinstallations.googleapis.com/ https://apigw.umang.gov.in https://social.api-setu.in https://www.google-analytics.com https://firebaseremoteconfig.googleapis.com https://cache.umang.gov.in https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://ai.umangapp.in https://s3-umangconvai-prod-chatbot.s3.ap-south-1.amazonaws.com https://dashboard.umangapp.in/ https://use.fontawesome.com wss://ai.umangapp.in https://apigw.umangapp.in/ https://media.umangapp.in  https://apis.google.com https://ras.gov.in https://web.umang.gov.in https://test.payu.in https://apitest.payu.in https://www.billdesk.com https://stgweb.umang.gov.in  https://acssimuat.payubiz.in  https://125.21.22.149:8585 https://uat.ai.umangapp.in https://dashboard.umang.gov.in https://media.umangapp.in https://static.umang.gov.in https://web.umang.gov.in https://app.umang.gov.in https://www.google-analytics.com https://aware.senseforth.com wss://uat.ai.umangapp.in ; object-src 'none'  1
default-src 'self' https://app.igodigital.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://app.igodigital.com https://amplify.outbrain.com https://wave.outbrain.com  https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://record.foresee.com https://survey.foreseeresults.com https://gateway.foresee.com https://geocoding.geo.census.gov https://activitymap.adobe.com  https://www.redditstatic.com https://amplify.outbrain.com https://googleads.g.doubleclick.net https://tr.outbrain.com https://www.googleadservices.com https://www.googletagmanager.com  https://www.redditstatic.com https://amplify.outbrain.com https://script.crazyegg.com  https://snap.licdn.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://d3js.org https://public.tableau.com https://api.tiles.mapbox.com https://www.googleapis.com https://rwjfcultureofhealthblog.disqus.com  https://v1.addthisedge.com https://m.addthis.com https://z.moatads.com https://s7.addthis.com https://platform.twitter.com  https://bam.nr-data.net https://www.gstatic.com https://use.typekit.net https://assets.adobedtm.com https://www.google.com https://www.youtube.com https://connect.facebook.net https://platform.linkedin.com https://siteimproveanalytics.com https://gateway.foresee.com https://p.teads.tv https://js-agent.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com  https://record.foresee.com https://survey.foreseeresults.com https://gateway.foresee.com https://script.crazyegg.com https://content-builder.s6.marketingcloudapps.com  https://snap.licdn.com https://cdnjs.cloudflare.com https://unpkg.com https://d3js.org https://unpkg.com https://public.tableau.com/javascripts/api/viz_v1.js   https://public.tableau.com https://www.googleapis.com https://api.tiles.mapbox.com  https://assets.adobedtm.com https://gateway.foresee.com https://connect.facebook.net https://js-agent.newrelic.com https://www.gstatic.com https://www.youtube.com https://bam.nr-data.net https://googleads.g.doubleclick.net https://s7.addthis.com https://p.teads.tv https://www.googletagmanager.com  https://siteimproveanalytics.com https://use.typekit.net https://use.typekit.net/odf2eto.js https://script.crazyegg.com https://platform.twitter.com https://www.google.com;font-src 'self'  https://cxsurvey.foresee.com https://gateway.foresee.com https://gateway.foresee.com https://fonts.gstatic.com  https://use.typekit.net https://syndication.twitter.com https://v1.addthisedge.com https://www.googleadservices.com https://www.gstatic.com https://z.moatads.com https://gateway.foresee.com ;img-src 'self' https://public.tableau.com https://i.ibb.co https://image.rwjfmail.org https://i.ytimg.com https://image.rwjfmail.org https://cxsurvey.foresee.com https://gateway.foresee.com https://s.foresee.com https://static.foresee.com https://gateway.foresee.com https://rwjf.scene7.com https://s7d9.scene7.com  https://i.ytimg.com https://www.rwjf.org https://beta.rwjf.org https://googleads.g.doubleclick.net https://tr.outbrain.com https://alb.reddit.com https://p.adsymptotic.com https://cdnjs.cloudflare.com  https://px.ads.linkedin.com  https://www.linkedin.com https://px4.ads.linkedin.com https://gateway.foresee.com https://dpm.demdex.net https://img.youtube.com https://api.mapbox.com https://bsec.rwjf.org  https://cm.everesttech.net https://syndication.twitter.com https://p.typekit.net https://rwjf.d1.sc.omtrdc.net https://www.facebook.com https://px.ads.linkedin.com https://t.teads.tv https://www.google.com https://www.gstatic.com https://l.teads.tv https://88817.global.siteimproveanalytics.io data:; connect-src 'self' https://syndication.twitter.com https://cm.teads.tv https://t.teads.tv https://bam.nr-data.net https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://cdn.linkedin.oribi.io  https://m.addthis.com https://pagead2.googlesyndication.com https://robertwoodjohnsonfou.tt.omtrdc.net https://dpm.demdex.net https://www.facebook.com https://events.mapbox.com https://assets-tracking.crazyegg.com  https://tracking.crazyegg.com https://events.mapbox.com  https://pagestates-tracking.crazyegg.com  https://rwjf.d1.sc.omtrdc.net https://tr.outbrain.com https://script.crazyegg.com https://api.mapbox.com https://api.ipdata.co https://www.googleapis.com https://dayintegrationintern.tt.omtrdc.net  https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.foreseeresults.com wss://hoover.foresee.com https://hoover.foresee.com https://analytics.foresee.com https://cxsurvey.foresee.com  https://gateway.foresee.com https://record.foresee.com https://survey.foreseeresults.com wss://hoover.foresee.com https://hoover.foresee.com https://www.google.com; style-src 'self' 'unsafe-inline'    'strict-dynamic'  https://cxsurvey.foresee.com  https://cdn.quilljs.com  https://cdnjs.cloudflare.com https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com  https://api.tiles.mapbox.com  https://www.gstatic.com https://fonts.googleapis.com https://p.typekit.net https://cxsurvey.foresee.co  https://hoover.foresee.com wss://hoover.foresee.com https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.foreseeresults.com https://dayintegrationintern.tt.omtrdc.net  https://tr.outbrain.com https://www.googleapis.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://www.facebook.com https://device.4seeresults.com  https://cdn.linkedin.oribi.io https://brain.foresee.com https://rwjf.d1.sc.omtrdc.net  https://api.ipdata.co  https://b.tiles.mapbox.com  https://a.tiles.mapbox.com https://api.mapbox.com https://bam.nr-data.net https://analytics.foresee.com  https://t.teads.tv https://cm.teads.tv/ https://robertwoodjohnsonfou.tt.omtrdc.net https://script.crazyegg.com https://syndication.twitter.com/ https://www.google.com https://dpm.demdex.net;report-uri  https://t.teads.tv https://bam.nr-data.net https://dpm.demdex.net; frame-src 'self' https://bid.g.doubleclick.net https://www.linkedin.com https://www.twitter.com  https://beta.rwjf.org https://td.doubleclick.net https://activitymap.adobe.com   https://lang-insights.us.sfmc-einstein.com https://www.rwjf.org https://dev.rwjf.cloud https://content-builder.s6.marketingcloudapps.com https://art.kunstmatrix.com https://w.soundcloud.com https://app.smartsheet.com https://public.tableau.com  https://bluemarblequiz.org https://www.youtube.com  https://robertwoodjohnsonfoundation.demdex.net https://cdnjs.cloudflare.com https://cdn.quilljs.com  https://disqus.com https://platform.twitter.com https://s7.addthis.com https://www.facebook.com https://www.google.com; style-src-elem 'self' 'unsafe-inline'  https://p.typekit.ne https://use.typekit.net  https://cdnjs.cloudflare.com https://cdn.quilljs.com https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com https://gateway.foresee.com; prefetch-src 'self' https://c.disquscdn.com https://disqus.com; worker-src 'self' data: blob: ; frame-ancestors 'self'  https://www.rwjf.org https://prod.rwjf.org  https://app.igodigital.com https://www-mc-s6.exacttargetapis.com https://members.s6.exacttarget.com https://*.marketingcloudapps.com https://*.marketingcloudapps.com https://lang-insights.us.sfmc-einstein.com https://mc.s6.exacttarget.com https://content-builder.s6.marketingcloudapps.com; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-0785497740fc948f176bdccef16aa739' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1085793517726701; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1085793517726701 1
frame-ancestors 'self' *.educba.com 1
frame-ancestors 'self' https://rdc.reed.edu; 1
frame-ancestors https://*.isomedia.com/ 'self'; 1
frame-ancestors 'self' https://*.khapps.com https://*.khapps.jp; 1
script-src 'sha256-Q8fiCmIeOakDMke1sI5pcFjzEGRAzanhIET4HnTXyvc=' 'nonce-1ks/af2Z9GzOQofG2BOFHw==' 'strict-dynamic' https: 'unsafe-inline' 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self' 1
frame-ancestors 'self' omni.emich.edu; 1
frame-ancestors *.breitling.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.appboycdn.com https://*.google-analytics.com https://player.vimeo.com https://*.vimeocdn.com https://www.googletagmanager.com https://*.googleapis.com https://trackcmp.net https://*.cloudflare.com https://static.doubleclick.net https://*.google.com https://www.youtube.com https://*.app-us1.com https://connect.facebook.net https://static.rfstat.com https://www.gstatic.com https://yookassa.ru https://*.paddle.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://c.sf-syn.com https://www.googleadservices.com https://static.yoomoney.ru https://*.livechatinc.com https://appleid.cdn-apple.com https://www.dropbox.com https://*.renderforest.com data: blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.appboycdn.com https://*.google-analytics.com https://player.vimeo.com https://*.vimeocdn.com https://www.googletagmanager.com https://*.googleapis.com https://trackcmp.net https://*.cloudflare.com https://static.doubleclick.net https://*.google.com https://www.youtube.com https://*.app-us1.com https://connect.facebook.net https://static.rfstat.com https://www.gstatic.com https://yookassa.ru https://*.paddle.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://c.sf-syn.com https://www.googleadservices.com https://static.yoomoney.ru https://*.livechatinc.com https://appleid.cdn-apple.com https://www.dropbox.com https://*.renderforest.com data: blob:; report-uri https://bx1s4jrg.uriports.com/reports/report; report-to default 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:  wss:; frame-src https: appsflyerevent: fbrpc:; img-src https: blob: data:; report-uri https://internations.report-uri.com/r/t/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://edge.fullstory.com https://rs.fullstory.com *.quest.com *.livehelpnow.net; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com developer.livehelpnow.net *.youtube.com; img-src 'self' https: data: developer.livehelpnow.net rs.fullstory.com *.youtube.com; frame-src 'self' https: app.powerbi.com *.blob.core.windows.net *.youtube.com; font-src 'self' https: data: fonts.gstatic.com cdn.livehelpnow.net; media-src developer.livehelpnow.net; connect-src 'self' https: *.azurewebsites.net *.blob.core.windows.net rmaz-config.s3.amazonaws.com *.azure-api.net edge.fullstory.com rs.fullstory.com *.quest.com *.quest-on-demand.com *.dev.xcloud.ninja *.notification.xcloud.ninja fonts.gstatic.com developer.livehelpnow.net wss://app.livehelpnow.net wss://*.service.signalr.net *.youtube.com; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors 'self' https://app.useberry.com; upgrade-insecure-requests 1
default-src 'self'; object-src 'none'; connect-src 'self' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://prc-search.squiz.cloud; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com; child-src 'self' https://player.vimeo.com https://omny.fm https://s7.addthis.com https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com https://www.google.com/ https://vimeo.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://via.placeholder.com https://i.vimeocdn.com https://*.addthis.com https://log.pinterest.com https://www.google.com.au/ads/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://s3.amazonaws.com/icomoon.io/; 1
default-src 'self' 'unsafe-inline' ; frame-ancestors https://pos.uhaul.net; 1
default-src 'self' https:;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;img-src 'self' https: data:;manifest-src 'none';object-src 'none';script-src 'self' https://tagmanager.google.com https://www.googletagmanager.com/ https://www.google.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://adservice.google.com/ https://ajax.googleapis.com/ https://apis.google.com/ https://unpkg.com/ https://www.gstatic.com/ https://gstatic.com https://accounts.google.com/gsi/client;style-src 'self' https://unpkg.com/ https://pub.dartlang.org/static/ 'unsafe-inline' https://fonts.googleapis.com/ https://gstatic.com https://www.gstatic.com/ https://tagmanager.google.com https://accounts.google.com/gsi/style 1
default-src 'none'; 1
frame-ancestors https://www.enel.com 1
default-src https: 'self'; font-src https: data:;  img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarkcountynv.gov https://*.govdelivery.com  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.jsdelivr.net https://*.jquery.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://*.govdelivery.com https://s3.amazonaws.com http://*.leg.state.nv.us/ http://*.facebook.net/ http://*.simpli.fi/ https://static.ctctcdn.com/; style-src * 'unsafe-inline' 1
frame-ancestors 'self' *.ne10.uol.com.br ne10.uol.com.br *.produtos.interior.ne10.uol.com.br produtos.interior.ne10.uol.com.br *.sjcc.com.br sjcc.com.br *.blogdoadepto.pt blogdoadepto.pt *.grupojcpm.sharepoint.com grupojcpm.sharepoint.com *.multitopicos.com.br multitopicos.com.br; 1
report-uri /main/report-csp-violation; upgrade-insecure-requests 1
child-src 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self' https://eyfs.info https://billing.tapestry.info https://billing.tapestryjournal.com.au https://cpd.tapestry.info; frame-ancestors 'none'; img-src 'self' blob: data:; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 1
font-src fonts.gstatic.com cdn.livechatinc.com stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.dotit.com dotit.wufoo.com stats.g.doubleclick.net *.google.pl *.livechatinc.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ stats.g.doubleclick.net dotit.wufoo.com www.wrike.com *.google.pl *.livechatinc.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.dotit.com stats.g.doubleclick.net *.livechatinc.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com stats.g.doubleclick.net *.wufoo.com www.youtube.com apis.google.com *.google.pl *.livechatinc.com s7.addthis.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com fonts.googleapis.com stats.g.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.analytics.google.com dotit.wufoo.com *.smartystreets.com apis.google.com *.google.pl *.livechatinc.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src stats.g.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri stats.g.doubleclick.net 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.boditrax.com/ *.puregym.com/; 1
frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com https://ecu.atlassian.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 1
font-src 'self' data:; connect-src 'self' *.mux.com *.readspeaker.com wss://chat.saarland.de; default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.saarland.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de stream.mux.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.readspeaker.com *.mux.com; frame-src multimedia.gsb.bund.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.instagram.com *.readspeaker.com *.saarland.de *.dwd.de *.lpm-saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.openlayers.org openlayers.org *.openstreetmap.org *.geodatenzentrum.de *.siteimproveanalytics.io www.dwd.de; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.esakal.com;block-all-mixed-content; 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src 'self';script-src 'self' account.emplifi.io:* https://cdn.socialbakers.com https://base.cdn.emplifi.io https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://region1.google-analytics.com https://cdn.mxpnl.com https://www.youtube.com/iframe_api 'nonce-6pzCfs6AodrfzJ-jAt64rg';style-src 'self' account.emplifi.io:* https://cdn.socialbakers.com https://base.cdn.emplifi.io https://fonts.googleapis.com;font-src 'self' https://cdn.socialbakers.com https://base.cdn.emplifi.io https://fonts.gstatic.com;media-src 'self' https://cdn.socialbakers.com https://base.cdn.emplifi.io;img-src 'self' data: * https://cdn.socialbakers.com https://base.cdn.emplifi.io;connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://api-js.mixpanel.com https://stats.g.doubleclick.net;object-src 'none';form-action 'self' *.account.emplifi.io:* *.socialbakers.com *.emplifi.io *.aws.ccl *;child-src 'self' https://www.google.com;frame-ancestors 'none';report-uri https://csp.cdn.emplifi.io/ 1
frame-ancestors 'self' *.joueclub.fr; 1
default-src 'self' *.ameritas.com; connect-src 'self' *.ameritas.com *.ameritasdirect.com *.cookiepro.com *.siteimprove.com *.googleapis.com adservice.google.com ameritas.tfaforms.net us-east-1-otel.formassembly.com analytics.audioeye.com analytics.google.com analytics.twitter.com d3hb14vkzrxvla.cloudfront.net www.facebook.com marvel-b1-cdn.bc0a.com *.analytics.google.com siteintercept.qualtrics.com stats.g.doubleclick.net t.co *.google-analytics.com www.google.com yoast.com my.yoast.com cdn.linkedin.oribi.io *.ads.linkedin.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io; font-src 'self' data: fonts.gstatic.com wsv3cdn.audioeye.com; form-action 'self' ameritas.tfaforms.net us-east-1-otel.formassembly.com ameritas.co1.qualtrics.com; frame-src 'self' *.ameritas.com ameritas.co1.qualtrics.com wsv3cdn.audioeye.com www.google.com www.googletagmanager.com www.youtube.com *.siteimprove.com *.siteimprove.net d.doubleclick.net; img-src 'self' data: *.ameritas.com *.audioeye.com *.ads.linkedin.com *.qualtrics.com secure.gravatar.com *.siteimproveanalytics.io *.w.org *.b0e8.com ameritas.tfaforms.net us-east-1-otel.formassembly.com *.analytics.google.com analytics.google.com analytics.twitter.com cookie-cdn.cookiepro.com gateway.zscalerone.net googleads.g.doubleclick.net i.ytimg.com marvel-b1-cdn.bc0a.com marvel-processor.bc0a.com p.adsymptotic.com stats.g.doubleclick.net t.co translate.google.com www.facebook.com *.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.ameritas.com *.audioeye.com *.cookiepro.com *.siteintercept.qualtrics.com ameritas.tfaforms.net us-east-1-otel.formassembly.com beacon-v2.helpscout.net cdn.jsdelivr.net *.b0e8.com cdn.siteimprove.net connect.facebook.net gateway.zscalerone.net maps.googleapis.com marvel-b2-cdn.bc0a.com siteimproveanalytics.com siteintercept.qualtrics.com snap.licdn.com static.ads-twitter.com visualsponline.azurewebsites.net *.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com ajax.googleapis.com cdn.jsdelivr.net/npm/codemirror *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io; style-src 'self' 'unsafe-inline' *.ameritas.com ameritas.tfaforms.net us-east-1-otel.formassembly.com fonts.googleapis.com translate.googleapis.com wsv3cdn.audioeye.com cdn.jsdelivr.net; media-src 'self' data:; 1
frame-ancestors 'self' https://brex.sanity.studio 1
default-src 'self' *;  connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  img-src 'self' blob: data: *;  frame-src 'self' blob: data: *;  object-src 'self' blob: data: *;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  style-src 'self' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  font-src 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  base-uri 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  form-action 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  frame-ancestors 'none';  upgrade-insecure-requests; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' ;connect-src * 1
frame-ancestors 'self' https://officeworks.experiencecloud.adobe.com 1
frame-ancestors 'self'; block-all-mixed-content 1
frame-ancestors 'self' *.wallet.airpay.com.co *.shopee.kr *.airpay.com.co *.shopeemobile.com *.shopee.com.co *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
img-src * data: blob:; base-uri 'none'; media-src 'self' storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; object-src 'none'; default-src 'self' *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; frame-src 'self' scone-pa.clients6.google.com www.google.com www.youtube.com *.yourprimer.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.yourprimer.com webapp-dot-gweb-learn10x.appspot.com services.google.com; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ fonts.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.google.com gstatic.com/support/content/resources/prod/js/survey/survey_light_ltr.css *.googletagmanager.com tagmanager.google.com gstatic.com/uservoice/surveys/resources/prod/js/survey/survey_light_ltr.css https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com *.googletagmanager.com apis.google.com *.googleadservices.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.googleapis.com *.google.com *.yourprimer.com *.ytimg.com *.gstatic.com https://www.googleoptimize.com/ https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/; connect-src 'self' www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com *.services.google.com *.gstatic.com gstatic.com *.doubleclick.net region1.google-analytics.com https://gweb-gwg-events.appspot.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://pagead2.googlesyndication.com/ 1
default-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com; font-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com 'self' data:; media-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com 'self' data:; img-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com https: data:; script-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com 'unsafe-inline'; connect-src 'self' blob: https://api.giphy.com https://iframe.mediadelivery.net https://*.b-cdn.net https://*.bunnycdn.com https://*.skool.com https://*.google.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://youtube.com https://*.youtube.com https://*.loom.com *.wistia.com *.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://facebook.com https://*.facebook.net https://*.facebook.com https://*.fbsbx.com https://*.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.stripe.com wss://*.skool.com ws://localhost:3000/_next/webpack-hmr https://o4505174093594624.ingest.sentry.io 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://eclick.vn https://*.vnexpress.net 1
font-src *.flixcar.com *.gstatic.com *.fontawesome.com *.flixfacts.com *.flanco.ro 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.payu.ro *.facebook.com *.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.hotjar.com *.facebook.com *.profitshare.ro *.creativecdn.com creativecdn.com *.doubleclick.net attr-2p.com *.2performant.com *.flanco.ro *.flixcar.com *.cloudfront.net *.digital-catalogue.com *.google.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.google.com *.google.ro *.google.nl *.facebook.com *.facebook.net *.amazonaws.com *.profitshare.ro *.googletagmanager.com *.doubleclick.net attr-2p.com *.2performant.com *.flanco.ro 'self' data: http: https: blob: wss: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.oney.ro *.profitshare.ro *.googletagmanager.com *.googleleadservices.com *.google-analytics.com *.hotjar.com *.uptrendsdata.com *.facebook.net *.facebook.com *.g.doubleclick.net *.tiktok.com *.clarity.ms attr-2p.com *.2performant.com *.flixfacts.com *.flixcar.com *.flix360.io *.flixsyndication.net *.flanco.ro *.cloudflare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.profitshare.ro attr-2p.com *.2performant.com *.flixcar.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flixcar.com *.gstatic.com *.fontawesome.com *.flixfacts.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mapbox.com *.googleapis.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.amazonaws.com *.7w.ro *.oney.ro *.profitshare.ro *.uptrendsdata.com *.g.doubleclick.net *.futuredecoded.ro attr-2p.com *.2performant.com *.flanco.ro https://get.geojs.io *.avada.io *.google-analytics.com http: https: blob: wss: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net dpm.demdex.net adnxs.com *.scene7.com *.adnxs.com attentivemobile.com events.attentivemobile.com attn.tv audioeye.com *.audioeye.com bidswitch.net *.bidswitch.net *.bing.com bluekai.com *.bluekai.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net creativecdn.com *.creativecdn.com certona.net edge1.certona.net www.res-x.com cloudflare.com *.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com cnstrc.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com *.google.com www.google.co.kr www.google.com.do www.google.lv www.google.com.ly www.google.com.vn www.google.ie www.google.co.ve www.google.kz www.google.com.ec www.google.dk www.google.com.pa www.google.com.pe www.google.as www.google.ro www.google.ch www.google.fr www.google.com.mx www.google.com.ph www.google.gr www.google.co.nz www.google.nl www.google.se www.google.com.ua www.google.co.in www.google.co.id www.google.es www.google.com.jm www.google.hn www.google.com.py www.google.com.np www.google.ca www.google.com.co *.gstatic.com www.google.ae googleapis.com *.googleapis.com cloudfunctions.net *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com ad.360yield.com casalemedia.com r.casalemedia.com ivitrack.com matching.ivitrack.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.linksynergy.com liadm.com *.liadm.com media.net *.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com micpn.com b6sgkpgq.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com onetrust.com *.online-metrix.net online-metrix.net *.optimizely.com optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com pinterest.com *.pinterest.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com quantummetric.com *.rakuten.com rlcdn.com idsync.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com my.salesforce.com *.my.salesforce.com *.force.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com signifyd.com *.signifyd.com smartadserver.com *.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com *.taboola.com tangiblee.com *.tangiblee.com tapad.com *.tapad.com teads.tv *.teads.tv *.tiktok.com tiktok.com adsrvr.org *.adsrvr.org tremorhub.com *.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co *.smaato.net rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai www.yext-pixel.com scene7.com typekit.net *.typekit.net cdnwidget.com *.cdnwidget.com pippio.com *.attn.tv bazaarvoice.com *.btttag.com bootstrapcdn.com maxcdn.bootstrapcdn.com *.cquotient.com adsymptotic.com www.googleadservices.com *.katespade.com katespade.com www.katespade.co.uk *.linkedin.com cdnbasket.net *.cdnbasket.net *.onetrust.com openx.net *.quantummetric.com securedvisit.com track.securedvisit.com squadded.co static.squadded.co *.cnstrc.com sv.rkdms.com *.yahoo.com *.youtube.com zineone.com *.zineone.com *.adroll.com static-na.payments-amazon.com m.media-amazon.com *.amazonaws.com apay-us.amazon.com ntp.msn.com api.images.drivecommerce.com api2.fonts.com dynl.mktgcdn.com *.socdm.com static.squad-shopping.com static.lisa-cdn.net rstyle.me katespadesurprise.loveslisa.tech *.googlesyndication.com services.postcodeanywhere.co.uk *.truefitcorp.com *.adyen.com *.dealmoon.com www.bradsdeals.com www.shopstyle.com rd.bizrate.com www.afrugalchick.com thecouponboutique.com hip2save.com giftful.com www.eonline.com capitaloneshopping.com www.passionforsavings.com *.addressy.com *.ampproject.net thekrazycouponlady.com sas.selleramp.com *.dealmoon.ca appium.io *.shoprunner.com *.shoprunner.io qa-specops.loopassets.net *.stuartweitzman.com images.katespade.comis cms.coachoutlet.com tapestry.support jira.tapestry.support *.needle.com *.mapbox.com cdn.honey.io edgeshoppingstatic.azureedge.net exchjsdata.com cdn.ivaws.com dealsea.com deref-mail.com go.magik.ly www.ecosia.org legacy-myemail.cox.net *.demandware.net *.instagram.com usage.trackjs.com mpsnare.iesnare.com v.fwmrm.net 1f2e7.v.fwmrm.net *.my.salesforce-sites.com sentry.io *.narvar.com link.edgepilot.com www.shopstyle.ca tapes11111.pcapredict.com ad.tpmn.co.kr *.clmbtech.com visitor.omnitagjs.com tst.kaptcha.com *.yieldmo.com *.kampyle.com *.medallia.com dsum-sec.casalemedia.com us-u.openx.net sync.outbrain.com *.pubmatic.com *.bluecore.com *.amplience.net cs.adingo.jp *.aralego.com *.aralego.net *.krxd.net *.stackadapt.com cdn.jsdelivr.net *.cloudinary.com api.fillr.com snap.licdn.com api.bluecore.app e1.emxdgt.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.katespadeoutlet.com katespadeoutlet.com cdn.wyng.com shpog-kso.ovative.com data: blob:; 1
default-src 'self' *; style-src * 'unsafe-inline'; img-src * data: content: * 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 1
default-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: 1
default-src 'self' 'unsafe-inline' *.parmonic.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.parmonic.ai *.cloudfront.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tracking.contanuity.com/ https://cdn.jsdelivr.net/ https://abm-tracking.demandscience.com/ https://script.crazyegg.com/ https://www.gstatic.com/ https://lltrck.com/ https://lltrck.com/* https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com https://www.gartner.com https://bootstrap.api.drift.com *.adroll.com https://connect.facebook.net https://trk.techtarget.com https://info.nasuni.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com  https://snap.licdn.com https://tag.demandbase.com https://js.hs-analytics.net https://js.hsforms.net https://js.hs-banner.com https://js.driftt.com https://widget.drift.com maps.googleapis.com https://*.wistia.com https://*.wistia.net https://src.litix.io static.cloudflareinsights.com ajax.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com https://jamaica.value-cloud.com https://jamaicaservices.value-cloud.com https://info.nasuni.com https://code.createjs.com https://js.hs-scripts.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; img-src 'self' data: https://*.hotjar.com *.parmonic.ai https://*.hotjar.io wss://*.hotjar.com https://jobs.jobvite.com/ https://cm.g.doubleclick.net/ https://lltrck.com/ https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net/ https://cdn.cookielaw.org https://d.adroll.com https://segments.company-target.com https://www.facebook.com https://apt.techtarget.com https://p.adsymptotic.com https://track.hubspot.com https://google.com https://id.rlcdn.com https://match.prod.bidr.io https://px.ads.linkedin.com https://secure.gravatar.com https://www.google.com maps.gstatic.com *.googleapis.com *.ggpht.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net https://www.google-analytics.com www.googletagmanager.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://jobs.jobvite.com/ https://www.gartner.com blob: fast.wistia.com fonts.googleapis.com; object-src 'self' *.parmonic.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://info.nasuni.com embedwistia-a.akamaihd.net https://jobs.jobvite.com/; connect-src 'self' *.parmonic.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://script.crazyegg.com/ https://d.adroll.com https://lltrck.com/ https://privacyportal.onetrust.com/ https://cookies-data.onetrust.io https://www.gartner.com https://forms.hsforms.com https://bootstrap.api.drift.com  https://api.company-target.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hsforms.net https://maps.googleapis.com https://geolocation.onetrust.com/ https://jobs.jobvite.com/ *.wistia.com embedwistia-a.akamaihd.net *.litix.io cloudflareinsights.com https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.net https://cdn.cookielaw.org https://www.google.com https://www.googletagmanager.com https://jamaica.value-cloud.com https://jamaicaservices.value-cloud.com https://info.nasuni.com https://fast.wistia.net https://www.facebook.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://fast.wistia.net/ *.wistia.com https://fonts.gstatic.com https://fonts.googleapis.com https://jobs.jobvite.com/; frame-src mailto: tel: 'self' *.parmonic.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net https://forms.hsforms.com https://www.gartner.com https://bootstrap.api.drift.com https://www.facebook.com https://facebook.com https://vars.hotjar.com https://9717263.fls.doubleclick.net https://info.nasuni.com https://www.google.com https://js.hsforms.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://js.driftt.com https://widget.drift.com *.wistia.com *.wistia.net https://player.vimeo.com https://jamaica.value-cloud.com https://jamaicaservices.value-cloud.com https://fast.wistia.net youtube.com www.youtube.com https://jobs.jobvite.com/ https://media.value-cloud.com https://calculator.value-cloud.com https://www.decisionlink.com; child-src 'self' blob: *.parmonic.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://info.nasuni.com; media-src data: blob: embedwistia-a.akamaihd.net *.wistia.net *.wistia.com https://info.nasuni.com https://jobs.jobvite.com/ *.parmonic.ai; 1
report-to default; default-src 'none'; img-src 'self' https://ijs.si https://www.ijs.si; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' www.projekt-asistent.si:* http://www.projekt-asistent.si:* http://projekt-asistent.si:* http://bio.ijs.si; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; connect-src 'self'; frame-src 'self' 1
frame-ancestors 'self' manyavar--dev.sandbox.lightning.force.com manyavar--uat.sandbox.lightning.force.com manyavar.lightning.force.com 1
frame-ancestors 'self' *.arcpublishing.com *.gray.tv *.alaskasnewssource.com *.kcbd.com *.kwtx.com *.kgns.tv; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hachyderm.io; img-src 'self' https: data: blob: https://hachyderm.io; style-src 'self' https://hachyderm.io 'nonce-Py0cMvdi42pBFPL+e5x73A=='; media-src 'self' https: data: https://hachyderm.io; frame-src 'self' https:; manifest-src 'self' https://hachyderm.io; form-action 'self'; child-src 'self' blob: https://hachyderm.io; worker-src 'self' blob: https://hachyderm.io; connect-src 'self' data: blob: https://hachyderm.io https://media.hachyderm.io wss://hachyderm.io; script-src 'self' https://hachyderm.io 'wasm-unsafe-eval' 1
frame-ancestors *.one-line.com https://secure.livechatinc.com *.force.com *.salesforce-sites.com *.site.com; report-uri /report-csp-violation 1
object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.o2.com *.o2.de *.spatialbuzz.com *.usercentrics.eu *.baqend.com *.o2online.de *.telefonica.de *.o9.de *.googletagmanager.com *.trbo.com *.google-analytics.com *.kampyle.com *.adoberesources.net *.matelso.de *.contentsquare.net *.nowinteract.com *.demoup.com *.auracognitive.com *.adtelligence.de *.aklamio.com *.promisejs.org *.usabilla.com *.jsdelivr.net *.cloudflare.com *.abtasty.com *.blob.core.windows.net *.blau.o9.de *.blau.de *.ad4m.at track.adform.net www.facebook.com *.doubleclick.net adservice.google.com a.twiago.com www.youtube.com o2-music-cms-a.preprod.ava-digi.de www.google.co.in analytics.google.com dpm.demdex.net www.google-analytics.com imagesrv.adition.com www.google.com dsum-sec.casalemedia.com rtb-csync.smartadserver.com ih.adscale.de trc.taboola.com ad11.adfarm1.adition.com ad4m.at *.spatialbuzz.net 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src data: https: 'unsafe-inline' 'unsafe-eval' http://tableau-internal https://viz.aihw.gov.au; img-src blob: data: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.bookfinder.com; img-src https://d3uahvj51kpljk.cloudfront.net www.googletagmanager.com *.abebooks.com; style-src 'self' https://d3uahvj51kpljk.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; font-src https://d3uahvj51kpljk.cloudfront.net/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://unagi.amazon.com/1/events/com.amazon.csm.csa.prod 1
connect-src 'self' *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com address-checker-api-dot-fiber-marketing-live.appspot.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com greenhouse-dot-fiber-marketing-live.appspot.com greenhouse-reader-dot-fiber-marketing-live.appspot.com recaptcha-dot-fiber-marketing-live.appspot.com schedule-callback-api-dot-fiber-marketing-live.appspot.com us-autocomplete-pro.api.smartystreets.com; default-src 'self'; font-src 'self' data: *.gstatic.com; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.youtube.com gfiber.speedtestcustom.com secure.livechatinc.com; img-src 'self' data: *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com 1.bp.blogspot.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com greenhouse-reader-dot-fiber-marketing-live.appspot.com i.ytimg.com; media-src 'self' *.googleapis.com; object-src 'none'; report-uri csp.withgoogle.com/csp/fiber-marketing-live; script-src 'report-sample' 'self' *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.youtube.com auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com 'sha256-+crVDHpwn4JCOR/hKFmvIV/09GkRrEdVaY181VoCKAw=' 'sha256-0u46H/ZCDitptxthZesday8sZUWJW0nIbKeBWi4DNBY=' 'sha256-3uJoBIYAyyT448EC/jrU3CQf5jcLlgxM+vrxY0ST1eY=' 'sha256-4S/F5107zkcPgSAedP8v1znv6rGNqPbv27XT3dkO+6o=' 'sha256-5T9tPlaWW3Ueu4CQtPMWuoQnm+VOzQ5zc9M3XwzY898=' 'sha256-6Nv9ozO3an4VH7CuuAzkQQcXVWkvpgireNoGFs9LjCo=' 'sha256-9izYA3MaWXZp6FXbhxaWkW0rB9q2ujAWlJqniIDBRKc=' 'sha256-AAjpQ9/A6E0Xycvf16MIcmUKX+2HXurKBWscU0iCvos=' 'sha256-CnUZc/1+7WxwF0sqUt01FuqcMesooAiiWCyZrkSikaQ=' 'sha256-csCzE6Oclj3Gx04nonK8e/Mniv2Mq7NGy+jzgrKBgQU=' 'sha256-DMVzafV2jcRK56BASGGT37bXDhDSU+mD8f7u7FcGVeA=' 'sha256-DUL9J9HfVS4bTE+hb8W7LyQhmq9yZNQyBRbDUNJ3n+U=' 'sha256-eBOY55jeJ1FnTjd2dnXuBS2faeY7bXTjRulqchuZv4U=' 'sha256-eIa86U4nWrdWiozQZ+Z1FOPLR/9emrz2/qcz5rDyY0o=' 'sha256-f1Zpf6yzPt5qdcllz/UBFnVaQCOnFucAngmZMO77hdQ=' 'sha256-GFLtBszHHM9+xGOSEV5S8vUFq6zKZwh96E/nnaaSbFM=' 'sha256-HSv6TjYgBnT8MBVYgy4omprHDLyaL95thQdPnGvzWI8=' 'sha256-iVssU7kSKNRnAFS7l0E7nOLxD7Ct+dbHbNi/fSwuIOE=' 'sha256-kveO7g/T72yOUPI8Z6e8UKLa/d5O/3VwdLwjziXKPVo=' 'sha256-Nb+QS77jINCcCEeiAIaBIz4Ig/dGlusmR7YVfCvDlM4=' 'sha256-ocn/WmpL721QG+tQcxXBarTDKegE1FSSALDFBywPIC4=' 'sha256-OeGGy7pRUDd0Ghb6+4HDEN2SdQ/j7OhxLndjF6N+x8w=' 'sha256-oUjRGyF1jVKJO735Z/tIa5PPFiu4lOUCbKmyAORN13w=' 'sha256-PjqsSf3f4egZkc+XOX26EwU4SrPU35qwyDzTeToEmZQ=' 'sha256-QneH55Pw/Dji6LopknCaVkCZUl6DzkmcJFTZhxhlgl8=' 'sha256-reC2x+RelxmSNoeHe20AJaSZClV7MC5YEEoTaVqFuu0=' 'sha256-Rpe0Hr+pdBBC25RPV4T3nBSSAUwMjckHcXSp15KWILg=' 'sha256-RYDYGex1p9VPu3EjGuc37Wm7oeBXn9NryJkx+z5gvEw=' 'sha256-UnJIWcy+TBibBDAJO3iiHpjJDfDBDSrHtRRE15Ky4ZQ=' 'sha256-WkTuvJQWg5txM/Vwx0YPVn0kZTMQf5g4pTqHjA0RdD0=' 'sha256-wMAXEQE12q+aJLCoQ5TKpd+P9nze2/JpiQ3M1CrPBzw=' 'sha256-X4q8iI51UmZEFLwZIjCjsdyzHm8MSsrDhWj614Cbo1g=' 'sha256-XJQ8d2QPP1o6zkBFuRFbC8b0eJDf7///CTSiPo1ufWE=' 'sha256-YnP56nFOilZ4tv9rWtfz4j7PNrQk0/D4Opn7kU1XDYY='; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com; upgrade-insecure-requests 1
default-src 'self' *.aiaa.org *.fontawesome.com *.netforum.aiaa.org *.hubspot.com https://f.hubspotusercontent30.net https://js.hs-analytics.net *.piktochart.com *.c0.piktochart.com/ *.fonts.piktochart.com https://www.directvote.net *.brightcove.net *.hubspotlinks.com https://servedbyadbutler.com https://adbutler.com https://twitter.com/ https://platform.twitter.com/widgets.js https://publish.twitter.com https://www.linkedin.com https://www.google.com/ https://www.facebook.com https://www.youtube.com https://www.flickr.com *.googlesyndication.com https://soundcloud.com http://www.email-obfuscator.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com/ https://www.googletagmanager.com/ maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api https://www.youtube.com https://twitter.com/ https://platform.twitter.com/widgets.js https://publish.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.fontawesome.com *.feathr.co https://snap.licdn.com *.twitter.com *.googletagservices.com https://a.omappapi.com *.omappapi.com https://optinmonster.com *.monstercampaigns.com *.hubspot.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net https://js.hs-analytics.net https://track.hubspot.com https://forms.hsforms.com *.piktochart.com https://js.hsforms.net https://ced.sascdn.com https://www5.smartadserver.com *.sascdn.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://static.ads-twitter.com https://bat.bing.com https://js.hsadspixel.net https://www.youtube.com https://h.clarity.ms https://l.clarity.ms https://a.clarity.ms https://f.clarity.ms https://i.clarity.ms *.instagram.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com https://soundcloud.com https://w.soundcloud.com http://www.email-obfuscator.com https://*.googletagmanager.com https://vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com tagmanager.google.com https://a.omappapi.com *.omappapi.com https://optinmonster.com *.monstercampaigns.com *.piktochart.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com *.fonts.piktochart.com *.c0.piktochart.com/; font-src 'self' https://fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com fonts.piktochart.com c0.piktochart.com/ *.fontawesome.com data:; img-src 'self' https://*.doubleclick.net/ maps.gstatic.com maps.googleapis.com https://*.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.fontawesome.com *.placehold.it *.feathr.co match.adsrvr.org *.linkedin.com *.adsymptotic.com *.amazonaws.com https://js.hsleadflows.net https://forms.hsforms.com https://f.hubspotusercontent30.net https://js.hs-analytics.net https://track.hubspot.com https://forms.hsforms.com *.sascdn.com https://www5.smartadserver.com https://s0.2mdn.net https://bat.bing.com https://t.co https://c.clarity.ms https://c.bing.com https://ids-sync.com https://id5-sync.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src 'self' *.fontawesome.com data: blob: *.youtube.com *.amazonaws.com https://f.hubspotusercontent30.net https://scrippsnews.com https://servedbyadbutler.com https://adbutler.com https://soundcloud.com https://w.soundcloud.com https://twitter.com/ https://vimeo.com *.vimeo.com; form-action 'self' https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net https://forms.hubspot.com https://www.directvote.net; frame-src 'self' *.youtube.com *.livestream.com *.twitter.com *.google.com *.instagram.com *.spotify.com *.linkedin.com *.libsyn.com *.doubleclick.net *.googletagservices.com https://app.monstercampaigns.com *.monstercampaigns.com *.hubspot.com https://forms.hubspot.com *.piktochart.com https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net *.brightcove.net https://aiaacloud-my.sharepoint.com https://live.staticflickr.com *.flickr.com *.vimeo.com https://vimeo.com https://www.instagram.com https://www.instagram.com/reel/Cnxf-iqjLc_/ *.instagram.com *.instagram.com/reel/Cnxf-iqjLc_/ https://scrippsnews.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com https://soundcloud.com https://w.soundcloud.com https://vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.fontawesome.com https://livestream.com *.twitter.com *.instagram.com *.spotify.com *.linkedin.com *.libsyn.com *.omappapi.com https://js.hs-scripts.com *.piktochart.com https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net *.flickr.com https://live.staticflickr.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com; connect-src 'self' *.netforum.aiaa.org accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.fontawesome.com *.feathr.co *.amazonaws.com *.libsyn.com *.omappapi.com https://optinmonster.com *.monstercampaigns.com https://js.hs-scripts.com https://forms.hubspot.com https://f.hubspotusercontent30.net https://js.hs-analytics.net https://track.hubspot.com https://forms.hsforms.com *.piktochart.com https://js.hsforms.net https://js.hsleadflows.net https://www.facebook.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://ids-sync.com https://api.hubapi.com https://id5-sync.com https://l.clarity.ms https://www.clarity.ms *.flickr.com https://live.staticflickr.com https://servedbyadbutler.com https://adbutler.com *.googlesyndication.com https://soundcloud.com https://w.soundcloud.com *.twitter.com http://c0.piktochart.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.<TLD>; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: blob: data:; frame-ancestors 'self' mgts.ru *.mgts.ru http://webvisor.com http://*.webvisor.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'self' gosbar.gosuslugi.ru gosmonitor.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tildacdn.com tilda.ws cdnjs.cloudflare.com *.youtube.com *.youtu.be voltajs.org piwik-gosbar.gosuslugi.ru gosmonitor.ru api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru yastatic.net mc.yandex.ru gosbar.gosuslugi.ru stat.sputnik.ru cw.cc.gov.ru; connect-src 'self' gosbar.gosuslugi.ru mc.yandex.ru stat.sputnik.ru gosmonitor.ru *.tildacdn.com wss://camunda.cc.gov.ru https://krd.soctech-it.ru https://nsk.soctech-it.ru https://spb.soctech-it.ru https://ekb.soctech-it.ru https://hbr.soctech-it.ru https://storage.yandexcloud.net/mintrud.soctech api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru *.taxi.yandex.net; img-src 'self'  pos.gosuslugi.ru  data: www.rosmintrud.ru piwik-gosbar.gosuslugi.ru *.tildacdn.com *.maps.yandex.net api-maps.yandex.ru yandex.ru stat.sputnik.ru mc.yandex.ru cnt.sputnik.ru gosmonitor.ru; style-src 'self' 'unsafe-inline' *.tildacdn.com tilda.ws fonts.googleapis.com blob: cdnjs.cloudflare.com gosbar.gosuslugi.ru gosmonitor.ru; font-src 'self'  pos.gosuslugi.ru  gosbar.gosuslugi.ru gosmonitor.ru data: *.tildacdn.com fonts.gstatic.com; media-src 'self'  pos.gosuslugi.ru  static.rosmintrud.ru gosmonitor.ru *.youtube.com *.youtu.be .https://krd.soctech-it.ru https://nsk.soctech-it.ru https://spb.soctech-it.ru https://ekb.soctech-it.ru https://hbr.soctech-it.ru https://storage.yandexcloud.net/mintrud.soctech; frame-src * https://krd.soctech-it.ru https://nsk.soctech-it.ru https://spb.soctech-it.ru https://ekb.soctech-it.ru https://hbr.soctech-it.ru https://storage.yandexcloud.net/mintrud.soctech; child-src api-maps.yandex.ru; 1
frame-ancestors 'self' internet-banking.hk.dbs.com stock-trading.hk.dbs.com ; default-src 'self'  'unsafe-eval' 'unsafe-inline' blob: data: http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com  https://safe1.dbswiso.prd https://safe2.dbswiso.prd sin-col.eum-appdynamics.com cdn.appdynamics.com chatbanking.dbs.com somniture.dbs.com.sg *.tt.omtrdc.net cdn.perxtech.net api.perxtech.net maps.gstatic.com *.googleapis.com *.ggpht.com js.adsrvr.org google.com jscdn.appier.net flex.msn.com dis.as.criteo.com sslwidget.criteo.com criteo.com criteo.net quantserve.com  www.google-analytics.com analytics.google.com static.criteo.net insight.adsrvr.org www.youtube-nocookie.com dis.as.criteo.com sslwidget.criteo.com static.criteo.net criteo.com criteo.net tag.yieldoptimizer.com beacon.sojern.com ad.doubleclick.net adara.com bingads.microsoft.com www.chinesean.com ad.doubleclick.net www.tribalfusion.com www.sojern.com snap.licdn.com dc.ads.linkedin.com directline.com wss://directline.botframework.com directline.botframework.com wss://qmslivechat.dbs.com  pixel.tapad.com dbs.demdex.net sc4.omniture.com authorize.omniture.com sitecatalyst.omniture.com chatbanking.dbs.com wss://chatbanking.dbs.com code.jquery.com  maxcdn.bootstrapcdn.com  portal.interpixel.hk preview.interpixel.hk http://loadm.exelator.com tags.rd.linksynergy.com http://match.adsrvr.org fcmatch.youtube.com su.addthis.com ads.scorecardresearch.com ak1s.abmr.net http://pixel.rubiconproject.com dpm.demdex.net loadm.exelator.com  adservice.google.com fcmatch.google.com s.thebrighttag.com match.sharethrough.com beacon.krxd.net pixel.rubiconproject.com sync.mathtag.com tag.adaraanalytics.com tags.bluekai.com ipac.ctnsnet.com *.doubleclick.net http://insight.adsrvr.org anylist.c.appier.net *.appier.net adm.shinobi.jp sync.ad-stir.com adgen.socdm.com ssl.socdm.com ssp-sync.i-mobile.co.jp ads.yahoo.com www.facebook.com d17m68fovwmgxj.cloudfront.net  cm.g.doubleclick.net ads.stickyadstv.com http://tags.crwdcntrl.net  tag.yieldoptimizer.com u3s.mathtag.com odr.mookie1.com dbs.112.2o7.net *.fls.doubleclick.net www.googletagmanager.com tagmanager.google.com assets.adobedtm.com www.google-analytics.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com www.linkedin.com api-public.addthis.com dbs.sc.omtrdc.net ds-aksb-a.akamaihd.net sjs.bizographics.com px.ads.linkedin.com s.ytimg.com fonts.gstatic.com www.gstatic.com tags.crwdcntrl.net secure-ds.serving-sys.com bs.serving-sys.com www.media-server.com www.dbs.com.sg www.googleadservices.com googleads.g.doubleclick.net pixel.mathtag.com wt.adctrl.com cdn-akamai.mookie1.com sp.analytics.yahoo.com tags.tiqcdn.com www.google.com s.tribalfusion.com maps.googleapis.com insight.adsrvr.org www.dbs.com.hk bcp.crwdcntrl.net www.dbs.com.hk mathid.mathtag.com maps.gstatic.com fonts.googleapis.com s.go-mpulse.net c.go-mpulse.net www.google.com.sg qmslivechat-uat.dbs.com a.tribalfusion.com i.liadm.com sync.adaptv.advertising.com bid.g.doubleclick.net bat.bing.com secure.adnxs.com directline.botframework.com edge.media-server.com simage2.pubmatic.com www.visa.com offerswidget.visa.com p.adsymptotic.com dsum-sec.casalemedia.com match.adsrvr.org go.flx1.com ib.adnxs.com pixel.advertising.com qmslivechat.dbs.com stats.g.doubleclick.net x.bidswitch.net sqmslc.uat.dbs.com analytics.twitter.com s.yimg.com cdnjs.cloudflare.com www.youtube.com connect.facebook.net image6.pubmatic.com *.akstat.io internet-banking.hk.dbs.com stockquote.dbs.com z.moatads.com v1.addthisedge.com z.moatads.com v1.addthisedge.com z.moatads.com v1.addthisedge.com data:; 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1
script-src 'self' https://*.mindomo.com/ https://cdn1.exswap.com/ https://apis.google.com/ https://www.dropbox.com/static/api/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://vimeo.com/api/oembed.json https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; ; style-src 'self' 'unsafe-inline' https://*.mindomo.com/ https://cdn1.exswap.com/ https://fonts.googleapis.com/; object-src 'self'; report-uri /api/public/csp-error; base-uri 'self';  frame-ancestors 'self'; 1
frame-ancestors https://app.storyblok.com/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.firstenergycorp.com *.google-analytics.com *.googletagmanager.com *.google.com www.gstatic.com www.facebook.com connect.facebook.net www.youtube.com *.serving-sys.com *.adsrvr.org *.yimg.com *.bttrack.com bttrack.com *.swiftypecdn.com *.analytics.yahoo.com nexus.ensighten.com *.opower.com *.firstfuelsoftware.net *.firstfuel.com *.cloudfront.net *.oracleinfinity.io *.allconnect.com *.cohesionapps.com *.nrel.gov *.kampyle.com *.medallia.com cdn.botframework.com *.azurewebsites.net *.googleapis.com *.inpwrd.net sc-static.net platform.twitter.com *.stackadapt.com *.upgrade.guide; img-src 'self' data: blob: *.doubleclick.net www.facebook.com *.adsrvr.org bttrack.com *.swiftype.com centro.pixel.ad tags.w55c.net clickserv.basis.net *.zedo.com *.analytics.yahoo.com *.sitescout.com *.cloudfront.net *.oracleinfinity.io *.tapad.com *.media.net *.day.com *.nrel.gov *.opower.com *.crwdcntrl.net *.rubiconproject.com *.adnxs.com *.kampyle.com *.medallia.com *.azurewebsites.net code.jquery.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; frame-src 'self' *.firstenergycorp.com *.google.com *.doubleclick.net *.adsrvr.org *.basis.net *.sitescout.com *.firstfuelsoftware.net *.firstfuel.com www.youtube.com *.cohesionapps.com *.kampyle.com *.medallia.com webchat.botframework.com tr.snapchat.com www.facebook.com *.upgrade.guide *.amazonaws.com; connect-src 'self' wss: *.dynatrace.com *.doubleclick.net *.yimg.com *.swiftypecdn.com *.serving-sys.com bttrack.com *.opower.com *.oraclecloud.com *.swiftype.com *.cohesionapps.com *.allconnect.com *.redventures.io *.nrel.gov *.maptiler.com *.kampyle.com *.medallia.com *.azurewebsites.net *.botframework.com tr.snapchat.com *.stackadapt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' *.swiftypecdn.com *.googleapis.com *.nrel.gov *.kampyle.com *.medallia.com *.azurewebsites.net code.jquery.com *.stackadapt.com; font-src 'self' *.gstatic.com *.kampyle.com *.medallia.com; frame-ancestors 'self' *.firstenergycorp.com; 1
default-src 'none'; connect-src 'self' https://piwik.documentfoundation.org; font-src 'self'; form-action 'self'; frame-src https://www.youtube-nocookie.com; frame-ancestors 'none'; img-src 'self' data: https://piwik.documentfoundation.org; script-src 'self' https://piwik.documentfoundation.org; style-src 'self' 1
block-all-mixed-content; font-src https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com; frame-ancestors 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none' 1
default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src data: https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://d13h4w8gjgv887.cloudfront.net https://*.riskified.com https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://*.trustedshops.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://www.google.com https://google.com https://pay.google.com https://sentry.joom.it https://www.joom.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC41MjA4NTQ=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6&sentry_release=web-client@4.8.5-1705927326&sentry_environment=prod 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io a.mgid.com *.iadvize.com dsp.adfarm1.adition.com cdn.omniconvert.com deploy.mopinion.com static.iadvize.com delivery.clickonometrics.pl decathlon-ro.fra1.digitaloceanspaces.com collect.mopinion.com data: act-eu.rd.linksynergy.com act-eu.rd.linksynergy.co view.publitas.com s.pageclip.co analytics.tiktok.com app.omniconvert.com *.2performant.com attr-2p.com *.clarity.ms scripts.publitas.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io site.booxi.eu app.omniconvert.com *.iadvize.com *.mopinion.com ro-vouchers.herokuapp.com cardcadou.decathlon.ro secure.payu.ro fra1.digitaloceanspaces.com docs.google.com wss://*.iadvize.com cacheorcheck.mopinion.com send.pageclip.co analytics.tiktok.com dla-api-prod.azurewebsites.net s3-eu-central-1.amazonaws.com *.2performant.com fpc.decathlon.ro www.clarity.ms *.clarity.ms;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.media.brightcove.com gum.criteo.com sync.outbrain.com pixel.rubiconproject.com x.bidswitch.net eb2.3lift.com sync-t1.taboola.com rtb-csync.smartadserver.com ads.yahoo.com ups.analytics.yahoo.com simage2.pubmatic.com ad.360yield.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net visitor.omnitagjs.com match.sharethrough.com cm.adform.net pixel.advertising.com ads.stickyadstv.com c.bing.com criteo-partners.tremorhub.com s.ad.smaato.net us-u.openx.net i.liadm.com dis.criteo.com a.mgid.com sync.e-planning.net sync-criteo.ads.yieldmo.com cm.mgid.com sp.analytics.yahoo.com cdn.stickyadstv.com ih.adscale.de jadserve.postrelease.com pixel.tapad.com www.google.ch sync.adotmob.com www.google.at fra1.digitaloceanspaces.com *.iadvize.com www.google.ro analytics.tiktok.com *.amazonaws.com cdn-x.omniconvert.com *.facebook.com c.clarity.ms;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ use.fontawesome.com decathlon-ro.fra1.digitaloceanspaces.com cdn.jsdelivr.net fonts.mopinion.com *.iadvize.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io use.fontawesome.com gstatic.mopinion.com *.iadvize.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.media.brightcove.com fra1.digitaloceanspaces.com/decathlon-ro/B2B *.akamaihd.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com gum.criteo.com event.2performant.com help.decathlon.ro/ *.iadvize.com help.decathlon.ro player.ausha.co;frame-ancestors 'self'; 1
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https: use.typekit.net assets.adobedtm.com cdn.jsdelivr.net s.ml-attr.com cdn.bizible.com p.typekit.net informatica.tt.omtrdc.net pagead2.googlesyndication.com www.googletagmanager.com api.company-target.com players.brightcove.net connect.facebook.net tag.demandbase.com www.google-analytics.com edge.fullstory.com bat.bing.com  blob: data:; object-src 'none';font-src 'self' *.informatica.com data: fonts.gstatic.com use.typekit.net;frame-ancestors https://ws.zoominfo.com https://informatica.seismic.com https://content.informatica.com https://infa.my.salesforce.com https://infa.lightning.force.com https://marketplace.informatica.com; 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://app.hubspot.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://static.hsappstatic.net https://code.jquery.com; style-src 'unsafe-inline' 'report-sample' 'self' https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://cp.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://stats.g.doubleclick.net https://js.hs-banner.com https://cdn.linkedin.oribi.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://forms.hsforms.com https://app.hubspot.com https://www.google.com https://flo.uri.sh https://forms.hsforms.com; frame-ancestors 'self'; img-src 'self' https://3426102.fs1.hubspotusercontent-na1.net https://3ma79ae7cua.com https://px.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://www.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com https://forms-na1.hsforms.com; media-src 'self' https://3426102.fs1.hubspotusercontent-na1.net; worker-src 'none';; upgrade-insecure-requests 1
frame-src 'self' https://coh-chat-app-prod.ow6i4n9pdzm.eu-de.codeengine.appdomain.cloud https://*.hel.fi https://coh-chat-app-test.mo1wrhhyog0.eu-de.codeengine.appdomain.cloud https://*.siteimprove.com https://*.userneeds.com https://agreeable-island-03e85b803.azurestaticapps.net https://*.hotjar.com https://coh-chat-app-test-ibm.eu-de.mybluemix.net https://coh-chat-app-prod-ibm.eu-de.mybluemix.net https://suite.icareus.com https://*.helsinkikanava.fi https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.twitter.com https://*.linkedin.com https://*.readspeaker.com https://*.vimeo.com https://*.google.com https://*.siteimproveanalytics.com https://*.snoobi.com https://*.dreambroker.com https://youtu.be https://dreambroker.com https://pollev.com https://e.infogram.com https://tyoterveys-helsinki-pv.mail-eur.net https://walls.io https://*.youtube-nocookie.com https://*.flockler.com https://*.lightwidget.com https://hel-thk-botti.kuurahealth.com https://*.giosg.com https://*.giosgusercontent.com https://helfi.fi1.frosmo.com https://survey.feedbackly.com https://survey.userneeds.com https://*.powerbi.com https://coh-chat-app-test.eu-de.mybluemix.net https://coh-chat-app-dev.eu-de.mybluemix.net https://coh-chat-app-prod.eu-de.mybluemix.net https://hkp.maanmittauslaitos.fi https://reittiopas.hsl.fi ; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net bat.bing.com *.hsbc.com.sg *.brightcove.net tpc.googlesyndication.com connect.facebook.net lptag.liveperson.net tags.tiqcdn.com cdn.optimizely.com lpcdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.isstsguat.hsbc.com.hk *.zscaler.net *.omtrdc.net www.facebook.com s.yimg.com ups.analytics.yahoo.com sy.v.liveperson.net googleads.g.doubleclick.net accdn.lpsnmedia.net www.google.com.sg www.google.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk *.hsbc.com.sg *.boltdns.net bat.bing.com *.brightcovecdn.com *.brightcove.com *.qualtrics.com adservice.google.com www.facebook.com www.google.com ad.doubleclick.net *.googleapis.com www.googletagmanager.com *.baidu.com analytics.google.com *.doubleclick.net www.google-analytics.com *.s3.amazonaws.com *.dbankcloud.com www.google.com.sg logx.optimizely.com *.omtrdc.net *.demdex.net *.jquery.com adtonus.com http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.google.com.pk *.siteintercept.qualtrics.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.googletagmanager.com www.facebook.com tpc.googlesyndication.com sts-aad.auth.hsbc.com *.zscloud.net connect.facebook.net *.demdex.net google.com 8737857.fls.doubleclick.net; frame-ancestors 'self' *.hsbc.com.sg; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.jsdelivr.net *.cloudfront.net at.alicdn.com fonts.googleapis.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' *.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'none'; connect-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; default-src 'self' http://localhost:3000 https://www.youtube.com https://jnn-pa.googleapis.com; font-src 'self' http://localhost:3000 https://*.abtasty.com https://*.usersnap.com https://use.typekit.net https://fonts.gstatic.com https://storage.googleapis.com data:; object-src 'none'; style-src 'self' 'unsafe-inline' http://localhost:3000 https://*.abtasty.com https://optimize.google.com https://*.usersnap.com https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.googletagmanager.com https://storage.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.sitesearch360.com/ http://localhost:3000 https://try.abtasty.com https://embed.youcanbook.me/ https://ajax.googleapis.com https://code.jquery.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://*.mountain.com https://optimize.google.com  https://*.kaplan.com https://client.px-cloud.net https://*.usersnap.com https://searchg2.crownpeak.net https://www.purdueglobal.edu https://www.googleoptimize.com https://tagmanager.google.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://storage.googleapis.com https://www.youtube.com https://analytics.tiktok.com https://snap.licdn.com https://bat.bing.com https://sc-static.net https://s.pinimg.com https://*.schemaapp.com https://pzimff.com https://s.mrmserve.com https://cdn-ukwest.onetrust.com https://edge.fullstory.com https://connect.facebook.net https://www.gstatic.com https://tr.snapchat.com https://www.clarity.ms https://s.edkay.com blob: *.abtasty.com; img-src 'self' https: data:; connect-src 'self' http://localhost:3000 https://*.sitesearch360.com/ https://*.abtasty.com https://snippet.omm.crownpeak.com https://online.flippingbook.com https://fbo-b.flippingbook.com https://52.71.121.170 https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://optimize.google.com https://*.kaplan.com https://*.px-cloud.net https://*.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com https://edge.fullstory.com https://rs.fullstory.com https://www.facebook.com https://v.clarity.ms https://searchg2.crownpeak.net https://cdn.linkedin.oribi.io https://api.ipify.org https://tr.snapchat.com https://*.kaplan.edu https://api.ipstack.com https://privacyportal-uk.onetrust.com https://s.edkay.com https://geolocation.onetrust.com https://*.schemaapp.com https://s.mrmserve.com https://pzimff.com https://analytics.tiktok.com https://ct.pinterest.com https://cdn-ukwest.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; frame-src 'self' https://online.flippingbook.com https://optimize.google.com https://*.youcanbook.me https://www.facebook.com https://cdn.yoshki.com https://www.google.com https://ct.pinterest.com https://*.doubleclick.net https://tr.snapchat.com https://www.youtube.com ; frame-ancestors 'self' http://localhost:3000 https://www.clearslide.com https://www.purdueglobalpresents.com https://upload.clearslide.com; worker-src 'self' blob: 1
script-src 'self' 'unsafe-eval' https://wlscripts.recorrido.cl https://www.googleoptimize.com  https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com  https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com  https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js; 1
default-src 'self' https://*.clarity.ms https://www3.fragrobin.de https://scw.anwalt.de https://in.hotjar.com https://trc.taboola.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.anwalt.de https://widget.anwalt.de https://js-eu1.hs-scripts.com/26532575.js https://js-eu1.hs-banner.com/integrations.js https://js-eu1.hs-analytics.net https://*.getsitecontrol.com https://api.smart-rechner.de https://cdn.ablyft.com/s/91730922.js https://sa.anwalt.de/latest.js https://dev.visualwebsiteoptimizer.com https://s.ytimg.com https://www.youtube.com/iframe_api https://*.clarity.ms https://static.cloudflareinsights.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.trustpilot.com  https://*.taboola.com https://www.google.com https://assets.unbounce.com https://siegel.ausgezeichnet.org https://static.userback.io https://assets.ubembed.com https://*.js.ubembed.com https://surfly.com https://builder-assets.unbounce.com https://tagmanager.google.com https://s3.eu-central-1.amazonaws.com/fr-websitecontent/ https://snap.licdn.com https://www.snapengage.com https://www.smart-rechner.de https://ajax.googleapis.com https://www.linkedin.com https://px.ads.linkedin.com https://code.jquery.com https://www.awin1.com https://connect.facebook.net https://www.e-recht24.de https://static.ads-twitter.com https://fr-websitecontent.s3.amazonaws.com https://sjs.bizographics.com https://cdn.taboola.com https://analytics.twitter.com https://ssl.google-analytics.com https://fp.zenaps.com https://s3-us-west-2.amazonaws.com https://bam.nr-data.net https://bam-cell.nr-data.net https://static.hotjar.com https://www.googletagmanager.com https://ajax.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com https://scw.anwalt.de https://js-agent.newrelic.com https://www.dwin1.com https://maps.googleapis.com https://mandant.net.anwalt.de https://storage.googleapis.com https://maps.google.com https://www.gstatic.com https://script.hotjar.com https://www.google-analytics.com https://*.adroll.com https://plausible.io; style-src * 'self' * blob: 'unsafe-inline'; img-src * 'self' data: blob:; font-src 'self' https://fonts.gstatic.com https://www.smart-rechner.de/widgets/ https://script.hotjar.com data:; connect-src 'self' https://px.ads.linkedin.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/89780/domain/anwalt.de/token https://*.google-analytics.com https://*.clarity.ms https://*.cloudflareinsights.com https://maps.googleapis.com https://*.getsitecontrol.com https://events.getsitectrl.com https://*.events.ubembed.com https://log.ablyft.com/ https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://bam-cell.nr-data.net https://bat.bing.com https://*.bugsnag.com https://*.hotjar.io https://*.hotjar.com https://user-api.anwalt.de https://www.snapengage.com https://api.userback.io https://sentry.io https://surfly.com https://widget.anwalt.de wss://*.hotjar.com https://bam.nr-data.net https://stats.g.doubleclick.net https://scw.anwalt.de https://www.google-analytics.com https://in.hotjar.com https://fp.zenaps.com https://www.e-recht24.de https://trc.taboola.com https://www3.fragrobin.de https://consentcdn.cookiebot.com https://steganos-api.ciuvo.com https://plausible.io; media-src 'self' ; object-src 'self' ; frame-src 'self' https://td.doubleclick.net https://anwalt-de.jobs.personio.de https://*.trustpilot.com https://legalassistants.anwalt.de https://surfly.com https://www.facebook.com https://vars.hotjar.com https://www.awin1.com https://mandant.net.anwalt.de https://www.youtube.com https://www.youtube-nocookie.com https://www3.fragrobin.de https://bid.g.doubleclick.net https://www.googletagmanager.com https://www.snapengage.com https://consentcdn.cookiebot.com https://*.pages.ubembed.com 1
default-src 'self'; style-src 'self' https://*.mittwald.de 'unsafe-inline'; font-src 'self' data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com; connect-src *; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net blob:; img-src 'self' https://*.mittwald.de https://*.mittwald.systems https://mittwald-av-manager.de https://audatis.ds-manager.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com data:; script-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net https://audatis.ds-manager.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-4y/gEB2/KIwZFTfNqwXJq4olzvmQ0S214m9jwKgNXoc=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; frame-src 'self' https://*.mittwald.de https://mittwald-av-manager.de https://varnish-editor.dev.mittwald.systems https://varnish-editor.mittwald.de https://audatis.ds-manager.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com blob:; frame-ancestors https://*.mittwald.de https://*.mittwald.systems https://*.mittwald.it http://localhost:3000 blob:; media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; object-src 'none' 1
frame-ancestors 'self' vk.com *.vk.com; report-uri https://vk.com/csp 1
frame-ancestors 'self' https://*.blueconic.net; 1
frame-ancestors 'self'; default-src 'self'; img-src 'self' data: https://www.google-analytics.com https://www.hosttest.de/images/button/ https://anbieter-auszeichnungen.webhostlist.de https://www.hosttest.de; style-src 'self' 'unsafe-inline' data: https://anbieter-auszeichnungen.webhostlist.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://anbieter-auszeichnungen.webhostlist.de https://www.hosttest.de http://anbieter-auszeichnungen.webhostlist.de; 1
default-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;child-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;connect-src https: *.tawk.to wss://*.tawk.to;script-src https: 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net;img-src https: data: *.tawk.to cdn.jsdelivr.net;style-src * 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net;font-src https: data: *.tawk.to fonts.gstatic.com;media-src https:;object-src https:;form-action *;frame-src *; 1
frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 1
frame-ancestors 'self' http://planet.lookbookhq.com https://planet.lookbookhq.com http://planet.pathfactory.com https://planet.pathfactory.com http://content.planet.com https://content.planet.com; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-MzZmOWIwN2MtM2NmMi00ZWFkLTkyY2YtYzJhZjcyYjg1NDY1'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self' *.paizo.com *.kc-usercontent.com; img-src 'self' *.paizo.com https://*.bamboohr.com *.kc-usercontent.com *.ytimg.com https://*.google-analytics.com; connect-src 'self' https://*.paizo.com https://paizo.bamboohr.com https://*.kontent.ai https://*.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; frame-src *.paizo.com *.youtube.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paizo.com https://paizo.bamboohr.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net 1
default-src 'self' ; font-src 'self' data: https://static.smartframe.io https://fonts.gstatic.com https://js.arcgis.com https://st.getsitecontrol.com *.reactandshare.com ;    img-src 'self' data: blob: https://ucarecdn.com *.google-analytics.com *.analytics.google.com http://www.googletagmanager.com https://assets.smartframe.io https://static.smartframe.io https://thumbs.smartframe.io https://thumbs-cdn.smartframe.io https://syndication.twitter.com https://analytics.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://t.co https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://js.arcgis.com  https://services.arcgisonline.com https://server.arcgisonline.com https://utility.arcgis.com https://historicengland.org.uk *.historicengland.org.uk *.historic-england.org https://img.youtube.com https://i.ytimg.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://app.getsitecontrol.com https://secure.sitemorse.com https://hud.crazyegg.com/versions/1.0.120/images/dot.png https://hud.crazyegg.com/versions/1.0.120/images/color-ramp.png *.reactandshare.com https://media.getsitecontrol.com *.crazyegg.com https://ogc.apps.midgard.airbusds-cint.com ;    style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://js.arcgis.com https://hud.crazyegg.com/versions/1.0.80/index.css https://hud.crazyegg.com/versions/1.0.120/index.css *.reactandshare.com *.crazyegg.com ;    script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://static.smartframe.io https://rum-static.pingdom.net https://www.googletagmanager.com  https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com http://connect.facebook.net http://www.instagram.com https://js.arcgis.com https://az416426.vo.msecnd.net https://e.infogram.com https://s.ytimg.com https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://widgets.getsitecontrol.com https://st.getsitecontrol.com https://embed.typeform.com https://script.crazyegg.com https://heritage.candle.digital https://heritageschools.candle.digital https://www.youtube.com https://utility.arcgis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://platform.instagram.com https://www.arcgis.com https://cc.cdn.civiccomputing.com https://secure.sitemorse.com https://www.google.com https://historicengland.org.uk *.historicengland.org.uk *.historic-england.org *.reactandshare.com *.crazyegg.com *.outbrain.com ;    frame-src 'self' *.youtube.com https://www.youtube-nocookie.com *.arcgis.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://sketchfab.com https://www.instagram.com https://www.google.co.uk https://w.soundcloud.com https://heritage.candle.digital https://heritageschools.candle.digital https://app.powerbi.com https://e.infogram.com https://www.google.com https://www.smartsurvey.co.uk https://my.matterport.com https://prezi.com https://social.uploadcare.com https://hud.crazyegg.com/ *.crazyegg.com https://td.doubleclick.net https://w.soundcloud.com;    connect-src 'self' *.arcgis.com *.s3-accelerate.amazonaws.com https://hud.crazyegg.com/versions/latest https://upload.uploadcare.com/ https://api.os.uk https://js.arcgis.com https://ugcapi.historicengland.org.uk blob: https://www.google.com http://rum-collector-2.pingdom.net *.smartframe.io *.google-analytics.com *.analytics.google.com https://utility.arcgis.com https://www.arcgis.com https://services.arcgisonline.com https://static.arcgis.com https://datahub.esriuk.com https://dc.services.visualstudio.com/v2/track https://stats.g.doubleclick.net https://tracking.crazyegg.com https://script.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com *.historic-england.org https://apikeys.civiccomputing.com https://clapi.civiccomputing.com *.googlesyndication.com https://googleads.g.doubleclick.net wss://ws.pusherapp.com https://hud.crazyegg.com/healthcheck https://app.getsitecontrol.com *.crazyegg.com https://ogc.apps.midgard.airbusds-cint.com https://services-eu1.arcgis.com https://www.facebook.com/tr/  https://utility.arcgisonline.com *.outbrain.com ; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.brightcove.com *.decathlon.co.uk *.decathlon.com *.decathlon.net *.googleadservices.com *.gstatic.com *.zencdn.net intljs.rmtag.com blob: clicktalecdn.sslcs.cdngc.net connect.facebook.net decathlon.co.uk *.adyen.com *.cloudfront.net *.cnstrc.com *.decathlon.io *.quantserve.com *.useinsider.com *.wurfl.io cnstrc.com inj.luckycycle.com js-cdn.dynatrace.com *.mopinion.com players.brightcove.net widget.trustpilot.com prod-js.aws.y-track.com tag.rmp.rakuten.com track.shop2market.com www.google.com x.klarnacdn.net analytics.aptania.com *.adventori.com sync.commander1.com snap.licdn.com dsp.adfarm1.adition.com threed.numerized.com platform.twitter.com eu.klarnaevt.com static.ads-twitter.com bf97725pbp.bf.dynatrace.com analytics.twitter.com view.publitas.com api.heyday.ai webchat.heyday.ai api.luckyorange.com player.vimeo.com d10lpsik1i8c69.cloudfront.net act-eu.rd.linksynergy.com *.dotomi.com script.google.com script.googleusercontent.com pay.google.com commerce.aptania.com *.dwin1.com *.awin1.com *.clarity.ms *.sciencebehindecommerce.com *.zenaps.com cdn.corvidae.ai p.teads.tv scripts.publitas.com resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com eu.widget.mb-srv.com/v2 eu.evt.mb-srv.com/v2 seoab.io;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.criteo.com *.adnxs.com adventori.com ac.cnstrc.com babea371.klarnauserservices.com evt-eu.klarnaservices.com wss://ws.salecycle.com *.salecycle.com settings.luckyorange.net *.mopinion.com *.useinsider.com eu.klarnaevt.com api.heyday.ai *.dynamicyield.com api.numerized.com adm.dynamicyield.eu docs.google.com eu.playground.klarnaevt.com wss://*.visitors.live pubsub.googleapis.com api.luckyorange.com vimeo.com webservice.itinsell.com script.google.com script.googleusercontent.com *.testitinsell.com pay.google.com s2s.heyday.ai maintenance.decathlon.co.uk *.dwin1.com *.awin1.com *.wurf1.io fpc.decathlon.co.uk *.clarity.ms content.playprod.net *.teads.tv resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com seoab.io;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net sync.adotmob.com cx.atdmt.com *.linkedin.com consent.linksynergy.com *.decathlon.co.uk *.useinsider.com analytics.twitter.com t.co d22j4fzzszoii2.cloudfront.net consent.nxtck.com consent.mediaforge.com consent.jrs5.com consent.dc-storm.com uk-platform-content.s3.eu-west-2.amazonaws.com www.google.co.uk site.booxi.eu cacheorcheck.mopinion.com threed.numerized.com d10lpsik1i8c69.cloudfront.net track.linksynergy.com www.google.co.in p.adsymptotic.com uk-platform-content.s3.amazonaws.com *.dynamicyield.com login-ds.dotomi.com *.clarity.ms *.stickyadstv.com *.openx.net *.awin1.com *.zenaps.com c.bing.com *.teads.tv resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.decathlon.co.uk *.useinsider.com d22j4fzzszoii2.cloudfront.net fonts.mopinion.com *.dynamicyield.com qanda.preprod.decathlon.com resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io d22j4fzzszoii2.cloudfront.net gstatic.mopinion.com *.dynamicyield.com s2s.heyday.ai content.playprod.net applepay.cdn-apple.com resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.cube-net.pub *.zencdn.net data: *.booxi.eu *.cloudfront.net *.youtube.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net players.brightcove.net metrics.brightcove.com zencdn.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.criteo.com *.custhelp.com *.decathlon.co.uk *.decathlon.com *.facebook.com *.paypal.com *.salecycle.com *.tagcommander.com *.adyen.com *.booxi.eu *.cloudfront.net *.dynatrace.com *.trylive.com *.useinsider.com calendar.google.com cdn.trustcommander.net docs.google.com klarna.com messenger.com omny.fm *.vimeo.com wheel.lck.io widget.trustpilot.com www.google.co.in www.google.co.uk www.google.com topclicking.co.uk v.calameo.com fr.calameo.com api.heyday.ai rentle.store dev.rentle.store playstg.net user.playprod.net user.playstg.net event.playprod.net event.playstg.net content.playprod.net *.zenaps.com repair-hub.decathlon.net *.awin1.com es.calameo.com *.heyday.ai resources.digital-cloud-uk.medallia.eu resources.digital-cloud-uk.medallia.com;frame-ancestors 'self'; 1
default-src 'self'; base-uri 'none'; child-src 'self' blob: app.netlify.com netlify-cdp-loader.netlify.app; connect-src 'self' *.lottiefiles.com *.myshopify.com *.onetrust.com graphql.datocms.com test.aws.fooropa.com stockist.co *.stockist.workers.dev *.cloudfunctions.net bat.bing.com *.ip-api.com *.mapbox.com *.breezy.hr *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com *.googleapis.com analytics.tiktok.com *.yotoplay.com *.reviews.io *.lr-ingest.io *.logrocket.io *.logrocket.com *.lr-in-prod.com *.gorgias.chat *.gorgias.io wss://*.gorgias.chat api.gorgias.work *.sentry.io *.amplitude.com stream.mux.com *.analytics.google.com *.google-analytics.com *.maze.co rum.browser-intake-datadoghq.eu rum.browser-intake-datadoghq.com cdn.amplitude.com; media-src 'self' cdn.yoto.io cdn.shopify.com listen.radioking.com www.datocms-assets.com s3.radio.co *.gorgias.chat stream.mux.com; font-src 'self' data: fonts.gstatic.com *.gorgias.chat *.gorgias.io *.maze.co; form-action 'self' www.facebook.com; frame-ancestors *.netlify.app; frame-src player.vimeo.com *.breezy.hr *.netlify.app widget.trustpilot.com support.yotoplay.com *.yotoplay.com yoto-support.gorgias.help app.netlify.com netlify-cdp-loader.netlify.app *.maze.co www.facebook.com; img-src 'self' data: 'unsafe-inline' www.datocms-assets.com dummyimage.com source.unsplash.com images.unsplash.com cdn.shopify.com *.onetrust.com *.blob.core.windows.net ssl.gstatic.com bat.bing.com *.breezy.hr stockist.co *.mapbox.com *.googleapis.com maps.gstatic.com *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com www.google.com www.google.co.uk *.quantcount.com *.quantserve.com *.gorgias.io picsum.photos *.picsum.photos *.maze.co *.gorgias.chat *.tvsquared.com *.demdex.net; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com *.breezy.hr *.onetrust.com *.clarity.ms *.mountain.com www.facebook.com connect.facebook.net tagmanager.google.com widget.trustpilot.com www.googletagmanager.com www.google-analytics.com *.googleapis.com cdn.jsdelivr.net analytics.tiktok.com stockist.co *.stockist.co *.cloudflare.com www.googleoptimize.com *.yotoplay.com www.dwin1.com app.backinstock.org *.quantcount.com *.quantserve.com cdn.lr-in-prod.com cdn.lr-ingest.io cdn.logrocket.io *.gorgias.chat *.gorgias.io polyfill.io snippet.maze.co snap.licdn.com *.amplitude.com app.netlify.com netlify-cdp-loader.netlify.app netlify-rum.netlify.app *.maze.co www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.eu rum.browser-intake-datadoghq.com js.sentry-cdn.com browser.sentry-cdn.com *.tvsquared.com js.go2sdk.com; style-src * 'self' data: 'unsafe-inline' www.datocms-assets.com tagmanager.google.com fonts.googleapis.com; worker-src 'self' blob:; report-uri *.ingest.sentry.io/api/4505918023008256/security/?sentry_key=2ac3cae6afd61d8a2d6e49621c07025f; 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' embed.typeform.com app.sealmetrics.com flickr.com accounts.google.com optimize.google.com platform.twitter.com static.ads-twitter.com cdn.cookielaw.org  snap.licdn.com www.dev-com.repsol.com  www.repsol.com www.dev-net.repsol.com www.google-analytics.com analytics.tiktok.com cdns.eu1.gigya.com *.tribalfusion.com consent.cookiebot.com www.googleadservices.com googleads.g.doubleclick.net *.krxd.net connect.facebook.net consentcdn.cookiebot.com trc.taboola.com wave.outbrain.com tr.outbrain.com assets.adobedtm.com www.googletagmanager.com www.youtube.com *.google-analytics.com *.analytics.google.com apis.google.com www.google.com www.recaptcha.net cdn.taboola.com amplify.outbrain.com trc.taboola.com tr.outbrain.com wave.outbrain.com ads-engagement.presage.io www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src * blob: data: 1
default-src 'self'; frame-ancestors 'none'; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com  fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none'; 1
default-src 'self' https: 1
blob: 1
script-src 'self' https://gerrys.net*; style-src 'self' https://gerrys.net*; 1
frame-ancestors 'self' https://*.viewbug.com 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://kit.fontawesome.com/771805b96d.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src  'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://region1.google-analytics.com https://www.google-analytics.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://www.youtube.com 'self'; img-src 'self' https://www.google-analytics.com https://www.jisc.ac.uk; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://tarifaluzhora.es/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com/1/api.js https://newassets.hcaptcha.com/captcha/v1/ *.googleoptimize.com *.hotjar.com *.puzzel.com *.vps.net *.bing.com *.twitter.com *.linkedin.com *.google.com *.addthisedge.com *.prfct.co *.addthis.com *.getclicky.com *.facebook.net *.marinsm.com *.hotjar.com *.gstatic.com *.googletagmanager.com *.jquery.com *.trustpilot.com *.uk2group.com *.google-analytics.com *.pingdom.net *.qualtrics.com *.visualwebsiteoptimizer.com *.typeform.com; img-src data: 'self' *.hotjar.com *.uk2group.com *.puzzel.com *.bing.com *.adnxs.com *.pubmatic.com *.marinsm.com *.yahoo.com *.openx.net *.prfct.co *.vps.net *.facebook.com *.gravatar.com *.visualwebsiteoptimizer.com *.google-analytics.com *.doubleclick.net *.pingdom.net *.google.com; font-src 'self' data: *.hotjar.com *.vps.net *.gstatic.com maxcdn.bootstrapcdn.com *.puzzel.com *.visualwebsiteoptimizer.com; style-src 'self' *.vps.net optimize.google.com *.googleoptimize.com *.bootstrapcdn.com *.googleapis.com *.puzzel.com *.visualwebsiteoptimizer.com *.typeform.com 'unsafe-inline'; connect-src *.google-analytics.com livechat.uk2group.com *.hotjar.com script.hotjar.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com graylog.hotjar.com:12443 *.addthis.com dev.visualwebsiteoptimizer.com *.puzzel.com *.twitter.com *.trustpilot.com *.pingdom.net *.hotjar.com *.vps.net wss://ws4.hotjar.com 'self'; child-src *.vps.net *.uk2group.com *.puzzel.com *.visualwebsiteoptimizer.com; object-src 'self' *.vps.net *.puzzel.com *.visualwebsiteoptimizer.com; frame-src https://newassets.hcaptcha.com/ *.hotjar.com *.google.com *.uk2group.com *.twitter.com *.addthis.com *.puzzel.com *.trustpilot.com *.facebook.com *.hotjar.com *.typeform.com; default-src 'self' *.puzzel.com *.vps.net; media-src data: *.puzzel.com; 1
frame-ancestors 'self' https://*.ashampoo.com https://*.cms.test 1
default-src 'self';object-src 'self';frame-src 'self' https://app.sli.do/ https://www.youtube-nocookie.com/ https://playout.3qsdn.com/ https://vimeo.com/ https://player.vimeo.com/ https://streaming.multicaster.eu/ https://video-api.comm.consilium.europa.eu/ https://media.video.taxi/ https://start.video-stream-hosting.de/;script-src 'self' 'unsafe-inline' https://player.vimeo.com https://127.0.0.1:8080/ https://127.0.0.1:8081/;worker-src blob:;style-src 'self' 'unsafe-inline' https://127.0.0.1:8080/ https://127.0.0.1:8081/;img-src 'self' data: https://i.vimeocdn.com/ https://i.ytimg.com/;font-src 'self' data:;manifest-src 'self' 1
frame-ancestors 'self' https://app.lodgify.com https://www.lodgify.com https://academy.lodgify.com; 1
default-src 'self' https://www.ica.gov.sg/ https://*.vica.gov.sg/  *.googletagmanager.com https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wogaa.sg  https://*.vica.gov.sg/  https://www.gstatic.com/recaptcha https://google.com/recaptcha https://assets.adobedtm.com/ *.googletagmanager.com va.ecitizen.gov.sg static.zdassets.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://widget-mediator.zopim.com *.onemap.gov.sg https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://*.vica.gov.sg/ https://assets.wogaa.sg/fonts/ va.ecitizen.gov.sg *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.onemap.gov.sg; font-src 'self' data: https://assets.wogaa.sg/fonts/ va.ecitizen.gov.sg s3-us-west-2.amazonaws.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.ica.gov.sg/ https://*.vica.gov.sg/ https://img.youtube.com/ va.ecitizen.gov.sg data: *.googletagmanager.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob: va.ecitizen.gov.sg https://static.zdassets.com; frame-src 'self' https://www.google.com/ https://www.gstatic.com/recaptcha https://google.com/recaptcha https://wogaa.demdex.net *.youtube.com https://www.streetdirectory.com/ https://www.onemap.gov.sg/ www.youtube-nocookie.com *.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' wss://*.vica.gov.sg/ https://*.vica.gov.sg/ https://*.wogaa.sg  https://dpm.demdex.net/ https://www.google-analytics.com accounts.google.com ekr.zdassets.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.zendesk.com wss://widget-mediator.zopim.com https://va.ecitizen.gov.sg https://stats.g.doubleclick.net; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch https://datawrapper.dwcdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch blob:; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com https://datawrapper.dwcdn.net/; frame-ancestors https://*.ge.ch; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch blob:; font-src 'self' data:; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch https://*.infomaniak.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://tpc.googlesyndication.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.googleadservices.com https://bat.bing.com https://s.adroll.com https://pixel.cdnwidget.com https://static.criteo.net https://sslwidget.criteo.com https://connect.facebook.net https://edge.fullstory.com https://fullstory.com https://d.adroll.com https://*.doubleclick.net https://mmtro.com https://cdn.mmtro.com https://api.neuro-id.com https://logs.neuro-id.com https://scripts.neuro-id.com https://*.optimizely.com https://tags.tiqcdn.com https://deploytealium.com https://*.impactradius-event.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com/ https://px.ads.linkedin.com/ https://load.sumo.com https://load.sumome.com https://widget.trustpilot.com https://*.vimeocdn.com https://*.fastcdn.co https://heatmap.services https://hackerone.com https://heatmap-events-collector.instapage.com https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.upgrade.com https://*.go-mpulse.net; frame-src https://dis.us.criteo.com https://*.doubleclick.net https://upgrade.pxf.io https://connect.facebook.net https://tpc.googlesyndication.com https://*.vimeo.com https://*.youtube.com https://widget.trustpilot.com https://hackerone.com https://www.google.com/recaptcha/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: about: 'unsafe-inline'; frame-ancestors 'self' *.greenvelopetesting.com *.greenvelope.com localizejs.com localize.live *.facebook.com; style-src * 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: *; worker-src 'unsafe-inline' data: blob: *; 1
frame-ancestors https://adcb-dreamhome.bayut.com 1
default-src 'self' https://cdn.tresorit.com; script-src 'self' https://cdn.tresorit.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ajax.googleapis.com https://tagmanager.google.com https://az579219.vo.msecnd.net https://az416426.vo.msecnd.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://bat.bing.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net https://pi.pardot.com https://go.tresorit.com https://connect.facebook.net https://snap.licdn.com https://userlike-cdn-umm.b-cdn.net https://*.nrich.ai 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' 'sha256-y/5mPR8QdGvI0a6FfOwVWx71NjFHmb9oim1jH5qUf70=' 'sha256-7xVnYHUpsoBVwfChKB2fwOtjduvJpBbyCuAzoFnPBnM=' 'sha256-qftkcCrYzhsV9hfLPU1D4tct2uzZO/jkr21QQvnFfZk='; style-src 'self' 'unsafe-inline' https://cdn.tresorit.com https://tagmanager.google.com https://fonts.googleapis.com https://az579219.vo.msecnd.net https://optimize.google.com https://assets.calendly.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://static.hotjar.com https://script.hotjar.com; frame-src 'self' https://cdn.tresorit.com https://www.googletagmanager.com https://tagmanager.google.com https://vars.hotjar.com https://apisandbox.zuora.com https://www.zuora.com https://www.youtube.com https://www.youtube-nocookie.com https://az579219.vo.msecnd.net https://optimize.google.com https://forms.office.com/ https://calendly.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net; font-src 'self' data: https://cdn.tresorit.com https://fonts.gstatic.com https://script.hotjar.com https://az579219.vo.msecnd.net https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-umm.b-cdn.net; connect-src 'self' https://cdn.tresorit.com https://www.google.com https://*.analytics.google.com https://adservice.google.com https://*.google-analytics.com https://*.googletagmanager.com https://installer.tresorit.com https://subscribeapi.tresorit.com https://webapi.tresorit.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://174-dsp-873.mktoresp.com https://stats.g.doubleclick.net wss://umd.userlike.com https://umd.userlike.com https://api.userlike.com https://d3upe020n1uosc.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.userlike.com https://abuseapi.tresorit.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com/tr/ https://bat.bing.com https://tag.nrich.ai blob:; media-src 'self' https://cdn.tresorit.com https://az579219.vo.msecnd.net https://d3dc1lgancj6l0.cloudfront.net https://userlike-store-media-files.s3.amazonaws.com https://www.userlike.com blob:; child-src 'self' https://api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net blob:; manifest-src 'none'; object-src 'self'; script-src-attr 'none'; worker-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.zuora.com https://tresorit.ghost.io https://blog.tresorit.com https://send.tresorit.com; report-uri https://webapi.tresorit.com/v1/weblogformdata/cspwebsite 1
frame-ancestors http://msdcxp.msp.int http://msdcxp.msp.de 1
script-src 'unsafe-inline' *.digid.nl piwik.dtnr.nl statistiek.mijn.overheid.nl *.obi4wan.com 'unsafe-eval'; img-src 'unsafe-inline' data: *.digid.nl *.rovid.nl statistiek.mijn.overheid.nl piwik.dtnr.nl *.obi4wan.com; style-src 'unsafe-inline' *.digid.nl; default-src 'self' *.digid.nl *.rovid.nl; connect-src 'self' *.obi4wan.ai *.obi4wan.com wss://ws-eu.pusher.com; 1
default-src 'none';frame-ancestors 'none' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com doo.net piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://*.googlesyndication.com https://mc.yandex.ru blob: https://www.provenance.org https://ln-rules.rewardstyle.com blob: https://*.awin1.com https://*.zenaps.com https://*.criteo.com https://app.qubit.com https://www.pinterest.com https://www.pinterest.co.uk; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://mc.yandex.ru https://ymetrica1.com https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://analytics.tiktok.com https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.cultbeauty.co.uk https://api.provenance.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.rlcdn.com https://storyboard.storystream.ai https://content.storystream.ai https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://ct.pinterest.com https://static.criteo.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://yastatic.net https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.cultbeauty.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.cultbeauty.co.uk https://*.vimeocdn.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://*.google.co.uk https://google.co.uk https://analytics.tiktok.com https://*.ibytedtos.com https://*.liveperson.com https://tpc.googlesyndication.com https://mc.yandex.com https://mc.yandex.ru https://yastatic.net https://unpkg.com/@provenance/ https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://drj5wi2x4lz96.cloudfront.net/css/embed.css https://d7c4jjeuqag9w.cloudfront.net https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.cloudfront.net https://*.forter.com https://*.allsaints.com https://*.adyen.com https://*.klarna.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 1
script-src  *.segmanta.com *.pypestream.com *.bigcommerce.com *.betrad.com *.ipify.org *.kaptcha.com *.jebbit.com *.lightboxcdn.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.devcloudsoftware.com *.zmags.com *.jquery.com *.crazyegg.com *.adsrvr.org sc-static.net *.pinimg.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.stripe.com *.doubleclick.net *.googletagmanager.com *.agkn.com *.pgsitecore.com *.pghub.io *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.rewardstyle.com *.adsrvr.org *.adsrvr.org *.moatads.com *.attn.tv *.linkedin.com *.youtube.com *.ytimg.com *.bing.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com *.agkn.com *.online-metrix.net *.ravenjs.com *.addrexx10.com *.bizographics.com *.cardinalcommerce.com *.bazaarvoice.com *.yotpo.com  cdn.cookielaw.org  *.cloudfront.net *.rpxnow.com rpxnow.com *.iesnare.com *.polyfill.io geolocation.onetrust.com *.sharethis.com *.tapad.app *.pepperjam.com *.segment.com *.affirm.com *.minibc.com *.syndigo.com *.webcollage.net *.mapbox.com *.lytics.io *.ordergroove.com *.pepperjamnetwork.com *.tp88trk.com *.snapchat.com *.tiktok.com *.rokt.com *.ssacdn.com *.ads-twitter.com *.twitter.com *.ssacdn.com *.terracycle.com *.swaven.com https://tapjoy.go2cloud.org/SL2Wm https://shareasale-analytics.com/j.js https://pghub.io/js/pandg-sdk.js optanon.blob.core.windows.net b-code.liadm.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ; frame-ancestors 'self' ; object-src 'none'; 1
default-src 'self';script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval';style-src 'self' http: data: https: 'unsafe-inline';img-src 'self' http: https: data: blob:;media-src 'self' https://static.zdassets.com;connect-src 'self' http: https: wss:;font-src 'self' http: https:;frame-src https:;frame-ancestors none 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; child-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; frame-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; worker-src https://*.viveport.com blob:; upgrade-insecure-requests; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-YmE0NTdhY2UtNDQ3Ni00N2VlLTk1YzUtYTZlYjAzMWExNmRh'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
script-src 'self' https://*.patreon.com 'unsafe-inline' 1
default-src 'none';base-uri 'self';connect-src 'self';form-action 'self';manifest-src 'self' data:;font-src 'self';child-src https://www.youtube-nocookie.com;frame-src https://www.youtube-nocookie.com;frame-ancestors 'self';worker-src 'self';img-src 'self' data: https://i.ytimg.com/vi/;object-src 'none';script-src 'self' 'sha256-v7nzrjvPdsyHF2LFWiAcj7/YRFQq5XyZuhATblCzFko=';style-src 'self' 'sha256-C7vpsE1KLI7RuUgCprJTQZin6dWK+ccynbOx+OqjVow=' 'sha256-tbWZ4NP1341cpcrZVDn7B3o9bt/muXgduILAnC0Zbaw='; 1
frame-ancestors www.namespro.ca 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: *.toolstation.com https://ecom-api.toolstation.com *.woosmap.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.googletagmanager.com *.gstatic.com *.toolstation.com *.amazonaws.com *.monetate.net *.youtube.com *.brcdn.com *.brsrvr.com *.noibu.com *.tvsquared.com *.demdex.net *.ytimg.com *.wistia.com *.wistia.net smct.co *.smct.co smct.io *.smct.io *.micpn.com *.braintreegateway.com *.sandbox.braintreegateway.com checkout.paypal.com; child-src blob: *.braintreegateway.com *.sandbox.braintreegateway.com c.braintreegateway.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.toolstation.com *.toolstation.com *.googletagmanager.com *.google.com gstatic.com *.bazaarvoice.com *.bloomreach.io toolstation-team.freshchat.com *.euc-freshbots.ai *.monetate.net fonts.googleapis.com; worker-src 'self' blob:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.toolstation.com https://ecom-api.toolstation.com toolstation-team.freshchat.com www.toolstation.com *.toolstation.com cdn-ukwest.onetrust.com cdnjs.cloudflare.com *.polyfill.io *.braintreegateway.com *.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.monetate.net *.woosmap.com *.bazaarvoice.com *.postcodeanywhere.co.uk *.google.com secure.quantserve.com *.contentsquare.net *.pinimg.com *.facebook.net *.cooladata.com *.micpn.com *.bing.com *.rakuten.com *.revlifter.io *.quantcount.com clarity.ms *.bloomreach.io cdns.brsrvr.com googleads.g.doubleclick.net www.clarity.ms collector-25306.tvsquared.com https://*.noibu.com wss://*.noibu.com *.brcdn.com *.brsrvr.com *.uk.exponea.com *.paypal.com *.paypalobjects.com *.euc-freshbots.ai *.pusher.com *.videoly.co *.youtube-nocookie.com *.youtube.com *.tiktok.com *.instagram.com *.ytimg.com *.wistia.com *.wistia.net songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.gocardless.com track.omguk.com www.recaptcha.net polyfill.io; font-src *.toolstation.com *.gstatic.com *.toolstation.com *.woosmap.com *.bootstrapcdn.com data: *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.bazaarvoice.com; connect-src *.toolstation.com https://ecom-api.toolstation.com https://www.toolstation.com/api *.google.com google.com/pay *.bazaarvoice.com *.woosmap.com *.googleapis.com *.toolstation.dev *.toolstation.com *.onetrust.com *.google-analytics.com *.google.com pagead2.googlesyndication.com api.woosmap.com *.pinterest.com *.bing.com *.browser-intake-datadoghq.eu *.polyfill.io stats.g.doubleclick.net googleads.g.doubleclick.net *.bloomreach.io *.monetate.net *.contentsquare.net *.noibu.com *.braintree-api.com spay.samsung.com https://*.noibu.com wss://*.noibu.com *.uk.exponea.com *.paypal.com *.sandbox.braintreegateway.com api.braintreegateway.com client-analytics.braintreegateway.com *.euc-freshbots.ai rts-euc.freshworksapi.com wss: rts-euc.freshworksapi.com ws: *.pusher.com *.cardinalcommerce.com *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.cooladata.com www.facebook.com pixel.quantcount.com browser-intake-datadoghq.eu; frame-src * *.toolstation.com toolstation-team.freshchat.com toolstation-team.eu.webpush.freshchat.com iprospecthosting.com *.iprospecthosting.com *.facebook.com configurator.kitchenkit.co.uk app.hellosign.com widget.trustpilot.com *.polyfill.io ct.pinterest.com *.braintreegateway.com *.paypal.com *.sandbox.braintreegateway.com *.google.com *.cardinalcommerce.com *.monetate.net *.videoly.co *.youtube-nocookie.com *.youtube.com *.tiktok.com *.instagram.com *.ytimg.com *.wistia.com *.wistia.net d2d7do8qaecbru.cloudfront.net *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.doubleclick.net *.gocardless.com; form-action * 'self' www.facebook.com *.cardinalcommerce.com *.highradius.com *.invevo.io; object-src 'none'; base-uri *.toolstation.com; media-src data 1
frame-ancestors *.zum.com 1
frame-ancestors 'self' https://*.lerobert.com; 1
frame-ancestors 'self' https://ajax.googleapis.com; object-src 'self' https://www.facebook.com https://twitter.com https://platform.twitter.com https://www.google-analytics.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=4o0cr8tiqueql&partner=; 1
upgrade-insecure-requests; frame-ancestors 'self' www.cohesity.com *.cohesity.com *.nexuscenter.io 1
default-src 'none'; manifest-src 'self'; object-src 'self';script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net *.trustedshops.com; style-src https: https://fonts.googleapis.com 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' https://stats.ledl.net http://homepage-kosten.de *.trustedshops.com data:; font-src 'self' https://fonts.gstatic.com *.trustedshops.com *.domaintechnik.at; frame-ancestors 'self' https://stats.ledl.net; frame-src 'self' https://stats.ledl.net www.youtube-nocookie.com; form-action 'self' *.domaintechnik.at *.ssl-net.net *.ssl-secured.eu *.ssl-gesichert.at; connect-src 'self' https://stats.ledl.net *.google-analytics.com *.trustedshops.com; media-src 'self' 1
base-uri 'self'; default-src 'self' data: https://dumbledore.zcu.cz https://www.google-analytics.com; font-src 'self' data:; ; frame-ancestors 'none'; frame-src https://maphub.net https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://almamather.zcu.cz:1443 https://experts.ai https://docs.google.com https://calendar.google.com; img-src 'self' data: https://info.zcu.cz https://minerva.zcu.cz https://stag-ws.zcu.cz https://www.google-analytics.com https://*.openstreetmap.org https://*.seznam.cz https://www.facebook.com; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net 'nonce-wHHZ3daTiF6Y9ppbUK0MzhSpC6mrH5lPPA2fAcemsIg='; style-src 'self' https://fonts.googleapis.com 'nonce-wHHZ3daTiF6Y9ppbUK0MzhSpC6mrH5lPPA2fAcemsIg='; worker-src 'none'; upgrade-insecure-requests 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scrumorg.disqus.com https://c.disquscdn.com https://disqus.com https://referrer.disqus.com https://connect.facebook.net https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.recaptcha.net/ https://www.gstatic.com/ https://www.gstatic.cn https://ssl.google-analytics.com https://static.zdassets.com https://cdn.evgnet.com https://cdn.evergage.com https://scrumdotorg.us-6.evergage.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.scrum.org https://unpkg.com https://widget.trustpilot.com; frame-ancestors 'self'; report-uri https://www.scrum.org/report-uri/enforce 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfasu.edu *.tableau.com *.typekit.net cdn.jsdelivr.net *.fontawesome.com *.google-analytics.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.ocelotbot.com *.vimeo.com *.technolutions.net *.adroll.com *.consensu.org *.simpli.fi *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.com *.b0e8.com *.dstillery.com *.marchex.io *.quantserve.com *.adsrvr.org *.bc0a.com *.media6degrees.com *.quantcount.com *.adentifi.com *.meritpages.com *.cloudflare.com unpkg.com *.jsdelivr.net *.adsymptotic.com *.libanswers.com *.libcal.com *.libapps.com *.springyaws.com sfasu.libanswers.com doublethedonation.com; img-src 'self' data: *.3lift.com *.addthis.com *.adentifi.com *.adnxs.com *.adroll.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.apxlv.com *.b0e8.com *.bfmio.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.cogocast.net *.company-target.com *.crwdcntrl.net *.demdex.net *.doubleclick.net *.dstillery.com *.exelator.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.intentiq.com *.lijit.com *.marchex.io *.mathtag.com *.ocelotbot.com *.openx.net *.outbrain.com *.placeholder.com *.pro-market.net *.pubmatic.com *.qccerttest.com *.quantserve.com *.reson8.com *.rlcdn.com *.rubiconproject.com *.sfasu.edu *.simpli.fi *.spotxchange.com *.stickyadstv.com *.taboola.com *.tapad.com *.tremorhub.com *.trueleadid.com *.typekit.net *.yahoo.com *.youtube.com meritpages.com pippio.com thrtle.com *.s3.amazonaws.com doublethedonation.com fakeimg.pl; frame-ancestors 'self' *.sfasu.edu *.ocelotbot.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://unpkg.com  https://cdnjs.cloudflare.com  https://cdn.jsdelivr.net https://code.jquery.com http://code.jquery.com   http://maps.googleapis.com  https://www.google-analytics.com https://bam.nr-data.net  https://www.googletagmanager.com https://js-agent.newrelic.com;   object-src 'none'; base-uri 'none'; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com data:; report-uri 'none'; 1
connect-src adobedc.demdex.net edge.adobedc.net *.amazonaws.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.kyruus.com 'self' *.visualstudio.com wss:; default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src try.abtasty.com *.adobedtm.com *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.invoca.net *.invocacdn.com *.jsdelivr.net *.msecnd.net *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com datalayer.ucsfhealth.org 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com optimize.google.com 'self' 'unsafe-inline'; worker-src blob:; 1
frame-ancestors 'self' myonline.bradley.edu bradley.meritpages.com 1
default-src https: ; img-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https: ; object-src 'none';  font-src https: data: ;  1
default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 1
default-src 'self' *.ebuyer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.cnetcontent.com *.cnetcontentsolutions.com www.dwin1.com e2d2.easy2.com *.google.com *.google-analytics.com *.googleadservices.com *.googlecommerce.com *.googletagmanager.com storage.googleapis.com/code.snapengage.com/ *.reevoo.com *.snapengage.com www.gstatic.com *.facebook.net *.twitter.com content.syndigo.net *.exponea.com blob: *.turn.com snap.licdn.com px.ads.linkedin.com widget.trustpilot.com w-it.m-t.io *.segmentify.com *.webgains.io cnstrc.com www.googleoptimize.com *.googleapis.com *.tiktok.com collector-11098.tvsquared.com *.klaviyo.com *.clarity.ms js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net *.hotjar.com *.redditstatic.com *.1worldsync.com *.fullstory.com *.mention-me.com https://secure.dekopay.com *.doubleclick.net; object-src 'self' *.reevoo.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.cnetcontentsolutions.com *.cnetcontent.com *.reevoo.com *.google.com fonts.googleapis.com *.segmentify.com *.1worldsync.com; img-src 'self' data: *.cloudfront.net *.cnetcontent.com *.cnetcontentsolutions.com *.cnetcontentsyndication.com *.doubleclick.net img.ebyrcdn.net *.ebuyer.com *.facebook.com *.google.ie *.google.com *.google.co.uk *.google-analytics.com storage.googleapis.com/code.snapengage.com www.googlecommerce.com *.gstatic.com bat.r.msn.com *.reevoo.com *.snapengage.com *.twitter.com *.syndigo.net ads.yahoo.com w-it.m-t.io px.ads.linkedin.com collector-11098.tvsquared.com *.klaviyo.com *.hubspot.com *.reddit.com *.1worldsync.com; media-src 'none'; frame-src 'self' *.cnetcontentsolutions.com *.reevoo.com *.snapengage.com www.googlecommerce.com *.google.com *.facebook.com *.twitter.com *.youtube.com *.cnetcontent.com *.trustpilot.com *.hotjar.com *.1worldsync.com *.mention-me.com https://mention-me.com *.doubleclick.net; font-src 'self' 'self' data: 'unsafe-inline' fonts.gstatic.com x.klarnacdn.net *.reevoo.com; connect-src 'self' *.googlecommerce.com *.google-analytics.com *.exponea.com *.turn.com *.snapengage.com *.segmentify.com *.webgains.io *.cnstrc.com *.googleapis.com *.klaviyo.com *.tiktok.com *.clarity.ms *.hubspot.com *.hotjar.com *.fullstory.com *.mention-me.com https://mention-me.com orders.ebuyer.com; 1
script-src 'self' 'report-sample' 'nonce-GfHQilCQ47JDEyTnbySrKA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'sha256-NCKNRxHOZ9NZZP1xYaFbbqjnjnIkTO+5uafvQF2F+Ok=' 'sha256-MF4OdOnsHLn63JSCXslyutSsN6cn2VjFCfcBkh8UA+U=' 'sha256-NyU5VcnUQ+qsk+xqFFnzgzL0ogzibyKUEOEJiGnm6LI=' 'sha256-xqRANPm8v5XHL3LopmHGSCIBVnSm+dHOI4AnlD0pWeY=' 'sha256-+w8qqRyG3+lLwdlPmZJJA5+4engGjZ6fe9i303mvhpg=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI='; object-src 'none'; base-uri 'self'; frame-ancestors https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://*.mygreatlearning.com https://*.greatlearning.in https://mbaonline.snu.edu.in https://snu.edu.in https://sme.snu.edu.in https://iiitd.ac.in https://www.iiitd.ac.in https://pgdcsai.iiitd.ac.in https://www.greatlakes.edu.in https://onlinejain.com https://www.onlinejain.com https://www.jain-online.com https://jain-online.com https://*.bhartiaxa.com https://professionalonline2.mit.edu https://professional.mit.edu https://www.srmonline.in https://srmonline.in https://careerkarma.com https://pes.edu https://*.olympuslms.com; report-uri /csp-report; report-to web-csp-endpoint; 1
frame-ancestors 'self' *.chatbot.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.juicer.io traffic-drivers.unibuddy.co cdn.unibuddy.co cdn.jsdelivr.net embed.tawk.to pub21.bravenet.com assets.bnidx.com apps.bravenet.com widgets.flickr.com embedr.flickr.com public.tableau.com e1.envoke.com cdnjs.cloudflare.com ajax.googleapis.com 25livepub.collegenet.com platform.twitter.com googleads.g.doubleclick.net cdn.syndication.twimg.com code.jquery.com connect.facebook.net cse.google.com e.issuu.com ssl.google-analytics.com ucads-cdn.ucweb.com uwinnipeg.ca www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com ; style-src 'self' 'unsafe-inline' assets.juicer.io *.typekit.net cdn.jsdelivr.net pub21.bravenet.com e1.envoke.com cdnjs.cloudflare.com  www.google.com platform.twitter.com fonts.googleapis.com ajax.googleapis.com uwinnipeg.ca ton.twimg.com 'unsafe-eval'; img-src 'self' data: scontent.cdninstagram.com www.juicer.io img.juicer.io assets.juicer.io *.xx.fbcdn.net news.uwinnipeg.ca web-assets.uwinnipeg.ca cdn.jsdelivr.net static-v.tawk.to c1.staticflickr.com farm5.staticflickr.com public.tableau.com files.envoke.com abs.twimg.com www.google.ca www.gstatic.com 25livepub.collegenet.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com googleads.g.doubleclick.net pbs.twimg.com ton.twimg.com www.google-analytics.com www.facebook.com syndication.twitter.com uwinnipeg.ca platform.twitter.com www.fourmilab.ch ssl.google-analytics.com www.google.com www.googleapis.com www.googletagmanager.com; font-src 'self' data: static.juicer.io *.typekit.net static-v.tawk.to apps.bravenet.com maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' www.juicer.io *.tawk.to wss://*.tawk.to 25livepub.collegenet.com pub21.bravenet.com fonts.googleapis.com ajax.googleapis.com www.google.com www.google.com e1.envoke.com api.ipapi.com google-analytics.com www.facebook.com www.google-analytics.com ssl.google-analytics.com ca.api4load.com gjtrack.ucweb.com plugin.ucads.ucweb.com; object-src 'self' www.youtube.com; child-src 'self' www.googletagmanager.com www.youtube.com bid.g.doubleclick.net cse.google.ae cse.google.ca cse.google.com e.issuu.com indd.adobe.com platform.twitter.com syndication.twitter.com uwinnipeg.ca www.google.com; frame-src 'self' www.cbc.ca www.openstreetmap.org api2.enscape3d.com forms.office.com traffic-drivers.unibuddy.co player.vimeo.com popcard.unibuddy.co unibuddy.co www.juicer.io uwinnipegca.elluciancrmrecruit.com uwinnipegcatest.elluciancrmrecruit.com  va.tawk.to embed.radiopublic.com www.chemicalsafety.com chemicalsafety.com static.issuu.com  w.soundcloud.com www.flickr.com public.tableau.com www.lapersonnelle.com www.thepersonal.com www.youtube.com 25livepub.collegenet.com cse.google.ca cse.google.com bid.g.doubleclick.net uwinnipeg.ca platform.twitter.com syndication.twitter.com www.google.com e.issuu.com indd.adobe.com ; frame-ancestors 'self' uwinnipegca.elluciancrmrecruit.com panopto.uwinnipeg.ca uwinnipeg.ca.panopto.com collegiate.uwinnipeg.ca *.uwinnipeg.ca; media-src 'self' dev-www.uwinnipeg.ca www.uwinnipeg.ca web-assets.uwinnipeg.ca; form-action 'self' www.bettermail.ca platform.twitter.com syndication.twitter.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fosstodon.org; img-src 'self' https: data: blob: https://fosstodon.org; style-src 'self' https://fosstodon.org 'nonce-vqVnQeQWCGfV+EPqHsaNzA=='; media-src 'self' https: data: https://fosstodon.org; frame-src 'self' https:; manifest-src 'self' https://fosstodon.org; form-action 'self'; child-src 'self' blob: https://fosstodon.org; worker-src 'self' blob: https://fosstodon.org; connect-src 'self' data: blob: https://fosstodon.org https://cdn.fosstodon.org wss://fosstodon.org; script-src 'self' https://fosstodon.org 'wasm-unsafe-eval' 1
default-src 'unsafe-eval' 'unsafe-inline' *;frame-src about: *;img-src data: about: blob: *;font-src data: *;frame-ancestors self my.readymag.com readymag.com 1
frame-ancestors 'self' https://*.salesforce.com 1
frame-ancestors 'self'; script-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.jquery.com *.newrelic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.jquery.com 'unsafe-inline'; object-src 'self' 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-ERS36/5ZO4zPrYWjJLamqWOFc2ZDGX+ppZo3E0+KGNTdJJfqx2' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
frame-ancestors https://*.lmt.lv http://*.lmt.lv http://*.lmt.lv:* 1
frame-ancestors 'self' https://*.olaelectric.com https://*.olacabs.com; 1
frame-ancestors https://*.bizapedia.com 1
font-src 'self' https://*.typekit.net https://*.googleusercontent.com https://*.gstatic.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io; img-src 'self' data: https://*.bing.com https://*.linkedin.com https://*.eloqua.com https://*.google.com https://*.adsymptotic.com https://*.google.com.co https://*.vidyard.com https://*.google-analytics.com https://*.google.vg https://*.gstatic.com https://*.googleusercontent.com https://*.amazonaws.com/ https://*.hotjar.com https://*.twimg.com https://*.twitter.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.gartner.com https://cookiesstaging.blob.core.windows.net/ https://*.facebook.com https://*.plex.com https://*.6sc.co https://*.hotjar.io *.capterra.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.vidyard.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.com https://*.google.vg https://*.licdn.com https://*.bing.com https://*.hotjar.com https://*.doubleclick.net https://*.newrelic.com https://*.jquery.com https://*.want7feed.com https://*.en25.com https://*.nr-data.net https://*.driftt.com https://*.cloudfront.net https://*.eloqua.com https://*.bidr.io https://*.addthis.com https://*.ampproject.org https://*.moatads.com https://*.addthisedge.com https://*.jquery.js https://*.twitter.com https://*.twimg.com https://*.zoominfo.com https://googleads.g.doubleclick.net https://*.gartner.com https://cookiesstaging.blob.core.windows.net https://cdn.cookielaw.org https://*.onetrust.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.6sc.co https://*.googleoptimize.com https://*.hotjar.io https://*.tourial.com *.capterra.com *.storylane.io cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com play.vidyard.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net https://*.google.com https://*.googleapis.com https://*.twitter.com https://*.twimg.com https://*.gartner.com https://*.googletagmanager.com *.capterra.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' http://*.lookbookhq.com https://*.lookbookhq.com http://*.pathfactory.com https://*.pathfactory.com http://resources.plex.com https://resources.plex.com 1
base-uri 'self'; upgrade-insecure-requests; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.werally.com; script-src 'self' https: 'nonce-kIlW5MP7en6afdlBHU7yquztxIwO6XL2' 'strict-dynamic'; script-src-elem 'self' https://accounts.int.werally.in https://accounts.bluesteel.werally.in https://accounts.werally.com; default-src 'self'; connect-src 'self' https://*.werally.com; worker-src 'self'; frame-ancestors 'none'; report-uri https://member.werally.com/rest/csp-reporter; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ifaqs.flexanswer.com m1.dimelochat.com *.dimelo.com onelogin.m1.com.sg www.m1.com.sg www.gstatic.com www.google.com *.m1net.com.sg youtube.com maps.googleapis.com cloud.typography.com www.google-analytics.com *.survey.alchemer.com *.survey.alchemer.eu *.criteo.com *.criteo.net *.appier.net *.queue-it.net *.bf.dynatrace.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud; img-src *.m1.com.sg ifaqs.flexanswer.com *.s3.amazonaws.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud 'self' blob: data: https:; style-src 'self' 'unsafe-inline' ifaqs.flexanswer.com www.google-analytics.com cloud.typography.com www.m1.com.sg console-flex-api.ap.sabio.cloud console.ap.sabio.cloud; font-src 'self' data: 'unsafe-inline' ifaqs.flexanswer.com *.amazonaws.com console-flex-api.ap.sabio.cloud console.ap.sabio.cloud; object-src 'self' 'none' 1
frame-ancestors https://*.tatacliq.com; connect-src 'self' ws://localhost:9858/ rum-collector-2.pingdom.net www.google.co.in t.co analytics.twitter.com q.quora.com bom-col.eum-appdynamics.com *.tatacliq.com *.tataque.com *.tataunistore.com *.akstat.io *.go-mpulse.net *.youtube.com *.youtu.be  *.facebook.com *.google.com *.google-analytics.com *.flixcar.com *.juspay.in *.stripe.com *.tatadigital.com *.instacred.me *.ed-sys.net *.appsflyer.com *.madstreetden.com *.demdex.net *.onedirect.in *.ipify.org *.yupl.us *.tt.omtrdc.net *.omtrdc.net *.adobedtm.com *.cloudfront.net *.epsilondelta.co *.amazonaws.com *.facebook.net *.clevertap.com *.doubleclick.net *.haptikapi.com *.hellohaptik.com *.haptik.me *.bing.com *.akamaihd.net instacred.me wss://*.haptik.me *.o-s.io https://cqt.conneqtcorp.com https://e2e.tataque.com https://rs.fullstory.com https://siteintercept.qualtrics.com dapi.tatadigital.com  *.designhubz.com https://vimeo.com *.launchdarkly.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com/  https://cdn.firebase.com https://*.firebaseio.com 1
frame-ancestors 'self' *.vertafore.com 1
default-src 'self' blob:;connect-src * data:;script-src 'self' blob: 'unsafe-eval' browser.sentry-cdn.com rum-static.pingdom.net sentry.io *.googleapis.com *.google-analytics.com *.photoeditorsdk.com static.cloudflareinsights.com vercel.live 'unsafe-inline';style-src 'self' cdnjs.cloudflare.com 'unsafe-inline';font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com;img-src 'self' data: blob: cdnjs.cloudflare.com img.ly static.motimate.app static-staging.motimate.app *.google-analytics.com *.amazonaws.com *.cloudinary.com *.froala.com *.tenor.com images.unsplash.com s2.googleusercontent.com *.gstatic.com;media-src 'self' *.amazonaws.com *.cloudinary.com hypergames.no;frame-src 'self' *.youtube.com *.vimeo.com *.ted.com *.soundcloud.com *.spotify.com *.23video.com *.twentythree.net *.bi.no *.amazonaws.com *.dreambroker.com *.cloudfront.net *.eqology.com *.videomarketingplatform.co cdnapisec.kaltura.com kahoot.it embed.kahoot.it oembed.jotform.com hellostorm.com;worker-src 'self' blob:;frame-ancestors 'self' *.actimo.com *.apotek1.no *.apotek1stage.no *.ikomm.no *.microsoft.com *.sharepoint.com crm.eliteservice.no virksomhetsplattformen.difi.no 1
frame-ancestors 'self' https://online.eiu.edu; 1
default-src * data: 'unsafe-inline' https: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.couche-tard.com https://cloud.brandmaster.com 1
frame-ancestors https://render.otoy.com 1
default-src 'self' *.automationanywhere.com *.urldefense.com *.newrelic.com *.nr-data.net *.akstat.io  *.go-mpulse.net *.mktoutil.com *.searchunify.com *.bootstrapcdn.com *.jsdelivr.net *.facebook.net *.facebook.com  *.cloudflare.com *.googleoptimize.com  *.googletagmanager.com *.optimizely.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.doubleclick.net *.bing.com *.licdn.com *.sharethis.com *.cookielaw.org *.jquery.com *.consensu.org *.twitter.com *.ads-twitter.com *.google.com *.crazyegg.com *.knowledgevine.net *.bkrtx.com *.marketo.net *.digitaloceanspaces.com *.criteo.com  *.driftt.com *.driftqa.com *.mktoresp.com *.kickfire.com *.wistia.com  *.wistia.net momentjs.com *.litix.io *.drift.com *.ml-api.io *.addthis.com *.addthisedge.com *.moatads.com *.marketo.com *.akamaihd.net *.reachforce.com *.youtube.com *.leadspace.com *.ytimg.com *.g2.com *.gartner.com *.jobvite.com *.itcentralstation.com *.onetrust.com *.salesforce.com *.evgnet.com *.chilipiper.com *.cloudfront.net *.onelink-translations.com *.brightmountainmedia.com *.metadata.io *.lazcreative.com urldefense.com *.ml314.com ml314.com *.microsoft.com microsoft.com *.agkn.com *.6sc.co *.adnxs.com *.adroll.com *.admatrix.com *.6sense.com *.hackerone.com *.admatrix.jp *.clarity.ms *.fullcircleinsights.com *.aspnetcdn.com *.zoominfo.com *.acuityscheduling.com *.widen.net *.widencdn.net *.oribi.io *.linkedin.com *.amazonaws.com *.demandscience.com vivenu.com *.contanuity.com *.prod.bidr.io *.crwdcntrl.net *.googlesyndication.com https://unpkg.com *.pageimprove.io pageimprove.io data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://apeople.automationanywhere.com/ https://partners.automationanywhere.com/; report-uri /report-csp-violation 1
frame-ancestors *.mysmartprice.com *.google.com www-mysmartprice-com.cdn.ampproject.org 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' self;script-src * data: blob: 'unsafe-inline' 'unsafe-eval' self;connect-src * data: blob: 'unsafe-inline' self;img-src * data: blob: 'unsafe-inline' self;frame-src * data: blob: self;style-src * data: blob: 'unsafe-inline' self;font-src * data: blob: 'unsafe-inline' self;script-src-attr * self 'unsafe-inline' 'unsafe-eval' self;object-src * self;base-uri 'self';form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self'; font-src 'self' data: https://script.hotjar.com https://cdn.acsbapp.com https://maxcdn.bootstrapcdn.com https://secure8.convio.net https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com; frame-src 'self' https://www2.jdrf.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://my.walls.io https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com; img-src 'self' data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com  https://dpm.demdex.net https://usermatch.krxd.net  https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com  https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com  https://ups.analytics.yahoo.com  https://eb2.3lift.com https://d.adroll.com https://script.hotjar.com https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://maps.google.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://www.google.co.in/pagead/1p-user-list/982455586/ https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.jdrf.org; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.jdrf.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://platform.massrelevance.com https://www.dafdirect.org https://analytics.tiktok.com https://rules.quantcount.com https://tgbwidget.com/widget/script.js https://d.adroll.com https://cdnjs.cloudflare.com https://secure.quantserve.com https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://maps.google.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.fullstory.com https://fullstory.com https://www.gstatic.com https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://jdrfapistage.wpengine.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://jdrfapi.wpengine.com https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.jdrf.org; style-src 'report-sample' 'self' 'unsafe-inline' https://www.dafdirect.org https://www.gstatic.com https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jdrfapi.wpengine.com https://jdrfapistage.wpengine.com  https://cloud.typography.com; worker-src 'self'; connect-src 'self' https://*.optimizely.com https://optimizely.com https://www.facebook.com https://www.facebook.com/tr https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.jdrf.org https://acsbapp.com https://stagingjdrf.wpengine.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.jdrf.org https://www.google-analytics.com https://cdn.acsbapp.com https://logx.optimizely.com https://secure8.convio.net https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net; 1
frame-ancestors https://fupa.net:* https://*.fupa.net https://*.fupa.dev http://localhost:* localhost:* 1
worker-src https://assets.chess24.com/assets/ https://chess24.com 1
default-src blob: 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://sjs.bizographics.com https://*.lr-in-prod.com https://*.fullstory.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com; img-src 'self' blob: data: https://relay.vmsproxy.com https://vmsproxy.com https://relay.vmsproxy.cn https://*.relay.vmsproxy.com https://*.vmsproxy.com https://*.relay.vmsproxy.cn https://nxcloud-prod-integrations-static.s3.amazonaws.com  https://*.google-analytics.com https://www.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.hubspot.com https://*.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://themes.googleusercontent.com https://static.hotjar.com; frame-src * cox-vms://* demo-vms://* dtv-vms://* dw-vms://* ez-vms://* fly-vms://* hanwha-vms://* mvss-vms://* nvision-vms://* nx-vms://* pcms-vms://* qulu-vms://* ras-vms://* sentry-vms://* sk-vms://* https://*; connect-src 'self' ws: wss: https://*.networkoptix.com https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com:* wss://*.hotjar.com https://*.lr-in-prod.com https://*.fullstory.com https://*.hs-banner.com https://*.hscollectedforms.net blob: https://relay.vmsproxy.com https://vmsproxy.com https://relay.vmsproxy.cn https://*.relay.vmsproxy.com https://*.vmsproxy.com https://*.relay.vmsproxy.cn https://nxcloud-prod-integrations-static.s3.amazonaws.com ; object-src 'none'; media-src 'self' blob: https://relay.vmsproxy.com https://vmsproxy.com https://relay.vmsproxy.cn https://*.relay.vmsproxy.com https://*.vmsproxy.com https://*.relay.vmsproxy.cn https://nxcloud-prod-integrations-static.s3.amazonaws.com 1
default-src 'self'  https://www.search.gov.sg http://service2.mom.gov.sg/ wss://service2.mom.gov.sg/ https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.onemap.sg/ https://*.webengage.co/ https://*.vica.gov.sg wss://chat.vica.gov.sg www.google.com/recaptcha/ www.gstatic.com/recaptcha/;style-src  https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline' https://www.search.gov.sg fonts.googleapis.com https://*.cloudfront.net https://service2.mom.gov.sg https://va.ecitizen.gov.sg https://cdn.olasearch.com https://cdn.polyfill.io https://mom.app.keyreply.com https://tagmanager.google.com https://fonts.googleapis.com wss://service2.mom.gov.sg https://assets.wogaa.sg/fonts/ https://webchat.vica.gov.sg;script-src https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com *.webengage.com *.webengage.co https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://service2.mom.gov.sg https://service2.mom.gov.sg/webchat/js/app.js *.amazonaws.com wogadobeanalytics.sc.omtrdc.net https://*.wogaa.sg assets.adobedtm.com *.facebook.net *.bizographics.com https://va.ecitizen.gov.sg wss://service2.mom.gov.sg/ https://www.facebook.com https://*.cloudfront.net https://px.ads.linkedin.com https://api.olasearch.com https://cdn.polyfill.io https://mom.app.keyreply.com https://keyreplymom.blob.core.windows.net wss://mom.app.keyreply.com https://snap.licdn.com https://*.onemap.sg/ 'unsafe-eval' https://webchat.vica.gov.sg https://www.gstatic.com 'unsafe-eval' blob: https://api.search.gov.sg https://www.search.gov.sg https://www.google.com https://www.gstatic.com;prefetch-src 'self' https://www.search.gov.sg; connect-src 'self' https://optimize.google.com https://api.search.gov.sg https://assets.search.gov.sg wss://service2.mom.gov.sg https://*.google-analytics.com *.webengage.com *.webengage.co https://*.analytics.google.com https://*.googletagmanager.com *.amazonaws.com https://*.wogaa.sg https://dpm.demdex.net/ https://service2.mom.gov.sg wogadobeanalytics.sc.omtrdc.net *.facebook.net *.bizographics.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://*.cloudfront.net https://px.ads.linkedin.com https://api.olasearch.com https://mom.app.keyreply.com https://keyreplymom.blob.core.windows.net wss://mom.app.keyreply.com https://*.vica.gov.sg wss://chat.vica.gov.sg; img-src * data: 'self' data: https://assets.search.gov.sg https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; media-src * https://fonts.gstatic.com; font-src * data:; object-src 'none';frame-src * https://optimize.google.com 1
script-src 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://platform.twitter.com https://policy.cookiereports.com https://fonts.googleapis.com 'self' ;object-src 'none';base-uri 'self'; 1
frame-ancestors 'self' *.curiositystream.com; report-uri https://n8205b602a.execute-api.us-east-1.amazonaws.com/Prod/cspreport; report-to csp-endpoint 1
default-src 'none';base-uri 'self';connect-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com;form-action 'self';img-src 'self' 'unsafe-inline' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com www.gravatar.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com;style-src 'self' 'unsafe-inline';frame-src 'self' www.youtube.com youtube.com www.youtu.be youtu.be;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;manifest-src 'self' 1
default-src 'self' blob: *.brightcove.com *.crazyegg.com *.brightcove.net   https: data: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; frame-ancestors http://*.senscritique.com https://*.senscritique.com https://*.eurekoi.org https://*.bibliomondo.com https://*.mediatheque-rueilmalmaison.fr https://*.imarabe.org 1
frame-src 'none'; 1
default-src * data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob:; 1
default-src maxcdn.bootstrapcdn.com cdn.jsdelivr.net/codemirror.spell-checker/ 'self' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.gbif.org *.google.com *.google-analytics.com plausible.io fonts.gstatic.com images.ctfassets.net data: api.mapbox.com *.tiles.mapbox.com *.vimeo.com vimeo.com eepurl.com gbif.us18.list-manage.com zenodo.org *.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.google-analytics.com plausible.io api.mapbox.com unpkg.com/react@17/umd/react.production.min.js unpkg.com/react-dom@17/umd/react-dom.production.min.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/mapbox-gl/*.css api.mapbox.com maxcdn.bootstrapcdn.com;media-src *;img-src * data:;worker-src blob:; 1
form-action 'self' https://www.facebook.com/tr/ https://forms.hsforms.com; frame-ancestors 'self' https://*.copyleaks.com https://copyleaks.com https://assets.calendly.com https://calendly.com https://optimize.google.com https://app.vwo.com https://formcrafts.com ; object-src 'none'; frame-src 'self' https://library.elementor.com/ https://player.vimeo.com/  https://sibforms.com/  https://www.youtube.com/  https://app.hubspot.com  https://bid.g.doubleclick.net/  https://www.facebook.com/ https://forms.hsforms.com https://*.copyleaks.com https://copyleaks.com https://assets.calendly.com https://calendly.com https://optimize.google.com https://app.vwo.com https://formcrafts.com https://hcaptcha.com https://*.hcaptcha.com https://ws.zoominfo.com/ https://td.doubleclick.net/ 1
default-src 'self' https:; img-src * 'self' data: https:; frame-ancestors 'self'; frame-src youtube.com https://www.youtube.com; form-action https://*.outdoorgearlab.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
default-src blob: 'self' data: *.podigee-cdn.net *.3qsdn.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' stats.brak.de *.dwcdn.net *.podigee-cdn.net *.3qsdn.com blob:; connect-src 'self' stats.brak.de *.3qsdn.com; img-src 'self' data: *.dwcdn.net *.podigee-cdn.net *.3qsdn.com stats.brak.de; style-src 'unsafe-inline' 'self' *.dwcdn.net *.podigee-cdn.net *.3qsdn.com ;base-uri 'self';form-action 'self'; object-src 'none'; frame-src 'self' *.dwcdn.net *.podigee-cdn.net *.3qsdn.com 1
frame-ancestors 'self' https://*.justia.com http://*.justia.com 1
base-uri 'self'; form-action 'self' pages.scandit.com; frame-ancestors 'none'; upgrade-insecure-requests ; connect-src 'self' cookiehub.net *.visualwebsiteoptimizer.com app.vwo.com cdn.linkedin.oribi.io *.scandit.com *.cookiehub.net analytics.google.com 605-exc-034.mktoutil.com *.ingest.sentry.io vimeo.com www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com 605-exc-034.mktoresp.com stats.g.doubleclick.net script.google.com bat.bing.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com www.google.com/pagead/landing googleads.g.doubleclick.net/pagead/landing pagead2.googlesyndication.com adservice.google.com public-api.wordpress.com px.ads.linkedin.com; default-src 'self' blob:; font-src 'self' data: fonts.gstatic.com boards.cdn.greenhouse.io; frame-src www.google.com open.spotify.com embed-standalone.spotify.com boards.greenhouse.io www.youtube.com *.scandit.com *.vimeo.com vimeo.com app-ab02.marketo.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.hotjar.com vc.hotjar.io app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' https: data: www.google-analytics.com www.googletagmanager.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; manifest-src 'self'; media-src 'self' data: download-video.akamaized.net vimeo.com *.vimeo.com vod-progressive.akamaized.net; object-src *.scandit.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s.yimg.jp *.visualwebsiteoptimizer.com app.vwo.com *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net cdn.cookiehub.eu cookiehub.net munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com browser.sentry-cdn.com stats.wp.com www.redditstatic.com *.cloudflare.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' s.yimg.jp *.visualwebsiteoptimizer.com app.vwo.com *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net cdn.cookiehub.eu cookiehub.net munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com browser.sentry-cdn.com stats.wp.com www.redditstatic.com *.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.scandit.com app-ab02.marketo.com tagmanager.google.com fonts.googleapis.com tagmanager.google.com cookiehub.net fonts.googleapis.com www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com cdn.jsdelivr.net; worker-src 'self' blob:; report-uri https://o420956.ingest.sentry.io/api/5379255/security/?sentry_key=af6864d0e14740c3a9ccff64bc1f0a5d; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://region1.analytics.google.com region1.analytics.google.com https://www.google.cz www.google.cz https://www.google.com www.google.com https://www.google-analytics.com www.google-analytics.com https://www.paypal.com www.paypal.com https://manager.eu.smartlook.cloud manager.eu.smartlook.cloud https://web-writer.eu.smartlook.cloud web-writer.eu.smartlook.cloud https://assets-proxy.smartlook.cloud assets-proxy.smartlook.cloud https://stats.g.doubleclick.net stats.g.doubleclick.net https://analytics.google.com analytics.google.com https://blob blob blob:; font-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://www.sandbox.paypal.com www.sandbox.paypal.com https://www.paypal.com www.paypal.com; img-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://www.facebook.com www.facebook.com https://c.seznam.cz c.seznam.cz https://www.google.com www.google.com https://www.google.cz www.google.cz https://www.google.sk www.google.sk https://www.google.pl www.google.pl https://www.google.at www.google.at https://www.google.de www.google.de https://t.paypal.com t.paypal.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com 'unsafe-inline' blob: data:; media-src 'self' data:; object-src 'self'; script-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://ajax.googleapis.com ajax.googleapis.com https://unpkg.com unpkg.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.paypalobjects.com www.paypalobjects.com https://rec.smartlook.com rec.smartlook.com https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://www.gstatic.com www.gstatic.com https://www.google-analytics.com www.google-analytics.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://c.seznam.cz c.seznam.cz https://www.paypal.com www.paypal.com https://www.googleadservices.com www.googleadservices.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://ajax.googleapis.com ajax.googleapis.com 'unsafe-inline'; worker-src 'self' 1
default-src 'none'; script-src 'self' blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: *.nol-is.de; connect-src 'self' *.nol-is.de 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-yJALy6p6q5xB3H01ITcKrQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lpages.co/ https://*.doubleclick.net https://api.myjson.com https://translate.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://*.zopim.com https://cdn.jsdelivr.net https://*.hotjar.com https://localhost:* wss://localhost:* https://js.center.io https://cdn.mxpnl.com https://*.google-analytics.com https://*.optimizely.com https://*.bootstrapcdn.com https://*.jquery.com https://*.sharethis.com https://*.haikudeck.com https://*.newrelic.com https://connect.facebook.net https://www.googleadservices.com https://assets.pinterest.com https://*.nr-data.net https://checkout.stripe.com https://js.stripe.com/v2/ https://platform.twitter.com  https://*.surveymonkey.com https://*.googleapis.com https://static.accountdock.com https://*.accountdock.com https://*.cloudfront.net https://*.intercom.io https://*.intercomcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://*.ytimg.com https://cdnjs.cloudflare.com https://*.google.com; object-src 'self'; img-src * data:; frame-src 'self'  https://*.hotjar.com https://*.doubleclick.net https://syndication.twitter.com https://js.center.io https://*.google.com https://twitter.com https://facebook.com https://linkedin.com https://www.haikudeck.com https://*.vimeo.com https://*.parse.com https://*.sharethis.com https://*.filepicker.io https://googleads.g.doubleclick.net https://checkout.stripe.com https://js.stripe.com/v2/ https://twitter.com https://facebook.com https://linkedin.com https://platform.twitter.com https://*.facebook.com https://*.surveymonkey.com https://*.amazonaws.com https://static.accountdock.com https://*.accountdock.com https://accountdock.com https://www.googletagmanager.com https://*.youtube.com  https://surveymonkey.com https://*.cloudfront.net; font-src 'self' data: https://api.myjson.com https://static.accountdock.com https://*.accountdock.com https://*; connect-src 'self' https://l.sharethis.com https://api.leadpages.io https://api.myjson.com https://translate.googleapis.com wss://*.hotjar.com https://*.hotjar.com wss://*.zopim.com https://*.zopim.com https://localhost:* wss://localhost:* https://*.haikudeck.com:* https://*.mixpanel.com https://*.optimizely.com https://*.nr-data.net wss://*.haikudeck.com:* https://*.profitwell.com wss://*.intercom.io https://*.intercom.io http://*.haikudeck.com https://*.stripe.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://platform.twitter.com https://static.accountdock.com https://*.accountdock.com https://*.cloudflare.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.sharethis.com https://checkout.stripe.com https://js.stripe.com/v2/ https://*.google.com https://*.cloudfront.net; 1
frame-ancestors *.enedis.fr *.web-enedis.fr 1
frame-ancestors 'self' *.atlasroofing.com 1
default-src 'self' 'unsafe-inline' *; img-src 'self' * blob: data:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/gsi/button https; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com; style-src 'unsafe-inline' *; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.deepdyve.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://play.google.com/log https://accounts.google.com/gsi https://accounts.google.com/gsi/client https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bant.io https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://beacon-v2.helpscout.net https://connect.facebook.net https://rum-static.pingdom.net https://assets.customer.io https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js https://platform.twitter.com/widgets.js https://sealserver.trustwave.com/seal.js ; 1
default-src 'self' * data: blob: https: *.wizcase.com wizcase.com ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net *.googlesyndication.com  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hhtpp.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: wizcase.com *.wizcase.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blog: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com cdn.photoaffections.com;frame-ancestors 'self' https://www.photoaffections.com;object-src 'self' https://www.photoaffections.com;upgrade-insecure-requests 1
img-src https:; frame-ancestors 'self' https://*.uni-augsburg.de; 1
child-src * blob:; default-src * 'unsafe-inline'; font-src * 'unsafe-inline' data:; img-src * 'unsafe-inline' data: blob:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.uni-greifswald.de; frame-ancestors *.uni-greifswald.de; frame-src https: 1
frame-ancestors 'self' *.buildertrend.com *.buildertrend.net *.office.com *.office365.com; 1
img-src 'self' img.youtube.com *.s3waas.gov.in secure.gravatar.com data:;connect-src 'self' *.s3waas.gov.in;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.youtube.com;form-action *;frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in; font-src data: 'self' *.s3waas.gov.in 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://podcasters.spotify.com https://www.youtube.com https://youtube.com https://platform.twitter.com https://www.facebook.com https://open.spotify.com https://www.instagram.com https://www.aoc.gov/ https://admin.aoc.gov/; img-src 'self' data: https://www.aoc.gov https://aoc.gov https://play.google.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://farm9.staticflickr.com https://www.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://platform.twitter.com https://3d-api.si.edu/resources/js/voyager-explorer.min.js https://www.instagram.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://unpkg.com; frame-ancestors 'self' https://www.aoc.gov https://admin.aoc.gov/; report-uri https://www.aoc.gov/report-uri/enforce 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: * 1
default-src 'self'; connect-src 'self' https: blob: data: wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.a2d.tv *.b17g.net *.tv4play.se https:; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https:; media-src blob: https:; manifest-src 'self'; object-src data:; form-action 'self'; frame-src https:; frame-ancestors 'self'; worker-src 'self' blob:; font-src * data: chrome-extension:; img-src * data: android-webview-video-poster:; upgrade-insecure-requests 1
frame-ancestors 'self' https://creditsesame.com https://*.creditsesame.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gov *.gov; connect-src 'self' oktacdn.com *.oktacdn.com okta.com *.okta.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; img-src 'self' oktacdn.com *.oktacdn.com tsp.gov *.tsp.gov convergeoperations.com *.convergeoperations.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov ytimg.com *.ytimg.com; style-src 'self' 'unsafe-inline' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; font-src 'self' oktacdn.com *.oktacdn.com convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov googleapis.com *.googleapis.com fonts.gstatic.com gov *.gov; form-action 'self' salesforce.com *.salesforce.com oktacdn.com *.oktacdn.com okta.com *.okta.com convergeoperations.com *.convergeoperations.com googleapis.com tsp.gov *.tsp.gov *.googleapis.com google-analytics.com *.google-analytics.com gov *.gov; frame-src 'self' convergeoperations.com *.convergeoperations.com youtube.com *.youtube.com gov *.gov; frame-ancestors 'self' convergeoperations.com *.convergeoperations.com tsp.gov *.tsp.gov youtube.com *.youtube.com; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-dPxXM2h9MhBYF32pgRlUF0y0ENnAVF' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-src *.youtube.com https://www.youtube.com *.videolyser.de https://www.videolyser.de *.adg.de *.ddev.site; 1
font-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu 'unsafe-inline' data:; style-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu blob: data: 'unsafe-inline' *.googleapis.com; connect-src wss://*.otpbank.hu wss://*.hotjar.com wss://*.cloudfunctions.net *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.zuko.io *.tiktok.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com blob: data: 'unsafe-inline' 'unsafe-eval'; img-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com *.cloudfunctions.net *.googleapis.com *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu snap.licdn.com *.zuko.io *.tiktok.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com tags.srv.stackadapt.com; img-src 'self' * data: *.global.siteimproveanalytics.io px.ads.linkedin.com www.google.com www.google.co.uk b.6sc.co www.facebook.com bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.preprod.siteimprove.com https://code.jquery.com/jquery-3.5.0.js hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js az416426.vo.msecnd.net www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com siteimproveanalytics.com j.6sc.co googleads.g.doubleclick.net www.google.com https://cdn.jsdelivr.net www.google.co.uk cdn.dreamdata.cloud play.vidyard.com snap.licdn.com pi.pardot.com connect.facebook.net tracking.g2crowd.com bat.bing.com tags.srv.stackadapt.com js.qualified.com js.zi-scripts.com; connect-src 'self' 'unsafe-inline' dc.services.visualstudio.com www.google.com epsilon.6sense.com px.ads.linkedin.com secure.adnxs.com applications.zoom.us wss://ws.qualified.com www.siteimprove.com marketingservices.siteimprove.com dc.services.visualstudio.com google.com consentcdn.cookiebot.com googleads.g.doubleclick.net ipv6.6sc.co cdn.dreamdata.cloud pi.pardot.com tags.srv.stackadapt.com js.zi-scripts.com tags.srv.stackadapt.com ws.zoominfo.com c.6sc.co cdn.linkedin.oribi.io; frame-src www.youtube.com videos.siteimprove.com https://play.vidyard.com applications.zoom.us https://hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js consentcdn.cookiebot.com www.facebook.com app.qualified.com td.doubleclick.net www.g2.com; font-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com pardot-marketing-bucket.s3.eu-central-1.amazonaws.com; 1
default-src 'self' *.rncb.ru https://wwwrncbru.webim.ru https://wwwrncbru2.webim.ru 'unsafe-eval' 'unsafe-inline' *.yandex.ru https://yastatic.net; font-src 'self' https://wwwrncbru.webim.ru https://wwwrncbru.webim2.ru *.rncb.ru data:; img-src 'self' *.rncb.ru https://wwwrncbru.webim.ru https://wwwrncbru.webim2.ru https://top-fwz1.mail.ru https://yastatic.net *.yandex.ru *.yandex.net data:; connect-src 'self' *.ip-api.com *.dadata.ru *.yandex.ru https://wwwrncbru.webim.ru *.rncb.ru https://sendsay.ru https://image.sendsay.ru https://top-fwz1.mail.ru; script-src 'self' *.yandex.ru https://yastatic.net https://wwwrncbru.webim.ru 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.drom.ru https://auto.drom.ru *.rncb.ru; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.rncb.ru https://*.yandex.ru https://yandex.ru https://yastatic.net *.yandex.net https://top-fwz1.mail.ru https://wwwrncbru.webim.ru https://wwwrncbru.webim2.ru http://wwwrncbru.webim2.ru hsttps://www.googletagmanager.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://www.google-analytics.com;  1
script-src 'self' 'unsafe-inline' https: *.sharp.com sharp.com m.youtube.com maps.google.com maps.googleapis.com recaptcha.net translate.google.com translate.googleapis.com www.google.com/recaptcha/ www.gstatic.cn/recaptcha/ www.gstatic.com/recaptcha/ www.recaptcha.net www.youtube.com youtu.be youtube.com; style-src 'self' 'unsafe-inline' *.sharp.com fonts.googleapis.com https: sharp.com translate.googleapis.com; font-src 'self' *.sharp.com data: fonts.googleapis.com fonts.gstatic.com https: sharp.com; img-src 'self' *.adnxs-simple.com *.adnxs.com *.facebook.com *.facebook.net *.fbcdn.net *.ggpht.com *.googleapis.com *.nr-data.net *.sharp.com *.twimg.com *.twitter.com *.yieldoptimizer.com *.youtube.com *.ytimg.com about: blob: data: fonts.gstatic.com https: maps.google.com maps.gstatic.com sharp.com ssl.google-analytics.com ssl.gstatic.com t.co images.ctfassets.net translate.google.com translate.googleapis.com www.facebook.com www.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com www.gstatic.com; base-uri 'self' https: *.sharp.com sharp.com; object-src 'none'; frame-ancestors 'self' *.sharp.com https: sharp.com; form-action 'self' *.facebook.com *.sharp.com *.twitter.com 127.0.0.1:11270 connect.facebook.net https: https://*.web.ahdev.cloud sharp.com; connect-src 'self' *.facebook.com *.sharp.com *.twimg.com *.twitter.com about: ampcid.google.com analytics.google.com com-sharp-dev1.mini.snplow.net com.snowplowanalytics.snowplow connect.facebook.net fonts.googleapis.com fonts.gstatic.com https: maps.google.com maps.googleapis.com sharp.com stats.g.doubleclick.net t.co translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; manifest-src 'self' *.sharp.com https: sharp.com; child-src 'self' *.sharp.com blob: https: sharp.com www.youtube.com; frame-src 'self' *.recaptcha.net *.sharp.com *.youtube.com https: maps.google.com maps.googleapis.com recaptcha.google.com recaptcha.net sharp.com www.google.com/recaptcha/ www.youtube-nocookie.com youtu.be youtube.com; media-src 'self' *.sharp.com https: m.youtube.com sharp.com www.youtube.com youtu.be youtube.com; worker-src 'self' *.sharp.com blob: https: sharp.com www.recaptcha.net; block-all-mixed-content; 1
default-src 'self'; object-src 'none'; style-src 'unsafe-inline' 'self' https: fonts.googleapis.com c.lytics.io; img-src 'self' data: https: www.google.kz www.googletagmanager.com; font-src 'self' fonts.gstatic.com c.lytics.io www.google-analytics.com cm.g.doubleclick.net s.amazon-adsystem.com data:; script-src 'self' https: www.googletagmanager.com google-analytics.com static.hotjar.com c.lytics.io cdn.cookielaw.org googleads.g.doubleclick.net/pagead/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: analytics.google.com stats.g.doubleclick.net/j/ cdn.cookielaw.org; frame-src 'self' www.google.com www.facebook.com 9240454.fls.doubleclick.net td.doubleclick.net; 1
frame-src 'self' data: application/pdf *.ebucks.com authentication.cardinalcommerce.com *.google.com *.vimeo.com *.fnbbotswana.co.bw 9689447.fls.doubleclick.net *.vodacomcreditcard.co.za *.fnbconnect.co.za *.rmb.co.za:10443 *.fnbswaziland.co.sz:10443 *.fnbtanzania.co.tz:10443 *.fnbzambia.co.zm:10443 *.firstnationalbank.com.gh:10443 *.fnb.co.ls:10443 *.fnbci.co.uk:10443 *.fnbnamibia.com.na:10443 *.rmbprivatebank.com:10443 *.fnb.co.za:10443 *.rmb.co.za *.fnbswaziland.co.sz *.fnbtanzania.co.tz *.google.com *.gstatic.com *.fnbzambia.co.zm msgfnb.bankserv.co.za *.firstnationalbank.com.gh *.fnb.co.ls *.fnbci.co.uk *.fnbnamibia.com.na *.id.opendns.com *.rmbprivatebank.com *.fnb.co.za; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ; frame-ancestors *.theoceancleanup.com 1
default-src minsa.gob.pe 1
frame-ancestors 'self' https://arc.net/folder/; 1
default-src https:; connect-src https://bi.zone https://*.bi.zone https://ip2c.org https://*.yandex.ru https://*.yandex.md https://bitrix.info wss://*.bi.zone; font-src 'self' data: https://fonts.gstatic.com:*; img-src 'self' blob: data: https://*.bi.zone https://vk.com https://*.yandex.ru https://*.ggpht.com https://*.ytimg.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://assetsgarantibbva.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline';connect-src 'self'  *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;img-src 'self' data: *.assetsgaranti.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com; 1
object-src 'none';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-7628fa9fab93ec007bf12e0f6b4be731' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1551295613169099; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1551295613169099 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://*.claro.com.gt http://ajax.aspnetcdn.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://tags.bkrtx.com https://stags.bluekai.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://programarcita.claro.com.gt https://*.doubleclick.net https://www.youtube-nocookie.com https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://*.claro.com.gt https://www.google.com https://digitasgt.com https://api-prod-gt.prod.clarodigital.net https://pixel.mathtag.com https://maps.google.com https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://*.pushpushgo.com https://*.kampyle.com https://*.medallia.com https://*.clarity.ms https://cx.atdmt.com; media-src mediastream:; 1
script-src 'nonce-94d9a83e-4093-4d17-b81d-0ddf500cbf44' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; connect-src * blob: 'self' *.disney.com *.go.com *.demdex.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 1
default-src https://dl.dropboxusercontent.com https://dl.dropbox.com https://podcastpusher.com/ https://prod-aaudxp-cms-001-app.azurewebsites.net/media/ 'self' https://aau-search-web-prod.azurewebsites.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://fast.fonts.net/ https://*.linkedin.com/ https://www.facebook.com/ https://*.snapchat.com/ https://*.google.dk/ https://*.google.com https://cx.atdmt.com/ https://player.vimeo.com/ https://*.youtube.com/ https://www.youtube-nocookie.com/ https://*.twitter.com/ https://www.survey-xact.dk/ https://policy.app.cookieinformation.com/ https://consent.app.cookieinformation.com/ https://login.microsoftonline.com/ https://forms.office.com/ https://fonts.gstatic.com/ https://policy.app.cookieinformation.com ; frame-ancestors 'none'; font-src 'self' data: fonts.gstatic.com; script-src https://universe-static.elfsightcdn.com https://tr.snapchat.com/ https://app.readpeak.com https://sc-static.net https://snap.licdn.com https://cse.google.com https://clients1.google.com/ https://cse.google.com/adsense/ https://www.google.com/cse/ https://cse.google.com/ 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.googleapis.com/maps/ https://*.elfsight.com https://www.googletagmanager.com/ https://fast.fonts.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://apis.google.com/ https://*.twitter.com/ https://consent.app.cookieinformation.com/ https://*.youtube.com/ https://www.youtube-nocookie.com https://panopto.aau.dk https://player.vimeo.com https://youtube.com https://policy.app.cookieinformation.com/; connect-src https://sgtm.aau.dk https://px.ads.linkedin.com https://server-side-tagging-dbei5alw4q-uc.a.run.app https://www.google.com/pagead/ https://googleads.g.doubleclick.net/ https://tr6.snapchat.com/ https://cdn.linkedin.oribi.io/ https://tr.snapchat.com/ https://region1.analytics.google.com/ https://podcastpusher.com/ https://stats.g.doubleclick.net/ https://prod-aaudxp-data-001-app.azurewebsites.net/ https://prod-aaudxp-vbn-001-app.azurewebsites.net/ 'self' https://maps.googleapis.com https://*.elfsight.com https://*.google-analytics.com https://dc.services.visualstudio.com/v2/track https://policy.app.cookieinformation.com/ https://consent.app.cookieinformation.com/api/consent ; img-src https://www.googletagmanager.com https://www.google-analytics.com/ https://phosphor.ivanenko.workers.dev/ https://sync.taboola.com/ https://cm.g.doubleclick.net/ https://ib.adnxs.com/ https://px.ads.linkedin.com/ https://app.readpeak.com/ https://www.google.dk https://ad.doubleclick.net https://*.gstatic.com/ https://dl.dropboxusercontent.com https://dl.dropbox.com http://*.google.com https://pbs.twimg.com/ https://media.licdn.com https://www.facebook.com/ https://vbn.aau.dk/ 'self' data: image/* https://i.vimeocdn.com https://i.ytimg.com https://img.youtube.com https://www.resources.aau.dk/ https://maps.gstatic.com https://maps.googleapis.com https://phosphor.utils.elfsightcdn.com https://prodaaudxpcms001st.blob.core.windows.net https://prod-aaudxp-cms-001-app.azurewebsites.net/; frame-src https://create.plandisc.com/ https://www.moodle.aau.dk/ https://my.matterport.com https://login.microsoftonline.com/ https://tours.360company.dk/ ttps://tours.360company.dk/ https://tr.snapchat.com/ https://td.doubleclick.net/ https://1387381.fls.doubleclick.net/ https://open.spotify.com/ https://cse.google.com/ https://videoidfinder.vercel.app/ https://serviceinfo.dk/ https://eu.libraryh3lp.com/ https://alma-services-1.aub.aau.dk/ https://www.facebook.com/ https://www.survey-xact.dk/ 'self' *.svc.dynamics.com https://forms.office.com https://kuula.co/ https://policy.app.cookieinformation.com https://www.youtube-nocookie.com https://panopto.aau.dk https://player.vimeo.com; style-src https://www.aau.dk https://www.google.com/cse/ 'self' 'unsafe-inline' https://fonts.googleapis.com ; base-uri 'self'; form-action https://www.facebook.com/ 'self'; 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.cp.pt; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.googletagmanager.com cp.enterprisebot.co; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.sharethis.com *.googletagmanager.com cp.enterprisebot.co platform.twitter.com; connect-src 'self' *.sharethis.com *.google-analytics.com *.doubleclick.net cp.enterprisebot.co wss://cp.enterprisebot.co; font-src 'self' *.gstatic.com cp.enterprisebot.co; img-src 'self' *.sharethis.com cp.enterprisebot.co www.google.com www.google.pt *.google-analytics.com; frame-src 'self' *.sharethis.com cp.enterprisebot.co www.facebook.com www.youtube.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cp.enterprisebot.co ws.sharethis.com www.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' ws.sharethis.com www.googletagmanager.com www.google-analytics.com cp.enterprisebot.co 1
default-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https:; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cdn.livechatinc.com https://snap.licdn.com https://api.livechatinc.com https://www.redditstatic.com https://*.reddit.com https://translate.google.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://adservice.google.com https://api.livechatinc.com; frame-src 'self' https://secure.livechatinc.com https://bid.g.doubleclick.net https://www.google.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; report-uri https://escalated.io/code/cspreport?s=h2 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; 1
script-src-attr 'self' *.seznam.cz *.szn.cz *.dszn.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' chat.firmy.cz *.sdn.cz *.hotjar.com *.mapy.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.google-analytics.com https://www.googletagmanager.com/gtag/js *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.pliing.com *.pubmatic.com *.smartlook.com *.smartlook.cloud *.post.cz *.seznam.cz *.szn.cz *.dszn.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net;img-src 'self' blob: data: *.sdn.cz *.im.cz *.firmy.cz *.seznam.cz *.mapy.cz *.kupi.cz *.post.cz *.google-analytics.com *.googletagmanager.com *.bstatic.com *.hotjar.com *.dszn.cz *.tenor.com;frame-ancestors 'self' *.sdn.cz *.firmy.cz *.hotjar.com *.dszn.cz;frame-src 'self' *.sdn.cz *.firmy.cz *.hotjar.com *.seznam.cz *.pubmatic.com *.adnxs.com *.gemius.pl *.apetee.com *.im.cz *.dszn.cz;connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: *.firmy.cz *.hotjar.com *.hotjar.io *.seznam.cz *.szn.cz *.sdn.cz *.sznplayer.cz *.mapy.cz *.post.cz *.google-analytics.com *.smartlook.cloud *.sklik.cz *.dszn.cz *.googleapis.com *.tenor.com;media-src 'self' blob: *.sdn.cz *.dszn.cz;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'report-sample' 'nonce-564332bc-0d92-4ea2-ab0a-f3d1aeb1ad4f'; style-src 'self' 'unsafe-inline' 'report-sample' *.googleapis.com rsms.me; font-src 'self' data: rsms.me *.gstatic.com; img-src *; media-src 'none'; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; report-uri /csp-report 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: blob: data:; 1
default-src 'self' blob: ;style-src 'self' 'unsafe-inline' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com ;worker-src 'self' blob: ;img-src 'self' data: *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com ;font-src 'self' 'unsafe-inline' data: * ;frame-ancestors 'self' *.speedwaymotors.com ;form-action 'self' *.speedwaymotors.com *.powerreviews.com *.facebook.com *.google.com *.here.com *.js.api.here.com *.hereapi.com ;frame-src 'self' td.doubleclick.net *.youtube.com *.maker.co vercel.live *.facebook.com *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.amazonaws.com ;connect-src 'self' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com *.googlesyndication.com noembed.com wss://client.relay.crisp.chat *.google.com api.askmiso.com api.ipstack.com api.segment.io *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com google.com *.smartystreets.com ; 1
img-src 'self' *.prysmiangroup.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.net px.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmiangroup.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com blob:; object-src 'self' www.youtube.com; 1
default-src https: data: wss: 'unsafe-eval' 'unsafe-inline' 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.capterra.com *.ads-twitter.com *.tawk.to *.crisp.chat cdn-cookieyes.com *.jsdelivr.net *.xing-share.com *.xing.com *.hotjar.com *.hotjar.io *.ads.linkedin.com *.licdn.com *.opmnstr.com *.omappapi.com *.alexametrics.com *.yandex.ru *.youtube.com *.redditstatic.com s.ytimg.com *.syncfusion.com *.syncfusion.de *.google.com maps.googleapis.com storage.googleapis.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com connect.facebook.net use.typekit.net *.google-analytics.com googleads.g.doubleclick.net *.youtube.com *.ytimg.com cdn.swaychat.com serve.albacross.com api.swayio.com *.firebaseio.com verify.authorize.net seal.digicert.com cdn.rawgit.com *.addthis.com m.addthisedge.com *.visualwebsiteoptimizer.com app.vwo.com *.paypal.com; worker-src 'self' blob:; style-src  'self' 'unsafe-inline'   *.xing-share.com *.xing.com *.jsdelivr.net *.crisp.chat cdn-cookieyes.com *.omappapi.com *.bootstrapcdn.com *.syncfusion.com *.syncfusion.de *.redditstatic.com cdn.swaychat.com *.google.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.rawgit.com *.paypal.com; frame-src cdn.swaychat.com *.stripe.com *.amazonaws.com *.facebook.com  *.xing-share.com *.xing.com *.hotjar.com *.hotjar.io *.opmnstr.com *.firebaseio.com *.syncfusion.com *.syncfusion.de bid.g.doubleclick.net td.doubleclick.net *.addthis.com www.youtube.com api.swayio.com *.google.com www.gstatic.com *.paypal.com; object-src 'none'; base-uri 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' cms.dxp.tedbaker.com youtube.com www.youtube.com; 1
frame-ancestors 'self' fleetfarm.com *.fleetfarm.com *.flippenterprise.net *.googletagmanager.com *.vimeo.com *.cloudfront.net *.adsrvr.org *.listrakbi.com *.pinimg.com *.facebook.net *.tiktok.com; 1
upgrade-insecure-requests; report-uri https://www.dasoertliche.de/csp-report 1
default-src https://*.preloved.co.uk/ https://preloved.thcdn.com/; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.preloved.co.uk/ https://preloved.thcdn.com/ https://cdn.cookielaw.org/ https://securepubads.g.doubleclick.net/ https://www.gstatic.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://www.google.com/ https://adservice.google.co.uk/ https://www.dwin1.com/ https://pr.realvu.net/ https://t.contentsquare.net/ https://connect.facebook.net/ https://*.outbrain.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://cdn.ampproject.org/ https://*.cheqzone.com/ https://lantern.roeyecdn.com/ https://p.cpx.to/ https://code.jquery.com/ https://analytics.twitter.com/ https://ajax.googleapis.com/ https://sb.scorecardresearch.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://smct.co/ https://js.smct.io/ https://js.smct.co/; style-src 'unsafe-inline' 'report-sample' https://*.preloved.co.uk/ https://preloved.thcdn.com/ https://fonts.googleapis.com/; img-src data: https://*.preloved.co.uk/ https://preloved.thcdn.com/ https://*.preloved.co.uk https://*.cloudfront.net/ https://*.trustpilot.com/ https://*.outbrain.com/ https://*.outbrainimg.com/ https://*.google-analytics.com/ https://*.facebook.com/ https://*.googlesyndication.com/ https://www.zenaps.com/ https://*.amazonaws.com/ https://*.blob.core.windows.net/ https://www.google.com/ https://www.google.co.uk/ https://lantern.roeye.com/ https://www.awin1.com/ https://obs.cheqzone.com/ https://*.g.doubleclick.net/ https://t.co/ https://sb.scorecardresearch.com/ https://www.googleadservices.com/ https://www.ethicalpets.co.uk/ https://www.dogstrust.org.uk/ https://events.smct.co/; font-src https://*.preloved.co.uk/ https://preloved.thcdn.com/ https://fonts.gstatic.com/; connect-src https://*.preloved.co.uk/ https://preloved.thcdn.com/ https://securepubads.g.doubleclick.net/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.outbrain.com/ https://*.outbrainimg.com/ https://cdn.cookielaw.org/ https://s.cpx.to/ https://csi.gstatic.com/ https://stats.g.doubleclick.net/ https://geolocation.onetrust.com/ https://ipl.smct.io/ https://js.smct.io/ https://js.smct.co/ https://*.amazonaws.com/; media-src https://images.outbrainimg.com/; object-src 'none'; frame-src https://*.preloved.co.uk/ https://securepubads.g.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://widgets.outbrain.com/ https://www.adsensecustomsearchads.com/ https://td.doubleclick.net/ https://api.yoti.com/ https://ls.smct.io/ https://*.cloudfront.net/; form-action 'self' https://*.preloved.co.uk/ https://checkout.preloved.co.uk/; upgrade-insecure-requests; base-uri https://*.preloved.co.uk/; report-uri https://www.preloved.co.uk/t/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://bh.contextweb.com https://pm.w55c.net https://cm.adgrx.com https://hb.yahoo.net https://*.contentsquare.net https://*.contentsquare.com https://*.la2-c1cs-hnd.salesforceliveagent.com https://*.la2-c1cs-ukb.salesforceliveagent.com https://*.wisepops.net https://*.usonar.jp https://*.1rx.io https://*.360yield.com https://*.3lift.com https://*.a8.net https://*.accesstrade.net https://*.ad-stir.com https://*.addthis.com https://*.adform.net https://*.adingo.jp https://*.adjust-net.jp https://*.admixer.co.kr https://*.adnxs.com https://*.adobetag.com https://*.ads-twitter.com https://*.adscale.de https://*.adsrvr.org https://*.adtdp.com https://*.advertising.com https://*.ai-messenger.ai https://*.airbrake.io https://*.alicdn.com https://*.amazon-adsystem.com https://*.amazon.co.jp https://*.amazonaws.com https://*.amgdgt.com https://*.analytics.google.com https://*.ants.vn https://*.aralego.com https://*.aralego.net https://*.audiencedata.net https://*.avast.com https://*.bedore.jp https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.bizmotion.jp https://*.bluekai.com https://*.byapps.co.kr https://*.canem-auris.com https://*.casalemedia.com https://*.ccc.co.jp https://*.cdnfonts.com https://*.clarity.ms https://*.clmbtech.com https://*.cloudfront.net https://*.cribnotes.jp https://*.criteo.com https://*.criteo.net https://*.crwdcntrl.net https://*.csdnimg.cn https://*.dable.io https://*.dbankcloud.com https://*.dc-tag.jp https://*.ddli.jp https://*.demdex.net https://*.doubleclick.net https://*.e-planning.net https://*.editor-works.com https://*.emxdgt.com https://*.facebook.com https://*.facebook.net https://*.firebaseapp.com https://*.firebaseio.com https://*.force.com https://*.fwmrm.net https://*.gmossp-sp.jp https://*.google-analytics.com https://*.google.ae https://*.google.at https://*.google.be https://*.google.cn https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.br https://*.google.com.hk https://*.google.com.mm https://*.google.com.om https://*.google.com.pa https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.vn https://*.google.de https://*.google.fr https://*.google.nl https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gssprt.jp https://*.gstatic.com https://*.gumgum.com https://*.gunosy.com https://*.hicloud.com https://*.hitachi.co.jp https://*.i-mobile.co.jp https://*.im-apps.net https://*.imgvc.com https://*.indeed.com https://*.interactive-circle.jp https://*.ivitrack.com https://*.jsdelivr.net https://*.juicer.cc https://*.jword.jp https://*.krxd.net https://*.la2-c2-hnd.salesforceliveagent.com https://*.la2-c2-ukb.salesforceliveagent.com https://*.ladsp.com https://*.ladsp.jp https://*.lawsonbank.jp https://*.line-apps.com https://*.line-scdn.net https://*.line.me https://*.loader.wisepops.com https://*.logly.co.jp https://*.macromill.com https://*.mathtag.com https://*.meba.kr https://*.media.net https://*.mediavine.com https://*.mediawallahscript.com https://*.megabonus.com https://*.menlosecurity.com https://*.mgid.com https://*.microad.jp https://*.microsoft.com https://*.microsofttranslator.com https://*.mookie1.com https://*.movabletype.net https://*.moz.com https://*.msecnd.net https://*.mypurecloud.com https://*.mypurecloud.jp https://*.nakanohito.jp https://*.nate.com https://*.naver.com https://*.o2u.jp https://*.octillion.tv https://*.omnitagjs.com https://*.onetrust.com https://*.opendns.com https://*.openx.net https://*.otodoke7.jp https://*.outbrain.com https://*.pagespeed-mod.com https://*.pardot.com https://*.paypay-card.co.jp https://*.paypay-corp.co.jp https://*.paypay.ne.jp https://*.perf.niigata.jp https://*.postrelease.com https://*.prod.canem-auris.com https://*.pstatic.net https://*.pubmatic.com https://*.rakuten.co.jp https://*.rambler.ru https://*.revcontent.com https://*.revive-chat.io https://*.rlcdn.com https://*.rubiconproject.com https://*.securewg.jp https://*.seesaa.net https://*.sharethrough.com https://*.sitescout.com https://*.slvrbullet.com https://*.smaato.net https://*.smartadserver.com https://*.smartnews-ads.com https://*.socdm.com https://*.soumu.go.jp https://*.stickyadstv.com https://*.syndication.twimg.com https://*.taboola.com https://*.tapad.com https://*.teads.tv https://*.toast.com https://*.tpmn.co.kr https://*.treasuredata.com https://*.trendmicro.jp https://*.turn.com https://*.twimg.com https://*.twitter.com https://*.ucweb.com https://*.umbrella.com https://*.v.network https://*.va-api.net https://*.valuecommerce.com https://*.w.org https://*.wikimedia.org https://*.wisepops.com https://*.wovn.io https://*.yahoo.co.jp https://*.yahoo.com https://*.yieldlab.net https://*.yieldmo.com https://*.yimg.com https://*.yimg.jp https://*.yjtag.jp https://*.youtube.com https://*.ytimg.com https://*.zscalerthree.net https://*.zucks.net https://dummyimage.com https://editor-works.com https://greasyfork.org https://iost-qed.net https://meetlookup.com https://myna.go.jp https://paypay.ne.jp https://pv.amanad.adtdp.com https://px.gumgum.com https://secure.gravatar.com https://skyticket.jp https://spider.af https://ssl-market-east.smrtb.com https://static.prod.canem-auris.com https://t.co https://tags.crwdcntrl.net https://tsdtocl.com https://tsite.jp https://wovn.global.ssl.fastly.net https://wovn.io https://www.youtube-nocookie.com https://yoast.com https://wisepops.net blob: https://paypay.ne.jp/*; report-uri https://sentry.platform.paypay.ne.jp/api/49/security/?sentry_key=e11752f3062f45448f9d1a3f82c8533b https://browser-intake-ap1-datadoghq.com/api/v2/logs?dd-api-key=pub1fe25ae1a4d9171b2c32e6e629100ad4&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3AServiceSite%2Cenv%3Aprod; 1
default-src *.nav.no portal-admin.oera.no; script-src *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline' 'unsafe-eval'; script-src-elem *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline'; worker-src *.nav.no portal-admin.oera.no blob:; style-src *.nav.no portal-admin.oera.no 'unsafe-inline' *.psplugin.com; font-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com cdn.nav.no; img-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.vimeocdn.com *.hotjar.com www.vergic.com storage.googleapis.com; object-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob:; connect-src *.nav.no portal-admin.oera.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: api.uxsignals.com *.boost.ai *.psplugin.com *.hotjar.com *.hotjar.io *.taskanalytics.com; media-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: ihb.nav.no; child-src blob:; style-src-elem *.nav.no *.psplugin.com 'unsafe-inline'; frame-src *.hotjar.com player.vimeo.com video.qbrick.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.thenewsminute.com;block-all-mixed-content; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; worker-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://*.moneris.com/ https://*.bing.com https://sc.lfeeder.com https://*.doubleclick.net https://*.googleadservices.com https://www.googleoptimize.com https://www.redditstatic.com https://soti.my.salesforce.com https://*.force.com https://static.addtoany.com https://*.google.ca https://*.pardot.com https://play.vidyard.com https://cdn.jsdelivr.net https://service.force.com https://cdnjs.cloudflare.com https://*.salesforceliveagent.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://cdn.cookielaw.org https://snap.licdn.com https://ws.zoominfo.com https://*.google-analytics.com https://www.clarity.ms https://www2.soti.net https://soti.my.salesforce-sites.com; script-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.moneris.com/ https://*.googleapis.com https://*.force.com https://cdnjs.cloudflare.com https://service.force.com https://soti.my.salesforce-sites.com; style-src-attr 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' data: https://play.vidyard.com https://*.google.co.in https://www.linkedin.com https://alb.reddit.com https://soti.net https://www2.soti.net https://cdn.linked.oribi.io https://px.ads.linkedin.com https://cdn.vidyard.com https://*.doubleclick.net https://storage.pardot.com https://cdn.cookielaw.org https://ws.zoominfo.com https://*.googletagmanager.com https://*.google-analytics.com https://tr-rc.lfeeder.com https://google.com https://*.clarity.ms https://*.google.com https://*.google.ca https://*.bing.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://px.ads.linkedin.com/ https://google.com/ https://play.vidyard.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.force.com https://cdn.cookielaw.org https://*.onetrust.com https://*.clarity.ms https://*.google-analytics.com https://ws.zoominfo.com https://*.bing.com; frame-src 'self' https://play.vidyard.com https://service.force.com https://*.google.com/ https://www2.soti.net https://*.moneris.com/ https://go.pardot.com https://*.youtube.com; 1
child-src 'self' blob: prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net ;connect-src 'self' *.flickr.com *.staticflickr.com *.civiccomputing.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.doubleclick.net *.gstatic.com *.googlesyndication.com *.hotjar.com *.google-analytics.com *.yahoo.com *.disquscdn.com *.disqus.com disqus.com *.emailcc.com emailcc.com blob: *.akamaihd.net *.boltdns.net prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.boltdns.net *.akamaihd.net www.facebook.com analytics.google.com *.clarity.ms *.google-analytics.com *.analytics.google.com api.lawsociety.org.uk cloudflareinsights.com cdn.linkedin.oribi.io maps.googleapis.com *.getaddress.io google.co.uk *.linkedin.com *.varify.io;default-src 'self' *.googlesyndication.com *.disquscdn.com *.disqus.com disqus.com *.lawsociety.org.uk *.google-analytics.com *.doubleclick.net *.gstatic.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.googletagmanager.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.hotjar.com *.civiccomputing.com *.emailcc.com emailcc.com *.spreaker.com *.infogram.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net ;font-src 'self' data: *.slidesharecdn.com *.slideshare.net fast.fonts.net *.hotjar.com *.gstatic.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.fontawesome.com;frame-src 'self' *.livestream.com data: *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.carto.com *.spreaker.com *.concep.com *.slidesharecdn.com *.slideshare.net *.storify.com *.hotjar.com *.doubleclick.net *.google.com *.google.co.uk *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.googlesyndication.com *.emailcc.com emailcc.com *.akamaihd.net *.boltdns.net *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net  www.facebook.com staticxx.facebook.com www.googletagservices.com *.lawsociety.org.uk calendly.com assets.calendly.com *.worldpay.com;img-src 'self' data: blob: *.youtube.com *.ytimg.com *.googleapis.com *.google.com *.google.co.uk *.twitter.com *.ads-twitter.com *.twimg.com *.yahoo.com *.webscanningservice.com *.flickr.com *.staticflickr.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.hotjar.com *.lawsociety.org.uk *.disquscdn.com *.disqus.com disqus.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.boltdns.net prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net  *.boltdns.net *.googlesyndication.com px.ads.linkedin.com www.facebook.com *.lawgazette.co.uk www.linkedin.com d1d8vslyhr7rdg.cloudfront.net p.adsymptotic.com pixel.quantserve.com  *.google-analytics.com *.analytics.google.com *.oribi.io *.googletagmanager.com *.eventscloud.com *.google.nl *.viglink.com;media-src 'self' blob: *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.boltdns.net *.akamaihd.net;object-src *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net;report-uri  https://lawsocietyorguk.report-uri.com/r/d/csp/enforce https://7ir5fiw82m.execute-api.eu-west-1.amazonaws.com/beta;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.twimg.com blob: *.flickr.com *.staticflickr.com *.concep.com *.googletagmanager.com *.spreaker.com *.hotjar.com *.google-analytics.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.google.com *.google.co.uk *.gstatic.com *.doubleclick.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.civiccomputing.com *.jquery.com *.emailcc.com emailcc.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.civiccomputing.com *.jquery.com cdnjs.cloudflare.com c.contentsvr.com *.emailcc.com *.ytimg.com *.bizographics.com connect.facebook.net snap.licdn.com cdn.ampproject.org *.googleadservices.com *.googletagservices.com *.lawsociety.org.uk secure.quantserve.com rules.quantcount.com vjs.zencdn.net *.googleoptimize.com calendly.com assets.calendly.com *.clarity.ms static.cloudflareinsights.com *.oribi.io *.worldpay.com openxcdn.net uidapi.com creativecdn.com *.jsdelivr.net *.varify.io;style-src 'unsafe-inline' *.googleapis.com 'self' fast.fonts.net *.twitter.com *.ads-twitter.com *.disquscdn.com *.disqus.com disqus.com *.googletagmanager.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net tagmanager.google.com cdn.ampproject.org *.bootstrapcdn.com optimize.google.com *.fontawesome.com;upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net https://*.gstatic.com https://www.youtube.com https://i.ytimg.com https://cdn.jsdelivr.net https://widget.trustpilot.com https://wa.onelink.me ajax.cloudflare.com https://*.gravatar.com; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://siteimproveanalytics.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://maps.googleapis.com/ https://s.ytimg.com/ https://connect.facebook.net/ https://www.googletagservices.com/ https://www.dynamicnumbers.mediahawk.co.uk/ https://player.vimeo.com https://gt.bcu.ac.uk/ https://libanswers.bcu.ac.uk/ https://platform.twitter.com/ https://*.twimg.com/ https://www.instagram.com/ https://api3-eu.libcal.com/ https://cdn.unibuddy.co/ https://api.mapbox.com/ https://system.spektrix.com/ https://embed.expertfile.com/ https://d2mo5pjlwftw8w.cloudfront.net/  https://sjs.bizographics.com/ https://static.ads-twitter.com/ https://sc-static.net/  https://analytics.twitter.com https://*.mapbox.com  https://*.discoveruni.gov.uk https://discoveruni.gov.uk https://www.gstatic.com/ https://www.google.com/ https://snap.licdn.com https://tr.snapchat.com/ https://analytics.tiktok.com/ https://*.stackadapt.com/ https://s3.amazonaws.com/ki.js https://*.silktide.com/;            style-src 'self' 'unsafe-inline' https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://*.mapbox.com https://gt.bcu.ac.uk/ https://*.stackadapt.com/;             img-src 'self' data: blob: https://i.ytimg.com/ https://bcu.imgix.net/ https://bcuassets.blob.core.windows.net/ https://bcucdn.azureedge.net/ https://*.gstatic.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.uk/ https://adservice.google.com/ https://siteimproveanalytics.com/ https://www.facebook.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ https://syndication.twitter.com/ https://*.twimg.com/ https://platform.twitter.com/ https://image.issuu.com/ https://maps.googleapis.com/ https://pool.a8723.com/ https://pool.adizio.com https://pool.admedo.com https://51623691.global.siteimproveanalytics.io/ https://*.mapbox.com/ https://px.ads.linkedin.com/ https://t.co/ https://discoveruni.gov.uk/ https://gt.bcu.ac.uk/ https://snap.licdn.com/ https://lh3.googleusercontent.com/ https://*.stackadapt.com/ https://analytics.twitter.com/;            frame-ancestors 'self' https://www.bcuinspired.com/; 1
base-uri 'self'; default-src 'none'; form-action 'self' https://www.paypal.com https://www.sandbox.paypal.com https://www.facebook.com ; style-src 'self' 'unsafe-inline' https://www.codeweavers.com https://*.codeweavers.com https://*.fontawesome.com ; img-src 'self' blob: data: *; media-src 'self' data: *; font-src 'self' data: https://www.codeweavers.com https://*.codeweavers.com https://*.fontawesome.com ; script-src 'report-sample' 'self' https://www.codeweavers.com https://*.codeweavers.com https://www.googletagmanager.com/ https://*.fontawesome.com/ https://connect.facebook.net https://platform.twitter.com ; connect-src 'self' https://*.codeweavers.com https://analytics.google.com/ https://www.google-analytics.com/ https://*.fontawesome.com https://stats.g.doubleclick.net ; frame-src 'self' blob: https://www.facebook.com https://connect.facebook.net https://www.youtube.com/embed/ ; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors *.eluniversal.com.co 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pawoo.net; img-src 'self' https: data: blob: https://pawoo.net; style-src 'self' https://pawoo.net 'nonce-dTnJU6hDR0A6KwDrptQd/A=='; media-src 'self' https: data: https://pawoo.net; frame-src 'self' https:; manifest-src 'self' https://pawoo.net; form-action 'self'; connect-src 'self' data: blob: https://pawoo.net https://img.pawoo.net wss://pawoo.net; script-src 'self' https://pawoo.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.recaptcha.net https://www.gstatic.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pawoo.net; worker-src 'self' blob: https://pawoo.net 1
frame-ancestors *.tapinto.net *.facebook.com *.halstonmedia.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://s.adroll.com https://d.adroll.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.glassgs.com https://mc.yandex.ru https://mc.yandex.com https://*.bgportable.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com https://stats.g.doubleclick.net https://s.adroll.com https://d.adroll.com wss://*.bitget.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin wss://*.bitgetapp.com wss://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com wss://*.itbitget.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://mc.yandex.com https://mc.yandex.ru wss://*.bgportable.com wss://*.bitget.style https://*.bgportable.com https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site; frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.bitgetimg.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://*.glassgs.com https://www.bitgetwidget.com https://*.bgportable.com https://*.bitget.style https://mc.yandex.com https://mc.yandex.ru https://*.nihaopay.com https://onramp.money; frame-ancestors 'self' https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc; report-uri https://632817c861f1dae92c2ae121.endpoint.csper.io?v=33; 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com cdn.simplytoimpress.com;frame-ancestors 'self' https://www.simplytoimpress.com;object-src 'self' https://www.simplytoimpress.com;upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://www.googletagmanager.com https://cdn.glassix.com https://js.nagich.co.il https://script.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.popt.in https://r.icreate-campaign.com https://center.icreate-campaign.com https://googleads.g.doubleclick.net https://connect.facebook.net https://access.nagich.co.il https://cse.google.com https://www.google.com optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://optimize.google.com/ cdn.popt.in https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://www.googletagmanager.com https://cdn.glassix.com https://js.nagich.co.il https://script.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.popt.in https://r.icreate-campaign.com https://center.icreate-campaign.com https://googleads.g.doubleclick.net https://connect.facebook.net https://access.nagich.co.il https://cse.google.com https://www.google.com optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://optimize.google.com cdn.popt.in https://www.youtube.com https://bringthemhomenow.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cse.google.com https://www.google.com https://center.icreate-campaign.com https://fonts.googleapis.com https://optimize.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://center.icreate-campaign.com www.google.com https://cse.google.com https://fonts.googleapis.com https://optimize.google.com cdn.popt.in https://cdn.glassix.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' acad-sec9.lndo.site bible9.lndo.site ch9.lndo.site comlit9.lndo.site communication9.lndo.site d20219.lndo.site dolev9.lndo.site econ9.lndo.site education9.lndo.site engineering9.lndo.site french9.lndo.site geoenv9.lndo.site gondabrain9.lndo.site ict9.lndo.site imba9.lndo.site is9.lndo.site law9.lndo.site life-sciences9.lndo.site lisa9.lndo.site management9.lndo.site math9.lndo.site mba9.lndo.site medicine9.lndo.site multi-judaic9.lndo.site nano9.lndo.site physics9.lndo.site politics9.lndo.site psychology9.lndo.site social-work9.lndo.site sociology9.lndo.site talmud9.lndo.site translation9.lndo.site culture9.lndo.site gender9.lndo.site jewish-history9.lndo.site mgl9.lndo.site pconfl9.lndo.site jewish-faculty9.lndo.site jart9.lndo.site yesod9.lndo.site optometrics9.lndo.site middle-east9.lndo.site hebrew9.lndo.site social-health9.lndo.site classics9.lndo.site graduate-school9.lndo.site desigprog9.lndo.site criminology9.lndo.site demo29.lndo.site demo9.lndo.site dean9.lndo.site arabic9.lndo.site philosophy9.lndo.site learning-and-teaching9.lndo.site jphilosophy9.lndo.site dangoor-medicine9.lndo.site lib9.lndo.site hebrew-literature9.lndo.site cs9.lndo.site music9.lndo.site stuad9.lndo.site history9.lndo.site efl9.lndo.site barav9.lndo.site english9.lndo.site *.biu.a.cil; report-uri https://www.biu.ac.il/report-uri/enforce 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://skk.erecruiter.pl https://*.userway.org; script-src 'nonce-f74ed11536fafb6089c9412c5ebbae47' 'self' https://bat.bing.com https://*.clarity.ms https://pagead2.googlesyndication.com https://www.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.gstatic.com https://skk.erecruiter.pl https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.userway.org; img-src 'self' data: https://bat.bing.com https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://cdn.userway.org https://www.google.com https://www.google.pl https://www.gstatic.com https://www.google-analytics.com https://script.hotjar.com; font-src 'self' https://*.userway.org https://fonts.gstatic.com https://www.googletagmanager.com https://script.hotjar.com; connect-src 'self' https://region1.google-analytics.com https://*.clarity.ms wss://ws.przelewy24.pl https://secure.przelewy24.pl https://offers.erecruiter.pl https://*.userway.org https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://*.analytics.google.com; frame-src https://td.doubleclick.net https://optimize.google.com https://www.google.com https://cdn.userway.org https://vars.hotjar.com https://consentcdn.cookiebot.com; base-uri 'none'; form-action 'self' https://www.przelewy24.pl/zapytanie-o-dane https://secure.przelewy24.pl; frame-ancestors 'none'; object-src https://player.vimeo.com; 1
default-src 'unsafe-inline' 'unsafe-eval' data: https://*; media-src http://download.milestonesys.com/ https://*; 1
frame-ancestors https://attransit.njt.gov/ https://master-7rqtwti-n2wop6ggfbwbm.us-2.platformsh.site/ 1
upgrade-insecure-requests; report-to https://www.kartina.tv/; frame-ancestors kassir.kartina.tv 1
report-uri https://www.tinkoff.ru/api/front/pwabnpl/log/csp-error?appName=pwabnpl; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; font-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data: *.dolyame.ru; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru *.dolyame.ru; img-src 'self' data: *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru *.dolyame.ru 'self' data: *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru rtb-eu.b.otm-r.com sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru blob: *.dolyame.ru sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org; frame-src 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru *.dolyame.ru *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org; connect-src 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru wss://*.tinkoff.ru wss://*.tcsbank.ru 'self' data: self sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works cfg.tinkoff.ru acdn.tinkoff.ru www.tinkoff.ru www.cdn-tinkoff.ru dolyame.ru tmsg.tinkoff.ru chat.dolyame.ru ms-gateway.tinkoff.ru forma.tinkoff.ru fallback.cdn-tinkoff.ru 1
default-src 'self' https://og-frontend-static.us-west-2.staging.public.atl-paas.net;script-src 'self' 'unsafe-eval' https://*.services.atlassian.com https://code.jquery.com/jquery-3.6.0.min.js https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://translate.googleapis.com/_/translate_http/_/js/ https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://js.intercomcdn.com https://widget.intercom.io/widget/ https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://js.stripe.com https://meet.jit.si https://og-frontend-static.us-west-2.staging.public.atl-paas.net https://bam.nr-data.net 'sha256-FV4wGfcn2NrqSJwtGQUWZ2Ie5XrIVKqtnc6g2gmRRco=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-N6H1UNp6u4dhUx+FZUQMMcXz17KIEWQw+ZVCPp4d3Zo=' 'sha256-qyYeb40S0YW7zrzwvSX5SEThkjXxwfWSwDp+FlCY0ic=' 'sha256-XHhqFY/vlAF49XCJL4Eg+ttSAnGAobln30utBWOcPhU=' 'sha256-L8u6aiCFdh23FnTLOjO9T7p6zkSJPTaOzZoZUz9OnVQ=' 'sha256-ZMCyrJrkz95Pmv4GzcpT7uihWvUib4x2CFIKGfMsuYU=' 'sha256-ffGUIypjdVM8v7ybOzYmI52fKI8S9IVsUI1OqyrUw8Q=' 'sha256-4qVpzn2Bx0qK9KtIsF/n3VVomtjXD/qPqKpKFNRrMWY=' 'sha256-eETIIu3VZ7EA7inGoTk/IDe2GZACdmowaBuJOhm6Bik=';connect-src 'self' https: wss: ws:;style-src 'self' 'unsafe-inline' https://og-frontend-static.us-west-2.staging.public.atl-paas.net https://fonts.googleapis.com/css2 data:;frame-src 'self' https://*.opsgeni.us https://intercom-sheets.com https://*.atlassian.com https://*.opsgenie.com https://js.stripe.com https://reporting.opsgenie.com;img-src 'self' data: https:;font-src 'self' https://fonts.intercomcdn.com https://fonts.gstatic.com https://og-frontend-static.us-west-2.staging.public.atl-paas.net data:;object-src 'none';report-uri https://web-security-reports.services.atlassian.com/csp-report/opsgenie-staging-us-violations;frame-ancestors 'self' https://*.app.opsgeni.us https://*.opsgeni.us 1
default-src 'self'; object-src 'self';connect-src 'self' *.go-mpulse.net *.akamaihd.net *.akstat.io https://*.hotjar.com https://*.hotjar.io https://*.fastenal.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.google.com https://maps.googleapis.com/ https://analytics.google.com/ *.eum-appdynamics.com https://www.product-config.net https://dpk3n3gg92jwt.cloudfront.net;  child-src 'self' https://vars.hotjar.com blob: data:; font-src 'self' https://*.fastenal.com https://fonts.googleapis.com https://fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com https://marketer.monetate.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.convertlanguage.com *.go-mpulse.net https://www.gstatic.com https://*.fastenal.com https://www.googleadservices.com https://www.google.com/recaptcha/api.js www.googletagmanager.com https://tagmanager.google.com *.monetate.net https://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://sc.cdnma.com https://beacon.cdnma.com https://fastenalcom.mpeasylink.com https://www.youtube.com https://*.akamaihd.net https://www.google.com https://s.ytimg.com/ *.appdynamics.com *.eum-appdynamics.com https://www.product-config.net/; frame-src 'self' https://www.google.com https://fastenalcom.mpeasylink.com https://www.youtube.com https://vars.hotjar.com https://*.g.doubleclick.net https://marketer.monetate.net https://app.powerbi.com/; img-src 'self' data: http://csp-1.picarioxpo.com https: http://multimedia.3m.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://*.fastenal.com https://fonts.googleapis.com https://tagmanager.google.com https://fastenalcom.mpeasylink.com https://*.monetate.net https://marketer.monetate.net/ https://www.product-config.net/;  1
report-uri https://www.debugbear.com/_/csp; default-src * 'self'; script-src 'strict-dynamic' 'nonce-bcc76069-b033-40a6-be34-f0ca83eb9bd5' 'unsafe-inline' 'self' https: ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; object-src 'none'; base-uri 'none'; frame-ancestors 'none' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.compassion.com; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.newsweek.pl::PROD_USP 1
script-src 'nonce-psegnjcsp-unsafeinline' *.pseg.com *.gstatic.com *.force.com *.cloudflare.com player.vimeo.com *.aspnetcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.adsrvr.org *.salesforce-sites.com *.salesforce.com *.salesforceliveagent.com  *.my.site.com; frame-ancestors *.pseg.com *.salesforce.com ;  connect-src *.pseg.com *.gstatic.com *.force.com *.aspnetcdn.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.googleapis.com *.my.site.com *.windows.net 1
default-src https: wss:; script-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; object-src 'none'; 1
frame-ancestors bosch-pt.com.au www.bosch-pt.com.au bosch-officeon.com boschprofessionalworld.com staging.boschprofessionalworld.com staging-2.boschprofessionalworld.com theviewer.co *.kittelberger.net *.kittelberger.de *.bosch-professional.com; 1
script-src 'self' 'unsafe-inline'; worker-src blob:;script-src-elem 'self' 'unsafe-inline' https://api.mapbox.com/ https://odcc2.bell.ca/ https://ajax.googleapis.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://bbox.blackbaudhosting.com/ https://maxcdn.bootstrapcdn.com/ https://c212.net/ https://cdn.c212.net/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://script.crazyegg.com/ https://tags.crwdcntrl.net/ https://cdn.embedly.com/ https://connect.facebook.net/ https://adservice.google.ca/ https://adservice.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://tpc.googlesyndication.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://pagead2.googlesyndication.com/ https://beacon.krxd.net/ https://cdn.krxd.net/ https://consumer.krxd.net/ https://securepubads.g.doubleclick.net/ https://tiffr.com/ https://analytics.tiktok.com/ https://platform.twitter.com/ https://s.yimg.com/ 1
default-src 'self' *.gotoassist.com *.dev-gotoassist.com fastsupport.com i1fastsupport.com stage.fastsupport.com 'unsafe-inline' 'unsafe-eval' data: *.getgo.com *.google.com *.google-analytics.com *.googleapis.com 1
base-uri 'none'; object-src 'self' *.amazonaws.com; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'nonce-fbVjeWPMvezXRw1hTp6saYgAKzHN38/Xmp2byL61Rus='; report-uri https://europe-central2-fundigic-cloud.cloudfunctions.net/siepomaga-csp 1
frame-ancestors 'self' https://*.yahoo.com https://*.engadget.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.onesearch.com https://*.publishing.oath.com https://*.aol.com; sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; report-to csp-endpoint; 1
frame-ancestors 'self' *.testberichte.de 1
connect-src 'self' https://reallyfreegeoip.org/json/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com; default-src 'self'; font-src 'self' https://rsms.me/ https://fonts.gstatic.com/; frame-src 'self' https://static.addtoany.com https://player.vimeo.com/ https://vimeo.com/ https://www.youtube.com/ https://forms.hsforms.com https://www.google.com/; img-src 'self' https://no-cache.hubspot.com/ https://perf.hsforms.com/ https://6739632.fs1.hubspotusercontent-na1.net/ https://forms.hsforms.com https://forms-na1.hsforms.com/; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.addtoany.com https://unpkg.com https://cookiehub.net https://js.hscta.net/ https://cta-service-cms2.hubspot.com/ https://js.hsforms.net/ https://www.google.com https://www.gstatic.com/ https://cdn.cookiehub.eu/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://rsms.me https://cookiehub.net/; 1
frame-ancestors 'self' https://bannerhealth.com https://www.bannerhealth.com https://Qa.stage.bannerhealth.com https://stage.bannerhealth.com https://qa.bannerhealth.com https://qa-cm.bannerhealth.com https://iframe.dev.buoyhealth.com https://dev-sc-cd.dbt.testbhealth.com https://qa-sc-cd.dbt.testbhealth.com https://uat.bannerhealth.com https://beta.bannerhealth.com 1
script-src 'unsafe-eval' 'self' blob: *.walkme.com *.doubleclick.net *.jquery.com *.steelhousemedia.com *.clarity.ms *.marinsm.com *.tvsquared.com *.convertlanguage.coma *.stackadapt.com 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-ipjUpAO5Zx3H/q6miTlllOa0xJsBwcFMGTeHoYNeXiw=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-JHK17+U8wdRstIrvJ9FH+hRjOAbbxmHrq0wCVhtsH7o=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-0CFWqn8iRfbSl1Sem930KfSoUJXZns11Cn83r+PXVLY=' 'sha256-N9Fcbvm0D7OHWPqfYvKe/03U0CZV2AiZiZBrMI+Ksj0=' 'sha256-EXfLQCLxlOnO65O9cKsL0o9OFNxguNq3K01QOwsooT8=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-9L80nW6/wnsNaC/TWNo4gryOH3bGptV9J841/BKwAno=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-EMO8V0afEwmvA6t2d6wG6PS3p9+n6fhPK0GZjO91IHs=' 'sha256-f7qZAP0d9359mYcb/vgVCWxYxymvSI9DxgiKurjZaOQ=' 'sha256-NDRilroK6DdzrIS4UKHEE3CEEoql6/fSI05aOLR0MKs=' 'sha256-frdEsQQ2f2d9UwWmf/L1EkrelLIPQkX8XKBxZ68VEDc=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-IyJp55qY1hWHECsk/9IaBg0P1cqphU2h83okwB6//30=' 'sha256-7air93D0iLJuk6VUEZSnozqaPOL6Qi8MOs8k6dWhuko=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-/jelFPmvGgCLb2ruwisTS4lMCQphITOFeMAtuZQQhPQ=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-+9nvnUjMPgpsCHqUyccwQCWltJdUnhcoDgKmekMe5r4=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-7kffnNgRQ7qzYy+bMsInYuH8jQUzqb4sdbv2yAH7H40=' 'sha256-7kffnNgRQ7qzYy+bMsInYuH8jQUzqb4sdbv2yAH7H40=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-kEyA013BpTyUc1nqTJ2W65dz6zCi7DlCTj7xA/MPKm8=' 'sha256-PujGZsFstVNnK7qoVuZjCFKHTUf1KgZQB3e1+nfLypE=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5opYFwUS510Rvfv27i9fgH/77B6yGcd39Qc2XGu3Sk4=' 'sha256-ZsiO6M6SIFEhZrPiwh4Vky40a3LRcSYYWmT8kYCo+c8=' 'sha256-12Oe5dMRtAenv78D9ewvG6kpwvsYQwe0SEAFh4E3by4=' 'sha256-pKXjbNTq8JR4j0soyNfLkYJiSSsP6kqo5DRo9q4cDXE=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com *.brightcove.net *.brightcove.com, frame-src 'self' *.bcbsil.com *.doubleclick.net *.google.com *.facebook.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.brightcove.com 1
frame-ancestors 'self' www1.tu-ilmenau.de;  frame-src 'self' *.tu-ilmenau.de *.vimeo.com *.vimeocdn.com thunibib-ilmenau.gbv.de service1.bibliothek.tu-ilmenau.de:8383 *.openstreetmap.org thefi1.tu-ilmenau.de:3000; 1
default-src 'self' *.bobcat.com;connect-src 'self' *.bobcat.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.bobcatcms.online *.bobcat-china.cn https://dibh-prod-dxp-bobcat-forms.s3.us-east-1.amazonaws.com *.linkedin.oribi.io https://plausible.io *.crazyegg.com *.dibhids.net *.dice-tools.com *.flowpaper.com *.smartlook.cloud *.luigisbox.com *.googleapis.com *.googlesyndication.com *.sharethis.com *.crwdcntrl.net *.evergage.com *.cookiepro.com *.onetrust.com *.cloudinary.com *.serving-sys.com *.google-analytics.com *.doubleclick.net *.snapchat.com *.tiktok.com *.facebook.com *.elfsight.com *.google.com;img-src 'self' data: blob: cloudinary: *.cloudinary.com *.googleapis.com *.buyerzone.com *.bobcat.com *.bing.com *.linkedin.com *.flowpaper.com https://flowpaper.com *.bobcat-china.cn *.sharethis.com *.cookiepro.com *.facebook.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.elfsightcdn.com *.simpli.fi *.ytimg.com https://um.simpli.fi https://cm.g.doubleclick.net https://www.googleadservices.com https://aa.agkn.com https://sync.intentiq.com https://pixel.tapad.com https://simplifi.partners.tremorhub.com https://eb2.3lift.com https://image2.pubmatic.com https://ads.stickyadstv.com https://d.agkn.com https://loadm.exelator.com https://ups.analytics.yahoo.com https://sync.bfmio.com https://stags.bluekai.com https://ce.lijit.com https://idsync.rlcdn.com https://bcp.crwdcntrl.net https://sync.search.spotxchange.com https://pixel.rubiconproject.com https://pippio.com https://us-u.openx.net https://ib.adnxs.com https://fei.pro-market.net  'unsafe-inline' 'unsafe-eval';media-src 'self' *.cloudinary.com *.bobcat-china.cn;script-src 'self' *.bobcat.com *.pulseinsights.com https://plausible.io *.crazyegg.com *.adsrvr.org *.elfsightcdn.com *.hotjar.com *.cludo.com *.smartlook.com *.typeform.com *.flowpaper.com https://snap.licdn.com *.snapchat.com  *.sharethis.com *.googleapis.com https://bobcatbackyardmakeover.azurewebsites.net *.evgnet.com https://tag.simpli.fi https://i.simpli.fi *.simpli.fi *.luigisbox.com *.googleoptimize.com *.cookiepro.com *.youtube.com *.buyerzone.com *.elfsight.com *.google.com *.gstatic.com *.know-where.com *.cloudinary.com https://unpkg.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.facebook.net *.bing.com *.serving-sys.com  https://sc-static.net *.tiktok.com 'unsafe-inline' 'unsafe-eval';style-src 'self' *.bobcat.com *.cloudinary.com *.cludo.com *.typeform.com *.luigisbox.com *.googleapis.com *.google.com *.googletagmanager.com https://unpkg.com 'unsafe-inline';object-src 'none';font-src 'self' data: *.bobcat.com *.hotjar.com *.gstatic.com;frame-src 'self' *.dibhids.net *.dice-tools.com *.cloudinary.com https://go.doosanportablepower.com  *.adsrvr.org *.youtube-nocookie.com https://bobcatbackyardmakeover.azurewebsites.net https://formsmarts.com *.google.com *.typeform.com *.flowpaper.com *.sharethis.com *.know-where.com *.office.com *.snapchat.com *.facebook.com https://bobcatforms.com https://bobcatcms.online *.bobcatcms.online *.doubleclick.net *.youtube.com;frame-ancestors 'self' https://bobcatbackyardmakeover.azurewebsites.net https://formsmarts.com 1
default-src 'self' data: https://internalgogdemo.terracycle.com https://d3c39yxulteaif.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://fonts.gstatic.com/ https://use.typekit.net/ https://*.noibu.com/ wss://*.noibu.com/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://d3c39yxulteaif.cloudfront.net/ https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://s.pinimg.com/ct/ https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js.hs-scripts.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://*.quora.com/qevents.js https://script.hotjar.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com/ https://www.googleadservices.com/pagead/conversion.js https://*.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://ads.nextdoor.com/public/pixel/ndp.js https://www.clarity.ms/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-banner.com/ https://js.hs-analytics.net/ https://*.wufoo.com/scripts/embed/form.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://tag.rmp.rakuten.com/125112.ct.js https://js-agent.newrelic.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net https://cdn.cookielaw.org/ https://js.hubspot.com/ https://amplify.outbrain.com/cp/obtp.js https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://js.hsforms.net/forms/embed/v2.js https://js.hubspot.com/web-interactives-embed.js https://amplify.outbrain.com https://wave.outbrain.com/ https://analytics.tiktok.com/ https://tr.outbrain.com/ https://cdn.noibu.com/collect.js https://*.noibu.com/ wss://*.noibu.com/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://d3c39yxulteaif.cloudfront.net/ https://syndication.twitter.com/ https://fonts.googleapis.com/ https://optimize.google.com https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://optimize.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://editoriumstage.terracycle.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://*.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://terracycle.wufoo.com/ https://player.vimeo.com/ https://forms.hubspot.com/ https://td.doubleclick.net/ https://terracycle-6369378.hs-sites.com/ https://privacyportal.onetrust.com/ https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com; img-src 'self' https://internalgogdemo.terracycle.com https://d3c39yxulteaif.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://d280jbtwinny2v.cloudfront.net/ https://d35jj3xv1zfqx0.cloudfront.net/ https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com// https://s3.amazonaws.com/gog-prod/ https://*.terracycle.com/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://*.quora.com/ https://*.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://ct.pinterest.com/v3/ https://t.co/ https://www.facebook.com/tr/ https://optimize.google.com/ https://*.google-analytics.com https://*.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://flask.nextdoor.com/ https://forms.hsforms.com/ https://track.hubspot.com/ https://*.clarity.ms https://img.youtube.com/ https://p.adsymptotic.com/d/px/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://6369378.fs1.hubspotusercontent-na1.net https://consent.linksynergy.com/ https://perf-na1.hsforms.com https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms-na1.hsforms.com https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/en/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://d3c39yxulteaif.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://ipapi.co/json https://maps.googleapis.com/ https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/4529 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://rp.liadm.com/ https://forms.hubspot.com/ https://t.leadmanagerfx.com/ https://www.clarity.ms/ https://*.clarity.ms https://js.hs-banner.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com/user/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/request/v1/consentreceipts https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com https://cdn.linkedin.oribi.io/partner/2230314/domain/terracycle.com/token https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://tr.outbrain.com/ https://analytics.tiktok.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://staging.shop.terracycle.com/ https://shop.terracycle.com/ https://*.noibu.com/ wss://*.noibu.com/ 1
default-src 'self' https://static.linear.app;connect-src 'self' https://*.daily.co wss://*.daily.co https://o415358.ingest.sentry.io/api/5337513/ https://o415358.ingest.sentry.io/api/4504277957279744/ wss://ornj730p.api.sanity.io/ https://ornj730p.apicdn.sanity.io/ https://*.linear.app https://9RXBCYQ6DV-dsn.algolia.net https://*.google-analytics.com/ https://linearstatus.com/ https://app.posthog.com https://*.browser-intake-datadoghq.com http://127.0.0.1:44450/ http://127.0.0.1:18450/ http://127.0.0.1:33234/ https://api.linear.app https://client-api.linear.app https://api-staging.linear.dev https://client-api-staging.linear.dev wss://sync.linear.app/ wss://sync-staging.linear.dev/ https://storage.googleapis.com/uploads.linear.app/ https://storage.googleapis.com/public.linear.app/ https://storage.googleapis.com/imports.linear.app/ https://www.google-analytics.com/j/collect https://ornj730p.api.sanity.io/;script-src 'self' blob: 'unsafe-inline' https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js https://js.stripe.com/v3 https://jobs.ashbyhq.com/Linear/embed https://e.linear.app https://static.linear.app;style-src 'self' 'unsafe-inline' https://static.linear.app;font-src 'self' https://static.linear.app;img-src 'self' data: blob: https://*.linear.app https://*.googleusercontent.com https://www.google-analytics.com https://cdn.sanity.io/images/ornj730p/ https://linear.app/cdn-cgi/imagedelivery/ https://avatars.githubusercontent.com https://i.ytimg.com/vi/ https://i.embed.ly/1/display https://avatars.slack-edge.com https://pbs.twimg.com/profile_images/ https://pbs.twimg.com/ext_tw_video_thumb/;frame-ancestors 'none';frame-src *;media-src blob: https://uploads.linear.app https://public.linear.app https://imports.linear.app https://static.linear.app https://cdn.sanity.io/files/ornj730p/ https://video.twimg.com/ext_tw_video/ https://linear.app/static/;report-uri https://api.linear.app/report-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.twitter.com *.facebook.com *.stripe.com 1
frame-ancestors 'self' https://*.monocle.com; 1
default-src https:; script-src blob: 'unsafe-inline' 'unsafe-eval' 'self' https://*.uservoice.com https://maps.googleapis.com https://faronics.kayako.com/ https://apis.google.com/; connect-src https: 'self' ws:; img-src blob: https: 'self' data:; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nict.go.jp 1
frame-ancestors 'self' studio.tixr.com 1
default-src 'self' https:;connect-src 'self' https: https://api.mobius.highereducation.com https://api.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.honeybadger.io https://api.sail-personalize.com https://api.sail-track.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://privacyportal.onetrust.com wss://*.hotjar.com https://generalassembly.pxf.io;font-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://ga-static-assets-s3.global.ssl.fastly.net https://www.google-analytics.com https://ga-core.s3.amazonaws.com https://stats.g.doubleclick.net https://dc.ads.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://generalassemb.ly/ https://s3.amazonaws.com/static-assets.generalassemb.ly/ https://px.ads.linkedin.com https://grow.clearbitjs.com https://ws.zoominfo.com;object-src 'none';worker-src blob: https:;media-src 'self' data: blob: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://cdn.cookielaw.org https://ga-static-assets-s3.global.ssl.fastly.net https://ak.sail-horizon.com https://www.google-analytics.com https://d1fc8wv8zag5ca.cloudfront.net https://tagmanager.google.com https://connect.facebook.net/ https://code.jquery.com/ https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdn.optimizely.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://stats.g.doubleclick.net https://snap.licdn.com https://utt.impactcdn.com;script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' https://cdn.mobius.highereducation.com https://www.googletagmanager.com https://www.google-analytics.com https://ak.sail-horizon.com https://cdn.optimizely.com https://www.googleadservices.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://x.clearbitjs.com https://grow.clearbitjs.com https://ws.zoominfo.com;style-src 'self' data: https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net;frame-ancestors 'self';upgrade-insecure-requests;report-uri /core_content_security_policy/reports; 1
frame-ancestors 'self' https://www.lakeheadu.ca https://wd-www.lakeheadu.ca https://myinfo.lakeheadu.ca https://erpwp.lakeheadu.ca https://wd-cc.lakeheadu.ca 1
default-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com *.google.com *.doubleclick.net *.tagcommander.com *.trustcommander.net *.commander1.com tv.bpifrance.fr *.twitter.com *.ubembed.com *.evgnet.com *.evergage.com *.googleapis.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud; font-src 'self' themes.googleusercontent.com *.gstatic.com *.thinglink.me *.evgnet.com *.evergage.com *.googleapis.com *.commandersact.com; frame-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.googleapis.com www.google-analytics.com *.youtube.com *.google.com *.doubleclick.net *.vimeo.com *.tagcommander.com *.trustcommander.net *.facebook.com *.twitter.com *.thinglink.me *.dailymotion.com *.linkedin.com player.ausha.co embed.acast.com *.soundcloud.com developers.deezer.com open.spotify.com *.slideshare.net *.thinglink.com view.genial.ly *.onlinequizcreator.com dermandar.com *.ubembed.com *.facebook.net *.googleadservices.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com *.googleapis.com www.google-analytics.com *.youtube.com *.google.com *.doubleclick.net *.vimeo.com *.tagcommander.com *.trustcommander.net *.twitter.com *.thinglink.me *.dailymotion.com *.facebook.com *.linkedin.com player.ausha.co embed.acast.com *.soundcloud.com developers.deezer.com open.spotify.com *.slideshare.net *.thinglink.com view.genial.ly *.onlinequizcreator.com dermandar.com *.ubembed.com *.facebook.net *.googleadservices.com *.evgnet.com *.evergage.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com; style-src-elem 'self' 'unsafe-inline' *.thinglink.me fonts.googleapis.com *.evgnet.com *.evergage.com *.googleapis.com https://cdnjs.cloudflare.com 1
default-src 'self' https://*.reciteme.com; base-uri 'self'; object-src 'none'; style-src 'self' https://*.google.com https://*.googleapis.com https://*.financial-ombudsman.org.uk https://*.reciteme.com 'unsafe-inline'; img-src * data: https://script.hotjar.com; frame-src 'self' https://*.youtube.com https://*.google.com https://*.googletagmanager.com https://jira.cyberduck.net https://*.powerbi.com https://*.visme.co https://*.youtube-nocookie.com https://*.financial-ombudsman.org.uk https://*.hotjar.com https://*.hotjar.io https://*.reciteme.com; connect-src 'self' https://*.doubleclick.net https://*.google-analytics.com https://*.fullstory.com https://*.google.com https://*.financial-ombudsman.org.uk https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com wss://*.hotjar.io https://*.reciteme.com https://*.youtube.com/oembed o1375611.ingest.sentry.io; font-src 'self' data: https://*.gstatic.com https://*.financial-ombudsman.org.uk https://script.hotjar.com https://*.reciteme.com; form-action 'self' https://fs2.fos.org.uk/ https://*.financial-ombudsman.org.uk; script-src 'self' https://*.ytimg.com https://*.youtube.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleapis.com https://*.googlecode.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.addthis.com https://*.jquery.com https://*.leadforensics.com https://jira.cyberduck.net https://*.financial-ombudsman.org.uk https://*.hotjar.com https://*.hotjar.io https://*.reciteme.com https://cdn.ravenjs.com 'unsafe-inline' 'unsafe-eval' 'nonce-ZTAyYjlmM2ViYg/OWRlZDdhYzlhYjJjNDY='; 1
default-src 'self' data: https://storage-cssz-prod.predu.sk https://predushellstorage.blob.core.windows.net https://www.google-analytics.com https://maps.googleapis.com https://*.gstatic.com https://mapserver.mapy.cz https://api.mapy.cz http://api.mapy.cz https://seal.digicert.com https://analytics.cssz.cz; frame-src 'self' https://storage-cssz-prod.predu.sk https://cssz-test.predu.sk https://mpsvczmimoriadna.predu.sk/ https://www.google.com https://docs.google.com https://www.youtube.com https://analytics.cssz.cz https://static.addtoany.com; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage-cssz-prod.predu.sk https://cssz-test.predu.sk https://mpsvczmimoriadna.predu.sk https://maps.googleapis.com https://api.mapy.cz https://www.google-analytics.com https://portal.gov.cz https://analytics.cssz.cz https://www.googletagmanager.com https://seal.digicert.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://storage-cssz-prod.predu.sk https://fonts.googleapis.com https://api.mapy.cz; connect-src 'self' wss://webchatapi-cssz-prod.predu.sk https://api.mapy.cz https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net; 1
frame-ancestors 'self' https://egypt-now.net https://alarabnow.net; 1
font-src fonts.gstatic.com use.typekit.net *.cloudmaestro.com cdn.livechatinc.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com bitpay.com cdn.plaid.com *.pandadoc.com gum.criteo.com *.hotjar.com/ secure.livechatinc.com ssl.kaptcha.com static.criteo.net platform.twitter.com *.tradingview.com widget.nfusionsolutions.com www.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com aa.agkn.com ad.360yield.com ad.tpmn.co.kr ad.turn.com *.addthis.com ade.clmbtech.com ads.stickyadstv.com ads.yahoo.com bat.bing.com www.bizrate.com cdn.cookielaw.org cdn.livechatinc.com cdn.livechat-files.com cdn.stickyadstv.com *.cloudfront.net *.cloudmaestro.com cm.g.doubleclick.net contextual.media.net *.clarity.ms csm.va.us.criteo.net criteo-partners.tremorhub.com criteo-sync.teads.tv c.bing.com dis.criteo.com eb2.3lift.com exchange.mediavine.com gum.criteo.com idsync.rlcdn.com img.onesignal.com i.liadm.com ib.adnxs.com https://jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com us.creativecdn.com partner.mediawallahscript.com pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com sdbullion.com 'self' seal.digicert.com secure.adnxs.com shareasale.com simage2.pubmatic.com sp.analytics.yahoo.com sync.bidence.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com s.ad.smaato.net tags.bluekai.com tapestry.tapad.com tg.socdm.com trends.revcontent.com ups.analytics.yahoo.com vid.vidoomy.com visitor.omnitagjs.com x.bidswitch.net verify.authorize.net www.facebook.com www.shopperapproved.com ws.rqtrk.eu preprod.sdbullion.com adm.sdbullion.com *.sdbullion.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.shopperapproved.com https://direct.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com acdn.adnxs.com *.addthis.com api.livechatinc.com bat.bing.com bitpay.com cdn.cookielaw.org cdn.livechatinc.com cdn.onesignal.com cdn.plaid.com cdnjs.cloudflare.com *.clarity.ms *.cloudmaestro.com connect.facebook.net dwin1.com *.googletagmanager.com *.hotjar.com form.jotform.com *.klaviyo.com onesignal.com seal.digicert.com ssl.kaptcha.com sslwidget.criteo.com static.criteo.net s1.cnnx.io s3.tradingview.com *.twitter.com verify.authorize.net v1.addthisedge.com widget.nfusionsolutions.com widget.us.criteo.com www.dwin1.com www.shopperapproved.com z.moatads.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com bam.nr-data.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.klaviyo.com *.cloudmaestro.com onesignal.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com www.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.livechatinc.com *.klaviyo.com https://bt.signifyd.com:11103 cdn.cookielaw.org *.clarity.ms *.kmail-lists.com geolocation.onetrust.com onesignal.com privacyportal-eu.onetrust.com seal.digicert.com ssl.kaptcha.com stats.g.doubleclick.net *.twitter.com verify.authorize.net bam.nr-data.net sdbullion.com *.sdbullion.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri sdbullion.com *.sdbullion.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.autoalert.com service.force.com ec.walkme.com cdn.walkme.com 1
default-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://v2.zopim.com https://ekr.zdassets.com https://stats.g.doubleclick.net https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *  https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.mapbox.com wss://widget-mediator.zopim.com https://eucs5.klevu.com https://stats.klevu.com https://fonts.googleapis.com https://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com https://www.better.org.uk https://www.tag4arm.com https://vc.hotjar.io https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ekr.zdassets.com/compose/zopim_chat/2rIpBkS7T2wycdNchPW1IDU6Q9werhJj https://fonts.googleapis.com ; img-src * 'self' data: https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudinary.com/* https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://api.mapbox.com; script-src:  https://*.googletagmanager.com 1
frame-ancestors 'self' https://app.safe.global https://dexscreener.com https://www.kekistan.co.uk; 1
block-all-mixed-content;frame-ancestors 'none';upgrade-insecure-requests; 1
default-src 'self' wss://pornbox.com/socket.io/ wss://*.gtflixtv.com/socket.io/ *.pornbox.com pornbox.com cdn.plyr.io www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect *.googletagmanager.com https://*.gtflixtv.com *.gtflixtv.com translate.googleapis.com browser.translate.yandex.net translate.yandex.com api.cognitive.microsofttranslator.com edge.microsoft.com *.st-content.com *.googleapis.com *.bangbros.com translate.google.com google-analytics.com https://ssl.google-analytics.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ googletagmanager.com https://www.googletagmanager.com cdn.jsdelivr.net/npm/emojione@3.1.2/ tracking.sexcash.com;script-src 'self' *.gtflixtv.com *.pornbox.com *.st-content.com *.googleapis.com *.bangbros.com translate.google.com browser.translate.yandex.net translate.yandex.com google-analytics.com https://ssl.google-analytics.com www.google-analytics.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ googletagmanager.com https://www.googletagmanager.com cdn.jsdelivr.net/npm/emojione@3.1.2/ tracking.sexcash.com 'unsafe-inline' 'unsafe-eval' https://www.analvids.com/ *.analvids.com https://account.analvids.com/ *.analvids.com;object-src 'none';img-src 'self' data: *.gtflixtv.com cdn.jsdelivr.net/emojione/assets/ www.google-analytics.com https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/;font-src 'self' data: fonts.gstatic.com;connect-src 'self' wss://pornbox.com/socket.io/ wss://*.gtflixtv.com/socket.io/ *.pornbox.com pornbox.com cdn.plyr.io www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect *.googletagmanager.com https://*.gtflixtv.com *.gtflixtv.com translate.googleapis.com browser.translate.yandex.net translate.yandex.com api.cognitive.microsofttranslator.com edge.microsoft.com;style-src * 'unsafe-inline';report-uri /report/violation 1
frame-ancestors https://mptdmstest.mpt.com.mm/ https://my.mpt.com.mm/ https://mpt4uclp.mpt.com.mm/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com translate-pa.googleapis.com https://e.prezicdn.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com public.tableau.com https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://*.ecdev.org https://apis.google.com; style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://e.prezicdn.net https://maps.googleapis.com https://*.ecdev.org; img-src 'self' data: https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://e.prezicdn.net https://maps.googleapis.com https://*.gstatic.com https://*.twitter.com https://i.ytimg.com; font-src 'self' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://e.prezicdn.net https://maps.googleapis.com https://*.ecdev.org; connect-src 'self' https://static.cloud.coveo.com https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://fonts.googleapis.com https://www.gstatic.com translate-pa.googleapis.com https://e.prezicdn.net https://maps.googleapis.com https://publications.saskatchewan.ca; frame-src 'self' https://revsharesaskatchewan.ca https://public.tableau.com https://www.youtube.com https://immigration.saskatchewan.ca https://e.prezicdn.net https://prezi-nocookies.com https://maps.googleapis.com https://www.google.com https://fmt-public.selkirksystems.com https://www.facebook.com https://*.twitter.com https://*.ecdev.org https://*.googleapis.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; connect-src 'self' app.adjust.com api.traderepublic.com tracking.traderepublic.com sentry.traderepublic.com rum-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu browser-intake-datadoghq.eu boards-api.greenhouse.io cdn.contentful.com api.contentful.com www.g.doubleclick.net www.google.de www.google.fr www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google-analytics.com trc-events.taboola.com analytics.google.com bat.bing.com mp.traderepublic.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-inline' cdn.adjust.com g.microsoft.com www.google.com analytics.twitter.com googleads.g.doubleclick.net trc.taboola.com tr.outbrain.com boards.greenhouse.io www.google-analytics.com www.googleadservices.com snap.licdn.com bat.bing.com static.ads-twitter.com connect.facebook.com connect.facebook.net amplify.outbrain.com cdn.taboola.com www.googletagmanager.com www.datadoghq-browser-agent.com sc-static.net tracking.traderepublic.com *.adform.net; img-src 'self' data: trc.taboola.com connect.facebook.net t.co www.linkedin.com www.facebook.com cds.taboola.com p.adsymptotic.com www.google.com www.google.de www.google.fr www.google.at www.google.es www.google.it www.google.nl www.google.be www.google.ee www.google.fi www.google.gr www.google.ie www.google.pt www.google.lt www.google.lu www.google.lv www.google.si www.google.sk www.google-analytics.com tracking.traderepublic.com tr.outbrain.com images.ctfassets.net images.contentful.com assets.traderepublic.com boards.greenhouse.io www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com bat.bing.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src videos.contentful.com videos.ctfassets.net; child-src boards.greenhouse.io www.googletagmanager.com *.adform.net; base-uri 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://firestore.googleapis.com https://netlify-cdp-loader.netlify.app https://segment.com https://www.youtube.com https://use.typekit.net https://consent.trustarc.com https://cdn.jsdelivr.net https://apis.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://static.ads-twitter.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.hotjar.com https://426814.tctm.xyz https://*.force.com https://*.chilipiper.com https://*.facebook.net https://*.bing.com https://snap.licdn.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.site.com https://*.fullstory.com https://*.googleadservices.com https://redditstatic.com https://*.reddit.com https://*.outbrain.com https://*.redditstatic.com 1
frame-ancestors https://go.wepay.com/ 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://code.jquery.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com https://*.zendesk.com wss://*.smooch.io https://googleads.g.doubleclick.net https://*.google.com https://*.linkedin.com; font-src 'self' https://use.typekit.net https://*.hotjar.com; form-action 'self' https://www.onlydomains.com https://account.centralnicreseller.com; frame-ancestors 'none'; frame-src https://www.recaptcha.net https://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://t.co https://*.linkedin.com https://*.twitter.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.hsforms.com https://*.hubspot.com https://*.zendesk.com https://*.zdassets.com data:; object-src 'none'; script-src https://code.jquery.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com 'nonce-e7s7gB49KWwuhG2JuUSs3RN0Hbw=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.typekit.net https://*.hotjar.com https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self'; 1
frame-ancestors 'self' https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com 1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-MNRU8Jt3G59l4+r24A+nvQ==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1705983127255887-18218678072402053092-balancer-l7leveler-kubr-yp-vla-54-BAL-3585&yandexuid=1020530921705983127&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=&yandexuid=; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net ya.ru *.ya.ru; 1
frame-ancestors 'self' https://*.mastercontrol.com; object-src 'none'; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
frame-ancestors https://*.americafirst.com; 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=SjR36a873k3z%2BrSbuqpgV4DQMqUp%2FdPeZXhsCUT%2BYjfs0nuU7Rxx5uFfGCdTlvk0NgASI2lnjBdOyJhGjZTD6A%3D%3D; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.chemistryworld.com https://eme.abacusemedia.com; 1
default-src blob:; frame-src *.paypal.com blob:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.solocode.com *.anton.app projects-csqzcpu79ce2yva.netdna-ssl.com *.paypal.com wss: blob:; media-src data: * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com; frame-ancestors 'self' *.solocode.com ; style-src 'unsafe-inline'; img-src 'self' *.solocode.com *.anton.app *.facebook.com data: blob:; font-src data:; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self' *.ancestrydata.com genlookups.com *.genlookups.com *.legacy.com whostextingmykids.com *.usphonebook.com 1
object-src 'none'; frame-ancestors http://hdcs.nexicomgroup.net/ 'self'; 1
object-src 'self'; upgrade-insecure-requests; report-uri https://reporturi.confused.com/csp 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appdynamics.com https://*.cloudfront.net https://api.usabilla.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://nconnect.facebook.net https://www.youtube.com https://w.usabilla.com https://scripts.nwebsec.com https://www.google.com https://static.doubleclick.net https://api.wunderground.com https://pym.nprapps.org https://connect.facebook.net https://maps.googleapis.com https://*.iperceptions.com https://az452423.vo.msecnd.net https://ips-invite.iperceptions.com https://syndication.twitter.com https://s.ytimg.com https://iperceptions01.azureedge.net https://dnn506yrbagrg.cloudfront.net https://www.gstatic.com https://bat.bing.com https://static.cmptch.com https://s.adroll.com https://d.adroll.com https://media.zoomprospector.com https://*.appdynamics.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css blob: https://*.aspnetcdn.com https://optimize.google.com https://se-engage-components-dev.herokuapp.com https://se-engage-components-uat.herokuapp.com https://se-engage-manifastener-dev.herokuapp.com https://se-engage-manifastener-uat.herokuapp.com https://se-engage-manifastener-prod.herokuapp.com https://engage-components.stg.rotw.uplight.io https://engage-components.uat.rotw.uplight.io https://engage-components.prd.rotw.uplight.io https://engage-api.simpleenergy.io https://*.zoomprospector.com https://*.licdn.com https://*.adsrvr.org https://*.sizeup.com https://*.dynamics.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://rec.smartlook.com https://*.fullstory.com https://*.koopid.io https://*.ensighten.com https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://rs.fullstory.com https://edge.fullstory.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://*.powerclerk.com https://cse.google.com https://clients1.google.com/complete/search https://static.ads-twitter.com https://127.0.0.1/lastNetworkActivity https://kendo.cdn.telerik.com https://*.yimg.com https://*.acuityplatform.com https://*.nextdoor.com https://*.pingdom.com https://*.pingdom.net https://*.adnxs.com/ https://*.verse.com/;object-src 'self' https://www.applianceserviceplan.com;style-src 'self' 'unsafe-inline' https://www.youtube.com https://www.fonts.googleapis.com https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://*.koopid.io https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.powerclerk.com https://www.google.com/cse/ https://kendo.cdn.telerik.com https://*.verse.com/;img-src 'self' https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://www.facebook.com https://*.cloudfront.net https://bat.bing.com https://gtrk.s3.amazonaws.com https://i.vimeocdn.com https://ips-img.iperceptions.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://stats.g.doubleclick.net https://w.usabilla.com https://www.googletagmanager.com https://www.google.ca https://www.google.co.in https://optimize.google.com https: data: https://*.crazyegg.com https://rs.fullstory.com https://*.powerclerk.com blob:;media-src 'self' https:;frame-src https://*.iperceptions.com https://connect.facebook.net https://ipn2.paymentus.com https://na-sj06.marketo.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://tagmanager.google.com https://optimize.google.com https: https://*.crazyegg.com;font-src 'self' https://fonts.gstatic.com https://cdn.joinhoney.com https: data:;connect-src 'self' https://api.iperceptions.com https://col.eum-appdynamics.com https://stats.g.doubleclick.net https://www.google-analytics.com https: https://*.crazyegg.com https://edge.fullstory.com https://rs.fullstory.com https://*.powerclerk.com;child-src 'self' https://www.googletagmanager.com https://ipn2.paymentus.com https://connect.facebook.net https://www.google.com https://*.iperceptions.com https://tagmanager.google.com https://www.youtube.com https: blob: https://*.crazyegg.com;frame-ancestors 'self' https:;worker-src https: data: blob: https://*.crazyegg.com;report-uri /webapi/reporting/csp 1
frame-ancestors 'self' https://scstatehouse.sharepoint.com https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov; connect-src 'self' https://*.scstatehouse.gov https://*.scsenate.gov https://*.schouse.gov https://lsa.freshservice.com https://*.microsoft.com https://*.microsoftonline.com https://video.scstatehouse.gov https://media1.scstatehouse.gov https://media2.scstatehouse.gov https://media3.scstatehouse.gov https://lsa-socket01.eastus.cloudapp.azure.com wss://lsa-socket01.eastus.cloudapp.azure.com https://cdn3.wowza.com https://www.google-analytics.com 1
connect-src 'self' https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net https://*.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/  https://www.swedbank.se https://swedbank.se https://enklafondhjalpen.swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://swedbank.dfs.investis.com https://agent-ha.nina-nuance.com https://report.swedbank.glassboxdigital.io http://storybook-sb-9031-acorn-ui.apps.scp-west-zone02-z01.swedbank.net https://maps.googleapis.com/ 1
upgrade-insecure-requests ; frame-ancestors 'self' https://stcloudstate.ims.mnscu.edu; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com youtube.com https://www.pinterest.com https://www.pinterest.co.uk https://ln-rules.rewardstyle.com https://*.powerreviews.com blob: https://homebase.hulla-cdn.com https://*.mopinion.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://api.postcodes.io https://ct.pinterest.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.mediarithmics.com https://*.powerreviews.com https://*.cloudinary.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://storyboard.storystream.ai https://content.storystream.ai https://*.hulla-cdn.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://horizon-api.www.homebase.co.uk https://*.mopinion.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://*.mopinion.com; form-action 'self' https://www.facebook.com https://www.homebase.co.uk https://checkout.homebase.co.uk https://connect.facebook.net https://tr.snapchat.com https://survey.g.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://www.google.com https://*.google.co.uk https://s.pinimg.com https://assets.sitescdn.net https://apps.storystream.ai http://platform.twitter.com https://ln-rules.rewardstyle.com https://ucarecdn.com/ https://*.mediarithmics.com https://*.powerreviews.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://mpsnare.iesnare.com https://*.contentsquare.net https://app.contentsquare.com https://homebase.hulla-cdn.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.mopinion.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://d7c4jjeuqag9w.cloudfront.net https://*.powerreviews.com https://homebase.hulla-cdn.com https://*.mopinion.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ueHhMMG/+G/aTwqUv2Hu/grU834zFFMgTXqQ+1uBKjx/05iL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: blob: *.youtube.com *.facebook.com *.twitter.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.youtube.com *.facebook.com *.twitter.com *.google.com *.googleapis.com *.cloudflare.com; script-src 'self' 'unsafe-inline' *.cloudflare.com *.youtube.com *.facebook.com *.twitter.com *.googleapis.com *.google.com *.mygov.in *.fontawesome.com; img-src 'self' 'unsafe-inline' *.mygov.in;  1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://uxplanet.org https://*.uxplanet.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
base-uri 'self'; object-src 'none'; default-src 'self' *.onetrust.com blob: *.svb.com *.zscloud.net cookielaw.org; frame-ancestors 'self' *.seismic.com *.blueconic.net *.svb.com; frame-src 'self' *.podbean.com *.wistia.net *.mktoweb.com *.onetrust.com *.company-target.com *.doubleclick.net *.google.com *.svb.com *.optimizely.com *.wistia.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com; connect-src 'self' wss: *.aptrinsic.com *.linkedin.com *.msecnd.net *.bostonprivate.com *.voxsnap.com *.googlesyndication.com *.svb.com *.visualstudio.com *.googletagmanager.com *.kampyle.com *.demandbase.com *.company-target.com *.mktoresp.com *.mktorest.com *.oribi.io *.doubleclick.net *.google.com *.crazyegg.com *.onetrust.com *.cookielaw.org *.optimizely.com *.google-analytics.com *.googleapis.com *.wistia.net *.wistia.com *.blueconic.net; img-src 'self' *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.yahoo.net *.idio.co *.pubmatic.com *.yahoo.com *.voxsnap.com *.adsrvr.org *.svb.com data: cdn.optimizely.com *.googletagmanager.com *.company-target.com *.twitter.com t.co *.kampyle.com *.bing.com *.episerver.net *.rlcdn.com *.linkedin.com *.cookielaw.org *.google.com *.adnxs.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.wistia.net *.wistia.com; font-src 'self' data: *.onetrust.com *.cloudfront.net *.bootstrapcdn.com *.voxsnap.com *.svb.com *.gstatic.com *.wistia.net *.wistia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.onetrust.com *.aptrinsic.com *.azure.com *.bootstrapcdn.com *.jquery.com *.onlineaccess1.com *.mktoweb.com *.voxsnap.com *.voxsnap.com *.bing.com *.demandbase.com *.adnxs.com *.ads-twitter.com *.marketo.net blob: *.doubleclick.net *.licdn.com *.crazyegg.com *.wistia.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.blueconic.net *.cookielaw.org *.msecnd.net *.episerver.net *.optimizely.com *.kampyle.com dixonandmoe.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.wistia.net *.zencdn.net *.svb.com; style-src 'self' 'unsafe-inline' *.onetrust.com *.aptrinsic.com *.googletagmanager.com *.bootstrapcdn.com *.mktoweb.com *.voxsnap.com *.zencdn.net *.googleapis.com *.svb.com; media-src 'self' blob: *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.svb.com *.voxsnap.com *.wedia-group.com *.wistia.net *.wistia.com; form-action 'self' *.bostonprivate.com *.svb.com; report-uri /cspreport; report-to csp-endpoint; upgrade-insecure-requests; 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.agriculture.com 1
upgrade-insecure-requests;  frame-ancestors 'self' wildix.com *.wildix.com *.wildixin.com ; 1
default-src 'self';script-src 'nonce-512f22f8-8a11-440d-8a6e-2eb519ded587' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-512f22f8-8a11-440d-8a6e-2eb519ded587' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
frame-ancestors 'self' *.cvonline.lt cvonline.lt; default-src 'unsafe-inline' 'self' teltonika-energy.com *.googletagmanager.com *.googleapis.com *.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' *.recaptcha.net *.taboola.com *.googlesyndication.com *.googleadservices.com *.googleapis.com  *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hs-analytics.net *.chatbot.com *.licdn.com *.facebook.net *.hs-scripts.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' blob: test-teltonika-web-files.s3.eu-central-1.amazonaws.com teltonika-energy.com *.ytimg.com *.facebook.net teltonika-iot-group.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.teltonika.lt *.linkedin.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.hsforms.com *.hubspot.com *.youtube.com *.gstatic.com *.googleapis.com data:; connect-src 'self' blob: test-teltonika-web-files.s3.eu-central-1.amazonaws.com *.linkedin.com *.taboola.com *.hscollectedforms.net cdn.linkedin.oribi.io  *.teltonika-networks.com  *.gstatic.com  *.facebook.com *.google.com *.googleapis.com *.hubspot.com *.hubapi.com *.teltonika.lt *.chatbot.com sentry.io *.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net data:; font-src 'self' *.gstatic.com data:; frame-src 'self' *.recaptcha.net youtu.be *.youtu.be *.facebook.com *.chatbot.com *.youtube.com *.google.com; child-src blob: 1
child-src 'self' forms.office.com *.reciteme.com *.typeform.com syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net vars.hotjar.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com *.moatads.com *.addthisedge.com *.npl.co.uk *.e-npl.co.uk *.scribd.com *.issuu.com *.google.com *.amrislive.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net npldigital.atlassian.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.reciteme.com  *.typeform.com  syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net static.hotjar.com script.hotjar.com www.gstatic.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://platform.twitter.com https://twitter.com https://cdn.syndication.twimg.com *.moatads.com *.addthisedge.com  script.crazyegg.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.google.com *.webspellchecker.net npldigital.atlassian.net; 1
default-src https: 'unsafe-inline' ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com; font-src https: 'unsafe-inline' data: ;connect-src 'self' https: wss: ;base-uri 'self' https: ;form-action 'self' https://wttc.activehosted.com/proc.php; img-src * data: ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.zavvi.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.pndsn.com wss://*.liveperson.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.zavvi.com https://123vod-adaptive.akamaized.net https://456vod-adaptive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.ads-twitter.com https://analytics.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://cdn.pubnub.com https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; report-uri /report-csp-violation 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * 'self' data: 1
default-src 'self' * data: blob: https: *.vpnmentor.com vpnmentor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.website-files.com *.cloudfront.net *.iubenda.com chimpstatic.com *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.googleapis.com *.alooma.com  *.doubleclick.net *.g.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hhtpp.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: vpnmentor.com *.vpnmentor.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blog: *.ampproject.org *.googletagmanager.com *.googleapis.com *.website-files.com *.gstatic.com; 1
default-src 'self'; script-src 'nonce-1CCB5A58C41DA6E101A0AE7E7BABFB9A' 'sha256-HnqcJKdXH/Sl216fo05VaniEJ1icgxbI07COWTMEo18=' 'self' https://acsbapp.com/ http://tools.euroland.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d3e54v103j8qbb.cloudfront.net/ https://tools.euroland.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.gstatic.com/ https://cc.cdn.civiccomputing.com/ https://player.vimeo.com https://www.googletagmanager.com/ https://www.google.com/; font-src 'self' data: https://acsbapp.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; connect-src 'self' *.google-analytics.com *.webflow.com *.acsbapp.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://clapi.civiccomputing.com/ https://pagead2.googlesyndication.com/ https://apikeys.civiccomputing.com/ https://www.google-analytics.com/  https://www.googletagmanager.com/ https://www.google.com/ https://our.umbraco.com/ *.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.embedly.com/ https://gamma.euroland.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://tools.eurolandir.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://entaingroup.com/ https://www.googletagmanager.com/ https://web1.acsbapp.com/ https://acsbapp.com/ https://uploads-ssl.webflow.com/ https://i.vimeocdn.com/ https://dashboard.umbraco.com/ https://our.umbraco.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.bing.com/ https://www.github.com/ https://github.com/; object-src 'none'; base-uri 'self'; media-src 'self' https://web1.acsbapp.com/; worker-src blob: 'self'; 1
default-src 'none';        media-src *.servsafe.com;     script-src 'self' *.servsafe.com 'unsafe-eval' 'unsafe-inline' munchkin.marketo.net apps.usw2.pure.cloud *.clarity.ms connect.facebook.net www.googleadservices.com ajax.googleapis.com *.google-analytics.com www.googletagmanager.com www.livehelpnow.net lptag.liveperson.net *.tableau.com *.tableausoftware.com *.doubleclick.net *.bing.com a.clarity.ms player.vimeo.com www.youtube.com  *.restaurant.org *.cloudfront.net apps.mypurecloud.com apps.usw2.pure.cloud cobrowse.usw2.pure.cloud bat.bing.com;     style-src 'self' 'unsafe-inline' *.googleapis.com *.restaurant.org apps.mypurecloud.com *.cloudfront.net;     font-src 'self' fonts.gstatic.com *.servsafe.com apps.mypurecloud.com *.cloudfront.net;     img-src 'self' data: *.servsafe.com *.google-analytics.com www.livehelpnow.net apps.mypurecloud.com *.bing.com *.doubleclick.net *.google.com *.facebook.com;     connect-src 'self' *.servsafe.com *.servsafe.com *.google-analytics.com *.mktoresp.com analytics.google.com *.doubleclick.net rum-ingest.us1.signalfx.com api.usw2.pure.cloud wss://streaming.usw2.pure.cloud wss://cobrowse.usw2.pure.cloud api-cdn.usw2.pure.cloud ws://webmessaging.usw2.pure.cloud *.googlesyndication.com;     frame-ancestors 'self' *.discoverlink.com;     child-src 'self' *.servsafe.com *.restaurant.org;        frame-src 'self' *.servsafe.com *.doubleclick.net *.googletagmanager.com www.facebook.com player.vimeo.com  www.youtube.com *.restaurant.org *.cloudfront.net apps.usw2.pure.cloud *.bing.com 1
default-src 'self' *.travelguard.com *.travelguard.com.seg.js *.aig.com *.tokenex.com assets.adobedtm.com *.adsrvr.org rtb.adgrx.com *.google.com *.yahoo.com action.dstillery.com bat.bing.com *.rfihub.net *.rfihub.com cdn.gbqofs.com *.doubleclick.net consentag.eu d.turn.com i.ctnsnet.com idsync.rlcdn.com *.dialogtech.com tag.yieldoptimizer.com *.googletagmanager.com x.bidswitch.net *.bootstrapcdn.com *.gbqofs.io *.adnxs.com *.sojern.com *.amazon-adsystem.com *.ytimg.com *.demdex.net *.cloudfront.net *.sessioncam.com aigcom.tt.omtrdc.net *.powerreviews.com connect.facebook.net www.facebook.com action.media6degrees.com *.emjcd.com tag.adaraanalytics.com beacon.krxd.net *.stackadapt.com www.youtube.com solutions.invocacdn.com pnapi.invoca.net p.relay-t.io secure-relay.com secure-hotel-tracker.com *.adform.net 'unsafe-inline' 'unsafe-eval' blob: data: 1
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com https://www.transatagentdirect.com 1
frame-ancestors 'self' https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it  buy.shop.windtre.it ; 1
frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-uAAiulCCfgvTvBLgszlq6Q=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; form-action 'self'; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.punchout2go.com/ https://*.gep.com/ https://*.ariba.com/ https://*.hubwoo.com/ https://*.sciquest.com/ https://*.tradecentric.com/ 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-SMyFvAwuYo16g3RZPZf1Zw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
connect-src 'self' https://cdn.userway.org https://api.userway.org https://cdn.acsb.com https://cdn.acsbapp.com https://app.quotemedia.com https://mercury.service-now.com https://services-api.wyng.com https://experiences.wyng.com https://api.wyng.com https://content-api.wyng.com https://www.wyng.com https://www.google-analytics.com https://*.akstat.io https://*.go-mpulse.net https://*.clarity.ms https://*.pendo.io https://*.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com www.googletagmanager.com www.google-analytics.com wss://*.salemove.com wss://*.twilio.com https://*.twilio.com https://*.salemove.com https://*.everesttech.net https://assets.adobedtm.com https://*.omtrdc.net https://*.demdex.net https://*.powerreviews.com https://*.decibelinsight.net wss://*.decibelinsight.net *.mercuryinsurance.com https://service.maxymiser.net https://bs.serving-sys.com https://tags.bkrtx.com https://developers.google.com https://*.gomoxie.solutions https://maps.googleapis.com; frame-ancestors 'self' https://*.mercuryinsurance.com  https://*.mercuryfirst.com https://*.akstat.io https://*.go-mpulse.net https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src https:; script-src https: *.icomera.com icomera.com *.wpengine.com wpengine.com *.google-analytics.com *.googleapis.com *.chimpstatic.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src 'self' data: *.icomera.com icomera.com *.wpengine.com wpengine.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.ggpht; img-src 'self' data: *.vimeocdn.com *.icomera.com icomera.com *.wpengine.com wpengine.com *.w.org *.google-analytics.com *.mailchimp.com *.gstatic.com *.googleapis.com *.ggpht secure.gravatar.com stats.g.doubleclick.net; connect-src 'self' data: *.yoast.com yoast.com *.wpengine.com *.vimeo.com vimeo.com *.google-analytics.com *.doubleclick.net *.googleapis.com; frame-src 'self' data: *.vimeo.com *.google.com e.issuu.com *.googleapis.com; 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sreality.cz admin.sreality.cz *.sreality.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz ; script-src-elem blob: 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz 1
default-src 'self' data: *.smart-company-365.com *.vwo.com *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.vidyard.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.smart-company-365.com *.visualwebsiteoptimizer.com app.vwo.com *.go-mpulse.net *.optimizely.com *.bing.com *.msn.com *.sharethis.com *.civiccomputing.com *.boltdns.net *.zencdn.net *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.vidyard.com *.adnxs.com *.cloudfront.net *.cookielaw.org *.onetrust.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.pantone.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; object-src *; style-src 'self' data: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.onetrust.com *.sharethis.com *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.vidyard.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; img-src * 'self' data: https:; media-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.google.com *.google.de *.boltdns.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.vidyard.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net;frame-ancestors 'self' *.xrite.com; frame-src *; font-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.gstatic.com *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.vidyard.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; connect-src *; worker-src 'self' blob:; child-src * blob: ; 1
Content-Security-Policy: frame-ancestors 'self' 2captcha.cn cn.2captcha.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.cloud; img-src 'self' https: data: blob: https://mastodon.cloud; style-src 'self' https://mastodon.cloud 'nonce-ZfN0lThXu+wb8hOwnjmw9Q=='; media-src 'self' https: data: https://mastodon.cloud; frame-src 'self' https:; manifest-src 'self' https://mastodon.cloud; form-action 'self'; connect-src 'self' data: blob: https://mastodon.cloud https://media.mastodon.cloud wss://mastodon.cloud; script-src 'self' https://mastodon.cloud 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodon.cloud; worker-src 'self' blob: https://mastodon.cloud 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn *.gstatic.com *.googleapis.com; connect-src 'self' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com data: *.google-analytics.com *.perfdrive.com *.analytics.google.com *.doubleclick.net *.googleapis.com *.shopping.com *.ebayimg.com wss://127.0.0.1:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn blob: data: *.google-analytics.com *.googletagmanager.com *.fidoapi.com *.translate.google.com *.akamaihd.net; upgrade-insecure-requests; frame-ancestors 'none' ; img-src 'self' https://* data:; default-src 'self' blob: data: wss: mediastream: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebayimg.com *.shopping.com *.gstatic.com https://github.com/google *.fontawesome.com *.bootstrapcdn.com *.doubleclick.net *.cloudflare.com;  report-uri https://monitor.ebay.com/csp-report/sdcui/DefaultPage?id=376973399910924398&rid=t6paerj1%3F%3D9whhpaerj1%3F*h%3C2ph(rbpv67%3A1-18d348e9eee-0x2907#pd 1
default-src * https:;                                         script-src 'self' https:                                         google-analytics.bi.owox.com                                         www.googleadservices.com                                         www.artfut.com                                         *.facebook.com                                         *.facebook.net                                         *.getblue.io                                         esputnik.com                                         www.google-analytics.com                                         *.ringostat.net                                         creativecdn.com                                         *.hotjar.com                                         analytics.tiktok.com                                         *.chatbullet.com                                         *.g.doubleclick.net                                         pagead2.googlesyndication.com                                         *.privatbank.ua                                         *.google.com                                         *.tiktok.com                                         *.ringostat.com                                         *.samsung.ua                                         *.vtail.live                                          www.youtube.com                                         *.criteo.net                                         www.googletagmanager.com                                         *.moyo.ua                                         *.zencdn.net                                         rabota.ua                                         *.rabota.ua                                         *.googleapis.com                                         *.jquery.com                                         *.liqpay.ua                                         *.cloudflare.com                                         1221526370.rsc.cdn77.org                                          *.jivosite.com                                         *.googleusercontent.com                                         'unsafe-inline'                                         'unsafe-eval';                                         style-src * 'unsafe-inline';                                         img-src * data:;                                         font-src * data:;                                         report-uri /frontendApi/cspReport/; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
object-src 'none';block-all-mixed-content;upgrade-insecure-requests 1
default-src self http: https:; base-uri 'none'; img-src * data: blob: http: https:; object-src http: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http: https:; connect-src 'self' http: https: 'unsafe-inline'; media-src * data: blob: http: https:; 1
default-src https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; font-src *; worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.sayweee.net/ 1
"default-src 'self';" 1
frame-ancestors 'self' http://*.societanaturalistinapoli.it; 1
default-src 'self' 'unsafe-inline' blob: https://avanza.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://push.avanza.se https://smetrics.avanza.se; connect-src 'self' wss://*.avanza.se https://push.avanza.se https://smetrics.avanza.se https://sentry.avanza.se; worker-src blob:; img-src 'self' blob: data: https://avanza.se https://smetrics.avanza.se https://track.adrecord.com https://cdn.quartr.com; font-src 'self' data:; media-src 'self' data: https://files.quartr.com; frame-src 'self' bankid:; object-src 'none'; report-uri https://sentry.avanza.se/api/5/security/?sentry_key=091020b22086092bff20bae1dfa98c14&sentry_environment=prod 1
base-uri 'self'; child-src 'self' https://*.missiveapp.com https://*.twitter.com https://*.producthunt.com https://*.soundcloud.com https://*.youtube.com https://*.youtube-nocookie.com; connect-src 'self' https://*.missiveapp.com https://*.rollbar.com https://*.twitter.com https://*.swiftypecdn.com https://*.swiftype.com https://*.google-analytics.com https://zapier.com https://*.zapier.com; default-src 'none'; font-src 'self' https://ddux7jl4k2xkx.cloudfront.net; form-action 'self' https://*.twitter.com https://missive.createsend.com; frame-ancestors 'self' https://mail.missiveapp.com; img-src 'self' https: data:; media-src 'self' https://ddux7jl4k2xkx.cloudfront.net; manifest-src 'self'; object-src 'none'; script-src 'self' https://ddux7jl4k2xkx.cloudfront.net https://*.missiveapp.com https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://*.google-analytics.com https://missive.createsend.com https://*.twitter.com https://*.twimg.com https://*.swiftypecdn.com https://*.swiftype.com https://zapier.com https://*.zapier.com 'nonce-7738c55e38b2dc7e2850ed55ffa45964' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: 1
default-src 'self' *.hubspotusercontent40.net *.netdna-ssl.com *.marketo.com *.cloudfront.net *.zoominfo.com; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' *.demandbase.com *.influitive.com *.b-cdn.net *.clearbitjs.com *.hscta.net *.usemessages.com *.clickagy.com *.hubspot.com *.google.com *.googleoptimize.com *.hsforms.net *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hscollectedforms.net *.hs-scripts.com *.6sc.co *.dreamdata.cloud *.capterra.com  *.sf-syn.com *.googleadservices.com *.netdna-ssl.com *.vidyard.com cdn.jsdelivr.net www.googletagmanager.com secure.gift2pair.com *.olark.com polyfill.io www.google-analytics.com *.marketo.com scout-cdn.salesloft.com tracking.g2crowd.com v2.listenloop.com grow.clearbit.com s.adroll.com *.intercom.io *.hotjar.com static.ads-twitter.com snap.licdn.com connect.facebook.net *.cloudfront.net munchkin.marketo.net js.intercomcdn.com *.adroll.com *.twitter.com *.zoominfo.com ssl.chatanexpert.com *.trustradius.com *.chilipiper.com *.addevent.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cdnfonts.com *.influitive.com *.cloudfront.net *.b-cdn.net  *.google.com *.netdna-ssl.com use.fontawesome.com cdn.jsdelivr.net *.olark.com *.marketo.com fonts.googleapis.com *.trustradius.com; font-src data: 'self' *.cdnfonts.com *.influitive.com *.b-cdn.net *.intercomcdn.com fonts.gstatic.com *.netdna-ssl.com use.fontawesome.com *.olark.com *.cloudfront.net; img-src data: 'self' 'unsafe-inline'  *.influitive.com *.b-cdn.net *.hs-embed-reporting.com *.sitescout.com *.hubspotusercontent-na1.net *.demdex.net *.agkn.com *.clickagy.com *.crwdcntrl.net *.rlcdn.com *.hsappstatic.net *.elegantthemes.com *.gstatic.com *.hsforms.com *.hubspot.com *.twitter.com *.6sc.co *.googleadservices.com *.doubleclick.net *.capterra.com *.linkedin.com *.marketo.com *.intercomcdn.com *.intercomassets.com *.postbeyond.com *.google.ca *.google.com *.g2crowd.com *.googletagmanager.com *.netdna-ssl.com secure.gravatar.com *.vidyard.com grow.clearbitjs.com px.ads.linkedin.com t.co www.facebook.com *.olark.com *.adroll.com segment.prod.bidr.io px4.ads.linkedin.com dsum-sec.casalemedia.com pixel.rubiconproject.com pixel.advertising.com simage2.pubmatic.com sync.outbrain.com ads.yahoo.com sync.taboola.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net p.adsymptotic.com ups.analytics.yahoo.com segments.company-target.com *.intercom.io px.surveywall-api.survata.com tags.rd.linksynergy.com *.spotify.com a.tribalfusion.com *.wpengine.com ps.w.org www.google-analytics.com dp-sync.dotomi.com *.google.com *.cloudfront.net *.trustradius.com *.chilipiper.com *.addevent.com; connect-src 'self' *.6sense.com *.googlesyndication.com *.google.com *.uc.r.appspot.com *.plyr.io *.vouchfor.com *.hscollectedforms.net *.facebook.com *.company-target.com *.influitive.com *.hubspotusercontent40.net *.hs-banner.com *.linkedin.oribi.io *.g2.com *.digitaloceanspaces.com *.clickagy.com *.elegantthemes.com *.hsforms.com *.s3.amazonaws.com *.hubspot.com *.hubapi.com *.adnxs.com *.6sc.co *.hotjar.io *.dreamdata.cloud *.netdna-ssl.com *.olark.com play.vidyard.com abm2.listenloop.com notify.bugsnag.com *.mktoresp.com *.hotjar.com *.intercom.io wss://nexus-websocket-a.intercom.io ws.zoominfo.com yoast.com *.wpengine.com www.google-analytics.com *.cloudfront.net stats.g.doubleclick.net *.salesloft.com *.trustradius.com *.chilipiper.com; prefetch-src 'self' *.jotform.com *.netdna-ssl.com play.vidyard.com; frame-src 'self' *.vouchfor.com *.company-target.com *.influitive.com *.jotform.com *.jotformeu.com *.hs-sites.com *.google.com *.doubleclick.net *.hsforms.com *.sf-syn.com *.g2.com *.spotify.com *.applytojob.com *.netdna-ssl.com *.hotjar.com www.facebook.com *.olark.com *.marketo.com *.vidyard.com *.trustradius.com *.hubspot.com *.hsappstatic.net *.chilipiper.com *.hubspotusercontent40.net *.static.hsappstatic.net; media-src blob: 'self' *.vouchfor.com *.cloudfront.net *.plyr.io *.influitive.com *.intercomcdn.com *.netdna-ssl.com *.olark.com *.jotform.com *.chilipiper.com *.hubspotusercontent40.net; 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com *.seznamakce.cz www.prozeny.cz admin.prozeny.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.prozeny.cz https://www.prozeny.cz 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data:; frame-src 'self' https://www.youtube.com/embed/qYp89jjpv4M; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https://*.usom.gov.tr;script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'  'unsafe-inline'  'unsafe-eval';  script-src https://*.optimizely.com https://optimizely.s3.amazonaws.com  https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api.ipify.org/                   https://www.banfield.com/ https://www.prod-sitecorebf-cd.cloud-effem.com/ https://unpkg.com  https://webchat.helpshift.com https://www.instagram.com https://embedsocial.com https://scontent.cdninstagram.com https://az416426.vo.msecnd.net https://*.vo.msecnd.net https://cdn.cookielaw.org https://use.typekit.net https://data.schemaapp.com https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com https://*.alpixtrack.com/ https://*.answerscloud.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com  blob: 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://api.ipify.org/        http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://connect.facebook.net https://connect.facebook.net http://www.google-analytics.com/ https://www.google-analytics.com/ http://*.googleapis.com https://*.googleapis.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://*.instagram.com;  connect-src https://logx.optimizely.com  https://*.optimizely.com https://logx.optimizely.com https://analytics.google.com/ https://graph.instagram.com https://*.visualstudio.com https://www.instagram.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://scontent.cdninstagram.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.prod-sitecorebf-cd.cloud-effem.com/ http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://www.google-analytics.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://ssl.google-analytics.com/;  frame-src https://a21358250631.cdn.optimizely.com  https://a21358250631.cdn-pci.optimizely.com  https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://youtu.be https://www.youtube.com/ https://embedsocial.com https://www.youtube-nocookie.com/ https://8303955.fls.doubleclick.net/ http://8303955.fls.doubleclick.net/ https://scontent.cdninstagram.com https://prd01.launch.banfield.com/ https://webchat.helpshift.com/ https://*.webchat.helpshift.com/ https://checkout.globalgatewaye4.firstdata.com/payment https://player.vimeo.com/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://launchpad.banfield.com/          'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.facebook.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://*.facebook.com;  img-src https://cdn.optimizely.com  https://*.cdninstagram.com https://www.facebook.com https://maps.google.com https://via.placeholder.com https://www.google.com/ads/ga-audiences https://alpixtrack.com/ https://8303955.fls.doubleclick.net/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com blob: http://*.iatspayments.com https://*.iatspayments.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://*.gstatic.com https://*.gstatic.com http://*.googleadservices.com https://*.googleadservices.com https://banscstore01.blob.core.windows.net https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://*.blob.core.windows.net/; media-src https://www.banfield.com/ https://player.vimeo.com/ 'self' 'unsafe-inline' 'unsafe-eval' https://vod-progressive.akamaized.net; style-src https://embedsocial.com https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com https://stackpath.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/font-awesome/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'self' http://*.iatspayments.com https://*.iatspayments.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net https://reactjs.org https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://cdn.jsdelivr.net; font-src https://stackpath.bootstrapcdn.com/font-awesome/ 'self' data: 'unsafe-inline' 'unsafe-eval' http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com; 1
img-src 'self' blob: *.listrakbi.com *.espssl.com *.powerreviews.com *.cloudinary.com *.google.com *.google.com.ar *.commercecloud.salesforce.com *.everesttech.net *.vineyardvines.com *.omtrdc.net *.getwair.com *.bing.com *.demdex.net *.findmine.com *.cloudfront.net ad.doubleclick.net connect.facebook.net logs-01.loggly.com lpcdn.lpsnmedia.net vineyardvinesproduction.112.2o7.net www.facebook.com data:;media-src 'self' blob: *.vimeo.com *.akamaized.net *.vineyardvines *.lpsnmedia.net;style-src 'self' 'unsafe-eval' 'unsafe-inline' *.listrakbi.com *.lpsnmedia.net *.powerreviews.com *.googleapis.com wsv3cdn.audioeye.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adobedtm.com *.audioeye.com *.bing.com *.braintree-api.com *.braintreegateway.com *.commercecloud.salesforce.com *.doubleclick.net *.forter.com *.getwair.com *.googleapis.com *.googletagmanager.com *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.paypal.com *.pingdom.net *.powerreviews.com *.qualtrics.com *.rewardstyle.com *.vimeo.com cdnjs.cloudflare.com connect.facebook.net d.impactradius-event.com edge.fullstory.com;connect-src 'self' *.audioeye.com *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.demdex.net *.forter.com *.getwair.com *.googlesyndication.com *.listrak.com *.listrakbi.com *.lpsnmedia.net wss://input.noibu.com *.omtrdc.net *.paypal.com *.pingdom.net *.powerreviews.com *.qualtrics.com *.salesforce.com api.cquotient.com bat.bing.com edge.fullstory.com rs.fullstory.com vimeo.com vineyard-vines.yvzx.net;frame-src 'self' *.commercecloud.salesforce.com *.demandware.net *.demdex.net *.doubleclick.net *.googletagmanager.com *.jrni.com *.liveperson.net *.lpsnmedia.net *.paypal.com *.vimeo.com *.vineyardvines.com wsv3cdn.audioeye.com;frame-ancestors 'self' *.commercecloud.salesforce.com *.demandware.net *.vineyardvines.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none' 1
default-src 'self' https://assets.onfido.com https://www.luno.com https://cdn.plaid.com https://lib.paymentjs.firstdata.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dev.sardine.ai https://*.sardine.ai https://*.visualwebsiteoptimizer.com https://*.vwo.com *.google-analytics.com *.analytics.google.com https://www.google.com https://optimize.google.com connect.facebook.net https://apis.google.com https://d2wy8f7a9ursnm.cloudfront.net https://www.gstatic.com https://d32exi8v9av3ux.cloudfront.net https://cdn.livechatinc.com/tracking.js https://*.livechatinc.com https://cdn.kustomerapp.com https://js.gleam.io https://*.checkout.com https://*.stripe.com https://www.youtube.com https://s.ytimg.com/ https://cdn.siftscience.com https://*.bannerflow.com https://*.bidswitch.net https://pay.google.com https://*.twitter.com https://cdn.syndication.twimg.com https://impactradius-event.com https://d.impactradius-event.com https://loggly.com https://luno.fl9beu.net https://www.woopra.com https://assets.onfido.com https://sentry.io https://app.intotheblock.com https://cdn.plaid.com https://lib.paymentjs.firstdata.com https://sp.analytics.yahoo.com https://stg-cdn.geocomply.com https://cdn.geocomply.com https://static.ada.support https://bugcrowd.com https://assets.bugcrowdusercontent.com https://*.worldpay.com https://*.cdn-apple.com https://js.paymentsos.com https://js.stripe.com https://assets.trustworks.io https://www.googletagmanager.com https://a.quora.com https://sjs.bizographics.com https://secure.adnxs.com https://tagmanager.google.com https://www.googleadservices.com https://*.ads.linkedin.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://platform.twitter.com https://*.adroll.com https://googleads.g.doubleclick.net https://*.mparticle.com https://api.lab.amplitude.com https://*.singular.net https://s.yimg.com https://*.teads.tv http://*.adroll.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://simage2.pubmatic.com https://sync.outbrain.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://connect.facebook.net https://*.doubleclick.net https://pippio.com https://x.bidswitch.net https://*.facebook.com https://*.google.com https://*.adroll.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://*.vwo.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.google.com https://d2wy8f7a9ursnm.cloudfront.net https://www.gstatic.com https://d32exi8v9av3ux.cloudfront.net https://optimize.google.com https://*.checkout.com https://*.stripe.com https://*.twitter.com https://*.twimg.com https://assets.onfido.com https://accounts.google.com https://tagmanager.google.com; img-src 'self' data: https://*.dev.sardine.ai https://*.sardine.ai https://fcmatch.youtube.com https://*.teads.tv https://*.luno.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://dsum-sec.casalemedia.com https://*.analytics.yahoo.com https://fcmatch.google.com https://*.livechatinc.com *.google-analytics.com *.analytics.google.com https://www.google.com https://www.google.co.za https://www.google.co.uk https://chart.googleapis.com https://www.facebook.com https://d2wy8f7a9ursnm.cloudfront.net https://*.bugsnag.com https://d32exi8v9av3ux.cloudfront.net https://s3.amazonaws.com https://www.bitx.co https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://stats.g.doubleclick.net https://secure.adnxs.com https://ssl.gstatic.com/ https://www.gstatic.com https://optimize.google.com https://*.checkout.com https://*.stripe.com https://hexagon-analytics.com https://*.freshdesk.com https://*.twitter.com https://*.twimg.com https://www.gravatar.com https://kustomer-prod1-attachments.s3.amazonaws.com https://*.kustomerapp.com https://*.kustomerhostedcontent.com https://logs-01.loggly.com blob: https://assets.onfido.com/ https://lipis.github.io/flag-icon-css/ https://ecommerce.zapper.com https://truelayer-provider-assets.s3.amazonaws.com https://lunohelpcentre.zendesk.com https://lunohelpcentresandbox.zendesk.com https://www.googletagmanager.com https://imp2.ads.linkedin.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://q.quora.com https://alb.reddit.com https://t.co https://*.adroll.com https://ads.yahoo.com https://x.bidswitch.net https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://ib.adnxs.com https://eb2.3lift.com https://jadserve.postrelease.com https://googleads.g.doubleclick.net https://rtb.gumgum.com https://*.rubiconproject.com https://bsw.digitru.st https://aws-fr.bidswitch.net https://pixel.advertising.com https://sync.outbrain.com https://simage2.pubmatic.com https://*.taboola.com https://match.adsrvr.org https://sync.mathtag.com https://pm.w55c.net https://usermatch.krxd.net https://p.adsymptotic.com https://sync-tm.everesttech.net https://loadm.exelator.com https://secure.insightexpressai.com https://rrc.rlcdn.com https://*.teads.tv https://connect.facebook.net https://*.doubleclick.net https://pippio.com https://*.facebook.com https://*.google.com https://*.adroll.mgr.consensu.org; connect-src 'self' https://ajax.luno.com https://www.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.bugsnag.com wss://www.luno.com wss://ws.luno.com *.google-analytics.com *.analytics.google.com https://analytics.google.com https://d32exi8v9av3ux.cloudfront.net http://maps.googleapis.com/ https://*.checkout.com https://*.stripe.com https://*.mparticle.com https://*.kustomerapp.com wss://ws-mt1.pusher.com https://sockjs-mt1.pusher.com https://s3.amazonaws.com/kustomer-prod1-attachments https://*.pubnub.com https://*.pubnub.net https://*.pubnub.io https://*.pndsn.com https://www.google-analytics.com https://luno.fl9beu.net blob: *.onfido.com wss://*.onfido.com https://www.woopra.com https://sentry.io wss://ecommerce.zapper.com https://ecommerce.zapper.com https://api.intotheblock.com https://api.lab.amplitude.com https://*.singular.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://s.yimg.com https://firebaselogging.googleapis.com https://firebaselogging-pa.googleapis.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://us4-stg-es.geocomply.net https://us4-es.geocomply.net https://us4-es.geocomply.com https://logger.geocomply.net https://*.teads.tv https://discover.luno.com https://emea.identityx-cloud.com:8099 https://luno-prod.identityx-cloud.com:8099 https://rollout.ada.support/ https://lunobot.ada.support/ https://demo-sandbox-luno.ada.support/ https://luno-zdm-sandbox-temp.ada.support/ https://static.ada.support/ https://accounts.google.com https://assets.trustworks.io https://api.trustworks.io; font-src data: https://*.visualwebsiteoptimizer.com https://*.vwo.com https://fonts.googleapis.com https://fonts.gstatic.com https://d32exi8v9av3ux.cloudfront.net https://*.checkout.com https://*.stripe.com https://*.kustomerapp.com; media-src blob: https://d2wy8f7a9ursnm.cloudfront.net https://*.checkout.com https://*.onfido.com https://*.stripe.com https://*.twitter.com https://*.twimg.com https://cdn.livechatinc.com https://*.kustomerapp.com https://*.kustomerhostedcontent.com; worker-src blob: https://www.luno.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.twitter.com https://d32exi8v9av3ux.cloudfront.net; object-src 'self' blob:; frame-src https://*.dev.sardine.ai/ https://*.sardine.ai/ https://*.visualwebsiteoptimizer.com https://*.vwo.com https://secure.livechatinc.com https://cdn.kustomerapp.com https://www.google.com https://accounts.google.com https://staticxx.facebook.com https://www.facebook.com https://www.youtube.com https://gleam.io/ https://optimize.google.com https://*.checkout.com https://*.stripe.com https://pay.google.com https://*.twitter.com https://d32exi8v9av3ux.cloudfront.net 'self' data: blob: https://cdn.plaid.com https://lib.paymentjs.firstdata.com https://lunobot.ada.support https://demo-sandbox-luno.ada.support/ https://luno-zdm-sandbox-temp.ada.support/ https://bugcrowd.com/ https://*.worldpay.com https://centinelapi.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://js.paymentsos.com https://www.googletagmanager.com https://tagmanager.google.com https://tbl.tradedoubler.com https://connect.facebook.net https://luno.go2cloud.org https://*.visualwebsiteoptimizer.com https://*.vwo.com 184.173.187.125 184.173.187.124 184.173.170.150 184.154.216.62 184.154.216.61 184.154.191.163 184.154.216.57 208.52.182.159 50.97.40.236 208.43.245.133 https://anchor.fm https://player.vimeo.com; 1
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.pagescdn.com *.yextpages.net *.ahni.com; 1
frame-ancestors 'self' https://builder.io 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-/8NJgLxjzUoS+V+awDi4ow=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' https://baby.ru https://www.baby.ru https://m.baby.ru; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://lifeinsurance.adityabirlacapital.com/ https://abconeprod.azureedge.net/ https://abcscprodslot.azureedge.net/ https://snap.licdn.com/ https://unpkg.com/ https://maxcdn.bootstrapcdn.com/ https://*.clarity.ms/ https://mc-7269550f-7fea-49f6-9700-1713-cd.azurewebsites.net/ https://*.azurewebsites.net/ https://wafs.mfilterit.net/ https://apis.mapmyindia.com/ https://https-lifeinsurance-adityabirlacapital-com.disqus.com/ https://in1.wzrkt.com/ http://www.googleadservices.com/ https://www.videocx.io/ https://mc-7269550f-7fea-49f6-9700-1713-cd2-s1.azurewebsites.net/ https://abcany.allincall.in/ https://d2r1yp2w7bby2u.cloudfront.net/ http://cdn.appdynamics.com/ https://cdn.appdynamics.com/ https://l.sharethis.com/ https://bid.g.doubleclick.net/  http://bom-col.eum-appdynamics.com/ https://bom-col.eum-appdynamics.com/ https://buttons-config.sharethis.com/ https://*.notifyvisitors.com/ https://script.mfilterit.net/ https://aiccobrowsing.insideabc.com/  http://cdn.notifyvisitors.com/ https://static1.litmusworld.com/ https://anywhereservice.adityabirlasunlifeinsurance.com/ https://bat.bing.com/ https://s.yimg.com/  https://t.sharethis.com/ https://w.soundcloud.com/ https://s3-eu-west-1.amazonaws.com/ http://ajax.googleapis.com/ https://code.jquery.com/ https://ajax.googleapis.com/ https://heatmaps.notifyvisitors.com/ https://staticpg.paytm.in/ https://securegw.paytm.in/ https://s3.amazonaws.com/ https://advisingapistg.adityabirlacapital.com/ https://cdnp.notifyvisitors.com/ https://www.notifyvisitors.com/ https://googleads.g.doubleclick.net/ https://dev6.notifyvisitors.com/ https://connect.facebook.net/ https://c3.avaamo.com/ https://count-server.sharethis.com/v2.0/get_counts https://buttons-config.sharethis.com/ https://abcscprod.azureedge.net https://www.adityabirlacapital.com https://cdn.notifyvisitors.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://platform-api.sharethis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://use.typekit.net/ https://cdn.ampproject.org https://dev6.notifyvisitors.com  https://bslivoicetest30-09.firebaseapp.com/ https://advisingapi.adityabirlacapital.com/ https://doco5kxdv8uwj.cloudfront.net/ https://c3.avaamo.com/ https://disha-mic-uat.firebaseapp.com/ https://chuknu.sokrati.com/ https://bslivoicetest30-09.firebaseapp.com/ https://voice.aiavaamo.com/ https://coreprogramm.disqus.com/ https://c.disquscdn.com/ https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io;   worker-src 'self' 'unsafe-inline' blob: https://cdn.ampproject.org  https://lifeinsurance.adityabirlacapital.com 1
frame-ancestors 'self' https://*.atrapalo.com; report-uri /csp/report; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com www.youtube.com s.ytimg.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.doubleclick.net flex.msn.com bat.bing.com dvrt.t101.com unpkg.com www.google.com www.gstatic.com https://ads.recon.com recon-static.t101cdn.net www.recon.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com recon-static.t101cdn.net www.recon.com;img-src 'self' data: blob: www.google-analytics.com dvrt.t101.com *.g.doubleclick.net www.googleadservices.com www.google.com www.google.co.uk www.google.com.au www.google.com.fr www.google.ie www.google.com.ie www.google.com.nl www.google.com.ca www.google.com.es www.google.com.de www.gstatic.com *.r.msn.com bat.bing.com *.r.bat.bing.com recon-images.t101cdn.net recon-static.t101cdn.net images.email.recon.com static.recon.t101cdn.net recon-media.t101content.net media.recon.t101cdn.net ssl.gstatic.com https://ads-static.recon.com https://ads.recon.com media.recon.t101api.com www.recon.com;media-src 'self' recon-static.t101cdn.net www.recon.com;frame-src www.youtube.com www.google.com;font-src 'self' fonts.gstatic.com sxt.cdn.skype.com recon-static.t101cdn.net www.recon.com;connect-src 'self' *.t101api.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com https://ads.recon.com *.analytics.google.com recon-static.t101cdn.net www.recon.com;frame-ancestors 'none';manifest-src 'self';report-uri https://t101.report-uri.com/r/d/csp/enforce 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.unpri.org; 1
default-src 'self';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.textexpander.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.googleadservices.com https://*.facebook.net https://*.pvd.to https://*.dwin1.com https://*.doubleclick.net https://*.google.at https://*.twitter.com https://*.iubenda.com https://*.vimeocdn.com https://*.hubspot.com https://*.clarity.ms https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.calendly.com https://*.usemessages.com https://*.recruitee.com https://d10zminp1cyta8.cloudfront.net https://cdnjs.cloudflare.com https://unpkg.com https://*.paddle.com https://*.helpscout.net https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.googleoptimize.com https://vimeo.com https://*.yoast.com https://*.vimeo.com https://*.google.com https://*.fontawesome.com https://*.hsappstatic.net https://ads.yahoo.com https://*.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com https://*.adsymptotic.com https://*.advertising.com https://*.rubiconproject.com https://simage2.pubmatic.com https://*.licdn.com https://*.outbrain.com https://*.taboola.com https://ups.analytics.yahoo.com https://*.bidswitch.net https://*.facebook.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.hsforms.com https://*.hsforms.net https://*.bing.com https://*.linkedin.com https://*.gstatic.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com;style-src https://*.textexpander.com https://sentry.io 'unsafe-inline' 'self' https://*.helpscout.net https://unpkg.com https://*.google.com https://*.fontawesome.com https://*.calendly.com https://*.googleapis.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://s3.amazonaws.com;font-src https://*.textexpander.com https://*.gstatic.com data: 'self' https://*.googletagmanager.com https://*.helpscout.net https://*.googleoptimize.com https://*.fontawesome.com https://textexpander.com;img-src https://*.textexpander.com https://*.wp.com https://d1lsub6zbh43gv.cloudfront.net https://*.gravatar.com https://*.analytics.google.com https://*.facebook.com https://*.zenaps.com https://*.awin1.com https://s3.amazonaws.com https://wppusher.com https://ps.w.org https://*.ytimg.com https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com 'self' https://*.google.at https://*.twitter.com data: https://*.gstatic.com https://*.doubleclick.net https://*.hubspot.com https://*.vimeocdn.com https://*.helpscout.net https://*.google-analytics.com https://*.clarity.ms https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://vimeo.com https://*.vimeo.com https://ads.yahoo.com https://*.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com https://*.adsymptotic.com https://*.advertising.com https://*.rubiconproject.com https://simage2.pubmatic.com https://*.licdn.com https://*.outbrain.com https://*.taboola.com https://ups.analytics.yahoo.com https://*.bidswitch.net https://*.clearbit.com https://*.hsforms.com https://*.bing.com https://*.calendly.com https://*.facebook.net https://*.linkedin.com https://*.googletagmanager.com https://textexpander.com https://*.google.com *.visualwebsiteoptimizer.com app.vwo.com wingify-assets.s3.amazonaws.com https://chart.googleapis.com;connect-src https://*.textexpander.com wss://visitors.live https://*.hubapi.com https://*.fontawesome.com wss://*.visitors.live https://*.googleapis.com https://*.linkedin.com https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://*.sumologic.com https://cdn.linkedin.oribi.io 'self' https://*.analytics.google.com https://*.hubspot.com https://*.iubenda.com https://*.pvd.to https://*.recruitee.com https://*.helpscout.net https://sentry.io https://*.facebook.com https://*.google-analytics.com https://*.clarity.ms https://*.yoast.com https://*.google.com https://*.adroll.com https://*.googlesyndication.com https://*.clearbit.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.bing.com https://*.doubleclick.net https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com;media-src https://*.textexpander.com https://*.youtu.be https://vod-progressive.akamaized.net 'self' https://*.vimeocdn.com https://*.helpscout.net https://download-video.akamaized.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://textexpander.com;object-src https://*.textexpander.com blob: 'self' https://*.helpscout.net https://textexpander.com;frame-src https://*.textexpander.com https://10fastfingers.com https://calendly.com https://*.wufoo.com 'self' https://*.twitter.com https://*.hubspot.com https://*.iubenda.com https://*.vimeocdn.com https://*.helpscout.net https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://vimeo.com https://*.vimeo.com https://*.google.com https://*.youtube-nocookie.com https://*.adroll.com https://*.hsforms.com https://*.youtube.com https://*.doubleclick.net https://*.facebook.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com;worker-src https://*.textexpander.com 'self' blob: https://textexpander.com; 1
: default-src 'self' ccc.edu *ccc.edu 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' *.ads.linkedin.com t.co chat.eurobank.gr *.env.chat.eurobank.gr sp.analytics.yahoo.com znovsqrc.micpn.com sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.tiktok.com *.facebook.com *.google.com *.google.gr *.google.nl *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net *.clarity.ms; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: *.tiktok.com *.taboola.com static.ads-twitter.com chat.eurobank.gr *.env.chat.eurobank.gr s.yimg.com *.clarity.ms https://cdn-prod.wdesk.com/ixbrl-viewer/1.0.0/ixbrlviewer.js znovsqrc.micpn.com optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.tiktok.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' *.tiktok.com *.taboola.com cdn.linkedin.oribi.io maps.googleapis.com chat.eurobank.gr wss://chat.eurobank.gr *.env.chat.eurobank.gr wss://*.env.chat.eurobank.gr s.yimg.com *.clarity.ms recengine.margera.co *.onetrust.com wss://*.hotjar.com/api/v2/client/ws *.analytics.google.com www.google.gr optimize.google.com *.visualstudio.com *.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: *.youtube.com *.tiktok.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.tiktok.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes'; media-src 'self' *.ctfassets.net *.bigcommerce.com maps.gstatic.com www.google-analytics.com appboy-images.com braze-images.com cdn.braze.com cdn.braze.eu cdn.cookielaw.org www.google.com www.google.ca www.google.au www.google.nz pixel.pointmediatracker.com *.bing.com *.facebook.com cnv.event.prod.bidr.io googleads.g.doubleclick.net c.contentsquare.net cdn.blisspointmedia.com www.googletagmanager.com; img-src 'self' data: *.ctfassets.net *.bigcommerce.com maps.gstatic.com www.google-analytics.com appboy-images.com braze-images.com cdn.braze.com cdn.braze.eu cdn.cookielaw.org www.google.com www.google.ca www.google.au www.google.nz pixel.pointmediatracker.com *.bing.com *.facebook.com cnv.event.prod.bidr.io googleads.g.doubleclick.net c.contentsquare.net cdn.blisspointmedia.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.turnto.com *.launchdarkly.com *.stripe.com www.googletagmanager.com cdn.cookielaw.org maps.googleapis.com *.braze.com js.appboycdn.com static.cloudflareinsights.com pay.google.com *.bing.com googleads.g.doubleclick.net *.facebook.net *.facebook.com *.pepperjam.com *.taboola.com *.contentsquare.net *.amazon-adsystem.com www.google-analytics.com www.googleadservices.com pixel.pointmediatracker.com cnv.event.prod.bidr.io px.airpr.com *.tp88trk.com analytics.tiktok.com netlify-rum.netlify.app; style-src 'self' 'unsafe-inline' 'unsafe-hashes' use.fontawesome.com *.turnto.com; connect-src 'self' *.braze.com *.launchdarkly.com www.google-analytics.com *.stripe.com *.ingest.sentry.io cdn.cookielaw.org *.turnto.com maps.googleapis.com pay.google.com play.google.com *.ninetailed.co *.onetrust.com *.bing.com *.g.doubleclick.net *.facebook.net *.facebook.com *.pepperjam.com *.taboola.com *.contentsquare.net *.amazon-adsystem.com www.google-analytics.com www.google.com pixel.pointmediatracker.com cnv.event.prod.bidr.io px.airpr.com *.tp88trk.com analytics.tiktok.com pagead2.googlesyndication.com; font-src 'self' data: *.braze.com use.fontawesome.com; frame-src 'self' *.stripe.com www.googletagmanager.com *.chargebee.com *.ninetailed.io *.contentsquare.net *.amazon-adsystem.com photos.pixlee.co pay.google.com www.facebook.com tsdtocl.com t.pepperjamnetwork.com td.doubleclick.net; worker-src 'self' blob:; child-src 'self' blob: 1
default-src 'self' ws: *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.reactandshare.com;style-src 'self' 'unsafe-inline' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.reactandshare.com;img-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net *.twimg.com *.visitfinland.com vk.com;connect-src 'self' ws: *.addsearch.com *.magnolia-platform.com *.businessfinland.fi *.cookiebot.com *.doubleclick.net *.google-analytics.com *.mapbox.com *.met.no *.oribi.io *.tiktok.com;script-src 'self' blob: 'unsafe-eval';script-src-elem 'self' 'nonce-DoHtLDUM1Ggn3lWTUQ4qsg==' 'nonce-srTEuHCFje4TOiVmrYt9MA==' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.twitter.com *.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io *.reactandshare.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.vimeo.com;frame-src https://* *.youtube.com *.tr.snapchat.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://s.adroll.com https://d.adroll.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.glassgs.com https://mc.yandex.ru https://mc.yandex.com https://*.bgportable.com https://*.bitget.style; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com https://stats.g.doubleclick.net https://s.adroll.com https://d.adroll.com wss://*.bitget.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin wss://*.bitgetapp.com wss://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com wss://*.itbitget.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://mc.yandex.com https://mc.yandex.ru wss://*.bgportable.com wss://*.bitget.style https://*.bgportable.com https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443; frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.bitgetimg.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://*.glassgs.com https://www.bitgetwidget.com https://*.bgportable.com https://*.bitget.style https://mc.yandex.com https://mc.yandex.ru https://*.nihaopay.com https://onramp.money; frame-ancestors 'self' https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc; report-uri https://632817c861f1dae92c2ae121.endpoint.csper.io?v=32; 1
default-src 'self'; frame-src https://www.google.com https://forms.hsforms.com; script-src 'self' 'sha256-7Y4cJY0mqvPonOInOT8niwU3D9HLQNL8gZhKeOYFKvo=' https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsadspixel.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.heapanalytics.com/ https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com http://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8870246/3b963190-42f0-4c10-92de-945c798eddb5.json.gz https://forms.hsforms.com/emailcheck/v1/json-ext https://forms.hubspot.com https://api.hsforms.com https://api.hubapi.com https://www.clarity.ms https://script.google.com https://hooks.slack.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; img-src * 'self' data: https:; frame-ancestors 'self'; 1
base-uri 'none'; connect-src 'self' https://mamstream.riksdagen.se https://socket.riksdagen.se wss://socket.riksdagen.se https://data.riksdagen.se *.readspeaker.com *.riks.utv; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' *.riksdagen.se; frame-src 'self' https://www.youtube-nocookie.com data: https://www.riksdagen.se https://gruppbokning.riksdagen.se https://app-eu.readspeaker.com; img-src 'self' data: *.riksdagen.se *.ytimg.com; manifest-src 'self'; media-src 'self' data: blob: *.riksdagen.se *.readspeaker.com; report-uri https://csp.riksdagen.se; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.bancobpi.pt https://bancobpi.pt; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bancobpi.pt https://tags-eu.tiqcdn.com https://tags.tiqcdn.com https://bpi.containers.piwik.pro https://*.byside.com https://*.tealiumiq.com https://*.googleapis.com https://acsbapp.com; object-src 'none'; 1
default-src 'self' blob: data: https://static3.avast.com https://gstatic.mopinion.com https://lpcdn.lpsnmedia.net https://*.inbenta.io; connect-src 'self' https://safespaces.azurewebsites.net https://safespaces.azurewebsites.net/Home/IsAlive https://*.googleapis.com https://*.contentsquare.net https://adservice.google.com https://bat.bing.com https://*.mopinion.com https://fonts.googleapis.com https://tealium.hs.llnwd.net https://translate.googleapis.com https://www.google.com wss://lo.msg.liveperson.net https://*.clicktale.net https://*.akstat.io https://*.akamaihd.net https://*.doubleclick.net https://*.omtrdc.net https://*.go-mpulse.net https://*.demdex.net https://*.tsbtest.co.uk https://*.tsb.co.uk https://*.adobedc.net https://*.inbenta.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://script.hotjar.com https://static.hotjar.com/c/hotjar-3440672.js https://translate.google.com https://safespaces.azurewebsites.net/Assets/js/dist/widget.min.js https://safespaces.azurewebsites.net//Assets/js/dist/widget.min.js https://*.contentsquare.com https://*.contentsquare.net https://*.microsofttranslator.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://*.googlesyndication.com https://tags.tiqcdn.com https://*.tealiumiq.com https://platform.twitter.com https://*.kis.v2.scr.kaspersky-labs.com https://*.googleapis.com https://*.mopinion.com https://connect.facebook.net https://cdnssl.clicktale.net https://cdn1.adoberesources.net https://cdn.syndication.twimg.com https://c5.adalyser.com https://bat.bing.com https://*.tsbtest.co.uk https://*.tsb.co.uk https://*.lpsnmedia.net https://*.liveperson.net https://*.go-mpulse.net https://*.doubleclick.net https://*.akamaihd.net https://*.ads-twitter.com https://*.adoberesources.net https://*.inbenta.io; img-src 'self' data: https://safespaces.azurewebsites.net/ https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg https://prf.hn https://*.contentsquare.net https://*.googleapis.com https://*.tile.osm.org https://c5.adalyser.com https://cdn.optimizely.com https://connect.facebook.net https://cx.atdmt.com https://*.doubleclick.net https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://tealium.hs.llnwd.net https://ton.twimg.com https://translate.google.com https://www.facebook.com https://www.googletagmanager.com https://www.gstatic.com https://www.microsofttranslator.com https://*.tsb.co.uk https://*.adswizz.com https://*.thisisdax.com https://*.akstat.io https://maps.gstatic.com https://*.everesttech.net https://*.demdex.net https://googletagmanager.com https://*.clicktale.net https://*.lpsnmedia.net https://*.aviva.co.uk https://bat.bing.com https://www.google.com https://www.google.co.uk https://*.omtrdc.net https://*.inbenta.com; style-src 'unsafe-inline' 'self' https://www.gstatic.com https://safespaces.azurewebsites.net//Assets/css/bundle.min.css https://fonts.mopinion.com https://platform.twitter.com https://ton.twimg.com https://translate.googleapis.com https://*.inbenta.io; object-src 'self' https://tsbtest.co.uk https://www.tsb.co.uk https://*.doubleclick.net; child-src https: 'self' blob:; frame-src https://www.tsb.co.uk https://www.tsbtest.co.uk https://www.google.com https://tpc.googlesyndication.com https://syndication.twitter.com https://player.vimeo.com https://platform.twitter.com https://*.liveperson.net https://intermediary.tsb.co.uk https://*.inbenta.com https://*.lpsnmedia.net https://www.youtube.com https://*.doubleclick.net https://*.demdex.net https://live.brame-gamification.com; frame-ancestors 'self' https://*.tsbtest.co.uk https://*.tsb.co.uk; font-src 'self' https://sdk.inbenta.io https://cdn.inbenta.io https://www.tsb.co.uk https://safespaces.azurewebsites.net https://fonts.gstatic.com; report-uri https://csp.tsb.co.uk/cspreport/www.tsb.co.uk 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sportradar.com https://content.leia.norsk-tipping.no https://cdn.appdynamics.com https://script.hotjar.com https://static.hotjar.com https://stm.norsk-tipping.no https://*.clarity.ms https://www.googletagmanager.com https://*.reachmee.com https://norsktipping-static.api.scoutgg.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sportradar.com https://cdn.jsdelivr.net; connect-src 'self' https://*.norsk-tipping.no https://*.buypass.no https://*.sportradar.com https://api.uxsignals.com https://*.eum-appdynamics.com https://*.clarity.ms https://*.hotjar.io https://*.google-analytics.com https://fntsy.link https://unpkg.com https://api.mypurecloud.ie wss://webmessaging.mypurecloud.ie https://fileupload.mypurecloud.ie https://shyrka-prod-euw1.s3.eu-west-1.amazonaws.com wss://ws.hotjar.com https://norsktipping-game.api.scoutgg.net wss://fantasy-game.ws.scoutgg.net https://*.scoutgg.net; object-src 'none'; base-uri 'self' https://*.norsk-tipping.no; font-src 'self' https://*.norsk-tipping.no https://fonts.gstatic.com; frame-src *; frame-ancestors 'self' https://*.norsk-tipping.no; img-src 'self' data: blob: https://*.norsk-tipping.no https://cf-c-apps-nabolaget.nordeca.com https://static.everymatrix.com https://www.datocms-assets.com https://api.mypurecloud.ie https://fileupload.mypurecloud.ie https://shyrka-prod-euw1.s3.eu-west-1.amazonaws.com https://www.googletagmanager.com https://*.hotjar.io https://*.clarity.ms https://*.bing.com https://*.eum-appdynamics.com https://*.scoutgg.net; media-src 'self' https://*.norsk-tipping.no https://www.datocms-assets.com https://stream.mux.com; worker-src 'none'; manifest-src 'self' https://*.norsk-tipping.no 1
frame-ancestors 'self' https://mycpd.racgp.org.au 1
frame-ancestors 'self' https://*.sss.gov http://*.sss.gov *.crmforce.mil 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; media-src * blob: data:; worker-src * blob:; child-src 'self' https://app.uptrends.com https://app.uptrendsinfra.com https://secure.livechatinc.com https://uptrends.chilipiper.com/ https://itrs.chilipiper.com/; frame-ancestors 'self' https://app.uptrends.com https://app.uptrendsinfra.com; report-uri https://uptr1c0f8ed1b00f41c395691d75b.report-uri.com/r/d/csp/enforce 1
default-src https: wss: data: blob:; script-src data: 'self' blob: 'unsafe-inline' bogotateescucha.bogota.gov.co stackpath.bootstrapcdn.com sdki.truepush.com *.unpkg.com *.polyfill.io *.twitter.com cdn.ampproject.org cliente.avanti-it.co embed.ex.co e.infogram.com f.vimeocdn.com api.mapbox.com code.jquery.com *.googleadservices.com sc-static.net *.googletagmanager.com sb.scorecardresearch.com *.hotjar.com cdnjs.cloudflare.com cdn.rawgit.com s.ytimg.com *.google-analytics.com www.instagram.com/embed.js unpkg.com www.powr.io translate.googleapis.com cdn.jsdelivr.net *.playbuzz.com googleads.g.doubleclick.net public.tableau.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.syndication.twimg.com *.facebook.net platform.twitter.com maps.googleapis.com *.youtube.com *.google.com *.gstatic.com contacto195.comware.com.co *.addtoany.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' bogotateescucha.bogota.gov.co cdn.ampproject.org cliente.avanti-it.co use.fontawesome.com unpkg.com stackpath.bootstrapcdn.com yui.yahooapis.com tagmanager.google.com ton.twimg.com api.mapbox.com contacto195.comware.com.co maxcdn.bootstrapcdn.com translate.googleapis.com cdn.jsdelivr.net platform.twitter.com fonts.googleapis.com cdnjs.cloudflare.com static.addtoany.com; frame-src 'self' https:; font-src 'self' data: bogotateescucha.bogota.gov.co use.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.hotjar.com contacto195.comware.com.co fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self' platform.twitter.com etb.com www.facebook.com tr.snapchat.com syndication.twitter.com; object-src 'self' blob:; base-uri 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' satoful-report-data.s3-ap-northeast-1.amazonaws.com:* *.m3.com:* *.m3img.com:* *.uliza.jp *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.jp *.gstatic.com *.doubleclick.net *.twimg.com *.googleapis.com *.facebook.net t.co *.facebook.com *.ads-twitter.com *.adjust-net.jp *.mcube-stream.com player.vimeo.com *.typekit.net s.yimg.jp *.youtube.com *.googletagmanager.com *.nakanohito.jp d.line-scdn.net d.line-cdn.net tr.line.me cdn.jsdelivr.net *.sentry.io js.crossees.com t.felmat.net *.yahoo.co.jp *.bing.com *.clarity.ms *.amazon-adsystem.com *.appsflyer.com *.googlesyndication.com *.visualwebsiteoptimizer.com; img-src 'self' data: * 1
default-src 'self' spl.bacardi.com spl-prod.bacardistaging.com age-gate-prod.prod.bacardi.digital *.bacardilimited.com *.bacardi.com store.casabacardi.com www.aserecubano.com www.responsibledrinking.org www.toroverdepr.com congafeatyou.com contact.bacardi.com drinkbacardi.com instagram.com www.instagram.com d.agkn.com lifeisbeautiful.com open.spotify.com bacardi.speakeasy.shop *.hotjar.com *.adsrvr.org pinterest.com player.vimeo.com *.google.com *.hornblower.com *.adimo.co www.bonnaroo.com www.discoverpuertorico.com/info/travel-guidelines www.facebook.com www.googletagmanager.com asystem-library.s3.amazonaws.com www.laconcharesort.com www.marriott.com/hotels/travel/sjuac-ac-hotel-san-juan-condado/ www.nps.gov/saju/index.htm www.reservebar.com www.responsibility.org www.tripadvisor.com www.youtube.com 5337729.fls.doubleclick.net tr.snapchat.com app.roilti.com www.bacardisoundsofsummer.com.au prod-frontend.roilti.com bacardi-animated-model.eyekandy.com; connect-src 'self' cart-api.liquidcheckout.com utils.liquidcheckout.com api.liquidcheckout.com www.scgrocery.net us-central1-adaptive-growth.cloudfunctions.net *.jebbit.com cdn-ukwest.onetrust.com *.bacardi.digital spl.bacardi.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.hotjar.com vimeo.com *.teads.tv api.usersnap.com 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.onetrust.com *.evergage.com tr.snapchat.com www.google.com googleads.g.doubleclick.net; media-src 'self' d323g1xugy1rkz.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.liquidcheckout.com cart-api.liquidcheckout.com www.gstatic.com www.google.com *.jebbit.com www.scgrocery.net d1w9968ecxd3bi.cloudfront.net openfpcdn.io spl.bacardi.com *.bacardi.digital d3hnlaz0mzjpz0.cloudfront.net asystem-library.s3.amazonaws.com cdn.evgnet.com *.evergage.com www.googletagmanager.com *.google-analytics.com maps.googleapis.com *.google.com www.facebook.com connect.facebook.net www.youtube.com *.hornblower.com unpkg.com *.teads.tv *.snapchat.com player.vimeo.com cdn.pdst.fm cdn.adimo.co static.tacdn.com *.hotjar.com mpsnare.iesnare.com www.jscache.com cdn.jsdelivr.net www.tripadvisor.com cdn-ukwest.onetrust.com spl-prod.bacardistaging.com *.bacardi.digital cdn.usersnap.com api.usersnap.com d29mknc5251yuj.cloudfront.net js.adsrvr.org sc-static.net app.roilti.com privacyportal-uk-cdn.onetrust.com *.pinimg.com; style-src 'self' blob: 'unsafe-inline' *.bacardi.digital fonts.googleapis.com fast.fonts.net static.tacdn.com *.evergage.com cdn.jsdelivr.net privacyportal-uk-cdn.onetrust.com; img-src 'self' http://images.salsify.com images.salsify.com data: https://*; font-src 'self' data: https://*; frame-src 'self' intent: https://* 1
default-src 'self' api.luftdaten.info query.wikidata.org api.madavi.de foss.schule collabora.madavi.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org www.amcharts.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: insecure.madavi.de a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tiles.madavi.de a.tiles.madavi.de b.tiles.madavi.de c.tiles.madavi.de api.luftdaten.info; font-src 'self' data:; img-src ts.w.org 1
frame-ancestors 'self' https://*.rohde-schwarz.com https://*.rsint.net; 1
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com *.engagingnetworks.net 1
script-src 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *; 1
default-src 'self'; script-src 'self' https://static.cloudflareinsights.com; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://www.youtube.com https://cdn.matomo.cloud/skiff.matomo.cloud/matomo.js https://skiff.matomo.cloud/plugins/HeatmapSessionRecording/; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://hooks.slack.com/services/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 https://sdd9dua4.apicdn.sanity.io/ https://skiff.matomo.cloud https://skiff.zendesk.com https://static.cloudflareinsights.com https://marketing-site.skiff.com; font-src 'self' data:; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com; img-src 'self' https://cdn.sanity.io https://i.ytimg.com; manifest-src 'self'; media-src 'self'; report-uri https://cspreports.skiff.com; worker-src 'self' 1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' trader.ftmo.com trader.dev.ftmo.com trader.dev2.ftmo.com trader.dev3.ftmo.com trader.stage.ftmo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kaust.edu.sa *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://www.youtube.com/ https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://api.cdnjs.com api.flickr.com www.flickr.com *.fontawesome.com https://feed.informer.com https://www.myleads.website/form/submit https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://vimeo.com; style-src 'self' 'unsafe-inline' *.kaust.edu.sa *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net/ https://campus360.org/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com *.fontawesome.com https://fonts.bunny.net/; img-src 'self' https://kaust.edu.sa/ *.kaust.edu.sa *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.azureedge.net https://cdnjs.cloudflare.com live.staticflickr.com https://feed.informer.com https://cloud-1de12d.b-cdn.net/ https://i.ytimg.com https://campus360.org/; media-src 'self' 'script-src' data: blob:; frame-src 'self' *.kaust.edu.sa https://www.youtube.com/ https://player.vimeo.com/ https://vimeo.com https://www.google.com/ https://www.youtube-nocookie.com https://campus360.org/; child-src 'self' *.kaust.edu.sa https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdnjs.cloudflare.com *.google.com https://www.youtube-nocookie.com; connect-src 'self' *.kaust.edu.sa accounts.google.com https://www.youtube-nocookie.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://api.cdnjs.com https://cdnjs.cloudflare.com https://campus360.org/ https://www.myleads.website; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.readspeaker.com *.thuisarts.nl; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' data: *.thuisarts.nl *.readspeaker.com; media-src 'self' *.thuisarts.nl *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self' *.asterisque.nl *.cnsconnect.nl *.crsinternet.nl *.curasoft.nl *.dataleaf.eu *.eposzilos.nl *.extenzo.nu *.healthconnected.nl *.omnihis.nl *.oscarecd.nl *.portavita.eu *.portavita.nl *.promedico-asp.aw *.promedico-asp.nl *.topicus-hap.nl *.prescriptor.nl *.digitalis.nl *.clinicalrules.nl *.caresharing.eu *.vandenhoogenhoff.com *.brickshuisarts.nl; font-src 'self' data: https://themes.googleusercontent.com; connect-src 'self' *.thuisarts.nl *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://kontakt.tuhh.de/api/search.php https://jobs.b-ite.com/api/v1/postings/search; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://cse.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tuhh.de https://*.tu-harburg.de; img-src 'self' data: https://www.juicer.io https://img.youtube.com https://*.openstreetmap.org https://unpkg.com https://*.google.com https://*.gstatic.com https://*.tuhh.de https://*.tu-harburg.de; media-src 'self' https://*.tuhh.de https://*.tu-harburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://cdn.jsdelivr.net https://unpkg.com https://cse.google.com https://www.google.com/cse/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.b-ite.com/jobs-api/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://www.google.com/cse/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; frame-ancestors 'self'; report-uri https://intranet.tuhh.de/cspreport.php 1
default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src https://static.ads-twitter.com/uwt.js https://prod-live-chat.sprinklr.com/ https://live-chat-static.sprinklr.com/ https://analytics.tiktok.com/ https://spx-components.cdn.sprinklr.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://spx-components.cdn.sprinklr.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://ajax.aspnetcdn.com/ https://unpkg.com/ www.youtube.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com  http://cdn.pardot.com/ https://info.aramex.com/ https://pi.pardot.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.googleadservices.com/  aramex.api.sociaplus.com https://npmcdn.com https://app.powerbi.com https://v1.addthisedge.com https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com  www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://static.ads-twitter.com/uwt.js ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline' https://cdn.jsdelivr.net/ https://td.doubleclick.net/ ;img-src * blob: data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action www.facebook.com 'self'  'unsafe-inline'https://tpay1.digitsecure.com/; frame-src https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/ dotcomaramexprod.blob.core.windows.net consentcdn.cookiebot.com www.facebook.com ' 'self' https://app.powerbi.com charts3.equitystory.com  https://app.powerbi.com charts3.equitystory.com  irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com 1
script-src 'self' *.erowid.org 'unsafe-inline' 'unsafe-eval' ; media-src www.erowid.org erowid.org media.erowid.org; frame-ancestors 'self' 1
default-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net https://data.institutionalinvestor.com *.brightcove.com *.brightcove.net *.boltdns.net *.prod.boltdns.net http://manifest.prod.boltdns.net *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com;    connect-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net https://data.institutionalinvestor.com *.brightcove.com *.brightcove.net http://manifest.prod.boltdns.net *.brightcovecdn.com *.assetmg.info *.google-analytics.com *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com *.gstatic.com *.azure.com https://adservice.google.com/ *.facebook.com *.linkedin.com https://px.ads.linkedin.com/wa/ *.2mdn.net;  child-src 'self' blob: *.cdn.zephr.com *.brightspot.cloud https://data.institutionalinvestor.com *.boltdns.net *.assetmg.info;  font-src 'self' data: https:  *.cdn.zephr.com *.brightspot.cloud *.googleapis.com *.boltdns.net *.boltdns.net *.assetmg.info;  frame-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net tpc.googlesyndication.com *.google.com https://data.institutionalinvestor.com *.brightcove.net *.institutionalinvestor.com *.ceros.com *.boltdns.net *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com *.dwcdn.net *.adspeed.net;    img-src 'self' data: *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.brightcove.net *.brightcove.com *.prod.boltdns.net *.boltdns.net *.assetmg.info *.assetmg.info *.assetmg.info *.cookielaw.org *.facebook.com *.facebook.net *.twitter.com *.licdn.com t.co *.chartbeat.net *.linkedin.com *.onetrust.com *.moatads.com *.moatpixel.com https://analytics.twitter.com/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;  media-src 'self' blob: data: *.cdn.zephr.com *.brightspot.cloud *.assetmg.info *.facebook.com *.onetrust.com *.2mdn.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.boltdns.net http://manifest.prod.boltdns.net *.assetmg.info *.cookielaw.org *.stripe.com *.facebook.net *.licdn.com *.ads-twitter.com *.chartbeat.com *.google-analytics.com *.zephr.com *.brightcove.net *.zencdn.net *.facebook.com *.onetrust.com *.cloudflare.com *.moatads.com *.ceros.com https://www.googletagservices.com/ *.google.com *.gstatic.com;  style-src 'self' 'unsafe-inline' *.zephr.com *.brightspot.cloud *.assetmg.info *.facebook.net *.facebook.com *.ads-twitter.com *.chartbeat.com *.google-analytics.com *.licdn.com *.cookielaw.org *.onetrust.com *.stripe.com *.cdn.zephr.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.dwcdn.net *.google.com.au https://fonts.googleapis.com;   frame-ancestors 'self' *.cdn.zephr.com *.brightspot.cloud https://data.institutionalinvestor.com *.brightcove.net *.brightcove.com *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com; 1
frame-ancestors 'self' https://www.weddingwire.in https://community.weddingwire.in https://landing.weddingwire.in 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.sharethis.com *.invoca.net *.invocacdn.com *.zi-scripts.com https://static.ads-twitter.com *.bing.com *.cintas.com *.cloudflare.com *.cloudinary.com *.dynamicyield.com *.eloqua.com *.en25.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com js.hs-scripts.com https://code.jquery.com/ *.licdn.com *.onetrust.com *.scene7.com https://cdn.insight.sitefinity.com unpkg.com/@frontify/ https://www.youtube.com/iframe_api *.zyratalk.com https://cdn.pdst.fm nowl.ink *.onetrust.io *.clarity.ms https://dec.azureedge.net/ googleads.g.doubleclick.net js.hs-analytics.net munchkin.marketo.net *.typekit.net use.typekit.net *.cookielaw.org *.zoominfo.com *.clickagy.com cdn.ampproject.org *.adsrvr.org 'self' web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.cintas.com *.dynamicyield.com *.googletagmanager.com *.scene7.com https://cdn.insight.sitefinity.com https://unpkg.com/leaflet@1.1.0/dist/leaflet.css https://dec.azureedge.net *.typekit.net 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: t.co *.sharethis.com *.adsymptotic.com *.bing.com *.cintas.com *.cloudinary.com *.dynamicyield.com *.eloqua.com *.frontify.com *.google-analytics.com *.google.com *.googletagmanager.com track.hubspot.com *.linkedin.com *.mapbox.com *.scene7.com https://*.dec.sitefinity.com https://*.insight.sitefinity.com analytics.twitter.com *.clarity.ms https://dec.azureedge.net *.doubleclick.net https://stats.g.doubleclick.net p.typekit.net *.blob.core.windows.net *.adsrvr.org *.cookielaw.org *.clickagy.com *.crwdcntrl.net *.agkn.com *.rlcdn.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cintas.com *.dynamicyield.com *.typekit.net; frame-src *.cintas.ca *.cintas.com http://covideo.com https://www.facebook.com cintas.gcs-web.com https://cintas.gcs-web.com/ https://www.google.com http://vidmails.com https://vimeo.com/ https://player.vimeo.com *.zyratalk.com *.localhost *.azurewebsites.net *.doubleclick.net *.widen.net *.sharethis.com 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.sharethis.com *.facebook.com *.invoca.net *.bing.com *.cloudinary.com *.dynamicyield.com *.frontify.com *.google-analytics.com https://analytics.google.com *.googleapis.com maps.googleapis.com *.mktoresp.com https://geolocation.onetrust.com *.scene7.com https://*.dec.sitefinity.com https://*.insight.sitefinity.com *.smartystreets.com *.onetrust.io https://cdn.linkedin.oribi.io *.clarity.ms https://us-central1-adaptive-growth.cloudfunctions.net https://stats.g.doubleclick.net *.cookielaw.org *.zi-scripts.com *.zoominfo.com *.clickagy.com *.linkedin.com *.crwdcntrl.net; media-src 'self' data: blob: *.cloudinary.com *.frontify.com *.scene7.com *.widen.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: cloudinary.com *.cloudinary.com *.frontify.com *.gcs-web.com *.scene7.com *.doubleclick.net *.typekit.net 'self' web-chat.nativechat.com; frame-ancestors 'self' https://networkofsavings.aaa.biz 1
connect-src 'self' *.unilim.fr maps.googleapis.com; font-src 'self' *.googleapis.com *.gstatic.com cdnjs.cloudflare.com cdn.unilim.fr data:; frame-src 'self' *.live.com *.youtube.com *.vimeo.com *.dailymotion.com *.unilim.fr static.addtoany.com www.google.com; script-src 'self' 'unsafe-inline' www.youtube.com cdn.unilim.fr static.addtoany.com *.facil-iti.app maps.googleapis.com mystats.unilim.fr static.addtoany.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com cdn.unilim.fr; frame-ancestors 'self' *.unilim.fr; img-src 'self' cdn.unilim.fr maps.gstatic.com maps.googleapis.com img.youtube.com data:; manifest-src 'self'; media-src 'self'; object-src 'self'; worker-src 'self' blob:; 1
frame-ancestors https://ecomposer.app https://*.myshopify.com https://admin.shopify.com 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com unpkg.com *.co-vin.in *.gov.in;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com; script-src 'self'  *.co-vin.in *.gov.in 'unsafe-inline' maxcdn.bootstrapcdn.com prod-cdn.preprod.co-vin.in  *.mapmyindia.com www.mappls.com *.mapmyindia.in data: blob:;connect-src 'self' *.co-vin.in *.gov.in wss://websocketprod.co-vin.in www.mappls.com *.mapmyindia.com *.mapmyindia.in data;img-src 'self' *.co-vin.in *.gov.in *.mapmyindia.com *.mapmyindia.in data: blob:; 1
upgrade-insecure-requests; report-uri https://prezly.report-uri.com/r/d/csp/enforce; frame-ancestors https://app.contentful.com 1
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 1
upgrade-insecure-requests; frame-ancestors 'self' *.prd.go.th prd.gdcatalog.go.th; 1
default-src 'self' https://www.norc.org https://norc.org *.osano.com https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://s7d1.scene7.com https://norc.tt.omtrdc.net https://assets.adobedtm.com https://dpm.demdex.net https://norc.demdex.net https://norc-mkt-stage1-m.adobe-campaign.com *.algolia.net *.algolianet.com https://cdn.plyr.io; img-src 'self' https://www.norc.org https://norc.org https://publish-p48206-e244563.adobeaemcloud.com https://norc.sc.omtrdc.net https://cdn.plyr.io http://s7d1.scene7.com https://s7d1.scene7.com https://assets.adobedtm.com https://i.ytimg.com; script-src 'self' 'unsafe-eval' 'nonce-2726c7f26c' 'sha256-QCX2WrJAVBq3gCFlmChFAsBql01DvEVZnvaj3mPNl6Y=' https://www.norc.org https://norc.org *.osano.com https://connect.facebook.net/en_US/sdk.js https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://assets.adobedtm.com *.algolia.net *.algolianet.com; style-src 'self' 'unsafe-inline' https://www.norc.org https://norc.org https://norc-mkt-prod1-m.adobe-campaign.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.adobedtm.com;child-src 'self' *.osano.com blob:;frame-src 'self' https://static.contextall.com *.osano.com *.youtube.com *.youtube-nocookie.com https://norc-mkt-prod1-m.adobe-campaign.com https://norc-mkt-stage1-m.adobe-campaign.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.dataroid.com *.google.com.tr *.google.com *.google-analytics.com cdn.appdynamics.com  *.facebook.net *.facebook.com *.kuveytturk.com.tr *.googleapis.com *.gstatic.com *.eum-appdynamics.com *.youtube.com *.adform.net *.programattik.com *.signfordeaf.com *.captcha.com *.tiktok.com *.efilli.com; 1
default-src 'self'; img-src 'self' 'unsafe-inline' blob: https://t.co https://analytics.twitter.com https://*.godsunchained.com https://*.immutable.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://fonts.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.xsolla.net https://*.vimeocdn.com https://vimeo.com https://staginggublog.wpengine.com https://*.images-amazon.com data: https://*.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.godsunchained.com https://*.immutable.com https://*.facebook.net https://*.visualwebsiteoptimizer.com https://*.newrelic.com https://quickkoala.io https://unpkg.com https://*.google-analytics.com/ https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.recaptcha.net https://*.googleadservices.com https://*.nr-data.net https://*.xsolla.net https://*.vimeocdn.com https://cdn.lr-in.com https://*.sentry.io https://cdn.lr-in-prod.com https://r.lr-in-prod.com https://client-api.arkoselabs.com https://imx-api.arkoselabs.com https://api.sprig.com https://cdn.sprig.com https://cdn.segment.com https://websdk.appsflyer.com https://*.loginwithamazon.com https://*.clarity.ms https://c.bing.com; media-src 'self' 'unsafe-inline' blob: https://*.godsunchained.com https://*.immutable.com data:; style-src 'self' 'unsafe-inline' https://*.godsunchained.com https://*.immutable.com https://fonts.googleapis.com https://*.googletagmanager.com https://*.vimeocdn.com; font-src 'self' data: 'unsafe-inline' https://*.godsunchained.com https://*.immutable.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' data: blob: https://analytics.tiktok.com https://analytics.google.com https://*.godsunchained.com https://*.immutable.com https://*.recaptcha.net https://*.nr-data.net https://*.infura.io https://*.launchdarkly.com https://quickkoala.io https://*.google-analytics.com https://*.facebook.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://*.doubleclick.net https://unpkg.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.com.au https://*.googleadservices.com https://*.xsolla.net https://*.rollbar.com https://d2kgdofmel8ecp.cloudfront.net ws://localhost:* wss://localhost:* ws://*.godsunchained.com wss://*.godsunchained.com ws://*.immutable.com wss://*.immutable.com https://api.coinmarketcap.com https://*.akamaized.net https://cdn.lr-in.com https://*.sentry.io https://cdn.lr-in-prod.com https://r.lr-in-prod.com https://staginggublog.wpengine.com https://godsunchained.wpengine.com https://api.sprig.com https://cdn.sprig.com https://s3-ap-southeast-2.amazonaws.com https://api.segment.io https://cdn.segment.com https://*.appsflyer.com https://*.clarity.ms https://c.bing.com; frame-src 'self' https://*.godsunchained.com https://*.immutable.com https://player.vimeo.com https://www.recaptcha.net https://www.google.com https://client-api.arkoselabs.com https://imx-api.arkoselabs.com https://aqua.xyz https://auth.magic.link; object-src 'none'; worker-src blob: https://*.godsunchained.com; 1
connect-src 'self' https: blob: data:; frame-ancestors 'self' https://accounts.kaleido.ai https://www.remove.bg https://www.unscreen.com https://www.designify.com https://app.storyblok.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.click4assistance.co.uk *.googletagmanager.com cdn.jsdelivr.net code.jquery.com https://cdnjs.cloudflare.com https://region-eu.libanswers.com https://unpkg.com https://v4in1-si.click4assistance.co.uk https://westminster.accessplanit.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.uk *.youtube.com *.facebook.com *.facebook.net *.hotjar.com snap.licdn.com *.tiktok.com *.quantserve.com *.quantcount.com *.doubleclick.net *.infinity-tracking.net *.infinity-tracking.com sc-static.net *.click4assistance.co.uk *.vimeo.com cdn.unibuddy.co *.accessplanit.com *.newrelic.com *.nr-data.net *.clarity.ms *.bing.com westminsterstudent.libanswers.com www.redditstatic.com tags.srv.stackadapt.com *.snapchat.com qvdt3feo.com cdn.jsdelivr.net code.jquery.com https://cdnjs.cloudflare.com https://region-eu.libanswers.com https://unpkg.com https://v4in1-si.click4assistance.co.uk https://westminster.accessplanit.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.lsuhsc.edu 1
frame-ancestors 'self' *.uni-weimar.de 1
default-src 'none'; object-src 'none'; img-src 'self' *.bam-x.com *.narrativ.com https:; script-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com; style-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com 'unsafe-inline'; font-src 'self' *.bam-x.com *.narrativ.com; connect-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://use.fontawesome.com https://fonts.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://ui.srv17-va.com/frontend-embedded/; img-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://use.fontawesome.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://use.fontawesome.com https://www.google-analytics.com fonts.googleapis.com; report-uri https://www.tmhp.com/report-uri/enforce; block-all-mixed-content 1
default-src 'self' snowplow-web.wogaa.sg static.zdassets.com www.facebook.com cdn.syndication.twimg.com video.fsin8-1.fna.fbcdn.net video.fsin8-2.fna.fbcdn.net snowplow-web.wogaa.sg www.google-analytics.com ekr.zdassets.com flexanswer1654.zendesk.com onemap.gov.sg widget-mediator.zopim.com www.google.com www.gstatic.com static.elfsight.com;style-src 'self' 'unsafe-inline' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com cdn.jsdelivr.net test-gpc-1.sg.va.sabio.cloud platform.twitter.com assets.dcube.cloud www.facebook.com fonts.googleapis.com assets.wogaa.sg www.gstatic.com va.ecitizen.gov.sg;script-src 'self' test-gpc-1.sg.va.sabio.cloud webchat.vica.gov.sg lf16-tiktok-web.ttwstatic.com www.tiktok.com static.elfsight.com assets-stage-elfsight-com.sfo2.cdn.digitaloceanspaces.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net d3pdo5aouiodr4.cloudfront.net zx54f7wti6.execute-api.ap-southeast-1.amazonaws.com googleads.g.doubleclick.net www.googleadservices.com www.google.com test-gpc-1.sg.va.sabio.cloud platform.twitter.com connect.facebook.net assets.dcube.cloud cdn.syndication.twimg.com www.facebook.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net app-script.monsido.com assets.wogaa.sg polyfill.io va.ecitizen.gov.sg static.zdassets.com unpkg.com www.gstatic.com;font-src 'self' va.ecitizen.gov.sg test-gpc-1.sg.va.sabio.cloud s3-us-west-2.amazonaws.com assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com;img-src data: 'self' files.elfsightcdn.com bucket-common.vica.gov.sg dpm.demdex.net cm.everesttech.net d33wubrfki0l68.cloudfront.net www.google.com is4-ssl.mzstatic.com www.google.com.sg test-gpc-1.sg.va.sabio.cloud pbs.twimg.com syndication.twitter.com platform.twitter.com abs.twimg.com www.facebook.com scontent.fsin8-2.fna.fbcdn.net scontent.fsin8-1.fna.fbcdn.net maps-a.onemap.sg maps-b.onemap.sg maps-c.onemap.sg tracking.monsido.com www.google-analytics.com www.onemap.gov.sg docs.onemap.sg ncspteltd.sc.omtrdc.net cdn.jsdelivr.net va.ecitizen.gov.sg;child-src blob: *;connect-src 'self' *;worker-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' http://www.philips.de *.philips.com *.philips.de https://philipsigtdpv.com 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data: blob:; media-src 'self' *.zdassets.com; object-src 'none'; script-src 'self' betterplace-assets.betterplace.org 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.smassets.net *.surveymonkey.com *.zdassets.com *.zopim.com ajax.googleapis.com js.stripe.com maps.googleapis.com optimize.google.com play.google.com s.ytimg.com script.hotjar.com tagmanager.google.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.paypal.com www.youtube-nocookie.com www.youtube.com *.bp42.com storage.googleapis.com; style-src 'self' 'unsafe-inline' betterplace-assets.betterplace.org *.hotjar.com *.smassets.net *.surveymonkey.com fonts.googleapis.com optimize.google.com storage.googleapis.com; connect-src 'self' api.betterplace.org betterplace-assets.betterplace.org nextjs.betterplace.org www.betterplace.org *.hotjar.com *.hotjar.io *.surveymonkey.com *.zdassets.com *.zendesk.com *.zopim.com api.honeybadger.io maps.googleapis.com stats.g.doubleclick.net wss://*.hotjar.com wss://*.zopim.com www.google-analytics.com www.google.com/recaptcha www.gstatic.com www.paypal.com www.sandbox.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu; frame-src 'self' *.betterplace.org *.hotjar.com *.paypal.com *.surveymonkey.com *.zdassets.com *.engagementportal.de *.epo42.de js.stripe.com optimize.google.com www.betterplace-widget.org www.google.com www.paypalobjects.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com; worker-src 'self' blob:; child-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sbazar.cz admin.sbazar.cz *.sbazar.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.sbazar.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.sbazar.cz blob: login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam 1
frame-ancestors 'self' https://services.tssco.com.tw 1
frame-ancestors *.diffen.com 1
object-src 'none';base-uri 'self';script-src 'nonce-MzUzZTNlOGE0OQ/NDc5OTU5YTQwMGM0NjA=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://www.myaspectra.ch 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-06e13da768944d2336dcfc6bd5d53531'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
style-src 'self' 'unsafe-inline' *.vitamix.com cloud.typography.com *.bazaarvoice.com *.ssa.gov https://optimize.google.com *.cj.com vitamixmgmtcorp.us-5.evergage.com; frame-ancestors 'self' 1
default-src c.wgr.de 'self'; script-src c.wgr.de connect.facebook.net www.googleadservices.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net www.google.de maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' https://l.ecn-ldr.de; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net www.google.com www.google.de maps.googleapis.com *.gstatic.com 'self' data: *.econda-monitor.de; frame-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://mein.westermann.de/ www.facebook.com 'self' *.crosssell.info *.econda-monitor.de 1
default-src 'self'; font-src 'self' fonts.googleapis.com code.cdn.mozilla.net https: data:; img-src 'self' image.tmdb.org m.media-amazon.com ia.media-imdb.com https: data:; object-src 'self' forum.opensubtitles.com; form-action 'self' forum.opensubtitles.com localhost:4200 www.opensubtitles.com; frame-src 'self' forum.opensubtitles.com opensubtitles.test.onfastspring.com opensubtitles.onfastspring.com *.cloudfront.net api.blink.net *.tawk.to tawk.to test.blink.net blink.net www.recaptcha.net www.google.com www.youtube.com; connect-src 'self' region1.google-analytics.com bam.eu01.nr-data.net opensubtitles.test.onfastspring.com opensubtitles.onfastspring.com *.cloudfront.net rb-dev:8082 *.test.resolver.perfops.net *.tawk.to wss://*.tawk.to cdn.datatables.net www.google-analytics.com test.blink.net api.blink.net blink.net www.gstatic.com *.blink.net api.test.blink.net devnull.perfops.net cdnperf-test.innertest.top ffffdloc1p9poy.sboxcdn.com 445991340.r.cdnsun.net perfops1.b-cdn.net perfops-cds.s.llnwi.net cdnperf.qwilt.com 1596384882.rsc.cdn77.org media-edge.1e100cdn.net vodstreaming01.video.globo.com edgecast-perfops.azureedge.net cpt96125.shopvoxpopulus.com cdnperf-rum.quantil.com live.video.globo.com medianova-cdnperf.mncdn.com cdn.jsdelivr.net d3888oxgux3fey.cloudfront.net ultrawaf.canary.scrubbingcenter.com cdnperf-rum.cdnetworks.net akamai-cdn.perfops.io medianova-multicdnperf.mncdn.com perfops.gcorelabs.com perfops.s.llnwi.net 25748s.ha.azioncdn.net test-perfops.haproxy.com cdnperf.cachefly.net rum.perfops.mdb.cdn.orange.com azure-perfops.azureedge.net cdnperf.castway.net ovh-cdn.perfops.io perfops-static.freetls.fastly.net test-perfops.ldgslb.com perfops.swiftycdn.net perfops.cloudflareperf.com cdn81795137.blazingcdn.net perfops.r.worldssl.net proxy.canary.scrubbingcenter.com; base-uri 'self' test.blink.net api.blink.net blink.net *.blink.net; frame-ancestors 'self'; script-src 'self' *.cloudfront.net bam.eu01.nr-data.net www.google.com cdn.datatables.net www.recaptcha.net www.google-analytics.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdnjs.cloudflare.com https: 'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://domeneoppslag.lab.norid.no https://domeneoppslag.norid.no https://use.fontawesome.com https://fonts.gstatic.com 1
frame-src 'self' https://files.reallygoodemails.com/ https://js.stripe.com/ https://parcel.io/ https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com/ https://dntcl.qualaroo.com/ https://ct.pinterest.com/ https://rge-prod.firebaseapp.com/ https://rge-staging.firebaseapp.com/ https://vercel.live/ 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://covers.feedbooks.net https://csi.gstatic.com https://www.gstatic.com https://js.stripe.com; object-src 'none'; script-src 'self' https://bam.nr-data.net https://js.stripe.com https://ajax.googleapis.com https://apis.google.com https://posthog.staging-northamerica.demarque.dev 'nonce-/t7Ze6mAd7iOxwlS2hYwwA=='; style-src 'self' https://fonts.googleapis.com 'nonce-/t7Ze6mAd7iOxwlS2hYwwA=='; connect-src 'self' https://bam.nr-data.net https://posthog.staging-northamerica.demarque.dev; frame-src 'self' https://js.stripe.com 1
frame-src 'self' *.valero.com *.youtube.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' *.reutersevents.com https://cdn.permutive.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.googletagmanager.com http://www.w3.org https://player.vimeo.com *.swapcard.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 1
upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://tiktok.com *.acestream.net *.adsintegrity.net *.akamaized.net *.amazonaws.com *.baomoi.com *.bing.com *.bitssec.com *.blerp.com *.bmcdn.me *.bootstrapcdn.com *.bytedapm.com *.byteintl.net *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.cdn77.org *.cdnfonts.com *.ciuvo.com *.cloudflare.com *.crystal-blocker.com *.doubleclick.net *.facebook.com *.facebook.net *.fbanalytics.org *.fbcdn.net *.fbsbx.com *.fontawesome.com *.g-t-static.com *.global-cache.online *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.honey.io *.ibytedtos.com *.ibyteimg.com *.instagram.com *.isnssdk.com *.jquery.com *.jsdelivr.net *.kaspersky-labs.com *.killadsapi.com *.launchdarkly.com *.line-scdn.net *.megabonus.com *.merci-app.com *.moz.com *.msn.com *.oecstatic.com *.office.net *.pagespeed-mod.com *.pangle-ads.com *.productfruits.com *.scite.ai *.shopify.com *.socialhead.io *.solaranalyticscorp.com *.stackoverflow.com *.suxiaoyi.xin *.tiktok.com *.tiktokcdn-eu.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokshop.com *.tiktokv.com *.toolszen.com *.trendmicro.com *.tronex.io *.trongrid.io *.ttlstatic.com *.ttwstatic.com *.twimg.com *.typekit.net *.ultimateaderaser.com *.v.network *.vodupload.com *.webflow.com *.yandex.net *.yandex.ru *.yhgfb-static.com *.youtube.com *.ytimg.com *.ytlogs.ru adtonus.com agadata.online blancfox.com conoret.com doublestat.info jonypractic.net massehight.com meetlookup.com noop.style shopee.vn surfe.be tiktok.com triplestat.online unpkg.com wallpapercave.com zone1-services-cdn.com; report-uri https://mon.tiktokv.com/log/sentry/v2/api/slardar/main/?bid=tiktok_pns&ev_type=csp&revision=4aee1851-275c-4cbd-ad09-1acd905f53d6; report-to csp-endpoint 1
frame-ancestors 'self' *.gvtc.com 1
default-src 'self'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/turnstile/v0/api.js https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google-analytics.com https://donorbox.org https://www.paypalobjects.com/ https://www.paypal.com/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://api.openreview.net https://api2.openreview.net https://export.arxiv.org https://dblp.org https://dblp.uni-trier.de; img-src 'self' https://t.paypal.com/ data: https://*.google-analytics.com; frame-src 'self' https://challenges.cloudflare.com/ https://api.draftable.com https://donorbox.org; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://ecopyright.ieee.org/ECTT/IntroPage.jsp 1
frame-ancestors 'self'; block-all-mixed-content; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-800616003e993f59c84afb032cbfc33d' https://forums.t-nation.com/logs/ https://forums.t-nation.com/sidekiq/ https://forums.t-nation.com/mini-profiler-resources/ https://global.discourse-cdn.com/tnation/assets/ https://forums.t-nation.com/extra-locales/ https://sea2.discourse-cdn.com/tnation/highlight-js/ https://sea2.discourse-cdn.com/tnation/javascripts/ https://sea2.discourse-cdn.com/tnation/plugins/ https://sea2.discourse-cdn.com/tnation/theme-javascripts/ https://sea2.discourse-cdn.com/tnation/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://static.klaviyo.com/onsite/js/klaviyo.js https://cdn.cookielaw.org/consent/b79cc346-a9c3-45a7-919c-ed73bfb363db/OtAutoBlock.js https://cdn.cookielaw.org/consent/b79cc346-a9c3-45a7-919c-ed73bfb363db/otSDKStub.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/superfish/1.7.3/superfish.min.js https://js.stripe.com/v3/ https://hooks.stripe.com https://connect.facebook.net/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://cdn.optimizely.com/js/1769486242.js https://*.quantserve.com/quant.js https://script.crazyegg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://graph.facebook.com/ https://rules.quantcount.com/ https://www.googletagservices.com https://securepubads.g.doubleclick.net https://powerad.ai https://hb.brainlyads.com/prebid.js https://c.amazon-adsystem.com/aax2/apstag.js https://tagan.adlightning.com/nextmillenium/ https://adservice.google.com/ https://adservice.google.ca https://www.google-analytics.com  https://*.gumgum.com/ https://a.rfihub.com/ https://*.adsafeprotected.com/ https://*.serving-sys.com/ https://*.rfihub.net/ https://*.scorecardresearch.com/ https://*.iasds01.com/ https://*.moatads.com/ https://cdn.ampproject.org/ https://tpc.googlesyndication.com/ https://adservice.google.fr/adsid/ https://j.adlooxtracking.com https://ad.doubleclick.net/ https://s0.2mdn.net https://*.ssl.hwcdn.net https://ads.pubmatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://tags.mathtag.com https://choices.truste.com https://www.google.com https://adservice.google.it/ https://script.crazyegg.com/pages/scripts/ https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://sdks.shopifycdn.com/buy-button/latest/buy-button-storefront.min.js https://*.t-nation.com https://cdn.shopify.com https://*.stripe.com https://*.googletagmanager.com https://*.klaviyo.com 'unsafe-inline' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'self' *.acsbapp.com *.acsbap.com acsbap.com acsbapp.com; worker-src 'self' https://global.discourse-cdn.com/tnation/assets/ https://sea2.discourse-cdn.com/tnation/javascripts/ https://sea2.discourse-cdn.com/tnation/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' data: *.bouncex.net *.pressablecdn.com *.wp.com *.gravatar.com  *.google-analytics.com *.hotjar.com *.doubleclick.net *.convertkit.com 'unsafe-inline'; object-src *; img-src *; media-src *; frame-src *; font-src 'self' data: *.pressablecdn.com *.wp.com *.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' *.pressablecdn.com *.wp.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: *.pressablecdn.com app.convertkit.com ajax.googleapis.com www.googletagmanager.com connect.facebook.net secure.gaug.es stats.g.doubleclick.net *.wp.com *.google-analytics.com *.hotjar.com *.bounceexchange.com *.optimizely.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://www.it-recht-kanzlei.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.it-recht-kanzlei.de/ https://chat.it-recht-kanzlei.de:3000/ https://maps.google.com/maps-api-v3/ https://maps.google.com/maps/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.google.com/maps/api/ https://maps.googleapis.com/ https://apis.google.com https://platform.twitter.com https://connect.facebook.net https://ssl.google-analytics.com https://www.google-analytics.com https://widgets.shopvote.de https://dev.w3.org/SVG/modules/ref/master/ref2.js; img-src 'self' https://www.it-recht-kanzlei.de/ https://*.it-recht-kanzlei.de/ blob: data: *; style-src 'self' 'unsafe-inline' https://www.it-recht-kanzlei.de/ https://widgets.shopvote.de/ https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://www.it-recht-kanzlei.de/ https://fonts.gstatic.com; child-src 'self' blob: data: https://www.it-recht-kanzlei.de/ https://www.shopvote.de/ https://widgets.shopvote.de/ https://www.google.com/ https://syndication.twitter.com https://platform.twitter.com https://web.facebook.com https://staticxx.facebook.com https://www.facebook.com https://www.google-analytics.com https://apis.google.com https://accounts.google.com; object-src 'self' https://www.it-recht-kanzlei.de/; connect-src 'self' https://www.it-recht-kanzlei.de/ https://widgets.shopvote.de/ https://chat.it-recht-kanzlei.de:3000/ https://www.google-analytics.com https://*.it-recht-kanzlei.de/ https://maps.googleapis.com/maps/api/; media-src 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-nVpX8uR4CgKNExHjzW20kg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'none'; script-src 'self' 'unsafe-inline' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com studyinthestates.dhs.gov cwu-csm.symplicity.com *.blackbaud.com *.blackbaudhosting.com *.heyhalda.com *.googleadservices.com *.cloudfront.net *.flippingbook.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.cdn.technolutions.net *.cdn.technolutions.net code.jquery.com fonts.googleapis.com *.gstatic.com *.google.com *.libanswers.com cdn.polyfill.io cdnjs.cloudflare.com *.bootstrapcdn.com cdn.livechatinc.com api.livechatinc.com connect.facebook.net secure.adnxs.com up.pixel.ad analytics.tiktok.com snap.licdn.com sc-static.net bot.ivy.ai tr.snapchat.com a.omappapi.com *.ewaycorphosting.com; connect-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com admissions.cwu.edu tr6.snapchat.com/p px.ads.linkedin.com/wa/ doublethedonation.com *.blackbaud.com *.heyhalda.com *.flippingbook.com api.omappapi.com z.omappapi.com a.omappapi.com *.google.com *.google-analytics.com *.cdn.technolutions.net *.cdn.technolutions.net cdn.linkedin.oribi.io analytics.tiktok.com stats.g.doubleclick.net tr.snapchat.com goboardapi.azurewebsites.net; img-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com *.blackbaudhosting.com googleads.g.doubleclick.net *.cloudfront.net *.flippingbook.com a.omappapi.com *.google.com *.google-analytics.com *.mdhv.io *.facebook.com pixel.sitescout.com px.ads.linkedin.com bot.ivy.ai tr.snapchat.com ai1.ivy-cdn.com *.googletagmanager.com *.ewaycorphosting.com; style-src 'self' 'unsafe-inline' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com googletagmanager.com/debug/badge.css doublethedonation.com *.blackbaud.com *.blackbaudhosting.com *.cdn.technolutions.net fonts.googleapis.com *.fontawesome.com cdnjs.cloudflare.com *.ewaycorphosting.com a.omappapi.com/app/js/api.min.css; frame-ancestors 'self'; form-action 'self' admissions.cwu.edu search.cwu.edu *.facebook.com; media-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com; font-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com fonts.gstatic.com *.fontawesome.com cdn.livechatinc.com bot.ivy.ai; frame-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com teamup.com cwu-csm.symplicity.com *.heyhalda.com *.blackbaud.com *.blackbaudhosting.com td.doubleclick.net *.flippingbook.com www.youtube.com www.vimeo.com *.office365.com *.libanswers.com www.google.com map.concept3d.com secure.livechatinc.com *.cdn.technolutions.net tr.snapchat.com *.facebook.com pixel.sitescout.com bot.ivy.ai; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.bitrix24.ru *.roistat.com top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com unpkg.com data: google.com www.google.com gstatic.com centralnicgroup.activehosted.com *.cloudfront.net blob: https://api.mapbox.com https://*.hotjar.com https://www.youtube-nocookie.com www.recaptcha.net js.hs-scripts.com 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com www.google-analytics.com cdn.jsdelivr.net *.brightcove.com *.doubleclick.net *.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com stories.syngenta.com gateway.shorthand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com otp.tools.investis.com unpkg.com cdn.rawgit.com  https://gateway.zscalertwo.net stories.syngenta.com iframely.shorthand.com analytics.shorthand.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net stories.syngenta.com; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com www.youtube.com www.facebook.com stories.syngenta.com iframely.shorthand.com platform.twitter.com syndication.twitter.com www.linkedin.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/GameCenterUi/cspreport/allowlist;child-src *.h5games.usercontent.goog;worker-src 'self' 1
default-src 'self' https://try.abtasty.com; connect-src *; font-src *; img-src data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'; 1
default-src 'self' data: blob: *.ocbc.com *.ocbc.local; img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ocbc.local *.ocbc.com  *.ocbc.com.my *.sc.omtrdc.net *.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.youtube.com *.tiqcdn.com *.facebook.net *.facebook.com *.pages07.net *.greateasterngeneral.com *.ibmmarketingcloud.com dpm.demdex.net *.everestjs.net *.mookie1.com  https://anchor.fm *.sqreemtech.com *.adsrvr.org *.qualtrics.com *.ytimg.com  *.licdn.com *.outbrain.com *.oraclecloud.com;object-src 'self' *.ocbc.com *.ocbc.com.my;font-src 'self' *;frame-src 'self' *.ocbc.com *.ocbc.local https://5376815.fls.doubleclick.net https://9036546.fls.doubleclick.net *.youtube.com *.tiqcdn.com https://ocbc.demdex.net https://bid.g.doubleclick.net *.crwdcntrl.net *.sqreemtech.com https://anchor.fm *.adsrvr.org *.qualtrics.com;connect-src 'self' *.ocbc.com *.google-analytics.com *.doubleclick.net dpm.demdex.net *.qualtrics.com *.oraclecloud.com wss://*.oci.oraclecloud.com *.adobedc.net; 1
default-src 'self' 'unsafe-inline' https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://*.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.youtube.com https://cdn.linkedin.oribi.io https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://app.sli.do;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://acdn.adnxs.com https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www.vimeo.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://app.sli.do;           style-src 'self' 'unsafe-inline';           img-src 'self' https://ib.adnxs.com https://px.ads.linkedin.com https://www.youtube.com https://www.vimeo.com https://www.google.de/ data: https:;           font-src 'self' 'unsafe-inline' data:; 1
default-src https: *.crazyegg.com; connect-src 'self' https: wss://visitors.live wss://*.visitors.live wss://ws.hotjar.com *.crazyegg.com; worker-src blob:; script-src https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; style-src https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; img-src http://career.luxoft.com http://www.luxoft.com 'self' https: data: *.crazyegg.com; frame-src 'self' https: *.crazyegg.com; font-src 'self' data: https://fonts.gstatic.com; 1
connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net login.microsoftonline.com yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru data: forms-eu1.hscollectedforms.net api-eu1.hubapi.com https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io toloka.dev sandbox.toloka.dev;script-src 'self' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com googleads.g.doubleclick.net mc.yandex.ru js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io 'nonce-ac505503551f64affdf4c7418249aca6';style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net 'unsafe-inline';img-src https: 'self' googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru;frame-src td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com yandex.ru yandex.com forms.yandex.ru forms.yandex.com https://tlkfrontprod.azureedge.net blob: mc.yandex.ru mc.yandex.md;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors *.toloka.ai toloka.ai *.toloka-test.ai webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net data:;media-src 'self' https://tlkfrontprod.azureedge.net;base-uri 'none';default-src 'none';child-src blob: mc.yandex.ru;style-src-attr 'unsafe-inline';report-uri https://csp.yandex.net/csp?yandexuid=820067161670525391&from=toloka-portal&project=toloka-portal 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.sunstar.com.ph https://anymind360.com;block-all-mixed-content; 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob:; child-src * blob: gap:; img-src * 'self' blob: data: https:; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; base-uri *; frame-ancestors 'self' *.blueconic.net 1
default-src 'self' play.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.mutinyhq.io *.mutinycdn.com https://cdn.heapanalytics.com https://heapanalytics.com *.googleapis.com *.marketo.net *.google-analytics.com *.google.com *.linkedin.com *.marketo.com *.vidyard.com *.googletagmanager.com *.googleadservices.com *.mktoresp.com static.ads-twitter.com *.twitter.com *.doubleclick.net *.cloudfront.net *.newrelic.com bam.nr-data.net js.bizographics.com s.swiftypecdn.com *.facebook.net *.crazyegg.com *.amazonaws.com *.swiftype.com *.6sc.co *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.driftt.com boards.greenhouse.io snap.licdn.com px.airpr.com *.intentsify.io js.adsrvr.org ads.avct.cloud ml314.com *.blob.core.windows.net unpkg.com mc.yandex.ru *.mimecast.com *.veracode.com *.trustradius.com *.brighttalk.com widgets.peerspot.com *.cloudflareinsights.com *.ensighten.com *.gartner.com d3js.org/d3.v5.min.js *.6sense.com img-src: www.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com cdnjs.cloudflare.com *.marketo.com s.swiftypecdn.com tagmanager.google.com *.cookielaw.org *.veracode.com maxcdn.bootstrapcdn.com optanon.blob.core.windows.net pro.fontawesome.com *.trustradius.com *.gartner.com optimize.google.com https://heapanalytics.com; img-src 'self' data: * *.gstatic.com 6sc.co *.mutinyhq.io *.mutinycdn.com https://cdn.heapanalytics.com https://heapanalytics.com; media-src 'self' *.youtube.com js.driftqa.com js.driftt.com; frame-src 'self' widgets.peerspot.com *.youtube.com *.google.com *.facebook.com platform.twitter.com careers.lifeatca.com *.snapengage.com b.company-target.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.soundcloud.com *.slideshare.net  *.driftt.com boards.greenhouse.io insight.adsrvr.org match.adsrvr.org *.veracode.com *.marketo.com *.brighttalk.com d1eoo1tco6rr5e.cloudfront.net *.gartner.com; child-src 'self' *.youtube.com *.google.com *.facebook.com platform.twitter.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.jquery.com *.cookielaw.org *.onetrust.com *.soundcloud.com *.veracode.com blob:; font-src 'self' data: * https://heapanalytics.com; connect-src 'self' *.mutinyhq.io *.mutinycdn.com https://heapanalytics.com *.mktoresp.com *.marketo.com secure.adnxs.com *.google-analytics.com s.swiftypecdn.com cdnjs.cloudflare.com *.googleapis.com *.googletagmanager.com *.googleadservices.com sjs.bizographics.com *.ads-twitter.com fonts.gstatic.com connect.facebook.net munchkin.marketo.net analytics.twitter.com *.doubleclick.net *.google.com t.co *.prod.bidr.io id.rlcdn.com *.facebook.com *.ads.linkedin.com *.6sc.co *.crazyegg.com *.swiftype.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.vidyard.com *.linkedin.com *.gravatar.com play.vidyard.com i1.wp.com js.driftt.com boards.greenhouse.io bam.nr-data.net mc.yandex.ru *.trustradius.com *.cloudfront.net 790-zkw-291.mktoutil.com info.veracode.com *.linkedin.oribi.io *.6sense.com 1
default-src 'self' *.cloudfront.net https://track.hubspot.com https://forms.hsforms.com/ https://prod.smassets.net/ https://www.surveymonkey.com/ *.s3.amazonaws.com https://cache.addthiscdn.com https://connect.facebook.net https://p.adsymptotic.com https://px.ads.linkedin.com www.facebook.com *.neighborhoodscout.com accounts.google.com *.amazon-adsystem.com *.googletagservices.com *.googleadservices.com http://s3.amazonaws.com www.google.com *.youtube.com *.gstatic.com *.googleapis.com stats.bluebillywig.com adklip.bbvms.com *.g.doubleclick.net *.googlesyndication.com *.hotjar.com sentry.hotjar.com *.marketingautomation.services *.addthis.com *.g.doubleclick.net s7.addthis.com *.moatads.com www.google-analytics.com tether.io *.mapbox.com *.gravatar.com *.netdna-ssl.com data: ; script-src 'self' *.cloudfront.net https://js.hsleadflows.net/leadflows.js https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://widget.surveymonkey.com https://forms.hsforms.com https://js.hsforms.net https://snap.licdn.com https://tag.perfectaudience.com https://connect.facebook.net https://www.googletagmanager.com schema.org *.amazon-adsystem.com *.googleadservices.com *.googletagservices.com use.fontawesome.com *.googleapis.com *.neighborhoodscout.com wchat.freshchat.com *.moatads.com www.google-analytics.com *.netdna-ssl.com *.addthisedge.com *.addthis.com gmpg.org s.w.org *.hotjar.com *.google.com *.g.doubleclick.net cdnjs.cloudflare.com tether.io *.marketingautomation.services adklip.bbvms.com *.googlesyndication.com cdn.bluebillywig.com s0.2mdn.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval' ; style-src 'self' *.cloudfront.net *.neighborhoodscout.com *.netdna-ssl.com *.googleapis.com *.amazon-adsystem.com *.moatads.com cdn.bluebillywig.com 'unsafe-inline' ; worker-src 'self' *.cloudfront.net *.neighborhoodscout.com *.netdna-ssl.com *.mapbox.com *.bbb.org blob: ; font-src 'self' *.cloudfront.net *.neighborhoodscout.com fonts.gstatic.com *.netdna-ssl.com use.fontawesome.com cdn.bluebillywig.com data: ; base-uri 'self' *.neighborhoodscout.com; connect-src 'self' https://forms.hsforms.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/21341293/c0f4177c-1551-4dca-bbd7-14f4ab364a0e.json.gz https://hubspot-forms-static-embed.s3.amazonaws.com/prod/21341293/c5695699-f01a-437c-9224-f102a6df0e40.json.gz *.neighborhoodscout.com https://ampcid.google.com https://*.ampproject.net https://adservice.google.com https://cdn.ampproject.org https://www.googletagmanager.com wss://*.hotjar.com in.hotjar.com https://c.amazon-adsystem.com https://*.addthis.com https://*.moatads.com https://www.google.com https://securepubads.g.doubleclick.net https://vc.hotjar.io https://*.netdna-ssl.com https://api.mapbox.com https://csi.gstatic.com www.google-analytics.com https://*.doubleclick.net https://pagead2.googlesyndication.com ; 1
default-src 'none'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hibernate.atlassian.net https://in.relation.to https://staging.in.relation.to https://www.redhat.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.googletagmanager.com; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data:  https://*.githubusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://static.jboss.org https://cdn.jsdelivr.net; font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.jboss.org https://in.relation.to https://staging.in.relation.to https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://hibernate.atlassian.net; connect-src 'self' https://api.github.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' a.mailmunch.co ajax.googleapis.com applygrad.bentley.edu assets.calendly.com assets.juicer.io www.juicer.io bam-cell.nr-data.net bam.nr-data.net bat.bing.com careerinsight.burning-glass.com cdn.datatables.net cdn.jsdelivr.net cdn.unibuddy.co connect.facebook.net d.bablic.com dx.steelhousemedia.com e.infogram.com embed-cdn.flockler.com fast.fonts.net fast.wistia.com fast.wistia.net fl-1.cdn.flockler.com js-agent.newrelic.com js.driftt.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com mktdplp102cdn.azureedge.net mx.technolutions.net plugins.flockler.com public.tableau.com px.steelhousemedia.com s.yimg.com script.hotjar.com secure.wufoo.com static.wufoo.com siteimproveanalytics.com snap.licdn.com static.hotjar.com traffic-drivers.unibuddy.co ugadmission.bentley.edu us2-live.inside-graph.com us2-track.inside-graph.com weatherwidget.io ww.steelhousemedia.com www.buzzsprout.com www.eventbrite.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com cse.google.com www.youtube.com www.youvisit.com dx.mountain.com px.mountain.com insight.adsrvr.org slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com gs.mountain.com bentley.primo.exlibrisgroup.com www.instagram.com optimize.google.com *.flickr.com embedsocial.com js.hubspot.com marvel-b2-cdn.bc0a.com *.acquia.io apis.google.com https://assets.pinterest.com https://cdnjs.cloudflare.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' a.mailmunch.co ajax.googleapis.com applygrad.bentley.edu assets.calendly.com assets.juicer.io www.juicer.io bam-cell.nr-data.net bam.nr-data.net bat.bing.com careerinsight.burning-glass.com cdn.datatables.net cdn.jsdelivr.net cdn.unibuddy.co connect.facebook.net d.bablic.com dx.steelhousemedia.com e.infogram.com embed-cdn.flockler.com fast.fonts.net fast.wistia.com fast.wistia.net fl-1.cdn.flockler.com js-agent.newrelic.com js.driftt.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com mktdplp102cdn.azureedge.net mx.technolutions.net plugins.flockler.com public.tableau.com px.steelhousemedia.com s.yimg.com script.hotjar.com secure.wufoo.com static.wufoo.com siteimproveanalytics.com snap.licdn.com static.hotjar.com traffic-drivers.unibuddy.co ugadmission.bentley.edu us2-live.inside-graph.com us2-track.inside-graph.com weatherwidget.io ww.steelhousemedia.com www.buzzsprout.com www.eventbrite.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com cse.google.com www.youtube.com www.youvisit.com dx.mountain.com px.mountain.com insight.adsrvr.org slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com googleads.g.doubleclick.net gs.mountain.com bentley.primo.exlibrisgroup.com www.instagram.com optimize.google.com *.google.com *.flickr.com embedsocial.com *.tiktok.com *.tiktokcdn-us.com js.hubspot.com marvel-b2-cdn.bc0a.com www.gstatic.com partner.googleadservices.com interfaces.zapier.com code.jquery.com *.acquia.io apis.google.com https://assets.pinterest.com https://cdnjs.cloudflare.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' a.mailmunch.co assets.juicer.io www.juicer.io cdn.datatables.net fast.fonts.net fl-1.cdn.flockler.com assets.calendly.com p.typekit.net use.typekit.net fast.wistia.com slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net lf16-tiktok-web.ttwstatic.com www.google.com us2-cdn.inside-graph.com fonts.googleapis.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com optimize.google.com embedsocial.com js.hubspot.com *.acquia.io https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.mailmunch.co assets.juicer.io www.juicer.io cdn.datatables.net fast.fonts.net fl-1.cdn.flockler.com assets.calendly.com p.typekit.net use.typekit.net fast.wistia.com slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net lf16-tiktok-web.ttwstatic.com www.google.com us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com fonts.googleapis.com www.instagram.com optimize.google.com embedsocial.com js.hubspot.com *.acquia.io https://cdnjs.cloudflare.com; frame-ancestors 'self' e.issuu.com www.slideshare.net www.youtube-nocookie.com www.youtube.com app.myintuitionapp.org cdnapisec.kaltura.com fast.wistia.net forms.office.com maps.google.com player.vimeo.com *.vimeo.com teamup.com unibuddy.co w.soundcloud.com www.linkedin.com www.matchinggifts.com www.googletagmanager.com youtu.be bentleyu.wistia.com *.wistia.com *.kaltura.com plugins.flockler.com form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com bentley.primo.exlibrisgroup.com www.instagram.com embedsocial.com js.hubspot.com cdn.forms.office.net *.imodules.com www.tours.vividmediany.com; report-uri https://bentleyu.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://api.eu1.exponea.com/js/exponea.min.js https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://files.vr.fi https://api.tiles.mapbox.com https://cdn.jsdelivr.net/npm/chart.js@3.5.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0 https://cdn.jsdelivr.net/npm/chart.js@3.9.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.1.0 https://service.giosg.com https://connect.facebook.net https://api.mapbox.com https://www.gstatic.com https://www.google.com https://googletagmanager.com https://tagmanager.google.com https://www.googleanalytics.com  https://www.googleoptimize.com https://optimize.google.com https://bat.bing.com https://api.eu1.exponea.com https://*.convertexperiments.com; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://files.vr.fi https://service.giosg.com https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com  https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io; img-src 'self' data: https://images.ctfassets.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://ad.doubleclick.net https://files.vr.fi https://giosg-chat-public-eu.s3.amazonaws.com https://collector.vr.fi https://adservice.google.com https://www.facebook.com https://www.googleadservices.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.linkedin.com https://cdn.giosgusercontent.com https://translate.google.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: https://use.fontawesome.com https://giosg-chat-public-eu.s3.amazonaws.com https://files.vr.fi https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; connect-src 'self' wss://messagerouter.giosg.com wss://*.hotjar.com https://sentry.io https://api.eu1.exponea.com https://collector.vr.fi https://www.google.com https://www.google.fi https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://rata.digitraffic.fi https://vc.hotjar.io https://api.mapbox.com https://events.mapbox.com https://service.giosg.com https://aste-hvv.vr.fi https://junatkartalla-cal-prod.herokuapp.com https://*.hotjar.com https://*.hotjar.io https://crm-customerforms-prod-attachment-data.s3.eu-west-1.amazonaws.com https://region1.google-analytics.com https://*.vrpublic.fi https://cdn.linkedin.oribi.io https://app.eu1.exponea.com https://*.convertexperiments.com https://test.lippu-test.vr.fi https://www.lippu.vr.fi; media-src 'self' https://videos.ctfassets.net; object-src 'self'; child-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://vr.leadfamly.com https://my.matterport.com https://www.youtube.com https://service.giosg.com https://243.clients.giosgusercontent.com https://www.google.com https://*.vr.fi https://optimize.google.com https://link.webropolsurveys.com; worker-src 'self' blob: https://*.vr.fi; frame-ancestors 'self' https://www.cwt-train-online.fi; form-action 'self' https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' https://api.eu1.exponea.com 1
frame-ancestors 'self' *.seznam.cz www.google.cz www.google.com www.youtube.com;frame-src *.doubleclick.net *.im.cz *.seznam.cz *.seznam.test.dszn.cz ads.pubmatic.com ls.hit.gemius.pl secure.adnxs.com vars.hotjar.com www.stream.cz www.televizeseznam.cz www.youtube.com 'self';connect-src *.analytics.google.com *.doubleclick.net *.dszn.cz *.google-analytics.com *.google.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.localhost *.mapy.cz *.pszn.cz *.seznam.cz *.seznam.test.dszn.cz *.sklik.cz *.szn.cz *.zbozi.cz *.zbozi.test.dszn.cz gacz.hit.gemius.pl ws: wss: 'self';script-src *.adform.net *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.hotjar.com *.im.cz *.imedia.cz *.mapy.cz *.pliing.com *.pubmatic.com *.sdn.cz *.seznam.cz *.seznam.test.dszn.cz *.sklik.cz *.szn.cz *.szn.test.dszn.cz *.test.dszn.cz 1.im.cz ads.celtra.com chat.zbozi.cz gacz.hit.gemius.pl googleadservices.com http://*.imedia.cz http://*.seznam.cz http://login.szn.cz https://*.imedia.cz https://*.seznam.cz https://ajax.googleapis.com https://apis.google.com https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js https://login.szn.cz https://track.adform.net https://www.gstatic.com login.szn.cz scz.hit.gemius.pl www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline';script-src-attr 'self' 'unsafe-inline';img-src 'self' data: *.dszn.cz *.imedia.cz *.hotjar.com *.mapy.cz *.sdn.cz *.seznam.cz *.szn.cz *.zbozi.cz ext.pliing.com i.im.cz i.im.test.dszn.cz jslog.post.cz www.google-analytics.com www.google.com/ads/ga-audiences www.google.cz/ads/ga-audiences www.googletagmanager.com;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors https://epson.com https://*.epson.com https://*.epson.jp https://*.epson https://*.goepson.com https://epson.ca https://epson.com.mx https://epson.com.ar https://epson.com.bo https://epson.com.br https://epson.co.cr https://epson.cl https://epson.com.co https://epson.com.do https://epson.com.ec https://epson.com.py https://epson.com.pe https://epson.com.uy https://epson.com.ve https://solheimcup2023.eu https://cm.lpga.com https://cm.epsontour.com https://www.lpga.com https://www.epsontour.com 1
default-src self; script-src *.cloudfront.net *.sessioncam.com *.hypemarks.com *.usabilla.com *.pantheonsite.io *.unpkg.com *.krxd.net 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com *.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://www.gstatic.com https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com *.gigya.com https://bv.js *.bazaarvoice.com *.amazonaws.com *.adimo.co *.nestle-brands.co.uk https://mpsnare.iesnare.com/snare.js *.rawgit.com *.adsrvr.org *.jsdelivr.net *.google.com *.googleoptimize.com *.bing.com *.gbqofs.com *.gbqofs.io ; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.use.fontawesome.com *.bazaarvoice.com *.fontawesome.com *.adimo.co https://optimize.google.com https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css; img-src *.cloudfront.net *.sessioncam.com *.usabilla.com *.google.co.in *.nestle.co.uk 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com be.factory.nescafe.com belgium.nestlebeverages.acsitefactory.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.stage4.factory.nescafe.com *.nescafe.com *.purina.co.uk *.google-analytics.com *.google.com *.bing.com *.analytics.google.com; media-src 'self'; frame-src https://nescafegold-winteredition.arweb.app/ *.cloudfront.net *.sessioncam.com *.doubleclick.net 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com www.google.com *.krxd.net www.facebook.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk *.adsrvr.org https://optimize.google.com; frame-ancestors 'self' https://nescafegold-winteredition.arweb.app/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com ; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com; connect-src *.bing.com 'self' brand-ecommerce-api.fusepump.com  *.sessioncam.com *.usabilla.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.bazaarvoice.com *.nestle-brands.co.uk *.nr-data.net *.evidon.com *.g.doubleclick.net https://accounts.eu1.gigya.com *.flipkart.com *.api.experianmarketingservices.com https://api.experianmarketingservices.com/sync/queryresult/EmailValidate/1.0/10773728-4c4d-43e6-959a-dd3889366f85 *.sessioncam.com *.gbqofs.io *.analytics.google.com *.gbqofs.com  https://www.gstatic.com/charts/geochart/10/mapfiles/019_COUNTRIES.js https://www.gstatic.com/charts/regioncoder/0//geocodes/countries_en.js *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://ssl.google-analytics.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com;                img-src 'self' data: http://www.google-analytics.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org; 1
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com ru.wotblitz.com 1
frame-ancestors http://cms-ninjatrader.ninjatrader.com http://ninjatrader.com http://ninjatrader-live.ninjatrader.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:; style-src * 'unsafe-inline'; media-src * blob: 1
frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://api.eu.kaltura.com https://*.pleio.nl https://feed.mikle.com https://chat-dashboard.pleio.nl https://www.youtube.com https://www.gravatar.com https://googleads.g.doubleclick.net https://formulieren.pleio.nl https://pleiowidget.onlineafspraken.nl https://pqina.nl https://www.toegankelijkheidsverklaring.nl; base-uri 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'unsafe-inline' 'strict-dynamic' https: http: 'nonce-vIxE8FuHAsZ96lwA/K1yyg=='; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://i.ytimg.com https://i.vimeocdn.com https://*.pleio.nl https://account.pleio.nl https://chat-dashboard.pleio.nl https://www.youtube.com https://www.gravatar.com https://googleads.g.doubleclick.net https://formulieren.pleio.nl https://pleiowidget.onlineafspraken.nl https://pqina.nl https://www.toegankelijkheidsverklaring.nl; default-src 'self'; connect-src 'self' https://stats.pleio.nl https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://vimeo.com; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' data: blob: mailto: tel: mediastream: 'unsafe-inline' 'unsafe-eval' *.bing.com bing.com *.percussion.marketing percussion.marketing *.urldefense.com urldefense.com *.salesforce.com salesforce.com *.siteimproveanalytics.io siteimproveanalytics.io *.siteimproveanalytics.com siteimproveanalytics.com *.facebook.com facebook.com *.facebook.net facebook.net *.fbcdn.net fbcdn.net *.libwizard.com libwizard.com *.csudh.edu www5.csudh.edu csudh.edu *.mybluemix.net mybluemix.net *.twittercommunity.com twittercommunity.com *.twimg.com twimg.com *.twitter.com twitter.com *.google.com google.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.googlevideo.com googlevideo.com *.googleapis.com googleapis.com *.doubleclick.net doubleclick.net *.gstatic.com gstatic.com *.fontawesome.com fontawesome.com *.jsdelivr.net jsdelivr.net *.livechatinc.com livechatinc.com *.youtube.com youtube.com *.hotjar.com hotjar.com *.office.com office.com *.unibuddy.co unibuddy.co *.walls.io walls.io *.libanswers.com libanswers.com *.sharethis.com sharethis.com *.clarity.ms clarity.ms *.pardot.com pardot.com *.vimeo.com vimeo.com *.cloudflare.com cloudflare.com *.office365.com office365.com *.eventbrite.com eventbrite.com *.arcgis.com arcgis.com *.alcg.is alcg.is *.arcg.is arcg.is *.kenwheeler.github.io kenwheeler.github.io *.lightwidget.com  lightwidget.com *.curator.io curator.io *.b-cdn.net b-cdn.net *.percussion.services percussion.services *.protonmail.com protonmail.com mail.google.com compose.mail.yahoo.com outlook.live.com 357h4a1tedstsbee1xvf35r5-wpengine.netdna-ssl.com netdna-ssl.com *.youtube-nocookie.com youtube-nocookie.com *.acuityscheduling.com acuityscheduling.com *.crwdcntrl.net crwdcntrl.net d3gxy7nm8y4yjr.cloudfront.net cloudfront.net d2it6uarsia2r9.cloudfront.net cloudfront.net d1zuye95808g5g.cloudfront.net cloudfront.net d3n8h0bty3ix5.cloudfront.net cloudfront.net dd54fg6izixkl.cloudfront.net cloudfront.net csudh-coe-cred-recom.smapply.io smapply.io *.tockify.com tockify.com csudh-webappservice.yanaimpl.com yanaimpl.com csudh.hosted.panopto.com hosted.panopto.com *.badgr.com badgr.com *.kayofthejungle.com kayofthejungle.com *.livechat-files.com livechat-files.com *.i-train.org i-train.org *.fontawesome.com fontawesome.com *.credly.com credly.com api.badgr.io badgr.io lp.constantcontactpages.com constantcontactpages.com csudh2.my.site.com my.site.com csudh-stg-webappservice.yanaimpl.com yanaimpl.com; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-N2VmYmU0MTAtNTNmNS00ZThlLWFmNDQtMTBmZjMwNWJjZTdk'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.linkedin.oribi.io ad.doubleclick.net www.everestjs.net *.adobedtm.com *.facebook.net *.ads-twitter.com *.twitter.com *.googleapis.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.cloudflare.com *.licdn.com *.yesbank.in *.tt.omtrdc.net *.oraclecloud.com *.demdex.net *.gstatic.com *.azurewebsites.net *.google.com *.ampproject.org *.googletagmanager.com *.akstat.io *.go-mpulse.net *.googleusercontent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net *.yesbank.in *.oraclecloud.com *.yesbank.in *.bootstrapcdn.com *.google.com *.googleapis.com; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors *.ohiohealth.com *.ohiohealthcin.com 1
default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 1
upgrade-insecure-requests; default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'self';default-src 'none';frame-ancestors 'none';manifest-src cdn.inoc.app;script-src 'nonce-KpoTmjJK5NlQGafHh7ZexnV38QJ7FpZT' inoc.net www.inoc.net cdn.inoc.app 'strict-dynamic' 'unsafe-inline' fonts.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com;style-src 'nonce-KpoTmjJK5NlQGafHh7ZexnV38QJ7FpZT' inoc.net www.inoc.net cdn.inoc.app chart.googleapis.com 'unsafe-inline' fonts.googleapis.com;form-action inoc.net www.inoc.net;img-src inoc.net www.inoc.net cdn.inoc.app blog.inoc.net chart.googleapis.com data: https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com;object-src 'none';font-src fonts.gstatic.com;connect-src https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;frame-src *.google.com 1
frame-ancestors 'self' www.boxingscene.com iframe.boxingscene.com; 1
default-src 'self'; frame-src *; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src * 'unsafe-inline'; font-src *; connect-src *;script-src 'unsafe-inline' t.contentsquare.net app.contentsquare.com; child-src blob:; worker-src blob:; img-src *.contentsquare.net; connect-src *.contentsquare.net; frame-src csxd.{crossdomain} 1
default-src 'self' dropbox.okta.com *.oktacdn.com; connect-src 'self' dropbox.okta.com dropbox-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com dropbox.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' dropbox.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' dropbox.okta.com *.oktacdn.com; frame-src 'self' dropbox.okta.com dropbox-admin.okta.com login.okta.com com-okta-authenticator: api-37ec43d7.duosecurity.com; img-src 'self' dropbox.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' dropbox.okta.com data: *.oktacdn.com fonts.gstatic.com 1
frame-ancestors 'self' https://syniverse.com https://www.syniverse.com 1
frame ancestors 'none'; 1
default-src 'self' *.sfstandard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfstandard.com iframely.shorthand.com platform.twitter.com cdn.ampproject.org www.instagram.com www.tiktok.com citizen.com www.gofundme.com embed.typeform.com embed.reddit.com pym.nprapps.org static.dwcdn.net platform.instagram.com *.ttwstatic.com analytics.shorthand.com www.youtube.com player.vimeo.com d3js.org cdn.parsely.com dash.parsely.com ak.sail-horizon.com www.googletagmanager.com www.google-analytics.com static.ads-twitter.com connect.facebook.net static.hotjar.com tru.am *.googlesyndication.com *.googleadservices.com script.hotjar.com www.google.com www.gstatic.com server.fillout.com; style-src 'self' 'unsafe-inline' *.sfstandard.com fonts.googleapis.com *.ttwstatic.com embed.typeform.com; img-src 'self' data: https:; font-src 'self' data: *.sfstandard.com fonts.gstatic.com use.typekit.net; connect-src 'self' *.sfstandard.com *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com api.sail-personalize.com api.sail-track.com *.ingest.sentry.io pagead2.googlesyndication.com *.g.doubleclick.net api.maptiler.com beacon.tru.am *.parsely.com www.facebook.com vc.hotjar.io metrics.hotjar.io content.hotjar.io ws.hotjar.com adservice.google.com wss://ws.hotjar.com vimeo.com api.typeform.com noembed.com cdn2.sfstandard.com cdn3.sfstandard.com; frame-src 'self' *.sfstandard.com *.youtube.com youtube.com sfstandard.github.io player.vimeo.com datawrapper.dwcdn.net bandcamp.com www.google.com w.soundcloud.com playlist.megaphone.fm omny.fm open.spotify.com trytako.com www.trytako.com abc7news.com www.facebook.com embed.documentcloud.org nextdoor.com embed.reddit.com platform.twitter.com www.tiktok.com calmatters-reparations-calculator.netlify.app www.googletagmanager.com www.google.com *.doubleclick.net www.instagram.com iframely.shorthand.com citizen.com form.typeform.com dash.parsely.com forms.fillout.com; object-src 'self' *.sfstandard.com data:; media-src 'self' *.sfstandard.com blob:; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o4504205219004416.ingest.sentry.io/api/4504205221232640/security/?sentry_key=642f02aaa96c4e679673d2642c3c2782; report-to csp-endpoint 1
default-src https: wss: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src http: https: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.asicentral.com *.youtube.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.facebook.net *.vimeo.com *.googletagmanager.com/ *.deskpro.com *.pardot.com *.hotjar.com *.hotjar.io/ *.soundcloud.com/ *.linkedin.com *.twitter.com https://js.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com https://bat.bing.com https://translate.googleapis.com https://twitter.com https://reports.hrmdirect.com https://www.instagram.com https://www.tiktok.com https://cdnjs.cloudflare.com https://servedbyadbutler.com https://widgets.getsitecontrol.com https://kit.fontawesome.com https://ajax.googleapis.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://lf16-tiktok-web.ttwstatic.com https://public.flourish.studio https://code.jquery.com https://asicentral.tourial.com;object-src 'self' *.googlesyndication.com;style-src 'self' 'unsafe-inline' *.asicentral.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.deskpro.com *.google.com *.pardot.com *.hotjar.com *.hotjar.io/ https://*.fontawesome.com/ https://cdnjs.cloudflare.com https://reports.hrmdirect.com https://lf16-tiktok-web.ttwstatic.com;img-src 'self' data: *.asicentral.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io/ *.vimeocdn.com/ *.youtube.com/ *.google.com/ *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hsforms.com *.hubspot.com https://bat.bing.com https://assets-us1-cloud.deskpro.com https://syndication.twitter.com https://servedbyadbutler.com https://dashboard.umbraco.org https://dashboard.umbraco.com https://www.gravatar.com https://public.flourish.studio;media-src 'self' *.asicentral.com *.facebook.com *.vimeo.com/ *.youtube.com/;frame-src 'self' *.hotjar.com/ *.hotjar.io/ *.youtube.com/ *.asicentral.com/ *.vimeo.com/ *.hubspot.com *.google.com *.facebook.com *.facebook.net *.soundcloud.com/ *.linkedin.com https://twitter.com *.twitter.com https://asicentral.hrmdirect.com https://www.instagram.com https://lf16-tiktok-web.ttwstatic.com https://www.tiktok.com https://biteable.com https://datawrapper.dwcdn.net https://flo.uri.sh *.hsforms.com *.hs-scripts.com https://asicentral.tourial.com;font-src 'self' data: *.bootstrapcdn.com/ *.google.com/ https://fonts.gstatic.com *.fontawesome.com/ *.gstatic.com;base-uri 'self';child-src 'self' blob: data: *.vimeo.com *.google.com *.facebook.com *.youtube.com;form-action 'self' *.google.com *.facebook.com *.facebook.net *.asicentral.com *.jsdelivr.net *.hsforms.com;frame-ancestors 'self' *.asicentral.com;worker-src blob: https://www.asicentral.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' liberapay.com;connect-src 'self' *.liberapay.org;form-action 'self';img-src * blob: data:;object-src 'none';upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline'  https://base.mirror.xyz https://boards.greenhouse.io https://static-assets.coinbase.com/js/cca/v0.0.1.js https://cca-lite.coinbase.com;frame-ancestors 'self' https://base.mirror.xyz;form-action 'self' https://base.mirror.xyz; 1
script-src 'self' 'nonce-BjXE8S8oWh' 'strict-dynamic' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleoptimize.com https://cse.google.com https://www.google.com/cse/static https://staging2.webwinkelkeur.nl https://js.hellomedian.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://dashboard.webwinkelkeur.nl https://www.googleoptimize.com https://www.googleapis.com https://*.clarity.ms/collect https://ljj3ynf0ak.execute-api.eu-west-1.amazonaws.com/prod/isp-data https://cdn.linkedin.oribi.io https://*.belco.io wss://*.belco.io https://belco-prod.s3-eu-central-1.amazonaws.com/ https://js.hellomedian.com https://cdn.hellomedian.com https://hlg.tokbox.com/prod/ wss://socket.hellomedian.com https://staging2.webwinkelkeur.nl; object-src 'none' 1
default-src 'self' https: data: wss://*.zopim.com; frame-src 'self' https: api.tre.se; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; media-src https: data:; img-src 'self' https: blob: data: 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; font-src https: data: 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com always 1
default-src 'self';; base-uri 'self';; connect-src 'self' 'nonce-66431ff9a12ae8d32e00a1643830ce80' geolocation.onetrust.com 120-gkj-051.mktoutil.com 120-gkj-051.mktoresp.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com secure.adnxs.com cdn.cookielaw.org api.lever.co vimeo.com https://pagead2.googlesyndication.com googlesyndication.com https://investors.palantir.com https://palantir.com;; font-src 'self' fonts.gstatic.com;; frame-src 'self' 'nonce-66431ff9a12ae8d32e00a1643830ce80' 120-gkj-051.mktoweb.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ bid.g.doubleclick.net cdn.cookielaw.org player.vimeo.com www.youtube.com www.youtube-nocookie.com palantir.tfaforms.net www.google.com;; img-src 'self' 'nonce-66431ff9a12ae8d32e00a1643830ce80' cdn.cookielaw.org www.linkedin.com/px/ heapanalytics.com www.google.com googleads.g.doubleclick.net p.adsymptotic.com secure.adnxs.com px.ads.linkedin.com www.googletagmanager.com www.google-analytics.com https://ade.googlesyndication.com data: i.ytimg.com 'nonce-66431ff9a12ae8d32e00a1643830ce80';; script-src 'self' 'nonce-66431ff9a12ae8d32e00a1643830ce80' 120-gkj-051.mktoweb.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ snap.licdn.com munchkin.marketo.net palantir.tfaforms.net player.vimeo.com cdn.cookielaw.org https://*.googletagmanager.com;; style-src 'self' 'unsafe-inline' 120-gkj-051.mktoweb.com www.googletagmanager.com hello.myfonts.net fonts.googleapis.com palantir.tfaforms.net;; object-src 'none'; frame-ancestors 'self' https://resources.palantir.com;; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.danskespil.dk; report-uri /scapi/danskespil/security/csp/report; 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-494108a4f3735b40'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
connect-src 'self' https://*.fortnox.se https://apps-develop.alfa.fnox.se https://skatteverket.entryscape.net https://*.cision.com https://cdn.legaonline.se https://teamtailor-production.s3.eu-west-1.amazonaws.com https://api.friendlycaptcha.com https://*.freshchat.com https://sitegainer.com https://*.sitegainer.com https://cdn-sitegainer.com https://*.cdn-sitegainer.com https://*.symplify.com https://*.pro.ip-api.com https://connect.facebook.net https://api.addsearch.com https://export.highcharts.com/ https://fortnox.piwik.pro https://fortnox.containers.piwik.pro https://fortnox.piwik.pro/consent/collect https://stats.g.doubleclick.net https://www.google-analytics.com https://*.gstatic.com 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://snap.licdn.com https://match.adsby.bidtheatre.com https://fonts.googleapis.com https://*.upsales.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com/ http://*.hotjar.com/ https://*.hotjar.io http://*.hotjar.io wss://*.hotjar.com wss://*.sitegainer.com https://www.facebook.com; frame-ancestors https://*.fortnox.se; frame-src https://*.fortnox.se https://www.youtube.com https://player.vimeo.com https://vimeo.com https://fortnox.containers.piwik.pro https://*.freshchat.com https://*.hotjar.com/ https://sitegainer.com https://www.facebook.com/ https://static-fortnox.sendsafely.co.uk/html/dropzone.html https://export.highcharts.com https://td.doubleclick.net ; report-uri /api/cspreport 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://fast.wistia.com https://wistia.com https://fast.wistia.net https://pi.pardot.com https://static.addtoany.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://unpkg.com https://bam-cell.nr-data.net https://hackerone.com https://www2.earlywarning.com https://snap.licdn.com https://ws.zoominfo.com https://tags.clickagy.com https://aorta.clickagy.com  https://googleads.g.doubleclick.net https://js.zi-scripts.com https://img.en25.com; object-src 'none'; img-src 'self' https://www.google-analytics.com data: https://px.ads.linkedin.com https://aorta.clickagy.com https://dpm.demdex.net https://www.google.com https://trck.www4.earlywarning.com; media-src 'self' https://embed-ssl.wistia.com https://earlywarning.wistia.com; frame-src 'self' https://www.google.com https://fast.wistia.com https://earlywarning.wistia.com https://static.addtoany.com https://hackerone.com https://anchor.fm https://podcasters.spotify.com https://td.doubleclick.net; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com data: https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.linkedin.oribi.io https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com; report-uri /report-csp-violation 1
default-src 'self' https://*.unicatt.it https://*.adobe.com https://*.cookielaw.org https://*.cookiepro.com https://documentservices.adobe.com https://errors.adobeamcloud.com/ https://documentcloud.adobe.com https://viewlicense.adobe.io https://acsbapp.com https://*.onetrust.com https://*.spreaker.com https://*.linkedin.oribi.io https://*.youtube-nocookie.com https://*.adform.net https://*.panopto.eu https://*.linkedin.com https://*.licdn.com https://*.doubleclick.net https://*.instagram.com https://*.youtube.com https://*.googleapis.com https://*.joomag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.it https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://*.fbcdn.net https://*.quantserve.com https://*.issuu.com https://*.dwcdn.net https://*.spotify.com https://*.ingvq.org https://*.googleadservices.com https://*.googletagmanager.com https://*.bing.com https://*.youtu.be https://*.acsbapp.com https://*.onetrust.io https://player.vimeo.com/ https://unicattolica.tfaforms.net https://fonts.gstatic.com/ https://applets.ebxcdn.com; worker-src blob:; script-src-elem 'self' https://acrobatservices.adobe.com https://*.unicatt.it https://code.jquery.com/ https://documentcloud.adobe.com https://documentservices.adobe.com https://errors.adobeamcloud.com/ https://viewlicense.adobe.io https://*.instagram.com https://www.unicatt.it.seg.js/ https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://npmcdn.com/ https://*.jsdelivr.net/ https://*.quantserve.com https://*.quancount.com https://*.googleapis.com https://*.linkedin.com https://*.googletagmanager.com https://*.licdn.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com  https://*.google-analytics.com https://*.twitter.com https://cdn.syndication.twimg.com https://*.spreaker.com https://*.google.it https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.bing.com https://*.googleadservices.com https://*.virtualearth.net https://*.adform.net https://acsbapp.com https://*.onetrust.io https://unicattolica.tfaforms.net https://applets.ebxcdn.com https://fonts.gstatic.com/ 'unsafe-inline' blob:; script-src 'self' https://*.unicatt.it https://*.cookielaw.org https://errors.adobeamcloud.com/ https://documentcloud.adobe.com https://viewlicense.adobe.io https://*.cookiepro.com https://*.onetrust.com https://www.unicatt.it.seg.js/ https://*.google.it https://npmcdn.com/ https://*.jsdelivr.net/ https://*.quantserve.com https://*.quancount.com https://*.googleapis.com https://*.linkedin.com https://*.googletagmanager.com https://*.licdn.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com  https://*.google-analytics.com https://*.twitter.com https://cdn.syndication.twimg.com https://*.spreaker.com https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.bing.com https://*.googleadservices.com https://*.virtualearth.net https://*.adform.net https://acsbapp.com https://*.onetrust.io https://unicattolica.tfaforms.net https://applets.ebxcdn.com https://fonts.gstatic.com/ 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src 'self' https://*.unicatt.it https://errors.adobeamcloud.com/ https://fonts.googleapis.com https://applets.ebxcdn.com https://*.twimg.com https://code.jquery.com/ https://*.twitter.com https://*.bing.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://fonts.gstatic.com/ 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src 'self' https://static.unicatt.it https://acsbapp.com/ https://*.acsbapp.com/ https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://applets.ebxcdn.com https://fonts.gstatic.com/ data:; 1
img-src 'self' 'nonce-fopneshFejnihegOfGeahyryahiOk' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat pay.google.com; style-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; frame-ancestors 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://pay.google.com; frame-src 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://pay.google.com; font-src 'self' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat fonts.gstatic.com; manifest-src 'self' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://pay.google.com; connect-src 'self' https://storage.crisp.chat https://stats.g.doubleclick.net https://www.google.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://google.com/pay https://pay.google.com; default-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; 1
frame-ancestors 'self' digitalregisterdev.azurewebsites.net digitalregisteruat.azurewebsites.net digitalregister.azurefd.net focus24.genpact.com; upgrade-insecure-requests; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' www.cotswoldoutdoor.com preview.cotswoldoutdoor.com cotswoldoutdoor.com m.cotswoldoutdoor.com knowledge.cotswoldoutdoor.com product001.cotswoldoutdoor.com product002.cotswoldoutdoor.com product003.cotswoldoutdoor.com product004.cotswoldoutdoor.com ; 1
upgrade-insecure-requests; default-src 'self'; img-src * data: cdn.evergage.com; style-src ws1.postescanada-canadapost.ca widget.alongside.com 'unsafe-inline' *.twitter.com ton.twimg.com tagmanager.google.com sp.analytics.yahoo.com 'self' s.yimg.com optimize.google.com https://www.googletagmanager.com/debug/badge.css fonts.googleapis.com *.evergage.com cdn.evergage.com; font-src 'self' fonts.gstatic.com data:; media-src *.youtube.com 'self' cdn.evergage.com blob:; object-src 'self'; form-action www.facebook.com *.twitter.com tr.snapchat.com sp.analytics.yahoo.com 'self' s.yimg.com *.alc.ca; script-src www.googletagmanager.com www.googleadservices.com www.google.com www.google-analytics.com www.facebook.com ws1.postescanada-canadapost.ca widget.alongside.com 'unsafe-inline' 'unsafe-eval' *.twitter.com *.twimg.com tagmanager.google.com static.ads-twitter.com sp.analytics.yahoo.com *.serving-sys.com 'self' secure.quantserve.com secure.adnxs.com sc-static.net s.yimg.com rules.quantcount.com *.rfihub.com r.turn.com *.pariplaygames.com optimize.google.com *.niceincontact.com *.nglotteries-us.com *.mkodo.net *.mkodo.com *.igodigital.com hosted.paysafe.com *.gracenote.com *.game-mode.net *.g2-networks.com *.finrings.com *.everi-interative.com *.evergage.com *.doubleclick.net *.connextra.com connect.facebook.net *.cloudfront.net cdn.evgnet.com cdn.evergage.com c1.rfihub.net atlanticlottery.us-1.evergage.com atlanticlottery.evergage.com *.adnxs.com *.google-analytics.com *.snapchat.com *.redditstatic.com; connect-src www.google.com www.facebook.com ws1.postescanada-canadapost.ca *.paysafe.com sp.analytics.yahoo.com 'self' s.yimg.com promo.alc.ca *.nglotteries-us.com *.mkodo.net *.mkodo.com livechat.alc.ca *.google-analytics.com *.game-mode.net *.doubleclick.net cdn.evgnet.com cdn.evergage.com api.ipify.org adservice.google.com *.evergage.com *.connextra.com *.snapchat.com; frame-src *.youtube.com www.facebook.com *.paysafe.com *.twitter.com tr.snapchat.com sp.analytics.yahoo.com 'self' *.rgsgames.com *.rfihub.com *.pariplaygames.com optimize.google.com *.nyxop.net *.niceincontact.com *.nglotteries-us.com *.mentor-na.neccton.com *.gracenote.com *.g2-networks.com *.finrings.com *.everi-interactive.com *.doubleclick.net *.casinarena.com blob: *.alc.ca *.wi-gameserver.com *.adobe.com *.adnxs.com *.connextra.com; frame-ancestors 'self' *.pariplaygames.com *.nyxop.net *.nglotteries-us.com *.everi-interactive.com *.contobox.com *.casinarena.com author.alc.ca *.wi-gameserver.com; worker-src 'self';  1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' https: data: blob:; connect-src 'self' https:; style-src 'self' 'unsafe-inline' https:; form-action 'self'  https:; frame-src 'self' https: blob: 1
default-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; script-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; style-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; object-src 'none'; img-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://mrd.ninja data: blob:; media-src https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net; block-all-mixed-content; 1
default-src 'self' https://storage.googleapis.com https://accounts.google.com https://www.google-analytics.com; child-src 'self' https://www.youtube.com https://storage.googleapis.com https://talkgadget.google.com https://accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com data: https://code.jquery.com https://www.google.com https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://ajax.cdnjs.com https://s.ytimg.com; img-src 'self' https://storage.googleapis.com https://www.google.com data: https://i.ytimg.com data: https://onlinecourses-archive.nptel.ac.in https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com; font-src 'self' https://fonts.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com data:; object-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/ https://p.typekit.net https://use.typekit.net https://loves-stage.quiq-api.com https://static.quiq-cdn.com https://resources.digital-cloud-west.medallia.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://316202.tctm.co/p.js https://316202.tctm.co/t.js http://assets.adobedtm.com https://assets.flex.twilio.com https://cdn.appdynamics.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dni.trumeasure.com https://i.simpli.fi https://img03.en25.com/ https://insight.adsrvr.org/track/up https://js.adsrvr.org/up_loader.1.1.0.js https://loves.quiq-api.com https://loves-cep-socket-ssl.herokuapp.com http://*.google.com https://www.google-analytics.com https://loves-stage.quiq-api.com https://sentry.goquiq.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://static.quiq-cdn.com https://tag.simpli.fi https://use.typekit.net https://316202.cctm.xyz/t.js consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com https://googleads.g.doubleclick.net https://resources.digital-cloud-west.medallia.com/ https://secure.informationcreativeinnovative.com; img-src 'self' data: https: http://authoringstg.loves.com https://*.googleapis.com https://*.gstatic.com; frame-src 'self' https://*.google.com https://insight.adsrvr.org/ https://loves-stage.quiq-api.com https://sentry.goquiq.com https://loves.quiq-api.com https://static.quiq-cdn.com/ https://www.act-news.com/ https://www.youtube.com https://resources.digital-cloud-west.medallia.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; connect-src 'self' https://col.eum-appdynamics.com/eumcollector/beacons/browser/v2/AD-AAB-AAP-AVU/adrum https://col.eum-appdynamics.com https://loves-stage.quiq-api.com https://sentry.goquiq.com https://loves.quiq-api.com https://loves-cep-socket-ssl.herokuapp.com wss://loves-cep-socket-ssl.herokuapp.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://*.gstatic.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com https://resources.digital-cloud-west.medallia.com/ https://secure.informationcreativeinnovative.com; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: ws: mediastream: filesystem: iurny.com *.iurny.com indigitall.com *.indigitall.com *.stornaway.io s.w.org *.w.org *.fontawesome.com *.gravatar.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net snap.licdn.com *.linkedin.com stats.g.doubleclick.net *.google.com *.google.es *.gstatic.com; frame-ancestors 'none'; connect-src 'self' wss: cdn.linkedin.oribi.io *.indigitall.com *.google.com *.linkedin.com; 1
base-uri 'none';object-src 'none';connect-src 'self' https: *.google-analytics.com wss://nexus-websocket-a.intercom.io blob:;default-src 'self' blob: https://1874966808.rsc.cdn77.org;font-src 'self' https: data: https://1874966808.rsc.cdn77.org;frame-src 'self' https://accounts.google.com https://www.google.com https://www.facebook.com https://webforms.pipedrive.com https://td.doubleclick.net/ https://intercom-sheets.com/ https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.loom.com;img-src 'self' https: blob: data: *.googletagmanager.com a.storyblok.com img2.storyblok.com;media-src 'self' https: blob: data: a.storyblok.com;report-uri https://fe7d76b887471114b1ffc4f4c426faa7.report-uri.com/r/d/csp/enforce;script-src 'unsafe-inline' 'unsafe-eval' https: 'self' https://apis.google.com https://www.googletagmanager.com https://www.clarity.ms http://app.storyblok.com https://widget.intercom.io https://app.intercom.io https://js.intercomcdn.com https://1874966808.rsc.cdn77.org;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://1874966808.rsc.cdn77.org 1
frame-ancestors self https://signup.buildbox.com http://login-redirect.buildbox.com https://www.surveymonkey.com/r/K3GMYZC https://www.surveymonkey.com/r/QRNB36V https://www.surveymonkey.com 1
script-src 'self' 'sha256-q3WPosO4ONuL9p9ddEof/RtCIL08oBEgIPy68LjtLi8=' 'sha256-tMi+Pw5dWcckZaS5akdDvLbCRNPU47NUC7hBXzfNY9o=' 'sha256-rl5eji7XRCo2LMjj9lSpETeAroYm6eXnYZ57qpVunAQ=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-PjdrWslsi4D6PN2ig+ljhmG5YLxPL647O0B9KAK8+lk=' 'sha256-51q9Jkddg0uc+3FW6ecf6jkMOr8hVAVNsxsw7gNqjjk=' 'sha256-Xh45oAnXb7apbW4QE7QEbCe4zGVzgNybHVUWDG6nMc0=' 'sha256-cWlUrd0XAxbUuEowrgGTAJOgrrFZ+Zg7KoqM0zoJi/c=' 'sha256-DRZpXPn1GCIU7BPkJ/xb/k/iZ9VtNhB0kL+R0rAyVOo=' 'sha256-MlR+o2h5r9m8DdZk1GxjLKOiL57reuEkcKKNf5Q/Xk0=' 'sha256-5z0mqfXoQdaswiTfD0q5tdra5kMX3TaXEcjX8FbSJ9c=' 'sha256-U3i1w5pESFxExrmA/RmoulibY0UtRJ6+N061RYm8GzQ=' 'sha256-iiOEk8AzgueoHkB1wHTEuNyZzJ7PvNGcU8Cf3C6QknM=' 'sha256-P3SvISywA0roA0BYCMQYftzdU53nkW8e/5A/Pqa0Zk4=' 'sha256-USTrNh+UNt+mBiIBvECPo0xWO3Z9yuN4yGO4XXSCqv8=' 'sha256-1OJoWFTRiz5Qn0QNWZG5lJWTi4v5otVmw+QefdOjXOg=' 'sha256-OpsdwbNy6088hMQRrp63vUqHaaEPpgKXuH18niYVZ34=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-sWITfQ9rgDwKqksaLnQ9nrqSB5J+KfaUaMNSgpKYL0Y=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-xV97M+lSIvvvSpx63GR/fApoy8sg47XkGkZkkn7RsaU=' 'sha256-FtmNZCwIPFBoItSYSjqyebn0K4W8YbpzinowGObyiZg=' 'sha256-ei+7cqqHXuFtO9PVrcrvAyAFNah0YT48+ecxANvdaik=' 'sha256-hvnpRxZVTvw5G7LyHI5AF8admAm/kEr0s1SkmYWtcN8=' 'sha256-buShqqvpyfyMytAevbY3Cjy6zZFEooyWtg42vUWrhiw=' 'sha256-pEnT8DjKoi+LpcY3MB2rFTqFbcBwMcR/g+iii2HQ2LM=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-ZP3UmfOigbNFUDcrEIKj8yU0+7jeU/C4qxJ/4n4HRQo=' 'sha256-ETgXJJ3OuVkQgNb5lDzSYwJGbxchLQb3VoGwqsfYIGk=' 'sha256-mZWo2sJSmaBLGkgCpXLPpAnnLbfPaO68xCZUgjaMxVM=' 'sha256-ztI/hQqEXQp1679LG8zjtYNYa2ldiTNQJhKeNFmREiY=' 'sha256-ThwGm6ahqfkxEBtaLrV/Zo+m8ikXvcLQR4xvkp6rmug=' 'sha256-XBKoMsWPfwL9SoDgTp5Lz8RshbkmVaxQ14jQri56NjY=' 'sha256-icc0pV/PKFETIr4EibMH9gavAdBt4iL2Q28lk2GspWQ=' 'sha256-032BSw0ElgNhMyldQkJHl1X+Do+kj2rqiaK7rMQpcDs=' 'sha256-wxLN/Ivd2DLbX9YgtTaC3nt3DyofMHoUSFoaxscfjUE=' assets.adobedtm.com www.youtube.com cdn.cookielaw.org js.hs-scripts.com p.teads.tv js.adsrvr.org js.hsadspixel.net js.hs-banner.com js.hs-analytics.net connect.facebook.net demdex.net www.google.com www.gstatic.com www.googletagmanager.com tags.srv.stackadapt.com zn097ucyqha0b5qpt-aramark.siteintercept.qualtrics.com www.googleadservices.com siteintercept.qualtrics.com tag.demandbase.com privacyportaluat.onetrust.com static.hotjar.com script.hotjar.com hotjar.com platform.twitter.com www.instagram.com srv.stackadapt.com www.stackadapt.com https://embedsocial.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; style-src 'self' *.changiairport.com fonts.googleapis.com *.fontawesome.com https://tagmanager.google.com/ stackpath.bootstrapcdn.com *.skyscnr.com 'unsafe-inline'; font-src 'self' *.changiairport.com fonts.googleapis.com *.fontawesome.com fonts.gstatic.com stackpath.bootstrapcdn.com 'unsafe-inline'; connect-src 'self' * *.changiairport.com; frame-src 'self' * 1
script-src  'self' 'unsafe-eval' 'unsafe-inline'  https://*.inno.tech https://siteapi.inno.tech https://stream.datago.ru  https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net   https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://*.inno.tech https://siteapi.inno.tech    https://yastatic.net; img-src * data:; font-src 'self' data: https://*.inno.tech https://siteapi.inno.tech    https://yastatic.net; media-src 'self' blob: https://*.inno.tech https://siteapi.inno.tech   ; frame-src 'self' blob: https://*.inno.tech https://siteapi.inno.tech https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:*   https://yastatic.net https://mc.yandex.ru; connect-src 'self' blob: https://*.inno.tech https://siteapi.inno.tech https://stream.datago.ru   https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/   https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; frame-ancestors 'self' https://*.inno.tech https://siteapi.inno.tech  ; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: blob: 'unsafe-inline'; style-src 'self' data: blob: 'unsafe-inline' *.connatix.com; 1
frame-ancestors 'self' *.wellspan.org *.epic.com *.medchatapp.com 1
frame-ancestors 'self'; frame-src 'self' web106.reachmee.com res.statisticsstudio.com play.mediaflowpro.com www.youtube.com *.readspeaker.com ssres.azureedge.net consentcdn.cookiebot.com www.google.com survey.extellio.com; form-action 'self' *.readspeaker.com www.anpdm.com; base-uri 'self'; default-src 'self'; font-src 'self' data:; script-src 'self' 'nonce-2moGaySaCRsxPy7KQoaPK5MOLWgqmESes/gE0qRGte8=' 'strict-dynamic' consent.cookiebot.com consentcdn.cookiebot.com cdn1.readspeaker.com script.extellio.com m.extellio.com; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' matomo.folkhalsomyndigheten.se i.creativecommons.org licensebuttons.net im16.inviewer.se assets.mediaflowpro.com *.readspeaker.com; connect-src 'self' consentcdn.cookiebot.com *.readspeaker.com matomo.folkhalsomyndigheten.se script.extellio.com m.extellio.com; 1
default-src 'self' klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com js.playground.klarna.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com analytics.fatmedia.io app.usercentrics.eu bam.nr-data.net bat.bing.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com js.braintreegateway.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com code.jquery.com connect.facebook.net dmp.theadex.com js-agent.newrelic.com recommender.scarabresearch.com s.pinimg.com sc-static.net sslwidget.criteo.com st-eu.dynamicyield.com st.dynamicyield.com static.criteo.net fledge.eu.criteo.com staticw2.yotpo.com tagmanager.google.com the.sciencebehindecommerce.com www.awin1.com www.dwin1.com www.google-analytics.com www.googletagmanager.com www.zenaps.com x.klarnacdn.net channels-api.zenloop.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com cdn.scarabresearch.com cdnjs.cloudflare.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com www.google.com www.google.pl static.hotjar.com script.hotjar.com www.googleadservices.com static.scarabresearch.com recommender-eu.scarabresearch.com s2.adform.net track.adform.net widgets.trustedshops.com cdn.flaconi.de maxcdn.bootstrapcdn.com d-uat.criteo.com cdn.jsdelivr.net dynamic.criteo.net dynamic.criteo.com www.hlserve.com ad4m.at s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net trk.cytelligence.io gui.display.prod.app.funnelplus.com *.hotjar.com cdn.safecharge.com; img-src 'self' data: * ad4m.at *.adserver01.de *.adc-serv.net *.df-srv.de *.adition.com *.ad4mat.de *.doubleclick.net *.adscale.de *.twiago.com *.casalemedia.com *.adfarm1.adition.com *.adform.net *.adnxs.com *.taboola.com *.kupona.de *.smartadserver.com *.pubmatic.com *.yieldlab.net s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net *.hotjar.com cdn.safecharge.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com cdn.flaconi.de cdn.flaconi.at cdn.flaconi.pl cdn.flaconi.fr images.ctfassets.net fonts.googleapis.com hello.myfonts.net staticw2.yotpo.com tagmanager.google.com www.googletagmanager.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d-uat.criteo.com gui.display.prod.app.funnelplus.com *.hotjar.com cdn.safecharge.com; font-src 'self' https://themes.googleusercontent.com data: * cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com cdn.flaconi.de fonts.googleapis.com fonts.gstatic.com staticw2.yotpo.com p.yotpo.com *.hotjar.com; frame-src 'self' gum.criteo.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com js.klarna.com js.playground.klarna.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com resources.sandbox.oscato.com resources.live.oscato.com static.criteo.net fledge.eu.criteo.com tr.snapchat.com www.awin1.com www.facebook.com www.google.com www.youtube.com www.zenaps.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com vars.hotjar.com creativecdn.com ln-rules.rewardstyle.com d-uat.criteo.com www.pinterest.com hal9000.redintelligence.net ad4m.at *.ad4mat.net emperia.digital s.uicdn.com d.c.cdnsrv.de t.uimserv.net ct.pinterest.com *.ad-srv.net gui.display.prod.app.funnelplus.com flaconi-gmbh.leadfamly.com flaconi-gmbh.campaign.playable.com *.playable.com campaign-zone-1.api.leadfamly.com flaconi.de www.flaconi.de cdn.safecharge.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local flaconi.frontastic.io www.flaconi.de; object-src 'self'; connect-src 'self' ws: wss: wss: * api.usercentrics.eu cdn-eu.dynamicyield.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com rcom-eu.dynamicyield.com st-eu.dynamicyield.com staticw2.yotpo.com p.yotpo.com www.google-analytics.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com *.hotjar.com *.hotjar.io; media-src 'self' videos.ctfassets.net; script-src-elem 'self' 'unsafe-inline' adm.dynamicyield.eu analytics.fatmedia.io app.usercentrics.eu bam.nr-data.net bat.bing.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com cdn.dynamicyield.com cdn.scarabresearch.com code.jquery.com connect.facebook.net dmp.theadex.com js-agent.newrelic.com recommender.scarabresearch.com s.pinimg.com sc-static.net sslwidget.criteo.com st-eu.dynamicyield.com static.criteo.net staticw2.yotpo.com tagmanager.google.com the.sciencebehindecommerce.com www.awin1.com www.dwin1.com www.google-analytics.com www.googletagmanager.com www.zenaps.com x.klarnacdn.net zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com cdnjs.cloudflare.com channels-api.zenloop.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com static.hotjar.com script.hotjar.com www.googleadservices.com static.scarabresearch.com recommender-eu.scarabresearch.com s2.adform.net track.adform.net widgets.trustedshops.com cdn.flaconi.de maxcdn.bootstrapcdn.com cdn.jsdelivr.net ln-rules.rewardstyle.com analytics.tiktok.com dynamic.criteo.net dynamic.criteo.com fledge.eu.criteo.com d-uat.criteo.com www.hlserve.com pagead2.googlesyndication.com *.clarity.ms p.yotpo.com cdn-widget-assets.yotpo.com w2.yotpo.com lantern.roeyecdn.com www.youtube.com ad4m.at s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net r.df-srv.de trk.cytelligence.io gui.display.prod.app.funnelplus.com cdn.safecharge.com 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-0ed5b9e93b5f8e7cb368a3d4a3b11cfe' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=18.12.23; 1
frame-ancestors 'self'; object-src 'self'; report-to csp-endpoint; report-uri /csp; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net *.siftscience.com *.nxjimg.com *.corporateperks.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.perksatwork.com *.cloudflare.com *.zopim.com unpkg.com *.zdassets.com data: blob: *.tinymce.com *.partnerbookingkit.com *.forter.com *.rezserver.com *.jsdelivr.net *.datatables.net *.expedia.com ; upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
default-src 'self' https://curator-assets.b-cdn.net *.umbraco.org *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.googleapis.com *.gstatic.com *.typekit.net *.vo.msecnd.net *.services.visualstudio.com local.ecom.com local.saa.co.uk assets.local.saa.co.uk:9730 *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io *.facebook.net *.facebook.com; connect-src 'self' *.civiccomputing.com *.linkedin.oribi.io *.search.windows.net *.google-analytics.com *.vo.msecnd.net *.services.visualstudio.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.paypal.com http://localhost:9730  ws://localhost:9730 *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io *.facebook.net *.facebook.com *.doubleclick.net *.vo.msecnd.net *.services.visualstudio.com *.google.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.typekit.net hello.myfonts.net local.ecom.com assets.local.saa.co.uk:9730 *.worldpay.com *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io *.mailchimp.com *.facebook.net *.facebook.com *.googletagmanager.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.vo.msecnd.net *.services.visualstudio.com; script-src 'self' 'unsafe-eval' *.list-manage.com mc-validate.js  *.civiccomputing.com *.googletagmanager.com *.google.com 'unsafe-inline' *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.google-analytics.com *.gstatic.com *.google.com *.googletagmanager.com *.vo.msecnd.net *.services.visualstudio.com local.ecom.com *.worldpay.com *.paypal.com assets.local.saa.co.uk:9730 cc-cdn.com cdn.jsdelivr.net *.nosto.com *.craftyclicks.co.uk *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io s3.amazonaws.com *.facebook.net *.facebook.com *.licdn.com http://browser-update.org/update.min.js *.vo.msecnd.net *.services.visualstudio.com js.monitor.azure.com *.youtube.com analytics.tiktok.com; img-src * data: 'unsafe-inline' *.gstatic.com local.ecom.com assets.local.saa.co.uk:9730 *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io *.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.vo.msecnd.net *.services.visualstudio.com i.ytimg.com; frame-src 'self' *.google.com *.youtube.com www.youtube-nocookie.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.3dsecure.net *.arcot.com local.ecom.com *.paypal.com *.worldpay.com *.kustomerapp.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.youngminds.org.uk *.curator.io *.facebook.net *.facebook.com *.doubleclick.net *.publitas.com; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ODg3ZWNmYzEtYzZhZC00MDQ5LThjMDItOWY0NDU1OTEzNzJh'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: https://*.localhost https://picsum.photos https://*.picsum.photos https://*.bootstrapcdn.com https://*.convergepay.com https://*.clearsale.com.br https://*.cloudfront.net https://*.cloudflare.com https://*.cloudflareinsights.com https://d3js.org https://*.datatables.net https://*.doubleclick.net https://*.facebook.net https://*.getdrip.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.grindworx.com https://*.gstatic.com https://*.ipqualityscore.com https://*.instagram.com https://*.jsdelivr.net https://*.jquery.com https://localhost:8443 wss://localhost:8443 https://mclth.com https://*.newrelic.com https://*.nr-data.net https://api.qrserver.com https://*.searchspring.com https://*.searchspring.net https://*.searchspring.io https://*.shareasale.com https://shareasale.com https://*.sleeknote.com https://unpkg.com https://*.ytimg.com https://*.youtube.com https://*.zdassets.com https://bladehq.zendesk.com https://*.bladehq.com https://*.gravatar.com https://hooks.slack.com https://*.amazonaws.com https://*.fontawesome.com https://*.tailwindcss.com https://*.authorize.net https://*.signifyd.com https://*.online-metrix.net https://fonts.bunny.net https://*.luckyorange.com; 1
frame-ancestors 'self' https://*.firstrepublic.com eagleinvest.futureadvisor.com firstrepublicbank.experiencecloud.adobe.com 10to8.com us.10to8.com firstrepublic.seismic.com client.firstrepublic.com; default-src blob: firstrepublic data: https: 'self' wss:; script-src thefontzone.com *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.comfe.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com *.tiles.mapbox.com  app.link dpm.demdex.net 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' 'unsafe-inline'; font-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self'; img-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' data:; worker-src 'self' blob: firstrepublic; 1
frame-ancestors 'self' *.naturum.ne.jp *.naturum.co.jp 1
frame-ancestors https://www.chasepaymentechhostedpay.com https://havenlife.com 1
default-src 'none'; frame-ancestors https://*.bookmate.ru https://bookmate.ru; connect-src 'self'; script-src 'nonce-6ca5e0385c306764be13fcf97c1e8607' 'self'; img-src 'self' 1
default-src 'self' *.clario.co *.kromtech.net;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com https://*.google.com https://*.hotjar.com *.clario.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.trustpilot.com https://dl2.clario.co/;child-src 'self';img-src 'self' *.kromtech.net *.clario.co *.ytimg.com data: *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.taboola.com *.googletagmanager.com *.clarity.ms *.linkedin.com/ https://p.adsymptotic.com https://impressions.onelink.me https://unpkg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clario.co *.google.com *.taboola.com https://*.google.com *.gstatic.com https://*.gstatic.com *.google-analytics.com https://*.google-analytics.com *.googletagmanager.com https://*.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com https://*.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net https://*.kromtech.net *.doubleclick.net *.youtube.com *.ytimg.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleoptimize.com/ https://snap.licdn.com https://websdk.appsflyer.com *.trustpilot.com *.sentry-cdn.com http://cdn.mxpnl.com *.mackeeper.com *.clarity.ms https://api.account.mackeeper.com https://api.account.sz.mackeeper.com;style-src 'self' 'unsafe-inline' *.clario.co *.googleapis.com *.kromtech.net https://*.kromtech.net *.google.com *.googletagmanager.com https://zchat.account.sz.clario.co https://zchat.account.clario.co https://zchat.account.mackeeper.com https://zchat.account.sz.mackeeper.com;font-src 'self' data: *.clario.co *.gstatic.com *.hotjar.com *.kromtech.net https://*.kromtech.net https://zchat.account.sz.clario.co https://zchat.account.clario.co https://cdn.appsflyer.com https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com;object-src 'self';connect-src 'self' *.clario.co http://clario.co https://clario.co *.google.com *.kromtech.net http://lumis.com http://kromtech.net https://kromtech.net *.facebook.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google-analytics.com *.taboola.com wss://*.hotjar.com https://*.hotjar.com https://firebasedynamiclinks.googleapis.com/ *.appsflyer.com https://sentry.cloudmccloud.com https://api-js.mixpanel.com https://crm.account.mackeeper.com https://crm.account.sz.mackeeper.com https://chat-crm.account.mackeeper.com https://chat-crm.account.sz.mackeeper.com/ *.mackeeper.com *.clarity.ms https://api.account.mackeeper.com https://api.account.sz.mackeeper.com https://api-ne.mackeeper.com 1
frame-ancestors 'self' *.weebly.com 1
script-src 'unsafe-inline' 'unsafe-eval' https:;default-src https:;style-src https: 'unsafe-inline';img-src https: data:;font-src https: data: 1
default-src 'none';media-src 'self';style-src 'self' https: 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com;  img-src 'self' data: cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com; ;connect-src 'self' cdn.cookielaw.org region1.google-analytics.com ;manifest-src 'self' cdn.cookielaw.org; report-uri /csp_report_parser; 1
img-src data: https: 1
connect-src *; frame-src *; media-src blob: https:; style-src * 'unsafe-inline'; 1
default-src 'self' https: http: *.akamaihd.net *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.rfihub.com *.rfihub.net s.amazon-adsystem.com *.googletagmanager.com *.doubleclick.net *.mopartireprogram.com *.tweddle.com *.chryslerbrochures.com *.fcacert.com *.youtube.com *.ytimg.com externalservices.mopar.com *.2o7.net data: *.gstatic.com *.googleapis.com *.mopar.com moparvehicles.azurewebsites.net fcaownersmanuals.blob.core.windows.net fcaownersmanuals.azurewebsites.net *.bing.com *.go-mpulse.net graph.facebook.com *.google-analytics.com *.google.com msmownerassets.z13.web.core.windows.net *.cookielaw.org *.crazyegg.com *.treasuredata.com fcaentrpmoparusapreprod.com api.mopar.com *.2o7.net *.azureedge.net *.iperceptions.com *.wagoneer.com *.alfaromeo.com *.netcheckin.com *.yimg.com *.yahoo.com *.fiatusa.com *.chryslerusa.com *.dodgeusa.com app-genai-be-uc4b-p.azurewebsites.net app-genai-fe-uc4b-p.azurewebsites.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.akamaihd.net *.gigya.com *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.doubleclick.net *.mopartireprogram.com *.apcisg.com *.nextgen-technology.net *.netmng.com *.rfihub.com *.rfihub.net s.amazon-adsystem.com *.googletagmanager.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.facebook.net *.ads-twitter.com analytics.twitter.com *.bluekai.com and *.bkrtx.com *.fcacert.com *.google-analytics.com *.googleapis.com *.ytimg.com *.youtube.com dpm.demdex.net assets.adobedtm.com tt.mbww.com *.salesforceliveagent.com *.chryslerbrochures.com moparvehicles.azurewebsites.net fcaownersmanuals.blob.core.windows.net fcaownersmanuals.azurewebsites.net *.bing.com *.go-mpulse.net graph.facebook.com *.google.com *.mopar.com msmownerassets.z13.web.core.windows.net *.cookielaw.org *.crazyegg.com *.treasuredata.com fcaentrpmoparusapreprod.com api.mopar.com *.2o7.net *.azureedge.net *.iperceptions.com *.wagoneer.com *.alfaromeo.com *.netcheckin.com *.yimg.com *.yahoo.com *.fiatusa.com *.chryslerusa.com *.dodgeusa.com app-genai-be-uc4b-p.azurewebsites.net app-genai-fe-uc4b-p.azurewebsites.net; connect-src 'self' *.akstat.io *.fcacert.com *.akamaihd.net *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.rfihub.com *.rfihub.net s.amazon-adsystem.com *.googletagmanager.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.googleapis.com *.doubleclick.net dpm.demdex.net *.mopartireprogram.com externalservices.mopar.com *.gigya.com moparvehicles.azurewebsites.net fcaownersmanuals.blob.core.windows.net fcaownersmanuals.azurewebsites.net *.bing.com *.go-mpulse.net graph.facebook.com *.google.com *.google-analytics.com *.mopar.com msmownerassets.z13.web.core.windows.net *.cookielaw.org *.crazyegg.com *.treasuredata.com fcaentrpmoparusapreprod.com api.mopar.com *.2o7.net *.azureedge.net *.iperceptions.com *.wagoneer.com *.alfaromeo.com *.netcheckin.com *.yimg.com *.yahoo.com *.fiatusa.com *.chryslerusa.com *.dodgeusa.com app-genai-be-uc4b-p.azurewebsites.net app-genai-fe-uc4b-p.azurewebsites.net; style-src 'self' 'unsafe-inline' *.mopartireprogram.com *.azureedge.net moparvehicles.azurewebsites.net fcaownersmanuals.blob.core.windows.net *.bing.com *.go-mpulse.net graph.facebook.com *.google-analytics.com *.googleapis.com fcaownersmanuals.azurewebsites.net *.mopar.com msmownerassets.z13.web.core.windows.net *.cookielaw.org *.crazyegg.com *.treasuredata.com fcaentrpmoparusapreprod.com api.mopar.com *.2o7.net *.iperceptions.com *.wagoneer.com *.alfaromeo.com *.netcheckin.com *.yimg.com *.yahoo.com *.fiatusa.com *.chryslerusa.com *.dodgeusa.com app-genai-be-uc4b-p.azurewebsites.net app-genai-fe-uc4b-p.azurewebsites.net; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.ads-twitter.com/uwt.js https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/partner/3073578/domain/kfupm.edu.sa/token https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self' contentassistant.eu.siteimprove.com id.eu.siteimprove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com:* https://*.google-analytics.com https://e.infogram.com cdn.siteimprove.net cdn.jsdelivr.net snap.licdn.com connect.facebook.com connect.facebook.net app.socialsignin.net static.hotjar.com script.hotjar.com *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com fonts.google.com fonts.googleapis.com *.youtube.com; img-src * 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; media-src *; frame-src 'self' www.youtube.com youtube.com; child-src 'self' *.youtube.com; font-src fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' region1.google-analytics.com socsi.in; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/ https://cdn.cookielaw.org https://platform.twitter.com https://cdn.syndication.twimg.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.adobe.com; img-src 'self' data: https://p.typekit.net https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://i.vimeocdn.com https://i.ytimg.com https://platform.twitter.com *.twimg.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://platform.twitter.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.google.com https://www.youtube.com https://s.ytimg.com https://html5-player.libsyn.com https://player.vimeo.com https://gb.ui.nextspace-uat.net https://gb.nav.nextspace-uat.net https://players.brightcove.net https://cdn.yoshki.com *.twitter.com https://gb.nav.nextspace.host; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; frame-ancestors 'self' https://www.gtlaw.com https://newintranet.gtlaw.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.infragistics.com https://*.infragistics.co.kr; 1
img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://www.linkedin.com https://cdn.linkedin.oribi.io http://ads.tiktok.com https://maps.googleapis.com https://*.googleapis.com *.google.com https://*.gstatic.com https://player.vimeo.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api/fallback https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api/siteverify https://www.google.com/recaptcha/api2/bframe https://www.youtube.com https://www.googleadservices.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js fonts.googleapis.com maps.gstatic.com fonts.gstatic.com https://track.omguk.com https://secure.quantserve.com *.omguk.com quantserve.com *.doubleclick.net doubleclick.net https://secure.quantserve.com/quant.js https://static.ads-twitter.com/uwt.js *.ads-twitter.com *.quantcount.com cdn.evgnet.com *.evgnet.com https://cdn.evgnet.com/beacon/bankphilippineislands/prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/bankphilippineislands/test/scripts/evergage.min.js https://bankphilippineislands.evergage.com https://bankphilippineislands.australia-3.evergage.com *.evergage.com https://tiktok.com *.tiktok.com https://service.force.com *.force.com *.salesforce.com *.salesforceliveagent.com https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js https://s7ap1.scene7.com *.scene7.com *.sandbox.my.site.com *.my.site.com https://helpuat.bpi.com.ph *.bpi.com.ph https://go.affec.tv https://cdn.evgnet.com https://snap.licdn.com *.licdn.com https://js.adsrvr.org https://cdn.taboola.com/libtrc/unip/1502612/tfa.js *.adsrvr.org; 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' ; script-src-elem 'self' 'sha256-ALGLDXEXwlitAZbBv/o9LKI1xOWuCeYBbHYFdJ3efVg=' 'sha256-ALGLDXEXwlitAZbBv/o9LKI1xOWuCeYBbHYFdJ3efVg=' 'sha256-J6NxNBV3ylaMNLV9dePdtdv2oqgWL8rFv/F5QzTmmMs=' 'sha256-YxYN7E2B++Dc8k6ezdiD5sVL80X6ofF84Uqto2s/rjE=' 'sha256-yHEO3OnDgZYW3WESycsJrd2JkP0A15rtyZvt88WwcQg=' 'sha256-lK3EX3cL8/2BEgbbQ5wyPlMpURf9ccoN5w5M/ttg05w=' 'sha256-0yfNOR1BMiPxxAKd0vQx9DwopAAfQENVgicOMk+rNwI=' 'sha256-pfdTiE2ndaigZaUZmx7hF5zcumb9LW2Bzn/a7/jEg7Q=' 'sha256-uJo0jflkiQlM2bFBRJllP4W8IQgsxiAUVNc1dcqdJNY=' 'sha256-N+STgs1YnJfCdC+2Kv3qFxcwFFccDwr9kITdTMXblcY=' 'sha256-RJqyokxDKuXHPvRkcVabxZFko15elQLPAazQVkVgc7Q=' 'sha256-zmCYRoo4gMLDG1GfR8XtwaKGlvqKkzwnrV0b8WR8o4Q=' 'sha256-juZxo0SGyD2bFIiokd99Xs2e0+4lPbObdx1Cci7WF3c=' 'sha256-5bHHyiwJiYWv5MvIO7nxTHASxM3ErFq2ox3/B4zTZ4Y=' 'sha256-4GzRFohy0aSF2vXosE2YG0T9kqnGUaTxgSoXNdLQ5v4=' 'sha256-YK1g4Hb64U6GSfqdPqSy2ztPImKVqDb0a4IhrP0RW/Y=' 'sha256-IJcFxmCSXPkFVLK7b6IBIqe2MoyWWSsXXZuOXsaTyTc=' 'sha256-dGdFrcC/JcX6xJisFckuO4UZQpQSwWv4cJqFkRHeElo=' 'sha256-1vpc19S/0067J10Ym7VWczssHr1Cz+gZ26A4IkZzpp8=' 'sha256-vr3lXf0l+PoW0Szfhc5Cg8XS1lIUp9CvC8ntxmVa1GA=' 'sha256-zr6y4xJEV96H0RFewYogS3Tfah6xnUfpGyOZS28oiQQ=' 'sha256-zQYHYUVXyen5fN9aJEVauSpEqKWR10Lmdzij4iAIwsA=' 'sha256-QEDmT334rACqguzl4jPkix8HDDKBfs0kavVJ+Vd/eF8=' 'sha256-lQh/ahoMkLhaPsmlHqg0JKCNzW5Y0KyeqCl39qxTO4Q=' 'sha256-lXp8ATJIZEJIlWpxBfCzzgJ2BXuNq/yrW3RpBWZEiX4=' 'sha256-TAGV33o29REG6zhPnEnkvAz6bpOxDmut6QrpQiY+v5k=' 'sha256-eVzrNv8f3FKjQhflSMC3+yFtNdThPi+cT+245HpcDV0=' 'sha256-shFSWkXBg6hM6UUEHGcTiiomdSnXdhMQSqpCsnFmRvc=' 'sha256-iESMQIJJ+FDkKmhzFhqCzzykGn36OUWIFaO10g6Uhvw=' 'sha256-J6/WX9Q2KDE3jcAWJCt05udWZvV03b+QZKdxk4fBaa4=' 'sha256-/eqHYCye5QZmrGSkwnixgPsLx41RpLXrbajQrzXnCrY=' 'sha256-JHukhzNOiSfrPIiVrsQQlB7xDXVp+3kyOGfRvvyey6U=' 'sha256-i4Zvd4lBgd//9PQgrdBrzAAzq2byn70MqSKaRvSz1m4=' 'sha256-X0d0zkJzxHcxEJpk+lh8aK9rI6fQSQFNJxbRr2HmplY=' 'sha256-Qq6pIkfbqsIThdnutbZHcWfsetEpJ8VjOg28q9BzPoE=' 'sha256-Ub+eVGQ8eXyujpZG/+LTa6EqFC0y5XG5NZGvqojq0Ds=' 'sha256-0OmI3C0q7c4T+5nls/ABMHK8UxFEPgVKpY93JEgRN+8=' 'sha256-wkuIrGPDdr/Ri/0MfDXexeb9On3b8Xe+WdJafduW7Wo=' data: *.facebook.net *.zenithbank.com *.doubleclick.net https://maxcdn.bootstrapcdn.com https://osjs.netcoresmartech.com https://cdnt.netcoresmartech.com https://mylivechat.com https://*.mylivechat.com https://translate.google.com https://translate.googleapis.com https://*.googleapis.com https://s.acquire.io https://www.google-analytics.com/analytics.js https://www.googleadservices.com https://www.googletagmanager.com http://www.googleadservices.com 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.google-analytics.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' www.googletagmanager.com data: blob:;font-src 'self' fonts.gstatic.com fonts.googleapis.com;connect-src 'self';media-src 'self'; 1
frame-ancestors www.xendit.co 1
default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com twitter.com https://waertsilae.leadfamly.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.curator.io *.google-analytics.com https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://track.gaconnector.com https://tag.demandbase.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai pages.wartsila.digital *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com s7.addthis.com m.addthis.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://v1.addthisedge.com docs.google.com tools.euroland.com https://t.wartsila.tiedosto.com fast.wistia.net meltwater.fi https://api-public.addthis.com wartsila-reports.studio.crasman.fi https://ipmeta.io t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.pingdom.net *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://hm.baidu.com/hm.js 'self' *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com docs.google.com *.wistia.com wartsila-reports.studio.crasman.fi https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com 'self' *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com; frame-src 'self' *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://www.google.com www.facebook.com https://w.soundcloud.com/ https://snapwidget.com/ pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.curator.io *.mktoresp.com https://track.gaconnector.com https://serve.nrich.ai https://api.company-target.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://api-public.addthis.com https://s7.addthis.com https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com https://ipmeta.io https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm blob: https://tag-logger.demandbase.com/ googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com; child-src https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://s7.addthis.com www.slideshare.net https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com wartsila-reports.studio.crasman.fi https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com 1
default-src 'self' www.reuters.tv https://tagmanager.google.com https://optimize.google.com https://app.cux.io https://*.doubleclick.net https://www.google-analytics.com *.consentmanager.net data:; font-src 'self' https://themes.googleusercontent.com/ fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com themes.googleusercontent.com https://www.googletagmanager.com infostrefa.tv www.google.com data:; style-src 'self' 'unsafe-inline' https://www.google.com https://tagmanager.google.com www.googleapis.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://panda.leadmax.pl https://*.fls.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://content-ci360.pzu.pl https://*.googleapis.com tl.tradetracker.net https://www.falcometric.com https://www.gstatic.com www.google.com sigmabismedia.pl https://www.google.com https://harvic.go2cloud.org https://go.perfo.ovh https://cityadstrack.com https://marketing.tr.netsalesmedia.pl https://mrtg.emailpartners.net https://clients1.google.com https://www.bankier.pl https://sigmamedia.eu https://adserwer.afilo.pl *.gstatic.com https://www.davinci.tools https://conversionlabs.net.pl https://netad.go2cloud.org https://track.rtracking.pl https://ade.googlesyndication.com https://content.pzu.pl https://ssl.gstatic.com https://cherryads.go2cloud.org https://www.twitter.com https://app.revhunter.tech www.s.c.lnkd.licdn.com https://s0.2mdn.net https://delivery.clickonometrics.pl https://solutions4ad.com https://wvx2j.bemobtracks.com https://tracking.zuwi.pl *.consentmanager.net https://googleads.g.doubleclick.net https://bedigital.go2cloud.org https://js.trustisto.com https://smartmailings.go2cloud.org https://p2media.go2cloud.org https://tbl.tradedoubler.com https://track.zuwi.dev https://connect.facebook.net www.linkedin.com https://adepto.go2cloud.org http://media-pzu-marketing.ipresso.pl *.ggpht.com https://www.google.pl https://welovedata.go2cloud.org https://go.they.pl https://inistrack.net https://www.googletagmanager.com https://api.trustisto.com https://www.google-analytics.com https://in.pzu.pl https://track.leadmax.pl; frame-src 'self' https://cmspzu24.pzu.pl https://player.vimeo.com https://devfmg.pl https://wojazer.pzu.pl https://optimize.google.com https://ent.activeforms.com https://ljsp.lwcdn.com https://*.fls.doubleclick.net https://moje.pzu.pl https://*.doubleclick.net https://www.facebook.com https://pzuiflota.pl *.consentmanager.net https://oferta.pekao24.pl https://media-pzu-marketing.ipresso.pl http://komunikacyjne.pzu.pl https://tpc.googlesyndication.com https://firma.pzu.pl https://admin-solum.pzu.pl https://komunikacyjne.pzu.pl https://poststickersapps.com *.googleadservices.com https://ubezpieczenia.pzu.pl reuters.tv https://secure.pzuci.pl https://pzu.chat.getzowie.com https://agencjahagen.pl https://emeryturappk.pzu.pl https://*.youtube.com https://dobradruzyna.pl https://www.google.com https://af-solum.pzu.pl https://bid.g.doubleclick.net https://www.reuters.tv https://drogadozdrowiazpzu.pl https://af-solum-uat.pzu.pl https://sigmamedia.eu https://ac.pzu.pl https://oferta.pzu.pl https://*.chatbotize.com https://reuters.tv https://forms.pzu.pl http://pzu24.pzu.pl https://infostrefa.tv https://*.direct.chatbotize.com https://blog.pzu.pl https://www.pzuzdrowie.pl https://dom.pzu.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.doubleclick.net https://www.facebook.com api-performace.pzu.pl https://www.ssl.gstatic.com https://*.googleapis.com https://drogadozdrowia.dev.focusmedia.pl https://delivery-ci360.pzu.pl https://track.adform.net *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com https://drogadozdrowiazpzu.pl www.cdn.api.twitter.com *.gstatic.com https://www.googleapis.com www.platform.linkedin.com https://forms.pzu.pl *.googleoptimize.com https://*.googletagservices.com https://media-epoint.ipresso.pl https://cdn.adt387.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://media-pzu-marketing.ipresso.pl https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://perun.ipresso.pl https://ubezpieczenia.pzu.pl https://js.trustisto.com https://execution-ci360.pzu.pl https://adform.net https://connect.facebook.net https://tagmanager.google.com https://s.ytimg.com www.linkedin.com https://*.googlesyndication.com https://*.chatbotize.com https://adform.com https://maps.gstatic.com https://*.direct.chatbotize.com https://www.googletagmanager.com https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com https://track.adtraction.com; object-src 'self' https://*.doubleclick.net *.consentmanager.net https://maps.googleapis.com *.googleadservices.com; connect-src 'self' wss://*.track.cux.io https://*.doubleclick.net https://www.facebook.com *.consentmanager.net https://maps.googleapis.com https://afiliacjaapi.pzu.pl fcm.googleapis.com media-pzu-marketing.ipresso.pl porozmawiaj.video.pzu.pl https://delivery-ci360.pzu.pl tfimam-test.pzu.pl media-epoint.ipresso.pl https://www.pracuj.pl *.googleadservices.com https://js.trustisto.com https://waw.chat.getzowie.com https://execution-ci360.pzu.pl https://dobradruzyna.pl https://www.google.com https://connect.facebook.net https://analytics.google.com perun.ipresso.pl https://region1.google-analytics.com https://*.chatbotize.com https://www.google.pl https://*.direct.chatbotize.com https://api.trustisto.com https://www.google-analytics.com tfimam.pzu.pl *.google.com https://media-epoint.ipresso.pl; frame-ancestors 'self' https://cmspzu24.pzu.pl https://moje.pzu.pl https://ppk.pzu.pl https://af-solum-uat.pzu.pl http://pzu24.pzu.pl https://forms.pzu.pl https://admin-solum.pzu.pl https://blog.pzu.pl https://app.cux.io https://www.pzuzdrowie.pl https://emeryturappk.pzu.pl https://ta.inpzu.pl https://*.ci360.sas.com;  1
default-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chattirobottipalvelu.kela.fi https://occhat.elisa.fi https://analytiikka.ahtp.fi; style-src 'self' https://occhat.elisa.fi https://chattirobottipalvelu.kela.fi 'unsafe-inline'; img-src 'self' https://uutiskirje.kela.fi https://static.kela.fi https://occhat.elisa.fi data:; font-src 'self'; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://chattirobottipalvelu.kela.fi https://laskurit.kela.fi https://analytiikka.ahtp.fi; frame-src 'self'  https://video.kela.fi blob: 1
frame-ancestors 'self' https://price.com.hk https://*.price.com.hk 1
default-src * 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; font-src 'self' data: https:; worker-src 'self' blob:; img-src * data: https: about: 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://*.yewtu.be:443; manifest-src 'self'; media-src 'self' blob: https://*.googlevideo.com:443 https://*.youtube.com:443 https://*.yewtu.be:443; child-src 'self' blob:; frame-src 'self'; frame-ancestors 'none' 1
default-src 'unsafe-inline' https: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self' https://*.tio.ch 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-0437d916406e34bdbf92c5d05c07f74e' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=6510111589980639; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=6510111589980639 1
frame-ancestors 'self' *.sgx.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googletagservices.com *.google-analytics.com https://adservice.google.com https://tpc.googlesyndication.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://securepubads.g.doubleclick.net assets.adobedtm.com syndication.twitter.com www.rumiview.com i.simpli.fi rumiview.com https://www.recaptcha.net/ *.analytics.google.com *.mktoresp.com https://analytics.google.com http://analytics.google.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.google.com https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net www.rumiview.com *.analytics.google.com https://*.googletagmanager.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/ *.safeframe.googlesyndication.com https://www.recaptcha.net/ https://tpc.googlesyndication.com https://www.youtube.com https://9066869.fls.doubleclick.net/ https://securepubads.g.doubleclick.net/ web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://securepubads.g.doubleclick.net *.google-analytics.com https://pagead2.googlesyndication.com *.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net http://analytics.google.com http://stats.g.doubleclick.net; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.habitat.co.uk/csp-report 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136 1
default-src 'self' *.binomo.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo.com *.binomo.com wss://as.binomo.com:* wss://as.binomo.com:* wss://ws.binomo.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomo.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo.com *.binomo.com 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.edureka.co https://www.google.co.in https://*.paytm.in wss://*.paytm.in https://*.indoleads.com https://*.linksynergy.com https://p.easyinsights.in https://api-corp.edureka.co https://cdn.linkedin.oribi.io/ https://*.doubleclick.net https://learningcenter.edureka.co https://*.clevertap-prod.com https://www.clarity.ms https://*.clarity.ms https://s3-eu-west-1.amazonaws.com/static.wizrocket.com https://clk1.reachclk.com https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://fast.wistia.net https://cdnjs.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.vizury.com https://*.googleadservices.com https://*.razorpay.com https://*.paypal.com https://mbsy.co https://www.paypalobjects.com https://results.affilitrace.com https://*.freshdesk.com https://*.twitter.com https://*.ytimg.com https://fonts.googleapis.com https://d36mpcpuzc4ztk.cloudfront.net https://www.youtube.com https://*.facebook.com https://*.linkedin.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://static.clevertap.com https://wzrkt.com https://connect.facebook.net https://*.twimg.com https://d1jnx9ba8s6j9r.cloudfront.net https://duyseoho78lqc.cloudfront.net  https://d30aa6afk7qd1v.cloudfront.net https://dop9av6nvryqq.cloudfront.net https://d25qem54r5kbml.cloudfront.net https://d2r1yp2w7bby2u.cloudfront.net https://*.crazyegg.com https://*.bizographics.com https://*.quora.com https://*.useproof.com https://snap.licdn.com https://*.taboola.com https://*.gstatic.com https://*.emjcd.com https://matomo.easyinsights.ai https://*.algolia.net https://*.algolianet.com https://*.admitad.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.algolia.io https://*.zoho.com https://*.zohostatic.com https://*.zohopublic.com wss://*.zohopublic.com https://*.zohocdn.com https://*.googleoptimize.com;font-src data: * blob; img-src data: * blob; 1
default-src 'self' 'unsafe-inline' data: blob: suncountry.com *.suncountry.com *.googleapis.com; connect-src 'self' suncountry.com *.suncountry.com *.contentful.com *.ctfassets.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.optimizely.com *.securitytrfx.com *.quantummetric.com *.airtrfx.com *.firstdata.com *.google.com https://www.googleadservices.com https://www.facebook.com https://dc.services.visualstudio.com https://photos.hotelbeds.com https://www.avis.com https://www.budget.com https://bat.bing.com https://connect.facebook.net *.doubleclick.net *.id90travel.com https://mobileimg.priceline.com https://i.travelapi.com https://s3.amazonaws.com/ https://www.hotelresb2b.com https://cdn.smyrooms.com https://images.getaroom-cdn.com https://d2r6h9rpqrv9sk.cloudfront.net https://d3sd9rhf6miwzv.cloudfront.net *.sojern.com https://insight.adsrvr.org https://jelly.mdhv.io *.uplift-platform.com *.uplift.com *.cookielaw.org *.adnxs.com *.adsrvr.org *.onetrust.com *.youtube.com *.everymundo.net *.everymundo.workers.dev *.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://cdnjs.cloudflare.com https://52.71.121.170 https://44.212.189.233 https://52.22.50.55 https://3.212.39.155 https://18.210.229.244 *.tvsquared.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.firstdata.com *.cardinalcommerce.com *.optimizely.com *.securitytrfx.com *.quantummetric.com https://www.googleadservices.com https://h.online-metrix.net https://widget.surveymonkey.com https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://cdn.cookielaw.org https://6131357.collect.igodigital.com https://em-frontend-assets.airtrfx.com suncountry.com *.suncountry.com *.google.com *.gstatic.com *.doubleclick.net *.sojern.com *.uplift-platform.com *.uplift.com *.cookielaw.org https://assets.airtrfx.com *.mountain.com https://cdnjs.cloudflare.com *.tvsquared.com https://psy-prod.airtrfx.com; img-src 'self' data: suncountry.com *.suncountry.com *.google-analytics.com *.ctfassets.net *.google.com https://bat.bing.com https://photos.hotelbeds.com https://www.avis.com https://www.budget.com https://assets.airtrfx.com https://www.facebook.com https://cx.atdmt.com https://i.ytimg.com *.doubleclick.net *.id90travel.com https://mobileimg.priceline.com https://i.travelapi.com https://s3.amazonaws.com https://www.hotelresb2b.com https://cdn.smyrooms.com https://images.getaroom-cdn.com https://d2r6h9rpqrv9sk.cloudfront.net https://d3sd9rhf6miwzv.cloudfront.net *.sojern.com https://insight.adsrvr.org https://jelly.mdhv.io *.uplift-platform.com *.uplift.com *.adnxs.com *.adsrvr.org *.cookielaw.org *.youtube.com https://cdn.optimizely.com *.tvsquared.com https://arttrk.com; frame-src *.optimizely.com *.doubleclick.net *.firstdata.com https://h.online-metrix.net https://em-frame.securitytrfx.com/ https://www.youtube.com suncountry.com *.suncountry.com *.google.com *.uplift-platform.com *.uplift.com *.quantummetric.com *.sojern.com *.airtrfx.com; font-src 'self' *.gstatic.com https://em-fonts-prod.airtrfx.com suncountry.com *.suncountry.com https://em-fonts.everymundo.net https://assets.airtrfx.com; worker-src 'self' data: blob: suncountry.com *.suncountry.com; style-src 'self' 'unsafe-inline' suncountry.com *.suncountry.com *.googleapis.com https://em-frontend-assets.airtrfx.com https://assets.airtrfx.com; 1
frame-ancestors https://duga.jp https://*.duga.jp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.t13.cl https://*.13.cl https://*.deportes13.cl 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.de;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com www.google.de;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.de;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src 'self' *.getrave.com; frame-ancestors 'self' *.smart911.com *.raveu.com *.getrave.com getrave.com *.zendesk.com; font-src 'self' data: *.getrave.com getrave.com *.gstatic.com;  connect-src 'self' blob: data: *.getrave.com *.raveu.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.mapbox.com wss://rcv.getrave.com *.walkme.com *.google-analytics.com;child-src 'self' *.wistia.net *.youtube.com; style-src 'self' 'unsafe-inline' *.getrave.com getrave.com *.walkme.com *.googleapis.com; img-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.getrave.com getrave.com *.twilio.com *.google.com *.google-analytics.com *.googleapis.com *.walkme.com 1
base-uri 'self'; connect-src 'self' *.int.userwerk.com native-commerce.com static.native-commerce.com csi.gstatic.com translate.googleapis.com cbooks-piwik.de *.convertexperiments.com log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com; default-src 'self' *.booklooker.de; font-src 'self' data: static.booklooker.de fonts.gstatic.com; frame-ancestors 'self' http://kvk.bibliothek.kit.edu; frame-src 'self' googleads.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.com *.adsensecustomsearchads.com *.int.userwerk.com widget.trustpilot.com; img-src 'self' data: *.booklooker.de *.ausgezeichnet.org cbooks-piwik.de *.googleadservices.com *.googlesyndication.com *.google.com *.google.de *.adsensecustomsearchads.com *.googleapis.com *.gstatic.com i.ebayimg.com rover.ebay.com www.ebayadservices.com widgets.trustedshops.com partners.webmasterplan.com apps.shopauskunft.de cdn-cookieyes.com; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.booklooker.de siegel.ausgezeichnet.org widgets.trustedshops.com cbooks-piwik.de *.int.userwerk.com static.native-commerce.com *.google.com *.google.at *.google.ch www.googletagservices.com *.googlesyndication.com pagead2.googlesyndication.com  adservice.google.de adservice.google.at adservice.google.ch *.googleadservices.com *.googleapis.com adservice.google.nl adservice.google.it adservice.google.pl adservice.google.fr adservice.google.es adservice.google.ru adservice.google.cz adservice.google.co.uk adservice.google.be adservice.google.hu apps.shopauskunft.de/seal_defer/e65e7f526e1c8bee0691e09df5329ab6.js *.convertexperiments.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' static.booklooker.de *.gstatic.com; worker-src 'self'; report-uri /interface/csp-report.php; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' embedsocial.com acsbapp.com www.google-analytics.com ajax.googleapis.com www.publicalbum.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com; 1
frame-ancestors 'self' https://*.nectar.com 1
default-src 'self' one.org *.one.org; img-src 'self' *.one.org *.googletagmanager.com data: http: https: https://optimize.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.one.org *.vimeo.com *.cloudflareaccess.com *.cloudflare.com *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.googleadservices.com *.doubleclick.net *.gstatic.com  *.clarity.ms *.bing.com *.crazyegg.com *.instagram.com *.google.com stats.wp.com scripts.simpleanalyticscdn.com googletagmanager.com unpkg.com *.googletagmanager.com *.googleadservices.com optimize.google.com www.google-analytics.com www.googleoptimize.com ajax.googleapis.com *.twitter.com yoast.com one.actionkit.com connect.facebook.net snap.licdn.com cdn.simpleanalytics.io static.ads-twitter.com public.flourish.studio cdn.flourish.rocks *.ampproject.org *.newmode.net blog.apps.npr.org *.shpg.org *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.greenhouse.io *.usercentrics.com *.kameleoon.eu *.usercentrics.eu data: ;style-src 'self' *.one.org https://optimize.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.cloudflareaccess.com *.tiktokcdn.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.one.org s0.wp.com https://fonts.gstatic.com data:; frame-src 'self' blob: https://flo.uri.sh/ https://*.google.com/ wp.freemius.com *.spotify.com *.tiktok.com *.apple.com *.vimeo.com app.usercentrics.eu https://optimize.google.com https://www.facebook.com *.one.org https://www.youtube.com *.youtube-nocookie.com *.instagram.com *.greenhouse.io *.twitter.com *.newmode.net *.doubleclick.net; connect-src 'self' http: https: https://www.google-analytics.com; 1
frame-ancestors 'self' https://bd.nl https://ed.nl https://tubantia.nl https://bndestem.nl https://pzc.nl https://destentor.nl https://gelderlander.nl https://ad.nl https://*.bd.nl https://*.ed.nl https://*.tubantia.nl https://*.bndestem.nl https://*.pzc.nl https://*.destentor.nl https://*.gelderlander.nl https://*.ad.nl https://aagje.info https://*.aagje.info https://*.van-ons.nl https://nlinde-budenovka.savviihq.com https://indebuurt.nl https://*.indebuurt.nl 1
default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' https://tag.aticdn.net https://*.ants.gouv.fr 'nonce-8a897bf3-f190-4fbe-9370-9ddc5ff499fe';frame-src 'self' https://www.youtube.com/ https://www.dailymotion.com/;connect-src 'self' https://geo.api.gouv.fr https://*.xiti.com;font-src 'self' https://fonts.gstatic.com data:;img-src 'self' https: data:;object-src 'none';base-uri 'self';form-action 'self' 1
child-src gw-cmdm.x5.ru 'self' ru.id.group-ib.com static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru id.x5.ru www.youtube.com https://dzen.ru/ https://vk.com/; frame-ancestors 'self'; frame-src 'self' ru.id.group-ib.com id.x5.ru *.adfox.ru www.youtube.com https://dzen.ru/ https://vk.com/ yastatic.net *.yandex.ru yandexadexchange.net *.yandexadexchange.net 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; style-src 'self' 'unsafe-inline' static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru *.adfox.ru yastatic.net 'unsafe-eval' https://*.mindbox.ru; object-src 'none'; img-src 'self' blob: data: photos.okolo.app static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru *.adfox.ru https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://top-fwz1.mail.ru https://mc.yandex.ru *.yandex.ru yandex.ru *.yandex.net i.ytimg.com 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru https://*.google.com https://*.google.by https://*.google.ru https://*.google.kz p.food.ru; font-src 'self' data: static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru yastatic.net https://host.mailfit.com/ 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.static-food-2.ru static-food.ru food.ru cdn.food.ru api.food.ru *.adfox.ru code.createjs.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://top-fwz1.mail.ru https://personalization-web-stable.mindbox.ru https://api.mindbox.ru https://mc.yandex.ru http://yandex.ru/ https://yastatic.net/ yastatic.net *.yandex.ru yandex.ru https://host.mailfit.com/ https://*.mindbox.ru; connect-src 'self' static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru sentry-do.x5.ru id.x5.ru *.adfox.ru code.createjs.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://top-fwz1.mail.ru https://personalization-web-stable.mindbox.ru https://api.mindbox.ru https://mc.yandex.ru yastatic.net *.yandex.ru yandex.ru https://host.mailfit.com/ 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru https://*.google.com https://*.google.by https://*.google.ru https://*.google.kz; media-src static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru 'self' id.x5.ru *.adfox.ru yastatic.net *.yandex.ru yandex.ru *.yandex.net 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; worker-src food.ru; report-uri https://sentry-do.x5.ru/api/931/security/?sentry_key=d534813ae9f44863a4b44cc5646e5170&sentry_environment=production; 1
default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com  auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io cdn.jsdelivr.net; report-uri /report-csp-violation 1
manifest-src 'self'; frame-src *.truyo.com https://optimize.google.com https://tr.snapchat.com/ https://10730465.fls.doubleclick.net https://www.youtube.com https://sc-static.net https://ssl.kaptcha.com https://www.google.com https://r.turn.com https://servedby.flashtalking.com; script-src-elem 'self' 'unsafe-inline' *.tiktok.com *.truyo.com https://baskinrobbins.truyo.com https://truyoproductionuscdn.truyo.com https://www.googleoptimize.com https://optimize.google.com https://login-ds.dotomi.com https://s.tribalfusion.com https://a.tribalfusion.com https://login.dotomi.com https://ds-aksb-a.akamaihd.net https://sc-static.net https://tr.snapchat.com https://analytics.google.com https://ssl.kaptcha.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://s.pinimg.com https://bat.bing.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://qa.baskinrobbins.com/content/dam/br/img/creature-creations-tablet.mp4 https://qa.baskinrobbins.com/content/dam/br/img/creature-creations-mobile.mp4 https://qa.baskinrobbins.com/content/dam/br/img/creature-creations-desktop.mp4; default-src 'none'; script-src https://www.googleoptimize.com 'unsafe-inline' 'self' https://www.gstatic.com https://a.tribalfusion.com https://login.dotomi.com https://login-ds.dotomi.com https://bat.bing.com https://s.pinimg.com https://googleads.g.doubleclick.net https://sc-static.net https://tr.snapchat.com https://ssl.kaptcha.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com; connect-src 'self' *.tiktok.com https://*.zscalertwo.net  https://stats.g.doubleclick.net https://tr.snapchat.com https://analytics.google.com  https://www.google-analytics.com https://ct.pinterest.com; img-src https://optimize.google.com 'self' https://www.googletagmanager.com https://10730465.fls.doubleclick.net https://a.tribalfusion.com https://ib.adnxs.com https://s.tribalfusion.com/visitor https://login.dotomi.com https://login-ds.dotomi.com https://www.google.co.id https://googleads.g.doubleclick.net https://www.google.com.sg https://sc-static.net https://tr.snapchat.com https://ssl.kaptcha.com 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://ct.pinterest.com https://www.google.com https://www.facebook.com; style-src *.truyo.com http://www.baskinrobbins.com https://www.baskinrobbins.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' https://cloud.typography.com; base-uri 'self';form-action 'self' https://tr.snapchat.com; 1
default-src 'self' *.unum.com about: ; style-src 'self' 'unsafe-inline' translate.googleapis.com www.riddle.com fonts.googleapis.com tagmanager.google.com unumux.github.io optimize.google.com; media-src 'self' 'unsafe-inline' data: vod-progressive.akamaized.net player.vimeo.com; font-src 'self' data: fonts.gstatic.com www.unum.com unum.com zip.co at.alicdn.com themes.googleusercontent.com; frame-src 'self' https://outlook.office365.com edge.addthis.com mozbar.moz.com gateway.zscaler.net gateway.zscloud.net gateway.zscalertwo.net maps.google.com www.youtube.com www.google.com googleads.g.doubleclick.net www.facebook.com tpc.googlesyndication.com www.googletagmanager.com bid.g.doubleclick.net s7.addthis.com vimeo.com player.vimeo.com *.buzzsprout.com gateway.zscalerthree.net *.invisionapp.com *.unum.com *.ceros.com *.axshare.com strawpoll.com *.strawpoll.com *.riddle.com https://21775334.fs1.hubspotusercontent-na1.net/; child-src 'self' 'unsafe-inline' www.riddle.com www.youtube.com *.google.com www.google.com *.addthis.com *.vimeo.com bid.g.doubleclick.net www.buzzsprout.com *.doubleclick.net outlook.office365.com www.enrollunum.com *.invisionapp.com *.axshare.com *.unum.com *.ceros.com *.facebook.com; img-src 'self' 'unsafe-inline' ssl.google-analytics.com www.google.lu www.google.lk www.google.com.lb www.google.cl www.google.mv www.google.hu www.google.co.ao about:  www.google.ge www.google.fi www.google.com.ar www.google.cn www.google.com.bd www.google.iq www.google.az www.google.co.zw www.google.dk www.google.com.et www.google.no translate.google.com www.google.rs www.google.ro www.google.gg www.google.com.na www.google.com.tw www.google.com.br www.google.com.co www.google.com.pr www.google.ae www.google.com.mx px4.ads.linkedin.com www.google.com.pa i.ytimg.com www.google.com.eg www.google.co.jp www.google.co.id www.google.pt www.google.com.np www.google.ru www.google.la www.google.mg www.google.co.ke www.google.se www.google.com.af www.google.co.nz apply.indeed.com www.google.com.kh www.google.gr www.google.com.ua www.google.com.my www.google.com.au www.google.at www.google.ie www.google.com.ph www.google.com.pk www.google.co.th www.google.it www.google.es www.google.pl www.google.com.gh www.google.be www.google.com.tr www.google.nl www.google.co.za www.google.ch www.google.fr www.google.co.uk www.google.com.sg www.google.co.in www.google.ca www.google.de region1.google-analytics.com px.ads.linkedin.com thumbs.dreamstime.com unumux.github.io www.facebook.com *.unum.com data: *.adnxs.com secure.adnxs.com p.adsymptotic.com q.quora.com bat.bing.com apt.techtarget.com c.clarity.ms www.google-analytics.com https://www.google.com/ads/ga-audiences www.google.com www.pages01.net c.bing.com www.facebook.com www.linkedin.com *.agkn.com ads.stickyadstv.com bcp.crwdcntrl.net *.krxd.net ce.lijit.com *.doubleclick.net eb2.3lift.com *.pro-market.net idsync.rlcdn.com *.pubmatic.com loadm.exelator.com pippio.com pixel.rubiconproject.com pixel.tapad.com simplifi.partners.tremorhub.com stags.bluekai.com sync.bfmio.com *.intentiq.com sync.mathtag.com sync.search.spotxchange.com *.openx.net ups.analytics.yahoo.com www.googleadservices.com *.simpli.fi www.googletagmanager.com stats.g.doubleclick.net/r/ ssl.gstatic.com www.gstatic.com *.vimeocdn.com track.hubspot.com forms.hsforms.com https://stats.g.doubleclick.net/r/collect blob: *.cookielaw.org; base-uri 'self'; form-action 'self' 'unsafe-inline' *.enrollunum.com *.facebook.com; connect-src 'self' paapi6885.d41.co forms.hscollectedforms.net translate.googleapis.com get663.com www.google.com https://stats.g.doubleclick.net/j/collect https://ampcid.google.com adservice.google.com region1.google-analytics.com www.facebook.com m.addthis.com *.clarity.ms stats.g.doubleclick.net bat.bing.com forms.hubspot.com js.hs-banner.com api.hubapi.com www.googletagmanager.com www.google-analytics.com api-public.addthis.com *.techtarget.com *.oribi.io *.cookielaw.org *.onetrust.com *.unum.com; object-src 'none'; frame-ancestors 'self' https://www.unum.com www.unum.com https://www.unum.com/ unum.com; script-src 'self' code.jquery.com ecf.d41.co id.rlcdn.com v2.d41.co paapi6885.d41.co player.vimeo.com www.google.com/recaptcha/api.js 'sha256-YD1Hat8Jl5d2adEEnk3atErmhqmd+ZSwfv7Mey6W0t0=' 'sha256-GmB3Q3eaRbAvu89uKL6mhLgGv5dDSM18NJfw3I69gVA=' 'sha256-k7lZuo1pbfZ3xvCsJTzcMCZ3OB8G/4AX0mxemohQZWM=' 'sha256-1QEhYYX0CJvwxyfyqJ/CWBuBwhurqZ1B/jG1mug54dg=' 'sha256-Jo4gzdbfX/RP4su7nmC1wmhndJsLdy7fxlKtJEbjD1o=' 'sha256-tKmfqCwfZRx7BMMA04jDrxzOfHbyETGOPe4fASTbF4w=' 'sha256-/DOuCWKJXKDCHZMTdbC4RO44a5+mmJ6C0TlyWO4kTNY=' 'nonce-HVI0up2lu6DSzwgVC+GYYJF46g4=' 'unsafe-eval'  get663.com translate.googleapis.com secure.adnxs.com https://ssl.google-analytics.com www.riddle.com *.cloudflare.com *.addthisedge.com *.moatads.com *.addthis.com cdn.amcharts.com snap.licdn.com google-analytics.com www.google-analytics.com tagmanager.google.com ajax.googleapis.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.sc.pages01.net www.sc.pages02.net unumux.github.io  connect.facebook.net bat.bing.com extend.vimeocdn.com trk.techtarget.com bat.bing.com stats.g.doubleclick.net *.clarity.ms googleads.g.doubleclick.net www.googleoptimize.com *.vimeo.com *.simpli.fi optimize.google.com js-na1.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com z.moatads.com apis.google.com about: *.cookielaw.org; script-src-attr 'unsafe-inline' 'unsafe-hashes'; 1
object-src self 'self' 'unsafe-inline'; media-src *.adobe.com self https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' self https://*.grabagun.com https://*.credova.com https://*.authorize.net 'self'; form-action 'self' geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self https://*.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://widgets.turnto.com/ https://static.olark.com/ https://optimize.google.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com/ http://cdn.avmws.com/ https://cdn.listrakbi.com/ *.adobe.com https://tagmanager.google.com https://d22q3dafggn5rg.cloudfront.net https://www.google.com https://www.google.pl https://www.google.com.ua https://www.google.ca *.turnto.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdns.brsrvr.com/ https://cdn.scarabresearch.com/ https://d22q3dafggn5rg.cloudfront.net/ https://certify-js.alexametrics.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://google.com/ https://widget-mediator.zopim.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://widgets.turnto.com/ https://suggest.dxpapi.com https://jstest.authorize.net https://ajax.cloudflare.com/ https://js-agent.newrelic.com https://bam.nr-data.net/ https://static.olark.com/ https://maps.googleapis.com/ https://js.authorize.net/ https://www.youtube.com/ https://s.ytimg.com/ https://static.scarabresearch.com/ https://www.google.com/ https://knrpc.olark.com/ https://api.olark.com/ https://www.googleapis.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ https://static.cloudflareinsights.com/ *.crazyegg.com https://image.grabagun.com https://optimize.google.com https://up.pixel.ad/ https://web-sdk.aptrinsic.com/ https://googleads.g.doubleclick.net/ https://cdn.avmws.com/1023073/ https://ssl.avmws.com/1023073/ https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://shopper.shop.pe https://d3rr3d0n31t48m.cloudfront.net https://addshoppers.s3.amazonaws.com https://nytrng.com https://voltn.com https://addshoppers.com https://static.traversedlp.com https://shop.pe https://s1.listrakbi.com/ https://s2.listrakbi.com/ https://cdn.listrakbi.com/ https://at1.listrakbi.com/ https://al1.listrakbi.com/ https://bl.listrakbi.com/ https://oc.listrakbi.com/ https://edge.fullstory.com/ https://services.listrak.com/ https://api.videoly.co/ https://dapi.videoly.co/ https://arches.avantlink.com/ https://api.smooch.io/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com https://www.google-analytics.com googleads.g.doubleclick.net analytics.google.com https://www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com www.googletagmanager.com www.google-analytics.com *.exponea.com *.plugins.emarsys.net *.scarabresearch.com www.xtento.com cdn.xtento.com self https://maps.googleapis.com https://fonts.googleapis.com/* https://tagmanager.google.com https://d22q3dafggn5rg.cloudfront.net https://www.gstatic.com https://www.google.pl https://www.google.com.ua https://www.google.ca https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://static.cloudflareinsights.com https://*.credova.com https://*.authorize.net https://*.fullstory.com *.maxmind.com *.turnto.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.xtento.com https://certify.alexametrics.com https://p.brsrvr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ https://www.google.com.ua/ https://amasty.com/ data: https://maps.gstatic.com/ https://maps.googleapis.com/ https://wac.edgecastcdn.net/ https://www.googletagmanager.com/ https://www.google.ca/ https://log.olark.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ *.crazyegg.com https://image.grabagun.com https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/ https://optimize.google.com https://pixel.sitescout.com/ https://tracking.avantlink.com/ https://*.googleapis.com https://shopper.shop.pe https://i.liadm.com https://s1.listrakbi.com/ https://s2.listrakbi.com/ https://sca1.listrakbi.com/ https://sca2.listrakbi.com/ http://mediacdn.espssl.com/ https://rs.fullstory.com/ https://dapi.videoly.co/ https://i.ytimg.com/ https://connect.bolt.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://cm.everesttech.net https://*.omtrdc.net/ widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com https://www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.xtento.com cdn.xtento.com self https://grabagun.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://wac.edgecastcdn.net https://d22q3dafggn5rg.cloudfront.net https://www.google.com https://www.google.pl https://www.google.com.ua https://www.google.ca https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://*.credova.com wac.edgecastcdn.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src 'self' https://static.olark.com/ https://www.google.com https://www.youtube.com https://gun-rebates.com/ https://win-a-truck.com/ https://preferences.grabagun.com/ https://www.youtube-nocookie.com https://sandbox-lending.credova.com/ https://lending.credova.com/ https://image.grabagun.com/ https://optimize.google.com https://pixel.sitescout.com/ https://photos.pixlee.co/ https://*.doubleclick.net/ *.google-analytics.com *.analytics.google.com https://nytrng.com https://services.listrak.com/ https://arches.avantlink.com/ fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com self https://*.grabagun.com https://*.credova.com https://*.authorize.net photos.pixlee.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://optimize.google.com https://image.grabagun.com data: self https://d22q3dafggn5rg.cloudfront.net https://*.authorize.net data: 'self' 'unsafe-inline'; connect-src 'self' https://ekr.zdassets.com/ https://recommender.scarabresearch.com/ https://grabagun.zendesk.com/ wss://widget-mediator.zopim.com https://cdn-ws.turnto.com/ https://bam.nr-data.net/ https://js.authorize.net/ https://jstest.authorize.net/ https://www.google-analytics.com https://ws.turnto.com https://webchannel-content.eservice.emarsys.net https://recommender-eu.scarabresearch.com/ https://static.zdassets.com/ https://knrpc.olark.com/ https://apitest.authorize.net/ wss://grabagun.zendesk.com/ https://api2.authorize.net/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://sandbox-lending-api.credova.com/ https://lending-api.credova.com/ https://we.turnto.com/ *.crazyegg.com https://image.grabagun.com https://esp-m.aptrinsic.com/ https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://shop.pe *.shop.pe https://product.listrakbi.com/ https://recs.listrakbi.com/ https://bl.listrakbi.com/ https://onsite-api.listrak.com/ https://oc.listrakbi.com/ https://rs.fullstory.com/ https://edge.fullstory.com/ wss://api.smooch.io/faye https://zendesk-eu.my.sentry.io/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.exponea.com *.scarabresearch.com *.eservice.emarsys.net self https://stats.g.doubleclick.net https://d22q3dafggn5rg.cloudfront.net https://bam-cell.nr-data.net https://grabagun.zendesk.com https://static.zdassets.com https://cdns.brsrvr.com https://cdn.scarabresearch.com https://*.credova.com https://*.demdex.net https://*.authorize.net https://*.fullstory.com https://*.listrakbi.com *.mmapiws.com *.turnto.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://static.olark.com *.crazyegg.com https://fonts.googleapis.com/ https://image.grabagun.com self https://d22q3dafggn5rg.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdns.brsrvr.com/ https://cdn.scarabresearch.com/ https://d22q3dafggn5rg.cloudfront.net/ https://certify-js.alexametrics.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://google.com/ https://widget-mediator.zopim.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://widgets.turnto.com/ https://suggest.dxpapi.com https://jstest.authorize.net https://ajax.cloudflare.com/ https://js-agent.newrelic.com https://bam.nr-data.net/ https://static.olark.com/ https://maps.googleapis.com/ https://js.authorize.net/ https://www.youtube.com/ https://s.ytimg.com/ https://static.scarabresearch.com/ https://www.google.com/ https://knrpc.olark.com/ https://api.olark.com/ https://www.googleapis.com/ https://bam-cell.nr-data.net/ https://plugin.credova.com/ https://static.cloudflareinsights.com/ *.crazyegg.com https://image.grabagun.com https://optimize.google.com blob: *.google-analytics.com *.analytics.google.com; 1
frame-ancestors 'self' https://*.tngdigital.com.my https://*.touchngo.com.my; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://7295740.collect.igodigital.com https://*.doubleclick.net https://api.addressfinder.io https://api.lo.ranqx.com https://calculators.gbst.com https://connect.facebook.net https://maps.googleapis.com https://media.kiwibank.co.nz https://*.googlesyndication.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.youtube.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.googletagmanager.com https://youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://media.kiwibank.co.nz;connect-src  'self' https://*.optimizely.com https://analytics.google.com https://api.kiwibank.co.nz https://api.lo.ranqx.com https://*.doubleclick.net https://maps.googleapis.com https://rates.kiwibank.co.nz https://public-web-deployment.ent.ap-southeast-2.aws.found.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' https://fonts.gstatic.com https://media.kiwibank.co.nz https://fonts.googleapis.com;frame-src https://*.doubleclick.net https://cloud.communication.kiwibank.co.nz https://kiwibank.prod.digital.gbst.com https://www.youtube.com https://youtube.com https://a25750620975.cdn.optimizely.com https://a25750620975.cdn-pci.optimizely.com;img-src 'self' data: https://*.doubleclick.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://media.kiwibank.co.nz https://nova.collect.igodigital.com https://*.linkedin.com https://www.facebook.com https://*.google-analytics.com https://www.google.co.nz https://*.googletagmanager.com https://app.optimizely.com https://cdn.optimizely.com https://www.google.com https://*.googlesyndication.com https://*.2mdn.net https://www.google.com.au; frame-ancestors 'self' https://app.optimizely.com https://iframetester.com; object-src 'self' data: ; 1
default-src 'self' download.visaforchina.cn *.alibaba.com *.aliyuncs.com *.alicdn.com *.aliyun.com *.aliapp.org *.mmstat.com *.126.net *.127.net *.163yun.com *.163.com *.netease.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval' data: https://*.bancobmg.com.br  https://bancobmg.chat.blip.ai; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.inbenta.chat:* wss://*.inbenta.io:* wss://*.inbenta.com:* http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.googleoptimize.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://youtu.be http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.inbenta.chat:* http://*.inbenta.io:* http://*.inbenta.com:* http://*.go-mpulse.net http://*.akstat.io http://*.akamaihd.net http://cdn-akamai.mookie1.com http://*.userway.org http://claro.speedtestcustom.com http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://tags.tiqcdn.com/* https://*.googletagmanager.com  https://*.googleoptimize.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.inbenta.chat:* https://*.inbenta.io:* https://*.inbenta.com:* https://cdn.linkedin.oribi.io https://www.googleadservices.com https://*.qualtrics.com https://*.claro.com.do https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://cdn-akamai.mookie1.com https://*.userway.org https://claro.speedtestcustom.com https://clarotec.com.do https://snap.licdn.com https://*.clarovideo.net https://px.ads.linkedin.com https://p.adsymptotic.com https://claro.dualstack.speedtestcustom.com https://www.youtube-nocookie.com https://*.logwork.com https://logwork.com https://cdnjs.cloudflare.com https://api-prod-do.prod.clarodigital.net https://continua.com.mx https://px4.ads.linkedin.com https://*.clarity.ms https://*.claromusica.com; media-src mediastream:; 1
base-uri 'self' capture.trackjs.com;connect-src 'self' https://*.verkkokauppa.com https://cdn.verk.net https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.giosg.com https://*.giosgusercontent.com https://*.clarity.ms https://bat.bing.com https://www.google.fi https://translate.googleapis.com https://capture.trackjs.com https://stats.g.doubleclick.net https://*.instagram.com https://login.microsoftonline.com https://*.facebook.com https://*.richrelevance.com https://*.zopim.com https://api.custobar.com https://track.adform.net https://cdn.contentful.com https://preview.contentful.com https://verkkokauppa.zendesk.com wss://verkkokauppa.zendesk.com wss://*.zopim.com https://ekr.zendesk.com https://zendesk-eu.my.sentry.io https://ekr.zdassets.com https://accounts.google.com/gsi/ https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://cdn.optimizely.com https://logx.optimizely.com https://*.usercentrics.eu https://bam.eu01.nr-data.net;default-src 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://*.giosg.com https://*.giosgusercontent.com https://v2.zopim.com https://cdn.verk.net data:;form-action 'self' connect.facebook.net *.verkkokauppa.com epmt.nordea.fi *.signicat.com maksuluotto.fi epayment1.point.fi epayment2.point.fi https://idp.collectorbank.se/;frame-ancestors 'self';frame-src 'self' https://view.24mags.com/schedule/verkkokauppa.com/ https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://login.microsoftonline.com https://login.live.com https://player.twitch.tv https://*.giosg.com https://*.giosgusercontent.com https://*.google.com https://*.googlesyndication.com https://*.facebook.com https://*.instagram.com https://*.doubleclick.net https://livestream.com https://accounts.google.com/gsi/ https://*.usercentrics.eu;img-src 'self' https://*.verkkokauppa.com https://cdn.verk.net https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.google.com https://*.giosg.com https://*.giosgusercontent.com https://*.clarity.ms https://*.bing.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google.fi https://www.google.ru https://www.google.se https://www.google.no https://www.google.de https://www.google.pl https://www.google.ee https://www.google.nl https://www.google.co.uk https://www.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.facebook.com https://*.bazaarvoice.com https://*.zopim.io https://img.youtube.com https://usage.trackjs.com https://adsby.improveads.fi https://i.ytimg.com https://*.gstatic.com https://*.doubleclick.net https://cx.atdmt.com https://images.ctfassets.net/nggsuamsum0l/ https://*.usercentrics.eu data: blob: https://www.td-renew.com https://www.securecmr.com;manifest-src 'self';media-src 'self' https://v2.zopim.com https://static.zdassets.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic' 'nonce-ed45e78bfbf81531c135faad78f2d2f8';style-src 'self' 'unsafe-inline' https://cdn.verk.net https://*.googleapis.com https://*.giosg.com https://*.giosgusercontent.com https://tagmanager.google.com https://accounts.google.com/gsi/style;worker-src 'self';report-uri https://verkkokauppa.report-uri.com/r/t/csp/enforce;block-all-mixed-content 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.parsons.com *.twitter.com *.typekit.net *.twimg.com *.amazonaws.com *.google-analytics.com *.webtrendslive.com *.googleapis.com *.google.com *.gstatic.com *.cloudfront.net *.fontawesome.com *.pardot.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.pixel.ad *.instagram.com *.wpengine.com *.cloudflare.com *.alumniparsonscom.local *.hubspot.com *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.licdn.com *.yoast.com 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com www.google-analytics.com *.google.com *.google.it *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.printfriendly.com www.unescap.org unescap.org static.cloudflareinsights.com ajax.cloudflare.com *.flickr.com platform.twitter.com *.youtube.com *.cloudflare.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com www.unescap.org unescap.org *.fontawesome.com  *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com ajax.cloudflare.com *.cloudflare.com repository.unescap.org; img-src 'self' 'unsafe-inline' data: *.google-analytics.com *.google.it *.google.com *.googletagmanager.com www.unescap.org unescap.org repository.unescap.org youtube.com www.youtube.com i.ytimg.com *.staticflickr.com *.twitter.com *.google.co.th; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org *.unescap.org *.twitter.com *.canva.com *.powerbi.com; child-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com www.unescap.org unescap.org; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.jsdelivr.net www.unescap.org unescap.org *.cloudflare.com; connect-src www.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.unescap.org unescap.org cloudflareinsights.com repository.unescap.org; report-uri /report-csp-violation 1
default-src *.ncs.gov.in; script-src 'unsafe-inline' 'unsafe-eval' *.ncs.gov.in www.google-analytics.com www.googletagmanager.com *.jquery.com; img-src *.ncs.gov.in www.google-analytics.com img.youtube.com *.jquery.com data:; style-src 'unsafe-inline' *.ncs.gov.in *.jquery.com; frame-src *.ncs.gov.in *.youtube.com; connect-src services.ncs.gov.in:7443 *.ncs.gov.in www.googleapis.com www.google-analytics.com stats.g.doubleclick.net; media-src *.ncs.gov.in *.youtube.com stats.g.doubleclick.net 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.qualtrics.com *.euroclear.com; object-src 'self'; 1
default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 1
default-src 'self'; script-src https://*.helsenorge.no https://helsenorge.no https://in.taskanalytics.com https://in2.taskanalytics.com https://assets.adobedtm.com blob: 'unsafe-inline' 'unsafe-eval'; style-src https://*.helsenorge.no 'self' 'unsafe-inline'; img-src data: https://*.helsenorge.no https://helsenorge.no https://cm.everesttech.net https://dpm.demdex.net https://ehelse.d3.sc.omtrdc.net https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://i.vimeocdn.com https://img.youtube.com; font-src data: https://*.helsenorge.no; connect-src https://*.helsenorge.no https://helsenorge.no https://dpm.demdex.net https://ehelse.d3.sc.omtrdc.net https://helsenorge-helfo.boost.ai https://snowstorm.terminologi.ehelse.no https://ta-survey-v2.herokuapp.com; frame-src https://*.helsenorge.no https://www.youtube.com https://player.vimeo.com https://dpm.demdex.net https://helsenorge.demdex.net https://www.youtube-nocookie.com; frame-ancestors 'self'; object-src 'self'; upgrade-insecure-requests; report-uri https://f1a79774c38073e7aa3a3ef3a9a0bc6b.report-uri.com/r/t/csp/enforce 1
default-src 'self' 'unsafe-inline' data: https: wss:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; object-src 'none'; frame-ancestors 'none'; frame-src https://www.google.com https://www.facebook.com https://api.imotech.video https://www.youtube.com https://cdn.moengage.com https://challenges.cloudflare.com https://recaptcha.google.com https://*.doubleclick.net https://form.typeform.com https://*.turbogames.io 1
default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';worker-src 'self' blob:; 1
frame-ancestors 'self' https://back-office.kameleoon.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com dock.ui.bosch.tech *.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.optimizely.com www.boschrexroth.com.cn prospecttrax.com connect.facebook.net js-na1.hsforms.net skk.erecruiter.pl maps.googleapis.com dxf-services.bosch.com hm.baidu.com webchatplugins.blob.core.windows.net cdn-go.cn vm.gtimg.cn p1.authz.bosch.com js.hubspot.com rbdcportalprod-endpoint-gubhcth0ftdbc2dv.z01.azurefd.net 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.scottsdaleaz.gov https://scottsdaleiwt.cxmflow.com https://*.livehelpnow.net https://*.workflowcloud.com https://*.cognitoforms.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://www.truejob.com https://secure.leadforensics.com https://*.zoomprospector.com https://*.sizeup.com https://siteimproveanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.recollect.net https://assets.us.recollect.net https://www.youtube-nocookie.com https://www.youtube.com https://cdn.polyfill.io https://z.moatads.com https://stckjs.stackify.com https://oss.maxcdn.com https://code.jquery.com https://my.nicheacademy.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://*.arcgis.com https://www.instagram.com https://cdn.syndication.twimg.com https://widget.surveymonkey.com http://scottsdale.granicus.com; script-src-elem 'self' 'unsafe-inline' https://scottsdaleiwt.cxmflow.com https://splsaz.patronpoint.com https://scottsdalepassports.fullslate.com https://widget.sizeup.com https://cdn.insight.sitefinity.com https://resources.zoomprospector.com https://api.recollect.net https://public.lbi.sizeup.com https://application.sizeup.com https://cdn.syndication.twimg.com https://assets.us.recollect.net https://static.ctctcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://js.arcgis.com https://secure.leadforensics.com https://oss.maxcdn.com https://siteimproveanalytics.com https://stackpath.bootstrapcdn.com https://*.cognitoforms.com https://stckjs.stackify.com https://*.google.com https://*.googleapis.com https://widget.surveymonkey.com https://*.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://thunderstone.scottsdaleaz.gov https://*.livehelpnow.net https://cdn.polyfill.io https://*.scottsdaleaz.gov https://cdnjs.cloudflare.com https://my.nicheacademy.com https://oss.maxcdn.com https://z.moatads.com https://scottsdale.zoomprospector.com https://platform.twitter.com https://www.instagram.com https://*.workflowcloud.com https://www.truejob.com; style-src 'self' 'unsafe-inline' https://*.scottsdaleaz.gov https://*.livehelpnow.net https://maxcdn.bootstrapcdn.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://*.google.com https://*.twimg.com https://*.ctctcdn.com https://*.arcgis.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://platform.twitter.com https://fonts.googleapis.com https://system/css/ip-backend.css; style-src-elem 'self' 'unsafe-inline' https://www.google.com https://scottsdalepassports.fullslate.com https://splsaz.patronpoint.com https://static.ctctcdn.com https://*.googleapis.com https://www.gstatic.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://ton.twimg.com https://platform.twitter.com https://developer.livehelpnow.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://thunderstone.scottsdaleaz.gov; img-src 'self' data: https://*.scottsdaleaz.gov https://scottsdalepassports.fullslate.com http://www.scottsdaleaz.gov https://*.scottsdalelibrary.org https://*.choosescottsdale.com https://www.google.ca https://syndication.twitter.com https://www.google.co https://www.google.co.uk https://www.google.com.mx https://www.google.com https://*.ytimg.com https://www.paypalobjects.com https://prod.smassets.net https://*.cloudfront.net https://*.cognitoforms.com https://www.syndetics.com https://*.suiteonemedia.com https://*.livehelpnow.net https://*.arcgis.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.twimg.com https://platform.twitter.com https://www.gstatic.com https://8575.global.siteimproveanalytics.io https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://api.recollect.net https://www.facebook.com http://img.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://*.livehelpnow.net https://*.arcgis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.cognitoforms.com https://scottsdale.polarislibrary.com https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://assets.quadpay.com; connect-src 'self' https://scottsdaleiwt.cxmflow.com https://visitor2.constantcontact.com https://api.insight.sitefinity.com https://*.scottsdaleaz.gov https://resources.zoomprospector.com https://outlook.office365.com https://*.livehelpnow.net https://*.arcgis.com https://*.googleapis.com https://*.ctctcdn.com https://www.google-analytics.com https://utility.arcgisonline.com https://campaign.constantcontact.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://cognitoprod.blob.core.windows.net https://api.nicheacademy.com https://rum.stackify.com https://new229.com wss://app.livehelpnow.net; media-src 'self' data: https://developer.livehelpnow.net https://cdn.hiretual.com https://*.suiteonemedia.com; object-src 'self'; child-src 'self' blob:; frame-src 'self' data: https://wateruseitwisely.com https://*.scottsdaleaz.gov https://*.google.com https://outlook.office365.com https://experience.arcgis.com https://*.arcgis.com https://*.workflowcloud.com https://www.eventsquid.com https://azscottsdaleccrt1.suiteonemedia.com https://www.arcgis.com https://splsaz.patronpoint.com https://*.suiteonemedia.com https://*.nintex.io https://*.sizeup.com https://www.youtube.com https://www.youtube-nocookie.com https://api.recollect.net https://widget.spreaker.com https://scottsdale.granicus.com https://www.truejob.com https://*.zoomprospector.com https://iframe.c2er.org https://scottsdale.libnet.info https://www.surveymonkey.com https://www.facebook.net https://www.facebook.com https://*.twitter.com https://www.instagram.com https://cos-gis.maps.arcgis.com https://forms.office.com https://www.googletagmanager.com https://my.nicheacademy.com; worker-src 'self' blob:; frame-ancestors 'self' https://scottsdale.granicus.com; form-action 'self' https://*.twitter.com https://splsaz.patronpoint.com https://eservices.scottsdaleaz.gov https://scottsdale.polarislibrary.com https://www.paypal.com; report-uri https://eservicestest.scottsdaleaz.gov/reporturi/listener 1
base-uri 'none';connect-src 'self' *.swiftype.com https://assets.westpac.co.nz https://westpacnewzealand.tt.omtrdc.net http://westpacnewzealand.tt.omtrdc.net https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://www.instagram.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://www.google.co.nz/ads/ga-audiences https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.linkedin.oribi.io https://*.googlesyndication.com;default-src 'self';form-action 'self' https://*.westpac.co.nz https://www.facebook.com/tr/;img-src 'self' *.ytimg.com https://staticcdn.co.nz https://api.rkd.refinitiv.com https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com data: https://analytics.tiktok.com blob:;media-src 'self' data:;object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com;script-src www.youtube.com s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ player.vimeo.com api.swiftype.com https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.qualtrics.com https://analytics.tiktok.com https://*.licdn.com 'unsafe-inline' https://maps.googleapis.com;frame-src *.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ player.vimeo.com https://staticcdn.co.nz https://insight.adsrvr.org https://*.adsrvr.org https://wnzl.demdex.net https://*.westpac.co.nz https://www.facebook.com https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net bytedance: sslocal: 'self';child-src player.vimeo.com;script-src-elem https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://smetrics.comms.westpac.co.nz http://smetrics.comms.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.licdn.com https://www.googleadservices.com *.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://*.googlesyndication.com 'self' 'unsafe-inline' https://maps.googleapis.com https://gateway.zscalerthree.net https://*.zscalerthree.net;report-uri https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce;report-to https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'sha256-xK4cJcCPGsL/+r8F8PRQDcWZdtarff0x+VlJshOKQlQ=' 'sha256-ernztCnMlXu00OkLyfYYigtc39ZnAzfuAF+2DDgMruo=' 'sha256-Nha/NRd56bJPSEEox6mHMvCvjSEP/xBlHe3NNGxIu84=' 'sha256-PaLNQkfP6jJYWeJh58xrtw+47z9gBr943DLGUZhTb+4=' 'sha256-GsRFSI6+rS7Qt0qchq12+hqB82OAYhivsq5Krl8SdEg=' https://analytics.twitter.com/ https://www.clarity.ms/ https://j.6sc.co/ https://www.google.com/ https://www.google.com.au/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ http://www.googletagmanager.com/ https://www.gstatic.com/ *.googlesyndication.com *.google-analytics.com *.analytics.google.com https://www.youtube.com http://cdn.madkudu.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://static.hsappstatic.net https://js-na1.hs-scripts.com/ https://js.hs-banner.com/ http://static.ads-twitter.com/ https://snap.licdn.com/ https://js.hsadspixel.net/ https://js.hsforms.net/ http://js.hsforms.net/ https://js.hscollectedforms.net/ https://forms.hsforms.com/ https://cdn.segment.com/ https://cdn.usefathom.com/ https://platform.twitter.com/; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com/; img-src 'self' blob: data: https://buildkiteassets.com https://www.google.com/ https://www.google.com.au/ https://www.googletagmanager.com/ http://www.googletagmanager.com/ *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net/ https://i.ytimg.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://p.adsymptotic.com/ https://avatars.githubusercontent.com https://avatars0.githubusercontent.com https://avatars1.githubusercontent.com https://avatars2.githubusercontent.com https://avatars3.githubusercontent.com https://forms-na1.hsforms.com/ https://t.co/ http://t.co/ https://analytics.twitter.com/ https://track.hubspot.com/ https://forms.hsforms.com/ https://perf.hsforms.com/ https://c.clarity.ms/ https://www.datocms-assets.com https://image.mux.com https://cdn.usefathom.com/ https://syndication.twitter.com *.6sc.co; media-src 'self' https://d3lj8s78qytm30.cloudfront.net https://stream.mux.com https://www.datocms-assets.com/; object-src 'none'; font-src 'self' https://cloud.typenetwork.com/ https://fastly-cloud.typenetwork.com/; frame-src https://bid.g.doubleclick.net/ https://td.doubleclick.net/ https://stream.mux.com https://forms.hsforms.com/ https://meetings.hubspot.com/ https://js.hsforms.net/ https://www.google.com/ https://www.youtube.com/ https://tpc.googlesyndication.com/ https://bandcamp.com/ https://platform.twitter.com/; connect-src 'self' https://fonts.gstatic.com/ https://api.hubapi.com/ https://cdn.linkedin.oribi.io/ https://buildkite.com/_next/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://forms.hsforms.com/ https://forms.hubspot.com/ https://api.hsforms.com/ *.google-analytics.com *.analytics.google.com *.googlesyndication.com https://cdn.segment.com/ https://api.segment.io/ https://adservice.google.com/ https://www.google.com/ https://prod.spline.design https://draft.spline.design https://unpkg.com/@splinetool/modelling-wasm@0.9.98/build/process.wasm *.clarity.ms/collect https://cdn.usefathom.com/ *.6sc.co/ *.6sense.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.asb.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.twitter.com https://*.youtube-nocookie.com https://*.youtube.com https://asbbankltd.tt.omtrdc.net https://d3f5l8ze0o4j2m.cloudfront.net https://quoteapi.com https://dpm.demdex.net https://asb.demdex.net https://*.pingdom.net https://nebula-cdn.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://staticcdn.co.nz https://*.staticcdn.co.nz https://asb.sc.omtrdc.net https://assets.adobedtm.com https://*.analytics.google.com https://*.asbbank.co.nz; worker-src 'self' blob:; 1
connect-src 'self' *.adroll.com *.clarity.ms *.doubleclick.net *.equinox.com *.google.com *.googlesyndication.com *.mapbox.com *.onetrust.com *.snapchat.com *.splashthat.com *.visualwebsiteoptimizer.com *.mosopay.com analytics.google.com analytics.tiktok.com api.ipify.org api.ipstack.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io dpm.demdex.net equinox.attn.tv equinox-development.apm.eastus.azure.elastic-cloud.com equinox-production.apm.us-east-1.aws.found.io equinoxfitnessclubs.tt.omtrdc.net events.attentivemobile.com google.com ipv4.icanhazip.com maps.googleapis.com sdk.iad-03.braze.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com www.google.co.in www.google.co.uk www.google.com.ph www.google-analytics.com www.googletagmanager.com;default-src 'self';font-src 'self' data: assets.cdn-equinox.com use.fontawesome.com;form-action 'self' *.equinox.com equinox-spa.com www.facebook.com;frame-ancestors 'self' *.salesforce.com;frame-src 'self' *.adsrvr.org *.doubleclick.net *.onetrust.com *.salesforce.com *.snapchat.com equinox.demdex.net open.spotify.com s.tiled.co www.facebook.com;img-src 'self' data: *.adroll.com *.adsrvr.org *.bing.com *.clarity.ms *.ctfassets.net *.doubleclick.net *.equinox.com *.liadm.com *.linkedin.com *.pubmatic.com *.visualwebsiteoptimizer.com ads.resetsrv.com ads.scorecardresearch.com assets.cdn-equinox.com beacon.krxd.net braze-images.com cdn.cookielaw.org cm.everesttech.net connect.facebook.net cw.addthis.com data02.digiseg.net dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com eb2.3lift.com eqxwebdev.112.2o7.net fei.pro-market.net he.lijit.com ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com maps.googleapis.com maps.gstatic.com media.cdn-equinox.com meta.resetdigital.co pippio.com pixel.rubiconproject.com px.steelhousemedia.com s.thebrighttag.com secure.adnxs.com segments.company-target.com sync.outbrain.com sync.resetdigital.co sync.taboola.com sync2.resetdigital.co tags.bluekai.com trkn.us ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net www.facebook.com www.google.co.in www.google.co.uk www.google.com www.google.com.ph www.google-analytics.com www.googletagmanager.com x.bidswitch.net;media-src 'self' videos.ctfassets.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.doubleclick.net *.mapbox.com *.mountain.com *.salesforce.com *.salesforceliveagent.com *.snapchat.com *.visualwebsiteoptimizer.com a1.adform.net acdn.adnxs.com analytics.tiktok.com assets.adobedtm.com bat.bing.com cdn.attn.tv cdn.cookielaw.org cdn.pdst.fm connect.facebook.net js.adsrvr.org maps.googleapis.com meta.resetdigital.co sc-static.net secure.adnxs.com snap.licdn.com s2.adform.net www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.mapbox.com *.salesforce.com service.force.com use.fontawesome.com;worker-src 'self' blob:;base-uri 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https://*.gstatic.com; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.com https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net https://*.doubleclick.net https://relap.io https://play.google.com; font-src data: https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self' https://relap.io https://play.google.com; frame-src 'self' https://relap.io https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://play.google.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net http://webvisor.com https://www.googletagmanager.com https://relap.io https://www.youtube-nocookie.com https://youtube-nocookie.com; img-src 'self' https://*.stripocdn.email https://*.tns-counter.ru https://*.medkongress.ru http://*.medkongress.ru https://*.nesterovskie-chteniya.ru http://nesterovskie-chteniya.ru https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr https://www.vidal.ru https://vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.com https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.be https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.google.nl https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch https://yastatic.net https://*.yastatic.net https://relap.io https://cm.p.altergeo.ru https://*.relap.io https://www.googletagmanager.com https://play.google.com; media-src 'self' data: https://*.google.com https://*.google.ru https://*.yandex.net https://*.strm.yandex.ru https://strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://*.yandex.ru https://*.admetrica.ru https://www.googletagmanager.com https://relap.io https://cm.p.altergeo.ru https://play.google.com; script-src 'self' https://relap.io https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://*.yandex.com https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com https://www.googletagmanager.com https://*.ampproject.org https://relap.io https://js.ad-score.com https://*.doubleclick.net https://static.doubleclick.net https://play.google.com; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://relap.io https://play.google.com 1
default-src * http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net manifest.prod.boltdns.net *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net www.connectidfeed.com data: 'unsafe-eval' 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.onetrust.com subscriptions.smartrecruiters.com otp.tools.investis.com d1hgczpbubj217.cloudfront.net staticcontents.investisdigital.com *.googleapis.com www.youtube.com script.hotjar.com sc.lfeeder.com vjs.zencdn.net cdnjs.cloudflare.com static.hotjar.com secure.intuitive-intuition.com cdn.cookielaw.org cdn.cookielaw.org www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net secure.smart-enterprise-52.com *.brightcove.net platform.twitter.com viz.tools.investis.com www.google-analytics.com *.brightcove.net blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.idigitalcontents.com fonts.gstatic.com viz.tools.investis.com *.brightcove.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com; object-src 'none'; font-src 'self' 'unsafe-inline' data: players.brightcove.net fonts.idigitalcontents.com fonts.gstatic.com idx.liadm.com vjs.zencdn.net viz.tools.investis.com *.brightcove.net *.onetrust.com; frame-src 'self' www.youtube.com *.youtube.com platform.twitter.com irs.tools.investis.com otp.tools.investis.com www.connectidfeed.com subscriptions.smartrecruiters.com *.googleapis.com; frame-ancestors 'self' https://allowed-origin.com; img-src data: 'self' viz.tools.investis.com *.facebook.com *.google-analytics.com *.googleapis.com *.google.com tr.lfeeder.com google-analytics.com *.gstatic.com www.google.co.uk www.googletagmanager.com subscriptions.smartrecruiters.com *.ytimg.com *.youtube.com cdn.cookielaw.org cf-images.eu-west-1.prod.boltdns.net www.google.co.in metrics.brightcove.com *.brightcove.net manifest.prod.boltdns.net; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.onetrust.com blob:; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' www.angloamerican.com code.highcharts.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net wss://ws.hotjar.com *.hotjar.io *.hotjar.com data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.connectidfeed.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net *.google-analytics.com *.amazonaws.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com google-analytics.com *.googleapis.com *.onetrust.com cdn.cookielaw.org idx.liadm.com analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com *.brightcove.net players.brightcove.net viz.tools.investis.com analytics.google.com *.google-analytics.com *.youtube.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud *.typekit.net *.amazonaws.com *.google.com; base-uri 'self'; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' *.marketlinc.com *.gbqofs.com; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com *.googleapis.com *.google.com *.omappapi.com *.survicate.com; img-src * data:; connect-src * 'unsafe-inline'; font-src *.gstatic.com *.fontawesome.com *.survicate.com *.intelex.com data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/ *.monitor.azure.com *.cdn.applicationinsights.io; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com *.in.applicationinsights.azure.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com https://public.flourish.studio/; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
frame-ancestors 'self' https://bbs.dji.com https://forum.dji.com https://app-h5.dji.com https://mimo.skypixel.com; 1
frame-ancestors 'self'  *.cnb.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *; 1
default-src 'none'; connect-src wss://webminer.moneroocean.stream:443/ https://api.moneroocean.stream/; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https://www.google-analytics.com/ https://public.tableau.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://public.tableau.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; child-src 'self' https://public.tableau.com/; frame-ancestors 'none'; base-uri 'none'; form-action 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' https://*.revolve.com; 1
default-src 'self' https: wss:; script-src 'self' 'unsafe-eval' https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self' https:; font-src 'self' https: data:; img-src 'self' data: https:; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' eventcinemas.com.au *.eventcinemas.com.au *.americanexpress.com *.android.com *.braintree-api.com *.braintreegateway.com *.braze.com *.byspotify.com *.cardinalcommerce.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.eventcinemas.co.nz *.eventcinemas.com.au *.facebook.com *.fontawesome.com *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.imdb.com *.instagram.com *.kaptcha.com *.movio.co *.mycardsecure.com *.parlourlane.com *.paypal.com *.paypalobjects.com *.quantcount.com *.quantserve.com *.rialto.co.nz *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.shift72.com *.spotify.com *.stripe.com *.tiktok.com *.typekit.net *.unpkg.com *.vimeo.com *.wp.com *.wufoo.com *.wufoo.eu *.youtube.com adservice.google.de adservice.google.fr americanexpress.com analytics.pangle-ads.com analytics.tiktok.com android.com attestation.android.com bam.nr-data.net braze.com cardinalcommerce.com cdn.honey.io cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net dggwxdl5oqubl.cloudfront.net eventcinemas.com.au fontawesome.com google.com googletagmanager.com i.ytimg.com instagram.com js-agent.newrelic.com js.appboycdn.com kg668dbov0.execute-api.us-east-1.amazonaws.com mpsnare.iesnare.com mycardsecure.com parlourlane.com participant.connect.ap-southeast-2.amazonaws.com paypal.com rsa3dsauth.co.uk secure7.arcot.com securepubads.g.doubleclick.net sharepointonline.com shift72.com spotify.com stripe.com tiktok.com typekit.net unpkg.com vimeo.com wp.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.moonlight.com.au www.surveymonkey.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru https://chat3.vtb.ru  https://ad.adriver.ru https://vk.com https://top-fwz1.mail.ru https://content.adriver.ru https://dmp.dmpkit.1dmp.io https://yastatic.net  https://stream.datago.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru; style-src 'self' 'unsafe-inline' https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru; img-src * data:; font-src 'self' data: https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru; media-src https://chat3.vtb.ru https://vtbcareer.com https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru; frame-src 'self' 'unsafe-inline' blob: https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru https://chat3.vtb.ru  https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io https://sync.1dmp.io/ https://onlinesales.vtb.ru; connect-src 'self' blob:  https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru https://chat3.vtb.ru https://ad.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru http://siteapi.vtb.ru https://siteapi.vtb.com https://siteapi.vtb.com https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io wss://chat.vtb.ru wss://chat3.vtb.ru https://cert.vtb.ru/ https://*.tech.rtb.mts.ru https://*.match.mts.ru https://www.vtb.ru https://stream.datago.ru https://tech.rtb.mts.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai wss://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru; frame-ancestors 'self' https://*.vtb.ru:* https://www.rbc.ru https://metrika.yandex.ru https://onlinesales.vtb.ru; 1
default-src 'self' data:;img-src * data: *.amazonaws.com *.maxcdn.com *.lfeeder.com;font-src 'self' *.tidiochat.com  p.typekit.net use.typekit.net fonts.gstatic.com cdn.jsdelivr.net;frame-src 'self' www.youtube.com calendly.com recaptcha.net *.google.com gstatic.com anybrain.us9.list-manage.com;media-src 'self' *.tidiochat.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.calendly.com recaptcha.net *.gstatic.com *.tidio.co *.tidiochat.com *.googletagmanager.com *.google.com *.lfeeder.com;style-src 'self' data: 'unsafe-inline' p.typekit.net use.typekit.net fonts.googleapis.com cdn.jsdelivr.net;connect-src api.rss2json.com *.anybrain.gg *.datadoghq.com *.sentry.io wss://*.tidio.co *.google-analytics.com *.google.com *.googleusercontent.com *.pipedrive.com api.hunter.io;upgrade-insecure-requests; 1
default-src 'self' www.bolsasymercados.es 'unsafe-inline' 'unsafe-eval' data: *.typekit.net *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.google.com *.google.es *.gstatic.com *.googleapis.com cdn.cookielaw.org *.onetrust.com i1.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.readspeaker.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com;base-uri 'self';form-action 'self';frame-ancestors 'self'; 1
default-src 'none'; base-uri 'self' *.32auctions.com; connect-src 'self' *.32auctions.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com; font-src 'self' https: data:; form-action 'self' *.32auctions.com; frame-ancestors 'self'; frame-src 'self' *.32auctions.com *.googlesyndication.com *.doubleclick.net *.google.com *.youtube-nocookie.com *.facebook.com *.recaptcha.net *.stripe.com; img-src 'self' data: *.32auctions.com *.facebook.com *.twimg.com *.googlesyndication.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self' *.32auctions.com; object-src 'none'; script-src 'self' *.32auctions.com 'strict-dynamic' 'unsafe-inline' *.googlesyndication.com *.gstatic.com *.stripe.com *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'nonce-Bfe9KM8/kOKj9Gv8r3QNFA=='; style-src 'self' 'unsafe-inline' *.32auctions.com fonts.googleapis.com *.gstatic.com; report-uri /csp_violation_reports 1
frame-ancestors 'self' http://www.knorr.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
frame-ancestors 'self' aws-prod1.docebosaas.com explore.skillbuilder.aws 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; style-src 'self' https: 'unsafe-inline'  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; font-src 'self' data:  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; connect-src 'self'  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-src 'self' data:  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-ancestors 'self'  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; object-src data:  *.abtasty.com *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138 1
default-src 'self' *.vodafone.com *.vodafone.ro wss://*.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.fonts.gstatic.com *.google.com google.com *.google-analytics.com google.ro *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.teads.tv dpm.demdex.net *.facebook.com *.facebook.net *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.ytimg.com *.hotjar.com wss://*.hotjar.com *.adform.net cm.everesttech.net vodafoneromania.demdex.net server.seadform.net *.hotjar.io *.kampyle.com vodafoneromania.tt.omtrdc.net maps.googleapis.com www.youtube.com *.criteo.com *.criteo.net dynamic.criteo.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vodafone.com *.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.tiqcdn.com *.gstatic.com *.teads.tv dpm.demdex.net *.facebook.net *.facebook.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.adform.net *.google.com *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.kampyle.com maps.googleapis.com *.criteo.com *.criteo.net dynamic.criteo.com; style-src 'self' 'unsafe-inline' *.vodafone.com *.vodafone.ro 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' unsafe-dynamic; frame-ancestors https://workflowy.com https://*.workflowy.com https://teams.microsoft.com; frame-src * workflowy: 1
script-src 'self'  'unsafe-inline' 'nonce-lP3MXelGjsJKHHSseBn06A==' script.crazyegg.com *.faithlifecdn.com *.faithlife.com api.reftagger.com serve.faithlifeads.com platform.twitter.com *.google.com connect.facebook.net cdn.syndication.twimg.com www.googletagmanager.com www.google-analytics.com reftagger.bibliacdn.com cdnjs.cloudflare.com netdna.bootstrapcdn.com *.live.net cdn.amplitude.com cdn.raygun.io request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com maps.googleapis.com www.gstatic.com www.sc.pages08.net *.adroll.com d.adroll.mgr.consensu.org cdn.siftscience.com js.hs-scripts.com www.recaptcha.net cdn.pendo.io data.pendo.io app.pendo.io pendo-static-5148149930131456.storage.googleapis.com  pendo-io-static.storage.googleapis.com apple-pay-gateway.apple.com apple-pay-gateway-nc-pod1.apple.com apple-pay-gateway-nc-pod2.apple.com apple-pay-gateway-nc-pod3.apple.com apple-pay-gateway-nc-pod4.apple.com apple-pay-gateway-nc-pod5.apple.com apple-pay-gateway-pr-pod1.apple.com apple-pay-gateway-pr-pod2.apple.com apple-pay-gateway-pr-pod3.apple.com apple-pay-gateway-pr-pod4.apple.com apple-pay-gateway-pr-pod5.apple.com cn-apple-pay-gateway-sh-pod1.apple.com cn-apple-pay-gateway-sh-pod2.apple.com cn-apple-pay-gateway-sh-pod3.apple.com cn-apple-pay-gateway-tj-pod1.apple.com cn-apple-pay-gateway-tj-pod2.apple.com cn-apple-pay-gateway-tj-pod3.apple.com apple-pay-gateway-cert.apple.com cn-apple-pay-gateway-cert.apple.com js.monitor.azure.com; object-src 'none'; base-uri 'none' 1
frame-ancestors https://*.refinitiv.com https://*.thomsonreuters.com https://*.lseg.com https://*.bruegel.org https://bruegel.org.ddev.site https://bruegel-staging.sbx.so/; report-uri /report-csp-violation 1
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ wss://*.jivosite.com code.jivo.ru *.timeweb.net *.timeweb.ru *.timeweb.cloud timeweb.cloud *.timeweb.com timeweb.com sentry.timeweb.net:4443 wss://*.timeweb.ru wss://*.timeweb.net wss://ws.selectel.ru www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com metrika.yandex.ru mc.yandex.ru api-maps.yandex.ru *.maps.yandex.net *.yandex.tld *.yandex.net  *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.giphy.com *.giphy.com/ *.seopult.org *.promopult.org *.dadata.ru ipinfo.io production.wootric.com *.webpushs.com cdn.jsdelivr.net webvisor.com mc.webvisor.org yastatic.net *.elfsight.com wmtimewebru.push.world cdn.sendpulse.com www.gstatic.com https://*.getsitecontrol.com elfsightmail.com *.googleapis.com gtranslate.net *.roistat.com https://js.stripe.com/v3/ youtu.be https://www.youtube.com data: vk.com *.vk.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.world; img-src 'self' https: data: blob: https://mastodon.world; style-src 'self' https://mastodon.world 'nonce-OZzAiOkeHWzt5X8ON5+B3w=='; media-src 'self' https: data: https://mastodon.world; frame-src 'self' https:; manifest-src 'self' https://mastodon.world; form-action 'self'; child-src 'self' blob: https://mastodon.world; worker-src 'self' blob: https://mastodon.world; connect-src 'self' data: blob: https://mastodon.world https://s3.eu-central-2.wasabisys.com wss://mastodon.world; script-src 'self' https://mastodon.world 'wasm-unsafe-eval' 1
block-all-mixed-content; frame-ancestors 'self' https://*.braintreegateway.com https://*.paypal.com; upgrade-insecure-requests; 1
require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 1
style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; 1
frame-ancestors 'self' https://help.patagonia.com/ https://cs.patagonia.jp/ https://patagonia-jp.my.salesforce-sites.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 1
default-src 'self';base-uri 'self';font-src 'self' https: data: https://use.typekit.net;form-action 'self';frame-ancestors 'self';object-src 'none';img-src 'self' data: https://healthifyme.imgix.net https://q.quora.com/ https://cds.taboola.com/ https://t.co/ https://analytics.twitter.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://p.adsymptotic.com/ https://www.facebook.com/ https://*.healthifyme.com/ https://www.google.com/ https://www.google.co.in/ https://track.hubspot.com/ https://forms.hsforms.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/ https://www.google-analytics.com/ https://*.taboola.com/ https://www.googleadservices.com/ https://static.ads-twitter.com/ https://connect.facebook.net/ https://*.healthifyme.com/ https://*.hs-scripts.com/ https://www.googletagmanager.com https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hscollectedforms.net/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' https://p.typekit.net/;frame-src *.facebook.com;connect-src 'self' https://*.sentry.io https://forms.hubspot.com https://*.taboola.com/ https://*.healthifyme.com/ https://analytics.google.com/ https://www.facebook.com/;upgrade-insecure-requests 1
frame-ancestors 'self' https://*.legalmatch.com https://*.legalmatchca.com https://*.lawyerslegallaws.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; frame-src player.vimeo.com; object-src 'none'; block-all-mixed-content 1
frame-ancestors 'none'; report-uri /csp-report.php; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 1
default-src 'self';script-src 'self' 'nonce-td/q2GhQAc5Fff/JN7JY9s0k' https://unpkg.com https://drinkawareu8media.blob.core.windows.net 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-j5u9U7MJRH9+lsH6CR7RAKjdPH3ciZyxqQSPnDflc1g=' ztiwnzkzndutogqxns00mzq1lwjlndytmjhjodgwmwy5mdjk https://drinkawareu8cdn.azureedge.net 'sha256-832bMznOm6qWg0EdeOEmbTuLOWdeKLvyfqnqi/Aj/hs=' https://cdn.ampproject.org:* https://drinkawaretools.blob.core.windows.net https://tagmanager.google.com 'sha256-5SFOBBlchVL5xoMoNllZxLfnhBQjNZMSENvPy+tmmKQ=' https://toolscdn.azureedge.net https://www.google-analytics.com 'sha256-R5DLincDJYdqcGGXCMrbUMFWdicAlnAh+8SOhUncJkg=' 'sha256-lL1mfy13bPVMuhUMfJsp/sIa2VIk0fbwsbcMkosrANY=' https://docs.google.com 'sha256-aci6xEbQHKCYxx5zZmPWJzt70Mqnoz3LVraxbGk+4jM=' https://drinkaware-web.azureedge.net https://media.drinkaware.co.uk https://ssl.google-analytics.com https://consent.cookiebot.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://siteimproveanalytics.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://optimize.google.com https://amplify.outbrain.com https://tr.outbrain.com https://outbrain.com https://secure.adnxs.com https://akt.audiencemanager.de 'sha256-MKa9NYI1A75RVOImeOZIxgWSE+js5re6E2hR63ZSWhk=' 'sha256-nnY6K0urmt5EGfIMhN7wRVm8MfGV6CRHoQj8yUV0uZk=' https://adservice.google.com https://5571928.fls.doubleclick.net 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' https://ad.doubleclick.net https://*.fls.doubleclick.net/ 'sha256-eG/GiiORVYDuKmhFYfc++/6gP3CYowy7sPSLCL9hZnQ=' 'sha256-3rv23yJPJEepwcz+YluFBR01uDF+z5VvXGn8SVPpdNM=' 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' https://r1.dotdigital-pages.com https://snap.licdn.com https://cdn.botframework.com https://e.infogram.com 'sha256-6BhwKhJ/R6rKNIuCyX7PTSWqxmEfYLqxyW/qhRg7E1s=' 'sha256-j0dSD3znw1WKkkOKT+v6l3A5pfzfgSYk1Om4lAXu6/U=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-HgNi6rnkwNBbJIrptNXBzmgXmgY3TAyjGh92nsnn3BE=' 'sha256-TTGyyOdQuPNwwnXLX4UQm+QCPjqYGKEFaiyFvhcGVCk=' https://sitepixel.blis.com 'sha256-fTeKaU4QNNcXTs6hRuTvc1dMJ1+TiNw6K8VH+Ed7Q78=' https://*.usercentrics.eu 'sha256-S/48efsbZ9zFXWdPNqKgUzYVTKcy1SskYFxRjLW5h3Q=' 'sha256-PpuLSTK6xNBgOEFGhz2Eo1r7l2EB3zi7jWASdCRLJiU=' https://directline.botframework.com https://*.googletagmanager.com;object-src 'self' https://*.usercentrics.eu;style-src 'self' 'nonce-vur14g9zzv9A9rfIDIyeDOA6' https://use.typekit.net https://p.typekit.net 'sha256-WsBuY47b95ZVJ79MxkKBWQeX5UTctKtGtHKga5U6QMY=' 'sha256-YKWOv6iCT/caCAPvhFbqm6YMjvaZmVATKlUF7y//xpg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://drinkawareu8cdn.azureedge.net 'sha256-w9CEzYhmvsTRzpOeD9qySBu+9qJ+adxh8W15E9GYwNE=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-832bMznOm6qWg0EdeOEmbTuLOWdeKLvyfqnqi/Aj/hs=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-b3IrgBVvuKx/Q3tmAi79fnf6AFClibrz/0S5x1ghdGU=' 'sha256-dHcGLuOEpJAic3+ivN/fRmU3fT+06V1rOSeQcR7dQy8=' 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-zvOkDW9xtgjlWwZxqyybTQMurFkTPjqZ7DU5wDy8K+Q=' 'sha256-5jmskJQJqo9nJcZEdDWjGDuW4Ff4NjxxJjzYYphXIAI=' https://drinkawaretools.blob.core.windows.net https://toolscdn.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' https://drinkaware-web.azureedge.net https://media.drinkaware.co.uk 'sha256-NYO4V0FCX3X1NP12UyP1zr0v6fLr1BPunBPTW1BpHW8=' 'sha256-5pOagQI9y3iEk7WUagFvqfHlFsLo1UqTFGkDaxVGqcc=' 'sha256-cy+l+9/IyQIvCrp/opkM2liBJHY2jdah0Kc2zq9s2Xk=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-2i1Av+0Mmks35pC8D6kgORiMYFTvo0ygXbzs71dgxbs=' https://optimize.google.com 'sha256-nqQxqmJdOsoZ94KPDgrZH0cVwHD4Uc5Yy5fqo6c6L/8=' 'sha256-ICa0DhwZQJsOd/Rn0N8H6FdQ71GfNL+op2zhAQ+Y4mM=' 'sha256-ZD0chCyBaNHl+4UwQHJIHGoYhKwMeyCXGgJTKW5/67E=' 'sha256-nR5hyLltSjfvi2rqC26RbcredWrJvTaPA1yqPX96jpY=' 'sha256-4IpZVAL3NgMVVYJZFWhQDbHM9ldjVAT7c0aFX2WRdfA=' 'sha256-vMGqtUnkTGujunFLnycM/YkvjZRNYVk1VNO9mWM2sUU=' 'sha256-XgFORIfWzQTTdjOtF2rpBUGLrTkn7gWeHaohzwtXhkg=' 'sha256-ngD5s4EOafjR13nytfaAPTbi8LQJjo/RHOV0pJHTRuE=' 'sha256-4q/gyebsUdnR80cVKM0cHmFTZZZYkggFSWpu6LegXZg=' 'sha256-Z20bviFQjcQ13JyOQkjIKZQQ8LPt446O/pMDxyF5WC8=' 'sha256-ZIpyC84K/4nLARUZsOljdNbuo8zilVSPtMnPwyHBO/A=' 'sha256-B5CZ1SOEVTT56nI2pMP47Lz0fck/E+02EYOZTIxydjA=' 'sha256-LxJxDnejgQn8L+GueuzYLem6+Ex8LJ8owNM0DRH2l4M=' 'sha256-z2SkUFuiCO4TJJOzOY2A0wDN0oayVazGy+xhd7XGw+E=' 'sha256-IYlLmmThwkKhW1htYZJJuIwLnxyoIilJnVFE4ctdlI8=' 'sha256-ul1ECfPIrzh/4ixcwPBZV5090BWArCB3yIApJlOOsio=' 'sha256-m2MySpsye6Ke9MEPGRnkYIeLAtH9s8R+Kq5bJgHvtNo=' 'sha256-jaH0KIBWCUByR2ImAzK4W2EPN/6Chvk99TboBscui9c=' 'sha256-JAjUOrJBhsFj0MDl+ghP6z4L/cTFN2TjsqGYT+X8vNA=' 'sha256-SMTRh7SAuh7G1sc6Qr2T6SQ8Mjqm9xwk1T3c8gZYSHk=' 'sha256-oM0kKtU+nugIwjuYHkXXVoKGVNhC/DCUnIVdSVBMkaQ=' 'sha256-CLItKtfchnJAOopH/wySGDJiLK/DMpkNR/wn54jKh3M=' 'sha256-e+ijr1Sabc9iOlsHnIez5pHlQ5JqVn2hC1YhuNB2ugY=' 'sha256-I9SGrUceeGGTNB1QvxdihlyAfRvrjhgn+MEEKO7kivE=' 'sha256-9gR8CTyrElZ6xab95FzILVACEMV2vkeDj3kYJnEo3u0=' 'sha256-ObGwI89/uxxgApdnGr1twYoIKrJyuMc9d1OSiTpqEYM=' 'sha256-1g+cIgBoSVXqEtoWEaV+tS2o80QXmizs2YJK4D7kk3c=' https://*.usercentrics.eu;img-src 'self' https://use.typekit.net https://drinkawareu8cdn.azureedge.net https://drinkawaretools.blob.core.windows.net https://drinkawarechatbotnonprod.blob.core.windows.net https://drinkawarechatbot.blob.core.windows.net https://toolscdn.azureedge.net https://stats.g.doubleclick.net https://www.google.co.uk/ads/ga-audiences https://www.google.com https://www.google.co.uk https://drinkaware-web.azureedge.net https://media.drinkaware.co.uk data: https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.siteimproveanalytics.io https://i.ytimg.com https://www.facebook.com https://t.co/i/adsct https://analytics.twitter.com https://optimize.google.com *.outbrain.com https://ad.doubleclick.net https://lh3.googleusercontent.com https://www.google.co.za/ads/ https://*.fls.doubleclick.net/ https://protect-eu.mimecast.com https://www.google.de/ads/ https://px.ads.linkedin.com https://tr.blismedia.com https://*.usercentrics.eu https://ardent-oven-342412.ew.r.appspot.com https://*.googletagmanager.com https://*.google-analytics.com;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://docs.google.com https://drinkaware.serco.com https://assets.nhs.uk/tools/heart-age/index.html https://www.timeforstorm.com https://www.smartsurvey.co.uk https://optimize.google.com https://5571928.fls.doubleclick.net https://*.fls.doubleclick.net/ https://www.audiencemanager.de https://datawrapper.dwcdn.net https://r1.dotdigital-pages.com https://e.infogram.com https://infogram-download-eu.s3.eu-west-1.amazonaws.com https://bid.g.doubleclick.net https://*.usercentrics.eu;font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://drinkawareu8cdn.azureedge.net https://drinkaware-web.azureedge.net https://media.drinkaware.co.uk data: https://*.usercentrics.eu;connect-src 'self' https://drinkaware-search.azurewebsites.net https://drinkaware-u8-dev.azurewebsites.net http://drinkaware-u8-dev.azurewebsites.net https://daapi-dev.azure-api.net https://api.drinkaware.co.uk https://drinkaware-api.azure-api.net https://dev-drinkaware-api.azure-api.net https://stage-drinkaware-api.azure-api.net https://loadtesting-drinkaware-api.azure-api.net https://drinkaware-search-global.azurewebsites.net https://drinkaware-cms-stage.azurewebsites.net https://drinkaware-cms-dev.azurewebsites.net https://stats.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://drinkaware-cms.azurewebsites.net https://*.usercentrics.eu https://ardent-oven-342412.ew.r.appspot.com https://drinkawarenonproduction.b2clogin.com https://directline.botframework.com wss://directline.botframework.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
frame-ancestors 'self' indiedb.com *.indiedb.com 1
default-src 'self' https://maps.googleapis.com https://*.clarity.ms https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://vc-service.saleago.com https://*.salesmanago.pl https://consentcdn.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://liveupdate.pimcore.org https://*.enea.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://*.g.doubleclick.net https://rec.quartic.pl https://*.clarity.ms https://*.googleadservices.com https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com https://*.adform.net https://fonts.googleapis.com https://*.salesmanago.pl https://*.cookiebot.com https://www.googletagmanager.com https://*.gstatic.com https://liveupdate.pimcore.org https://clients1.google.com https://www.google.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com https://cse.google.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com; img-src 'self' data: https://www.googletagmanager.com https://maps.googleapis.com https://*.bing.com https://*.clarity.ms https://*.gstatic.com https://*.g.doubleclick.net https://secure.sitebees.com https://*.analytics.google.com https://www.googletagmanager.com https://*.salesmanago.pl https://*.googlesyndication.com https://*.google-analytics.com https://*.google.com/generate_204 https://www.google.com https://fonts.googleapis.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self' https://www.youtube-nocookie.com; object-src 'self' https://*.enea.pl; child-src 'none'; frame-src 'self' https://*.youtube.com  https://cse.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://*.enea.pl https://www.youtube-nocookie.com https://www.google.com https://google.com; frame-ancestors 'self' 1
frame-ancestors degreed.com *.degreed.com *.degreed.dev 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://is-mmk.ru https://mmk.ru http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src 'none';script-src *.oktacdn.com 'SELF';style-src *.oktacdn.com *.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'SELF' 'UNSAFE-HASHES';connect-src *.avidsuite.com wss://login.avidsuite.com *.okta.com 'SELF';font-src *.gstatic.com *.oktacdn.com 'SELF';frame-ancestors 'SELF';img-src *.oktacdn.com *.avidxchange.net *.avidsuite.com *.okta.com data: 'SELF';form-action *.avidsuite.com https://api-PR01.devavidxcloud.com/SecPlat/SecAvid/avidauth/* *.okta.com 'SELF' *.avidxchange.net/InvoiceProcessor; 1
default-src 'self' data: https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.fleetdeck.io https://cognito-idp.us-west-2.amazonaws.com/ https://*.googleapis.com https://*.googlesyndication.com https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com https://*.doubleclick.net/ https://heapanalytics.com/ https://*.heapanalytics.com/ https://js.stripe.com/; script-src 'self' 'unsafe-inline' https://cognito-idp.us-west-2.amazonaws.com/ https://fonts.googleapis.com/ https://*.googleapis.com https://*.googlesyndication.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com https://googleads.g.doubleclick.net/ https://heapanalytics.com/ https://*.heapanalytics.com/ https://js.stripe.com/; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.cookiebot.com bam.nr-data.net cdn.jsdelivr.net js-agent.newrelic.com youtube.com codepen.io *.codepen.io *.hotjar.com polyfill.io; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google-analytics.com *.hotjar.com; frame-src 'self' blob: *.googletagmanager.com *.cookiebot.com *.youtube.com codepen.io *.hotjar.com player.vimeo.com; child-src 'self' blob: *.googletagmanager.com *.cookiebot.com *.youtube.com codepen.io *.hotjar.com player.vimeo.com; font-src 'self' data: script.hotjar.com; connect-src 'self' *.google-analytics.com bam.nr-data.net *.cookiebot.com *.hotjar.com wss://*.hotjar.com *.doubleclick.net; upgrade-insecure-requests 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.co.uk/report-uri/enforce 1
frame-ancestors https://*.farmerama.com https://*.facebook.com/ https://*.y8.com https://www.minijuegos.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://farmerama.jeja.pl/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunskor.com/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://kizi.com/ https://www.browsergames.de/ https://www.jeja.pl/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://www.kidsmmorpg.com/ https://www.xn--mmoparanios-9db.com/ https://farmerama.rtl.de/; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1
frame-ancestors careers.vib.com.vn 360bizverse.world my360bizverse.world bizverse.world onlinecard.vib.com.vn online2in1card.vib.com.vn 1
default-src 'self' https://yrjk5wm0ee-1.algolianet.com https://yrjk5wm0ee-2.algolianet.com https://yrjk5wm0ee-3.algolianet.com https://yrjk5wm0ee-dsn.algolia.net https://*.algolia.io https://*.algolia.net/ https://*.scaletrk.com  https://hotjar.com https://salesclix.net/ https://res.cloudinary.com/powerreviews/ https://ui.powerreviews.com/ https://t.powerreviews.com/ https://webchannel-content.eservice.emarsys.net/ https://cdn.taboola.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://*.sanborns.com.mx https://*.paypal.com/ https://pagead2.googlesyndication.com/ https://*.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://*.uniko.co/ https://*.instana.io/ https://seapi.sanborns.com.mx/ https://staticw2.yotpo.com/ https://*.yotpo.com/ https://resources.claroshop.com/ https://*.youtube.com https://*.flixfacts.com/ https://*.flixsyndication.net/ https://*.flixfacts.co.uk/ https://*.flixcar.com/ https://*.flix360.com/ https://*.go-mpulse.net https://s.go-mpulse.net https://pixel-sync.sitescout.com https://*.poder.io/ https://www.clima.com https://www.googletagmanager.com https://www.sanborns.com.mx https://resources.sanborns.com.mx https://*.zopim.io https://www.youtube.com https://staasobj-api.telmex.com https://staasobj-api.telmex.com https://*.online-metrix.net/ https://*.adsrvr.org https://*.doubleclick.net https://dsync.rlcdn.com https://*.facebook.com https://*.facebook.net https://*.gigya.com https://*.googleadservices.com  https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.com.mx https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://ib.adnxs.com https://*.jquery.com https://*.krxd.net https://*.pingdom.net https://*.scarabresearch.com https://*.thefancy.com https://*.wisepops.com https://*.criteo.com https://*.creativecdn.com https://*.zdassets.com  https://*.criteo.net https://checkout.payulatam.com https://graylog.hotjar.com:12443 wss://*.hotjar.com/ wss://*.zopim.com https://*.zopim.com https://web-sdk-cdn.singular.net https://analytics.tiktok.com https://api.claropagos.com https://loginclaro.com https://*.powerreviews.com data: 'unsafe-inline' 'unsafe-eval' 1
script-src *.bigcommerce.com *.mybigcommerce.com *.abtasty.com *.crazyegg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.doubleclick.net *.redditstatic.com *.extole.io *.affirm.com *.dynatrace.com *.facebook.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.lytics.io *.moatads.com *.monetate.net *.agkn.com *.cloudfront.net/waves/v3/w.js *.segmanta.com *.segment.com *.segment.io *.snapchat.com sc-static.net *.adsrvr.org *.yimg.com *.yahoo.com *.google.com *.ordergroove.com *.amazonaws.com *.ravenjs.com *.polyfill.io *.paypalobjects.com *.paypal.com *.getshogun.com *.braintreegateway.com *.bazaarvoice.com gillette.com *.gillette.com *.rpxnow.com *.mixpanel.com *.pinterest.com *.pype.tech *.jquery.com *.yotpo.com *.pgsitecore.com *.afterpay.com *.cookielaw.org *.tapad.com *.cloudfront.net *.attn.tv *.tiktok.com *.doubleclick.net *.pypestream.com *.gstatic.com pghub.io *.pghub.io *.googleads.g.doubleclick.net *.azure-api.net *.addrexx10.com addrexx11.com xxredda.s3.amazonaws.com sc-static.net *.tp88trk.com *.pinimg.com *.privy.com *.teads.tv *.upsellit.com *.lightboxcdn.com *.smile.io 'self' 'unsafe-eval' 'unsafe-inline' blob: ; object-src 'none'; frame-ancestors 'self'; 1
script-src 'nonce-b4aba1ff723569fbfa27f47ccfac2f1a' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self' edge.api.brightcove.com stats.g.doubleclick.net viz.tools.investis.com *.google-analytics.com *.google.com *.media.brightcove.com cdn.jsdelivr.net *.jquery.com *.googleapis.com *.hotjar.com *.hotjar.io  *.twitter.com  brightcove.hs.llnwd.net https://www.facebook.com *.investis.com tagmanager.google.com cdn.cookielaw.org privacyportal-eu.onetrust.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com geolocation.onetrust.com *.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com *.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com  *.googleadservices.com *.licdn.com *.doubleclick.net player.vimeo.com  *.jquery.com *.linkedin.com *.twitter.com *.miappi.com *.investis.com tagmanager.google.com *.bootstrapcdn.com cdn.cookielaw.org cdn.rawgit.com geolocation.onetrust.com https://sc.lfeeder.com/ https://staticcontents.investisdigital.com/ analytics.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com stackpath.bootstrapcdn.com p.typekit.net viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net  *.jquery.com *.investis.com tagmanager.google.com *.googletagmanager.com static.licdn.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com https://secure.brightcove.com *.media.brightcove.com  career5.successfactors.eu https://brightcove.hs.llnwd.net blob: data: https://manifest.prod.boltdns.net https://f1.cf.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com maps.google.com player.vimeo.com  *.doubleclick.net *.hotjar.com *.facebook.com   *.twitter.com *.miappi.com tagmanager.google.com cdn.cookielaw.org *.googletagmanager.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com cdn.jsdelivr.net *.bootstrapcdn.com use.typekit.net; connect-src 'self' 'unsafe-inline' cdn.linkedin.oribi.io *.google-analytics.com privacy.jti.com cdn.cookielaw.org maps.googleapis.com edge.api.brightcove.com stats.g.doubleclick.net viz.tools.investis.com geolocation.onetrust.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com/ https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com/ www.facebook.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com analytics.google.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com *.analytics.google.com *.google.com px.ads.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
report-uri https://m.namava.ir/CSPreports; script-src blob: data 'self' 'unsafe-eval' 'unsafe-inline' namava.ir *.namava.ir https://www.namava.tv www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://stats.g.doubleclick.net www.gstatic.com http://xslt.alexa.com http://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://www.google.com https://script.crazyegg.com http://script.crazyegg.com https://ssl.widgets.webengage.com https://c.webengage.com https://static.hotjar.com https://script.hotjar.com https://www.clarity.ms https://notification.webengage.com https://www.googleoptimize.com http://optimize.google.com https://optimize.google.com https://s3.amazonaws.com https://cdn.yektanet.com https://audience-scripts.yektanet.com https://s1.mediaad.org; object-src 'self' 1
default-src 'self' www.netzone.ch netzone.ch; child-src 'self' www.google.com; frame-src 'self' www.googletagmanager.com www.youtube.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com use.fontawesome.com www.googletagmanager.com www.gstatic.com www.google-analytics.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' use.fontawesome.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com; img-src data: 'self' www.google-analytics.com www.googletagmanager.com https://www.gstatic.com new.support.netzone.ch; report-uri https://hostparknetzone.uriports.com/reports/report; report-to default 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.poshmark.com *.goshd.com *.google.com *.google.co.in *.google.com.au *.google.ca *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googletagservices.com *.googleapis.com *.adyen.com *.braintreegateway.com *.paypal.com *.affirm.com *.hrzn-nxt.com *.twitter.com *.doubleclick.net *.simpli.fi *.clarity.ms *.moengage.com *.fullstory.com *.paylution.com poshmark.com adservice.google.com googletagmanager.com googletagservices.com checkout.razorpay.com www.paypalobjects.com appleid.cdn-apple.com tr.snapchat.com apps.rokt.com ci-mpsnare.iovation.com analytics.tiktok.com cdnjs.cloudflare.com e1.emxdgt.com cdn.siftscience.com bat.bing.com connect.facebook.net static.ads-twitter.com s.pinimg.com mpsnare.iesnare.com sc-static.net s.yimg.com d16xcrk5tx03ko.cloudfront.net dcwmmvz7ncr6t.cloudfront.net d2gjrq7hs8he14.cloudfront.net; connect-src 'self' data: wss://*.agora.io:*/ wss://*.sd-rtn.com:*/ *.agora.io *.sd-rtn.com *.poshmark.com *.goshd.com *.google.com *.google.com.au *.google.ca *.google.co.in *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.braintreegateway.com *.braintree-api.com *.razorpay.com *.paypal.com *.affirm.com *.adyen.com *.clarity.ms *.doubleclick.net *.snapchat.com *.facebook.com *.fullstory.com *.hrzn-nxt.com *.moengage.com *.paylution.com poshmark.com google.com googletagmanager.com mpsnare.iesnare.com advertisecast-108-adswizz.attribution.adswizz.com pixel.pointmediatracker.com rum-http-intake.logs.datadoghq.com api.greenhouse.io bat.bing.com connect.facebook.net analytics.tiktok.com s.yimg.com ct.pinterest.com d16xcrk5tx03ko.cloudfront.net dcwmmvz7ncr6t.cloudfront.net d2gjrq7hs8he14.cloudfront.net di2ponv0v5otw.cloudfront.net d2zlsagv0ouax1.cloudfront.net dtpmhvbsmffsz.cloudfront.net d1g0nxoa63qf2e.cloudfront.net dkfv87wda2om8.cloudfront.net d1t95xi9gz2nz7.cloudfront.net d8hs5twu0hcep.cloudfront.net d2vdl8n62y555t.cloudfront.net bulk-post-action-input-poshmark-prod.s3.us-west-2.amazonaws.com bulk-post-action-output-poshmark-prod.s3.us-west-2.amazonaws.com bulk-post-action-template-poshmark-prod.s3.amazonaws.com; frame-ancestors https://poshmark.lightning.force.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' https://alud.deusto.es https://biblioguias.biblioteca.deusto.es; 1
script-src-attr 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api.segment.io/ https://*.akstat.io/ https://prefmgr-cookie.truste-svc.net/ https://*.trustarc.com/ https://*.walkme.com/ https://*.go-mpulse.net/ https://cdn.segment.com/ https://*.tags.tiqcdn.com/ https://*.tealium.com/ https://*.tealiumiq.com/ https://*.ibm.com/ https://*.ajax.googleapis.com/ https://*.gstatic.com/ https://*.ice.ibmcloud.com/ https://www.google-analytics.com/ https://api.company-target.com/ https://bat.bing.com/ https://collect.tealiumiq.com/ https://*.akamaihd.net/ https://www.redditstatic.com/ https://*.doubleclick.net/ https://dbdm-events.mybluemix.net/ https://udc-neb.kampyle.com/ https://*.demdex.net/ https://*.medallia.eu/ https://*.s81c.com/ https://*.optimizely.com/ https://*.instana.io/; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://*.s81c.com/; frame-src 'self' https://*.trustarc.com/ https://*.ibm.com/ https://video.ibm.com/ https://www.youtube.com/ https://youtube.com/ https://*.medallia.eu/ https://*.demdex.net/ https://bid.g.doubleclick.net/ https://*.optimizely.com/ https://*.kaltura.com/; img-src 'self' data: https://*.tags.tiqcdn.com/ https://*.tealium.com/ https://*.tealiumiq.com/ https://analytics.twitter.com/ https://*.www.s81c.com/ https://alb.reddit.com/ https://bat.bing.com/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://id.rlcdn.com/ https://segments.company-target.com/ https://*.everesttech.net/ https://www.google.co.uk/ https://www.google.com/ https://www.google.ca/ https://*.ajax.googleapis.com/ https://*.gstatic.com/ https://*.trustarc.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kampyle.com/ https://*.medallia.eu/ https://login.ibm.com/ https://tags.tiqcdn.com/ https://*.tags.tiqcdn.com/ https://*.ibm.com/ https://*.ajax.googleapis.com/ https://*.gstatic.com/ https://*.s81c.com/ https://cdn.segment.com/ https://*.prefmgr-cookie.truste-svc.net/ https://*.doubleclick.net/ https://bat.bing.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.ads-twitter.com/ https://pixel.mathtag.com/ https://cdn.optimizely.com/ https://www.redditstatic.com/ https://*.tealium.com/ https://*.tealiumiq.com/ https://scripts.demandbase.com/ https://*.go-mpulse.net/ https://*.walkme.com/ https://*.optimizely.com/ https://*.instana.io/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.youtube.com/ https://*.ibm.com/; media-src 'self' https://*.ibm.com/ https://*.bluemix.net/ https://*.containers.appdomain.cloud/ https://watson-developer-cloud.github.io/; frame-ancestors 'self'; form-action 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; child-src 'self' https://consent.trustarc.com/ https://vars.hotjar.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.akstat.io/ https://*.cloud.ibm.com/ https://*.ibm.com/ https://*.optimizely.com/ https://*.tealiumiq.com/ https://*.trustarc.com/ https://*.www.s81c.com/ https://alb.reddit.com/ https://analytics.twitter.com/ https://api.segment.io/ https://api.company-target.com/ https://assets.kampyle.com/ https://bat.bing.com/ https://c.go-mpulse.net/ https://cache.globalcatalog.cloud.ibm.com/ https://cdn.optimizely.com/ https://cdn.segment.com/ https://cdn.walkme.com/ https://cloud.ibm.com/ https://*.everesttech.net/ https://collect.tealiumiq.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://dbdm-events.mybluemix.net/ https://dpm.demdex.net/ https://ec.walkme.com/ https://eum-blue-saas.instana.io/ https://eum.instana.io/ https://fast.appcues.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://googleads.g.doubleclick.net/ https://i.ytimg.com/ https://ibis.iad-03.braze.com/api/ https://ibm.demdex.net/ https://id.rlcdn.com/ https://id5-sync.com/ https://image6.pubmatic.com/ https://jnn-pa.googleapis.com/ https://www.kaltura.com/ https://lpcdn.lpsnmedia.net/ https://manage.softlayer.com/ https://match.adsrvr.org/ https://mediacenter.ibm.com/ https://md-scp.kampyle.com/ https://nebula-cdn.kampyle.com/ https://p.adsymptotic.com/ https://papi.walkme.com/ https://pixel.mathtag.com/ https://pixel.tapad.com/ https://play.google.com/ https://playerserver.walkme.com/ https://px.ads.linkedin.com/ https://resources.digital-cloud-ibm.medallia.eu/ https://s.go-mpulse.net/ https://s.go-mpulse.net/boomerang/ https://scripts.demandbase.com/ https://script.hotjar.com/ https://secure.video.ibm.com/ https://segments.company-target.com/ https://snap.licdn.com/ https://ssl.google-analytics.com https://static.ads-twitter.com/ https://static.doubleclick.net/ https://static.hotjar.com/ https://stats.g.doubleclick.net/ https://sync.crwdcntrl.net/ https://sync.go.sonobi.com/ https://t.co/ https://tags.tiqcdn.com/ https://test.cloud.ibm.com/ https://ubt-lb.digital-cloud-ibm.medallia.eu/ https://ubt.digital-cloud-ibm.medallia.eu/ https://udc-neb.kampyle.com/ https://use.typekit.net https://vars.hotjar.com/ https://video.ibm.com/ https://visitor-service-us-east-1.tealiumiq.com/ https://www.google.com/ https://www.google.ca/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.pagespeed-mod.com/ https://www.redditstatic.com/ https://www.youtube.com/ https://yt3.ggpht.com/ 'nonce-f045483b0fa3daa657bf33b627f58ed6'; report-to default 1
font-src 'self';media-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://www.googleadservices.com/ https://online2.superoffice.com/ https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com siteimproveanalytics.com https://static.hotjar.com https://script.hotjar.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://go.kantarmarketplace.com https://js-na1.hsforms.net https://js-eu1.hsforms.net https://js.hsforms.net https://7f346aea2e09467584ee8045e9295981.js.ubembed.com https://www.cognitoforms.com/; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ data: https://pixel.tapad.com/  https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/ *.siteimproveanalytics.io https://static.hotjar.com https://script.hotjar.com https://forms-eu1.hsforms.com https://imgsct.cookiebot.com; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com https://vars.hotjar.com https://www2.kantar-xtel.com https://www.cognitoforms.com/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com  https://script.hotjar.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com fonts.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.shop.pe shop.pe *.juicer.io *.cloudfront.net v2.zopim.com data: *.bootstrapcdn.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com www.facebook.com *.amazonaws.com *.juicer.io shop.pe *.kaltura.com *.nytrng.com nytrng.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com www.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.criteo.com assets.bounceexchange.com vars.hotjar.com bid.g.doubleclick.net www.facebook.com imgs.signifyd.com h.online-metrix.net vendor1.leasestation.com amc.demdex.net nsg.symantec.com www.youtube.com *.paypalobjects.com www.paypalobjects.com *.kaltura.com *.nytrng.com nytrng.com *.pinterest.com https://nl.fatquartershop.com https://widget.fbot.me *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com maps.gstatic.com *.gstatic.com *.google.com *.googletagmanager.com *.googleapis.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe *.fatquartershop.com pixel.voltn.com v2.zopim.com www.google.com www.google.co.in *.pinterest.com www.facebook.com *.cdnwidget.com u.cdnwidget.com bat.bing.com nsg.symantec.com events.bouncex.net pippio.com p.brsrvr.com connect.facebook.net imgs.signifyd.com www.googletagmanager.com events.cdnwidget.com api.bounceexchange.com googleads.g.doubleclick.net amc.demdex.net *.e.aa.online-metrix.net match.adsrvr.org yotpo-editor-production.s3.amazonaws.com *.cdninstagram.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms *.rqtrk.eu *.dynamicyield.com https://chat-assets.cdn.gladly.com https://chat-assets.cdn.gladly.qa data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cnstrc.com/js/cust/fat-quarter-shop_Orxy5R.js *.yotpo.com cdn.dnky.co webchat.dotdigital.com *.authorize.net maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com addshoppers.s3.amazonaws.com *.juicer.io *.traversedlp.com *.pinimg.com v2.zopim.com *.shop.pe shop.pe *.criteo.net *.criteo.com *.zdassets.com/ loader.wisepops.com *.cloudfront.net fatquartershop-com-dev.ecomm-nav.com connect.facebook.net vendor1.quickspark.com nsg.symantec.com script.crazyegg.com googleads.g.doubleclick.net bat.bing.com tag.bounceexchange.com assets.bounceexchange.com cdn.brcdn.com imgs.signifyd.com cdns.brsrvr.com bam.nr-data.net js-agent.newrelic.com mc.s10.exacttarget.com *.hotjar.com bam-cell.nr-data.net *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com www.youtube.com https://nl.fatquartershop.com *.rqtrk.eu *.clarity.ms https://static.fbot.me https://campaign.fbot.me *.dynamicyield.com *.zendesk.com https://cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa d2mjzob2nc713b.cloudfront.net fatquartershop.cdn1.safeopt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com *.google.com *.googletagmanager.com fonts.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe events.bouncex.net stats.g.doubleclick.net www.google-analytics.com *.cloudfront.net *.addshoppers.com *.bootstrapcdn.com *.kaltura.com *.nytrng.com nytrng.com *.staticw2.yotpo.com *.dynamicyield.com https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'unsafe-inline' data: 'unsafe-inline' blob: *.yotpo.com *.kaltura.com *.nytrng.com nytrng.com *.dynamicyield.com *.zdassets.com/ https://chat-sdk.cdn.gladly.com https://chat-sdk.cdn.gladly.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com webchat.dotdigital.com *.authorize.net https://www.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.shareasale.com *.shareasale-analytics.com shareasale.com shareasale-analytics.com bat.bing.com *.amazonaws.com *.juicer.io *.shop.pe shop.pe ekr.zdassets.com script.crazyegg.com *.pinterest.com stats.g.doubleclick.net wss: manager.eu.smartlook.cloud in.hotjar.com staging-core.dxpapi.com core.dxpapi.com imgs.signifyd.com bt.signifyd.com:11103 data.cdnbasket.net ids.cdnwidget.com pd.cdnwidget.com page.cdnbasket.net/ view.cdnbasket.net bam.nr-data.net vc.hotjar.io bam-cell.nr-data.net api.traversedlp.com *.paypal.com *.kaltura.com *.nytrng.com nytrng.com *.clarity.ms https://public.fbot.me *.dynamicyield.com *.zendesk.com zendesk-eu.my.sentry.io *.cnstrc.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/js/swiper.js https://*.gladly.com https://*.smooch.io https://d1fc8wv8zag5ca.cloudfront.net https://api.us-1.gladly.chat wss://ws.us-1.gladly.chat https://chat-assets.cdn.gladly.com https://chat-sdk.cdn.gladly.com https://api.us-uat.gladly.chat wss://ws.us-uat.gladly.chat https://chat-assets.cdn.gladly.qa https://chat-sdk.cdn.gladly.qa 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://kiwiirc.com ; style-src 'self' 'unsafe-inline'; img-src 'self' https://user-content.yiiframework.com https://www.gravatar.com http://www.gravatar.com data: ; child-src 'self' https://kiwiirc.com ; frame-src 'self' https://kiwiirc.com ; upgrade-insecure-requests ; 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: *.tchncs.de 1
report-uri https://61a2a0c6d94c62adb4e4fce3.endpoint.csper.io/?v=3;base-uri 'self';script-src 'self' 'unsafe-hashes' 'unsafe-eval' *.googletagmanager.com challenges.cloudflare.com ajax.googleapis.com 'sha256-0FCWPhbZCt7RFkTQezfZR5QVIyIU5iTTZg0vW+7CRh4=' 'sha256-zcmAmsf8+u3R/jdwe5kOGs/oLUd6tCMK+OVW0Tq7hlI=' 'sha256-J1kiaqtHc7+8hjT0XHr6ruFssy893AzLdWD87njpBtE=' 'sha256-6o0KmaiQJ+gl2GBQGniKrfQ0Ihq3JB83Mc86mtla1ww=' 'sha256-ve0WE7gNI/WvIT0QeZqkrHhL1LkHm7R3bTeL24kZwwA=' 'sha256-WX5lAdf8niz6n+76OT4AN25MZGGAcHm6ofSPP/WrrqQ=';frame-src 'self' challenges.cloudflare.com *.youtube.com youtube.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com fonts.bunny.net;style-src 'self' 'unsafe-inline' *.googleapis.com;img-src 'self' data: ui-avatars.com;object-src 'self' data: youtube.com *.youtube.com;manifest-src 'self';media-src 'self';default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com;worker-src 'none' 1
default-src 'self' *.esecuredata.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.esecuredata.com *.idig.net *.cloudflare.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.esecuredata.com *.fontawesome.com; img-src 'self' *.esecuredata.com *.idig.net *.google-analytics.com; font-src 'self' *.fontawesome.com 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-qC7ghMdhgBSVXTQP4I2EnivPsxxs0I' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' *.cloudacademy.com *.app.qa.com https://cloudacademycom.zendesk.com teams.microsoft.com *.teams.microsoft.com *.skype.com; object-src 'none'; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' cloudacademy.com app.qa.com *.cloudacademy.com *.app.qa.com https://www.googletagmanager.com https://js.usemessages.com https://js.hs-banner.com https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://www.google-analytics.com https://js-na1.hs-scripts.com https://www.googleadservices.com j.6sc.co  analytics.churnzero.net *.pendo.io cdn.mxpnl.com  bat.bing.com  js.hs-analytics.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://apis.google.com https://www.gstatic.com https://www.gstatic.cn gstatic.cn *.gstatic.cn https://www.recaptcha.net appleid.cdn-apple.com https://static.filestackapi.com  cdn.usersnap.com  api.usersnap.com https://api.ipify.org https://static.zdassets.com https://js.recurly.com https://www.youtube.com https://cloudacademy.disqus.com https://cdnjs.cloudflare.com https://app.hubspot.com  cdn.polyfill.io  static.zdassets.com https://cloudacademycom.zendesk.com p20.zdassets.com cdn.jsdelivr.net tags.srv.stackadapt.com load.sumo.com ssl.geoplugin.net js.hsforms.net js.hs-scripts.com forms.hsforms.com ajax.googleapis.com *.iubenda.com *.usersnap.com *.appcues.com optimize.google.com *.statuspage.io https://code.jquery.com *.googleapis.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/qi8Gs8qtNKqRobeK/delighted.js https://www.google.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.clarity.ms https://www.googleoptimize.com *.sleeknote.com https://js.storylane.io https://*.daily.co *.quantserve.com *.clickcease.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-ancestors 'self'; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 1
default-src 'self' https://*.teamcococdn.com;object-src 'self' blob:;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;;font-src https://fonts.gstatic.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ext.chtbl.com/ https://www.googletagmanager.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;img-src 'self' blob: data: https://idsync.rlcdn.com https://teamcoco.com https://d3uqdomqytryhw.cloudfront.net https://cdn.cookielaw.org ;media-src 'self' blob: data: https://d3uqdomqytryhw.cloudfront.net https://d2ex0v8bx17vi4.cloudfront.net https://*.teamcococdn.com https://chtbl.com https://*.simplecastaudio.com https://chrt.fm;worker-src 'self' 'unsafe-inline' * blob:;connect-src 'self' https://web.chtbl.com https://d3uqdomqytryhw.cloudfront.net https://www.google-analytics.com https://cdn.cookielaw.org https://d2ex0v8bx17vi4.cloudfront.net;frame-src 'self' data: https://privacyportal.onetrust.com https://docs.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d3uqdomqytryhw.cloudfront.net 1
default-src 'self' data: blob: http://*.iter.org https://*.iter.org; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.iter.org https://*.iter.org http://p.jwpcdn.com http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com http://*.facebook.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.twimg.com http://*.linkedin.com https://*.linkedin.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com http://*.google.com https://*.google.com https://*.google-analytics.com http://*.cloudflare.com https://*.dacast.com https://play.webvideocore.net https://s3.amazonaws.com https://*.reciteme.com https://*.googletagmanager.com; object-src 'self' https://player.dacast.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline' http://*.google.com https://*.google.com https://fonts.googleapis.com https://www.gstatic.com https://player.dacast.com https://*.microsoft.com https://*.reciteme.com https://*.dacast.com https://*.zencdn.net; img-src * data: blob:; frame-src 'self' http://*.iter.org https://*.iter.org http://*.youtube.com https://*.youtube.com https://*.google.com http://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://play.webvideocore.net https://*.issuu.com https://*.reciteme.com https://*.mapme.com; media-src blob: 'self' http://*.iter.org https://*.iter.org https://*.akamaihd.net  https://*.reciteme.com; font-src 'self' data: blob: http://*.iter.org https://*.iter.org https://player.dacast.com https://*.sharepointonline.com https://*.microsoft.com https://fonts.gstatic.com https://*.reciteme.com; worker-src blob: 'self' http://*.iter.org https://*.iter.org 1
child-src 'self' blob:; connect-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.perimeterx.net *.purpleportal.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.quantummetric.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com a02f69a90dstg.blob.core.windows.net ads01.groovinads.com api.bazaarvoice.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c.sspinc.io c0b535ed7astg.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com cdn.quantummetric.com content.jwplatform.com directline.botframework.com dw.wmt.co fitpredictor-api.sspinc.io gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ingest.quantummetric.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com secure.adnxs.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tps.doubleverify.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart-app.quantummetric.com walmart-sync.quantummetric.com walmart.sspinc.io wss://api.talkshop.live wss://directline.botframework.com wss://us.server.buywith.com wss://wm-converse-wss.dev.walmart.com wss://www-perf.walmart.com wss://www-stage.walmart.com wss://www-teflon.walmart.com wss://www.walmart.com www.facebook.com www.google.com www.gstatic.com zeekit.walmart.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantummetric.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; font-src 'self' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com fonts.gstatic.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com www.ezdia.com; frame-ancestors 'self' *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; frame-src 'self' *.1worldsync.com *.accenture.com *.affirm.com *.alldata.cashedge.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.countr.one *.digital-cloud.medallia.com *.eko.com *.fiservapps.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.one.app *.onefinance.com *.online-metrix.net *.quantummetric.com *.richcontext.com *.salsify.com *.shopstylecollective.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.vantivcnp.com *.vimeo.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com adclick.g.doubleclick.net app.collectivevoice.com app.collectivevoiceqa.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com content.jwplatform.com https://www-qa.walmart.com.mx ln-rules.rewardstyle.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwmpdscanoprod.z19.web.core.windows.net one.app.link photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com tpc.googlesyndication.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.google.com www.recaptcha.net; img-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.doubleverify.com *.flix360.com *.flix360.io *.geekseller.com *.imrworldwide.com *.kampyle.co *.kampyle.com *.ksckreate.net *.online-metrix.net *.paypal.com *.px-cdn.net *.px-cloud.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com 3d-qc.walmartimages.com 3d.walmartimages.com a.sellpoint.net a02f69a90dstg.blob.core.windows.net ad.doubleclick.net ads01.groovinads.com akamai.ksckreate.net aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c0b535ed7astg.blob.core.windows.net ccsprodus1.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com crtormassetmguseprod.blob.core.windows.net cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net data: dw.wmt.co gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ir.surveywall-api.survata.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net pixel.adsafeprotected.com player.cloudinary.com rackcdn.com res.cloudinary.com s0.2mdn.net salsify-ecdn.com secure.adnxs.com securepubads.g.doubleclick.net smedia.webcollage.net ssl.p.jwpcdn.com static.adsafeprotected.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tpc.googlesyndication.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart.ugc.bazaarvoice.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.gstatic.com; media-src *.1worldsync.com *.accenture.com *.akamaized.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.vimeo.com *.vimeocdn.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com a.sellpoint.net akamai.ksckreate.net assets-jpcust.jwpsrv.com assets.optiwise.ai blob: ca-media.contentanalyticsinc.com cc.cnetcontent.com cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn-azure.kwikee.com cdn.cnetcontent.com cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx images.salsify.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com vimeo.com ws.cnetcontent.com www.ezdia.com; object-src *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.px-cloud.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com cdn.quantummetric.com connect.facebook.net content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx ls.chatid.com maps.googleapis.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.recaptcha.net 'nonce-SyDe6N8ExTcsHunW'; style-src 'self' 'unsafe-inline' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.kampyle.com *.ksckreate.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com salsify-ecdn.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com walmart.sspinc.io ws.cnetcontent.com www.ezdia.com; worker-src 'self' blob:; report-uri https://csp.walmart.com/c/r/gl 1
frame-ancestors 'self' *.authorize.net *.centraldispatch.com; 1
default-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com 'unsafe-inline' 'unsafe-eval' blob: data: wss:; script-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' *.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com 'unsafe-inline' 'unsafe-eval' blob: data:; frame-src *; object-src 'none'; frame-ancestors 'self' *.ddev.site https://*.uni-bamberg.de 1
frame-ancestors 'self' https://hub.prosper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: http://freegeoip.net https://*.3lift.com https://*.adobedtm.com https://*.advertising.com https://*.casalemedia.com https://*.cloudfront.net https://*.connect.facebook.net https://*.contextweb.com https://*.demdex.net https://*.dotomi.com https://*.doubleclick.net https://*.flex.msn.com https://*.fls.doubleclick.net https://*.fonts.net https://*.foresee.com https://*.freegeoip.net https://*.github.io https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.heapanalytics.com https://*.impactradius-event.com https://*.impactradius-tag.com https://*.krxd.net https://*.neuro-id.com https://*.newrelic.com https://*.nr-data.net https://*.opendns.com https://*.optimizely.com https://*.plaid.com https://*.privacy-policy.truste.com https://*.prosper.com https://*.pubmatic.com https://*.rlcdn.com https://*.rundsp.com https://*.salesforceliveagent.com https://*.segment.com https://*.sharethis.com https://*.split.io https://*.static-resource.com https://*.trendmicro.com https://*.truste.com https://*.trustev.com https://*.typekit.net https://*.vo.msecnd.net https://*.walkme.com https://*.zdassets.com https://ajax.cloudflare.com https://api.direct.id/signalr/* https://api.microsofttranslator.com https://api.sprig.com/ https://assets.adobedtm.com https://bat.bing.com https://boards-api.greenhouse.io https://cdn.heapanalytics.com https://cdn.oncehub.com https://cdn.plaid.com https://cdn.split.io https://cdn.sprig.com/ https://cdncache-a.akamaihd.net https://cdnjs.cloudflare.com https://code.createjs.com/ https://connect.facebook.net https://flex.msn.com https://freegeoip.net https://gateway.zscaler.net https://gateway.zscalerone.net https://gateway.zscalerthree.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://h.online-metrix.net https://heapanalytics.com https://heatmap.services https://js-agent.newrelic.com https://maps.gstatic.com https://match.sync.ad.cpe.dotomi.com https://partners.cmptch.com https://prosper.evyy.net https://s.cmptch.com https://s3.amazonaws.com https://script.crazyegg.com https://seal.digicert.com https://seal.websecurity.norton.com https://tpc.googlesyndication.com https://track.neuro-id.com https://voe.novacredit.com/static/js/init.js https://widget-mediator.zopim.com https://widget.trustpilot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.pagespeed-mod.com https://unpkg.com/@optimizely/optimizely-sdk@3.5/dist/optimizely.browser.umd.min.js wss://api.direct.id/signalr/reconnect https://heatmap-events-collector.instapage.com https://g.fastcdn.co https://www.googleoptimize.com https://cdn.instapagemetrics.com https://*.wp.com https://yoast.com https://app.starred.com https://*.zenimpact.io; worker-src blob:; report-uri https://csp-reporting.prosper.com/publish-to-csp-reporting; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://a.quora.com https://analytics.twitter.com https://api.smooch.io https://bat.bing.com https://cdn.cookielaw.org https://cdn.paddle.com https://connect.facebook.net https://files.kdanmobile.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://partner.googleadservices.com https://player.vimeo.com https://qzonestyle.gtimg.cn https://s.yimg.com https://snap.licdn.com https://static.ads-twitter.com https://static.zdassets.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://web-static.preparing.kdanmobile.com https://web-static.kdanmobile.com;style-src 'unsafe-inline' 'self' https://s3.amazonaws.com https://fonts.googleapis.com https://api.tiles.mapbox.com https://cdn.paddle.com https://web-static.preparing.kdanmobile.com https://web-static.kdanmobile.com https://files.kdanmobile.com;base-uri 'self';connect-src 'self' https://a.gdt.qq.com https://analytics.google.com https://api.mapbox.com https://api.smooch.io https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://dp3.qq.com https://ekr.zdassets.com https://events.mapbox.com https://files.kdanmobile.com https://geolocation.onetrust.com https://kdanmobilesupport.zendesk.com https://pagead2.googlesyndication.com https://s.yimg.com https://stats.g.doubleclick.net https://www.google-analytics.com https://sandbox-vendors.paddle.com https://vendors.paddle.com wss://api.smooch.io/ https://cms.kdanmobile.com https://mail-center.preparing.kdanmobile.com https://mail-center.kdanmobile.com https://member-center.preparing.kdanmobile.com https://member-center.kdanmobile.com https://data-center.preparing.kdanmobile.com https://data-center-rails.kdanmobile.com https://license-center-preparing.kdanmobile.com https://license-center.kdanmobile.com https://sandbox-vendors.paddle.com https://vendors.paddle.com wss://api.smooch.io/ https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://web-static.preparing.kdanmobile.com http://member-center https://data-center-rails.kdanmobile.com https://license-center.kdanmobile.com https://mail-center.kdanmobile.com https://member-center.kdanmobile.com https://cms.kdanmobile.com https://www.kdanmobile.com www.kdanmobile.com https://creativestore.kdanmobile.com https://creativestore.kdan.cn https://www.dottedsign.com https://dottedsign.kdan.cn https://cloud.kdanmobile.com https://cloud.kdan.cn/zh-cn https://markups.kdanmobile.com https://anizone.kdanmobile.com https://anizone.kdan.cn https://www.inspod.io https://files.kdanmobile.com/kdan-website/pdf-downloads/PDFReader.dmg  https://files.kdanmobile.com/kdan-website/pdf-downloads/PDFReader_Setup.exe https://www.adnex.com.tw https://support.kdanmobile.com/hc/ https://docs.google.com/spreadsheets/d/1eYj0kzClzbmev2Lp4jvJVCyc30Mg_I0HJTEVn26dars/gviz/tq;font-src 'self' https://files.kdanmobile.com https://s3.amazonaws.com https://fonts.gstatic.com;frame-src *.google.com https://bid.g.doubleclick.net https://player.vimeo.com https://www.facebook.com https://www.youtube.com https://sandbox-create-checkout.paddle.com https://create-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com https://googleads.g.doubleclick.net https://maps.google.com https://td.doubleclick.net https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net;img-src * 'self' blob: data: data: https://a.gdt.qq.com https://accounts.zendesk.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms/c.gif https://cms.kdanmobile.com https://kdanmobilesupport.zendesk.com https://media.smooch.io https://p.adsymptotic.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://q.quora.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.tw;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self' 'unsafe-inline' data: blob: mediastream: filesystem:;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdn.callrail.com cdn.ampproject.org www.gstatic.com momentjs.com www.shopperapproved.com s3.amazonaws.com *.onestepgps.com *.track.onestepgps.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googlemaps.com *.chatra.io *.cdn.jsdelivr.net cdn.jsdelivr.net *.bing.com *.google.com *.mapbox.com *.owlcam.com *.ravenconnected.com *.cloudflare.com *.vuetifyjs.com *.polyfill.io *.virtualearth.net *.braintreegateway.com *.paypal.com *.paypalobjects.com *.stripe.com *.featurebase.app *.authorize.net https://accounts.google.com/gsi/client *.youtube-nocookie.com *.youtube.com https://snap.licdn.com/ https://cdn.mouseflow.com/ https://*.cookiebot.com/ alcdn.msauth.net; worker-src 'self' blob: ; 1
default-src *;child-src https:;font-src * data:;img-src * data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:;frame-ancestors 'self' https://*.stetson.edu 1
frame-ancestors 'self' https://*.losrios.edu https://crc-losrios.libapps.com https://crc-losrios.libwizard.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acfun.tv https://*.acfun.cn http://*.acfun.cn http://*.aixifan.com https://*.aixifan.com wx.qq.com *.gifshow.com *.yximgs.com *.kuaishou.com http://*.etoote.com https://*.etoote.com fonts.gstatic.com at.alicdn.com cdnjs.cloudflare.com translate.googleapis.com http://fanyi.youdao.com fonts.googleapis.com http://*.aixifan.com data: blob: chrome-extension: ms-appx-web:;font-src 'self' 'unsafe-inline' * data: blob: http: https: safari-extension: chrome-extension:;img-src * data: blob: http: https: android-webview-video-poster:;media-src * data: blob: http: https: android-webview-video-poster: chrome-extension: ms-appx-web:;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.acfun.cn https://*.acfun.cn http://*.yximgs.com https://*.yximgs.com *.acfun.tv *.gifshow.com *.kuaishou.com https://*.aixifan.com http://*.aixifan.com http://*.acfun.cn https://*.acfun.cn https://*.bfdcdn.com http://*.bfdcdn.com hm.baidu.com a.alipayobjects.com http://res.wx.qq.com https://res.wx.qq.com open.mobile.qq.com tjs.sjs.sinajs.cn cdnjs.cloudflare.com translate.google.com translate.google.cn translate.googleapis.com http://fanyi.youdao.com www.pagespeed-mod.com blob: data: chrome-extension:;connect-src 'self' * http: https: wss: data: blob: chrome-extension:;frame-src 'self' https://*.kuaishou.com http://fanyi.youdao.com *.acfun.cn https://*.acfun.cn http://*.acfun.cn jsbridge: bdvideo: sinaweibo: qqvideo: blob:;form-action 'self' *.acfun.cn http://*.acfun.cn https://*.acfun.cn;report-uri https://csplog.kuaishou.com/log/acfun 1
frame-ancestors 'self' https://mail.google.com chrome-extension://fcinnggknmdfkilogcndkgpojpfojeem;     style-src 'self' 'unsafe-inline' http://*.hiver.space/css/app.css https://cdn.hiverhq.com https://cdnjs.cloudflare.com https://rsms.me https://a.omappapi.com    https://hiverhq.com https://use.typekit.net/pbs3hxh.css https://web-sdk.aptrinsic.com     https://p.typekit.net/p.css https://fonts.googleapis.com https://static.olark.com https://js.chilipiper.com https://static.zohocdn.com https://webfonts.zoho.com; 1
default-src 'self' fonts.gstatic.com *.helpcrunch.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; font-src 'self' fonts.gstatic.com *.helpcrunch.com *.seranking.com data: *; connect-src *; base-uri 'self'; worker-src *; manifest-src 'none'; media-src 'self'; img-src 'self' data: *; object-src 'self'; frame-src 'self' *; form-action 'self' *.seranking.com *.facebook.com *.hsforms.com *.highcharts.com; 1
default-src 'self' https://api-prd.oss.go.id/ https://api-dev.oss.go.id/ https://203.114.226.150/ http://54.255.49.148/ *.uat.ossmigration.app *.ossmigration.app *.oss.go.id *.bkpm.go.id *.google-analytics.com *.youtube.com https://noembed.com https://cdn.plyr.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com https://assets.zendesk.com https://connect.facebook.net *.uat.ossmigration.app *.ossmigration.app *.oss.go.id *.bkpm.go.id http://me.kis.v2.scr.kaspersky-labs.com *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net; img-src 'self' data: blob: https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com *.uat.ossmigration.app *.ossmigration.app *.oss.go.id *.bkpm.go.id *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com http://me.kis.v2.scr.kaspersky-labs.com *.jsdelivr.net *.uat.ossmigration.app *.ossmigration.app *.oss.go.id *.bkpm.go.id; font-src 'self' https://themes.googleusercontent.com *.gstatic.com *.jsdelivr.net; frame-src 'self' *.google.com https://gistaru.atrbpn.go.id https://satupeta.kkp.go.id https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com *.uat.ossmigration.app *.ossmigration.app *.oss.go.id *.bkpm.go.id *.youtube.com https://www.youtube-nocookie.com/ data: blob:; object-src 'self' https://gistaru.atrbpn.go.id/rtronline/ https://gistaru.atrbpn.go.id/rdtrinteraktif/ https://satupeta.kkp.go.id/gis/apps/webappviewer *.gistaru.atrbpn.go.id *.satupeta.kkp.go.id data: *.gistaru.atrbpn.go.id *.satupeta.kkp.go.id 1
default-src 'self' cdn.register.to www.trustedsite.com cdn.ywxi.net 'unsafe-eval' www.facebook.com s3-us-west-2.amazonaws.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.gstatic.com fonts.googleapis.com www.google.com connect.facebook.net apis.google.com js.stripe.com accounts.google.com www.bitpay.com bitpay.com www.googletagmanager.com https://register.to; object-src 'unsafe-inline' https://register.to; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' www.google-analytics.com https: data:; connect-src 'unsafe-inline' www.google-analytics.com https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' seal.digicert.com cdnjs.cloudflare.com cdn.register.to tld.register.to cdn.ywxi.net seal.websecurity.norton.com www.trustedsite.com www.google.com cdn.datatables.net s3-us-west-2.amazonaws.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.gstatic.com fonts.googleapis.com connect.facebook.net apis.google.com js.stripe.com accounts.google.com www.bitpay.com bitpay.com www.googletagmanager.com https://register.to; style-src 'unsafe-inline' s3-us-west-2.amazonaws.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.gstatic.com fonts.googleapis.com www.google.com connect.facebook.net apis.google.com js.stripe.com accounts.google.com www.bitpay.com bitpay.com www.googletagmanager.com cdnjs.cloudflare.com cdn.datatables.net https://register.to; manifest-src 'self' cdn.register.to 'unsafe-eval' s3-us-west-2.amazonaws.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.gstatic.com fonts.googleapis.com www.google.com connect.facebook.net apis.google.com js.stripe.com accounts.google.com www.bitpay.com bitpay.com www.googletagmanager.com https://register.to; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://talkdeskchatsdk.talkdeskapp.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 1
frame-ancestors 'self' https://live.thomassabo.com 1
default-src 'none'; connect-src 'self' *.mebmarket.com *.readawrite.com www.facebook.com *.google-analytics.com *.analytics.google.com 1827855842.rsc.cdn77.org hytextsereader.s3-ap-southeast-1.amazonaws.com www.booksmilemeb.com aumento.officemate.co.th; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mebmarket.com www.googletagmanager.com connect.facebook.net *.google-analytics.com apis.google.com maps.googleapis.com www.google.com www.gstatic.com cdn.jsdelivr.net platform.twitter.com appleid.cdn-apple.com; img-src * data: blob:; style-src 'self' 'unsafe-inline' *.mebmarket.com fonts.googleapis.com; frame-src *; media-src 'self' *.mebmarket.com; font-src 'self' fonts.gstatic.com *.mebmarket.com; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com hcaptcha.com js.stripe.com mrkp-static-production.themarkup.org; style-src 'self' 'unsafe-inline' mrkp-static-production.themarkup.org https://use.typekit.net/bkw5wqf.css; img-src 'self' data:  mrkp-static-production.themarkup.org; font-src 'self' data: mrkp-static-production.themarkup.org; frame-src 'self' *.hcaptcha.com js.stripe.com datawrapper.dwcdn.net; connect-src 'self'  mrkp-static-production.themarkup.org forms.themarkup.org *.api.themarkup.org *.maptiler.com; media-src blob:  mrkp-static-production.themarkup.org; worker-src blob: 1
frame-ancestors 'self' https://*.examus.net https://*.student.examus.net https://*.openedu.ru https://*.hse.ru/ always 1
default-src 'self'; media-src filestore.aqa.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aqa.org.uk www.brighttalk.com webservices.data-8.co.uk www.googleadservices.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com static.hotjar.com script.hotjar.com in.hotjar.com *.clickdimensions.com platform.twitter.com analytics.twitter.com static.ads-twitter.com cdn.syndication.twimg.com ssl.p.jwpcdn.com *.doubleclick.net www.youtube.com www.google.com syndication.twitter.com *.linkedin.com *.licdn.com euwa.puzzel.com api.puzzel.com connect.facebook.net geolocation.onetrust.com cdn-ukwest.onetrust.com; style-src 'self' 'unsafe-inline' *.aqa.org.uk platform.twitter.com ton.twimg.com www.youtube.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com privacyportal-cdn.onetrust.com; img-src 'self' data: *.aqa.org.uk analytics.twitter.com platform.twitter.com syndication.twitter.com *.twimg.com t.co www.google.com www.google.co.uk *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.gstatic.com ssl.gstatic.com jwpltx.com *.doubleclick.net i.ytimg.com www.youtube.com yt3.ggpht.com static.hotjar.com script.hotjar.com *.linkedin.com *.licdn.com www.facebook.com cdn-ukwest.onetrust.com; font-src 'self' data: *.aqa.org.uk ssl.p.jwpcdn.com fonts.gstatic.com fonts.googleapis.com script.hotjar.com privacyportal-cdn.onetrust.com; form-action 'self' syndication.twitter.com platform.twitter.com *.clickdimensions.com;  connect-src 'self' *.aqa.org.uk *.googlevideo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.youtube.com *.google-analytics.com *.analytics.google.com www.google.com www.google.co.uk *.linkedin.com pagead2.googlesyndication.com api.pdflayer.com api.puzzel.com *.doubleclick.net webservices.data-8.co.uk *.onetrust.com; object-src 'none';  child-src omny.fm syndication.twitter.com platform.twitter.com vars.hotjar.com www.youtube.com *.linkedin.com *.licdn.com; frame-src www.brighttalk.com omny.fm syndication.twitter.com platform.twitter.com vars.hotjar.com www.youtube.com www.youtube-nocookie.com *.linkedin.com *.licdn.com *.doubleclick.net api.puzzel.com; upgrade-insecure-requests; frame-ancestors 'none'; base-uri 'none'; 1
frame-ancestors 'self' https://www.emjcd.com https://www.googletagmanager.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' static.trunkpkg.com www.googletagmanager.com apis.google.com accounts.google.com *.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn *.cnnd.vn vscc-hosting.mediacdn.vn platform.twitter.com connect.facebook.net  www.google-analytics.com cdn.syndication.twimg.com *.sohatv.vn media1.admicro.vn chinhphu.vn *.chinhphu.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn static.amcdn.vn deqik.com imasdk.googleapis.com ; child-src 'self' *.cnnd.vn *.mediacdn.vn *.vnpt.vn *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com www.google-analytics.com apis.google.com accounts.google.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn ; form-action 'self' *.cnnd.vn syndication.twitter.com platform.twitter.com; object-src 'self'; media-src 'self' blob: *.sohatv.vn *.qltns.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn ; 1
default-src 'self'; script-src 'self' *.googleadservices.com cdn1.rainlocal.com analytics.tiktok.com *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com tagmanager.google.com www.googletagmanager.com maps.googleapis.com *.segmint.net *.bizographics.com cdn.timetrade.com *.youtube.com *.linkedin.com *.facebook.net *.facebook.com *.krxd.net *.bugherd.com *.trustarc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:  *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.gstatic.com i.ytimg.com jwpltx.com products.gobankingrates.com *.facebook.com *.krxd.net *.agkn.com *.depositaccounts.com *.bugherd.com *.trustarc.com *.cloudfront.net; connect-src 'self' maps.googleapis.com us.personalcard.net analytics.tiktok.com uat.serversidegraphics.com www.google-analytics.com analytics.google.com *.g.doubleclick.net *.segmint.net *.krxd.net *.bugsnag.com *.pusher.com *.hawksearch.net *.hawksearch.com; child-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; frame-src 'self' *.youtube.com player.vimeo.com tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net *.appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net *.bugherd.com *.trustarc.com; font-src 'self' data: uat.serversidegraphics.com fonts.googleapis.com fonts.gstatic.com; report-uri /csp-report.do 1
frame-ancestors 'self' https://*.bbva.com.co https://qa-bbva-cells-files.s3.amazonaws.com https://dev-bbva-cells-files.s3.amazonaws.com 1
block-all-mixed-content; frame-ancestors 'self' *.tpa.com *.umr.com *.uhis.com *.uhc.com *.optum.com *.werally.com; 1
frame-ancestors 'self' https://research-studio.messari.io https://marketing-studio.messari.io https://storybook.messari.io 1
default-src 'none'; script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline'; object-src 'none'; font-src 'self'; frame-ancestors 'none';base-uri 'self';form-action 'self';img-src 'self' data: https://i.ytimg.com https://img.youtube.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de 1
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src * 'unsafe-inline'; connect-src * https://consentcdn.cookiebot.com; font-src *; frame-src * https://consentcdn.cookiebot.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newyorker.de *.blob.core.windows.net www.googletagmanager.com www.google-analytics.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: *.newyorker.de fonts.googleapis.com hello.myfonts.net use.typekit.net; font-src 'self' data: *.newyorker.de fonts.gstatic.com; connect-src 'self' *.newyorker.de www.google-analytics.com region1.google-analytics.com region1.analytics.google.com *.googleapis.com *.doubleclick.net; 1
frame-ancestors 'self' www.elsiglodetorreon.com.mx www.elsiglodedurango.com.mx tar.mx elsiglo.mx localhost http://localhost el.siglo.mx 1
frame-ancestors 'self' www.asadventure.com dam.asadventuregroup.com preview.asadventure.com campaign.asadventure.com asadventure.com product001.asadventure.com product002.asadventure.com product003.asadventure.com product004.asadventure.com ; 1
frame-ancestors misaq.me 1
frame-ancestors 'self' https://*.nwea.org; 1
default-src 'none'; script-src 'self' https://in.getclicky.com https://in.getclicky.co https://www.googleadservices.com https://static.getclicky.co https://pi.pardot.com https://connect.facebook.net https://static.getclicky.com https://info.anchor.com.au https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.ne https://www.googletagmanager.com https://code.jquery.com https://widget.trustpilot.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://analytics.formstack.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google.com.au https://www.facebook.com https://www.google.com https://secure.gravatar.com https://members.panthur.com.au https://www.google-analytics.com data: 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://widget.trustpilot.com/ https://player.vimeo.com; style-src 'self' https://use.typekit.net https://p.typekit.net https://static.formstack.com 'unsafe-inline'; font-src 'self' https://netdna.bootstrapcdn.com https://widget.trustpilot.com https://use.typekit.net https://static.formstack.com data: blob: 'unsafe-inline'; object-src 'self'; connect-src 'self' https://in.getclicky.com https://www.google-analytics.com https://yoast.com; 1
'nonce-Za8aAJ5l6f0r5d4Z2y5yKwAAAFA';frame-ancestors 'self' bbh.com bbhluxembourgfunds.com bbhfunds.com brightcove.com brightcove.net *.bbh.com *.eglobalcustody.com; 1
default-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ privacyportal-de.onetrust.com https://abancawt.infobolsa.es https://abancawt.bmeinntech.es *.2o7.net *.omtrdc.net *.tt.omtrdc.net https://assets.adobedtm.com *.adobe.com smetrics.abanca.com metrics.abanca.com smetrics.cuentasclaras.es metrics.cuentasclaras.es target.abanca.com target.cuentasclaras.com https://c.bing.com *.clarity.ms *.mouseflow.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com www.googletagmanager.com cdn.cookielaw.org code.jquery.com cstatic.weborama.fr www.google-analytics.com www.googleadservices.com static.ads-twitter.com bat.bing.com connect.facebook.net analytics.twitter.com googleads.g.doubleclick.net optimize.google.com platform.twitter.com cdn.syndication.twimg.com tagmanager.google.com ssl.google-analytics.com www.google.com az416426.vo.msecnd.net geolocation.onetrust.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://cdn.tt.omtrdc.net https://activitymap.adobe.com *.opinator.com cloud.weborama.design sdk.inbenta.io acdn.adnxs.com resources.digital-cloud.medallia.eu https://c.bing.com *.clarity.ms *.kampyle.com *.medallia.eu opticksprotection.com analytics.tiktok.com *.mouseflow.com;style-src 'self' 'unsafe-inline' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com cdn.cookielaw.org optimize.google.com cdn.abanca.io platform.twitter.com *.twimg.com tagmanager.google.com https://cdn.tt.omtrdc.net sdk.inbenta.io *.kampyle.com y *.medallia.eu;img-src 'self' *.doubleclick.net *.abanca.io *.googlesyndication.com inbenta.com static-or00.inbenta.com llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net insight.adsrvr.org cdn.abanca.io data: t.co bat.bing.com www.google.com www.google.es www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com i.ytimg.com optimize.google.com *.staticflickr.com *.staticflickr.com syndication.twitter.com *.twimg.com platform.twitter.com contenidos.infobolsa.es contenidos.bmeinntech.es ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net tbl.tradedoubler.com *.blob.core.windows.net staticcdn.ald-automotive.es cdn.cookielaw.org https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.omtrdc.net smetrics.abanca.com metrics.abanca.com smetrics.cuentasclaras.es metrics.cuentasclaras.es target.abanca.com target.cuentasclaras.com scene7.com *.clarity.ms *.opinator.com *.adnxs.com *.kampyle.com y *.medallia.eu opticksstatic.com *.mouseflow.com;media-src 'self' www.abanca.io inbenta.com static-or00.inbenta.com cdn.abanca.io;font-src 'self'  *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.gstatic.com abanca.inbenta.com cdn.abanca.io cdn.inbenta.io *.kampyle.com y *.medallia.eu *.mouseflow.com;frame-src 'self' *.doubleclick.net www.youtube-nocookie.com llamamegratis.es mediadiamondes.solution.weborama.fr optimize.google.com www.facebook.com maps.google.com www.google.com www.youtube.com platform.twitter.com syndication.twitter.com w.soundcloud.com bid.g.doubleclick.net *.fls.doubleclick.net https://*.demdex.net esredegal1.solution.weborama.fr https://activitymap.adobe.com/ *.opinator.com *.kampyle.com y *.medallia.eu *.mouseflow.com;connect-src 'self' *.googlesyndication.com *.abanca.io api.abanca.com www.google-analytics.com *.infobolsa.es *.bmeinntech.es suite.conver.fit privacyportal-de.onetrust.com api-stratos-test.azurewebsites.net aldesmarvin.blob.core.windows.net dc.services.visualstudio.com api-stratos.aldes.io api-stratos-sbx.aldes.io cdn.cookielaw.org stats.g.doubleclick.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.omtrdc.net smetrics.abanca.com wf.frontend.weborama.fr ams3.digitaloceanspaces.com api.inbenta.io *.clarity.ms api-gce2.inbenta.io cookies-data.onetrust.io *.kampyle.com y *.medallia.eu region1.google-analytics.com region1.analytics.google.com opticksprotection.com analytics.tiktok.com cdp.abanca.com cdpdev.abanca.com maps.googleapis.com *.mouseflow.com;base-uri 'self';child-src 'self' *.mouseflow.com;object-src 'none' 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usap.gov platform.twitter.com dap.digitalgov.gov script.crazyegg.com cdn.syndication.twimg.com www.google-analytics.com;           object-src 'self';           child-src 'self' platform.twitter.com syndication.twitter.com www.youtube.com;           font-src 'self' fonts.gstatic.com;           frame-ancestors 'self';           frame-src 'self' *.brightcove.net nsf.widen.net platform.twitter.com 1
frame-src 'self' https://webbanalys.sfa.se https://web103.reachmee.com syndication.twitter.com platform.twitter.com www.google.com kassakollen.forsakringskassan.se foraldrakollen.forsakringskassan.se idpx.forsakringskassan.se www.youtube.com https://player.vimeo.com https://vimeo.com; img-src 'self' https://i.vimeocdn.com data: *; frame-ancestors 'self' https://webbanalys.sfa.se; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webbanalys.sfa.se/matomo/ https://webstats.forsakringskassan.se/matomo/ cdn.syndication.twimg.com platform.twitter.com https://www.statenssc.se vimeo.com https://web103.reachmee.com https://www.youtube.com https://gate1.forsakringskassan.se; connect-src 'self' https://statusmisi.forsakringskassan.se https://webstats.forsakringskassan.se https://nominatim.openstreetmap.org https://gate1.forsakringskassan.se 1
frame-ancestors 'self' https://*.millerslab.com 1
default-src 'none'; manifest-src 'self'; block-all-mixed-content; script-src blob: 'unsafe-eval' 'self'  'sha256-yncIbcQfbYpCq9nMq0d/URlqSIe+S31QOX4BmINZ3Io='  'unsafe-hashes' 'sha256-jJJvaWOyl57hawC02EwzDSe11HiWvzVtBBCoQ0qkoGw='  https://www.nm.eurocontrol.int https://cdn.datatables.net/plug-ins/ https://www.podbean.com https://public.tableau.com https://www.facebook.com https://www.facebook.com/plugins https://embedr.flickr.com https://embedr.flickr.com/photosets  https://widgets.flickr.com https://widgets.flickr.com/embedr 'sha256-aCvRIQ79zbEtvxwsqDbuavE4Sa35jGPLpcm4Y1yIUA0=' 'sha256-+rek90ye0pNpgI9NHUEejFZBbphUhG4Ha4P59AV6wWQ=' 'sha256-1G/weVjTk7/ouNbzQqySLHp36khZ/NfhzMrEMdS+3jg=' 'sha256-AD1VEx4mZGvZs4OFmFIvaJ9xpX5GnOTyxai0N14SasI=' 'sha256-Ldpbi6tNF865jghu0MiJHytgdIMXG/OVbWJidazIn7U=' 'sha256-pBkEWvlT4DkFNvvZ6Sls2RdiScijJx1c5s2lNM2Wdis=' 'sha256-YG9BwL1EPc854DNcn2YrPlkbUgY6MWfZKGnTul3SToU=' 'sha256-8JAaWc0FyOaPEbW084HkI+kcAZIQgNJOWoGK88wXVHA=' 'sha256-cygJKeVVub/LvCRU2u/2YhNlex667F4LlDT83HXG32M=' 'sha256-CAmWaFWBNmaIng2dnML/wQwmprtW6prDAARxBgpYuJ8=' 'sha256-oS3+rhHJWnwhzKzzbcA4drxjnCV66+uTuE9NYUt3bSI=' 'sha256-vG9TjfPORtEpbNsJiO6FuxYPWCDtl5J5EkuvJ26Oeck=' 'sha256-NSCQtSf9JY7c6GY+1e/BtKR4uA6JP5Ycmab562/xfzQ=' 'sha256-/rlK6lg8ouxdI1EUu2AcvCBohT7S+8njxaR8nHiSBgg=' 'sha256-xu9j4PBUu4nLmn8H8RvMJBmACcXl71AUbHdy8zLXfJk=' https://widgets.flickr.com/embedr/embedr-47ad26da5deade67d472950b12c94b6c.js 'sha256-+/lsZ5PuHAlSRVO8+q99o/T1COfHbgMFxqi+LV8nh7I=' 'sha256-YG9BwL1EPc854DNcn2YrPlkbUgY6MWfZKGnTul3SToU=' https://stats.eurocontrol.int https://cdnjs.cloudflare.com/ajax/libs/proj4js/ https://public.flourish.studio https://stats.eurocontrol.int/matomo.php https://stats.eurocontrol.int/matomo.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js  https://app.everviz.com 'sha256-CFPNGLBANUFhOL1M8jVvaU3fAdQlYtiwLugJcvT0Q9Y=' 'sha256-+aqVCS7el7iEYu9CC99LCerjjC2XgHVTSqklMsnHL6Q=' 'sha256-JAzQx1TyATh4RS10s1IVWGekoUoE6eBa+EvAkFNFEoc=' 'sha256-Ldp1bYm1oaInD+T+RF+mi0h0juAVBnWoTk2SpeX57TY=' 'sha256-BCuoofgqs/vwfGQstfOhJ0zbIZrDKagsBtgJ48ZgqrA=' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://portal.nsv.eurocontrol.int https://int-api.nsv.eurocontrol.int https://platform.twitter.com https://cdn.syndication.twimg.com/tweets.json https://cloud.highcharts.com https://code.highcharts.com https://cdn.jsdelivr.net/npm/@observablehq/runtime@5/dist/  https://cdn.jsdelivr.net/npm/  https://api.observablehq.com/@d3/  https://www.google-analytics.com/analytics.js https://widgets.flickr.com/embedr/embedr-47ad26da5deade67d472950b12c94b6c.js  'sha256-lo5pCHEyR7zw0Fv/9OPzHd9JmEbFbnHNvzKAFG+lWvE='  'sha256-Kngrz9Ilvv3CQjit46yUszV386XjLR4SlBXCyk6d7n4=' ; connect-src 'self' https://int-api.nsv.eurocontrol.int https://stats.eurocontrol.int https://www.facebook.com https://www.facebook.com/plugins https://embedr.flickr.com https://widgets.flickr.com https://embedr.flickr.com/photosets https://widgets.flickr.com/embedr/ https://widgets.flickr.com/embedr https://widgets.flickr.com/embedr/embedr-47ad26da5deade67d472950b12c94b6c.js https://live.staticflickr.com https://stats.g.doubleclick.net https://cloud-api.highcharts.com/chart/ https://spreadsheets.google.com https://www.google-analytics.com https://region1.google-analytics.com https://cdn.jsdelivr.net/npm/  https://api.everviz.com/; img-src data: 'self' https://stats.eurocontrol.int https://api.maptiler.com https://syndication.twitter.com https://platform.twitter.com https://www.google-analytics.com https://pbs.twimg.com https://stats.g.doubleclick.net https://public.flourish.rocks https://www.facebook.com https://www.facebook.com/plugins https://live.staticflickr.com https://www.google.com/ads/ https://www.google.be/ads/ https://www.google.fr/ads/; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.jsdelivr.net/npm/  https://cdn.jsdelivr.net/npm/@observablehq/inspector@5/dist/  https://cdn.jsdelivr.net/npm/@observabLehq/runtime@5/dist/  https://cdn.jsdelivr.net/npm/@observablehq/runtime@5/dist/  https://api.observablehq.com/  https://api.observablehq.com/@d3/  https://app.everviz.com https://cloud.highcharts.com/fonts/; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src 'self' https://www.google.com https://platform.twitter.com https://flo.uri.sh https://app.powerbi.com https://www.facebook.com https://www.facebook.com/plugins https://www.googletagmanager.com https://anchor.fm https://public.tableau.com https://www.podbean.com https://eurocontrol-conferences.webex.com https://www.nm.eurocontrol.int https://syndication.twitter.com https://webto.salesforce.com https://www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https://app.everviz.com/fonts/ https://app.everviz.com/resources/layouts/ https://app.everviz.com/static/fonts/ https://cloud.highcharts.com/fonts/; object-src 'self'; media-src *; base-uri 'self' 1
script-src 'nonce-ezHqM64xoRjtXOr/Oor0Gg==' 'unsafe-inline' 'strict-dynamic' https: 'report-sample'; object-src 'none'; base-uri 'none' 1
script-src 'self' https://*.googletagmanager.com 'nonce-5351108162844659b66cbd2455f6ee2a'; object-src 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 1
frame-ancestors 'self' *.washburn.edu www.washburnlaw.edu www.washburntech.edu d2l.washburn.edu experience-test.elluciancloud.com experience.elluciancloud.com  mulvaneartmuseum.org; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.sheerid.com https://*.truefitcorp.com https://adservice.google.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://app.acuityscheduling.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://cfjump.lululemon.com.au https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.acuityscheduling.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://lantern.roeyecdn.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://o4503962274299904.ingest.sentry.io https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://smetrics.lululemon.com.au https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.cfjump.com https://t.teads.tv https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.com.au https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 1
frame-ancestors 'self' stablediffusionweb.com *.stablediffusionweb.com *.blackmagic.cc blackmagic.cc; 1
default-src 'none';                         script-src 'self' 'unsafe-inline' 'unsafe-eval' pi.pardot.com *.mountain.com use.typekit.net code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com widgets.omnilert.net www.gstatic.com www.googleadservices.com connect.facebook.net admissions.setonhill.edu siteimproveanalytics.com googleads.g.doubleclick.net cdn.livechatinc.com pixel.mathtag.com secure.livechatinc.com www.google-analytics.com sjs.bizographics.com *.google.com *.addthis.com *.moatads.com *.addthisedge.com api.livechatinc.com snap.licdn.com www.dafdirect.org;                         connect-src 'self' 'unsafe-inline' shualumni.setonhill.edu orthodontics.setonhill.edu news.setonhill.edu cdc.setonhill.edu performance.typekit.net www.googleadservices.com www.google.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com analytics.google.com *.doubleclick.net;                         img-src https: data: about:;                         style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com www.dafdirect.org;                         font-src 'self' 'unsafe-inline' data: use.typekit.net;                         manifest-src 'self';                         frame-src 'self' www.matchinggifts.com www.youtube.com www.facebook.com *.doubleclick.net pixel.mathtag.com setonhill.secure.force.com setonhill.my.salesforce-sites.com secure.livechatinc.com *.google.com setonhill.tfaforms.net *.soundcloud.com omny.fm *.addthis.com; 			media-src https: data:; 1
script-src 'self' hydro.com cdn.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com analytics.google.com connect.facebook.net consent.cookiebot.com *.hydro.com embedr.flickr.com js.monitor.azure.com js.pagestrip.com pi.pardot.com polyfill.io s.emea01.idio.episerver.net snap.licdn.com widget.websitevoice.com widgets.flickr.com https://tagmanager.google.com googletagmanager.com youtube.com consentcdn.cookiebot.com google-analytics.com googleads.g.doubleclick.net code.highcharts.com 9793371.fls.doubleclick.net youtube-nocookie.com dc.services.visualstudio.com/v2/track https://www.googletagmanager.com https://www.google-analytics.com https://api.emea01.idio.episerver.net https://maps.googleapis.com https://www.youtube.com https://siteimproveanalytics.com https://www.buzzsprout.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com cdn.linkedin.oribi.io tools.eurolandir.com https://code.jquery.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net;script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://analytics.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://cdn.amplitude.com https://script.hotjar.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://ds-images.prod.telemetr.io data: https:;connect-src 'self' https://grpc-gw.prod.telemetr.io https://graphql.new.telemetr.io wss://graphql.new.telemetr.io https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://static.hotjar.com https://cdn.amplitude.com https://api2.amplitude.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://www.facebook.com;font-src 'self';object-src 'none'; 1
default-src 'self' *.commonsense.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.commonsense.org https://js-agent.newrelic.com bam.nr-data.net https://bam.nr-data.net *.google-analytics.com https://www.googletagmanager.com https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com https://static.cloudflareinsights.com https://insitez.blob.core.windows.net *.bugherd.com *.pusher.com https://v.fastcdn.co https://g.fastcdn.co *.instapage.com *.instapagemetrics.com; style-src 'self' 'unsafe-inline' *.commonsense.org https://fonts.googleapis.com https://www.googletagmanager.com *.google-analytics.com https://optimize.google.com ; img-src 'self' data: *.commonsense.org https://d2hralswu9lj8u.cloudfront.net *.google-analytics.com https://www.googletagmanager.com https://cdn-ukwest.onetrust.com https://fonts.gstatic.com https://bam.nr-data.net https://optimize.google.com https://www.gstatic.com https://d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com https://v.fastcdn.co *.instapage.com *.instapagemetrics.com h5p.org; media-src 'self' https://dlza6g8e6iucb.cloudfront.net https://d1pmarobgdhgjx.cloudfront.net https://video.commonsense.org https://video.commonsensemedia.org/ https://s3.amazonaws.com/video.commonsensemedia.org/ https://static.cloudflareinsights.com; frame-src 'self' *.commonsense.org https://service.mtcaptcha.com https://service2.mtcaptcha.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://optimize.google.com https://www.google.com https://www.youtube.com https://d1pmarobgdhgjx.cloudfront.net  *.bugherd.com; font-src 'self' data: *.commonsense.org https://fonts.gstatic.com https://d2hralswu9lj8u.cloudfront.net https://s3.amazonaws.com; connect-src 'self' *.commonsense.org https://bam.nr-data.net *.google-analytics.com https://analytics.google.com https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://www.googletagmanager.com https://geolocation.onetrust.com *.cloudflareinsights.com https://feedback.informizely.com *.pusher.com sessions.bugsnag.com *.bugherd.com https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com https://d.fastcdn.co/submissions; report-uri /report-csp-violation; upgrade-insecure-requests 1
connect-src 'self' *.boltdns.net *.google-analytics.com *.fullstory.com/ *.qualtrics.com *.brightcove.net/ *.akamaihd.net/ *.facebook.com/ https://maps.googleapis.com/ *.doubleclick.net api.levelaccess.net/ *.jotform.com https://analytics.google.com/ *.brightcove.com/ *.svc.dynamics.com http://manifest.prod.boltdns.net *.analytics.google.com participants.evolv.ai https://www.google.com/ ;default-src 'self' 'unsafe-eval' 'unsafe-inline' ;font-src 'self' 'unsafe-inline' data: *.gstatic.com https://vjs.zencdn.net/ *.jotfor.ms/ ;frame-ancestors 'self' *.wellstar.org/ ;frame-src 'self' *.doubleclick.net *.facebook.com/ *.erexpress.com/ *.wellstar.org/ *.jotform.com https://bbox.blackbaudhosting.com/ *.brightcove.net/ *.svc.dynamics.com *.gstatic.com https://www.google.com/ ;img-src 'self' data: https://fonts.gstatic.com *.boltdns.net https://bbox.blackbaudhosting.com/ https://www.googletagmanager.com https://www.google.com/ *.facebook.com/ *.gstatic.com *.google-analytics.com *.jotfor.ms/ *.jotform.com *.doubleclick.net https://maps.googleapis.com/ *.brightcove.com/ https://flask.nextdoor.com *.svc.dynamics.com *.brightcove.net/ *.akamaihd.net/ *.analytics.google.com *.fullstory.com/ *.googleapis.com https://adservice.google.com ;media-src 'self' 'unsafe-inline' 'unsafe-eval' *.akamaihd.net/ blob: *.brightcovecdn.com *.boltdns.net *.brightcove.com/ *.llnw.net *.llnwd.net *.akafms.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bbox.blackbaudhosting.com/ https://www.google.com/ https://www.googletagmanager.com https://maps.googleapis.com/ *.gstatic.com *.google-analytics.com https://www.googleadservices.com/ https://www.youtube.com/  https://s.ytimg.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://connect.facebook.net/ *.fullstory.com/ *.erexpress.com/ https://code.jquery.com/ *.doubleclick.net *.qualtrics.com *.brightcove.net/ *.jotform.com *.jotfor.ms/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/ cdn.levelaccess.net/ https://ads.nextdoor.com/public/pixel/ndp.js mktdplp102cdn.azureedge.net *.googleapis.com https://adservice.google.com unpkg.com s.qa.wellstar.org ;style-src 'self' 'unsafe-inline' https://bbox.blackbaudhosting.com/ *.jotfor.ms/ *.googleapis.com *.brightcove.net/ participants.evolv.ai s.qa.wellstar.org ; 1
default-src https:; script-src 'unsafe-eval' 'unsafe-inline' https://hitbtc.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://*.doubleclick.net https://platform.twitter.com https://*.geetest.com  https://static.sumsub.com https://heatherkyc.stagingstuff.com https://posthog.hitbtc.com; img-src 'self' https: data: blob: https://hitbtc.com; font-src https: data:; frame-src https: blob: https://hitbtc.com; media-src https:; object-src https:; child-src 'none'; style-src 'unsafe-inline' https: https://hitbtc.com; connect-src data: https://*:* wss://*:*; frame-ancestors 'self'; worker-src 'self' blob: ; 1
frame-ancestors 'self' https://*.onfido.com/ 1
default-src 'self' enza.fun *.enza.fun;script-src 'self' 'strict-dynamic' enza.fun *.enza.fun www.googletagmanager.com *.google-analytics.com www.youtube.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-a705fb1ea55378fad1cc48255c1f799a';connect-src 'self' enza.fun *.enza.fun wss://*.enza.fun https://s3.ap-northeast-1.amazonaws.com/image.enza.fun sentry.io www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org;style-src 'self' enza.fun *.enza.fun www.googletagmanager.com fonts.googleapis.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-a8613ff67818ae13c184649d745e70a3';style-src-attr 'unsafe-inline';img-src 'self' data: blob: enza.fun *.enza.fun www.googletagmanager.com *.gstatic.com www.google-analytics.com *.twitter.com *.twimg.com cdn.cookielaw.org i.ytimg.com;font-src 'self' data: enza.fun *.enza.fun fonts.gstatic.com;base-uri 'none';frame-src 'self' www.youtube.com www.youtube-nocookie.com playervspf.channel.or.jp *.twitter.com;frame-ancestors 'self' *.enza.fun;report-uri https://o126865.ingest.sentry.io/api/6090357/security/?sentry_key=72dd0c1600ad4cbf844296391bb68898;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' secure.jpay.com; 1
frame-ancestors 'self' mutinyHq_1.0 https://app.mutinyhq.com;; upgrade-insecure-requests 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.saxo.com *.saxodev.com storefront.saxo.localhost *.exponea.com https://*.googleapis.com *.doubleclick.net *.nr-data.net *.google-analytics.com *.taboola.com *.matomo.cloud *.bing.com *.facebook.com *.facebook.net *.google.com *.google.ie *.dixa.io *.yimg.com *.bog.nu *.nr-data.net *.cookiebot.com *.azurewebsites.net *.azureedge.net *.adt659.com *.youtube.com *.viabill.com *.issuu.com *.vimeo.com *.cloudfront.net *.quicklizard.com *.quantserve.com *.yahoo.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.partner-ads.com *.jquery.com *.jquery.com http://jqueryui.com https://github.com *.w3.org *.newrelic.com https://adtr.io *.polyfill.io *.postnord.com *.postnord.dk https://schema.org *.ups.com *.dao.as *.swipbox.com *.trackmytrakpak.com *.richrelevance.com *.heylink.com; 1
default-src 'none';base-uri 'none';connect-src 'self' https://speedtoost.pixelinc.workers.dev https://speedtest.kagi.workers.dev https://kagi.com https://*.kagi.com/ https://*.mapbox.com/ https://*.hereapi.com/ https://en.wikipedia.org/* https://*.apple-mapkit.com/ https://gsp10-ssl.ls.apple.com https://static.midomi.com https://*.googleapis.com https://*.gstatic.com;font-src 'self' https://*.kagi.com/ https://kagi.com data:; form-action 'self' https:;frame-src 'self' https://*.kagi.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/; frame-ancestors 'none';img-src 'self' localhost:* https://*.apple-mapkit.com/ https://*.kagi.com/ http://static.soundhound.com https://upload.wikimedia.org https://kagifeedback.org https://*.gstatic.com https://*.googleapis.com https://www.paypalobjects.com/ http://www.wolframcdn.com/* data: blob:; media-src 'self' https://kagifeedback.org https://*.kagi.com/; style-src 'self' https://*.kagi.com/ https://static.midomi.com 'unsafe-inline'; worker-src 'self' https://*.kagi.com/ blob:;child-src 'self' https://*.kagi.com/ blob:;object-src 'none';script-src 'strict-dynamic' 'nonce-QP9eQTGzfwUIf7xdxC7n_A' 'unsafe-inline' https://*.kagi.com ; 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://secure.helpscout.net https://api.ipify.org https://www.google-analytics.com https://www.google-analytics.com/collect https://www.googletagmanager.com https://script.google.com/ https://script.googleusercontent.com/ https://stats.g.doubleclick.net/ https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net/v2/beacon/ https://beaconapi.helpscout.net/v1/ https://rum-http-intake.logs.datadoghq.com/v1/input/ https://api.omise.co/ https://omise.co/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://graph.facebook.com; font-src 'self' data: https://assets.omise.co https://assets.staging-omise.co https://cdn.omise.co https://fonts.gstatic.com https://fonts.googleapis.com; form-action *; frame-ancestors https://www.googletagmanager.com/ https://www.google.com/ https://assets-cdn.omise.co/ https://cdn.omise.co/ https://vault.omise.co/ https://www.youtube.com/ https://stackedit.io/; frame-src https://www.googletagmanager.com/ https://www.google.com/ https://omisepayment.typeform.com/ https://form.typeform.com/ https://cdn.omise.co/ https://assets-cdn.omise.co/ https://vault.omise.co/ https://www.youtube.com/ https://stackedit.io/ https://www.facebook.com/; img-src data: *; media-src 'self'; object-src 'self' https://assets-cdn.omise.co/ https://cdn.omise.co/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.omise.co https://assets-cdn.omise.co https://assets.staging-omise.co https://cdn.omise.co https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/ https://d3hb14vkzrxvla.cloudfront.net https://s.yimg.jp/ https://b91.yahoo.co.jp https://b97.yahoo.co.jp https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net/v1/ https://chatapi.helpscout.net/v2/beacon/ https://s.yimg.jp/images/listing/tool/cv/conversion.js https://embed.typeform.com/embed.js https://www.datadoghq-browser-agent.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/; style-src 'self' 'unsafe-inline' https://assets.omise.co https://assets-cdn.omise.co https://assets.staging-omise.co https://cdn.omise.co https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'self' 'unsafe-inline' https:; img-src data: https: blob:; font-src data: 'self' https:; object-src 'none'; form-action https:; frame-ancestors 'self' *.jionews.com jionews.com *.jio.ril.com jionewsdev1.jio.ril.com pie.news staging.pie.news *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
img-src * 'self' https: 'unsafe-eval' data: https://*.transcend.io/* https://*.mutinycdn.com/* https://*.mutinyhq.io/* https://*.mutinyhq.com/* https://*.qualified.com/* https://*.wistia.com/* http://splashthat.com/* http://*.marketo.net/* http://*.6sc.co/* https://app.qualified.com/ https://sync.transcend.io/ https://vercel.live/ https://www.youtube.com/ http://668-yxh-576.mktoweb.com/ https://cdn.transcend.io/ https://splashthat.com/ http://splashthat.com/ http://munchkin.marketo.net/ wss://ws.qualified.com/ https://client-registry.mutinycdn.com/ http://668-yxh-576.mktoresp.com https://videos.ctfassets.net/ wss://ws7.hotjar.com/ wss://ws-us3.pusher.com/ https://events.rm-api.com/ https://app.mutinyhq.com/; frame-ancestors 'self' https://app.mutinyhq.com/; 1
script-src https: 'unsafe-inline' 'unsafe-eval' https://mindtickle.com blob:; object-src 'none'; 1
default-src 'none'; connect-src 'self' https://api.vndb.org; img-src *; script-src https://*.vndb.org; style-src 'unsafe-inline' https://vndb.org https://*.vndb.org; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.jurist.org http://*.jurist.org 1
frame-ancestors https://*.process.st https://*.process.test:* 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://bat.bing.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.zohocdn.com https://*.zoho.com https://*.zoho.eu https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://*.licdn.com https://*.kiflo.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; worker-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.zohocdn.com https://*.googleapis.com; img-src 'self' data: https://www.adminbyrequest.com https://bat.bing.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.zohopublic.com https://*.zohopublic.eu https://*.zohocdn.com https://*.zoho.com https://*.youtube.com https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://fasttracksoftware.zendesk.com https://*.zdusercontent.com https://secure.gravatar.com https://licensing.aioseo.com https://cdn.shortpixel.ai; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.zoho.eu https://*.zoho.com https://*.zohopublic.eu https://*.zohopublic.com wss://vts.zohopublic.eu wss://vts.zohopublic.com https://*.hubspot.com https://*.hubapi.com https://*.kiflo.com https://*.googleapis.com https://*.oribi.io https://cdn.linkedin.oribi.io https://*.google-analytics.com https://cdn.jsdelivr.net; font-src 'self' data: https://*.zohocdn.com https://*.gstatic.com; frame-src 'self' https://www.youtube.com https://*.gstatic.com https://*.google.com https://*.zohopublic.eu/ https://*.zohopublic.com/ https://*.hubspot.com https://posimyththemes.com; media-src https://*.zohocdn.com; 1
upgrade-insecure-requests; default-src 'none'; script-src 'strict-dynamic' 'nonce-0kw4BOZZqofJ5bQmglNWNPHgO9cWZ6gg' 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.dev www.googletagmanager.com plausible.io *.plausible.io player.vimeo.com; connect-src 'self' sentry.io *.sentry.io *.sentry.dev reload.getsentry.net vimeo.com plausible.io *.plausible.io; img-src 'self' sentry.io *.sentry.io data: *.sentry.dev sentry-blog.storage.googleapis.com www.googletagmanager.com i.vimeocdn.com images.ctfassets.net; style-src 'self' 'unsafe-inline' *.sentry.dev; media-src 'self' videos.ctfassets.net; font-src 'self' *.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com demo.arcade.software recaptcha.google.com www.google.com; manifest-src 'self' *.sentry.dev; base-uri 'none'; frame-ancestors *.sentry.io; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline' 'unsafe-eval'; frame-src * 'self' https://t.sharethis.com/ https://map.concept3d.com/ 1
report-uri https://www.truemoney.com 1
frame-ancestors 'self' *.vanillasoft.net vanillasoft.net; 1
default-src 'self' *.digital.nuance.com; script-src 'self' 'unsafe-inline' wurfl.io *.clarity.ms *.bing.com *.giosg.com turbo.qualaroo.com https://inpref.s3.amazonaws.com *.cookielaw.org *.digital.nuance.com *.clickdimensions.com https://ajax.googleapis.com https://d2cicjhlyizi9b.cloudfront.net https://d2wzl9lnvjz3bh.cloudfront.net https://*.elisa.fi https://*.pingdom.net http://connect.facebook.net *.lfeeder.com https://*.hotjar.com *.googletagmanager.com *.adform.net *.google-analytics.com https://*.licdn.com https://*.conductrics.com https://s3.amazonaws.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com https://*.elisa.fi; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * data: 'self'; font-src 'self' data: https://fonts.gstatic.com https://static.elisa.fi; connect-src 'self' wurfl.io *.clarity.ms *.giosg.com api.ipify.org privacyportal-de.onetrust.com cdn.cookielaw.org geolocation.onetrust.com elisa-prod2.pegacloud.net *.hotjar.com googleads.g.doubleclick.net wss://*.hotjar.com www.google.com https://rum-collector-2.pingdom.net *.clarity.ms https://in.hotjar.com https://inpref.com https://*.elisa.fi https://stats.g.doubleclick.net https://www.google-analytics.com; media-src * 'self'; frame-src 'self' *.giosg.com *.facebook.com *.soundcloud.com https://*.inpref.com https://*.youtube.com https://youtu.be https://*.hotjar.com https://dntcl.qualaroo.com; manifest-src 'self' 1
report-uri https://nplindia.org 1
frame-ancestors https://liveshopping.gerryweber.com 1
default-src 'self'; object-src 'none'; base-uri 'none'; script-src 'self' 'nonce-56cb19d54521d270bcd600c8cc55e6f4' 'strict-dynamic'; style-src 'self' 'nonce-56cb19d54521d270bcd600c8cc55e6f4' https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-hashes' 'sha256-4/2nIlfwIVTJ1+JcNQ6LkeVWzNS148LKAJeL5yofdN4='; font-src 'self' https://fonts.gstatic.com https://web-commons.pystatic.com https://stg-web-commons.pystatic.com https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' *.pystatic.com https://images.deliveryhero.io https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com *.googletagmanager.com data:; connect-src 'self' https://*.perimeterx.net https://*.ingest.sentry.iO https://sentry-v2.peya.app https://us-client.fwf.deliveryhero.net https://maps.googleapis.com https://www.google-analytics.com https://sdk.iad-01.braze.com https://pagespeed.deliveryhero.net https://perseus-stg.deliveryhero.net https://perseus.deliveryhero.net https://o4504046939799552.ingest.sentry.io https://ampcid.google.com https://ampcid.google.co.cl https://ampcid.google.co.ar https://ampcid.google.co.bo https://ampcid.google.co.pa https://ampcid.google.co.py https://ampcid.google.co.uy https://ampcid.google.co.ve https://ampcid.google.co.ec https://ampcid.google.co.gt https://ampcid.google.co.cr https://ampcid.google.co.sv https://ampcid.google.co.ni https://ampcid.google.co.do; frame-src 'self' 'strict-dynamic'; frame-ancestors *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com unpkg.com www.googletagmanager.com www.googleadservices.com *.hotjar.com load.sumo.com static.ads-twitter.com snap.licdn.com connect.facebook.net js.hs-scripts.com v2.zopim.com pulsate.agilecrm.com api.bufferapp.com graph.facebook.com api.facebook.com widgets.pinterest.com reddit.com www.reddit.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net static.zdassets.com googleads.g.doubleclick.net *.google.com *.gstatic.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.atlantichealth.org *.adobedtm.com *.blackbaud.com *.blackbaudcdn.net *.blackbaudhosting.com *.coveo.com *.marketo.com *.marketo.net c212.net cdn.c212.net bat.bing.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net js.adsrvr.org platform.twitter.com rules.quantcount.com secure.quantserve.com siteimproveanalytics.com static.ads-twitter.com www.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com www.googletagmanager.com www.gstatic.com www.youtube.com; object-src 'self' *.atlantichealth.org *.youtube.com; frame-ancestors 'self'; 1
default-src 'self' *.afterpay.com *.squarecdn.com *.afterpay-beta.com *.polyfill.io *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.squarecdn.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; style-src 'self' 'unsafe-inline' *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; font-src *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; frame-src *.everesttech.net *.squarecdn.com *.afterpay.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com  *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; worker-src   blob: *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; img-src 'self' data: *.everesttech.net *.afterpay.com *.squarecdn.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; script-src-elem 'unsafe-inline' 'unsafe-hashes' *.polyfill.io *.afterpay.com *.squarecdn.com hbiq.net *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.polyfill.io *.centerwellpharmacy.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv; connect-src wss://hoover.foresee.com https://hoover.foresee.com *.afterpay.com *.squarecdn.com *.amplitude.com *.afterpay-beta.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com  *.salesforce.com   *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; 1
upgrade-insecure-requests; default-src 'self' data: blob: *.nitropack.io *.nitrocdn.com nitroscripts.com *.wpenginepowered.com *.insent.ai *.ceros.com *.conduentassets.com *.googleapis.com *.marketo.com *.googletagmanager.com *.addthis.com *.twitter.com *.google-analytics.com *.airpr.com *.demandbase.com *.bing.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.rlcdn.com *.rfihub.net *.rfihub.com t.co *.company-target.com *.doubleclick.net *.facebook.com *.google.com *.conduent.com *.mookie1.com *.wpenginepowered.com *.cdntwrk.com yoast.com *.adnxs.com *.ytimg.com *.gravatar.com s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.getnitropack.com nitropack.io *.nitropack.io *.nitrocdn.com cdn.linkedin.oribi.io wss://*.hotjar.com data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com cdn.linkedin.orbio.io *.rlcdn.com *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adnxs.com *.jquery.com *.twitter.com *.cloudflare.com yoast.com *.dstillery.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co *.intercom.io wss://*.intercom.io 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' data: *.nitrocdn.com *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.wpenginepowered.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.ceros.com *.hotjar.com *.d41.co; script-src 'self' blob: *.nitrocdn.com *.nitropack.io nitroscripts.com *.zoominfo.com *.googleoptimize.com *.insent.ai *.ceros.com *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.wpenginepowered.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co *.jsdelivr.net *.intercom.io *.intercomcdn.com *.helpscout.net 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.nitrocdn.com; worker-src 'self' blob: *.nitrocdn.com; font-src 'self' data: fonts.gstatic.com *.nitrocdn.com *.nitroscripts.com *.nitropack.io *.getnitropack.com *.cdntwrk.com *.intercomcdn.com; 1
default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content 1
frame-ancestors 'self' *.ebu.ch; 1
frame-ancestors 'none'; frame-src 'self' https://connect.getvero.com https://airtable.com https://www.youtube.com https://calendly.com; 1
frame-ancestors 'self' https://bancaporinternet.bbva.pe  https://pidetutarjeta.bbva.pe https://tarjetas.bbva.pe https://cuentas.bbva.pe https://prestamos.bbva.pe https://extranetperu.grupobbva.pe 1
frame-ancestors 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://rotterdam.ddev.site *.expoints.nl/ https://gemeenterotterdam1.expoints.nl; default-src 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.expoints.nl/; img-src 'self' data: https://backend-dvg.rotterdam.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://mijn.test.virtuele-gemeente-assistent.nl https://www.toegankelijkheidsverklaring.nl https://www.instagram.com *.readspeaker.com https://syndication.twitter.com https://6006165.global.siteimproveanalytics.io *.siteimproveanalytics.io *.expoints.nl/; connect-src 'self' https://backend-dvg.rotterdam.nl https://test.virtuele-gemeente-assistent.nl wss: ws: https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl wss://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl api.scribit.pro *.readspeaker.com https://open.spotify.com/ https://soundcloud.com/ https://www.iheart.com/ https://api.deepl.com/v2/translate https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; font-src 'self' data: *.readspeaker.com *.ionicframework.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; frame-src 'self' https://backend-dvg.rotterdam.nl https://sts.rotterdam.nl https://sts.rotterdam.nl https://gemeenteraad.rotterdam.nl sdk.companywebcast.com https://www.instagram.com https://*.issuu.com/ https://kaartlaag.rotterdam.nl *.youtube-nocookie.com *.vimeo.com https://open.spotify.com/ https://w.soundcloud.com/ https://www.iheart.com/ *.readspeaker.com https://syndication.twitter.com https://platform.twitter.com https://*.expoints.nl; media-src 'self' *.readspeaker.com; child-src 'self' https://sts.rotterdam.nl https://sts.rotterdam.nl blob: *.youtube-nocookie.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://www.instagram.com *.scribit.pro www.youtube.com *.readspeaker.com https://platform.twitter.com https://siteimproveanalytics.com/js/siteanalyze_6006165.js https://platform.instagram.com/en_US/embeds.js https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://mijn.test.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl *.readspeaker.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src-attr 'unsafe-hashes' 'sha256-AF+AAZ9Z3mmKmwFbsDCVEPWGt4PySG8V/PpVNVjxb7o=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-KpSV7LuPYEu58+3u9LJr9v5Drm0uIKEv0h3u/+NVNm8=' 'sha256-8ilcya6PJ2mDcuNFfcZaaOL85o/T7b8cPlsalzaJVOs=' 'sha256-B0sREGwikShC0TA+wCLpD2QdDs7Vy9DLG5cPvTs5IMs=' 'sha256-sYkIODYA//1iY7apXtEv7hNGrtmrXBZmwaFZXFXwSsY=' 'sha256-NaWwnJevOrXydjfjT5eD6vnm2WLvJ7KP0dgSFSYKB5E=' 'sha256-tdB3YxIFeeJqr15OAav25tSJ0jbfU0q9ZZLH/xvb2fI=' 'sha256-FFltmHwlADhUUYXpvgRFf4b2XDafcpXpK6a1Her3XFo=' 'sha256-dMefF46gjIdjjnuydP6Nr7gaWbMNzFCuKLQDzFCj3q0=' 'sha256-mO93q4arg7Xz1Iq05lBuCfzcjH/7HiLQQiCBh6k8uDQ=' 'sha256-wUayk64gTwRA2mCqIET4wdFPL0If6hWLQdga4fFS4vo=' 'sha256-psFse5qnRHGZKcguuRInwkIEE+KAbKYXLcZN8oBR6So=' 'sha256-bWFcIHUkv3S/q++XC09SmQ2JDZLOeqduIJ4Fh3j6py8=' 'sha256-l6khRnjaVBZm7Z9S5+A/4ZrRnU7hBbTAGeVNTXpAbwU=' 'sha256-bdu4XjKR3UPx1iS23kdTkPKNFgazBeVTbuxYqEp0DYc=' 'sha256-iSenMpxWneYIQn8oj45JKUrqalowUP37Grx9qYBk71U=' 'sha256-7Buq1vYNyuCqzL1qi1GDgIjjEI9dRccdIAbriq90CJg=' 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' 'sha256-+sWhfTcZSG7XrsT61RI144ba9rE54ohM2kU43W6Do4U=' 'sha256-V7Nfgc45dEPdMpv+C9eGLuNDdx1lqLWBvD21n/nTbnw=' 'sha256-Di1xujw891gUw2f4Dcl3e05ECLSB4DK5RmDJ02qCl+M=' 'sha256-TCR4SO0z8m2yl2c09FRxJPfIIC+cCTD2Pt4vFHYdozA=' 'sha256-Syi3PbGJutUnGOw/+0uuur8vO6rKGQK3uinG2NAdSLQ=' 'sha256-VPHc/7xBTnzQ2w/c21rl9vrJzKimAyHBFGe1sS0x4dQ= sha256-FIxAmhlquL19XlaBA+iSyXXJ/LwRQNfL4iJxYNitGV8='; 1
script-src 'nonce-QJY1RD7gKychNt5vABl+Fw==' 'self' mc.webvisor.com mc.webvisor.org an.yandex.ru yastatic.net storage.mds.yandex.net 'unsafe-eval' 'unsafe-inline' *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net *.2mdn.net *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com cdn.ampproject.org www.googletagmanager.com *.betweendigital.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws fundingchoicesmessages.google.com *.hippoobox.com sdk.crazygames.com *.yandex.com *.yandex.net *.yandex.ru ya.ru yandex.com yandex.ru yandex.st yastat.net *.yandex.com yandex.com; style-src 'unsafe-inline' yastatic.net 'self' 'unsafe-eval' *.googleapis.com yandex.st yastat.net *.yandex.net; img-src data: *.games.s3.yandex.net 'self' mc.webvisor.com mc.webvisor.org mc.admetrica.ru android-webview-video-poster: avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru *.verify.yandex.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru *.cpmstar.com cookie.lmgssp.com *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net *.2mdn.net *.360yield.com *.criteo.com *.criteo.net *.google.com *.googleadservices.com *.googlesyndication.com *.googleusercontent.com *.gstatic.com *.pubmatic.com ap.lijit.com www.googletagmanager.com pbs.cpmstar.com server.cpmstar.com ib.adnxs.com match.sharethrough.com pixel.rubiconproject.com *.betweendigital.com *.smartadserver.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws fundingchoicesmessages.google.com *.googleapis.com discordapp.com googleapis.com platform-lookaside.fbsbx.com static-cdn.jtvnw.net *.ya.ru *.yandex.com *.yandex.net *.yandex.ru yandex.com yandex.ru yandex.st yastatic.net *.yandex.com; connect-src 'self' blob: yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.admetrica.ru http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:29010 yandexmetrica.com:30103 mc.yandex.md an.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru ad.360yield.com balancer.lmgssp.com cpm.programattik.com server.cpmstar.com *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net *.2mdn.net *.betweendigital.com *.cloudfunctions.net *.creativecdn.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.googlevideo.com *.gstatic.com bs-metadsp.yandex.ru cdn.ampproject.org hbopenbid.pubmatic.com pbs.360yield.com www.googletagmanager.com *.smartadserver.com bs.yandex.ru *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru ya.ru yandex.com *.playhop.com *.yandex.com playhop.com yandex.com api.passport.yandex.com yandexgames:; worker-src 'self' blob:; child-src 'self' blob: mc.yandex.ru; frame-src 'self' blob: mc.yandex.md data: yastatic.net *.lmgssp.com *.doubleclick.net *.360yield.com *.google.com *.googlesyndication.com *.googletagservices.com ads.pubmatic.com imasdk.googleapis.com *.betweendigital.com https://secure.xsolla.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru *.yandexadexchange.net ya.ru yandex.ru yandexadexchange.net yastat.net *.yandex.com playhop.com yandex.com; report-to default-group; manifest-src 'self' yandex.com; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com 'self' yastatic.net zenadservices.net *.playhop.com *.ya.com *.yandex.com playhop.com ya.com yandex.com; font-src yastatic.net 'self' data: cdn.megabonus.com fonts.gstatic.com an.yandex.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: blob: *.2mdn.net *.criteo.net *.googlevideo.com *.yandex.ru ya.ru yandex.ru yandex.st yastatic.net yandex.com; default-src tpc.googlesyndication.com *.safeframe.googlesyndication.com; prefetch-src tpc.googlesyndication.com *.safeframe.googlesyndication.com; report-uri https://csp.yandex.net/csp?yandexuid=2994914321705974460&from=playhop-catalog&project=playhop&slots=914391%2C0%2C-1%3B614058%2C0%2C-1%3B759095%2C0%2C-1%3B804273%2C0%2C-1%3B840371%2C0%2C-1%3B891872%2C0%2C-1%3B895598%2C0%2C-1%3B895676%2C0%2C-1%3B908302%2C0%2C-1%3B919135%2C0%2C-1%3B922794%2C0%2C-1%3B927417%2C0%2C-1%3B927977%2C0%2C-1%3B930288%2C0%2C-1%3B941967%2C0%2C-1%3B945249%2C0%2C-1%3B947338%2C0%2C-1%3B938070%2C0%2C85%3B697940%2C0%2C59%3B485537%2C0%2C21%3B947765%2C0%2C36%3B936083%2C0%2C88; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://code.jquery.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://kendo.cdn.telerik.com/2017.2.504/js/kendo.all.min.js https://gateway.answerscloud.com/beaumont-org/production/gateway.min.js https://gateway.foresee.com/sites/beaumont-org/production/gateway.min.js https://cookie-cdn.cookiepro.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.2/js/bootstrap.min.js https://cdn.kyruus.com https://api.enqbator.com https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com http://cdn.b0e8.com https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://kit.fontawesome.com *.sharethis.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://unpkg.com/ionicons@4.5.10-0/dist/css/ionicons.min.css https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/releases/v5.14.0/css/all.css https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.beaumont.org/images/ https://kloggyr-service.kyruus.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://cdn-images.kyruus.com https://cdn.kyruus.com http://a.b0e8.com/brightedge3.php https://a1.b0e8.com/brightedge3.php https://kyruus-app-static.kyruus.com https://www.beaumont.edu https://www.beaumont.org https://a1.b0e8.com *.sharethis.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com/ https://unpkg.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net; frame-src https://www.beaumont.org/MyChart/mychart.dev.html https://info.beaumont.org https://www.youtube.com https://d6tizftlrpuof.cloudfront.net https://mroexpress.mrocorp.com https://secure.beaumont.org/ https://w.soundcloud.com/ https://www.google.com https://e.issuu.com https://www.auntbertha.com https://player.vimeo.com https://beaumonthealth.smugmug.com https://www.facebook.com https://platform.twitter.com https://external-stage.beaumont.org 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com https://cookie-cdn.cookiepro.com/ https://api.enqbator.com https://doctors.beaumont.org https://maps.googleapis.com https://analytics.google.com https://mroexpress.mrocorp.com https://forms.office.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com/pagead/ https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://careers.beaumont.org *.doubleclick.net 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://info.beaumont.org/ https://secure.beaumont.org 'self' web-chat.nativechat.com 1
default-src 'self' 'unsafe-inline' www-nov-preview.vercel.app bat.bing.com *.bc0a.com *.cloudflareaccess.com *.doubleclick.net *.google-analytics.com *.google.com *.nov.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://127.0.0.1:5500 *.loopanalytics.com bat.bing.com *.adsymptotic.com *.azureedge.net *.b0e8.com *.bc0a.com *.ceros.com *.cloudflareaccess.com *.doubleclick.net *.dynamics.com *.eloqua.com *.en25.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.licdn.com *.nov.com *.pixel.ad *.plot.ly *.simpli.fi *.workamajig.com *.xg4ken.com *.youtube.com *.zscalertwo.net; object-src 'self' 'unsafe-inline' *.nov.com; style-src 'self' 'unsafe-inline' use.typekit.net *.amazonaws.com *.azureedge.net *.cloudflare.com *.dynamics.com *.en25.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.nov.com *.youtube.com; img-src 'self' 'unsafe-inline' data: edge.sitecorecloud.io xmc-nationaloil37c5-novinc-prod.sitecorecloud.io  www.google.co.in cdn.bfldr.com *.ad.smaato.net p.alcmpn.com pbid.pro-market.net login.dotomi.com sync.mathtag.com p.zpa-auth.net ad.360yield.com x.bidswitch.net sync.1rx.io live.primis.tech u.openx.net *.media.net *.smartadserver.com *.casalemedia.com *.yieldmo.com *.omnitagjs.com *.loopanalytics.com *.googletagmanager.com bat.bing.com d.agkn.com *.intentiq.com pippio.com eb2.3lift.com simplifi.partners.tremorhub.com pixel.tapad.com *.pubmatic.com aa.agkn.com sync.intentiq.com ads.stickyadstv.com fei.pro-market.net loadm.exelator.com sync.bfmio.com stags.bluekai.com ups.analytics.yahoo.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com pixel.rubiconproject.com sync.search.spotxchange.com ib.adnxs.com us-u.openx.net *.adsymptotic.com *.azurewebsites.net *.b0e8.com *.bc0a.com *.cloudflareaccess.com *.doubleclick.net *.dynamics.com *.eloqua.com *.en25.com *.google-analytics.com *.google.com *.googleadservices.com *.gstatic.com *.linkedin.com *.nov.com *.simpli.fi *.sitescout.com *.webdamdb.com *.youtube.com *.zscalertwo.net; media-src 'self' 'unsafe-inline' *.amazonaws.com *.nov.com; frame-src 'self' 'unsafe-inline' *.azurewebsites.net *.ceros.com *.doubleclick.net *.dynamics.com *.google.com *.googleapis.com *.hotjar.com *.nov.com *.office.com *.sitescout.com *.soundcloud.com *.webdamdb.com *.workamajig.com *.youtube.com *.zscalertwo.net; connect-src 'self' 'unsafe-inline' edge.sitecorecloud.io *.licdn.com *.linkedin.com *.adsymptotic.com *.linkedin.oribi.io *.googlesyndication.com *.oraclecloud.com discover.sitecorecloud.io bat.bing.com cdn.linkedin.oribi.io *.azurewebsites.net *.bc0a.com *.doubleclick.net *.dynamics.com raw.githubusercontent.com *.google-analytics.com *.google.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.nov.com *.linkedin.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.gstatic.com *.nov.com; 1
base-uri 'self'; object-src 'none'; default-src 'self' *.goconqr.com; font-src 'self' *.goconqr.com cdnjs.cloudflare.com/ajax/libs/mathjax/ fonts.gstatic.com use.typekit.net static3.avast.com fonts.googleapis.com live.primis.tech; img-src 'self' *.goconqr.com www.google-analytics.com googleads.g.doubleclick.net www.google.com https: http: data: blob:; style-src 'self' *.goconqr.com cdn.ckeditor.com a.pub.network/goconqr-com/cls.css 'unsafe-inline'; media-src 'self' *.goconqr.com examtimeassets.s3.amazonaws.com blob: data:; frame-ancestors 'self' teams.microsoft.com; frame-src 'self' https:; connect-src 'self' https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
report-uri /api/report-csp; base-uri 'self'; frame-ancestors 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com; default-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com; connect-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com firebaseinstallations.googleapis.com firebase.googleapis.com www.google-analytics.com *.branch.io *.sentry.io *.nr-data.net *.facebook.com *.facebook.net google.com *.google.com *.googleadservices.com bnc.lt dvnfo.com *.dvnfo.com bat.bing.com; frame-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com *.doubleclick.net *.youtube.com; img-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com google.com *.google.com *.doubleclick.net cdn.albert.com i.ytimg.com *.googletagmanager.com *.gstatic.com assets.pd.gpsrv.com bat.bing.com data:; font-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com data: fonts.gstatic.com; style-src 'self' albert.com *.albert.com albert.app *.albertdevelopment.com *.albert-test.com 'nonce-a4db6a1f-24b6-4754-afdc-e705f501a603' https: 'unsafe-inline'; object-src 'none'; worker-src blob:; script-src 'self' 'nonce-a4db6a1f-24b6-4754-afdc-e705f501a603' bat.bing.com *.facebook.net *.youtube.com js-agent.newrelic.com cdn.branch.io app.link; script-src-attr 'none'; style-src-attr 'self' 'unsafe-inline' 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com;report-uri /_/WebLightFeaturePhoneHttp/cspreport/allowlist 1
default-src https:;connect-src https:;font-src https: data:;frame-src https:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.ecovadis.com *.googleapis.com *.cookielaw.org *.cloudflare.com *.facebook.net *.cdntwrk.com *.wistia.com *.ml314.com ml314.com *.pardot.com *.salesloft.com *.hotjar.com *.pathmotion.io *.demandbase.com *.googletagmanager.com *.youtube.com *.cookielaw.org *.cloudflare.com *.cdntwrk.com *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.hotjar.com *.ecovadis-surveys.com *.licdn.com *.google.com *.gstatic.com *.gstatic.cn *.googleadservices.com *.doubleclick.net *.pardot.com *.recaptcha.net *.zscloud.net *.jsdelivr.net *.facebook.net *.scoop.it *.googleapis.com *.zoominfo.com *.clickagy.com *.hs-scripts.com *.zi-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsforms.net yoast.com; style-src 'report-sample' 'self' 'unsafe-inline' *.ecovadis.com  *.cloudflare.com *.googleapis.com *.scoop.it; object-src 'none'; base-uri 'self'; connect-src 'self' * *.ecovadis.com api.mixpanel.com cdn.cookielaw.org embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io v2.api.uberflip.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.com *.hotjar.io *.company-target.com *.salesloft.com *.recaptcha.net cdn.linkedin.oribi.io *.facebook.net *.google.com *.clickagy.com *.zoominfo.com *.demandbase.com *.zi-scripts.com *.hscollectedforms.net *.hubapi.com; font-src 'self' data: *.ecovadis.com/ *.gstatic.com *.wistia.com *.wistia.net *.wp.com; frame-src 'self' *.ecovadis.com *.ecovadis-surveys.com *.ecovadis-survey.com ecovadis.career-inspiration.com *.hotjar.com *.google.com  *.recaptcha.net *.facebook.com *.company-target.com *.doubleclick.net securityscorecard.com *.hsforms.com; img-src 'self' data: *.ecovadis.com *.cdntwrk.com *.wistia.com *.wistia.net *.scoop.it *.gravatar.com *.cookielaw.org *.google-analytics.com *.googletagmanager.com *.google.com *.google.pl https://id.rlcdn.com https://match.prod.bidr.io *.linkedin.com *.company-target.com  *.recaptcha.net *.facebook.com *.doubleclick.net *.clickagy.com *.openx.net *.rlcdn.com *.agkn.com *.google.it *.google.fr *.google.de *.hsforms.com *.hubspot.com; manifest-src 'self'; media-src 'self' *.ecovadis.com *.wistia.net blob:; frame-ancestors 'self' *.ecovadis.com; worker-src blob:; 1
default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.jp; img-src 'self' https: data: blob: https://mstdn.jp; style-src 'self' https://mstdn.jp 'nonce-RuXFU9i+nZz/tdtPa6r+TQ=='; media-src 'self' https: data: https://mstdn.jp; frame-src 'self' https:; manifest-src 'self' https://mstdn.jp; form-action 'self'; connect-src 'self' data: blob: https://mstdn.jp https://media.mstdn.jp wss://mstdn.jp; script-src 'self' https://mstdn.jp 'wasm-unsafe-eval'; child-src 'self' blob: https://mstdn.jp; worker-src 'self' blob: https://mstdn.jp 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-IXyfOjY1hZPZNcy1YoGmug=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' data: https://*.googleapis.com https://apis.google.com https://accounts.google.com https://*.googletagmanager.com https://www.google.com *.addthis.com https://*.facebook.com *.facebook.com https://*.linkedin.com https://*.thecn.com https://platform.twitter.com platform.twitter.com *.pinterest.com https://www.google-analytics.com; connect-src 'self' https://translate.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' translate.googleapis.com *.addthis.com https://*.googletagmanager.com *.addthisedge.com *.pinterest.com https://www.google.com https://translate.google.com https://ajax.googleapis.com https://www.gstatic.com https://apis.google.com apis.google.com https://accounts.google.com https://translate.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.facebook.com https://platform.twitter.com *.facebook.com platform.twitter.com https://*.thecn.com https://*.linkedin.com; frame-ancestors 'self' http://www.oeconsortium.org https://www.oeconsortium.org; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://*.googletagmanager.com https://fonts.googleapis.com http://www.w3.org/2000/svg; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' * https://* *.addthis.com data: 1
frame-ancestors 'self' https://clms.toyo.ac.jp https://clms.dev.toyo.ac.jp; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'sha256-42zcKPWDZOaN8n8wocQD0WXYDyjdRNfIFxzUDYE7Xrw=' 'sha256-RpHOUsjSXT9eLBP9itvy93PUJa/IJMsqih5WrgPLlu4=' 'sha256-sviqhLDYJee9jvDDd9GCIiHIv0cxlKKiJ9Tqy7eOa9s=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'nonce-OGQxOTMxOWUxNjJmZmQ5OA==' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://static.hotjar.com https://www.google-analytics.com https://tracker.pixeltracker.co https://w.soundcloud.com https://www.google.com https://script.hotjar.com https://www.gstatic.com https://s.adroll.com/ https://d.adroll.com https://lex.33across.com https://assets.pixlee.com https://assets.pxlecdn.com https://securepubads.g.doubleclick.net https://assets.pinterest.com https://s.pinimg.com; connect-src 'self' https: https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://static.hotjar.com https://www.google-analytics.com https://tracker.pixeltracker.co https://w.soundcloud.com https://analytics.google.com https://content.hotjar.io https://pixelconnector.pixeltracker.co https://www.google-analytics.com wss://ws.hotjar.com https://stats.g.doubleclick.net https://www.google.com https://www.facebook.com https://region1.analytics.google.com https://metrics.hotjar.io https://vc.hotjar.io https://shop.famsf.org https://translate.googleapis.com https://www.google.co.uk https://www.google.com.au https://www.google.it https://www.google.de https://www.google.gg https://www.google.com.pk https://www.google.com.br https://www.google.es https://www.google.co.in https://www.google.gr https://www.google.at https://www.google.fr https://www.google.cz https://www.google.co.za https://www.google.ch https://www.google.com.sg https://www.google.nl https://www.google.com.ph https://www.google.co.nz https://www.google.co.th https://www.google.com.br https://s.pinimg.com; font-src 'self' https: data:; img-src https: data: blob: http://famsf.emuseum.com; manifest-src 'self'; media-src 'self' https: data: blob:; frame-src https:; report-uri https://a17famsf.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://www.acljaction.org https://acljaction.org https://beheardproject.com https://eclj.org https://baldbeagle.com https://morethanever.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://www.paypalobjects.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://*.google.com https://pagead2.googlesyndication.com https://www.gstatic.com https://rumble.com https://*.rumble.com https://*.rumble.cloud https://i.rmbl.ws https://www.googletagmanager.com https://www.googleoptimize.com https://www.googletagservices.com https://cdn.taboola.com https://trc.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://apm.thesmg.cloud https://www.c-span.org https://cdn.onesignal.com https://onesignal.com https://www.votervoice.net https://js.stripe.com https://doublethedonation.com https://d11fwi1lfvvt5p.cloudfront.net https://urbanlegend.co https://api.acljaction.org https://maps.googleapis.com https://*.rmbl.ws blob:; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://www.paypalobjects.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://*.google.com https://pagead2.googlesyndication.com https://www.gstatic.com https://rumble.com https://*.rumble.com https://*.rumble.cloud https://i.rmbl.ws https://www.googletagmanager.com https://www.googleoptimize.com https://www.googletagservices.com https://cdn.taboola.com https://trc.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://apm.thesmg.cloud https://www.c-span.org https://cdn.onesignal.com https://onesignal.com https://www.votervoice.net https://js.stripe.com https://doublethedonation.com https://d11fwi1lfvvt5p.cloudfront.net https://urbanlegend.co https://api.acljaction.org https://maps.googleapis.com https://*.rmbl.ws blob: 1
default-src 'self' https://*.be.ch; connect-src 'self' https://*.be.ch https://search-api.swiftype.com https://*.jaxforms.com ws://*.jaxforms.com; frame-src 'self' https://*.be.ch https://*.jaxforms.com https://*.prospective.ch https://assets.adobedtm.com https://*.youtube.com https://*.youtu.be https://www.youtube-nocookie.com https://search.ch https://map.search.ch https://*.google.com https://*.geo.admin.ch https://*.promio-connect.com https://vimeo.com https://*.vimeo.com; frame-ancestors 'self' https://*.be.ch; style-src 'self' https://*.be.ch https://*.jaxforms.com 'unsafe-inline'; script-src 'self' https://*.be.ch https://*.jaxforms.com https://siteimproveanalytics.com https://cdnjs.cloudflare.com https://system.promio-connect.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://*.jaxforms.com; img-src * data:; object-src 'none'; 1
frame-src 'self' https://dnyepvvjamjdg.cloudfront.net https://www.youtube.com https://*.demdex.net https://*.doubleclick.net https://*.optimizely.com https://*.facebook.com https://*.google.com https://*.freedommobile.ca https://*.shawmobile.ca https://*.liveperson.net https://*.lpsnmedia.net https://*.kaptcha.com https://*.spatialbuzz.com https://*.spatialbuzz.net; frame-ancestors 'self' https://*.freedommobile.ca; 1
default-src 'self' https://secure-ds.serving-sys.com *.healthhub.sg https://*.clarity.ms https://c.bing.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.healthhub.sg https://platform.twitter.com https://www.clarity.ms https://analytics.tiktok.com *.qualtrics.com *.google-analytics.com *.analytics.google.com https://sp.analytics.yahoo.com/ https://tr.outbrain.com/ https://vimeo.com/ https://www.vimeo.com/ cdn.taboola.com/ trc.taboola.com/ https://amplify.outbrain.com/ https://s.yimg.com/ https://s.ytimg.com/ https://www.youtube.com https://tagmanager.google.com http://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://secure-ds.serving-sys.com https://bs.serving-sys.com https://connect.facebook.net/ https://servedby.revive-adserver.net https://*.hotjar.com https://secure.quantserve.com https://wave.outbrain.com https://rules.quantcount.com; img-src 'self' data: https://servedby.revive-adserver.net/ *.healthhub.sg *.qualtrics.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://cds.taboola.com/ https://www.gstatic.com https://ssl.gstatic.com https://tr.outbrain.com https://tagmanager.google.com https://developers.onemap.sg https://maps-a.onemap.sg  https://maps-b.onemap.sg https://maps-c.onemap.sg https://s3-ap-southeast-1.amazonaws.com https://s3.amazonaws.com  https://cm.g.doubleclick.net https://www.google.com.sg http://www.healthhub.sg  https://www.google.com https://stats.g.doubleclick.net https://img.youtube.com https://maps.gstatic.com https://www.google-analytics.com https://app.sttarter.com:9000 https://ssl.sttarter.com:9000  http://app.sttarter.com:9000 http://ssl.sttarter.com:9000 https://ssl.sttarter.com:9443 https://facebook.com https://cdn.revive-adserver.net https://www.facebook.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://connect.facebook.net https://pixel.quantserve.com https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.healthhub.sg https://servedby.revive-adserver.net/ https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com;  font-src 'self' *.healthhub.sg https://fonts.gstatic.com data: fonts.googleapis.com https://*.hotjar.com; connect-src 'self' *.healthhub.sg *.qualtrics.com *.google-analytics.com *.analytics.google.com https://www.google.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://trc-events.taboola.com/ https://vimeo.com/ https://www.vimeo.com/ https://www.facebook.com/ https://analytics.google.com/ https://prodigious.imailxpress.com https://trc.taboola.com/ https://s.yimg.com/ https://tagmanager.google.com  https://www.healthhub.sg http://www.healthhub.sg  secure-ds.serving-sys.com https://servedby.revive-adserver.net https://tr.outbrain.com https://pips.taboola.com https://cds.taboola.com https://analytics.tiktok.com https://*.clarity.ms https://pixel.quantcount.com https://www.google.com.sg https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  frame-src 'self' *.healthhub.sg https://players.brightcove.net https://brightcove.net *.qualtrics.com https://9248167.fls.doubleclick.net/ https://www.player.vimeo.com/ https://www.vimeo.com/ https://player.vimeo.com/ https://vimeo.com/ web.facebook.com connect.facebook.net https://8416677.fls.doubleclick.net https://www.youtube.com  https://tags.tiqcdn.com https://bid.g.doubleclick.net https://www.youtube.com https://syndication.twitter.com https://platform.twitter.com https://www.google.com https://fork.gotrackier.com https://view.officeapps.live.com https://*.doubleclick.net 1
frame-ancestors https://www.finanztreff.de; 1
child-src * 'self' 1
frame-ancestors 'self' https://alamode.com https://*.alamode.com https://titanappraisal.com https://*.titanappraisal.com https://titanoffice.com https://*.titanoffice.com; 1
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 1
frame-ancestors http://cms.profootballhof.com http://www.profootballhof.com http://pfhof-cms.ae-admin.com http://pfhof-live.ae-admin.com 1
default-src 'self' data: wss: api.rudderstack.com *.clarity.ms bat.bing.com bikapi.bikayi.app wzrkt.com d2r1yp2w7bby2u.cloudfront.net *.rudderlabs.com *.snapchat.com *.amanad.adtdp.com *.dable.io *.mediawallahscript.com *.inmobi.com blob: *.google.com.my google.com *.exelator.com *.onaudience.com *.mookie1.com *.admanmedia.com *.acuityplatform.com *.clientgear.com *.resetdigital.co *.nmgassets.com *.480app.com *.nmgplatform.com *.hotjar.io *.eyeota.net *.nrich.ai *.smrtb.com *.turn.com *.creativecdn.com *.zemanta.com *.appier.net *.dyntrk.com *.onprospects.com *.openx.net *.stackadapt.com *.admedo.co *.smrtb.com creativecdn.com *.nrich.ai *.zemanta.com *.onprospects.com *.mediarithmics.com *.bidr.io *.sitescout.com *.criteo.net *.dyntrk.com *.opera.com *.toast.com *.ck-ie.com *.tremorhub.com *.unrulymedia.com *.chocolateplatform.com *.admixer.net *.ytimg.com *.blismedia.com *.semasion.net *.tumblr.com fksnk.com *.stickyadstv.com *.fwmrm.net *.dotomi.com *.amazon-adsystem.com id5-sync.com *.smaato.net *.admixer.net *.bidswitch.net *.simpli.fi *.adform.net *.lkqd.net *.1rx.io *.mgid.com *.googletagmanager.com *.primis.tech *.lijit.com *.connectad.io *.tpmn.co.kr *.bnmla.com *.mathtag.com *.mfadsrvr.com *.contextweb.com *.lemmatechnologies.com *.brightmountainmedia.com:8443 *.4dex.io *.elev.io *.emxdgt.com *.remorhub.com *.gumgum.com *.loopme.me *.adgrx.com *.tmpn.co *.adsrvr.org *.demdex.net *.bluekai.com *.tapad.com *.revcontent.com *.nate.com *.bing.com *.rlcdn.com *.ivitrack.com id5-sync.com *.stickyadstv.com *.ants.vn *.adscale.de *.socdm.com *.yieldmo.com *.visualwebsiteoptimizer.com *.bfmio.com *.advertising.com *.3lift.com *.teads.tv *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.postrelease.com *.mediavine.com *.360yield.com *.casalemedia.com *.omnitagjs.com *.yieldlab.net *.cloudfront.net *.livspace-cdn.com *.livmatrix.com *.livspace.com *.lemnisk.co *.taboola.com *.google-analytics.com *.criteo.com *.hubspot.com *.engati.com *.googleapis.com *.gstatic.com *.doubleclick.net *.hotjar.com *.aroscop.com *.outbrain.com *.clmbtech.com *.media.net *.bidswitch.net *.yahoo.com *.deepintent.com *.betweendigital.com *.pubmatic.com *.facebook.com *.google.com *.smaato.net *.ipify.org *.amazonaws.com *.google.co.in *.crwdcntrl.net *.quora.com *.digitaleast.mobi *.adnxs.com *.dmxleo.com *.kubient.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.clarity.ms bat.bing.com bikapi.bikayi.app wzrkt.com d2r1yp2w7bby2u.cloudfront.net *.rudderlabs.com *.snapchat.com sc-static.net *.hsleadflows.net naarad.livspace.com *.jsdelivr.net blob: *.480app.com *.global.ssl.fastly.net *.hotjar.io *.nmgassets.com *.google.com *.visualwebsiteoptimizer.com *.recaptcha.net polyfill.io *.lemnisk.co maps.googleapis.com *.ampproject.org *.gstatic.com *.mookie1.com *.googleoptimize.com *.engati.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.aroscop.com *.google-analytics.com *.facebook.net *.quora.com *.taboola.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.criteo.com *.criteo.net *.hotjar.com *.crwdcntrl.net *.elev.io *.amazonaws.com; style-src 'self' 'unsafe-inline' bikapi.bikayi.app *.quilljs.com naarad.livspace.com *.google.com fonts.googleapis.com *.cloudflare.com *.amazonaws.com *.engati.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' assets.livspace-cdn.com *.rudderlabs.com *.snapchat.com *.google.com *.hotjar.com tsdtocl.com *.livspace.com *.lemnisk.co *.recaptcha.net *.doubleclick.net *.youtube.com nsventures.link nsventures.in *.criteo.com *.criteo.net *.facebook.com; object-src 'none'; base-uri 'self' 1
default-src 'self' https://*.yieldify.com https://*.yieldify-production.com https://cdn.productreview.com.au/assets/widgets/loader.js https://api.productreview.com.au/ https://trupanionvideo.wistia.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yieldify.com *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com t.contentsquare.net app.contentsquare.com https://view.ceros.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com accounts.google.com connect.facebook.net https://assets.pxlecdn.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api https://kit.fontawesome.com/2f70a2f846.js platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://unpkg.com/ https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://cdn.jsdelivr.net https://unpkg.com/ https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com http://www.datejs.com https://github.com https://static.zuora.com/Resources/libs/hosted/1.3.1/zuora-min.js https://sandbox.na.zuora.com/ https://sandbox.na.zuora.com/apps/PublicHostedPageLite.do https://na.zuora.com/apps/PublicHostedPageLite.do https://rest.sandbox.na.zuora.com *.zuora.com https://www.zuora.com https://www.googletagmanager.com https://www.google-analytics.com home-c28.incontact.com bat.bing.com googleads.g.doubleclick.net cdn.bc0a.com google.com cdn1.b0e8.com seal.digicert.com https://t.contentsquare.net https://getrockerbox.com https://rbj26p8v.trupanion.com *.adform.net d.impactradius-event.com www.googleadservices.com assets.pixlee.com td.yieldify.com custom.yieldify.com https://cdn.co-buying.com/embedding.min.js cdn.productreview.com.au https://api.productreview.com.au/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net https://pro.fontawesome.com https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com; font-src 'self' bp.trupanion.com https://*.yieldify-production.com fonts.yieldify-production.com/font fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.jsdelivr.net https://ka-p.fontawesome.com https://pro.fontawesome.com/ https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com; img-src 'self' api.productreview.com.au https://cdn.optimizely.com https://*.yieldify.com https://*.yieldify-production.com bp.trupanion.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.contentsquare.net data: blob: *.eloqua.com track.hubspot.com *.imgix.net https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com bat.bing.com www.google.com www.google.co.in a1.b0e8.com seal.digicert.com https://rbj26p8v.trupanion.com c.az.contentsquare.net logs-01.loggly.com googleads.g.doubleclick.net www.googleadservices.com www.google.ie assets.pixlee.com www.googletagmanager.com; media-src 'self' *.azureedge.net data: blob: https://trupanionvideo.wistia.com/; child-src 'self' *.optimizely.com https://view.ceros.com/ https://c1.adform.net/ bp.trupanion.com https://sandbox.na.zuora.com/ https://na.zuora.com/ *.zuora.com https://www.zuora.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com https://unpkg.com/ badge.stumbleupon.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com https://widget.trustpilot.com https://apisandbox.zuora.com https://www.googletagmanager.com public.tableau.com analytics.clickdimensions.com fast.wistia.net trupanion.qualtrics.com blob: csxd.contentsquare.net trupanion.avo2.net photos.pixlee.co bp.breeder.trupanion.com https://cdn.co-buying.com home-c28.incontact.com https://cdweb.trupanion.com http://cdweb.trupanion.com https://*.yieldify.com td.doubleclick.net; connect-src 'self' api.productreview.com.au https://*.yieldify.com *.yieldify-production.com https://yieldify.connectorengine.com fonts.googleapis.com https://logx.optimizely.com *.optimizely.com https://localhost:44355/ *.contentsquare.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ka-p.fontawesome.com https://tru-dev-app-memberportal-api.azurewebsites.net https://dev-poweredbyapi-app.azurewebsites.net https://dev-chewympapi-app.azurewebsites.net https://dev-aflacmpapi-app.azurewebsites.net https://tst-chewympapi-app.azurewebsites.net https://tst-aflacmpapi-app.azurewebsites.net https://prd-chewympapi-app.azurewebsites.net https://prd-aflacmpapi-app.azurewebsites.net https://www-stg.chewy.net https://www-dev.chewy.net https://www.chewy.com https://unpkg.com/ https://auth-integration.chewy.com https://auth-stg.chewy.com/ https://auth.chewy.com https://devaflacpetinsurance.b2clogin.com https://testaflacpetinsurance.b2clogin.com https://aflacpetinsurance.b2clogin.com http://devaflacpetinsurance.b2clogin.com http://testaflacpetinsurance.b2clogin.com http://aflacpetinsurance.b2clogin.com https://sandbox.na.zuora.com https://rest.sandbox.na.zuora.com https://na.zuora.com api.zippopotam.us https://www.googletagmanager.com https://www.google-analytics.com maps.googleapis.com google.com ixfd2-api.bc0a.com bat.bing.com https://photos.pixlee.co/ https://assets.pixlee.com/assets/fp.js stats.g.doubleclick.net trupanion.avo2.net c.az.contentsquare.net region1.google-analytics.com td.yieldify.com v2.dc.yieldify.com edge.yieldify.com gateway.yieldify-production.com cdweb.trupanion.com *.zuora.com https://www.zuora.com https://cdn.co-buying.com bp.trupanion.com *.googlesyndication.com https://trupanionvideo.wistia.com/; object-src 'self' bp.trupanion.com; 1
default-src 'none';base-uri 'self';object-src 'none';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net pdx-col.eum-appdynamics.com *.wellsfargomedia.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com;connect-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com google-analytics.com pdx-col.eum-appdynamics.com;frame-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com awusw-wfr.advanced-web-analytics.com *.doubleclick.net *.wellsfargo.wallst.com *.fccaccessonline.com wellsfargo-p2.markitdigital.com iframe.arkoselabs.com;media-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargomedia.com;form-action 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargo.com:*;worker-src 'self' blob:;script-src 'nonce-0766914eb01143a885482d8453fb970a' 'self' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com;frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com wellsfargo.markitdigital.com 1
frame-ancestors *.netlify.app cms-marketing.helloalma.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
base-uri 'none'; default-src 'self'; child-src https://*.twitter.com https://api.vod2.infomaniak.com https://app.sli.do https://cdnjs.cloudflare.com https://dwa.vd.ch https://e.issuu.com https://elearn-services.unige.ch https://embed-assets.wakelet.com https://embed.wakelet.com https://jobtic.ch https://line.do https://livestream.com https://m-vaud.prospective.ch https://player.vimeo.com https://player.vod2.infomaniak.com https://vaud.prospective.ch https://vod.infomaniak.com https://www.google.com https://www.googletagmanager.com https://www.thinglink.com https://www.vdairdata.ch https://www.web-vd.ch https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.etat-de-vaud.ch https://*.vd.ch https://platform.deeplink.ai https://www.google-analytics.com; font-src 'self' https://*.deeplink.ai https://cdn.jsdelivr.net https://maxst.icons8.com; form-action 'self'; frame-ancestors https://*.etat-de-vaud.ch https://*.vd.ch; frame-src https://*.etat-de-vaud.ch https://*.twitter.com https://*.vd.ch https://api.vod2.infomaniak.com https://app.sli.do https://app.vidcast.io https://apps.vs.ch https://e.issuu.com https://elearn-services.unige.ch https://embed.wakelet.com https://google.com https://jobtic.ch https://line.do https://livestream.com https://m-vaud.prospective.ch https://map.geo.admin.ch https://player.vimeo.com https://player.vod2.infomaniak.com https://thinglink.com https://tp.srgssr.ch https://vaud.prospective.ch https://vod.infomaniak.com https://web-vd.ch https://www.google.com https://www.googletagmanager.com https://www.openstreetmap.org https://www.outilcrde.ch https://www.vdairdata.ch https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' https://*.etat-de-vaud.ch https://*.vd.ch https://articulateusercontent.com https://bot.deeplink.ai https://googleads.g.doubleclick.net https://images.freeimages.com https://png.vector.me https://upload.wikimedia.org https://www.asi37.fr https://www.google-analytics.com https://www.google.ch https://www.google.com https://www.honcode.ch blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.deeplink.ai https://*.vd.ch https://cdn.thinglink.me https://cdnjs.cloudflare.com https://e.issuu.com https://e.prezicdn.net https://embed-assets.wakelet.com https://jwpsrv.com https://platform.linkedin.com https://platform.twitter.com https://player.vimeo.com https://widgets.paper.li https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.skypeassets.com https://www.youtube.com https:://*.etat-de-vaud.ch 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.deeplink.ai https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://maxst.icons8.com 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://getvim.com  https://*.getvim.com https://devim.io https://*.devim.io; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nice-incontact.com *.youtube.com *.3lift.com *.calendly.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.henryscheincustombranding.com *.acuityscheduling.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net *.marketo.net *.serving-sys.com *.googleadservices.com *.g.doubleclick.net *.akamaihd.net *.comodo.com *.trustlogo.com *.verisign.com *.websecurity.norton.com *.digicert.com *.coremetrics.com *.googletagmanager.com *.google.com *.google-analytics.com *.richrelevance.com *.livechatinc.com *.mybusinessbankcard.com *.hsforms.net *.hsforms.com *.hubspot.com *.cognitoforms.com *.google:* *.gstatic.com *.googleapis.com *.github.com *.jquery.com *.facebook.net *.ak.fbcdn.net *.twimg.com *.dentapure.com *.appspot.com *.insourceonline.com vp.dentrek.com *.henryschein.com *.sullivanschein.com *.bing.com *.pagescdn.com *.sitescdn.net *.licdn.com *.conductor.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.googleoptimize.com *.formsite.com *.fullstory.com blob: data:; connect-src 'self' *.henryscheincustombranding.com calendly.com *.conductor.com *.akstat.io wmg-productdesigner-prod-apim.azure-api.net *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com *.livechatinc.com *.vivarep.com *.cognitoforms.com *.google.com *.google-analytics.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.g.doubleclick.net *.coremetrics.com *.googletagmanager.com *.adroll.com *.dca0.com *.pagescdn.com *.mktoutil.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.fullstory.com; img-src 'self' wmg-productdesigner-prod-apim.azure-api.net *.ytimg.com *.linkedin.com *.adsymptotic.com *.henryscheincustombranding.com *.3lift.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.facebook.net *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.g.doubleclick.net *.akamaihd.net *.placeholder.com *.comodo.com *.trustlogo.com *.websecurity.norton.com *.digicert.com *.google:* *.caligor.com *.coremetrics.com *.livechatinc.com *.google.com *.google-analytics.com *.henryschein.com *.sullivanschein.com *.vivarep.com placehold.it placehold.co *.servertastic.com *.gstatic.com *.corporate-ir.net *.appspot.com *.googleapis.com *.insourceonline.com *.istockphoto.com *.hsforms.net *.bing.com *.googletagmanager.com *.commerce-connector.com *.ads.linkedin.com *.vimeocdn.com *.cdn.jotfor.ms px.owneriq.net data:; style-src *.henryscheincustombranding.com *.kampyle.com *.google-analytics.com 'unsafe-inline' 'self' *.marketo.com *.googleapis.com *.cognitoforms.com *.google.com *.livechatinc.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.gstatic.com *.sitescdn.net; font-src 'self' *.henryscheincustombranding.com *.kampyle.com *.cdn.skype.com *.googleapis.com *.gstatic.com *.livechatinc.com *.googleusercontent.com *.cognitoforms.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com cdn.jotfor.ms data:; frame-src 'self' *.nice-incontact.com *.marketo.com calendly.com  *.acuityscheduling.com *.hubspot.com *.kampyle.com *.g.doubleclick.net *.google-analytics.com *.google.com *.pendo.io *.bws.birst.com *.trustlogo.com *.comodo.com *.googletagmanager.com *.livechatinc.com *.youtube.com *.vivalearning.com *.vimeo.com *.corporate-ir.net vimeo.com *.facebook.com *.appspot.com *.hsforms.net *.henryschein.com *.sullivanschein.com *.bing.com *.facebook.net *.hsforms.com *.pagescdn.com *.wistia.com *.formsite.com data:; media-src 'self' *.vivarep.com *.kampyle.com *.livechatinc.com *.istockphoto.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.dentapure.com;  1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 1
script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.hudexchange.info *.cloudflare.com *.jquery.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com *.chimpstatic.com 1
frame-ancestors 'self' http://*.srdevel.com https://*.srdevel.com *.mlb.com 1
default-src 'self' blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://cdn.branch.io https://app.link *.greateasternlife.com *.lifeisgreat.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.addthis.com *.twitter.com *.youtube.com *.ytimg.com *.licdn.com *.moatads.com *.branch.io *.qualtrics.com *.outbrain.com *.googleanalytics.com *.googleoptimize.com *.google.com *.gstatic.com http://cdn.taboola.com http://trc.taboola.com http://trc-events.taboola.com http://cds.taboola.com https://sp.analytics.yahoo.com https://s.yimg.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com optimize.google.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; img-src * data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.qualtrics.com *.google-analytics.com *.googletagmanager.com http://cdn.taboola.com http://trc.taboola.com https://sp.analytics.yahoo.com analytics.tiktok.com *.gstatic.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm *.doubleclick.net *.googlesyndication.com; media-src 'self' *.scene7.com; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *.feprecisionplus.com https://play.solstice.sg liferiddles.whooshpro.net liferiddles-stg.whooshpro.net *.greateasternlife.com *.doubleclick.net *.twitter.com *.addthis.com *.financialexpress.net *.youtube.com *.facebook.net *.facebook.com optimize.google.com su.vc s.surveyanyplace.com *.qualtrics.com *.google.com *.gstatic.com safe.menlosecurity.com; object-src 'self' *.qualtrics.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.branch.io *.greateasternlife.com *.addthis.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.qualtrics.com cdn.linkedin.oribi.io http://cdn.taboola.com http://cds.taboola.com https://s.yimg.com analytics.tiktok.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' 1
default-src https:; script-src 'self' 'unsafe-inline' *.dallasfed.org *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.federalreserve.org *.highcharts.com *.salesforce-sites.com *.twimg.com *.twitter.com *.frswebservices.org; style-src-elem 'self' 'unsafe-inline' *.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com; object-src 'none'; frame-ancestors 'none'; 1
media-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com https://ssl.google-analytics.com www.google.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net partner.googleadservices.com adservice.google.com.hk adservice.google.com tpc.googlesyndication.com; connect-src 'self' 'unsafe-inline' www.google-analytics.com maps.googleapis.com fonts.gstatic.com pagead2.googlesyndication.com; 1
worker-src * blob:; frame-ancestors 'self' https://m.facebook.com/ https://m.me/ https://static.xx.fbcdn.net/ https://*.fls.doubleclick.net/; child-src 'self' https://dataprivacy.unileversolutions.com/ https://dataprivacy.unileversolutions.com/uat/etc/clientlibs/cq-global/tgglobal.js https://staticxx.facebook.com https://m.me https://m.facebook.com/ https://www.facebook.com/ https://static.xx.fbcdn.net/ http://cdn.baycloud.com/ https://cdn.baycloud.com/ https://cdns.eu1.gigya.com/ https://cdns.au1.gigya.com/ https://cdn.constant.co/ https://unilever.brandquad.ru/buybutton/render_template/8714100917381/ https://data.unileversolutions.com/ https://tracking.allthingshair.com/ https://djtflbt20bdde.cloudfront.net/ http://info.evidon.com/ https://brillianttruth.co.uk/Quiz-v18/ https://www.instagram.com/  https://l3.evidon.com/ https://www.google.com/ https://info.evidon.com https://unilever3.marketing.adobe.com/ https://unileverbrazil.marketing.adobe.com/ https://unilever2.marketing.adobe.com/ https://unilever.marketing.adobe.com/ https://www.facebook.com https://unileverbrazil.demdex.net/ https://chat.blip.ai/ http://fast.unileverbrazil.demdex.net/ https://www.dynamicmeasure.com/ https://secure.shoppable.com/ https://unilever2.demdex.net/ http://fast.unilever2.demdex.net/ http://www.dynamicmeasure.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://unilever3.demdex.net/ https://www.dynamicmeasure.com/pixel/ATH https://secure.shoppable.co/ https://static.constant.co/ https://insight.adsrvr.org/ https://unilever.demdex.net/ http://fast.unilever.demdex.net/ https://ath2.unileverservices.com/ https://st4allthings4p4ci.blob.core.windows.net https://cdn.constant.co/ https://preferences.allthingshair.com/ https://graph.instagram.com/ https://cdns.us1.gigya.com/ https://cdn.gigya-ext.com/gy.js https://web.facebook.com/ https://www.tiktok.com/ https://platform.twitter.com/ http://api.openweathermap.org/ https://cdn.cookielaw.org https://dpm.demdex.net https://unilever.d3.sc.omtrdc.net https://secure.dach-unilever.com http://fast.unilever3.demdex.net/ https://sdk-za.shortlyst.com/ https://cdn.pricespider.com/ https://login.dotomi.com/ https://seoab.io https://assets.pinterest.com/ https://audio4.audima.co/ https://core.conversant.mgr.consensu.org https://c.evidon.com/ https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://fonts.googleapis.com https://forms.microsoft.com/ https://*.fls.doubleclick.net/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://cec-contact-us-prod.ir-e1.cloudhub.io/ intent: fb-messenger: 1
default-src 'self' data:;script-src 'self' https://popin.survey-xact.dk https://survey.finansministeriet.dk https://ressourcer.borger.dk https://borger.fobs.dk https://siteimproveanalytics.com https://surveys.enalyzer.com https://report.23video.com https://cdn.borger.dk;style-src 'self' 'unsafe-inline' https://cdn.borger.dk https://ressourcer.borger.dk;img-src 'self' https://popin.survey-xact.dk https://survey.finansministeriet.dk https://*.global.siteimproveanalytics.io https://ressourcer.borger.dk https://*.siteimprove.com https://cdn.borger.dk data:;media-src 'self' https://popin.survey-xact.dk https://survey.finansministeriet.dk https://cdhsign.dk https://cdn.borger.dk data:;frame-src 'self' https:;font-src 'self' https://cdn.borger.dk;connect-src 'self' https://popin.survey-xact.dk https://survey.finansministeriet.dk https://surveys.enalyzer.com;frame-ancestors 'self';upgrade-insecure-requests 1
default-src * 'self' data: 'unsafe-eval' 'unsafe-inline' blob: 1
frame-ancestors http://*.ebs.co.kr https://*.ebs.co.kr ; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.thegrocer.co.uk https://eme.abacusemedia.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://files.cdn.leadfamly.com https://publiccontact.danskebank.dk https://consent.cookiebot.com https://app.mouseflow.com https://eu.mouseflow.com https://cdn.mouseflow.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com *.danskebank.dk https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com maps.googleapis.com fonts.googleapis.com imasdk.googleapis.com fonts.gstatic.com maps.gstatic.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net danskebank.112.2o7.net www.facebook.com staticxx.facebook.com connect.facebook.net cdn.tt.omtrdc.net danskebank.tt.omtrdc.net https://dpm.demdex.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://eum.danskebank.com https://owner-service-dev.sunday.dk https://api.june.dk https://api.test.june.dk syst-services.sunday.dk services.sunday.dk https://beregnerservice.klogem2.dk https://widget.penni-connect.io https://cdn.penni-connect.io; object-src 'self' *.danskebank.dk video.qbrick.com; frame-src 'self' https://sparenergi.dk *.zenegy.com https://prodindigocommon.blob.core.windows.net https://energihjem.dk https://campaign-zone-1.api.leadfamly.com https://danske-bank.leadfamly.com https://9821160.fls.doubleclick.net https://shared-logon.danskebank.com https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net *.danskebank.dk https://rd.dk https://priips.danskebank.com https://www.danskeinvest.dk https://android.com https://windowsphone.com video.qbrick.com *.danid.dk https://www.google.com www.facebook.com staticxx.facebook.com web.facebook.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://onlineapi.danskenet.com:8600 https://app.sli.do; frame-ancestors 'self' https://rd.dk https://danskebank.pp.mitid.dk; 1
default-src 'none'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; font-src * data:; connect-src *; media-src *; frame-src *; base-uri 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-P3Qnu+IgOmYWrG5cQHiczSCl';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com *.gstatic.com *.afterpay.com *.facebook.net *.bing.com *.pdst.fm *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-script.js https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/resources/amplitude/amplitude-injector.js *.wisepops.com *.cfjump.com *.turn.com *.creativecdn.com *.adairs.com.au *.adairs.co.nz *.hotjar.com  *.jquery.com *.cloudfront.net *.pinimg.com  *.igodigital.com *.inside-graph.com foursixty.com *.paypal.com *.msecnd.net *.googletagmanager.com *.yieldify.com *.google.com *.google-analytics.com *.criteo.net *.criteo.com https://*.clarity.ms *.rakuten.com *.linksynergy.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.igodigital.com *.googletagmanager.com *.inside-graph.com *.zipmoney.com.au foursixty.com; font-src 'self' data: *.typekit.net *.gstatic.com *.zipmoney.com.au  *.yieldify-production.com; img-src 'self' data: *; connect-src 'self' vimeo.com *.yieldify.com *.yieldify-production.com wss://*.yieldify-production.com yieldify.connectorengine.com *.pinterest.com *.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.wisepops.com *.google-analytics.com *.googleapis.com maps.googleapis.com *.braintree-api.com  *.braintreegateway.com *.turn.com *.cloudfunctions.net *.amplitude.com *.visualstudio.com *.paypal.com *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-au.html *.afterpay.com wss://stellar-live.inside-graph.com *.inside-graph.com *.doubleclick.net *.inside-graph.com foursixty.com https://*.clarity.ms; frame-src 'self' *.google.com adairsmaintenance.s3.ap-southeast-2.amazonaws.com *.exacttarget.com *.flipsnack.com  *.creativecdn.com *.hotjar.com *.youtube.com *.sfmc-content.com *.criteo.com *.myunidays.com *.criteo.net *.yieldify.com *.braintreegateway.com *.paypal.com *.zipmoney.com.au *.optimizely.com *.vimeo.com *.pinterest.com *.zip.co zip.co; worker-src blob:; 1
script-src 'self'; object-src 'none' 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.bonds.com.au; 1
default-src 'self' data:; img-src data: *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.suub.uni-bremen.de 1
frame-ancestors www.banrep.gov.co totoro.banrep.gov.co quimbaya.banrep.gov.co youtube.com facebook.com livestream.com cdn.livestream.com vimeo.com player.vimeo.com; font-src 'self' data: banrep.gov.co fonts.gstatic.com themes.googleusercontent.com; img-src 'self' data: lcdn.jsdelivr.net ive.staticflickr.com www.banrep.gov.co d1b4gd4m8561gs.cloudfront.net *.googletagmanager.com *.gstatic.com encrypted-tbn1.gstatic.com www.google-analytics.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' embed-standalone.spotify.com *.perfdrive.com cdn.botframework.com directline.botframework.com wss://directline.botframework.com cdnjs.cloudflare.com cdn.jsdelivr.net powerva.microsoft.com embed.podcasts.apple.com open.spotify.com embedr.flickr.com live.staticflickr.com www.podbean.com cdn.livestream.com cdn.jsdelivr.net widgets.flickr.com www.youtube-nocookie.com vimeo.com quimbaya.banrep.gov.co unpkg.com www.youtube.com player.vimeo.com livestream.com totoro.banrep.gov.co www.googletagmanager.com static.addtoany.com m.facebook.com www.facebook.com *.gstatic.com fonts.gstatic.com fonts.googleapis.com  stats.g.doubleclick.net *.google-analytics.com *.google.com maps.google.com code.jquery.com use.fontawesome.com fonts.googleapis.com ajax.googleapis.com zoca.banrep.gov.co app.powerbi.com view.genial.ly; 1
img-src 'self' data: blob: *.openstreetmap.org *.cloud.ovh.net * static.demarches-simplifiees.fr stats.data.gouv.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.crisp.chat crisp.chat cdn.jsdelivr.net maxcdn.bootstrapcdn.com code.jquery.com unpkg.com stats.data.gouv.fr; style-src 'self' 'unsafe-inline' *.crisp.chat crisp.chat cdn.jsdelivr.net maxcdn.bootstrapcdn.com unpkg.com; connect-src 'self' wss://*.crisp.chat *.crisp.chat app.franceconnect.gouv.fr openmaptiles.geo.data.gouv.fr openmaptiles.github.io tiles.geo.api.gouv.fr wxs.ign.fr www.demarches-simplifiees.fr sentry.io static.demarches-simplifiees.fr api-adresse.data.gouv.fr data.education.gouv.fr geo.api.gouv.fr stats.data.gouv.fr; frame-src 'self' stats.data.gouv.fr; default-src 'self' data: blob: 'report-sample' fonts.gstatic.com in-automate.sendinblue.com player.vimeo.com app.franceconnect.gouv.fr *.crisp.chat crisp.chat *.crisp.help *.sibautomation.com sibautomation.com data sentry.io static.demarches-simplifiees.fr; report-uri https://demarchessimplifieestest.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chaos.social; img-src 'self' https: data: blob: https://chaos.social; style-src 'self' https://chaos.social 'nonce-EwtIxnQWE5x+2HaKle1QOQ=='; media-src 'self' https: data: https://chaos.social; frame-src 'self' https:; manifest-src 'self' https://chaos.social; form-action 'self'; child-src 'self' blob: https://chaos.social; worker-src 'self' blob: https://chaos.social; connect-src 'self' data: blob: https://chaos.social https://assets.chaos.social wss://chaos.social; script-src 'self' https://chaos.social 'wasm-unsafe-eval' 1
frame-ancestors '*.uny.ac.id'; 1
child-src 'self'  https://*.easyeda.com https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com; frame-ancestors 'self' https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com https://*.easyeda.com 1
default-src 'self' data: *.aldi-international.com *.gstatic.com storelocator.aldi.com.au www.google-analytics.com *.doubleclick.net adservice.google.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net *.adobedtm.com *.cm.everesttech.net *.adobe.com *.omniture.com *.aldi.com.au saas-p2w.azurewebsites.net ; frame-src 'self' www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de *.storedvalue.com *.aldi-international.com aldi.dynamiccatalogue.com.au blob: *.id.opendns.com microsoft.microsoftedge *.doubleclick.net *.adobe-campaign.com *.adobe.com *.campaign.adobe.com *.demdex.net *.adobedtm.com t5.em.aldi.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.aldi-international.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com app.nexuspublications.com.au platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com insight.adsrvr.org *.facebook.net *.s3.amazonaws.com *.googlecode.com *.salefinder.com.au *.google-analytics.com *.googletagmanager.com *.google.com *.omtrdc.net *.tt.omtrdc.net *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobe.com *.activitymap.adobe.com saas-p2w.azurewebsites.net *.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.googleapis.com *.salefinder.com.au saas-p2w.azurewebsites.net *.cookielaw.org *.onetrust.com; img-src 'self' https: data: *.aldi.com.au *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net cm.everesttech.net assets.adobedtm.com statistics.aldi-international.com *.cookielaw.org *.onetrust.com; frame-ancestors 'self' *.adobe.com; connect-src 'self' https: *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedtm.com *.tt.omtrdc.net *.sc.omtrdc.net *.cookielaw.org *.onetrust.com; report-uri /CspReportLogger.php; 1
script-src 'unsafe-eval' 'self' blob: *.convertlanguage.com *.walkme.com *.jquery.com *.marinsm.com *.tvsquared.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-Y1FaManeoAv2rvhfch00iF9FeWmPQ4xhefvAaCacOOY=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-Vx+zs5/RWUox1W4EFLbRMatbTZLk9zcmPTLW+yk3Lm0=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-IbsFdXn34z8gdSvhFRticCzSskEX+HVwrX++LVY7bIw=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-L7o0i6k/eCHpzpAOuzB6a1giNh7z/X1k47PJmiYdvQU=' 'sha256-W825fE/Hvb52tM7pjSsTCCUHd4OrQn8WZWlv5mkMvH0=' 'sha256-NG/T81UpQPy235gzOlx+p+kYar53BP0KuYmoJ/3cmQ4=' 'sha256-+9nvnUjMPgpsCHqUyccwQCWltJdUnhcoDgKmekMe5r4=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-kEyA013BpTyUc1nqTJ2W65dz6zCi7DlCTj7xA/MPKm8=' 'sha256-PujGZsFstVNnK7qoVuZjCFKHTUf1KgZQB3e1+nfLypE=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5opYFwUS510Rvfv27i9fgH/77B6yGcd39Qc2XGu3Sk4=' 'sha256-ZsiO6M6SIFEhZrPiwh4Vky40a3LRcSYYWmT8kYCo+c8=' 'sha256-12Oe5dMRtAenv78D9ewvG6kpwvsYQwe0SEAFh4E3by4=' 'sha256-pKXjbNTq8JR4j0soyNfLkYJiSSsP6kqo5DRo9q4cDXE=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com *.brightcove.net *.brightcove.com, frame-src 'self' *.bcbstx.com *.facebook.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.brightcove.com *.doubleclick.net 1
frame-ancestors https://*.icicilombard.com/ http://*.icicilombard.com/ https://www.icicibank.com/ https://www.icicidirect.com/ https://www.idfcbank.com/ http://echannelstg.prodicicilombard.com/ https://online.icicilombard.com/ https://*.prodicicilombard.com/ http://*.prodicicilombard.com/ 1
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 1
default-src 'self' www.google-analytics.com cdn.userway.org;script-src 'nonce-YXNkYXNkYWlvdTc5OGF5dWhzOWRoOTg3YXloczlkaDlhdXlzZDloYTkwaHNkOThhOThzdWQ5OGE5czhkaDlhaHM=' platform.botscrew.net 'self' cdn.userway.org www.youtube.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com;img-src 'self' www.googletagmanager.com prod-cd-cdn.azureedge.net www.gstatic.com *.cdninstagram.com cdn.userway.org data:; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.userway.org; frame-src e.issuu.com player.restream.io platform.botscrew.net player.castr.com prod-cd-cdn.azureedge.net cdn.userway.org www.gstatic.com www.google.com www.youtube.com;media-src 'self' prod-cd-cdn.azureedge.net data:;connect-src graph.facebook.com www.google-analytics.com 'self' api.userway.org cdn.userway.org cdn77.api.userway.org; 1
frame-ancestors 'self' *.bigideasmath.com *.schoology.com *.instructure.com schoology.wcasd.net 1
default-src 'self' api2.firefoxchina.cn account.firefoxchina.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://a.alimama.cn g.click.taobao.com  suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com  www.google-analytics.com *.googlesyndication.com static.huohu123.com ; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ;  connect-src hm.baidu.com *.firefoxchina.cn ;report-uri /_/csp-reports 1
frame-ancestors 'self' https://*.tacklewarehouse.com; 1
default-src  'self' ; connect-src    * data: blob: *.crazyegg.com 'unsafe-inline';  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hs-sites.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.wistia.com *.oncehub.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.89 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.89 192.168.254.91;  img-src    * *.crazyegg.com data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * data: blob: *.crazyegg.com 'unsafe-inline' 'unsafe-eval';  style-src    * *.crazyegg.com 'unsafe-inline';  1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src https://mobilemaps.net.au; frame-ancestors 'none'; img-src * data:; font-src * data:; 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.devon.gov.uk https://www.rslcontent.co.uk http://www.rslcontent.co.uk 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com *.seznamakce.cz www.garaz.cz admin.garaz.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.garaz.cz https://www.garaz.cz 1
default-src  'self'; base-uri  'self'; prefetch-src  *; img-src  'self'  https:  data:; script-src  'self' https://*.smart.com; style-src  'self' 'unsafe-inline'; connect-src  'self' https://*.smart.com; media-src  https://s7.future.smart.com; object-src  'none'; form-action  'self'; frame-src  'self' https://s7.future.smart.com 1
default-src 'self' data: blob: properties: 'report-sample' 'unsafe-inline' 'unsafe-eval' *.asaas.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://www.asaas.com https://*.amazonaws.com https://*.userguiding.com https://js-agent.newrelic.com https://*.nr-data.net https://*.intercom.io wss://*.intercom.io https://*.intercomassets.com https://*.intercomassets.eu https://intercom.help https://intercom-sheets.com https://www.intercom-reporting.com https://*.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomcdn.io https://*.intercomusercontent.com https://*.intercom-attachments.eu https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.gstatic.com https://tagmanager.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://*.licdn.com https://*.adsymptotic.com https://*.fullstory.com https://*.getblue.io https://*.criteo.com https://*.criteo.net https://*.tremorhub.com https://*.teads.tv https://*.getbeamer.com https://*.taboola.com https://tsdtocl.com https://*.bing.com https://*.clarity.ms https://*.typekit.net https://*.adyen.com https://*.clearsale.com.br https://*.credithub.com.br https://*.outbrain.com https://*.omnitagjs.com https://*.twitter.com https://*.ads-twitter.com https://*.hotmart.com https://*.openstreetmap.org https://*.jquery.com https://*.fontawesome.com https://*.segment.com https://*.segment.io https://js.hsforms.net/forms/v2.js https://*.hsforms.com/; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js http://image.providesupport.com *.exclusivehosting.net; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: lh3.ggpht.com www.google.com maps.gstatic.com maps.googleapis.com ; style-src-elem 'self' 'unsafe-inline' widget.freshworks.com fonts.googleapis.com ; font-src 'self' data: fonts.gstatic.com ;  script-src-elem 'self' 'unsafe-inline' widget.freshworks.com fonts.googleapis.com code.jquery.com apis.google.com maps.googleapis.com ;connect-src 'self' maps.googleapis.com widget.freshworks.com ; 1
connect-src *.bing.com platform.elfsight.com *.klaviyo.com *.pingdom.net *.ladesk.com *.yotpo.com *.ampproject.org *.googletagmanager.com *.azureedge.net *.authorize.net *.msecnd.net *.google.com *.google.ca *.google.co.uk *.google.com.br *.google.com.mx trustlogo.comodo.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.paypal.com *.elfsight.com data: *.google.de *.google.lk *.google.no *.google.se *.ucweb.com *.google.com.au *.google.com.pr *.google.gr *.google.nl *.google.be *.kaltura.com *.clarity.ms *.googleapis.com *.nr-data.net nr-data.net *.google.pt *.google.ad *.google.ae *.google.al *.google.am *.google.co.ao *.google.as *.google.at *.google.az *.google.ba *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.co.bw *.google.by *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.co.cr *.google.cv *.google.cz *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.kz *.google.la *.google.li *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.co.mz *.google.ne *.google.nr *.google.nu *.google.co.nz *.google.pl *.google.pn *.google.ps *.google.ro *.google.ru *.google.rw *.google.sc *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.td *.google.tg *.google.co.th *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.vi *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw 'self'; font-src *.cloudmaestro.com *.msecnd.net *.yotpo.com static.klaviyo.com fonts.gstatic.com data: *.bootstrapcdn.com tpc.googlesyndication.com translate.googleapis.com *.slant.co *.clarity.ms 'self'; frame-src *.icpage.net *.icpbounce.com *.app.icontact.com *.icontact.com *.staticapp.icpsc.com gleam.io ssl.kaptcha.com *.ladesk.com *.vzaar.com *.vimeo.com pages.icpro.co *.google.com *.google.co.uk *.google.ca *.msecnd.net *.googleadservices.com *.doubleclick.net *.youtube.com *.gstatic.com *.yotpo.com tpc.googlesyndication.com *.googletagmanager.com translate.googleapis.com *.dacast.com clarity.ms *.clarity.ms 'self' *.gpgway.com; img-src data: *.yotpo.com *.ladesk.com *.cloudmaestro.com *.google-analytics.com *.paypalobjects.com *.googletagmanager.com *.facebook.com *.xrllc.com *.wp.com image.scoopwhoop.com img.buzzfeed.com googleads.g.doubleclick.net *.xrllcinfo.com *.cloudfront.net *.gstatic.com cfvod.kaltura.com *.sextoydistributing.com i.countdownmail.com *.googleapis.com *.klaviyo.com connect.facebook.net *.bing.com *.dacast.com *.clarity.ms clarity.ms *.googleadservices.com *.googleoptimize.com *.g.doubleclick.net 'self' *.extremerestraints.com *.google.com; media-src blob: *.elfsight.com *.cloudmaestro.com data: *.kaltura.com translate.googleapis.com 'self'; script-src data: blob: *.googleoptimize.com *.elfsight.com g.microsoft.com *.icpage.net *.icpbounce.com *.app.icontact.com *.icontact.com *.staticapp.icpsc.com *.api.globallypaid.com *.klaviyo.com *.gleam.io *.polyfill.io *.pingdom.net widget-mediator.zopim.com *.cloudmaestro.com *.googleapis.com *.ladesk.com *.bing.com *.cloudfront.net *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.googletagmanager.com toftools.com *.google-analytics.com *.googleadservices.com *.gstatic.com t3066075.icpro.co t.omkt.co js-agent.newrelic.com d9jmv9u00p0mv.cloudfront.net *.msecnd.net *.authorize.net trustlogo.comodo.com *.shopzilla.com *.bizrate.com *.atdmt.com *.paypal.com *.yotpo.com wpc.gammacdn.net extremerestraintsamp.azureedge.net extremerestraintsamp.ec.azureedge.net scdn1.wpc.88b85.gammacdn.net cs9.wpc.v0cdn.net tpc.googlesyndication.com *.kaltura.com *.countdownmail.com *.xrllc.com *.clarity.ms *.dacast.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' *.extremerestraints.com *.gpgway.com; style-src *.bootstrapcdn.com *.xrllc.com *.yotpo.com *.toftools.com *.cloudmaestro.com *.msecnd.net optimize.google.com *.klaviyo.com fonts.googleapis.com translate.googleapis.com *.clarity.ms *.googletagmanager.com 'self' 'unsafe-inline' *.extremerestraints.com; report-uri /.webscale/csp-report 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-OQf68KvcjnKv4zjAvAUgxbLeibVf8v' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors https://*.drakensang.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.oyunkolu.com/ https://www.spelle.nl/ https://spele.nl/ https://www.dobregry.pl/ https://www.minijuegos.com/ https://www.browsergames.de/ https://www.juegosdenavegador.com/ https://jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ https://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.clickjogos.com.br/ https://www.prosiebengames.de/ https://www.oyunskor.com/ https://www.brincar.pt/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://*.y8.com https://*.vkplay.ru/ https://*.mail.ru/; 1
default-src 'self'; child-src 'self'; connect-src 'self' udc-neb.kampyle.com www.google-analytics.com *.blackhillsenergy.com apps.usw2.pure.cloud api.usw2.pure.cloud apps.mypurecloud.com api.mypurecloud.com  wss://streaming.usw2.pure.cloud *.medallia.com maps.googleapis.com siteintercept.qualtrics.com;  font-src 'self' fonts.googleapis.com fonts.gstatic.com svc.webspellchecker.net themes.googleusercontent.com use.typekit.net fonts.googleapis.com *.blackhillsenergy.com apps.usw2.pure.cloud api.usw2.pure.cloud apps.mypurecloud.com api.mypurecloud.com data: modernizr.com; form-action 'self' http://*.blackhillsenergyservices.com https://*.blackhillsenergyservices.com *.speedpay.com blackhillscorp.qualtrics.com syndication.twitter.com platform.twitter.com; frame-ancestors 'self'; frame-src 'self' *.blackhillsenergy.com gistest.blackhillscorp.com nebula-cdn.kampyle.com blackhillscorp.qualtrics.com platform.twitter.com syndication.twitter.com staticxx.facebook.com www.facebook.com www.google.com *.medallia.com player.vimeo.com *.youtube.com youtu.be; img-src 'self' data: about: *.blackhillsenergy.com *.blackhillscorp.com *.googleapis.com *.typekit.net *.twimg.com cdn.ckeditor.com maps.gstatic.com siteintercept.qualtrics.com sjc1.qualtrics.com nebula-cdn.kampyle.com platform.twitter.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com udc-neb.kampyle.com www.facebook.com www.google-analytics.com *.medallia.com i.ytimg.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.blackhillsenergy.com *.bhcorp.ad *.googleapis.com bat.bing.com cdn.ckeditor.com cdn.syndication.twimg.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net nebula-cdn.kampyle.com static.addtoany.com svc.webspellchecker.net ton.twimg.com platform.twitter.com secure.adnxs.com use.typekit.net ssl.google-analytics.com www.google.com www.googletagmanager.com tagmanager.google.com *.gstatic.com apps.usw2.pure.cloud api.usw2.pure.cloud apps.mypurecloud.com api.mypurecloud.com *.medallia.com www.google-analytics.com www.googleadservices.com siteintercept.qualtrics.com zn3ejiu7bgenxivkw-blackhillscorp.siteintercept.qualtrics.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.blackhillsenergy.com *.googleapis.com www.googletagmanager.com cdn.ckeditor.com cloud.typography.com p.typekit.net platform.twitter.com ton.twimg.com use.typekit.net www.google.com apps.usw2.pure.cloud api.usw2.pure.cloud apps.mypurecloud.com api.mypurecloud.com; upgrade-insecure-requests; worker-src 'self'; 1
worker-src blob:; font-src *.leapfrog.com *.gstatic.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; form-action *.leapfrog.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.google.com *.facebook.com *.qualtrics.com *.terracycle.com 'self' 'unsafe-inline'; img-src jwpltx.com *.jwpltx.com b.videoamp.com *.leapfrog.com 'self' data: *.doubleclick.net *.googletagmanager.com *.digicert.com *.bing.com *.google.com *.facebook.com blob: *.google-analytics.com *.pricespider.com 'self' 'unsafe-inline'; script-src *.leapfrog.com *.jwpcdn.com *.googleapis.com *.google.com *.googletagmanager.com *.gstatic.com *.bootstrapcdn.com cdn.polyfill.io cdnjs.cloudflare.com *.bing.com *.facebook.net *.google-analytics.com s.pinimg.com *.pinterest.com *.doubleclick.net *.digicert.com *.pricespider.com *.mapbox.com js.adsrvr.org *.terracycle.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.leapfrog.com optimize.google.com *.jwpcdn.com *.fontawesome.com fonts.googleapis.com *.pricespider.com *.tiles.mapbox.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.leapfrog.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.leapfrog.com *.jwpcdn.com *.doubleclick.net *.vindicia.com *.google-analytics.com analytics.google.com *.analytics.google.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com *.pricespider.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src *.leapfrog.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com service.maxymiser.net https://atosnsandi.nanorep.co wss://websocket-eu.bold360.com https://www.nsandi.com nsandi.com *.youtube.com hm.webtrends.com https://hm.webtrends.com s.webtrends.com  statse.webtrendslive.com cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://google.com https://www.google.com https://nsandihowdidwedo.eu.qualtrics.com/ errors.client.optimizely.com https://tapi.optimizely.com https://www.gov.uk c.oracleinfinity.io dc.oracleinfinity.io https://siteintercept.qualtrics.com *.siteintercept.qualtrics.com https://dc.oracleinfinity.io static.queue-it.net collect.tealiumiq.com https://vms-eu.boldchat.com http://www.boldchat.com *.boldchat.com *.cloudfront.net ws.sessioncam.com https://visitor-services.nanorep.com *.gbqofs.io *.gbqofs.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' service.maxymiser.net https://atosnsandi.nanorep.co https://www.nsandi.com nsandi.com https://img.youtube.com img.youtube.com youtube.com https://cdn-pci.optimizely.com rum.optimizely.com logx.optimizely.com logx.optimizely.com/v1/events statse.webtrendslive.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com *.oracleinfinity.io https://siteintercept.qualtrics.com *.siteintercept.qualtrics.com collect.tealiumiq.com https://www.google.com https://livechat-eu.boldchat.com https://vmp-eu.boldchat.com *.boldchat.com https://*.boldchat.com *.cloudfront.net ws.sessioncam.com https://zn43mploznxnoizil-nsandihowdidwedo.siteintercept.qualtrics.com https://tags.tiqcdn.com *.gbqofs.io *.gbqofs.com; object-src 'self'; img-src 'self' data: https://*.ytimg.com https://atosnsandi.nanorep.co service.maxymiser.net https://nr1.s3.amazonaws.com/domainConfig/5DCEF116/ https://nr-customers.s3.amazonaws.com/customers/Atos/ https://statse.webtrendslive.com https://server.seadform.net https://hm.webtrends.com https://cdn.optimizely.com c.oracleinfinity.io dc.oracleinfinity.io siteintercept.qualtrics.com https://www.google.com vmss-eu.boldchat.com https://vms-eu.boldchat.com https://images-eu.boldchat.com https://images.boldchat.com *.boldchat.com https://ws.sessioncam.com *.ws.sessioncam.com https://dc.oracleinfinity.io *.gbqofs.io *.gbqofs.com; font-src *; report-uri /csp/csp-report 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:; object-src 'self'; frame-ancestors 'self' *.uillinois.edu *.uis.edu 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-8SUSBFQZxGSmzZpZg5v7ErYD64R1YcHTBcADX6zQty9dtfEc' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' userecho.com userecho.ru *.userecho.com dev.userecho.com:9000 dev.userecho.com:8111 linkhub.online support.userecho.com; report-uri /tools/csp/ 1
default-src 'unsafe-inline' pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com;  script-src 'unsafe-inline' 'unsafe-eval' blob: pincong.rocks *.pincong.rocks *.cloudflare.com hcaptcha.com *.hcaptcha.com; img-src data: pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com *.imgur.com *.redd.it archive.is web.archive.org upload.wikimedia.org pbs.twimg.com telegra.ph miro.medium.com i.postimg.cc i.lihkg.com i.lih.kg upload.cc pomf2.lain.la files.catbox.moe media.gab.com; media-src data: video.twimg.com files.catbox.moe pomf2.lain.la; frame-src pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com www.youtube-nocookie.com; 1
default-src *;img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src * 'self' blob: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * ujam.postaffiliatepro.com d1igp3oop3iho5.cloudfront.net d1f8f9xcsvx3ha.cloudfront.net *.segment.com *.segment.io *.segmentapis.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.cloudflare.com https://*.hotjar.com:* https://*.hotjar.io *.pingdom.net *.facebook.net *.facebook.com *.ads-twitter.com *.twitter.com; connect-src 'self' *.segment.io *.segment.com *.segmentapis.com *.onfastspring.com *.ujam.com *.pingdom.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com *.facebook.com *.google-analytics.com analytics.twitter.com *.analytics.google.com analytics.google.com stats.g.doubleclick.net; img-src 'self' data: * analytics.twitter.com; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' *.facebook.com ujam:; font-src 'self' data:; frame-src 'self' *.facebook.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.soundcloud.com *.onfastspring.com *.ujam.com ujam: https://ujam.jobs.personio.de https://*.hotjar.com:* https://*.hotjar.io https://na.gcsip.com *.alipay.com; frame-ancestors 'self' *.onfastspring.com *.ujam.com; media-src 'self' *.ujam.com; 1
style-src 'self' 'unsafe-inline' https://u2p6d2m2.stackpathcdn.com https://capfriendlysite.b-cdn.net https://cdn.capfriendly.com https://cdn2.capfriendly.com https://ajax.googleapis.com https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://a.pub.network; style-src-attr 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' *.capfriendly.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com google-analytics.com cookiemanager.investisdigital.com google-analytics.com * otp.tools.investis.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com code.highcharts.com/8.2.2/lib/jspdf.js code.highcharts.com/8.2.2/lib/svg2pdf.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com http://assets.investisdigital.com https://assets.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://lloria.fr; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
default-src 'self'; script-src 'self' live.s3.teliahybridcloud.com google-analytics.com www.google-analytics.com connect.facebook.net www.google.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com maps.googleapis.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com s3.teliahybridcloud.com 'nonce-gNgzlKnEzrokEDEl_QdfUw'; object-src 'self'; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: www.google.ee live.s3.teliahybridcloud.com stats.g.doubleclick.net www.google-analytics.com google-analytics.com www.facebook.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com ssl.gstatic.com www.gstatic.com www.tallinn.ee tallinn.ee www.tallinnakeskhaigla.ee tallinnakeskhaigla.ee s3.teliahybridcloud.com taotlen-haldus.tallinn.ee; media-src 'self' live.s3.teliahybridcloud.com; frame-src 'self' blob: *; frame-ancestors 'self'; child-src 'self' blob: *; font-src 'self' fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net region1.analytics.google.com google-analytics.com www.google-analytics.com www.facebook.com maps.googleapis.com live.s3.teliahybridcloud.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.edfinancial.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.powerplatform.com https://home-c72.niceincontact.com/inContact/ChatClient/js/embed.min.js https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.googletagmanager.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://connect.facebook.net/en_US/sdk.js https://cookieinfoscript.com/js/cookieinfo.min.js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://kit.fontawesome.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' wss://unitedstates.directline.botframework.com https://unitedstates.directline.botframework.com *.powerplatform.com https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken https://directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://kit.fontawesome.com; font-src 'self' https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://fonts.gstatic.com/; frame-src 'self' https://home-c72.niceincontact.com/ https://*.opendns.com/ https://www.facebook.com https://www.google.com/ https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.comon.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com https://metrika.yandex.com.tr http://*.webvisor.com https://*.webvisor.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolstatic.idesk360.com https://dcr.pathao.com https://static.addtoany.com https://ajax.cloudflare.com https://maps.googleapis.com https://googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://toolstatic.idesk360.com https://unpkg.com/ https://hello.myfonts.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.zendesk.com; img-src 'self' data: https://tool.idesk360.com https://toolstatic.idesk360.com https://sociovocal.s3.amazonaws.com https://www.google.com.bd http://pathao.com https://*.w.org https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://cdn.pathao.com https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com; connect-src 'self' https://www.facebook.com wss://tool.idesk360.com https://tool.idesk360.com https://analytics.google.com https://arges.pathao.com https://front-police.pathaointernal.com https://my.yoast.com https://script.google.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com/; object-src 'none'; media-src https://toolstatic.idesk360.com; frame-src self https://dcr.pathao.com/ https://static.addtoany.com https://docs.google.com https://static.zdassets.com https://www.youtube.com/ https://staticxx.facebook.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; frame-ancestors 'self' localhost https://business-app.pathao.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/api.js https://ssl.google-analytics.com/ga.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://az416426.vo.msecnd.net/scripts/ https://tagmanager.google.com; connect-src 'self' wss://*.parliamentlive.tv/signalr/ wss://parliamentlive.tv/signalr/ wss://*.vualto.com/signalr/ https://dc.services.visualstudio.com/v2/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://2f0f8fc-az-westeurope.fsly.cdn.ebsd.ericsson.net/ https://2f0f8fc-az-westeurope-fsly.cdn.redbee.live/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://exposure.api.redbee.live/v1/ https://eventsink.api.redbee.live/ http://*.ukparliament.groovygecko.com/ https://*.kaltura.com/ http://*.kaltura.com/ https://ssl.google-analytics.com/ https://vodplayer.parliamentlive.tv/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/r/ https://www.google.com/ads/ https://www.google.co.uk/ads/ https://ssl.gstatic.com https://www.gstatic.com data:; font-src 'self' data:; frame-ancestors 'self' *.parliamentlive.tv/; frame-src https://*.vualto.com http://*.vualto.com https://www.google.com/ https://*.parliamentlive.tv/ http://*.parliamentlive.tv/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com; 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.livechatinc.com *.resultspage.com *.twitter.com *.typekit.net *.twimg.com *.font-src.com *.bootstrapcdn.com addstrap-ui.addshoppers.com api.livechatinc.com bat.bing.com *.fontawesome.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.noibu.com jerrysartarama.com *.resultspage.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.resultspage.com 'self' 'unsafe-inline'; frame-ancestors  'self'; img-src  www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.cloudfront.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.co.in *.facebook.net *.facebook.com addstrap-ui.addshoppers.com bat.bing.com api.livechatinc.com *.doubleclick.net *.bing.com edge.curalate.com s1.listrakbi.com ad.360yield.com ade.clmbtech.com adgen.socdm.com cdn.aralego.net cdn.noibu.com hb.yahoo.net dis.criteo.com e1.emxdgt.com ads.stickyadstv.com sca1.listrakbi.com *.bing.com adx.dable.io cdn.livechat-files.com cm.g.doubleclick.net assurance.sysnetgs.com p.typekit.net x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com tg.socdm.com r.casalemedia.com cs.adingo.jp idsync.rlcdn.com exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com s.ad.smaato.net sync.aralego.com sync-criteo.ads.yieldmo.com ib.adnxs.com ups.analytics.yahoo.com match.adsrvr.org pr-bh.ybp.yahoo.com cm.adgrx.com t.powerreviews.com media.powerreviews.com mediacdn.espssl.com jerrysartarama.com *.resultspage.com um.simpli.fi b.sli-spark.com res.cloudinary.com *.stackadapt.com *.cnstrc.com cnstrc.com *.viralsweep.com  *.cloudinary.com  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com ui.powerreviews.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.cloudfront.net *.shop.pe shop.pe edge.curalate.com cdn.noibu.com cdn.ywxi.net assurance.sysnetgs.com geo-targetly.com dynamic.criteo.com *.cdn4.forter.com jerrysartarama.resultspage.com  services.listrak.com addshoppers.s3.amazonaws.com widget.us.criteo.com sslwidget.criteo.com *.listrakbi.com assets.resultspage.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com  *.cardinalcommerce.com *.zopim.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.bing.com *.newrelic.com *.nr-data.net *.google.co.in use.typekit.net klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.livechatinc.com assets.pinterest.com jerrysartarama.com *.resultspage.com widgets.pinterest.com api.livechatinc.com b.sli-spark.com *.commerce-payment-services.com *.magento-ds.com *.commerce-payment-services.com *.magento-ds.com res.cloudinary.com *.cloudinary.com polaris.truevaultcdn.com *.trustedsite.com *.jsdelivr.net *.stackadapt.com *.qvdt3feo.com *.cnstrc.com cnstrc.com *.viralsweep.com data: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.jerrysartarama.com *.resultspage.com *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
default-src *;frame-src * data: https://connect.trezor.io/* https://connect.trezor.io/;img-src * data:;script-src 'unsafe-eval' blob: 'unsafe-inline' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-elem 'self' matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: www.wc3.org; connect-src 'self' matomo.exigo.ch piwik.exigo.ch; media-src 'self' youtube; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://srv-calc.exigo.ch https://stats.exigo.ch/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://exigate.exigo.ch https://mailadmin.exigo.ch https://webmail.exigo.ch https://owa.goxchange.ch; upgrade-insecure-requests; block-all-mixed-content; disown-opener; base-uri 'self' *.exigo.ch; manifest-src 'self' *.exigo.ch; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com https://*.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://absmartini.wpenginepowered.com https://mixedbyai.wpengine.com/ https://*.absolut.com https://iframe-mdm.absolut.com https://live-campaign-paper-bottle.pantheonsite.io/ https://*.sleeknote.com https://td.doubleclick.net https://11963351.fls.doubleclick.net/ *.sleeknote.com https://integrationssite.sleeknote.com; worker-src blob: 'self' 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' https://www.gstatic.com 'nonce-kOFmBLbsUVkwEQzNyrXzrdCXYivmft'; report-uri /csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline'; script-src 'nonce-FW2QpOtq8F8eYjJTC3wr/3N87tHC7D53iLUwpuUGycIE+90g' 'self' 'unsafe-inline' https://*.paypal.com  https://*.paypalobjects.com https://*.paypal.cn; img-src 'self' https: data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn data:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.paypal.cn https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn https://api.growingio.com https://tags.growingio.com; form-action 'self' https://*.paypal.com https://*.paypal.cn; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none';frame-ancestors 'self' http://localhost:* https://localhost:* https://admin.deco.cx 1
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com https://client.crisp.chat *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1
frame-src 'self' https://*.cookiebot.com https://*.google.com https://www.youtube.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://td.doubleclicK.net/ https://my2.siteimprove.com/ 1
frame-ancestors https://*.onpassive.com/ 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rawgit.com cdn.datatables.net maxcdn.bootstrapcdn.com maps.googleapis.com www.google.com use.typekit.net p.typekit.net *.google.com az416426.vo.msecnd.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net code.jquery.com *.googletagmanager.com asassoc.informz.net *.uniqodo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn-images.mailchimp.com https://cdn.datatables.net; font-src 'self' use.typekit.net *.google.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' p.typekit.net *.google.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com cdn.datatables.net; media-src 'self' *.azureedge.net data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.mapquest.com *.riddle.com *.twitter.com *.youtube.com *.uniqodo.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.google-analytics.com asassoc.informz.net *.googletagmanager.com *.uniqodo.com; 1
default-src 'self'; script-src https://*.createjs.com/ https://www.gstatic.com/ https://*.google.rs https://*.google.com.tw https://*.google.hu https://*.google.com.kw https://*.google.ch https://*.google.mu https://*.google.com.sg https://*.google.com.vn https://*.google.com.qa https://*.google.com.br https://*.google.com.lb https://*.google.se https://*.google.com.ph https://*.google.com.ua https://*.google.co.za https://*.google.com.au https://*.google.com.hk https://*.google.ie https://*.google.ae https://*.google.az https://*.google.be https://*.google.bg https://*.google.co.id https://*.google.co.il https://*.google.co.kr https://*.google.co.th https://*.google.co.uk https://*.google.co.uz https://*.google.com.ar https://*.google.com.sa https://*.google.com.tj https://*.google.com.tr https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.hr https://*.google.jo https://*.google.kg https://*.google.kz https://*.google.lt https://*.google.lv https://*.google.md https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.tm https://*.google.at https://*.google.ca https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.tz https://*.google.com.cu https://*.google.com.cy https://*.google.com.eg https://*.google.dk https://*.google.gr https://*.google.it https://*.google.ro https://*.google.sk https://*.google.tg https://*.google.ru https://mc.yandex.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://clck.yandex.ru https://sitesearch-suggest.yandex.ru https://*.googlesyndication.com https://*.google-analytics.com *.googleapis.com https://*.googlesyndication.com https://*.google.ru https://*.google.com https://*.googletagservices.com https://*.googleadservices.com https://partner.googleadservices.com https://sitesearch-suggest.yandex.ru an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru https://*.yandex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.google.com/ https://*.googleapis.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://*.createjs.com/ https://ext.captcha.yandex.net/ https://storage.mds.yandex.net/ https://ad.adriver.ru/ https://www.googleapis.com/ https://site.yandex.net https://*.yandex.ru clck.yandex.ru yandex.ru https://googleads.g.doubleclick.net https://*.gstatic.com https://*.yastatic.net yastatic.net https://*.google.com https://*.yadro.ru https://*.googlesyndication.com https://*.google-analytics.com https://avatars.mds.yandex.net data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net https://*.yandex.ru 'self'; frame-src https://cse.google.com/ https://www.google.com/ https://*.doubleclick.net/ https://*.googlesyndication.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net blob: https://mc.yandex.ru 'self'; connect-src https://*.yandex.ru/ https://log.strm.yandex.ru/ https://adservice.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru https://mc.yandex.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 'self'; media-src 'self' *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data:; font-src data: fonts.gstatic.com https://fonts.gstatic.com an.yandex.ru yastatic.net yastat.net 'self'; child-src blob: https://mc.yandex.ru; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com *.googletagservices.com *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com downpaymentresource.com https://www.youtube.com https://mba.aristotle.com https://votervoice.net https://www.votervoice.net https://www.facebook.com *.servedbyadbutler.com servedbyadbutler.com https://servedbyadbutler.com/app.js https://www.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com *.feathr.co *.cloudflare.com *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://unpkg.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com servedbyadbutler.com https://mba.org/fonts/842968/B8147DC6CD8754759.css https://cloud.typography.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com https://cloud.typography.com/ data:; img-src 'self' https://apps.mba.org https://match.adsrvr.org *.linkedin.com https://analytics.twitter.com https://t.co *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com servedbyadbutler.com https://www.servedbyadbutler.com *.feathr.co; media-src 'self' data: blob: https://www.youtube.com; frame-src 'self' https://ad.doubleclick.net *.google.com downpaymentresource.com *.youtube.com https://mba.aristotle.com https://www.votervoice.net https://votervoice.net https://www.facebook.com *.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ *.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ *.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com servedbyadbutler.com; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com www.servedbyadbutler.com *.feathr.co https://2thepoint.blog; 1
upgrade-insecure-requests; frame-ancestors https://*.therapynotes.com https://*.therapyportal.com https://support.therapynotes.com; default-src https://*.therapynotes.com https://*.therapyportal.com data: blob:; img-src https://*.therapynotes.com https://*.therapyportal.com data: blob:; style-src https://*.therapynotes.com https://*.therapyportal.com 'unsafe-inline' data: blob:; script-src https://*.therapynotes.com https://*.therapyportal.com 'unsafe-inline' 'unsafe-eval' data: blob:; object-src https://*.therapynotes.com https://*.therapyportal.com; connect-src https://*.therapynotes.com wss://*.therapynotes.com https://*.therapyportal.com https://*.cardconnect.com:* https://*.twilio.com wss://*.twilio.com; form-action https://*.therapynotes.com https://*.therapyportal.com; frame-src https://*.therapynotes.com https://*.therapyportal.com https://maps.google.com https://www.google.com; require-trusted-types-for 'script'; trusted-types default dompurify legacy goog#html 1
frame-ancestors oisd.nl *.oisd.nl 1
default-src https://*.nowtv.it; form-action https://ott-it.secure.force.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com; font-src 'self' https://static.skyassets.com https://*.nowtv.it https://web.static.nowtv.com https://cdn-eu.dynamicyield.com https://cdn.braze.eu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.nowtv.it https://web.static.nowtv.com https://*.klarnacdn.net https://*.klarnaservices.com https://cdn-eu.dynamicyield.com https://st-eu.dynamicyield.com https://*.content-square.fr https://*.contentsquare.net https://analytics.global.sky.com https://*.demdex.net https://d3c3cq33003psk.cloudfront.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://*.doubleclick.net https://www.googleadservices.com https://*.myvisualiq.net https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce-sites.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://assets.adobedtm.com https://tapestry.tapad.com https://bat.bing.com https://www.googletagmanager.com https://static.hotjar.com/ https://core.spreedly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.optimizely.com https://smetrics.nowtv.it https://s.pinimg.com https://sc-static.net https://acdn.adnxs.com https://secure.adnxs.com https://cdn.exactag.com https://static.criteo.net https://amplify.outbrain.com https://s.yimg.com https://tracking.m6r.eu https://tr.outbrain.com https://sslwidget.criteo.com https://m.exactag.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://a.twiago.com https://e.clarity.ms https://*.contentsquare.net https://jssdkcdns.mparticle.com https://www.paypal.com https://c.amazon-adsystem.com; connect-src 'self' https://*.ottcds.com https://*.nowtv.it https://*.sky.com https://*.klarnaevt.com https://*.klarnauserservices.com https://*.demdex.net https://graph.facebook.com https://*.contentsquare.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.sp-prod.net https://sourcepoint.mgr.consensu.org https://web.static.nowtv.com https://cdn.privacy-mgmt.com https://dcd12547fac74c3cb90d3307a66b8089.apm.eu-west-1.aws.cloud.es.io https://sas-apm.telem.prod.ott.sky https://in.hotjar.com/ https://bat.bing.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://s.yimg.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://direct.dy-api.eu https://direct-collect.dy-api.eu https://adm.dynamicyield.eu https://px-eu.dynamicyield.com https://cdn-eu.dynamicyield.com https://async-px-eu.dynamicyield.com https://rcom-eu.dynamicyield.com https://st-eu.dynamicyield.com https://*.contentsquare.net https://checkoutshopper-live.adyen.com https://identity.mparticle.com https://jssdks.mparticle.com https://www.paypal.com https://sdk.fra-01.braze.eu; img-src 'self' data: https://*.nowtv.com https://*.nowtv.it https://web.static.nowtv.com https://t.co https://www.facebook.com https://*.contentsquare.net https://*.awin1.com https://*.zenaps.com https://*.salesforce-sites.com https://cm.everesttech.net https://*.demdex.net https://aa.agkn.com https://pm.w55c.net https://cm.everesttech.net https://*.adnxs.com https://*.doubleclick.net https://rtd.tubemogul.com https://analytics.twitter.com https://p.rfihub.com https://a.collective-media.net https://pixel.quantserve.com https://*.bing.com https://pixel.advertising.com https://image5.pubmatic.com https://a.tribalfusion.com https://cms.analytics.yahoo.com https://odr.mookie1.com https://dmp.v.fwmrm.net https://sync-tm.everesttech.net https://spl.zeotap.com https://*.myvisualiq.net https://tapestry.tapad.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://sp.analytics.yahoo.com https://ads-engagement.presage.io https://a.twiago.com https://ct.pinterest.com https://www3.smartadserver.com https://tr.outbrain.com https://www.pinterest.com https://www.pinterest.com https://e.clarity.ms https://cdn.dynamicyield.com https://imageservice.sky.com https://uk.imageservice.sky.com https://*.contentsquare.net https://*.imageservice.sky.com https://*.force.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://cdn.braze.eu; style-src 'self' 'unsafe-inline' https://*.nowtv.it https://web.static.nowtv.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://cdn-eu.dynamicyield.com; media-src 'self' data: https://*.nowtv.it; frame-src https://core.spreedly.com https://ottsas.sky.com https://ad3.adfarm1.adition.com https://vars.hotjar.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.klarna.com https://*.klarnacdn.net https://tr.snapchat.com https://*.creativecdn.com https://*.awin1.com https://*.zenaps.com https://www.pinterest.com https://gum.criteo.com https://creativecdn.com https://www.pinterest.co.uk https://bskyb.demdex.net https://cmp.nowtv.it https://*.fls.doubleclick.net https://checkoutshopper-live.adyen.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com https://ott-it.secure.force.com https://*.contentsquare.net https://www.paypal.com https://www.youtube.com https://aax-eu.amazon-adsystem.com; prefetch-src https://web.static.nowtv.com; worker-src blob:; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: amp.azure.net script.hotjar.com static.hotjar.com connect.facebook.net www.gstatic.com www.google.com cdn.sitesearch360.com www.googletagmanager.com code.jquery.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com www.google-analytics.com; style-src 'self' 'unsafe-inline' 'report-sample' amp.azure.net www.googletagmanager.com google.com fonts.googleapis.com; object-src 'none'; connect-src 'self' wss://localhost:* rcogazuremediaservices-ukso1.streaming.media.azure.net *.hotjar.io www.facebook.com wss://*.hotjar.com *.hotjar.com wss://ws47.hotjar.com wss://ws3.hotjar.com wss://ws29.hotjar.com wss://ws13.hotjar.com wss://ws44.hotjar.com csmetrics.hotjar.com wss://ws40.hotjar.com content.hotjar.io ws40.hotjar.com in.hotjar.com region1.google-analytics.com insights.sitesearch360.com global.sitesearch360.com apikeys.civiccomputing.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' amp.azure.net fonts.gstatic.com; frame-src 'self' vars.hotjar.com www.google.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com player.vimeo.com; img-src 'self' media.rcog.org.uk amp.azure.net i.ytimg.com fonts.static.com www.facebook.com i.ytimg.com cmsdevwebsite.blob.core.windows.net i.vimeocdn.com cdn.sitesearch360.com insights.sitesearch360.com www.google.com www.google.co.uk; manifest-src 'self'; media-src 'self' blob: amssamples.streaming.mediaservices.windows.net rcogazuremediaservices-ukso1.streaming.media.azure.net; base-uri 'self'; 1
frame-ancestors *.youmail.com; frame-src *.youmail.com www.googletagmanager.com e087577842fe4bc497ea0ed9787fd41a.pages.ubembed.com maps.google.com www.google.com www.emjcd.com www.youtube.com challenges.cloudflare.com 1
frame-ancestors 'self' engine.pulpoar.com 1
frame-ancestors 'self' purchasingpower.com *.purchasingpower.com *.purchasingpwr.com *.adobe.com cmc.corestream.com *.corestream.com www.youdecide.com *.powerbenefits.com pfizeradvantage.com msubenefitsplus.com babsonadvantage.com drexelvoluntarybenefits.com iuhealthshopping.com iuhealthplansshop.com iuhealthvoluntary.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://gum.criteo.com https://*.awin1.com https://*.attn.tv https://ams.creativecdn.com https://fledge.eu.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai wss://*.liveperson.net https://cdn-ukwest.onetrust.com https://ams.creativecdn.com https://*.attn.tv https://events.attentivemobile.com https://www.google.co.uk https://*.criteo.com https://*.criteo.net https://track.webgains.com https://api.webgains.io; form-action 'self' https://www.facebook.com https://m.allbeauty.com https://checkout.allbeauty.com https://www.allbeauty.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://static.criteo.net https://*.criteo.com https://cdn-ukwest.onetrust.com https://tags.creativecdn.com https://*.awin1.com https://cdn.attn.tv https://track.webgains.com https://analytics.webgains.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'nonce-25b048672f88eb85a3c4b864d3710ae2' https://bs6an3.world4you.com https://www.googletagmanager.com https://www.redditstatic.com https://connect.facebook.net https://widget.trustpilot.com https://webcachex-eu.datareporter.eu; style-src 'self' 'nonce-25b048672f88eb85a3c4b864d3710ae2' https://webcachex-eu.datareporter.eu; frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://widget.trustpilot.com; child-src 'self'; connect-src 'self' https://domainchecker.world4you.com https://bs6an3.world4you.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://webcachex-eu.datareporter.eu https://c.datareporter.eu https://swarmcrawler.datareporter.eu/; img-src 'self' https://www.world4you.com https://www.googletagmanager.com https://www.google.com https://www.google.at https://alb.reddit.com https://www.facebook.com; font-src 'self'; object-src 'none'; media-src 'none'; form-action 'self' https://www.world4you.com https://www.facebook.com; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests 1
default-src 'self';script-src 'nonce-e0d0bcb1-4bd2-499c-a88c-3e3e8e51e735' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-e0d0bcb1-4bd2-499c-a88c-3e3e8e51e735' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk www.youtube.com; 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://cdn.animebytes.tv https://mei.animebytes.tv https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com; block-all-mixed-content 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com  https://www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com; image-src https://www.google-analytics.com; 1
default-src 'self' onlinebank.kz *.onlinebank.kz wss://localhost:6127/tumarcsp/ https://*.livetex.ru wss://*.livetex.ru https://*.googleapis.com https://api-js.mixpanel.com; img-src 'self' onlinebank.kz *.onlinebank.kz s-dt2.cloud.edgecore.ru data:; script-src 'self' wss://localhost:6127/tumarcsp/ https://*.livetex.ru wss://*.livetex.ru https://*.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' 1
default-src http:  https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; frame-src 'self' https://*.google.com https://*.g.doubleclick.net https://*.avis-verifies.com https://*.trustpilot.com https://*.rewardstyle.com https://www.facebook.com https://www.youtube.com https://*.pinterest.com https://*.paypal.com https://*.paypalobjects.com https://*.googleapis.com https://*.flatchr.io https://*.vimeo.com https://*.doubleclick.net/ https://www.pinterest.com https://www.pinterest.ca https://www.pinterest.co.uk https://www.pinterest.fr https://www.pinterest.de https://www.pinterest.es https://www.pin.it https://www.pinterest.com.au https://www.pinterest.ph https://www.pinterest.ch https://www.pinterest.com.mx https://www.pinterest.dk https://www.pinterest.pt https://www.pinterest.ru https://www.pinterest.it https://www.pinterest.at https://www.pinterest.jp https://www.pinterest.cl https://www.pinterest.ie https://www.pinterest.co.kr https://www.pinterest.nz https://www.pintrest.com https://www.pinterest.vn https://www.pinterest.co https://www.pinterest.com.uy https://www.pinterest.com.pe https://www.pinterest.nl; connect-src 'self' https://*.riskified.com https://*.kameleoon.eu https://*.smallable.com https://*.contentsquare.net https://*.contentsquare.com https://*.facebook.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://api.getalma.eu https://*.privacy-center.org https://*.social-media-system.com https://bam-cell.nr-data.net https://bat.bing.com https://ct.pinterest.com https://*.g.doubleclick.net https://*.clarity.ms https://*.screeb.app wss://*.screeb.app https://*.trustpilot.com https://*.rewardstyle.com https://*.paypal.com https://stonly.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://api.trustpilot.com https://api.shipup.co https://*.klarnaservices.com https://*.klarna.com https://vimeo.com; child-src 'self' blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' zy33.smallable.com https://*.riskified.com https://cdn.jsdelivr.net/ https://*.kameleoon.eu https://*.smallable.com https://*.privacy-center.org https://*.contentsquare.net https://*.contentsquare.com https://*.avis-verifies.com https://*.trustpilot.com https://*.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.pinimg.com https://*.g.doubleclick.net https://*.rewardstyle.com https://*.clarity.ms https://*.social-media-system.com https://*.screeb.app wss://*.screeb.app https://bam-cell.nr-data.net https://bat.bing.com https://www.youtube.com https://*.paypal.com https://*.paypalobjects.com https://stonly.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://*.googleapis.com https://cdn.shipup.co https://*.vimeo.com https://*.klarnaservices.com https://*.klarna.com https://*.googlesyndication.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; img-src 'self' data: assets.smallable.com static.smallable.com staticv3.preprod.smallable.com staticv3.prod.smallable.com staticv3.smallable.com media.prod.smallable.com media.preprod.smallable.com mediav2.preprod.smallable.com zy33.smallable.com https://*.riskified.com https://cdn.jsdelivr.net/ https://*.privacy-center.org https://*.avis-verifies.com https://*.trustpilot.com https://*.rewardstyle.com https://*.contentsquare.net https://*.contentsquare.com https://*.googletagmanager.com https://*.google-analytics.com https://*.clarity.ms https://*.screeb.app wss://*.screeb.app https://*.paypal.com https://*.paypalobjects.com https://twemoji.maxcdn.com https://connect.facebook.net https://www.facebook.com https://bat.bing.com https://c.bing.com https://s3s.fr https://ct.pinterest.com https://cx.atdmt.com https://*.googleapis.com https://*.gstatic.com https://shipup-assets-prod.s3-eu-west-1.amazonaws.com https://shipup-assets-prod.s3.eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.vimeocdn.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' zy33.smallable.com https://*.googleapis.com https://cdn.jsdelivr.net/ https://cdn.shipup.co https://*.klarnacdn.net; font-src 'self' https://*.avis-verifies.com https://fonts.gstatic.com https://cdn.jsdelivr.net/ https://*.googleapis.com https://*.paypalobjects.com; object-src 'none' 1
default-src 'none'; img-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-same-origin allow-scripts; connect-src 'self' https://o15192.ingest.sentry.io; script-src 'self' 1
frame-ancestors *.edfringe.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://tesco.15gifts.com data: blob: *.reciteme.com reciteme.com https://fonts.gstatic.com https://tgtag.io api.trafficguard.ai ppx.tgtag.io https://analytics.tiktok.com/ https://*.reevoo.com https://*.reevoocloud.com https://secure.authorize.net https://test.authorize.net https://geostag.cardinalcommerce.com https://urldefense.com tescomobile.slgnt.eu https://sc-static.net https://snapchat.com https://geo.cardinalcommerce.com https://1eafstag.cardinalcommerce.com https://1eaf.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://centinelapi.cardinalcommerce.com https://oppwa.com https://eu-prod.oppwa.com https://test.oppwa.com https://*.hub.hsntech.com https://*.liveperson.net https://*.youtube.com https://fast.amc.demdex.net https://www.googletagmanager.com https://*.saoilecycle.com https://lpcdn.lpsnmedia.net https://tescomobile.demdex.net https://*.demdex.net https://o2-uk.spatialbuzz.net https://tesco.scene7.com https://*.tescomobile.com https://www.google-analytics.com https://assets.adobedtm.com https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://cm.everesttech.net https://widgets.magentocommerce.com https://www.googleadservices.com *.clarity.ms https://www.paypalobjects.com https://t.paypal.com https://*.ftcdn.net https://*.behance.net https://*.vimeocdn.com https://s.ytimg.com https://digitalcontent.api.tesco.com https://*.contentsquare.net https://*.omtrdc.net https://*.2o7.net https://www.xtento.com https://cdn.xtento.com https://tags.tiqcdn.com https://tmltdqa.112.2o7.net https://tmltdprod.112.2o7.net https://feedback.informizely.com https://insitez.blob.core.windows.net https://js.braintreegateway.com https://www.paypal.com https://video.google.com https://vimeo.com https://www.vimeo.com https://geoapi.cardinalcommerce.com https://1eafapi.cardinalcommerce.com https://songbird.cardinalcommerce.com https://includestest.ccdc02.com https://www.youtube.com https://polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net https://*.gstatic.com https://mpsnare.iesnare.com https://*.15gifts.com https://d16fk4ms6rqz1v.cloudfront.net https://lptag.liveperson.net https://*.lpsnmedia.net https://lo.v.liveperson.net https://unpkg.com https://getfirebug.com https://fonts.googleapis.com https://*.tealiumiq.com https://insights.algolia.io https://*.algolia.net https://*.algolia.com wss://mpsnare.iesnare.com https://*.algolianet.com https://*.tesco.com https://*.googleapis.com https://bat.bing.com https://eu-dbug-tam.sociomantic.com https://rules.quantcount.com https://service.maxymiser.net https://ssl.google-analytics.com https://www.facebook.com https://www.googletagservices.com https://www.google.co.uk https://*.google.com https://sentry.io https://www.w3.org https://*.adnxs.com https://*.googlesyndication.com https://*.doubleclick.net https://tr.snapchat.com https://cdn.spatialbuzz.com https://*.ensighten.com https://www.google.com.om https://cp-tesco.kb.net https://adservice.google.co.uk https://*.quantserve.com https://connect.facebook.net https://sc-static.net https://services.postcodeanywhere.co.uk https://www.liveperson.com https://www.liveengage.net https://www.liveengage.com https://www.liveper.sn https://*.contentsquare.com https://*.content-square.fr https://youtu.be https://res.cloudinary.com https://*.zenaps.com https://t.co https://analytics.twitter.com https://static.ads-twitter.com https://flashtalking.net https://*.flashtalking.com https://flashtalking.co.uk https://ftstatic.com https://device9.com https://devicenine.com https://flashtalkingfeeds.com https://ftdns.net https://d9.cx https://loadus.exelator.com https://pixelg.adswizz.com https://*.s3.amazonaws.com https://*.optimizely.com https://s0.2mdn.net https://cdn.spatialbuzz.net https://tag.device9.com https://s.yimg.com https://sp.analytics.yahoo.com https://pixel.mediaiqdigital.com https://*.turn.com https://*.meetami.ai wss://chat-stage.meetami.ai https://*.tiqcdn.com https://tags.tiqcdn.cn https://adservice.google.com https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.dwin1.com.x.3a4338da0f8be047130b30f0c4fd9561dd85.9270fc4.id.opendns.com https://www.google.com http://www.w3.org https://*.cloudfront.net https://cdn.spatialbuzz.com/ https://eu-sonar.sociomantic.com https://*.googletagmanager.com https://tescomobile.com http://*.reevoocloud.com https://*.cardinalcommerce.com https://flashtalking.com https://servedby.flashtalking.com https://d9.flashtalking.com/lgc https://d9.flashtalking.com/d9core https://cdn.flashtalking.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://compass.tescomobile.com http://*.15gifts.com https://15gifts-public-telco.s3.amazonaws.com https://15gifts-public-assets.s3.amazonaws.com https://r.turn.com https://d.turn.com wss://chat.meetami.ai https://tags-eu.tiqcdn.com https://px.gumgum.com https://tescomobile.slgnt.eu *.salecycle.com activitymap.adobe.com tescomobilepreprod.slgnt.eu paymonthly.tescomobile.com *.edb.com https://acs.apata.io https://acs1.viseca.ch https://acs.fssnet.co.in https://secure.dkb.de https://3ds.pkobp.pl https://search.start.xyz https://securesuite.co.uk https://idcheck.acs.touchtechpayments.com https://3ds.redsys.es https://dig3ds.cafis-paynet.jp https://acs.sinnad.com.bh https://3ds.emlpayments.com https://auth.3dsecure-csas.cz https://acs.touch.tech *.modirum.com https://authentication-acs.marqeta.com https://clients.smartsecure.tsys.co.uk *.wlp-acs.com https://mycardsecure.com *.lloydsbankinggroup.com *.mycardplace.com https://3ds2.visa.com/ *.revolut.com *.securesuite.co.uk *.go-mpulse.net *.akstat.io *.akamaihd.net https://secure.tesco.com https://utt.impactcdn.com https://www.ojrq.net https://logs-01.loggly.com https://tescomobile.pxf.io https://eu-prod.ppipe.net/ https://www.bankmillennium.pl/ https://acs.sibs.pt/ https://static.isitetv.com https://region1.google-analytics.com/g/collect https://fonts.googleapis.com/css2; frame-ancestors paymonthly.tescomobile.com *.hub.hsntech.com https://secure.tesco.com 'self'; object-src 'none'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com js-agent.newrelic.com pi.pardot.com *.gstatic.com connect.facebook.net *.googletagmanager.com bam.nr-data.net *.google-analytics.com *.clarity.ms bat.bing.com go.spscommerce.com j.6sc.co/6si.min.js googleads.g.doubleclick.net *.intercom.io js.intercomcdn.com *.youtube.com static.ads-twitter.com snap.licdn.com ws.zoominfo.com tag.demandbase.com *.hotjar.com *.calendly.com *.g2.com *.stackadapt.com *.googleadservices.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com bat.bing.com *.stackadapt.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: ps.w.org *.google.com bat.bing.com b.6sc.co *.facebook.com js.intercomcdn.com analytics.twitter.com *.spscommerce.com *.linkedin.com match.prod.bidr.io id.rlcdn.com *.company-target.com t.co *.g2.com *.stackadapt.com *.doubleclick.net s.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' bat.bing.com bam.nr-data.net stats.g.doubleclick.net google-analytics.com ipv6.6sc.co secure.adnxs.com wss://nexus-websocket-a.intercom.io *.clarity.ms api.company-target.com *.hotjar.io *.facebook.com *.hotjar.com cdn.linkedin.oribi.io c.6sc.co adservice.google.com ws.zoominfo.com *.intercom.io wss://ws47.hotjar.com wss://*.hotjar.com *.stackadapt.com *.demandbase.com www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.intercomcdn.com data: fonts.googleapis.com; object-src * *.stackadapt.com; media-src * js.intercomcdn.com; frame-src 'self' maps.googleapis.com *.youtube.com *.google.com *.facebook.com vars.hotjar.com go.spscommerce.com *.calendly.com *.company-target.com *.demandbase.com calendly.com *.getreprise.com go.pardot.com *.iheart.com *.doubleclick.net maps.google.com www.googletagmanager.com; child-src 'self' www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spscommerce.com?gdsih-csp-report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com js-cdn.dynatrace.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com secure.force.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com collect.tealiumiq.com tags.tiqcdn.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://bf51204epo.bf.dynatrace.com/bf int-crm.my.salesforce.com eu36.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com service.force.com *.salesforceliveagent.com *.googleapis.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net *.googlesyndication.com *.google.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com static.lightning.force.com secure.force.com *.salesforceliveagent.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com *.gstatic.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com medienkontakt.hofer.at int-crm.my.salesforce.com eu36.salesforce.com hofer.secure.force.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com hofer.force.com check-your-product.com www.check-your-product.com hofer-tickets.at/redeem test.etcgmbh.de/redeem *.salesforce-sites.com *.salesforce.com katalog.hofer.at; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
frame-ancestors https://www.zameen.com 1
frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn  'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.facebook.net https://*.twitter.com https://*.linkedin.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://cdn.syndication.twimg.com https://cdn.rawgit.com  https://static.addtoany.com  https://compteurweb.ehess.fr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.scaledrone.com https://surfly-us.com https://home-c35.nice-incontact.com https://www.youtube.com https://*.userzoom.com https://www.sc.pages08.net https://www.pages08.net https://players.brightcove.net https://map.brightcove.com https://*.psplugin.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn-cinfin.azureedge.net https://secure-ds.serving-sys.com https://bs.serving-sys.com https://gateway.zscaler.net https://action.media6degrees.com/ http://action.dstillery.com/ https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://cse.google.com https://www.gstatic.com https://*.googleapis.com https://*.ggpht.com *.googleusercontent.com https://up.pixel.ad https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://cdn01.basis.net; style-src 'self' 'unsafe-inline' https://*.userzoom.com https://*.psplugin.com https://cdn-cinfin.azureedge.net https://maxcdn.bootstrapcdn.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com; img-src 'self' data: blob: https://streetviewpixels-pa.googleapis.com https://*.userzoom.com *.boltdns.net https://i.ytimg.com https://www.sc.pages08.net https://www.pages08.net https://*.psplugin.com https://metrics.brightcove.com https://blog.cinfin.com/ https://gateway.zscaler.net https://stats.g.doubleclick.net https://www.facebook.com https://*.googleapis.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://www.google-analytics.com https://pixel.sitescout.com https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://www.google.com https://arttrk.com; media-src 'self' blob:; frame-src 'self' blob: https://app.surfly-us.com https://surfly-us.com https://home-c35.nice-incontact.com https://cinfin.speedtestcustom.com https://*.userzoom.com *.cinfin.com https://www.cinfinlearn.com https://players.brightcove.net https://bcove.video https://blog.cinfin.com/ https://players.brightcove.net https://bcove.video https://player.vimeo.com https://www.youtube.com https://widgets.memberedge.io https://www.google.com https://www.googletagmanager.com/ https://secure-ds.serving-sys.com https://pixel.sitescout.com; connect-src 'self' https://sentry.io https://home-c35.nice-incontact.com https://surfly-us.com wss://api.scaledrone.com https://*.cinfin.com:9999 http://sharedservices.cinfin.com https://*.doubleclick.net https://*.psplugin.com https://edge.api.brightcove.com *.akamaihd.net manifest.prod.boltdns.net https://maps.googleapis.com https://www.google-analytics.com https://secure-ds.serving-sys.com https://cdn.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io; font-src 'self' https://*.psplugin.com https://cdn-cinfin.azureedge.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:; object-src 'none'; form-action 'self' https://cincilink.cinfin.com; frame-ancestors 'self' https://cinfin.speedtestcustom.com https://cincilink.cinfin.com https://www.cinfinlearn.com https://*.psplugin.com; worker-src blob:; 1
default-src 'self' api.carsoup.com d25hqhdfvc6x6o.cloudfront.net tags.srv.stackadapt.com ssl.widgets.webengage.com 'unsafe-inline' 'unsafe-eval'; connect-src data: blob: *; script-src-elem * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; img-src data: blob: *; frame-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1
frame-ancestors 'self' *.webwire.com *.authorize.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.quotemedia.com cdn.jwplayer.com *.jwpcdn.com www.googletagmanager.com www.google-analytics.com acsbapp.com static.cloudflareinsights.com influxdb.quotemedia.com *.newrelic.com; object-src 'none' ; style-src 'self' 'unsafe-inline' *.quotemedia.com; img-src 'self' data: blob: www.google-analytics.com cdn.jwplayer.com *.jwpltx.com alticeusa.prod.acquia-sites.com *.alticeusa.com *.jwpsrv.com www.googletagmanager.com; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; font-src 'self' *.googleapis.com *.gstatic.com data: *.cloudflare.com *.quotemedia.com; connect-src 'self' blob: *.quotemedia.com www.google-analytics.com cdn.jwplayer.com acsbapp.com *.jwpsrv.com cdn.acsbapp.com *.nr-data.net; report-uri /report-csp-violation 1
default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src https: wss: 'unsafe-inline'; font-src * 'self' data:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 1
frame-src https://open.spotify.com/ https://embed-standalone.spotify.com/ 'self' https://ir.q4europe.com/ https://*.svc.dynamics.com/ https://sdk.companywebcast.com/ https://quadia.live/ https://c.spotler.com/; img-src *.vimeocdn.com https://collector.leadinfo.net 'self' data: https://a.storyblok.com https://fugro.canto.global https://placeimg.com *.cloudfront.net *.dynamics.com www.googletagmanager.com fonts.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com; media-src *.vimeocdn.com https://player.vimeo.com https://*.akamaized.net blob: 'self' https://a.storyblok.com https://fugro.canto.global *.cloudfront.net; script-src https://extend.vimeocdn.com https://cdn.leadinfo.net 'self' 'sha256-wi1U15ugJDQZb9/EtgivTlqlDCg0qTKvtr9HcErwiTQ=' https://vercel.app https://vercel.live https://vitals.vercel-insights.com fugro-global-3ys5uwdip-makerstreet.vercel.app https://app.storyblok.com/f/storyblok-v2-latest.js https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.hotjar.com *.azureedge.net https://vercel.live https://cdn.cookie-script.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.svc.dynamics.com/ https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://fugro.us13.list-manage.com/subscribe/post-json; script-src-elem https://extend.vimeocdn.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://cdn.leadinfo.net https://a.storyblok.com/f/192811/ 'self' 'sha256-wi1U15ugJDQZb9/EtgivTlqlDCg0qTKvtr9HcErwiTQ=' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' https://app.storyblok.com/f/storyblok-v2-latest.js https://www.googletagmanager.com https://www.google-analytics.com *.hotjar.com *.azureedge.net https://vercel.live https://cdn.cookie-script.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.svc.dynamics.com/ https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://fugro.us13.list-manage.com/subscribe/post-json; connect-src https://player.vimeo.com/external/ https://skyfire.vimeocdn.com/ https://*.akamaized.net/ https://noembed.com/ https://api.leadinfo.com https://collector.leadinfo.net 'self' https://www.fugro.com fugro-global-3ys5uwdip-makerstreet.vercel.app *.algolia.net *.algolianet.com https://vitals.vercel-insights.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://consent.cookie-script.com https://*.svc.dynamics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; child-src blob: 'self' vercel.app fugro-global-3ys5uwdip-makerstreet.vercel.app; base-uri 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; frame-ancestors 'self' https://app.storyblok.com; default-src 'self' https://vercel.app https://vercel.live https://vitals.vercel-insights.com https://vitals.vercel-insights.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn-images.mailchimp.com/embedcode/classic-071822.css https://*.hotjar.com 1
frame-ancestors 'self' *.15five.com https://15five.pathfactory.com https://go.pardot.com https://15five.lookbookhq.com 1
frame-ancestors app.ninety.io d2v6d3zxt3i4z6.cloudfront.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com *.stripe.com *.stripe.net code.jquery.com 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-dea32359ad84f0943fbc3ada28c6eef0' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=18.12.23; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.maxmind.com *.googletagmanager.com *.en25.com cookiebot.com *.cookiebot.com *.google-analytics.com *.google.com google.com *.google.co.nz *.eloqua.com *.gstatic.com *.googleapis.com *.doubleclick.net *.azureedge.net *.clarity.ms *.swiftype.com *.facebook.net *.pinimg.com *.maxymiser.net *.livechatinc.com *.adnxs.com *.twitter.com *.jotform.io *.bing.com c212.net *.jwplatform.com *.pinterest.com *.salesforceliveagent.com d335luupugsy2.cloudfront.net lmimirroralphapvr.azureedge.net *.yotpo.com *.rdstation.com.br *.mathtag.com *.linkedin.com *.pinimg.com sc-static.net *.force.com t.co *.bluekai.com *.snapchat.com vimeo.com *.lesmills.com *.mediatrackr.com youtube.com *.youtube.com lesmills.disco.ac *.googleadservices.com *.angularjs.org browser-update.org cdn.c212.net *.tiktok.com lesmills.my.salesforce.com snap.licdn.com 1
default-src 'self' www.google-analytics.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.youtube.com secure.gravatar.com twitter.com gstatic.com *.gstatic.com www.google.com *.ggpht.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss: blob:; font-src https: data:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https:; frame-ancestors 'self' https://www.sephora.ae/ https://perfumeriafirst.com/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; frame-ancestors https://www.americanexpress.com.sa https://amexd9.s3.ethosds.com https://almosafer.com https://*.almosafer.com https://z2.le.liveperson.net; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-/I2U4P/T5SJKGO/e28iv4Q=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
upgrade-insecure-requests; default-src 'self' https://apps.ou.edu https://*.dnnapi.com https://dnnapi.com https://ui.customsearch.ai https://*.fontawesome.com https://*.adobe.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.doubleclick.net https://listgrowth.ctctcdn.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://visitor2.constantcontact.com/ https://*.cdn.technolutions.net https://*.convertcalculator.com/ https://cdn.Linkedin.oribi.io https://*.googleapis.com https://*.bootstrapcdn.com https://code.jquery.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ouhsc.edu https://*.ouhsc.edu https://dnnapi.com https://ui.customsearch.ai https://*.fontawesome.com https://*.adobe.com https://www.google.com https://www.gstatic.com/c https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://ajax.googleapis.com https://*.gstatic.com https://apis.google.com https://www.clarity.ms https://*.hotjar.com https://code.jquery.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://cdn.logwork.com https://*.wufoo.com https://static.ctctcdn.com https://www.instagram.com https://pushpad.xyz https://*.quantserve.com https://*.quantcount.com https://hello.ou.edu https://hello-ou-edu.cdn.technolutions.net https://*.cdn.technolutions.net https://*.convertcalculator.co/ https://*.convertcalculator.com https://weatherwidget.io https://snap.licdn.com https://googLeads.g.doubLeclick.net https://www.cognitoforms.com/ https://pm.geniusmonkey.com https://s7.addthis.com; font-src 'self' data: https://dnnapi.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.typekit.net; style-src 'self' 'unsafe-inline' https://ouhsc.edu https://*.ouhsc.edu https://*.googleapis.com https://*.fontawesome.com https://cdnjs.cloudflare.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://hosteduxprod.blob.core.windows.net https://static.ctctcdn.com https://*.typekit.net https://*.cdn.technolutions.net https://apps.ou.edu; img-src 'self' data: https://ouhsc.edu https://*.ouhsc.edu https://dnnapi.com https://www.google.com https://www.gstatic.com/ https://www.google-analytics.com https://analytics.google.com https://googLeads.g.doubleclick.net https://www.googletagmanager.com https://*.clarity.ms https://*.bing.com https://*.facebook.com https://*.twitter.com https://*.fwicloud.com https://pixel.quantserve.com https://px.ads.Linkedin.com https://www.linkedin.com/px/* https://pm.geniusmonkey.com https://apps.ou.edu https://apps.ouhsc.edu; frame-src 'self' https://*.dnnapi.com https://dnnapi.com https://ouhsc.edu https://*.ouhsc.edu https://www.youtube.com https://*.adobe.com https://*.google.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com https://*.duosecurity.com https://*.wufoo.com https://ousurvey.qualtrics.com https://logwork.com https://e.issuu.com https://www.instagram.com https://yoshki.com https://info.pacs.ou.edu https://*.knightlab.com https://static.ctctcdn.com https://ouhsc.ridesystems.net https://weatherwidget.io https://form.jotform.com/ https://www.cognitoforms.com/ https://app.powerbi.com https://cdnapisec.kaltura.com https://outlook.office365.com; worker-src 'self' blob:; 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.equinenow.com *.2mdn.net *.acexedge.com *.adbutter.net *.adrta.com *.adsafeprotected.com *.adnxs.com *.adnxtr.com *.adroll.com *.adsrvr.org *.adtechus.com *.atdmt.com ajax.googleapis.com *.amazonaws.com *.amazon-adsystem.com *.ampproject.org *.basis.net *.betrad.com *.bidsumulator.com *.bidswitch.net *.bluekai.com *.bidr.io *.contextweb.com *.clarium.io *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.dowlextff.com *.dvtps.com connect.facebook.net confiant-integrations.global.ssl.fastly.net *.confiant-integrations.net *.esm1.net *.exponential.com *.everesttech.net *.evidon.com *.fastclick.net *.flashtalking.com maps.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.jivox.com *.krxd.net *.mathtag.com *.mediamathtag.com *.minkatu.com *.moatads.com *.myvisualiq.net *.olark.com *.opendns.com *.revjet.com *.pinterest.com *.quantcount.com *.quantserve.com *.scorecardresearch.com *.serving-sys.com *.sharethis.com *.sitescount.com *.steelhousemedia.com *.stripe.com *.tubemogul.com *.trustarc.com *.truste.com *.turn.com *.voicefive.com *.ybp.yahoo.com *.yimg.com; style-src img.equinenow.com 'self' 'unsafe-inline' *.googleapis.com *.cmptch.com *.evidon.com *.fastclick.net maxcdn.bootstrapcdn.com *.quantcount.com *.sharethis.com; style-src-elem img.equinenow.com 'self' 'unsafe-inline' *.evidon.com fonts.googleapis.com maxcdn.bootstrapcdn.com content.quantcount.com secure.cdn.fastclick.net static.olark.com *.sharethis.com; img-src * 'self' data: *.equinenow.com; font-src 'self' data: img.equinenow.com maxcdn.bootstrapcdn.com fonts.googleapis.com tpc.googlesyndication.com cdnjs.cloudflare.com fonts.gstatic.com cdn.revjet.com c.steelhousemedia.com; connect-src 'self' www.facebook.com *.acexedge.com *.adnxs.com *.adsrvr.org *.amazon-adsystem.com *.ampproject.org adserver-us.adtech.advertising.com *.bttrack.com *.contextweb.com *.casalemedia.com *.clearrtb.com *.clarium.io *.doubleclick.net *.doubleverify.com *.dotomi.com *.districtm.io *.flashtalking.com *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.gstatic.com metrics.nt.vc *.opendns.com *.serving-sys.com *.sharethis.com *.steelhousemedia.com *.yahoo.com; frame-ancestors 'self' *.allbreedpedigree.com *.pedigreequery.com; frame-src 'self' *.2mdn.net *.adform.net *.admission.net *.adnxs.com *.amazon-adsystem.com advertising.aol.com bttrack.com *.casalemedia.com *.cargurus.com connect.facebook.net *.consensu.org *.contobox.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.com *.flashtalking.com *.google.com *.googlesyndication.com *.linksynergy.com *.mathtag.com match.prod.bidr.io *.opendns.com *.placelocal.com *.serving-sys.com *.sharethis.com *.simpli.fi *.sitescout.com *.stripe.com *.turn.com *.vimeo.com *.w55c.net *.youtube.com; object-src 'none'; media-src *; form-action 'self' edge.sharethis.com m.facebook.com facebook.com www.google.com www.paypal.com www.uship.com; base-uri 'none'; report-to csp-services; report-uri https://equinenow.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors app.wyng.com *.wyng.com; 1
frame-ancestors 'none'; script-src https://incidecoder-assets.storage.googleapis.com 'nonce-t5eW3BAoOstHddUJwbjPUJRoicKC5qxnT3MWNd2EBTU' https://www.google-analytics.com https://www.googletagmanager.com  https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.instagram.com  ; style-src https://incidecoder-assets.storage.googleapis.com 'unsafe-inline'; font-src https://incidecoder-assets.storage.googleapis.com https://fonts.gstatic.com; manifest-src https://incidecoder-assets.storage.googleapis.com; img-src https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://incidecoder-assets.storage.googleapis.com  https://incidecoder-content.storage.googleapis.com  https://www.google-analytics.com https://incidecoder-magic.storage.googleapis.com blob: ; frame-src https://www.instagram.com https://www.google.com; connect-src 'self' https://incidecoder-content.storage.googleapis.com  https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com; default-src 'none'; 1
default-src 'self' https://*.vouchconcierge.com https://static.addtoany.com https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.nlb.gov.sg blob: data: https://www.library.gov.sg; img-src 'self' https: data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.vouchconcierge.com https://static.addtoany.com https://assets.dcube.cloud/fonts/ https://assets.wogaa.sg/fonts/ https://*.nlb.gov.sg https://*.nlb-prod.ubisend.io; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.nlb.gov.sg data: https://assets.dcube.cloud/fonts/; script-src 'self' 'unsafe-eval' 'nonce-1062988748' 'nonce-1241241674' 'nonce-2258305739' 'nonce-412097300' 'nonce-27336463' 'nonce-735609205' 'nonce-3101924380' 'nonce-3873140950' 'nonce-4AEemGb0xJptoIGFP3Nd-token' 'nonce-4AEemGb0xJptoIGFP3Nd-istream' 'nonce-211029159' 'nonce-3458425231' 'nonce-2429724010' 'nonce-1582987995' 'nonce-406047239' 'nonce-46974175' 'nonce-4134529881' 'nonce-3920238126' 'nonce-512398551' 'nonce-3757635407' https://static.addtoany.com https://*.vouchconcierge.com https://*.nlb-prod.ubisend.io blob: https://*.dcube.cloud https://assets.adobedtm.com/ https://assets.wogaa.sg/ https://www.googletagmanager.com/ https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net/ https://*.nlb.gov.sg https://*.nas.gov.sg; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' youtube.com www.youtube.com https://static.addtoany.com https://*.vouchconcierge.com  https://wogaa.demdex.net https://nlb.ap.panopto.com https://*.google.com; frame-ancestors 'self'; connect-src 'self' https://*.dcube.cloud https://dpm.demdex.net/ https://snowplow-web.wogaa.sg/ https://www.google-analytics.com/ https://www.library.gov.sg https://*.nlb.gov.sg https://*.nas.gov.sg https://static.addtoany.com https://*.vouchconcierge.com https://*.nlb-prod.ubisend.io wss://*.nlb-prod.ubisend.io https://*.ingest.sentry.io; 1
frame-ancestors 'self' https://www.mariages.net https://communaute.mariages.net https://landing.mariages.net 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-fr8ScVRQXI/SOMEw' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self' http://webvisor.com *.custhelp.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src 'self' data:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 1
frame-ancestors 'self' https://*.sodexobeneficios.com.br; 1
upgrade-insecure-requests; script-src 'self' 'nonce-QaIEfZvVIpqc1u6qZ5PrfB235DtbXPHD' 'unsafe-inline' https://prismic.io https://static.cdn.prismic.io https://*.google.com https://assets.adobedtm.com https://*.hs-scripts.com https://*.googleapis.com https://*.split.io https://*.snapfinance.com https://*.hsforms.net https://*.adsrvr.org https://*.gstatic.com https://*.googletagmanager.com https://js.hs-analytics.net https://js.hsadspixel.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://*.google-analytics.com https://cdnjs.cloudflare.com https://*.hsforms.com https://connect.facebook.net https://*.online-metrix.net/ https://*.xtlo.net/ https://api.cloudsponge.com https://boards.greenhouse.io/ https://deuan56b7nga3.cloudfront.net/ https://*.bing.com/ https://snap.licdn.com/ https://dev.visualwebsiteoptimizer.com https://*.adroll.com https://*.adroll.mgr.consensu.org https://*.inmarkethub.com https://*.stackadapt.com https://*.bizfocused.com https://*.demandbase.com https://*.heapanalytics.com https://*.github.io https://pixel.advertising.com https://*.outbrain.com https://*.taboola.com https://*.pubmatic.com https://*.adnxs.com https://*.casalemedia.com https://*.rubiconproject.com https://*.3lift.com https://ads.yahoo.com https://*.openx.net https://tag.clearbitscripts.com https://x.clearbitjs.com https://x.bidswitch.net https://up.pixel.ad https://www.youtube.com https://html2canvas.hertzen.com https://pippio.com https://analytics.tiktok.com https://*.googleanalytics.com https://*.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://*.api.useinsider.com https://*.doubleclick.net https://*.googleusercontent.com https://www.googleadservices.com https://*.kameleoon.eu https://*.kameleoon.com https://*.kameleoon.io https://*.niceincontact.com; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com stackpath.bootstrapcdn.com https://*.google.com https://*.snapfinance.com https://maxcdn.bootstrapcdn.com https://*.googleapis.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://*.xtlo.net/ https://deuan56b7nga3.cloudfront.net/ https://*.stackadapt.com https://optimize.google.com https://*.hotjar.com https://*.kameleoon.eu https://*.kameleoon.com https://*.niceincontact.com; font-src data: 'self' stackpath.bootstrapcdn.com https://*.xtlo.net https://*.snapfinance.com https://*.fontawesome.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com https://deuan56b7nga3.cloudfront.net/ https://*.hotjar.com https://*.niceincontact.com; img-src 'self' data: https://*.casalemedia.com https://*.rubiconproject.com https://*.outbrain.com https://*.taboola.com https://*.pubmatic.com https://*.3lift.com https://*.adnxs.com https://*.openx.net https://www.entitytag.co.uk https://*.prismic.io https://*.xtlo.net https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://snapcmsimages.s3-us-west-2.amazonaws.com https://*.doubleclick.net https://*.online-metrix.net/ https://*.snapfinance.com https://snapcmsimages.s3.amazonaws.com https://s3-us-west-2.amazonaws.com/snapcmsimages/ https://fc-use1-00-pics-bkt-00.s3.amazonaws.com https://snapmerchantimages.s3.amazonaws.com https://*.google-analytics.com https://*.hubspot.com/ https://www.facebook.com https://connect.facebook.net https://px.ads.linkedin.com https://*.gstatic.com https://d2k2lq7arf6zn3.cloudfront.net/ https://*.adsymptotic.com/ https://*.bing.com/ https://*.hs-scripts.com https://dev.visualwebsiteoptimizer.com https://*.bidr.io https://heapanalytics.com/ https://*.adroll.com https://*.inmarkethub.com https://*.stackadapt.com https://*.bizfocused.com https://snapfinance-devqa-pan.s3.us-west-2.amazonaws.com https://snapfinance-devqa-pan.s3.amazonaws.com https://*.rlcdn.com https://segments.company-target.com https://x.bidswitch.net https://lciapi.ninthdecimal.com https://tapestry.tapad.com https://*.sitescout.com https://pixel.logtrackback.com https://i.ytimg.com http://up.pixel.ad https://*.yelpcdn.com https://*.analytics.google.com https://*.g.doubleclick.net https://optimize.google.com https://*.hotjar.com https://*.kameleoon.eu https://*.kameleoon.com https://*.niceincontact.com; frame-ancestors 'self' https://app.hubspot.com/; worker-src blob: https://*.snapfinance.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.dk https://www.danskebank.dk https://danid.dk *.danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://syndication.twitter.com https://platform.twitter.com; object-src 'self' video.qbrick.com; frame-src 'self' https://danskebank.demdex.net https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk https://danid.dk *.danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://cloud-emea.analytics-egain.com *.investis.com https://platform.twitter.com https://syndication.twitter.com; 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' lotto-niedersachsen.piwik.pro lotto-niedersachsen.containers.piwik.pro bat.bing.com www.googletagmanager.com googleads.g.doubleclick.net; style-src 'self' data: 'unsafe-inline'; object-src data:; base-uri 'self'; connect-src 'self' lotto-niedersachsen.piwik.pro lotto-niedersachsen.containers.piwik.pro www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.de bat.bing.com s.yimg.com eu-api.friendlycaptcha.eu; font-src 'self' data:; frame-src 'self' www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net bat.bing.com img.youtube.com i.ytimg.com lotto-niedersachsen.piwik.pro googleads.g.doubleclick.net www.google.com www.google.de; manifest-src 'self'; worker-src 'self' blob:; child-src blob:; frame-ancestors *.lotto.de lotto.de *.keno.de keno.de *.xn--glcksspirale-elb.de xn--glcksspirale-elb.de *.gluecksspirale.de gluecksspirale.de *.eurojackpot.de eurojackpot.de tippgemeinschaft-verwalten.de *.tippgemeinschaft-verwalten.de *.tippgemeinschaft.org tippgemeinschaft.org *.tippgemeinschaft.net tippgemeinschaft.net gluecksspirale.dev.mrmworldwide.de *.lotterie.de lotterie.de app.contentful.com; 1
default-src 'none'; connect-src 'self' https://samc.zkb.ch https://samt.zkb.ch https://samct.zkb.ch https://dpm.demdex.net https://edge.adobedc.net https://adobedc.demdex.net https://*.doubleclick.net/ https://privacyportal-ch.onetrust.com https://geolocation.onetrust.com https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://www.google.com https://zkb.demdex.net https://dpm.demdex.net https://*.doubleclick.net/; frame-ancestors 'self' https://*.adobe.com/; img-src 'self' data: https://dpm.demdex.net https://cm.everesttech.net https://samc.zkb.ch https://*.googleapis.com https://maps.gstatic.com; media-src 'self' https://dpm.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://assets.adobedtm.com https://cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tt.omtrdc.net; object-src 'self' 1
frame-ancestors 'self' https://sc4hvcfl151058502cff46683.s3.amazonaws.com  https://*.museothyssen.org 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob: data:; default-src 'self'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' * data:; img-src 'self' * about: blob: data:; media-src * blob: data:; object-src https://players.brightcove.net; prefetch-src 'self' *; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:courttv-prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
frame-ancestors *.b2b168.com http://b2b168.tz1288.com; 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' data: *.applanga.com *.intercomcdn.com *.intercom.io code.jquery.com ajax.googleapis.com cdnjs.cloudflare.com; form-action 'self'; object-src 'none'; connect-src 'self' data: wss: sentry.io *.intercom.io *.intercom.com *.intercomcdn.com; img-src 'self' data: *.applanga.com applanga-dev-thumbnails.s3-website.eu-central-1.amazonaws.com s3.eu-central-1.amazonaws.com applanga-prod-thumbnails.s3-website.eu-central-1.amazonaws.com *.execute-api.eu-central-1.amazonaws.com static.intercomassets.com *.intercomcdn.com; font-src fonts.intercomcdn.com *.applanga.com; media-src *.applanga.com *.intercomcdn.com ; upgrade-insecure-requests; frame-src youtube.com https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pub-storage.s3.us-east-1.amazonaws.com/ *.system1.com *.typekit.net *.formstack.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com s.flocdn.com mapquest.com *.mapquest.ca *.youtube.com s3.amazonaws.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com jobs.lever.co *.soflopxl.com data:; img-src *; 1
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals 1
frame-ancestors 'self' https://prod.lavieenrose.com https://lver03mstru3it0prod.dxcloud.episerver.net; 1
default-src 'self' https://localhost:8083/ https://www.google-analytics.com data:; img-src 'self' https://id.bank.gov.ua https://www.google-analytics.com https://diia.gov.ua  data:; style-src 'self' 'unsafe-inline'; child-src blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com https://www.googletagmanager.com https://www.google-analytics.com; 1
default-src 'self' *.unionbankph.com *.azurewebsites.net *.finchatbot.com/;                  style-src 'self' 'unsafe-inline' *.unionbankph.com *.azurewebsites.net maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com;                  font-src 'self' maxcdn.bootstrapcdn.com *.gstatic.com *.yellowmessenger.com;                  script-src https://*.go-mpulse.net 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.google.com *.facebook.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.msecnd.net *.addthis.com *.qgraph.io *.googleapis.com *.yellowmessenger.com *.youtube.com *.appsflyer.com *.criteo.com;                  frame-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google.com *.youtube.com *.facebook.com *.yellowmessenger.com *.finchatbot.com/;                  connect-src https://*.go-mpulse.net https://*.akstat.io 'self' *.visualstudio.com *.google-analytics.com wss://app.yellowmessenger.com/ wss://app.yellowmessenger.com/websocket/ *.yellowmessenger.com analytics.google.com/ *.googletagmanager.com *.facebook.com *.criteo.com;                  img-src https://*.akstat.io 'self' *.unionbankph.com *.amazonaws.com *.facebook.com *.theunionbanker.com *.googleapis.com *.gstatic.com *.google-analytics.com *.githubusercontent.com data: *.yellowmessenger.com *.ytimg.com;                 media-src *.yellowmessenger.com; 1
default-src 'self' 'unsafe-inline' data: https:; frame-ancestors 'self' 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.akafms.net *.akstat.io *.baqend.com *.bing.com *.buckaroo.nl *.cloudfront.net *.crisp.chat *.decathlon.nl *.dktdev.nl *.execute-api.eu-west-1.amazonaws.com *.getflowbox.com *.go-mpulse.net *.googleusercontent.com *.igodigital.com *.insocial.nl *.instagram.com *.kampyle.com *.kiyoh.com *.kk-resources.com *.luckyorange.com *.luckyorange.net *.medallia.com *.medallia.eu *.mydecathlon.com *.obi4wan.com *.ojrq.net *.pinimg.com *.pusher.com *.rex.ai *.sociomantic.com *.thuiswinkel-cdn.org *.thuiswinkel.org *.trbo.com *.ytimg.com *.zopim.com about: ad.yieldlab.net adservice.google.be adservice.google.com adservice.google.fr analytics.google.com app.beampulse.com bf97725pbp.bf.dynatrace.com blob: bp-1c51.kxcdn.com browser-update.org capture.trackjs.com cdn.flbx.io cdn.postcodeapi.nu cdn.riverty.design cdn.trustcommander.net cdn.trylive.com cdnjs.cloudflare.com connect.facebook.net content.decathlon.de criteo-partners.tremorhub.com criteo-sync.teads.tv cumulus-cloud.com d.impactradius-event.com d10lpsik1i8c69.cloudfront.net data: datastudio.google.com decathlon-nl-nl--tst2.custhelp.com decathlon-nl-nl--tst2.widget.custhelp.com decathlon-nl-nl.custhelp.com decathlon-nl-nl.widget.custhelp.com decathlon-nl.sjv.io decathlon-nl.x8nb.net decathlonnl.app.baqend.com decathlonnl.zendesk.com device9.com docs.google.com ec2-3-10-120-155.eu-west-2.compute.amazonaws.com ekr.zdassets.com ekr.zendesk.com emersya.com engage.commander1.com gateway.zscaler.net googleads.g.doubleclick.net googleadservices.com h.clarity.ms logs-01.loggly.com nova.collect.igodigital.com pagead2.googlesyndication.com privacy.commander1.com privacy.trustcommander.net recommendation-js.woosmap.com s3-eu-west-1.amazonaws.com script.google.com sportenmetdecathlon.nl spreadsheets.google.com sslwidget.criteo.com static.criteo.net static.zdassets.com stats.g.doubleclick.net sync-criteo.ads.yieldmo.com utt.impactcdn.com view.publitas.com www.gstatic.com www.kiyoh.nl www.rnengage.com www.strava.com zendesk-eu.my.sentry.io;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.akafms.net *.akstat.io *.baqend.com *.buckaroo.nl *.cloudfront.net *.crisp.chat *.decathlon.nl *.dktdev.nl *.dynamicyield.com *.execute-api.eu-west-1.amazonaws.com *.getflowbox.com *.go-mpulse.net *.googleusercontent.com *.igodigital.com *.insocial.nl *.instagram.com *.kampyle.com *.kiyoh.com *.kk-resources.com *.luckyorange.com *.luckyorange.net *.medallia.com *.medallia.eu *.mydecathlon.com *.obi4wan.com *.ojrq.net *.pusher.com *.rex.ai *.sociomantic.com *.thuiswinkel-cdn.org *.thuiswinkel.org *.trbo.com *.ytimg.com *.zopim.com about: adservice.google.be adservice.google.com adservice.google.fr analytics.google.com api.decathlon.nl app.beampulse.com blob: bp-1c51.kxcdn.com browser-update.org capture.trackjs.com cdn.flbx.io cdn.postcodeapi.nu cdn.trustcommander.net cdn.trylive.com cdnjs.cloudflare.com content.decathlon.de core.booxi.eu cumulus-cloud.com d.impactradius-event.com d10lpsik1i8c69.cloudfront.net data: datastudio.google.com decathlon-nl-nl--tst2.custhelp.com decathlon-nl-nl--tst2.widget.custhelp.com decathlon-nl-nl.custhelp.com decathlon-nl-nl.widget.custhelp.com decathlon-nl.sjv.io decathlon-nl.x8nb.net decathlonnl.app.baqend.com decathlonnl.zendesk.com device9.com docs.google.com ec2-3-10-120-155.eu-west-2.compute.amazonaws.com ekr.zdassets.com ekr.zendesk.com emersya.com engage.commander1.com gateway.zscaler.net googleads.g.doubleclick.net h.clarity.ms logs-01.loggly.com maps.googleapis.com pagead2.googlesyndication.com privacy.commander1.com privacy.trustcommander.net recommendation-api.decathlon.com recommendation-js.woosmap.com s3-eu-west-1.amazonaws.com script.google.com sportenmetdecathlon.nl spreadsheets.google.com static.criteo.net static.zdassets.com stats.g.doubleclick.net utt.impactcdn.com view.publitas.com vjs.zencdn.net wss://widget-mediator.zopim.com www.gstatic.com www.kiyoh.nl www.rnengage.com www.strava.com zendesk-eu.my.sentry.io *.criteo.com *.criteo.net adventori.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.trylive.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.adnxs.com www.googleadservices.com *.salecycle.com redirect3536.tagcommander.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com www.youtube.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com creativecdn.com *.bing.com *.pinimg.com ad.yieldlab.net cdn.riverty.design connect.facebook.net criteo-partners.tremorhub.com criteo-sync.teads.tv googleadservices.com nova.collect.igodigital.com sslwidget.criteo.com sync-criteo.ads.yieldmo.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com prod-wt.aws.y-track.com manager.tagcommander.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.gstatic.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.mediadecathlon.com *.googleadservices.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net *.pinterest.com ad.360yield.com beacon.krxd.net cm.adform.net cm.g.doubleclick.net contextual.media.net dpm.demdex.net e1.emxdgt.com eb2.3lift.com exchange.mediavine.com ib.adnxs.com id5-sync.com is5-ssl.mzstatic.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com pixel.rubiconproject.com play-lh.googleusercontent.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com simage2.pubmatic.com sync-t1.taboola.com sync.outbrain.com ups.analytics.yahoo.com v2assets.zopim.io visitor.omnitagjs.com www.instagram.com x.bidswitch.net fonts.googleapis.com scripts.publitas.com https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ fonts.gstatic.com maxcdn.bootstrapcdn.com secure.brightcove.com bcboltbde696aa-a.akamaihd.net *.zdassets.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net players.brightcove.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com pay.google.com klantenservice.decathlon.nl;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.akstat.io *.analytics.google.com *.cloudfront.net *.criteo.com *.decathlon.nl *.getflowbox.com *.igodigital.com *.kampyle.com *.medallia.com *.medallia.eu *.pinterest.com ad.360yield.com ad.yieldlab.net beacon.krxd.net cdn.flbx.io cdn.riverty.design cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv decathlonnl.app.baqend.com dpm.demdex.net e1.emxdgt.com eb2.3lift.com exchange.mediavine.com gateway.zscaler.net ib.adnxs.com id5-sync.com is5-ssl.mzstatic.com jadserve.postrelease.com logs-01.loggly.com match.sharethrough.com matching.ivitrack.com pixel.rubiconproject.com play-lh.googleusercontent.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com simage2.pubmatic.com static.zdassets.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com ups.analytics.yahoo.com v2assets.zopim.io visitor.omnitagjs.com www.googleadservices.com www.instagram.com x.bidswitch.net;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.kampyle.com *.medallia.com *.medallia.eu;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.baqend.com *.crisp.chat *.cube-net.pub *.decathlon.nl *.kampyle.com *.medallia.com *.medallia.eu blob: fonts.googleapis.com maxcdn.bootstrapcdn.com vjs.zencdn.net www.facebook.com www.google.fr;object-src ;base-uri 'self';worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.decathlon.nl www.facebook.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.decathlon.nl *.googleapis.com *.pinimg.com *.pinterest.com *.pusher.com *.zdassets.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net d10lpsik1i8c69.cloudfront.net is5-ssl.mzstatic.com play-lh.googleusercontent.com players.brightcove.net www.facebook.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.criteo.com *.kampyle.com *.medallia.com *.medallia.eu *.pinterest.com gateway.zscaler.net klantenservice.decathlon.nl static.criteo.net;frame-ancestors 'self'; 1
connect-src 'self' https://*.textio.com https://*.getsentry.com https://*.dropbox.com https://*.dropboxapi.com https://hooks.slack.com https://mpapi-staging.textio.tech https://boards-api.greenhouse.io https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.litix.io https://*.salesloft.com https://*.adroll.com https://*.hubspot.com https://api.hubapi.com https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.6sc.co https://www.google-analytics.com https://textio-com.sandbox.hs-sites.com https://primary-staging-textio-tech.sandbox.hs-sites.com; default-src 'self' blob: https://embedwistia-a.akamaihd.net; font-src 'self' data: https://fonts.gstatic.com https://assets.textio.com; frame-ancestors 'self' chrome-extension://iddnbalhmdkipfcopclcnchagfbmcgjb chrome-extension://dbjmglepmfclkkpkcigofilkfbifndli chrome-extension://cickbfbmlokcckicgofgomgbbkbdlipl chrome-extension://onnpgnmgiikcdeffpfemdhggdbipcbjb http://textio.lookbookhq.com https://textio.lookbookhq.com http://textio.pathfactory.com https://textio.pathfactory.com http://explore.textio.com https://explore.textio.com https://textio-com.sandbox.hs-sites.com https://primary-staging-textio-tech.sandbox.hs-sites.com https://*.seismic.com; frame-src 'self' https://www.facebook.com https://player.vimeo.com https://fast.wistia.net https://www.youtube.com https://form.typeform.com https://textio-downloads-local-us-west-2.s3.amazonaws.com https://textio-downloads-predev-us-west-2.s3.amazonaws.com https://textio-downloads-staging-us-west-2.s3.amazonaws.com https://textio-downloads.s3.amazonaws.com https://fast.wistia.com https://bid.g.doubleclick.net https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://*.hubspot.com https://4307349.hs-sites.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://boards.greenhouse.io; img-src 'self' data: https://*.hubspot.com https://*.hubspot.net https://fcmatch.google.com https://fcmatch.youtube.com https://hello.textio.com https://csi.gstatic.com https://*.google-analytics.com https://maps.googleapis.com https://assets.textio.com https://stats.g.doubleclick.net https://secure.adnxs.com https://*.ads.linkedin.com https://cm.g.doubleclick.net https://imp2.bizographics.com https://*.adsymptotic.com https://*.akamaihd.net https://*.wistia.com https://*.wistia.net https://*.gstatic.com https://*.hsforms.com https://*.hubspotusercontent40.net https://*.hubspotusercontent-na1.net https://*.salesloft.com https://www.facebook.com https://www.google.com https://ads.yahoo.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://*.adroll.com https://*.6sc.co https://www.googletagmanager.com https://ups.analytics.yahoo.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com; media-src 'self' blob: data: http://*.turner.com https://*.wistia.com https://*.akamaihd.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.hubspot.com https://js.hsleadflows.net https://sjs.bizographics.com https://js.hscta.net https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://maps.googleapis.com https://*.google-analytics.com https://*.dropbox.com https://*.dropboxapi.com https://*.box.com https://snap.licdn.com https://*.ads.linkedin.com https://secure.adnxs.com https://www.bizographics.com https://www.linkedin.com https://src.litix.io https://*.wistia.com https://*.wistia.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://*.6sc.co https://js.hscollectedforms.net https://*.hsforms.net https://*.hsforms.com https://www.googletagmanager.com https://tagmanager.google.com https://scout-cdn.salesloft.com https://connect.facebook.net https://*.adroll.com https://d.adroll.mgr.consensu.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hs-scripts.com https://js.usemessages.com https://boards.greenhouse.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ton.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com ton.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com  platform.twitter.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
default-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crownpeak.com collect.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com barclaysinternational.sc.omtrdc.net bat.bing.com beacon.krxd.net cdn.decibelinsight.net app.decibelinsight.com collection.decibelinsight.net cdn.krxd.net consumer.krxd.net data.rci.eggplant.cloud googleads.g.doubleclick.net img.en25.com metrics.responsetap.com static-ssl.responsetap.com www.google.com www.googleadservices.com www.gstatic.com www.google-analytics.com www.media.barclays.co.uk edigitalsurvey.com barclaysbankplc.demdex.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; style-src  'self' 'unsafe-inline' www.media.barclays.co.uk fonts.googleapis.com; object-src 'self'; worker-src 'self'; child-src 4482330.fls.doubleclick.net assets.adobedtm.com barclaysbankplc.demdex.net cdn.krxd.net edigitalsurvey.com www.google.com www.media.barclays.co.uk bid.g.doubleclick.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; frame-src 'self' 4482330.fls.doubleclick.net assets.adobedtm.com barclaysbankplc.demdex.net cdn.krxd.net edigitalsurvey.com www.google.com www.media.barclays.co.uk bid.g.doubleclick.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; img-src 'self' data: www.barclaycard.co.uk api.company-target.com dynamicmedia.livenationinternational.com d3ne5nhbe3knix.cloudfront.net collect.tealiumiq.com cdnjs.cloudflare.com loadm.exelator.com twitter.com cimage.adobe.com aax-eu.amazon-adsystem.com ad.doubleclick.net adservice.google.com analytics.twitter.com apiservices.krxd.net bat.bing.com beacon.krxd.net beacon.rci.eggplant.cloud bppmdmxgsg.execute-api.eu-west-1.amazonaws.com cm.everesttech.net cm.g.doubleclick.net dc.ads.linkedin.com dpm.demdex.net googleads.g.doubleclick.net www.google-analytics.com insight.adsrvr.org load77.exelator.com loadus.exelator.com pippio.com pixelg.adswizz.com px.ads.linkedin.com smetrics.barclays.co.uk sp.analytics.yahoo.com t.co t.teads.tv www.facebook.com www.google.co.uk www.google.com www.google.es www.google.it adservice.google.co.uk adservice.google.de www.googleadservices.com adservice.google.co.za edigitalsurvey.com www.google.com.jm www.google.gr www.google.fr www.google.com.au www.google.im www.google.ie www.google.co.th www.google.pt www.google.co.in www.google.je www.google.co.za www.google.hr www.google.com.tr www.google.com.sa www.google.pl www.google.com.gi www.google.co.jp www.google.com.hk www.google.de www.google.co.kr www.google.com.ng www.google.com.cy www.google.nl www.google.se www.google.ca adservice.google.es www.google.co.ke www.google.vg www.google.fi www.google.cz www.google.gg adservice.google.hr www.google.co.cr www.google.co.nz www.google.ro www.google.com.mm www.google.ae www.google.be www.google.com.my www.google.so www.google.at www.google.ee www.google.bg www.google.cl www.google.com.sg adservice.google.ae www.google.lv www.google.mu www.google.ch www.google.com.ph www.google.com.tw www.gstatic.com www.google.com.mx www.google.bs www.google.com.vn www.google.com.sl www.google.no www.google.com.bh www.google.co.ao www.google.com.qa adservice.google.mk adservice.google.bg adservice.google.co.in www.google.iq adservice.google.gr www.google.com.kh www.google.mk adservice.google.com.om www.google.co.id www.google.com.ua www.google.is www.google.com.af adservice.google.com.tw  www.google.ru www.google.ms www.google.dk www.google.sk www.google.hu www.google.co.zw www.google.com.co www.google.com.eg www.google.gy www.google.rs www.google.co.il www.google.com.gh www.google.al www.google.tn www.google.com.om www.google.si www.google.md www.google.sn www.google.co.ug www.google.com.ag usermatch.krxd.net ssl.gstatic.com www.google.lt barclaysinternationalbarcardbusinessprod.112.2o7.net www.linkedin.com www.media.barclays.co.uk cx.atdmt.com jslog.krxd.net barclaysbankplc.demdex.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; connect-src 'self' collect.tealiumiq.com *.crownpeak.com *.akamaihd.net *.akstat.io *.api.decibelinsight.net smetrics.barclays.co.uk barclaysbankplc.tt.omtrdc.net barclaysinternational.sc.omtrdc.net bat.bing.com beacon.krxd.net collection.decibelinsight.net cdn.decibelinsight.net dpm.demdex.net jslog.krxd.net *.tt.omtrdc.net p11.techlab-cdn.com wss://collection.decibelinsight.net www.media.barclays.co.uk research.barclays.co.uk *.infinity-tracking.com ict.infinity-tracking.net siteintercept.qualtrics.com *.siteintercept.qualtrics.com; font-src 'self' fonts.gstatic.com edigitalsurvey.com www.media.barclays.co.uk; manifest-src 'self'; media-src 'self' www.media.barclays.co.uk jslog.krxd.net p.adsymptotic.com cx.atdmt.com; prefetch-src 'self'; 1
default-src 'self' blob: *.b-cdn.net fonts.gstatic.com; connect-src 'self' ws: wss://input.noibu.com *.jsdelivr.net *.lightboxcdn.com stats.g.doubleclick.net *.clarity.ms *.bing.com *.pndsn.com *.vimeo.com *.youtube.com *.affirm.ca *.snapchat.com *.google.com *.b-cdn.net *.kaptcha.com *.facebook.com *.noibu.com *.googleapis.com *.onetrust.com *.addressy.com *.brownsshoes.com *.visualwebsiteoptimizer.com app.vwo.com *.perimeterx.net *.pxchk.net *.px-client.net *.px-cdn.net *.px-cloud.net api.segment.io cdn.segment.com *.criteo.com www.google-analytics.com *.kustomerapp.com analytics.tiktok.com *.pinterest.com *.fullstory.com cdn.cookielaw.org; font-src 'self' data: fonts.gstatic.com cdn.kustomerapp.com sc-static.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.lightboxcdn.com *.visualwebsiteoptimizer.com www.googletagmanager.com *.addressy.com app.vwo.com s3.amazonaws.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.snapchat.com sc-static.net *.fullstory.com cdn.cookielaw.org *.google.com maps.googleapis.com googleads.g.doubleclick.net *.visualwebsiteoptimizer.com cdn.segment.com cdn.kustomerapp.com *.cquotient.com unpkg.com bat.bing.com www.googletagmanager.com app.vwo.com *.brownsshoes.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.snapchat.com *.jsdelivr.net *.lightboxcdn.com *.google.com unpkg.com *.addressy.com *.affirm.ca appleid.cdn-apple.com *.pcapredict.com *.kaptcha.com *.visualwebsiteoptimizer.com analytics.tiktok.com *.googlesyndication.com *.fullstory.com *.criteo.com googleads.g.doubleclick.net s.pinimg.com *.clarity.ms *.bing.com connect.facebook.net sc-static.net cdn.cookielaw.org cdn.noibu.com cdn.kustomerapp.com *.cquotient.com app.vwo.com www.googletagmanager.com cdn.segment.com *.googleadservices.com *.paybright.com *.googleapis.com; img-src 'self' data: about: *.kustomerapp.com *.jsdelivr.net *.gravatar.com *.tapad.com *.lightboxcdn.com *.lijit.com *.demdex.net *.krxd.net ade.clmbtech.com ups.analytics.yahoo.com trends.revcontent.com id5-sync.com sync.aralego.com partner.mediawallahscript.com www.google.ca gum.criteo.com i.liadm.com hb.yahoo.net googleads.g.doubleclick.net www.google.com.ua s.ad.smaato.net ads.stickyadstv.com *.px-cloud.net *.b-cdn.net *.visualwebsiteoptimizer.com edge.disstg.commercecloud.salesforce.com *.salesforce.com *.dmxleo.com pixel.rubiconproject.com cdn.cookielaw.org *.snapchat.com *.google.com *.postcodeanywhere.co.uk *.gstatic.com www.googletagmanager.com *.googleapis.com wingify-assets.s3.amazonaws.com *.pinterest.com *.facebook.com www.google.rs www.google.com *.clarity.ms *.bing.com app.vwo.com *.kustomerhostedcontent.com *.doubleclick.net *.emxdgt.com x.bidswitch.net ib.adnxs.com contextual.media.net rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com *.criteo.com; worker-src 'self' blob: *.brownsshoes.com; frame-src app.vwo.com *.kustomer.help *.visualwebsiteoptimizer.com vgdelivery.com *.vimeo.com *.youtube.com *.kaptcha.com static.criteo.net *.googlesyndication.com *.criteo.com *.snapchat.com *.facebook.com *.doubleclick.net *.brownsshoes.com *.pinterest.com; frame-ancestors 'self'; report-uri https://brownsshoes-csp-reporting.yemora.com/collect 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-QPIvJj8ArBJi0a+ywxSxuA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' https://* 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes';script-src-elem 'self' https://* 'unsafe-eval' 'unsafe-inline';img-src 'self' https://* 'unsafe-inline'; object-src 'self' 'unsafe-inline';base-uri 'self';style-src-elem https://* 'unsafe-inline';frame-src 'self' https://* 'unsafe-inline';font-src https://* 'unsafe-inline';connect-src https://* 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' https://*.paytmmoney.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://s3.ap-south-1.amazonaws.com https://stocks.paytmmoney.com https://*.fls.doubleclick.net https://*.paytm.com https://*.paytm.in  https://*.insider.in https://insider.in; connect-src 'self' wss://*.paytmmoney.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://stocks.paytmmoney.com https://*.fls.doubleclick.net https://paytmmoney.akamaized.net https://stats.g.doubleclick.net *.googleapis.com www.google-analytics.com *.bintray.com www.googletagmanager.com *.go-mpulse.net https://s3.ap-south-1.amazonaws.com https://www.youtube.com https://*.paytmmoney.com https://*.paytm.com https://bintray.com https://*.paytm.in https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://*.appsflyer.com https://*.sendbird.com wss://*.sendbird.com https://*.wowza.com https://*.insider.in https://insider.in; media-src 'self' blob: https://*.paytmmoney.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://stocks.paytmmoney.com https://s3.ap-south-1.amazonaws.com https://*.fls.doubleclick.net https://*.paytm.com https://*.paytm.in https://paytmmoney.akamaized.net  https://*.cloudinary.com https://*.insider.in https://insider.in; frame-src 'self' data: blob: https://*.paytmmoney.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://*.fls.doubleclick.net https://stocks.paytmmoney.com https://*.paytm.com https://*.paytm.in https://www.youtube.com/ http://www.youtube.com/ https://bid.g.doubleclick.net  https://*.insider.in https://s3.ap-south-1.amazonaws.com https://insider.in; img-src 'self' data: blob: *.googleapis.com https://*.fls.doubleclick.net https://www.facebook.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com www.googletagmanager.com https://stocks.paytmmoney.com https://stats.g.doubleclick.net *.googleapis.com https://www.google-analytics.com https://*.paytmmoney.com https://*.paytm.in https://s3.ap-south-1.amazonaws.com https://*.paytm.com *.paytm.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://*.appsflyer.com https://*.cloudinary.com https://*.youtube.com https://*.insider.in https://insider.in https://*.pmsbazaar.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.googleapis.com https://*.fls.doubleclick.net https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://s3.ap-south-1.amazonaws.com https://www.gstatic.com cdnjs.cloudflare.com https://stocks.paytmmoney.com https://*.paytm.com https://*.paytmmoney.com https://*.paytm.in https://bintray.com *.bintray.com www.google.com www.googletagmanager.com www.google-analytics.com *.go-mpulse.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://*.appsflyer.com https://*.cloudflare.com https://*.wzrkt.com https://*.errorception.com https://*.insider.in https://insider.in; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://connect.facebook.net https://dhx9mmhpfsala.cloudfront.net https://www.google-analytics.com https://stocks.paytmmoney.com https://*.paytmmoney.com https://s3.ap-south-1.amazonaws.com https://*.paytm.in https://*.fls.doubleclick.net https://*.insider.in https://insider.in; font-src 'self' data: https://*.paytm.in https://static.paytmmoney.com fonts.gstatic.com; report-uri https://paytm.report-uri.com/r/t/csp/enforce; 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ad.360yield.com https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://*.oracleinfinity.io https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com https://match.sharethrough.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.facebook.com https://www.google.com https://www.google.com.co https://x.bidswitch.net https://*.googleapis.com https://cdnjs.cloudflare.com https://*.ytimg.com https://*.mathilde-ads.com https://*.sitescout.com https://*.cloudfront.net https://*.gstatic.com https://tags.tiqcdn.com https://*.tealiumiq.com https://*.google.com https://*.google.com.co https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.labdigbdbpb.com https://*.labdigbdbcad.com https://*.amazonaws.com https://*.avaldigitallabs.com https://*.appdynamics.com https://*.bancodebogota.co https://*.bancodebogota.com.co https://*.bancodebogota.com https://*.oracleinfinity.io https://connect.facebook.net https://dynamic.criteo.com https://googleads.g.doubleclick.net https://service.maxymiser.net https://sslwidget.criteo.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; default-src 'self' https://ad.360yield.com https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://*.oracleinfinity.io https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com https://match.sharethrough.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.facebook.com https://www.google.com https://www.google.com.co https://x.bidswitch.net https://*.googleapis.com https://cdnjs.cloudflare.com https://*.ytimg.com https://*.mathilde-ads.com https://*.sitescout.com https://*.cloudfront.net https://*.gstatic.com https://tags.tiqcdn.com https://*.tealiumiq.com https://*.google.com https://*.google.com.co https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.labdigbdbpb.com https://*.labdigbdbcad.com https://*.amazonaws.com https://*.avaldigitallabs.com https://*.appdynamics.com https://*.bancodebogota.co https://*.bancodebogota.com.co https://*.bancodebogota.com https://*.oracleinfinity.io https://connect.facebook.net https://dynamic.criteo.com https://googleads.g.doubleclick.net https://service.maxymiser.net https://tags.bkrtx.com https://tags.bluekai.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://gum.criteo.com https://stags.bluekai.com https://virtual.bancodebogota.co https://www.youtube.com https://ad.360yield.com https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://*.oracleinfinity.io https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com https://match.sharethrough.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.facebook.com https://www.google.com https://www.google.com.co https://x.bidswitch.net; style-src 'report-sample' 'self' 'unsafe-inline'  https://*.criteo.com https://*.avaldigitallabs.com https://*.appdynamics.com https://*.bluekai.com https://tags.bkrtx.com https://*.maxymiser.net https://*.maxymiser.com https://*.google.com https://*.google.com.co https://*.googleapis.com https://*.googletagmanager.com https://*.oracleinfinity.io; connect-src 'self' https://*.oracleinfinity.io https://pagead2.googlesyndication.com https://sslwidget.criteo.com https://stats.g.doubleclick.net https://www.google-analytics.com; img-src 'self' https://*.bluekai.com https://ad.360yield.com https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://*.oracleinfinity.io https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://*.criteo.com https://i.liadm.com https://ib.adnxs.com https://match.sharethrough.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.facebook.com https://www.google.com https://www.google.com.co https://x.bidswitch.net https://*.demdex.net; report-uri https://64cbfa5a9299a8c1c10ec151.endpoint.csper.io/?v=0; frame-src 'self' https://td.doubleclick.net https://*.bancodebogota.co https://*.bancodebogota.com.co https://*.bancodebogota.com https://gum.criteo.com https://stags.bluekai.com https://virtual.bancodebogota.co https://www.youtube.com https://www.ath.com.co; 1
default-src 'self';  style-src 'self' 'unsafe-inline'; frame-src blob: 'self' https://*.capitalone.com https://*.arcot.com https://*.rsa3dsauth.com https://*.duosecurity.com https://*.jailatm.com https://*.cardinalcommerce.com; connect-src https://*.jailatm.com wss://*.jailatm.com https://*.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com https://facilitydocsprod.blob.core.windows.net https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://ssl.google-analytics.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://*.cardinalcommerce.com https://*.ccdc02.com; media-src blob: https://*.jailatm.com http://*.jailatm.com;frame-ancestors 'self'; img-src 'self' blob: data: https://*.jailatm.com https://bam.nr-data.net https://ssl.google-analytics.com; report-uri https://prod-85.eastus.logic.azure.com:443/workflows/5ab0d436f1e94b2ebb498123cf4e6237/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=5-sg8d7JXNkpqHqBZg7Z_eRksM6krb36tWkzTRxxavc 1
worker-src *.osano.com blob:; font-src *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net fonts.gstatic.com *.klaviyo.com *.typekit.net www.bobsredmill.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.turnto.com *.cardinalcommerce.com *.paypal.com *.facebook.com https://formcarry.com *.formcarry.com www.bobsredmill.com 'self' 'unsafe-inline'; frame-ancestors www.bobsredmill.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.icims.com photos.pixlee.co *.turnto.com wtb.bio www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.addthis.com *.attn.tv http://destinilocators.com *.doubleclick.net *.pinterest.com *.pixlee.co *.qzzr.com *.spotify.com https://app.viralsweep.com/ https://*.online-metrix.net https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ wac.edgecastcdn.net *.turnto.com wac.edgecastcdn.net/001A39/ *.turn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gravatar.com *.wp.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms *.digicert.com *.attentivemobile.com 4tellcdn.azureedge.net bobsredmill-blog.s3.amazonaws.com *.bing.com blob: *.bobsredmill.com *.cloudfront.net *.cld.bz *.google.com *.google.com.vn *.gwallet.com *.ipredictive.com *.monsido.com *.pinterest.com analytics.twitter.com t.co https://res.cloudinary.com/viralsweep/ *.visualwebsiteoptimizer.com img.youtube.com https://imgs.signifyd.com https://*.online-metrix.net www.bobsredmill.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ blob: http: https: 'self' *.osano.com cdn.jsdelivr.net *.turnto.com wac.edgecastcdn.net/001A39/ wtb.bio www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cld.bz https://app.viralsweep.com/ https://cdn-scripts.signifyd.com https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com cdn.jsdelivr.net 'unsafe-inline' http: https: 'self' *.fontawesome.com *.turnto.com wac.edgecastcdn.net/001A39/ tagmanager.google.com unsafe-inline www.bobsredmill.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.bobsredmill.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.osano.com *.turnto.com www.facebook.com *.facebook.com graph.facebook.com business.facebook.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.clarity.ms *.klaviyo.com *.signifyd.com *.4-tell.net *.stackadapt.com *.addthis.com *.tiktok.com *.attentivemobile.com *.azurewebsites.net *.doubleclick.net *.flippingbook.com cld.bz *.cld.bz formcarry.com *.googleapis.com *.monsido.com *.nr-data.net *.pinterest.com *.windows.net https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.bobsredmill.com http: https: blob: 'self' 'unsafe-inline'; default-src blob: www.bobsredmill.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.medion.com; 1
frame-ancestors 'self' https://*.equitable.com https://*.asedv001.appserviceenvironment.net https://int-compapp.azureedge.net int-compapp.equitable.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.pe http://claro.clientcampaigns.live https://*.google.com.mx https://*.google.com.pe https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.pe https://api-prod-hn.prod.clarodigital.net https://stackpath.bootstrapcdn.com https://*.clarity.ms https://*.jsdelivr.net https://claro.clientcampaigns.live https://claro-middleware-apigw-brjb7ubo.uk.gateway.dev https://claroperupoc.vteximg.com.br https://*.clarodigital.net https://*.googleoptimize.com https://*.tiktok.com https://*.ytimg.com https://*.bootstrapcdn.com https://*.cloudflare.com https://unpkg.com https://claromarketingtool.pe https://api-football-v1.p.rapidapi.com https://www.youtube-nocookie.com https://cdnjs.cloudflare.com https://claro.turnosaloha.com https://netdna.bootstrapcdn.com https://analytics.pangle-ads.com https://player.twitch.tv https://cdn.onesignal.com https://smartechlatam.online https://*.api-sports.io https://*.sorteosclaro.pe https://*.bing.com https://onesignal.com https://*.onesignal.com https://cdn.mxpnl.com https://live.rezync.com https://*.lightboxcdn.com https://*.boomtrain.com https://*.cloudfront.net https://cf.ignitionone.com https://api.zetaglobal.net https://netmng.com https://*.netmng.com https://*.mixpanel.com https://*.rfihub.com https://*.rfihub.net https://*.instana.io; media-src 'self' mediastream: blob: https://*.claro.com.pe; 1
font-src eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io *.abtasty.com abtasty.com *.digicert.com https://fonts.gstatic.com *.klevu.com *.acsbapp.com acsbapp.com *.jsdelivr.net *.yottaa.net *.hotjar.com data: *.fontawesome.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io https://www.facebook.com/tr/ *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io cdn-4.convertexperiments.com ct.pinterest.com *.digicert.com https://4453399.fls.doubleclick.net/ creatives.attn.tv eastwood.attn.tv *.hotjar.com www.facebook.com https://bid.g.doubleclick.net/ *.googlesyndication.com/ https://googleads.g.doubleclick.net/ *.google.com *.addthis.com *.bounceexchange.com *.criteo.com *.criteo.net *.emjcd.com *.dotomi.com *.abtasty.com *.acsbapp.com acsbapp.com https://accounts.accessibe.com *.usablenet.com *.kaptcha.com https://secure.paymentech.com https://securevar.paymentech.com *.birdeye.com/ https://help.eastwood.com/ *.stackpathcdn.com *.easypromosapp.com *.cstmapp.com *.onrender.com *.weltpixel.com www.xtento.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io *.abtasty.com abtasty.com cdn-4.convertexperiments.com cm.adform.net ad.yieldlab.net e1.emxdgt.com beacon.krxd.net s.thebrighttag.com api.dtstmio.com id5-sync.com *.digicert.com events.attentivemobile.com *.eastwood.com *.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.com.fm *.google.com.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.com.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googlesyndication.com www.facebook.com js.klevu.com *.liadm.com https://api.rollbar.com/api/1/item/ *.pinterest.com *.bounceexchange.com *.bouncex.net *.acsbapp.com *.bazaarvoice.com cm.mgid.com *.bing.com us-u.openx.net pixel.rubiconproject.com matching.ivitrack.com x.bidswitch.net idsync.rlcdn.com cm.g.doubleclick.net s.ad.smaato.net ade.clmbtech.com simage2.pubmatic.com *.360yield.com *.yieldmo.com *.stickyadstv.com *.tremorhub.com *.advertising.com *.omnitagjs.com *.media.net *.teads.tv *.3lift.com *.casalemedia.com *.taboola.com *.postrelease.com *.smartadserver.com e-planning.net *.yahoo.com cs.yellowblue.io match.sharethrough.com *.yottaa.net *.cdnwidget.com *.hotjar.com *.kaptcha.com https://imgfly.scarabresearch.com *.onetrust.com *.adnxs.com partner.mediawallahscript.com tg.socdm.com *.criteo.com *.criteo.net *.mediavine.com *.outbrain.com *.revcontent.com *.agkn.com pippio.com *.cloudfront.com *.cloudfront.net *.stackpathcdn.com *.easypromosapp.com *.cstmapp.com *.onrender.com http://spectro-images.e-mixing.eu https://spectro-images.e-mixing.eu www.xtento.com cdn.xtento.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io cdn-4.convertexperiments.com js.web-2-tel.com *.mczbf.com *.digicert.com *.attn.tv https://www.googletagmanager.com https://googleads.g.doubleclick.net *.wknd.ai *.bing.com https://rum-static.pingdom.net/prum.min.js *.abtasty.com *.murdoog.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/130506284425354 https://acsbapp.com/apps/app/assets/js/acsb.js https://acsbap.com/apps/app/assets/js/acsb.js https://aa.agkn.com/adscores/g.jsonp *.addthis.com *.addthisedge.com *.moatads.com *.eastwood.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.gstatic.com  *.googleapis.com google.com *.google.com/ *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.com.fm *.google.com.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.com.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.pinimg.com *.hotjar.com *.hotjar.io *.bounceexchange.com *.criteo.com *.criteo.net cdn.cookielaw.org *.yottaa.com *.yottaa.net cdn.noibu.com *.onetrust.com *.newrelic.com *.nr-data.net *.ksearchnet.com *.klevu.com widget.wickedreports.com *.s3.amazonaws.com *.pubnub.com *.pubnub.net *.pubnub.io *.pndsn.com *.udev1a.net *.udev2a.net *.usablenet.com *.upreus.com *.upreeu.com *.ugmus.com *.kaptcha.com *.px-client.net *.pxchk.net *.px-cloud.net *.px-cdn.net *.perimeterx.net https://birdeye.com/ *.birdeye.com/ *.clarity.ms *.stackpathcdn.com *.easypromosapp.com *.cstmapp.com *.onrender.com *.forter.com www.xtento.com cdn.xtento.com *.plugins.emarsys.net *.scarabresearch.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com js.klevu.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io *.digicert.com https://fonts.googleapis.com/css https://js.klevu.com *.eastwood.com *.materialdesignicons.com *.jsdelivr.net *.bounceexchange.com *.bazaarvoice.com *.abtasty.com *.yottaa.net *.udev1a.net *.udev2a.net *.usablenet.com *.stackpathcdn.com *.easypromosapp.com *.cstmapp.com *.onrender.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com tagmanager.google.com *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io cdn-4.convertexperiments.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io cdn-4.convertexperiments.com js.web-2-tel.com *.digicert.com eastwood.attn.tv events.attentivemobile.com *.abtasty.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.acsbapp.com/cache/app/app.eastwood.test/en.build.json https://cdn.acsbapp.com/cache/app/m2.eastwood.com/en.build.json https://acsbapp.com/apps/app/ https://www.paypal.com/xoplatform/logger/api/logger https://rum-collector-2.pingdom.net/img/beacon.gif https://api.rollbar.com/api/1/item/ *.acsbapp.com *.googlesyndication.com *.googleadservices.com *.google.com *.pinterest.com *.hotjar.com *.hotjar.io *.yottaa.net cdn.cookielaw.org *.kaptcha.com *.noibu.com *.pusher.com wss://*.hotjar.com wss://*.noibu.com wss://*.pusher.com *.bouncex.net *.ksearchnet.com *.nr-data.net *.onetrust.com track.wickedreports.com *.cdnwidget.com *.cdnbasket.net *.pndsn.com *.px-client.net *.pxchk.net *.px-cloud.net *.px-cdn.net *.perimeterx.net *.cloudfront.com *.cloudfront.net https://collect.eastwood.com/ *.bing.com *.stackpathcdn.com *.easypromosapp.com *.cstmapp.com *.onrender.com google.com *.forter.com wss://*.forter.com *.scarabresearch.com *.eservice.emarsys.net widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src eastwood.api.kustomerapp.com cdn.kustomerapp.com *.kustomerapp.com eastwood.kustomer.help eastwood.kustomer.com cdn.kustomerhostedcontent.com *.datasteam.io datasteam.io *.abtasty.com abtasty.com blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com  https://www.google.com https://stats.g.doubleclick.net https://*.lemnisk.co https://cdn25.vzeesp.com wss://*.lemnisk.co https://cdn-eu.readspeaker.com https://*.readspeaker.com https://tr.snapchat.com https://analytics.tiktok.com https://analytics.google.com https://*.elastic-cloud.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io; 1
script-src 'self' 'unsafe-inline' browser-update.org platform.twitter.com https://*.googletagmanager.com www.google-analytics.com rum-static.pingdom.net https://tagmanager.google.com/debug assets.zendesk.com static.zdassets.com ekr.zdassets.com browser.sentry-cdn.com sentry.cloud.gov.au; object-src 'none'; frame-ancestors 'self'; worker-src 'self' blob: 1
frame-ancestors 'self' https://*.elisa.ee https://entitlement1.ses.elisa.ee:10076; 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net https://subscriber.icis.com 1
upgrade-insecure-requests; default-src 'self';script-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.net *.wistia.com static.zdassets.com vt-support.zendesk.com fast.wistia.net *.wistia.com static.zdassets.com vt-support.zendesk.com 'sha256-NkVvEnbMg5vsK43J2NpfIIVu7XmvMvFDgGon0qQgvQ0=' 'sha256-XSSi6RJIfxaVdFtY9gnqF1Hp+EmSO8tNQ9WaLvROtbc=';style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;child-src 'self' voicethread.com fast.wistia.net *.wistia.com player.vimeo.com fast.wistia.net *.wistia.com player.vimeo.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com wss://prod-mq.voicethread.com wss://prod-notifications-endpoint.voicethread.net *.bugsnag.com sentry.io *.sentry.io *.bugsnag.com sentry.io *.sentry.io;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;form-action 'self'  https://voicethread.com;frame-ancestors * ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net static.zdassets.com vt-support.zendesk.com embed-fastly.wistia.com embed-ssl.wistia.com/ *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net static.zdassets.com vt-support.zendesk.com embed-fastly.wistia.com embed-ssl.wistia.com/;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed-ssl.wistia.com embed.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com embed-ssl.wistia.com embed.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com;object-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com; 1
frame-ancestors 'self' *.ahc.root.loc *.dirsvcs.org 1
font-src 'self' 'unsafe-inline' data: *.deutsche-apotheker-zeitung.de *.bootstrapcdn.com *.davfobi.de; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://www.google.com https://www.google-analytics.com https://maps.googleapis.com https://apis.google.com https://connect.facebook.net https://challenges.cloudflare.com https://static.cloudflareinsights.com https://bat.bing.com;report-uri https://o298045.ingest.sentry.io/api/5193335/security/?sentry_key=98577efcbca24e6daef4a099b6611076 1
default-src 'self';script-src 'self' 'sha256-mC/sRlVJsfC1/UmV5qq0V3xDz5TU/OAm5ZVLbDK8u3Q=' www.youtube.com/iframe_api www.youtube.com/s/player/ https://a0.awsstatic.com/ https://d2c.aws.amazon.com/;style-src 'self' 'unsafe-inline';connect-src 'self' https://clientlogger.marketplace.aws.a2z.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://aws.amazon.com/ https://vs.aws.amazon.com https://a0.awsstatic.com/ https://d2c.aws.amazon.com/;img-src 'self' https://internal-cdn.amazon.com/badgephotos.amazon.com/ https://sage-images-aws-prod.s3.us-west-2.amazonaws.com data: blob: https://images.credly.com https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://repost.aws https://*.repost.aws i.ytimg.com https://a0.awsstatic.com/ https://d2c.aws.amazon.com/;font-src 'self' data:;frame-src https://aws.demdex.net https://dpm.demdex.net www.youtube-nocookie.com;object-src 'none';block-all-mixed-content;frame-ancestors 'none';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self'; report-uri https://develisys.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self';  form-action 'self';  default-src 'self';  script-src 'self' *.google-analytics.com *.googletagmanager.com https://cdn.polyfill.io;  img-src 'self' http: https:;  connect-src 'self' https://dp.la https://d2jf00asb0fe6y.cloudfront.net *.google-analytics.com *.analytics.google.com;  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;  font-src 'self' https://cdnjs.cloudflare.com;  media-src 'self' https://dp.la https://d2jf00asb0fe6y.cloudfront.net;  frame-src 'self' https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cs.judicial.gov.tw *.judicial.gov.tw *.line.me *.line-scdn.net *.doubleclick.net *.googletagmanager.com www.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.youtube.com;frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.securitybank.com https://securitybank.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://player.youku.com/jsapi https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://www.googleoptimize.com https://www.googletagmanager.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://audemarspiguet.scene7.com https://player.vimeo.com https://download-video.akamaized.net; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; connect-src * data:; media-src * blob:; worker-src 'self' blob:; 1
default-src 'self' https://bam.nr-data.net; font-src 'self' https://use.typekit.net; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src 'self' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://chart.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://js-agent.newrelic.com https://platform.twitter.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://platform.twitter.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors https://localizejs.com 1
frame-ancestors 'self' app.kontent.ai notification.kontent.ai; 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 'unsafe-inline'; 1
script-src 'self' https: 'strict-dynamic' 'nonce-yJgPSsvkxGNG8WwF3duz9eD1AxZZlFXrkL/fQccbvds=' https://embed.zenn.studio/js/listen-embed-event.js www.googletagmanager.com https://cdn.jsdelivr.net/npm/katex/dist/katex.min.js 'sha256-VBc9tzS+U9SzON+C7B2ZnWQcfbc8HELDISqMEIhELLs=' 'sha256-N9YIN+P8sTmLT0uJPtGBiAASdpoJJYKfyJRjXSwTXys=' 'sha256-KNm0/xK1a/MUS2W6s/HYNdp8BjyrUCkD+qMikvBKNtE=';object-src 'none';base-uri 'none';report-uri https://asia-northeast1-zenn-dev-production.cloudfunctions.net/csp-logger; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-WKizuTuUNTzTmNGo4rnu2f2qnrRvWc' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
font-src fonts.googleapis.com fonts.gstatic.com data: fonts.gstatic.com/ applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com esqa.moneris.com www3.moneris.com pay.google.com data: youtube.com www.youtube.com vimeo.com google.com www.google.com www.google.ca www.google.fr www.gstatic.com bid.g.doubleclick.net saq.cvmanager.com amc.demdex.com *.spotify.com *.weezevent.com *.moneris.com *.privacy-center.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.vimeocdn.com i.ytimg.com www.google.com www.google.ca www.google.fr *.gstatic.com www.maps.gstatic.com maps.googleapis.com developers.google.com play.google.com linkmaker.itunes.apple.com img.riskified.com www.w3.org www.googletagmanager.com cdn.storepoint.co *.privacy-center.org *.googleapis.com *.ggpht.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com esqa.moneris.com www3.moneris.com applepay.cdn-apple.com pay.google.com jquery.sellxed.com s7.addthis.com data: js-agent.newrelic.com maps.googleapis.com google.com google.ca google.fr www.google.com www.google.ca www.google.fr developers.google.com www.gstatic.com bam.nr-data.net bam-cell.nr-data.net tagmanager.google.com beacon.riskified.com www.beanstream.com web.na.bambora.com c.riskified.com dpm.demdex.net googleads.g.doubleclick.net/ cdn.storepoint.co/ *.weezevent.com *.moneris.com *.privacy-center.org accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com fonts.googleapis.com cdn.storepoint.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com ekr.zdassets.com/ bam.nr-data.net bam-cell.nr-data.net c.riskified.com stats.g.doubleclick.net web.na.bambora.com analytics.google.com maps.googleapis.com *.storepoint.co google.com *.googlesyndication.com *.privacy-center.org pay.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' data: *.odfl.com;             script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' assets.adobedtm.com cdnjs.cloudflare.com cdn.cookielaw.org *.doubleclick.net connect.facebook.net www.google.com www.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com www.gstatic.com *.ss-omtrdc.net *.onetrust.com www.youtube.com *.salesforceliveagent.com *.salesforce.com *.adobe.com analytics.google.com tagmanager.google.com *.pendo.io *.usabilla.com tag.demandbase.com *.adsrvr.org beacon.sftoaa.com *.cloudfront.net;             script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.odfl.com assets.adobedtm.com cdn.cookielaw.org *.doubleclick.net connect.facebook.net www.google.com www.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com www.gstatic.com *.ss-omtrdc.net *.onetrust.com www.youtube.com *.salesforceliveagent.com *.force.com *.salesforce.com aa.trkn.us *.licdn.com *.adobe.com analytics.google.com tagmanager.google.com *.pendo.io *.usabilla.com tag.demandbase.com *.adsrvr.org beacon.sftoaa.com bat.bing.com cdn.pdst.fm *.clarity.ms *.go-mpulse.net *.dynatrace.com flex.cybersource.com *.usabilla.com *.akamaihd.net *.cloudfront.net;             style-src 'self' 'unsafe-inline' *.odfl.com cdnjs.cloudflare.com *.googleapis.com *.salesforce.com *.jst.ai tagmanager.google.com *.cloudfront.net *.usabilla.com fonts.googleapis.com;             style-src-elem 'self' 'unsafe-inline' *.odfl.com cdnjs.cloudflare.com *.googleapis.com *.salesforce.com tagmanager.google.com *.pendo.io *.cloudfront.net;             font-src 'self' data: *.odfl.com fonts.gstatic.com *.cloudfront.net *.usabilla.com fonts.googleapis.com;             connect-src 'self' *.odfl.com cdn.cookielaw.org *.doubleclick.net www.facebook.com *.google-analytics.com *.googleapis.com *.omtrdc.net *.ss-omtrdc.net *.onetrust.com vimeo.com *.salesforceliveagent.com *.googleapis.com *.analytics.google.com analytics.google.com *.company-target.com *.linkedin.com *.google.com *.demdex.net odflmarketingdev.112.2o7.net odflmarketing.112.2o7.net odflmarketingprod.112.2o7.net odflodflmarketingprod.112.2o7.net *.pendo.io cdn.linkedin.oribi.io *.cloudfunctions.net bat.bing.com *.clarity.ms *.go-mpulse.net *.akstat.io *.akamaihd.net *.dynatrace.com *.adobe.io tag-logger.demandbase.com *.usabilla.com *.cloudfront.net *.googlesyndication.com;             frame-src 'self' data: *.odfl.com *.doubleclick.net *.google.com www.facebook.com www.youtube.com *.salesforceliveagent.com *.salesforce.com *.adobe.com *.adsrvr.org *.company-target.com *.demdex.net *.vimeo.com *.cybersource.com w.soundcloud.com *.pendo.io *.cloudfront.net;             img-src * data:;             media-src * blob:;             worker-src * blob:;             frame-ancestors 'self' *.odfl.com *.doubleclick.net www.google.com www.facebook.com www.youtube.com *.salesforceliveagent.com *.salesforce.com *.adobe.com; 1
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com https://*.screenmeet.com wss://*.screenmeet.com 1
report-uri https://check.sidnlabs.nl/csp-report-labs.php; 		default-src 'none'; 		img-src		  'self' https://nts1.time.nl; 		font-src          'self'                                   https://use.fontawesome.com/releases/v5.7.0/webfonts/                                   https://time.nl/fonts/                                   https://www.time.nl/fonts/; 		script-src 'self' https://code.jquery.com/jquery-3.3.1.slim.min.js                                   https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js                                   https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js; 		style-src 'self'  'sha256-l1856iiNsDTzkYaWE5VdI99djCZCSqKYW0Cvft7fjwQ='                                   'sha256-R/fQVlMQZ7Z4DF1VtgW3FEYT3IIQX5hrkkL5o8oM7Ow='                                   https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css                                   https://use.fontawesome.com/releases/v5.7.0/css/all.css; 1
default-src 'self' acsbapp.com www.google-analytics.com cdn.acsbapp.com region1.google-analytics.com fonts.gstatic.com analytics.ferrero.com privacyportal-eu.onetrust.com static.addtoany.com vod.ferrero.com cdn.cookielaw.org; script-src 'self'  'unsafe-eval'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' www.gstatic.com www.google.com www.google-analytics.com acsbapp.com analytics.ferrero.com cdn.cookielaw.org www.googletagmanager.com static.addtoany.com; img-src 'self' cdn.cookielaw.org privacy-policy.truste.com data: ; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; object-src 'none'; frame-src static.addtoany.com www.google.com; 1
default-src   http://172.200.5.13 http://contenidosadmin.dane.gov.co  http://dane.gov.co http://www.dane.gov.co https://www.dane.gov.co  https://dane.gov.co; connect-src http://172.200.5.13  http://contenidosadmin.dane.gov.co http://dane.gov.co  https://dane.gov.co   https://translate.googleapis.com https://analyt_js https://www.instagram.com/  https://twitter.com  http://www.dane.gov.co  https://www.dane.gov.co  https://stats.g.doubleclick.net  https://www.google-analytics.com  https://www.googletagmanager.com; font-src https: data: http:; frame-src https://ecircular.dane.gov.co  https://syndication.twitter.com https://dane-economia-circular.netlify.app   http://172.200.5.13 http://contenidosadmin.dane.gov.co  https://dane.gov.co http://dane.gov.co  http://dane.gov.co  https://dane.gov.co https://platform.twitter.com https://www.youtube.com  https://twitter.com   about: javascript:  http://172.200.5.13 http://contenidosadmin.dane.gov.co http://www.dane.gov.co https://www.dane.gov.co https://dane.gov.co http://dane.gov.co  http://static.addtoany.com https://www.google-analytics.com ; img-src https: data: http:; media-src https: http:; object-src https: http ;script-src 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://platform.twitter.com  https://static.doubleclick.net  https://www.youtube.com https://googleads.g.doubleclick.net  http://dane.gov.co  https://dane.gov.co    https://www.dane.gov.co http://www.dane.gov.co  about: https: http:; style-src 'unsafe-inline' 'unsafe-eval' https: http:; frame-ancestors https://www.instagram.com/  http://172.200.5.13 http://www.dane.gov.co  http://contenidosadmin.dane.gov.co https://www.dane.gov.co http://dane.gov.co  https://dane.gov.co;  report-uri 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net; media-src 'self' 'unsafe-inline' youtube.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com *.linkedin.com *.google.com *.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://ws.zoominfo.com https://script.hotjar.com https://tag.demandbase.com/ab7fafeb.min.js https://go.caqh.org/pd.js https://go.caqh.org/analytics https://pi.pardot.com/analytics https://s.company-target.com/ https://js.hsforms.net/forms/embed/v2.js cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://static.addtoany.com https://unpkg.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.dormakabacountry.com *.dormakaba.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src     'self'   blob:  *.perkinelmer.com   aoeprogress-perkin-elmer.pantheonsite.io  scoremodel-perkin-elmer.pantheonsite.io     fonts.googleapis.com     d3d9hv42w7vz9m.cloudfront.net     https://ips-invite.iperceptions.com     https://www.googletagmanager.com/     https://www.youtube.com/     https://www.youtube.com/iframe_api     https://www.google-analytics.com/     https://snap.licdn.com/     https://script.crazyegg.com/     https://connect.facebook.net     https://platform.twitter.com     https://img.en25.com     https://s.yimg.com     https://www.googleadservices.com     https://bat.bing.com     https://tag.demandbase.com     https://static.ads-twitter.com/     https://googleads.g.doubleclick.net     https://pixel.sitescout.com     https://tracking.crazyegg.com     https://www.facebook.com     https://px.ads.linkedin.com     https://id.rlcdn.com     https://t.co     https://api.company-target.com     https://match.prod.bidr.io     https://www.google.com     https://www.google.de     https://analytics.twitter.com     https://segments.company-target.com     https://tracking.crazyegg.com     https://scoremodel-perkin-elmer.pantheonsite.io     https://s1674556495.t.eloqua.com/     https://syndication.twitter.com     resources.perkinelmer.com           gateway.zscalertwo.net     https://cdnapisec.kaltura.com;script-src     'self'  *.visualwebsiteoptimizer.com  app.vwo.com    'unsafe-inline'     'unsafe-eval'  https://cdn.cookielaw.org  d3d9hv42w7vz9m.cloudfront.net  https://www.citeab.com  *.googleapis.com  aoeprogress-perkin-elmer.pantheonsite.io s1327051840.t.eloqua.com translate.google.com   gateway.zscalertwo.net     *.perkinelmer.com     *.kaltura.com  https://js.hsforms.net/     *.hotjar.com *.cloudfunctions.net   us-central1-perkin-elmer-ga.cloudfunctions.net   http://*.kaltura.com           hm.baidu.com    js.hs-scripts.com  use.fontawesome.com *.hsadspixel.net  *.hs-analytics.net  js.hscta.net  *.hubspot.com  static.hsappstatic.net  *.usemessages.com  *.hs-banner.com  *.hubspot.net  *.hscollectedforms.net  *.hsleadflows.net  *.hsforms.net  *.hsforms.com  *.hs-scripts.com  *.hubspotfeedback.com  feedback.hubapi.com     *.googletagmanager.com     www.google-analytics.com     script.crazyegg.com     connect.facebook.net     www.youtube.com     img.en25.com     www.google.com     tag.demandbase.com     snap.licdn.com     platform.twitter.com     s.yimg.com     img04.en25.com     www.googleadservices.com     bat.bing.com     sp.analytics.yahoo.com     static.ads-twitter.com     js-agent.newrelic.com     analytics.twitter.com     bam.nr-data.net     googleads.g.doubleclick.net     *.cloudfront.net           *.google-analytics.com           *.analytics.edgekey.net     scoremodel-perkin-elmer.pantheonsite.io     *.linkedin.com     platform.linkedin.com     ips-invite.iperceptions.com     syndication.twitter.com     cdn.syndication.twimg.com;style-src     'self'   *.visualwebsiteoptimizer.com app.vwo.com   'unsafe-inline' https://cdn.cookielaw.org   *.googleapis.com  translate.google.com  use.fontawesome.com  d3d9hv42w7vz9m.cloudfront.net  aoeprogress-perkin-elmer.pantheonsite.io  gateway.zscalertwo.net     *.perkinelmer.com     fast.fonts.net     *.fontawesome.com   cdn2.hubspot.net  fonts.googleapis.com     code.jquery.com     cdnjs.cloudflare.com     *.cloudfront.net     *.twitter.com     scoremodel-perkin-elmer.pantheonsite.io; img-src     'self'     'unsafe-inline'  https://cdn.cookielaw.org d3d9hv42w7vz9m.cloudfront.net  aoeprogress-perkin-elmer.pantheonsite.io chart.googleapis.com app.vwo.com wingify-assets.s3.amazonaws.com  js.hscta.net  no-cache.hubspot.com  *.hubspot.com  *.hubspot.net  cdn2.hubspot.net  *.hsforms.net  *.hsforms.com *.visualwebsiteoptimizer.com   hm.baidu.com  gateway.zscalertwo.net translate.google.com  *.gstatic.com    *.googleapis.com fonts.gstatic.com *.perkinelmer.com     *.kaltura.com           *.baidu.com     sp.analytics.yahoo.com     https://forms-na1.hsforms.com  https://forms.hsforms.com      cdnjs.cloudflare.com           ad.doubleclick.net     *.twitter.com     cdn.syndication.twimg.com     id.rlcdn.com     match.prod.bidr.io     www.facebook.com     pixel.sitescout.com     segments.company-target.com           *.googletagmanager.com     www.google.de     www.google.com     www.google.co.in     s1674556495.t.eloqua.com           ssl.google-analytics.com     *.linkedin.com     *.twimg.com     bat.bing.com     p.adsymptotic.com     *.cloudfront.net     t.co           stats.g.doubleclick.net     data:     scoremodel-perkin-elmer.pantheonsite.io     p.adsymptotic.com;connect-src https://analytics.google.com  https://consent-api.onetrust.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://widget.citeab.com           gateway.zscalertwo.net   *.visualwebsiteoptimizer.com  app.vwo.com 'self'   hm.baidu.com aoeprogress-perkin-elmer.pantheonsite.io s1327051840.t.eloqua.com  *.perkinelmer.com   *.googleapis.com  *.kaltura.com     www.google-analytics.com     api.company-target.com     script.crazyegg.com     bat.bing.com     s.yimg.com     bam.nr-data.net  *.hubapi.com  js.hscta.net  *.hubspot.com  *.hs-banner.com  *.hscollectedforms.net  *.hsforms.com   https://forms.hsforms.com  https://hubspot-forms-static-embed  segments.company-target.com     s1674556495.t.eloqua.com     *.cloudfront.net     scoremodel-perkin-elmer.pantheonsite.io     tracking.crazyegg.com     stats.g.doubleclick.net     linkedin.com           *.analytics.edgekey.net;media-src     'self'     *.kaltura.com     *.cloudfront.net           *.perkinelmer.com      aoeprogress-perkin-elmer.pantheonsite.io     gateway.zscalertwo.net     scoremodel-perkin-elmer.pantheonsite.io           blob:;font-src     'self'     *.perkinelmer.com   aoeprogress-perkin-elmer.pantheonsite.io  d3d9hv42w7vz9m.cloudfront.net  fonts.gstatic.com     fast.fonts.net     *.cloudfront.net     *.fontawesome.com           cdnapisec.kaltura.com     data:     scoremodel-perkin-elmer.pantheonsite.io;child-src  'self' *.hsforms.com;worker-src           'self'           *.perkinelmer.com           gateway.zscalertwo.net     aoeprogress-perkin-elmer.pantheonsite.io      blob:;frame-src       *.youtube.com    app.fluorofinder.com   aoeprogress-perkin-elmer.pantheonsite.io  *.visualwebsiteoptimizer.com  app.vwo.com    big.d.doubleclick.net           gateway.zscalertwo.net           *.facebook.com    *.hubspot.com  *.hs-sites.com  *.hubspot.net  play.hubspotvideo.com  *.hsforms.net  *.hsforms.com       platform.twitter.com           *.kaltura.com       https://forms.hsforms.com/     *.perkinelmer.com           https://syndication.twitter.com 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/tr/; font-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube-nocookie.com https://www.facebook.com; form-action https://www.facebook.com/tr/; img-src 'self' data: https://static.devolksbank.nl https://devolksbank.imgix.net https://www.facebook.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://i.ytimg.com/vi/ https://www.facebook.com/tr/; manifest-src 'self'; script-src 'self' https://www.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1359765144453475 'sha256-oZF9T1PWM1N1iCJHp7/K1E2i5g/gFsTRoCZWCGLqSao=' 'sha256-Ox1hmngo3ksRqcjFloHVYamCQ1LWGZNru7dBt/8SH3A=' 'sha256-LPugrf/1WNtjKfPAG3N34z8q1LfZrwR+ZFCGduVYvQw=' 'sha256-A3FLUzI9D80O3iKob3Ugyrc9s33bKYVwKyDHLJwYwhA=' 'sha256-4KMiDrq0z6xQD6mCZxODCDtNxj89bcqZgMBjP4k9fUk=' 'sha256-B9Z1CTPhrrvywX12M6QKuNbk5hJJ4M0vbqS/ZPHa34o=' 'sha256-q6Gtn5DahqoF1uoUOOmGLiHfFjl9QmRpLlR81AbgUf4=' 'sha256-HBEUcQOkkAaEBNBKzU6zr9D9dfTMq5LonferbbDlpI4='; style-src 'self' 'sha256-mQ2fUfj1KdfzW99AvuuId7raZmtSNbR0nP5Q0XvZ9ns='; media-src 'self' https://static.devolksbank.nl; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' https://www.google.ca/ https://ajax.googleapis.com https://widget.surveymonkey.com https://www.sutherlandglobal.com https://ws-assets.zoominfo.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://consent.trustarc.com https://app-sj24.marketo.com https://go.sutherlandglobal.com https://vimeo.com https://www.vimeo.com https://www.google-analytics.com https://polyfill.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://tag.demandbase.com https://j.6sc.co https://script.crazyegg.com https://www.googletagmanager.com https://use.typekit.net https://munchkin.marketo.net https://cdn.jsdelivr.net https://www.googletagmanager.com https://sutherlandglobal.azureedge.net https://player.vimeo.com; img-src 'self' data: https://www.google.ca https://www.google.co.in https://prod.smassets.net https://www.sutherlandglobal.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.google.ee https://sutherlandglobal.azureedge.net https://privacy-policy.truste.com https://submit-irm.trustarc.com https://www.linkedin.com https://i.vimeocdn.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://consent.trustarc.com https://www.googletagmanager.com https://www.google.com.br https://www.google.com https://www.google-analytics.com https://p.typekit.net https://segments.company-target.com https://id.rlcdn.com https://b.6sc.co https://match.prod.bidr.io https://id.rlcdn.co; style-src 'self' 'unsafe-inline' https://www.sutherlandglobal.com https://sutherlandglobal.azureedge.net https://tags.srv.stackadapt.com https://app-sj24.marketo.com https://go.sutherlandglobal.com https://use.typekit.net https://fonts.googleapis.com https://use.typekit.net/umg3gzh.css https://p.typekit.net/p.css https://unpkg.com/swiper@9.4.1/swiper.min.css; font-src 'self' 'unsafe-inline' data: https://www.sutherlandglobal.com https://sutherlandglobal.azureedge.net https://fonts.gstatic.com https://use.typekit.net; upgrade-insecure-requests; block-all-mixed-content; media-src https://sgssutherlanduat-rg-cd.azurewebsites.net https://www.sutherlandglobal.com https://betaauth.sutherlandglobal.com https://vod-progressive.akamaized.net https://sgssutherlanduat-rg-cm.azurewebsites.net https://sutherlandglobal.azureedge.net https://player.vimeo.com; frame-src https://www.sutherlandglobal.com https://www.facebook.com https://13119425.fls.doubleclick.net https://betaauth.sutherlandglobal.com https://bid.g.doubleclick.net https://6736576.fls.doubleclick.net https://consent-pref.trustarc.com https://consent.trustarc.com https://app-sj24.marketo.com https://go.sutherlandglobal.com https://player.vimeo.com https://11068862.fls.doubleclick.net https://www.youtube-nocookie.com https://www.youtube.com; connect-src https://www.google.ca https://epsilon.6sense.com https://sutherlandglobal.com https://cdn.linkedin.oribi.io https://sgssutherlanduat-rg-cd.azurewebsites.net https://segments.company-target.com https://sutherlandglobal.azureedge.net https://region1.google-analytics.com https://ws.zoominfo.com https://spreadsheets.google.com https://www.sutherlandglobal.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://c.6sc.co https://tags.srv.stackadapt.com https://sgssutherlanduat-rg-cm.azurewebsites.net https://stats.g.doubleclick.net https://script.crazyegg.com https://668-neq-306.mktoresp.com https://www.google-analytics.com https://secure.adnxs.com https://ipv6.6sc.co https://api.company-target.com https://betaauth.sutherlandglobal.com; frame-ancestors 'self'; base-uri 'none'; manifest-src https://sutherlandglobal.azureedge.net https://sutherlandglobal.com https://sgssutherlanduat-rg-cd.azurewebsites.net; report-uri /api/cspviolation 1
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net https://quickapp/jssdk.webview.min.js https://apis.google.com https://g.alicdn.com *.aliapp.org *.alibaba.com *.aliyun.com https://webapi.amap.com *.amap.com https://accounts.google.com *.dns-detect.alicdn.com https://res2.wx.qq.com https://www.fxiaoke.com; frame-ancestors 'self' god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://*.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/  http://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top http://*.chinaso.com http://*.chinaso365.com http://*.huanleguang.com http://*.huanleguang.cn http://bj.96weixin.com http://*.haoche.cn https://*.haoche.cn http://*.haoche.cn:*/ http://*.shuaishou.com http://localhost:*  http://*.sensorsdata.cn http://*.uupoop.com/ https://*.fnwenjuan.cn http://*.mangoerp.com http://mangoerp.com http://*.dianxiaomi.com http://*.eccang.com/ http://*.smartapps.cn http://*.chaojimoban.com http://*.dianxiaobao.net http://*.elstgl.com http://*.maimiao.icu/ http://*.lediaocha.com http://cloud.ekuajing.cn http://172.16.23.196:1234/ http://fabu.yxbf.net http://*.wenjuan.com:* https://sirius-desktop-web.lx.netease.com https://*.cowork.netease.com:* https://*.office.163.com http://*.xbongbong.com http://*.amywechat.com http://*.shangqiukuajing.com https://www.wenjuan.top https://www.wenjuan.in https://www.wenjuan8.cn https://www.wenjuan.design https://www.wenjuan.com http://*.ecsale8.com http://*.b2csupply1.com http://*.jm-erp.com http://jm-erp.com http://*.sellerwell.com https://apis.google.com http://*.gf.com.cn https://gallery.shuiditech.com 1
frame-ancestors 'self' https://www.matrimonio.com https://community.matrimonio.com https://landing.matrimonio.com 1
frame-ancestors 'self' www.targoversicherung.de; 1
frame-ancestors 'self' http://*.umh.es  http://*.edu.umh.es https://*.umh.es  https://*.edu.umh.es; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.materiel.net *.ldlc.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.typekit.net www.gstatic.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com bat.bing.com connect.facebook.net *.g.doubleclick.net *.facebook.com www.google.com www.google.fr www.youtube.com www.youtube-nocookie.com *.twitch.tv userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net chat.userlike.com *.cloudfront.net *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com fonts.googleapis.com *.clarity.ms fonts.gstatic.com *.bing.com *.groupe-ldlc.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com dl.asnapieu.com;frame-ancestors 'self'; 1
default-src 'self';font-src 'self';form-action 'self' https://*.scalable.capital;script-src-attr 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://static.ads-twitter.com https://pa.videobeat.net https://amplify.outbrain.com https://cdn.jsdelivr.net https://www.google-analytics.com https://*.cookiebot.com https://*.force.com https://snap.licdn.com https://secure.quantserve.com https://rules.quantcount.com https://www.googleoptimize.com https://*.salesforceliveagent.com https://scalablecap.my.salesforce.com https://scalablecap.my.salesforce-sites.com https://*.scalable.capital https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu;style-src https://scalablecap.secure.force.com https://service.force.com https://scalablecap.my.salesforce-sites.com 'self' 'unsafe-inline';img-src 'self' data:  https://*.scalable.capital https://bat.bing.com https://pa.videobeat.net https://px.ads.linkedin.com https://pixel.quantserve.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.es https://www.google.it https://www.google.fr https://www.google.nl https://www.google.at https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.usercentrics.eu;object-src 'none';frame-src https://service.force.com https://*.scalable.capital https://scalable.capital https://www.youtube-nocookie.com;connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com https://bat.bing.com https://eu-api.friendlycaptcha.eu https://cdn.linkedin.oribi.io https://api.friendlycaptcha.com https://*.scalable.capital https://scalable.capital https://scalablecap.my.salesforce-sites.com https://scalablecap.secure.force.com https://*.usercentrics.eu;worker-src blob: ;child-src blob: ;frame-ancestors 'self' https://*.scalable.capital;base-uri 'self';upgrade-insecure-requests 1
frame-ancestors 'self' folder.aldi.nl experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self' https://*.dukascopy.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://*.hotjar.com https://*.google.com https://*.googletagmanager.com ; script-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dukascopy.com https://*.hotjar.com https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://freeserv-static.dukascopy.com https://freeserv.dukascopy.com ; style-src 'self' 'unsafe-inline' https://*.dukascopy.com https://*.dukascopy.jp ; object-src 'none' ; frame-ancestors 'self' ; form-action 'self' ; frame-src 'self' data: blob: https://*.cloudflare.com https://*.dukascopy.jp https://*.dukascopy.com https://*.google.com/ ; img-src 'self' 'unsafe-inline' https://*.dukascopy.com https://*.dukascopy.jp https://*.google.com https://*.google-analytics.com https://*.hotjar.com data: blob:; font-src 'self' 'unsafe-inline' https://freeserv-static.dukascopy.com https://*.hotjar.com data:; media-src * data: blob:; connect-src 'self' https://*.dukascopy.com https://*.dukascopy.online https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.dukascopy.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com 1
frame-ancestors www.bitforex.com coin360.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * data: 'unsafe-eval' 'unsafe-inline' blob: http: https:; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.diffords.com *.diffordsguide.com getaddress-cdn.azureedge.net stats.g.doubleclick.net api.getaddress.io *.googleapis.com  *.gstatic.com *.google.co.uk connect.facebook.net *.facebook.com *.amazon.com *.typekit.net certify-js.alexametrics.com *.google.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com api-cdn.amazon.com *.myfonts.net live.sagepay.com test.sagepay.com pi-live.sagepay.com pi-test.sagepay.com d31qbv1cthcecs.cloudfront.net *.googletagmanager.com *.google-analytics.com *.slideshare.net *.issuu.com; frame-ancestors 'self'; object-src 'self' maps.google.co.uk; img-src 'self' data: * 1
frame-ancestors https://app.optimizely.com https://optmizely.com www.optmizely.com 1
frame-ancestors 'self' ercot.com *.ercot.com 1
frame-ancestors 'self' https://codepen.io https://cdpn.io https://qatarairways.com https://qatarairways.com.qa https://*.qatarairways.com https://*.qatarairways.com.qa https://www.katara.net https://genevamotorshow.com https://*.discoverqatar.qa https://discoverqatar.qa https://dq-staging-b2b.vibe.travel https://dq-staging-b2c.vibe.travel https://*.qf.org.qa https://*.decc.qa https://www.the-afc.com 1
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com/ https://www.google.com/ https://partner.googleadservices.com/ https://cse.google.com/ https://use.typekit.net/ https://www.gstatic.com/ https://az416426.vo.msecnd.net/ https://googleads.g.doubleclick.net/ https://*.vivotek.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://snap.licdn.com/ https://js.adsrvr.org/;   img-src 'self' data: https:;   frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://syndicatedsearch.goog/ https://match.adsrvr.org/ https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://insight.adsrvr.org/ https://www.adsensecustomsearchads.com/;   style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/;   font-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/;   connect-src 'self' https://webapi.vivotek.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://p.typekit.net/ https://dc.services.visualstudio.com/ https://use.typekit.net/ https://px.ads.linkedin.com/ https://www.google-analytics.com/;         frame-ancestors https://beta.vivotek.com https://delta.plexiland.io; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.openeye.net *.avertx.com *.bigcommerce.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.remarketstats.com *.licdn.com *.linkedin.com *.clickcertain.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.amazonaws.com cdnjs.cloudflare.com *.pardot.com *.hotjar.com wss: *.hotjar.com; img-src * data:; media-src * data:; 1
frame-ancestors https://www.domainesia.com/ https://my.domainesia.com/ 1
frame-ancestors 'self' https://app.kontent.ai 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=GB&lang=en-GB&device=desktop&yrid=73kqic9iquapc&partner=; 1
script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js google.com *.google-analytics.com *.doubleclick.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com bat.bing.com snap.licdn.com www.clarity.ms *.clarity.ms cdn-cookieyes.com *.hotjar.com js.hsadspixel.net js.hs-banner.com analytics.tiktok.com js.hscollectedforms.net *.sharethis.com *.hsforms.net *.usemessages.com *.sc-static.net sc-static.net *.snapchat.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.googleadservices.com ka-p.fontawesome.com cdn2.hubspot.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com devsitefinitystorage.blob.core.windows.net bat.bing.com www.google.com google.com px.ads.linkedin.com dev.transactcampus.com cdn-cookieyes.com *.clarity.ms *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.googleusercontent.com *.hotjar.com *.snapchat.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net dummyimage.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com ka-p.fontawesome.com *.hotjar.com; frame-src *.transactcampus.com 0ecf577fddb14f62ad2eaa098f4a5f08.svc.dynamics.com https://www.youtube.com https://player.vimeo.com https://devsitefinitystorage.blob.core.windows.net https://dev.transactcampus.com google.com *.hotjar.com *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.snapchat.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.monday.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com stats.g.doubleclick.net log.cookieyes.com cdn-cookieyes.com google.com *.google.com *.clarity.ms *.cookieyes.com *.hubapi.com *.tiktok.com *.hubspot.com *.hsforms.com *.hsforms.net forms.hubspot.com *.hotjar.io *.hotjar.com *.sharethis.com *.hscollectedforms.net *.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.hscta.net *.hs-banner.com *.bitsighttech.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://devsitefinitystorage.blob.core.windows.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com google.com www.clarity.ms 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://spatial-iframe-tester.vercel.app/; object-src 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://www.visitdenmark.com https://*.www.visitdenmark.com https://api.www.www.visitdenmark.com 1
default-src 'self' blob: *.mfilterit.net youtube.googleapis.com api.twitter.com graph.facebook.com *.hdfclife.net *.hdfclife.tech *.hdfclife.com www.google-analytics.com www.googletagmanager.com static.cloudflareinsights.com *.notifyvisitors.com; img-src 'self' *.clarity.ms c.clarity.ms p1.zemanta.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com hdfclifecjauat.112.2o7.net *.visualwebsiteoptimizer.com maps.gstatic.com *.mfilterit.net dm.hybrid.ai dss.hybrid.ai mediasmart.io 3ma79ae7cua.com adgebra.co.in data: dpm.demdex.net *.adsymptotic.com t.co s7ap1.scene7.com analytics.twitter.com *.fbcdn.net *.quora.com alb.reddit.com advertiser.inmobiapis.com p.adsymptotic.com www.linkedin.com s0.2mdn.net *.notifyvisitors.com tr.outbrain.com sp.analytics.yahoo.com s7ap1.scene7.com connect.facebook.net *.doubleclick.net *.taboola.com hdfclife.sc.omtrdc.net ade.clmbtech.com ade.clmbtech.com www.googletagmanager.com i.ytimg.com cm.everesttech.net pixel.mathtag.com maps.googleapis.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com; script-src 'self' blob: *.visualwebsiteoptimizer.com app.vwo.com *.mfilterit.net 'unsafe-inline' 'unsafe-eval' *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.instagram.com platform.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com assets.adobedtm.com static.cloudflareinsights.com www.googletagmanager.com pixel.mathtag.com www.google-analytics.com unpkg.com *.vizury.com lifeai.api-hdfclife.com *.doubleclick.net connect.facebook.net snap.licdn.com www.googletagservices.com pagead2.googlesyndication.com www.gstatic.com www.youtube.com maps.googleapis.com hdfclife.demdex.net *.taboola.com s3.amazonaws.com s.yimg.com amplify.outbrain.com ajax.googleapis.com tr.outbrain.com  www.googletagmanager.com hdfclife.demdex.net www.google-analytics.com assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com; font-src 'self' *.mfilterit.net *.notifyvisitors.com fonts.gstatic.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net data:; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.mfilterit.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net fonts.googleapis.com *.mfilterit.net *.notifyvisitors.com cdn.jsdelivr.net;  frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com spa.gy ak.gotrackier.com adgebra.co.in *.mfilterit.net td.doubleclick.net emd.hybrid.ai tsdtocl.com cdn1.spa.gy lms.mdsmedia.co.in lifeai-widget.apps-hdfclife.com www.facebook.com www.linkedin.com *.notifyvisitors.com *.twitter.com www.instagram.com *.doubleclick.net *.fls.doubleclick.net www.youtube.com youtube.com hdfclife.demdex.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net pixel.mathtag.com sg-pl.vizury.com www.google.com; connect-src 'self' edge.adobedc.net *.clarity.ms adobedc.demdex.net p.clarity.ms px.ads.linkedin.com tr.outbrain.com api.fido.id *.visualwebsiteoptimizer.com app.vwo.com fpf.hybrid.ai cdn.linkedin.oribi.io cuberatechnology.piwik.pro cubera.services pixel.cubera.services *.mfilterit.net *.hdfclife.com vspagy.com bcp.crwdcntrl.net *.hdfclife.tech *.hdfclife.net s.yimg.com *.taboola.com hdfclife.sc.omtrdc.net *.google.com maps.googleapis.com *.doubleclick.net www.google-analytics.com wss://wsshm.notifyvisitors.com dpm.demdex.net hdfclife.tt.omtrdc.net *.notifyvisitors.com; script-src-elem 'self' www.clarity.ms js-tag.zemanta.com a.quora.com wave.outbrain.com app.vwo.com code.fido.id script.mfilterit.net *.visualwebsiteoptimizer.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net 'unsafe-inline' cubera.containers.piwik.pro googleads.g.doubleclick.net www.googleadservices.com pixel.cubera.services www.googleadservices.com *.hybrid.ai cuberatechnology.containers.piwik.pro cubera.services assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com www.googletagmanager.com lifeai.api-hdfclife.com cdn.jsdelivr.net www.google-analytics.com www.instagram.com *.twitter.com cdnjs.cloudflare.com hdfclife.demdex.net ad.doubleclick.net connect.facebook.net *.taboola.com snap.licdn.com s.yimg.com www.googletagservices.com pagead2.googlesyndication.com unpkg.com t.co static.ads-twitter.com www.youtube.com tsdtocl.com amplify.outbrain.com www.google.com www.redditstatic.com *.inmobicdn.net tr.outbrain.com ajax.googleapis.com www.gstatic.com maps.googleapis.com tags.crwdcntrl.net; worker-src 'self' blob: 1
frame-ancestors *.finicity.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finicitystg.com *.googletagmanager.com *.google-analytics.com *.driftt.com cdn.cookielaw.org assets.adobedtm.com metrics.mastercard.com smetrics.mastercard.com blob:;object-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://*.stream.cz https://*.televizeseznam.cz https://*.seznam.cz; report-uri /cspreport; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.express-scripts.com *.mdlive.com *.adobedtm.com *.qualtrics.com *.cigna.com *.s3.amazonaws.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com dhp9h38k54c62.cloudfront.net; child-src 'self' blob: *.mdlive.com *.express-scripts.com *.s3.amazonaws.com *.youtube.com *.vimeo.com *.google.com dhp9h38k54c62.cloudfront.net; connect-src 'self' *.mdlive.com *.mktoresp.com *.adobedtm.com *.brightcove.com *.s3.amazonaws.com *.qualtrics.com *.mktoutil.com *.nr-data.net *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net *.prod.boltdns.net *.akamaihd.net app.link *.express-scripts.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.optimizely.com *.googlesyndication.com *.bing.com dhp9h38k54c62.cloudfront.net; font-src 'self' data: *.mdlive.com fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com dhp9h38k54c62.cloudfront.net; frame-src 'self' *.mdlive.com static.addtoany.com *.marketo.com *.demdex.net *.brightcove.net *.s3.amazonaws.com *.trustpilot.com *.qualtrics.com *.youtube.com *.vimeo.com activitymap.adobe.com pixel.sitescout.com *.facebook.com *.google.com *.doubleclick.net dhp9h38k54c62.cloudfront.net; img-src 'self' data: *.mdlive.com *.brightcove.com brightcove.hs.llnwd.net *.destinationrx.com *.qualtrics.com *.s3.amazonaws.com *.marketo.com *.express-scripts.com *.branch.io *.omtrdc.net *.edge.adobedc.net *.demdex.net *.everesttech.net *.prod.boltdns.net i.ytimg.com app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com px.gumgum.com *.reddit.com pixel.sitescout.com *.facebook.com *.googletagmanager.com *.google.com bat.bing.com dhp9h38k54c62.cloudfront.net; media-src 'self' blob: *.brightcove.com *.s3.amazonaws.com *.prod.boltdns.net dhp9h38k54c62.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mdlive.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net *.qualtrics.com *.s3.amazonaws.com activitymap.adobe.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com js-agent.newrelic.com cdn01.basis.net *.redditstatic.com *.facebook.com *.facebook.net *.google.com *.optimizely.com *.pardot.com *.gstatic.com *.doubleclick.net bat.bing.com assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://widget.trustpilot.com https://www.google.com dhp9h38k54c62.cloudfront.net; style-src 'self' 'unsafe-inline' *.mdlive.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.s3.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com dhp9h38k54c62.cloudfront.net; frame-ancestors 'self' *.express-scripts.com *.mdlive.com 1
script-src 'report-sample' data: 'nonce-e08ec1f1d8866c56589e3eb03b028981-argus' 'strict-dynamic' 'self' 'unsafe-eval' blob: *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.baidu.com *.byteimg.com; connect-src 'self' *.bytedance.net *.snssdk.com *.zijieapi.com *.byted.org *.ugsdk.cn *.bytedance.com hm.baidu.com *.usergrowth.com.cn *.bytescm.com *.toutiao.com *.yhgfb-cn-static.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytetos.com *.ibytedapm.com *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.byteimg.com; frame-ancestors 'self' *.feishu.cn; report-to slardar-endpoint; 1
frame-ancestors 'self' *.saveonfoods.com *.saveonfoods.com 1
default-src 'none'; frame-src https://www.youtube-nocookie.com; img-src 'self' https://img.shields.io data: https://raw.githubusercontent.com https://github.com; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src data: 'self'; connect-src 'self' https://stats.anima.nz/count; object-src 'none'; media-src 'self'; 1
base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://dekudeals.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; script-src 'nonce-838d9074bfe8030c519ece30046525b0' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.de https://tms.parship.de https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; connect-src 'self' https://cms.boerse-frankfurt.de/ https://analytics.deutsche-boerse.com/ http://analytics-sim.deutsche-boerse.com:8443/ https://analytics-sim.deutsche-boerse.com:8443/ https://*.userlike.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ wss://umd.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-operators.userlike.com/ https://userlike-cdn-widgets.userlike.com/ https://www.youtube.com/ https://stats.g.doubleclick.net https://bat.bing.com/ http://api-gateway/v1/ https://sso.boerse-frankfurt.de/ wss://mds.ariva-services.de/ https://api.boerse-frankfurt.de/v1/mdstokenservice/ https://api.boerse-frankfurt.de/ https://*.boerse-frankfurt.de/; frame-src 'self' blob: https://*.vontobel.com https://www.youtube-nocookie.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.boerse-frankfurt.de https://www.podcaster.de/; script-src 'self' https://cms.boerse-frankfurt.de/ https://analytics.deutsche-boerse.com/ http://analytics-sim.deutsche-boerse.com:8443/ https://analytics-sim.deutsche-boerse.com:8443/ https://*.userlike.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ wss://umd.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-operators.userlike.com/ https://userlike-cdn-widgets.userlike.com/ https://www.youtube.com/ https://stats.g.doubleclick.net https://bat.bing.com/ https://www.gstatic.com/charts/ https://platform.twitter.com/ 'sha256-nL2mFRMVAY+0lZ9Gwzpvq22ER8MgmkxEV9f1K1MUVEc=' 'sha256-gXdTC0eBRttn35g38VWPZIZEAoBpXDlAsPMmH+8Smww=' 'sha256-FOpTQzNbEA1aP7/4QTPbqpuvybkRPbNAlDgBO7Cz65Y=' 'sha256-q4+R1TAdvMMStD1G/Bq+WQuiok3CtCtFveHOFFc4aaY=' 'sha256-EkfbOWcQRXYISFt1MoPRt/gnsgjmwt1cb1XK9EhIE18=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'sha256-N9e1tGxQnBQxRZsLfacJh9nS56HygtbQL/UwfxPi8y8=' 'sha256-Q+D/f3WqGeAX9CzFC4zXwVauFencuFghKrjMR0Qq2E8=' 'sha256-RbJBqlerz8MEZh2M28xnJ92I5eesS7VzETvpsA+89CQ=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'unsafe-eval' https://www.boerse-frankfurt.de/; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ ; img-src 'self' blob: data: https://cms.boerse-frankfurt.de/ https://erscontent.deutsche-boerse.com/ https://charts.boerse-frankfurt.de/boerse_frankfurt_widgets/chart.m https://*.pressetext.com/ https://*.ytimg.com/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://userlike-cdn-operators.userlike.com/ https://*.boerse-frankfurt.de ; font-src 'self' moz-extension: https://userlike-cdn-umm.b-cdn.net/ https://fonts.gstatic.com/ ; media-src 'self' data: ; report-uri /csp-violation; 1
default-src blob: 'self' *.selinc.com; child-src blob: https://players.brightcove.net *.facebook.com connect.facebook.net; connect-src 'self' blob: *.selinc.com https://selinc.com https://cdn.contentstack.io https://images.contentstack.io https://dc.services.visualstudio.com *.akamaihd.net *.brightcove.com https://players.brightcove.net https://manifest.prod.boltdns.net http://manifest.prod.boltdns.net *.crazyegg.com *.facebook.com connect.facebook.net https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.google.com https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://translate.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.instagram.com https://api.ipify.org https://cdn.linkedin.oribi.io https://*.clarity.ms wss://ektronmessagehubprod.service.signalr.net performance.typekit.net https://p.typekit.net https://use.typekit.net https://www.bing.com https://www3.lenoxsoft.com https://gateway.zscaler.net https://api.userback.io; font-src 'self' data: *.selinc.com https://selinc.com https://discover.selinc.com https://use.fontawesome.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com https://static.userback.io; frame-src *.selinc.com https://discover.selinc.com https://cdncache-a.akamaihd.net https://players.brightcove.net *.crazyegg.com *.facebook.com connect.facebook.net https://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com https://googleleads.g.doubleclick.net https://www.googleadservices.com https://api.heartlandportico.com https://hps.github.io https://html5-player.libsyn.com https://oembed.libsyn.com https://snap.licdn.com https://px.ads.linkedin.com https://players.brightcove.net *.id.opendns.com *.pardot.com https://pigeonhole.at/ https://platform.twitter.com https://syndication.twitter.com; img-src android-webview: android-webview-video-poster: data: * https://images.contentstack.io https://region1.google-analytics.com https://region1.analytics.google.com https://c.bing.com https://c.clarity.ms; media-src 'self' blob: data: *.selinc.com https://bcbolt446c5271-a.akamaihd.net *.brightcove.com *.brightcovecdn.com https://hls.cf.brightcove.com https://secure.brightcove.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com https://manifest.prod.boltdns.net http://manifest.prod.boltdns.net; object-src 'self' https://players.brightcove.net; script-src 'unsafe-inline' 'unsafe-eval' blob: *.selinc.com https://prodcdn.selinc.com https://selinc.com https://selinc.csod.com https://sel2fe.ad.selinc.com:3000 https://unpkg.com *.vo.msecnd.net https://cdncache-a.akamaihd.net *.brightcove.com *.brightcove.net https://players.brightcove.net https://map.brightcove.com https://cdn-cs.conductor.com *.crazyegg.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.facebook.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://pi.pardot.com https://cdn.syndication.twimg.com https://platform.twitter.com use.typekit.net https://www.youtube.com https://vjs.zencdn.net https://asok.nypa.gov https://www3.lenoxsoft.com https://static.userback.io; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: *.selinc.com https://prodcdn.selinc.com https://selinc.com https://selinc.csod.com https://sel2fe.ad.selinc.com:3000 https://unpkg.com *.vo.msecnd.net https://cdncache-a.akamaihd.net *.brightcove.com *.brightcove.net https://players.brightcove.net https://map.brightcove.com https://cdn-cs.conductor.com *.crazyegg.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.facebook.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://pi.pardot.com https://cdn.syndication.twimg.com https://platform.twitter.com use.typekit.net https://www.youtube.com https://vjs.zencdn.net https://asok.nypa.gov https://www3.lenoxsoft.com https://static.userback.io; style-src 'self' blob: 'unsafe-inline' *.selinc.com https://prodcdn.selinc.com https://players.brightcove.net https://connect.facebook.net https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com *.twimg.com https://platform.twitter.com https://p.typekit.net use.typekit.net https://static.userback.io; style-src-elem 'self' blob: 'unsafe-inline' *.selinc.com https://prodcdn.selinc.com https://players.brightcove.net https://connect.facebook.net https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://www.googletagmanager.com *.twimg.com https://platform.twitter.com https://p.typekit.net use.typekit.net https://static.userback.io; worker-src 'self' blob:; base-uri 'self' about: https://manifest.prod.boltdns.net https://secure.brightcove.com; report-uri /api/cspNotification/ 1
default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://bancobcr.com ;frame-src https://www.bancobcr.com https://ventadebienes.bancobcr.com https://www.youtube.com https://bcrcita.bancobcr.com https://bcrinstance.secure.force.com https://bcrinstance.my.salesforce-sites.com https://forms.office.com https://www.google.com https://checkout.placetopay.com https://onboarding.bancobcr.com https://www.facebook.com http://www.bancobcr.com https://cloud.info.bancobcr.com/; 1
frame-ancestors 'self' *.moffitt.org *.googletagmanager.com *.youtube.com *.doubleclick.net *.adsrvr.org *.google.com; img-src * data:; 1
frame-ancestors 'self' firesidegatherings.com *.firesidegatherings.com localhost localhost:* *.corp.blizzard.net; 1
frame-ancestors https://*.kjell.com; base-uri 'self' 1
frame-ancestors https://*.bewakoof.com/ https://microapps.google.com/ 'self' 1
frame-ancestors 'self' https://shop.doterra.com; 1
frame-ancestors 'self' http://www.philips.fr *.philips.com *.philips.fr https://philipsigtdpv.com 1
frame-ancestors 'self' *.kaiza.la file://* 1
default-src 'self';frame-src *;connect-src *; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src 'self' blob: data: *; child-src 'self' blob: *; font-src *; frame-ancestors 'self' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' dfs.co.uk *.dfs.co.uk https://agent.vee24.com https://cdn-ukwest.onetrust.com/consent//.json; 1
default-src https:; connect-src https: wss://*.examsoft.io; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src 'self' https://fonts.gstatic.com https://www.wiris.net; 1
default-src 'self' *.latoken.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com data: moments.latoken.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com *.segment.io *.segment.com static.tildacdn.com fonts.googleapis.com *.tilda.ws *.tildacdn.com gso.amocrm.com *.twitter.com *.twimg.com moments.latoken.com promo.latoken.com *.sendbird.com; manifest-src 'self' 'unsafe-inline' cdn-new.latoken.com; script-src 'unsafe-inline' *.twitter.com *.twimg.com *.visualwebsiteoptimizer.com *.segment.com *.segment.io app.vwo.com gso.amocrm.ru gso.amocrm.com latoken.breezy.hr static.cloudflareinsights.com latoken.com vctv.latoken.com connect.facebook.net mc.yandex.ru *.smartlook.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.youtube.com *.tradingview.com *.zdassets.com *.zopim.com www.google.com www.gstatic.com cdn-new.latoken.com *.hcaptcha.com https://hcaptcha.com *.sendbird.com 'self' *.securionpay.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in; connect-src 'self' *.latoken.com wss://*.latoken.com mc.yandex.ru *.smartlook.cloud *.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com *.hcaptcha.com *.breezy.hr *.zdassets.com *.zendesk.com *.zopim.com *.locize.app sentry.latoken.com:8443 www.gstatic.com wss://widget-mediator.zopim.com api.mercuryo.io oplata.qiwi.com fp.qiwi.com w.qiwi.com edge.qiwi.com my.qiwi.com pay.settlepay.net www.facebook.com connect.facebook.net stat.tildacdn.com gso.amocrm.com gso.amocrm.ru forms.tildacdn.com wss://*.cbox.ws widget.mercuryo.io hooks.zapier.com *.visualwebsiteoptimizer.com *.segment.io *.segment.com *.sendbird.com wss://*.sendbird.com *.securionpay.com ws.coincodex.com coincodex.com *.googleapis.com assets.transak.com s2.coinmarketcap.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in; frame-src *.visualwebsiteoptimizer.com *.segment.com *.segment.io latoken.com *.latoken.com www.google.com api.mercuryo.io oplata.qiwi.com fp.qiwi.com w.qiwi.com edge.qiwi.com my.qiwi.com pay.settlepay.net pay.itez.com trade-ui.coinify.com widget.xanpool.com embed.bitrefill.com www.youtube.com www.facebook.com connect.facebook.net gso.amocrm.com gso.amocrm.ru *.cbox.ws widget.mercuryo.io *.twitter.com *.doubleclick.net *.securionpay.com hcaptcha.com *.hcaptcha.com pay.mrcr.io pay.mercuryo.io *.hcaptcha.com *.sendbird.com *.coincodex.com https://platform.onmeta.in/onmeta-sdk.js www.onmeta.in/onmeta-sdk.js *.onmeta.in https://js.dev.shift4.com/ https://api.shift4.com/; img-src 'self' blob: data: latoken.com *.latoken.com moments.latoken.com www.gstatic.com www.google-analytics.com www.facebook.com mc.yandex.ru *.tildacdn.com www.google.com www.google.ru www.google.com.ua www.google.de www.google.ge img.youtube.com *.twimg.com *.twitter.com gso.amocrm.com gso.amocrm.ru *.visualwebsiteoptimizer.com *.segment.io *.segment.com *.sendbird.com sendbird-eu-1.s3.amazonaws.com *.zopim.io *.coincodex.com s2.coinmarketcap.com; worker-src self latoken.com *.latoken.com blob:; media-src 'self' *.latoken.com *.zdassets.com 1
frame-ancestors signaviogtmplatform.my.salesforce.com signavio.force.com; 1
default-src 'self';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://*.google-analytics.com *.google-analytics.com https://api.zuko.io https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net;img-src 'self' data: https://fonts.gstatic.com https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com https://www.google.co.uk https://*.analytics.google.com;object-src 'none';font-src 'self' https://consent.trustarc.com https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com https://www.youtube-nocookie.com;frame-ancestors 'none';upgrade-insecure-requests;base-uri 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net *.azurewebsites.net api.massrelevance.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: images.unsplash.com source.unsplash.com www.google.co.in my.tealiumiq.com collect.tealiumiq.com www.google.de assets-us-01.kc-usercontent.com preview-assets-us-01.kc-usercontent.com *.kc-usercontent.com www.facebook.com t.co www.google-analytics.com www.google.com www.google.co.uk i.ytimg.com maps.gstatic.com maps.googleapis.com images.ctfassets.net lamama.org api.massrelevance.com *.instagram.com *.cdninstagram.com pbs.twimg.com massrel-pub.a.ssl.fastly.net *.fbcdn.net *.linkedin.com p.adsymptotic.com consent.trustarc.com consent-pref.trustarc.com analytics.twitter.com; frame-src www.youtube.com share.transistor.fm www.facebook.com consent-pref.trustarc.com analytics.twitter.com https://apps.mypurecloud.com/; script-src 'unsafe-eval' 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com my.tealiumiq.com collect.tealiumiq.com connect.facebook.net analytics.twitter.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com maps.googleapis.com *.search.windows.net cdn.datatables.net cdnjs.cloudflare.com unpkg.com www.elanco.com api.massrelevance.com snap.licdn.com/li.lms-analytics/insight.min.js static.doubleclick.net googleads.g.doubleclick.net snap.licdn.com/li.lms-analytics/insight.old.min.js consent.truste.com consent.trustarc.com elanco.com consent-pref.trustarc.com https://apps.mypurecloud.com/ https://dhqbrvplips7x.cloudfront.net; connect-src cdn.linkedin.oribi.io *.search.windows.net *.azurewebsites.net www.elanco.com elanco.com collect.tealiumiq.com api.massrelevance.com https://region1.google-analytics.com/ *.tealiumiq.com www.google-analytics.com stats.g.doubleclick.net analytics.twitter.com www.facebook.com 1
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net;object-src *;style-src 'self' 'unsafe-inline';img-src 'self' blob: data: *.akstat.io;media-src 'self';frame-src 'self';font-src 'self' data:;connect-src 'self' *.akstat.io *.go-mpulse.net;report-to M 1
base-uri 'self' https://optimize.google.com http://optimize.google.com optimize.google.com; default-src 'self'; child-src 'self' https://www.facebook.com http://www.facebook.com www.facebook.com https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://mczbf.com http://mczbf.com mczbf.com https://kdukvh.com http://kdukvh.com kdukvh.com https://emjcd.com http://emjcd.com emjcd.com https://cj.dotomi.com http://cj.dotomi.com cj.dotomi.com https://members.cj.com http://members.cj.com members.cj.com; connect-src 'self' https://eshop.martinus.sk http://eshop.martinus.sk eshop.martinus.sk https://cake4.martinus.sk http://cake4.martinus.sk cake4.martinus.sk https://rs3.martinus.sk http://rs3.martinus.sk rs3.martinus.sk https://rs4.martinus.sk http://rs4.martinus.sk rs4.martinus.sk https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.luigisbox.com http://*.luigisbox.com *.luigisbox.com https://api.infinario.com http://api.infinario.com api.infinario.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://bam-cell.nr-data.net http://bam-cell.nr-data.net bam-cell.nr-data.net https://mrecs.algopine.com http://mrecs.algopine.com mrecs.algopine.com https://optimize.google.com http://optimize.google.com optimize.google.com https://sentry.io http://sentry.io sentry.io https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://vc.hotjar.io http://vc.hotjar.io vc.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://measure.martinus.cz http://measure.martinus.cz measure.martinus.cz https://measure.martinus.sk http://measure.martinus.sk measure.martinus.sk https://content.hotjar.io http://content.hotjar.io content.hotjar.io; font-src https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://script.hotjar.com http://script.hotjar.com script.hotjar.com data:; form-action 'self' https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://dva.martinus.sk http://dva.martinus.sk dva.martinus.sk https://ja.martinus.sk http://ja.martinus.sk ja.martinus.sk https://www.martinus.sk/my/profile http://www.martinus.sk/my/profile www.martinus.sk/my/profile; frame-src 'self' https://www.youtube.com http://www.youtube.com www.youtube.com https://www.facebook.com http://www.facebook.com www.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com staticxx.facebook.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://bid.g.doubleclick.net http://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com http://www.google.com www.google.com https://api.infinario.com http://api.infinario.com api.infinario.com https://creativecdn.com http://creativecdn.com creativecdn.com https://*.creativecdn.com http://*.creativecdn.com *.creativecdn.com https://helpdesk.martinus.sk http://helpdesk.martinus.sk helpdesk.martinus.sk https://*.ladesk.com http://*.ladesk.com *.ladesk.com https://docs.google.com http://docs.google.com docs.google.com https://inres.uspech.sk http://inres.uspech.sk inres.uspech.sk https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://martinus.us17.list-manage.com http://martinus.us17.list-manage.com martinus.us17.list-manage.com https://optimize.google.com http://optimize.google.com optimize.google.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://form.typeform.com http://form.typeform.com form.typeform.com; img-src * data:; media-src https://download.dibuk.eu http://download.dibuk.eu download.dibuk.eu; object-src 'none'; manifest-src 'self' https://www.martinus.sk/manifest.json http://www.martinus.sk/manifest.json www.martinus.sk/manifest.json https://www.martinus.cz/manifest.json http://www.martinus.cz/manifest.json www.martinus.cz/manifest.json; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://tagmanager.google.com http://tagmanager.google.com tagmanager.google.com https://cdn.luigisbox.com http://cdn.luigisbox.com cdn.luigisbox.com https://optimize.google.com http://optimize.google.com optimize.google.com https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://embed.typeform.com http://embed.typeform.com embed.typeform.com 'unsafe-inline'; worker-src 'self' https://api.infinario.com http://api.infinario.com api.infinario.com; 1
default-src 'self' chat.ind.nl; script-src 'self' statistiek.rijksoverheid.nl piwik.dtnr.nl statistics.ind.nl chat.ind.nl deploy.mopinion.com collect.mopinion.com *.seamly-app.com 'nonce-NtpUdKhZdSgjsCThqyGARk7YGbnBnHnG'; style-src 'self' 'unsafe-inline' *.mopinion.com *.seamly-app.com chat.ind.nl; img-src 'self' data: statistics.ind.nl *.mopinion.com chat.ind.nl; font-src 'self' *.mopinion.com chat.ind.nl; connect-src 'self' *.seamly-app.com *.mopinion.com chat.ind.nl ws:; base-uri 'self' 1
default-src 'self'; connect-src 'self' wss://identi.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; font-src 'self' cdnjs.cloudflare.com; img-src *; object-src 'none'; media-src *; child-src 'self' www.youtube.com; frame-ancestors 'none' 1
default-src 'self' https://media.nedigital.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://public-api.thor.zopsmart.com https://*.omni.fairprice.com.sg https://maps.googleapis.com https://*.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://*.google.com https://www.facebook.com https://connect.facebook.net https://*.omguk.com https://*.googlesyndication.com https://*.fairprice.com.sg https://cdemux.appspot.com https://staticcdn.enzymic.co https://storage.googleapis.com https://110006471.collect.igodigital.com/collect.js https://fairprice.api.sociaplus.com/custom/fairprice https://s.yimg.com https://sp.analytics.yahoo.com/ https://t.contentsquare.net https://app.contentsquare.com https://*.bazaarvoice.com http://display.ugc.bazaarvoice.com/ http://stg.api.bazaarvoice.com/ http://api.bazaarvoice.com/ https://mpsnare.iesnare.com https://js.adsrvr.org/ https://analytics.tiktok.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://cdn.sprig.com/ https://cdn-assets-prod.s3.amazonaws.com https://*.abtasty.com https://*.googleapis.com https://*.salefinder.com.au https://*.nedigital.sg; connect-src 'self' https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://*.thor.zopsmart.com https://*.omni.fairprice.com.sg http://endpoint-publisher-service https://*.cybersource.com http://go-platform-website https://tagmanager.google.com https://*.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://*.omguk.com https://*.fairprice.com.sg https://cdemux.appspot.com https://adservice.google.com https://static.enzymic.co https://fairprice.api.sociaplus.com/custom/fairprice https://*.plus.com.sg https://*.link.sg https://*.nedigital.sg https://s.yimg.com https://*.contentsquare.net *.plus.com.sg *.link.sg wss://api.preprod.link.sg wss://api.link.sg https://*.split.io https://stg.api.bazaarvoice.com/ http://api.bazaarvoice.com/ https://api.amplitude.com https://js.adsrvr.org/ https://analytics.tiktok.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.abtasty.com/ https://cdn.sprig.com/ https://api.sprig.com/ https://api.userleap.com/ https://api2.abtasty.com/ https://rum.browser-intake-datadoghq.com; img-src 'self' data: https://*.doubleclick.net https://*.salefinder.com.au https://*.cloudfront.net *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.gstatic.com https://*.googleapis.com https://*.bazaarvoice.com/ http://display.ugc.bazaarvoice.com/ https://*.abtasty.com https://*.salefinder.com.au https://*.nedigital.sg; frame-src 'self' https://preprod-auth.ntuclink.com.sg/ https://preprod-auth.fairprice.com.sg/ https://auth.ntuclink.com.sg/ https://auth.fairprice.com.sg/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ http://www.surveygizmo.com/ https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.facebook.com http://*.fls.doubleclick.net https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com http://api.bazaarvoice.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://*.abtasty.com/ https://www.preprod-pay.nedigital.sg/ https://www.pay.nedigital.sg/ https://pay.google.com/ https://checkoutshopper-test.adyen.com/; font-src 'self' data: blob: https://*.gstatic.com https://*.googleapis.com https://*.abtasty.com https://*.nedigital.sg; child-src 'self' blob:; worker-src 'self' blob:; media-src 'self' https://s3-us-west-2.amazonaws.com/int-foodlab.storage/public/recipes/videos/ https://www.innit.com/public/recipes/videos/; frame-ancestors 'self' https://*.salefinder.com.au https://*.fairprice.com.sg 1
frame-ancestors 'self' https://sm008x.marsflag.com https://apply.sapporobeer.jp 1
default-src https://*.torpedo7.co.nz worker-src: blob: data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.visa.com; connect-src https: wss://*.zopim.com wss://torpedo7.ambithub.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://maps.googleapis.com/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases https://www.gstatic.com/charts https://www.google-analytics.com/ https://assets.calendly.com/assets/external/widget.js; style-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://assets.calendly.com/assets/external/widget.css; object-src 'self' https://cdn.nift.me/; base-uri 'self'; connect-src 'self' https://cdn.nift.me/ https://maps.googleapis.com/ https://www.google-analytics.com/; font-src 'self' https://cdn.nift.me/ https://fonts.gstatic.com/; frame-src 'self' https://cdn.nift.me/; img-src 'self' https://cdn.nift.me/ https://cdn.nift.me/ https://www.google-analytics.com/collect; frame-ancestors 'self'; 1
default-src 'self';script-src 'nonce-6b7aa2f7-3616-48f3-b833-f07f271f1a1d' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-6b7aa2f7-3616-48f3-b833-f07f271f1a1d' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
connect-src 'self' *.studs.ltd wss://*.amazonaws.com *.amazonaws.com *.intentiq.com *.nitropay.com *.googleapis.com *.intercomcdn.com *.userway.org *.softswiss.net *.agechecker.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat bing.com *.bing.com apple.com *.apple.com cdn-apple.com *.cdn-apple.com taboola.com *.taboola.com onesignal.com *.onesignal.com intercom.io *.intercom.io blox.land *.blox.land termly.io *.termly.io api.ipify.org cdn.growthbook.io *.bloxflip.com stripe.com *.inteniq.com *.stripe.com *.roblox.com *.robloxlabs.com *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://*.intercom.io *.tiktok.com tiktok.com *.mixpanel.com wss://*.hotjar.io *.hotjar.io wss://*.bloxflip.com wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com hcaptcha.com googletagmanager.com *.hcaptcha.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com; report-uri https://6513195608615f75764fb31f.endpoint.csper.io?v=0; 1
frame-ancestors 'self' https://*.astro.com.my; 1
frame-ancestors 'self' https://medibankltd.marketing.adobe.com/ https://medibankltd.experiencecloud.adobe.com; object-src 'self' data: 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; frame-src * ; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-L3Z2U0VUSGkxL2gzMnRTLy83MHZ0UVpEcmVtRVRnaERWblAvRUNLNzkwRT06bE03cmFFRzJoWWt4c3VUTXRNcE0xRU1rN0xEQWQzSXhNQjdKVmt6M21RYz0=';script-src-elem 'strict-dynamic' 'nonce-L3Z2U0VUSGkxL2gzMnRTLy83MHZ0UVpEcmVtRVRnaERWblAvRUNLNzkwRT06bE03cmFFRzJoWWt4c3VUTXRNcE0xRU1rN0xEQWQzSXhNQjdKVmt6M21RYz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-ancestors https://*.ejobs.ro; 1
default-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com wlresults.westlotto.com www.youtube.com error.westlotto.de www.paypal.com www.paypalobjects.com data: blob: ; script-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com iprospect.involve.me tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com bs.serving-sys.com secure-ds.serving-sys.com secure.adnxs.com acdn.adnxs.com www.paypalobjects.com c.paypal.com www.paypal.com connect.facebook.net maps.googleapis.com data1.open-dog.com www.google-analytics.com www.gstatic.com s3.amazonaws.com www.googletagmanager.com www.pagespeed-mod.com www.google.com www.google.de c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms www.googleadservices.com secure.adnxs.com googleads.g.doubleclick.net s.yimg.com scripts.psyma.com tpc.googlesyndication.com westlotto.loyjoy.com app-cloud.loyjoy.com cloud.loyjoy.com stable.loyjoy.com jaramyouk.org dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net scripts.psyma.com visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com ai.trk42.net 12034191.fls.doubleclick.net ad1.adfarm1.adition.com lantern.roeyecdn.com 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com iprospect.involve.me tags.tiqcdn.com t23.intelliad.de visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com js.braintreegateway.com maps.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com secure.adnxs.com secure.adnxs.com acdn.adnxs.com www.paypalobjects.com c.paypal.com www.paypal.com bs.serving-sys.com secure-ds.serving-sys.com scripts.psyma.com connect.facebook.net www.google-analytics.com www.gstatic.com www.pagespeed-mod.com c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms www.googleadservices.com googleads.g.doubleclick.net data1.bresera.com westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com secure.adnxs.com s.yimg.com sp.analytics.yahoo.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net www.awin1.com www.dwin1.com the.sciencebehindecommerce.com translate.googleapis.com ai.trk42.net cdn.jsdelivr.net 12034191.fls.doubleclick.net ad1.adfarm1.adition.com lantern.roeyecdn.com 'unsafe-inline' 'unsafe-eval' data: ;  style-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com maxcdn.bootstrapcdn.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de 1tag.dentsu.de fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com maxcdn.bootstrapcdn.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de 1tag.dentsu.de fonts.googleapis.com adblockers.opera-mini.net translate.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu yoast.com client-analytics.braintreegateway.com api.braintreegateway.com api.braintreegateway.com payments.braintree-api.com www.paypal.com steganos-api.ciuvo.com www.facebook.com collect-eu-central-1.tealiumiq.com the.sciencebehindecommerce.com usemarketings.com app-cloud.loyjoy.com app-westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com app-stable.loyjoy.com s.yimg.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de data.min-cdn.net trck.min-cdn.net www.google.com maps.googleapis.com adservice.google.com www.google.de www.google-analytics.com www.googletagmanager.com region1.google-analytics.com pagead2.googlesyndication.com ad.doubleclick.net c.paypal.com www.wepowerconnections.com c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms api.fbanalytics.org api.solarspireconsulting.com api.socialsolutionapp.com api.solaranalyticscorp.com api.highdataanalytics.com api.amcreativemedia.com api.mkmediaworks.com api.datacloudstat.com wss://www.westlotto.de data: 'unsafe-inline' 'unsafe-eval' ; font-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com www.eurojackpot.de eurojackpot.de www.eurojackpot.com eurojackpot.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com data: ; img-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com data.westlotto.de ps.w.org updates.themepunch-ext-c.tools updates.theme-fusion.com secure.gravatar.com csi.gstatic.com maps.gstatic.com www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net sp.analytics.yahoo.com www.facebook.com connect.facebook.net jonypractic.net proxdevcool.com westlotto01.webtrekk.net app-westlotto.loyjoy.com cloud.loyjoy.com westlotto.loyjoy.com app-cloud.loyjoy.com fbc.wcfbc.net app-stable.loyjoy.com de-gmtdmp.mookie1.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org delivery.1tag.dentsu.de cdn.1tag.dentsu.de lh3.ggpht.com www.facebook.com www.awin1.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com c.paypal.com t.paypal.com *.stats.paypal.com c6.paypal.com stats.g.doubleclick.net cx.atdmt.com www.paypal.com www.paypalobjects.com scripts.psyma.com jaramyouk.org simonzody.com collect-eu-central-1.tealiumiq.com s3.amazonaws.com pbs.twimg.com ps.w.org updates.themepunch-ext-b.tools ib.adnxs.com 8453812.fls.doubleclick.net lantern.roeye.com datacloud.tealiumiq.com www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.googleapis.com translate.google.com fonts.gstatic.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.cv www.google.mu www.google.co.ke www.google.co.id www.google.co.jp www.google.dz www.google.hn www.google.com.cu www.google.co.nz www.google.com.au www.google.lt www.google.bt www.google.co.tz www.google.com.tw c.bing.com bat.bing.com www.clarity.ms a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms data: blob: ; child-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de partners.webmasterplan.com blob: ; frame-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com www.kununu.com iprospect.involve.me www.youtube.com www.youtube-nocookie.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de westlotto-job.perbit-job.de partners.webmasterplan.com c.paypal.com www.paypal.com www.awin1.com td.doubleclick.net www.dwin1.com tpc.googlesyndication.com api.nakarta.com bid.g.doubleclick.net r.srvtrck.com www.google.com 12034191.fls.doubleclick.net 8453812.fls.doubleclick.net www.facebook.com scripts.psyma.com cookieaquila.com westdeutsche-lotterie-gmbh-co-ohg.jobs.personio.de data: ; worker-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com ergebnisse.westlotto.com blob: ; block-all-mixed-content; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 1
default-src https:; connect-src https: 'self' wss://webmessaging.mypurecloud.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://assets.adobedtm.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://static.ads-twitter.com https://connect.facebook.net https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://apps.mypurecloud.jp https://analytics.tiktok.com; font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src https: data: 1
script-src 'self' *.hdfcsec.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.zopim.com *.facebook.net *.everestjs.net *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.izooto.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.cybozu.com;  default-src 'self' cybermail.jp  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' cybermail.jp  ;  connect-src 'self' cybermail.jp  ;  frame-src cybermail.jp  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
default-src 'self'; font-src 'self' data: https://script.hotjar.com https://*.stackpathcdn.com https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://*.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://www.vimeo.com https://vimeo.com https://www.youtube.com  https://*.googletagmanager.com https://tagmanager.google.com https://js.usemessages.com https://www.g2.com https://cmp.osano.com https://player.vimeo.com https://*.workable.com https://js.hsforms.net https://forms.hsforms.com https://j.6sc.co/6si.min.js https://js-na1.hs-scripts.com https://www.google.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://*.ensighten.com https://cs.choozle.com https://*.adsrvr.org https://*.hotjar.com https://www.instagram.com https://static.zdassets.com https://s3.amazonaws.com https://*.stackpathcdn.com https://secure.leadforensics.com https://js.hubspot.com https://snap.licdn.com https://js.hs-scripts.com https://tagmanager.google.com https://www.googletagmanager.com https://sjs.bizographics.com https://*.ads.linkedin.com https://ml314.com https://cdn.rawgit.com https://*.googleapis.com https://*.inspectlet.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://stats.g.doubleclick.net https://cdn.viglink.com https://*.facebook.net https://*.twitter.com https://cdn.ravenjs.com https://*.cloudfront.net https://cdnjs.cloudflare.com https://px.owneriq.net https://*.tynt.com https://tags.bkrtx.com https://www.linkedin.com https://www.snapengage.com; media-src 'self' https://*.endpointprotector.com; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://dev.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://updates.expressionengine.com/ https://pagead2.googlesyndication.com https://idx.liadm.com https://ipv6.6sc.co https://forms.hsforms.com https://*.endpointprotector.com https://secure.adnxs.com https://c.6sc.co https://*.hubspot.com https://api.hubapi.com wss://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io https://*.googlevideo.com https://*.zdassets.com https://www.instagram.com https://*.cloudfront.net https://api.viglink.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com  https://*.twitter.com https://s3.amazonaws.com https://*.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://ping.eeharbor.com https://*.googletagmanager.com https://i.vimeocdn.com https://b.6sc.co https://*.hsforms.com https://track.hubspot.com https://cs.choozle.com https://*.fbcdn.net https://*.stackpathcdn.com https://*.linkedin.com https://*.cdninstagram.com https://*.endpointprotector.com https://*.google.com/ https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://secure.gravatar.com https://cdn.viglink.com https://www.google.ro https://*.cloudfront.net https://ic.tynt.com https://px.owneriq.net https://i.ytimg.com; child-src 'self' blob: https://www.g2.com https://player.vimeo.com https://forms.hsforms.com https://*.endpointprotector.com https://app.hubspot.com https://insight.adsrvr.org https://*.cloudfront.net https://vars.hotjar.com https://w.soundcloud.com https://aws-rk02.awdata.net https://td.doubleclick.net https://*.youtube-nocookie.com https://*.googleapis.com https://*.youtube.com https://*.google.com https://*.google.ro https://*.twitter.com https://*.facebook.com https://stags.bluekai.com https://px.owneriq.net; frame-ancestors 'self' https://*.google.com https://*.endpointprotector.com http://*.endpointprotector.es http://*.endpointprotector.de http://*.endpointprotector.fr 1
script-src-elem 'self' 'unsafe-inline' https://spm.apps.gov.bc.ca/ https://spt.apps.gov.bc.ca/ https://sp-js.apps.gov.bc.ca/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www2.gov.bc.ca https://use.typekit.net https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com https://dpm.demdex.net https://sync.mathtag.com https://secure.adnxs.com https://www.gstatic.com/dialogflow-console/ https://connect.facebook.net/ https://cdn.jsdelivr.net/gh/ https://static.dialogflow.com/ https://unpkg.com/; 1
upgrade-insecure-requests; default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.tfaforms.com/ https://checkout.stripe.com/ https://*.stripe.com/ https://*.azure.com/ https://*.cookiebot.com/ https://*.google.com/ https://*.zencdn.net/ https://*.stackla.com/ https://www.youtube.com/ https://www.eventbrite.co.uk/ https://consent.cookiebot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://script.crazyegg.com https://static.ads-twitter.com https://platform.twitter.com/ https://*.hotjar.com https://connect.facebook.net https://*.outbrain.com https://snap.licdn.com https://*.clarity.ms https://maps.googleapis.com/ https://unpkg.com/ https://public.flourish.studio/ https://public.flourish.studio/resources/embed.js;style-src 'self' 'unsafe-inline' https://www.tfaforms.com/ https://*.cookiebot.com/ https://*.zencdn.net/  https://*.stackla.com/ https://*.googleapis.com https://*.typekit.net/; img-src 'self' data:  https://*.umbraco.com/ https://*.stackla.com/ https://archive.cloud.cwgc.org/ https://*.googleapis.com/ https://maps.gstatic.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google.co.uk https://www.googleusercontent.com https://syndication.twitter.com https://www.facebook.com https://www.instagram.com https://*.outbrain.com https://*.linkedin.com https://analytics.twitter.com/ https://*.bing.com/  https://t.co/;https://public.flourish.studio/; https://i.vimeocdn.com/ https://img.youtube.com/ https://test.cwgc.org/; font-src 'self' data: https://*.zencdn.net/ https://*.stackla.com/ https://fonts.gstatic.com https://*.typekit.net/; connect-src 'self' wss: https://*.applicationinsights.azure.com/ https://*.cookiebot.com/ https://*.googleapis.com/ https://stats.g.doubleclick.net https://*.analytics.google.com https://script.crazyegg.com https://*.clarity.ms https://api.twitter.com https://*.outbrain.com https://www.snapchat.com https://app-analytics.snapchat.com https://*.linkedin.com https://cdn.linkedin.oribi.io/ https://www.facebook.com/ https://www.google-analytics.com/ https://vimeo.com/; object-src 'none'; media-src 'self'; frame-src 'self' https://*.stripe.com/ https://*.cookiebot.com/ https://*.soundcloud.com/ https://platform.twitter.com/ https://green-flower-0dbc28303.1.azurestaticapps.net/ https://e.issuu.com/ https://www.tfaforms.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://www.google.com/ https://www.eventbrite.co.uk/ https://www.facebook.com https://syndication.twitter.com https://*.outbrain.com https://www.youtube.com https://www.linkedin.com https://*.stackla.com/  https://flo.uri.sh/ https://player.vimeo.com/; 1
frame-ancestors http://www.govplanet.com https://www.govplanet.com 1
frame-ancestors 'self' *.duproprio.com:*; 1
default-src 'self' https://valcontent.securustech.net https://www.google-analytics.com http://127.0.0.1:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://securusvideovisitation.securustech.net https://www.google-analytics.com https://www.googletagmanager.com https://valcontent.securustech.net; font-src 'self' data:; img-src * data: blob:; frame-ancestors 'none'; frame-src https://cb.securustech.online https://valcontent.securustech.net https://h.online-metrix.net; style-src 'self' 'unsafe-inline'; object-src https://valcontent.securustech.net; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.info/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: forms.hsforms.com *.amazonaws.com *.pelican.com *.stackadapt.com *.emarsys.net *.adroll.com cdnjs.cloudflare.com ajax.googleapis.com *.klaviyo.com js.adsrvr.org tags.crwdcntrl.net *.dynamicyield.com *.hotjar.com www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com bat.bing.com *.avmws.com use.fontawesome.com googleads.g.doubleclick.net *.yotpo.com *.en25.com www.google-analytics.com *.clarity.ms assets.pinterest.com www.google.com cdnapisec.kaltura.com www.gstatic.com cdn.rawgit.com *.datadome.co code.jquery.com *.svn0czn.com cdn.dynamicyield.com *.scarabresearch.com *.simpli.fi *.klarnaservices.com app.intercom.io widget.intercom.io js.intercomcdn.com; script-src-elem 'unsafe-inline' *; media-src data: *.amazonaws.com media.pelican.com cdnapisec.kaltura.com js.intercomcdn.com; connect-src javascript: data: tr6.snapchat.com tr.snapchat.com px.ads.linkedin.com analytics.tiktok.com js.klarna.com api.hubapi.com forms.hsforms.com *.amazonaws.com *.pelican.com *.btttag.com *.stackadapt.com *.linkedin.oribi.io *.emarsys.net *.yotpo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com https://analytics.google.com fast.a.klaviyo.com *.klaviyo.com bat.bing.com *.clarity.ms www.facebook.com vc.hotjar.io adservice.google.com www.google.com *.datadome.co analytics.kaltura.com manage.kmail-lists.com www.instagram.com *.scarabresearch.com *.klarnaservices.com api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com; img-src * data: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com; frame-src 'self' tr.snapchat.com forms.hsforms.com *.amazonaws.com *.pelican.com www.facebook.com www.instagram.com vars.hotjar.com *.doubleclick.net www.youtube.com www.google.com www.googletagmanager.com insight.adsrvr.org; font-src data: *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com fonts.gstatic.com cdn.honey.io www.slant.co at.alicdn.com fonts.googleapis.com *.klarnacdn.net js.intercomcdn.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com cdnjs.cloudflare.com *.klaviyo.com fonts.googleapis.com cdn.honey.io translate.googleapis.com cdn.rawgit.com *.trendmicro.com *.klarnacdn.net; style-src-elem 'unsafe-inline' *; child-src www.google.com www.youtube.com bid.g.doubleclick.net insight.adsrvr.org vars.hotjar.com match.adsrvr.org intercom-sheets.com www.intercom-reporting.com player.vimeo.com fast.wistia.net; frame-ancestors 'self'; object-src 'none'; form-action 'self' forms.hsforms.com *.amazonaws.com *.pelican.com https://www.pelican.com/pid/tools/ www.facebook.com *.mimecast.com *.salesforce.com webto.salesforce.com *.eloqua.com; 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; media-src * 'self' blob:; worker-src * 'self' blob:; frame-ancestors 'self' https:*; font-src * 'self' data: 1
default-src 'self' https://www.sportpursuit.com; connect-src 'self' https://www.sportpursuit.com https://m.sportpursuit.com https://raven.sportpursuit.com https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.sportpursuit.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data:; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
child-src https: ; img-src * 'self' data: https:; default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://www.karlsruhe.de https://karlsruhe.ddev.site https://pred.karlsruhe.de https://sweb.karlsruhe.de 1
frame-ancestors 'self' desu.edu *.desu.edu *.localhost 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' http://www.googletagmanager.com/gtag/js https://assets.csper.io  https://js.stripe.com/v3/  https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googletagmanager.com/gtag/js ; style-src 'report-sample' 'self' 'unsafe-inline' https://assets.csper.io; object-src 'none'; base-uri 'self'; connect-src 'self' https://assets.csper.io https://clouderrorreporting.googleapis.com  https://stats.g.doubleclick.net https://www.google-analytics.com wss://csper.io https://js.stripe.com/v3/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://charts.mongodb.com https://js.stripe.com https://www.youtube.com; img-src 'self' data: https:; report-uri https://csper-prod.endpoint.csper.io?v=2; 1
frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 1
default-src 'self' cdn.cookielaw.org *.byside.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com bdso.sharepoint.com www.google.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		font-src 'self' data: *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.gstatic.com;		frame-ancestors 'self' *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt www.olx.pt m.olx.pt bdso.sharepoint.com www.m.olx.pt *.googleapis.com youtube.com *.youtube.com sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		script-src 'self' 'unsafe-inline' 'unsafe-eval' cm.everesttech.net dev.day.com www.webrtc-experiment.com *.novobanco.pt *.novobancodosacores.pt ajax.googleapis.com code.createjs.com fonts.googleapis.com webcare.byside.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com s1.byside.com grmtech.net bs.serving-sys.com secure-ds.serving-sys.com s.ytimg.com onlinepayments.pt oppwa.com www.youtube.com d3c3cq33003psk.cloudfront.net tagmanager.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.facebook.com cdn.cookielaw.org cdn.evgnet.com geolocation.onetrust.com optimize.google.com assets.adobedtm.com unpkg.com snap.licdn.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt https://www.redditstatic.com https://*.qualtrics.com *.loqr.io blob:;		connect-src 'self' privacyportal-eu.onetrust.com *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt wss: dpm.demdex.net *.byside.com *.evergage.com cm.everesttech.net dev.day.com *.tt.omtrdc.net cdn.cookielaw.org www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.pt *.youtube.com youtube.com *.doubleclick.net secure-ds.serving-sys.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt *.oppwa.com oppwa.com lm.serving-sys.com cookies-data.onetrust.io www.google.com adservice.google.com autenticacao.gov.pt *.autenticacao.gov.pt *.qualtrics.com https://cdn.linkedin.oribi.io data:;		img-src 'self' data: cdn.cookielaw.org *.byside.com *.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com www.google.com i.ytimg.com www.facebook.com *.linkedin.com bdso.sharepoint.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com bs.serving-sys.com oppwa.com *.autenticacao.gov.pt *.doubleclick.net https://alb.reddit.com https://*.qualtrics.com blob:;		frame-src 'self' *.googleapis.com *.novobanco.pt *.fls.doubleclick.net tickcounter.com free.timeanddate.com *.morningstar.com youtube.com *.youtube.com *.demdex.net novobancodosacores.pt *.novobancodosacores.pt sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt www.facebook.com eur05.safelinks.protection.outlook.com https://*.qualtrics.com;		style-src 'self' 'unsafe-inline' *.novobanco.pt *.byside.com *.googleapis.com bdso.sharepoint.com youtube.com *.youtube.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com autenticacao.gov.pt oppwa.com *.autenticacao.gov.pt *.novobancodosacores.pt; 1
default-src 'self' *.granicus.com *.sitefinity.com *.sendgrid.com *.twitter.com https://outlook.office365.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azcc.gov *.eloqua.com *.en25.com *.googletagmanager.com *.googleapis.com *.granicus.com *.gstatic.com *.google-analytics.com *.sendgrid.com *.sitefinity.com *.twimg.com *.twitter.com https://edocket.azcc.gov https://efiling.azcc.gov https://sendgrid.azcc.gov https://translate.google.com https://translate.googleapis.com https://cdn.insight.sitefinity.com http://cse.google.com https://dec.azureedge.net https://outlook.office365.com https://publish.twitter.com https://syndication.twitter.com https://s.ytimg.com https://www.youtube.com/iframe_api http://cse.google.com http://edocket.azcc.gov http://efiling.azcc.gov http://sendgrid.azcc.gov http://platform.stumbleupon.com/1/widgets.js http://translate.google.com apis.google.com cdn.ampproject.org connect.facebook.net ajax.aspnetcdn.com js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net platform.linkedin.com platform.twitter.com www.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net kendo.cdn.telerik.com netdna.bootstrapcdn.com platform.twitter.com/css/ www.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; frame-src 'self' *.granicus.com *.twitter.com *.youtube.com https://edocket.azcc.gov https://outlook.office365.com https://twitter.com http://edocket.azcc.gov; child-src 'self' https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ apis.google.com accounts.google.com badge.stumbleupon.com staticxx.facebook.com web.facebook.com www.facebook.com; connect-src 'self' accounts.google.com *.azcc.gov *.mktoresp.com *.sendgrid.com *.twitter.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://azcc.gov https://edocket.azcc.gov https://efiling.azcc.gov https://sendgrid.azcc.gov https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://twitter.com http://azcc.gov http://edocket.azcc.gov http://efiling.azcc.gov http://sendgrid.azcc.gov http://translate.google.com https://www.google-analytics.com; 1
frame-ancestors 'self' https://*.time4learning.com 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com .yahoo.com .yahoodns.net s.yimg.com sp.analytics.yahoo.com *.yimg.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; upgrade-insecure-requests; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-IU7d73JHjfpNY+8DpkcZiVCyXpAs8w' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
upgrade-insecure-requests;default-src 'unsafe-inline' 'unsafe-eval' data: https:;script-src 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'unsafe-inline' data: https:;object-src https:; child-src data: https:; img-src data: https:;font-src data: https:; connect-src https: wss:;form-action https:; media-src data: https:; report-uri https://jungefreiheit.de/report.html; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ws: ; img-src https: 'unsafe-inline' 'unsafe-eval' blob: data: ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=FR&lang=fr-FR&device=desktop&yrid=7bh4i65iqu6op&partner=; 1
frame-ancestors 'self' https://*.toyota.fr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self'; report-uri https://report-to.kiewit.io/report; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de https://mitgliedwerden.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://umfragen.spd.de ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de ; 1
frame-ancestors 'self' online.greatergiving.com supporter.greatergiving.com; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *.esv.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au www.googletagmanager.com www.google-analytics.com drwgdblqzrfiz.cloudfront.net www.google.com www.gstatic.com *.openforms.com; style-src 'self' 'unsafe-inline' *.esv.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au drwgdblqzrfiz.cloudfront.net *.openforms.com; img-src 'self' data: blob: *.esv.vic.gov.au *.sdp.vic.gov.au dhhs.vic.gov.au www.dhhs.vic.gov.au base.maps.vic.gov.au stats.g.doubleclick.net www.googl.com.au www.google-analytics.com drwgdblqzrfiz.cloudfront.net; font-src 'self' data: *.esv.vic.gov.au *.sdp.vic.gov.au; frame-src 'self' *.esv.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.vimeo.com www.youtube.com www.google.com *.openforms.com; manifest-src 'self'; media-src 'self'; connect-src 'self' *.esv.vic.gov.au *.sdp.vic.gov.au *.myvictoria.vic.gov.au discover.data.vic.gov.au directory.data.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au api.go.vic.gov.au corp-geo.mapshare.vic.gov.au analytics.google.com stats.g.doubleclick.net drwgdblqzrfiz.cloudfront.net www.google-analytics.com; frame-ancestors 'self' *.vic.gov.au; 1
frame-ancestors 'self' https://explore.logmein.com https://explore.goto.com 1
upgrade-insecure-requests; default-src https:; connect-src https:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'self' *.getnetset.com https://ajax.googleapis.com https://*.wistia.com https://*.wistia.net https://*.force.com https://embedwistia-a.akamaihd.net https://connect.facebook.net https://tagmanager.google.com https://*.googletagmanager.com https://dend6g4sigg57.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://sjs.bizographics.com https://*.linkedin.com https://*.licdn.com https://*.olark.com https://*.pardot.com 'unsafe-inline' 'unsafe-eval' blob:; media-src https https://*.olark.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net blob:; 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 1
script-src 'nonce-bXS1vRXYGFWfaXXmLEg8fw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/families_google; base-uri 'none' 1
frame-ancestors 'self' https: *.athensvoice.gr 1
font-src https://storage.googleapis.com https://a.okfn.org 'self' data: https://use.typekit.net https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://youtube.com https://www.youtube.com https://timemapper.okfnlabs.org; connect-src https://storage.googleapis.com https://a.okfn.org 'self' https://plausible.io; style-src https://storage.googleapis.com https://a.okfn.org 'self' 'unsafe-inline' https://use.typekit.net https://downloads.mailchimp.com; script-src https://storage.googleapis.com https://a.okfn.org 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://use.typekit.net https://bam.nr-data.net https://downloads.mailchimp.com https://s3.amazonaws.com/downloads.mailchimp.com *.list-manage.com https://youtube.com https://www.youtube.com https://plausible.io; form-action 'self' https://okfn.us9.list-manage.com; default-src 'self'; img-src https://storage.googleapis.com https://a.okfn.org 'self' data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://cdn-images.mailchimp.com 1
default-src 'self' *.airtable.com *.akamaized.net *.browser-intake-datadoghq.com *.facebook.com *.facebook.net *.fonts.net *.frame.work *.google-analytics.com *.google.at *.google.be *.google.ca *.google.co.uk *.google.com *.google.com.au *.google.com.tw *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.iubenda.com *.klaviyo.com *.kustomerapp.com *.kustomerhostedcontent.com *.pndsn.com *.prismic.io *.pubnub.com *.pubnub.io *.pubnub.net *.recaptcha.net *.reddit.com *.redditstatic.com *.s3.amazonaws.com *.segment.com *.segment.io *.sentry.io *.stripe.com *.stripe.network *.stripecdn.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com airtable.com d17kynu4zpq5hy.cloudfront.net d3t0tbmlie281e.cloudfront.net fonts.googleapis.com html2canvas.hertzen.com prismic.io s3.amazonaws.com sentry.io stats.g.doubleclick.net stripe.com wss://*.hotjar.com rum.browser-intake-datadoghq.com js.hs-scripts.com *.hscollectedforms.net *.hs-banner.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hs-scripts.com *.heapanalytics.com heapanalytics.com; font-src 'self' data: *.airtable.com *.akamaized.net *.browser-intake-datadoghq.com *.facebook.com *.facebook.net *.fonts.net *.frame.work *.google-analytics.com *.google.at *.google.be *.google.ca *.google.co.uk *.google.com *.google.com.au *.google.com.tw *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.iubenda.com *.klaviyo.com *.kustomerapp.com *.kustomerhostedcontent.com *.pndsn.com *.prismic.io *.pubnub.com *.pubnub.io *.pubnub.net *.recaptcha.net *.reddit.com *.redditstatic.com *.s3.amazonaws.com *.segment.com *.segment.io *.sentry.io *.stripe.com *.stripe.network *.stripecdn.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com airtable.com d17kynu4zpq5hy.cloudfront.net d3t0tbmlie281e.cloudfront.net fonts.googleapis.com html2canvas.hertzen.com prismic.io s3.amazonaws.com sentry.io stats.g.doubleclick.net stripe.com wss://*.hotjar.com rum.browser-intake-datadoghq.com js.hs-scripts.com *.hscollectedforms.net *.hs-banner.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hs-scripts.com *.heapanalytics.com heapanalytics.com; img-src 'self' data: blob: *.airtable.com *.akamaized.net *.browser-intake-datadoghq.com *.facebook.com *.facebook.net *.fonts.net *.frame.work *.google-analytics.com *.google.at *.google.be *.google.ca *.google.co.uk *.google.com *.google.com.au *.google.com.tw *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.iubenda.com *.klaviyo.com *.kustomerapp.com *.kustomerhostedcontent.com *.pndsn.com *.prismic.io *.pubnub.com *.pubnub.io *.pubnub.net *.recaptcha.net *.reddit.com *.redditstatic.com *.s3.amazonaws.com *.segment.com *.segment.io *.sentry.io *.stripe.com *.stripe.network *.stripecdn.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com airtable.com d17kynu4zpq5hy.cloudfront.net d3t0tbmlie281e.cloudfront.net fonts.googleapis.com html2canvas.hertzen.com prismic.io s3.amazonaws.com sentry.io stats.g.doubleclick.net stripe.com wss://*.hotjar.com rum.browser-intake-datadoghq.com js.hs-scripts.com *.hscollectedforms.net *.hs-banner.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hs-scripts.com *.heapanalytics.com heapanalytics.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.airtable.com *.akamaized.net *.browser-intake-datadoghq.com *.facebook.com *.facebook.net *.fonts.net *.frame.work *.google-analytics.com *.google.at *.google.be *.google.ca *.google.co.uk *.google.com *.google.com.au *.google.com.tw *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.iubenda.com *.klaviyo.com *.kustomerapp.com *.kustomerhostedcontent.com *.pndsn.com *.prismic.io *.pubnub.com *.pubnub.io *.pubnub.net *.recaptcha.net *.reddit.com *.redditstatic.com *.s3.amazonaws.com *.segment.com *.segment.io *.sentry.io *.stripe.com *.stripe.network *.stripecdn.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com airtable.com d17kynu4zpq5hy.cloudfront.net d3t0tbmlie281e.cloudfront.net fonts.googleapis.com html2canvas.hertzen.com prismic.io s3.amazonaws.com sentry.io stats.g.doubleclick.net stripe.com wss://*.hotjar.com rum.browser-intake-datadoghq.com js.hs-scripts.com *.hscollectedforms.net *.hs-banner.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hs-scripts.com *.heapanalytics.com heapanalytics.com; style-src 'self' 'unsafe-inline' *.airtable.com *.akamaized.net *.browser-intake-datadoghq.com *.facebook.com *.facebook.net *.fonts.net *.frame.work *.google-analytics.com *.google.at *.google.be *.google.ca *.google.co.uk *.google.com *.google.com.au *.google.com.tw *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.cn *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.iubenda.com *.klaviyo.com *.kustomerapp.com *.kustomerhostedcontent.com *.pndsn.com *.prismic.io *.pubnub.com *.pubnub.io *.pubnub.net *.recaptcha.net *.reddit.com *.redditstatic.com *.s3.amazonaws.com *.segment.com *.segment.io *.sentry.io *.stripe.com *.stripe.network *.stripecdn.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com airtable.com d17kynu4zpq5hy.cloudfront.net d3t0tbmlie281e.cloudfront.net fonts.googleapis.com html2canvas.hertzen.com prismic.io s3.amazonaws.com sentry.io stats.g.doubleclick.net stripe.com wss://*.hotjar.com rum.browser-intake-datadoghq.com js.hs-scripts.com *.hscollectedforms.net *.hs-banner.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hs-scripts.com *.heapanalytics.com heapanalytics.com 1
default-src 'self' *.outbrain.com;script-src 'self' blob: *.adobedtm.com *.sharethis.com *.facebook.net va.ecitizen.gov.sg *.wogaa.sg *.google-analytics.com *.googletagmanager.com *.google.com *.dcube.cloud snowplow.dcube.cloud/sg.wogaa/cs1 *.everesttech.net *.demdex.net *.googleadservices.com secure.datawrkz.com secure.adnxs.com tagmanager.google.com r.turn.com static.hotjar.com secure-ds.serving-sys.com googleads.g.doubleclick.net *.vica.gov.sg *.gstatic.com script.hotjar.com test-gpc-1.sg.va.sabio.cloud *.outbrain.com;connect-src 'self' *.adobedtm.com *.sharethis.com *.facebook.net va.ecitizen.gov.sg *.wogaa.sg *.google-analytics.com *.google.com *.dcube.cloud snowplow.dcube.cloud/sg.wogaa/cs1 *.everesttech.net *.demdex.net wogadobeanalytics.sc.omtrdc.net *.moe.gov.sg *.onemap.gov.sg *.schoolbag.edu.sg stats.g.doubleclick.net *.vica.gov.sg *.hotjar.com vc.hotjar.io wss: *.hotjar.com *.vica.gov.sg test-gpc-1.sg.va.sabio.cloud *.outbrain.com;img-src 'self' data: *.vimeocdn.com *.ytimg.com *.onemap.gov.sg *.google-analytics.com wogadobeanalytics.sc.omtrdc.net *.demdex.net va.ecitizen.gov.sg *.everesttech.net *.facebook.com *.schoolbag.edu.sg platform-cdn.sharethis.com secure.adnxs.com ad.doubleclick.net adservice.google.com www.google.com.sg ssl.gstatic.com www.gstatic.com r.turn.com l.sharethis.com *.id.amgdgt.com ads.yahoo.com www.google.com googleads.g.doubleclick.net script.hotjar.com test-gpc-1.sg.va.sabio.cloud *.vica.gov.sg *.outbrain.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com va.ecitizen.gov.sg assets.dcube.cloud assets.wogaa.sg tagmanager.google.com fonts.googleapis.com *.vica.gov.sg;frame-src 'self' *.vimeo.com *.gov.sg *.google.com.sg *.google.com *.demdex.net *.sharethis.mgr.consensu.org *.youtube.com *.youtu.be bid.g.doubleclick.net online.flippingbook.com online.flipbuilder.com vars.hotjar.com www.mentimeter.com padlet.com *.jotform.com;font-src 'self' data: *.gstatic.com va.ecitizen.gov.sg s3-us-west-2.amazonaws.com/s.cdpn.io/93/artill_clean_icons-webfont.woff s3-us-west-2.amazonaws.com/s.cdpn.io/93/artill_clean_icons-webfont.svg assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com script.hotjar.com;object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.net https://*.wistia.com https://*.livechatinc.com https://*.haiku.ai https://api.hubspot.com https://api.mixpanel.com https://cdn.freshmarketer.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://info.proctoru.com https://ip.freshmarketer.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://px.ads.linkedin.com https://snap.licdn.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://hire.withgoogle.com https://*.adroll.com https://*.consensu.org https://*.twitter.com/ https://cdn.syndication.twimg.com/ https://*.fullstory.com/  https://js.hs-banner.com https://api.hubapi.com https://sc.lfeeder.com https://tagmanager.google.com https://yas.bamboohr.com https://*.cincopa.com https://*.meazurelearning.com; style-src 'self' 'unsafe-inline' https://*.wistia.net https://*.wistia.com https://fonts.googleapis.com https://*.typekit.net https://maxcdn.bootstrapcdn.com https://platform.twitter.com/ https://tagmanager.google.com https://*.bamboohr.com https://*.meazurelearning.com; img-src https: data:; connect-src https://*.wistia.net https://*.wistia.com https://www.google-analytics.com https://*.haiku.ai https://api.mixpanel.com https://api.hubspot.com https://api.hubapi.com https://*.fullstory.com/ https://*.bamboohr.com https://stats.g.doubleclick.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; media-src https://*.wistia.net https://*.wistia.com https://*.livechatinc.com; frame-ancestors 'none'; object-src 'none'; frame-src https://*.wistia.net https://*.wistia.com https://wistia.com https://fast.wistia.net https://secure.livechatinc.com https://bid.g.doubleclick.net https://forms.hsforms.com https://www.facebook.com https://www.youtube.com https://hire.withgoogle.com https://www.proctoru.com https://player.vimeo.com https://platform.twitter.com/ https://syndication.twitter.com/ https://twitter.com/; upgrade-insecure-requests 1
frame-ancestors 'self' guides.tvunetworks.com; 1
script-src * 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://betterprogramming.pub https://*.betterprogramming.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * 'self' blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
base-uri 'none'; default-src 'self' https://uberspace.de https://dashboard.uberspace.de https://*.uberspace.is https://analytics.uberspace.de; frame-ancestors 'none'; 1
frame-ancestors 'self' https://mlhq.macmillanlearning.com/panmac/ https://sites-us.lumapps.com/a/macmillan https://siteteam.net/; 1
default-src 'self' https://s.hongleongconnect.my https://www.hlbank.com.my; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 'unsafe-inline'; img-src 'self' * 'unsafe-inline' data: ; style-src 'self' * 'unsafe-inline'; font-src 'self' * data: ; frame-src 'self' * 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.sogetel.com *.sogetel.net *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.googleusercontent.com maps.google.com *.pure.cloud; frame-src *.tvpassport.com *.speedtestcustom.com *.pure.cloud; connect-src wss: *.sogetel.com *.sogetel.net *.pure.cloud; object-src 'none'; upgrade-insecure-requests; 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval', frame-ancestors https://www.jagran.com/ https://stgwww.moneycontrol.com/ https://www.moneycontrol.com/; 1
frame-ancestors 'self' www.atlantis-nantes.com *.sips-services.com; 1
default-src 'self' ; script-src 'self' *.google.com https://js.live.net *.tinymce.com cdnjs.cloudflare.com *.skoletube.dk *.vivi.dk *.aula.dk; style-src 'self' 'unsafe-inline' *.tinymce.com unpkg.com fonts.googleapis.com; img-src * data: blob: ; font-src 'self' data: *.tinymce.com unpkg.com fonts.gstatic.com; connect-src * data: blob:; media-src 'self' blob: *.aula.dk; object-src 'none' ; frame-src *.google.com *.youtube.com *.skoletube.dk *.emu.dk *.vivi.dk https://www2.infoba.dk/api/Aula/IFrame/7000 https://www2.infoba.dk/api/Aula/IFrame/441 https://www2.infoba.dk/api/Aula/IFrame/3 https://skoleportal.easyiqcloud.dk/UgeplanWidget; upgrade-insecure-requests; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net bat.bing.com https://*.clarity.ms https://*.google-analytics.com facebook.com *.g.doubleclick.net *.adform.net tags.srv.stackadapt.com tr.snapchat.com bam.nr-data.net static.ads-twitter.com connect.facebook.net sc-static.net s.pinimg.com analytics.tiktok.com www.redditstatic.com snap.licdn.com google.com https://cdn.unibuddy.co unpkg.com https://api.segment.io https://cdn.segment.com https://*.lift.acquia.com https://cloud.acquia.com https://cdn.amplitude.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.syndication.twimg.com *.twitter.com https://mfpembedcdnweu.azureedge.net https://uel-search.clients.uk.funnelback.com https://cdnjs.cloudflare.com https://app.geckoform.com https://cc.cdn.civiccomputing.com https://*.analytics.google.com https://js-agent.newrelic.com https://maps.googleapis.com https://www.youtube.com https://js.intercomcdn.com https://api-iam.intercom.io https://widget.intercom.io https://*.onetrust.com https://www.youtube-nocookie.com https://api.reeled.online https://*.doubleclick.net https://widget.lightcastcc.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tags.srv.stackadapt.com https://builder.lift.acquia.com https://platform.twitter.com https://mfpembedcdnweu.azureedge.net https://mfpembedcdnweu.azureedge.net https://suel-search.clients.uk.funnelback.com https://use.fontawesome.com https://unpkg.com https://uel-search.clients.uk.funnelback.com https://fonts.googleapis.com https://*.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://cdnjs.cloudflare.com; img-src 'self' data: https:; media-src 'self' https://samplelib.com https://www.youtube.com https://js.intercomcdn.com https://reeled.s3.eu-west-2.amazonaws.com https://www.youtube-nocookie.com https://api.reeled.online https://*.google-analytics.com https://*.analytics.google.com https://www.youtube-nocookie-nocookie.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://bid.g.doubleclick https://www.facebook.com https://tr.snapchat.com https://unibuddy.co https://sure-service.mydigitalpublication.co.uk/ issuu.com https://e.issuu.com https://platform.twitter.com https://customervoice.microsoft.com https://app.geckoform.com https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://www.youtube.com https://syndication.twitter.com https://www.youtube-nocookie.com https://td.doubleclick.net https://*.doubleclick.net https://*.pinterest.com https://widget.lightcastcc.com/; font-src 'self' data: https://static3.avast.com https://uel.ac.uk https://univeastlonddev.prod.acquia-sites.com https://univeastlondstg.prod.acquia-sites.com https://univeastlond.prod.acquia-sites.com https://fonts.gstatic.com https://use.fontawesome.com https://js.intercomcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/ https://cdnjs.cloudflare.com; connect-src 'self' https://maps.googleapis.com https://*.clarity.ms https://www.facebook.com https://bat.bing.com https://tags.srv.stackadapt.com https://ct.pinterest.com https://www.clarity.ms https://analytics.tiktok.com https://analytics.tiktok.com https://*.doubleclick.net https://*.google-analytics.com https://bam.nr-data.net  https://apikeys.civiccomputing.com https://bam.nr-data.net https://eu-central-1-decisionapi.lift.acquia.com https://sessions.bugsnag.com https://api-iam.intercom.io/messenger/web/ping https://uel-search.clients.uk.funnelback.com https://widget.intercom.io wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://stage-shared-15-24-search.clients.uk.funnelback.com cdn-ukwest.onetrust.com https://app.optimalworkshop.com https://api.reeled.online https://notify.bugsnag.com https://pagead2.googlesyndication.com https://*.snapchat.com https://analytics.google.com https://cdn.linkedin.oribi.io https://region1.analytics.google.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://cdnjs.cloudflare.com https://eu.perz-api.cloudservices.acquia.io https://px.ads.linkedin.com/wa/ 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://over.eo.nl; worker-src blob: https://*.eo.nl; media-src blob: https://*.eo.nl https: https://*.cdn.streamgate.nl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src  *.visualwebsiteoptimizer.com app.vwo.com *;  style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * data:;  worker-src 'self' blob:; frame-src app.vwo.com *.visualwebsiteoptimizer.com *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://dev-compendium.morion.in.ua https://api.compendium.com.ua https://www.googleadservices.com https://script.hotjar.com https://static.hotjar.com https://www.google.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.compendium.com.ua https://dev-compendium.morion.in.ua https://www.google.com https://cdn.jsdelivr.net https://use.fontawesome.com; report-uri https://proximaresearch.com 1
default-src 'self' data: *.lifelabs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' lifelabs.azureedge.net *.lifelabs.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.tagmanager.google.com *.google-analytics.com *.google.com/recaptcha/ adservice.google.ca adservice.google.com *.g.doubleclick.net *.gstatic.com *.netcheckin.com *.inmoment.com *.msecnd.net *.pardot.com unpkg.com *.jsdelivr.net *.googlesyndication.com rum-static.pingdom.net *.facebook.net bat.bing.com; style-src 'self' 'unsafe-inline' lifelabs.azureedge.net *.lifelabs.com *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net *.inmoment.com *.jsdelivr.net *.bootstrapcdn.com *.typekit.net; img-src 'self' data: lifelabs.azureedge.net *.googlesyndication.com *.google-analytics.com *.facebook.com bat.bing.com; font-src 'self' data: lifelabs.azureedge.net *.typekit.net fonts.gstatic.com; connect-src 'self' *.visualstudio.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com adservice.google.ca adservice.google.com *.pingdom.net; media-src 'self' lifelabs.azureedge.net; object-src 'none'; frame-src 'self' *.lifelabs.com lifelabs.azureedge.net *.google.com tpc.googlesyndication.com *.youtube.com *.netcheckin.com *.pardot.com *.g.doubleclick.net; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'nonce-Sy_Lmi_OPYRyWfF7-RZVi604'; img-src 'self' data: https://*.parnassys.net/; connect-src 'self'; font-src 'self'; object-src 'none'; manifest-src 'self'; child-src 'self'; base-uri 'self'; frame-src 'self' 1
default-src 'self' *.crazyegg.com www.uniflip.com cdn.plyr.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://pm.geniusmonkey.com https://cdn.jsdelivr.net www.google-analytics.com www.google.com ajax.googleapis.com www.gstatic.com *.facebook.com connect.facebook.net/en_US/sdk.js platform.twitter.com *.cloudflare.com *.cloudfront.net cdn.syndication.twimg.com vjs.zencdn.net ajax.aspnetcdn.com www.uniflip.com www.youtube.com *.addthis.com s.ytimg.com *.addthisedge.com tagmanager.google.com *.gstatic.com sample-api-v2.crazyegg.com https://s3.amazonaws.com https://ncsbn.us2.list-manage.com www.googletagmanager.com script.crazyegg.com us2.campaign-archive2.com https://snap.licdn.com player.video.wowza.com cdn3.wowza.com https://cdn.flowplayer.com embed.flowplayer.com ; style-src 'self' 'unsafe-inline' *.mailchimp.com https://cdn.jsdelivr.net *.facebook.com connect.facebook.net/en_US/sdk.js vjs.zencdn.net *.twitter.com tagmanager.google.com fonts.googleapis.com *.twimg.com www.uniflip.com netdna.bootstrapcdn.com https://cdn.flowplayer.com; frame-src 'self' us2.campaign-archive2.com *.twitter.com *.facebook.com connect.facebook.net/en_US/sdk.js www.google.com custom.statenet.com custom.statenet.com custom.statenet.com/ncsbni freesecure.timeanddate.com *.addthis.com *.youtube.com *.jsdelivr.net; img-src 'self' https://pm.geniusmonkey.com *.google.co.in *.google.com *.adsrvr.org *.gstatic.com www.google-analytics.com *.doubleclick.net www.google.com *.twitter.com *.twimg.com www.uniflip.com https://px.ads.linkedin.com data: https://prod-railsapp.s3.amazonaws.com; font-src 'self' blob: fastfonts.net *.gstatic.com netdna.bootstrapcdn.com data:; media-src 'self' blob: https://dev.ncsbn.org https://test.ncsbn.org https://ncsbn.org ncsbnmediaservices01str.blob.core.windows.net https://ncsbnmediaservices01-usct.streaming.media.azure.net https://prod-railsapp.s3.amazonaws.com https://cdn3.wowza.com; connect-src 'self' https://px.ads.linkedin.com https://pmi.flowplayer.com/in https://cdn3.wowza.com https://cdn.plyr.io https://cdn.linkedin.oribi.io blob: www.google-analytics.com tracking.crazyegg.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com *.doubleclick.net www.nursys.org www.ncsbn.org ncsbnmediaservices01str.blob.core.windows.net us2.campaign-archive2.com https://ncsbnmediaservices01-usct.streaming.media.azure.net https://ihi.flowplayer.com https://ljsp.lwcdn.com ptm.flowplayer.com wss://player.ws.flowplayer.com; worker-src 'self' blob: assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com; 1
frame-ancestors 'self' https://*.salt.ch; 1
frame-ancestors 'self' https://*.haascnc.com https://*.paymetric.com https://*.paypal.com 1
frame-ancestors 'self' *.wallet.airpay.cl *.shopee.kr *.airpay.cl *.shopeemobile.com *.shopee.cl *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors 'self' *.dnc.io 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.jobseeker.com https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-gtm-10519b80-ff98-44ba-a413-fa724f6ff1fb' 'nonce-seed-1d8e0070-5ad5-42e7-bd2f-ab5633d1f8bc' 'nonce-prefetech-607bf74f-698c-423c-bc21-3e0dbe979de1' 'nonce-tapfiliate-a84b0b81-deaf-4ba7-be4b-b638c1d53a9a' 'nonce-matomo-cb73bd75-c4a8-4897-89f8-f238d84c9ce6' 'nonce-helpscout-5030824f-0a55-4022-896b-4aa1f0fc5935';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.jobseeker.com https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 1
default-src 'self' data: ladiaria.com.uy *.google.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflare.com *.cloudflareinsights.com buttons.github.io *.flourish.studio *.flowxo.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ebxcdn.com *.ibytedtos.com *.instagram.com *.ladiaria.com.uy *.mercadopago.com *.mercadopago.com.uy *.clarity.ms *.scribd.com *.tiktok.com *.tiktokcdn.com *.twitter.com *.vimeocdn.com cdn.ampproject.org *.jsdelivr.net cdn.syndication.twimg.com *.twilio.com *.createjs.com *.jquery.com *.facebook.net *.infogram.com ems.us1.twilio.com freegeoip.net googleads.g.doubleclick.net ladiaria.liveblog.pro player.vimeo.com s.imgur.com secure-ds.serving-sys.com unpkg.com yastatic.net; font-src 'self' data: *.gstatic.com *.amazonaws.com *.ladiaria.com.uy *.fontawesome.com; style-src 'self' 'unsafe-inline' *.ladiaria.com.uy cdnjs.cloudflare.com *.fontawesome.com *.tiktokcdn.com ton.twimg.com *.twitter.com *.googletagmanager.com *.googleapis.com *.google.com; img-src 'self' data: ladiaria.com.uy *.ladiaria.com.uy *.googletagmanager.com *.google.com *.google.com.uy *.google.com.ar *.google.com.br *.google.com.mx *.google.es *.google.cl *.mercadolibre.com *.mercadolivre.com *.clarity.ms *.bing.com secure-ds.serving-sys.com *.ytimg.com *.twimg.com *.twitter.com *.flourish.studio public.flourish.rocks firmas.elclip.org uy-gmtdmp.mookie1.com *.gstatic.com bs.serving-sys.com *.amazonaws.com *.facebook.com *.google-analytics.com stats.g.doubleclick.net *.vimeocdn.com; frame-src 'self' *.ladiaria.com.uy *.mercadolibre.com *.mercadopago.com mercadopago.com.uy *.mercadopago.com.uy ladiaria.liveblog.pro *.figma.com *.tiktok.com view.genial.ly observablehq.com *.knightlab.com *.pagina12.com.ar especiales.arn.digital w.soundcloud.com *.scribd.com *.netlify.com twitter.com *.twitter.com *.facebook.com anchor.fm *.flourish.studio flo.uri.sh *.infogram.com *.youtube.com open.spotify.com player.vimeo.com vimeo.com connect.facebook.net *.google.com datawrapper.dwcdn.net *.flowxo.com *.doubleclick.net bid.g.doubleclick.net googleads.g.doubleclick.net *.google.com.uy *.google.com.ar *.google.com.br *.google.com.mx *.google.es *.google.cl *.instagram.com imgur.com arcgis.com *.arcgis.com ourworldindata.org airtable.com *.redpalta.org; connect-src 'self' *.ladiaria.com.uy *.cloudflare.com *.cloudflareinsights.com buttons.github.io *.ebxcdn.com *.jquery.com *.jsdelivr.net *.fontawesome.com *.service.echobox.com firmas.elclip.org ssa.datafactory.la jwpsrv.com 1287719000.rsc.cdn77.org *.clarity.ms *.bing.com ladiaria.liveblog.pro *.twitter.com *.twimg.com *.ytimg.com *.bootstrapcdn.com pingback.giphy.com *.instagram.com player.vimeo.com *.vimeocdn.com *.pagina12.com.ar especiales.arn.digital *.scribd.com *.infogram.com *.flourish.studio *.tiktok.com *.tiktokcdn.com *.ibytedtos.com unpkg.com *.google-analytics.com stats.g.doubleclick.net 3p.ampproject.net cdn.ampproject.org *.googletagmanager.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.uy secure-ds.serving-sys.com *.facebook.com *.google.com *.google.com.uy *.google.com.ar *.google.com.br *.google.com.mx *.google.es *.google.cl *.gstatic.com *.googleapis.com s.imgur.com; child-src 'self' blob: *.hotjar.com 1
frame-ancestors 'self' https://parity-website-gatsby.netlify.app https://wwww.parity.io 1
default-src 'self'; connect-src 'self' https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://*.paytm.com https://media.flixcar.com https://media.flixfacts.com https://media.flixsyndication.net; form-action https://securegw.paytm.in https://www.facebook.com https://cart.paytm.com https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com; frame-src 'self' https://*.paytm.com https://www.youtube.com https://bid.g.doubleclick.net https://dis.as.criteo.com https://gum.criteo.com https://media.flixcar.com https://www.facebook.com; img-src 'self' data: https://*.paytm.com https://*.paytm.in https://googleads.g.doubleclick.net https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://media.flixcar.com https://media.flixfacts.com https://paytmofferlive.wpengine.com https://rt.flix360.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-south-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.google.com.sg https://d274ft55l0imju.cloudfront.net https://media.flixsyndication.net ; script-src 'unsafe-eval' 'unsafe-inline' https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://*.paytm.com https://storage.googleapis.com https://connect.facebook.net https://d25w45cltkdr4r.cloudfront.net https://googleads.g.doubleclick.net https://media.flixcar.com https://media.flixfacts.com https://sslwidget.criteo.com https://static.criteo.net https://t.flix360.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://media.flixsyndication.net; style-src 'unsafe-inline' https://*.paytm.com https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://media.flixcar.com https://media.flixfacts.com https://media.flixsyndication.net; worker-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php; media-src https://*.paytm.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.recaptcha.net/recaptcha/api.js https://c0.pubmine.com https://s.pubmine.com https://criteo.com https://*.criteo.com https://criteo.net https://*.criteo.net https://*.vexowi.com https://vexowi.com https://c.amazon-adsystem.com https://*.3lift.com https://3lift.com https://z.moatads.com https://*.moatads.com https://*.smartadserver.com https://app.link https://*.sascdn.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagservices.com/ https://cdn.parsely.com https://a.teads.tv/analytics/tag.js https://assets.tumblr.com https://ads.pubmatic.com https://cdn.jsdelivr.net https://*.privacymanager.io https://*.rlcdn.com https://s3-us-west-2.amazonaws.com/sftemp/sf_v1.0.1/ https://assets.tumblr.com/pop/ 'nonce-ZjM2OTU1MzBhMDU4OWU5MjgyMTUyYTI4MjkxNTEzYzI='; report-uri /svc/cspreports; object-src 'none'; worker-src blob: 'self'; base-uri 'self' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.klarna.com https://*.medallia.com https://*.paypal.com https://*.sheerid.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://apprl.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://eu-library.klarnaservices.com https://eu.klarnaevt.com https://evt-eu.klarnaservices.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://rcgmal4n.klarnaservices.com https://s.apprl.com https://s.pinimg.com https://s3.eu-west-1.amazonaws.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.co.uk https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.paypalobjects.com https://x.klarnacdn.net https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
img-src * 'self' data:; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; default-src 'self' https://f.hubspotusercontent40.net https://fonts.googleapis.com/ https://js.hscta.net https://player.vimeo.com/ https://vimeo.com/ https://f.hubspotusercontent00.net/ *.hubspot.com *.hubspotusercontent40.net *.cookiebot.com https://eboks.whistleblowernetwork.net/frontpage *.go-mpulse.net https://eboks.containers.piwik.pro *.akstat.io *.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com eboks.piwik.pro *.quora.com *.hs-scripts.com *.clarity.ms *.facebook.net *.googletagmanager.com *.licdn.com *.bing.com *.hscollectedforms.net *.googleadservices.com *.google.com *.hubspotfeedback.com *.hs-banner.com *.hs-analytics.net *.doubleclick.net *.hsleadflows.net *.hsadspixel.net *.hubapi.com *.lfeeder.com *.hsforms.com *.piwik.pro *.akamaihd.net/ https://www.clarity.ms/tag/ *.clarity.ms *.doubleclick.net https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'; report-to 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 34.160.4.81 34.96.95.23 https://api.company-target.com/ https://company-target.com/ https://j.6sc.co/ https://tag.demandbase.com/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://js.hubspot.com/ https://js.zi-scripts.com/ https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net https://js.intercomcdn.com/ https://s.adroll.com/ https://www.clarity.ms/ https://widget.intercom.io/ *.alorica-dev-digital.com *.landbot.pro landbot.pro *.landbot.io *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://cdn.botframework.com/botframework-webchat/latest/webchat-es5.js https://static.landbot.io/landbot-widget/landbot-widget-1.0.0.js cdn.pardot.com go.pardot.com pi.pardot.com googletagmanager.com rum-static.pingdom.net snap.licdn.com www.googletagmanager.com/gtag/js www.googletagmanager.com/gtm.js *.zoominfo.com *.serving-sys.com *.alorica.com *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://pixel.mathtag.com https://www.googleadservices.com https://bat.bing.com https://fastbase.com https://go.alorica.com https://aloricarefresh.blob.core.windows.net www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net https://www.googletagmanager.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net *.a.run.app; style-src 'self' 'unsafe-inline' 34.160.4.81 34.96.95.23 *.alorica.com *.alorica-dev-digital.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://localhost:44378 https://www.googletagmanager.com *.a.run.app blob:; font-src 'self' https://fonts.intercomcdn.com/ fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://b.6sc.co/ https://www.google.com.tw/ https://perf-na1.hsforms.com/ https://js.hsleadflows.net https://forms.hsforms.com https://www.alorica.com https://alorica.com https://js.intercomcdn.com/ https://fei.pro-market.net https://c.clarity.ms *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://ava-alorica-bot.azurewebsites.net https://static.landbot.io/landbot/files/ https://go.alorica.com https://aloricarefresh.blob.core.windows.net *.imgur.com *.serving-sys.com https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://www.google.com https://www.alorica.com https://www.google.com.ph https://www.googletagmanager.com https://px4.ads.linkedin.com https://pixel.mathtag.com data: blob: *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net; media-src 'self' https://js.intercomcdn.com/ *.alorica.com *.azureedge.net data: blob: https://aloricarefresh.blob.core.windows.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://landbot.pro https://go.alorica.com/ go.pardot.com pi.pardot.com cdn.landbot.io *.landbot.pro *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://pixel.mathtag.com https://bid.g.doubleclick.net https://pixel.mathtag.com; connect-src 'self' https://api.company-target.com/ https://analytics.google.com/ https://ipv6.6sc.co/ https://c.6sc.co/ https://api.hubspot.com/ https://js.zi-scripts.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hscollectedforms.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://forms.hubspot.com *.hsforms.com *.clarity.ms/ wss://nexus-websocket-a.intercom.io/ *.intercom.io https://s.clarity.ms/collect https://api-iam.intercom.io/messenger/web/ping https://www.fastbase.com/ *.alorica.com *.alorica-dev-digital.com https://cdn.linkedin.oribi.io landbot.pro accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://westus.api.cognitive.microsoft.com https://landbot.pro/u/ *.botframework.com https://westus.tts.speech.microsoft.com/cognitiveservices/voices/list wss://*.botframework.com pi.paradot.com cdn.landbot.io *.landbot.pro api.zippopotam.us *.pingdom.net *.serving-sys.com *.google-analytics.com https://stats.g.doubleclick.net *.facebook.com *.rlets.com cdn.rlets.com https://capture-api.reachlocalservices.com/originCountry https://liqadprdct-capture-prod-east.gannettdigital.com https://go.alorica.com https://aloricarefresh.blob.core.windows.net www.googletagmanager.com/gtm.js https://fastbase.com https://bat.bing.com https://ws.zoominfo.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net *.a.run.app; frame-src 'self' https://s.company-target.com/ https://app.hubspot.com https://forms.hubspot.com https://www.buzzsprout.com/ https://pdcn.co/ https://pdcn.com/ youtube.com https://www.youtube.com/ *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net rlets.com reachlocalservices.com facebook.net rlcdn.com gannettdigital.com facebook.com simpli.fi googleservices.com doubleclick.net *.landbot.pro landbot.pro *.landbot.io https://landbot.pro cdn.landbot.io https://landbot.pro/u/ https://go.alorica.com/; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.blrankings.com *.azure.com *.azurewebsites.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.visualstudio.com *.issuu.com *.doubleclick.net *.facebook.com *.facebook.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.azureedge.net *.vimeo.com *.vimeocdn.com *.youtube.com youtube.com *.ytimg.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.sitedataprocessing.com; frame-ancestors 'self' https://*.bestlawyers.com; 1
frame-ancestors 'self' https://www.learn4good.com; worker-src https://www.learn4good.com; 1
base-uri 'self';default-src 'self';script-src 'self' https://dreambroker.com/resources/js/ 'nonce-5d66b7aa-6676-435d-a837-068c611454d3';style-src 'self' https://fonts.googleapis.com 'nonce-5d66b7aa-6676-435d-a837-068c611454d3';img-src 'self' data: https://cdn.verkkopalvelu.suomi.fi;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://yhteystietohakemisto.valtori.fi https://api.digitransit.fi https://vaha-mandate-applications-qa.s3.eu-west-1.amazonaws.com https://cdn.matomo.cloud;child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:;frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:;object-src 'none';frame-ancestors 'none' https://*.tunnistus.fi;form-action 'self' https://*.tunnistus.fi https://*.suomi.fi;upgrade-insecure-requests;script-src-attr 'none' 1
default-src 'none'; connect-src 'self' https://api.edq.com/ https://bat.bing.com/ https://bam.nr-data.net/ https://*.g.doubleclick.net/ https://www.facebook.com/tr/ https://hello.zonos.com https://us1.api.edq.com/ https://www.google-analytics.com/ https://www.clarity.ms/ https://in-automate.sendinblue.com/ https://in-automate.brevo.com/ https://*.analytics.google.com/ https://*.googlesyndication.com/; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; img-src 'self' data: https://seal.networksolutions.com/ https://sealserver.trustkeeper.net/ https://bat.bing.com/ https://media.lmctruck.com/ https://d1vyngmisxigjx.cloudfront.net/ https://www.facebook.com/ https://*.g.doubleclick.net/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://i.ytimg.com/ https://*.google.com/ https://ssl.gstatic.com/ https://www.gstatic.com/ https://lh3.googleusercontent.com/ https://hello.zonos.com/ https://fonts.gstatic.com/ https://c.clarity.ms/ https://c.bing.com/ https://*.analytics.google.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://seal.networksolutions.com/siteseal/javascript/siteseal.js https://*.googletagmanager.com/ https://bat.bing.com/ https://www.google-analytics.com/plugins/ua/ec.js https://www.google-analytics.com/analytics.js https://connect.facebook.net https://cdn.bronto.com/coupon/js/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://tagmanager.google.com/debug https://hello.zonos.com/ https://tagmanager.google.com/debug/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.cloudflare.com/ https://www.clarity.ms/ https://www.youtube.com/s/player/ https://static.cloudflareinsights.com/ https://sibautomation.com/ https://*.g.doubleclick.net/ https://www.googleadservices.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://tagmanager.google.com/debug/; frame-ancestors 'self'; frame-src 'self' https://www.facebook.com/ https://checkout.iglobalstores.com/ https://www.google.com/ https://www.youtube.com/ https://sibautomation.com/ https://td.doubleclick.net/; form-action 'self' https://www.facebook.com/tr/; 1
frame-ancestors 'self' ipaper.dischem.co.za magazines.dischem.co.za dischem.co.za *.healthwindow.co.za 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; report-uri https://60bfaa9a846bec9e32cc07e1.endpoint.csper.io; 1
default-src blob: 'self' 'unsafe-eval' 'unsafe-inline' coinpaprika.com *.coinpaprika.com static.coinpaprika.com *.static.coinpaprika.com clevernt.com *.clevernt.com disqus.com *.disqus.com reddit.com *.reddit.com google.com *.google.com google.pl *.google.pl google.nl *.google.nl googleadservices.com *.googleadservices.com highcharts.com *.highcharts.com sentry.io *.sentry.io firebase.com *.firebase.com googleapis.com *.googleapis.com s0.2mdn.net *.s0.2mdn.net cloudflareinsights.com *.cloudflareinsights.com commerce.coinbase.com *.commerce.coinbase.com firebaseio.com *.firebaseio.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.doubleclick.net widget.aricdn.com *.disquscdn.com *.youtube.com *.twitter.com clickoutnetwork.care *.redditmedia.com *.redditstatic.com player.vimeo.com files.sonnyt.com *.twimg.com *.facebook.net *.facebook.com *.hotjar.com *.hotjar.io coinzillatag.com request-global.czilladx.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com highcharts.github.io api.getresponse.com vk.com ssl.gstatic.com *.ibb.co *.storyblok.com ibb.co one.devpaprika.com instant.page *.googlesyndication.com *.googletagservices.com *.czilladx.com s.surveyplanet.com *.intotheblock.com buy.moonpay.io sell.moonpay.io api.moonpay.io *.media.net s.mnet-ad.net api.changelly.com restcountries.eu api.ramp.network app.ramp.network cdn.coinzilla.io bw-coinpaprika.aricdn.com *.cointraffic.io jscloud.net ajax.cloudflare.com reddit.com billing.devpaprika billing.coinpaprika api.coinpaprika *.tile.openstreetmap.org nominatim.openstreetmap.org platform.twitter.com corsproxy.io *.vuukle.com get.geojs.io s.flocdn.com *.clarity.ms *.cleverwebserver.com letsexchange.io data: portfolio.coinpaprika.com wss://stream-frontend.coinpaprika.com/ticks wss://s-usc1a-nss-2027.firebaseio.com;object-src 'none';font-src 'self' static.coinpaprika.com fonts.gstatic.com fonts.googleapis.com data:;frame-src *; 1
default-src https: ; font-src https://maxcdn.bootstrapcdn.com/ data: 'self'; frame-ancestors *; frame-src *; img-src https: data: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maxcdn.bootstrapcdn.com/ 'self' 'unsafe-inline'; 1
default-src 'none'; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com; script-src 'self' https://player.vimeo.com https://netlify-cdp-loader.netlify.app; img-src 'self' data:; frame-src 'self' https://player.vimeo.com https://outreach.abetterinternet.org; font-src 'self' https://fonts.gstatic.com data:; media-src 'self'; object-src 'self'; 1
default-src 'self' data: *.ccpgamescdn.com *.cookiebot.com *.ctfassets.net *.doubleclick.net *.gstatic.com *.googletagmanager.com *.googleapis.com *.myfonts.net www.youtube.com ; base-uri 'self' ; connect-src *.clarity.ms *.cookiebot.com *.eveonline.com *.doubleclick.net analytics.tiktok.com bat.bing.com maps.googleapis.com s.yimg.com www.google.at www.google.ca www.google.com www.google.co.in www.google.co.jp www.google.co.uk www.google.co.nz www.google.de www.google.fr www.google.is www.google.nl www.google.pl www.google.ru *.google-analytics.com www.googletagmanager.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.cookiebot.com *.clarity.ms *.doubleclick.net *.google-analytics.com *.googleadservices.com *.yahoo.co.jp *.rakuten.com ajax.aspnetcdn.com analytics.tiktok.com maps.googleapis.com static.ads-twitter.com s.yimg.com s.yimg.jp web.ccpgamescdn.com www.artfut.com www.google.com www.googletagmanager.com www.youtube.com www.redditstatic.com ; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com hello.myfonts.net web.ccpgamescdn.com ; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com web.ccpgamescdn.com ; img-src 'self' data: *.bing.com *.clarity.ms *.ctfassets.net *.ccpgamescdn.com *.eveonline.com *.google.com *.gstatic.com *.yahoo.com *.yahoo.co.jp alb.reddit.com consent.linksynergy.com googleads.g.doubleclick.net i.vimeocdn.com maps.googleapis.com sp.analytics.yahoo.com t.co analytics.twitter.com www.google-analytics.com www.google.at www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cz www.google.com www.google.com.br www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.tw www.google.co.id www.google.co.in www.google.co.jp www.google.co.il www.google.co.uk www.google.co.nz www.google.co.kr www.google.de www.google.dk www.google.es www.google.fr www.google.fi www.google.gr www.google.is www.google.nl www.google.no www.google.pl www.google.ro www.google.rs www.google.ru www.google.se www.googletagmanager.com web.ccpgamescdn.com ; frame-src 'self' *.ctfassets.net *.doubleclick.net consentcdn.cookiebot.com optimize.google.com player.vimeo.com www.google.com www.youtube.com www.facebook.com www.googletagmanager.com webvisor.com ; frame-ancestors 'self' ; report-uri https://ccpgames.report-uri.com/r/t/csp/enforce; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.es doctoraliaone-es2-candidate.azurewebsites.net 1
base-uri 'self'; connect-src 'self' *.appboy.com *.branch.io *.braze.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.launchdarkly.com *.lymberapi.com *.mindbody.io *.mindbodyapis.com *.mktoresp.com *.mparticle.com *.optimizely.com *.pendo.io *.pinterest.com api.amplitude.com bam.nr-data.net bam-cell.nr-data.net collect.tealiumiq.com explore.mindbodyonline.com trackerapi.trustarc.com; default-src 'self' blob:; font-src 'self' fonts.gstatic.com use.fontawesome.com; form-action 'self' *.facebook.com *.googletagmanager.com; frame-src 'self' *.cdn.optimizely.com *.cdn-pci.optimizely.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com consent-pref.trustarc.com servedby.flashtalking.com; img-src 'self' data: *.amazonaws.com *.amazon-adsystem.com *.cloudfront.net *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.mbodev.me *.mindbody.io *.mindbodyonline.com *.optimizely.com *.pendo.io *.pinterest.com *.secure-booker.com *.trustarc.com *.vistaequitypartners.com *.xg4ken.com atdmt.com cdn.branch.io cdn.optimizely.com consent.trustarc.com mindbody.io vistaequitypartners.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.crazyegg.com *.doubleclick.net *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.optimizely.com *.pendo.io *.pinimg.com *.tealiumiq.com app.link bam.nr-data.net bam-cell.nr-data.net cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com connect.facebook.net consent.trustarc.com deploytealium.com img.en25.com jssdkcdns.mparticle.com js-agent.newrelic.com mindbody.io munchkin.marketo.net optimizely.s3.amazonaws.com resources.xg4ken.com services.xg4ken.com static.cloudflareinsights.com tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.pendo.io *.googleapis.com use.fontawesome.com 1
frame-ancestors default-src 'self' 'unsafe-inline' 'unsafe-eval' data: js.usemessages.com https://*.google.com https://*.gstatic.com https://ipinfo.io https://*.hubspotusercontent-na1.net https://*.hubspotusercontent00.net https://*bootstrapcdn.com https://*.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.mollie.com https://*.hubapi.com http://js.hsforms.net https://*.hubspot.com https://*.google-analytics.com https://js.hs-analytics.net https://js.hsadspixel.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.smartlook.com https://*.trustpilot.com http://*.trustpilot.com https://*.hs-banner.com https://*.tedee.com https://*.devsite.tedee.com https://*.hs-scripts.com https://ajax.aspnetcdn.com https://tedee.test https://*.hotjar.com https://*.hsforms.com http://*.hsforms.net https://*.mavenoid.com https://*.googleoptimize.com https://*.analytics.google.com https://analytics.google.com  https://*.fontawesome.com https://*.googleapis.com  https://*.doubleclick.net https://www.facebook.com https://*.doubleclick.net  https://www.google-analytics.com  https://secure.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: js.usemessages.com https://*.google.com https://*.gstatic.com https://*.hubspotusercontent00.net https://*bootstrapcdn.com https://*.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.mollie.com https://*.hubapi.com http://js.hsforms.net https://*.google-analytics.com https://*.hubspot.com https://*.youtube.com https://js.hs-analytics.net https://*.mavenoid.com https://*.hsforms.com https://*.hscollectedforms.net https://js.hsadspixel.net http://js.hs-scripts.com/ https://*.tedee.com https://*.smartlook.com https://maps.google.com https://ajax.aspnetcdn.com https://code.jquery.com https://*.googleoptimize.com https://*.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com  https://connect.facebook.net  https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.hs-scripts.com http://*.trustpilot.com https://*.hs-banner.com https://*.googleapis.com https://*.fontawesome.com https://*.hsleadflows.net https://ipinfo.io https://*.google.com; img-src 'self' data: https://*.hubspot.com https://*.tedee.com https://forms.hsforms.com https://*.mavenoid.com https://googleads.g.doubleclick.net https://analytics.google.com http://*.trustpilot.com https://*.trustpilot.com https://*.hs-scripts.com https://i.ytimg.com https://www.google.pl/ https://www.google.com/ https://www.facebook.com https://*.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com  https://secure.gravatar.com https://s.w.org https://*.googleapis.com https://*.gstatic.com https://*.mollie.com https://*bootstrapcdn.com https://*.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hubspotusercontent00.net https://*.hubspotusercontent-na1.net https://*.fs1.hubspotusercontent-na1.net https://*.gstatic.com https://*.google.com https://*.hsforms.com js.usemessages.com https://*.youtube.com https://mavenoidfiles.com/; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://static.hotjar.com/c/hotjar-913278.js https://script.hotjar.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/map.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/marker.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/onion.js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps-api-v3/api/js/54/12a/controls.js https://maps.googleapis.com/maps/vt cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' https://p.typekit.net https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net pro.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net pro.fontawesome.com; frame-ancestors 'self'; report-uri https://emeraldgrouppublishing.com/report-uri/enforce 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'report-sample' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.czu.cz https://*.mcas.ms https://4fiit.cz 1
frame-ancestors 'self' scout24.com hub.scout24.com staffbase.com capacitor://scout24.com capacitor://staffbase.com localhost:* 1
default-src 'self' *.firebaseio.com *.olark.com; style-src 'self' *.via.com/ *.googleapis.com/ *.google.com/ 'unsafe-eval' 'unsafe-inline' *.olark.com https://css.zohocdn.com/salesiq/ https://css.zohostatic.in/salesiq/ https://css.zohostatic.com/salesiq/; font-src 'self' fonts.gstatic.com/ *.via.com/ *.facebook.com https://fonts.zohostatic.in/ https://css.zohostatic.in/ https://css.zohocdn.com; img-src 'self' data: https://images.via.com/ https://cdn.via.com https://images4.via.com/ http://in.via.com/ https://www.tripadvisor.com/ *.via.com/ *.googleapis.com *.gstatic.com *.google.com/ *.google.co.in/ googleads.g.doubleclick.net/ *.facebook.com www.google-analytics.com/ www.googleadservices.com/ stats.g.doubleclick.net/ www.tripadvisor.com/ *.firebaseio.com *.cloudfront.net/js/ct_logo.svg *.googletraveladservices.com www.googletagmanager.com/ https://img.zohostatic.in/ https://salesiq.zohopublic.in/ https://ebixcash.com/ https://salesiq.zohopublic.com/ https://img.zohocdn.com/; script-src 'self' *.via.com/ *.olark.com *.googleapis.com *.google.com/ 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ *.facebook.com/ wzrkt.com/ *.hotjar.com/ *.cloudfront.net webchat.helpshift.com/ googleads.g.doubleclick.net/ bid.g.doubleclick.net/ *.firebaseio.com s3.ap-south-1.amazonaws.com/flexmoney-public/smart-detect/sud-kit/production/ https://salesiq.zoho.in/ https://js.zohocdn.com/ https://js.zohostatic.in/ https://salesiq.zoho.com/widget; frame-src *.facebook.com *.youtube.com *.google.com/ ads-feeder.appspot.com/ *.olark.com *.webchat.helpshift.com/ flightraja.helpshift.com *.firebaseio.com bid.g.doubleclick.net/ https://salesiq.zohopublic.in/ https://vts.zohopublic.in/ https://salesiq.zohopublic.com/ https://vts.zohopublic.com/ *.hotjar.com/; connect-src 'self' *.via.com/ *.googleapis.com *.google.com/ www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ *.facebook.com/ wzrkt.com/ *.cloudfront.net *.firebaseio.com/ *.itzcash.com/ instacred.me/v1/smartUserDetect https://salesiq.zoho.in/widget https://salesiq.zoho.in/getembeddetails.ls ws://vts.zohopublic.in/watchws https://salesiq.zohopublic.in/ https://salesiq.zoho.com/ ws://vts.zohopublic.com/watchws https://salesiq.zohopublic.com/ https://vts.zohopublic.com/watch http://vts.zohopublic.com/watch https://stats.g.doubleclick.net/j/collect *.hotjar.com *.hotjar.io 1
default-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com https://api.qrserver.com https://*.iris.informa.com https://*.taboola.com https://*.atlassian.com https://*.unlayer.com https://*.fontawesome.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://*.cfmediaview.com https://cdn.bttrack.com https://xpressreg.net https://*.xpressreg.net https://xpressleadpro.com https://*.xpressleadpro.com https://xpressleadpro.net https://*.xpressleadpro.net https://xpresspaymentservice.com https://*.xpresspaymentservice.com https://exhibitoremails.com https://*.exhibitoremails.com https://cdsdatasense.Com https://*.cdsdatasense.Com https://*.adroll.com https://*.ingo.me https://ingo.me https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.ads-twitter.com https://*.google.com https://*.twitter.com https://*.googleadservices.com https://*.feathr.co https://ads.yahoo.com https://*.adsrvr.org https://*.cloudfront.net https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.onpeak.com https://assets.adobedtm.com https://*.googletagmanager.com https://*.melissadata.net https://*.acs.org https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.hs-analytics.net https://forms.hubspot.com https://*.marketo.net https://*.gstatic.com https://app.webreg.me https://px.ads.linkedin.com https://*.linkedin.com https://pixel-a.basis.net https://*.bing.com https://*.dpmsrv.com https://*.marinsm.com https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.hubapi.com https://*.olark.com https://*.appcues.com wss://*.appcues.net https://*.aimtell.com https://*.hotelmapdms.com https://hotelmap.com https://*.hotelmap.com https://*.stackadapt.com https://ip-api.com https://script.crazyegg.com https://gloriousbeef.com wss://in.visitors.live https://invt.io https://snap.licdn.com https://*.pmmimediagroup.com https://*.twimg.com https://cdn.syndication.twimg.com https://ib.adnxs.com https://*.youtube.com https://*.eventnx.com https://*.tiqcdn.com https://*.tealiumiq.com https://*.demdex.net https://nationalassociationofrealtors.d1.sc.omtrdc.net https://*.llnwd.net https://*.walkme.com https://*.powerbi.com/ https://*.choozle.com https://*.spiceworks.com https://*.ensighten.com https://*.adsrvr.org https://*.adroll.com https://*.aimtell.com https://us-u.openx.net https://idsync.rlcdn.com https://eb2.3lift.com https://*.adroll.mgr.consensu.org https://*.insightexpressai.com https://*.hotjar.com https://*.perfectaudience.com https://*.prfct.co https://*.aimtell.io https://*.hs-banner.com https://*.hsadspixel.net https://*.outbrain.com https://*.campaigntracker.io https://*.cloudflare.com https://*.mkt941.com https://trc.taboola.com https://*.pubmatic.com https://*.rubiconproject.com https://*.quantserve.com https://*.refersion.com https://*.2mdn.net https://*.b2clogin.com https://*.gleanin.com https://*.rlets.com https://*.unlayer.com https://*.hscollectedforms.net https://komito.net https://*.vfairs.com https://*.sitescout.com https://*.pixel.ad https://i.snoball.it https://widget.freshworks.com https://cdn.linkedin.oribi.io https://*.quantcount.com https://s.pinimg.com https://ct.pinterest.com https://api.snoball.it https://*.42chat.com https://*.segment.com https://api.segment.io https://s3.divcom.com https://*.mktoresp.com https://divcom.tt.omtrdc.net https://*.cookielaw.org https://*.freshdesk.com https://analytics.tiktok.com; img-src * data: blob:; 1
frame-ancestors *.bajajfinservmarkets.in *.BajajFinserv.in www-bajajfinservmarkets-in.cdn.ampproject.org www.google.com *.adobe.com *.netcorecloud.com 1
frame-ancestors 'self' https://manage.officer.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://d2bnxibecyz4h5.cloudfront.net https://www.google-analytics.com/analytics.js https://static.cdn.prismic.io/prismic.js; connect-src 'self' https://www.google-analytics.com https://surveygizmobeacon.s3.amazonaws.com https://world-community-grid.cdn.prismic.io https://world-community-grid.prismic.io/api/v2; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.surveygizmo.com https://world-community-grid.prismic.io/; 1
default-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.trustedshops.com www.google-analytics.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com www.google-analytics.com; img-src https: 'self' https://stats.ledl.net http://homepage-kosten.de http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.trustedshops.com www.google-analytics.com data:; font-src 'self' *.trustedshops.com https://manage.alldomains.hosting http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; frame-ancestors 'self' https://stats.ledl.net; frame-src 'self' https://stats.ledl.net www.youtube-nocookie.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; form-action 'self' *.alldomains.hosting; connect-src 'self' https://stats.ledl.net *.trustedshops.com www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src-elem 'self' 'unsafe-inline'; child-src 'none'; prefetch-src 'none'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://tableau.onedayonly.co.za http://*-buyersportal.onedayonly.co.za;; 1
frame-ancestors 'self' https://search1.kracie.co.jp https://kamposhop.kracie.co.jp; 1
base-uri 'self';default-src 'self' https://*.stripe.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.google-analytics.com blob:;font-src 'self' https: data:;img-src 'self' https://*.downloadhelper.net https://*.google-analytics.com data:;script-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.stripe.com https://cdnjs.cloudflare.com https://js.stripe.com https://www.google-analytics.com blob:;frame-src 'self' https://*.stripe.com;object-src 'none';style-src 'self' https: 'unsafe-inline' https://*.bootstrapcdn.com;upgrade-insecure-requests 1
frame-ancestors 'self' https://*.allohealth.care https://*.allohealth.care:3000 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com cdn.cookielaw.org *.mutinycdn.com *.couchbase.com geolocation.onetrust.com stats.wp.com *.doubleclick.net script.crazyegg.com snap.licdn.com bat.bing.com cdn.bizible.com *.6sc.co *.marketo.net *.marketo.com connect.facebook.net code.createjs.com snippet.ramblechat.com trk.techtarget.com storage.googleapis.com www.googleadservices.com www.google.com www.gstatic.com https://cdn.jsdelivr.net https://beacon-v2.helpscout.net https://cdn.mxpnl.com https://fast.wistia.com https://yoast.com https://*.semrush.com https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' *.wp.com *.couchbase.com *.marketo.com fonts.googleapis.com cdn.cookielaw.org; img-src 'self' * *.couchbase.com *.mutinycdn.com *.wp.com *.google.com *.googletagmanager.com  *.googleadservices.net *.doubleclick.net *.linkedin.com *.bizible.com cdn.bizibly.com *.facebook.com *.cloudfront.net *.6sc.co cdn.cookielaw.org bat.bing.com secure.gravatar.com blob: data:; connect-src 'self' *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com *.onetrust.com *.linkedin.com *.6sc.co *.kochava.com *.techtarget.com *.mktoresp.com *.mktoutil.com *.terminus.services *.amazonaws.com *.geoplugin.net *.couchbase.com *.crazyegg.com *.facebook.com api.zippopotam.us bat.bing.com boards-api.greenhouse.io bpi.briteverify.com cdn.cookielaw.org realtime.ramblechat.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.cloudfront.net https://beaconapi.helpscout.net https://pipedream.wistia.com https://api-js.mixpanel.com https://my.yoast.com https://yoast.com https://*.semrush.com https://api.amplitude.com https://www.google-analytics.com wss:; font-src 'self' *.wp.com fonts.gstatic.com data:; frame-src *.doubleclick.net *.marketo.com *.google.com *.facebook.com *.couchbase.com *.onetrust.com player.vimeo.com widgets.wp.com www.youtube.com https://wp-rocket.me https://cdn.semrush.com; frame-ancestors 'self' https://app.mutinyhq.com; worker-src 'self' blob:; 1
frame-ancestors 'self' topface.com *.topface.com vk.com *.vk.com mail.ru *.mail.ru ok.ru *.ok.ru facebook.com *.facebook.com; report-uri /csp-report/; 1
frame-ancestors 'self' https://*.onstar.com https://enrollment.autopartners.net/ https://*.gm.com 1
default-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://m.v12finance.com https://*.sope360.com 1
frame-ancestors 'self' https://manage.firehouse.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.justmylook.com; base-uri 'self' 1
frame-ancestors 'self' https://dm.apuestas.codere.es https://m.clubcodere.es https://m.apuestas.codere.es https://m.codere.pa https://dm.clubcodere.es https://m.codere.com.co https://blog.codere.es file://*; 1
default-src 'none' ; connect-src https://www.tempest.com https://*.www.tempest.com https://*.tempest.com https://tempest.com https://*.ingest.sentry.tempest.com https://*.apple-mapkit.com ; script-src blob:  https://www.tempest.com https://*.www.tempest.com https://*.tempest.com https://tempest.com https://*.ingest.sentry.tempest.com https://*.apple-mapkit.com https://geoloc.tempest.com 'unsafe-inline' 'unsafe-eval'; manifest-src https://www.tempest.com https://*.www.tempest.com https://tempest.com ; font-src data: https://www.tempest.com https://*.www.tempest.com https://tempest.com https://cdnjs.cloudflare.com/ ; img-src https: data: https://www.tempest.com https://*.www.tempest.com https://tempest.com https://*.tempest.com https://*.bing.com/ https://*.bing.net/ https://*.mm.bing.net https://*.explicit.bing.net ; style-src 'self' https://www.tempest.com https://*.www.tempest.com https://tempest.com https://cdnjs.cloudflare.com/ 'unsafe-inline'; object-src 'none' ; worker-src blob: https://www.tempest.com https://tempest.com https://*.www.tempest.com ; child-src blob:  https://www.tempest.com https://*.www.tempest.com https://tempest.com ; form-action  https://www.tempest.com https://*.www.tempest.com https://tempest.com ; frame-ancestors 'none' ; base-uri 'self' ; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com; script-src  'self' blob: 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com recaptcha.net *.vimeo.com *.googletagmanager.com *.licdn.com *.google-analytics.com *.youtube.com *.leadlab.click *.wiredminds.de *.hotjar.com *.myvisitors.se *.nr-data.net *.newrelic.com *.driftt.com *.6sc.co *.doubleclick.net *.qualtrics.com *.gstatic.com *.googleapis.com *.mfn.se *.datablocks.se *.googleadservices.com trelleborg.piwik.pro trelleborg.workbuster.com secure.leadforensics.com *.en25.com *.zscalertwo.net code.highcharts.com *.googlesyndication.com; font-src  'self' data: fonts.gstatic.com fonts.googleapis.com eur02.safelinks.protection.outlook.com *.hotjar.com app.emarketeer.com *.zscalertwo.net widget.datablocks.se; img-src  'self' data: *.google-analytics.com *.w3.org *.linkedin.com *.google.de *.googletagmanager.com *.6sc.co *.google.com *.triggerbee.com *.qualtrics.com *.gstatic.com *.googleapis.com *.hotjar.com *.doubleclick.net *.eloqua.com *.zscalertwo.net widget.datablocks.se *.googleadservices.com; style-src 'self' 'unsafe-inline' cdn.datatables.net fast.fonts.net fonts.googleapis.com *.datablocks.se *.zscalertwo.net; connect-src  'self' ws: *.cookieinformation.com cdn.linkedin.oribi.io *.leadlab.click *.google-analytics.com *.doubleclick.net *.analytics.google.com *.nr-data.net *.hotjar.io *.google.com *.6sc.co *.triggerbee.com *.qualtrics.com *.googlesyndication.com *.googleapis.com *.hotjar.com *.mfn.se *.datablocks.se *.googleadservices.com ws.hotjar.com trelleborg.piwik.pro idx.liadm.com *.zscalertwo.net *.hana.ondemand.com *.linkedin.com; frame-src  'self' *.cookieinformation.com recaptcha.net *.youtube.com *.driftt.com *.vimeo.com *.doubleclick.net eur02.safelinks.protection.outlook.com iframe.dacast.com trelleborg.workbuster.com app.emarketeer.com view.vzaar.com *.zscalertwo.net *.trelleborgecf.com trelleborg-seals.via-em.com smc-lp.s4hana.ondemand.com privacyportalde-cdn.onetrust.com; media-src 'self' data: *.w3.org *.driftt.com *.zscalertwo.net; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com img.maxmodels.pl static.maxmodels.pl data:; 1
child-src 'self';connect-src 'self' https://*.browser-intake-datadoghq.com https://api.openai.com https://*.sentry.io http://*.pinalove.com https://*.googletagmanager.com http://*.thaifriendly.com https://*.apple.com https://rum.browser-intake-datadoghq.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com;default-src 'self';font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com;frame-src 'self' https://*.apple.com https://*.g.doubleclick.net https://*.google.com;img-src 'self' blob: data: http://*.gstatic.com https://*.googletagmanager.com http://*.pinalove.com http://*.thaifriendly.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com;manifest-src 'self' http://*.thaifriendly.com https://*.thaifriendly.com wss://*.thaifriendly.com;media-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.apple.com https://*.sentry-cdn.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.yahooapis.com;worker-src 'self' blob:; 1
default-src * data: blob: 'self'; img-src https://*.hotjar.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu 'self' blob: data: filesystem: https:; script-src *.uizard.io uizard.io https://*.cookiebot.com https://*.hotjar.com typeform.com *.typeform.com https://analytics.tiktok.com https://www.redditstatic.com https://pvdpix.com https://*.pvdpix.com https://*.mouseflow.com *.clarity.ms clarity.ms https://bat.bing.com cookieinformation.com *.cookieinformation.com https://js-eu1.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.sentry.io sentry.io https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.google.com google.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.facebook.net facebook.net 127.0.0.1:* *.ads-twitter.com ads-twitter.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.oribi.io oribi.io *.licdn.com licdn.com *.linkedin.com linkedin.com *.twitter.com twitter.com *.stripe.com stripe.com *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; style-src https://*.hotjar.com https://optimize.google.com https://fonts.googleapis.com data: blob: 'unsafe-inline' *; connect-src *.uizard.io uizard.io https://*.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com typeform.com *.typeform.com https://analytics.tiktok.com https://facebook.com https://pvdpix.com https://*.pvdpix.com *.oribi.io oribi.io *.licdn.com licdn.com *.linkedin.com linkedin.com *.clarity.ms clarity.ms https://bat.bing.com https://forms-eu1.hubspot.com cookieinformation.com *.cookieinformation.com *.sentry.io sentry.io *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com ws://localhost:* *.stripe.com stripe.com *.doubleclick.net doubleclick.net wss://*.uizard.io wss://*.pendo.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com *.intercomcdn.eu intercomcdn.eu wss://*.intercom.io blob: data: 'self'; font-src https://*.hotjar.com https://fonts.gstatic.com *.intercomcdn.com *.uizard.io uizard.io data: blob: 'self';frame-src https://*.cookiebot.com https://*.hotjar.com https://form.typeform.com https://www.google.com https://www.youtube.com https://www.facebook.com cookieinformation.com *.cookieinformation.com https://optimize.google.com *.uizard.io uizard.io data: blob: 'self';block-all-mixed-content;upgrade-insecure-requests; 1
media-src onelya.ru; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-7snZQlPJXF9UnaLZHyrZ' 'nonce-+5WMmOLir6UPVSc4kdTc' 1
frame-ancestors 'self' https://noticiasrcn.com https://*.noticiasrcn.com https://*.canalrcn.com https://canalrcn.com https://*.canalrcn.tech; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NWQ1OWI3ZjE5NzY5NDMwMzg2NDY5YzRiOGMzZjVhZjA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.defensie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.defensie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.defensie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors 'self' https://*.albayan.ae 1
default-src 'self'; script-src 'unsafe-inline' https://g792337342.co 1
upgrade-insecure-requests;block-all-mixed-content; report-uri https://zhtz6kg8.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' *.ajax.nl 1
frame-ancestors http://*.kindermorgan.com https://*.kindermorgan.com 1
frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action shop.justlanded.com *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 1
default-src 'self' https://*.nuance.com https://*.oncor.com; font-src 'self' https://*.typekit.net data:; script-src https://*.twitter.com https://twitter.com https://oncor.upgrade.guide https://*.go-mpulse.net https://www.googletagmanager.com https://www.google-analytics.com https://vc.hotjar.io https://www.youtube.com https://*.go-mpulse.net https://*.adobedtm.com https://*.hotjar.com https://dtprod.oncor.com https://connect.facebook.net https://*.nuance.com https://s7d1.scene7.com 'self' 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://analytics.google.com wss://ws.hotjar.com/api/v2/client/ws https://oncor.upgrade.guide https://*.oncor.com https://*.onc-prod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://oncor.egnyte.com https://oncor.sc.omtrdc.net https://www.google-analytics.com https://ola-svc-dev.apps.odcocpdev01.stage.corp.oncor.com https://*.akamaihd.net https://*.onc-nonprod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://*.oncor.com https://*.hotjar.io https://*.akstat.io https://dtprod.oncor.com https://*.go-mpluse.net https://c.go-mpulse.net/api/config.json https://dpm.demdex.net https://*.scene7.com https://*.hotjar.com https://*.nuance.com 'unsafe-inline'; img-src 'self' https://dpm.demdex.net https://*.nuance.com https://oncor.sc.omtrdc.net https://www.facebook.com https://dev.day.com https://s7d1.scene7.com data: blob: 'unsafe-inline';media-src 'self' https://player.vimeo.com https://www.youtube.com https://*.scene7.com https://media-us2.digital.nuance.com https://*.nuance.com blob:; frame-src 'self'  https://*.twitter.com https://oncor.upgrade.guide https://*.oncor.com https://*.nuance.com https://oncor.demdex.net https://oncor.egnyte.com https://stormcenter.oncor.com https://www.facebook.com https://www.b2i.us https://player.vimeo.com https://www.youtube.com data:; object-src 'self' blob:; style-src 'self' https://*.nuance.com https://*.scene7.com https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' blob: data: * 1
frame-ancestors 'self' *.crictracker.com https://jionews.com *.dailyhunt.in *.ril.com *.pie.news https://jionewsdev1.jio.ril.com 1
frame-ancestors 'self' *.digit.in 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yastatic.net cdnjs.cloudflare.com informer.yandex.ru *.75.ru *.gosuslugi.ru *.e-zab.ru *.xn--80apaohbc3aw9e.xn--p1ai xn--80apaohbc3aw9e.xn--p1ai unpkg.com vashkontrol.ru img.icons8.com app-dev.xn--80apaohbc3aw9e.xn--p1ai ervk.gov.ru forms.yandex.ru ajax.googleapis.com rutube.ru youtube.com www.youtube.com knd.gov.ru *.yandex.ru *.yandex.net yandex.ru data: blob:;, img-src 'self' *.75.ru *.gosuslugi.ru informer.yandex.ru vashkontrol.ru xn--80apaohbc3aw9e.xn--p1ai img.icons8.com app-dev.xn--80apaohbc3aw9e.xn--p1ai *.yandex.ru *.yandex.net yandex.ru data:;, font-src 'self' *.gosuslugi.ru *.75.ru *.xn--80apaohbc3aw9e.xn--p1ai data:;, style-src 'self' 'unsafe-inline' vashkontrol.ru cdnjs.cloudflare.com xn--80apaohbc3aw9e.xn--p1ai pos.gosuslugi.ru;, script-src 'self' 'unsafe-inline' 'unsafe-eval'  mc.yandex.ru *.gosuslugi.ru unpkg.com yastatic.net vashkontrol.ru xn--80apaohbc3aw9e.xn--p1ai *.75.ru ajax.googleapis.com *.yandex.ru *.yandex.net blob:;, connect-src 'self' mc.yandex.ru informer.yandex.ru *.75.ru *.gosuslugi.ru *.e-zab.ru *.xn--80apaohbc3aw9e.xn--p1ai *.xn--80apaohbc3aw9e.xn--p1ai app-dev.xn--80apaohbc3aw9e.xn--p1ai ervk.gov.ru forms.yandex.ru rutube.ru youtube.com www.youtube.com knd.gov.ru;, frame-ancestors 'self' 1
default-src 'self' https://*.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.termsfeed.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; img-src 'self' https://*.google-analytics.com data:; frame-src 'self' https://www.youtube.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://qoto.org https://maxcdn.bootstrapcdn.com; img-src 'self' https: data: blob: https://qoto.org; style-src 'self' https://qoto.org https://maxcdn.bootstrapcdn.com https://miy.pw https://hcaptcha.com https://*.hcaptcha.com 'nonce-u62MYxte8/4dwovdERHTVA=='; media-src 'self' https: data: https://qoto.org; frame-src 'self' https: https://hcaptcha.com https://*.hcaptcha.com; manifest-src 'self' https://qoto.org; connect-src 'self' data: blob: https://qoto.org https://storage.gra.cloud.ovh.net wss://qoto.org; script-src 'self' https://qoto.org https://maxcdn.bootstrapcdn.com https://hcaptcha.com https://*.hcaptcha.com; child-src 'self' blob: https://qoto.org; worker-src 'self' blob: https://qoto.org 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.barandbench.com https://jionews.com/ https://jionewsdev1.jio.ril.com/;block-all-mixed-content; 1
script-src 'unsafe-inline' 'unsafe-eval' newslab.su www.newslab.su code.createjs.com tagmanager.google.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com maps.google.com maps.googleapis.com pagead2.googlesyndication.com adservice.google.com adservice.google.ru cdn.ampproject.org code.jquery.com vk.com api-maps.yandex.ru www.instagram.com platform.instagram.com relap.io top-fwz1.mail.ru mediator.imgsmail.ru collector.mediator.media static.criteo.net cas.criteo.com ad.mail.ru ajax.googleapis.com newslab.ru www.newslab.ru s.newslab.ru cdnjs.cloudflare.com jsn.24smi.net js-agent.newrelic.com bam.nr-data.net cdn.onthe.io tt.onthe.io www.googletagmanager.com an.yandex.ru yastatic.net www.google-analytics.com mc.yandex.ru radario.ru code.jivosite.com yandex.st; object-src 'none'; base-uri newslab.ru; style-src 'self' 'unsafe-inline' s.newslab.ru tagmanager.google.com fonts.googleapis.com ajax.googleapis.com relap.io ssl.p.jwpcdn.com; 1
frame-ancestors https://devtest.kooapps.com *.crazygames.com *.crazygames.nl *.crazygames.sb *.crazygames.cg *.crazygames.fr koogames.com kooverse.com *.kooverse.com *.koogames.com 1
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https: http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https: https://script.hotjar.com http://script.hotjar.com; media-src 'self' data: blob: mediastream: https:; frame-ancestors 'self' *.conad.it *.nscdev.it *.nsctst.it *.nscpre.it  *.nscstg.it; frame-src 'self' data: https: https://vars.hotjar.com; font-src 'self' data: https: http://script.hotjar.com https://script.hotjar.com; connect-src 'self' data: https: http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com 1
default-src 'self' clientstream.launchdarkly.com chat-au.libanswers.com api3-au.libcal.com lgapi-au.libapps.com noembed.com cdn.plyr.io lpcdn.lpsnmedia.net; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.libcal.com lgapi-au.libapps.com chat-au.libanswers.com lm.serving-sys.com cdn.plyr.io noembed.com stats.g.doubleclick.net adservice.google.com analytics.tiktok.com bond.university cdn.linkedin.oribi.io secure-ds.serving-sys.com www.facebook.com www.google.com tr.snapchat.com bond.edu.au gtm-m6dphq3-zjy3m.uc.r.appspot.com www.capi.bond.edu.au service.ap1.liveassistfor365.com wss://service.ap1.liveassistfor365.com wss://sy.msg.liveperson.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.redditstatic.com *.taboola.com px.ads.linkedin.com api.intentiq.com analytics.google.com munchkin.marketo.net munchkin-cdn.marketo.net 186-xng-575.mktoresp.com; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com use.typekit.net p.typekit.net service.ap1.liveassistfor365.com https://*.hotjar.com; frame-src 'self' www.googletagmanager.com bond.libanswers.com youtube.com www.youtube.com use.mazemap.com player.vimeo.com www.google.com app-sn04.marketo.com e.issuu.com bond.stackmap.com unibuddy.co lpcdn.lpsnmedia.net eap.ascentone.com *.fls.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com www.facebook.com insight.adsrvr.org td.doubleclick.net tr.snapchat.com match.adsrvr.org secure-ds.serving-sys.com ds.serving-sys.com lm.serving-sys.com bs.serving-sys.com server.sy.liveperson.net sy.idp.liveperson.net sy.msg.liveperson.net; img-src 'self' ssl.gstatic.com www.gstatic.com fonts.gstatic.com *.google-analytics.com *.googletagmanager.com *.siteimproveanalytics.io libapps.s3.amazonaws.com data: picsum.photos i.picsum.photos i.ytimg.com *.google.com googleads.g.doubleclick.net px.ads.linkedin.com p.adsymptotic.com www.facebook.com dc.ads.linkedin.com insight.adsrvr.org secure.adnxs.com analytics.tiktok.com analytics.twitter.com pixel.roymorgan.com static.bond.edu.au t.co www.linkedin.com www.google.cl www.google.co.cr www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.com.ar www.google.com.co www.google.com.gh www.google.com.my www.google.com.ng www.google.com.ph www.google.com.sb www.google.la www.google.no www.google.nr www.google.tl *.google.com.au www.google.ae *.global.siteimproveanalytics.io ib.adnxs.com www.google.ca www.google.co.bw www.google.co.tz www.google.co.uk www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.cu www.google.com.eg www.google.com.et www.google.com.fj www.google.com.hk www.google.com.lb www.google.com.ly www.google.com.pe www.google.com.pk www.google.com.sg www.google.com.tw www.google.de www.google.es www.google.fr www.google.gr www.google.ie www.google.lk www.google.nl www.google.ps www.google.se *.ads.linkedin.com www.google.bt www.google.co.ke www.google.co.ma www.google.com.af www.google.com.bd www.google.com.ec www.google.com.na www.google.com.pg www.google.com.qa www.google.com.tr www.google.jo www.google.pl www.google.to *.mookie1.com lpcdn.lpsnmedia.net secure-ds.serving-sys.com ds.serving-sys.com *.hotjar.com sync.intentiq.com alb.reddit.com tr.snapchat.com; object-src 'none'; script-src 'self' siteimproveanalytics.com region-au.libanswers.com sy.v.liveperson.net lptag.liveperson.net lpcdn.lpsnmedia.net accdn.lpsnmedia.net e.issuu.com bond.libanswers.com 'sha256-NLMwpGTm+o0htz/YoD7o9Imc5ipST98gIalWtsQlm08=' 'sha256-/psy9wVB+ufelM86s/I0orYEk8ErruvV8ZqsTbN48BY=' player.vimeo.api player.vimeo.com www.youtube.com www.google.com www.gstatic.com app-sn04.marketo.com tagmanager.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com 'sha256-bUAiv6MQ42WYRwUuR4M7/PnOd76UAtLA5217HeojERQ=' 'sha256-rN2Z0TylnRQ+5LuO2TTEPDzwF3/eMC8qdO4scNVESN0=' 'sha256-VdTQZOOA6p1QIhBQM+axlBd0ikS+W/fho1WFPEVTcdA=' secure-ds.serving-sys.com platform.twitter.com static.ads-twitter.com snap.licdn.com connect.facebook.net bs.serving-sys.com acdn.adnxs.com ajax.cloudflare.com *.doubleclick.net js.adsrvr.org sc-static.net analytics.tiktok.com secure.adnxs.com www.googleadservices.com *.google.com tpc.googlesyndication.com *.mookie1.com ds.serving-sys.com lm.serving-sys.com gtm-m6dphq3-zjy3m.uc.r.appspot.com www.capi.bond.edu.au service.ap1.liveassistfor365.com *.hotjar.com munchkin.marketo.net *.redditstatic.com *.taboola.com *.linkedin.com tr.snapchat.com *.byspotify.com cafex.com liveassistcloud.com liveassistfor365.com munchkin-cdn.marketo.net https://api.mazemap.com https://www.google.com 'nonce-xt-w1cxgGlYuvj27HvGCVV-oPutvcU7F'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com bond.libanswers.com data: fonts.gstatic.com use.typekit.net p.typekit.net app-sn04.marketo.com service.ap1.liveassistfor365.com *.hotjar.com www.googletagmanager.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://builtwith.com; upgrade-insecure-requests 1
frame-ancestors 'self' http://bloom.test http://bloomudev.prod.acquia-sites.com https://bloomudev.prod.acquia-sites.com http://bloomustg.prod.acquia-sites.com https://bloomustg.prod.acquia-sites.com https://www.bloomu.edu http://bloomu.prod.acquia-sites.com https://bloomu.prod.acquia-sites.com https://bloom.ddev.site https://commonwealth.ddev.site https://www.commonwealthu.edu https://dev.admissions.bloomu.edu/ https://stage.admissions.bloomu.edu https://admissions.bloomu.edu; report-uri https://www.bloomu.edu/report-uri/enforce 1
frame-ancestors 'self' https://neo.deutsche-wirtschafts-nachrichten.de 1
frame-ancestors 'self' *.sarsefiling.co.za 1
img-src 'self' *.azurewebsites.net *.wpengine.com *.chuckecheese.com *.cecentertainment.net *.azureedge.net *.typekit.net *.gstatic.com *.googleapis.com data: *.bing.com t.co *.adnxs.com *.google-analytics.com *.google.co.in *.google.com *.facebook.com *.adroll.com *.ktxlytics.io *.windows.net *.sc-static.net *.snapchat.com *.smushcdn.com *.wisepops.com *.doubleclick.net 1
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at player.vimeo.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' https://atlantafed.org https://www.atlantafed.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.top-ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval'  t.contentsquare.net   app.contentsquare.com   t.clicktale.net  contentsquare.com *.contentsquare.net *.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com *.jquery.com datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com scotiabank.tt.omtrdc.net  *.scotiabank.com  snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com  52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com www.scotiabank.com.pe;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com.pe  *.google.ca  *.google.com  *.adobedtm.com  https://www.google-analytics.com   *.facebook.com   *.scotiabank.com   *.winperu.pe   *.googleapis.com   datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com   snap.licdn.com   px.ads.linkedin.com   p.adsymptotic.com   52.18.162.157   52.17.161.123   activitymap.adobe.com   googleads.g.doubleclick.net   *.contentsquare.net  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com ;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval' *.clicktale.net contentsquare.com *.contentsquare.net www.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com scotiabank.tt.omtrdc.net datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com  *.scotiabank.com snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com 52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com ; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 1
frame-ancestors 'self' https://*.allhomes.com.au 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; connect-src *; media-src * blob:; worker-src * blob:; frame-ancestors www.artsonia.com admin.artsonia.com 1
default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' simpplr.com *.simpplr.com *.simpplr.com/* ajax.cloudflare.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms googleadservices.com *.googleadservices.com licdn.com *.licdn.com bing.com *.bing.com marketo.net *.marketo.net marketo.com *.marketo.com ampproject.org *.ampproject.org salesloft.com *.salesloft.com 6sc.co *.6sc.co googleapis.com *.googleapis.com facebook.net *.facebook.net doubleclick.net *.doubleclick.net driftt.com *.driftt.com googletagmanager.com *.googletagmanager.com geolocation-db.com wistia.com *.wistia.com wistia.net *.wistia.net simpplr.wistia.com *.wistia.com pinimg.com *.pinimg.com addtoany.com *.addtoany.com capterra.com *.capterra.com google.com *.google.com gstatic.com *.gstatic.com wpenginepowered.com *.wpenginepowered.com sf-syn.com *.sf-syn.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.simplecast.com simplecast.com *.cookiebot.com consent.cookiebot.com *.bizible.com cdn.bizible.com *.prod.mplat-ppcprotect.com *.lunio.ai static.hotjar.com *.hotjar.com cdn.omniconvert.com *.omniconvert.com embedsocial.com *.embedsocial.com rum-static.pingdom.net yoast.com *.yoast.com; connect-src * 'unsafe-inline' data:; img-src * data: blob: 'unsafe-inline' www.googletagmanager.com; frame-src *; style-src * blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; worker-src * blob: 'unsafe-inline'; object-src 'none'; 1
report-uri /csp-logger;report-to csp-endpoint;default-src 'self' https://vanguardassets.bmstatic.com/assets/;connect-src 'self' https://vanguardassets.bmstatic.com/assets/ https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.ru https://mc.yandex.tr https://mc.yandex.com https://cognito-identity.us-east-1.amazonaws.com https://mobileanalytics.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net https://analytics.google.com https://api.rollbar.com https://ajax.googleapis.com https://wa.onelink.me https://wa.appsflyer.com https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act;style-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vanguardassets.bmstatic.com/assets/ https://app.link https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.gstatic.com https://js.stripe.com https://mc.yandex.ru https://tagmanager.google.com https://websdk.appsflyer.com https://wa.onelink.me https://analytics.tiktok.com/;font-src 'self' https://vanguardassets.bmstatic.com/assets/ data: https://fonts.gstatic.com;img-src * 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ data: https://www.gstatic.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;media-src * 'self' 'unsafe-inline' https://ssl.gstatic.com;frame-src 'self' https://*.bookmate.com https://bookmate.com https://bookmate.onelink.me https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://simplecast.com https://mc.yandex.ru;form-action 'self' https://vanguardassets.bmstatic.com/assets/ https://www.facebook.com;object-src 'none';base-uri 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'none'; script-src 'self' *.google-analytics.com *.tiqcdn.com *.sentry-cdn.com 'unsafe-inline'; style-src 'self' 'sha256-2lJlIEmusyb3JNY53ydH88jUAHmut+w9MBHaD2PWEzY=' *.myfonts.net *.googleapis.com; connect-src *.frontdoorhome.com *.zestyio.com *.zesty.io *.zesty.dev frontdoor2019ir.q4web.com *.ingest.sentry.io; frame-src *.vimeo.com *.youtube.com; img-src *.zestyio.com *.zesty.io *.zesty.dev *.google-analytics.com *.doubleclick.net; font-src *.zestyio.com *.zesty.io *.googleapis.com *.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://s7.addthis.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.ckeditor.com https://platform.twitter.com https://maps.googleapis.com https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net https://*.google.com https://*.gstatic.com https://z.moatads.com https://www.googletagmanager.com https://v1.addthisedge.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://chat-widget.msd0001.stateauto.com https://code.jquery.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://tags.tiqcdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://fonts.googleapis.com https://fast.fonts.net https://maxcdn.bootstrapcdn.com https://svc.webspellchecker.net https://tagmanager.google.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://chat-widget.msd0001.stateauto.com https://code.jquery.com https://cdn.jsdelivr.net; img-src 'self' data: https://cdn.ckeditor.com https://www.google-analytics.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://www.webspellchecker.net http://chart.apis.google.com https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.freshchat.com https://chat-widget.msd0001.stateauto.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://s7.addthis.com https://svc.webspellchecker.net https://*.freshchat.com  wss://*.freshchat.com https://chat-widget.msd0001.stateauto.com https://fresh-api-dev.msd0001.stateauto.com/ https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.freshchat.com https://chat-widget.msd0001.stateauto.com https://cdn.jsdelivr.net; frame-src 'self' https://www.youtube.com https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com https://loader.webspellchecker.net https://svc.webspellchecker.net https://www.webspellchecker.net https://*.google.com https://calendar.google.com https://accounts.google.com https://*.freshchat.com https://*.freshworksapi.com https://*.rtschannel.com https://*.widen.net https://widen.net https://www.youtube.com/ https://youtu.be; 1
script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com; report-uri https://www.usmarshals.gov/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://identity.umbraco.com https://*.vo.msecnd.net https://static.identity.umbraco.com; style-src 'self' 'unsafe-inline' https://static.identity.umbraco.com; img-src 'self' data: https://static.identity.umbraco.com; font-src 'self' data: https://static.identity.umbraco.com; connect-src 'self' https://static.identity.umbraco.com https://dc.services.visualstudio.com 1
frame-src 'self' *.ouka.fi app.powerbi.com www.co2-raportti.fi www.oukapalvelut.fi kuvaus.digiturvamalli.fi looki.fi *.maps.zoneatlas.com oulunliikenne.fi *.zef.fi *.youtube.com *.vimeo.com youtu.be *.siteimprove.com *.thinglink.com https://consentcdn.cookiebot.com https://zef.fi https://www.oukapalvelut.fi https://app.widgets.thinglink.com https://www.google.com https://create.plandisc.com https://maps.google.com https://maps.google.fi https://fi.sms-service.dk https://kuvaus.digiturvamalli.fi https://ouka.creamailer.fi oulu.jaskaretail.com *.youtube-nocookie.com https://player.vimeo.com livekuvaukset.fi; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *.eventz.today *.flockler.com https://401oulu.boost.ai/chatPanel/chatPanel.js https://voiceintuitive-v3.z01.azurefd.net/widget.js https://voiceintuitive.s3.amazonaws.com https://tapahtumat.munoulu.fi https://www.googletagmanager.com blob: *.thinglink.me https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.askem.com/plugin/askem.js https://hakemisto.kirjastot.fi/embed/v1/launcher.js https://hakemisto.kirjastot.fi/embed/v1/schedules.js cdnjs.cloudflare.com https://cdn.siteimprove.net https://polyfill.io https://siteimproveanalytics.com https://static.aim.front.ai https://www.oukapalvelut.fi; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self'; report-uri https://www.ouka.fi/report-uri/enforce 1
frame-ancestors 'self' zerto.lookbookhq.com zerto.pathfactory.com zerto.seismic.com zerto.foleon.com editor.foleon.com zerto.preview.foleon.com app.foleon.com zerto.valooto.com zerto.dealhub.io dealhub.valooto.com go-dealroom.dealhub.io editor.valooto.com www.recordish.com www.record-ish.com zap.zerto.com content.zerto.com experience.zerto.com www.zerto.com; 1
default-src 'none'; connect-src 'self' *.sdmts.com *.plerdy.com *.doubleclick.net *.fontawesome.com *.iubenda.com *.googleapis.com *.ctctcdn.com *.constantcontact.com https://rs.fullstory.com https://maps.googleapis.com https://analytics.google.com https://demo.hafas.de https://platform.rtbiq.com https://sdmts-departures-schedules.steer-api.com https://tags.srv.stackadapt.com https://translate.googleapis.com *.google-analytics.com *.analytics.google.com; font-src 'self' data: *.sdmts.com https://demo.hafas.de https://fonts.gstatic.com https://ka-p.fontawesome.com https://themes.googleusercontent.com https://use.typekit.net; img-src 'self' data: https:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sdmts.com *.iubenda.com *.plerdy.com *.heatmap.it *.simpli.fi *.ctctcdn.com https://www.instagram.com/embed.js https://app.five9.com https://edge.fullstory.com https://heatmap.it https://www.youtube.com https://4376e39cb71b43dd88faba62ec8e3c21.js.ubembed.com https://assets.ubembed.com https://polyfill.io https://www.tickcounter.com https://cdnjs.cloudflare.com https://translate-pa.googleapis.com https://*.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://demo.hafas.de https://kit.fontawesome.com https://tags.srv.stackadapt.com https://translate.google.com https://translate.googleapis.com https://www.google.com https://*.google.com https://unpkg.com https://up.pixel.ad *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.sdmts.com *.fontawesome.com *.typekit.net *.heatmap.it *.ctctcdn.com https://www.gstatic.com https://app.five9.com https://cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://demo.hafas.de https://fonts.googleapis.com https://tags.srv.stackadapt.com https://translate.googleapis.com https://unpkg.com; frame-src 'self' *.sdmts.com *.google.com *.doubleclick.net *.heatmap.it https://www.instagram.com/ https://app.five9.com/ https://www.tickcounter.com https://cdn.knightlab.com https://demo.hafas.de https://pixel.sitescout.com https://www.facebook.com https://www.youtube.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.sdmts.com https://sdmts.us2.list-manage.com https://ww8.aitsafe.com https://www.facebook.com; 1
default-src 'self' https://skillsforall.com data: blob: https://skillsforall.com https://socialgoodplatform.com 'unsafe-inline' 'unsafe-eval' https://code.s4d.io code.s4d.io https://socialgoodplatform.com; img-src 'self' https://skillsforall.com data: blob: https://socialgoodplatform.com https://skillsforall.com https://cdn.cookielaw.org https://www.google-analytics.com https://cisco-tags.cisco.com https://www.facebook.com https://lms.socialgoodplatform.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://cisco-tags-stg.cisco.com https://bcbolt446c5271-a.akamaihd.net https://www.cisco.com code.s4d.io cdn.cookielaw.org https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com webexapis.com; script-src 'self' https://skillsforall.com 'unsafe-inline' 'unsafe-eval' blob: https://socialgoodplatform.com https://skillsforall.com https://munchkin.marketo.net https://manifest.prod.boltdns.net https://maps.googleapis.com https://tags.tiqcdn.com https://www.googletagmanager.com https://cdn.appdynamics.com https://www.google-analytics.com https://connect.facebook.net https://cdn.appdynamics.com https://www.cisco.com https://players.brightcove.net https://map.brightcove.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn.cookielaw.org https://edge.api.brightcove.com https://api.socialgoodplatform.com https://geolocation.onetrust.com https://dj5ag5n6bpdxo.cloudfront.net https://code.s4d.io cdn.ckeditor.com; style-src 'self' https://skillsforall.com 'unsafe-inline' https://cdnjs.cloudflare.com https://socialgoodplatform.com https://players.brightcove.net https://cdnjs.cloudflare.com https://code.s4d.io; frame-src 'self' https://skillsforall.com https://rm.skillsforall.com https://rmb.skillsforall.com https://skillsforall-ssac-backend.skillsforall.com https://ssac-backend.skillsforall.com https://adapt-backend.skillsforall.com mailto: data: blob: https://3569326.fls.doubleclick.net https://assessment.skillsforall.com https://contenthub.netacad.com https://pbl.socialgoodplatform.com https://interactive.socialgoodplatform.com https://lms.socialgoodplatform.com https://lms.skillsforall.com https://www.googletagmanager.com https://auth.socialgoodplatform.com https://www.facebook.com https://www6.nohold.net; connect-src 'self' https://skillsforall.com https://analytics.google.com https://geolocation.onetrust.com https://auth.socialgoodplatform.com https://059-vfz-834.mktoresp.com https://www.facebook.com https://privacyportal.cisco.com https://pdx-col.eum-appdynamics.com https://edge.api.brightcove.com  https://api.socialgoodplatform.com https://www.google-analytics.com https://cdn.cookielaw.org https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://stats.g.doubleclick.net 'unsafe-inline' *.wbx2.com *.ciscospark.com *.webex.com *.cisco.com code.s4d.io cdn.cookielaw.org wss://*.wbx2.com https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com  *.eum-appdynamics.com *.appdynamics.com webexapis.com; prefetch-src 'self' https://skillsforall.com https://bcbolt446c5271-a.akamaihd.net; font-src 'self' https://skillsforall.com code.s4d.io https://code.s4d.io data: blob: https://socialgoodplatform.com https://cdnjs.cloudflare.com code.s4d.io https://code.s4d.io wss://*.wbx2.com; media-src 'self' https://skillsforall.com data: blob: https://socialgoodplatform.com https://skillsforall.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net code.s4d.io https://code.s4d.io; 1
frame-ancestors 'self' orbea.altabox.net orbeaweb.altabox.net stories.orbea.com; 1
frame-ancestors 'self' https://leidenuniv.libwizard.com https://library-tutorials.leidenuniv.nl https://brightspace.universiteitleiden.nl 1
default-src 'self' https://www.clarity.ms https://*.clarity.ms https://c.bing.com ;             connect-src 'self' https://*.appliancesconnection.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com https://cdn.3cx.com https://1stop.ny.3cx.us:5001 wss://1stop.ny.3cx.us:5001 https://*.google-analytics.com https://*.bouncex.net/ https://*.cdnwidget.com/ https://*.cdnbasket.net/ https://*.bounceexchange.com/ https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://app.omnisend.com https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://*.paypal.com https://www.gstatic.com https://*.braintree-api.com https://*.braintreegateway.com https://*.pinterest.com https://*.ekomi.com https://*.getbread.com wss://*.bitrix24.com wss://*.iesnare.com https://*.doubleclick.net https://edeskpower.com https://*.equalweb.com https://staff.eshopperpro.com https://*.cnnx.link https://*.bing.com https://*.narrativ.com https://*.bam-x.com https://www.bizrate.com https://*.connexity.net wss://input.noibu.com https://input.noibu.com wss://*.gorgias.chat https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://tr2.smarterhq.io/ https://perfx.eshopperpro.com/  https://cdn01.basis.net/assets/ https://polishedprogressive.azurewebsites.net https://*.jifiti.com https://*.breadpayments.com https://*.breadgateway.net https://ssr-polished.azurewebsites.net https://www.sjwoe.com https://www.mczbf.com https://*.emjcd.com https://polished-usaepay.azurewebsites.net https://*.pixel.ad https://*.basis.net https://*.sitescout.com https://cj.dotomi.com;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.3cx.com https://www.clarity.ms https://*.clarity.ms https://1stop.ny.3cx.us:5001 https://unpkg.com https://staff.eshopperpro.com https://*.appliancesconnection.com https://app.omnisend.com https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://ajax.googleapis.com/ https://www.googleadservices.com https://www.google.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://*.comenity.net https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.facebook.net https://*.pinimg.com https://*.iesnare.com https://*.shopperapproved.com https://*.ekomi.com https://*.criteo.net https://*.criteo.com https://*.bitrix24.com https://*.getbread.com https://*.bazaarvoice.com https://*.bing.com https://*.app-us1.com https://trackcmp.net https://cdn01.basis.net/assets/ https://*.xg4ken.com https://*.pinterest.com https://*.houzz.com https://edeskpower.com https://*.equalweb.com https://*.cj.com https://cj.dotomi.com https://s3.amazonaws.com/idme/ https://checkoutuat.alldata.net https://*.veteransadvantage.com https://*.stripe.com https://*.stripe.network https://*.cnnx.link https://*.bing.com https://*.narrativ.com https://cdn.noibu.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://polishedprogressive.azurewebsites.net https://tag.wknd.ai/ https://*.bounceexchange.com https://tr2.smarterhq.io/ https://d1n00d49gkbray.cloudfront.net/ https://*.jifiti.com https://*.breadpayments.com https://*.breadgateway.net https://ssr-polished.azurewebsites.net https://www.sjwoe.com https://www.mczbf.com https://*.emjcd.com https://*.pixel.ad https://*.basis.net https://downloads-global.3cx.com;             style-src 'self' 'unsafe-inline' https://*.appliancesconnection.com https://www.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.comenity.net https://*.bazaarvoice.com  https://edeskpower.com https://s3.amazonaws.com/idme/ https://checkoutuat.alldata.net https://*.stripe.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://cdn01.basis.net/assets/ https://*.wisepops.com https://*.bounceexchange.com https://*.jifiti.com https://ssr-polished.azurewebsites.net https://cdn.jsdelivr.net https://cj.dotomi.com https://*.sitescout.com https://www.shopperapproved.com;             img-src 'self' blob: data: https://appliancesconnection.com https://*.appliancesconnection.com https://www.googletagmanager.com https://*.googletagmanager.com https://app.omnisend.com https://*.bouncex.net/ https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://*.google-analytics.com https://*.analytics.google.com https://cj.dotomi.com https://analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://cdn01.basis.net/assets/ https://*.youtube.com https://*.bounceexchange.com https://*.youtube-nocookie.com https://*.doubleclick.net https://*.paypal.com https://*.facebook.com https://*.pinterest.com https://www.sjwoe.com https://www.mczbf.com https://*.emjcd.com https://*.yahoo.com https://*.shopperapproved.com https://*.bazaarvoice.com https://*.bing.com https://*.xg4ken.com https://i.pinimg.com https://*.equalweb.com https://s3.amazonaws.com/idme/  https://*.criteo.com https://*.stripe.network https://*.bam-x.com https://www.bizrate.com https://*.connexity.net https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://tr2.smarterhq.io/ https://*.paypalobjects.com https://*.jifiti.com https://ssr-polished.azurewebsites.net https://*.pixel.ad https://*.basis.net https://*.sitescout.com;             frame-src 'self' https://*.google.com https://*.pinterest.com https://*.houzz.com *.doubleclick.net https://*.paypal.com https://*.comenity.net https://comenity.net https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://*.getbread.com https://*.criteo.com https://*.criteo.net https://*.ekomi.com https://*.cj.com https://cj.dotomi.com https://checkoutuat.alldata.net https://*.veteransadvantage.com https://*.bounceexchange.com/ https://cdn01.basis.net/assets/ https://*.bam-x.com https://*.stripe.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://perfx.eshopperpro.com/ https://*.jifiti.com https://*.breadpayments.com https://polished-usaepay.azurewebsites.net https://*.sitescout.com https://*.pixel.ad https://*.basis.net https://www.sjwoe.com https://www.mczbf.com https://*.emjcd.com;             font-src data: https://fonts.gstatic.com https://*.appliancesconnection.com https://*.gorgias.chat https://*.gorgias.io https://cdn01.basis.net/assets/ https://*.bounceexchange.com https://*.wisepops.com;             media-src 'self' data: wss://1stop.ny.3cx.us:5001 https://1stop.ny.3cx.us:5001 https://*.iesnare.com https://staff.eshopperpro.com/ https://*.stripe.network https://*.gorgias.chat https://*.gorgias.io https://cdn01.basis.net/assets/ https://*.wisepops.com;             frame-ancestors 'self' https://staff.eshopperpro.com/; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://lidl.qualifioapp.com  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.be  https://*.lidl.be  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://content.odj.cloud  https://contextual.media.net  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://lidl.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://event.yoochoose.net  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://*.googleapis.com https://*.svc.dynamics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au;font-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.gstatic.com; script-src  'self' 'unsafe-inline' https://*.clarity.ms https://*.facebook.net https://www.youtube.com https://*.google-analytics.com https://*.hotjar.com https://mktdplp102cdn.azureedge.net https://*.svc.dynamics.com https://www.amcharts.com https://maps.googleapis.com https://maps.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://www.googleadservices.com;img-src 'self' https://i.ytimg.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://ad.doubleclick.net https://ade.googlesyndication.com https://*.fls.doubleclick.net https://*.hotjar.com https://*.googletagmanager.com https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.svc.dynamics.com data:; media-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; frame-src 'self' https://www.facebook.com https://forms.office.com https://mktdplp102cdn.azureedge.net https://app.powerbi.com https://*.svc.dynamics.com https://www.amcharts.com https://*.google.com https://www.youtube.com https://*.g.doubleclick.net https://*.fls.doubleclick.net; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'sha256-wuUGytT74gV82V0ZtNWaMSFWZIZD5PTUOHm1M3DUvao=' 'sha256-utA+/XgpMrI2QHGx7Gwz/oza5v9bitTsXRX/ggcd8t4='; script-src 'self' ad.a-ads.com; 1
frame-ancestors https://*.aswo.com 1
frame-ancestors 'none'; child-src blob: https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; worker-src blob: https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; img-src 'self' *.google-analytics.com data: *.unicef.de *.googlesyndication.com *.google.com *.google.de *.gstatic.com *.googleapis.com *.adtriba.com *.bing.com t.co *.facebook.com banner.unicef.de *.thinglink.me *.juicer.io *.fundraisingbox.com *.adition.com *.omappapi.com *.doubleclick.net *.cookiepro.com *.tvsquared.com *.taboola.com *.adform.net *.googletagmanager.com *.seadform.net *.twiago.com *.ytimg.com *.twitter.com www.google.ch www.google.at www.google.it www.google.tr www.google.lu www.google.nl www.google.pl www.google.fr www.google.es www.google.dk www.google.co.uk *.paypal.com *.paypalobjects.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; media-src 'self' *.youtube.com *.youtube-nocookie.com *.juicer.io *.paypal.com *.juicer.io *.paypal.com *.paypalobjects.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.paypalobjects.com *.paypal.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.google-analytics.com *.google.com *.googleapis.com *.google.de *.gstatic.com *.cloudfront.net *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.googleapis.com *.bing.com *.ads-twitter.com *.facebook.net *.adtriba.com *.cloudflare.com *.hotjar.com *.googleadservices.com *.optmnstr.com *.ex.co *.juicer.io *.thinglink.me *.thinglink.com *.adition.com *.fundraisingbox.com *.pressekompass.net *.cookiepro.com *.playbuzz.com *.twitter.com *.omappapi.com *.utt.pm utt.pm *.seadform.net *.adform.net *.tvsquared.com *.lamapoll.de lamapoll.de cms-prod.unicef.de *.doubleclick.net *.googleoptimize.com *.twiago.com *.paypal.com *.paypalobjects.com *.taboola.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; frame-src 'self' *.ex.co *.google.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.tchop.io *.issuu.com *.thinglink.me *.fundraisingbox.com *.pressekompass.net *.twitter.com *.ende.rs ende.rs *.facebook.com lamapoll.de *.lamapoll.de *.lamapoll.io *.utt.pm *.doubleclick.net *.tvsquared.com *.adform.net *.adition.com *.adtriba.com *.omappapi.com *.seadform.net *.googleadservices.com *.hotjar.com app.powerbi.com *.twiago.com *.pageflow.io *.paypal.com *.paypalobjects.com *.taboola.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; form-action 'self' *.facebook.com *.paypalobjects.com *.paypal.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; report-to default 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-LUHMHkZgnqt1Kz32PjGdRA==' yastatic.net mc.yandex.ru mc.yandex.yandex api-maps.yandex.ru *.maps.yandex.net suggest-maps.yandex.ru www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' yastatic.net mc.yandex.ru blob:; font-src 'self' yastatic.net data:; img-src 'self' data: blob: avatars.yandex.net mc.admetrica.ru mc.yandex.ru mc.yandex.yandex yastatic.net avatars.mds.yandex.net *.cdn.yandex.net api-maps.yandex.ru *.maps.yandex.net static-maps.yandex.ru yandex.ru *.captcha.yandex.net storage-int.mds.yandex.net tc.mobile.yandex.net www.facebook.com carsharing.s3.yandex.net carsharing-violations.s3.yandex.net linkedin.com *.ads.linkedin.com www.linkedin.com www.google.com www.google.kz www.google.ru www.googleadservices.com googleads.g.doubleclick.net view.adjust.com ya-authproxy.taxi.yandex.yandex taxi-promotions.s3.yandex.net; frame-src 'self' forms.yandex.ru forms.yandex.com forms.yandex.kz forms.yandex.by forms.yandex.yandex www.youtube.com www.youtube-nocookie.com download.yandex.ru *.cdn.yandex.net trust.yandex.yandex; child-src 'self' blob:; connect-src 'self' mc.yandex.ru mc.yandex.yandex blob: yandex.ru passport.yandex.yandex *.yandex.net api-maps.yandex.ru trust.yandex.yandex ya-authproxy.taxi.yandex.yandex yastatic.net yandex.by yandex.ua yandex.kz yandex.com yandex.com.ge yandex.md yandex.kg yandex.uz yandex.ee yandex.rs yandex.lt; media-src streaming.video.yandex.ru *.storage.yandex.net *.cdn.yandex.net yastatic.net; frame-ancestors 'self' support-uber.com *.support-uber.com yango.yandex.com http://webvisor.com eda.yandex *.yandex-team.ru yandex.yandex *.yandex.yandex *.yandex.com; manifest-src 'self'; report-uri https://csp.yandex.net/csp?from=taxifrontend-taxi-frontend-go&project=taxifrontend-taxi-frontend-go&yandex_login=&yandexuid=; 1
frame-src 'self' *.eprice.com.tw *.eprice.com.hk *.doubleclick.net *.g.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleapis.com *.safeframe.googlesyndication.com *.safeframe.usercontent.goog *.google.com *.yahoo.com *.redditmedia.com www.facebook.com platform.twitter.com www.youtube.com datawrapper.dwcdn.net *.datawrapper.de *.instagram.com *.tiktok.com *.vimeo.com *.rubiconproject.com a.amnet.tw cdn.aralego.net s7.addthis.com s0.2mdn.net *.sascdn.com csync.smartadserver.com *.bilibili.com *.adform.com *.ad-generation.jp *.admanmedia.com *.admixer.net *.adnxs.com *.Adsolut.in *.adsparc.com *.adtech.com *.Advertising.com *.advertising.com *.aniview.com *.aol.com *.aolcloud.net *.appnexus.com *.aps.amazon.com *.aralego.com *.atemda.com *.beachfront.com *.betweendigital.com *.betweendigital.com *.btrll.com *.buzzoola.com *.connectad.io *.console.cmcm.com *.contextweb.com *.districtm.io *.EMXDGT.com *.fair-trademedia.com *.freewheel.tv *.gammassp.com *.genieesspv.jp *.google.com *.gumgum.com *.impactify.io *.improvedigital.com *.indexexchange.com *.innity.com *.lijit.com *.loopme.com *.mox.tv *.oogle.com *.openx.com *.openx.net *.pubmatic.com *.revcontent.com *.rhythmone.com *.rtb.bidsxchange.com *.rtbhouse.com *.rubiconproject.com *.scupio.com *.selectmedia.asia *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.synacor.com *.teads.tv *.tremorhub.com *.truvid.com *.truvidplayer.com *.ucfunnel.com *.undertone.com *.vdo.ai *.xad.com *.criteo.com *.yimg.com cs.gssprt.jp sync.adkernel.com *.streamable.com streamable.com js-sec.indexww.com *.casalemedia.com *.quantserve.com eb2.3lift.com imgur.com embed.ted.com; 1
frame-ancestors www.gstatic.com *.storyblok.com 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://api-maps.yandex.ru  https://yastatic.net https://neo.tildacdn.com/js/tilda-fallback-1.0.min.js https://api-maps.yandex.ru https://top-fwz1.mail.ru/js/code.js  https://www.googletagmanager.com https://api-maps.yandex.ru https://www.google-analytics.com https://googleads.g.doubleclick.net https://mc.yandex.ru/metrika/tag.js  https://mc.yandex.ru https://vk.com https://connect.facebook.net https://analytics.google.com; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://api-maps.yandex.ru https://fonts.googleapis.com; connect-src *; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://top-fwz1.mail.ru/js/code.js https://www.googletagmanager.com https://api-maps.yandex.ru https://www.youtube.com https://api-maps.yandex.ru; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=0c4j1r5iqu43l&partner=; 1
default-src 'self' https://www.youtube.com/ https://geoip-js.maxmind.com/; style-src 'self' https://fonts.googleapis.com/; img-src 'self' data: https://avatars0.githubusercontent.com https://avatars.githubusercontent.com https://avatars1.githubusercontent.com https://avatars2.githubusercontent.com https://avatars3.githubusercontent.com https://avatars4.githubusercontent.com https://avatars5.githubusercontent.com https://avatars6.githubusercontent.com https://avatars7.githubusercontent.com https://avatars8.githubusercontent.com https://www.google-analytics.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://js.maxmind.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 1
report-uri /api/report-csp-violation; script-src 'self' 'wasm-unsafe-eval' cdn.eiger.io cdn.dev.eiger.io cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com *.google-analytics.com *.googletagmanager.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io tagmanager.google.com use.typekit.net performance.typekit.com cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com js.stripe.com www.datadoghq-browser-agent.com 'sha256-1eJArrmrWAFkIw+mfskp4IYAwyLTHlG7k2ticca+J/Y=' 'nonce-acf2f173-efcd-49ba-bed4-8b64aaad51f3'; style-src 'self' 'unsafe-inline' cdn.eiger.io cdn.dev.eiger.io tagmanager.google.com *.googletagmanager.com fonts.googleapis.com use.typekit.net app.pendo.io cdn.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io; font-src 'self' cdn.eiger.io cdn.dev.eiger.io use.typekit.net fonts.gstatic.com data:; connect-src 'self' cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com stats.g.doubleclick.net/ s3.amazonaws.com/mfmatterhorn/ s3.amazonaws.com/mfvesuvius/ s3.amazonaws.com/mf-k2/ cognito-idp.us-east-1.amazonaws.com cdn.eiger.io/ cdn.dev.eiger.io/ performance.typekit.net app.pendo.io data.pendo.io pendo-static-5533347562455040.storage.googleapis.com content.product.eiger.io data.product.eiger.io *.google-analytics.com *.browser-intake-datadoghq.com status.eiger.io js.stripe.com mfeiger-production.s3.amazonaws.com mf-smartslice.s3.amazonaws.com performance.typekit.net wss://www.eiger.io; img-src 'self' data: cdn.eiger.io cdn.dev.eiger.io p.typekit.net data.pendo.io cdn.pendo.io app.pendo.io pendo-static-5533347562455040.storage.googleapis.com data.pendo.io content.product.eiger.io data.product.eiger.io *.google-analytics.com *.googletagmanager.com fonts.gstatic.com stats.g.doubleclick.net mfeiger-production.s3.amazonaws.com cdn.eiger.io; frame-src app.pendo.io *.googletagmanager.com js.stripe.com cmp.osano.com consent.api.osano.com disclosure.api.osano.com tattle.api.osano.com player.vimeo.com *.youtube.com; child-src app.pendo.io; frame-ancestors app.pendo.io; worker-src 'self' blob: 1
frame-ancestors 'self' https://app.storyblok.com https://myworld360ag.germany-2.evergage.com; 1
default-src 'self' *.bfs.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bfs.de *.itzbund.de cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.bfs.de *.itzbund.de cdnjs.cloudflare.com; object-src 'self' multimedia.gsb.bund.de *.bfs.de *.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.bfs.de *.itzbund.de; child-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.app3nulltest.com *.bfs.de *.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.bfs.de *.itzbund.de cdnjs.cloudflare.com *.openstreetmap.org; connect-src 'self' *.bfs.de *.openstreetmap.org *.itzbund.de; frame-ancestors 'self' *.bfs.de; 1
frame-src 'unsafe-inline' 'unsafe-eval' https: *.violet.vn *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.google.com *.eclick.vn *.polyad.net https://g.eclick.vn/ https://pagead2.googlesyndication.com/ 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src * data: 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src * blob:; child-src blob: gap:; img-src * blob: data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; object-src * data: 'unsafe-inline'; prefetch-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline'; connect-src * 'self' blob: data: 'unsafe-inline'; 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://www.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
child-src 'self'; connect-src 'self' https://*.airtrfx.com https://*.clarity.ms https://*.cookiepro.com https://*.everymundo.workers.dev https://*.everymundonet.workers.dev https://*.google-analytics.com https://*.onetrust.com https://*.securitytrfx.com https://*.sumologic.com https://analytics.google.com https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.co.za; default-src 'self'; font-src 'self' data: https://*.airtrfx.com https://*.everymundo.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://em-frame.securitytrfx.com https://www.facebook.com https://www.youtube.com/; img-src 'self' data: https: https://*.ads.linkedin.com https://*.airtrfx.com https://*.cookiepro.com https://*.everymundo.net https://*.google-analytics.com https://*.idio.episerver.net https://analytics.twitter.com https://maps.googleapis.com https://maps.gstatic.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.kenya-airways.com; script-src-elem 'self' 'unsafe-inline' https://*.airtrfx.com https://*.clarity.ms https://*.cookiepro.com https://*.google-analytics.com https://*.googletagmanager.com https://*.idio.episerver.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://feedback.ajua.com https://geoip-js.com https://js.monitor.azure.com https://maps.googleapis.com https://s.yimg.com https://snap.licdn.com https://static.ads-twitter.com; style-src-elem 'self' 'unsafe-inline' https://*.airtrfx.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com; style-src 'self' https://fonts.googleapis.com; style-src-attr 'unsafe-inline'; script-src 'unsafe-eval'; object-src 'none'; 1
default-src 'self' http: https: data: blob: 'unsafe-inline'  'unsafe-eval' 1
child-src http: https: blob: 'self' 'unsafe-inline'; connect-src *.sdiapi.com *.rapidspike.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io performance.typekit.net commerce.adobe.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com analytics.google.com google.com *.analytics.google.com stats.g.doubleclick.net us-central1-adaptive-growth.cloudfunctions.net app-measurement.com doubleclickbygoogle.com doubleclick.com doubleclick.net googleadservices.com googlesyndication-cn.com googlesyndication.com googletagservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com brilliantcollector.com *.brilliantcollector.com *.newrelic.com *.nr-data.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.clarity.ms bat.bing.com api.crobox.com cdn.crobox.io static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com static-tracking.klaviyo.com telemetrics.klaviyo.com kustomerapp.com *.kustomerapp.com knowledge-base.osprey.com locally.com *.locally.com api.addressy.com ekr.zdassets.com parcellab.com *.parcellab.com ct.pinterest.com pinterest.com *.pixriot.com *.storeimaging.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaltura.com *.criteo.com rapid-cdn.yottaa.com *.yottaa.net *.impactcdn.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src *.sdiapi.com fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustarc.com cdn.crobox.io *.klaviyo.com kustomerapp.com *.kustomerapp.com knowledge-base.osprey.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src *.sdiapi.com vice01.osprey.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.studentbeans.com consent-pref.trustarc.com helenoftroy.demdex.net www.facebook.com *.kmail-lists.com *.kustomer.support *.kustomer.help knowledge-base.osprey.com locally.com *.locally.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.criteo.com 'self' 'unsafe-inline'; img-src cdnjs.cloudflare.com widgets.magentocommerce.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com p.typekit.net www.googletagmanager.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.vimeocdn.com validator.swagger.io www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com t.paypal.com *.trustarc.com *.112.2o7.net *.clarity.ms *.bing.com *.crobox.com *.crobox.io www.facebook.com static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com *.cloudfront.net static-tracking.klaviyo.com telemetrics.klaviyo.com kustomerapp.com *.kustomerapp.com *.kustomerhostedcontent.com knowledge-base.osprey.com locally.com *.locally.com parcellab.com *.parcellab.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com yotpo-editor-production.s3.amazonaws.com *.kaltura.com *.reddit.com *.osprey.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com download-video.akamaized.net *.osprey.com blob: data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; script-src *.sdiapi.com *.rapidspike.com static.cloudflareinsights.com unpkg.com commerce.adobedtm.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com magento-recs-sdk.adobe.net  vimeo.com www.vimeo.com *.vimeocdn.com player.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.newrelic.com *.nr-data.net *.trustarc.com adobedtm.com *.algolia.net polyfill.io www.dwin1.com lantern.roeyecdn.com www.clarity.ms bat.bing.com api.crobox.com cdn.crobox.io connect.facebook.net static.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com a.klaviyo.com static-tracking.klaviyo.com telemetrics.klaviyo.com kustomerapp.com *.kustomerapp.com locally.com *.locally.com s7.addthis.com parcellab.com *.parcellab.com *.smartling.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaltura.com *.criteo.com *.avmws.com dynamic.criteo.com www.redditstatic.com rapid-cdn.yottaa.com *.impactcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klaviyo.com parcellab.com *.parcellab.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; upgrade-insecure-requests; 1
default-src 'self' data:; connect-src 'self' wss://peda.net blob: www.google-analytics.com region1.google-analytics.com;script-src 'self' 'report-sample' platform.instagram.com www.instagram.com https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://cdnjs.cloudflare.com/ajax/libs/bacon.js/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://cdnjs.cloudflare.com/ajax/libs/spectrum/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ connect.facebook.net payment.paytrail.com unpkg.com www.googletagmanager.com www.google-analytics.com; sandbox allow-downloads allow-popups allow-scripts allow-same-origin allow-forms allow-modals allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; img-src * data: blob:; object-src 'none'; style-src * 'unsafe-inline'; font-src * data: about:; media-src * data: blob:; frame-src * data:; 1
default-src 'self' data:; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *.opentok.com fonts.googleapis.com js.chargebee.com https://session.surfly-us.com; font-src 'self' fonts.gstatic.com https://session.surfly-us.com; frame-src 'self' js.chargebee.com https://surfly.quadernoapp.com https://surfly-us.com *.surfly-us.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.opentok.com stats-api.surfly.com js.chargebee.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com https://session.surfly-us.com surfly.com web2smartconnect.eu surfly.io cobrowse.pathadvice.ai cobrowsing.empathy-portal.de surfly-us.com cobrowsing.uateltropy.com cobrowsing.qa3-eltropy.com cobrowsing.eltropy.com signing.remotenotarez.com cobrowse.natcocu.org cobrowse.arvest.com cobrowse.nccyou.com cobrowse.alkamitech.com connecttoassist.syf.com customerassistance.cubesmart.com; connect-src 'self' js.chargebee.com *.opentok.com stats-api.surfly.com *.tokbox.com wss://*.tokbox.com *.surfly-us.com surfly.com web2smartconnect.eu surfly.io cobrowse.pathadvice.ai cobrowsing.empathy-portal.de surfly-us.com cobrowsing.uateltropy.com cobrowsing.qa3-eltropy.com cobrowsing.eltropy.com signing.remotenotarez.com cobrowse.natcocu.org cobrowse.arvest.com cobrowse.nccyou.com cobrowse.alkamitech.com connecttoassist.syf.com customerassistance.cubesmart.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-7bU3B6qX/uPFcSmunaIqmw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
script-src 'self' https://unpkg.com/axios/dist/axios.min.js https://unpkg.com/fullpage.js/dist/fullpage.min.js https://ajax.googleapis.com https://use.typekit.net https://d3e54v103j8qbb.cloudfront.net https://assets-global.website-files.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.googletagmanager.com https://static.hotjar.com https://cdn.mouseflow.com https://snap.licdn.com https://acsbapp.com https://script.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://js.hs-scripts.com https://static.ads-twitter.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://googleads.g.doubleclick.net 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com http://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com http://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com http://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' https://aurora.videojet.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902; 1
default-src 'self' *.relay42.com vars.hotjar.com 6162542.fls.doubleclick.net;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com script.hotjar.com snap.licdn.com static.cloud.coveo.com static.hotjar.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com www.awin1.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src data: 'self' *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com https://i.ytimg.com;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com https://*.hotjar.com https://*.hotjar.io k-aeu1.contentsquare.net l.contentsquare.net  maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com vc.hotjar.io wss://*.hotjar.com wss://bat.bing.com www.google-analytics.com www.google.com *.service.signalr.net wss://*.service.signalr.net;media-src 'self' ;object-src 'self' ;child-src blob: 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'self' data: https://*.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s6.searchcdn.com https://*.surveymonkey.com https://js.arcgis.com https://*.addtoany.com https://kit.fontawesome.com/ https://*.googleapis.com https://www.googletagmanager.com http://riversideca.gov https://*.google.com https://vimeo.com https://*.facebook.com  http://*.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://m.addthisedge.com https://addsearch.com https://*.twitter.com https://www.youtube.com http://vjs.zencdn.net https://*.curator.io http://*.curator.io https://fresnel.vimeocdn.com http://*.google.com https://m.addthis.com http://m.addthis.com https://*.twitter.com https://cdnjs.cloudflare.com https://code.jquery.com https://f.vimeocdn.com http://*.riversideca.gov https://*.legistar.com https://cdn.syndication.twimg.com https://*.govdelivery.com https://*.granicusideas.com https://api-public.addthis.com https://*.granicus.com https://static.doubleclick.net https://vjs.zencdn.net https://player.vimeo.com https://*.riversideca.gov https://www.gstatic.com https://s7.addthis.com https://c4b-integration.com https://*.g.doubleclick.net  https://www.recaptcha.net https://js-agent.newrelic.com https://uploads.mycusthelp.com; connect-src 'self' https://www2.hdlcompanies.com http://*.arcgisonline.com https://*.arcgisonline.com https://c4b-integration.com https://*.arcgis.com https://www.google-analytics.com  https://graph.facebook.com https://*.govdelivery.com https://*.twitter.com https://query.yahooapis.com https://googleads.g.doubleclick.net https://api-public.addthis.com https://fresnel.vimeocdn.com https://*.granicus.com https://*.googleapis.com https://api.curator.io; img-src 'self' data: https://*.gstatic.com https://*.surveymonkey.com https://*.arcgisonline.com https://*.arcgis.com https://*.addsearch.com https://c4b-integration.com http://*.riversidepublicutilities.com https://*.facebook.com https://riversideca.legistar.com https://*.xx.fbcdn.net https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://*.cloudfront.net  https://stats.g.doubleclick.net https://*.granicus.com https://i.ytimg.com https://*.riversideca.gov https://ssl.google-analytics.com https://*.cdninstagram.com https://riversideca.gov https://external.xx.fbcdn.net https://i.vimeocdn.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://www.riversideca.gov https://scontent.xx.fbcdn.net http://s7.addthis.com; style-src 'self' 'unsafe-inline' *.arcgis.com https://www.google.com https://*.cloudfront.net https://*.bootstrapcdn.com https://*.googleapis.com https://*.riversideca.gov https://app.addsearch.com http://*.riversideca.gov https://www.youtube.com https://f.vimeocdn.com https://c4b-integration.com http://vjs.zencdn.net https://riversideca.legistar.com https://riversideca.granicus.com https://*.gstatic.com https://platform.twitter.com https://cdn.curator.io https://vjs.zencdn.net https://cdnjs.cloudflare.com http://ajax.googleapis.com; font-src 'self' https://*.bootstrapcdn.com  http://*.arcgis.com http://*.riversideca.gov https://*.riversideca.gov https://fonts.gstatic.com http://vjs.zencdn.net https://c4b-integration.com http://fonts.gstatic.com https://cdn.curator.io https://cdnjs.cloudflare.com; frame-src 'self' https://*.flipbook.thesaucecs.com https://*.powerbigov.us https://prezi.com https://*.office365.com https://*.tableau.com https://sketchfab.com https://www.eventbrite.com https://cad.chp.ca.gov/ https://*.s3.amazonaws.com https://www.youtube.com https://*.google.com/ https://*.riversideca.gov https://*.vimeo.com https://*.twitter.com https://s7.addthis.com https://*.govdelivery.com https://*.maps.arcgis.com https://*.clarity-aip.com https://riversideca.legistar.com https://www.google-analytics.com https://*.twitter.com https://www.recaptcha.net https://*.granicus.com https://riversideca.mycusthelp.com; frame-ancestors 'self' https://www.riversideca.gov https://riversideca.gov; object-src 'self' https://www.riversideca.gov https://riversideca.gov 1
default-src 'self' *.ctfassets.net blob:; connect-src *; font-src 'self' 'unsafe-inline' gstatic.com *.gstatic.com data: cloudfront.net *.cloudfront.net; form-action 'self' *; frame-ancestors 'self'; frame-src *; img-src 'self' 'unsafe-inline' * data: capterra.com *.capterra.com; manifest-src 'self'; media-src *; object-src 'none'; script-src-elem 'self' *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com *.instagram.com instagram.com cloudfront.net *.cloudfront.net ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com bing.com *.bing.com cookielaw.org *.cookielaw.org licdn.com *.licdn.com ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net outfunnel.com *.outfunnel.com *.doubleclick.net *.optimizely.com *.clarity.ms *.netlify.app netlify-cdp-loader.netlify.app *.mountain.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com *.googleadservices.com https://www.google-analytics.com/analytics.js bing.com *.bing.com licdn.com *.licdn.com cookielaw.org *.cookielaw.org ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net googleads.g.doubleclick.net *.optimizely.com outfunnel.com *.outfunnel.com *.clarity.ms; style-src 'unsafe-inline' googleapis.com *.googleapis.com *.ctfassets.net *.netlify.app netlify-cdp-loader.netlify.app featuregates.org *.featuregates.org statsigapi.net *.statsigapi.net; worker-src 'self' 1
default-src 'self' 'unsafe-inline' ;form-action 'self' data: *.irdnz.localhost *.irdnz.net *.microsoftonline.com *.irdnz *.ird.govt.nz *.qualtrics.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.newrelic.com *.irdnz *.ird.govt.nz *.irdnz.localhost *.irdnz.net *.nr-data.net *.coveo.com *.zscalertwo.net *.windows.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.hotjar.com *.qualtrics.com *.googleapis.com *.cloudflare.com *.youtube.com *.vimeo.com *.clarity.ms ;img-src 'self' data: *.googletagmanager.com *.google-analytics.com staticcdn.co.nz *.staticcdn.co.nz *.sharepoint.com australiaeast1-mediap.svc.ms *.newrelic.com *.nr-data.net *.coveo.com *.zscalertwo.net *.windows.net *.ird.govt.nz *.gstatic.com *.google.com *.google.com.au *.google.co.nz *.doubleclick.net *.cloudfront.net *.qualtrics.com *.office.net *.ytimg.com *.clarity.ms ;connect-src 'self' data: *.qualtrics.com *.google-analytics.com *.nr-data.net *.zscalertwo.net *.coveo.com *.doubleclick.net *.signify.nz *.ird.govt.nz *.clarity.ms; upgrade-insecure-requests; block-all-mixed-content ;frame-src 'self' data: *.ird.govt.nz *.irdnz *.irdnz.net *.irdnz.localhost staticcdn.co.nz *.staticcdn.co.nz *.google.com *.youtube.com *.cloudfront.net *.googletagmanager.com *.hotjar.com *.slideshare.net *.qualtrics.com *.zscalertwo.net *.coveo.com *.openstreetmap.org *.vimeo.com *.sharepoint.com ;font-src 'self' data: *.typekit.net *.gstatic.com *.ird.govt.nz *.coveo.com ;style-src 'self' 'unsafe-inline' data: *.typekit.net *.coveo.com *.zscalertwo.net *.googleapis.com *.ird.govt.nz *.googletagmanager.com ;style-src-elem 'self' 'unsafe-inline' data: *.typekit.net *.zscalertwo.net *.coveo.com *.googleapis.com *.ird.govt.nz *.googletagmanager.com ;style-src-attr 'self' 'unsafe-inline' ;frame-ancestors 'none' ;media-src 'self' data: *.sharepoint.com *.microsoftonline.com *.youtube.com ;object-src 'none' ;manifest-src 'self' ; 1
default-src 'self'; media-src 'self' *.widen.net; img-src 'self' *.transinfo.com.au *.widen.net *.widencdn.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.tableau.com data: translink.com.au; connect-src 'self' *.azure.com *.www.google.com *.apis.google.com maps.googleapis.com *.transinfo.com.au *.translink.com.au *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mapbox.com *.nr-data.net; frame-src 'self' *.transinfo.com.au *.translink.com.au translink.com.au *.hotjar.com youtube.com *.youtube.com *.tableau.com *.office.com *.microsoftonline.com *.tmr.qld.gov.au tableau-external.qdot.qld.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.translink.com.au *.transinfo.com.au *.azure.com *.hotjar.com *.tableau.com *.mapbox.com *.gstatic.com *.tmr.qld.gov.au *.newrelic.com *.nr-data.net tableau-external.qdot.qld.gov.au; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com *.translink.com.au *.transinfo.com.au *.hotjar.com hotjar.com *.cloudflare.com *.mapbox.com *.gstatic.com; font-src 'self' *.transinfo.com.au fonts.gstatic.com maxcdn.bootstrapcdn.com *.hotjar.com *.cloudflare.com; frame-ancestors 'self' *.npngts.cubicnextcloud.com.au *.translink.com.au facebook.com; object-src none; child-src blob:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: www.dallascounty.org *.twimg.com *.twitter.com seal.geotrust.com fonts.gstatic.com www.gstatic.com www.google-analytics.com pagead2.googlesyndication.com www.googletagmanager.com content.govdelivery.com www.cdc.gov 1
default-src 'self' https://go.mercurycards.com; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https://cp.apply.creditkarma.com/ https://*.facebook.com https://embedded.creditkarma.com/ http://development.amazon.com/ http://pre-prod.amazon.com/ https://www.amazon.com/ https://*.amazon.com/; frame-src 'self' https://connect2.finicity.com https://hcaptcha.com https://*.hcaptcha.com https://s.amazon-adsystem.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/ https://1.b406929acabac9b095f124c81bdfcf57f.com/ https://1.c81358859121583b7adf2ace89cb39f44.com/ https://bcdn-god.we-stats.com https://mercuryfinancialciam.okta.com https://www.google.com https://www.inspectlet.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.trustev.com; object-src 'none'; font-src 'self' * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cmp.osano.com https://go.mercurycards.com https://banner.urlgeni.us https://hcaptcha.com https://*.hcaptcha.com https://c.amazon-adsystem.com https://bcdn-god.we-stats.com https://*.qualtrics.com https://*.fullstory.com https://www.googleadservices.com https://partner.googleadservices.com https://tagmanager.google.com https://mpsnare.iesnare.com https://googlesyndication.com https://www.mercurycards.com https://workforcenow.adp.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://aa.agkn.com/adscores http://www.macromedia.com https://aa.agkn.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://cdnjs.cloudflare.com/ https://d10lpsik1i8c69.cloudfront.net https://connect.facebook.net https://cdn.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://tpc.googlesyndication.com https://static.ads-twitter.com https://snap.licdn.com blob:; connect-src 'self' https://tattle.api.osano.com https://hcaptcha.com https://*.hcaptcha.com wss://mpsnare.iesnare.com https://wup.mercurycards.com https://logs.mercurycards.com https://mercuryfinancialciam.okta.com https://siteintercept.qualtrics.com https://edge.fullstory.com https://rs.fullstory.com https://*.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://pagead2.googlesyndication.com https://settings.luckyorange.net https://hn.inspectlet.com wss://ws.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://cdn.trustev.com; media-src 'self' data: wss://mpsnare.iesnare.com https://mpsnare.iesnare.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' www.fly4free.pl 1
default-src 'self' 'unsafe-inline' *.tuxis.nl tuxis.my3cx.nl object-src data: 'unsafe-eval' frame-ancestors: 'self' connect-src * ws: wss:; 1
default-src 'self';script-src 'nonce-593b25f7-8236-4509-b1cb-44ca2e5d5209' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-593b25f7-8236-4509-b1cb-44ca2e5d5209' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
upgrade-insecure-requests; default-src 'self' https: *.cwp-stg.sg *.cwp.sg *.addthis.com *.addthisedge.com *.wogaa.sg *.demdex.net *.everesttech.net *.adobetag.com *.vica.gov.sg  *.onemap.gov.sg *.moatads.com wogadobeanalytics.sc.omtrdc.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api.data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com; connect-src 'self' *.addthis.com *.addthisedge.com *.wogaa.sg dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.vica.gov.sg wss://*.vica.gov.sg www.google-analytics.com *.googleapis.com *.gstatic.com api.data.gov.sg smartnation.data.gov.sg data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com developers.onemap.sg *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cwp-stg.sg *.cwp.sg *.addthis.com *.addthisedge.com *.wogaa.sg *.adobedtm.com *.vica.gov.sg cdnjs.cloudflare.com *.moatads.com connect.facebook.net www.google-analytics.com www.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.twitter.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.cwp-stg.sg *.cwp.sg *.vica.gov.sg cdnjs.cloudflare.com *.wogaa.sg *.googleapis.com *.gstatic.com; img-src 'self' blob: data: *.cwp-stg.sg *.cwp.sg www.nea.gov.sg *.everesttech.net *.demdex.net *.vica.gov.sg stats.g.doubleclick.net *.onemap.gov.sg *.onemap.sg  wogadobeanalytics.sc.omtrdc.net www.facebook.com connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.googleusercontent.com; font-src 'self' data: *.cwp-stg.sg *.cwp.sg *.amazonaws.com *.vica.gov.sg *.wogaa.sg *.googleapis.com *.gstatic.com; object-src 'self'; 1
default-src 'self' *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://az416426.vo.msecnd.net https://snap.licdn.com *.sub2tech.com *.youtube.com *.ytimg.com https://dl.episerver.net *.facebook.net https://googleads.g.doubleclick.net *.whisbi.com *.nr-data.net https://js-agent.newrelic.com/ https://code.jquery.com https://code.createjs.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.onetrust.com *.hotjar.com *.trustpilot.com *.browsealoud.com *.adnxs.com *.ads-twitter.com https://analytics.twitter.com/ https://platform.twitter.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://ads.nextdoor.com/public/pixel/ndp.js https://client.prod.mplat-ppcprotect.com https://ade.googlesyndication.com https://ad.doubleclick.net *.analytics.google.com; worker-src *.onetrust.com *.hotjar.com *.facebook.net *.whisbi.com *.googletagmanager.com *.browsealoud.com *.adnxs.com *.episerver.net *.googleadservices.com *.google.com *.googleapis.com 'self' data: gap: ws:; connect-src *.nr-data.net js-agent.newrelic.com *.ads-twitter.com analytics.twitter.com t.co js.monitor.azure.com https://dc.services.visualstudio.com/v2/track *.g.doubleclick.net https://googleads.g.doubleclick.net *.code.createjs.com *.browsealoud.com *.adnxs.com *.onetrust.com *.hotjar.io *.hotjar.com *.facebook.net *.facebook.com *.whisbi.com *.gstatic.com *.google-analytics.com *.youtube.com *.ytimg.com *.googletagmanager.com *.episerver.net *.googleapis.com https://click.prod.mplat-ppcprotect.com https://bat.bing.com 'self' data: gap: ws:; img-src 'self' data: gap: https://bat.bing.com https://analytics.twitter.com *.amazonaws.com *.facebook.net *.facebook.com *.whisbi.com *.adnxs.com *.twimg.com *.google.co.uk https://csi.gstatic.com *.googleadservices.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net https://ad.doubleclick.net/ *.onetrust.com *.hotjar.com https://t.co/ https://tracking.audio.thisisdax.com *.linkedin.com https://px.ads.linkedin.com/ https://flask.nextdoor.com/; style-src 'self' 'unsafe-inline' *.googleadservices.com *.google.com *.facebook.net *.whisbi.com *.googleapis.com hello.myfonts.net *.onetrust.com *.hotjar.com; font-src 'self' data: *.gstatic.com *.onetrust.com *.hotjar.com; form-action 'self' https://www.facebook.com; object-src 'self'; media-src 'self'; frame-src 'self' https://12801504.fls.doubleclick.net/ https://cdn.flipsnack.com/ https://servedby.flashtalking.com/ https://vars.hotjar.com/ https://static.hotjar.com *.hotjar.com *.facebook.net https://www.facebook.com *.whisbi.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube.com https://secure.flife.de https://irs.tools.investis.com https://otp.tools.investis.com https://metrobankonline.marketing.dynamics.com/ https://www.appdemostore.com https://metrobankdigital.invisionapp.com https://widget.trustpilot.com https://td.doubleclick.net/ 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; child-src https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://issuu.com https://*.speedrfp.com/; font-src 'self' https://fonts.gstatic.com; media-src 'self' https://*.vimeo.com https://*.youtube.com https://youtu.be.com https://gcs-vimeo.akamaized.net; frame-src 'self' https://my.matterport.com https://foxwoods.blindvalet.com https://*.sertifiguidedapi.com https://*.sertifi.com https://*.vimeo.com https://*.youtube.com  https://foxwoods.mediaroom.com https://*.tintup.com https://*.doubleclick.net https://*.google.com https://*.facebook.com https://*.speedrfp.com https://*.videopoker.com https://*.spotify.com; connect-src 'self' https://*.google.com https://*.yimg.com https://*.google-analytics.com 1
connect-src 'self' *.frbservices.org https://analytics.google.com *.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com *.analytics.google.com https://stats.g.doubleclick.net *.fedsearch.org:*; img-src 'self' *.frbservices.org *.eloqua.com *.frbservices.org https://px.ads.linkedin.com https://www.google.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net *.google-analytics.com https://ssl.google-analytics.com *.analytics.google.com https://optimize.google.com https://www.googletagmanager.com; script-src 'self' *.frbservices.org 'unsafe-inline' *.google-analytics.com https://snap.licdn.com https://www.google.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googleanalytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://optimize.google.com *.frbservices.org; style-src 'self' *.frbservices.org https://fonts.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com https://ssl.google-analytics.com *.google-analytics.com; object-src 'self' *.frbservices.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' *.youtube.com information.frbcommunications.org https://tpc.googlesyndication.com https://optimize.google.com; 1
frame-ancestors 'self' *.knoema.com *.knoema.org 1
frame-ancestors *.sentinelone.com *.sentinelone.net *.scalyr.com *.dataset.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com audioeye.com *.audioeye.com *.bing.com *.btttag.com *.cloudfront.net cloudfront.net *.coach.com coach.com criteo.com criteo.net *.criteo.net *.criteo.com *.facebook.com *.facebook.net *.forter.com *.google.com *.gstatic.com *.google.co.uk www.google.at www.google.dk www.google.ie www.google.ca www.google.co.in www.google.ae *.google.es *.google.no www.google.gr www.google.se www.googleadservices.com googleapis.com *.googleapis.com *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com www.yext-pixel.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com *.qualtrics.com *.quantummetric.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.my.salesforce-sites.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co cdnwidget.com *.cdnwidget.com pippio.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net *.cquotient.com cquotient.com doubleclick.net *.doubleclick.net *.google.de *.google.nl jsdelivr.net *.jsdelivr.net *.katespade.com *.katespade.co.uk katespade.com linksynergy.com *.linksynergy.com cdnbasket.net *.cdnbasket.net cookielaw.org cdn.cookielaw.org *.onetrust.com onetrust.com pinimg.com s.pinimg.com www.pinterest.com ct.pinterest.com *.rakuten.com force.com smct.co *.smct.co *.tiktok.com tiktok.com smct.io *.smct.io techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai static.goqubit.com *.qubit.com *.qubitproducts.com *.drivecommerce.com *.amplience.net *.tangiblee.com services.postcodeanywhere.co.uk api.pinpiaa.com api.soreto.com api.addressy.com *.adyen.com *.cnstrc.com cnstrc.com *.bigcontent.io tapes11111.pcapredict.com realtimeanalytics.yext.com prod-cdn.us.yextapis.com main-de-coach-com-pagescdn-com.preview.pagescdn.com www.linkedin.com *.creativecdn.com creativecdn.com *.mktgcdn.com *.medallia.com *.kampyle.com consent.nxtck.com *.stylitics.com code.jquery.com *.attn.tv *.scene7.com static.lisa-cdn.net katespade-uk.loveslisa.tech events.attentivemobile.com *.upsellit.com *.gocertify.me data: blob:; 1
frame-ancestors 'self' https://cgmpi.creditguard.co.il https://pps.creditguard.co.il https://prod.memcyco.com  https://services.israelpost.co.il 1
frame-ancestors https://*.mijn.expert 1
default-src * data:; frame-ancestors 'self' https://coco.coyocloud.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
frame-ancestors 'self' *.tabby.ai; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com amp.cloudflare.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ladadate.fr https://ladadate.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://amp.cloudflare.com; base-uri 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://techhub.social; img-src 'self' https: data: blob: https://techhub.social; style-src 'self' https://techhub.social 'nonce-JbXdh4Ht7HFrzOjuToxeQg=='; media-src 'self' https: data: https://techhub.social; frame-src 'self' https:; manifest-src 'self' https://techhub.social; form-action 'self'; child-src 'self' blob: https://techhub.social; worker-src 'self' blob: https://techhub.social; connect-src 'self' data: blob: https://techhub.social https://files.techhub.social wss://techhub.social; script-src 'self' https://techhub.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://manage.machinedesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' *.yellowpages.co.th *.tmcdx.com 1
default-src 'self' https://www.search.gov.sg https://*.wogaa.sg *.google.com *.gstatic.com *.youtube.com *.facebook.com va.ecitizen.gov.sg https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ test-gpc-1.sg.va.sabio.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vica.gov.sg *.google.com *.gstatic.com va.ecitizen.gov.sg blob: https://api.search.gov.sg https://www.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud https://assets.adobedtm.com/ test-gpc-1.sg.va.sabio.cloud www.google-analytics.com d2oh4tlt9mrke9.cloudfront.net; img-src 'self'  data: https://assets.search.gov.sg *.vica.gov.sg va.ecitizen.gov.sg  attachment.outlook.office.net *.googleusercontent.com *.yusercontent.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ test-gpc-1.sg.va.sabio.cloud; connect-src 'self' https://api.search.gov.sg https://*.wogaa.sg *.vica.gov.sg wss://chat.vica.gov.sg va.ecitizen.gov.sg https://*.dcube.cloud https://dpm.demdex.net/ test-gpc-1.sg.va.sabio.cloud www.google-analytics.com ws.sessioncam.com; style-src 'self' 'unsafe-inline' https://www.search.gov.sg https://assets.wogaa.sg *.vica.gov.sg fonts.googleapis.com va.ecitizen.gov.sg https://assets.dcube.cloud/fonts/ test-gpc-1.sg.va.sabio.cloud; font-src 'self' https://www.search.gov.sg https://assets.wogaa.sg/fonts/ fonts.googleapis.com fonts.gstatic.com *.amazonaws.com va.ecitizen.gov.sg data: https://assets.dcube.cloud/fonts/ test-gpc-1.sg.va.sabio.cloud; media-src 'self' va.ecitizen.gov.sg test-gpc-1.sg.va.sabio.cloud; frame-src 'self' https://www.search.gov.sg https://www.google.com https://www.youtube.com;  prefetch-src 'self' https://www.search.gov.sg; 1
frame-ancestors 'self' app.buildfire.com; 1
base-uri 'none'; default-src blob: *.crazyegg.com; connect-src https: wss: *.crazyegg.com; font-src 'self' https: data:; frame-src https: *.crazyegg.com; img-src 'self' https: data: *.crazyegg.com; media-src 'self' https: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' blob: https: 'unsafe-inline' 'wasm-unsafe-eval' *.crazyegg.com 'nonce-ZLMFH1gWofl7w25lBt1Mig=='; style-src 'strict-dynamic' 'self' https: 'unsafe-inline' *.crazyegg.com 'nonce-ZLMFH1gWofl7w25lBt1Mig=='; report-uri https://o439626.ingest.sentry.io/api/5915655/security/?sentry_key=02a78186742146fb825ac6a25f6dd765 1
default-src 'nonce-6b6c15fcbf9cc2b444fb94267233b691b107a011611144c96c07f259ff0f48ea' 'unsafe-inline' 'self' https://*.newbook.cloud; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.leandata.com https://js.stripe.com https://newbookpms.atlassian.net https://cdn-cookieyes.com https://go.newbook.cloud/ https://*.typekit.net https://*.google.com https://*.gstatic.com https://*.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.licdn.com https://*.newbook.cloud https://*.heapanalytics.com https://*.pardot.com; style-src 'unsafe-inline' 'self' https://*.newbook.cloud https://*.googleapis.com https://*.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.leandata.com https://*.linkedin.com https://*.leandata.com https://heapanalytics.com https://*.cookieyes.com https://*.doubleclick.net https://cdn.linkedin.oribi.io https://*.google.com https://*.google-analytics.com https://cdn-cookieyes.com https://directory.cookieyes.com https://log.cookieyes.com https://*.newbook.cloud; font-src 'self' data: https://*.leandata.com https://*.newbook.cloud https://use.typekit.net https://*.gstatic.com https://*.bootstrapcdn.com; frame-src 'self' https://*.leandata.com https://js.stripe.com https://www.youtube.com https://newbookpms.atlassian.net https://*.google.com https://*.facebook.com; img-src 'self' data: https://*.leandata.com https://giphy.com https://*.google-analytics.com https://*.capterra.com https://*.googletagmanager.com https://*.google.com https://*.google.com.au https://*.linkedin.com https://cdn-cookieyes.com https://i.ytimg.com https://p.typekit.net https://*.facebook.com https://*.newbook.cloud https://*.gravatar.com https://heapanalytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-VStmSWJCSjE2Z05oWk1oTjRUbnRnekkzeW1YT0lqWHRNRHBCTWtYcktVZz06UGRlTENYa3N1bkVTTkxwNHNnQ3NzWE5UaUFTNEUyeXFaRndWVkMydkd4MD0=' 'self' skynetcloud.site blob: 'unsafe-eval';script-src-elem 'strict-dynamic' 'nonce-VStmSWJCSjE2Z05oWk1oTjRUbnRnekkzeW1YT0lqWHRNRHBCTWtYcktVZz06UGRlTENYa3N1bkVTTkxwNHNnQ3NzWE5UaUFTNEUyeXFaRndWVkMydkd4MD0=' 'self' skynetcloud.site blob: 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';child-src 'self' skynetcloud.site;frame-ancestors 'self';worker-src 'self';form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://*.isd.gov.hk data:; 1
default-src 'none'; script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com www.googletagmanager.com https://tagmanager.google.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://dtzpfzv31buvf.cloudfront.net info.armor.com https://static.ads-twitter.com connect.facebook.net www.gstatic.com bat.bing.com cdn.bizible.com https://*.clarity.ms https://analytics.twitter.com https://*.hs-scripts.com https://tag.demandbase.com https://lptag.liveperson.net https://va.v.liveperson.net https://va.idp.liveperson.net https://va.msg.liveperson.net https://*.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.hotjar.com https://pi.pardot.com go.armor.com https://snap.licdn.com https://*.linkedin.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com www.googletagmanager.com https://tagmanager.google.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://dtzpfzv31buvf.cloudfront.net info.armor.com https://static.ads-twitter.com connect.facebook.net www.gstatic.com bat.bing.com cdn.bizible.com https://*.clarity.ms https://analytics.twitter.com https://*.hs-scripts.com https://tag.demandbase.com https://lptag.liveperson.net https://va.v.liveperson.net https://va.idp.liveperson.net https://va.msg.liveperson.net https://*.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.hotjar.com https://pi.pardot.com go.armor.com https://snap.licdn.com https://*.linkedin.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ssl.gstatic.com https://dyjgaef5vuq51.cloudfront.net http://info.armor.com info.armor.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ssl.gstatic.com https://dyjgaef5vuq51.cloudfront.net http://info.armor.com info.armor.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.facebook.com http://info.armor.com info.armor.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net lpcdn.lpsnmedia.net https://va.idp.liveperson.net http://va.idp.liveperson.net https://va-e.c.liveperson.net/; img-src 'self' data: https://www.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://cdn.bizible.com t.co https://bat.bing.com https://www.facebook.com https://*.clarity.ms https://analytics.twitter.com https://*.bing.com https://connect.facebook.net https://*.ads.linkedin.com https://lpcdn.lpsnmedia.net https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com https://segments.company-target.com https://forms.hsforms.com https://privacy-policy.truste.com https://cdn.bizibly.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; media-src 'self' https://lpcdn.lpsnmedia.net https://armor.video https://res.armor.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://snap.licdn.com https://*.linkedin.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://freegeoip.app https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://snap.licdn.com https://*.linkedin.com https://bat.bing.com https://va.msg.liveperson.net wss://va.msg.liveperson.net https://api.company-target.com https://forms.hubspot.com https://cdn.linkedin.oribi.io; base-uri 'self'; form-action 'self' https://webto.salesforce.com https://www.facebook.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.dak.coremedia.cloud; 1
frame-ancestors *.airmiles.ca *.cxtrvl.com *.adobe.com *.adobemc.com 1
script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com topaz.aichat.site s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net sutd.aichat.site eitri.api.useinsider.com sutdsg.api.useinsider.com www.youtube.com www.googleadservices.com snap.licdn.com cdn.taboola.com googleads.g.doubleclick.net trc.taboola.com amplify.outbrain.com secure.quantserve.com tr.outbrain.com rules.quantcount.com app-script.monsido.com analytics-au.clickdimensions.com assets.api.useinsider.com wt.adctrl.com cdn-au.clickdimensions.com cdn.unibuddy.co cse.google.com www.google.com sutdsg.inone.useinsider.com analytics.tiktok.com; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src *; media-src 'self' i.gyazo.com; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.conexaomelissa.com.br https://*.grendene.com.br 1
connect-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src localhost:3009 hojeemdia.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.g.doubleclick.net *.doubleclick.net *.criteo.com *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' unsafe-inline unsafe-hashes 'nonce-e79d54eb-3391-413f-92b0-b37c492d0688' https://stats.tazeros.com https://tzr.ai 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='; base-uri 'self'; child-src blob:; worker-src blob: 1
frame-ancestors 'self' https://www.norfolk.gov.uk 1
frame-ancestors 'self' https://*.designcrowd.com; 1
default-src * gap:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 1
default-src http://www.nlc.cn https://www.adobe.com https://www.mangren.com https://www.yunmd.net http://voice.yunmd.net https://tts.yunmd.net 'self' 'unsafe-inline' 'unsafe-eval' blob: data:;img-src *; 1
default-src 'self' *.neuralink.com *.cloudfront.net ; style-src 'self' 'unsafe-inline' *.cloudfront.net ; connect-src 'self' *.neuralink.com boards-api.greenhouse.io dataplane.rum.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com sts.us-west-2.amazonaws.com ; script-src 'self' 'unsafe-inline' *.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ boards.greenhouse.io ; frame-src 'self' *.neuralink.com *.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ boards.greenhouse.io ; img-src 'self' data: *.neuralink.com *.cloudfront.net *.buttercms.com ; frame-ancestors 'none'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://netflixtechblog.com https://*.netflixtechblog.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://www.paypalobjects.com https://x.klarnacdn.net/ https://script.hotjar.com *.cdn-apple.com/ *.klarna.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdn.parcellab.com https://ajax.googleapis.com https://translate.googleapis.com https://www.paypalobjects.com https://x.klarnacdn.net/ https://optimize.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.google.co.uk https://www.google-analytics.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://bat.bing.com https://connect.facebook.net/ https://cdn.ometria.com https://www.paypalobjects.com https://static-eu.payments-amazon.com https://www.paypal.com https://services.postcodeanywhere.co.uk https://*.clarity.ms https://static.zdassets.com https://www.gstatic.com https://script.hotjar.com https://static.hotjar.com https://apis.google.com https://cdn.parcellab.com https://api.smooch.io https://www.dwin1.com https://static.addtoany.com https://the.sciencebehindecommerce.com https://www.zenaps.com https://assets.pinterest.com https://ajax.googleapis.com https://x.klarnacdn.net/ https://eu-library.klarnaservices.com/ https://eu-library.playground.klarnaservices.com/ https://js.klarna.com/ https://www.googleoptimize.com https://optimize.google.com https://polyfill.io *.afterpay.com/ *.cdn-apple.com/ *.google.com/ *.worldline-solutions.com/; connect-src 'self' https://www.google-analytics.com https://www.google.com https://adservice.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com/ https://cdn.ometria.com https://recommendations.ometria.com https://www.paypal.com https://payments.amazon.co.uk https://bat.bing.com https://*.clarity.ms  https://api.afd.co.uk https://ekr.zdassets.com https://shoezone.zendesk.com https://rollbar-eu.zendesk.com https://ekr.zendesk.com https://zendesk-eu.my.sentry.io https://payments-uk-sandbox.amazon.com https://payments-uk.amazon.com https://vc.hotjar.io https://api.smooch.io https://api.parcellab.com wss://api.smooch.io https://region1.google-analytics.com/ https://the.sciencebehindecommerce.com https://stats.addtoany.com wss://*.hotjar.com https://translate.googleapis.com https://*.hotjar.com http://ad.doubleclick.net https://www.googletagmanager.com/ https://www.sandbox.paypal.com/ https://x.klarnacdn.net/ https://api.ometria.com/ https://*.klarnaservices.com/ https://*.klarnaevt.com/ https://*.klarna.com/ *.clearpay.co.uk/ *.afterpay.com/ https://api.amplitude.com/ *.hotjar.io/ https://region1.analytics.google.com/ *.ingenico.com/ *.worldline-solutions.com/ *.google.com/ https://google.com/ *.google.co.uk/ *.googlesyndication.com  *.afd.co.uk/ *.samsung.com/ ; frame-src 'self' data: https://www.facebook.com https://www.sandbox.paypal.com https://www.paypal.com https://static-eu.payments-amazon.com https://payments.amazon.co.uk https://www.google.com https://vars.hotjar.com https://static.addtoany.com https://accounts.google.com https://www.zenaps.com https://assets.pinterest.com *.doubleclick.net/ https://www.zenaps.com https://www.paypalobjects.com/ https://*.klarna.com/ https://optimize.google.com *.clearpay.co.uk/ *.google.com/ *.worldline-solutions.com/ *.psp-solutions.com/ *.klarnaservices.com/ *.arcot.com *.monzo.com; object-src * 'self' data:; report-uri https://www.shoezone.com/Restricted/CSP_Violation.ashx;   report-to ShoeZoneCSP; 1
style-src 'self' 'unsafe-inline';font-src 'self' data: *.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: *.openstreetmap.org *.gravatar.com *.w.org; manifest-src 'self';default-src 'none';frame-src 'self';connect-src 'self';base-uri 'self';form-action 'self'; 1
frame-ancestors https://*.bidspirit.com https://bidspirit.com  http://artvesti.ru 1
default-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com; script-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com scripts.demandbase.com api.demandbase.com api.company-target.com segments.company-target.com snap.licdn.com *.bidr.io *.rlcdn.com *.flashtalking.com *.adsymptotic.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net adservice.google.com www.google.com ats.everesttech.net pixel.quantserve.com ad.doubleclick.net assets.adobedtm.com pay.google.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.facebook.com *.ads.linkedin.com *.bing.com *.oribi.io bam.nr-data.net bam-cell.nr-data.net *.fotolia.com 'strict-dynamic' 'nonce-m9lpB2jLw8askpQPpMKLvA=='; style-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'unsafe-inline' fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com scripts.demandbase.com api.demandbase.com api.company-target.com segments.company-target.com snap.licdn.com *.bidr.io *.rlcdn.com *.flashtalking.com *.adsymptotic.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net adservice.google.com www.google.com ats.everesttech.net pixel.quantserve.com ad.doubleclick.net *.betrad.com pay.google.com gstatic.com *.gstatic.com *.google.com *.googleusercontent.com *.facebook.com *.ads.linkedin.com *.bing.com *.oribi.io adbadobenonacdcqa.112.2o7.net adbadobenonacdcprod.112.2o7.net *.betrad.com data:; object-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com; media-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com; connect-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com scripts.demandbase.com api.demandbase.com api.company-target.com segments.company-target.com snap.licdn.com *.bidr.io *.rlcdn.com *.flashtalking.com *.adsymptotic.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net adservice.google.com www.google.com ats.everesttech.net pixel.quantserve.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com https://google.com/pay *.facebook.com *.ads.linkedin.com *.bing.com *.oribi.io bam.nr-data.net bam-cell.nr-data.net adbadobenonacdcqa.112.2o7.net adbadobenonacdcprod.112.2o7.net *.forter.com; font-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.gstatic.com; frame-src 'self' *.demdex.net *.adobe.com *.adobe.io *.adobelogin.com *.fotolia.net *.typekit.net *.echosign.com *.behance.net *.ftcdn.net *.newrelic.com *.s2stagehance.com *.astockcdn.net accounts.google.com/gsi/ accounts.google.com/gsi/client accounts.google.com/gsi/style *.cookielaw.org *.onetrust.com *.cookielaw.org centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com tokui-commerce-stg.adobe.com tokui-commerce.adobe.com commerce.adobe.com commerce-stg.adobe.com fpt.commerce.adobe.com 1
upgrade-insecure-requests; report-uri https://macrolibrarsiit.report-uri.io/r/default/csp/reportOnly 1
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.gstatic.com d31qbv1cthcecs.cloudfront.net d5nxst8fruw4z.cloudfront.net ajax.googleapis.com; connect-src 'self'; img-src 'self' d5nxst8fruw4z.cloudfront.net www.google-analytics.com certify.alexametrics.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; media-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' gateway.moneris.com 1
frame-ancestors https://www.useetv.com https://www.rctiplus.com https://technology.uzone.id https://entertainment.uzone.id https://automotive.uzone.id https://travel.uzone.id https://movie.uzone.id https://hangout.uzone.id http://internetpositif.uzone.id http://mercusuar.uzone.id https://sport.uzone.id https://health.uzone.id https://games.uzone.id https://startup.uzone.id https://telco.uzone.id https://gadget.uzone.id https://digilife.uzone.id https://www.alexa.com https://certify-js.alexametrics.com https://uzone.id 1
frame-ancestors 'self' https://mgmt-prod-gcp.keurig.ca; 1
default-src 'self' https: http: wss: data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com *.zendesk.com *.zendesk-eu.my.sentry.io *.static.zdassets.com https://consentcdn.cookiebot.com https://ct.pinterest.com httns://webservices.global-e.com; child-src blob:; worker-src wss: blob:; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com https://ct.pinterest.com https://webservices.global-e.com; frame-ancestors https: 'self' *.dotomi.com https://console.noibu.com; 1
default-src 'self' http: https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' bridgemi.com *.bridgemi.com 1
frame-ancestors *.vaimo.net *.istore.co.za *.istore.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; style-src 'unsafe-inline' * ; img-src * data: * ; media-src * ; connect-src * ; frame-src 'self' * ; font-src 'self' data: * ; 1
frame-ancestors self https://localhost:44383 https://www.cornwall.gov.uk https://test2.cornwall.gov.uk https://wa-npd-euw-ccwebsite-master.npd-publishing.cc.cornwallonline.net https://wa-prd-euw-ccwebsite-master.publishing.cc.cornwallonline.net https://train-contact-centre.crm4.dynamics.com https://test-contact-centre.crm4.dynamics.com https://contact-centre.crm4.dynamics.com https://portal-gb.one.network https://app-rnd-euw-ccwebsite.azurewebsites.net; 1
frame-src blob: https://runbox.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://video.runbox.com/; script-src https://runbox.com https://support.runbox.com/ https://video.runbox.com/ https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://assets.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; object-src https://runbox.com; img-src 'self' data: https://* http://*; media-src 'self'; child-src https://runbox.com blob:; font-src 'self'; connect-src 'self' wss://runbox.com https://sentry.runbox.com https://video.runbox.com/ https://js.stripe.com https://gravatar.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' 1
frame-ancestors 'self' www.emasesa.com www2-des.emasesa.com www2-test.emasesa.com ; 1
script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
frame-ancestors 'self' https://*.agc.org https://*.webex.com https://*.socio.events https://*.youtube.com 1
img-src 'self' *.adsymptotic.com *.atdmt.com *.cloudinary.com *.facebook.com *.google.ca/ads/ga-audiences *.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.gstatic.com *.googleadservices.com *.liadm.com *.linkedin.com *.sonder.com data: maps.googleapis.com maps.gstatic.com *.adyen.com *.adyenpayments.com https://bat.bing.com *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; connect-src 'self' *.cookielaw.org *.doubleclick.net *.greenhouse.io wss://*.hotjar.com *.hotjar.com *.hotjar.io *.liadm.com *.segment.com *.segment.io *.sndr.to *.sonder.com *.sonder.test https://*.browser-intake-datadoghq.com https://*.logs.datadoghq.com https://privacyportal.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.googleadservices.com https://google.com/pay https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/1571068/domain/sonder.com/token maps.googleapis.com *.adyen.com *.adyenpayments.com *.sentry.io *.paypal.com *.paypalobjects.com https://s.pinimg.com https://ct.pinterest.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; script-src 'self' 'unsafe-inline' assets.sonder.com *.google-analytics.com *.greenhouse.io *.liadm.com *.paypal.com *.paypalobjects.com https://cdn.cookielaw.org https://cdn.segment.com https://connect.facebook.net https://geolocation.onetrust.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com/gtm/js https://*.g.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://js.adsrvr.org https://maps.googleapis.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://static.cloudflareinsights.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google.com/recaptcha/enterprise.js https://*.google.com *.gstatic.com js.stripe.com *.adyen.com *.adyenpayments.com https://bat.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com https://ct.pinterest.com ; worker-src blob: 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://support.campact.de/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://weact-s3.campact.de https://weact.campact.de https://embedr.flickr.com https://widgets.flickr.com https://widget.rss.app/ https://campact.containers.piwik.pro/ nonce-709bb1b63e https://connect.facebook.net/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://player.podigee-cdn.net/podcast-player/; style-src 'self' 'unsafe-inline' https://weact-s3.campact.de https://weact.campact.de https://campact.containers.piwik.pro/; img-src 'self' data: https://i.ytimg.com/ https://weact-s3.campact.de https://weact.campact.de https://www.campact.de https://blog.campact.de https://live.staticflickr.com https://ipxy.io/img/ https://s.w.org/ https://campact.piwik.pro/ https://campact.containers.piwik.pro/ https://www.facebook.com/ https://www.google.com/ https://www.google.de/ https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com/collect *.gravatar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://aktion.campact.de https://weact.campact.de https://www.campact.de https://campact.containers.piwik.pro/ https://campact.piwik.pro/ https://pp-public-p-swe.piwik.pro/ https://embedr.flickr.com https://cdn.linkedin.oribi.io/partner/4956745/domain/weact.campact.de/token; font-src 'self' data: https://www.campact.de https://campact.containers.piwik.pro/; frame-src 'self' https://support.campact.de https://www.youtube.com/ https://www.facebook.com/ https://theoryofchange.podigee.io/ https://player.podigee-cdn.net/; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: https://www.campact.de; frame-ancestors 'self'; form-action 'self' https://me.campact.de https://aktion.campact.de https://www.facebook.com/; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr * 'unsafe-inline'; style-src * 'self' data: 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self' 1
frame-src 'self' vecer.com *.vecer.com * 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.sentry.io https://*.qualtrics.com players.brightcove.net edge.api.brightcove.com https://www.google-analytics.com https://fast.fonts.net https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.relayto.com players.brightcove.net *.youtube.com *.vimeo.com https://www.google.com/maps/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.facebook.com https://*.qualtrics.com player.vimeo.com *.brainshark.com https://*.standard.com; img-src 'self' data: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://*.qualtrics.com players.brightcove.net *.boltdns.net *.akamaihd.net www.pages05.net https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com; object-src 'none'; script-src 'self' 'report-sample' https://*.standard.com https://tagmanager.google.com https://*.googletagmanager.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.qualtrics.com players.brightcove.net vjs.zencdn.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://www.sc.pages05.net https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://www.google-analytics.com https://ssl.google-analytics.com *.vimeo.com cdn.jsdelivr.net https://cdnjs.cloudflare.com 'nonce-bLVJljZdxGjBthnXTCgWBw'; style-src 'self' 'report-sample' https://*.standard.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net players.brightcove.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'self' https://*.standard.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net players.brightcove.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; upgrade-insecure-requests 1
base-uri 'self' https://analytics.oss.net.bd/matomo.js https://connect.facebook.net/en_US/sdk.js https://feedback.oss.net.bd/src/0.1.3/social_widget_link.js  https://social-widget.oss.net.bd/   https://feedback.oss.net.bd  https://www.youtube.com; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report 1
frame-ancestors https://suite5.emarsys.net https://admin.scarabresearch.com https://webchannel.static.emarsys.net https://localhost:3001 1
default-src 'self' https:; connect-src 'self' http://*:*; img-src 'self' https: data: blob:; script-src 'self' https:; style-src 'self' https: 'unsafe-inline'; font-src https: data:; frame-ancestors 'none'; object-src blob:; frame-src 'self' https: blob:; 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; object-src 'self' https:; base-uri 'self'; connect-src 'self' https: wss:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data: blob: mediastream: filesystem:; media-src 'self' https: data: blob: mediastream: filesystem:; worker-src 'self' https: data: blob: mediastream: filesystem:; 1
script-src 'self' crossmark-cdn.crossref.org scholar.google.com d1bxh8uas1mnw7.cloudfront.net cdn.scite.ai cdn.jsdelivr.net connect.liblynx.com unpkg.com cdn.foxycart.com test-boneandjoint-org-uk.foxycart.com boneandjoint-org-uk.foxycart.com api.altmetric.com js.stripe.com cdnjs.cloudflare.com tpc.googlesyndication.com securepubads.g.doubleclick.net pagead2.googlesyndication.com www.googletagservices.com www.googletagmanager.com 'nonce-eVTXymtxtoFD9hKChjde3L2DD/I1nRaxigBTtGlFtAI='; object-src 'self'; block-all-mixed-content; img-src 'self' data: s3.eu-west-2.amazonaws.com crossmark-cdn.crossref.org cdn.scite.ai badges.altmetric.com connect.liblynx.com tpc.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.com; form-action 'self'; font-src 'self' fonts.gstatic.com cdn.scite.ai; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com d1bxh8uas1mnw7.cloudfront.net cdn.foxycart.com crossmark-cdn.crossref.org; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' *.e-goi.com *.egoiapp.com https://www.google.com https://www.google.fr http://gen.sendtric.com *.cookiebot.com *.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.clarity.ms *.fullstory.com *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es egoimarketing.com https://egoi.site/1_e-goi.com.js egoimarketing https://cdn-static.egoiapp2.com/whatsapp/js/whatsapp.js *.matomo.cloud *.egoiapp.com https://cdn-static.egoiapp2.com/webpush.js *.ytimg.com *.youtube.com *.mxpnl.com *.licdn.com *.linkedin.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.azureedge.net https://npmcdn.com *.gstatic.com *.google.com *.google.fr *.googleapis.com *.google-analytics.com *.googleadservices.com *.doubleclick.net http://gen.sendtric.com *.heapanalytics.com *.bing.com https://connect.facebook.net https://www.googletagmanager.com https://login.egoiapp.com https://cdn.e-goi.com https://fullstory.com *.cookiebot.com *.azureedge.net *.cloudfront.net fastbase.com *.egoiapp.com https://yoast.com; img-src 'self' *.clarity.ms data: *.cdninstagram.com *.e-goi.com *.egoiapp.com https://egoiapp2.com/img/default-pushicon.png https://egoiapp2.com/wp/whatsapp/img/icon-whatsapp.svg *.matomo.cloud https://www.gstatic.com/ https://ssl.gstatic.com https://px.ads.linkedin.com http://gen.sendtric.com *.google.fr *.google.com.br *.google.es *.google.com.co *.google.mx *.ytimg.com https://egoimarketing.com *.sendtric.com https://heapanalytics.com *.google.com *.google.pt *.google.fr *.bing.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.facebook.com *.fbcdn.net https://cdn.e-goi.com www.e-goi.com yoast.com *.linkedin.com *.cookiebot.com; style-src 'self' 'unsafe-inline'  *.googleapis.com *.google.com *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es *.egoiapp.com https://egoiapp2.com/wp/css/wpc.css https://egoiapp2.com/wp/whatsapp/css/w-float.css https://egoiapp2.com/wp/css/wpf.css *.bootstrapcdn.com *.matomo.cloud *.cloudflare.com *.cookiebot.com *.azureedge.net https://npmcdn.com https://yoast.com https://fonts.googleapis.com https://cdn.e-goi.com; font-src 'self' data: *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es *.bootstrapcdn.com *.matomo.cloud *.egoiapp.com *.gstatic.com https://themes.googleusercontent.com https://yoast.com; frame-src 'self' egoi.page *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es *.doubleclick.net *.google.com *.google.fr *.egoi.page https://www.youtube.com https://i.ytimg.com https://login.egoiapp.com https://eg.e-goi.com https://helpdesk.e-goi.com https://bitrix.e-goi.com https://cdn-eg.e-goi.com https://s-static.ak.facebook.com https://cdn.e-goi.com *.cookiebot.com *.azureedge.net; frame-ancestors 'self' *.egoiapp.com *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es; object-src *.egoiapp.com *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es *.cloudfront.net; connect-src 'self' *.e-goi.com *.e-goi.com.br *.e-goi.pt *.e-goi.es *.clarity.ms https://px.ads.linkedin.com *.googlesyndication.com https://egoiapp2.com https://www.instagram.com/egoi_life https://egoiapp2.com/ https://egoiapp2.com/wp/whatsapp/templates/whatsapp_float.tpl https://egoiapp2.com/wp/templates/solicitation_float.tpl https://e1198ac86ccd85bd1368580f59ea4719.egoiapp2.com/webpush/accept-token https://egoiapp2.com/wp/templates/solicitation_default.tpl *.doubleclick.net *.yoast.com https://api.mixpanel.com *.google.fr *.fullstory.com *.cookiebot.com *.azureedge.net *.google.com *.facebook.com *.matomo.cloud *.stats.g.doubleclick.net *.google-analytics.com *.cloudfront.net *.bugsnag.com fastbase.com *.egoiapp.com https://cdn.linkedin.oribi.io 1
default-src 'self'; style-src 'self' 'unsafe-inline'; report-uri /tools/csp; 1
child-src https://*.adobedtm.com/ https://*.in.webengage.co https://www.googletagmanager.com/ https://www.googleleadservices.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://connect.facebook.net/ https://*.hotjar.com/ https://*.juspay.in/ https://*.mantra.ai/ https://*.googleapis.com/ https://*.gstatic.com/ https://*.careinsurance.com/ https://*.facebook.com https://*.gupshup.com/ https://payu.in/ https://chatbot.mantra.ai/ https://religarehealthinsurance.demdex.net/ https://milo.careinsurance.com/ https://chat.careinsurance.com/ https://script.crazyegg.com/  https://tracking.crazyegg.com/ https://agentchat.careinsurance.com/ https://*.juspay.in/pay-v3.js/ https://www.facebook.com/tr/ https://www.youtube.com/ https://pixel.everesttech.net/ https://www.everestjs.net/ https://*.crazyegg.com/ https://sandbox.juspay.in/pay-v3.js/ https://carehealthinsurance-assist.freshchat.com https://*.freshchat.com blob:; object-src *.careinsurance.com; frame-ancestors *.careinsurance.com; img-src * data: https: 1
default-src *; img-src * data:; font-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cquotient.com https://*.trustpilot.com https://*.googletagmanager.com https://*.googleapis.com https://libs.hipay.com https://mpsnare.iesnare.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://connect.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://s.kk-resources.com https://static.affilae.com https://diffuser-cdn.app-us1.com https://cdn.cookielaw.org https://s.pinimg.com https://appstatic.quanta.io https://prism.app-us1.com https://bat.bing.com https://*.spockee.io https://*.citrusad.com https://*.citrusad.net https://trackcmp.net https://*.creativecdn.com https://www.googleadservices.com https://*.criteo.net https://*.criteo.com https://bat.bing.com https://*.google.com https://*.tiktok.com https://*.ttwstatic.com https://*.hotjar.com https://*.dotomi.com;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://libs.hipay.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://*.ttwstatic.com https://*.hotjar.com;frame-src 'self' 'unsafe-inline' https://*.trustpilot.com https://libs.hipay.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://creativecdn.com https://ct.pinterest.com https://*.facebook.com https://*.tiktok.com https://*.criteo.com;media-src 'self' 'unsafe-inline' file: data: blob: filesystem https://mpsnare.iesnare.com https://*.vimeo.com https://download-video.akamaized.net;connect-src 'self' 'unsafe-inline' https://*.trustpilot.com https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://stage-data.hipay.com https://stage-secure2-vault.hipay-tpp.com wss://mpsnare.iesnare.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://analytics.tiktok.com/api/v2/pixel https://stats.g.doubleclick.net https://ct.pinterest.com/ https://cdn.cookielaw.org https://cookies-data.onetrust.io https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://rum-metrics.quanta.io https://*.googlesyndication.com/ https://googleads.g.doubleclick.net https://data.hipay.com https://*.creativecdn.com https://*.facebook.com/ https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com;img-src 'self' https://edge.disstg.commercecloud.salesforce.com https://maps.gstatic.com https://maps.googleapis.com https://via.placeholder.com https://*.google.com https://*.google.fr https://*.facebook.com https://ct.pinterest.com https://*.google-analytics.com https://cdn.cookielaw.org https://rum-metrics.quanta.io https://bat.bing.com https://optanon.blob.core.windows.net https://privacyportal-de.onetrust.com https://lb.affilae.com https://*.facebook.net https://*.criteo.net https://*.criteo.com https://cm.g.doubleclick.net/ https://criteo-partners.tremorhub.com https://sync-criteo.ads.yieldmo.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.dotomi.com https://*.analytics.yahoo.com https://ads.stickyadstv.com https://ap.lijit.com https://beacon.krxd.net https://bh.contextweb.com https://cm.g.doubleclick.net https://contextual.media.net https://crb.kargo.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://eb2.3lift.com https://exchange-match.mediaplex.com https://ib.adnxs.com https://idsync.rlcdn.com https://*.pubmatic.com https://match.adsrvr.org https://match.sharethrough.com https://partners.tremorhub.com https://pixel.adsafeprotected.com https://pixel.advertising.com https://pixel.rubiconproject.com https://ps.eyeota.net https://sync.1rx.io https://sync.search.spotxchange.com https://sync.targeting.unrulymedia.com https://tags.bluekai.com https://us-u.openx.net data: 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.ab.gr; base-uri https://tau.collect.igodigital.com/ https://www.contactpigeon.com; upgrade-insecure-requests; frame-ancestors https://*.ab.gr https://*.svc.ab.gr https://d3hz4baxchepgp.cloudfront.net https://view.publitas.com; 1
default-src  'self'   data blob:; script-src 'self' 'unsafe-inline'   https://www.google-analytics.com *.clarity.ms *.googlesyndication.com  *.bing.com *.licdn.com *.clicktale.net *.facebook.net https://unpkg.com https://www.googletagmanager.com *.cookielaw.org blob: https://static.cloudflareinsights.com https://static.ads-twitter.com *.coveo.com *.doubleclick.net; style-src  'self' 'unsafe-inline' *.cookielaw.org https://use.typekit.net https://fonts.googleapis.com; img-src  'self' data: https://t.co https://analytics.twitter.com *.googlesyndication.com *.google.com *.google.ca  *.cookielaw.org *.linkedin.com *.facebook.com *.bing.com *.clicktale.net blob: https://www.google-analytics.com; font-src  'self' data: https://use.typekit.net https://fonts.gstatic.com; connect-src  'self' https://cms-prod-cd.cpacanada.ca *.onetrust.com *.cookielaw.org https://px.ads.linkedin.com/wa/ *.coveo.com *.doubleclick.net *.google.com *.facebook.com https://www.google-analytics.com *.clarity.ms *.clicktale.net; frame-src 'self' 'unsafe-inline' https://cms-prod-cd.cpacanada.ca *.googlesyndication.com https://www.youtube-nocookie.com *.youtube.com https://www.ytimg.com https://datawrapper.dwcdn.net *.doubleclick.net *.facebook.com;object-src 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' 'self' www.ateasesystems.net *.ateasesystems.net blob: s3.amazonaws.com cdn.kendostatic.com *.google.com *.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.pingdom.net wss://*.intercom.io *.intercom.io *.googleapis.com *.gstatic.com *.intercomcdn.com static.ateasesystems.net fg-mail-content.s3.amazonaws.com cdn.polyfill.io *.getbee.io *.jquery.com *.smartlook.cloud *.smartlook.com *.cloudflare.com *.vimeo.com *.facebook.net *.youtube.com *.youtube.net *.facebook.com kendo.cdn.telerik.com netdna.bootstrapcdn.com getbootstrap.com netdna.bootstrapcdn.com blueimp.github.io jqueryui.com *.joomag.com *.livechatinc.com *.livechat-static.com *.livechat-files.com *.zdassets.com *.zendesk.com *.my.sentry.io wss://*.zendesk.com *.pendo.io; img-src data: 'self' www.ateasesystems.net *.ateasesystems.net blob: *; frame-src *.promopulse.io *.facebook.com *.youtube.com *.youtu.be *.vimeo.com *.getbee.io *.hotjar.com *.facilisgroup.com *.facilisu.com facilisgroup.com intercom-sheets.com *.intercomcdn.com *.pendo.io; 1
default-src 'self' https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; connect-src https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob: 'self' https://app.instant.co wss://app.instant.co wsss://app.instant.co; img-src data: 'self' https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; frame-src 'self' https://*.dev.beinstant.net https://localhost:8443 http://*.beinstant.net https://*.beinstant.net https://*.hubspot.com https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; font-src data: 'self' https://*.google-analytics.com https://*.s3.amazonaws.com https://*.ms.dev.beinstant.net https://*.prd.beinstant.net https://*.instant.co https://*.mxpnl.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.maxcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://*.fontawesome.com https://*.zdassets.com https://*.mixpanel.com http://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://api.hubapi.com https://track.hubspot.com https://www.googletagmanager.com https://www.google.com https://www.google.ca https://forms.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://*.hubspot.com https://kengine.adm.beinstant.net:8443 https://prod.api.firstdata.com https://api-prod.payeezy.com blob:; 1
default-src *; img-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src *; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.quilljs.com https://*.jquery.com https://*.coveo.com https://*.gstatic.com https://*.jwpsrv.com https://*.jwplayer.com https://*.amazonaws.com https://*.cookiefirst.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveengage.com https://*.liveengage.net https://*.liveper.sn https://*.liveperson.net https://*.lpsnmedia.net https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.newscred.com https://analytics.google.com https://apis.google.com https://bat.bing.com https://c5.adalyser.com https://connect.facebook.net https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.googleadservices.com https://*.cookiefirst.com https://*.googleapis.com https://*.jwpcdn.com https://*.jwplayer.com https://*.motability.co.uk https://*.newscred.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: * https://static.hotjar.com https://script.hotjar.com; font-src data: 'self' https://fonts.gstatic.com https://*.jwpcdn.com https://*.jwplayer.com https://script.hotjar.com; media-src blob: 'self' https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.lpsnmedia.net https://*.speechstream.net https://jwpsrv-vh.akamaihd.net; child-src blob: 'self' https://*.cookiefirst.com https://*.doubleclick.net https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveperson.net https://*.lpsnmedia.net; frame-src blob: 'self' https://www.motability.co.uk https://*.cookiefirst.com https://*.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveperson.net https://*.lpsnmedia.net https://accounts.google.com https://www.facebook.com https://www.google.com; connect-src 'self' https://bat.bing.com https://*.googlesyndication.com https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.google.com https://api.experianaperture.io https://*.cookiefirst.com https://*.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.lpsnmedia.net https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri https://motability.report-uri.io/r/default/csp/enforce; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' https://img.telemart.ua https://esputnik.com http://hotline.ua https://hotline.ua https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:;img-src * 'self' data: https://img.telemart.ua http://img.telemart.ua https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com http://cdn.sendpulse.com https://connect.facebook.net https://graph.facebook.com http://cdn.lenmit.com https://googleads.g.doubleclick.net https://hotline.ua https://ppcalc.privatbank.ua https://statics.esputnik.com https://www.google-analytics.com http://ajax.googleapis.com http://uaadcodedsp.rontar.com https://www.facebook.com https://www.googleadservices.com https://apis.google.com http://t.trafmag.com http://z.lenmit.com https://track.omguk.com https://pixel.adfyier.com https://webtrafficsource.com https://sdk.lemgear.com https://22admedia.com https://cdnjs.cloudflare.com;frame-src 'self' https://www.youtube.com https://www.google.com https://td.doubleclick.net https://www.facebook.com;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://site-script.esputnik.com https://web-events.esputnik.com https://stats.g.doubleclick.net https://esputnik.com https://www.google.com https://www.google.com.ua https://google.com https://pagead2.googlesyndication.com https://streaming.bi.owox.com https://google-analytics.bi.owox.com https://region1.google-analytics.com https://region1.analytics.google.com https://webtrafficsource.com 1
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.facebook.com *.facebook.net *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.avantorsciences.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 1
upgrade-insecure-requests; frame-ancestors 'self' about:; frame-src https:; report-uri https://puntapi.com/csp-reporting/capture 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' static.underhentai.net fonts.googleapis.com *.disquscdn.com www.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.underhentai.net ajax.googleapis.com static.cloudflareinsights.com *.disqus.com *.cloudflare.com data:; img-src 'self' static.underhentai.net *.disqus.com *.disquscdn.com translate.google.com fonts.gstatic.com *.w.org secure.gravatar.com data:; media-src *.underhentai.net; font-src 'self' static.underhentai.net fonts.gstatic.com data:; connect-src 'self' *.g.doubleclick.net *.google.com; worker-src blob:; frame-src 'self' *.underhentai.net *.uhn.cx a.adtng.com disqus.com *.storangeunderh.com mega.nz doodstream.com dooood.com doods.pro *.cloudflare.com; frame-ancestors 'self' *.underhentai.net; 1
frame-ancestors 'self' https://plataforma.bancofalabella.cl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://canny.io https://*.chargebee.com https://*.adroll.com https://www.youtube.com https://www.gstatic.com https://*.googlesyndication.com https://cdn.firstpromoter.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://js.hsleadflows.net https://*.usemessages.com https://unpkg.com https://*.profitwell.com https://*.sentry-cdn.com https://*.sentry.io https://polyfill.io https://*.chargebee.com https://*.stripe.com https://cdn.heapanalytics.com https://*.fontawesome.com; report-uri /ajax/csp_report.php; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
frame-ancestors 'self' https://www.casamentos.com.br https://comunidade.casamentos.com.br https://landing.casamentos.com.br 1
object-src 'self' https://cdn.azkivam.com;font-src data: 'self' https://cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.goftino.com;img-src 'self' data: https: blob: https://www.google.com https://www.google-analytics.com https://cdn.azkivam.com https://trustseal.enamad.ir https://logo.samandehi.ir;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.recaptcha.net https://www.gstatic.com https://aut.azkivam.com https://www.googletagmanager.com https://www.goftino.com https://cdn.goftino.com https://ex.zebline.com https://sdk.zebline.io https://www.google-analytics.com/analytics.js https://cdn.yektanet.com https://recaptcha.net https://www.clarity.ms https://s1.mediaad.org https://www.googleoptimize.com https://bi.azkivam.com https://googleads.g.doubleclick.net https://cdn.ckeditor.com; 1
default-src self https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; worker-src blob:; 1
base-uri 'none';object-src 'none';upgrade-insecure-requests; 1
frame-ancestors ‘self’; 1
default-src 'self' https://cancer.org.au https://*.doubleclick.net https://*.google-analytics.com https://*.googleanalytics.com https://www.googleoptimize.com https://*.sharethis.com https://api.usabilla.com https://*.cancer.org.au https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.tiktok.com https://www.instagram.com https://embedsocial.com https://www.tiktok.com/embed.js https://www.instagram.com/embed.js https://platform.instagram.com/en_US/embeds.js https://*.curator.io https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js https://www.google.com/recaptcha/api.js https://trc.taboola.com https://cdn.taboola.com https://www.ascio.com https://cdn.jsdelivr.net https://*.klaviyo.com https://static.klaviyo.com https://paperform.co https://paperform.co/__embed.min.js https://*.paperform.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.pdst.fm/ping.min.js https://static.ads-twitter.com/uwt.js https://www.googleoptimize.com https://analytics.google.com https://static-login.sendpulse.com https://gp.webformscr.com https://optimize.google.com https://web.webformscr.com https://*.monsido.com https://cdnjs.cloudflare.com https://recaptcha.net https://duube1y6ojsji.cloudfront.net https://*.paperform.co http://secure.wufoo.com https://api.usabilla.com https://w.usabilla.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://*.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://cancer.org.au https://*.cancer.org.au https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cse.google.com https://www.google.com.au https://*.googletagmanager.com https://*.google-analytics.com https://code.jquery.com https://use.typekit.net https://*.sharethis.com https://*.facebook.net https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://embedsocial.com https://cdn.curator.io https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.css https://*.klaviyo.com https://static.klaviyo.com  https://*.cancer.org.au https://cancer.org.au https://web.webformscr.com https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://cdnjs.cloudflare.com https://*.googleapis.com https://*.google.com https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://www.google.co.in https://*.curator.io https://curator-assets.b-cdn.net https://www.linkedin.com https://p.adsymptotic.com https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.monsido.com https://*.cancer.org.au https://cancer.org.au  https://*.kc-usercontent.com https://*.youtube.com https://www.youtube.com https://*.youtube.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://*.bugherd.com https://*.usabilla.com https://www.google-analytics.com https://www.google.com.au https://*.doubleclick.net https://platform-cdn.sharethis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.facebook.com https://*.typekit.net https://script.hotjar.com; media-src 'self' data: https://curator-assets.b-cdn.net https://*.kc-usercontent.com; font-src 'self' data: https://*.cancer.org.au https://cancer.org.au https://*.typekit.net https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://script.hotjar.com https://static.klaviyo.com; frame-src 'self' https://embedsocial.com https://www.tiktok.com https://www.instagram.com https://tsdtocl.com https://paperform.co https://paperform.co/__embed.min.js https://*.paperform.com https://ads.google.com https://www.linkedin.com https://twitter.com https://app.magicapp.org https://optimize.google.com https://*.paperform.co https://cancer.org.au https://www.youtube.com https://www.facebook.com https://cse.google.com https://*.doubleclick.net https://www.sunsmart.com.au https://c.sharethis.mgr.consensu.org https://www.google.com https://www.google.com.au https://vars.hotjar.com https://d2wy8f7a9ursnm.cloudfront.net https://d6tizftlrpuof.cloudfront.net https://cancercounciltas.wufoo.com; connect-src 'self' https://*.linkedin.com https://api.curator.io https://*.klaviyo.com https://static.klaviyo.com  https://us-central1-adaptive-growth.cloudfunctions.net  https://analytics.google.com https://www.cancercouncilfundraising.com.au https://*.doubleclick.net https://*.google-analytics.com https://*.algolia.net https://*.algolianet.com https://api.usabilla.com https://sessions.bugsnag.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.bugherd.com https://bugherd-attachments.s3.amazonaws.com wss://ws.pusherapp.com https://sockjs.pusher.com https://cdn.linkedin.oribi.io https://heatmaps.monsido.com https://trc-events.taboola.com https://content.hotjar.io https://pips.taboola.com https://cds.taboola.com; object-src 'self'; frame-ancestors https://app.kontent.ai https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://adservice.google.com https://*.app.magicapp.org https://app.magicapp.org/widget/recommendation/init.js 1
frame-ancestors 'self' *.hellobankpro.fr *.hellobank.fr *.bnpparibas *.bnpparibas.net *.cardif-iard.fr *.biapi.pro *.mosaic.fr *.protection24.com *.facil-iti.com *.herokuapp.com  *.matmut.com login.mabanque-s4.dev.echonet:8443 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';  child-src https: data: blob:;  connect-src https: data: blob:;  font-src https: data:;  img-src https: blob: data:;  media-src blob: data: https:;  object-src https:;  script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';  style-src https: 'unsafe-inline';  block-all-mixed-content;  upgrade-insecure-requests; 1
frame-ancestors 'self' *.bfh.ch *.pocketcampus.org 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://iiii-tech.com https://www.iiii-tech.com http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
frame-ancestors 'self' *.epsb.ca ; 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.openstreetmap.org; img-src 'self' data: *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.openstreetmap.org; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; font-src 'self' fonts.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-/SLEuIcKHgzVo4vwnPqaKA=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self' data: *.molottery.com *.brightcove.net *.serving-sys.com *.google.com *.google-analytics.com *.googleapis.com    *.doubleclick.net *.pgtb.me *.cloudfront.net *.powerballpowercruise.com *.youtube.com *.facebook.net *.twitter.com animate.adobe.com    code.createjs.com ucarecdn.com *.lndg.page *.cloudflare.com *.gstatic.com *.akamaihd.net *.ucalc.pro www.googletagmanager.com    'unsafe-inline' 'unsafe-eval';  script-src 'self' blob: *.molottery.com *.google.com secure-ds.serving-sys.com *.google-analytics.com players.brightcove.net    vjs.zencdn.net *.cloudfront.net *.cloudflare.com *.ucalc.pro youengage.me *.paperturn-view.com www.googletagmanager.com    'unsafe-inline' 'unsafe-eval';  connect-src 'self' *.molottery.com secure-ds.serving-sys.com players.brightcove.net *.api.brightcove.com *.assets.brightcove.com    *.prod.boltdns.net *.akamaihd.net *.ucalc.pro www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: blob: *.molottery.com *.google.com players.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net    *.google-analytics.com *.ucalc.pro www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';  style-src 'self' *.molottery.com *.google.com *.google-analytics.com *.googleapis.com players.brightcove.net *.ucalc.pro   *.cloudfront.net   'unsafe-inline' 'unsafe-eval';  frame-src 'self' *.molottery.com *.youtube.com players.brightcove.net *.google.com *.lndg.page a.pgtb.me *.ucalc.pro youengage.me   *.paperturn-view.com m.cmpgn.page;  media-src 'self' data: blob: filesystem: *.molottery.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net    *.akafms.net *.akamaihd.net *.cf.brightcove.com *.ucalc.pro;  prefetch-src 'self' *.boltdns.net;  1
connect-src 'self' *.doubleclick.net *.ziflow.io *.amazonaws.com *.sentry.io sentry.io app.pendo.io data.pendo.io pendo-static-6246983700709376.storage.googleapis.com *.google-analytics.com api-iam.intercom.io ws: wss: *.churnzero.net; script-src 'self' *.ziflow.io *.polyfill.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-6246983700709376.storage.googleapis.com data.pendo.io app.pendo.io *.google-analytics.com ajax.googleapis.com www.google.com www.gstatic.com widget.intercom.io js.intercomcdn.com *.churnzero.net; worker-src blob:; object-src 'none' 1
default-src 'none'; script-src 'self' https://analytics.monetra.com; connect-src 'self' https://www.googleapis.com; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; 1
form-action 'self'; frame-ancestors 'self' *.grandlyon.com; img-src 'self' unpkg.com *.grandlyon.com *.meteo-lyon.net *.data.grandlyon.com *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com t.co data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' www.grandlyon.com 'self' *.data.grandlyon.com unpkg.com *.youtube.com play.google.com *.googleapis.com *.addthis.com *.moatads.com *.doubleclick.net *.ytimg.com *.onlymoov.com *.facebook.com *.twitter.com *.facebook.net use.typekit.net 1
base-uri 'self'; connect-src 'self' https://cdn-hcikb.nitrocdn.com https://to.getnitropack.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com/ https://www.google.com/ https://analytics.google.com https://nitroscripts.com/; default-src 'self'; font-src 'self' data: https://cdn-hcikb.nitrocdn.com https://fonts.gstatic.com fonts.gstatic.com; frame-src 'self' youtube.com www.youtube.com https://bestnotes.activehosted.com https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js https://www.gstatic.com/ https://www.google.com/ https://cdn-hcikb.nitrocdn.com https://nitroscripts.com/ data:; img-src 'self' https://capterra.s3.amazonaws.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences data: https://cdn-hcikb.nitrocdn.com https://d226aj4ao1t61q.cloudfront.net https://img.youtube.com google.com https://google.com https://stats.g.doubleclick.net https://fonts.gstatic.com https://i.ytimg.com https://www.google.com/ https://nitroscripts.com/; manifest-src 'self'; media-src 'self' youtube.com www.youtube.com; object-src 'none'; script-src 'report-sample' 'self' https://cdn-hcikb.nitrocdn.com/MxJDfnLtDliWCqCrWnmZeeKUgzvYLcJw/assets/desktop/optimized/rev-f503373/f/nitro-min-dcfd2a8d0b203a5e12484820143b135b.embed.php https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/4q6CtudrwcI-LSEYlfoEbDXg/recaptcha__en.js https://www.google.com/recaptcha/api.js 'unsafe-inline' 'unsafe-eval' https://bestnotes.activehosted.com https://cdn-hcikb.nitrocdn.com https://nitroscripts.com/ blob:; script-src-elem 'report-sample' 'self' https://cdn-hcikb.nitrocdn.com/MxJDfnLtDliWCqCrWnmZeeKUgzvYLcJw/assets/desktop/optimized/rev-f503373/f/nitro-min-dcfd2a8d0b203a5e12484820143b135b.embed.php https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/4q6CtudrwcI-LSEYlfoEbDXg/recaptcha__en.js https://www.google.com/recaptcha/api.js 'unsafe-inline' 'unsafe-eval' https://bestnotes.activehosted.com https://www.google.com/ https://cdn-hcikb.nitrocdn.com https://nitroscripts.com/; style-src 'report-sample' 'self' https://cdn-hcikb.nitrocdn.com https://fonts.googleapis.com https://www.gstatic.com/ https://unpkg.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' blob:; worker-src 'self' 'report-sample' https://cdn-hcikb.nitrocdn.com/MxJDfnLtDliWCqCrWnmZeeKUgzvYLcJw/assets/desktop/optimized/rev-f503373/f/nitro-min-dcfd2a8d0b203a5e12484820143b135b.embed.php https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/4q6CtudrwcI-LSEYlfoEbDXg/recaptcha__en.js https://www.google.com/recaptcha/api.js 'unsafe-inline' 'unsafe-eval' https://bestnotes.activehosted.com https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js https://www.google.com/ https://www.gstatic.com/ https://cdn-hcikb.nitrocdn.com https://nitroscripts.com/ blob:; child-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.cloudfront.net https://*.doubleclick.net https://*.fls.doubleclick.net https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.sitecorecontenthub.cloud https://*.terminus.services https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://edge.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.oneok.localhost https://*.oneok.com https://prod-nine-mu.vercel.app https://vimeo.com https://i.vimeocdn.com https://player.vimeo.com https://discover.sitecorecloud.io https://www.youtube.com; style-src 'self' 'unsafe-inline' data: blob: https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: blob: https://fonts.gstatic.com; block-all-mixed-content; media-src 'self' data: blob: https://edge.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; frame-ancestors 'none'; 1
font-src 'self' https: data:; 1
script-src 'nonce-7f04189e44094c80aabc0c2743861d39' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://static.zdassets.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.recaptcha.net; frame-ancestors 'self' 1
form-action 'self' https://*.marketingcloudfx.com https://app.nutshell.com https://wp.operationsfx.com https://wp.staging.operationsfx.com; frame-ancestors 'self' https://*.marketingcloudfx.com https://app.webfx.com https://*.app.dev.webfx.com https://app.nutshell.com https://wp.operationsfx.com https://wp.staging.operationsfx.com; upgrade-insecure-requests 1
frame-ancestors 'self' folleto.aldi.es www.con-aldi.es experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com cdn.cookielaw.org *.ceros.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com cdn.cookielaw.org *.ceros.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' www.hklaw.com hklaw.com blob: ; frame-src 'self' *.google.com *.youtube.com *.vimeo.com *.ceros.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' wse-prod.antel.com.uy; 1
frame-ancestors 'self' *.iimjobs.com *.google.com *.youtube.com; frame-src 'self' *.iimjobs.com *.google.com *.youtube.com; 1
object-src 'none';child-src 'self';frame-ancestors 'none' 1
frame-ancestors 'self' https://www.virginbet.com; 1
frame-src 'self' js.stripe.com; object-src 'none'; frame-ancestors 'none'; 1
default-src *;connect-src * *.contentsquare.net;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com;child-src * blob:;font-src 'self' https:;img-src * 'unsafe-inline' data: *.contentsquare.net;style-src 'self' https: 'unsafe-inline';worker-src https: blob:;upgrade-insecure-requests 1
default-src 'self' http://localhost:3000 https://sampath-web.devops.arimac.xyz https://new-testweb.sampath.lk https://sitweb.sampath.lk https://www.sampath.lk 'unsafe-inline'; img-src 'self' data: blob: https://sampath-web.devops.arimac.xyz/* https://*.googleapis.com https://*.gstatic.com https://www.facebook.com *.google.com *.googleusercontent.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com data: https://www.google-analytics.com https://www.googletagmanager.com https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; script-src 'sha256-YbwMVoFcJ3IbDnkjVeT651Dv2acQF2VgiifrIGphQ5Y=' 'self' 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://www.recaptcha.net/recaptcha/api.js https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; style-src 'unsafe-inline' 'self' https://www.gstatic.com/charts/51/* https://*.gstatic.com https://*.googleapis.com https://use.fontawesome.com/releases/v5.7.1/css/all.css; media-src 'self' https://storage.googleapis.com/arimac-storage/sampath/card_39mb%20(1).mp4; frame-src 'self' https://sea-sam-chatbot-webapp-bot-prod.azurewebsites.net/ https://www.recaptcha.net https://www.youtube.com https://www.facebook.com/ https://web.facebook.com/; script-src-elem 'self' 'unsafe-inline' https://*.googleapis.com *.google.com https://*.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/api.js https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/releases/v5.7.1/webfonts/ 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com;connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me *.ibytedtos.com wss://hive-auth.arcange.eu https://hiveposh.com/api/ https://openhive.chat https://herpc.dtools.dev;default-src 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com;font-src data: fonts.gstatic.com cdn.embedly.com;frame-ancestors 'none';frame-src 'self' https:;img-src * data:;object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com *.tiktokcdn.com *.ttwstatic.com;report-uri /api/v1/csp_violation 1
default-src blob: 'self' 'unsafe-inline' ws: wss: data: 'unsafe-eval' *.gymboree.com *.childrensplace.com *.rewardstyle.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com *.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com gymboree.fhsxpf.net sugarjade.sjv.io *.pegacloud.net *.epsilon.com *.wufoo.com match.prod.bidr.io *.adsrvr.org *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com *.mapbox.com search-dr.unbxd.io *.speedcurve.com *.afterpay.com *.us.afterpay.com *.cloudflare.com tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.tiktok.com *.paysecure.acculynk.net *.syteapi.com syteapi.com *.pinterest.com s.pinimg.com unpkg.com *.unpkg.com utt.impactcdn.com *.criteo.com *.criteo.net pj-place.sjv.io *.pega.digital js.appboycdn.com sdk.iad-05.braze.com *.raygun.com *.pixlee.co *.edgecastcdn.net *.turnto.com *.ytimg.com *.tcpholidaycountdown.com *.rokt.com rest.iad-05.braze.com; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-src https:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://connect.digipen.edu https://connect-digipen-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://s.adroll.com https://d.adroll.com http://s.adroll.com http://d.adroll.com https://connect.facebook.net http://connect.facebook.net https://assets.juicer.io https://addsearch.com https://s7.searchcdn.com https://cbe.capturehighered.net https://www.google.com https://www.gstatic.com https://noembed.com https://www.googleadservices.com https://lex.33across.com https://www.shoppingsheet.com https://js.adsrvr.org cdnjs.cloudflare.com https://unpkg.com use.typekit.net; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://connect.digipen.edu https://connect-digipen-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://s.adroll.com https://d.adroll.com http://s.adroll.com http://d.adroll.com https://connect.facebook.net http://connect.facebook.net https://assets.juicer.io https://www.youtube.com https://cdn.unibuddy.co https://cdn.curator.io https://addsearch.com https://s7.searchcdn.com https://cbe.capturehighered.net https://www.google.com https://www.gstatic.com https://noembed.com https://www.googleadservices.com https://lex.33across.com https://www.shoppingsheet.com https://js.adsrvr.org cdnjs.cloudflare.com https://unpkg.com use.typekit.net; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://hello.myfonts.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://assets.juicer.io https://cdn.curator.io https://app.addsearch.com https://d20vwa69zln1wj.cloudfront.net https://www.googletagmanager.com https://fonts.googleapis.com https://www.shoppingsheet.com https://cdn.jsdelivr.net https://unpkg.com; frame-ancestors 'self' https://www.digipen.edu https://devwww.digipen.edu/ 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-0efa4310-29fe-402a-b8e5-b3a28e270d57' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-0efa4310-29fe-402a-b8e5-b3a28e270d57' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-0efa4310-29fe-402a-b8e5-b3a28e270d57' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-0efa4310-29fe-402a-b8e5-b3a28e270d57' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://cdn.transcend.io; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
frame-ancestors 'self' 10.9.8.8; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://trolyao.vpbank.com.vn https://fonts.gstatic.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com www.vpbank.com.vn.edgekey.net; style-src 'self' 'unsafe-inline' https://trolyao.vpbank.com.vn https://fonts.googleapis.com https://w.ladicdn.com https://stackpath.bootstrapcdn.com www.vpbank.com.vn.edgekey.net; script-src 'self' 'unsafe-inline' https://www.googleoptimize.com https://analytics.google.com https://script.hotjar.com https://s.go-mpulse.net https://static.hotjar.com https://trolyao.vpbank.com.vn https://cdn.adbro.me/atag.js https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://developers.google.com https://www.google.com https://www.gstatic.com https://community-open-weather-map.p.rapidapi.com https://air-quality.p.rapidapi.com https://w.ladicdn.com https://connect.facebook.net www.vpbank.com.vn.edgekey.net; connect-src 'self' data: https://www.googleoptimize.com https://analytics.google.com https://in.hotjar.com https://c.go-mpulse.net https://maps.googleapis.com  https://www.google-analytics.com https://community-open-weather-map.p.rapidapi.com https://air-quality.p.rapidapi.com https://stats.g.doubleclick.net www.vpbank.com.vn.edgekey.net; img-src 'self' http: https: data: https://trolyao.vpbank.com.vn https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net www.vpbank.com.vn.edgekey.net; frame-src 'self' https://youtube.com https://s3.vietstock.vn https://vars.hotjar.com https://mcas-proxyweb.mcas.ms https://www.google.com https://www.youtube.com www.vpbank.com.vn.edgekey.net https://bid.g.doubleclick.net https://trolyao.vpbank.com.vn  1
default-src 'self'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tcl.fr https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://*.facil-iti.app https://*.facil-iti.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' https://is-cdn-dev.storage.googleapis.com https://*.tcl.fr https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com https://tagmanager.google.com https://player.vimeo.com https://www.youtube.com https://www.google-analytics.com https://s.ytimg.com https://js-agent.newrelic.com https://*.facil-iti.app https://*.facil-iti.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://is-cdn-dev.storage.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://platform.twitter.com https://tagmanager.google.com; report-uri https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct; frame-ancestors 'self' https://*.tcl.fr 1
default-src https: wss://*.hotjar.com; connect-src 'self' blob: data: *.google.com https://*.googleapis.com https://*.gstatic.com https://bam.nr-data.net https://www.google-analytics.com stats.g.doubleclick.net https://global.ketchcdn.com; font-src 'unsafe-inline' data: https: https://fonts.gstatic.com; frame-ancestors 'self' gfs.phenompeople.com cdn-bot.phenompeople.com; frame-src 'self' *.google.com https://*.gordonnow.gfs.com gfs.phenompeople.com cdn-bot.phenompeople.com youtube.com www.youtube.com https://*.cookiebot.com; img-src 'self' 'unsafe-inline' data: https: *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: https://*.ggpht.com *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com gfs.phenompeople.com cdn-bot.phenompeople.com https://*.gordonnow.gfs.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src 'self' dsp.skyrocket.ph dsp-media.eskimi.com dsp-trk.eskimi.com dsp-ap.eskimi.com google.com yoast.com static.ada.support *.ada.support leap13.github.io wp-rocket.me wistia.com wistia.net dragonpaycss.zendesk.com dragonpaysupport.zendesk.com wss://widget-mediator.zopim.com *.zendesk-eu.my.sentry.io *.dragonpay.ph *.zdassets.com *.zopim.com *.googleadservices.com *.fontawesome.com *.bootstrapcdn.com *.jquery.com *.wp-rocket.me *.wistia.com *.wistia.net *.yoast.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.youtube.com *.addtoany.com *.doubleclick.net *.ggpht.com *.googlevideo.com *.googleapis.com *.facebook.com *.facebook.net *.litix.io *.helpscout.net; img-src * data:; script-src 'self' *.ada.support yoast.com google.com leap13.github.io wp-rocket.me wistia.com wistia.net dragonpaysupport.zendesk.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.zopim.com *.googleadservices.com *.wp-rocket.me *.wistia.com *.wistia.net *.yoast.com *.wistia.com *.cloudflare.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.youtube.com *.addtoany.com *.doubleclick.net *.ggpht.com *.googlevideo.com *.googleapis.com *.facebook.com *.facebook.net *.helpscout.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' dragonpaysupport.zendesk.com *.zdassets.com *.fontawesome.com *.bootstrapcdn.com *.yoast.com *.cloudflare.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.youtube.com *.addtoany.com *.doubleclick.net *.ggpht.com *.googlevideo.com *.googleapis.com *.facebook.com *.facebook.net dsp.skyrocket.ph dsp-media.eskimi.com dsp-trk.eskimi.com dsp-ap.eskimi.com 'unsafe-inline'; 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com https://economictimes.indiatimes.com https://*.economictimes.com https://*.slike* http*://*.slike* *.sli.ke http*://*.sli.ke https://*.sli.ke 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Tz7Qjq8G84akXUqx4Xee' 'nonce-jtcr1IzpSfBGOdU7AfKw' 1
default-src 'self' cdn.jsdelivr.net maxcdn.bootstrapcdn.com; connect-src 'self' *.getdrip.com www.google-analytics.com *.facebook.com *.hotjar.com *.hotjar.io *.olark.com *.doubleclick.net *.osano.com analytics.google.com rs.fullstory.com; font-src 'self' *.brandyourself.com data: fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net static.olark.com *.omappapi.com maxcdn.bootstrapcdn.com; form-action 'self'; img-src * data:; manifest-src 'self' *.brandyourself.com; media-src 'self' *.olark.com *.brandyourself.com; script-src 'self' 'unsafe-eval'  code.jquery.com fullstory.com *.fullstory.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unpkg.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.omappapi.com *.doubleclick.net *.cloudfront.net *.facebook.net *.getdrip.com *.googleapis.com *.hotjar.com *.licdn.com *.olark.com *.optnmstr.com *.osano.com *.google.com *.gstatic.com sleeknotecustomerscripts.sleeknote.com 'nonce-65af27604580b' 'sha256-5pBTKcuNzhE2GOCOjgp/A2kciosBHOYJaUrhio7H5Nw=' 'sha256-dEzgimQfc4Eus/opVkbSjWR18IbrGWd7LBC+cHoppuw='; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.olark.com *.omappapi.com unpkg.com *.googleapis.com *.brandyourself.com; frame-src *.olark.com *.vimeo.com *.hotjar.com *.google.com *.googleapis.com *.slideshare.net *.youtube.com cheddar.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.naco.org/report-uri/enforce 1
frame-ancestors 'self' https://www.bodas.com.mx https://comunidad.bodas.com.mx https://landing.bodas.com.mx 1
frame-ancestors https://www.lupus.org https://lupus.org https://lupus-stg.global.ssl.fastly.net/ https://app.socio.events/ https://attendee.socio.events/ https://game.socio.events/; 1
frame-ancestors interhyp.e-spirit.hosting app.optimizely.com 1
default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com  www.google-analytics.com *.akamaihd.net brightcove.hs.llnwd.net *.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net fast.fonts.net ;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com s7d9.scene7.com player.interactivity.brightcove.com;form-action 'self' *.armstrong.com *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com *.la3-c2-ia4.salesforceliveagent.com www.facebook.com api.bazaarvoice.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com *.bazaarvoice.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com vjs.zencdn.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.googleapis.com html5.dcatalog.com *.google.com display.ugc.bazaarvoice.com www.gstatic.com s7d9.scene7.com *.mountain.com armstrongceilings.tfaforms.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.analytics.google.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 player.interactivity.brightcove.com;frame-src *;img-src 'self' data: blob: *;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.googleapis.com s7d9.scene7.com www.facebook.com *.google.com forms.hubspot.com *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 px.ads.linkedin.com;object-src players.brightcove.net;report-uri https://www.armstrong.com/csp-report.jsp 1
default-src 'self' http://cms.nce.staging.r8.diamax.com http://*.nae.edu http://*.diamax.com https://*.diamax.com http://*.addthis.com https://*.addthis.com https://*.adobe.com https://livestream.com https://www.dafdirect.org http://*.twitter.com https://*.twitter.com http://*.linkedin.com http://*.google.com http://*.googleapis.com http://*.youtube.com https://*.vimeo.com https://vimeo.com https://*.ytimg.com https://*.googleapis.com http://*.typekit.net https://www.googletagmanager.com http://*.google-analytics.com https://*.google-analytics.com https://webfonts.creativecloud.com https://m.addthis.com https://*.twimg.com https://*.doubleclick.net https://*.gstatic.com http://*.gstatic.com http://*.facebook.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://*.surveymonkey.com https://survey.alchemer.com https://www.surveygizmo.com https://nas.giftlegacy.com/ https://cdn.cookielaw.org https://code.jquery.com/ https://geolocation.onetrust.com/ https://s3.amazonaws.com/stream.sparkstreetdigital.com/ https://*.sparkstreetdigital.net/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/  https://naegroupstorage.blob.core.windows.net/ https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com/ https://www.redditstatic.com/ data: 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://img.youtube.com https://alb.reddit.com http://*.diamax.com  https://*.diamax.com https://*.nae.edu https://*.surveymonkey.com https://www.google-analytics.com https://*.twimg.com https://*.ytimg.com https://*.twitter.com https://*.licdn.com http://*.typekit.net https://www.dafdirect.org http://*.google-analytics.com https://*.google-analytics.com https://*.adobe.com https://app.surveygizmo.com https://appv3.sgizmo.com https://www.surveygizmo.com https://cdn.cookielaw.org data: blob:; 1
frame-ancestors http://stevemorse.org http://www.stevemorse.org 'self' http://www.jgsmd.org http://jgsmd.org http://www.jgss.org; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.jiffymarketing.com https://pennzoil400.pixelhublive.com/; 1
child-src 'self';connect-src 'self' https://*.browser-intake-datadoghq.com https://api.openai.com https://*.sentry.io http://*.pinalove.com https://*.googletagmanager.com http://*.pinalove.com https://*.apple.com https://rum.browser-intake-datadoghq.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.pinalove.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.pinalove.com wss://*.vietnameselove.com;default-src 'self';font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com;frame-src 'self' https://*.apple.com https://*.g.doubleclick.net https://*.google.com;img-src 'self' blob: data: http://*.gstatic.com https://*.googletagmanager.com http://*.pinalove.com http://*.pinalove.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.pinalove.com https://*.trackjs.com https://pinalove.com https://pinalove.com https://vietnameselove.com wss://*.pinalove.com wss://*.pinalove.com;manifest-src 'self' http://*.pinalove.com https://*.pinalove.com wss://*.pinalove.com;media-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.apple.com https://*.sentry-cdn.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.yahooapis.com;worker-src 'self' blob:; 1
frame-ancestors atida.fr *.atida.fr; 1
base-uri 'self';connect-src 'self' *.doubleclick.net *.google-analytics.com analytics.google.com;default-src 'self';font-src 'self' *.typekit.net;frame-ancestors 'self';frame-src 'self' *.youtube.com *.vimeo.com;img-src 'self' data: *.google-analytics.com *.vimeocdn.com *.googletagmanager.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' *.typekit.net;worker-src 'none'; 1
object-src 'none'; base-uri https://*.kampyle.com; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-hwVgPPwXepab4MRI4TpluQ==' https: http: *.crazyegg.com blob:; style-src 'self' 'unsafe-inline' https://ws1.postescanada-canadapost.ca www.googletagmanager.com tagmanager.google.com fonts.googleapis.com https://*.kampyle.com *.crazyegg.com; img-src 'self' * blob: data: *.crazyegg.com; font-src 'self' data: https://joefresh-resource-prod.joefresh.com https://joefresh-resource-prod-new.s3.amazonaws.com https://assets.beautyboutique.ca https://fonts.gstatic.com; connect-src 'self' https://cdn.contentful.com/ https://*.loblaw.digital https://dpm.demdex.net https://adobedc.demdex.net https://ws2.bullseyelocations.com https://maps.googleapis.com http://ws1.postescanada-canadapost.ca https://rollout.ada.support https://static.ada.support https://*.ada.support https://edge.adobedc.net https://www.google-analytics.com www.googletagmanager.com https://bat.bing.com https://www.sjwoe.com https://www.mczbf.com https://ct.pinterest.com https://*.taboola.com https://*.joefresh.com http://*.joefresh.com https://bcp.crwdcntrl.net http://loblawsinc.tt.omtrdc.net https://api.pcexpress.ca https://stats.g.doubleclick.net https://www.emjcd.com https://cm.everesttech.net https://cj.dotomi.com https://anrdoezrs.net https://dpbolvw.net https://jdoqocy.com https://kqzyfj.com https://qksrv.net https://tkqlhce.com https://qksz.net https://afcyhf.com https://awltovhc.com https://ftjcfx.com https://lduhtrp.net https://tqlkg.com https://awxibrm.com https://cualbr.com https://rnsfpw.net https://vofzpwh.com https://yceml.net https://*.bluecore.app http://*.bluecore.app https://*.bluecore.com https://*.clarity.ms https://resources.digital-cloud.medallia.ca https://*.kampyle.com https://analytics.tiktok.com https://adobetargetmobile.tt.omtrdc.net https://assets.adobetarget.com http://spmini.loblaws.ca/sp/h https://sp.joefresh.com/sp/h https://sp.pcid.ca https://cdn.syteapi.com https://cdn-api.syteapi.com https://syteapi.com https://tr.snapchat.com *.crazyegg.com https://analytics.google.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com; frame-src https://lcljoefresh.demdex.net https://pay.sandbox.realexpayments.com https://pay.realexpayments.com https://joefresh.ada.support www.googletagmanager.com https://www.youtube.com https://www.facebook.com https://www.google.com *.doubleclick.net https://ct.pinterest.com https://tsdtocl.com https://resources.digital-cloud.medallia.ca https://tpc.googlesyndication.com https://tr.snapchat.com *.crazyegg.com; child-src 'self' data: blob: www.googletagmanager.com; worker-src blob: 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-BG2Y5XdQqdSp+LNzJ+t8' 'nonce-jdXEyvAsATUPCW/LsfRj' 1
frame-ancestors 'self' https://*.toyota.es https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
font-src *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: www.truffaut.com fonts.gstatic.com static.truffaut.com www.booxi.eu blob: data: *.googleapis.com *.abtasty.com *.onestock-retail.io cdn.jsdelivr.net *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.google.com *.facebook.com *.pinterest.com *.pinterest.fr player.ausha.co *.booxi.eu *.trustcommander.net *.googletagmanager.com *.abtasty.com *.onestock-retail.io *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.alothemes.com *.magepow.com 'self' data: data: blob: *.commander1.com manager.tagcommander.com *.googleapis.com images.truffaut.com images-staging.truffaut.com metrics.truffaut.com smetrics.truffaut.com k.truffaut.com www.google.fr *.facebook.com *.bing.com *.pinterest.com *.pinterest.fr maps.google.com maps.gstatic.com w.bookcdn.com *.google-analytics.com *.analytics.google.com static.truffaut.com *.clarity.ms *.cloudfront.net *.googletagmanager.com *.abtasty.com *.amazonaws.com *.onestock-retail.io *.hotjar.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.alothemes.com *.magepow.com www.google.com *.gstatic.com k.truffaut.com *.googleadservices.com cdn.tagcommander.com *.trustcommander.net www.gstatic.com maps.google.com maps.googleapis.com *.pinimg.com *.facebook.com *.facebook.net *.bing.com *.doubleclick.net *.lgw.io static.truffaut.com *.woosmap.com www.booxi.eu *.clarity.ms *.googletagmanager.com *.abtasty.com blob: *.googleapis.com *.onestock-retail.io *.hotjar.com www.google.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com fonts.googleapis.com static.truffaut.com www.booxi.eu *.googletagmanager.com *.abtasty.com *.onestock-retail.io cdn.jsdelivr.net *.hotjar.com www.google.fr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com images.truffaut.com images-staging.truffaut.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.alothemes.com *.magepow.com t.elasticsuite.io *.google-analytics.com truffaut.com k.truffaut.com static.truffaut.com *.analytics.google.com *.trustcommander.net *.commander1.com *.facebook.net *.facebook.com *.doubleclick.net *.pinterest.com *.pinterest.fr *.clarity.ms *.googleapis.com *.woosmap.com maps.googleapis.com *.googletagmanager.com *.abtasty.com *.onestock-retail.io *.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com data: blob: *.truffaut.com *.bing.com *.tagcommander.com *.trustcommander.net *.facebook.net *.pinterest.com *.pinterest.fr *.doubleclick.net *.gstatic.com *.pinimg.com *.lgw.io *.google-analytics.com *.analytics.google.com *.google.com *.google.fr *.googleadservices.com *.googletagmanager.com *.bootstrapcdn.com *.facebook.com *.demdex.net *.youtube.com *.bookcdn.com static.truffaut.com *.onestock-retail.io *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.oktawave.com 1
script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' stories.ups.com about.ups.com dev.upsers.ams1907.com stage.upserstwo.com upsers.com www.upsers.com upserstwo.com www.upserstwo.com qa.upsers.ams1907.com beta.upsers.com https://login.microsoftonline.com https://tags.tiqcdn.com https://www.youtube.com https://gallery.sprinklr.com https://smetrics.ups.com https://platform.twitter.com https://www.facebook.com https://www.tiktok.com https://lf16-tiktok-web.ttwstatic.com https://lf16-tiktok-web.tiktokcdn-us.com https://www.instagram.com  https://pbs.twimg.com  https://thumb.sprinklr.com https://scontent-iad3-1.xx.fbcdn.net https://players.brightcove.net https://vjs.zencdn.net https://www.google.com  https://www.gstatic.com mboxedge31.tt.omtrdc.net ups.demdex.net dpm.demdex.net https://fonts.gstatic.com ups.tt.omtrdc.net s.go-mpulse.net https://scripts.demandbase.com https://qmod.quotemedia.com https://s7d9.scene7.com https://ep-cert.ams1907.com https://publish-p55671-e561903.adobeaemcloud.com https://visitor-service-us-east-1.tealiumiq.com https://visitor-service-ap-east1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com *.scene7.com https://visitor-service-ap-east-1.tealiumiq.com my.tealiumiq.com https://js-cdn.dynatrace.com; object-src 'none' 1
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://platform.twitter.com https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://s.pinimg.com https://www.redditstatic.com https://sc-static.net https://connect.facebook.net https://extend.vimeocdn.com https://analytics.tiktok.com https://p.teads.tv https://bat.bing.com https://rum-static.pingdom.net https://go.affec.tv https://googleads.g.doubleclick.net https://assets.ubembed.com https://secure.adnxs.com https://www.googleoptimize.com https://www.clarity.ms https://www.google-analytics.com https://www.google.co.uk https://*.js.ubembed.com https://form.jotform.com https://*.jotfor.ms https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://www.gstatic.com https://secure.callhandling.co.uk https://www.googleadservices.com https://www.muchloved.com https://www.youtube.com https://www.riddle.com/ https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.jotfor.ms https://secure.callhandling.co.uk https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' 1
default-src 'none'; media-src https://cdn.aarsen.me; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src form.gov.sg api-cdp.eu01.treasuredata.com *.treasuredata.com *.recaptcha.net *.bellustartokyo.jp *.net-fs.com *.matterport.com *.smartviewmedia.com.au *.sprinklr.com *.zencdn.net *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline'; script-src 'self' *.panpacific.com  *.panomatics.com *.googlesyndication.com messenger.myma.ai *.cookieyes.com cdn-cookieyes.com *.adobedtm.com form.gov.sg *.addtoany.com api-cdp.eu01.treasuredata.com *.treasuredata.com *.gstatic.cn *.cloudfront.net *.usabilla.com *.recaptcha.net *.sojern.com *.gstatic.com *.yimg.jp *.sevenrooms.com *.twitter.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.imenupro.com imenupro.com *.tablecheck.com *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.mynewsdesk.com *.opentable.co.uk *.jscache.com *.tripadvisor.com *.tripadvisor.com.au *.tacdn.com *.abtasty.com *.digicert.com *.titiqcdn.com *.tiqcdn.com *.google.com *.facebook.com *.facebook.net *.youtube.com *.googleapis.com  *.tealiumiq.com  *.usabilla.com *.googletagmanager.com *.enzymic.co *.baidu.com *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com *.everestjs.net *.matomo.cloud *.adform.com *.adform.net *.googleadservices.com *.google.com.sg *.zencdn.net *.doubleclick.net *.clarity.ms *.addthisedge.com *.moatads.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' *.panpacific.com *.panomatics.com *.cloudfront.net *.usabilla.com *.sprinklr.com *.sevenrooms.com *.sprinklr.com *.abtasty.com *.amazonaws.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.bootstrapcdn.com *.tacdn.com *.googleapis.com *.cloudfront.net *.cloudflare.com *.zencdn.net 'unsafe-inline'; font-src 'self' *.cloudfront.net *.usabilla.com *.sevenrooms.com *.abtasty.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.gstatic.com *.panpacific.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net 'unsafe-inline' data: ; img-src 'self' data: *.panpacific.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com  *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com bmbuiassetsprod.blob.core.windows.net *.cloudfront.net *.googletagmanager.com *.google.ca *.usabilla.com *.tripadvisor.com *.travelmyth.com *.sojern.com *.sevenrooms.com *.sprinklr.com *.fbcdn.net *.twimg.com *.pphg.com *.google.co.id *.google.com.my *.abtasty.com http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org *.osm.org *.tile.osm.org *.googleadservices.com *.ghadiscovery.com *.nor1upgrades.com *.amazonaws.com *.adsymptotic.com *.demdex.net *.tealiumiq.com *.everesttech.net *.maxcdn.com *.tacdn.com *.tripadvisor.com.au *.facebook.com *.doubleclick.net *.linkedin.com *.bing.com *.google-analytics.com *.google.com *.google.com.sg *.gstatic.com *.googleapis.com *.digicert.com *.maxcdn.com *.baidu.com *.cloudfront.net *.usabilla.com *.clarity.ms *.derbysoftca.com 'unsafe-inline' ; frame-src 'self' *.thefork.com panomatics.com *.panomatics.com messenger.myma.ai *.net-fs.com *.addtoany.com *.cloudfront.net *.usabilla.com *.recaptcha.net *.hotelgroove.jp *.bellustartokyo.jp *.google.com *.dailymotion.com *.vimeo.com *.sevenrooms.com *.matterport.com *.adform.net tablecheck.com *.tablecheck.com *.smartviewmedia.com.au *.demdex.net *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.facebook.com *.mynewsdesk.com *.opentable.co.uk *.doubleclick.net *.trustyou.com *.trustyou.co *.youtube.com *.lafourchette.com 'unsafe-inline' ; connect-src https: http: *.cloudfront.net *.usabilla.com *.abtasty.com ; 1
default-src 'self'; script-src 'self' https://ajax.aspnetcdn.com/ajax/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://twitter.com/intent/tweet https://polyfill.io https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0-flt.ssl.ak.dynamic.tiles.virtualearth.net https://www.googletagmanager.com http://az416426.vo.msecnd.net/scripts/a/ai.0.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.bing.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t0-flt.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net data: blob:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.bing.com https://www.google-analytics.com https://vortex.data.microsoft.com/collect/v1; frame-src 'self' https://www.google.com/recaptcha/ https://staticxx.facebook.com/  https://maps.google.com/ https://www.google.com/ https://www.youtube.com/; base-uri 'self'; object-src 'self'; 1
default-src 'self' https://www.google-analytics.com data: https://facebook.com https://*.facebook.com https://ssl.google-analytics.com https://fonts.gstatic.com https://www.youtube.com https://futar.bkk.hu https://go.bkk.hu https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://*.soundcloud.com https://docs.google.com https://px.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://cloudflareinsights.com https://app.powerbi.com https://region1.google-analytics.com https://tileserver.realcity.io/; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://unpkg.com/maplibre-gl@2.1.9/ https://tileserver.realcity.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://futar.bkk.hu https://go.bkk.hu https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com https://unpkg.com/maplibre-gl@2.1.9/ https://tileserver.realcity.io/ blob: ; worker-src 'self' * blob: ; child-src 'self' * blob: ; img-src 'self' * data: blob:  https://ssl.google-analytics.com https://www.google-analytics.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.huawei.com mepuzz.com *.zalo.me *.zdn.vn page.widget.zalo.me *.mepuzz.com *.accesstrade.vn www.gstatic.com connect.facebook.net www.google-analytics.com www.googletagmanager.com *.sbz.vn file-subiz.com fonts.googleapis.com fonts.gstatic.com storage.googleapis.com www.youtube.com *.doubleclick.net *.subiz.net *.googleapis.com *.google.com *.googleadservices.com *.useinsider.com *.subiz-cdn.com; frame-src 'self' *.creativecdn.com www.youtube.com *.youtube-nocookie.com *.facebook.com *.google.com *.doubleclick.net *.hoanghamobile.com *.useinsider.com page.widget.zalo.me; 1
upgrade-insecure-requests; default-src 'self'; script-src 'nonce-nFSYPlewu9AM2g/UGOMa8FnRPYTSe6Kr' 'strict-dynamic' 'unsafe-inline' 'self' https: http: 'self' https://netlify-cdp-loader.netlify.app https://player.vimeo.com https://platform-api.sharethis.com https://t.sharethis.com https://www.google-analytics.com https://maps.googleapis.com https://platform.twitter.com https://media.mofo.com https://consent.trustarc.com https://siteimproveanalytics.com https://www.googletagmanager.com https://cdn.sajari.com https://images.contentstack.io https://assets.contentstack.io https://media.mofo.com https://media2.mofo.com https://www2.mofo.com https://cdn.segment.com https://static.srcspot.com https://www.google.com https://www.gstatic.com https://tag.demandbase.com https://www.youtube.com; img-src 'self' data: https://consent-pref.trustarc.com https://59840.global.siteimproveanalytics.io https://consent.trustarc.com https://fonts.gstatic.com https://images.contentstack.io https://assets.contentstack.io https://l.sharethis.com https://platform-cdn.sharethis.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com https://www.google-analytics.com https://www.googletagmanager.com https://www.siteimproveanalytics.io https://media.mofo.com https://media2.mofo.com https://www2.mofo.com https://www.trustarc.com https://www.truste.com https://re.sajari.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://pbs.twimg.com; media-src 'self' https://assets.contentstack.io https://www.supremecourt.gov https://www.cadc.uscourts.gov https://cdn.ca9.uscourts.gov https://media.mofo.com https://media2.mofo.com https://www2.mofo.com; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; font-src 'self' https://assets.contentstack.io https://fonts.googleapis.com https://fonts.gstatic.com https://media.mofo.com https://media2.mofo.com https://www2.mofo.com; base-uri 'self'; form-action 'self'; connect-src 'self' https://www.google.com https://consent-pref.trustarc.com https://consent.trustarc.com https://static.srcspot.com https://59840.global.siteimproveanalytics.io https://cdn.sajari.com https://re.sajari.com https://jsonapi.sajari.net https://l.sharethis.com https://vimeo.com https://player.vimeo.com https://fonts.googleapis.com https://maps.googleapis.com https://netlify-cdp-loader.netlify.app https://platform-api.sharethis.com https://platform-cdn.sharethis.com https://platform.twitter.com https://assets.contentstack.io https://www.youtube.com https://www.trustarc.com https://www.gstatic.com https://www.google-analytics.com https://www.analytics.google.com https://www.googletagmanager.com https://media.mofo.com https://media2.mofo.com https://www2.mofo.com https://www.siteimproveanalytics.io https://siteimproveanalytics.com https://www.srcspot.com https://workday-sync.netlify.app https://cdn.segment.com https://api.company-target.com https://pbs.twimg.com https://images.contentstack.io https://maps.gstatic.com https://fonts.gstatic.com; frame-src 'self' https://consent-pref.trustarc.com https://app.netlify.com https://w.soundcloud.com https://player.vimeo.com https://public.tableau.com https://view.ceros.com https://www.youtube-nocookie.com https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://scc.mofo.com https://www.google.com https://cdn.yoshki.com https://media.mofo.com https://media2.mofo.com https://www2.mofo.com https://www.trustarc.com https://t.sharethis.com; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' blob: *; object-src 'none'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; connect-src 'self' *; font-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://cdn.cookielaw.org https://www.googletagmanager.com https://securepubads.g.doubleclick.net http://connect.facebook.net https://cybercook-assets.storage.googleapis.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googleadservices.com https://adservice.google.com.br https://adservice.google.com http://cdn.pn.vg; frame-src *; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; manifest-src https://cybercook-assets.storage.googleapis.com; worker-src 'self' data blob:; 1
frame-ancestors *.hogent.be hogent.be 1
default-src 'self' *.mapbox.com *.lsy.pl; img-src 'self' blob:  data: https://analytics.lhsystems.pl/; frame-src https://www.google.com/  https://www.youtube.com/; font-src 'self' *.lhsystems.pl *.lsy.pl https://fonts.gstatic.com; object-src 'self'; form-action 'self'; script-src https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ 'unsafe-inline'  blob: 'self' *.mapbox.com *.lhsystems.pl *.lsy.pl; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; style-src 'unsafe-inline'  'self' *.lsy.pl; report-uri 'none'; 1
base-uri 'self' https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl; connect-src 'self' https://webstat.erasmusmc.nl https://verwijzers.acc-cd.erasmusmc.nl https://verwijzers-temp.erasmusmc.nl https://verwijzers.erasmusmc.nl https://patientenfolders.erasmusmc.nl https://erasmusmc.4cloud.nl; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl; frame-src * 'self' https://www.google.com https://www.youtube.com; img-src 'self' https://i.ytimg.com https://erasmusmc-amazingerasmusmc.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl https://patientenfolders.erasmusmc.nl https://erasmusmc.4cloud.nl https://via.placeholder.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl https://www.google.com/recaptcha/api.js https://www.gstatic.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://webstat.erasmusmc.nl https://webstat01.erasmusmc.nl; worker-src 'none'; 1
default-src 'self' https://us-west-1.cdn.h5p.com; connect-src 'self' https://us-west-1.cdn.h5p.com *.h5p.com https://h5p.zendesk.com/ https://ekr.zdassets.com/ https://checkout.stripe.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://multiplayerapi.h5p.com https://www.wiris.net/ https://api.h5p.org/v1/licenses/ vimeo.com/api/ wss://multiplayer-us-west-1.h5p.com hub-api.h5p.org https://*.google-analytics.com/ https://cdn.linkedin.oribi.io/partner/ https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; img-src * data: blob:; media-src * blob:; frame-src * blob:; object-src 'none'; child-src 'self' https://us-west-1.cdn.h5p.com blob: *.vimeo.com vimeo.com; script-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' 'unsafe-eval' blob: https://*.hotjar.com static.zdassets.com www.youtube.com gdata.youtube.com/feeds/api/ https://s.ytimg.com/yts/jsbin/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com/v3/ https://checkout.stripe.com/ en.wikipedia.org/w/api.php api.flickr.com/services/rest/ soundcloud.com/oembed https://developers.panopto.com/ https://www.wiris.net/ https://polyfill.io/v3/ https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ https://*.googletagmanager.com; style-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' https://checkout.stripe.com/ https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://*.hotjar.com https://www.wiris.net/; font-src 'self' https://us-west-1.cdn.h5p.com data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ https://*.hotjar.com https://www.wiris.net/; frame-ancestors 'none'; 1
frame-ancestors 'self' catalogues.aldi.fr experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors https://forms.cps.ca/ https://cps.ca 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.ai; img-src 'self' https: data: blob: https://masto.ai; style-src 'self' https://masto.ai 'nonce-/8naY0akppO2iTnajf5F6A=='; media-src 'self' https: data: https://masto.ai; frame-src 'self' https:; manifest-src 'self' https://masto.ai; form-action 'self'; child-src 'self' blob: https://masto.ai; worker-src 'self' blob: https://masto.ai; connect-src 'self' data: blob: https://masto.ai https://s3.masto.ai wss://masto.ai; script-src 'self' https://masto.ai 'wasm-unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; font-src https: 'self' data:; img-src https: 'self' data:; 1
default-src 'self';img-src 'self' data: https://*.vasttrafik.se https://via.tt.se;script-src 'self' https://piwik-ext.vgregion.se https://*.littlepay.com 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://*.vasttrafik.se https://piwik-ext.vgregion.se https://a-web-prod.vasttrafik.se:*;frame-src 'self' https://*.littlepay.com https://player.vgregion.se 1
frame-ancestors 'self' https://www.ilfattoquotidiano.it http://localhost:8080 http://alpitour-magnolia-helm-author-b2x-dev.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-author-b2x-test.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-public-b2x-test.apps-test.alpitour-aws.local http://alpitour-magnolia-helm-author-b2x-pre-prod.apps-uat.alpitour-aws.local https://magnolia.alpitour.it; 1
frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn ra.pisrc.net localhost localhost:*; 1
frame-ancestors 'self' *.uxpin.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io wss://ws.hotjar.com *.sleeknote.com blob:; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io https://oj-ojireland.store.jamesondistillery.com https://oj-ojmidleton.store.jamesondistillery.com https://iframe-mdm.JamesonWhiskey.com/tdindublinsweeps/ https://jameson-360-experience.s3-eu-west-1.amazonaws.com *.sleeknote.com https://mummmap-j8dfofxxrv5htmiqzbghdd.streamlit.app https://www.google.com/maps/d/u/0/embed; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://oj-ojireland.store.jamesondistillery.com https://oj-ojmidleton.store.jamesondistillery.com https://spd23prod.wpengine.com/ https://unboringparty.wpenginepowered.com/ *.jamesonwhiskey.com https://live.eventtia.com/en/awkacitytakeover *.sleeknote.com https://jameson-360-experience.s3-eu-west-1.amazonaws.com *.doubleclick.net https://open.spotify.com/ https://mummmap-j8dfofxxrv5htmiqzbghdd.streamlit.app https://www.google.com/maps/d/u/0/embed https://platinumaps.jp/maps/demo; worker-src blob: 'self' 1
frame-ancestors 'self' localhost:* https://www.deltapower.ca https://www.newhollandrochester.com https://*.smartequip.net https://*.hoober.com https://www.shop.bucherlandtechnik.ch https://*.cdkglobal-es.net https://*.titanmachinery.com https://bobmark.ca https://bobmarklindsay.com https://bobmarkcampbellford.com https://bobmarksunderland.com https://bobmarknapanee.com https://bobmarknewholland.com https://s1.ariba.com https://tmr-parts-test.on.briuman.dev https://tmr-parts-staging.on.briuman.dev https://store.titanmachinery.ro https://cnhremanind.com https://mycnhreman.com 1
default-src * data: blob:;script-src *.facebook.com *.facebook.net *.fbcdn.net 'unsafe-inline' 'unsafe-eval' *.wit.ai *.facebook.com:8443 *.youtube.com/iframe_api https://s.ytimg.com/;style-src *.facebook.com 'unsafe-inline' *.wit.ai *.fbcdn.net;connect-src 'self' *.fbcdn.net *.facebook.net *.facebook.com wss://*.facebook.com *.wit.ai *.facebook.com:8443 wss://ws.wit.ai *.facebook.com:9504;block-all-mixed-content;upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'nonce-p4g5eQK0lSpwlpRCKCiQeLw4' *.downstate.edu https://*.googleapis.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://fonts.gstatic.com *.google-analytics.com *.doubleclick.net https://*.cms.omniupdate.com https://cdn.jsdelivr.net https://www.google.com https://ajax.googleapis.com https://*.youtube.com https://code.jquery.com https://*.jquery.com https://bbox.blackbaudhosting.com https://cdnjs.cloudflare.com https://bbox.blackbaudhosting.com/* https://*.widget.calendar.moderncampus.net/ https://*.moderncampus.net https://*.fontawesome.com https://*.tableau.com https://*.adnxs.com 1
base-uri 'self'; default-src 'self' data:; script-src 'self' 'unsafe-eval' 'nonce-cbba1efb-3eb0-4fe2-87a2-3d91e994f7c4'; img-src 'self' data: https: http:; media-src 'self' data:; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.libraccio.it fibs-prd-apim.azure-api.net *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.akamaihd.net *.akstat.io *.algolia.io *.algolia.net *.algolianet.com *.azure.com *.bidswitch.net *.bing.com *.casalemedia.com *.salecycle.com *.clarity.ms *.cloudflare.com *.awin1.com *.cookielaw.org *.creativecdn.com creativecdn.com *.criteo.com *.criteo.net *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.g.doubleclick.net *.go-mpulse.net *.googleadservices.com *.google-analytics.com sync.go.sonobi.com *.cloudfront.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io id5-sync.com *.ivitrack.com *.jsdelivr.net *.kaspersky-labs.com *.kelkoogroup.net *.kelkoo.com *.sfentry.com *.kk-resources.com *.klarnacdn.net *.klarnaevt.com *.lgw.io *.blob.core.windows.net *.youtube.com *.sciencebehindecommerce.com *.media.net *.mediavine.com *.tradedoubler.com *.tradetracker.com *.tradetracker.net *.omnitagjs.com *.onetrust.com *.outbrain.com *.honey.io *.pubmatic.com *.richrelevance.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.tiktok.com *.adnpopupblocker.com *.tremorhub.com *.yahoo.com *.yieldmo.com *.yieldlab.net *.visualstudio.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws; img-src * 'self' www.libraccio.it https http data:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/lib-v1/Track 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com 1
default-src 'none';             script-src 'self'                        fs20.formsite.com                        embed.showclix.com                        bbox.blackbaudhosting.com                        payments.blackbaud.com                        www.instagram.com                        www.google-analytics.com                        secure.quantserve.com                        www.googleadservices.com                        extend.vimeocdn.com                        www.googletagmanager.com                        connect.facebook.net                        rules.quantcount.com                        *.doubleclick.net                        *.adroll.com                        www.google.com                        www.gstatic.com                        bbg-botanic.disqus.com                        cdn.matomo.cloud                        widgets.resy.com                        datawrapper.dwcdn.net                        doublethedonation.com                        'unsafe-inline'                        'unsafe-eval';             object-src 'none';              style-src 'self'                        bbox.blackbaudhosting.com                        doublethedonation.com                        *.disquscdn.com                        *.dwcdn.net                        'unsafe-inline';             base-uri 'self';             form-action 'self'             https://signup.bbg.org             https://plants.bbg.org             https://herbarium.bbg.org             https://hic.bbg.org;             img-src https: ;            media-src https://*.bbg.org;             frame-src 'self'                       www.instagram.com                       embed.showclix.com                       *.formsite.com                       *.vimeo.com                       widgets.resy.com                       www.youtube.com                       www.facebook.com                       *.doubleclick.net                       disqus.com                       bbox.blackbaudhosting.com                       www.google.com                      bbg.matomo.cloud;             font-src 'self' fonts.gstatic.com                       doublethedonation.com                       static.dwcdn.net                       use.typekit.net;             frame-ancestors 'none';             connect-src 'self'                         www.google-analytics.com                         tools.bbg.org                         assets.bbg.org                         plants.bbg.org                         signup.bbg.org                         lookup.bbg.org                         greenestblock.bbg.org                         updates.expressionengine.com                         doublethedonation.com                         bbg.matomo.cloud                         datawrapper.dwcdn.net                         *.doubleclick.net 1
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' umcdn.um.ac.ir; style-src 'self' 'unsafe-inline' umcdn.um.ac.ir; img-src 'self' data: https://trustseal.enamad.ir www.um.ac.ir um.ac.ir; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; form-action 'self' profdoc.um.ac.ir; frame-src 'self'; worker-src 'self' data: blob:; block-all-mixed-content 1
frame-src 'self' https://cosmolot.ua https://*.hotjar.com https://*.googletagmanager.com https://optimize.google.com https://*.crazyegg.com; 1
block-all-mixed-content;base-uri 'none';default-src 'none';form-action 'self';object-src 'none';frame-ancestors 'none';img-src 'self' https://nkprod-coredatastack-pa7jx42xiwhf-tasksbucket-13qb6gn1l5ooi.s3.amazonaws.com https://nkprod-coredatastack-pa7jx42xiwhf-projectsbucket-m7gii8v9p2ch.s3.amazonaws.com/ https://nkprod-coredatastack-pa7jx42xiwhf-tasksbucket-13qb6gn1l5ooi.s3.us-east-1.amazonaws.com https://nkprod-coredatastack-pa7jx42xiwhf-projectsbucket-m7gii8v9p2ch.s3.us-east-1.amazonaws.com/ data:;media-src 'self' https://nkprod-coredatastack-pa7jx42xiwhf-tasksbucket-13qb6gn1l5ooi.s3.amazonaws.com https://nkprod-coredatastack-pa7jx42xiwhf-projectsbucket-m7gii8v9p2ch.s3.amazonaws.com/ https://nkprod-coredatastack-pa7jx42xiwhf-tasksbucket-13qb6gn1l5ooi.s3.us-east-1.amazonaws.com https://nkprod-coredatastack-pa7jx42xiwhf-projectsbucket-m7gii8v9p2ch.s3.us-east-1.amazonaws.com/;frame-src 'self';font-src 'self';style-src 'self';script-src 'self' 'report-sample';connect-src https:;report-uri https://5jk39sroj0.execute-api.us-east-1.amazonaws.com/csp/report;report-to endpoint-csp 1
frame-src * 'self'; frame-ancestors 'self' https://www.welove2023tour.fr/; 1
child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com *.qualified.com; default-src 'self' 'unsafe-inline' vitals.vercel-insights.com wss://ws.qualified.com *.vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src app.qualified.com player.vimeo.com vars.hotjar.com www.facebook.com t.sharethis.com *.qualified.com *.company-target.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com; worker-src 'self' blob:; connect-src 'self' vitals.vercel-insights.com *.qualified.com wss://*.qualified.com www.google-analytics.com analytics.google.com/g/collect *.vimeo.com vimeo.com *.ingest.sentry.io www.datocms-assets.com www.youtube.com legal.wiz.io *.algolia.net *.algolianet.com *.algolia.io *.company-target.com *.demandbase.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net ws://localhost:3000; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hotjar.com data:; img-src 'self' data: https: http: *.hotjar.com; media-src 'self' https: mediastream: *.qualified.com; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.vercel-scripts.com vitals.vercel-insights.com tagmanager.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com js.qualified.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.hotjar.com *.demandbase.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.vimeocdn.com *.qualified.com *.hotjar.com; form-action 'self' www.facebook.com; frame-ancestors 'self' https://partners.wiz.io; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self' stats.noyb.eu; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' *.noyb.eu https://*.openstreetmap.org data:; script-src 'self' 'unsafe-inline' *.noyb.eu; frame-src 'self' *.noyb.eu *.dialog-mail.com 1
default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
default-src https: blob: wss: 'unsafe-eval' 'unsafe-inline';img-src data: https:;font-src data: https: 1
frame-ancestors http://*.ebs.co.kr https://*.ebs.co.kr http://*.ebsi.co.kr https://*.ebsi.co.kr ; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
default-src 'self' *.earnapp.com 'unsafe-inline' 'unsafe-eval' data: https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com ajax.cloudflare.com https://widget.trustpilot.com https://*.gstatic.com https://*.zdassets.com https://earnapp.zendesk.com https://www.youtube.com https://i.ytimg.com https://*.warmwelcome.com https://*.facebook.net https://*.facebook.com https://yoast.com https://*.gravatar.com https://*.cloudfront.net *.yandex.ru *.yandex.net yastatic.net; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 1
default-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; object-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; connect-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://checkout.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookieyes.com https://www.snapengage.com; font-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google.com/ads/ https://*.google-analytics.com https://*.googletagmanager.com blob: data:; script-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google-analytics.com https://*.googletagmanager.com https://www.snapengage.com https://cdnjs.cloudflare.com/ajax/libs/mathjs/3.12.0/math.min.js https://www.recaptcha.net/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.highcharts.com https://cdn-cookieyes.com 'unsafe-eval' 'nonce-t9C3MJD7jF3QchTT4jXUGg=='; style-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com 'unsafe-inline'; frame-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.recaptcha.net 1
frame-ancestors 'self' *.vfpnext.com 1
default-src 'self' *.pixpaview.com pixpa.com *.pixpa.com *.cloudfront.net *.weglot.com *.twitter.com t.co *.gstatic.com *.newrelic.com *.instagram.com *.nr-data.net *.google.com *.youtube.com *.vimeo.com *.firstpromoter.com *.googleapis.com *.google.com *.google-analytics.com *.google.com.sg *.sentry-cdn.com s3-img.pixpa.com *.amazonaws.com *.paperform.co *.profitwell.com *.doubleclick.net *.paddle.com sentry.io client.relay.crisp.chat *.crisp.chat *.pusher.com js.stripe.com *.gtranslate.net *.profitwell.com *.mailerlite.com *.louassist.com t.co; block-all-mixed-content; frame-ancestors 'self' *.pixpa.com pixpa.com *.pixpaview.com; upgrade-insecure-requests; font-src 'self' data: *.pixpa.com *.pixpa.com *.crisp.chat *.gstatic.com; style-src 'self' *.pixpaview.com pixpa.com *.pixpa.com *.google.com *.paperform.co *.cloudfront.net *.googleapis.com *.louassist.com codemirror.net *.firstpromoter.com *.crisp.chat *.weglot.com *.profitwell.com *.youtube.com *.paddle.com *.gtranslate.net *.profitwell.com *.mailerlite.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.pixpaview.com pixpa.com *.pixpa.com *.googleapis.com *.louassist.com *.firstpromoter.com *.weglot.com *.gtranslate.net *.profitwell.com *.sentry-cdn.com *.googletagmanager.com *.impactcdn.com *.paperform.co *.cloudfront.net *.profitwell.com *.google-analytics.com *.youtube.com *.google.com.sg *.ads-twitter.com *.pusher.com *.google.com *.gstatic.com *.paddle.com *.mailerlite.com *.crisp.chat rawcdn.githack.com *.newrelic.com *.instagram.com js.stripe.com *.clarity.ms 'unsafe-inline'; img-src 'self' data: *.cloudfront.net *.pixpa.com *.twitter.com *.google.com *.loggly.com *.paddle.com t.co *.google.com.sg *.s3.amazonaws.com *.youtube.com *.googleapis.com s3.amazonaws.com  pixpa.com image.thum.io *.googletagmanager.com *.google-analytics.com *.crisp.chat *.google.co.in *.vimeocdn.com *.clarity.ms; connect-src * 'unsafe-inline'; worker-src blob: 1
default-src 'self' *.baehost.com *.googleapis.com *.gstatic.com *.google.com *.google.com.ar d-ipv6.mmapiws.com stats.g.doubleclick.net www.google-analytics.com *.livechatinc.com *.youtube.com cdn.whmcs.com paypal.com www.paypal.com cdn.jsdelivr.net http: https: data: blob: wss: 'unsafe-inline' *.baehost.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baehost.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net cdn.jsdelivr.net cdn1-sitebuilder.netdna-ssl.com *.googletagmanager.com connect.facebook.net www.google-analytics.com *.googleapis.com code.jquery.com device.maxmind.com *.livechatinc.com *.youtube.com *.google.com *.gstatic.com cdn.whmcs.com paypal.com www.paypal.com cdn.cpanel-sitebuilder.com dashboard.chatfuel.com; media-src 'self' *.livechatinc.com *.youtube.com *.google.com; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; child-src 'self' www.facebook.com *.livechatinc.com *.youtube.com *.google.com *.doubleclick.net; img-src 'self' www.googletagmanager.com 'unsafe-inline' *.baehost.com cdn1-sitebuilder.netdna-ssl.com googleads.g.doubleclick.net *.livechatinc.com *.gravatar.com www.facebook.com www.google-analytics.com *.youtube.com *.google.com *.google.com.ar kopage.com *.kopage.com cdn.cpanel-sitebuilder.com cdn.whmcs.com *.paypal.com *.paypalobjects.com www.zumada.com www.afip.gob.ar ipv6.he.net data:; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.livechatinc.com *.youtube.com *.google.com *.google.com.ar *.gstatic.com *.googleapis.com cdn.whmcs.com paypal.com www.paypal.com; connect-src wss://*.baehost.com https: 1
frame-ancestors https://www.enelx.com https://d3eepfzwqopgtx.cloudfront.net https://d13hhoqz1xnrhs.cloudfront.net https://yourban.enelx.com 1
connect-src 'self' https://s1.q4cdn.com https://loblaw2015.q4web.com https://loblaw.oktapreview.com https://loblaw-evp.okta.com https://global.oktacdn.com https://p11.techlab-cdn.com https://bcp.crwdcntrl.net loblaw.ca https://loblaw.ca https://www.loblaw.ca https://us-east1-ld-dxstudio-prod.cloudfunctions.net https://api.lever.co https://stats.g.doubleclick.net https://assets.ctfassets.net https://analytics.google.com https://www.google-analytics.com https://loblaw-dev.okta.com https://api.contentful.com https://cdn.contentful.com https://preview.contentful.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca p11.techlab-cdn.com; default-src 'self' p11.techlab-cdn.com; font-src 'self' https://s1.q4cdn.com https://loblaw2015.q4web.com https://global.oktacdn.com https://assets.beautyboutique.ca https://fonts.gstatic.com https://api2.fonts.com data:; frame-src https://*.fls.doubleclick.net https://s1.q4cdn.com https://loblaw2015.q4web.com https://tsdtocl.com https://bid.g.doubleclick.net bid.g.doubleclick.net; img-src 'self' data: https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://loblaw.oktapreview.com https://loblaw-evp.okta.com https://global.oktacdn.com https://dis-prod.assetful.loblaw.ca http://images.ctfassets.net https://images.ctfassets.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google.ca https://www.google.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca; style-src 'self' 'unsafe-inline' https://s1.q4cdn.com https://loblaw2015.q4web.com https://loblaw.oktapreview.com https://loblaw-evp.okta.com https://global.oktacdn.com https://s7d1.scene7.com https://fast.fonts.net https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s1.q4cdn.com https://loblaw2015.q4web.com https://tags.crwdcntrl.net loblaw.ca https://loblaw.ca https://www.loblaw.ca https://www.loblaw.ca/etc/clientlibs/loblaw/loblaw_common.js https://p11.techlab-cdn.com https://fast.fonts.net https://loblaw.oktapreview.com https://loblaw-evp.okta.com https://global.oktacdn.com https://us-east1-ld-dxstudio-prod.cloudfunctions.net https://s7d1.scene7.com https://dis-prod.assetful.loblaw.ca https://www.google.com https://www.googleadservices.com http://tagmanager.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com data: blob: p11.techlab-cdn.com; media-src 'self' *; 1
frame-ancestors 'self' http://www.1001spiele.de 1
default-src 'self'; frame-src *; child-src embeds.audioboom.com www.youtube.com blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' trck.spoteffects.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com appleid.cdn-apple.com cdn.matomo.cloud connect.facebook.net cdn.branch.io app.link www.googletagmanager.com www.google-analytics.com www.googleadservices.com gtm.adt313.net sc-static.net www.googleadservices.com www.paypal.com *.hotjar.com *.hotjar.io cdn.polyfill.io s.pinimg.com websdk.appsflyer.com googleads.g.doubleclick.net tpc.googlesyndication.com platform.twitter.com syndication.twitter.com static.ads-twitter.com analytics.twitter.com *.googleoptimize.com optimize.google.com www.google.com www.paypalobjects.com www.dwin1.com tpc.googlesyndication.com amplify.outbrain.com tr.outbrain.com www.aservice.cloud analytics.tiktok.com code.bildstatic.de www.awin1.com assets.strossle.com tracking.attributy.com collector-12541.tvsquared.com scripts.makeinfluence.com s.retargeted.co s.retargeted.co tag.heylink.com s.retargeted.co accounts.google.com cdn.scratcher.io/ bat.bing.com/ *.clarity.ms/ dynamic.criteo.com sslwidget.criteo.com valuesportal.com scripts.makeinfluence.com unpkg.com/web-vitals/dist/web-vitals.iife.js t.contentsquare.net app.contentsquare.com *.snapchat.com https://js.appboycdn.com/web-sdk/24.3.0/braze.no-amd.min.js *.singular.net *.taboola.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com optimize.google.com a.bildstatic.de www.bild.de/cmscss/ code.bildstatic.de code.bildstatic.de www.bild.de/code/ accounts.google.com www.googletagmanager.com; img-src * data:; media-src *; connect-src 'self' api2.branch.io analytics.google.com stats.g.doubleclick.net www.google-analytics.com drtvagency.matomo.cloud checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com o290444.ingest.sentry.io cdn.contentful.com mandrillapp.com hooks.zapier.com md5.justyy.workers.dev cnv.adt644.net www.sandbox.paypal.com www.paypal.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com preview.contentful.com api.ipstack.com secure.smartresponse-media.com ct.pinterest.com www.facebook.com www.google.dk wa.onelink.me/onelink wa.appsflyer.com wa.onelink.me www.google.de analytics.tiktok.com www.bild.de cnv.adt603.net www.aservice.cloud bonfire.spklw.com tracking.attributy.com *.snapchat.com api.pinpiaa.com cnv.adt690.com system.makeinfluence.com www.filify.co api.retargeted.co s.retargeted.co pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net heylinkapi.com region1.analytics.google.com *.clarity.ms cnv.adt623.net api.adtraction.net/ nimble-radio-231516.uc.r.appspot.com api.prod2.kustomerapp.com *.contentsquare.net events.pdm-staging.com/events *.pangle-ads.com *.singular.net *.taboola.com; font-src * data: 1
frame-ancestors 'self' *.uwplatt.edu uwplatt.sharepoint.com; 1
frame-ancestors https://*.ncqa.org; 1
frame-ancestors 'self' heromotocorp.com *.heromotocorp.com 1
default-src 'self' *.fourth.com *.peoplematter.com *.walkme.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
frame-ancestors 'self' adressverzeichnis.ekd.de https://*.etracker.com; 1
font-src 'self' fonts.gstatic.com data:;upgrade-insecure-requests; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doktortakvimi.com doctoraliaone-tr2-candidate.azurewebsites.net 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data:; connect-src https://hcaptcha.com https://*.hcaptcha.com https://o1026979.ingest.sentry.io/; report-uri https://o1026979.ingest.sentry.io/api/5996803/security/?sentry_key=e8c418276d2e4ea7af6b35e151b190bb&sentry_environment=production 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk *.houseofwellness.com.au *.chemistwarehouse.co.nz 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com *.scotiabank.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com https://1.b406929acabac9b095f124c81bdfcf57f.com https://1.c81358859121583b7adf2ace89cb39f44.com;script-src 'self' 'unsafe-eval' 'unsafe-inline'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com c.amazon-adsystem.com https://connect.facebook.net https://p.adsymptotic.com https://static.hotjar.com https://www.google-analytics.com cdnssl.clicktale.net https://script.hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  www.googletagmanager.com scotiabankfiles.azureedge.net snap.licdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  *.we-stats.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org  *.maze.co www.scotiabank.com.mx;worker-src blob: 'self';img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  https://www.google.com.br  https://px.ads.linkedin.com  stats.g.doubleclick.net  https://p.adsymptotic.com   *.google.com   *.google.com.mx   *.google.ca   *.gstatic.com   *.pages09.net   *.scotiabank.com   *.contentsquare.net   *.contentsquare.com   googleoptimize.com   cdn.polyfill.io   *.openstreetmap.org   *.maze.co  www.scotiabank.com.mx;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org  *.maze.co www.scotiabank.com.mx; 1
script-src 'self' 'unsafe-eval' https: blob: was: ws: 'nonce-GcTsOad5VDv8emSFqnjTSg=='; default-src 'self' 'unsafe-eval' https: blob: ws: wss:; img-src * blob: data:; font-src 'self' https: blob: data:; object-src 'self'; media-src * blob: data:; style-src * 'self' https: 'sha256-7LoTEw2TxB01eYN/xj2eYFU/cUpJk3OA+M6GXZH7D98=' 'sha256-WRTfUAFaXV9mm0+Gja6FDQnb5GWWyjaHWaKCChhJJwA=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-ZMvWTJyEDzuSxYe/hLEpWeylbRkyNlCv3Wd6tLTvSlQ=' 'sha256-L1tVp84zhE2g2TZT86ckrCX6Fw/5Kk+8rLO3wG869Fg=' 'nonce-GcTsOad5VDv8emSFqnjTSg==' 1
default-src 'self';font-src 'self' data: *.googleapis.com *.gstatic.com;img-src 'self' data: www.google-analytics.com *.youtube.com i.ytimg.com *.google.com *.google.fi *.lfeeder.com *.leadfeeder.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vo.msecnd.net *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com *.youtube.com *.clickdimensions.com *.lfeeder.com *.leadfeeder.com http://*.google.com *.hotjar.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com dl.episerver.net *.google.com;frame-src 'self' *.youtube.com https://web.nordpoolgroup.com *.google.com https://analytics-eu.clickdimensions.com *.hotjar.com;frame-ancestors 'self';media-src 'self' *.youtube.com *.google.com;connect-src 'self' *.google-analytics.com *.youtube.com *.google.com *.doubleclick.net dc.services.visualstudio.com *.hotjar.com *.hotjar.io;object-src 'none';child-src 'self';upgrade-insecure-requests;block-all-mixed-content; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
frame-ancestors 'self' https://platform.tirabeauty.com 1
frame-ancestors 'self' *.photoweb.fr 1
default-src 'self'; connect-src newpaltz.edu www.newpaltz.edu *.adroll.com jobsability.azurewebsites.net directline.botframework.com wss://directline.botframework.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.ibytedtos.com api.idonate.com *.tts.speech.microsoft.com wss://ai.ocelotbot.com *.ocelotbot.com *.snapchat.com *.technolutions.net analytics.tiktok.com; font-src *; frame-src *.newpaltz.edu app.acuityscheduling.com airtable.com map.concept3d.com w2.countingdownto.com www.dhs.gov *.e2ma.net staticxx.facebook.com www.facebook.com newpaltz.financialaidtv.com *.google.com accounts.google.com calendar.google.com embed.idonate.com www.instagram.com cdn.knightlab.com newpaltz.knowmia.com my.matterport.com feed.mikle.com www.myatlascms.com *.ocelotbot.com prezi.com *.snapchat.com snapwidget.com w.soundcloud.com www.suny.edu *.tagboard.com free.timeanddate.com *.tiktok.com *.ttwstatic.com platform.twitter.com syndication.twitter.com *.unibuddy.co unibuddy.co player.vimeo.com vgrad.z19.web.core.windows.net newpaltz.wufoo.com newpaltzschoolofscience.wufoo.com www.youtube.com *.youvisit.com *.zenfolio.com; img-src * blob: data:; media-src 'self' data *.newpaltz.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newpaltz.edu *.adnxs.com c.amazon-adsystem.com cybba-bucket.s3.amazonaws.com emma-content-aggregates-prd.s3.amazonaws.com *.adroll.com cdn.botframework.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions *.cybba.us googleads.g.doubleclick.net *.dca0.com signup.e2ma.net connect.facebook.net www.google.com cse.google.com *.google-analytics.com www.googleadservices.com storage.googleapis.com www.googletagmanager.com *.ibytedtos.com embed.idonate.com *.instagram.com code.jquery.com *.ocelotbot.com sc-static.net *.stackadapt.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com cdn.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; script-src-elem 'self' 'unsafe-inline' *.newpaltz.edu embed.acuityscheduling.com *.adroll.com emma-content-aggregates-prd.s3.amazonaws.com cdn.botframework.com emma-content-aggregates-prd.s3.amazonaws.com maxcdn.bootstrapcdn.com assets.calendly.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net d3gxy7nm8y4yjr.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions googleads.g.doubleclick.net signup.e2ma.net connect.facebook.net ajax.googleapis.com www.google.com *.ibytedtos.com *.instagram.com linkhelp.clients.google.com cse.google.com www.google.com/cse/static www.googleadservices.com *.google-analytics.com www.googletagmanager.com www.gstatic.com embed.idonate.com code.jquery.com *.ocelotbot.com www.recaptcha.net sc-static.net tagboard.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com platform.twitter.com *.twimg.com *.ttwstatic.com *.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; style-src 'self' 'unsafe-inline' *.newpaltz.edu maxcdn.bootstrapcdn.com cdnjs.cloudflare.com static-cdn.e2ma.net necolas.github.io www.google.com fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net *.ocelotbot.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com platform.twitter.com *.twimg.com *.technolutions.net; frame-ancestors 'self' https://admissions.newpaltz.edu; upgrade-insecure-requests; 1
font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; script-src 'self' https://heatmaps.monsido.com https://*.google-analytics.com https://*.googletagmanager.com cdnjs.cloudflare.com https://app-script.monsido.com https://cdn.jsdelivr.net https://polyfill.io https://unpkg.com translate.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://heatmaps.monsido.com https://*.googletagmanager.com https://*.google-analytics.com cdnjs.cloudflare.com https://app-script.monsido.com https://cdn.jsdelivr.net https://polyfill.io https://unpkg.com translate.google.com; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-ancestors 'self' 1
frame-ancestors https://*.nbatopshot.com https://ts-generator.mychainapp.com; script-src 'nonce-MTAxLDEyNiwxNDEsMTUxLDE2MSwyMDMsMTEsMTI3LDI3LDgwLDgwLDIzNiw0MiwxNjAsMTAyLDMyLDE2LDExOSwxMzksMTI4LDIxNSwyMjIsMzQsMTIzLDE4OCwzNCw0NywxNjIsMTAyLDI5LDg2LDIxNA==' 'self' 'strict-dynamic' 'unsafe-inline' https: 1
base-uri 'none'; object-src 'none'; script-src 'nonce-2UpSpMMVIAKhM3a1mHxM_OQcjLBAikiR3-i-_5Fn1wiBdcXdx8OPwfvq0GF6ux_t' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
base-uri 'none'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' blob: https://stackpath.bootstrapcdn.com https://ajax.googleapis.com https://pro.fontawesome.com https://code.jquery.com https://cdnjs.cloudflare.com https://c0.froala.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net; object-src 'none'; upgrade-insecure-requests 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://8yynxtj7.uriports.com/reports/report; report-to default; block-all-mixed-content; 1
frame-ancestors 'self' https://vibe.us https://*.vibe.us; 1
frame-ancestors 'self' https://www.iobeducacao.com 1
frame-ancestors 'self' uberall.com uberall-live.sentree.io; 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
base-uri https://*.rozee.pk 1
default-src 'self'; font-src * data:; frame-ancestors 'self'; connect-src *; frame-src 'self' https://widget.stackla.com https://hosted.where2getit.com https://*.doubleclick.net https://insight.adsrvr.org https://*.pinterest.com; img-src * data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.dotomi.com https://connect.facebook.net https://contentz.mkt932.com https://app.everviz.com https://code.highcharts.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://*.pages03.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dotomi.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://*.pages03.net;  style-src-elem 'self' 'unsafe-inline' *;  style-src 'self' 'unsafe-inline' *; 1
frame-ancestors 'self' pluralsight.com pluralsight.highspot.com; 1
frame-ancestors 'self' https://enterprisecarsales.my.salesforce.com https://login.salesforce.com https://enterprisecarsales.lightning.force.com 1
frame-ancestors *.nvenergy.com *.bidgely.com *.ecofactor.com *.ecobee.com *.cleanpowerdemo.com file://* 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net aax-eu.amazon-adsystem.com bat.bing.com s.amazon-adsystem.com *.amazon-adsystem.com lo.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com *.mcmprod.hsbc.co.uk ssl.google-analytics.com www.firstdirect.com t.contentsquare.net app.contentsquare.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org cliveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.vjs.zencdn.net www.mcmprod.hsbc.co.uk cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk *.appdynamics.com *.we-stats.com bat.bing.com *.siteintercept.qualtrics.com adservice.google.com www.facebook.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.brightcovecdn.com www.google.com www.firstdirect.com www.googletagmanager.com ad.doubleclick.net cdnbc-wup.firstdirect.com *.analytics.google.com akamai.tiqcdn.com www.google-analytics.com collect.tealiumiq.com r.contentsquare.net c.contentsquare.net analytics.google.com *.mcmprod.hsbc.co.uk *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.qualtrics.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net translate.googleapis.com lpcdn.lpsnmedia.net stats.g.doubleclick.net www.google.co.uk cdn-assets-prod.s3.amazonaws.com k-aeu1.contentsquare.net *.customers.biocatch.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net cdntm.firstdirect.com www.facebook.com www.youtube.com 8071237.fls.doubleclick.net *.demdex.net *.walkme.com liveperson.com *.qualtrics.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com *.online-metrix.net analytics.tiktok.com; frame-ancestors 'self' www.firstdirect.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com; worker-src 'self' blob: *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com manifest.prod.boltdns.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'unsafe-eval' 'unsafe-inline' * data: 1
report-uri https://identity.tescobank.com/afm/cspReport/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com ; style-src 'self' 'unsafe-inline' *.googleapis.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.kampyle.com ; img-src 'self' data: blob: * ; child-src 'self' blob: ; font-src 'self' data: * ; connect-src 'self' bam-cell.nr-data.net *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com  *.tiles.mapbox.com api.mapbox.com events.mapbox.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com ; frame-src 'self' *.trustpilot.com *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net *.vo.msecnd.net service.maxymiser.net p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net ; frame-ancestors 'self' *.tescobank.com ; object-src 'self' *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net; media-src 'self' apps.commbox.io ; 1
script-src 'sha256-RpUAolVLcaE2yyLxfMJ9dAQ90ClRpWe+Juis/uNxNe4=' 'nonce-GMdae3F7UcNzllMrH31X2w==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://cdn.st-note.com https://polyfill.io https://www.googletagmanager.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com/firebasejs https://*.facebook.net https://*.instagram.com https://platform.twitter.com https://*.twimg.com cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.flickr.com https://*.mul-pay.jp https://stage-travel.fraudprevention.jp https://travel.fraudprevention.jp https://www.datadoghq-browser-agent.com http://cloudfront.loggly.com https://*.canva.com https://*.ttwstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.kurashiru.com/ https://cdn2.hubspot.net https://*.hubspot.com https://*.hubspotusercontentxx.net https://*.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://static.ads-twitter.com https://static.paypay.ne.jp; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src cdn.bookboon.io minio.stage.bookboon.io *.omappapi.com *.google-analytics.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ blob: 'unsafe-eval' 'unsafe-inline' 'self'; style-src *.googleapis.com *.omappapi.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com blob: 'unsafe-inline' 'self'; img-src bookboon.com boont.co www.gravatar.com *.omappapi.com *.visualwebsiteoptimizer.com chart.googleapis.com www.google.co.uk www.google.com wingify-assets.s3.amazonaws.com staging.covergenerator.stage.bookboon.io staging.action-receiver.stage.bookboon.io data: 'self'; connect-src boont.co sentry.bookboon.io stream.bookboon.com *.stripe.com staging.argus.stage.bookboon.io wss://bookboon.com *.omappapi.com *.google-analytics.com *.visualwebsiteoptimizer.com *.doubleclick.net app.vwo.com 'self'; font-src 'self' https://fonts.gstatic.com https://a.omappapi.com data:; media-src stream.bookboon.com *.content.bookboon.com content.bookboon.com minio.stage.bookboon.io staging.argus.stage.bookboon.io blob: 'unsafe-inline' 'self'; frame-src *.stripe.com https://www.google.com/recaptcha/ https://a.omappapi.com app.vwo.com *.visualwebsiteoptimizer.com 'self'; child-src blob: 'self'; worker-src blob: 'self'; frame-ancestors ; report-uri https://sentry.bookboon.io/api/2/security/?sentry_key=a9cb61f0b4d1404cbef0284b913d154c&sentry_environment=production&sentry_release=premium@v3.14.1; 1
default-src 'self' xmpp.org; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; connect-src 'self'; object-src 'self'; child-src 'self' xmpp-office-hours.netlify.app; frame-src 'self' xmpp-office-hours.netlify.app; worker-src 'none'; frame-ancestors 'self'; form-action 'self' xmpp-office-hours.netlify.app; upgrade-insecure-requests; block-all-mixed-content 1
upgrade-insecure-requests; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google-analytics.com ajax.googleapis.com z.moatads.com *.addthis.com *.addthisedge.com code.jquery.com statistika.rik.ee; media-src 'self' www2.rik.ee; frame-src 'self' www.cvkeskus.ee s7.addthis.com www2.just.ee www.youtube.com; img-src 'self' data: www.google-analytics.com www2.rik.ee; style-src 'unsafe-inline' 'self'; font-src 'self'; connect-src 'self' *.addthis.com statistika.rik.ee; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; connect-src https: wss: blob:; img-src https: data: blob:; media-src https: blob:; worker-src blob: https:; font-src https: data:; base-uri 'none'; frame-ancestors 'none'; 1
default-src 'self' https://pretix.eu https://static.pretix.space; script-src  'self' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io; connect-src 'self' https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.space; media-src 'self' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space; form-action 'self' https: https://pretix.eu 1
base-uri 'self';connect-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com https://api.spotify.com https://api.found.ee https://api.recurly.com https://stckjs.stackify.com https://rum.stackify.com *.cookieyes.com cdn-cookieyes.com;default-src 'self' https://api.recurly.com;font-src 'self' https://*.hearnow-cdn.com fonts.gstatic.com;form-action 'self' https://auth.cdbaby.com;frame-src 'self' site-stats.hearnow.com mailto: https://open.spotify.com https://accounts.spotify.com https://api.recurly.com;img-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com data: https://open.scdn.co https://www.gstatic.com cdn-cookieyes.com;media-src 'self' content.cdbaby.com;object-src 'none';script-src 'self' 'nonce-TKQyV8oJYx6zI2Lj0W8T4TaU0c9QPkFJ' https://*.hearnow-cdn.com site-stats.hearnow.com https://found.ee/dmp/pixel.js https://*.adnxs.com https://api.recurly.com https://js.recurly.com https://stckjs.stackify.com cdn-cookieyes.com;style-src 'self' 'unsafe-inline' https://*.hearnow-cdn.com https://api.recurly.com https://js.recurly.com fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.admin.ch https://*.ch.ch https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://*.admin.ch https://*.ch.ch https://fonts.googleapis.com; object-src 'none'; base-uri 'self' *.ch.ch; connect-src 'self' https://webstats.ch.ch; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.admin.ch https://*.ch.ch https://www.youtube.com; img-src 'self' https://*.admin.ch https://*.ch.ch data: https://livingdocs-ch-ch-prod.imgix.net; manifest-src 'self'; media-src 'self'; worker-src 'none' 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src *; frame-src *; media-src https://videos.ctfassets.net/ https://media.elo.com.br 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com http://xyz.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; frame-ancestors 'self' https://admin.unicef-irc.org 1
default-src 'self' https://*.expireddomains.net; style-src 'self' 'unsafe-inline' https://*.expireddomains.net; script-src 'self' 'unsafe-inline' https://*.expireddomains.net; object-src 'none'; base-uri 'none'; 1
default-src 'self' *.autocheck.com  bcove.video players.brightcove.net *.youtube.com *.gstatic.com *.google.com h.online-metrix.net bat.bing.com *.cloudfront.net sp.analytics.yahoo.com autocheck.vast.com *.hotjar.com *.yimg.com  *.optimost.com secure.statcounter.com *.doubleclick.net secure.statcounter.com *.salesforceliveagent.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.experian.com *.googleapis.com fonts.gstatic.com *.techvalidate.com *.demdex.net *.cloudflare.com *.bootstrapcdn.com  *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; img-src * object-src data: 'unsafe-eval' 1
frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.fi https://analytics.prod.nntech.io https://analytics.nordnet.fi https://cdn.prod.nntech.io https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google-analytics.com https://adservice.google.com https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.fi; img-src 'self' https://analytics.prod.nntech.io https://analytics.nordnet.fi https://cdn.prod.nntech.io data: blob: https://www.google-analytics.com https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://www.googletagmanager.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blogi.nordnet.fi; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-e84e3e97-ac84-45d1-9b8f-02e780811eb5' https://analytics.prod.nntech.io https://analytics.nordnet.fi https://cdn.prod.nntech.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com; 1
frame-ancestors https://mc.yandex.ru 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pinterest.com https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com https://ghirardelli.slgnt.us https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://optmize.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://www.upsellit.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com landofcoder.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com landofcoder.com https://cdn.linkedin.oribi.io https://vc.hotjar.io *.ghirardelli.com *.hotjar.io *.bing.com ws.hotjar.com wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-ancestors 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com 1
frame-ancestors 'self' https://www.koneko-breeder.com; 1
default-src 'self' data: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cloudflare.com *.youtube.com *.google-analytics.com; style-src 'self' 'unsafe-inline' https: *.googleapis.com *.gstatic.com *.cloudflare.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.fontawesome.com; frame-src http: https: *.facebook.com; 1
frame-ancestors 'self' lhg.hubwoo.com saparp.prd.corp; 1
form-action 'self' hooks.zapier.com/hooks www.facebook.com/tr/; frame-ancestors 'self' *.forthepeople.com forthepeople.korbyt.com http://localhost:8000; default-src 'self'; child-src 'self' blob:; connect-src 'self' *.ampproject.net *.clarity.ms *.visualwebsiteoptimizer.com 48879.tctm.co a.omappapi.com/ adservice.google.com alpixtrack.com analytics.tiktok.com api.omappapi.com/ api.userway.org api.wistia.com apollo.forthepeople.com/ apollo-v2.forthepeople.com/ *.apollo.forthepeople.com/ bam.nr-data.net bat.bing.com boards-api.greenhouse.io/ cdn.ampproject.org cdn77.api.userway.org/api/ cdn.userway.org cdn77.api.userway.org/api/ cdn.cookielaw.org ct.pinterest.com/md/ ct.pinterest.com/user/ d.adroll.com data.nudgify.com/ dev.visualwebsiteoptimizer.com distillery.wistia.com embed-cloudfront.wistia.com embed-fastly.wistia.com evnt.byspotify.com fast.wistia.com fast.wistia.net embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io geolocation.onetrust.com hooks.zapier.com lambdas.api.forthepeople.com/serviceproxy n2.mouseflow.com pipedream.wistia.com pixel.nudgify.com platform.twitter.com s.yimg.com/wi/ stats.g.doubleclick.net tn.alphonso.tv/ad/ tags.srv.stackadapt.com utils.api.forthepeople.com wss://va.msg.liveperson.net/ws_api/account/ www.facebook.com/tr/ www.google.com www.google-analytics.com www.googletagmanager.com z.omappapi.com/ analytics.google.com forthepeople.containers.piwik.pro forthepeople.piwik.pro conoret.com cdn.linkedin.oribi.io 98ftn8ihml.execute-api.us-east-1.amazonaws.com/prod/track jri8b0auwh.execute-api.us-east-1.amazonaws.com/staging/track; font-src 'self' data: a.omappapi.com/ cdn.userway.org fast.wistia.com fonts.googleapis.com fonts.gstatic.com use.typekit.net static.forthepeople.com; frame-src 'self' *.ampproject.net 20830350p.rfihub.com ambassadors.staging.forthepeople.com amp.onetrust.mgr.consensu.org apollo.forthepeople.com/ apollo-v2.forthepeople.com app.vwo.com calendly.com cdn.cookielaw.org cdn.userway.org e.issuu.com fast.wistia.net forthepeople920.outgrow.us html5-player.libsyn.com insight.adsrvr.org lpcdn.lpsnmedia.net platform.twitter.com static.addtoany.com tpc.googlesyndication.com va.idp.liveperson.net va.msg.liveperson.net va.msghist.liveperson.net www.facebook.com www.googletagmanager.com www.pinterest.com www.youtube.com www.youtube-nocookie.com td.doubleclick.net evaluation.forthepeople.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' blob: data: embed-cloudfront.wistia.com embed-fastly.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com lpcdn.lpsnmedia.net/le_unified_window/; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms 100002515.collect.igodigital.com/collect.js 48879.tctm.co a.omappapi.com/ ads.nextdoor.com/public/pixel/ndp.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js analytics.tiktok.com app.vwo.com assets.calendly.com/assets/external/widget.js attorneys.findlaw.com/flt/flt.js apollo.forthepeople.com apollo-v2.forthepeople.com bam.nr-data.net bat.bing.com c1.rfihub.net/js/tc.min.js cdn.ampproject.org cdn.cookielaw.org cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/js/bootstrap.bundle.min.js cdn.krxd.net/controltag/tlu3j2nkg.js cdn.mouseflow.com/projects/46b146ea-d195-492b-906b-a2a8ba5a8cea.js cdn.userway.org cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js collector-8551.tvsquared.com/tv2track.js collector-8688.tvsquared.com/tv2track.js connect.facebook.net dev.visualwebsiteoptimizer.com dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js fast.wistia.com fast.wistia.net geolocation.onetrust.com i.simpli.fi/p js.adsrvr.org js.alpixtrack.com/alphpixel.js js-agent.newrelic.com maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js pix.cadent.tv pixel.convertize.io pixel.nudgify.com/pixel.js platform.twitter.com rules.quantcount.com/rules-p-qPTyA_jaKmX1m.js d.adroll.com s.adroll.com s.pinimg.com/ct/ s.yimg.com/wi/ secure.quantserve.com/quant.js snap.licdn.com/li.lms-analytics/insight.min.js static.addtoany.com static.ads-twitter.com/uwt.js static.forthepeople.com tpc.googlesyndication.com tag.simpli.fi tags.srv.stackadapt.com tn.alphonso.tv/ad/ unpkg.com/quicklink@1.0.1/dist/quicklink.umd.js www.blockwords.biz/static/conversions.js www.dwin1.com www.google-analytics.com/analytics.js www.google.com www.googleadservices.com/pagead/ www.googletagmanager.com www.wordontheblock.com/static/conversions.js www.youtube.com www.gstatic.com/_/bmsdk/ www.redditstatic.com/ads/pixel.js businessmessages.google.com/widget/v2/js accdn.lpsnmedia.net/api/account/61236843/ lpcdn.lpsnmedia.net/le_re/ lptag.liveperson.net/tag/tag.js lptag.liveperson.net/lptag/api/account/61236843/configuration/applications/taglets/.jsonp lpcdn.lpsnmedia.net/le_unified_window/ lpcdn.lpsnmedia.net/le_secure_storage/ publisher.liveperson.net/device-detection/script.js static.cdn-apple.com/businesschat/start-chat-button/ va.v.liveperson.net/api/js/ googleanalytics.com googleoptimize.com optimize.google.com cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js forthepeople.containers.piwik.pro forthepeople.piwik.pro conoret.com pixel.byspotify.com/ping.min.js; style-src 'report-sample' 'self' 'unsafe-inline' app.vwo.com a.omappapi.com/ apollo.forthepeople.com/ apollo-v2.forthepeople.com cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/css/bootstrap.min.css cdn.userway.org fast.wistia.com fonts.googleapis.com p.typekit.net/ static.forthepeople.com tags.srv.stackadapt.com use.typekit.net/ www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self';                    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com/ https://www.maplesoft.com/JS/hbx.js https://platform.twitter.com/ https://us-serve.nrich.ai/ https://us-tag.nrich.ai/ https://apis.google.com/ https://static.ads-twitter.com https://connect.facebook.net https://assets.adobedtm.com/      https://www.googletagmanager.com/ https://www.google-analytics.com/  https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://j.6sc.co/ https://bat.bing.com/ https://snap.licdn.com/ https://www.googleadservices.com/      https://secure.quantserve.com/ https://rules.quantcount.com/     https://scripts.demandbase.com/ https://api.company-target.com/ https://cdn.tt.omtrdc.net https://maplesoftinc.tt.omtrdc.net/ https://code.jquery.com https://dpm.demdex.net/      https://googleads.g.doubleclick.net/ https://tag.demandbase.com/ https://maple.cloud/ https://www.mapleprimes.com/     https://www.maplesoft.com/ https://use.fontawesome.com/ https://code.jquery.com/ https://reports.hrmdirect.com/      https://s3.amazonaws.com/;                   connect-src 'self' https://maplesoftinc.tt.omtrdc.net/ https://px.ads.linkedin.com/ www.google-analytics.com https://stats.g.doubleclick.net/ https://c.6sc.co/ https://ipv6.6sc.co/ https://epsilon.6sense.com/ https://dpm.demdex.net/ https://google.com/      https://dpm.demdex.net/ https://api.company-target.com      https://www.facebook.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://maplesoftcom.112.2o7.net/ https://analytics.google.com/ https://bat.bing.com/ https://pagead2.googlesyndication.com/;     img-src 'self' https://www.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://us-tag.nrich.ai/ www.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com/ https://bat.bing.com/ https://pixel.quantserve.com https://b.6sc.co      https://www.google.com https://www.google.ca              https://cm.everesttech.net/ https://maplesoftcom.112.2o7.net/ https://maplesoft.112.2o7.net/ https://id.rlcdn.com/ https://www.maplesoft.com/     https://segments.company-target.com/      https://www.gravatar.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/     https://code.jquery.com/ https://www.linkedin.com/ https://image.e.maplesoft.com/ https://image.s4.exct.net/      https://syndication.twitter.com/ https://s-static.ak.facebook.com/ https://www.googletagmanager.com/;                     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.googleapis.com/  https://cdnjs.cloudflare.com/ https://use.fontawesome.com/          https://code.jquery.com https://www.mapleprimes.com/ https://www.maplesoft.com/ https://code.jquery.com/ https://reports.hrmdirect.com/ https://d22hhoe037sl7u.cloudfront.net/;          base-uri 'self';                   object-src 'none';                   font-src 'self' https://fonts.googleapis.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/;          frame-src 'self' https://bid.g.doubleclick.net/ https://www.youtube.com/ https://www.facebook.com/ https://youtube.com/ https://maplesoft.demdex.net/ https://maplesoft.hrmdirect.com/ https://cdn.knightlab.com/ https://api.linktexting.com/ https://talent.sage.hr/          https://s.company-target.com/ https://segments.company-target.com/ https://platform.twitter.com/ https://apis.google.com/ https://accounts.google.com/ https://developers.google.com/ http://developers.google.com https://td.doubleclick.net/;     media-src 'self' http://media.maplesoft.com.s3.amazonaws.com/ https://media.maplesoft.com https://media.maplesoft.com.s3.amazonaws.com/; 1
default-src 'unsafe-inline' *.akstat.io *.go-mpulse.net 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://region1.analytics.google.com https://*.analytics.google.com https://*.google.pt https://*.gstatic.com https://yoast.com https://*.googleapis.com https://*.google-analytics.com https://*.gravatar.com https://*.youtube.com https://*.ytimg.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.go-mpulse.net https://*.cookielaw.org https://*.onetrust.com https://*.typeform.com https://*.branch.io https://app.link https://*.e-goi.com https://*.egoiapp2.com https://egoiapp2.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://stats.g.doubleclick.net https://*.scorecardresearch.com https://*.akstat.io https://*.akamaihd.net https://*.holdonstranger.com https://*.smartlook.com https://*.smartlook.cloud https://pingodoce.pt https://www.pingodoce.pt 1
default-src 'none'; frame-ancestors 'self'; font-src data: https://doublethedonation.com https://fonts.gstatic.com https://fonts.googleapis.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com; img-src 'self' blob: data: *.medium.com https://unsplash.it https://doublethedonation.com assets.tiltify.com site-assets.tiltify.com https://assets.tiltify.com *.bonfireassets.com *.paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://static-cdn.jtvnw.net *.yt-img.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://doublethedonation.com https://js.stripe.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com *.freshdesk.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com *.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://static-na.payments-amazon.com https://widget.freshworks.com; style-src 'self' 'unsafe-inline' *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://doublethedonation.com https://fonts.googleapis.com https://widget.freshworks.com; connect-src 'self' *.amazon.com https://doublethedonation.com *.freshdesk.com *.googleapis.com https://site-search.tiltify.com *.tiltify.com tiltify.com assets.tiltify.com site-assets.tiltify.com wss://websockets.tiltify.com https://locale.tiltify.com https://sentry.io https://api.stripe.com https://cdn.optimizely.com https://www.google-analytics.com https://widget.freshworks.com *.paypal.com; frame-src 'self' https://rumble.com *.amazon.com *.payments-amazon.com *.facebook.com *.twitch.tv https://js.stripe.com https://hooks.stripe.com https://player.twitch.tv https://www.google.com https://www.youtube.com *.paypal.com https://www.paypalobjects.com; manifest-src *.tiltify.com site-assets.tiltify.com https://assets.tiltify.com 1
frame-ancestors https://*.unive.nl; object-src 'none' 1
frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws; report-to csp-report; report-uri https://services.webjet.com.au/api/logger/log/platform/policy-csp 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ga.js https://chat.moloni.pt https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://translate.googleapis.com/_/translate_http/_/js/ https://clarity.ms https://www.googletagmanager.com/gtag/js https://translate-pa.googleapis.com/v1/ https://www.googleadservices.com/pagead/conversion.js https://td.doubleclick.net/ https://ssl.google-analytics.com/ga.js https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://cdn.wootric.com/wootric-sdk.js https://www.googleadservices.com/pagead/conversion/ https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/vt https://google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.moloni.pt https://www.gstatic.com;object-src 'none';base-uri 'self';connect-src 'self' https://127.0.0.1:5080/ https://moloniprint.com https://*.moloniprint.com https://*.moloniprint.com:5080/ https://bat.bing.com https://chat.moloni.pt https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://www.google.pt https://y.clarity.ms https://google.com/pagead/ https://google.com/ccm/ https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://eligibility.wootric.eu/eligible.json https://app.wootric.eu/surveys https://app.wootric.eu/responses https://maps.googleapis.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://chat.moloni.pt https://www.google.com https://td.doubleclick.net/ https://www.youtube.com/;img-src * 'self' data: https://www.google-analytics.com https://bat.bing.com https://c.clarity.ms https://chat.moloni.pt https://fonts.gstatic.com https://moloni.pt https://www.google.com https://www.google.pt https://www.googletagmanager.com https://www.gstatic.com https://www.moloni.pt https://translate.googleapis.com/translate_static/ https://translate.google.com/ https://stats.g.doubleclick.net/r/collect/ https://maps.googleapis.com https://maps.gstatic.com *.ggpht.com;media-src 'self' https://www.moloni.pt 1
default-src *; style-src 'self' *.vica.gov.sg assets.wogaa.sg assets.juicer.io va.ecitizen.gov.sg fonts.googleapis.com *.onemap.sg unpkg.com www.google.com 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; script-src 'self' *.vica.gov.sg assets.wogaa.sg assets.juicer.io assets.adobedtm.com s7.addthis.com va.ecitizen.gov.sg https://www.google-analytics.com/analytics.js v1.addthisedge.com *.addthis.com z.moatads.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js *.onemap.sg fontawesome www.gstatic.com gstatic.com https://kit.fontawesome.com/7329f83c99.js https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js  https://www.gstatic.com/recaptcha/releases/r8jtf1oixV0IGff4hgB4EzDF/recaptcha__en.js https://www.google-analytics.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://google-analytics.com unpkg skyrisegreenery ajax.googleapis.com connect.facebook.net graph.facebook.com imaven.nparks.gov.sg assets.adobedtm.com maps.googleapis.com cdnjs.cloudflare.com *.google.com google.com www.google.com *.wogaa.sg 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com 'unsafe-inline';font-src * 'self' static.juicer.io assets.wogaa.sg fonts.gstatic.com data:;img-src * 'self' data: 1
frame-ancestors 'self' https://film.oslomet.no; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.oslomet.no https://siteimproveanalytics.com blob:; img-src 'self' https://api.oslomet.no https://*.siteimproveanalytics.io data:; form-action 'self' https://api.oslomet.no https://bibsys-almaprimo.hosted.exlibrisgroup.com; upgrade-insecure-requests; object-src 'none' 1
default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org; style-src 'self' 'nonce-8Jhw1Lzp' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://o4504927879692288.ingest.sentry.io; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://baraag.net; img-src 'self' https: data: blob: https://baraag.net; style-src 'self' https://baraag.net 'nonce-mza/Z9+F6niMt1J5GeZ3rg=='; media-src 'self' https: data: https://baraag.net; frame-src 'self' https:; manifest-src 'self' https://baraag.net; form-action 'self'; child-src 'self' blob: https://baraag.net; worker-src 'self' blob: https://baraag.net; connect-src 'self' data: blob: https://baraag.net https://media.baraag.net wss://baraag.net; script-src 'self' https://baraag.net 'wasm-unsafe-eval' 1
script-src 'self' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdn.jsdelivr.net/npm/mathjax@3/ https://polyfill.io/v3/;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css; 1
default-src 'self' https://cdn.plaid.com; img-src 'self' blob: data: 'unsafe-eval' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; script-src 'self' 'sha256-0gX7MVaziwZI03OJcsBDa+4aYMci0B1e7aou+pzD0xY=' 'sha256-hiqb4fWCaV08nLFyXSq1oQATiEiYPPt6lh1SN75Sm/A=' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws: https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; frame-src 'self' blob: data: https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; frame-ancestors 'self' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io; prefetch-src https://cdn.plaid.com; object-src https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub303d2111d8dad5ce8c6ac15b1141002d&dd-evp-origin=content-security-policy&ddsource=cf-csp-header&ddtags=service%3Acsp%2Cenv%3Aprod 1
default-src 'none' ; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://kit.fontawesome.com https://princestrust.widget.custhelp.com https://js.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://app.termly.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://snap.licdn.com https://s7.addthis.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.silktide.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://www.rnengage.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://princestrust.widget.custhelp.com; img-src 'self' data: https://www.linkedin.com https://downloads.ctfassets.net https://images.ctfassets.net https://downloads.ctfassets.net https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://www.google.co.uk https://www.google.co.in https://www.google.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.rnengage.com; font-src 'self' data: https://fonts.gstatic.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com; connect-src 'self' https://candidateportal.princestrust.org.uk https://pagead2.googlesyndication.com https://graphql.contentful.com https://downloads.ctfassets.net https://images.ctfassets.net https://ka-p.fontawesome.com https://api.stripe.com https://drzyrklbmz-dsn.algolia.net https://drzyrklbmz-1.algolianet.com https://drzyrklbmz-2.algolianet.com https://drzyrklbmz-3.algolianet.com https://maps.googleapis.com https://fonts.gstatic.com https://analytics.google.com https://app.termly.io https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://vc.hotjar.io https://a.eu.silktide.com wss://ws.hotjar.com https://content.hotjar.io https://princestrust-opa--uat.custhelp.com https://princestrust--uat.custhelp.com https://princestrust-opa.custhelp.com https://js.stripe.com https://px.ads.linkedin.com; frame-src https://www.google.com https://princestrust-opa--uat.custhelp.com https://princestrust-opa.custhelp.com https://princes-trust-digital.co.uk https://js.stripe.com https://hooks.stripe.com https://partner-tools.moneyadviceservice.org.uk https://r1.dotdigital-pages.com https://www.youtube.com https://*.doubleclick.net https://www.getmyfirstjob.co.uk  https://app.termly.io https://www.facebook.com/; 1
default-src	'self'; script-src	'self' 'unsafe-inline'	https://*.adobe.com	https://*.demdex.net	https://*.licdn.com	https://*.onetrust.com	https://*.sapcai.eu10.hana.ondemand.com	https://*.clarity.ms	https://assets.adobedtm.com	https://assets.braintreegateway.com	https://bat.bing.com/	https://c.bing.com	https://cdn.cookielaw.org	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net	https://connect.facebook.net	https://dc.ads.linkedin.com/	https://googleads.g.doubleclick.net	https://gw.linkedin.oribi.io/	https://js.adsrvr.org	https://js.braintreegateway.com	https://maps.googleapis.com	https://sjs.bizographics.com/	https://www.google-analytics.com	https://www.google.co.uk	https://www.google.com/recaptcha/	https://www.google.com	https://www.google.de	https://www.google.es	https://www.google.fr	https://www.google.it	https://www.googleadservices.com	https://www.googletagmanager.com	https://www.gstatic.com/recaptcha/	https://www.mann-filter.com	https://www.mann-hummel.com	https://www.youtube.com/	https://www2.mann-hummel.com	; style-src	'self' 'unsafe-inline'	https://assets.braintreegateway.com	https://cloud.typography.com	https://fonts.googleapis.com	https://www.mann-hummel.com	https://www2.mann-hummel.com	; connect-src	'self'	https://*.112.2o7.net	https://*.adobe.com	https://*.braintree-api.com	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net	https://*.mann-hummel.com	https://*.omtrdc.net	https://*.onetrust.com	https://airfiltration.mann-hummel.com/	https://api.braintreegateway.com	https://api.sandbox.braintreegateway.com	https://assets.adobedtm.com	https://c.bing.com	https://cdn.cookielaw.org	https://cdn.linkedin.oribi.io/	https://client-analytics.braintreegateway.com	https://client-analytics.sandbox.braintreegateway.com	https://cm.everesttech.net	https://dc.ads.linkedin.com/	https://filtron.eu/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tridim.mann-hummel.com/	https://www.facebook.com	https://www.google-analytics.com	https://www.mann-filter.com/	https://www.purolatornow.com/	; font-src	data:	https://fonts.gstatic.com	; img-src	'self' data:	https://*.112.2o7.net	https://*.adobe.com	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net	https://*.doubleclick.net	https://*.ggpht.com	https://*.google.com/	https://*.google.de/	https://*.googleapis.com	https://*.omtrdc.net	https://ad.doubleclick.net	https://ade.googlesyndication.com	https://assets.adobedtm.com	https://assets.braintreegateway.com	https://bat.bing.com/	https://c.bing.com	https://cdn.cai.tools.sap	https://cdn.cookielaw.org	https://cm.everesttech.net	https://googleads.g.doubleclick.net	https://i.ytimg.com	https://maps.gstatic.com	https://p.adsymptotic.com	https://px.ads.linkedin.com	https://px.ads.linkedin.com	https://px4.ads.linkedin.com	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://www.facebook.com	https://www.google.co.uk	https://www.google.es	https://www.google.fr	https://www.google.it	https://www.googletagmanager.com	https://www.linkedin.com/px/	https://www.mann-hummel.com	https://www2.mann-hummel.com	; form-action	'self'	https://www.facebook.com	; frame-src	'self'	https://*.adobe.com	https://*.adsrvr.org	https://*.assetsadobe.com	https://*.demdex.net	https://*.doubleclick.net	https://*.sapcai.eu10.hana.ondemand.com	https://*.scene7.com	https://assets.braintreegateway.com	https://bid.g.doubleclick.net	https://cdn.linkedin.oribi.io/	https://cloud.mann-hummel-filtration.com	https://dc.ads.linkedin.com/	https://fordapollo.tridim.com	https://gw.linkedin.oribi.io/	https://insight.adsrvr.org	https://master.d3m3i5dxe4ich2.amplifyapp.com/AirQuality	https://products.oltremaremembrane.com/	https://recaptcha.google.com/recaptcha/	https://sjs.bizographics.com/	https://www.facebook.com	https://www.google.com/recaptcha/	https://www.mann-hummel.com	https://www.tridim.com	https://www.youtube-nocookie.com	https://www.youtube.com	https://www2.mann-hummel.com	; child-src	https://assets.braintreegateway.com	; base-uri	'self'	https://www2.mann-hummel.com	; frame-ancestors	'self'	https://inevent.uk/	https://www.mann-hummel-events.com/	; object-src 'none'; worker-src 'self' blob: ; upgrade-insecure-requests 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ZmRkMGQwNGMtYTA1My00Yzk2LWIzMDMtYWY2ZGYxNjhjYjFl'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' *.logos.co *.status.im *.status.app; connect-src 'self' *.logos.co *.status.im *.status.app *.codex.storage; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' fathom.status.im unpkg.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' *.status.im data: statusim.bamboohr.com; font-src 'self' *.logos.co *.status.im *.status.app fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net; frame-src *.logos.co *.status.im *.status.app www.youtube.com *.chromatic.com; frame-ancestors 'self' jobs.status.im; 1
script-src 'self' 'nonce-ogdp789123678' platform.twitter.com www.google-analytics.com niccicms.raj.nic.in; 1
: default-src 'self'; frame-ancestors 'self'; 1
frame-ancestors * ; 1
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5798828/security/?sentry_key=ac906e87ddd941c9b53b79979268ec17; report-to csp-endpoint 1
frame-ancestors 'self' enmu.edu *.enmu.edu https://gather.town 1
default-src 'self' adserv.prsa.org *.feathr.co *.prsa.org *.jwp.io *.jwplayer.com *.jwpcdn.com *.google-analytics.com *.jwpsrc.com *.jwpsrv.com *.twitch.tv cdn3.wowza.com player.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.adobe.io *.informz.net wp.prsa.org quiz.tryinteract.com mightstream.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net analytics.google.com cdn.linkedin.oribi.io *.vimeo.com *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.jwplayer.com *.jwpcdn.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com adserv.prsa.org jobs.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.feathr.co *.tickcounter.com *.licdn.com *.jwpsrc.com *.jwpsrv.com cdn1.prsa.org https://jwp.io/ cdn.jwplayer.com player.twitch.tv *.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.youtube.com *.youtube-nocookie.com *.informz.net quiz.tryinteract.com mightstream.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' adserv.prsa.org *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ player.cloud.wowza.com *.twimg.com *.fontawesome.com via.placeholder.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com cdn.prsa.org jwp.io documentcloud.adobe.com *.adobe.com *.youtube-nocookie.com quiz.tryinteract.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; font-src 'self' adserv.prsa.org fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com http://cdn.prsa.org/ https://jwp.io/ whova.com *.cloudfront.net *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com via.placeholder.com adserv.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com *.jwpsrv.com *.jwpltx.com *.feathr.co *.linkedin.com *.adsymptotic.com match.adsrvr.org http://cdn.prsa.org/ https://jwp.io/ documentcloud.adobe.com *.adobe.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; media-src 'self' data: blob: adserv.prsa.org cdn.prsa.org jwp.io cdn.jwplayer.com cdn3.wowza.com whova.com *.cloudfront.net *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; form-action 'self' adserv.prsa.org *.facebook.com *.prsa.org quiz.tryinteract.com whova.com *.cloudfront.net *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com; frame-src 'self' *.youtube.com *.twitter.com https://mightstream.com https://www.mightstream.com https://twitter.com https://jwp.io/ https://cdn.jwplayer.com/ adserv.prsa.org *.jwpsrv.com *.jwplayer.com *.tickcounter.com cdn1.prsa.org cdn2.prsa.org *.facebook.com *.twitch.tv *.adobe.com *.cloud.wowza.com/ wp.prsa.org myprsa.prsa.org quiz.tryinteract.com *.youtube-nocookie.com whova.com *.cloudfront.net *.apple.com *.paypal.com *.paypalobjects.com *.w3.org *.typekit.net *.google.com https://outlook.office365.com netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com *.informz.net *.vimeo.com *.gstatic.com *.googleapis.com *.fontawesome.com 1
connect-src 'self' *; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com cdnjs.cloudflare.com am.miqcommerce.com assets.reflow.tv at.alicdn.com cdn.revjet.com pickdawgz.com res-a.akamaihd.net static3.avast.com use.typekit.net zip.co; frame-src 'self' *; img-src 'self' blob: *; manifest-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com go.metabet.io cdn.foxycart.com content.quantcount.com c.evidon.com assets.a-mo.net c.betrad.com cdn.ctnsnet.com pickdawgz.com *.sportchatplace.com s-static.innovid.com static.adbutter.net; style-src 'self' fonts.googleapis.com go.metabet.io cdn.foxycart.com 'unsafe-eval' 'unsafe-inline' c.evidon.com cdn.ctnsnet.com content.quantcount.com pickdawgz.com *.sportchatplace.com s-static.innovid.com s0.2mdn.net self static.adbutter.net translate.googleapis.com; child-src 'self' *.safeframe.googlesyndication.com js.stripe.com pickdawgz.com *.sportchatplace.com px.owneriq.net tpc.googlesyndication.com www.google.com acdn.adnxs.com aktrack.pubmatic.com s0.2mdn.net warp90.com blob:; form-action 'self' app.convertkit.com pickdawgz.foxycart.com; default-src 'self' js.intercomcdn.com; frame-ancestors 'self'; media-src cdn.airtory.com js.intercomcdn.com swf.mixpo.com; worker-src blob:; object-src 'self'; report-uri https://4b5afe3c61d0173a6908329637ed9a4a.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-inline' *.ttc.ca 'unsafe-eval' https://apps.sitecore.net *.azureedge.net; media-src 'self' data: ; img-src *.ttc.ca *.dmtry.com *.siteimproveanalytics.io *.researchnow.com 'self' data: *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com siteimproveanalytics.io *.windows.net *.clarity.ms *.customsearch.ai *.bing.com  *.cluepixel.com ; style-src 'self' 'unsafe-inline' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.windows.net *.clarity.ms *.customsearch.ai *.bing.com; font-src 'self' 'unsafe-inline' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.windows.net *.clarity.ms *.customsearch.ai *.bing.com; connect-src * ; frame-src 'self' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.triplinx.ca; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com ;upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; object-src data: 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.sumo.com *.google-analytics.com *.newrelic.com *.addtoany.com *.nr-data.net *.facebook.com s3.amazonaws.com *.mailchimp.com *.facebook.net snap.licdn.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com static.ads-twitter.com *.pardot.com *.omappapi.com *.hotjar.com *.hotjar.io *.linkedin.com *.bootstrapcdn.com *.addthis.com *.bing.com *.youtube.com d3js.org *.jsdelivr.net *.cloudflare.com *.omappapi.com *.cloudfront.net *.github.io *.formstack.com *.githubusercontent.com *.documentcloud.org snap.licdn.com *.moatads.com *.securly.com datawrapper.dwcdn.net *.paylocity.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.sumo.com *.google-analytics.com *.newrelic.com *.addtoany.com *.nr-data.net *.facebook.com s3.amazonaws.com *.mailchimp.com *.facebook.net snap.licdn.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com static.ads-twitter.com *.pardot.com *.omappapi.com *.hotjar.com *.hotjar.io *.linkedin.com *.bootstrapcdn.com *.addthis.com  *.youtube.com d3js.org *.jsdelivr.net *.cloudflare.com *.omappapi.com *.cloudfront.net *.github.io immcouncil-data.s3.us-east-2.amazonaws.com *.formstack.com *.githubusercontent.com *.documentcloud.org snap.licdn.com *.moatads.com *.securly.com datawrapper.dwcdn.net *.paylocity.com *.ngpvan.com *.verygoodvault.com *.everyaction.com; object-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn-images.mailchimp.com *.bootstrapcdn.com *.jsdelivr.net *.cloudflare.com *.omappapi.com *.github.io *.cloudfront.net; img-src * data:; media-src * data:; frame-src 'self' *.americanimmigrationcouncil.org *.pantheonsite.io *.linkedin.com *.twitter.com static.ads-twitter.com *.facebook.net *.facebook.com *.googletagmanager.com *.google.com *.googletagmanager.com *.google-analytics.com *.newrelic.com *.addtoany.com *.nr-data.net *.facebook.com s3.amazonaws.com *.hotjar.com *.hotjar.io *.youtube.com *.cloudfront.net immcouncil-data.s3.us-east-2.amazonaws.com *.formstack.com *.documentcloud.org *.addthis.com snap.licdn.com *.moatads.com *.securly.com datawrapper.dwcdn.net *.paylocity.com *.ngpvan.com; font-src 'self' data: fonts.googleapis.com *.google.com fonts.gstatic.com *.bootstrapcdn.com *.jsdelivr.net *.cloudflare.com *.omappapi.com *.facebook.net *.facebook.com *.ngpvan.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.sumo.com *.google-analytics.com *.newrelic.com *.addtoany.com *.nr-data.net *.facebook.com s3.amazonaws.com *.mailchimp.com *.facebook.net snap.licdn.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com static.ads-twitter.com *.pardot.com *.omappapi.com *.hotjar.com *.hotjar.io *.linkedin.com *.bootstrapcdn.com *.addthis.com *.bing.com immcouncil-data.s3.us-east-2.amazonaws.com *.githubusercontent.com *.documentcloud.org snap.licdn.com *.moatads.com *.securly.com datawrapper.dwcdn.net *.paylocity.com *.ngpvan.com *.verygoodvault.com *.everyaction.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.virtual-tables.com https://*.virtualtables.com 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' http://*.pokki.com https://*.pokki.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.pokki.com https://*.pokki.com http://geo.geo-svc.com https://geo.geo-svc.com geo.geo-svc.com/g.js static.cloudflareinsights.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' http://*.pokki.com https://*.pokki.com https://fonts.googleapis.com; object-src 'none'; connect-src http://*.pokki.com https://*.pokki.com cloudflareinsights.com https://cloudflareinsights.com http://geo.geo-svc.com https://geo.geo-svc.com; font-src http://*.pokki.com https://*.pokki.com data: https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net; frame-src 'self' http://*.pokki.com https://*.pokki.com; img-src 'self' data: http://*.pokki.com https://*.pokki.com http://files.sweetlabs.com https://files.sweetlabs.com https://www.gstatic.com; upgrade-insecure-requests; report-uri https://csp.pokki.com 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; default-src https: 1
default-src 'self';img-src 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://*.snb.ch;frame-src 'self' https://*.snb.ch;connect-src 'self' https://analytics.snb.ch;font-src 'self' data: 1
style-src 'self' 'unsafe-inline' https://cmcmarketsinvest.com https://service.force.com *.salesforce.com https://static.lightning.force.com *.my.salesforce-sites.com *.salesforceliveagent.com https://trading.sharetrade.com.au https://fonts.googleapis.com https://*.google-analytics.com; font-src 'self' data: https://cmcmarketsinvest.com fonts.gstatic.com *.sfdcstatic.com cmcmarketsstockbroking.com.au https://*.qantas.com https://fonts.gstatic.com; object-src 'self'; frame-ancestors 'self' https://www.cmcmarketsstockbroking.com.au https://signup.invest.cmcmarkets.com.au https://trading.anzshareinvesting.com.au https://cmcmarketsinvest.com https://www.cmcmarketsinvest.com; report-uri https://report-uri.cmcmarkets.com.au/csp 1
default-src 'self'; connect-src 'self' *.nextinsure.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com; style-src 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' nextinsure.com *.nextinsure.com *.googleapis.com *.bootstrapcdn.com; img-src 'self' www.nextinsure.com nextinsure.com cdn.nextinsure.com imageserver.quinstreet.com data:; style-src-elem * 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2024-01-23 1
frame-ancestors 'self' https://admin.518.com.tw 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
upgrade-insecure-requests; report-uri https://csp.atbaux.com/csp-error;  default-src 'none'; connect-src 'self' https: https://tr.snapchat.com https://www.atb.com/ https://www.facebook.com https://ajax.googleapis.com https://forms.hsforms.com/emailcheck/v1/ https://ct.pinterest.com/md/ https://web-atbva-uat.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-prod.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-uat.k8s-prod-na.finn.ai/subscriptions/finnChat/ https://msg-atbva-prod.k8s-prod-na.finn.ai/subscriptions/finnChat/ wss://msg-atbva-uat.k8s-prod-na.finn.ai/ wss://msg-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-prod.k8s-prod-na.finn.ai/ https://cdn.siteimprove.net https://superscribe.atbaux.com https://api.genesyscloud.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/v2/track https://siteintercept.qualtrics.com https://atb.postclickmarketing.com https://interactive.atb.com https://vimeo.com https://rates.atbaux.com/ https://tags.srv.stackadapt.com/ https://ct.pinterest.com/user/ https://q.quora.com/ https://stats.g.doubleclick.net https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://bat.bing.com https://analytics.google.com https://eu.srv.stackadapt.com https://www.google.ca/ads/ga-audiences https://www.google.com/pagead/landing https://s.yimg.com https://maps.googleapis.com https://api.hubapi.com; base-uri 'none'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action https://www.facebook.com https://tr.snapchat.com https://forms.hsforms.com https://tr.snapchat.com/p https://tr.snapchat.com/cm/i https://feedback.atb.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://cloud.typography.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/styles/styles.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://optimize.google.com/optimize/editor/css/css.css;  script-src 'self' https: https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://optimize.google.com https://www.googleoptimize.com https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/ https://www.google-analytics.com https://tagmanager.google.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://maps.googleapis.com/maps/api/js https://adservice.google.com/ https://adservice.google.com/* https://www.google.com/ads/ga-audiences https://js.hs-scripts.com/4764334.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/ https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/ https://znbd9nr9vkcjqslin-atbfeedback.siteintercept.qualtrics.com https://dl.episerver.net/13.2.4/epi-util/find.js https://js.hs-analytics.net/analytics/1563383400000/4764334.js https://www.workable.com/api/accounts/377831 https://www.workable.com/assets/embed.js https://extend.vimeocdn.com/ga/10780070.js https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://code.jquery.com/jquery-3.4.1.min.js https://sc-static.net/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.youtube.com/s/player/* https://cdn.jsdelivr.net/npm/vue@2.6.10/dist/vue.runtime.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ https://a.quora.com/qevents.js https://tags.srv.stackadapt.com/events.js https://east.srv.stackadapt.com/events.js https://uw.srv.stackadapt.com/events.js https://eu.srv.stackadapt.com/events.js https://platform.twitter.com/oct.js https://static.ads-twitter.com/oct.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://secure.quantserve.com/quant.js https://edge.quantserve.com/quant.js https://js.hs-banner.com https://apply.workable.com https://www.google.com/ads/ga-audiences* https://s.mitaa.io/dtag.min.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.2.min.js http://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/ https://js.hs-banner.com/4764334.js https://bat.bing.com https://clarity.microsoft.com https://9897839.fls.doubleclick.net https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/bundle.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/config.js  https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://siteimproveanalytics.com/js/siteanalyze_77682.js https://siteimproveanalytics.com/ 'sha256-AoNQZpaRmemSTxMy9xcqXX5VLwI6IMPYugO7bFHOW+U=' 'sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=' 'sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=' 'sha256-27gTObPp0STAt+fV8fwrG9pRwkVFaEg7ZHzBv6L0yto=' 'sha256-2bKthQiZc2RXXJ2zuNdQgergsosNJNO0j0pY5/AMUKE=' 'sha256-3ZrSyKXyfCBhxmUPydg8a9mgpCxBzKb9p2d6IFRh3+Q=' 'sha256-kiNksdOX+M4g0/nMTqaTImuB/PHpOdvlQF6VaBmvnoE=' 'sha256-fmBnciP22+IeufKiwett0ScrQcvXA2ltLjO5AkOn/eQ=' 'sha256-GxB2ppK+t1dQ/6WHfZRc7UJL/ct7a59qHKzBE/c1SzE=' 'sha256-kN2TxtGds1lhWybMfEoIXWeS4x4Enya8DiiyBAbeyHs=' 'sha256-olgZwKESUKBk5MwFwAYxCIamu4KAcRjk5VqnZxOlat0=' 'sha256-rXnvrupdVgmIsBg96vSU/gV2uQjZSH3AKma5y9FlGaU='  'nonce-2fJqWwG3ydlK3wBr6GsEhOEZY4pcvYf1gJ9JNSRYnUA='; img-src 'self' data: * https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com;  frame-src https://td.doubleclick.net https://www.facebook.com https://tr6.snapchat.com https://www.pinterest.com https://tr.snapchat.com https://verify.auth.atb.com/ https://verify-uat.auth-dev.atb.com/ https://www.googletagmanager.com https://va.atb.com/ https://virtual-assist-prod.atb.com/ https://virtual-assist-uat.atb.com/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai/ https://identity-prod.auth-dev.atb.com/ https://identity.auth.atb.com/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai/ https://identity-uat.auth-dev.atb.com/ https://8389598.fls.doubleclick.net/ https://www.google.com https://stats.g.doubleclick.net/ https://siteintercept.qualtrics.com/ https://feedback.atb.com/ https://www.youtube.com/ https://player.vimeo.com/ https://atb.postclickmarketing.com/ https://interactive.atb.com/ https://forms.hsforms.com/ https://tr.snapchat.com/ https://www.atbonline.com/ https://app.hubspot.com/ https://9897839.fls.doubleclick.net https://bid.g.doubleclick.net/ https://10829704.fls.doubleclick.net/ https://finn-demo-assets.finn.ai/ https://personal.atb.com/ https://www.pinterest.ca/ https://ct.pinterest.com/ https://optimize.google.com/; manifest-src 'self'; child-src 'none'; object-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://themes.googleusercontent.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://support.ebscohost.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/; connect-src 'self'; child-src 'self' https://google.com https://www.google.com https://www.youtube.com; img-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://calendar.google.com https://www.google.com https://google.com; 1
frame-ancestors 'self', frame-ancestors 'self' 1
frame-ancestors 'self' https://*.spotahome.com https://*.erasmusu.com https://*.erasmusu.net https://erasmusu.com 1
frame-ancestors 'self' *.sartorius.com service.ariba.com www.service.ariba.com s1.ariba.com www.s1.ariba.com service-2.ariba.com www.service-2.ariba.com s1-eu.stc.ariba.com *.ariba.com *.coupa.com *.govsci.com govsci.com *.sciquest.com *.coupahost.com *.coupadev.com *.compute.amazonaws.com *.netsuite.com *.shop.sartorius.com *.shop.sartorius.com.cn; 1
frame-ancestors majestic-files.com *.majestic-files.com package 1
default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu https://*.cookiebot.com tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.trengo.eu https://*.usercentrics.eu https://*.clarity.ms data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu https://*.trengo.eu; frame-src *.youtube-nocookie.com  youtu.be *.vimeo.com *.youtube.com *.twitter.com https://*.cookiebot.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu https://*.knightlab.com; connect-src https://*.usercentrics.eu https://consentcdn.cookiebot.com https://cercador.upc.edu https://stats.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.trengo.eu wss://*.pusher.com *.amazonaws.com https://*.clarity.ms 'self' 1
default-src 'self' *.aimatch.com *.kbps.cz kbps.cz *.googleapis.com *.kbcloud *.youtube.com *.googlesyndication.com *.kb.cz *.kbinfo.cz *.google.com *.google-analytics.com *.aimatch.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.adform.net *.seadform.net *.platform.twitter.com *.seznam.cz *.static.ads-twitter.com *.licdn.com *.linkedin.oribi.io data 'unsafe-inline'; img-src 'self' *.aimatch.com *.kbcloud *.kbinfo.cz *.youtube.com *.googletagmanager.com *.adform.net *.seadform.net *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.google.cz *.seznam.cz *.gstatic.com analytics.twitter.com t.co *.i.ytimg.com *.facebook.com *.google.com *.google-analytics.com *.linkedin.com  maps.gstatic.com maps.googleapis.com *.kb.cz data:; script-src 'self' *.aimatch.com *.kbps.cz kbps.cz *.facebook.net *.static.ads-twitter.com https://static.ads-twitter.com/uwt.js *.googlesyndication.com housing-calculation-fe.fat.hfd.kbcloud *.facebook.com *.doubleclick.net *.googleadservices.com *.seznam.cz https://www.google.com *.google.cz *.googletagmanager.com *.licdn.com *.adform.net *.seadform.net *.platform.twitter.com *.demogram.cz *.kbcloud *.googleapis.com rtp.persoo.ai scripts.persoo.cz *.youtube.com *.kb.cz *.kbinfo.cz *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.aimatch.com *.kbcloud *.cloudflare.com 'unsafe-inline'; worker-src 'self' *.youtube.com *.google.com *.kb.cz blob:; font-src 'self' *.youtube.com *.google.com *.gstatic.com *.kb.cz data:; frame-src 'self' *.youtube.com *.doubleclick.net *.googlesyndication.com *.adform.net *.seadform.net *.kb.cz; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://view.ceros.com/ https://code.jquery.com/ https://builder-assets.unbounce.com/ https://static.hotjar.com https://d34qb8suadcc4g.cloudfront.net/ https://script.hotjar.com/ https://js.driftt.com/ https://t.sf14g.com/ https://optimize.google.com https://cdn.bizible.com/ https://j.6sc.co/ http://www.google.com https://www.exabeam.com/ https://ml314.com/ https://trk.techtarget.com/ https://sc.lfeeder.com/ https://munchkin.marketo.net/ https://www.google-analytics.com/ https://www.googleanalytics.com/ https://static.ads-twitter.com/ https://snap.licdn.com/ https://tracking.g2crowd.com/ https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.googleoptimize.com/ https://pages.exabeam.com/ https://ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com/ https://player.vimeo.com/ https://vimeo.com/ https://js.adsrvr.org/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: * https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' blob: data: https://fonts.googleapis.com/ https://optimize.google.com https://builder-assets.unbounce.com/ https://www.exabeam.com/ https://pages.exabeam.com/ http://www.google.com; font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' data:  https://csmetrics.hotjar.com https://analytics.google.com/ wss://wsp37.hotjar.com wss://wsp4.hotjar.com wss://wsp23.hotjar.com https://content.hotjar.io https://builder-assets.unbounce.com/ https://ipv6.6sc.co/ http://www.google.com https://www.exabeam.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://www.googletagmanager.com/ https://cdn.linkedin.oribi.io/ https://munchkin.marketo.net/ https://ml314.com/ https://cdn.bizible.com/ https://secure.adnxs.com/ https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://c.6sc.co/ https://ibc-flow.techtarget.com/; frame-src 'self' https://view.ceros.com/ https://secure.adnxs.com/ https://player.vimeo.com https://vimeo.com/ https://www.facebook.com/ https://js.driftt.com/ https://pages.exabeam.com/ https://optimize.google.com https://www.youtube.com/ https://player.captivate.fm/ https://td.doubleclick.net/; object-src 'none' 1
default-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.userway.org https://edgeshoppingstatic.azureedge.net; script-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://www.nostarch.com https://nostarch.com https://ajax.googleapis.com https://www.google-analytics.com https://cdn.userway.org https://api.userway.org https://ajax.cloudflare.com https://connect.facebook.net https://www.googletagmanager.com; object-src https://www.youtube.com https://w.soundcloud.com; img-src 'self' 'unsafe-inline' data: blob: https://www.nostarch.com https://nostarch.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://api.userway.org https://cdn.userway.org; frame-ancestors 'self'; child-src https://cdn.userway.org https://www.youtube.com https://w.soundcloud.com  https://nostarch.com; font-src 'self' data: moz-extension https://static3.avast.com https://nostarch.com https://fonts.gstatic.com https://cdn.userway.org; connect-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://api.userway.org https://cdn.userway.org https://analytics.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://koneagria.fi https://acc-craft3-83f28cce78cc.hyperlane.co; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.philips.pl *.philips.com *.philips.pl https://philipsigtdpv.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.flickr.com *.juicer.io *.cookielaw.org *.levelaccess.net *.googletagservices.com *.nr-data.net *.hotjar.com *.adroll.com *.iu.edu *.powerbi.com *.nafsa.org *.vimeo.com *.youtube.com cqrcengage.com *.soundcloud.com *.doubleclick.net *.googlesyndication.com analytics.google.com *.google-analytics.com *.live.com *.addtoany.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.buzzsprout.com disqus.com *.hotjar.com *.cqrcengage.com *.iu.edu *.powerbi.com *.addtoany.com *.doubleclick.net *.googlesyndication.com *.google.com *.nafsa.org *.vimeo.com *.youtube.com *.soundcloud.com *.live.com ; frame-src 'self' *.gv-one.com *.adsrvr.org *.google.com *.googletagservices.com *.vimeo.com *.youtube.com *.hotjar.com *.adroll.com *.iu.edu *.buzzsprout.com *.powerbi.com *.quorum.us donorbox.org ; upgrade-insecure-requests; report-uri https://sentry.utdev.com/api/13/security/?sentry_key=ca1be9729acc4362890bb2f9cdbfd138; 1
frame-ancestors 'self' youtube.googleapis.com www.youtube.com;default-src 'self' data: https:;manifest-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.creativecdn.com www.work.ua www.dmpcloud.net youtube.googleapis.com www.bi.ua www.youtube.com *.cloudfront.net shop-cart.app cdn.clickanalyticsresource.com *.prdredir.com cdn.lenmit.com z.lenmit.com www.googleoptimize.com www.googletagmanager.com www.google.com.ua analytics.google.com www.facebook.com *.privatbank.ua www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com apis.google.com code.jquery.com cdn.jsdelivr.net connect.facebook.net esputnik.com googleads.g.doubleclick.net www.google.com maps.googleapis.com  *.esputnik.com *.hotjar.com *.chatwoot.com static.cloudflareinsights.com accounts.google.com;connect-src 'self' docs.google.com  *.creativecdn.com *.googleapis.com wss://*.hotjar.com content.hotjar.io  app.neucurrent.com cdn.clickanalyticsresource.com youtube.googleapis.com www.bi.ua www.google.com.ua analytics.google.com www.facebook.com *.privatbank.ua www.google-analytics.com stats.g.doubleclick.net  *.chatwoot.com  *.esputnik.com esputnik.com storage.googleapis.com cloudflareinsights.com accounts.google.com maps.googleapis.com www.googletagmanager.com *.hotjar.com;img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' unpkg.com blob: storage.googleapis.com www.bi.ua fonts.googleapis.com accounts.google.com *.chatwoot.com;font-src 'self' data: www.bi.ua fonts.gstatic.com storage.googleapis.com  *.chatwoot.com; 1
https://lewisuniversity.report-uri.com/r/d/csp/wizard 1
default-src 'none'; connect-src 'self' *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr https://yandexmetrica.com https://yandexmetrica.com:30103 https://yandexmetrica.com:29010 https://ymetrica1.com https://ymetrica2.com https://ymetrica.com ; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; img-src * data: android-webview-video-poster: ;media-src strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data: *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; script-src 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st yastatic.net banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr https://yandexmetrica.com https://yandexmetrica.com:30103 https://yandexmetrica.com:29010 https://ymetrica1.com https://ymetrica2.com https://ymetrica.com ; style-src 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *.ttwstatic.com https://widget.qiwi.com https://attestation.android.com *.google-analytics.com www.googletagmanager.com *.yandex.kz *.yandex.net *.yandex.com vk.com *.tiktokcdn.com *.ibytedtos.com *.tiktok.com gdepapa8 googleads4.g.doubleclick.net adservice.google.ru adservice.google.com https://rutube.ru googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com payselection.com *.payselection.com gp8utf gdepapa.ru yoomoney.ru auth.robokassa.ru api-maps.yandex.ru http://www.youtube.com youtube.com *.youtube.com youtu.be counter.yadro.ru cdn.ampproject.org *.google.com *.google.ru *.gstatic.com www.googletagservices.com *.googleapis.com informer.yandex.ru avatars.mds.yandex.net http://mc.yandex.ru https://mc.yandex.ru mc.yandex.by mc.yandex.ua mc.yandex.md mc.yandex.fr ; 1
frame-ancestors https://cart.emmiol.com https://user.emmiol.com https://login.emmiol.com https://order.emmiol.com https://www.emmiol.com 1
default-src 'self' 'unsafe-inline' airmalta.com *.airmalta.com google.com *.onetrust.com *.google.com *.googleadservices.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.salesforce.com *.sandbox.my.site.com *.force.com *.preprod-km-triplake.com *.visualforce.com *.documentforce.com liveupdate.pimcore.org *.openstreetmap.org; connect-src 'self' *.onetrust.com *.googletagmanager.com *.google-analytics.com *.airmalta.com wss://tsocial.airmalta.com *.salesforce.com *.sandbox.my.site.com *.force.com *.preprod-km-triplake.com *.visualforce.com https://liveupdate.pimcore.org *.openstreetmap.org *.facebook.net; font-src 'self' data: *.onetrust.com airmalta.com *.airmalta.com *.gstatic.com *.googleapis.com; form-action 'self' airmalta.com *.onetrust.com *.airmalta.com *.triplake.com *.dev-triplake.com *.preprod-km-triplake.com *.salesforce.com *.sandbox.my.site.com *.force.com *.visualforce.com *.documentforce.com *.twitter.com *.facebook.net *.openstreetmap.org http://*.exct.net https://*.exct.net http://*.exacttarget.com https://*.exacttarget.com https://checkin.si.amadeus.net; frame-ancestors 'self' airmalta.com *.onetrust.com *.airmalta.com *.youtube.com *.facebook.net *.google.com *.googleadservices.com *.salesforce.com *.sandbox.my.site.com *.force.com *.preprod-km-triplake.com *.visualforce.com *.documentforce.com *.openstreetmap.org; frame-src 'self' airmalta.com *.onetrust.com *.airmalta.com *.youtube.com *.youtube-nocookie.com google.com *.google.com *.googleadservices.com *.facebook.net *.googleapis.com *.salesforce.com *.sandbox.my.site.com *.force.com *.preprod-km-triplake.com *.visualforce.com *.documentforce.com *.issuu.com *.twitter.com *.openstreetmap.org; img-src 'self' data: airmalta.com *.onetrust.com *.airmalta.com google.com *.google.com *.googleadservices.com *.facebook.net *.facebook.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.sandbox.my.site.com facebook.com twitter.com *.cdninstagram.com *.twimg.com *.twitter.com *.openstreetmap.org *.arcgisonline.com openweathermap.org *.plusgrade.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' airmalta.com *.airmalta.com google.com *.onetrust.com *.google.com *.googleadservices.com *.facebook.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.salesforce.com *.sandbox.my.site.com *.force.com *.preprod-km-triplake.com *.visualforce.com *.documentforce.com liveupdate.pimcore.org *.twitter.com *.twimg.com *.openstreetmap.org *.plusgrade.com *.cloudflare.com; style-src 'self' 'unsafe-inline' airmalta.com *.onetrust.com *.airmalta.com google.com *.google.com *.googleadservices.com *.facebook.net *.gstatic.com *.googleapis.com *.sandbox.my.site.com platform.twitter.com *.openstreetmap.org *.plusgrade.com; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-rsc 'self' 1
default-src 'self' blob: https: 'unsafe-inline'; script-src 'self' blob: https://www.mp3tag.de https://stats.fheidenreich.de https://analytics.mp3tag.de https://*.stripe.com https://*.google.com https://*.gstatic.com https://unpkg.com https://*.unpkg.com 'unsafe-inline' 1
frame-src 'self' blob: *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'self' https: https://fonts.gstatic.com; script-src 'self' https://cdn.speedcurve.com https://lux.speedcurve.com https://bmidxbgroupcprod.gatsbyjs.io https://cdn.mouseflow.com https://*.mopinion.com https://*.hscta.net/ https://*.hsadspixel.net/ wss://*.hotjar.com https://js.hsforms.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsforms.com https://*.hotjar.com https://js.hscta.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.googleoptimize.com https://googleads.g.doubleclick.net https://optimize.google.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha  https://*.googleapis.com https://snap.licdn.com https://connect.facebook.net https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.mopinion.com https://bmidxbgroupcprod.gatsbyjs.io 'unsafe-inline' https://*.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com; img-src 'self' https://*.mopinion.com https://*.cookielaw.org https://lux.speedcurve.com https://bmidxbgroupcprod.gatsbyjs.io https://*.fls.doubleclick.net https://*.hsforms.com https://*.hubspot.com https://*.hotjar.com blob: data: https://*.hsforms.com https://*.hubspot.com https://images.ctfassets.net https://bmipimngprodtfe.azureedge.net https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://*.facebook.com https://www.google.com https://www.google.co.uk https://optimize.google.com https://i.ytimg.com; media-src 'self' https://bmidxbgroupcprod.gatsbyjs.io https://assets.ctfassets.net https://downloads.ctfassets.net https://videos.assets.ctfassets.net https://bmipimngprodtfe.azureedge.net https://*.googleapis.com https://*.gstatic.com; connect-src 'self' blob: https://o2.mouseflow.com/ https://*.google-analytics.com https://europe-west3-bmi-p-dxb-compute-eu-west.cloudfunctions.net https://*.mopinion.com https://*.hsforms.com https://api.hubapi.com https://deploy.mopinion.com https://bmidxbgroupcprod.gatsbyjs.io https://*.hubapi.com/ https://*.hubspot.com https://snap.licdn.com https://connect.facebook.net wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net/ https://70f5cb29c2da49c79f1197aef4897fdc.europe-west3.gcp.cloud.es.io:* https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://europe-west3-bmi-p-dxb-compute-eu-north.cloudfunctions.net https://storage.googleapis.com https://cdnjs.cloudflare.com https://*.onetrust.com https://maps.googleapis.com https://bmipimngprodtfe.azureedge.net https://*.googleapis.com https://*.gstatic.com; frame-src https://bmidxbgroupcprod.gatsbyjs.io https://*.hsforms.com https://*.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://*.hotjar.com/ https://www.youtube.com https://www.facebook.com https://optimize.google.com https://*.fls.doubleclick.net https://*.walls.io/; font-src 'self' data: https://bmidxbgroupcprod.gatsbyjs.io/ https://fonts.gstatic.com https://fonts.googleapis.com/ https://*.bmigroup.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.reedsmith.com *.usercentrics.eu https://www.instagram.com/ https://code.jquery.com/ https://www.podbean.com/ https://app.usercentrics.eu/ https://app-script.monsido.com https://tracking.monsido.com https://www.google.com/ https://maps.googleapis.com/ https://code.jquery.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com https://www.buzzsprout.com *.google.com *.twitter.com *.twimg.com *.googleapis.com googleapis.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net addthis.com *.addthis.com *.doubleclick.net doubleclick.net *.addthisedge.com addthisedge.com *.gstatic.com *.moatads.com moatads.com *.podbean.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reedsmith.com *.usercentrics.eu https://app.usercentrics.eu/ maps.googleapis.com googleapis.com https://www.googletagmanager.com https://www.instagram.com/embed.js https://www.google.com/ https://maps.googleapis.com/ https://app-script.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://cdn.yoshki.com *.google.com *.twitter.com *.twimg.com *.googleapis.com googleapis.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net addthis.com *.addthis.com *.doubleclick.net doubleclick.net *.addthisedge.com addthisedge.com *.gstatic.com *.moatads.com moatads.com *.podbean.com; object-src 'self'; img-src 'self' data: https://i.ytimg.com/ maps.gstatic.com https://maps.gstatic.com/ *.googleapis.com googleapis.com *.ggpht.com *.usercentrics.eu  *.monsido.com http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com *.twitter.com *.twimg.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.usercentrics.eu https://maps.googleapis.com https://www.google-analytics.com https://www.buzzsprout.com *.twitter.com *.twimg.com;frame-ancestors 'self' *.usercentrics.eu  https://tracking.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.buzzsprout.com *.gstatic.com *.twitter.com *.twimg.com googleapis.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 1
default-src * data: blob: https://cdn.onesignal.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://arenabg.com https://arenabg.ch 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://itnext.io https://*.itnext.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors *.rideapart.com 1
frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://teams.microsoft.com https://*.sharepoint.com 1
img-src * data:; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.classmarker.com pdf.classmarker.com js.stripe.com; connect-src 'self' shop.spreadshirt.nl www.google-analytics.com www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com mapper.packetbroker.net nominatim.openstreetmap.org/ stats.g.doubleclick.net unpkg.com/boxicons@2.1.1/; default-src 'self'; script-src 'self' 'unsafe-eval' d3js.org ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net stats.g.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ unpkg.com/leaflet-geosearch@3.1.0/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com 'nonce-xrlmBgXejDUVbbZIvjzEJQ=='; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl ttui.thethingsindustries.com; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com 1
frame-ancestors 'self' http://thetimeforchoosing.com 1
frame-ancestors 'self' https://*.mci.ir https://trustseal.enamad.ir;base-uri 'self'; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vrhouse.ir  https://*.posthog.com https://*.clarity.ms https://c.bing.com  https://*.yektanet.com https://*.tavoos.net https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com;frame-src 'self' https://mediacdn.mediaad.org https://ua.yektanet.com https://*.doubleclick.net https://www.aparat.com https://sniper.tavoos.net https://*.vrhouse.ir https://www.googletagmanager.com;manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content;report-uri https://sentry.jajiga.com/api/4/security/?sentry_key=beb44f37fa6c4b048175230008c682e5 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.api.rlcdn.com *.bidr.io *.adform.net *.atdmt.com https://pagead2.googlesyndication.com https://adservice.google.co.uk https://adservice.google.com https://*.g.doubleclick.net https://tpc.googlesyndication.com https://maps.googleapis.com https://bat.bing.com https://cdn.ampproject.org https://www.google.com blob: *.lawsociety.org.uk *.googleadservices.com *.googletagservices.com *.googleoptimize.com static.cloudflareinsights.com *.cloudfront.net btloader.com; frame-src https: data: *.googletagservices.com *.lawsociety.org.uk; style-src https: 'unsafe-inline' tagmanager.google.com optimize.google.com; img-src https: data: blob: https://pagead2.googlesyndication.com https://www.googletagservices.com https://adservice.google.co.uk https://adservice.google.com https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://maps.googleapis.com https://bat.bing.com https://cdn.ampproject.org https://www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com ad-delivery.net; media-src https: data: blob:; font-src https: data:; connect-src https: wss: *.analytics.google.com *.cloudflareinsights.com *.pubgalaxy.com; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.lawgazette.co.uk; 1
frame-ancestors https://*.framar.bg/ 'self'; 1
frame-ancestors 'self' m.cronachemaceratesi.it app.cronachemaceratesi.it cronachemaceratesi.it www.cronachemaceratesi.it; 1
frame-ancestors self https://www.bbvanetcash.mx/; 1
default-src 'self' 'unsafe-inline' https://*.conword.io/ https://dortmund.de/ https://dortmund.labs.jochum-mediaservices.net/ https://i.ytimg.com/; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'unsafe-eval' 'nonce-NTFlM2VlMWQtYWIxYi00NzUyLWFhZDEtNTk0Njk5MDFmMzQ0' 'sha256-EFXHhmmqOG9NVsFSXgpoZ0fKqqcL1lepAnZgPPGKVHY=' 'sha256-9BB975L2SR8PQdxlNcxoxEE97UIMtEa4DmJ23eeChSQ=' 'sha256-ZHEEjIYlfVYFJBAosogCtHRPFAqeUePxJ+p0c8qz16A=' 'sha256-UhMAhzYDByVGnj3yvFXuooGYyFrqD7xLZvYBekFC6Fo=' 'sha256-Q4F64xXghm2Bb0iTclX3i5rg8ymkXi1iF7LTDVGf1bY=' 'sha256-mBvhnsbXcSeGsrbqLAa+R1GWbknFbIvxunn6Ov+ukgM=' 'sha256-ZxCGLd4drh7sp7uiU2TUviObPULAnctE3z/KLWVN9SQ=' 'sha256-VLmE00O79ww6WRTY725OCu7usnP6yNZfp25It4mdItw=' 'sha256-lfGsEW36SjYzwqzuOMJaHtOAzdJn6yKU8/dufWjSX8E=' 'sha256-L64S8mwzCtK7SI1srPW7KoOb9ZAp/+eT5vJ9xEp1KWY=' 'sha256-0AU6DH4kxJnS3NHSd5VQ+xyr+WljoF+siaom5FXYb6k=' 'sha256-tHaVXmX2/a6xnxFrPnNI8Mwu1DqADCffs/h4O3ZBuCo=' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' 'sha256-pKIDTqOzNUX3oekYvCTXLzBcXADeKEexC9UAWQt1jOw=' 'sha256-cLtIKqCnXyIdkU9XfjywkEoOIWiPUJAvYgUOS+EZfIU=' 'sha256-2NAYqQAcAAJdaQCFN1Eid+mionkfnP8u9NU0dh0Mzzs=' 'sha256-a1kwX4WfC7/34NUJMLJKQjOC/jaVRRAIYt+L+2rJsk8=' 'sha256-jGKIJZR9UCTAETN/Pk1aj5MVf+79z2GdJsLtVUKBmHI=' 'sha256-3BplvsFHe0uUxbhaJ0/BIJDUlbQj4IivZpGSaVIOuA4=' 'sha256-IfLnWUppVH9lC18lQQtAv8GNoDVvRaM3n/DCVlMa4Yo=' 'sha256-XpeHxL2bnERottAGfAddx6dPyA0GsptDELdTEvqCoDY=' 'sha256-SYHKbKrPawzeAb7mn1xEoeffrCvoWurX3cqKWleKoU8=' 'sha256-Qo6ZfQ66vOoz2PcbIBBBqvkVWovO/z4UtqgHHjbR/KM=' 'sha256-4BCv4pSFjPk/uKGZWRg6wXHEwfD9somh2DzCwYCfRNo=' *.pensebig.com.br *.facebook.net *.trust-provider.com *.linximpulse.net *.linximpulse.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.youtube.com content.syndigo.com *.cloudfront.net *.lomadee.com *.creativecdn.com *.1worldsync.com *.facebook.com *.gazin.com.br *.syndigo.com *.syndigo.cloud; style-src 'unsafe-inline' 'report-sample' 'self' *.googleapis.com *.google.com *.googletagmanager.com *.1worldsync.com *.syndigo.com *.syndigo.cloud; connect-src 'self' *.creativecdn.com *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.chaordicsystems.com *.logs.datadoghq.com *.gazin.com.br *.linximpulse.net *.linximpulse.com *.googleapis.com content.syndigo.com *.g.doubleclick.net *.doubleclick.net *.syndigo.com *.syndigo.cloud *.rdstation.com.br; font-src 'unsafe-inline' 'self' data: *.typekit.net *.gstatic.com *.1worldsync.com *.syndigo.com *.syndigo.cloud; frame-src 'self' data: *.doubleclick.net *.facebook.com *.facebook.net *.youtube.com *.creativecdn.com *.1worldsync.com *.xbox-interactive.com *.syndigo.com *.syndigo.cloud; img-src 'self' blob: data: *.blob.core.windows.net *.gazin.com.br *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.syndigo.cloud *.syndigo.com *.1worldsync.com; worker-src blob: *.gazin.com.br; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-src self *.nameniko.com *.google.com 1
default-src 'self' https://www.bilgi.edu.tr; img-src http: https: data: blob:; font-src 'self' data: https://*.bilgi.edu.tr https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; media-src 'self' https: blob: https://*.bilgi.edu.tr; script-src 'self' https://*.bilgi.edu.tr https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthis.com https://*.facebook.com https://*.linkedin.com https://*.addthisedge.com https://www.youtube.com https://s.ytimg.com https://yastatic.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://secure.adnxs.com https://mc.yandex.ru https://www.googletagmanager.com https://connect.facebook.net https://cdn.mookie1.com 'unsafe-inline' 'unsafe-eval'; script-src-elem data: 'self' https://*.bilgi.edu.tr https://www.google.com/recaptcha/ https://www.gstatic.com/ https://*.addthis.com https://*.facebook.com https://*.linkedin.com https://*.addthisedge.com https://www.youtube.com https://s.ytimg.com https://yastatic.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://secure.adnxs.com https://mc.yandex.ru https://www.googletagmanager.com https://connect.facebook.net https://cdn.mookie1.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.bilgi.edu.tr https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; child-src 'self' https://*.bilgi.edu.tr http://webvisor.com https://player.vimeo.com https://www.youtube.com https://*.google.com https://*.yandex.ru https://*.googletagmanager.com https://*.twitter.com https://*.facebook.com; connect-src 'self' https://*.bilgi.edu.tr https://*.addthis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.directmarketingturkey.com https://mc.yandex.ru; object-src 'self'; frame-src 'self' https://*.bilgi.edu.tr https://www.youtube-nocookie.com/ http://webvisor.com https://*.addthis.com/ https://bid.g.doubleclick.net https://*.google.com https://*.yandex.ru https://*.vimeo.com https://*.youtube.com; frame-ancestors 'self' https://bilgiedutr.sharepoint.com 1
frame-ancestors 'self' *.libertic.com *.libertic-cdn.com 1
default-src 'self' https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https: 'unsafe-inline' data:; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.lonex.bg *.lonex.com http://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://image.providesupport.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; 1
frame-ancestors musavat.midiya.az musavat2.midiya.az; 1
base-uri 'none'; manifest-src 'self' https://assets.thedyrt.com; object-src 'none'; form-action 'self'; report-uri https://thedyrt.report-uri.com/r/d/csp/enforce; report-to default; child-src blob:;  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.avmws.com https://*.ubembed.com/ https://api.instagram.com https://app.link https://appleid.cdn-apple.com https://assets.thedyrt.com https://cdn.branch.io https://connect.facebook.net https://ct.pinterest.com https://d.adroll.com/ https://d1o5877uy6tsnd.cloudfront.net https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com/* https://adservice.google.com https://www.google.com/recaptcha/* https://js.stripe.com https://optimize.google.com https://platform.instagram.com https://s.adroll.com https://s.pinimg.com https://script.hotjar.com https://solve-widget.forethought.ai https://static.hotjar.com https://static.zdassets.com https://tagmanager.google.com https://thedyrt.us7.list-manage.com https://widget-mediator.zopim https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.googletagmanager.com https://accounts.google.com/gsi/client https://www.instagram.com https://www.redditstatic.com https://thedyrt.atlassian.net https://*.mediavine.com ;  frame-src 'self' http://staticxx.facebook.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.googleadservices.net https://*.googletagservices.com/ https://*.ubembed.com/ https://assets.thedyrt.com https://js.stripe.com/ https://optimize.google.com https://solve-widget.forethought.ai https://staticxx.facebook.com https://thedyrt.atlassian.net https://vars.hotjar.com https://web.facebook.com https://www.dojomojo.ninja/ https://www.facebook.com https://www.google.com/recaptcha/* https://www.instagram.com https://www.youtube-nocookie.com https://www.youtube.com https://youtube-nocookie.com https://youtube.com; 1
frame-ancestors 'none';  block-all-mixed-content; 1
default-src https://*.f-list.net; frame-src https://www.google.com/recaptcha/; script-src https://*.f-list.net https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://plausible.dragonfru.it https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://*.f-list.net https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it; style-src https://*.f-list.net 'unsafe-inline'; connect-src https://*.f-list.net https://ads.dragonfru.it https://plausible.dragonfru.it https://www.google-analytics.com wss://chat.f-list.net:9799 ws://chat.f-list.net:9722 wss://chat.f-list.net:8799 ws://chat.f-list.net:8722 wss://chat.f-list.net; frame-ancestors 'none'; 1
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://www.min-breeder.com; 1
default-src *.quantummetric.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; worker-src blob:; child-src blob:; object-src 'self'; media-src 'self' blob: usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com https://www.dcu.org https://manifest.prod.boltdns.net/ https://dcu-dev-65.adobecqms.net/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://usuat.cobrowse.pega.com/ https://usuatassets.cobrowse.pega.com https://player.vimeo.com/ https://memchat.dcu-online.org/ https://geolocation.onetrust.com https://www.google.com https://cdn.cookielaw.org https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.quantummetric.com http://dfcumanagedservicesstageenvironment.112.2o7.net https://analytics.twitter.com/ *.ads-twitter.com https://us.cobrowse.pega.com https://usassets.cobrowse.pega.com *.steelhousemedia.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ *.cloudflare.com https://googleads.g.doubleclick.net https://chat.usefirefly.com https://usefirefly.com  https://connect.facebook.net www.google-analytics.com assets.adobedtm.com *.timevaluecalculators.com *.bazaarvoice.com *.iesnare.com https://ajax.googleapis.com/ *.googleapis.com *.dcuinsurance.com tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com https://firefly-chat-production.s3.amazonaws.com  http://www.googleadservices.com https://connect.facebook.net http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://snap.licdn.com https://bat.bing.com https://up.pixel.ad https://ssl.google-analytics.com/ https://www.dcu.org/ https://static.ads-twitter.com/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://bcbolt446c5271-a.akamaihd.net/ https://widget.use1.chat.pega.digital/ *.qualtrics.com; connect-src 'self' *.ads-twitter.com *.quantummetric.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com wss://usefirefly.com https://usefirefly.com * *.cloudflare.com https://www.calcxml.com/ *.dcu.org *.omtrdc.net *.demdex.net *.bazaarvoice.com wss://chat.usefirefly.com https://www.google-analytics.com  https://www.dcuinsurance.com http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net https://www.dcu.org/ https://static.ads-twitter.com/; img-src 'self' *.com *.yahoo.com http://t.co/ dsum.casalemedia.com su.addthis.com s.thebrighttag.com image2.pubmatic.com ads.scorecardresearch.com t.mookie1.com x.bidswitch.net usermatch.krxd.net match.sharethrough.com cm.g.doubleclick.net ads.yahoo.com pixel.advertising.com insight.adsrvr.org www.facebook.com usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com *.bazaarvoice.com https://www.dcu.org https://www.google.co.in https://www.google.com *.timevaluecalculators.com *.everesttech.net *.demdex.net *.omtrdc.net *.googleapis.com *.gstatic.com *.112.2o7.net https://stats.g.doubleclick.net https://www.calcxml.com/ www.google-analytics.com *.doubleclick.net/ https://bcbolt446c5271-a.akamaihd.net/ https://players.brightcove.net/ https://bcp.crwdcntrl.net/5/c=9034/b=81888998 https://www.dcu.org/ data:; style-src 'self' 'unsafe-inline' *.cloudflare.com https://usuatassets.cobrowse.pega.com https://usassets.cobrowse.pega.com https://usefirefly.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://www.calcxml.com/ https://tagmanager.google.com usassets.chat.pega.com *.timevaluecalculators.com https://fonts.googleapis.com/ *.googleapis.com *.bazaarvoice.com https://match.adsrvr.org https://match.prod.bidr.io https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage-65.adobecqms.net/ https://stage.dcu.org/ *.dcu.org https://dculocator.wave2.io/ https://www.dcu.org/; font-src 'self' https://fonts.gstatic.com/ fonts.gstatic.com https://www.dcu.org/ data:; frame-src 'self' https://player.vimeo.com/ https://player.captivate.fm https://podcasts.captivate.fm *.quantummetric.com https://dcu.secure.nonprofitsoapbox.com https://americasaves.org/ https://app.loanspq.com/ https://dcu.mortgagewebcenter.com/ https://apps.rps.ascensus.com/ https://forms.fivision.com/ *.doubleclick.net *.culookup.com *.dcu.org *.demdex.net https://dcu.demdex.net *.locatorsearch.com *.bazaarvoice.com  https://www.fmsi-lts.com/DIG_WS https://fmsi-lts.com/ *.adobecqms.net http://cookies.onetrust.mgr.consensu.org/ stage.dcu.org https://stage.dcu.org/ https://dcu-stage-65.adobecqms.net/ http://dcu-stage-65.adobecqms.net/ https://dcu-dev-65.adobecqms.net/ https://dcu-qa-65.adobecqms.net/ https://dcu-stage.adobecqms.net/ *.dcu.org https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.youtube.com https://dculocator.wave2.io/ https://www.dcu.org/ https://pixel.sitescout.com/ https://memchat.dcu-online.org/ *.qualtrics.com 1
default-src 'self' www.hsnstore.com cdn.hsnstore.com hsnstore.com *.redsys.es;form-action *.redsys.es *.amazon.es *.amazon.de bancsabadell.com unicaja.es www.paypal.com bitpay.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.com; img-src * data:;style-src 'self' 'unsafe-inline' *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com *.googletagmanager.com;script-src 'unsafe-eval' 'self' 'unsafe-inline' blob *.queue-it.net *.payments-amazon.com cdn.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com  maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com static.criteo.net sslwidget.criteo.com widget.eu.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net www.gstatic.com seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com;font-src data: 'self' www.hsnstore.com cdn.hsnstore.com fonts.gstatic.com;connect-src *.google-analytics.com *.queue-it.net *.googlesyndication.com *.saleago.com *.criteo.com *.facebook.com *.facebook.net maps.googleapis.com firehose.eu-central-1.amazonaws.com *.amazon.com www.google-analytics.com www.google.com www.salesmanago.pl www.salesmanago.es cdn.hsnstore.com www.hsnstore.com www.facebook.com *.g.doubleclick.net graph.facebook.com api.paycomet.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com identitytoolkit.googleapis.com securetoken.googleapis.com www.google.es sandbox.sequracdn.com live.sequracdn.com;frame-src *.criteo.com td.doubleclick.net www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.com live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com gum.criteo.com static.criteo.net sandbox.sequrapi.com sandbox.sequracdn.com live.sequracdn.com;object-src *.hsnstore.com;report-uri https://www.hsnstore.com/reportcsp/ 1
frame-ancestors 'self' affise.com vars.hotjar.com affisecom.mpeasylink.com app.hubspot.com;  object-src 'self' affise.com *.nitrocdn.com; 1
'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org 1
frame-ancestors https://*.cambiocolombia.com 1
frame-ancestors 'cput.ac.za' 'youtube.com'; 1
default-src 'none'; connect-src https://s3.eu-west-1.amazonaws.com/ https://s3.ap-southeast-1.amazonaws.com/ graph.facebook.com https://*.appcues.com/ https://*.appcues.net/ wss://api.appcues.net/ https://*.elev.io/ wss://*.amazonaws.com/ wss://*.apsis.cloud/ wss://*.apsisbeta.one/ wss://*.apsis.one/ https://apsis.cloud/ https://*.apsis.cloud/ https://*.fe-stage.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://*.auth0.com/ https://sentry.io/api/ https://apsis.jumpstory.com/ https://graph.microsoft.com/v1.0/organization https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://apsis.com/; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src https://apsis.com/ https://player.vimeo.com/ https://app.metricool.com/ https://*.appcues.com/ https://cdn.elev.io/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/ https://apccdn.apsis1.com/ https://*.auth0.com/ https://*.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://litmus.com/ https://intercom-sheets.com/; img-src 'self' * blob: data: https://js.intercomcdn.com https://static.intercomassets.com/ https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.appcues.com/ https://cdn.elev.io/ https://litmus.com/inline/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/ https://static.ws.apsis.one/ https://static.ws.apsisbeta.one/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://static.intercomassets.com/; style-src 'self' 'unsafe-inline' https://*.appcues.com/ https://cdn.elev.io/ https://fonts.googleapis.com/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/; font-src 'self' https://*.appcues.com/ https://cdn.elev.io/ https://fonts.gstatic.com/ https://js.intercomcdn.com https://fonts.intercomcdn.com data; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://litmus.com/; media-src https://js.intercomcdn.com; report-uri https://sentry.io/api/; frame-ancestors https://*.apsis.cloud/ https://apsis.cloud/ https://*.apsisbeta.one/ https://apsisbeta.one/ https://*.apsis.one/ https://apsis.one/; 1
default-src 'self' go.sg https://www.shorthand.com *.shorthandstories.com https://cdn1.readspeaker.com https://api.data.gov.sg/; script-src www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ https://www.cloudinary.com gov.sg embedsocial.com https://www.embedsocial.com googletagmanager.com https://www.googletagmanager.com readspeaker.com https://www.dcube.cloud https://www.onemap.gov.sg cdn.jsdelivr.net https://*.tile.openstreetmap.org https://www.googleapis.com https://www.gstatic.com twimg.com https://api.data.gov.sg/ *.readspeaker.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com https://iframely.shorthand.com/ https://analytics.shorthand.com/ https://gateway.shorthand.com/ 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ embedsocial.com https://www.embedsocial.com https://www.dcube.cloud https://www.onemap.gov.sg googleapis.com gstatic.com twimg.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ data: blob: https://www.insight.sitefinity.com https://www.dec.sitefinity.com gov.sg https://www.gov.sg https://www.frontify.com https://www.cloudinary.com https://www.youtube.com https://www.facebook.com https://*.tile.openstreetmap.org https://www.google.com.sg https://www.google.com https://img.youtube.com gstatic.com googleapis.com *.shorthandstories.com https://www.shorthand.com https://www.googletagmanager.com twimg.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://www.google.com.sg; frame-src embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.twitter.com https://www.facebook.com https://www.onemap.gov.sg https://www.shorthand.com https://www.shorthandstories.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com https://www.mktoresp.com https://www.frontify.com https://www.cloudinary.com sharethis.com https://www.sharethis.com gov.sg https://www.youtube.com https://www.facebook.com https://www.shorthandstories.com https://www.app-eas.readspeaker.com https://www.stats.g.doubleclick.net https://www.google.com.sg https://www.google.com https://www.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://api.data.gov.sg gstatic.com https://www.googletagmanager.com https://assets.wogaa.sg/ https://webchat.vica.gov.sg/ https://chat.vica.gov.sg/ wss://chat.vica.gov.sg/ *.readspeaker.com https://app-eas.readspeaker.com/ https://snowplow-web.wogaa.sg/ https://rstts-eas.readspeaker.com https://bucket-vica.vica.gov.sg/ *.shorthandstories.com https://www.shorthand.com https://gateway.shorthand.com/ 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.frontify.com https://www.cloudinary.com https://www.youtube.com https://www.facebook.com https://www.shorthand.com https://www.shorthandstories.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.frontify.com cloudinary.com https://www.cloudinary.com embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.facebook.com https://www.twitter.com https://www.facebook.com/ https://web.facebook.com/ https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com 'self' web-chat.nativechat.com; form-action 'self' https://login.microsoftonline.com https://www-origin.www.gov.sg https://www.gov.sg https://web-intranet.www.gov.sg https://cdn1.readspeaker.com https://app-eas.readspeaker.com; frame-ancestors 'self' embedsocial.com https://www.embedsocial.com https://www.youtube.com https://www.twitter.com https://www.facebook.com https://www.shorthand.com https://www.shorthandstories.com https://cdn1.readspeaker.com https://app-eas.readspeaker.com/ https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.app-eas.readspeaker.com; object-src 'self' 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: cdn.jsdelivr.net *.friendlycaptcha.eu; 1
frame-ancestors https://app.storyblok.com http://app.storyblok.com/ 1
connect-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.visualstudio.com *.google-analytics.com *.googleapis.com *.cloudfront.net *.azure.com *.snapchat.com *.doubleclick.net *.qbrick.com *.dna.ip-only.net  ; default-src 'self' *.jotun.com *.jotunprofessionals.com  * localhost:*; frame-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.hcaptcha.com *.snapchat.com *.youtube.com *.issuu.com; media-src 'self' data: https: blob: *.jotun.com *.jotunprofessionals.com *.dna.ip-only.net; img-src 'self' data: https: *.jotun.com *.jotunprofessionals.com *.googletagmanager.com *.google.com *.google.nl *.cloudfront.net *.sharethis.com *.azure.com *.zaius.eu *.facebook.com *.dna.ip-only.net localhost:*; style-src 'self' *.jotun.com *.jotunprofessionals.com localhost:* *.jsdelivr.net *.googleapis.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; script-src 'self' data: https: blob: localhost:* *.jotun.com *.jotunprofessionals.com  *.hcaptcha.com *.azure.com *.qbrick.com *.jsdelivr.net *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: localhost:* *.jotun.com *.jotunprofessionals.com  *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com *.spinnaker-js.com sc-static.net *.snapchat.com *.google-analytics.com *.googleapis.com *.facebook.net *.youtube.com *.qbrick.com  'unsafe-inline' 1
default-src 'self' https:; object-src 'none'; style-src 'self' 'unsafe-inline' https: blob:; img-src 'self' https: data:; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https:; 1
frame-ancestors 'self' 'unsafe-inline'  *.e-bebek.com *.ebebek.com data: 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com e-payment.postfinance.ch *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.panini.it/shp_ita_it/webformat_csptools/report/; 1
object-src 'none'; script-src 'self' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aes.com/report-uri/enforce 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Dmk8zAf+A8dow4hDry+mzw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://fl.fmpedia.lc/ https://fl.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://forexlive.com/ https://forexlive.com:3006/ https://*.forexlive.com/ https://*.forexlive.com:3006/; 1
default-src 'self'; font-src 'self';img-src 'self' data: https://*.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://code.jquery.com; connect-src 'self' https://*.google-analytics.com https://www.googletagmanager.com https://code.jquery.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com; frame-ancestors 'self' https://www.youtube.com; 1
upgrade-insecure-requests; default-src 'self' https://*.marketo.com https://crazyegg.com https://jitterbit.com https://info.jitterbit.com https://app-sjf.marketo.com/ https://proxy.gtranslate.net/; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://www.googleanalytics.com https://*.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://app-sjf.marketo.com/ https://proxy.gtranslate.net/ https:; style-src 'self' 'report-sample' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://*.typekit.net https://unpkg.com https://*.marketo.com https://*.jitterbit.com *.crazyegg.com https://translate.googleapis.com https://www.gstatic.com/ https://www.googletagmanager.com/debug/badge.css https://*.omappapi.com/ https://tags.srv.stackadapt.com/sa.css https://proxy.gtranslate.net/; object-src 'none'; base-uri 'self'; connect-src 'self' *.crazyegg.com *.jitterbit.com *.marketo.com *.mktoresp.com *.app-sjf.marketo.com/ https://*.clarity.ms/collect https://app-sjf.marketo.com/ https://www.google-analytics.com https://*.google-analytics.com https://ipv6.6sc.co https://c.6sc.co/ https://stats.g.doubleclick.net https://*.ingest.sentry.io https://www.g2.com/products/jitterbit/rating_schema.json https://*.g2.com https://g2.com https://secure.adnxs.com https://translate.googleapis.com/ https://bat.bing.com/ wss://ws.qualified.com https://cdn.linkedin.oribi.io/partner/34919/domain/dev-jitterbit2022.pantheonsite.io/token https://cdn.linkedin.oribi.io/partner/34919/domain/jitterbit.com/token https://ibc-flow.techtarget.com/ https://ws.zoominfo.com/ https://consent-pref.trustarc.com/ https://www.google.com/ https://*.google.com/ https://*.omappapi.com/ https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/ https://scout.salesloft.com/ https://px.ads.linkedin.com/wa/ https://proxy.gtranslate.net/ https://process.iconnode.com/google-ads/ https://process.iconnode.com/session/page/ https://process.iconnode.com/session/ https://process.iconnode.com/lead/form https://monitor.clickcease.com/conversions/api/TrackConversion; form-action *.app-sjf.marketo.com/ https://app-sjf.marketo.com/ https://*.marketo.com https://*.jitterbit.com https://www.jitterbit.com/ https://www.jitterbit.com/ https://*.dev-jitterbit2022.pantheonsite.io/ https://proxy.gtranslate.net/ https://www.facebook.com/tr/; font-src 'self' https://jitterbit.com https://*.typekit.net https://fonts.gstatic.com https://www.jitterbit.com/ https://www.jitterbit.com/* https://consent.trustarc.com https://app-sjf.marketo.com/ https://proxy.gtranslate.net/ data:; frame-src 'self' *.app-sjf.marketo.com/ https://app-sjf.marketo.com/ https://www.google.com/ https://optimize.google.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.podomatic.com/ https://podomatic.com/ https://consent-pref.trustarc.com https://www.podomatic.com https://*.jitterbit.com https://*.marketo.com *.crazyegg.com https://*.dev-jitterbit2022.pantheonsite.io https://app.qualified.com/ https://pixel.sitescout.com/ https://www.jitterbit.com/ https://www.jitterbit.com https://platform.twitter.com/ https://www.facebook.com/ https://www.g2.com/ https://play.vidyard.com/ https://jitterbit257.outgrow.us/ https://td.doubleclick.net/ https://proxy.gtranslate.net/ data:; img-src https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://app-sjf.marketo.com/ * data: blob:; manifest-src 'self'; media-src 'self' https://consent.trustarc.com https://traffic.libsyn.com https://hwcdn.libsyn.com https://app.qualified.com/ https://app-sjf.marketo.com/ https://proxy.gtranslate.net/; report-uri /jitterbit/web/reports/; worker-src blob: 1
default-src 'self';font-src 'self' fonts.bunny.net;style-src 'nonce-hZzvd2q9gBhp6yJaR3+ztjGMFeYrXh+roSl28y9KQNA=' 'self' fonts.bunny.net cdn.jsdelivr.net;script-src 'nonce-hZzvd2q9gBhp6yJaR3+ztjGMFeYrXh+roSl28y9KQNA=' 'strict-dynamic' https: 'unsafe-inline';frame-src www.google.com maps.google.fr support.gipcdg.fr;object-src 'none';img-src 'self' data: jedonnemonavis.numerique.gouv.fr support.gipcdg.fr;connect-src 'self' support.gipcdg.fr 1
script-src 'report-sample' 'nonce-Yhys8zFNv0PPueVwuDZf7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
block-all-mixed-content; frame-ancestors 'self' https://intranet.viajeselcorteingles.es https://empresasviajeselcorteingles.force.com https://cuenta.elcorteingles.es https://viajeselcorteingles.my.site.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; frame-ancestors 'none'; frame-src https://86886.jp https://www.buffalo.jp 1
default-src https: 'self' 'unsafe-inline'; font-src https: data: 'self'; block-all-mixed-content; img-src https: 'self' data:; object-src 'self'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; form-action 'self' https://roptemp.peelregion.ca https://peelregion.ca https://www.peelregion.ca https://ca.docusign.net https://powerforms.docusign.net https://cl.exct.net; report-uri https://peelregion.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk; script-src-elem 'unsafe-inline' 'strict-dynamic' 'nonce-z/7I3W2bg2niBU1c3DMSGQ=='; style-src 'self' 'unsafe-inline' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.googleapis.com cdn.taggstar.com assets.bounceexchange.com;  font-src 'self' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.gstatic.com; frame-ancestors 'self'; 1
frame-ancestors https://*.gates.com; 1
frame-ancestors http://methstreams.com http://nbastreamswatch.com http://nbastreamslinks.com http://watchnbastreams.com http://crackstreams.ws 1
default-src 'self' https:; img-src * data:; media-src *; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data: 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-Fb4mLdrl8/zshnozPWXCVA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' portal.miele.com portal.miele.com:441 www3.miele.de 1
frame-ancestors 'self' https://www.siteliner.com/; 1
default-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://universityadmissions.se https://vanta.antagning.se *.queue-it.net https://analytics.uhr.se https://dl.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.recaptcha.net https://www.gstatic.cn/recaptcha/ https://uhrfaq.samres.services https://www.google.com; style-src 'report-sample' 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://uhrfaq.samres.services https://translate.googleapis.com; object-src 'none'; connect-src 'self' https://plausible.io https://analytics.uhr.se https://uhrfaq.samres.services https://translate.googleapis.com; img-src 'self' 'report-sample' data: blob: https://universityadmissions.se https://translate.google.com https://translate.googleapis.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com; worker-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://uhrfaq.samres.services; frame-src 'self' https://www.google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha/ recaptcha.net https://www.googletagmanager.com; base-uri 'self'; form-action 'self' https://universityadmissions.se epayment.nets.eu test.epayment.nets.eu https://uhrchatt.samres.services https://uhrfaq.samres.services; manifest-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-to csp-endpoint; report-uri /intl/contentpolicyv2 1
default-src 'none'; script-src 'self' 'unsafe-eval' data: blob: *.betterhealth.vic.gov.au dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au *.readspeaker.com *.health.vic.gov.au *.healthdirect.org.au ajax.googleapis.com *.marker.io *.crazyegg.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au fonts.googleapis.com tagmanager.google.com *.readspeaker.com drwgdblqzrfiz.cloudfront.net https://optimize.google.com https://fonts.googleapis.com cdn.monsido.com; img-src 'self' data: *.betterhealth.vic.gov.au dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net www.google.com www.google.com.au www.hon.ch www2.health.vic.gov.au *.marker.io community-stg.dh-23.1.today.design community.lifeprogram.org.au drwgdblqzrfiz.cloudfront.net *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src 'self' data: dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au fonts.gstatic.com *.readspeaker.com *.marker.io https://fonts.gstatic.com; frame-src 'self' dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.vic.gov.au *.healthdirect.org.au dhhs.carto.com *.doubleclick.net *.marker.io https://optimize.google.com; manifest-src 'self'; connect-src 'self' dhhs.vic.gov.au content.dhhs.vic.gov.au *.content.dhhs.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sdp.vic.gov.au api.ipify.org drwgdblqzrfiz.cloudfront.net *.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com *.readspeaker.com *.marker.io dhhs.au.auth0.com lifeprogram.au.auth0.com *.crazyegg.com; 1
frame-ancestors 'self' campusvirtualsp.org *.campusvirtualsp.org paho.org *.paho.org 1
script-src 'self' 'unsafe-inline' *.cookiebot.com *.hacon.de 1
frame-ancestors 'self' http://*.washk12.org https://*.washk12.org 1
default-src 'none'; frame-ancestors 'self' mbconnectline.com *.mbconnectline.com simply-connect.me *.simply-connect.me simply-connect2.me *.simply-connect2.me; form-action 'self' mbconnectline.com *.mbconnectline.com; base-uri 'self' mbconnectline.com *.mbconnectline.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; style-src 'unsafe-inline' 'self' mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; font-src 'self' data: mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; img-src 'self' data: blob: mbconnectline.com *.mbconnectline.com *.googleapis.com *.gstatic.com *.cloudflare.com; object-src 'self' mbconnectline.com *.mbconnectline.com; prefetch-src 'self' mbconnectline.com *.mbconnectline.com; media-src *; frame-src *; manifest-src *; worker-src *; connect-src *; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com cdn.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net  https://cdn.syndication.twimg.com *.google.com *.gstatic.com *.googleapis.com *.translate.goog *.livechatinc.com app.chaport.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it *.modirum.com *.paylife.at *.ctbcbank.com *.ocbc.com *.kbcard.com *.enfuce.com *.airplus.com *.mercurypaymentservices.it ws.zoominfo.com *.linkedin.com *.licdn.com 1
default-src 'self' *.taquilla.com 'report-sample'; script-src *.taquilla.com www.eventim.de *.googletagmanager.com cdn.ampproject.org *.google-analytics.com *.googleadservices.com tpc.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.weezevent.com *.eventbrite.com *.facebook.net taquilla.ladesk.com *.hotjar.com 'unsafe-eval' 'unsafe-inline'; font-src fonts.gstatic.com *.taquilla.com; style-src *.taquilla.com www.eventim.de *.googleapis.com 'unsafe-inline'; img-src 'self' cdn.janto.es contents.janto.es www.mgticket.com compraentradas.ibercaja.es tickets.janto.es *.4tickets.es entradas.elsonidooculto.com *.taquilla.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.es *.google.ad *.google.pt *.google.fr img.youtube.com *.ytimg.com data:; connect-src 'self' *.taquilla.com api.eventim.com cdn.ampproject.org *.google.com *.googleapis.com *.google.es *.google.ad *.google.pt *.google.fr *.google.ie *.google-analytics.com *.googletagmanager.com ampcid.google.com ampcid.google.es ampcid.google.pt ampcid.google.fr ampcid.google.co.uk ampcid.google.de ampcid.google.it ampcid.google.au ampcid.google.ie stats.g.doubleclick.net *.cloudfunctions.net img.youtube.com; frame-src 'self' *.taquilla.com *.facebook.com *.weezevent.com *.eventbrite.com *.ladesk.com *.doubleclick.net tpc.googlesyndication.com accounts.google.com www.google.com *.hotjar.com *.ytimg.com *.youtube.com; child-src www.google.com *.ladesk.com *.weezevent.com *.eventbrite.com *.hotjar.com *.facebook.com *.youtube.com tpc.googlesyndication.com blob:; report-uri /ws/system/csp-report.php 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodonapp.uk; img-src 'self' https: data: blob: https://mastodonapp.uk; style-src 'self' https://mastodonapp.uk 'nonce-yEuICViEdoQDkXhUR3/exg=='; media-src 'self' https: data: https://mastodonapp.uk; frame-src 'self' https:; manifest-src 'self' https://mastodonapp.uk; form-action 'self'; child-src 'self' blob: https://mastodonapp.uk; worker-src 'self' blob: https://mastodonapp.uk; connect-src 'self' data: blob: https://mastodonapp.uk https://files.mastodonapp.uk wss://mastodonapp.uk; script-src 'self' https://mastodonapp.uk 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.actionstep.com 1
frame-ancestors 'self' https://*.dante.io https://*.audinate.com https://*.audinate.freelock.net https://*.facebook.com https://*.gather.town https://*.vimeo.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.dante.io https://*.audinate.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.moatads.com https://api-public.addthis.com https://connect.facebook.net https://cdn.jsdelivr.net https://content.linkedin.com https://d1f8f9xcsvx3ha.cloudfront.net https://extend.vimeocdn.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspotfeedback.com https://js.usemessages.com https://m.addthis.com https://m.youtube.com https://platform.linkedin.com https://recaptcha.net https://s7.addthis.com https://player.vimeo.com https://script.crazyegg.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://v1.addthisedge.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.vimeo.com;style-src 'self' 'report-sample' 'unsafe-inline' *.dante.io *.audinate.com *.licdn.com *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.dante.io *.audinate.com *.googlesyndication.com;child-src 'self' blob: *.dante.io *.audinate.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.vimeo.com app.hubspot.com connect.facebook.net forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com recaptcha.net s7.addthis.com www.googletagmanager.com www.youtube.com www.vimeo.com;base-uri 'self' *.moatads.com;form-action 'self' *.dante.io *.audinate.com *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com webto.salesforce.com;worker-src 'self' blob: *.dante.io *.audinate.com www.google.com;upgrade-insecure-requests;report-uri 1
default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com data:; script-src 'self' localhost https://*.googletagmanager.com https://www.onlinepayment.com.my https://connect.facebook.net http://static.ads-twitter.com https://www.google-analytics.com https://analytics.tiktok.com https://ap-gateway.mastercard.com https://googleads.g.doubleclick.net https://sandbox.molpay.com https://*.hotjar.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' http://localhost:8080/ https://*.bjak.my https://*.analytics.google.com https://*.google-analytics.com https://*.analytics.tiktok.com https://csmetrics.hotjar.com/ https://*.g.doubleclick.net https://analytics.google.com/g/collect https://analytics.tiktok.com https://storage.googleapis.com; img-src * data: blob:; frame-src 'self' https://www.facebook.com/ https://ap-gateway.mastercard.com/ https://www.youtube.com; object-src data:; 1
upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com img.deccoria.pl data:; 1
script-src 'self' 'unsafe-eval'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self' 1
default-src 'self' https://*.ufone.com https://webchatcops.ufone.com https://static.ads-twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ufone.com https://unpkg.com https://cdn.datatables.net https://*.hotjar.com https://webchatcops.ufone.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://connect.facebook.net https://ka-f.fontawesome.com https://kit.fontawesome.com https://*.fontawesome.com https://*.bootstrapcdn.com https://*.mookie1.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.cloudflare.com https://*.doubleclick.net https://*.gstatic.com https://*.unpkg.com https://bankalfalah.gateway.mastercard.com https://*.datatables.net https://code.jquery.com https://*.googleapis.com https://*.tiqcdn.com https://*.jsdelivr.net; img-src 'self' data: https://c.clarity.ms https://cdn.acsbapp.com https://optimize.google.com https://*.google-analytics.com https://*.facebook.com https://*.bing.com https://ufone.syntecx.org https://ufonecloud.syntracx.com https://*.ufone.com https://*.doubleclick.net https://*.google.com https://*.google.com.pk https://*.datatables.net https://code.jquery.com https://*.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.gravatar.com https://*.w.org https://*.telemart.pk https://*.hotjar.com https://analytics.twitter.com https://t.co; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.datatables.net https://fonts.googleapis.com https://optimize.google.com https://*.googleapis.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.unpkg.com https://*.datatables.net https://code.jquery.com https://*.hotjar.com https://*.jsdelivr.net; font-src 'self' data: https://acsbapp.com https://unpkg.com https://fonts.gstatic.com https://*.googleusercontent.com https://*.gstatic.com https://*.cloudflare.com https://*.fontawesome.com https://*.unpkg.com https://*.hotjar.com; frame-src https://*.snapchat.com https://*.hotjar.com https://optimize.google.com https://*.facebook.com https://*.ufone.com https://*.google.com https://*.doubleclick.net https://bankalfalah.gateway.mastercard.com https://*.youtube.com https://*.tiqcdn.com; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.acsbapp.com https://*.snapchat.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://webchatcops.ufone.com https://*.fontawesome.com https://*.google-analytics.com https://*.doubleclick.net https://*.tiktok.com https://*.facebook.com https://*.googleapis.com; frame-ancestors https://*.tiktok.com; script-src-elem 'self' 'unsafe-inline' https://*.ufone.com https://www.clarity.ms https://*.snapchat.com https://acsbapp.com https://sc-static.net https://*.tiktok.com https://www.googletagmanager.com https://*.hotjar.com https://*.mookie1.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://kit.fontawesome.com https://www.googleadservices.com https://connect.facebook.net https://www.googleoptimize.com https://*.doubleclick.net https://static.ads-twitter.com https://*.google.com https://*.googleapis.com https://*.cloudflare.com https://*.unpkg.com https://*.datatables.net https://unpkg.com https://*.gstatic.com https://*.mastercard.com https://*.jquery.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.ufone.com https://*.jquery.com https://*.datatables.net https://unpkg.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.cloudflare.com; 1
default-src 'self' cfahome.okta.com *.oktacdn.com; connect-src 'self' cfahome.okta.com cfahome-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com cfahome.kerberos.okta.com cfahome.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cfahome.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' cfahome.okta.com *.oktacdn.com; frame-src 'self' cfahome.okta.com cfahome-admin.okta.com login.okta.com ok4-devicetrust.okta.com; img-src 'self' cfahome.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' cfahome.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://ascendvirtual.intrepidagile.com https://cfa.intrepidagile.com 1
default-src 'self' https://www.qmee.com https://cdn.beta.qmee.com https://cdn.qmee.com https://cdn.qmee.com;img-src 'self' https://*.qmee.com https://11595478.fls.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com https://d1s51etp8bktk6.cloudfront.net https://d30s7yzk2az89n.cloudfront.net https://d3t2iypqerjd0u.cloudfront.net data: https://*.quora.com https://*.taboola.com https://alb.reddit.com/ https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.com.au https://972103332.privacysandbox.googleadservices.com https://www.google.ca https://t.co https://*.twitter.com https://bat.bing.com https://www.qmee.com https://cdn.qmee.com https://cdn.beta.qmee.com https://*.clarity.ms https://c.bing.com https://cdn.qmee.com;style-src 'self' https://*.hotjar.com https://*.taboola.com https://*.hotjar.io https://www.qmee.com https://cdn.qmee.com https://cdn.beta.qmee.com https://cdn.qmee.com 'unsafe-inline';connect-src 'self' https://gateway.qmee.com https://auth.qmee.com https://*.airbrake.io wss://gateway.qmee.com wss://*.hotjar.com wss://*.hotjar.io https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.taboola.com https://*.hotjar.io https://api2.branch.io https://www.facebook.com https://www.qmee.com https://cdn.qmee.com https://cdn.beta.qmee.com https://*.clarity.ms https://c.bing.com https://cdn.qmee.com;script-src 'self' https://www.redditstatic.com/ https://*.trustpilot.com/ https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.taboola.com https://cdn.branch.io https://app.link https://www.googleadservices.com https://www.google.com https://connect.facebook.net https://static.ads-twitter.com https://sc-static.net https://analytics.twitter.com https://bat.bing.com/ https://www.qmee.com https://cdn.qmee.com https://cdn.beta.qmee.com https://*.clarity.ms https://c.bing.com 'sha256-xV1p+7qCeA47pC2unYYmT7tfjbGtk/6JsxjhyHtgWM4=' https://cdn.qmee.com;frame-src https://www.googletagmanager.com/ https://*.hotjar.com https://*.trustpilot.com/ https://*.hotjar.io https://www.youtube-nocookie.com https://*.facebook.com https://*.taboola.com https://*.qmee.com https://api-profiler.qurated.ai https://profiler.qurated.ai;frame-ancestors 'self' https://www.qmee.com https://beta.qmee.com https://blog.qmee.com;report-uri https://csp-report.qmee.com/csp_report_violations;report-to csp-endpoint 1
default-src 'self'; frame-src 'self' *.readspeaker.com/ ; style-src 'self' *.readspeaker.com/ 'unsafe-inline'; style-src-elem 'self' *.readspeaker.com/ ; font-src 'self' data: ; connect-src 'self' data: https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/ ; img-src 'self' https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/; script-src 'self' https://www.piwik.bayern.de/piwik/ https://websuche-regierung-ext.bayern.de/ *.readspeaker.com/ 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
default-src 'none'; img-src image.gsmpunt.nl https://image.gsmpunt.nl https://assets.gsmpunt.nl https://www.gsmpunt.nl https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://img.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.awin1.com https://www.zenaps.com http://www.googleadservices.com https://www.googleadservices.com https://*.clarity.ms data:;style-src https://assets.gsmpunt.nl  https://www.gsmpunt.nl 'unsafe-inline';script-src https://assets.gsmpunt.nl  https://www.gsmpunt.nl http://www.googletagmanager.com http://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.google.nl https://www.dwin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://www.google.com/recaptcha https://www.gstatic.com https://www.clarity.ms https://wjs.wurflcloud.com https://downloads-global.3cx.com 'unsafe-inline';media-src https://image.gsmpunt.nl https://assets.gsmpunt.nl;frame-src https://www.gsmpunt.nl https://www.youtube.com https://player.vimeo.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://www.google.com https://bid.g.doubleclick.net https://www.gstatic.com; connect-src https://www.gsmpunt.nl https://api.gsmpunt.nl https://*.google-analytics.com https://ampcid.google.com https://ampcid.google.nl stats.g.doubleclick.net https://the.sciencebehindecommerce.com http://www.google.com https://www.google.com https://*.analytics.google.com www.google.nl https://*.clarity.ms https://google.com https://*.bing.com https://wjs.wurflcloud.com https://gsmpunt.fluxcloud.eu:5001 wss://gsmpunt.fluxcloud.eu:5001 ;font-src https://www.gsmpunt.nl https://assets.gsmpunt.nl;object-src data:;manifest-src https://assets.gsmpunt.nl; 1
default-src 'none';base-uri 'self';object-src 'none';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net pdx-col.eum-appdynamics.com *.wellsfargomedia.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com;connect-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com google-analytics.com pdx-col.eum-appdynamics.com;frame-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com awusw-wfr.advanced-web-analytics.com *.doubleclick.net *.wellsfargo.wallst.com *.fccaccessonline.com wellsfargo-p2.markitdigital.com iframe.arkoselabs.com;media-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargomedia.com;form-action 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargo.com:*;worker-src 'self' blob:;script-src 'nonce-4a5620d1f3e84fdd9b062afc5edeb6ed' 'self' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com;frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com wellsfargo.markitdigital.com 1
default-src 'self' https://*.your-webhost.nl ssl.google-analytics.com in.hotjar.com vars.hotjar.com fonts.gstatic.com https://www.google-analytics.com 'unsafe-inline'; script-src 'self' https://*.your-webhost.nl https://www.google-analytics.com/analytics.js 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' https://*.your-webhost.nl ssl.google-analytics.com www.google-analytics.com 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src-attr 'self' https://*.your-webhost.nl www.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.your-webhost.nl fonts.googleapis.com 'unsafe-inline'; 1
script-src 'self' *.doubleclick.net *.google-analytics.com *.bing.com *.facebook.net *.outbrain.com *.mathtag.com *.proofpoint.com *.clarity.com *.treasuredata.com *.clarity.ms *.licdn.com *.yellowmessenger.com *.googletagmanager.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.paytm.in *.googlesyndication.com *.googleadservices.com *.ads-twitter.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self' * 'unsafe-inline' *.3qsdn.com *.payengine.de data: blob:; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com; img-src * 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com data: 1
default-src 'self' https://www2.cbiz.com;     script-src 'self' https://www2.cbiz.com https://code.jquery.com https://d33i2vgywgme2s.cloudfront.net https://online.flippingbook.com https://www.gstatic.com https://www.google.com http://cdnjs.cloudflare.com https://formstack.com https://cdn.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net https://cdn.jsdelivr.net https://analytics.formstack.com https://maps.google.com http://s7.addthis.com https://wave.outbrain.com http://tr.outbrain.com http://amplify.outbrain.com http://static.formstack.com https://cbiz-rtq.formstack.com https://dzl2wsuulz4wd.cloudfront.net https://cld.bz https://s7.addthis.com https://ssl.p.jwpcdn.com https://abm.emaplan.com https://content.jwplatform.com http://w.sharethis.com https://fast.wistia.com https://www.cbiz.com http://go.cbiz.com https://www.clarity.ms https://ok.cbiz.com https://go.cbiz.com https://e.infogram.com https://static.cloudflareinsights.com https://fast.wistia.net https://www.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://cbiz.widget.insent.ai https://cdn.cookielaw.org https://api.company-target.com https://scout-cdn.salesloft.com https://connect.facebook.net https://cdnjs.cloudflare.com https://dnnapi.com https://snap.licdn.com https://static.oktopost.com https://tag.demandbase.com https://api.swiftype.com https://pi.pardot.com/ https://googleads.g.doubleclick.net https://secure.saashr.com 'unsafe-inline' 'unsafe-eval';     connect-src 'self' https://h.clarity.ms/collect https://y.clarity.ms/collect https://px.ads.linkedin.com/wa/ https://embed-cloudfront.wistia.com https://w.clarity.ms https://fbo-b.flippingbook.com https://p.clarity.ms wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://maps.googleapis.com http://tr.outbrain.com https://backend.cld.bz https://videos-cloudfront-usp.jwpsrv.com https://content.jwplatform.com https://embed-fastly-vod.wistia.com https://fast.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://analytics.google.com https://m.clarity.ms https://privacyportal.onetrust.com https://dnnapi.com https://cdn.cookielaw.org https://scout.salesloft.com https://geolocation.onetrust.com https://www.google-analytics.com https://cdn.linkedin.oribi.io https://api.company-target.com https://stats.g.doubleclick.net  https://tag-logger.demandbase.com;     style-src 'self' https://d10lpsik1i8c69.cloudfront.net http://cdnjs.cloudflare.com http://static.formstack.com https://cdnjs.cloudflare.com https://ws.sharethis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://dnnapi.com 'unsafe-inline';     img-src * data:;     media-src 'self' blob: https://d10lpsik1i8c69.cloudfront.net;  worker-src 'self' blob:;     frame-src 'self' https://html5-player.libsyn.com https://play.libsyn.com https://go.pardot.com https://www.slideshare.net https://online.flippingbook.com https://app.lifehappens.org https://lifehappenspro.org  https://players.brightcove.net https://realogylifeinsurance.cbiz.com https://fast.wistia.com https://widgets.memberedge.io https://user-7eh7e5h.cld.bz https://cbiz-corp.formstack.com https://sattleradventuresports.cbiz.com https://www2.cbiz.com https://ws.sharethis.com https://seg.sharethis.com https://e.infogram.com https://user-emmuwdy.cld.bz https://cbizsurvey.az1.qualtrics.com https://www.facebook.com https://fast.wistia.net https://www.cbizlife.com https://www.youtube.com https://s.company-target.com https://cbiz.widget.insent.ai ;     font-src 'self' data: http://fonts.gstatic.com https://static.formstack.com https://fast.wistia.com https://dnnapi.com https://fonts.gstatic.com https://s.company-target.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.hu https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.hu https://tags.tiqcdn.com https://www.dm.hu; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.hu https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.hu https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.hu https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.hu https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.hu https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.hu https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.hu https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.hu https://signin.dm.hu; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
frame-ancestors 'self' ;frame-src www.google.com flixdot.com *.clips4sale.com mc.yandex.ru;media-src 'self' cdn.feet9.com *.cdn13.com;object-src 'none'; font-src 'self' fonts.gstatic.com  *.cdn13.com;style-src 'self' 'unsafe-inline' *.cdn13.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-WCnAAN6pZ2GKg3CNt0Ibug=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
require-sri-for 'script';require-sri-for 'style'; 1
default-src 'self' https://login.microsoftonline.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://zonmw.containers.piwik.pro https://zonmw.piwik.pro https://svc.webspellchecker.net https://static.userback.io https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://static.mailplus.nl https://m15.mailplus.nl https://www.google.com https://www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://static.userback.io https://cdnjs.cloudflare.com https://zonmw.piwik.pro https://fonts.googleapis.com https://fonts.gstatic.com https://static.mailplus.nl; img-src 'self' data: https://www.gstatic.com https://fonts.gstatic.com https://syndication.twitter.com/ https://zonmw.piwik.pro https://static.userback.io https://cdnjs.cloudflare.com https://fonts.googleapis.co https://maps.googleapis.com https://www.rovid.nl; media-src 'self' data: https://www.rovid.nl; frame-src 'self' data: https://*.tronit.nl/ https://platform.twitter.com/ https://www.linkedin.com/ https://www.google.com/; frame-ancestors *; child-src 'self'; font-src 'self' data: https://www.google.com/recaptcha/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://static.userback.io; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
default-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://antagning.se https://vanta.antagning.se *.queue-it.net https://analytics.uhr.se https://dl.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.recaptcha.net https://www.gstatic.cn/recaptcha/ https://uhrfaq.samres.services https://www.google.com; style-src 'report-sample' 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://uhrfaq.samres.services https://translate.googleapis.com; object-src 'none'; connect-src 'self' https://plausible.io https://analytics.uhr.se https://uhrfaq.samres.services https://translate.googleapis.com; img-src 'self' 'report-sample' data: blob: https://antagning.se https://translate.google.com https://translate.googleapis.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com; worker-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://uhrfaq.samres.services; frame-src 'self' https://www.google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha/ recaptcha.net https://www.googletagmanager.com; base-uri 'self'; form-action 'self' https://antagning.se epayment.nets.eu test.epayment.nets.eu https://uhrchatt.samres.services https://uhrfaq.samres.services; manifest-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-to csp-endpoint; report-uri /se/contentpolicyv2 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://js.stripe.com https://*.braintreegateway.com https://client.crisp.chat/ https://api.github.com https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://heapanalytics.com https://*.heapanalytics.com; img-src 'self' data: https://cdn.loom.com/ https://checkout.paypal.com https://*.braintreegateway.com https://*.crisp.chat/ heapanalytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://client.crisp.chat/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://client.crisp.chat/; media-src 'self' https://*.amazonaws.com; frame-src 'self' https://www.google.com/ https://js.stripe.com/ https://hooks.stripe.com/ https://client.crisp.chat/ https://www.youtube.com/ https://www.loom.com/ player.vimeo.com checkout.paypal.com; object-src 'self'; connect-src 'self' api.github.com https://www.google.com/ www.google-analytics.com heapanalytics.com https://avatar-cdn.atlassian.com wss://*.crisp.chat/ https://*.crisp.chat/ https://api.stripe.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net *.typekit.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com *.hubspot.com stats.g.doubleclick.net cdn.datatables.net www.google.com *.gstatic.com amerisafe.q4ir.com *.q4ir.com cdnjs.cloudflare.com ajax.googleapis.com www.youtube.com code.jquery.com e.issuu.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-f3d005c76c6d1100d362631a13db764c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests; default-src adm-nao.ru *.adm-nao.ru nao24.ru *.nao24.ru static-maps.yandex.ru 'unsafe-inline' vk.com *.vk.com yastatic.net *.yandex.net yandex.st *.yandex.ru yandex.ru *.gosuslugi.ru *.sputnik.ru data: 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.cube-net.org *.cube-net.pub *.decathlon.com *.facebook.com *.googleadservices.com *.gstatic.com *.preprod.decathlon.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.decathlon.net *.decathlon.pt *.easyence.com *.privacy-center.org *.rtbhouse.com *.tagcommander.com *.trustcommander.net *.useinsider.com appserver-develop.app.inteliwi.se brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net d3e54v103j8qbb.cloudfront.net decathlon.pt s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google-analytics.com www.paypal.com www.snrcdn.net prod-js.aws.y-track.com www.google.com *.inside-graph.com www.dwin1.com ui.swogo.net *.sharethis.com cdn.userway.org *.retailrocket.net player.vimeo.com dsp.adfarm1.adition.com api.pushpushgo.com s-eu-1.pushpushgo.com cdn.pushpushgo.com *.tiktok.com *.speedcurve.com cdn.onlive.site *.zenaps.com *.sciencebehindecommerce.com static.zdassets.com *.zdassets.com *.zendesk.com api.smooch.io analytics.tiktok.com onlive-site-default-rtdb.europe-west1.firebasedatabase.app s-euw1c-nss-2203.europe-west1.firebasedatabase.app *.europe-west1.firebasedatabase.app player.live-video.net webrtc.github.io/adapter/adapter-latest.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js view.publitas.com scripts.publitas.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.baqend.com *.inside-graph.com wss://*.inside-graph.com sentry.io api.swogo.net *.sharethis.com tracking.swogo.net api.userway.org *.decathlon.pt vimeo.com *.adform.net *.adnxs.com *.adsrvr.org *.atdmt.com *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.criteo.com *.criteo.net *.crm4d.com *.cube-net.org *.cube-net.pub *.custhelp.com *.dynatrace.com *.easyence.com *.facebook.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.gstatic.com *.mediadecathlon.com *.privacy-center.org *.retailrocket.net *.rtbhouse.com *.salecycle.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.trylive.com *.useinsider.com adventori.com api.pushpushgo.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com appserver-develop.app.inteliwi.se brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net cdn.pushpushgo.com cdn.tagcommander.com cdn.userway.org connect.facebook.net contents.mediadecathlon.com d3e54v103j8qbb.cloudfront.net decathlon.pt dsp.adfarm1.adition.com fonts.googleapis.com fonts.gstatic.com inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com manager.tagcommander.com nxtck.com platform.commandersact.com player.vimeo.com redirect3536.tagcommander.com s-eu-1.pushpushgo.com s3-eu-west-1.amazonaws.com s3.us-east-1.amazonaws.com sdk.privacy-center.org site.booxi.com static-a.pushpushgo.com sync.adotmob.com tag.goldenbees.fr translate.google.com trustmate.io ui.onepay-qualification.decathlon.io ui.swogo.net urldefense.proofpoint.com vjs.zencdn.net wurfl.io www.awin1.com www.dwin1.com www.google.be www.google.com www.google.com/recaptcha/ www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.googleadservices.com www.gstatic.com/recaptcha/ www.mediadecathlon.com www.snrcdn.net www.youtube.com decathlonpt.app.baqend.com api.numerized.com *.tiktok.com *.speedcurve.com *.onlive.site onlive.site *.zenaps.com *.sciencebehindecommerce.com fpc.decathlon.pt api.smooch.io media.smooch.io wss://api.smooch.io *.zdassets.com *.zendesk.com mirakl-api.oxitpl.com analytics.tiktok.com *.millicast.com wss://live-west.millicast.com wss://api.onlive.site onlive-site.appspot.com webrtc.github.io s-euw1b-nss-208.europe-west1.firebasedatabase.app tao6h0wlhh.execute-api.eu-west-2.amazonaws.com onlive-site-default-rtdb.europe-west1.firebasedatabase.app firestore.googleapis.com ajax.googleapis.com identitytoolkit.googleapis.com code.iconify.design o1126177.ingest.sentry.io api.ipify.org geolocation-db.com httpbin.org player.live-video.net *.firebasedatabase.app wss://*.europe-west1.firebasedatabase.app api.iconify.design s-euw1c-nss-2203.europe-west1.firebasedatabase.app wss://s-euw1c-nss-2203.europe-west1.firebasedatabase.app;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.braintreegateway.com *.facebook.com *.y-track.com connect.facebook.net *.adform.net *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.custhelp.com *.decathlon.net *.decathlon.pt *.easyence.com *.hotjar.com *.rtbhouse.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.useinsider.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net decathlon.pt inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com s3-eu-west-1.amazonaws.com trustmate.io ui.onepay-qualification.decathlon.io ui.onepay.decathlon.net www.google-analytics.com www.googletagmanager.com www.paypal.com s3.us-east-1.amazonaws.com onepay-ui.decathlon.net prod-js.aws.y-track.com www.awin1.com *.inside-graph.com *.sharethis.com ui.swogo.net cdn.userway.org *.retailrocket.net sync.adotmob.com s-eu-1.pushpushgo.com cdn.pushpushgo.com static-a.pushpushgo.com *.app.baqend.com *.zenaps.com *.onlive.site static.zdassets.com accounts.zdassets.com decathlon4400.zendesk.com *.zdassets.com *.zendesk.com https//static.zdassets.com www.google.pt eu-assets.klarnaservices.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.cube-net.org *.cube-net.pub *.decathlon.net *.decathlon.pt *.useinsider.com cdn.jsdelivr.net decathlon.pt trustmate.io www.snrcdn.net *.inside-graph.com cdn.userway.org *.retailrocket.net;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.decathlon.pt decathlon.pt cdn.userway.org s-eu-1.pushpushgo.com cdn.pushpushgo.com *.app.baqend.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.cube-net.org *.cube-net.pub ws: api.pushpushgo.com s-eu-1.pushpushgo.com cdn.pushpushgo.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.cube-net.org *.cube-net.pub data: brightcove.hs.llnwd.net brightcove.vo.llnwd.net cdn.userway.org *.akamaihd.net cdn.decathlon.pt www.decathlon.fr;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.cube-net.org *.cube-net.pub *.facebook.com *.preprod.decathlon.com *.adform.net *.brightcove.com *.custhelp.com *.decathlon.pt *.paypal.com *.tagcommander.com *.useinsider.com decathlon.pt www.youtube.com vrbox.io www.google.com *.criteo.com *.calameo.com *.inside-graph.com cdn.userway.org player.vimeo.com *.googletagmanager.com *.zenaps.com *.onlive.site *.kipsta-barrio.com;frame-ancestors 'self' *.cube-net.org *.cube-net.pub *.facebook.com *.decathlon.pt; 1
frame-ancestors 'self' https://*.prepp.in 1
frame-ancestors 'self' sabart.it http://localhost:*; 1
connect-src 'self' https://*.google-analytics.com https://*.siteimprove.com https://*.readspeaker.com https://*.hireserve.nl https://*.acc.hireserve.nl https://*.doubleclick.net wss://ws.hotjar.com https://*.hotjar.io; font-src 'self' data: https://fonts.gstatic.com https://*.hireserve.nl https://fonts.googleapis.com https://*.acc.hireserve.nl; frame-src 'self' https://www.google.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com; img-src 'self' https://*.siteimproveanalytics.io data: https://www.gstatic.com https://www.google-analytics.com https://*.hireserve.nl https://*.acc.hireserve.nl https://*.ytimg.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://connect.facebook.net https://*.hotjar.com https://*.twitter.com https://www.gstatic.com https://*.youtube.com https://*.vimeo.com  cdn-eu.readspeaker.com https://cdn.siteimprove.net https://platform.acc.hireserve.nl https://platform.hireserve.nl https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://www.gstatic.com https://cloud.typography.com https://fonts.googleapis.com https://platform.acc.hireserve.nl https://platform.hireserve.nl; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors *; report-uri https://www.rackspace.com/en-gb/report-uri/enforce 1
frame-ancestors 'self' *.local *.unesco.de deutscheunesco.sharepoint.com 1
connect-src https: wss:; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.matrimonio.com.co https://comunidad.matrimonio.com.co https://landing.matrimonio.com.co 1
frame-ancestors cyclesoftware.nl cyclesoftware.be cyclesoftware.fr; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' mykid.no www.gstatic.com maps.googleapis.com backstage.mykid.no; img-src * blob: data:; style-src 'self' 'unsafe-inline' fonts.gstatic.com www.gstatic.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; form-action 'self'; report-uri https://hosting.guru/csp-report/report.php 1
script-src 'self' https://cdn.twinrdsyn.com https://twinrdsyn.com https://simplewebanalysis.com https://www.topdisplayformat.com https://www.collarspace.com/default.asp 'unsafe-inline' 'unsafe-eval' https://www.collarspace.com/js/photoChange2020_6_9.min.js https://dating.collarspace.com https://www.extremerestraints.com https://*.alt.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://www.collarspace.com/js/default22-11-29b.js https://www.collarspace.com/js/default22-11-14bli.js ;frame-src https://simplewebanalysis.com https://*.alt.com https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://static.cloudflareinsights.com;img-src 'self' https://* https://simplewebanalysis.com https://*.alt.com https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://static.cloudflareinsights.com;connect-src 'self' https://simplewebanalysis.com https://*.alt.com https://dating.collarspace.com https://www.extremerestraints.com https://*.uberkinky.com https://*.youtube.com https://*.chaturbate.com https://www.collarspace.com/sp/js/swipe131.js https://ajax.cloudflare.com https://static.cloudflareinsights.com;child-src 'none';object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://200.14.213.186 http://201.238.242.206:* http://*.adform.net http://*.ads-twitter.com http://*.clarochile.cl http://*.claromusica.com http://*.clarovideo.net http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.google-analytics.com http://*.googleapis.com http://*.googletagmanager.com http://*.gstatic.com http://*.hotjar.com:* http://*.hotjar.io http://lib-us-1.brilliantcollector.com http://*.twitter.com http://*.youtube.com http://ajax.aspnetcdn.com http://api.retargetly.com http://cap-sg-prd-1.securegateway.appdomain.cloud:15294 http://*.e-contact.cl http://clarochile.custhelp.com http://clickserv.sitescout.com http://ds-aksb-a.akamaihd.net http://elastic-app-amx.tmx-internacional.net http://geoportalclaro.maps.arcgis.com http://googleads.g.doubleclick.net http://maxcdn.bootstrapcdn.com http://pit2.telmexchile.cl http://pixel.sitescout.com http://servicios.fidelis.cl http://t.co http://track.neianalytics.com http://uscollector.tealeaf.ibmcloud.com http://www.altasclarovideo.com http://*.clarovideo.com http://www.clicktochat.cl http://www.google.cl http://*.google.com http://*.google.com.mx http://www.googleadservices.com http://www.portateahora.cl http://youtu.be https://200.14.213.186 https://201.238.242.206:* https://*.adform.net https://*.ads-twitter.com https://*.clarochile.cl https://*.claromusica.com https://*.clarovideo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com:* https://*.hotjar.io https://*.idx.lat https://lib-us-1.brilliantcollector.com https://*.twitter.com https://*.youtube.com https://ajax.aspnetcdn.com https://api.retargetly.com https://cap-sg-prd-1.securegateway.appdomain.cloud:15294 https://*.e-contact.cl https://clarochile.custhelp.com https://clickserv.sitescout.com https://ds-aksb-a.akamaihd.net https://elastic-app-amx.tmx-internacional.net https://geoportalclaro.maps.arcgis.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://pit2.telmexchile.cl https://pixel.sitescout.com https://servicios.fidelis.cl https://t.co https://track.neianalytics.com https://uscollector.tealeaf.ibmcloud.com https://www.altasclarovideo.com https://*.clarovideo.com https://www.clicktochat.cl https://www.google.cl https://*.google.com https://*.google.com.mx https://www.googleadservices.com https://www.portateahora.cl https://empresa.solvencia.cl https://claro.solvencia.cl https://plus.raak.cl https://unpkg.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.googleoptimize.com https://convenioclaro.cl https://connect.facebook.net https://*.clarodigital.net https://*.clarity.ms https://lilac.maps.arcgis.com https://gis.lla.com https://analytics.tiktok.com https://*.vtr.com https://*.cloud.vtr.cl https://dev.visualwebsiteoptimizer.com https://youtu.be https://*.vwo.com https://*.bing.com https://cdnjs.cloudflare.com; media-src 'self' mediastream: https://*.clarochile.cl https://*.vtr.com https://*.cloud.vtr.cl; 1
upgrade-insecure-requests; frame-ancestors 'self' *.fontspring.com; default-src 'self' *.fontspring.com data: blob: 'unsafe-inline' 'unsafe-eval' chrome-extension *.microsofttranslator.com microsofttranslator.com *.bing.com bing.com *.matcherator.com matcherator.com *.braintreegateway.com braintreegateway.com *.braintree-api.com braintree-api.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com *.tipalti.com *.recaptcha.net recaptcha.net *.google.com google.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.pipedrive.com *.gravatar.com gravatar.com *.mcusercontent.com mcusercontent.com *.youtube-nocookie.com youtube-nocookie.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.vimeo.com vimeo.com *.figma.com figma.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.googlesyndication.com *.hotjar.com hotjar.com *.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com wingify-assets.s3.amazonaws.com s3.amazonaws.com *.emjcd.com www.sjwoe.com idsync.rlcdn.com members.cj.com *.amplitude.com browser-intake-datadoghq.com; report-uri https://www.fontspring.com/error/csp_report; report-to default 1
base-uri 'self'; form-action 'self'; upgrade-insecure-requests; default-src 'self'; font-src 'self' https://cdn.nube.com.br https://fonts.gstatic.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://f.vimeocdn.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://gadasource.storage.googleapis.com; frame-src 'self' https://www.youtube.com/ https://www.facebook.com https://www.google.com https://player.vimeo.com https://f.vimeocdn.com https://maps.googleapis.com https://embed.wix.com; media-src 'self' blob: https://www.youtube.com/ https://player.vimeo.com https://f.vimeocdn.com; connect-src 'self' https://www.youtube.com/ https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://fcm.googleapis.com https://*.google-analytics.com https://analytics.google.com https://webchat.totalip.com.br wss://webchat.totalip.com.br; img-src 'self' data: https://cdn.nube.com.br https://www.youtube.com/ https://i.vimeocdn.com https://static.xx.fbcdn.net https://*.google-analytics.com https://ivccf.ivcbrasil.org.br https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com.br https://*.google.com https://webchat.totalip.com.br; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-ancestors 'self' *.ci360.sas.com; 1
frame-ancestors cobrowse.bajajallianzlife.com https://balicuat.bajajallianzlife.com; 1
default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; img-src https://solvedata.app; connect-src https://solvedata.app https://*.solvestack.net; base-uri 'self'; manifest-src 'self'; form-action: 'none'; frame-ancestors: 'none'; upgrade-insecure-requests; disown-opener; report-uri https://o222961.ingest.sentry.io/api/5943821/security/?sentry_key=27125b01295a429eacd4a569eb259e40&sentry_environment=landing-ui 1
default-src 'self' *.contentful.com *.vercel-analytics.com *.algolia.net *.doubleclick.net *.google-analytics.com *.analytics.google.com *.clarity.ms *.snapchat.com https://analytics.tiktok.com https://www.nintendo.com.au *.intercom.io wss://nexus-australia-websocket.intercom.io https://js.intercomcdn.com tagmanager.google.com https://use.typekit.net https://p.typekit.net https://assets.nintendo.eu https://assets.nintendo.com; frame-src 'self' https://intercom-sheets.com/ *.algolia.net https://optimize.google.com/ www.recaptcha.net www.gstatic.com www.google.com googletagmanager.com googleanalytics.com google-analytics.com googleoptimize.com *.youtube.com nintendoaustralia.formstack.com *.accounts.nintendo.com *.nintendo.com *.nintendo.com.au *.adsrvr.org *.snapchat.com *.doubleclick.net https://www.facebook.com/ *.facebook; script-src 'self' www.recaptcha.net *.gstatic.com *.youtube.com *.nintendo-europe.com https://cdnjs.cloudflare.com https://ajax.googleapis.com *.formstack.com *.algolia.net *.doubleclick.net *.snapchat.com https://widget.intercom.io https://js.intercomcdn.com nintendo.com nintendo.com.au https://optimize.google.com https://www.googleoptimize.com https://connect.facebook.net *.accounts.nintendo.com https://www.clarity.ms https://js.adsrvr.org/up_loader.1.1.0.js https://sc-static.net/scevent.min.js https://static.ads-twitter.com https://www.googletagmanager.com/ https://www.googleanalytics.com https://www.google-analytics.com *.vercel.app *.cdn.nintendo.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.typekit.net https://p.typekit.net https://www.nintendo.co.uk https://www.nintendo.com.au *.vercel.app https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://assets.nintendo.eu *.cdn.nintendo.net 'unsafe-inline'; img-src 'self' https: https://assets.nintendo.eu data:; font-src https://fonts.intercomcdn.com *.assets.nintendo.eu *.nintendo.eu https://fonts.gstatic.com https://use.typekit.net data: 'self' 1
frame-ancestors 'self' http://keycloak.webfleet https://*.webfleet.com http://*.wfs.global:* http://*.dev.ttw:*; 1
default-src 'self';  script-src  'self' https:       'unsafe-inline' 'unsafe-eval';  style-src   'self' https:       'unsafe-inline';  font-src    'self' https: data: 'unsafe-inline';  img-src     'self' https: data:;  connect-src 'self' https:;  frame-src   'self' https:;  media-src   'self' https:;  form-action 'self' https:; base-uri    'self';  frame-ancestors 'self' https:;  object-src  'none'; 1
default-src https://*.gentlent.com https://*.gentcdn.com 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src blob: data: https://*.gentlent.com https://*.stripe.com https://*.paddle.com https://*.google.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com 'self'; img-src https: blob: data: 'self'; manifest-src 'self'; media-src https: blob: 'self'; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors https://*.gentlent.com 'self'; object-src 'none'; base-uri https://*.gentlent.com 'self'; prefetch-src https:; form-action https: 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' https://www.anaconda.com https://anaconda.com http://www.anaconda.com http://anaconda.com http://*.anaconda.com https://anaconda.cloud https://*.anaconda.cloud https://test-anaconda.skilljar.com https://accounts.skilljar.com 1
default-src 'self' data: blob: https://*;frame-src 'self' https://googleads.g.doubleclick.net https://accounts.google.com https://content.googleapis.com https://docs.google.com https://js.stripe.com data: blob: https://*;script-src 'self' blob: https://accounts.google.com https://js.zi-scripts.com https://lf16-tiktok-web.ttwstatic.com https://platform.twitter.com https://www.instagram.com/embed.js https://www.tiktok.com/embed.js https://www.instagram.com/static/bundles/metro/EmbedSDK.js/d9addf525b6a.js https://prismic.io/prismic-toolbar https://js.hsleadflows.net https://js.na.chilipiper.com/marketing.js https://static.cdn.prismic.io https://www.gstatic.com https://www.google.com https://js-na1.hs-scripts.com https://www.youtube.com https://forms.hsforms.com https://js.hsforms.net https://widget.gleamjs.io https://script.hotjar.com https://static.hotjar.com https://js.usemessages.com https://analytics.twitter.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hs-scripts.com https://static.ads-twitter.com https://snap.licdn.com https://adservice.google.com.vn https://sjs.bizographics.com/ https://js.intercomcdn.com https://widget.intercom.io https://pagead2.googlesyndication.com https://adservice.google.com https://www.googletagservices.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://js.stripe.com https://www.dropbox.com/ https://widget.trustpilot.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://accounts.google.com https://sdk.iad-06.braze.com https://ws.zoominfo.com https://js.zi-scripts.com https://px.ads.linkedin.com https://content.hotjar.io https://forms.hscollectedforms.net https://api.na.chilipiper.com https://api.chilipiper.com https://tracking.chilipiper.com/sentry/capture https://cdn.linkedin.oribi.io https://lumin-pdf.prismic.io/api/v2 https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://browser-http-intake.logs.datadoghq.com https://lumin.cdn.prismic.io https://exceptions.hubspot.com https://pinpoint.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubspot.com https://vc.hotjar.io https://*.hotjar.com https://lumin-pdf.cdn.prismic.io https://forms.hubspot.com https://api.hubapi.com https://*.luminpdf.com https://*.luminpdf.com/api/web/graphql wss://www.luminpdf.com/api/web/graphql ws: https://lumin-documents-california.s3.us-west-1.amazonaws.com https://lumin-documents-california.s3.amazonaws.com https://api-iam.intercom.io https://*.doubleclick.net https://www.google-analytics.com https://dl.dropboxusercontent.com https://s3-us-west-1.amazonaws.com https://api.emailjs.com https://sentry.io https://socket.luminpdf.com wss://socket.luminpdf.com https://s3.amazonaws.com https://www.googleapis.com https://docs.google.com https://*.googleusercontent.com https://content.dropboxapi.com https://api.dropboxapi.com https://www.pdftron.com https://content.googleapis.com/drive;img-src 'self' data: blob: *;object-src 'none';style-src 'self' https://accounts.google.com https://lf16-tiktok-web.ttwstatic.com https://unpkg.com/ https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' *.interpublic.com https://maps.gstatic.com https://maps.googleapis.com data: ;   image-src  'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.matomo.cloud data: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.interpublic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.gstatic.com https://use.fontawesome.com https://*.matomo.cloud blob: ;   connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.matomo.cloud blob: ;   style-src  'self' 'unsafe-inline' *.interpublic.com https://*.googleapis.com https://use.fontawesome.com;   font-src   'self' https://use.fontawesome.com https://*.gstatic.com data: ;   frame-src  'self' *.spotify.com *.youtube.com *.vimeo.com *.apple.com *.buzzsprout.com www.google.com embed.acast.com blob: ; 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sfba.social; img-src 'self' https: data: blob: https://sfba.social; style-src 'self' https://sfba.social 'nonce-W0TniPvaFpdmLi+aqbU1iA=='; media-src 'self' https: data: https://sfba.social; frame-src 'self' https:; manifest-src 'self' https://sfba.social; form-action 'self'; child-src 'self' blob: https://sfba.social; worker-src 'self' blob: https://sfba.social; connect-src 'self' data: blob: https://sfba.social https://files.sfba.social wss://sfba.social; script-src 'self' https://sfba.social 'wasm-unsafe-eval' 1
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: mgln.ai onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com docv-prod-api.alloy.co edge.fullstory.com ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com rs.fullstory.com sdk.iad-05.braze.com stats.g.doubleclick.net tr.snapchat.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com ; frame-src 'self' *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync.transcend.io tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: mgln.ai tvspix.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.mgln.ai tvspix.com www.redditstatic.com *.doubleclick.net *.fullstory.com *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.transcend.io cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai fullstory.com js.verygoodvault.com maps.googleapis.com sc-static.net static.ada.support static.zdassets.com tr.snapchat.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.transcend.io cdn.userway.org ; 1
frame-ancestors  'self' 1
child-src blob: ;connect-src * https: ;default-src 'self' ;font-src * data: https: ;frame-src * https: ;img-src * data: ;media-src mss-p-009-delivery.stylelabs.cloud media.schott.com assets.schott.com https://webreader.naturalreaders.com blob: ;object-src https://webreader.naturalreaders.com ;script-src * 'unsafe-inline' https: blob: ;style-src * 'unsafe-inline' https: ;worker-src blob: ; 1
frame-ancestors https://*.jds.fr; 1
default-src 'self' blob: data: *.massport.com *.prod.acquia-sites.com ; script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.newrelic.com bam.nr-data.net *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.pointr.cloud *.bing.com *.pinimg.com *.facebook.net *.teads.tv; object-src 'self' *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.massport.com *.prod.acquia-sites.com; img-src 'self' 'unsafe-inline' *.gstatic.com *.massport.com data: *.prod.acquia-sites.com bos.resources.aocdms.com *.googleapis.com *.google.com *.bing.com *.teads.tv *.pinterest.com *.facebook.com *.facebook.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.massport.com *.prod.acquia-sites.com *.youtube-nocookie.com; frame-src 'self' *.google.com *.atlassian.net *.prod.acquia-sites.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.items.aero *.pinterest.com; child-src 'self' *.massport.com *.prod.acquia-sites.com ; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: *.massport.com *.prod.acquia-sites.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com analytics.google.com *.googleapis.com bam.nr-data.net mbta-proxy.bos.aocadp.com gtfs.bos.aocadp.com *.prod.acquia-sites.com *.nr-data.net *.pointr.cloud *.bing.com *.teads.tv *.pinterest.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src https://assets.essential.gg https://s.ytimg.com https://www.youtube.com/iframe_api https://vimeo.com https://player.vimeo.com; style-src https://assets.essential.gg 'unsafe-inline'; img-src 'self' https://camo.essential.gg https://static.essential.gg https://images.essential.gg https://videos.essential.gg https://i.ytimg.com https://img.youtube.com https://i.vimeocdn.com https://image.mux.com https://vod.api.video data: blob:; font-src https://static.essential.gg; connect-src 'self' https://static.essential.gg https://assets.essential.gg https://images.essential.gg https://essential.gg/api https://downloads.essential.gg https://noembed.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://stream.mux.com https://*.cfcdn.mux.com https://*.fastly.mux.com https://vod.api.video https://embed.api.video https://image.mux.com https://vod.api.video https://api.mapbox.com https://events.mapbox.com; media-src blob: https://static.essential.gg https://videos.essential.gg https://stream.mux.com https://*.cfcdn.mux.com https://*.fastly.mux.com https://vod.api.video https://embed.api.video; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com blob:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com; manifest-src 'self'; object-src 'none'; worker-src 'self' blob:; require-sri-for script style; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; report-uri https://essential.gg/api/report/content-security-policy; 1
default-src 'self' ; connect-src 'self' https://www.apple.com https://appleid.cdn-apple.com https://appleid.apple.com https://api.apple-cloudkit.com https://feedbackws.apple-cloudkit.com https://*.icloud-content.com ; font-src 'self' https://www.apple.com https://appleid.cdn-apple.com ; frame-src 'self' https://idmsa.apple.com https://signin.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://familyws.icloud.apple.com  https://apps.apple.com ; img-src 'self' https://www.apple.com https://appleid.cdn-apple.com data: https://*.mzstatic.com https://appleid.apple.com https://*.icloud.com ; media-src data: ; object-src 'none' ; script-src 'self' https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://signin.apple.com https://gsa.apple.com https://idmsa.apple.com.cn ; style-src 'unsafe-inline' 'self' https://www.apple.com https://appleid.cdn-apple.com ; 1
base-uri 'self';default-src 'self' salebot.pro code.jquery.com blob:;script-src 'self' 'nonce-f1964873-b86d-478c-8bd8-6b2f19b8f301' 'unsafe-eval' salebot.pro code.jquery.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com mc.yandex.ru www.datadoghq-browser-agent.com api-maps.yandex.ru yastatic.net *.maps.yandex.net www.google.com;style-src 'self' 'unsafe-inline' salebot.pro code.jquery.com fonts.googleapis.com;font-src 'self' data: salebot.pro code.jquery.com db.onlinewebfonts.com;frame-src 'self' salebot.pro code.jquery.com www.youtube.com kinomax.ru www.google.com www.facebook.com yandex.ru;connect-src 'self' blob: salebot.pro code.jquery.com images.kinomax.ru pp.userapi.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com mc.yandex.ru www.datadoghq-browser-agent.com api.kinomax.dev api.kinomax.ru api2022.kinomax.ru www.facebook.com logs.browser-intake-datadoghq.eu stats.g.doubleclick.net;img-src 'self' data: blob: salebot.pro code.jquery.com images.kinomax.ru pp.userapi.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com mc.yandex.ru www.datadoghq-browser-agent.com api.kinomax.dev api.kinomax.ru api2022.kinomax.ru www.facebook.com api-maps.yandex.ru yastatic.net *.maps.yandex.net www.facebook.com mc.yandex.ru www.google.com www.google.co.uk files.salebot.pro storage.yandexcloud.net mc.yandex.com;media-src 'self' data: blob: salebot.pro code.jquery.com images.kinomax.ru pp.userapi.com;manifest-src 'self' salebot.pro code.jquery.com;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.bcvcdn.com *.bngprm.com *.wlicdn.com *.google.com https://www.google.com *.hcaptcha.com hcaptcha.com *.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.gstatic.com fonts.googleapis.com cdn.fluidplayer.com https://blog.bongacams.com https://blog.bongacams.net *.bongacash.com bongacash.com i.bongacash.com i.bcshcdn.com bngprm.com bngpst.com bngrol.com bngpop.com bcmspt.com bngdin.com dynspt.com ecdyn.com i.bngprm.com i.bngpst.com i.bngrol.com i.bngpop.com i.bcmspt.com i.bngdin.com i.dynspt.com i.ecdyn.com *.bongacams.com *.bongacams.net; img-src * data:; media-src * data: blob:; frame-ancestors 'self' *.bongacash.com; 1
default-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' data:; connect-src 'self' https: *.googleapis.com; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' https://www.youtube.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://universeodon.com; img-src 'self' https: data: blob: https://universeodon.com; style-src 'self' https://universeodon.com 'nonce-Ssc4CQuxbZVKfbAwOYoACQ=='; media-src 'self' https: data: https://universeodon.com; frame-src 'self' https:; manifest-src 'self' https://universeodon.com; form-action 'self'; child-src 'self' blob: https://universeodon.com; worker-src 'self' blob: https://universeodon.com; connect-src 'self' data: blob: https://universeodon.com https://media.universeodon.com wss://universeodon.com; script-src 'self' https://universeodon.com 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com http://cse.google.com https://cse.google.com https://www.googletagmanager.com https://api.mapbox.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.abcb.gov.au/report-uri/enforce 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' wcs.naver.net rum.beusable.net script.beusable.net mgxauaxkqisl514632.cdn.ntruss.com *.beusably.net www.googletagmanager.com;object-src 'self' xv-ncloud.pstatic.net *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com;media-src 'self' *.ncloud.com xv-ncloud.pstatic.net blob:;style-src 'self' 'unsafe-inline' *.beusably.net www.googletagmanager.com fonts.googleapis.com;img-src 'self' data: ssl.pstatic.net *.ncloud.com xv-ncloud.pstatic.net ncloud-cs.static.naver.com i.ytimg.com *.apigw.ntruss.com wcs.naver.com www.googletagmanager.com fonts.gstatic.com;frame-src nid.naver.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com www.youtube.com xv-ncloud.pstatic.net;connect-src 'self' *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com xv-ncloud.pstatic.net *.naver.com blob: *.google.com wss://rum.beusable.net *.beusably.net ba.beusable.net www.google-analytics.com;font-src 'self' ssl.pstatic.net fonts.gstatic.com 1
default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com; 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.no https://analytics.prod.nntech.io https://analytics.nordnet.no https://cdn.prod.nntech.io https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google-analytics.com https://adservice.google.com https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.no; img-src 'self' https://analytics.prod.nntech.io https://analytics.nordnet.no https://cdn.prod.nntech.io data: blob: https://www.google-analytics.com https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://www.googletagmanager.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blogg.nordnet.no; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-3c84f75e-ede2-4762-af3b-171bdd454a85' https://analytics.prod.nntech.io https://analytics.nordnet.no https://cdn.prod.nntech.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com; 1
connect-src 'self' https: *.facebook.com http://localhost:8080 ws://dev.local:3000 ws://localhost:3000 ws://localhost:8182 wss://localhost:8181 wss://www.cardtrader.com:3000 wss://staging.cardtrader.com:3000 wss://*.upscope.io wss://*.hotjar.com https://api.stripe.com https://maps.googleapis.com; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: gravatar.com *.google-analytics.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' cdn.livechatinc.com facebook.net *.googletagmanager.com *.google-analytics.com widget.trustpilot.com js.stripe.com maps.googleapis.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com; frame-src 'self' https: js.stripe.com hooks.stripe.com; worker-src 'self' blob: data:; default-src 'self'; report-uri /report/csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'self' 1
default-src 'self'; script-src acdn.adnxs.com connect.facebook.net *.ipredictive.com www.googleadservices.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com use.typekit.net snap.licdn.com js.adsrvr.org *.doubleclick.net analytics.twitter.com api.mqcdn.com www.mapquestapi.com cds-sdkcfg.onlineaccess1.com assets.sitescdn.net api.mapbox.com assets.contently.com s.ytimg.com *.wistia.com *.wistia.net *.fontawesome.com *.akamaihd.net tag.simpli.fi i.simpli.fi ssl.p.jwpcdn.com content.jwplatform.com abm.emaplan.com answers-embed.synovus.com.pagescdn.com cdn.pdst.fm tag.demandbase.com *.basis.net cdn.leadmanagerfx.com agent.marketingcloudfx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src api.mqcdn.com api.mapbox.com assets.sitescdn.net *.wistia.com *.wistia.net *.fontawesome.com 'self' 'unsafe-inline'; img-src * data: about: 'self'; font-src use.typekit.net api.mqcdn.com *.fontawesome.com *.wistia.com *.wistia.net fonts.gstatic.com data: 'self'; frame-src *.doubleclick.net pixel-a.basis.net pixel.sitescout.com insight.adsrvr.org www.youtube.com assets.contently.com www.facebook.com match.adsrvr.org player.vimeo.com www.fintactix.com answers-embed.synovus.com.pagescdn.com *.wistia.com *.wistia.net www.googletagmanager.com *.ipredictive.com s.company-target.com 'self'; connect-src www.google-analytics.com *.doubleclick.net www.mapquestapi.com *.mapquest.com *.mqcdn.com *.mapbox.com track.contently.com *.wistia.com *.wistia.net *.litix.io *.akamaihd.net *.fontawesome.com www.facebook.com videos-fms.jwpsrv.com prd.jwpltx.com content.jwplatform.com videos-cloudflare.jwpsrv.com cdn.linkedin.oribi.io liveapi-cached.yext.com answers.yext-pixel.com *.company-target.com *.google.com *.cloudfunctions.net tag-logger.demandbase.com *.marketingcloudfx.com 'self'; child-src blob:; media-src *.wistia.com *.wistia.net *.akamaihd.net blob: data:; frame-ancestors branch-transformation.com 'self'; report-uri https://csp-violations.synovus.com/csp-report 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://c.im; img-src 'self' https: data: blob: https://c.im; style-src 'self' https://c.im 'nonce-qrW1Tm/8gDFGlswgh4AByg=='; media-src 'self' https: data: https://c.im; frame-src 'self' https:; manifest-src 'self' https://c.im; form-action 'self'; child-src 'self' blob: https://c.im; worker-src 'self' blob: https://c.im; connect-src 'self' data: blob: https://c.im https://s3.c.im wss://c.im; script-src 'self' https://c.im 'wasm-unsafe-eval' 1
default-src 'self' data: blob: https://app.framerstatic.com https://framerusercontent.com https://events.framer.com https://fonts.gstatic.com https://unpkg.com https://snap.licdn.com https://public.rive.app https://*.linkedin.com https://cdn.jsdelivr.net https://rive.app 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src 'self' https://www.gstatic.com/images/branding/product/2x/translate_24dp.png https://www.toegankelijkheidsverklaring.nl/files/verklaring/label/910ebd06ef8db91f4e65823a3e1439f4.1718.svg data: https://opendata.nederlandwereldwijd.nl statistiek.rijksoverheid.nl; object-src 'none'; frame-ancestors 'none'; form-action 'self' https://api.contenttoolsrijksoverheid.nl; style-src 'self' 'nonce-TxEeLDmxDShVSRQ3nVoeyWNrTp+uRn4/EJ/QGe8lQh4=' statistiek.rijksoverheid.nl https://translate.googleapis.com/translate_static/css/translateelement.css; font-src 'self' statistiek.rijksoverheid.nl; connect-src 'self' https://api.contenttoolsrijksoverheid.nl statistiek.rijksoverheid.nl *.platformrijksoverheid.nl metrics.mopinion.com; script-src 'strict-dynamic' 'self' 'nonce-TxEeLDmxDShVSRQ3nVoeyWNrTp+uRn4/EJ/QGe8lQh4=' statistiek.rijksoverheid.nl; base-uri 'self'; report-uri https://dpcoa.report-uri.com/r/t/csp/enforce; report-to default; 1
frame-ancestors 'self' *.cooper.edu; report-uri https://cooper.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.toyota.it https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; block-all-mixed-content 1
default-src 'self'; report-uri https://o10593.ingest.sentry.io/api/5618425/security/?sentry_key=54d0c29782ec4d72b8056774cde6647a; upgrade-insecure-requests; 1
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net about.instagram.com;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com www.gstatic.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.oculuscdn.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk *.teststagram.com *.igsonar.com *.google-analytics.com *.whatsapp.net;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.giphy.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-pUdZEX/906Uc2egfxuniUQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src wss://ws.dogechain.info https://chain.so 'self'; frame-ancestors 'none' 1
default-src 'self' https://waves.exchange https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://marketdata.wavesplatform.com https://swap-widget.keeper-wallet.app https://wx.network/ https://api.wx.network/;img-src 'self' data: https:;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com https://fonts.intercomcdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://vk.com https://connect.facebook.net https://mc.yandex.ru https://code.jquery.com https://google.com https://www.google.com https://www.gstatic.com https://swap-widget.keeper-wallet.app https://www.youtube.com https://marketdata.wavesplatform.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;connect-src 'self' https://mc.yandex.ru https://www.facebook.com https://vk.com https://www.google-analytics.com https://google.com https://www.googletagmanager.com https://www.gstatic.com https://marketdata.wavesplatform.com https://www.youtube.com wss://relay.walletconnect.com https://api.rss2json.com https://waves.exchange https://wx.network/ https://api.wx.network/ https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://swap-widget.keeper-wallet.app https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io  wss://nexus-europe-websocket.intercom.io  https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com https://registry.walletconnect.com/api/v2/wallets;form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io ;media-src https://js.intercomcdn.com;frame-src 'self' https://www.youtube.com https://youtube.com https://www.google.com https://swap-widget.keeper-wallet.app https://waves.exchange/ https://verify.walletconnect.com/ https://wx.network/ https://api.wx.network/;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' blob: 1
frame-ancestors 'self' userecho.com *.userecho.com userecho.ru *.userecho.ru; report-uri /tools/csp/ 1
frame-ancestors 'self' http://umbracodev.trex.com https://umbracodev.trex.com https://umbracostaging.trex.com https://nextrex.com https://www.nextrex.com https://www.google.com/recaptcha/api.js 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kolektiva.social; img-src 'self' https: data: blob: https://kolektiva.social; style-src 'self' https://kolektiva.social 'nonce-WdM0675SrQQXsOoODND+DQ=='; media-src 'self' https: data: https://kolektiva.social; frame-src 'self' https:; manifest-src 'self' https://kolektiva.social; form-action 'self'; child-src 'self' blob: https://kolektiva.social; worker-src 'self' blob: https://kolektiva.social; connect-src 'self' data: blob: https://kolektiva.social https://kolektiva.social wss://kolektiva.social; script-src 'self' https://kolektiva.social 'wasm-unsafe-eval' 1
block-all-mixed-content; frame-ancestors none; upgrade-insecure-requests; 1
default-src 'self'; img-src 'self' https://w3.flatex.de data: https://res.cloudinary.com; font-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://w3.flatex.de; script-src 'self' 'unsafe-inline' https://responder.wt-safetag.com; frame-src 'self' https://konto.flatex.de https://stock.flatexdegiro.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.de https://www.myheritage.de  'nonce-1c1b1c767ad8ed330a2b769f4e47320a' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
object-src 'self'; manifest-src 'self'; worker-src 'self'; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://paygate.novalnet.de; frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.visitcopenhagen.com https://*.www.visitcopenhagen.com https://api.www.www.visitcopenhagen.com 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' *.medicitalia.it; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; frame-src *; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.pall.com https://*.pall.cn https://*.pall.co.uk https://*.pall.co.in https://*.pall.jp https://*.pall.co.kr https://*.ariba.com https://*.marketo.com https://danaher.sharepoint.com https://*.d41.co; 1
frame-ancestors https://*.insurancedekho.com http://*.insurancedekho.com https://in21.leadsquared.com https://*.girnarinsurance.com 1
default-src https://play.google.com/ https://www.youtube-nocookie.com https://www.google.com/ https://policy.app.cookieinformation.com/ https://form.typeform.com 'self'; connect-src https://uatoebsws.posten.no https://adressesok.posten.no https://posten.boost.ai https://policy.app.cookieinformation.com/ https://cdn.jsdelivr.net https://js.arcgis.com https://www.arcgis.com https://services.arcgisonline.com https://utility.arcgis.com https://geocode.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://ws.geonorge.no https://basemaps.arcgis.com https://static.arcgis.com https://cdn.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cfvod.kaltura.com https://cdnapisec.kaltura.com https://api.bring.com https://api.qa.bring.com https://livestats.kaltura.com https://klive.kaltura.com 'self'; base-uri 'self'; form-action https://sending.posten.no https://sending.qa.posten.no https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://sporing.qa.bring.no https://sporing.posten.no https://sporing.qa.posten.no  'self'; script-src https://unpkg.com https://cdnapisec.kaltura.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://livestats.kaltura.com https://klive.kaltura.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; img-src * data: blob:; frame-src https://www.google.com https://www.gstatic.com https://player.vimeo.com https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com; style-src * 'unsafe-inline'; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com 1
frame-ancestors 'self' regeneron-com-admin.intouchsol.net admin.regeneron.com 1
frame-ancestors https://app.gather.town https://www.imapbook.com https://imapbook.com https://meet.around.co https://meet.around.video https://meet.around.team https://meet.around.dev:3000 https://around.video https://around.co https://around.team https://around.dev:3000 1
default-src 'self' *.ibx.com *.doubleclick.net blob: https://cdsso.highmark.com/ https://cdssotest.highmark.com https://player.vml.technology/ https://tr.outbrain.com https://*.dialogtech.com https://sp.analytics.yahoo.com https://pharmacy-rxportal-stage.sxc.com https://ibx.intelliresponse.com https://cdn.mouseflow.com *.googletagmanager.com *.cloudfront.net https://*.yimg.com https://amplify.outbrain.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://pagead2.googlesyndication.com https://ib.mookie1.com/ https://bat.bing.com https://*.quantummetric.com https://collector-7863.tvsquared.com/ https://*.facebook.net https://www.facebook.com http://www.mookie.com/ http://typekit.com https://*.typekit.net https://snap.licdn.com https://tags.srv.stackadapt.com https://use.fontawesome.com https://ajax.googleapis.com/ https://cdnjs.cloudflare.com https://code.jquery.com/ http://www.healthinsurancehosting.com https://www.google-analytics.com/ https://www.googleadservices.com https://www.youtube.com https://www.googletagservices.com https://www.twitter.com https://www.instagram.com https://pinterest.com https://*.linkedin.com https://player.vimeo.com https://www.google.com/ https://feed.mikle.com http://feed.mikle.com https://analytics.google.com https://cdn.linkedin.oribi.io https://cdn.datatables.net https://*.dynamics.com/ https://*.azureedge.net https://*.microsoft.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.ibx.com https://*.dynamics.com/ https://*.azureedge.net https://*.microsoft.com 1
default-src 'self' *.kernarea.de *.santander.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adform.net *.adsrvr.org *.akamaihd.net *.aklamio.com *.bing.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.google.com *.google.de *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.hotjar.io *.kernpunkt.de *.presseportal.de *.usercentrics.eu *.vwd-webtech.com *.wtp101.com *.youtube.com *.zenaps.com api.financingservices.de santander-de.financingservices.de vwd.santanderbank.de data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.vwd-webtech.com santander-de.financingservices.de vwd.santanderbank.de; img-src 'self' *.adsrvr.org *.aklamio.com *.awin1.com *.bing.com *.doubleclick.net *.facebook.com *.facebook.net *.financeads.net *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.hotjar.com *.hotjar.io *.usercentrics.eu *.zenaps.com santander-de.financingservices.de service.santander.de data:; font-src 'self' *.gstatic.com *.hotjar.com *.hotjar.io *.santander.de cloud.email.santander.de; connect-src *.adform.net *.algolia.net *.bing.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.kernarea.de *.kernpunkt.de *.santander.de *.tt.omtrdc.net *.usercentrics.eu api.financingservices.de vwd.santanderbank.de; frame-src *.aklamio.com *.adsrvr.org *.baufi-lead.de *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.hotjar.com *.hotjar.io *.santander.de *.usercentrics.eu *.youtube.com *.youtube-nocookie.com *.zenaps.com vwd.santanderbank.de; 1
frame-ancestors 'self' wol.gg wof.gg; 1
default-src 'self' 'unsafe-inline' *.outbrain.com *.advcredirect.com *.metaffiliation.com *.propellerads.com *.google-analytics.com *.weborama.fr *.adgoaffiliation-int.com *.linkappeal.it my.amplifon.com *.googlesyndication.com https://*.iadvize.com wss://*.iadvize.com www.amplifon.com aem-fe-prod.amplifon.com https://fonts.googleapis.com *.tiktok.com;       script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.outbrain.com *.advcredirect.com *.metaffiliation.com *.propellerads.com *.google-analytics.com *.zemanta.com *.qualtrics.com *.weborama.fr *.adgoaffiliation-int.com *.linkappeal.it my.amplifon.com *.googlesyndication.com *.aiaibot.com everestjs.net *.windows.net *.onetrust.io *.everesttech.net everestjs.net *.everestjs.net *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com iili.io *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com *.tiktok.com;       style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com iili.io *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io  mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com;       img-src 'self' data: *.outbrain.com *.advcredirect.com *.metaffiliation.com *.propellerads.com *.google-analytics.com *.doubleclick.net *.weborama.fr *.adgoaffiliation-int.com *.linkappeal.it *.googlesyndication.com lh3.googleusercontent.com http://windows.net *.windows.net *.metaffiliation.com *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com iili.io *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com *.tiktok.com;       connect-src 'self' *.outbrain.com *.advcredirect.com *.metaffiliation.com *.propellerads.com *.google-analytics.com *.google.com *.weborama.fr *.onetrust.com *.adgoaffiliation-int.com *.linkappeal.it my.amplifon.com *.googlesyndication.com *.metaffiliation.com *.adobedc.net *.demdex.net *.aiaibot.com *.onetrust.io *.amplifoninternal.com everestjs.net *.everesttech.net ws: wss: *.windows.net *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com iili.io *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com *.tiktok.com;       font-src 'self' data: *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com;       frame-src 'self' *.outbrain.com *.advcredirect.com *.metaffiliation.com *.propellerads.com *.google-analytics.com *.doubleclick.net my.amplifon.com *.googlesyndication.com *.aiaibot.com *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com *.tiktok.com;       worker-src 'self' *.onetrust.com *.cookielaw.org *.api.amplifoninternal.com *.responsetap.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com *.aralego.com id5-sync.com *.rambler.ru *.postrelease.com *.turn.com *.yieldmo.com *.twiago.com *.mediavine.com www.youtube-nocookie.com *.sharethrough.com *.revcontent.com *.as.amanad.adtdp.com *.kargo.com *.tapad.com *.yandex.ru *.3lift.com *.tpmn.co.kr *.addthis.com *.yieldlab.net *.mgid.com *.adscale.de *.sxp.smartclip.net *.yieldlab.net *.hotjar.io *.g.doubleclick.net load77.exelator.com onsite-tag-logs.apps.nielsen.com www.gstatic.com *.zedo.com cdn.hbfstech.net u.logbor.com maps.gstatic.com www.youtube.com i.w55c.net match.prod.bidr.io sync.mathtag.com ads.avocet.io dsp.adfarm1.adition.com www.google.de pixel.advertising.com *.stickyadstv.com matching.ivitrack.com s.ad.smaato.net i.liadm.com us-u.openx.net sync.e-planning.net c.bing.com sync-t1.taboola.com criteo-sync.teads.tv r.casalemedia.com simage2.pubmatic.com ups.analytics.yahoo.com ads.yahoo.com rtb-csync.smartadserver.com sync.outbrain.com tp.realytics.io bat.bing.com cm.everesttech.net loadm.exelator.com aa.agkn.com www.amplifon.com amplifon.d3.sc.omtrdc.net amplify.outbrain.com app-script.monsido.com assets.adobedtm.com bv01.er.bemail.it c1.rfihub.net c5.adalyser.com cdn.exelator.com cdn.monsido.com cdn-eu.realytics.net clientcdn.pushengage.com collector-3374.tvsquared.com collector-3507.tvsquared.com connect.facebook.net d.adroll.com eu-sonar.sociomantic.com googleads.g.doubleclick.net halc.iadvize.com i.realytics.io maps.googleapis.com p.teads.tv *.omnitagjs.com rules.quantcount.com s.adroll.com s.pinimg.com s.yimg.com *.hotjar.com secure.adnxs.com secure.quantserve.com *.criteo.com *.criteo.net static.iadvize.com tags.crwdcntrl.net tr.outbrain.com *.trustpilot.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com zn9ogjqnsof8swiil-ampifon.siteintercept.qualtrics.com amplifon.pushengage.com fonts.googleapis.com https://fonts.googleapis.com a.rfihub.com ad.360yield.com adservice.google.com assetscdn.pushengage.com bpi.rtactivate.com cm.adform.net cm.g.doubleclick.net contextual.media.net ct.pinterest.com dev.day.com dpm.demdex.net dsum-sec.casalemedia.com ib.adnxs.com idsync.rlcdn.com match.adsrvr.org ml314.com p.rfihub.com p1.zemanta.com *.tremorhub.com pixel.quantserve.com pixel.rubiconproject.com sp.analytics.yahoo.com sync.crwdcntrl.net sync.search.spotxchange.com sync.sharethis.com t.teads.tv tracking.monsido.com u.openx.net www.facebook.com www.google.com www.google.it x.bidswitch.net x.dlx.addthis.com staging.emea.api.amplifoninternal.com mobileb2c.amplifon.com amplifongroup.tt.omtrdc.net api.iadvize.com api.realytics.io mydmp.exelator.com stats.g.doubleclick.net cm.teads.tv fonts.gstatic.com *.fls.doubleclick.net *.rfihub.com amplifon.demdex.net vars.hotjar.com aax-eu.amazon-adsystem.com bcp.crwdcntrl.net *.er.bemail.it www.pinterest.com; 1
default-src 'self' https://*.googleusercontent.com https://*.amazonaws.com https://mail.google.com https://ssl.gstatic.com; connect-src 'self' https://*.sentry.io wss://americor.biz wss://*.twilio.com https://*.usersnap.com https://*.amazonaws.com/upload.usersnap.com https://media.twiliocdn.com https://*.five9.com https://*.pingdom.net; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://americor.com https://client.americor.com https://americor.co https://americorfunding.com https://cred9.app https://birdeye.com https://reviews.birdeye.com https://www.youtube.com https://youtu.be https://choice.credit9.com; img-src * data: blob:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://www.google-analytics.com https://media.twiliocdn.com https://*.usersnap.com https://*.pingdom.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://storage.googleapis.com; form-action 'self'; worker-src 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.csub.edu; 1
frame-ancestors 'self' games.netzero.net games.juno.com http://services.iplay.com https://services.iplay.com http://client.iplay.com https://client.iplay.com 1
frame-ancestors 'self' https://a7833275c1prd-admin.occa.ocs.oraclecloud.com https://a7833275c1prd-store.occa.ocs.oraclecloud.com https://www.frigelar.com.br/ 1
frame-ancestors 'self' www.konami.com img.konami.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.google.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://maps.google.com/  https://www.google.com/maps/ https://www.google.com/recaptcha/; connect-src 'self' https://hrms.dxn2u.com:8888/; img-src 'self' data: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-eval' *.hitclick.net *.net.pekao.com.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl; connect-src 'self' *.hitclick.net *.net.pekao.com.pl wss://127.0.0.1:* https://127.0.0.1:* https://sentry.dev.pekao.com.pl https://sentry.pekao.com.pl https://rpm-management.upaid.pl https://rpm-management.upaidtest.pl https://rpm.upaidtest.pl https://rpm.upaid.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl https://ngccd wss://ngccdasbc01.cn.in.pekao.com.pl https://ngcct.cn.in.pekao.com.pl wss://vvt.cn.in.pekao.com.pl https://chatvideo.pekao.com.pl wss://vv.pekao.com.pl; img-src data: blob: 'self' *.hitclick.net *.net.pekao.com.pl https://127.0.0.1:* https://www.pekao24.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com; 1
img-src https: object-src data: 'unsafe-eval' 1
default-src 'self'; media-src 'self' https://*.googleapis.com ; img-src 'self' data: https://www.googletagmanager.com https://optimize.google.com https://www.google-analytics.com/ https://*.gstatic.com https://*.googleapis.com https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.se/ads/ga-audiences https://cdn.shopify.com https://cdn2.shopify.com https://stats.g.doubleclick.net https://t.co https://bat.bing.com https://render.bitstrips.com https://www.snapchat.com https://www.paypalobjects.com https://www.paypal.com https://images.ctfassets.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com https://ads-interfaces.sc-cdn.net ; font-src 'self' data: https://fonts.gstatic.com https://www.paypalobjects.com https://ads-interfaces.sc-cdn.net ; connect-src 'self' https://stats.g.doubleclick.net https://sentry.sc-prod.net https://www.googletagmanager.com https://optimize.google.com https://www.google-analytics.com wss://*.zopim.com https://snap-web-chat.appspot.com https://www.snapchat.com https://www.paypalobjects.com https://*.myshopify.com https://*.spectacles.com https://www.paypal.com https://graphql.contentful.com https://cdn.contentful.com; script-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://bat.bing.com https://storage.googleapis.com https://www.paypalobjects.com http://www.paypal.com; frame-src 'self' https://tr6.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://tr.snapchat.com https://optimize.google.com http://www.paypal.com; report-uri 'self' https://csp-central.appspot.com/report_csp; 1
frame-ancestors 'self' http://www.elkspel.nl 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'nonce-efd844d3c4308e60e865c6712fc7a363' 'strict-dynamic' 'sha256-lEa16Pevdo62CciIST5weMZIdXgpni7l4/dkZrcC9is=' https://*.standoff2.com https://*.bank131.ru https://mc.yandex.ru https://abt.s3.yandex.net https://www.google.com https://www.gstatic.com https://*.boltgaming.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bank131.ru; connect-src 'self' https://mc.yandex.ru https://uaas.yandex.ru https://*.standoff2.com https://*.boltgaming.io; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https://web-static-axlebolt.s3.eu-central-1.amazonaws.com https://webstatic-19e92.kxcdn.com https://avatars-19e92.kxcdn.com http://avatars-19e92.kxcdn.com https://avatars.cdn.boltgaming.io https://mc.yandex.ru; object-src 'self'; base-uri 'self'; frame-src 'self' https://www.google.com https://mc.yandex.ru; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self' aeso.us8.list-manage.com 'unsafe-inline' 'unsafe-eval' data: *.aeso.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.youtube.com *.ggpht.com *.google.com *.cloudflare.com *.polyfill.io *.unpkg.com *.github.io *.jquery.com unpkg.com *.highcharts.com app.powerbi.com *.adobe.com; 1
report-uri /csp-report.php; default-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://csi.gstatic.com https://*.googlesyndication.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src https: data:; media-src 'self'; object-src 'self'; frame-src 'self' https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.google.com/recaptcha/api2/aframe; frame-ancestors 'self'; form-action 'self' https://www.paypal.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1
script-src-elem 'self' www.google.com www.googletagmanager.com ssl.mousestats.com www.youtube.com ajax.googleapis.com www.google-analytics.com connect.facebook.net adservice.google.com cdnjs.cloudflare.com analytics.tiktok.com api.retargetly.com static.hotjar.com snap.licdn.com stats.g.doubleclick.net  platform.twitter.com apis.google.com googleads.g.doubleclick.net cdn.userway.org www.clarity.ms script.hotjar.com cdn.jsdelivr.net unpkg.com p.teads.tv d2skc0orvsqfj9.cloudfront.net teads.tv *.teads.tv marketo.net *.marketo.net 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
script-src 'self' *.abmr.net *.ads-twitter.com *.awin1.com *.bazaarvoice.com *.bing.com *.brsrvr.com *.clarity.ms *.contentsquare.com *.contentsquare.net *.curbside.com *.doubleclick.net *.dwin1.com *.euro.confirmit.com *.facebook.com *.facebook.net *.fredhopperservices.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.incontact.com *.incontact.eu *.kfplc.com *.micpn.com *.network-eu.bazaarvoice.com *.nice-incontact.com *.niceincontact.com *.paypal.com *.paypalobjects.com *.res-x.com *.screwfix.com *.screwfix.local *.tiqcdn.com *.trustarc.com *.truste.com *.twitter.com *.wufoo.com *.yottaa.net *.youtube.com *.zenaps.com analytics.twitter.com analytics.tiktok.com app.contentsquare.com bat.bing.com test-screwfix.bloomreach.io screwfix.bloomreach.io staging-screwfix.bloomreach.io cdn.attraqt.io contentsquare.com incandescent-inferno-925.firebaseio.com k1u3gele.micpn.com rtdb.tenfold.com s.pinimg.com screwfixmedia.co.uk sdk.woosmap.com t.contentsquare.net *.tealiumiq.com tracker.tenfold.com youtube.com mpsnare.iesnare.com six.cdn-net.com uk.cdn-net.com cdn.optimizely.com *.cloudfront.net bugcrowd.com assets.bugcrowdusercontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' test-screwfix.bloomreach.io screwfix.bloomreach.io staging-screwfix.bloomreach.io; object-src 'self' *.gstatic.com; worker-src blob: 'self'; report-uri https://csp-processor-internal-ffx-csp-prod.k8s.ap.digikfplc.com/csp; report-to csp-report-uri 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
frame-ancestors 'self' https://*.toyota.com.tr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.jebbit.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lytics.io www.googletagmanager.com www.google-analytics.com www.google-analytics.com *.pricespider.com *.cookielaw.org *.crazyegg.com *.adsrvr.org *.facebook.net *.moatads.com *.segment.com *.doubleclick.net pghub.io *.cloudflare.com *.mapbox.com *.bazaarvoice.com *.iesnare.com *.jebbit.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net *.jebbit.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.pghub.io consumersupport.pg.com giphy.com jebbit.tide.com *.youtube.com pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.doubleclick.net www.googletagmanager.com www.google.com www.google.cz *.lytics.io www.google-analytics.com *.pricespider.com *.ytimg.com *.akamaihd.net *.moatads.com www.facebook.com cdn.cookielaw.org feed.pghub.io ; connect-src 'self' *.jebbit.com *.cookielaw.org geolocation-db.com *.iesnare.com *.bazaarvoice.com *.contentful.com *.pricespider.com *.algolia.net *.algolianet.com *.segment.com *.segment.io *.doubleclick.net *.crazyegg.com *.adsrvr.org *.googlesyndication.com www.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri * 'unsafe-inline';child-src * 'unsafe-inline';connect-src * 'unsafe-inline';default-src * 'unsafe-inline';font-src * data: 'unsafe-inline';form-action * 'unsafe-inline';frame-ancestors 'self' http://127.0.0.1;frame-src * 'unsafe-inline';img-src * data: 'unsafe-inline';manifest-src * 'unsafe-inline';media-src * data: 'unsafe-inline';object-src * data: 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval' 'nonce-HcXCG7etfp4M5OKJgsqiYnbZjyHDwBrE';script-src-attr * data: 'unsafe-inline' 'unsafe-eval';script-src-elem * data: 'unsafe-inline' 'unsafe-eval';style-src * data: 'unsafe-inline' 'nonce-HcXCG7etfp4M5OKJgsqiYnbZjyHDwBrE';style-src-attr * data: 'unsafe-inline';style-src-elem * data: 'unsafe-inline';worker-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com api.o-c.io lf.o-c.io *.ikea.de *.ikea-lsp.de ikeaplanningcalendar.inwebs.com *.parcellab.com www.paypal.com *.taskrabbit.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.de www.google.de *.pinterest.com s.pinimg.com *.realperson.de wss://*.realperson.de d.ratepay.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com d.lemonpi.io *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com *.ikea.de; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=FR&lang=fr-FR&device=desktop&yrid=49ugarpiqu6qc&partner=; 1
frame-ancestors 'self' https://netatlantic.com https://mk0dev.netatlantic.com 1
default-src https:;font-src * data:;frame-src https://optimize.google.com https://app.wooflash.com/ https://*.wooclap.com https://www.youtube.com https://www.youtube-nocookie.com https://*.intercom.com https://www.dailymotion.com https://player.vimeo.com https://js.stripe.com https://vars.hotjar.com https://docs.google.com https://webforms.pipedrive.com https://www.facebook.com/ https://myaccount.google.com/ https://www.googletagmanager.com/ https://sibautomation.com https://wooclap-content.prismic.io/;img-src * data: blob:;object-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; connect-src https: wss://*.hotjar.com wss://*.intercom.io;worker-src 'self' 'unsafe-inline' * blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://unbound.syndetics.com https://ltfl.librarything.com https://widget.happyfoxchat.com https://assets.wogaa.sg https://www.googletagmanager.com https://*.wogaa.sg https://*.elfsight.com https://buttons-config.sharethis.com https://app-script.monsido.com/v2/monsido-script.js https://t.sharethis.com https://storageaccountoccupa5c7.blob.core.windows.net/chatbotfiles/pops.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://ltfl.librarything.com https://www.librarything.com https://assets.wogaa.sg/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://va.ecitizen.gov.sg https://assets.wogaa.sg/fonts; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://img.youtube.com https://via.placeholder.com https://va.ecitizen.gov.sg https://pics.cdn.librarything.com https://image.librarything.com https://www.google.com.sg https://www.google.com https://*.vica.gov.sg https://phosphor.utils.elfsightcdn.com https://platform-cdn.sharethis.com/ https://tracking.monsido.com/; media-src 'self' data: blob:; frame-src 'self' blob: *.np.edu.sg *.youtube.com *.google.com https://www.np.edu.sg http://www.youtube.com/ https://jointpoly-prd.mybluemix.net/ https://www-np-edu-sg-admin.cwp.sg/ www-np-new-edu-sg-admin.cwp.sg/ https://theta360.com/ https://ltfl.librarything.com/ https://widget.happyfoxchat.com/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://t.sharethis.com/ https://vimeo.com/ https://storageaccountoccupa5c7.blob.core.windows.net/; frame-ancestors 'self' blob: *.np.edu.sg https://www.np.edu.sg https://www-np-edu-sg-admin.cwp.sg/ https://jointpoly-prd.mybluemix.net/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com *.youtube.com *.google.com http://www.youtube.com/; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.youtube.com *.google.com http://www.youtube.com/ https://va.ecitizen.gov.sg https://bucket-vica.vica.gov.sg https://chat.vica.gov.sg https://jointpoly-prd.mybluemix.net wss://chat.vica.gov.sg/socket.io/ https://happyfoxchat.com https://stats.g.doubleclick.net https://snowplow-web.wogaa.sg/ https://*.wogaa.sg https://*.elfsight.com https://l.sharethis.com https://region1.google-analytics.com https://region1.analytics.google.com https://data.stbuttons.click/; 1
frame-ancestors https://www.medplusindia.com; 1
frame-ancestors 'self' https://hca.dev.tayoris.jp https://hca.stg.tayoris.jp; 1
default-src 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: wss: * 1
default-src 'self';script-src 'self' *.peakd.com storage.googleapis.com static.cloudflareinsights.com platform.twitter.com widgets.coingecko.com 'sha256-4qvlOSFoIXEP2+kY/Atk50jd7yDEqsNNiT4dXN/Npos=' 'sha256-RsC+GGtZ/uvSrCEraKyUicnWDwsNj1QCsaXOjeBN9Ws=';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com;connect-src 'self' *.peakd.com *.hive.blog api.pharesim.me hive.roelandp.nl *.openhive.network hived.privex.io *.ausbit.dev anyx.io *.deathwing.me hive-api.arcange.eu hived.emre.sh techcoderx.com api.hive.blue api.c0ff33a.uk rpc.mahdiyari.info hive-api.3speak.tv *.backblaze.com hivesigner.com api.coingecko.com wss://cable.coingecko.com tipu.online *.hive-engine.com wss://hive-auth.arcange.eu wss://has1.arcange.eu api.hivesbi.com hiveonboard.com sentry.io hivebuzz.me api.hive-keychain.com api2.splinterlands.com *.supabase.co digitalself.io risingstargame.com dcrops.com api.crypto-shots.com woo-prod-api.herokuapp.com hiveposh.com api2.hivedex.io engine.rishipanthee.com *.dtools.dev api.primersion.com hivewallethivekeychain: ;img-src * data: blob:;media-src *;frame-src 'self' has: chat.peakd.com *.twitter.com *.x.com www.youtube.com player.vimeo.com *.spotify.com embed.reddit.com 3speak.tv emb.d.tube *.twitch.tv embed.theta.tv *.awesomescreenshot.com www.dailymotion.com odysee.com www.skatehype.com ipfs.skatehive.app w.soundcloud.com www.mixcloud.com www.vimm.tv *.truvvl.com aureal-embed.web.app nftshowroom.com simpleswap.io;frame-ancestors 'none'; 1
object-src 'none'; base-uri 'self'; report-uri https://www.canliradyodinle.fm; 1
default-src 'self';object-src 'self';style-src 'self' 'unsafe-hashes' 'sha256-2WZ7yntBRr6volQ+Pk+2kSkqj75tvCmCljiw3zWZ/nw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OYkx6PiolQniaXgCRm7As2OxR0rLR+4CZ/cSQ6Rzi+8=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-3IneSKn83htbucDEnbBTtNbLgxR1oU3IiKr8k6fz2SM=' 'sha256-ZGSEhWYLRN5tiRK51D+j9S0qH40UUl6sCBrBHAo+PJ8=' 'sha256-3mdKeveg3JRZ7Lf98YUe78rYU/+2OA2FwsNv04hZxrs=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-7UpLIrRwzZfRvE3sgVHBS/KmpS3npeljweupRKoqJXU=' 'sha256-EDhCeoPJO5CdxSrOI6Vp/lItVhnOH81Z6zoKsJ53Rec=' 'sha256-AVjnzry8uqIEJRyfrwbt3HaZ+3bCFBKq+WcVzvHTwVk=' 'sha256-qd+Nhc9yA8AHpeBWfcIrlo6n2kt+8yFCuBqBOgxc9WY=' fonts.googleapis.com fonts.gstatic.com 'sha256-779P4Qi+W+cFMJ9iNq9vgtZqx2WHuoHmDUSYQf5hmYU=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-0Z+DW3EaWuqUEvYP3zkTBbfN7lWQAlSui4agjc4zOdo=' 'sha256-gqWDwE3Wu2Iuf/W4pJU8DqjlHX1X2xsCOWj49P9v4Jw=' https://cdnjs.cloudflare.com/ajax/libs/jquery.colorbox/1.4.33/example1/colorbox.css https://cdn.datatables.net/1.10.18/css/jquery.dataTables.min.css 'sha256-hFiNVOO90j8PzUL0Dc7twup4qFNWIrHSZ0T2P2ya4zo=' 'sha256-IZSDtVWdTMVcITxVLHi0+BEiUUkNSQXf8G35urE/tbM=' 'sha256-gJ8acTNFuTFKn4VFUWUHev6HcTLJekJ6DmkioiIwpig=' 'sha256-gu5td5EYwy2kCp1E0iyK3riYHUv2BmtnGPFykRJkhI8=' 'sha256-bKixS9KEzDLnGpIBsjkC2j83b0Xg4N3Mubh3yT9h+9k=' 'sha256-2Br7KHGcT/zvZolhwBShL3d7LMw95OszzJqfscpatWw=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-HKJoLRnReo3KKsbgUWwCmvLEqTasaOZ7EXnafKOrMeY=' 'sha256-IimmyVuw7E0+jCCUcM6Zf/NGl/LelW5Ez/09MDJYoLw=' 'sha256-SJxGiowZoZdpubgkzO8oiX4oNQyvlWwLIDEhIAjHDJE=' 'sha256-rfOzqqZdTTZtWhX1R4W2sIXaXZPYJI9Qmt6i091pzes=' 'sha256-/Vg8iL2gMjngQX8tjz9fPYlk7RqfGTyQJjBOMlnLshY=' 'sha256-XkMtGbYqzvXknYE1Ztvi0NT3FzflJDrCdAIDX03eJ5s=' 'sha256-cQVWU37wsQ5p4aVq8nc/DIQj7PzESiL5uWdMEa5iHPc=' 'sha256-MwcaYhvOrhinPCs+cOOV1Yg1GzRINBICaF+RG2k6pqM=' 'sha256-BRrzDww+u6O9/HwBCC3ggHYhc7HOwJS99kpPVn0n2Yc=' 'sha256-NQheJW6wyA26CjWlnhj9SUUEkRJMftAmGsDRLyDVQxE=' 'sha256-WEOn4mbzesFW0661SAR9M/TbsfUL79CgNIHXy1PaLiU=' 'sha256-fEgwFIC1e9in6+hWdjyP1XNeR69shKlHunjjNhLtZdk=' 'sha256-TBoF2jzHs6Pw5BIIGGJ3OcPzVpfC2iq9vYlc0hHhZAE=' 'sha256-c5BIA3tuJd7hqE6gH/czqLxJblO+QgUXsLPSiMI6EBI=' 'sha256-Yxzpj2nhc1G6urYaJAgQBQ+epncjZhyISH+dOEu90pk=' 'sha256-2eFKb9evE1FMuD1dzbu3fTJrio0VJ+88cMYq6D3OnAw=' 'sha256-DwkT1KPudGllJ1T5sX1khW2xPn4SlQlaJ8uohjWCt+U=' 'sha256-kOvcdjdBjxOllmznYgE2M7n0PSSjyFm5I1+YjzpSwX0=' 'sha256-+YWRMZ88jMyO7jVlBA52tZADiPobPIUA8LAWee68Fvs=' 'sha256-xVy/81YzzTdGdMAj/TciAlD2J5UTOVLOsxo8RFclhQ4=' 'sha256-ugcs4Kqa9sWxRe7aZ6/TTHFLaJB3dHGc+4unJVSQM9k=' 'sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=' 'sha256-R65b6okuTohPam1Z5hW9C7/0bOVLRS7LbbsHjLBbBgM=' 'sha256-ENSjib16f4IXU2IuRyZClB3U736O0tWFLmi0sl4Nl3g=' 'sha256-QNn/MRiIx3EvbyZWldXnwXdpiTiQQ0gYh9Ksu5+DI64=' 'sha256-2xDcU1oPf5ZYgBQLsDg6Lw95icFSbfKb8e7EejPQw/g=' 'sha256-1mmyijA9G5QQVDCR7FSppS0TvXyejYXJja+eAERyxMQ=' 'sha256-VqL2lXTKX/SOlEtqLSoOSPn/cPZAtEaFvaXj/kxzAr8=' 'sha256-ap60XCenweEVhBiUm0wSIGay/joEc+c9z8jqIAc94/U=' 'sha256-tbxlEIdtXOs4WHrpg9HWTDZIdSb3c+6WSAcGTxrdT+k=' 'sha256-/B7au2OmUArBtIrirt+yF5qNS1+Dnbs4fRvYAjRxJ0g=' 'sha256-q3rAbVtp+u3XCRpxLrm8HJYLmri38NiRpWW3iJe0cUU=' 'sha256-Zd5oZ4NKxteJw8//Q3FUfiqJUWSyZ4Rth2rAdaOoLhI=' 'sha256-g6z9OVLYoJ9ww2RBmxsZULuDHkIn1cynMEQZfDa8VKA=' 'sha256-UIis1IT6B+5L6ZaHX5Ar+sW2oiMhJGau0+2/SsVU7JY=' 'sha256-ENSjib16f4IXU2IuRyZClB3U736O0tWFLmi0sl4Nl3g=' 'sha256-VvrHNvmU5xdTVxpJRgdJYekyzeIaCzZVtQM+oF+aJcA=' 'sha256-SJpmdnt1MeNUqqShMUYgLPRyzxwy4MkInj2glvpzEjI=' 'sha256-RYMRM+K4yDiqsBjMwjjoI5AlOIfNTuaYOhJjJOqdfY8=' 'sha256-1g0r2XGSgB/Ar75lgZTwtVNUshLhwV+N61waZBJy4Zg=' 'sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=' 'sha256-R65b6okuTohPam1Z5hW9C7/0bOVLRS7LbbsHjLBbBgM=' 'sha256-ENSjib16f4IXU2IuRyZClB3U736O0tWFLmi0sl4Nl3g=' 'sha256-QNn/MRiIx3EvbyZWldXnwXdpiTiQQ0gYh9Ksu5+DI64=' 'sha256-2xDcU1oPf5ZYgBQLsDg6Lw95icFSbfKb8e7EejPQw/g=' 'sha256-1mmyijA9G5QQVDCR7FSppS0TvXyejYXJja+eAERyxMQ=' 'sha256-VqL2lXTKX/SOlEtqLSoOSPn/cPZAtEaFvaXj/kxzAr8=' 'sha256-ap60XCenweEVhBiUm0wSIGay/joEc+c9z8jqIAc94/U=' 'sha256-tbxlEIdtXOs4WHrpg9HWTDZIdSb3c+6WSAcGTxrdT+k=' 'sha256-Zd5oZ4NKxteJw8//Q3FUfiqJUWSyZ4Rth2rAdaOoLhI=' 'sha256-g6z9OVLYoJ9ww2RBmxsZULuDHkIn1cynMEQZfDa8VKA=' 'sha256-UIis1IT6B+5L6ZaHX5Ar+sW2oiMhJGau0+2/SsVU7JY=' 'sha256-ENSjib16f4IXU2IuRyZClB3U736O0tWFLmi0sl4Nl3g=' 'sha256-VvrHNvmU5xdTVxpJRgdJYekyzeIaCzZVtQM+oF+aJcA=' 'sha256-SJpmdnt1MeNUqqShMUYgLPRyzxwy4MkInj2glvpzEjI=' 'sha256-RYMRM+K4yDiqsBjMwjjoI5AlOIfNTuaYOhJjJOqdfY8=' 'sha256-1g0r2XGSgB/Ar75lgZTwtVNUshLhwV+N61waZBJy4Zg=' 'sha256-QzfCybHNVHYKc2DX7U+B67E14mtNcE19vBbxV0wby08=' 'sha256-OShiAjSV3lAIOBSclt31Fojewx+uXVNt3v1TfMdz520=' 'sha256-/WA1VD4SFE24shpkP7UgNVkOyRMFnIKH6EUoyTHm0W8=' 'sha256-5H0ufKNQD51VvD+v41rGPVLxl0/fssl0yTiLOMw+CUs=' 'sha256-DqE+h3w7J1FuWyFcLKCAxIEsGUQjBLUDLKgzxtK29pY=' 'sha256-RQe/IGwrYvGG0Q8gU16+kZMt9PYJRS/JJR5yi/uoRyg=' 'sha256-QzfCybHNVHYKc2DX7U+B67E14mtNcE19vBbxV0wby08=' 'sha256-/3kWSXHts8LrwfemLzY9W0tOv5I4eLIhrf0pT8cU0WI=' 'sha256-KjZ53HIXxxbhtsWnxUOMJRRuWe3cP+F+PAKBhftcBcI=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Htg8pT+E1IPCXnsp9qTORlwCG7hLqPSwuoxBpWVvAsM=' 'sha256-/3kWSXHts8LrwfemLzY9W0tOv5I4eLIhrf0pT8cU0WI=' 'sha256-KjZ53HIXxxbhtsWnxUOMJRRuWe3cP+F+PAKBhftcBcI=' 'sha256-5tE+QeO3ovetty//utTr745XJN6FKm94VbeWIwPIyh8='  'sha256-U4B0mS5HV8QSqy4HMMxL/p7TWNypftsrHrY+YyKjkUQ=' 'sha256-N5kgcigXtpYdsF82gfGFNfaZD0wKIRjwuFsAZLJ6bF0=' 'sha256-GMvk8R0nZO8h8LxiarD82QeaCVyntWIitQ6aJWkuYSc='  'sha256-Sf9EqFJZFwSWsFQpVmqHNr97ss0CPbUK8OpAE1LE2Qg=' 'sha256-lWc7UVrMp6RTtmcvd9Vh8VSrkh25rWnaHIBM6Vjnhrs=' 'sha256-DNgArv2ehzgQX2+65VTrhGGpSeR12zjRtQvkwb7Awrs=' 'sha256-IAxC9Rd2fZY4DNunZk+9h9HZK9aOX6RFdIYV4jfVxgs=' 'sha256-rTmsUcJa6ybIfbb8BveF2YRzMNkIRKQRwDP2tGlp+XM=' 'sha256-UpFMpci6fDgNMRSSCbG47Dx4S8j82jSZo6iUQXj4Rag=' 'sha256-49HPT0ErgnH09txgCbwyHCO7v0iSutDyOjIbtt8Fwfg=' 'sha256-lvAtW0lL+W/57+dm0ODDEPeyvZmVPzecXlOS6i4WtO8=' 'sha256-1dG9B9LWzDkZiNUWWZP0temzDR0j6B8zBTdSW5Uxh5o=' 'sha256-r6VHatfrSVxyivDYcL8Z+1b3TgyDrL6vcJMfsTiE4/k=' 'sha256-x+/Jia3gssxpms09brdolhruYmeqYQQqE8Nrq8XZXso=' 'sha256-EMjDAL00Cw8v3glXM4DNo+/AZkGdkwR/UB2J2knPEYo=' 'sha256-P5nQ2/L5ASgQjcjKf81Bx8TxyIIef2hgx3rEda0sKAU=' 'sha256-sTJUb7A7cbPNFo4bltJS+5DuwCHHgeWu6IuQtMGnu9I=' 'sha256-QgP+90Ir9XxPTH5u/9vYoTMkNnA4w37ksw0Mh0Xir30='      ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src data: https: 'self';  script-src 'self' https://cdn.datatables.net 'sha256-VBEaEIhHvHkcU4tAZctglyGkwZWqNVDCN1bcC5atjsA=' 'sha256-6xl9bP7aiRRnnOGCn9vIFRB10opszBQtXHY5gGlEdpU=' 'sha256-6xl9bP7aiRRnnOGCn9vIFRB10opszBQtXHY5gGlEdpU=' 'sha256-dg6l1OQ33XAZieYmzIBDWGEoRLFdSJQ+xksb742AP9o=' 'sha256-Jpi2IpGJ2yLiIykHXHesRzAeWmbKk5JQ+IZtsfuWz0w=' 'sha256-qh8r9c9gPIW1kTEQ6Ff4xDaZp99tE8YxbNbVV9N34H0=' 'sha256-JW7UqKnwEcBK0dHPWHOZ+POIFatjgE++FWDO9qO2DC4=' 'sha256-LvtS1UOitpNIKVEuG+Riw7SXOfT6cROaEjfEEQ2h/DY=' 'sha256-o3aMPMVYma0WKGfdYGX/oir7ooE3uZnxCqVhujsqdS8=' 'sha256-rSKhq67dSCkoPaTAT45AYbKd0Dywn61L13QnOSDhB/8=' 'sha256-7sNNV6JW31D6o1yr2tHrIloS4nraw32SNE/qGtEJpI8=' 'sha256-tgsbVEJNPBAZlNkdGuFJ9pUR7rJd3m7sZACs9rmIoLQ=' 'sha256-cgnKZYUlGOJ7qYeDqLU4fF5P7q2y5oAF05BBvyEblRk=' 'sha256-s+/mbBUqZdpqSu9vFgNNQqSEJB984GFzl/slgYajTbk=' 'sha256-VFw4sJIt4Zc0+//eYnksN8Ku9qMhbPpHJEkXMWUiD30=' 'sha256-TovEGWaByB+OKFWgQh5VV3sPzwrIA/DZCzyElah9Np4=' 'sha256-JuifJgiuiYlFP73BJBUVzcG/63r54i9earqye6vtCa4=' 'sha256-19W2VRWi945NYX4a5Q41GXud53bWaJHp5Lqhzpnf3F4=' 'sha256-qVg7+8LvOrMTevbRGPHvfecW5N9gY+Nyw3ae39hzbAo=' 'sha256-iuKKe7JB1wYkaK0+ircWQxrwO1S3f11B0VPKyp0Z7eA=' 'sha256-cPt+yE0WquLfhuRSDe/pztlJ3h1uePOMgkx73R9liQA=' 'sha256-cS6PlyYvEOXWW4lnPIgpB30o+qZE4pTVXDoTs02Qnio=' 'sha256-hhJb/XkGCSdrf8gLiobhxfne29eEZ5vOGjZnkm2yCq4=' 'sha256-ydht7zQBtMcd2+cTDgD1dGPgrqyuwTroBwMkF5TalRU=' 'sha256-R/IILmnkdHEfQapqXm9CNdD3bRba7dINNixcMdeF5ns=' 'sha256-DIFMkqLQkpfS6AbhfY88LAW8V8ogXQmD3S/B6yaX94c=' 'sha256-URZR7pUftggie9f0ogR3sgGn3omhRqZh2zJa0IEPlPw=' 'sha256-M5y/hDF+FHfqFMETka2so8aaV+818fnPWMcZqMq+rMw=' 'sha256-C7nkopUvBMY2Nu7eO80cPLj50KrsK44FpQ2DVRlJiwA=' 'sha256-KcyFBV3KdxirurdXTqNSdjNHUVog/ZtRbn35W4gzBR0=' 'sha256-rdeaJcyy8gmaQR9YlnXrDEApAmiVyYMNAGdYlYPRTo0=' 'sha256-Wna9K4a8Nfnkmr6zpp0zX1zuvy7ZqxTrvNL/5hyrgGk=' 'sha256-G2eH1/ka5pzg8jLs2z82uzhmdu575ozTFDcziv0uQRg=' 'sha256-ehS3btFLiD9YMhKlrAPG6fePNfHAnU+OHznx+BuwKJM=' 'sha256-+rj9sHlDSocAmdZepDjvKqwVBUnhGg57FFroyj/vwDQ=' 'sha256-HR1MY4UGDrx7YaeStNjGgWKdkdTxhr5IyA+R5/YhpDU=' 'sha256-chnrj7x4v57787T+Jlshq+kOxiUuHIzYx2/3oFn4UT4=' 'sha256-LV/7uwstTqfMjWFOg8aqppktvbAw666HJcWnZq1vyZ0=' 'sha256-sgoHcLzPmDRhAeBmlymT6uzu7V0S1102N/1KX3OHOwc=' 'sha256-UBLR4SrWvAffWVvhQQKqHezRDAe1cFOWyYirtOL4oSA=' 'sha256-/n9vsSt1hwHyUwnAjzQc0XQOPOlZ+OGQtRYgISZW6AE=' 'sha256-ATDn/hfxHOsJ3SHeaCQIcON13qtdt8VR5LFNaFgJ35Q=' 'sha256-2WPC/FF6rDFYmE0XoEyaDpVlxfWOMPsLVjMRt6ePs6g=' 'sha256-NmN/SfPKtqXwhdfWP56UFbY39neAxlh8/AKy5I4L36Q=' 'sha256-p1TJzkHlaGx9Ljb0O5hMgALOby20mDkbKHUKWzVoOX0=' 'sha256-bkmMHYuKJnLT/X7ilwHiBzmT3ZBAueJWG7RCYy9bHSs=' 'sha256-9+mzWu23oF8zuec+iMGOTf77AKKUWYA8o7p3d4Bs0Ww=' 'sha256-+rmEQYjQB+J2be+V5IuBzaiAKquglktTPIRNH6DJc0g=' 'sha256-xU7rl1+kerWWllWkLh6hcUi46RARjHAcbR8OJprDMXs=' 'sha256-EI0Va0RBJY2pGs8luCAuRHMSSPtngiV1iCeawT0a0kk=' 'sha256-KJWp/4mX3TbJ84ye4xxQUN9Qcq/RNPuNxS/xnPf43EA=' 'sha256-5iZkeAGG7gLxgegvzRmfLRb9ZR11oxO06AgIVybQeL8=' 'sha256-dSZvM5bohhTXdaa0mFHQRDTUuH4dETbHmaUS0xSnJHs=' 'sha256-hNvhHz+EvjUVSHf4gpASC5y2PnvHb/RrVp/8ah6HHok=' 'sha256-J06JHkZVK1aclJEz4rKOfMrgDrnlZdTvabDYbFIeXBo=' 'sha256-2+GRZAvsETdcog7GuDMC8kMPR91dzEG76Y/BkhlslTY=' 'sha256-To2PrvPLE64ARg2dhr6om7phoRLZVkS+HrOSkqQk1hE=' 'sha256-AyYlNIEJ5rr0y30/9cR31rkJQBz4KmqsXf2DwZX4y00=' 'sha256-RTXxT6nm/sc/0yBMk1g093Q+QVcjnyJj97Ak41w9CZE=' 'sha256-SWXLr333IMc11Re+Jtv28OQ4VFm6NmZDTJTq4BwVfiY=' 'sha256-EiQGSEDnGyKINUa/FUxYP3v+r8ayz44gSi43oNA5+HY=' https://cdn.jsdelivr.net/npm/vue@2.7.14/dist/vue.min.js https://www.spil.com.tw/scripts/vue.min.js 'sha256-wKWu73S4IEX+kJaA85lt3WU3Z01GUPhSIjP+c3v2hj4=' 'sha256-ZLel8Bb+qFv4EQ7iWJsoElSWQqK2Grg+x5hYxo1f95s=' 'sha256-aluilaEpkwfdTL0QTo4fJscjpZM/MyWbgSpE2uU2hk4=' 'sha256-dpjLgBwRSMgL93yPHICx90Hg5BSXzbQMsm/k/iK/cBk=' 'sha256-zlp6Oaio3UYZJes1ziLZU9spg+LLWxXaFaKjDz+dOo0=' 'sha256-Qg4ESdQI1dLrzXOSy4Mg8OsP63OXxPjymwmDppzfX+A=' 'sha256-kIWQ2gkQxjQgQCIwFDhnGRjW/vPAfZ47wfqkKRbFHYc=' 'sha256-2CcVd8GsdLf5hgXGjyHqyYXuqPSLHsqqFXaUaJBZGoM=' 'sha256-DZhszK9xNynF/gpyNM0TEe2PaV90H3ISmLkvqtGJBVI=' 'sha256-zyFwZqyXRMLucprc1KI6D4+fjcy093W13E1zmauR5FI=' 'sha256-GeNMjWepDQys7SGeizOVDtsCEBfUPjjsAsdeq2TobBk=' 'sha256-gy9zxoVq8ZRZjczrM3KiJAInzMz+Ei50BgOujjeEaCU=' 'sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI=' 'sha256-U+bf+Df0cTOjIQDyH2YNQ5gjiSdHpjdyLm+b0Zml7bA=' 'sha256-4EDgcEeazN9tdoItFV/SRzwPpegHI6exExVi/c8QyVE=' 'sha256-3IneSKn83htbucDEnbBTtNbLgxR1oU3IiKr8k6fz2SM=' 'sha256-i6/YxxFOv30ohOhtSRW3Lijq0Y3j1Tjs8L74V4yGRGs=' 'sha256-lh3LVY6s3u4+iQdemQx1aLSNjiTe++0sPjsvWVOngZA=' 'sha256-aIUD89asOyeMV02P6BJ6h5Vwl+KraNNWTcPfC1rfwIw=' 'sha256-sTJUb7A7cbPNFo4bltJS+5DuwCHHgeWu6IuQtMGnu9I=' 'sha256-c1gfCV0RkLcU3GMAbuzhXgRMk1ZrJ/3tT16qeJRO5Fk=' 'sha256-sGIf+vsc8MPWoMQ+NzHT3VzrkNl77BxSooNfgKBq/pI=' 'sha256-cZDlDhWbq0oe9mQTwMrfs5p7rxKEfsZzlQZeFsHESRk=' 1
default-src 'self' *.remita.net/ www.youtube.com/ fonts.gstatic.com/ cdnjs.cloudflare.com/ stats.g.doubleclick.net/ webchat.ebanqo.io/ *.google-analytics.com  'unsafe-inline'; img-src 'self' res.cloudinary.com/ remita.net/ rpslblog.xyz/ connect.facebook.net/ data: ebanqo-logos.s3.amazonaws.com/ *.google-analytics.com www.facebook.com/ 'unsafe-inline'; style-src 'self' fonts.googleapis.com/ cdnjs.cloudflare.com/ cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' login.remita.net/remita/ cdnjs.cloudflare.com/ajax/ oss.maxcdn.com/ *.google-analytics.com connect.facebook.net/ oss.maxcdn.com/ www.googletagmanager.com cdn.jsdelivr.net/ widget.ebanqo.io/ 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.ibc.org; 1
script-src 'self' 'unsafe-inline' https://assets.getsimpl.com/ https://code.jquery.com/jquery-3.6.0.min.js http://cdn.getsimpl.com/ https://cdn.getsimpl.com/ https://www.googletagmanager.com https://www.google-analytics.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.yellowmessenger.com/ https://app.yellowmessenger.com/ http://static.clevertap.com/ https://in.wzrkt.com/ https://s3.amazonaws.com/ https://assets1.freshteam.com/ https://www.google.com/ https://www.gstatic.com/ https://recaptcha.google.com/; connect-src 'self' 'unsafe-inline' https://bff.getsimpl.com/ https://assets.getsimpl.com/ https://in.hotjar.com/ http://cdn.getsimpl.com/ https://cdn.getsimpl.com/ https://www.google-analytics.com/ https://app.yellowmessenger.com/ wss://app.yellowmessenger.com/ https://cdn.yellowmessenger.com/ https://getsimpl.zendesk.com/ http://static.clevertap.com/ https://in.wzrkt.com/ https://stats.g.doubleclick.net/ https://getsimpl.freshteam.com/ ;img-src 'self' https://cdn.shopify.com/s/files/ https://assets.getsimpl.com/ http://cdn.getsimpl.com/ https://cdn.yellowmessenger.com/ https://cdn.getsimpl.com/ https://www.google-analytics.com/ https://assets-ecs.getsimpl.com/ data:;media-src 'self' https://cdn.yellowmessenger.com/ https://cdn.yellowmessenger.com/;style-src 'self' 'unsafe-inline' https://assets.getsimpl.com/ https://assets1.freshteam.com/ https://s3.amazonaws.com;frame-src 'self' https://vars.hotjar.com/ https://www.google.com/ https://www.gstatic.com/ https://recaptcha.google.com/ http://chatbot-integration-service.getsimpl.com/;font-src 'self' https://assets.getsimpl.com/ http://cdn.getsimpl.com/ https://cdn.yellowmessenger.com/ https://fonts.gstatic.com/ 1
default-src 'self' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss://streaming.mypurecloud.com; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; upgrade-insecure-requests 1
base-uri 'none'; child-src blob: *; connect-src 'self' https://maps.sgcdn.cz https://*.google-analytics.com https://*.googleapis.com/ wss://www.zlavomat.sk https://www.facebook.com https://connect.facebook.net https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.cz https://*.google.sk https://*.googlesyndication.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://*.crazyegg.com https://directline.botframework.com wss://directline.botframework.com/ blob:; default-src 'self'; font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://pay.google.com; frame-ancestors 'self'; frame-src *; img-src blob: data: *; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'nonce-OTM5NzM0NDQ5YzAyNGI1M2EzNTljOWMzMzMzNWEyZDM=' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; worker-src 'self' blob:; report-uri /csplog 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; media-src * blob: ; worker-src * blob: 1
object-src 'none'; frame-ancestors 'self'; report-uri https://response.reliefweb.int/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.akamaihd.net manifest.prod.boltdns.net view.ceros.com code.jquery.com www.google.com static.cloud.coveo.com cdn.linkedin.oribi.io script.crazyegg.com z.moatads.com consent.cookiebot.com edge.api.brightcove.com vjs.zencdn.net consentcdn.cookiebot.com players.brightcove.net www.googletagmanager.com sjs.bizographics.com siteimproveanalytics.com static.addtoany.com stats.addtoany.com vidassets.terminus.services www.googleadservices.com googleads.g.doubleclick.net *.demandbase.com *.company-target.com snap.licdn.com www.google-analytics.com *.google-analytics.com *.analytics.google.com www.gstatic.com stats.g.doubleclick.net api.company-target.com maps.googleapis.com; frame-ancestors 'self'  players.brightcove.net bid.g.doubleclick.net consentcdn.cookiebot.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: *.boltdns.net *.fticonsulting.com px.ads.linkedin.com metrics.brightcove.com 63904.global.siteimproveanalytics.io p.adsymptotic.com vidassets.terminus.services www.google.com www.google.com.ec match.prod.bidr.io id.rlcdn.com www.google-analytics.com *.google-analytics.com *.analytics.google.com segments.company-target.com www.linkedin.com match.adsrvr.org maps.gstatic.com maps.googleapis.com www.googletagmanager.com ml.globenewswire.com wec-assets.terminus.services googleads.g.doubleclick.net wec-assets-api.terminus.services; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.cloud.coveo.com ; child-src 'self' 'unsafe-inline' blob: view.ceros.com *.company-target.com consentcdn.cookiebot.com players.brightcove.net www.google.com static.addtoany.com bid.g.doubleclick.net 1
upgrade-insecure-requests; default-src 'self' https; connect-src 'self' https://analytics.google.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net https://www.fuse.allenovery.com https://view.ceros.com https://labs.ceros.com https://sdk.ceros.com https://cdn.linkedin.oribi.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.googleadservices.com maps.googleapis.com www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com *.google-analytics.com fonts.googleapis.com apis.google.com www.youtube.com graph.facebook.com snap.licdn.com siteimproveanalytics.com https://*.podbean.com www.podbean.com https://*.allenovery.com https://*.gedikeraksoy.com https://*.allenovery.localhost https://*.gedikeraksoy.localhost https://*.devchg.com https://www.fuse.allenovery.com https://view.ceros.com https://labs.ceros.com https://sdk.ceros.com; img-src 'self' https://px.ads.linkedin.com https://p.adsymptotic.com https://i.ytimg.com https://*.siteimproveanalytics.io googleads.g.doubleclick.net maps.gstatic.com cdn.yoshki.com maps.googleapis.com https://www.google.co.uk/ads/ www.googletagmanager.com https://www.google.co.uk/ *.analytics.google.com *.google-analytics.com https://www.google.co.uk/ads/ https://www.google.com/ https://www.fuse.allenovery.com https://view.ceros.com https://labs.ceros.com https://sdk.ceros.com https://*.podbean.com www.podbean.com www.google.co.uk/ads data:; child-src 'self' blob: https://content.googleapis.com https://www.googletagmanager.com/ns.html; frame-src 'self' allenovery.daily.codehousegroup.com www.youtube.com comms.allenovery.com subscribe.allenovery.com sdn.sitecore.net www.ustream.tv cdn.yoshki.com https://*.podbean.com www.podbean.com https://video.ibm.com https://reggateway.com https://public.flourish.studio https://flo.uri.sh https://www.fuse.allenovery.com https://view.ceros.com https://labs.ceros.com https://sdk.ceros.com; media-src 'self'; frame-ancestors https://*.allenovery.com https://*.gedikeraksoy.com https://*.allenovery.localhost https://*.gedikeraksoy.localhost https://reggateway.com https://*.devchg.com https://www.fuse.allenovery.com https://view.ceros.com https://labs.ceros.com https://sdk.ceros.com; 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.stg.audian.com https://*.audian.com https://*.typekit.com https://*.typekit.net https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.googleapis.com https://*.tawk.to https://tawk.link https://fonts.gstatic.com https://www.gstatic.com https://*.stg.audian.com:8443 https://*.statuspage.io https://cdn.jsdelivr.net https://www.google-analytics.com https://maps.google.com wss://*.tawk.to;frame-ancestors 'self';report-uri https://sentry.audian.com:49443/api/18/security/?sentry_key=612819db7da642ecabae6c0db8dd5a3e&sentry_environment=production 1
script-src 'unsafe-inline' 'self' ajax.googleapis.com apis.google.com cdnjs.cloudflare.com; object-src 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-eIVXnp+9EoXt76ziCK99dQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' 'unsafe-inline' alcon.com *.myalcon.com *.lndo.site *.tealiumiq.com *.doubleclick.net https://myalcon-app.quantummetric.com *.cookielaw.org data: *.onetrust.com *.facebook.com *.facebook.net blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lndo.site alcon.com *.myalcon.com tags.tiqcdn.com https://cdn.quantummetric.com https://tags.tiqcdn.com https://cdn.quantummetric.com https://www.googletagmanager.com blob: https://*.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net *.tealiumiq.com *.contentsquare.net *.mookie1.com *.cookielaw.org *.onetrust.com *.facebook.net *.cloudflare.com *.tiktok.com *.facebook.com https://s.amazon-adsystem.com https://*.analytics.google.com https://*.googletagmanager.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' alcon.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' alcon.com *.facebook.com *.facebook.net https://*.google-analytics.com https://www.google.com https://s.amazon-adsystem.com *.doubleclick.net *.tiktok.com https://www.googletagmanager.com data: https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com *.cookielaw.org; frame-src 'self' *.doubleclick.net alcon.com *.facebook.com *.facebook.net https://*.ustudio.com; font-src 'self' alcon.com data: https://fonts.gstatic.com https://www.slant.co https://cdnjs.cloudflare.com; connect-src 'self' alcon.com *.myalcon.com *.tealiumiq.com https://myalcon-app.quantummetric.com https://stats.g.doubleclick.net https://bam.nr-data.net *.cookielaw.org *.onetrust.com *.tiktok.com *.google.com https://s.amazon-adsystem.com *.google.co.in *.facebook.com *.facebook.net data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ytimg.com *.ytimg.com youtube.com *.youtube.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru liveinternet.ru *.liveinternet.ru mail.ru *.mail.ru imgsmail.ru *.imgsmail.ru rbfive.bid *.rbfive.bid rambler.ru *.rambler.ru top100.ru *.top100.ru betweendigital.com *.betweendigital.com ad-score.com *.ad-score.com ; object-src 'self' yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; style-src 'self' 'unsafe-inline' * data: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; img-src * data: https: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru; media-src 'self' blob: * data: yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; frame-src 'self' youtube.com *.youtube.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru mail.ru *.mail.ru rutube.ru *.rutube.ru ; font-src 'self' data: gstatic.com *.gstatic.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru ; connect-src 'self' yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net yandexadexchange.net *.yandexadexchange.net yandex.st *.yandex.st yastat.net *.yastat.net adfox.ru *.adfox.ru mail.ru *.mail.ru rambler.ru *.rambler.ru statforweb.bid *.statforweb.bid tword.ru *.tword.ru realpush.digital *.realpush.digital rbfive.bid *.rbfive.bid pstatrbnew.bid *.pstatrbnew.bid pushreal.media *.pushreal.media realpush.news *.realpush.news betweendigital.com *.betweendigital.com mts.ru *.mts.ru ; 1
default-src 'self'; img-src https: 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'sha256-4k3RXmNL1bGKVQ1BQIlTF+aI0pPeNDFZOhevvXWVgo8=' 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com *.googlesyndication.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz connect.facebook.net polyfill.io cdn.jsdelivr.net plausible.io; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.goout.net www.googletagmanager.com www.googleadservices.com *.googlesyndication.com googleads.g.doubleclick.net www.google-analytics.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz c.seznam.cz connect.facebook.net *.facebook.com polyfill.io plausible.io blob: maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.goout.net fonts.googleapis.com; font-src https://fonts.gstatic.com data: 'self' fonts.gstatic.com static.goout.net; media-src 'self' https://storage.googleapis.com; connect-src 'self' gcf.goout.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: gooutnet-functions.global.ssl.fastly.net sentry.io *.google.com *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com googleads.g.doubleclick.net in.hotjar.com *.facebook.com connect.facebook.net plausible.io; object-src 'none'; frame-src vars.hotjar.com *.facebook.com connect.facebook.net *.imedia.cz goout.global.ssl.fastly.net *.google.com 1
frame-ancestors 'self' https://www.arcep.fr https://en.arcep.fr; 1
default-src 'self' data: *.tipos.sk http://*.tipos.sk *.etipos.sk wss://*.etipos.sk *.google.cz *.google.sk *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net botproductionstorage.blob.core.windows.net *.dnistastia.sk *.predubot.sk wss://*.predubot.sk wss://*.predu.sk *.cookiebot.com uuapp.plus4u.net *.adform.net *.teads.tv *.adocean.pl api.ipify.org *.sportradar.com 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jivosite.com cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com apis.google.com www.google.com www.gstatic.com yastatic.net yandex.st *.maps.yandex.net *.yandex.ru browser-update.org vk.com; report-uri /__cspreporting__; 1
frame-ancestors https://www.paypal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.paypal.com; font-src 'self' data:; img-src 'self' data: https://domainreselling.de https://www.united-domains.de https://*; base-uri 'self' https://www.paypal.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://ipayment.de https://www.paypal.com; form-action 'self' https://www.paypal.com https://domainreselling.de https://ipayment.de; frame-src 'self' https://www.paypal.com; default-src 'none' 1
default-src 'nonce-041db54b3fd16010c18a500547694bd1' 'self';font-src 'self' data: *.hotjar.com *.hotjar.io;media-src 'self';style-src 'self' 'unsafe-inline' tagmanager.google.com *.tiles.mapbox.com *.consentmanager.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eventim-light.com *.gstatic.com *.googleapis.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net *.g.doubleclick.net *.googleadservices.com *.go-mpulse.net *.hotjar.com *.hotjar.io *.consentmanager.net *.pardot.com info.eventim-light.de;img-src 'self' data: blob: api.mapbox.com *.eventim.com *.eventim.net *.eventim-light.com *.gstatic.com *.ggpht.com *.googleapis.com *.googlevideo.com *.google.com *.google.de *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.fbsbx.com *.adform.net *.akstat.io *.g.doubleclick.net *.googleadservices.com i.vimeocdn.com *.hotjar.com *.hotjar.io *.consentmanager.net;frame-src 'self' www.google.com *.kps-payment.de *.hotjar.com *.hotjar.io *.consentmanager.net *.vimeo.com www.eventim-light.de www.eventim-light.es www.eventim-light.no www.lippu-light.fi www.ticketcorner-light.ch www.eventim-light.se www.billetlugen-light.dk www.oeticket-light.com www.eventim-light.co.uk;frame-ancestors 'self' *.eventim.net *.eventim-light.com:*;connect-src 'self' *.eventim.com *.eventim-light.com *.facebook.com bankauswahl.giropay.de *.tiles.mapbox.com *.mapbox.com *.akstat.io *.go-mpulse.net *.akamaihd.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.hotjar.com *.hotjar.com:* *.hotjar.io *.consentmanager.net sentry.ops.tixx-dev.de wss://*.hotjar.com *.googlesyndication.com blob:;worker-src 'self' blob:;child-src blob: 1
default-src 'self' *.forthnet.gr;  child-src 'self' blob: *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; frame-ancestors 'self' fonts.googleapis.com; 1
frame-src 'self' www.youtube.com www.google.com www.facebook.com 1
default-src 'self' blob:; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; img-src * data: blob:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; worker-src * blob:; style-src * 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODEyN2QzMzMzMTZlNDk1ZThkZjIzZmNiMTBjYjYwZTM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.om.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.om.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.om.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self';       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.axcient.com *.efolder.co https://tagmanager.google.com       https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com       pendo-io-static.storage.googleapis.com *.pendo.io https://www.gstatic.com       pendo-static-5803311302049792.storage.googleapis.com *.crazyegg.com use.typekit.net *.salesforce.com *.my.site.com       *.salesforceliveagent.com *.lightning.force.com;       style-src 'self' 'unsafe-inline' *.axcient.com *.efolder.co *.pendo.io https://tagmanager.google.com       https://fonts.googleapis.com pendo-static-5803311302049792.storage.googleapis.com *.crazyegg.com use.typekit.net       https://www.gstatic.com *.salesforce.com *.my.site.com *.salesforceliveagent.com *.lightning.force.com;       font-src 'self' use.typekit.net https://fonts.gstatic.com data:;       img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com       https://*.g.doubleclick.net https://*.google.com https://*.google.com *.pendo.io       pendo-static-5803311302049792.storage.googleapis.com *.crazyegg.com p.typekit.net       https://ssl.gstatic.com https://www.gstatic.com *.salesforce.com *.my.site.com *.salesforceliveagent.com       *.lightning.force.com;       frame-ancestors 'self' *.pendo.io https://*.axcient.net *.axcient.net  https://*.axcient.net;       frame-src * data: ;       connect-src 'self' wss: https://*.google-analytics.com https://*.analytics.google.com api.feedback.us.pendo.io        https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com       *.pendo.io pendo-static-5803311302049792.storage.googleapis.com *.crazyegg.com performance.typekit.net       *.salesforce.com *.my.site.com *.salesforceliveagent.com *.lightning.force.com;       child-src 'self' *.pendo.io 1
default-src 'self' data: *.quackquack.in *.quackquack.co.in *.imgassets.quackquack.co suggestions.quackquack.in:3005 *.usrimg.quackquack.co imgassets.quackquack.co *.google-analytics.com wss://qqchat.quackquack.in:* wss://msg.quackquack.in:* wss://chat.quickblox.com:* *.doubleclick.net *.googleapis.com fcm.googleapis.com *.facebook.net *.facebook.com *.instagram.com *.cashfree.com *.razorpay.com *.stripe.com *.open.money *.hotjar.com *.bing.com *.googleusercontent.com *.collatebox.com *.aspnetcdn.com *.scpassets.quackquack.co scpassets.quackquack.co *.hotjar.io hotjar.io google.com *.google.com doubleclick.net  *.google.co.in  *.gstatic.com *.quickblox.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.googletagmanager.com *.googlesyndication.com *.sentry.io ;img-src  * data: blob: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' *.quackquack.in *.fonts.googleapis.com *.fonts.gstatic.com fonts.gstatic.com *.googleusercontent.com *.bootstrapcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io qqfonts.quackquack.co; style-src 'self' data: 'unsafe-inline' *.quackquack.in *.googleapis.com *.scpassets.quackquack.co scpassets.quackquack.co *.bootstrapcdn.com *.cloudflare.com *.datatables.net;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.quackquack.in *.facebook.net *.googletagmanager.com *.google-analytics.com *.instagram.com *.googleadservices.com *.razorpay.com *.cashfree.com *.stripe.com *.open.money *.hotjar.com *.doubleclick.net *.bing.com *.collatebox.com *.aspnetcdn.com *.jquery.com *.cdn-apple.com scpassets.quackquack.co *.scpassets.quackquack.co *.googleapis.com googleapis.com *.google.com google.com  *.twitter.com *.googlesyndication.com *.cloudflare.com *.bootstrapcdn.com *.google.co.in *.datatables.net  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io qqscpts.quackquack.co *.gstatic.com browser.sentry-cdn.com ;child-src 'self' *.quackquack.in *.facebook.com *.facebook.net *.stripe.com *.open.money *.razorpay.com *.hotjar.com *.youtube.com *.twitter.com *.google.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com https://www.google.com; worker-src 'self' quackquack.in;frame-src 'self' *.instagram.com *.googletagmanager.com *.facebook.com *.stripe.com *.hotjar.io *.hotjar.com *.doubleclick.net *.youtube.com *.razorpay.com *.twitter.com *.googlesyndication.com *.open.money *.google.com; media-src *.giphy.com *.quackquack.in *.quackquack.co recordings.office24by7.com;   report-uri /qq/csp-report/ 1
default-src 'self'; connect-src 'self' https://ddaccess.labcorp.com https://analytics.google.com *.linkedin.oribi.io *.algolianet.com https://6pskq0iljc-dsn.algolia.net https://labcorp-holdings.okta.com https://labcorp-holdings-stage.oktapreview.com https://bcbolt446c5271-a.akamaihd.net https://manifest.prod.boltdns.net https://edge.api.brightcove.com https://www.snapengage.com https://s722592.t.eloqua.com *.adobecqms.net https://kit-pro.fontawesome.com https://www.google-analytics.com *.iperceptions.com https://in.hotjar.com https://covance.sc.omtrdc.net https://covanceinc.tt.omtrdc.net https://stats.g.doubleclick.net https://dpm.demdex.net https://viewlicense.adobe.io https://maps.googleapis.com https://amcglobal.sc.omtrdc.net https://covancecom.mpeasylink.com; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://ok1static.oktacdn.com *.drugdevelopment.labcorp.com *.biopharma.labcorp.com https://covancecom.mpeasylink.com https://fonts.googleapis.com; font-src 'self' https://ok1static.oktacdn.com https://fonts.gstatic.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://bh.contextweb.com https://connect.facebook.net *.brandcdn.com https://tracking1.labcorp.com https://img.en25.com https://cdn.jsdelivr.net https://ok1static.oktacdn.com https://view.ceros.com https://analytics.convertlanguage.com https://drugdevelopment.labcorp.com *.drugdevelopment.labcorp.com https://biopharma.labcorp.com *.biopharma.labcorp.com https://vjs.zencdn.net https://map.brightcove.com https://assets.map.brightcove.com https://cdn5.userzoom.com https://kit-pro.fontawesome.com https://assets.adobedtm.com https://covancecom.mpeasylink.com https://www.google-analytics.com https://urldefense.com https://www.googletagmanager.com https://tag.simpli.fi https://static.hotjar.com *.iperceptions.com https://snap.licdn.com https://js.adsrvr.org https://static.ads-twitter.com https://www.googleadservices.com https://dpm.demdex.net https://analytics.twitter.com https://script.hotjar.com https://i.simpli.fi https://googleads.g.doubleclick.net https://maps.googleapis.com https://storage.googleapis.com https://www.google.com https://www.snapengage.com https://www.gstatic.com https://documentcloud.adobe.com https://documentservices.adobe.com https://www.youtube.com https://l2.io https://ssl.google-analytics.com https://players.brightcove.net https://img03.en25.com blob:; img-src 'self' *.iperceptions.com https://analytics.twitter.com https://www.facebook.com *.brandcdn.com https://insight.adsrvr.org https://tracking1.labcorp.com https://www.googletagmanager.com https://ok1static.oktacdn.com https://analytics.convertlanguage.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://googleads.g.doubleclick.net *.linkedin.com *.linkedin.oribi.io https://t.co https://p.adsymptotic.com https://www.google.com https://www.google.com.gt https://www.google-analytics.com https://drugdevelopment.labcorp.com https://biopharma.labcorp.com https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://cm.everesttech.net https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://s409256115.t.eloqua.com https://um.simpli.fi https://www.googleadservices.com https://cm.g.doubleclick.net https://covance.sc.omtrdc.net data:; frame-ancestors 'self' https://match.adsrvr.org; frame-src 'self' *.brandcdn.com https://view.ceros.com https://10644661.fls.doubleclick.net https://players.brightcove.net *.iperceptions.com https://insight.adsrvr.org https://vars.hotjar.com https://covancecom.mpeasylink.com https://covanceinc.demdex.net https://bid.g.doubleclick.net https://documentcloud.adobe.com https://documentservices.adobe.com https://www.google.com https://match.adsrvr.org; media-src https://www.snapengage.com blob: 1
default-src blob: https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data: 'self'; frame-ancestors 'self' http: https:; base-uri 'self'; form-action 'self' https://*.emploi-environnement.com https://*.paybox.com 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-scripts allow-top-navigation; base-uri 'none' 1
frame-ancestors 'self' https://tuamc.tv 1
font-src *.gstatic.com data: script.hotjar.com static.lipscore.com *.klarnacdn.net 'self' data: *.hotjar.com *.hotjar.io *.zmags.com *.googleapis.com *.europris.no 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com facebook.com *.facebook.com *.facebook.net *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.youtube.com *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com *.charpstar.net *.google.com *.adsrvr.org *.snapchat.com *.facebook.com *.jsdelivr.net *.hotjar.com *.europris.no player.vimeo.com *.hotjar.io *.zmags.com candidate.hr-manager.net tpc.googlesyndication.com *.doubleclick.net europris.leadfamly.com static.itxuc.com policy.app.cookieinformation.com europris.campaign.playable.com www.linkedin.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.googletagmanager.com static.lipscore.com blob: img.youtube.com *.klarnacdn.net *.klarnaservices.com 'self' data: charpstar.se i.ytimg.com *.googleapis.com *.zmags.com *.europris.no *.google.lt *.google.sk *.google.ie *.google.es *.google.nl *.google.fr *.doubleclick.net *.facebook.com *.facebook.net ep-campaign-images.temalogic.com gen.sendtric.com *.googlesyndication.com gtm-w4pzjrn-njm2m.uc.r.appspot.com *.bing.com *.streamify.io *.clarity.ms *.linkedin.com *.licdn.com *.ads.licdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com jquery.sellxed.com *.google.com *.gstatic.com *.google-analytics.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io static.lipscore.com *.klarnacdn.net *.klarnaservices.com *.charpstar.net *.googleapis.com *.zmags.com c.z-analytics.net *.googletagmanager.com *.hotjar.com *.hotjar.io *.facebook.net *.jsdelivr.net *.adsrvr.org sc-static.net *.adform.net *.europris.no *.googlesyndication.com services.itxuc.com policy.app.cookieinformation.com gtm-w4pzjrn-njm2m.uc.r.appspot.com *.bing.com *.clarity.ms *.zma.gs *.streamify.io *.snapchat.com *.lunio.ai demoapp-api.bloomreach.com api-engagement.bloomreach.com api.exponea.com api.eu1.exponea.com europris.campaign.playable.com cdn-engagement.bloomreach.com snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.gstatic.com *.googleapis.com *.google.com static.lipscore.com *.klarnacdn.net *.zmags.com *.europris.no *.googletagmanager.com gtm-w4pzjrn-njm2m.uc.r.appspot.com *.streamify.io *.zma.gs *.licdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: *.streamify.io blob: media.linkedin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.google.com *.googleapis.com t.elasticsuite.io wapi.lipscore.com users.lipscore.com https://app.getsentry.com *.klarnaservices.com *.charpstar.net europris.ingest.z-analytics.net *.zmags.com *.hotjar.io *.europris.no *.facebook.com *.lunio.ai *.snapchat.com *.googlesyndication.com *.cookieinformation.com *.clarity.ms *.streamify.io wss://*.streamify.io *.zma.gs *.googletagmanager.com no-europris-saas1.collector.snplow.net demoapp-api.bloomreach.com api-engagement.bloomreach.com api.exponea.com api.eu1.exponea.com europris.campaign.playable.com cdn-engagement.bloomreach.com *.linkedin.com *.licdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
frame-ancestors 'self' localhost:* https://*.doccle.be https://*.doccle.nl https://*.doccle-test.be 1
default-src 'self' *.rockbot.com;
 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rockbot.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.hs-analytics.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net https://cdn.amplitude.com https://assets.zendesk.com https://static.zdassets.com *.zopim.com https://connect.facebook.net https://cdnjs.cloudflare.com https://d2x3f3hu3pbot6.cloudfront.net https://code.sorryapp.com https://optimize.google.com *.googleoptimize.com *.neverbounce.com *.chilipiper.com *.bing.com *.canva.com *.marker.io *.hotjar.com *.zi-scripts.com *.licdn.com;
 img-src 'self' data: blob: *.rockbot.com *.google-analytics.com *.facebook.com *.zendesk.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.doubleclick.net *.hubspot.com *.hsforms.com *.facebook.com https://d2x3f3hu3pbot6.cloudfront.net https://roqbot.s3.amazonaws.com https://optimize.google.com https://bat.bing.com *.scdn.co *.twimg.com *.canva.com *.sanity.io https://px.ads.linkedin.com *.spotifycdn.com;
 style-src 'self' *.rockbot.com 'unsafe-inline' https://fonts.googleapis.com https://ajax.googleapis.com https://assets.zendesk.com https://cloud.typography.com *.typekit.net https://d2x3f3hu3pbot6.cloudfront.net https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://code.sorryapp.com https://optimize.google.com https://cdnjs.cloudflare.com https://pro.fontawesome.com *.canva.com;
 font-src 'self' data: *.rockbot.com https://d2x3f3hu3pbot6.cloudfront.net *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.sorryapp.com https://fonts.gstatic.com https://cdn.neverbounce.com *.canva.com;
 frame-src 'self' *.rockbot.com *.hsforms.com https://rockbot.wufoo.com https://www.google.com *.doubleclick.net https://optimize.google.com *.canva.com https://app.marker.io https://rockbot1.typeform.com;
 frame-ancestors 'self' http://*.rockbot.com https://*.rockbot.com;
 media-src 'self' data: blob: rockbot.com *.rockbot.com https://secure.cdn.wearevl.com *.mcnemanager.com *.zdassets.com https://d2x3f3hu3pbot6.cloudfront.net;
 connect-src blob: 'self' *.rockbot.com *.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.zdassets.com https://rockbot.zendesk.com https://api.amplitude.com https://forms.hubspot.com *.hsforms.com *.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com *.sorryapp.com *.greenhouse.io wss://widget-mediator.zopim.com *.chilipiper.com https://api.rollbar.com *.bing.com *.sanity.io *.marker.io https://s3.eu-west-1.amazonaws.com wss://ws.hotjar.com *.hotjar.io *.zi-scripts.com *.zoominfo.com https://px.ads.linkedin.com;
 object-src 'none' 1
frame-ancestors 'self' https://z-virtualbooth.com/ https://www.z-virtualbooth.com/ https://z-virtualbooth.com/nav-panels/2022-aaep/aaep/aaep.html/ https://www.z-virtualbooth.com/nav/dx/index.html 1
default-src 'self'; frame-ancestors 'self' https://*.socialstyrelsen.se https://kunskapsguiden.se https://kollpasoc.se https://csdsamverkan.se; frame-src 'self' https://web103.reachmee.com https://datawrapper.dwcdn.net https://www.googletagmanager.com https://player.vimeo.com https://www.youtube.com https://play.mediaflowpro.com https://player.buster.se https://api.screen9.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com; media-src 'self' blob: https://*.socialstyrelsen.se https://*.speechstream.net; script-src 'self' 'unsafe-inline' https://*.socialstyrelsen.se https://web103.reachmee.com https://datawrapper.dwcdn.net https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.vimeocdn.com https://player.vimeo.com https://player.buster.se https://du5hbgn2lcfpf.cloudfront.net https://sl.p.jwpcdn.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.socialstyrelsen.se https://web103.reachmee.com https://plus.browsealoud.com https://www.youtube.com https://*.vimeocdn.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com; img-src 'self' data: https://*.socialstyrelsen.se https://web103.reachmee.com https://plus.browsealoud.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://i.ytimg.com https://yt3.ggpht.com https://*.vimeocdn.com https://du5hbgn2lcfpf.cloudfront.net https://du5hbgn2lcfpf.cloudfront.net https://prd.jwpltx.com https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com; font-src 'self' https://*.socialstyrelsen.se https://fonts.gstatic.com; connect-src 'self' https://*.socialstyrelsen.se https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.youtube.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.googlevideo.com https://static.doubleclick.net https://116vod-adaptive.akamaized.net https://*.vimeocdn.com https://vimeo.com https://player.buster.se https://du5hbgn2lcfpf.cloudfront.net https://storage.googleapis.com https://survey-collector-5ob63ubxcq-lz.a.run.app https://merkleoutfox.weeblysite.com https://cdn.merklesurvey.com https://*.google-analytics.com https://*.analytics.google.com; 1
font-src fonts.googleapis.com fonts.gstatic.com; img-src 'self' wwwcdn.dges.gov.pt 1
frame-ancestors 'self' https://www.facebook.com https://business.facebook.com 1
img-src 'self' https://*.902.gr https://*.twitter.com https://*.ytimg.com https://*.twimg.com https://*.google.gr https://*.google.com data: https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; 1
default-src 'self' https://*.itcstore.in https://*.webeyez.com https://send.webeyez.com https://r.webeyez.com https://dpm.demdex.net https://script.mfilterit.net https://*.googleapis.com https://*.gstatic.com https://unification.useinsider.com https://*.useinsider.com https://*.api.useinsider.com https://itcindia.inone.useinsider.com https://client.app.apty.io wss://*.useinsider.com *.criteo.com *.criteo.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com api.useinsider.com https://www.itcstore.in https://*.itcstore.in https://stagingpwa.itcstore.in https://prod.itcstore.in https://itc.amelia.com https://checkout.razorpay.com https://itcindiauat.useinsider.com https://itcindia.api.useinsider.com https://itcindiauat.api.useinsider.com https://iowizard.api.useinsider.com https://eitri.api.useinsider.com https://itcindia.useinsider.com https://adobedtm.com https://assets.adobedtm.com http://assets.adobedtm.com https://*.adobedtm.com https://www.googletagmanager.com https://www.google-analytics.com https://send.webeyez.com https://r.webeyez.com https://dpm.demdex.net https://sec.webeyez.com https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com http://t.contentsquare.net https://*.gstatic.com https://script.mfilterit.net ws://gc.kes.v2.scr.kaspersky-labs.com http://gc.kes.v2.scr.kaspersky-labs.com itcindiauat.api.useinsider.com bat.bing.com connect.facebook.net https://accounts.google.com sec.webeyez.com https://cdn.webeyez.com http://tpc.googlesyndication.com https://js.adsrvr.org https://unification.useinsider.com https://itcindia.inone.useinsider.com https://client.app.apty.io https://dynamic.criteo.com https://edge.fullstory.com *.criteo.com *.criteo.net https://js-agent.newrelic.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com api.useinsider.com https://www.itcstore.in https://*.itcstore.in https://stagingpwa.itcstore.in https://prod.itcstore.in https://itcindia.inone.useinsider.com https://client.app.apty.io https://itc.amelia.com https://checkout.razorpay.com https://itcindiauat.useinsider.com https://itcindia.api.useinsider.com https://itcindiauat.api.useinsider.com https://iowizard.api.useinsider.com https://eitri.api.useinsider.com https://itcindia.useinsider.com https://adobedtm.com https://assets.adobedtm.com http://assets.adobedtm.com https://*.adobedtm.com https://www.googletagmanager.com https://www.google-analytics.com https://send.webeyez.com https://r.webeyez.com https://dpm.demdex.net https://sec.webeyez.com https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com http://t.contentsquare.net https://*.gstatic.com https://script.mfilterit.net ws://gc.kes.v2.scr.kaspersky-labs.com http://gc.kes.v2.scr.kaspersky-labs.com itcindiauat.api.useinsider.com bat.bing.com connect.facebook.net https://accounts.google.com sec.webeyez.com https://cdn.webeyez.com http://tpc.googlesyndication.com https://js.adsrvr.org https://unification.useinsider.com https://edge.fullstory.com https://dynamic.criteo.com *.criteo.com *.criteo.net https://js-agent.newrelic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com https://www.itcstore.in https://*.itcstore.in https://stagingpwa.itcstore.in https://prod.itcstore.in https://itcindiauat.useinsider.com https://fonts.googleapis.com https://itcindia.api.useinsider.com http://t.contentsquare.net https://itc.amelia.com https://itcindiauat.api.useinsider.com https://eitri.api.useinsider.com https://itcindia.useinsider.com https://adobedtm.com https://checkout.razorpay.com https://assets.api.useinsider.com https://assets.adobedtm.com http://assets.adobedtm.com https://*.adobedtm.com https://www.googletagmanager.com https://www.google-analytics.com https://dynamic.criteo.com https://itcindia.inone.useinsider.com https://client.app.apty.io ;img-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com * https://itcindia.inone.useinsider.com https://client.app.apty.io http://t.contentsquare.net https://unification.useinsider.com https://dynamic.criteo.com *.facebook.com *.criteo.com googleads.g.doubleclick.net data: blob:; media-src 'self' https://*.itcstore.in data: blob: *; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.itcstore.in https://fonts.gstatic.com https://font.static.useinsider.com *.useinsider.com *.api.useinsider.com data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com * https://itc.amelia.com https://*.itcstore.in https://unification.useinsider.com https://www.youtube.com https://vimeo.com *.vimeo.com *.youtube.com https://itcindiauat.api.useinsider.com https://itcindia.api.useinsider.com https://itcindia.api.useinsider.com http://t.contentsquare.net https://itcindia.inone.useinsider.com https://client.app.apty.io *.criteo.com *.criteo.net * blob; connect-src 'self' * https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com https://itcindia.api.useinsider.com https://itcindia.inone.useinsider.com https://client.app.apty.io https://unification.useinsider.com *;base-uri 'self'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com https://stagingpwa.itcstore.in https://prod.itcstore.in https://itcstore.in https://unification.useinsider.com https://itcindia.inone.useinsider.com https://client.app.apty.io data: blob:;object-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline'; font-src https: data:; frame-ancestors 'self'; report-uri https://www.guntrader.uk/report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.fr https://www.myheritage.fr  'nonce-9a6f5b08e6f24d801cf3f2448392fbf3' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.fr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; connect-src 'self' *.securewtkr.com *.voxus.tv *.visualwebsiteoptimizer.com *.iderydayattionsor.com *.clarity.ms *.go2cloud.org *.getrmads.com analytics.tiktok.com *.speedio.com.br vivovalorizaempresas.vivo.com.br ejlwkr.api.infobip.com *.googlesyndication.com *.googleapis.com viacep.com.br *.google.com *.vendavalida.com.br *.dynaton.com.br immakersads.g2afse.com *.g2afse.com *.vertdigital.dev *.getnet.com.br optimize.google.com c.bing.com hitbr.acstat.com api.ipify.org logs-01.loggly.com *.enviou.com.br *.smct.co *.smct.io *.amazonaws.com *.omguk.com *.advcakebr.com *.voxus.com.br *.targeting.voxus.com.br *.taboola.com bat.bing.com cdn-prod.securiti.ai app.securiti.ai *.hotjar.io *.hotjar.com *.doubleclick.net artfut.com s.yimg.com *.g.doubleclick.net v2.afilio.com.br *.facebook.com *.google-analytics.com; font-src 'self' *.securewtkr.com fonts.gstatic.com data: https: 'unsafe-eval' 'unsafe-inline' 'self' ; frame-src 'self' *.securewtkr.com *.linkado.vc *.fulllab.com.br *.doubleclick.net *.go2cloud.org linkado.vc *.linkado.vc *.google.com datastudio.google.com *.cloudfront.net smct.co *.facebook.com privacy-central.securiti.ai targeting.voxus.tv *.fls.doubleclick.net admaxium.com *.creativecdn.com *.g.doubleclick.net event.getblue.io js.admediasales.com rd.afftrack.pro vars.hotjar.com *.youtube.com; img-src 'self' data: *.securewtkr.com *.visualwebsiteoptimizer.com *.doubleclick.net *.go2cloud.org *.baidu.com *.mobfox.com *.googlesyndication.com *.googletagmanager.com *.deepintent.com *.gstatic.com *.rlcdn.com *.demdex.net *.bluekai.com *.rlcdn.com *.ads.yieldmo.com *.clmbtech.com *.tremorhub.com *.ad.smaato.net *.liadm.com *.ivitrack.com *.socdm.com *.3lift.com *.teads.tv *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.pubmatic.com *.outbrain.com *.mediavine.com *.media.net *.360yield.com *.casalemedia.com *.g.doubleclick.net *.bidswitch.net *.simpli.fi *.taboola.com *.analytics.yahoo.com *.omnitagjs.com *.stickyadstv.com *.revcontent.com *.yieldlab.net *.bing.com *.fls.doubleclick.net *.enviou.com.br enviou.com.br *.smct.co *.smct.io *.amazonaws.com secure.gravatar.com *.adnxs.com *.mxfwdredir.com its.tradelab.fr pixel.adensemble.com *.linkedin.com *.getnet.com.br optimize.google.com sp.analytics.yahoo.com t.teads.tv *.facebook.com *.google-analytics.com *.google.com *.google.com.br ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.securewtkr.com *.voxus.tv *.iderydayattionsor.com *.fulllab.com.br *.lista10.dev *.visualwebsiteoptimizer.com *.go2cloud.org *.getrmads.com *.clarity.ms *.speedio.com.br vivovalorizaempresas.vivo.com.br ejlwkr.api.infobip.com viacep.com.br analytics.tiktok.com *.hotjar.io *.vendavalida.com.br *.jsdelivr.net smct.co *.googleoptimize.com *.dynaton.com.br immakersads.g2afse.com *.g2afse.com *.vertdigital.dev ca.enviou.com.br *.smct.co *.smct.io *.amazonaws.com *.getnet.com.br optimize.google.com *.google.com *.googleapis.com *.doubleclick.net *.fls.doubleclick.net hitbr.acstat.com *.acstat.com *.omguk.com *.advcakebr.com *.voxus.com.br cdn.targeting.voxus.com.br artfut.com *.artfut.com *.pinterest.com *.pinimg.com *.tradelab.fr *.dataroyal.com.br aprtn.com bat.bing.com cdn-prod.securiti.ai cdnjs.cloudflare.com code.jquery.com connect.facebook.net d1fc8wv8zag5ca.cloudfront.net ib.adnxs.com js.admediasales.com p.teads.tv pixel.adensemble.com rd.afftrack.pro s.yimg.com s3-sa-east-1.amazonaws.com scripts.rtg.sale *.mxfwdredir.com secure.afilio.com.br *.g.doubleclick.net snap.licdn.com sp.analytics.yahoo.com *.hotjar.com tag.rmp.rakuten.com *.taboola.com vu.adschoom.com *.getblue.io *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googletagservices.com *.youtube.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.securewtkr.com *.google.com *.googleapis.com cdn-prod.securiti.ai cdnjs.cloudflare.com; media-src 'self' *.securewtkr.com ; worker-src 'self' blob:; object-src 'none' 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data: https://a.omappapi.com https://api.omappapi.com https://*.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;frame-ancestors 'self';frame-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googlesyndication.com https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;img-src 'self' https: http: data: res.cloudinary.com https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;object-src 'none';connect-src 'self' https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;script-src 'self' https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googletagmanager.com https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/ 'nonce-4828a4b4a467316800bb2c8ec5d7c232';style-src 'self' fonts.googleapis.com/css2 https://a.omappapi.com https://*.googleapis.com https://api.omappapi.com 'unsafe-inline' https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https://*.ntc.net.np https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; form-action 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https://*.ntc.net.np https://www.google-analytics.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.art; img-src 'self' https: data: blob: https://mastodon.art; style-src 'self' https://mastodon.art 'nonce-KQk+QtnB3A5ovWosCDzpDQ=='; media-src 'self' https: data: https://mastodon.art; frame-src 'self' https:; manifest-src 'self' https://mastodon.art; form-action 'self'; child-src 'self' blob: https://mastodon.art; worker-src 'self' blob: https://mastodon.art; connect-src 'self' data: blob: https://mastodon.art https://cdn.masto.host wss://mastodon.art; script-src 'self' https://mastodon.art 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://frontend.pttn.com; 1
frame-ancestors 'self' *.virginmediabusiness.co.uk *.upc.biz *.virginmediabusiness.cs87.force.com *.virginmediabusiness.co.uk engagetest3.systems.private virginmediabusiness.force.com; 1
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss:;  style-src https: 'unsafe-inline' data:; img-src https: data: blob:; font-src https: data:; object-src 'none'; report-uri /csp-report; report-to /csp-report 1
frame-ancestors 'self' https://*.facebook.com https://*.messenger.com 1
frame-ancestors https://bccondos.net https://www.gradschoolmatch.com/; 1
frame-ancestors 'self' *.dunnesstoresgrocery.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4grceq1iqu9lu&partner=; 1
frame-ancestors 'self' doxxbet.sk www.doxxbet.sk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://cdn.jsdelivr.net/npm/daterangepicker/ https://live.primis.tech/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https:; font-src 'none'; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https: blob:; worker-src 'none'; prefetch-src 'self' https:; form-action 'self' https: https://newsletter.thestreamable.com 1
default-src 'none'; img-src 'self' data: https://ssl.gstatic.com https://www.gstatic.com https://res.cloudinary.com 8218820.fls.doubleclick.net https://vipps.no https://www.vipps.no https://px.ads.linkedin.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.no https://www.googletagmanager.com; object-src  'self' https://vipps.no/documents/; font-src  'self' https://fonts.gstatic.com; manifest-src 'self'; child-src 'self' 8218820.fls.doubleclick.net https://player.gobistories.co https://www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://checkout.vipps.no https://cdn.mxpnl.com https://euwa.puzzel.com https://feedback.puzzel.com/; frame-src https://www.youtube-nocookie.com https://www.google.com https://player.gobistories.co https://8218820.fls.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src  'self' https://api.gobistories.co https://chat.vipps.no https://chat-test.vsmb.no/ https://vipps.no https://www.vipps.no https://api-eu.mixpanel.com https://api.puzzel.com/; form-action  'self' https://webto.salesforce.com https://vipps.no https://www.vipps.no https://login-staging.vipps.io/ https://login.vipps.io/ 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com *.ne.ch; 1
child-src 'none'; 1
img-src * data:; default-src * 'self' https://* 'unsafe-inline' 'unsafe-eval'; 1
block-all-mixed-content; default-src 'self' 'unsafe-inline' *.easyship.com app.hubspot.com player.vimeo.com  https://*.hotjar.com https://*.google.com;   form-action 'self'; frame-ancestors 'self' *.easyship.com https://*.rainfactory.com https://*.pachelp.com; object-src 'none'; font-src 'self' data: *.easyship.com https://*.hotjar.com; connect-src 'self' *.easyship.com *.google.com *.hubspot.com *.google-analytics.com stats.g.doubleclick.net sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com cdn.plyr.io *.ipify.org https://*.hsforms.com; img-src 'self' *.easyship.com *.bing.com *.google.com *.linkedin.com *.hubspot.com *.intelligent-company-365.com *.facebook.com *.facebook.net easyship.ghost.io *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.vimeocdn.com https://*.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.easyship.com *.ads-twitter.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com https://*.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsleadflows.net *.impactradius-event.com *.jsdelivr.net *.licdn.com *.twitter.com *.usemessages.com *.vimeo.com *.intelligent-company-365.com *.sentry-cdn.com cdn.plyr.io; upgrade-insecure-requests; 1
default-src *;connect-src *;font-src * data:;frame-src *;frame-ancestors *;img-src * data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *; 1
frame-ancestors 'self' partners.apnacomplex.com m-redbus-id.cdn.ampproject.org www.google.com www.google.co.id m.redbus.id m.redbus.my m.redbus.sg seocms.redbus.com; default-src 'self' firebasestorage.googleapis.com c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com stackpath.bootstrapcdn.com unpkg.com *.redbus.com *.moengage.com in.fw-cdn.com *.freshchat.com cdn.conveythis.com *.googleoptimize.com app.link cdn.branch.io beacon.riskified.com tags.tiqcdn.com cdn-akamai.mookie1.com *.firebaseio.com h.online-metrix.net *.twitter.com static.ads-twitter.com *.googletagservices.com bam.nr-data.net *.doubleclick.net evbk.gamooga.com maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net sslwidget.criteo.com static.criteo.net cdn.mouseflow.com bat.bing.com maps.googleapis.com ae.gsecondscreen.com sg-pl.vizury.com cdnjs.cloudflare.com cdn-jp.gsecondscreen.com adservice.google.co.in ssl.google-analytics.com pagead2.googlesyndication.com www.google-analytics.com cdn.sessionstack.com www.googletagmanager.com connect.facebook.net *.googleadservices.com *.rdbuz.com *.redbus.in www.gstatic.com; img-src 'self' data: blob: product-image.globaltix.com img.youtube.com *.makemytrip.com moe-email-campaigns.s3.amazonaws.com *.moengage.com *.rydepro.in q.quora.com mmt.servedbyadbutler.com servedbyadbutler.com iconslib.rapyd.net *.twitter.com gos3.ibcdn.com lh3.googleusercontent.com i.ytimg.com img.riskified.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com *.gstatic.com maps.googleapis.com *.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in evbk.gamooga.com *.redbus.in cdn-jp.gsecondscreen.com  *.google.com www.google-analytics.com  ssl.google-analytics.com *.facebook.com *.rdbuz.com cdn-jp.gsecondscreen.com api.midtrans.com www.glassdoor.co.in; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net stackpath.bootstrapcdn.com *.freshchat.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com www.w3schools.com fonts.googleapis.com fonts.googleapis.com *.rdbuz.com st.redbus.in  *.rdbuz.com; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.rdbuz.com st.redbus.in fonts.gstatic.com; frame-src 'self' partners.apnacomplex.com m.redbus.sg m.redbus.my *.moengage.com m.redbus.my *.freshchat.com payment.pagoefectivo.pe st.redbus.in *.twitter.com covid-19.riskline.com covid19-riskline.com www.youtube-nocookie.com *.firebaseapp.com *.firebaseio.com  www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com xds.gsecondscreen.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' wss://tracking.yourbus.in:1031 6eef8961e07b4043894f8a5fb60d4c10.apm.ap-southeast-1.aws.cloud.es.io:443 cxselfhelp.s3-ap-southeast-1.amazonaws.com recorder.sessionstack.com *.moengage.com *.makemytrip.com pagead2.googlesyndication.com *.google.com *.conveythis.com gsecondscreen.com *.gsecondscreen.com *.gamooga.com api2.branch.io wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com wss://*.gamooga.com www.google-analytics.com *.facebook.com 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 1
default-src 'self' https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://www.houseful.ca/; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com https://www.houseful.ca/ https://cdn.jsdelivr.net https://js.usemessages.com https://a.quora.com https://js.hscollectedforms.net https://qvdt3feo.com https://appleid.cdn-apple.com https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://storage.googleapis.com *.googleapis.com *.google.com *.google.co.in https://app.satismeter.com *.stackadapt.com *.pinimg.com https://briskpelican.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net; style-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://www.google-analytics.com https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.google.com *.stackadapt.com; font-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://fonts.gstatic.com; img-src 'self' data: blob: *.clarity.ms *.bing.com *.stackadapt.com *.doubleclick.net https://fonts.gstatic.com https://www.houseful.ca/ https://static.ojohosts.ca https://staging-img.ojohosts.ca https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://forms.hsforms.com https://www.googletagmanager.com https://staging-img.movoto.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com *.google.com *.google.co.in *.google.ca *.googleapis.com https://maps.gstatic.com *.ggpht.com *.pinterest.com *.quora.com https://track.hubspot.com https://photos.wolfnet.com; connect-src 'self' https://www.houseful.ca/ https://q.quora.com https://pagead2.googlesyndication.com https://api.hubspot.com https://google.com *.google.com *.clarity.ms *.bing.com https://forms.hscollectedforms.net https://cdn.ojo.me *.google.com *.google.co.in *.google.ca https://www.google-analytics.com https://stats.g.doubleclick.net https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.facebook.com https://app.satismeter.com *.stackadapt.com *.pinterest.com https://briskpelican.io https://api.hubapi.com https://analytics.crea.ca; object-src 'self' https://www.houseful.ca/; worker-src 'self' https://www.houseful.ca/; frame-ancestors 'self' *.houseful.ca *.datadoghq.com; frame-src 'self' *; 1
script-src 'self' 'unsafe-inline' https://static2.pipa.be https://static.pipa.be https://ssl.p.jwpcdn.com https://maps.googleapis.com https://www.openpetition.eu https://plausible.io https://translate.googleapis.com https://translate.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.google.com https://unpkg.com mdbootstrap.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://static2.pipa.be https://static.pipa.be https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' 1
connect-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://csi.gstatic.com https://px.ads.linkedin.com https://ka-f.fontawesome.com https://c.webengage.com https://p.webengage.com https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://adservice.google.com https://pagesense-collect.zoho.in https://stats.g.doubleclick.net https://csmetrics.hotjar.com https://vc.hotjar.io https://in.hotjar.com wss://wsp15.hotjar.com https://content.hotjar.io wss://wsp17.hotjar.com; default-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://snap.licdn.com http://s3.amazonaws.com https://s3.amazonaws.com https://connect.facebook.net https://www.youtube.com https://tpc.googlesyndication.com https://partner.googleadservices.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://kit.fontawesome.com http://cdn.widgets.webengage.com https://c.webengage.com https://cdn-in.pagesense.io https://pagesense.zoho.in https://static.zohocdn.com https://ssl.widgets.webengage.com https://wsdk-files.webengage.com https://z.webengage.co https://pixel.whistle.mobi; img-src 'self' data: w3.org/svg/2000 http://* https://*; style-src 'self' 'unsafe-inline' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://use.fontawesome.com; font-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com https://ka-f.fontawesome.com https://cdnjs.cloudflare.com; frame-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://secure.traqkarr.com https://z47b6601c.webengage.co https://www.google.com https://www.youtube.com https://td.doubleclick.net https://vars.hotjar.com https://mozbar.moz.com http://inlk.in; object-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: ;worker-src * data: 'unsafe-eval' 'unsafe-inline' blob: ;connect-src 'self' geolocation.onetrust.com maps.googleapis.com analytics.google.com www.gstatic.com www.google.com dc.services.visualstudio.com cdn.cookielaw.org vimeo.com img.youtube.com stats.g.doubleclick.net www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: addevent.com www.addevent.com cdn.addevent.com web-sdk-eu.aptrinsic.com www.vimeo.com vimeo.com maps.googleapis.com code.jquery.com localhost cdnjs.cloudflare.com player.vimeo.com www.gstatic.com www.google.com js.monitor.azure.com cdn.cookielaw.org ajax.googleapis.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' www.optos.com code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net p.typekit.net fonts.googleapis.com; font-src 'self' use.typekit.net *.cloudfront.net p.typekit.net fonts.gstatic.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: cdn.addevent.com maps.googleapis.com maps.gstatic.com www.optos.com www.optomap.com optomap.com cdnjs.cloudflare.com cdn.cookielaw.org www.googletagmanager.com www.google-analytics.com img.youtube.com i.vimeocdn.com; frame-src 'self' mscrm.optos.com www.youtube.com player.vimeo.com optos.virtualeventsengine.com www.google.com www.gstatic.com; 1
default-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.shopify.com/; script-src 'self' 'unsafe-inline' https://netlify-cdp-loader.netlify.app/netlify.js https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://embedsocial.com https://static.hotjar.com https://script.hotjar.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/ https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://embedsocial.com https://static.klaviyo.com https://static-tracking.klaviyo.com/; img-src 'self' data: https://images.ctfassets.net/ https://downloads.ctfassets.net/ https://www.mercedesamgf1.com/ www.googletagmanager.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://*.cdninstagram.com https://*.fbcdn.net https://*.mercedesamgf1.com https://www.facebook.com https://analytics.twitter.com https://t.co; media-src https://videos.ctfassets.net/; connect-src 'self' https://images.ctfassets.net/ https://cdn.contentful.com/spaces/ https://zbibmsjqsq-dsn.algolia.net https://zbibmsjqsq-1.algolia.net https://zbibmsjqsq-2.algolia.net https://zbibmsjqsq-3.algolia.net https://e5dqp7eju1-dsn.algolia.net https://e5dqp7eju1-1.algolia.net https://e5dqp7eju1-2.algolia.net https://e5dqp7eju1-3.algolia.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://*.mercedesamgf1.com https://*.klaviyo.com https://content.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com; frame-src 'self' https://www.youtube.com https://embedsocial.com; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors *.force.com *.salesforce.com 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 1
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com maps.googleapis.com maps.gstatic.com 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.botyto.com https://sc.lfeeder.com https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://chat.botyto.com/* https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://tr-rc.lfeeder.com https://chat.botyto.com https://tr.lfeeder.com https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://chat.botyto.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.ua 1
base-uri 'self'; default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'report-sample' 'unsafe-inline' https://*.apple.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com; object-src 'self' https://*.googlesyndication.com https://*.e-transactions.fr; frame-src https://*; child-src 'self' blob: https://*.doubleclick.net https://google.com https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.googletagmanager.com https://*.youtube.com; img-src 'self' data: blob: https://*; font-src 'self' data: https://github.com https://fonts.gstatic.com https://use.typekit.net/; connect-src 'self' about: https://hub.pharma-gdd.com https://api.stripe.com https://*.adyen.com wss://*.firebaseio.com https://*.doubleclick.net https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googletagservices.com https://*.google-analytics.com https://*.gstatic.com https://google.com https://*.google.com https://*.googlesyndication.com https://www.facebook.com https://connect.facebook.net https://spay.samsung.com https://*.e-transactions.fr https://*.amazonaws.com https://*.caast.tv https://stream.mux.com; manifest-src 'self'; form-action https://*; media-src 'self' blob:; worker-src 'self' blob:; report-uri https://www.pharma-gdd.com/cspreport; 1
default-src 'self' http://localhost:3000 https: mldev.net *.mldev.net shopmoment.com *.shopmoment.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: http://localhost:3000 *.mldev.net *.shopmoment.com *.klaviyo.com *.yotpo.com *.bounceexchange.com *.typekit.net https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net; worker-src blob: mldev.net *.mldev.net shopmoment.com *.shopmoment.com; style-src 'unsafe-inline' http://localhost:3000 *.klaviyo.com *.yotpo.com *.bounceexchange.com *.typekit.net https://tagmanager.google.com https://googletagmanager.google.com https://fonts.googleapis.com https://beacon-v2.helpscout.net mldev.net *.mldev.net shopmoment.com *.shopmoment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http://localhost:3000 static.cloudflareinsights.com *.algolia.net *.algolia.io *.yotpo.com *.facebook.net *.bing.com *.impactradius-event.com *.wknd.ai *.bounceexchange.com https://use.typekit.net https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://apis.google.com mldev.net *.mldev.net shopmoment.com *.shopmoment.com; media-src https: https://beacon-v2.helpscout.net mldev.net *.mldev.net shopmoment.com *.shopmoment.com; frame-src https: http://localhost:3000 *.youtube.com *.youtu.be *.googlevideo.com https://bid.g.doubleclick.net *.ytimg.com https://beacon-v2.helpscout.net; manifest-src https: http://localhost:3000 mldev.net *.mldev.net shopmoment.com *.shopmoment.com; connect-src https: http://localhost:3000 sentry.io *.sentry.io *.pinterest.com *.klaviyo.com *.hotjar.com wss://*.hotjar.com *.tiktok.com *.cloudfront.net *.levelaccess.net *.algolia.net *.algolianet.com *.algolia.io *.yotpo.com use.typekit.net performance.typekit.net moment.attn.tv cloudflareinsights.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com https://www.google-analytics.com https://www.google.com https://adservice.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net mldev.net *.mldev.net shopmoment.com *.shopmoment.com; frame-ancestors 'none'; object-src https://beacon-v2.helpscout.net; font-src data: https: http://localhost:3000 use.typekit.net p.typekit.net *.typekit.net *.gstatic.com *.yotpo.com https://fonts.gstatic.com https://beacon-v2.helpscout.net; base-uri mldev.net *.mldev.net shopmoment.com *.shopmoment.com 1
default-src 'self' *.my-shopify.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com recaptcha.net:* googleads.g.doubleclick.net *.googletagmanager.com c.evidon.com youtube-nocookie.com connect.facebook.net *.google-analytics.com d2oh4tlt9mrke9.cloudfront.net *.sessioncam.com *.google.com s2.go-mpulse.net js-agent.newrelic.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org d6tizftlrpuof.cloudfront.net *.usabilla.com *.gbqofs.io *.gbqofs.com d22xmn10vbouk4.cloudfront.net *.youtube.com github.com cdnjs.cloudflare.com p.teads.tv *.tintup.com objects.githubusercontent.com cdns.eu1.gigya.com cdn.hypemarks.com pxl.jivox.com *.nestle.com *.adimo.co googleoptimize.com *.gigya.com *.d6tizftlrpuof.cloudfront.net https://tintup.com; object-src *; style-src 'self' 'unsafe-inline' *.adimo.co *.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.rewe-static.de *.googletagmanager.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.cookielaw.org *.cloudfront.net; img-src 'self' 'unsafe-inline' *.adimo.co *.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.rewe-static.de https://www.googletagmanager.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com *.aws.nestle.recipes data: *.teads.tv *.evidon.com *.google.co.in *.facebook.com facebook.com:* *.cloudfront.net *.gigya.com data: blob: ad.doubleclick.net *.google.pl ade.googlesyndication.com  srh-media-gr.s3.eu-west-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.usabilla.com *.amazonaws.com adservice.google.pl *.google.com google.com:* emnadvmenuplannersta.blob.core.windows.net *.blob.core.windows.net; media-src * data:; frame-src 'self' lf.o-c.io cdns.eu1.gigya.com cookbook.winiary.pl *.doubleclick.net *.addthis.com  *.facebook.com *.adimo.co *.pantheonsite.io *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com *.cloudfront.net; frame-ancestors 'self' lf.o-c.io *.doubleclick.net cookbook.winiary.pl *.winiary.pl *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com googletagmanager.com live-72078-food-maggi-pl.pantheonsite.io; child-src 'self' lf.o-c.io *.doubleclick.net cookbook.winiary.pl *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com https://www.googletagmanager.com blob:; font-src 'self' *.googleapis.com *.gstatic.com fonts.googleapis.com https://www.googletagmanager.com https://*.cloudfront.net; connect-src 'self' 'unsafe-eval' *.sessioncam.com d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com https://optoutapi.evidon.com https://c.go-mpulse.net/ https://bam.nr-data.net https://l.evidon.com https://region1.google-analytics.com https://*.google-analytics.com  https://www.facebook.com https://stats.g.doubleclick.net  https://*.gbqofs.io *.gbqofs.com *.akstat.io *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ *.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cm.teads.tv https://endpoint-nestle.cognigy.cloud https://cdns.eu1.gigya.com https://api.tintup.com https://*.winiary.pl https://collect.analyze.ly *.teads.tv *.jivox.com https://cognito-identity.us-east-1.amazonaws.com *.amazonaws.com wss://endpoint-nestle.cognigy.cloud *.adimo.co *.live-72078-food-maggi-pl.pantheonsite.io; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline'      https://fonts.googleapis.com/      https://cdn.jsdelivr.net/     https://hr.ease.com/     *.googletagmanager.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval'     https://cdn.jsdelivr.net/      https://www.googletagmanager.com/    https://player.vimeo.com/   https://hr.ease.com/     https://munchkin.marketo.net/     https://snap.licdn.com/     https://www.google-analytics.com/     https://cdn.bizible.com/     https://widget.intercom.io/     https://js.intercomcdn.com/     https://cdnjs.cloudflare.com/     https://yoast.com/     https://*.googleapis.com      https://*.gstatic.com      *.google.com      https://*.ggpht.com      *.googleusercontent.com     https://beacon-v2.helpscout.net/     https://www.youtube.com/     https://cdn.metadata.io/     https://connect.facebook.net/;  img-src 'self'     data:     https://wpengine.com/     https://library.elementor.com     https://px.ads.linkedin.com/     https://cdn.bizible.com/     https://www.google-analytics.com/     https://p.adsymptotic.com/     https://www.google.com/ads/     https://easemarketing.wpengine.com/     https://easedevelop.wpengine.com     https://secure.gravatar.com/     https://api.wpmet.com/     https://dify.wpengine.com/     https://cdn.bizibly.com/     https://player.vimeo.com/    https://px4.ads.linkedin.com/     https://yoa.st/     https://yoast.com/     *.intercomcdn.com     *.intercomassets.com     *.facebook.com     *.w.org/     *.gstatic.com     *.googleapis.com      *.ggpht.com; font-src 'self'     data:     https://www.ease.com      https://fonts.googleapis.com/      https://fonts.gstatic.com/      https://cdn.jsdelivr.net/     *.intercomcdn.com; connect-src 'self'     data:     https://www.google-analytics.com     https://stats.g.doubleclick.net/     https://627-plv-209.mktoresp.com/     https://api-iam.intercom.io/     https://my.wpengine.com/     https://yoast.com/     https://my.yoast.com/     wss://nexus-websocket-a.intercom.io/     https://*.googleapis.com      *.google.com      https://*.gstatic.com     https://d3hb14vkzrxvla.cloudfront.net/     https://cdn.linkedin.oribi.io/     https://platformapi.metadata.io/;  frame-src 'self'     https://hr.ease.com/     https://platform.twitter.com/     https://syndication.twitter.com/     https://www.youtube-nocookie.com/    https://player.vimeo.com/  https://www.youtube.com/     https://www.facebook.com/     *.google.com; prefetch-src 'self'    https://player.vimeo.com/; 1
default-src 'self' blob: data: https://*.ams.at https://*.silktide.com https://assets.adobedtm.com https://*.wien.gv.at https://tile.openstreetmap.org https://workplace.mapexplorer.com https://*.youtube.com https://*.112.2o7.net https://*.prescreenapp.io https://*.geobonus.at https://www.youtube-nocookie.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.ytimg.com https://*.gstatic.com https://*.googlevideo.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://www.googletagmanager.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.e2ma.net/ https://public.tableau.com/ https://code.jquery.com/ https://www.ssa.gov https://*.tile.openstreetmap.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com/bootstrap/ https://*.e2ma.net/ https://code.jquery.com/ https://www.ssa.gov https://cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://frb.taleo.net/ https://*.youtube.com https://*.e2ma.net/ https://public.tableau.com https://policymap.com/ https://www.policymap.com/ https://*.jquery.com/ https://export.highcharts.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com https://public.tableau.com/ https://*.e2ma.net/ https://www.ssa.gov https://ajax.googleapis.com https://www.ssa.gov https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com https://public.tableau.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://*.e2ma.net/ https://ajax.googleapis.com https://www.ssa.gov https://cdn.jsdelivr.net https://ajax.aspnetcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none' 1
frame-ancestors 'self'; report-uri /?r=Page/content-security-policy-report/index 1
frame-ancestors *.coinstore.com;default-src 'self' *.coinstore.com https: data: gap: 'unsafe-inline' blob: data:;img-src 'self' *.aliyuncs.com *.cloudflare.com *.google.co.jp *.geevisit.com *.googletagmanager.com *.geetest.com *.coinstore.com *.amazonaws.com *.google-analytics.com data: blob:;media-src 'self' *.coinstore.com *.amazonaws.com *.zdassets.com; connect-src 'self' *.googleapis.com *.zdassets.com *.coinstore.com *.zendesk.com *.google-analytics.com *.doubleclick.net *.google.com *.agora.io *.sd-rtn.com *.easemob.com wss://ws-futures.coinstore.com wss://ws.coinstore.com wss://widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://im-api-v2.easemob.com wss://webrtc-cloud-proxy.agora.io wss://110-43-122-19.edge.agora.io:4713 wss://webrtc-cloud-proxy.sd-rtn.com wss://110-43-122-29.edge.agora.io:4706 wss://webrtc-cloud-proxy.sd-rtn.com wss://110-43-122-19.edge.agora.io:4711 wss://110-43-122-29.edge.sd-rtn.com:4710; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; 1
default-src 'none'; script-src 'unsafe-inline' 'self' parlament.web-analytics.ch 'unsafe-eval' ws.parlament.ch www.google.com www.gstatic.com map.geo.admin.ch siteimproveanalytics.com script.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com; connect-src 'self' https://par-pcache.simplex.tv ws.parlament.ch api.metagrid.ch map.geo.admin.ch parlament.web-analytics.ch script.crazyegg.com tracking.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com; img-src 'self' www.idelec.ch idweb.ch googleapis.com storage.googleapis.com data: parlament.web-analytics.ch 6050425.global.siteimproveanalytics.io; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self'; child-src 'self' blob: www.parlament.ch smartmonitor-pd.smartvote.ch par-pcache.simplex.tv matterport.com my.matterport.com; frame-src 'self' blob: smartmonitor-pd.smartvote.ch par-pcache.simplex.tv app.powerbi.com pldembedded.azurewebsites.net www.youtube.com map.geo.admin.ch www.google.com matterport.com my.matterport.com; object-src 'self'; media-src 'self'; manifest-src 'self'; 1
default-src 'self' https://*.eka.care;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.eka.care *;style-src 'self' 'unsafe-inline' https://*.eka.care *;frame-ancestors 'self' vmedicaclinics.com dr.eka.care docapp.dev.eka.care apt.dev.eka.care mdr.eka.care littmann.dev.eka.care advancedskinclinic.in imagehospitals.in phonen.dev.eka.care idr.eka.care;img-src 'self' data: *;font-src 'self' data: *;frame-src 'self' *;connect-src 'self' * 1
default-src 'self' data: https://pagead2.googlesyndication.com/pagead/buyside_topics/set/   https://stats.g.doubleclick.net/j/collect https://stats.g.doubleclick.net https://9365685.fls.doubleclick.net/ https://tpc.googlesyndication.com/sodar/ https://tagmanager.google.com https://use.fontawesome.com https://botbuilder.labiba.ai https://9461710.fls.doubleclick.net https://www.googleadservices.com/pagead/conversion/733976508/ https://bsf.labibabot.com https://tools.euroland.com/ https://eurolandirestonia.eurolandir.com https://tools.eurolandir.com/ https://tr.snapchat.com/ https://gamma.euroland.com/ https://8484013.fls.doubleclick.net http://www.youtube.com https://www.alfransi.com.sa/ http://buttons-config.sharethis.com http://platform-api.sharethis.com/ https://www.gstatic.com https://cgi.gstatic.com https://www.google.com/ http://cdnjs.cloudflare.com/ http://fonts.googleapis.com https://fonts.googleapis.com http://maps.gstatic.com/ https://maps.gstatic.com http://maps.googleapis.com/ https://maps.googleapis.com/ https://www.google.com/maps/embed  https://maps.googleapis.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.google.com/maps/embed  http://w.sharethis.com  http://edge.sharethis.com http://seg.sharethis.com http://l.sharethis.com http://google-maps-utility-library-v3.googlecode.com/ https://www.facebook.com http://staticxx.facebook.com https://fonts.googleapis.com http://maps.google.com/maps/ http://csi.gstatic.com/ http://maps.google.com/maps-api-v3/ http://maps.gstatic.com/mapfiles/api-3/ https://developers.google.com/maps/ www.googletagmanager.com https://bid.g.doubleclick.net https://px.ads.linkedin.com https://googleads.g.doubleclick.net;        script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://tr.snapchat.com/ https://analytics.tiktok.com  https://sf16-scmcdn-sg.ibytedtos.com https://sf19-scmcdn-va.ibytedtos.com https://sf9-scmcdn-va.ibytedtos.com https://analytics.tiktok.com/i18n/pixel/sdk.js https://tagmanager.google.com https://www.google.com.lb/ https://tpc.googlesyndication.com/sodar/ https://tagmanager.google.com https://www.googletagmanager.com https://sjs.bizographics.com https://fonts.googleapis.com https://code.jquery.com https://bsf.labibabot.com https://botbuilder.labiba.ai https://sc-static.net https://www.googleadservices.com https://tools.euroland.com https://tools.eurolandir.com/ https://analytics.twitter.com/ https://static.ads-twitter.com https://gamma.euroland.com/ http://cdnjs.cloudflare.com/ http://platform-api.sharethis.com/ http://buttons-config.sharethis.com https://www.gstatic.com http://l.sharethis.com https://www.google.com/ maps.google.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com csi.gstatic.com maps.google.com.sa connect.facebook.net https://w.sharethis.com http://w.sharethis.com https://modulusglobal.com https://csi.gstatic.com www.googletagmanager.com https://platform.twitter.com  https://www.googleadservices.com/pagead/ https://snap.licdn.com/li.lms-analytics/ https://bid.g.doubleclick.net https://px.ads.linkedin.com https://googleads.g.doubleclick.net;          style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com https://botbuilder.labiba.ai https://use.fontawesome.com https://fonts.googleapis.com https://fonts.googleapis.com/earlyaccess/  http://cdnjs.cloudflare.com/ https://w.sharethis.com http://w.sharethis.com https://modulusglobal.com;      connect-src 'self' https://pagead2.googlesyndication.com/pagead/buyside_topics/set/  https://cdn.linkedin.oribi.io/partner/1538212/domain/alfransi.com.sa/token https://p.teads.tv/teads-fellow.js https://tr.snapchat.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect/ https://tagmanager.google.com/ https://www.facebook.com/ https://bsf.labibabot.com http://l.sharethis.com/ maps.google.com vimeo.com www.vimeo.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.googletagmanager.com; img-src 'self' data: *; 1
default-src 'self' *.google-analytics.com *.hubspot.com *.hubapi.com *.google.com *.doubleclick.net forms.hsforms.com *.facebook.com *.youtube.com *.cookiebot.com js.hs-banner.com *.px.ads.linkedin.com *.googleapis.com *.hotjar.com ws30.hotjar.com/api/v2/client/ws ws37.hotjar.com/api/v2/client/ws vc.hotjar.io ws24.hotjar.com ws15.hotjar.com *.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.google.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com ssl.google-analytics.com maps.googleapis.com *.cookiebot.com js.hsforms.net forms.hsforms.com www.gstatic.com *.hubspot.com js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.usemessages.com js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net *.facebook.net www.googleadservices.com *.sojern.com snap.licdn.com *.hotjar.com *.cloudflare.com  *.hs-scripts.com accounts.google.com *.facebook.com *.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com accounts.google.com/gsi/* accounts.google.com/gsi/style accounts.google.com *.accounts.google.com; img-src data: 'self' *.google.com *.google.es *.google.co.uk *.google.com.br *.googletagmanager.com *.google-analytics.com maps.gstatic.com maps.googleapis.com perf.hsforms.com *.hubspot.com *.facebook.com www.visitvalencia.com *.youtube.com *.adswizz.com *.doubleclick.net *.sojern.com * *.c.clarity.ms/c.gif *.c.clarity.ms; media-src 'self'; frame-src 'self' *.matterport.com *.vimeo.com *.youtube.com *.google.com *.doubleclick.net *.cookiebot.com app.hubspot.com forms.hsforms.com *.mapadeldissenyvalencia.com *.spotify.com *.hotjar.com 5897040.hs-sites.com https://valenciamusicmap.com; frame-ancestors 'self' *.escaparate-tactil.com  http://localhost; child-src 'self' blob:; font-src 'self' themes.googleusercontent.com fonts.gstatic.com 1
upgrade-insecure-requests; report-uri https://www.gyft.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=2a65372eb7 1
default-src 'self' *.losango.com.br *.hotjar.com s3.sa-east-1.amazonaws.com *.youtube.com *.bradesco.com.br *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.atento.com.br *.g.doubleclick.net *.google.com *.tailtarget.com *.handtalk.me; img-src 'self' blob: data: *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.googleapis.com *.bing.com *.facebook.com *.gstatic.com *.zendesk.com *.handtalk.me *.zopim.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.com.br *.g.doubleclick.net/r *.tailtarget.com; style-src 'self' 'unsafe-inline' *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.gstatic.com *.typekit.net *.google.com *.googleapis.com *.tailtarget.com; font-src 'self' data: *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.typekit.net *.gstatic.com *.zopim.com *.tailtarget.com; script-src 'self' *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.gstatic.com *.hotjar.com unpkg.com *.bing.com *.googleapis.com *.handtalk.me *.facebook.com *.facebook.net *.youtube.com/iframe_api *.zendesk.com *.zopim.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.br *.googleadservices.com *.g.doubleclick.net *.tailtarget.com *.yimg.com *.yahoo.com; connect-src 'self' https://maps.googleapis.com *.directtalk.com.br dtbot.directtalk.com.br *.licdn.com *.linkedin.com  *.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.zendesk.com *.handtalk.me *.zopim.com wss://*.zopim.com *.google-analytics.com *.tailtarget.com; 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors 'self' https://*.emaratalyoum.com  https://*.ey.ae https://stories.nws.ai 1
frame-ancestors 'self' *.carsaver.com 1
frame-ancestors self https://redactie.natuurmonumenten.nl *.platform.sh *.natuurmonumenten.nl 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https:; style-src 'report-sample' 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-src 'self' https:; img-src 'self' data: https:; manifest-src 'self' https://*.heartfoundation.org.au https://heartfoundationprodmedia.blob.core.windows.net https://heartfoundationstgmedia.blob.core.windows.net https://heartfoundationuatmedia.blob.core.windows.net; media-src 'self'; worker-src 'none'; 1
frame-ancestors www.journoportfolio.com 1
default-src * data: blob: https://dev-new.medicareresources.org https://www.medicareresources.org *.crazyegg.com; script-src blob: data: https: *.crazyegg.com 'unsafe-inline' 'unsafe-eval'; style-src https: *.crazyegg.com 'unsafe-inline'; frame-ancestors 'self' https://dev-new.medicareresources.org https://www.medicareresources.org; 1
script-src 'strict-dynamic' 'nonce-/e0q5lGqf4cIwXDxT0KKlA==' 'unsafe-eval' *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.twitter.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://www.google.com https://www.gstatic.com https://beacon-v2.helpscout.net https://zencastr.com https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.ne https://js.zi-scripts.com https://js.hs-analytics.net https://socialannexinc.widget.insent.ai https://googleads.g.doubleclick.net https://tags.clickagy.com https://static.hsappstatic.net https://www.annexcloud.com https://annexcloud.com data: https://unpkg.com https://js.hubspot.com https://j.6sc.co/6si.min.js https://j.6sc.co/ https://b.6sc.co https://cdn.optimizely.com https://cdn.annexcloud.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.annexcloud.com https://unpkg.com https://cdn.optimizely.com https://cdn.annexcloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://dev.visualwebsiteoptimizer.com https://track.hubspot.com https://r2.visualwebsiteoptimizer.com https://aorta.clickagy.com https://sync.crwdcntrl.net https://dpm.demdex.net https://pixel-sync.sitescout.com https://cm.g.doubleclick.net https://aa.agkn.com https://idsync.rlcdn.com https://d.agkn.com https://www.annexcloud.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://validator.swagger.io https://us-u.openx.net https://perf-na1.hsforms.com https://j.6sc.co/ https://b.6sc.co/ https://cdn.optimizely.com https://cdn.annexcloud.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com https://forms.hscollectedforms.net https://r2.visualwebsiteoptimizer.com https://js.hs-banner.com https://js.zi-scripts.com https://api.hubapi.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://socialannexinc.api https://pagead2.googlesyndication.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://cdn.annexcloud.com https://cta-service-cms2.hubspot.com https://ipv6.6sc.co/ https://c.6sc.co/ https://epsilon.6sense.com/ www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://www.annexcloud.com https://cdn.optimizely.com https://cdn.annexcloud.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://cdn.optimizely.com https://cdn.annexcloud.com; frame-src 'self' https://www.google.com https://www.youtube.com https://zencastr.com data: blob: https://socialannexinc.widget.insent.ai https://meetings.hubspot.com https://forms.hsforms.com https://annexcloudplatform-us.site24x7signals.com https://annexcloudplatform-us.site24x7statusiq.com https://*.site24x7signals.com https://annexcloudplatform-apregion-1600872281861.site24x7statusiq.com https://annexcloudplatform-euregion-1600872281864.site24x7statusiq.com https://cdn.annexcloud.com https://td.doubleclick.net www.googletagmanager.com; manifest-src 'self' https://www.annexcloud.com; child-src 'self' www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://mycloudwallet.com https://*.mycloudwallet.com https://*.opskins.com https://opskins.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://*.redintelligence.net blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.es https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.es https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.es https://m.myprotein.es https://checkout.myprotein.es https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://*.redintelligence.net https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.outlooktraveller.com;block-all-mixed-content; 1
frame-ancestors 'self' http://www.1001hry.cz 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com *.adnxs.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.akamaihd.net *.amazon-adsystem.com *.bing.com *.bluekai.com *.c212.net *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.crwdcntrl.net *.cvent-assets.com *.cvent.com *.d1emzqdvia1vut.cloudfront.net *.demandbase.com *.demdex.net *.doubleclick.net *.drivetheweb.com *.errors.adobeaemcloud.com *.everesttech.net *.exelator.com *.google-analytics.com *.google.com *.google.ie *.googleadservices.com *.googletagmanager.com *.gstatic.com *.highcharts.com *.hotjar.com *.ibm.com *.ispot.tv *.jquery.com *.jsdelivr.net *.linkedin.com *.marketo.net *.mathtag.com *.medallia.eu *.mediaroom.com *.mktoweb.com *.moatads.com *.newrelic.com *.nr-data.net *.omtrdc.net *.pippio.com *.prnewswire.com *.adobeaemcloud.com *.redditstatic.com *.rlcdn.com *.s81c.com *.simplecast.com *.simplecastcdn.com *.sitescout.com *.survata.com *.taboola.com *.talentbrew.com *.talentbrew.io *.teads.tv *.tealiumiq.com *.tidaltv.com *.tiqcdn.com *.tiqcdn.com *.trustarc.com *.truste-svc.net *.truste.com *.trustradius.com *.turn.com *.twitter.com *.typekit.net *.w55c.net *.wallst.com *.yahoo.co.jp *.yahoo.com *.youtube.com *.company-target.com *.licdn.com *.pdst.fm *.kyndryl.com *.scene7.com *.cloudfront.net *.unpkg.com unpkg.com *.seg.js *.adobe.com *.googleapis.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com; object-src 'none'; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adremover.org  https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://d24n15hnbwhuhn.cloudfront.net https://*.google-analytics.com https://ajax.googleapis.com https://rum-static.pingdom.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.recurly.com https://*.amazon.com https://*.payments-amazon.com https://cdn.trackjs.com https://nsg.symantec.com https://www.youtube.com https://extreme-ip-lookup.com https://*.intercom.io https://*.intercomcdn.com https://*.fomo.com https://geocode.usefomo.com https://*.braintreegateway.com https://www.paypalobjects.com https://c.paypal.com https://bat.bing.com https://*.corel.com https://code.jquery.com https://cdn.cookielaw.org https://*.onetrust.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://tagmanager.google.com https://*.hotjar.com https://www.clarity.ms/ https://unpkg.com https://js.stripe.com/v3/; child-src 'self' https://*.adremover.org  https://*.google.com https://6837053.fls.doubleclick.net https://*.recurly.com https://api-cdn.amazon.com https://*.g.doubleclick.net https://*.amazon.com https://*.payments-amazon.com https://nsg.symantec.com https://*.paypal.com https://www.youtube.com https://*.braintreegateway.com https://*.kaptcha.com https://*.hotjar.com https://js.stripe.com/; img-src 'self' data: https://*.adremover.org  https://www.google.com https://www.google-analytics.com https://www.google.com.ua https://www.google.de https://*.pingdom.net https://usage.trackjs.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://d2ldlvi1yef00y.cloudfront.net https://*.ssl-images-amazon.com https://maps.googleapis.com https://nsg.symantec.com https://*.intercomassets.com https://*.intercomcdn.com https://s3-us-west-1.amazonaws.com https://s3.amazonaws.com https://assets.adremover.org https://*.braintreegateway.com https://*.paypal.com https://bat.bing.com https://cdn.cookielaw.org https://optimize.google.com https://c.clarity.ms https://*.filestackapi.com https://guarantee-cdn.com https://*.corel.com; connect-src 'self' https://*.adremover.org https://www.google.com https://api.recurly.com https://api.amplitude.com https://*.pingdom.net https://capture.trackjs.com https://payments.amazon.com https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.amazon.com https://*.googlevideo.com https://*.amazonpay.com https://*.intercom.io wss://*.intercom.io https://*.fomo.com https://*.googleapis.com https://*.braintreegateway.com https://*.braintree-api.com https://bat.bing.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://*.corel.com https://*.hotjar.com wss://*.hotjar.com https://cookies-data.onetrust.io https://*.hotjar.io https://*.onetrust.com https://*.clarity.ms https://adservice.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *; upgrade-insecure-requests; report-uri https://csp.adremover.org/v1/log/wwwadremover_block_v66; 1
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https: blob:; media-src 'self' video.tesa.com *.youtube.com *.zohocdn.com static.zdassets.com; connect-src 'self' https: blob: wss://*.hotjar.com wss://*.zohopublic.eu wss://*.zopim.com; frame-ancestors 'none' 1
default-src 'self' https://*.cognitoforms.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.healthy.org.nz https://*.hotjar.com https://*.livestream.com https://*.monsido.com https://*.sharethis.com https://*.twitter.com https://maps.google.co.nz https://ministryofhealthnewzealand.createsend.com https://twitter.com https://www.youtube.com; connect-src 'self' https://*.cognitoforms.com/ https://*.hotjar.com https://*.hotjar.io https://*.monsido.com https://createsend.com https://edge.api.brightcove.com https://players.brightcove.net https://www.google-analytics.com wss://*.hotjar.com; frame-src 'self' https://*.arcgis.com https://*.facebook.com https://*.google.com https://*.healthy.org.nz https://*.hotjar.com https://*.livestream.com https://app.sli.do/ https://livestream.com https://locations-uat.covid19.health.nz https://locations.covid19.health.nz https://locations.dev.tracing.tmp19.net https://ministryofhealthnewzealand.createsend.com https://my.matterport.com https://platform.twitter.com https://player.vimeo.com https://players.brightcove.net https://staticcdn.co.nz/ https://syndication.twitter.com https://twitter.com https://viewscreen.githubusercontent.com https://www.healthpoint.co.nz https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.akamaihd.net https://*.boltdns.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.healthy.org.nz https://*.hotjar.com https://*.livestream.com https://*.monsido.com https://*.sharethis.com https://*.twimg.com https://livestream.com https://ministryofhealthnewzealand.createsend.com https://platform.twitter.com https://players.brightcove.net https://staticcdn.co.nz/ https://syndication.twitter.com data:; media-src 'self' https://*.akafms.net https://*.akamaihd.net https://*.boltdns.net https://*.brightcovecdn.com https://*.cf.brightcove.com https://*.healthy.org.nz https://*.livestream.com https://*.llnw.net https://*.llnwd.net https://*.media.brightcove.com https://livestream.com https://player.vimeo.com; script-src 'self' https://*.cognitoforms.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.healthy.org.nz https://*.hotjar.com https://*.livestream.com https://*.monsido.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://embed.github.com https://embed.githubusercontent.com https://js.createsend1.com https://uu.createsend.com/ https://livestream.com https://ministryofhealthnewzealand.createsend.com https://players.brightcove.net https://staticcdn.co.nz https://viewscreen.githubusercontent.com https://vjs.zencdn.net https://www.healthpoint.co.nz 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.cognitoforms.com https://*.healthy.org.nz https://*.sharethis.com https://*.twitter.com https://players.brightcove.net https://ton.twimg.com 'unsafe-inline' 1
default-src 'self' *.vimeocdn.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.facebook.com *.twitter.com *.cookielaw.org;style-src 'self' 'unsafe-inline' *.vimeocdn.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cookielaw.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.cookielaw.org;img-src 'self' *.vimeocdn.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org data: *.cloudinary.com *.cookielaw.org;object-src 'self' *.go365.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self' https://api.uk.exponea.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://unpkg.com connect.getflowbox.com https://cdn.flbx.io cdn.flbx.io https://gateway.getflowbox.com https://a.getflowbox.com https://cdn.flbx.io *.cookielaw.org *.taggbox.com *.twitter.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net https://snap.licdn.com https://connect.facebook.net https://cloud.tagbox.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://widget.taggbox.com; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.facebook.com data: https://cdn.jsdelivr.net https://*.cloudfront.net https://cdn.flbx.io https://gateway.getflowbox.com https://a.getflowbox.com https://cdn.flbx.io *.cookielaw.org https://optanon.blob.core.windows.net/ *.taggbox.com *.fbcdn.net *.yastatic.net *.hsforms.com *.hubspot.com ; media-src 'self' https://cdn.flbx.io *.taggbox.com; frame-src 'self' https://*.hotjar.com https://www.google.com https://www.youtube.com bighome.bintg.com https://gateway.getflowbox.com https://a.getflowbox.com https://cdn.flbx.io https://www.bighome.bintg.com *.taggbox.com *.twitter.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://pro.fontawesome.com https://*.cloudflare.com https://a.getflowbox.com https://cdn.flbx.io *.taggbox.com https://cloud.tagbox.com; connect-src 'self' cicptqmkej.execute-api.eu-west-1.amazonaws.com gateway.getflowbox.com a.getflowbox.com cdn.flbx.io *.cookielaw.org *.onetrust.io *.google-analytics.com *.googleapis.com *.taggbox.com *.onetrust.com *.hscollectedforms.net *.hubapi.com https://stats.g.doubleclick.net https://px.ads.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.aila.org https://agora.aila.org https://digitalgoods.aila.org https://cam.aila.org https://ailalink.aila.org/ https://www.aila.org https://aila.zendesk.com/hc/en-us https://elearning.aila.org/online-courses https://www.aila.org/conferences/in-person/annual https://thinkimmigration.org/ https://ailalawyer.com/ https://messages.aila.org/ 1
default-src 'self'; base-uri 'none'; img-src 'self' data:; child-src 'none'; form-action 'self' https://www.duckduckgo.com https://duckduckgo.com; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
frame-ancestors https://*.fusionfabric.cloud http://localhost:3002 https://builder.io;block-all-mixed-content;upgrade-insecure-requests;default-src https:;object-src 'none';connect-src *;worker-src 'self' https: blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.cookiebot.com https://polyfill.io https://use.typekit.net https://*.marketo.com https://www.googleadservices.com https://tribl.io https://snap.licdn.com https://*.googlesyndication.com https://*.livechatinc.com https://munchkin.marketo.net https://cdn.builder.io https://players.brightcove.net https://*.zencdn.net https://static.addtoany.com https://js.driftt.com https://widget.drift.com;frame-src 'self' https://*.googletagmanager.com https://*.cookiebot.com https://cdn.iframe.ly https://players.brightcove.net https://*.youtube.com https://*.vimeo.com https://*.marketo.com https://secure.livechatinc.com https://static.addtoany.com https://js.driftt.com https://widget.drift.com;child-src 'self' https://*.googletagmanager.com https://*.cookiebot.com blob:;font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.livechatinc.com;media-src 'self' https://players.brightcove.net https://*.youtube.com https://*.vimeo.com https://cdn.livechatinc.com blob:;style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.marketo.com;img-src 'self' data: blob: *;manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bs.serving-sys.ru https://cdn.adhigh.net https://ds.serving-sys.ru https://x01.aidata.io https://tube.buzzoola.com https://cdn.afp.ai https://cdn.videonow.ru https://content.adriver.ru https://cache.betweendigital.com https://ssl.google-analytics.com https://adservice.google.lv https://cdn.ampproject.org https://partner.googleadservices.com https://www.googletagmanager.com *.adledge.com https://adservice.google.ru https://www.googletagservices.com *.mathtag.com uk-ads.openx.net pixel.adsafeprotected.com *.googleapis.com *.google.com connect.ok.ru *.gstatic.com *.googlesyndication.com vk.com *.mail.ru *.yandex.net *.yandex.ru yandex.st yastatic.net banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com https://www.google-analytics.com top-fwz1.mail.ru; object-src 'self' *.googlesyndication.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://tube.buzzoola.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.google.com fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: https://tube.buzzoola.com an.yandex.ru yastatic.net yastat.net fonts.gstatic.com; img-src 'self' data:  https://vma.mts.ru https://code.giraff.io https://www.googletagmanager.com https://sync.dsp.solta.io https://eye.vihub.ru https://x01.aidata.io https://pixel.konnektu.ru https://*.rtb.mts.ru https://impression.appsflyer.com https://trk.mail.ru https://tube.buzzoola.com https://bs.serving-sys.ru https://clk.streamgo.ru https://nr.bidderstack.com https://*.adhigh.net https://dsa-ee.hybrid.ai https://vast-bidder-eu-05.b.otm-r.com https://wcm-ru.frontend.weborama.fr https://*.sape.ru https://x.bidswitch.net https://adx.com.ru https://ups.analytics.yahoo.com https://code.directadvert.ru https://sync.dmp.otm-r.com https://lbs-ru1.ads.betweendigital.com https://tag.rutarget.ru https://ads.betweendigital.com https://cdn.rutarget.ru https://creative.rutarget.ru https://ssl.google-analytics.com *.yandex.net *.yandex.ru *.adfox.ru yastat.net https://an.yandex.ru *.acxiom-online.com *.specificclick.net track.e-contenta.com uk-ads.openx.net *.exe.bid recreativ.ru *.uuidksinc.net www.tns-counter.ru dumedia.ad.admitad.com ad.dumedia.ru rtb.rtcdn.ru imrk.net sync.madnet.ru *.adriver.ru track.recreativ.ru *.cubo.ru *.googleapis.com *.google.com counter.yadro.ru *.googlesyndication.com *.doubleclick.net vk.com yastatic.net www.google-analytics.com https://www.google-analytics.com; frame-src 'self' https://ds.serving-sys.ru https://js.ad-score.com https://tube.buzzoola.com https://tpc.googlesyndication.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *.adriver.ru *.openx.net imrk.net *.google.com connect.mail.ru *.doubleclick.net vk.com *.vk.com connect.ok.ru; media-src 'self' https://ds.serving-sys.ru https://api-ui.gonet-ads.com https://cdn.afp.ai https://r.cdn.adspend.space https://content.hybrid.ai https://storage.vihub.ru https://*.adriver.ru https://buzzoola.kinescopecdn.net https://cdn.streamgo.ru https://cdn.adhigh.net https://cdn.otm-r.com https://cdn.rutarget.ru *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net https://umedia.exe.bid data:; connect-src 'self' https://ads.betweendigital.com https://x01.aidata.io https://cdn.afp.ai https://render.adspend.space https://exchange.buzzoola.com https://xmt.mts.ru https://video.new-programmatic.com https://vast.vihub.ru https://clk.streamgo.ru https://*.ad-score.com https://bs.serving-sys.ru https://wcm-ru.frontend.weborama.fr https://*.adhigh.net https://ad.adriver.ru https://*.sape.ru https://lbs-ru1.ads.betweendigital.com https://creative.rutarget.ru https://csp.yandex.net https://an.yandex.ru *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru *.adfox.ru yastat.net yandex.ru https://www.google-analytics.com https://pagead2.googlesyndication.com *.gstatic.com 1
frame-ancestors *.youtube.com *.icicipruamc.com *.google.com *.googletagmanager.com *.camsonline.com *.allincall.in *.phonon.in *.niftyindices.com *.iliprusearch.search.windows.net *.onelink.to; default-src self *.youtube.com *.icicipruamc.com *.google.com *.googletagmanager.com *.camsonline.com *.allincall.in *.phonon.in *.niftyindices.com *.iliprusearch.search.windows.net *.onelink.to; script-src self *.youtube.com *.icicipruamc.com *.google.com *.googletagmanager.com *.camsonline.com *.allincall.in *.phonon.in *.niftyindices.com *.iliprusearch.search.windows.net *.onelink.to; 1
frame-ancestors *.jllt.com journeys.jll.com; 1
default-src 'self' https://api.papermart.com/;script-src 'self' https://tags.tiqcdn.com https://deploytealium.com https://bat.bing.com https://connect.facebook.net https://*.google.com https://www.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://suggest.dxpapi.com https://*.pinterest.com https://vimeo.com https://www.webtraxs.com https://*.brsrvr.com https://scontent.cdninstagram.com https://www.google-analytics.com https://*.papermart.com https://*.azurewebsites.net https://www.googletagmanager.com https://*.tealiumiq.com https://*.go-mpulse.net https://*.cj.com https://*.gladly.com https://*.cloudfront.net https://*.smooch.io https://js.verygoodvault.com https://*.cloudflare.com https://*.trustpilot.com https://tag.wknd.ai https://*.bounceexchange.com https://*.bouncex.net https://*.mczbf.com https://*.socialannex.com https://code.jquery.com https://*.bootstrapcdn.com https://*.lightboxcdn.com https://*.afterpay.com https://*.clarity.ms https://*.paypal.com https://www.paypalobjects.com https://www.sjwoe.com https://ws.zoominfo.com https://*.clickagy.com https://*.useinsider.com https://*.smarterhq.io https://*.ethyca.com https://*.cordial.io https://*.attn.tv https://polyfill.io https://*.tiktok.com https://*.venture-365-inspired.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://*.googleapis.com https://*.lightboxcdn.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.cj.com https://*.gladly.com https://*.bounceexchange.com https://*.bouncex.net https://*.socialannex.com https://*.afterpay.com https://*.paypal.com https://*.cloudfront.net https://*.useinsider.com 'unsafe-inline';connect-src 'self' wss://api.papermart.com/ https://api.papermart.com/ https://events.attentivemobile.com https://*.akstat.io https://*.akamaihd.net https://*.smooch.io wss://*.smooch.io https://*.sinter-collect.com https://*.verygoodproxy.com https://api.amplitude.com https://vgs-collect-keeper.apps.verygood.systems https://*.cdnbasket.net https://*.googlesyndication.com https://idx.liadm.com wss://visitors.live wss://*.visitors.live https://*.gladly.chat wss://*.gladly.chat https://*.gladly.com https://tags.tiqcdn.com https://deploytealium.com https://bat.bing.com https://connect.facebook.net https://*.google.com https://www.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://suggest.dxpapi.com https://*.pinterest.com https://vimeo.com https://www.webtraxs.com https://*.brsrvr.com https://scontent.cdninstagram.com https://www.google-analytics.com https://*.papermart.com https://*.azurewebsites.net https://www.googletagmanager.com https://*.tealiumiq.com https://*.go-mpulse.net https://*.cj.com https://*.cloudfront.net https://js.verygoodvault.com https://*.cloudflare.com https://*.trustpilot.com https://tag.wknd.ai https://*.bounceexchange.com https://*.bouncex.net https://*.mczbf.com https://*.socialannex.com https://code.jquery.com https://*.bootstrapcdn.com https://*.lightboxcdn.com https://*.afterpay.com https://*.clarity.ms https://*.paypal.com https://www.paypalobjects.com https://www.sjwoe.com https://ws.zoominfo.com https://*.clickagy.com https://*.useinsider.com https://*.smarterhq.io https://*.ethyca.com https://*.cordial.io https://*.attn.tv https://polyfill.io https://*.tiktok.com https://*.venture-365-inspired.com https://cdn.jsdelivr.net https://player.vimeo.com https://*.facebook.com http://*.bing.com https://seal.digicert.com https://i.vimeocdn.com https://*.youtube.com https://instagram.com https://cdninstagram.com https://pippio.com https://*.cdnwidget.com https://www.emjcd.com https://secure.merchantadvantage.com https://cj.dotomi.com https://pixel-sync.sitescout.com/connectors/clickagy https://*.rlcdn.com https://stags.bluekai.com https://sync.crwdcntrl.net https://dpm.demdex.net https://us-u.openx.net https://*.socialannex.net https://themes.googleusercontent.com;font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://themes.googleusercontent.com https://*.lightboxcdn.com https://*.cj.com https://*.gladly.com https://*.bounceexchange.com https://*.bouncex.net https://*.socialannex.com https://*.afterpay.com https://*.paypal.com https://*.useinsider.com;img-src 'self' data: https://www.papermart.com/ https://player.vimeo.com https://*.facebook.com http://*.bing.com https://*.google.com https://seal.digicert.com https://i.vimeocdn.com https://*.youtube.com https://*.pinterest.com https://www.webtraxs.com https://*.brsrvr.com https://scontent.cdninstagram.com https://instagram.com https://cdninstagram.com https://*.gladly.com https://*.socialannex.com https://*.afterpay.com https://*.paypal.com https://www.google-analytics.com https://*.clarity.ms https://*.lightboxcdn.com https://*.bounceexchange.com https://*.bouncex.net https://pippio.com https://*.cdnwidget.com https://*.mczbf.com https://www.sjwoe.com https://www.emjcd.com https://secure.merchantadvantage.com https://*.doubleclick.net https://cj.dotomi.com https://ws.zoominfo.com https://*.clickagy.com https://pixel-sync.sitescout.com/connectors/clickagy https://*.rlcdn.com https://stags.bluekai.com https://sync.crwdcntrl.net https://dpm.demdex.net https://us-u.openx.net https://*.useinsider.com https://www.paypalobjects.com https://*.smarterhq.io https://www.googletagmanager.com https://*.venture-365-inspired.com;media-src 'self' data: https://www.papermart.com/ https://*.gladly.com https://*.socialannex.com https://*.cloudfront.net;object-src 'self';frame-ancestors 'self';frame-src 'self' https://api.papermart.com/ https://*.youtube.com https://*.google.com https://player.vimeo.com https://i.vimeocdn.com https://*.facebook.com https://*.pinterest.com https://*.doubleclick.net https://*.papermart.com https://*.tealiumiq.com https://*.trustpilot.com https://*.cj.com https://js.verygoodvault.com https://*.bounceexchange.com https://*.bouncex.net https://*.socialannex.com https://*.socialannex.net https://*.afterpay.com https://*.paypal.com https://www.paypalobjects.com https://*.clickagy.com https://*.useinsider.com https://*.cordial.io https://*.attn.tv;worker-src 'self' blob: 1
default-src https: wss: 'self' 'unsafe-inline' 'unsafe-eval' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pendo.io/ https://data.pendo.io/ https://use.typekit.net/ ; style-src 'self' 'unsafe-inline' https://cdn.walkme.com/ https://use.typekit.net/ https://fonts.googleapis.com/ ; img-src 'self' 'unsafe-inline' data: http://stats.g.doubleclick.net/ https://s3.walkmeusercontent.com/ https://bat.bing.com/ https://ec.walkme.com/ https://data.pendo.io/ https://p.typekit.net/ ; connect-src 'self' https://bat.bing.com/ https://cdn.walkme.com/ https://papi.walkme.com/ https://ec.walkme.com/ api.raygun.io api.raygun.com https://ekr.zdassets.com/compose/226e1a7a-6ad1-4431-9e8e-c81fa42d9367 https://id.zopim.com/authenticated/web/jwt https://shiftadmin.zendesk.com/ wss://widget-mediator.zopim.com/ https://data.pendo.io/data/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/; font-src 'self' 'unsafe-inline' https://use.typekit.net/ https://fonts.gstatic.com/ data:; script-src-elem 'self' 'unsafe-inline' https://34587.tctm.co/ http://34587.tctm.co/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://bat.bing.com/ http://bat.bing.com/ https://cdn.walkme.com/ https://static.zdassets.com/ekr/ https://cdn.pendo.io/ https://data.pendo.io/ https://ekr.zdassets.com/ https://static.zdassets.com/web_widget/classic/latest/ https://use.typekit.net/ https://pendo-static-5187130428358656.storage.googleapis.com/ https://js.hsforms.net/ ; media-src 'self' https://static.zdassets.com/ ; object-src 'none' ; 1
frame-ancestors https://www.ourfamilywizard.com https://www.ourfamilywizard.co.uk https://www.ourfamilywizard.ca https://www.ourfamilywizard.co.nz https://www.ourfamilywizard.com.au https://es.ourfamilywizard.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: profitablecreativeformat.com *.profitablecreativeformat.com googleadservices.com *.googleadservices.com zencdn.net *.zencdn.net w.org *.w.org ria.ru *.ria.ru profile.ru *.profile.ru mail.ru *.mail.ru tns-counter.ru *.tns-counter.ru relap.info *.relap.info imgsmail.ru *.imgsmail.ru  gravatar.com *.gravatar.com google-analytics.com *.google-analytics.com yadro.ru *.yadro.ru google.com *.google.com webvisor.org *.webvisor.org google.ru *.google.ru yandex.net *.yandex.net smi2.ru *.smi2.ru smi2.net *.smi2.net yandex.ru *.yandex.ru googletagmanager.com *.googletagmanager.com 'unsafe-eval' jsdelivr.net *.jsdelivr.net panda.video *.panda.video googleapis.com *.googleapis.com bootstrapcdn.com *.bootstrapcdn.com doubleclick.net *.doubleclick.net yastatic.net *.yastatic.net youtube.com *.youtube.com gstatic.com *.gstatic.com stat.media *.stat.media vk.com *.vk.com rutube.ru *.rutube.ru googlesyndication.com *.googlesyndication.com yandex.com *.yandex.com ampproject.net *.ampproject.net ampproject.org *.ampproject.org ampproject.net *.t.net relap.info *.relap.info smi2cdn.ru *.smi2cdn.ru adfox.ru *.adfox.ru profitablecreativeformat.com *.profitablecreativeformat.com eatengossipyautomobile.com *.eatengossipyautomobile.com professionalswebcheck.com *.professionalswebcheck.com machineryincuroutput.com *.machineryincuroutput.com savagelylizard.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://ct.pinterest.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://*.snapchat.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.co.jp https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://tr.snapchat.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.jp https://*.abtasty.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.jp https://m.myprotein.jp https://checkout.myprotein.jp https://connect.facebook.net https://ct.pinterest.com https://tr.snapchat.com https://tr6.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://www.google.co.jp https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sc-static.net https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.co.il 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.nl https://www.myheritage.nl  'nonce-2511a702e8819e73600b1c160e6a904f' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.nl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self' *.instructure.com https://app.storyblok.com; 1
default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at  *.cookie-script.com ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com kalkulator.raty.aliorbank.pl; connect-src 'self' *.googleapis.com googleapis.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://cdn-prod.securiti.ai https://tagmanager.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com data: *.google.com *.googleusercontent.com https://cdn-prod.securiti.ai https://www.facebook.com/ https://bat.bing.com https://tr.snapchat.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com *.ctfassets.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com *.google.com https://*.ggpht.com *.googleusercontent.com https://safetechpageencryptionvar.chasepaymentech.com https://safetechpageencryption.chasepaymentech.com https://cdn-prod.securiti.ai https://sc-static.net https://connect.facebook.net https://analytics.tiktok.com https://tr-shadow.snapchat.com http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://tr.snapchat.com https://cdn.riskid.security https://knowledgetags.yextpages.net; frame-src *.google.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://bid.g.doubleclick.net; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com *.google.com https://*.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai https://rum.browser-intake-datadoghq.com data: blob: https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://collect.riskid.security https://*.launchdarkly.com; font-src https://fonts.gstatic.com 'self' data:; form-action 'self'; frame-ancestors true 1
frame-ancestors https://www.usafencing.org https://together.escrime-fle.lu 1
default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.veteransadvantage.com *.wesalute.com *.wesaluteapis.com ajax.cloudflare.com static.cloudflareinsights.com performance.radar.cloudflare.com cdn.kustomerapp.com browser.sentry-cdn.com connect.facebook.net cdn.segment.com cdn.amplitude.com edge.fullstory.com rs.fullstory.com cmp.osano.com www.google.com www.gstatic.com apis.google.com *.googleapis.com *.google-analytics.com www.googletagmanager.com bat.bing.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com snap.licdn.com js.stripe.com cdn.sprig.com cdn.userleap.com embed.bookingvault.com secure.rezserver.com public.profitwell.com js-agent.newrelic.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net cdnjs.cloudflare.com app.posthog.com; connect-src 'self' *.veteransadvantage.com *.wesalute.com *.wesaluteapis.com *.algolia.net *.algolianet.com cloudflareinsights.com adservice.google.com www.google.com ad.doubleclick.net stats.g.doubleclick.net bat.bing.com *.kustomerapp.com *.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments cdn.jsdelivr.net sentry.io o287038.ingest.sentry.io api.segment.io cdn.segment.com api.amplitude.com edge.fullstory.com rs.fullstory.com *.api.osano.com *.google-analytics.com analytics.google.com *.analytics.google.com *.googleapis.com us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/tr/ api.sprig.com api.bookingvault.com www2.profitwell.com cdn.linkedin.oribi.io px.ads.linkedin.com *.newrelic.com *.nr-data.net app.posthog.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com www.googletagmanager.com embed.bookingvault.com; font-src 'self' data: fonts.wesalute.com cdn.honey.io cdn.ivaws.com cdn.kustomerapp.com fonts.gstatic.com themes.googleusercontent.com embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' *.veteransadvantage.com *.wesalute.com *.wesaluteapis.com *.kustomer.help player.vimeo.com www.youtube.com https://www.c-span.org/video/standalone/ tpc.googlesyndication.com bid.g.doubleclick.net td.doubleclick.net 10165061.fls.doubleclick.net www.facebook.com js.stripe.com cmp.osano.com veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' *.veteransadvantage.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: oppostore: webcompt: *; frame-ancestors 'self' *.oppo.com *.opposhop.cn *.wanyol.com; report-uri https://ti.oppo.com/csp/DataReport; report-to https://ti.oppo.com/csp/DataReport; 1
default-src 'self' https://as-wsbcprodcd-01.azurewebsites.net https://as-wsbcprodcd-02.azurewebsites.net *.addthis.com; frame-src 'self' https://documentservices.adobe.com https://web.powerva.microsoft.com https://ct.pinterest.com *.fls.doubleclick.net *.svc.dynamics.com *.addthis.com *.addthisedge.com *.youtube.com https://i.ytimg.com *.google.com *.facebook.com https://app.powerbi.com https://worksafebcmedia.com; frame-ancestors 'self' *.youtube.com; img-src 'self' data: https://services.worksafebc.com https://ct.pinterest.com https://p.adsymptotic.com https://px.ads.linkedin.com *.google-analytics.com *.analytics.google.com https://gtrk.s3.amazonaws.com *.caspio.com https://stats.g.doubleclick.net *.gstatic.com www.google.com www.google.ca www.facebook.com https://s.analytics.yahoo.com https://img.youtube.com https://i.ytimg.com https://www.googletagmanager.com; child-src 'self' data: *.youtube.com *.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.youtube.com/s/ https://s.ytimg.com https://s.yimg.com https://www.youtube.com/iframe_api *.caspio.com https://tags.srv.stackadapt.com https://s.pinimg.com https://mktdplp102cdn.azureedge.net https://documentservices.adobe.com https://snap.licdn.com https://cdn.botframework.com *.reddit.com *.linkedin.com *.facebook.com connect.facebook.net *.addthis.com *.addthisedge.com https://tagmanager.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.google.com *.google.ca https://dnn506yrbagrg.cloudfront.net https://s3.amazonaws.com z.moatads.com; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://tagmanager.google.com *.googleapis.com *.caspio.com; form-action 'self' *.caspio.com https://www.facebook.com; connect-src 'self' https://as-wsbcdevajax-01.azurewebsites.net https://s.yimg.com https://as-wsbctestajax-01.azurewebsites.net  https://gateway.worksafebc.com *.facebook.com https://cdn.linkedin.oribi.io *.caspio.com https://services.worksafebc.com https://tags.srv.stackadapt.com https://ct.pinterest.com https://www.google.ca/ads/ga-audiences *.addthis.com *.google-analytics.com *.analytics.google.com *.svc.dynamics.com https://viewlicense.adobe.io https://stats.g.doubleclick.net https://analytics.google.com wss://directline.botframework.com https://directline.botframework.com https://powerva.microsoft.com; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://cdn.jsdelivr.net/npm/chart.js@3.5.0/dist/chart.min.js https://client.crisp.chat https://settings.crisp.chat; style-src 'self' 'unsafe-inline' https://onesignal.com https://client.crisp.chat; img-src 'self' blob: https://plisio.net data: https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://img.onesignal.com https://www.googletagmanager.com https://hn.inspectlet.com https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat; default-src 'self'; base-uri 'self'; connect-src 'self' wss://plisio.net https://www.google.com/recaptcha/api.js https://onesignal.com https://hn.inspectlet.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat; form-action 'self' https://calendly.com/plisio/plisio-call; frame-ancestors 'none'; frame-src 'self' https://www.google.com/ https://onesignal.com https://www.youtube.com https://game.crisp.chat; manifest-src 'self'; media-src 'self' https://client.crisp.chat; object-src 'self'; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 1
child-src *, child-src *; 1
frame-ancestors 'self' *.trihealth.com; 1
default-src 'self' https://downloads.ctfassets.net/ *.gstatic.com *.proteccion.com assets.ctfassets.net d10o2ofpymhfmh.cloudfront.net *.wufoo.com contenidos-proteccion.s3.amazonaws.com *.proteccion.com.co cdnjs.cloudflare.com *.api.ipify.org  videos.ctfassets.net;          script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com/uwt.js parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud script.crazyegg.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net *.clarity.ms/ *.googleoptimize.com partner.googleadservices.com *.ipdialbox.com *.wolkvox.com kit.fontawesome.com widget.spreaker.com connect.facebook.net *.youtube.com *.proteccion.com *.gstatic.com www.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com cdnjs.cloudflare.com pratech-chatbot-cdn-proteccion.mybluemix.net static.ads-twitter.com cdn.perfdrive.com;          img-src * 'self' data: *.proteccion.com;          style-src 'self' 'unsafe-inline' parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud *.proteccion.com cdnjs.cloudflare.com d10o2ofpymhfmh.cloudfront.net *.google.com *.googleapis.com cdn.botframework.com pratech-chatbot-cdn-proteccion.mybluemix.net use.fontawesome.com;          object-src 'self' *.proteccion.com;          font-src 'self' *.proteccion.com fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com use.fontawesome.com fonts.googleapis.com data:;          child-src *.spotify.com forms.office.com *.google.com *.ipdialbox.com *.wolkvox.com widget.spreaker.com *.core.windows.net *.youtube.com *.wufoo.com *.proteccion.com blob:;          connect-src 'self' kit.fontawesome.com parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud https://noembed.com/ https://js.hs-banner.com https://forms.hscollectedforms.net *.clarity.ms wss://directline.botframework.com https://directline.botframework.com ka-p.fontawesome.com pratech-chatbot-cdn-proteccion.mybluemix.net cdn.contentful.com images.ctfassets.net stats.g.doubleclick.net *.googleapis.com *.proteccion.com.co *.proteccion.com *.google-analytics.com api.ipify.org analytics.google.com;          frame-ancestors 'self' www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com;          frame-src www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com *.facebook.com open.spotify.com widget.spreaker.com docs.google.com cse.google.com *.wolkvox.com https://youtube.com/ *.youtube.com *.google.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-RAuU/Q4NOsQ8EKQmDrbQJQ==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-HvvN5yPriLCRgi9bVg0Hozz+q2IBkC2kcKL/3qvA0J8=' 'sha256-xGW3t2xpyqjAcyhMhYMWQzn6m/fL1Wj/aig8sUa54o0=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io 'unsafe-inline'; connect-src 'self' *.fyndiq.se *.cdon-qlty.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.azurewebsites.net https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel:; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
frame-ancestors 'self' *.atp-autoteile.de https://app.storyblok.com 1
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; connect-src 'self' https://*.hubspot.com https://*.appsflyer.com https://*.doubleclick.net https://*.clarity.ms https://*.google-analytics.com https://*.lambda-url.ap-northeast-1.on.aws https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://assets.ctfassets.net; font-src 'self' https://*.appsflyer.com https://*.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.hubspot.com https://*.youtube.com; img-src 'self' data: https://*.twitter.com https://aw.dw.impact-ad.jp https://*.clarity.ms https://*.ctfassets.net https://*.onelink.me https://t.co https://tr.lfeeder.com https://*.hubspot.com https://*.google-analytics.com https://*.google.co.jp https://*.google.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.co.jp https://*.a8.net https://*.gstatic.com https://googletagmanager.com; media-src 'self' https://*.paidy.com; script-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.google.co.jp https://*.appsflyer.com https://*.ads-twitter.com https://*.yimg.jp https://*.yahoo.co.jp https://sc.lfeeder.com https://yubinbango.github.io https://*.a8.net https://*.clarity.ms https://*.ebis.ne.jp https://*.impact-ad.jp https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com https://ssl.google-analytics.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://servicecenter.claconnect.com https://clatest.service-now.com *.hsforms.net *.hsforms.com *.service-now.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adsrvr.org *.usemessages.com https://servicecenter.claconnect.com/ https://clatest.service-now.com *.claconnect.com https://js.static.parmonic.ai/ https://cdn.jsdelivr.net *.hsleadflows.net *.hubspot.com *.hs-analytics.net https://cdn.pdst.fm https://cdn.pdst.fm https://translate-pa.googleapis.com/ https://api.hubapi.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://www.google.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com https://translate.googleapis.com/ https://translate.google.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.hubspot.com/ *.hsforms.com/ *.hsforms.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://snap.licdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://tags.srv.stackadapt.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://connect.facebook.net/ https://w.soundcloud.com/; img-src 'self' data: https://cla.service-now.com *.parmonic.ai/ *.servicecenter.claconnect.com https://clatest.service-now.com *.hubspotusercontent-na1.net *.hubspot.com https://forms-na1.hsforms.com https://forms.hsforms.com https://trkn.us https://www.paypalobjects.com https://cdn.cookielaw.org https://analytics.google.com https://*.mimecast.com https://*.googleapis.com https://*.adnxs.com https://platform.twitter.com/ https://pbs.twimg.com https://www.google-analytics.com https://maps.gstatic.com https://translate.google.com https://translate.googleapis.com https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://track.hubspot.com/ https://perf.hsforms.com/ https://px.ads.linkedin.com/ https://t.co/ https://www.facebook.com/ https://p.adsymptotic.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.gstatic.com/ https://platform.twitter.com/ https://fonts.googleapis.com/ https://translate.googleapis.com/ https://tags.srv.stackadapt.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/; frame-ancestors 'self' servicecenter.claconnect.com https://clatest.service-now.com https://internal.insights.claconnect.com https://test.internal.insights.claconnect.com https://dev.insights.claconnect.com https://test.insights.claconnect.com https://insights.claconnect.com/; frame-src 'self' servicecenter.claconnect.com https://clatest.service-now.com *.hubspot.com *.hs-sites.com https://watch.claconnect.com *.fls.doubleclick.net https://parmonic.ai https://portal.dynamicsats.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://app.powerbi.com/ https://www.policymap.com https://forms.hsforms.com https://js.hsforms.net/ https://www.google.com/ https://www.youtube.com/ https://vars.hotjar.com/; connect-src 'self' servicecenter.claconnect.com https://clatest.service-now.com *.parmonic.ai *.hubspot.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://geolocation.onetrust.com https://analytics.google.com https://maps.googleapis.com https://forms.hsforms.com https://translate.googleapis.com https://stats.g.doubleclick.net/ https://vc.hotjar.io/ https://www.google-analytics.com https://cdn.cookielaw.org https://forms.hubspot.com/ https://tags.srv.stackadapt.com/ https://in.hotjar.com/; upgrade-insecure-requests; block-all-mixed-content; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.es https://www.myheritage.es  'nonce-ee780f533224328b15ad78a3fc230170' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' www.wirtgen-group.com forms.wirtgen-group.com; 1
default-src 'self' https://www.personvernbloggen.no https://dl.episerver.net https://www.youtube.com https://www.dreambroker.com https://dreambroker.com data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src http://chart.googleapis.com https: data:; font-src 'self' data:; 1
upgrade-insecure-requests; frame-src 'self' https://www.youtube.com/ https://youtu.be/ https://platform.twitter.com/ https://view.genial.ly/ https://www.instagram.com/ https://www.facebook.com/ https://www.tiktok.com/ https://open.spotify.com/ https://www.gotolstoy.com/ https://www.typeform.com/ https://player.vimeo.com/ https://www.cognitoforms.com/ https://td.doubleclick.net/ https://p.interacty.me/ https://uploads.knightlab.com/ https://w.soundcloud.com/ https://www.canva.com/ https://cdn.knightlab.com/ https://www.nv-vr.com/ *.comfama.com/ *.gigya.com/ *.google.com/ data: 1
frame-ancestors https://*.codetantra.com ; frame-src https://*.codetantra.com https://*.static.code-tantra.in https://sso.iitb.ac.in https://ct-public-bucket.s3.ap-south-1.amazonaws.com https://www.youtube.com https://scratch.mit.edu https://docs.google.com blob: ; 1
connect-src 'self' https:;img-src 'self' data: blob:;media-src 'self' data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors https://*.x-cart.com 1
frame-ancestors https://*.buttonizer.io https://*.buttonizer.pro https://buttonizer.pro 1
default-src 'self'; child-src 'self' blob:; connect-src 'self' https://my2.siteimprove.com https://bam-cell.nr-data.net https://www.google-analytics.com https://js.arcgis.com https://services1.arcgis.com https://www.arcgis.com https://*.arcgis.com https://beheer.futureland.nl https://ats-api.portofrotterdam.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com https://id.siteimprove.com/connect https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://id.siteimprove.com https://cdn.linkedin.oribi.io/ https://bam.nr-data.net wss://*.hotjar.com/api/v2/client/ws https://cdn-cookieyes.com https://*.cookieyes.com/ https://api.ha.naiade.portofrotterdam.com/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://js.arcgis.com https://por-widgets.portofrotterdam.com/ https://www.gstatic.com https://*.hotjar.com https://data.maglr.com; frame-src 'self' https://player.vimeo.com https://my2.siteimprove.com https://www.youtube.com https://open.spotify.com https://www.gstatic.com https://www.google.com https://*.hotjar.com https://connections.routescanner.com https://connect.portofrotterdam.com/ https://*.eloqua.com https://portofrotterdam.maglr.com/ https://embed.maglr.com; img-src 'self' data: https://6165051.global.siteimproveanalytics.io https://s530024848.t.eloqua.com https://www.google-analytics.com https://tiles.arcgis.com https://por-widgets.portofrotterdam.com https://beheer.futureland.nl https://*.arcgis.com https://www.gstatic.com blob: https://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.google.com/ https://px.ads.linkedin.com https://www.linkedin.com https://por-widgets.acc-ifbsema-3x4ujzkamoujy.eu-4.platformsh.site/assets/futureland-agenda.jpg https://cdn-cookieyes.com https://invitation.opinionbar.com/wit/popups/p102042/ https://www.google.bg/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.com/ads/ga-audiences https://por-widgets.portofrotterdam.com/assets/icon-gebied.svg https://por-widgets.portofrotterdam.com/assets/icon-opslag.svg https://por-widgets.portofrotterdam.com/assets/icon-goederen.svg https://por-widgets.portofrotterdam.com/assets/icon-USP.svg https://data.maglr.com https://system.maglr.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam-cell.nr-data.net blob: https://js-agent.newrelic.com js.arcgis.com https://por-widgets.portofrotterdam.com https://player.vimeo.com https://www.googletagmanager.com https://www.youtube.com https://siteimproveanalytics.com https://img06.en25.com https://code.highcharts.com/highcharts.js https://code.highcharts.com/modules/data.js https://code.highcharts.com/modules/exporting.js https://www.gstatic.com https://*.hotjar.com https://connect.facebook.net  cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://bam-cell.nr-data.net https://js-agent.newrelic.com https://js.arcgis.com https://player.vimeo.com https://por-widgets.portofrotterdam.com https://www.googletagmanager.com https://img06.en25.com https://siteimproveanalytics.com https://www.googleanalytics.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com https://code.highcharts.com/highcharts.js https://code.highcharts.com/modules/data.js https://code.highcharts.com/modules/exporting.js https://www.gstatic.com https://*.hotjar.com https://connect.facebook.net https://bam.nr-data.net https://por-widgets.acc-ifbsema-3x4ujzkamoujy.eu-4.platformsh.site/FuturelandAgenda.widget.js https://cdn-cookieyes.com/client_data/971cd72c587b4abfc2d54183/banner.js https://cdn-cookieyes.com/client_data/971cd72c587b4abfc2d54183/script.js https://invitation.opinionbar.com/wit/popups/p102042/intercept.js https://invitation.opinionbar.com/wit/popups/p102042/overlay.js https://embed.maglr.com https://data.maglr.com https://system.maglr.com https://por-widgets.portofrotterdam.com/Warehousing.widget.js https://siteimproveanalytics.com/js/siteanalyze_6165051.js  cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://fonts.googleapis.com https://www.gstatic.com https://data.maglr.com https://system.maglr.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://www.portofrotterdam.com; frame-ancestors 'self' https://connections.routescanner.com 1
frame-ancestors https://sanity.avnsmarketingtest.net 1
frame-ancestors 'self' http://www.1001jeux.fr 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://* 1
frame-ancestors 'self' *.thebluebook.com *.oneteam.build *.construction.com *.dodgedev.com *.dodgeqa.com 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: *.brightcove.com *.brightcove.net *.givaudan.cn givaudan.cn *.givaudan.com givaudan.com *.brightcovecdn.com *.google.com *.google.at *.google.ae *.google.ru *.google.ca *.google.nl *.google.hu *.google.pt *.google.ch *.google.tn *.linkedin.com *.ads.linkedin.com px.ads.linkedin.com dc.ads.linkedin.com *.googletagmanager.com *.zencdn.net *.licdn.com *.google-analytics.com *.googleadservices.com *.ads-twitter.com *.facebook.com *.facebook.net siteimproveanalytics.com *.googleusercontent.com *.prod.boltdns.net siteimproveanalytics.com *.siteimproveanalytics.io addevent.com *.googleapis.com *.gstatic.com maps.gstatic.com *.twitter.com ipinfo.io t.co *.siteimprove.net *.siteimprove.com *.newrelic.com bam.nr-data.net *.addevent.com walls.io *.walls.io cdnjs.cloudflare.com *.buzzsprout.com tools.euroland.com tools.eurolandir.com *.google.ie *.google.co.in *.google.co.uk *.google.co.ke *.google.co.ma *.google.es *.google.com.ar *.google.com.co *.google.com.hk *.google.com.au *.google.com.ua *.google.dk *.google.com.br *.google.com.bh *.google.se *.google.com.my *.google.sg *.google.fr *.google.fi *.google.com.sg *.google.com.tr *.google.it *.google.com.sv *.google.co.za *.google.com.vn *.google.de *.gstatic.com *.zawaceboji.com *.google.co.id *.google.com.mx *.google.co.th *.g.doubleclick.net weatherwidget.io *.blob.core.windows.net *.google.com.pk p.adsymptotic.com e.issuu.com google.co.il cdn.jsdelivr.net code.highcharts.com cdn.cookielaw.org w3.org unpkg.com *.tile.openstreetmap.org online.fliphtml5.com geolocation.onetrust.com *.youtube.com *.relayto.com *.youku.com log.mmstat.com *.ykimg.com *.alicdn.com fourier.taobao.com *.linkflowtech.com privacyportal-de.onetrust.com *.onetrust.com *.onetrust.io cdn.linkedin.oribi.io relayto.com *.doubleclick.net *.googlesyndication.com unpkg.com tags.srv.stackadapt.com; frame-ancestors 'self' ollie.givaudan.com givaudan.service-now.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.cookielaw.org https://ajax.googleapis.com https://maps.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://kit.fontawesome.com https://cc.cdn.civiccomputing.com https://pd.sharethis.com https://aptivio.azure-api.net https://www.influ2.com https://use.typekit.net https://ml314.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://static.cloudflareinsights.com https://play.libsyn.com/ https://www.youvisit.com/ https://cms.analytics.yahoo.com/ https://protect-eu.mimecast.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net ; connect-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://analytics.rubensteintech.com https://analytics.rubyapps.dev.ruby.app https://analytics.rubyapps.io https://ka-f.fontawesome.com https://apikeys.civiccomputing.com https://t.influ2.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://static.cloudflareinsights.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net ; img-src 'self' data: blob: https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://akingump.vuturevx.com https://pd.sharethis.com https://via.placeholder.com https://aptivio.azure-api.net https://ps.eyeota.net https://sync.crwdcntrl.net https://match.adsrvr.org https://idsync.rlcdn.com https://dpm.demdex.net https://ml314.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tags.bluekai.com/ https://ib.adnxs.com/ https://loadus.exelator.com/ https://trck.youvisit.com/ ; frame-src 'self' mailto: blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://play.libsyn.com/ https://www.youvisit.com/ https://cms.analytics.yahoo.com/ https://stories.rostrum.agency/ ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com https://cdn.plyr.io ; frame-ancestors 'self' ; object-src 'self' ; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.jazz.co/ https://embed.lpcontent.net/ https://atomicdata-stage.kube.atomic.lcl/ https://ajax.googleapis.com/ https://static.formstack.com/ https://tags.clickagy.com/ https://atomicdata.formstack.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagmanager.com/ https://code.visitor-track.com/ https://ws.zoominfo.com/ https://snap.licdn.com/ https://ml314.com/ https://www.clarity.ms/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ ; img-src 'self' data: https://app.jazz.co/ https://www.atomicdata.com/ https://c.bing.com/ https://c.clarity.ms/ https://images.squarespace-cdn.com/ https://id.rlcdn.com/ https://atomicdata.formstack.com/ https://sync.crwdcntrl.net/ https://d.agkn.com/ https://aa.agkn.com/ https://cm.g.doubleclick.net/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://pixel-sync.sitescout.com/ https://dpm.demdex.net/ https://stags.bluekai.com/ https://aorta.clickagy.com/ https://px.ads.linkedin.com/ https://secure.gravatar.com/ https://www.google.com/ https://p.adsymptotic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://static.formstack.com/ https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://code.visitor-track.com/ https://api.leadpages.io/ https://*.clarity.ms/ https://hemsync.clickagy.com/ https://aorta.clickagy.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://ws.zoominfo.com/ https://atomicdata.formstack.com/ https://cdn.linkedin.oribi.io/ https://c.clarity.ms/ https://a.clarity.ms/ https://px.ads.linkedin.com/ ; media-src 'self'; object-src 'self'; child-src 'self'; frame-src 'self' https://atomicdata.lpages.co/ https://www.wordfence.com/ https://www.google.com/ https://apply.atomicdata.com/ https://www.youtube.com/ https://www.gstatic.com/ https://atomicdata.formstack.com/ https://cdn.linkedin.oribi.io/; worker-src 'self' blob: ; frame-ancestors 'self'; 1
default-src https: wss://*.hotjar.com;      img-src * 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.gstatic.com/ https://googleads.g.doubleclick.net https://www.google.com/ https://cdn.cookielaw.org data: https:;      style-src 'self' 'unsafe-inline' https://www.google.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://3cdn.demio.com fonts.googleapis.com *.typekit.net https://cdn.cookielaw.org https://cdn.demio.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org/ https://cdn.demio.com https://connect.facebook.net https://snap.licdn.com https://*.sharethis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://geolocation.onetrust.com https://www.gstatic.com/ https://cdn.matomo.cloud https://cdn.leadinfo.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://*.piwik.pro https://*.jsdelivr.net https://*.amplitude.com;      frame-ancestors 'self' https://*.youtube.com;      1
frame-ancestors 'self' https://viewer.rooom.com 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/6403db4b-9e48-47f1-bd3f-02aa716e0791/state.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cc.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cd.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cdreport.js https://consent.cookiebot.com/logconsent.ashx https://wwwchat.etes.de/packs/js/sdk.js https://stats.etes.de; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.etes.de https://salesviewer.org https://salesviewer.com https://www.salesviewer.org https://www.salesviewer.com https://wwwchat.etes.de; font-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.openstreetmap.org https://www.youtube-nocookie.com https://wwwchat.etes.de; img-src 'self' data: https://www.google-analytics.com https://stats.etes.de https://salesviewer.org; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self'; form-action 'self' https://seu2.cleverreach.com; 1
script-src 'self' 'unsafe-inline' *.wlresources.com https://www.google-analytics.com https://www.youtube.com/iframe_api https://s.ytimg.com ; connect-src 'self' *.wlresources.com https://www.google-analytics.com; report-uri /err0r/js?ts=1705979074; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.bit2me.com https://bit2me.com/ 1
default-src https://lpslivecms.azureedge.net https://secure.leadforensics.com https://ldynamicspublicapi.leadforensics.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/ https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://lpslivecms.azureedge.net https://*.hcaptcha.com https://ldynamicspublicapi.leadforensics.com https://secure.leadforensics.com https://cdn.jsdelivr.net/npm/ https://api.reciteme.com https://revelations.trovus.co.uk https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://unpkg.com/ https://static.cloudflareinsights.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com https://vjs.zencdn.net https://secure.hook8mist.com https://lpslivecms.azureedge.net https://code.jquery.com https://static.cloud.coveo.com https://az416426.vo.msecnd.net https://www.youtube.com https://s.ytimg.com https://*.linklaters.com https://consent.truste.com https://polyfill.io https://*.passle.net https://*.twitter.com https://cdnjs.cloudflare.com/ https://siteimproveanalytics.com https://sdk.passle.net https://iptrack.io https://app.whoisvisiting.com https://linklaters.vuture.net https://snap.licdn.com https://api-public.addthis.com https://*.addthis.com https://*.addthisedge.com https://maps.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.google.com https://linklaters-11757.firebaseapp.com; style-src 'self' 'unsafe-inline' blob: https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/@fontsource/ https://www.googletagmanager.com https://api.reciteme.com https://consent.cookiebot.com/uc.js https://*.linklaters.com https://lpslivecms.azureedge.net https://vjs.zencdn.net https://webeo-web-content.s3-eu-west-1.amazonaws.com https://code.jquery.com https://static.cloud.coveo.com https://*.linklaters.com https://*.passle.net https://dukb55syzud3u.cloudfront.net https://hello.myfonts.net https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://tagmanager.google.com; img-src 'self' data: https://*.linkedin.com https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/ https://api.reciteme.com https://*.global.siteimproveanalytics.io/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://dashboard.whoisvisiting.com https://secure.hook8mist.com https://lpslivecms.azureedge.net https://s.ytimg.com https://linklaters.vuture.net https://ib.adnxs.com https://*.linklaters.com https://stats.g.doubleclick.net https://images.passle.net/ https://techinsights.linklaters.com https://px.ads.linkedin.com https://pixel.mathtag.com https://www.google.com https://www.google.ie https://www.google.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://via.placeholder.com https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://ssl.gstatic.com https://linklaters-11757.firebaseapp.com; font-src 'self' data: https://lpslivecms.azureedge.net https://cdn.jsdelivr.net/npm/@fontsource/ https://lpslivecms.azureedge.net  https://api.reciteme.com https://*.linklaters.com https://dukb55syzud3u.cloudfront.net https://fonts.gstatic.com https://linklaters-11757.firebaseapp.com; connect-src 'self'  https://hcaptcha.com https://*.hcaptcha.com  https://api.reciteme.com https://consentcdn.cookiebot.com https://cloudflareinsights.com https://platform.cloud.coveo.com https://ldynamicspublicapi.leadforensics.com https://cdn.plyr.io https://lpslivecms.azureedge.net https://mpsso61.mediaplatform.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.linklaters.com https://*.passle.net https://googleads4.g.doubleclick.net https://clientapi.passle.net https://*.googleapis.com; media-src 'self' https://api.reciteme.com https://lpslivecms.azureedge.net/ https://*.linklaters.com; object-src 'self' https://*.linklaters.com; manifest-src 'self' data: https://lpslivecms.azureedge.net https://*.linklaters.com; child-src 'self'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://api.reciteme.com https://consentcdn.cookiebot.com/ https://www.podbean.com/ https://www.facebook.com https://lpslivecms.azureedge.net/ https://cdn.yoshki.com/ https://s7.addthis.com/ https://*.linklaters.com https://*.passle.net https://linklaters.mediaplatform.com https://*.cdn.mediaplatform.com https://www.googletagmanager.com https://pixel.mathtag.com https://sdn.sitecore.net https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com; worker-src 'self' https://lpslivecms.azureedge.net https://api.reciteme.com https://*.linklaters.com; frame-ancestors 'self' https://api.reciteme.com https://*.linklaters.com; form-action 'self' https://api.reciteme.com https://login.microsoftonline.com https://*.linklaters.com; upgrade-insecure-requests; 1
block-all-mixed-content; frame-ancestors *.plenitudedistribuidora.com.br 1
default-src * 'unsafe-eval' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://digio.in https://*.digio.in https://*.signpad.in https://seal.godaddy.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://checkout.razorpay.com https://cdnjs.cloudflare.com/ajax/libs/ https://services.digitallocker.gov.in https://www.google.com/recaptcha/api.js https://www.gstatic.com https://accounts.google.com/gsi/client https://www.clarity.ms https://sdk.videosdk.live; img-src * blob: data:; media-src * blob: data:; connect-src * data:; 1
frame-ancestors 'self' 'franchising.com' 'franchisebusiness.news' 'franchisinginsider.com'; 1
default-src https:; connect-src wss: https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src blob: 'unsafe-inline' 'unsafe-eval' https:; style-src blob: 'unsafe-inline' https:; upgrade-insecure-requests 1
default-src *;  img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com/s/ 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src 'self' data: https:; child-src 'self' vxnsm:; frame-src 'self' vxnsm:;connect-src 'self'; frame-ancestors 'self' http://www.tuckersystems.biz; report-uri /CSPReports.aspx 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com ui.swogo.net js.adsrvr.org gdehu.hit.gemius.pl *.adition.com unpkg.com api.swogo.net tracking.swogo.net player.vimeo.com script.google.com snap.licdn.com px.ads.linkedin.com *.iadvize.com view.publitas.com scripts.publitas.com cdn-eu.dynamicyield.com st-eu.dynamicyield.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io stats.g.doubleclick.net search-tracking.webgeoservices.com insight.adsrvr.org www.google.hu cf-images.eu-west-1.prod.boltdns.net manifest.prod.boltdns.net maintenance.decathlon.hu wss://ws12.hotjar.com api.swogo.net tracking.swogo.net *.gemius.pl fpc.decathlon.hu player.vimeo.com vimeo.com script.google.com script.googleusercontent.com wss://*.iadvize.com *.iadvize.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net www.decathlon.hu 10044342.fls.doubleclick.net 10162697.fls.doubleclick.net maps.gstatic.com www.google.at sync.adotmob.com insight.adsrvr.org www.google.hu cf-images.eu-west-1.prod.boltdns.net manifest.prod.boltdns.net decathlon.hu ui.swogo.net *.adocean.pl px.ads.linkedin.com *.iadvize.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ unpkg.com fronteuhupr.cube-net.pub www.google.hu cf-images.eu-west-1.prod.boltdns.net decathlon.hu ui.swogo.net *.iadvize.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io unpkg.com fronteuhupr.cube-net.pub decathlon.hu *.iadvize.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.iadvize.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com 10044342.fls.doubleclick.net 10162697.fls.doubleclick.net insight.adsrvr.org vars.hotjar.com help.decathlon.hu match.adsrvr.org www.google.hu *.gemius.pl player.vimeo.com *.iadvize.com cdn-eu.dynamicyield.com st-eu.dynamicyield.com;frame-ancestors 'self'; 1
frame-ancestors 'self' https://aqhaservices3.aqha.com https://services.aqha.com https://aqhaservices.aqha.com; 1
frame-ancestors https://www.servizioelettriconazionale.it https://login.servizioelettriconazionale.it 1
object-src 'none'; base-uri 'none'; script-src 'nonce-f54ed2876173cc0379ea62639634a7bc' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; 1
frame-ancestors *.iriworldwide.com *.local.wfdev.net iriworldwide-com.w3.wfdev.net 1
default-src 'self' *.google-analytics.com *.analytics.google.com c.seznam.cz cdnjs.cloudflare.com stackpath.bootstrapcdn.com p.typekit.net use.typekit.net csawdfunctions01.azurewebsites.net csawtfunctions01.azurewebsites.net csawpfunctions01.azurewebsites.net csautfunctions01.azurewebsites.net csaupfunctions01.azurewebsites.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat mc.yandex.ru localhost csawpweb01.azurewebsites.net csaupweb01.azurewebsites.net cmsprodeu.csa.cz csa.cz www.csa.cz 'unsafe-inline' csawpcdnep01.azureedge.net csawdcdnep01.azureedge.net csawpsaweb01.blob.core.windows.net csaupcdnep01.azureedge.net csaupsaweb01.blob.core.windows.net dc.services.visualstudio.com fonts.googleapis.com csi.gstatic.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com geolocation.onetrust.com pagead2.googlesyndication.com onetrust.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com www.google.cz www.pages05.net data: onetrust.com cdn.cookielaw.org c.imedia.cz www.youtube.com youtube.com www.vimeo.com vimeo.com; script-src 'self' mc.yandex.ru c.seznam.cz www.dwin1.com googleads.g.doubleclick.net www.google.cz localhost cmsprodeu.csa.cz csa.cz www.csa.cz 'unsafe-eval' 'unsafe-inline' az416426.vo.msecnd.net www.google.com www.gstatic.com maps.googleapis.com assets.adobedtm.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com connect.facebook.net onetrust.com cdn.cookielaw.org c.imedia.cz cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.youtube.com; frame-src www.pages05.net authorize.omniture.com sitecatalyst.omniture.com www.facebook.com www.google.com bid.g.doubleclick.net onetrust.com cdn.cookielaw.org c.imedia.cz api.zanox.ws www.youtube.com youtube.com www.vimeo.com vimeo.com; 1
frame-ancestors 'self' http://www.1001jogos.com.br 1
default-src 'self' wss:; worker-src 'self' blob:; frame-src 'self' data: wss: https:; media-src 'self' https: blob: data:; connect-src 'self' wss: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; 1
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN; upgrade-insecure-requests 1
default-src 'self' data: https://*.flashcourier.com.br https://fonts.gstatic.com https://cdn.atendimen.to https://*.google.com https://*.google.com.br https://*.youtube.com https://*.gstatic.com https://viacep.com.br https://*.openstreetmap.org https://*.googleapis.com; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src 'self'; img-src * data:; 1
script-src 'self' https://*.iocxtrapower.com 'unsafe-inline' 'unsafe-eval'  https://static.zdassets.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://*.zopim.com https://www.youtube.com;img-src 'self' https://*.iocxtrapower.com https://*.zopim.com https://*.zopim.io https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:;frame-src https://www.youtube.com *.google.com;connect-src 'self' https://*.iocxtrapower.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;font-src 'self' https://*.iocxtrapower.com data: https://*.zopim.com https://fonts.gstatic.com;style-src 'self' https://*.iocxtrapower.com 'unsafe-inline' https://fonts.googleapis.com; 1
frame-ancestors 'self' v9.jarvisexch.com laser247.com www.laser247.com gold365.com www.gold365.com play247.win www.play247.win 11xplay.com www.11xplay.com luck4bets.com www.luck4bets.com laser247.online www.laser247.online play247.online www.play247.online play99exch.win www.play99exch.win cricbet99.win www.cricbet99.win 11xplay.online www.11xplay.online 11xplay.pro www.11xplay.pro gold365.win www.gold365.win laser247.club www.laser247.club laser247.pro www.laser247.pro gold365.green www.gold365.green gold365.site www.gold365.site play247exch.win www.play247exch.win play247.green www.play247.green 11xplay.online www.11xplay.online 11xplay.pro www.11xplay.pro play247.green www.play247.green 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-SdqpbIN2PziUDnarPuVZ+g=='; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; img-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://media.giphy.com/ https://*.tile.openstreetmap.org/ https://*.hcaptcha.com/; object-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; frame-src 'self' data: blob: https://matomo.subdelirium.ovh/ https://*.hcaptcha.com/; 1
default-src 'self' *.fluvius.be cdn-fluvius.azureedge.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com *.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.api.vlaanderen.be static.ads-twitter.com analytics.twitter.com *.bizographics.com translate.google.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net https://cdn.ampproject.org https://extend.vimeocdn.com https://www.youtube.com cdn.jsdelivr.net https://code.upscope.io https://js.upscope.io js.arcgis.com https://unpkg.com/web-vitals/; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com https://amp.cloudflare.com cdn.sparkcentral.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net https://www.googletagmanager.com *.arcgis.com *.arcgisonline.com; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob: t.co *.linkedin.com cdn-fluvius.azureedge.net cdn-o-fluvius.azureedge.net https://cdn-eu.sparkcentral.com cdn.sparkcentral.com https://i.vimeocdn.com https://i.ytimg.com script.hotjar.com https://app.upscope.io https://app-cdn.upscope.io *.informatievlaanderen.be *.arcgis.com *.arcgisonline.com *.api.vlaanderen.be; media-src 'self' https://cdn.sparkcentral.com https://js.upscope.io; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com datastudio.google.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be https://storage.upscope.io blob:; font-src 'self' *.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data: script.hotjar.com cdn-fluvius.azureedge.net js.arcgis.com; connect-src 'self' *.google-analytics.com *.google.be *.google.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io https://*.api.vlaanderen.be *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com 79znwy2ew9.execute-api.eu-central-1.amazonaws.com https://apihub.fluvius.be https://cdn.ampproject.org https://www.googletagmanager.com *.fluvius.be *.b2clogin.com wss://*.upscope.io https://*.upscope.io https://*.arcgis.com *.informatievlaanderen.be; manifest-src cdn-fluvius.azureedge.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com szorolap.aldi.hu; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
frame-ancestors 'self' https://*.gitpod.io https://gitpod.io 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.egeszsegkalauz.hu::PROD_23_5_7 1
frame-ancestors 'self' https://manage.aviationpros.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https://*.tu.berlin https://stats.tu-berlin.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com connect.facebook.net platform.twitter.com maps.googleapis.com oc-cdn-public.azureedge.net js.adsrvr.org acdn.adnxs.com td.doubleclick.net fls.doubleclick.net ad.doubleclick.net static.hotjar.com insight.adsrvr.org; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com oc-cdn-public.azureedge.net tagmanager.google.com www.gstatic.com; font-src 'self' fonts.cdnfonts.com *.fonts.gstatic.com fonts.gstatic.com data:; connect-src 'self' res.cloudinary.com vitals.vercel-insights.com graph.facebook.com assets.metrolinx.com https://api.gotransit.com/v2/ ae72qusyyn-dsn.algolia.net ae72qusyyn-3.algolianet.com ae72qusyyn-2.algolianet.com ae72qusyyn-1.algolianet.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com; img-src 'self' res.cloudinary.com cloudinary.com assets.metrolinx.com i.ytimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleads.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com *.facebook.com data:; media-src 'self' blob: res.cloudinary.com assets.metrolinx.com; frame-src www.youtube.com www.google.com www.instagram.com www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com oc-cdn-public.azureedge.net *.g.doubleclick.net maps.metrolinx.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://open.spotify.com https://www.spotify.com https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://acsbapp.com https://acsbap.com; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://process.acsbapp.com https://acsbapp.com https://acsbap.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://noembed.com https://vimeo.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://cdn.acsbapp.com; font-src 'self' https://cdn.acsbapp.com https://fonts.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://cdn.acsbapp.com https://cdn.cookielaw.org https://i.vimeocdn.com https://i.ytimg.com https://maps.gstatic.com https://www.google-analytics.com; object-src 'self'; frame-src 'self' https://open.spotify.com https://www.spotify.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com; media-src 'self' 'unsafe-inline' data: https://open.spotify.com https://www.spotify.com https://www.youtube.com https://www.vimeo.com https://app.powerbi.com; 1
child-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/ *.ghd.com;frame-src 'self' https://player.vimeo.com https://view.ceros.com https://www.facebook.com https://info.ghd.com https://issuu.com/ https://www.youtube.com/;connect-src 'self' *.google-analytics.com *.doubleclick.net https://ghd-p-001.sitecorecontenthub.cloud/ https://analytics.google.com/ https://api-apse2.rfksrv.com https://discover-apse2.sitecorecloud.io/ https://discover.sitecorecloud.io/ https://cdn.linkedin.oribi.io https://aughd.sc-apj.ghd.com ;default-src 'self' 'unsafe-eval' 'unsafe-inline';font-src 'self' fonts.gstatic.com 'unsafe-eval' 'unsafe-inline' https://cmsstorghddevase.z26.web.core.windows.net/;frame-ancestors 'self' *.ghd.com;img-src 'self' data: https://ghd-p-001.sitecorecontenthub.cloud/ https://cmsstorghddevase.z26.web.core.windows.net/ *.google.com *.google.co.in https://www.facebook.com https://www.google-analytics.com *.linkedin.com *.google.com.au/;media-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/;script-src 'self' www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cmsstorghddevase.z26.web.core.windows.net https://cdn.evgnet.com https://info.ghd.com https://connect.facebook.net https://px.ads.linkedin.com https://snap.licdn.com https://view.ceros.com https://pi.pardot.com https://www.youtube.com/iframe_api https://ajax.googleapis.com https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cmsstorghddevase.z26.web.core.windows.net/;upgrade-insecure-requests;block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tech.lgbt; img-src 'self' data: blob: https://tech.lgbt https://media.tech.lgbt; style-src 'self' https://tech.lgbt 'nonce-OkagtyWev3r6SI6zwZ4k0w=='; media-src 'self' data: https://tech.lgbt https://media.tech.lgbt; frame-src 'self' https:; manifest-src 'self' https://tech.lgbt; form-action 'self'; child-src 'self' blob: https://tech.lgbt; worker-src 'self' blob: https://tech.lgbt; connect-src 'self' data: blob: https://tech.lgbt https://media.tech.lgbt wss://tech.lgbt; script-src 'self' https://tech.lgbt 'wasm-unsafe-eval' 1
default-src 'self' https://www.newsfilecorp.com https://api.newsfilecorp.com https://orders.newsfilecorp.com https://wire.newsfilecorp.com https://images.newsfilecorp.com https://blog.newsfilecorp.com https://www.google.com https://www.google.ca https://maps.google.com https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://chart.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://youtube.com https://www.youtube.com https://i.ytimg.com https://play.google.com https://platform.twitter.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://code.jquery.com https://app.quotemedia.com https://qmod.quotemedia.com https://content.jwplatform.com https://videos.b-tv.com https://videos-cloudfront.jwpsrv.com 'unsafe-inline' data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://www.googletagmanager.com https://arkivverket.atlassian.net https://www.google.com https://www.gstatic.com; img-src 'self' data: https://*.google-analytics.com https://stats.g.doubleclick.net www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.digitalarkivet.no https://www.google.com/recaptcha/ https://www.youtube-nocookie.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self' https://*.digitalarkivet.no 1
frame-ancestors 'self' *.bluetail.salesforce.com *.content.force.com *.documentforce.com *.force.com *.forcesslreports.com *.forceusercontent.com *.lightning.com *.salesforce.com *.salesforceliveagent.com *.salesforce-communities.com trailblazer.me *.visualforce.com *.sfdcstatic.com secure.eloqua.com *.google.com google.com *.doubleclick.net www.facebook.com ssl.google-analytics.com login.salesforce.com test.salesforce.com analytics.localytics.com manifest.localytics.com; 1
frame-ancestors 'self' *.niwa.local *.niwa.co.nz http://clidesc.info http://clidesc.australiaeast.cloudapp.azure.com https://niwa-d9-uat.signify.nz https://niwa-rebuild-qa.signify.nz 1
default-src https://eham.net:8000 https://eham.net https://*.eham.net http://*.noaa.gov https://*.paypal.com https://*.googleapis.com data: 'unsafe-inline' 'unsafe-eval';		img-src * data:;		 report-uri https://eham.net/log/csp-report; 1
script-src 'nonce-inWN/KcQykdZjvSLx19AUJntPgA=' 'self' mijncdnpartner.nl www.googletagmanager.com www.smartsuppchat.com smartsuppcdn.com *.smartsuppcdn.com d10lpsik1i8c69.cloudfront.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /v1/csp/reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amnetgroup.com.tw cdn.jsdelivr.net *.doubleclick.net *.treasuredata.com *.babylonjs.com *.johnniewalker.com *.diageohorizon.com *.diageoapi.com *.diageoagegate.com *.diageopersonalisationstudio.com *.diageoplatform.com *.diageo.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.tagmanager.google.com *.googleapis.com *.youtube.com *.doubleclick.net *.google.com *.bing.com *.googleadservices.com *.facebook.net *.facebook.com *.navdmp.com *.ytimg.com *.cloudflare.com *.shortlyst.com *.mapbox.com *.evbuc.com *.gravatar.com *.amazonaws.com *.bootstrapcdn.com *.demdex.net *.pinimg.com *.vimeo.com *.umbraco.org *.amnetgroup.com.tw *.yimg.com *.yahoo.com *.adsrvr.org *.onetrust.com *.ads-twitter.com *.clarity.ms *.twitter.com *.vtinfo.com *.universe.com *.google.co.uk *.queue-it.net *.myshopify.com *.shopify.com *.twitter.com t.co *.cloudfunctions.net *.eum-appdynamics.com *.appdynamics.com *.twimg.com *.anyguide.com *.anyroad.com where-to-buy.co *.liveres.co.uk app.yellowmessenger.com cdn.yellowmessenger.com cloud.yellow.ai bookings-stg02 *.secure.johnniewalker.com cdn.segment.com cdn.evgnet.com cdn.evergage.com diageogb.germany-2.evergage.com *.quantummetric.com data: blob:;font-src 'self' data: *.yellowmessenger.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' *.voith.com;img-src 'self' data: *.voith.com johannes.voith.com image-store.slidesharecdn.com scontent.cdninstagram.com maps.googleapis.com *.gstatic.com serve.albacross.com track.hubspot.com forms.hsforms.com *.linkedin.com new-collect.albacross.com perf.hsforms.com *.media.brightcove.com players.brightcove.net *.boltdns.net *.akamaihd.net metrics.brightcove.com scontent-frt3-1.cdninstagram.com cf-images.us-east-1.prod.boltdns.net logs1412.xiti.com new-collect.albacross.com px.ads.linkedin.com www.googletagmanager.com secure.torn6back.com prod.smassets.net prod3-assets.sprinklr.com thumb.sprinklr.com prod3-sprcdn-assets.sprinklr.com prod3-media-proxy.sprinklr.com img.youtube.com d15nmabv5huvcn.cloudfront.net exceptions.hs-embed-reporting.com d2euiryrvxi8z1.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.voith.com widget.surveymonkey.com maps.googleapis.com players.brightcove.net scontent.cdninstagram.com tag.aticdn.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsforms.net forms.hsforms.com serve.albacross.com consent.cookiebot.com www.google.com www.googletagmanager.com www.gstatic.com consentcdn.cookiebot.com vjs.zencdn.net secure.rate8deny.com ajax.googleapis.com gallery-prod3.sprinklr.com players.brightcove.net vjs.zencdn.net platform.twitter.com snap.licdn.com;script-src-elem 'self' 'unsafe-inline' consent.cookiebot.com widget.surveymonkey.com consentcdn.cookiebot.com tag.aticdn.net www.googletagmanager.com www.google.com www.gstatic.com snap.licdn.com players.brightcove.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-analytics.net *.hsforms.net *.hsforms.com serve.albacross.com vjs.zencdn.net code.jquery.com secure.rate8deny.com ajax.googleapis.com gallery-prod3.sprinklr.com platform.twitter.com maps.googleapis.com static.voith.com;media-src 'self' 'unsafe-inline' blob: data: prod3-media-proxy.sprinklr.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.voith.com;prefetch-src 'self' *.boltdns.net;style-src 'self' 'unsafe-inline' *.voith.com fonts.googleapis.com gallery-prod3.sprinklr.com players.brightcove.net www.googletagmanager.com;font-src 'self' 'unsafe-inline' data: *.voith.com vjs.zencdn.net fonts.googleapis.com gallery-prod3.sprinklr.com fonts.gstatic.com ;frame-src 'self' data: consentcdn.cookiebot.com www.google.com forms.hsforms.com resource.voith.com www.yumpu.com players.brightcove.net forms.hubspot.com js.hsforms.net;connect-src 'self' search.voith.com searchprev.voith.com consentcdn.cookiebot.com forms.hubspot.com forms.hsforms.com static.voith.com new-collect.albacross.com bcbolt446c5271-a.akamaihd.net manifest.prod.boltdns.net logs1412.xiti.com api.hsforms.com resource.voith.com gallery-prod3.sprinklr.com prod3-external-share-api.sprinklr.com johannes.voith.com players.brightcove.net edge.api.brightcove.com *.brightcove.com maps.googleapis.com js.hs-banner.com idx.liadm.com videoproxy.voith.com px.ads.linkedin.com edge.api.brightcove.com;worker-src 'self' 'unsafe-inline' blob: data:  *.voith.com;object-src 'none'; 1
frame-ancestors 'self' bill.eurobyte.ru 1
frame-ancestors 'self' https://www.deal4loans.com  https://www.zeebiz.com/ *.wishfin.com; 1
default-src 'self' *.myfloridacfo.com myfloridacfo.com *.smartsheet.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google.com *.google-analytics.com *.myfloridacfo.com myfloridacfo.com *.livechatinc.com *.smartsheet.com *.sitefinity.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.myfloridacfo.com myfloridacfo.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: https://*.googletagmanager.com *.myfloridacfo.com myfloridacfo.com *.livechatinc.com blob: *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.myfloridacfo.com myfloridacfo.com *.livechatinc.com; frame-src 'self' *.brightcove.net *.twitter.com *.myfloridacfo.com myfloridacfo.com *.livechatinc.com *.smartsheet.com *.office.com www.google.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.google-analytics.com *.myfloridacfo.com myfloridacfo.com *.livechatinc.com *.articulate.com forms.hubspot.com *.hsforms.com; media-src 'self' *.myfloridacfo.com myfloridacfo.com data:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.myfloridacfo.com myfloridacfo.com *.livechatinc.com web-chat.nativechat.com; form-action *.myfloridacfo.com myfloridacfo.com *.myfloridacfo.com/sitefinity myfloridacfo.com/sitefinity 'self' myfloridacfo.com/Sitefinity/Login; report-uri /Sitefinity/Frontend/Diagnostics/HttpHeadersReport 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7h7647diquc9j&partner=; 1
default-src * https://*.santagostino.it; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src 'self' data: https://*; 1
default-src 'self' *.jsdelivr.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.customer.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.gstatic.com *.google.com *.google-analytics.com *.typekit.com *.addthis.com *.addthisedge.com *.chartbeat.com *.infogram.com *.jquery.com unpkg.com *.newrelic.com *.nr-data.net *.formstack.com *.googleapis.com *.amazonaws.com *.wnyc.org *.cloudflare.com *.twitter.com *.twimg.com airtable.com *.airtable.com *.addthis.com *.moatads.com *.flourish.studio *.uri.sh *.jsdelivr.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net d3js.org *.zohopublic.com *.zoho.com  *.customink.com customink.com *.googletagmanager.com googletagmanager.com *.tile.openstreetmap.org *.hotjar.io *.hotjar.com *.customer.io  *.gleap.io *.pagesense.io *.infogr.am; object-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.customer.io; style-src 'self' 'unsafe-inline' unpkg.com *.formstack.com *.google.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.typekit.net *.wistia.com *.wistia.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.customer.io; img-src 'self' 'unsafe-inline' data: cookpolitical.com *.facebook.com *.twimg.com *.typekit.net *.google-analytics.com *.doubleclick.net *.chartbeat.net *.tinypic.com *.wmflabs.org *.formstack.com *.amazonaws.com *.googleapis.com *.wnyc.org *.addthis.com *.twitter.com airtable.com *.airtable.com *.dacast.com *.wistia.net *.wistia.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com  *.tile.openstreetmap.org *.hotjar.com  *.hotjar.io *.customer.io; media-src 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.twitter.com airtable.com *.airtable.com *.dacast.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org *.hotjar.com  *.hotjar.io *.customer.io; frame-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.google.com *.infogram.com *.jquery.com *.formstack.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.c-span.org *.youtube.com vekeo.com *.moatads.com *.teleforumonline.com *.vekeo.com *.flourish.studio *.uri.sh *.dacast.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.customink.com customink.com *.facebook.com facebook.com *.tile.openstreetmap.org  *.hotjar.com *.hotjar.io *.customer.io *.infogr.am; frame-ancestors 'self' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.vekeo.com *.dacast.com *.wistia.net *.fast.wistia.com *.wistia.com *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.customink.com customink.com  *.tile.openstreetmap.org *.customer.io; child-src *.wistia.com *.wistia.net *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com  *.tile.openstreetmap.org *.customer.io; font-src 'self' 'unsafe-inline' *.typekit.com *.googleapis.com *.gstatic.com *.twitter.com airtable.com *.airtable.com *.typekit.net data:  *.wistia.com fast.wistia.net embed-fastly.wistia.com embedwistia-a.akamaihd.net *.zohopublic.com *.zoho.com *.tile.openstreetmap.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.customer.io; connect-src 'self' 'unsafe-inline' *.addthis.com *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com *.doubleclick.net airtable.com *.airtable.com *.newrelic.com bam.nr-data.net *.jsdelivr.net *.wistia.net *.wistia.com *.zohopublic.com *.zoho.com *.nr-data.net nr-data.net  *.tile.openstreetmap.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io *.hotjar.io wss://*.hotjar.com *.customer.io  *.gleap.io; report-uri /report-csp-violation 1
default-src https: 'self' https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net www.coincap.io www.google-analytics.com ; img-src https: 'self' data: www.dashpay.io ; style-src https: 'self' 'unsafe-inline' fonts.googleapis.com ; font-src https: data: 'self' fonts.googleapis.com fonts.gstatic.com ; frame-src https: 'self' www.youtube.com w.soundcloud.com html5-player.libsyn.com player.youku.com v.youku.com ; child-src https: 'self' www.youtube.com w.soundcloud.com html5-player.libsyn.com ; object-src 'self'; 1
frame-ancestors *.customs.gov.az 1
connect-src https: wss:; font-src https: data:; frame-src blob: https:; frame-ancestors blob: https:; img-src https: data: blob:; media-src https:; object-src https:; child-src blob: https:; 1
frame-ancestors 'self' https://piloto.avvillas.com.co https://www.avvillas.com.co; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-KddbMz1JE4gB4N3kMaSnmg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; frame-src *; media-src *; frame-ancestors *; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://consumer-app.ftrace.com  https://grillnchillquiz.desgsr.com  https://lidl-aktivacije.com.hr  https://lidlslider.desgsr.com  https://lidl.level.hr  https://lidl.level.hr  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://consumer-app.ftrace.com  https://grillnchillquiz.desgsr.com  https://lidl-aktivacije.com.hr  https://lidlslider.desgsr.com  https://lidl.level.hr  https://lidl.level.hr; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.amway.in 1
frame-ancestors https://datocms.admin.datocms.com https://cms.datocms.com http://localhost:3002 http://localhost:3000 https://plugins-cdn.datocms.com https://get.datocms.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://*.zopim.com https://*.intercomcdn.com https://*.typekit.net https://connect.facebook.net https://*.googleapis.com https://*.bootstrapcdn.com https://*.stripe.com https://*.ravenjs.com https://*.heapanalytics.com https://*.pingdom.net https://*.intercom.io https://*.adroll.com https://*.trychameleon.com https://*.amplitude.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.appcues.com https://*.appcues.net; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://*.bootstrapcdn.com https://*.googleapis.com https://fonts.google.com https://*.appcues.com https://*.appcues.net; font-src * data:; connect-src *; frame-src 'self' https://*.stripe.com https://*.trychameleon.com https://*.chmln-cdn.com https://*.amplitude.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.appcues.com; report-uri /api/internal2/csp-report 1
frame-ancestors 'self' https://*.dish.com https://*.dop.dishcloud.io https://*.awsapps.dishcloud.io 1
object-src 'none'; script-src 'nonce-7LnJPa4/zdX8EiBHkozSiw==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
frame-ancestors www.bpl.org *.www.bpl.org bpl.org *.bpl.org bpl.bibliocms.com *.bpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.bpl.org *.www.bpl.org bpl.org *.bpl.org bpl.bibliocms.com *.bpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://builder.io; object-src 'none'; 1
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.es https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://bootswatch.com https://translate.googleapis.com https://www.google-analytics.com;  frame-ancestors 'self' ;  1
default-src  'self' cdn-vsh.prague.eu;font-src  'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl www.praguecitytourism.cz www.praguecitytourism.com *.prague.eu;connect-src  'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com *.doubleclick.net *.google-analytics.com www.praguecitytourism.cz www.praguecitytourism.com *.cookiebot.com *.boldem.cz *.instagram.com *.pinterest.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud *.gstatic.com www.praguecitytourism.cz www.praguecitytourism.com *.bstatic.com *.doubleclick.net *.cookiebot.com *.googlesyndication.com *.prague.eu *.boldem.cz s.pinimg.com c.seznam.cz;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud *.gstatic.com www.praguecitytourism.cz www.praguecitytourism.com *.bstatic.com *.doubleclick.net *.cookiebot.com *.googlesyndication.com *.prague.eu *.boldem.cz s.pinimg.com c.seznam.cz;form-action  'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com tickets.colosseum.eu *.prague.eu;frame-src  'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com *.doubleclick.net *.cookiebot.com *.prague.eu *.panomax.com *.pinterest.com c.seznam.cz;worker-src  'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com *.doubleclick.net *.cookiebot.com *.prague.eu *.panomax.com *.pinterest.com c.seznam.cz;frame-ancestors  'self' cdn-vsh.prague.eu;img-src  'self' cdn-vsh.prague.eu data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.facebook.net *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl *.tinymce.com *.seznam.cz www.praguecitytourism.cz www.praguecitytourism.com *.doubleclick.net *.cdninstagram.com *.pinterest.com;style-src  'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl cdn.tiny.cloud www.praguecitytourism.cz www.praguecitytourism.com *.prague.eu;object-src  'self' cdn-vsh.prague.eu 1
frame-ancestors *.bajajfinservmarkets.in *.BajajFinserv.in www-bajajfinservmarkets-in.cdn.ampproject.org www.google.com *.adobe.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src * blob:; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; connect-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://www.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.gstatic.com https://www.awin1.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.googleadservices.com https://www.facebook.com https://*.pinterest.com https://trck.linkster.co https://*.billiger.de https://*.cloudfront.net https://brxcdn.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.baby-walz.de https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://www.sovendus-benefits.com https://www.sovendus-connect.com https://ct.pinterest.com https://*.bambuser.com https://tbs.tradedoubler.com https://ams.creativecdn.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.de https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.de https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.bambuser.com https://*.abtasty.com https://connect.getflowbox.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.baby-walz.de https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://x.klarnacdn.net https://sentry.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://www.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://www.google.com https://googleads.g.doubleclick.net https://services.vhwmcs.net https://qa-services.vhwmcs.net https://*.sovendus.com https://ct.pinterest.com https://*.bambuser.com https://*.abtasty.com https://*.getflowbox.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de https://cdn.flbx.io; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
default-src 'self' https://*.igodigital.com https://www.google.com https://www.pluricosmetica.com https://cl.avis-verifies.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://js.klarna.com https://osm.klarnaservices.com https://x.klarnacdn.net https://www.clarity.ms/ https://bat.bing.com pluricosmetica.my.salesforce-sites.com https://s.kk-resources.com https://s.kelkoogroup.net https://static.lightning.force.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com  https://service.force.com https://*.igodigital.com https://*.pluricosmetica.com https://static.cloudflareinsights.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://apis.google.com https://maps.google.com https://cl.avis-verifies.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net;  connect-src 'self'  https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com js.klarna.com *.analytics.google.com *.klarnaevt.com *.klarnaservices.com https://bat.bing.com/ https://*.clarity.ms/collect https://web.facebook.com https://z-p3-graph.facebook.com https://p.clarity.ms https://l.clarity.ms/ pluricosmetica.my.salesforce-sites.com https://s.kelkoogroup.net https://*.force.com *.google-analytics.com https://adservice.google.com https://maps.googleapis.com https://www.google.com https://graph.facebook.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://awsapis3.netreviews.eu https://www.pluricosmetica.com;  img-src 'self' data: https://cdn-cookieyes.com *.bing.com *.klarnacdn.net *.klarnaservices.com *.clarity.ms https://c.clarity.ms https://bat.bing.com https://s.kelkoogroup.net https://mcusercontent.com https://fonts.gstatic.com https://*.igodigital.com https://web.facebook.com https://gen.sendtric.com https://googleads.g.doubleclick.net https://www.google.sr https://www.google.sk https://www.google.pt https://www.google.lu https://www.google.lt https://www.google.it https://www.google.ie https://www.google.fr https://www.google.de https://www.google.com.br https://www.google.es https://www.google.nl https://www.google.co.uk https://www.google.ch https://www.google.be https://www.google.bg https://www.paypalobjects.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.gstatic.com https://www.googletagmanager.com https://s.w.org https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.pt https://secure.gravatar.com https://www.google.com http://www.pluricosmetica.com https://cl.avis-verifies.com https://www.facebook.com https://www.google-analytics.com *.tawk.to https://cdn.jsdelivr.net *.netreviews.eu https://stats.g.doubleclick.net;  style-src 'self' 'unsafe-inline' https://x.klarnacdn.net pluricosmetica.my.salesforce-sites.com https://*.force.com https://www.googletagmanager.com https://www.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net;  font-src 'self' data: https://x.klarnacdn.net  https://fonts.googleapis.com https://fonts.gstatic.com https://static-v.tawk.to https://cl.avis-verifies.com;  report-uri https://cspr.pluricosmetica.com;  frame-src 'self' *.klarna.com https://service.force.com https://web.facebook.com https://*.pluricosmetica.com https://bid.g.doubleclick.net https://d3ms8mre5rhtvu.cloudfront.net https://www.youtube-nocookie.com https://www.youtube.com https://cl.avis-verifies.com https://www.google.com https://apis.google.com https://accounts.google.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com; object-src 'self'; 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.glamour.hu::PROD_1_6_5 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' https://crash.checkmk.com/ https://license.checkmk.com/api/verify; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';                img-src * blob: data:;                frame-src https: 'self';               style-src https: 'self' 'unsafe-inline';                font-src https: 'self' data:;                connect-src https: 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.addtoany.com *.cihi.ca wss://*.cihi.ca *.cloudflare.com *.doubleclick.net *.everviz.com *.facebook.com *.facebook.net *.google.bs *.google.ca *.google.cl *.google.cn *.google.co.in *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.uk *.google.com *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.jm *.google.com.mx *.google.com.pe *.google.com.pg *.google.com.py *.google.com.sb *.google.com.ua *.google.com.uy *.google.com.vc *.google.de *.google.es *.google.fr *.google.ie *.google.it *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.highcharts.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.jsdelivr.net snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io *.polyfill.io *.reddit.com *.redditstatic.com *.simplecast.com *.youtube.com; frame-ancestors 'self' https://*.cihi.ca; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ib.adnxs.com blob: *.abtasty.com *.cloudfront.net bppmdmxgsg.execute-api.eu-west-1.amazonaws.com cdn.jsdelivr.net cdn.syndication.twimg.com cdn.vitality.co.uk cdnjs.cloudflare.com metrics.responsetap.com optimize.google.com platform.twitter.com s.idio.co *.ytimg.com s3.amazonaws.com static-cdn.responsetap.com static-ssl.responsetap.com tagmanager.google.com unpkg.com *.google-analytics.com *.googletagmanager.com www.google.com www.googleoptimize.com www.gstatic.com *.marketingautomation.services www.youtube.com player.vimeo.com quantcast.mgr.consensu.org cdn.siteimprove.net idoplayer.idomoo.com widget.trustpilot.com sjs.bizographics.com *.kampyle.com *.medallia.eu *.bing.com maps.googleapis.com *.co-buying.com *.vitality.co.uk *.hotjar.com snap.licdn.com ict.infinity-tracking.net *.quora.com www.redditstatic.com *.tvsquared.com siteimproveanalytics.com kit.fontawesome.com cm.g.doubleclick.net stonly.com *.stonly.com surfly.com *.boxever.com *.idomoo.com script.infinity-tracking.com analytics.tiktok.com connect.facebook.net px.ads.linkedin.com acdn.adnxs.com;object-src 'self' cdn.vitality.co.uk *.co-buying.com *.vitality.co.uk;style-src 'self' 'unsafe-inline' *.abtasty.com cdn.jsdelivr.net cdn.vitality.co.uk cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com optimize.google.com platform.twitter.com s3.amazonaws.com tagmanager.google.com ton.twimg.com widget.trustpilot.com *.cloudfront.net *.kampyle.com *.medallia.eu *.co-buying.com *.vitality.co.uk;img-src 'self' ib.adnxs.com *.abtasty.com a.idio.co abs.twimg.com adviser.vitality.co.uk bppmdmxgsg.execute-api.eu-west-1.amazonaws.com cdn.vitality.co.uk cm.g.doubleclick.net data: *.cloudfront.net google.com gtrk.s3.amazonaws.com optimize.google.com pbs.twimg.com platform.twitter.com *.ytimg.com s3.amazonaws.com stats.g.doubleclick.net syndication.twitter.com ton.twimg.com *.google-analytics.com www.google.co.uk www.google.com www.vitality.co.uk *.googletagmanager.com widget.trustpilot.com *.kampyle.com *.medallia.eu bat.bing.com *.co-buying.com www.google.ie maps.gstatic.com maps.googleapis.com *.vitality.co.uk *.quora.com www.redditstatic.com *.tvsquared.com *.siteimproveanalytics.io alb.reddit.com *.idomoo.com analytics.tiktok.com connect.facebook.net px.ads.linkedin.com acdn.adnxs.com;media-src 'self' cdn.vitality.co.uk *.idomoo.com;frame-src 'self' *.abtasty.com *.fls.doubleclick.net docs.google.com *.cloudfront.net https://www.youtube.com platform.twitter.com sdn.sitecore.net survey.vitalityreferral.co.uk syndication.twitter.com twitter.com vitality.co.uk www.youtube.com optimize.google.com player.vimeo.com my2.siteimprove.com https://www.google.com idoplayer.idomoo.com/ widget.trustpilot.com *.kampyle.com *.medallia.eu *.co-buying.com *.vitality.co.uk *.hotjar.com stonly.com *.stonly.com surfly.com;font-src 'self' *.abtasty.com cdn.vitality.co.uk data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.cloudfront.net *.kampyle.com *.medallia.eu;frame-ancestors 'self' https://vitality-portal.1stmd.com vitality.co.uk www.reddit.com 1
default-src 'self'; script-src 'self' cookie.wieni.be www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com polyfill.io unpkg.com/tippy.js@6.2.6/dist/tippy-bundle.umd.min.js 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-7i76oknu77caVIXBaoBnIa41nDdqUFztKc8XyPP46yI=' 'sha256-n4MwUTyKKCBlMIFkvcS3dkmlRFEcqSm/V0IOhZelzA0=' 'sha256-wRDKIy5U7ONd9G6alDNS2ZYJ+iznu2epGuEoWzdd40k=' cdn.matomo.cloud uzleuvenbe.matomo.cloud 'sha256-pNFS7DMzCDAfI55vr0A6kCKy39dVHP3yFv5nkUXvHGE=' 'unsafe-eval' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com cdn.plot.ly 'sha256-V7ipTCadss7ptE+3y1BOGG+60Q0O9NR5Y6f7ppRW0a4=' 'sha256-q3lYu00vaGpohclMR410FLN3b463yBU1b2UoAQxOINk=' 'sha256-LqyHWDQet6lD+1YGzhIeaJcY5ClHsaVB5AENidSlj7w=' 'sha256-ZL4w2vHnmTs5tQHHXrJmvcpXT2gN//lhyaxomdq9JiM=' 'sha256-AtfBXSY/GiwGTqpfoDofMLe6i+iNhAz0OG2LR04rBak=' 'sha256-J3AKJFjU3gScG5uefy10ykkuAf0slC+XR2nwN0aKWBA=' 'sha256-3l9ggmeb15i9lEyqwrZ2y6bzpPEsSkBoYvdyeIB2JdM=' 'sha256-9FlvfRqfYbBTzrsP1G44wse4cL+D8oOjG5xVib+gL1o=' 'sha256-jKsY2cxtIZL2nemkH34IuY0LdIT5eJ7clX3zItYEQII=' enquete.agconsult.com assets.uzleuven.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com use.typekit.net p.typekit.net blob: uzleuvenbe.matomo.cloud cdn.jsdelivr.net assets.uzleuven.be; img-src 'self' data: uzleuvenbe.matomo.cloud cdn.usernap.com images.uzleuven.be wmimages.uzleuven.be; font-src 'self' use.fontawesome.com use.typekit.net fonts.gstatic.com uzleuvenbe.matomo.cloud; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com www.youtube-nocookie.com uzleuvenbe.matomo.cloud materniteit.uz-leuven.virtualtour.poppr.be e.issuu.com uzleuven.wufoo.be use.mazemap.com uzleuven.wufoo.com uzleuven.wufoo.eu embed.deburen.tv docs.google.com survey.alchemer.com localfocuswidgets.net www.thinglink.com; connect-src 'self' cookie.wieni.be use.typekit.net stats.g.doubleclick.net uzleuvenbe.matomo.cloud files.uzleuven.be api.usersnap.com widget.usersnap.com cdn.jsdelivr.net assets.uzleuven.be; worker-src 'self' use.typekit.net uzleuvenbe.matomo.cloud 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; 1
worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src		'none' ; 					   script-src 		'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com ; 					   connect-src 		'self' https://*.googleapis.com *.google.com https://*.gstatic.com ; 					   font-src 		'self' https://fonts.gstatic.com ; 					   img-src 		'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: ; 					   style-src 		'self' 'unsafe-inline' https://fonts.googleapis.com ; 					   frame-ancestors	'self' ; 					   frame-src		'self' https://www.youtube.com ; 					   manifest-src		'self' ; 					   form-action 		'self' ; 1
'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24l7-news.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self' https://prod-web-plugins.s3.amazonaws.com https://cdn01.sura.net.pe; img-src 'self' blob: data: https://prod-web-plugins.s3.amazonaws.com https://www.google.com.pe https://liveness-web.toc.ai https://www.googletagmanager.com https://cdn01.sura.net.pe https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.co https://optimize.google.com https://www.afpintegra.pe https://*.teads.tv https://cnv.leadsglobal.com https://leadsglobal.go2cloud.org https://fonts.gstatic.com https://px.ads.linkedin.com https://*.hotjar.com; script-src 'self' https://prod-web-plugins.s3.amazonaws.com https://prod-liveness.tocws.com https://cdnjs.cloudflare.com https://liveness-web.toc.ai https://cdn.jsdelivr.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn01.sura.net.pe https://a2.adform.net http://a2.adform.net https://p.teads.tv http://www.googleadservices.com/pagead/conversion_async.js http://www.googletagmanager.com https://snap.licdn.com https://apps.usw2.pure.cloud https://pagead2.googlesyndication.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://liveness-web.toc.ai https://prod-web-plugins.s3.amazonaws.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://cdn01.sura.net.pe https://www.gstatic.com/charts https://www.googletagmanager.com https://*.hotjar.com; font-src https://cdnjs.cloudflare.com https://*.hotjar.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn01.sura.net.pe; connect-src 'self' https://prod-web-plugins.s3.amazonaws.com https://prod-liveness.tocws.com https://pagead2.googlesyndication.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://prod-liveness.toc.ai wss://prod-liveness.tocws.com wss://prod-liveness-ms.tocws.com https://prod-liveness.toc.ai https://liveness-web.toc.ai https://prod-api.7oc.cl https://www.afpintegra.pe https://www.google-analytics.com https://stats.g.doubleclick.net https://cognito-idp.us-west-2.amazonaws.com https://api.cercania.afpintegra.pe https://afiliacion.api.cercania.afpintegra.pe https://cdn01.sura.net.pe https://cdn.linkedin.oribi.io https://gtmserver.afpintegra.pe https://sura-integra-webapps.s3.us-west-2.amazonaws.com https://*.teads.tv https://cnv.leadsglobal.com https://leadsglobal.go2cloud.org https://analytics.google.com https://customsearch.googleapis.com https://api-cdn.usw2.pure.cloud https://api.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud https://api.npv.afpintegra.pe; frame-src data: 'unsafe-inline' 'self' blob: https://*.doubleclick.net https://*.teads.tv https://vars.hotjar.com https://cdn01.sura.net.pe https://www.youtube.com https://www.afpintegra.pe https://www2.sbs.gob.pe https://cognito-idp.us-west-2.amazonaws.com https://api.cercania.afpintegra.pe https://afiliacion.api.cercania.afpintegra.pe https://www.google.com https://optimize.google.com https://irene-chatbot.sura.net.pe https://sura-integra-webapps.s3.us-west-2.amazonaws.com https://apps.usw2.pure.cloud; object-src * blob: https://www.afpintegra.pe; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' www.gravatar.com img.youtube.com pbs.twimg.com *.vimeocdn.com data: blob: s3-eu-west-1.amazonaws.com *.google-analytics.com www.googletagmanager.com optimize.google.com *.readspeaker.com maps.google.com maps.gstatic.com *.googleapis.com *.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com maps.googleapis.com *.readspeaker.com maps.google.com www.conceptcrafters.nl; connect-src 'self' *.google-analytics.com *.readspeaker.com maps.googleapis.com vimeo.com; style-src 'self' optimize.google.com fonts.googleapis.com 'unsafe-inline' *.readspeaker.com; font-src 'self' fonts.gstatic.com *.readspeaker.com data:; frame-src 'self' optimize.google.com *.readspeaker.com *.zorgkaartnederland.nl www.youtube-nocookie.com www.youtube.com player.vimeo.com; 1
base-uri 'self';child-src 'self' *.pipedream.com www.youtube.com player.vimeo.com fast.wistia.net blob:;connect-src 'self' *.pipedream.com *.m.pipedream.net wss://*.pipedream.com *.fullstory.com api.cloudinary.com o210198.ingest.sentry.io https://browser-intake-datadoghq.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://api.s.pipedream.net https://cdn.s.pipedream.net https://tally.so https://*.algolia.net *.google.com https://stats.g.doubleclick.net pagead2.googlesyndication.com *.intercom.io wss://*.intercom.io https://api.getrewardful.com https://pipedream-production-workflow-attachments.s3.amazonaws.com https://pipedream-files-production.s3.amazonaws.com https://pipedream-files-makedev.s3.amazonaws.com;default-src 'none';font-src 'self' *.pipedream.com data: fonts.gstatic.com https://fonts.intercomcdn.com;frame-src 'self' *.pipedream.com https://www.youtube.com/ www.googletagmanager.com https://js.stripe.com https://tally.so accounts.google.com *.doubleclick.net;img-src * data: blob:;media-src 'self' *.pipedream.com res.cloudinary.com https://js.intercomcdn.com;object-src 'self' data:;script-src 'self' *.pipedream.com 'nonce-1240233329406697' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://cdn.s.pipedream.net https://js.stripe.com https://tally.so accounts.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' *.pipedream.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com accounts.google.com;worker-src 'self' *.pipedream.com data: blob:;form-action 'none';frame-ancestors 'none';report-uri https://o210198.ingest.sentry.io/api/5660875/security/?sentry_key=97aa41261e6e462d93e454687a0d01f2&sentry_environment=production 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: www.youtube-nocookie.com  www.googleadservices.com  bigcloud.presidio.com:443 csa.presidio.com:443 region1.analytics.google.com open.spotifycdn.com region1.google-analytics.com *.cookieyes.com spaceman.presidio.com uccftp.presidio.com gitblit.presidio.com kit.fontawesome.com okr.presidio.com spaceman.presidio.com:443 cdn2.hubspot.net js.hs-analytics.net forms.hsforms.com forms.hubspot.com cpuser.presidio.com:443 js.hs-banner.com d2o0yh38wy20at.cloudfront.net play.hubspotvideo.com cms.presidio.com login.ms.presidio.com cpuser.presidio.com px4.ads.linkedin.com codaglobal.wpengine.com content.hotjar.io csa.presidio.com *.cloudfront.net in.hotjar.com blog.arkphire.com wss://*.hotjar.com *.hotjar.io *.hotjar.com ws19.hotjar.com uccftp.presidio.com:443 pass.presidio.com okr.presidio.com okr.presidio.com:443 cyber.presidio.com spamq.presidio.com tpass.presidio.com www.presidio.com:443 tpass.presidio.com:443 bigcloud.presidio.com pass.presidio.com:443 portal.presidio.com *.brighttalk.com gitblit.presidio.com www.coda.global js.hsadspixel.net pro.fontawesome.com use.fontawesome.com *.arkphire.com *.presidio.com login.ms.presidio.com wordpress.coda.global dev-okr.presidio.com dev-okr.presidio.com:443 dev-okr.presidio.com www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com cta-service-cms2.hubspot.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com fonts.googleapis.com fonts.gstatic.com ipapi.co geoip.cookieyes.com coda.global www.google.com www.google.co.in analytics.google.com www.youtube.com t.co www.google-analytics.com analytics.twitter.com cs.lf-discover.com tr.lfeeder.com px.ads.linkedin.com ws15.hotjar.com vars.hotjar.com wss.hotjar.com vc.hotjar.io ws9.hotjar.com www.google.ie stats.g.doubleclick.net region1.analytics.google.com cdn.linkedin.oribi.io px.ads.linkedin; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com  *.cookieyes.com bigcloud.presidio.com spamq.presidio.com  portal.presidio.com  gitblit.presidio.com csa.presidio.com cdn.jsdelivr.net js.hscta.net kit.fontawesome.com www.youtube.com *.usemessages.com *.hs-scripts.com js.hscollectedforms.net unpkg.com *.hubspotusercontent20.net *.hubspot.com *.hsforms.com js.hsleadflows.net cdn2.hubspot.net js.hs-banner.net d2o0yh38wy20at.cloudfront.net cdn2.hubspot.net www.arkphire.com blog.arkphire.com unpkg.com platform.twitter.com platform.linkedin.com static.hsappstatic.net script.hotjar.com ajax.googleapis.com www.gstatic.com www.google.com cdnjs.cloudflare.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com connect.facebook.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net www.brighttalk.com app.hubspot.com js.hsleadflows.net www.arkphire.com unpkg.com no-cache.hubspot.com ak5.picdn.net forms.hsforms.com use.fontawesome.com pro.fontawesome.com cta-service-cms2.hubspot.com fonts.googleapis.com sc.lfeeder.com fonts.gstatic.com www.google.co.in analytics.google.com static.hotjar.com static.ads-twitter.com snap.licdn.com analytics.twitter.com ws15.hotjar.com vc.hotjar.io; connect-src 'self' 'unsafe-inline' api.nelioabtesting.com px.ads.linkedin.com www.googleadservices.com *.cookieyes.com *.google.com region1.analytics.google.com ipapi.co www.googleadservices.com  www.youtube-nocookie.com csa.presidio.com d2o0yh38wy20at.cloudfront.net *.hubapi.com *.hubspot.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com js.hs-banner.com cdn.linkedin.oribi.io blog.arkphire.com cdn2.hubspot.net wss://*.hotjar.com content.hotjar.io *.hotjar.com *.hotjar.io codaglobal.wpengine.com forms.hubspot.com cta-service-cms2.hubspot.com www.google.com stats.g.doubleclick.net *.cloudfront.net www.youtube.com connect.facebook.net www.gstatic.com csmetrics.hotjar.com cdnjs.cloudflare.com api.hubapi.com ajax.googleapis.com www.arkphire.com www.googletagmanager.com in.hotjar.com googleads.g.doubleclick.net www.google-analytics.com analytics.google.com cs.lf-discover.com; style-src 'self' 'unsafe-inline' spamq.presidio.com csa.presidio.com cdn2.hubspot.net static.hsappstatic.net www.arkphire.com *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.net *.hsforms.net clearpathdev.wpengine.com *.hsforms.com js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com unpkg.com no-cache.hubspot.com ak5.picdn.net cta-service-cms2.hubspot.com forms.hsforms.com fonts.googleapis.com *.arkphire.com use.fontawesome.com js.hsleadflows.net pro.fontawesome.com app.hubspot.com d2o0yh38wy20at.cloudfront.net; img-src 'self' 'unsafe-inline'  blob: data:  'unsafe-eval' px4.ads.linkedin.com googleads.g.doubleclick.net www.google.com syndication.twitter.com forms.hsforms.com www.googletagmanager.com forms-na1.hsforms.com blog.arkphire.com www.facebook.com cdn2.hubspot.net www.arkphire.com ak5.picdn.net no-cache.hubspot.com 1954099.fs1.hubspotusercontent-na1.net perf.hsforms.com perf-na1.hsforms.com track.hubspot.com secure.gravatar.com px.ads.linkedin.com t.co analytics.twitter.com www.google.co.in; frame-src 'self' td.doubleclick.net trello.com px.ads.linkedin.com googleads.g.doubleclick.net www.brighttalk.com blog.arkphire.com youtube.com www.youtube-nocookie.com open.spotifycdn.com www.youtube.com portal.presidio.com csa.presidio.com open.spotify.com cdn2.hubspot.net d2o0yh38wy20at.cloudfront.net *.hubspot.com *.hsforms.com forms.hsforms.com www.facebook.com platform.twitter.com www.google.com  blog.arkphire.com play.hubspotvideo.com spaceman.presidio.com lyncdiscover.presidio.com *.presidio.com; font-src 'self' data: blog.arkphire.com www.arkphire.com csa.presidio.com  cpuser.presidio.com tpass.presidio.com dev-okr.presidio.com gitblit.presidio.com spamq.presidio.com pass.presidio.com cdnjs.cloudflare.com clearpathdev.wpengine.com fonts.gstatic.com use.fontawesome.com cdn2.hubspot.net script.hotjar.com pro.fontawesome.com; object-src 'none'; worker-src blob:; child-src blob: gap:; 1
default-src https: data:; connect-src https: wss:;  script-src 'unsafe-inline' 'unsafe-eval' https: api.mapy.cz *.googletagmanager.com *.google-analytics.com cookies.praguebest.cz;style-src 'unsafe-inline' 'self' api.mapy.cz *.googleapis.com *.google.com *.cloudfront.net cookies.praguebest.cz 'strict-dynamic' https: http:; object-src 'self';  img-src 'self' https: data:;  font-src https: data:;frame-src 'self' frame.mapy.cz *.timetable.cz *.hotjar.com jrportal.dpp.cz spojeni.dpp.cz *.google.com *.googletagmanager.com *.youtube.com *.facebook.com; base-uri 'self'; report-uri https://dppreport.report-uri.com/r/d/csp/enforce 1
script-src 'nonce-rIIGSXzS6B3UXAlHks0xHw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/io_google; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com siteimproveanalytics.com *.cloudflare.com *.youtube.com *.ytimg.com *.cookielaw.org *.issuu.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: *.siteimproveanalytics.io *.cookielaw.org *.google-analytics.com *.ytimg.com *.twitter.com; frame-src 'self' *.google.com *.youtube.com *.ytimg.com vimeo.com *.vimeo.com *.issuu.com *.office.com *.twitter.com *.spotify.com *.soundcloud.com quiz.tryinteract.com *.arcgis.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net vimeo.com *.vimeo.com *.cookielaw.org *.onetrust.com *.issuu.com *.twitter.com; child-src 'self' blob: *.youtube.com *.ytimg.com; frame-ancestors 'self' *.office.com *.twitter.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *;  img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'  1
img-src 'self' https: ; object-src 'none';    1
default-src * tez: gpay: phonepe: paytm: paytmmp: bhim: upi: credpay:; style-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; child-src * tez: gpay: phonepe: paytm: paytmmp: bhim: upi: credpay:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.net 1
child-src 'self'; connect-src * ws: swapi.co; default-src 'self'; img-src 'self' 'unsafe-inline' data: ctia.wpengine.com ctia-wp.herokuapp.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com www.ctia.org *.facebook.com *.google-analytics.com t.co *.amazonaws.com *.ctia.org maps.googleapis.com img.youtube.com newton.newtonsoftware.com recruitingbypaycor.com *.linkedin.com acsbapp.com web1.acsbapp.com googletagmanager.com; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com *.ctia.org acsbapp.com googletagmanager.com; object-src 'self'; media-src 'self' ctia.wpengine.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com ctia-wp.herokuapp.com s3.amazonaws.com *.ctia.org *.youtube.com newton.newtonsoftware.com recruitingbypaycor.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ctia.org www.ctia.org ctia.wpengine.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com cdn.polyfill.io *.google-analytics.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com newton.newtonsoftware.com recruitingbypaycor.com *.ctia.org *.youtube.com *.ytimg.com acsbapp.com *.googletagmanager.com 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-LMMDgRon+FgUuDe7YxnyjA3bsZwBELbOGpigefLmdmY=' 'sha256-7jkemgkNZQENsZTHY6o71kmdy2ogE1ZmevVIUkD/dl4=' 'sha256-yXwpZS7L2K7jhv4/dgcRwKbTG2yXRYT0TqXtQUKzK54=' 'sha256-MqmNydO+R9Q++R30Q3DAis0yIjih+fbXgIRBP13z9SA=' 'sha256-WxC7KQpf53Z+RVyeJPNGmKsp0rCVT8ezTdlY/TLe5EE=' 'sha256-fX5Z8g4NuinimfxhObhly5cA6+/oxM19FXe/0EStTzk=' 'sha256-gGx5EMhP2RLCE+c5vdpzuyUD3yRwkW23443sHb6dVA0=' 'sha256-jv13crdaNkJdUJVqKMs3v7kYoYRHZzFpKVe4/peNTh8=' 'sha256-pbnpgPqiBOz7hzoiMSGIC6tFh9u6/XYdxr8SaGCgv78='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; frame-src *.vimeo.com *.youtube.com *.ctia.org flickrembed.com *.youtube.com youtu.be *.youtu.be *.boxwoodtech.com newton.newtonsoftware.com recruitingbypaycor.com 1
frame-ancestors 'self' https://*.pageroonline.com 1
frame-ancestors 'self' http://webvisor.com https://metrika.yandex.ru https://ad.adriver.ru https://ads.adfox.ru https://vk.com https://mirtesen.ru https://karusel-tv.mirtesen.ru http://karusel-tv.mirtesen.ru https://gg2023.karusel-tv.ru 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 1
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 1
default-src 'self' chat.oesterreich.gv.at; script-src 'self' chat.oesterreich.gv.at 'unsafe-inline'; img-src data: 'self'; connect-src 'self' services2.lfrz.at wss://chat.oesterreich.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com vimeo.com player.vimeo.com https://pubmon.a-sit.at/monitoring-service-p/; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'  *.google.com *.google-analytics.com *.youtube.com *.plyr.io *.visualstudio.com *.googleapis.com *.doubleclick.net *.sharethis.com cdn.cookielaw.org geolocation.onetrust.com analytics.tiktok.com *.oribi.io; font-src *; script-src 'self'  'strict-dynamic' 'unsafe-inline'  'unsafe-hashes' *.googleapis.com az416426.vo.msecnd.net snap.licdn.com *.googletagmanager.com s3.amazonaws.com *.google.com *.gstatic.com googleads.g.doubleclick.net *.google-analytics.com *.googleadservices.com cdn.cookielaw.org geolocation.onetrust.com 'nonce-586bdde9-0566-45d5-ad44-2daacbfe78ac'; style-src *  'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com; img-src 'self' data: *.episerver.net *.google.com *.google-analytics.com *.youtube.com *.plyr.io *.visualstudio.com *.googleapis.com *.doubleclick.net *.sharethis.com *.gstatic.com *.mdhv.io *.linkedin.com *.googletagmanager.com *.prnewswire.com c212.net *.mathtag.com *.adsymptotic.com *.cloudfront.net *.vimeocdn.com  cdn.cookielaw.org geolocation.onetrust.com analytics.tiktok.com; frame-src 'self' youtube.com www.youtube.com moncur.freshdesk.com www.google.com player.vimeo.com *.bugherd.com cdn.cookielaw.org geolocation.onetrust.com dana.mediaroom.com; frame-ancestors 'self' ; object-src 'self'; base-uri 'self' ;  form-action 'self' *.salesforce.com;  media-src *.dana.com *.episerver.net cdn.cookielaw.org geolocation.onetrust.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7jodmh5iqueq7&partner=; 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de  kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.cdninstagram.com *.instagram.com *.twimg.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1
report-uri https: 1
default-src 'self' www.aptiv.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.facebook.net *.facebook.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cookie-cdn.cookiepro.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com *.vimeo.com cdnjs.cloudflare.com cdn.jsdelivr.net *.marketo.com *.mktoutil.com *.aptiv.com *.demandbase.com *.company-target.com *.angularjs.org *.vimeocdn.com *.hawksearch.net *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.ceros.com *.matomo.cloud 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org assets.adoberesources.net *.adobe.com internet-na.aptiv.com internet-cloud.aptiv.com internet-cloud.aptiv.com:6082 'unsafe-eval' https://cdn.insight.sitefinity.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://dec.azureedge.net web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.aptiv.com cookie-cdn.cookiepro.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.marketo.com *.aptiv.com *.hawksearch.net 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.typekit.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.aptiv.com aptiv.com *.google-analytics.com *.google.pl *.facebook.com *.facebook.net *.fbcdn.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com www.google.com googletagmanager.com px.ads.linkedin.com p.adsymptotic.com connect.facebook.com connect.facebook.net i.vimeocdn.com aptivtest.azurewebsites.net match.prod.bidr.io *.company-target.com id.rlcdn.com productdata.aptiv.com downloads.aptiv.com *.mouser.com *.doubleclick.net *.cookielaw.org *.ceros.com asset-prod1a-euw.productmarketingcloud.com 'self' https://dec.azureedge.net track.hubspot.com asset.productmarketingcloud.com https://assets.adoberesources.net https://lh3.googleusercontent.com *.googlesyndication.com *.googletagmanager.com *.google.de google.de google.ie aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.linkedin.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: www.aptiv.com maxcdn.bootstrapcdn.com *.typekit.net; form-action *.aptiv.com *.azurewebsites.net *.facebook.com *.facebook.net *.azurefd.net 'self' login.microsoftonline.com; connect-src accounts.google.com *.mktoresp.com *.google-analytics.com www.facebook.com *.marketo.com *.mktoutil.com *.aptiv.com *.g.doubleclick.net blob://* blob: *.company-target.com *.hawksearch.net *.hawksearch.com *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.facebook.com *.facebook.net *.matomo.cloud 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.adobe.io wss://*.adobe.io *.google.com *.googlesyndication.com tag-logger.demandbase.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: www.aptiv.com www1.aptiv.com downloads.aptiv.com *.vimeo.com aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.akamaized.net; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io 'self' internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com; frame-src 'self' apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com 1
object-src 'none';base-uri 'self';frame-ancestors 'self';script-src 'nonce-27578d9034913f63ef06a5b1a7ec4846' 'unsafe-eval' 'unsafe-inline' 'self' https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://mc.yandex.com  https://mc.yandex.uz https://www.google.com https://pagead2.googlesyndication.com https://www.google.cz https://www.gstatic.com;script-src-elem 'nonce-27578d9034913f63ef06a5b1a7ec4846' 'unsafe-inline' 'self' https://trikotazh.by https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://www.google.com https://www.gstatic.com https://data:3001 https://blob:3001;connect-src 'self' https://*.mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.by https://ymetrica1.com https://yandexmetrica.com:*  https://adservice.google.com https://connect.facebook.net https://www.google.com https://www.google.kz https://www.google.by https://www.google.ru https://www.google.fr https://www.google.com.cy https://www.google.com.ua https://www.google.pl https://www.google.de https://www.google.ge https://www.google.co.il https://www.google.com.tr https://www.google.com.hk https://www.google.co.uk https://www.google.nl https://www.google.ee https://region1.analytics.google.com https://vk.com https://ymetrica1.com https://top-fwz1.mail.ru https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://api.carrotquest.app https://api.carrottrack.app https://o4504796596404224.ingest.sentry.io https://*.trikotazh.by https://region1.google-analytics.com https://googleads.g.doubleclick.net http://327.0.0.1:* https://translate.googleapis.com https://www.google.am https://www.google.ch https://www.google.se https://www.google.fi https://www.google.co.uz https://www.google.no https://www.google.md https://www.google.com.mx;report-uri /csp.php 1
default-src 'self'; img-src 'self' data:; style-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' https://ale-chat.datalake.systems/ https://www.yammer.com/         https://customer.al-enterprise.com https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/;         child-src 'self' https://*.doubleclick.net/ https://ale-chat.datalake.systems/ https://www.yammer.com/ https://customer.al-enterprise.com         https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/ https://maps.google.com/ https://www.facebook.com/ https://use.fontawesome.com/; worker-src 'self' blob:; 1
frame-ancestors 'self' http://www.philips.com.tr *.philips.com *.philips.com.tr https://philipsigtdpv.com 1
base-uri 'self'; connect-src 'self' https://api.opencagedata.com https://cdn.usefathom.com; font-src 'self'  https://assets.opencagedata.com; object-src 'none'; frame-ancestors 'none'; frame-src https://blog.opencagedata.com https://js.stripe.com https://forms.reform.app https://status.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' https://assets.opencagedata.com https://js.stripe.com https://cdn.jsdelivr.net https://unpkg.com https://embed.reform.app https://cdn.usefathom.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-bbf468d78e14e4b901bb1bf443b6a21a'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://unpkg.com https://assets.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' font.daena.me; script-src 'self' 'unsafe-eval' 'sha256-KqWJ/hsiZBKjo3p7KewyrqVfiyggybYk6HUplj9Yrb0=' lib.daena.me; connect-src https:; base-uri 'none'; frame-ancestors 'none'; img-src https: blob:; font-src 'self' font.daena.me 1
default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.googleapis.com https://ad.adverticum.net https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://uj.jogtar.hu https://www.googleadservices.com https://www.google-analytics.com https://region1.google-analytics.com https://*.google.com https://www.google.hu https://www.google.ie https://www.google.pl https://www.googletagmanager.com https://*.gstatic.com https://service.maxymiser.net https://fiok.wolterskluwer.hu https://calculators.rsm.hu https://*.purechat.com https://*.purechatcdn.com wss://*.prod-aws.purechat.com https://secure.gravatar.com https://*.wp.com https://code.jquery.com https://ipmeta.io https://www.youtube.com https://assets.contenthub.wolterskluwer.com https://lrhungary.wolterskluwer.com https://*.adocean.pl https://admwhu.hit.gemius.pl https://cdn.nwmgroups.hu https://ads.wk.hu https://purechat-prod-files.s3.us-east-2.amazonaws.com https://region1.google-analytics.com; report-uri /report_csp.php 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com  https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ wasm-eval; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 wss://*.cm.steampowered.com:* https://*.cm.steampowered.com:* wss://*.steamserver.net:* https://*.steamserver.net:* ws://localhost:27062 https://* ; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://w.soundcloud.com https://codepen.io https://streamable.com/ https://player.twitch.tv/ https://clips.twitch.tv/ https://sketchfab.com/ https://open.spotify.com/; frame-ancestors 'self' https://steamloopback.host ; 1
frame-ancestors 'self'; block-all-mixed-content; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com www.googletagmanager.com; base-uri 'self'; form-action 'self'; report-uri https://www.intaspharma.com/report; 1
frame-ancestors *.cadremploi.fr *.fcms.io 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' ; font-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.gstatic.com use.typekit.net styles.assets-landingi.com geowidget.easypack24.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net amazonaws.com geowidget.easypack24.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.googletagmanager.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net maps.google.com maps.googleapis.com s.ytimg.com region1.analytics.google.com analytics.google.com geowidget.easypack24.net www.clarity.ms clarity.ms googleads.g.doubleclick.net *.clarity.ms region1.google-analytics.com; connect-src 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com analytics.google.com region1.analytics.google.com stats.g.doubleclick.net www.google.pl www.facebook.com maps.googleapis.com region1.analytics.google.com analytics.google.com api-pl-points.easypack24.net osm.inpost.pl clarity.ms *.clarity.ms pagead2.googlesyndication.com region1.google-analytics.com; frame-src 'unsafe-eval' 'unsafe-inline' 'self' www.facebook.com www.youtube.com td.doubleclick.net; img-src * 'self' data: https:; object-src 'unsafe-eval' 'unsafe-inline' 'self' data: 1
default-src 'none'; worker-src 'self' blob: *.e-construction.gov.ua www.googletagmanager.com www.google-analytics.com; base-uri 'self' *.e-construction.gov.ua; connect-src 'self' www.google-analytics.com; media-src 'self' *.e-construction.gov.ua; script-src 'self' 'unsafe-eval' 'nonce-filter_address' 'nonce-filter_address_no_issue' 'nonce-analytics_tabs' 'nonce-atu_city_filter' 'nonce-atu_com_filter' 'nonce-atu_ray_filter' 'nonce-atu_region_filter' 'nonce-bud_pass_switcher' 'nonce-bud_passports_filter' 'nonce-building_oblect_finished_datasets' 'nonce-build_objects_filter' 'nonce-calculator' 'nonce-certified_persons_filter' 'nonce-dabi_history_public_card_for_print_plan' 'nonce-dataset_search' 'nonce-document_filter' 'nonce-document_detail_class' 'nonce-edesb_organizations_filter' 'nonce-edesb_project_organizations_filter' 'nonce-ep_efficiency_org_filter' 'nonce-ep_efficiency_specialist_filter' 'nonce-laws_filter' 'nonce-map_warning' 'nonce-mbd_discuss_filter' 'nonce-mist_bud_cr_filter' 'nonce-no_issue_bp_register_filter' 'nonce-no_issue_myo_register_filter' 'nonce-no_myo_filter' 'nonce-org_address_set_filter' 'nonce-organizations_filter' 'nonce-permits_doc_modal' 'nonce-permits_doc_bud_modal' 'nonce-permits_doc_dec_dataset' 'nonce-permits_doc_new_filter' 'nonce-permits_doc_pre_filter' 'nonce-pmap_regions_filter' 'nonce-proj_acts_filter' 'nonce-proj_exp_filter' 'nonce-proj_exp_doc_filter' 'nonce-proj_inv_filter' 'nonce-search_in_registers_frm' 'nonce-shp_geojson_convector' 'nonce-tech_inventory_filter' 'nonce-template_offset' 'nonce-tip_dov_filter' 'nonce-urban_planning_filter' 'nonce-404_style' 'nonce-ecabinet_load_more_script' 'nonce-ecabinet_load_more_script_second' 'nonce-ecabinet_load_more_script_third' 'nonce-proj_exp_doc_review' 'nonce-ecabinet_tree_modal_script' 'nonce-geojson_editor' 'nonce-login_style_second' 'nonce-map_current_pos_script' 'nonce-search_widget_script' 'nonce-menu_toc_script' 'nonce-template_lang_script' 'nonce-header_search_script' 'nonce-laws_detail_script' 'nonce-laws_detail_script1' 'nonce-google_analitics_script' 'nonce-api_key_script' 'nonce-352acdc8af3009870977ebaf4aac50c5e124bb09' 'sha256-Kl/DrZ+eaObeZi3j5DZh4ejkR98JKe/GTA8Ge+LZxFU=' 'sha256-5IToqa+8U5/8+A3LHSZeOsMUXFtXla0jmUQ93yk8PRQ=' 'sha256-FG/3pekIR/pWqykCSxjhxjzlC3WWpfh2c/gZMoT/MYQ=' 'sha256-9RlXPBRlXf39LE/cNy11BohKli7Jmr6e4ncRFR9Zb4o=' 'sha256-cPcWwJVZELrX4e/1JLnxmOqCoJW/vq1O4m3eUFMxmOE=' www.gstatic.com static.addtoany.com ssl.google-analytics.com www.google-analytics.com google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: e-construction.gov.ua tile.osm.org data.gki.com.ua ssl.google-analytics.com www.google-analytics.com google-analytics.com www.googletagmanager.com tile.openstreetmap.org.ua; style-src 'self' 'unsafe-hashes' 'nonce-dabi_history_public_card_for_print_style' 'nonce-template_style' 'nonce-copy_geojson_editor_style' 'nonce-ecabinet_load_more_style' 'nonce-ecabinet_load_more_style_second' 'nonce-ecabinet_load_more_style_first' 'nonce-ecabinet_tree_modal_style' 'nonce-home_search_style' 'nonce-login_style' 'nonce-a_oblect_style' 'nonce-map_bp_style' 'nonce-map_community_style' 'nonce-map_current_pos_style' 'nonce-map_myo_style' 'nonce-projdoc_style' 'nonce-map_uservices_style' 'nonce-menu_toc_style' 'nonce-vue_map_community_style' 'nonce-vue_map_style' 'nonce-closed_faq_style' 'nonce-proj_exp_style' 'nonce-proj_exp_detail_style' 'nonce-352acdc8af3009870977ebaf4aac50c5e124bb09' 'sha256-CA/eh4+2R0J7cEQ14gBMtx834RIOjzMUqCM+evtrkp4=' 'sha256-yOjJRnXSmSZ9EuZBUixfAISiyDZHhpIbojIntU2b2HE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-BHcAINizTmZ6uiW0KZAhwsNP828o87NMquXLJcZu/9s=' 'sha256-/WDo2o0b2cFO1WpkB/DGGrhTRRqG6w6In5xgC/pQGKE=' 'sha256-a5movgEyT3G7s5xtQEAzdh/UOzoT//9NXWZEPQTbVS0=' 'sha256-1TaxV2g5DuZ1dosJuqJH5BDqWxUomZv/zs+u5xpgf9E=' 'sha256-Ne7PPoMRWtUeyrgxzeR14e4YIa52zkeYCm/kHcjzUGI=' 'sha256-QAXEJjaPkTF4stiAp9/bgQRfgIgCFe66yIIEly5yh1Y=' 'sha256-zI0Hz6x/WT9Qvn2EDu9Q0rgL0GCfLkZTHwbh1oVhPfQ=' 'sha256-Vbn15w4L0ziLN1OuYURjOvVoz+/tJHBgkxW8f900FuA=' 'sha256-Vy1P/hUxRpKgSV5FflS+XcRFLVYTfcRXkjKr3CiKba8=' 'sha256-Sv4HqjGQDBURYnqJQSlHLYWZlygMzDHbmPBnm1PwUEQ=' 'sha256-O6469kva/kKTgm0dt+LXcbCDdslkrSRtLDaPOJdixOk=' 'sha256-BUIfshRxsI+erxcBWb/F/8oH1xh7s8fZ99PDNuDf/Y0=' 'sha256-g4cKa0bUR4GuY4secF4m7WkLMBmtzIBUVkV8zyX4Rps=' 'sha256-dtebT8SAv2d34Twd7Oo2StmqrLode7cmB2I/h/C/Dfs=' 'sha256-hqU8ETFvD/kgGiEHBZBkaMtX/+MD4nvmRuNlEuBQaTw=' 'sha256-aNMFBK0eDj+JpY3t55l7i0bDyFTT/KSFx0txvwa65fg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-lv2ugyS/pJDeW3mTLfmPCCaZn+OlhcmX+a7j5KmnlDE=' 'sha256-xFUklDGy5c+Hfa37UKwBqtrGkGn5OHVkY3+nMJJ3mJ4=' 'sha256-6qWPYxX1Sj/O1GPUnpyDLDXoLNwMDbAIW6Wox/cQido=' 'sha256-0NE3+BxbuBFP00uzcRBLWFrEW8F6k+hYdT2ynLKnltc=' 'sha256-ZQolXPxK9qyfnv24GYrIojZGt1ZRLMgGMcX9nnzbVWU=' 'sha256-Ao7yVLvXjxiiTmtL/qhbem7aqLz0f52vXaH53mQCpWw=' 'sha256-8oz7jiza7f4jMm8YTo1oAw5AtmGEMFvkNgni5pP8hag=' 'sha256-3sNQ0HibEtLsq4ePo2BrvwdcUQT7iH4c+pINTbMMWE4=' 'sha256-tCGlcnzdzlbSnhr0u9HR4ROCA7sKRLWVOr72FVEUeb8=' 'sha256-waCk+iFULOJwfSI545MgnNpshHu8kSCbTmeNukWzy6c=' 'sha256-lOpTkV3NOxe1nwtxxwXnmGPd7uzF13vyD52DmrXuq6M=' 'sha256-NL/gI6kmYeUNDxsMgoJZkfwqurTegYmvQF9Xafqq9sg=' 'sha256-ZM4rNkrkBlwbOt/AH5l1PJ43Kq4CkD/8d1L5CfYydQw=' 'sha256-64mcSQVXen0ozr47xSkKV1HYsyhyGdqiyaDRzn1HIW4=' 'sha256-kv5tIGzYbczh//M02PlcZlQkubLuoZCyHyR5Fp8mwSk=' 'sha256-wvMwIdt7JPBqB2Bv/eTt1BGJLFKcP5JlXAAB2fb05wA=' 'sha256-X7xLlX3nd3lalFQobZsLZ+66Ai2aXW3Kn4hUJyKWbP4=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-7rEqSAuuB6CE8tSDj++HkI9QqisBgGTO8poo8RB/bfE=' 'sha256-9FYWSXQd3MPp0zSh79BXTOdGcwhQHNoxpPE20yO73FM=' 'sha256-Qodt554xS9Gx6sN/HHlafqpqG3/Wy8f788gNZpvQu7Q=' 'sha256-cv/v8CwDjgce+Dsn5LMp7zQ8jWkG4R7INAYCGTfBjAA=' 'sha256-tEh95PoZznvQefR7eKQGNAbo//wTGpgfkFulPssZ4S0=' 'sha256-S05kt8AAF17zus0k1BO6ai8usOyVrrERaYkBqojjals=' 'sha256-iahLe306jTH/itxOUKAfLP+0iyj2EROk94j9MW02c/s=' 'sha256-zsgHL3ixdz2Loo5gzcowTVl0TE6kVkRAapvKsYui1D4=' 'sha256-uJr7zn7tetr8XIwLOOkntlji58xdgju5p1fWyXdB0eg=' 'sha256-VLNxemPQZnm+SsnDVzHGiqDkHd3cg63OhqbExFt6TPY=' 'sha256-Mvsp77heuEPm7zRATyUk/qLvOCN0lwgUfh8tzx/2ync=' 'sha256-NRArJEWkWsjxBHdcDFWi1iHeqOtzKecz/CloQLINn+I=' 'sha256-bi3HFJcNBVK3MlXqtiDB8bWYMYX6AY25GWNTWZklWXo=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-6N/cRf1zW49gXGNmd17wjPWzPJqcZ3SFPWOz0H4EsD0=' 'sha256-/VFP+3CtCcwd46K5614fqBO1WFi9gjYxhhPJXTNrtbo=' 'sha256-r8zR3S6YuWY5tpo2Y0PvZHW5fa+SKLNon9zbEWb5UPA=' 'sha256-LS/ZIFPAT9KPjCk5V0901KS9g3GwfjISwuOm9Xd6sKk=' 'sha256-zwtzM0cpnQxIf4/Xo2LtVL85QToSk75IfJ/DXNdK7I0=' 'sha256-aFVi6tos71jdh1FJx9LGkPrQVYCJ9Bi9PWGNmT/7HlA=' 'sha256-7EsAMeREkK79Fehg/J9i/q7z6dg+QmqvSytxvn9RgjY=' 'sha256-RJ+X9gZ6rsPhL8OuqgaZWEfo9f83e/IiuxuBmmLJEms=' 'sha256-QW838BRHmLWcW/ASair65JeA39JNH9F6vSuEK4SyBRQ=' 'sha256-BUID6RRVMvlGnTpJmAqLKmQZaCVXGpxZMHJgnm2mbgE=' 'sha256-MSQpaJI4vfCHF5bBMX33hGcCUFhSsaBqjKtudiM49ps=' 'sha256-4F1KMwFOf3Et5hAZD+Yk3BSQQ/OJ9DPE6ScJTFG9iac=' 'sha256-EZozIp/+S0vPfvzjYv0agKnLI5vmORzjRw4aB5IAwo4=' 'sha256-jTCk2U08h+jEgJ5tb50DvFskHM9w0RBajCZh/dCOtT8=' 'sha256-obO/xhU2t7ZZH7P26m0bPWC23wrR8kTwph7nhyZz1t4=' 'sha256-2ay5vfrvvA5Tfe6dWFNXuRAIcu0kz6uh142frtaHGLY=' 'sha256-SA336N/KoprMLrUYmwhYWjgZpEYoULq9NqulkSwhYkk=' 'sha256-EQkjfZa6n3J6+A31GwJfddN3QU2MeFKvQIkY5Qlsva0=' 'sha256-iImG8aqHGMls34tI20aLtnhbNgFWeAhr1D2Vm32gVb4=' 'sha256-1S8WVw6R2dH6qS1wJlDJWOa22gxjXnwr9QjAXCZPZXg=' 'sha256-7HXcdY9H2bQnpmz4b6nuxTYNGxvVnDRldlMVWeA9ASs=' 'sha256-GsozRkFSkbjFeWahQt6MuWOfxwKORfrSsNrEywLvxoM=' 'sha256-otlizGgBEWD2S1Py/SjiGVvY+BVKbJKMu+BGuh8o0ME=' 'sha256-jzFIqF+VF0harY99vYrMmN4Pz3A+OqArLYmq1aNdqEk=' 'sha256-nq+1B7dOyJg4qp/ma23Dn9oHa1tX8x9OJaXslFSRvQ0=' 'sha256-67ciRBaCxEXt9AMGRr+vqjGkuQnWvvnoU+Y3io+VeGI=' 'sha256-jQ9u91YFPZBd7bKdKw9s+hwoLqy+S8mA/gVZW+hLN0o=' 'sha256-s+V1/4RrRHYk+0kgCj+BhycNEAMKtQOkpgWbtpOFF+4=' 'sha256-usSpS3+7ySNud2iiRZXZ4GdALvL78mYxtDxObBQxiuA=' 'sha256-5Uxm7sD6Jm5sVTWVvP2s9f44A51xlyYPewzw18W5ZRo=' 'sha256-atuwmgxh67oM7HAIkmCg622N7QrmqwaI9s71irnOw+M=' 'sha256-bjpf7bCjmxpqghWqn5WcmxrAZSO0JOkXl7dt0w4UxXo=' 'sha256-tD+kNwP5HDbvr8CujN01zwvylevh7tS5aiUdRD0fziU=' 'sha256-6vf9tWh6avQS6qe7AVhJQjnEJM+co/oChB4SCtvu26Y=' 'sha256-lkyamzsYq8nzTP0C7C9jNd5UIZjh4v3aH+NMSGbNtrk=' 'sha256-jejXO9qbyc5AKv5KcGMun0c6qnYknKjmNjnt7WFj4JU=' 'sha256-j2CulhlGbCPaFhGFbP0TgsXD2/rFFSyQlvA/My6tmAM=' 'sha256-PdgY5vpLWvvOCFqllMVyMtCjMUo4vXKsp43yHvba/HA=' 'sha256-i9J8suaCQYYEjdPbll3YMlviomTVub6PYKT4MZ68LDs=' 'sha256-X272OVS8TuIDtw7u/I9LqDNKrX+xEWx18TfSln23bs8=' 'sha256-oPUkOIY4+sl+NgmrMj6ev6q2I7McT6gQcISkfDG/0+I=' 'sha256-LmUek/DXniEp0sO9Ls38LPXGQWRAeAU/oQrphcFIN/Y=' 'sha256-uxdE0Tyz/lcO/87i1lhK4TuIA25zXS5vF7lnRKc9a0c=' 'sha256-vFWe/UzydyE2DbB0b3hT/c/bA5lR2onI26DILWnMHFU=' 'sha256-lNUOFbJi5PWnkPKL0bwnri3rMbKLx6RVmH3cTe9gwl0=' 'sha256-84d8dkIHbqp/37STvPHSxC8tHbaqmLItkk44phwDNfA=' 'sha256-UmvAmKMBAaLc0o1E+17zunrZ1Jlci3QG4Z1NBAKWlvk=' 'sha256-Gpg5O08Ew7SHHXJOPCJ2psbpEAcJXu/rNu7bKmWC3jA=' 'sha256-FbVwPkSYdqAEY20K6LYcjOlIWxlhcycOlXyN4SyWV3Y=' 'sha256-45zWoas0SCmtASt1xT6MCfi9w4zcKq27UkS2m3npgdM=' 'sha256-wMDeU1Aev3B1Y+lV2XG5A/YJRhxBZ61eXYJE6OXC7aE=' 'sha256-Q2IE/aWsGoG+fIbXLBvzXjOBmblLaprMIzLaFSS/aIA=' 'sha256-P5y6bXK69Lg5Lxl4ygiMejWJUOFER9fgWHIOvzSE93E=' 'sha256-KpSV7LuPYEu58+3u9LJr9v5Drm0uIKEv0h3u/+NVNm8=' 'sha256-1dnXzIOC+JMYHYNb8BO6+oslVC0zOUmvxcc1QFVHQLY=' 'sha256-NlLSTFDRnfQWxtM2Ze+aOJpmKyMsi30AYasxTvGRDPY=' 'sha256-XmITJ5zkb3nPeUmgLE8GGGeZ5nuiIO3yS6uUL7Yh7lU=' 'sha256-t28Sto2NWNUPLZW3emYDlB8lolJx/pt/uzdeZk+/Vw4=' 'sha256-m4edcspsiUL06wtd7wnpJiHBPa8/mhZYca65wvp55XQ=' www.gstatic.com fonts.googleapis.com; form-action 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' eu.iit.com.ua static.addtoany.com; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors d.pr 1
default-src 'none'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; manifest-src 'self' https:; form-action 'self' https://*.tjsc.jus.br; font-src 'self' data: https:; img-src 'self' data: https:; media-src 'self' blob: https:; connect-src 'self' blob: https:; child-src 'self' blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.ftrace.com  https://s2.adform.net  https://track.adform.net  https://2023-lidl-joulukalenteri.vercel.app  https://*.adnami.io  https://*.iltapulu.fi  https://*.gloria.fi  https://*.etlehti.fi  https://*.hyvaterveys.fi  https://*.kodinkuvalehti.fi  https://*.soppa365.fi  https://*.vauva.fi  https://*.iltasanomat.fi  https://*.iltalehti.fi  https://*.telkku.com  https://*.kotikokki.net  https://*.rantapallo.fi  https://*.nettiauto.com  https://*.tori.fi  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.ftrace.com  https://2023-lidl-joulukalenteri.vercel.app; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://s2.adform.net  https://track.adform.net; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://2023-lidl-joulukalenteri.vercel.app  https://*.adnami.io  https://*.iltapulu.fi  https://*.gloria.fi  https://*.etlehti.fi  https://*.hyvaterveys.fi  https://*.kodinkuvalehti.fi  https://*.soppa365.fi  https://*.vauva.fi  https://*.iltasanomat.fi  https://*.iltalehti.fi  https://*.telkku.com  https://*.kotikokki.net  https://*.rantapallo.fi  https://*.nettiauto.com  https://*.tori.fi; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: https://static.highlight.io data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cookielaw.org *.onetrust.com *.googleapis.com *.gstatic.com *.coveo.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com siteimproveanalytics.com *.siteimproveanalytics.io *.vuture.net *.youtube.com *.ytimg.com *.thinglink.me *.thinglink.com code.jquery.com player.youku.com cdn.yoshki.com; upgrade-insecure-requests; block-all-mixed-content; 1
img-src 'self' https://cdn.arre.st https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com https://youtube.com/ http://www.google-analytics.com; object-src 'self' 1
default-src 'self';script-src 'self' 'nonce-T7wRmvUKiJBKLptxO6jq9Pok' http://stats.g.doubleclick.net https://fonts.googleapis.com https://www.linkedin.com https://www.facebook.com https://www.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://clientearth.azureedge.net https://files.clientearth.org https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'sha256-8ClMIq+X/pDDGtAAnpW99nxXnETPZFt73afLWMCUlSM=' 'sha256-ZjzVKhDN7wuRUPfNj0MSySSHkXWbsqzCz/avLfRGPlc=' 'sha256-M/casqsfWX1uO3ssgElz/yHQT1ICNBbgaJ7XkAD9IQc=' 'sha256-QIeXZnbBLXX3afVSNHMJNJcFAntPmT0IYPU75YpYodA=' 'sha256-Rqdy+sJCcP3qtS3tdKFbHuWV9NE9PGTItW4GSpRKN+M=' 'sha256-h4dbFGpqrsesdJh57CwCRrY2NzNmumVrfCFD6o++/4Q=' 'sha256-tz9SvugUA9YSInyGXolT1MO04pfWtYwUf1pdMF8s+NU=' 'sha256-cLVy/FNNxR52VnqgqaMOJwPor9p7Qa06Br1BiM3eboA=' 'sha256-BX/gLDkQ1xmZ2BnyH6yvQYHLMrpTSQGBXAul08fcGnY=' 'sha256-1ngK37eIux2ifjhtXRyPqzZZrL6wofUI0d2G9tt15dE=' https://lazyferret.com/lazyferret-scripts/1.min.js 'sha256-HRVFWWnPEydYDGzYpso70ArXt6ldXnPHHGZeN4j9YtA=' 'sha256-8I6OFNP3OM/Ae90qApFM8JnBKJlawXLqnU4Y112MxSw=' https://connect.facebook.net https://static.hotjar.com https://snap.licdn.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js 'sha256-832bMznOm6qWg0EdeOEmbTuLOWdeKLvyfqnqi/Aj/hs=' https://widget.proca.app;object-src 'self';style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://translate.googleapis.com https://clientearth.azureedge.net https://files.clientearth.org 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-w9CEzYhmvsTRzpOeD9qySBu+9qJ+adxh8W15E9GYwNE=' 'sha256-ZD0chCyBaNHl+4UwQHJIHGoYhKwMeyCXGgJTKW5/67E=' 'sha256-ICa0DhwZQJsOd/Rn0N8H6FdQ71GfNL+op2zhAQ+Y4mM=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-vZ6DERRW5CRT9PyrEI3g/oL9A6roiJHBAZEOgSnyvwY=' 'sha256-KWxDqbniGgEelO8aphwG50lBIjYfvbDELI46O1ZBC1o=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-b3IrgBVvuKx/Q3tmAi79fnf6AFClibrz/0S5x1ghdGU=';img-src 'self' https://use.typekit.net https://screenmediaclientearth.blob.core.windows.net https://clientearth.azureedge.net https://www.gstatic.com https://files.clientearth.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk data:;frame-src 'self' https://www.youtube.com https://vars.hotjar.com https://player.vimeo.com https://www.google.com https://www.riddle.com https://act.clientearth.org https://app.livestorm.co;font-src 'self' https://use.typekit.net https://fonts.gstatic.com;connect-src 'self' https://dc.services.visualstudio.com https://clientearth-stage.azurewebsites.net https://dev-clientearth.azure-api.net https://clientearth.azure-api.net https://api.clientearth.org https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk;base-uri 'self';form-action 'self' https://donate.clientearth.org;upgrade-insecure-requests 1
font-src *.klarnacdn.net *.ionicframework.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro https://www.gstatic.com https://fonts.gstatic.com *.yliopistonapteekki.fi *.ya.fi data: 'self' 'unsafe-inline'; form-action *.yliopistonapteekki.fi 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro consentcdn.cookiebot.com https://www.google.com maps.googleapis.com *.sttinfo.fi *.yliopistonapteekki.fi 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://images.ctfassets.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.amazonaws.com *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro https://www.googletagmanager.com https://www.google-analytics.com *.ya.lamia.tech *.ya.fi *.yliopistonapteekki.fi secure.adnxs.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com https://unpkg.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro consent.cookiebot.com consentcdn.cookiebot.com https://www.google.com https://www.gstatic.com www.custobar.com https://www.googletagmanager.com https://www.google-analytics.com *.sttinfo.fi *.ya.lamia.tech *.ya.fi *.yliopistonapteekki.fi ajax.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.ionicframework.com *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com *.piwik.pro *.containers.piwik.pro https://fonts.googleapis.com *.yliopistonapteekki.fi 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://api.contentful.com fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgcobrowse.com *.giosgusercontent.com wss://*.giosgcobrowse.com *.piwik.pro *.containers.piwik.pro consentcdn.cookiebot.com ws://127.0.0.1:9502 api.custobar.com https://www.google-analytics.com *.talentadore.com *.ya.fi wss://b2c-staging.ya.fi wss://b2c-test.ya.fi wss://b2c-prod.ya.lamia.tech wss://b2c-stg.ya.lamia.tech wss://b2c-dev.ya.lamia.tech wss://www.yliopistonapteekki.fi 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.giosg.com *.giosgusercontent.com *.giosgcobrowse.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';style-src 'self' https://*.blob.core.windows.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.blob.core.windows.net ;img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://*.blob.core.windows.net https://*.google-analytics.com data: 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.blob.core.windows.net https://cdn.botframework.com/botframework-webchat/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.botframework.com/ https://*.vo.msecnd.net/ https://tagmanager.google.com/ ;frame-src https://webchat.botframework.com/ https://www.youtube.com/ https://www.google.com ;media-src 'self' https://www.youtube.com/ https://*.blob.core.windows.net ;connect-src 'self' wss://directline.botframework.com/v3/  https://directline.botframework.com/v3/ https://dc.services.visualstudio.com/v2/track https://*.google-analytics.com https://base.mygovid.ie 1
font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.criteo.com *.mastercard.com *.tiktok.com *.api2pdf.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.nr-data.net *.criteo.com *.mastercard.com *.tiktok.com *.api2pdf.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.nr-data.net *.criteo.com *.mastercard.com *.tiktok.com *.api2pdf.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com *.raneen.com *.nr-data.net *.mastercard.com *.api2pdf.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.plugins.emarsys.net *.scarabresearch.com *.criteo.com *.mastercard.com *.tiktok.com *.api2pdf.com *.gateway.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com *.nr-data.net *.mastercard.com *.api2pdf.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.scarabresearch.com *.eservice.emarsys.net *.criteo.com *.mastercard.com *.tiktok.com *.api2pdf.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
default-src 'self' public.cobrowse.oraclecloud.com; script-src 'self' 'unsafe-inline' apps.mypurecloud.com cobrowse.mypurecloud.com public.cobrowse.oraclecloud.com; font-src 'self' www.principalcdn.com; connect-src 'self'; img-src 'self' public.cobrowse.oraclecloud.com; style-src 'self' 'unsafe-inline'; base-uri 'self';form-action 'self' 1
default-src *.megabank.com.tw *.google-analytics.com stats.g.doubleclick.net; font-src * data:; frame-src 'self' *.megabank.com.tw bid.g.doubleclick.net; img-src * data:; media-src *  data:; object-src 'none'; script-src *.google-analytics.com 'self' *.googletagmanager.com *.googleadservices.com connect.facebook.net googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' d.line-scdn.net; style-src * 'unsafe-inline'; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bobruisk.ru *.magilev.by *; default-src 'self' *.aservicecdn.com *.googlesyndication.com *.yandex.ru *.bobruisk.ru *.magilev.by; style-src 'self' 'unsafe-inline' *; frame-src *; font-src data: 'self' *; frame-ancestors 'self' http://webvisor.com/; worker-src 'self' blob:; img-src 'self' data: *; media-src 'self' data: *; connect-src 'self' * 1
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net embed.runkit.com; style-src 'self' cdn.jsdelivr.net; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com fonts.gstatic.com cdn.jsdelivr.net *.carbonads.com srv.carbonads.net adn.fusionads.net www.googletagmanager.com embed.runkit.com; 1
script-src 'report-sample' 'nonce-UaA2Z5cJfw7aB5R2s5EWIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self' *.every-pay.eu; img-src 'self' blob: data: *.knygos-static.lt *.zoombook.lt *.baltotrader.lt *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.fbcdn.net pipirai.imgix.net knygos-blogas.imgix.net *.gr-assets.com *.smooch.io *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.knygos.lt *.knygos-static.lt *.cloudflareinsights.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com *.googleadservices.com *.googleapis.com *.gstatic.com *.facebook.net *.fbcdn.net *.adform.net *.doubleclick.net *.nr-data.net *.newrelic.com *.rollbar.com *.smooch.io *.clarity.ms *.helpscout.net; style-src 'self' 'unsafe-inline' *.knygos-static.lt *.googleapis.com *.gstatic.com *.fbcdn.net cdn.smooch.io *.bootstrapcdn.com; font-src 'self' data: *.knygos-static.lt *.googleapis.com *.gstatic.com *.smooch.io; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.doubleclick.net; connect-src 'self' *.every-pay.eu *.baltotrader.lt *.google.lt *.google.com *.google.ge *.google-analytics.com *.facebook.com *.doubleclick.net *.nr-data.net wss://*.smooch.io https://*.smooch.io api.rollbar.com *.clarity.ms *.cloudfront.net *.helpscout.net; media-src 'self' balto.lt *.helpscout.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com; 1
frame-src 'self' *.paycomet.com *.sequracdn.com *.sequrapi.com *.soundcloud.com *.facebook.com *.brightcove.net *.google.com *.youtube.com *.vimeo.com http://10.11.12.251 *.criteo.net *.criteo.com *.trustpilot.com; 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn-secure.luckygunner.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.twitter.com *.userway.org sumo.com sumome.com twitter.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io cdn-secure.luckygunner.com data: https://seal.verisign.com media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com syndication.twitter.com twitter.com; manifest-src cdn-secure.luckygunner.com www.luckygunner.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com www.luckyreferrals.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: cdn-secure.luckygunner.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com www.luckyreferrals.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com cdn-secure.luckygunner.com cdn.userway.org sload.sumo.com sumo.b-cdn.net 1
frame-ancestors https://fashion.ovh/ https://parisfashionshops.com/ https://*.parisfashionshops.com/; 1
frame-ancestors 'self' *.labrujula24.com; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com static.micuentaweb.pe s3-sa-east-1.amazonaws.com s3.sa-east-1.amazonaws.com https://fonts.googleapis.com/ *.fontawesome.com https://static.micuentaweb.pe/static/ *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://secure.micuentaweb.pe/vads-payment/ https://static.micuentaweb.pe/static/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net s3-sa-east-1.amazonaws.com s3.sa-east-1.amazonaws.com *.google.com www.facebook.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net prod.flixgvid.flix360.io syndication.flix360.com hiraoka.com.pe assets-barracuda-runner.azureedge.net assets-barracuda-zoovu.azureedge.net nworkforce.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google. storage.googleapis.com jumper.pe www.google.com.ar images.unsplash.com orchestrator.production.aks.alquimio.cloud https://maps.googleapis.com/ https://maps.gstatic.com/ https://secure.micuentaweb.pe/static/latest/images/type-carte/ https://static.micuentaweb.pe/static/ https://secure.micuentaweb.pe/vads-payment/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com orchestrator.staging.aks.alquimio.cloud cdn.pointandplace.com gum.criteo.com cm.g.doubleclick.net google.com.pe visitor.omnitagjs.com ups.analytics.yahoo.com criteo-sync.teads.tv analytics.tiktok.com qr.pointandplace.com nova.collect.igodigital.com www.google.com.pe ads.stickyadstv.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com match.sharethrough.com s.ad.smaato.net criteo-partners.tremorhub.com ade.clmbtech.com sync-criteo.ads.yieldmo.com e1.emxdgt.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com r.casalemedia.com ad.360yield.com i.liadm.com exchange.mediavine.com x.bidswitch.net ib.adnxs.com contextual.media.net 1worldsync.com cdn.cs.1worldsync.com cc.cs.1worldsync.com www.clarity.ms clarity.ms *.1worldsync.com *.criteo.com *.stickyadstv.com *.creativecdn.com product-feature-service.production.alquimio.cloud hp.omnitok.com api.coop.omnitok.com api.coop2.omnitok.com/api *.omnitok.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.braindw.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net prod.flixgvid.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com arvr.google.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net nworkforce.com script.crazyegg.com s3.sa-east-1.amazonaws.com s3-sa-east-1.amazonaws.com sisapi.portinos.com hiraoka.com.pe connect.facebook.net static.micuentaweb.pe static-content-qas.vnforapps.com static.hotjar.com assets-barracuda-zoovu.azureedge.net cdn.inspectlet.com secure.micuentaweb.pe dpm.demdex.net amcglobal.sc.omtrdc.net hn.inspectlet.com stats.g.doubleclick.net cdn.embluemail.com *.livechatinc.com *.lc.chat *.googletagmanager.com *.syndigo.com content.syndigo.com storage.googleapis.com jumper.pe api.app.wayofwork.app cdn.pn.vg orchestrator.staging.aks.alquimio.cloud embed.tawk.to orchestrator.production.aks.alquimio.cloud https://maps.googleapis.com/ https://static-content.vnforapps.com/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.mcstaging.hiraoka.com *.hiraokasf.my.salesforce-sites.com https://static-content-qas.vnforapps.com/ cdn.pointandplace.com 526001254.collect.igodigital.com dynamic.criteo.com analytics.tiktok.com clarity.ms script.hotjar.com sslwidget.criteo.com ad.soicos.com qr.pointandplace.com tpc.googlesyndication.com 1worldsync.com cdn.cs.1worldsync.com cc.cs.1worldsync.com www.clarity.ms *.1worldsync.com *.criteo.com *.stickyadstv.com *.creativecdn.com product-feature-service.production.alquimio.cloud hp.omnitok.com api.coop.omnitok.com api.coop2.omnitok.com/api *.omnitok.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com s3.sa-east-1.amazonaws.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net prod.flixgvid.flix360.io syndication.flix360.com nworkforce.com static-content-qas.vnforapps.com storage.googleapis.com jumper.pe orchestrator.production.aks.alquimio.cloud https://fonts.googleapis.com/css https://static-content.vnforapps.com/ *.fontawesome.com https://static.micuentaweb.pe/static/ unsafe-inline assets.braintreegateway.com https://static-content-qas.vnforapps.com/ orchestrator.staging.aks.alquimio.cloud cdn.pointandplace.com qr.pointandplace.com 1worldsync.com cdn.cs.1worldsync.com cc.cs.1worldsync.com www.clarity.ms clarity.ms *.1worldsync.com *.criteo.com *.stickyadstv.com product-feature-service.production.alquimio.cloud hp.omnitok.com api.coop.omnitok.com api.coop2.omnitok.com/api *.omnitok.com *.googleapis.com 'self' 'unsafe-inline'; object-src s3.sa-east-1.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com s3.sa-east-1.amazonaws.com cdn.pointandplace.com qr.pointandplace.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.braindw.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net prod.flixgvid.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com arvr.google.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net nworkforce.com service.force.com script.crazyegg.com s3.sa-east-1.amazonaws.com sisapi.portinos.com hiraoka.com.pe connect.facebook.net static.micuentaweb.pe static-content-qas.vnforapps.com *.googleapis.com static.hotjar.com cdn.inspectlet.com secure.micuentaweb.pe dpm.demdex.net amcglobal.sc.omtrdc.net hn.inspectlet.com stats.g.doubleclick.net *.livechatinc.com *.lc.chat *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google. *.syndigo.com content.syndigo.com storage.googleapis.com jumper.pe network.pointandplace.com orchestrator.production.aks.alquimio.cloud api.repositorio.production.alquimio.cloud events-endpoint.pointandplace.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.hiraoka.secure.force.com *.hiraokasf.my.salesforce-sites.com *.mcstaging.hiraoka.com https://stats.g.doubleclick.net orchestrator.staging.aks.alquimio.cloud cdn.pointandplace.com analytics.tiktok.com measurement-api.criteo.com ad.soicos.com 526001254.collect.igodigital.com qr.pointandplace.com slwidget.criteo.com 1worldsync.com cdn.cs.1worldsync.com cc.cs.1worldsync.com www.clarity.ms clarity.ms *.1worldsync.com *.criteo.com *.stickyadstv.com *.creativecdn.com product-feature-service.production.alquimio.cloud hp.omnitok.com api.coop.omnitok.com api.coop2.omnitok.com/api *.omnitok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.googleapis.com http: https: blob: 'self' 'unsafe-inline'; default-src media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net prod.flixgvid.flix360.io syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com arvr.google.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net hiraoka.com.pe nworkforce.com script.crazyegg.com s3.sa-east-1.amazonaws.com sisapi.portinos.com connect.facebook.net static.micuentaweb.pe static-content-qas.vnforapps.com static.hotjar.com cdn.inspectlet.com secure.micuentaweb.pe dpm.demdex.net amcglobal.sc.omtrdc.net hn.inspectlet.com stats.g.doubleclick.net storage.googleapis.com jumper.pe orchestrator.production.aks.alquimio.cloud https://maps.googleapis.com/ https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.hiraoka.secure.force.com *.hiraokasf.my.salesforce-sites.com *.mcstaging.hiraoka.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.gordon.edu lavidacenter.org 1
frame-ancestors hired.com *.hired.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: 'self' data:; font-src 'self' https: data:; worker-src blob:; frame-ancestors 'self'; 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co 'nonce-bd392ae9-f5d6-4c4f-bc6d-68675325ea92' https://log.bntrace.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://www.googleanalytics.com https://www.googleoptimize.com https://www.gstatic.com https://www.google.com https://accounts.google.com/gsi/client https://apis.google.com/js/api:client.js https://maps.googleapis.com https://optimize.google.com https://euob.segreencolumn.com https://bat.bing.com https://obseu.segreencolumn.com https://appleid.cdn-apple.com unsafe-inline https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://accounts.binance.me https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://api.smartling.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com unsafe-inline;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://api.smartling.com https://accounts.google.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.me https://*.binance.me https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://api.smartling.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://bat.bing.com https://obseu.segreencolumn.com https://logan-log.binance.gg wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://stream.binance.com wss://nbstream.binance.com wss://bstream.binance.com:9443 https://api.saasexch.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://static.devfdg.net https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://obseu.segreencolumn.com https://bat.bing.com https://sensors.binance.cloud https://bin.bnbstatic.com https://public.bnbstatic.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://api.smartling.com https://accounts.google.com https://fast.wistia.net blob:;frame-src 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://www.google.com https://optimize.google.com https://accounts.google.com/ https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net;object-src 'none';base-uri 'self';report-uri https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a;report-to https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' https://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://yoastcdn.com https://yoast.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://omappapi.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://lfeeder.com https://sc.lfeeder.com https://www.clarity.ms https://s.adroll.com https://analytics.google.com https://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://omappapi.com https://www.googletagmanager.com https://my.yoast.com https://go.exotel.com https://adroll.com https://www.clarity.ms https://lfeeder.com https://sc.lfeeder.com https://snap.licdn.com https://connect.facebook.net https://www.googleanalytics.com https://www.google-analytics.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; connect-src 'self' https://www.googleanalytics.com/analytics.js https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://pi.pardot.com https://omappapi.com https://pardot.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://sc.lfeeder.com https://www.clarity.ms https://adroll.com https://analytics.google.com https://www.googletagmanager.com https://go.exotel.com https://my.yoast.com https://ps.w.org https://pro.ip-api.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.omappapi.com https://api.ipgeolocation.io https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; img-src 'self' 'unsafe-inline' https://my.yoast.com https://s.w.org https://ps.w.org https://www.google.co.in https://clients.allincall.in https://secure.gravatar.com https://www.youtube.com https://cdn.ckeditor.com https://yoastcdn.com https://yoast.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com data:; style-src 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; style-src-elem 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; base-uri 'self'; style-src-attr 'self' 'unsafe-inline' https://w.recruiterbox.com; font-src 'self' data: https://my.yoast.com https://apis.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net https://use.typekit.net; worker-src 'self' blob: https://my.yoast.com https://yoast.com; form-action 'self' https://app.recruiterbox.com; frame-src 'self' https://go.exotel.com https://my.yoast.com https://www.youtube.com https://app.recruiterbox.com clients.allincall.in; object-src 'self'; child-src none; 1
default-src 'self' blob: www.google-analytics.com marketing.cov.com go.cov.com view.ceros.com cdn.jsdelivr.net *.cookiepro.com static.cloud.coveo.com staticdev.cloud.coveo.com www.gstatic.com fonts.gstatic.com *.fontawesome.com *.brightcove.net platform.cloud.coveo.com www.google.com *.brightcove.com *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.pardot.com *.yoshki.com data:;style-src 'self' 'unsafe-inline' static.cloud.coveo.com marketing.cov.com go.cov.com fonts.googleapis.com *.fontawesome.com stackpath.bootstrapcdn.com www.google.com cdn.jsdelivr.net www.gstatic.com *.brightcove.com *.brightcove.net *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.yoshki.com *.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: marketing.cov.com go.cov.com siteimproveanalytics.com creative-services.ceros.com view.ceros.com www.googletagmanager.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com www.google.com stackpath.bootstrapcdn.com www.gstatic.com *.onetrust.com *.pardot.com *.boltdns.net *.brightcove.com *.brightcove.net *.cloudfront.net *.yoshki.com *.akamaihd.net;img-src 'self' go.cov.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com stackpath.bootstrapcdn.com marketing.cov.com www.googletagmanager.com www.google.com cov.vuture.net www.gstatic.com *.pardot.com *.brightcove.com *.boltdns.net *.brightcove.net *.cloudfront.net *.akamaihd.net *.yoshki.com data:; 1
default-src 'self' https://pusher.com http://pusher.com http://*.pusher.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.pusher.com wss://pusher.com; font-src 'self' http://fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' http://www.google.com/; img-src 'self' http://www.google-analytics.com https://www.d4sign.com.br data:; object-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com http://code.jquery.com http://pusher.com http://sockjs-mt1.pusher.com https://tru.webelapp.com http://www.gstatic.com http://www.google.com https://ajax.cloudflare.com https://cdn.jsdelivr.net/; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/ 1
default-src 'self' *.toutemonannee.com s1.toutemonannee.com s2.toutemonannee.com toutemonannee.blob.core.windows.net *.s3.toutemonannee.com balthazar.diedm.fr;worker-src 'self' blob:;media-src 'self' s1.toutemonannee.com s2.toutemonannee.com toutemonannee.blob.core.windows.net *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;img-src 'self' data: blob: *.toutemonannee.com s1.toutemonannee.com s2.toutemonannee.com toutemonannee.blob.core.windows.net *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;frame-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;child-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;base-uri 'none';object-src 'none';style-src 'self' 'unsafe-inline' s1.toutemonannee.com balthazar.diedm.fr;script-src 'self' 'unsafe-inline' 'unsafe-eval' s1.toutemonannee.com balthazar.diedm.fr;font-src 'self' data: fonts.googleapis.com s1.toutemonannee.com 1
&It;policy-directive&gt;;&It;policy-directive&gt; 1
script-src 'self' https://miplanilla.zendesk.com https://api.smooch.io http://tags.crwdcntrl.net https://tags.crwdcntrl.net http://stats.g.doubleclick.net https://assets.calendly.com https://calendly.com https://static.zdassets.com https://connect.facebook.net https://www.googletagmanager.com https://www.facebook.com https://pixel.mathtag.com https://www.google.com https://cse.google.com https://www.gstatic.com https://google.com https://code.jquery.com https://twitter.com https://www.miplanilla.com https://connect.microsoft.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://seal.verisign.com https://bcp.crwdcntrl.net https://i.imgur.com https://secure.miplanilla.com http://i.imgur.com http://localhost 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://assets.calendly.com https://www.google.com https://www.miplanilla.com https://secure.miplanilla.com 'unsafe-inline' 1
default-src 'self' cdn.cookielaw.org geolocation.onetrust.com js.driftt.com play.vidyard.com privacyportal.onetrust.com script.crazyegg.com sed-cms.broadcom.com staging-symantec-enterprise-blogs.security.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.ads.linkedin.com;img-src 'self' cdn.cookielaw.org cdn.vidyard.com i.ytimg.com play.vidyard.com secure.sw.broadcom.com symantec-enterprise-blogs.security.com www.google-analytics.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;script-src 'self' cdn.cookielaw.org geolocation.onetrust.com images.sw.broadcom.com js.driftt.com play.vidyard.com script.crazyegg.com static.cloudflareinsights.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adroll.com *.licdn.com *.en25.com 'unsafe-inline' 'unsafe-eval' d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com *.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net us-u.openx.net;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none' 1
font-src *.gstatic.com data: *.klarnacdn.net *.fontawesome.com use.typekit.net *.criteo.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.googleapis.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com js.klarna.com fi1.frosmo.com *.fi1.frosmo.com d2oarllo6tn86.cloudfront.net sdx.microsoft.com amc.demdex.net js.playground.klarna.com *.google.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com *.app.cookieinformation.com *.visualwebsiteoptimizer.com app.vwo.com https://mfiltersuodattimet.fi/ *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.unifaunonline.se https://*.tile.openstreetmap.org/ fi1.frosmo.com *.fi1.frosmo.com d2oarllo6tn86.cloudfront.net *.bing.com  *.microsoft.com * *.wistia.com *.wistia.net *.clarity.ms *.analytics.google.com *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com *.ytimg.com https://www.maksuturva.fi/ https://test1.maksuturva.fi/ https://payments.maksuturva.fi/ data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ajax.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.klarna.com *.klarnacdn.net *.klarnaservices.com https://api.unifaun.com https://bat.bing.com https://r.bing.com *.convertexperiments.com data: www.google.com maps.googleapis.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com api.custobar.com connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.gstatic.com *.confirmit.com *.doubleclick.net *.lekane.net *.jquery.com *.licdn.com d2oarllo6tn86.cloudfront.net ats.talentadore.com cdnjs.cloudflare.com *.videoly.co *.analytics.solteq.solutions *.youtube-nocookie.com *.wistia.com *.wistia.net *.app.cookieinformation.com *.clarity.ms *.visualwebsiteoptimizer.com app.vwo.com fi1.frosmo.com *.fi1.frosmo.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net *.fontawesome.com fi1.frosmo.com *.fi1.frosmo.com d2oarllo6tn86.cloudfront.net *.bing.com use.typekit.net p.typekit.net tagmanager.google.com fonts.googleapis.com ats.talentadore.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com fi1.frosmo.com *.fi1.frosmo.com d2oarllo6tn86.cloudfront.net maps.googleapis.com *.bing.com wss://*.bing.com env-6410208.paas.datacenter.fi bam.nr-data.net dpm.demdex.net eu.klarnaevt.com eu.playground.klarnaevt.com *.analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.google.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.lekane.net wss://*.lekane.net metrics.puuilo.se metrics.puuilo.fi gtm-wgmks6q-ytfmm.uc.r.appspot.com *.metrics.convertexperiments.com logs.convertexperiments.com ats.talentadore.com *.deepvision.cloud.solteq.com *.analytics.solteq.solutions *.app.cookieinformation.com *.clarity.ms *.visualwebsiteoptimizer.com app.vwo.com *.googlesyndication.com https://test1.maksuturva.fi/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fi1.frosmo.com *.fi1.frosmo.com d2oarllo6tn86.cloudfront.net env-6410208.paas.datacenter.fi 'unsafe-inline' *.videoly.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src * https://*.risingbd.com data:; font-src * data:; connect-src *; media-src * data:; object-src 'none'; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; manifest-src *; report-uri https://risingbd.report-uri.com/r/d/csp/reportOnly; report-to https://risingbd.report-uri.com/a/d/g 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.leadforensics.com https://cdn.yoshki.com https://sidley.rev.vbrick.com  https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://fast.fonts.net/ https://fast.fonts.net/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/ https://vimeo.com/ https://idx.liadm.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.leadforensics.com https://static.cloud.coveo.com/ https://ajax.cloudflare.com  https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://use.typekit.net/ https://use.typekit.net/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://fast.fonts.net https://fast.fonts.net https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://player.vimeo.com/ https://secure.tent0mown.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://static.cloud.coveo.com/ https://www.buzzsprout.com http://use.typekit.net/ https://use.typekit.net/ http://fast.fonts.net/ https://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' https://secure.harm6stop.com data: filesystem:; font-src 'self' https://fonts.gstatic.com/ http://fast.fonts.net/ https://fast.fonts.net/ http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ http://api2.fonts.com/ https://api2.fonts.com/; frame-src 'self' https://cdn.yoshki.com https://sidley.rev.vbrick.com https://sidley.readz.com https://www.buzzsprout.com http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://share.transistor.fm/ http://share.transistor.fm/ https://soundcloud.com https://w.soundcloud.com/; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 1
default-src 'self' inky.com *.inky.com hubapi.com *.hubapi.com hubspot.com *.hubspot.com app.hubspot.com hubspotusercontent-na1.net *.hubspotusercontent-na1.net hsappstatic.net *.hsappstatic.net hs-banner.com *.hs-banner.com hsforms.com *.hsforms.com forms.hsforms.com forms.hsforms.com/emailcheck google.com *.google.com play.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com 6sc.co *.6sc.co adnexs.com *.adnxs.com secure.adnxs.com adsymptotic.com *.adsymptotic.com doubleclick.net *.doubleclick.net linkedin.com *.linkedin.com ads.linkedin.com *.ads.linkedin.com px.ads.linkedin.com facebook.com *.facebook.com twitter.com *.twitter.com *.cookielaw.org *.onetrust.com *.activebook.io; script-src 'self' 'unsafe-inline' inky.com *.inky.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net js.hsforms.net *.hsforms.com js.hsforms.com js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com google.com *.google.com play.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com ads.linkedin.com *.ads.linkedin.com px.ads.linkedin.com *.cookielaw.org *.onetrust.com *.activebook.io; script-src-elem 'self' 'unsafe-inline' hscollectedforms.net *.hscollectedforms.net hubspot.com *.hubspot.com hs-analytics.net *.hs-analytics.net hs-banner.com *.hs-banner.com hsadspixel.net *.hsadspixel.net *.hsforms.net js.hsforms.net js.hsforms.net/forms js.hsforms.net/forms/v2.js *.hsforms.com js.hsforms.com play.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gartner.com *.gartner.com usemessages.com *.usemessages.com 6sc.co *.6sc.co licdn.com *.licdn.com linkedin.com *.linkedin.com ads.linkedin.com *.ads.linkedin.com px.ads.linkedin.com convertiv.com *.convertiv.com cloudflare.com *.cloudflare.com *.facebook.net https://connect.facebook.net/en_GB/all.js *.twitter.com https://platform.twitter.com/widgets.js *.cookielaw.org *.onetrust.com *.activebook.io; object-src 'self' *.inky.com; style-src 'self' 'unsafe-inline' inky.com *.inky.com cdn2.hubspot.net fontawesome.com *.fontawesome.com; style-src-elem 'self' 'unsafe-inline' inky.com *.inky.com cdn2.hubspot.net hsappstatic.net *.hsappstatic.net fontawesome.com *.fontawesome.com; font-src 'self' fontawesome.com *.fontawesome.com; frame-src hubspot.com *.hubspot.com hsforms.com *.hsforms.com forms.hsforms.com forms.hsforms.com/emailcheck youtube.com *.youtube.com facebook.com *.facebook.com twitter.com *.twitter.com *.activebook.io; report-uri csp-violation-report-endpoint/; upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval' *.tawk.to wss: 1
default-src 'self' data: blob: *.tigmedia.jp tigmedia.jp wss://ntjp.mieru-ca.com *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.witter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com *.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com *.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com e1.emxdgt.com trc.taboola.com match.adsrvr.org *.nakanohito.jp nakanohito.jp sp-trk.com sync.aralego.com *.clarity.ms secure.adnxs.com cdn.aralego.net match.prod.bidr.io im-apps.net *.im-apps.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.tigmedia.jp tigmedia.jp tig-contents.com *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.twitter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ups.analytics.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com c.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com cs.nakanohito.jp sp-trk.com bat.bing.com www.clarity.ms *.im-apps.net im-apps.net; style-src 'self' 'unsafe-inline' *.yahoo.co.jp *.google.com *.typekit.net use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net www.facebook.com youtube.com youtu.be www.youtube.com *.line.me ads.twitter.com static.ads-twitter.com d.line-scdn.net s.yimg.jp *.criteo.net criteo-sync.teads.tv s.yjtag.jp www.googleadservices.com s.adroll.com d.adroll.mgr.consensu.org *.criteo.com *.mieru-ca.com d.line-cdn.net cdn.jsdelivr.net connect.facebook.net *.rakuten.com tk.jrs5.com *.google.co.jp consent.linksynergy.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com *.adscale.de r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ups.analytics.yahoo.com ad.as.amanad.adtdp.com ads.stickyadstv.com idsync.rlcdn.com cs.adingo.jp adx.dable.io t.co analytics.twitter.com *.socdm.com ad.yieldlab.net beacon.krxd.net tags.bluekai.com c.bing.com idsync.admixer.co.kr s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com 1f2e7.v.fwmrm.net *.a-den.jp *.aeonshop.com aeonshop.com fontawesome.com fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-df578afafb91fbe1' 'unsafe-inline' blob: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; img-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; media-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; font-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; connect-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.gstatic.com https://*.googleapis.com https://*.facebook.com https://*.fbcdn.net https://*.fb.me https://*.fbsbx.com https://www.youtube.com https://*.youtube-nocookie.com https://*.google-analytics.com  https://connect.facebook.net https://www.googletagmanager.com https://youtu.be https://*.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://content-if.eestiloto.ee http://cdnjs.cloudflare.com https://*.popt.in https://*.cloudfront.net https://*.lambda-url.us-west-2.on.aws;worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com storage.googleapis.com www.google-analytics.com cdnjs.cloudflare.com d2r1yp2w7bby2u.cloudfront.net wzrkt.com static.clevertap.com; img-src 'self' data: d35m20fiakq0qn.cloudfront.net d1ixo36kppfedg.cloudfront.net d2y9bhlumd5zmk.cloudfront.net dvzu5d5hsfmv1.cloudfront.net lqp-imgs.s3.ap-south-1.amazonaws.com www.google-analytics.com www.google.com www.google.co.in; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com ;frame-src 'self' www.youtube.com d1ixo36kppfedg.cloudfront.net glowroad-staging.onlinesales.ai glowroad.onlinesales.ai;connect-src 'self' www.google-analytics.com analytics.google.com stats.g.doubleclick.net sentry.io dw.glowroad.com testsupplier.glowroad.com supplier.glowroad.com it.glowroad.com test-it.glowroad.com suppliergateway-preprod.glowroad.com feed-devo-2.glowroad.com api.glowroad.com; 1
frame-ancestors *.eduardolosilla.es *.quinielista.es *.marca.com *.mundodeportivo.com 1
default-src 'self' assets.bonkerscorner.com www.google.com google.com *.facebook.com stats.g.doubleclick.net ct.pinterest.com tr.snapchat.com analytics.google.com www.google-analytics.com *.razorpay.com wchat.in.freshchat.com bonkerscorner.webpush.in.freshchat.com; img-src 'self' *.googletagmanager.com *.google.com *.google.co.in *.google.ca *.google-analytics.com www.facebook.com cdn.razorpay.com assets.bonkerscorner.com ct.pinterest.com;style-src ajax.googleapis.com fonts.googleapis.com www.bonkerscorner.com 'unsafe-inline' wchat.in.freshchat.com;font-src data: www.bonkerscorner.com fonts.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' *.cloudflare.com www.google.com www.gstatic.com www.googleadservices.com checkout.razorpay.com s.pinimg.com tr.snapchat.com www.google-analytics.com sc-static.net www.bonkerscorner.com www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com wchat.in.freshchat.com cdn.razorpay.com; 1
frame-ancestors 'self' *.biodigital.com https://localhost:4200; 1
default-src 'none'; connect-src https://cdn.plyr.io/3.7.3/plyr.svg https://ws.zoominfo.com/pixel/collect https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://boards-api.greenhouse.io *.fontawesome.com https://cdn.plyr.io/3.6.7/plyr.svg https://www.google-analytics.com https://analytics.google.com https://api.hubapi.com https://api-iam.intercom.io https://in.hotjar.com https://stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io https://c.6sc.co/ https://control-web-app.netlify.app/ https://cookie-cdn.cookiepro.com https://128-ixl-130.mktoresp.com https://tracking.chilipiper.com/mp/track https://api.chilipiper.com/api/v1/match-cluster/verygoodsecurity https://api.chilipiper.com/marketing/inbound-router/enabled/verygoodsecurity/demo-request-marketo https://api.chilipiper.com/marketing/inbound-router/redirect/verygoodsecurity/demo-request-marketo https://cdn.linkedin.oribi.io/partner/1166788/domain/verygoodsecurity.com/token https://app.clearbit.com/v1/p https://api.lever.co/v0/postings/verygoodsecurity?group=team&mode=json; font-src 'self' *.cloudfront.net https://fonts.gstatic.com *.fontawesome.com heapanalytics.com https://js.intercomcdn.com; frame-src https://www.youtube-nocookie.com *.greenhouse.io *.netlify.com https://codesandbox.io *.youtube.com https://forms.hsforms.com https://vars.hotjar.com https://bid.g.doubleclick.net https://consent-pref.trustarc.com/ https://info.verygoodsecurity.com https://verygoodsecurity.chilipiper.com/ https://player.vimeo.com/; img-src 'self' data: *.cloudfront.net *.ctfassets.net *.verygoodsecurity.com heapanalytics.com *.linkedin.com https://analytics.twitter.com https://t.co https://www.facebook.com https://b.6sc.co https://tr.lfeeder.com https://track.hubspot.com https://p.adsymptotic.com https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.com.ua https://www.google.ie https://www.google.nl https://www.google.fr https://www.google.it https://www.google.ch https://www.google.pl https://www.google.cz https://www.google.no https://www.google.fi https://www.google.ro https://www.google.es https://www.linkedin.com https://www.google-analytics.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://www.googletagmanager.com https://consent.trustarc.com/v2/asset/transparent.png https://bat.bing.com https://tr-rc.lfeeder.com; media-src https://verygoodsecurity.github.io *.ctfassets.net https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.2/ScrollToPlugin.min.js https://player.vimeo.com/api/player.js https://munchkin.marketo.net/162/munchkin.js https://info.verygoodsecurity.com/index.php/form/getKnownLead *.netlify.app heapanalytics.com https://cdn.heapanalytics.com https://www.googletagmanager.com https://boards.greenhouse.io/embed/job_board/js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/ScrollTrigger.min.js https://forms.hsforms.com/embed/v3/form/5884958/be88e533-69b8-47fd-b14e-68c81351e05f https://forms.hsforms.com/embed/v3/form/5884958/c68837c6-ee17-4180-b316-73aeca654518 https://js.hsforms.net/forms/v2-legacy.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://widget.intercom.io https://js.hs-scripts.com https://connect.facebook.net https://j.6sc.co https://consent.trustarc.com https://ws.zoominfo.com https://static.hotjar.com https://sc.lfeeder.com https://analytics.twitter.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.intercomcdn.com https://script.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://cookie-cdn.cookiepro.com/scripttemplates/6.27.0/otBannerSdk.js https://munchkin.marketo.net/munchkin.js https://munchkin.marketo.net/161/munchkin.js https://info.verygoodsecurity.com/js/forms2/js/forms2.min.js https://info.verygoodsecurity.com/index.php/form/getForm https://bat.bing.com/bat.js https://bat.bing.com/p/action/14362370638466.js https://munchkin.marketo.net/163/munchkin.js https://tag.clearbitscripts.com/v1/pk_42f42bceb57f1738fa5b064c1d7c1c48/tags.js https://x.clearbitjs.com/v2/pk_42f42bceb57f1738fa5b064c1d7c1c48/destinations.min.js https://x.clearbitjs.com/v2/pk_42f42bceb57f1738fa5b064c1d7c1c48/tracking.min.js https://andreasmb.github.io/lever-jobs-embed/index.js; style-src 'unsafe-inline' https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-simple.css https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-simple.css *.googleapis.com heapanalytics.com https://www.googletagmanager.com/debug/badge.css https://info.verygoodsecurity.com/js/forms2/css/forms2.css https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-inset.css https://js.chilipiper.com/styles.css https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css; frame-ancestors 'self' 1
default-src 'self' https://video1.gamblejoe.com https://video2.gamblejoe.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline'; font-src 'self' https://www.googletagmanager.com data:; object-src 'none'; frame-src 'self' *; worker-src 'self'; frame-ancestors 'none'; connect-src 'self' https://video1.gamblejoe.com https://www.googletagmanager.com https://video2.gamblejoe.com https://region1.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; object-src 'none'; base-uri 'self'; connect-src https://u.armgs.team https://admin.armgs.team 'self'; font-src 'self'; frame-src 'self' itms-services://*; media-src 'self'; frame-ancestors 'none'; report-uri  https://cspreport.armgs.team/im/ 1
frame-ancestors 'self' *.chromatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.calconic.com gist.github.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.googleadservices.com platform.twitter.com *.list-manage.com www.google.com *.g.doubleclick.net tpc.googlesyndication.com;connect-src 'self' ws://localhost:* vitals.vercel-insights.com statistics-dot-calconic-app.appspot.com app.calconic.com www.emergetools.com www.google-analytics.com *.google.com api.emergetools.com afic2dn9u6.execute-api.us-west-1.amazonaws.com api-js.mixpanel.com o497846.ingest.sentry.io emerge-icons-dev.s3.us-west-1.amazonaws.com emerge-icons-prod.s3.us-west-1.amazonaws.com emerge-uploads-dev.s3.us-west-1.amazonaws.com emerge-uploads-prod.s3.us-west-1.amazonaws.com emerge-uploads-dev.s3-accelerate.amazonaws.com emerge-uploads-prod.s3-accelerate.amazonaws.com optimized-images-emerge.s3.us-west-1.amazonaws.com emerge-flamegraph-results-dev.s3.us-west-1.amazonaws.com emerge-flamegraph-results-prod.s3.us-west-1.amazonaws.com emerge-processed-builds-prod.s3.us-west-1.amazonaws.com emerge-processed-builds-dev.s3.us-west-1.amazonaws.com emerge-private-static-resources-dev.s3.us-west-1.amazonaws.com emerge-private-static-resources-prod.s3.us-west-1.amazonaws.com emerge-perf-test-results-dev.s3.us-west-1.amazonaws.com emerge-perf-test-results-prod.s3.us-west-1.amazonaws.com emerge-snapshots-prod.s3.us-west-1.amazonaws.com emerge-snapshots-dev.s3.us-west-1.amazonaws.com http://localhost:37577 https://previews-prod.emergetools.com https://previews-dev.emergetools.com; img-src 'self' data: www.google-analytics.com avatars.githubusercontent.com googleads.g.doubleclick.net www.google.com *.amazonaws.com assets.calendly.com platform.slack-edge.com syndication.twitter.com *.mzstatic.com *.googleusercontent.com; object-src 'self' data:; media-src 'self' data: https://prod-us-west-2-results.s3-us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' github.githubassets.com fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' platform.twitter.com calendly.com https://www.youtube-nocookie.com;report-uri https://o497846.ingest.sentry.io/api/5855846/security/?sentry_key=410decd0c4804fea88a868f620b66d69 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fanplayr.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net pixel.mathtag.com www.facebook.com api.retargetly.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io https://www.magezon.com maps.googleapis.com maps.gstatic.com www.facebook.com *.google.com *.google.com.mx sp.analytics.yahoo.com googleads.g.doubleclick.net www.googletagmanager.com *.coca-colaentuhogar.com pixel.mathtag.com lb.data-dynamic.net *.barilliance.net *.barilliance.com *.fanplayr.com d38nbbai6u794i.cloudfront.net *.coca-cola.com.gt *.coca-cola.com.pa gt-coca.test pa-coca.test collect.fanplayr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.google.com maps.googleapis.com googleapis.com ajax.googleapis.com *.gstatic.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net www.googleoptimize.com *.doubleclick.net *.hotjar.com pixel.mathtag.com api.retargetly.com *.barilliance.net *.barilliance.com p.teads.tv 'unsafe-inline' s3.amazonaws.com/fanplayr *.fanplayr.com d38nbbai6u794i.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' *.fanplayr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io maps.googleapis.com googleapis.com 8lioi8nl48.execute-api.us-west-2.amazonaws.com pyhdy1j3zh.execute-api.us-west-2.amazonaws.com www.facebook.com bam.nr-data.net gamma-latam-us-west-2-api-config.s3.amazonaws.com prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com *.google.com *.doubleclick.net *.coca-colaentuhogar.com adobedc.demdex.net *.barilliance.net *.barilliance.com *.hotjar.com *.hotjar.io d38nbbai6u794i.cloudfront.net *.fanplayr.com wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.fanplayr.com *.barilliance.net *.barilliance.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://webvisor.com ardes.bg *.ardes.bg 1
frame-ancestors 'self' lookbook.roveconcepts.com opheliabed.com 1
base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' unpkg.com miro.com *.algolianet.com *.algolianet.net storage.googleapis.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com google-analytics.com ssl.gstatic.com gstatic.com fonts.gstatic.com github.com *.githubusercontent.com gh-card.dev *.ory.sh *.youtube.com *.youtube-nocookie.com fonts.googleapis.com fonts.gstatic.com data: s.ytimg.com *.usercentrics.eu *.iubenda.com *.cloudfront.net *.licdn.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.g.doubleclick.net *.hubapi.com *.hubspot.com *.loom.com analytics.google.com *.analytics.google.com cdn.linkedin.oribi.io static.cloudflareinsights.com www.google.be www.google.com; img-src * data: blob: www.ory.dev www.ory.net 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.co doctoraliaone-co2-candidate.azurewebsites.net 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/vm https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/vm https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.youtube.com/watch https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src asset: blob: data: ws: wss: filesystem: 'self' 'unsafe-eval' 'unsafe-inline' * 1
default-src 'self' tel: mailto: https://pcmap-dub.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.quantserve.com *.quantcount.com https://src-daa.webpu.sh tagmanager.google.com *.addthis.com *.addthisedge.com player.vimeo.com sjs.bizographics.com/insight.min.js snap.licdn.com *.onetrust.com external.airport.ai z.moatads.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.myfonts.net tagmanager.google.com external.airport.ai; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: external.airport.ai ; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.quantserve.com stats.g.doubleclick.net *.google.com *.google.ie px.ads.linkedin.com *.xtremepush.com cx.atdmt.com *.onetrust.com *.googleusercontent.com external.airport.ai *.doubleclick.net *.googletagmanager.com *.linkedin.com; media-src 'self' data: blob:; frame-src 'self' tel: mailto: external.airport.ai https://pcmap-dub.netlify.app https://player.vimeo.com https://www.youtube.com https://afdac.daa.ie *.doubleclick.net afdac.dublinairport.com journeyplanner.transportforireland.ie *.wherewefly.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/  https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://afdac.daa.ie/ dub.innosked.com *.addthis.com https://complaints-eu.emsbk.com/ external.airport.ai app.sli.do https://pcmap-dub.netlify.app; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://www.facebook.com/tr/ *.xtremepush.com *.onetrust.com stats.g.doubleclick.net external.airport.ai app.sli.do *.google-analytics.com cdn.linkedin.oribi.io *.googletagmanager.com; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.pl https://www.myheritage.pl  'nonce-e87a3bbd77508fbae8fdf3a00e95b282' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net 'nonce-1f6419b1cbe79c71410cb320fc094775' https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googletagmanager.com; style-src  'self' 'unsafe-inline'; img-src 'self' data: www.googletagmanager.com  https://www.google-analytics.com/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ru https://www.google-analytics.com www.googletagmanager.com https://vk.com; frame-src http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/; child-src http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/; media-src *.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net 1
default-src 'none'; manifest-src 'self'; script-src 'nonce-Me/IZYAtP30FM2uQtd94rZyco2pW0hDMfmWnlY7VCt4=' 'sha256-NPxtanrGj3/JuYjJOsgA0mEkXCCEoEO9Sr64MVsFil8=' 'strict-dynamic' 'unsafe-eval' 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://gallery-prod2.sprinklr.com; img-src 'self' data: https://a.apac01.idio.episerver.net https://forms.hsforms.com https://forms-na1.hsforms.com https://jumbe.zaius.com.au https://maps.googleapis.com https://maps.gstatic.com https://p2.aprimocdn.net https://track.hubspot.com https://www.facebook.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://*.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.uk https://px.ads.linkedin.com https://prod2-media-proxy.sprinklr.com https://thumb.sprinklr.com https://scontent-iad3-1.xx.fbcdn.net https://prod.cdata.app.sprinklr.com; font-src 'self' data: https://gallery-prod2.sprinklr.com https://fonts.googleapis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://prod2-media-proxy.sprinklr.com; connect-src 'self' https://a.apac01.idio.episerver.net https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://api.hubapi.com https://consent.api.osano.com https://dc.services.visualstudio.com https://forms.hsforms.com https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://maps.googleapis.com https://tattle.api.osano.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.doubleclick.net https://gallery-prod2.sprinklr.com  https://prod2-external-share-api.sprinklr.com https://px.ads.linkedin.com; media-src 'self' https://p2.aprimocdn.net https://lendleasecorporationlimited.gcs-web.com https://prod2-media-proxy.sprinklr.com; object-src 'none'; frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://p2.aprimocdn.net https://www.google.com https://*.doubleclick.net https://lendleasecorporationlimited.gcs-web.com https://tools.eurolandir.com https://my.datasubject.com; frame-ancestors 'self' https://lendleasecorporationlimited.gcs-web.com; form-action 'self' https://forms.hsforms.com https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://esir.gov.spb.ru wss://esir.gov.spb.ru https://ac.gz-spb.ru https://mc.yandex.ru; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.daliajobs.com api.mapbox.com unpkg.com;frame-ancestors 'self' 1
frame-ancestors https://wealthport.cir2.com https://rc.wealthmsi.com; 1
default-src 'self' ka-p.fontawesome.com kit.fontawesome.com *.crazyegg.com blob:;script-src 'self' *.googleapis.com *.crazyegg.com *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.unpkg.com *.youtube.com ajax.aspnetcdn.com cdnjs.cloudflare.com static.cloudflareinsights.com cdn.jsdelivr.net kit.fontawesome.com *.google.com *.gstatic.com stackpath.bootstrapcdn.com static.cloudflareinsights.com nam10.safelinks.protection.outlook.com static.ads-twitter.com connect.facebook.net assets.adobedtm.com blob: 'unsafe-eval' 'unsafe-inline';style-src 'self' *.crazyegg.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com use.fontawesome.com stackpath.bootstrapcdn.com 'unsafe-inline';connect-src 'self' *.crazyegg.com *.google.com *.googleapis.com *.gstatic.com ka-p.fontawesome.com kit.fontawesome.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com ka-p.fontawesome.com kit.fontawesome.com stackpath.bootstrapcdn.com *.googleapis.com *.gstatic.com;img-src 'self' data: via.placeholder.com c95b3b5eb79e.o3n.io *.crazyegg.com *.google.co.uk *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net;frame-ancestors 'self' cms.bechtel.com impact.bechtel.com bechtel-impact-report.lgndtech.dev *.crazyegg.com;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.facebook.com rmk-map.jobs2web.com *.podbean.com 1
frame-ancestors 'self' *.pamukkale.com.tr paksoyturizm.com biletly.com www.eglengez.com www.mornot.com ekokupon.com 1
font-src fonts.gstatic.com use.typekit.net https://js.intercomcdn.com https://fonts.intercomcdn.com *.creativecdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.mobilpay.ro *.facebook.com https://intercom.help https://intercom-help.eu https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://intercom-sheets.com *.creativecdn.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.hotjar.com *.hotjar.io *.confirmit.com *.creativecdn.com *.facebook.com https://intercom-sheets.com https://api.intercom.io https://www.intercom-reporting.com https://devices.minutpass.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.tvsquared.com *.google.com *.google.ro *.yahoo.com *.mookie1.com *.confirmit.com *.facebook.com *.facebook.net *.popupsmart.com *.bazaarvoice.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.creativecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.7w.ro *.tvsquared.com *.mookie1.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.yimg.com *.doubleclick.net *.yahoo.com *.google.com *.confirmit.com *.gstatic.com *.facebook.com *.facebook.net *.nr-data.net *.js-agent.newrelic.com *.newrelic.com *.magento.com *.popupsmart.com *.bazaarvoice.com *.creativecdn.com https://app.intercom.io https://js.intercomcdn.com https://widget.intercom.io https://devices.minutpass.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.gstatic.com *.popupsmart.com *.creativecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://js.intercomcdn.com *.creativecdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com cdn.ampproject.org api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.7w.ro *.nr-data.net *.tvsquared.com *.mookie1.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.yimg.com *.doubleclick.net *.yahoo.com *.google.com *.confirmit.com *.popupsmart.com *.bazaarvoice.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io  https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.creativecdn.com https://microanalytics-sgtm-1.ey.r.appspot.com 'self' 'unsafe-inline'; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.creativecdn.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';      connect-src https://plausible.io/api/event https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/ ;   font-src data: https://assets.website-files.com/5efbe6918a9cfd65bb1608f9/ ;      img-src data: https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/ ;    script-src https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://d3e54v103j8qbb.cloudfront.net/js/ https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/js/ https://plausible.io/js/script.js ;     style-src https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/css/ https://assets.upguard.com 1
frame-ancestors 'self' *.ag2rlamondiale.fr *.ppalm.fr; report-uri /csp-rapport; 1
default-src 'self'; script-src 'self' siteimproveanalytics.com cdn.siteimprove.net ssl.p.jwpcdn.com; style-src 'self' 'sha256-+khLO8nhc2Mu5m1L02bP2beAhNICPu0CA+eUc/xvCG8='; img-src 'self' data: *.siteimproveanalytics.io *.rovid.nl *.rijksoverheid.nl jwpltx.com; media-src 'self' *.rovid.nl *.rijksoverheid.nl; child-src 'self' *.siteimproveanalytics.io my2.siteimprove.com; font-src 'self'; connect-src 'self' *.siteimprove.com *.siteimproveanalytics.io; report-uri https://sentry.dtnr.nl/api/2/security/?sentry_key=39cf65e281ee40458dbe9ab7b0306e67 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
default-src *; img-src 'self' data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.thehut.com https://analytics.tiktok.com https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://google.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com blob: https://*.abtasty.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src https://deepnote.com/static/ https://deepnote.com/_next/ 'sha256-ge5aEr6NuTEjpi7Kx5F51JYV1oXcOLg/41XkRxesU8U=' 'sha256-DjNmE5oGqLQpN4lWukvF327xRbOepXM0SEJpzgkARPM=' 'sha256-WjSIjyJ5plRPzTbKd8I2aO8CDm/6yrbazPZZzOk3XBI=' 'sha256-PcTct0/HGSNDG69nLkhatqCgmqRBIgPPhLkTUb59Vgo=' 'sha256-kv3Z1yrTmcHk7jjupECh+4aqpRM/SmVGM4mWGjPfsQo=' 'unsafe-eval' 'report-sample' https://www.googleoptimize.com/ https://connect.facebook.net/en_US/sdk.js https://cdn.segment.com/ https://js.stripe.com/v3 https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/debug/ https://*.clearbitscripts.com https://*.clearbitjs.com https://www.googleadservices.com/pagead/conversion/ https://static.ads-twitter.com/uwt.js https://tag.clearbitscripts.com https://polyfill.io/v2/ https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://*.hcaptcha.com/ https://cdn.sprig.com https://api.sprig.com https://widget.intercom.io https://js.intercomcdn.com https://fast.wistia.com/ https://www.google-analytics.com/analytics.js https://*.hs-scripts.com/ https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://snap.licdn.com/ https://cdn.iframe.ly  ;base-uri 'self';object-src 'none';worker-src 'self' blob: 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; form-action * 'unsafe-inline'; 1
default-src 'self' data: http: https: 'unsafe-inline' 'unsafe-eval' 1
default-src * blob: filesystem: about: ws: wss: data: 'unsafe-inline' 'unsafe-eval' https://cdn.sysoon.org https://ix.sysoons.com; script-src * https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src 'none';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; manifest-src https://cdn.sysoon.org; upgrade-insecure-requests; report-to default 1
default-src 'none'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: secure.gravatar.com apnorc.org www.googletagmanager.com ps.w.org s.w.org ts.w.org; font-src 'self' data: fonts.gstatic.com; connect-src 'self' yoast.com www.google-analytics.com cdn.jsdelivr.net; media-src 'self'; object-src 'self'; child-src 'self' blob:; frame-src 'self' www.youtube.com static.contextall.com; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com cdn.productplan.com *.hubspot.com embedwistia-a-akamaihd.net f.hubspotusercontent10.net *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com googleads.g.doubleclick.net hello.myfonts.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscta.net js.hsleadflows.net no-cache.hubspot.com p.adsymptotic.com perf.hsforms.com *.linkedin.com snap.licdn.com static.ads-twitter.com static.cloudflareinsights.com t.co *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.googleoptimize.com js.hsforms.net productplan.bamboohr.com connect.facebook.net zoominfo.com productplan.wpenginepowered.com www.gstatic.com js.hsforms.net fast.wistia.net 1
default-src 'none'; frame-ancestors https://*.edadeal.ru https://edadeal.ru https://yandex.ru https://yandex.com https://yandex.by https://*.yandex.ru https://*.yandex.com https://*.yandex.by; connect-src 'self'; script-src 'nonce-d2b715744a05adba036d56dddf577d68' 'self'; img-src 'self' 1
default-src 'self' https:; connect-src 'self' https: http://localhost:3036 ws://localhost:3036 http://localhost:3020 http://localhost:3010; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; base-uri 'none'; script-src 'self' https: http://localhost:3020 'unsafe-inline'; style-src 'self' https: http://localhost:3020 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://static.zohocdn.com/zohosecurity/ blob: data: https://*.hotjar.com/  https://snap.licdn.com/li.lms-analytics/  https://browser.sentry-cdn.com https://customer.smartsender.eu/js/client/ https://www.googleadservices.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://static.zohocdn.com/zohosecurity/ https://salesiq.zoho.com https://js.zohocdn.com https://js.zohostatic.com app.satismeter.com connect.facebook.net www.facebook.com *.bing.com app.satismeter.com *.googleapis.com *.gstatic.com https://*.google-analytics.com/ *.googletagmanager.com *.google.com *.google.com.ua *.doubleclick.net *.plerdy.com *.fondy.io; style-src data: blob: 'unsafe-inline' 'self' https://*.gogletagmanager.com/   https://css.zohocdn.com https://css.zohostatic.com https://files.zohopublic.com https://*.jquery.com fonts.googleapis.com *.fondy.io; connect-src 'self' https://analytics.google.com/g/ https://*.linkedin.com/wa/ https://*.google-analytics.com/ https://analytics.google.com/g/ ws: https://*.hotjar.com/  https://analytics.ringostat.net/ https://callback.ringostat.com/ https://callback.ringostat.net/ https://analytics.ringostat.com/ https://salesiq.zoho.com https://salesiq.zohopublic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.plerdy.com connect.facebook.net app.satismeter.com *.fondy.io; frame-ancestors 'self' fondy.io 1
connect-src 'self' https://*.aptrinsic.com https://adservice.google.com https://analytics.google.com https://api.ipgeolocation.io https://api.triptease.io https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://content.hotjar.io https://data.flip.to https://dc.services.visualstudio.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://mc.yandex.com https://mc.yandex.ru https://messages.guest-experience.triptease.io https://metrics.corinthia.com https://metrics.hotjar.io https://onboard.triptease.io https://p.relay-t.io https://region1.analytics.google.com https://sa.flip.to https://scripts.affilired.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://stats.g.doubleclick.net https://vc.hotjar.io https://www.dripuploads.com https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.thehotelsnetwork.com wss://ws.hotjar.com; default-src 'self' https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/; font-src 'self' https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.googleapis.com https://fonts.gstatic.com/s/barlow/ https://fonts.gstatic.com/s/lato/ https://fonts.gstatic.com/s/roboto/ https://static.tacdn.com https://use.typekit.net; frame-src 'self' https://*.adsrvr.org https://12671437.fls.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://customs.affilired.com https://mc.yandex.com https://mc.yandex.ru https://onboard.triptease.io https://targeted-messages.triptease.io https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.youtube-nocookie.com; img-src 'self' blob: data: https://*.adsrvr.org https://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cm.g.doubleclick.net/pixel https://cms.analytics.yahoo.com https://dpm.demdex.net https://i.ytimg.com https://imgsct.cookiebot.com https://mc.yandex.com https://mc.yandex.ru https://metrics.corinthia.com https://pubads.g.doubleclick.net https://region1.analytics.google.com https://static.tacdn.com https://storage.ghadiscovery.com https://tags.w55c.net https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.pages04.net https://www.tripadvisor.co.uk https://www.youtube.com; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsrvr.org https://*.aptrinsic.com https://ajax.googleapis.com https://api.getdrip.com https://bat.bing.com https://beacon.sojern.com https://browser.sentry-cdn.com https://cdn.denomatic.com https://cdn.flip.to https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.0.6/ https://cdn.jsdelivr.net/npm/jquery@3.5.1/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.otstatic.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://components.flip.to https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://contentz.mkt941.com https://customs.affilired.com https://d16fk4ms6rqz1v.cloudfront.net https://googleads.g.doubleclick.net https://integration.flip.to https://js.monitor.azure.com https://js.sentry-cdn.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://mc.yandex.com https://mc.yandex.ru https://navigator.ink-global.com https://onboard.triptease.io https://p.relay-t.io https://script.crazyegg.com https://script.hotjar.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://static-meta.triptease.io https://static.hotjar.com https://static.tacdn.com https://tag.getdrip.com https://tag.yieldoptimizer.com https://targeted-messages.triptease.io https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.jscache.com https://www.opentable.co.uk https://www.thehotelsnetwork.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://www.youtube.com; style-src 'self' 'unsafe-inline' data: https://*.aptrinsic.com https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.19/ https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://p.typekit.net https://static.tacdn.com https://use.typekit.net; 1
frame-ancestors 'self' viewer.zmags.com *.preview.cssi.com preview.cssi.com core.cssi.com 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://api.reciteme.com/ https://stats.reciteme.com/  *.stghavaspeople.com https://cdn.linkedin.oribi.io/ https://tracking.tribepad.com/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://tracking.tribepad.com/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://www.tesco-careers.com/ http://gw.oribi.io/ ;  font-src 'self' https://api.reciteme.com/; style-src 'self' 'unsafe-inline' https://api.reciteme.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.reciteme.com/ *.stghavaspeople.com https://tracking.tribepad.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ *.stghavaspeople.com/ https://ajax.aspnetcdn.com/ https://cdnjs.cloudflare.com/ https://px.ads.linkedin.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ http://cdn.oribi.io/ https://cdn.oribi.io/ http://www.google-analytics.com/ https://sjs.bizographics.com/ https://maps.googleapis.com/ https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://player.vimeo.com; frame-src 'self' https://2476867.fls.doubleclick.net/ https://td.doubleclick.net/ https://10220835.fls.doubleclick.net/ http://8984071.fls.doubleclick.net/ https://8984071.fls.doubleclick.net/ https://www.googletagmanager.com/  https://www.youtube.com/; img-src 'self' data: 'unsafe-inline' https://api.reciteme.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://ad.doubleclick.net/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ https://pixel.mediaiqdigital.com/ http://www.google-analytics.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://scontent.xx.fbcdn.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://maps.gstatic.com/;  1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com                             https://www.googletagmanager.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cse.google.com/ https://maps.googleapis.com https://maps.gstatic.com                           https://maps.googleapis.com/maps/api/* https://connect.facebook.net/es_ES/sdk.js 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*;                             style-src 'self' https://* 'unsafe-inline'; object-src 'self'; base-uri 'none'; connect-src *; frame-ancestors https://www.bancounion.com.bo/ https://bancounion.com.bo/                             https://www.segip.gob.bo/ https://kioscovirtual.bancounion.com.bo/ https://wserv-kio.bancounion.com.bo/ https://wservlb03.bancounion.com.bo/ https://wservlb03/UniPortalQRCalidad/                    https://portalbusa-desarrollo.azurewebsites.net/ https://portalbusa-portalbusacalidad.azurewebsites.net/ ; 1
default-src 'self'; connect-src *; font-src * data:; frame-src * mailto:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
require-sri-for script 1
default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none' ; img-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; media-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; script-src 'unsafe-hashes' 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com 'sha256-sI5v5bWVC19T46mBXAQNfZL5g/VIjJO4pxHjTHBGRTo=' 'sha256-bclIzK3SfP1ClS25sRLJ0l5THuIWcyKh/XRhHiIjoP8=' 'sha256-U3q5KwDyUdJs6mZtsTFTCPoNZs6DKhq9G8ZvSKs+sqM=' ; font-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; frame-ancestors 'self' ; style-src-elem 'self' 'sha256-UG3e5GMK0p75fYUzpG+gQ7w8C5Xiho/3IN1lN4MygSs=' 'sha256-LCCG8b1oYMgCStLhXjw2+M/3LsNjoavZBaIwEMJ6Kdg=' 'sha256-e1gMlZC9QqOMyeY/9Z/NZIBDrlArAo46JAbkLbBDm1Q=' 'sha256-UrGjHcu2Sr3l23rKhEgVKMijbWMN2Pell/Dz/a4DGiw='; frame-src 'self' ; style-src 'self' 'sha256-lbk0T9Eqn9FZGhCh9MPwvsW4o8mfHGljEvl4Z7A1CXw=' 'sha256-zq27PiVE3uKYaCuZd8TdzyuSD1F45+67IRQlUZDK41c=' 'sha256-3DuTxsT+isLRFfaBwfLTvkqwl+5WCvVBwlXHNtnEjR8=' 'sha256-naYrp5ciLxqh93qokH0dHua1L06ytZsEdfzisDnQ9mM=' 'sha256-UG3e5GMK0p75fYUzpG+gQ7w8C5Xiho/3IN1lN4MygSs=' 'sha256-LCCG8b1oYMgCStLhXjw2+M/3LsNjoavZBaIwEMJ6Kdg=' 'sha256-e1gMlZC9QqOMyeY/9Z/NZIBDrlArAo46JAbkLbBDm1Q=' 'sha256-UrGjHcu2Sr3l23rKhEgVKMijbWMN2Pell/Dz/a4DGiw=' 1
script-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src * data: https:; img-src * data: https:; media-src * data: blob: https:; worker-src blob:; connect-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com; style-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com blob: https: 'unsafe-inline' 1
frame-ancestors 'self' https://www.sanaltur.com.tr/ https://my.treedis.com/ https://admin.treedis.com/ https://test3d.taigalab.com/ 1
default-src 'self' *; connect-src *; font-src * data:; frame-src *; img-src * data:; script-src blob: * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' www.google.com; img-src 'self' data: * www.googletagmanager.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com https://www.googletagmanager.com www.google.com www.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; object-src 'none'; frame-src https://www.youtube.com https://youtube.com https://www.google.com 1
default-src *.crazyegg.com 'self';frame-ancestors localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de 'self';frame-src  localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de app.datawrapper.de datawrapper.dwcdn.net api.datawrapper.de https://e.infogram.com https://infogram-download-eu.s3.eu-west-1.amazonaws.com https://app.23degrees.io https://nfg.podigee.io https://player.podigee-cdn.net https://www.youtube.com/ https://www.surveymonkey.de/ https://flo.uri.sh/ *.flourish.studio *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.xing.com iframe.biotechgate.com 'self';style-src  localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de https://cdn.podigee.com https://player.podigee-cdn.net 'unsafe-inline';img-src    localhost:* *.contentstream.de datawrapper.dwcdn.net  *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de jwpltx.com *.usercentrics.eu *.webtrekk.net fbc.wcfbc.net *.crazyegg.com i.ytimg.com api.mapbox.com *.twimg.com *.twitter.com *.facebook.com *.facebook.net https://px.ads.linkedin.com https://images.podigee-cdn.net data: 'unsafe-inline';script-src localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de *.usercentrics.eu https://snap.licdn.com/li.lms-analytics/ *.webtrekk.de *.webtrekk.com responder.wt-safetag.com analytics.init.de *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ https://e.infogram.com https://app.23degrees.io https://player.podigee-cdn.net https://cdn.podigee.com https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ ajax.googleapis.com/ajax/libs/jquery/ vjs.zencdn.net/5.9.2/ ssl.p.jwpcdn.com cdn.rawgit.com api.mapbox.com https://flo.uri.sh/ *.flourish.studio *.twitter.com *.twimg.com *.facebook.com *.facebook.net *.linkedin.com *.xing.com iframe.biotechgate.com api.ipify.org blob: 'unsafe-inline' 'unsafe-eval';connect-src wss://localhost:35729/livereload *.crazyegg.com embedr.flickr.com *.usercentrics.eu *.webtrekk.net analytics.init.de 'self' https://cdn.linkedin.oribi.io/partner/3147810/;font-src   localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de https://player.podigee-cdn.net data: 'self';media-src  localhost:* *.contentstream.de  *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de  blob: 'self';report-uri /blueprint/servlet/service/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: *.google.com *.google.com.au maps.gstatic.com *.googleapis.com *.ggpht.comwww.google.com.au p.adsymptotic.com px.ads.linkedin.com www.w3.org www.facebook.com tracking.monsido.com client.prod.repmap.microsoft.com *.svc.dynamics.com www.google-analytics.com www.googletagmanager.com; 1
script-src 'self' 'nonce-h58TVAw/9P4GJ+MlImPGfw==' https://connect.facebook.net/ https://www.facebook.net/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;frame-src 'self' https://www.google.com/recaptcha/ https://bid.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.redditstatic.com/ https://alb.reddit.com/;connect-src 'self' https://api.negate.io/api/user/login https://api.negate.io/api/user/signup https://www.facebook.com/ https://www.facebook.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://google.com/ https://www.google.com/ https://alb.reddit.com/ https://*.g.doubleclick.net https://*.google.com https://www.redditstatic.com/;img-src 'self' https://*.google-analytics.com https://connect.facebook.net https://www.facebook.net https://www.facebook.com/ https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src				'unsafe-inline'				'self'				*.adobedtm.com				*.adobe.io				*.cloudfront.net				*.cordial.io				*.digicert.com				*.doubleclick.net				*.facebook.com				*.facebook.net				*.google-analytics.com				analytics.google.com				*.analytics.google.com				*.google.com				*.googleadservices.com				*.googleapis.com				*.googletagmanager.com				*.gstatic.com				*.havertys.com				*.hotjar.com				*.hotjar.io				*.inside-graph.com				*.microdinc.com				*.microsoft.com				*.omtrdc.net				*.outbrain.com				*.pinimg.com				*.pinterest.com				*.powerreviews.com				*.reputation.com				*.scene7.com				*.sharethis.com				*.teads.tv				*.typekit.net				*.yahoo.com				*.yimg.com				*.youtube.com				bat.bing.com				pixel.logtrackback.com				record.spotgenie.com				s.go-mpulse.net				unpkg.com				ws://*.hotjar.io				wss://*.hotjar.io				cdn.trackjs.com				px.octillion.tv				havertys.demdex.net				cdnjs.cloudflare.com				analytics.tiktok.com				blob:				data:				bytedance:				sslocal:;			connect-src				*.adobeaemcloud.com				*.cordial.io				*.crwdcntrl.net				*.demdex.net				*.doubleclick.net				*.facebook.com				*.google-analytics.com				analytics.google.com				*.analytics.google.com				*.googleapis.com				adservice.google.com				www.google.com				*.havertys.com				*.hotjar.com				*.hotjar.io				*.inside-graph.com				*.mpulse.net				*.omtrdc.net				*.pinterest.com				*.powerreviews.com				*.scene7.com				*.yimg.com				ws://*.hotjar.com				ws://*.inside-graph.com				wss://*.hotjar.com				wss://*.inside-graph.com				*.teads.tv				*.sharethis.com				*.adobedc.net				bat.bing.com				*.adobe.io				*.reputation.com				capture.trackjs.com				c.go-mpulse.net				*.akamaihd.net				*.akstat.io				px.octillion.tv				tr.outbrain.com				api.cloudinary.com				analytics.tiktok.com;			img-src				*				analytics.tiktok.com				data:				blob: 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: *.adopz.com *.admitad.com *.go2pixel.org; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'none'; script-src 'self' blob: https://www.googleanalytics.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/destination https://www.googletagmanager.com/gtag/js https://*.toroinvestimentos.com.br https://*.appcues.com https://*.omappapi.com https://*.hotjar.com https://*.criteo.com https://*.zdassets.com https://*.dyna.santander.com.br https://*.doubleclick.net https://console.brightmountainmedia.com:8443 https://rtb.mfadsrvr.com https://idsync.rlcdn.com https://tags.bluekai.com https://dpm.demdex.net https://image8.pubmatic.com https://c1.adform.net https://static.criteo.net https://*.smaato.net https://secure.adnxs.com https://sync.lemmatechnologies.com https://smaato-match.dotomi.com https://static.elfsight.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.googleadservices.com https://*.bing.com https://static.ads-twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://analytics.twitter.com https://*.clarity.ms https://amplify.outbrain.com https://cdn.mxpnl.com https://cdn.leadster.com.br https://tr.outbrain.com https://www.googleoptimize.com https://*.elfsight.com https://cdn.jsdelivr.net https://optimize.google.com https://cdn.segment.com https://cdn.segment.com/analytics.js/v1/dEgxS0WbxwBB4D8pYXpuVHkpc1VHNG1g/* https://cdn.segment.com/v1/projects/BHxRl9xlC0UlGdM9Nx1Uw6rxQFiyDdHv/settings https://cdn.segment.com/analytics.js/v1/BHxRl9xlC0UlGdM9Nx1Uw6rxQFiyDdHv/* https://cdn.segment.com/v1/projects/dEgxS0WbxwBB4D8pYXpuVHkpc1VHNG1g/settings https://api.segment.com https://api.segment.io https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* http://connect.facebook.net/ http://script.crazyegg.com/ https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com http://embed.typeform.com/next/embed.js https://qu6g7cvb55-vpce-00e4428ecf194cf75.execute-api.sa-east-1.amazonaws.com https://www-hml.toroinvestimentos.com.br https://investing.com https://*.investing.com https://br.investing.com https://test.salesforce.com https://webto.salesforce.com https://dashboard.purplemetrics.com.br https://toroinvestimentosbr.api.useinsider.com https://toroinvestimentosbr.inone.useinsider.com https://segment.api.useinsider.com https://locationv2.api.useinsider.com https://inference.api.useinsider.com https://hit.api.useinsider.com https://image.useinsider.com https://inone.useinsider.com https://assets.api.useinsider.com wss://skeleton-websocket.api.useinsider.com https://skeleton-design-bundle.useinsider.com 'nonce-qbF1NGKIQyrsiUlT9XDNFA=='; connect-src 'self' https://*.vimeo.com/* https://*.toroinvestimentos.com.br wss://*.toroinvestimentos.com.br https://*.hotjar.com wss://*.hotjar.com https://*.mixpanel.com https://*.bing.com https://www.google.com *.omappapi.com https://www.googletagmanager.com https://*.hotjar.io https://*.dyna.santander.com.br/ https://www.google-analytics.com https://*.doubleclick.net https://*.clarity.ms https://app.leadster.com.br https://*.zdassets.com https://*.vimeo.com wss://api.appcues.net https://*.elfsight.com https://*.akamaized.net https://cdn.segment.com/* https://cdn.segment.com/analytics.js/v1/dEgxS0WbxwBB4D8pYXpuVHkpc1VHNG1g/* https://cdn.segment.com/v1/projects/BHxRl9xlC0UlGdM9Nx1Uw6rxQFiyDdHv/settings https://cdn.segment.com/analytics.js/v1/BHxRl9xlC0UlGdM9Nx1Uw6rxQFiyDdHv/* https://cdn.segment.com/v1/projects/dEgxS0WbxwBB4D8pYXpuVHkpc1VHNG1g/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://api.segment.com https://api.segment.io https://script.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://qu6g7cvb55-vpce-00e4428ecf194cf75.execute-api.sa-east-1.amazonaws.com https://investing.com https://*.investing.com https://br.investing.com https://segment.api.useinsider.com https://locationv2.api.useinsider.com https://inference.api.useinsider.com https://hit.api.useinsider.com https://unification.useinsider.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://skeleton-template-generator.api.useinsider.com https://inone.useinsider.com https://cronus.useinsider.com; style-src 'self' https://*.omappapi.com https://*.googleapis.com https://*.appcues.com https://optimize.google.com https://embed.typeform.com/next/css/widget.css https://dashboard.purplemetrics.com.br https://toroinvestimentosbr.api.useinsider.com https://segment.api.useinsider.com https://locationv2.api.useinsider.com https://inference.api.useinsider.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com https://skeleton-design-bundle.useinsider.com https://hit.api.useinsider.com https://assets.api.useinsider.com 'unsafe-inline'; form-action 'self' https://investing.com https://*.investing.com https://br.investing.com https://*.toroinvestimentos.com.br https://webto.salesforce.com https://test.salesforce.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com; img-src 'self' https://*.toroinvestimentos.com.br https://*.hotjar.com https://*.criteo.com https://infoproduct-admin-api-dev.s3.sa-east-1.amazonaws.com https://infoproduct-admin-api-hml.s3.sa-east-1.amazonaws.com https://infoproduct-admin-api-prd.s3.sa-east-1.amazonaws.com https://tapestry.tapad.com https://t.myvisualiq.net https://dpm.demdex.net https://*.adnxs.com https://tags.bluekai.com https://idsync.rlcdn.com https://www.facebook.com https://t.co https://*.media.net https://*.omappapi.com https://*.outbrain.com https://*.taboola.com https://*.360yield.com https://*.bidswitch.net https://*.digitaleast.mobi https://smaato-match.dotomi.com https://*.casalemedia.com https://*.advertising.com https://*.yahoo.com https://www.google.com https://www.google-analytics.com https://*.smaato.net https://www.googletagmanager.com https://www.google.com.br https://*.doubleclick.net https://tr.outbrain.com https://*.bing.com https://*.clarity.ms https://optimize.google.com https://analytics.twitter.com https://analytics.twitter.com/i/adsct https://dashboard.purplemetrics.com.br https://toroinvestimentosbr.api.useinsider.com https://segment.api.useinsider.com https://locationv2.api.useinsider.com https://inference.api.useinsider.com https://hit.api.useinsider.com https://log.api.useinsider.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com https://assets.api.useinsider.com; frame-ancestors 'self' https://www-hml.toroinvestimentos.com.br https://*.toroinvestimentos.com.br https://investing.com https://*.investing.com https://br.investing.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com; manifest-src 'self'; base-uri 'self'; child-src 'self'; media-src 'self' https://player.vimeo.com https://vod-progressive.akamaized.net/ https://*.vimeo.com https://*.akamaized.net https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com; report-uri /api/csp-reporting api/csp-reporting; report-to csp-endpoint; font-src 'self' https://skeleton-design-bundle.useinsider.com; frame-src 'self' blob: https://toroctvm.secure.force.com https://hom-toroctvm.cs90.force.com https://*.criteo.com https://*.hotjar.com https://*.doubleclick.net https://*.vimeo.com https://castbox.fm https://*.castbox.fm https://optimize.google.com https://*.toroinvestimentos.com.br https://form.typeform.com/ https://investing.com https://*.investing.com https://br.investing.com https://*.omappapi.com https://toroinvestimentosbr.api.useinsider.com https://segment.api.useinsider.com https://locationv2.api.useinsider.com https://inference.api.useinsider.com https://hit.api.useinsider.com https://skeleton-design-bundle.useinsider.com https://image.useinsider.com wss://skeleton-websocket.api.useinsider.com https://inone.useinsider.com; object-src 'self' https://cdn.toroinvestimentos.com.br; worker-src 'self'; 1
frame-ancestors 'self' https://manage.ogj.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; child-src 'self' blob:; style-src 'unsafe-inline' https:; 1
frame-ancestors chrome-extension://epanfjkfahimkgomnigadpkobaefekcd moz-extension://* extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://aoiapjnkkimandkmllpbbfibbjemajbe chrome-extension://dfaleoajblhimpndjfbbkjcmljpjlfag chrome-extension://ppkofofimalnamcjdggombidedepiank chrome-extension://minegaflpmhpgcljobidelncnbninamh chrome-extension://mlggofnbkhmpmlaljfhbalkhlpijbloa chrome-extension://epanfjkfahimkgomnigadpkobaefekcd chrome-extension://eeailkpdijpamdldjjgdlpfanjiaedhh chrome-extension://ncbdopfjdekodallgdaigpinkpgddbak chrome-extension://cmfieleahpabhdppbjfmjbhhglaehehb chrome-extension://cagfaclfinjmbofdnojnioiojelknjok chrome-extension://enjlhglffhjmbcdlhineoaaeblmcekmp 1
default-src 'unsafe-inline' 'unsafe-eval' localhost:10080 *.telexpress.com *.kfcclub.com.tw https://google.com/pay www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.google.com *.google.com.tw *.googleapis.com *.facebook.net *.facebook.com *.gstatic.com *.3rdchannel.com.tw *.doubleclick.net pt.amnetgroup.com.tw pt.cymmetrics.com.tw match.adsrvr.org s.yimg.com bat.bing.com sp.analytics.yahoo.com static.masterpass.com www.youtube.com google-analytics.com s.yime.com d.line-scdn.net techatbot-kfc.3rdchannel.com.tw jscdn.appier.net sin.creativecdn.com *.c.appier.net https://asia.creativecdn.com asia-east2-dsp-resolution.cloudfunctions.net *.techsolutions.com.tw track.tamedia.com.tw insight *.adsrvr.org ssp.hinet.net https://hidsp.hinet.net js.appboycdn.com use.fontawesome.com sdk.iad-06.braze.com braze-images.com *.fullstory.com shopback.go2cloud.org cdn.id5-sync.com https://id5-sync.com tags.crwdcntrl.net bcp.crwdcntrl.net kfctw.api.useinsider.com *.useinsider.com f1.zenclerk.com wss://visitor-fleet.zenclerk.com dde-store.jrgtw.com appleid.cdn-apple.com www.apple.com *.adotone.com media-cdn-resources.pantheonlab.ai cdnjs.cloudflare.com ;img-src * data:;font-src * data:;frame-src * app:;form-action *.telexpress.com *.kfcclub.com.tw nccnet-ec.nccc.com.tw *.jkopay.com *.line.me line: service.pxpayplus.com pxpayplus.com icp-payment-preprod.icashpay.com.tw icpbridge.azurewebsites.net payment.icashpay.com.tw *.easycard.com.tw; 1
object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; frame-ancestors douglas.bg *.meetanshi.com *.facebook.com https://www.facebook.com 'self'; child-src vars.hotjar.com/ gum.criteo.com/ web.facebook.com/ http: https: blob: 'self' 'unsafe-inline'; default-src s-eu-1.pushpushgo.com/ www.googletagmanager.com/ chimpstatic.com/ static.criteo.net/ connect.facebook.net/ 'self' 'unsafe-inline' 'unsafe-eval'; worker-src s-eu-1.pushpushgo.com fonts.gstatic.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com douglas.bg adm1n.douglas.bg; form-action ipg.icard.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net https://plumrocket.com 'self' 'unsafe-inline'; frame-src www.youtube.com/ www.google.com/ vars.hotjar.com youtube.com gum.criteo.com ws16.hotjar.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com game-clarins.com www.game-clarins.com/ game-clarins.com/ smilemakerscollection.com/ smilemakers.typeform.com/ widget-v4.boxnow.bg/ test-iframe.mokka.bg/ iframe.mokka.bg/ https://test-iframe.mokka.bg/ https://test-iframe.mokka.bg test-iframe.mokka.bg mokka.bg/ lockerplugin.sameday.ro/ lockerplugin.sameday.ro fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.meetanshi.com *.facebook.net *.facebook.com https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ chimpstatic.com/mcjs-connected/js/users/8cac95b959a479510dfb49d21/b03d81b3e426b908f06470560.js www.google.com/recaptcha/ www.googletagmanager.com s-eu-1.pushpushgo.com/ s-eu-1.pushpushgo.com/js/60b489888ad745ed8b51a212.js www.gstatic.com/ static.hotjar.com/ script.hotjar.com ipg.icard.com douglas.bg static.criteo.net sslwidget.criteo.com gum.criteo.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com/ cdn.pushpushgo.com/ assets.arukereso.com/aku.min.js pushpushgo.com/ widget-cdn.boxnow.bg/map-widget/client/v4.js widget-cdn.boxnow.bg/ cdn.sameday.ro/locker-plugin/lockerpluginsdk.js assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ *.meetanshi.com *.facebook.net *.facebook.com releva.ai https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.sameday.ro/locker-plugin/lockerpluginsdk.css *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com releva.ai tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences www.magecomp.com meetanshi.com amasty.com douglas.bg adm1n.douglas.bg script.hotjar.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com simage2.pubmatic.com/ ad.sxp.smartclip.net/ criteo-partners.tremorhub.com/ a.twiago.com/ sp.analytics.yahoo.com/ ads.yahoo.com/ ib.adnxs.com/ secure.adnxs.com/ x.bidswitch.net/ cm.g.doubleclick.net/ visitor.omnitagjs.com/ r.casalemedia.com/ widgets.magentocommerce.com ad.360yield.com/ gum.criteo.com/ dis.criteo.com/ adm1n.douglas.bg/ contextual.media.net/ exchange.mediavine.com/ idsync.rlcdn.com magezon.com magecomp.com sync.outbrain.com/ pixel.rubiconproject.com/ s.ad.smaato.net/ match.sharethrough.com/ rtb-csync.smartadserver.com/ sync-t1.taboola.com/ criteo-sync.teads.tv ups.analytics.yahoo.com/ ad.yieldlab.net sync-criteo.ads.yieldmo.com beacon.krxd.net/ eb2.3lift.com/ bemedio.com/ pazaruvaj.com/ www.pazaruvaj.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com *.ftcdn.net *.behance.net i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com *.gstatic.com data: 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net analytics.google.com in.hotjar.com in.hotjar.com/ ws16.hotjar.com ipg.icard.com region1.analytics.google.com hotjar.com s-eu-1.pushpushgo.com fonts.gstatic.com static-a.pushpushgo.com tools.ietf.org/ tools.ietf.org/html/ tools.ietf.org/html/rfc3492 tools.ietf.org/html/rfc3986 api.pushpushgo.com cdn.pushpushgo.com douglas.bg socialplugin.facebook.net ingest.sentry.io ws28.hotjar.com/ ws28.hotjar.com/api/v2/sites/1344309/recordings/content wss://ws28.hotjar.com/api/v2/client/ws assets.arukereso.com pazaruvaj.com arukereso.hu https://www.youtube.com/ vc.hotjar.io dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com releva.ai localhost https://www.google-analytics.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://max.niceincontact.com; 1
frame-ancestors https://*.nucleussoftware.com 1
connect-src 'self' https://api.suraenlinea.com https://api-flujo-ventas-digitales.herokuapp.com https://integrador-sura-sel.herokuapp.com https://maestros-ventas-digitales-pdn.herokuapp.com undefined https://validar-identidad.herokuapp.com https://ohs-ventas-movilidad-pdn.herokuapp.com https://ohs-ventas-digitales-soat-pdn.herokuapp.com https://api-flujo-ventas-soat-pdn.herokuapp.com https://*.ca.com https://*.hotjar.com wss://*.hotjar.com https://syndication.twitter.com/settings https://*.optimonk.com wss://*.tawk.to wss://*.zopim.com https://*.segurossura.com.co https://by2.uservoice.com https://segurossura.com.co https://*.wisepops.com https://nominatim.openstreetmap.org https://*.prismic.io https://*.cdn.prismic.io https://*.googlevideo.com https://tagmanager.google.com/debug https://assets.uvcdn.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://pgr-qa-api.pagerinc.com https://*.pager.com https://*.segurossura.com  https://*.amazonaws.com http://*.ecosistemadigitalsura.com https://appslab.suranet.com https://*.inbenta.com https://*.inbenta.io https://*.salesforce.com https://sura-sel-pagos-lab.herokuapp.com https://sura-sel-pagos-test.herokuapp.com https://api-sura-sel-pagos.herokuapp.com https://ohs-ventas-movilidad-pdn.herokuapp.com https://in.hotjar.com https://vc.hotjar.io https://apisaluddigital.suraenlinea.com https://*.fontawesome.com https://1t2v7xafne.execute-api.us-east-1.amazonaws.com https://ybsd9lvv2g.execute-api.us-east-1.amazonaws.com https://worldtimeapi.org https://*.secure.force.com https://www.google-analytics.com https://api.ipify.org https://fd-ecosistemadigitalpersonas-dllo-001.azurefd.net https://apidigital.segurossura.com.co https://stats.g.doubleclick.net https://analytics.google.com https://*.suracovid-test.form.io/seguroplaneligetest https://*.form.io/ https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://directline.botframework.com wss://directline.botframework.com https://*.hotjar.io https://*.uc.r.appspot.com https://*.linkedin.oribi.io https://*.teads.tv https://*.clarity.ms https://*.tiktok.com https://apidigital.suraenlinea.com https://*.creativecdn.com;script-src 'self' https://agendamientogrmovilidad.z13.web.core.windows.net https://*.ca.com https://*.bkrtx.com https://*.gstatic.com https://*.sociomantic.com https://*.ads-twitter.com https://*.thacomo.com https://*.wisepops.com https://by2.uservoice.com https://www.suraenlinea.com https://*.prismic.io https://*.cdn.prismic.io https://cdn.syndication.twimg.com https://js.stripe.com https://s.ytimg.com  https://*.uservoice.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.visualwebsiteoptimizer.com https://www.googleadservices.com https://connect.facebook.net https://*.twitter.com https://pgr-qa-api.pagerinc.com https://*.pager.com https://*.segurossura.com https://*.amazonaws.com http://*.ecosistemadigitalsura.com https://*.google.com https://*.zopim.com https://*.optimonk.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.inbenta.io 'unsafe-inline' 'unsafe-eval' https://assets.uvcdn.com https://*.suraenlinea.com https://*.hotjar.com https://*.fontawesome.com https://service.force.com https://p.teads.tv/teads-fellow.js https://*.salesforce.com https://*.secure.force.com https://snap.licdn.com https://px.sunmedia.tv https://agendamientocsmovilidad.z13.web.core.windows.net https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://*.clarity.ms https://*.tiktok.com https://*.adnxs.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.yimg.com https://*.go2aluna.co https://cdn.stape.io https://*.creativecdn.com;img-src 'self' https://api.suraenlinea.com data:  https://pop.thacomo.com https://static.placetopay.com https://pbs.twimg.com https://*.wisepops.com https://*.twimg.com https://dev.visualwebsiteoptimizer.com https://res.cloudinary.com https://*.prismic.io https://*.cdn.prismic.io https://www.segurossura.com.co https://prismic-io.s3.amazonaws.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://www.facebook.com https://*.twitter.com https://t.co https://www.google.com.co http://www.sura.com https://tagmanager.google.com/debug https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.inbenta.io https://s3-us-west-2.amazonaws.com https://*.fontawesome.com https://*.gstatic.com https://*.teads.tv https://alunatrack.g2afse.com https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://*.googletagmanager.com https://*.ads.linkedin.com https://*.clarity.ms https://*.linkedin.com https://*.bing.com;media-src https://www.youtube.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.fontawesome.com https://*.teads.tv https://*.inbenta.io data:; style-src 'self'  https://agendamientogrmovilidad.z13.web.core.windows.net https://*.optimonk.com https://fonts.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css https://cdn.jsdelivr.net https://pro.fontawesome.com/releases/v5.10.2/css/all.css https://tagmanager.google.com/debug/css.css https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.fontawesome.com https://translate.googleapis.com https://*.inbenta.io https://optimize.google.com https://service.force.com https://*.teads.tv https://*.secure.force.com https://agendamientocsmovilidad.z13.web.core.windows.net https://*.unpkg.com/formiojs@latest/dist/formio.full.min.css https://cdn.botframework.com https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud 'https://www.googletagmanager.com 'unsafe-inline'; 1
default-src 'none'; object-src https://public.tableau.com/ https://www.youtube.com; frame-src https://public.tableau.com/ https://www.youtube.com https://platform.twitter.com https://prodcom.shinyapps.io; connect-src 'self' https://public.tableau.com/ https://u.clarity.ms/ https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://s.clarity.ms/collect https://www.google-analytics.com/g/collect; font-src 'self' https://fonts.gstatic.com; img-src * 'self' https://www.google-analytics.com https://www.pc.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.tableau.com/ https://pc-search.squiz.cloud/ https://platform.twitter.com https://connect.facebook.net https://code.highcharts.com https://www.gstatic.com/charts/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.hoverintent/1.10.1/jquery.hoverIntent.min.js https://cdnjs.cloudflare.com/ajax/libs/superfish/1.7.10/js/superfish.min.js https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://code.jquery.com/jquery-3.5.1.min.js https://code.jquery.com/ui/1.11.1/jquery-ui.js https://www.clarity.ms/s/0.7.20/clarity.js https://www.clarity.ms/tag/ffxb5mrha5 https://www.google-analytics.com/analytics.js https://www.google.com/jsapi https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/superfish/1.7.10/css/ https://code.jquery.com/ui/1.11.1/themes/smoothness/ https://fonts.googleapis.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google.com www.gstatic.com static.clevertap.com checkout.razorpay.com storage.googleapis.com www.google-analytics.com www.googletagmanager.com www.google-analytics.com d2r1yp2w7bby2u.cloudfront.net wzrkt.com; img-src 'self' data: d35m20fiakq0qn.cloudfront.net d1ixo36kppfedg.cloudfront.net lqp-imgs.s3.ap-south-1.amazonaws.com www.google-analytics.com www.google.com www.google.co.in; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com ;frame-src 'self' data: www.google.com api.razorpay.com d1ixo36kppfedg.cloudfront.net; connect-src 'self' d1ixo36kppfedg.cloudfront.net analytics.google.com www.google-analytics.com lumberjack.razorpay.com stats.g.doubleclick.net firebase.googleapis.com firebaseinstallations.googleapis.com o256629.ingest.sentry.io www.googletagmanager.com;object-src 'self' d1ixo36kppfedg.cloudfront.net; 1
report-uri https://www.karawangkab.go.id; 1
connect-src 'self' https:; default-src 'none'; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookie-cdn.cookiepro.com *.cloudflare.com *.google.com *.globalrelay.com *.google-analytics.com *.googletagmanager.com *.parsely.com  *.usemessages.com optimize.google.com *.googleoptimize.com *.hs-banner.com *.hs-analytics.net *.hs-scripts.com *.hsforms.com *.hsforms.net js.hsleadflows.net *.hsadspixel.net *.googleadservices.com *.greenhouse.io *.wp.com *.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline'  optimize.google.com *.bootstrapcdn.com ybug.io pagecdn.io fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: ; font-src 'self' 'unsafe-inline' fonts.gstatic.com data:  *.bootstrapcdn.com pagecdn.io; media-src 'self'  blob:; form-action 'self' *.hsforms.com; frame-ancestors 'self' compliance.login.globalrelay.com global-relay-staging.go-vip.net www-globalrelay-com-downloads.go-vip.net controlcenter.globalrelay.com *.globalrelay.com; frame-src 'self' *.megaphone.fm globalrelay.uberflip.com *.greenhouse.io global-relay-staging.go-vip.net www-globalrelay-com-downloads.go-vip.net *.globalrelay.com *.gotoassist.com *.hsforms.com *.youtube.com *.vimeo.com *.hsappstatic.net optimize.google.com 1
default-src data: https: 'self';     script-src https: 'self' 'unsafe-inline' 'unsafe-eval';     style-src https: 'self' 'unsafe-inline';     frame-ancestors https: 'self' *.youtube.com *.prton.kisti.re.kr *.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com cdnjs.cloudflare.com;  connect-src 'self';  img-src 'self' data: mobi.askart.com www.askart.com ;  font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com;  style-src 'self' 'unsafe-inline' *.kaspersky-labs.com fonts.googleapis.com fonts.gstatic.com  cdnjs.cloudflare.com;  script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://www.leica-microsystems.com https://www.leica-microsystems.com.cn; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.tnx.it *.tnx.it ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com/gtag/js googleads.g.doubleclick.net maps.googleapis.com/; frame-src 'self' maps.googleapis.com/; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' *.ultrasignup.com; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.cl doctoraliaone-cl2-candidate.azurewebsites.net 1
default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules' *.thirdweb.com *.thirdweb-dev.com vercel.live js.stripe.com pg.paper.xyz; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content; 1
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; 1
base-uri 'none'; child-src 'self' https://td.doubleclick.net https://www.youtube-nocookie.com https://widget.trustpilot.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://stats.g.doubleclick.net https://logs1412.xiti.com https://zkkwkzt.pa-cd.com https://bat.bing.com https://pagead2.googlesyndication.com; default-src 'self' 'report-sample' https://*.e-i.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://*.e-i.com https://www.google.com https://www.google.fr https://bat.bing.com https://i.ytimg.com https://www.facebook.com https://manager.tagcommander.com; navigate-to https:; object-src 'none'; report-uri ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.e-i.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.tagcommander.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://*.e-i.com 1
frame-ancestors 'self' https://studio.fancentro.com https://agency.fancentro.com https://agency-new.fancentro.com http://localhost:* 1
frame-ancestors 'self' *.trefis.com *.gwinvestors.com https://www.gwinvestors.com https://www.thinkhub.ai; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' https://c.disquscdn.com https://disqus.com/ https://78e90748.flowpaper.com/; child-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://*.partnerbookingkit.com/ https://cdn.ingo.me; connect-src 'self' http://sentry.utdev.com/ https://links.services.disqus.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://polo.feathr.co/ https://bam.nr-data.net/ https://www.googletagmanager.com/ https://*.partnerbookingkit.com/ https://submit.jotform.com/ https://ausa.careerwebsite.com/ https://cdn.ingo.me https://app.ingo.me https://78e90748.flowpaper.com/ https://px.ads.linkedin.com/wa/; font-src 'self' https:; frame-src 'self' https://ausa-a.akamaihd.net/ https://submit.jotform.com/ https://*.jotform.com/ https://www.youtube.com/ https://disqus.com/ https://www.facebook.com/ https://www.podbean.com/ https://info.ausa.org/ https://www.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://*.google.com/ https://submit.jotform.us/ https://www.arcgis.com/ https://cdn.ingo.me https://11098073.fls.doubleclick.net https://static.addtoany.com/ https://78e90748.flowpaper.com/ARMYOct2021GreenBook/ https://www.dvidshub.net https://player.vimeo.com/ https://glac-ausa.forms-db.com/ https://bid.g.doubleclick.net/ https://fast.wistia.net/ https://www.dvidshub.net/ https://newassets.hcaptcha.com/ https://platform.twitter.com/ https://*.flowpaper.com https://ausa.force.com/ https://td.doubleclick.net/ https://my.matterport.com/; img-src 'self' https: data:; media-src 'self' https:; object-src 'self'; script-src 'self' 'unsafe-eval' https://form.jotform.com/* https://form.jotform.com/ https://code.jquery.com/ https://secure.polldaddy.com/ https://www.googletagmanager.com/ https://cdn.jotfor.ms/ https://www.google-analytics.com/ https://snap.licdn.com/ https://*.partnerbookingkit.com/ https://jotform.com/ https://*.jotform.com/ https://ausaorg.disqus.com https://*.disquscdn.com https://disqus.com https://c.disquscdn.com https://g.adspeed.net https://cdn.ingo.me https://js-agent.newrelic.com https://connect.facebook.net https://secure.quantserve.com https://www.vbt.io https://cdn.feathr.co https://a.smtrk.net/ https://polo.feathr.co https://78e90748.flowpaper.com/ https://preprod-ausa.utstaging.com addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://tagmanager.google.com https://cdn.jotfor.ms/ https://*.partnerbookingkit.com/ https://cdn.ingo.me https://78e90748.flowpaper.com/ addtocalendar.com fonts.googleapis.com https://use.typekit.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-elem * 'unsafe-inline'; worker-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://www.googletagmanager.com/ https://cdn.ingo.me; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.backstreetmerch.com https://*.livenationmerch.com https://www.joestrummer.com https://eustore.rogerwaters.com https://www.trailerparkboysmerch.com https://store.niallhoran.com https://shop.thebodycoach.com https://merchandise.footballmanager.com https://shop.little-mix.com https://shop.shanefilan.com https://merch.bulletformyvalentine.com https://merch.raksu-official.com https://feedmerch.com https://shop.demob-happy.com/ 1
report-uri https://41dab89c1baac89cfe2fa37a5d248070.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://widget.senja.io https://edge.redirect.pizza wss://realtime-pusher.ably.io https://www2.profitwell.com https://*.quora.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://api-eu.mixpanel.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;default-src 'self';form-action 'self' https://github.com/login/oauth/authorize https://accounts.google.com/o/oauth2/auth https://appleid.apple.com/auth/authorize;img-src 'self' data: https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat https://senjaio.b-cdn.net https://ik.imagekit.io https://enflow.imgix.net https://enflow-proxy.imgix.net https://files.enflow.nl https://cdnjs.cloudflare.com https://ucarecdn.com https://cdn.paddle.com https://*.quora.com https://gh-card.dev https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.linkedin.com https://*.ads.linkedin.com;media-src 'self' https://client.crisp.chat;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://settings.crisp.chat https://static.senja.io https://senja-assets.b-cdn.net https://cdn.paddle.com https://*.profitwell.com https://polyfill.io https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.quora.com https://app.cal.com https://snap.licdn.com https://app.algomo.com;style-src 'self' 'unsafe-inline' https://client.crisp.chat https://cdn.paddle.com https://fonts.googleapis.com https://app.algomo.com;font-src 'self' data: https://client.crisp.chat https://fonts.gstatic.com;frame-src 'self' https://game.crisp.chat https://buy.paddle.com https://subscription-management.paddle.com/ https://sandbox-subscription-management.paddle.com/ https://app.cal.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube-nocookie.com https://app.algomo.com;worker-src data: https://redirect.pizza/service-worker.js 1
frame-ancestors 'self' http://stfrontdeskstg.smartone.com http://stfrontdesk.smartone.com http://smartone-pro.redso.com.hk https://smartone-pro.redso.com.hk https://smartoneplus.s-rewards.hk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://online.weba.ru https://www.youtube.com https://www.google.com https://www.gstatic.com https://counter.yadro.ru https://mc.yandex.ru https://player.vimeo.com https://s.ytimg.com https://fonts.googleapis.com https://updates.themepunch-ext-a.tools https://mc.yandex.ru/metrika ;               font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com;               report-uri https://secure.weba.ru/csp/collector.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.haptikapi.com *.firsthive.com *.hellohaptik.com https: data: ws: blob:; frame-src 'self' *.youtube.com *.clubmahindra.com *.airda.org *.google.com  *.firsthive.com *.googleapis.com *.gumlet.com *.gumlet.io *.notifyvisitors.com *.facebook.com *.doubleclick.net; frame-ancestors 'self'  *.clubmahindra.com *.airda.org *.google.com *.firsthive.com *.googleapis.com *.gumlet.com *.gumlet.io *.notifyvisitors.com *.facebook.com *.doubleclick.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.gumlet.com *.outbrain.com *.saleassist.ai https://static.saleassist.ai/widgets/widget.js https://taggbox.com/club-mahindra/static/js/main.6d037b65.chunk.js https://taggbox.com/club-mahindra/static/js/2.60e1ce78.chunk.js *.api.taggbox.com *.taggbox.com *.cloudflareinsights.com *.haptik.me  *.firsthive.com *.googleapis.com *.facebook.net *.twitter.com *.google-analytics.com *.google.com *.cloudflare.com ads-twitter.com static.clevertap.com *.googletagmanager.com www.gstatic.com *.google-analytics.com *.twitter.com *.cloudfront.net connect.facebook.net *.doubleclick.net *.jquery.com *.twitter.com toolassets.haptikapi.com connect.facebook.net *.googleadservices.com s7.addthis.com *.notifyvisitors.com cdnjs.cloudflare.com *.skyscanner.net *.doubleclick.net devcmh.mhril.in in1.wzrkt.com api.saveonuat.com api.saveonuat.com mahindrabookings.saveonuat.com  *.clubmahindra.com  *.firsthive.com *.googleapis.com *.izooto.com toolassets.haptikapi.com cdn.izooto.com d2r1yp2w7bby2u.cloudfront.net wzrkt.com *.notifyvisitors.com maps.googleapis.com netdna.bootstrapcdn.com ajax.googleapis.com cdn.datatables.net *.haptikapi.com blob:; font-src 'self' *.taggbox.com *.bootstrapcdn.com *.firsthive.com *.googleapis.com *.gstatic.com cdn.rawgit.com *.haptikapi.com;  connect-src 'self' *.saleassist.ai *.api.taggbox.com *.taggbox.com  *.firsthive.com *.google-analytics.com *.google.com *.hellohaptik.com *.haptikapi.com *.haptik.me ws: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org data: https://aykutcevik.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; child-src 'self' https://wp-themes.com ; frame-ancestors 'none'; object-src 'self'; base-uri 'self'; form-action 'self'; connect-src 'self';  1
frame-ancestors 'self'  *.ccaeducate.me *.brightspacedemo.com *.blenderconnect.com *.elearningontario.ca *.myedio.com *.brightspace.com *.echo-ntn.org *.srgtech.com *.safarimontage.com *.aacps.org *.agilixbuzz.com *.instructure.com *.savvasrealize.com *.schoology.com *.d2l.com ; 1
frame-ancestors 'self' www.citiprogram.org; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.signs.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.ctctcdn.com https://cdnjs.cloudflare.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.9/dist/js/bootstrap-select.min.js https://www.give.org https://code.jquery.com http://code.jquery.com https://cdn.jsdelivr.net/npm/chart.js@2.8.0; style-src 'self' 'unsafe-inline' *.ctctcdn.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *; img-src 'self' www.googletagmanager.com *.ctctcdn.com https://script.hotjar.com http://script.hotjar.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *; media-src 'self' data: blob: *; frame-src 'self' *.google.com https://vars.hotjar.com https://portal.give.org/ *; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' *.ctctcdn.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com * http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; 1
default-src 'self' www.firestorm.ch *.firestorm.de fonts.googleapis.com *.server2sms.com *.googleapis.com use.fontawesome.com *.gstatic.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com *.firestorm.ch www.google.com *.google.ch *.w3.org *.clickcease.com *.youtube.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' data:; object-src 'self' data: 'unsafe-eval'; frame-src www.firestorm.ch www.firestorm.de *.youtube.com *.google.com 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.gravatar.com cdnjs.cloudflare.com cdnjs.com freebsdfoundation.org liberapay.com github.com; 1
default-src 'none'; style-src 'nonce-270FC06BEFF1BEAE7402F76F08CB98D16413F90BEE70ED6CEBF4E886FE31D8BA' 'self'; script-src 'none'; img-src 'self'; base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://res.cloudinary.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://www.google.com https://*.iriworldwide.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.bing.com https://*.cloudfront.net https://*.sharethis.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.salesforceliveagent.com https://service.force.com https://mpsnare.iesnare.com https://*.jsdelivr.net https://www.googleadservices.com https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.google.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://ws.sharethis.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://service.force.com https://*.hormel.com https://*.jsdelivr.net https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.iriworldwide.com wss://ws.pusherapp.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pusher.com https://*.sharethis.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://service.force.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
frame-ancestors 'self' https://yaware.com/; 1
object-src 'none'; base-uri 'self'; 1
default-src 'self'; font-src 'self' data: https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://script.hotjar.com https://consent.trustarc.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css https://static.cloud.coveo.com https://engage.aveva.com https://tagmanager.google.com https://fonts.googleapis.com; object-src 'self'; child-src 'self' https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ ujet.co *.ujet.co; connect-src 'self' https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://w.clarity.ms/collect https://z.clarity.ms/ https://s.clarity.ms https://track.accountinsight.cloud/ https://lonrtp1.marketo.com/ https://pagestates-tracking.crazyegg.com/* https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink https://tag-logger.demandbase.com/bg9s https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://lonrtp1.marketo.com/gw1/ga/sgm https://track.accountinsight.cloud/track/hide/95/239082904 https://track.accountinsight.cloud/track/show/95/239082904 https://osisoftprodqov7t0yy.analytics.org.coveo.com https://osisoftprodqov7t0yy.org.coveo.com https://static.cloud.coveo.com https://osisoftprodqov7t0yy.admin.org.coveo.com https://l.sharethis.com *.google-analytics.com *.analytics.google.com https://www.buzzsprout.com https://platform-api.sharethis.com https://script.crazyegg.com https://region1.google-analytics.com http://region1.google-analytics.com region1.google-analytics.com https://region1.analytics.google.com http://region1.analytics.google.com region1.analytics.google.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://*.b0e8.com https://*.bc0a.com http://*.b0e8.com http://*.bc0a.com https://*.google-analytics.com https://*.analytics.google.com http://*.google-analytics.com http://*.analytics.google.com https://region1.google-analytics.com/g/collect* https://region1.analytics.google.com/g/collect* https://cdn.linkedin.oribi.io/partner/265491/domain/aveva.com/token https://api.company-target.com http://api.company-target.com https://company-target.com http://company-target.com https://segments.company-target.com http://segments.company-target.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://analytics.cloud.coveo.com https://consent-pref.trustarc.com https://platform.cloud.coveo.com https://s7.addthis.com https://sfgw.leadspace.com https://engage.aveva.com https://986-yis-805.mktoresp.com https://stats.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://connect.facebook.net/ https://vc.hotjar.io https://in.hotjar.com https://*.demdex.net https://api.company-target.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://aveva.tt.omtrdc.net https://m.addthis.com; img-src 'self' data report-uri: https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://c.bing.com https://attr.ml-api.io/ https://d.adroll.com/ https://c.clarity.ms/ https://ad.doubleclick.net https://s.ml-attr.com/getuid https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://td.doubleclick.net https://insight.adsrvr.org https://ad.doubleclick.net/activity https://www.buzzsprout.com https://platform-cdn.sharethis.com https://platform-api.sharethis.com https://s.ml-attr.com/getuid* https://region1.google-analytics.com http://region1.google-analytics.com region1.google-analytics.com https://region1.analytics.google.com http://region1.analytics.google.com region1.analytics.google.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ *.google-analytics.com https://px4.ads.linkedin.com/collect* *.analytics.google.com https://www.google.co.uk/pagead/1p-user-list/9863a06368/* https://px4.ads.linkedin.com/collect* https://id.rlcdn.com/464526.gif https://www.google.co.uk/ads/ga-audiences* https://script.hotjar.com http://script.hotjar.com https://consent-pref.trustarc.com https://analytics.twitter.com https://bat.bing.com https://engage.aveva.com https://consent.trustarc.com https://ssl.gstatic.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://secure.adnxs.com https://sdk.yoyi.com.cn https://mapping.yoyi.com.cn https://segments.company-target.com https://t.co https://connect.facebook.net https://*.demdex.net https://match.prod.bidr.io https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://avevaenglishdev.112.2o7.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://www.clarity.ms https://www.clarity.ms/s/0.7.18/clarity.js https://d.adroll.com/ https://s.adroll.com/j/roundtrip.js https://t.sharethis.com/ https://c.clarity.ms/ https://s.adroll.com/j/roundtrip.js https://pixel.mathtag.com/event/js https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js https://lonrtp1.marketo.com/gw1/trw https://lonrtp1.marketo.com/gw1/msg https://www.clarity.ms/s/0.7.13/clarity.js https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://td.doubleclick.net https://insight.adsrvr.org https://ad.doubleclick.net/activity https://ad.doubleclick.net https://count-server.sharethis.com https://buttons-config.sharethis.com https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1.marketo.com/gw1* https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js https://www.clarity.ms/s/0.7.10/clarity.js https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js https://platform-api.sharethis.com/js/sharethis.js https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://hud.crazyegg.com https://ftrk.crazyegg.com https://script.crazyegg.com https://vector.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com http://hud.crazyegg.com http://ftrk.crazyegg.com http://script.crazyegg.com http://vector.crazyegg.com http://tracking.crazyegg.com http://assets-tracking.crazyegg.com http://pagestates-tracking.crazyegg.com https://api.brightedge.com https://*.b0e8.com https://*.bc0a.com http://api.brightedge.com http://*.b0e8.com http://*.bc0a.com https://script.crazyegg.com/pages/scripts/0116/7658.js https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js* https://s.adroll.com/j/exp/5TODA6DLONELRNGZWU5E3D/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/fpconsent.js https://d.adroll.com/consent/check/5TODA6DLONELRNGZWU5E3D* https://www.clarity.ms/eus-e/s/0.7.2/clarity.js https://block.opendns.com https://www.clarity.ms/tag/uet/137010788 https://cdn.pdst.fm/ping.min.js https://www.google.com https://scripts.demandbase.com http://scripts.demandbase.com https://tag.demandbase.com http://tag.demandbase.com https://static.hotjar.com https://script.hotjar.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/* https://static.cloud.coveo.com https://cdn.jsdelivr.net https://ajax.cloudflare.com https://z.moatads.com https://bat.bing.com https://sfc.leadspace.com https://cdn.thinglink.me https://sfc.leadspace.com https://consent.trustarc.com https://munchkin.marketo.net https://engage.aveva.com https://tagmanager.google.com https://www.googletagmanager.com https://polyfill.io https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://track.accountinsight.cloud https://view.ceros.com https://okt.to https://analytics.twitter.com https://script.hotjar.com https://tag.demandbase.com https://static.ads-twitter.com http://clientservices.googleapis.com https://static.hotjar.com https://static.oktopost.com https://www.googletagmanager.com http://r2---sn-ci5gup-cvhz.gvt1.com http://r4---sn-qxaeen7e.gvt1.com http://redirector.gvt1.com http://update.googleapis.com http://www.gstatic.com https://js.driftt.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://noembed.com *.adobe.com google-analytics.com *.google-analytics.com https://fast.wistia.net http://fast.wistia.com http://vimeo.com https://vimeo.com https://*.vimeo.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.youtube.com https://s.ytimg.com https://v1.addthisedge.com  https://m.addthis.com https://graph.facebook.com; frame-src 'self' https://cm.g.doubleclick.net/pixel https://cm.g.doubleclick.net/ https://10031696.fls.doubleclick.net/ https://*.fls.doubleclick.net/ https://match.adsrvr.org/ https://t.sharethis.com https://insight.adsrvr.org/ https://td.doubleclick.net/ https://10598578.fls.doubleclick.net/ https://s.company-target.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://ad.doubleclick.net https://ad.doubleclick.net/activity https://td.doubleclick.net https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://*.adobe.com https://www.google.com https://tracker-detail-page.trustarc.com https://vars.hotjar.com https://www.thinglink.com https://engage.aveva.com https://consent-pref.trustarc.com https://consent.trustarc.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://www.w3.org https://view.ceros.com https://vars.hotjar.com https://js.driftt.com https://*.demdex.net https://www.facebook.com https://www.youtube.com https://fast.wistia.net https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://www.slideshare.net; frame-ancestors 'self' https://explore.osisoft.com https://osisoft.lookbookhq.com https://osisoft.pathfactory.com https://discover.aveva.com https://aveva.pathfactory.com; 1
default-src 'self' https://storage.kameleoon.com https://static.kameleoon.com https://*.kameleoon.com https://3xhb4v7cn4.kameleoon.eu https://*.kameleoon.io https://www-git.klarmobil.de https://klarmobil.kameleoon.eu https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://klarmobil.kameleoon.eu https://www.gstatic.com/ https://www.google.com https://storage.kameleoon.com https://static.kameleoon.com https://*.kameleoon.com https://3xhb4v7cn4.kameleoon.eu https://*.kameleoon.io https://wave.outbrain.com https://api.fraud0.com https://bt.fraud0.com https://www-git.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://freenet-group.cloudflareaccess.com https://ecom-roaming-notfallkommunkation-git.s3.eu-central-1.amazonaws.com/ https://ecom-roaming-notfallkommunkation-prod.s3.eu-central-1.amazonaws.com/ https://dynamic.criteo.com https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com https://tm.dp.klarmobil.de https://cdn.privacy-mgmt.com https://www.googletagmanager.com https://www.google-analytics.com https://widgets.trustedshops.com https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://embed.binkies3d.com https://az589851.vo.msecnd.net https://bat.bing.com https://connect.facebook.net https://amplify.outbrain.com https://cdn.taboola.com https://content.zeotap.com https://trc.taboola.com https://googleads.g.doubleclick.net https://tr.outbrain.com https://s3-eu-west-1.amazonaws.com https://*.id.opendns.com https://www.googleadservices.com https://dynamic.criteo.com https://sslwidget.criteo.com https://bt.fraud0.com https://wave.outbrain.com; style-src 'self' 'unsafe-inline' https://klarmobil.kameleoon.eu https://www-git.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://freenet-group.cloudflareaccess.com https://ecom-roaming-notfallkommunkation-git.s3.eu-central-1.amazonaws.com/ https://ecom-roaming-notfallkommunkation-prod.s3.eu-central-1.amazonaws.com/ https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com; font-src 'self' https://www-git.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://freenet-group.cloudflareaccess.com https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com https://fonts.gstatic.com data:; img-src 'self' https://static.kameleoon.com https://klarmobil.kameleoon.eu https://ad.doubleclick.net https://jadserve.postrelease.com https://trends.revcontent.com https://e1.emxdgt.com https://jadserve.postrelease.com https://trends.revcontent.com https://e1.emxdgt.com https://downloads.ctfassets.net https://www-git.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://freenet-group.cloudflareaccess.com https://ecom-roaming-notfallkommunkation-git.s3.eu-central-1.amazonaws.com/ https://ecom-roaming-notfallkommunkation-prod.s3.eu-central-1.amazonaws.com/ https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com https://images.ctfassets.net https://media.mdm.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://tm.dp.klarmobil.de https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com https://www.google.de https://kmr-trusted-shops-badge.s3.eu-central-1.amazonaws.com https://az589851.vo.msecnd.net https://tr.outbrain.com https://www.google.be https://bat.bing.com https://trc.taboola.com https://www.google.com https://www.google.de https://www.facebook.com https://www.googletagmanager.com https://cm.g.doubleclick.net https://match.adsrvr.org https://mwzeom.zeotap.com https://googleads.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://secure.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://dis.criteo.com https://a.twiago.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com blob: data:; connect-src 'self' https://api-eu.mixpanel.com https://client-config.kameleoon.com https://klarmobil.kameleoon.eu https://3xhb4v7cn4.kameleoon.eu https://storage.kameleoon.com https://static.kameleoon.com https://data.kameleoon.io https://editor.kameleoon.com https://api.kameleoon.com https://customers.kameleoon.com https://logger.kameleoon.eu https://da.dp.klarmobil.de/predict https://cds.taboola.com https://pips.taboola.com https://tr.outbrain.com https://storage.kameleoon.eu https://wave.outbrain.com https://api.fraud0.com https://bt.fraud0.com https://www-git.klarmobil.de https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://freenet-group.cloudflareaccess.com https://ecom-roaming-notfallkommunkation-git.s3.eu-central-1.amazonaws.com/ https://ecom-roaming-notfallkommunkation-prod.s3.eu-central-1.amazonaws.com/ https://km-git-components.s3.eu-central-1.amazonaws.com https://km-prod-components.s3.eu-central-1.amazonaws.com https://graphql.contentful.com https://cdn.privacy-mgmt.com https://tm.dp.klarmobil.de https://stats.g.doubleclick.net https://www.klarmobil.de https://klarmobil.de https://roaming.klarmobil.de https://klarmobil.de https://www-git.klarmobil.de https://www-preview.klarmobil.de https://o571954.ingest.sentry.io https://o1173614.ingest.sentry.io https://binkiesproductionweu.servicebus.windows.net https://embed.binkies3d.com https://az589851.vo.msecnd.net https://bat.bing.com https://spl.zeotap.com https://trc.taboola.com https://www.google.be https://www.facebook.com https://trc-events.taboola.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net https://static.adfarm1.adition.com https://measurement-api.criteo.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://api.fraud0.com https://api.klarmobil.de https://graphql.klarmobil.services; object-src 'none'; child-src 'self'; frame-src 'self' https://static.criteo.net https://www.klarmobil.de https://www.google.com/ https://www.youtube-nocookie.com/ https://ecom-roaming-notfallkommunkation-git.s3.eu-central-1.amazonaws.com https://ecom-roaming-notfallkommunkation-prod.s3.eu-central-1.amazonaws.com https://cdn.privacy-mgmt.com https://8508168.fls.doubleclick.net https://s3-eu-west-1.amazonaws.com https://*.id.opendns.com https://gum.criteo.com https://td.doubleclick.net https://fledge.eu.criteo.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' http://content.microfocus.com https://content.microfocus.com 1
frame-ancestors 'self' https://manage.fleetowner.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' blob: federatie.lumc.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.visualwebsiteoptimizer.com app.vwo.com blob: *.lumc.nl *.ytimg.com *.gstatic.com *.hotjar.com dl.episerver.net *.google.com *.googletagmanager.com www.google-analytics.com *.mailplus.nl; style-src 'self' 'unsafe-inline' *.lumc.nl *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.cloudflare.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com dl.episerver.net static.mailplus.nl; img-src 'self' *.ytimg.com blob: data: *.lumc.nl *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.gstatic.com *.hotjar.com www.google-analytics.com stats.g.doubleclick.net dl.episerver.net img.youtube.com www.googletagmanager.com www.google.nl *.cdninstagram.com; font-src 'self' data: *.cloudflare.com *.gstatic.com dl.episerver.net; connect-src *; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com www.google.com *.onlineafspraken.nl *.powerbi.com *.lumc.nl *.youtube.com *.youtube-nocookie.com *.hotjar.com; frame-ancestors 'self' *.albinusnet.nl *.lumc.nl 1
frame-ancestors  *.jjwxc.net  *.jjwxc.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' cdn.ndemiccreations.com https://*.google-analytics.com https://*.googleapis.com https://ajax.googleapis.com https://www.google.com/ https://www.gstatic.com/ https://connect.facebook.net/; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src https:; frame-src 'self' *.youtube.com youtube.com https://www.google.com/; img-src https: data: http://cdn.ndemiccreations.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://www.ndemiccreations.com/csp-report.php 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1
frame-src 'self' https://www.facebook.com/ https://twitter.com/ https://apiv3-chat-api.askmonastudio.com/ https://cdn.askmonastudio.com/ https://www.youtube.com/ https://www.franceculture.fr/ https://embed.radiofrance.fr/ https://www.instagram.com/ https://ws.sharethis.com/ https://w.soundcloud.com/ https://www.google.com/; script-src 'self' 'unsafe-inline' https://matomo.labrmngp.fr https://www.youtube.com https://webapi.affluences.com https://cdn.askmonastudio.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://browser-update.org/update.min.js https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google.com/recaptcha/api.js https://static.affluences.media https://www.gstatic.com https://fonts.googleapis.com https://cdn.askmonastudio.com/askmona.js https://www.facebook.com connect.facebook.net https://twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com https://matomo.labrmngp.fr/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://matomo.labrmngp.fr https://www.youtube.com https://webapi.affluences.com https://cdn.askmonastudio.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://browser-update.org/update.min.js https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google.com/recaptcha/api.js https://static.affluences.media https://www.gstatic.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.instagram.com/embed.js https://count-server.sharethis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://ws.sharethis.com; style-src 'self' 'unsafe-inline' https://static.affluences.media https://fonts.googleapis.com https://ws.sharethis.com/ https://maxcdn.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' *.cloudflarestream.com *.videodelivery.net wss://*.hotjar.com wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klarnacdn.net *.crazyegg.com *.cookieless-data.com sc-static.net *.snapchat.com *.ttwstatic.com  *.makeupar.com *.perfectcorp.com *.cloudflareinsights.com *.global-e.com *.payments-amazon.com *.oct8ne.com *.googleoptimize.com *.teads.tv *.bglobale.com *.dynamicyield.com freshly.botslovers.com.co freshly.botslovers.com s.yimg.com *.dwin1.com awin1.com *.zenaps.com the.sciencebehindecommerce.com *.confirmic.com *.yahoo.com *.segment.com ssl.p.jwpcdn.com unpkg.com *.mondialrelay.com *.trustpilot.com assets.calendly.com www.eventbrite.es *.klaviyo.com *.pinimg.com *.tiktok.com *.ipstatp.com *.pinterest.com *.hotjar.com *.aplazame.com *.adyen.com *.doofinder.com *.checkout.com static.zdassets.com mc.yandex.ru *.talentclue.com yastatic.net http://chs03.cookie-script.com sc-static.net *.cookiebot.com *.google.com *.google.es cdn.optimizely.com cdn3.optimizely.com connect.nosto.com www.gstatic.com *.paypalobjects.com *.paypal.com *.criteo.net *.criteo.com instawidget.net *.github.io *.googleapis.com *.braintreegateway.com *.unpkg.com *.doubleclick.net *.freshlycosmetics.com *.cloudflare.com *.zopim.com *.zopim.io *.bing.com *.googleadservices.com *.lightwidget.com lightwidget.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.facebook.net *.upviral.com *.typeform.com; img-src 'self' blob: *.klarnacdn.net *.dynamicyield.com oct8necdneu.azureedge.net s3.eu-west-1.amazonaws.com *.teads.tv sync.outbrain.com *.criteo.com  *.global-e.com *.bglobale.com freshly.botslovers.com freshly.botslovers.com.co *.awin1.com *.zenaps.com *.trustpilot.com prd.jwpltx.com assets-jpcust.jwpsrv.com *.openstreetmap.org *.mondialrelay.com sage-image-customers.s3.us-west-1.amazonaws.com *.adyen.com *.klaviyo.com *.pinimg.com *.tiktok.com *.ipstatp.com *.pinterest.com *.cdninstagram.com *.instagram.com *.fbcdn.net *.adyen.com *.redsys.es mc.yandex.ru *.prestashop.com maps.googleapis.com *.gstatic.com *.talentclue.com *.doubleclick.net *.cloudinary.com *.google.com *.google.es *.freshlycosmetics.com freshlycosmetics.com *.cloudflare.com *.zopim.com *.zopim.io *.bing.com *.googleadservices.com *.lightwidget.com lightwidget.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.facebook.net *.facebook.com data:; style-src 'self' 'unsafe-inline' *.typekit.net *.crazyegg.com *.ttwstatic.com *.dynamicyield.com *.global-e.com *.typeform.com *.gstatic.com *.bglobale.com *.trustpilot.com *.checkout.com unpkg.com *.mondialrelay.com *.adyen.com *.googleapis.com *.google.es *.google.com *.redsys.es *.talentclue.com *.cloudflare.com *.zendesk.com; font-src 'self' *.typekit.net *.dynamicyield.com *.googleapis.com *.freshlycosmetics.com oct8necdneu.azureedge.net *.global-e.com *.checkout.com *.hotjar.com *.cloudfront.net *.googleusercontent.com *.redsys.es *.gstatic.com *.zopim.com data:; frame-src 'self' *.klarna.com *.oct8ne.com globale-prod.s3-eu-west-1.amazonaws.com *.global-e.com *.redintelligence.net *.bglobale.com  *.zenaps.com freshly.botslovers.com.co freshly.botslovers.com *.trustpilot.com *.freshlycosmetics.com *.trustpilot.com aax-eu.amazon-adsystem.com calendly.com www.eventbrite.es *.hotjar.com *.aplazame.com *.adyen.com *.cookiebot.com mc.yandex.ru tr.snapchat.com *.nosto.com *.youtube.com *.google.es *.google.com api.prestashop.com instawidget.net *.criteo.com *.criteo.net lightwidget.com *.zendesk.com *.facebook.com *.weforest.org *.upviral.com *.typeform.com *.redsys.es *.checkout.com  www.ivoox.com *.tiktok.com; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://seriesmy.com/ https://connect.facebook.net; 1
default-src 'self' *.juicyscore.ai *.juicyscore.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.twitter.com https://t.co *.linkedin.oribi.io *.linkedin.com static.ads-twitter.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google-analytics.com 1
frame-ancestors 'self' https://*.ignitionapp.com https://ignitionapp.com 1
frame-ancestors 'self' *.facebook.com *.heartmath.org *.na3.netsuite.com *.pardot.com 1
default-src 'self'; frame-src 'self' data: https: lpcdn.lpsnmedia.net; img-src 'self' data: https: *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: googletagmanager.com google-analytics.com pi.pardot.com; style-src 'self' 'unsafe-inline' http: https: use.fontawesome.com; font-src 'self' data: http: https: use.typekit.net; connect-src 'self' data: http: https: google-analytics.com analytics.google.com googletagmanager.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://unpkg.com https://www.gstatic.com *.googleapis.com *.cloudflare.com https://cdn-eu.dynamicyield.com https://maxcdn.bootstrapcdn.com *.dynamicyield.com; font-src 'self' *.gstatic.com data: https://cdn-eu.dynamicyield.com  *.dynamicyield.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com https://app.proto.cx https://www.googletagmanager.com https://unpkg.com https://ecobank-prod.custhelp.com https://az416426.vo.msecnd.net https://googleads.g.doubleclick.net https://static.site24x7rum.com *.google.com *.googletagmanager.com *.google-analytics.com *.google.ru https://static.hotjar.com https://script.hotjar.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://az416426.vo.msecnd.net *.googleapis.com *.googleadservices.com *.gstatic.com *.cloudflare.com http://*.matchingnotes.com http://matchingnotes.com *.facebook.net *.twitter.com http://st-eu.dynamicyield.com/st http://cdn-eu.dynamicyield.com http://async-px-eu.dynamicyield.com http://r.rrzb.ru http://p.2ad.wtf/ad/base.js *.dynamicyield.com; connect-src 'self' https://fonts.gstatic.com https://secure.ecobank.com/ContentHandler.ashx https://api.proto.cx *.visualstudio.com https://www.googletagmanager.com https://insights.hotjar.com *.google-analytics.com *.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com http://async-px-eu.dynamicyield.com https://adm.dynamicyield.eu http://st-eu.dynamicyield.com *.dynamicyield.com *.analytics.google.com; img-src 'self' *.cdninstagram.com *.fbcdn.net *.tile.osm.org *.gstatic.com *.googleapis.com *.google.ie *.google.com *.google.ru *.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com *.facebook.com *.twitter.com *.openstreetmap.org data: http://d.2ad.wtf/p.gif http://dmg.digitaltarget.ru  *.dynamicyield.com *.google.de; frame-src 'self' data: https://simple-website-rv2.eu-de.mybluemix.net/ https://app.proto.cx/ https://rafikiv5.eu-gb.mybluemix.net/ https://rafikiv2.eu-gb.mybluemix.net/ https://ice.ecobank.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.executiveinterviews.com/ https://ecobank-prod.custhelp.com https://vars.hotjar.com https://youtu.be/ *.google.com *.youtube.com *.facebook.com *.twitter.com; 1
frame-ancestors 'self' https://a.cms.omniupdate.com; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob:; 1
style-src 'unsafe-inline' default-src 'self' assets.wohnservice-wien.at *.gstatic.com cdnjs.cloudflare.com piwik.wohnservice-wien.at *.ytimg.com *.googlevideo.com *.youtube-nocookie.com *.googleapis.com *.wien.gv.at *.google.com hcaptcha.com *.hcaptcha.com 1
frame-ancestors 'self' http://webvisor.com https://webvisor.com; report-uri https://sentry.playcaliber.com/api/6/security/?sentry_key=1a22b33b57244af7b36bd36b87a501a1 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gethired.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com https://s.gethired.com https://www.googletagmanager.com https://*.acsbapp.com https://acsbapp.com https://unpkg.com https://momentjs.com https://www.google-analytics.com https://polyfill.io https://gitcdn.github.io https://*.googleapis.com https://s3.amazonaws.com https://cdn.jsdelivr.net https://apply.indeed.com https://www.googleadservices.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.opentok.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://*.axdapi.com https://*.google-analytics.com https://*.opendns.com https://www.dropbox.com https://*.pendo.io https://optanon.blob.core.windows.net https://click.appcast.io https://*.checkr.com https://cdn.hleb.prd.hlprd.com https://*.s3.indeed.com 1
default-src 'self' *.youtube.com *.mapy.cz; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: *.ytimg.com *.bzcompany.cz webarchiv.cz toplist.cz; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.bzcompany.cz cdn.jsdelivr.net *.googleapis.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.jsdelivr.net; connect-src 'self' *.google-analytics.com *.doubleclick.net; frame-src 'self' *.genial.ly *.mapy.cz *.youtube.com 1
font-src https://fonts.gstatic.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnaservices.com *.klarnacdn.net *.klarna.com *.addsauce.com *.fontawesome.com *.bootstrapcdn.com 'self' *.funky-buddha.com *.cloudflare.com *.cloudfront.net 'unsafe-inline' data: *.simpler.so *.socital.com *.google.com *.bestprice.gr *.pstatic.gr *.adman.gr *.glami.gr *.contactpigeon.com https://fonts.googleapis.com/ fonts.googleapis.com skroutza.skroutz.gr data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com *.vivapayments.com *.funky-buddha.com www.facebook.com *.simpler.so *.socital.com *.google.com *.bestprice.gr *.pstatic.gr *.adman.gr *.glami.gr skroutza.skroutz.gr *.modirum.com *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com www.google.com *.doubleclick.net *.facebook.com *.klarna.com *.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com *.socital.com *.funky-buddha.com *.cookiebot.com *.contactpigeon.com *.skroutz.gr *.tiktok.com *.hotjar.com go.linkwi.se *.criteo.com *.simpler.so *.bestprice.gr *.pstatic.gr greca.adman.gr http://trustmark.gr https://trustmark.gr *.glami.gr https://widget-v4.boxnow.gr/ skroutza.skroutz.gr https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.plenigo.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.addsauce.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.designer-images.net 'self' *.clarity.ms *.socital.com *.funky-buddha.com 'unsafe-inline' data: *.cdninstagram.com *.snapppt.com www.google.gr *.cookiebot.com *.google-analytics.com *.contactpigeon.com *.skroutz.gr http://trustmark.gr https://trustmark.gr *.tiktok.com *.adnxs.com *.criteo.com *.e-satisfaction.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.glami.gr *.visualwebsiteoptimizer.com app.vwo.com wingify-assets.s3.amazonaws.com chart.googleapis.com glamipixel.com fonts.googleapis.com skroutza.skroutz.gr blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.playground.klarnaservices.com *.klarnacdn.net *.klarnaservices.com *.klarna.com *.funky-buddha.com *.addsauce.com *.vivapayments.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.avada.io *.stat-track.com polyfill.io *.moosend.com 'self' data: 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.googleadservices.com *.google.gr *.contactpigeon.com *.skroutz.gr *.adman.gr *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.tiktok.com https://snapppt.com *.snapppt.com *.hotjar.com skroutza.skroutz.gr *.socital.com go.linkwi.se *.criteo.net *.criteo.com *.googleoptimize.com *.simpler.so *.clarity.ms *.bestprice.gr *.pstatic.gr *.glami.gr *.eyefitu.com https://eyefituwebsdk.blob.core.windows.net https://talkingbird-c3041-default-rtdb.europe-west1.firebasedatabase.app/ *.visualwebsiteoptimizer.com app.vwo.com glamipixel.com cdn.simpler.so button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so sdk.local.simpler.so button.local.simpler.so https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.klarna.com *.addsauce.com *.findbar.io *.fontawesome.com https://fonts.googleapis.com/ *.moosend.com *.bootstrapcdn.com 'self' 'unsafe-inline' https://*.contactpigeon.com/ *.socital.com *.funky-buddha.com *.cloudfront.net *.google.com *.contactpigeon.com/ *.myfonts.net *.cloudfront.com *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.simpler.so *.bestprice.gr *.pstatic.gr greca.adman.gr *.glami.gr *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com skroutza.skroutz.gr https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.funky-buddha.com *.findbar.io blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.playground.klarnaservices.com *.playground.klarnaevt.com *.klarnaservices.com *.addsauce.com *.klarnacdn.net *.klarna.com *.klarnaevt.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com *.clarity.ms 'self' wss: 'unsafe-inline' wss: *.funky-buddha.com *.sentry.io snapppt.com maps.googleapis.com *.doubleclick.net *.cookiebot.com *.contactpigeon.com *.e-satisfaction.com *.tiktok.com *.socital.com *.hotjar.com *.googlesyndication.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.glami.gr wss://*.europe-west1.firebasedatabase.app/ https://www.googleapis.com/identitytoolkit/v3/ https://securetoken.googleapis.com/v1/ *.hotjar.io *.eyefitu.com *.visualwebsiteoptimizer.com app.vwo.com *.criteo.net *.criteo.com fonts.googleapis.com skroutza.skroutz.gr https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.rs https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.rs https://tags.tiqcdn.com https://www.dm.rs; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.rs https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.rs https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.rs https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.rs https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.rs https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.rs https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.rs https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.rs https://signin.dm.rs; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self' https://www.google.com https://use.typekit.net; script-src 'self' https://rc.leyaeducacao.com:*/  www.google-analytics.com eu.cookie-script.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; style-src https: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' 1
default-src 'none'; frame-src 'self' *.qualtrics.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.akamaihd.net https://www.googletagmanager.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; img-src 'self' https://images.ctfassets.net https://*.siteintercept.qualtrics.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://*.akamaihd.net https://images.ctfassets.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://goldmansachs.my.sentry.io wss://www.gs.de; manifest-src 'self'; worker-src 'self'; report-uri /api/8/security/?sentry_key=45bef1e79c1e4d69b1a6531a757d0a7a; frame-ancestors https://www.flatex.de https://www.flatex.at 1
default-src 'none'; child-src https://cryptpad.fr; worker-src 'self'; media-src blob:; style-src 'unsafe-inline' 'self' https://cryptpad.fr; script-src 'self' resource: https://cryptpad.fr; connect-src 'self' https://cryptpad.fr blob: wss://api.cryptpad.fr https://files.cryptpad.fr https://accounts.cryptpad.fr https://sandbox.cryptpad.info https://api.cryptpad.fr; font-src 'self' data: https://cryptpad.fr; img-src 'self' data: blob: https://cryptpad.fr; frame-src 'self' https://sandbox.cryptpad.info blob:; frame-ancestors 'self' https: vector: 1
frame-ancestors 'self' https://sport.genybet.fr 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' testsunnybrook.sw.ca sunnybrook.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' testsunnybrook.sw.ca sunnybrook.ca https://tpc.googlesyndication.com https://snap.licdn.com storify.com api.mapbox.com api.mazemap.com sunnybrook.us11.list-manage.com www.surveymonkey.com www.youtube.com www.youtube-nocookie.com static.formstack.com sunnybrook.formstack.com syndication.twitter.com platform.twitter.com twitter.com twimg.com jquery.com jsdelivr.net sunnybrook.talcura.com luminohealth.sunlife.ca services.sunlife.com disqus.com sunnybrookhsc.disqus.com c.disquscdn.com mailchimp.com instagram.com z.moatads.com pinterest.com pinterest.ca ct.pinterest.com e.acuityplatform.com acuityplatform.com origin.acuityplatform.com bat.bing.com connect.facebook.net facebook.net www.facebook.com facebook.com in.hotjar vc.hotjar.com hotjar.io script.hotjar.com static.hotjar.com s.pinimg.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; img-src 'self' 'unsafe-inline' ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com  https://*.googleusercontent.com * blob: data: ; frame-src sunnybrook.ca https://tpc.googlesyndication.com player.vimeo.com platform.cogstate.com https://mcgj92xx1d65v2zq191tdlpdmry4.pub.sfmc-content.com https://maps.google.ca https://sts.sunnybrook.ca https://cdn.embedly.com https://outlook.live.com https://indd.adobe.com sunnybrook.talcura.com sunnybrook.formstack.com syndication.twitter.com https://*.doubleclick.net use.mazemap.com www.facebook.com platform.twitter.com w.soundcloud.com www.yumpu.com static.formstack.com www.youtube.com www.youtube-nocookie.com bid.g.doubleclick.net ct.pinterest.com https://*.google.com mailto: ; connect-src 'self' https://px.ads.linkedin.com https://services.sunlife.com https://bat.bing.com vc.hotjar.io in.hotjar.com ct.pinterest.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://www.facebook.com data: blob:; font-src 'self' static.formstack.com fontawesome.com use.fontawesome.com https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' use.fontawesome.com www.gstatic.com api.mapbox.com api.mazemap.com static.formstack.com cloud.typography.com https://www.google.com https://fonts.googleapis.com; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; frame-ancestors 'self' https://sts.sunnybrook.ca https://outlook.live.com ; object-src 'none'; form-action 'self' platform.cogstate.com sunnybrook.formstack.com web.na.bambora.com https://cl.s4.exct.net https://www.facebook.com donate.sunnybrook.ca pailnetwork.sunnybrook.ca; 1
upgrade-insecure-requests; form-action https: 1
default-src 'self' https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; script-src 'self' https://maps.googleapis.com https://www.gstatic.com https://code.jquery.com/ui/1.10.4/jquery-ui.min.js 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' https://www.google.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' 'unsafe-inline' data: *.openair.com *.openair1.com https://bat.bing.com; script-src 'self' 'unsafe-inline' *.openair.com consent.truste.com consent.trustarc.com ssl.google-analytics.com bat.bing.com; script-src-elem 'self' 'unsafe-inline' *.openair.com consent.truste.com consent.trustarc.com ssl.google-analytics.com bat.bing.com; img-src 'self' *.openair.com *.trustarc.com ssl.google-analytics.com https://bat.bing.com https://netsuite.d1.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net; frame-src 'self' *.youtube.com *.youtu.be *.trustarc.com https://netsuiteinc.demdex.net; frame-ancestors 'none'; connect-src 'self' https://dpm.demdex.net 1
default-src 'none'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://cloudflareinsights.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://cse.google.com/ https://www.google.com/ https://public.tableau.com/ https://app.powerbi.com/; img-src 'self' www.googletagmanager.com data: https:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://svc.webspellchecker.net https://cse.google.com https://www.google.com https://partner.googleadservices.com https://cse.google.com/cse_v2 https://encrypted-tbn3.gstatic.com https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://public.tableau.com 'sha256-gLM+/iy76IVVh/xWPWzT5mxf6rGJOqbj2keBnRJeAK4='; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://fonts.googleapis.com https://www.google.com/ fonts.googleapis.com https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://skybrary.aero/report-uri/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'      *.sub2tech.com       *.googleoptimize.com       googleoptimize.com       *.fanplayr.com       *.cloudfront.net        *.tealiumiq.com         *.consentric.io       *.facebook.net        *.bing.com       *.google-analytics.com        sc-static.net       paperplaneslive.com       *.usabilla.com       klick2contact.com        *.reciteme.com       *.visualwebsiteoptimizer.com         *.googletagmanager.com       *.googleapis.com       *.syndication.twimg.com       *.google.com       *.gstatic.com       *.twitter.com       *.tiqcdn.com       *.pcapredict.com       *.jsdelivr.net       *.consentric.io       *.postcodeanywhere.co.uk       *.cloudflare.com       sc-static.net        *.ex.co       *.imrworldwide.com       *.googleadservices.com       *.doubleclick.net       *.tdbtrk.com       *.eckoh.uk       *.truste.com       *.trustarc.com       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com       *.klick2contact.com                  *.clarity.ms      js.adsrvr.org ;              style-src 'self' 'unsafe-inline'         klick2contact.com       *.cloudfront.net       *.googleoptimize.com       googleoptimize.com       *.reciteme.com       *.consentric.io       *.eckoh.uk       *.bing.com       *.sub2tech.com       *.cloudflare.com       *.bootstrapcdn.com       *.googleapis.com       *.twitter.com       klick2contact.com       *.google.com       *.truste.com       *.trustarc.com       *.postcodeanywhere.co.uk       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com        *.fanplayr.com       *.googletagmanager.com ;            font-src 'self'            *.cloudfront.net       *.reciteme.com       *.bootstrapcdn.com       *.googleoptimize.com       googleoptimize.com       *.google.com       *.bing.com       *.gstatic.com       klick2contact.com       *.sub2tech.com       *.cloudflare.com       *.googleapis.com       *.twitter.com       *.truste.com        *.trustarc.com       *.zpbt.uk       *.instagram.com       *.ttwstatic.com       *.tiktok.com        *.fanplayr.com       *.googletagmanager.com ;           object-src 'none' 1
frame-ancestors 'self' *.e-stave.com *.sportna-loterija.si; 1
default-src https: 'self' 'unsafe-inline'; img-src 'self'; child-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://tpc.googlesyndication.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.line-scdn.net https://code.jquery.com https://telegram.org https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://use.fontawesome.com https://ajax.googleapis.com https://www.google-analytics.com https://d.line-scdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.pagespeed-mod.com; style-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com; connect-src 'self' https://www.google.com/pagead/ https://analytics.google.com https://adservice.google.com https://buyplus1.com.tw https://api.line.me https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; frame-src 'self' https://tpc.googlesyndication.com https://www.google.com https://*.youtube.com https://youtube.com https://oauth.telegram.org https://social-plugins.line.me https://www.facebook.com; frame-ancestors 'self'; form-action 'self' https://www.facebook.com.tw/tr https://*.pchomepay.com.tw https://*.7-11.com.tw http://*.hilife.com.tw https://*.presco.com.tw https://*.map.com.tw https://*.hilife.com.tw https://*.ecpay.com.tw; img-src 'self' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://googleads.g.doubleclick.net https://www.facebook.com https://platform-lookaside.fbsbx.com https://chart.googleapis.com https://buybuy66.com https://buyplus1.com.tw https://*.telesco.pe https://*.telegram-cdn.org https://profile.line-scdn.net https://t.me https://ssl.google-analytics.com https://ecfme.famiport.com.tw *.fbcdn.net data:; 1
frame-ancestors 'self' http://www.1001giochi.it 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; connect-src 'self' ws: wss: http: https: data: 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.se https://www.myheritage.se  'nonce-0225df0774d6aa2e9d5b76f35560fb96' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.se;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' data: wss://*.afpmodelo.net https://recuperaclaveweb2.afpmodelo.net https://afpmodelo.qservus.com https://cdn-qservus.redcalidad.com https://*.table.core.windows.net https://api-kong.afpmodelo.net https://api-kong-preprod.afpmodelo.net https://*.algolia.net https://*.algolianet.com https://api.qrserver.com https://block.opendns.com https://www.youtube.com https://*.afpmodelo.net https://*.afpmodelo.cl https://*.afpmodelosp.cl https://antonia-soe-prd.12c9aw96iaxs.us-south.codeengine.appdomain.cloud https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.blob.core.windows.net https://recaptcha.net https://*.google.com https://www.google.cl https://*.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://netdna.bootstrapcdn.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://api.ipify.org https://assets.calendly.com https://calendly.com https://*.ytimg.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://unpkg.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com; frame-src 'self' https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://cdn.cloudflare.com; img-src 'self' data: https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com; font-src 'self' https://fonts.gstatic.com https://unpkg.com; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoraliar.com doctoraliaone-ar2-candidate.azurewebsites.net 1
script-src 'strict-dynamic' 'nonce-0e69a88a-65a4-43e2-aff5-87710d651198';object-src 'none';base-uri 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' http://www.isladejuegos.com 1
frame-ancestors 'self' http://www.juegosjuegos.ws 1
frame-ancestors 'self' http://www.spelo.se 1
default-src 'self'; script-src 'self' https://boomla.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com 'unsafe-inline' 'unsafe-eval' cloud.typography.com  movementassets-all-web-ue1.s3.us-east-1.amazonaws.com cdn.jsdelivr.net cdnjs.cloudflare.com corp.servicemacusa.com *.hotjar.io *.hotjar.com *.fullstory.com *.googletagmanager.com *.google-analytics.com maxcdn.bootstrapcdn.com js.monitor.azure.com corp.servicemacusa.com *.tableau.com mbshighway.com *.mbshighway.com; frame-src 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com e.issuu.com; connect-src 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com emccd4des6.execute-api.us-east-1.amazonaws.com *.litix.io corp.servicemacusa.com *.googleapis.com *.hotjar.io *.google-analytics.com etovv1cqc0.execute-api.us-east-1.amazonaws.com *.litix.io  wss://ws.hotjar.com *.fullstory.com; img-src 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com 'unsafe-inline' 'unsafe-eval' cloud.typography.com  movementassets-all-web-ue1.s3.us-east-1.amazonaws.com cdn.jsdelivr.net cdnjs.cloudflare.com corp.servicemacusa.com *.hotjar.io *.hotjar.com *.fullstory.com *.googletagmanager.com *.google-analytics.com maxcdn.bootstrapcdn.com js.monitor.azure.com corp.servicemacusa.com *.tableau.com mbshighway.com *.mbshighway.com mmlead.imgix.net assets.imgix.net mvmtweb.imgix.net placehold.co corp.servicemacusa-dev.com; style-src-elem 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com 'unsafe-inline' 'unsafe-eval' cloud.typography.com  movementassets-all-web-ue1.s3.us-east-1.amazonaws.com cdn.jsdelivr.net cdnjs.cloudflare.com corp.servicemacusa.com *.hotjar.io *.hotjar.com *.fullstory.com *.googletagmanager.com *.google-analytics.com maxcdn.bootstrapcdn.com js.monitor.azure.com corp.servicemacusa.com *.tableau.com mbshighway.com *.mbshighway.com; object-src 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com sitemaps.org www.w3.org; script-src-elem 'self' data: blob: filesystem: mediastream: *.googleapis.com *.gstatic.com *.google.com *.wistia.com *.wistia.net *.mmlead.com cf.mmlead.com movement.com *.movement.com *.youtube.com *.facebook.com *.facebook.net *.twitter *.pinterest.com *.linkedin.com 'unsafe-inline' 'unsafe-eval' cloud.typography.com  movementassets-all-web-ue1.s3.us-east-1.amazonaws.com cdn.jsdelivr.net cdnjs.cloudflare.com corp.servicemacusa.com *.hotjar.io *.hotjar.com *.fullstory.com *.googletagmanager.com *.google-analytics.com maxcdn.bootstrapcdn.com js.monitor.azure.com corp.servicemacusa.com *.tableau.com mbshighway.com *.mbshighway.com; form-action 'self' emccd4des6.execute-api.us-east-1.amazonaws.com *.litix.io corp.servicemacusa.com *.googleapis.com *.hotjar.io; frame-ancestors 'self' data: blob: filesystem: mediastream: https://*.movement.com https://movement.com;report-uri /api/cspreport 1
img-src 'self' *.trade.tt  data: https://account.trade.tt https://ttw-assets.trade.tt/; style-src 'self' blob: 'unsafe-inline' *.trade.tt https://account.trade.tt https://ttw-assets.trade.tt/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trade.tt https://account.trade.tt https://ttw-assets.trade.tt/; 1
frame-src 'self' www.google.com 1
default-src 'self' 'unsafe-inline' blod: data: * 1
frame-ancestors 'self' *.allovoisins.com 1
default-src * ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://admin.sparkflow.net https://js-cdn.dynatrace.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.mouseflow.com https://n2.mouseflow.com https://ajax.googleapis.com https://connect.facebook.net https://seal.verisign.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com; img-src 'self' https://app.optimizely.com https://cdn.optimizely.com https://www.google-analytics.com https://www.facebook.com https://seal.websecurity.norton.com https://esus-pplelectric.onelink-translations.com https://es.pplelectric.com https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://googletagmanager.com https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com https://www.gstatic.com; font-src 'self' data: fonts.gstatic.com https://www.gstatic.com/charts/; frame-src https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com 'self' https://www.google.com/recaptcha/ https://admin.sparkflow.net https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://player.vimeo.com https://secure2.paymentus.com https://ipn2.paymentus.com; child-src 'self' https://*.google.com https://google.com https://connect.facebook.net https://www.facebook.com https://player.vimeo.com https://secure2.paymentus.com https://ipn2.paymentus.com;frame-ancestors 'self' *.optimizely.com optimizely.com; connect-src *; 1
script-src 'self' https://beacon.errorception.com https://www.google-analytics.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'none'; object-src 'none'; media-src 'none'; connect-src 'self' 1
frame-ancestors https://*.gupshup.io/ https://*.superlemon.xyz 1
default-src 'self' data: *.agc.gov.sg https://*.agc.gov.sg *.cwp.sg https://*.cwp.sg https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ *.wogaa.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg https://*.dcube.cloud https://assets.adobedtm.com/ www.google-analytics.com www.google.com www.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com *.wogaa.sg https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg https://assets.dcube.cloud/fonts/ fonts.googleapis.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.wogaa.sg; font-src 'self' data: *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg fonts.gstatic.com https://assets.dcube.cloud/fonts/ *.onemap.sg *.onemap.gov.sg maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com; img-src 'self' blob: data: *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ *.demdex.net www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com *.cwp-stg.sg https://*.cwp-stg.sg *.onemap.sg *.onemap.gov.sg; form-action 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg; frame-src 'self' *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg https://player.vimeo.com *.demdex.net *.onemap.sg *.onemap.gov.sg assets.adobedtm.com forms.cwp.agc.gov.sg www.google.com www.gstatic.com platform.twitter.com; child-src 'self'; connect-src 'self' 'unsafe-inline' *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg stats.g.doubleclick.net www.google-analytics.com https://*.dcube.cloud https://dpm.demdex.net/ *.demdex.net wogadobeanalytics.sc.omtrdc.net *.wogaa.sg; object-src 'self' *.cwp.sg https://*.cwp.sg *.agc.gov.sg https://*.agc.gov.sg; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.nhsapp.service.nhs.uk https://*.accurx.com/ https://browser.sentry-cdn.com data: ; child-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ajax.aspnetcdn.com; font-src 'self' 'unsafe-inline' https://ajax.aspnetcdn.com/ajax/ https://fonts.gstatic.com https://assets.nhs.uk data:; img-src 'self' https://www.gstatic.com/images/ https://browser-update.org data:; connect-src 'self' https://*.accurx.com/ https://api.rudderlabs.com https://accurx-dataplane.rudderstack.com https://app.getsentry.com https://sentry.io https://o198389.ingest.sentry.io wss://bs-local.com:*; worker-src 'self'; form-action 'self'; frame-src 'self'; frame-ancestors 'self'; block-all-mixed-content; 1
default-src 'self' https://horizon-api.www.coggles.com; child-src 'self' https://ct.pinterest.com/ https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.coggles.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com  https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.liveperson.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com ; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.coggles.com https://m.coggles.com https://checkout.coggles.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://analytics.tiktok.com/ https://s.pinimg.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://o4506422536372224.ingest.sentry.io/api/4506428872196096/security/?sentry_key=308daa47a48d441fcb78764ef62cc17d 1
default-src 'none'; frame-src www.youtube.com *.youtube-nocookie.com *.ordbogen.com https://sso.emu.dk/ https://atlas.uni-login.dk/ https://broker.unilogin.dk/; script-src 'self' analytics.grammatip.com connect.facebook.net ajax.googleapis.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' analytics.grammatip.com *.ordbogen.com; img-src 'self' analytics.grammatip.com www.facebook.com data: https:; font-src 'self'; style-src 'self' 'unsafe-inline'; media-src 'self' *.ordbogen.com *.cloudfront.net; 1
default-src 'self' www.lotterien.at; script-src 'self' *.lotterien.at https://*.usercentrics.eu 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.usercentrics.eu https://*.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://*.facebook.com https://sp.tinymce.com/ *.lotterien.at; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; style-src-elem 'self' 'unsafe-inline' hello.myfonts.net https://*.googleapis.com 'report-sample'; font-src 'self' www.lotterien.at https://fonts.gstatic.com; script-src-elem 'self' *.lotterien.at https://www.googletagmanager.com https://www.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.adform.net https://*.usercentrics.eu 'unsafe-inline' 'report-sample'; worker-src 'self' *.lotterien.at https://*.usercentrics.eu 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' www.lotterien.at *.lotterien.at *.friendlycaptcha.eu https://*.usercentrics.eu https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com; report-uri https://www.lotterien.at/@http-reporting?csp=report&requestTime=1705975832342947 1
default-src 'self'; img-src 'self' data: * public.surveyplanet.com *.cloudinary.com; script-src 'self' 'unsafe-inline' public.surveyplanet.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' public.surveyplanet.com fonts.googleapis.com; font-src 'self' public.surveyplanet.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.surveyplanet.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.doubleclick.net; child-src 'self' *.surveyplanet.com *.spstage.us; manifest-src public.surveyplanet.com; object-src 'none'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.addtoany.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com *.google.com *.gstatic.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com www.googletagmanager.com ads.undertone.com *.hotjar.com *.googleadservices.com *.cloudflare.com cdn.jsdelivr.net; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net www.googletagmanager.com www.google.com i.ytimg.com ads.undertone.com evt.undertone.com *.hotjar.com *.gstatic.com *.thevoterguide.org *.googleapis.com; frame-src 'self' *.vote411.org *.rockthevote.com *.addtoany.com insight.adsrvr.org *.google.com lwv.thevoterguide.org match.adsrvr.org www.facebook.com *.hotjar.com *.youtube.com *.youtu.be *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com *.smsinfo.io; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.hotjar.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net performance.typekit.net www.google.com www.facebook.com *.hotjar.com *.hotjar.io *.googleapis.com *.thevoterguide.org *.hotjar.com wss://ws6.hotjar.com wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
report-uri ; base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.gammvert.fr https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.gammvert.fr https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self' false http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io https://ct.pinterest.com 'self' https://assets.gammvert.fr https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'self' false 'sha256-95YNLBdiXQXHrZh4iBmTYXOCVVOTzUH4px9jkb7JcEg='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1
script-src 'self' https://gamespress.com gamespress.matomo.cloud www.google.com www.gstatic.com connect.facebook.net code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com fonts.ncwest.ncsoft.com; 1
default-src 'self' http://seal.globalsign.com https://checkout.razorpay.com https://api.razorpay.com https://lumberjack.razorpay.com https://www.google.com https://www.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.globalsign.com https://ssif1.globalsign.com https://js.cit.api.here.com https://code.jquery.com http://here.com http://1.base.maps.cit.api.here.com https://maps.google.com https://maps.googleapis.com  https://checkout.razorpay.com https://api.razorpay.com https://lumberjack.razorpay.com https://www.google.com/recaptcha/api.js  https://www.gstatic.com ; style-src 'self' https://checkout.razorpay.com https://api.razorpay.com https://lumberjack.razorpay.com 'unsafe-inline'; frame-src 'self' https://api.razorpay.com https://www.google.com; script-src-elem 'self' https://checkout.razorpay.com https://api.razorpay.com https://lumberjack.razorpay.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'unsafe-inline' ; img-src blob: 'self' https://www.karnatakaone.gov.in https://seal.globalsign.com https://ssif1.globalsign.com https://js.cit.api.here.com https://code.jquery.com http://here.com http://1.base.maps.cit.api.here.com http://2.base.maps.cit.api.here.com http://3.base.maps.cit.api.here.com http://4.base.maps.cit.api.here.com  https://checkout.razorpay.com https://api.razorpay.com https://lumberjack.razorpay.com; object-src 'none'  1
frame-ancestors 'self' *.kinobox.cz 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.steamchina.eccdnx.com/ https://store.steamchina.eccdnx.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steamchina.com https://store.steamchina.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://my.steamchina.eccdnx.com/ https://my.steamchina.com/ https://my.steamchina.com/ wss://community.steam-api.com/websocket/ https://api.steamchina.com/ https://login.steamchina.com/ https://help.steamchina.com/ https://steam.tv/ https://shared.cdn.steamchina.eccdnx.com/ https://checkout.steamchina.com/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://my.steamchina.com/ https://login.steamchina.com/ https://help.steamchina.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mgic.com *.readynest.com *.loanofficerhub.com *.azurewebsites.net/;      img-src 'self' *.mgic.com *.readynest.com *.loanofficerhub.com data: https://img.youtube.com/ *.buzzsprout.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ *.monsido.com *.vidyard.com *.facebook.com *.google.com *.ceros.com *.linkedin.com *.twitter.com https://t.co *.altrulabs.com *.appzi.io *.azurewebsites.net https://udxsva.com https://i.ytimg.com *.sharethis.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mgic.com mgic.com *.readynest.com *.loanofficerhub.com *.marketo.com/ https://munchkin.marketo.net https://ajax.googleapis.com        https://www.youtube.com/ *.buzzsprout.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com https://static.ads-twitter.com        https://www.googleadservices.com https://www.gstatic.com/ https://connect.facebook.net *.hotjar.com *.monsido.com https://snap.licdn.com *.altrulabs.com *.facebook.com *.linkedin.com *.ceros.com        https://googleads.g.doubleclick.net https://analytics.jibecdn.com https://dp3rlkyi9q6ww.cloudfront.net *.appzi.io https://udxsva.com *.sharethis.com;      style-src 'self' 'unsafe-inline' *.mgic.com  *.readynest.com *.loanofficerhub.com *.buzzsprout.com/ https://fonts.googleapis.com *.marketo.com *.appzi.io https://cdnjs.cloudflare.com *.sharethis.com;      font-src 'self' data: *.mgic.com *.readynest.com *.loanofficerhub.com https://fonts.gstatic.com/ *.altrulabs.com *.appzi.io https://cdnjs.cloudflare.com;      media-src 'self' *.mgic.com *.readynest.com *.loanofficerhub.com https://www.youtube.com/ *.buzzsprout.com/;      frame-src 'self' *.mgic.com mgic.com *.readynest.com *.loanofficerhub.com https://www.youtube.com/ *.buzzsprout.com/ https://www.google.com/ https://player.vimeo.com *.marketo.com *.ceros.com https://bid.g.doubleclick.net *.facebook.com *.altrulabs.com *.appzi.io *.sharethis.com;      connect-src 'self' *.mgic.com *.readynest.com *.loanofficerhub.com https://www.google-analytics.com/ https://stats.g.doubleclick.net *.monsido.com *.mktoresp.com *.altrulabs.com https://c.talentplatform.us *.altrulabs.com *.appzi.io *.linkedin.oribi.io *.sharethis.com; 1
default-src 'none'; media-src 'self'; style-src 'self' 'unsafe-inline' https://*.wp.com/ https://widgets.wp.com/ https://fonts.googleapis.com/css https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/tailwindcss/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com/vue@3/dist/ https://unpkg.com/petite-vue https://cdn.jsdelivr.net/npm/d3@7/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google-analytics.com/ https://partner.googleadservices.com/ https://stats.wp.com/ https://snap.licdn.com/li.lms-analytics/ https://widgets.wp.com/ https://*.wp.com/; connect-src 'self' ws: wss: https://analytics.google.com/g/collect https://px.ads.linkedin.com/wa/ https://cdn.linkedin.oribi.io/partner/ https://*.googlesyndication.com/getconfig/sodar https://www.google-analytics.com/ https://yoast.com/feed/widget/; font-src 'self' data: https://fonts.googleapis.com/css https://fonts.gstatic.com/s/ https://*.wp.com/i/; img-src 'self' data: https://static.telesmart.co.nz/ https://static.telesmart.nz/ https://www.google.co.nz https://www.google-analytics.com/ https://www.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com/ https://pixel.wp.com https://px.ads.linkedin.com https://en.wordpress.com/ https://secure.gravatar.com/avatar/ https://ps.w.org/; frame-src 'self' blob: https://www.youtube.com/embed/ https://players.brightcove.net/ https://www.microsoft.com/en-us/videoplayer/embed/ https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.google.com https://speedtest.telesmart.co.nz https://tpc.googlesyndication.com https://www.google.com https://widgets.wp.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://www.4dpredict.org https://www.4dpredict.com https://www.4dresult.me; 1
default-src rootnet.nl *.rootnet.nl myrootnet.nl *.myrootnet.nl; img-src * data:; style-src 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'none'; frame-src data:; script-src 'self'; object-src 'none'; base-uri 'self'; 1
frame-ancestors https://*.darkorbit.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://www.minijuegos.com/ https://kizi.com/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ https://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.oyunskor.com/ https://www.spielkarussell.de/ http://www.oyunkolu.com/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://www.spacemmorpg.com/ https://*.y8.com; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; connect-src *.visualwebsiteoptimizer.com app.vwo.com *.guildmortgage.com *.google-analytics.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.google.com  *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.guildmortgage.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com *.guildmortgage.com *.google-analytics.com *.googletagmanager.com *.google.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.guildmortgage.com *.google-analytics.com *.googletagmanager.com *.google.com www.gstatic.com *.doubleclick.net *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com; img-src 'self' data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.guildmortgage.com *.google-analytics.com *.google.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; worker-src 'self' blob: *.guildmortgage.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.guildmortgage.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.youtube.com *.yoast.com *.vimeo.com; 1
default-src * 'unsafe-inline' 'unsafe-eval';  script-src * 'unsafe-inline' 'unsafe-eval';  worker-src *; connect-src * 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src *;  style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://*.schoolcounselor.org https://*.azurewebsites.net; 1
default-src https: http: ws: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://comments.newpipe.net; object-src 'none'; img-src 'self' https://f-droid.org; block-all-mixed-content; style-src 'self' https://comments.newpipe.net 'unsafe-inline'; frame-src 'self' https://media.assassinate-you.net 1
connect-src 'self' www.google.com o2.mouseflow.com cdn.mouseflow.com translate.googleapis.com stats.g.doubleclick.net aggregator.service.usercentrics.eu api.usercentrics.eu code.jquery.com graphql.usercentrics.eu www.google-analytics.com dr6u1nbiy16vs.cloudfront.net dsev9ziwjq6qk.cloudfront.net www.facebook.com maps.googleapis.com consent-api.service.consent.usercentrics.eu region1.google-analytics.com region1.analytics.google.com measurement-api.criteo.com pagead2.googlesyndication.com; form-action www.paypal.com www.sportokay.com 'self' www.facebook.com; img-src 'report-sample' ads.yahoo.com c.bing.com criteo-partners.tremorhub.com criteo-sync.teads.tv csm.fr.eu.criteo.net gum.criteo.com oyotii.sportokay.com sync-criteo.ads.yieldmo.com sync.outbrain.com ups.analytics.yahoo.com www.google-analytics.com www.google.at www.google.be www.google.bg www.google.ch www.google.co.jp www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.ie www.google.is www.google.it www.google.lu www.google.lv www.google.nl www.google.pl www.google.pt www.google.si www.google.sk www.google.sm www.gstatic.com www.google.ad www.google.ae www.google.al www.google.az www.google.ba www.google.bs www.google.ca www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.za www.google.co.zw www.google.com.af www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.ec www.google.com.et www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.dz www.google.ee www.google.ge www.google.hu www.google.je www.google.kz www.google.li www.google.lt www.google.md www.google.me www.google.mk www.google.no www.google.ro www.google.rs www.google.ru www.google.se app.usercentrics.eu business.trustedshops.de translate.google.com translate.googleapis.com www.facebook.com maps.googleapis.com widget.eu.criteo.com dr6u1nbiy16vs.cloudfront.net dsev9ziwjq6qk.cloudfront.net www.google.am www.google.com.cy 'self' aax-eu.amazon-adsystem.com maps.gstatic.com www.googletagmanager.com dis.criteo.com www.google.by www.google.co.tz www.google.co.ve www.google.co.zm www.google.com.bd www.google.com.co www.google.com.do www.google.com.eg www.google.com.kh www.google.com.om www.google.com.pe www.google.com.sa www.google.com.uy www.google.com.vn www.google.hn www.google.iq www.google.mg www.google.ml www.google.mn www.google.tn cdn-news.sportokay.com cdn.honey.io d5s43c1skae1u.cloudfront.net dsev9ziwjq6qk.cloudfront.net csm.nl.eu.criteo.net i.ytimg.com ih.adscale.de pixel-sync.sitescout.com pixel.advertising.com cotads.adscale.de ad.yieldlab.net pr-bh.ybp.yahoo.com sp.analytics.yahoo.com x.bidswitch.net www.google.co.uz www.google.com.bn data: app-wallee.com https://ts-logo-hubspot.s3.eu-central-1.amazonaws.com ads.yahoo.com c.bing.com criteo-partners.tremorhub.com criteo-sync.teads.tv csm.fr.eu.criteo.net gum.criteo.com oyotii.sportokay.com sync-criteo.ads.yieldmo.com sync.outbrain.com ups.analytics.yahoo.com simage2.pubmatic.com secure.adnxs.com legal-images.trustedshops.com cm.g.doubleclick.net pixel.rubiconproject.com eb2.3lift.com rtb-csync.smartadserver.com ad.360yield.com r.casalemedia.com contextual.media.net match.sharethrough.com a.twiago.com ads.stickyadstv.com visitor.omnitagjs.com sync-t1.taboola.com exchange.mediavine.com matching.ivitrack.com s.ad.smaato.net pixel.tapad.com cw.addthis.com ad.tpmn.co.kr tg.socdm.com adgen.socdm.com cs.adingo.jp crb.kargo.com an.yandex.ru sync.ad-stir.com adx.dable.io ad.as.amanad.adtdp.com idsync.rlcdn.com d.turn.com cm.adform.net trends.revcontent.com ssp.meba.kr ib.adnxs.com partner.mediawallahscript.com cdn.stickyadstv.com us-u.openx.net cm.mgid.com i.liadm.com i6.liadm.com jadserve.postrelease.com sbm.nate.com dpm.demdex.net ad.sxp.smartclip.net img.youtube.com uct.service.usercentrics.eu e1.emxdgt.com id5-sync.com beacon.krxd.net s.thebrighttag.com widgets.trustedshops.com; object-src 'self'; script-src 'report-sample' app-wallee.com widget.eu.criteo.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com connect.facebook.net maps.googleapis.com sslwidget.criteo.com 'self' 'unsafe-inline' app.usercentrics.eu cdn.mouseflow.com googleads.g.doubleclick.net static.criteo.net widgets.trustedshops.com www.google.com www.youtube.com 'unsafe-eval' cdn.stats-collector.org translate.google.com translate.googleapis.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com www.pagespeed-mod.com *.cloudflare.com; style-src fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'self' widgets.trustedshops.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com; 1
upgrade-insecure-requests; default-src https 1
img-src https: data:; object-src 'none'; font-src https: data:; default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; base-uri 'none' 1
font-src *.sdiapi.com *.klaviyo.com fonts.gstatic.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hydroflask.com *.oxo.com cdn.kustomerapp.com *.trustarc.com *.lightboxcdn.com *.spectrumcustomizer.com data: 'self' 'unsafe-inline';form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.iterable.com *.cardinalcommerce.com *.paypal.com *.oxo.com *.brilliantcollector.com *.facebook.com 'self' 'unsafe-inline';frame-ancestors *.stripe.com stripe.com *.kmail-lists.com 'self';frame-src *.sdiapi.com *.kmail-lists.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com doubleclick.net *.doubleclick.net vice01.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com *.hydroflask.com *.brilliantcollector.com *.demdex.net *.kustomer.support *.kustomer.help *.trustarc.com *.locally.com *.facebook.com *.hotjar.com *.fbot.me addthisedge.com s7.addthis.com addthis.com disqus.com ct.pinterest.com pinterest.com insight.adsrvr.org match.adsrvr.org helenoftroy.custhelp.com s.amazon-adsystem.com ak.sail-horizon.com helenoftroy.demdex.net promotions.spredfast.com 'self' 'unsafe-inline';img-src *.klaviyo.com *.cloudfront.net match.adsrvr.org insight.adsrvr.org googleads.g.doubleclick.net  *.google.co.in  google.co.in ce.lijit.com links.services.disqus.com cdn.viglink.com analytics.google.com www.google.com *.baidu.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com mageside.com *.mageside.com *.hydroflask.com hydroflask.attn.tv *.oxo.com *.lightboxcdn.com na-stage.hele.digital *.parcellab.com *.trustarc.com cfvod.kaltura.com *.bing.com *.clarity.ms *.hele.digital via.placeholder.com *.locally.com *.spectrumcustomizer.com stospectstageglobal.blob.core.windows.net blob: cdn.kustomerapp.com *.acq.io *.yimg.com *.hotjar.com loggly.com logs-01.loggly.com referrer.disqus.com c.disquscdn.com ct.pinterest.com pinterest.com sp.analytics.yahoo.com www.googletagmanager.com *.trustarc.com *.facebook.com scontent-iad3-2.cdninstagram.com stospectprodglobal.blob.core.windows.net data: 'self' 'unsafe-inline';script-src ajax.cloudflare.com static.cloudflareinsights.com c.amazon-adsystem.com *.klaviyo.com *.yottaa.net *.yottaa.com cdn.pdst.fm www.google.com c.disquscdn.com cdn.kustomerapp.com googleads.g.doubleclick.net unpkg.com *.sdiapi.com f.vimeocdn.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com polyfill.io *.yotpo.com s7.addthis.com *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net mageside.com *.mageside.com doubleclick.net *.hydroflask.com *.oxo.com *.pcapredict.com *.lightboxcdn.com hydroflask.locally.com lightboxapi.azurewebsites.net cdn.kustomerapp.com *.fbot.me services.postcodeanywhere.co.uk *.parcellab.com *.trustarc.com cdn-assets.rapidspike.com cdnapisec.kaltura.com *.brilliantcollector.com cdn.jsdelivr.net js.stripe.com connect.facebook.net bat.bing.com *.clarity.ms *.spectrumcustomizer.com js.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com ajax.googleapis.com cdn.pushplanet.com *.cloudfront.net moatads.com z.moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com *.impactradius-event.com js.adsrvr.org insight.adsrvr.org ak.sail-horizon.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval';style-src *.typekit.net *.klaviyo.com *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com  mageside.com *.mageside.com *.oxo.com *.pcapredict.com services.postcodeanywhere.co.uk *.lightboxcdn.com *.parcellab.com disqus.com c.disquscdn.com disquscdn.com z.moatads.com moatads.com addthisedge.com v1.addthisedge.com m.addthis.com v1.addthis.com addthis.com loggly.com logs-01.loggly.com ct.pinterest.com pinterest.com s.pinimg.com pinimg.com 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.addressy.com *.klaviyo.com *.datadome.co *.yottaa.net insights.algolia.io us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm oxo.x57o.net adservice.google.com www.google.com cdn.kustomerapp.com links.services.disqus.com analytics.google.com content.hotjar.io *.sdiapi.com dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.yotpo.com ekr.zdassets.com/ *.iterable.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com gov-bam.nr-data.net bam.nr-data.net stats.g.doubleclick.net *.oxo.com helenoftroy.tt.omtrdc.net hydroflask-sandbox.api.kustomerapp.com oxo-sandbox.api.kustomerapp.com hydroflask.api.kustomerapp.com oxo.api.kustomerapp.com services.postcodeanywhere.co.uk *.parcellab.com *.rapidspike.com *.brilliantcollector.com cloud.vimeo.com vimeo.com *.clarity.ms bat.bing.com *.kaltura.com *.spectrumcustomizer.com *.acq.io ssl.geoplugin.net *.yimg.com *.hotjar.com vc.hotjar.io *.pndsn.com m.addthis.com ct.pinterest.com pinterest.com ak.sail-horizon.com www.facebook.com public.fbot.me api.sail-personalize.com wss://*.hotjar.com *.google-analytics.com 'self' 'unsafe-inline';child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline';default-src *.oxo.com *.hydroflask.com facebook.com disqus.com hot.disqus.com hydroflask.disqus.com oxo.disqus.com stage-hydroflask.disqus.com stage-oxo.disqus.com preprod-hydroflask.disqus.com preprod-oxo.disqus.com prod-hydroflask.disqus.com prod-oxo.disqus.com c.disquscdn.com disquscdn.com 'self' 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests;media-src *.akamaized.net *.kaltura.com cfvod.kaltura.com *.adobe.com *.oxo.com *.vimeocdn.com player.vimeo.com vod-progressive.akamaized.net blob: data: cdnapisec.kaltura.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' kumu.io embed.kumu.io 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' base-uri multimaxstore.com www.multimaxstore.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.rs *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com/recaptcha/ maps.googleapis.com *.facebook.com *.facebook.net licensebuttons.net *.doubleclick.net *.youtube.com cdn.maksnet.tv *.adobe.com licensebuttons.net *.rnids.rs xn--d1aholi.xn--90a3ac forms.office.com *.tipometar.org *.googletagmanager.com *.jsdelivr.net *.chimpstatic.com chimpstatic.com static.addtoany.com *.doubleclick.net; report-uri /report-csp-violation 1
base-uri 'self';default-src 'none';prefetch-src 'self';connect-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com  ;frame-src 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com;img-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com  data:;font-src 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com ;script-src 'self' 'unsafe-eval' 'nonce-Y8ZVBnGj7mk6cdB1a6E7UQ=='  https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com;script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co ;style-src-elem 'self' 'unsafe-inline' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com  data:;style-src 'self' 'unsafe-inline' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com ;media-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.mparticle.com ;frame-ancestors 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.klaviyo.com https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co ;form-action https://airup.com;manifest-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com; 1
connect-src 'self' *.delti.com *.google-analytics.com *.jquery.com *.optimizely.com *.trustedshops.com tdsrmbl.net wss://*.delti.com; default-src 'self' *.delti.com; font-src 'self' *.bootstrapcdn.com *.delti.com *.googleusercontent.com *.gstatic.com *.trustedshops.com data data:; frame-ancestors *; frame-src 'self' *.ariva-services.de *.ariva.de *.computop-paygate.com *.computop.com *.criteo.com *.delti.com *.doubleclick.net *.google.com *.lenua.de *.optimizely.com *.reifendirekt.de *.trustpilot.com *.youtube-nocookie.com *.youtube.com data skytraf.xyz; img-src 'self' *.123piecesderechange.ch *.123pneus.ch *.123pneus.fr *.123reifen.de *.alcar-wheels.com *.autobandenmarkt.be *.autobandenmarkt.nl *.autoonderdelen-direct.nl *.autopink-shop.fr *.autoscout24.de *.autoteile-meile.de *.barzgumve.com *.bing.com *.bizrate.com *.co.ee *.czesci-samochodowe-online.pl *.dackonline.se *.daekonline.dk *.dekkonline.com *.delti.com *.delticom.de *.doubleclick.net *.eiretyres.com *.elastika-online.gr *.giga-pneumatici.it *.giga-pneus.pt *.giga-reifen.de *.gommadiretto.it *.google-analytics.com *.google.at *.google.ba *.google.be *.google.bg *.google.ca *.google.ch *.google.cl *.google.co.ao *.google.co.cr *.google.co.ma *.google.co.uk *.google.com *.google.com.ar *.google.com.au *.google.com.br *.google.com.ph *.google.com.ua *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.it *.google.li *.google.lt *.google.lv *.google.me *.google.mk *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.gstatic.com *.gume-direkt.com *.gume.com.hr *.gumik.hu *.mobilemech-shop.ch *.mobilemech-shop.co.uk *.moto-pneumatici.it *.moto-tyres.co.uk *.motorradreifendirekt.de *.mytyres.co.uk *.neumaticos-online.es *.neumaticosdemoto.es *.paypal.com *.pneucity.com *.pneumatikypriamo.com *.pneus-moto.be *.prudsys-rde.de *.reifen-direkt.lv *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.reifendirekt.lt *.reifentest.com *.reifenversand-online.de *.rengas-online.com *.tires-direct.com *.tires-easy.ca *.tirstatic.net *.trustedshops.com *.tyre-pictures.com *.vertaa.fi cdnnetwok.xyz data data: maps.googleapis.com web-assets-prod.s3.amazonaws.com; object-src 'self' *.delti.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.123pneus.be *.allo-pages.fr *.barzgumve.com *.bing.com *.bootstrapcdn.com *.co.ee *.criteo.com *.criteo.net *.delti.com *.demdex.net *.doubleclick.net *.elastika-online.gr *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.gume-direkt.com *.gume.com.hr *.gumik.hu *.miazuz.com *.mouse3k.com *.octapi.net *.open-dog.com *.optimizely.com *.paypal.com *.paypalobjects.com *.reifen-direkt.lv *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.reifendirekt.lt *.toutlannuaire.fr *.trustedshops.com *.trustpilot.com *.where.com cdnjs.cloudflare.com cdnnetwok.xyz data dnn506yrbagrg.cloudfront.net eluxer.net gwyjo92x.ru loadingpagesose.review maps.googleapis.com rvy5deb6zyzp14.ru s3.amazonaws.com urlvalidation.com worldnaturenet.xyz; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.delti.com *.googleapis.com *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.trustedshops.com; 1
default-src 'self' 'unsafe-inline' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.primetherapeutics.com *.googletagmanager.com *.gstatic.com *.youtube.com *.vimeocdn.com *.google.com *.cloudfront.net *.licdn.com *.bing.com *.google-analytics.com blob:; 1
default-src 'self' https: *.raeng.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.raeng.org.uk; style-src 'self' 'unsafe-inline' https: *.raeng.org.uk; font-src 'self' https://*.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https: *.raeng.org.uk; object-src 'self' 1
script-src 'nonce-mdOpa8ktpZqqODHDpBHniB2KtnQ=' 'unsafe-eval' 'strict-dynamic' https: ; object-src 'none'; 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com ecommerce.raiffeisenbank.rs 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.jasmin.rs *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://img.youtube.com stats.g.doubleclick.net www.google.rs www.facebook.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com s7.addthis.com *.avada.io *.googletagmanager.com connect.facebook.net stats.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.hotjar.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.b-cdn.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com ekr.zdassets.com/ get.geojs.io  *.avada.io connect.facebook.net stats.g.doubleclick.net *.facebook.com analytics.google.com  *.cardinalcommerce.com ekr.zdassets.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.eelv.fr/; img-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; object-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; frame-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://staticcdn.aus.social; img-src 'self' https: data: blob: https://staticcdn.aus.social; style-src 'self' https://staticcdn.aus.social 'nonce-+H3b9xCMXaQ2Qu6YxHStLA=='; media-src 'self' https: data: https://staticcdn.aus.social; frame-src 'self' https:; manifest-src 'self' https://staticcdn.aus.social; form-action 'self'; child-src 'self' blob: https://staticcdn.aus.social; worker-src 'self' blob: https://staticcdn.aus.social; connect-src 'self' data: blob: https://staticcdn.aus.social https://mediacdn.aus.social https://s3.ap-southeast-2.wasabisys.com wss://aus.social; script-src 'self' https://staticcdn.aus.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' blob:; img-src data: blob: * analytics.tiktok.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com *.cloudinary.com; style-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.twitter.com *.twimg.com tagmanager.google.com *.googletagmanager.com hello.myfonts.net; frame-src 'self' bytedance: sslocal: app.vwo.com *.visualwebsiteoptimizer.com certificates.easy-lms.com *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.youtube-nocookie.com www.google.com widget.trustpilot.com *.googletagmanager.com widget-prime.rafflecopter.com *.appointedd.com *.onlineexambuilder.com app.netlify.com; object-src 'self' embedwistia-a.akamaihd.net; connect-src 'self' data: wss: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.clarity.ms *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag analytics.google.com *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com *.zopim.com bat.bing.com api.cloudinary.com cdn.linkedin.oribi.io *.analytics.google.com *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.freeagent.com *.fre.ag *.googleapis.com analytics.google.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com www.clarity.ms geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com *.zopim.com *.zendesk.com netlify-cdp-loader.netlify.app; frame-ancestors 'self' https://support.freeagent.com; report-uri https://freeagent.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:; 1
frame-ancestors 'self' https://pitergsm.bitrix24.ru; 1
connect-src 350-wjf-388.mktoresp.com 350-wjf-388.mktoutil.com cdn.acsbapp.com cdn.cookielaw.org cdn.linkedin.oribi.io forms.hubspot.com mlp.moovit.com privacyportal-eu.onetrust.com stats.g.doubleclick.net www.google-analytics.com 'self' 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org acsbap.com acsbapp.com adtonus.com analytics.google.com api.adblockertool.com api.adblocknext.com api.amcreativemedia.com api.awesomeblocker.com api.datacloudstat.com api.fbanalytics.org api.mkmediaworks.com api.redirect.li api.solarspireconsulting.com api.trongrid.io api.ultimateaderaser.com browser.translate.yandex.net cdn--prod-acsb-system.acsbapp.com cdn-pr-151--acsb-system--test.acsb-test.com cdn.ampproject.org cdn.contentful.com cdnmd.global-cache.online clientstream.launchdarkly.com code.jquery.com data: detector.scamsniffer.io distillery.wistia.com doublestat.info embed-cloudfront.wistia.com en.wikipedia.org es.wikipedia.org fast.wistia.com fcgt742.com fg8vvsvnieiv3ej16jby.litix.io fr.wikipedia.org get663.com he.wikipedia.org hm.baidu.com infragrid.v.network localhost:49506 meetlookup.com metrics-dra.dt.dbankcloud.cn metrics-dre.dt.dbankcloud.cn moovit.atlassian.net my.wpengine.com notallowed-fibi.co.il pipedream.wistia.com process.acsbapp.com rdtds.net readaloud.googleapis.com redmarket.online region1.analytics.google.com searchaggr-dra.dt.dbankcloud.com searchaggr-dre.dt.dbankcloud.com ssl.google-analytics.com static-main.moovit.com tl.ytlogs.ru translate.googleapis.com triplestat.online w88p9x.com ws://localhost:56792 www.google.co.il www.google.com www.google.com.br www.googletagmanager.com yoast.com yt-skip-ads.com zone1-services-cdn.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' 350-wjf-388.mktoresp.com acsbap.com acsbapp.com app-lon09.marketo.com auth.monday.com blob: cdn.acsbapp.com cdn.cookielaw.org cdn.linkedin.oribi.io company.moovit.com config.mi:8888 data: file forms.hubspot.com forms.monday.com img.youtube.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net privacyportal-eu.onetrust.com px.ads.linkedin.com px4.ads.linkedin.com self snap.licdn.com static-main.moovit.com stats.g.doubleclick.net track.hubspot.com www.comeet.co www.google-analytics.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.nz www.google.co.uk www.google.com www.google.com.ar www.google.com.br www.google.com.ec www.google.com.hk www.google.com.mx www.google.com.my www.google.com.tw www.google.com.uy www.google.cz www.google.de www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.sk www.googleoptimize.com www.googletagmanager.com www.linkedin.com www.youtube.com; font-src 'self' fonts.gstatic.com acsbapp.com api.rabatta.app at.alicdn.com cdn.acsbapp.com cdn.goin.cloud cdn.jsdelivr.net cdn.megabonus.com cdn.scite.ai chrome-extension data: db.onlinewebfonts.com fast.wistia.com fast.wistia.net fonts.bunny.net fonts.cdnfonts.com fonts.googleapis.com github.com maxcdn.bootstrapcdn.com moz-extension qncdn.aoscdn.com ray.st themes.googleusercontent.com use.fontawesome.com use.typekit.net www.slant.co; frame-ancestors 'self' about; frame-src www.comeet.co 'self' acestream.me app-lon09.marketo.com auth.monday.com forms.monday.com gateway.zscloud.net m.youtube.com mozbar.moz.com null purplestats.com pwm-image.trendmicro.com remove.video td.doubleclick.net widgets.moovit.com www-developers-moovit-com.filesusr.com www.googletagmanager.com www.payback.it www.youtube.com; img-src 'self' cdn.acsbapp.com data: px.ads.linkedin.com static-main.moovit.com track.hubspot.com www.google-analytics.com www.google.co.il www.google.com www.google.com.ar www.google.com.br www.google.es www.google.fr www.google.it www.googletagmanager.com www.linkedin.com abs.twimg.com accessibe.com acsbapp.com agenciabrasil.ebc.com.br blob: cdn.cookielaw.org cdn.css-tricks.com cdn.honey.io company.moovit.com dify.wpengine.com elmundoporrecorrer.com embed-fastly.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net exceptions.hs-embed-reporting.com fast.wistia.com fast.wistia.net favicon.yandex.net fonts.gstatic.com hm.baidu.com i.ytimg.com img.youtube.com live.staticflickr.com m.megafonpro.ru mc.yandex.ru moovitapp.com mstat.acestream.net mwg-internal pb.sogou.com pos.baidu.com px4.ads.linkedin.com s.w.org searchlog.html5.qq.com secure.gravatar.com ssl.google-analytics.com static.moovitapp.com static.wixstatic.com stg-company.moovit.com translate.google.com translate.googleapis.com uploads-ssl.webflow.com v.gwdang.com web1.acsbapp.com widgets.moovit.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.com.af www.google.com.ag www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.fi www.google.ge www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tg www.google.tm www.google.tn www.google.tt www.google.vu www.gstatic.com www.saogoncalo.rj.gov.br www.stackoverflow.com www.youtube.com yastatic.net; script-src-elem 'self' 'unsafe-inline' acsbap.com app-lon09.marketo.com cdn.cookielaw.org data: js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net snap.licdn.com www.comeet.co www.google-analytics.com www.googleoptimize.com www.googletagmanager.com 10.17.16.106:15871 192.168.190.113:15871 192.168.190.114:15871 7896543.s3.amazonaws.com acsbapp.com agadata.online apis.google.com app.wistia.com bawimu.tifideyoye.com bokezu.tijapixuno.com cdn.ampproject.org cdn.credithub.com.br cdn.mathjax.org cdnjs.cloudflare.com code.jquery.com connect.facebook.net conoret.com data1.bemitch.com data1.bevuak.com data1.bmi-result.com data1.caliculo.com data1.cevdecer.com data1.elopaqe.com data1.fertoul.com data1.intramys.com data1.lacedefe.com data1.minoporso.com data1.pletar.com data1.pomrolo.com data1.siwathe.com data1.thetto.com fast.wistia.com fast.wistia.net fidoapi.com get663.com javascript.browser.wasscan.tenable localhost:49506 menoli.nuwipidaro.com mstat.acestream.net notallowed-fibi.co.il pilaff-up.ru plaff-go.ru s2.pstatp.com search.imtt.qq.com sijeno.fufesikera.com soidngru.colloquiumz.com ssl.google-analytics.com tafopo.navahididi.com translate-pa.googleapis.com translate.google.com translate.googleapis.com unlockcontent.online veronamile.com widgets.moovit.com www.pagespeed-mod.com yastatic.net; script-src 'self' 'unsafe-inline' acsbap.com cdn.cookielaw.org data: js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net snap.licdn.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com 'unsafe-eval' 10.112.125.205:9369 10.112.126.225:9415 10.112.25.211:9228 10.217.23.43:9297 10.54.130.156:9330 acsbapp.com app-lon09.marketo.com cdn.ampproject.org code.jquery.com connect.facebook.net fast.wistia.com fast.wistia.net wasm-eval www.comeet.co; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' app-lon09.marketo.com blob: cdn.honey.io data: fonts.bunny.net fonts.googleapis.com pwm-image.trendmicro.com www.comeet.com www.gstatic.com; style-src 'self' 'unsafe-inline' app-lon09.marketo.com cdn.honey.io data: www.gstatic.com; child-src app-lon09.marketo.com forms.monday.com www.comeet.co www.googletagmanager.com www.youtube.com; form-action 'self'; media-src blob: data: embed-fastly.wistia.com embedwistia-a.akamaihd.net static-main.moovit.com web1.acsbapp.com; prefetch-src 'self' static-main.moovit.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.alio.lt 1
default-src 'self' 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' 'unsafe-inline' https: data:; 1
default-src 'self' https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; script-src 'self' https://maps.googleapis.com https://www.gstatic.com https://code.jquery.com/ui/1.10.4/jquery-ui.min.js 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data:; 1
default-src 'none'; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com *.hotjar.com perfalytics.com cdn.mxpnl.com assets.adobedtm.com embed.typeform.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.doubleclick.net ajax.googleapis.com plus.google.com apis.google.com *.newrelic.com *.cloudfront.net *.evidon.com *.segment.com *.chargebee.com *.algolianet.com *.algolia.net cdn.jsdelivr.net appleid.cdn-apple.com cdnjs.cloudflare.com cdn.embedly.com connect.facebook.net *.facebook.com *.amazon.com *.twitter.com api.pinterest.com www.youtube.com *.vimeo.com f.vimeocdn.com *.filepicker.io photorankstatics-a.akamaihd.net bam.nr-data.net cs-bloom-community-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com cs-bloom-community-production.herokuapp.com chefsteps-catalog.herokuapp.com; connect-src 'self' *.foodthinkers.com *.hotjar.com *.filepicker.io perfalytics.com api.perfalytics.com cdn.mxpnl.com api-js.mixpanel.com bam.nr-data.net www.google-analytics.com *.doubleclick.net *.amazonaws.com *.facebook.com dgcollector.evidon.com c.evidon.com cdn.segment.com api.segment.io *.algolianet.com *.algolia.net cs-bloom-api-production.herokuapp.com cs-bloom-api-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; style-src 'self' 'unsafe-inline' embed.typeform.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com *.chargebee.com *.cloudfront.net cs-bloom-community-staging.herokuapp.com staging-chefsteps-catalog.herokuapp.com cs-bloom-community-production.herokuapp.com chefsteps-catalog.herokuapp.com; font-src 'self' data: maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com code.ionicframework.com fonts.gstatic.com fonts.gstatic.com *.cloudfront.net staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; img-src 'self' data: assets.breville.com breville.scene7.com s7ap1.scene7.com images.typeform.com *.chefsteps.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com www.placehold.it i.ytimg.com i.imgur.com *.amazon.com *.amazonaws.com *.cloudfront.net *.evidon.com *.filepicker.io staging-chefsteps-catalog.herokuapp.com chefsteps-catalog.herokuapp.com; frame-src *.cloudfront.net form.typeform.com www.youtube.com *.vimeo.com *.twitter.com *.chargebee.com match.adsrvr.org insight.adsrvr.org bid.g.doubleclick.net *.filepicker.io forum.chefsteps.com www.chefsteps.com; media-src breville.scene7.com *.amazon.com *.amazonaws.com *.cloudfront.net; manifest-src *.cloudfront.net 1
default-src * 'unsafe-inline'; font-src * data:; img-src * data:; 1
connect-src 'self'  securepubads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com csi.gstatic.com *.doubleclick.net collect.tealiumiq.com *.algolianet.com *.algolia.net ds.reson8.com cloud.elegantthemes.com analytics.google.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' thehorse.com googleads4.g.doubleclick.net tags.tiqcdn.com use.fontawesome.com *.algolia.com bluemillion.net player.vimeo.com maxcdn.bootstrapcdn.com fonts.googleapis.com s3.us-east-2.amazonaws.com ajax.googleapis.com; font-src 'self' thehorse.com data: use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com staging.thehorse.com fontawesome.com; frame-src 'self' googleads.g.doubleclick.net www.google.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.doubleclick.net player.vimeo.com *.youtube.com s0.2mdn.net player.captivate.fm *.captivate.fm www.googleadservices.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: tpc.googlesyndication.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com  pagead2.googlesyndication.com secure.gravatar.com bluemillion.net s0.2mdn.net *.googlesyndication.com googleads4.g.doubleclick.net securepubads.g.doubleclick.net i.vimeocdn.com s3.us-east-2.amazonaws.com pubads.g.doubleclick.net ad.doubleclick.net thehorse1.wpengine.com staging.thehorse.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' thehorse.com www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com pagead2.googlesyndication.com www.google.com *.googletagmanager.com adservice.google.com partner.googleadservices.com www.gstatic.com tags.tiqcdn.com use.fontawesome.com fonts.gstatic.com *.googlesyndication.com *.cdnregion.com *.tealiumiq.com securepubads.g.doubleclick.net s0.2mdn.net *.googletagservices.com ajax.aspnetcdn.com cdn.resonate.com; script-src-elem 'self' 'unsafe-inline' securepubads.g.doubleclick.net www.google.com www.googletagmanager.com tags.tiqcdn.com tpc.googlesyndication.com www.googletagservices.com www.google-analytics.com adservice.google.com pagead2.googlesyndication.com adservice.google.com partner.googleadservices.com www.gstatic.com ajax.aspnetcdn.com player.vimeo.com *.tealiumiq.com cdn.resonate.com *.cdnregion.com cdnjs.cloudflare.com *.google-analytics.com s0.2mdn.net code.jquery.com ; 1
default-src 'self' data:      https://*.gobank.com      https://*.typekit.net      https://*.typekit.com      https://*.vimeo.com      https://vimeo.com      https://secure.greendot.com      https://*.go2bankonline.com;        img-src 'self' data:      https://*.google-analytics.com      https://*.doubleclick.net      https://*.typekit.net      https://*.gobank.com      https://ds.reson8.com      https://*.go2bankonline.com      https://secure.greendot.com;       child-src 'self'      https://*.google.com      https://*.cdn-gdc.com      https://player.vimeo.com;       style-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.go2bankonline.com      https://*.typekit.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.typekit.net      https://*.google-analytics.com      https://*.googleapis.com      https://*.googleadservices.com      https://*.tt.omtrdc.net      https://*.vimeo.com      https://secure.greendot.com      https://*.go2bankonline.com      https://websdk.ujet.co;       font-src 'self' data:      https://*.typekit.com      https://*.typekit.net;       frame-src      https://websdk.ujet.co;                 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net bat.bing.com *.recaptcha.net googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net tags.tiqcdn.com cdn.optimizely.com lptag.liveperson.net lpcdn.lpsnmedia.net accdn.lpsnmedia.net cdn.appdynamics.com www.googletagmanager.com tpc.googlesyndication.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com maps.googleapis.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com bat.bing.com manifest.prod.boltdns.net *.siteintercept.qualtrics.com adservice.google.com *.brightcovecdn.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.api.brightcove.com www.google.com *.execute-api.ap-southeast-1.amazonaws.com www.facebook.com www.googletagmanager.com maps.googleapis.com ad.doubleclick.net analytics.google.com collect-ap-northeast-1.tealiumiq.com akamai.tiqcdn.com stats.g.doubleclick.net www.google-analytics.com www.google.co.in dpm.demdex.net *.sc.omtrdc.net www.hsbc.co.in *.tt.omtrdc.net rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.googletagmanager.com www.facebook.com tpc.googlesyndication.com sts-aad.auth.hsbc.com www.youtube.com td.doubleclick.net hsbcin.demdex.net 8763852.fls.doubleclick.net gateway.zscloud.net gateway.zscalerthree.net; frame-ancestors 'self' www.hsbc.co.in; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://dns-shop.kz https://*.dns-shop.kz https://chat.dns-shop.kz:8080 https://cdn.retailrocket.ru https://*.retailrocket.net https://*.retailrocket.ru https://*.yadro.ru https://webvisor.com https://bs.yandex.ru https://yandex.ru https://mc.yandex.ru https://metrika.yandex.ru https://yastatic.net https://*.yandex.st https://yandex.st https://awaps.yandex.ru https://reviewthree.com/ https://widget.cloudpayments.ru/  https://*.maps.yandex.net https://google-analytics.com https://*.google-analytics.com https://googleadservices.com https://*.googleadservices.com https://*.google.ru https://google.ru https://*.google.com https://google.com https://google.ie https://*.google.ie  https://gstatic.com https://*.gstatic.com https://www.googletagmanager.com/ https://www.youtube.com/ https://youtube.com/ https://content.24ttl.stream  https://doubleclick.net https://*.ok.ru https://ok.ru https://*.mail.ru https://mail.ru https://vk.com https://*.vk.me https://*.mycdn.me https://mycdn.me https://begun.ru https://*.begun.ru https://vsegda-da.com https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://static.criteo.net https://sslwidget.criteo.com/ https://dis.eu.criteo.com/dis/ https://eu-sonar.sociomantic.com/  https://logo.flixfacts.co.uk/ https://media.flixsyndication.net/ https://*.flix360.com/ https://assets.delvenetworks.com/ https://s.delvenetworks.com/ https://dev-origin.flixsyndication.net/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://d3nkfb7815bs43.cloudfront.net/ https://d15mv1adrb1s6e.cloudfront.net/ https://www.lg.com/ https://*.webcollage.net https://content.syndigo.com  https://ams.creativecdn.com/ https://i.s-microsoft.com/ https://cdn.ampproject.org/ https://s7.addthis.com/ https://m.addthisedge.com/ https://m.addthis.com/ https://bot.aimylogic.com/ https://fonts.googleapis.com https://cdn.diginetica.net/ https://tracking.diginetica.net/ https://connect.facebook.net/ https://zingaya.com/widget/ https://d1bvayotk7lhk7.cloudfront.net https://creativecdn.com/  https://ssl.p.jwpcdn.com/ intent://arvr.google.com https://*.doubleclick.net https://api-maps.yandex.ru https://maps.yandex.net  https://assets-jpcust.jwpsrv.com/ https://www.youtube.ru/ https://youtube.ru/ https://s.ytimg.com/ https://*.go-mpulse.net/ https://gum.criteo.com/ https://media.flixfacts.com/ https://media.flixcar.com https://content.jwplatform.com/ https://media.pointandplace.com/ https://player.pointandplace.com/  https://suggest-maps.yandex.ru https://*.flix360.io/ https://api-abtesting.flix360.io/  https://cart-service.sc-k8s.dns-shop.kz/ http://cart-service.kz-k8s.dns-shop.kz/ https://cart-service.dns-shop.kz/  https://avails.dns-shop.kz/ http://avails.dns-shop.kz/ ; img-src 'self' data: https:; font-src 'self' data: https:; media-src blob: https://media.flixcar.com/ https://*.webcollage.net/ https://content.24ttl.stream/; connect-src 'self' https://*.dns-shop.kz https://*.retailrocket.net https://*.retailrocket.ru https://ohio8.vchecks.me https://hls-jp.jwpsrv.com/ https://content.jwplatform.com/ https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/ https://bam.nr-data.net https://api.retailrocket.net https://api.retailrocket.ru https://content.syndigo.com/ https://google-analytics.bi.owox.com/ https://api-maps.yandex.ru/ https://content.24ttl.stream/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://m.addthis.com/live/red_lojson/ https://s7.addthis.com/l10n/ https://top-fwz1.mail.ru/ https://bot.aimylogic.com/restapi/ wss://chat.dns-shop.ru https://chat.dns-shop.ru https://e-shop.homecredit.ru https://media.pointandplace.com/ https://media.flixcar.com/ https://autocomplete.diginetica.net/ https://www.facebook.com/tr/ http://shops.dns-shop.kz/ https://shops.dns-shop.kz/  https://firebaseinstallations.googleapis.com/ https://fcmregistrations.googleapis.com/ https://api-abtesting.flix360.io/ http://cart-service.sc-k8s.dns-shop.kz/ https://cart-service.dns-shop.kz/ https://app-terminal-future.dns-shop.kz/; frame-src 'self' intent: https://e-shop.homecredit.ru https://*.fls.doubleclick.net/ https://club.dns-shop.ru https://eu-sonar.sociomantic.com/ https://reviewthree.com/ https://media.flixfacts.com/ https://media.flixcar.com/ https://d3nkfb7815bs43.cloudfront.net/ https://gstatic.com https://www.google.com https://optimize.google.com https://ftp.dexp.club/ https://widget.cloudpayments.ru/ https://content.24ttl.stream/  https://www.facebook.com/ intent://arvr.google.com https://d15mv1adrb1s6e.cloudfront.net/ https://media.pointandplace.com/ https://media.flixcar.com/ https://media.flixfacts.com/ https://media.flixsyndication.net/ https://*.flix360.com/ https://ftp.dns-shop.ru/ https://www.youtube.com https://api-maps.yandex.ru/ https://d3np41mctoibfu.cloudfront.net/ https://content.jwplatform.com https://assets-jpcust.jwpsrv.com/ https://ssl.p.jwpcdn.com/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://player.pointandplace.com/  https://t.pointandplace.com/  https://t.flix360.com/ https://Syndication.flix360.com/ https://*.flix360.io/ https://api-abtesting.flix360.io/; worker-src blob: https://dns-shop.ru https://*.dns-shop.ru 1
report-uri https://sentry.hypermetrica.com/api/3/security/?sentry_key=1c86dba6158c4b999ba644585f98f84d&sentry_environment=production;default-src 'none';base-uri 'self';img-src 'self' data: mc.yandex.ru mc.yandex.com www.googletagmanager.com;manifest-src 'self';connect-src 'self' mc.yandex.ru mc.yandex.md mc.yandex.com ymetrica1.com sentry.hypermetrica.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' mc.yandex.ru mc.yandex.com www.googletagmanager.com 'nonce-lVABfQv3H0zZv0ZWbfD2a3zE278DuP1o';script-src-elem 'self' 'unsafe-inline' mc.yandex.ru mc.yandex.com yastatic.net www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;child-src 'self' blob: mc.yandex.ru mc.yandex.com;form-action 'self';frame-ancestors 'none';frame-src blob: yandex.ru mc.yandex.ru mc.yandex.md mc.yandex.com;upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors 'self' https://egypt-now.net https://alarabnow.net https://saudi-now.com/; 1
upgrade-insecure-requests; default-src 'self' 'report-sample'; frame-ancestors 'self'; style-src 'self' 'nonce-0fcdf64ef71cc360a9a26851c2978d18' https://accounts.google.com/gsi/style; script-src 'self' 'report-sample' 'strict-dynamic' 'nonce-0fcdf64ef71cc360a9a26851c2978d18'; connect-src 'self' https://api.nicex.com https://capture.trackjs.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://accounts.google.com/gsi/ wss://*.ws.nicex.com wss://*.nicehash.com; img-src 'self' 'report-sample' https://api.nicex.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://usage.trackjs.com https://i.ytimg.com https://img.youtube.com https://www.gstatic.com https://www.google.com https://static.nicehash.com https://nicex.banxa.com/images/payment-providers/ data:; base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://api.nicehash.com; child-src 'self' https://recaptcha.net https://www.google.com https://youtube.com https://www.youtube.com https://api.sumsub.com https://accounts.google.com/gsi/; report-uri /_csp_; report-to active 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.midwestliving.com 1
frame-ancestors 'self' https://reviewtrackers.app.workramp.com https://inmoment.app.workramp.com 1
frame-ancestors 'self' https://www.mibaby.de/ https://jupiter.kk.lan/ 1
img-src 'self' 'unsafe-eval' data: https://www.snapsurveys.com https://v2.zopim.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.co.uk https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://ct.capterra.com https://11f666a64f9514fe2437-501cd984d9c7b3ac1a3daebffdc0785b.ssl.cf3.rackcdn.com https://eiyhl.stripocdn.email; style-src 'self' 'unsafe-inline' 'report-sample' https://use.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://widget-mediator.zopim.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://v2.zopim.com https://static.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cse.google.com; font-src 'report-sample' 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://v2.zopim.com; connect-src 'self' https://ekr.zdassets.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://yoast.com wss://widget-mediator.zopim.com https://www.google.co.uk https://*.analytics.google.com; frame-src 'self' https://*.snapsurveys.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://securityscorecard.com; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' ; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self';frame-ancestors 'self' https://*.snapsurveys.com 1
frame-ancestors 'self' https://app.storyblok.com http://app.storyblok.com https://account.efultimatebreak.com https://cart.efultimatebreak.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://pixel.adsafeprotected.com https://static.adsafeprotected.com https://ad.doubleclick.net https://cse.google.com http://cse.google.com http://maps.google.com https://maps.google.com http://maps.googleapis.com https://maps.googleapis.com https://www.google.com https://www.googleapis.com https://apis.google.com https://www.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com www.googletagservices.com https://adservice.google.com https://adservice.google.fr https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://code.jquery.com http://assets.pinterest.com https://assets.pinterest.com http://log.pinterest.com https://connect.facebook.net http://bs.serving-sys.com http://ds.serving-sys.com http://logv5.xiti.com https://az124611.vo.msecnd.net https://az551914.vo.msecnd.net http://analytics-eu.clickdimensions.com https://www.googletagmanager.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Z9w4LBnEM00gEyLiaLh7ig=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' https://t.teads.tv https://cm.teads.tv https://acdneu2wrdap01ecdn02.azureedge.net https://acdneu2wrdad01ecdn02.azureedge.net https://acdneu2wrdac01ecdn02.azureedge.net https://bf48682ovb.bf.dynatrace.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://p.teads.tv https://analytics.tiktok.com https://optimize.google.com https://www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://detectca.easysol.net http://detectca.easysol.net https://maps.googleapis.com https://js-cdn.dynatrace.com; img-src 'self' https://l.teads.tv https://t.teads.tv https://optimize.google.com https://acdneu2wrdap01ecdn02.azureedge.net https://acdneu2wrdad01ecdn02.azureedge.net https://acdneu2wrdac01ecdn02.azureedge.net https://www.google-analytics.com www.google-analytics.com https://www.google.com https://www.facebook.com https://detectca.easysol.net http://detectca.easysol.net https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com http://www.googletagmanager.com https://www.google.com.pe data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' https://static-bcp.azureedge.net https://fonts.gstatic.com data:; child-src https://www.google.com https://maps.googleapis.com; object-src 'none'; frame-src https://optimize.google.com; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com wss://*.timebook.ru *.timebook.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com mc.yandex.ru https://maps.google.com https://maps.googleapis.com *.timebook.ru; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.timebook.ru fonts.googleapis.com; img-src 'self' https://www.google-analytics.com *.timebook.ru *.timebook.ru data: *.timebook.ru blob: *.timebook.ru; 1
frame-ancestors https://*.niceic.com https://niceic.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com https://*.uxtweak.com https://www.clarity.ms/tag/9u8kzuuuo8 https://*.teams.cdn.office.net https://*.botframework.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' blob: https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/ https://*.uxtweak.com https://www.slideshare.net https://*.microsoft.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws: https://*.customsearch.ai https://*.google-analytics.com https://*.uxtweak.com https://*.api.powerplatform.com *.botframework.com; report-uri /en/admin/config/system/seckit/csp-report 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; worker-src blob:; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' js.arcgis.com use.typekit.net p.typekit.net tagmanager.google.com fonts.googleapis.com www.googletagmanager.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.browsealoud.com plus.browsealoud.com js.arcgis.com web103.reachmee.com www.youtube.com consentcdn.cookiebot.com consent.cookiebot.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.youtube.com/iframe_api s.ytimg.com cdnjs.cloudflare.com code.jquery.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com code.jquery.com cdn.jsdelivr.net; font-src 'self' js.arcgis.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com use.typekit.net; img-src 'self' data: 'unsafe-inline' server.arcgisonline.com cdn.arcgis.com services.arcgisonline.com i.ytimg.com img.youtube.com ssl.gstatic.com www.google-analytics.com webbstatistik.sfv.se www.googletagmanager.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com www.google-analytics.com fastly.picsum.photos dummyimage.com; connect-src 'self' blob: speech-eu.speechstream.net www.browsealoud.com plus.browsealoud.com arcgis.com static.arcgis.com basemaps.arcgis.com services.arcgisonline.com cdn.arcgis.com www.arcgis.com js.arcgis.com www.google-analytics.com consentcdn.cookiebot.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com www.google-analytics.com; frame-src 'self' kartor.sfv.se consentcdn.cookiebot.com sfv.maps.arcgis.com www.youtube.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com *.mediaflowpro.com web103.reachmee.com; frame-ancestors 'self'; media-src 'self' mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com blob: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.gstatic.com www.google.com  ws.edb.gov.hk chatbot.edb.gov.hk applications.edb.gov.hk code.createjs.com; img-src 'self' *.youtube.com www.cmab.gov.hk data:; frame-src 'self' www.google.com *.youtube.com *.facebook.com emm.edcity.hk chatbot.edb.gov.hk *.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com chatbot.edb.gov.hk; font-src 'self' fonts.gstatic.com; connect-src 'self' www.search.gov.hk ws.edb.gov.hk chatbot.edb.gov.hk; media-src 'self' www.cmab.gov.hk; 1
upgrade-insecure-requests; frame-ancestors 'self' http: https: www.colombiaaprende.edu.co; default-src 'self' d2m1zw38230ngs.cloudfront.net d3j4pzt8k2yqfj.cloudfront.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com www.youtube.com translate.googleapis.com translate-pa.googleapis.com translate.google.com fonts.googleapis.com d2m1zw38230ngs.cloudfront.net use.edgefonts.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com translate.google.com fonts.googleapis.com d2m1zw38230ngs.cloudfront.net; font-src 'self' fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com; img-src 'self' data: www.google-analytics.com www.gstatic.com d2m1zw38230ngs.cloudfront.net d3j4pzt8k2yqfj.cloudfront.net contenidos.colombiaaprende.edu.co colombiaaprende.edu.co www.colombiaaprende.edu.co movil.colombiaaprende.edu.co contactomaestro.colombiaaprende.edu.co eco.colombiaaprende.edu.co bibliotecadigital.colombiaaprende.edu.co redaprende.colombiaaprende.edu.co campus.colombiaaprende.edu.co i.ytimg.com barcelobavaro.odilo.us covers.odilo.io www.googletagmanager.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com translate.googleapis.com fonts.googleapis.com cdn.jsdelivr.net; frame-src view.genial.ly  www.facebook.com facebook.com www.youtube.com youtube.com www.colombiaaprende.edu.co colombiaaprende.edu.co fonts.gstatic.com; form-action 'self' https: http: www.colombiaaprende.edu.co; media-src 'self'; 1
default-src 'self' data: blob: https://*.vetmedstat.com https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             connect-src 'self' https://*.vetmedstat.com https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.fullstory.com https://whatfix.com https://*.whatfix.com https://*.mopinion.com;             font-src 'self' data:  https://fonts.gstatic.com https://*.mopinion.com;             frame-ancestors 'self' https://*.vetmedstat.com;             frame-src 'self' https://*.vetmedstat.com https://*.whatfix.com https://whatfix.com https://player.vimeo.com;             img-src 'self' data: https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.idexximagebank.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://fonts.gstatic.com https://*.fullstory.com https://browser-update.org https://i.vimeocdn.com https://*.whatfix.com https://whatfix.com;             script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://*.mopinion.com;             worker-src 'self' blob:; 1
script-src www.huntsman.com *.equisolve.net qmod.quotemedia.com assets.adobedtm.com app.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com *.googletagmanager.com browser-update.org fast.fonts.net cdnjs.cloudflare.com/ajax/libs/font-awesome/ *.onetrust.com cdn.cookielaw.org api.mapbox.com snap.licdn.com px.ads.linkedin.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.podbean.com huntsman.jcwcreative.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src www.huntsman.com *.equisolve.net qmod.quotemedia.com assets.adobedtm.com app.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com *.googletagmanager.com browser-update.org fast.fonts.net cdnjs.cloudflare.com/ajax/libs/font-awesome/ *.onetrust.com cdn.cookielaw.org api.mapbox.com snap.licdn.com px.ads.linkedin.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.podbean.com huntsman.jcwcreative.com d1io3yog0oux5.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: oppocommunity: oppostore: webcompt: *; frame-ancestors 'self' *.oppo.com *.oppo.cn *.opposhop.cn *.wanyol.com; report-uri https://ti.oppo.com/csp/DataReport; report-to https://ti.oppo.com/csp/DataReport; 1
report-uri https://extra.cw 1
frame-ancestors *.indigitall.com intranet.tafs-corp.com  dashboard.movistar.com.sv *.movistar.com.sv activar.movistar.com.sv  contenido.movistar.com.sv  roaming.movistar.com.sv  movistar.com.sv  tienda.movistar.com.sv moviclub.movistar.com.sv www.movistar.com.sv wordpress.com jetpack.com jetpack.wordpress.com blog.movistar.com.sv; 1
frame-ancestors 'self' https://platform.servicewhale.com https://contractorfinder.iko.com; 1
default-src 'self'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline'; object-src 'none'; 1
frame-src 'self' www.gerifonds.ch https://www.gerifonds.ch platform.twitter.com e.infogram.com www.facebook.com http://www.bcv.ch https://rdir.mail.bcv.ch syndication.twitter.com www.newhome.ch infogram.com;   object-src 'self' data: blob: www.gerifonds.ch;  media-src 'self' data: blob: api.de.kaltura.com vodcdn.de.kaltura.com livecdn.de.kaltura.com api.frp2.ovp.kaltura.com cfvod.frp2.ovp.kaltura.com;  script-src-elem 'self' 'unsafe-inline' maps.googleapis.com maps.google.com googletagmanager.com api.twitter.com platform.twitter.com cdn.syndication.twimg.com assets.adobedtm.com api.de.kaltura.com connect.facebook.net snap.licdn.com *.analytics.edgekey.net e.infogram.com code.jquery.com www.newhome.ch www.gerifonds.ch www.bcv.ch api.frp2.ovp.kaltura.com  infogram.com/js/dist/embed-loader-min.js;  script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' blob: api.de.kaltura.com *.analytics.edgekey.net e.infogram.com www.newhome.ch www.gerifonds.ch api.frp2.ovp.kaltura.com  infogram.com/js/dist/embed-loader-min.js;  style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com ton.twimg.com platform.twitter.com;  font-src 'self' data: fonts.gstatic.com api.de.kaltura.com vodcdn.de.kaltura.com api.frp2.ovp.kaltura.com infogram.com/js/dist/embed-loader-min.js;  img-src 'self' data: maps.google.com maps.gstatic.com pbs.twimg.com api.de.kaltura.com vodcdn.de.kaltura.com stats.bcv.ch stats.bcv.ch www.facebook.com px.ads.linkedin.com px4.ads.linkedin.com bcv.sc.omtrdc.net syndication.twitter.com cdn.amcharts.com www.bcv.ch api.frp2.ovp.kaltura.com cfvod.frp2.ovp.kaltura.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.statistikbanken.dk https://apichart.statbank.dk/ https://api.statbank.dk https://api.cludo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-script.monsido.com https://heatmaps.monsido.com https://www.thinglink.com https://siteimproveanalytics.com https://code.highcharts.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://az551914.vo.msecnd.net https://www.dst.dk/; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://cdn-eu.clickdimensions.com https://fonts.googleapis.com/; img-src 'self' data: blob: https://tracking.monsido.com https://i.vimeocdn.com https://api.cludo.com https://www.statistikbanken.dk https://sdg.statistikbank.dk https://133097.global.siteimproveanalytics.io https://cdn-eu.clickdimensions.com https://www.dst.dk/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/; frame-src 'self' data: https://player.vimeo.com https://h5p.laerit.dk https://www.thinglink.com https://statistikbanken.dk https://statbank.dk https://www.statbank.dk https://www.statistikbanken.dk https://www.dst.dk/ https://interviewer.dst.dk https://export.highcharts.com/ https://apichart.statbank.dk/; form-action 'self' https://dstsurvey.dst.dk https://dstsurvey.dk https://analytics-eu.clickdimensions.com https://export.highcharts.com https://srvblaiseprod3.dst.dk https://study.epinionglobal.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; connect-src 'self' https://heatmaps.monsido.com https://www.statistikbanken.dk https://apichart.statbank.dk/ https://api.statbank.dk https://api.cludo.com 1
base-uri 'self'; form-action 'self' www.facebook.com forms-eu1.hsforms.com pyithubawa.net; frame-ancestors 'self' www.currencycloud.com; upgrade-insecure-requests ; child-src blob: go.currencycloud.com bid.g.doubleclick.net www.google.com forms-eu1.hsforms.com embed.podcasts.apple.com embed.sounder.fm player.vimeo.com www.youtube.com; connect-src 'self' data: region1.analytics.google.com api.clearout.io api.cognitive.microsofttranslator.com google.com ds.cookiehub.net policy.cookiereports.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com www.currencycloud.com metrics2.data.hicloud.com ad.doubleclick.net www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com region1.google-analytics.com www.google-analytics.com translate.googleapis.com www.google.co.cr adservice.google.com analytics.google.com www.google.com www.google.com.sg www.google.co.uk www.google.de pagead2.googlesyndication.com www.googletagmanager.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com forms-eu1.hscollectedforms.net js-eu1.hscollectedforms.net forms-eu1.hsforms.com js-eu1.hs-scripts.com api-eu1.hubapi.com forms-eu1.hubspot.com mainnet.infura.io cdn.linkedin.oribi.io edge.microsoft.com cookiehub.net hubspot-forms-static-embed-eu1.s3.amazonaws.com scout.salesloft.com analytics.twitter.com plugin.ucads.ucweb.com gjtrack.ucweb.com infragrid.v.network njs.wigoal.com; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: px.ads.linkedin.com static.ads-twitter.com p.adsymptotic.com js.chilipiper.com t.co ds.cookiehub.net assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com www.facebook.com connect.facebook.net bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com region1.google-analytics.com www.google-analytics.com fonts.googleapis.com www.google.co.il adservice.google.com www.google.com www.google.com.au www.google.com.br www.google.co.uk www.google.de www.google.ee www.google.fr www.google.hu www.google.nl www.googleoptimize.com www.google.pl pagead2.googlesyndication.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net forms-eu1.hsforms.com perf-eu1.hsforms.com js-eu1.hsforms.net js-eu1.hs-scripts.com api-eu1.hubapi.com forms-eu1.hubspot.com track-eu1.hubspot.com snap.licdn.com www.linkedin.com cookiehub.net hubspot-forms-static-embed-eu1.s3.amazonaws.com scout-cdn.salesloft.com scout.salesloft.com analytics.twitter.com player.vimeo.com www.youtube.com; font-src 'self' data: at.alicdn.com zip.co fonts.gstatic.com www.slant.co use.typekit.net; frame-src embed.acast.com vimeo.com wwatchvideos.com blog.currencycloud.com go.currencycloud.com www.currencycloud.com td.doubleclick.net https://*.duosecurity.com www.facebook.com sounder.fm bid.g.doubleclick.net googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com www.googletagmanager.com forms-eu1.hsforms.com app-eu1.hubspot.com www.linkedin.com mozbar.moz.com developer.mozilla.org pitc.nube.53.com embed.podcasts.apple.com www.recaptcha.net cf-media.sndcdn.com w.soundcloud.com embed.sounder.fm filter.techloq.com player.vimeo.com api.xiaoduis.com www.youtube.com; img-src 'self' data: p.adsymptotic.com region1.analytics.google.com t.co policy.cookiereports.com assets.currencycloud.com www.currencycloud.com ad.doubleclick.net www.facebook.com googleads.g.doubleclick.net www.google.ad www.googleadservices.com www.google.ae www.google.am region1.google-analytics.com www.google-analytics.com translate.googleapis.com www.google.at www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr adservice.google.com translate.google.com www.google.com www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.ml www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn pagead2.googlesyndication.com www.googletagmanager.com www.google.tn secure.gravatar.com fonts.gstatic.com www.gstatic.com forms-eu1.hsforms.com forms.hsforms.com perf-eu1.hsforms.com forms.hubspot.com track-eu1.hubspot.com track.hubspot.com *.linkedin.com www.linkedin.com is3-ssl.mzstatic.com co-asset.s3.ap-south-1.amazonaws.com embed.sounder.fm analytics.twitter.com scout.us1.salesloft.com i.vimeocdn.com i.ytimg.com; manifest-src 'self'; media-src data:; object-src 'none'; script-src 'nonce-wosBXVIc1y9yVtUVjlOgvPmvRUzV7INQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'  'self'   inline self wasm-eval static.ads-twitter.com js.chilipiper.com script.crazyegg.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.google.com www.google.com.my www.googleoptimize.com pagead2.googlesyndication.com www.googletagmanager.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hs-scripts.com snap.licdn.com cookiehub.net scout-cdn.salesloft.com embed.sounder.fm; script-src-attr 'nonce-wosBXVIc1y9yVtUVjlOgvPmvRUzV7INQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'   'report-sample'; script-src-elem 'nonce-wosBXVIc1y9yVtUVjlOgvPmvRUzV7INQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'  'self'  'report-sample' static.ads-twitter.com js.chilipiper.com policy.cookiereports.com script.crazyegg.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.google.com www.googleoptimize.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hs-scripts.com gc.kes.v2.scr.kaspersky-labs.com me.kes.v2.scr.kaspersky-labs.com snap.licdn.com cookiehub.net cdn.randomhow.com scout-cdn.salesloft.com embed.sounder.fm; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com www.gstatic.com cookiehub.net; style-src-attr 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' www.currencycloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com www.gstatic.com cookiehub.net adblockers.opera-mini.net; worker-src blob:; report-uri https://darwinapps.report-uri.com/r/d/csp/enforce; 1
default-src 'self' *.myhorsez.com https://static.myhorsez.com https://cdn.jsdelivr.net https://consent.cookiebot.com https://www.googletagmanager.com https://ajax.googleapis.com https://mollie.nl *.mollie.nl *.googleapis.com https://cdn.tiny.cloud *.cloudflare.com https://js.chargebee.com https://code.jquery.com https://unpkg.com https://cdn.datatables.net https://www.gstatic.com https://google.com *.google.com *.cookiebot.com https://www.google-analytics.com *.google-analytics.com *.doubleclick.net https://analytics.tiktok.com https://myhorsez-test.chargebee.com/ https://myhorsez.chargebee.com/ *.googlesyndication.com *.sentry.io;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://consent.cookiebot.com https://mollie.nl *.mollie.nl *.googleapis.com https://cdn.tiny.cloud *.cloudflare.com https://js.chargebee.com https://code.jquery.com https://unpkg.com https://cdn.datatables.net https://www.gstatic.com https://google.com *.google.com *.cookiebot.com  https://myhorsez-test.chargebee.com/ https://myhorsez.chargebee.com/ *.googlesyndication.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://consent.cookiebot.com https://www.googletagmanager.com https://ajax.googleapis.com https://mollie.nl *.mollie.nl *.googleapis.com https://cdn.tiny.cloud *.cloudflare.com https://js.chargebee.com https://code.jquery.com https://unpkg.com https://cdn.datatables.net https://www.gstatic.com https://google.com *.google.com *.cookiebot.com connect.facebook.net https://www.google-analytics.com https://analytics.tiktok.com https://myhorsez-test.chargebee.com/ https://myhorsez.chargebee.com/ *.googlesyndication.com *.sentry-cdn.com;img-src 'self' https: data:;font-src 'self' data: https://consent.cookiebot.com https://ajax.googleapis.com https://mollie.nl *.mollie.nl *.googleapis.com https://cdn.tiny.cloud *.cloudflare.com https://js.chargebee.com https://code.jquery.com https://unpkg.com https://cdn.datatables.net https://www.gstatic.com https://google.com *.google.com *.cookiebot.com https://fonts.gstatic.com  https://myhorsez-test.chargebee.com/ https://myhorsez.chargebee.com/ *.googlesyndication.com;frame-src https://consent.cookiebot.com https://www.googletagmanager.com https://mollie.nl *.mollie.nl *.googleapis.com https://cdn.tiny.cloud *.cloudflare.com https://js.chargebee.com https://code.jquery.com https://unpkg.com https://cdn.datatables.net https://www.gstatic.com https://google.com *.google.com *.cookiebot.com https://myhorsez-test.chargebee.com/ https://myhorsez.chargebee.com/ *.googlesyndication.com; 1
default-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/; script-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://viacep.com.br/; style-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/ https://fonts.googleapis.com/; connect-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/ https://analytics.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/; img-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/ https://www.google-analytics.com/ https://www.facebook.com/ http://www.w3.org/2000/svg/ data: https:; font-src https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/ https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2; frame-src data: https://www.facebook.com/ https://drive.google.com/ https://www.google.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net/ https://www.natalpremiadopr.com.br/ https://natalpremiadopr.com.br/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://intercept.inmoment.com.au https://intercept-client.inmoment.com.au https://csc.inmoment.com https://challenges.cloudflare.com https://ap9.salesforce.com https://*.lightning.force.com https://*.secure.force.com https://*.salesforceliveagent.com https://*.google.com https://*.cybersource.com https://*.mapbox.com https://*.tiles.mapbox.com https://cdn.loop11.com https://*.readspeaker.com https://www.bugherd.com https://*.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.segment.com https://d2iiunr5ws5ch1.cloudfront.net https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://optimize.google.com https://service.force.com https://probe-t4v.my.salesforce-sites.com; child-src blob: https://*.vic.gov.au https://*.cybersource.com https://*.readspeaker.com https://*.youtube.com https://youtube.com https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net ; img-src 'self' * data: blob: https://*.cybersource.com https://*.google-analytics.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://probe-t4v.my.salesforce-sites.com https://*.secure.force.com https://service.force.com https://optimize.google.com https://fonts.googleapis.com *.readspeaker.com https://d6tizftlrpuof.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net; frame-src feedback.inmoment.com.au https://challenges.cloudflare.com https://ap9.salesforce.com https://service.force.com https://app.powerbi.com 'self' https://optimize.google.com https://h.online-metrix.net https://*.cybersource.com *.readspeaker.com https://*.youtube.com https://youtube.com https://d6tizftlrpuof.cloudfront.net; 1
upgrade-insecure-requests; frame-ancestors 'self' https://luxe.digital 1
frame-ancestors same; report-uri /report-csp-violation 1
script-src 'self' https://www.gstatic.com/recaptcha/releases/ *.googleadservices.com *.googleapis.com *.typekit.net *.bootstrapcdn.com *.google-analytics.com *.informz.net static.zdassets.com pod-27.zendesk.com *.trustarc.com *.feathr.co *.livechatinc.com *.zdassets.com *.googletagmanager.com *.pardot.com *.licdn.com *.ads-twitter.com *.twitter.com *.hotjar.com *.facebook.net *.hs-scripts.com *.youtube.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.addthis.com *.google.com *.googlesyndication.com code.jquery.com players.brightcove.net *.moatads.com *.addthisedge.com *.googletagservices.com afp.informz.net googletagservices.com s7.addthis.com tableau.com *.hsforms.net https://js.usemessages.com/conversations-embed.js 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://forms.hsforms.com/ https://app.keysurvey.com/f/41660076/3f4c/ https://financeandaccountantcareers.com/ https://www.mfamonitor.com/ https://consent-pref.trustarc.com/ https://www.keysurvey.com public.tableau.com consent.trustarc.com *.doubleclick.net *.hotjar.com *.addthis.com *.youtube.com *.hapyak.com blueprint.freeman.com *.ceros.com players.brightcove.net *.safeframe.googlesyndication.com *.googlesyndication.com *.google.com *.libsyn.com https://videos.insightpath.io/ https://app.hubspot.com/ https://www.opinionstage.com/; object-src 'self' 1
default-src 'self' boxbox.club; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net *.facebook.com www.facebook.com; child-src 'self' connect.facebook.net *.facebook.com www.facebook.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'self'; connect-src *; font-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.svatantramicrofin.com svatantramicrofin.com analytics.google.com google.co.in www.google.co.in google.com www.google.com googletagmanager.com www.googletagmanager.com cdn.jsdelivr.net fonts.gstatic.com google-analytics.com www.google-analytics.com cdnjs.cloudflare.com fonts.googleapis.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net developers.google.com logo.page-source.com korneacloud.in; 1
frame-ancestors 'self' *.autoshowodd.com *.assistbox.io; 1
default-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au use.typekit.net p.typekit.net cdn.plyr.io 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au data: blob: 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-5C4D9474E65EA64F85973900ECAD7EDA' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-5C4D9474E65EA64F85973900ECAD7EDA'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.novamora.nl/API/Site/CspReport 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com 1
default-src 'none'; connect-src 'self' https:; base-uri 'none'; form-action 'self' https://www.facebook.com/ https://forms.hsforms.com; font-src 'self' data: https://fonts.gstatic.com https://netdna.bootstrapcdn.com; frame-ancestors 'none'; img-src 'self' https://perf-na1.hsforms.com/ https://www.google.com.tw https://www.facebook.com/ https://polo.feathr.co/ https://match.adsrvr.org https://www.google.com https://bat.bing.com/ https://marco.feathr.co/ https://px.ads.linkedin.com https://track.hubspot.com/ https://i.picsum.photos https://picsum.photos/ https://perf.hsforms.com https://forms.hsforms.com https://forms-na1.hsforms.com data: https://img.youtube.com; script-src 'self' https://js.hubspot.com/ https://polo.feathr.co/ https://cdn.feathr.co/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://snap.licdn.com https://js.hsadspixel.net https://js.usemessages.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-scripts.com https://js.hs-analytics.net/ https://www.google-analytics.com/ https://www.gstatic.com https://js.hsforms.net https://www.google.com blob: 'unsafe-eval' https://www.youtube.com 'unsafe-inline' https://netdna.bootstrapcdn.com https://connect.facebook.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  http://netdna.bootstrapcdn.com; frame-src 'self' https://td.doubleclick.net/ https://www.bilibili.com/ https://www.facebook.com/ https://app.hubspot.com https://account.b1g1.com https://forms.hsforms.com https://www.youtube.com/ https://www.google.com/ https://player.youku.com/ https://player.bilibili.com/ 1
default-src 'self' data: wss: blob: 'unsafe-inline' 'unsafe-eval' bbox.blackbaudhosting.com payments.blackbaud.com *.algolia.net *.algolianet.com players.brightcove.net video.ibm.com widget.gleamjs.io gleam.io *.instagram.com s.w.org *.fbgcdn.com www.foodbooking.com www.eventbrite.ca outlook.office365.com forms.office.com *.mailchimp.com *.list-manage.com s3.amazonaws.com www.rrctours.ca video.rrc.ca etv.academic.rrc.ca training.mediasite.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io *.quantserve.com *.quantcount.com *.adsrvr.org *.gravatar.com *.adsymptotic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.google.ca *.googletagmanager.com *.gstatic.com *.doubleclick.net *.linkedin.com *.licdn.com vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com www.youtube-nocookie.com *.fontawesome.com *.hyvor.com *.cloudflare.com; base-uri 'self'; form-action 'self' *.facebook.com *.list-manage.com; frame-ancestors 'none'; worker-src blob:; object-src 'none'; img-src https: data:; report-uri https://rrcpolytech.report-uri.com/r/d/csp/enforce; 1
object-src 'none'; script-src 'nonce-pSUf5DcSm4k8fPvKu5lyRA==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/; 1
default-src 'none';script-src 'self' 'unsafe-inline' https://cdn.glosor.eu 'nonce-72655061511687725386' 'strict-dynamic';style-src 'self' 'unsafe-inline' https://cdn.glosor.eu;font-src https://cdn.glosor.eu;connect-src 'self' https://cdn.glosor.eu;img-src 'self' https://cdn.glosor.eu;media-src 'self' https://cdn.glosor.eu;base-uri 'self'; 1
Connect-src 'Self', img-src 'self' data:, frame-ancestors 'self', font-src 'self', media-src 'self', object-src 'self' data:, manifest-src 'self', worker-src 'self', prefetch-src 'self', form-action https://msftauth.net https://aadcdn.msauth.net  https://Login.microsoftonline.com https://hrpowerup.com https://hrpowerupinternal.powervision.co.th https://hrpowerupinternal2.powervision.co.th https://srv5-003.powervision.co.th 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com https:; style-src https: 'self' 'unsafe-inline' cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com use.typekit.net; connect-src 'self' embed-ssl.wistia.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net fast.wistia.net embed-ssl.wistia.com distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com cdp-dv-frontend-cdne.azureedge.net cdp-qa-frontend-cdne.azureedge.net web performance.typekit.net identity-dv-web.azurewebsites.net identity-dev.nwnatural.com identity-qa.nwnatural.com identity-st.nwnatural.com identity-pd.nwnatural.com identity.nwnatural.com webapi-dev.nwnatural.com webapi-qa.nwnatural.com webapi-st.nwnatural.com webapi-pd.nwnatural.com api.nwnatural.com maps.googleapis.com; media-src blob: 'self' embed-ssl.wistia.com fast.wistia.net embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com; worker-src blob: 'self' embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com; font-src 'self' data: use.typekit.net fonts.typekit.net fonts.gstatic.com; img-src https: 'self' www.google-analytics.com p.typekit.net secure.surveymonkey.com data:; form-action 'self' identity-qa-web.azurewebsites.net identity-dev.nwnatural.com identity-qa.nwnatural.com identity-st.nwnatural.com identity-pd.nwnatural.com identity.nwnatural.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.isstarprod.hsbc.com.ar googleads.g.doubleclick.net connect.facebook.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com cdn.appdynamics.com cdn-assets-prod.s3.amazonaws.com *.watson.appdomain.cloud; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.isstarprod.hsbc.com.ar *.brightcovecdn.com *.siteintercept.qualtrics.com adservice.google.com http://127.0.0.1:5000 http://127.0.0.1:5000/* www.facebook.com www.googletagmanager.com www.google.com maps.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.google.com.ar ad.doubleclick.net *.tt.omtrdc.net *.sc.omtrdc.net akamai.tiqcdn.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net *.qualtrics.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.youtube.com www.facebook.com; frame-ancestors 'self' www.hsbc.com.ar; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com static3.avast.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src	'self'	; script-src	'self' 'unsafe-inline'	https://*.adobe.com	https://*.clarity.ms	https://*.demdex.net	https://*.onetrust.com	https://assets.adobedtm.com	https://bat.bing.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net	https://connect.facebook.net	https://dc.ads.linkedin.com/	https://googleads.g.doubleclick.net/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://sjs.bizographics.com/	https://www.google.com/	https://www.google.com/recaptcha/	https://www.google.de/	https://www.googleadservices.com/	https://www.googletagmanager.com/	https://www.gstatic.com/recaptcha/	https://www.youtube.com	; style-src	'self' 'unsafe-inline'	https://fonts.googleapis.com; connect-src	'self'	https://*.112.2o7.net	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net	https://*.omtrdc.net	https://*.onetrust.com	https://airfiltration.mann-hummel.com/	https://assets.adobedtm.com	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net	https://dc.ads.linkedin.com/	https://filtron.eu/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tridim.mann-hummel.com/	https://www.facebook.com	https://www.mann-hummel.com/	https://www.purolatornow.com	; font-src	data:	https://fonts.gstatic.com	; img-src	'self'	data:	https://*.112.2o7.net	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net	https://*.doubleclick.net/	https://*.ggpht.com	https://*.google.com/	https://*.google.de/	https://*.googleapis.com	https://*.omtrdc.net	https://ad.doubleclick.net/	https://ade.googlesyndication.com/	https://assets.adobedtm.com	https://bat.bing.com/	https://c.bing.com	https://cm.everesttech.net	https://googleads.g.doubleclick.net/	https://i.ytimg.com	https://maps.gstatic.com	https://p.adsymptotic.com/	https://px.ads.linkedin.com	https://px4.ads.linkedin.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://www.facebook.com	; form-action	'self'	; frame-src	'self'	https://*.adobe.com	https://*.assetsadobe.com	https://*.demdex.net	https://*.doubleclick.net	https://*.scene7.com	https://bid.g.doubleclick.net	https://cdn.linkedin.oribi.io	https://cloud.mann-hummel-filtration.com	https://dc.ads.linkedin.com	https://gw.linkedin.oribi.io	https://recaptcha.google.com/recaptcha/	https://sjs.bizographics.com	https://wixfilters.com/MH/Rewardards/Registration	https://wixfilters.com/MH/Rewards/Redemption	https://wixfilters.com/MH/WIXRewards/admin	https://www.facebook.com	https://www.google.com/recaptcha/	https://www.youtube-nocookie.com	; base-uri	'none'	; frame-ancestors	'none'	; object-src	'none'	; worker-src	'self'	blob:	; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://fast.wistia.com https://wistia.com https://fast.wistia.net https://pi.pardot.com https://static.addtoany.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://unpkg.com https://bam-cell.nr-data.net https://hackerone.com https://www2.earlywarning.com  https://ws.zoominfo.com https://earlywarning.wistia.com https://cdn.cookielaw.org https://snap.licdn.com https://www3.earlywarning.com https://js.zi-scripts.com https://img.en25.com https://code.jquery.com/; object-src 'none'; img-src 'self' https://www.google-analytics.com https://px.ads.linkedin.com https://paze.com https://www.paze.com https://px4.ads.linkedin.com https://aorta.clickagy.com https://dpm.demdex.net https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.gstatic.com data: https://trck.www4.paze.com/ https://image.www4.earlywarning.com/; media-src 'self' https://embed-ssl.wistia.com https://earlywarning.wistia.com; frame-src 'self' https://www.google.com https://fast.wistia.com https://earlywarning.wistia.com https://static.addtoany.com https://hackerone.com https://anchor.fm https://www.youtube.com; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.linkedin.oribi.io https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com; report-uri /report-csp-violation 1
object-src *; base-uri 'self'; 1
base-uri 'self' https://d.paydirekt.de; default-src 'self'; script-src 'self' https://d.paydirekt.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://d.paydirekt.de; img-src 'self' https://api.paydirekt.de 'unsafe-inline' data: https://t.paydirekt.de; font-src 'self'; object-src 'self' https://d.paydirekt.de; child-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; manifest-src 'none'; connect-src 'self' https://api.paydirekt.de https://d.paydirekt.de; form-action 'self' https://api.paydirekt.de; plugin-types application/x-shockwave-flash application/pdf; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://botsin.space; img-src 'self' https: data: blob: https://botsin.space; style-src 'self' https://botsin.space 'nonce-9JxLhTbDi/0uJ4uY3Loxtw=='; media-src 'self' https: data: https://botsin.space; frame-src 'self' https:; manifest-src 'self' https://botsin.space; form-action 'self'; child-src 'self' blob: https://botsin.space; worker-src 'self' blob: https://botsin.space; connect-src 'self' data: blob: https://botsin.space https://files.botsin.space wss://botsin.space; script-src 'self' https://botsin.space 'wasm-unsafe-eval' 1
frame-ancestors https://news.sky.com http://news.sky.com https://*.news.sky.com http://*.news.sky.com https://*.skysports.com http://*.skysports.com *.norkon.net *.google.com *.google.co.uk *.ampproject.org; 1
font-src 'self' themes.googleusercontent.com *.gstatic.com; frame-src 'self' https://accounts.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' accounts.google.com apis.google.com *.googleanalytics.com *.google-analytics.com https://*.googletagmanager.com cdn.jsdelivr.net api.observablehq.com d3js.org unpkg.com bundle.run; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; default-src 'self' *.gstatic.com; img-src 'self' data: https: *.google-analytics.com; connect-src 'self' static.observableusercontent.com cdn.jsdelivr.net constituteproject.org gist.githubusercontent.com raw.githubusercontent.com fonts.googleapis.com https://*.google-analytics.com; report-uri /csp 1
default-src 'self' *.asa.org www.google-analytics.com; script-src blob: http: https: 'self' *.acsbapp.com *.osano.com use.typkit.net *.google.com *.gstatic.com www.googletagmanager.com www.google-analytics.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' www.google.com; frame-src 'self' www.google.com; style-src 'unsafe-inline' http: https: 'self' *.typekit.net *.acsbapp.com; font-src 'self' *.typekit.net https://acsbapp.com/; img-src 'self' data: *.acsbapp.com *.osano.com www.google-analytics.com; connect-src 'self' *.osano.com *.acsbapp.com https://acsbapp.com/ www.google-analytics.com 1
default-src 'self' https://static.zdassets.com https://web-cdn.gamban.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://web-cdn.gamban.com https://use.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://apis.google.com https://accounts.google.com/gsi/client https://connect.facebook.net https://static.zdassets.com https://v2.zopim.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://js.stripe.com https://maps.googleapis.com https://songbird.cardinalcommerce.com; style-src 'self' 'unsafe-inline' https://web-cdn.gamban.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' data: https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://web-cdn.gamban.com https://www.facebook.com https://p.typekit.net https://v2assets.zopim.io https://static.zdassets.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://v2.zopim.com https://gamban.zendesk.com https://assets.braintreegateway.com https://checkout.paypal.com https://www.paypalobjects.com; child-src 'self' https://assets.braintreegateway.com https://*.paypal.com; frame-src 'self' https://accounts.google.com https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://www.recaptcha.net/recaptcha/ https://player.vimeo.com/ https://accounts.google.com/gsi https://assets.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://web-cdn.gamban.com https://id.zopim.com https://*.google-analytics.com https://ekr.zdassets.com https://gamban.zendesk.com wss://gamban.zendesk.com wss://*.zopim.com https://api.pwnedpasswords.com https://www.facebook.com https://sentry.gamban.com https://stats.g.doubleclick.net https://accounts.google.com/gsi https://accounts.google.com/gsi/status https://*.analytics.google.com https://*.braintree-api.com https://*.cardinalcommerce.com https://api.stripe.com https://maps.googleapis.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' data: https://web-cdn.gamban.com https://fonts.gstatic.com https://use.typekit.net https://v2.zopim.com; 1
frame-ancestors https://*.plexia.ca:* 1
frame-ancestors 'self' https://vculungscan.com https://www.vculungscan.com; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.fi https://www.myheritage.fi  'nonce-dc93935a8dc979cb8f28546e23cdbd6d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.fi;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self'; frame-src 'self' https://npci.corover.mobi/ https://www.youtube.com https://*.mixpanel.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://apify.com https://*.apify.com https://*.intercom.io https://*.intercom.help https://intercom-sheets.com https://intercom.help wss://*.intercom.io https://*.intercomassets.com https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.intercomcdn.com https://*.zapier.com https://zapier.com https://*.bootstrapcdn.com https://*.apiary.com https://*.apiary.io https://*.fury.io https://travis-ci.org https://*.travis-ci.org https://travis-ci.com https://*.travis-ci.com https://*.cloudfront.net https://*.algolianet.com https://*.algolianet.net https://*.algolia.net https://*.algolia.io https://browser.sentry-cdn.com https://*.sentry.io https://*.sentry-cdn.com https://*.reddit.com/ https://www.redditstatic.com/ads/ https://ghbtns.com/ https://*.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com/ https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics https://*.g.doubleclick.net https://*.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://translate.google.com https://*.googlesyndication.com https://translate.googleapis.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.google.com/pagead/landing https://*.google.cz/pagead/landing https://*.googlesyndication.com/pagead/ https://*.googlesyndication.com/pagead/landing https://*.google.com/ads/ https://*.google.cz/ads/ https://*.g.doubleclick.net/ https://*.doubleclick.net https://*.smartlook.com https://*.smartlook.cloud https://*.dreamdata.cloud https://cdn.firstpromoter.com https://t.firstpromoter.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hscollectedforms.net https://js.hsforms.net https://*.hsforms.com https://*.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://api.hubapi.com/ https://js.hsleadflows.net https://js.hsadspixel.net https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://tracking.g2crowd.com https://*.maze.co https://api-js.mixpanel.com https://www.youtube.com https://noembed.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://ourworldindata.org/grapher/internet-users-by-world-region https://*.fs1.hubspotusercontent-na1.net https://apify.ghost.io; object-src 'self'; img-src 'self' blob: data: https://apify.com https://*.apify.com https://*.google.com https://*.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google.com/pagead/ https://*.google.cz/pagead/ https://*.googlesyndication.com/pagead/ https://*.google.com/ads/ https://*.google.cz/ads/ https://*.g.doubleclick.net/ https://*.zapier.com https://zapier.com https://*.intercom.io https://*.intercom.help https://intercom.help https://intercom-sheets.com https://*.intercomassets.com https://*.intercomcdn.com https://*.fury.io https://travis-ci.com https://*.travis-ci.com https://travis-ci.org https://*.travis-ci.org https://*.cloudfront.net https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://raw.githubusercontent.com/apify/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ https://cdn.jsdelivr.net/gh/lipis/flag-icons/flags/ https://www.redditstatic.com/ads/ https://*.reddit.com/ https://ghbtns.com/ https://*.hsforms.com https://forms.hubspot.com https://track.hubspot.com https://ct.capterra.com https://cookie-cdn.cookiepro.com https://cookiepro.blob.core.windows.net/logos/static/ot_persistent_cookie.png https://privacyportal.cookiepro.com/request/v1/consentreceipts https://*.gravatar.com https://avatars.githubusercontent.com https://*.facebook.com https://*.fbcdn.net https://*.twimg.com https://*.wp.com https://*.fbsbx.com https://ph-files.imgix.net https://miro.medium.com https://i.ytimg.com/vi/053B5L-eotQ/hqdefault.jpg https://*.fs1.hubspotusercontent-na1.net https://*.trustradius.com https://*.crozdesk.com https://assets.capterra.com https://*.g2.com https://images.apifyusercontent.com; worker-src 'self' blob: 1
connect-src 'self' wss://app.bitgo-test.com bitgo.com openpgpkey.bitgo.com *.bitgo-test.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com *.hsforms.com fonts.googleapis.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com *.g.doubleclick.net https://analytics.google.com; font-src 'self'; frame-ancestors 'self'; frame-src *.stripe.com withpersona.com *.googletagmanager.com *.google.com; img-src 'self' data: *.bitgo-test.com *.bitgo.com images.ctfassets.net *.google-analytics.com *.googletagmanager.com *.hubspot.com *.google.co.in *.google.com https://googleads.g.doubleclick.net; object-src 'none'; script-src 'self' 'sha256-o8/B65mp14vE/VisCbscLi6ul0GpbWzTwGGaaAKZ+R4=' 'sha256-RFUWCuJ8HHZfIBqtGaY7HV9yURmuodvcW0LVth+LEcg=' 'sha256-/JheBQo8zngg+5vHRIX/QNvr1ByByfgi9QCQnAbks6c=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-Jr+UYZNi4mC3eaOrVHrSWKrnFJsbd2Z2H6kC8y1KnPc=' 'sha256-gfxaZBtLG6iJhfVf6Dp9ppzDuR7XyfVLGuHv1QCDSbw=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-f4b7rBPvi31A16IdFzFJ0WLjQhPQTVnBawkEVn1oJ8w=' 'sha256-HOOdAB25XoL5GyreygJQ8OZ7hg5xF60xZIgtJS0rt+s=' 'sha256-NMfoNGOY8cJIkH8JBZOZ+/t2PXUfgxzx565/Lsi53pU=' 'wasm-unsafe-eval' *.googletagmanager.com *.stripe.com *.google-analytics.com *.bitgo-test.com *.hs-scripts.com *.gstatic.com *.google.com *.google.co.in *.googleadservices.com *.licdn.com *.cookielaw.org *.hs-analytics.net *.hs-banner.com https://analytics.google.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob; 1
script-src 'nonce-41f47b78b63d6856c5fb24202c141ab0' 'nonce-gvQOmJLydk9ODaMmNcTkjHzF5eYS1wGLwJw52MnEaYs=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI=' 'sha256-yntX1DMo3v8w5zK0Wt5LS96gm1dTl95wU0As+x8+vsU=' blob:; frame-ancestors 'none' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com lacare.wpengine.com *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com translate.google.com *.googleapis.com *.jsdelivr.net *.youtube-nocookie.com; object-src 'self' ; style-src 'self' 'unsafe-inline' *.gstatic.com lacare.wpengine.com use.fontawesome.com *.jsdelivr.net *.googleapis.com cdnjs.cloudflare.com ; img-src 'self' 'unsafe-inline' data: www.google.com *.gstatic.com translate.googleapis.com *.youtube-nocookie.com maps.googleapis.com *.lacare.org; media-src 'self' *.lacare.org; frame-src 'self' *.lacare.org wakanda.prod.acquia-sites.com challenges.cloudflare.com *.navitus.com *.youtube-nocookie.com  external.lacare.org www.auntbertha.com; frame-ancestors 'self' *.lacare.org; child-src 'self' ; font-src 'self' *.gstatic.com use.fontawesome.com lacare.wpengine.com; connect-src 'self' maps.googleapis.com lacare.wpengine.com translate.googleapis.com 1
default-src 'self'; connect-src * blob:; img-src https: data: blob:; media-src https: data:; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.ghostmarket.io; font-src 'self' 'unsafe-inline' *.ghostmarket.io; object-src 'none'; frame-src widget.onramper.com; 1
default-src * 'unsafe-eval' 'unsafe-inline'; connect-src * blob:; font-src * data:; img-src * blob: data:; object-src 'none' 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 1
frame-ancestors 'self' https://www.tatasteel.com/  https://dynamicform.tatasteel.com/ 1
default-src * self data: tel: mailto: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';frame-ancestors 'self' https://qualitylogoproducts.helpcrunch.com/ https://rocket.qualitylogoproducts.com/; 1
frame-src 'self' *.youtube.com *.allinone.io *.soundcloud.com *.infomaniak.com *.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googleapis.com *.mapserver.ch *.seabixmobile.com *.netplus.ch *.iubenda.com *.loisirs.ch *.doubleclick.net *.static-sb.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.allinone.io *.facebook.net *.google-analytics.com *.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googleapis.com *.mapserver.ch *.seabixmobile.com *.netplus.ch snap.licdn.com *.gstatic.com www.gstatic.com sc-static.net *.doubleclick.net *.static-sb.com *.youtube.com; connect-src 'self' *.sentry.io *.iomedia.ch *.allinone.io *.googleapis.com *.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googleapis.com *.mapserver.ch *.seabixmobile.com *.netplus.ch stats.g.doubleclick.net *.g.doubleclick.net *.static-sb.com 1
default-src 'self' https://*.apple.com; img-src 'self' https://*.apple.com https://*.mzstatic.com data: blob:; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com blob: 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-BoFUHKsYhJ9tbsHugtNQCmnkBbZ11pcW6kZguu+T+EU=' 'sha256-A18HC3jLpyEc9B8oyxq/NBFCyFBJFSsRLt0gmT9kft8=' 'unsafe-eval'; connect-src 'self' https://*.apple.com https://*.applemusic.com https://*.mzstatic.com https://mediaservices.cdn-apple.com https://*.push.apple.com wss://*.push.apple.com; media-src 'self' https://*.apple.com https://*.applemusic.com https://*.mzstatic.com blob:; child-src 'self' https://*.apple.com musics: blob: itms: itmss:; frame-ancestors 'none'; block-all-mixed-content 1
child-src 'self' https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://fonts.gstatic.com https://tag.myaspectra.ch https://verify.certifaction.com https://public-gate-test.dev.anapaya.net  https://split-internet.dev.anapaya.net/; font-src 'self' https://fonts.gstatic.com data: ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://gateway.online-ident.ch https://go.online-ident.ch https://gateway.test.online-ident.ch https://go.test.online-ident.ch https://gateway.test.idnow.de https://go.test.idnow.de https://www.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://verify.certifaction.com https://www.eTermin.net https://gateway.test.online-ident.ch https://www.ihre-apotheke.ch; img-src 'self' https://tag.myaspectra.ch https://www.w3.org https://0.gravatar.com https://www.hin.ch https://dir.hintest.ch data: ; object-src 'self'; script-src 'self' https://www.islonline.net https://tag.myaspectra.ch https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.eTermin.net https://resources.dev.anapaya.net/ 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-27D7B6BA177CA06D86031D3837633C7C' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-27D7B6BA177CA06D86031D3837633C7C'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.ondeugend-daten.nl/API/Site/CspReport 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://kalkionline.com;block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.trendyol.com https://www.trendyol-milla.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.cloudflareinsights.com https://cdn.dsmcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.ads-twitter.com https://creativecdn.com https://www.glami.com.tr https://www.googleadservices.com https://static.criteo.net https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://analytics.twitter.com https://tpc.googlesyndication.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://pagead2.googlesyndication.com https://www.gstatic.com https://auth.trendyol.com https://auth.trendyol-milla.com https://payment.trendyol.com https://payment.trendyol-milla.com https://maps.googleapis.com https://console.brightmountainmedia.com https://cdn.cookielaw.org https://img2-digitouch.mncdn.com https://www.googleoptimize.com platform.twitter.com analytics.tiktok.com sslwidget.criteo.com bam.nr-data.net www.google-analytics.com connect.facebook.net ssl.google-analytics.com www.googleadservices.com static.ads-twitter.com mc.yandex.ru googleads.g.doubleclick.net public.trendyol.com public.trendyol-milla.com www.googletagmanager.com s3.amazonaws.com cdnjs.cloudflare.com js-agent.newrelic.com img-trendyol.mncdn.com mc.yandex.com translate.google.com code.jquery.com translate.googleapis.com translate.yandex.net https://google.com https://www.google.com cdn.cookielaw.org static.criteo.net static.cloudflareinsights.com widget.eu.criteo.com www.googleoptimize.com https://gumgum.com https://static.zdassets.com https://media.flixsyndication.net https://static-assets.flix360.io https://media.flixcar.com https://media.flixsyndication.net https://media.flixfacts.com https://prod.flixgvid.flix360.io; report-uri https://public.trendyol.com/discovery-web-websfxsecurity-santral/csp https://public.trendyol-milla.com/discovery-web-websfxsecurity-santral/csp 1
default-src 'self'; script-src www.googletagmanager.com https://www.googletagmanager.com https://ajax.googleapis.com 'unsafe-eval' https://cdn.taboola.com/libtrc/unip/ https://cdn.syndication.twimg.com https://disqus.com https://www.google.com https://cdn.jsdelivr.net https://*.disquscdn.com https://adservice.google.com https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://trc.taboola.com https://*.nr-data.net 'unsafe-inline' https://connect.facebook.net https://platform.twitter.com https://js.stripe.com https://unpkg.com/ https://*.volume.com https://platform.instagram.com https://www.google.com/recaptcha/ https://www.instagram.com https://*.googlesyndication.com https://static.zdassets.com https://www.gstatic.com/cast/ https://kit.fontawesome.com https://volumeapps.disqus.com https://www.googletagservices.com https://www.gstatic.com/cv/ https://www.paypalobjects.com https://cdn.taboola.com/scripts/ https://www.gstatic.com/eureka/ https://www.google-analytics.com https://www.paypal.com https://www.gstatic.com/recaptcha/ 'self' ;  style-src 'self' data: 'unsafe-inline' https://*.volume.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.googletagmanager.com https://*.disquscdn.com https://platform.twitter.com/ https://ton.twimg.com ; img-src www.googletagmanager.com https://www.gstatic.com https://www.googletagmanager.com https://www.paypal.com https://syndication.twitter.com https://referrer.disqus.com https://pbs.twimg.com https://s3.wasabisys.com data: abs.twimg.com https://www.google.com https://app.upstream.exchange https://*.disquscdn.com https://public.volume.com https://pv.volume.com https://cdnjs.cloudflare.com https://ton.twimg.com pagead2.googlesyndication.com https://links.services.disqus.com https://*.nr-data.net https://platform.twitter.com https://*.volume.com https://v2assets.zopim.io https://static.zdassets.com https://*.googlesyndication.com https://volumephotovideo.s3.amazonaws.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com https://www.facebook.com https://t.paypal.com https://cds.taboola.com data: https://www.google-analytics.com https://www.paypalobjects.com 'self' ;  font-src 'self' data: https://*.volume.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.fontawesome.com ; connect-src https://www.googletagmanager.com wss://recommend.volume.com:8443 https://ekr.zdassets.com wss://*.zopim.com https://csi.gstatic.com https://s3.wasabisys.com wss://volume101.zendesk.com https://trc.taboola.com/1374314/ https://public.volume.com https://pv.volume.com https://links.services.disqus.com https://*.nr-data.net wss://*.volume.com wss://*.volume.com:8443 blob https://*.volume.com https://volume101.zendesk.com https://volumevideoupload.s3-accelerate.amazonaws.com https://*.googlesyndication.com sentry.io blob: https://*.fontawesome.com https://volumephotovideo.s3.amazonaws.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com ws://localhost:* https://*.paypal.com https://*.zopim.com data: https://www.google-analytics.com https://www.paypalobjects.com 'self' https://volumephotovideo.s3-accelerate.amazonaws.com ;  media-src 'self' https://*.volume.com mediasource: blob: data: https://public.volume.com https://pv.volume.com https://volumephotovideo.s3.amazonaws.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com https://static.zdassets.com https://s3.wasabisys.com;  object-src 'self' https://*.volume.com https://public.volume.com https://pv.volume.com https://volumephotovideo.s3.amazonaws.com https://volumephotovideo.s3.amazonaws.com https://public.volume.com.s3.amazonaws.com https://volumedvr.s3.amazonaws.com https://volumevideoupload.s3.amazonaws.com ; frame-src https://volume.com https://www.paypal.com https://www.facebook.com/ https://open.spotify.com/ https://bid.g.doubleclick.net https://syndication.twitter.com https://w.soundcloud.com/ https://publish.twitter.com/oembed https://disqus.com https://platform.twitter.com/ https://embed-standalone.spotify.com/ https://www.twitter.com https://js.stripe.com https://*.volume.com https://www.google.com/recaptcha/ https://www.instagram.com https://*.googlesyndication.com https://www.paypalobjects.com 'self' ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.volume.com https://volume.com https://www.paypal.com https://www.coinpayments.net https://wnu.com https://connect.stripe.com https://www.facebook.com/tr/ ;  manifest-src 'self' https://*.volume.com ; 1
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.springfieldnewssun.com https://editions.journal-news.com 1
default-src 'self'; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sumome.com https://*.sumome.com https://app.jazz.co https://interactives.ap.org https://doublethedonation.com https://www.ket.org https://cdnjs.cloudflare.com https://load.sumo.com https://www.googletagservices.com https://*.googleapis.com https://www.youtube.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://cdn.jsdelivr.net https://connect.facebook.net https://pi.pardot.com https://*.crazyegg.com https://securepubads.g.doubleclick.net https://to.ket.org https://vjs.zencdn.net https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com; 		style-src 'self' 'unsafe-inline' https://doublethedonation.com https://www.ket.org https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://vjs.zencdn.net; 		connect-src 'self' https://sumome.com https://*.sumome.com https://video.ketcloud.ket.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://doublethedonation.com https://adservice.google.com https://mobileapps.ket.org https://www.facebook.com https://*.streamlock.net https://csi.gstatic.com https://*.pbskids.org https://*.pbs.org https://yoast.com https://*.sumo.com https://sumo.com https://maps.googleapis.com https://*.googlesyndication.com https://*.crazyegg.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com; 		font-src 'self' https://doublethedonation.com https://www.ket.org https://fonts.gstatic.com https://www-tc.pbs.org data:; 		frame-src 'self' https://e.issuu.com https://*.doubleclick.net https://video.ket.org https://interactives.ap.org https://player.pbs.org/ https://www.google.ca https://c.streamhoster.com https://www.facebook.com https://widget.spreaker.com https://pbskids.org https://www.youtube.com https://www.google.com https://*.googlesyndication.com; 		img-src 'self' https://sumome.com https://*.sumome.com https://app.jazz.co https://doublethedonation.com https://*.sumo.com https://sumo.com https://video.ketcloud.ket.org https://googleads.g.doubleclick.net https://static.ket.org https://code.jquery.com https://securepubads.g.doubleclick.net https://*.ket.org https://maps.gstatic.com/ https://maps.googleapis.com https://prime-staging.s3.amazonaws.com https://image.pbs.org https://www.googletagmanager.com https://*.googlesyndication.com https://s.w.org https://www.facebook.com https://secure.gravatar.com https://googleads.g.doubleclick.net https://portal.ketcloud.ket.org https://www.google-analytics.com https://www.google.com data:; 		worker-src 'self' https://*.ket.org blob:; 		object-src 'none'; 		media-src 'self' blob: https://video.ketcloud.ket.org https://*.streamlock.net https://*.pbs.org https://www/ket.org https://preview-two.ket.org https://ket-hosted-video.s3.amazonaws.com; 		report-uri https://r731eof29b.execute-api.us-east-1.amazonaws.com/csp; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://token.paygent.co.jp https://use.typekit.net https://www.googletagmanager.com https://*.sentry.io https://player.live-video.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com; img-src * data:; media-src 'self' blob: https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech https://pococha.cdn-dena.com https://use.typekit.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; child-src blob: https://www.youtube.com; connect-src 'self' blob: https://api.pococha.com/ https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech wss://*.pococha.com:443 https://www.google-analytics.com https://stats.g.doubleclick.net https://token.paygent.co.jp https://use.typekit.net https://p.typekit.net https://primer.typekit.net https://pokota-questionnaire-answer-files-production.s3.ap-northeast-1.amazonaws.com https://*.sentry.io https://globalsiteanalytics.com/resource/resource.png https://globalsiteanalytics.com/service/hdim 1
default-src 'none'; script-src 'self' https://d335luupugsy2.cloudfront.net https://cdn.cookielaw.org https://geolocation.onetrust.com 'sha256-VShD8/I390qk90fOrqs1YXqoGodV7CPBqqvoZGs5lkY=' 'sha256-2+e6CcBgf6A3qNesAJ3MiQ4zV0PT9rnNWUwQnhNbJhk='; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://www.bionexo.com https://bionexo.com; 1
default-src 'self' blob: https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: http://*.limbo.techland.pl/ https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/; frame-src 'self' http://*.limbo.techland.pl/ https://*.limbo.techland.pl/ https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com wss://testy.limbo.techland.pl:9509 https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com https://region1.analytics.google.com; style-src-elem 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; script-src-elem 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 1
script-src 'self' 'unsafe-inline' data: https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://js.hsleadflows.net https://*.hubapi.com https://www.youtube.com https://*.ctfassets.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analyt https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.google.com https://www.googleanalytics.com https://pagead2.googlesyndication.com https://www.clarity.ms https://*.clarity.ms https://*.hotjar.com wss://ws3.hotjar.com https://connect.facebook.net https://*.algolianet.com https://*.algolia.net https://static.ads-twitter.com https://www.workable.com/assets/embed.js https://apply.workable.com;connect-src 'self' https://locatestore.com/ https://*.hubspot.com https://*.hsforms.com https://forms.hscollectedforms.net https://*.hubapi.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.ctfassets.net https://cdn.contentful.com https://preview.contentful.com https://dev.cloud.pix4d.com https://cloud.pix4d.com https://*.clarity.ms https://www.google-analytics.com www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://adservice.google.com https://stats.g.doubleclick.net https://analytics.google.com https://region1.analytics.google.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.algolianet.com https://*.algolia.net https://hubspot-forms-static-embed.s3.amazonaws.com https://region1.google-analytics.com https://*.googlesyndication.com https://www.workable.com;frame-ancestors 'self' https://*.hubspot.com https://*.hsforms.com https://*.hubapi.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hs-scripts.com;style-src 'self' data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com https://*.hotjar.com;font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com;img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://*.hsforms.com https://*.hubspot.com https://*.hotjar.com;frame-src https://*.arcgis.com/ https://arcg.is/ https://player.vimeo.com/ https://locatestore.com/ https://*.google.com/ https://*.tryinteract.com/ https://optimize.google.com https://*.pix4d.com/ https://sketchfab.com/ https://bid.g.doubleclick.net https://*.hotjar.com https://*.ctfassets.net https://*.hubspot.com https://*.hsforms.com https://www.youtube.com https://www.facebook.com https://cdn.knightlab.com;manifest-src 'self' data:;upgrade-insecure-requests ;block-all-mixed-content ; 1
default-src 'self' https: https://*.wistia.com https://*.wistia.net;     font-src https: data: https://*.wistia.com https://fonts.gstatic.com;     img-src 'self' https: data: https://*.wistia.com https://*.wistia.net https://v2assets.zopim.io https://static.zdassets.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://d1g11qfvmedxbq.cloudfront.net/;     script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mutinycdn.com https://edge.fullstory.com https://api.smooch.io https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://tulip.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://tulip.zendesk.com wss://*.zopim.com https://*.clickagy.com https://rs.fullstory.com https://cmp.osano.com/AzqSAJTDxQJql3XbN/00699468-d337-41ec-8920-ef4cc4d977e9/osano.js https://*.6sc.co https://*.lr-in.com https://*.google.com https://google.com https://*.stripe.com https://*.greenhouse.io https://s3-recruiting.cdn.greenhouse.io https://*.segment.com tulip.co *.tulip.co https://*.googletagmanager.com tulip.ups.dock https://cdn.bizible.com https://snap.licdn.com https://bat.bing.com https://www.googleadservices.com https://script.crazyegg.com https://www.google-analytics.com https://*.marketo.com https://*.marketo.net https://*.facebook.net https://*.omappapi.com https://*.doubleclick.net https://*.clarity.ms https://*.clearbitjs.com https://*.zoominfo.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.tulip.co tulip.ups.dock https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://calendar.google.com player.fireside.fm tag.clearbitscripts.com https://js.zi-scripts.com https://tulipinterfaces.orariel.com https://scout-cdn.salesloft.com https://packages.prmcdn.io https://prod.impartner.live https://*.qualified.com https://*.weglot.com;     connect-src 'self' https://cdn.linkedin.oribi.io *.mutinycdn.com https://*.clickagy.com https://api-v2.mutinyhq.io/ https://consent.api.osano.com https://tattle.api.osano.com/ https://edge.fullstory.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://tulip.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://tulip.zendesk.com wss://*.zopim.com https://api.smooch.io https://rs.fullstory.com *.tulip.co tulip.ups.dock api.craftcms.com https://api.library.tulipintra.net/ https://*.zoominfo.com https://*.crazyegg.com https://*.mktoresp.com https://*.google-analytics.com https://*.adnxs.com https://*.6sc.co https://*.bing.com https://*.omappapi.com https://*.clarity.ms https://*.algolia.net https://*.doubleclick.net https://*.segment.com https://*.segment.io https://tulip.co *.dmgmori-tulip.com https://*.greenhouse.io https://*.bulb.cloud https://*.tulip.co.jp https://*.dmgmori-tulip.cn https://*.tulipco.cn https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://calendar.google.com player.fireside.fm tag.clearbitscripts.com app.clearbit.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://tulipinterfaces.orariel.com https://d1g11qfvmedxbq.cloudfront.net/ https://scout.salesloft.com https://tulip-partner-portal.com https://*.qualified.com wss://*.qualified.com https://px.ads.linkedin.com/* https://*.weglot.com https://cdn-api-weglot.com;     style-src 'self' 'unsafe-inline' 'unsafe-hashes' https: blob: https://fast.wistia.com https://optimize.google.com https://fonts.googleapis.com https://*.qualified.com;     worker-src 'self' blob:;     child-src 'self' https://*.qualified.com;     frame-src 'self' https://tulipinterfaces.wistia.com https://fast.wistia.com https://fast.wistia.net https://boards.greenhouse.io https://*.stripe.com/ https://*.facebook.com https://*.tulip.co https://tulip.co https://optimize.google.com https://*.youtube.com https://youtube.com https://*.tulipecointra.net https://my.matterport.com https://calendar.google.com player.fireside.fm https://*.doubleclick.net https://*.clickagy.com https://tulipinterfaces.orariel.com https://*.qualified.com https://*.weglot.com;     media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://static.zdassets.com https://embedwistia-a.akamaihd.net player.fireside.fm https://d1g11qfvmedxbq.cloudfront.net/ https://*.qualified.com 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.se https://analytics.prod.nntech.io https://analytics.nordnet.se https://cdn.prod.nntech.io https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google-analytics.com https://adservice.google.com https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.se; img-src 'self' https://analytics.prod.nntech.io https://analytics.nordnet.se https://cdn.prod.nntech.io data: blob: https://www.google-analytics.com https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://www.googletagmanager.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blogg.nordnet.se; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-b61b29b1-6e4a-4c19-be75-b582d90855c3' https://analytics.prod.nntech.io https://analytics.nordnet.se https://cdn.prod.nntech.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com https://app.sigmastocks.com; 1
default-src 'self' *.cdninstagram.com *.sibforms.com *.kundo.se ws: wss: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/player.js *.jquery.com *.google-analytics.com https://sibforms.com/forms/end-form/build/main.js  *.sendinblue.com *.googletagmanager.com  https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ http://connect.facebook.net/en_US/sdk.js *.zinzino.com/shop/cart/GetSharedCart https://cdn.prod.zinzino.com/cms/ *.kundo.se https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.ne.cision.com *.sproutvideo.com *.trustpilot.com; style-src 'self' 'unsafe-inline' *.sproutvideo.com https://static-chat.kundo.se/static/ https://chat.kundo.se *.jquery.com https://sibforms.com/forms/end-form/build/sib-styles.css https://cdn.prod.zinzino.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.prod.zinzino.com *.sibforms.com data:; connect-src 'self' https://chat.kundo.se/ https://sentry.kundo.se/api/ wss://ws-eu.pusher.com/app/ https://*.pusher.com/ https://kundo.se/attachment/upload/ https://static.kundo.se/static/ *.google-analytics.com *.onetrust.com *.sibforms.com *.sendinblue.com https://cdn.cookielaw.org/scripttemplates/ https://geolocation.onetrust.com/cookieconsentpub/ https://cdn.cookielaw.org/consent/ *.kundo.se https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net *.ne.cision.com; img-src 'self' data: http: https: https://kundo.se https://static.kundo.se https://chat.kundo.se; child-src 'self' https://player.vimeo.com/ https://vimeo.com/ https://www.vimeo.com/ https://app.sli.do/ https://zinzinowebcdn.azureedge.net/ *.clevercast.com https://vimeo.com/live-chat/783628332 *.cdninstagram.com *.kundo.se https://www.youtube.com https://api.screen9.com/ https://videos.sproutvideo.com *.sproutvideo.com *.trustpilot.com https://widgets.sociablekit.com *.sibforms.com; 1
default-src 'self' 'unsafe-inline' https://*.fstrk.io https://googleads.g.doubleclick.net/ https://perfluence.net https://*.perfluence.net https://static.perfluence.net https://www.google-analytics.com https://mc.yandex.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://analytics.tiktok.com https://dashperfluencenet.webim.ru data: https:; connect-src 'self' https://*.facebook.com https://*.yandex.com/ wss://*.fstrk.io https://*.fstrk.io https://top-fwz1.mail.ru/ https://mc.yandex.com/ https://analytics.google.com/ https://dash.perfluence.net https://*.prfl.tech/ https://stats.g.doubleclick.net/ https://*.tiktok.com/ https://*.tolstoycomments.com/ https://*.tolstoycomments.com/ https://*.yandex.ru/ https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.fstrk.io; frame-src 'self' https://*.fstrk.io https://www.google.com/ https://www.facebook.com https://*.facebook.com https://yandex.ru https://*.yandex.ru/ https://*.tolstoycomments.com/ https://*.tolstoycomments.com/ https://youtube.com/ https://*.youtube.com/; img-src 'self' data: https://*.yandex.com/ https://designer.ftrcdn.com/ https://*.fstrk.io http://*.perfluence.net/ https://*.perfluence.net/ https://perfluence.net/ https://*.userapi.com/ https://avatars.dzeninfra.ru/ https://yt3.googleusercontent.com/ https://mc.yandex.com/ https://top-fwz1.mail.ru/ https://www.google.ru/ https://login.vk.com/ https://www.google.com https://www.google.ru https://www.google-analytics.com/ https://www.facebook.com https://*.facebook.com https://vk.com https://*.yandex.ru/ https://*.gravatar.com/ https://*.yandex.ru/ https://i.ytimg.com/ https://youtube.com/ https://*.youtube.com/; manifest-src 'self' https://*.fstrk.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.yandex.com/ https://yastatic.net/ https://*.fstrk.io https://dashboard.fstrk.io/ https://mc.yandex.com/ https://top-fwz1.mail.ru/ https://www.googletagmanager.com/ https://dash.perfluence.net https://www.gstatic.com/ https://www.google.com/ https://googletagmanager.com https://www.google-analytics.com/ https://*.tiktok.com/ https://vk.com/ https://*.vk.com/ https://*.facebook.net/ https://*.tolstoycomments.com/ https://*.yandex.ru/ https://*.gravatar.com/  https://*.tolstoycomments.com/ https://yastatic.net/share2/share.js https://youtube.com/ https://*.youtube.com/ ; style-src 'self' 'unsafe-inline' https://*.fstrk.io https://fonts.googleapis.com/ https://dash.perfluence.net ; media-src 'self' data: https://youtube.com/ https://*.youtube.com/ https://*.fstrk.io; form-action 'self' https://www.facebook.com/ https://*.fstrk.io; block-all-mixed-content 1
upgrade-insecure-requests;    default-src 'self';    form-action         'self'         https://www.mollie.com;    base-uri 'self';    img-src         'self'         allcaps-production.s3.eu-west-3.amazonaws.com         allcaps-staging.s3.eu-west-3.amazonaws.com         *.gstatic.com         *.googleapis.com         *.google-analytics.com         cdn.mollie.com         data:;    object-src        'none' ;    script-src        https:         'unsafe-inline'         'unsafe-eval'         googletagmanager.com;    script-src-elem         *         https:         'self'         'unsafe-inline';    style-src         https:         'unsafe-inline';    font-src        https:        data:;    worker-src 'self';    frame-ancestors 'self';    child-src 'self';    manifest-src 'self';    frame-src        'self'        *.google.com        *.youtube-nocookie.com;    connect-src         'self'         *.googleapis.com         *.google-analytics.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-d-UOiGAHijSeBerHGgXoLg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.google.gr *.wikimedia.org *.discogs.com *.youtube.com youtube.com *.ytimg.com *.gstatic.com *.googleapis.com; 1
frame-ancestors ptisp.pt my.ptisp.pt oppwa.com; 1
frame-ancestors 'self' https://*.notifica.re 1
upgrade-insecure-requests; connect-src 'self' players.brightcove.net *.brightcove.com www.google-analytics.com *.parsely.com *.boltdns.net *.akamaihd.net *.nr-data.net maps.googleapis.com *.wordpress.com; object-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.parsely.com *.wp.com *.brightcove.net *.jefferies.com *.brightcove.com fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com static.cloudflareinsights.com secure.gravatar.com *.youtube.com static.doubleclick.net *.google.com maps.googleapis.com *.newrelic.com *.zencdn.net yoast.com *.wordpress.com; style-src 'self' 'unsafe-inline' *.parsely.com *.wp.com players.brightcove.net fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com static.cloudflareinsights.com secure.gravatar.com *.youtube.com static.doubleclick.net *.google.com maps.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.wp.com; frame-src 'self' *.youtube.com *.wp.com; base-uri 'self' 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://consent.cookiebot.com https://*.googletagmanager.com https://code.iconify.design https://acsbapp.com https://ws.zoominfo.com https://www.virtualspirits.com https://www.google.com https://www.youtube.com https://*.hsforms.net https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://*.taboola.com https://www.virtualspirits.com https://connect.facebook.net https://pi.pardot.com https://*.seraphicsecurity.com https://googleads.g.doubleclick.net https://script.hotjar.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.seraphicsecurity.com https://cdn.jsdelivr.net https://www.virtualspirits.com; frame-src *; media-src * blob: data:; img-src * blob: data:; object-src 'self' 'unsafe-inline'; connect-src *; report-uri https://seraphicsecurity.com/wp-content/plugins/airfleet-security/report-handler.php; report-to csp-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.analytics.google.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_live 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.activeboard.com *.adbutler.com *.bootstrapcdn.com *.cloudfront.net *.crisp.chat *.doubleclick.net *.fullstory.com *.g2crowd.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.jsdelivr.net *.webflow.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.crisp.chat *.fullstory.com *.jsdelivr.net *.webflow.com; img-src 'self' data: *.adbutler.com *.amazonaws.com *.cloudfront.net *.crisp.chat getfoureyes.com *.google.com *.google.ca *.googletagmanager.com *.paypal.com *.paypalobjects.com *.sparkimg.com *.webflow.com; connect-src 'self' wss: *.crisp.chat; font-src 'self' data: *.crisp.chat *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.google.com; frame-ancestors 'self' *.doubleclick.net 1
frame-ancestors 'self' https://jionews.com/ https://jionewsdev1.jio.ril.com/; 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com 1
report-uri https://o253235.ingest.sentry.io/api/1442505/security/?sentry_key=a8a5c0ed655546dd9bcaa725b68b48a3&sentry_environment=production;upgrade-insecure-requests;object-src 'none';script-src 'nonce-dnrDUGwSeTe12COve1EWgGKFtNXrJWB3SyD8vClz' 'self' 'unsafe-inline' 'strict-dynamic' https:;base-uri 'none' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercom.io https://app.brand24.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://mc.yandex.ru https://sumo.com https://clients6.google.com https://app.userengage.com wss://app.userengage.com http://cdn.heapanalytics.com http://heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://proxy.synerise.com https://tck.synerise.com wss://messenger.synerise.com https://api.ipgeolocation.io https://cdn.cookielaw.org https://grsm.io https://www.google-analytics.com https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://stats.g.doubleclick.net https://*.clarity.ms https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://partnerlinks.io https://cdn.jsdelivr.net https://*.analytics.google.com https://analytics.google.com; img-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src *; font-src * 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cookielaw.org *.googletagmanager.com *.onetrust.com *.youtube.com web-chat.nativechat.com https://dec.azureedge.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.onetrust.com *.google.com *.google.ie cdn.cookielaw.org *.googletagmanager.com web-chat.nativechat.com https://cdn.insight.sitefinity.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.youtube.com https://www.euro-area-statistics.org *.onetrust.com www.google.com centralbankofireland.qualtrics.com registration.socio.events web-chat.nativechat.com forms.hsforms.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.doubleclick.net *.analytics.google.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.onetrust.com www.google.com https://www.euro-area-statistics.org centralbankofireland.qualtrics.com web-chat.nativechat.com 1
default-src 'self'; script-src 'self' 'sha256-hJBjfe+Z4EmpT34k36kVvmnQhnWX0eP0khLaZLW0nlE=' www.eclipse.org www.googletagmanager.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' www.eclipse.org; base-uri 'self';form-action 'self'; frame-src 'self' 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com wss://*.hotjar.com secure-ds.serving-sys.com *.redditstatic.com  *.botrecruiter.com  secure.adnxs.com *.whatfix.com  *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com   *.audioboom.com  secure-ds.serving-sys.com  secure.adnxs.com  *.acsbapp.com  acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com  *.d3fw5vlhllyvee.cloudfront.net *.criteo.com  vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com www.google.com www.gstatic.com www.youtube-nocookie.comv www.youtube.com/iframe_api www.youtube.com/s/player/ *.wabsys.ch geo.fr.ch portal.geo.fr.ch https://matomo.fr.ch *.facil-iti.app *.facil-iti.com js-agent.newrelic.com bam.nr-data.net kit.fontawesome.com cse.google.com clients1.google.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/toastr.min.js  https://webform.statslive.info https://newsletter.infomaniak.com https://cdn.datatables.net https://visualize.admin.ch/ https://*.cpef.ch; object-src 'none'; img-src 'self' data: *.fr.ch *.unifr.ch www.google.ch www.google.com https://matomo.fr.ch https://*.basemaps.cartocdn.com https://*.ytimg.com fonts.gstatic.com clients1.google.com *.gstatic.com www.googleapis.com https://bafu.meteotest.ch https://visualize.admin.ch/; media-src 'self'; frame-src 'self' geo.fr.ch portal.geo.fr.ch www.google.com www.youtube-nocookie.com *.vimeo.com *.vemcount.com https://stream.fri-tic.ch indd.adobe.com https://fr.qualite-air.ch *.facil-iti.app *.facil-iti.com datawrapper.dwcdn.net cse.google.com https://sketchfab.com/models/ https://www.datalakes-eawag.ch/datadetail/ https://airdata.fr.ch/web_extractor/ https://export.highcharts.com/ https://visualize.admin.ch/ https://*.cpef.ch; frame-ancestors 'self' https://*.fr.ch https://www.parlinfo.fr.ch https://visualize.admin.ch/ https://*.cpef.ch; child-src 'self' www.google.com www.youtube-nocookie.com *.vimeo.com *.vemcount.com https://stream.fri-tic.ch indd.adobe.com https://fr.qualite-air.ch https://ws.facil-iti.com datawrapper.dwcdn.net https://sketchfab.com/models/ https://www.datalakes-eawag.ch/datadetail/ https://visualize.admin.ch/ https://*.cpef.ch; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.facil-iti.app *.facil-iti.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1
base-uri https://*.mercolamarket.com; child-src https:; object-src 'none'; default-src 'none'; form-action 'self'; connect-src 'self' https://*.adobe.com https://*.ipify.org https://*.demdex.net https://*.amazon.com https://*.amazonaws.com https://*.googleapis.com https://*.reflektion.com https://*.fontawesome.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk https://mercolaconsultingser.tt.omtrdc.net; font-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com https://media.mercola.com https://media.mercolamarket.com; frame-ancestors 'self' https://*.mercola.com https://*.mercolamarket.com; img-src 'self' data: https://*.jquery.com https://*.ywxi.net https://*.ytimg.com https://*.demdex.net https://*.google.com https://*.truste.com https://*.gstatic.com https://*.mercola.com https://*.youtube.com https://*.googleapis.com https://*.everesttech.net https://*.mercolamarket.com https://mercolamarket.com https://*.postcodeanywhere.co.uk https://*.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ywxi.net https://*.adobe.com https://*.ipify.org https://*.google.com https://*.gstatic.com https://*.mercola.com https://*.youtube.com https://*.adobedtm.com https://*.facebook.net https://*.jsdelivr.net https://*.cloudflare.com https://*.googleapis.com https://*.iconfinder.com https://*.reflektion.com https://*.fontawesome.com https://*.trustedsite.com https://*.bootstrapcdn.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk https://*.visualwebsiteoptimizer.com https://static-na.payments-amazon.com https://*.jquery.com; style-src 'self' 'unsafe-inline' https://*.jquery.com https://*.mercola.com https://*.googleapis.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk; 1
frame-src 'self' www.youtube.com widget.stapico.ru widget.instagramm.ru api-maps.yandex.ru docs.google.com/ 1
connect-src https://*.motostorm.it https://*.motostorm.es wss://localhost:22443/ *.bugsnag.com https://*.googleapis.com https://*.google.com https://*.g.doubleclick.net https://www.paypal.com https://*.facebook.com wss://*.tawk.to https://*.tawk.to  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.salecycle.com wss://*.salecycle.com *.sentry.io;font-src data: https://*.motostorm.it *.motostorm.es https://*.tawk.to/ https://fonts.gstatic.com https://fonts.googleapis.com https://static-v.tawk.to;frame-src https://*.motostorm.it https://*.google.com https://www.googletagmanager.com https://*.paypal.com https://*.cloudfront.net https://*.salecycle.com https://*.facebook.com https://*.criteo.com https://va.tawk.to https://cl.avis-verifies.com https://www.youtube-nocookie.com https://*.googlesyndication.com;img-src data: www.google-analytics.com https://*.motostorm.it https://*.firefox.etp https://*.motostorm.es https://*.tawk.to https://*.gstatic.com https://*.google.com https://www.google.be https://*.google.nl https://www.google.it https://*.paypal.com https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.g.doubleclick.net;media-src https://*.motostorm.it https://*.tawk.to;script-src 'self' 'nonce-Wt1tGTI7jvdHtCbJybGAFNF5horHAq0W1bK063mw72nZxzIOS47r6k7X' https://*.googletagmanager.com/* https://tagmanager.google.com/ https://*.scalapay.com https://cdn.jsdelivr.net https://*.salecycle.com https://*.cloudflare.com https://*.motostorm.it https://*.motostorm.es https://*.google-analytics.com https://*.criteo.com https://www.paypalobjects.com https://www.paypal.com https://*.google.com/* ajax.cloudflare.com https://*.facebook.net https://*.facebook.com https://*.sentry-cdn.com https://github.com/nodeca/* https://*.tawk.to blob: ;object-src 'none' ;style-src 'unsafe-inline' https://*.motostorm.it https://*.motostorm.es https://*.tawk.to/ https://fonts.googleapis.com https://*.google.com https://cdn.jsdelivr.net/emojione/ https://static.criteo.net;default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com;base-uri https://www.motostorm.it/; 1
default-src 'self' 'unsafe-inline'  http://*.jmstatic.com https://*.jmstatic.com http://*.jumei.com https://*.jumei.com http://*.qq.com http://*.qcloud.com ;  child-src 'self' 'unsafe-inline' jumeimall: jmweb:  http://*.qcloud.com http://*.youku.com http://*.jumei.com;  script-src http://*.jmstatic.com https://*.jmstatic.com http://*.gtags.net http://*.zampda.net http://*.ipinyou.com http://*.p0y.cn http://s.emarbox.com https://*.qq.com http://*.qq.com http://qzonestyle.gtimg.cn https://qzonestyle.gtimg.cn http://www.google-analytics.com http://*.qcloud.com https://*.qcloud.com http://*.baidu.com https://*.baidu.com http://*.jumei.com https://*.jumei.com http://ssl.google-analytics.com 'unsafe-inline' 'unsafe-eval';  media-src http://*.jumei.com https://*.jumei.com http://*.myqcloud.com https://*.myqcloud.com http://*.qcloud.com https://*.qcloud.com http://playvideo.qcloud.com https://playvideo.qcloud.com http://*.jmstatic.com https://*.jmstatic.com;  img-src 'self' data: http://*.jmstatic.com https://*.jmstatic.com http://*.gtags.net http://*.jumei.com https://*.jumei.com http://*.jumei.com:8080 http://img0.imgtn.bdimg.com http://*.qq.com http://p.qpic.cn https://*.qq.com http://*.qcloud.com https://*.qcloud.com http://*.myqcloud.com https://*.myqcloud.com http://sd.jumei.com:8106 https://sd.jumei.com:8106 http://www.google-analytics.com http://*.baidu.com http://ssl.google-analytics.com http://*.sinaimg.cn https://*.sinaimg.cn http://*.qlogo.cn https://*.qlogo.cn;  frame-src http://s.h5.jumei.com jumeimall: jmweb: https://api.map.baidu.com http://*.p0y.cn http://*.gtags.net http://*.emarbox.com http://*.myqcloud.com https://*.myqcloud.com http://*.qcloud.com https://*.qcloud.com sinaweibo: weixinping: weixin: 1
default-src 'self' data: https: blob: ;       frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw https://www.youtube.com/ https://accounts.google.com https://docs.google.com https://www.google.com;       frame-ancestors 'self' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw ;       connect-src 'self' data: wss: https://0.peerjs.com https://elsanow.io https://*.elsanow.io https://*.gradingly.com https://gradingly.com https://www.imatheq.com/ https://region1.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://api.geogebra.org/ https://www.geogebra.org/ https://media.video.cloud.edu.tw https://translate-service.scratch.mit.edu https://synthesis-service.scratch.mit.edu https://heroj7.tn.edu.tw/ https://directline.botframework.com/ https://pt.ntcu.edu.tw:5000/;       script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://vjs.zencdn.net/ https://api.geogebra.org/ https://stackpath.bootstrapcdn.com https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com https://www.google-analytics.com https://unpkg.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://ajax.googleapis.com;       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: http://www.imatheq.com/ https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdn.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com/ https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com/ https://unpkg.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.datatables.net/ https://api.geogebra.org/ https://ajax.googleapis.com/ https://www.youtube.com/ https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://polyfill.io/v3/polyfill.min.js;       style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.imatheq.com/ https://www.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net/;       font-src 'self' data: https: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com;       img-src 'self' data: https: blob: https://region1.google-analytics.com https://region1.analytics.google.com;       object-src 'self' data: https: blob: ;       media-src 'self' data: https: blob: https://adl.edu.tw/ http://adl.edu.tw/;       report-uri ADLAPI/v1/csp_violation; 1
frame-ancestors deruca.jp my.deruca.jp in.deruca.jp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://s.pinimg.com https://connect.facebook.net https://analytics.tiktok.com https://cdn.cookielaw.org https://platform.twitter.com https://bat.bing.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://static.hotjar.com https://www.redditstatic.com https://script.hotjar.com https://siteimproveanalytics.com https://static.ads-twitter.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://www.gstatic.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.muchloved.com https://ajax.googleapis.com https://ads.nextdoor.com  https://cdn.jsdelivr.net https://cdn.preferencecentre.co.uk https://cdnjs.cloudflare.com https://customer.cludo.com https://donate.parkinsons.org.uk https://embed.typeform.com https://maps.googleapis.com https://polyfill.io https://secure.callhandling.co.uk https://unpkg.com www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://www.muchloved.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://customer.cludo.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
mepmawebsite.s3.ap-south-1.amazonaws.com; 1
"default-src 'self' 'unsafe-inline'" 1
frame-ancestors 'self' 'https://*.karnataka.gov.in' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-FCF7B448AD7354709AFC3041D6B85426' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-FCF7B448AD7354709AFC3041D6B85426'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.regioswingers.nl/API/Site/CspReport 1
default-src blob: https: http: wss: accopshysecureclient: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none';base-uri 'self';connect-src 'self' blob: *.openstreetmap.org;form-action 'self' jakdojade.pl *.google.com;img-src 'self' data: blob: *.ytimg.com *.openstreetmap.org wiadsz.blob.core.windows.net;font-src 'self' data: *.gstatic.com;frame-src *.youtube-nocookie.com *.youtube.com *.google.com https://challenges.cloudflare.com;media-src 'self';object-src 'none';script-src https: 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-rKvMoCY8xTGnnXLwvUlVXtqXtc4TZ3Ac';style-src 'self' 'unsafe-inline' *.googleapis.com;manifest-src 'self';worker-src 'self';frame-ancestors 'none' 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' assets.calendly.com 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hs-scripts.com https://cs.iubenda.com/cookie-solution/confs/js/816082.js https://www.g2.com https://js.zi-scripts.com/zi-tag.js https://m.youtube.com https://www.gstatic.com https://*.marketo.com https://*.wistia.com https://*.wistia.net https://cdn.bizible.com https://ct.capterra.com https://connect.facebook.net https://cdn.iubenda.com https://content.linkedin.com https://fast.wistia.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://munchkin.marketo.net https://pages.jahia.com https://platform.linkedin.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://src.litix.io https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://tagmanager.google.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com https://www.iubenda.com https://ws.zoominfo.com https://www.youtube.com *.doubleclick.net https://www.google.com/pagead/  https://www.google.at/pagead/ https://trust.bitsighttech.com https://www.googleadservices.com;style-src 'self' assets.calendly.com 'report-sample' 'unsafe-inline' blob: *.marketo.net *.marketo.com *.licdn.com fonts.googleapis.com fast.wistia.com pages.jahia.com tagmanager.google.com www.googletagmanager.com;object-src https://embed-ssl.wistia.com embedwistia-a.akamaihd.net;child-src 'self' blob: *.facebook.com connect.facebook.net fast.wistia.net player.vimeo.com www.googletagmanager.com www.youtube.com *.doubleclick.net;base-uri 'self';form-action 'self' *.facebook.com connect.facebook.net;worker-src 'self' blob:;frame-src 'self' *.youtube.com www.g2.com calendly.com vars.hotjar.com www.facebook.com pages.jahia.com fast.wistia.net www.google.com *.doubleclick.net; 1
frame-ancestors https://pro.komin.io/; 1
default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ https://s3.eu-west-2.amazonaws.com/loom-content/ https://s3-eu-west-2.amazonaws.com/loom-content/ https://www.googletagmanager.com/ 'unsafe-inline' https://ssl.gstatic.com/ https://*.google-analytics.com https://*.analytics.google.com   www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ https://s3.eu-west-2.amazonaws.com/loom-content/ https://s3-eu-west-2.amazonaws.com/loom-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/   https://cdn.polyfill.io/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://s3.eu-west-1.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com   www.google-analytics.com https://*.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ https://s3.eu-west-2.amazonaws.com/loom-content/ https://s3-eu-west-2.amazonaws.com/loom-content/; worker-src https://*.ncsc.gov.uk/static-assets/dist/ncsc/service-worker.js https://*.ncscdev.co.uk/static-assets/dist/ncsc/service-worker.js https://*.gchq.gov.uk/static-assets/dist/ncsc/service-worker.js; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self' 1
connect-src *; default-src 'self'; font-src 'self' data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' *.williamsf1.com *.stage-williamsf1.com analytics-sm.com *.adobedtm.com *.privacymanager.io *.ampproject.org *.auth0.com *.cookielaw.org *.tvsquared.com *.facebook.net *.doubleclick.net *.adsrvr.org *.doubleclick.net *.cardinalcommerce.com *.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googletagservices.com *.ada.support *.twitter.com vercel.live *.cloudflare.com *.instagram.com *.redditstatic.com *.gstatic.com *.chargebee.com; style-src * 'unsafe-inline'; worker-src blob:; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.ketteringhealth.org https://js.dev.shift4.com/shift4.js https://widget.thegivingblock.com/widget/script.js https://yoast.com https://widget.altrulabs.com/ *.pcdn.co https://*.blackbaudcdn.net https://yoast.com https://qvdt3feo.com/events.js https://cdn.callrail.com https://*.authorize.net https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com *.ketthealth.com *.ketteringhealth.org https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.google.com https://cdnjs.cloudflare.com https://player.vimeo.com https://cdn.chatbot.com https://static.formstack.com https://stats.wp.com https://maps.googleapis.com https://transparency.nrchealth.com https://www.googletagmanager.com https://s0.wp.com https://cdn.siteimprove.net https://cdn.parsely.com https://www.google-analytics.com/ https://js-agent.newrelic.com https://cdn.jsdelivr.net https://bam.nr-data.net https://ketteringhealth.formstack.com https://*.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://tags.srv.stackadapt.com https://cdn.datatables.net;  connect-src 'self' cdn.ketteringhealth.org https://mychart.ketteringhealth.org https://*.yoast.com *.googlesyndication.com https://api.altrulabs.com/dist-api/us/widgets/12013010 *.pcdn.co https://*.authorize.net https://maps.googleapis.com https://www.youtube.com https://static.formstack.com https://cdn.chatbot.com data: blob: https://www.google-analytics.com https://p1.parsely.com https://bam.nr-data.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.google.com https://tags.srv.stackadapt.com;  img-src 'self' *.pcdn.co cdn.ketteringhealth.org  https://cdnassets.pagely.com https://s.w.org https://perfmatters.io https://searchwp.com https://twemoji.maxcdn.com https://yoa.st https://theeventscalendar.com https://www.gravitykit.com https://ps.w.org https://tags.srv.stackadapt.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://p1.parsely.com https://pixel.wp.com/ data: https://www.google-analytics.com https://www.googletagmanager.com https://s3.amazonaws.cfom https://*.formstack.com https://googleads.g.doubleclick.net https://*.google.com;  style-src 'self' 'unsafe-inline' cdn.ketteringhealth.org https://*.googleapis.com *.pcdn.co https://tags.srv.stackadapt.com https://use.typekit.net https://promoter.theeventscalendar.com https://fonts.googleapis.com/ https://code.jquery.com https://use.fontawesome.com/  *.ketteringhealth.org cdnjs.cloudflare.com https://player.vimeo.com https://transparency.nrchealth.com *.formstack.com/ https://s0.wp.com https://cdn.datatables.net; font-src 'self' data: cdn.ketteringhealth.org https://s0.wp.com https://fonts.gstatic.com https://use.fontawesome.com *.pcdn.co https://cdnjs.cloudflare.com https://static.formstack.com/forms/css/ https://*.formstack.com https://cdn.altrulabs.com;  frame-src 'self' cdn.ketteringhealth.org https://mychart.ketteringhealth.org https://keepthescore.com   widget.thegivingblock.com https://host.nxt.blackbaud.com/ *.pcdn.co https://www.google.com/ https://www.youtube.com https://cdn.ketteringhealth.org *.ketteringhealth.org https://cmetracker.net https://static.formstack.com https://widgets.wp.com https://cdn.chatbot.com/ https://ketteringhealth.formstack.com/ https://tags.srv.stackadapt.com https://*.adsrvr.org/;  frame-ancestors 'self';  media-src 'self' cdn.ketteringhealth.org *.pcdn.co;  worker-src 'self' blob:; 1
script-src 'report-sample' 'nonce-7f5c9648812423f1ba2e9c1ed6ff5dc1-argus' 'strict-dynamic' 'self' 'unsafe-eval' *.ibytedtos.com *.bytegoofy.com *.byteintl.net *.bytescm.com *.bytedance.net *.byted.org *.toutiaostatic.com *.seriali18nstatic.com *.byteintlapi.com *.bytedapm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.pstatp.com *.bytednsdoc.com *.byted-static.com *.yhgfb-cn-static.com; connect-src 'self' data: https://*.fizzo.org https://fizzo.org https://*.byteoversea.com https://*.tiktokv.com https://*.ibytedtos.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.byted.org *.tiktok.com *.goofy.app *.googleapis.com *.google-analytics.com *.google.com https://www.google.co.id https://stats.g.doubleclick.net; report-to slardar-endpoint; form-action 'self'; frame-ancestors 'self'; 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.kidneyfund.org https://secure2.convio.net https://*.antigena.com 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline' https:;img-src 'self'  data: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';frame-src 'self' https:;script-src-attr *;connect-src 'self' https: data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-Nzc1MzZmYzItYjQwNy00NGMxLWI5NjEtMDlhNGQ2ODk1YzUw'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-rbK7+KudAHWKDc1IoOYd4A==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
frame-ancestors https://*.seinesaintdenis.fr; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.site.com *.force.com *.my.salesforce.com *.my.salesforce-sites.com *.salesforceliveagent.com fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.rudderlabs.com  *.google.com testproxy.thriveworks.com thriveworks.com *.wp.com *.facebook.com *.facebook.net *.doubleclick.net *.greenhouse.io *.ensighten.com *.pinterest.com beacon-v2.helpscout.net static.ctctcdn.com *.callrail.com *.googleadservices.com *.bing.com *.zopim.com *.zdassets.com *.gstatic.com *.expertrec.com *.cloudflare.com *.acuityscheduling.com *.wickedreports.com *.visualwebsiteoptimizer.com *.vwo.com *.adroll.com us-u.openx.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net ads.yahoo.com  eb2.3lift.com trc.taboola.com simage1.pubmatic.com simage2.pubmatic.com sync.outbrain.com pixel.rubiconproject.com  dsum-sec.casalemedia.com pixel.advertising.com *.adroll.mgr.consensu.org cdn.parsely.com static.cloudflareinsights.com d2wy8f7a9ursnm.cloudfront.net s.dca0.com static.ads-twitter.com *.hotjar.com *.hotjar.io *.clarity.ms *.split.io cdn.heapanalytics.com heapanalytics.com *.omappapi.com; worker-src 'self' blob: 1
default-src 'none'; manifest-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://img.shields.io https://www.netlify.com https://cdn.jsdelivr.net/ https://github.githubassets.com/ https://user-images.githubusercontent.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://troet.cafe; img-src 'self' https: data: blob: https://troet.cafe; style-src 'self' https://troet.cafe 'nonce-tI1+26frnHHqn/iUz46wnQ=='; media-src 'self' https: data: https://troet.cafe; frame-src 'self' https:; manifest-src 'self' https://troet.cafe; form-action 'self'; connect-src 'self' data: blob: https://troet.cafe https://media.troet.cafe wss://troet.cafe; script-src 'self' https://troet.cafe 'wasm-unsafe-eval'; child-src 'self' blob: https://troet.cafe; worker-src 'self' blob: https://troet.cafe 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ria.ee *.www.eesti.ee; object-src 'self'; img-src 'self' data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ria.ee ajax.cloudflare.com static.cloudflareinsights.com https://lugeja.e-tervis.ee/piwik/matomo.js; connect-src 'self' *.ria.ee *.www.eesti.ee cloudflareinsights.com; frame-src 'self' https://matomo.ria.ee; media-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.book.fr www.youtube.com player.vimeo.com w.soundcloud.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com api.mapbox.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com api.openai.com; style-src 'self' 'unsafe-inline' www.book.fr fonts.googleapis.com www.paypalobjects.com; object-src 'self'; font-src 'self' www.book.fr fonts.gstatic.com; media-src 'none'; frame-ancestors 'self' www.respcheck.com; 1
frame-ancestors 'self' http://www.philips.co.in *.philips.com *.philips.co.in https://philipsigtdpv.com 1
script-src 'self' analytics.frontlinedefenders.org prod.728.330.srv.clientrabbit.com 'unsafe-inline' 'unsafe-eval'; 1
default-src                  'self'            blob:            *.pli.edu            *.akamaihd.net            *.live-video.net;                                      script-src                  'self'            'unsafe-inline'  *.jsdelivr.net    web-sdk-eu.aptrinsic.com      blob:            'unsafe-eval'     *.bootstrapcdn.com       localhost:44399            flex.cybersource.com            *.hotjar.com:* *.hotjar.com:* *.hotjar.io *.hotjar.io *.hotjar.com            *.pli.edu    *.udev1a.net  *.usablenet.com            www.google.com            www.gstatic.com            *.vo.msecnd.net            www.googletagmanager.com            maps.googleapis.com            tagmanager.google.com            *.google.ca            *.doubleclick.net            *.adsymptotic.com            *.clarity.ms            *.ads.linkedin.com            connect.facebook.net            *.bing.com            *.licdn.com            *.facebook.com            *.collect.igodigital.com            www.google-analytics.com            load.sumo.com            use.fortawesome.com            cdn.polyfill.io            code.jquery.com            cdnjs.cloudflare.com            stackpath.bootstrapcdn.com            dl.episerver.net            app.pageproofer.com            pi.pardot.com            sumo.b-cdn.net            downloads.mailchimp.com            script.crazyegg.com            mc.us17.list-manage.com            static.hotjar.com            script.hotjar.com            www.googleadservices.com            connect.facebook.net            sjs.bizographics.com            cdn.lr-ingest.io            *.doubleclick.net            *.igodigital.com            *.salesforceliveagent.com            *.idio.episerver.net            *.tfaforms.com              *.googleusercontent.com;              connect-src         'self'     wss://localhost:44355     wss://localhost:*      wss://localhost:44313  *.googlesyndication.com   *.aptrinsic.com   *.linkedin.oribi.io  *.localhost:44356  wss://localhost:44356  localhost:44399            *.pli.edu           www.google.com           *.google.ca    *.googleapis.com        plihdpackage-lh.akamaihd.net            *.live-video.net            *.doubleclick.net            *.adsymptotic.com            *.ads.linkedin.com            connect.facebook.net            *.bing.com    *.pli.edu        *.licdn.com            *.facebook.com            *.collect.igodigital.com            www.google-analytics.com            testflex.cybersource.com            flex.cybersource.com            *.facebook.com            *.collect.igodigital.com            r.lr-ingest.io            sumo.com            dc.services.visualstudio.com            media.sumo.com            *.hotjar.io            *.hotjar.com            *.clarity.ms            *.hotjar.com            *.tfaforms.com            app.formassembly.com;              font-src            'self'       *.cloudfront.net     *.pli.edu   fonts.gstatic.com   vars.hotjar.com  static.hotjar.com           script.hotjar.com;         frame-ancestors                  'self'            *.pli.edu            login.microsoftonline.com;                                      frame-src                  'self'       *.pli.edu    *.udev1a.net  *.usablenet.com   testflex.cybersource.com            flex.cybersource.com            www.google.com            app.pageproofer.com            www.youtube-nocookie.com            www.youtube.com            player.vimeo.com            vars.hotjar.com            careers-pli.icims.com            www.podbean.com            *.doubleclick.net            plihdpackage-lh.akamaihd.net            *.live-video.net            *.tfaforms.com            *.formassembly.com;              style-src     'self'   *.pli.edu      'unsafe-inline'   *.aptrinsic.com   maxcdn.bootstrapcdn.com   cdn.jsdelivr.net    use.fortawesome.com            downloads.mailchimp.com            mc.us17.list-manage.com            sumo.b-cdn.net            fonts.googleapis.com            dl.episerver.net            sjs.bizographics.com            tagmanager.google.com            www.googletagmanager.com            app.formassembly.com;     style-src-elem   'self'   'unsafe-inline'  *.udev1a.net   *.usablenet.com       cdn.jsdelivr.net   maxcdn.bootstrapcdn.com    *.aptrinsic.com     www.gstatic.com    fonts.gstatic.com;    img-src                  'self'            *.pli.edu            data:            fonts.gstatic.com            maps.gstatic.com            maps.googleapis.com            www.googletagmanager.com            dl.episerver.net        *.usablenet.com          *.google.ca            *.adsymptotic.com            *.ads.linkedin.com            connect.facebook.net            *.bing.com            *.hotjar.com            *.hotjar.io            *.licdn.com            *.facebook.com            *.collect.igodigital.com            www.google-analytics.com            ssl.gstatic.com            www.gstatic.com            www.google.com            gallery.mailchimp.com            media.sumo.com            *.clarity.ms            sumo.com data sumo.com            dl.episerver.net          *.googleusercontent.com;              base-uri                  'self'; 1
frame-ancestors https//*.broward.edu https://*.ally.ac; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://firebaselogging-pa.googleapis.com https://firestore.googleapis.com https://code.jquery.com https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://dl.episerver.net https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://login.microsoftonline.com https://maps.googleapis.com https://www.googleadservices.com https://tagmanager.google.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://connect.facebook.net https://secure.adnxs.com https://static.ads-twitter.com https://analytics.twitter.com https://www.muchloved.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://storage.googleapis.com https://*.snapengage.com https://*.hotjar.com https://bat.bing.com https://*.azureedge.net wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.sja.org.uk https://dl.episerver.net https://fonts.googleapis.com https://tagmanager.google.com http://www.googletagmanager.com https://www.muchloved.com https://cdnjs.cloudflare.com https://cdn.fonts.net https://*.hotjar.com https://*.svc.dynamics.com;img-src 'self' https://redeye.sja.org.uk https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://dl.episerver.net https://scontent.cdninstagram.com https://login.microsoftonline.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://www.facebook.com https://t.co https://*.muchloved.com https://www.ml-dev.com https://*.snapengage.com https://www.google.co.uk https://storage.googleapis.com https://*.hotjar.com https://bat.bing.com https://*.svc.dynamics.com unsafe-inline data:;media-src 'self' https://*.snapengage.com;frame-src 'self' https://www.google.com https://commerce.sja.redweb.network https://sjacommercedevmaster.redweb.network https://ade1-mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249fprep.dxcloud.episerver.net https://mgrstja01mstrn249fprod.dxcloud.episerver.net https://login.microsoftonline.com https://www.youtube.com https://www.youtube-nocookie.com https://servedby.flashtalking.com https://www.facebook.com https://www.muchloved.com https://*.siteimprove.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.svc.dynamics.com;font-src 'self' https://fonts.gstatic.com https://cloud.typography.com https://fonts.googleapis.com https://*.hotjar.com data:;connect-src 'self' https://dc.services.visualstudio.com https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://www.google-analytics.com https://stats.g.doubleclick.net https://my2.siteimprove.com https://id.siteimprove.com https://*.snapengage.com wss://*.firebaseio.com wss://firebasedatabase.app wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.google-analytics.com https://*.svc.dynamics.com wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'none'; base-uri 'self';  manifest-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.openjur.net; script-src 'self' 'nonce-307b9aaea5b4cdd574a7eaf1e065cae8' https://cdn.openjur.net; font-src https://cdn.openjur.net; img-src 'self' https://cdn.openjur.net https://maps.openjur.net; object-src 'self'; connect-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.youtube.com s.ytimg.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com *.g.doubleclick.net *.google.com www.gstatic.com maps.googleapis.com *.analytics.google.com js-agent.newrelic.com *.nr-data.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.jsadspixel.net *.hscollectedforms.net *.hs-banner.com js.hsleadflows.net js.hsforms.net app.termly.io cdn.linkedin.oribi.io snap.licdn.com player.vimeo.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com cdn.jsdelivr.net; img-src 'self' data: sonifi.com www.sonifi.com sonifisolutions.com www.sonifisolutions.com sonifihealth.com www.sonifihealth.com blog.sonifihealth.com www.facebook.com connect.facebook.net www.google-analytics.com analytics.google.com *.gstatic.com maps.googleapis.com *.g.doubleclick.net www.googletagmanager.com adservice.google.com www.google.tt www.google.sk www.google.sn www.google.se www.google.ru www.google.ro www.google.pt www.google.no www.google.nl www.google.mv www.google.lt www.google.lu www.google.lk www.google.kz www.google.jo www.google.je www.google.ie www.google.hu www.google.hr www.google.hn www.google.gr www.google.gf www.google.gl www.google.fr www.google.es www.google.dk www.google.dj www.google.de www.google.cz www.google.cn www.google.cl www.google.ch www.google.ca www.google.bs www.google.be www.google.am www.google.al www.google.ae *.google.com www.google.com www.google.com.vn www.google.com.ua www.google.com.tw www.google.com.tr www.google.com.sv www.google.com.sg www.google.com.sa www.google.com.qa www.google.com.py www.google.com.pr www.google.com.pk www.google.com.ph www.google.com.pg www.google.com.pe www.google.com.pa www.google.com.om www.google.com.ng www.google.com.my www.google.com.mx www.google.com.mt www.google.com.mm www.google.com.lb www.google.com.kh www.google.com.jm www.google.com.hk www.google.com.gh www.google.com.fj www.google.com.et www.google.com.eg www.google.com.ec www.google.com.do www.google.com.co www.google.com.br www.google.com.bh www.google.com.bd www.google.com.au www.google.com.ar www.google.co.za www.google.co.vi www.google.co.ve www.google.co.uk www.google.co.ug www.google.co.tz www.google.co.th www.google.co.nz www.google.co.ma www.google.co.il www.google.co.kr www.google.co.ke www.google.co.jp www.google.co.in www.google.co.id www.google.co.cr www.google.co.bw *.hubspot.com *.hsforms.com www.gravatar.com secure.gravatar.com px.ads.linkedin.com www.linkedin.com *.vimeocdn.com; frame-src 'self' www.youtube.com *.doubleclick.net *.google.com www.facebook.com connect.facebook.net player.vimeo.com static.hsappstatic.net app.hubspot.com *.googletagmanager.com app.termly.io hemsync.clickagy.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com; connect-src 'self' *.nr-data.net *.google.com *.google-analytics.com *.doubleclick.net analytics.google.com adservice.google.com translate.googleapis.com pagead2.googlesyndication.com www.google.com.sv www.google.com.sa www.google.com.pk www.google.com.ph www.google.co.uk www.google.co.kr www.google.co.jp www.google.co.in www.google.ca www.google.com.au www.google.ie www.google.ae *.hubspot.com *.hubapi.com www.facebook.com app.termly.io cdn.linkedin.oribi.io snap.licdn.com yoast.com/feed/widget/ js.hsadspixel.net forms.hsforms.com aorta.clickagy.com hemsync.clickagy.com *.zi-scripts.com ws.zoominfo.com; media-src 'self' data:; report-uri https://sonifi.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://beyond-hd.me:2083/ wss://beyond-hd.me:2083/ https://beyond-hd.me:8443/ wss://beyond-hd.me:8443/; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com/ https://youtube.com/; img-src 'self' https: data:; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/css/bootstrap-datetimepicker.min.css; worker-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.ca; img-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca; style-src 'self' https://mstdn.ca 'nonce-mrpnNS+qgkE+yEyKe0t6Sg=='; media-src 'self' data: https://mstdn.ca https://cdn.mastdn.ca; frame-src 'self' https:; manifest-src 'self' https://mstdn.ca; form-action 'self'; child-src 'self' blob: https://mstdn.ca; worker-src 'self' blob: https://mstdn.ca; connect-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca wss://api.mstdn.ca; script-src 'self' https://mstdn.ca 'wasm-unsafe-eval' 1
default-src 'self';  script-src 'self' *.ctfassets.net *.youtube.com *.twitter.com;  child-src 'self' *.ctfassets.net *.youtube.com player.vimeo.com *.twitter.com;  style-src 'self' 'unsafe-inline' *.googleapis.com;  img-src 'self' blob: data: *.ctfassets.net *.youtube.com *.twitter.com;  media-src 'self' *.youtube.com;  connect-src *;  font-src 'self' blob: data: fonts.gstatic.com maxcdn.bootstrapcdn.com;  worker-src 'self' blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mamot.fr; img-src 'self' https: data: blob: https://mamot.fr; style-src 'self' https://mamot.fr 'nonce-0RDPsnTceau1GhfyvEtpVQ=='; media-src 'self' https: data: https://mamot.fr; frame-src 'self' https:; manifest-src 'self' https://mamot.fr; form-action 'self'; child-src 'self' blob: https://mamot.fr; worker-src 'self' blob: https://mamot.fr; connect-src 'self' data: blob: https://mamot.fr https://static.mamot.fr wss://mamot.fr; script-src 'self' https://mamot.fr 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.watchmegrow.com https://*.localwatchmegrow.com 1
default-src 'self' adservice.google.com app.vwo.com *.azureedge.net blob: data: *.dynamics.com feedback-api.lumoa.me fonts.googleapis.com *.litix.io maps.googleapis.com *.ninchat.com pagead2.googlesyndication.com *.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.piwik.pro *.visualwebsiteoptimizer.com *.zef.fi *.wistia.com;script-src 'self' app.vwo.com *.azureedge.net blob cdn.pushcrew.com dynamics.com googleads.g.doubleclick.net/pagead/viewthroughconversion* googleadservices.com/pagead/conversion* googletagmanager.com/gtag/js fast.wistia.net *.jobylon.com *.lfeeder.com maps.googleapis.com ninchat.com s2.adform.net/banners/scripts/st/trackpoint-async.js *.sleeknote.com terveystalo.piwik.pro terveystalo.containers.piwik.pro track.adform.net *.visualwebsiteoptimizer.com *.wistia.com 'nonce-1rGFqI5NhTwxsecTlByN76r7eKttcRkkgae3TE7y1lw=' 'unsafe-eval' 'unsafe-inline';style-src 'self' ninchat.s3.amazonaws.com app.vwo.com analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net fonts.googleapis.com ninchat.com sleeknotestaticcontent.sleeknote.com terveystalo.containers.piwik.pro *.visualwebsiteoptimizer.com 'unsafe-inline';font-src 'self' assets.terveystalo.com data: fonts.gstatic.com ninchat.com sleeknotestaticcontent.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.containers.piwik.pro *.wistia.com;img-src 'self' analytics.sleeknote.com app.vwo.com azureedge.net blob: data: dev.visualwebsiteoptimizer.com *.dynamics.com google.com www.google.com google.fi www.google.fi *.googletagmanager.com i.ytimg.com *.jobylon.com *.lfeeder.com maps.googleapis.com maps.gstatic.com *.piwik.pro *.sleeknote.com storage.zef.fi *.terveystalo.com *.wistia.com;frame-ancestors 'self' https://*.terveystalo.com;frame-src 'self' analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net analytics-consent-manager-v2-prod.azureedge.net app.vwo.com apps.myzef.com cdn.jobylon.com e.infogram.com *.google.com fast.wistia.net *.investis.com news.alertir.com ninchat.com *.sleeknote.com *.svc.dynamics.com terveystalo.gw.efectecloud.com td.doubleclick.net track.adform.net *.visualwebsiteoptimizer.com zef.fi *.zef.fi *.youtube.com 1
connect-src 'self' * https: 'unsafe-inline'; default-src https://*.ctfassets.net 'self' blob:; font-src https://fonts.googleapis.com 'self' https://fonts.gstatic.com; frame-src https://feed.pghub.io/ https://*.ctfassets.net https://*.qualtrics.com 'self' https://*.tapad.com https://*.facebook.com https://*.google.com https://www.youtube.com https://www.youtube-nocookie.com https://dentalcare.corbusmediasolutions.com https://*.adsrvr.org; img-src https://*.ctfassets.net 'self' data: https://www.googletagmanager.com https://*.google-analytics.com https://pixel.tapad.com https://*.qualtrics.com https://*.cookielaw.org https://*.facebook.com; media-src https://*.ctfassets.net 'self'; script-src https://cdn.segment.com https://js-cdn.dynatrace.com https://www.youtube.com https://www.youtube-nocookie.com https://*.qualtrics.com https://try.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.moatads.com https://pghub.io https://*.siteintercept.qualtrics.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.tapad.com https://*.crazyegg.com https://*.simpli.fi https://*.adsrvr.org https://*.cookielaw.org https://*.facebook.net api.ipify.org; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.ableteams.com https://*.mypeoplenet.com https://*.bullhornstaffing.com; 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com experience.adobe.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com tags.tiqcdn.com tags.tiqcdn.com use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.twimg.com *.youtube.com bam.nr-data.net cdn.jotfor.ms data: dpm.demdex.net i.ytimg.com login.commonspirit.org s3.amazonaws.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com api.ipify.org bam.nr-data.net dpm.demdex.net fid.agkn.com fonts.googleapis.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com translate.googleapis.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: use.typekit.net; 1
frame-ancestors http://www.seafoodsource.com https://divcomplatform.s3.amazonaws.com 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.aol.com https://s.yimg.com/nq/ads/mb/native/* https://edge-mcdn.secure.yahoo.com/ybar/ https://service.cmp.oath.com https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://3p-geo.yahoo.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.aol.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://search.aol.com/sugg/gossip/gossip-us-ura/ https://espanol.search.yahoo.com/sugg/gossip/gossip-e1-ura https://de.search.yahoo.com/sugg/gossip/gossip-de-ura https://ca.search.yahoo.com/sugg/gossip/gossip-ca-ura https://uk.search.yahoo.com/sugg/gossip/gossip-uk-ura https://qc.search.yahoo.com/sugg/gossip/gossip-ca_fr-ura https://fr.search.yahoo.com/sugg/gossip/gossip-fr-ura https://br.search.yahoo.com/sugg/gossip/gossip-br-ura;default-src 'self';font-src https: data:;frame-src https://*.aol.com https://*.yimg.com https://fc.yahoo.com https://*.aolmail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.aol.com/ https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://connect.netscape.com/ https://guce.netscape.com/ https://www.compuserve.com/ https://guce.compuserve.com/;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.aol.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/js/ https://s.yimg.com/rx/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://yep.video.yahoo.com/ https://assets.video.yahoo.net/ https://jsapi.login.aol.com/w/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://s.yimg.com/oa/ 'nonce-FuzTzm/y1E2oLfSuf/IVn4NRwyTAUJX2peL0WZks6vqd1Sqp' ;style-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self';manifest-src https://s.yimg.com/nq/nr/json/ 1
frame-ancestors 'self' https://honestdollarhelp.zendesk.com https://gsinvest.zendesk.com https://gsdsp.zendesk.com https://ayco.my.salesforce.com https://ayco.lightning.force.com https://one.concert.site.gs.com https://wealth.concert.site.gs.com https://gswm.lightning.force.com https://gswm.my.salesforce.com https://gswm.lightning.force.com https://prod1.ion.site.gs.com https://prod2.ion.site.gs.com https://ion.site.gs.com https://prod1.ion.site.gs.com:8443 https://prod2.ion.site.gs.com:8443 https://ion.site.gs.com:8443 https://uat.ibdweb.site.gs.com https://ibdweb.site.gs.com https://*.gir.services.gs.com https://etask.gs.com https://uat.ibdapps.nimbus.gs.com https://ibdapps.nimbus.gs.com; 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.happify.com https://hpf-happify-marty-prod-user-uploads.happify.com *.optimizely.com *.ads-twitter.com *.vimeo.com *.google.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn g.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.youtube.com *.ytimg.com *.licdn.com tracker.mrpfd.com rum-static.pingdom.net cdn.mxpnl.com platform.twitter.com analytics.twitter.com cdn.branch.io connect.facebook.net app.link js.braintreegateway.com tiktok.com *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.ttwstatic.com instagram.com *.instagram.com;img-src 'self' data: https: http:;connect-src 'self' *.happify.com *.happify.com *.happifyhealth.com *.happifychina.cn *.adservice.google.com api2.branch.io api-js.mixpanel.com www.facebook.com *.pingdom.net *.googlesyndication.com *.g.doubleclick.net tracker.mrpfd.com *.google-analytics.com *.gstatic.com *.ibytedtos.com *.google.com;frame-src 'self' *.happify.com platform.twitter.com *.facebook.com *.googlesyndication.com *.g.doubleclick.net youtube.com *.youtube.com *.vimeo.com embed.ted.com player.youku.com www.googletagservices.com instagram.com *.instagram.com tiktok.com *.tiktok.com *.google.com;style-src 'self' 'unsafe-inline' *.happify.com https://hpf-happify-marty-prod-user-uploads.happify.com fonts.googleapis.com *.typekit.net *.tiktokcdn.com;font-src 'self' *.happify.com https://hpf-happify-marty-prod-user-uploads.happify.com fonts.gstatic.com typekit.com use.typekit.net data:;default-src 'self' *.happify.com https://hpf-happify-marty-prod-user-uploads.happify.com *.googlesyndication.com; 1
frame-ancestors *.bryant.edu *.ahdev.cloud 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://api.kitbuilder.co.uk https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://m.speedo.com https://checkout.speedo.com https://www.speedo.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://sf16-muse-va.ibytedtos.com https://ucarecdn.com https://cdn.parcellab.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/; 1
default-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline'   embed.typeform.com fonts.googleapis.com www.googletagmanager.com widget.docsbot.ai; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com ipfs.subsocial.network community.astar.network www.google-analytics.com region1.google-analytics.com polkadot.js.org data:; script-src-elem 'self'  'unsafe-inline' embed.typeform.com widget.docsbot.ai  www.googletagmanager.com www.google-analytics.com; connect-src 'self' docs.astar.network squid.subsquid.io docsbot.ai api.docsbot.ai wss://api.docsbot.ai www.google-analytics.com region1.google-analytics.com community.astar.network; frame-src  'self' form.typeform.com embed.typeform.com cdn.forms-content.sg-form.com; 1
report-to slardar-endpoint; img-src 'self' *.bdxiguaimg.com *.bdxiguastatic.com *.toutiaoimg.com *.bytednsdoc.com *.bytexservice.com *.douyinpic.com data: *.byteacctimg.com *.toutiaostatic.com *.baidu.com *.aliyuncs.com *.gstatic.com *.itoutiaoimg.com http:; connect-src *.zijieapi.com 'self' *.365yg.com *.snssdk.com *.google-analytics.com *.doubleclick.net; style-src 'self' *.bdxiguastatic.com 'unsafe-inline' blob:; script-src 'self' *.snssdk.com 'nonce-5b2a2415a3d43e4f75f8fbaf1bfe67f5-argus' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval';  1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.ipe.com https://eme.abacusemedia.com; 1
frame-ancestors 'self' https://*.rotacloud.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.thapar.edu thapar.edu code.jquery.com youtube.com updated.thapar.edu fonts.googleapis.com cdnjs.cloudflare.com unpkg.com code.jquery.com www.youtube.com netdna.bootstrapcdn.com chatbot.nopaperforms.com track.nopaperforms.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net widgets.nopaperforms.com tslas.nopaperforms.com ajax.googleapis.com kenwheeler.github.io www.lmtsm.thapar.edu lmtsm.thapar.edu iep.thapar.edu connect.facebook.net ssl.google-analytics.com googleusercontent.com drive.google.com ckeditor.com docs.ckeditor.com cdn.ckeditor.com fonts.googleapis.com ajax.googleapis.com cdn.quilljs.com maps.googleapis.com www.youtube.com chatbot.in1.nopaperforms.com online.fliphtml5.com www.yumpu.com; 1
default-src 'self' maps.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' acsbapp.com cc.cdn.civiccomputing.com unpkg.com maps.googleapis.com www.googletagmanager.com api.reciteme.com www.google.com www.gstatic.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.clarity.ms api1.websuccess-data.com cdn.leadinfo.net n.clarity.ms tools.euroland.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com api.reciteme.com irs.tools.investis.com otp.tools.investis.com cdn.leadinfo.net;img-src 'self' data: www.google.co.uk web1.acsbapp.com acsbapp.com maps.gstatic.com maps.googleapis.com api.reciteme.com www.gravatar.com www.google-analytics.com irs.tools.investis.com otp.tools.investis.com www.googletagmanager.com c.clarity.ms dashboard.umbraco.com www.google.com www.bing.com our.umbraco.com https://dashboard.umbraco.com;frame-src 'self' gamma.euroland.com marketplace.umbraco.com player.vimeo.com tools.eurolandir.com storage.net-fs.com www.youtube.com commercialpropertyphotography.com qfx.quartalflife.com irs.tools.investis.com otp.tools.investis.com www.google.com www.reachtimelapse.co.uk www.devisubox.com;font-src 'self' acsbapp.com fonts.googleapis.com fonts.gstatic.com api.reciteme.com;connect-src 'self' region1.analytics.google.com acsbapp.com stats.g.doubleclick.net analytics.google.com *.acsbapp.com *.civiccomputing.com maps.googleapis.com api.reciteme.com r1-api.dotdigital.com *.google-analytics.com irs.tools.investis.com otp.tools.investis.com *.execute-api.us-east-1.amazonaws.com collector.leadinfo.net api.leadinfo.net api.leadinfo.com *.clarity.ms apikeys.civiccomputing.com;form-action 'self';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-1ONmS+dqPUOvtLyPrR1IB8HgpI2txQpiGxM7x7EAExLXyZPw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://www.indowebsite.co.id/ https://member.indowebsite.com/ https://amp.indowebsite.co.id/ 1
frame-ancestors 'self' *.aja.com *.authorize.net; default-src https: wss: 'unsafe-eval' 'unsafe-inline'; img-src data: https:; object-src 'self' 1
frame-ancestors 'self' https://fundrise.com/ https://fundriseintervalfund.com https://fundriseincomerealestatefund.com https://fundrisegrowthtechfund.com 1
media-src 'self' data: blob: *; 1
base-uri 'self'; child-src 'self' https: http: data: blob:; connect-src 'self' https: http://localhost:* wss: data: blob:; default-src 'none'; font-src 'self' https: http://localhost:* http://themes.googleusercontent.com data:; form-action 'self'; frame-ancestors 'self' https://app.eu.pendo.io; frame-src 'self' https: http: data: blob:; img-src 'self' https: http: data: blob:; media-src 'self' https: data:; script-src 'self' https: http://localhost:* blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: http: data: 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://linnworks17.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.wuppertal.de www-wuppertal-de.translate.goog 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googleapis.com https://www.dwin1.com https://*.veinteractive.com https://www.googleadservices.com https://www.zenaps.com https://machinemart.122.2o7.net https://www.youtube.com https://s.ytimg.com https://b.sli-spark.com https://*.criteo.com https://*.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://platform.twitter.com https://assets.pinterest.com https://log.pinterest.com https://vimeo.com https://*.dekopay.com https://*.g.doubleclick.net https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com https://*.adalyser.com https://dccf75d8gej24.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://img.youtube.com https://dccf75d8gej24.cloudfront.net https://csi.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://machinemart.122.2o7.net https://*.veinteractive.com https://www.awin1.com https://e.machinemart.co.uk https://www.zenaps.com https://*.google-analytics.com https://*.analytics.google.com https://b.sli-spark.com https://*.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.ie https://*.gstatic.com https://*.pinterest.com https://s-passets.pinimg.com https://www.facebook.com https://syndication.twitter.com https://i.vimeocdn.com https://a.volvelle.tech https://go.flx1.com https://*.livechatinc.com https://dis.criteo.com https://gum.criteo.com https://pixel.tapad.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://public-prod-dspcookiematching.dmxleo.com https://s.ad.smaato.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://exchange.mediavine.com https://jadserve.postrelease.com https://ads.stickyadstv.com https://visitor.omnitagjs.com https://criteo-sync.teads.tv https://match.sharethrough.com https://contextual.media.net https://x.bidswitch.net https://id5-sync.com https://ad.360yield.com https://sync-t1.taboola.com https://r.casalemedia.com https://simage2.pubmatic.com https://secure.adnxs.com https://eb2.3lift.com https://sync.outbrain.com https://pixel.rubiconproject.com https://c.bing.com https://criteo-partners.tremorhub.com https://i.liadm.com https://e1.emxdgt.com https://sp.analytics.yahoo.com https://beacon.krxd.net https://tags.bluekai.com https://i6.liadm.com https://cdn.stickyadstv.com https://s.thebrighttag.com https://ib.adnxs.com https://rtb-csync.smartadserver.com https://cm.adform.net https://matching.ivitrack.com https://ad.yieldlab.net https://dpm.demdex.net https://ad.doubleclick.net https://adservice.google.com https://*.adalyser.com; font-src 'self' https://cdn.livechatinc.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://4894704.fls.doubleclick.net https://4735852.fls.doubleclick.net https://*.doubleclick.net https://fledge.eu.criteo.com https://www.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://www.google.co.uk https://f.chtah.com https://ebm.cheetahmail.com https://www.youtube.com https://*.veinteractive.com https://dis.eu.criteo.com https://gum.criteo.com https://s-static.ak.facebook.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://assets.pinterest.com https://player.vimeo.com https://syndication.twitter.com https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com; connect-src 'self' https://adservice.google.com https://*.veinteractive.com https://vimeo.com https://www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://google.com https://pagead2.googlesyndication.com https://measurement-api.criteo.com https://stats.g.doubleclick.net https://log.pinterest.com https://api.livechatinc.com https://maps.googleapis.com https://*.ingest.sentry.io https://*.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com; media-src 'self' https://cdn.livechatinc.com; 1
frame-src * https://bid.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; default-src 'self' https://sentry-prod.cryptology.com/; script-src 'self' blob: 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://*.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.firebaseio.com wss://*.firebaseio.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://s.adroll.com https://d.adroll.com https://*.omappapi.com/ https://*.cookiebot.com/ https://wchat.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://sentry-prod.cryptology.com/api/embed/error-page/ ; style-src 'self' blob: https://*.cryptology.com 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://fonts.googleapis.com https://*.omappapi.com/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com; worker-src 'self' blob:; connect-src 'self' blob: https://*.cryptology.com https://cryptology.com wss://*.cryptology.com https://*.cryptology.com:2083 https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://*.firebaseio.com wss://*.firebaseio.com https://www.facebook.com/tr/ https://api.coinmarketcap.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://d.adroll.com https://content.hotjar.io https://*.omappapi.com/ https://*.cookiebot.com/ https://wchat.freshchat.com/js/ https://wchat.freshchat.com/widget/js/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com https://locales.dev.cryptology.com/ https://locales.prod.cryptology.com/ https://locales.staging.cryptology.com/ localhost:*; object-src 'none'; child-src 'self' https://cryptology-9a846.firebaseapp.com https://cryptology-9a846.firebaseio.com https://cryptology-dev.firebaseapp.com https://cryptology-dev.firebaseio.com https://cryptology-prod.firebaseapp.com https://cryptology-prod.firebaseio.com https://www.facebook.com/ https://staticxx.facebook.com/; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://*.cryptology.com https://cryptology.com https://t.co https://analytics.twitter.com https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.gstatic.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://google.com/ads/ga-audiences https://google.ad/ads/ga-audiences https://google.ae/ads/ga-audiences https://google.com.af/ads/ga-audiences https://google.com.ag/ads/ga-audiences https://google.com.ai/ads/ga-audiences https://google.al/ads/ga-audiences https://google.am/ads/ga-audiences https://google.co.ao/ads/ga-audiences https://google.com.ar/ads/ga-audiences https://google.as/ads/ga-audiences https://google.at/ads/ga-audiences https://google.com.au/ads/ga-audiences https://google.az/ads/ga-audiences https://google.ba/ads/ga-audiences https://google.com.bd/ads/ga-audiences https://google.be/ads/ga-audiences https://google.bf/ads/ga-audiences https://google.bg/ads/ga-audiences https://google.com.bh/ads/ga-audiences https://google.bi/ads/ga-audiences https://google.bj/ads/ga-audiences https://google.com.bn/ads/ga-audiences https://google.com.bo/ads/ga-audiences https://google.com.br/ads/ga-audiences https://google.bs/ads/ga-audiences https://google.bt/ads/ga-audiences https://google.co.bw/ads/ga-audiences https://google.by/ads/ga-audiences https://google.com.bz/ads/ga-audiences https://google.ca/ads/ga-audiences https://google.cd/ads/ga-audiences https://google.cf/ads/ga-audiences https://google.cg/ads/ga-audiences https://google.ch/ads/ga-audiences https://google.ci/ads/ga-audiences https://google.co.ck/ads/ga-audiences https://google.cl/ads/ga-audiences https://google.cm/ads/ga-audiences https://google.cn/ads/ga-audiences https://google.com.co/ads/ga-audiences https://google.co.cr/ads/ga-audiences https://google.com.cu/ads/ga-audiences https://google.cv/ads/ga-audiences https://google.com.cy/ads/ga-audiences https://google.cz/ads/ga-audiences https://google.de/ads/ga-audiences https://google.dj/ads/ga-audiences https://google.dk/ads/ga-audiences https://google.dm/ads/ga-audiences https://google.com.do/ads/ga-audiences https://google.dz/ads/ga-audiences https://google.com.ec/ads/ga-audiences https://google.ee/ads/ga-audiences https://google.com.eg/ads/ga-audiences https://google.es/ads/ga-audiences https://google.com.et/ads/ga-audiences https://google.fi/ads/ga-audiences https://google.com.fj/ads/ga-audiences https://google.fm/ads/ga-audiences https://google.fr/ads/ga-audiences https://google.ga/ads/ga-audiences https://google.ge/ads/ga-audiences https://google.gg/ads/ga-audiences https://google.com.gh/ads/ga-audiences https://google.com.gi/ads/ga-audiences https://google.gl/ads/ga-audiences https://google.gm/ads/ga-audiences https://google.gr/ads/ga-audiences https://google.com.gt/ads/ga-audiences https://google.gy/ads/ga-audiences https://google.com.hk/ads/ga-audiences https://google.hn/ads/ga-audiences https://google.hr/ads/ga-audiences https://google.ht/ads/ga-audiences https://google.hu/ads/ga-audiences https://google.co.id/ads/ga-audiences https://google.ie/ads/ga-audiences https://google.co.il/ads/ga-audiences https://google.im/ads/ga-audiences https://google.co.in/ads/ga-audiences https://google.iq/ads/ga-audiences https://google.is/ads/ga-audiences https://google.it/ads/ga-audiences https://google.je/ads/ga-audiences https://google.com.jm/ads/ga-audiences https://google.jo/ads/ga-audiences https://google.co.jp/ads/ga-audiences https://google.co.ke/ads/ga-audiences https://google.com.kh/ads/ga-audiences https://google.ki/ads/ga-audiences https://google.kg/ads/ga-audiences https://google.co.kr/ads/ga-audiences https://google.com.kw/ads/ga-audiences https://google.kz/ads/ga-audiences https://google.la/ads/ga-audiences https://google.com.lb/ads/ga-audiences https://google.li/ads/ga-audiences https://google.lk/ads/ga-audiences https://google.co.ls/ads/ga-audiences https://google.lt/ads/ga-audiences https://google.lu/ads/ga-audiences https://google.lv/ads/ga-audiences https://google.com.ly/ads/ga-audiences https://google.co.ma/ads/ga-audiences https://google.md/ads/ga-audiences https://google.me/ads/ga-audiences https://google.mg/ads/ga-audiences https://google.mk/ads/ga-audiences https://google.ml/ads/ga-audiences https://google.com.mm/ads/ga-audiences https://google.mn/ads/ga-audiences https://google.ms/ads/ga-audiences https://google.com.mt/ads/ga-audiences https://google.mu/ads/ga-audiences https://google.mv/ads/ga-audiences https://google.mw/ads/ga-audiences https://google.com.mx/ads/ga-audiences https://google.com.my/ads/ga-audiences https://google.co.mz/ads/ga-audiences https://google.com.na/ads/ga-audiences https://google.com.ng/ads/ga-audiences https://google.com.ni/ads/ga-audiences https://google.ne/ads/ga-audiences https://google.nl/ads/ga-audiences https://google.no/ads/ga-audiences https://google.com.np/ads/ga-audiences https://google.nr/ads/ga-audiences https://google.nu/ads/ga-audiences https://google.co.nz/ads/ga-audiences https://google.com.om/ads/ga-audiences https://google.com.pa/ads/ga-audiences https://google.com.pe/ads/ga-audiences https://google.com.pg/ads/ga-audiences https://google.com.ph/ads/ga-audiences https://google.com.pk/ads/ga-audiences https://google.pl/ads/ga-audiences https://google.pn/ads/ga-audiences https://google.com.pr/ads/ga-audiences https://google.ps/ads/ga-audiences https://google.pt/ads/ga-audiences https://google.com.py/ads/ga-audiences https://google.com.qa/ads/ga-audiences https://google.ro/ads/ga-audiences https://google.ru/ads/ga-audiences https://google.rw/ads/ga-audiences https://google.com.sa/ads/ga-audiences https://google.com.sb/ads/ga-audiences https://google.sc/ads/ga-audiences https://google.se/ads/ga-audiences https://google.com.sg/ads/ga-audiences https://google.sh/ads/ga-audiences https://google.si/ads/ga-audiences https://google.sk/ads/ga-audiences https://google.com.sl/ads/ga-audiences https://google.sn/ads/ga-audiences https://google.so/ads/ga-audiences https://google.sm/ads/ga-audiences https://google.sr/ads/ga-audiences https://google.st/ads/ga-audiences https://google.com.sv/ads/ga-audiences https://google.td/ads/ga-audiences https://google.tg/ads/ga-audiences https://google.co.th/ads/ga-audiences https://google.com.tj/ads/ga-audiences https://google.tl/ads/ga-audiences https://google.tm/ads/ga-audiences https://google.tn/ads/ga-audiences https://google.to/ads/ga-audiences https://google.com.tr/ads/ga-audiences https://google.tt/ads/ga-audiences https://google.com.tw/ads/ga-audiences https://google.co.tz/ads/ga-audiences https://google.com.ua/ads/ga-audiences https://google.co.ug/ads/ga-audiences https://google.co.uk/ads/ga-audiences https://google.com.uy/ads/ga-audiences https://google.co.uz/ads/ga-audiences https://google.com.vc/ads/ga-audiences https://google.co.ve/ads/ga-audiences https://google.vg/ads/ga-audiences https://google.co.vi/ads/ga-audiences https://google.com.vn/ads/ga-audiences https://google.vu/ads/ga-audiences https://google.ws/ads/ga-audiences https://google.rs/ads/ga-audiences https://google.co.za/ads/ga-audiences https://google.co.zm/ads/ga-audiences https://google.co.zw/ads/ga-audiences https://google.cat/ads/ga-audiences https://www.google.com/ads/ga-audiences https://www.google.ad/ads/ga-audiences https://www.google.ae/ads/ga-audiences https://www.google.com.af/ads/ga-audiences https://www.google.com.ag/ads/ga-audiences https://www.google.com.ai/ads/ga-audiences https://www.google.al/ads/ga-audiences https://www.google.am/ads/ga-audiences https://www.google.co.ao/ads/ga-audiences https://www.google.com.ar/ads/ga-audiences https://www.google.as/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.az/ads/ga-audiences https://www.google.ba/ads/ga-audiences https://www.google.com.bd/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.bf/ads/ga-audiences https://www.google.bg/ads/ga-audiences https://www.google.com.bh/ads/ga-audiences https://www.google.bi/ads/ga-audiences https://www.google.bj/ads/ga-audiences https://www.google.com.bn/ads/ga-audiences https://www.google.com.bo/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.bs/ads/ga-audiences https://www.google.bt/ads/ga-audiences https://www.google.co.bw/ads/ga-audiences https://www.google.by/ads/ga-audiences https://www.google.com.bz/ads/ga-audiences https://www.google.ca/ads/ga-audiences https://www.google.cd/ads/ga-audiences https://www.google.cf/ads/ga-audiences https://www.google.cg/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.ci/ads/ga-audiences https://www.google.co.ck/ads/ga-audiences https://www.google.cl/ads/ga-audiences https://www.google.cm/ads/ga-audiences https://www.google.cn/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.co.cr/ads/ga-audiences https://www.google.com.cu/ads/ga-audiences https://www.google.cv/ads/ga-audiences https://www.google.com.cy/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.dj/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.dm/ads/ga-audiences https://www.google.com.do/ads/ga-audiences https://www.google.dz/ads/ga-audiences https://www.google.com.ec/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.com.eg/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.com.et/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.com.fj/ads/ga-audiences https://www.google.fm/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.ga/ads/ga-audiences https://www.google.ge/ads/ga-audiences https://www.google.gg/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.gi/ads/ga-audiences https://www.google.gl/ads/ga-audiences https://www.google.gm/ads/ga-audiences https://www.google.gr/ads/ga-audiences https://www.google.com.gt/ads/ga-audiences https://www.google.gy/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.hn/ads/ga-audiences https://www.google.hr/ads/ga-audiences https://www.google.ht/ads/ga-audiences https://www.google.hu/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.co.il/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.iq/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.je/ads/ga-audiences https://www.google.com.jm/ads/ga-audiences https://www.google.jo/ads/ga-audiences https://www.google.co.jp/ads/ga-audiences https://www.google.co.ke/ads/ga-audiences https://www.google.com.kh/ads/ga-audiences https://www.google.ki/ads/ga-audiences https://www.google.kg/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.kw/ads/ga-audiences https://www.google.kz/ads/ga-audiences https://www.google.la/ads/ga-audiences https://www.google.com.lb/ads/ga-audiences https://www.google.li/ads/ga-audiences https://www.google.lk/ads/ga-audiences https://www.google.co.ls/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.lu/ads/ga-audiences https://www.google.lv/ads/ga-audiences https://www.google.com.ly/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.md/ads/ga-audiences https://www.google.me/ads/ga-audiences https://www.google.mg/ads/ga-audiences https://www.google.mk/ads/ga-audiences https://www.google.ml/ads/ga-audiences https://www.google.com.mm/ads/ga-audiences https://www.google.mn/ads/ga-audiences https://www.google.ms/ads/ga-audiences https://www.google.com.mt/ads/ga-audiences https://www.google.mu/ads/ga-audiences https://www.google.mv/ads/ga-audiences https://www.google.mw/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://www.google.com.my/ads/ga-audiences https://www.google.co.mz/ads/ga-audiences https://www.google.com.na/ads/ga-audiences https://www.google.com.ng/ads/ga-audiences https://www.google.com.ni/ads/ga-audiences https://www.google.ne/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.com.np/ads/ga-audiences https://www.google.nr/ads/ga-audiences https://www.google.nu/ads/ga-audiences https://www.google.co.nz/ads/ga-audiences https://www.google.com.om/ads/ga-audiences https://www.google.com.pa/ads/ga-audiences https://www.google.com.pe/ads/ga-audiences https://www.google.com.pg/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.com.pk/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.pn/ads/ga-audiences https://www.google.com.pr/ads/ga-audiences https://www.google.ps/ads/ga-audiences https://www.google.pt/ads/ga-audiences https://www.google.com.py/ads/ga-audiences https://www.google.com.qa/ads/ga-audiences https://www.google.ro/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://www.google.rw/ads/ga-audiences https://www.google.com.sa/ads/ga-audiences https://www.google.com.sb/ads/ga-audiences https://www.google.sc/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.sh/ads/ga-audiences https://www.google.si/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.com.sl/ads/ga-audiences https://www.google.sn/ads/ga-audiences https://www.google.so/ads/ga-audiences https://www.google.sm/ads/ga-audiences https://www.google.sr/ads/ga-audiences https://www.google.st/ads/ga-audiences https://www.google.com.sv/ads/ga-audiences https://www.google.td/ads/ga-audiences https://www.google.tg/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.com.tj/ads/ga-audiences https://www.google.tl/ads/ga-audiences https://www.google.tm/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.google.to/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://www.google.tt/ads/ga-audiences https://www.google.com.tw/ads/ga-audiences https://www.google.co.tz/ads/ga-audiences https://www.google.com.ua/ads/ga-audiences https://www.google.co.ug/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.uy/ads/ga-audiences https://www.google.co.uz/ads/ga-audiences https://www.google.com.vc/ads/ga-audiences https://www.google.co.ve/ads/ga-audiences https://www.google.vg/ads/ga-audiences https://www.google.co.vi/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.vu/ads/ga-audiences https://www.google.ws/ads/ga-audiences https://www.google.rs/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.co.zm/ads/ga-audiences https://www.google.co.zw/ads/ga-audiences https://www.google.cat/ads/ga-audiences https://www.facebook.com/tr/ https://d.adroll.com https://*.omappapi.com/ https://*.cookiebot.com/ https://downloads.intercomcdn.com https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/; font-src data: https://cryptology.com https://*.cryptology.com https://fonts.gstatic.com https://script.hotjar.com https://*.omappapi.com/ localhost:*; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; report-uri https://sentry-prod.cryptology.com/api/5/security/?sentry_key=cdbfe589f11e4bff93578e39556691c6 1
default-src https: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.ddev.site https://*.skd.museum https://*.googleapis.com https://www.youtube-nocookie.com https://sketchfab.com https://vimeo.com; 1
frame-ancestors 'self' https://*.dimensional.com; 1
default-src *;script-src 'self' 'nonce-kfN1vbvMP2ExPcUzr/Iv8x6tsIl5t1IJ5efFPoh1HIg='; 1
frame-ancestor 'none'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.truefitcorp.com https://adservice.google.com https://amplify.outbrain.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://app.acuityscheduling.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.acuityscheduling.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://o4503962274299904.ingest.sentry.io https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s.yimg.com https://s7mbrstream.scene7.com https://smetrics.lululemon.com.hk https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.outbrain.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.com.hk https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;font-src 'self' https://fonts.gstatic.com/;img-src 'self' data: https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://file.go.gov.sg/;script-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googletagmanager.com/ https://*.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/;worker-src blob:;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.browser-intake-datadoghq.com/ o372043.ingest.sentry.io o372043.ingest.sentry.io;frame-ancestors 'self';report-uri https://o372043.ingest.sentry.io/api/5193500/security/?sentry_key=a76d61749b824d8fa8ad84eee7ecc882;upgrade-insecure-requests 1
frame-ancestors 'self' https://www2.imba.com/ https://mwba.org/ https://tasmtb.org/ https://routtcountyriders.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com https://www.googleadservices.com platform.twitter.com ad.doubleclick.net https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.nanorep.co *.googletagmanager.com *.licdn.com *.doubleclick.net *.mookie1.com *.turn.com *.addthis.com *.moatads.com *.addthisedge.com *.tiktok.com https://www.buzzsprout.com/ https://cse.google.com/ https://libjs.s4mdsp.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ *.outbrain.com *.suss.edu.sg *.fontawesome.com *.bootstrapcdn.com suss-ciel.libcal.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com ads-engagement.presage.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ *.suss.edu.sg *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com ads-engagement.presage.io; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com/ *.suss.edu.sg *.doubleclick.net data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.linkedin.com *.google.com *.google.com.my *.google.com.sg *.mookie1.com suss.edu.sg *.suss.edu.sg https://www.googletagmanager.com/ https://r.turn.com/ *.outbrain.com *.youtube.com lcimages.s3.amazonaws.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com *.doubleclick.net ads-engagement.presage.io img.youtube.com; media-src 'self' data: blob: sfcms.suss.edu.sg; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.suss.edu.sg *.doubleclick.net *.addthis.com https://www.buzzsprout.com/ https://pcmap-suss.netlify.app/ https://kuula.co/ *.google.com suss-ciel.libcal.com www.yumpu.com *.issuu.com teamup.com *.zscaler.net; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.nanorep.co *.doubleclick.net *.nanorep.com *.addthis.com https://cdn.linkedin.oribi.io *.facebook.com *.tiktok.com analytics.google.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com *.linkedin.com ads-engagement.presage.io; 1
default-src 'self' 'unsafe-inline'; font-src 'self' fonts.workshops.aws; img-src 'self' a0.awsstatic.com; script-src 'self' sdk.amazonaws.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none' 1
default-src 'self' cdn.wcc.witt-weiden.de https://cdn.wcc.witt-weiden.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.witt-weiden.de fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net http://dq4irj27fs462.cloudfront.net;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-weiden.de/graphql cdn.wcc.witt-weiden.de cdn.witt.info/ images.ctfassets.net te.witt-weiden.de tp.witt-weiden.de wasp.witt-weiden.de wst.witt-weiden.de *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com;    style-src 'self' cdn.wcc.witt-weiden.de www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-weiden.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.witt-weiden.de *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-weiden.de cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.witt-weiden.de;    worker-src 'self' cdn.wcc.witt-weiden.de blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src  'self' *.cntaiping.com *.baidu.com *.map.baidu.com *.bdimg.com hq.sinajs.cn res.wx.qq.com pv.sohu.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; script-src * 'unsafe-inline' 'self' 'unsafe-eval' blob:; object-src data: 'self'; base-uri 'self'; connect-src 'self' https://* * data: 'unsafe-inline'; img-src * data: blob: 'self' 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; child-src blob: 'self'; worker-src blob: 'self'; frame-ancestors 'self' https://*.contentful.com https://*.salesforce.com https://*.force.com https://*.segment.com https://*.appboycdn.com https://*.algolia.io https://*.cookieinformation.com https://*.typeform.com https://*.youtube.com https://*.vimeo.com 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org  www.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com px.ads.linkedin.com p.adsymptotic.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://ws.zoominfo.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com www.youtube-nocookie.com ;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com privacyportal-eu.onetrust.com ds-onetrust.securitas.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  ws.zoominfo.com;frame-ancestors 'none' 1
frame-ancestors 'self' https://admin1.sitespect.com; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://hilfe.fahrrad.de https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'self' www.dus.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: static.ixiaochuan.cn static2-youxi.a.88cdn.com; 1
default-src 'self';font-src 'self' data: fonts.gstatic.com *.fonts.net *.google.com *.giosg.com *.giosgusercontent.com https://netdna.bootstrapcdn.com https://static.aim.front.ai https://giosg-chat-public-eu.s3.amazonaws.com;img-src 'self' data: *.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com *.google.com *.mdgms.com http://*.mdgms.com *.giosgusercontent.com *.google.fi boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com *.googletagmanager.com *.usercentrics.eu *.s-cloud.fi *.front.ai www-fim.factsetdigitalsolutions.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: platform.twitter.com *.googleapis.com *.gstatic.com *.google.com *.s-cloud.fi *.front.ai *.visualwebsiteoptimizer.com *.giosg.com *.crazyegg.com *.boost.ai *.boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com *.youtube.com http://*.google.com *.doubleclick.net https://cdnjs.cloudflare.com *.mdgms.com http://*.mdgms.com *.giosgusercontent.com  https://netdna.bootstrapcdn.com https://code.jquery.com *.factsetdigitalsolutions.com *.usercentrics.eu;style-src 'self' 'unsafe-inline' fonts.googleapis.com dl.episerver.net *.twitter.com *.fonts.net *.front.ai *.giosg.com *.google.com *.visualwebsiteoptimizer.com *.doubleclick.net https://netdna.bootstrapcdn.com;frame-src 'self' platform.twitter.com *.twitter.com *.youtube.com player.vimeo.com *.google.com *.giosgusercontent.com *.facebook.com *.linkedin.com *.visualwebsiteoptimizer.com *.doubleclick.net *.usercentrics.eu https://service.giosg.com/;media-src 'self' *.youtube.com *.google.com *.visualwebsiteoptimizer.com *.doubleclick.net *.mdgms.com http://*.mdgms.com;connect-src 'self' *.s-cloud.fi *.front.ai *.giosg.com fast.fonts.net *.boost.ai *.visualwebsiteoptimizer.com *.crazyegg.com boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com *.youtube.com *.google.com *.mdgms.com http://*.mdgms.com *.doubleclick.net *.giosgusercontent.com *.factsetdigitalsolutions.com *.usercentrics.eu  *.googleapis.com;object-src 'none'; 1
font-src 'self' s3.mds.yandex.net masterpiecer-frontend-web.s3.yandex.net;style-src 'self' s3.mds.yandex.net masterpiecer-frontend-web.s3.yandex.net;img-src 'self'  mc.yandex.ru cdn.shedevrum.ai masterpiecer-cropped-images.s3.yandex.net avatars.mds.yandex.net s3.mds.yandex.net masterpiecer-frontend-web.s3.yandex.net masterpiecer-images-testing.s3.mds.yandex.net masterpiecer-images-testing.s3.yandex.net masterpiecer-images.s3.yandex.net yastatic.net masterpiecer-images.s3.mds.yandex.net shedevrum.ai shedevrum.kz sso.passport.yandex.ru sso.passport.yandex.kz;script-src 'self' 'nonce-7f32018e27117ee54e4519a96e8cdf92' yastatic.net s3.mds.yandex.net masterpiecer-frontend-web.s3.yandex.net mc.yandex.ru sso.shedevrum.ai sso.shedevrum.kz ;default-src 'none';connect-src 'self' masterpiecer.yandex.ru yandex.ru mc.yandex.ru sso.shedevrum.ai sso.shedevrum.kz ;media-src yastatic.net masterpiecer-frontend-web.s3.yandex.net masterpiecer-videos-testing.s3.mds.yandex.net masterpiecer-videos-testing.s3.yandex.net masterpiecer-videos.s3.yandex.net;report-uri https://csp.yandex.net/csp?project=yy&from=yy;frame-src 'self' sso.shedevrum.ai sso.shedevrum.kz sso.passport.yandex.ru sso.passport.yandex.kz 1
connect-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.browser-intake-datadoghq.com *.cludo.com *.cookielaw.org *.onetrust.com *.onetrust.io *.optimizely.com https://adservice.google.com/pagead/ https://api.iconify.design/ https://api.simplesvg.com/ https://api.unisvg.com/ https://browser-intake-datadoghq.com/* https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn.linkedin.oribi.io https://dpm.demdex.net https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://px.ads.linkedin.com/wa/ https://surfly-us.com https://tags.srv.stackadapt.com/ https://verify.avantisinvestors.com https://verifytest.avantisinvestors.com/api/v1/authn https://verifytest.avantisinvestors.com/api/v1/authn/recovery/password https://www.google.com/pagead/ play.vidyard.com; default-src 'self' *.americancentury.com *.avantisinvestors.com; font-src 'self' *.americancentury.com https://1.www.s81c.com/common/carbon/plex/fonts/* https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/* ok1static.oktacdn.com; frame-src *.americancentury.com *.optimizely.com americancentury.demdex.net fecdn.user1st.info https://9141790.fls.doubleclick.net https://activitymap.adobe.com https://d6tizftlrpuof.cloudfront.net https://play.vidyard.com https://surfly-us.com https://td.doubleclick.net tpc.googlesyndication.com; img-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.cloudinary.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.linkedin.com *.usabilla.com *.vidyard.com a.idio.co data: dpm.demdex.net https://ad.doubleclick.net https://cm.everesttech.net https://d6tizftlrpuof.cloudfront.net https://event.mrtnsvr.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://image6.pubmatic.com https://p.adsymptotic.com https://pixel.tapad.com https://ssl.google-analytics.com https://www.avantisinvestors.com https://www.facebook.com https://www.google.com/pagead/1p-user-list/ stats.g.doubleclick.net; prefetch-src play.vidyard.com; script-src 'self' 'unsafe-inline' *.americancentury.com *.brightedge.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.jquery.com *.onetrust.com *.onetrust.io *.usabilla.com *.vidyard.com ajax.cloudflare.com cdn.optimizely.com fecdn.user1st.info https://activitymap.adobe.com/sc15/activitymap/ https://ajax.googleapis.com https://assets.adobedtm.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn3.optimizely.com/js/geo4.js https://connect.facebook.net https://d6tizftlrpuof.cloudfront.net/live/scripts/campaign-include/ https://gateway.answerscloud.com/americancentury/production/gateway.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://ok1static.oktacdn.com https://optimizely.s3.amazonaws.com https://snap.licdn.com https://surfly-us.com https://tags.srv.stackadapt.com https://tpc.googlesyndication.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.googletagmanager.com js.idio.co pi.pardot.com ssl.google-analytics.com static.cloudflareinsights.com www3.financialtrans.com; style-src 'self' 'unsafe-inline' *.americancentury.com *.bc0a.com *.cludo.com ajax.googleapis.com https://fonts.googleapis.com https://gateway.answerscloud.com https://gateway.foresee.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://tags.srv.stackadapt.com https://www3.financialtrans.com ok1static.oktacdn.com; worker-src *.americancentury.com blob:; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-63ed0f404dc6729df45c764c53a23c49' 'nonce-d6b928fba870f85bf46c7a3f44299e2f' 'nonce-17a9d35b1c9704c53a9043bf5477c602' 'nonce-d6696b23fe6bf6d4c9b083608e9ac380' 'nonce-a12f77aaa5533dbca4a0ca077b053e73' 'nonce-49df8d87a1f66087c5e6004c3e9103cd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-63ed0f404dc6729df45c764c53a23c49' 'nonce-d6b928fba870f85bf46c7a3f44299e2f' 'nonce-17a9d35b1c9704c53a9043bf5477c602' 'nonce-d6696b23fe6bf6d4c9b083608e9ac380' 'nonce-a12f77aaa5533dbca4a0ca077b053e73' 'nonce-49df8d87a1f66087c5e6004c3e9103cd' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com/pagead/; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr/ *.dkms.de; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com/tr/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://www.facebook.com/ https://td.doubleclick.net/; object-src 'none'; form-action 'self' https://www.facebook.com/tr/; 1
default-src 'self' https://*.bistro.sk ;script-src 'self' https://*.bistro.sk  https://bistro.daktela.com https://tagmanager.google.com https://*.googletagmanager.com https://*.googlesyndication.com 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://*.facebook.com https://*.facebook.net https://*.hotjar.com https://js-agent.newrelic.com *.nr-data.net 'unsafe-inline' https://www.gstatic.com https://pay.google.com blob:;object-src 'none';base-uri 'self';style-src 'self' https://*.bistro.sk  data: 'unsafe-inline' https://*.hotjar.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google-analytics.com;img-src 'self' https://*.bistro.sk  data: https://platform-lookaside.fbsbx.com https://www.facebook.com https://*.fbcdn.net https://*.aimg.sk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.sk https://*.google.nl https://*.google.at https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://*.hotjar.com;frame-src 'self' https://*.bistro.sk  https://bid.g.doubleclick.net https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://www.facebook.com https://www.loom.com https://pay.google.com;connect-src 'self' https://*.bistro.sk  https://rest.bistro.sk wss://eventsub.bistro.sk/ws *.nr-data.net  https://bistro.daktela.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.sk https://*.google.nl https://*.googlesyndication.com https://maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://www.loom.com https://google.com;font-src 'self' https://*.bistro.sk  https://*.hotjar.com https://fonts.gstatic.com data: 1
default-src 'self' 'unsafe-inline' blob:;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudfare.com i.icomoon.io maps.googleapis.com www.google-analytics.com www.googletagmanager.com mktdplp102cdn.azureedge.net www.gstatic.com places.googleapis.com rum-static.pingdom.net chimpstatic.com downloads.mailchimp.com mc.us9.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com i.icomoon.io downloads.mailchimp.com;img-src 'self' data: maps.googleapis.com maps.gstatic.com images.unsplash.com http://placeimg.com www.google-analytics.com;media-src 'self' www.youtube.com youtube.com;font-src 'self' fonts.gstatic.com;frame-src * youtube.com www.youtube.com;frame-ancestors 'self' youtube.com www.youtube.com;connect-src 'self' i.icomoon.io maps.googleapis.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net www.gstatic.com places.googleapis.com *.svc.dynamics.com rum-static.pingdom.net rum-collector-2.pingdom.net;form-action 'self' accounts.google.com; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self' *.finma.ch tag.myaspectra.ch fast.fonts.net fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tag.myaspectra.ch fast.fonts.net *.twitter.com *.twimg.com *.google.com *.gstatic.com https://insights.finma.ch; img-src 'self' data: tag.myaspectra.ch *.twitter.com *.twimg.com https://insights.finma.ch; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com *.twitter.com *.twimg.com; child-src 'self' *.refline.ch register.finma.ch portal.finma.ch; frame-src 'self' *.gstatic.com www.google.com *.refline.ch register.finma.ch portal.finma.ch *.vimeo.com jobs.finma.ch *.twitter.com *.twimg.com event.finma.ch; frame-ancestors 'self'; connect-src 'self' https://insights.finma.ch; 1
frame-ancestors 'self; 1
default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 1
default-src 'self' 'unsafe-inline' https:; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: filesystem: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com 1
script-src 'self' 'unsafe-inline' http://gwhs.i.gov.ph https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.min.js https://cdn.datatables.net/v/dt/dt-1.13.1/b-2.3.3/b-colvis-2.3.3/fh-3.3.1/r-2.4.0/datatables.min.js https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; 1
upgrade-insecure-requests; frame-src https://www.facebook.com ; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'self'; default-src 'self'; font-src data: 'self' https://fonts.gstatic.com; script-src 'self' https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google-analytics.com https://*.cloudflare.com https://static.cloudflareinsights.com https://browser-update.org 'unsafe-inline' ; img-src 'self' 'unsafe-inline' https://*.tci-thaijo.org https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.th; style-src 'self' https://cdn.jsdelivr.net https://*.cloudflare.com 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://*.doubleclick.net https://cloudflareinsights.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://static.zdassets.com https://use.typekit.net https://widget.trustpilot.com https://tp.widget.bootstrap https://seal.digicert.com https://www.googletagmanager.com https://cc-cdn.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://collector-2009.tvsquared.com https://collector-11974.tvsquared.com https://static.tapfiliate.com https://c5.adalyser.com https://log.checkmyfile.com https://www.googleadservices.com https://www.redditstatic.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' https://cdn-cookieyes.com https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://v2assets.zopim.io https://region1.google-analytics.com https://region1.analytics.google.com https://cdn.checkmyfile.com https://checkmyfile.s3-eu-west-1.amazonaws.com https://checkmyfile.s3.amazonaws.com https://seal.digicert.com https://p.typekit.net https://api.mapbox.com https://*.tile.openstreetmap.org https://cracdn.s3-eu-west-1.amazonaws.com https://collector-2009.tvsquared.com https://collector-11974.tvsquared.com https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://c5.adalyser.com https://i.ytimg.com https://log.checkmyfile.com https://*.online-metrix.net https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://alb.reddit.com https://tags.srv.stackadapt.com https://www.facebook.com https://connect.facebook.net https://fonts.googleapis.com https://cc-cdn.com; frame-src https:; connect-src 'self' https://cdn-cookieyes.com https://log.cookieyes.com/ https://directory.cookieyes.com https://tags.srv.stackadapt.com wss://widget-mediator.zopim.com https://checkmyfile.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://region1.google-analytics.com https://region1.analytics.google.com https://api.craftyclicks.co.uk https://data.police.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://frstre.com https://log.checkmyfile.com ws://127.0.0.1:* https://tapi.tapfiliate.com; frame-ancestors https://*.creditreporting.co.uk https://*.checkmyfile.com; worker-src blob:; media-src 'self' https://static.zdassets.com; 1
frame-ancestors 'self' *.fundacionmapfre.org; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-bmnUzoTwGMD9r9iAUBqr' 'nonce-NvpDz81X/0fRBJZ9fH1S' 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' *.ecashsoftware.com *.vergentlms.com; img-src * data: 'unsafe-inline' ; frame-src *; connect-src *; 1
frame-ancestors 'self' *.staubli.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://play.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://acsbapp.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://devo734.outgrow.us https://js.hs-scripts.com https://dyv6f9ner1ir9.cloudfront.net https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.hsforms.net https://view.ceros.com https://www.googleadservices.com https://cdn.mouseflow.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://tag.demandbase.com https://ws.zoominfo.com https://j.6sc.co https://cdn.pdst.fm https://jobs.jobvite.com https://js.hubspot.com https://optimize.google.com https://www.googleoptimize.com https://yoast.com https://my.yoast.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.gartner.com https://optimize.google.com https://www.googleoptimize.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://track.hubspot.com https://play.vidyard.com https://cdn.vidyard.com https://reviews.static.gartner.com https://forms.hsforms.com https://forms-na1.hsforms.com https://sidebar.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.facebook.com https://id.rlcdn.com https://b.6sc.co https://t.co https://segments.company-target.com https://connect.facebook.net https://cdn.acsbapp.com https://www.linkedin.com https://perf-na1.hsforms.com https://optimize.google.com https://ps.w.org https://ad.doubleclick.net https://via.placeholder.com https://cta-service-cms2.hubspot.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://js.hs-banner.com https://cdn.acsbapp.com https://forms.hubspot.com https://sessions.bugsnag.com https://notify.bugsnag.com https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://n2.mouseflow.com https://cdn.linkedin.oribi.io https://ipv6.6sc.co https://api.company-target.com https://tag-logger.demandbase.com https://us-central1-adaptive-growth.cloudfunctions.net https://secure.adnxs.com https://ws.zoominfo.com https://c.6sc.co https://segments.company-target.com https://cta-service-cms2.hubspot.com https://pagead2.googlesyndication.com https://my.yoast.com https://acsbapp.com https://px.ads.linkedin.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://www.gartner.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' ; frame-src 'self' https://devo734.outgrow.us https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://view.ceros.com data: blob: https://cdn.vidyard.com https://playlist.megaphone.fm https://forms.hsforms.com https://11605080.fls.doubleclick.net https://s.company-target.com https://www.facebook.com https://jobs.jobvite.com https://cta-service-cms2.hubspot.com https://3911167.hs-sites.com https://optimize.google.com https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ www.googletagmanager.com; child-src 'self' blob: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-EgV9iLE1O+nP1hyVDqJq9WgELbE0Yq' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' https://manage.securityinfowatch.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https://seattleschools.org https://adamses.seattleschools.org https://addamsms.seattleschools.org https://alkies.seattleschools.org https://arborheightses.seattleschools.org https://bagleyes.seattleschools.org https://ballardhs.seattleschools.org https://baldwines.seattleschools.org https://beaconhilles.seattleschools.org https://blainek8.seattleschools.org https://borenstemk8.seattleschools.org https://broadviewk8.seattleschools.org https://bryantes.seattleschools.org https://cascadiaes.seattleschools.org https://cedarparkes.seattleschools.org https://centerhs.seattleschools.org https://chiefsealthhs.seattleschools.org https://clevelandhs.seattleschools.org https://coees.seattleschools.org https://concordes.seattleschools.org https://cppp.seattleschools.org https://dayes.seattleschools.org https://dearbornes.seattleschools.org https://decatures.seattleschools.org https://dennyms.seattleschools.org https://dunlapes.seattleschools.org https://eaglestaffms.seattleschools.org https://ecksteinms.seattleschools.org https://emersones.seattleschools.org https://fairmountparkes.seattleschools.org https://franklinhs.seattleschools.org https://garfieldhs.seattleschools.org https://gatewoodes.seattleschools.org https://gatzertes.seattleschools.org https://geneseehilles.seattleschools.org https://grahamhilles.seattleschools.org https://greenlakees.seattleschools.org https://greenwoodes.seattleschools.org https://halehs.seattleschools.org https://hamiltonms.seattleschools.org https://hawthornees.seattleschools.org https://hayes.seattleschools.org https://hazelwolfk8.seattleschools.org https://highlandparkes.seattleschools.org https://ingrahamhs.seattleschools.org https://interagency.seattleschools.org https://kimballes.seattleschools.org https://kinges.seattleschools.org https://kurosems.seattleschools.org https://lafayettees.seattleschools.org https://laurelhurstes.seattleschools.org https://lawtones.seattleschools.org https://leschies.seattleschools.org https://lictonspringsk8.seattleschools.org https://lincolnhs.seattleschools.org https://lowelles.seattleschools.org https://loyalheightses.seattleschools.org https://lukees.seattleschools.org https://madisonms.seattleschools.org https://madronaes.seattleschools.org https://magnoliaes.seattleschools.org https://maplees.seattleschools.org https://marshalles.seattleschools.org https://mcclurems.seattleschools.org https://mcdonaldes.seattleschools.org https://mcgilvraes.seattleschools.org https://meanyms.seattleschools.org https://mercerms.seattleschools.org https://middlecollegehs.seattleschools.org https://montlakees.seattleschools.org https://muires.seattleschools.org https://northbeaches.seattleschools.org https://northgatees.seattleschools.org https://novahs.seattleschools.org https://olympichillses.seattleschools.org https://olympicviewes.seattleschools.org https://orcak8.seattleschools.org https://pathfinderk8.seattleschools.org https://queenannees.seattleschools.org https://rainierbeachhs.seattleschools.org https://rainierviewes.seattleschools.org https://risingstares.seattleschools.org https://rogerses.seattleschools.org https://roosevelths.seattleschools.org https://roxhilles.seattleschools.org https://sacajaweaes.seattleschools.org https://salmonbayk8.seattleschools.org https://sandpointes.seattleschools.org https://sanisloes.seattleschools.org https://skillscenter.seattleschools.org https://southshorek8.seattleschools.org https://stanfordes.seattleschools.org https://stevenses.seattleschools.org https://sugiyamahs.seattleschools.org https://southlakehs.seattleschools.org https://sws.seattleschools.org https://thorntoncreekes.seattleschools.org https://topsk8.seattleschools.org https://viewlandses.seattleschools.org https://viewridgees.seattleschools.org https://washingtonms.seattleschools.org https://wedgwoodes.seattleschools.org https://westseattlees.seattleschools.org https://westseattlehs.seattleschools.org https://westwoodlandes.seattleschools.org https://whitmanms.seattleschools.org https://whittieres.seattleschools.org https://www.seattleschools.org https://*.seattleschools.org https://cdn.jsdelivr.net https://*.gstatic.com https://www.googletagmanager.com https://*.google.com https://translate.google.com https://*.googleapis.com https://*.k12insight.com https://*.peachjar.com https://*.google-analytics.com https://*.global.siteimproveanalytics.io https://*.siteimproveanalytics.com https://siteimproveanalytics.com https://*.newrelic.com https://*.gravatar.com https://*.nr-data.net https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; frame-ancestors 'self'; 1
default-src 'self' ; style-src https: 'unsafe-inline'; script-src https://*.ispserver.com/ https://ispserver.ru/ https://ispserver.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.ispserver.ru/ https://my.ispserver.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline';	img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://*.chathost.ru/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/; frame-src 'self' https://www.google.com/; font-src 'self' https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'self'; frame-ancestors 'self' https://metrika.yandex.ru; 1
frame-ancestors https://*.ryobitools.eu https://*.roboyagi.com 1
default-src 'self' data: ws: wss: blob: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.cvs.com:* *.caremark.com rxhealthalerts.com *.rxhealthalerts.com *.caremark.com:* cvshealth.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.cvscaremark.com:* *.foresee.com *.flippenterprise.net *.monetate.net *.go-mpulse.net *.bing.com *.virtualearth.net *.demdex.net healthlibrary.epnet.com druginfo.goldstandard.com *.akstat.io *.akamaihd.net *.everesttech.net *.bootstrapcdn.com *.distilnetworks.com cdnjs.com *.cloudflare.com *.vantivprelive.com *.jquery.com *.4seeresults.com *.webtrendslive.com *.youtube.com *.fontawesome.com *.tiqcdn.com *.adobe.com *.fepblue.org *.fepblue.org:* *.aetna.com *.aetna.com:* *.qualtrics.com *.googletagmanager.com *.quantummetric.com widget.medsoncue.com *.lpsnmedia.net lpsnmedia.net liveperson.com liveperson.net *.liveperson.net *.liveper.sn liveper.sn liveengage.net liveengage.com *.liveengage.net *.liveengage.com *.na2.echosign.com *.doubleclick.net *.kampyle.com *.medallia.com cvshealth.tfaforms.net *.cvshealth.tfaforms.net munchkin.marketo.net *.munchkin.marketo.net triggeredmail.appspot.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.appdynamics.com *.eum-appdynamics.com *.cdn.appdynamics.com *.mktoresp.com *.tt.omtrdc.net; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.caremark.com cvshealth.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.tiqcdn.com *.foresee.com *.monetate.net *.groupbycloud.com *.go-mpulse.net *.bazaarvoice.com *.bing.com *.lightboxcdn.com *.jsdelivr.com *.jquery.com *.virtualearth.net healthlibrary.epnet.com druginfo.goldstandard.com cdnjs.com *.cloudflare.com *.fontawesome.com *.adobe.com *.bootstrapcdn.com *.vantivprelive.com *.demdex.net *.webtrendslive.com *.fepblue.org *.fepblue.org:* *.aetna.com *.aetna.com:* *.qualtrics.com *.quantummetric.com *.lpsnmedia.net lpsnmedia.net liveperson.com liveperson.net *.liveperson.net *.liveper.sn liveper.sn liveengage.net liveengage.com *.liveengage.net *.liveengage.com *.googletagmanager.com rxhealthalerts.com *.rxhealthalerts.com *.kampyle.com *.medallia.com cvshealth.tfaforms.net *.cvshealth.tfaforms.net munchkin.marketo.net *.munchkin.marketo.net triggeredmail.appspot.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.appdynamics.com *.eum-appdynamics.com *.cdn.appdynamics.com *.eprotect.vantivcnp.com; worker-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.caremark.com cvshealth.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.tiqcdn.com *.foresee.com *.monetate.net *.groupbycloud.com *.go-mpulse.net *.bazaarvoice.com *.bing.com *.lightboxcdn.com *.jsdelivr.com *.jquery.com *.virtualearth.net healthlibrary.epnet.com druginfo.goldstandard.com cdnjs.com *.cloudflare.com *.fontawesome.com *.adobe.com *.bootstrapcdn.com *.vantivprelive.com *.demdex.net *.webtrendslive.com *.fepblue.org *.fepblue.org:* *.aetna.com *.aetna.com:* *.qualtrics.com *.quantummetric.com *.googletagmanager.com *.lpsnmedia.net lpsnmedia.net liveperson.com liveperson.net *.liveperson.net *.liveper.sn liveper.sn liveengage.net liveengage.com *.liveengage.net *.liveengage.com rxhealthalerts.com *.rxhealthalerts.com; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cvs.com:* *.caremark.com:* *.cvs.com *.caremark.com cvshealth.com *.cvshealth.com *.cvsspecialty.com *.cvscaremark.com *.tiqcdn.com *.foresee.com *.monetate.net *.groupbycloud.com *.go-mpulse.net *.bazaarvoice.com *.bing.com *.lightboxcdn.com *.jsdelivr.com *.jquery.com *.virtualearth.net healthlibrary.epnet.com druginfo.goldstandard.com cdnjs.com *.cloudflare.com *.bootstrapcdn.com *.vantivprelive.com *.demdex.net *.youtube.com *.fontawesome.com *.adobe.com *.doubleclick.net *.aetna.com *.quantummetric.com *.na2.echosign.com widget.medsoncue.com *.lpsnmedia.net lpsnmedia.net liveperson.com liveperson.net *.liveperson.net *.liveper.sn liveper.sn liveengage.net liveengage.com *.liveengage.net *.liveengage.com *.aetna.com:* rxhealthalerts.com *.rxhealthalerts.com *.kampyle.com *.medallia.com cvshealth.tfaforms.net *.cvshealth.tfaforms.net munchkin.marketo.net *.munchkin.marketo.net triggeredmail.appspot.com *.appdynamics.com *.eum-appdynamics.com *.cdn.appdynamics.com *.eprotect.vantivcnp.com *.adobesign.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;connect-src 'self' https: wss: blob:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 1
default-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io https://*.myip.vc https://myip.vc http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com https://stonks.widgetbot.io 'unsafe-inline'; style-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://*.widgetbot.io https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://*.widgetbot.io https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://*.maxcdn.com https://discord.com https://widgetbot.io 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.widgetbot.io https://*.maxcdn.com https://discord.com https://widgetbot.io https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com; img-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://i.imgur.com https://ipfs.io https://cloudflare-ipfs.com https://widget.trustpilot.com https://trustpilot.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com; media-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://youtube.com https://vimeo.com https://i.imgur.com https://ipfs.io https://cloudflare-ipfs.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net   https://*.hsforms.net   https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://js.usemessages.com   https://*.vidyard.com https://js.hscollectedforms.net   https://*.hubspotusercontentxx.net https://*.hubspot.com http://cdn2.hubspot.net https://static.zdassets.com https://connect.facebook.net https://www.clarity.ms https://www.googletagmanager.com https://code.jquery.com https://www.google-analytics.com https://phonetrack-static.s3.sa-east-1.amazonaws.com https://www.googleadservices.com https://s3-sa-east-1.amazonaws.com https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://v2.zopim.com https://static.suiteshare.com https://static.hotjar.com https://ajax.googleapis.com http://www.googletagmanager.com *.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com https://script.hotjar.com; object-src 'self' 1
report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.lt&showid=1705981512211663-14944269464343167398-balancer-l7leveler-kubr-yp-sas-12-BAL-2987&h=stable-portal-mordago-86.vla.yp-c.yandex.net&yandexuid=3431673981705981512&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.lt yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.lt;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.lt favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.lt mc.yandex.ru;script-src 'nonce-dk71K3stT9PGkllemTXMHw==' mc.yandex.com yastatic.net yandex.lt mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.lt;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.lt mc.yandex.ru mc.yandex.md mc.yandex.lt *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
frame-ancestors 'self' *.academieminerva.nl academieminerva.nl 1
default-src https:; script-src-elem 'self' https://ramboll.containers.piwik.pro 'unsafe-inline' *.googletagmanager.com https://js.hubspot.com/web-interactives-embed.js *.hubspot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://app.kontent.ai/js-api/custom-element/v1/custom-element.min.js https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://script.hotjar.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-banner.com/integrations.js https://js.hs-analytics.net/analytics/1678953600000/7520151.js https://js.hsleadflows.net/leadflows.js https://script.hotjar.com/modules.b58f4dbb50ff88fc1f15.js https://www.googleadservices.com/pagead/conversion/455101059/ https://www.googletagmanager.com/gtm.js; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-b382371c-f3f9-4ed1-982a-f3973061cc9d' https://*.googletagmanager.com https://ramboll.piwik.pro/ppms.js *.hubspot.com https://js.hubspot.com https://consent.cookiebot.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net blob: 'unsafe-eval' https://www.googletagmanager.com/gtm.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ramboll.containers.piwik.pro; connect-src 'self' https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://brandcentral.ramboll.com/ https://api.hubapi.com/forms/v2/forms https://*.googleapis.com *.google.com https://*.gstatic.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data: blob: https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/v1/ https://google.com https://www.microsoft.com/ *.hubspot.com https://js.hubspot.com https://newrelic.com https://*.ramboll.com/ https://www.hotjar.com/ https://soundcloud.com/ https://www.smartrecruiters.com/ https://video.ramboll.com/ https://internalvideo.ramboll.com/ https://www.facebook.com https://www.linkedin.com/ https://*.linkedin.com/ https://forms.hubspot.com/lead-flows-config/v1/config/json https://vc.hotjar.io/sessions/1206552 https://pagead2.googlesyndication.com/pagead/landing https://in.hotjar.com/api/v2/client/sites/1206552/visit-data https://customformsapi.rambolltest.com/documentartifact/Content; frame-src 'self' https://www.linkedin.com/ https://*.linkedin.com/ https://consentcdn.cookiebot.com https://brandcentral.ramboll.com/ *.google.com https://forms.hsforms.com/ https://*.ramboll.com/ https://w.soundcloud.com/ https://open.spotify.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://www.facebook.com/ https://*.hs-sites.com/; img-src 'self' https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.googletagmanager.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data:; media-src 'self' https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://ramboll.containers.piwik.pro; object-src none; block-all-mixed-content; worker-src blob:; frame-ancestors 'self' https://app.kontent.ai; base-uri self; 1
default-src 'self' *.cdata.com/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redditstatic.com/ *.googlesyndication.com/ *.hotjar.com/ j.6sc.co www.youtube.com/ *.plyr.io/ *.google.com/ *.google.co.jp/ *.facebook.net/ *.linkedin.com/ *.twitter.com/ *.stripe.com/ *.googleadservices.com/ *.authorize.net/ b.st-hatena.com/ cdn.jsdelivr.net/ *.calendly.com/ ajax.aspnetcdn.com/ versapay.transactiongateway.com/ code.jquery.com *.cloudflare.com/ *.bizible.com/ *.clickcease.com/ *.licdn.com/ *.doubleclick.net/ www.gstatic.com/ *.happyfoxchat.com/ www.google.com/ www.googletagmanager.com/ unpkg.com/ www.google-analytics.com/ *.bing.com/ *.cdata.com/ *.zdassets.com/ *.zoominfo.com/ *.clarity.ms/ *.clearbitscripts.com/ *.clearbitjs.com/ *.pardot.com/;     style-src 'self' 'unsafe-inline' www.googletagmanager.com/ fonts.googleapis.com/ *.plyr.io/ *.google.com/ cdn.jsdelivr.net/ *.calendly.com/ versapay.transactiongateway.com/;     font-src 'self' data: fonts.gstatic.com/;     img-src 'self' data: *.capterra.com/ *.reddit.com/ qiita-image-store.s3.amazonaws.com/ i.gyazo.com/ *.facebook.com/ *.calendly.com/ calendly.com/ *.6sc.co/ *.googleapis.com/ *.gstatic.com/ b.st-hatena.com/ *.twitter.com/ *.doubleclick.net/ *.windows.net/ *.bizibly.com/ *.bizible.com/ *.cdata.com/ *.linkedin.com/ www.google-analytics.com/ *.bing.com *.ytimg.com/ *.clarity.ms/ *.googletagmanager.com/ *.google.com/ *.google.ad/ *.google.ae/ *.google.com.af/ *.google.com.ag/ *.google.com.ai/ *.google.al/ *.google.am/ *.go/ *.ogle.co.ao/ *.google.com.ar/ *.google.as/ *.google.at/ *.google.com.au/ *.google.az/ *.google.ba/ *.google.com.bd/ *.google.be/ *.google.bf/ *.google.bg/ *.google.com.bh/ *.google.bi/ *.google.bj/ *.google.com.bn/ *.google.com.bo/ *.google.com.br/ *.google.bs/ *.google.bt/ *.google.co.bw/ *.google.by/ *.google.com.bz/ *.google.ca/ *.google.cd/ *.google.cf/ *.google.cg/ *.google.ch/ *.google.ci/ *.google.co.ck/ *.google.cl/ *.google.cm/ *.google.cn/ *.google.com.co/ *.google.co.cr/ *.google.com.cu/ *.google.cv/ *.google.com.cy/ *.google.cz/ *.google.de/ *.google.dj/ *.google.dk/ *.google.dm/ *.google.com.do/ *.google.dz/ *.google.com.ec/ *.google.ee/ *.google.com.eg/ *.google.es/ *.google.com.et/ *.google.fi/ *.google.com.fj/ *.google.fm/ *.google.fr/ *.google.ga/ *.google.ge/ *.google.gg/ *.google.com.gh/ *.google.com.gi/ *.google.gl/ *.google.gm/ *.google.gr/ *.google.com.gt/ *.google.gy/ *.google.com.hk/ *.google.hn/ *.google.hr/ *.google.ht/ *.google.hu/ *.google.co.id/ *.google.ie/ *.google.co.il/ *.google.im/ *.google.co.in/ *.google.iq/ *.google.is/ *.google.it/ *.google.je/ *.google.com.jm/ *.google.jo/ *.google.co.jp/ *.google.co.ke/ *.google.com.kh/ *.google.ki/ *.google.kg/ *.google.co.kr/ *.google.com.kw/ *.google.kz/ *.google.la/ *.google.com.lb/ *.google.li/ *.google.lk/ *.google.co.ls/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.com.ly/ *.google.co.ma/ *.google.md/ *.google.me/ *.google.mg/ *.google.mk/ *.google.ml/ *.google.com.mm/ *.google.mn/ *.google.ms/ *.google.com.mt/ *.google.mu/ *.google.mv/ *.google.mw/ *.google.com.mx/ *.google.com.my/ *.google.co.mz/ *.google.com.na/ *.google.com.ng/ *.google.com.ni/ *.google.ne/ *.google.nl/ *.google.no/ *.google.com.np/ *.google.nr/ *.google.nu/ *.google.co.nz/ *.google.com.om/ *.google.com.pa/ *.google.com.pe/ *.google.com.pg/ *.google.com.ph/ *.google.com.pk/ *.google.pl/ *.google.pn/ *.google.com.pr/ *.google.ps/ *.google.pt/ *.google.com.py/ *.google.com.qa/ *.google.ro/ *.google.ru/ *.google.rw/ *.google.com.sa/ *.google.com.sb/ *.google.sc/ *.google.se/ *.google.com.sg/ *.google.sh/ *.google.si/ *.google.sk/ *.google.com.sl/ *.google.sn/ *.google.so/ *.google.sm/ *.google.sr/ *.google.st/ *.google.com.sv/ *.google.td/ *.google.tg/ *.google.co.th/ *.google.com.tj/ *.google.tl/ *.google.tm/ *.google.tn/ *.google.to/ *.google.com.tr/ *.google.tt/ *.google.com.tw/ *.google.co.tz/ *.google.com.ua/ *.google.co.ug/ *.google.co.uk/ *.google.com.uy/ *.google.co.uz/ *.google.com.vc/ *.google.co.ve/ *.google.vg/ *.google.co.vi/ *.google.com.vn/ *.google.vu/ *.google.ws/ *.google.rs/ *.google.co.za/ *.google.co.zm/ *.google.co.zw/ *.google.cat/;     connect-src 'self' *.googlesyndication.com/ *.google.co.jp/ wss://ws.hotjar.com/ *.hotjar.com/ *.hotjar.io/ *.clickcease.com/ webto.salesforce.com/ secure.adnxs.com/ *.6sc.co/ ib.adnxs.com/ *.plyr.io/ https://noembed.com/ *.withgoogle.com/ *.authorize.net/ *.stripe.com/ versapay.transactiongateway.com/ *.linkedin.oribi.io/ https://happyfoxchat.com/ *.happyfoxchat.com/ www.google-analytics.com/ *.doubleclick.net/ *.google.com/ *.zdassets.com/ *.bing.com/ *.zoominfo.com/ *.clarity.ms/ *.clearbit.com/ *.ads.linkedin.com/;     frame-src 'self' *.doubleclick.net/ *.googlesyndication.com/ *.azurewebsites.net/ *.facebook.com/ https://jp.cdata.com *.slideshare.net/ speakerdeck.com/ *.zoom.us/ *.calendly.com/ calendly.com/ https://go.cdata.com www.youtube-nocookie.com/ *.google.com/ versapay.transactiongateway.com/ *.amazonaws.com/ *.facebook.net/ *.linkedin.com/ *.stripe.com/ *.twitter.com/ *.cdata.com/ *.happyfoxchat.com/ www.youtube.com www.google.com/ prod-cdata-us-api.azurewebsites.net/;      frame-ancestors 'self' cdata.com *.cdata.com *.clouddataos.com localhost:44302/ *.auth0.com/ https://cdata-connect-dev.us.auth0.com; 1
frame-src https://*.seniorweb.nl https://*.youtube.com https://*.thevideogram.com https://*.spotify.com https://*.vimeo.com https://*.tripolis.com;       frame-ancestors *.seniorweb.nl desktop.eu2.quandago.app chatapi.eu2.quandago.app seniorweb.crm4.dynamics.com seniorwebtest.crm4.dynamics.com *.axshare.com; 1
default-src 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://sentry.eddev.cf;script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;object-src 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;style-src data: https: 'self' 'unsafe-inline' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;connect-src https: data: 'self' wss://*.englishdom.com/chat-wss/ wss://*.englishdom.com/node-wss/ wss://*.zopim.com/ https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co wss://*.carrotquest.app wss://*.hotjar.com wss://*.livekit.cloud/;frame-src https: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;frame-ancestors 'self' https://www.englishdom.com/ http://webvisor.com https://webvisor.com https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;font-src https: data: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;img-src 'self' data: blob: * https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co;media-src data: 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://www.youtube.com https://audios.genial.ly;worker-src 'self' blob: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://sentry.eddev.cf 1
frame-ancestors *.johnmuirhealth.com 1
frame-ancestors feedback.usereport.com 1
upgrade-insecure-requests; object-src 'none';  1
default-src 'none'; script-src 'self' *.skandia.se *.skandiatest.se *.youtube.com *.msse.se *.cision.com *.d1.sc.omtrdc.net *.doubleclick.net *.episerver.net vimeo.com *.vimeo.com *.qbrick.com *.sessioncam.com *.abtasty.com *.usabilla.com  *.cloudfront.net 'unsafe-inline' 'unsafe-eval' data: blob: fra-col.eum-appdynamics.com; connect-src 'self' *.skandia.se secureskandiatest.se *.skandiatest.se *.abtasty.com *.sessioncam.com vimeo.com *.vimeo.com *.qbrick.com wss://notification.qbrick.com *.ip-only.net *.jobylon.com *.cision.com api.usabilla.com fra-col.eum-appdynamics.com;style-src 'self' 'unsafe-inline' *.skandia.se *.skandiatest.se *.abtasty.com *.cloudfront.net https://dl.episerver.net;img-src 'self' blob: *.vimeocdn.com *.qbrick.com *.ip-only.net *.skandia.se *.skandiatest.se skandiabanken.d1.sc.omtrdc.net *.usabilla.com *.ytimg.com *.sessioncam.com *.hemnet.se *.boneo.se *.abtasty.com *.amazonaws.com *.cloudfront.net https://dl.episerver.net data: fra-col.eum-appdynamics.com;media-src 'self' *.youtube.com *.vimeo.com *.qbrick.com *.ip-only.net blob: *.skandiatest.se *.skandianet.org *.skandia.se; worker-src blob: *.skandiatest.se *.skandianet.org *.skandia.se;frame-src 'self' *.msse.se *.youtube.com  *.qbrick.com  *.cloudfront.net *.skandia.se;frame-ancestors 'self';font-src 'self' blob: data: *.skandia.se *.skandiatest.se *.abtasty.com *.qbrick.com *.cloudfront.net https://dl.episerver.net;manifest-src *.skandia.se *.skandiatest.se;child-src fra-col.eum-appdynamics.com; 1
frame-ancestors https://*.omantel.om 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.xyz; img-src 'self' https: data: blob: https://mastodon.xyz; style-src 'self' https://mastodon.xyz 'nonce-oJVmyd7oGCWtTvy6PL8CRg=='; media-src 'self' https: data: https://mastodon.xyz; frame-src 'self' https:; manifest-src 'self' https://mastodon.xyz; form-action 'self'; child-src 'self' blob: https://mastodon.xyz; worker-src 'self' blob: https://mastodon.xyz; connect-src 'self' data: blob: https://mastodon.xyz https://6-28.mastodon.xyz wss://mastodon.xyz; script-src 'self' https://mastodon.xyz 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.toyota.ru https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' https://*.globe.gov; 1
base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'self'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com  https://www.google-analytics.com https://www.googleadservices.com https://cdnjs.cloudflare.com  https://stats.g.doubleclick.net https://translate.googleapis.com https://cdn.linkedin.oribi.io/partner/3939377/domain/www-preview.flightsafety.com/token https://ad.doubleclick.net https://pagead2.googlesyndication.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://translate.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googleadservices.com  https://googleads.g.doubleclick.net https://script.crazyegg.com https://www.google.com https://www.gstatic.com https://snap.licdn.com https://cdn.callrail.com https://translate-pa.googleapis.com https://code.getmdl.io/ https://tags.srv.stackadapt.com https://connect.facebook.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com http://9815470.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' data: https://www.gstatic.com https://www.google.com https://www.google-analytics.com/collect https://px.ads.linkedin.com https://p.adsymptotic.com https://cdn.cookielaw.org https://www.linkedin.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://www.facebook.com https://ad.doubleclick.net https://di.rlcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline'  https://code.getmdl.io https://fonts.googleapis.com https://translate.googleapis.com https://cdn.cookielaw.org https://translate.googleapis.com  https://www.googletagmanager.com https://translate-pa.googleapis.com https://www.gstatic.com https://tags.srv.stackadapt.com; 1
script-src 'self' *.google.de *.google.com *.doubleclick.net *.youtube.com schufa.de *.schufa.de code.jquery.com www.googletagmanager.com *.video-cdn.net *.etracker.de *.etracker.com app.usercentrics.eu *.licdn.com *.linkedin.com *.facebook.net *.ads-twitter.com t.co *.twitter.com *.facebook.com *.schufaonline.de *.usercentrics.eu *.friendlycaptcha.eu *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' blob:;                                                   style-src 'self' 'unsafe-inline' schufa.de karriere.schufa.de;                                                   default-src 'self' www.unternehmensverzeichnis.org *.video-cdn.net schufa.de *.schufa.de *.etracker.de *.licdn.com *.linkedin.com *.facebook.net *.ads-twitter.com t.co *.twitter.com *.facebook.com *.schufaonline.de *.usercentrics.eu netdna.bootstrapcdn.com *.friendlycaptcha.eu *.jsdelivr.net data:;                                                   frame-ancestors 'self' https://*.etracker.com https://*.etracker.de;                                                   frame-src *.youtube.com *.schufa.de *.schufaonline.de e.video-cdn.net *.meineschufa.de;                                                    img-src 'self' *.etracker.de *.google.de *.google.com schufa.de *.doubleclick.net *.usercentrics.eu *.licdn.com *.linkedin.com *.facebook.net *.schufaonline.de *.ads-twitter.com t.co *.twitter.com *.facebook.com *.video-cdn.net karriere.schufa.de data:;                                                   child-src blob:;                                                    object-src 'self' 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' lob.de *.lehmanns.de *.lehmanns.ch lehmannspro.de lehmannsbib.de *.socialnet.de; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.lehmanns.de *.lehmanns.ch *.googleapis.com *.google-analytics.com *.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com widgets.trustedshops.com 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://ask.hotjar.io https://bam.eu01.nr-data.net https://app2.push-api.pl https://vc.hotjar.io https://content.hotjar.io wss://*.hotjar.com https://csmetrics.hotjar.com https://in.hotjar.com https://bam.nr-data.net https://googleads.g.doubleclick.net https://fcm.googleapis.com/fcm/connect/subscribe https://adservice.google.com https://www.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com *.facebook.com connect.facebook.net https://stats.g.doubleclick.net https://ruch-osm.sysadvisors.pl https://*.easypack24.net https://osm.inpost.pl https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://app.push-ad.com https://api2.push-ad.com https://nominatim.openstreetmap.org ;img-src 'self' https://vobis.pl http://vobis.pl https://gum.criteo.com https://sslwidget.criteo.com https://dis.criteo.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn-app.push-ad.com https://app.revhunter.tech https://sigmabismedia.pl https://www.google.pl https://ade.googlesyndication.com https://www.google.com https://www.google-analytics.com https://region1.google-analytics.com *.facebook.com *.facebook.net *.fbcdn.net https://ruch-osm.sysadvisors.pl https://osm.inpost.pl https://geowidget.easypack24.net https://*.openstreetmap.org https://static.przelewy24.pl https://www.gstatic.com data:; script-src 'self' https://www.googletagmanager.com https://region1.google-analytics.com https://sigmabismedia.pl https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.googleadservices.com https://script.hotjar.com https://static.hotjar.com https://bam.nr-data.net https://region1.analytics.google.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js bam.eu01.nr-data.net https://js-agent.newrelic.com https://www.gstatic.com https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net https://dynamic.criteo.com https://sslwidget.criteo.com https://app.push-ad.com https://*.openstreetmap.org https://pay.google.com https://geowidget.inpost.pl/inpost-geowidget.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://ruch-osm.sysadvisors.pl https://app.push-ad.com https://api2.push-ad.com https://geowidget.easypack24.net https://geowidget.inpost.pl/inpost-geowidget.css 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://10815279.fls.doubleclick.net https://vars.hotjar.com https://pay.google.com https://gum.criteo.com https://www.youtube.com https://www.google.com https://geowidget-app.inpost.pl; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://geowidget.easypack24.net 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ohai.social; img-src 'self' https: data: blob: https://ohai.social; style-src 'self' https://ohai.social 'nonce-43mmzEOUTX8F/99omQ3xVA=='; media-src 'self' https: data: https://ohai.social; frame-src 'self' https:; manifest-src 'self' https://ohai.social; form-action 'self'; child-src 'self' blob: https://ohai.social; worker-src 'self' blob: https://ohai.social; connect-src 'self' data: blob: https://ohai.social https://files.ohai.social wss://ohai.social; script-src 'self' https://ohai.social 'wasm-unsafe-eval' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/nearby-team 1
report-uri https://consumer-travel.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-19ba2d0ad26da52c016538b798f36c28' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com; script-src 'nonce-19ba2d0ad26da52c016538b798f36c28' 'nonce-56af12bf-ebf1-4f3e-b3e9-617311ed262a' c.evidon.com 'self' *.aexp.com *.americanexpress.com *.aexp-static.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com assets.adobedtm.com service.maxymiser.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com; img-src data: c.evidon.com 'self' *.aexp.com *.americanexpress.com *.aexp-static.com omn.americanexpress.com amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad2.adfarm1.adition.com ad4.adfarm1.adition.com p.adbrn.com 20743471p.rfihub.com 20795861p.rfihub.com aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com s.amazon-adsystem.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sandbox.dev.clover.com/v2/image/ sslwidget.criteo.com widget.criteo.com www.facebook.com cnt.fout.jp www.googleadservices.com/pagead/conversion/ googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net media.iceportal.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ urldefense.proofpoint.com pubads.g.doubleclick.net s1933033461.t.eloqua.com prf.hn farm.plista.com *.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com image.resy.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ *.flashtalking.com pt.ispot.tv rs.gwallet.com *.cloudfront.net/receipts/assets/ *.cloudfront.net/assets/sqmarket/ api.tiles.mapbox.com/ s.mzstatic.com/email/images_shared/ t.teads.tv affleads.latamtracking.com *.finn.ai/images/product-recommender/ events.bouncex.net pixel.newscred.com www.google-analytics.com track.adform.net *.doublemax.net *.microsoft.com pixel.sojern.com jadserve.postrelease.com p.adsymptotic.com px.ladsp.com tg.socdm.com tr.line.me atm.im-apps.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn images.trvl-media.com insight.adsrvr.org maps.googleapis.com maps.gstatic.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com *.americanexpress.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com lxp-qatemp-api.lxp.iseatz.org lxp-demotemp-api.lxp.iseatz.org maps.googleapis.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src *.aexp-static.com *.americanexpress.com aexp.demdex.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net; font-src *.aexp-static.com fonts.gstatic.com; media-src s2.content.video.llnw.net production.smedia.lvp.llnw.net *.aexp-static.com *.aexp.com 1
frame-ancestors 'self' https://*.maxicours.com; 1
default-src 'self' platform.twitter.com syndication.twitter.com youtube.com www.youtube.com *.genial.ly static.addtoany.com https://www.google.com/  https://app.powerbi.com; script-src 'self' 'unsafe-inline' static.addtoany.com cdn.syndication.twimg.com cdn.jsdelivr.net platform.twitter.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.twimg.com netdna.bootstrapcdn.com platform.twitter.com; img-src 'self' 'unsafe-inline' platform.twitter.com syndication.twitter.com *.twimg.com data:  www.google-analytics.com ; frame-src 'self' platform.twitter.com syndication.twitter.com www.google.com www.youtube.com static.addtoany.com *.genial.ly  https://app.powerbi.com; child-src 'self' platform.twitter.com www.google.com  www.youtube.com static.addtoany.com *.genial.ly; font-src 'self' cdn.jsdelivr.net netdna.bootstrapcdn.com fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' www.google-analytics.com www.idae.es; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com *.doubleclick.net assets.adobedtm.com www.googletagmanager.com app-script.monsido.com forms.cwp.gov.sg cse.google.com clients1.google.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net *.facebook.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org va.ecitizen.gov.sg assets.wogaa.sg https://*.dcube.cloud *.google.com.sg *.googleadservices.com *.vica.gov.sg https://analytics.google.com/; style-src 'self' 'unsafe-inline' assets.wogaa.sg https://assets.dcube.cloud/fonts/ *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.vica.gov.sg www.googletagmanager.com; font-src  'self' data: assets.wogaa.sg https://assets.dcube.cloud/fonts/ va.ecitizen.gov.sg s3-us-west-2.amazonaws.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.vica.gov.sg; img-src 'self' *.doubleclick.net https://px.ads.linkedin.com https://tracking.monsido.com *.vica.gov.sg wogadobeanalytics.sc.omtrdc.net *.adsymptotic.com https://cm.everesttech.net/ https://dpm.demdex.net/ forms.cwp.gov.sg data: www.google.com www.google.com.sg clients1.google.com va.ecitizen.gov.sg *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com *.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com blob: *.eloqua.com *.googleadservices.com https://analytics.google.com/ www.googletagmanager.com; media-src 'self' data: blob:; frame-src 'self' https://*.demdex.net/ *.facebook.com forms.cwp.gov.sg www.youtube.com *.onemap.sg *.onemap.gov.sg cse.google.com *.doubleclick.net online.pubhtml5.com *.google.com *.gstatic.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com *.facebook.com web.facebook.com badge.stumbleupon.com https://forms.cwp.gov.sg; connect-src 'self' *.facebook.com *.doubleclick.net snowplow-sentiments.wogaa.sg api.sentiments.wogaa.sg dpm.demdex.net snowplow-web.wogaa.sg https://*.dcube.cloud va.ecitizen.gov.sg accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.vica.gov.sg wss://chat.vica.gov.sg/ https://analytics.google.com/; 1
frame-ancestors 'self' https://counseling.decorte.com 1
default-src 'self'; script-src 'nonce-5D00A07281A2B604AFAE3B3CDA8EA227' 'sha256-HnqcJKdXH/Sl216fo05VaniEJ1icgxbI07COWTMEo18=' 'self' https://acsbapp.com/ http://tools.euroland.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d3e54v103j8qbb.cloudfront.net/ https://tools.euroland.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.gstatic.com/ https://cc.cdn.civiccomputing.com/ https://player.vimeo.com https://www.googletagmanager.com/ https://www.google.com/; font-src 'self' data: https://acsbapp.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; connect-src 'self' *.google-analytics.com *.webflow.com *.acsbapp.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://clapi.civiccomputing.com/ https://pagead2.googlesyndication.com/ https://apikeys.civiccomputing.com/ https://www.google-analytics.com/  https://www.googletagmanager.com/ https://www.google.com/ https://our.umbraco.com/ *.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.embedly.com/ https://gamma.euroland.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://tools.eurolandir.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://entaingroup.com/ https://www.googletagmanager.com/ https://web1.acsbapp.com/ https://acsbapp.com/ https://uploads-ssl.webflow.com/ https://i.vimeocdn.com/ https://dashboard.umbraco.com/ https://our.umbraco.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.bing.com/ https://www.github.com/ https://github.com/; object-src 'none'; base-uri 'self'; media-src 'self' https://web1.acsbapp.com/; worker-src blob: 'self'; 1
default-src https: 'self'; script-src https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://dap.digitalgov.gov https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://dap.digitalgov.gov https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://unpkg.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://www.google-analytics.com https://stats.g.doubleclick.net 'self'; img-src 'self' https: data:; font-src 'self' https: data:; referrer no-referrer; disown-opener; upgrade-insecure-requests; block-all-mixed-content; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src  'self' 'unsafe-inline'  'unsafe-eval' blob: *.hsforms.com *.hsforms.net *.googletagmanager.com d10lpsik1i8c69.cloudfront.net 129569.tctm.co *.hs-scripts.com *.addtoany.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net *.gstatic.com *.bing.com *.taboola.com *.vimeocdn.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net wss://visitors.live wss://*.visitors.live *.googleapis.com *.google.com *.hubspot.com d10lpsik1i8c69.cloudfront.net *.typeform.com *.spreaker.com *.newrelic.com *.nr-data.net *.cloudflare.com *.licdn.com *.ads.linkedin.com cdn.callrail.com cdn.jsdelivr.net unpkg.com *.airtable.com documentcloud.adobe.com *.piwik.pro *.youtube.com *.authorize.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com d10lpsik1i8c69.cloudfront.net *.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: blob: filesystem: *.mcleanhospital.org *.hubspot.com *.hsforms.com d10lpsik1i8c69.cloudfront.net *.bing.com *.taboola.com *.google.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ads.linkedin.com *.adsymptotic.com *.vimeocdn.com cdn.jsdelivr.net; media-src 'self' d10lpsik1i8c69.cloudfront.net; frame-src 'self' *.vimeo.com vimeo.com *.typeform.com *.youtube.com *.spreaker.com *.hsforms.com *.addtoany.com airtable.com *.airtable.com *.hubspot.com *.mcleanhospital.org *.adobe.com *.authorize.net; frame-ancestors 'self' https://embed.mcleanhospital.org  https://www.mcleanhospital.org; child-src 'self' https://embed.mcleanhospital.org https://www.mcleanhospital.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src  'self' 'unsafe-inline'  'unsafe-eval' *.hsforms.com *.hsforms.net *.googletagmanager.com d10lpsik1i8c69.cloudfront.net 129569.tctm.co *.hs-scripts.com *.addtoany.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net *.gstatic.com *.bing.com *.taboola.com *.vimeocdn.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net wss://visitors.live wss://*.visitors.live *.googleapis.com *.google.com *.hubspot.com d10lpsik1i8c69.cloudfront.net *.typeform.com *.spreaker.com *.newrelic.com *.nr-data.net *.licdn.com *.ads.linkedin.com *.airtable.com *.piwik.pro *.adobe.io *.authorize.net; upgrade-insecure-requests 1
frame-ancestors https://*.jow.fr https://*.jow.com https://*.jow.tech 1
frame-ancestors https://toolkits.sevdesk.de/ https://atlas-v4.sevdesk.de/ http://localhost:3000/ https://chatbot-be-9a973bfe698a.herokuapp.com/ 1
connect-src 'self' xwiki.com *.xwiki.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.zendesk.com *.zdassets.com *.zopim.com *.youtube.com *.vimeocdn.com *.twitter.com *.cloudflare.com wss:; script-src 'self' xwiki.com *.xwiki.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.zendesk.com *.zdassets.com *.zopim.com *.youtube.com *.vimeocdn.com *.twitter.com *.cloudflare.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' xwiki.com *.xwiki.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.zendesk.com *.zdassets.com *.zopim.com *.youtube.com *.vimeocdn.com *.twitter.com *.cloudflare.com 'unsafe-inline'; img-src 'self' xwiki.com *.xwiki.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.zendesk.com *.zdassets.com *.zopim.com *.youtube.com *.vimeocdn.com *.twitter.com *.cloudflare.com data:; font-src 'self' xwiki.com *.xwiki.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.zendesk.com *.zdassets.com *.zopim.com *.youtube.com *.vimeocdn.com *.twitter.com *.cloudflare.com data:; frame-src 'self' *.youtube.com *.google.com *.twitter.com *.xwiki.com; default-src 'self' *.xwiki.com *.zopim.com *.zdassets.com 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'self'; frame-ancestors 'none'; form-action 'self' https://id.recordedfuture.com; default-src 'none';  script-src 'self' 'nonce-92nGd3kMyokHBpBuu7sHew' 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://hatching.io;  style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; 1
frame-ancestors 'self' https://*.us-2.platformsh.site https://*.leicabiosystems.com https://punchoutcommerce.com; report-uri /report-csp-violation 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://gum.criteo.com https://*.recaptcha.net https://*.attn.tv https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai wss://*.liveperson.net https://cdn-ukwest.onetrust.com https://ams.creativecdn.com https://*.attn.tv https://events.attentivemobile.com https://track.webgains.com https://api.webgains.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.fragrancedirect.co.uk https://connect.facebook.net; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://static.criteo.net https://*.criteo.com https://cdn-ukwest.onetrust.com https://tags.creativecdn.com https://cdn.attn.tv https://track.webgains.com https://analytics.webgains.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
Content-Security-Policy:  default-src 'self' *.clic2buy.com *.click2buy.com *.clic2drive.com 1
block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.google.ae https://*.google.ca https://*.google.cn https://*.google.de https://*.google.fr https://*.google.co.uk https://*.google.se https://*.google.ru https://*.google.com.au https://*.google.pl https://*.google.co.in https://*.google.co.za https://*.google.com.pe https://*.google.com.co https://*.google.com.ar https://*.google.nl https://*.google.it https://*.google.es https://*.google.co.th https://*.google.com.sg https://*.google.com.my https://*.google.co.jp https://*.google.co.id https://*.google.com.mx https://*.google.cl https://*.google.com.br https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.google.ad https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cm https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.iq https://*.google.is https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.userway.org https://code.jquery.com https://analytics.tiktok.com https://services.listrak.com https://ajax.googleapis.com https://*.listrakbi.com https://*.kaptcha.com https://*.securedvisit.com https://www.adelixir.com/v2track/ne.js https://*.rfksrv.com https://d26opx5dl8t69i.cloudfront.net https://d10lpsik1i8c69.cloudfront.net https://*.gstatic.com https://s.ytimg.com https://vvsclicks.marketwide.online https://s.pinimg.com https://bat.bing.com https://g.microsoft.com https://*.comm100vue.com https://*.comm100.com https://*.google.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://*.google-analytics.com https://www.google.XYX/ads/user-list https://tpc.googlesyndication.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.shopperapproved.com https://connect.facebook.net https://*.facebook.com https://www.paypalobjects.com https://www.paypal.com https://www.sandbox.paypal.com https://seal.networksolutions.com https://www.youtube.com https://i.ytimg.com https://*.valleyvet.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://7231874.collect.igodigital.com https://acsbap.com https://*.acsbapp.com https://acsbapp.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ https://*.mountain.com https://lsdm.co https://*.agkn.com https://safevisit.online https://track.sv.rkdms.com https://www.clarity.ms;img-src 'self' data: https://*.userway.org https://analytics.tiktok.com https://*.listrakbi.com https://*.listrakbi.com0sypeyfahgkn https://track.sv.rkdms.com https://*.safevisit.online https://px.steelhousemedia.com https://dpm.demdex.net https://mediacdn.espssl.com https://*.kaptcha.com https://*.securedvisit.com https://www.adelixir.com https://*.gstatic.com https://*.doubleclick.net https://*.bing.com https://*.rfksrv.com https://d26opx5dl8t69i.cloudfront.net https://d10lpsik1i8c69.cloudfront.net https://click.s7.exacttarget.com https://vvsclicks.marketwide.online https://c683207.ssl.cf2.rackcdn.com/20842-r.gif https://*.comm100.io https://*.comm100.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://www.google.XYX/ads/user-list https://*.googleadservices.com https://pagead2.googlesyndication.com/pagead/ https://*.shopperapproved.com https://connect.facebook.net https://*.facebook.com https://www.paypalobjects.com https://*.paypal.com https://www.sandbox.paypal.com https://seal.networksolutions.com https://www.youtube.com https://*.ytimg.com https://*.valleyvet.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://nova.collect.igodigital.com https://serve.uberads.com/convert/11235/0 https://acsbap.com https://accessibe.com https://*.acsbapp.com https://acsbapp.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/ https://insight.adsrvr.org https://match.adsrvr.org https://*.clarity.ms;connect-src 'self' https://*.userway.org https://analytics.tiktok.com https://extreme-ip-lookup.com https://*.valleyvet.com https://*.kaptcha.com https://*.comm100.io https://*.comm100.com https://www.paypalobjects.com https://www.paypal.com https://www.sandbox.paypal.com https://pagead2.googlesyndication.com/pagead/ https://*.googleadservices.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://bat.bing.com https://acsbap.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://stats.g.doubleclick.net https://www.facebook.com https://track.securedvisit.com https://www.chasepaymentechhostedpay.com wss://*.glance.net https://*.glance.net https://*.listrakbi.com https://onsite-api.listrak.com https://www.googletagmanager.com https://*.clarity.ms https://sa-events.shopperapproved.com/ https://3.212.39.155/is https://18.210.229.244/is https://44.212.189.233/is https://52.22.50.55/is https://52.71.121.170/is https://54.156.2.105/is https://44.238.122.172/is https://35.85.84.151/is https://44.228.85.26/is https://35.160.46.251/is https://100.20.58.101/is https://34.215.155.61/is;frame-src 'self' https://*.userway.org https://services.listrak.com https://*.valleyvet.com https://*.kaptcha.com https://prod-east-alweb-mt.rfksrv.com https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://*.google.com https://tpc.googlesyndication.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com https://www.googletagmanager.com/ns.html https://connect.facebook.net https://*.facebook.com https://vvsclicks.marketwide.online https://acsbap.com https://acsbapp.com https://accessibe.com https://*.accessibe.com;frame-ancestors 'self' https://*.valleyvet.com https://bid.g.doubleclick.net/ https://www.youtube.com https://*.google.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://www.paypal.com https://www.sandbox.paypal.com https://www.googletagmanager.com/ns.html;object-src https://*.valleyvet.com;report-uri /csp-error/report.html; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * blob: 'unsafe-inline'; 1
connect-src 'self' https:; img-src *; media-src *; form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com; connect-src 'self' https://api.thermostatsolutions.com https://qa.thermostatsolutions.com https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://*.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; img-src * data:; media-src * 1
script-src 'nonce-my1EFlFRJgEsb58J9mzmfw==' mc.yandex.com yastatic.net yandex.tm mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.tm;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.tm mc.yandex.ru mc.yandex.md mc.yandex.tm *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.tm&showid=1705978796899915-7825840789273665264-balancer-l7leveler-kubr-yp-vla-36-BAL-7469&h=stable-portal-mordago-211.sas.yp-c.yandex.net&yandexuid=7736652641705978796&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.tm yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.tm;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.tm favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.tm mc.yandex.ru;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com qmod.quotemedia.com cdnjs.cloudflare.com app.quotemedia.com consent.cookiebot.com consentcdn.cookiebot.com packages.umbraco.org our.umbraco.org www.gravatar.com;img-src 'self' app.quotemedia.com www.google-analytics.com data: www.gravatar.com umbraco.tv;font-src 'self' cdnjs.cloudflare.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-5b537a3c8f4542e2f2555cec8c4a42ad'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self';style-src 'sha256-bRIC1UNpYqqAzgwcakOLqIg004Qdvc0Lbp76JnSAcWc=' 1
default-src 'self'; script-src 'self' https://bat.bing.com https://js.hsadpixel.net https://www.youtube.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com 'unsafe-inline'; style-src 'unsafe-inline' http:; img-src http: data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://forms.hsforms.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://tools.ietf.org https://www.google-analytics.com https://tags.srv.stackadapt.com; frame-src https://www.youtube-nocookie.com https://www.youtube.com https://bid.g.doubleclick.net https://forms.hsforms.com ; 1
default-src 'self'; script-src 'self' https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://script.crazyegg.com/pages/scripts/0058/5877.js https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://cdn.gtranslate.net https://translate.google.com/ https://*.googleapis.com/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.ampproject.org https://*.onesignal.com https://onesignal.com https://www.googletagmanager.com https://cdn.gtranslate.net https://apis.google.com/js/api.js https://connect.facebook.net/en_US/sdk.js https://*.googleapis.com https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://cdn.gtranslate.net https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2 https://translate.google.com/ https://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com'  'unsafe-inline'; img-src 'self' data: http: https: *.y-axis.com https://www.y-axis.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://cdn.gtranslate.net/ https://cdn.iconscout.com/ https://*.onesignal.com https://d2hpxyoi44i7uq.cloudfront.net https://www.y-axis.com https://cdn.gtranslate.net; connect-src 'self' https://www.googletagmanager.com/ https://d2hpxyoi44i7uq.cloudfront.net *.y-axis.com https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://analytics.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://translate.google.com/ https://cdn.gtranslate.net https://us-central1-amp-error-reporting.cloudfunctions.net https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601 https://cdn.gtranslate.net/widgets/latest/popup.js https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.onesignal.com/sdks/OneSignalSDK.js https://www.google.com/recaptcha/ https://apis.google.com/ https://cdn.ampproject.org/ https://www.googletagmanager.com/gtm.js?id=GTM-K5PBP9K https://cdn.gtranslate.net/widgets/latest/dwf.js https://onesignal.com https://www.gstatic.com/ https://*.googleapis.com https://api.y-axis.com https://www.y-axis.com; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ https://maxcdn.bootstrapcdn.com https://*.googleapis.com; frame-src 'self' https://td.doubleclick.net/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google.com/ https://accounts.google.com/; worker-src blob: https://www.y-axis.com/sw.js https://www.y-axis.com/js/push/onesignal/ https://www.y-axis.com/OneSignalSDKWorker.js 1
frame-ancestors 'self' *.shortlyst.com *.baileys.com; 1
frame-ancestors 'self' https://solar.justpark.com https://business.justpark.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.hotjar.com js-agent.newrelic.com *.bam.nr-data.net *.googleadservices.com *.google.com *.google.ca *.gstatic.com https://stats.g.doubleclick.net *.soundcloud.com *.google-analytics.com *.youtube.com *.addtoany.com; object-src 'self' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: *.google.com *.google.ca *.google-analytics.com *.googletagmanager.com *.thinglink.me; frame-src http://stats.innovation.ca 'self' https://player.blubrry.com *.youtube.com *.soundcloud.com https://analytics.clickdimensions.com https://simplebooklet.com https://www.thinglink.com *.thinglink.me http://stats.innovation.ca; child-src 'self' https://player.blubrry.com *.youtube.com *.soundcloud.com *.google.com https://www.google-analytics.com https://analytics.google.com; font-src 'self' fonts.gstatic.com https://themes.googleusercontent.com data; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com https://analytics.google.com *.nr-data.net *.hotjar.io *.hotjar.com https://stats.g.doubleclick.net *.google.ca wss://*.hotjar.com; report-uri /report-csp-violation 1
frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
default-src https://*.neo4j.io; connect-src https://*.neo4j.io  https://login.neo4j.com https://account-dev.neo4j.com https://neo4j-dev.eu.auth0.com https://neo4j-sync.auth0.com/ https://fonts.googleapis.com/ https://js.stripe.com/ https://www.google-analytics.com/ 'sha256-Z2Pn00VECSzRb7O+uLzh2v72uTgEJFyzkYEjTx+brnM=' 'sha256-3WvcbxaXgzfy1p6qRVyw6hkWpCgVqfIAFUmZR+bVT60=' https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtag/ https://storage.googleapis.com/ https://*.amazonaws.com/ https://*.blob.core.windows.net/ https://api-js.mixpanel.com/ https://canny.io/ https://*.canny.io/ https://*.segment.com/ https://*.segment.io/ wss://*.appcues.net/ https://*.appcues.net/ https://*.appcues.com/ https://*.linkedin.com/ https://*.licdn.com/ https://cdn.linkedin.oribi.io/ https://*.facebook.com/ https://*.facebook.net/ https://*.sentry.io/; script-src https://*.neo4j.io https://cdn.auth0.com/ https://cdn.eu.auth0.com https://js.stripe.com/ https://www.google-analytics.com/ 'sha256-Z2Pn00VECSzRb7O+uLzh2v72uTgEJFyzkYEjTx+brnM=' 'sha256-3WvcbxaXgzfy1p6qRVyw6hkWpCgVqfIAFUmZR+bVT60=' https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtag/ https://api-js.mixpanel.com/ https://canny.io/ https://*.canny.io/ https://*.segment.com/ https://*.segment.io/ wss://*.appcues.net/ https://*.appcues.net/ https://*.appcues.com/ https://*.linkedin.com/ https://*.licdn.com/ https://cdn.linkedin.oribi.io/ https://*.facebook.com/ https://*.facebook.net/ https://arcade.software https://*.arcade.software https://*.wistia.com https://*.wistia.net; frame-src https://*.neo4j.io https://js.stripe.com/ https://api-js.mixpanel.com/ https://canny.io/ https://*.canny.io/ https://*.segment.com/ https://*.segment.io/ wss://*.appcues.net/ https://*.appcues.net/ https://*.appcues.com/ https://www.youtube-nocookie.com/ https://arcade.software https://*.arcade.software https://*.wistia.com https://*.wistia.net  https://login.neo4j.com https://account-dev.neo4j.com https://neo4j-dev.eu.auth0.com https://neo4j-sync.auth0.com/; font-src data: https://*.neo4j.io https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src data: https://*.neo4j.io https://*.googleusercontent.com/ https://www.google-analytics.com/ 'sha256-Z2Pn00VECSzRb7O+uLzh2v72uTgEJFyzkYEjTx+brnM=' 'sha256-3WvcbxaXgzfy1p6qRVyw6hkWpCgVqfIAFUmZR+bVT60=' https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtag/ https://www.google.com/ https://www.google.co.uk/ https://neo4j.com/ https://*.neo4j.com/ https://*.gravatar.com/avatar/ https://*.linkedin.com/ https://*.licdn.com/ https://cdn.linkedin.oribi.io/ https://*.facebook.com/ https://*.facebook.net/ https://res.cloudinary.com/ https://neo4j-graph-examples.github.io/; style-src 'unsafe-inline' https://*.neo4j.io https://fonts.googleapis.com/ https://api-js.mixpanel.com/ https://canny.io/ https://*.canny.io/ https://*.segment.com/ https://*.segment.io/ wss://*.appcues.net/ https://*.appcues.net/ https://*.appcues.com/; form-action 'none'; object-src 'none'; 1
default-src 'self' https: wss:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self' https:; font-src 'self' https: data:; img-src 'self' data: https:; frame-ancestors 'self'; object-src 'self' data: https:; upgrade-insecure-requests; block-all-mixed-content; worker-src 'self' data: https: blob: 1
frame-ancestors 'self' https://*.bod.de https://*.bod.ch https://*.bod.dk https://*.bod.fi https://*.bod.fr https://*.bod.se https://*.bod.com.es https://*.bod.no https://*.twentysix.de; 1
frame-ancestors 'self' www.therochestercornexchange.co.uk rochester-21st.s1.umbraco.io www.medwayadulteducation.co.uk; 1
default-src https: 'self'; script-src 'self' https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://code.jquery.com/ https://loader.webspellchecker.net/ https://maps.googleapis.com/ https://ajax.googleapis.com/ https://www.maxpreps.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/ https://jspost.me/ https://cdnjs.cloudflare.com/ https://cdn.datatables.net/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://cse.google.com/ https://www.google.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.rawgit.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://cdn.datatables.net/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/; style-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css https://code.jquery.com/ https://www.google.com/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://netdna.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com/; 1
default-src *.toyotabharat.com *.facebook.com  *.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com googleads.g.doubleclick.net tags.bkrtx.com *.googleapis.com *.google.co.in *.bluekai.com stats.g.doubleclick.net cdnjs.cloudflare.com *.razorpay.com cdn.jsdelivr.net collectcdn.com *.collect.chat  collect.chat  *.fontawesome.com *.youtube.com *.youtube-nocookie.com *.cloudfront.net *.gstatic.com *.toyotafinance.co.in *.api.useinsider.com *.useinsider.com 'unsafe-inline' 'unsafe-eval'  data: blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; 1
default-src blob: wss: chat.blue.net bnccp.ad.bluegrassnetwork.com BNCCP.ad.bluegrassnetwork.com *.socket.io *.bbb.org *.gracenote.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com billing.nctc.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com *.nctc.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop cdn.crowdfiber.io; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'     px.gumgum.com    ads-engagement.presage.io    px4.ads.linkedin.com    ssg-preview.qubit.com   applepay.cdn-apple.com   pay.google.com   cdn2.gbqofs.com   stash.qubitproducts.com    tally-1.qubitproducts.com    recs.qubit.com    queries.qubit.com    datasets.qubit.com    gong-eb.qubit.com    gong-gc.qubit.com    zonk.qubit.com    lookup.qubit.com    orca.qubitproducts.com    orca-v2.qubitproducts.com    api.qubit.com    app.qubit.com    integrations.qubit.com    static.goqubit.com    daira55y1kubs.cloudfront.net *.laiye.com     d3mhw2pbijpnft.cloudfront.net    dd6zx4ibq538k.cloudfront.net    d3drxpsm374orh.cloudfront.net    d3c3cq33003psk.cloudfront.net    d22rutvoghj3db.cloudfront.net    d1m54pdnjzjnhe.cloudfront.net    d2r7uc8e08s26x.cloudfront.net    d3drxpsm374orh.cloudfront.net    messages.qubit.com     ws.sessioncam.com    console.sessioncam.com *.sojern.com  ad.doubleclick.net www.google.com  *.adsrvr.org   twitter.com     youtube.com    instagram.com     qubit.com    google.co.uk     sessioncam.com     cloudfront.net    daysoutguide.co.uk   swrap.tradedoubler.com   www.google-analytics.com    http://widget.consentric.io/public/script/initWidget.js https://widget.consentric.io/public/script/initWidget.js  https://tagmanager.google.com http://tagmanager.google.com  http://www.googletagmanager.com https://www.googletagmanager.com http://widget.consentric.io/public/init.js  https://widget.consentric.io/public/init.js https://snap.licdn.com/li.lms-analytics/insight.min.js  http://snap.licdn.com/li.lms-analytics/insight.min.js   http://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.34.min.js  https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.34.min.js http://widget.sandbox.consentric.io/public/script/initWidget.js  https://widget.sandbox.consentric.io/public/script/initWidget.js  http://www.googletagmanager.com/gtm.js  https://www.googletagmanager.com/gtm.js http://widget.sandbox.consentric.io/public/init.js https://widget.sandbox.consentric.io/public/init.js  http://first11225.pcapredict.com/js/sensor.js https://first11225.pcapredict.com/js/sensor.js  http://analytics.twitter.com https://analytics.twitter.com  http://d6tizftlrpuof.cloudfront.net https://d6tizftlrpuof.cloudfront.net  http://dd6zx4ibq538k.cloudfront.net https://dd6zx4ibq538k.cloudfront.net https://wrap.tradedoubler.com http://wrap.tradedoubler.com  https://custom.yieldify.com http://custom.yieldify.com https://svht.tradedoubler.com http://svht.tradedoubler.com http://td.yieldify.com  https://td.yieldify.com http://static.ads-twitter.com https://static.ads-twitter.com https://static.goqubit.com http://static.goqubit.com  https://d2oh4tlt9mrke9.cloudfront.net http://d2oh4tlt9mrke9.cloudfront.net http://consent.trustarc.com https://consent.trustarc.com  https://www.avantiwestcoast.co.uk http://www.avantiwestcoast.co.uk  http://consent.truste.com  https://consent.truste.com     https://connect.facebook.net/      https://www.google-analytics.com/analytics.js       https://cdn.sub2tech.com/        https://sc-static.net/scevent.min.js       https://paperplaneslive.com/paperplanes/js/tracker.php       https://connect.facebook.net/en_US/fbevents.js        https://w.usabilla.com/       https://www.klick2contact.com/       https://api.usabilla.com/       https://api.reciteme.com/        https://dataservices.sub2tech.com/      https://dev.visualwebsiteoptimizer.com/       https://www.googletagmanager.com/        https://ajax.googleapis.com/     https://cdn.syndication.twimg.com/timeline/profile     https://www.google.com/      https://maps.googleapis.com/       https://www.gstatic.com/       https://platform.twitter.com/      https://tags.tiqcdn.com/     http://tags.tiqcdn.com/       http://connect.facebook.net/      http://www.google-analytics.com/analytics.js       http://cdn.sub2tech.com/        http://sc-static.net/scevent.min.js       http://paperplaneslive.com/paperplanes/js/tracker.php       http://connect.facebook.net/en_US/fbevents.js        http://w.usabilla.com/       http://www.klick2contact.com/       http://api.usabilla.com/       http://api.reciteme.com/        http://dataservices.sub2tech.com/      http://dev.visualwebsiteoptimizer.com/        http://www.googletagmanager.com/       http://ajax.googleapis.com/     http://cdn.syndication.twimg.com/timeline/profile      http://www.google.com/      http://maps.googleapis.com/      http://www.gstatic.com/       http://platform.twitter.com/    https://wctrainid.co.uk/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.google.com/ https://translate.googleapis.com/  https://translate-pa.googleapis.com/ https://img-statics.com https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com https://unpkg.com https://bat.bing.com https://www.paypal.com  https://www.clarity.ms/  https://cdn2.gbqofs.com/ *.report.gbss.io  ad.doubleclick.net snap.licdn.com analytics.tiktok.com protect-eu.mimecast.com security-eu.mimecast.com https://js.adsrvr.org/ https://cdn.gbqofs.com/   services.postcodeanywhere.co.uk    widget.sandbox.consentric.io    *.licdn.com   *.presage.io  ad.doubleclick.net  www.googleadservices.com   region1.analytics.google.com   tbs.tradedoubler.com    tbl.tradedoubler.com  pagead2.googlesyndication.com   adservice.google.com;;            style-src 'self' 'unsafe-inline'  px.gumgum.com  ads-engagement.presage.io  px4.ads.linkedin.com ssg-preview.qubit.com stash.qubitproducts.com tally-1.qubitproducts.com recs.qubit.com queries.qubit.com datasets.qubit.com gong-eb.qubit.com gong-gc.qubit.com zonk.qubit.com lookup.qubit.com orca.qubitproducts.com orca-v2.qubitproducts.com api.qubit.com app.qubit.com integrations.qubit.com static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d3drxpsm374orh.cloudfront.net d3c3cq33003psk.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d2r7uc8e08s26x.cloudfront.net d3drxpsm374orh.cloudfront.net messages.qubit.com  ws.sessioncam.com console.sessioncam.com www.google.com twitter.com  youtube.com instagram.com  qubit.com google.co.uk  sessioncam.com  cloudfront.net daysoutguide.co.uk  http://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.34.min.css  https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.34.min.css  http://api.reciteme.com/  https://api.reciteme.com/  http://ton.twimg.com   https://ton.twimg.com    https://www.klick2contact.com/       https://d6tizftlrpuof.cloudfront.net/           https://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css      https://cdnjs.cloudflare.com/ajax/       https://cdnjs.cloudflare.com/      https://maxcdn.bootstrapcdn.com/      https://fonts.googleapis.com/      https://platform.twitter.com/       http://www.klick2contact.com/      http://d6tizftlrpuof.cloudfront.net/            http://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css      http://cdnjs.cloudflare.com/ajax/       http://cdnjs.cloudflare.com/      http://maxcdn.bootstrapcdn.com/      http://fonts.googleapis.com/      http://platform.twitter.com/ https://wctrainid.co.uk/  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.googleapis.com/ https://www.gstatic.com/  https://translate-pa.googleapis.com/ https://img-statics.com  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com https://bat.bing.com ;     font-src 'self'   http://fonts.yieldify-production.com/fonts/ https://fonts.yieldify-production.com/fonts/  http://fonts.yieldify-production.com/fonts/100326/7de1dc24-75ae-46d2-b25f-01adc545e226.woff   https://fonts.yieldify-production.com/fonts/100326/7de1dc24-75ae-46d2-b25f-01adc545e226.woff  http://fonts.yieldify-production.com/fonts/100326/2140db2b-ebac-46a4-8fc5-481246ed4e8a.ttf  https://fonts.yieldify-production.com/fonts/100326/2140db2b-ebac-46a4-8fc5-481246ed4e8a.ttf  http://fonts.yieldify-production.com/fonts/100326/b86d3ed2-0b2d-4f11-b17a-c556e3632f68.otf  https://fonts.yieldify-production.com/fonts/100326/b86d3ed2-0b2d-4f11-b17a-c556e3632f68.otf     https://d6tizftlrpuof.cloudfront.net/      https://api.reciteme.com/      https://maxcdn.bootstrapcdn.com       https://fonts.gstatic.com/      http://www.klick2contact.com/      http://d6tizftlrpuof.cloudfront.net/       http://api.reciteme.com/      http://cdn.sub2tech.com/ccs/d702ab8c-94b1-4e48-9190-24faa74ef0b0/popstyle_2.css       http://cdnjs.cloudflare.com/ajax/      http://cdnjs.cloudflare.com/      http://maxcdn.bootstrapcdn.com/       http://fonts.googleapis.com/      http://platform.twitter.com/ https://wctrainid.co.uk/  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://translate.googleapis.com/ https://www.gstatic.com/  https://translate-pa.googleapis.com/ https://img-statics.com  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com https://bat.bing.com *.cloudfront.net    *.usabilla.com    https://fonts.googleapis.com  *.cloudflare.com   https://fonts.gstatic.com  *.reciteme.com  https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/   https://maxcdn.bootstrapcdn.com/ ;   img-src 'self' data: px.gumgum.com ads-engagement.presage.io px4.ads.linkedin.com ssg-preview.qubit.com stash.qubitproducts.com tally-1.qubitproducts.com recs.qubit.com queries.qubit.com datasets.qubit.com gong-eb.qubit.com gong-gc.qubit.com zonk.qubit.com lookup.qubit.com orca.qubitproducts.com orca-v2.qubitproducts.com api.qubit.com app.qubit.com integrations.qubit.com static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d3drxpsm374orh.cloudfront.net d3c3cq33003psk.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d2r7uc8e08s26x.cloudfront.net d3drxpsm374orh.cloudfront.net messages.qubit.com  ws.sessioncam.com console.sessioncam.com www.google.com twitter.com  youtube.com instagram.com  qubit.com google.co.uk  sessioncam.com  cloudfront.net daysoutguide.co.uk px.ads.linkedin.com ws.sessioncam.com www.google.com www.google.co.in www.linkedin.com p.adsymptotic.com connect.facebook.net pbs.twimg.com abs.twimg.com ton.twimg.com platform.twitter.com api.reciteme.com   www.facebook.com   http://picouat.avantiwestcoast.co.uk   https://picouat.avantiwestcoast.co.uk   http://10037031.fls.doubleclick.net   https://10037031.fls.doubleclick.net   http://9767686.fls.doubleclick.net   https://9767686.fls.doubleclick.net   https://consent.trustarc.com   http://consent.trustarc.com   https://secure.adnxs.com   http://secure.adnxs.com   https://d6tizftlrpuof.cloudfront.net   http://d6tizftlrpuof.cloudfront.net   http://www.google-analytics.com   https://www.google-analytics.com   maps.gstatic.com   maps.googleapis.com   play.google.com   linkmaker.itunes.apple.com   w.usabilla.com   t.co   assets-v2.yieldify.com   www.daysoutguide.co.uk   assets.yieldify.com   services.postcodeanywhere.co.uk   https://wctrainid.co.uk/    https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/    https://www.gstatic.com/   https://img-statics.com   https://img.evbuc.com/  https://widget.mindsay.com https://widget.destygo.com/  https://github.com https://widget-socket.mindsay.com  https://bom.destygo.com https://widget-events.mindsay.com  https://www.mindsay.com  https://unpkg.com  https://images.mindsay.com http://boi.destygo.com/  https://destygo-public.s3.eu-central-1.amazonaws.com www.google.co.uk https://bat.bing.com https://analytics.twitter.com https://t.paypal.com https://ade.googlesyndication.com/  ad.doubleclick.net *.googletagmanager.com   https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com   https://fonts.gstatic.com   https://translate.googleapis.com/   https://translate.google.com/    *.gumgum.com   *.linkedin.com  *.presage.io   www.google.co.in   *.doubleclick.net  http://connect.facebook.net;  object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' enews.mortonarb.org *.pardot.com *.gstatic.com *.google.com *.facebook.net *.googleapis.com *.googletagmanager.com doublethedonation.com *.google-analytics.com *.jquery.com *.adsrvr.org *.googleadservices.com *.doubleclick.net; worker-src 'self' blob:; connect-src 'self' *.gstatic.com *.google-analytics.com *.googleapis.com translate.googleapis.com *.google.com doublethedonation.com *.doubleclick.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com doublethedonation.com; media-src 'self' data: player.vimeo.com; frame-src 'self' *.facebook.com *.google.com player.vimeo.com *.adsrvr.org *.doubleclick.net  *.mortonarb.org; font-src 'self' data: *.gstatic.com doublethedonation.com; img-src 'self' https: data: *.picsum.photos picsum.photos *.gstatic.com *.vimeocdn.com *.gravatar.com; 1
default-src 'self' data: cloudlog.ch *.bt-group.com *.issuu.com *.meteonews.net *.prospective.ch *.youtube.com *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.typekit.net *.composite.net *.bootstrapcdn.com *.googleapis.com/ *.cdn.com *.sharethis.com *.gstatic.com *.googletagmanager.com *.facebook.net *.epoq.de 'unsafe-inline' 'unsafe-hashes' *.online-metrix.net *.azurewebsites.net *.landi.ch *.gm22.landi.ch/ *.bvlandimarch.ch *.landiherblingen.ch *.landiberingen.ch *.landiandelfingen.ch *.landi-grindelwald.ch *.landitannzapfenland.ch *.landiaarauwest.ch *.landiaare.ch *.landialbis.ch *.landiappenzell.ch *.landiarcjura.ch *.landi-bachtel.ch *.landibernwest.ch *.landibgt.ch *.landibolligen.ch *.landiavenches.ch *.landibucheggberg-landshut.ch/ *.landibuchrain.ch *.landibuchs.ch *.landibuchsi.ch *.landibueren.ch *.landicentrebroye.ch *.landichablaislavaux.ch *.landieinsiedeln.ch *.landieriswil.ch *.landieulachtal.ch *.landifreiamt.ch *.landifrila.ch *.landifuerstenlandag.ch *.landifurt-limmattal.ch *.landiganterschwil.ch *.landiglarnerland.ch *.landigoldachmoerschwil.ch *.landigraubuenden.ch *.landiechallens.ch *.landihallwilersee.ch *.landihombrechtikon.ch *.landihuenenberg.ch *.landihuettwilen.ch *.landijungfrau.ch *.landikowy.ch *.landikuessnacht.ch *.landilacote.ch *.landilinth.ch *.landiluzernwest.ch *.landi-maiengruen.ch *.landikreuzlingen.ch *.landimatzingen.ch *.landimaur.ch *.landimelchnau.ch *.landimittelthurgau.ch *.landimz.ch *.landimoleson.ch *.landimoossee.ch *.landibuetschwil.ch *.landimoudon.ch *.landicourtepin.ch *.landimuhen.ch *.landineftenbach.ch *.landinesslau.ch *.landiniesen.ch *.landinordvaudoisvenoge.ch *.landinottwil.ch *.landioberbalm.ch *.landioberbueren.ch *.landialtstaetten.ch *.landioberseetal.ch *.landioberthurgau.ch *.landioberwallis.ch *.landipilatus.ch *.landireba.ch *.landiregionaemme.ch *.landiregionhuttwil.ch *.landiregionlangnau.ch *.landiregionneuchatel.ch *.landireso.ch *.landisaentis.ch *.landisarganserland.ch *.landisarine.ch *.landischuepfheim.ch *.landischwarzwasser.ch *.landischwyz.ch *.landisee.ch *.landiseeland.ch *.landiseeruecken.ch *.landisempach-emmen.ch *.landisense-duedingen.ch *.landisense-oberland.ch *.landisimmental-saanenland.ch *.landisins.ch *.landistmargrethen.ch *.landistaefa-maennedorf.ch *.landistammertal.ch *.landisurb.ch *.landisursee.ch *.landithun.ch *.landithur.ch *.landithurland.ch *.landiunteresseetal.ch *.landiuntersee.ch *.landiunterwalden.ch *.landiuri.ch *.landiueberstorf.ch *.landipontenet.ch *.landivechigen.ch *.landiwartau.ch *.landiwasserschloss.ch *.landiwattwil.ch *.landiweinland.ch *.landiwetzikon.ch *.landiwiggen.ch *.landiwila.ch *.wisligzaeller.ch *.landiwohlensee.ch *.landizimmerberg.ch *.landizofingen.ch *.landizola.ch *.landizugerland.ch *.landizueriunterland.ch *.youtube.com ; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.spark-nga.de https://*.spark-nga-int.de https://dc.services.visualstudio.com https://*.matomo.cloud https://cdnjs.cloudflare.com https://ajax.googleapis.com; img-src 'self' https://secure.gravatar.com https://*.spark-nga.de https://*.spark-nga-int.de data: blob:; font-src 'self' https://fonts.gstatic.com data: blob:; 1
frame-ancestors www.chipublib.org *.www.chipublib.org chipublib.org *.chipublib.org chicago.bibliocms.com *.chicago.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.chipublib.org *.www.chipublib.org chipublib.org *.chipublib.org chicago.bibliocms.com *.chicago.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' https://var-group-cdn-prod.adacto.it https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://var-group-cdn-prod.adacto.it https://*.hsforms.net https://matomo01.bizmart2.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.google.com https://*.gstatic.com http://*.hsforms.net https://*.hsforms.net https://*.recaptcha.net https://*.addthis.com; style-src 'self' 'unsafe-inline' https://var-group-cdn-prod.adacto.it https://*.googleapis.com; img-src * data:; media-src 'self' https://var-group-cdn-prod.adacto.it https://var-group-sitecore-cm-prod.adacto.it https://edge.sitecorecloud.io; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://docs.google.com https://*.google.com https://*.hsforms.com https://*.recaptcha.net; frame-ancestors https://var-group-sitecore-cm-prod.adacto.it; object-src none; connect-src 'self' https://var-group-cdn-prod.adacto.it https://*.hsforms.com https://www.youtube.com https://matomo01.bizmart2.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.ingest.sentry.io 1
default-src 'self'; script-src 'self' blob: *.usercentrics.eu 'unsafe-eval' https://www.google-analytics.com/ 'unsafe-eval' http://www.google-analytics.com/ 'unsafe-inline' http://www.googletagmanager.com https://connect.facebook.net/ https://snap.licdn.com/ https://maps.googleapis.com https://ajax.googleapis.com/ https://www.youtube.com/ http://platform.massrelevance.com/js/massrel.js https://analytics.tiktok.com/ *.clarity.ms *.zoovu.com *.smartassistant.com https://walls.io https://static.hotjar.com https://script.hotjar.com/ https://www.googleadservices.com https://www.google.com https://events.ottobock.com; connect-src 'self' https://*.cep.ottobock.com https://*.cepapi.ottobock.com/ *.algolianet.com *.algolia.net *.usercentrics.eu *.google-analytics.com https://b2cforms.ottobock.com/ https://maps.googleapis.com/ https://analytics.tiktok.com/ https://*.in.applicationinsights.azure.com/ https://assets.ctfassets.net/ https://cdn.linkedin.oribi.io/ *.google.com stats.g.doubleclick.net region1.analytics.google.com *.google-analytics.com *.clarity.ms *.zoovu.com *.smartassistant.com https://cdn.linkedin.oribi.io/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.growthbook.io/ https://cloud.info.ottobock.com/ https://*.blackthorn.io www.googleadservices.com td.doubleclick.net https://px.ads.linkedin.com/ https://api.openai.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.zoovu.com; font-src 'self' * data:; frame-src 'self' www.ottobock.de www.ottobock.com https://www.youtube.com/ http://www.youtube.com/ cloud.news.ottobockus.com ottobock-se-co-kgaa.massrel.io http://ottobock-se-co-kgaa.massrel.io https://ottobock-se-co-kgaa.massrel.io https://www.ottobock.ch https://www.ottobock.at https://ttselector.ottobock.com https://www.ottobock.it https://www.selection-guide.de/ https://www.ottobock-events.de/ https://my.walls.io/ https://cloud.info.ottobock.com/ https://events.blackthorn.io https://www.googleadservices.com https://td.doubleclick.net http://facebook.com https://events.ottobock.com; frame-ancestors 'self' https://app.contentful.com https://events.ottobock.com; child-src 'self' ; media-src 'self' https://videos.ctfassets.net http://videos.ctfassets.net https://*.cep.ottobock.com; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.insuremytrip.com https://unpkg.com https://*.pingdom.net https://*.ctnsnet.com https://mapbox.com https://*.mapbox.com https://*.activehosted.com https://*.bing.com https://*.cloudfront.net https://consentag.eu/public/3.0.1/consenTag.js https://*.facebook.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jsdelivr.net https://*.js.ubembed.com https://pubads.g.doubleclick.net https://*.resellerratings.com https://s.yimg.com/wi/ytc.js https://*.snapengage.com https://*.sojern.com https://*.ubembed.com https://*.yieldoptimizer.com https://*.youtube.com  https://*.insuremytrip.com https://*.insuremytrip.com.imtprod.us; worker-src 'self' blob:; 1
frame-ancestors 'self' *.visiodent.net 1
frame-src *.tealiumiq.com *.tealium.com *.highspot.com *.youtube.com *.vimeo.com *.marketo.com *.driftt.com *.hotjar.com *.facebook.com *.doubleclick.net *.saleshood.com *.zoominfo.com *.brighttalk.com *.google.com *.tealium.net *.onetrust.com; frame-ancestors *.tealiumiq.com *.tealium.com *.highspot.com *.youtube.com *.vimeo.com *.marketo.com *.driftt.com *.hotjar.com *.facebook.com *.doubleclick.net *.saleshood.com *.zoominfo.com *.brighttalk.com *.google.com *.tealium.net *.onetrust.com; 1
img-src www.datocms-assets.com script.hotjar.com static.hotjar.com www.hotjar.com https://*.stripe.com blob: 'self' data: *.zopa.com cdn.cookielaw.org https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.adalyser.com googleads.g.doubleclick.net www.google.com images-static.trustpilot.com cdn.optimizely.com app.optimizely.com yt3.ggpht.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.googletagmanager.com ad.doubleclick.net *.fls.doubleclick.net ade.googlesyndication.com ssl.gstatic.com www.gstatic.com; connect-src www.datocms-assets.com p11.techlab-cdn.com *.sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.stripe.com 'self' *.zopa.com cdn.cookielaw.org privacyportal-eu.onetrust.com geolocation.onetrust.com zopa-privacy.my.onetrust.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.amplitude.com *.optimizely.com www.googletagmanager.com; media-src stream.mux.com blob: 'self' data: https://js.intercomcdn.com; script-src 'unsafe-eval' *.sentry.io static.hotjar.com script.hotjar.com https://js.stripe.com 'self' 'unsafe-inline' cdn.cookielaw.org zopa-privacy.my.onetrust.com *.intercom.io *.intercomcdn.com *.adalyser.com www.googleadservices.com googleads.g.doubleclick.net www.google.com cdn.amplitude.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com www.googletagmanager.com tagmanager.google.com; script-src-elem p11.techlab-cdn.com static.hotjar.com script.hotjar.com 'self' 'unsafe-inline' *.zopa.com cdn.cookielaw.org *.intercom.io *.intercomcdn.com *.adalyser.com www.googleadservices.com googleads.g.doubleclick.net www.google.com cdn.amplitude.com www.googletagmanager.com; font-src script.hotjar.com data: *.zopa.com https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.googleapis.com fonts.gstatic.com; style-src static.hotjar.com script.hotjar.com 'self' data: 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com tagmanager.google.com; frame-src https://js.stripe.com https://hooks.stripe.com youtube.com www.youtube.com 'self' blob: *.zopa.com www.intercom-reporting.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com *.doubleclick.net; default-src 'self'; manifest-src 'self' *.zopa.com; worker-src 'self' blob:; object-src 'self' blob:; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors 'self' *.zopa.com; report-uri https://o205295.ingest.sentry.io/api/4504078087815168/security/?sentry_key=6f57a2640bae464ead0c9ef9b9714e4c 1
default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://unpkg.com/filepond@^4/dist/filepond.css https://unpkg.com/filepond@%5E4/dist/filepond.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com https://*.googletagmanager.com pi.pardot.com sjs.bizographics.com https://googleads.g.doubleclick.net https://www.googleadservices.com serve.albacross.com maps.googleapis.com serve.albacross.com khmjk5b61ggx.statuspage.io https://www.google.com www.gstatic.com www2.proemion.com app.box.com snap.licdn.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com *.clarity.ms app.usercentrics.eu https://unpkg.com/filepond-plugin-file-validate-type/ https://unpkg.com/filepond-plugin-file-validate-size/ https://unpkg.com/filepond@^4/ https://unpkg.com/filepond@%5E4/ https://tpc.googlesyndication.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com https://apps.elfsight.com/p/platform.js https://static.elfsight.com/ https://universe-static.elfsightcdn.com/ https://proemion.containers.piwik.pro/ https://proemion.piwik.pro/ppms.js; frame-src 'self' www2.proemion.com khmjk5b61ggx.statuspage.io www.google.com www.youtube.com app.box.com proemion.app.box.com proemiongmbh-my.sharepoint.com portal.productboard.com https://td.doubleclick.net https://*.safeframe.googlesyndication.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://consentcdn.cookiebot.com; media-src 'self' data: https://phosphor.utils.elfsightcdn.com/; img-src 'self' data: collect.albacross.com px.ads.linkedin.com px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat img.youtube.com i.ytimg.com ytimg.com maps.googleapis.com maps.gstatic.com www.linkedin.com https://ssl.gstatic.com https://www.gstatic.com *.usercentrics.eu new-collect.albacross.com https://*.clarity.ms https://*.bing.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://phosphor.utils.elfsightcdn.com/ https://phosphor.ivanenko.workers.dev https://static.elfsight.com https://proemion.containers.piwik.pro https://proemion.piwik.pro; connect-src 'self' dash.elfsight.com collect.albacross.com new-collect.albacross.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.clarity.ms api.usercentrics.eu consent-api.service.consent.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu maps.googleapis.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://ad.doubleclick.net https://apps.elfsight.com/ https://storage.elfsight.com/ https://core.service.elfsight.com/ https://pagead2.googlesyndication.com/ https://proemion.containers.piwik.pro https://proemion.piwik.pro https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com cdn.jsdelivr.net; report-uri https://www.proemion.com/csp-violation-report/; report-to csp-endpoint 1
default-src 'self' https: data: blob: *.gravatar.com; style-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self' https://*.nvisioncenters.com https://scheduling.convo360.com 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js.fout.jp https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.facebook.com https://www.gstatic.com https://fonts.gstatic.com https://platform.twitter.com https://note.com https://social-plugins.line.me https://8card.net https://*.eq.webcdn.stream.ne.jp https://c.paypal.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://assets.braintreegateway.com/ https://www.e-scott.jp https://www.test.e-scott.jp; img-src * data: blob: about:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://s3-ap-northeast-1.amazonaws.com https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://js.fout.jp https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://connect.facebook.net https://www.gstatic.com https://d.line-scdn.net https://cdn.st-note.com https://platform.linkedin.com https://platform.twitter.com https://8card.net https://code.jquery.com https://api01-platform.stream.co.jp https://ssl-cache.stream.ne.jp https://*.eq.webcdn.stream.ne.jp https://c.paypal.com/ https://www.paypal.com/sdk/js https://www.paypalobjects.com/webstatic/r/fb/fb-all-prod.pp.min.js https://www.e-scott.jp https://www.test.e-scott.jp https://s.yimg.jp; frame-ancestors 'self' https://*.eloqua.com 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net;         font-src  'self'  https://use.fontawesome.com https://fonts.gstatic.com/;        img-src 'self' https://www.google.com https://www.google.co.in https://www.google-analytics.com ;        frame-ancestors 'self' https://cms.ocwen.com:9101;        frame-src 'self' https://cms.ocwen.com:9101 https://bid.g.doubleclick.net;         script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net ;        style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com;        object-src 'none';        base-uri 'self' https://cms.ocwen.com:9101;        form-action 'none';            report-uri https://www.ocwen.com/csp-report-endpoint; 1
default-src 'self'; media-src http://videos.ctfassets.net/ images.sparhandy.de; script-src bat.bing.com/ eu.b2c.com/ http://fonts.gstatic.com/ http://tr.outbrain.com/ http://www.adcell.de https://*.abtasty.com/ https://*.adform.net/ https://ad.doubleclick.net https://aggregator.service.usercentrics.eu/ https://amplify.outbrain.com/ https://analytics.tiktok.com/ https://api.aklamio.com https://api.fraud0.com/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://bt.fraud0.com/api/ https://cdn.parcellab.com/ https://cdn.taboola.com https://connect.facebook.net https://*.criteo.com/ https://*.criteo.net/ https://googleads.g.doubleclick.net/ https://iframe.duverkaufst.de https://jsctool.com https://middleware.sparhandy.de/ https://p.teads.tv/ https://pagead2.googlesyndication.com/ https://script.hotjar.com https://secure.pay1.de https://static.hotjar.com https://t.adcell.com/ https://trc.taboola.com/ https://wave.outbrain.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.dwin1.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.high-mobile.de/ https://www.sparhandy.de/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'self' 'unsafe-eval' 'unsafe-inline' ws: wss: www.googleadservices.com/pagead/; img-src 'self' data: * editor-assets.abtasty.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ws: * wss: * https://jsctool.com; font-src https://common-fonts.abtasty.com https://script.hotjar.com https://secure.pay1.de https://themes.googleusercontent.com 'self'; frame-src 'self' ws: * wss: * https://app.usercentrics.eu/ https://cdn.parcellab.com/; frame-ancestors 'self' https://app.contentful.com; object-src 'self'; connect-src *.abtasty.com https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.googletagmanager.com/ 'self' ws: * wss: *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubyapps.io https://ajax.googleapis.com https://reports.hrmdirect.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com; style-src 'self' 'unsafe-inline' https://analytics.rubyapps.io https://reports.hrmdirect.com https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://analytics.rubyapps.io https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com; frame-src 'self' https://analytics.rubyapps.io https://laborlawyers.hrmdirect.com https://communication.fisherphillips.com https://communications.fisherphillips.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://fisherphillips.powtoon.com https://www.podbean.com https://app.powerbi.com https://fisherphillips.hrmdirect.com https://reports.hrmdirect.com https://laborlawyers.hrmdirect.com; worker-src 'self' blob:; media-src 'self' data: https://vimeo.com https://www.youtube.com; frame-ancestors 'self'; object-src 'self'; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://scan.coverity.com;font-src 'self' data:;connect-src 'self';media-src 'self' data: blob:;frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
default-src 'self' *.zopim.com wss://*.zopim.com; script-src 'unsafe-inline' 'unsafe-eval' www.idecan.org.br idecan.org.br site-idecan-antigo.azurewebsites.net localhost:8000 www.google-analytics.com ajax.googleapis.com *.zopim.com; img-src 'self' www.google-analytics.com idecan.s3.amazonaws.com *.zopim.com; style-src 'unsafe-inline' www.idecan.org.br idecan.org.br site-idecan-antigo.azurewebsites.net localhost:8000; 1
default-src  * 'self' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src 'self' data: fonts.gstatic.com; style-src * 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' www.bever.nl www.bever.nl preview.bever.nl bever.nl m.bever.nl product001.bever.nl product002.bever.nl product003.bever.nl product004.bever.nl ; 1
frame-ancestors 'self' https://www.gesis.org https://lms.uni-kiel.de; 1
frame-ancestors https://*.tracelink.com 1
default-src https: wss: data: blob: *.crazyegg.com prod.custhelp.vitalchek.com qa.custhelp.vitalchek.com 'unsafe-inline' 'unsafe-eval' 1
default-src https://forms.office.com https://hubblecreative.prpellr.com https://js.adsrvr.org https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.googletagmanager.com https://c.bing.com https://*.clarity.ms https://www.clarity.com https://www.google.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://fonts.googleapis.com https://csuasm.maps.arcgis.com https://t.co https://analytics.twitter.com https://q.quora.com https://p.adsymptotic.com https://ct.pinterest.com https://www.facebook.com https://static.ads-twitter.com https://px.ads.linkedin.com https://s.pinimg.com https://a.quora.com https://connect.facebook.net https://snap.licdn.com https://springsutilities.tfaforms.net https://forms.nintex.com https://wwwadmin.csu.org https://d-wwwadmin.csu.org https://t-wwwadmin.csu.org https://q-wwwadmin.csu.org https://www.csu.org https://d-www.csu.org https://t-www.csu.org https://q-www.csu.org https://wss.csu.org https://wssdev.til.csu.org https://wssqa.csu.org https://statse.webtrendslive.com https://www.youtube.com https://csutilities.hosted.panopto.com https://app.powerbi.com data: 'self' 'unsafe-inline' 'unsafe-eval'; font-src https://fonts.gstatic.com https://static2.sharepointonline.com data: 'self' 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com/;img-src 'self' 'unsafe-inline' data: https://asset.gsc.com.my/ https://poster.gsc.com.my/ https://i.ytimg.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/;media-src 'self' 'unsafe-inline' https://asset.gsc.com.my/;frame-src 'self' 'unsafe-inline' https://securepubads.g.doubleclick.net/ https://*.safeframe.googlesyndication.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://www.googleapis.com/ https://www.youtube.com/;connect-src https://pagead2.googlesyndication.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://securepubads.g.doubleclick.net/ https://cms.gsc.com.my/;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/;script-src-elem 'self' 'unsafe-inline' https://static.addtoany.com/ https://securepubads.g.doubleclick.net/ https://www.googletagmanager.com/ https://adservice.google.com/ https://www.googletagservices.com/ https://tpc.googlesyndication.com/ https://www.google.com/ https://www.gstatic.com/ 1
upgrade-insecure-requests; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'report-sample' 'self' 'unsafe-inline' *; style-src-elem 'report-sample' 'self' 'unsafe-inline' *; base-uri 'self' *; connect-src 'self' * ; font-src 'self' * ; frame-src 'self' * ; img-src 'self' blob: data: * ; manifest-src 'self'; media-src 'self' *; worker-src *; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.siteimprove.com *.siteimprove.net siteimproveanalytics.com covid-19-kort.dk *.highcharts.com;style-src 'self' 'unsafe-inline' *.typekit.net *.mailchimp.com covid-19-kort.dk fonts.googleapis.com;img-src 'self' blob: data: covid-19-kort.dk *.datafordeler.dk *.siteimproveanalytics.io *.basemaps.cartocdn.com *.siteimproveanalytics.io *.basemaps.cartocdn.com statistik.cm.ssi.dk statistik.ssi.dk;font-src 'self' *.typekit.net *.typekit.net *.gstatic.com;frame-src 'self' *.cookiebot.com *.youtube-nocookie.com ourworldindata.org;base-uri 'self';form-action 'self' ssi.us6.list-manage.com *.uxmail.io *.highcharts.com;connect-src 'self' covid-19-kort.dk *.cookiebot.com *.siteimprove.com; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-jRElbHbmD4T8kGmb9Gy7QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.amerinoc.com https://*.amerinoc.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
connect-src 'self' https://analytics.freedom.press https://checkout.stripe.com https://cdn.jsdelivr.net https://pressfreedomtracker.us https://media.freedom.press; form-action 'self' https://ipnpb.sandbox.paypal.com https://ipnpb.paypal.com https://checkout.stripe.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://boards.cdn.greenhouse.io https://commerce.coinbase.com/; default-src 'self'; media-src 'self' https://media.freedom.press; frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://boards.greenhouse.io https://commerce.coinbase.com/; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://pressfreedomtracker.us https://s5-recruiting.cdn.greenhouse.io https://media.freedom.press; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run https://commerce.coinbase.com/ https://boards.greenhouse.io; object-src 'self' https://media.freedom.press; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
default-src 'self' https:; connect-src 'self' stats.byjus.com streaming.byjus.com *.amazonaws.com byju.pc.cdn.bitgravity.com d2gfdr9obzcioh.cloudfront.net byjus.akamaized.net byjus-in.akamaized-staging.net byjus-in.akamaized.net gcdn.byjus.com bfs-gcdn.byjus.com gcdn-staging.byjus.com bfs-gcdn-staging.byjus.com byjus-k3-vod.akamaized.net *.tllms.com; font-src 'self' https: data:; frame-ancestors 'self' *.byjus.com byjus.com *.byjusweb.com *.tllms.com tllms.com www.google.com *.aakashdigital.com aakashdigital.com *.byjusresources.com byjusresources.com; frame-src 'self' *.byjus.com/ byjus.com *.tllms.com tllms.com www.youtube.com www.google.com *.aakashdigital.com aakashdigital.com *.byjusresources.com byjusresources.com; img-src 'self' https: data: http: blob:; media-src 'self' blob: streaming.byjus.com byju.pc.cdn.bitgravity.com byjus.akamaized.net byjus-in.akamaized-staging.net byjus-in.akamaized.net gcdn.byjus.com bfs-gcdn.byjus.com gcdn-staging.byjus.com bfs-gcdn-staging.byjus.com byjus-k3-vod.akamaized.net *.tllms.com; object-src 'none'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com www.google.com www.googleadservices.com k12questions.tllms.com; style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; connect-src 'self' www.google-analytics.com cdn.plyr.io noembed.com *.google.com *.google.com.ua *.doubleclick.net *.yandex.ru *.facebook.com *.facebook.net *.usabilla.com *.accor.com *.accorhotels.com www.googletagmanager.com maps.googleapis.com staticaws.fbwebprogram.com *.accorhotels.ws www.ahstatic.com cdn.hypemarks.com *.twic.pics themes.googleusercontent.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css maps.gstatic.com fonts.gstatic.com fonts.googleapis.com *.youtube.com *.vimeo.com *.googleadservices.com ipinfo.io cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.ytimg.com *.atdmt.com *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com *.cloudfront.net *.sojern.com sojern.com rixoshappydays.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.google.fr *.quiq-api.com *.quiq-cdn.com *.goquiq.com i.ctnsnet.com top-fwz1.mail.ru; font-src *; frame-src 'self' cdn.hypemarks.com *.accorhotels.ws *.youtube.com *.accorhotels.com *.vimeo.com *.facebook.com *.doubleclick.net *.usabilla.com *.sojern.com sojern.com *.criteo.com criteo.com *.criteo.net criteo.net *.snapchat.com *.quiq-cdn.com *.quiq-api.com i.ctnsnet.com top-fwz1.mail.ru; img-src * data:; media-src 'self' *.youtube.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com blob: unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; script-src-elem 'self' 'unsafe-inline' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 1
default-src https: data: 'unsafe-inline' blob: 'unsafe-eval';frame-ancestors *.taylormorrison.com; 1
default-src 'self' *.harkins.com *.youtube.com; connect-src 'self' *.harkins.com cdn.cookielaw.org *.google-analytics.com *.icanhazip.com *.ipify.org *.ifconfig.co vimeo.com *.vimeo.com geolocation.onetrust.com *.dayforcehcm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org *.youtube.com *.facebook.net *.googleadservices.com movienewsletters.net *.google.com *.gstatic.com; child-src harkins.com player.vimeo.com *.youtube.com *.google.com; style-src 'self' 'unsafe-inline' *.harkins.com; font-src 'self'; img-src 'self' data: *.harkins.com *.imgix.net *.google-analytics.com *.ytimg.com *.harkinsmedia.harkins.com *.devcms.harkins.com *.harkinspopcorn.com cdn.cookielaw.org; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.searchspring.net seoab.io *.cloudmaestro.com cdn.noibu.com *.bluecore.com *.googleapis.com *.nr-data.net *.pcapredict.com carlsgolf.resultspage.com carlsgolf.resultsdemo.com *.bronto.com *.userway.org *.cloudflare.com container.pepperjam.com *.newrelic.com *.carlsgolfland.com sealserver.trustwave.com *.yotpo.com usrwy.com *.google.com www.googleoptimize.com www.gstatic.com *.rackcdn.com bat.bing.com *.sli-spark.com *.facebook.net *.doubleclick.net *.hotjar.com *.appspot.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.signifyd.com *.paypal.com www.paypalobjects.com js.authorize.net js.braintreegateway.com services.postcodeanywhere.co.uk *.resultspage.com secure.wufoo.com widget.modernretail.com www.trustedsite.com cdn.noibu.com g.microsoft.com cdn.ywxi.net cdn.yottaa.com static.wufoo.com web-assets.stylitics.com assets.adobedtm.com apps.golfstixvalueguide.com apps.bazaarvoice.com c.tvpixel.com srd.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com mpsnare.iesnare.com www.smarterlessons.com *.bazaarvoice.com www.ascendpartner.com polaris.truevaultcdn.com convertexperiences.com *.convertexperiments.com www.youtube.com/iframe_api www.youtube.com/s/player/9d15588c/www-widgetapi.vflset/www-widgetapi.js www.youtube.com; report-uri /.webscale/csp-report 1
default-src 'self' prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com geoid.investisdigital.com www.googletagmanager.com www.connectidfeed.com; img-src 'self' 'unsafe-inline' data: prosus-corp.cm.invdcloud-is.co.uk google-analytics.com prosus-corp.cd.invdcloud-is.co.uk www.google.com www.google.co.in viz.tools.investis.com *.brightcove.com *.boltdns.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com www.connectidfeed.com p.typekit.net; frame-src 'self' prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk otp.tools.investis.com cdn.jsdelivr.net www.youtube.com cdnjs.cloudflare.com www.google.com code.jquery.com www.google-analytics.com fonts.googleapis.com www.googletagmanager.com www.connectidfeed.com irs.tools.investis.com; style-src https://assets.investisdigital.com 'self' 'unsafe-inline' 'unsafe-eval' p.typekit.net prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk viz.tools.investis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com use.typekit.net; script-src https://assets.investisdigital.com 'self' 'unsafe-inline' otp.tools.investis.com www.youtube.com connect.facebook.net 'unsafe-eval' prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk unpkg.com www.google.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com viz.tools.investis.com www.google-analytics.com www.googletagmanager.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com use.typekit.net irs.tools.investis.com; media-src 'self' blob: prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk *.brightcovecdn.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com; connect-src www.google-analytics.com assets.investisdigital.com viz.tools.investis.com prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk www.prosus.com stats.g.doubleclick.net www.connectidfeed.com *.brightcove.com geoid.investisdigital.com region1.google-analytics.com cookiemanager.investisdigital.com www.youtube.com *.google.com fonts.googleapis.com; font-src 'self' prosus-corp.cm.invdcloud-is.co.uk prosus-corp.cd.invdcloud-is.co.uk www.connectidfeed.com www.googletagmanager.com use.typekit.net; 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://matomo.ria.ee/ https://search.service.vportal.ee/v1/search/ria https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com https://www.google-analytics.com unpkg.com https://matomo.ria.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com https://www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.doubleclick.net static.doubleclick.net *.ytimg.com maps.google.com *.googleapis.com maps.gstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net tagmanager.google.com www.google.com www.google.co.uk www.googletagmanager.com www.google-analytics.com *.google-analytics.com www.gstatic.com www.youtube.com *.googlesyndication.com *.googleadservices.com code.jquery.com pixel.quantserve.com rules.quantcount.com secure.quantserve.com *.syn-finity.com syn-document-manager.s3.amazonaws.com static-pages.s3.amazonaws.com cdn.synthetix.com synthetix.net www.synthetix.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.userzoom.com *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com polyfill.io *.cookiebot.com *.networxrecruitment.com *.proofpoint.com *.monitor.azure.com;object-src 'none';style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ytimg.com *.google.com *.googleapis.com *.userzoom.com cdn.synthetix.com fscs.syn-finity.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com polyfill.io *.cookiebot.com *.networxrecruitment.com *.proofpoint.com;img-src 'self' data: *.doubleclick.net *.ytimg.com img.youtube.com maps.google.com *.googleapis.com maps.gstatic.com stats.g.doubleclick.net tagmanager.google.com www.google.co.uk www.google.com www.google.be www.google.de www.googletagmanager.com www.google-analytics.com *.google-analytics.com www.youtube.com pixel.quantserve.com rules.quantcount.com secure.quantserve.com fscs.syn-finity.com www.synthetix-ec2.com cdn.synthetix.com s3-eu-west-1.amazonaws.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.userzoom.com *.vimeo.com *.vimeocdn.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com *.cookiebot.com *.networxrecruitment.com *.proofpoint.com;media-src 'self' data: static-pages.s3.amazonaws.com cdn.synthetix.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com *.cookiebot.com *.networxrecruitment.com *.proofpoint.com;frame-src 'self' www.google.com www.youtube.com s.userzoom.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com *.cookiebot.com *.networxrecruitment.com *.proofpoint.com mailto:;font-src 'self' data: fonts.gstatic.com cdn.synthetix.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com polyfill.io *.cookiebot.com *.networxrecruitment.com *.proofpoint.com;connect-src 'self' www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com googleads.g.doubleclick.net *.google.com api.syn-finity.com/ static.synthetix.com static-pages.s3.amazonaws.com cdn.synthetix.com api.synthetix.com/ wss://*.hotjar.com *.hotjar.com *.hotjar.io *.vimeo.com *.acast.com *.facebook.com *.facebook.net *.ads-twitter.com t.co analytics.twitter.com polyfill.io *.cookiebot.com *.networxrecruitment.com *.applicationinsights.azure.com;frame-ancestors 'self';report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' funio.com; upgrade-insecure-requests; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.tapchicongthuong.vn https://tapchicongthuong.vn 1
default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src *.vimeo.com 'sha256-2Zrb6zN8dNpvwHBwaUDDSF+jeh4WYZ9kbJRUuxybtG4=' 'self' 'unsafe-inline' 'sha256-5OymhpR6qVnqH6bHYAWzhw+ZcCVObeFD7tWhJGfkTNc=' 'sha256-renT1fgpWNd1VbNKBl57nwZTsvf4GYYlpaZFKmYCOVU=' 'sha256-FQXAU7wh37O5njqt/CuCb56bFgJU9pN16bAzs/gIT8o=' 'sha256-9SyXpTiqN1qSyT4OJWfHNDrHJu2koqIV8VyqkUsa8OY=';style-src 'self';object-src 'none';frame-src 'self' *.vimeo.com 1
frame-ancestors 'self' https://www.magentasport.de 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors *.centracare.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://analytics.google.com https://s.w.org/ https://secure.gravatar.com/ https://www.googletagmanager.com https://fonts.googleapis.com/ https://apply.csp.edu/ https://fonts.gstatic.com/ https://use.fontawesome.com https://mx.technolutions.net/ https://snap.licdn.com/ https://sc-static.net/ https://connect.facebook.net/ https://app.leadsrx.com/ https://analytics.tiktok.com/ https://tr-shadow.snapchat.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://pagead2.googlesyndication.com/ https://www.google.com/ https://cdn.linkedin.oribi.io https://maps.googleapis.com/ https://maps.gstatic.com/ https://px.ads.linkedin.com https://tags.srv.stackadapt.com https://www.youtube.com/ https://yoast.com/ https://cdn.jsdelivr.net https://www.gstatic.com https://fonts.bunny.net https://wpmudev.com https://premium.wpmudev.org https://www.semrush.com https://cdn.semrush.com https://static.semrush.com https://www.google-analytics.com https://api.amplitude.com https://tr.snapchat.com https://tcc.ruffalonl.com/ https://csp.hometownticketing.com/ https://assets.hometownticketing.com https://cdn.yoshki.com https://s7.addthis.com https://cdn.pannellum.org https://tr6.snapchat.com; frame-ancestors 'self'; 1
default-src 'self';   script-src 'unsafe-inline' 'unsafe-eval' 'self' https://media.realinstitutoelcano.org https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com http://www.google-analytics.com https://*.gstatic.com https://ajax.googleapis.com https://*.youtube.com https://platform.twitter.com https://analytics-eu.clickdimensions.com https://*.twitter.com https://cdn.syndication.twimg.com;   style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://use.fontawesome.com https://media.realinstitutoelcano.org https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://*.twitter.com https://ton.twimg.com;   object-src 'none';   base-uri 'self';   connect-src 'self' https://yoast.com https://media.realinstitutoelcano.org https://www.google-analytics.com https://stats.g.doubleclick.net *.fontawesome.com *.google-analytics.com *.analytics.google.com;   font-src 'self' https://use.fontawesome.com https://media.realinstitutoelcano.org data:;   child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com;   frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://platform.twitter.com/widgets.js https://app.meltwater.com/ https://platform.twitter.com/ https://*.podbean.com/ https://datawrapper.dwcdn.net;   img-src * 'self' 'unsafe-inline' https://ssl.gstatic.com *.google-analytics.com *.analytics.google.com https://media.realinstitutoelcano.org data:;   manifest-src 'self';   media-src 'self';   worker-src 'self'; 1
frame-ancestors 'self' chrome-extension://* 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.co.id *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com https://*.mncportal.id https://*.idxchannel.com https://*.idxchannel.tv https://code.jquery.com https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ *.youtube.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.ckeditor.com/ https://cdn.jsdelivr.net/ 1
default-src 'none'; connect-src googleads.g.doubleclick.net our.umbraco.com stats.g.doubleclick.net www.google-analytics.com www.google.com cdn.linkedin.oribi.io region1.analytics.google.com iwfsecurity.report-uri.com consentcdn.cookiebot.com translate.googleapis.com 'self'; font-src fonts.gstatic.com use.typekit.net 'self'; manifest-src 'self'; object-src 'self'; frame-src donorbox.org www.buzzsprout.com player.vimeo.com www.googletagmanager.com www.youtube.com consentcdn.cookiebot.com www.google.com indd.adobe.com 'self'; frame-ancestors 'self'; img-src data: t.co analytics.twitter.com fonts.gstatic.com www.google.co.uk our.umbraco.com www.gravatar.com www.googletagmanager.com www.linkedin.com www.facebook.com px4.ads.linkedin.com www.google-analytics.com px.ads.linkedin.com gtranslate.net p.typekit.net www.gstatic.com dashboard.umbraco.com i.vimeocdn.com www.google.com translate.googleapis.com translate.google.com bat.bing.com 'self'; media-src data: 'self' vimeo.com player.vimeo.com *.akamaized.net; script-src bat.bing.com static.ads-twitter.com vimeo.com www.vimeo.com ajax.aspnetcdn.com www.google.com connect.facebook.net www.googleadservices.com www.gstatic.com www.google-analytics.com snap.licdn.com translate-pa.googleapis.com consent.cookiebot.com use.typekit.net translate.google.com translate.googleapis.com consentcdn.cookiebot.com www.googletagmanager.com inline: 'unsafe-inline' 'unsafe-eval' 'self'; style-src translate.googleapis.com  www.gstatic.com inline: 'self' 'unsafe-inline'; report-uri https://iwfsecurity.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' http://www.philips.co.jp *.philips.com *.philips.co.jp https://philipsigtdpv.com 1
default-src data: 'self' https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.cognifit.com; 1
default-src https: wss: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: http://www.ispreview.co.uk http://*.ispr.co.uk data: blob:; frame-src https:; base-uri *; worker-src * https: blob:; 1
default-src 'self'; media-src 'self' ws://localhost:3035 localhost:3035 *.ctfassets.net malala.org *.malala.org *.youtube.com www.youtube.com *.twimg.com; font-src *.fontawesome.com doublethedonation.com localhost:8080 *.doublethedonation.com *.typekit.net *.googleapis.com *.cognitoforms.com *.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net 'self' data:; img-src * malala.org ws://localhost:3035 localhost:3035 *.malala.org 'self' data:; object-src 'none'; script-src malala.org *.malala.org *.gtm.js ws://localhost:3035 localhost:3000 localhost:3035 *.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com optimize.google.com doublethedonation.com *.doublethedonation.com *.bugsnag.com *.consensu.org *.givelively.org *.stripe.com *.paypal.com *.cognitoforms.com *.plaid.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.typeform.com *.typekit.net *.website-files.com d3e54v103j8qbb.cloudfront.net *.facebook.net cdnjs.cloudflare.com *.adroll.com us-u.openx.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.yahoo.com eb2.3lift.com trc.taboola.com simage2.pubmatic.com sync.outbrain.com pixel.rubiconproject.com dsum-sec.casalemedia.com pixel.advertising.com *.googleadservices.com *.ytimg.com *.audima.co *.fontawesome.com unpkg.com *.unpkg.com *.weglot.com *.jsdelivr.com *.cloudfront.net *.twitter.com *.twimg.com *.instagram.com *.tiktok.com *.ttwstatic.com *.donorbox.org *.bugherd.com *.bamboohr.com 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com optimize.google.com fonts.googleapis.com *.typekit.net *.stripe.com *.paypal.com *.website-files.com doublethedonation.com *.plaid.com *.doublethedonation.com *.googleapis.com *.givelively.org *.cognitoforms.com *.youtube.com *.vimeo.com cdnjs.cloudflare.com tagmanager.google.com unpkg.com *.unpkg.com *.ytimg.com *.weglot.com *.cloudfront.net *.twitter.com *.twimg.com *.tiktok.com *.ttwstatic.com *.bugherd.com 'self' unsafe-inline unsafe-eval 'unsafe-inline' 'unsafe-eval'; connect-src 'self' malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com *.google-analytics.com google-analytics.com localhost:8080 *.cognitoforms.com *.stripe.com doublethedonation.com *.doublethedonation.com *.paypal.com *.googletagmanager.com *.google.com *.plaid.com *.bugsnag.com *.givelively.org *.youtube.com *.vimeo.com malala.trilogyforms.com tagmanager.google.com *.ytimg.com *.plyr.io noembed.com *.type *.doubleclick.net *.weglot.com cdn-api-weglot.com *.ctfassets.net www.bugherd.com bugherd-attachments.s3.amazonaws.com ws.pusherapp.com screenshots.bugherd.com sessions.bugsnag.com t.co *.twitter.com *.twimg.com *.facebook.com *.pusher.com *.bamboohr.com; frame-src 'self' malala.org ws://localhost:3035 localhost:3035 *.malala.org *.audima.co *.stripe.com localhost:8080 optimize.google.com doublethedonation.com *.plaid.com *.doublethedonation.com *.youtube.com *.givelively.org *.vimeo.com *.typeform.com *.facebook.com *.facebook.net cdn.embedly.com *.youtube.com www.youtube.com *.youtube-nocookie.com *.ytimg.com *.tgbwidget.com tgbwidget.com *.twitter.com *.instagram.com *.twimg.com *.ted.com *.tiktok.com *.ttwstatic.com youtu.be donorbox.org *.donorbox.org; child-src *.facebook.com *.facebook.net; form-action *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.trilogyforms.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://www.thefinancials.com; font-src 'self' data: https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://ipmeta.io http://static.ads-twitter.com https://snap.licdn.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.clarity.ms https://*.vimeo.com http://fonts.googleapis.com https://www.gstatic.com https://*.vantagescore.info https://s3.tradingview.com https://www.thefinancials.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; media-src 'self' https://vimeo.com https://*.buzzsprout.com https://*.vantagescore.com https://*.vimeo.com; frame-src 'self' https://*.vimeo.com https://www.google.com https://*.vantagescore.info https://www.youtube.com https://www.tradingview-widget.com https://td.doubleclick.net https://outlook.office365.com; img-src 'self' http: https: data:; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://*.clarity.ms https://stats.g.doubleclick.net https://ipmeta.io https://cdn.linkedin.oribi.io https://*.googlesyndication.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' 'self' *.futurumtest.nl *.futurumshop.nl *.google-analytics.com *.google.com *.googletagmanager.com *.googleoptimize.com; object-src 'unsafe-eval' 'unsafe-inline' *; img-src data: 'unsafe-eval' 'unsafe-inline' *; font-src data: 'unsafe-eval' 'unsafe-inline' *; 1
script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' *.gardensbythebay.com.sg https://www.youtube.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js.adsrvr.org/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hs-script.com/ https://js.hs-scripts.com/ https://connect.facebook.net/ https://embedsocial.com/ https://www.jscache.com/ https://www.tripadvisor.com.sg/ https://www.tripadvisor.com/ https://static.tacdn.com/; frame-ancestors 'self' *.gardensbythebay.com.sg/; 1
frame-ancestors 'self' https://*.dovera.sk 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://privacyportal-eu.onetrust.com https://*.parcellab.com https://analytics.tiktok.com https://tr.snapchat.com; form-action 'self' https://www.facebook.com https://checkout.nuxe.com https://connect.facebook.net https://tr.snapchat.com https://www.nuxe.com https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://geolocation.onetrust.com https://ln-rules.rewardstyle.com https://analytics.tiktok.com https://*.ibytedtos.com https://sc-static.net https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
child-src *.folksam.se mediaarkivet.nu *.msse.se automotive-maps-external.cabgroup.net embed-dot-finwire-services.appspot.com *.reachmee.com widget.trustpilot.com wds.ace.teliacompany.com www.youtube-nocookie.com app-map-app-prod.azurewebsites.net imp.nowinteract.com *.doubleclick.net *.insurely.se *.insurely.com *.cabgroup.net 1
frame-ancestors 'self'  https://*.entrata.com https://*.brokersumo.com https://sidelineswap.com  https://evedonline.eved.com https://web.eved.com https://www.tax1099.com https://dashboard.popshop.live https://www.w3schools.com https://auvoriaprime.com https://brokersumo.com https://beta.brokersumo.com 1
frame-ancestors epraise.co.uk *.epraise.co.uk teams.microsoft.com *.teams.microsoft.com *.skype.com 1
frame-ancestors psg.sanity.studio; 1
frame-ancestors 'self' https://manage.laserfocusworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' *.mainz.de mz-piwik.sitepark.com *.geoportal.rlp.de *.tu-darmstadt.de 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.gstatic.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.federalreserve.org *.google-analytics.com *.googleapis.com cdn.syndication.twimg.com *.brightcove.net *.brightcove.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.taleo.net *.google.com *.highcharts.com; style-src 'self' 'unsafe-inline' *.youtube.com *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.googleapis.com *.taleo.net *.google.com *.highcharts.com; img-src * data:; media-src * data:; connect-src 'self' *.google-analytics.com; font-src 'self' *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.ws.frb.org *.frswebservices.org *.bostonfed.org bostonfed *.gstatic.com *.taleo.net *.google.com data:; frame-src 'self' *.libsyn.com *.facebook.net *.facebook.com *.fbcdn.net *.tableau.com app.icontact.com *.twitter.com *.youtube.com *.brightcove.net *.brightcove.com *.ws.frb.org *.frswebservices.org *.bostonfed.org *.taleo.net *.google.com data:; 1
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: 1
frame-ancestors 'self';block-all-mixed-content; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.hotjar.com *.hotjar.com/* *.clarity.ms *.clarity.ms/* https://cdn.jsdelivr.net  https://googleads.g.doubleclick.net https://bat.bing.com/p/action/17549570.js https://www.googleadservices.com https://maps.google.com https://maps.googleapis.com https://*.googleapis.com https://*.googletagmanager.com gateway.zscalertwo.net https://api.github.com *.hotjar.com hotjar.com https://code.jquery.com maxcdn.bootstrapcdn.com djtflbt20bdde.cloudfront.net snap.licdn.com js.hsadspixel.net/fb.js js.hs-scripts.com linkedin.com https://*.amazonaws.com https://*.google-analytics.com cdn.userway.org js.hs-analytics.net c.go-mpulse.net platform.linkedin.com px.ads.linkedin.com js.hs-banner.com www.google.com js.hsforms.net forms.hsforms.com www.webtraxs.com js-agent.newrelic.com bam.nr-data.net ssl.google-analytics.com js-na1.hs-scripts.com bat.bing.com; img-src 'self' www.linkedin.com https://dc.ads.linkedin.com yoast.com *.clarity.ms clarity.ms *.bing.com/* cdn.userway.org updates.themepunch-ext-a.tools leapsandbounds.io demo.magnigenie.com www.elegantthemes.com bat.bing.com www.googletagmanager.com p.adsymptotic.com embedwistia-a.akamaihd.net fast.wistia.com px.ads.linkedin.com forms.hubspot.com *.gravatar.com *.w.org gateway.zscalertwo.net smartslider3.com digitalleap.co.za wponlinesupport.com ajax.googleapis.com wpstorelocator.co www.paypal.com awsmedia.s3.amazonaws.com developers.google.com maps.googleapis.com *.sanmina.com sanmina.com maps.google.com maps.gstatic.com forms.hsforms.com www.google-analytics.com www.google.co.in www.webtraxs.com track.hubspot.com stats.g.doubleclick.net www.google.com ssl.google-analytics.com https://*.vimeocdn.com https://*.vimeocdn.com/* *.doubleclick.net data:; connect-src 'self' 'unsafe-inline' bam.nr-data.net *.clarity.ms clarity.ms api.userway.org cdn.userway.org embedwistia-a.akamaihd.net distillery.wistia.com pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io yoast.com *.yoast.com smartslider3.helpscoutdocs.com api.hubapi.com www.google-analytics.com maps.google.com maps.googleapis.com stats.g.doubleclick.net facebook.com *.hotjar.com hotjar.com wss://ws27.hotjar.com wss://ws27.hotjar.com/* wss://*.hotjar.com wss://*.hotjar.com/* *.hotjar.io *.googleapis.com https://*.bing.com ; font-src 'self' hello.myfonts.net fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.userway.org data:; style-src 'self' 'unsafe-inline' 'report-sample' ajax.googleapis.com hello.myfonts.net cdn.userway.org cdn-images.mailchimp.com fonts.googleapis.com djtflbt20bdde.cloudfront.net; object-src 'none'; frame-src 'self' https://www.elegantthemes.com www.youtube.com smartslider3.com cdn.userway.org fast.wistia.com forms.hsforms.com bid.g.doubleclick.net *.vimeo.com *.linkedin.com sanminacareers.mua.hrdepartment.com hotjar.com vars.hotjar.com *.hotjar.com https://gateway.zscalertwo.net;manifest-src 'self';base-uri 'self';form-action 'self' forms.hsforms.com forms.hubspot.com; worker-src 'self'; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com;media-src 'self' *.w.org media.licdn.com;prefetch-src 'self';report-uri https://endpoint.sanmina.com;report-to sanminadmin; 1
default-src 'self'; script-src 'self' https://websdk.appsflyer.com https://top-fwz1.mail.ru http://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://forte.overizon.io https://static.pay2u.ru https://apigw.forte.kz https://dev-apigw.fortebank.com 'unsafe-inline' https://c2d-livechat-v2.fortebank.com https://www.youtube.com https://analytics.tiktok.com https://vk.com https://forte.overizon.io https://static.pay2u.ru https://vpn-td-fo.technodom.kz https://apigw.forte.kz https://dev-apigw.fortebank.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' data: https:; media-src https://c2d-livechat-v2.fortebank.com; frame-ancestors 'self' https://forte-main-next.onedev.zone https://id.forte.kz https://f-business.forte.kz https://f-business.onedev.zone; frame-src 'self' https://forte.overizon.io https://youtube.com https://cdn-europe2-forte-kz.marketjs-cloud2.com https://engamio.live https://d2pf7hnk4a8f75.cloudfront.net https://docs.google.com https://id.forte.kz https://qa-id.forte.kz https://youtu.be https://youtube.com http://10874069.fls.doubleclick.net https://f-business.forte.kz https://f-business.onedev.zone https://www.facebook.com https://formdesigner.ru https://www.youtube.com https://main.storage-object.pscloud.io https://static.pay2u.ru; connect-src *; form-action 'self' https://www.facebook.com; base-uri 'self'; object-src 'self'; worker-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' http://ccweb-tpweb https://ccweb-tpweb.tcs.com.tw http://tcs2ccweb https://tcs2ccweb.tcs.com.tw; 1
frame-ancestors 'self' https://chcf.my.salesforce.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: suggestions.dadata.ru https://cdn.jsdelivr.net *.carrotquest.app wss://realtime-services-chat-1.carrotquest.app stats.g.doubleclick.net googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.youtube.com px.adhigh.net https://cdn.rutarget.ru/ https://tag.rutarget.ru/ https://static.criteo.net https://*.criteo.com mc.yandex.ru top-fwz1.mail.ru vk.com *.bitrix.info https://bitrix.info rtc-cloud-ms1.bitrix.info 2ed7hhm4e.de https://www.artfut.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: suggestions.dadata.ru https://cdn.jsdelivr.net https://pickpoint.ru *.carrotquest.app wss://realtime-services-chat-1.carrotquest.app stats.g.doubleclick.net googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com px.adhigh.net https://cdn.rutarget.ru/ https://tag.rutarget.ru/ https://static.criteo.net https://*.criteo.com mc.yandex.ru https://api-maps.yandex.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net top-fwz1.mail.ru vk.com *.bitrix.info https://bitrix.info rtc-cloud-ms1.bitrix.info 2ed7hhm4e.de https://www.artfut.com;connect-src 'self' wss://*.carrotquest.app https://api.carrotquest.app https://rts-v2.carrotquest.app wss://realtime-services-chat-1.carrotquest.app suggestions.dadata.ru https://cdn.jsdelivr.net wss://*.bitrix.info https://bitrix.info https://mc.yandex.ru https://top-fwz1.mail.ru https://2ed7hhm4e.de https://2bdqa6hje.de https://analytics.google.com https://www.google-analytics.com https://google.ru https://*.google.ru https://stats.g.doubleclick.net https://vk.com;img-src 'self' data: blob: https://cm.adform.net https://dpm.demdex.net https://beacon.krxd.net https://*.thebrighttag.com https://*.taboola.com https://cdek.ru https://*.cdek.ru https://id5-sync.com mc.yandex.ru counter.yadro.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru/clck/counter/* https://visitor.omnitagjs.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://ib.adnxs.com https://r.casalemedia.com *.criteo.net *.criteo.com https://gum.criteo.com criteo-sync.teads.tv https://rtb-csync.smartadserver.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://criteo-partners.tremorhub.com https://trends.revcontent.com https://match.sharethrough.com https://e1.emxdgt.com https://x.bidswitch.net https://contextual.media.net https://pixel.rubiconproject.com px.adhigh.net *.carrotquest.app https://api.carrotquest.app ad.mail.ru www.google-analytics.com www.google.ru www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://cm.g.doubleclick.net http://vk.com;font-src 'self' data: *.carrotquest.app fonts.gstatic.com;style-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' blob: data: *.getweave.com *.pantheonsite.io vercel.app vercel.live/ *.vercel.com *.google.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com https://googleads.g.doubleclick.net *.doubleclick.net https://fonts.gstatic.com https://storage.googleapis.com *.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com https://*.youtube.com https://i.ytimg.com/ https://tracking.g2crowd.com *.krxd.net *.facebook.net https://usermatch.krxd.net/ https://sp.analytics.yahoo.com ups.analytics.yahoo.com https://analytics.tiktok.com www.facebook.com q.quora.com px.ads.linkedin.com alb.reddit.com analytics.pangle-ads.com/api/ dpm.demdex.net/ dsum-sec.casalemedia.com/ *.addthis.com/ uipglob.semasio.net/ *.bidswitch.net/ *.acsbapp.com https://tags.bluekai.com *.steelhousemedia.com https://sockjs-mt1.pusher.com/ insight.adsrvr.org match.adsrvr.org https://p.adsymptotic.com assets.adobetm.com https://www.rumiview.com *.qualified.com https://*.clarity.ms *.bing.com *.marketo.com https://*.fls.doubleclick.net *.youtube.com www.facebook.com https://bid.g.doubleclick.net https://vercel.live/ https://vercel.com hemsync.clickagy.com https://fast.wistia.com/ https://fast.wistia.net/ ws: https://35.85.84.151/ https://44.238.122.172/ https://100.20.58.101/ https://44.228.85.26/ https://34.215.155.61/ https://35.160.46.251/ cdn.linkedin.oribi.io *.onetrust.com https://hooks.zapier.com https://*.yimg.com https://optanon.blob.core.windows.net https://s.yimg.com https://cdn.cookielaw.org wss://ws.qualified.com vitals.vercel-insights.com mktoresp.com js.callrail.com stats.g.doubleclick.net 375-gva-419.mktoresp.com 037-RRA-485.mktorest.com analytics.tiktok.com https://sockjs-mt1.pusher.com/ wss://ws-mt1.pusher.com/ js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com https://cdn.growthbook.io https://*.clarity.ms/collect blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net pipedream.wistia.com/ https://*.litix.io https://sweepwidget.com/ https://sweepwidgethosts.fra1.cdn.digitaloceanspaces.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com hello.myfonts.net *.marketo.com https://www.googletagmanager.com/debug/badge.css blob: https://fast.wistia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.marketo.com *.g2crowd.com *.bing.com *.dialogtech.com *.cloudfront.net https://www.rumiview.com https://s.yimg.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net *.google.com https://www.googleanalytics.com https://analytics.tiktok.com https://cdn.cookielaw.org https://js.drift.com connect.facebook.net *.qualified.com *.mountain.com munchkin.marketo.net js.callrail.com cdn.callrail.com www.redditstatic.com snap.licdn.com assets.adobedtm.com insight.adsrvr.org https://polyfill.io https://vitals.vercel-insights.com https://vercel.live/ https://vercel.com https://fast.ssqt.io *.vercel-scripts.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com *.acsbapp.com https://acsbapp.com https://*.clarity.ms https://va.vercel-scripts.com/v1/script.debug.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://sweepwidget.com/w/j/w_init.js https://sweepwidget.com/external/ui/iframe/js/iframeResizer.js a.quora.com/qevents.js 1
frame-ancestors 'self'; default-src 'self'  'unsafe-eval' 'unsafe-inline' http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com  sin-col.eum-appdynamics.com cdn.appdynamics.com *.tt.omtrdc.net idealanalyticsapi.dbs.com maps.gstatic.com *.googleapis.com *.ggpht.com v1.addthisedge.com v1.addthis.com http://track.zmails.co.in http://tracking.zmails.org http://tracking.affiliatehub.co.in ads.instabid.tech match.adsrvr.org http://www.outbrain.com adgebra.co.in ad.admitad.com http://tracking.trubiz.in smxindia.in pixel.tapad.com http://www.media-server.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd chatbanking.dbs.com directline.com directline.botframework.com qmslivechat.dbs.com wss://qmslivechat.dbs.com wss://chatbanking.dbs.com wss://directline.botframework.com tpt.mysocialpixel.com js.adsrvr.org *.fls.doubleclick.net www.googletagmanager.com tagmanager.google.com  www.google-analytics.com analytics.google.com  maps.googleapis.com  maps.gstatic.com  fonts.gstatic.com  ds-aksb-a.akamaihd.net  tags.crwdcntrl.net  googleads.g.doubleclick.net  secure-ds.serving-sys.com  px.ads.linkedin.com  bs.serving-sys.com  www.googleadservices.com  fonts.googleapis.com  sjs.bizographics.com  bcp.crwdcntrl.net  connect.facebook.net  www.google.com  www.google.com.sg  stats.g.doubleclick.net  cdnjs.cloudflare.com  s.go-mpulse.net  c.go-mpulse.net  www.gstatic.com  dbs.112.2o7.net  dbs.demdex.net  www.youtube.com  www.facebook.com  chart.googleapis.com  maxcdn.bootstrapcdn.com  somniture.dbs.com.sg  www.dbs.com  code.jquery.com  bid.g.doubleclick.net  www.dbs.com.sg  assets.adobedtm.com  m.addthis.com  s7.addthis.com  graph.facebook.com  api-public.addthis.com  m.addthisedge.com  www.linkedin.com  www.dbs.com  *.akstat.io  sp.analytics.yahoo.com  cdn.taboola.com  snap.licdn.com  amplify.outbrain.com  http://www.dbs.com  dbs.mc.eu1.kontiki.com trc.taboola.com tr.outbrain.com amplifypixel.outbrain.com login.eu1.kontiki.com www.outbrain.com lx.eu1.kontiki.com sts.dbs.com secure.adnxs.com ade.clmbtech.com insight.adsrvr.org wifi.roamm.com secure.adnxs.com thinkresult.go2cloud.org ade.clmbtech.com dpm.demdex.net dbs.sc.omtrdc.net data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.camsonline.com maxcdn.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com  https://stats.g.doubleclick.net *.google.com *.gstatic.com *.facebook.net https://www.googletagmanager.com *.camsonline.com *.google-analytics.com *.googleapis.com mozilla.github.io data:;connect-src 'self' 'unsafe-inline'*.google.com analytics.google.com www.youtube.com  https://stats.g.doubleclick.net *.facebook.net *.camsonline.com *.google-analytics.com *.googleapis.com *.gstatic.com data:; font-src 'self' 'unsafe-inline' *.gstatic.com  *.camsonline.com maxcdn.bootstrapcdn.com data:; img-src 'unsafe-inline'  * data:; frame-src 'self' 'unsafe-inline' *.camsonline.com https://td.doubleclick.net https://www.googletagmanager.com *.google.com www.youtube.com; media-src 'self' 'unsafe-inline' www.youtube.com 1
frame-ancestors https://omni.shopkeepapp.com https://www.shopkeepapp.com https://embedded.shopkeepapp.com https://*.mybigcommerce.com; connect-src https://*.shopkeep.com https://*.shopkeepapp.com https://bam.nr-data.net https://static.zuora.com https://c.la4-c2cs-chi.salesforceliveagent.com https://www.facebook.com https://connect.facebook.net https://127.0.0.1:* https://localhost:* https://*.shopkeepdev.com https://s.yimg.com https://*.qualtrics.com https://ajax.googleapis.com https://*.gstatic.com https://*.googleapis.com https://*.yahoo.com https://code.jquery.com https://bat.bing.com https://ssl.bing.com https://*.akamaihd.net about; script-src https://cdn-javascript.net https://cdn-js.net https://cdnjs.cloudflare.com https://*.shopkeep.com https://www.google.com https://*.shopkeepapp.com https://*.cloudfront.net https://bam.nr-data.net https://*.googleapis.com https://connect.facebook.net https://*.salesforceliveagent.com https://sp.analytics.yahoo.com https://cdn.jsdelivr.net/gh/snowplow https://commondatastorage.googleapis.com https://analytics.twitter.com https://static.ads-twitter.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.zuora.com 'unsafe-inline' 'unsafe-eval' https://*.qualtrics.com https://*.shopkeepdev.com https://*.storage.googleapis.com https://s3.amazonaws.com data blob about https://cdn.bigcommerce.com https://cdn.plaid.com https://*.akamaihd.net https://cdn-javascript.net https://cdn.bigcommerce.com https://*.akamaihd.net http://www.sbx-media.com https://www.mrlmedia.net http://*.primehealthcare.com https://ajax.googleapis.com https://js.stripe.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *; 1
default-src 'self' 'unsafe-inline' www.vinci.com;img-src 'self' 'unsafe-inline' data: www.vinci.com abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com www.facebook.com *.gstatic.com maps.google.com translate.google.com *.googleapis.com www.google-analytics.com i.vimeocdn.com i.ytimg.com;style-src 'self' 'unsafe-inline' 'report-sample' www.vinci.com ton.twimg.com platform.twitter.com translate.googleapis.com fonts.googleapis.com www.gstatic.com;font-src 'self' www.vinci.com fonts.googleapis.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: www.vinci.com cdn.syndication.twimg.com www.linkedin.com platform.linkedin.com platform.twitter.com https://connect.facebook.net www.google-analytics.com maps.google.com maps.googleapis.com ajax.googleapis.com www.gstatic.com data1.iti-maps.fr player.vimeo.com;connect-src 'self' www.vinci.com maps.googleapis.com www.google-analytics.com;frame-src 'self' streaming2.vinci.com syndication.twitter.com platform.twitter.com www.linkedin.com www.facebook.com vinci-stocksheet.webfg.net vinci-crm.seitosei.eu vinci-cercle-crm.seitosei.eu www.youtube-nocookie.com www.youtube.com sdk.companywebcast.com *.vimeo.com;frame-ancestors 'self' www.vinci.com;object-src 'self' www.vinci.com www.flickr.com;report-uri https://vincinet.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org d1w4q6ldc8l0qo.cloudfront.net data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.libsyn.com *.userway.org sumo.com sumome.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io about: d1w4q6ldc8l0qo.cloudfront.net data: media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com; manifest-src ammo.com d1w4q6ldc8l0qo.cloudfront.net; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com api.bufferapp.com assets.voyagetext.com blob: browser.sentry-cdn.com buttons.reddit.com cdn.ravenjs.com code.jquery.com d1w4q6ldc8l0qo.cloudfront.net https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 reddit.com seal.verisign.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com widgets.pinterest.com www.linkedin.com www.reddit.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org d1w4q6ldc8l0qo.cloudfront.net sload.sumo.com sumo.b-cdn.net 1
frame-ancestors https://c.zmags.com https://creator.zmags.com https://*.sgproof.com 1
default-src https://*.gstatic.com/ https://*.googleapis.com/ https://plugins.blueconic.net/ https://*.googlesyndication.com/ https://www.psv.nl/ https://psv.gxcloud.net/ https://www-psv.gxcloud.net/ 'self' 'unsafe-inline'; font-src https://cdn.leadinfo.net/ https://fonts.gstatic.com/ 'self'; child-src  'self'; connect-src https://*.snapchat.com/ https://*.analytics.google.com https://px.ads.linkedin.com https://*.google-analytics.com/ https://*.mux.com/ https://*.cfcdn.mux.com/ https://cdn.jwplayer.com/ https://*.nudgify.com/ https://*.leadinfo.com/ https://*.leadinfo.net/ https://analytics.tiktok.com/ https://api.coindesk.com/ https://*.psv.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://www.google-analytics.com/ https://*.jwpltx.com/ wss://socket.tidio.co/ https://*.googlesyndication.com/ https://*.jwpsrv.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ https://api.pushbird.com/ https://*.jwplayer.com/ https://ssl.p.jwpcdn.com/ https://content.jwplatform.com/ https://psv.blueconic.com/ https://www.powr.io/ https://stream.mux.com/ https://analytics.pangle-ads.com/ 'self'; frame-src https://*.freshchat.com https://*.gxcloud.net https://securepubads.g.doubleclick.net/ https://wchat.eu.freshchat.com/ https://outlook.office365.com https://*.typeform.com/ https://youreka-virtualtours.be/ https://acties.psv.nl/ https://heuvelman360.nl/ https://*.eazegames.com/ https://service2.loyaltyinabox.com/ https://*.psv.nl/ https://secure.espncdn.com/ https://e.issuu.com/ https://*.freshchat.com/ https://*.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com/ https://tr.snapchat.com/  https://www.sporcle.com/ https://*.youtube.com/ https://*.googleapis.com/ https://service.psv.nl/ https://pushbird.com/ https://maak-agenda.nl/ https://g.jwpsrv.com/ https://imasdk.googleapis.com/ https://www.youtube.com/ https://stanza.co/ https://www.powr.io/ https://*.twitter.com/ https://*.facebook.com/ https://www.google.com/ https://*.hotjar.com/ https://*.leadfamly.com/ 'self'; frame-ancestors https://acties.psv.nl/ https://*.eazegames.com/ https://m.youtube.com/ https://www.youtube.com/ https://app.clonable.net/ 'self'; img-src https://analytics.twitter.com https://*.mux.com/ https://*.cfcdn.mux.com/ https://mfyh.ams3.cdn.digitaloceanspaces.com/ https://cdn.leadinfo.net/ https://www.psvfanstore.nl/ https://*.psv.nl/ https://px.moatads.com/ https://secure.espncdn.com/ https://ib.adnxs.com/ https://t.co/ https://psv.sb.blueconic.net/ https://www.google.ie/ https://*.linkedin.com/ https://*.maxcdn.com/  https://cdn.psvfanstore.nl/ https://*.smartclip.net/ https://www.facebook.com/ https://*.jwpltx.com/ https://psv.blueconic.com/ https://cdn.pushbird.com/ https://*.spotxchange.com/ https://*.googlesyndication.com/ https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com/ https://content.jwplatform.com/ https://jwpltx.com/ https://www.googletagmanager.com/ https://www.google.nl/ https://www.google.com/ https://stats.g.doubleclick.net/  https://www.google-analytics.com/ https://beacon.krxd.net/ https://*.lfeeder.com/ https://images.unsplash.com https://cdn.jwplayer.com/ 'self' data:; media-src https://live-cdn.jwplayer.com/ https://*.mux.com/ https://*.cfcdn.mux.com/ https://mfyh.ams3.cdn.digitaloceanspaces.com/ https://*.studio040.nl/ https://*.jwpsrv.com/ https://content.jwplatform.com/ https://*.jwpltx.com/ https://*.tidiochat.com/  http://gcdn.2mdn.net/videoplayback/id/ https://cdn.jwplayer.com/ https://www.psv.nl/ https://psv.gxcloud.net/ https://www-psv.gxcloud.net/ blob: 'self'; object-src  'self'; script-src https://ajax.googleapis.com/ https://s0.2mdn.net/ http://www.foxsports.nl 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.typeform.com/ https://www.googletagmanager.com/ https://youreka-virtualtours.be/ https://fonts.googleapis.com/ https://cdn.leadinfo.net/ https://*.psv.nl/ https://*.freshchat.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' 'unsafe-inline' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net marketo.net *.mktoresp.com *.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com https://csgcreative.com/ csgcreative.com https://optinmonster.com https://a.omappapi.com/ *.typekit.net use.typekit.net https://onpeak.s3.amazonaws.com feathr.co *.feathr.co api.42chat.com https://googlead https://snap.licd *.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.omappapi.com *.typekit.net use.typekit.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: *.typekit.net use.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com picsum.photos *.picsum.photos https://optinmonster.com https://a.omappapi.com feathr.co *.feathr.co; media-src 'self' data: blob: https://www.youtube.com; form-action 'self' https://optinmonster.com https://a.omappapi.com/; frame-src 'self' https://www.youtube.com https://optinmonster.com https://a.omappapi.com/ csgcreative.com giphy.com https://onpeak.s3.amazonaws.com app.42chat.com td.doubleclick.net appa-social-toolkit.qa-rmgmedia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com https://csgcreative.com https://giphy.com https://optinmonster.com https://a.omappapi.com/ https://onpeak.s3.amazonaws.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com apps.elfsight.com *.elfsight.com https://optinmonster.com *.omappapi.com https://onpeak.s3.amazonaws.com feathr.co *.feathr.co stats.g.doubleclick.net; plugin-types 'self' https://optinmonster.com https://a.omappapi.com/ https://onpeak.s3.amazonaws.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-src https://coins.formstack.com; 1
default-src 'self' 'unsafe-inline' data: *.google.com *.my.onetrust.com *.cookielaw.org *.googleapis.com *.gstatic.com *.onetrust.com *.g.doubleclick.net *.analytics.google.com *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookielaw.org *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.stripe.com *.googleadservices.com *.googlesyndication.com snap.licdn.com;style-src 'self' 'unsafe-inline' *.cloud.coveo.com *.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' data: https: *.google.com *.doubleclick.net; font-src 'self' data: https:;frame-src 'self' *.embedly.com *.stripe.com *.doubleclick.net *.google.com *.googletagmanager.com *.youtube.com alsenvironmental.wufoo.com;object-src 'none'; form-action 'self' *.westpac.com.au *.payjunction.com; report-uri https://9854a28f6d04362aa2f20b134deae7c0.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.seabank.ph *.googletagmanager.com *.google-analytics.com *.go-mpulse.net *.google.com *.doubleclick.net data:; 1
default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.google.com https://www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'self' https://www.woopra.com https://static.woopra.com https://www.google.com https://www.gstatic.com; 1
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com edelvivesdigitalplus.com 1
default-src 'self'; frame-src https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' https://zbrsk-a.akamaihd.net https://avito-a.akamaihd.net https://cdn.uaz.ru https://562717.selcdn.ru; connect-src 'self' https: 1
default-src  * 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: script: https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.clarity.ms; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.it https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.it https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.it;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.it  https://smetrics.vwfs.it https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.it;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.it https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.it https://smetrics.vwfs.it https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.it http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'none';base-uri 'self'; frame-src 'self' https://msg-tc-spa-as-dev.azurewebsites.net https://msg-tc-spa-as-test.azurewebsites.net https://msg-tc-spa-as-prd.azurewebsites.net *.building.govt.nz https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-no-cookie.com https://www.ytimg.com;connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com;frame-ancestors 'self';font-src 'self' data:;form-action 'self';img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.ytimg.com;manifest-src 'self';media-src 'none';object-src 'none';script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://www.googleadservices.com https://googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.eerstekamer.nl https://translate.googleapis.com ssl.p.jwpcdn.com cdn.jwplayer.com cdn-eu.readspeaker.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.eerstekamer.nl cdn.jwplayer.com cdn-eu.readspeaker.com; report-uri /cgi-bin/asnh.cgi/0000000/c/cspreport 1
default-src 'self' data: mc.yandex.ru yandex.st googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.livetex.ru *.livetex.me facebook.com facebook.net vkontakte.ru twitter.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com:* youtube.com:* www.google-analytics.com *.gstatic.com:* *.googleapis.com *.google.com mc.yandex.ru yandex.st yastatic.net *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.livetex.ru *.livetex.me vk.com facebook.com *.facebook.net vkontakte.ru *.twitter.com www.google.com *.yandex.ru abt.s3.yandex.net; style-src 'self' 'unsafe-inline' mc.yandex.ru:* *.googleapis.com *.gstatic.com:* *.fontawesome.com; img-src 'self' data: blob: mc.yandex.ru:* yastatic.net *.googleapis.com *.gstatic.com:* *.google-analytics.com *.google.ru i.ytimg.com *.livetex.ru *.livetex.me vk.com profholod.com profholod.co.uk; font-src 'self' *.gstatic.com:* *.livetex.ru *.livetex.me *.fontawesome.com;frame-src 'self' www.youtube.com:* *.yandex.ru yandex.ru dzen.ru *.livetex.ru *.livetex.me *.google.com;connect-src 'self' *.yandex.ru *.google.com *.google-analytics.com *.livetex.ru *.livetex.me *.doubleclick.net; 1
frame-ancestors 'self' https://www.steris.com https://ww1.steris.com https://archportal.steris.com https://gateway.steris.com https://sitecore-healthcare-xm-centralus-prod-cd.azurewebsites.net/ 1
frame-ancestors 'self' https://*.toyota.de https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.googleapis.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net static.cloudflareinsights.com cdn.unibuddy.co *.zmags.com *.crazyegg.com cdn.lightwidget.com *.addtoany.com static.zdassets.com *.googletagmanager.com *.google-analytics.com snap.licdn.com  *.linkedin.com *.google.com *.gstatic.com code.jquery.com *.newrelic.com cdn.ckeditor.com js.hsforms.net static.addtoany.com forms.hsforms.com svc.webspellchecker.net www.clarity.ms js.hsadspixel.net connect.facebook.net ajax.cloudflare.com https://js.usemessages.com/conversations-embed.js *.tiktok.com www.youtube.com bam.nr-data.net api.smooch.io; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com static.addtoany.com cdn.ckeditor.com svc.webspellchecker.net; img-src * data:; media-src *; frame-src 'self' *.vimeo.com *.youtube.com lightwidget.com static.addtoany.com *.google.com cdn.lightwidget.com js.hsforms.net player.simplecast.com forms.hsforms.com ucsappointments.youcanbook.me banepay.aus.edu forms.aus.edu www.podbean.com my.matterport.com; frame-ancestors 'self'; child-src 'self' 'unsafe-inline'; font-src *; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
child-src  www.paypalobjects.com   https://www.lehmans.com/LtkWebPush/ServiceWorker.js; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles lehmans.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com  *.searchspring.io *.sezzle.com *.comm100.io s.yimg.com *.yotpo.com *.quora.com *.yottaa.net *.google.com www.googletagmanager.com  ascendpartner.com *.ascendpartner.com *.udev1a.net content.hotjar.io *.hotjar.com cdn.cookielaw.org geolocation.onetrust.com udev1a.net *.parcellab.com *.pinterest.com ssl.kaptcha.com; default-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com *.pinterest.com; font-src 'self' lehmans.commercev3.com s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: *.yotpo.com *.comm100.com www.paypalobjects.com mediacdn.espssl.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com link.lehmans.com https://link.lehmans.com/q/RsJKyjQ9D7Mz6kSz-xnjYta9dzKSKAnwPi; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com www.youtube.com *.listrak.com www.googletagmanager.com *.time.ly vars.hotjar.com *.criteo.com *.criteo.net lehmans.forms-db.com   https://res.cloudinary.com *.pinterest.com  fs27.formsite.com *.vimeo.com tst.kaptcha.com ssl.kaptcha.com *.sezzle.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com ssl.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com *.quora.com *.lehmans.com *.yotpo.com sp.analytics.yahoo.com *.sezzle.com *.yottaa.net *.searchspring.io mediacdn.espssl.com pippio.com *.comm100.io  i.ytimg.com *.comm100.io cdn.commercev3.net/cdn.lehmans.com *.bing.com *.gstatic.com *.yahoo.com d3cgm8py10hi0z.cloudfront.net *.wp.com *.lehmans.com ascendpartner.com *.ascendpartner.com  *.udev1a.net cdn.cookielaw.org udev1a.net cdn.lehmans.com s3.amazonaws.com/cdn.lehmans.com/ *.parcellab.com cdn.cookielaw.org  contextual.media.net  res.cloudinary.com/ *.listrak.com www.google.co.in; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.searchspring.net *.listrak.com *.yotpo.com www.intellisuggest.com api.ipstack.com widget.sezzle.com vue.comm100.com a.quora.com s.yimg.com sealserver.trustkeeper.net container.pepperjam.com code.murdoog.com a40.usablenet.com  www.intellisuggest.com *.yottaa.net www.youtube.com lehmans.usablenet.com *.comm100.com www.google-analytics.com *.facebook.net *.time.ly *.facebook.net *.googleapis.com www.intellisuggest.com *.hotjar.com cdnjs.cloudflare.com *.udev1a.net ascendpartner.com *.ascendpartner.com  ga-lehmans-a40.udev1a.net *.criteo.com *.criteo.net cdn.cookielaw.org assets.forms-db.com *.parcellab.com cdn.cookielaw.org *.pinterest.com  fs27.formsite.com *.amazonaws.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.searchspring.net *.listrak.com *.yotpo.com www.intellisuggest.com api.ipstack.com widget.sezzle.com vue.comm100.com a.quora.com s.yimg.com sealserver.trustkeeper.net container.pepperjam.com code.murdoog.com a40.usablenet.com  www.intellisuggest.com *.yottaa.net www.youtube.com lehmans.usablenet.com *.comm100.com www.google-analytics.com *.facebook.net *.time.ly *.facebook.net *.googleapis.com www.intellisuggest.com *.hotjar.com cdnjs.cloudflare.com *.udev1a.net ascendpartner.com *.ascendpartner.com  ga-lehmans-a40.udev1a.net *.criteo.com *.criteo.net cdn.cookielaw.org assets.forms-db.com *.parcellab.com cdn.cookielaw.org *.pinterest.com  fs27.formsite.com *.amazonaws.com; style-src 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net *.yotpo.com *.sezzle.com *.yottaa.net lehmans.usablenet.com www.paypalobjects.com mediacdn.espssl.com  *.udev1a.net  ascendpartner.com *.ascendpartner.com  fonts.cdnfonts.com/css/satoshi *.parcellab.com *.pinterest.com *.listrak.com fonts.googleapis.com; style-src-elem 'self' s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net *.yotpo.com *.sezzle.com *.yottaa.net lehmans.usablenet.com www.paypalobjects.com mediacdn.espssl.com  *.udev1a.net  ascendpartner.com *.ascendpartner.com  fonts.cdnfonts.com/css/satoshi *.parcellab.com *.pinterest.com *.listrak.com fonts.googleapis.com; style-src-attr  'unsafe-inline'; media-src 'self' lehmans.commercev3.com s3.amazonaws.com/cdn.lehmans.com/ cdn.commercev3.net/cdn.lehmans.com/ cdn.lehmans.com www.bing.com; 1
frame-ancestors 'self' *  *.lightning.force.com  *.my.salesforce.com teams.microsoft.com *.teams.microsoft.com *.skype.com; 1
default-src 'self' blob: *.crazyegg.com; media-src 'self' data: blob: * https://www.youtube.com https://www.trumba.com https://cdn.userway.org *.crazyegg.com https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://www.sheridancollege.ca https://media-www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/; connect-src 'self' https://analytics.google.com https://cdn.userway.org https://in.hotjar.com https://ws11.hotjar.com https://script.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.curator.io https://stats.g.doubleclick.net https://www.google-analytics.com https://ka-p.fontawesome.com https://api.userway.org https://twitter.com https://api.twitter.com https://platform.twitter.com https://pbs.twimg.com https://syndication.twitter.com https://www.trumba.com https://max13.comm100.io https://chatserver13.comm100.io https://ulysses.sheridanc.on.ca https://api.tintup.com https://api13.comm100.io https://analytics.tiktok.com/ https://maps.googleapis.com https://t.co https://cdn.linkedin.oribi.io https://*.analytics.google.com https://*.g.doubleclick.net  https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com *.crazyegg.com https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://media-www.sheridancollege.ca https://www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/ https://kit.fontawesome.com https://dash13.comm100.io https://a.eu.silktide.com/ https://px.ads.linkedin.com https://content.hotjar.io wss://ws.hotjar.com; img-src 'self' data: * https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://twitter.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://ton.twimg.com https://syndication.twitter.com https://www.instagram.com https://www.trumba.com https://t.co https://maps.gstatic.com https://maps.googleapis.com https://*.analytics.google.com https://*.g.doubleclick.net  https://*.google-analytics.com https://*.googletagmanager.com www.googletagmanager.com *.crazyegg.com https://media-www.sheridancollege.ca https://www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/; frame-src 'self' https://bid.g.doubleclick.net https://sheridancollege.formstack.com https://bbox.blackbaudhosting.com https://www.youtube.com https://cdn.userway.org https://vars.hotjar.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://www.facebook.com https://www.instagram.com https://e.issuu.com https://www.trumba.com https://dash13.comm100.io https://cdn.hypemarks.com https://widget.emsicc.com https://t.co https://portal13.comm100.site/ *.sheridancollege.ca https://googleads.g.doubleclick.net https://td.doubleclick.net *.crazyegg.com https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com/ https://cdn.curator.io https://cdn.userway.org https://ka-p.fontawesome.com https://use.typekit.net https://www.trumba.com https://vue.comm100.com https://static.formstack.com https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://media-www.sheridancollege.ca https://www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/ *.crazyegg.com; script-src 'self' 'nonce-cspScrpt' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://tagmanager.google.com https://ssl.google-analytics.com https://static.formstack.com https://bbox.blackbaudhosting.com https://sheridancollege.formstack.com https://cdn.curator.io https://maps.googleapis.com https://www.youtube.com https://script.hotjar.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://cdn.userway.org https://connect.facebook.net https://analytics.formstack.com https://vc.hotjar.io https://twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://api.twitter.com https://www.instagram.com https://www.trumba.com https://snap.licdn.com https://standby.comm100vue.com https://vue.comm100.com https://max13.comm100.io https://chatserver13.comm100.io https://cdn.hypemarks.com https://formstack.com/ https://t.co https://*.googletagmanager.com *.crazyegg.com https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://www.sheridancollege.ca https://media-www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/ https://www.formstack.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://bbox.blackbaudhosting.com https://cdn.curator.io https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.formstack.com https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://www.trumba.com https://t.co https://cdn.userway.org https://it-cclz-sitecore-prod-236910-cdn-endpoint.azureedge.net https://media-www.sheridancollege.ca https://www.sheridancollege.ca https://it-cclz-sitecore-prod-236910-cd-staging.azurewebsites.net/ https://formstack.com/ *.crazyegg.com; worker-src blob:;  1
img-src 'self' data: *.mintos.com *.google-analytics.com https://i.imgur.com https://s3.eu-central-1.amazonaws.com/test-mintos-public-files/ https://s3.eu-central-1.amazonaws.com/mintos-prod-public-files/ *.googletagmanager.com *.google.com *.google.lv cdn.cookielaw.org *.onetrust.com https://accounts.zendesk.com https://cdn.kevin.eu/banks/images/ https://mintos.zendesk.com/; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.mintos.com *.google.com *.google-analytics.com *.googletagmanager.com https://www.googleoptimize.com https://www.gstatic.com https://www.googleadservices.com *.doubleclick.net *.indicative.com *.hotjar.com *.sumo.com *.licdn.com *.facebook.net *.redditstatic.com *.bing.com *.zohopublic.eu https://assets.mintos.com/webapp/ assets.zendesk.com *.chatcreate.com static.zdassets.com cdn.cookielaw.org *.onetrust.com https://cdn-eu.pagesense.io https://api.smooch.io; frame-ancestors *.mintos.com; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https://tests.services.druide https://services-tests-tmp.druide.com https://services.druide.com https://www.gravatar.com https://*.googleusercontent.com  https://googleusercontent.com https://*.fbcdn.net https://fbcdn.net https://*.fbsbx.com https://fbsbx.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; connect-src 'self' wss://cumulix.app/correcteur/corrigerWS2; object-src 'none'; child-src 'none'; media-src 'self'; manifest-src 'self'; worker-src 'none'; form-action 'none'; upgrade-insecure-requests;report-to 'csp-reports';report-uri /__rapport_csp__ 1
object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *; 1
font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com amp.azure.net data: 1
frame-ancestors *.googleapis.com *.quiteja.com.br *.gorillascode.com *.negocie.quiteja.com.br *.fontawesome.com *.gstatic.com *.ingest.sentry.io *.google.com.br *.hotjar.com *.licdn.com *.google-analytics.com *.cdnfonts.com analytics.google.com *.gorillascode-quiteja.s3.amazonaws.com gorillascode-quiteja.s3.amazonaws.com *.cloudflare.com *.jsdelivr.net *.googletagmanager.com *.googleads.g.doubleclick.net *.doubleclick.net *.auth.gorillascode.com *.gorillascode.com 1
Content-Security-Policy: default-src 'self'; object-src 'none' 1
default-src 'none'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src https://www.facebook.com https://www.youtube.com https://archivos.ujat.mx https://biblioweb.ujat.mx https://publicaciones.ujat.mx https://regeventos.ujat.mx; img-src 'self' http://archivos.ujat.mx https://archivos.ujat.mx; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src https://archivos.ujat.mx; frame-ancestors 'none'; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://; font-src 'self' https:// http://; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.sharethis.com www.gstatic.com analytics.effo.gov.hk www.google.com *.addthis.com yt3.ggpht.com www.youtube.com *.firebaseio.com *.addthisedge.com *.youth.gov.hk ; frame-src 'self' https:// http:// www.youtube.com *.sharethis.com www.google.com *.youth.gov.hk *.facebook.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' https:// http://* data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* www.google-analytics.com www.google.com yt3.ggpht.com *.sharethis.com www.youtube.com *.firebaseio.com *.youth.gov.hk ; font-src 'self' 'https://* http://* unsafe-inline' 'unsafe-eval' data:* 1
frame-ancestors 'self' https://*.plasmic.app 1
frame-ancestors 'self' kviku.ru kviku.helpdeskeddy.com 1
frame-ancestors 'self' https://my.axelos.com https://www.languagecert.org https://selt.languagecert.org 1
default-src 'none'; script-src 'nonce-bgfqMdG5zj6dHBRns6ADgltJhWOHhl2Y' 'strict-dynamic' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'self'; connect-src 'self' auth.pureaccess.com https://unpkg.com/@rive-app/; worker-src 'self' blob:; img-src 'self' blob: data: content:; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' auth.pureaccess.com; manifest-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://7r41y7nb.uriports.com/reports/report; 1
default-src wss://sdp-chatbot.cluster02.viind.io/socket.io.multitenant/ https: data: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://multimaps360.de/ https://geoportal.augsburg.de/; img-src 'self' https://*.kunden.team23.de/ https://*.augsburg-api.de/ https://*.cartocdn.com/ https://*.augsburg.de/ https://api.mapbox.com/ https://api.service-digitale-verwaltung.de/ blob: data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://placehold.co/ https://*.cloudfront.net/ https://js.monitor.azure.com/ https://dc.services.visualstudio.com/ https://*.aptrinsic.com/ https://img.youtube.com/ https://www.youtube.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://ui-stage.timetradesystems.com/ https://*.usea01.idio.episerver.net/ https://www.googletagmanager.com/ https://*.idio.co/ https://i.ytimg.com https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www04.timetrade.com/ https://cdn.livechatinc.com/tracking.js https://cdn.livechatinc.com/ https://api.livechatinc.com https://secure.livechatinc.com/ https://cdn.livechat-files.com https://cdn.livechat-static.com https://maps.googleapis.com/ https://connect.facebook.net/ https://jumbe.zaius.com/ https://analytics.google.com/ https://www.facebook.com/ https://www.definemortgagesolutions.com/ *.crazyegg.com https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/transparent.png 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.tigo.com.bo https://khipu.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://*.tigo.com.bo https://khipu.com 'sha256-Z/AlCx9qBSlRFr+8Irt7/kys2PrFeoY+csXqli+U96k=' 'sha256-aAU6VET+6nctKDKgstahQyYSaFfE/hpGFLJ/dOREHCY=' 'sha256-vtFdpshOjfLBoRlubieusOp+JyCEt7jKY56cgkWJS/Q=' 'sha256-Ri+niIDxGc2C2538WaU8umuu/wHvIFb0q5dyTCMTe3k=' 'sha256-iTEXSA6WRleLe/AaVkSUyScPgrnCJlIHbNHrhRZJA+Y=' 'sha256-Xl9qDOHilhfsIXR6pOoTBidUtMPVl7xJdwpVYive2uA=' 'sha256-eZi16SMFLk0I2ppkgR+QA78Em4+dH7fycQng8PXpEEM=' 'sha256-xq+aS8e2dxEvw6qVFuyj0MR+bGVteZlov4QYh0TvwSU=' 'sha256-l1T3p2hI/NsFmH4IT8qyW3F4BTNVb6SzHhOCQYqg7Sc=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-5Q8BLGKvDLTXeesMgddj68enFLB5ViTOglSslBdK3kc='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://*.tigo.com.bo; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
manifest-src 'self' www.egu.eu; connect-src 'self' pwk.egu.eu; frame-ancestors 'none'; img-src 'self' data: www.egu.eu imaggeo.egu.eu pwk.egu.eu *.tile.openstreetmap.org *.tiles.virtualearth.net; media-src 'self' www.egu.eu; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' www.egu.eu pwk.egu.eu dev.virtualearth.net; base-uri 'none'; default-src 'self'; style-src 'self' 'unsafe-inline' www.egu.eu; font-src 'self' data: www.egu.eu; frame-src 'self' www.egu.eu www.youtube-nocookie.com player.vimeo.com; form-action 'self'; report-uri https://mjc21yf6.uriports.com/reports/report 1
default-src 'self' https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.ilireg.ir/logoenamad.png https://trustseal.enamad.ir https://logo.samandehi.ir https://www.google-analytics.com data:; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; 1
frame-ancestors 'self' *.typingquest.com *.typingmaster.com *.herokuapp.com *.google.com *.googlesyndication.com *.doubleclick.net *.typetastic.com typetastic.com *.superawesome.tv; 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' *;    child-src * blob:;    style-src 'self' 'unsafe-inline' *;    img-src * blob: data:;    media-src * blob: data:;    connect-src *;    font-src 'self' data: https://newsletter-eurac.vercel.app; 1
frame-ancestors 'self' securian.marketing.adobe.com securian.experiencecloud.adobe.com experience.adobe.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://mlbcomblogs.mlblogs.com https://*.mlbcomblogs.mlblogs.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' *.hellobank.fr *.hellobankpro.fr *.bnpparibas *.mosaic.fr *.biapi.pro *.bnpparibas.net *.protection24.com *.facil-iti.net *.herokuapp.com *.matmut.com *.cardif-iard.fr; 1
frame-ancestors 'self' bolognafc.it; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-uavstDNxgyO+pClX2ZoWjw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' *.tullverket.se www.youtube.com www.google.com surfly.com platform.twitter.com; script-src 'self' *.tullverket.se www.google.com chat.smartcall.cc surfly.com www.gstatic.com platform.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' webstats.tullverket.se chat.smartcall.cc surfly.com; img-src 'self' *.reachmee.com; style-src 'self' platform.twitter.com chat.smartcall.cc surfly.com 'unsafe-inline'; base-uri 'self'; font-src 'self'; 1
frame-ancestors 'self' https://www.rakuten.ne.jp https://shopping.geocities.jp; 1
frame-ancestors 'self' https://teams.microsoft.com 1
frame-ancestors 'self' *.shhotelsandresorts.com pagesense-proxy.com pagesense.zoho.com 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-ekt3a09zazjpcq';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-ekt3a09zazjpcq'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.independenthealth.com *.adobedtm.com *.browser-update.org browser-update.org *.mktoresp.com *.demdex.net *.omtrdc.net *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com  *.gstatic.com *.youtube.com *.google.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googleapis.com *.bing.com *.marketo.net *.demdex.net *.virtualearth.net *.myih.com *.mypurecloud.com *.zoominfo.com *.novahealthcare.com *.bootstrapcdn.com *.vimeo.com *.jsonip.com *.office.com; font-src 'self' data: *.googleapis.com *.mypurecloud.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' data: *.independenthealth.com *.adobedtm.com *.demdex.net *.omtrdc.net *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.youtube.com *.google.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.vimeo.com *.urac.org 1
frame-ancestors 'self' youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com; frame-src 'self' https://a247752487.cdn.optimizely.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com https://www.google.com widget.trustpilot.com; 1
frame-ancestors 'self' https://bumrungrad.aflip.in https://telehealthservice.bumrungrad.com 1
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn *.brandaplb.ford.com *.brandap.ford.com  *.brandap.lincoln.com *.brandaplb.lincoln.com  *.blueland.fordstore.com.cn  *.fordstore.com.cn  *.brandauthoraplb.ford.com  *.hosts.cloud.ford.com *.ford.com.tw  *.lincoln.com.cn  *.blueland.com.cn  *.brandapftzlb.ford.com.cn *.wwwqa.brandap.ford.com *.wwwint.brandap.ford.com *.wwwdev.brandap.ford.com *.apps.pp01.cneast.cf.ford.com.cn  *.fordchinasubscription.lincolnstore.com.cn  fordchinasubscription.lincolnstore.com.cn h5.loyalty.lincoln.com.cn; connect-src https: wss: blob:; font-src https: data:; img-src https: data: blob:; media-src https:  blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self';worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-attr 'unsafe-inline'  'unsafe-eval' blob: https:; style-src-attr 'unsafe-inline'  https:; style-src-elem 'unsafe-inline'  https:;upgrade-insecure-requests; 1
default-src 'self' 'unsafe-hashes' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://cdn.userway.org https://cdn.jsdelivr.net  https://js-na1.hs-scripts.com  https://js.hubspot.com https://*.hotjar.com https://ws3.hotjar.com https://*.ws.hotjar.com https://connect.facebook.net  https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://www.gstatic.com https://js.usemessages.com https://api.hubapi.com https://ws24.hotjar.com https://ws38.hotjar.com https://ws31.hotjar.com https://googleads.g.doubleclick.net https://api.hubspot.com https://js.hscta.net https://tag.simpli.fi https://i.simpli.fi https://tag.simpli.fi/sifitag https://cta-service-cms2.hubspot.com https://static.hotjar.com https://yoast.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.cookielaw.org https://cdn.livechatinc.com  https://js.hs-scripts.com  https://js.hsforms.net https://api.livechatinc.com https://ajax.googleapis.com  https://play.vidyard.com https://www.googletagmanager.com   https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com 'unsafe-hashes' 'unsafe-inline'; style-src  'self' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.userway.org https://*.hotjar.com https://www.googletagmanager.com https://use.typekit.net https://p.typekit.net 'unsafe-hashes' 'unsafe-inline'; img-src 'self' https://secure.gravatar.com https://cdn.userway.org https://eb2.3lift.com  https://perf-na1.hsforms.com https://static.hsappstatic.net https://www.google.co.in https://www.google.com https://www.facebook.com/tr https://simplifi.partners.tremorhub.com https://pixel.tapad.com https://um.simpli.fi https://sync.intentiq.com https://pbid.pro-market.net https://loadm.exelator.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://fei.pro-market.net https://d.agkn.com/pixel  https://idsync.rlcdn.com https://sync.search.spotxchange.com https://ib.adnxs.com https://pixel.rubiconproject.com https://us-u.openx.net  https://aa.agkn.com https://pippio.com https://www.google.com/ https://sync.bfmio.com https://um.simpli.fi/empty.gif https://i.vimeocdn.com https://googleads.g.doubleclick.net  https://cm.g.doubleclick.net https://www.googleadservices.com https://play.vidyard.com https://track.hubspot.com https://perf.hsforms.com https://cdn.vidyard.com https://forms-na1.hsforms.com https://forms.hsforms.com https://no-cache.hubspot.com https://cdn.livechatinc.com https://cdn.livechat-files.com https://*.hotjar.com data: https://info.eclinicalworks.com https://www.google-analytics.com https://tag.simpli.fi/sifitag https://um.simpli.fi https://www.facebook.com/tr/ https://www.googleadservices.com https://hotjar.com https://connect.facebook.com https://10622129.fls.doubleclick.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.cookielaw.org;font-src 'self' https://cdn.livechatinc.com https://cdn.userway.org https://*.hotjar.com https://use.typekit.net data: https://fonts.gstatic.com; media-src 'self' https://cdn.livechatinc.com; prefetch-src 'self' https://play.vidyard.com;connect-src 'self' https://www.google-analytics.com  https://stats.g.doubleclick.net  https://api.userway.org https://cdn.userway.org https://ws39.hotjar.com/api/v2/sites/1368801/recordings/content https://csmetrics.hotjar.com  https://cta-service-cms2.hubspot.com wss://ws39.hotjar.com/api/v2/client/ws https://www.google.co.in https://www.google.com  http://www.w3.org/2000/ https://www.googleadservices.com/paged/conversation/ https://api.hubspot.com https://api.hubapi.com https://cdn.cookielaw.org https://yoast.com https://my.yoast.com https://geolocation.onetrust.com https://forms.hsforms.com https://in.hotjar.com   https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.livechatinc.com  https://forms.hubspot.com https://www.googleadservices.com https://play.vidyard.com;frame-src 'self' https://secure.livechatinc.com https://cdn.userway.org https://www.facebook.com  https://494616.hs-sites.com https://10622129.fls.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://www.youtube.com https://forms.hsforms.com https://maps.google.com https://vars.hotjar.com https://*.hotjar.com https://play.vidyard.com https://app.hubspot.com  https://www.google.com/recaptcha https://www.google.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZDI4MGE1OWZlM2Q4NDZhMjkxNDU0NTlkMmE4MTQ5ZDY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nvwa.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nvwa.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nvwa.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analyze.site.sa https://www.google.com/recaptcha/  https://google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://maps.gstatic.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://analyze.site.sa/; object-src https://google.com/ 'self'; img-src 'self' * data:; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; worker-src blob: 1
frame-ancestors portal.1gservers.com 1
script-src 'self' 'unsafe-eval' https://js.api.here.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com  https://ajax.googleapis.com https://www.googletagmanager.com; 1
frame-ancestors 'self' http://www.philips.com *.philips.com *.philips.com https://philipsigtdpv.com 1
frame-ancestors 'self' https://cdw.theatro360.com; 1
script-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com 1
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.mitiendadearte.com https://mitiendadearte.com https://www.craftelier.com https://it-blog.craftelier.com https://de-blog.craftelier.com https://nl-blog.craftelier.com https://pl-blog.craftelier.com https://pt-blog.craftelier.com https://ie-blog.craftelier.com https://cl-blog.craftelier.com https://static.craftelier.com https://es-blog.craftelier.com; 1
frame-ancestors 'self' https://americanreadingcompany.sharepoint.com; 1
frame-ancestors none; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 1
default-src 'self' data: https://yc.edu https://www.yc.edu https://v5.yc.edu;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d.bablic.com/ https://www.jotform.com https://pagead2.googlesyndication.com https://kit.fontawesome.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tag.simpli.fi https://bat.bing.com https://graph.instagram.com https://www.youtube.com https://bot.ivy.ai https://25livepub.collegenet.com https://api.instagram.com https://script.hotjar.com https://static.hotjar.com https://my.spectate.com https://hit.uptrendsdata.com https://script.crazyegg.com https://cdn.rlets.com https://www.googleapis.com https://cse.google.com https://www.google.com https://www.gstatic.com https://pixel.mathtag.com https://stats.g.doubleclick.net https://www.yc.edu https://v5.yc.edu https://www.googletagmanager.com https://doublethedonation.com https://pi.pardot.com https://s3-eu-west-1.amazonaws.com https://stationdata.wunderground.com https://i.simpli.fi https://connect.facebook.net https://yc.omnilert.net https://www.e2campus.net https://cdn.datatables.net https://maps.googleapis.com https://maps.google.com https://e.issuu.com http://us.libraryh3lp.com https://formscentral.acrobat.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://syndication.twitter.com https://platform.twitter.com https://rum-static.pingdom.net https://ssl.google-analytics.com www.google-analytics.com https://code.jquery.com https://libraryh3lp.com https://query.yahooapis.com;        style-src 'self' 'unsafe-inline' https://kit-pro.fontawesome.com https://www.google.com  https://www.yc.edu https://v5.yc.edu https://doublethedonation.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://ton.twimg.com;       img-src 'self' https://*.cdninstagram.com https://*.ivy-cdn.com https://yc.jotform.com https://pubads.g.doubleclick.net https://bat.bing.com https://prodssb1.yc.edu https://bot.ivy.ai https://25livepub.collegenet.com https://scontent.cdninstagram.com https://50th.yc.edu https://hit.uptrendsdata.com https://*.gstatic.com https://clients1.google.com https://www.googleapis.com https://www.google.com https://sync.adaptv.advertising.com https://stats.g.doubleclick.net https://pixel.mathtag.com https://u3s.mathtag.com https://www.yc.edu https://v5.yc.edu https://arthur2.yc.edu https://doublethedonation.com https://image.isu.pub https://i.simpli.fi https://www.facebook.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://www.yc.edu https://v5.yc.edu https://maps.googleapis.com http://weathersticker.wunderground.com http://www.phe.gov https://www.dhs.gov http://qs1016.pair.com https://scontent.xx.fbcdn.net https://courseweb.yc.edu https://weather.com https://code.jquery.com https://abs.twimg.com https://arthur2.yc.edu https://o.twimg.com https://pbs.twimg.com https://platform.twitter.com https://rum-collector.pingdom.net https://syndication.twitter.com https://ton.twimg.com www.google-analytics.com https://ssl.google-analytics.com data:;       font-src 'self' https://bot.ivy.ai data: https://kit-pro.fontawesome.com https://www.yc.edu https://v5.yc.edu https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;        child-src 'self' https://calendar.google.com https://cas.yc.edu https://www.fema.gov https://secure.touchnet.com https://yavapai.hosted.panopto.com https://arthur2.yc.edu https://platform.twitter.com https://syndication.twitter.com https://www.yc.edu https://v5.yc.edu https://www.youtube.com https://player.vimeo.com https://cdn.yoshki.com;        frame-src 'self' https://www.bablic.com https://prodssb1.yc.edu https://idp.yc.edu https://bot.ivy.ai https://public.tableau.com https://vars.hotjar.com https://my.spectate.com https://5f011bc3-d57d-4fcd-9668-5887904b779e.rlets.com https://cse.google.com https://www.google.com https://maps.googleapis.com https://cdn.knightlab.com https://player.vimeo.com https://pixel.mathtag.com https://go.pardot.com https://go2.yc.edu https://e.issuu.com https://yavapaicollege1.typeform.com https://login.yc.edu https://login.microsoftonline.com https://outlook.office.com https://outlook.com https://www.outlook.com https://outlook.live.com https://calendar.google.com https://cas.yc.edu https://www.fema.gov https://secure.touchnet.com https://yavapai.hosted.panopto.com https://arthur2.yc.edu https://platform.twitter.com https://syndication.twitter.com https://www.yc.edu https://v5.yc.edu https://www.youtube.com https://player.vimeo.com https://cdn.yoshki.com https://lgapi-us.libapps.com;        connect-src 'self' https://ka-p.fontawesome.com https://e2.bablic.com https://c.bablic.com https://capture-api.reachlocalservices.com https://vc.hotjar.io wss://ws3.hotjar.com https://in.hotjar.com https://status.yc.edu https://25livepub.collegenet.com https://yc.omnilert.net https://5f011bc3-d57d-4fcd-9668-5887904b779e.rlets.com https://cse.google.com https://apps.yc.edu https://www.facebook.com https://pingback.issuu.com https://login.microsoftonline.com https://e.issuu.com https://www.yc.edu https://v5.yc.edu https://wwwlb1.yc.edu https://wwwlb2.yc.edu https://wwwlb3.yc.edu https://wwwlb4.yc.edu https://wwwlb5.yc.edu https://wwwlb6.yc.edu;        frame-ancestors 'self' www.ycpac.com https://cas.yc.edu;       object-src 'self' https://www.youtube.com https://static.issuu.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;frame-ancestors 'self' https://*.glancetournaments.com https://*.glance.com https://afkgaming.quintype.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; media-src * blob:; report-uri sispartnerplatform.com 1
default-src 'self'; script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu  https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com https://bi.force.com https://*.salesforceliveagent.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://cdn-ukwest.onetrust.com/scripttemplates/     https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/      https://dl.episerver.net/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn.siteimprove.net/           https://ajax.googleapis.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://*.vo.msecnd.net/           https://player.vimeo.com/           https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js           http://login.edialog24.com/           https://connect.facebook.net/           https://www.googletagmanager.com/           http://www.googleadservices.com/           https://www.google-analytics.com           https://www.google.com/           https://www.google.no/           https://googleads.g.doubleclick.net/           https://stats.g.doubleclick.net/           https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://dl.episerver.net/  https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://web-sdk-eu.aptrinsic.com/api/ https://ucv.bynder.com/ https://code.jquery.com/  https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://res.cloudinary.com/gobi-technologies-as/ blob: https://d.la2s-core1.sfdc-yzvdd4.salesforceliveagent.com/; style-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline'  https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu    https://static.lightning.force.com/                   https://service.force.com/         https://bicx.secure.force.com         https://bi.force.com          https://d.la3-c1cs-cdg.salesforceliveagent.com/           https://d.la1-c1cs-cdg.salesforceliveagent.com/           https://bicx.my.salesforce.com/           https://bicx.my.salesforce-sites.com/                  https://cdn-ukwest.onetrust.com/scripttemplates/           https://dl.episerver.net/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn.siteimprove.net/           https://ajax.googleapis.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://*.vo.msecnd.net/           https://player.vimeo.com/           https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js           http://login.edialog24.com/           https://connect.facebook.net/           https://www.googletagmanager.com/           http://www.googleadservices.com/           https://www.google-analytics.com           https://www.google.com/           https://www.google.no/           https://googleads.g.doubleclick.net/           https://stats.g.doubleclick.net/           https://d8ejoa1fys2rk.cloudfront.net/   https://d.la1-c1cs-fra.salesforceliveagent.com/  https://c.la1-c1-cdg.salesforceliveagent.com/  https://d.la1-c1-cdg.salesforceliveagent.com/   https://d.la3-c1-cdg.salesforceliveagent.com/   https://siteimproveanalytics.com/    https://dl.episerver.net/  https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/  https://cdn.jsdelivr.net/; object-src 'none'; base-uri 'self'; connect-src 'self'  https://bicx.secure.force.com/ https://static.lightning.force.com/           https://bicx.my.salesforce.com/           https://bicx.my.salesforce-sites.com/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn-ukwest.onetrust.com/           https://geolocation.onetrust.com/           https://privacyportal-uk.onetrust.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://www.google.com/           https://www.google.no/           https://region1.google-analytics.com/           https://www.google-analytics.com/           https://vimeo.com/           https://player.vimeo.com/           https://dc.services.visualstudio.com/           https://stats.g.doubleclick.net/           https://www.facebook.com/           https://d8ejoa1fys2rk.cloudfront.net/           https://sentry10.bynder.cloud/           https://media.bi.no/           https://jsonplaceholder.typicore.com/ 		https://easycruit.com/   https://api.gobistories.com/  https://media-proxy.gobistories.com/ https://pagead2.googlesyndication.com/ https://esp-eu.aptrinsic.com/rte/v1/configuration/ https://googleads.g.doubleclick.net/  https://easycruit.com/api/ https://www.easycruit.com/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/ https://res.cloudinary.com/gobi-technologies-as/; font-src 'self' data: https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu https://d8ejoa1fys2rk.cloudfront.net/   https://dl.episerver.net/  https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/ https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; frame-src 'self' https://bicx--compoc.sandbox.my.site.com/   https://bicx--compoc.sandbox.lightning.force.com/    https://bicx--compoc.sandbox.my.salesforce.com/    https://service.force.com/   https://bicx.secure.force.com    https://bi.force.com           http://play.google.com/           https://www.youtube.com/           https://www.youtube-nocookie.com/           https://5995713.fls.doubleclick.net/           https://my2.siteimprove.com/         https://bi.easycruit.com/     https://www.facebook.com/  https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' https://www.bi.no/ https://www.bi.edu/  https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net  https://6000471.global.siteimproveanalytics.io/           https://d2csxpduxe849s.cloudfront.net/       https://img.youtube.com/           https://i.ytimg.com/           https://www.facebook.com/           https://www.google-analytics.com/           https://www.google.com/           https://www.google.no/   https://dl.episerver.net/    https://media-proxy.gobistories.com/  https://cdn-ukwest.onetrust.com/ https://www.bynder.com/ https://ad.doubleclick.net/ http://www.w3.org/2000/svg/ https://res.cloudinary.com/gobi-technologies-as/ data:; manifest-src 'self'; media-src 'self' https://media-proxy.gobistories.com/ blob:; report-uri https://631adb1029ad77a9b5a12c7b.endpoint.csper.io/?v=0/; worker-src blob:; 1
base-uri 'none'; form-action 'self'; frame-ancestors 'self'; require-trusted-types-for ; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://www.clearblade.com https://www.googletagmanager.com https://assets.calendly.com https://ajax.googleapis.com https://www.gstatic.com https://www.google-analytics.com; 1
frame-ancestors 'self' lifeat.com *.lifeat.com lifeat.app *.lifeat.app *.vercel.app vercel.app; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://analytics.tiktok.com https://static.doubleclick.net https://access.equalweb.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://tagmanager.google.com https://cdn.cookielaw.org https://code.jquery.com https://cdn.krxd.net https://connect.facebook.net https://beacon.krxd.net https://consumer.krxd.net https://plugin.handtalk.me https://*.youtube.com https://s.ytimg.com https://cdn.equalweb.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://tcp.googlesyndication.com https://pixel.mathtag.com https://maps.googleapis.com ; img-src 'self' data: blob: https://ad.doubleclick.net https://match.adsrvr.org https://pixel.rubiconproject.com https://yt3.ggpht.com https://pixel.mathtag.com https://sp.analytics.yahoo.com https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://adservice.google.com https://lh3.googleusercontent.com https://cdn.cookielaw.org https://beacon.krxd.net https://usermatch.krxd.net https://cm.g.doubleclick.net https://stags.bluekai.com https://ib.adnxs.com https://sync.mathtag.com https://analytics.twitter.com https://cms.analytics.yahoo.com https://sync.navdmp.com https://global.ib-ibi.com https://www.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net https://access.equalweb.com https://plugin.handtalk.me https://test.cocacola.com.br https://stage.cocacola.com.br https://www.coca-cola.com.br https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://*.privacysandbox.googleadservices.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://immakers.go2cloud.org https://image2.pubmatic.com https://dsum-sec.casalemedia.com https://idsync.reson8.com https://eb2.3lift.com https://idsync.rlcdn.com https://x.bidswitch.net https://sync.go.sonobi.com https://ad.360yield.com https://ads.stickyadstv.com https://sync.search.spotxchange.com https://pixel.tapad.com https://x.dlx.addthis.com https://ups.analytics.yahoo.com https://us-u.openx.net https://uipus.semasio.net https://loadm.exelator.com https://su.addthis.com https://maps.googleapis.com https://img.youtube.com ; style-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://*.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://*.gstatic.com https://cdn.cookielaw.org https://code.jquery.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://plugin.handtalk.me ; child-src 'self' blob:; object-src 'none' ; frame-src 'self' https://s.amazon-adsystem.com https://access.equalweb.com https://*.doubleclick.net https://www.googletagmanager.com https://plugin.handtalk.me https://www.google.com https://cdn.krxd.net https://*.youtube.com https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://pixel.mathtag.com ; connect-src 'self' data: https://checkip.amazonaws.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://play.google.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://s.yimg.com https://stats.g.doubleclick.net https://us-central1-kora-nlp-prod.cloudfunctions.net https://www.google-analytics.com https://la.ces.coke.com https://plugin.handtalk.me https://stage-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://prod-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://gamma-latam-us-west-2-api-config.s3.amazonaws.com https://prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com https://pyhdy1j3zh.execute-api.us-west-2.amazonaws.com https://8lioi8nl48.execute-api.us-west-2.amazonaws.com https://cdn.equalweb.com https://access.equalweb.com https://translation.handtalk.me https://translation-v3.handtalk.me https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://adservice.google.com https://aadb2c-apig.latam.gcds.coke.com https://aadb2c-apig.gamma.latam.gcds.coke.com https://aadb2c-apig.alpha.latam.gcds.coke.com https://analytics.google.com https://maps.googleapis.com ; form-action 'self' https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; 1
frame-ancestors 'self' https://immowelt.de https://immonet.de https://www.immowelt.de https://www.immonet.de https://www.dev.immonet.de/customer/lichtblick/ https://dev.immowelt.de/customer/lichtblick/; 1
default-src 'self' https://*.appreciatehub.com *.google-analytics.com *.cloudflare.com https://*.googleapis.com https://*.pendo.io https://*.alamoapp.octanner.io https://*.api.octanner.net https://*.salesforce.com *.cloudinary.com https://s3.amazonaws.com/oc-images-api/* *.doubleclick.net *.octanner.net *.gstatic.com *.jwpcdn.com *.recaptcha.net https://www.gstatic.com/recaptcha/releases/*  wss://*.fathomvoice.com *.fathomvoice.com *.fonticons.com *.fortawesome.com 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' www.google.com www.recaptcha.net; 1
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * blob:; media-src https: data: blob:; worker-src https: blob:; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'unsafe-inline' 'self' https://*.googlesyndication.com/ https://search-api.swiftype.com https://*.hotjar.com wss://*.hotjar.com/ https://*.hotjar.io https://search-api.swiftype.com https://s.swiftypecdn.com/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consentcdn.cookiebot.com/ https://acdn.adnxs.com https://trk.adbutter.net https://*.doubleclick.net https://*.dynamics.com https://*.azureedge.net/; script-src 'unsafe-inline' 'self' https://static-cdn.summon.serialssolutions.com/ https://uha.summon.serialssolutions.com/ https://*.hotjar.com/ https://s.swiftypecdn.com https://www.google-analytics.com/ https://*.doubleclick.net/ https://analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consent.cookiebot.com https://www.gstatic.com/ https://consentcdn.cookiebot.com/ https://cdn.syndication.twimg.com/ https://acdn.adnxs.com https://trk.adbutter.net https://www.googleadservices.com/ https://connect.facebook.net/ https://mktdplp102cdn.azureedge.net/ https://twitter.com/ https://platform.twitter.com/ https://*.hotjar.com/ https://uhasseltbe.sharepoint.com/ https://view.genial.ly/ https://www.instagram.com/embed.js https://*.azureedge.net/; style-src 'self' 'unsafe-inline' https://s.swiftypecdn.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://uha.summon.serialssolutions.com/ https://fonts.googleapis.com https://s.swiftypecdn.com https://platform.twitter.com/ https://platform.twitter.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://*.doubleclick.net/ https://view.genial.ly/ https://www.google.com/ https://youtube-nocookie.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://vimeo.com https://www.vimeo.com https://acdn.adnxs.com https://trk.adbutter.net https://www.google.com https://publish.folders.eu/ https://app.folders.eu/ https://*.uhasselt.be/ https://platform.twitter.com/ https://bibbase.org https://player.vimeo.com/ https://analytics-eu.clickdimensions.com/ https://twitter.com/ https://calendar.google.com/ https://maps.google.com https://embed.deburen.tv/ https://documentserver.uhasselt.be/ https://open.spotify.com/ https://consentcdn.cookiebot.com/ https://eea0f6dc7d1c4455b1a21b477adcb9f7.svc.dynamics.com/ https://ff9a155d5f11499fb581e542d9e7f244.svc.dynamics.com/ https://www.facebook.com/ https://docs.google.com https://*.hotjar.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://script.google.com/ https://www.instagram.com/; img-src 'self' data: https://cc.swiftype.com/ https://www.google.com/ https://www.google.be https://www.uhasselt.be/  https://www.google-analytics.com https://ib.adnxs.com https://secure.adnxs.com https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://*.doubleclick.net 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' data: *;connect-src * 1
child-src 'self' https: blob: https://secure-me.au10tixservices.com; default-src 'self' https:; font-src 'self' https: data:; media-src 'self' https: data:; object-src 'none'; worker-src 'self' https: blob:; frame-ancestors 'self' https://m.ubercarshare.com https://uber-carshare.ada.support; img-src 'self' https: data: blob: http://www.google-analytics.com/ https://cm.g.doubleclick.net https://www.google.com www.googletagmanager.com; script-src 'self' https: 'unsafe-eval' 'unsafe-hashes' http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js http://connect.facebook.net/en_US/fbevents.js http://static.criteo.net/js/ld/ld.js http://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com 'sha256-iXrcFkX6ROGXN5V/5PSDZ6AZ+omqGr2PvAGCFSK6ZX8=' 'sha256-zbxWNERB0l2AAYUyAVaW9yHN2wYYFF4F6YhydCJI6f8=' 'sha256-9bgKt5Xbn6hs5Cy8UW++hvZsDjJu97691g+JHAsE5KM=' 'sha256-9M76mPzuECV07RtXL2JxgwzEG+Z1rIT/DH+k9Uj5QUc=' 'sha256-cOsyZOl47H6U/JY4pjJyVAdQdSKVvGWKwyZdXioa8Xk=' 'sha256-EmfJyXIhjnTKpq8gyfoVR7lU2lRKryWrK/0GJ2XY0n8=' 'sha256-f1wLAoRBMHr8iBhG4SAgGdGj+QwzzUG9Wpgjf5bVnyM=' 'sha256-GnXX1cEjZskz3cbPLMX2x3P6c+FWDwzk0zvBUJE/RkY=' 'sha256-Hq2U/La2WRUN2/kVSj1U00FPJZPkQbjrcQvOhpSDjUw=' 'sha256-lP0yY+m4T24vT5Gzvhg1uA/kj2IkkmRZdZFJO+8p2nw=' 'sha256-MGfImkfpD713E16TfeVYzTo2AF41MpDBmkPF3CdINVQ=' 'sha256-NlOBjP1pnXPwhXlOesaTS8yCmmMCANyqpqQtFLU8AoU=' 'sha256-nQ1uOUvx1z01XJJhLzyb9i1J+hUofwzaCbG0amDpj78=' 'sha256-nRWetAfarBRlvWD4X08oaSWBSQYTsCNhq7MtDQyF6MY=' 'sha256-olhD2wxujFFZ/T3RJhE45h9Xk+QQCQUWG9hbfvSzjzI=' 'sha256-pNDZtoCsOeROwgmGAvhOWwhl3057TtDbV5d9Ds1utxg=' 'sha256-qLB6zIQpcGLXCS5YlCCnkKKkIDrU9lvkbAWUb7oxPog=' 'sha256-ri3Omcn3UAV6tOfGq1o4PN8+r7BLtymUuVk7MgPApUQ=' 'sha256-YFIKzWxRxUaHQ+p/uE43jeJEmBS9HGPnP7p8pcKsMLo=' 'sha256-ykvQie0Ax23SmeyGd7q5LTqrPVOlYb4McR6MOPTEqvY=' 'sha256-z9hrVW0eudPX9wWqkWLhIw1hqt7C1rA5ttzygN1XQxc=' 'sha256-zF56950mN6lTaIzRYW172aGAJWKK4HmP6KJ2yl+k4Ck=' https://static.ada.support/embed2.js 'nonce-rVvnno6wzO1+uE6fP71RcQ=='; style-src 'self' https: 'unsafe-hashes' 'sha256-aoNmpMi04Wpmvn9VrEqvQyWylr1t6k4E1AOHaoPGBoc=' 'sha256-7cSeboQAxSYDeq+Txz130zupm2/CxnVzLgH68JeC1PE=' 'sha256-18xqwz3LY3xyaAMTP/NW/4WetEQwRlZ5MbneFjDly4E=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-0eSfkEVud9tXTotQSHOgIN4AzteHe/3SqDavtcNLWeY=' 'sha256-h0SPPNuqSVMjP/VMIZw9cu1arq/72HwoGBBZTxoPeX8=' 'sha256-/S/8ZUEmCWLOTd6SjFOzhXAfJGjNNyUYOvmoNwn7I8M=' 'sha256-18THR03q5WdJwCt1EbnJEaHUCLL8470mlk7FoSPKSPE=' 'sha256-C/Fori8lJ95WJAFQwRcYCR17Q0lje61PCsNZSKyCLUU=' 'sha256-C7guRSwuN5EOb7XsGzuPhBx04IN1dIdEDHJK8fZZIlg=' 'sha256-M91dRwa3klTrkOnoRoV9k/0D5ZhGSDqdXZmZLep7uK8=' 'sha256-RqoWZPDFLC1Dh3RIRGm0Gp4AQnIVSZW1Ppdhc2foXus=' 'sha256-ULVcMI5vzWRmB5oFfEpQN4atmrHeyoqbrL0izXSE7ZM=' 'sha256-ZkkVQnaLIIRXqYqw44eIPnCUuM1F7ZMsO5f0LQXRQf4=' 'sha256-O9ChnrQJngUlTYptX2rHTyPwYa4VlQslTnAyr1r9/XE=' 'sha256-+ShChrViUQVfbbSbgCUmI+lt0dJ6v4AiQR9jfazVOKE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-aoe5KGF0uMwVU1xYnAzrasLA18AeoqAtdF2HaQTLIYI=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dViles7Wn/PyxLinQNbTrPwqql+E7BE0WN0aNmhV6r4=' 'sha256-FkZ3VpYfh7JIma+4PvMDcyFNgbQtcQqP6tYmGQT9PM0=' 'sha256-fq7Md9B0amksVBTk/2TaltdrTVq2JN7fvIk0tt80qzU=' 'sha256-n5DcrK5P5pj+R70BR3vdmsgv0h99xcLHi+LLwXwQn8A=' 'sha256-Oot/t4JJUQyIe4Ar24rfD0gZ/9ysj0juRZRzMN+m8S0=' 'sha256-Pi+7UuA1bJmVOmsjMWVLxtu5P+2tG8arKzKaw73r4C8=' 'sha256-RNjBZZ9qvF8TVTEJGGRIyCbZeUj9yYbTmokwXGkJf/M=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-uLrCyqtEy8LoqmBIWe3vGx1Jo7+wAnMWBUs8YAHi7u0=' 'sha256-VslwZQHumVh7kHxPt3/KsPwwPGskmzJLMBjyzViRYcc=' 'sha256-wbxzqW6ZB8R5nA9M4BaXLzk/5sQRLpGEC5Sqn3I3xK0=' 'sha256-/LGoJLHVJWcnLZettNlcyP8MfnneXPs9CHoPNiJ3MF4=' 'sha256-5/a4fTNlh2ypq61rs2Czy+rBuFh8Gx+/c3+7UGlO+aw=' 'sha256-7OxlbN1NAJ31tNDU0WlEWEuyb0FpwqW2CHBoaxZhmFA=' 'sha256-CFEcxpmsVaPvNbmKU1INOY6JchYonU4lgboAtKVLd98=' 'sha256-dnBGEVqq89+awFONQLzg4YI+aRjLGkQLDhqcEJxetLc=' 'sha256-h5oiLgAjYwBX+Xghv/M2Ao3jh+OBXiGSNzy50jui+ss=' 'sha256-IR8O5+BK2Stxg1KKjlCx0VN41NcU06bl0de8377sYj4=' 'sha256-j+H1KqmMx4L01aVLbmUrwZawDT7ngzvT2K/hYTHyaTI=' 'sha256-jvemZc+Sn78mVMj3eUBVNkCi7zSY2dbw4CfyqkoJ9xI=' 'sha256-6s9D+EgPmY0u4zY5S2N4ar5pGfifIcEldsFtqX/35qM=' 'sha256-HVrn1N1AQfppljvm2fbyfsLYcnSpO5odhBFte27EOfU=' 'sha256-MObQTRY2+BQ+B8NtpLAoauB9PXIcqZeVn3XFkpcy8Tw=' 'sha256-mqITWk2Jj0yVYUWfW8QuZHnMOXb7pGNk51jRJ1QDqAg=' 'sha256-v9GvV9vef4poUM8hB7GeORfwsIXc89E+iL54zwHeEss=' 'sha256-MbCa0LyfoaxNHw14oPwPs7/ipwAkF6gWT2gRFNgKbv4=' 'nonce-rVvnno6wzO1+uE6fP71RcQ=='; connect-src 'self' https: https://api.segment.io https://stats.g.doubleclick.net wss://api.smooch.io/faye; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub324f21dc1f58d5bbb922099e7a2c9df4&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
frame-ancestors  https://*.carv.io http://localhost:3333 1
frame-ancestors 'self' uloop.com *.uloop.com collegeparentcentral.com www.collegeparentcentral.com; 1
default-src 'none'; base-uri 'none'; child-src bid.g.doubleclick.net www.youtube.com 'self' docs.google.com ensemble.nmc.edu vimeo.com nmc.hosted.panopto.com cdn.youvisit.com www.youvisit.com weatherwidget.io; connect-src 'self' *.opentable.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms *.doubleclick.net www.facebook.com adservice.google.com www.google.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com contact.simpletix.com cdn-graphql.youvisit.com csp.withgoogle.com; font-src data: 'self' *.otstatic.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.adsensecustomsearchads.com syndicatedsearch.goog *.opentable.com *.adobe.com *.blackbaud.com *.blackbaudhosting.com *.doubleclick.net googleads.g.doubleclick.net www.facebook.com payment.flywire.com *.google.com www.googletagmanager.com e.issuu.com *.libanswers.com *.lightcastcc.com ensemble.nmc.edu nmcp.ssbxe.nmc.edu webcam.nmc.edu vimeo.com nmc.hosted.panopto.com app.powerbi.com www.powtoon.com www.shoppingsheet.com embed.prod.simpletix.com platform.twitter.com player.vimeo.com cdn.yoshki.com www.youtube.com cdn.youvisit.com www.youvisit.com weatherwidget.io; img-src 'self' data: secure.adnxs.com s3.amazonaws.com c.bing.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms *.doubleclick.net www.facebook.com adservice.google.com clients1.google.com www.google.com www.google-analytics.com translate.google.com translate.googleapis.com www.googleapis.com www.googletagmanager.com *.gstatic.com code.jquery.com *.nmc.edu www.onlinechatcenters.com cdn.simpletix.com *.smugmug.com syndication.twitter.com m.youtube.com sp.youvisit.com trck.youvisit.com i.ytimg.com www.ebenefits.va.gov littleworld.tv; media-src data: 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blackbaud.com *.blackbaudhosting.com *.clarity.ms cdnjs.cloudflare.com googleads.g.doubleclick.net connect.facebook.net cse.google.com translate.google.com www.google.com www.google-analytics.com partner.googleadservices.com www.googleadservices.com ajax.googleapis.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com code.jquery.com *.libanswers.com *.lightcastcc.com remote.nmc.edu www.onlinechatcenters.com embed.prod.simpletix.com www.gstatic.com www.shoppingsheet.com platform.twitter.com player.vimeo.com www.youvisit.com weatherwidget.io; script-src-elem 'self' 'unsafe-inline' *.gstatic.com *.clive.cloud *.opentable.com *.otstatic.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms cdnjs.cloudflare.com googleads.g.doubleclick.net connect.facebook.net cse.google.com translate.google.com www.google.com www.google-analytics.com partner.googleadservices.com www.googleadservices.com ajax.googleapis.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com e.issuu.com/embed.js code.jquery.com *.libanswers.com *.lightcastcc.com list-manage.com/generate-js remote.nmc.edu www.onlinechatcenters.com www.shoppingsheet.com embed.prod.simpletix.com platform.twitter.com player.vimeo.com www.youvisit.com www.ebenefits.va.gov weatherwidget.io; script-src-attr 'unsafe-inline' *.clarity.ms; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blackbaud.com *.blackbaudhosting.com cdnjs.cloudflare.com www.google.com fonts.googleapis.com translate.googleapis.com code.jquery.com remote.nmc.edu www.shoppingsheet.com embed.prod.simpletix.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.otstatic.com cdn.gstatic.com *.blackbaud.com *.blackbaudhosting.com cdnjs.cloudflare.com www.google.com fonts.googleapis.com translate.googleapis.com e.issuu.com/embed.js code.jquery.com remote.nmc.edu www.shoppingsheet.com embed.prod.simpletix.com 1
default-src 'none'; media-src 'self'; object-src 'self'; connect-src 'self' www.knf.gov.pl *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api  https://www.youtube.com/s/player/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://maps.googleapis.com/ https://platform.twitter.com/ cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ platform.twitter.com/css/ https://ton.twimg.com/tfw/css/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data: https://www.knf.gov.pl/ https://ssl.google-analytics.com/ https://csi.gstatic.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://syndication.twitter.com/ https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://ton.twimg.com/tfw/assets/; frame-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/; child-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/;  1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; 1
frame-ancestors 'self' https://neo.finance.si https://www.ntk.si/ https://next.brella.io/ https://narocilnice.bhc.si 1
frame-ancestors 'self'                    cbsplit.com       truthaboutabs.com       truthaboutabs-com.cbsplit.com ; 1
default-src 'self'; font-src *; img-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src *; media-src *; frame-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://a.vodafone.com.gh tags.tiqcdn.com cdn.cookielaw.org https://nebula-cdn.kampyle.com https://cdnjs.cloudflare.com https://smetrics.vodafone.com.gh https://d104a6ig3ye715.cloudfront.net https://d1l4voztm0o6tv.cloudfront.net https://d2wrz230yyz3cg.cloudfront.net https://da3ryzted2bbn.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh https://da3ryzted2bbn.cloudfront.net blob:; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://cdn.cookielaw.org https://myvodafone.vodafone.com.gh https://vodafone.com.gh https://da3ryzted2bbn.cloudfront.net; font-src 'self' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://d104a6ig3ye715.cloudfront.net https://d1l4voztm0o6tv.cloudfront.net https://d2wrz230yyz3cg.cloudfront.net https://da3ryzted2bbn.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh; img-src data: 'self' https://support.vodafone.com.gh https://vodafone-ghana-cdn.s3.amazonaws.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://chat.vodafone.com.gh https://d104a6ig3ye715.cloudfront.net https://d1l4voztm0o6tv.cloudfront.net https://d2wrz230yyz3cg.cloudfront.net https://da3ryzted2bbn.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh https://cm.everesttech.net; connect-src 'self' https://cdn.ampproject.org https://vodafone.com.gh https://a.vodafone.com.gh https://support.vodafone.com.gh https://myvodafone.vodafone.com.gh https://gcpsmapi-pre.vodafone.com https://smetrics.vodafone.com.gh metrics.vodafone.com.gh https://dpm.demdex.net https://tags.tiqcdn.com https://c.go-mpulse.net gcpsmapi.vodafone.com https://nebula-cdn.kampyle.com https://us-central1-amp-error-reporting.cloudfunctions.net https://vodafoneghana.tt.omtrdc.net udc-neb.kampyle.com https://d104a6ig3ye715.cloudfront.net https://d1l4voztm0o6tv.cloudfront.net https://d2wrz230yyz3cg.cloudfront.net https://da3ryzted2bbn.cloudfront.net https://cdn.cookielaw.org; manifest-src 'self' https://vodafone.com.gh https://myvodafone.vodafone.com.gh; frame-src https://a.vodafone.com.gh https://vodafone.com.gh https://nebula-cdn.kampyle.com https://www.youtube-nocookie.com https://www.youtube.com https://myvodafone.vodafone.com.gh https://da3ryzted2bbn.cloudfront.net https://vodafonegh.demdex.net blob:; object-src 'none'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://score.juicyscore.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://top-fwz1.mail.ru https://static.me-talk.ru https://vk.com https://widget.me-talk.ru wss://widget.me-talk.ru wss://stage01.adengi.tech wss://adengi.ru; script-src 'sha256-OWKt9xMb4B7svZOVIYYmolIl1k0mglwUPmlgP5nxyaY=' 'nonce-lFlvPRUYcGeEKZbqgUHTRw==' 'self' 'self' https://score.juicyscore.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yastatic.net https://admin.verbox.ru https://top-fwz1.mail.ru https://widget.me-talk.ru https://static.me-talk.ru https://vk.com https://admin.verbox.ru 'sha256-oLIXfBs6AK+Gs8R3lD6oiZOHjTxYQhAldPxwgXVaAuY=' 'sha256-0Rv39jpO9vq0jUYFr5rGU8JJcirscZHuHOAB4lHiXxU=' 'sha256-hItK8kz5W0D0GyJ3gSAI/0HB8KzedsctfYs2B1FXBJA='; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.com https://vk.com https://vk.com/rtrg https://top-fwz1.mail.ru https://static.me-talk.ru https://pic.me-talk.ru https://id.vk.com https://m.vk.com https://login.vk.com https://s3-strapi-stage01.adengi.tech https://storage.yandexcloud.net data:; media-src 'self' https://static.me-talk.ru; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru https://*.alfabank.ru blob:; form-action 'self'; frame-ancestors 'self' https://x5bank.ru https://x5bank-test-site.x5bank.ru https://x5card.ru https://x5card-test-site.x5card.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com; child-src https://mc.yandex.ru blob: ; object-src 'self'; report-uri /prometheus-report/report/adengi 1
frame-src 'self' https://ancv.epticahosting.com https://www.youtube.com https://www.linkedin.com https://platform.twitter.com https://syndication.twitter.com; object-src 'none'; script-src 'self' 'unsafe-inline' sf1-eu.readspeaker.com cdn.syndication.twimg.com platform.twitter.com connect.fa connect.facebook.net https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' sf1-eu.readspeaker.com cdn.syndication.twimg.com platform.twitter.com connect.fa connect.facebook.net www.googletagmanager.com www.google-analytics.com https://unpkg.com; style-src 'self' 'unsafe-inline' platform.twitter.com https://ton.twimg.com fonts.googleapis.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' 1
block-all-mixed-content; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.com https://*.vivocha.com/ https://convy.unyco.net https://www.youtube.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://www.google-analytics.com; script-src 'self' https://cdnjs.cloudflare.com keyxel.hasoffers.com *.outbrain.com *.oracleinfinity.io *.tiktok.com *.mgid.com wd.tracking.keyxel.com https://beintoo.com https://*.cookielaw.org/ https://*.onetrust.com/ *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it www.googleoptimize.com https://optimize.google.com www.sc.pages06.net www.antevenio.com *.triboo.com www.algorithmedia.com https://nebula-cdn.kampyle.com https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.generali.it https://analytics.newscred.com *.cloudfront.net https://*.analytics.edgekey.net https://convy.unyco.net https://*.vivocha.com/ *.google.com *.gstatic.com *.googleapis.com https://www.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com  https://www.googletagmanager.com https://tags.bluekai.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://beintoo.com *.ketchuptracking.com *.ketchupadv.it *.generali.it https://optimize.google.com https://fonts.googleapis.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.google.com *.googleapis.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.gstatic.com; img-src 'self' *.oracleinfinity.io *.outbrain.com https://trck.adgoaffiliation.com https://*.cookielaw.org/ https://*.googlesyndication.com https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it https://optimize.google.com *.generali.it www.pages06.net www.antevenio.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://via.placeholder.com https://maps.googleapis.com data: *.google.com *.google.it *.gstatic.com *.googleapis.com *.analytics.google.com *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com https://convy.unyco.net https://*.vivocha.com/ https://panoramasearch.com/ *.newscred.com; media-src 'self' blob: https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it pixel.quantserve.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.it https://*.generali.com https://*.vivocha.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://convy.unyco.net; font-src 'self' https://fonts.gstatic.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.gstatic.com data: *.kaltura.com https://convy.unyco.net https://*.vivocha.com/; connect-src 'self' data: *.analytics.google.com https://*.oracleinfinity.io https://*.cookielaw.org/ https://*.googlesyndication.com https://*.google.com/ https://*.onetrust.com https://*.googleapis.com/ https://beintoo.com *.ketchuptracking.com *.ketchupadv.it www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.zetaglobal.com bat.bing.com *.generali.it https://*.analytics.edgekey.net *.kaltura.com https://*.generali.com https://convy.unyco.net https://*.vivocha.com/ *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.stats.kaltura.com; child-src 'self' blob: https://beintoo.com *.cattolica.it *.ketchuptracking.com *.ketchupadv.it pixel.quantserve.com https://optimize.google.com www.tradedoubler.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://convy.unyco.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org https://match.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://*.vivocha.com/ https://accounts.generali.it *.generali.it https://stags.bluekai.com https://www.youtube.com/ https://www.google.com/; object-src 'self'; form-action 'self' https://beintoo.com *.ketchuptracking.com *.ketchupadv.it https://api.whatsapp.com https://idpintranet.generali.it https://accounts.generali.it *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ generali.it https://*.generali.it; frame-ancestors 'self' https://wd.tracking.keyxel.com/ https://accounts.generali.it https://www.youtube.com/ *.generali.it 1
default-src 'self' data:;connect-src adtimizer.co:* ws://adtimizer.co:*/ws http: https: data:; frame-src adtimizer.co:* https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri /em7/index.em7?exec=csp_report 1
default-src 'self' https://czo.gov.ua/ https://localhost:8083/ https://www.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com data:; frame-src 'self' https://www.google.com https://www.youtube.com https://id.gov.ua blob: data:; img-src 'self' https://www.google-analytics.com blob: data:; style-src 'self' 'unsafe-inline'; child-src blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.youtube.com http://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com 1
default-src 'self'; style-src 'self'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; base-uri 'self'; 'unsafe-inline'; object-src 'self'; 1
style-src 'self' 'unsafe-inline' *.noosh.com fonts.googleapis.com stackpath.bootstrapcdn.com pro.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.noosh.com cdnjs.cloudflare.com *.googletagmanager.com static.doubleclick.net *.analytics.google.com *.google-analytics.com www.youtube.com noosh.zendesk.com static.zdassets.com ekr.zdassets.com *.googleapis.com *.gstatic.com *.google.com; object-src 'none'; frame-ancestors 'none' 1
default-src 'self' https://*.google-analytics.com https://*.nexperia.com https://*.nexperia.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.componentsearchengine.com https://*.jotfor.ms https://*.jotform.com https://*.baidu.com https://*.hs-banner.com https://*.hs-analytics.net https://*.go-mpulse.net https://*.snoobi.eu https://*.hs-scripts.com https://*.botframework.com https://c.leadlab.click https://*.ipmarketing.nl https://*.doubleclick.net https://*.bing.com https://*.licdn.com https://*.googleadservices.com https://extreme-ip-lookup.com https://*.zopim.com https://cdnjs.cloudflare.com https://static.zdassets.com https://*.cookiebot.com  https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.ytimg.com https://*.cookiebot.com https://*.pardot.com https://*.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://*.google.com https://*.twitter.com https://*.hsforms.net https://*.hsforms.com https://*.vimeo.com; frame-src 'self' https://*.google.com https://*.jotfor.ms https://*.jotform.com https://*.mindstamp.io https://*.cameyo.net https://*.cameyo.com https://*.cameyo.app https://*.youku.com https://*.partquest.com https://*.componentsearchengine.com https://*.clevercast.com https://*.systemvision.com https://*.powerbi.com https://*.doubleclick.net https://*.hsforms.com https://*.cookiebot.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://player.vimeo.com https://*.hotjar.io https://*.hotjar.com https://*.bilibili.com; frame-ancestors 'self'; img-src 'self' https://*.google.nl https://*.componentsearchengine.com https://*.nexperia.cn https://*.nexperia.com https://*.trimm.net https://*.googletagmanager.com https://*.jotfor.ms https://*.jotform.com https://*.doubleclick.net https://*.baidu.com https://*.hubspot.com https://*.leadlab.click https://*.zopim.io https://*.hotjar.com https://*.google-analytics.com https://*.google.com https://bat.bing.com https://maps.googleapis.com https://*.hsforms.com data: blob: mediastream: https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.gstatic.com https://t.co https://*.linkedin.com https://*.facebook.com https://*.ytimg.com https://*.snoobi.eu https://*.hsforms.net; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.jotfor.ms https://*.jotform.com https://*.googleapis.com; connect-src 'self' 'unsafe-inline' https://*.oribi.io https://*.hubapi.com/ https://*.hscollectedforms.net https://*.nexperia.cn https://*.nexperia.com https://*.trimm.net https://*.google.com https://*.google.nl https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net wss://*.botframework.com https://*.cookiebot.com https://*.botframework.com/ https://*.leadlab.click https://*.doubleclick.net https://*.hireserve.nl https://*.zendesk.com https://ekr.zdassets.com wss://*.zopim.com wss://*.hotjar.com https://forms.hsforms.com https://*.hotjar.io https://*.hotjar.com https://*.google-analytics.com https://assets.nexperia.cn https://assets.nexperia.com; font-src 'self' data: https://*.hotjar.com https://*.gstatic.com https://*.nexperia.cn https://*.nexperia.com; media-src 'self' https://*.zdassets.com https://*.nexperia.cn https://*.nexperia.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-NpfbUJRaj0JqWEFRpWNy9g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://m.parkplus.io https://mobileweb-stg.parkplus.io; 1
default-src https: data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' panomatics.com mailchi.mp; 1
default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.addthisedge.com *.googletagservices.com js-agent.newrelic.com service.force.com *.addthis.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com sealserver.trustkeeper.net *.cloudfront.net ajax.aspnetcdn.com cdn.speedcurve.com *.stripe.com *.salesforce.com connect.facebook.com salesforceliveagent.com *.googleadservices.com www.google-analytics.com athletereg.us12.list-manage.com cdn.jsdelivr.net *.addthis.com js.hscollectedforms.net adservice.google.com metarouter-ajs-next-destinations-stage.s3.amazonaws.com es.pinkbike.org *.vercel.com cdn-prod.securiti.ai *.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com service.force.com *.gstatic.com *.cloudfront.net athletereg.my.salesforce.com cdn.jsdelivr.net *.fontawesome.com *.braintreegateway.com *.vercel.com cdn-prod.securiti.ai *.bikereg.com; img-src 'self' data: https: http://www.millenniumrunning.com; connect-src 'self' *.athletereg.com *.hubspot.com *.addthis.com *.braintree-api.com *.facebook.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.trailforks.com *.googlesyndication.com *.hubapi.com *.outsideapi.com outsideapi.com *.rivt.com api.amplitude.com *.googleapis.com *.cloudfront.net	*.nr-data.net *.braintreegateway.com *.gstatic.com *.hsforms.com *.googletagmanager.com use.fontawesome.com js.hs-banner.com *.google.com forms.hscollectedforms.net app.securiti.ai cdn-prod.securiti.ai *.browser-intake-datadoghq.com *.BikeReg.com; font-src 'self' data: fonts.gstatic.com *.typekit.net *.sfdcstatic.com use.fontawesome.com static2.sharepointonline.com rwgps-embeds.com *.millenniumrunning.com netdna.bootstrapcdn.com *.braintreegateway.com app.securiti.ai cdn-prod.securiti.ai; frame-ancestors 'self' *.athletereg.com *.bikereg.com *.runreg.com *.trireg.com *.skireg.com *.plegereg.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.outsideonline.com outsideonline.com service.force.com platform.twitter.com *.addthis.com *.salesforce.com *.braintreegateway.com *.trailforks.com/; form-action 'self' *.paypal.com *.pledgereg.com *.facebook.com *.strava.com *.salesforce.com; base-uri 'self'; object-src 'self'; report-uri https://api.athletereg.com/ErrorReport/cspViolation; 1
default-src 'self'; connect-src 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com  https://dpm.demdex.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vcm.onlineprospectus.net https://www.facebook.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hsforms.net https://js.hsadspixel.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.id.opendns.com https://js.hs-banner.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://contentdsp.com https://assets.juicer.io https://cdnjs.cloudflare.com https://www.youtube.com https://apps.usw2.pure.cloud https://www.bugherd.com https://use.typekit.net https://dinkytown.net https://code.jquery.com  https://assets.adobedtm.com https://s.ytimg.com https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.typekit.net https://dinkytown.net https://d2iiunr5ws5ch1.cloudfront.net https://tags.srv.stackadapt.com https://assets.juicer.io https://www.bugherd.com https://vcm.onlineprospectus.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://www.dinkytown.net; img-src 'self' https://d2iiunr5ws5ch1.cloudfront.net https://d21y75miwcfqoq.cloudfront.net https://www.juicer.io https://*.fbcdn.net https://www.google.co.in https://p.adsymptotic.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://dpm.demdex.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://media-exp1.licdn.com https://*.id.opendns.com https://pbs.twimg.com https://assets.juicer.io https://smetrics.vcm.com https://cm.everesttech.net https://p.typekit.net https://srv.stackadapt.com; font-src 'self' https://www.bugherd.com  https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://static.juicer.io https://stackpath.bootstrapcdn.com data://* use.typekit.net; worker-src blob:; frame-src https://vcm.demdex.net https://www.youtube.com https://vcm-mkt-stage1-m.adobe-campaign.com https://t.mail.vcm.com https://bid.g.doubleclick.net https://html5-player.libsyn.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://10877860.fls.doubleclick.net; media-src https://video.twimg.com https://*.fbcdn.net; form-action 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com  https://dpm.demdex.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:; connect-src *; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
child-src 'self' blob:; connect-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.perimeterx.net *.purpleportal.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.quantummetric.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com a02f69a90dstg.blob.core.windows.net ads01.groovinads.com api.bazaarvoice.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c.sspinc.io c0b535ed7astg.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com cdn.quantummetric.com content.jwplatform.com directline.botframework.com dw.wmt.co fitpredictor-api.sspinc.io gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ingest.quantummetric.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com secure.adnxs.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tps.doubleverify.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart-app.quantummetric.com walmart-sync.quantummetric.com walmart.sspinc.io wss://api.talkshop.live wss://directline.botframework.com wss://us.server.buywith.com wss://wm-converse-wss.dev.walmart.com wss://www-perf.walmart.com wss://www-stage.walmart.com wss://www-teflon.walmart.com wss://www.walmart.com www.facebook.com www.google.com www.gstatic.com zeekit.walmart.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantummetric.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; font-src 'self' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com fonts.gstatic.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com www.ezdia.com; frame-ancestors 'self' *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; frame-src 'self' *.1worldsync.com *.accenture.com *.affirm.com *.alldata.cashedge.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.countr.one *.digital-cloud.medallia.com *.eko.com *.fiservapps.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.one.app *.onefinance.com *.online-metrix.net *.quantummetric.com *.richcontext.com *.salsify.com *.shopstylecollective.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.vantivcnp.com *.vimeo.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com adclick.g.doubleclick.net app.collectivevoice.com app.collectivevoiceqa.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com content.jwplatform.com https://www-qa.walmart.com.mx ln-rules.rewardstyle.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwmpdscanoprod.z19.web.core.windows.net one.app.link photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com tpc.googlesyndication.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.google.com www.recaptcha.net; img-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.doubleverify.com *.flix360.com *.flix360.io *.geekseller.com *.imrworldwide.com *.kampyle.co *.kampyle.com *.ksckreate.net *.online-metrix.net *.paypal.com *.px-cdn.net *.px-cloud.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com 3d-qc.walmartimages.com 3d.walmartimages.com a.sellpoint.net a02f69a90dstg.blob.core.windows.net ad.doubleclick.net ads01.groovinads.com akamai.ksckreate.net aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c0b535ed7astg.blob.core.windows.net ccsprodus1.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com crtormassetmguseprod.blob.core.windows.net cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net data: dw.wmt.co gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ir.surveywall-api.survata.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net pixel.adsafeprotected.com player.cloudinary.com rackcdn.com res.cloudinary.com s0.2mdn.net salsify-ecdn.com secure.adnxs.com securepubads.g.doubleclick.net smedia.webcollage.net ssl.p.jwpcdn.com static.adsafeprotected.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tpc.googlesyndication.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart.ugc.bazaarvoice.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.gstatic.com; media-src *.1worldsync.com *.accenture.com *.akamaized.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.vimeo.com *.vimeocdn.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com a.sellpoint.net akamai.ksckreate.net assets-jpcust.jwpsrv.com assets.optiwise.ai blob: ca-media.contentanalyticsinc.com cc.cnetcontent.com cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn-azure.kwikee.com cdn.cnetcontent.com cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com content.syndigo.com cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx images.salsify.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com vimeo.com ws.cnetcontent.com www.ezdia.com; object-src *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.px-cloud.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com cdn.quantummetric.com connect.facebook.net content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx ls.chatid.com maps.googleapis.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.recaptcha.net 'nonce-DNu3MBpijcFvi13v'; style-src 'self' 'unsafe-inline' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.kampyle.com *.ksckreate.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com salsify-ecdn.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com walmart.sspinc.io ws.cnetcontent.com www.ezdia.com; worker-src 'self' blob:; report-uri https://csp.walmart.com/c/r/gl 1
frame-ancestors 'self' psplugin.com vergic.com app.rikstv.no rikstv-prodtest-app.azurewebsites.net rikstv-proddev-app.azurewebsites.net rikstv-uat-app.azurewebsites.net 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6anu9t5iqu5pc&partner=; 1
media-src * 'self' https://*.divio-media.org data: blob:; default-src * 'self'; style-src * 'self' 'unsafe-eval' 'unsafe-inline'; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob:; font-src *; img-src * 'self' https://*.divio-media.org https://www.google.com/ https://www.google-analytics.com/ data: 1
default-src https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline' data: blob:; object-src 'none'; font-src 'self' data: *.monito.com fonts.googleapis.com script.hotjar.com cdn.reloadly.com; img-src * 'self' data: blob: https:; worker-src 'self' blob:; child-src * 'self' data: blob: https; 1
frame-ancestors 'self' https://www.balasai.com http://xn--o1b5esay2abb.com 1
frame-ancestors 'self' https://*.preis.de; 1
default-src 'self' https://media.sumome.com https://sumome.com https://y.clarity.ms/collect https://*.solutions  https://*.googletagmanager.com wss://*.hotjar.com https://*.googleapis.com https://*.g.doubleclick.net https://api.hubspot.com https://*.hubspot.com https://*.google.com https://sumo.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' data: https://fonts.cdnfonts.com https://*.cloudflare.com https://www.tiny.cloud https://*.hotjar.com https://netdna.bootstrapcdn.com https://www.google-analytics.com https://fonts.gstatic.com https://themes.googleusercontent.com https://*.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://load.sumome.com https://www.clarity.ms http://feather.aviary.com https://i.ytimg.com https://www.youtube.com https://optimize.google.com https://sc.lfeeder.com https://*.googleoptimize.com https://*.solutions  https://unpkg.com https://cdn.ckeditor.com  https://mc.us18.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.netix.net https://*.hotjar.com https://js.hs-scripts.com https://*.hsleadflows.net https://www.gstatic.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hscollectedforms.net https://www.reddit.com https://*.facebook.com https://*.pinterest.com https://reddit.com https://api.bufferapp.com https://graph.facebook.com https://www.google.bg https://snap.licdn.com https://load.sumo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.jquery.com https://*.cloudfront.net https://connect.facebook.net https://www.googletagmanager.com https://*.hotjar.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleanalytics.com https://*.wp.com https://cdnjs.cloudflare.com https://public-api.wordpress.com https://*.gravatar.com; style-src 'self' https://optimize.google.com https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.ckeditor.com https://*.mailchimp.com https://*.jsdelivr.net https://netdna.bootstrapcdn.com https://tagmanager.google.com https://www.tiny.cloud https://www.tinymce.com https://*.cloudfront.net https://secure.gravatar.com https://cdnjs.cloudflare.com https://*.gravatar.com 'unsafe-inline' https://www.google-analytics.com https://fonts.googleapis.com; img-src 'self' blob: data: https://sload.sumome.com https://media.sumome.com https://sumome.com https://optimize.google.com https://tr.lfeeder.com https://*.netix.net https://cdn.ckeditor.com https://mcusercontent.com  https://*.cloudflare.com https://*.hubspotusercontent00.net https://*.hsforms.com https://*.hubspot.com https://*.sumo.com https://*.linkedin.com https://www.google.com https://lh3.googleusercontent.com https://www.googletagmanager.com https://www.google.bg https://www.facebook.com https://www.facebook.com https://*.cloudflare.com https://source.unsplash.com https://secure.gravatar.com https://images.unsplash.com https://*.doubleclick.net https://*.hotjar.com https://maps.googleapis.com https://*.gstatic.com https://www.google-analytics.com; frame-src 'self' https://td.doubleclick.net https://lg.netix.net http://lg.netix.net https://www.google.com https://optimize.google.com https://*.netix.net https://*.hotjar.com https://www.youtube.com https://*.hubspot.com https://secure.gravatar.com https://www.google-analytics.com; object-src 'self' 1
frame-ancestors *.embroiderydesigns.com; 1
default-src 'self'; img-src 'self' data:; connect-src 'self' wss://127.0.0.1:* ws://127.0.0.1:*; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapy.cz google.com *.imedia.cz c.seznam.cz *.doubleclick.net https://*.adform.net https://*.facebook.net https://*.googletagmanager.com https://snippet.capybara.lmc.cz https://buttons.github.io/buttons.js https://www.youtube.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; style-src 'self' 'unsafe-inline' https://snippet.capybara.lmc.cz https://api.mapy.cz https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; font-src 'self' https://snippet.capybara.lmc.cz https://api.mapy.cz data: https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; img-src 'self' data: *.google.com *.google.cz *.seznam.cz *.openstreetmap.org https://i.ytimg.com https://api.mapy.cz https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; connect-src 'self' webtrack.bvv.cz https://api.capybara.lmc.cz *.sentry.io https://api.mapy.cz https://liveupdate.pimcore.org https://noembed.com https://cdn.plyr.io https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz *.google.com *.doubleclick.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'strict-dynamic' 'nonce-NG5NLytlb1dWYmR4VGdXUmhEQUpuY3MwUDJLU1VYNEVjdVppNFRRQUNITT06bUQ1VnNkaGlQTVVtS0VQNHRtQWl5SVp5YlMrcUhUMWRGWllNbDBGWVhqND0=' https://tags-eu.tiqcdn.com https://cdn.wbtrk.net https://geid.wbtrk.net 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://pix.telekom.de http://fbc.wcfbc.net https://office.magentacloud.de;font-src 'self' data: https://ebs10.telekom.de;connect-src 'self';media-src 'self';frame-src 'self' nc: https://office.magentacloud.de;frame-ancestors 'self' https://office.magentacloud.de;form-action 'self' https://office.magentacloud.de 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com/;             script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js;              style-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://fonts.googleapis.com/;              img-src 'self' 'unsafe-inline' https://counter9.stat.ovh/private/freecounterstat.php www.googletagmanager.com data: https:*;                  connect-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.google-analytics.com;                   script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com;               font-src 'self' https://fonts.gstatic.com/ data:; 1
script-src 'self'  'unsafe-inline' 'unsafe-eval' www.linkedin.com linkedin.com  https://static.addtoany.com/ cdn.polyfill.io cse.google.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com secure.gravatar.com twitter.com platform.twitter.com facebook.com connect.facebook.net www.youtube.com www.google.com www.gstatic.com;block-all-mixed-content; 1
frame-ancestors 'self' https://*.cermati.com https://*.indodana.com 1
object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'strict-dynamic' https: http: 'sha256-DVdvl49HC0iGx/YKQq/kVNATnEdzGfExbJVTHqT95l8=' 'sha256-CoGrkqEM1Kjjf5b1bpcnDLl8ZZLAsVX+BoAzZ5+AOmc=' 'sha256-QqhlxKosyquihHG/Jahbski3BB1pDss2/CDgLzKKbmE=' 'sha256-karKh1IrXOF1g+uoSxK+k9BuciCwYY/ytGuQVUiRzcM=' 'sha256-mxm3e8M0u3nPPBmLIBgGuMvGUIL5LGv+HzV3bLAIBgw=' 'sha256-+iS8jRq15Ez/Kzz0/G+SNc0geLNvTyf2NZC7MyJgpRE=' 'sha256-bL+cN9GtUg5dqjPwDiPJq4yfiEvOyEJ3rfw/YkNIAWc=' 'sha256-UiVwSVJIK9udADqG5GZe+nRUXWK9wEot2vrxL4D2pQs=' 'sha256-cB+y/oSfWGFf7lHk8KX+ZX2CZQz/dPamIICuPvHcB6w=' 'sha256-7mi5SPcD1cogj2+ju8J/+/qJG99F6Qo+3pO4xQkRf6Q=' 'sha256-rEbn/zvLCsDDvDrVWQuUkKGEQsjQjFvIvJK4NVIMqZ4=' 1
default-src * 'unsafe-inline' data: blob: ipfs:; frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://app.safe.global https://platform.apps.ledger.com https://dapp-browser.apps.ledger.com filesystem:; 1
frame-ancestors 'self' withwomenpromise.com promise-app-staging.herokuapp.com 1
frame-ancestors *.scaledrone.com 1
default-src 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://*.adventurecycling.org https://*.facebook.com https://*.iframehost.com; 1
frame-ancestors https://*.holman.com 1
child-src 'self' https//*.avtogermes.ru https://*.google.com https://*.google.ru http://*.webvisor.com https://*.webvisor.com https://yandex.ru https://*.yandex.ru https://*.youtube.com https://*.doubleclick.net https://*.calltovisit.com/ https://mc.admetrica.ru https://player.vimeo.com/ https://i.vimeocdn.com/ https://t.omnidsp.com/ https://*.botfaqtor.ru/ https://cdn3.caltat.com/ https://sonar.semantiqo.com/ 1
script-src 'nonce-EufVZusdiaSQC5b8r8h1sw==' 'strict-dynamic' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com/; img-src * 'self' data: https:; font-src * 'self' data: https:; default-src *; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-2f79df7d115847d8b2f80b15b9d39f1d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: github.com img.shields.io codecov.io; font-src 'self' 1
frame-ancestors 'self' https://ton.org; 1
frame-ancestors www.bto.org app.bto.org data.bto.org; 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://one.sitrion.com; img-src * data:; 1
base-uri https:;connect-src https: wss:;default-src https: wss:;form-action https:;img-src https: data: blob:;media-src https:;object-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';worker-src https: blob:;font-src https: data:;style-src https: 'unsafe-inline' 1
base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'self'; upgrade-insecure-requests ; default-src  'unsafe-inline' https:  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://a.omappapi.com https://googletagmanager.com https://connect.facebook.net https://js.driftt.com https: productiv.com ; font-src https: data: https://*.hotjar.com; img-src https: data: https://*.hotjar.com; media-src https: https://*.hotjar.com; object-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' https://a.omappapi.com https://googletagmanager.com https://connect.facebook.net https://js.driftt.com https://script.hotjar.com  https: productiv.com productivdev2.wpengine.com productivdev2.wpengine.com https://a.omappapi.com https://googletagmanager.com https://connect.facebook.net https://js.driftt.com https://script.hotjar.com https://*.hotjar.com; style-src https: 'unsafe-inline' https://*.hotjar.com; style-src-attr https: 'unsafe-inline' https://*.hotjar.com; style-src-elem https: 'unsafe-inline' https://*.hotjar.com; 1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  impact.interactivebrokers.com  *.ibkrcampus.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  *.lynxbroker.com  site.recognia.com  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  *.greenwichcompliance.com; 1
default-src data: https: bankid: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; font-src data: https:; 1
default-src data: filesystem: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*.azurewebsites.net https://*.jwevent.org https://cdn.jwevent.org https://specialconventiondev.blob.core.windows.net https://*.jw-api.org https://code-a.akamaihd.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://ipinfo.io https://cdnjs.cloudflare.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://www.qantas.com https://*.jwevent.org; img-src * data: filesystem: blob:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.googleoptimize.com https://uimarketpro.com https://*.clarity.ms https://uberall.com https://static-prod.uberall.com https://snap.licdn.com https://bat.bing.com https://cdn.cookielaw.org https://fullstory.com https://edge.fullstory.com https://*.hotjar.com https://maps.googleapis.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.dwin1.com https://googleads.g.doubleclick.net https://fullstory.com https://cdn.syndication.twimg.com https://connect.facebook.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://*.adform.net https://panel.hostalia.com https://cse.google.com; connect-src 'self' https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io https://bat.bing.com https://*.google-analytics.com https://*.clarity.ms https://uberall.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.analytics.google.com https://analytics.google.com https://www.google-analytics.com https://rs.fullstory.com; img-src 'self' data: https://c.bing.com https://*.clarity.ms https://www.linkedin.com https://static-prod.uberall.com https://static.acens.com https://px.ads.linkedin.com https://bat.bing.com https://cdn.cookielaw.org *.hostalia.com https://stats.sec.telefonica.com https://i.ytimg.com https://img.youtube.com *.googleapis.com/ *.ggpht.com/ https://maps.gstatic.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://svr6602.entelgystats.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es https://ton.twimg.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ajax.googleapis.com; media-src 'self'; style-src 'self' 'unsafe-inline' https://static.hostalia.com https://tagmanager.google.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://www.google.com https://ajax.googleapis.com; font-src 'self' https://static.hostalia.com https://tagmanager.google.com https://fonts.gstatic.com data: https://static.acens.com; manifest-src 'self'; frame-src 'self' https://td.doubleclick.net https://vars.hotjar.com https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.facebook.com https://track.adform.net https://syndication.twitter.com https://platform.twitter.com https://www.google.com https://www.youtube.com 1
frame-ancestors 'self' https://admin.bakerlaw.com; 1
frame-ancestors 'none'; report-uri https://redacted.ch/csp_report.php 1
frame-ancestors 'self' *.socio.events 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://skv.analytics.elx.cloud *.readspeaker.com https://www.google.com https://www.gstatic.com https://matomo.skv.analys.cloud; style-src 'self' 'unsafe-inline' *.readspeaker.com ; font-src 'self' data: *.readspeaker.com; connect-src 'self' https://matomo.skv.analys.cloud https://resultat-int.val.se *.readspeaker.com; object-src 'none'; frame-ancestors 'none'; frame-src 'self' https://*.youtube-nocookie.com https://*.youtube.com *.readspeaker.com https://www.google.com; img-src 'self' https://i.ytimg.com *.readspeaker.com https://*.fbcdn.net https://*.cdninstagram.com; media-src 'self' *.readspeaker.com; form-action 'self' *.readspeaker.com; 1
default-src 'self' blob: *.psprint.com psprint.com api.psprint.com *.wistia.com *.wistia.net cdn.widerfunnel.com *.lpsnmedia.net *.demdex.net c.go-mpulse.net; script-src 'self' blob 'unsafe-inline' 'unsafe-eval' acsbap.com acsbapp.com www.gstatic.com *.adobedtm.com *.optimizely.com www.googletagmanager.com *.quantummetric.com *.cdn.optimizely.com *.psprint.com psprint.com api.psprint.com www.google.com *.wistia.com *.wistia.net *.psprint-uat.com psprint-uat.com ajax.googleapis.com *.braintreegateway.com www.googleadservices.com sstats.deluxe.com www.google-analytics.com *.hotjar.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net www.shopperapproved.com www.sc.pages04.net shopperapproved.com *.shopperapproved.com static.addtoany.com lptag.liveperson.net www.googleadservices.com www.sc.pages04.net *.dfsfullcolor-uat.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p-uat.com cdn.widerfunnel.com *.braintreegateway.com assets.pinterest.com cdn.widerfunnel.com assets.pinterest.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net s.go-mpulse.net *.tagmanager.google.com dqm.crownpeak.com tag.wknd.ai *.bounceexchange.com *.cookielaw.org geolocation.onetrust.com *.clarity.ms; img-src 'self' acsbap.com acsbapp.com google.co.in *.psprint.com psprint.com api.psprint.com stats.deluxe.com data: *.wistia.com *.wistia.net www.googletagmanager.com ad.doubleclick.net sstats.deluxe.com embedwistia-a.akamaihd.net bat.bing.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net *.google.com www.google.com.ua googleads.g.doubleclick.net shareasale.com www.pages04.net www.shopperapproved.com shopperapproved.com *.shopperapproved.com 52.45.162.79 *.dfsfullcolor.com *.safeguardw2p.com cdn.widerfunnel.com log.pinterest.com *.dfsfullcolor-uat.com api.safeguardw2p-uat.com safeguardw2p-uat.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.lpsnmedia.net *.qualtrics.com *.tt.omtrdc.net *.demdex.net c.go-mpulse.net cm.everesttech.net *.tagmanager.google.com dqm.crownpeak.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com cdn.cookielaw.org *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.psprint.com psprint.com stats.g.doubleclick.net fonts.googleapis.com *.dfsfullcolor.com *.safeguardw2p.com safeguardw2p-uat.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.demdex.net *.tagmanager.google.com *.bounceexchange.com; font-src 'self' data: acsbap.com acsbapp.com *.psprint.com psprint.com fonts.gstatic.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com stackpath.bootstrapcdn.com www.googletagmanager.com *.demdex.net *.tagmanager.google.com *.bounceexchange.com; frame-src 'self' acsbap.com acsbapp.com accessibe.com www.google.com *.cdn.optimizely.com *.optimizely.com *.wistia.com *.wistia.net doubleclick.net bid.g.doubleclick.net *.hotjar.com www.facebook.com *.braintreegateway.com www.emjcd.com cj.dotomi.com static.addtoany.com www.youtube.com www.emjcd.com *.dfsfullcolor.com www.brainshark.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p.com cdn.widerfunnel.com assets.pinterest.com *.psprint.com psprint.com api.psprint.com listmodulev3.usadata.com sales.liveperson.net *.liveperson.net lptag.liveperson.net *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net c.go-mpulse.net *.tagmanager.google.com dqm.crownpeak.com *.doubleclick.net *.bounceexchange.com; connect-src 'self' acsbap.com acsbapp.com cdn.acsbapp.com apis.google.com *.quantummetric.com *.optimizely.com *.psprint.com psprint.com api.psprint.com api.ipify.org *.wistia.com *.wistia.net *.cdn.optimizely.com fg8vvsvnieiv3ej16jby.litix.io ws://files.psprint.com wss://files.psprint.com sstats.deluxe.com stats.g.doubleclick.net www.facebook.com in.hotjar.com api.braintreegateway.com origin-analytics.braintree-api.com client-analytics.braintreegateway.com embedwistia-a.akamaihd.net *.dfsfullcolor.com *.safeguardw2p.com *.braintreegateway.com stats.addtoany.com www.google-analytics.com safeguardw2p.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.litix.io *.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com siteintercept.qualtrics.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net c.go-mpulse.net *.akstat.io *.akamaihd.net *.tagmanager.google.com api.crownpeak.net *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net *.cookielaw.org *.onetrust.com *.clarity.ms; object-src 'none' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://codeburst.io https://*.codeburst.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors https://*.grupawp.pl/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob:; frame-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com; child-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://gofulllidl.ie  https://*.adyen.com  https://*.abettertomorrow-lidl.ie  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://gofulllidl.ie  https://*.adyen.com  https://*.abettertomorrow-lidl.ie; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self' https:; font-src 'self' data: https:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: ws://vts.zohopublic.com ws://ws.inspectlet.com; frame-ancestors 'self'; worker-src 'self' blob: https: 1
frame-ancestors 'self' *.cort.com 1
default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' *.disqus.com c.disquscdn.com; worker-src https: blob:; child-src https: blob:; style-src https: data: 'unsafe-inline' 'unsafe-eval' c.disquscdn.com; img-src https: data: 'unsafe-inline'; font-src https: data:; object-src blob: 'self'; base-uri 'none'; frame-ancestors 'self' portal-tst.liberec.cz portal.liberec.cz; connect-src blob: 'self' *.openstreetmap.org *.disqus.com *.pixabay.com pixabay.com *.leady.com www.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net; frame-src 'self' www.liberec.cz *.youtube.com *.vimeo.com docs.google.com disqus.com *.disqus.com oiapp.liberec.cz www.facebook.com; media-src https:; 1
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://tm.msgs.jp https://*.docodoco.jp https://jsonip.com https://*.cybertrust.co.jp https://*.google-analytics.com https://trusted-web-seal.cybertrust.ne.jp; img-src 'self' 'unsafe-inline' https://*.cybertrust.co.jp https://www.google.co.jp https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.googleapis.com; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://webfont.fontplus.jp https://www.googletagmanager.com https://*.google-analytics.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://jsonip.com https://wt.msgs.jp https://cybertrust-eas.azurewebsites.net; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' data: blob: https: 1
worker-src blob:; script-src 'self' blob: assets.adobedtm.com www.allegion.com cdn.cookielaw.org www.gstatic.com s.ytimg.com www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com hackerone.com 'unsafe-eval' 'unsafe-inline' 1
child-src 'self' blob:;default-src 'self';connect-src 'self' wss:;font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;object-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=CA&lang=en-CA&device=desktop&yrid=3pd2kg1iqu4bv&partner=; 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1
frame-ancestors https://app.storyblok.com/ https://web.ruttl.com/ 1
frame-ancestors 'self' *.icewarp.com 1
default-src 'self' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost localhost:3002 *.dinrex.com staging-dundle-api-premium.azurewebsites.net *.dundle-api.com *.fptls3.com *.fptls.com *.doubleclick.net *.openfpcdn.io *.google-analytics.com googleadservices.com *.googleadservices.com *.googlesyndication.com *.bing.com *.clarity.ms sentry.io *.facebook.com *.instagram.com *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com *.intercom.io translate.google.com *.execute-api.eu-central-1.amazonaws.com recaptcha.net *.recaptcha.net *.analytics.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cookielaw.org *.cookielaw.org *.onetrust.com ws: *.intercom.io; font-src 'self' blob: data: *; frame-ancestors 'self' dundle.dev *.dundle.dev dundle.com *.dundle.com admin.secure.dundle.com; frame-src *.dundle.com *.paypalobjects.com *.paypal.com paypal.com *.facebook.com facebook.com youtube.com *.youtube.com youtu.be *.youtu.be *.googlesyndication.com *.doubleclick.net recaptcha.net *.recaptcha.net; img-src 'self' blob: data: *; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost *.google-analytics.com *.googletagmanager.com googletagmanager.com *.googleoptimize.com *.doubleclick.net *.google.com googleadservices.com *.googleadservices.com *.googlesyndication.com gstatic.com *.gstatic.com sentry.io *.sentry-cdn.com fpnpmcdn.net *.fptls.com *.fptls3.com *.openfpcdn.io cdn.siftscience.com *.facebook.net *.facebook.com hexagon-analytics.com *.bing.com *.clarity.ms *.cloudfront.net *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com www.paypalobjects.com *.intercom.io *.intercomcdn.com recaptcha.net *.recaptcha.net *.sift.com/s.js cookielaw.org *.cookielaw.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost *.google-analytics.com *.googletagmanager.com googletagmanager.com *.googleoptimize.com *.doubleclick.net *.google.com googleadservices.com *.googleadservices.com *.googlesyndication.com gstatic.com *.gstatic.com sentry.io *.sentry-cdn.com fpnpmcdn.net *.fptls.com *.fptls3.com *.openfpcdn.io cdn.siftscience.com *.facebook.net *.facebook.com hexagon-analytics.com *.bing.com *.clarity.ms *.cloudfront.net *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com www.paypalobjects.com *.intercom.io *.intercomcdn.com recaptcha.net *.recaptcha.net *.sift.com/s.js cookielaw.org *.cookielaw.org; style-src 'self' 'unsafe-inline' *; form-action *; report-uri https://o193536.ingest.sentry.io/api/1296542/security/?sentry_key=fe8919700c6b4ab693fd86fefa14c6cd 1
default-src 'self'; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com  https://*.cloudflare.com https://*.cookielaw.org https://*.hsforms.com wss://*.hotjar.com https://*.jsdelivr.net https://*.licdn.com https://*.hsforms.net https://*.google.co.in https://*.newrelic.com https://*.nr-data.net/ https://apis.google.com/js/plusone.js https://*.sharethis.com https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.js https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/ google-analytics.com https://ssl.google-analytics.com tagmanager.google.com googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net https://*.hotjar.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com/apps/app/dist/js/loader.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.jsdelivr.net https://*.googleapis.com https://ws.sharethis.com/button/css/buttons-secure.css https://cdn-prod.securiti.ai/consent/cookie-consent.css tagmanager.google.com https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com https://www.exlservice.com/themes/exl_service/css/component/frontdoor.css 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com/ https://p.adsymptotic.com/ https://www.google-analytics.com/ data: https://www.google.com/ https://*.exlservice.com/hubfs/ https://l.sharethis.com/ https://ws.sharethis.com https://secure.adnxs.com/ https://s.ml-attr.com/ https://attr.ml-api.io/ https://www.google.co.in/ads/ https://www.google.co.in/pagead/ www.google-analytics.com https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net www.google.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://stats.g.doubleclick.net https://web1.acsbapp.com/apps/app/dist/media/ https://*.hotjar.com https://cdn.acsbapp.com/apps/; frame-src 'self' https://*.hotjar.com https://*.youtube.com https://*.vimeo.com  https://ws.sharethis.com https://forms.hsforms.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ bid.g.doubleclick.net https://*.fls.doubleclick.net https://info1.exlservice.com; frame-ancestors https://info1.exlservice.com/iag-cargo; child-src https://info1.exlservice.com/iag-cargo; font-src 'self' https://*.googleapis.com https://*.googleapis.com https://*.jsdelivr.net https://*.gstatic.com https://*.hsforms.net https://acsbapp.com/apps/app/dist/fonts/acsbi.ttf?qj8z5u https://acsbapp.com/apps/app/dist/fonts/acsbi.woff?qj8z5u https://fonts.gstatic.com https://*.hotjar.com data:; https://cdn.acsbapp.com/apps/app/dist/fonts/acsbi.ttf?qj8z5u https://cdn.acsbapp.com/apps/app/dist/fonts/acsbi.woff?qj8z5u; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.cloudflare.com https://*.cookielaw.org https://*.hsforms.net https://*.doubleclick.net https://*.nr-data.net/ https://forms.hsforms.com https://*.sharethis.com https://app.securiti.ai/privaci/v1/consent/cookie/singleupload https://cdn-prod.securiti.ai https://app.securiti.ai/core/v1/utils/geo/location https://app.securiti.ai/privaci/v1/consent/form/singleupload https://app.securiti.ai/ www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect/ https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com/cache/app/exlservice.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://cdn.acsbapp.com/cache/app/en.build.json https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.acsbapp.com/config/exlservice.com/* https://*.acsbapp.com/ https://acsbapp.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.omtrdc.net *.hsbc.com.cn *.utag *.recaptcha.net *.amap.com *.brightcove.net *.gstatic.cn vjs.zencdn.net players.brightcove.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.demdex.net *.omtrdc.net *.hsbc.com.cn *.boltdns.net *.brightcovecdn.com *.brightcove.com http://127.0.0.1:5000 manifest.prod.boltdns.net *.akamaihd.net brightcove.hs.llnwd.net players.brightcove.net edge.api.brightcove.com vdata.amap.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.recaptcha.net players.brightcove.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; media-src *.boltdns.net *.brightcovecdn.com *.brightcove.com blob: *.akamaihd.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.cf.brightcove.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
default-src 'self' https://bug.openrightsgroup.org https: data: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' ; img-src 'self' https://bug.openrightsgroup.org https: data: blob: ; child-src 'self' https: data: blob: ; report-uri https://openrightsgroup.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' data: 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; frame-ancestors https://*.adns2.de/ https://*.hsgate.de/; report-uri https://www.hostserver.de/csp/report.php 1
default-src 'self' https:; script-src 'unsafe-inline' https: data:; style-src 'unsafe-inline' https: data:; font-src https: data: 1
default-src 'self' challenges.cloudflare.com *.zdassets.com progressier.com *.alea.com *.firebaseapp.com *.sportradar.com *.spribe.io *.spribegaming.com *.ingest.sentry.io *.googleapis.com *.google-analytics.com s3.amazonaws.com *.vaidebet.site *.obabet.com *.ipify.org *.twinfo.io *.vaidebet.com; frame-src 'self' launchdigi.net *.endorphina.network d10zgitni74b5t.cloudfront.net *.evoplay.games d3q81lcs2d9s77.cloudfront.net d3kg3jb5dnvv3b.cloudfront.net *.7777gaming.xyz *.risemi.net *.mascot.games *.kalamba.net *.doubleclick.net *.wingene.games *.realisticgames.co.uk *.gameassists.co.uk *.livetables.io *.valueactive.eu *.njoybingo.com *.com *.bestra.net *.systems *.voltent.com *.vsslots.com *.onegameslink.com *.betsolutions.com app-e.insvr.com www.facebook.com app.grooveteam.biz aleaplay.evo-games.com m.pgr-nmga.com m.pg-nmga.com cf-iomeu-cdn.relaxg.com obabet.os.tc *.gv-gamespace.com *.groovegaming.com *.spribegaming.com *.redrakegaming.com *.wazdan.com *.spribe.io www.google.com *.pplivedealer.com *.pragmaticplaylive.net *.prerelease-env.biz *.aleaplay.com *.pragmaticplay.net *.sportradar.com *.obabet.com *.twinfo.io *.vaidebet.com s3.amazonaws.com *.obabet.com *.twinfo.io *.vaidebet.site data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' imageproxy.obabet.com *.obabet.com ads.kwai.com *.doubleclick.net *.cloudflare.com *.adsnebula.com *.kwai.net *.antillephone.com connect.facebook.net *.zopim.com *.zendesk.com *.zdassets.com *.chatwoot.com obabet.com progressier.com onesignal.com pushalert.co *.pushalert.co *.hotjar.com *.onesignal.com pushalert.co *.pushalert.co cdn.gtranslate.net *.google-analytics.com *.ipify.org *.sportradar.com obabet.com *.obabet.com *.twinfo.io *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.vaidebet.com s3.amazonaws.com *.vaidebet.site *.obabet.com *.ipify.org *.twinfo.io; style-src 'self' onesignal.com pushalert.co *.pushalert.co *.gstatic.com *.googleapis.com *.sportradar.com *.obabet.com *.twinfo.io *.vaidebet.com s3.amazonaws.com *.vaidebet.site 'unsafe-inline'; img-src * imageproxy.obabet.com thumbs.alea.com *.alea.com data:; font-src 'self' *.gstatic.com *.sportradar.com *.obabet.com *.twinfo.io *.vaidebet.com s3.amazonaws.com *.vaidebet.site data:; connect-src 'self' google.com *.metebet.com.br *.googlesyndication.com *.adsnebula.com *.llnwd.net *.mythad.com logsdk.kwai-pro.com *.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com/api/v2/client/ws *.zendesk.com *.hotjar.io *.zdassets.com *.hotjar.com progressier.com onesignal.com pushalert.co *.pushalert.co api.ipify.org *.googleapis.com *.alea.com *.google.com fonts.googleapis.com *.ipify.org *.googletagmanager.com *.gstatic.com *.sportradar.com *.google-analytics.com *.obabet.com *.twinfo.io *.vaidebet.com s3.amazonaws.com *.vaidebet.site *.obabet.com *.twinfo.io; worker-src 'self' obabet.com blob:; media-src 'self' *.llnwd.net blob:; 1
frame-ancestors 'self' https://manage.dentistryiq.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self';              script-src 'self' https://announceliveapp.blob.core.windows.net https://*.peoplehr.net  https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://*.youtube.com https://widget.intercom.io https://js.intercomcdn.com https://edge.xero.com http://*.addthis.com https://www.googletagmanager.com https://*.moatads.com https://*.addthisedge.com https://cdn.wootric.com https://*.newrelic.com https://bam.nr-data.net/ https://button-app.production.workspace.accessacloud.com/ https://button-content.production.workspace.accessacloud.com/blob/access-button-launcher/ https://cdnjs.cloudflare.com/ 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval';              style-src 'self' https://*.peoplehr.net https://cc-cdn.com https://fonts.googleapis.com https://www.google-analytics.com https://*.googleapis.com 'unsafe-hashes' 'unsafe-inline';              img-src 'self' data: blob: http: https: 'unsafe-hashes' 'unsafe-inline' https://js.intercomcdn.com  https://static.intercomassets.com  https://downloads.intercomcdn.com  https://downloads.intercomcdn.eu  https://downloads.au.intercomcdn.com  https://uploads.intercomusercontent.com  https://gifs.intercomcdn.com   https://video-messages.intercomcdn.com  https://messenger-apps.intercom.io  https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;              font-src 'self' https://*.peoplehr.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com;               connect-src 'self' https://liveannounce.azurewebsites.net https://*.intercomcdn.com https://*.peoplehr.net  https://*.addthis.com https://pixabay.com https://*.accessacloud.com https://api.craftyclicks.co.uk https://api-iam.intercom.io/ wss://nexus-websocket-a.intercom.io https://cc-cdn.com https://*.wootric.com https://bam.nr-data.net/ https://*.googleapis.com;              media-src 'self' http: https: ;              frame-src 'self'  https://*.addthis.com/ https://*.accessacloud.com/ https://*.google.com https://www.youtube.com/ https://intercom-sheets.com https://*.vimeo.com/ https://*.peoplehr.net https://*.amazonaws.com https://www.loom.com blob: 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-5f4c2713-ea2c-4a50-8b5a-3a8745742447' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src *.koolaburra.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com cdn.dashhudson.com images.dashhudson.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.koolaburra.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.koolaburra.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.koolaburra.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; media-src *.koolaburra.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com cdn.dashhudson.com images.dashhudson.com; worker-src *.koolaburra.com blob: *.osano.com; child-src *.koolaburra.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.koolaburra.com/_/csp-reports 1
report-uri /csp-violation-report-endpoint/csp.php; default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 1
default-src 'self'; connect-src 'self' https://*.flyedelweiss.com/ https://chat131.realperson.de/ *.g.doubleclick.net/ *.google-analytics.com/ https://www.facebook.com/ https://www.facebook.com/tr/ https://*.cookiefirst.com https://*.googleapis.com https://pagead2.googlesyndication.com/ https://www.google.com/pagead/ *.google.com https://*.gstatic.com data: blob:; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com/; frame-src 'self' https://*.youtube.com/embed/ https://*.youtube-nocookie.com/ https://chat131.realperson.de/ https://www.facebook.com/ https://www.googletagmanager.com/ *.doubleclick.net/ *.google.com https://*.flyedelweiss.com/; img-src 'self' 'unsafe-inline' blob: data: https://edelweiss.scene7.com/ https://s7g10.scene7.com/ https://*.flyedelweiss.com/ https://ssl.gstatic.com/ https://chat131.realperson.de/ *.google-analytics.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.google.ch https://*.ytimg.com/ *.gstatic.com/ *.googleapis.com/ https://lh3.ggpht.com/ https://*.plusgrade.com/ https://*.doubleclick.net/ https://consent.cookiefirst.com https://static.cookiefirst.com https://ade.googlesyndication.com; media-src 'self' https://www.youtube.com/; object-src 'self' https://www.youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.flyedelweiss.com/ https://tag.manager.google.com/ *.googletagmanager.com/ https://tagmanager.google.com/ https://polyfill.io/ https://code.jquery.com/ https://chat131.realperson.de/ *.google-analytics.com/ *.g.doubleclick.net/ *.facebook.net/ https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://*.plusgrade.com/ https://consent.cookiefirst.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.flyedelweiss.com/ https://tag.manager.google.com/ *.googletagmanager.com/ https://polyfill.io/ https://code.jquery.com/ https://chat131.realperson.de/ https://tagmanager.google.com/ *.google-analytics.com *.g.doubleclick.net/ *.facebook.net/ https://*.google.com *.googleapis.com/ https://*.plusgrade.com/ https://consent.cookiefirst.com https://*.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.flyedelweiss.com/ https://chat131.realperson.de/ https://fonts.googleapis.com https://*.plusgrade.com/ https://consent.cookiefirst.com; frame-ancestors 'self' https://*.flyedelweiss.com/ https://author-p91302-e802904.adobeaemcloud.com/ https://author-p91302-e804188.adobeaemcloud.com/ https://author-p91302-e804189.adobeaemcloud.com/ https://publish-p91302-e802904.adobeaemcloud.com/ https://publish-p91302-e804188.adobeaemcloud.com/ https://publish-p91302-e804189.adobeaemcloud.com/; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob: 1
frame-ancestors 'self' kmutoday.ch 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.i24-7-news.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io https://cdn.tagcommander.com https://maps.googleapis.com https://ws.sharethis.com https://cdn.trustcommander.net https://cdnjs.cloudflare.com https://connect.facebook.net https://afpa.containers.piwik.pro https://fonts.gstatic.com https://www.facebook.com https://facebook.com *.facebook.com *.linkedin.com *.licdn.com *.outbrain.com github.com *.github.com https://l.sharethis.com; style-src 'unsafe-inline' 'self' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io https://fonts.googleapis.com https://fonts.gstatic.com github.com *.github.com https://ws.sharethis.com; connect-src 'self' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://l.sharethis.com https://ws.sharethis.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://afpa.containers.piwik.pro https://afpa.piwik.pro https://data.stbuttons.click https://www.facebook.com https://facebook.com *.facebook.com *.linkedin.com *.licdn.com *.outbrain.com github.com *.github.com https://privacy.trustcommander.net https://privacy.commander1.com https://maps.googleapis.com; img-src 'self' data: *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io https://l.sharethis.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com *.tagcommander.com *.facebook.com *.linkedin.com https://www.facebook.com https://facebook.com https://privacy.trustcommander.net https://privacy.commander1.com https://ws.sharethis.com; font-src 'self' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io https://fonts.googleapis.com github.com *.github.com https://fonts.gstatic.com; frame-src 'self' *.afpa.fr https://www.mon-metier.fr https://www.lapromo1618.fr https://afpa.fr *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.hotjar.com *.hotjar.io https://l.sharethis.com https://maps.googleapis.com https://fonts.gstatic.com https://www.youtube.com https://www.facebook.com https://cdn.trustcommander.net https://ws.sharethis.com; 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        b6.im-apps.net ;     connect-src       *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b6.im-apps.net ;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        www.googletagmanager.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b6.im-apps.net ;     img-src 'self' * data:;     style-src 'self' 'unsafe-inline'                        *.gundam.info                        poplink-f.probo.biz                        fonts.googleapis.com ;     frame-src 'self'                         platform.twitter.com                          *.youtube-nocookie.com                        www.youtube.com                         gins.mixi.jp                         b.hatena.ne.jp                         web.facebook.com                         social-plugins.line.me                         plugins.mixi.jp                         www.facebook.com                         syndication.twitter.com ;     font-src 'self'                         fonts.gstatic.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com db.revoffers.com sp.analytics.yahoo.com s.yimg.com insight.adsrvr.org api.privy.com www.google-analytics.com dpm.demdex.net *.userway.org app.termly.io js.driftt.com *.slack.com diamondcbd.go2cloud.org *.fls.doubleclick.net global.ib-ibi.com tags.bluekai.com pixel.tapad.com uipglob.semasio.net dsum-sec.casalemedia.com player.vimeo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net app.shop.pe *.intercomcdn.com; connect-src 'self' stats.g.doubleclick.net s.yimg.com db.revoffers.com db.trackcb.com www.google-analytics.com a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com telemetrics.klaviyo.com app.termly.io js.driftt.com widget.privy.com *.privy.com *.userway.org *.ipqualityscore.com *.yotpo.com *.authorize.net track.flexlinks.com vimeo.com shop.pe *.datadome.co *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://track.segmetrics.io *.cloudfront.net *.google.com api.agechecker.net https://db.trackcb.com app.shop.pe shopper.shop.pe; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.intercomcdn.com https://*.hotjar.com https://cdn.userway.org cdn.agechecker.net *.cdnfonts.com; frame-src 'self' nytrng.com *.revoffers.com *.driftt.com *.userway.org *.go2cloud.org *.fls.doubleclick.net track.flexlinks.com *.vimeo.com *.googlevideo.com *.gvt1.com video.google.com *.youtu.be *.youtube.com https://*.hotjar.com app.termly.io; img-src 'self' upx.provenpixel.com telemetrics.klaviyo.com insight.adsrvr.org *.google.com *.google.pl *.google.us sp.analytics.yahoo.com www.google-analytics.com *.userway.org privymktg.com google-analytics.com dpm.demdex.net *.privy.com diamondcbd.go2cloud.org service.trafficroots.com sigma2.pubmatic.com *.adsrvr.org *.google.am *.doubleclick.net *.mantisadnetwork.com *.shareasale.com *.shareasale-analytics.com i.vimeocdn.com data: *.truoptik.com *.google.me *.adnxs.com *.bluekai.com *.ib-ibi.com *.semasio.net *.yotpo.com *.dotomi.com *.media6degrees.com https://usermatch.krxd.net https://*.hotjar.com *.cloudfront.net img.agechecker.net api.agechecker.net blob: shopper.shop.pe *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com *.ipqualityscore.com *.yotpo.com www.googletagmanager.com s.btstatic.com *.cloudflareinsights.com *.driftt.com *.klaviyo.com *.authorize.net s.thebrighttag.com cdn-swell-assets.yotpo.com static.klaviyo.com www.google-analytics.com static.cloudflareinsights.com *.userway.org *.termly.io *.privy.com shop.pe *.cloudfront.net *.s3.amaonaws.com *.shop.pe js.intercomcdn.com *.intercom.io https://*.hotjar.com app.shop.pe cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static-tracking.klaviyo.com *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com cdn-loyalty.yotpo.com www.googletagmanager.com s.btstatic.com static.cloudflareinsights.com a.klaviyo.com www.google-analytics.com cdn-swell-assets.yotpo.com s.thebrighttag.com static.klaviyo.com *.userway.org app.termly.io js.driftt.com *.privy.com shop.pe *.ipqualityscore.com *.cloudfront.net ajax.cloudflare.com *.authorize.net *.gstatic.com shareasale-analytics.com *.s3.amazonaws.com *.shop.pe *.datadome.co *.yotpo.com *.intercom.io *.intercomcdn.com *.newrelic.com bam.nr-data.net *.hotjar.com *.facebook.net sdk.trackcb.com https://tag.segmetrics.io cdn.agechecker.net app.shop.pe cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdn-swell-assets.yotpo.com maxcdn.bootstrapcdn.com *.klaviyo.com *.privy.com *.gstatic.com *.cloudfront.net *.addshoppers.com *.userway.org https://*.hotjar.com *.cdnfonts.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.paypal.com https://app.storyblok.com https://analytics.tiktok.com https://www.googleoptimize.com; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com https://unpkg.com https://*.zdassets.com https://m.stripe.network https://*.lovebonito.com *.lovebonito.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://*.scarabresearch.com https://*.googleoptimize.com https://static.scarabresearch.com https://www.googletagmanager.com https://static.hotjar.com https://app.storyblok.com https://script.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://s.pinimg.com https://unpkg.com https://connect.facebook.net https://analytics.tiktok.com https://www.paypal.com https://assets.adobedtm.com https://*.lovebonito.com https://sc-static.net https://*.zendesk.com; script-src-elem * 'self' https://www.google.com https://d.impactradius-event.com https://www.googleadservices.com *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-inline' https://*.emarsys.net https://*.scarabresearch.com https://cdn.jsdelivr.net https://www.googleoptimize.com https://static.scarabresearch.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://app.storyblok.com https://www.googleadservices.com https://static.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://s.pinimg.com https://unpkg.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://script.hotjar.com https://lovebonito.com https://accounts.google.com https://cdn.speedcurve.com https://secure.quantserve.com https://utt.impactcdn.com https://rules.quantcount.com https://merchant.cdn.hoolah.co https://www.paypal.com *.lovebonito.com https://*.zdassets.com https://assets.adobedtm.com https://web-sdk.aptrinsic.com https://*.midtrans.com https://*.amazonaws.com https://*.zendesk.com https://*.stripe.com https://*.klarnaservices.com *.klarnaservices.com https://api.smooch.io https://sc-static.net; report-to 'https://lovebonito.com/csp-report'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.kia.ru https://*.kia.ru blob: https://kia.ru https://*.youtube.com https://vk.com https://ok.ru https://clck.ru https://*.w3.org https://ogp.me https://mc.yandex.ru https://*.googletagmanager.com https://api-online.ecredit.one https://approval-online.e-credit.one https://bankbus.ru https://api.mobility.hyundai.ru https://api.rucrm.net https://api-maps.yandex.ru https://yastatic.net https://*.maps.yandex.net https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://nuxtjs.org https://*.doubleclick.net/ https://top-fwz1.mail.ru https://st.top100.ru https://sys.datadrivenpromotion.com https://translate.googleapis.com data:; style-src 'self' 'unsafe-inline' https://*.kia.ru https://fonts.gstatic.com https://fonts.googleapis.com; font-src 'self' https://*.kia.ru https://fonts.gstatic.com https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob: data: wss: pricespider.com  *.pricespider.com  mapbox.com  *.mapbox.com cdnjs.cloudflare.com;worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com fonts.googleapis.com www.googletagmanager.com *.google-analytics.com *.gstatic.com *.cloudfront.net *.alexametrics.com *.youtube.com player.vimeo.com coub.com giphy.com instagram.com gifer.com music.yandex.ru imgur.com *.imgur.com *.bongacash.com *.bngpt.com https://*.lovense.club:* wss://*.lovense.club:* https://*.lovense.com wss://*.lovense.com https://*.lovense-api.com wss://*.lovense-api.com browser.sentry-cdn.com sentry.io blog.bongacams.com https://*.bcvidorigin.com wss://*.bcvidorigin.com https://*.bcccdn.com wss://*.bcccdn.com https://*.bcvcdn.com wss://*.bcvcdn.com *.bcicdn.com blob: *.zdassets.com *.zendesk.com https://*.zopim.com wss://*.zopim.com u.bongamodels.com; img-src * blob: data:; frame-ancestors 'self' *.bongamodels.com 1
img-src 'self' https://assets.tarkov.dev https://avatars.githubusercontent.com data: https://images.weserv.nl; style-src 'self' https://tarkov.dev https://discord.com 'unsafe-inline'; font-src 'self' https://tarkov.dev https://discord.com; form-action 'self'; script-src 'self' *.cloudflareinsights.com wombatstats.com discord.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net 'unsafe-inline'; object-src 'none'; base-uri 'self'; 1
frame-ancestors *; report-uri https://www.eztexting.com/report-uri/enforce 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-zDLxfFb/XO57jmX8g2x4fA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://*.phocassoftware.com https://*.phocasclouddev.com https://*.phocaspreview.com https://*.phocas.ninja https://*.epicoranalytics.com https://*.epicoranalytics.co.uk https://*.epicoranalytics.com.au http://localhost:5173 http://localhost:8080;; upgrade-insecure-requests 1
default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1
default-src https:; img-src * 'self' blob: data: https: 'unsafe-inline'; font-src 'self' data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src * 'unsafe-inline'; media-src 'self' blob: data: https:; frame-src * 'unsafe-inline' 'unsafe-eval'; worker-src * https; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=my&region=US&lang=en-US&device=desktop&yrid=3t669mpiquca5&partner=; 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://localhost:8732 https://localhost:9732 http://localhost:8732 http://localhost:9732 http://www.uhaul.com http://pwctag.uhaul.com http://pwc.uhaul.com https://showroom.uhaul.net https://www.bing.com https://r.bing.com https://dev.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://webchat.digitalcx.com;object-src 'self' blob:;style-src 'self' 'unsafe-inline' http://pos.uhaul.net https://pos.uhaul.net http://posq.uhaul.net https://posq.uhaul.net http://posd.uhaul.net https://posd.uhaul.net http://posp.uhaul.net https://posp.uhaul.net http://pos.uhi.amerco https://pos.uhi.amerco http://posq.uhi.amerco https://posq.uhi.amerco http://posd.uhi.amerco https://posd.uhi.amerco http://posp.uhi.amerco https://posp.uhi.amerco http://posdev.uhi.amerco https://posdev.uhi.amerco http://fonts.googleapis.com https://www.bing.com https://r.bing.com https://www.google-analytics.com;img-src 'self' data: blob: http://pwc.uhaul.com https://www.bing.com https://r.bing.com https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net https://rewriteq.webselfstorage.com https://rewrited.webselfstorage.com https://www.googletagmanager.com https://rewrites.webselfstorage.com https://www.webselfstorage.com https://www.google-analytics.com https://selfstorageinsider.com https://uhaulmediastorage.blob.core.windows.net https://amercomediastorage.blob.core.windows.net https://dev.webselfstorage.com https://qa.webselfstorage.com https://stage.webselfstorage.com https://i.ytimg.com https://is2-ssl.mzstatic.com;media-src 'self' blob:;frame-src 'self' https://media.uhaul.net https://www.youtube.com https://www.youtube-nocookie.com https://api.wss.local https://apid.webselfstorage.com https://apiq.webselfstorage.com https://apis.webselfstorage.com https://api.webselfstorage.com https://localhost:5001 https://www.google.com/recaptcha/ https://devapi.webselfstorage.com https://qaapi.webselfstorage.com https://stageapi.webselfstorage.com;font-src data: http://fonts.gstatic.com http://fonts.googleapis.com https://webselfstorage.com https://www.webselfstorage.com https://rewrite.webselfstorage.com https://rewrites.webselfstorage.com https://rewriteqa.webselfstorage.com https://rewritebeta.webselfstorage.com https://rewriteq.webselfstorage.com https://rewrited.webselfstorage.com http://tempstage http://wss.local https://wss.local https://localhost:44301 https://dev.webselfstorage.com https://qa.webselfstorage.com https://stage.webselfstorage.com;connect-src 'self' blob: ws: wss: https://www.bing.com https://t.ssl.ak.tiles.virtualearth.net https://www.google-analytics.com;frame-ancestors 'self' https://api.wss.local https://apid.webselfstorage.com https://apiq.webselfstorage.com https://apis.webselfstorage.com https://api.webselfstorage.com https://devapi.webselfstorage.com https://qaapi.webselfstorage.com https://stageapi.webselfstorage.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' app.usercentrics.eu www.googletagmanager.com *.google-analytics.com www.googleadservices.com www.google.com *.s-cloud.fi *.doubleclick.net connect.facebook.net *.giosg.com *.giosgusercontent.com *.crazyegg.com files.cdn.leadfamly.com *.visualwebsiteoptimizer.com app.vwo.com; child-src 'self' blob:; frame-src 'self' app.usercentrics.eu *.doubleclick.net *.s-cloud.fi www.facebook.com prisma.leadfamly.com *.giosg.com *.giosgusercontent.com *.crazyegg.com www.youtube.com; style-src 'self' 'unsafe-inline' *.giosg.com *.giosgusercontent.com *.crazyegg.com; font-src * 'self' 'unsafe-inline' data: https; img-src * 'self' googleads.g.doubleclick.net www.google.com data: https; object-src 'self'; connect-src * 'self' *.s-cloud.fi api.usercentrics.eu graphqp.usercentrics.eu *.google-analytics.com *.giosg.com *.giosgusercontent.com *.crazyegg.com data: https; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.as-coa.org/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com www.googletagmanager.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.smartadserver.com https://id5-sync.com/ https://ced.sascdn.com/ *.sascdn.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com *.salespanel.io *.visitorqueue.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.congressweb.com video.theassociationpartner.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data:; img-src 'self' *.aasa.org *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com www5.smartadserver.com *.sascdn.com picsum.photos *.picsum.photos; media-src 'self' data: blob: https://www.youtube.com video.theassociationpartner.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www5.smartadserver.com https://id5-sync.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com https://snapwidget.com www.podbean.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com www5.smartadserver.com www.congressweb.com https://embed.podcasts.apple.com https://id5-sync.com analytics.google.com; 1
default-src 'self' fonts.gstatic.com *.coloniallife.com use.typekit.net; style-src 'self' 'unsafe-inline' translate.googleapis.com tagmanager.google.com fonts.googleapis.com unumux.github.io optimize.google.com *.mktoweb.com *.coloniallife.com; frame-src 'self' *.doubleclick.net s7.addthis.com bid.g.doubleclick.net mozbar.moz.com gateway.zscalerone.net www.googletagmanager.com googleads.g.doubleclick.net www.facebook.com *.vimeo.com vimeo.com *.buzzsprout.com www.google.com *.mktoweb.com; media-src 'self' 'unsafe-inline' data: *.akamaized.net *.vimeo.com player.vimeo.com vod-progressive.akamaized.net; font-src 'self' www.slant.co data: fonts.gstatic.com www.coloniallife.com coloniallife.com use.typekit.net at.alicdn.com zip.co; child-src 'self' 'unsafe-inline' *.adsrvr.org *.vimeo.com bid.g.doubleclick.net www.buzzsprout.com www.facebook.com *.addthis.com; img-src 'self' 'unsafe-inline' www.google.fr www.google.hu www.google.co.th www.google.cz www.google.az www.google.com.br www.google.es www.google.com.bd www.google.co.ke www.google.ro www.google.com.gh connect.facebook.net translate.google.com www.google.ch www.google.ge www.google.at www.google.com.au www.google.com.pr www.google.com.do www.google.com.mx www.google.com.pk www.google.ca www.google.co.in www.google.de www.google.com.ph www.google.com.et www.google.co.zm www.google.com.ua www.google.com.my www.google.rw www.google.co.uk www.google.ie https://stats.g.doubleclick.net/r/collect stats.g.doubleclick.net/r/ ssl.gstatic.com https://www.google.com/ads/ga-audiences www.google-analytics.com www.coloniallife.com www.googletagmanager.com *.linkedin.com unumux.github.io www.facebook.com *.unum.com www.unumemarketing.com px.ads.linkedin.com www.pages02.net p.adsymptotic.com www.linkedin.com data: secure.adnxs.com q.quora.com bat.bing.com apt.techtarget.com c.clarity.ms www.google-analytics.com www.google.com www.pages01.net c.bing.com *.doubleclick.net www.gstatic.com *.vimeocdn.com forms.hsforms.com track.hubspot.com *.cookielaw.org; base-uri 'self'; form-action 'self' 'unsafe-inline' *.enrollunum.com www.facebook.com www.pages02.net; connect-src 'self' *.googlesyndication.com forms.hscollectedforms.net get663.com www.googletagmanager.com m.addthis.com api-public.addthis.com region1.google-analytics.com https://stats.g.doubleclick.net/j/collect https://ampcid.google.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net bat.bing.com www.facebook.com forms.hubspot.com api.hubapi.com *.cookielaw.org *.onetrust.com *.linkedin.oribi.io *.mktoresp.com; object-src 'none'; frame-ancestors 'self' www.coloniallife.com coloniallife.com; script-src 'self' www.google.com/recap www.google.com/recaptcha/api.js 'sha256-GmB3Q3eaRbAvu89uKL6mhLgGv5dDSM18NJfw3I69gVA=' 'sha256-ltpN4cYu/MHeSIzO0NHCHzMVw/Tm/dY0VHBZOSkoK7o=' 'sha256-HBUOdr5pJJcWWqzzVjYn/1rQAlIXfLYEyG0+om7Mtgw=' 'sha256-Uuy55UVf17cqTWUBZbravIiMlvooVdIpqfKimEBzaNU=' 'sha256-bKfBJyzitpybQB+s/nisJ1RNHQQ56VB+y9w4+jf9eHs=' 'sha256-tExq4rGcv620IJmf44pIrEgqkbldsXkvnltkIf49/Sw=' 'sha256-sg9dqGQqGYldksIsQDCDVsAjXcGweTrXgTSyj42aywk=' 'unsafe-eval' 'nonce-hU3C8BCAp3dfNO2ZUEcruh8hJvY=' s7.addthis.com translate.google.com get663.com *.amcharts.com *.adsrvr.org *.cloudflare.com player.vimeo.com tagmanager.google.com https://ssl.google-analytics.com google-analytics.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.googleoptimize.com www.sc.pages01.net www.sc.pages02.net unumux.github.io  connect.facebook.net bat.bing.com extend.vimeocdn.com trk.techtarget.com bat.bing.com stats.g.doubleclick.net *.clarity.ms googleads.g.doubleclick.net snap.licdn.com *.addthis.com *.moatads.com *.addthisedge.com unpkg.com optimize.google.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com apis.google.com z.moatads.com *.cookielaw.org *.mktoweb.com *.mktoweb.net *.marketo.com *.marketo.net; script-src-attr 'unsafe-inline' 'unsafe-hashes'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://*.gbox.me https://*.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.ballerine.io https://plausible.io https://*.plausible.io;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.geetest.com https://*.googletagmanager.com https://*.geevisit.com https://*.gsensebot.com https://*.gbox.me https://*.ballerine.io https://plausible.io https://*.plausible.io;img-src 'self' data: blob: https://*.geetest.com https://*.google-analytics.com https://*.googletagmanager.com https://*.twitter.com https://*.nonkyc.io https://*.ballerine.io https://plausible.io https://*.plausible.io;connect-src 'self' https://*.google-analytics.com https://*.geetest.com wss://*.nonkyc.io wss://nonkyc.io https://*.nonkyc.io https://*.ballerine.io https://plausible.io https://*.plausible.io;frame-src 'self' https://*.twitter.com https://*.ballerine.io https://plausible.io https://*.plausible.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
object-src 'self'; form-action 'self' https://login.microsoftonline.com; frame-ancestors 'self' 1
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.sc.omtrdc.net bat.bing.com *.mcm-prod.hsbc.fr *.brightcove.net *.zscaler.net *.zencdn.net *.comsimo.com *.wejekihota.com *.nuwipidaro.com *.omtrdc.net *.google-analytics.com *.hsbc.fr *.fujevo.com *.wuruwobeze.com ssl.google-analytics.com www.google.com *.v.liveperson.net connect.facebook.net tags.tiqcdn.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.mcm-prod.hsbc.fr bat.bing.com *.siteintercept.qualtrics.com *.boltdns.net *.brightcove.com *.google.com *.hs.llnwd.net *.doubleclick.net http://127.0.0.1:5000 *.googletagmanager.com *.liveperson.net *.jquery.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com *.api.brightcove.com http://127.0.0.1:5000/* brightcove.hs.llnwd.net *.sc.omtrdc.net *.tt.omtrdc.net *.lo.cobrowse.liveperson.net *.google.fr manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.demdex.net *.zscalertwo.net *.zscloud.net *.zscaler.net *.si-nergie.corp bid.g.doubleclick.net www.facebook.com 8763738.fls.doubleclick.net; frame-ancestors 'self' *.hsbc.fr; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.typekit.net *.alicdn.com *.megabonus.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.lo.cobrowse.liveperson.net; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com http://www.google-analytics.com; img-src 'self' https://ssl.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://docs.google.com http://duenquiry.digitaluniversity.ac https://www.google.com; connect-src 'self'; object-src 'self'; frame-ancestors 'self' http://duenquiry.digitaluniversity.ac; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' yoast.com *.yoast.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self';  frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com http://connect.facebook.net http://glganltcs.space http://eluxer.net http://worldnaturenet.xyz http://urlvalidation.com *.livechatinc.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com *.twimg.com ;  font-src 'self' *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co *.livechatinc.com; object-src 'self'; frame-ancestors 'self' *.tableau.com 1
frame-src *; frame-ancestors https://*.lesmillsondemand.com 1
default-src 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.amazonaws.com *.typekit.net *.googleapis.com *.gstatic.com; font-src 'self' data: *.typekit.net *.gstatic.com; worker-src 'self' blob:; img-src 'self' *.ggpht.com *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.google-analytics.com data:; 1
default-src 'self' sustainalytics.susc4318.eas.morningstar.com https://*.hubspot.com https://*.hubspot.io https://*.hubapi.com https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://s3.console.aws.amazon.com https://*.bizible.com *.newrelic.com https://*.nr-data.net https://*.morningstar.com https://www.morningstar.*; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' sustainalytics.susc4318.eas.morningstar.com *.google.com *.googletagmanager.com *.googleadservices.com https://snap.licdn.com/ https://syndication.twitter.com http://platform.stumbleupon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.msecnd.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsleadflows.net https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io https://js.hsadspixel.net https://js.usemessages.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.6sc.co https://cdn.amcharts.com https://*.bizible.com https://*.bizibly.com https://*.newrelic.com https://*.nr-data.net https://*.surveymonkey.com https://*.ytimg.com http://j.6sc.co http://cdn.bizible.com http://bat.bing.com web-chat.nativechat.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' sustainalytics.susc4318.eas.morningstar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.hotjar.com https://*.hotjar.io https://code.jquery.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.azureedge.net *.google.com *.google-analytics.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://*.hubspot.com track.hubspot.com https://js.hsleadflows.net https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.youtube.com https://*.6sc.co https://*.bizible.com https://*.bizibly.com http://b.6sc.co https://bat.bing.com web-chat.nativechat.com https://cdn.insight.sitefinity.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: sustainalytics.susc4318.eas.morningstar.com https://*.hotjar.com https://*.morningstar.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.google.com *.analytics.google.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://*.hubspot.com https://*.hubapi.com https://api.hubapi.com https://*.hsforms.com https://*.hotjar.com wss://*.hotjar.com https://code.jquery.com *.6sc.co *.newrelic.com https://*.nr-data.net https://*.adnxs.com https://forms.hscollectedforms.net forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com sustainalytics.susc4318.eas.morningstar.com web-chat.nativechat.com; frame-src sustainalytics.susc4318.eas.morningstar.com https://*.google.com https://*.youtube.com https://*.gotowebinar.com/ https://youtu.be https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.com https://*.hotjar.io https://*.podbean.com 'self' web-chat.nativechat.com forms.hsforms.com 1
default-src 'self' cdn.wcc.heine.de https://cdn.wcc.heine.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.heine.de fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net http://dq4irj27fs462.cloudfront.net;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine.de/graphql cdn.wcc.heine.de cdn.witt.info/ images.ctfassets.net te.heine.de tp.heine.de wasp.heine.de wst.heine.de *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com;    style-src 'self' cdn.wcc.heine.de www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.heine.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.heine.de *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.heine.de cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.heine.de;    worker-src 'self' cdn.wcc.heine.de blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
script-src 'sha256-YtKD72Sbe/LUbkaxkWeIcNNFbF0177UpiOmX3whRvPM=' 'self' 'self' 'unsafe-eval' 'sha256-3s5VloH7i39xFofOBn1nDoUjwJCylJWDOnGTVSzBBt8=' 'sha256-QQRtH/KktmOhUezPU77POMn57wj9tdpH25knVd47QqU=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://*.geetest.com https://*.geetest.com http://*.geevisit.com https://*.geevisit.com https://*.zdassets.com https://*.zopim.com https://*.qbox.me https://static.sensorsdata.cn https://*.newrelic.com http://*.ads-twitter.com https://*.ads-twitter.com https://*.legendtrading.com https://cdn.plaid.com https://*.zendesk.com https://www.bitmart.com https://*.cloudflare.com/ https://mc.yandex.ru https://*.adroll.com https://*.facebook.net http://*.facebook.net https://staticpro.bitmart.com https://*.smooch.io https://*.googleapis.com https://*.checkout.com https://*.appsflyer.com https://web.bitmart.site; worker-src blob: https://www.bitmart.com; frame-ancestors 'self' https://*.hotjar.com/ https://*.zdassets.com https://www.trustpilot.com https://web.bitmart.site https://static.sensorsdata.cn 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' wss://chat.20i.com:*; img-src https: 'self' data:; frame-src https: 'self' data:; 1
require-trusted-types-for 'script';report-uri /_/GeoEarthWebHttp/cspreport 1
frame-ancestors https://hdontap.com:* https://*.hdontap.com:* 1
default-src 'self' https:; img-src 'self' data: blob: https://*.gravatar.com https://*.shopify.com https://*.visualwebsiteoptimizer.com https://s.w.org https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.taggbox.com https://*.youtube.com https://*.youtube-nocookie.com https://*.cloudflare.com https://*.visualwebsiteoptimizer.com https://*.googletagmanager.com/ data: https:; style-src 'self' 'unsafe-inline' https://*.fontawesome.com/ https://*.googleapis.com/ data: https:; object-src 'self' https:; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' https://*.fontawesome.com https://*.gstatic.com https://*.cloudflare.com https: data: ; connect-src 'self' https://*.visualwebsiteoptimizer.com https://*.wpshop.io https://*.taggbox.com https://*.googletagmanager.com/ https:; frame-src 'self' https:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adform.net https://*.appboycdn.com https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.btncdn.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.iteratehq.com https://*.klarnacdn.net https://*.mention-me.com https://*.paypal.com https://*.paypalobjects.com https://*.pinimg.com https://*.pusher.com https://*.rmtag.com https://*.stripe.com https://*.tvsquared.com https://*.spoteffects.net https://*.twitter.com https://*.xg4ken.com https://*.zdassets.com https://*.zenaps.com https://*.zopim.com https://ad4m.at https://app.link https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.klarnaservices.com https://*.appsflyer.com https://*.inflcr.co https://*.clarity.ms https://*.keyivr.com https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://cdn.optimizely.com/ https://api.smooch.io; script-src-elem 'self' 'unsafe-inline' https://*.appboycdn.com https://*.bing.com https://*.branch.io https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.pinimg.com https://*.rmtag.com https://*.tvsquared.com https://*.spoteffects.net https://*.zdassets.com https://*.zenaps.com https://app.link https://*.stripe.com https://*.zopim.com https://ad4m.at https://*.pusher.com https://*.braintreegateway.com https://*.mention-me.com https://*.klarnacdn.net https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.appsflyer.com https://*.inflcr.co https://cdn.jsdeliver.net https://*.keyivr.com https://*.clarity.ms https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://*.google.com https://cdn.optimizely.com/ https://api.smooch.io; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://cdn.honey.io https://*.klarna.com https://*.appsflyer.com https://*.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://*.bing.com https://*.braintree-api.com https://*.braintreegateway.com https://*.branch.io https://*.braze.com https://*.bugsnag.com https://*.contentful.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.klarnaevt.com https://*.pinterest.com https://*.postcodeanywhere.co.uk https://*.pusher.com wss://*.pusher.com https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://bw-contact-uploads.s3-eu-west-1.amazonaws.com https://vimeo.com wss://*.pusherapp.com wss://*.zopim.com https://*.sciencebehindecommerce.com wss://*.hotjar.com https://*.heapanalytics.com https://heapanalytics.com https://*.mention-me.com https://bw-form-uploads.s3-eu-west-1.amazonaws.com https://*.cookiebot.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.klarna.com https://*.klarnauserservices.com https://*.appsflyer.com https://*.onelink.me https://capi.bloomandwild.com https://www.instagram.com https://*.google.com https://google.com  https://*.clarity.ms https://*.keyivr.com https://analytics.tiktok.com https://*.auryc.com https://cdn.optimizely.com/ https://logx.optimizely.com/ wss://api.smooch.io https://api.smooch.io; font-src 'self' data: https://*.fontawesome.com https://cdn.honey.io https://*.hotjar.com https://fonts.gstatic.com https://*.klarna.com https://*.appsflyer.com https://*.auryc.com; frame-src 'self' https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://bloomwild.typeform.com https://bloomandwild.typeform.com https://www.mainadv.com https://www.pinterest.de https://www.pinterest.dk https://www.pinterest.co.uk https://*.pinterest.com https://*.pinterest.fr https://*.pinterest.com.au https://*.pinterest.ie https://*.pinterest.at https://*.pinterest.ca https://*.pinterest.es https://*.pinterest.nz https://*.braintreegateway.com https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://*.klarna.com https://*.paypal.com https://*.stripe.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.zenaps.com https://ad4m.at https://ad4mat.net https://mention-me.com https://*.mention-me.com https://*.cookiebot.com https://*.appsflyer.com https://*.inflcr.co https://*.keyivr.com https://*.google.com; child-src 'self' blob: https://*.braintreegateway.com https://*.paypal.com https://*.klarna.com https://*.appsflyer.com; manifest-src 'self'; media-src 'self' https://*.zdassets.com https://*.klarna.com https://*.appsflyer.com; img-src 'self' data: https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.co.in https://*.google.co.nz https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.sg https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.lk https://*.google.nl https://*.google.ro https://*.google.ch https://*.google.pt https://*.google.fi https://*.google.co.za https://*.google.lt https://*.google.cz https://*.google.com.ph https://*.google.lv https://*.google.kz https://*.google.com.hk https://*.google.at https://*.google.be https://*.google.se https://*.google.no https://*.google.je https://*.google.com.qa https://*.google.pl https://*.google.gr https://*.google.com.sa https://*.google.ru https://*.google.hu https://*.google.com.pk https://*.google.com.np https://*.google.com.gh https://*.google.com.cy https://*.google.lu https://*.google.com.tr https://*.google.co.uk https://*.ad4mat.net https://*.adform.net https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.adserver01.de https://*.amazon-adsystem.com https://*.atdmt.com https://*.bidswitch.net https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.contentful.com https://*.creative-serving.com https://*.ctfassets.net https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.gstatic.com https://cdn.honey.io https://*.linksynergy.com https://*.mention-me.com https://*.paypal.com https://*.pinterest.com https://*.rubiconproject.com https://*.stripe.com https://*.taboola.com https://*.tvsquared.com https://*.spoteffects.net https://*.twiago.com https://*.twitter.com https://*.yieldlab.net https://*.zenaps.com https://ad4m.at https://as.ad4m.at https://heapanalytics.com https://id5-sync.com https://carrier-logos.s3-eu-west-1.amazonaws.com https://*.trustedshops.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.appsflyer.com https://*.inflcr.co https://impressions.onelink.me https://www.instagram.com https://*.bloomandwild.zendesk.com https://bloomandwild.zendesk.com https://*.keyivr.com https://*.clarity.ms https://prf.hn https://*.hotjar.com https://static.zdassets.com; report-uri https://api.bloomandwild.com/csp-violations; report-to {"max_age":86400,"endpoints":[{"url":"https://api.bloomandwild.com/csp-violations"}]} 1
script-src 'strict-dynamic' 'nonce-663b42a6d9' 'unsafe-inline' http: https: globallogic.com *.globallogic.com *.mktoresp.com *.ex.co *.cookiebot.com *.cookielaw.org;img-src https: data: *.mktoresp.com *.google-analytics.com *.googletagmanager.com; connect-src *.onetrust.com *.cookielaw.org *.mktoresp.com *.google-analytics.com *.googlesyndication.com *.ex.co *.globallogic.com, *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; base-uri 'none' 1
style-src smurfitkappa.concludis.de *.cookiebot.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://federicoc-seyfarth-a40.udev1a.net https://w.soundcloud.com https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://seyfarth.usablenet.com https://cdn.cookielaw.org https://a40.usablenet.com https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' https://federicoc-seyfarth-a40.udev1a.net https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net ; connect-src 'self' https://seyfarth.usablenet.com https://a40.usablenet.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; font-src 'self' data: https://www.seyfarth.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net/ ; img-src 'self' data: blob: https://www.seyfarth.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; frame-src 'self' mailto: blob: https://w.soundcloud.com https://a40.usablenet.com https://mail.google.com/ https://cdn.yoshki.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://www.google.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
frame-ancestors 'self' http://claro.com.ec http://www.claro.com.ec http://m.miclaro.com.ec https://m.miclaro.com.ec http://miclaro.com.ec https://miclaro.com.ec http://www.miclaro.com.ec https://www.miclaro.com.ec https://miclaro.ec.clarodigital.net http://miclaro.ec.clarodigital.net http://miclaro.ec https://miclaro.ec https://miclaro-ec.amx-dev.amxdigital.net http://miclaro-ec.amx-dev.amxdigital.net https://amxdigital.net http://amxdigital.net https://miclaro-ec.amx-dev.amxdigital.net/ http://miclaro-ec.amx-dev.amxdigital.net/  https://scd-te-ec-livechat-01-328a.azurewebsites.net/ http://scd-te-ec-livechat-01-328a.azurewebsites.net/ https://amx-ec-ase-livechat-client-pro.azurewebsites.net http://amx-ec-ase-livechat-client-pro.azurewebsites.net https://app.urbano.com.ec/ https://app.urbano.com.ec/plugin/etracking/etracking/ https://cdn.kushkipagos.com/ https://link.claro-nbo.uplinkbusiness.com  http://link.claro-nbo.uplinkbusiness.com https://test.claro-nbo.uplinkbusiness.com http://test.claro-nbo.uplinkbusiness.com 1
default-src 'self'; object-src 'none'; font-src 'self' data: static.criteo.net; style-src 'self' 'unsafe-inline' *.bing.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud www.googletagmanager.com tagmanager.google.com; child-src *.criteo.com *.criteo.net www.googletagmanager.com *.facebook.com connect.facebook.net; media-src static.criteo.net; img-src * data: https://www.bing.com https://*.virtualearth.net https://*.gstatic.com www.googletagmanager.com s.d.adup-tech.com d.adup-tech.com; frame-src 'self' consentcdn.cookiebot.com *.criteo.com *.criteo.net https://*.lidl-reisen.de https://www.googletagmanager.com https://211554000000.ferienwohnung-be.de https://lidlreisen.animod.de https://partner.singlereisen.de https://form.lidl.com https://cloud.mail.lidl.de https://www.lidl-gewinnspiel.de https://wlv.kreuzfahrt-be.de https://lidl.snowtrex.de https://*.traffics-ibe.com *.facebook.com connect.facebook.net https://review-service.holidaycheck.com https://review.holidaycheck.com https://www.youtube.com; form-action *.facebook.com connect.facebook.net; connect-src 'self' https://storage.googleapis.com https://www.google.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud *.bing.com https://*.virtualearth.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com *.facebook.com connect.facebook.net consentcdn.cookiebot.com *.criteo.com *.criteo.net *.googlesyndication.com https://clouderrorreporting.googleapis.com https://data.kameleoon.io https://endpoints.lidl-flyer.com https://eum-blue-saas.instana.io https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.bing.com https://r.bing.com https://*.virtualearth.net https://*.cookiebot.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com https://lidlreisen.animod.de https://211554000000.ferienwohnung-be.de https://www.snowtrex.de https://*.criteo.com https://static.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.dwin1.com https://clouderrorreporting.googleapis.com https://*.bd4travel.com https://eum.instana.io https://survey.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.de *.instana.io *.googleadservices.com s.d.adup-tech.com d.adup-tech.com 1
base-uri 'self' *.uxtweak.com  ;default-src 'self' *.tagmanager.google.com *.googletagmanager.com;font-src 'self' fonts.gstatic.com data:;form-action 'self' 'unsafe-inline' export.highcharts.com/ data:;frame-src 'self' *.brightcove.net bcove.video *.youtube.com *.vimeo.com *.powerbi.com *.google.com statistikk.helsedirektoratet.no data: blob:;img-src 'self' *.siteimproveanalytics.io *.google-analytics.com *.tagmanager.google.com *.googletagmanager.com *.vimeocdn.com *.uxtweak.com  data:;object-src 'none';script-src 'self' 'unsafe-inline' *.skyra.no ;style-src 'self' 'unsafe-inline' *.tagmanager.google.com https://parsleyjs.org/src/parsley.css;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com *.uxtweak.com code.highcharts.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js;connect-src 'self' *.google-analytics.com *.uxtweak.com wss://replay.uxtweak.com *.enonic.cloud/api/documasterDownload; 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' *.iheart.com *.valpak.com *.valpakdev.com:8080 localhost:8080 valpak.sc.omtrdc.net *.sdccdn.com *.google-analytics.com *.googletagmanager.com *.sb.scorecardresearch.com *.demdex.net *.google.com *.youtube.com *.vimeo.com *.wufoo.com i.ytimg.com workforcenow.adp.com cm.everesttech.net/cm/ *.s3.amazonaws.com s3.amazonaws.com/qples-gallery/ snapwidget.com/embed/215932 https://cdn.jsdelivr.net/npm/@mdi/font@latest/ https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/ https://unpkg.com/tailwindcss@^2/dist/ https://crosswordlabs.com/ *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.cloudfront.net cdnjs.cloudflare.com aa.trkn.us *.secondstreetapp.com; script-src 'self' 'self' 'unsafe-inline' *.valpak.com valpak.sc.omtrdc.net *.sdccdn.com *.google-analytics.com *.googletagmanager.com *.sb.scorecardresearch.com *.demdex.net *.google.com *.youtube.com workforcenow.adp.com cm.everesttech.net/cm/ *.s3.amazonaws.com s3.amazonaws.com/qples-gallery/ snapwidget.com/embed/215932 https://cdn.jsdelivr.net/npm/@mdi/font@latest/ *.googleapis.com *.gstatic.com aa.trkn.us *.secondstreetapp.com; script-src-elem 'self' 'unsafe-inline' *.valpak.com localhost:8080 *.google-analytics.com *.googletagmanager.com *.sb.scorecardresearch.com aa.trkn.us *.secondstreetapp.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com chimpstatic.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.zopim.com *.stripe.com *.clarity.ms *.kk-resources.com *.iubenda.com *.trovaprezzi.it *.twitter.com *.googleadservices.com *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshchat.com *.smooch.io *.addtoany.com; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.google.it *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.doubleclick.net *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net; media-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it; connect-src 'self' *.bernabei.it *.google-analytics.com *.googleapis.com *.google.com *.clarity.ms *.zendesk.com *.zdassets.com *.doubleclick.net *.zopim.com *.webgains.io d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshdesk.com *.smooch.io *.sentry.io *.kelkoogroup.net wss://*.hotjar.com wss://*.zopim.com wss://*.smooch.io; 1
img-src *  data:; default-src * 'unsafe-inline' 'unsafe-eval'  ; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  https://masimo.showpad.biz/ https://getshogun.com/ https://www.masimopersonalhealth.com/ https://masimopersonalhealth.co.uk/   https://*.masimo.com/ https://*.masimo.co.uk/ https://*.masimo.it/ https://*.masimo.es/ https://*.masimo.de/ https://*.masimo.fr/ https://*.masimo.ca/ https://*.masimo.co.jp/ https://masimo.co.jp/ https://*.masimo.cn/ https://masimo.cn/ https://*.masimo.tw/  https://masimo.tw/ https://*.myshopify.com/; 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr 'self' data: blob: https://*.hotjar.com tag.search.sensefuel.live *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net *.abtasty.com ws.colissimo.fr *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ *.axepta.bnpparibas stage-secure-gateway.hipay-tpp.com secure-gateway.hipay-tpp.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.pinterest.com/ https://www.pinterest.fr/ *.googleapis.com https://www.facebook.com/ paymentpage.axepta.bnpparibas *.pinterest.com *.g.doubleclick.net *.googlesyndication.com https://*.hotjar.com *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net secure-gateway.hipay-tpp.com *.hipay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://cdn.cookielaw.org/ https://bat.bing.com/ https://c.bing.com/ *.google.com *.google.fr *.google.ch *.google.be *.google.de *.google.ca *.google.es https://googleads.g.doubleclick.net/ https://www.facebook.com/ https://lb.analytics.advalo.com/ https://ct.pinterest.com/ *.google-analytics.com *.analytics.google.com *.clarity.ms api.mapbox.com *.onyourmap.com bam.nr-data.net *.effiliation.com *.gstatic.com blob: *.amazonaws.com *.cloudfront.net https://*.hotjar.com *.googleapis.com *.ggpht.com www.christine-laure.fr *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net https://maps.google.com *.abtasty.com *.facebook.com ws.colissimo.fr https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://dqfw2hlp4tfww.cloudfront.net https://www.gstatic.com/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://connect.facebook.net/ https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://s.pinimg.com/ https://googleads.g.doubleclick.net/ https://bam.nr-data.net/ 'self' data: https://cdn.cookielaw.org/ https://bat.bing.com/ *.clarity.ms www.google.fr *.googlesyndication.com blob: *.googleapis.com https://*.hotjar.com tag.search.sensefuel.live *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net stage-secure-gateway.hipay-tpp.com secure-gateway.hipay-tpp.com https://maps.google.com *.hipay.com mpsnare.iesnare.com https://widgets.rr.skeepers.io *.abtasty.com *.facebook.net ws.colissimo.fr api.mapbox.com *.google.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com 'self' data: https://*.hotjar.com tag.search.sensefuel.live *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net *.hipay.com *.abtasty.com *.facebook.net ws.colissimo.fr api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ws.colissimo.fr https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://ct.pinterest.com/md/ https://ws.advalo.com/ https://www.facebook.com/tr/ https://ct.pinterest.com/ https://bam.nr-data.net/ *.clarity.ms 'self' data: *.google-analytics.com bat.bing.com *.onetrust.com *.google.ch *.google.be *.google.de *.google.ca *.google.es *.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.onyourmap.com events.mapbox.com api.mapbox.com *.search.sensefuel.live *.googlesyndication.com googleads.g.doubleclick.net https://bam.eu01.nr-data.net/ *.matomo.cloud *.piwik.pro *.google.tn td.doubleclick.net stage-secure-gateway.hipay-tpp.com secure-gateway.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://api-product-reviews.rr.skeepers.io https://widgets.rr.skeepers.io https://cl-ppr.rr.skeepers.io *.abtasty.com *.facebook.com ws.colissimo.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' data: *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.clarity.ms 'self' 'unsafe-inline'; 1
default-src 'self';                             script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/                                                 https://cdn.jsdelivr.net/jquery.jssocials/1.4.0/jssocials.min.js                                                 https://cookie-script.com/s/aa44aecf65c7b9c161785136df03df5a.js                                                 https://maps.googleapis.com/maps/                                                 https://maps.googleapis.com/maps-api-v3/                                                 https://developers.google.com/maps/                                                 https://www.youtube.com/                                                 https://s.ytimg.com/yts/jsbin/                                                 https://getaddress.io/js/                                                 https://platform.twitter.com/                                                 https://cdn.syndication.twimg.com/                                                 https://cloud.tinymce.com/stable/                                                 https://cdn.tiny.cloud/                                                 https://www.googletagmanager.com/                                                 https://www.google-analytics.com/analytics.js                                                 https://analytics-eu.clickdimensions.com/                                                 https://tableau.ahdb.org.uk/                                                 https://www.googleapis.com/youtube/v3/                                                 https://maxcdn.bootstrapcdn.com/bootstrap/                                                 https://ajax.googleapis.com/ajax/libs/jquery/                                                 https://kit.fontawesome.com/9ddbf38321.js                                                 https://static.ads-twitter.com/                                                 https://www.clarity.ms/                                                  https://connect.facebook.net/en_US/fbevents.js                                                 https://connect.facebook.net/signals/config/                                                 https://cdn.getaddress.io/scripts/jquery.getAddress-2.0.8.min.js                                                 https://*.clarity.ms/                'unsafe-eval' unitegallery.js               ;               style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/                                                https://fast.fonts.net/                                                https://fonts.googleapis.com/                                                https://use.fontawesome.com/releases/                                                https://platform.twitter.com/css/                                                https://ton.twimg.com/tfw/css/                                                https://www.tinymce.com/css/                                                https://cdn.tiny.cloud/                                                https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css                                                https://ka-p.fontawesome.com/releases/                                                    https://use.typekit.net/                                                https://p.typekit.net/               ;               img-src 'self' data: *                             https://media.ahdb.org.uk/                             https://projectblue.blob.core.windows.net/media/                             https://mainsitearchive.blob.core.windows.net/media/                             https://maps.gstatic.com/mapfiles/                             https://maps.googleapis.com/maps/               ;               media-src 'self'                          https://projectblue.blob.core.windows.net/                          https://mainsitearchive.blob.core.windows.net/               ;               font-src 'self' https://maxcdn.bootstrapcdn.com/                               https://fonts.gstatic.com/                               https://cdn.tiny.cloud/                                   https://use.fontawesome.com/releases/                               https://ka-p.fontawesome.com/releases/                               https://use.typekit.net/               ;               frame-src 'self' https://www.youtube.com/                                https://embeds.audioboom.com/                                https://forms.ahdb.org.uk/                                https://ahdb.org.uk/                                https://*.ahdbdigital.org.uk/                                https://app.powerbi.com/                                https://platform.twitter.com/                                https://syndication.twitter.com/                                https://ahdb-milkpricecalculator.azurewebsites.net/                                https://media.ahdb.org.uk/                                https://tableau.ahdb.org.uk/                                https://projectblue.blob.core.windows.net/                                https://www.facebook.com/                                https://player.vimeo.com/                                https://www.slideshare.net/                                https://www.google.com/maps/                                https://zingtree.com/                                https://mapsengine.google.com/                                https://rgcl.ahdb.org.uk/                                https://livestockmarketsdata.ahdb.org.uk               ;               connect-src 'self' https://maps.googleapis.com/                                  https://www.google-analytics.com/                                  https://stats.g.doubleclick.net/                                  https://ahdb-survey-development.azurewebsites.net                                  https://ahdbsurvey.azurewebsites.net                                  https://www.clarity.ms/                                  https://*.clarity.ms/                                  https://www.googleapis.com/youtube/v3/                                  https://kit.fontawesome.com/9ddbf38321.js                                  https://ka-p.fontawesome.com/                                   https://region1.google-analytics.com/                                  https://region1.analytics.google.com/                                     https://kit.fontawesome.com/                1
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com *.ingest.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net *.hotjar.com bat.bing.com www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com browser.sentry-cdn.com optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com *.ingest.sentry.io; connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com *.brevo.com *.ingest.sentry.io transferencia-api-contract-creator-service.retail.qa.autofact.app transferencia-api-contract-creator-service.retail.production.autofact.app transferencia-api-contract-creator-service.retail.staging.autofact.app; img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net https://static.retail.autofact.cl www.google-analytics.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com *.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com *.sibautomation.com sibautomation.com *.ingest.sentry.io *.doubleclick.net; object-src 'self' *.autofactpro.com *.autofact.cl; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=79a4nchiqucf5&partner=; 1
default-src 'self' data: blob: https://*.fbcdn.net https://*.facebook.com https://*.mapillary.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.fbcdn.net https://*.facebook.com https://www.googletagmanager.com/gtag/js;style-src 'self' 'unsafe-inline' https://*.facebook.com https://*.fbcdn.net;connect-src 'self' https://*.fbcdn.net https://*.facebook.com https://*.mapillary.com https://*.openstreetmap.org https://*.arcgis.com/ https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com;font-src 'self' data: https://*.facebook.com https://*.fbcdn.net;img-src 'self' data: blob: https://*.fbcdn.net https://*.facebook.com https://*.mapillary.com https://*.google-analytics.com https://*.googletagmanager.com;media-src 'self' https://*.facebook.com https://*.fbcdn.net https://*.mapillary.com;frame-src 'self' blob: https://*.mapillary.com https://www.youtube.com;worker-src 'self' blob: https://www.googletagmanager.com/gtag/js; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.youtube.com https://img.youtube.com  https://feeds2.iress.co.za https://df.marketdata.feeds.iress.com  https://www.google.com   *.tt.omtrdc.net  https://stream.tribeca.vidavee.com stbg.standardbank.co.za stbg.standardbank.com  stbg.standardbank.co.za stbg.standardbank.com  https://www.googleapis.com https://platform.twitter.com 3.122.158.135 18.197.87.55 18.158.66.119 18.158.9.206 52.44.37.68 *.map2.ssl.hwcdn.net *.tt.omtrdc.net api.smartrecruiters.com cdn.cookielaw.org *.onetrust.com *.fls.doubleclick.net accstandardbank.d1.sc.omtrdc.net ad.doubleclick.net analytics.twitter.com assets.adobedtm.com beacon.krxd.net bid.g.doubleclick.net/xbbe/pixel bs.serving-sys.com business.twitter.com cbks0.googleapis.com cdn.krxd.net cdnjs.cloudflare.com client.demdex.net cm.everesttech.net code.jquery.com connect.facebook.net consent.cookiebot.com/ consentcdn.cookiebot.com/ consumer.krxd.net dc.ads.linkedin.com developers.google.com digitalbanking.standardbank.co.za:8083 dpm.demdex.net fast.standardbank.demdex.net feeds.standardbank.com fonts.googleapis.com fonts.gstatic.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com googleads.g.doubleclick.net i.ytimg.com img.youtube.com jslog.krxd.net khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com maps.lightstoneproperty.co.za noembed.com pixel.facebook.com px.ads.linkedin.com s.ytimg.com secure-ds.serving-sys.com snap.licdn.com standardbank.demdex.net static.ads-twitter.com tpc.googlesyndication.com tribeca.vidavee.com www.facebook.com www.google.co.za www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.homeloans1.standardbank.co.za www.youtube.com ; frame-ancestors 'self'  https://df.marketdata.feeds.iress.com  consent.cookiebot.com/ consentcdn.cookiebot.com/ digitalbanking.standardbank.co.za:8083 img.youtube.com testdigitalbanking.standardbank.co.za:7083 tribeca.vidavee.com; frame-src 'self' https://www.youtube.com https://img.youtube.com  https://df.marketdata.feeds.iress.com  https://stream.tribeca.vidavee.com https://syndication.twitter.com/ https://www.facebook.com/ https://platform.twitter.com/ https://web.facebook.com/ https://careers-v1.peopleclick.com/ https://careers.peopleclick.eu.com/; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-NmJzakFhUFZtaW5VV0hPNFc2bElJRllKM1N1aU9WUkg1ZkVtb0pNQ0VHRT06b3ZwUVdmcmdxMXVoWVJyL0krOW5FeGhpc2szalR3UTJsSnhLMnNJMlZnQT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: blob: cdn.polyfill.io *.google-analytics.com *.googletagmanager.com *.googleapis.com www.google.com www.googleadservices.com sdk.privacy-center.org *.facebook.net *.vimeo.com *.twitter.com static.ads-twitter.com *.doubleclick.net *.hotjar.com *.iadvize.com *.twimg.com sc-static.net www.dwin1.com snap.licdn.com *.youtube.com *.youtube-nocookie.com *.autoroutes-trafic.fr authentication.autoroutes-trafic.fr wt3.autoroutes-trafic.fr s.ytimg.com maptiles.azureedge.net *.iadvize.com tag.aticdn.net *.facil-iti.app *.facil-iti.com *.mapbox.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.twitter.com *.twimg.com wt3.autoroutes-trafic.fr *.iadvize.com; img-src 'self' data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com px.ads.linkedin.com t.co *.google.com *.google.fr *.twimg.com *.twitter.com *.autoroutes-trafic.fr *.blob.core.windows.net *.facebook.com maptiles.azureedge.net *.ytimg.com *.vimeocdn.com filmsgieat.viewsurf.com *.iadvize.com *.privacy-center.org *.facil-iti.app *.facil-iti.com; media-src 'self' data: blob: gieat.viewsurf.com filmsgieat.viewsurf.com *.blob.core.windows.net *.vinci-autoroutes.com *.iadvize.com *.audiomeans.fr *.creacast.com; font-src 'self' data: fonts.gstatic.com *.iadvize.com *.facil-iti.app *.facil-iti.com; connect-src 'self' wss: *.googleapis.com *.blob.core.windows.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com api-ulys-beta.azure-api.net api-ulys.azure-api.net api-ulys-placemark-beta.azurewebsites.net api-ulys-tollstation-beta.azurewebsites.net api-ripit-rec.azurewebsites.net api-ripit.azurewebsites.net *.mapbox.com stats.g.doubleclick.net vimeo.com *.iadvize.com *.privacy-center.org *.xiti.com *.facil-iti.com; frame-src 'self' *.vinci-autoroutes.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.vimeo.com *.vimeocdn.com vars.hotjar.com *.twitter.com *.facebook.com vinci-longvilliers.web.app *.iadvize.com *.facil-iti.app; child-src 'self' blob:; worker-src 'self' blob: 1
default-src 'none'; manifest-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://www.ukrnames.com; frame-src 'self' blob: 'self' https://www.google.com.ua https://*.upc.ua https://*.creditmutuel.fr https://*.privatbank.ua https://*.wayforpay.com https://*.fondy.eu https://*.fondy.io https://*.oschadbank.ua https://*.acdcproc.com https://*.ukrsibbank.com https://*.raiffeisen.ua https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://embed.tawk.to https://cdn.datatables.net https://*.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.gstatic.com https://www.ukrnames.com https://secure.wayforpay.com https://api.fondy.eu https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://secure.wayforpay.com https://api.fondy.eu https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net  https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' https://analytics.google.com wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com https://api.fondy.eu https://*.tawk.to https://*.privatbank.ua https://www.google-analytics.com https://stats.g.doubleclick.net 1
frame-ancestors 'self' https://konsus.sanity.studio 1
frame-ancestors www.marcant.net 1
default-src 'self' blob: www.etq.com *.etq.com use.typekit.net *.typeform.com *.clickagy.com *.rlcdn.com *.openx.net *.typekit.net www.googleoptimize.com www.googleoptimize.com/* *.facebook.net www.facebook.com facebook.com www.facebook.com/tr/ hotjar.com *.hotjar.com hotjar.io *.hotjar.io wss://*.hotjar.com sentry.io *.alicdn.com *.hsadspixel.net *.litix.io *.capterra.com *.bc0a.com *.b0e8.com cdn.b0e8.com *.g2crowd.com tracking.g2crowd.com *.cloudflare.com *.hs-scripts.com *.zi-scripts.com marvel-b2-cdn.bc0a.com cdnjs.cloudflare.com *.googletagmanager.com www.googletagmanager.com www.google-analytics.com *.hs-analytics.net js.hs-analytics.net *.zoominfo.com ws.zoominfo.com *.hsadspixel.net *.terminus.services tribl.io *.hs-banner.com *.hubspot.com *.hubapi.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com *.google.com *.google.ca *.hsforms.com *.driftt.com *.driftcdn.com *.vimeo.com vimeo.com player.vimeo.com *.vimeocdn.com *.imgx.net *.gstatic.com *.googleapis.com *.adsrvr.org *.akamaized.net *.akamaihd.net *.ceros.com *.wistia.com gateway.zscloud.net *.truste.com *.jquery.com *.hsforms.net *.webex.com www.qzzr.com www.g2.com yoast.com www.google.com www.google.ac www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.com.kh www.google.cc www.google.cd www.google.cf www.google.cat www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.g.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gf www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.iq www.google.ie www.google.co.il www.google.im www.google.co.in www.google.io www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.com.lc www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.ne www.google.com.nf www.google.com.ng www.google.com.ni www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pk www.google.com.pa www.google.com.pe www.google.com.ph www.google.pl www.google.com.pg www.google.pn www.google.co.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.rs www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.sm www.google.so www.google.st www.google.sr www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.to www.google.tn www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.co.za www.google.co.zm www.google.co.zw www.admob.com www.adsense.com www.adwords.com www.doubleclick.com www.googleanalytics.com www.google-analytics.com www.youtube.com www.youtu.be www.yt.be www.ytimg.com www.youtube-nocookie.com www.google.org www.google.net www.googleadservices.com www.googleapps.com www.googleapis.com www.gravatar.com *.gravatar.com *.soundcloud.com js.hs-banner.com/41636.js js.hs-analytics.net/analytics/1638817800000/41636.js *.formhq.net js.zi-scripts.com/zi-tag.js analytics.vitalsignstracker.com unpkg.com google.com *.visualwebsiteoptimizer.com data: 'unsafe-inline' 'unsafe-eval'; report-uri /CSP/csp-violation/ 1
default-src 'self' heeet.io *.heeet.io 'unsafe-inline' *.googleadservices.com webcdn.ringover.com; img-src 'self' data: *.clarity.ms *.google.com *.bing.com *.rlcdn.com *.sitescout.com *.clickagy.com www.google.fr webcdn.ringover.com ct.capterra.com *.ytimg.com ytimg.com www.google.com www.facebook.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com cdn.livechat-files.com; script-src *.clarity.ms 'unsafe-inline' 'unsafe-eval' 'self' *.hsforms.net *.tapfiliate.com *.heeet.io *.googleoptimize.com bat.bing.com *.clickagy.com *.cloudflare.com  cdn.heeet.io/js/localstorage-gau.js *.googleadservices.com *.rsc.cdn77.org cdn77.ringover.com cdn.jsdelivr.net *.algolianet.com *.algolia.net *.googlesyndication.com *.g.doubleclick.net *.welcomekit.co welcomekit.co facebook.com linkedin.com *.link-page.info snippets.freshchat.com snap.licdn.com dc.ads.linkedin.com storage.googleapis.com px.ads.linkedin.com ct.capterra.com google.com google.fr *.trustpilot.com embed.tawk.to *.gotolstoy.com  youtube.com pi.pardot.com redirectmail.ringover.com static-v.tawk.to *.google-analytics.com *.googleadservices.com *.googletagmanager.com gstatic.com *.g.doubleclick.net *.gstatic.com *.facebook.net *.gotolstoy.com redirectmail.ringover.com *.google.com *.hotjar.com *.lfeeder.com *.zoominfo.com *.livechatinc.com *.googleanalytics.com; style-src 'self' *.rsc.cdn77.org *.google.com *.googleapis.com *.ringover.com https://fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.statuspage.io *.oribi.io *.clickagy.com *.hsforms.com *.ads.linkedin.com *.clarity.ms *.zoominfo.com *.rsc.cdn77.org cdn.jsdelivr.net *.lfeeder.com *.googleusercontent.com *.algolia.net *.algolianet.com *.googlesyndication.com *.welcomekit.co welcomekit.co *.ringover.com va.tawk.to *.googleadservices.com *.hotjar.com wss://*.hotjar.com *.gotolstoy.com *.google.com *.google-analytics.com *.google.fr *.g.doubleclick.net; font-src 'self' 'unsafe-inline' *.rsc.cdn77.org *.gstatic.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.rsc.cdn77.org *.ringover.com cdn.livechatinc.com; frame-src 'self' *.ringover.com *.cloudflare.com *.hsforms.com *.google.com *.youtube-nocookie.com *.google.com *.hotjar.com *.gotolstoy.com *.youtube.com youtube-nocookie.com *.livestorm.co calendly.com *.facebook.com *.trustpilot.com *.doubleclick.net *.livechatinc.com; child-src 'self' *.rsc.cdn77.org *.ringover.com; form-action 'self' *.hsforms.com *.rsc.cdn77.org *.facebook.com; frame-ancestors 'self' *.rsc.cdn77.org *.ringover.com; object-src 'none'; base-uri 'self' *.rsc.cdn77.org; worker-src 'self' *.rsc.cdn77.org *.ringover.com; manifest-src 'self' *.rsc.cdn77.org; navigate-to 'self' *.rsc.cdn77.org *.ringover.com; upgrade-insecure-requests 1
default-src *.youtube.com *.plerdy.com plerdy.com; connect-src 'self' wss: https://cdn.quickemailverification.com/js/verifyemail.js https://api.quickemailverification.com/c/v1/verify https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google.com https://region1.google-analytics.com/g/collect *.clarity.ms *.plerdy.com plerdy.com; frame-src data: *.youtube.com *.edictmaltaservices.com.mt demo-cdn.net free-demo.net demo-list.com demo-space.net allpkp.net new-cdn.net freegamelauncher.com fdigzone.com mobile3.gameassists.co.uk maxcdnlite.com netent-static.casinomodule.com tdgkn.net m.rgsgames.com repoonlinefree.com slotslib.com games.ac.casinarena.com staticdemo.yggdrasilgaming.com aleagaming-static.casinomodule.com static-games.isoftbet.com review.eu.booming-games.com casinomass.com cdn02.cdn.amatic.com games.gaminatorslots.com ogs-gl-mt1p16.nyxop.net engine-eu.games-assets.xyz games-usfreeplay.ballyinteractive.com aplaydemo.yellowslot.games redirector3.valueactive.eu demo.nyxinteractive.com de.quasargaming.com dvdduo5cpfyid.cloudfront.net dga1sy052ek6h.cloudfront.net demo.yggdrasilgaming.com netent-game.casinomodule.com fdigzone.com ogs-gl-mt1p16.nyxop.net games.gaminatorslots.com www.free-vegas-slots.com www.quasargaming.com www.royalpanda.com www.netent.com www.videoslots.com www.affiliaterepublik.com www.quickfiregames.co.uk *.plerdy.com plerdy.com *.google.com; font-src 'self' data:; img-src 'self' data: *.ytimg.com *.gravatar.com images.dmca.com www.google.com www.googletagmanager.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browser.sentry-cdn.com/5.9.1/bundle.min.js https://cdn.quickemailverification.com/js/verifyemail.js https://www.google-analytics.com/analytics.js https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://www.googletagmanager.com *.clarity.ms *.plerdy.com plerdy.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' 1
frame-ancestors https://login.ajaib.co.id/ https://invest.ajaib.co.id/ https://tradingview.ajaib.co.id/ https://ajaib.co.id/ https://www.ajaib.co.id/; 1
frame-ancestors 'self' https://data.thelawyer.com https://pre-prod-dlt.thelawyer.com 1
default-src 'none'; font-src data: https://fonts.gstatic.com https://*.pixton.com; img-src data: https://*.pixton.com:* https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.google.ca https://fonts.gstatic.com https://track.hubspot.com https://static.hsappstatic.net https://f.hubspotusercontent40.net https://*.hsforms.com https://*.hubapi.com https://*.hubspotusercontent-na1.net https://www.ssa.gov https://i.ytimg.com https://dna8twue3dlxq.cloudfront.net https://*.facebook.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.pixton.com:* https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.stripe.com https://*.facebook.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hsappstatic.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://js.hsleadflows.net https://*.jquery.com https://*.usemessages.com https://cdn.jsdelivr.net https://code.getmdl.io https://platform.linkedin.com https://platform.twitter.com https://www.ssa.gov https://*.youtube.com https://d10lpsik1i8c69.cloudfront.net https://*.profitwell.com https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com; style-src 'unsafe-eval' 'unsafe-inline' https://*.pixton.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.hsappstatic.net https://*.hubspot.net https://*.hubspotfeedback.com https://code.getmdl.io https://www.ssa.gov https://www.googletagmanager.com https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com; frame-src blob: https://*.pixton.com https://*.stripe.com https://*.hubspot.com https://*.hsforms.com https://*.youtube.com https://*.hubspotvideo.com https://docs.google.com; connect-src data: blob: https://*.pixton.com:* wss://*.pixton.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://sentry.io https://*.sumologic.com https://*.cloudfront.net https://fonts.gstatic.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://*.profitwell.com; media-src blob: https://*.pixton.com https://8929196.fs1.hubspotusercontent-na1.net; object-src https://*.pixton.com; frame-ancestors https://*.pixton.com:* https://*.pixton.com; worker-src blob:; base-uri 'self'; form-action 'self' https://*.hsforms.com; upgrade-insecure-requests 1
frame-ancestors 'self' DENIED; 1
frame-ancestors www.wheels.com www2.wheels.com auth.wheels.com 1
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bmvg.de; style-src data: 'unsafe-inline' https: webstatistik.bmvg.de webstatistik.bundeswehr.de *.bmvg.de; img-src data: *.bmvg.de *.bundeswehr.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.ovp.kaltura.com *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com scontent.cdninstagram.com; font-src data: www.bmvg.de *.bundeswehr.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bmvg.de/report-uri/ 1
frame-ancestors 'self' http://firstnaukri.com http://*.firstnaukri.com http://*.naukimg.com http://*.naukri.com https://*.firstnaukri.com https://*.naukimg.com https://*.naukri.com; img-src 'self' * data: blob:; media-src 'self' https://*.firstnaukri.com https://*.naukimg.com  data: blob:; default-src 'unsafe-eval' 'unsafe-inline' 'self' http://*.2mdn.net http://*.adotube.com http://*.brijj.com http://*.doubleclick.net http://*.effectivemeasure.net http://*.facebook.com http://*.facebook.net http://*.fbcdn.net http://firstnaukri.com http://*.firstnaukri.com http://*.googleadservices.com http://*.google-analytics.com http://*.googleapis.com http://*.google.co.ae http://*.google.co.in http://*.google.com http://*.google.co.us http://*.googlesyndication.com http://*.googletagmanager.com http://*.googleusercontent.com http://*.gravatar.com http://*.gstatic.com http://*.jquery.com http://*.naukimg.com http://*.naukri.com http://*.scribd.com http://*.scorecardresearch.com http://*.tapad.com http://*.tribalfusion.com http://*.zedo.com https://*.doubleclick.net https://*.dropbox.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.firstnaukri.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.google.co.ae https://*.google.co.in https://*.google.com https://*.google.co.us https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.jquery.com https://*.naukimg.com https://*.naukri.com https://*.infoedgeindia.com https://logs.infoedgeindia.com https://*.scribd.com https://*.scorecardresearch.com https://*.twitter.com https://partners.infoedge.com https://partners.infoedge.com/uba https://*.vizury.com https://*.zedo.com https://*.infoedge.com https://*.youtube.com https://*.ampproject.org/ http://*.ampproject.org/ https://*.cloudflare.com https://img-c.udemycdn.com https://s3-us-west-1.amazonaws.com https://prod-discovery.edx-cdn.org https://ugc.futurelearn.com https://sands.hbs.edu https://pll.harvard.edu https://sdz-upload.s3.amazonaws.com https://*.inspectlet.com https://*.ieplads.com data:; report-uri https://lg.naukri.com/cspLogger/ 1
frame-ancestors 'self' mindtheproduct.com *.mindtheproduct.com ; 1
default-src 'self'; connect-src 'self' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://o424403.ingest.sentry.io/ https://suggestions.dadata.ru/ https://app.comagic.ru/ https://tracker.comagic.ru/ https://server.comagic.ru/; img-src * 'unsafe-inline' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data: https://*.maps.yandex.net; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz https://yastatic.net 'unsafe-inline' https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com 'unsafe-inline' https://*.maps.yandex.net https://app.comagic.ru/ 'unsafe-eval'; frame-ancestors 'self'; frame-src 'self' blob: https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz; child-src blob: https://*.yandex.ru/ https://*.yandex.az https://*.yandex.by https://*.yandex.co.il https://*.yandex.com https://*.yandex.com.am https://*.yandex.com.ge https://*.yandex.com.tr https://*.yandex.ee https://*.yandex.fr https://*.yandex.kg https://*.yandex.kz https://*.yandex.lt https://*.yandex.lv https://*.yandex.md https://*.yandex.tj https://*.yandex.tm https://*.yandex.ua https://*.yandex.uz 1
frame-ancestors 'self' *.eagle.org; 1
frame-ancestors 'self' localhost:* supermetrics.sanity.studio 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com maps.googleapis.com static.cloudflareinsights.com cdnjs.cloudflare.com d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net ad.doubleclick.net www.google-analytics.com www.googleadservices.com https://*.hotjar.com * connect.facebook.net *.vo.msecnd.net bat.bing.com secure.quantserve.com  *.adalyser.com googleads.g.doubleclick.net *.googlesyndication.com www.clarity.ms rules.quantcount.com *.responsetap.com *.freshrelevance.com *.force.com parkdeanresorts.my.salesforce.com parkdeanresorts.my.site.com *.salesforceliveagent.com *.facebook.com *.vars.hotjar.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.typekit.net fonts.googleapis.com *.force.com parkdeanresorts.my.site.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com *.typekit.net fonts.googleapis.com ds9p2a60lh6fp.cloudfront.net *.force.com cdn.livechatinc.com; connect-src 'self' maps.googleapis.com dc.services.visualstudio.com dn1i8v75r669j.cloudfront.net *.dycdn.net am.freshrelevance.com *.g.doubleclick.net *.clarity.ms ws://am.freshrelevance.com *.google-analytics.com stats.g.doubleclick.net *.responsetap.com *.force.com parkdeanresorts.my.site.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src *.parkdeanresorts.co.uk *.vars.hotjar.com vars.hotjar.com *.fls.doubleclick.net *.facebook.com *.youtube.com *.salesforceliveagent.com *.vimeo.com *.force.com flo.uri.sh public.flourish.studio www.google.com secure.livechatinc.com; child-src *.parkdeanresorts.co.uk *.youtube.com *.fls.doubleclick.net *.hotjar.io www.facebook.com kuula.co ds9p2a60lh6fp.cloudfront.net *.responsetap.com *.force.com parkdeanresorts.my.salesforce.com parkdeanresorts.my.site.com *.salesforceliveagent.com *.force.com *.instagram.com platform.instagram.com www.instagram.com *.facebook.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.me.com.br *.pusher.com static.userguiding.com static.olark.com fast.conpass.io ajax.aspnetcdn.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdn.polyfill.io *.zdassets.com ekr.zendesk.com *.zopim.com zendesk-eu.my.sentry.io unpkg.com unpkg.com/intro.js/intro.js cdnjs.cloudflare.com ssl.google-analytics.com www.google-analytics.com www.recaptcha.net/recaptcha/ www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ *.googleapis.com www.googletagmanager.com knrpc.olark.com js.stripe.com; upgrade-insecure-requests; always; 1
frame-ancestors 'self' dieboldnixdorf.com 1
upgrade-insecure-requests;block-all-mixed-content;default-src 'self' *.driftt.com;connect-src 'self' *.analytics.google.com *.doubleclick.net *.google-analytics.com *.linkedin.com *.osano.com *.salesloft.com *.topworkplaces.com *.yoast.com analytics.google.com aorta.clickagy.com api.redirect.li cdn.linkedin.oribi.io edge.fullstory.com hemsync.clickagy.com https://api.stripe.com https://maps.googleapis.com rs.fullstory.com ws.zoominfo.com vimeo.com yoast.com topworkplaces.com;font-src 'self' data: *.bootstrapcdn.com *.topworkplaces.com fonts.googleapis.com fonts.gstatic.com topworkplaces.com topworkplaces.com;form-action 'self' *.calendly.com calendly.com topworkplaces.com info.energage.com player.vimeo.com www.facebook.com;frame-ancestors 'self';frame-src 'self' *.driftt.com *.adsrvr.org *.doubleclick.net *.google.com *.osano.com *.vimeo.com *.youtube.com app.essential-addons.com calendly.com form.typeform.com hemsync.clickagy.com https://hooks.stripe.com https://js.stripe.com info.energage.com www.facebook.com;img-src 'self' data: * 'unsafe-eval' 'unsafe-inline' *.addthisedge.com *.calendly.com *.calendly.com *.calendly.com *.crocoblock.com *.doubleclick.net *.doubleclick.net *.energage.com *.facebook.com *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com www.google.com *.licdn.com *.linkedin.com *.moatads.com *.topworkplaces.com *.vimeocdn.com *.w.org calendly.com calendly.com calendly.com connect.facebook.net data: fonts.googleapis.com maxcdn.bootstrapcdn.com player.vimeo.com secure.gravatar.com topworkplaces.com;object-src 'self' info.energage.com;script-src blob: http: https: 'self' 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.calendly.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.driftt.com *.facebook.com *.fullstory.com *.google-analytics.com *.google.com *.googleadservices.com *.gstatic.com *.licdn.com *.osano.com *.pardot.com *.salesloft.com *.topworkplaces.com calendly.com connect.facebook.net embed.typeform.com https://js.stripe.com https://maps.googleapis.com info.energage.com js.adsrvr.org maxcdn.bootstrapcdn.com player.vimeo.com tag.simpli.fi topworkplaces.com www.googletagmanager.com ws.zoominfo.com tags.clickagy.com yoast.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.osano.com *.topworkplaces.com embed.typeform.com fonts.googleapis.com topworkplaces.com;worker-src blob: *.osano.com self topworkplaces.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://match.adsrvr.org *.vimeo.com cdn.c212.net c212.net *.youtube.com *.mathtag.com *.typekit.net; style-src 'self' 'unsafe-inline' *.venable.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.typekit.net; img-src 'self' data: *.google-analytics.com *.siteimproveanalytics.io p.adsymptotic.com *.linkedin.com *.adsymptotic.com *.mathtag.com *.adsymptotic.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://connect.venable.com https://www.connect.venable.com selfapply.venable.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io *.vimeo.com stats.g.doubleclick.net *.linkedin.com https://vimeo.com; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests; block-all-mixed-content;upgrade-insecure-requests 1
default-src 'none'; base-uri 'none'; connect-src 'self' https:; form-action 'self'; font-src 'self' https: data:; img-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self'; worker-src 'self' 'unsafe-inline' data: blob:; frame-src 'none' 1
frame-ancestors 'self' *.dasreda.ru; object-src 'self' *.googlesyndication.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://fonts.bunny.net/ data: cdn.dasreda.ru *.clients-cdnnow.ru; img-src 'self' *.dasreda.ru https://stream.datago.ru https://code.jivo.ru *.google-analytics.com *.owox.com *.google.com *.google.ru https://vk.com https://login.vk.com https://statad.ru https://mc.yandex.ru *.vimeocdn.com *.vimeo.com www.gstatic.com/recaptcha https://prod.smassets.net https://top-fwz1.mail.ru cdn.dasreda.ru https://*.tildacdn.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com https://*.googleusercontent.com *.ytimg.com *.youtube.com https://www.facebook.com https://kraken.rambler.ru https://sync.rambler.ru data:; connect-src 'self' *.dasreda.ru *.google.com https://mc.yandex.ru https://mc.yandex.md partners.sbermarketing.ru *.g.doubleclick.net https://top-fwz1.mail.ru https://securepayments.sberbank.ru https://*.getresponse.com https://ts.getresponse.pl https://stream.datago.ru *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.youtube.com *.rutube.ru *.zen.yandex.ru vimeo.com *.jivosite.com https://*.jivo.ru *.deadlinefunnel.com https://*.tildacdn.com https://vk.com https://visor.sberbank.ru https://sve.online.sberbank.ru https://dmp.sbermarketing.ru https://dmp-profiles.sbermarketing.ru wss://uni-tracking.dasreda.ru wss://*.jivosite.com wss://*.jivo.ru; manifest-src 'self' *.dasreda.ru; base-uri 'self' *.dasreda.ru; form-action 'self' *.dasreda.ru *.google.com https://www.facebook.com/tr; media-src 'self' *.dasreda.ru *.youtube.com *.rutube.ru *.zen.yandex.ru *.vimeo.com vimeo.com *.jivo.ru blob: dasreda.ru; prefetch-src 'self' *.dasreda.ru https://code-ya.jivosite.com https://cdn.rutarget.ru; worker-src 'self' www.recaptcha.net blob: www.google.com *.dasreda.ru; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.paginesispa.it https://paginesispa.it; 1
frame-ancestors https://*.infomaniak.com https://*.infomaniak.ch 1
default-src https: 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval';              img-src 'self' data: www.googletagmanager.com via.placeholder.com cloudfront.net *.cloudfront.net hsforms.com *.hsforms.com sitesearch360.com *.sitesearch360.com hubspot.com *.hubspot.com google.com *.google.com *.google-analytics.com bugherd.com *.bugherd.com *.s3.amazonaws.com;              script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net gstatic.com *.gstatic.com google.com *.google.com bugsnag.com *.bugsnag.com cloudfront.net *.cloudfront.net bugherd.com *.bugherd.com pusher.com *.pusher.com pusherapp.com *.pusherapp.com *.s3.amazonaws.com sproutvideo.com *.sproutvideo.com cpwebassets.codepen.io code.jquery.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com sitesearch360.com *.sitesearch360.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net api.hubapi.com fontawesome.com *.fontawesome.com fonts.googleapis.com www.w3.org hubspot.com *.hubspot.com googleads.g.doubleclick.net forms.hsforms.com cms.analytics.yahoo.com www.googletagmanager.com www.googleadservices.com code.highcharts.com newton.newtonsoftware.com recruitingbypaycor.com www.google-analytics.com;               style-src https: 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com;               frame-src https: 'self' *.hs-sites.com recruitingbypaycor.com recruitingbypaycor.com c.sharethis.mgr.consensu.org; 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com cdn.canvasworld.com;frame-ancestors 'self' https://www.canvasworld.com;object-src 'self' https://www.canvasworld.com;upgrade-insecure-requests 1
font-src 'self' https://fonts.googleapis.com https://ncrb.gov.in https://fonts.gstatic.com; 1
default-src 'self' fonts.googleapis.com maps.googleapis.com storage.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com use.fontawesome.com o86362.ingest.sentry.io static.trimoz.com api3.staging4.clicsante.ca api3.pentest.clicsante.ca api3.clicsante.ca api3.staging4.pharmaservices.ca api3.pharmaservices.ca northamerica-northeast1-trimoz-staging-ca-east-global4.cloudfunctions.net northamerica-northeast1-trimoz-pentest-ca-east-global.cloudfunctions.net northamerica-northeast1-trimoz-prod-ca-east-global2.cloudfunctions.net https://patient-sipmi-sync-http-dr3jl7fy4q-nn.a.run.app gia.sx5.rtss.qc.ca auth.staging4.clicsante.ca auth.clicsante.ca 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://portal3.clicsante.ca/ *.familiprix.com familiprix.com *.jeancoutu.com jeancoutu.com *.brunet.ca brunet.ca *.accespharma.ca accespharma.ca acces-pharma-2019.ddev.site acces-pharma-2019.akufen-server.ca; img-src 'self' fonts.googleapis.com maps.googleapis.com storage.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com use.fontawesome.com o86362.ingest.sentry.io static.trimoz.com api3.staging4.clicsante.ca api3.pentest.clicsante.ca api3.clicsante.ca api3.staging4.pharmaservices.ca api3.pharmaservices.ca northamerica-northeast1-trimoz-staging-ca-east-global4.cloudfunctions.net northamerica-northeast1-trimoz-pentest-ca-east-global.cloudfunctions.net northamerica-northeast1-trimoz-prod-ca-east-global2.cloudfunctions.net https://patient-sipmi-sync-http-dr3jl7fy4q-nn.a.run.app gia.sx5.rtss.qc.ca auth.staging4.clicsante.ca auth.clicsante.ca data:; report-uri https://o86362.ingest.sentry.io/api/5504686/security/?sentry_key=8449f8797b95465bb9ba330048794976;; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com data:; 1
script-src 'self' 'sha256-AIQ71vC/cbv/iqjppDIzKmgomz6eW5/k5hz3XvRuCKE=' 'sha256-va6TOOjz2O22I13r7TKpGTYrmwQl7hID00pD+ETzAdM=' 'sha256-heANn1E8Yn/qF1A0lZCrnC4ilwDUOW7Z7evrkSgxFR8=' 'sha256-BMYxtlO2hL/pehK8YAu8xRZ9jL4BQUiXnn3WovaMdIM=' 'sha256-IbH1Ihx32vNxIPMwlmBbNkjlXta98Wx2gfSuspwc62U=' 'sha256-uUGh27mkxFtZNzF/ByZ7D7sYXa8sltfuYLBXw19uotc=' 'sha256-n7z4INwcAkTKOdFpSCbW0ljQM78wYIsX2hGldWJmQAM=' 'sha256-7BAcmBfaSuowENlKq0JUN8LsI3jbdO5c8K2BclnHCgU=' 'sha256-O0Kte81KfNR2Zr0NGw0tr/lT4VMU8bBXf1HZChkuChI=' 'sha256-w20TOnoqCiPZGNds65jI57FSvIq5TKuof8cVjjVA1EE=' 'sha256-paUsbkTbSfxKpuhYfSCnZaRi3xHaOisQ+jOYFtIZRco=' 'sha256-A+Yjb3xhGL5QoIPZPtTRpHpzodNRIsDfcVz/UI2vfwg=' 'sha256-bL63edAiBQUXjZMqy57RmDZEpd2wty21w7e9ocyuV4A=' 'sha256-wlVGSvV56aMXMmGh9FumPemeT/ueqzjElAZB3Xveojg=' 'sha256-nRUjnpDfxYvKLKTfCXn9k6ALcaBHbD12VGQY0XzdSXA=' 'sha256-XT/SJjKhuAoxfoOAdYPuEqzExkNgTryWmSh74xu85Xc=' 'sha256-9+bCXmCH7rvBmMvNli/g/8wB2HzkzUUFzSeAdQfvvXM=' 'sha256-rbb17uLBFanQt669VKrpgvkYiqPvygMZ/TSEY8gxfDc=' 'sha256-243kzjxy1sReMb9O9ucZU2KPAgdO2KDqBuESoP5R7Hg=' 'sha256-L5APfdQoICyyu1LncBgMQXz2Cyt35jkRMtuq1tlTM0E=' 'sha256-KhbBK1W+t2ppnDcn2tBLGdjjIoWWXMaj+rzURZ4kfG8=' 'sha256-qw7UDibYMW5FsmfqYre81D8aQz9Ig4Vu3q37Fv7CWUE=' 'sha256-RlONmandIqG29OoZalJmIE+hy/HKK4icbsQh9rNCUxg=' 'sha256-YFb3GiEgChZVtZPCox97PG7imh4OHvwmXNUpbJQefAc=' 'sha256-b3VFmkBB+Dd9QhUtmEcVzIY7c8aVWdWOFrz5nt5JXW8=' 'sha256-T8fdTKma0sQum2en0NkD+0VmlGbd2pK5W5dTLjwaj1E=' 'sha256-B6ae1solGMdp100CEJqwCaOBpwXkQsQv1iT8LJdm2S8=' 'sha256-6aUZ1r3vDv2jbBgP0ak1c/VFuLjV8V7k8kYssyDCFMg=' 'sha256-dcjkGi6HbaBCVti20IlbRizKaBpmBm9R+WuDbLsVgkY=' 'sha256-Nko+FKK4HTlTt8BILHjSfHznZWbVsty2suK0cj+Dxh4=' 'sha256-3Wm/AUruDTm1zeyL5HBD4m5vWSx0uKpDm9pruGctOPA=' 'sha256-b5TlYbCiggWejRQSyEnVeh05xS30FXTzTwKD5fAX26g=' 'sha256-gvZoYP95M3bOOA38b8TWsEbLte9G3BvEaw2Cq7rXkws=' 'sha256-F+D2YA1vJAt4HUuZPTUntKwe2CaScBZi/d4JZSZHSdA=' 'sha256-IOFpjDkdQi15gLIDUMv3oHdZxSB+DKfwlZwDUAp2K6g=' 'sha256-b0WdRqkjfLCW+hdbOTh/0LEToM39GKp5tklHJ9mYg24=' 'sha256-TI77cnJmXFjkCezVLceoEtQn1IvBgBZTG67cu7+IMso=' 'sha256-2YylypI4lDxpNpagwNrDyzKSNw09V0YvqYJet1XGynM=' 'sha256-iGUSlYfxa5hvU3+8AvMcr8Iui13nfeAvfcnkt4mN9/Q=' 'sha256-lKKyGJkWi3k8TGTg5AT3FZUGQ5woYymqhWli6KSI1A4=' 'sha256-pm1xOW3PChyQDSi3FMnXJhv/3TNZvKA3NkH3ejjTvLg=' 'sha256-pm1xOW3PChyQDSi3FMnXJhv/3TNZvKA3NkH3ejjTvLg=' 'sha256-1JqVY+/ccgQLZRJxXmARuuw7prmC8dMdzxGcGqfFG7U=' 'sha256-k0x6LEf752lnSYLElXf3ATwTqJmyoHBip3m52Zi+4uU=' 'sha256-ezqZ42NGLbV7IXa4+Y1aKeB5GC0mTr4r9JyG6vn76Yg=' 'sha256-8SRDksOYKw+w4Uj6jD2FGI5KWcNo/joOOPHsr9s/FDU=' 'sha256-narskeCfkY2s7lLNmY8VHv68tI08F9lzSHgA76rk5Ss=' 'sha256-ZJNZf3QmWNfWyxiCv6DvfM4cWA2sviCbc4BQNcWaF9g=' 'sha256-+XBHbZ7fVywUMEU7R5jpkqOSKC30pe/lwGut1FCvUYk=' 'sha256-OPUmYyN6abaLCx4ntHJqQQ0caI1h24wl12BuqBMMw4s=' 'sha256-hW1qT63zTErxFM2yM24ws4nkuPvVIRvCiOlcsox55d0=' 'sha256-B/Qg/yz3J8z0JnJDkHL+z9W91d+45W898TuNR75ubTQ=' 'sha256-jAesQ02hAHaCDp0hwlcvJPoagAsNK3SqWC88YQkoWN0=' 'sha256-Wit2mSrHkp1EKrmuguCZCm90V8Rn08JEG1zNP/qe5Bc=' 'sha256-hNTOFD/Vw4DGG+8dAHPkSr5DUnh0U7SCWDcbptGUdVs=' 'sha256-cOXpSszfPpqHXYdBqhnu2aEAKzNl1F3r/7hbKfXSTaU=' 'sha256-IcTwDbvDzSegNrYlXdBM+JYmM/qR+a6CzL/Ow9IuEvQ=' 'sha256-+jWOldyMR2URwkWCUpRCJgIHZsoFl5TbuP4IUjhfhKU=' 'sha256-2hSMjUqy4QvCAaS3Z+fInO9QheS0ujG6RGRybSsmIoo=' 'sha256-hpT5H9tpmbgsHZj57qeb58F23eiFSs83Vg6BuzOpLDM=' 'sha256-U3TMn3zWli0V2ForAElNKtOhC3tBR6Ru+DSPyQN8Jwo=' 'sha256-x/itwPidv9+L6cMMmKjJdNvw0/a1pvm5LG/OPueCiOw=' 'sha256-9JFFZm0EXX9aREfth5eKjWP7VJHoCw8+dRpinXi72i0=' 'sha256-2ql5a5KJ1zVedzgVslZDx9GH6Ugw0WnmESRO4JIA9Jg=' 'sha256-pazvKIH8e9CDlbFL3OvExx14t+N5TKd63cGA2PT/p/w=' 'sha256-scJxNFktHRyFZnIWgn0nQYbPmGHgvEvodDns5ULBEtY=' 'sha256-KQ572gsMoe2ApGGtNKt8sn6RzlAMGeMavN3hrQg0lUg=' 'sha256-nWswRGJb0wwpsoO4r80ucYihPTeSwBhpZlIet03tB0o=' 'sha256-O6Vo4q1EFTdbDmEUJyY9WIpqFH3S8QifA3BDEktBsO8=' 'sha256-5m+l5iHs/jzDD9DpsWY7uI2+kr3jEDoY20zgp/e6hI0=' 'sha256-wgHn5tXAjwNChO+bHx/FK5jc4ikIVKLydM38+ADva40=' 'sha256-AIQ71vC/cbv/iqjppDIzKmgomz6eW5/k5hz3XvRuCKE=' https://plausible.io/js/script.js https://code.jquery.com/jquery-3.6.4.min.js https://js.hsforms.net/forms/embed/v2.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://*.cookiebot.com https://js.hs-scripts.com/4109677.js https://www.googletagmanager.com/gtag/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-analytics.net/analytics/ https://js.hsleadflows.net/leadflows.js https://googleads.g.doubleclick.net/pagead/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://fast.wistia.com/embed/medias/ https://fast.wistia.com/assets/ https://js.hs-banner.com/integrations.js https://js.hubspot.com/web-interactives-embed.js https://js.hs-banner.com/v2/4109677/banner.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; object-src 'self'; base-uri 'self'; 1
default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'none'; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com netdna.bootstrapcdn.com seaside.ns.ca www.google.com www.facebook.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com analytics.google.com affiliates.vubiquity.com fonts.googleapis.com www.google.ca fonts.gstatic.com fonts.googleapis.com code.jquery.com cdn.example.com cdn.jsdelivr.net www.google.com connect.facebook.net beca www.google-analytics.com www.gstatic.com stats.g.doubleclick.net; frame-src 'self' seaside.ns.ca affiliates.vubiquity.com youtube.com www.youtube.com www.google.com; img-src www.facebook.com www.google.com www.google.ca connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net 'self' seaside.ns.ca www.seaside.ns.ca  1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9e5f1e29ab48d5bebd7d07e165761d63'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
report-to 'self' ; child-src 'self' *.livechatinc.com *.youtube.com *.google.com; ; connect-src 'self'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.sentry.io *.googletagmanager.com *.livechatinc.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self'  *.gstatic.com *.bootstrapcdn.com cdn.jsdelivr.net data: fonts.gstatic.com i.icomoon.io *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.livechatinc.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.livechatinc.com *.livechat-files.com *.livechat-static.com *.youtube.com  *.google.ca *.bing.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org *.livechatinc.com *.livechat-static.com *.youtube.com *.google.com; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net *.livechatinc.com *.livechat-static.com *.youtube.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  cdn.jsdelivr.net *.livechatinc.com *.bing.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline' ; style-src 'self'  *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.livechatinc.com *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:; 1
frame-ancestors 'self' *.cub.com 1
report-uri https://o1010732.ingest.sentry.io/api/4504235589304320/security/?sentry_key=adf9868d53ff42b380563256a7a135a7;base-uri 'self';child-src 'self' blob:;connect-src 'self' https://www.lottohelden.de https://www.lottohelden.de https://www.lottohelden.de https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com https://sentry.io https://*.ingest.sentry.io https://*.graphcms.com https://cdna.lottohelden.de https://*.pragmaticplaylive.net https://*.gambling-hub.com https://*.online-metrix.net https://*.seondfresolver.com https://*.seondnsresolve.com https://*.facebook.com https://*.facebook.net https://*.biahosted.com https://*.sportradar.com https://*.statscore.com https://devtools.apollodata.com https://csp.withgoogle.com;font-src 'self' data: https://s3-eu-west-1.amazonaws.com https://*.biahosted.com https://*.statscore.com;form-action 'self' https://www.facebook.com;frame-ancestors 'self';frame-src 'self' https://www.googletagmanager.com *.ad-srv.net https://cdna.lottohelden.de https://media.graphassets.com https://cdn02.cdn.amatic.com https://staging-rent.amatic.com:10443 https://*.blueprintgaming.com https://mgs.amusnetgaming.com:8181 https://res.amusnetgaming.com https://egt-interactive.com https://free.egtmgs.com:9998 https://mgs-staging.egtmgs.com:8181 https://*.egtmgs.com https://*.gambling-hub.com https://*.gamevy.com https://cdn.gamevyggcloud.com https://integration.intopenv.com https://integration.intopenv.com:9411 https://*.finrings.com https://*.poweredbygluck.com https://*.hacksawgaming.com https://games.pariplaydev.com https://*.pariplaygames.com https://*.pragmaticplay.net https://pariplay.prerelease-env.biz https://*.playngonetwork.com https://*.redrakegaming.com/ https://*.rubyplay.com/ https://lottohelden-static.casinomodule.com https://*.spinomenal.com https://*.spinomenal.io https://*.spribe.io https://*.spribe.dev https://*.spribegaming.com https://*.yggdrasilgaming.com https://pariplay.intgr.booming-games.com https://pariplay.mt.booming-games.com/ https://yard.gcsd.io https://assets.cdn.systems/ https://*.online-metrix.net https://tbl.tradedoubler.com https://*.facebook.com https://*.facebook.net https://embed.twitch.tv https://*.youtube.com https://*.youtube.de https://www.youtube-nocookie.com https://*.biahosted.com https://fbstreambro.cc https://spbro.live;img-src 'self' blob: data: https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.ad-srv.net https://translate.google.com https://media.graphassets.com https://media.graphcms.com https://*.gstatic.com https://*.lottohelden.de https://games.gamevy.com https://*.pragmaticplaylive.net https://*.online-metrix.net https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.ytimg.com https://sport-widgets.s3.amazonaws.com https://*.biahosted.com https://*.sportradar.com https://*.statscore.com https://storage.googleapis.com https://res.cloudinary.com/;object-src 'self' https://cdna.lottohelden.de https://*.online-metrix.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ad-srv.net https://cdna.lottohelden.de https://*.online-metrix.net https://cdn.seondf.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://embed.twitch.tv https://*.biahosted.com https://*.sportradar.com https://*.statscore.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://translate.googleapis.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.biahosted.com https://*.sportradar.com https://*.statscore.com;worker-src 'self' blob: 1
style-src 'self' 'unsafe-inline' web.redhelper.ru 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=00v8jndiqu9id&partner=; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: data: blob:; object-src 'none'; child-src https: blob:; frame-src https: data: 1
default-src 'self';script-src-elem 'self' www.googletagmanager.com www.google-analytics.com 'unsafe-inline';script-src 'self' 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;connect-src 'self' google-analytics.com www.google-analytics.com;img-src 'self' www.google-analytics.com; 1
default-src 'self';               script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cloudui-emea01.profilestore.episerver.net/ *.mitel.io https://ajax.aspnetcdn.com https://az416426.vo.msecnd.net https://geolocation.onetrust.com https://api.emea01.idio.episerver.net https://in.hotjar.com https://api.addressy.com https://sit.encoded.services https://prod.encoded.services https://script.hotjar.com https://analytics.twitter.com https://www.youtube.com https://s.emea01.idio.episerver.net https://static.hotjar.com https://s.pinimg.com https://static.ads-twitter.com https://connect.facebook.net https://cdn-ukwest.onetrust.com https://maps.googleapis.com *.googleapis.com *.googletagmanager.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://dl.episerver.net https://code.jquery.com https://widget.trustpilot.com *.mitel.io *.yotpo.com https://optimize.google.com *.google-analytics.com *.analytics.google.com https://ddetags.s3.amazonaws.com https://cdn.datatables.net https://encoded.as1.gpayments.net *.gpayments.net t.contentsquare.net app.contentsquare.com;               connect-src 'self' https://privacyportal-uk.onetrust.com *.hotjar.com https://staticw2.yotpo.com *.mitel.io https://geolocation.onetrust.com/ https://pui.episerver.net https://dc.services.visualstudio.com https://www.facebook.com/ https://vc.hotjar.io https://api.addressy.com/ https://in.hotjar.com https://sit.encoded.services https://prod.encoded.services https://ct.pinterest.com https://stats.g.doubleclick.net https://cdn-ukwest.onetrust.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://api.yotpo.com https://emea.dde.alterian.net https://encoded.as1.gpayments.net *.gpayments.net data: gap: ws: *.contentsquare.net;               img-src 'self' data: gap: https://connect.facebook.net/ https://dl.episerver.net https://cdn-ukwest.onetrust.com/ https://analytics.twitter.com https://login.microsoftonline.com https://via.placeholder.com https://www.googletagmanager.com/ https://yotpo-stool.s3.amazonaws.com *.yotpo.com https://i.idio.co *.twimg.com www.google.co.uk https://csi.gstatic.com www.google.com  https://maps.gstatic.com *.gstatic.com https://maps.googleapis.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://www.facebook.com https://t.co https://ct.pinterest.com https://a.emea01.idio.episerver.net https://content.email.thewinesociety.com https://optimize.google.com *.google-analytics.com *.analytics.google.com *.contentsquare.net;               style-src 'self' 'unsafe-inline' https://cloudui-emea01.profilestore.episerver.net/ https://staticw2.yotpo.com https://fonts.googleapis.com *.googleapis.com https://dl.episerver.net https://www.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://cdn.datatables.net/;               font-src 'self' https://staticw2.yotpo.com https://fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com data:;               form-action 'self' https://ws3.hotjar.com https://ws13.hotjar.com https://www.facebook.com https://uat.encoded.services https://prod.encoded.services https://sit.encoded.services https://gateway-int.cashflows.com https://gateway.cashflows.com;               object-src 'self';               media-src 'self';               frame-src 'self' *.mitel.io https://manager.emea01.idio.episerver.net https://www.facebook.com/ https://widget.trustpilot.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube.com https://login.microsoftonline.com/ https://sit.encoded.services https://prod.encoded.services https://t.co https://a.emea01.idio.episerver.net https://www.thewinesocietycommercemanager.local https://mgrwine01mstr19nt5inte.dxcloud.episerver.net https://mgrwine01mstr19nt5prep.dxcloud.episerver.net https://mgrwine01mstr19nt5prod.dxcloud.episerver.net https://optimize.google.com https://www.pinterest.com https://www.pinterest.co.uk https://encoded.as1.gpayments.net *.gpayments.net;               child-src 'self' blob: https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube.com https://login.microsoftonline.com/ https://sit.encoded.services https://prod.encoded.services https://encoded.as1.gpayments.net *.gpayments.net https://s.pinimg.com;               worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com/ *.optimizely.com/ g9zdov47b9.execute-api.us-east-1.amazonaws.com/dev/ www.google-analytics.com/ stats.g.doubleclick.net/ www.google.com/ads/ www.google.ca/ads/ www.google.com/recaptcha/ www.gstatic.com/ s2.coinmarketcap.com *.celsius.network celsius.zendesk.com https://www.youtube-nocookie.com/ https://img.youtube.com/ cdn-images-1.medium.com https://api.coinpaprika.com/ https://static.ada.support/ https://rollout.ada.support/ https://celsius.ada.support/ https://api.videos.staging.celsius.network/ https://api.videos.celsius.network/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com/ vitals.vercel-insights.com https://api-js.mixpanel.com/ *.customer.io/ www.rtb123.com/tags/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ *.googleadservices.com/ https://www.rtb123.com/tags/3FEC9080-3B7B-613F-E363-AD702E43E2C4/btp.js celsius-staging-public.s3.amazonaws.com https://www.youtube.com/iframe_api https://www.youtube.com/embed/ https://app.teamwalnut.com *.cdn.optimizely.com/; 1
default-src 'self' media.idigitalcontents.com cloud.typography.com cloud.typenetwork.com ajax.googleapis.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' consent-pref.trustarc.com ihg-development-v2.did2-e1.investis.com ir.tools.investis.com td.doubleclick.net *.trustarc.co viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com *.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com cloud.typenetwork.com hello.myfonts.net google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com; font-src 'self' 'unsafe-inline' fastly-cloud.typenetwork.com consent.trustarc.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.trustarc.com extend.vimeocdn.com googleads.g.doubleclick.net bat.bing.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com; connect-src 'self' region1.analytics.google.com consent-pref.trustarc.com pagead2.googlesyndication.com cdn.linkedin.oribi.io analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com www.facebook.com; base-uri 'self'; form-action 'self' ; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://zecircle.xyz; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
frame-ancestors 'self' https://www.youtube.com https://ceat.my.salesforce.com https://login.salesforce.com https://ceat.lightning.force.com https://ceat--fullcopy.lightning.force.com https://fullcopy-ceat.cs72.force.com https://ceat--fullcopy.my.salesforce.com https://ceat.force.com; 1
default-src https:; object-src 'none'; style-src https: data: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; upgrade-insecure-requests; frame-ancestors *.omniupdate.com; 1
default-src 'self'; manifest-src 'self'; img-src https: data: blob:; prefetch-src https:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline'; form-action 'none'; object-src 'none'; base-uri 'none'; connect-src 'self' https: wss:; frame-src https: 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; font-src  https: http: data: blob:; media-src https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.teads.tv *.blogherads.com *.cloudflare.com *.com *.net *.co *.ru *.org *.io *.media data: blob: wss: 1
script-src  https://*.vzpstatic.cz https://api.mapy.cz https://cdn.jsdelivr.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.vo.msecnd.net https://connect.facebook.net; style-src   https://*.vzpstatic.cz https://api.mapy.cz https://cdn.jsdelivr.net https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'report-sample' 'unsafe-inline' https://translate.googleapis.com; connect-src https://*.vzpstatic.cz https://api.mapy.cz https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google-analytics.com https://www.vzp.cz 'self' https://vsrezsy.vzp.cz/ https://dc.services.visualstudio.com https://www.facebook.com; img-src     https://*.vzpstatic.cz https://api.mapy.cz https://mapserver.mapy.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com 'self' https://www.facebook.com https://connect.facebook.net data: https://translate.google.com; font-src    https://*.vzpstatic.cz https://api.mapy.cz https://fonts.gstatic.com; frame-src   https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://vzp.infolinky.textcom.cz https://prod.kadlecelektro.cz https://*.facebook.com https://connect.facebook.net; object-src  'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://vzpcz.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://2ace.ru 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-MGZkZWUwODgtYTdhOC00ZDIxLWI5YmEtNjM5ZGFmNWNhZjYz'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
frame-ancestors 'self' https://manage.ecmweb.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiebot.com www.googletagmanager.com consentcdn.cookiebot.com data: www.google.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.gstatic.com www.youtube.com matomo.blauer-engel.de blob: cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 1
object-src 'none';frame-ancestors 'self';default-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
frame-ancestors https://www.cupraofficial.es https://author-seat-stage63.adobecqms.net https://seat-stage63.adobecqms.net https://author-seat-prod63.adobecqms.net https://seat-prod63.adobecqms.net https://retailcarconfigurator.player.seat.es https://sdc-player-car-configurator.dev.code.seat.cloud.vwgroup.com 'self' 1
frame-ancestors uft.cl 1
frame-ancestors 'self' *.casinoportugal.pt *.casinodeportugal.pt *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.com www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; default-src 'unsafe-eval' 'unsafe-inline' 'self' *.casinoportugal.pt *.casinodeportugal.pt *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.com www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; object-src 'self'; img-src blob: data: 'self' *.casinoportugal.pt *.casinodeportugal.pt *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.com www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; worker-src blob: 'self' 1
script-src 'self'; object-src 'none'; frame-ancestors https://youtube.com https://facebook.com https://api.mfa.go.th always; 1
default-src 'self' https://*.mmhayes.com https://*.mmhcloud.com https://mmhcloud.com https://*.googleapis.com https://www.google-analytics.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; form-action 'self' https://*.mmhcloud.com; 1
default-src https:; img-src 'self' *.musclewiki.com pagead2.googlesyndication.com files.stripe.com data:; media-src *.musclewiki.com; script-src https: blob: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://maps.googleapis.com http://www.googleadservices.com https://live.adyen.com/hpp/js/; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; frame-ancestors 'self' https:; connect-src 'self' https://static.unzer.com:* https://maps.googleapis.com:* https://payment.heidelpay.com:* https://sbx-payment.heidelpay.com:* https://jobs.b-ite.com:* https://*.aerzte-ohne-grenzen.de:* https://*.onetrust.com:* https://*.cookielaw.org:* https://*.hotjar.com:* https://*.hotjar.io:* https://vc.hotjar.io:* wss://*.hotjar.com https://cdn.matomo.cloud/msf-ber.matomo.cloud:* https://msf-ber.matomo.cloud:* https://log.aerzte-ohne-grenzen.de/api/3/store/ https://log.aerzte-ohne-grenzen.de/api/3/envelope/; report-uri https://log.aerzte-ohne-grenzen.de/api/3/security/?sentry_key=19f9cfc9fc7c3afe2f536fafb0fd9965&sentry_environment=prod 1
default-src 'none';         base-uri 'self';     block-all-mixed-content;     connect-src 'self';     font-src 'self';     form-action 'self';     frame-ancestors 'self';     img-src 'self' https://*.static.flickr.com https://*.staticflickr.com;     media-src 'self';     script-src 'self' 'unsafe-inline';     style-src 'self' 'unsafe-inline';  1
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * blob:; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests; 1
default-src 'self' https://forms.gle https://chat.hey.inc *.facebook.com *.youtube.com *.banregio.com *.google.com *.gstatic.com *.googleusercontent.com *.google-analytics.com *.heybanco.com *.anchor.fm *.googletagmanager.com *.doubleclick.net *.amazonaws.com *.ocularsolution.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.gstatic.com *.googletagmanager.com *.facebook.net *.appsflyer.com *.jquery.com *.google-analytics.com *.googleadservices.com *.tiktok.com *.unpkg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googleapis.com unpkg.com *.jsdelivr.net; img-src 'self' *.bing.com *.clarity.ms  *.googletagmanager.com *.gstatic.com *.google-analytics.com *.amazonaws.com data: *.google.com *.google.com.mx *.facebook.com *.ocularsolution.com; connect-src 'self' *.googlesyndication.com *.google.com.mx *.amazonaws.com *.clarity.ms *.google.com *.hey.inc *.google-analytics.com *.doubleclick.net *.tiktok.com *.cloudfunctions.net *.ipify.org mailthis.to *.banregio.com *.heybanco.com *.ocularsolution.com *.google.com; font-src 'self' *.gstatic.com data: *.googleapis.com *.amazonaws.com; form-action 'self' *.facebook.com; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' *.clarity.ms *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.tiktok.com *.doubleclick.net *.appsflyer.com *.ocularsolution.com *.jquery.com *.facebook.net;  object-src 'self' https://forms.gle https://chat.hey.inc https://www.questionpro.com https://questionpro.com *.google.com ; frame-src 'self' https://forms.gle https://www.questionpro.com https://questionpro.com https://chat.hey.inc https://docs.google.com *.facebook.com https://td.doubleclick.net *.google.com; 1
frame-ancestors 'self' *.mikeholt.com; 1
img-src 'self' stories.freepiklabs.com storyset.com blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.net *.mxpnl.com *.cloudflare.com https://rawcdn.githack.com/RickStrahl/jquery-resizable/master/dist/jquery-resizable.min.js editorapassos.videotecaead.com.br static.cloudflareinsights.com https://assets.pagar.me/checkout/1.1.0/checkout.js *.pagar.me https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js *.youtube.com *.chat24.io salesiq.zoho.com d2mpatx37cqexb.cloudfront.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com editorapassos.videotecaead.com.br livechat.chat24.io static.cloudflareinsights.com;worker-src blob: 'self' 'unsafe-inline' 1
frame-ancestors https://*.rotana.com 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.at https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.at https://tags.tiqcdn.com https://www.dm.at; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.at https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.at https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.at https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.at https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.at https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.at https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.at https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.at https://signin.dm.at; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self';               frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com;               frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://vmecharttest3 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://www.googletagmanager.com https://maps.googleapis.com               https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com https://js.hs-analytics.net https://www.google-analytics.com               https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai               https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://vmecharttest3 https://static.cloudflareinsights.com https://snap.licdn.com;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com;               font-src 'self' https://fonts.gstatic.com https://code.jquery.com;               form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com;               img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://track.hubspot.com https://maps.gstatic.com               https://hyropublic.blob.core.windows.net https://www.googletagmanager.com https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com               https://www.google.com https://www.facebook.com https://img.youtube.com https://px.ads.linkedin.com https://i.ytimg.com;              connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net https://app.launchdarkly.com               wss://web.hyro.ws/widget-client https://events.launchdarkly.com https://stats.g.doubleclick.net https://clientstream.launchdarkly.com https://cdn.linkedin.oribi.io;              object-src 'none';              base-uri 'self';              media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1
default-src data: 'self' blob: accounts.google.com www.googleapis.com ; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com *.youtube.com *.googletagmanager.com; img-src 'self' *.youtube.com *.bankneo.co.id *.ytimg.com *.wooz.in *.google.com *.googleapis.com; connect-src 'self' https://noembed.com *.bankneo.co.id *.google.com; worker-src blob: 'self'; form-action 'self' *.bankneo.co.id; frame-src *.google.com *.googleapis.com *.youtube.com; 1
frame-ancestors 'none'; img-src https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://yoast.com https://*.facebook.net https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-L/fzAUbE4n8qdvE+pgZmwTZIjqs=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' lowya.silveregg.net *.low-ya.com *.googletagmanager.com *.mobilus.me *.polyfill.io *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.mobilus.me *.a8.net *.newrelic.com *.nr-data.net *.hotjar.com *.googleadservices.com *.facebook.net *.ladsp.com *.line-scdn.net *.nakanohito.jp *.yimg.jp *.doubleclick.net *.yahoo.co.jp *.csolution.jp *.google.com *.gstatic.com *.adtdp.com *.criteo.net *.criteo.com *.globalsign.com *.googleapis.com *.qgr.ph appier.net *.appier.net *.qgraph.io *.jquery.com *.amazonaws.com *.smartnews-ads.com *.typekit.net ad.atown.jp *.im-apps.net *.fraudprevention.jp *.datadoghq-browser-agent.com act-d02.catsasp.net *.visumo.io hacobune-contents-api-prod.azure-api.net sp-trk.com amp.azure.net unpkg.com/@google/model-viewer/ cdn.jsdelivr.net/npm/@amplitude/ cdn.amplitude.com *.ads-twitter.com *.bing.com *.clarity.ms clarity.microsoft.com s.pinimg.com ct.pinterest.com *.abtasty.com; child-src 'self' youtube.com *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.facebook.com *.doubleclick.net *.ladsp.com *.criteo.com asia.creativecdn.com *.fraudprevention.jp blob: *.streaming.media.azure.net *.abtasty.com 1
font-src 'self' data: https://d12ux87dkit87z.cloudfront.net https://themes.googleusercontent.com https://fonts.gstatic.com https://mystrom.ch https://www.mystrom.ch 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://virological.org/logs/ https://virological.org/sidekiq/ https://virological.org/mini-profiler-resources/ https://virological.org/assets/ https://virological.org/extra-locales/ https://virological.org/highlight-js/ https://virological.org/javascripts/ https://virological.org/plugins/ https://virological.org/theme-javascripts/ https://virological.org/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://virological.org/assets/ https://virological.org/javascripts/ https://virological.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' data: *.ubtsupport.com *.streamline3.com *.googleapis.com *.doubleclick.net *.samsungapps.com *.ggpht.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.google-.com *.gstatic.com i.ytimg.com *.cloudflareinsights.com *.google.com *.vimeocdn.com ljsp.lwcdn.com cdnjs.cloudflare.com cdn.ckeditor.com *.typekit.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src 'self' ;  style-src 'self' 'unsafe-inline'; img-src 'self'; 1
default-src 'self' 'unsafe-inline'  *blueprintgaming.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maxymiser.net:* *.cloudfront.net:* *.googletagmanager.com:* *.facebook.net:* *.tvsquared.com:* *.tito.io:* *.youtube.com:* *.outbrain.com:* *.google-analytics.com:* *.ytimg.com:* *.google.com:* *.gstatic.com:* *.newrelic.com:* *.micpn.com:* *.nr-data.net:* *.twitter.com:* *.pinterest.com:* *.craftyclicks.co.uk:* *.blackbaudhosting.com:* *.ubembed.com:* *.pinimg.com:* *.adsrvr.org:* *.ads-twitter.com:* *.bing.com:* *.civiccomputing.com:* *.hotjar.com:* *.teads.tv:* *.googleadservices.com:* *.eventbrite.co.uk:* *.cookielaw.org:* *.streamdays.com:* *.hypemarks.com:* *.blackbaud.com:* *.bbox.blackbaudhosting.com:* *.payments.blackbaud.com:* *.recaptcha.net:* *.livechatinc.com:* *.ubisend.io:* *.googleads.g.doubleclick.net:* googleads.g.doubleclick.net:* *.ads.nextdoor.com:* ads.nextdoor.com:* *.analytics.tiktok.com:* *.tiktok.com:* *.cdn.jsdelivr.net:* *.jsdelivr.net:* unpkg.com:* *.cloudflare.com:* *.c0.adalyser.com:* *.adalyser.com:*; object-src *.cloudfront.net:* *.cloudfront.net *.maxymiser.net:* *.kiosk.bdch.org.uk:*; style-src 'self' 'unsafe-inline' *.acquia-sites.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.blackbaudhosting.com:* *.tagmanager.google.com:* tagmanager.google.com:* *.googleapis.com:* *.blackbaud.com:* *.google.com:* *.ubisend.io:* *.jsdelivr.net:* *.fontawesome.com:* *.adalyser.com:* *.cloudflare.com:*; img-src 'self' data: *.cloudfront.net *.cloudfront.net:* *.adnxs.com:* *.tvsquared.com:* *.outbrain.com:* *.google-analytics.com:* *.facebook.com:* *.doubleclick.net:* *.googletagmanager.com:* *.google.com:* *.google.co.uk:* *.atdmt.com:* *.google.co.in:* *.force.com:* *.ytimg.com:* *.micpn.com:* *.twitter.com:* *.battersea.org.uk:* *.adsrvr.org:* *.pinterest.com:* *.blackbaudhosting.com:* t.co:* *.bing.com:* *.adalyser.com:* *.maxymiser.net:* *.hypemarks.com:* *.hotjar.com:* *.teads.tv:* *.cookielaw.org:* *.gstatic.com:* *.googleusercontent.com:* *.casalemedia.com:* *.livechatinc.com:* *.nextdoor.com:* *.analytics.yahoo.com:* *.google.si:* *.linkedin.com:* *.google.co:* *.px.ads.linkedin.com:* *.google.com.au:* *.google-analytics.com:* *.analytics.google.com:* *.youtube.com:*; media-src 'self' *.cloudfront.net:* *.cloudfront.net; frame-src *.doubleclick.net:* *.google.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.facebook.com:* *.ubembed.com:* *.hotjar.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.blackbaud.com:*  *.acquia-sites.com:* *.eventbrite.co.uk:* *.hypemarks.com:* *.teads.tv:* *.streamdays.com:* mpembed.com:* *.livechatinc.com:* *.recaptcha.net:* *.pinterest.co.uk:* *.pinterest.com.au:*; frame-ancestors 'self' *.doubleclick.net:* *.google.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.bdch.org.uk:* *.eventbrite.co.uk:* *.blackbaud.com:*; child-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:* *.eventbrite.co.uk:* *.blackbaud.com:*; font-src 'self' 'unsafe-inline' *.googleusercontent.com:* *.google.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.hotjar.com:* *.maxymiser.net:* *.googleapis.com:* data:* data: *.bdch.org.uk:* *.gstatic.com:* *.at.alicdn.com:* *.fontawesome.com:*  *.fonts.gstatic.com:*; connect-src 'self' *.google-analytics.com:* *.maxymiser.net:* *.facebook.com:* *.hotjar.io:* *.pinterest.com:* *.doubleclick.net:* *.kiosk.bdch.org.uk:* *.bdch.org.uk:* *.blackbaud.com:* *.ubembed.com:* *.bing.com:* *.nr-data.net:* *.hotjar.com:* *.cookielaw.org:* *.livechatinc.com:* *.hypemarks.com:* *.civiccomputing.com:* *.yimg.com:* *.teads.tv:* *.ads.nextdoor.com:* ads.nextdoor.com:* *.googleads.g.doubleclick.net:* googleads.g.doubleclick.net:* *.analytics.google.com:* analytics.tiktok.com:* wss://ws.hotjar.com/api/v2/client/ws; report-uri /report-csp-violation 1
default-src 'self' *.google.com *.gstatic.com *.google-analytics.com cdn.panq.nl; script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com *.google-analytics.com cdn.panq.nl; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.panq.nl 1
frame-ancestors https://bni.com https://onlinexperiences.com 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: panah.bimebazar.com sentry.bmbzr.ir unpkg.com sanhabinq.centinsur.ir www.google-analytics.com *.googleapis.com *.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com bimebazar.com cdn.bimebazar.com cdn.landin.ir trustseal.enamad.ir ajax.cloudflare.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net bimebazar.arvanvod.com www.googleadservices.com s1.mediaad.org mediacdn.mediaad.org *.g.doubleclick.net *.hotjar.com *.yektanet.com api.mediaad.org *.tawk.to maxcdn.bootstrapcdn.com driver.snappbimeh.ir *.najva.com logo.samandehi.ir balad.ir stackpath.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.goftino.com wss://*.goftino.com *.webengage.com *.webengage.co s3.amazonaws.com *.webengagepush.com *.clarity.ms bimebazar.biz bimebazar.landin.ir *.neshan.org services.bmbzr.ir sentry2.bmbzr.ir *.aparat.com 1
default-src 'self' https://*.fhstp.ac.at https://mein.clickskeks.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://*.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://pagestrip.com https://*.pagestrip.com https://mein.clickskeks.at https://*.youtube.com https://*.tiktok.com https://*.google.com https://*.linkedin.oribi.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://www.recaptcha.net https://*.issuu.com https://www.yumpu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net https://mein.clickskeks.at https://*.tiktok.com; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://*.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com https://mein.clickskeks.at https://*.tiktokcdn.com https://www.googletagmanager.com; media-src 'self' data: https://cdn.fhstp.ac.at/ http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://www.recaptcha.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://*.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com https://mein.clickskeks.at; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://*.pagestrip.com https://mein.clickskeks.at; worker-src blob: https://www.fhstp.ac.at 1
img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.ee favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ee mc.yandex.ru;script-src 'nonce-n+NOIfwz6NG0IEMKJiVs+g==' mc.yandex.com yastatic.net yandex.ee mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.ee;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.ee mc.yandex.ru mc.yandex.md mc.yandex.ee *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ee&showid=1705981577009022-18007636766378584365-balancer-l7leveler-kubr-yp-vla-132-BAL-5431&h=prestable-portal-mordago-32.vla.yp-c.yandex.net&yandexuid=9785843651705981577&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.ee yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.ee;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
frame-ancestors 'self' bewerbung.muenchen.ihk.de ehrenamt.ihk-muenchen.de ehrenamt-stg.muenchen.ihk.de; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' connect-src 'self' wss: 1
connect-src * blob: *:* https://*.alutech24.com; worker-src * blob: *:* https://*.alutech24.com; img-src data: * *:* https://*.alutech24.com; default-src * blob: *:* https://*.alutech24.com 'unsafe-inline' 'unsafe-eval'; base-uri * blob: *:* https://*.alutech24.com; form-action * blob: *:* https://*.alutech24.com; object-src * blob: *:* https://*.alutech24.com; frame-ancestors * blob: *:* https://*.alutech24.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7rlgmkliqudtk&partner=; 1
default-src 'self'; img-src 'self' data: https://cdn.s-cloud.fi https://cdn-test.s-cloud.fi https://*.sokos.fi https://pre-eu.flavedo.io https://eu2.flavedo.io https://images.ctfassets.net https://www.facebook.com https://connect.facebook.net https://*.giosgusercontent.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://retail.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.google.fi https://*.google.se https://*.google.de https://*.google.no https://*.google.ee https://*.google.ru https://*.google.dk https://*.google.gr https://*.google.tr https://fonts.gstatic.com https://*.usercentrics.eu https://dev.visualwebsiteoptimizer.com; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wa.s-cloud.fi https://wa-dev.s-cloud.fi https://static.s-cloud.fi https://*.sokos.fi https://script.crazyegg.com https://*.doubleclick.net https://connect.facebook.net https://*.giosg.com https://globalcdn.interactiondesigner.giosg.com https://www.google.com https://*.google-analytics.com https://*.googleanalytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://files.cdn.leadfamly.com https://*.salesforceliveagent.com https://service.force.com https://sok--qa.my.salesforce.com https://*.usercentrics.eu https://dev.visualwebsiteoptimizer.com; connect-src 'self' https://*.sokos.fi https://wa.s-cloud.fi https://wa-dev.s-cloud.fi https://o445732.ingest.sentry.io https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://script.crazyegg.com https://tracking.crazyegg.com https://www.facebook.com https://*.giosg.com https://*.giosgusercontent.com https://stats.g.doubleclick.net https://*.google-analytics.com https://translate.googleapis.com https://translate.google.com https://locationservice.posti.com https://*.usercentrics.eu; style-src 'self' 'unsafe-inline' https://*.sokos.fi https://www.gstatic.com https://service.force.com; font-src 'self' data: https://content.s-cloud.fi https://*.giosgusercontent.com https://www.sfdcstatic.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://static.s-cloud.fi https://*.doubleclick.net https://www.facebook.com https://connect.facebook.net https://*.giosg.com https://s-feedback.herokuapp.com https://s-feedback-qa.herokuapp.com https://sokos.leadfamly.com https://www.lyyti.fi https://www.lyyti.in https://*.usercentrics.eu https://www.youtube.com; worker-src blob:; child-src blob:; report-uri https://o445732.ingest.sentry.io/api/6013693/security/?sentry_key=67f05d0711a84cd588d3214d02442a47; report-to default 1
script-src 'self' https://home-c32.nice-incontact.com https://www.gstatic.cn *.acceleratoradmin.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn https://code.jquery.com https://cdn.botframework.com https://home-c32.nice-incontact.com https://spay.samsung.com/s2p/libs/js/ https://int-verification.trulioo.com https://cdn.trulioo.com https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn.highimpactpayments.com *.acceleratoradmin.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn https://int-verification.trulioo.com https://cdn.jsdelivr.net 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com topcashbackdigitalsolutions.co.uk https://api-js.mixpanel.com api-js.mixpanel.com api-js.mixpanel.com https://cdn.highimpactpayments.com https://api.globaldatacompany.com https://directline.botframework.com https://cdn.botframework.com wss://directline.botframework.com https://app-kyc-prod-westus2-002.azurewebsites.net https://int-verification.trulioo.com https://cdn.trulioo.com https://cdn.jsdelivr.net https://lottie.host;font-src 'self' cdn.highimpactpayments.com https://ajax.aspnetcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn https://s2p.mpay.samsung.com/fonts/ https://int-verification.trulioo.com https://cdn.trulioo.com https://cdn.jsdelivr.net;img-src 'self' cdn.highimpactpayments.com https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data: https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn blob: https://int-verification.trulioo.com https://cdn.trulioo.com https://cdn.jsdelivr.net;frame-src 'self' https://home-c32.nice-incontact.com https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com data: https://s2p.mpay.samsung.com/ https://s2p.mpay.samsung.com/ https://int-verification.trulioo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.livechatinc.com/tracking.js https://*.livechatinc.com/ https://*.livechat-files.com/ https://*.livechat-static.com/ https://region1.analytics.google.com/ https://player.vimeo.com/ https://tagmanager.google.com/ https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://js-eu1.hs-banner.com/v2/26048079/banner.js  https://js-eu1.usemessages.com/conversations-embed.js https://*.lfeeder.com https://*.clarity.ms/ https://ldynamicspublicapi.leadforensics.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com/ https://cdn.jsdelivr.net https://js-eu1.hs-analytics.net/ https://*.hubspot.com/ https://px4.ads.linkedin.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://cdn.linkedin.oribi.io/ https://secure.leadforensics.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://www.googleadservices.com/pagead/conversion_async.js https://servedby.flashtalking.com/ https://connect.facebook.net/ https://bat.bing.com/ https://*.doubleclick.net/ddm https://snap.licdn.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://pagead2.googlesyndication.com/ https://js-eu1.hs-banner.com/26048079.js https://js-eu1.hsleadflows.net/leadflows.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-analytics.net/analytics/1666790100000/26048079.js https://servedby.flashtalking.com https://ssl.google-analytics.com https://*.clubwembley.com https://*.wembleystadium.com  https://*.hs-scripts.com https://*.onetrust.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://maps.googleapis.com https://apps.sitecore.net https://*.wembleystadium.com https://*.blob.core.windows.net https://*.fontawesome.com https://www.googletagmanager.com https://ajax.googleapis.com https://code.jquery.com https://*.google-analytics.com https://*.doubleclick.net https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com; img-src 'self' data: https://ssl.gstatic.com/ https://*.lfeeder.com https://*.clarity.ms/ https://forms-eu1.hsforms.com https://*.hubspot.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.facebook.com/ https://bat.bing.com/ https://www.google.nl/ https://*.livechatinc.com/ https://*.livechat-files.com/ https://*.livechat-static.com/ https://*.clubwembley.com  https://*.hs-scripts.com https://*.onetrust.com https://*.thefa.com https://cdn.thefa.com https://maps.gstatic.com https://*.wembleystadium.com https://maps.googleapis.com https://*.blob.core.windows.net https://ssl.google-analytics.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://*.livechatinc.com/ https://cdn.livechatinc.com/tracking.js https://*.clubwembley.com  https://*.hs-scripts.com https://fonts.googleapis.com https://*.wembleystadium.com https://*.blob.core.windows.net; font-src 'self' 'unsafe-inline'  https://cdn.livechatinc.com https://fonts.gstatic.com https://*.wembleystadium.com https://*.blob.core.windows.net https://*.fontawesome.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
worker-src blob:; img-src https: blob: data:; default-src 'self' ogletree.com data: https: 'unsafe-eval' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://quip-apple-cdn.com https://quip-cdn.com; report-uri /csp-report 1
default-src 'self' google-analytics.com *.fontawesome.com;  img-src 'self' *.w.com *.w.org *.gravatar.com data: data:* *.youtube.com *.vimeo.com *.joomunited.com *.facebook.com *.google-analytics.com heapanalytics.com amwayglobal.wpenginepowered.com *.gstatic.com *.instagram.com *.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com amwayglobal.wpenginepowered.com *.google.com *.gstatic.com *.googletagmanager.com google-analytics.com translate.google.com translate.googleapis.com connect.facebook.com connect.facebook.net https://tags.tiqcdn.com/utag/amway/amway-global/prod/utag.*;  style-src 'self' 'unsafe-inline' amwayglobal.wpenginepowered.com *.googleapis.com *.gstatic.com;  font-src fonts.gstatic.com amwayglobal.wpenginepowered.com *.fontawesome.com 'self' data: data:*;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' amwayglobal.wpenginepowered.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com translate.google.com *.googleapis.com *.fontawesome.com connect.facebook.com connect.facebook.net cdn.heapanalytics.com tags.tiqcdn.com/utag/;  connect-src 'self' *.googleapis.com *.youtube.com *.google-analytics.com *.fontawesome.com stats.g.doubleclick.net;  frame-src 'self' *.facebook.com *.youtube.com *.vimeo.com *.google.com *.gstatic.com; 1
connect-src 'self'  http://*.local.de http://*.local.de:5000 http://*.localhost http://*.localhost:8080 http://0.0.0.0:5000 http://10.0.2.2:8080 http://backend:5000 http://localhost http://localhost:5000 http://localhost:8080 https://*.clarity.ms https://*.cookiebot.com https://*.crazyegg.com https://*.force.com https://*.google-analytics.com https://*.googleapis.com https://*.jobrad.org https://*.leaserad.de https://*.linkedin.com https://googleads.g.doubleclick.net https://jobrad.my.salesforce-sites.com https://www.facebook.com https://www.google-analytics.com https://www.google.com;default-src blob: 'self'  http://*.localhost:8080 http://10.0.2.2:8080 http://localhost:8080 https://*.jobrad.org;font-src data: 'self'  https://*.fontawesome.com https://*.gstatic.com https://*.jobrad.org;frame-src 'self'  https://*.cookiebot.com https://*.facebook.com https://*.force.com https://*.google.com https://*.jobrad.org https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com https://vimeo.com;img-src data: 'self'  https://*.bing.com https://*.cookiebot.com https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.jobrad.org https://*.kununu.com https://*.linkedin.com https://*.placeholder.com https://*.salesforce.com https://*.vimeocdn.com https://*.visualforce.com https://*.ytimg.com https://c.bing.com https://c.clarity.ms;script-src blob: 'self' 'unsafe-eval' 'unsafe-inline'  https://*.clarity.ms https://*.cloudflare.com https://*.cookiebot.com https://*.crazyegg.com https://*.facebook.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.jobrad.org https://*.jsdelivr.net https://*.licdn.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.youtube.com https://*.ytimg.com https://cdn.purement.io https://jobrad.us1.list-manage.com;script-src-elem blob: 'self' 'unsafe-inline'  https://*.bing.com https://*.clarity.ms https://*.cloudflare.com https://*.cookiebot.com https://*.crazyegg.com https://*.facebook.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.jobrad.org https://*.jsdelivr.net https://*.licdn.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.youtube.com https://*.ytimg.com https://cdn.purement.io https://jobrad.my.salesforce-sites.com https://jobrad.us1.list-manage.com;style-src 'self' 'unsafe-inline'  http://*.localhost:8080 http://10.0.2.2:8080 http://localhost:8080 https://*.fontawesome.com https://*.force.com https://*.google.com https://*.googleapis.com https://*.jobrad.org;style-src-elem 'self' 'unsafe-inline'  https://*.fontawesome.com https://*.force.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.jobrad.org https://jobrad.my.salesforce-sites.com;worker-src blob: 'self'  https://*.google.com https://*.jobrad.org; 1
default-src https://player.vimeo.com/ https://maxcdn.bootstrapcdn.com/ https://www.contentpagina.nl/ https://studentportal.hku.nl https://medewerkers.hku.nl https://redactie-medewerkers.hku.nl  https://www.googletagmanager.com https://www.youtube-nocookie.com https://redactie-studentportal.hku.nl https://octo.hku.nl/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; font-src 'self' data: https://octo.hku.nl; connect-src https://octo.hku.nl/ https://www.facebook.com/ 'self' https://*.google-analytics.com/ https://*.cookiebot.com/; frame-src https://consentcdn.cookiebot.com https://vimeo.com/ https://*.vimeo.com/ https://www.youtube-nocookie.com  https://www.youtube.com/ https://www.google.com/ https://maps.google.com/ https://octo.hku.nl/ https://vars.hotjar.com/ https://staticxx.facebook.com/ https://federatie.hku.nl/ 'self'; img-src https://www.facebook.com https://consentcdn.cookiebot.com https://www.gravatar.com https://www.contentpagina.nl/ https://admin-cms.hku.nl/ https://studentportal.hku.nl https://medewerkers.hku.nl https://redactie-medewerkers.hku.nl https://redactie-studentportal.hku.nl https://octo.hku.nl/ https://*.google-analytics.com/ 'self' data:; script-src https://*.google-analytics.com/ https://*.analytics.google.com https://redactie-medewerkers.hku.nl https://octo.hku.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 1
default-src 'none'; script-src 'nonce-f1347368bf' 'nonce-7e4c9cbb98' 'nonce-e3cdd78755' 'nonce-c0cb95faf4' 'nonce-ff24967029' 'nonce-bad6c15b9d' 'nonce-8d4fd2e472' 'nonce-a5aaac9099'  'self' 'unsafe-inline' 'unsafe-eval' blob: alfaview.com f.vimeocdn.com player.vimeo.com external.centralstationcrm.net alfaview.zammad.com; style-src 'self' 'unsafe-inline' alfaview.com; img-src 'self' data: alfaview.com i.vimeocdn.com alfaview.zammad.com; connect-src 'self' assets.alfaview.com external.centralstationcrm.net wss: alfaview.zammad.com eu-api.friendlycaptcha.eu; font-src 'self' data: alfaview.com; media-src 'self' alfaview.com; form-action 'self' alfaview.com external.centralstationcrm.net; frame-ancestors 'self' alfaview.com; frame-src 'self' player.vimeo.com 1
connect-src *.strm.yandex.net mc.yandex.com yandex.az yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.az;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.az favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.az mc.yandex.ru;script-src 'nonce-SK1jajznqF99L6CGzhzVKQ==' mc.yandex.com yastatic.net yandex.az mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.az;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.az mc.yandex.ru mc.yandex.md mc.yandex.az *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.az&showid=1705982713152743-9793317586286380337-balancer-l7leveler-kubr-yp-vla-38-BAL-8975&h=stable-portal-mordago-48.sas.yp-c.yandex.net&yandexuid=7863803371705982713&&version=2024-01-19-465&adb=0;media-src yastatic.net;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
connect-src 'self' https://a7s.parliamentwatch.org https://www.openpetition.de https://cdn.rawgit.com https://s3-us-west-2.amazonaws.com https://a7s.parliamentwatch.org/; font-src 'self' https://s3-us-west-2.amazonaws.com https://player.podigee-cdn.net; img-src 'self' data: https://a7s.parliamentwatch.org https://www.openpetition.de https://cdn.rawgit.com https://s3-us-west-2.amazonaws.com; manifest-src 'self'; media-src 'self' https://s3-us-west-2.amazonaws.com; object-src 'self' https://s3-us-west-2.amazonaws.com; script-src 'self' https://a7s.parliamentwatch.org https://www.openpetition.de https://cdn.rawgit.com https://s3-us-west-2.amazonaws.com https://platform.twitter.com https://player.podigee-cdn.net https://cdn.podigee.com https://jira.parliamentwatch.org/ https://polyfill.io 'unsafe-inline' https://a7s.parliamentwatch.org/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://a7s.parliamentwatch.org https://www.openpetition.de https://cdn.rawgit.com https://s3-us-west-2.amazonaws.com https://platform.twitter.com https://player.podigee-cdn.net https://cdn.podigee.com https://jira.parliamentwatch.org/ https://polyfill.io; style-src 'self' 'unsafe-inline' https://a7s.parliamentwatch.org https://www.openpetition.de https://cdn.rawgit.com https://s3-us-west-2.amazonaws.com https://cdn.podigee.com https://player.podigee-cdn.net https://jira.parliamentwatch.org/; style-src-attr 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
img-src https: data:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:;object-src https: 1
frame-ancestors 'self' https://app.safe.global https://dexscreener.com https://insuretoken.net https://gnosis-safe.io 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.nanohub.org wss://vncproxy.nanohub.org wss://nanohub.org https://nanohub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://www.purdue.edu https://ka-f.fontawesome.com https://api.bilibili.com/x/web-interface/archive/related https://stickyid-a.akamaihd.net/ https://cdncache-a.akamaihd.net/ ws://nanohub.org:8080 https://www.bing.com/translator/api/translate https://publons.com/mashlets/tip/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; default-src 'self' https://*.nanohub.org https://*.nanohub.aws.hubzero.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdn.scite.ai/assets/fonts/ https://www.slant.co/fonts/basicsansnarrow/ https://ka-f.fontawesome.com/ https://themes.googleusercontent.com/static/fonts https://use.fontawesome.com/releases/ https://at.alicdn.com/t/ https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://nanohub.org/; frame-src 'self' https://*.nanohub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://*.nanohub.aws.hubzero.org https://acestream.me https://www.purdue.edu https://en.wikipedia.org https://www.googletagmanager.com/ns.html https://vars.hotjar.com; img-src * data: image: file: blob: https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://engineering.purdue.edu/nanohub/ https://kit.fontawesome.com https://www.wolfram.com https://cdn.mathjax.org https://ajax.googleapis.com/ajax/libs/jquery/ https://releases.flowplayer.org https://publons.com/mashlets https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.jsdelivr.net/npm/@splidejs/splide@2.4.21/dist/js/splide.min.js https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/debug/bootstrap https://www.googletagmanager.com/debug/bootstrap https://script.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://use.fontawesome.com/7f85a56ba4.css https://use.fontawesome.com/releases/ https://releases.flowplayer.org https://static.hotjar.com https://script.hotjar.com; worker-src blob:; media-src 'self' data: https://nanohub.org; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' fontplus.jp *.fontplus.jp www.google-analytics.com www.googletagmanager.com *.sibulla.com www.w3.org web.facebook.com connect.facebook.net platform.twitter.com *.google.com www.facebook.com www.youtube.com stats.g.doubleclick.net https://s3-ap-northeast-1.amazonaws.com/fontplus-wa/ https://fonts.fontplus.dev/; font-src 'self' https://* blob: data:; img-src https://* blob: data:; 1
frame-ancestors 'self' *.axonify.com *.marketo.com *.seismic.com 1
default-src 'self' 'unsafe-inline' *.myalcon.com *.lndo.site *.tealiumiq.com *.doubleclick.net https://myalcon-app.quantummetric.com *.cookielaw.org data: *.onetrust.com *.facebook.com *.facebook.net blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lndo.site *.myalcon.com https://tags.tiqcdn.com https://cdn.quantummetric.com https://www.googletagmanager.com blob: https://*.google-analytics.com https://*.newrelic.com https://bam.nr-data.net *.tealiumiq.com *.contentsquare.net *.mookie1.com *.cookielaw.org *.onetrust.com *.facebook.net *.cloudflare.com *.tiktok.com *.facebook.com https://*.amazon-adsystem.com https://*.analytics.google.com https://*.googletagmanager.com https://unpkg.com https://bh.contextweb.com https://global.oktacdn.com https://static.addtoany.com https://view.ceros.com https://use.fontawesome.com/ https://cdn.jsdelivr.net https://cdn.pricespider.com https://wtbevents.pricespider.com https://use.fontawesome.com https://code.jquery.com https://service.force.com/ *.salesforceliveagent.com https://www.logicmonitor.com *.sandbox.my.salesforce.com https://googleads.g.doubleclick.net https://static.lightning.force.com https://alcon.my.salesforce.com https://g10696554090.co https://snap.licdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://xml.alcon.com https://unpkg.com https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://service.force.com/ https://alcon.my.salesforce.com/ https://customerservice.myalcon.com/; img-src 'self' *.facebook.com *.facebook.net https://*.google-analytics.com https://www.google.com https://*.amazon-adsystem.com *.doubleclick.net *.tiktok.com https://www.googletagmanager.com data: https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com  *.cookielaw.org https://www.dailies.com *.linkedin.com https://res.cloudinary.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.doubleclick.net *.alcon.com *.facebook.com *.facebook.net https://*.amazon-adsystem.com https://embed.ustudio.com https://static.addtoany.com https://cdn.quantummetric.com https://view.ceros.com/ https://service.force.com/; font-src 'self' data: https://fonts.gstatic.com https://xml.alcon.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com; connect-src 'self' *.myalcon.com *.tealiumiq.com https://myalcon-app.quantummetric.com https://stats.g.doubleclick.net https://bam.nr-data.net *.cookielaw.org *.onetrust.com *.tiktok.com *.google.com https://*.amazon-adsystem.com *.google.co.in *.facebook.com *.facebook.net data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://alcon.my.salesforce.com https://px.ads.linkedin.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri /report-csp-violation 1
default-src 'self' *.pdf *.docx; style-src 'self' 'unsafe-inline';font-src 'self'; img-src 'self' https://public.flourish.studio/ https://www.googletagmanager.com/ https://audioboom.com/ https://pagead2.googlesyndication.com/  https://i.ytimg.com https://*.ytimg.com https://www.facebook.com/ https://bat.bing.com https://*.bing.com/ https://*.clarity.ms data:; object-src 'self'; connect-src 'self' https://uksouth-1.in.applicationinsights.azure.com/ https://pagead2.googlesyndication.com/ https://pagead2.googlesyncidation.com/ https://csi.gstatic.com/ https://bat.bing.com/ https://*.clarity.ms https://rcgp.org.uk/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/ https://rcgp.dev.grm.digital https://www.google-analytics.com https://plausible.io/api/event https://securepubads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.flourish.studio/ https://e.issuu.com/ https://static0.audioboom.com/ https://www.googletagmanager.com/  https://*.connect.facebook.net https://*.googletagmanager.com https://plausible.io/js/script.tagged-events.outbound-links.file-downloads.js https://*.googletagmanager.com/gtag/ https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js; script-src-elem 'self' 'unsafe-inline' https://public.flourish.studio/ https://www.clarity.ms/ https://js.monitor.azure.com/ https://e.issuu.com/ https://static0.audioboom.com/ https://ajax.googleapis.com/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.googletagservices.com/* https://bat.bing.com/* https://plausible.io/* https://plausible.io/js/script.tagged-events.outbound-links.file-downloads.js https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://www.googletagservices.com/tag/js/gpt.js https://bat.bing.com/p/action/26045037.js https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306280101/pubads_impl.js https://www.clarity.ms/tag/uet/26045037 https://www.clarity.ms/s/0.7.8/clarity.js; frame-ancestors 'self' https://admin.rcgp.prod.grm.digital/ https://admin.rcgp.uat.grm.digital/ https://admin.rcgp.stg.grm.digital/ https://admin.rcgp.org.uk/ https://google.com https://rcgp.org.uk/ https://rcgp.prod.grm.digital/ https://rcgp.dev.grm.digital/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/; frame-src 'self' https://flo.uri.sh/ https://public.flourish.studio/ https://www.rcgpplus.co.uk/ https://e.issuu.com/ https://embeds.audioboom.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://rcgp.dev.grm.digital/ https://rcgp.uat.grm.digital/ https://rcgp.stg.grm.digital/ https://rcgp.org.uk/ 1
default-src 'self' studwork.ru *.cloudfront.net *.a.trbcdn.net *.studwork.ru mc.yandex.ru *.googletagmanager.com analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2wy8f7a9ursnm.cloudfront.net cdnjs.cloudflare.com connect.facebook.net vk.com *.playbuzz.com yastatic.net studwork.ru *.studwork.ru ajax.googleapis.com www.google-analytics.com *.google.com *.gstatic.com *.yandex.ru *.chatra.io www.googletagmanager.com www.instagram.com; style-src 'self' *.cloudflare.com studwork.ru *.studwork.ru *.googleapis.com *.google.com *.chatra.io 'unsafe-inline'; img-src 'self' data: *.cloudfront.net *.a.trbcdn.net c5mdnuiqw2.a.trbcdn.net vk.com *.facebook.com img.playbuzz.com *.algebra24.ru studwork.ru studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru studwork.storage.yandexcloud.net storage.yandexcloud.net *.studwork.ru *.google.com *.google.ru www.google-analytics.com *.yandex.ru *.yandex.net *.gstatic.com *.doubleclick.net *.chatra.io www.googletagmanager.com *.fbcdn.net *.cdninstagram.com; font-src 'self' *.cloudflare.com *.studwork.ru *.gstatic.com *.a.trbcdn.net data: *.yandex.ru; connect-src 'self' ws: wss: *.playbuzz.com studwork.ru *.studwork.ru *.yandex.ru *.chatra.io *.bugsnag.com *.googleapis.com *.google.com *.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.youtube.com www.instagram.com studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru c5mdnuiqw2.a.trbcdn.net h20x37ek96.a.trbcdn.net studwork.storage.yandexcloud.net storage.yandexcloud.net d1uw69x4c2zrim.cloudfront.net d1he4a7838so59.cloudfront.net yastatic.net *.studwork.ru *.chatra.io *.google.com *.facebook.com w.soundcloud.com view.officeapps.live.com; worker-src 'self' data: *.studwork.ru; media-src 'self' data: *.yandex.ru *.yandex.net d1he4a7838so59.cloudfront.net c5mdnuiqw2.a.trbcdn.net *.obs.ru-moscow-1.hc.sbercloud.ru; 1
default-src 'self' https: wss: data:; connect-src 'self' https: wss: data: *.raekdata.com *.raek.net *.cloudflare.com *.google-analytics.com *.tiktok.com *.hotjar.com *.hotjar.io *.calendly.com; style-src 'self' 'unsafe-inline' *.raekdata.com *.raek.net *.cloudflare.com *.googleapis.com *.calendly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.raekdata.com *.raek.net *.cloudflare.com *.cloudflareinsights.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.twitter.com *.ads-twitter.com *.hotjar.com *.hotjar.io *.tiktok.com *.licdn.com *.clickcease.com *.redditstatic.com *.calendly.com; object-src 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.cdn-apple.com;img-src 'self' data: *;connect-src 'self' https://static.airport.ai;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
base-uri 'self';connect-src 'self' *.youtube.com albis-bot-backend-service-gj4kqfil6q-uc.a.run.app *.bugsnag.com *.vemcount.com *.vemcount.app vemcount.app ws://127.0.0.1:6001 wss://127.0.0.1:6001 https://*.s3.eu-central-1.amazonaws.com;form-action 'self' *.vemco.group;img-src 'self' data: tecbrain.com img.youtube.com www.gravatar.com *.eu-central-1.amazonaws.com *.meetsigma.io *.vemcogroup.com *.vemcount.com vemcount.com *.vemcount.app vemcount.app vem-assist-cdn.vercel.app;media-src 'self' *.eu-central-1.amazonaws.com;object-src 'none';script-src 'self' vemassist.albisai.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.bunny.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://framapiaf.org https://framasoft.org; img-src 'self' https: data: blob: https://framapiaf.org https://stats.framasoft.org https://framasoft.org https://framaclic.org; style-src 'self' https://framapiaf.org https://framasoft.org 'nonce-jFvWg+zIZ5TDWvDSXgtchg=='; media-src 'self' https: data: https://framapiaf.org; frame-src 'self' https:; manifest-src 'self' https://framapiaf.org; form-action 'self'; child-src 'self' blob: https://framapiaf.org; worker-src 'self' blob: https://framapiaf.org; connect-src 'self' data: blob: https://framapiaf.org https://stockage.framapiaf.org wss://framapiaf.org https://framasoft.org; script-src 'self' https://framapiaf.org 'wasm-unsafe-eval' https://framasoft.org 1
default-src https: 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;style-src * 'self' data: 'unsafe-inline';script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com; object-src 'none' 1
frame-ancestors yangqianguan.com:* *.yangqianguan.com:* fintopia.tech:* *.fintopia.tech:* *.fengtai.tech:* *.xiaoshuihua.com:* *.geteasycash.asia:* *.sjrtguarantee.com:* *.sjrtguarantee.cn:* *.snxguarantee.cn:* *.snxguarantee.com:* 1
frame-ancestors chico-rei.reamaze.com reamaze.com chicorei.com google.com 1
frame-ancestors 'self' chrome-extension: moz-extension: 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.bulkammo.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io cdn.bulkammo.com data: media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com; manifest-src cdn.bulkammo.com www.bulkammo.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.bulkammo.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 https://seal.verisign.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.bulkammo.com cdn.userway.org sload.sumo.com sumo.b-cdn.net 1
base-uri 'self';connect-src 'self' https://mc.yandex.ru https://mc.yandex.com https://www.sipnet.ru wss://*.jivosite.com https://*.jivosite.com https://*.nt-rt.ru https://*.google.com;default-src 'self';form-action 'self';img-src 'self' 'unsafe-inline' data: http://cdn.nt-rt.ru https://api-maps.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://*.nt-rt.ru https://www.google.com http://*.google.com https://*.gstatic.com;media-src 'self' https://*.jivo.ru;object-src 'none';script-src 'self' 'nonce-O3SKbqJ66nQ15PwDyoTK96mkZxTSLZUk' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'nonce-O3SKbqJ66nQ15PwDyoTK96mkZxTSLZUk' 'unsafe-eval' https://cdnjs.cloudflare.com https://api-maps.yandex.ru https://*.jivosite.com https://*.jivo.ru;script-src-elem 'self' 'unsafe-inline' https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://api-maps.yandex.ru https://www.sipnet.ru https://ajax.googleapis.com https://cdnjs.cloudflare.com https://*.jivosite.com https://*.jivo.ru https://*.googleadservices.com https://*.google.com http://*.google.com;script-src-attr 'unsafe-inline';frame-src 'self' https://mc.yandex.ru https://www.google.com https://yandex.ru https://*.jivosite.com https://*.jivo.ru https://www.adsensecustomsearchads.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.jivo.ru https://*.jivosite.com https://*.google.com;font-src 'self' 'unsafe-inline' data: 1
frame-ancestors 'self' ecamm.com *.ecamm.com intercom-sheets.com ; 1
frame-ancestors 'self' https://*.floranext.com https://floranext.com; 1
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be form.vliz.be www.omes-monitoring.be omes-monitoring.be; 1
frame-ancestors 'self' https://theanglo.mx 1
default-src 'self' https://nom.telemetrydeck.com/ https://api.telemetrydeck.com/ https://cdn.telemetrydeck.com/ https://rsms.me https://cdn.sanity.io https://plausible.io/ https://*.mjt.lu/ https://v1.image.11ty.dev/; style-src 'self' 'unsafe-inline' https://rsms.me 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1
script-src 'self' *.addthis.com *.addthisedge.com *.aliengearholsters.com *.amcharts.com *.attentivemobile.com *.attn.tv *.avmws.com *.bing.com *.bootstrapcdn.com *.braintree-api.com *.bronto.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.datadome.co *.doubleclick.net *.experticity.com *.facebook.net *.fontawesome.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlecommerce.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.gunbelts.com *.jquery.com *.jsdelivr.net *.klaviyo.com *.magentocommerce.com *.mailchimp.com *.marketingautomation.services *.moatads.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.placeholder.com *.placeimg.com *.rlcdn.com *.seal.geotrust.com *.trustedshops.com *.typekit.net *.usercentrics.eu *.vimeocdn.com *.viralsweep.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com a.smtrk.net admin-stage.aliengearholsters.com aliengearholsters.grin.live cdn.mouseflow.com checkout-sdk.sezzle.com googleads.g.doubleclick.net js.braintreegateway.com payments.braintree-api.com pixel-geo.prfct.co s.ytimg.com seal.geotrust.com secure.adnxs.com staticw2.yotpo.com stats.g.doubleclick.net tacticafashion.com tag.perfectaudience.com upsellit.com www-stage.aliengearholsters.com www.google.com www.paypalobjects.com www.upsellit.com aliengearholsters.com admin.aliengearholsters.com www.aliengearholsters.com tacticafashion.com www.tacticafashion.com warcat.com www.warcat.com gunbelts.com www.gunbelts.com app.upsellit.com validator.swagger.io pilot-payflowlink.paypal.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com aliengearholsters.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' admin.aliengearholsters.com bam.nr-data.net shop.pe *.shop.pe addshoppers.s3.amazonaws.com *.swellrewards.com *.yotpo.com platform.twitter.com *.trustpilot.com *.vimeo.com *.surveymonkey.com *.mouseflow.com *.amazon.com static-na.payments-amazon.com *.payments-amazon.com cdnapisec.kaltura.com *.squarecdn.com cdn.storerocket.io https://ik.imagekit.io/tedder/; style-src aliengearholsters.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' p.typekit.net cdnjs.cloudflare.com static.klaviyo.com use.typekit.net staticw2.yotpo.com static.olark.com admin.aliengearholsters.com static-tracking.klaviyo.com tacticafashion.com use.fontawesome.com maxcdn.bootstrapcdn.com addstrap-ui.addshoppers.com d3rr3d0n31t48m.cloudfront.net *.yotpo.com *.swellrewards.com gunbelts.com d2mjzob2nc713b.cloudfront.net; worker-src blob:; report-uri /.webscale/csp-report 1
frame-ancestors https://www.acea.it https://*.force.com 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' data: https://bat.bing.com https://analytics.tiktok.com https://paywithmybank.com https://www.redditstatic.com https://stats.g.doubleclick.net https://az620379.vo.msecnd.net https://cdn.taboola.com https://browser.sentry-cdn.com https://*.highcharts.com https://code.jquery.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://disqus.com predictit.disqus.com https://c.disquscdn.com www.googletagmanager.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.firebaseio.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://browser.sentry-cdn.com https://*.optimove.net https://gateway.optimove.events; style-src 'self' 'unsafe-inline' https://az620379.vo.msecnd.net https://fonts.googleapis.com https://c.disquscdn.com https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com; font-src 'self' data: https://az620379.vo.msecnd.net https://fonts.gstatic.com https://tagmanager.google.com; img-src 'self' 'unsafe-eval' data: https://*; connect-src 'self' https://analytics.tiktok.com https://stats.g.doubleclick.net wss://*.firebaseio.com https://*.services.disqus.com wss://*.predictit.org https://hub.predictit.org https://fcm.googleapis.com https://www.google-analytics.com https://www.facebook.com https://sentry.io https://*.optimove.net https://gateway.optimove.events; frame-src 'self' https://paywithmybank.com https://embed.podcasts.apple.com https://news.predictit.org https://*.libsyn.com https://*.firebaseio.com https://disqus.com https://*.twitter.com https://bid.g.doubleclick.net https://predictit.freshdesk.com https://analysis.predictit.org https://www.youtube.com https://www.google.com https://*.soundcloud.com https://widgets.itunes.apple.com https://www.facebook.com; frame-ancestors 'self'; media-src https://aristotle.com; 1
frame-ancestors *.lu.ch schulemeierskappel.sharepoint.com; script-src 'self' *.lu.ch luzern.web-analytics.ch unpkg.com *.googleapis.com *.cloudflare.com *.bfs.admin.ch www.youtube.com platform.twitter.com cdn.syndication.twimg.com s.ytimg.com chat.aiaibot.com *.unblu.com unblu.cloud www.publicjobs.ch translate.google.com 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors 'self' https://ersties.net https://ersties.de https://en.ersties.com https://ersties.ch https://en.ersties.ch https://ersties.com 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; 1
upgrade-insecure-requests; frame-ancestors zuozhe.qimao.com 1
default-src 'self' http://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://ad.kase.kz https://mc.yandex.ru https://irisapi.kase.kz https://youtu.be https://www.tradingview.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://irisapi.kase.kz https://mc.yandex.ru https://ad.kase.kz https://www.google-analytics.com data: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.gcloud.belgium.be *.agconsult.com *.socialsecurity.be;style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.gcloud.belgium.be;img-src 'self' data: *.google-analytics.com *.sfpd.fgov.be *.socialsecurity.be *.mypension.be; 1
frame-ancestors 'self' https://*.webvisor.com https://metrika.yandex.ru/ https://www.copytrans.net 1
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://www.wheehost.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'none'; object-src 'none' 1
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com  www.gameloop.com *.xxsypro.com 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://static.photoslurp.com/ *.taboola.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.taboola.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.hotjar.com *.taboola.com https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://fledge-eu.creativecdn.com/ https://ct.pinterest.com/ https://js.klarna.com/ https://js.playground.klarna.com/ *.facebook.com *.flipsnack.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com https://img.youtube.com https://mcstaging.gatopreto.com/ https://gatopreto.com/ *.facebook.com *.google.com https://*.klarna.com/ https://*.klarnacdn.net/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.photoslurp.com/ https://*.collect.igodigital.com/ https://ct.pinterest.com/ *.google.pt *.doubleclick.net https://*.creativecdn.com/ https://bh.contextweb.com/ *.googletagmanager.com *.analytics.yahoo.com *.adnxs.com *.mobon.net *.seedtag.com *.sync.1rx.io *.omnitagjs.com *.media.net *.addlv.smt.docomo.ne.jp onetag-sys.com *.yieldmo.com *.mgid.com *.console.adtarget.com.tr *.s3xified.com *.rmp.rakuten.com *.gumgum.com *.smartadserver.com *.openx.net data: *.taboola.com *.pixel.rubiconproject.com *.sync.cootlogix.com *.dsum-sec.casalemedia.com *.1rx.io *.ce.lijit.com *.e-planning.net *.smaato.net *.admedia.com *.kelkoogroup.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://www.google.com/recaptcha/ https://www.gstatic.com/ https://js-agent.newrelic.com/ *.googletagmanager.com https://bam-cell.nr-data.net/ https://bam.nr-data.net/ *.hotjar.com https://s.pinimg.com/ https://static.trackedweb.net/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://*.collect.igodigital.com/ *.googleapis.com https://static.photoslurp.com/ https://*.kuantokusta.pt/ https://*.creativecdn.com/ *.doubleclick.net https://x.klarnacdn.net/ https://js.playground.klarna.com/ *.facebook.net *.tiktok.com *.addthis.com *.moatads.com *.addthisedge.com *.taboola.com *.kk-resources.com *.google.com *.google.pt 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://static.photoslurp.com/ *.googleapis.com *.taboola.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com *.google.com *.doubleclick.net https://ct.pinterest.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net https://r1.trackedweb.net/ https://consentcdn.cookiebot.com/ https://api.photoslurp.com/ https://ams.creativecdn.com/ *.facebook.com https://eu.playground.klarnaevt.com/ https://eu.klarnaevt.com/ https://js.playground.klarna.com/ https://js.klarna.com/ https://x.klarnacdn.net/ *.googleapis.com *.tiktok.com *.hotjar.io *.hotjar.com wss://*.hotjar.com/ *.outbrain.com *.taboola.com *.kelkoogroup.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.soundcloud.com cdnapisec.kaltura.com www.kaltura.com youtube.com *.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.twitter.com *.twimg.com www.google-analytics.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; img-src 'self' https://live.staticflickr.com *.twitter.com *.twimg.com www.googletagmanager.com https://www.google-analytics.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://widgets.flickr.com embedr.flickr.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.youtube.com *.twitter.com *.twimg.com www.googletagmanager.com www.google-analytics.com https://ssl.google-analytics.com static.cloudflareinsights.com ajax.cloudflare.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; frame-ancestors 'self'; connect-src 'self' https://bam.nr-data.net https://bam-cell.nr-data.net https://embedr.flickr.com cloudflareinsights.com https://www.google-analytics.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com 1
default-src 'self'; connect-src * 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://cackle.me https://vk.com https://st.top100.ru https://mc.yandex.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://w.uptolike.com https://cdn.sendpulse.com https://bitrix.info https://ssl.google-analytics.com https://connect.facebook.net; img-src * 'self' 'unsafe-inline' data: https:; style-src * 'self' 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval' 'self'; frame-src * 'self'; object-src 'none' 1
default-src 'self' http://www.nevo.co.il https://player.vimeo.com https://vimeo.com https://direct.tranzila.com https://web.gostreaming.tv http://www.youtube.com https://cdn.jwplayer.com https://iframe.dacast.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://nevo.heshev.info https://m.facebook.com https://www.facebook.com https://www.google.com https://www.youtube.com; script-src 'self' blob: https://connect.facebook.net http://service.box-it.co.il https://service.box-it.co.il http://maps.google.com https://maps.google.com http://maps.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pickuppoint.co.il https://www.pickuppoint.co.il https://partner.googleadservices.com https://www.googletagservices.com https://tpc.googlesyndication.com http://tpc.googlesyndication.com http://www.google-analytics.com https://www.google-analytics.com https://adservice.google.com https://adservice.google.co.il https://pagead2.googlesyndication.com https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://einhamishpat.nevo.co.il 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://i1.nevo.co.il https://t1.nevo.co.il https://i2.nevo.co.il https://csi.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://analytics.google.com https://www.pickuppoint.co.il; img-src 'self' data: https://www.nevo.co.il https://image.freepik.com https://m.facebook.com https://www.facebook.com http://pagead2.googlesyndication.com http://maps.google.com https://googleads.g.doubleclick.net https://www.google.co.il https://www.google.com https://maps.google.com http://service.box-it.co.il https://service.box-it.co.il http://www.google-analytics.com https://www.google-analytics.com http://maps.googleapis.com https://maps.googleapis.com http://maps.gstatic.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.pickuppoint.co.il; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.pickuppoint.co.il http://fonts.googleapis.com https://fonts.googleapis.com; font-src 'self' https://www.pickuppoint.co.il https://fonts.gstatic.com; frame-src 'self' mailto: tel: https://academy.nevo.co.il/ https://drive.google.com https://t1.nevo.co.il http://www.nevo.co.il https://player.vimeo.com https://vimeo.com https://direct.tranzila.com http://www.youtube.com https://cdn.contactgbs.com https://cdn.jwplayer.com https://iframe.dacast.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://nevo.heshev.info https://www.facebook.com https://m.facebook.com https://www.google.com https://www.youtube.com https://web.gostreaming.tv; 1
report-uri /api/submit-csp-violation-report; default-src 'self' blob: data: https://i.mgtbk.nl https://cdn.jsdelivr.net https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://jouw.postnl.nl https://*.gstatic.com;script-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net  'nonce-2e11884732831625' https://cdnjs.cloudflare.com https://rum.browser-intake-datadoghq.eu/ https://www.datadoghq-browser-agent.com https://polyfill.io https://unpkg.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://mouseflow.com https://cdn.mouseflow.com https://www.google.com https://cdn.3cx.com https://mainpress.my3cx.nl https://mainpress.my3cx.nl:5001 https://cdn.tiny.cloud; style-src 'self' https://i.mgtbk.nl https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.tiny.cloud data: 'unsafe-inline'; img-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net data: https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.fr https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://i.ytimg.com https://i.vimeocdn.com https://sp.tinymce.com http://aws-images.cloud.mainpress.nl; connect-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net data: https://*.browser-intake-datadoghq.eu https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mainpress.my3cx.nl:5001/; frame-src https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.managementvideo.nl https://*.soundcloud.com https://static.managementboek.nl https://i.mgtbk.nl https://*.spotify.com https://www.google.com; frame-ancestors 'none'; 1
default-src 'self' ; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'self' https://*.rtr.at; font-src 'self' fonts.gstatic.com; img-src 'self' https://*.rtr.at data: https://*.ytimg.com https://piwik.rtr.at; media-src 'self' https://*.rtr.at; frame-src data: blob: https://*.rtr.at https://egov.rtr.gv.at https://127.0.0.1:* https://eid.oesterreich.gv.at https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://app.23degrees.io https://chat.rtcnow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.23degrees.io https://piwik.rtr.at https://info.rtr.at; connect-src 'self' https://info.rtr.at https://info.rtr.at; 1
base-uri 'self'; default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.neteasy.pl; 1
frame-ancestors 'self'  https://savethechildren.ailnd.com; 1
frame-ancestors https://curiocity.teemew.com 1
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://viewmychart.com https://*.viewmychart.com;; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.retail-week.com; 1
default-src 'self' data: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.juicer.io *.microsoftonline.com *.mouseflow.com *.zscaler.net *.kuka.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net js-agent.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com munchkin.marketo.net *.twitter.com *.ads-twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.igodigital.com *.pardot.com *.juicer.io *.cloudflare.com *.mouseflow.com *.demandbase.com *.zscaler.net *.youtube.com kuka.my.salesforce.com *.salesforceliveagent.com *.force.com *.kuka.com; img-src 'self' data: *.juicer.io *.google.com *.bing.com *.linkedin.com *.google.de *.g.doubleclick.net *.demandbase.com *.company-target.com *.rlcdn.com *.baidu.com *.ytimg.com *.kuka.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.juicer.io kuka.my.salesforce.com *.force.com *.kuka.com; child-src 'self' blob: *.vimeo.com *.juicer.io; frame-src 'self' https: *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly *.youko.com *.doubleclick.net snap.licdn.com *.linkedin.com *.juicer.io *.company-target.com; connect-src 'self' *.googlesyndication.com *.google.com *.google.ch *.bing.com *.linkedin.oribi.io *.baidu.com *.mktoresp.com *.juicer.io *.mouseflow.com *.company-target.com noembed.com *.demandbase.com *.kuka.com; frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://onswisslog.sharepoint.com 1
frame-ancestors 'self' https: https://cdn.datatables.net https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.redditstatic.com https://a.quora.com https://s.yimg.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://cdn.matomo.cloud https://www.youtube.com https://hexaware.matomo.cloud https://www.googletagmanager.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/npm/objectFitPolyfill@2.3.0/dist/objectFitPolyfill.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js https://code.jquery.com https://maps.googleapis.com https://hexaware.com https://salespanel.io/ https://hexaware.com/  https://d1n6dw42pr6e5w.cloudfront.net; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; object-src 'none'; base-uri https://hexaware.com; 1
default-src data: blob: 'self' * *.t-mobile.com *.isappcloud.com *.newsroomlabs.com;script-src 'unsafe-eval' 'unsafe-inline' 'self' *;style-src 'unsafe-inline' 'self' blob: *;child-src 'self' blob: *;frame-src 'self' *;object-src 'self' *;frame-ancestors 'self'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 1
default-src 'self';frame-ancestors 'self';object-src 'none' ;child-src 'self' https://cloud.typography.com;frame-src 'self' https://athora.recruitee.com https://consentcdn.cookiebot.com https://vivat3.recruitee.com https://www.youtube.com https://www.google.com;connect-src 'self' https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.applicationinsights.azure.com;font-src 'self' data: data: https://fonts.gstatic.com;img-src 'self' data: data: https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://i.ytimg.com https://ssl.gstatic.com https://www.gstatic.com;script-src 'self' 'strict-dynamic' 'nonce-Xm4ndHO3BcdHnK9sn/wPWcTu' data: data: https://*.googletagmanager.com https://az416426.vo.msecnd.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.youtube.com https://*.monitor.azure.com;style-src 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://tagmanager.google.com https://www.athora.nl https://www.googletagmanager.com; 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://*.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://*.googletagmanager.com https://www.awin1.com https://googleads.g.doubleclick.net https://*.google.com https://*.google.de https://*.googleadservices.com https://*.facebook.com https://cm.g.doubleclick.net https://x.bidswitch.net https://contextual.media.net https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://*.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://*.criteo.com https://ad.360yield.com https://matching.ivitrack.com/ https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://*.tremorhub.com https://ad.yieldlab.net https://*.yieldmo.com https://e1.emxdgt.com https://ib.adnxs.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com https://*.bing.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.moderne-hausfrau.de https://walz-prev.checkout.api.scayle.cloud https://*.awin1.com https://td.doubleclick.net https://*.criteo.com https://*.sovendus-benefits.com https://*.sovendus-connect.com https://tbs.tradedoubler.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' https://*.moderne-hausfrau.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://*.sovendus.com; script-src-elem 'self' 'unsafe-inline' https://*.moderne-hausfrau.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://*.criteo.com https://*.sovendus.com https://*.bing.com https://*.hotjar.com https://*.abtasty.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.moderne-hausfrau.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://*.googletagmanager.com https://*.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://*.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.hotjar.com https://*.hotjar.io https://*.abtasty.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
default-src 'unsafe-eval' 'unsafe-inline' https: data:; img-src 'self' data: *.medelement.com *.googlesyndication.com *.google.com *.google.kz *.google.de *.google-analytics.com *.google-analytics.com *.google.ru *.yandex.ru yandex.ru *.yandex.net yandex.net *.yandex.com; connect-src 'self' *.medelement.com *.yandex.net yandex.ru ws: https:; object-src 'none'; frame-ancestors 'self' 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.qacloud.com.cn:443 1
frame-ancestors 'self'; report-uri https://zqcie68ipf.execute-api.us-east-1.amazonaws.com/production/report; report-to report-endpoint ; script-src 'self' https://apis.google.com 'report-sample'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com https://web103.reachmee.com https://www.vizzit.se https://tag.vizzit.se https://cdn.vizzit.se https://soundcloud.com/ https://connect.soundcloud.com/sdk/ https://i.ytimg.com https://cdn.screen9.com/; style-src 'self' 'unsafe-inline' https://soundcloud.com/ https://w.soundcloud.com/ ;  frame-src 'self' https://*.fi.se/ https://www.vizzit.se https://tag.vizzit.se https://cdn.vizzit.se https://web103.reachmee.com  https://www.youtube.com https://i.ytimg.com https://soundcloud.com/ https://w.soundcloud.com/ https://api.screen9.com/ https://screen9.com/ https://quickchannel.com/ https://www.quickchannel.com/ ;  img-src 'self' data: https://i.ytimg.com https://bcdn.screen9.com ; connect-src 'self' https://www.googleapis.com https://soundcloud.com/ https://connect.soundcloud.com/sdk/ https://rest.screen9.com/ ;  form-action 'self' https://publish.ne.cision.com/Subscription/Subscribe ;  base-uri 'self' ;  frame-ancestors 'self' ; upgrade-insecure-requests ; object-src 'self'  1
base-uri https:; frame-src *; connect-src https:; font-src https: data:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src 'self'; object-src 'self'; form-action 'self' *.twitter.com; default-src https: 1
default-src 'self' 'unsafe-inline' data: blob: https://*.fbthirdpartypixel.com https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests; 1
object-src 'none'; img-src data: http: https:; script-src http: https: *.structube.com 'self' blob: 'unsafe-inline' *.paypal.com *.moneris.com *.signifyd.com 'unsafe-eval' *.listrakbi.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.getcandid.com *.filepicker.io content-getcandid.netdna-ssl.com *.attn.tv *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.g.doubleclick.net s.pinimg.com bam.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' *.structube.com *.typekit.net fonts.googleapis.com; base-uri 'none'; font-src 'self' fonts.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.paypal.com *.moneris.com *.google.com *.facebook.com *.youtube-nocookie.com *.doubleclick.net *.g.doubleclick.net *.getcandid.com *.filepicker.io *.signifyd.com view.publitas.com *.virtuo-reality.com acs-server.ps.msignia.com *.structube.com *.pinterest.com s.pinimg.com *.hotjar.com *.ada.support 360.ecom2vr.com *.attn.tv h.online-metrix.net *.paypalobjects.com *.hotjar.io *.pay.google.com *.affirm.ca *.cdn-apple.com; child-src 'self'; frame-ancestors 'self' www.virtuo-reality.com 360.ecom2vr.com; connect-src 'self' data: blob: *.attentivemobile.com *.attn.tv *.getcandid.com *.filepicker.io *.ada.support *.googleapis.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca collector.structube.com *.pinterest.com bam.nr-data.net *.facebook.com cdn.linkedin.oribi.io *.bing.com *.adroll.com *.hotjar.com *.paypal.com wss://*.hotjar.com *.hotjar.io *.affirm.ca; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; frame-ancestors 'self' https://*.amnesty.nl https://www.ohyay.co; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
object-src 'none'; script-src 'nonce-j8iS6EXXApSWmBntd2CIjg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self'; default-src 'self' fscdn.eppo.cloud *.fullstory.com *.sentry.io *.commandbar.com *.rudderstack.com *.rudderlabs.com *.intercom.io *.browser-intake-datadoghq.com *.maze.co; style-src 'self' 'unsafe-inline' *.commandbar.com; img-src 'self' *.gravatar.com *.googleusercontent.com *.googleapis.com *.fullstory.com *.intercom.io *.intercomcdn.com *.intercomassets.com data:; worker-src 'self' blob:; font-src 'self' *.intercomcdn.com; connect-src 'self' fscdn.eppo.cloud *.fullstory.com *.sentry.io *.commandbar.com *.rudderstack.com *.rudderlabs.com wss://*.intercom.io https://*.intercom.io *.browser-intake-datadoghq.com *.maze.co; media-src 'self' *.intercomcdn.com; 1
default-src 'self'; script-src 'self' 'nonce-D87uRj3GkpnHODAXGw5SqME+9pEmeoy02ZNrWeAuEsw=' https://*.go-mpulse.net *.wp.com *.freecharge.in https://*.clarity.ms https://www.clarity.ms https://amplify.outbrain.com https://sokrati.g2afse.com https://optimidea.go2cloud.org https://www.youtube.com code.jquery.com ajax.googleapis.com assets.adobedtm.com jasper.d3.sc.omtrdc.net www.google-analytics.com www.googleadservices.com cdn.jsdelivr.net cdn.freecharge.in ds-aksb-a.akamaihd.net ssl.gstatic.com https://*.googleapis.com https://*.google.com connect.facebook.net cdnjs.cloudflare.com d2r1yp2w7bby2u.cloudfront.net static.clevertap.com in.wzrkt.com tracker.freecharge.in cdn.branch.io chuknu.sokrati.com www.googletagmanager.com tracking.sokrati.com bat.bing.com googleads.g.doubleclick.net app.link https://*.freshdesk.com dmx246cm6p7k8.cloudfront.net axisbank.demdex.net https://helpcenterapi.freecharge.in nlpbots.freecharge.in nlpbotsv3.freecharge.in nlpbotsv3-dr.freecharge.in activitymap.adobe.com www.gstatic.com frch-invoice.getparchi.com https://cdn.moengage.com https://app-cdn.moengage.com; img-src 'self' https://*.akstat.io blob: kyc-kyc-prod.s3.ap-south-1.amazonaws.com maps.googleapis.com *.freshdesk.com n19shpp1fi.execute-api.ap-south-1.amazonaws.com https://*.clarity.ms https://www.clarity.ms *.wp.com *.wolkenservicedesk.com https://sokrati.g2afse.com *.freecharge.in s.freecharge.in dmx246cm6p7k8.cloudfront.net dvb25sefq5u4k.cloudfront.net www.facebook.com jasper.d3.sc.omtrdc.net s3-ap-south-1.amazonaws.com d32vr05tkg9faf.cloudfront.net dmx246cm6p7k8.cloudfront.net d1g4sjv85anmpz.cloudfront.net d1vi4hxtdrq9n9.cloudfront.net d2o927etjybc8i.cloudfront.net freechargemobile.112.2o7.net jasperfreechargemerchantnew.112.2o7.net s3.ap-south-1.amazonaws.com offers.freecharge.in dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net cm.everesttech.net bat.bing.com tracking.sokrati.com www.google.com www.google.co.in s3.amazonaws.com https://*.freshdesk.com ds-aksb-a.akamaihd.net dmx246cm6p7k8.cloudfront.net offers.freecharge.com googleads.g.doubleclick.net maps.gstatic.com www.googletagmanager.com csi.gstatic.com www.gstatic.com frch-invoice.getparchi.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com data:; style-src 'self' 'unsafe-inline' *.freecharge.in fonts.googleapis.com http://fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com d1g4sjv85anmpz.cloudfront.net fc-static-content.freecharge.in cdn.rawgit.com https://*.freshdesk.com dmx246cm6p7k8.cloudfront.net www.gstatic.com frch-invoice.getparchi.com https://app-cdn.moengage.com https://fonts.bunny.net data:; font-src 'self' *.freecharge.in fonts.googleapis.com netdna.bootstrapcdn.com fonts.gstatic.com cdn.rawgit.com data:; connect-src 'self' fc-static-content.freecharge.in https://*.akstat.io https://c.go-mpulse.net https://*.clarity.ms https://www.clarity.ms n19shpp1fi.execute-api.ap-south-1.amazonaws.com *.wp.com *.freecharge.in dpm.demdex.net www.freecharge.in merchant-app.freecharge.in api2.branch.io www.google-analytics.com d1g4sjv85anmpz.cloudfront.net maps.googleapis.com stats.g.doubleclick.net api.getparchi.com jasper.d3.sc.omtrdc.net www.facebook.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://sdk-04.moengage.com; frame-src 'self' s.freecharge.in https://s.freecharge.in/content/images/game/coinCollect/v2/ https://s.freecharge.in/content/images/game/coinCollect/v2 n19shpp1fi.execute-api.ap-south-1.amazonaws.com https://*.clarity.ms https://www.clarity.ms accounts.google.com staticxx.facebook.com www.facebook.com https://lendingplatform.axisbank.com *.wp.com www.youtube.com freechargepayment.demdex.net bid.g.doubleclick.net axisbank.demdex.net https://helpcenterapi.freecharge.in nlpbots.freecharge.in nlpbotsv3.freecharge.in nlpbotsv3-dr.freecharge.in 9950466.fls.doubleclick.net activitymap.adobe.com *.omniture.com https://www.google.com fc-cdn.freecharge.in frch-invoice.getparchi.com optimidea.gotrackier.com trk.getinfo360.com trk.getinfo360.com https://cdn.moengage.com;media-src 'self' https://s3.ap-south-1.amazonaws.com/ind-cdn.freshdesk.com/ blob: *.freshdesk.com kyc-kyc-prod.s3.ap-south-1.amazonaws.com *.freecharge.in; frame-ancestors 'self' *.axisbank.com *.axisbank.co.in *.freecharge.in 1
default-src     'none';                font-src        www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at fonts.gstatic.com;                frame-ancestors www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at;                object-src      www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at;                connect-src     www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at;                script-src      www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at;                img-src         www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at data: www.spitalskompass.at rehakompass.goeg.at www.help.gv.at *.gstatic.com *.googleapis.com developers.google.com i1.ytimg.com;                style-src       www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at fonts.googleapis.com 'unsafe-inline';                form-action     www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at www.a-trust.at 127.0.0.1:3495 127.0.0.1:3496 www.elga-online.gv.at vollmachten.stammzahlenregister.gv.at;                child-src       www.gesundheit.gv.at secure.gesundheit.gv.at ghp.gesundheit.gv.at www.a-trust.at 127.0.0.1:3495 127.0.0.1:3496 www.elga-online.gv.at vollmachten.stammzahlenregister.gv.at www.youtube.com www.youtube-nocookie.com test.formularservice.gv.at www.formularservice.gv.at;                block-all-mixed-content; 1
frame-ancestors 'self'; report-uri https://6036bf2e5ccdae2ac79ee67c.endpoint.csper.io/ 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io  *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com  *.pinterest.com  *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.youtube-nocookie.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr *.cookiebot.com; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1
default-src 'self' mydrive.ch *.mydrive.ch; img-src 'self' mydrive.ch *.mydrive.ch data: blob:; script-src 'self' mydrive.ch *.mydrive.ch 'unsafe-inline' 'unsafe-eval' connect.facebook.net youtube.com www.youtube.com; style-src 'self' mydrive.ch *.mydrive.ch 'unsafe-inline' 'unsafe-eval'; frame-src 'self' mydrive.ch *.mydrive.ch youtube.com www.youtube.com; object-src 'none'; 1
child-src 'self' https://survey.jam-software.com;frame-src https://jam-software-gmbh.jobs.personio.de; base-uri 'self';font-src 'self';form-action 'self';frame-ancestors 'self' *.jam-software.de;img-src 'self' https://www.google.com https://www.google.de https://ja.jam-software.com https://www.jam-software.de https://www.jam-software.com https://customers.jam-software.de https://manuals.jam-software.de https://manuals.jam-software.com https://survey.jam-software.com media.jam-software.com;media-src 'self' media.jam-software.com https://survey.jam-software.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.jam-software.de https://matomo.jam-software.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://survey.jam-software.com; 1
default-src 'none'; style-src https://cdn.stitchfiddle.com 'unsafe-inline' https://fonts.googleapis.com/; font-src https://cdn.stitchfiddle.com data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; img-src https://www.stitchfiddle.com https://cdn.stitchfiddle.com data: blob:; script-src www.stitchfiddle.com 'nonce-Nm0ps03KXGtZ3k3A' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src www.stitchfiddle.com; child-src www.stitchfiddle.com; connect-src https://www.stitchfiddle.com; frame-src www.stitchfiddle.com https://www.google.com/recaptcha/; object-src www.stitchfiddle.com; base-uri 'none';  report-uri https://www.stitchfiddle.com/ajax/log/csp; 1
frame-src 'self' *.facebook.com *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com *.midas.com *.bazaarvoice.com *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org m.me intent:; frame-ancestors 'self' *.facebook.com  *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com  *.midas.com *.bazaarvoice.com  *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org m.me intent: 1
default-src 'self' fruux.com *.fruux.com www.google.com; script-src 'self' https://*.stripe.com www.google-analytics.com ssl.google-analytics.com cdn.heapanalytics.com en.gravatar.com cdn.ravenjs.com www.google.com www.gstatic.com; img-src 'self' data: https://*.stripe.com www.google-analytics.com ssl.google-analytics.com *.doubleclick.net heapanalytics.com secure.gravatar.com placehold.it s3.eu-central-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.stripe.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https://*.stripe.com www.google.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.ameriprise.com *.editor.ameripriseadvisors.com *.ameripriseadvisors.com *.qualtrics.com *.googleapis.com *.google.com *.google.co.in *.twitter.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com https://*.doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://bat.bing.com http://bat.bing.com https://connect.facebook.net https://assets.adobedtm.com https://maxcdn.bootstrapcdn.com https://d.turn.com https://*.ameriprisestats.com http://*.ameriprisestats.com https://cdn.ameriprisecontent.com https://maps.googleapis.com https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net https://www.forefieldkt.com https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleadservices.com https://cm.everesttech.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com https://fonts.gstatic.com https://login.zscalertwo.net https://www.gstatic.com https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net https://maps.gstatic.com *.ggpht.com https://tag.simpli.fi https://up.pixel.ad https://insight.adsrvr.org https://bcp.crwdcntrl.net https://tags.crwdcntrl.net/ https://aa.agkn.com/ https://ib.mookie1.com/ https://bcp.crwdcntrl.net/ https://ml314.com/ https://idsync.rlcdn.com/ https://x.skimresources.com/ https://thrtle.com/ https://global.ib-ibi.com/ https://www.broadridgeadvisor.com 1
default-src 'self' logo.samandehi.ir trustseal.enamad.ir yastatic.net *.yandex.md *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com top-fwz1.mail.ru *.facebook.net *.facebook.com client.taximaxim.ir *.taxsee.ru *.yektanet.com analytics.tiktok.com trustseal.enamad.ir 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; upgrade-insecure-requests 1
default-src https: *.crazyegg.com; base-uri 'none'; connect-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://secure.adnxs.com https://api.resumatorapi.com https://*.6sc.co wss://ws8.hotjar.com wss://ws10.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com *.crazyegg.com; img-src 'self' https://*.6sc.co https://p.adsymptotic.com https://*.vidyard.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.es https://www.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com data: https://www.bluevoyant.com  https://track.hubspot.com https://secure.gravitar.com *.crazyegg.com https://lh4.googleusercontent.com https://lh6.googleusercontent.com https://s3.us-east-2.amazonaws.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.driftt.com https://*.6sc.co https://www2.bluevoyant.com https://pi.pardot.com https://snap.licdn.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://secure.gravitar.com https://googletagmanager.com https://www.googletagmanager.com https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-scripts.com https://www.youtube.com https://*.crazyegg.com https://play.vidyard.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://hpwpmucdn.com https://fonts.googleapis.com data:; frame-src 'self' https://js.driftt.com https://www.bluevoyant.com https://www2.bluevoyant.com  https://vars.hotjar.com https://app.hubspot.com https://www.youtube.com https://*.googleusercontent.com *.googleusercontent.com https://play.vidyard.com https://consentcdn.cookiebot.com; font-src 'self' https://www.bluevoyant.com  https://fonts.gstatic.com https://cdn2.hubspot.net data:; object-src 'none'; upgrade-insecure-requests; 1
default-src .assrt.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: secure.assrt.net d.assrt.net changyan.sohu.com changyan.itc.cn www.google-analytics.com http://bdimg.share.baidu.com d31qbv1cthcecs.cloudfront.net .statcounter.com; img-src data: blob: https: .xianliao.me http://tva3.sinaimg.cn; style-src 'unsafe-inline' https:; child-src https:; frame-src www.xianliao.me d.assrt.net; connect-src 'self' changyan.sohu.com; 1
font-src 'self' fonts.gstatic.com *.hotjar.com;frame-ancestors 'self';style-src 'self' 'unsafe-inline' geowidget.inpost.pl cdn.segmentify.com fonts.googleapis.com stackpath.bootstrapcdn.com; 1
frame-ancestors 'self' *.bhinnekalocal.com *.bhinneka.com *.bmdstatic.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com *.segment.com blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' https://tagmanager.google.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com *.segment.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://cdn.fonts.net https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://stats.g.doubleclick.net https://assets.ctfassets.net https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com data: blob: feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com *.segment.com data: blob: feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.youtube.com https://consumersupport.pg.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com youtu.be *.facebook.com *.segment.com blob: feed.pghub.io pandg.tapad.com ; connect-src 'self' https://www.google-analytics.com https://api-test.pg.com https://api.pg.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.bazaarvoice.com https://api-nonprod.pgsvc.com https://api.pgsvc.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.segment.com *.segment.io *.onetrust.com feed.pghub.io pandg.tapad.com ; 1
style-src-attr 'self' www.profamilia.de typo3.profamilia.de 'unsafe-inline' 1
report-uri /cgi-bin/csp; default-src 'self' pagead2.googlesyndication.com securepubads.g.doubleclick.net; connect-src 'self' pagead2.googlesyndication.com googleads.g.doubleclick.net csi.gstatic.com *.google-analytics.com maps.googleapis.com *.paypalobjects.com *.paypal.com; font-src 'self' data: fonts.gstatic.com *.avast.com; frame-src 'self' *.radio-locator.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.paypalobjects.com *.paypal.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com googleads.g.doubleclick.net *.googletagmanager.com *.paypalobjects.com *.paypal.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net *.googlesyndication.com maps.googleapis.com adservice.google.com adservice.google.ca adservice.google.com.mx adservice.google.de adservice.google.co.uk adservice.google.co.nz adservice.google.no adservice.google.ua adservice.google.it adservice.google.pr adservice.google.il adservice.google.za adservice.google.be adservice.google.fr *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.google-analytics.com *.ampproject.org *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com *.googlesyndication.com; worker-src 'none'; form-action 'self'; frame-ancestors *.radio-locator.com; 1
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.plano.gov; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net *.ctctcdn.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov https://www.facebook.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net connect.facebook.net https://widgets.nrel.gov; upgrade-insecure-requests; frame-src *.youtube.com *.airtable.com *.plano.swagit.com *.google.com *.civicplus.com *.plano.novusagenda.com *.publicstuff.com *.plano.gov *.audioeye.com https://airtable.com https://acg.is https://iframe.publicstuff.com https://iwantto.plano.gov https://plano.novusagenda.com https://planogis.maps.arcgis.com https://planotx.swagit.com https://sns.plano.gov https://tx-plano-onlineforms.app.transform.civicplus.com https://www.google.com/maps/embed https://www.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed https://planotx.new.swagit.com https://html5-player.libsyn.com https://e.issuu.com https://prezi.com https://www.arcgis.com https//arcgis.com; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net data:; form-action 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.myshopify.com admin.shopify.com *.getmesa.com *.theshoppad.com 1
default-src https: data: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' https://damenavas.cz https://www.google-analytics.com https://office.com https://player.livebox.cz https://gis.brno.cz https://www.mapy.cz https://frame.mapy.cz https://maps.google.com https://forms.google.com https://www.youtube.com *.issuu.com; connect-src 'self' https://gis.brno.cz/ https://js.arcgis.com https://utility.arcgisonline.com https://cz-services.tmapserver.cz https://www.google-analytics.com *.google-analytics.com *.googletagmanager.com *.google.com https://emmb-matomo.brno.cz https://static.arcgis.com; img-src 'self' data: https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://gis.brno.cz/ https://cz-services.tmapserver.cz https://js.arcgis.com https://apl.brno.cz https://www.brno.cz; frame-src 'self' formapps: https://objednani.brno.cz https://www.google.com https://www.youtube.com *.mapy.cz *.issuu.com  https://gis.brno.cz https://widget.tagembed.com https://player.vimeo.com/ https://apl.brno.cz data: https://playermmbarchiv.livebox.cz/ https://player.livebox.cz https://infogram.com; child-src 'self' ; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://portal.gov.cz https://widget.tagembed.com https://js.arcgis.com *.google-analytics.com *.googletagmanager.com *.google.com https://emmb-matomo.brno.cz; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.arcgis.com; font-src 'self' https://fonts.gstatic.com https://js.arcgis.com data:; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' http://guidewire.pathfactory.com https://guidewire.pathfactory.com http://explore.guidewire.com https://explore.guidewire.com 1
default-src 'self' https://www.youtube.com platform.twitter.com https://connect.facebook.net https://atoall.com https://jigsaw.w3.org/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://apis.google.com https://cdn.syndication.twimg.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.net http://ajax.googleapis.com https://www.instagram.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com ; img-src * 'self' 'unsafe-inline' https://atoall.com https://jigsaw.w3.org/  data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://atoall.com https://jigsaw.w3.org/ https://platform.twitter.com https://connect.facebook.net https://ton.twimg.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://atoall.com; object-src 'none'; frame-src 'self' platform.twitter.com https://www.facebook.com https://www.youtube.com https://www.instagram.com syndication.twitter.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.lexop.com https://*.segment.com https://*.segment.io https://*.fontawesome.com https://*.googleatmanager.com https://*.windows.net https://*.adroll.mgr.consensu.org https://*.subscribers.com https://*.adroll.com https://*.omappapi.com https://*.callrail.com https://*.police.uk https://*.pardot.com https://*.wistia.com https://*.google.com https://www.google.fr https://www.google.be https://www.google.nl https://*.google-analytics.com https://*.googleapis.com https://*.formstack.com https://*.jsdelivr.net https://*.addtoany.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.bing.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://*.rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.marketo.net https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.onetrust.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.hotjar.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net https://*.facebook.com https://rpxnow.com https://*.googleoptimize.com resource://pdf.js https://app-ab06.marketo.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com maps.googleapis.com https://*.marketo.net https://*.vimeo.com https://*.pusher.com https://*.cookiehub.net https://cookiehub.net https://*.cookiehub.com https://*.americantower.com; style-src 'self' 'unsafe-inline' https://*.lexop.com https://*.fontawesome.com https://*.googleatmanager.com https://*.google.com https://www.google.nl https://www.google.fr https://*.police.uk https://www.google.be https://*.cloudflare.com https://*.formstack.com https://*.jsdelivr.net https://*.marketo.net https://*.marketo.com https://*.google-analytics.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://in.hotjar.com https://*.mapbox.com https://*.typekit.net https://p.typekit.net https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.cookiehub.net https://cookiehub.net https://*.pusher.com https://*.americantower.com; img-src 'self' data: blob: https://*.clarity.ms https://*.lexop.com https://*.fontawesome.com https://*.wistia.net https://*.googleatmanager.com https://*.windows.net https://*.google.com https://*.google.ae https://*.adroll.com https://*.subscribers.com https://*.6sc.co https://*.wistia.com https://*.cookielaw.org https://www.google.nl https://www.google.be https://www.google.fr https://*.jsdelivr.net https://s3.amazonaws.com https://*.formstack.com https://*.googleusercontent.com https://*.google.com.ua https://*.facebook.com https://*.facebook.net https://*.ads.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.linkedin.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.g.doubleclick.net https://*.bing.com https://*.hotjar.com https://*.nr-data.net https://*.newrelic.com https://*.acquia-sites.com https://*.vimeocdn.com https://*.nasdaqomx.wallst.com https://*.pusher.com https://*.americantower.com; media-src 'self' data: blob: https://*.fontawesome.com https://*.wistia.net https://*.googleatmanager.com https://*.windows.net https://*.driftqa.com https://*.driftt.com https://*.googletagmanager.com https://*.acquia-sites.com; frame-src 'self' https://*.google.com https://*.police.uk https://*.twitter.com https://www.google.nl https://www.google.fr https://www.google.be https://*.marketo.net https://*.wistia.com https://*.wistia.net https://*.marketo.com https://*.fls.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.janraincapture.com https://*.youtube.com https://*.drift.com https://*.driftt.com https://*.drift.click https://*.reevoo.com https://*.pricespider.com https://*.reachmee.com https://*.g.doubleclick.net https://marketo.com https://*.marketo.com https://*.vimeo.com https://americantower.gcs-web.com https://*.getfeedback.com https://pardot.americantower.com; child-src 'self' https://*.fontawesome.com https://*.wistia.net https://*.googleatmanager.com https://*.windows.net https://*.pardot.com https://*.googletagmanager.com https://americantower.gcs-web.com; worker-src 'self' data: blob: https://*.googletagmanager.com; font-src 'self' data: https://*.fontawesome.com https://*.wistia.net https://*.googleatmanager.com https://*.windows.net https://*.cloudflare.com https://*.formstack.com https://*.jsdelivr.net https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net https://*.hotjar.com https://d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ https://*.googletagmanager.com; connect-src 'self' https://*.akamaihd.net https://*.segmentapis.com https://*.clarity.ms https://*.segment.io https://*.segment.com https://*.fontawesome.com https://*.wistia.net https://*.googleatmanager.com https://*.windows.net https://*.g.doubleclick.net https://*.6sense.com https://*.litix.io https://*.police.uk https://*.ip-api.com https://*.6sc.co https://*.adnxs.com https://*.subscribers.com https://*.wistia.com https://*.callrail.com https://*.google.com https://www.google.nl https://www.google.fr https://www.google.be https://*.facebook.com https://*.facebook.net wss://*.hotjar.com https://*.driftcdn.com https://*.googleapis.com https://*.google-analytics.com https://*.mktoresp.com https://*.bing.com https://*.googlevideo.com https://*.hotjar.com https://*.hotjar.io https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://*.g.doubleclick.netP https://d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json https://*.bynder.cloud https://p11.techlab-cdn.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.mktoutil.com https://*.vimeo.com https://vimeo.com https://*.cookiehub.net https://cookiehub.net https://*.googlesyndication.com https://*.pusher.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' youreko.com *.youreko.com youreko.localhost *.youreko.localhost www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com *.google-analytics.com 'sha256-GHD04MIPiR3cqaFF+BYzwAvChqlTX5qe3wJ+FmyB3S8=' 1
frame-ancestors https://*.prd.budgettravel.com 1
frame-ancestors https://*.zsxq.com 1
default-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' workona.com *.workona.com *.amplitude.com *.firebaseapp.com *.google-analytics.com *.googleapis.com *.googletagmanager.com apis.google.com connect.facebook.net js.stripe.com www.google.com www.gstatic.com; connect-src 'self' workona.com *.workona.com *.googleapis.com *.google-analytics.com *.amplitude.com *.found.io api.unsplash.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src https://* data: blob:; media-src https://*; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' workona.com *.workona.com app.clickup.com; frame-src 'self' firebasestorage.googleapis.com js.stripe.com workona.com *.workona.com youtube.com *.youtube.com *.youtube-nocookie.com *.sibforms.com www.google.com docs.google.com calendly.com meetings.hubspot.com *.zapier.com zapier.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.ml; img-src 'self' https: data: blob: https://mastodon.ml; style-src 'self' https://mastodon.ml 'nonce-QyrJYR5ubNKR1Zb+4OoKsQ=='; media-src 'self' https: data: https://mastodon.ml; frame-src 'self' https:; manifest-src 'self' https://mastodon.ml; form-action 'self'; child-src 'self' blob: https://mastodon.ml; worker-src 'self' blob: https://mastodon.ml; connect-src 'self' data: blob: https://mastodon.ml https://mastodon.ml wss://mastodon.ml; script-src 'self' https://mastodon.ml 'wasm-unsafe-eval' 1
default-src 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; form-action 'none'; frame-src 'none' 1
frame-ancestors 'self' http://www.axe.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://d1zpyrn120ijks.cloudfront.net; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-NoAsikttoXSOhzWKeiviYpny7pO1ja' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' https: *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com;base-uri 'self';font-src 'self' https: data:;img-src 'self' data: https: *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com;style-src 'self' 'unsafe-inline' https:;script-src 'self' 'unsafe-inline' https:; 1
frame-ancestors https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.ensighten.com gateway.zscalertwo.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud youtube.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.rawgit.com *.tools.investis.com *.nexus.ensighten.com nexus.ensighten.com tagmanager.google.com gateway.zscalertwo.net *.google.com youtube.com *.investisdigital.com player.vimeo.com ipapi.connectid.cloud sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.hs.llnwd.net youtube.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com staticxx.facebook.com www.youtube.com gateway.zscalertwo.net youtube.com recruitingapp-4152.de.umantis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.google.com *.doubleclick.net *.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://maps.googleapis.com; report-uri /report-csp-violation 1
default-src 'self' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; img-src 'self' https://* data: blob: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; media-src 'self' https://* data: blob: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; script-src 'self' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; font-src 'self' https://* data: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.ajax.googleapis.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com challenges.cloudflare.com *.challenges.cloudflare.com cookiefirst.com doctena.com *.doctena.com doctena.lu *.doctena.lu facebook.net *.facebook.net google.com *.google.com stripe.com *.stripe.com youtube.com *.youtube.com ajax.cloudflare.com https://www.google.com/recaptcha/api.js *.cookiefirst.com matomo.cloud *.matomo.cloud gstatic.com *.gstatic.com zdassets.com *.zdassets.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=xwZ7QD0JaEVQizcd552x.3JdyWYii7ZzN039giMqoYM-1705979358-1-AVcnal5aYSpuk65bduaJzQEFx1p3XFQPAhOj3hP468jc4jnhi_rVncdoP88-bN_irXYgWIJnkfipLazkvwaeBkVoBEbZAXpimn0bG23qBz_dol68r9WmWrbmTtf5FZFYB0QjnXx-MJMqCqoU_TFiQ1r9bRfguZBLkJ1_wMGt44-uJ1sE3FLeA0fb6ZeCLUyG27QpBcpOyEDQl3vzwBJLzwQ; report-to cf-xyulhfqrmlnsbsim 1
default-src 'self' *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com https://www.youtube.com youtube.com https://destinilocators.com destinilocators.com *.typekit.net data:; frame-src 'self' *.amazon-adsystem.com *.pinterest.com *.doubleclick.net *.addtoany.com *.addthis.com *.addthisedge.com *.bazaarvoice.com *.adsrvr.org https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com youtube.com https://destinilocators.com destinilocators.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' www.facebook.com *.gstatic.com *.googleapis.com *.pinterest.com www.google.com www.google.com.mx www.googletagmanager.com *.google-analytics.com www.youtube.com *.typekit.net i.ytimg.com *.bazaarvoice.com *.doubleclick.net data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.google-analytics.com https://www.googleadservices.com *.pinimg.com *.hotjar.com *.amazonaws.com *.addtoany.com *.moatads.com https://connect.facebook.net https://assets.pinterest.com https://rawgit.com https://unpkg.com *.googleapis.com *.addthisedge.com *.addthis.com https://mpsnare.iesnare.com https://code.jquery.com *.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.typekit.net *.bazaarvoice.com https://destinilocators.com destinilocators.com data:; connect-src 'self' 'unsafe-inline' *.pinterest.com *.hotjar.io *.googleapis.com *.doubleclick.net *.amazonaws.com www.google-analytics.com *.bazaarvoice.com; style-src 'self' 'unsafe-inline' style-src-elem 'self'  *.cloudflare.com *.bootstrapcdn.com *.cloudfare.com *.bazaarvoice.com *.myfonts.net *.googleapis.com; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self' teuto.net *.teuto.net ; 1
default-src 'self' *.lelynx.fr; frame-ancestors 'self' *.lelynx.fr; base-uri 'self' *.lelynx.fr; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.testlelynx.fr www.plurielmedia.com cdn.ampproject.org *.googleapis.com via.batch.com  unpkg.com *.unpkg.com *.outbrain.com *.optimizely.com *.quantserve.com *.iadvize.com *.google-analytics.com *.commander1.com *.facebook.com *.facebook.net *.lelynx.fr *.logbor.com *.affilae.com *.clarity.ms *.leadsmonitor.io *.comparadise.tech *.flaminem.com static.criteo.net hubtr.mindlytix.com *.amazonaws.com sslwidget.criteo.com https://lelynx.admo.tv https://lelynx.admo.tv:9999 *.admo.tv *.cloudflare.com *.googleadservices.com cdn.tagcommander.com *.adnxs.com https://www.googletagmanager.com/ https://static.ads-twitter.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://analytics.twitter.com/ *.trustcommander.net *.datadome.co *.kameleoon.eu *.kameleoon.com *.meilleurtauxpartenaire.com *.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js ; img-src 'self' 'unsafe-inline' *.iadvize.com *.ytimg.com *.google.fr *.google.com *.bing.com *.batch.com www.plurielmediacenter.com analytics.twitter.com *.doubleclick.net *.tagcommander.com *.outbrain.com *.exelator.com *.gravatar.com *.clarity.ms data: *.quantserve.com *.adnxs.com *.google-analytics.com *.commander1.com *.facebook.com *.facebook.net *.lelynx.fr *.leadsmonitor.io *.flaminem.com static.criteo.net hubtr.mindlytix.com *.amazonaws.com sslwidget.criteo.com lelynx.admo.tv *.cloudflare.com *.googleadservices.com cdn.tagcommander.com https://t.co/ https://bat.bing.com/ *.kameleoon.com;   style-src * 'unsafe-inline'; worker-src blob:; font-src 'self' *.iadvize.com *.lelynx.fr data: *.gstatic.com; child-src 'self' *; connect-src *.commander1.com *.admo.tv * 'self'; 1
default-src 'self'; script-src 'self' 'nonce-OdfGQQc3GzZGYQy3fE8/8+dYykapB1qMfisVQdS0w/I=' https://maps.googleapis.com https://ssl.google-analytics.com https://use.typekit.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data:  https://c212.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net https://ssl.google-analytics.com;  manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 1
frame-ancestors https://*.fidelity.com/ https://*.adobemc.com/ https://*.adobe.com/ http://*.fidelitycharitable.org/ https://*.fidelitycharitable.org/ https://*.fidelity.com 'self'; 1
default-src 'self' *.cloudflarestream.com *.videodelivery.net;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/;  font-src 'self' https://fonts.gstatic.com/ https://use.typekit.net/ data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.hytale.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/ https://embed.videodelivery.net/embed/;  media-src 'self' https://videodelivery.net/ blob:;  connect-src 'self' https://analytics.hytale.com/ https://videodelivery.net/ https://stats.videodelivery.net/ https://sentry.hytale.com/ https://boards-api.greenhouse.io/;  worker-src 'self' blob:;  frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/ *.cloudflarestream.com *.videodelivery.net;  img-src 'self' https://cdn.hytale.com/ https://analytics.hytale.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://videodelivery.net/ https://stats.videodelivery.net/ https://cloudflarestream.com/ https://i3.ytimg.com/ data:;  block-all-mixed-content; 1
default-src 'self'; connect-src 'self' translate.googleapis.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' fonts.gstatic.com *.googleapis.com https://*.hotjar.com; img-src 'self' *.freelibrary.org *.google.com translate.googleapis.com www.google-analytics.com *.gstatic.com https://*.hotjar.com data:; script-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline'; style-src 'self' *.googleapis.com www.google.com www.gstatic.com https://*.hotjar.com 'unsafe-inline'; frame-src https://*.hotjar.com; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://www.facebook.com/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/fin https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/fin https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.slideshare.net https://www.slideshare.net/slideshow/embed_code/key/x9CSFU49idCCHH https://app.powerbi.com/ https://public.tableau.com/ https://auth.service.vportal.ee/ https://docs.google.com/spreadsheets/d/1sxSvjkibqNmqk6tQxGl8tdP5T83ctpOY-LC58f10zAA/edit#gid=2004031429 https://www.canva.com https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com www.fin.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; media-src 'self' https://www.facebook.com/; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src https: 'self' 'unsafe-inline'; font-src https: data: 'self' 'unsafe-inline'; img-src https: data:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; 1
connect-src 'self' https://www.google-analytics.com/ https://api.addressfinder.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://player.vimeo.com/  https://analytics.google.com/;default-src 'self' https://api.addressfinder.io/ https://www.google.com/recaptcha/ https://qp.mbie.govt.nz/ https://www.youtube.com/  https://player.vimeo.com/ https://api.business.govt.nz/;img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' https://api.addressfinder.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://player.vimeo.com/ 'unsafe-eval';style-src 'self' 'unsafe-inline' https://api.addressfinder.io/; 1
frame-ancestors 'self' https://*.brille24.de 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com bat.bing.com www.redditstatic.com www.google-analytics.com googleads.g.doubleclick.net sc-static.net tag.rmp.rakuten.com static.hotjar.com secure.adnxs.com cdn.pdst.fm www.clarity.ms tr-shadow.snapchat.com platform.stumbleupon.com *.googletagmanager.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org munchkin.marketo.net dec.azureedge.net cdn.insight.sitefinity.com player.vimeo.com gateway.zscalerthree.net tr.snapchat.com script.hotjar.com lptag.liveperson.net va.v.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com app.five9.com/consoles/SocialWidget/five9-social-widget.min.js d34r8q7sht0t9k.cloudfront.net podscribe.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net maxcdn.bootstrapcdn.com dec.azureedge.net cdn.insight.sitefinity.com app.five9.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com alb.reddit.com www.google-analytics.com bat.bing.com www.google.com www.google.co.cr mma.prnewswire.com *.clarity.ms syndication.twitter.com static.licdn.com *.bing.com www.google.ca tr.snapchat.com gateway.zscalerthree.net finn-sdk-cdn.finn.ai lpcdn.lpsnmedia.net arttrk.com 10.151.64.13 staging1-cms-cc.eqbank.ca https://ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net maxcdn.bootstrapcdn.com; frame-src 'self' *.fls.doubleclick.net player.vimeo.com tr-shadow.snapchat.com tr.snapchat.com gateway.zscalerthree.net lpcdn.lpsnmedia.net va.idp.liveperson.net va.msg.liveperson.net td.doubleclick.net content.hotjar.io *.flinks.com cdn.prod.ca.five9.net eq-bank-fee-calculator4611.connect.flinks.dev/v2/ *.private.fin.ag forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com us-central1-adaptive-growth.cloudfunctions.net analytics.google.com tr-shadow.snapchat.com stats.g.doubleclick.net api.transferwise.com csmetrics.hotjar.com *.clarity.ms metrics.hotjar.io bat.bing.com restapi/adminapp/log-webclient-erro tr.snapchat.com vc.hotjar.io wss://va.msg.liveperson.net wss://ws.hotjar.com/api/v2/client/ws content.hotjar.io td.doubleclick.net *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://dbank-api-experience-public-site-qa4.istio.qa.eqb-int.cloud *.eqbank.ca forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: player.vimeo.com download-video.akamaized.net lpcdn.lpsnmedia.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
frame-ancestors 'self' mylvhn.org my.lvhn.org; upgrade-insecure-requests 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
default-src 'self' https://*.nrs.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://dh36nblqpps8a.cloudfront.net https://ajax.googleapis.com/ajax/libs/jquery/ https://*.listrakbi.com https://widgets.turnto.com/v5/widgets/ https://www.googletagmanager.com https://bat.bing.com https://hello.myfonts.net/count/2d8518 https://kit.fontawesome.com/06b4d5ce3d.js https://connect.facebook.net https://cdn.jsdelivr.net/npm/algoliasearch@3.35.1/dist/algoliasearchLite.min.js https://nrs.locally.com https://frontend2.locally.com https://*.affirm.com https://*.google-analytics.com https://www.paypalobjects.com https://*.paypal.com https://h.online-metrix.net/fp/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://nrs.bamboohr.com/js/jobs2.php https://www.googleadservices.com https://cdn.jsdelivr.net/jquery.loadingoverlay/latest/loadingoverlay.min.js https://*.algolianet.com https://*.algolia.net https://www.google.com/jsapi https://*.clarity.ms https://*.iubenda.com https://*.salesforceliveagent.com https://*.stripe.com https://secure.agile-enterprise-365.com https://service.force.com https://northwestriversupplies.my.salesforce.com https://northwestriversupplies.my.salesforce-sites.com https://static.lightning.force.com https://cdn.jsdelivr.net/npm/instantsearch.js@4.0.0/dist/instantsearch.production.min.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://dh36nblqpps8a.cloudfront.net https://ajax.googleapis.com/ajax/libs/jquery/ https://*.listrakbi.com https://widgets.turnto.com/v5/widgets/ https://www.googletagmanager.com https://bat.bing.com https://hello.myfonts.net/count/2d8518 https://kit.fontawesome.com/06b4d5ce3d.js https://connect.facebook.net https://cdn.jsdelivr.net/npm/algoliasearch@3.35.1/dist/algoliasearchLite.min.js https://nrs.locally.com https://frontend2.locally.com https://*.affirm.com https://*.google-analytics.com https://www.paypalobjects.com https://*.paypal.com https://h.online-metrix.net/fp/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://nrs.bamboohr.com/js/jobs2.php https://www.googleadservices.com https://cdn.jsdelivr.net/jquery.loadingoverlay/latest/loadingoverlay.min.js https://*.algolianet.com https://*.algolia.net https://www.google.com/jsapi https://*.clarity.ms https://*.iubenda.com https://*.salesforceliveagent.com https://*.stripe.com https://secure.agile-enterprise-365.com https://service.force.com https://northwestriversupplies.my.salesforce.com https://northwestriversupplies.my.salesforce-sites.com https://static.lightning.force.com https://cdn.jsdelivr.net/npm/instantsearch.js@4.0.0/dist/instantsearch.production.min.js; style-src 'report-sample' 'self' 'unsafe-inline' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://cdn.listrakbi.com https://dh36nblqpps8a.cloudfront.net https://fonts.googleapis.com https://use.fontawesome.com https://kit-free.fontawesome.com https://widgets.turnto.com https://hello.myfonts.net https://ajax.googleapis.com/ajax/libs/jqueryui/ https://nrs.bamboohr.com https://fast.fonts.net https://cdn1.affirm.com https://translate.googleapis.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://*.iubenda.com https://service.force.com https://northwestriversupplies.my.salesforce-sites.com https://cdn.honey.io; style-src-elem 'self' 'unsafe-inline' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://cdn.listrakbi.com https://dh36nblqpps8a.cloudfront.net https://fonts.googleapis.com https://use.fontawesome.com https://kit-free.fontawesome.com https://widgets.turnto.com https://hello.myfonts.net https://ajax.googleapis.com/ajax/libs/jqueryui/ https://nrs.bamboohr.com https://fast.fonts.net https://cdn1.affirm.com https://translate.googleapis.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://*.iubenda.com https://service.force.com https://northwestriversupplies.my.salesforce-sites.com https://cdn.honey.io; object-src 'self' https://h.online-metrix.net; base-uri 'self' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com; connect-src 'self' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://*.google.com https://*.google.ca https://*.googletagmanager.com https://*.google-analytics.com https://*.fontawesome.com https://*.doubleclick.net https://*.affirm.com https://*.turnto.com https://*.paypal.com https://h.online-metrix.net https://bat.bing.com https://*.algolianet.com https://*.algolia.net https://*.facebook.net https://*.facebook.com https://nrs.bamboohr.com https://api.rollbar.com https://dx0dyd9jru7i3.cloudfront.net https://dh36nblqpps8a.cloudfront.net https://use.typekit.net https://*.locally.com https://*.clarity.ms https://secure.agile-enterprise-365.com https://idx.liadm.com https://*.stripe.com https://*.iubenda.com https://northwestriversupplies.my.salesforce-sites.com; font-src 'self' data: https://dh36nblqpps8a.cloudfront.net https://fonts.gstatic.com https://www.gstatic.com https://*.fontawesome.com https://themes.googleusercontent.com https://fast.fonts.net https://www.affirm.com https://use.typekit.net; frame-src 'self' https://*.nrs.com https://*.nrsb2b.com https://*.nrscanada.com https://*.nrseurope.com https://www.youtube-nocookie.com https://www.facebook.com https://www.affirm.com https://www.paypalobjects.com https://*.paypal.com https://h.online-metrix.net https://www.google.com https://www.google.ca https://player.vimeo.com https://*.doubleclick.net https://*.locally.com https://www.youtube.com https://www.youtube-nocookie.com https://*.iubenda.com https://*.attn.tv https://*.stripe.com https://service.force.com; img-src 'self' https: data: blob:; manifest-src 'self'; media-src 'self' data: https://dh36nblqpps8a.cloudfront.net; report-uri https://www.nrs.com/browser-report-to/?type=csp; report-to csp-endpoint; worker-src 'self' blob: https://*.nrs.com; 1
frame-ancestors 'none'; default-src * 'unsafe-inline' 'unsafe-eval' blob: *.mojeek.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com/v3/; img-src 'self' data: *.mojeek.com; object-src 'none'; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self' localhost:51352 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.railwaygazette.com; 1
frame-ancestors 'self' meltwaternews.com 1
default-src 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://apikeys.civiccomputing.com https://fa-axelos-prod-ukw.azurewebsites.net https://fa-axelos-sandbox-ukw.azurewebsites.net https://fa-axelos-uat-ukw.azurewebsites.net https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; font-src 'self'; frame-src https://www.google.com https://www.youtube.com https://vimeo.com https://doubleclick.net https://www.google.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://t.co https://ade.googlesyndication.com https://www.google-analytics.com https://eu-images.contentstack.com https://analytics.twitter.com https://www.google.gr; script-src 'self' 'unsafe-inline' https://analytics.twitter.com https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://cc.cdn.civiccomputing.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 1
default-src:* ; script-src:*.66wz.com res.wx.qq.com  https://hm.baidu.com 'unsafe-eval' 'unsafe inline' ; img-src:*; 1
default-src * data:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://onionoo.torproject.org/; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; object-src 'self'; 1
frame-ancestors 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.disneyplus.com:* p11.techlab-cdn.com;worker-src 'self' blob:;manifest-src 'self' *.disneyplus.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none' p11.techlab-cdn.com;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://push4site.com https://legalbet.ru/ https://chat.24liveblog.com https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://*.gr-cdn.com https://legalbet.push4site.com https://vimeo.com https://yandex.ru https://cdn.carrotquest.app https://cdn.24liveblog.com https://cdn.webstoryz.com https://www.googleoptimize.com https://unpkg.com https://download.agora.io https://v.24liveblog.com https://static.cloudflareinsights.com https://*.ytimg.com http://awards.ratingruneta.ru https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://webmaster.foolsoft.ru https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.ampproject.org  https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; frame-src 'self' https://*.googletagmanager.com https://match.org.ru/ https://video.matchtv.ru https://apiwidget.webstoryz.com https://webmaster.foolsoft.ru https://www.youtube-nocookie.com/  https://player.vimeo.com https://*.soundcloud.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.ampproject.net  https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.gr-cdn.com https://*.getresponse360.pl https://video.matchtv.ru/; object-src 'self' https://*.legalcdn.com https://webmaster.foolsoft.ru https://legalbet.ru/ https://*.legalcdn.org http://awards.ratingruneta.ru https://api.mindbox.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://webmaster.foolsoft.ru https://mc.yandex.com https://legalbet.ru/ https://mc.webvisor.com https://mc.webvisor.org  https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://push4site.com https://legalbet.push4site.com https://*.getresponse.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/; 1
frame-ancestors 'self' data: https://*.celiac.com; upgrade-insecure-requests; default-src 'self' data: https://*.celiac.com; script-src 'unsafe-inline' 'unsafe-eval' data: https://*.celiac.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.ckeditor.com https://*.youtube.com https://*.youtube-nocookie.com https://*.doubleclick.net https://*.vimeo.com; style-src 'self' 'unsafe-inline' https://*.celiac.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.ckeditor.com https://*.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.doubleclick.net; object-src 'none'; frame-src data: https://*.celiac.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googleapis.com https://*.doubleclick.net https://*.vimeo.com; img-src 'self' data: https://*.celiac.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.ckeditor.com https://*.invisioncic.com https://*.cloudfront.net https://*.youtube.com https://*.youtube-nocookie.com https://*.doubleclick.net https://*.fbsbx.com; font-src 'self' data:  https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' data: https://*.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.celiac.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.doubleclick.net; base-uri https://*.celiac.com; form-action 'self' data: https://*.wheat-free.com https://*.facebook.com https://*.microsoftonline.com https://*.twitter.com https://*.linkedin.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.youtube.com https://*.youtube-nocookie.com https://*.doubleclick.net; worker-src data: https://*.celiac.com; 1
default-src 'self' data: 'unsafe-inline';img-src data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src youtube.com www.youtube.com 'self'; 1
default-src 'self' *.instagram.com *.twitter.com *.google.com *.google.fr *.youtube.com *.addtoany.com *.douane *.douane.gouv.fr botify-chat-douane-pro.apps.innershift.sodigital.io *.doubleclick.net; script-src 'self' www.googletagmanager.com cdn02.jotfor.ms cdn.jotfor.ms cdn03.jotfor.ms form.jotform.com/jsform/ static.addtoany.com/menu/ botify-chat-douane-pro.apps.innershift.sodigital.io widgets.flickr.com embedr.flickr.com 'sha256-m5/MdH9UDuGh4NYRNojfYeGK0kh+8g7XLqu+kJFLKe4=' 'sha256-SZ9HUHvc4HjF0RnizBcEjtSRucklPR+EyCJmv82yDvE=' 'sha256-aCvRIQ79zbEtvxwsqDbuavE4Sa35jGPLpcm4Y1yIUA0=' 'sha256-cCETlTnFe4oVc3iBrpHJ+mMfiW0J6VfUSQiZOA22/6o=' 'sha256-e41hangRwS/GROqGdnMLg/+eiC1CBtiRDsmDdBV0RUM=' 'sha256-8GOuxY1n6x7nutr1sn43R3wbBFvqziONnQzIvEXAsRU=' 'sha256-qOjyyc7YXOy1u5qyJF9ck+xogVlGHmBhwhYVB0com9A=' 'sha256-d/5JgEXtWfNaSDSMOALKykJIRHvej0L+DlSnB5/a8rs=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-U9Limcj++LS83qwNFqxme6uPFdXdnGH6Gi8alLG4JiE=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-100fHJspvS0ZijqxsqS4hurifOLdUxpd2tMfSBn1XH0=' 'sha256-cfaeVZJOpk1j8f4ly80LXr+HGT/E6mgoghuDZx0q924=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-V2tvY10YG/TXtJm63+W5nlRtSkJ5td8/uIQQZLlbu6c=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-Al+exsNIvnXn4iFhn29bIGRZneB4Up4tAP+8OSB6yxo=' 'sha256-bmAqrDKXlWYvee7wrmVHmfzKcFytigou+jhMOYvxw9w=' 'sha256-j6M2xA9I+y0hcxGQvpuoGQ1XPpUcWN/3ORbD6BLAVow=' 'sha256-H4wjGXRfQQu9M8qRRW2Vao6X5tuOvQEnT7/CWNzsnek=' www.google-analytics.com tag.aticdn.net 'sha256-mgcPTyg0OxxTSWtBRdjsuDqBUmW8LBC0DRAJy2xxwcs=' 'sha256-txaYk/SQjmOOjMy1CEUu9+I8jLVUbAi0qAZDIo3+FcI=' 'sha256-Dcl964X0ANqLoGKOdoPoHuJpivfAQA0N7qAF3+TP2IA=' 'sha256-A0JErdck7Pfwum9nGo3uKlyH5rmjOGbf4iuO7tFU52I=' 'sha256-KSn/LAgP5W/qEHFJTQjPLxz7CCbWcT7YDDpNxpIT2Y4=' 'sha256-JP9JQbMtDnTDUpNMgXTQ+xRmkasPlpa2iEL9XuC7UZQ=' 'sha256-4/NCsRJWvA0XBXV8vavPKqs2HJaeUNbvta7Viuh7eqA=' 'sha256-FtYsUvWc8P3ioiumrC3OOD+0DlSMO1iMMXP+2jDhISE=' 'sha256-JG8QLDK/RDFXAbY0Ia5qRK14dndTwmigb2GL/N0ZJlU=' 'sha256-rqJ+AGiVGOz36SQPebLfcij+80/Xsp1b4D+JTgjIWPE=' 'sha256-NQfc27RODJMCUmaqjMwdfn4W0gAOlXht1ZZm3Yldg8E=' 'sha256-TQcpAoA8eOTZSGOat18Gn/lT5yIuwMySfUDnJbxi+7M=' 'sha256-vaySO1LbWYbPZ02fSyw5tZRohKzednGDhYxpwRs/Qx8=' 'sha256-i26xgYx160lPv8Wzrhh5pENF63MDn2Li7R7yFbJge54=' 'sha256-G4MR8JaHMS6PLKTh21d4FZO6m41H22L9U1P+sVA/nSY=' 'sha256-G4MR8JaHMS6PLKTh21d4FZO6m41H22L9U1P+sVA/nSY=' 'sha256-gsuBoPtTgP2ddlnZP0jIn+z/0KnujsVh4qmyWVcdARc=' 'sha256-CsKrQpqLJ8JVnODB1fCcmzC/wfITHnf2MjJq2ksowUA=' 'sha256-GSg74Z2Tx/wrVQhd+v98rjtvUR+Bi5ruKYLT40L+GjQ=' 'sha256-e3OsTH0KIUdK3veWO2CJ9QDxFNgZ4fTPuRsN5mkj7yU=' 'sha256-sKGpsjGdAxaSTCLE0wH0e4jb8z3vEWJviA3TDTOoK0U=' 'sha256-7TKSX9mLOfam46WWxZrs305ZZEjSItRUYr/zBHLSLtU=' 'sha256-Gy1ZxEWqfNvixZqlM5jkOHAvmGUVYT6aT8rexxRiTbs=' 'sha256-pzby6R7MKT2lSDM/0rwVJx8yL0Lz1RsWoHNEWrjj8gg=' 'sha256-E3G00T0WP+mLEmkJrgSgjl5McP/dl+H5oY0H8iTlWfY=' 'sha256-ACs5+KOw75v3urFQEsB5e7tzTSIP51LOzupNLQWm2b8=' 'sha256-LgToB2yMrE8BspIZ6p3N9nUPIzDbTM97aY17oqrIR9U=' 'sha256-qk0Hmo9/cxEqai55ffLQkI3cgV1fQ0nSXi34hHogh28=' 'sha256-+dNeLqVYyofJ9nb8vqykH3ogFv4+xExC0UAwnAha1Lg=' 'sha256-+dNeLqVYyofJ9nb8vqykH3ogFv4+xExC0UAwnAha1Lg=' 'sha256-3pcGaASNGby1cNgqx1F90bEdP/eka7rwqLnDMrSc2W8=' 'sha256-nOBF4KWp+BO3m4hp+qDdssw096IE+711vrOBey/wHis=' 'sha256-akvcq1s6tco2WU/SfWysNDH4k3xZndlOAMEnWX/KKLc=' 'sha256-41nYrrLLjCe2UoSxpzLpWYi6iUSb7xTdDHU0btSSDEU=' 'sha256-41nYrrLLjCe2UoSxpzLpWYi6iUSb7xTdDHU0btSSDEU=' 'sha256-Fw5/q/HhKqXZqKjD76iItfGJdF5A689w/3m1U2DdJWk=' 'sha256-Z+ojFAw8yoYUvzCyOgSQZoFI7U6AC7Pp95KHXQFMXn4='; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jotfor.ms *.jotfor.com botify-chat-douane-pro.apps.innershift.sodigital.io; img-src 'self' *.fbcdn.net *.cdninstagram.com syndication.twitter.com *.twimg.com platform.twitter.com *.jotform.com *.jotfor.ms *.staticflickr.com data: *.google-analytics.com *.xiti.com botify-chat-douane-pro.apps.innershift.sodigital.io; media-src 'self' *.cdninstagram.com *.twimg.com; frame-ancestors *.douane.gouv.fr *.douane ec.europa.eu cdaweb:7007 10.119.3.5; font-src 'self'; connect-src  'self' api.flickr.com *.instagram.com *.flickr.com botify-chat-douane-pro.apps.innershift.sodigital.io wss://botify-chat-douane-pro.apps.innershift.sodigital.io www.google-analytics.com; report-uri /report-csp-violation 1
frame-ancestors https://*.gap.im https://*.medad.im https://*.vida.im https://*.nasimrezvan.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; child-src 'self'; frame-src 'self' www.eporner.com ok.ru vk.com *.vk.com www.youtube.com *.google.com; font-src 'self' data:; connect-src 'self' bitru.org wss://bitru.org; 1
frame-ancestors https://app.ctmdev.us https://app.calltrackingmetrics.com https://app.ctm.ninja https://calltrackingmetrics.channeltivity.com 1
default-src 'self' https://*.google.com/ https://*.dotomi.com/ https://card.winecountrygiftbaskets.com:82/ https://card.winecountrygiftbaskets.com/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://www.youtube.com/ https://qwww435.americanexpress.com/ https://wcgift.com/ https://aslvwebt1.arroweyesolutions.net/ https://cards.cardways.com/ https://checkout.americanexpress.com/ https://dis.eu.criteo.com/ https://dis.us.criteo.com/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://echeckout.americanexpress.com/ https://gum.criteo.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://www.facebook.com/ https://home-c33.nice-incontact.com/ https://bat.bing.com/ https://*.winecountrygiftbaskets.com https://*.pinterest.com/ https://tpc.googlesyndication.com https://*.criteo.com https://*.criteo.net; script-src 'self' https://*.pinterest.com/ https://*.googleapis.com/ https://www.googleadservices.com/ https://*.google.com/ https://www.googletagmanager.com/ https://code.murdoog.com/ https://secure-cdn.mplxtms.com/ https://www.google-analytics.com/ https://custom-wrs.api.responsys.net/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://icm.aexp-static.com/ https://qicm.americanexpress.com/ https://qwww435.americanexpress.com/ https://adadvisor.net/ https://apis.murdoog.com/ https://aa.agkn.com/ https://checkout.americanexpress.com/ https://t.mplxtms.com/ https://api.pinterest.com/ https://api.instagram.com/ https://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com/ https://widget.eu.criteo.com/ http://s7d1.scene7.com/ https://bat.bing.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com/ https://www.adobetag.com/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://100008590.collect.igodigital.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://echeckout.americanexpress.com/ https://s7d5.scene7.com/ https://connect.facebook.net/ https://*.googlesyndication.com/ https://home-c33.nice-incontact.com/ https://s.pinimg.com/ https://static-na.payments-amazon.com/OffAmazonPayments/us/sandbox/js/Widgets.js https://static-na.payments-amazon.com/v2/login.js https://*.winecountrygiftbaskets.com https://snap.licdn.com/ https://login-ds.dotomi.com/ https://core.conversant.mgr.consensu.org https://*.clarity.ms https://*.criteo.com https://*.criteo.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com/ https://www.googleadservices.com/ https://*.google.com/ https://www.googletagmanager.com/ https://code.murdoog.com/ https://secure-cdn.mplxtms.com/ https://www.google-analytics.com/ https://custom-wrs.api.responsys.net/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://icm.aexp-static.com/ https://qicm.americanexpress.com/ https://qwww435.americanexpress.com/ https://adadvisor.net/ https://apis.murdoog.com/ https://aa.agkn.com/ https://checkout.americanexpress.com/ https://s7d1.scene7.com/ https://www.youtube.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://echeckout.americanexpress.com/ https://s7d5.scene7.com/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://*.googleapis.com/ https://fonts.gstatic.com/ https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-1.ttf; connect-src 'self' https://*.googleapis.com/ https://*.google.com/ https://www.google-analytics.com/ https://t.mplxtms.com/tags https://wrs.adrsp.net/ https://www.youtube.com/ https://widget.eu.criteo.com/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://www.facebook.com/ https://*.yimg.com/ https://ct.pinterest.com/ https://payments-sandbox.amazon.com/ https://bat.bing.com/ https://*.winecountrygiftbaskets.com https://stats.g.doubleclick.net https://*.clarity.ms https://*.criteo.com https://*.criteo.net; img-src * data:;media-src 'self'; 1
default-src https:; connect-src https: wss:; font-src https:; frame-src https:; img-src data: https:; object-src https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://discuss.eroscripts.com/logs/ https://discuss.eroscripts.com/sidekiq/ https://discuss.eroscripts.com/mini-profiler-resources/ https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discuss.eroscripts.com/extra-locales/ https://discourse-cdn.eroscripts.com/highlight-js/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/ https://discourse-cdn.eroscripts.com/theme-javascripts/ https://discourse-cdn.eroscripts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://unpkg.com; worker-src 'self' https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.assembly.go.kr; 1
default-src 'self' 'unsafe-inline' https://api.timekit.io https://*.hotjar.com https://www.facebook.com wss://*.hotjar.com https://*.ncs.lt https://*.giro.lt;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.trustpilot.com https://static.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.siftscience.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/fbds.js https://www.facebook.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://apis.google.com https://www.google-analytics.com/analytics.js https://*.googletagmanager.com https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.ads-twitter.com https://*.adform.net https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/plugins/ua/linkid.js https://a1.adform.net/serving/scripts/trackpoint/ https://a1.adform.net/serving/scripts/trackpoint/async/ https://analytics.twitter.com https://cdn.polyfill.io https://ajax.cloudflare.com/cdn-cgi/scripts/ https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt https://*.pervesk.lt/funded-payment https://www.google-analytics.com;  script-src-elem 'self' 'unsafe-inline' https://widget.trustpilot.com https://static.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.siftscience.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/fbds.js https://www.facebook.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://apis.google.com https://www.google-analytics.com/analytics.js https://*.googletagmanager.com https://*.google-analytics.com https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.ads-twitter.com https://*.adform.net https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/plugins/ua/linkid.js https://a1.adform.net/serving/scripts/trackpoint/ https://a1.adform.net/serving/scripts/trackpoint/async/ https://analytics.twitter.com https://cdn.polyfill.io https://ajax.cloudflare.com/cdn-cgi/scripts/ https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt https://*.pervesk.lt/funded-payment https://www.google-analytics.com;  connect-src 'self' wss://*.hotjar.com https://*.livechatinc.com https://*.spectrocoin.com https://*.hotjar.io https://*.hotjar.com https://www.facebook.com https://widget.trustpilot.com https://fonts.googleapis.com https://connect.facebook.net https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.sentry.io https://*.ncs.lt https://*.giro.lt;  style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.livechatinc.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src * blob: data: https://*.livechatinc.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;  frame-src 'self' https: blob: https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt; font-src 'self' data: https://*.livechatinc.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com; object-src 'self' 'unsafe-eval' blob: https://*.autokyc.com https://*.livechatinc.com; child-src 'self' https://*.livechatinc.com https://*.adform.net; media-src 'self' https://*.livechatinc.com; worker-src 'self'; 1
frame-ancestors 'self' http://bloom.test http://bloomudev.prod.acquia-sites.com https://bloomudev.prod.acquia-sites.com http://bloomustg.prod.acquia-sites.com https://bloomustg.prod.acquia-sites.com https://www.bloomu.edu http://bloomu.prod.acquia-sites.com https://bloomu.prod.acquia-sites.com https://bloom.ddev.site https://commonwealth.ddev.site https://www.commonwealthu.edu https://dev.admissions.bloomu.edu/ https://stage.admissions.bloomu.edu https://admissions.bloomu.edu; report-uri https://www.commonwealthu.edu/report-uri/enforce 1
default-src https: https://*.fh-swf.de;frame-ancestors https://*.etracker.com;  script-src 'self' https://*.fh-swf.de https://static.b-ite.com https://www.evergabe.nrw.de https://unpkg.com https://openlayers.org https://static.etracker.com/code/e.js https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/ https://cdnjs.cloudflare.com/ajax/libs/underscore.js/ https://*.etracker.com https://*.etracker.de https://cs-assets.b-ite.com/fachhochschule-suedwestfalen/jobs-api/ 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob: http://*.tile.openstreetmap.org; worker-src blob: 1
frame-ancestors https://oxfordbusinessgroup.com https://new.oxfordbusinessgroup.com; 1
img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.com.ge favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.ge mc.yandex.ru;script-src 'nonce-eHDNIHuAGgUh7kdIe2XL1g==' mc.yandex.com yastatic.net yandex.com.ge mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.com.ge;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.com.ge mc.yandex.ru mc.yandex.md mc.yandex.com.ge *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.com.ge&showid=1705979905566015-13437497227329747663-balancer-l7leveler-kubr-yp-sas-112-BAL-4927&h=stable-portal-mordago-15.vla.yp-c.yandex.net&yandexuid=8297476631705979905&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.com.ge yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.com.ge;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.google.com *.zopim.com *.hotjar.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.list-manage.com tapita.io *.tapita.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.hotjar.com *.trustpilot.com *.youtube.com *.freshchat.com *.clutch.co *.jotform.com fm.addxt.com logwork.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com tapita.io *.tapita.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.com.vn *.bsscommerce.com bsscommerce.com *.zopim.io *.zopim.com *.bing.com *.googletagmanager.com *.hotjar.com *.youtube.com *.amazonaws.com *.cloudfront.net https://tapita.io/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net tapita.io *.tapita.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.google.com *.trackedlink.net *.cloudflare.com *.zopim.com *.hotjar.com *.zdassets.com *.chimpstatic.com *.trustpilot.com *.googletagmanager.com *.crazyegg.com *.bing.com *.gstatic.com *.freshchat.com *.amazonaws.com *.list-manage.com *.logwork.com *.licdn.com fm.addxt.com https://tapita.io/ backend.bsscommerce.com *.clutch.co http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com tapita.io *.tapita.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com maxcdn.bootstrapcdn.com *.trackedlink.net *.doubleclick.net *.freshchat.com *.mailchimp.com *.amazonaws.com tapita.io *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.io *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.zdassets.com wss://*.hotjar.com https://tapita.io/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ tapita.io *.tapita.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors "self" https://*.accelya.com:*; 1
frame-ancestors 'self' https://*.boh.com; default-src https:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
default-src 'self'; img-src data: *; font-src 'self' fonts.gstatic.com; base-uri 'self'; form-action 'self'; child-src https:; media-src https:; object-src 'none'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; script-src 'self' *.googletagmanager.com *.google.com *.gstatic.com *.adobedtm.com; connect-src 'self' *.2o7.net *.contentful.com *.commercelayer.io *.azurewebsites.net *.segurosbupa.cl *.bupa.cl 'sha256-r3JSFVAsvVivmU5TxA/X7fdGN+/PgtPpsPB5NvrWCMQ=' 'sha256-yEKpHNDNJzUrvnYQtflCaaFC9z1nzPmqmvoD+6JD/a8=' 'sha256-PUzeb/3DWYi/mbzbwlnzcWF0NC2i8KLGeNyOq/iEwRY='; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval' *.upsearch.cz *.googletagmanager.com *.googleapis.com *.google.com *.cloudfront.net *.foxentry.cz cookies.praguebest.cz tracking.affiliateclub.cz ct.pinterest.com *.youtube.com *.hotjar.com *.facebook.com *.criteo.com *.criteo.net *.foxentry.cz *.imedia.cz *.seznam.cz *.zbozi.cz *.go2cloud.org *.heureka.cz *.creativecdn.com creativecdn.com *.doubleclick.net; connect-src https: wss:; object-src 'self'; 1
default-src 'self';connect-src 'self' *.oebb.at:* oebb.at;object-src 'self' 'self' blob:;img-src 'self' data: blob: *.oebb.at:* oebb.at *.oebbtickets.at:* oebbtickets.at;style-src 'unsafe-inline' 'self';script-src 'unsafe-eval' 'self' *.oebb.at:* oebb.at 'nonce-WMCzpJrHzcngt3oxY9zivg==';frame-src 'self' oebbticket://*;frame-ancestors 'none';report-uri /report-violation 1
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru 1
default-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com https://static.hotjar.com https://script.hotjar.com/ https://www.gstatic.com https://vimeo.com https://player.vimeo.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://static.ads-twitter.com https://connect.facebook.net https://www.redditstatic.com https://tezos.us6.list-manage.com https://maps.googleapis.com; frame-ancestors 'none'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://in.hotjar.com/ wss://*.hotjar.com/ https://ws8.hotjar.com/ https://tezos.com https://api.tzkt.io https://us-central1-pantone-blokhaus.cloudfunctions.net https://formspree.io https://*.g.doubleclick.net https://vimeo.com https://api.tzpro.io/ https://api.better-call.dev https://tzkt.tezos-dev.tqhosted.com https://maps.googleapis.com https://graphql.datocms.com/ https://*.algolia.net https://*.algolianet.com; font-src  'self' data: https://fonts.gstatic.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://canarytokens.com https://tezos.com https://i.vimeocdn.com https://*.google.com https://*.google.co.uk https://maps.gstatic.com https://maps.googleapis.com https://streetviewpixels-pa.googleapis.com https://*.g.doubleclick.net https://t.co https://analytics.twitter.com https://www.facebook.com https://*.reddit.com data: https://www.google-analytics.com https://www.datocms-assets.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://formspree.io; frame-src https://vars.hotjar.com/ https://wallet.kukai.app https://calendly.com https://player.vimeo.com https://vimeo.com https://www.google.com https://www.youtube.com https://www.facebook.com https://tezosbot.vercel.app; media-src 'self'; 1
default-src'none';script-src'self';connect-src'self';img-src'self';style-src'self';frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://api.mazemap.com https://www.google-analytics.com https://tags.tiqcdn.com https://visitor-service-ap-southeast-2.tealiumiq.com blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://elixirforum.com/logs/ https://elixirforum.com/sidekiq/ https://elixirforum.com/mini-profiler-resources/ https://elixirforum.com/assets/ https://elixirforum.com/extra-locales/ https://elixirforum.com/highlight-js/ https://elixirforum.com/javascripts/ https://elixirforum.com/plugins/ https://elixirforum.com/theme-javascripts/ https://elixirforum.com/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://elixirforum.com/assets/ https://elixirforum.com/javascripts/ https://elixirforum.com/plugins/; frame-ancestors 'self' https://elixir-lang.org; manifest-src 'self' 1
default-src 'self'; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mitrakeluarga.com https://use.fontawesome.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://webchat.qontak.com https://*.mitrakeluarga.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdnjs.cloudflare.com https://analytics.tiktok.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.mitrakeluarga.com https://use.fontawesome.com; frame-src 'self' https://www.youtube.com https://www.instagram.com https://www.google.com https://webchat.qontak.com; connect-src 'self' https://*.mitrakeluarga.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com; media-src 'self' https://*.cloudfront.net 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors https://lrdev.e-spirit.hosting https://lrqa.e-spirit.hosting https://lr.e-spirit.hosting; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; script-src 'self' 'strict-dynamic'; script-src-elem 'self' 'nonce-ZGRjZDljNTItYzY5YS00MzNjLTgwMzYtYzhiODQ0ZmZlYzE3' 'strict-dynamic' 1
Upgrade-Insecure-Requests; default-src 'self' https: *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net performance.typekit.net *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com;  worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.coherent.com *.google.com  *.osano.com t.co lltrck.com;  media-src 'self' blob: https: *.coherent.com; img-src 'self' data: https: *.coherent.com *.scene7.com *.ggpht.com *.ytimg.com *.google.com *.example.com  *.linkedin.com *.facebook.com *.youtube.com *.google.com *.google-analytics.com *.imgix.net *.doubleclick.net *.pardot.com *.adsymptotic.com t.co; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com;  font-src 'self' data: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.typekit.com *.hotjar.com *.hotjar.io  *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com *.pardot.com; object-src 'none';  script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.osano.com *.zoominfo.com *.facebook.net *.hotjar.com *.hotjar.io *.facebook.com *.linkedin.com *.searchcdn.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.coherent.com *.pardot.com *.google-analytics.com *.msecnd.net *.drift.com *.youtube.com *.licdn.com *.twitter.com *.ads-twitter.com *.googleadservices.com *.doubleclick.net *.peopleclick.com *.peopleclick.eu.com  *.adsymptotic.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com;  style-src 'self' 'report-sample' 'unsafe-inline' blob: https: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.drift.com *.coherent.com *.pardot.com *.driftt.com *.osano.com *.googletagmanager.com; form-action 'self' https: *.coherent.com *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.google-analytics.com *.google.com *.facebook.net; frame-ancestors 'self' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com t.co *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com lltrck.com; base-uri 'self' 1
frame-ancestors 'self'; report-to csp-endpoint; report-uri https://swansea.gov.uk/csp-reports; 1
frame-ancestors 'self' http://www.philips.es *.philips.com *.philips.es https://philipsigtdpv.com 1
default-src 'self'; img-src 'self' https://www.gstatic.com/images/branding/product/2x/translate_24dp.png https://www.toegankelijkheidsverklaring.nl/files/verklaring/label/910ebd06ef8db91f4e65823a3e1439f4.1718.svg data: https://opendata.nederlandwereldwijd.nl statistiek.rijksoverheid.nl; object-src 'none'; frame-ancestors 'none'; form-action 'self' https://api.contenttoolsrijksoverheid.nl; style-src 'self' 'nonce-rVhTDJpF6eaLVTDzMRXeWyNoEn6kHcMd68YFkdkmKPU=' statistiek.rijksoverheid.nl https://translate.googleapis.com/translate_static/css/translateelement.css; font-src 'self' statistiek.rijksoverheid.nl; connect-src 'self' https://api.contenttoolsrijksoverheid.nl statistiek.rijksoverheid.nl *.platformrijksoverheid.nl metrics.mopinion.com; script-src 'strict-dynamic' 'self' 'nonce-rVhTDJpF6eaLVTDzMRXeWyNoEn6kHcMd68YFkdkmKPU=' statistiek.rijksoverheid.nl; base-uri 'self'; report-uri https://dpcoa.report-uri.com/r/t/csp/enforce; report-to default; 1
frame-ancestors *.force.com *.salesforce.com *.saleshood.com *.xactlycorp.com *.paloaltonetworks.com *.visualforce.com *.seismic.com *.skillshood.com *.salesloft.com *.dynamics.com *.instructure.com *.highspot.com *.meltwater.com *.whitedog.app *.whitedogcyber.com 1
frame-ancestors self www.beecrowd.com.br test.beecrowd.com.br 1
default-src 'self' data: blob:;script-src blob: data: 'self' *.facebook.com *.facebook.net *.fbcdn.net 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline' *.facebook.com *.fbcdn.net;connect-src *.facebook.com *.oversightboard.com oversightboard.com wss://*.facebook.com:* oversightboardappeals.com *.oversightboardappeals.com;font-src *.facebook.com *.fbcdn.net data:;img-src data: *.facebook.com *.fbcdn.net *.cdninstagram.com;frame-src *.facebook.com;block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net s.yimg.com tpc.googlesyndication.com static.ads-twitter.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net tags.tiqcdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com lpcdn.lpsnmedia.net www.google.com.my gateway.zscaler.net cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.my manifest.prod.boltdns.net *.siteintercept.qualtrics.com *.qualtrics.com *.brightcovecdn.com adservice.google.com www.facebook.com http://127.0.0.1:5000 http://127.0.0.1:5000/* www.google.com ad.doubleclick.net maps.googleapis.com www.googletagmanager.com analytics.google.com *.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com www.google.com.my *.demdex.net *.tt.omtrdc.net akamai.tiqcdn.com logx.optimizely.com www.hsbc.com.my rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk google.com *.dbankcloud.com *.sc.omtrdc.net www.google.lk cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.googletagmanager.com www.facebook.com tpc.googlesyndication.com *.auth.hsbc.com connect.facebook.net *.demdex.net gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net google.com 8717352.fls.doubleclick.net; frame-ancestors 'self' www.hsbc.com.my; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net www.googletagmanager.com; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
frame-ancestors 'self' *.azurewebsites.net *.bromcomcloud.com *.bromcomvle.com 1
default-src * data:; script-src * 'unsafe-inline' blob:; style-src * 'unsafe-inline'; font-src 'self' 'unsafe-inline' data: *; 1
frame-ancestors 'self' *.mylanguageexchange.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://heartlandhcm.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com https://s.gethired.com https://www.googletagmanager.com https://*.acsbapp.com https://acsbapp.com https://unpkg.com https://momentjs.com https://www.google-analytics.com https://polyfill.io https://gitcdn.github.io https://*.googleapis.com https://s3.amazonaws.com https://cdn.jsdelivr.net https://apply.indeed.com https://www.googleadservices.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.opentok.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://*.axdapi.com https://*.google-analytics.com https://*.opendns.com https://www.dropbox.com https://*.pendo.io https://optanon.blob.core.windows.net https://click.appcast.io https://*.checkr.com https://cdn.hleb.prd.hlprd.com https://*.s3.indeed.com 1
frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 1
script-src 'self' 'nonce-VF6qvQxznV' 'strict-dynamic' https: 'unsafe-inline'; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
frame-ancestors 'self' *.telekom.si 1
frame-ancestors 'self' https://www.nowanimes.com/ https://nowanimes.com/ https://www.xpanimes.com/ https://xpanimes.com/ http://trueliketop.org/ https://megatecnobr.com/ https://www.legiaotec.club/ https://tectecno.com/ https://tecnodisco.com/ https://uptecnologia.org/ https://techdiniz.com/; 1
default-src 'self' *.worldpay.com *.prsformusic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.osano.com *.123formbuilder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-gyQrB7R7tkGsz8D0srUcIw' *.prsformusic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.osano.com *.123formbuilder.com blob:; img-src * data:; frame-src *.worldpay.com *.prsformusic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.osano.com *.123formbuilder.com; worker-src 'self' 'unsafe-inline' *.osano.com * blob:; media-src 'self' 'unsafe-inline' * blob:; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *.osano.com * data: 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.recruitmentplatform.com *.google-analytics.com https://code.jquery.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com https://www.googletagmanager.com https://cdn.cookielaw.org *.vimeo.com *.vimeocdn.com *.youtube.com https://geolocation.onetrust.com https://snap.licdn.com *.mindbreeze.com/ https://stats.g.doubleclick.net https://vimeo.com/ https://datawrapper.dwcdn.net https://public.flourish.studio *.sajari.com 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.bootstrapcdn.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.vimeocdn.com *.typekit.net *.mindbreeze.com/ https://public.flourish.studio *.sajari.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.vimeocdn.com *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com *.vimeo.com *.youtube.com *.google.com https://px.ads.linkedin.com *.mindbreeze.com/ *.adsymptotic.com/ https://public.flourish.studio *.sajari.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: maxcdn.bootstrapcdn.com *.typekit.net; frame-src *.vimeo.com *.youtube.com/ https://datawrapper.dwcdn.net https://public.flourish.studio https://flo.uri.sh *.sajari.com 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.recruitmentplatform.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com https://www.googletagmanager.com https://cdn.cookielaw.org *.vimeo.com https://vimeo.com *.youtube.com https://geolocation.onetrust.com https://snap.licdn.com https://apps.mindbreeze.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://datawrapper.dwcdn.net http://jsonapi.sajari.net/ *.sajari.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.frontify.com cloudinary.com *.cloudinary.com *.rgare.com 'self' web-chat.nativechat.com; frame-ancestors 'self' *.youtube.com/ https://datawrapper.dwcdn.net https://public.flourish.studio *.rgare.com 1
frame-ancestors 'self' https://sdesk.adeo.pro/ https://adeo.pro/ https://adeopro.ru https://sdesk.adeopro.ru/ 1
script-src https://api-is.fusionmedstaff.com/ 'self' 'unsafe-eval' 'unsafe-inline' http://conv.indeed.com http://fmedsnowplow-js.s3.amazonaws.com http://js.hs-analytics.net http://static.ads-twitter.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.taboola.com https://ads.linkedin.com https://ajax.cloudflare.com https://analytics.tiktok.com https://analytics.twitter.com https://analytics.yahoo.com https://bat.bing.com https://connect.facebook.net https://conv.indeed.com https://fmedsnowplow-js.s3.amazonaws.com https://googleads.g.doubleclick.net https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://l.antigena.com https://s.pinimg.com https://s.yimg.com https://sc-static.net https://snap.licdn.com https://static.cloudflareinsights.com https://tagmanager.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.hsforms.net https://*.stackadapt.com https://*.pandoiq.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' data: blob: https://api-is.fusionmedstaff.com/ https://wordpress-prod.fusionmedstaff.com/ http://conv.indeed.com http://t.co http://www.glassdoor.com https://*.google-analytics.com https://*.google.com https://*.taboola.com https://bat.bing.com https://connect.facebook.net https://conv.indeed.com https://ct.pinterest.com https://dc.ads.linkedin.com https://googleads.g.doubleclick.net https://info.fusionmedstaff.com/ https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://sp.analytics.yahoo.com https://ssl.gstatic.com https://track.hubspot.com https://track.ziprecruiter.com https://www.facebook.com https://www.glassdoor.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://*.stackadapt.com https://*.pandoiq.com https://*.hsforms.com/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://accounts.fusionmarketplace.com/ http://conv.indeed.com http://player.vimeo.com https://*.google.com https://*.snapchat.com https://bid.g.doubleclick.net https://conv.indeed.com https://fusionmedstaff.staffingreferrals.com https://player.vimeo.com https://www.facebook.com https://www.googletagmanager.com https://www.pinterest.com https://share.hsforms.com https://forms.hsforms.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com https://forms.hsforms.com 1
media-src 'self';             manifest-src 'self';             frame-ancestors 'self';             form-action 'self' *.twitter.com;             object-src 'self';             script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.diehl.com *.onetrust.com cdn.cookielaw.org pi.pardot.com go.metering.diehl.com go.controls.diehl.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.leadlab.click *.doubleclick.net *.typekit.net *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twitter.com cdn.syndication.twimg.com;             style-src 'self' 'unsafe-inline' analytics.diehl.com *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com *.typekit.net *.twitter.com;             img-src 'self' data: cdn.cookielaw.org https://www.google-analytics.com *.twimg.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com img.youtube.com *.ytimg.com *.wistia.com *.twitter.com;             font-src 'self' *.typekit.net https://fonts.gstatic.com data:;             connect-src 'self' go.metering.diehl.com go.controls.diehl.com analytics.diehl.com geolocation.onetrust.com *.onetrust.com cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net *.leadlab.click *.youtube.com *.youtube-nocookie.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;             frame-src 'self' cdn.iframe.ly https://v.qq.com https://www.googletagmanager.com/ns.html *.google.com brandsonspeed.pageflow.io *.youtube.com *.youtube-nocookie.com fast.wistia.net *.twitter.com twitter.com;             default-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com b.scorecardresearch.com po.st *.po.st www.googletagmanager.com www.google-analytics.com *.google.com google.com *.googleapis.com googleapis.com assets.adobedtm.com *.youtube.com s.ytimg.com *.tt.omtrdc.net code.highcharts.com www.thinglink.com cdn.thinglink.me https://cdn.livefyre.com *.demdex.net *.clicktale.net *.liveperson.com *.liveperson.net *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn *.lprnd.net liveperson.com liveperson.net lpsnmedia.net iveengage.net liveengage.com liveper.sn lprnd.net cdn.cookielaw.org *.coutts.com connect.facebook.net snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net player.vimeo.com t.contentsquare.net app.contentsquare.com https://rbs.tt.omtrdc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://assets.adobedtm.com https://liveperson.net https://*.liveperson.net; object-src 'self' https://440.coutts.com; worker-src blob:; upgrade-insecure-requests; frame-ancestors 'self' https://440.coutts.com; 1
default-src 'self' *.usercentrics.eu; connect-src 'self' yoast.com *.google-analytics.com *.googlesyndication.com *.hubspot.com *.hsforms.com  *.hscollectedforms.net *.oribi.io *.usercentrics.eu *.nelioabtesting.com *.google.com *.google.de *.facebook.com *.lfeeder.com *.usercentrics.eu *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hubspot.com *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.usercentrics.eu *.doubleclick.net *.lfeeder.com *.facebook.net *.licdn.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.novomind.com *.hubspot.com *.hsappstatic.net; img-src 'self' data: *.novomind.com *.gravatar.com *.hubspot.com *.hsappstatic.net *.hsforms.com *.facebook.com *.google.de *.google.com *.google-analytics.com *.googletagmanager.com *.lfeeder.com *.linkedin.com *.usercentrics.eu; font-src 'self' data:; frame-src 'self' *.novomind.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hsappstatic.net *.youtube.com *.youtube-nocookie.com *.vimeo.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data: 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https: blob:; object-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; worker-src 'self' blob: data:; 1
frame-ancestors 'self' closeup.staedelmuseum.de stcu-frontend.netlify.app 1
default-src 'self'; img-src 'self' https://www.google-analytics.com https://www.pioneer-car.eu; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src https://fonts.gstatic.com; manifest-src 'self' https://www.pioneer-car.eu; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; 1
script-src  'self' https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; object-src 'none' 1
default-src     'self';     style-src         'self'         'unsafe-inline'         fonts.googleapis.com         https://tagmanager.google.com         https://fonts.googleapis.com         https://*.gstatic.com         https://*.googleapis.com         https://*.google.com;     script-src         'self'         'unsafe-inline'         'unsafe-eval'         https://*.e-goi.com         https://cdn-cookieyes.com         https://*.cookieyes.com         https://*.google.com         https://*.googlesyndication.com         https://*.gstatic.com         https://*.google-analytics.com         https://*.googletagmanager.com         https://*.google.com         https://*.gstatic.com         https://*.googleapis.com         https://*.doubleclick.net         https://*.googleadservices.com         https://*.google.es         https://*.google.com         https://*.facebook.net         https://*.facebook.com         https://snap.licdn.com         data:;     font-src         'self'         fonts.gstatic.com         https://fonts.gstatic.com         data:;     img-src         'self'         https://*.adform.net         https://*.e-goi.com         https://cdn-cookieyes.com         https://*.cookieyes.com         https://*.google.es         https://*.google.com         https://*.googlesyndication.com         https://*.gstatic.com         https://*.google-analytics.com         https://*.googletagmanager.com         https://*.google.com         https://*.gstatic.com         https://*.googleapis.com         https://*.youtube.com         https://*.ytimg.com         https://*.facebook.com         https://*.linkedin.com         data:;     connect-src         'self'         https://*.e-goi.com         https://cdn-cookieyes.com         https://*.cookieyes.com         https://*.google.com         https://*.googlesyndication.com         https://*.gstatic.com         https://*.google-analytics.com         https://*.googletagmanager.com         https://*.google.com         https://*.gstatic.com         https://*.googleapis.com         https://*.linkedin.com         https://*.doubleclick.net;     frame-src         'self'         https://indd.adobe.com         https://www.ivoox.com         https://*.e-goi.com         https://www.youtube.com         https://*.twitter.com         https://*.facebook.com         https://*.linkedin.com         https://*.instagram.com         https://*.google.es         https://*.google.com         https://*.vimeo.com         https://*.rtve.es         https://*.doubleclick.net         https://*.googleadservices.com         https://*.safeframe.googlesyndication.com         https://tpc.googlesyndication.com;     object-src         'none';     base-uri        'self';     form-action         'self'         https://www.facebook.com/tr/;      1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.designcouncil.org.uk/?eID=error 1
frame-ancestors 'self' https://inforia.jp.sharp 1
base-uri 'self'; connect-src 'self'; default-src 'self'; font-src 'self' https://use.typekit.net; frame-src 'self'; img-src 'self' https://p.typekit.net; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6157275e14681bacfabccdd0.endpoint.csper.io/; script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://use.typekit.net/gil3vgx.js; style-src 'report-sample' 'self'; worker-src 'none'; 1
default-src 'self' blob: *.safeframe.googlesyndication.com tpc.googlesyndication.com;style-src 'self' 'unsafe-inline' cdn.seeklearning.com.au fonts.googleapis.com tagmanager.google.com heapanalytics.com imasdk.googleapis.com;script-src 'self' cdn.seeklearning.com.au *.hotjar.io *.hotjar.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.crwdcntrl.net connect.facebook.net s.pinimg.com static.ads-twitter.com sc-static.net analytics.twitter.com *.outbrain.com *.taboola.com cdnjs.cloudflare.com tags.tiqcdn.com www.datadoghq-browser-agent.com cdn.krxd.net beacon.krxd.net consumer.krxd.net unpkg.com platform.twitter.com www.googleadservices.com *.googletagservices.com *.doubleclick.net *.google.com *.google.com.au cdn.ampproject.org tpc.googlesyndication.com bs.serving-sys.com www.youtube.com *.serving-sys.com/ s.ytimg.com z.moatads.com static-tagr.gd1.mookie1.com s0.2mdn.net my.tealiumiq.com widget.surveymonkey.com cdn.heapanalytics.com heapanalytics.com cdn.amplitude.com *.google-analytics.com *.analytics.google.com tr.snapchat.com tr-shadow.snapchat.com rtb.loopa.net.au ads-cdn.loopaautomate.com *.googlesyndication.com cdn.segment.com;connect-src 'self' dpm.demdex.net *.seek.com.au *.cloud.seek.com.au *.seek.com *.seeklearning.com.au *.cloud.seek.com.au *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com api.go1.co www.facebook.com connect.facebook.net ct.pinterest.com *.taboola.com www.googletagmanager.com rum-http-intake.logs.datadoghq.com *.g.doubleclick.net *.googlesyndication.com *.serving-sys.com/ csi.gstatic.com maps.googleapis.com s0.2mdn.net heapanalytics.com *.googlevideo.com *.crwdcntrl.net api.amplitude.com *.google-analytics.com *.analytics.google.com *.snapchat.com *.outbrain.com *.tealiumiq.com api.segment.io cdn.segment.com;img-src * data: *.google-analytics.com *.analytics.google.com;media-src 'self' cdn.seeklearning.com.au *.googlevideo.com;frame-src 'self' blob: login.seek.com cdn.seeklearning.com.au fast.seek.demdex.net seek.demdex.net *.hotjar.io *.hotjar.com www.youtube.com *.google.com *.crwdcntrl.net player.whooshkaa.com players.brightcove.net connect.facebook.net www.facebook.com *.snapchat.com cdn.krxd.net *.doubleclick.net *.googletagservices.com *.googlesyndication.com secure-ds.serving-sys.com s0.2mdn.net ct.pinterest.com;child-src 'self' vars.hotjar.io vars.hotjar.com cdn.seeklearning.com.au www.facebook.com staticxx.facebook.com;font-src 'self' data: *.hotjar.io *.hotjar.com fonts.googleapis.com fonts.gstatic.com tagmanager.google.com heapanalytics.com 1
frame-ancestors https://*.stealthcamcommand.com/ https://stealthcamcommand.com/ https://*.authorize.net/ https://authorize.net/ 1
base-uri 'self'; connect-src https://developer-assets.spotifycdn.com https://embed-cdn.spotifycdn.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://cdn.cookielaw.org https://*.onetrust.com https://*.spotify.com https://*.spotify.net https://*.sentry.io wss://*.spotify.com wss://*.spotify.net; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; script-src https://developer-assets.spotifycdn.com https://*.spotify.com https://*.spotify.net https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://translate.google.com https://cdn.cookielaw.org 'unsafe-eval' 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' https://open.spotify.com 'sha256-usT+6qPuOS6IkYtKfVmDANmKvyw2VIa1A0slyo1mSmw='; report-uri https://o22381.ingest.sentry.io/api/4504887026384896/security/?sentry_key=f4a7c7c55acb47ab8ff900050fce0bd4 1
default-src 'self';img-src *.ctfassets.net *.google.com data: http://www.google-analytics.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://*.usercentrics.eu https://*.doubleclick.net https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://visitanalytics.dnt-userreport.com https://visitanalytics.userreport.com https://www.facebook.com https://www.google-analytics.com https://www.google.fi https://www.googletagmanager.com https://i.ytimg.com https://chart.googleapis.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self';media-src data: blob: http://*.dna.ip-only.net https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self';object-src data: https://*.usercentrics.eu https://cdn.storifyme.com/ https://cdn.storifyme.xyz/;connect-src *.ctfassets.net http://*.dna.ip-only.net http://*.s-cloud.fi/ https://*.google-analytics.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://*.usercentrics.eu https://ad.doubleclick.net https://api.addsearch.com https://*.visualwebsiteoptimizer.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://storifyme.xyz/ 'self';style-src https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self' 'unsafe-inline';script-src blob: data: http://*.s-cloud.fi/ http://*.visualwebsiteoptimizer.com http://securepubads.g.doubleclick.net https://*.googleapis.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://adservice.google.com https://adservice.google.fi https://app.usercentrics.eu https://connect.facebook.net https://files.cdn.leadfamly.com https://sak.dnt-userreport.com https://sak.userreport.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline';font-src data: https://*.s-cloud.fi https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://fonts.gstatic.com/s/poppins/ 'self';frame-ancestors https://app.contentful.com;frame-src https://*.google.com/ https://*.googlesyndication.com/ https://*.spotify.com/ https://app.usercentrics.eu/ https://forms.office.com/ https://static.s-cloud.fi/ https://tag.userreport.com/ https://www.facebook.com/ https://www.youtube.com/ https://view.taiqa.com/ https://*.visualwebsiteoptimizer.com https://securepubads.g.doubleclick.net/ https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://stories.storifyme.com https://storifyme.com/stories/ https://yhteishyva.fi/ https://smart-marketing.campaign.playable.com https://smart-marketing.leadfamly.com/ 'self';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
default-src 'self' *.ridgid.com *.ridgid.cn https://*.ridgidapps.com https://*.maxmind.com https://*.cybersource.com wss://mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.bazaarvoice.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com bat.bing.com www.facebook.com https://mc.yandex.ru s.union.360.cn hm.baidu.com www.google.com stats.g.doubleclick.net data: https://bcvipph02.rightnowtech.com/Chat/chat/ridgidhqchat edge.curalate.com https://openapi.youku.com *.pricespider.com *.googleapis.com https://cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chasepaymentechhostedpay.com *.ridgid.com *.ridgid.cn *.youku.com static.bshare.cn/b/bshareC0.js static.bshare.cn/b/buttonLite.js static.bshare.cn/b/components/bsStatic.js https://seal.websecurity.norton.com maps.google.com *.googleapis.com www.googletagmanager.com *.pricespider.com https://mpsnare.iesnare.com cdnjs.cloudflare.com www.googleadservices.com https://*.bootstrapcdn.com https://*.bazaarvoice.com connect.facebook.net *.google-analytics.com https://googleads.g.doubleclick.net https://ridgidhqchat.custhelp.com https://www.rnengage.com www.youtube.com https://s.ytimg.com bat.bing.com js.adsrvr.org *.hotjar.com https://*.ridgidapps.com https://*.coremetrics.com www.google.com 360fenxi.mediav.com static.bshare.cn s.union.360.cn hm.baidu.com bshare.optimix.cn e.so.com https://www.gstatic.com https://s.yimg.jp https://b92.yahoo.co.jp https://mc.yandex.ru https://vk.com https://ridgidhqchat.widget.custhelp.com https://tagmanager.google.com https://tpc.googlesyndication.com https://img.en25.com blob: assets.calendly.com calendly.com edge.curalate.com https://player.youku.com/jsapi https://cdn.cookielaw.org *.onetrust.com https://sc.lfeeder.com;style-src 'self' 'unsafe-inline' *.ridgid.com *.ridgid.cn *.googleapis.com *.youku.com https://ridgidhqchat.widget.custhelp.com https://*.bazaarvoice.com https://*.bootstrapcdn.com https://*.pricespider.com https://tagmanager.google.com https://ridgidhqchat.custhelp.com assets.calendly.com calendly.com https://player.youku.com https://cdn.cookielaw.org *.onetrust.com;img-src 'self' *.ridgid.com *.ridgid.cn *.google-analytics.com *.youtube.com www.googletagmanager.com static.bshare.cn s.union.360.cn pixel-a.basis.net https: data: blob: https://cdn.cookielaw.org *.onetrust.com;frame-src 'self' https://www.chasepaymentechhostedpay.com *.ridgid.com *.ridgid.cn *.youku.com pixel-a.basis.net www.youtube.com https://bid.g.doubleclick.net https://pixel.sitescout.com https://*.bazaarvoice.com https://www.facebook.com https://orchardproject.net https://www.orchardproject.net https://www.orchardcore.net https://*.cybersource.com insight.adsrvr.org match.adsrvr.org https://vars.hotjar.com 360fenxi.mediav.com s.union.360.cn static.bshare.cn www.google.com www.googletagmanager.com https://*.fls.doubleclick.net https://tpc.googlesyndication.com data: calendly.com mailto: https://player.youku.com https://cdn.cookielaw.org *.onetrust.com;font-src 'self' *.ridgid.com *.ridgid.cn fonts.gstatic.com https://fonts.googleapis.com https://*.bootstrapcdn.com greenlee.com data: https://cdn.cookielaw.org *.onetrust.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.grandfrais.com *.humansourcing.com *.diagtest.com *.google.fr *.google.com *.facebook.net *.googletagmanager.com *.jquery.com *.jsdelivr.net *.dialogfeed.com *.cloudflare.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.fbcdn.net unpkg.com *.openstreetmap.org *.mailjet.com *.360tracking.fr *.lm-tracking.com *.googleadservices.com *.bootstrapcdn.com *.matomo.cloud *.doubleclick.net https://kx1.co https://static.kx1.co http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.ytimg.com  *.youtube-nocookie.com *.github.com cdn.datatables.net noel-grand-frais.lp-mediapost.fr blob: *.grandfrais.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob: https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; img-src 'self' data: blob: https://indiecommunity.my.salesforce.com https://indiecommunity.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://www.sandbox.paypal.com https://www.paypal.com https://na206.salesforce.com/icons/ https://kdpcommunity.com https://images-na.ssl-images-amazon.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; media-src 'self' blob: https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://na206.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://js.stripe.com/ https://www.paypal.com https://www.sandbox.paypal.com https://*.a.forceusercontent.com/lightningmaps/ https://*.a.forceusercontent.com https://location.force.com https://indiecommunity.file.force.com https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; font-src 'self' data: https://fonts.gstatic.com/ https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://indiecommunity.my.salesforce-scrt.com https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com 1
base-uri https://www.netomi.com/  https://www.netomi.com/ https://www.netomi.com/ https://netomi.com/ https://www.netomi.com/; form-action 'self' https://forms.hsforms.com  https://www.facebook.com/tr/; frame-ancestors 'self'; connect-src 'self' https://res.cloudinary.com/  https://stats.g.doubleclick.net       https://www.google-analytics.com       https://analytics.google.com  https://ekr.zdassets.com       https://*.zendesk.com       wss://widget-mediator.zopim.com       https://forms.hubspot.com       https://api.hubapi.com       https://forms.hsforms.com       https://api.lever.co       https://bat.bing.com       https://secure.adnxs.com       https://ws.zoominfo.com       https://hubspot-forms-static-embed.s3.amazonaws.com       https://*.z1.dca0.com       https://d.adroll.com       https://*.clarity.ms/       https://*.clearbit.com       https://*.doubleclick.net              https://ipv6.6sc.co/  https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com  https://www.facebook.com   https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  https://cdn.linkedin.oribi.io https://c.6sc.co *.mutinyhq.com  *.mutinyhq.io   *.mutinycdn.com https://app.perceptivepanda.com/api/get-partner-interview; default-src 'self' https://static.zdassets.com  https://ekr.zdassets.com  https://www.googletagmanager.com  https://www.google-analytics.com https://www.googleleadservices.com https://www.googleadservices.com https://secure.gravatar.com https://bat.bing.com https://forms.hubspot.com https://api.hubapi.com https://track.hubspot.com https://snap.licdn.com https://px.ads.linkedin.com https://q.quora.com https://secure.adnxs.com https://api.lever.co  https://chatapps-us.netomi.com  https://app.perceptivepanda.com https://app.perceptivepanda.com/api/get-partner-interview; font-src 'self'  https://fonts.gstatic.com        data:        fontawesome.com        netdna.bootstrapcdn.com        https://use.typekit.net        https://p.typekit.net   https://*.hotjar.com; frame-src 'self' https://vars.hotjar.com       https://www.facebook.com       https://forms.hsforms.com       https://player.vimeo.com       https://www.youtube.com       https://www.googleadservices.com       https://bid.g.doubleclick.net    https://*.perceptivepanda.com   https://*.hotjar.com  https://optimize.google.com; img-src 'self' https://www.netomi.com       https://netomi.com       https://res.cloudinary.com/    https://www.google-analytics.com  https://www.googletagmanager.com    https://optimize.google.com   https://v2assets.zopim.io        https://static.zdassets.com        https://b.6sc.co        https://track.hubspot.com       https://secure.gravatar.com       https://q.quora.com       https://*.bing.com       https://www.google.com       https://www.facebook.com       https://d.adroll.com       https://aistudio-cdata.s3.amazonaws.com       https://ads.yahoo.com       https://x.bidswitch.net       https://ib.adnxs.com       https://us-u.openx.net       https://idsync.rlcdn.com       https://p.adsymptotic.com       https://px.ads.linkedin.com       https://t.co       https://googleads.g.doubleclick.net  https://www.google-analytics.com     https://734568818.privacysandbox.googleadservices.com       https://*.clarity.ms/        https://*.hotjar.com    https://v.fastcdn.co  https://anthill.instapage.com  https://analytics.google.com     https://s.w.org   https://forms.hsforms.com  https://forms-na1.hsforms.com/  *.mutinyhq.cdn data:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/  https://www.youtube.com/ https://www.googletagmanager.com        https://www.googleanalytics.com    https://www.google-analytics.com     https://www.googleoptimize.com  https://optimize.google.com    https://www.gstatic.com        https://js.hsforms.net        https://forms.hsforms.com        https://forms.hubspot.com       https://js.hs-analytics.net https://app.perceptivepanda.com       https://js.hs-scripts.com        https://js.hs-banner.com        https://js.hsleadflows.net        https://static.zdassets.com        https://ekr.zdassets.com        https://www.googleleadservices.com        https://www.googleadservices.com       https://secure.gravatar.com       https://s.adroll.com       https://js.hsadspixel.net       https://static.hotjar.com       https://bat.bing.com       https://sleeknotecustomerscripts.sleeknote.com       https://connect.facebook.net       https://j.6sc.co       https://ws.zoominfo.com       https://stats.g.doubleclick.net       https://googleads.g.doubleclick.net       https://secure.adnxs.com       https://script.hotjar.com       https://snap.licdn.com       https://px.ads.linkedin.com       https://*.zendesk.com       https://q.quora.com       https://secure.adnxs.com       https://d.adroll.com       https://andreasmb.github.io       https://api.lever.co       https://static.ads-twitter.com       https://analytics.twitter.com       https://s.dca0.com       https://*.clearbitscripts.com       https://*.clearbitjs.com       https://*.clarity.ms/       https://*.doubleclick.net         https://*.hotjar.com   https://*.perceptivepanda.com https://g.fastcdn.co https://cdn.instapagemetrics.com https://heatmap-events-collector.instapage.com https://anthill.instapage.com  *.mutinycdn.com; style-src 'self'  'unsafe-inline'  https://optimize.google.com   fonts.googleapis.com  netdna.bootstrapcdn.com  https://use.typekit.net  https://p.typekit.net  https://andreasmb.github.io  https://*.perceptivepanda.com   https://*.hotjar.com  https://www.gstatic.com/charts/51/css/core/tooltip.css  https://www.gstatic.com/charts/51/css/util/util.css; worker-src 'none'; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-aD0yiKigZnfFxaFs6bOoiGIfA7M=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'strict-dynamic' 'nonce-f266192700b35e82e04825c5b4b91a8f' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com 1
frame-ancestors 'self' https://edicoladigitale.sprintesport.it/ http://testbaba.virtualcms.it 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fzi.de *.youtube.com *.youtube-nocookie.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fzi.de https://ps.w.org; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com builder.lift.acquia.com w.soundcloud.com formstack.com *.formstack.com *.guthrie.org *.sharethis.com cdnjs.cloudflare.com www.medtargetsystem.com match.deepintent.com ajax.googleapis.com connect.facebook.net resources.static.evaliahealth.com agadata.online trc.lhmos.com secure.adnxs.com cdn.taboola.com s.skimresources.com support.doctorpodcasting.com sky.blackbaudcdn.net payments.blackbaud.com bbox.blackbaudhosting.com www.google-analytics.com www.gstatic.com www.google.com api.airbud.io; object-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' *.stripe.com *.stripecdn.com *.googleapis.com *.gstatic.com *.csl-registrar.com *.w3.org; img-src *; style-src 'self' *.googleapis.com *.stripe.com *.stripecdn.com 'unsafe-inline'; 1
frame-ancestors https://www.eyefilm.nl; 1
frame-ancestors 'self' https://*.rio.cloud/ ; 1
block-all-mixed-content; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 1
frame-ancestors 'self' *.issgovernance.com *.strategic-i.com *.issmarketintelligence.com *.brightscope.com *.flowspring.com *.investoreconomics.com *.issliquidmetrix.com *.financial-clarity.com *.mortgage-clarity.com *.mylocaladviser.co.uk *.matrixsolutions.co.uk *.pflresearch.com *.529conference.com *.simfund.com *.fundfiling.com *.sionline.com *.annuityinsight.com *.genesysresearch.net *.fundinteltools.com *.funddiligence.com; 1
default-src 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:*;script-src 'self' 'unsafe-eval' https://*.sbanken.no https://www.google-analytics.com https://optimize.google.com https://wds.ace.teliacompany.com https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://*.sbanken.no https://optimize.google.com;img-src 'self' https://*.sbanken.no https://sbanken.no https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://finncdn.no https://*.finncdn.no https://*.google.com https://*.google.no https://i.vimeocdn.com https://ml-eu.globenewswire.com;frame-src 'self' https://*.sbanken.no https://sbanken.no https://optimize.google.com https://pr.globenewswire.com https://player.vimeo.com https://tools.eurolandir.com https://wds.ace.teliacompany.com https://www.google.com https://stm.sbanken.no;font-src 'self' data: https://*.sbanken.no https://optimize.google.com;connect-src 'self' https://*.internbank.no:* https://*.sbanken.no https://sbanken.no https://www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://online.adservice.com https://chat.ace.teliacompany.com https://chat.ace.teliacompany.net https://chat2.ace.teliacompany.net https://stm.sbanken.no;frame-ancestors 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:* https://internbank.no:* https://stm.sbanken.no;report-uri https://secure.sbanken.no/Authentication/WebResource.axd?cspReport=true 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widgets.twimg.com https://platform.twitter.com https://connect.facebook.net https://connect.facebook.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://use.typekit.com https://manualuploads.s3.amazonaws.com https://oss.maxcdn.com https://apis.google.com https://scontent.xx.fbcdn.net https://facebook.com https://www.facebook.com https://js.stripe.com data:;style-src 'self' 'unsafe-inline' https://twibbon.blob.core.windows.net https://manualuploads.s3.amazonaws.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com;img-src 'self' https://www.facebook.com https://staticxx.facebook.com https://scontent.xx.fbcdn.net https://static.xx.fbcdn.net https://graph.facebook.com https://web.facebook.com https://syndication.twitter.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://manualuploads.s3.amazonaws.com https://twibbon.s3.amazonaws.com http://twibbon.s3.amazonaws.com https://coverjunction.s3.amazonaws.com http://coverjunction.s3.amazonaws.com https://twibbon.blob.core.windows.net https://stormideaseu.blob.core.windows.net https://p.typekit.net https://stats.g.doubleclick.net https://*.facebook.com http://*.facebook.com http://*.akamaihd.net https://*.akamaihd.net http://*.fbcdn.net https://*.fbcdn.net https://*.xx.fbcdn.net http://*.xx.fbcdn.net http://*.twimg.com https://*.twimg.com data:;frame-src 'self' https://www.facebook.com http://www.facebook.com https://m.facebook.com http://m.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com https://*.facebook.com http://*.facebook.com https://www.youtube.com https://accounts.google.com https://platform.twitter.com http://platform.twitter.com https://apis.google.com https://js.stripe.com data:;font-src 'self' https://use.typekit.com https://fonts.gstatic.com data;connect-src 'self' https://performance.typekit.net https://www.facebook.com https://www.google-analytics.com https://region1.google-analytics.com;frame-ancestors 'none';report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://localhost:* 1
default-src 'none'; style-src https://tunnelblick.net https://www.tunnelblick.net; img-src https://tunnelblick.net https://www.tunnelblick.net; 1
default-src 'self' https://www.csi.edu/ ; connect-src 'self' https://25live.collegenet.com/ https://www.csi.edu/ https://www.google-analytics.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://25live.collegenet.com/ https://ajax.googleapis.com/ https://csi.us19.list-manage.com/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js https://cdn.polyfill.io/v2/polyfill.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/ https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/ https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://cdnjs.cloudflare.com/ajax/libs/moment-timezone/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://code.jquery.com/ https://cse.google.com/ https://csi-forms.formstack.com/ https://maxcdn.bootstrapcdn.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfllf5xrd/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflxda_co/www-widgetapi.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://stackpath.bootstrapcdn.com/bootstrap/ https://static.formstack.com/ https://use.fontawesome.com/ https://www.csi.edu/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api/ https://tag.simpli.fi/ https://i.simpli.fi/ ; style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/ https://csi-forms.formstack.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com/ https://static.formstack.com/ https://use.fontawesome.com/ https://www.csi.edu/ https://www.google.com/ ; img-src * data: 'self' https://www.gstatic.com/ ; font-src * data: 'self' https://bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://use.fontawesome.com/ https://www.csi.edu/ ; form-action 'self' https://bootstrapcdn.com/ https://csi-forms.formstack.com/forms/index.php https://maxcdn.bootstrapcdn.com/bootstrap/ https://use.fontawesome.com/ https://www.csi.edu/ ; frame-src 'self' https://25live.collegenet.com/ https://app.powerbi.com/ https://cse.google.com/ https://www.google.com/ https://www.gstatic.com/ https://jics.csi.edu/ https://my.matterport.com/ https://www.youtube.com/ https://csigis.maps.arcgis.com/ https://www.google.com/maps/ ; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' https: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https:; script-src 'self' https: 1
frame-ancestors 'self' www.stoke.gov.uk fostering.stoke.gov.uk shapestokesfuture.co.uk commercial.stoke.gov.uk activestoke.co.uk stokeontrenttogether.org.uk teamstoke.com team.stoke.gov.uk beta.stoke.gov.uk localoffer.stoke.gov.uk sendiass-stoke.co.uk recruitment.stoke.gov.uk fortiorhomes.co.uk stanleyhead.org.uk; 1
default-src 'self' 'unsafe-eval' https://www.google.com https://www.youtube.com https://embed.imajize.com https://partstown.sirv.com https://ceclients.syntec.co.uk https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.pingdom.net https://cdn.cookielaw.org https://js.stripe.com *.facebook.com *.forter.com *.richpanel.com wss://ws-prod.richpanel.com https://ipapi.co; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://www.googletagmanager.com https://cdn.richpanel.com https://cdn.cookielaw.org *.forter.com https://browser-update.org *.richpanel.com https://www.google-analytics.com https://s.adroll.com *.hotjar.com https://snap.licdn.com https://googleads.g.doubleclick.net *.facebook.net *.ubembed.com https://bat.bing.com *.pingdom.net https://s7.addthis.com https://d.adroll.com https://lex.33across.com; style-src 'self' 'unsafe-inline' https://*.richpanel.com https://use.fontawesome.com https://fonts.googleapis.com; frame-ancestors 'self' https://market.opstechnology.com/ https://market.realpage.com/ https://realpage.opstechnology.com/ https://demomarket.opstechnology.com/ https://preview.opstechnology.com/ https://www.rcashasp1.com/ http://www.mypartinfo.com https://www.yardimarketplace.com/ 1
script-src 'self' blob: *.citysbs.com *.19lou.com *.cqmmgo.com *.19louimg.cn *.baidu.com *.baidustatic.com api.map.baidu.com *.bdstatic.com *.pstatp.com c.mipcdn.com tjs.sjs.sinajs.cn c.cnzz.com  s22.cnzz.com res.wx.qq.com apis.map.qq.com c.dun.163.com cstaticdun.126.net s11.cnzz.com static.geetest.com api.geetest.com *.alicdn.com  *.bdimg.com c.dun.163yun.com jsapi.qq.com mat1.gtimg.com analytics.snssdk.com app.citybrain.hangzhou.gov.cn 19lou.xyani.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.19lou.com/report 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=finance&region=US&lang=en-US&device=desktop&yrid=13mj2ppiqu9v2&partner=; 1
media-src *; img-src 'self' data: blob: filesystem: https://cdn.cookielaw.org https://c.bing.com/c.gif https://c.bing.com https://cmp.osano.com https://lh3.googleusercontent.com https://csi.gstatic.com https://www.linkedin.com https://www.youtube.com https://i.ytimg.com https://c.clarity.ms https://e.clarity.ms https://px.ads.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.amazonaws.com *.google.com http://ps.w.org http://i0.wp.com http://i1.wp.com *.gravatar.com *.googleapis.com *.gstatic.com http://www.google-analytics.com *.twitter.com *.twimg.com https://dly4mho8u118u.cloudfront.net https://stats.g.doubleclick.net https://v2.zopim.com https://dashboard.zopim.com https://imp2.ads.linkedin.com *.google.fr http://ck-wwwcorp.s3.amazonaws.com http://dly4mho8u118u.cloudfront.net https://learningwire.crossknowledge.com https://ssl.google-analytics.com https://bat.bing.com *.albacross.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crossknowledge.com *.gstatic.com https://www.youtube.com https://*.clarity.ms https://i.clarity.ms https://h.clarity.ms https://d.clarity.ms https://f.clarity.ms https://cmp.osano.com https://use.fontawesome.com https://www.clarity.ms https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.cookielaw.org *.fontawesome.com http://s7.addthis.com *.google.com *.google.fr *.googleapis.com www.google-analytics.com *.twitter.com https://cdn.syndication.twimg.com https://code.jquery.com http://maps.google.com https://maps.googleapis.com http://maps.googleapis.com https://static.hotjar.com https://app-lon02.marketo.com https://static.ads-twitter.com https://connect.facebook.net https://munchkin.marketo.net https://www.googleadservices.com https://snap.licdn.com https://v2.zopim.com https://cdn.jsdelivr.net https://www.geoplugin.net https://js-agent.newrelic.com https://script.hotjar.com https://googleads.g.doubleclick.net https://dc.ads.linkedin.com https://px.ads.linkedin.com https://bam.nr-data.net https://www.bizographics.com https://eu-west-1.dc.ads.linkedin.com https://secure.adnxs.com https://insights.hotjar.com *.marketo.com http://d3d8qnlcu0b7xk.cloudfront.net https://d3d8qnlcu0b7xk.cloudfront.net http://static.ads-twitter.com http://munchkin.marketo.net *.googletagmanager.com https://ssl.google-analytics.com https://cdn.polyfill.io https://dashboard.zopim.com https://djtflbt20bdde.cloudfront.net https://mastertag.effiliation.com https://track.effiliation.com https://www.linkedin.com https://bat.bing.com https://fb99820f32444afca60ce4a9dcf7267a.js.ubembed.com https://assets.ubembed.com https://static.zdassets.com *.albacross.com; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://cmp.osano.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.google.com *.jsdelivr.net https://app-lon02.marketo.com http://app-lon02.marketo.com *.albacross.com 1
default-src 'self'; base-uri 'self'; child-src blob:; connect-src 'self' https://api.friendlycaptcha.com https://cloudflareinsights.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com/g/collect; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' https://ajax.cloudflare.com https://maps.googleapis.com https://static.cloudflareinsights.com https://www.google-analytics.com/analytics.js https://www.youtube.com https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; 1
base-uri 'none';block-all-mixed-content;frame-ancestors 'none';manifest-src 'none';object-src 'none';upgrade-insecure-requests;worker-src 'none'; 1
connect-src bat.bing.com accounts.google.com www.google-analytics.com analytics.google.com *.doubleclick.net www.google.com translate.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io 'self' data: goskillsmediatest-uswe.streaming.media.azure.net http://127.0.0.1:10000 wss://*.goskills.com; img-src bat.bing.com www.google-analytics.com analytics.google.com www.google.com www.gstatic.com stats.g.doubleclick.net * static.hotjar.com px.ads.linkedin.com www.linkedin.com 'self' blob: data: http://127.0.0.1:10000 goskillsmediatest-uswe.streaming.media.azure.net *.goskills.com; script-src bat.bing.com www.recaptcha.net www.google.com www.google-analytics.com analytics.google.com ajax.googleapis.com www.gstatic.com *.hotjar.com 'sha256-1s6ntw2wH8AlwYEIPJuF1P/HFjSf8Zme5/QPCMQGypk=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' snap.licdn.com 'nonce-24217614a6a24f4db222a8575a3096d8' 'strict-dynamic' 'unsafe-inline' 'report-sample' http://127.0.0.1:10000 *.goskills.com; font-src fonts.gstatic.com *.hotjar.com; frame-src saltcdn2.googleapis.com www.google.com www.googleadservices.com www.gstatic.com www.recaptcha.net *.hotjar.com 'self'; style-src fonts.googleapis.com 'self' 'unsafe-inline' *.goskills.com; base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self' *.goskills.com; media-src 'self' blob: data: goskillsmediatest-uswe.streaming.media.azure.net *.goskills.com; object-src 'none'; upgrade-insecure-requests ; worker-src 'self' blob: http://127.0.0.1:10000; report-uri https://goskills.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' https://images.puppyfinder.com https://members.puppyfinder.com; 1
default-src 'self' https://*.mxmerchant.com https://www.google-analytics.com https://*.googleapis.com  https://www.googletagmanager.com https://mxmsandbox.wpengine.com https://*.gstatic.com https://*.typekit.net 'unsafe-inline' 'unsafe-eval' data: https://*.mxmerchant.com; frame-ancestors 'self'; object-src 'none' 1
default-src 'self' 'unsafe-eval'; frame-src 'self' https://*.cloudflarestream.com/ https://ctne.tecviz.net/ https://kuula.co/ https://videolle.viewin360.co/ *.adform.net *.fls.doubleclick.net/ *.leaddesk.com https://*.facebook.com/ https://research.innolink.fi/ https://metsaliitto.demdex.net/ https://app.powerbi.com https://analytics-eu.clickdimensions.com/ https://dreambroker.com/ https://cloudui-emea01.profilestore.episerver.net *.youtube.com https://youtube.com https://youtu.be *.vimeo.com https://vimeo.com *.dreambroker.com *.euroland.com *.op-koti.fi https://op-koti.fi https://events.icareus.com/ https://interactive.brightgroup.com *.videosync.fi https://cdn.videosync.fi *.calculationtools.com *.jquery.com https://www.google.com/ https://*.flockler.com/ https://storage.net-fs.com/ https://manager.EMEA01.idio.episerver.net/ https://statistics-dashboard.azurewebsites.net/; script-src 'self' https://d1igp3oop3iho5.cloudfront.net/v2/buA6R3hGThUwo2b3jMhdjQ-eu1/zaius-min.js https://d1igp3oop3iho5.cloudfront.net/v2/YTCU__QFgA3N4sqa5K5xQA-eu1/zaius-min.js https://ld-webchat.s3.eu-north-1.amazonaws.com https://api.emea01.idio.episerver.net https://s.emea01.idio.episerver.net/ https://tpc.googlesyndication.com/ https://kuula.co/ https://videolle.viewin360.co *.aauicdnva7.azureedge.net  *.awaascicdprodva7.blob.core.windows.net  *.app.launchdarkly.com *.d30ln29764hddd.cloudfront.net  *.aaui-879784980514.s3.us-east-2.amazonaws.com *.adform.net https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com *.leaddesk.com https://ajax.googleapis.com https://research.innolink.fi *.omniture.com https://adobe.com https://adobe.net https://adobe.io *.omtrdc.net https://adminconsole.adobe.com *.services.adobe.com https://assets.adobedtm.com https://sstats.adobe.com https://adobeid-na1.services.adobe.com https://assets2.adobe.com https://maps.googleapis.com https://assets.adobedtm.com https://fl-cdn.scdn1.secure.raxcdn.com https://*.flockler.com https://app.powerbi.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com/ https://analytics-eu.clickdimensions.com/ https://cloudui-emea01.profilestore.episerver.net https://dl.episerver.net https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://login.microsoftonline.com *.jquery.com *.euroland.com http://maps.google.com/maps/api/ http://maps.googleapis.com/maps/api/ http://maps.google.com/maps-api-v3/api/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://youtube.com *.youtube.com https://cdn.jsdelivr.net/npm/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://*.aptrinsic.com https://js.monitor.azure.com/scripts/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://research.innolink.fi https://*.flockler.com https://app.powerbi.com https://cloudui-emea01.profilestore.episerver.net https://dl.episerver.net https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://*.aptrinsic.com 'unsafe-inline'; img-src * data:; media-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.flockler.com https://*.cloudfront.net; connect-src 'self' ws: https://google.com *.aauicdnva7.azureedge.net *.awaascicdprodva7.blob.core.windows.net *.app.launchdarkly.com *.d30ln29764hddd.cloudfront.net *.aaui-879784980514.s3.us-east-2.amazonaws.com https://publish.ne.cision.com https://maps.googleapis.com https://research.innolink.fi https://dpm.demdex.net https://cdn.linkedin.oribi.io *.omniture.com https://adobe.com https://adobe.net https://adobe.io *.omtrdc.net *.onetrust.com https://adminconsole.adobe.com *.services.adobe.com https://assets.adobedtm.com https://sstats.adobe.com https://adobeid-na1.services.adobe.com https://assets2.adobe.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com/ https://dc.services.visualstudio.com https://*.flockler.com/ https://*.flockler.app/ https://*.facebook.com/ https://*.aptrinsic.com 1
frame-ancestors 'self' https://classe-numerique.fr https://matheros.fr https://monecole.fr https://motoufo.fr; 1
frame-ancestors 'self' *.genial.ly genial.ly 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src 'self' *.mokivezi.lt *.soundestlink.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.google.lt *.google.com *.cookiebot.com *.g.doubleclick.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googlesyndication.com *.criteo.com *.tawk.to wss://*.tawk.to; font-src 'self' *.googleapis.com *.soundestlink.com *.gstatic.com *.hotjar.com *.tawk.to; frame-src 'self' *.mokivezi.lt *.sblizingas.lt *.google.com *.facebook.com *.twitter.com *.publitas.com *.hotjar.com placehold.jp omniform1.com *.cookiebot.com *.criteo.com *.youtube.com; img-src 'self' *.mokivezi.lt data: *.google-analytics.com *.analytics.google.com *.google.lt *.google.com *.google.de *.google.pl *.adform.net *.criteo.com *.criteo.net *.hotjar.com *.g.doubleclick.net *.facebook.com *.googletagmanager.com *.soundestlink.com *.pinterest.com placehold.jp tinypic.host omnisnippet1.com *.ytimg.com tawk.link *.tawk.to *.jsdelivr.net blob:; script-src 'self' *.mokivezi.lt 'unsafe-hashes' 'strict-dynamic' 'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ=' *.google.com *.facebook.net *.twitter.com *.pinterest.com *.googleapis.com *.soundestlink.com *.adform.net *.criteo.net omnisrc.com omnisnippet1.com *.publitas.com *.googletagmanager.com *.hotjar.com *.omnisend.com *.tawk.to 'nonce-1TLOR2MjTk1Q8Pzbd/vNyA=='; style-src 'self' 'unsafe-inline' *.soundestlink.com *.googleapis.com *.cloudflare.com *.hotjar.com *.tawk.to; upgrade-insecure-requests 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' *.indsci.com;; upgrade-insecure-requests 1
default-src https: *.atncorp.com atncorp.app *.thor-scope.com; img-src http: https: data: *.atncorp.com *.atncorp.app *.thor-scope.com *.crazyegg.com *.facebook.net *.facebook.com *.googletagmanager.com *.ytimg.com; font-src https: data: *.atncorp.com *.atncorp.app *.thor-scope.com; style-src https 'unsafe-inline' atncorp.com *.atncorp.com *.atncorp.app *.thor-scope.com *.cloudfront.net *.braintreegateway.com *.listrakbi.com *.yotpo.com *.driftt.com *.bootstrapcdn.com *.googleapis.com www.google.com *.theopticguru.com *.addshoppers.com; connect-src *.experticity.com *.expertvoice.com *.bing.com *.googleapis.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com id5-sync.com *.eu-1-id5-sync.com atncorp.com *.atncorp.com *.od.atncorp.com *.theopticguru.com *.listrakbi.com *.atncorp.app *.thor-scope.com *.taboola.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.yotpo.com *.clarity.ms wss://*.yotpo.com *.google-analytics.com analytics.google.com *.yandex.ru *.doubleclick.net *.crazyegg.com shop.pe *.shop.pe api.ipify.org; script-src 'unsafe-inline' 'unsafe-eval' *.experticity.com *.expertvoice.com *.hsforms.net accounts.google.com *.id5-sync.com atncorp.com *.atncorp.com *.theopticguru.com *.atncorp.app *.thor-scope.com *.paypalobjects.com *.braintreegateway.com *.paypal.com *.listrakbi.com *.listrak.com *.licdn.com *.smartyads.com *.clarity.ms *.bing.com *.rfihub.net *.rfihub.com *.mgid.com *.taboola.com *.yotpo.com *.cetrk.com *.amazonaws.com *.crazyegg.com *.driftt.com *.googleapis.com *.googleadservices.com *.vantivprelive.com *.vantivcnp.com *.online-metrix.net *.yandex.ru *.google-analytics.com *.criteo.net *.criteo.com *.facebook.net *.facebook.com *.crazyegg.com *.googletagmanager.com *.zendesk.com *.avmws.com *.gstatic.com *.youtube.com *.ytimg.com *.cloudfront.net shop.pe *.shop.pe www.google.com; 1
default-src 'self' http: https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'none'; connect-src 'self' https://analytics.google.com https://l.evidon.com https://bam.nr-data.net/events/1/fc50544d93 https://maps.googleapis.com https://www.google-analytics.com; font-src https://fonts.gstatic.com; form-action 'self'; frame-src https://www.facebook.com https://www.youtube.com https://www.instagram.com https://platform.twitter.com https://player.vimeo.com https://www.linkedin.com 'self' https://papr.navcanada.ca; media-src 'self' https://papr.navcanada.ca; img-src 'self' https://cdn.cluepixel.com data: https://www.facebook.com https://i.vimeocdn.com https://c.evidon.com https://l.evidon.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.instagram.com https://platform.twitter.com https://bam.nr-data.net/1/fc50544d93 https://c.evidon.com https://code.jquery.com https://connect.facebook.net https://js-agent.newrelic.com/nr-1210.min.js https://js-agent.newrelic.com https://maps.googleapis.com https://searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://vimeo.com https://www.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net; frame-src 'self' ipeye.ru docs.google.com www.youtube.com mc.yandex.ru; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net  yandex.ru mc.yandex.ru 1
child-src 'self' https://www.instagram.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://www.recaptcha.net https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.liveperson.net wss://*.liveperson.net  https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com wss://*.liveperson.net https://www.allsole.com/e2/ds/relay https://horizon-api.www.allsole.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.allsole.com https://checkout.allsole.com https://www.allsole.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://cdn.parcellab.com 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.parcellab.com https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://www.recaptcha.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://www.allsole.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.klarnacdn.net https://*.stape.io https://*.bing.com *.mfor.eu *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com https://www.facebook.com https://*.stape.io https://*.bing.com *.mfor.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://www.youtube.com https://*.google.com https://vars.hotjar.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://player.vimeo.com https://sketchfab.com https://360.covisionlab.com https://workspace.showin3d.com https://open.spotify.com https://widget.spreaker.com https://www.facebook.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.criteo.net https://*.criteo.com https://*.stape.io https://*.bing.com *.mfor.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://widget.zoorate.com https://*.feedaty.com https://assets.livestory.io https://*.doubleclick.net https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://mediacdn.livestory.io https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com *.google.com *.google.it *.cdninstagram.com *.fna.fbcdn.net 'self' data: https://*.criteo.net https://*.criteo.com https://criteo-sync.teads.tv https://*.yahoo.com https://*.taboola.com https://*.outbrain.com https://*.pubmatic.com https://*.adnxs.com https://*.smaato.net https://*.smartadserver.com https://*.360yield.com https://*.media.net https://*.3lift.com https://id5-sync.com https://*.advertising.com https://*.rubiconproject.com https://*.tapad.com https://*.rambler.ru https://*.casalemedia.com https://*.stickyadstv.com https://*.mediawallahscript.com https://*.mgid.com https://*.bing.com https://*.addthis.com https://*.adform.net https://*.bidswitch.net https://*.rlcdn.com https://*.tpmn.co.kr https://*.kargo.com https://*.yandex.ru https://*.adtdp.com https://*.revcontent.com https://*.sharethrough.com https://*.liadm.com https://*.postrelease.com https://*.omnitagjs.com https://*.ivitrack.com https://*.dmxleo.com https://*.yieldmo.com https://*.openx.net https://*.crobox.io https://*.crobox.com https://*.mediavine.com https://*.tremorhub.com https://*.krxd.net https://*.yieldlab.net https://*.thebrighttag.com https://*.stape.io *.mfor.eu d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn.doofinder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://checkoutshopper-live.adyen.com https://*.feedaty.com mediastorage.livestory.io https://assets.livestory.io https://widget.zoorate.com https://maps.google.com https://maps.googleapis.com *.google.com https://www.gstatic.com https://www.googletagmanager.com https://static.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net https://script.hotjar.com https://js-agent.newrelic.com *.nr-data.net https://payments-eu.amazon.com https://www.googleapis.com https://cdn.doofinder.com https://cdn.cookie-script.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.criteo.net https://*.criteo.com https://*.mag-news.it https://*.mailmta.com https://*.lasportiva.com https://*.crobox.io https://*.crobox.com https://*.clarity.ms https://*.stape.io https://*.bing.com *.mfor.eu *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://widget.zoorate.com https://assets.livestory.io https://*.feedaty.com https://www.gstatic.com https://*.klarnacdn.net https://*.crobox.io https://*.crobox.com https://*.stape.io https://*.bing.com *.mfor.eu *.fontawesome.com *.doofinder.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com mediastorage.livestory.io mediacdn.livestory.io https://*.crobox.io https://*.crobox.com https://*.stape.io https://*.bing.com *.mfor.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com mediastorage.livestory.io https://assets.livestory.io https://api.livestory.io https://*.feedaty.com *.nr-data.net https://vc.hotjar.io https://*.google.com https://*.google-analytics.com https://in.hotjar.com https://eu1-search.doofinder.com https://consent.cookie-script.com https://www.facebook.com https://*.playground.klarnaservices.com https://*.klarnaservices.com https://*.paypal.com https://*.criteo.net https://*.criteo.com https://*.mag-news.it https://*.mailmta.com https://*.lasportiva.com https://maps.googleapis.com https://*.analytics.google.com https://*.crobox.io https://*.crobox.com https://*.clarity.ms https://*.stape.io https://*.bing.com *.mfor.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=10rr23liqu51o&partner=; 1
frame-ancestors 'self' https://www.palms-insurance.com https://www.gridliancewest.com https://www.drivegreenlane.com https://www.nexteraenergytransmission.com https://www.nexteraenergy.com https://www.nexteraenergyresources.com https://www.nexteraenergycanada.com https://www.nexteraanalytics.com https://www.nexterawater.com https://www.distributedwater.com https://www.neetny.com https://www.empirestateline.com https://www.lonestartransmission.com https://www.transbaycable.com https://www.gridliance.com https://www.floridarenewablepartners.com https://www.palms-insurance.com https://www.nexteraenergyservices.com https://www.energycurriculum.com https://www.poweringflorida.com https://www.NexteraMitigationBanks.com https://www.35mules.com; 1
upgrade-insecure-requests; style-src 'self' 'unsafe-inline' portal.gov.cz *.portal.gov.cz https://www.youtube.com https://api.mapy.cz; script-src 'self' 'unsafe-inline' portal.gov.cz *.portal.gov.cz https://www.youtube.com https://az416426.vo.msecnd.net https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://api.mapy.cz https://js.monitor.azure.com https://www.google.com https://www.gstatic.com https://matomoas.westeurope.cloudapp.azure.com 1
frame-ancestors 'self' t.co twitter.com;frame-src 'self' *.idio.episerver.net *.cdn.optimizely.com https://consentcdn.cookiebot.com https://go.valtech.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.linkedin.com https://player.vimeo.com https://www.facebook.com https://videos.internal.valtech.com https://videos.valtech.com https://www.youtube.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.6sc.co https://*.ep-mimecast.ads-twitter.com https://*.doubleclick.net https://*.idio.episerver.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.marketo.com https://*.optimizely.com https://*.vo.msecnd.net https://ajax.cloudflare.com https://analytics.newscred.com https://analytics.twitter.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://content.linkedin.com https://cdn.siteimprove.net https://cdn.syndication.twimg.com https://dl.episerver.net https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://go.valtech.com https://js.facebook.com https://munchkin.marketo.net https://optimizely.s3.amazonaws.com https://platform.linkedin.com https://platform.twitter.com https://player.vimeo.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://siteimproveanalytics.com https://tagmanager.google.com https://tag.valtech.com https://t.co https://unpkg.com https://videos.valtech.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://www.vimeo.com https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' *.marketo.net *.marketo.com *.licdn.com *.google.com dl.episerver.net go.valtech.com platform.twitter.com ton.twimg.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.userway.org *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.sheridan.com.au; 1
connect-src 'self' 'unsafe-inline' *.analytics.google.com *.cookieyes.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.linkedin.com cdn.linkedin.oribi.io/partner/1315644/domain/mitie.com/token content.hotjar.io csmetrics.hotjar.com forms.hscollectedforms.net/collected-forms/v1/config/json forms.hsforms.com forms.hubspot.com/lead-flows-config/v1/config/json google-analytics.com hotjar.com https://cdn-cookieyes.com https://mitie.matomo.cloud https://pagead2.googlesyndication.com https://www.buzzsprout.com in.hotjar.com wss://ws.hotjar.com/api/v2/client/ws wss://wsp2.hotjar.com/api/v2/client/ws wss://wsp20.hotjar.com/api/v2/client/ws wss://wsp29.hotjar.com/api/v2/client/ws wss://wsp46.hotjar.com/api/v2/client/ws www.google-analytics.com www.google.co.uk www.google.com; default-src data: 'self' 'unsafe-eval' 'unsafe-inline' *.adsymptotic.com *.eurolandir.com *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hubspot.com *.insightfulcompanyinsight.com *.jquery.com *.linkedin.com *.turtl.co *.typekit.net *.youtube.com *.ytimg.com analytics.twitter.com api.ipify.org cdn.jsdelivr.net cdn.linkedin.oribi.io/partner/1315644/domain/mitie.com/token d22d1xpx4ztuef.cloudfront.net https://cdn-cookieyes.com https://td.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com inspire.mitie.com instant.page js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net/leadflows.js px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co use.typekit.net wss://wsp28.hotjar.com/api/v2/client/ws www.google.co.uk; font-src data: 'self' cdn.jsdelivr.net use.typekit.net; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://app-static.turtl.co/embed/turtl.embed.v1.js https://cdn-cookieyes.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://cdn.matomo.cloud https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://googleads.g.doubleclick.net https://js.hs-scripts.com/6964783.js https://mitie.matomo.cloud https://p.typekit.net https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://use.typekit.net/uid7iqz.css instant.page js.hs-analytics.net js.hscollectedforms.net/collectedforms.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js script.hotjar.com secure.insightfulcompanyinsight.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js static.hotjar.com www.google-analytics.com www.google-analytics.com/analytics.js www.googleoptimize.com/optimize.js www.googletagmanager.com/gtag/js www.googletagmanager.com/gtm.js www.youtube.com/iframe_api www.youtube.com/s/player/ www.youtube.com/s/player/36754c51/www-widgetapi.vflset/www-widgetapi.js; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://code.jquery.com https://p.typekit.net https://use.typekit.net www.google.com; style-src-elem 'self' 'unsafe-inline' 'sha256-gnTnWyBUP7suCJj/UtzoS31eoUPLTUtFonJTCboxjOg=' 'sha256-qWwxsTFcdIcN78qmlVvZfPMlQLLiEk7put1pv87RdRQ=' 'sha256-mcaDjc+k2BZCc9kAR/FslJ+7Kk7hPRRV8Bx7rvOohLI=' 'sha256-4vhu2Db44n75uw45jztoczt+Zj1Lr4g0FfQJeCnXIc8=' 'sha256-xweHAayXOSmJbjbnJ3FI23YCA/3LJZL/qMP2bHjbwSo=' 'sha256-ErQd9FXLGwoC3Fonbsk9U2kTwfJ75BJDJrNOs6ud1Ho=' 'sha256-Eq9kZpPFkReNalV2Zb45g+EH+D2rdkH3mPYH2IKCNh0=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-iZQXKA6j9vmb3WlfYK1K68t7OsafG/cCJ/BDoNvyvvc=' 'sha256-KPHprKJ9hli6Ed4ncbnYZuz/r29RdHLCpyrro8aEUec=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-6RSQuYatP9sRP7B7rbVz5bbMTAciBSr9mN41rtAsFqM=' 'sha256-eyy7AL88NuNt91x7KiHlqVB8IBUv9/N/HL9myWjv5B4=' 'sha256-c+bb4Yj6XcLqmiLAzX+c/rp9tRaFFAhRfjccNgMFb40=' 'sha256-uGQC2mLQHzNrlDyiPwi34MvV9Su74kNp6oN3NEhR5wE=' 'sha256-L+7fwt7XfpYw1sK1BvLZnGNI6EW/+kt2WnV3YoTV6iM=' 'sha256-FdwQpkxlQRmJARrYCju3Bq2MjM93LdX8FlfMeSPOHdQ=' 'sha256-HFX7NUyr7Bjcd46pyASikNbBoNNijcJFVkoConh6h/o=' 'sha256-m5FU/wgblfSq8P3zc48K2MSqcO8zAmmo6JrB+gniBmw=' 'sha256-L7iomE4vy92tB2UH2SY8T5TfdsQmqUfVfYfB7pBefcs=' 'sha256-Q6WFhI5COUwCbVljJ0qJpS22KzXJHNZbjJYh5XHURuY=' 'sha256-M8TOQbvdthd0lrf837KL8IlTDMCF0IDIzenErFpYll8=' 'sha256-/5E9zzLKTEzV2rt6kYynprHIBMMXgDK6Q3ttQQrF8BM=' https://app-static.turtl.co https://app-static.turtl.co/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://cdn.jsdelivr.net/npm/locomotive-scroll@3.5.4/dist/locomotive-scroll.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://p.typekit.net https://use.typekit.net/uid7iqz.css 1
default-src * data: 'self' 'unsafe-inline';img-src * data:;style-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://pr-cb-bot.azurewebsites.net https://fonts.googleapis.com https://optanon.blob.core.windows.net;script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://cdn.cookielaw.org https://code.jquery.com/ https://cdnjs.cloudflare.com https://geolocation.onetrust.com https://maps.googleapis.com https://ajax.googleapis.com https://pr-cb-bot.azurewebsites.net/CAchat/botchat.js https://pr-cb-bot.azurewebsites.net/CAchat/main/main.prod.js https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflE2z392/www-widgetapi.js https://www.gstatic.com/recaptcha/api2/v1563777128698/recaptcha__pt.js https://platform-api.sharethis.com/js/sharethis.js;frame-src https://www.youtube.com  https://youtu.be/ https://www.facebook.com https://www.googletagmanager.com https://www.google.com/ https://vars.hotjar.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org/ https://eur02.safelinks.protection.outlook.com/ https://cdn.flipsnack.com/ https://heyzine.com/ https://online.fliphtml5.com/ https://player.flipsnack.com; 1
frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com https://www.uol.com.br; 1
base-uri 'self'; default-src https: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https://*.crisp.chat https://*.zapier.com https://www.googletagmanager.com https://*.trackjs.com https://*.abtasty.com *.intercom.io *.facebook.net *.facebook.com www.google-analytics.com https://*.axept.io *.google.com app.termly.io  *.vimeo.com *.bugsnag.com https://sentry.io https://*.sendinblue.com https://*.mixpanel.com https://*.imagify.io https://yoast.com https://links.services.disqus.com wss://*.crisp.chat wss://*.intercom.io wss://realtime.services.disqus.com https://ampcid.google.fr https://amp-error-reporting.appspot.com https://cdn.ampproject.org https://*.affilae.com  https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.bing.com https://*.g.doubleclick.net https://*.legalplace.fr; object-src 'self'; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com *.googleapis.com *.hotjar.com *.yotpo.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nuclearblast.com *.nuclearblast.de *.dev.test https://facebook.com facebook.com *.facebook.com *.googletagmanager.com *.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co-jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * facebook.com *.facebook.com *.facebook.net *.cookiebot.com https://*.demdex.com *.google.com *.braintreegateway.com *.dexmet.net *.amazon.com *.amazon.co.uk *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com *.dotdigital-pages.com *.dnky.co googletagmanager.com *.googletagmanager.com *.authorize.net *.vimeo.com *.gstatic.com gstatic.com *.yotpo.com *.hotjar.com *.paypalobjects.com *.dailymotion.com *.yumpu.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://img.youtube.com https://www.mollie.com integration-5ojmyuq-sk47ktqf24w3s.eu-5.magentosite.cloud *.nuclearblast.de *.nuclearblast.com nuclearblast.de nuclearblast.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com facebook.com *.facebook.com *.hotjar.com *.google.com *.cookiebot.com *.doubleclick.net *.gstatic.com *.google.co.uk *.google.de *.google.ch *.google.fr *.google.eu *.googletagmanager.com *.bing.com *.virtualearth.net maps.gstatic.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com s7.addthis.com *.plugins.emarsys.net *.scarabresearch.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.com *.facebook.net *.hotjar.com unsafe-inline *.cookiebot.com bam.nr-data.net googletagmanager.com *.googletagmanager.com *.googleoptimize.com *.newrelic.com gstatic.com *.gstatic.com *.2o7.net *.omtrdc.net https://*.demdex.net *.bing.com *.virtualearth.net maps.googleapis.com *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.hotjar.com *.yotpo.com getfirebug.com cdn.dnky.co webchat.dotdigital.com optimize.google.com *.googleoptimize.com *.bing.com *.virtualearth.net *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com mp31.phononet.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io ekr.zdassets.com/ *.scarabresearch.com *.eservice.emarsys.net https://get.geojs.io *.avada.io openiban.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com *.nr-data.net *.newrelic.com maps.googleapis.com *.bing.com *.virtualearth.net t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.sascar.com.br *.masternautconnect.com flota-conectada.michelin.com.ar flotasconectadas.michelin.com.ar *.connectedfleet.michelin.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'strict-dynamic' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'unsafe-inline' 'nonce-mfxFQ2_hKyMcvErE1--KS-AOVB43lUZt'; font-src 'self'; connect-src 'self' cdn.httparchive.org discuss.httparchive.org dev.to cdn.rawgit.com www.webpagetest.org www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net; img-src 'self' https:; frame-src 'none'; object-src 'none'; base-uri 'none' 1
default-src https: wss://*.hotjar.com 'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
frame-ancestors *.jandi.com 1
default-src 'self' data: blob: https: *.boschtools.com  *.mycliplister.com *.hotjar.com *.linkedin.com a19948120449.cdn.optimizely.com 10097804.fls.doubleclick.net adservice.google.com adservice.google.de ad.doubleclick.net errors.client.optimizely.com logx.optimizely.com px.ads.linkedin.com visitor-service-eu-central-1.tealiumiq.com; font-src 'self' data: gallery.sprinklr.com ka-p.fontawesome.com ; object-src data: 'self'; img-src https: data: blob: scontent-iad3-2.cdninstagram.com scontent.cdninstagram.com thumb.sprinklr.com collect.tealiumiq.com gwmtracking.com pbs.twimg.com; style-src 'self' 'unsafe-inline' https: 10097804.fls.doubleclick.net gallery.sprinklr.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com gallery.sprinklr.com bosch-tools-resultpage.com cvg-bosch.widget.custhelp.com s.webtrends.com tags.tiqcdn.com cdn.optimizely.com cdn.pricespider.com platform.twitter.com snap.licdn.com; connect-src 'self' https: data: blob: *.hotjar.com wss://*.hotjar.com wss://*.botframework.com wss://botframework.com 1
frame-ancestors 'self' https://teams.microsoft.com ; 1
default-src 'self' data: blob: *.ifs.com *.justgiving.com *.searchstax.com *.twitter.com *.ads-twitter.com *.facebook.net https://*.onetrust.com https://*.sonobi.com https://*.spotxchange.com https://*.addthis.com https://*.socdm.com https://*.fout.jp https://*.stickyadstv.com https://*.adtdp.com *.litix.io *.demandbase.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net www.google-analytics.com www.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.gstatic.com *.cloudflare.com *.leadforensics.com linkedin.oribi.io *.oribi.io *.t.co *.google.lk *.smartrecruiters.com *.mathtag.com *.doubleclick.net pixel.tapad.com *.marketo.com *.marketo.net *.linkedin.com *.krxd.net p.adsymptotic.com *.comparesoft.com tracking.g2crowd.com tr.apsislead.com static.oktopost.com tags.bkrtx.com snap.licdn.com *.rlcdn.com *.hotjar.com vc.hotjar.io *.yahoo.com https://*.openx.net https://*.casalemedia.com https://*.bidswitch.net careers-p2energysolutions.icims.com https://*.adingo.jp *.clarity.ms www.facebook.com *.okt.to *.bluekai.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com siteimproveanalytics.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com aa.agkn.com y.one.impact-ad.jp wss://*.hotjar.com https://*.adnxs.com https://*.pubmatic.com https://*.adsrvr.org https://*.adform.net https://*.shinobi.jp https://*.smaato.net https://*.semasio.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' info.ifs.com; frame-src 'self' careers-p2energysolutions.icims.com www.facebook.com info.ifs.com *.wistia.net *.hotjar.com *.bluekai.com *.doubleclick.net; 1
frame-ancestors 'self' iboss32814.activehosted.com; 1
frame-ancestors 'self' https://content.htzone.co.il http://content.htzone.co.il https://cdn.roojoom.com http://cdn.roojoom.com; 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' data:; 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
frame-src 'self' https://ethgasstation.info/ https://www.googletagmanager.com/ https://o918428.ingest.sentry.io/ https://privacy.yuga.com; 1
default-src 'self' https://www.ark-pc.co.jp; img-src data: blob: https://i.ytimg.com https://arkpc-media.s3-ap-northeast-1.amazonaws.com https://*.twimg.com https://*.twitter.com https://www.ark-pc.co.jp https://*.ark-pc.co.jp https://*.cloudfront.net https://www.google.co.jp https://www.google.com https://www.google-analytics.com https://a.imgvc.com https://seal.websecurity.norton.com https://www.gstatic.com https://m.media-amazon.com https://itrack2.valuecommerce.ne.jp https://itag.valuecommerce.ne.jp https://wcscv.valuecommerce.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://b.imgvc.com/ https://m.media-amazon.com/  https://img.youtube.com; media-src 'self' blob: https://www.ark-pc.co.jp https://*.ark-pc.co.jp https://*.cloudfront.net https://*.youtube.com https://youtube.com; font-src 'self' https://www.ark-pc.co.jp https://*.ark-pc.co.jp; script-src 'self' https://tpc.googlesyndication.com https://static-fe.payments-amazon.com https://p01.mul-pay.jp https://pt01.mul-pay.jp/ https://stg.static.mul-pay.jp/ https://www.ark-pc.co.jp https://*.ark-pc.co.jp https://seal.websecurity.norton.com https://*.cloudfront.net https://*.valuecommerce.ne.jp https://fraud-buster.appspot.com https://*.valuecommerce.com https://www.google-analytics.com/ https://www.googletagmanager.com/https://stats.g.doubleclick.net https://www.gstatic.com/ https://*.google.com https://cdnjs.cloudflare.com https://static.mul-pay.jp https://www.google.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.googletagmanager.com https://code.jquery.com https://www.google.co.jp https://m.media-amazon.com https://www.googleadservices.com https://static-na.payments-amazon.com 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' blob:; style-src 'self' https://ton.twimg.com https://platform.twitter.com https://*.ark-pc.co.jp https://www.ark-pc.co.jp https://code.jquery.com https://www.google.com 'unsafe-inline'; connect-src 'self' https://www.ark-pc.co.jp https://*.ark-pc.co.jp https://www.google-analytics.com https://analytics.google.com/ https://www.google.com https://www.google.co.jp https://stats.g.doubleclick.net https://payments-fe.amazon.com 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' blob:; worker-src 'self' blob: https://www.ark-pc.co.jp https://*.ark-pc.co.jp; frame-src 'self' https://www.ark-pc.co.jp https://*.ark-pc.co.jp https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://*.facebook.com https://*.youtube.com https://youtube.com https://*.google.com; object-src 'none'; upgrade-insecure-requests 1
frame-src 'self' https://www.facebook.com https://vars.hotjar.com https://ls.hit.gemius.pl; frame-ancestors 'self' https://*.irozhlas.cz https://*.rozhlas.cz http://aplikace.rozhlas.cz https://www.facebook.com 1
connect-src * data: blob: 'unsafe-inline' 1
upgrade-insecure-requests;
	frame-ancestors 'self';
	default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.krankenhaus.de https://fonts.googleapis.com https://*.uksh.de;
	object-src 'self' https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	connect-src 'self' https://*.krankenhaus.de https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	frame-src 'self' https://*.krankenhaus.de https://*.google.com https://*.youtube.com https://player.vimeo.com https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://player.podigee-cdn.net https://healthcare-hackathon.podigee.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.krankenhaus.de https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://player.podigee-cdn.net https://healthcare-hackathon.podigee.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	style-src 'self' 'unsafe-inline' https://*.krankenhaus.de https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://player.podigee-cdn.net https://healthcare-hackathon.podigee.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	img-src 'self' https://*.krankenhaus.de https://*.uksh.de data: https://*.uksh.de https://code.jquery.com https://walls.io https://my.walls.io https://player.podigee-cdn.net https://images.podigee-cdn.net https://healthcare-hackathon.podigee.io https://*.googletagmanager.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.facebook.net https://*.facebook.com https://*.catchup-apps.com https://api.maptiler.com https://*.cookiebot.com;
	form-action 'self' 1
default-src 'self' https://cni.net.id; script-src 'self' https://cni.net.id https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https://cni.net.id; frame-src 'self' https://www.youtube.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1
default-src 'self' *.ebola.cz https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ebola.cz https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' *.ebola.cz; img-src 'self' *.ebola.cz frame-ancestors 'self' 1
default-src https://*;                        script-src 'unsafe-inline' https://* 'unsafe-eval' https://*.roberts.edu;                        style-src 'unsafe-inline' https://tags.srv.stackadapt.com https://*.nes.edu https://*.roberts.edu https://stackpath.bootstrapcdn.com/ https://kit-free.fontawesome.com https://maxcdn.bootstrapcdn.com https://www.google.com/cse https://fonts.googleapis.com https://use.fontawesome.com https://api2.libanswers.com https://bbox.blackbaudhosting.com/ https://code.jquery.com/ https://widgets.ebscohost.com https://support.ebscohost.com https://cdn.jsdelivr.net https://www.lightboxcdn.com/ https://accounts.google.com/;     img-src 'self' data: * 1
default-src 'self';script-src 'self' 'nonce-vt63pMMDDUups8019U0uVwpO' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scripts.bestprice.gr *.ckeditor.com https://s.pinimg.com *.teads.tv https://region1.analytics.google.com https://tpc.googlesyndication.com *.skroutz.gr https://skroutza.skroutz.gr https://sslwidget.criteo.com https://www.ravenna.gr https://ping.contactpigeon.com https://static.criteo.net https://ajax.cloudflare.com https://skroutza.skroutz.gr https://www.contactpigeon.com *.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr https://use.typekit.net https://collection.e-satisfaction.com https://v2.zopim.com https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://www.contactpigeon.com https://ping.contactpigeon.com https://fonts.googleapis.com https://use.typekit.net https://collection.e-satisfaction.com https://p.typekit.net;object-src 'self';img-src 'self' data: *.postrelease.com *.facebook.net https://cdn.e-satisfaction.com/ https://www.googletagmanager.com https://widget.eu.criteo.com https://www.google.co.uk https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://dis.criteo.com https://ct.pinterest.com *.e1.emxdgt.com *.teads.tv https://e1.emxdgt.com/ https://dimages.contactpigeon.com https://googleads.g.doubleclick.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://criteo-partners.tremorhub.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://matching.ivitrack.com https://ad.360yield.com https://id5-sync.com https://gum.criteo.com https://r.casalemedia.com https://visitor.omnitagjs.com https://cm.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://googleads.g.doubleclick.net https://ping.contactpigeon.com https://collection.e-satisfaction.com https://collection.e-satisfaction.com https://ravenna.staginglh.com https://static.ravenna.gr https://www.ravenna.gr *.skroutz.gr https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr https://img.youtube.com;font-src 'self' data: https://use.typekit.net *.gstatic.com; connect-src 'self' https://ekr.zdassets.com https://pagead2.googlesyndication.com https://measurement-api.criteo.com  https://rpc.bestprice.gr *.bestprice.gr https://adservice.google.com https://ct.pinterest.com *.teads.tv https://region1.analytics.google.com https://ping.contactpigeon.com https://collection.e-satisfaction.com https://ekscapig.sleed.com https://web.facebook.com https://www.facebook.com https://socialplugin.facebook.net https://cdn.e-satisfaction.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app;frame-src *;media-src 'self'; manifest-src 'self' https://www.ravenna.gr 1
default-src 'self';                   script-src https: 'unsafe-inline' 'unsafe-eval' 'self';                   worker-src blob: https;                   img-src * 'self' data: https:;                   media-src *;                   frame-src 'self' 'unsafe-inline' 'unsafe-eval' *;                   frame-ancestors 'self' *;                   style-src 'self' 'unsafe-inline';                   object-src 'none';                   connect-src 'self' * 1
default-src 'self' *; script-src 'self' 'nonce-devdocs' https://www.google-analytics.com https://secure.gaug.es https://*.jquery.com; font-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com https://www.vcs.co.za *.paygate.co.za https://pay.ozow.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.freshchat.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com https://*.gstatic.com *.facebook.com https://*.google.com *.google.com *.mobicredwidget.co.za https://www.okfurniture.co.za https://ozow-live-cdn.s3.eu-west-1.amazonaws.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com https://*.google.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.facebook.com *.cloudfront.net *.freshchat.com connect.facebook.net https://cdn.jsdelivr.net https://unpkg.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.getfirebug.com https://fonts.googleapis.com 'self' data: *.freshchat.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' data: *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.doubleclick.net *.mobicredwidget.co.za https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.addthis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src id.paytogate.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://blutopia.cc:8443/socket.io/ wss://blutopia.cc:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'none';child-src js.stripe.com www.youtube.com play.vidyard.com;connect-src 'self' blob: www.google-analytics.com sentry.io *.sentry.io services.mother.co s3.ca-central-1.amazonaws.com api.adbutler.com https://1WIL6RAPZV-dsn.algolia.net www.googleapis.com servedbyadbutler.com https://dpm.demdex.net https://stats.g.doubleclick.net https://solarwinds.d2.sc.omtrdc.net wss://gns3.com;default-src 'self';font-src 'self' dist.mcdn.co fonts.gstatic.com use.typekit.net;frame-src https://referrer.solarwinds.com https://solarwindsworldwidellc.demdex.net;frame-ancestors 'none';img-src 'self' blob: data: media.mcdn.co *.media.mcdn.co maps.googleapis.com www.google-analytics.com maps.gstatic.com servedbyadbutler.com cdn.vidyard.com play.vidyard.com i.ytimg.com http://metrics.solarwinds.com;media-src 'self' blob: assets.mcdn.co *.assets.mcdn.co;object-src 'none';style-src 'self' dist.mcdn.co fonts.googleapis.com p.typekit.net use.typekit.net 'unsafe-inline';script-src 'self' dist.mcdn.co js.stripe.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com *.sentry.io play.vidyard.com https://assets.adobedtm.com https://dpm.demdex.net https://solarwinds.d2.sc.omtrdc.net https://static.solarwinds.com https://stats.g.doubleclick.net 1
connect-src https://vk.com https://*.vk.com https://*.jaicp.com https://*.google-analytics.com https://google-analytics.com https://*.google.com https://*.yandex.ru 'self'; child-src 'self' blob: https://*.yandex.ru; font-src https://*.digma.ru https://static.lc-group.ru https://fonts.gstatic.com 'self' ; form-action https://*.jaicp.com 'self'; frame-ancestors https://*.webvisor.com https://webvisor.com http://*.webvisor.com http://webvisor.com 'self'; frame-src https://*.jaicp.com  blob: https://*.googletagmanager.com https://*.google.com https://*.yandex.ru https://*.youtube.com 'self' https://*.merlion.ru; img-src https://vk.com https://*.vk.com https://*.jaicp.com https://*.digma.ru https://static.lc-group.ru https://google-analytics.com https://*.google.com https://*.yandex.ru https://*.youtube.com https://*.merlion.com 'self' data: https://*.yandex.net *.yandex.ru *.yastatic.net *.merlion.ru *.google-analytics.com blob: https://*.yandex.ru; media-src https://*.digma.ru https://static.lc-group.ru 'self'; object-src https://*.digma.ru https://static.lc-group.ru 'self'; script-src https://vk.com https://*.vk.com https://*.digma.ru https://static.lc-group.ru https://*.googletagmanager.com https://google-analytics.com https://*.google.com https://google.com https://*.gstatic.com https://*.yandex.ru https://yastatic.net https://*.youtube.com https://s.ytimg.com 'self' *.yandex.ru *.yandex.net *.yastatic.net *.google-analytics.com https://*.jaicp.com  'unsafe-eval'; style-src https://*.jaicp.com  https://*.digma.ru https://static.lc-group.ru https://*.google.com 'self' https://fonts.googleapis.com 'unsafe-inline'; default-src 'none'; 1
frame-ancestors beinmatch.biz new.beinmatch.biz 1
upgrade-insecure-requests; connect-src *; default-src 'self' *.nivoli.com data: https://* blob: android-webview-video-poster; script-src 'self' https://* 'unsafe-inline' data: blob: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https://*; img-src 'self' 'unsafe-inline' blob: android-webview-video-poster https://* data:; frame-ancestors 'self' https://adventuregamers.com; report-uri https://nivoli.uriports.com/reports/report; report-to default; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clickcease.com wss://tsock.us1.twilio.com www.google.com.gi qa.stampinup.ca www.google.co.nz www.pinterest.dk acs1.viseca.ch dc.services.visualstudio.com:8893 www.pinterest.jp www.google.co.ck acs2-3dsecure.cic.fr qa-api.stampinup.fr localhost:* secure.3ds.cornercard.ch www.google.com.do find.userpilot.io www.google.com.ph talkdeskchatsdk.talkdeskapp.com wss://127.0.0.1:2031 wss://127.0.0.1:2026 qa.stampinup.de www.google.ch wss://ws.hotjar.com *.gstatic.com api.userpilot.io *.cloudinary.com pagestates-tracking.crazyegg.com *.js.recurly.com forms.monday.com www.google.com.ni *.wss://ws2.hotjar.com/ *.uploads.userpilot.io *.consent.cookiebot.com www.recaptcha.net 0eaf.cardinalcommerce.com t.paypal.com gateway.zscalerone.net cdn.honey.io www.pinterest.fr www.paypalobjects.com www.google.im wss://127.0.0.1:2032 wss://127.0.0.1:2027 www.google.hr acs.swisscard.ch www.pinterest.it translate.google.com static3.avast.com az-api.stampinup.com 3ds.consorsfinanz.de www.google.com.au www.google.m *.windows.net www.gstatic.com www.google.be *.curator.io www.google.ie su-media.s3.amazonaws.com userpilot.io www.google.cz www.pinterest.se www.slant.co www.google.tt www.googletagmanager.com fonts.gstatic.com wss://127.0.0.1:2030 3dsecure.ing.fr 3dsec.cardcenter.ch www.google.com.vc wss://127.0.0.1:2025 www.gstatic.cn www.google.no *.facebook.net www.youtube.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com js.userpilot.io api.usabilla.com mail.teksavvy.com *.alicdn.com qa.stampinup.at api.curator.io home-c33.nice-incontact.com consentcdn.cookiebot.com find-x.userpilot.io www.google.gg i.ytimg.com 1eaf.cardinalcommerce.com d6tizftlrpuof.cloudfront.net static.geetest.com acs1-3dsecure.creditmutuel.fr az-api.stampinup.nz *.unpkg.com tracking.crazyegg.com consent.api.osano.com www.google.cn www.google.bs 3dspayment.easybank.at www.pinterest.com assets.pinterest.com *.acsbapp.com www.google.com.ng object.center www2.stampinup.com qa-api.stampinup.uk tsock.us1.twilio.com js.recurly.com wss://127.0.0.1:2024 *.recurly.com kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.com az-api.stampinup.de *.find-x.userpilot.io api.microsofttranslator.com www.google.nl *.trendmicro.com find-w.userpilot.io hotjar.com qa.stampinup.nz usrvcms2.stampinup.com www.google.lv prd-cdn-talkdesk.talkdesk.com www.google.ee stats.g.doubleclick.net analytics.google.com cdn.acsbapp.com monitor.clickcease.com www.google.se shopping.qantas.com www.google.com.mt www.pinterest.co.uk log.pinterest.com monitor.geetest.com az-api.stampinup.at 3dsecure.psa.at *.usabilla.com www.google.fi qa-api.stampinup.nl api.recurly.com assets-tracking.crazyegg.com cdn.curator.io *.monitor.azure.com api.talkdeskapp.com *.stats.g.doubleclick.net www.google.it acs2-3dsecure.targobank.de wss://*.ws.hotjar.com www.google.co.kr www.google.pt stampinupcdndev.blob.core.windows.net www.google.fr media.stampinup.com az-api.stampinup.ca *.cdn.curator.io *.localhost:* www.clickcease.com *.facebook.com themes.googleusercontent.com visasecure1.comdirect.de www.rsa3dsauth.co.uk www.google.pl 3ds.rpc-raiffeisen.com www.google.com.cy authentication.cardinalcommerce.com *.api.userpilot.io qa.stampinup.com www.googleoptimize.com *.find.userpilot.io hud.crazyegg.com acs.3ds-hanseaticbank.de www.google.co.uk 3ds.fr.ing.com stampinup.net www.google.dk  *.api.curator.io/ bam.nr-data.net osano.com region1.analytics.google.com www.pinterest.es www.google.gr geschuetztkaufen2.commerzbank.de qa-api.stampinup.nz acs1-3dsecure.cic.fr qa.stampinup.com.au content.hotjar.io js.monitor.azure.com www.capitalkoala.com *.amazonaws.com www.google.lk login.microsoftonline.com *.userpilot.io consent.cookiebot.com www.google.sk restcountries.com secure4.arcot.com my.stampinup.com www.pinterest.nz ssl.google-analytics.com www.google.ae via.placeholder.com 3ds-secure.cardcomplete.com adservice.google.com www.google.hn www.google.lt visasecure2.comdirect.de qa.stampinup.uk ct.pinterest.com www.google.co.vi 3dspayment.paylife.at images.wikibuy.com www.google.com.sv wss://analytex-eu.userpilot.io acs1-3dsecure.targobank.de cmp.osano.com www.google.co.id acs1.3ds.modirum.com 3dsecure.monext.fr mozbar.moz.com *.pinimg.com *.google.com www.google.com.co unpkg.com www.stampinup.com *.hotjar.io uploads.userpilot.io *.tsock.us1.twilio.com talkdeskchatsdk.talkdeskapp.com/ secure5.arcot.com www.google.lu qa.stampinup.nl www.pinterest.de www.google.co.jp script.crazyegg.com www.pinterest.com.au www.pinterest.at s.pinimg.com sessions.bugsnag.com metrics.hotjar.io *.cdn.jsdelivr.net secure.dkb.de connect.facebook.net *.wlp-acs.com verifiedbyvisa.sparkassen-kreditkarten.de *.googleapis.com www.pinterest.ca *.azureedge.net www.google.tt/ *.hotjar.com www.google.com.ag www.google.je hotjar.io stampinup-media.azureedge.net az-api.stampinup.fr *.curator-assets.b-cdn.net *.osano.com www.bing.com gateway.zscaler.net cdn.ivaws.com surveystats.hotjar.io www.google.ca www.stampinup.uk data1.ahjilop.com cdn.jsdelivr.net api.geetest.com www.google.at *.prd-cdn-talkdesk.talkdesk.com gateway.zscloud.net www.google.com.gt 3ds.sia.eu wss://127.0.0.1:2047 www.google.de clickcease.com api.talkdeskchatsdk.talkdeskapp.com www.facebook.com paiement1.secure.lcl.fr www.google.si www.google.com.pr tattle.api.osano.com wss://127.0.0.1:2034 qa-api.stampinup.com.au wss://127.0.0.1:2029 channel-cards-html.lloydsbankinggroup.com mastercardidentitycheck.sparkassen-kreditkarten.de www.google.com.jm *.cloudfront.net www.google.md qa.stampinup.fr acs.touch.tech acs2-3dsecure.cm-cic.com find-y.userpilot.io www.google.com.mx ssl.gstatic.com process.acsbapp.com wss://127.0.0.1:2020 res.cloudinary.com www.google.bg dc.services.visualstudio.com az-api.stampinup.nl www.pinterest.ie *.b-cdn.net authentication2.six-group.com etc.roboform.com accesswidget-log-receiver.acsbapp.com *.www.google.m qa-api.stampinup.at az-api.stampinup.uk qa-api.stampinup.com find-z.userpilot.io disclosure.api.osano.com visa-secure-bxl.ing.de www.instagram.com curator-assets.b-cdn.net acsbapp.com 3dsecure-vrp.de visasecure1.consorsbank.de acs3.edb.com wss://127.0.0.1:2046 www.google.hu particuliers.societegenerale.fr az-api.stampinup.com.au *.doubleclick.net qa-api.stampinup.ca vc.hotjar.io www.google.com.tw wss://127.0.0.1:2033 ask.hotjar.io www.google.me 3d-secure.pluscard.de wss://127.0.0.1:2028 *.js.monitor.azure.com/ assets.tailwindapp.com www.google.by *.pinterest.com www.google.ro region1.google-analytics.com qa-api.stampinup.de www.google-analytics.com www.google.co.cr www.google.com.ua wib.capitalone.com www.paypal.com *.www.recaptcha.net/ www.google.co.in *.js.userpilot.io www.google.es; frame-ancestors 'self' stampinup.com www.google.com consent.cookiebot.com static.hotjar.com my.stampinup.com hotjar.com *.pinterest.com www.stampinup.com clickcease.com www1.stampinup.com www.youtube.com stampinup.net *.facebook.com ;  1
frame-ancestors 'self' https://www.hackerrank.com; 1
default-src 'self';connect-src 'self' data: https:;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' data: https:;style-src 'self' 'unsafe-inline' data: https:;form-action 'self' data: https:;frame-src 'self' data: https:;frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
connect-src *.conforama.ch api.conforama.ch *.bazaarvoice.com stats.g.doubleclick.net *.y-track.com *.abtasty.com bat.bing.com *.collect.igodigital.com *.fraud0.com *.criteo.com *.datatrans.com pro.ip-api.com maps.googleapis.com middleware.marktjagd.de quick-ar.threedy.ai *.cc.commerce.ondemand.com api.c4avqjtcp1-conforama1-p1-public.model-t.cc.commerce.ondemand.com pagead2.googlesyndication.com availability.loadbee.com conforamasuisse.my.salesforce-sites.com spotlight.offerista.com ct.pinterest.com userly.net media.flixcar.com trk.adbutter.net ib.adnxs.com acdn.adnxs.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-ch.onetrust.com hotjar.com google.com www.google-analytics.com *.analytics.google.com www.facebook.com connect.facebook.net api.ipify.org 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ *.addthis.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com *.gstatic.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com *.google.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.uno; img-src 'self' https: data: blob: https://mastodon.uno; style-src 'self' https://mastodon.uno 'nonce-zXrz0rgqKC1QhRlDI4bMjQ=='; media-src 'self' https: data: https://mastodon.uno; frame-src 'self' https:; manifest-src 'self' https://mastodon.uno; form-action 'self'; child-src 'self' blob: https://mastodon.uno; worker-src 'self' blob: https://mastodon.uno; connect-src 'self' data: blob: https://mastodon.uno https://cdn.masto.host wss://mastodon.uno; script-src 'self' https://mastodon.uno 'wasm-unsafe-eval' 1
default-src 'self' https://clients.vistnet.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://clients.vistnet.com https://download.skype.com; img-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://clients.vistnet.com data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://clients.vistnet.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://clients.vistnet.com; frame-src https://www.facebook.com https://s-static.ak.facebook.com; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://clients.vistnet.com; object-src 'none' 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; style-src * 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; img-src * 'self' data:; font-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; media-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; base-uri 'self'; frame-ancestors * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; upgrade-insecure-requests; object-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; connect-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; report-uri * /info/cspreport; form-action * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; frame-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://atqaeastsqldiags.blob.core.windows.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://app.tpastream.com https://info.alegeus.com https://d.adroll.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://auth.beta.wealthcareadmin.com/adfs/ls/ https://auth.wealthcareadmin.com/adfs/ls/ https://ise.stg.fsastore.com https://ise.fsastore.com https://atdeveastsqldiags.blob.core.windows.net https://cdn.fsastore.com https://widget.criteo.com https://mcrd20011.brandmovers.co/saml2/alegeus/metadata/ https://mcrd20011-staging.brandmovers.co/saml2/alegeus/metadata/ https://alg-investment-portal-app-b-001.azurewebsites.net https://alg-investment-portal-app-q-001.azurewebsites.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alg-claims-portal-app-q-001.azurewebsites.net https://alg-claims-portal-app-b-001.azurewebsites.net https://alg-claims-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-investment-portal-app-p-001.azurewebsites.net https://alginvestmentportalb001.blob.core.windows.net https://alg-claims-portal-app-p-001.azurewebsites.net https://wealthcareportal.com https://auth.wealthcareadmin.com/adfs/ls https://auth.bpsclaimprovider.wealthcareadmin.com; 1
object-src 'none'; form-action 'none'; frame-ancestors 'self'; report-to csp-endpoint; 1
default-src 'self' https://www.youtube.com detergents.lidl-info.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net cdn.cookielaw.org form.lidl.com lidl.media01.eu fpm.climatepartner.com services.melixa.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; connect-src 'self' cdn.cookielaw.org *.onetrust.com; 1
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu https://www.google.com https://www.googletagmanager.com https://www.gstatic.com 'unsafe-inline' 'self' *.net *.com *.de *.eu *.bg *.at; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu 'unsafe-inline' 'self' *.net *.com *.de *.eu *.at; font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com/ data: *.commerce-connector.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com * https://form.wspay.biz 'self' 'unsafe-inline'; frame-ancestors https://eglo.crm4.dynamics.com *.easescreen.com file: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com secure.pay1.de payments.amazon.de www.jsctool.com www.google.com *.dotdigital.com www.xtento.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net 'self' data: tracking.qa.paypal.com seal-seflorida.bbb.org bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net *.commerce-connector.com *.commerce-connector.de *.googleapis.com www.xtento.com cdn.xtento.com *.com *.ad *.ae *.com.af *.com.ag *.com.ai *.al *.am *.co.ao *.com.ar *.as *.at *.com.au *.az *.ba *.com.bd *.be *.bf *.bg *.com.bh *.bi *.bj *.com.bn *.com.bo *.com.br *.bs *.bt *.co.bw *.by *.com.bz *.ca *.cd *.cf *.cg *.ch *.ci *.co.ck *.cl *.cm *.cn *.com.co *.co.cr *.com.cu *.cv *.com.cy *.cz *.de *.dj *.dk *.dm *.com.do *.dz *.com.ec *.ee *.com.eg *.es *.com.et *.fi *.com.fj *.fm *.fr *.ga *.ge *.gg *.com.gh *.com.gi *.gl *.gm *.gr *.com.gt *.gy *.com.hk *.hn *.hr *.ht *.hu *.co.id *.ie *.co.il *.im *.co.in *.iq *.is *.it *.je *.com.jm *.jo *.co.jp *.co.ke *.com.kh *.ki *.kg *.co.kr *.com.kw *.kz *.la *.com.lb *.li *.lk *.co.ls *.lt *.lu *.lv *.com.ly *.co.ma *.md *.me *.mg *.mk *.ml *.com.mm *.mn *.ms *.com.mt *.mu *.mv *.mw *.com.mx *.com.my *.co.mz *.com.na *.com.ng *.com.ni *.ne *.nl *.no *.com.np *.nr *.nu *.co.nz *.com.om *.com.pa *.com.pe *.com.pg *.com.ph *.com.pk *.pl *.pn *.com.pr *.ps *.pt *.com.py *.com.qa *.ro *.ru *.rw *.com.sa *.com.sb *.sc *.se *.com.sg *.sh *.si *.sk *.com.sl *.sn *.so *.sm *.sr *.st *.com.sv *.td *.tg *.co.th *.com.tj *.tl *.tm *.tn *.to *.com.tr *.tt *.com.tw *.co.tz *.com.ua *.co.ug *.co.uk *.com.uy *.co.uz *.com.vc *.co.ve *.vg *.co.vi *.com.vn *.vu *.ws *.rs *.co.za *.co.zm *.co.zw *.cat data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.datareporter.eu secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com www.google.com *.gstatic.com *.cookielaw.org *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org tagmanager.google.com www.gstatic.com bat.bing.com *.trackedlink.net *.commerce-connector.com *.googleapis.com www.xtento.com cdn.xtento.com *.net *.com *.de *.eu *.at 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://webcache.datareporter.eu d.ratepay.com *.fontawesome.com *.googleapis.com *.gstatic.com seal-seflorida.bbb.org fonts.googleapis.com *.google.com *.commerce-connector.com *.google.de *.net *.com *.de *.eu *.at 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com *.cloudfront.net * 'self' 'unsafe-inline'; manifest-src * 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.datareporter.eu payments.amazon.de d.ratepay.com www.jsctool.com t.elasticsuite.io *.google-analytics.com *.cookielaw.org bat.bing.com *.doubleclick.net *.commerce-connector.com *.net *.com *.de *.eu *.online *.at 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /rest/V1/csp/report; report-to report-endpoint; 1
img-src 'self' data: images.ctfassets.net *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co click2cart.com *.click2cart.com 2cart.net haircodeassetsprod.azureedge.net *.adsrvr.org images-haircode-com-prod.azureedge.net *.contentful.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.contentful.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net *.contentful.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com *.contentful.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co click2cart.com *.click2cart.com 2cart.net *.iesnare.com *.adsrvr.org api.ipify.org *.contentful.com feed.pghub.io pandg.tapad.com ; connect-src 'self' kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co click2cart.com *.click2cart.com 2cart.net *.haircode.com *.onetrust.com *.contentful.com *.segment.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co click2cart.com *.click2cart.com 2cart.net pgconsumersupport.secure.force.com *.youtube.com *.adsrvr.org pg-lex.my.salesforce-sites.com consumersupport.pg.com *.contentful.com *.segment.com feed.pghub.io ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.usercentrics.eu *.googletagmanager.com *.google-analytics.com imageservice.azureedge.net *.google.com *.gstatic.com *.youtube.com i.ytimg.com *.visualstudio.com *.clarity.ms *.jsdelivr.net polyfill.io *.msecnd.net *.hotjar.com *.hotjar.io *.ggpht.com *.yumpu.com *.yumpu.news *.bing.com *.doubleclick.net *.googleapis.com *.googleoptimize.com *.licdn.com *.facebook.net *.google.de *.linkedin.oribi.io *.linkedin.com *.facebook.com *.econda-monitor.de *.googleadservices.com *.trbo.com *.beck.de *.salesforce.com *.saferpay.com *.googlesyndication.com beckassets.blob.core.windows.net imageservice.azureedge.net legacy.beck-shop.de freie-fachinformationen.de *.podigee.com *.podigee.io player.podigee-cdn.net methodurl.psp-solutions.com 3ds.nexigroup.com 3ds-a.live.ext.prod.enfuce.com eu.b2c.com cdn-assetservice.ecom-api.beck-shop.de web.inxmail.com sdfwk1.beck-shop.de 1
upgrade-insecure-requests; frame-ancestors https://*.patelco.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.force.com https://*.wp.com https://*.salesforce.com; 1
frame-ancestors 'self' https://manage.masstransitmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.googleapis.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://polyfill.io/v3/polyfill.min.js https://*.azure.com https://*.brightcove.net https://vjs.zencdn.net https://siteimproveanalytics.com https://embed.acuityscheduling.com/js/embed.js https://*.hotjar.com https://*.cookieinformation.com https://code.highcharts.com/; img-src 'self' data: https://*.brightcove.com https://*.prod.boltdns.net https://*.siteimproveanalytics.io https://*.hotjar.com; font-src 'self' data: https://*.hotjar.com; frame-ancestors 'self'; frame-src https://*.google.com/ https://norgesbank.aventia.no/ https://app.acuityscheduling.com/ https://*.cookieinformation.com https://*.hotjar.com https://vimeo.com/; connect-src 'self' https://data.at.nbtest.no https://data.norges-bank.no https://dc.services.visualstudio.com https://*.brightcove.com https://*.prod.boltdns.net https://*.brightcovecdn.com https://*.cookieinformation.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; worker-src blob:; 1
default-src 'self' https://play.vidyard.com *.vidyard.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://widget.sndcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com *.googletagmanager.com *.sndcdn.com https://js-agent.newrelic.com *.newrelic.com https://bam.nr-data.net *.nr-data.net *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com https://static.opentok.com https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://widget.sndcdn.com *.sndcdn.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://play.vidyard.com *.vidyard.com https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://player.vimeo.com *.vimeo.com *.browseranalytic.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com *.jquery.com *.px.ads.linkedin.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com  https://widget.spreaker.com/ *.spreaker.com; img-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ data: https://a.tribalfusion.com *.tribalfusion.com https://dpm.demdex.net *.demdex.net *.cloudfront.net *.px.ads.linkedin.com *.linkedin.com *.facebook.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://vop.sundaysky.com *.sundaysky.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com *.cloudfront.net https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com *.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://i1.sndcdn.com *.sndcdn.com https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co https://www.google-analytics.com *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com *.analytics.google.com; media-src 'self' https://widget.spreaker.com/ *.spreaker.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ *.googleadservices.com *.grupobancolombia.com *.cloudfront.net https://static.zdassets.com *.zdassets.com https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data:; frame-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://widget.spreaker.com/ *.spreaker.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://series1.cma.com.br *.cma.com.br https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://vc.hotjar.io; style-src 'self' 'unsafe-inline' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.bancolombia.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://cdn2.hubspot.net https://assets.vidyard.com *.vidyard.com *.hubspot.net https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://nominatim.openstreetmap.org https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com;connect-src 'self' https://widget.spreaker.com/ *.spreaker.com https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://bam.nr-data.net *.nr-data.net *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co *.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://vc.hotjar.io region1.google-analytics.com region1.analytics.google.com *.analytics.google.com https://analytics.google.com *.googletagmanager.com *.g.doubleclick.net;font-src 'self' data: https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://www.grupobancolombia.com *.grupobancolombia.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.com https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com; 1
frame-ancestors *.yandex.ru 1
default-src 'none'; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' https://nouw.com http://nouw.com  https://secure.payer.se; frame-ancestors 'self' http://frame.bloglovin.com; frame-src 'self' *.youtube.com *.spotify.com  'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src * data: blob:; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self' blob: data:; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com  https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: js.hs-scripts.com googletagmanager.com *.googletagmanager.com ai.ocelotbot.com bot.ivy.ai screencast-o-matic.com eacct-columbiauniversity-sp.transactcampus.com tag.simpli.fi *.onetrust.com calendly.com assets.calendly.com *.flipsnack.com online.fliphtml5.com cliq.zoho.com chat.zoho.com appeuds2cfb.blob.core.cloudapi.de embed.polleverywhere.com shibboleth.columbia.edu cas.columbia.edu eacct-columbiauniversity-sp.blackboard.com app.acuityscheduling.com nudining.com *.nudining.com dineoncampus.com *.dineoncampus.com google.com *.google.com google-analytics.com *.google-analytics.com myfonts.net *.myfonts.net gstatic.com *.gstatic.com googleapis.com *.googleapis.com sentry.io *.sentry.io ytimg.com *.ytimg.com ggpht.com *.ggpht.com twimg.com *.twimg.com twitter.com *.twitter.com facebook.com *.facebook.com facebook.net *.facebook.net gethealthie.com *.gethealthie.com youtube.com *.youtube.com fbcdn.net *.fbcdn.net vimeo.com *.vimeo.com; img-src * data: 1
img-src data: blob: * 'self'  data: 'unsafe-inline' 'unsafe-eval'  wss: https: reflected-xss block 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Au6RbjfhNkuqgw5AxHvNCA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
base-uri 'self'; default-src 'self'; child-src 'self' https://*.auth0.com https://*.dfh.dev https://*.designsforhealth.com https://*.designsforhealth.ca https://www.buzzsprout.com https://*.hotjar.com https://*.hotjar.io https://static.dfh.dev; connect-src 'self' https://testflex.cybersource.com https://flex.cybersource.com https://646i2f8h.apicdn.sanity.io https://646i2f8h.api.sanity.io https://*.dfh.dev https://*.auth0.com https://*.designsforhealth.com https://*.designsforhealth.ca https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com https://*.sentry.io https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https://cdn.sanity.io https://*.dfh.dev https://images.designsforhealth.com https://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://track.hubspot.com https://maps.gstatic.com https://www.google-analytics.com; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://browser.sentry-cdn.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; report-uri https://o795780.ingest.sentry.io/api/5801897/security/?sentry_key=a6cbbf3456244fd1a6353ab9fc71ae04 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors *; img-src * data:; media-src *; object-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src https: ; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sail-horizon.com *.app-us1.com google-analytics.com optimize.google.com *.providesupport.com *.livechatinc.com *.opendns.com *.google.com *.doubleclick.net ssl.google-analytics.com *.lassocrm.com api.ipify.org www.gstatic.com www.google.com www.googleadservices.com *.arcgis.com *.usersnap.com www.google-analytics.com *.facebook.net *.firebaseio.com ajax.googleapis.com *.googleapis.com *.thevillages.com www.googletagmanager.com api.usersnap.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googletagmanager.com optimize.google.com *.providesupport.com tagmanager.google.com *.arcgis.com *.ionicframework.com cdnjs.cloudflare.com fonts.googleapis.com *.typekit.net; img-src 'self' blob: *.wpenginepowered.com *.thevillagesentertainment.com *.googleadservices.com *.livechatinc.com google-analytics.com optimize.google.com www.googletagmanager.com *.providesupport.com ssl.gstatic.com www.gstatic.com data: *.usersnap.com *.ytimg.com www.thevillages.com www.facebook.com *.google-analytics.com *.lassocrm.com *.avengers.thevillages.com *.arcgis.com *.thevillages.com *.fbcdn.net *.wpengine.com www.google-analytics.com *.doubleclick.net www.google.com; media-src 'self' *.wpenginepowered.com *.thevillagesentertainment.com *.livechatinc.com *.providesupport.com; frame-src 'self' *.wpenginepowered.com *.youtube-nocookie.com optimize.google.com youtube-nocookie.com *.livechatinc.com *.providesupport.com *.firebaseapp.com vimeo.com *.vimeo.com my.matterport.com youtube.com youtu.be *.doubleclick.net www.google.com camstreamer.com *.facebook.com *.firebaseio.com www.youtube.com *.avengers.thevillages.com *.arcgis.com *.thevillages.com; font-src 'self' data: *.ionicframework.com *.providesupport.com *.arcgis.com fonts.gstatic.com *.typekit.net; connect-src 'self' ws: wss: *.wpenginepowered.com *.thevillagesentertainment.com *.sail-track.com *.sail-personalize.com *.sail-horizon.com *.livechatinc.com *.providesupport.com *.lassocrm.com *.facebook.net www.gstatic.com *.opendns.com *.fbcdn.net *.google.com *.googleadservices.com code.ionicframework.com js.arcgis.com www.googletagmanager.com ssl.google-analytics.com villages-proxy.herokuapp.com *.doubleclick.net www.google-analytics.com *.usersnap.com *.cloudfunctions.net *.googleapis.com firestore.googleapis.com www.facebook.com *.wpengine.com *.firebaseio.com *.thevillages.com *.typekit.net; report-uri / 1
child-src 'self'; frame-src 'self' *; frame-ancestors 'self' also.ch *.also.ch *.also.com also.com chrome-extension://* *; connect-src 'self' *.also.com also.com *.usercentrics.eu *.mateti.net *.mktoresp.com *.hpcloud.hp.com https://px.ads.linkedin.com https://also01.wt-eu02.net wss://alsopolska.user.com https://*.user.com https://*.n-able.com https://toolbox.solarwindsmsp.com analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net https://fonts.googleapis.com whatfix.com *.whatfix.com *.parcellab.com https://locationservice.posti.com https://ka-p.fontawesome.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' *.also.com also.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.cs.1worldsync.com *.hpcloud.hp.com *.cnetcontent.com *.parcellab.com cdn.datatables.net maxcdn.bootstrapcdn.com rsms.me https://pages.solarwindsmsp.com https://*.n-able.com; font-src 'self' *.1worldsync.com https://fonts.gstatic.com *.cnetcontent.com rsms.me booster.webtradecenter.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://d1k9ddv9gpqp3j.cloudfront.net; img-src 'self' also.com *.also.com *.alsolatvia.lv filesalso.dk https://static.user.com https://media.user.com https://cdn.cs.1worldsync.com https://cdn.whatfix.com https://videos.whatfix.com data: *.mateti.net https://www.google.com https://www.google.de www.facebook.com analytics.google.com www.google-analytics.com *.usercentrics.eu *.cnetcontent.com *.www8-hp.com also01.wt-eu02.net *.parcellab.com *.wcfbc.net www.plugilo.com *.webtradecenter.com i.ytimg.com https://px.ads.linkedin.com https://d2xsch6h2vuht1.cloudfront.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com cdn.jsdelivr.net/gh/ckeditor/ cdn.jsdelivr.net/npm/ cdn.jsdelivr.net/emojione/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net polyfill.io *.kameleoon.eu *.kameleoon.com static.addtoany.com img.en25.com js-agent.newrelic.com bam.nr-data.net *.tawk.to player.vimeo.com unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.tawk.to; img-src * 'self' data: https:;; media-src 'self' *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com/ *.vimeo.com/ www.google.com/ static.addtoany.com/ *.facebook.com/ web.microsoftstream.com/; child-src 'self' *.youtube.com/ *.vimeo.com/ www.google.com/ static.addtoany.com/; font-src 'self' data: embed.tawk.to; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ api.mixpanel.com facebook.com cdn.jsdelivr.net *.kameleoon.eu *.kameleoon.com *.algolia.net *.algolianet.com bam.nr-data.net *.tawk.to *.vimeo.com privacyportal-eu.onetrust.com cdn.linkedin.oribi.io; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.philips.ru *.philips.com *.philips.ru https://philipsigtdpv.com 1
base-uri 'none'; connect-src 'none'; font-src 'none'; form-action 'self' https://www.isfdb.org https://www.google.com; frame-src 'none'; frame-ancestors 'none'; img-src http: https:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' https://www.isfdb.org; style-src 'self' https://www.isfdb.org; worker-src 'none'; 1
default-src 'self';				script-src 'report-sample' 'self' 'nonce-0CC7754308FD4ECF8CA16587BDF96C7C';				style-src 'report-sample' 'self' 'nonce-0CC7754308FD4ECF8CA16587BDF96C7C';				img-src 'self' data:;				connect-src 'self';				font-src 'self';				base-uri 'self';				frame-src 'self';				object-src 'none';				manifest-src 'self';				media-src 'self';				worker-src 'none';				frame-ancestors 'self'; 1
default-src 'self' static1.clickandboat.com; connect-src 'self' https://api.clickandboat.com static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io https://*.clarity.ms click-and-boat.pxf.io https://api.privacy-center.org; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net click-and-boat.pxf.io; img-src 'self' static1.clickandboat.com static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ https://blog.clickandboat.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org; script-src 'unsafe-eval' 'self' static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net sslwidget.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net 'unsafe-inline' 'nonce-RhUpVfV01qUHHNG6qFb/ZA=='; style-src 'self' static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://sdk.privacy-center.org 1
frame-ancestors 'self' *.uob.com.my *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg www.hungrygowhere.my docs.google.com www.youtube.com feeds.theedgemarkets.com www.straitstimes.com www.businesstimes.com.sg www.bangkokpost.com 1
frame-ancestors 'self' app.intercom.com/ localhost:9999 1
frame-ancestors 'self' *.selecthub.com selecthub.com; 1
default-src 'self' *.tealiumiq.com;  script-src 'self' 'nonce-MWIxNzQwNmQtNDVhYS00ZGJiLWIzZjEtYzQ0NDMzOWFmNGNm' 'unsafe-inline'  'unsafe-eval' *.cloudfront.net *.youtube.com https://static.cloudflareinsights.com  https://connect.facebook.net https://frefi.sv.rkdms.com  *.freedomdebtrelief.com  *.tealiumiq.com  https://tags.freedomdebtrelief.com https://www.googletagmanager.com *.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.ctfassets.net *.bbb.org *.youtube.com *.ytimg.com; font-src 'self'; frame-src 'self' m.lndg.page *.votervoice.net e.infogram.com *.instagram.com  *.youtube.com *.gstatic.com https://www.google.com; media-src 'self' *.youtube.com;object-src 'self' blob: data:;worker-src 'self' blob:; frame-ancestors 'self';connect-src 'self' https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://www.google-analytics.com https://analytics.google.com https://collect.tealiumiq.com noembed.com 1
frame-ancestors www.uponor.com 1
frame-ancestors 'self' https://*.superoffice.com 1
default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.usefathom.com anytype1.matomo.cloud i.ytimg.com *.githubusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.usefathom.com anytype1.matomo.cloud www.youtube.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' *.youtube.com; object-src 'self'; connect-src 'self' anytype1.matomo.cloud noembed.com contributors.any.coop; 1
connect-src 'self' ws: wss:; default-src 'self' ws: wss: *.ctfassets.net; font-src 'self' data: *.ctfassets.net; img-src 'self' data: *.ctfassets.net; script-src 'self' 'unsafe-inline' ws: wss:; style-src 'self' 'unsafe-inline' *.ctfassets.net; 1
default-src 'self'; style-src 'self' 'nonce-2726c7f26c' 'sha256-lYPgVeO0CacLwwUB4DyR9jnHyogvo7NBwUv0zXx/qBY='; frame-src 'none'; child-src 'self'; connect-src 'self' ws GNCD7Z22NL-dsn.algolia.net https://api.hsforms.com https://app.kinde.com; base-uri 'none'; font-src 'self'; img-src 'self' https://imagedelivery.net https://customer-xcbruusbiervz265.cloudflarestream.com; media-src 'self' https://customer-xcbruusbiervz265.cloudflarestream.com; object-src 'none'; script-src 'self' 'nonce-2726c7f26c' 1
default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://analytics.synthetix.io https://*.mailerlite.com https://cdn.sanity.io https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mailerlite.com; img-src 'self' data: https://raw.githubusercontent.com https://*.mailerlite.com https://cdn.sanity.io; font-src 'self' https://fonts.synthetix.io https://fonts.gstatic.com https://*.mailerlite.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' https://*.mailerlite.com https://cloudflare-eth.com https://api.etherscan.io https://*.infura.io https://*.alchemyapi.io https://synths.snx.eth.link https://analytics.synthetix.io https://cdn.sanity.io https://*.algolia.net https://*.algolianet.com https://hooks.zapier.com; 1
default-src  https://etec.gov.sa  https://www.etec.gov.sa https://cdn.etec.gov.sa https://beta.etec.gov.sa:3443 https://cdn.etec.gov.sa https://spapi.etec.gov.sa:1443 https://spapi.etec.gov.sa:2443 https://beta.etec.gov.sa:4443 *.etec.gov.sa *.nca.local 'unsafe-inline';frame-src https://www.google.com   https://spapi.etec.gov.sa:2443 https://www.youtube.com ; connect-src  * 'self' ; img-src https://etec.gov.sa  https://www.etec.gov.sa https://cdn.etec.gov.sa https://etec.gov.sa https://spapi.etec.gov.sa:2443 https://img.youtube.com  data:;font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com/ 'self' data:;script-src 'self' https://etec.gov.sa  https://www.etec.gov.sa https://maps.googleapis.com https://www.googletagmanager.com https://cdn.etec.gov.sa 'unsafe-inline';style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.etec.gov.sa  'unsafe-inline'  1
default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://www.youtube-nocookie.com https://media.ccc.de https://js.stripe.com https://hooks.stripe.com https://www.paypal.com https://datawrapper.dwcdn.net;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' wss://fragdenstaat.de https://static.frag-den-staat.de https://media.frag-den-staat.de https://sentry.okfn.de https://api.stripe.com https://traffic.okfn.de;child-src 'self' blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;report-uri https://sentry.okfn.de/api/3/security/?sentry_key=f00c20a879414df69051163a90597a8c; 1
default-src https: wss: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://cdn.checkout.com https://ajax.googleapis.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://js.stripe.com *.dnapayments.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com https://www.googletagmanager.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.braintreegateway.com; connect-src 'self' https://www.google.com https://google.com https://pay.google.com https://js.checkout.com https://api.stripe.com wss://ipay-prod.service.signalr.net https://ipay-prod.service.signalr.net *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com; frame-src 'self' https://*; font-src 'self' data: https://applepay.cdn-apple.com https://fonts.gstatic.com; img-src https: data: blob: assets.braintreegateway.com checkout.paypal.com https://*.google-analytics.com https://*.googletagmanager.com;child-src assets.braintreegateway.com c.paypal.com;report-uri https://www.ipayimpact.co.uk/ipicashlessapi/api/ContentSecurityPolicy/Report; 1
frame-ancestors 'self' https://manage.tdworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors *.payback.at 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.mrrooter.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.mountain.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.web-2-tel.com https://*.processwebsitedata.com https://*.jsdelivr.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com https://*.mrrooter.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.jsdelivr.net; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.adroll.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.mrrooter.com https://*.bing.com https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.processwebsitedata.com https://*.google.co.in https://*.stape.biz; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com https://*.mrrooter.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com https://*.processwebsitedata.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
frame-ancestors 'self' chrome-extension://dipeehgoehnglgojdgfmndjemdfepkeb https://*.spendesk.com https://*.spendesk.dev https://spendesk.com https://spendesk.dev https://app.storyblok.com https://spendesk.mindtickle.com https://admin.mindtickle.com 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' base.bibtip.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://translate.google.com https://*.gstatic.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.gstatic.com https://*.googleapis.com; img-src 'self' 'unsafe-inline' data: https:; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-/nfgJxstAmhTbQoBs9owJA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com static.cloudflareinsights.com cdnjs.cloudflare.com *.cdn.cookielaw.org connect.facebook.net cdn.jsdelivr.net *.cdn.civiccomputing.com googletagmanager.com buttons-config.sharethis.com platform-api.sharethis.com m.youtube.com tagmanager.google.com www.google.com maps.google.com www.googletagmanager.com www.gstatic.com www.youtube.com www.google-analytics.com maps.googleapis.com data:;style-src 'self' 'unsafe-inline' cco.cloudflareaccess.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com;object-src 'none';child-src 'self' *.twitter.com childrenscommissioner.github.io *.soundcloud.com *.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.youtube.com;base-uri 'self';img-src 'self' s188p01webfilesupload.blob.core.windows.net s188d01webfilesupload.blob.core.windows.net s188t01webfilesupload.blob.core.windows.net assets.childrenscommissioner.gov.uk test-assets.childrenscommissioner.gov.uk dev-assets.childrenscommissioner.gov.uk www.infotex.uk www.google-analytics.com maps.gstatic.com www.facebook.com maps.googleapis.com pbs.twimg.com data: platform-cdn.sharethis.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://j.6sc.co https://static.hotjar.com https://tag.demandbase.com https://munchkin.marketo.net https://analytics.twitter.com https://t.co https://ws.zoominfo.com https://script.hotjar.com https://secure.adnxs.com https://in.hotjar.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://s0.wp.com https://my.wpengine.com https://s2.wp.com https://use.typekit.net https://a.omwpapi.com https://a.omappapi.com https://stats.wp.com https://www.google.com https://www.gstatic.com https://tags.clickagy.com https://i.vimeocdn.com https://id.rlcdn.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com https://s0.wp.com https://a.omappapi.com https://www.google.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com *.vimeocdn.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://i.vimeocdn.com https://match.prod.bidr.io https://id.rlcdn.com https://b.6sc.co https://in.hotjar.com https://segments.company-target.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com/ https://px4.ads.linkedin.com https://pixel.wp.com https://a.omappapi.com https://p.typekit.net https://stats.wp.com https://www.google.com.my https://www.google.com https://analytics.twitter.com https://t.co https://aorta.clickagy.com https://sync.crwdcntrl.net https://aa.agkn.com https://cm.g.doubleclick.net https://us-u.openx.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://ws.zoominfo.com https://api.company-target.com https://secure.adnxs.com https://c.6sc.co https://598-xvd-020.mktoresp.com https://in.hotjar.com wss://ws3.hotjar.com https://ws3.hotjar.com https://ipv6.6sc.co wss://ws42.hotjar.com https://ws42.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://api.omwpapi.com https://api.omappapi.com https://stats.wp.com wss://ws36.hotjar.com https://ws36.hotjar.com https://a.omappapi.com https://z.omappapi.com https://www.google.com https://vc.hotjar.io wss://ws16.hotjar.com https://ws16.hotjar.com https://cdn.linkedin.oribi.io https://analytics.twitter.com https://t.co https://aorta.clickagy.com https://hemsync.clickagy.com https://ws44.hotjar.com wss://ws44.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://use.typekit.net https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://static.ads-twitter.com/uwt.js https://www.google.com; media-src 'self' https://static.ads-twitter.com/uwt.js https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com; frame-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://player.vimeo.com https://vars.hotjar.com https://widgets.wp.com https://www.google.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com https://scripts.bestprice.gr https://static.cloudflareinsights.com https://tpc.googlesyndication.com https://analytics.tiktok.com  https://www.appocalypsis.com https://sc-static.net https://tr.snapchat.com https://v2.zopim.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://use.typekit.net/lgl0exs.css https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.maxstores.gr  https://maxstores.staginglh.com https://local.maxstores.gr https://maxstores.test.devlh.com https://maxstores.gr https://fonts.gstatic.com https://www.googletagmanager.com https://www.appocalypsis.com *.appocalypsis.com *.cdninstagram.com *.skroutza.skroutz.gr *.youtube.com https://i.ytimg.com https://www.glami.gr  https://skroutza.skroutz.gr https://www.facebook.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: *.typekit.net https://fonts.gstatic.com; connect-src 'self' https://analytics.tiktok.com https://pagead2.googlesyndication.com https://tr.snapchat.com *.analytics.google.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com *.google.com; frame-src *; media-src 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2E1NjliNjY0NDNlNDcwNWJmODY0ZjljMzE2ZWYyYTU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.koninklijkhuis.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.koninklijkhuis.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.koninklijkhuis.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src *; img-src * data:; style-src 'self' 'unsafe-inline' assetscdn.stackla.com vjs.zencdn.net fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com assetscdn.stackla.com data:; child-src 'self' *.stylelabs.cloud;  connect-src 'self' *; media-src *.stylelabs.cloud; block-all-mixed-content; 1
default-src 'self' http: https: ws: wss: data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' google.com www.google.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com;; style-src 'self' 'unsafe-inline' ajax.googleapis.com google.com gstatic.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
“default-src https: data: ‘unsafe-inline’ ‘unsafe-eval'” 1
base-uri 'self'; connect-src 'self' *.6sense.com *.6sc.co https://analytics.google.com https://bat.bing.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://o.clarity.ms https://settings.luckyorange.net https://stats.g.doubleclick.net https://tags.srv.stackadapt.com wss://in.visitors.live wss://visitors.live https://assets-global.website-files.com/ https://tracking.g2crowd.com/ https://ariane.abtasty.com/ https://dcinfos-cache.abstasty.com/ https://x.clarity.ms/collect https://dcinfos-cache.abtasty.com/ https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/ https://boards-api.greenhouse.io/ https://try.abtasty.com/ https://editor-api.webflow.com/ https://sessions.bugsnag.com/ *.hotjar.io/ *.hotjar.com/ https://z.clarity.ms/ *.abtasty.com; default-src 'self'; font-src 'self' blob: data: *.abtasty.com *.gstatic.com *.googleapis.com https://assets.website-files.com https://use.typekit.net *.cloudfront.net/; frame-src 'self' *.loom.com *.abtasty.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ https://td.doubleclick.net/ https://go.csdisco.com https://pixel.sitescout.com https://player.vimeo.com https://www.facebook.com https://www.google.com/ https://cdn.embedly.com/ https://boards.greenhouse.io/ https://webflow.com/ https://vimeo.com/ https://www.youtube.com/; img-src 'self' blob: *.abtasty.com *.amazonaws.com *.6sense.com *.6sc.co https://assets-global.website-files.com https://d10lpsik1i8c69.cloudfront.net https://p.typekit.net https://pixel.sitescout.com https://www.google-analytics.com https://www.google.com https://di.rlcdn.com/ https://www.facebook.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://c.clarity.ms/ https://c.bing.com/ https://i.vimeocdn.com/ https://connect.facebook.net/ https://d3e54v103j8qbb.cloudfront.net/ https://uploads-ssl.webflow.com/ *.cloudfront.net/ https://secure.gravatar.com/ *.csdisco.com/ www.csdisco.com/; manifest-src 'self'; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; object-src 'none'; report-uri https://64cd41b59299a8c1c10ec3d7.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.abtasty.com *.googleapis.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ https://dcinfos-cache.abtasty.com/ https://www.googletagmanager.com/ *.6sense.com *.6sc.co https://snap.licdn.com https://try.abtasty.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://assets-global.website-files.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://okt.to/ https://script.hotjar.com/ https://pi.pardot.com/ https://d10lpsik1i8c69.cloudfront.net/ https://assets-global.website-files.com/ https://bat.bing.com/ https://boards.greenhouse.io/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://d10lpsik1i8c69.cloudfront.net/ https://d3e54v103j8qbb.cloudfront.net/ https://extend.vimeocdn.com/ https://go.csdisco.com/ https://pi.pardot.com/ https://player.vimeo.com/ https://static.hotjar.com/ https://static.oktopost.com/oktrk.js https://tracking.g2crowd.com/attribution_tracking/conversions/4095.js https://try.abtasty.com/042c153fa36280b465e994c176d9e3a0.js https://use.typekit.net/zzf7vye.js https://www.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.vimeo.com/ https://vimeo.com/ https://tags.srv.stackadapt.com/ https://cdn01.basis.net/ https://www.clickcease.com/ https://dcinfos-cache.abtasty.com/ https://js.hsforms.net/ https://s7.addthis.com/; style-src 'report-sample' 'self' 'unsafe-inline' *.abtasty.com *.gstatic.com *.googleapis.com https://assets-global.website-files.com https://d10lpsik1i8c69.cloudfront.net https://p.typekit.net https://tags.srv.stackadapt.com https://use.typekit.net https://d3e54v103j8qbb.cloudfront.net/fonts/inter/inter.s3.3a4044b2f3.css; worker-src 'self'; 1
default-src 'self' * 'unsafe-inline'; connect-src 'self' *.arcgis.com sentry.io cdn.form.io www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.fontawesome.com *.hotjar.com *.hotjar.io wss://*.hotjar.com deedi-search.clients.squiz.net api.forms.platforms.qld.gov.au  ; font-src 'self' fonts.gstatic.com *.fontawesome.com cdnjs.cloudflare.com *.arcgis.com *.fontawesome.com ; frame-src 'self' vars.hotjar.com webplayer.whooshkaa.com www.googletagmanager.com *.arcgis.com app.powerbi.com qgsp.maps.arcgis.com www.youtube.com www.youtube-nocookie.com www.google.com  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' code.jquery.com cdn.jsdelivr.net www.google.com *.fontawesome.com webplayer.whooshkaa.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com *.hotjar.com *.google-analytics.com analytics.google.com deedi-search.clients.squiz.net deedi-search.squiz.cloud www.vision6.com.au www.youtube.com *.arcgis.com connect.facebook.net *.fontawesome.com ; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net *.arcgis.com *.fontawesome.com ; img-src 'self' * 'unsafe-inline' data:; report-uri https://csp.itp.qld.gov.au/api/report; 1
frame-ancestors https://www.shipment.co 1
connect-src 'self' *.addthis.com *.addthisedge.com *.sharethis.com *.sharethisedge.com *.facebook.com *.yext.com *.google-analytics.com *.bannerbank.com *.yext-pixel.com stats.g.doubleclick.net bam.nr-data.net wss://*.salemove.com *.salemove.com wss://*.glia.com *.glia.com *.twilio.com wss://*.twilio.com *.linkedin.oribi.io analytics.google.com *.analytics.google.com;default-src 'self' *.addthis.com *.addthisedge.com *.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com *.doubleclick.net fonts.gstatic.com www.googletagmanager.com *.sharethis.com *.sharethisedge.com web2.bannerbank.com liveapi-cached.yext.com liveapi.yext.com bam.nr-data.net hotjar.com *.glia.com *.salemove.com data:;font-src 'self' fonts.gstatic.com maxcdn.icons8.com *.typekit.net *.addthis.com *.addthisedge.com cdnjs.cloudflare.com *.sharethis.com *.sharethisedge.com data:;frame-ancestors my2.siteimprove.com 'self' us.personalcard.net *.personalcard.net *.sharethis.com *.sharethisedge.com ;frame-src 'self' us.personalcard.net *.personalcard.net *.sharethis.com *.sharethisedge.com *.doubleclick.net bannerbank.com sproutvideo.com videos.sproutvideo.com player.vimeo.com answers-bannerbank.pagescdn.com us.personalcard.net s7.addthis.com loanengine.hcdigital.com content-us-9.content-cms.com;img-src 'self' data: *.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com maxcdn.icons8.com *.sharethis.com *.sharethisedge.com *.simpli.fi tag.simpli.fi *.us.tvsquared.com *.tvsquared.com *.rubiconproject.com ups.analytics.yahoo.com *.adsrvr.org data: blob: *.bannerbank.com *.salemove.com *.glia.com px.ads.linkedin.com p.adsymptotic.com insight.adsrvr.org bat.bing.com getrockerbox.com *.adnxs.com *.doubleclick.net *.mktgcdn.com detectca.easysol.net 50022.global.siteimproveanalytics.io google.com *.facebook.com www.google.com;media-src 'self' *.addthis.com *.addthisedge.com *.sharethis.com *.sharethisedge.com data: *.salemove.com *.glia.com;script-src 'self' cdnjs.cloudflare.com *.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.sharethis.com *.sharethisedge.com *.simpli.fi tag.simpli.fi *.us.tvsquared.com *.tvsquared.com *.salemove.com *.glia.com z.moatads.com snap.licdn.com bat.bing.com getrockerbox.com web2.bannerbank.com secure.adnxs.com detectca.easysol.net siteimproveanalytics.com js-agent.newrelic.com bam.nr-data.net assets.sitescdn.net answers-bannerbank.pagescdn.com connect.facebook.net;style-src 'self' *.addthis.com *.addthisedge.com cdnjs.cloudflare.com 'unsafe-inline' *.typekit.net *.sharethis.com *.sharethisedge.com *.salemove.com *.glia.com assets.sitescdn.net *.salemove.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4rtorbpiquebd&partner=; 1
frame-ancestors 'self'; report-uri https://www.reaganlibrary.gov/report-uri/enforce 1
frame-ancestors https://*.noiz.gr; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com *.mercadolibre.com.uy ascomanet.multiaviso.com *.scotiabank.com;script-src 'self' 'unsafe-inline'  cuentastiendainglesa.com.uy cuentastiendainglesa.uy marketingsbu.com.uy recompensasmr.com.uy assets.adobedtm.com cdn.agilitycms.com www.google-analytics.com googletagmanager.com connect.facebook.net static.ads-twitter.com api.retargetly.com cdnssl.clicktale.net dpm.demdex.net www.googleadservices.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://fdsbu.forms.marketingsbu.com.uy https://tarjetas.marketingsbu.com.uy www.facebook.com www.instagram.com www.linkedin.com www.twitter.com www.elpais.com.uy www.montevideo.com.uy *.google.com www.elobservador.com.uy www.infonegocios.biz *.google.com.uy *.mercadolibre.com.uy *.scotiabank.com *.contentsquare.net  *.contentsquare.com  www.gstatic.com mapfre.forms.marketingsbu.com.uy www.googletagmanager.com  *.buscojobs.com  static.buscojobs.com www.scotiabank.com.uy;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  *.google.com.uy  *.contentsquare.net  *.contentsquare.com  *.mercadolibre.com.uy  *.scotiabank.com  cuentastiendainglesa.com.uy  cuentastiendainglesa.uy  marketingsbu.com.uy  recompensasmr.com.uy  somniture.scotiabank.com  dpm.demdex.net  https://t.co  https://www.facebook.com/  https://www.google-analytics.com  https://stats.g.doubleclick.net  https://www.google.ca  cm.everesttech.net  *.buscojobs.com  static.buscojobs.com  www.scotiabank.com.uy;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  cuentastiendainglesa.com.uy  cuentastiendainglesa.uy  marketingsbu.com.uy  recompensasmr.com.uy   *.mercadolibre.com.uy  *.scotiabank.com  *.contentsquare.net   *.contentsquare.com   *.buscojobs.com   static.buscojobs.com  www.scotiabank.com.uy; 1
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com  *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar *.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com  *.bootstrapcdn.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com  connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com;  1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://search.service.vportal.ee/v1/search/emta https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/emta https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://youtu.be/CgSBQTqbPu0 https://xgis.maaamet.ee; img-src 'self' data: *.emta.ee https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'none'; media-src 'self' *.responsivevoice.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.responsivevoice.org *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.jsdelivr.net *.fontawesome.com *.wistia.com *.questionpro.com; connect-src 'self' *.fontawesome.com *.responsivevoice.org *.google-analytics.com *.doubleclick.net *.google.com *.questionpro.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com ; img-src 'self' data:  *.openstreetmap.org placehold.it *.w.org *.google-analytics.com *.doubleclick.net *.google.com *.google.cl *.googletagmanager.com *.questionpro.com; style-src 'self' 'unsafe-inline' *.questionpro.com  fonts.googleapis.com *.fontawesome.com; frame-src 'self'  miro.com *.trencentral.cl *.youtube.com *.google.com *.questionpro.com; frame-ancestors 'self'; 1
img-src 'self' blob: data: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://s3-ap-southeast-1.amazonaws.com/agency.form.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg * https://*.google-analytics.com https://*.googletagmanager.com;font-src 'self' data: https://fonts.gstatic.com/;script-src 'self' https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.tagmanager.google.com/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://challenges.cloudflare.com https://js.stripe.com/v3 https://*.googletagmanager.com/gtag/ https://*.cloudflareinsights.com/ https://www.gstatic.com/charts/;connect-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://*.browser-intake-datadoghq.com https://sentry.io/api/ https://s3.ap-southeast-1.amazonaws.com/attachments.form.gov.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/prod.virus.scanner.quarantine https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://challenges.cloudflare.com https://js.stripe.com/;style-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/ 'unsafe-inline' https://www.gstatic.com/charts/;worker-src 'self' blob:;frame-ancestors *;report-uri https://sentry.io/api/1450832/security/?sentry_key=a6da524b405e4440bfef29457b51dfbc;default-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; img-src 'self'  'unsafe-inline' 'unsafe-eval' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; font-src 'self' 'unsafe-inline' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https: data:; media-src 'self' 'unsafe-inline' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; object-src 'none'; base-uri 'none'; frame-src 'self' 'unsafe-inline' youtube.com vimeo.com *.youtube.com *.vimeo.com data: *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; form-action 'self' 'unsafe-inline' https:; frame-ancestors 'self' *.monsido.com monsido.com *.twitter.com *.ads-twitter.com *.facebook.net *.cookieeyes.com *.amcharts.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.radial.com t.co *.linkedin.com *.pardot.com pardot.com *.adsymptotic.com *.facebook.com *.licdn.com fonts.googleapis.com http: https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' raw.githubusercontent.com cdn.jsdelivr.net www.jsdelivr.com raw.github.com cdnjs.cloudflare.com rawgit.com s3.amazonaws.com/glancecdn/cobrowse www.glancecdn.net maps.googleapis.com www.google-analytics.com www.google.com/jsapi *.comm100.com vimeo.com/api/oembed.json alq.ixn.tech/js/alq.widget.js *.auraservices.cloud *.thelifedx.com *.magnumswissre.com *.appcues.com mxpnl.com 1
frame-ancestors https://*.betdaq.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-_ZBe2_FtWthCh_CYoWmVBw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
report-uri ; base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.jardiland.com https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.jardiland.com https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self' false http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io https://ct.pinterest.com 'self' https://assets.jardiland.com https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'self' false 'sha256-9Nd8KHZz9dVDT+foIVZhI+7iKar6O+Uxw1jdqmlkKB4='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' s.w.org www.rezolucnarada.sk rezolucnarada.sk www.muzeumkremnica.sk muzeumkremnica.sk nbs.sk www.nbs.sk secure.gravatar.com yoast.com *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com epsilon.escb.eu www.ecb.europa.eu www.instagram.com twitter.com www.facebook.com www.linkedin.com vimeo.com www.youtube.com www.ta3.com *.flickr.com live.staticflickr.com connect.facebook.net a-static.projektn.sk media.joj.sk *.simplecast.com data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.axept.io api-sogecommerce.societegenerale.eu cdn.matomo.cloud ajax.googleapis.com script.hotjar.com tessi.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net static.hotjar.com maps.googleapis.com cdn.jsdelivr.net unpkg.com www.youtube.com; style-src 'self' 'unsafe-inline' data: api-sogecommerce.societegenerale.eu cdn.matomo.cloud fonts.googleapis.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: axeptio.imgix.net captcha.liveidentity.com api-sogecommerce.societegenerale.eu *.w.org cdn.matomo.cloud secure.gravatar.com www.gravatar.com script.hotjar.com userlike-cdn-operators.userlike.com maps.gstatic.com maps.googleapis.com unpkg.com; connect-src 'self' *.axept.io yoast.com *.hotjar.io *.hotjar.com tessi.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com axeptio.imgix.net wss://umd.userlike.com maps.googleapis.com; font-src 'self' data: cdn.matomo.cloud fonts.gstatic.com fonts.googleapis.com script.hotjar.com userlike-cdn-umm.b-cdn.net unpkg.com; object-src 'self'; media-src 'self' captcha.liveidentity.com cdn.matomo.cloud userlike-cdn-umm.b-cdn.net; frame-src 'self' *.doubleclick.net www.dailymotion.com www.youtube.com api-sogecommerce.societegenerale.eu *.w.org vars.hotjar.com; report-uri /?gdsih-csp-report; 1
frame-ancestors 'self' https://beta.timescard.com https://hdfcbank.timescard.com *.timescard.com 1
script-src * 'unsafe-inline' ; style-src * 'unsafe-inline' ; frame-src * 'unsafe-inline' ; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 1
font-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://d5wfroyti11sa.cloudfront.net https://*.inlinemanual.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.inlinemanual.com https://d5wfroyti11sa.cloudfront.net; img-src 'self' 'unsafe-inline' blob: data: *.babelway.net *.tradeshift.com https://chart.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com https://static.intercomassets.com https://*.inlinemanual.com https://q.stripe.com https://cdn1.iconfinder.com https://d5wfroyti11sa.cloudfront.net;default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.babelway.net *.tradeshift.com esb3.tradeshiftchina.cn esb.baiwangtradeshift.com *.taulia.com https://*.pendo.io https://*.inlinemanual.com https://*.hotjar.com https://*.hotjar.io  wss://ws.hotjar.com wss://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://ssl.google-analytics.com https://d5wfroyti11sa.cloudfront.net;frame-ancestors 'self' *.tradeshift.com *.ts.sv ; frame-src 'self' *.tradeshift.com *.pendo.com *.pendo.io *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com *.stripe.com; 1
style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; default-src 'self'; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; frame-src *; report-uri https://prodoctorov.ru/cspreport/ 1
default-src 'self' 'unsafe-inline' data: *.cachefly.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.google.pt; object-src 'none'; base-uri 'self'; media-src 'self' *.cachefly.net; font-src 'self' *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.cachefly.net *.gstatic.com *.googleapis.com *.googletagmanager.com 1
frame-ancestors internist.ru 1
upgrade-insecure-requests ; frame-ancestors 'self' *.mpowerfinancing.com insight.adsrvr.org www.youtube.com widget.trustpilot.com *.google.com *.gaconnector.com *.googletagmanager.com *.google-analytics.com *.criteo.com 1
frame-ancestors *.ucihealth.org; 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com browser.events.data.microsoft.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
default-src 'self'; script-src 'self' embed.typeform.com snap.licdn.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net openzeppelin.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com ajax.googleapis.com *.googletagmanager.com static.hsappstatic.net cdnjs.cloudflare.com *.openzeppelin.com *.cloudfront.net *.google.com boards.greenhouse.io 'unsafe-inline'; frame-src 'self' forms.hsforms.com form.typeform.com *.hubspot.com *.hs-sites.com play.hubspotvideo.com openzeppelin.com wizard.openzeppelin.com *.google.com boards.greenhouse.io; img-src 'self' data: *.linkedin.com *.hubspot.com js.hscta.net no-cache.hubspot.com *.hubspotusercontent10.net *.hubspot.net cdn2.hubspot.net cdnjs.cloudflare.com *.cloudfront.net *.hsforms.com *.fs1.hubspotusercontent-na1.net; style-src 'self' *.hubspotusercontent10.net cdn2.hubspot.net cdnjs.cloudflare.com openzeppelin.com 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' embed.typeform.com *.hubspotusercontent10.net cdn2.hubspot.net cdnjs.cloudflare.com openzeppelin.com 'unsafe-inline' fonts.googleapis.com; connect-src 'self' forms.hsforms.com cdn.linkedin.oribi.io *.google-analytics.com *.hubapi.com js.hscta.net *.hs-banner.com *.hubspotusercontent10.net *.hscollectedforms.net *.hubspot.com; font-src 'self' *.fs1.hubspotusercontent-na1.net fonts.gstatic.com github.com; object-src 'none'; worker-src 'none'; form-action 'self' forms.hsforms.com; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self'; script-src-elem 'self' embed.typeform.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net openzeppelin.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com ajax.googleapis.com *.googletagmanager.com static.hsappstatic.net cdnjs.cloudflare.com *.openzeppelin.com *.cloudfront.net *.google.com www.gstatic.com boards.greenhouse.io snap.licdn.com 'unsafe-inline'; media-src 'self' *.cloudfront.net 'unsafe-inline';; upgrade-insecure-requests 1
frame-ancestors 'self' mopinion.com app.mopinion.com 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://tablebuilder.singstat.gov.sg/ https://cse.google.com/   forms.cwp.gov.sg *.youtube.com ws.sharethis.com wogaa.demdex.net fast.wogaa.demdex.net *.powerbi.com www.google.com *.sitecore.net *.sitecore.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com https://partner.googleadservices.com/ http://cse.google.com/   http://clients1.google.com/ https://cse.google.com/ https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com assets.adobedtm.com *.dcube.cloud *.wogaa.sg *.demdex.net wogadobeanalytics.sc.omtrdc.net va.ecitizen.gov.sg *.sharethis.com *.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com/ https://*.vica.gov.sg va.ecitizen.gov.sg *.sharethis.com *.gstatic.com assets.dcube.cloud assets.wogaa.sg fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.rawgit.com; img-src 'self'  https://www.googleapis.com/     *.google.com  *.gstatic.com           *.gov.sg https://*.vica.gov.sg/ https://bucket-common.vica.gov.sg/ https://www-singstat-gov-sg.cwp-stg.sg/  https://www-singstat-gov-sg.cwp.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net va.ecitizen.gov.sg *.sharethis.com data:; font-src data: 'self' https://*.vica.gov.sg/ *.amazonaws.com va.ecitizen.gov.sg *.gstatic.com assets.dcube.cloud assets.wogaa.sg maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://csp.withgoogle.com/  wss://*.vica.gov.sg *.gov.sg https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.gstatic.com *.dcube.cloud *.wogaa.sg va.ecitizen.gov.sg *.sharethis.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.building.co.uk; 1
img-src data: *.cloudfront.net *.concertgebouw.nl https://ad.doubleclick.net https://ads-engagement.presage.io https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://imgsct.cookiebot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.googletagmanager.com *.picsum.photos http://cms.test http://test picsum.photos; object-src 'none'; script-src 'self' 'unsafe-inline' https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dev.visualwebsiteoptimizer.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com data:; object-src 'none'; frame-ancestors 'none'; img-src data: https: 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-cdn.dynatrace.com https://www.youtube.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://api.tiles.mapbox.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://z.moatads.com rpxnow.com cdn.segment.com *.janraincapture.com *.doubleclick.net *.googleadservices.com s.pinimg.com *.cloudfront.net pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com https://api.tiles.mapbox.com quilt-cdn.janrain.com *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://www.google.com i.ytimg.com pixel.tapad.com *.doubleclick.net ct.pinterest.com *.cloudfront.net videos.ctfassets.net images.ctfassets.net *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube-nocookie.com https://www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com *.bazaarvoice.com *.janraincapture.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.market.yandex.ru cdnjs.cloudflare.com https://mc.yandex.ru an.yandex.ru *.googlesyndication.com code.jquery.com https://yastatic.net https://yandex.ru cdn.ckeditor.com https://adservice.google.ru https://adservice.google.com https://*.googleadservices.com https://www.googletagservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://code.highcharts.com https://wg3.price.ru; font-src 'self' https://yastatic.net data: cdnjs.cloudflare.com https://fonts.gstatic.com https://wg3.price.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://yastatic.net https://cdn.datatables.net cdn.ckeditor.com; img-src 'self' https://ysa-static.passport.yandex.ru data: https://*.yandex.ru https://*.yandex.net https://mc.yandex.com https://*.googlesyndication.com https://mzimg.com https://www.google-analytics.com https://stats.g.doubleclick.net cdn.ckeditor.com www.gstatic.com https://ad.doubleclick.net https://tns-counter.ru https://yastatic.net https://mc.admetrica.ru https://www.googletagmanager.com https://ad.adriver.ru http://static.price.ru https://wg3.price.ru http://avatars.mds.yandex.net; connect-src 'self' https://yandex.ru https://mc.yandex.ru https://log.strm.yandex.ru https://mc.yandex.com an.yandex.ru https://yandex.ru/clck/click https://*.googlesyndication.com https://*.google-analytics.com https://*.market.yandex.ru https://stats.g.doubleclick.net https://csi.gstatic.com https://wg3.price.ru; object-src 'self' *.youtube.com; frame-src 'self' *.youtube.com https://googleads.g.doubleclick.net https://mc.yandex.md https://*.googlesyndication.com https://*.market.yandex.ru https://yastatic.net https://www.google.com https://mc.yandex.ru https://pagead2.googlesyndication.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.coop; img-src 'self' https: data: blob: https://social.coop; style-src 'self' https://social.coop 'nonce-HtH84XmtIXV3A4b9vLgywQ=='; media-src 'self' https: data: https://social.coop; frame-src 'self' https:; manifest-src 'self' https://social.coop; form-action 'self'; child-src 'self' blob: https://social.coop; worker-src 'self' blob: https://social.coop; connect-src 'self' data: blob: https://social.coop https://social-coop-media.ams3.cdn.digitaloceanspaces.com wss://social.coop; script-src 'self' https://social.coop 'wasm-unsafe-eval' 1
frame-ancestors https://new.oasis.gov.in 1
default-src 'self'; frame-ancestors 'self' *.kontent.ai *.hosted.positive.co.uk *.raymarine.com; frame-src 'self' data: https: *.cookiebot.com; img-src 'self' data: https: *.googletagmanager.com *.cloudfront.net; media-src 'self' data: https: *.googletagmanager.com *.canto.global; script-src 'self' 'unsafe-inline' data: https: *.googletagmanager.com *.amazonaws.com *.canto.global; font-src 'self' data: https: *.gstatic.com; style-src 'self' 'unsafe-inline' data: https: *.googleapis.com; connect-src data: https: *.googleapis.com *.hsforms.com *.hs-scripts.com; worker-src 'self' blob: *.raymarine.com; 1
frame-ancestors 'self' *.ten-x.com *.loopnet.com *.costar.com *.costargroup.com tenx.my.salesforce.com tenx.secure.force.com tenx.my.salesforce-sites.com d.la2-c2-ia5.salesforceliveagent.com d.la4-c4-ph2.salesforceliveagent.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests 1
connect-src 'self' *.ocs.fr sample-api-v2.crazyegg.com/n/188974/all ajax.googleapis.com cdnjs.cloudflare.com *.ads-twitter.com connect.facebook.net *.google-analytics.com *.googletagmanager.com google-analytics.com/* *.qualifio.com/* platform.twitter.com cdn.syndication.twimg.com script.crazyegg.com/pages/scripts/0018/8974.js www.googleadservices.com/pagead/conversion_async.js analytics.twitter.com/i/adsct googleads.g.doubleclick.net/* googleads.g.doubleclick.net/pagead/viewthroughconversion/984127776/ www.google.com/pagead/conversion_async.js tagmanager.google.com *.doubleclick.net go.flx1.com *.flx1.com flx1.com files.qualifio.com s.ktmx.io *.ktmx.io ktmx.io/* secure.adnx.com *.adnx.com adnx.com/* s.kmtx.io/kmpx.js secure.adnxs.com/px t.kmtx.io/s sdk.privacy-center.org api.privacy-center.org bing.com *.bing.com cdn.mateti.net cdn.mateti.net/* *.mateti.net aswpapieu.com aswpsdkeu.com/notify/v1/ua-sdk.min.js *.outbrain.com *.mozoo.com *.taboola.com *.youtube.com *.libjs.s4mdsp.com *.s4mdsp.com *.googleadservices.com; font-src 'self' https://github.com/google/fonts/blob/master/apache/opensans/* fonts.gstatic.com fonts.googleapis.com https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Light.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Semibold.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Bold.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-LightItalic.ttf https://fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.ocs.fr *.ads-twitter.com connect.facebook.net *.google-analytics.com *.googletagmanager.com google-analytics.com/* *.qualifio.com/* platform.twitter.com cdn.syndication.twimg.com script.crazyegg.com/pages/scripts/0018/8974.js www.googleadservices.com/pagead/conversion_async.js analytics.twitter.com/i/adsct googleads.g.doubleclick.net/* googleads.g.doubleclick.net/pagead/viewthroughconversion/984127776/ www.google.com/pagead/conversion_async.js tagmanager.google.com *.doubleclick.net go.flx1.com *.flx1.com flx1.com files.qualifio.com https://platform.instagram.com https://www.instagram.com s.ktmx.io *.ktmx.io ktmx.io secure.adnx.com *.adnx.com adnx.com s.kmtx.io/kmpx.js secure.adnxs.com/px t.kmtx.io/s sdk.privacy-center.org api.privacy-center.org bing.com *.bing.com cdn.mateti.net cdn.mateti.net/* aswpsdkeu.com/notify/v1/ua-sdk.min.js *.outbrain.com *.mozoo.com *.taboola.com *.youtube.com *.libjs.s4mdsp.com *.s4mdsp.com *.googleadservices.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com *.qualifio.com/* cdn.syndication.twimg.com *.ocs.fr *.ads-twitter.com connect.facebook.net google-analytics.com/* tagmanager.google.com https://cdnjs.cloudflare.com https://statics.ocs.fr; report-uri https://www.ocs.fr/report-uri/enforce 1
frame-ancestors self https://beyondthedestination.com; 1
frame-ancestors appfigures.reamaze.com 1
script-src 'unsafe-eval' 'nonce-NjNmZWUzYzktNWZlMi00YTg5LWI1NDMtM2MzMTcwNzcwYjg4' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://d2cg3f6oxmrhvg.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
default-src 'self' 'unsafe-inline' *.altmetric.com *.powerbi.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com *.facebook.com data:;; script-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js cdn.jsdelivr.net connect.facebook.net; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; connect-src 'self' wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.foia.gov 1
frame-ancestors 'self' xmatters.com *.xmatters.com xmatters-mktg.web.app xmatters-mktg.firebaseapp.com ws.zoominfo.com ws-assets.zoominfo.com *.zoominfo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.googleapis.com/ https://static.addtoany.com/ https://vjs.zencdn.net/ https://player.vimeo.com/ https://secure.gravatar.com/ https://www.youtube.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://ps.w.org/ https://yoast.com https://cdn.jsdelivr.net/ https://boards.greenhouse.io/ https://www.google.com/recaptcha/ https://hackerone.com/ https://beacon-v2.helpscout.net/ https://my.yoast.com/api/ https://*.smarthub.coop/ https://cdnjs.cloudflare.com/ajax/ https://pi.pardot.com/ https://*.nisc.coop/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://homegrown.co.in;block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mouseflow.com *.googletagmanager.com *.jsdelivr.net *.recaptcha.net *.gstatic.com smtpjs.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com; object-src 'self' 1
frame-ancestors 'self' piwik.rz.hs-fulda.de *.virtualexpo.info hochschule-fulda.ebm.ai; 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: ; font-src 'self' data:; connect-src 'self'; object-src 'none'; form-action https://mojebanka.kb.cz https://login.kb.cz; 1
default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://code.jquery.com/ https://abs.firstssl.ru/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstssl.ru/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://tag.marinsm.com/ https://mc.yandex.ru/ https://top-fwz1.mail.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://top-fwz1.mail.ru/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstssl.ru/ https://www.youtube.com/ https://www.google.com/ https://bid.g.doubleclick.net/; font-src 'self' https://netdna.bootstrapcdn.com/ data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru; 1
default-src 'self'; script-src 'report-sample' 'self' https://hu.us4.list-manage.com/ https://player.vimeo.com/api/player.js https://www.googleadservices.com https://www.google.com https://va.vercel-scripts.com/v1/script.debug.js https://humane.matomo.cloud/matomo.js https://humane.matomo.cloud/plugins/HeatmapSessionRecording/configs.php https://www.youtube.com/iframe_api https://vercel.live/ https://vercel.com 'unsafe-inline' https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://*.g.doubleclick.net ; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; img-src 'self' data: blob: https://cdn.shopify.com https://images.prismic.io https://i.vimeocdn.com/ https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; connect-src 'self' https://humane.matomo.cloud https://checkout.hu.ma.ne https://dev-checkout.hu.ma.ne https://carry-checkout.hu.ma.ne https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://vitals.vercel-insights.com https://webapi.prod.humane.cloud https://webapi.dev.humane.cloud https://vimeo.com https://auth.humane.center https://auth.dev.humane.center https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://sockjs-us3.pusher.com wss://ws-mt1.pusher.com/ wss://ws-us3.pusher.com https://region1.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; manifest-src 'self'; font-src 'self' https://assets.vercel.com; frame-src 'self' https://auth.humane.center https://auth.dev.humane.center https://auth.carry.humane.center https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ bid.g.doubleclick.net https://vercel.live/ https://vercel.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1c4ce6290da09358707613fe74943eb5&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod; worker-src blob:; frame-ancestors 'self' https://auth.dev.humane.center/ https://auth.carry.humane.center/ https://auth.humane.center/; form-action 'self'; 1
frame-ancestors *.cq6bn590y3-fabindiao1-s1-public.model-t.cc.commerce.ondemand.com *.cq6bn590y3-fabindiao1-p1-public.model-t.cc.commerce.ondemand.com fabindia.com webcache.googleusercontent.com *.cq6bn590y3-fabindiao1-s2-public.model-t.cc.commerce.ondemand.com *.fabindiaofficial.in 1
default-src 'none' ; connect-src 'self' https://um.warszawa.pl https://*.um.warszawa.pl https://wowzaec2demo.streamlock.net; font-src 'self' https://um.warszawa.pl https://*.um.warszawa.pl; frame-src 'self' blob: https://um.warszawa.pl https://*.um.warszawa.pl https://www.facebook.com https://web.facebook.com https://m.facebook.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://youtu.be https://vimeo.com https://player.vimeo.com https://www.jwplayer.com https://seizbil.zgnpragapld.pl https://forms.office.com https://app.powerbi.com; img-src 'self' https://um.warszawa.pl https://*.um.warszawa.pl https://mapa.um.warszawa.pl https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://platform.twitter.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://wowzaec2demo.streamlock.net data:; manifest-src 'self' ; media-src 'self' blob: https://um.warszawa.pl https://*.um.warszawa.pl https://www.facebook.com https://www.youtube.com https://www.jwplayer.com https://wowzaec2demo.streamlock.net; object-src 'self' ; script-src 'self' blob: https://um.warszawa.pl https://*.um.warszawa.pl https://mapa.um.warszawa.pl https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://um.warszawa.pl https://*.um.warszawa.pl https://platform.twitter.com https://ton.twimg.com; frame-ancestors 'self'; report-uri /_csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.braintreegateway.com https://koi-3qnijvuh2c.marketingautomation.services/ https://app-3qnijvuh2c.marketingautomation.services/ https://www.googletagmanager.com https://*.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com www.facebook.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org js.braintreegateway.com *.cardinalcommerce.com googleads.g.doubleclick.net glamipixel.com www.glami.hr www.glami.ro *.snapchat.com https://kendo.cdn.telerik.com/ https://cdnjs.cloudflare.com/ajax/libs/jszip/ https://cc.plationline.ro/* *.plationline.ro/*; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com https://www.googletagmanager.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.braintreegateway.com https://cc.plationline.ro/* *.plationline.ro/*; font-src 'self' fonts.gstatic.com https://use.typekit.net kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com https://www.google.at/ *.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net  https://*.google.com https://*.google.si https://*.google.rs https://*.google.hr https://*.google.ro https://www.google.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tom-tailor.store www.glami.ro www.glami.hr *.glami.si *.snapchat.com https://cc.plationline.ro/* *.plationline.ro/*; media-src 'self' data: blob:; frame-src https://*; child-src 'self' https://platform.twitter.com/ https://app-3qnijvuh2c.marketingautomation.services/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://www.googletagmanager.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com https://*.google.si https://*.google.rs https://*.google.hr https://*.google.ro https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net  https://*.google.com https://region1.analytics.google.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com https://graph.facebook.com https://www.tom-tailor.store https://cc.plationline.ro/* *.plationline.ro/*; 1
style-src 'unsafe-inline' https://populiweb.com https://populi.co https://www.populiweb.com https://www.populi.co; script-src 'unsafe-inline' https://ssl.google-analytics.com https://google.com https://www.populiweb.com https://www.populi.co https://populiweb.com https://populi.co https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MTUyLDkxLDE4Miw1MiwyMTQsMTgyLDgwLDIwMA==' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.biocadless.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.youtube.com *.yandex.ru *.salesforce.com *.twitter.com *.usefathom.com vk.com *.dataforum.pro *.googleadservices.com yastatic.net top-fwz1.mail.ru;child-src *.biocadless.com *.google.com *.gstatic.com *.doubleclick.net *.youtube.com *.salesforce.com *.twitter.com *.dataforum.pro;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.dataforum.pro;img-src * blob: data: *.biocadless.com *.dataforum.pro;font-src 'self' 'unsafe-eval' *.gstatic.com *.dataforum.pro;frame-src 'self' 'unsafe-inline' platform.dataforum.pro yandex.ru webvisor.com *.youtube.com *.google.com;connect-src *;media-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.google.com https://cdnjs.cloudflare.com https://goo.gl https://line.naver.jp https://s.ytimg.com https://twitter.com https://*.google-analytics.com https://www.googletagmanager.com https://widget.gleamjs.io https://stats.g.doubleclick.net; 1
frame-ancestors *.ibrida.io 1
frame-ancestors 'self' https://*.getinge.com:*; 1
frame-ancestors 'self' https://www.urbaninsight.com 1
frame-ancestors 'self' http://localhost 1
default-src https://*.big4.com.au; connect-src 'self' data: https: *.abtasty.com *.contentsquare.net; child-src 'self' https: blob:; font-src 'self' data: https:; frame-ancestors 'self' https://*.big4.com.au; frame-src  'self' https:; form-action 'self' https:; img-src 'self' data: https: blob: *.contentsquare.net; worker-src 'self' blob:; script-src 'self' 'nonce-jRIs56kO71hjePzcAiMjIiIH+Nil22lriV9kTHQhKCs=' 'unsafe-eval' 'unsafe-inline' blob: 'sha256-/Tw1CUQaZj3yH2nxl9nyJFaYjrC1H/uoKb/GW4m9Cgg=' 'sha256-EGS9/79G+CXf0CN6ZS7Xb4A/InuKBTviYprKiSZx7fA=' 'sha256-cahM5LQiEzhDcHGZ7yG1S1TWdr0byoGzldv+3LkvdLM=' 'sha256-23dIBWuiV8/JZym0MK7/PmmYtK6PE7Fn20zO0X07SSY=' 'sha256-xfJWcN5UtRSbcf79ZAj033cOP//lohtNhtfXQez74hE=' 'sha256-ijmyaessuydjYbuosqDvQbpQOB+bjJoBtGaMdPgm8yA=' 'sha256-jWM8eqlKZuf+3gQmMRBYV6E95+gxgfS4XzVWwBLxKVs=' 'sha256-lmLfMaEfKezGVg8XluJHRv+5gggh45kbO5jPi66ibXE=' t.contentsquare.net app.contentsquare.com *.abtasty.com *.omappapi.com *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com analytics.tiktok.com atlas.microsoft.com bat.bing.com connect.facebook.net fxctag.com graph.facebook.com googleads.g.doubleclick.net google-analytics.com googletagmanager.com js.facebook.com js.adsrvr.org kit.fontawesome.com hat.thepointyspritesclub.com core.thepointyspritesclub.com r.bing.com static.zipmoney.com.au static.zip.co securepubads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com use.fontawesome.com unpkg.com www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com js.monitor.azure.com trx-cdn.zip.co www.clarity.ms edge.fullstory.com js.stripe.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https:; report-uri /api/csp/ReportCSP 1
upgrade-insecure-requests; default-src 'self' wss://*.hotjar.com *.dhl24.com.pl *.dhl.pl; img-src 'self' x.bidswitch.net r.casalemedia.com id5-sync.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com e1.emxdgt.com dpm.demdex.net *.criteo.com region1.analytics.google.com *.bing.com *.clarity.ms cdn.cookielaw.org www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com www.google.pl www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.criteo.com *.criteo.net *.facebook.com *.fbcdn.net *.openstreetmap.org dhlpoland.pl *.hotjar.com *.hotjar.io *.tradedoubler.com *.smartadserver.com *.adform.net *.push-ad.com push-ad.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.revhunter.tech *.dhl24.com.pl *.dhl.pl; script-src 'strict-dynamic' 'nonce-K9uS2s8jHUiuDJqvwqyqVZtD' *.push-ad.com push-ad.com *.criteo.com *.criteo.net accounts.google.com www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com www.google.pl www.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net connect.facebook.net swrap.tradedoubler.com *.clickonometrics.pl *.retargeted.co cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com cdnjs.cloudflare.com analytics.sleeknote.com fonts.googleapis.com *.hotjar.com *.hotjar.io *.sleeknote.com tbl.tradedoubler.com tbs.tradedoubler.com tpc.googlesyndication.com www.facebook.com tagmanager.google.com cookielaw.org dhlpoland.pl *.tradedoubler.com a.omappapi.com optinmonster.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.smartlook.com *.smartlook.cloud *.revhunter.tech *.dhl24.com.pl *.dhl.pl 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'nonce-K9uS2s8jHUiuDJqvwqyqVZtD' *.criteo.com www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com *.bootstrapcdn.com *.hotjar.com *.hotjar.io fonts.googleapis.com *.push-ad.com push-ad.com *.doubleclick.net *.googletagmanager.com *.getsitecontrol.com push.dhl24.com.pl *.revhunter.tech cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.dhl24.com.pl *.dhl.pl; font-src 'self' www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se *.bootstrapcdn.com *.hotjar.com *.hotjar.io fonts.gstatic.com *.push-ad.com *.doubleclick.net *.googletagmanager.com *.getsitecontrol.com push-ad.com push.dhl24.com.pl *.revhunter.tech *.dhl24.com.pl *.dhl.pl; frame-src 'self' *.criteo.com *.criteo.net www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com *.dhl.pl *.hotjar.com *.hotjar.io tbs.tradedoubler.com *.push-ad.com push-ad.com *.doubleclick.net *.googletagmanager.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.revhunter.tech; connect-src 'self' *.criteo.com region1.analytics.google.com *.clarity.ms *.google-analytics.com *.hotjar.com *.hotjar.io *.doubleclick.net *.push-ad.com push-ad.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.googletagmanager.com adservice.google.com wss://*.hotjar.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.smartlook.com *.smartlook.cloud *.revhunter.tech; worker-src 'self' blob: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.complianceweek.com; 1
default.src 'self'; 1
default-src 'none'; report-uri /next-external/log/csp/violations; report-to csp-violations; connect-src 'self' wss://www.nordnet.dk https://analytics.prod.nntech.io https://analytics.nordnet.dk https://cdn.prod.nntech.io https://api.prod.nntech.io https://api.test.nntech.io https://experimentation.public.prod.nntech.io https://nordnet.humany.net https://www.google-analytics.com https://adservice.google.com https://www.google.com https://storage.googleapis.com https://www.recaptcha.net; font-src 'self' https://cdn.prod.nntech.io https://nordnet.humany.net; frame-src https://10961666.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.acast.com https://link.tink.com https://www.tv2.no https://checkout.trustly.com https://www.recaptcha.net https://t.email.nordnet.dk; img-src 'self' https://analytics.prod.nntech.io https://analytics.nordnet.dk https://cdn.prod.nntech.io data: blob: https://www.google-analytics.com https://shareville-static.s3.amazonaws.com https://shareville-media.s3.amazonaws.com https://www.googletagmanager.com https://nordnet.humany.net https://humany.blob.core.windows.net https://cdn.tink.se https://images.ctfassets.net https://i.vimeocdn.com https://img.youtube.com https://www.recaptcha.net https://www.gstatic.com https://blog.nordnet.dk; manifest-src 'self'; media-src https://cdn.prod.nntech.io https://videos.ctfassets.net; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-53257d21-8f27-4c62-b708-f5220d5a5c99' https://analytics.prod.nntech.io https://analytics.nordnet.dk https://cdn.prod.nntech.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net; script-src-attr 'none'; style-src 'unsafe-inline' 'self' https://cdn.prod.nntech.io https://nordnet.humany.net https://www.gstatic.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://www.shareville.se https://pvu.nets.no https://online.alandsbanken.fi https://verkkopankki.danskebank.fi https://verkkomaksu.handelsbanken.fi https://epmt.nordea.fi https://identify.nordea.com https://verkkomaksu.poppankki.fi https://verkkomaksu.saastopankki.fi https://online.s-pankki.fi https://auth.aktia.fi; frame-ancestors https://app.contentful.com; 1
default-src 'self'; script-src 'self' https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
base-uri 'self'; block-all-mixed-content ; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' data: https://sourcewhale.app https://*.sourcewhale.app https://*.ingest.sentry.io https://*.swl.is https://*.giphy.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.gstatic.com https://heapanalytics.com https://*.birdie.so https://*.hellozest.io https://web.delighted.com wss://ws.pusherapp.com https://delighted.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com https://*.auryc.com; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io https://*.birdie.so https://*.hellozest.io; frame-ancestors 'self' https://bullhornstaffing.com https://*.bullhornstaffing.com https://jobadder.com https://*.jobadder.com https://pipedrive.com https://*.pipedrive.com https://*.live.com https://*.sharepoint.com https://outlook.office.com https://outlook.office365.com; frame-src 'self' https://accounts.google.com https://intercom-sheets.com https://*.birdie.so https://*.hellozest.io https://*.loom.com; img-src 'self' https: data: blob:; media-src 'self' data: https://*.intercomcdn.com https://sourcewhale.app https://*.sourcewhale.app https://sourcewhale-client-data-prod.s3.amazonaws.com; object-src 'none'; script-src 'self' https://ajax.aspnetcdn.com https://browser.sentry-cdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://s3.amazonaws.com/intercom-sheets.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://appsforoffice.microsoft.com https://app.birdie.so https://app.hellozest.io https://d2yyd1h5u9mauk.cloudfront.net https://outlook.office.com https://outlook.office365.com; script-src-elem 'self' https://ajax.aspnetcdn.com https://browser.sentry-cdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://s3.amazonaws.com/intercom-sheets.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://appsforoffice.microsoft.com https://app.birdie.so https://app.hellozest.io https://d2yyd1h5u9mauk.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://heapanalytics.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://heapanalytics.com; style-src-attr 'self' 'unsafe-inline'; worker-src blob: 1
upgrade-insecure-requests; default-src 'unsafe-eval' 'self' 'unsafe-inline' data: https://vehicle-search.lookers.co.uk *.lookers.uk *.azureedge.net *.zap-map.com *.civiccomputing.com  *.azurewebsites.net https://r1.dotdigital-pages.com https://new.img-cdn.lookers.co.uk https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com http://www.googleadservices.com https://*.googleapis.com https://*.youtube.com https://video.citnow.com https://*.doubleclick.net https://bat.bing.com connect.facebook.net https://www.facebook.com *.trackedweb.net https://event-api.contactatonce.co.uk https://agentpresence.contactatonce.co.uk lookers.calltracks.com https://tag.contactatonce.co.uk *.reputation.com https://*.codeweavers.net https://*.cwcloud.net https://*.go-mpulse.net https://*.vo.msecnd.net *.clarity.ms https://*.adalyser.com https://*.adnxs.com https://*.innovid.com https://*.cloudfront.net https://*.mediaiqdigital.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dc.services.visualstudio.com *.gstatic.com https://control.lifeonshow.tv *.videocdn.com *.vimeocdn.com *.vimeo.com https://eu.cdn.autosonshow.tv *.akamaihd.net *.akstat.io http://images.capnetwork.co.uk https://images.capnetwork.co.uk https://lpcdn.lpsnmedia.net https://chat.contactatonce.co.uk https://i.ytimg.com https://lptag.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.v.liveperson.net *.liveperson.net wss://lo.msg.liveperson.net; font-src 'self' 'unsafe-inline' data: https://*.hotjar.com https://fonts.gstatic.com https://cdn.contactatonce.com; object-src 'none'; frame-ancestors 'self' https://*.salesforce.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cookiebot.com *.mutinycdn.com fast.wistia.net fast.wistia.com j.6sc.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsforms.net js.hubspot.com js.qualified.com pi.pardot.com *.hotjar.com snap.licdn.com *.aprimo.com *.parsely.com www.google-analytics.com www.googletagmanager.com *.hsforms.net www.youtube.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src *; font-src * data:; frame-src 'self' app.qualified.com *.cookiebot.com *.aprimo.com *.hsforms.com https://app.mutinyhq.com www.youtube.com open.spotify.com fast.wistia.net w.soundcloud.com; img-src * data:; manifest-src 'self'; media-src 'self' data: blob: *; frame-ancestors https://app.mutinyhq.com nurturenow.pathfactory.com; worker-src 'self' blob:; 1
frame-ancestors https://admin.paradiso.nl; 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.youtube.com https://www.google.com; form-action 'self' https://*.geonet.org.nz; default-src 'none'; img-src 'self' *.geonet.org.nz data: https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; style-src 'self'; script-src  'nonce-NTIP6bqthckOp24kkf2U' 'strict-dynamic' 'self'; connect-src 'self' https://*.geonet.org.nz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com; img-src 'self' data: blob: https://s3.amazonaws.com https://img.youtube.com https://i.ytimg.com https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 1
default-src 'self' https://www.spain-tourist-guide.com https://www.spaintouristguide.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-NyuaTYJUJ8lOVroYjXP0EoODWM1pWklEPLI6NOlBuDI=' 'sha256-K7gF/7OhKGNWxE3h9Ci1WdJDk6rmoqZ89KE8N/LuTCc=' 'sha256-/Mkon+xw3qHmSNMrtmzcD42MJVpVElk9TlO59YjpWZQ=' 'sha256-WnCLaOI96qebo2XqRtOC8T/O0r1JZY+MiifHTMJy0qQ=' 'sha256-X11ejCuxD+9gfFOcAw/zUJSOvRKSV33AWbyNfEHS+Ac=' 'sha256-WyUgtBw34gov4qpttglcsL9HselKX0nPL88cMj9w8SY='; script-src 'self' https://www.spain-tourist-guide.com https://www.spaintouristguide.com https://www.google.com/afsonline/show_afs_search.js https://static.cloudflareinsights.com/beacon.min.js; connect-src 'self' https://touristactive.net:9000 https://www.spaintouristguide.com https://www.spain-tourist-guide.com https://cloudflareinsights.com; form-action 'self' https://www.spaintouristguide.com https://www.xe.com/ucc/convert.cgi https://ticketbar.eu/controllers/shoppingCart.cfc; img-src 'self' https://www.spaintouristguide.com https://www.montserrat-tourist-guide.com data:; 1
default-src 'self' 'unsafe-inline' data: https://*.googlesyndication.com https://*.libanswers.com https://*.ebscohost.com https://*.eab.com https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.lottiefiles.com https://*.calendly.com https://calendly.com https://*.cdninstagram.com https://graph.instagram.com https://*.mc.edu https://*.stripe.com https://*.paypal.com https://*.typekit.net https://www.instagram.com https://unibuddy.co https://*.vimeo.com https://*.technolutions.net https://www.shoppingsheet.com https://mississippicollege-1ba9f.kxcdn.com ldaps://ad.mc.edu https://*.linkedin.com https://*.siteimproveanalytics.io  https://p.adsymptotic.com https://*.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.google.com https://*.withgoogle.com https://*.doubleclick.net https://*.meritpages.com https://*.bing.com https://*.clarity.ms https://*.stackadapt.com https://cdn.linkedin.oribi.io https://*.facebook.net https://*.facebook.com https://www.clickcease.com https://analytics.tiktok.com https://*.gstatic.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://forms.monday.com/ https://*.jsdelivr.net https://diplomasondemandweb.com; script-src 'unsafe-inline'  'unsafe-eval' properties: https://*.eab.com https://*.googlesyndication.com https://*.libanswers.com https://*.ebscohost.com https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.mc.edu https://*.calendly.com https://*.lottiefiles.com https://*.stripe.com https://*.paypal.com https://www.instagram.com https://www.googleoptimize.com https://*.unibuddy.co https://unpkg.com https://*.jsdelivr.net https://*.cloudflare.com https://www.shoppingsheet.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://www.clarity.ms https://*.stackadapt.com https://mississippicollege-1ba9f.kxcdn.com https://*.meritpages.com https://snap.licdn.com https://connect.facebook.net https://www.clickcease.com https://analytics.tiktok.com https://*.doubleclick.net https://*.technolutions.net https://siteimproveanalytics.com https://*.vimeo.com https://*.vimeocdn.com https://*.twitter.com https://diplomasondemandweb.com; style-src 'self' 'unsafe-inline' https://*.eab.com https://*.googlesyndication.com https://*.ebscohost.com  https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.mc.edu https://*.calendly.com https://calendly.com https://*.lottiefiles.com https://*.stripe.com https://*.paypal.com https://www.shoppingsheet.com https://www.google.com https://*.googleapis.com https://*.gstatic.com https://mississippicollege-1ba9f.kxcdn.com https://*.typekit.net https://*.technolutions.net https://*.stackadapt.com https://s3.amazonaws.com https://diplomasondemandweb.com/ https://*.jsdelivr.net https://*.vimeo.com https://*.vimeocdn.com; frame-ancestors 'self' https://mc.meritpages.com https://www.meritpages.com https://*.unibuddy.co https://*.calendly.com 1
default-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://qalogin-za.eu.cognizantorderservnxtgen.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com;font-src 'self' https: https://fonts.googleapis.com https://tools.ietf.org https://fonts.gstatic.com;connect-src 'self' 'unsafe-inline' https: https://order.kfc.co.za https://cdn.contentful.com;media-src 'self' 'unsafe-inline' https: https://videos.ctfassets.net;img-src 'self' 'unsafe-inline' data: https: https://images.ctfassets.net https://order.kfc.co.za;frame-src 'self' https://www.google.com https://about.kfc.co.au https://microapps.google.com https://pay.google.com https://checkout.paypal.com https://www.sandbox.paypal.com https://assets.braintreegateway.com https://c.sandbox.paypal.com https://dashboard.d3mand.tech https://delivery.uber.com https://jngl.ml https://backend.skedadel.co.za https://a19558781057.cdn.optimizely.com *.cdn.optimizely.com;upgrade-insecure-requests 1
frame-ancestors magazin.ms.beta.rossmann.hu magazin.microservices.rossmann.hu *.beta.rossmann.hu *.rossmann.hu *.blikk.hu 1
default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-M9Pucn6dkiR3BkGQCFATXg=='; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' https://cdn.matomo.cloud https://*.cdninstagram.com/ https://storage.elfsight.com/ https://static.elfsight.com https://apps.elfsight.com https://cdn.datatables.net/ https://widget.spreaker.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' https://www.gravatar.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/  https://fonts.googleapis.com https://p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://eng.matomo.cloud https://storage.elfsight.com/ https://apps.elfsight.com/ https://www.eng.it/ https://video.eng.it https://www.google-analytics.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.spreaker.com; img-src 'self' data: https://www.google.com/recaptcha/ https://maps.googleapis.com  https://maps.gstatic.com https://www.google-analytics.com https://*.cdninstagram.com/ https://*.elfsightcdn.com/; manifest-src 'self'; media-src 'self' blob: https://video.eng.it; worker-src blob:; 1
frame-ancestors 'self' file://* https://*.readpaper.com https://*.readpapers.com https://*.readpapers.cn https://*.readpaper.cn https://*.idea.edu.cn http://*.idea.edu.cn 1
img-src *.linkedin.com *.zopim.io queue-it.com *.giphy.com https://*.codecogs.com https://*.hubspot.com script.hotjar.com *.fs1.hubspotusercontent-na1.net https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://www.hotjar.com/ https://googleads.g.doubleclick.net/ 'self' data:; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com script.hotjar.com ; default-src 'self' *.aspnetcdn.com cdnjs.cloudflare.com *.googletagmanager.com *.hotjar.com *.convertexperiments.com snap.licdn.com *.zdassets.com queue-itchat.zendesk.com youtube.com fonts.gstatic.com fonts.googleapis.com wss://widget-mediator.zopim.com www.youtube.com wss://*.hotjar.com/api/v2/client/ws *.hotjar.io *.hs-scripts.com *.infogram.com *.youtube-nocookie.com *.vimeo.com *.popt.in https://www.google-analytics.com unpkg.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://api.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://app.hubspot.com https://assets.queue-it.net https://js.hsleadflows.net/leadflows.js cdn.cookietractor.com https://js.hsforms.net/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://td.doubleclick.net/ https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://www.googleadservices.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com/ https://region1.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://scripts.teamtailor-cdn.com https://js.hs-analytics.net/ https://app.cookietractor.com/ https://adservice.google.com/ cdn.jsdelivr.net https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; 1
script-src https://*.golocal.de https://fundingchoicesmessages.google.com/ https://adservice.google.de https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com https://apis.google.com https://wwa.wipe.de https://cdn.ravenjs.com https://script.ioam.de https://*.de.ioam.de https://*.h5v.eu https://highfivve.github.io https://api.sovendus.com https://rec.smartlook.com https://*.consentmanager.net https://consentmanager.net https://*.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://*.googlesyndication.com https://adservice.google.com https://connect.facebook.net https://*.googleapis.com https://*.youtube.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src https://*.golocal.de blob: 1
frame-ancestors officiallondontheatre.com *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info *.si9n.io *.signage.ninja; default-src blob: https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' http://www.thetrumpet.co.uk 1
default-src 'self'; media-src 'self' *.blob.core.windows.net *.accentjobs.be accentjobs.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com slgnt.accentjobs.be houseofhr.slgnt.eu privacyportal-eu-cdn.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.googletagmanager.com *.trustpilot.com https://www.youtube.com/ maps.googleapis.com www.google-analytics.com targetemsecure.blob.core.windows.net the.itemwi.se connect.facebook.net snap.licdn.com cdn.polyfill.io api.itemwise.com www.google.com www.gstatic.com *.clarity.ms *.hotjar.com *.bing.com *.hotjar.io *.visualwebsiteoptimizer.com *.tiktok.com *.accentjobs.be houseofhr-be.blueconic.net; child-src 'self' data:; worker-src blob: 'self' accdigsignsadev01.blob.core.windows.net; style-src 'self' fonts.googleapis.com 'unsafe-inline' houseofhr.slgnt.eu privacyportal-eu-cdn.onetrust.com slgnt.accentjobs.be; font-src 'self' fonts.gstatic.com privacyportal-eu-cdn.onetrust.com fonts.googleapis.com slgnt.accentjobs.be data:; img-src 'self' data: *.ads.linkedin.com *.googletagmanager.com houseofhr.slgnt.eu maps.gstatic.com maps.googleapis.com slgnt.accentjobs.be cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com www.facebook.com *.blob.core.windows.net *.accentjobs.be *.clarity.ms *.hotjar.com *.bing.com accentjobs.be www.google.be *.visualwebsiteoptimizer.com *.tiktok.com houseofhr-be.blueconic.net; connect-src 'self' data: stats.g.doubleclick.net googleads.g.doubleclick.net wss://*.twilio.com *.twilio.com *.sentry.io *.houseofhr.com *.accentjobs.be houseofhr.slgnt.eu *.google-analytics.com https://www.gstatic.com ws://localhost:3000/_next/webpack-hmr privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com cdn.cookielaw.org geolocation.onetrust.com cookie-cdn.cookiepro.com pagead2.googlesyndication.com maps.googleapis.com px.ads.linkedin.com site-azp.slgnt.eu *.blob.core.windows.net consent-api.onetrust.com *.clarity.ms *.hotjar.com *.bing.com *.hotjar.io accentjobs.be wss://*.hotjar.com *.analytics.google.com *.visualwebsiteoptimizer.com *.tiktok.com houseofhr-be.blueconic.net www.google.be www.google.com; frame-src * data:; 1
default-src 'self' 'unsafe-inline' 'strict-dynamic'; img-src * 'self' data: https://cdn-benkb.nitrocdn.com/; font-src * data: https://cdn-benkb.nitrocdn.com/; style-src * 'self' 'unsafe-inline' 'strict-dynamic' blob: 'unsafe-eval' https://cdn-benkb.nitrocdn.com/; style-src-elem * 'self' 'unsafe-inline' 'strict-dynamic'; object-src 'none'; script-src * 'self' 'unsafe-inline' blob: 'unsafe-eval' https://cdn-benkb.nitrocdn.com/ https://nitroscripts.com/; script-src-elem * 'self' 'unsafe-inline' blob:; base-uri 'self'; connect-src * 'self' 'unsafe-inline' 'strict-dynamic' https://cdn-benkb.nitrocdn.com/ https://to.getnitropack.com/; frame-src * 'self' data:; worker-src 'self' 'unsafe-inline' 'strict-dynamic' blob: https://cdn-benkb.nitrocdn.com/; child-src 'self' 'unsafe-inline' 'strict-dynamic' blob: 1
default-src cloudron.io *.cloudron.io; frame-src 'self' cloudron.io *.cloudron.io *.hcaptcha.com js.stripe.com; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; 1
frame-ancestors 'self' https://www.a12.com http://portala12-env.eba-kscksae2.us-east-1.elasticbeanstalk.com 1
default-src 'self' netlify-cdp-loader.netlify.app; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' netlify-cdp-loader.netlify.app; connect-src *; frame-src 'self' app.netlify.com; style-src 'self' 'unsafe-inline'; 1
default-src blob: data: https: 'unsafe-eval' 'unsafe-inline' 'self' https://*.googletagmanager.com https://challenges.cloudflare.com/ https://*.wistia.com https://www.googleadservices.com https://*.adform.net https://connect.facebook.net https://bat.bing.com https://js.adsrvr.org https://td.doubleclick.net https://*.adsrvr.org https://lvm.de *.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com ; connect-src data: 'self' *.doubleclick.net/ *.google-analytics.com/ *.analytics.google.com *.googletagmanager.com *.google.com *.google.de *.bing.com/ *.wistia.com *.wistia.net *.lvm.de embedwistia-a.akamaihd.net/ *.litix.io api.userlike.com chat.userlike.com www.userlike.com wss://chat.userlike.com/ wss://umd.userlike.com/ https://bankauswahl.giropay.de/ https://bankauswahl.girocheckout.de https://sentry.lvm.de https://cybercheck.lvm.de https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net/ https://tr.snapchat.com/ *.delivery.consentmanager.net https://track.adform.net/ userlike-cdn-operators.userlike.com userlike-cdn-widgets.userlike.com *.lvm-prod.magnolia-platform.com *.lvm.magnolia-platform.com ; media-src *.lvm.de d3dc1lgancj6l0.cloudfront.net dq4irj27fs462.cloudfront.net blob: data: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' *.lvm.de ; img-src https://*.lvm.de data: blob: https://*.consentmanager.net https://*.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-operators.userlike.com https://*.wistia.com https://*.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com https://www.google.de https://www.google-analytics.com https://lvm.de https://track.adform.net https://insight.adsrvr.org https://play.google.com https://fonts.gstatic.com https://d1m3qravo0uxtt.cloudfront.net https://api.mapbox.com 1
frame-src blob: *.vimeo.com *.turecibo.com *.turecibo.com.ar *.youtube.com *.google.com *.hotjar.com *.helphero.co ; 1
default-src 'self' data: *.bam.de https://*.bam.de http://*.bam.de https://*.youtube.com https://*.youtu.be https://pbs.twimg.com https://vimeo.com https://*.vimeo.com https://*.sibforms.com; script-src 'self'  *.bam.de; style-src 'self'; 1
frame-ancestors 'self'; object-src none; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob: 'self'; script-src 'sha256-VnM7EAINoazo9D3ek3JS/BN8MnXwlgOCcsstm+6k8us=' 'nonce-6NsipBilfwX7NFDMazGMRQ==' 'strict-dynamic' 'self' www.google-analytics.com www.googletagmanager.com static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'self' 'unsafe-inline' at.alicdn.com coinex.zendesk.com coinex.zendesk.co static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src 'self' www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'self' at.alicdn.com data: unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src 'self' *.zendesk.com *.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src 'self' player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be blob: *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 1
default-src 'self' *.yay.space; style-src 'self' 'unsafe-inline'; img-src * data: blob: *.yay.space; script-src 'self' 'unsafe-eval' https://www.google.com https://js-agent.newrelic.com https://platform.twitter.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://bam-cell.nr-data.net https://*.stripe.com 'nonce-Yi01FQ4k/0hkB30Ivu7Ocw=='; frame-src 'self' https://platform.twitter.com https://www.google.com https://www.youtube.com https://*.stripe.com; media-src 'self' *.yay.space https://yay-space-stg.s3.amazonaws.com; connect-src 'self' *.googleapis.com *.yay.space https://analytics.google.com https://www.facebook.com https://bam-cell.nr-data.net https://webcollector-rtm.agora.io:* https://*.stripe.com https://cdn.growthbook.io wss://*.yay.space *.sd-rtn.com:* https://stats.g.doubleclick.net *.agora.io:* wss://*.agora.io:* wss://*.sd-rtn.com:*    https://idcardcheck.com https://yay-space.s3.us-west-002.backblazeb2.com https://yay-space.s3.ap-northeast-1.amazonaws.com https://cdn.yay.space  data:; worker-src 'self' blob: 1
frame-ancestors activity.meyo.one activity-cf.meyo.one 'self' 1
base-uri 'self' *.clearesult.io *.clearesult.com *.azurewebsites.net; default-src 'self' data: *.clearesult.io *.clearesult.com *.azurewebsites.net *.fullstory.com *.amazonaws.com *.g.doubleclick.net *.amazonaws.com *.clearesult.io *.clearesult.com https://dc.services.visualstudio.com https://www.google-analytics.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gtranslate.net/widgets/latest/dropdown.js *.gtranslate.net https://cdn.gtranslate.net/* *.cookielaw.org *.clearesult.io *.clearesult.com *.googleapis.com *.azurewebsites.net *.vimeocdn.com *.fullstory.com *.google.com *.gstatic.com https://www.gstatic.com kit.fontawesome.com https://az416426.vo.msecnd.net *.googletagmanager.com cdn.jsdelivr.net static.cloudflareinsights.com ajax.cloudflare.com ajax.googleapis.com *.google-analytics.com https://www.datadoghq-browser-agent.com snap.licdn.com js-na1.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleadservices.com googleads.g.doubleclick.net js.hsforms.net forms.hsforms.com *.googleapis.com js.usemessages.com cdnjs.cloudflare.com https://cdn.frontify.com/* https://cdn.frontify.com/finder/frontify-finder-latest.min.js *.frontify.com/* https://www.clarity.ms; img-src * 'self' data: https: *.clearesult.io *.clearesult.com *.azurewebsites.net *.vimeocdn.com www.googletagmanager.com images.ctfassets.net *.google.com *.google-analytics.com *.sharepoint.com *.windows.net *.microsoftonline.com; font-src 'self' data: *.clearesult.io *.clearesult.com *.azurewebsites.net fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com https://translate.googleapis.com/translate_static/css/translateelement.css https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.css *.clearesult.io *.clearesult.com *.azurewebsites.net *.vimeocdn.com fonts.googleapis.com fonts.gstatic.com https://www.gstatic.com; frame-src *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com https://td.doubleclick.net https://www.youtube-nocookie.com *.clearesult.io *.clearesult.com *.azurewebsites.net *.hubspot.com *.google.com *.gstatic.com vimeo.com *.vimeo.com bid.g.doubleclick.net js.hsforms.net forms.hsforms.com *.youtube.com https://www.google.com; object-src 'none'; form-action 'self' *.clearesult.io *.clearesult.com *.azurewebsites.net https://cl.s10.exct.net fe3c15707564047a711172.pub.s10.sfmc-content.com *.hsforms.com; frame-ancestors *.azurewebsites.net *.clearesult.io *.clearesult.com; connect-src https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/wa/* https://px.ads.linkedin.com/* https://px.ads.linkedin.com/wa *.px.ads.linkedin.com https://adservice.google.com/pagead https://adservice.google.com/pagead/* https://pagead2.googlesyndication.com https://forms.hscollectedforms.net *.clarity.ms/collect https://k.clarity.ms/collect *.clearesult-preprod.com *.clearesult-stg.com *.clearesult-qa.com *.clearesult-dev.com *.linkedin.oribi.io *.cookielaw.org *.onetrust.com *.clearesult.io *.clearesult.com *.azurewebsites.net *.googleapis.com *.fullstory.com *.amazonaws.com *.fontawesome.com *.google-analytics.com https://elastic.snaplogic.com *.g.doubleclick.net https://dc.services.visualstudio.com *.analytics.google.com analytics.google.com https://*.logs.datadoghq.com *.hubspot.com api.hubapi.com *.google.co.in www.google.co.in *.hsforms.com https://www.google.com *.googlesyndication.com https://csp.withgoogle.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://erpapidev.mke.gov.tr/ https://erpapitest.mke.gov.tr/ https://erpapi.mke.gov.tr/; font-src 'self' https://fonts.gstatic.com ; object-src 'self' blob: www.youtube.com; media-src 'self'; frame-src 'self' blob: http://maps.google.com https://www.google.com/maps/ https://maps.googleapis.com https://www.youtube.com https://vimeo.com/ https://yandex.com/ 1
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://s-ryhman-hotellit.salesfra.me https://salesfra.me; 1
frame-ancestors outervision.com https://www.fsplifestyle.com https://www.fsp-group.com https://enermaxusa.com https://www.enermax.com; 1
default-src 'self';script-src 'self' https://code.google.com https://www.googletagmanager.com https://www.google-analytics.com https://js.arcgis.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.youtube-nocookie.com https://www.sepa.org.uk https://informatics.sepa.org.uk https://consultation.sepa.org.uk 'sha256-xFcz1mW9NtJ/JwMxyKFK4b26zWHFWyc9D2nzc1cIOf4=' 'sha256-noPzCT9H4CZ8oEJyNv//uFZP+w6RHdHlKU4GlAtudnY=' 'sha256-TF0brGeYnAtO3F+8CGv4gqt3PeaRbvT9HooFEW9OdyI=' https://localhost;object-src 'self';style-src 'self' 'unsafe-inline' https://code.google.com https://js.arcgis.com https://www.sepa.org.uk https://informatics.sepa.org.uk https://cdnjs.cloudflare.com https://localhost;img-src 'self' https://js.arcgis.com https://www.google-analytics.com https://www.sepa.org.uk https://localhost;media-src 'self';frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.sepa.org.uk https://informatics.sepa.org.uk https://prezi.com https://localhost;font-src 'self' https://js.arcgis.com https://cdnjs.cloudflare.com;connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.sepa.org.uk https://localhost;base-uri 'self';worker-src 'self';upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; report-uri https://67b7f90cf630d6304a07b795f01b5de9.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MjVlOGExOWU3ZjI2NGQ4Yjg0YjlhZmQ3YzA3ZmZlNjk=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.arboportaal.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.arboportaal.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.arboportaal.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.asite.com; upgrade-insecure-requests 1
default-src https:; frame-src https: blob:; connect-src https: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; object-src 'none'; media-src https: blob:; base-uri 'self' https://ihan.matomo.cloud https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi; form-action 'self' https://sitra.creamailer.fi https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.youtube.com *.fontawesome.com *.googleapis.com *.google.com *.rubensteintech.com *.winston.com *.google-analytics.com siteimproveanalytics.com *.typekit.net *.crazyegg.com *.googletagmanager.com *.gstatic.com *.en25.com *.eloqua.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.google.com *.winston.com; img-src 'self' data: *; font-src 'self' *.fontawesome.com *.googleapis.com *.gstatic.com *.typekit.net *.winston.com; frame-src 'self' *.vimeo.com *.youtube.com *.google.com cdn.yoshki.com blob: 1
default-src 'none'; font-src 'self' data:; img-src * data:; script-src 'self' cdnjs.cloudflare.com *.parsely.com polyfill.io www.google-analytics.com www.googletagmanager.com 'sha256-H5kd9M8V6uuCfbTYgkN+i8PNamD2/8mg6mTH4EdpzZ8='; style-src 'unsafe-inline'; connect-src *; frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.gstatic.com https://www.google.com https://*.pingdom.net https://cc.cdn.civiccomputing.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.joomla.org https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.doubleclick.net https://*.pingdom.net https://apikeys.civiccomputing.com; frame-src 'self' https://www.google.com https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdn.joomla.org; img-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://cdn.joomla.org; frame-ancestors 'self'; report-uri https://joomla.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.cl/report-uri/enforce 1
default-src 'self'; frame-src 'self' https://facebook.com *.facebook.com https://*.youcanbook.me https://www.google.com https://www.youtube.com *.vimeo.com *.doubleclick.net https://optimize.google.com https://js.stripe.com https://challenges.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.digitrust.mgr.consensu.org http://connect.facebook.net https://connect.facebook.net http://hm.baidu.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net https://cmp.quantcast.com https://secure.quantserve.com https://rules.quantcount.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net/dc.js https://connect.facebook.net/en_US/sdk.js https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js https://www.googletagmanager.com http://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js http://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://js.stripe.com https://challenges.cloudflare.com/turnstile/v0/api.js http://cdnjs.cloudflare.com/ajax/libs/jquery/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net http://cdnjs.cloudflare.com/ajax/libs/jqueryui/; img-src 'self' data: blob: https://awardwallet.com http://hm.baidu.com https://www.facebook.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://optimize.google.com https://www.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net https://pixel.quantserve.com https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/m1.png https://lh3.googleusercontent.com https://s.yimg.com https://analytics.google.com https://dtwuzpz2q0bmy.cloudfront.net https://cdnjs.cloudflare.com/ajax/libs/jqueryui/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net; media-src 'self' 'unsafe-inline'; connect-src 'self' https://cmp.digitru.st https://vendorlist.consensu.org https://test.cmp.quantcast.com https://audit-tcfv2.cmp.quantcast.com https://www.google-analytics.com https://stats.g.doubleclick.net https://test.quantcast.mgr.consensu.org https://cmp.quantcast.com *.quantcast.mgr.consensu.org https://www.googletagmanager.com https://analytics.google.com https://maps.googleapis.com https://comet.awardwallet.com wss://comet.awardwallet.com; report-uri /csp-report; 1
child-src blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ https://www.googletagmanager.com *.cookiebot.com www.recaptcha.net hiberworld.com *.hiberworld.com;connect-src http://hiberworld.com *.hiberworld.com ws://*.hiberworld.com *.hiberworld.com wss://*.hiberworld.com *.hiberworld.com blob: rum.browser-intake-datadoghq.eu readyplayerme.github.io *.cookiebot.com *.dive.games cdn.hibervr.com *.digitaloceanspaces.com *.readyplayer.me www.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.google.com stats.g.doubleclick.net *.google.com readyplayerme-assets.s3.amazonaws.com unpkg.com *.alchemyapi.io *.alchemy.com cloudflare-eth.com wss://www.walletlink.org/rpc wss://*.walletconnect.org wss://*.walletconnect.com https://hiber-cdn.s3.eu-west-1.amazonaws.com;font-src hiberworld.com *.hiberworld.com;img-src data: blob: cdn.hibervr.com *.amazonaws.com *.readyplayer.me files.stripe.com https://rpm-model-viewer-proto.vercel.app consent.cookiebot.com hiberworld.com *.hiberworld.com www.google-analytics.com imgsct.cookiebot.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat img.youtube.com images.ctfassets.net cdn.jsdelivr.net;media-src data: cdn.hibervr.com;manifest-src hiberworld.com *.hiberworld.com;object-src ;worker-src blob: hiberworld.com *.hiberworld.com;script-src 'strict-dynamic' 'nonce-c8553883-3c65-41dc-a6b8-563f855178fa' https: http: 'wasm-unsafe-eval';style-src cdn.hibervr.com 'unsafe-inline' hiberworld.com *.hiberworld.com;frame-src js.stripe.com codesandbox.io vars.hotjar.com blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ *.cookiebot.com https://hiber.hiberworld.com http://dao.dev.hiberdev.net https://dao-pr.hiberworld.com https://dao-pr.dev.hiberdev.net https://dao.dev.hiberdev.net https://dao-pr.stage.hiberdev.net https://dao.stage.hiberdev.net www.recaptcha.net hiberworld.com *.hiberworld.com *.doubleclick.net https://*.walletconnect.com;base-uri 'self' 1
script-src 'self'  'unsafe-inline' 'unsafe-eval'  https://blofin.com  https://*.blofin.com https://static.zdassets.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://static.sensorsdata.cn https://challenges.cloudflare.com https://gcaptcha4.geetest.com https://static.geetest.com https://dn-staticdown.qbox.me https://s2.tokeninsight.com https://*.blofin.com blob: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://ct.pinterest.com https://hal9000.redintelligence.net https://*.recaptcha.net https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.it https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.it https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.it https://m.myprotein.it https://checkout.myprotein.it https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src * data: blob:; font-src 'self' fonts.gstatic.com  data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com mc.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' linkhay.com vscc-hosting.mediacdn.vn static.trunkpkg.com *.mediacdn.vn *.cnnd.vn eshop-api.todo.vn eshop.bizfly.vn static.sourcetobin.com platform.twitter.com connect.facebook.net cdn.syndication.twimg.com *.sohatv.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn *.lotuscdn.vn *.lotus.vn static.amcdn.vn deqik.com imasdk.googleapis.com; child-src 'self' lotus.vn *.lotus.vn *.mediacdn.vn *.cnnd.vn linkhay.com *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn; form-action 'self' *.cnnd.vn wechoice.vn  *.wechoice.vn syndication.twitter.com platform.twitter.com lotus.local challenge.lotus.vn challengedev.todo.vn; object-src 'self'; media-src 'self' blob: *.lotuscdn.vn kenh14cdn.com *.sohatv.vn; 1
default-src 'self'; img-src 'self' data: http: https: *.hot-chilli.net *.hot-chilli.eu *.gravatar.com *.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: *.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: http: https: *.google.com; frame-src 'self' data: http: https: *.google.com; 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com www.ersnet.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.jsdelivr.net *.azureedge.net *.druidplatform.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com blob: druidapi.druidplatform.com; font-src 'self' data: www.ersnet.org use.fontawesome.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com https://td.doubleclick.net/; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com  *.twitter.com  *.youtube.com www.google.com https://googleads.g.doubleclick.net https://www.facebook.com; media-src 'self' blob: data:; object-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.jsdelivr.net *.azureedge.net https://static.hotjar.com www.googleadservices.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.azureedge.net; worker-src 'self' blob:; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com *.cowmanager.com cowmanager.com 1
base-uri 'self';; default-src 'self' 'unsafe-inline' https://olympic.ca https://fonts.googleapis.com/ https://s3.amazonaws.com/ https://media.giphy.com/ https://rum.browser-intake-datadoghq.com/ https://session-replay.browser-intake-datadoghq.com/ https://www.google-analytics.com/ https://googlesyndication.com https://login.dev.olympic.ca https://login.olympic.ca https://e3da9fce2445257b3acc79caad8a3144.safeframe.googlesyndication.com https://googleads.g.doubleclick.net https://p1.parsely.com https://widgets.wp.com wp.com https://secure.gravatar.com https://analytics.twitter.com https://pagead2.googlesyndication.com https://e31eb0ea329722f49f7b4a4059357bb9.safeframe.googlesyndication.com https://www.google.ca https://analytics.google.com https://www.facebook.com fonts.gstatic.com t.co https://securepubads.g.doubleclick.net https://c932f49a2d60bcc4c4746c58bdbc5adc.safeframe.googlesyndication.com https://www.google.com https://298a01bd1361fe5bcee2bcc097d7fbec.safeframe.googlesyndication.com https://700966285d19ce6c18d6d44e66a5e05f.safeframe.googlesyndication.com https://tpc.googlesyndication.com  https://9908c24150f4ec6ddf8b2ac95a72ea2c.safeframe.googlesyndication.com/ data:;; font-src 'self' data: https://fonts.gstatic.com https://olympic.ca https://develop.olympic.ca/ https://s0.wp.com/;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.canadahelps.org/ https://js-agent.newrelic.com/nr-rum-1.250.0.min.js  https://joignez.olympique.ca/ https://js-agent.newrelic.com/ https://cdns.us1.gigya.com/ https://cdns2.gigya.com/ https://cdns3.gigya.com/ https://s3.amazonaws.com/ https://www.instagram.com/ https://www.instagram.com/embed.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.datadoghq-browser-agent.com/ https://cdns.gigya.com/ https://securepubads.g.doubleclick.net/ https://tradablebits.com https://cdn.parsely.com/ https://stats.wp.com/e-202401.js https://static.ads-twitter.com/  https://apis.google.com/  https://tpc.googlesyndication.com/  https://tpc.googlesyndication.com/  https://www.googletagservices.com/ https://www.googletagservices.com/ https://connect.facebook.net/  https://tpc.googlesyndication.com/sodar/sodar2.js  https://pagead2.googlesyndication.com/  https://platform.instagram.com/ https://platform.twitter.com/ https://stats.wp.com/e-202403.js https://stats.wp.com/  https://www.instagram.com/ https://www.instagram.com/embed.js https://s0.wp.com/ https://stats.wp.com/e-202403.js;; worker-src 'self' blob:;; object-src 'none';; frame-src 'self'  https://www.canadahelps.org/en/dne/4886  https://www.canadahelps.org/ https://cdns.us1.gigya.com/ https://www.instagram.com/ https://platform.twitter.com/ https://s3.amazonaws.com/ https://platform.twitter.com/widgets/widget_iframe.2f70fb173 https://81b18cca5dbd7427318fbdb1d9dbe67d.safeframe.googlesyndication.com/ *.safeframe.googlesyndication.com/ https://www.googleadservices.com/ https://www.youtube.com/ https://securepubads.g.doubleclick.net/ https://1025e065fe0c5ecd76ee7b40721dfcc2.safeframe.googlesyndication.com/  https://06b96569788a94b29f821128f69b15b4.safeframe.googlesyndication.com/ https://bfd195afecff8318f423335ee91ba1b5.safeframe.googlesyndication.com/ *.safeframe.googlesyndication.com  https://login.dev.olympic.ca/ https://tpc.googlesyndication.com/  https://www.google.com/ https://login.dev.olympic.ca/ https://www.youtube.com/ https://www.youtube.com/embed/ https://www.googleadservices.com/ https://www.googleadservices.com/ https://securepubads.g.doubleclick.net/  https://platform.twitter.com/  https://widgets.wp.com/;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s0.wp.com; img-src 'self' https://olympic.ca  https://olympic.ca/ https://olympique.ca/ https://i.ytimg.com/ https://olympic.ca/ https://develop.olympic.ca/ https://develop.olympique.ca/ https://cdns2.gigya.com/ https://stats.g.doubleclick.net/ https://lh3.googleusercontent.com/ https://www.google.com/ https://www.google.com/ https://www.google.com/ads/measurement/l https://www.google.com/ads/measurement/ https://www.google.com/ads/ https://p1.parsely.com https://secure.gravatar.com gravatar.com https://googleads.g.doubleclick.net https://t.co https://analytics.google.com https://analytics.twitter.com https://www.facebook.com  https://tradablebits.com/  https://pixel.wp.com/  https://securepubads.g.doubleclick.net/  https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com/ data: https://pagead2.googlesyndication.com  https://csi.gstatic.com/ https://www.google.ca/ https://www.google.com/ https://www.googletagmanager.com/;; connect-src 'self'  https://joignez.olympique.ca/ https://joignez.olympique.ca https://bam.nr-data.net/ https://www.google-analytics.com/ https://csi.gstatic.com/ https://joignez.olympic.ca https://joignez.olympic.ca/ https://cdns.us1.gigya.com/ https://stats.g.doubleclick.net/ https://s3.amazonaws.com/ https://p1.parsely.com/ https://p1.parsely.com/plogger/ https://login.dev.olympic.ca https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://www.facebook.com  https://login.olympic.ca/ https://p1.parsely.com/ https://join.olympic.ca/   https://www.google.ca/ads/ga-audiences https://www.google.ca/; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://globalcloud24.com https://*.team24.biz https://cfon.net https://polboxtv.net https://*.polboxtv.net https://*.google.com https://*.cdn-apple.com https://*.adroll.com wss://chat.polbox.tv:8001 https://cdn.polbox.tv https://bat.bing.com https://*.facebook.net https://*.hotjar.io https://*.hotjar.com https://www.youtube.com wss://*.hotjar.com https://mc.yandex.ru https://static.xx.fbcdn.net https://*.polbox.tv https://cdn.ampproject.org https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.consensu.org https://*.sharethis.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.facebookmarketingdevelopers.com https://*.hotjar.com https://*.esputnik.com https://esputnik.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.googleapis.com https://*.gstatic.com https://*.hubspot.com https://*.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *; worker-src 'self' * blob:; frame-src *; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.campingandcaravanningclub.co.uk; 1
img-src 'self' *.norma-online.de *.sitesearch360.com https://piwik.norma-online.de https://c.clarity.ms https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.sitesearch360.com https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.clarity.ms https://c.bing.com blob:; object-src 'none'; font-src 'self'; 1
default-src 'none'; frame-ancestors 'self'; connect-src https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.medicalobjects.com/ https://maps.googleapis.com/maps/api/mapsjs/ https://createsend.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; font-src 'self' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ https://www.google.com.au/ads/ https://www.medical-objects.com.au/ https://i.ytimg.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://medical-objects.createsend.com/; worker-src blob:; 1
default-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self'; form-action 'self'; worker-src blob: https:; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.nonexiste.net; img-src 'self' https: data: blob: https://assets.nonexiste.net; style-src 'self' https://assets.nonexiste.net 'nonce-4Z0CnL0pT32t+eaLnnfJ6Q=='; media-src 'self' https: data: https://assets.nonexiste.net; frame-src 'self' https:; manifest-src 'self' https://assets.nonexiste.net; form-action 'self'; connect-src 'self' data: blob: https://assets.nonexiste.net https: wss://nonexiste.net; script-src 'self' https://assets.nonexiste.net 'wasm-unsafe-eval'; child-src 'self' blob: https://assets.nonexiste.net; worker-src 'self' blob: https://assets.nonexiste.net 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
default-src 'self' bucket.carmodel.com www.google.com www.gstatic.com widgets.trustedshops.com *.media-amazon.com *.amazon.com *.payments-amazon.com js.stripe.com *.iubenda.com *.google-analytics.com *.googletagmanager.com api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com *.payments-amazon.com widgets.trustedshops.com cdnjs.cloudflare.com *.googleapis.com polyfill.io js.stripe.com *.iubenda.com *.googletagmanager.com *.jquery.com; style-src 'self' 'unsafe-inline' *.iubenda.com cdnjs.cloudflare.com; 1
frame-ancestors 'none'; default-src https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://uk.tmconst.com; font-src 'self' https://uk.tmconst.com https://fonts.gstatic.com https://marketer.monetate.net/ https://cdn.smooch.io; connect-src 'self' wss://api.smooch.io cm.teads.tv t.teads.tv wss://marketplace.prod.pub-tmaws.io https://*.ticketmaster.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.permutive.com https://*.prmutv.co https://*.config.smooch.io https://*.saucelabs.com https://uk.tmconst.com https://checkout.ticketmaster.com https://venueview.io-virtualvenue.com https://pubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://d2v54wjmlooyi.cloudfront.net https://csi.gstatic.com https://venue.tmol.co https://adservice.google.com https://www.google.com https://analytics.tiktok.com https://ib.adnxs.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://api.smooch.io https://app.ticketmaster.com https://k.p-n.io/ https://fn.us.ipqscdn.com https://be.durationmedia.net https://mapsapi.tmol.co https://availability.ticketmaster.it https://www.ticketmaster.it https://analytics.ticketmaster.it https://identity.ticketmaster.it https://app.ticketmaster.eu https://pubapi.ticketmaster.com https://pubapi.ticketmaster.com/logger/log https://engine.monetate.net/api/engine/v1/decide/ticketmaster; script-src 'self' 'unsafe-inline' 'unsafe-eval' p.teads.tv https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.collect.igodigital.com https://uk.tmconst.com https://venueview.io-virtualvenue.com https://polyfill.io https://af.monetate.net https://f.monetate.net https://se.monetate.net https://sb.monetate.net https://marketer.monetate.net/ https://www.googletagservices.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://d2v54wjmlooyi.cloudfront.net/ssp/libs/prod/fanbuilder/v2/fanbuilder.js https://cdn.smooch.io https://api.smooch.io https://cdn.distiltag.com https://widget.ticketmaster.eu https://securepubads.g.doubleclick.net https://adservice.google.ae https://adservice.google.at https://adservice.google.be https://adservice.google.ca https://adservice.google.ch https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.uk https://adservice.google.co.nz https://adservice.google.com https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.com.ua https://adservice.google.cz https://adservice.google.de https://adservice.google.dk https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.se https://analytics.twitter.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.ticketmaster.co.uk https://static.ads-twitter.com https://www.googleadservices.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/conversion_async.js https://api.permutive.com https://cdn.permutive.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://s1.ticketm.net/tm/en-us/img/static/tmcore/web-vitals.umd.js https://s.adroll.com/ https://d.adroll.com/ https://s.pinimg.com/ https://swrap.tradedoubler.com https://www.sc.pages06.net https://cdn.p-n.io/pushly-sdk.min.js https://sc-static.net/ https://www.ipqscdn.com https://tag.durationmedia.net https://static2.creative-serving.com/ https://identity.ticketmaster.it https://secure-entry.ticketmaster.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js https://my.ticketmaster.com https://dynamic.criteo.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://widget.eu.criteo.com; style-src 'unsafe-inline' https://marketer.monetate.net/ https://fonts.googleapis.com/ https://cdn.smooch.io/; frame-src https://*.safeframe.googlesyndication.com https://*.siteintercept.qualtrics.com https://*.fls.doubleclick.net https://marketer.monetate.net/ https://player.vimeo.com https://tpc.googlesyndication.com https://sb.monetate.net https://www.google.com/recaptcha/ https://www.youtube.com https://media.ticketmaster.co.uk https://cookies.onetrust.mgr.consensu.org/ https://bid.g.doubleclick.net https://securepubads.g.doubleclick.net https://identity.ticketmaster.it https://www.ticketmaster.it https://gum.criteo.com; img-src data: 'self' http://track.adform.net/ http://s0.2mdn.net/ p.teads.tv t.teads.tv https://*.googletagmanager.com https://*.google-analytics.com https://*.fls.doubleclick.net https://*.googleusercontent.com https://uk.tmconst.com https://cbt-assets.tmconst.com https://media.ticketmaster.eu https://media-staging.mfol.eu-west-1.pci.public.tmaws.eu https://s1.ticketm.net https://www.facebook.com https://nova.collect.igodigital.com https://eu.qualtrics.com https://af.monetate.net https://f.monetate.net https://marketer.monetate.net/ https://tpc.googlesyndication.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.co.nz https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.ec https://www.google.com.eg https://www.google.com.gt https://www.google.com.mx https://www.google.com.ph https://www.google.com.sa https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.rs https://www.google.ru https://www.google.se https://ad.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://prismic-images.tmol.io https://i.ytimg.com/ https://i.vimeocdn.com/ https://media.ticketmaster.co.uk https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Generic.jpg https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Music.jpg https://s3.eu-west-1.amazonaws.com/ https://cx.atdmt.com https://venueview.io-virtualvenue.com https://secure.adnxs.com https://t.co https://analytics.twitter.com https://ads.avocet.io https://ads.avct.cloud https://googlesync.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://www.gstatic.com/ https://image.mailing.ticketmaster.com/ https://cdn.smooch.io https://media.smooch.io https://ct.pinterest.com/ https://sp.analytics.yahoo.com/ https://www.pages06.net/ https://venue.tmol.co https://media.pushlycdn.com https://ib.adnxs.com/pixie https://identity.ticketmaster.it https://mapsapi.tmol.co; media-src https://uk.tmconst.com/; object-src 'none'; base-uri 'self'; worker-src 'self' blob: https://www.google.com/recaptcha/; child-src blob: https://*.siteintercept.qualtrics.com; report-uri https://analytics.ticketmaster.it/api/reports 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.honeybadger.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com facebook-cdn.exceedlms.com *.honorlock.com *.livechatinc.com *.olark.com *.fbcdn.net *.fbsbx.com *.logmein.com *.gototraining.com *.jointraining.com *.gotowebinar.com *.joinwebinar.com *.ampproject.org *.googleservices.com *.g.doubleclick.net *.adsrvr.org *.timetap.com *.ebook.online *.fb-elevate-ebook.online *.connect.facebook.net *.facebook.widen.net *.online widen.net *.facebookcertificationjobs.com *.facebookcertificationjobs.com/employers *.snap.licdn.com *.licdn.com *.linkedin.com *.snap.com *.widen *.widen.net *.coursera.org *.facebookblueprint.com *.dropbox.com *.testing.facebookblueprint.com *.gokampus.com; img-src * data: blob:; media-src * blob: mediastream:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googleusercontent.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com *.fbcdn.net *.fbsbx.com *.logmein.com *.gototraining.com *.jointraining.com *.gotowebinar.com *.joinwebinar.com *.ampproject.org *.googleservices.com *.g.doubleclick.net *.adsrvr.org *.timetap.com *.ebook.online *.fb-elevate-ebook.online *.connect.facebook.net *.facebook.widen.net *.online widen.net *.facebookcertificationjobs.com *.facebookcertificationjobs.com/employers *.snap.licdn.com *.licdn.com *.linkedin.com *.snap.com *.widen *.widen.net *.coursera.org *.facebookblueprint.com *.dropbox.com *.testing.facebookblueprint.com *.gokampus.com; 1
frame-ancestors www.koolinar.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; 1
frame-ancestors 'self' https://engage.gigamon.com 1
default-src 'self' gap: https://cdn.plaid.com https://*.marcus.com https://*.marcus.com https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.zopim.com  https://*.marcus.com https://*.gs.com data:; script-src 'self' https://consent.trustarc.com https://v.gs.com https://p.tvpixel.com https://sb.scorecardresearch.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://6187420.fls.doubleclick.net  https://connect.facebook.net https://www.googletagmanager.com https://assets.adobedtm.com https://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com https://assets.zendesk.com https://honestdollarhelp.zendesk.com https://honestdollarhelp.zendesk.com https://help.invest.goldman.com https://gsinvest.zendesk.com https://gsam.122.2o7.net https://d456155-058-e2.dc.gs.com https://maps.googleapis.com https://*.marcus.com https://cdn.plaid.com https://analytics.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://gsmosaic.tt.omtrdc.net https://p.tvpixel.com https://sb.scorecardresearch.com https://gsam.sc.omtrdc.net https://minvest.zendesk.com https://gsinvest.zendesk.com https://*.marcus.com wss://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com https://*.marcus.com https://gsam.122.2o7.net https://honestdollarhelp.zendesk.com https://honestdollarhelp.zendesk.com https://help.invest.goldman.com https://gsinvest.zendesk.com https://dspsandbox.zendesk.com https://gsdsp.zendesk.com https://help.dsp.goldmansachs.com https://*.gs.com https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.marcus.com; child-src gap: 'self' https://*.gs.com https://*.marcus.com https://*.marcus.com https://cdn.plaid.com https://*.demdex.net https://*.docusign.net https://*.docusign.com; frame-src gap: 'self' https://consent-pref.trustarc.com https://6187420.fls.doubleclick.net https://h.online-metrix.net/ https://*.gs.com https://*.marcus.com https://*.marcus.com https://cdn.plaid.com https://*.demdex.net https://*.docusign.net https://*.docusign.com; img-src 'self' * data:; style-src 'self' https://d456155-058-e2.dc.gs.com 'unsafe-inline'; 1
upgrade-insecure-requests;frame-ancestors 'none'; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://i.ytimg.com https://cdn.cpnscdn.com https://res.cloudinary.com https://www.googletagmanager.com https://*.cloudfront.net https://advantage.iriworldwide.com https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://www.google-analytics.com https://l.sharethis.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://www.google-analytics.com https://www.youtube.com https://*.salesforceliveagent.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://mpsnare.iesnare.com https://static.hotjar.com https://*.cloudfront.net https://*.peanutbutter.com https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://ws.sharethis.com https://connect.facebook.net https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://cdn.pricespider.com https://*.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://hormelchat.secure.force.com https://*.doubleclick.net https://www.google-analytics.com https://productlocator.iriworldwide.com https://*.pusher.com wss://*.pusherapp.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://sessions.bugsnag.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com https://l.sharethis.com ;frame-src 'self' https://widgets.wp.com https://service.force.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' sf1-eu.readspeaker.com *.twitter.com *.google-analytics.com *.googletagmanager.com dap.digitalgov.gov cdn.syndication.twimg.com; object-src 'none'; style-src 'self' 'unsafe-inline' sf1-eu.readspeaker.com platform.twitter.com cdn.syndication.twimg.com ton.twimg.com; frame-src 'self' *.twitter.com *.youtube.com *.readspeaker.com; child-src 'self' *.twitter.com *.youtube.com *.readspeaker.com 1
default-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; img-src 'self' https: data:; media-src 'self' https: data:; frame-src 'self' https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com *.jsdelivr.net *.googleadservices.com *.gstatic.com *.bing.com *.google.com *.clarity.ms *.mktoweb.com *.acsbapp.com acsbapp.com *.twitter.com twitter.com *.feathr.co *.facebook.net googleads.g.doubleclick *.azure.com *.marketo.net polo.feathr.co *.adroll.com *.qualtrics.com *.licdn.com *.luckyorange.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.mktoweb.com *.jsdelivr.net https://cdnjs.cloudflare.com *.acsbapp.com acsbapp.com *.feathr.co *.facebook.net *.googleadservices.com googleads.g.doubleclick js.monitor.azure *.marketo.net polo.feathr.co *.adroll.com *.qualtrics.com *.licdn.com *.luckyorange.com *.google-analytics.com *.googletagmanager.com *.twitter.com twitter.com; object-src 'none'; worker-src blob: 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com; style-src 'unsafe-inline' data: *.qwant.com qwant.com *.qwantjunior.com qwant.com; object-src 'self'; connect-src *.qobuz.com *.apple.com *.qwant.com qwant.com extras.qwantjunior.com *.qwantjunior.com; img-src blob: 'self' s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com data: s-lite.qwant.com www.qwant.com; frame-ancestors *.qwant.com *.qwantjunior.com lmqt.fyi; form-action 'self'; font-src 'self'; worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com; frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com players-cdn.vidmizer.com players-cdn-v2.vidmizer.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com player.myvideoplace.tv; media-src blob: *.qwant.com *.apple.com *.qobuz.com; base-uri 'self'; block-all-mixed-content;  1
script-src 'self' 'unsafe-eval' https://polls.incrowdsports.com https://js-agent.newrelic.com/ https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com 'nonce-68d69a96-9c29-4b03-a653-4f458e4b0d20';style-src 'self' 'unsafe-inline' https://polls.incrowdsports.com https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com;worker-src blob: 1
default-src 'self' *; img-src * 'unsafe-eval' 'unsafe-inline' mediastream: filesystem: data: blob: ;  connect-src 'self' * wss://nexus-websocket-a.intercom.io accounts.google.com https://api-iam.intercom.io https://mc.yandex.ru https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' * https://maxcdn.bootstrapcdn.com fonts.gstatic.com data:; frame-src 'self' * https://www.google.com https://bid.g.doubleclick.net; manifest-src 'self'; media-src 'self' https://js.intercomcdn.com/; object-src 'self'; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob: https://js.intercomcdn.com https://onesignal.com https://widget.intercom.io https://cdn.onesignal.com  https://www.googletagmanager.com https://mc.yandex.ru https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net/ https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' * img123.s3.amazonaws.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com data: https://fonts.googleapis.com; base-uri 'none'; frame-ancestors 'self' https://metrika.yandex.ru/; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.signxca.com; 1
frame-ancestors 'self' *.br-automation.com *.br-automation.co.at 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googletagmanager.com *.amazonaws.com *.gstatic.com www.facebook.com connect.facebook.net player.vimeo.com *.vimeocdn.com *.akamaized.net maxcdn.bootstrapcdn.com stats.g.doubleclick.net *.ggpht.com *.googleapis.com *.google-analytics.com maps.google.com *.formstack.com dl.dropbox.com *.googleadservices.com *.doubleclick.net *.google.com *.google.bg *.google.co.uk netdna.bootstrapcdn.com *.cloudflare.com edge.fullstory.com rs.fullstory.com kit-pro.fontawesome.com res.cloudinary.com *.fontawesome.com fonts.gstatic.com *.prismic.io prismic.io html2canvas.hertzen.com *.funnelytics.io *.conversationalsdevelopment.nl *.seamly-app.com ciscosm.radiuspaymentsolutions.com consent.cookiebot.com consentcdn.cookiebot.com https://ciscosm.radiuspaymentsolutions.comcdnjs.cloudflare.com cdn.jsdelivr.net *.io/js-markerclustererplus/dist/index.min.js *.ofcom.org *.ofcom.org.uk *.radiuspaymentsolutions.com *.salesforce.com *.hcaptcha.com hcaptcha.com bam.nr-data.net www.enexusrental.co.uk wss://gql.velocityfleet.com wss://sta.ging.velocityfleet.com wss://www.velocityfleet.com wss://api.seamly-app.com 1
frame-src 'self' *.opin.media *.nba.com http://127.0.0.1 http://127.0.0.1:3000 *.neulion.com; frame-ancestors 'self' *.hrvatskitelekom.hr *.opin.media *.nba.com http://127.0.0.1 http://127.0.0.1:3000 *.neulion.com; object-src 'none'; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-Io1dhf0--I4e9y5LkDz-Tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/  https://cdn.datatables.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ ; object-src 'none';style-src 'self'  'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://code.jquery.com/ fonts.googleapis.com stackpath.bootstrapcdn.comfont-awesome/4.7.0/css/font-awesome.min.css cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.8.8/css/mdb.min.css maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css use.fontawesome.com/releases/v5.7.0/css/all.css;img-src 'self'  https://code.jquery.com/ui/1.10.2/themes/smoothness/images/  www.google-analytics.com placehold.it placeholdit.imgix.net data:  ; media-src 'none';frame-src 'self' ;font-src 'self' fonts.gstatic.com fonts.googleapis.com;connect-src 'self'  ;base-uri 'self';child-src 'none';frame-ancestors 'self'; 1
default-src 'self' https: wss://*.zopim.com; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://img.webhotelier.net/; media-src 'self' blob: ; font-src 'self' data:; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com ;child-src blob: 'unsafe-inline'; connect-src * 'unsafe-inline' data: blob: *.contentsquare.net; img-src * data: blob: *.contentsquare.net 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src blob: ; media-src 'self' data: blob: *; 1
frame-ancestors 'self' *.reworldmedia.com 1
frame-ancestors 'self' https://*.imglobal.com https://imglobal.com https://*.insubuy.com https://insubuy.com https://*.brokersnexus.com https://brokersnexus.com https://*.visitorsinsurance.com https://visitorsinsurance.com https://*.internationalinsurance.com https://internationalinsurance.com https://*.nyig.com https://nyig.com https://*.internationalstudentinsurance.com https://internationalstudentinsurance.com https://*.multichoiceinsurance.com https://multichoiceinsurance.com https://*.visitorinsuranceservices.com https://visitorinsuranceservices.com https://*.patriotamericainsurance.net https://patriotamericainsurance.net https://*.parentsvisitorinsurance.net https://parentsvisitorinsurance.net https://*.americanvisitorinsurance.com https://americanvisitorinsurance.com https://*.visitorguard.com https://visitorguard.com https://*.nriol.net https://nriol.net https://*.overseastravelinsuranceservices.com https://overseastravelinsuranceservices.com https://*.pacificprime.com https://pacificprime.com https://*.oriontravelun.com https://oriontravelun.com https://*.globaltravelinsurance.com https://globaltravelinsurance.com https://*.expatfinancial.com https://expatfinancial.com https://*.visitorscoverage.com https://visitorscoverage.com  https://*.tmquotes.com https://tmquotes.com https://*.taianfinancial.com https://taianfinancial.com https://*.visitorsguru.com https://visitorsguru.com https://*.welcome-center-malta.com https://welcome-center-malta.com https://*.visitorplans.com https://visitorplans.com; 1
base-uri 'self';form-action 'self' cl.s13.exct.net www.facebook.com mc3nfbl5nsqg1w6f939fmbpdmzy0.pub.sfmc-content.com mc3nfbl5nsqg1w6f939fmbpdmzy0.pub.sfmc-content.com;object-src 'none';default-src 'self' https: www.showpass.com:* wss://www.showpass.com:* doavub8d2uzrx.cloudfront.net wss://widget-mediator.zopim.com widget-mediator.zopim.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com js.stripe.com www.google.com/recaptcha/api2/ o14140.ingest.sentry.io https://bid.g.doubleclick.net/ cms.showpass.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net;script-src 'self' 'unsafe-eval' www.showpass.com:* doavub8d2uzrx.cloudfront.net cms.showpass.com static.zdassets.com app.pendo.io pendo-static-5909550539210752.storage.googleapis.com pendo-io-static.storage.googleapis.com cdn.pendo.io data.pendo.io showpass.queue-it.net/javascriptqueue/ assets.queue-it.net/showpass/ static.queue-it.net/script/ www.facebook.com connect.facebook.net js.stripe.com maps.googleapis.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googletagmanager.com/gtag/ www.googletagmanager.com/ 'sha256-EH7D3qWEwSFx5QyuD+2rUkPHPjetFfXqx/tEVHtG3TI=' www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.google.ca 'sha256-UGEykwyoBQgom77f4RLnvcyyLZJmOr2wl0oQZ/NdujA=' *.hotjar.com *.hotjar.io 'sha256-GCuxK+555DhiFXdCVLZNXahESfoMDPxFzfVxkQi8cPI=' 'sha256-3f9vIRBEFiGFgygpUJFbHu5jw6LffSBWYoFtdTcLP3U=' 'sha256-z5X7oEWQCisK/oTY5tH/YxdbP7HxDz/3rHkPAL5DGm0=' 'sha256-izDs4BuUPc0YaiY4se+Y/HZcarAGehr5Spm9angnE1M=' 'sha256-bez4qiqqthnLekMAq8E3yRznBJYdpRCylmEQLUT4Ksg=' 'sha256-sBsWy4aNqAmL9ACh+4snDPpD+ek6O3CZ5yCDJmzp3x8=' 'sha256-odmVAvMs+KPDImBRO/8gtyDTYmOvyik8i4L55OWdA5o=' 'sha256-Fl80cSQ0mwOFLBedh19IYt6aI7aeLR3pu184VJmYrWk=' 'sha256-0bM/x/DU5utGmg9B7vuPRQw3LI5vzN7nkrGoBTSQozU=' 'sha256-d5zkcqokZFsZd6E9CkpO9P+0I+Ru+8EyHMVuBgIDthE=';style-src 'self' 'unsafe-inline' doavub8d2uzrx.cloudfront.net app.pendo.io pendo-static-5909550539210752.storage.googleapis.com pendo-io-static.storage.googleapis.com cdn.pendo.io data.pendo.io fonts.googleapis.com https: *.hotjar.com;img-src 'self' data: https: blob: *.hotjar.com cdn.pendo.io app.pendo.io pendo-static-5909550539210752.storage.googleapis.com data.pendo.io;font-src 'self' data: doavub8d2uzrx.cloudfront.net fonts.gstatic.com *.hotjar.com *.hotjar.io *.hotjar.com;frame-src 'self' pendo-io-extensions.storage.googleapis.com app.pendo.io  stripe.com js.stripe.com facebook.com *.facebook.com instagram.com *.instagram.com twitter.com *.twitter.com youtube.com *.youtube.com player.vimeo.com livestream.com castr.io google.com *.google.com www.googletagmanager.com *.hotjar.com https://td.doubleclick.net;worker-src 'self' blob:;child-src 'self' app.pendo.io blob:;frame-ancestors 'self' * 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: http: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; worker-src 'self' 'unsafe-inline' * blob: blob:*; 1
frame-ancestors 'self' https://gameloader.marsbet.com https://sport.marsbet.com https://player.twitch.tv 1
frame-src https://youtube.com https://www.youtube.com https://consentcdn.cookiebot.com/; 1
default-src 'self' data: www.google.com *.freeman.com *.freemanco.com cdn.walkme.com ec.walkme.com *.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com cdn.bizible.com *.getsmartcontent.com cdn.bizibly.com *.terminus.services ;connect-src 'self' analytics.google.com 807-ank-125.mktoresp.com col.eum-appdynamics.com www.google-analytics.com stats.g.doubleclick.net *.freeman.com rapi.walkme.com ec.walkme.com cdn.walkme.com ec-playback.walkme.com; frame-src 'unsafe-inline' *.freemanco.com *.freeman.com www.chasepaymentechhostedpay-var.com freemanpay.com cdn.walkme.com *.marketo.com *.freemanpay.com; child-src; object-src; style-src 'unsafe-inline' 'self' *.freeman.com jquery.min.js cdn.walkme.com ec.walkme.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.marketo.com; font-src 'unsafe-inline' 'self' cdn.walkme.com ec.walkme.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com app.five9.com cdn.walkme.com *.marketo.net *.marketo.com google-analytics.js analytics.js *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com jquery.min.js www.googletagmanager.com  gtm.js cdn.appdynamics.com cdn.bizible.com *.getsmartcontent.com cdn.bizibly.com *.terminus.services *.freeman.com 1
img-src * data:; font-src * data:; connect-src *; child-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.youtube.com https://d335luupugsy2.cloudfront.net *.googletagmanager.com *.facebook.net *.google.com *.bing.com *.goadopt.io *.google-analytics.com https://js.hs-scripts.com *.googleadservices.com *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://yoast.com *.googleleadservice.com *.g.doubleclick.net *.youtube.com https://d335luupugsy2.cloudfront.net *.googletagmanager.com *.hs-scripts.com *.facebook.net *.googleadservices.com *.bing.com *.goadopt.io *.google-analytics.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.hsadspixel.net https://cdnjs.cloudflare.com *.clarity.ms *.hotjar.com *.licdn.com *.omappapi.com *.licdn.com *.freshworks.com *.hsforms.net *.hsleadflows.net optimize.google.com *.moengage.com *.buzzlead.com.br data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.googleapis.com *.omappapi.com *.freshworks.com 1
frame-ancestors 'self' *.zennichi.or.jp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://coopertire.com   *.youtube.com https://i.ytimg.com/vi_webp/naszHjNUEFM/mqdefault.webp https://mpsnare.iesnare.com https://dev-ct-eus-asb.servicebus.windows.net *.hotjar.com *.google.com.co *.tvpixel.com *.google.com *.rlcdn.com http://t.co http://www.googleadservices.com *.iperceptions.com http://www.googletagmanager.com http://id.rlcdn.com http://cm.g.doubleclick.net http://sa.placelocal.com http://universal.iperceptions.com http://static.ads-twitter.com/uwt.js http://tags.tiqcdn.com https://*.cdninstagram.com https://cdn.cookielaw.org https://tags.tiqcdn.com https://cdn.amcharts.com https://vimeo.com https://*.tealiumiq.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.iperceptions.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://connect.facebook.net https://static.ads-twitter.com https://universal.iperceptions.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com data: https://www.gstatic.com https://fonts.gstatic.com https://maps.gstatic.com https://secure.livechatinc.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://player.vimeo.com https://8902027.fls.doubleclick.net https://sa.placelocal.com https://cm.g.doubleclick.net https://id.rlcdn.com https://t.co https://thunder.adnxs.com https://www.facebook.com https://www.google.com https://www.google.co.in https://scontent-frt3-1.cdninstagram.com https://scontent-frt3-2.cdninstagram.com https://scontent-frx5-1.cdninstagram.com/ https://bid.g.doubleclick.net/ https://*.bazaarvoice.com/ http://*.bazaarvoice.com/ https://analytics.convertlanguage.com/ https://*.sprinklr.com/ https://*.sprinklr.com/api/livechat/handshake/widget/ wss://*.sprinklr.com/mqtt https://code.jquery.com/jquery-3.5.1.min.js https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js  https://live-chat-static.sprinklr.com/* https://*.powerreviews.com/ https://cdn.attn.tv/coopertire/dtag.js https://cdn.attn.tv/  https://cdn.attn.tv/*/**   https://events.attentivemobile.com/   https://coopertire.attn.tv https://12992688.fls.doubleclick.net https://ad.doubleclick.net https://www.google.ca; frame-ancestors http://*.level-studios.com/ https://*.level-studios.com/ https://*.coopertire.com/ ; 1
frame-ancestors 'self' https://*.f-cut.ch https://localhost:3000 1
frame-ancestors 'self' https://app.coderpad.io 1
default-src 'self' data: about: https://testing.componentsearchengine.com https://metrics.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://google.com https://stats.g.doubleclick.net https://td.doubleclick.net https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://play.vidyard.com https://partsadmin.allegromicro.com https://www.googletagmanager.com https://js.hs-scripts.com https://designtools.allegromicro.com https://js.hs-banner.com https://js.hsadspixel.net https://gpa-tool.octopart.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hubspot.com https://forms.hscollectedforms.net https://api.hubapi.com https://p.typekit.net https://www.google-analytics.com https://snap.licdn.com https://www.youtube.com https://countriesnow.space https://www.google.com https://www.google.co.uk https://www.googleadservices.com https://restcountries.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://px.ads.linkedin.com https://perf-na1.hsforms.com https://p.typekit.net https://googleads.g.doubleclick.net https://js.zi-scripts.com https://js-na1.hs-scripts.com https://track.hubspot.com https://ws.zoominfo.com https://allegromicro.componentsearchengine.com https://region1.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;script-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://fitflop.com https://*.fitflop.com; 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;    img-src 'self' data: *;    style-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;    font-src 'self' data: *;    worker-src 'self' blob: *;    connect-src 'self' *;    frame-src 'self' * ;    frame-ancestors 'self' *;    report-uri https://www.ajas.fi/csp-errors/ajas-csp-errors.php; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com bf56065spx.bf.dynatrace.com www.google.com www.gstatic.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' js-cdn.dynatrace.com www.google-analytics.com www.google.com www.gstatic.com; img-src 'self' data: www.google-analytics.com www.google.com www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://maps.googleapis.com/ https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.google.com https://use.typekit.net http://www.googletagmanager.com/ https://region1.google-analytics.com 'self' https://www.google.com/recaptcha/api.js?hl=en&ver=6.3.1 sha256-0zq2RDA2dMcVQGbH8x0uVufqTZP6N0tyS5+kryLs7pk= https://www.gstatic.com/recaptcha/releases/pxZcVU8Dk73FyvFvdCgp2MSG/recaptcha__en.js sha256-p5TKvVyh26RGqR2UJ36nRloZe2mhGcioM7h8fH3lVhk= https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js sha256-K8EIkpZF9CjO1rYDpJlSXPzMqnrvfA+UHOpySMTFbHM= https://www.gstatic.com/recaptcha/releases/ sha256-Wo+MlQQVWrSbkPEIuTIMlAvrJ8eXJlvQPTjQXlr/cPY=; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://rgsharedweb.s3.amazonaws.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com/ http://werkstatt.fuelthemes.net https://maps.google.com https://*.googleapis.com https://p.typekit.net https://s3.amazonaws.com https://www.google.pl https://www.adbglobal.com https://adbglobal.com; connect-src 'self' https://www.google-analytics.com https://my.fuelthemes.net http://www.googletagmanager.com/ https://region1.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; media-src 'self' http://werkstatt.fuelthemes.net; object-src 'none'; frame-src 'self' https: https://player.vimeo.com/ https://youtube.com/ https://youtu.be/ www.google.com https://www.google.com/; worker-src 'self'; manifest-src 'self'; base-uri 'self' 1
default-src data: blob: https://* http://* 'unsafe-eval' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://* http://* 'unsafe-inline'; script-src-elem 'self' https://* http://* 'unsafe-inline'; font-src data: https://* http://*; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; upgrade-insecure-requests; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abertay.ac.uk *.vo.msecnd.net *.visualstudio.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.cloudfront.net *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.doubleclick.net apps.akerolabs.com *.hotjar.com *.youtube.com *.akro.io *.skypeassets.com *.olark.com *.crazyegg.com s3.amazonaws.com/trk.cetrk.com *.ytimg.com *.livestream.com livestream.com/assets/plugins/referrer_tracking.js *.walls.io walls.io/js/wallsio-widget-1.2.js cdn.thinglink.me *.siteimproveanalytics.com www.sutori.com *.d1ox703z8b11rg.cloudfront.net hstry-education-production.s3.us-west-2.amazonaws.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com code.jquery.com siteimproveanalytics.com/js/siteanalyze_9953.js *.hellomedian.com cdn.chatbot.com/widget/plugin.js *.chatbot.com https://cdn.livechatinc.com https://secure.livechatinc.com *.littleforest.co.uk *.twitch.tv https://www.google-analytics.com https://bbox.blackbaudhosting.com *.discoveruni.gov.uk https://discoveruni.gov.uk *.ads-twitter.com *.twitter.com *.justgiving.com *.unibuddy.co https://cdn.unibuddy.co/unibuddy-iframe.js https://unibuddy.co https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js *.civiccomputing.com;object-src 'self';style-src 'self' 'unsafe-inline' *.abertay.ac.uk *.googleapis.com *.google.com maxcdn.bootstrapcdn.com *.olark.com *.livestream.com cdn.akro.io *.hellomedian.com *.chatbot.com *.twitch.tv *.facebook.net *.facebook.com *.blackbaudhosting.com *.unibuddy.co https://unibuddy.co https://www.googletagmanager.com;img-src 'self' *.abertay.ac.uk *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com data: abertaylivemedia.azureedge.net umbraco.tv *.cloudfront.net *.googleadservices.com *.bing.com *.facebook.net *.doubleclick.net *.facebook.com *.google.co.uk *.googletagmanager.com *.olark.com gtrk.s3.amazonaws.com *.siteimproveanalytics.io *.hellomedian.com *.chatbot.com https://cdn.livechatinc.com *.twitch.tv *.littleforest.co.uk *.blackbaudhosting.com *.justgiving.com t.co *.unibuddy.co https://unibuddy.co res.cloudinary.com *.twitter.com/;media-src 'self' *.olark.com abertaylivemedia.azureedge.net *.chatbot.com https://cdn.livechatinc.com *.twitch.tv *.facebook.net *.facebook.com *.justgiving.com *.unibuddy.co https://unibuddy.co;frame-src 'self' *.abertay.ac.uk *.youtube.com *.akerolabs.com *.google.com *.bigtopapp.com *.vimeo.com *.unistats.ac.uk *.hotjar.com *.doubleclick.net *.issuu.com *.olark.com biteable.com *.livestream.com livestream.com *.walls.io *.thinglink.com thinglink-editor.s3.amazonaws.com www.sutori.com *.d1ox703z8b11rg.cloudfront.net hstry-education-production.s3.us-west-2.amazonaws.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com https://s3-eu-west-1.amazonaws.com *.hellomedian.com *.chatbot.com https://secure.livechatinc.com *.twitch.tv *.littleforest.co.uk *.facebook.net *.facebook.com *.discoveruni.gov.uk https://discoveruni.gov.uk *.blackbaudhosting.com *.unibuddy.co https://unibuddy.co https://www.kudoboard.com;font-src 'self' *.abertay.ac.uk fonts.gstatic.com maxcdn.bootstrapcdn.com *.google.com *.olark.com *.chatbot.com *.twitch.tv *.facebook.net *.facebook.com;connect-src 'self' *.abertay.ac.uk *.google.com *.google-analytics.com *.googleapis.com *.visualstudio.com *.hotjar.com *.olark.com wss://*.hotjar.com *.crazyegg.com *.livestream.com *.bugsnag.com *.akerolabs.com *.hellomedian.com *.chatbot.com *.twitch.tv *.littleforest.co.uk *.facebook.net *.facebook.com *.unibuddy.co https://unibuddy.co https://pagead2.googlesyndication.com;frame-ancestors 'self' 1
default-src 'self' data: blob: www.googleadservices.com https: wss: fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com cdn.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com analytics.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googleadservices.com *.niceincontact.com home-m32.niceincontact.com ws.zoominfo.com fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com cdn.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com connect.facebook.net *.doubleclick.net doubleclick.net script.crazyegg.com *.tctm.co tctm.co;style-src 'self' 'unsafe-inline' www.googleadservices.com fonts.googleapis.com fonts.gstatic.com webfiles2.nfp.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com bat.bing.com cdn.cookie-script.com cookie-script.com cdn.jsdelivr.net code.jquery.com ka-p.fontawesome.com kit.fontawesome.com pi.pardot.com scout-cdn.salesloft.com snap.licdn.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com script.crazyegg.com;frame-ancestors 'self' cdn.flipsnack.com webfiles2.nfp.com www.googleadservices.com www.google.com www.gstatic.com maps.googleapis.com cdn.cookie-script.com cookie-script.com pi.pardot.com www.soundcloud.com soundcloud.com w.soundcloud.com i.vimeocdn.com i.ytimg.com go.nfp.com player.vimeo.com www.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com 1
worker-src 'self' blob:; frame-ancestors https://app.kontent.ai; object-src 'none'; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.mopinion.com *.classiceigenhuis.blob.core.windows.net https://maps.googleapis.com https://hcaptcha.com https://www.youtube.com/iframe_api https://live.steam.eu.com/client/ https://js.hcaptcha.com https://contractscan.eigenhuis.jstack.eu https://ct.pinterest.com https://eigenhuis.jotform.com https://*.facebook.net https://*.pinimg.com https://*.pingdom.net https://*.adform.net https://*.hotjar.com https://*.procit.com https://*.obi4wan.com https://*.cookiebot.com https://*.visualwebsiteoptimizer.com https://*.expoints.nl https://*.eigenhuis.nl https://veh-contractapi.web.app https://*.kontent.ai https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://flask.nextdoor.com https://ads.nextdoor-test.com https://ads.nextdoor.com/ https://classic.eigenhuis.nl https://twitter.com/ https://x.com https://static.ads-twitter.com https://instagram.com https://www.youtube.com *.gifty.nl https://js.stripe.com https://wozconsultants.nl https://wozspecialisten.nl https://mollie.com 1
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src blob: *;frame-ancestors 'self' https://webs.testjustenergy.com https://webs.justenergy.com; 1
default-src https: data: wss://*.zohopublic.com wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.gt www.google.mu fbanalytics.org www.bing.com www.google.at api.geetest.com *.googleusercontent.com www.google.de www.clicksafe.lloydstsb.com 7896543.s3.amazonaws.com res.cloudinary.com *.googleapis.com api.trongrid.io cdn.scite.ai www.google.com.my googletagmanager.com localhost:8002 thefashionball.com api.greenadblocker.com *.pinterest.com fonts.googleapis.com gateway.zscloud.net www.google.com.pr pouch-global-font-assets.s3.eu-central-1.amazonaws.com monitor.geetest.com www.trailfinders.ie www.google.com www.google.al www.google.bg www.google.com.pa notify.bluecoat.com *.americanexpress.com analytics.google.com sneakertoast.com fonts.gstatic.com www.google.ie www.google.tt www.youtube.com www.google.com.pk www.google.no api.geevisit.com www.slant.co www.google.com.co dn-staticdown.qbox.me dpm.demdex.net cdn.trailfinders.com www.google.com.ag www.googletagmanager.com static.geetest.com secure5.arcot.com www.google.gg widgety-assets.s3.amazonaws.com www.trailfinders.com www.google.ca www.google.tl s.trackonomics.net aframe.io exodus-website.s3.amazonaws.com www.nectar.com geo0.ggpht.com www.google.co.uz b.tile.openstreetmap.org www.google.co.nz www.google.com.bh *.opendns.com www.irishcentral.com www.google.com.gi api.fbanalytics.org *.sentry.io www.drivepedia.com adservice.google.com maps.gstatic.com www.google.lk www.google.com.lb *.hotjar.com www.google.com.tw astartco.s3-us-west-2.amazonaws.com a.tile.openstreetmap.org www.google.co.za media.gadventures.com www.google.ae www.google.com.ph www.google.com.au www.google.lt github.com cdn.tiny.cloud gateway.zscalerthree.net inxmail.trailfinders.com www.google.com.sa www.gstatic.com code.jquery.com *.googlesyndication.com widgety.co.uk www.google.sc iframe.mediadelivery.net www.google.cm pay.google.com www.google.com.do vjs.zencdn.net p.typekit.net www.google-analytics.com www.google.mv southaustralia.com www.google.hu www.google.com.et widget.trustpilot.com *.b-cdn.net cdn.ss-cdn.com google.com static.responseiq.com i.jamesvillas.co.uk www.google.com.br www.google.com.jm region1.google-analytics.com www.google.co.ke www.google.ro www.google.com.ec www.google.com.mx images.trailfinders.com www.google.com.vn www.google.es www.google.co.ug cdn.heapanalytics.com int.sitestat.com trailfinders.com www.google.tn www.glassdoor.co.uk block.dulwich.org.uk www.google.gr www.google.co.cr www.instapaper.com www.google.am lh3.ggpht.com www.google.com.ua vc.hotjar.io www.google.co.in static.abplive.com www.google.com.ng www.holidayextras.co.uk gateway.zscaler.net shopping.qantas.com localhost:8202 www.google.nl zswpmanager.wip.mmc.com www.google.com.hk www.google.com.qa customer.iad-03.braze.com geo2.ggpht.com cdn.jsdelivr.net *.doubleclick.net rialto-gms.s3.amazonaws.com www.abcactionnews.com ln-rules.rewardstyle.com magazine.education.investing.com www.google.com.mt trailfinders.demdex.net pp.ephapay.net login.zscloud.net api.autoaddress.ie www.google.com.pe ucads-cdn.ucweb.com www.google.it api.hostedimages.co.uk www.google.jo cdn.segment.com images-api.intrepidgroup.travel www.google.se www.google.fi ssl.gstatic.com *.trendmicro.com www.google.pt i.ytimg.com unpkg.com www.google.cv gateway.zscalertwo.net www.gadventures.com applepay.cdn-apple.com *.facebook.net mozbar.moz.com www.nytimes.com metrics.hotjar.io *.twitter.com geo3.ggpht.com www.google.com.kw www.australia.com www.google.co.id *.demdex.net www.google.je www.aircanada.com www.google.kz www.google.lu www.google.co.jp drivepedia.com www.google.co.il www.google.co.ma maxcdn.bootstrapcdn.com connect.facebook.net www.google.is mailimages.trailfinders.com www.sbx-media.com heapanalytics.com www.autoracing.com.br *.googleadservices.com www.iloveny.com www.google.ch www.google.com.cy s3.amazonaws.com c.tile.openstreetmap.org region1.analytics.google.com www.google.hr www.google.im www.trustpilot.com translate.google.com ssl.google-analytics.com apply.indeed.com nodeintranet.trailfinders.com www.google.co.tz test.trailfinders.com www.googletagmanager.com/gtag/js secure.trailfinders.com www.bitguardian.de gadventures.b.ssl.fastly.net applepay.cdn-apple.com/ tsys.arcot.com sp.tinymce.com wss://www.trailfinders.com www.google.be *.fastly.net www.google.cz www.google.com.tr cdnjs.cloudflare.com www.google.sn api.responseiq.com www.google.com.sg www.earth.com utils.lumen-research.com geo1.ggpht.com www.google.com.eg *.everesttech.net www.giveitlove.com www.google.fr www.google.co.th api.segment.io www.serchioindiretta.it www.ciuvo.com www.google.pl webimages.trailfinders.com www.google.dk assets.adobedtm.com *.facebook.com *.gstatic.com *.omtrdc.net www.google.co.uk assets.grammarly.com www.googleoptimize.com www.intrepidtravel.com www.tailwindapp.com www.google.com.ar icm.aexp-static.com www.netmums.com; frame-ancestors 'self' www.google.at www.google.ie www.google.fr www.google.co.il www.trailfinders.com www.google.it www.trailfinders.ie www.google.ch www.google.co.id www.google.com ;  1
default-src 'self' https://achareh.co https://*.achareh.co; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://achareh.co https://*.achareh.co https://achareh.ir https://*.achareh.ir https://achareh.co https://*.achareh.co https://ubaar.ir https://*.ubaar.ir https://yektanet.com/ https://*.yektanet.com/ https://mediaad.org https://*.mediaad.org https://ma-cdn.pegah.tech https://achareh-livechat1.dolphinai.ir wss://achareh-livechat1.dolphinai.ir https://stats.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ wss://*.achareh.ir https://static-ebcom.mci.ir https://*.arvancloud.ir https://clarity.ms https://*.clarity.ms https://c.bing.com; script-src 'sha256-B0NRLFI1cJ/9Qk6bz94uwqEyxd4robjDrHgwkqwaU5A=' 'self' 'self' https://achareh.co https://*.achareh.co https://hotjar.com https://*.hotjar.com https://yektanet.com https://*.yektanet.com https://mediaad.org https://*.mediaad.org https://achareh-livechat1.dolphinai.ir https://static-ebcom.mci.ir https://www.googletagmanager.com https://www.clarity.ms; frame-src 'self' https://*.aparat.com https://*.hotjar.com https://achareh-livechat1.dolphinai.ir https://mediacdn.mediaad.org https://player.arvancloud.ir; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; report-uri https://sentry.ubaar.ir/api/12/security/?sentry_key=133626d5faab4b0da12bbfb4617e6c8a 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://aither.cc:8443/socket.io/ wss://aither.cc:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src             'self'             westbahn.at             *.westbahn.at             'unsafe-inline'             data:             https:             https://*.hotjar.com             https://*.hotjar.io             wss://*.hotjar.com         ; 1
frame-ancestors 'self' *.duisburg.de 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://api.mapbox.com https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'unsafe-inline' 'report-sample' 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://apikeys.civiccomputing.com https://region1.google-analytics.com https://vimeo.com https://www.google-analytics.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://player.vimeo.com; img-src 'self' data: https://i.vimeocdn.com; manifest-src 'self'; media-src 'self'; report-uri https://657071d506d4cc5cba54ec0d.endpoint.csper.io/?v=0; worker-src blob:; 1
default-src 'self'; frame-src 'self' data: blob: fast.wistia.net www.nbcnews.com www.smart911.com www.youtube.com https://savitar.z13.web.core.windows.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self' smart911.com *.smart911.com *.raveu.com *.getrave.com getrave.com *.zendesk.com; font-src 'self' data: *.gstatic.com *.commandcentral.com https://www.googletagmanager.com/gtag/js?id=G-D70LWPYBEJ&cx=c&_slc=1; connect-src 'self' blob: data: www.smart911.com smart911.com *.walkme.com *.twiliocdn.com wss://*.twilio.com *.twilio.com *.mapbox.com wss://smart911.com wss://www.smart911.com *.googleapis.com *.google-analytics.com *.gstatic.com *.hubspot.com *.commandcentral.com *.arcgis.com; child-src 'self' blob: data: www.smart911.com smart911.com www.nbcnews.com www.youtube.com wss://smart911.com wss://www.smart911.com; object-src 'self' 'unsafe-inline' blob: data: smart911.com; style-src 'self' 'unsafe-inline' *.arcgis.com *.commandcentral.com https://savitar.z13.web.core.windows.net *.googleapis.com *.walkme.com *.google-analytics.com *.gstatic.com *.hubspot.com; img-src * 'self' blob: data: *.mapbox.com *.getrave.com *.smart911.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.commandcentral.com https://savitar.z13.web.core.windows.net *.walkme.com *.twiliocdn.com *.twilio.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.hscta.net *.hubspot.com *.mapbox.com *.nbcnews.com www.sc.pages05.net *.arcgis.com https://www.googletagmanager.com/gtag/js?id=G-D70LWPYBEJ&cx=c&_slc=1 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.scot; img-src 'self' https: data: blob: https://mastodon.scot; style-src 'self' https://mastodon.scot 'nonce-DL21c+UFnMh/82ihA+BaRg=='; media-src 'self' https: data: https://mastodon.scot; frame-src 'self' https:; manifest-src 'self' https://mastodon.scot; form-action 'self'; child-src 'self' blob: https://mastodon.scot; worker-src 'self' blob: https://mastodon.scot; connect-src 'self' data: blob: https://mastodon.scot https://media.mastodon.scot wss://mastodon.scot; script-src 'self' https://mastodon.scot 'wasm-unsafe-eval' 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.gartner.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hubspot.com https://*.quora.com https://*.cloudflare.com https://pagead2.googlesyndication.com https://*.gartner.com https://js.hsforms.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hscollectedforms.net https://*.youtube.com https://*.lfeeder.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://www.clickcease.com https://*.clarity.ms https://snap.licdn.com https://js.intercomcdn.com https://cdn.jsdelivr.net https://widget.intercom.io; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com data: https://*.gartner.com; frame-src 'self' https://*.regulaforensics.com https://*.hs-sites.com https://td.doubleclick.net https://*.youtube.com https://consentcdn.cookiebot.com https://www.facebook.com https://*.gartner.com https://forms.hsforms.com; frame-ancestors 'self' https://*.regulaforensics.com; form-action 'self' https://www.facebook.com https://forms.hsforms.com; object-src 'none'; media-src blob: https://*.regulaforensics.com; img-src 'self' data: blob: https://imgsct.cookiebot.com https://*.regulaforensics.com https://*.gartner.com https://*.hsforms.com https://*.hubspot.com https://*.ytimg.com https://regulaforensics.com https://www.gravatar.com https://*.quora.com https://*.bing.com https://*.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk *.google.com https://www.facebook.com https://*.adsymptotic.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://gifs.intercomcdn.com https://*.linkedin.com https://*.lfeeder.com; connect-src 'self' https://*.nr-data.net https://*.quora.com wss://nexus-websocket-a.intercom.io https://*.lf-discover.com https://*.regulaforensics.com https://*.hubapi.com https://*.hubspot.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.co.uk *.google.com https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.clarity.ms https://api-iam.intercom.io https://uploads.intercomcdn.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.facebook.com 1
frame-ancestors 'self' *.wakemed.org 1
script-src 'self' https://maps.googleapis.com/ 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://mc.yandex.ru https://fo.allianz.ru https://testfo.allianz.ru https://www.googletagmanager.com https://egrp365.ru http://128.199.44.127 https://*.dadata.ru https://bitrix.info/ba.js https://ssl.google-analytics.com/ga.js https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js 1
default-src * 'unsafe-inline' 'unsafe-eval'; form-action https://* ; img-src * data: blob: 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://vjs.zencdn.net https://maps.googleapis.com https://maps.gstatic.com https://*.fls.doubleclick.net https://bounce.exacttarget.com https://exacttarget.com https://*.marketingcloudapps.com; font-src 'self' data: https://vjs.zencdn.net; img-src 'self' data: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://maps.googleapis.com https://maps.gstatic.com https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.fls.doubleclick.net; media-src 'self' blob: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net; worker-src 'self' blob:; object-src 'self' blob:; child-src 'self'; frame-src 'self' https://vds.issgovernance.com https://*.dws.de https://*.dws.com https://*.mateti.net https://*.equitystory.com https://www.google.com https://*.fls.doubleclick.net; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://static.formstack.com data:; connect-src 'self' https://recruiting.paylocity.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.googleadservices.com https://*.bing.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://player.vimeo.com https://www.google.com https://static.addtoany.com https://www.fintactix.net data: https://*.doubleclick.net https://insight.adsrvr.org https://lgfculocator.wave2.io https://www.youtube.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.bing.com https://www.facebook.com data: https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://s3.amazonaws.com https://static.addtoany.com https://static.srcspot.com https://www.ncsecu.org; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' https://cdn.jsdelivr.net https://s3.amazonaws.com https://static.srcspot.com https://www.ncsecu.org https://static.addtoany.com blob:; form-action *; frame-ancestors 'self'; block-all-mixed-content 1
default-src * data: blob:; script-src sc.lfeeder.com vidassets.terminus.services forms.hsforms.com js.hsforms.net cdn.popt.in static1.twitcount.com js.hs-banner.com js.hs-analytics.net  js.hsadspixel.net platform.twitter.com js.hs-scripts.com www.googletagmanager.com googleads.g.doubleclick.net a.quora.com platform.linkedin.com s7.addthis.com  px.ads.linkedin.com snap.licdn.com d3e54v103j8qbb.cloudfront.net d1tdp7z6w94jbb.cloudfront.net static.hsappstatic.net ajax.googleapis.com code.jquery.com use.typekit.net www.googleadservices.com www.fullstory.com testfairy.com *.testfairy.com *.intercom.io *.intercomcdn.com *.facebook.net tracking.leadlander.com b.sf-syn.com *.google-analytics.com *.google.com *.googleapis 'unsafe-inline'; style-src data: blob: 'unsafe-inline' *; 1
default-src 'self'; frame-ancestors 'self' https://www.idicore.com; frame-src 'self' https://www.idicore.com https://admin.idicore.com https://account.idicore.com https://batch-ui.idicore.com:8443; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' blob: https://sakani.sa/favicon.ico https://media.sakani.housing.sa; frame-ancestors 'self' https://banners-ads.sakani.sa; script-src 'self' blob: https://live-chat-static.sprinklr.com https://prod2-sprcdn-assets.sprinklr.com  https://prod2-live-chat.sprinklr.com https://prod2-spx-components.cdn.sprinklr.com/ https://jed-s3.bluvalt.com https://js.arcgis.com https://trackcmp.net https://*.app-us1.com https://cdn.onesignal.com https://onesignal.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://cdn.branch.io/branch-latest.min.js https://static.hotjar.com/c/hotjar-1852909.js https://script.hotjar.com/modules.875e8181449a9cd033c6.js https://script.hotjar.com/modules.4716e7a2063e3577efe2.js https://script.hotjar.com/modules.3bdaf89b2eed32b88847.js https://script.hotjar.com/modules.f1a4678ae1779bff3e3e.js https://app.link http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://media.sakani.housing.sa 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://jed-s3.bluvalt.com *.arcgis.com https://*.app-us1.com https://fonts.googleapis.com https://media.sakani.housing.sa; img-src 'self' blob: data: https://prod2-sprcdn-assets.sprinklr.com https://prod2-live-chat.sprinklr.com https://sprcdn-assets.sprinklr.com/ https://sakani-media-assets.jed-s3.bluvalt.com https://sakani-prod-media-assets.jed-s3.bluvalt.com https://jed-s3.bluvalt.com via.placeholder.com https://cdn.arcgis.com *.arcgisonline.com media.sakani.housing.sa https://rep.sakani.housing.sa https://media.sakani.housing.sa https://www.google-analytics.com https://www.googletagmanager.com https://sakani-media-assets.api-object.bluvalt.com:8082/ https://sakani-prod-media-assets.api-object.bluvalt.com:8082/ https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net/ https://script.hotjar.com http://script.hotjar.com https://muqawil.org/ https://banners-ads.sakani.sa/ https://eservices.ejar.sa; font-src 'self' data: https://jed-s3.bluvalt.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com https://media.sakani.housing.sa/; connect-src 'self' https://prod2-live-chat.sprinklr.com/ https://live-chat-static.sprinklr.com https://prod2-sprcdn-assets.sprinklr.com wss://prod2-live-chat-mqtt.sprinklr.com https://jed-s3.bluvalt.com https://sakani-prod-media-assets.jed-s3.bluvalt.com media.sakani.housing.sa *.arcgisonline.com js.arcgis.com www.arcgis.com *.arcgis.com api-object.bluvalt.com:8082 https://api.mapbox.com/ https://events.mapbox.com/ https://*.app-us1.com onesignal.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com/api/v1/client/ws https://api2.branch.io/v1/ http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://media.sakani.housing.sa https://firebase.googleapis.com/ https://firebaseinstallations.googleapis.com/; media-src 'self' https://sprcdn-assets.sprinklr.com/ https://prod2-sprcdn-assets.sprinklr.com https://prod2-live-chat.sprinklr.com https://jed-s3.bluvalt.com https://jed-s3.bluvalt.com/sakani-prod-media-assets https://sakani-media-assets.api-object.bluvalt.com:8082/* https://sakani-prod-media-assets.api-object.bluvalt.com:8082/ https://media.sakani.housing.sa; frame-src 'self' blob: https://survey-prod2.sprinklr.com/ https://www.googletagmanager.com/ https://jed-s3.bluvalt.com https://sakani-prod-media-assets.jed-s3.bluvalt.com https://www.google.com/recaptcha/ https://sakani.xidea.co/ https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html https://vars.hotjar.com https://rei.sakani.sa/ https://opdl.redf.gov.sa/inquery.aspx https://media.sakani.housing.sa https://banners-ads.sakani.sa/ https://www.youtube.com; ; upgrade-insecure-requests; 1
default-src 'self' ; connect-src * blob:; font-src 'self'  data:; frame-src blob: squadus://* *; frame-ancestors 'none'; img-src * blob: data:; media-src * data:; script-src 'self' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 1
form-action 'self' https://*.internet.nl; base-uri 'self' https://*.internet.nl; frame-ancestors 'none'; default-src 'self' https://*.internet.nl 1
script-src 'self' 'unsafe-inline' www.googletagmanager.com cdnjs.cloudflare.com platform.twitter.com cdn.jsdelivr.net public.tableau.com; 1
default-src *; img-src * data: http: https: ; script-src * 'unsafe-inline' 'unsafe-eval' http: https: *.dynamicyield.com; style-src * 'unsafe-inline' http: https: ; font-src *; frame-src * http: https: *.dynamicyield.com; frame-ancestors *; form-action * http: https: ; media-src * http: https: ; connect-src * http: https: ;base-uri  *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.community; img-src 'self' https: data: blob: https://toot.community; style-src 'self' https://toot.community 'nonce-NL9GqnIGrKG2u3LuIHtZTA=='; media-src 'self' https: data: https://toot.community; frame-src 'self' https:; manifest-src 'self' https://toot.community; form-action 'self'; child-src 'self' blob: https://toot.community; worker-src 'self' blob: https://toot.community; connect-src 'self' data: blob: https://toot.community https://static.toot.community wss://streaming.toot.community; script-src 'self' https://toot.community 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.uqr.me *.uqr.to *.qrcodekit.com *.odisee.be *.kuleuven.cloud 1
default-src 'self'; script-src-elem * 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src ; img-src 'self' data: https://images.ctfassets.net https://www.google.com.ar/ads/ga-audiences https://www.googletagmanager.com https://*.openstreetmap.org https://*.doubleclick.net/ https://www.facebook.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://*.cloudfront.net https://skyvideo.custhelp.com https://*.sky.com.mx https://*.doubleclick.net; connect-src 'self' data: https://maps.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://*.sky.com.mx https://assets.ctfassets.net https://*.doubleclick.net https://www.google.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com; media-src 'self' https://videos.ctfassets.net https://*.youtube.com; worker-src 'self' blob: 1
frame-src 'self' web.cvent.com *.statuspage.io/ *.youtube.com *.twitter.com www2.central1.com central1marketing.formstack.com; connect-src 'self' stats.g.doubleclick.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.google-analytics.com *.youtube.com *.twitter.com *.google.com; font-src 'self' static.formstack.com fonts.gstatic.com *.typekit.net data:; script-src 'self' 'unsafe-hashes' *.hotjar.com tagmanager.google.com pi.pardot.com www2.central1.com maps.googleapis.com maps.google.com *.smartrecruiters.com cdn.syndication.twimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com central1marketing.formstack.com static.formstack.com ajax.googleapis.com 'sha256-msWXg7hSNTJrFTIqXH1IDgf/nYNKpNW5PaQUx8KTy/0=' 'sha256-9IIXk781znXguO/JO/lm0z7LipsWChOW+YDXfxL3fXA=' 'sha256-O0Kte81KfNR2Zr0NGw0tr/lT4VMU8bBXf1HZChkuChI=' 'sha256-SdbKrmkaDtKnYS9UBOsY1llqJt7RP46sqZBDqydN3nU=' 'sha256-iRjObDyIiUI9348i1I2b/CWB5nPK9MMTHR3NVkPdm88=' 'sha256-thB0KCZWHIY9EE/1jMs7kmOcC+MqEJJG3i4cbnANTPw=' 'sha256-XKDLjOozHurmrXRoH+UnRH/aMY4Ejf5Ut+8TjV+zWXU=' 'sha256-5vjepDTQzedOE9keI3hswJOKxzYyt2vWP/6WZXEHLGU=' 'sha256-Xudg8MsznAR/JEzP88WrTx9cOSuYiFtngSOutgcFB3M=' 'sha256-pn/o5BWPYTEviTUNeqJxgwsP88NriFpA6bDATaF1Q3Y=' 'sha256-2JtvFutMzefrvYyxAozrgwboKfjmBSXl/99gS8RGuXk=' 'sha256-Z13oZ5zMMn5azTJJ1Pe/r5gubt3OziHFqEqxZEY9/80=' 'sha256-BWlnq/rwtW11WN+C4H10WVOhDIqMEcSzHiCiEX+jwiw=' 'sha256-3/AesHbYer+wyYipwTqembNMK8XtsE6mpCBdGFjM/h8=' 'sha256-YUC2sUas/JIauwB9PcKKybjvfDnFf+SCmtAhIePfPPk=' 'sha256-KVsGC2LmLWR4pBkL1APTyYy/k+X7crYRF3aAc+EPElo=' 'sha256-bB1pkTaKfAL9JEPUE+pVyhEpsFatG/QerbWomwsyrjo=' 'sha256-JsHgdYAq2QBmtJR2d5VdGx2SnuRtpfR/4fqVvqhGHBE=' 'sha256-Aj4XHoTvM86YtcE0qtWW8ZWkmds93gFLHKvugAfuULU=' 'nonce-value_9987'; style-src 'self' tagmanager.google.com *.typekit.net *.twitter.com *.twimg.com static.formstack.com fonts.googleapis.com *.smartrecruiters.com 'unsafe-inline'; img-src 'self' www.googletagmanager.com www.google.com www.google.ca ssl.gstatic.com www.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net data: *.google-analytics.com *.twimg.com *.twitter.com secure.gravatar.com ps.w.org; default-src 'self' 1
frame-ancestors https://visitnj.org https://ewrt1.parasyst.net; report-uri /report-csp-violation 1
frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com cookiemanager.investisdigital.com investisdigital.com *.investisdigital.com vp223.alertir.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com otp.tools.investis.com *.investisdigital.com player.vimeo.com www.recaptcha.net vp223.alertir.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com cdnjs.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com ellos.varbi.com vp223.alertir.com news.alertir.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' assets.adobedtm.com cdn.jsdelivr.net s.go-mpulse.net sc.lfeeder.com staticcontents.investisdigital.com www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com cdn.jsdelivr.net cdnjs.cloudflare.com s.go-mpulse.net sc.lfeeder.com staticcontents.investisdigital.com *.investisdigital.com www.google-analytics.com otp.tools.investis.com www.googletagmanager.com viz.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.idigitalcontents.com hello.myfonts.net viz.tools.investis.com; object-src 'none'; connect-src 'self' *.akamaihd.net *.akstat.io *.investisdigital.com dpm.demdex.net *.google-analytics.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com c.go-mpulse.net edge.api.brightcove.com judxu4avx2.execute-api.eu-west-1.amazonaws.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com www.google-analytics.com stats.g.doubleclick.net viz.tools.investis.com smetrics.global.mandg.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com; font-src 'self' 'unsafe-inline' fonts.idigitalcontents.com viz.tools.investis.com; frame-src 'self' flo.uri.sh mandg.videomarketingplatform.co irs.tools.investis.com otp.tools.investis.com prudentialdistribution.demdex.net www.youtube.com; img-src 'self' *.everesttech.net cm.everesttech.net dpm.demdex.net viz.tools.investis.com www.googletagmanager.com www.google.com www.google.co.in otp.tools.investis.com irs.tools.investis.com www.google.co.uk cf-images.eu-west-1.prod.boltdns.net tr.lfeeder.com metrics.brightcove.com www.google-analytics.com smetrics.global.mandg.com; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com fonts.idigitalcontents.com; 1
frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com http://www.google-analytics.com http://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' http://www.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://auda.org.au https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://connect.facebook.net/en_US/fbevents.js https://code.jquery.com/ http://github.com/robloach/jquery-once/ https://performance.radar.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://maps.googleapis.com/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://audamembersignup.azurewebsites.net/ https://snap.licdn.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://www.facebook.com/ https://connect.facebook.net/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://ajax.googleapis.com/ https://static.cloudflareinsights.com/ https://assets.auda.org.au/ https://px.ads.linkedin.com/ https://www.linkedin.com/; style-src 'self' 'unsafe-inline' https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://assets.auda.org.au/ https://audamembersignup.azurewebsites.net/ https://www.linkedin.com/; base-uri 'self'; connect-src 'self' https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://connect.facebook.net/en_US/fbevents.js https://www.auda.org.au/ https://performance.radar.cloudflare.com/ https://maps.googleapis.com/ https://audaform.azurewebsites.net/ https://www.facebook.com/ https://assets.auda.org.au/ https://audapublic.azurewebsites.net/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://cdn.jsdelivr.net/ https://px.ads.linkedin.com/ wss://audaform.azurewebsites.net/ https://static.cloudflareinsights.com/ https://audamembersignup.azurewebsites.net/ https://cdn.linkedin.oribi.io/ wss://audamembersignup.azurewebsites.net/ https://www.google-analytics.com/ https://www.linkedin.com/; font-src 'self' data: https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://fonts.googleapis.com/ https://www.google.com/ https://maps.googleapis.com/ https://assets.auda.org.au/ https://fonts.gstatic.com/ https://www.linkedin.com/; frame-src 'self' https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.google.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://assets.auda.org.au/ https://info.auda.org.au/ https://acrobat.adobe.com/ https://www.linkedin.com/; img-src 'self' data: https://i.ytimg.com/ https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://benchmark.1e100cdn.net/ https://www.facebook.com/ https://connect.facebook.net/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.google.com.au/ https://cdn.jsdelivr.net/ https://cedexis-test.akamaized.net/  https://assets.auda.org.au/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://www.google-analytics.com/ https://whois.auda.org.au/ https://www.googletagmanager.com/ https://maps.gstatic.com/ https://info.auda.org.au/ https://audamembersignup.azurewebsites.net/ https://px4.ads.linkedin.com/ https://audapublic.azurewebsites.net/  https://px.ads.linkedin.com/ https://auda-corp-web-s3.s3.ap-southeast-2.amazonaws.com/ https://s3.console.aws.amazon.com/ https://www.linkedin.com/; manifest-src 'self';   media-src 'self';   worker-src 'none'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src * data: 'unsafe-inline'; img-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' *.cookiefirst.com www.google.com; img-src 'self' data: piwik.xsnews.nl googleads.g.doubleclick.net www.google.nl www.google.com www.gstatic.com *.facebook.com *.openstreetmap.org *.cookiefirst.com www.googletagmanager.com; frame-src 'self' help.xsnews.com widget.trustpilot.com  www.google.com; object-src 'none'; base-uri 'none'; connect-src 'self' piwik.xsnews.nl googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com *.cookiefirst.com connect.facebook.net www.facebook.com www.google-analytics.com; script-src 'self' help.xsnews.com widget.trustpilot.com piwik.xsnews.nl www.google.nl www.googleadservices.com googleadservices.com googleads.g.doubleclick.net *.cookiefirst.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com www.google-analytics.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-OTAzZmQ0ZGMtM2UzZC00ZTdkLWI0NDUtNmRmYWFhN2ZjYmQy'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self';script-src 'self' cdnjs.cloudflare.com unpkg.com 'nonce-7PkYZRNqVIiCNeXG5j6G' 'strict-dynamic' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com tag.clearbitscripts.com x.clearbitjs.com www.redditstatic.com px.ads.linkedin.com snap.licdn.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.6sc.co 6sense.com static.cdn.prismic.io prismic.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;connect-src 'self' https://home.stellarite.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://analytics.google.com aorta.clickagy.com hemsync.clickagy.com  app.clearbit.com cdn.linkedin.oribi.io px.ads.linkedin.com *.hs-banner.com api.hsforms.com api.hubapi.com *.6sc.co *.6sense.com material-site.cdn.prismic.io;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;img-src 'self' ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com alb.reddit.com px.ads.linkedin.com px4.ads.linkedin.com track.hubspot.com *.6sc.co images.prismic.io prismic-io.s3.amazonaws.com/material-site/ material-site.cdn.prismic.io/material-site/;media-src 'self' material-site.cdn.prismic.io;frame-src 'self' https://td.doubleclick.net hemsync.clickagy.com material-site.prismic.io https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ www.youtube.com www.vimeo.com open.spotify.com 1
frame-ancestors 'self' *.aejuice.com aejuice.com 1
frame-ancestors 'self' https://cgp.cgscholar.com/ 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self'; img-src 'self' cdn.rd.com.br www.rd.com.br maps.googleapis.com maps.gstatic.com www.google-analytics.com i.ytimg.com cdn.cookielaw.org data: *.w.org secure.gravatar.com; script-src 'self' 'unsafe-eval' 'report-sample' 'self' dev.rd.com.br rd.com.br maps.googleapis.com cdnjs.cloudflare.com maps.gstatic.com www.google-analytics.com ajax.googleapis.com cdn.cookielaw.org 'unsafe-inline' geolocation.onetrust.com www.youtube.com d3e54v103j8qbb.cloudfront.net www.google.com www.gstatic.com; connect-src 'self' www.google-analytics.com cdn.cookielaw.org stats.g.doubleclick.net privacyportal-br.onetrust.com geolocation.onetrust.com raiadrograsil-privacidade.my.onetrust.com; style-src 'self' 'unsafe-inline' rd.com.br dev.rd.com.br fonts.googleapis.com; frame-src 'self' www.youtube.com www.google.com; font-src 'self' data: fonts.gstatic.com; media-src 'self' cdn.rd.com.br; frame-ancestors 'self' 1
img-src *; script-src 'unsafe-inline' *; frame-src *; style-src 'unsafe-inline' *; 1
default-src 'self'; script-src 'self' https://code.jquery.com https://apis.google.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' ssl.gstatic.com https://usenet.farm https://www.coinpayments.net https://www.vipernews.com https://cdn.vipernews.com https://gravatar.com data:; style-src 'self' https://fonts.googleapis.com/ https://fonts.bunny.net/ 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com  https://fonts.bunny.net data:; frame-src 'self' https://youtube.com https://www.youtube.com https://www.google.com;; connect-src 'self' https://apis.google.com; object-src 'none' 1
default-src 'self' ; style-src  https: 'unsafe-inline'; script-src https://*.ispserver.ru/ https://ispserver.ru/ https://ispserver.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.ispserver.ru/ https://my.ispserver.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://*.chathost.ru/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/; frame-src https://www.google.com/ 'self'; font-src 'self' https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'self'; frame-ancestors 'self' https://metrika.yandex.ru; 1
default-src 'none'; img-src 'self' data: https://www.gstatic.com/ https://das997q1qk8hr.cloudfront.net/ https://d31b6wl7v65wwb.cloudfront.net/ https://fonts.gstatic.com/ https://www.google.com.co/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://beta.www.gov.co/ https://cdn.www.gov.co https://govco-preprod-webutils.s3.amazonaws.com/ https://govco-poc.s3.us-east-2.amazonaws.com https://govco-test-webutils.s3.amazonaws.com https://govco-prod-webutils.s3.amazonaws.com https://www.gov.co https://precdn.www.gov.co/ https://www.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.jsdelivr.com/ https://cdn.jsdelivr.net/ https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://code.jquery.com/jquery-3.5.1.slim.min.js https://script.hotjar.com/modules.bc1117deb4413903e9ac.js https://rec.smartlook.com/recorder.js https://script.hotjar.com/modules.bc1117deb4413903e9ac.js https://static.hotjar.com/c/hotjar-2625189.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js https://www.googletagmanager.com/gtag/js https://aws-cdn.www.gov.co/webcomponents/govco-collection-webcomponents/govco-collection-webcomponents.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beta.www.gov.co https://cdn.jsdelivr.net https://cdn.www.gov.co https://cdnjs.cloudflare.com https://aws-cdn.www.gov.co https://pwa-preprod.www.gov.co/; object-src 'self'; base-uri 'self'; connect-src 'self' 'unsafe-inline' https://translate.googleapis.com/ https://das997q1qk8hr.cloudfront.net/ https://fonts.gstatic.com/ https://ka-f.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdn.www.gov.co/ https://static.hotjar.com/ https://fonts.googleapis.com/ https://govco-prod-webutils.s3.amazonaws.com/ https://www.gov.co/ https://www.googletagmanager.com/ https://metrics.hotjar.io/ https://content.hotjar.io/ https://buscador.www.gov.co/ https://buscador-v1.www.gov.co/ https://web-writer.br.smartlook.cloud/ https://assets-proxy.smartlook.cloud/ https://autenticaciondigital.and.gov.co/ https://d31b6wl7v65wwb.cloudfront.net/ https://govco-preprod-webutils.s3.amazonaws.com wss://transcribestreaming.us-east-1.amazonaws.com:8443 wss://ws.hotjar.com/api/v2/client/ws https://prebuscador.www.gov.co/ https://preapi-interno.www.gov.co/ https://region1.google-analytics.com https://preautenticaciondigital.and.gov.co/ https://ka-f.fontawesome.com/releases/v5.15.4/css/ https://aws-api-interno.www.gov.co https://aws-autenticaciondigital.and.gov.co https://www.google-analytics.com https://api-interno.www.gov.co/ https://manager.eu.smartlook.cloud/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/; font-src 'self' data: https://ka-f.fontawesome.com/ https://cdn.www.gov.co https://cdnjs.cloudflare.com https://fonts.gstatic.com https://aws-cdn.www.gov.co https://precdn.www.gov.co/ https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' https://aws.www.gov.co/ https://das997q1qk8hr.cloudfront.net/ https://www.gov.co/; frame-src 'self' https://docs.google.com/ https://autenticaciondigital.and.gov.co/ https://horalegalnueva.inm.gov.co/ https://aws.www.gov.co/ https://www.gov.co/ https://www.youtube.com/ https://preautenticaciondigital.and.gov.co https://vars.hotjar.com https://www.googletagmanager.com https://www.google.com/ https://das997q1qk8hr.cloudfront.net/; manifest-src 'self'; media-src 'self';worker-src 'self'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/ https://pwa-preprod.www.gov.co/ https://precdn.www.gov.co/ https://www.google.com https://pwa-preprod.www.gov.co/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://cdn.www.gov.co/ https://maxcdn.bootstrapcdn.com/; script-src-elem 'self'  'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://static.hotjar.com/ https://cdn.www.gov.co/ https://www.google.com https://www.googletagmanager.com/gtag/ https://aws-cdn.www.gov.co/ https://script.hotjar.com/ https://precdn.www.gov.co/ blob: https://pwa-preprod.www.gov.co/ https://www.gstatic.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://rec.smartlook.com/ https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://maps.googleapis.com/ https://stackpath.bootstrapcdn.com/ https://kit.fontawesome.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/; 1
default-src 'self' https://www.londonzoo.org https://cms.londonzoo.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'nonce-ddaadfe1b0374327949df2451b050592' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net ; connect-src 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com ; frame-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com ; frame-ancestors 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk ; upgrade-insecure-requests; 1
default-src 'self'; img-src 'self' data: https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.googletagmanager.com https://cdn-images.kyruus.com https://kyruus-app-static.kyruus.com https://img.youtube.com https://www.facebook.com https://connect.facebook.net https://translate.google.com https://googleads.g.doubleclick.net https://ww2.matchinggifts.com https://*.google-analytics.com https://*.analytics.google.com https://aedviewer.pulsepoint.org https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com https://app.dafwidget.com https://ww2.matchinggifts.com https://www.matchinggifts.com/ https://www.googletagmanager.com https://www.google-analytics.com https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://code.jquery.com https://ajax.microsoft.com https://unpkg.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.google.com https://www.gstatic.com https://cdn.calltrk.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://js.eruptr.io https://widget.thegivingblock.com https://js.calltrk.com https://www.nuvancehealth.org; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://translate.googleapis.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://app.dafwidget.com https://payments.blackbaud.com https://cdn.kyruus.com https://www.gstatic.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://web.production.gyantts.com https://widget.thegivingblock.com https://aedviewer.pulsepoint.org https://cdn.kyruus.com; frame-src 'self' 'unsafe-eval' https://ww2.matchinggifts.com https://www.matchinggifts.com https://javamatch.matchinggifts.com https://causes.benevity.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://host.nxt.blackbaud.com https://go.nuvancehealth.org https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://intakeforms.sequencehealth.com https://www.facebook.com https://ww2.matchinggifts.com https://www.matchinggifts.com https://javamatch.matchinggifts.com https://causes.benevity.org https://widget.thegivingblock.com https://aedviewer.pulsepoint.org; media-src 'self' data: https://www.youtube.com https://translate.googleapis.com; connect-src 'self' https://www.google-analytics.com https://web.production.gyantts.com wss://web.production.gyantts.com https://stats.g.doubleclick.net https://s3.amazonaws.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://maps.googleapis.com https://translate.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.eruptr.io https://js.calltrk.com https://www.nuvancehealth.org; object-src https://www.matchinggifts.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.electionstats.com.com https://*.elstats-staging.com; 1
script-src 'unsafe-eval' blob: 'self' 'nonce-lQsAqL770CirhGw+3Naz' https://analytics.starcitizen.tools; default-src 'self' data: blob: https://media.starcitizen.tools https://upload.wikimedia.org https://commons.wikimedia.org https://api.flickr.com https://analytics.starcitizen.tools; style-src 'self' data: blob: https://media.starcitizen.tools https://upload.wikimedia.org https://commons.wikimedia.org https://api.flickr.com https://analytics.starcitizen.tools 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://foapi.we-online.com https://coco.we-online.com https://enquiry.we-online.com https://www.googletagmanager.com https://html5-player.libsyn.com; font-src 'self' data: https://netdna.bootstrapcdn.com https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net; frame-ancestors https://redexpert.we-online.com/ https://cmsprod.we-group.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://hit.uptrendsdata.com https://redexpert.we-online.de https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://redexpert.we-online.com https://coco.we-online.com https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://*.lfeeder.com; frame-src https://www.iqdfrequencyproducts.com https://redexpert.we-online.com https://careers.flatchr.io https://enquiry.we-online.com https://mit.we-online.com https://www.youtube.com https://www.facebook.com https://coco.we-online.com https://html5-player.libsyn.com https://*.go-mpulse.net; connect-src 'self' https://*.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://cdn.linkedin.oribi.io/partner/208516/domain/we-online.com/token https://hit.uptrendsdata.com https://region1.analytics.google.com https://userlike-cdn-umm.b-cdn.net https://www.facebook.com https://*.cloudfront.net wss://umd.userlike.com https://www.userlike.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://stats.g.doubleclick.net https://redexpert.we-online.de/api/geoIp/ https://region1.google-analytics.com/ https://foapi.we-online.com https://coco.we-online.com https://api.we-online.com/svc/geoIp/ https://api.friendlycaptcha.com https://www.google-analytics.com https://s.go-mpulse.net https://c.go-mpulse.net https://px.ads.linkedin.com https://*.akstat.io blob: ; img-src 'self' data: base64 https://px.ads.linkedin.com https://www.google.de https://userlike-cdn-operators.userlike.com https://www.digikey.se https://www.digikey.de https://www.digikey.com https://region1.google-analytics.com https://redexpert.we-online.de https://redexpert.we-online.com https://powerelement.we-online.de/ https://userlike-store-media-files.s3.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://i.ytimg.com https://we-online.com https://www.we-online.com https://coco.we-online.com https://www.kununu.com https://www.facebook.com https://www.instagram.com https://www.tiktok.com https://www.xing.com https://www.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com https://*.lfeeder.com; style-src 'self' 'unsafe-inline' https://coco.we-online.com https://html5-player.libsyn.com; base-uri 'self'; form-action 'self' https://www.we-online.de https://mail.we-online.com https://www.facebook.com/tr/; worker-src 'self' blob: https://www.we-online.com; 1
font-src https://assets.dtv.de; 1
default-src https: 'self' *.motive.co; img-src https: 'self' data: *.motive.co; style-src https: 'self' 'unsafe-inline' *.motive.co; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.motive.co 1
script-src 'nonce-6Ke2EvMqcR1UdgZ2HF6e7Mq8LYc=' 'self' mijncdnpartner.nl www.googletagmanager.com www.smartsuppchat.com smartsuppcdn.com *.smartsuppcdn.com d10lpsik1i8c69.cloudfront.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /v1/csp/reports 1
img-src 'self' blob: data: https: *.rentberry.com;style-src 'self' 'unsafe-inline' https: *.rentberry.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.rentberry.com;base-uri 'self'; 1
frame-ancestors 'self' https://admin.juliensauctions.com 1
default-src 'self' *.finnomena.com; script-src 'self' *.finnomena.com https://connect.facebook.net https://polyfill.io https://lvs.truehits.in.th https://script.hotjar.com https://static.hotjar.com https://www.googleoptimize.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://js.appboycdn.com https://*.survicate.com https://cdn.amplitude.com https://code.jquery.com *.firebaseio.com https://static.airtable.com 'unsafe-inline' 'unsafe-eval' data: https://analytics.tiktok.com https://*.licdn.com https://www.youtube.com https://*.omappapi.com https://www.clarity.ms https://cdnjs.cloudflare.com https://www.googleadservices.com https://*.canvasjs.com; style-src 'self' *.finnomena.com https://*.survicate.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://a.omappapi.com 'unsafe-inline'; connect-src 'self' *.finnomena.com https://in.hotjar.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.braze.com https://www.facebook.com https://adservice.google.com *.firebaseio.com wss: https://analytics.google.com https://cdn.linkedin.oribi.io https://*.omappapi.com https://analytics.tiktok.com https://*.clarity.ms https://px.ads.linkedin.com; font-src 'self' *.finnomena.com https://*.survicate.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' *.finnomena.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com *.firebaseio.com https://airtable.com https://w.soundcloud.com https://www.podbean.com https://*.google.com https://clarity.microsoft.com https://www.slideshare.net https://td.doubleclick.net; img-src 'self' *.finnomena.com http://www.w3.org https://www.facebook.com https://www.googletagmanager.com https://www.google.com/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://secure.gravatar.com https://storage.googleapis.com data: https://*.line-scdn.net https://*.linkedin.com https://braze-images.com https://a.omappapi.com https://www.google-analytics.com https://eodhistoricaldata.com https://eodhd.com https://claritystatic.blob.core.windows.net https://*.clarity.ms; object-src 'self' https://*.finnomena.com https://eodhistoricaldata.com; worker-src 'self' blob: https://*.finnomena.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://unpkg.com https://*.cloudflare.com https://tagmanager.google.com https://static.ads-twitter.com  https://*.twitter.com https://connect.facebook.net https://s.ytimg.com https://*.newrelic.com https://*.nr-data.net  https://*.jsdelivr.net/ https://*.newrelic.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://connect.facebook.net https://*.cloudflare.com https://*.jsdelivr.net/; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://www.google-analytics.com https://t.co https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com data: blob: https://*.jsdelivr.net/; media-src 'self' https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://*.doubleclick.net/; frame-ancestors 'self'; child-src 'self' data: blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.nr-data.net https://www.google-analytics.com 1
frame-src *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.gendex.com *.adsrvr.org *.simplifeye.co *.doubleclick.net *.simplifeye.co *.dexisuniversity.ru dexisuniversity.ru *.google.com dexis.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.addtoany.com *.hsforms.net *.newrelic.com *.nr-data.net  *.cookielaw.org *.hubspot.com *.googleadservices.com *.licdn.com *.hs-scripts.com *.facebook.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hsleadflows.net https://optimize.google.com  'unsafe-inline' *.prod.acquia-sites.com *.sociabble.com *.qualtrics.com td.doubleclick.net; report-uri /report-csp-violation 1
frame-ancestors 'self'; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://bascom.app/ survey.survicate.com surveys-static.survicate.com; style-src 'self' blob: https: 'unsafe-inline' https://bascom.app/; img-src https://bascom.app/ surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: http: https:; object-src https://bascom.app/; base-uri 'none'; child-src 'self'; font-src 'self' surveys-static.survicate.com *.tawk.to fonts.gstatic.com static.bascom.app; frame-src https://bascom.app/ *.google.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.bewakingscamera.nl *.bewakingscamera.be *.bascom-cameras.be *.bascom-kameras.de *.bascom-kameras.at *.bascom-kameras.ch *.bascom-cameras.ch *.bascom-cameras.fr *.bascom.no *.bascom.se *.bascom-cameras.co.uk *.bascom-telecamere.it *.bascomcctv.com *.bascom.app *.multisafepay.com 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://stats.scanguard.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.scanguard.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.scanguard.com http://url.scanguard.com/px/init/fortifi.js https://www.gstatic.com/; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.scanguard.com https://www.google.com/; connect-src 'self' https://my.scanguard.com https://ajax.scanguard.com https://login.scanguard.com https://signup.scanguard.com https://my.scanguard.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.scanguard.com; frame-ancestors 'self' 1
base-uri 'none'; connect-src https://*.sentry.io/api/; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://*.cyberbits.eu/; style-src 'unsafe-inline'; report-uri https://o4505555273515008.ingest.sentry.io/api/4505555281182720/security/?sentry_key=4840341ae86a4960b8d7f5f0809ce6a6 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.de/de/report-uri/enforce 1
frame-ancestors 'self'; report-uri https://csp-report.scoro.com; 1
frame-ancestors 'self' https://wwww.gevme.com/en 1
frame-ancestors 'self' https://*.segugio.it; 1
default-src 'self' *.brightcove.net *.youtube.com *.tiqcdn.com *.everesttech.net *.demdex.net *.omtrdc.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com; script-src 'self' 'unsafe-eval' https://maps.googleapis.com https://csi.gstatic.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fast.fonts.net 1
frame-ancestors awards.ratingruneta.ru 1
report-uri https://corpweb-origin.authentic8.com/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://piaille.fr; img-src 'self' https: data: blob: https://piaille.fr; style-src 'self' https://piaille.fr 'nonce-XRPhD6cUFGvN0dvMeq4UOA=='; media-src 'self' https: data: https://piaille.fr; frame-src 'self' https:; manifest-src 'self' https://piaille.fr; form-action 'self'; child-src 'self' blob: https://piaille.fr; worker-src 'self' blob: https://piaille.fr; connect-src 'self' data: blob: https://piaille.fr https://static.piaille.fr wss://piaille.fr; script-src 'self' https://piaille.fr 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.savoirfairelinux.com https://piwik.savoirfairelinux.net; style-src 'self' 'unsafe-inline' https://www.savoirfairelinux.com https://fonts.googleapis.com; img-src 'self' data: https://www.savoirfairelinux.com; font-src 'self' https://fonts.gstatic.com https://www.savoirfairelinux.com; media-src 'self' data:; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://piwik.savoirfairelinux.net; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self'         kit.fontawesome.com ka-f.fontawesome.com images.dmca.com         secure-test.worldpay.com secure.worldpay.com payments.worldpay.com payments-test.worldpay.com         www.google.com www.gstatic.com fonts.googleapis.com maps.googleapis.com stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com         api-fra.livechatinc.com api.livechatinc.com cdn.livechatinc.com secure-fra.livechatinc.com cdn.livechat-files.com         O40XY98UF2-1.algolianet.com O40XY98UF2-2.algolianet.com O40XY98UF2-3.algolianet.com O40XY98UF2-dsn.algolianet.com O40XY98UF2-dsn.algolia.net         www.1account.net         cdn.ckeditor.com         ajax.cloudflare.com www.youtube.com static.cloudflareinsights.com         a.omappapi.com z.omappapi.com api.omappapi.com          platform-api.sharethis.com         api.feefo.com collect.feefo.com register.feefo.com;         img-src 'self' data: via.placeholder.com         cdn.ckeditor.com cfs3.ecigarettedirect.co.uk images.dmca.com register.feefo.com api.feefo.com cdn.livechatinc.com         ws.sharethis.com         a.omappapi.com         cdn.livechat-files.com         maps.googleapis.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com         ka-f.fontawesome.com kit.fontawesome.com         cdn.livechatinc.com;         frame-ancestors 'self' collect.feefo.com register.feefo.com; 1
default-src 'self' *; child-src blob: ;  img-src data: *; font-src data: *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; connect-src *; frame-src *; worker-src * blob:;frame-ancestors 'self' https://www.facebook.com 1
default-src 'self' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de; img-src 'self' blob: data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; style-src 'self' 'unsafe-inline' http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; font-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; connect-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; object-src 'none'; 1
default-src https: 'unsafe-inline' data: blob: https://*.couche-tard.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src http: 'unsafe-inline' 'unsafe-eval' blob:; style-src http: 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' www.prochorientation.fr *.hautsdefrance.fr *.hautsdefrance.net;	default-src 'self' https://cdnjs.cloudflare.com/ https://newassets.hcaptcha.com/ https://maps.googleapis.com https://*.hautsdefrance.net/ https://*.hautsdefrance.fr/;	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tag.aticdn.net https://cdn.tarteaucitron.io https://tarteaucitron.io https://platform.twitter.com https://www.youtube.com/ https://js.hcaptcha.com https://maps.google.com/ https://maps.googleapis.com/ https://*.hautsdefrance.fr;	style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://fonts.googleapis.com https://cdn.tarteaucitron.io;	img-src 'self' data: https://tarteaucitron.io https://logs1412.xiti.com https://secure.gravatar.com/ https://img.shields.io/ https://*.hautsdefrance.fr/;	font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://fonts.gstatic.com/;	frame-src 'self' https://v.calameo.com https://livemap.getwemap.com https://www.marches-publics.info/ https://*.hautsdefrance.fr https://webtv.picardie.fr/ https://www.youtube-nocookie.com https://www.youtube.com https://platform.twitter.com https://www.facebook.com/ https://newassets.hcaptcha.com/;	base-uri 'self' 1
frame-ancestors https://*.smartassist.ai https://*.kore.ai https://*.korebots.com https://*.kore.ai https://*.kore.com https://bots.kore.ai 1
frame-ancestors 'self' newapp.etracker.com; 1
default-src * 'self' data:; script-src * 'unsafe-inline'; style-src * blob: 'unsafe-inline' 1
default-src 'self' 'nonce-PHj3or4mNhPrAV8kOc5ikIHvijXdvl6Ik3n-WaQRrKE=' https://www.rentec.com https://www.renfund.com https://rentec.com https://renfund.com; report-uri https://www.renfund.com/Csp.action; report-to default; base-uri 'self'; script-src 'strict-dynamic' 'self' 'nonce-PHj3or4mNhPrAV8kOc5ikIHvijXdvl6Ik3n-WaQRrKE=' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline' https://www.rentec.com https://www.renfund.com https://rentec.com https://renfund.com; img-src 'self' data: https://www.rentec.com https://www.renfund.com https://rentec.com https://renfund.com; object-src 'none'; form-action 'self' 1
default-src 'none'; font-src 'self' fonts.gstatic.com data:;img-src * 'self' data: https:;script-src 'self' 'unsafe-inline' *.ingest.sentry.io *.segment.com https://www.datadoghq-browser-agent.com *.segment.io munchkin.marketo.net www.google.com google.com *.googletagmanager.com *.licdn.com www.gstatic.com discover.clickhouse.com cdnjs.cloudflare.com clickhouse.com js.stripe.com js.driftt.com *.fullstory.com; connect-src 'self' 'unsafe-inline' wss: *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* *.ingest.sentry.io https://*.browser-intake-us3-datadoghq.com *.segment.com *.segment.io *.us-east-2.amazonaws.com *.google-analytics.com *.linkedin.oribi.io clickhouse-staging.auth.us-east-2.amazoncognito.com clickhouse.auth.us-east-2.amazoncognito.com *.mktoresp.com clickhouse.com *.clickhouse.com s3.eu-west-1.amazonaws.com *.fullstory.com *.auth0.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com discover.clickhouse.com; frame-src *.clickhouse-dev.com:* *.clickhouse-staging.com:* *.clickhouse.cloud:* https://discover.clickhouse.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://player.vimeo.com https://js.driftt.com/ *.auth0.com; media-src https://js.driftt.com/; object-src 'none'; worker-src blob:;frame-ancestors 'none' 1
script-src 'self' 'unsafe-eval' https://unpkg.com/babel-standalone@6.15.0/babel.min.js 'unsafe-inline' https://assets.adobedtm.com googletagmanager.com * cdn.cookielaw.org * google-analytics.com * static.hotjar.com * https://cdn.cookielaw.org/scripttemplates/otSDKStub.js; style-src 'self' 'unsafe-inline' https://r.bing.com/rp/ * https://r.bing.com/rb/ *; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes'; connect-src 'self' https://*.bgp.tools:8443 wss://*.bgp.tools:8443 wss://*.bgp.tools https://*.bgp.tools; upgrade-insecure-requests; block-all-mixed-content; report-uri https://bgp.tools/internal/csp-report 1
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net js.adsrvr.org insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;style-src 'self' data: 'unsafe-inline' *.sas.com fast.fonts.net *.cloudflare.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.brightcove.com *.googleapis.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;font-src * 'self' data: *.sas.com fast.fonts.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.adsrvr.org *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.service-now.com *.visualize-roi.com *.brightcove.com;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 1
default-src 'self' *.livejournal.com *.livejournal.net *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru ad.mail.ru api.giphy.com cdn.ampproject.org cdn.jsdelivr.net content.adriver.ru *.criteo.com *.criteo.net cstatic.weborama.fr data00.adlooxtracking.com data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com j.adlooxtracking.ru js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.weborama.fr static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com wcm-ru.frontend.weborama.fr weborama.fr *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.mail.ru api.giphy.com cdn.ampproject.org cls.ad-tech.ru *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; worker-src 'self' blob:; object-src 'self' blob: youtube.com *.youtube.com; child-src 'self' blob:; 1
object-src 'none'; worker-src https://www.herox.com/service_worker.js; report-uri https://www.herox.com/csp-report?version=17; script-src https://d253pvgap36xx8.cloudfront.net/static/ 'unsafe-eval' https://www.herox.com/offline https://www.herox.com/scripts/ 'sha256-mvoI8bu3Z9fs9xTbU+hy1N0yhqRIusvPgE2oZpk1wiQ=' 'nonce-l+HECISPX7IwsO4LziglmURBHKtCbV9M' https://connect.facebook.net/en_US/fbevents.js' https://*.quora.com www.google-analytics.com/analytics.js www.google.com/jsapi www.google.com/uds/ www.google.com/pagead/conversion_async.js www.googleadservices.com/pagead/conversion_async.js www.googleadservices.com/pagead/conversion/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.google-analytics.com/gtm/js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.google-analytics.com/gtm/optimize.js www.googletagmanager.com/gtag/js www.googletagmanager.com/gtm.js platform.twitter.com/oct.js connect.facebook.net i.kissmetrics.com/i.js scripts.kissmetrics.com/e4c88d429fdfc6e4482d61a6b365a4c942edee9f.2.js static.zdassets.com ekr.zdassets.com *.zopim.com checkout.stripe.com/checkout.js *.hs-scripts.com/2589226.js js.hs-analytics.net js.hscollectedforms.net/collectedforms.js forms.hsforms.com js.hsforms.net js.hsleadflows.net js.hs-banner.com/v2/2589226/banner.js static.hotjar.com/c/ script.hotjar.com bat.bing.com/bat.js bat.bing.com/p/action/ www.clarity.ms/tag/uet/56001679 *.clarity.ms/s/ sjs.bizographics.com/insight.min.js snap.licdn.com secure.coat0tire.com/js/222092.js secure.coat0tire.com/Track/Capture.aspx www.redditstatic.com/ads/pixel.js static.ads-twitter.com/uwt.js analytics.twitter.com https://www.googletagmanager.com 'sha256-e1N9nI/iHCiLunFE9YnFPsisc88+wJqeeN36Ko9G/04=' 'sha256-KdhuWDkSQfhHQfHQZoS40i6MODMrhMgTIp9BsNwdo7w='; style-src https://d253pvgap36xx8.cloudfront.net/static/ 'unsafe-inline' translate.googleapis.com/translate_static/css/; frame-ancestors http://demo.herox.com 1
default-src 'none'; base-uri 'self'; child-src 'self' ghbtns.com; connect-src 'self'; font-src 'self'; form-action 'self' www.paypal.com; frame-ancestors 'none'; frame-src 'self' ghbtns.com; img-src 'self' data: www.google-analytics.com *.githubusercontent.com; manifest-src 'self'; script-src 'self' www.google-analytics.com; style-src 'self'; upgrade-insecure-requests 1
script-src 'report-sample' 'nonce-vLM1XfO1LWIubWg1eOPutQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'self' abacus.ai *.abacus.ai *.google-analytics.com www.facebook.com sentry.io *.sentry.io; font-src 'self' static.abacus.ai fonts.googleapis.com fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' *.abacus.ai js.stripe.com cdn.plot.ly *.sentry-cdn.com *.ads-twitter.com t.co *.twitter.com facebook.com *.facebook.net *.googleapis.com *.google.com www.googletagmanager.com www.gstatic.com *.google-analytics.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net code.jquery.com cdn.datatables.net code.highcharts.com *.internalreai.com ws.zoominfo.com *.clickagy.com; img-src 'self' data: blob: *.internalreai.com *.abacus.ai *.google-analytics.com *.googleusercontent.com *.authy.com *.analytics.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.g.doubleclick.net *.google.com ws.zoominfo.com *.clickagy.com t.co analytics.twitter.com abacusai.imgix.net abacusai-external.imgix.net; style-src 'self' 'unsafe-inline' static.abacus.ai *.googleapis.com cdn.datatables.net; frame-src 'self' js.stripe.com *.google.com https://bid.g.doubleclick.net www.facebook.com www.youtube.com *.internalreai.com *.abacus.ai; worker-src 'self' abacus.ai static.abacus.ai blob: *.internalreai.com; frame-ancestors 'self'; connect-src 'self' sentry.io *.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ws.zoominfo.com *.clickagy.com *.abacus.ai; object-src 'none' 1
frame-ancestors 'self' https://*.medline.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ruvoip.net https://counter.yadro.ru https://mc.yandex.ru https://d31j93rd8oukbv.cloudfront.net https://www.acint.net https://ssp-rtb.sape.ru https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://*.wp.com https://*.gravatar.com https://cdnjs.cloudflare.com https://telegram.org; style-src 'self' 'unsafe-inline' https://ruvoip.net https://fonts.googleapis.com *.wp.com https://*.gravatar.com https://telegram.org; font-src 'self' 'unsafe-inline' https://ruvoip.net data: https://fonts.gstatic.com https://fonts.googleapis.com https://wordpress.com *.wp.com 1
default-src 'self' data: *.crazyegg.com https://*.wistia.com https://*.wistia.net; object-src 'self'; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://dmbqekwh0sti7.cloudfront.net; connect-src 'self' https://bam.eu01.nr-data.net https://www.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google-analytics.com https://*.wistia.com http://*.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net https://gtm.knab.nl *.inbenta.io https://squeezely.tech https://analytics.google.com https://wealth-sav-pub-api.wealth-prod.aws.knab-internal.com https://wealth-sav-pub-api.wealth-acc.aws.knab-internal.com https://wealth-sav-pub-api.wealth-test.aws.knab-internal.com https://login.knab.nl https://api.knab.nl https://stats.g.doubleclick.net https://knab.blueconic.net https://quadia.webtvframework.com https://www.google.com/ads/user-lists/ https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.crazyegg.com https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/; font-src 'self' data: https://*.wistia.com https://*.wistia.net *.inbenta.io https://knab-bank.inbenta.com https://fonts.gstatic.com https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com; child-src 'self' https://*.cobrowse.liveperson.net https://lpcdn.lpsnmedia.net https://quadia.webtvframework.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://staticxx.facebook.com/ https://rekentools.webbridge.nl/knab/; frame-ancestors 'self' https://app.kontent.ai; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://c4558d2c-9151-47e4-8455-49f631e6ae8f.tools.hypotheekbond.nl https://9e2e95db-b935-415c-8fb2-f23739546df8.tools.hypotheekbond.nl https://0494e8eb-d931-45dd-97b5-bb0ea11173c7.tools.hypotheekbond.nl https://2542d88d-caf9-45d4-9dcd-284252299c69.tools.hypotheekbond.nl https://f127717f-90ce-4d8f-8233-9b58dcff3c35.tools.hypotheekbond.nl https://7671787d-04a4-4650-843a-46e1ead3f65b.tools.hypotheekbond.nl https://4f9c5a52-0292-48e4-ba90-bcae710655ed.tools.hypotheekbond.nl https://www.advieskeuze.nl https://forms.hsforms.com https://*.knab.nl https://*.cobrowse.liveperson.net https://server.lon.liveperson.net https://lpcdn.lpsnmedia.net https://quadia.webtvframework.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://staticxx.facebook.com/ https://rekentools.webbridge.nl/knab/ https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://50c0e59c-e230-4d87-8d90-8069eb4d9516.tools.hypotheekbond.nl/looptijdrente https://www.sharepeople.nl/knab-rekentool https://knab.alicia.insure/insurance-calculator https://knab-calculator.alicia.insure/insurance-calculator https://outlook.office365.com; img-src 'self' data: https://preview-assets-eu-01.kc-usercontent.com https://assets-eu-01.kc-usercontent.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net https://gtm.knab.nl https://squeezely.tech https://px.ads.linkedin.com https://t.squeezely.tech https://searchrys.com https://jwpltx.com https://rid.webtvframework.com https://content.knab.nl https://knab-bank.inbenta.com https://www.googletagmanager.com https://lpcdn.lpsnmedia.net https://ssl.google-analytics.com https://www.google.com https://www.google.nl https://static.proto.io/ https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://t.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://secure.adnxs.com https://ib.adnxs.com https://www.facebook.com/tr/ *.twitter.com https://static-or00.inbenta.com https://www.at19.net https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://t.co/i *.crazyegg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://*.wistia.com https://*.wistia.net https://src.litix.io *.inbenta.io https://script.crazyegg.com/pages/scripts/0087/6285.js https://squeezely.tech https://t.squeezely.tech https://searchrys.com https://js.hs-scripts.com https://www.linkedin.com https://www.advieskeus.nl https://cdn.blueconic.net https://knab.blueconic.net https://ssl.p.jwpcdn.com https://player.quadia.net https://forms.hsforms.com https://js.hsforms.net https://static.proto.io/api/widget-embed.js https://content.knab.nl https://lpcdn.lpsnmedia.net https://d6tizftlrpuof.cloudfront.net https://snap.licdn.com https://px.ads.linkedin.com *.usabilla.com https://accdn.lpsnmedia.net https://chat.inbenta.com https://knab-bank.inbenta.com https://lo.v.liveperson.net https://lptag.liveperson.net https://server.lon.liveperson.net https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://apis.google.com *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ https://www.googleoptimize.com/; style-src 'self' 'unsafe-inline' https://fast.wistia.com *.inbenta.io https://player.quadia.net https://content.knab.nl https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://*.inbenta.com; worker-src 'self' blob: ; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.knab.nl https://d6tizftlrpuof.cloudfront.net; 1
default-src 'self' teads.tv getflowbox.com paperform.co channeladvisor.com moosend.com freddyfeedback.com youtube.com nocodemapapp.com carrd.co tiktok.com glassbox.com pinterest.com instagram.com https://members-utilities-service-web.m-operations.com https://t.stat-track.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' statsy.observer *.danone.gbqofs.io *.danone.glassboxdigital.io danone.glassboxdigital.io cdn.gbqofs.com connect.facebook.net freddyfeedback.com *.sleeknote.com maps.googleapis.com js.monitor.azure.com www.googleoptimize.com *.ttwstatic.com ttwstatic.com *.hotjar.com *.channelsight.com channelsight.com googleadservices.com www.google.com https://www.tiktok.com https://connect.getflowbox.com https://paperform.co https://w.usabilla.com https://widgets-lp.swaven.com https://widgets.swaven.com https://wtb-tag.swaven.com https://productcatalog.channeladvisor.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.stat-track.com https://forms.m-pages.com https://cdn-editor.moosend.com https://polyfill.io https://analytics.tiktok.com https://getflowbox.com https://members-utilities-service-web.m-operations.com https://*.teads.gtm.js https://ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.amazon-adsystem.com *.teads.tv *.doubleclick.net; style-src 'report-sample' 'self' 'unsafe-inline' www.googletagmanager.com *.channelsight.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.ttwstatic.com https://cdn-editor.moosend.com data:; object-src 'none'; base-uri 'self'; connect-src 'self' api.statsy.com *.danone.gbqofs.io *.danone.glassboxdigital.io dc.services.visualstudio.com *.algolia.net *.channelsight.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net analytics.google.com *.google.com www.googleadservices.com googleads.g.doubleclick.net *.channeladvisor.com *.getflowbox.com maps.googleapis.com freddyfeedback.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.ctfassets.net https://gateway.getflowbox.com https://stats.g.doubleclick.net https://forms.m-pages.com https://analytics.tiktok.com https://members-utilities-service-web.m-operations.com https://t.stat-track.com; font-src 'self' 'unsafe-inline' cdn.channelsight.com data:; frame-src 'self' freddyfeedback.com https://wtb-tag.swaven.com https://where-to-buy.co https://*.amazon-adsystem.com https://www.tiktok.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://app.nocodemapapp.com *.channelsight.com *.paperform.co https://paperform.co https://widgets-lp.swaven.com https://widgets.swaven.com https://productcatalog.channeladvisor.com https://youtube.com https://www.youtube.com *.doubleclick.net *.googletagmanager.com *.teads.tv; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' cdn.flbx.io; report-uri https://6297c5489bc141b6c536eef4.endpoint.csper.io/?v=0; worker-src blob:; form-action 'self' 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.tigo.com.hn https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://*.tigo.com.hn https://criteo.com/ https://criteo.net https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-25OIC+jlMBg26yHNDU72ZiuTqGX+glEIMhmQkIVLIZo=' 'sha256-xKg/UR4652tuqfDS6s9DVAhH4iMZnCdLA1TzqcUED2I=' 'sha256-Ymh7luPady75kPPU5uQ5RYQvOXNllTuuRsNjDVhHC4s=' 'sha256-7OREd0Wq4sT0UG0sxzBKHswls3uXqC91MPDtRjDN76U=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-+LA7KttY3gftikwDPq75IXzTd178W3yFSI1BAShkLaw='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
frame-ancestors 'self' googletagmanager.com *.otaghak.com; upgrade-insecure-requests 1
default-src https: wss: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
child-src 'self' ;connect-src 'self' 'unsafe-inline' *.amazonaws.com *.guidedogs.org.uk *.googlesyndication.com *.addthis.com *.azurewebsites.net *.googleapis.com *.hotjar.com *.zenaps.com wss://*.hotjar.com *.doubleclick.net *.usabilla.com *.google-analytics.com google-analytics.com *.paypal.com analytics.google.com *.analytics.google.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net cdn-ukwest.onetrust.com cookies-data.onetrust.io geolocation.onetrust.com ct.pinterest.com *.algolia.net *.algolianet.com algolia.net algolianet.com s.yimg.com analytics.tiktok.com cdn.schemaapp.com data.schemaapp.com api.schemaapp.com google.com/pay pay.google.com *.hotjar.io https://www.google.com/pay www.google.com/pay;default-src 'self' ;font-src 'self' *.typekit.net *.azureedge.net gd-blog.netlify.app *.gstatic.com https://script.hotjar.com data:;frame-ancestors 'self' *.azurewebsites.net;frame-src 'self' *.addthis.com *.addthisedge.com *.guidedogs.org.uk https://www.audiencemanager.de *.hotjar.com *.rfihub.com *.facebook.com *.amazon-adsystem.com *.doubleclick.net *.youtube.com *.datacash.com *.azurewebsites.net/ *.awin1.com *.arcot.com *.youtube-nocookie.com *.americanexpress.com *.paypalobjects.com *.abmr.net *.barclaycard.co.uk *.barclays.co.uk *.lloydstsb.com *.securesuite.co.uk *.cardinalcommerce.com *.muchloved.com *.edb.com *.mycardsecure.com *.monzo.com *.securecode.com *.wlp-acs.com *.westpac.com *.redsys.es *.netsgroup.com *.touchtechpayments.com *.stripe.com *.google.com *.cloudfront.net *.paypal.com talk.hyvor.com ct.pinterest.com;img-src data: 'unsafe-eval' 'self' 'unsafe-inline' static.ads-twitter.com *.azureedge.net *.amazon-adsystem.com *.adnxs.com *.google-analytics.com google-analytics.com *.tvsquared.com *.co *.doubleclick.net *.facebook.com analytics.twitter.com *.google.com *.google.co.uk *.gstatic.com *.atdm *.googleapis.comt.com *.audiencemanager.de *.googlesyndication.com *.googleapis.com *.paypalobjects.com *.awin1.com *.ak1s.abmr.net *.abmr.net *.muchloved.com *.bing.com *.cloudfront.net *.usabilla.com c5.adalyser.com gd-blog.netlify.app images.ctfassets.net cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cookiesuksouth.blob.core.windows.net *.analytics.google.com analytics.google.com ct.pinterest.com sp.analytics.yahoo.com https://static.hotjar.com https://script.hotjar.com https://secure.adnxs.com/ https://ad.doubleclick.net/ https://flask.nextdoor.com;media-src 'self' *.azureedge.net *.youtube.com downloads.ctfassets.net;object-src 'self' ;report-uri https://rwgd.report-uri.com/r/d/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.google-analytics.com *.addthis.com *.addthisedge.com *.typekit.net www.googletagmanager.com static.ads-twitter.com cdnjs.cloudflare.com *.amazonaws.com *.azureedge.net *.hotjar.com *.tvsquared.com *.adform.net *.doubleclick.net *.rfihub.net *.facebook.net *.ads-twitter.com *.audiencemanager.de *.googletagservices.com *.googleadservices.com *.twitter.com a.rfihub.com *.guidedogs.org.uk *.google.com *.google.co.uk *.youtube.com *.ytimg.com *.facebook.com *.googleapis.com *.dwin1.com *.awin1.com *.zenaps.com *.muchloved.com *.bing.com *.usabilla.com *.googlesyndication.com js.stripe.com *.cloudfront.net *.trackedlink.net *.paypal.com *.sandbox.paypal.com c5.adalyser.com talk.hyvor.com analytics.google.com cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cdn.jsdelivr.net cdn-ukwest.onetrust.com s.pinimg.com s.yimg.com www.redditstatic.com analytics.tiktok.com cdn.schemaapp.com https://ads.nextdoor.com/* https://ads.nextdoor-test.com/* https://acdn.adnxs.com/ https://ads.nextdoor.com/public/pixel/ndp.js;style-src 'self' 'unsafe-inline' *.typekit.net *.guidedogs.org.uk *.azureedge.net *.google.com *.googleapis.com *.google.co.uk *.muchloved.com *.cloudfront.net cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; 1
connect-src 'self'; 1
default-src * 'unsafe-inline' 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.mockflow.com https://mockflow.com;  script-src https://www.googletagmanager.com https://kb.wowto.ai https://view.subpage.app  https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.usemessages.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsleadflows.net https://*.hsforms.net https://*.hubspotfeedback.com view.subpage.app https://app.wowto.ai https://app.wowto.ai https://ajax.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com https://assets.calendly.com https://checkout.paddle.com https://checkout.paddle.com https://cdn.paddle.com http://ip-api.com https://d20hhedk3h2l88.cloudfront.net https://apis.google.com https://www.google.com https://www.google-analytics.com static.chartbeat.com cdn.paddle.com 'self' 'unsafe-eval'  'nonce-16bb88ed7a24429db9befac4c3496ba5' 'nonce-adcda276487d4f90bf0aab4b8b3f5960' 'nonce-02c62cbb6aec431796cee1921249d0b3' 'nonce-a6f23dcad12043f39fada7278c82a74f' 'nonce-6c13eaf312b14f308c1fbaaf444086f2' 'nonce-297e93ed4f07422596713be1cca76cfa' 'nonce-adf1abf426714a10acda687ac36c4fe1' 'nonce-e95693ccc6ed4c97aecc11a6afa49a98' 'nonce-5f3483c718ea40bfbd4aac88edfb020d' 'nonce-4fa3f95bb1834f158f4a4f37a1c9721c' 1
default-src 'self' *.friscoisd.org res.friscoisd.org friscoisd.org http://friscoisd.org https://friscoisd.org https://maps.googleapis.com *.googleapis.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.friscoisd.org *.monsido.com https://unpkg.com/tabulator-tables@4.7.2/dist/js/tabulator.min.js cdn.jsdelivr.net https://cdnjs.cloudflare.com *.applitrack.com *.google.com addtocalendar.com https://unpkg.com/vue@next https://unpkg.com/vue@3 https://cdn.tailwindcss.com *.fontawesome.com *.googletagmanager.com https://unpkg.com/vue3-carousel@latest 'self' 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.friscoisd.org https://maxcdn.bootstrapcdn.com https://unpkg.com/tabulator-tables@4.7.2/dist/css/tabulator.min.css *.applitrack.com *.fontawesome.com https://cdn.tailwindcss.com/ 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.friscoisd.org *.monsido.com *.applitrack.com *.google.com https://picsum.photos *.picsum.photos 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.friscoisd.org https://maxcdn.bootstrapcdn.com *.fontawesome.com; frame-src https://docs.google.com/ *.friscoisd.org https://www.youtube.com *.givesmart.com *.google.com *.swagit.com *.facebook.com *.twitter.com *.flipsnack.com *.mobilecause.com https://anchor.fm *.loom.com https://podcasters.spotify.com/ https://app.rapidreplay.co 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.friscoisd.org *.google.com *.googleapis.com *.fontawesome.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp https://1b3bng8fp1.execute-api.ap-northeast-1.amazonaws.com; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
base-uri 'self';     child-src blob:         http://*.digipix.com.br/         https://*.digipix.com.br/         https://*.fotoregistro.com.br/         https://ads.stickyadstv.com/         https://gum.criteo.com/         https://ups.analytics.yahoo.com/;     connect-src 'self'         http://*.digipix.com.br/         https://*.digipix.com.br/         https://*.fotoregistro.com.br/         https://adservice.google.com/         https://analytics.google.com/         https://analytics.pangle-ads.com/         https://analytics.tiktok.com/         https://api-js.mixpanel.com/         https://api.pushowl.com/         https://bam.nr-data.net/         https://bat.bing.com/         https://ct.pinterest.com/         https://in-automate.brevo.com/         https://logger.uol.com.br/         https://measurement-api.criteo.com/         https://region1.analytics.google.com/         https://ssl.google-analytics.com/         https://stats.g.doubleclick.net/         https://the.sciencebehindecommerce.com/         https://*.facebook.com/         https://www.google-analytics.com/         https://www.google.co.uk         https://*.google.com/         https://www.google.com.br/         https://www.wepowerconnections.com/;     default-src 'self' data: blob:;     font-src 'self' data:         https://fonts.gstatic.com/         https://use.fontawesome.com/         https://cdnjs.cloudflare.com/         https://use.typekit.net;     frame-src 'self'         https://*.digipix.com.br/         https://*.fotoregistro.com.br/         http://*.facebook.com/         https://ct.pinterest.com/         https://digipix.prismic.io         https://event.getblue.io         https://fledge.us.criteo.com/         https://gum.criteo.com/         https://indexanetwork.go2cloud.org/         https://m.youtube.com/         https://www.youtube-nocookie.com/         https://platform.twitter.com/         https://s.amazon-adsystem.com/         https://sibautomation.com/         https://static.criteo.net/         https://td.doubleclick.net/         https://tm.uol.com.br/         https://tpc.googlesyndication.com/         https://*.facebook.com/         https://www.awin1.com/         https://www.google.com/         https://www.googletagmanager.com/         https://www.youtube.com/;     img-src 'self' blob: data:         https://*.criteo.com/         https://*.digipix.com.br/         http://*.digipix.com.br/         https://*.fotoregistro.com.br/         http://*.fotoregistro.com.br/         https://*.prismic.io         https://ad.360yield.com/         https://ad.tpmn.co.kr         https://ad.yieldlab.net/         https://ade.clmbtech.com/         https://adgen.socdm.com/         https://ads.stickyadstv.com/         https://adx.dable.io         https://analytics.pangle-ads.com/         https://analytics.tiktok.com/         https://api.amedigital.com/         https://bat.bing.com/         https://bh.contextweb.com/         https://c.bing.com/         https://cdn.aralego.net/         https://cm.adform.net/         https://cm.g.doubleclick.net/         https://*.facebook.net/         https://contextual.media.net/         https://criteo-partners.tremorhub.com/         https://cdnjs.cloudflare.com/         https://criteo-sync.teads.tv         https://cs.adingo.jp         https://csi.gstatic.com/         https://csm.va.us.criteo.net/         https://ct.pinterest.com/         https://dev.visualwebsiteoptimizer.com/         https://digipix.cdn.prismic.io         https://dpm.demdex.net/         https://e1.emxdgt.com/         https://eb2.3lift.com/         https://eugen.go2cloud.org/         https://exchange.mediavine.com/         https://googleads.g.doubleclick.net/         https://hb.yahoo.net/         https://*.liadm.com/         https://match.prod.bidr.io         https://pixel-sync.sitescout.com/         https://ib.adnxs.com/         https://id5-sync.com/         https://idsync.rlcdn.com/         https://img.mailinblue.com/         https://jadserve.postrelease.com/         https://live.rezync.com/         https://match.sharethrough.com/         https://matching.ivitrack.com/         https://p.rfihub.com/         https://pagead2.googlesyndication.com/         https://partner.mediawallahscript.com/         https://pixel.rubiconproject.com/         https://pixel.tapad.com/         https://public-prod-dspcookiematching.dmxleo.com/         https://r.casalemedia.com/         https://rtb-csync.smartadserver.com/         https://s.ad.smaato.net/         https://simage2.pubmatic.com/         https://ssl.google-analytics.com/         https://stats.g.doubleclick.net/         https://sync-criteo.ads.yieldmo.com/         https://sync-t1.taboola.com/         https://sync.aralego.com/         https://sync.crwdcntrl.net/         https://sync.outbrain.com/         https://syndication.twitter.com/         https://t.tailtarget.com/         https://tags.bluekai.com/         https://tapestry.tapad.com/         https://tg.socdm.com/         https://tr.superoferta.online         https://trends.revcontent.com/         https://ups.analytics.yahoo.com/         https://visitor.omnitagjs.com/         https://wl-production-assets-uk.s3.eu-west-1.amazonaws.com/         https://www.awin1.com/         https://*.facebook.com/         https://www.google-analytics.com/         https://www.google.ca         https://www.google.co.uk         https://www.google.co.za         https://www.google.com/         https://www.google.com.ar         https://www.google.com.br/         https://www.google.com.np         https://www.google.com.py         https://www.google.com.sg         https://www.google.com.uy         https://www.google.dz         https://www.google.fi         https://www.google.nl         https://www.google.pt         https://www.googletagmanager.com/         https://www.pinterest.com/         https://x.dlx.addthis.com/         https://x.bidswitch.net;     manifest-src 'self' blob:;     media-src 'self';     object-src 'none';     report-uri https://csp.digipix.com.br/csp-report-endpoint.php;     script-src 'self' 'unsafe-eval' 'unsafe-inline'         https://*.digipix.com.br/         http://*.digipix.com.br/         https://*.fotoregistro.com.br/         https://analytics.tiktok.com/         https://b.t.tailtarget.com/b         https://bat.bing.com/bat.js         https://c.amazon-adsystem.com/         https://cdn.mxpnl.com/         https://cdn.jsdelivr.net/         https://cdn.pushowl.com/         https://*.facebook.net/         https://dynamic.criteo.com/         https://event.getblue.io         https://googleads.g.doubleclick.net/         https://s.pinimg.com/ct/core.js         https://sibautomation.com/sa.js         https://sslwidget.criteo.com/event         https://static.cdn.prismic.io/prismic.js         https://the.sciencebehindecommerce.com/d9core         https://tm.jsuol.com.br/uoltm.js         https://tracker.bt.uol.com.br/partner         https://tt-10162-1.seg.t.tailtarget.com/         https://widget.getblue.io/event         https://www.awin1.com/sread.js         https://www.dwin1.com/17835.js         https://www.google-analytics.com/         https://www.googleadservices.com/         https://www.googletagmanager.com/         http://platform.twitter.com/         https://*.bing.com/         https://*.facebook.net/         https://*.google.com/         http://*.fotoregistro.com.br/         https://www.googletagmanager.com/gtm.js;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'         http://platform.twitter.com/         https://*.bing.com/         https://*.digipix.com.br/         https://*.prismic.io         https://analytics.tiktok.com/         https://apis.google.com/         https://b.t.tailtarget.com/         https://c.amazon-adsystem.com/         https://cdn.jsdelivr.net/         https://cdn.mxpnl.com/         https://cdn.pushowl.com/         https://cdnjs.cloudflare.com/         https://code.jquery.com/         https://*.facebook.net/         https://dev.visualwebsiteoptimizer.com/         https://dynamic.criteo.com/         https://event.getblue.io         https://googleads.g.doubleclick.net/         https://js-agent.newrelic.com/         https://prismic.io         https://s.pinimg.com/         https://sibautomation.com/         https://ssl.google-analytics.com/         https://sslwidget.criteo.com/         https://static.cdn.prismic.io         https://the.sciencebehindecommerce.com/         https://tm.jsuol.com.br/         https://tpc.googlesyndication.com/         https://tracker.bt.uol.com.br/         https://tt-10162-1.seg.t.tailtarget.com/         https://use.fontawesome.com/         https://widget.getblue.io         https://www.awin1.com/         https://www.dwin1.com/         https://www.google-analytics.com/         https://www.googleadservices.com/         https://www.googletagmanager.com/;     style-src 'self' 'unsafe-inline';     style-src-attr 'unsafe-inline';     style-src-elem 'self' 'unsafe-inline'         https://cdn.jsdelivr.net/         https://use.fontawesome.com/         https://cdnjs.cloudflare.com/         https://fonts.googleapis.com/; " 1
default-src * blob:;script-src 'self' 'unsafe-inline'  'unsafe-eval'  changba.com *.changba.com *.changbaimg.com *.cdn.changbaimg.com *.bootcss.com *.bokecc.com *.qbox.me *.google-analytics.com *.qq.com *.alipay.com *.alibaba.com *.aliyun.com  *.alicdn.com hm.baidu.com *.cnzz.com *.cnzz.cn *.irs01.com  irs01.com zz.bdstatic.com *.zhanzhang.baidu.com s.url.cn cdn.jsdelivr.net unpkg.com blob:;style-src * 'unsafe-inline';frame-src 'self' changba.com *.changba.com changba://* https://*.qq.com webcompt: https://* yy://*;img-src 'self' data: blob: *;media-src 'self' data: blob: *;font-src 'self' data: * 1
frame-ancestors 'self' http://*.house365.com 1
base-uri 'self' https://hcaptcha.com https://*.hcaptcha.com; child-src https://*.craigslist.org; connect-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; font-src data:; form-action https://*.craigslist.org; frame-ancestors 'self'; frame-src https://*.craigslist.org https://craigslist.org https://hcaptcha.com https://*.hcaptcha.com; media-src data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; style-src 'unsafe-inline' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com 1
frame-ancestors 'self' https://*.jeromes.com 1
base-uri 'self'; connect-src 'self' public.docsly.dev api.segment.io cdn.segment.com api-iam.intercom.io forms.hubspot.com www.google-analytics.com heapanalytics.com wss://nexus-websocket-a.intercom.io api.hubapi.com www.google.com stats.g.doubleclick.net api.hsforms.com vitals.vercel-insights.com *.chilipiper.com cdn.linkedin.oribi.io *.crazyegg.com vercel.live *.pusher.com wss://ws-us3.pusher.com *.google-analytics.com api.factors.ai analytics.google.com pagead2.googlesyndication.com status.courier.com px.ads.linkedin.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com www.slant.co storage.googleapis.com fonts.intercomcdn.com assets.vercel.com; form-action calendly.com; frame-ancestors 'self'; frame-src www.youtube.com intercom-sheets.com bid.g.doubleclick.net www.loom.com *.chilipiper.com open.spotify.com play.hubspotvideo.com vercel.live td.doubleclick.net; img-src 'self' data: www.google-analytics.com heapanalytics.com images.ctfassets.net track.hubspot.com js.intercomcdn.com static.intercomassets.com i.ytimg.com px.ads.linkedin.com www.facebook.com www.google.ca www.google.com www.gstatic.com downloads.intercomcdn.com messenger-apps.intercom.io p.adsymptotic.com www.google.co.jp www.google.co.kr www.google.co.uk www.google.de www.google.gr www.google.ro www.google.ru www.linkedin.com forms.hsforms.com www.google.co.in www.google.co.ma www.google.co.nz www.google.co.za www.google.co.zw www.google.com.au www.google.com.br www.google.com.gh www.google.com.my www.google.com.ng www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sg www.google.com.tr www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.es www.google.fr www.google.lk www.google.pt www.googletagmanager.com log-papago.naver.com translate.google.com www.google.am www.google.at www.google.be www.google.ch www.google.cl www.google.co.il www.google.co.ke www.google.com.ar www.google.com.bd www.google.com.co www.google.com.kw www.google.com.mt www.google.com.mx www.google.com.np www.google.com.pk www.google.com.tw www.google.com.uy www.google.fi www.google.ie www.google.is www.google.it www.google.jo www.google.nl www.google.no www.google.pl www.google.rs www.google.se www.google.ae www.google.co.ao www.google.mu www.google.hu t.co analytics.twitter.com pubads.g.doubleclick.net px.ads.linkedin.com *.chilipiper.com *.vercel.live vercel.com *.vercel.com *.reddit.com vercel.live 'unsafe-eval' ct.capterra.com fonts.gstatic.com api.producthunt.com www.docsly.dev googleads.g.doubleclick.net googleads.g.doubleclick.net; manifest-src 'self'; media-src 'self' js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' widget.intercom.io www.google-analytics.com www.googletagmanager.com cdn.heapanalytics.com cdn.segment.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.intercomcdn.com js.hsadspixel.net snap.licdn.com www.google.com analytics.twitter.com static.ads-twitter.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net js.hsleadflows.net vitals.vercel-insights.com connect.facebook.net app.factors.ai; script-src-elem 'self' 'unsafe-inline' widget.intercom.io www.google-analytics.com www.googletagmanager.com cdn.heapanalytics.com cdn.segment.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.intercomcdn.com js.hsadspixel.net snap.licdn.com www.google.com analytics.twitter.com static.ads-twitter.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net js.hsleadflows.net vitals.vercel-insights.com connect.facebook.net *.chilipiper.com *.googleoptimize.com *.crazyegg.com www.redditstatic.com vercel.live app.factors.ai; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.chilipiper.com www.google-analytics.com www.googletagmanager.com; worker-src 'self' blob: 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com/ https://www.googletagmanager.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.website.ultra.io https://api.website.staging.ultra.io https://download.app.ultra.io https://download.staging.app.ultra.io https://ultraio.cloudflareaccess.com/ https://*.google-analytics.com https://api-js.mixpanel.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://player.vimeo.com; img-src 'self' data: https://api.website.ultra.io https://api.website.staging.ultra.io https://*.google-analytics.com https://i.ytimg.com https://fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' *.google.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com code.highcharts.com; connect-src 'self' *.sitesage.net *.googleapis.com *.amazonaws.com; img-src data: blob: 'self' *.gstatic.com *.google-analytics.com *.google.com s3.amazonaws.com sitesage.net *.sitesage.net emonitor.us *.emonitor.us *.googleapis.com icons.wxug.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.google.com; font-src 'self' data: *.gstatic.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.rawgit.com https://cdn.iframe.ly https://connect.facebook.net https://performance.councilplatform.com https://cdn.syndication.twimg.com https://translate-pa.googleapis.com/ https://*.govmetric.com https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://content.govdelivery.com https://*.servmetric.com https://if-cdn.com https://*.olark.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://player.vimeo.com https://www.clarity.ms https://widget.wheredoivote.co.uk/wdiv.js https://rl.recyclenow.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://translate.google.com https://translate.googleapis.com https://unpkg.com https://performance.councilplatform.com/; style-src 'self' 'unsafe-inline' https://performance.councilplatform.com https://cdn.syndication.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.govmetric.com https://fonts.googleapis.com https://*.olark.com https://*.servmetric.com https://rl.recyclenow.com https://www.gstatic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://translate.googleapis.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' https://performance.councilplatform.com; report-uri https://www.plymouth.gov.uk/report-uri/enforce 1
default-src 'self' https://api.ncoa.org https://secure.everyaction.com https://fonts.gstatic.com https://cdn.livechatinc.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://api.livechatinc.com https://cdn.livechatinc.com  https://www.googletagmanager.com https://www.google-analytics.com https://qvdt3feo.com/events.js  https://cdn.mouseflow.com  https://snap.licdn.com  https://static.ads-twitter.com  https://connect.facebook.net; style-src 'unsafe-inline' 'self' https://tags.srv.stackadapt.com https://fonts.googleapis.com; connect-src https://www.facebook.com https://n2.mouseflow.com https://cdn.linkedin.oribi.io https://tags.srv.stackadapt.com https://secure.everyaction.com https://actions.everyaction.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://deliver.kontent.ai https://preview-deliver.kontent.ai https://cognito-identity.us-east-1.amazonaws.com https://api.ncoa.org https://api.livechatinc.com https://go.benefitscheckup.org 'self'; img-src 'self' https://tags.srv.stackadapt.com https://www.google.com https://*.kc-usercontent.com https://www.google-analytics.com  https://px.ads.linkedin.com  https://analytics.twitter.com https://t.co https://www.facebook.com; frame-src 'self' https://secure.livechatinc.com https://www.youtube.com/ https://player.vimeo.com/ 1
default-src https:  data:  mediastream: blob:  wss://*.hotjar.com  'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self'; frame-src 'self' www.facebook.com web.facebook.com www.youtube.com; font-src * data:;img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; connect-src * 1
frame-ancestors 'self' wpseo.awoo.com.tw www.awoo.com.tw; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobilesentrix.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.fundboxpay.com https://*.behalf.com https://*.paypal.com https://*.searchanise.com https://*.reamaze.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.kxcdn.com https://*.aspnetcdn.com https://*.rawgit.com https://*.jsdelivr.net https://*.cloudflareinsights.com https://*.crazyegg.com/;style-src 'self' 'unsafe-inline' https://*.mobilesentrix.com https://*.kxcdn.com https://*.googleapis.com https://*.reamaze.com https://*.braintreegateway.com https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com;img-src 'self' data: https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.alexametrics.com https://*.google.co.in https://*.paypal.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gravatar.com https://*.wp.com https://*.gstatic.com https://*.amazonaws.com https://*.doubleclick.net https://*.reamaze.com https://reamaze.com https://*.paypalobjects.com https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://picsum.photos https://*.picsum.photos https://*.repairdesk.co https://*.acsbapp.com;object-src 'none';connect-src 'self' https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.braintree-api.com https://*.reamaze.com https://*.reamaze.io wss://*.reamaze.com https://*.amazonaws.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.googleapis.com https://*.crazyegg.com/; 1
frame-ancestors happymealdigital.com; 1
script-src 'self' js.hubspot.com www.gstatic.com www.google.com *.addthis.com *.hs-scripts.com  www.google-analytics.com *.sharethis.com *.flockler.com www.googletagmanager.com plugins.flockler.com 'unsafe-eval' 'unsafe-inline'; script-src-elem js.hubspot.com *.aticdn.net *.hsforms.net www.gstatic.com unpkg.com www.google.com *.facebook.net *.usemessages.com *.moatads.com *.hsadspixel.net *.hs-analytics.net *.addthisedge.com *.hs-banner.com *.hsleadflows.net *.atout-france.fr 'self' *.addthis.com *.hs-scripts.com  www.google-analytics.com *.sharethis.com *.flockler.com www.googletagmanager.com plugins.flockler.com 'unsafe-eval' 'unsafe-inline'; object-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io cdn.fchat.vn code.jquery.com maxcdn.bootstrapcdn.com code.highcharts.com cdn.ckeditor.com za.zdn.vn apis.google.com edubit.live player.vimeo.com *.googleapis.com *.unica.vn; worker-src blob:; 1
default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js 'report-sample' 'unsafe-inline' 'nonce-BKWoNfRzM0r6vDKZ9K/RUg=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1
frame-ancestors https://tongji.baidu.com 1
default-src 'self' data: about: *.podbean.com alb.reddit.com cdn.linkedin.oribi.io *.pingdom.net *.bing.com *.clarity.ms *.sitescout.com *.blob.core.windows.net t.co *.libsyn.com *.googleapis.com *.google.ca *.adsymptotic.com *.onetrust.com *.addthis.com *.doubleclick.net *.linkedin.com cm.everesttech.net allegis.demdex.net stats.g.doubleclick.net bam.nr-data.net *.google.com dpm.demdex.net bat.bing.com cdn.cookielaw.org p.typekit.net *.teksystems.com *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.sharethis.com *.twitter.com *.youtube.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com cdnjs.com code.jquery.com maxcdn.bootstrapcdn.com platform.linkedin.com unpkg.com *.googletagmanager.com *.analytics.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com unpkg.com use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.onetrust.com use.typekit.net fonts.googleapis.com fonts.gstatic.com; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redditstatic.com *.pingdom.net *.cloudfront.net *.clarity.ms *.pixel.ad *.blob.core.windows.net *.twitter.com *.moatads.com *.addthisedge.com *.addthis.com *.doubleclick.net *.onetrust.com *.gstatic.com *.google.com js-agent.newrelic.com use.typekit.net *.amcharts.com cdn.jsdelivr.net unpkg.com *.googletagmanager.com *.google-analytics.com snap.licdn.com *.googleadservices.com static.ads-twitter.com *.youtube.com connect.facebook.net bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org assets.adobedtm.com maps.googleapis.com googleads.g.doubleclick.net bam.nr-data.net *.analytics.google.com; 1
frame-ancestors https://*.etracker.com/ https://*.etracker.de https://*.zscalertwo.net/ https://dematic.my.salesforce.com https://kiongroup--chrisdev.sandbox.my.salesforce.com/ https://newapp.etracker.com/ https://tz.kiongroup.net https://zscalertwo.net/; 1
frame-ancestors 'self' https://online.gtefinancial.org; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' fbk.ru *.fbk.ru grantthornton.ru *.grantthornton.ru yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net google.com *.google.com gstatic.com *.gstatic.com fonts.googleapis.com *.fonts.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com rambler.ru *.rambler.ru counter.yadro.ru *.counter.yadro.ru cloudflare.com *.cloudflare.com cp.unisender.com *.cp.unisender.com vk.com *.vk.com facebook.com *.facebook.com facebook.net *.facebook.net youtube.com *.youtube.com bitrix.info; img-src 'self' https: data:; form-action 'self' cp.unisender.com *.cp.unisender.com facebook.com *.facebook.com; object-src 'none'; report-uri https://www.fbk.ru/csp.php 1
default-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; img-src 'self' data: *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; media-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; font-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; style-src 'self' 'unsafe-inline' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; connect-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; frame-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss: 1
default-src 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; img-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; sandbox allow-same-origin 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://gravie.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.santiago2023.org www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net analytics.google.com play.google.com www.google.com www.google.cl static.ads-twitter.com analytics.twitter.com static.doubleclick.net googleads.g.doubleclick.net monorail-edge.shopifysvc.com shoppanamericanos2023.myshopify.com cdn.jsdelivr.net sdks.shopifycdn.com cdn.shopify.com cdnjs.cloudflare.com fonts.googleapis.com jnn-pa.googleapis.com buttons-config.sharethis.com platform-api.sharethis.com l.sharethis.com fonts.gstatic.com www.instagram.com stats.g.doubleclick.net platform-cdn.sharethis.com buscadorturistico.mindep.cl www.youtube-nocookie.com cdn.perfdrive.com widgets.results-santiago2023.org img.youtube.com cas.avalon.perfdrive.com back.widgets.results-santiago2023.org back.results-santiago2023.org para.widgets.results-santiago2023.org www.google-analytics.com img.youtube.com widgets.para.results-santiago2023.org; 1
default-src 'none'; connect-src 'self' https://statistik.witcom.de/; frame-src 'self'; font-src 'self' data:; img-src 'self' data:; object-src 'self' https://statistik.witcom.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.witcom.de/matomo.js; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; media-src 'self'; worker-src 'self'; form-action 'self' https://statistik.witcom.de/ 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'; base-uri 'none'; frame-ancestors 'self'; form-action 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://betterhumans.pub https://*.betterhumans.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' * data: blob: https: market.com *.market.com  *.; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.market.com market.com *.  *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data: https: market.com *.market.com  *.; style-src 'self' data: blob: 'unsafe-inline' *; connect-src 'self' data: blob: https: market.com *.market.com  *.  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com; font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com cdnjs.cloudflare.com use.typekit.net extend.vimeocdn.com app.usercentrics.eu; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net fonts.googleapis.com; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com arnoldporter.vuturevx.com px.ads.linkedin.com www.linkedin.com 11904.global.siteimproveanalytics.io p.typekit.net app.usercentrics.eu; frame-src 'self' *.google.com *.vimeo.com www.podbean.com www.youtube.com www.youtube-nocookie.com cdn.yoshki.com; connect-src 'self' *.google-analytics.com analytics.google.com cdn.linkedin.oribi.io px.ads.linkedin.com api.usercentrics.eu; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' js.hsforms.net/forms/v2.js https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js https://www.googletagmanager.com https://js.hs-scripts.com https://tracking.g2crowd.com https://snap.licdn.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net http://js.hs-scripts.com *.chilipiper.com chilipiper.com bat.bing.com www.clarity.ms www.gartner.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' cube.dev https://amaranth-leech.gcp-us-central1.cubecloudapp.dev https://analytics.google.com https://cube-dev-websites-shared.s3.us-west-2.amazonaws.com https://forms.hsforms.com https://static.cube.dev https://stats.g.doubleclick.net https://track.cube.dev https://unpkg.com https://www.google-analytics.com graphql.contentful.com api.github.com identity.cube.dev https://ucarecdn.com https://cdn.linkedin.oribi.io https://forms.hscollectedforms.net https://api.hubapi.com https://js.hs-analytics.net *.chilipiper.com chilipiper.com p.clarity.ms https://px.ads.linkedin.com bat.bing.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' https://forms.hsforms.com https://td.doubleclick.net *.chilipiper.com chilipiper.com https://www.youtube.com www.gartner.com; img-src 'self' data: blob: cube.dev https://alb.reddit.com https://analytics.twitter.com https://bcd49eb0fe57ebd8785e.ucr.io https://cube-dev-websites-shared.s3.us-west-2.amazonaws.com https://cubedev-blog-images.s3.us-east-2.amazonaws.com https://d33wubrfki0l68.cloudfront.net https://forms-na1.hsforms.com https://forms.hsforms.com https://static.cube.dev https://t.co https://ucarecdn.com https://www.google.com.ar media.graphcms.com media.graphassets.com https://px.ads.linkedin.com https://www.googletagmanager.com *.chilipiper.com chilipiper.com bat.bing.com *.gartner.com assets.capterra.com www.getapp.com badges.softwareadvice.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nl; img-src 'self' https: data: blob: https://mastodon.nl; style-src 'self' https://mastodon.nl 'nonce-hbhaKRHMQGSA5smPwipZGQ=='; media-src 'self' https: data: https://mastodon.nl; frame-src 'self' https:; manifest-src 'self' https://mastodon.nl; form-action 'self'; child-src 'self' blob: https://mastodon.nl; worker-src 'self' blob: https://mastodon.nl; connect-src 'self' data: blob: https://mastodon.nl https://mastodon.nl wss://mastodon.nl; script-src 'self' https://mastodon.nl 'wasm-unsafe-eval' 1
script-src https://ecncdn.b-cdn.net https://googleads.g.doubleclick.net https://*.cloudflare.com https://*.googleapis.com https://www.googleoptimize.com https://l.ecn-ldr.de https://*.welthungerhilfe.de https://snap.licdn.com https://widget.raisenow.com https://*.datawrapper.de https://flockler.com https://*.flockler.com https://*.tiktok.com https://*.bing.com https://static.ex.co https://smart-placements-sdk.ex.co https://embed.ex.co/sdk.js https://www.flipsnack.com https://*.quinbook.com https://quinbook.com https://*.mapbox.com embed.typeform.com https://player.podigee-cdn.net https://cdn.podigee.com https://*.taboola.com https://cdn.ablyft.com https://*.usercentrics.eu https://altruja.de https://connect.facebook.net https://*.playbuzz.com https://*.altruja.de https://www.youtube.com https://www.verizonmedia.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com *.podigee.io *.spendino.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.podigee.io *.spendino.de  blob:; frame-src https://ecomakerspace.de *.google.com *.podigee-cdn.net *.podigee.io *.spendino.de; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com *.podigee.io *.spendino.de data: blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; form-action 'self'; 1
default-src 'self' *.breitbandmessung.de stat.zafa.co geocode.arcgis.com wss://* 'unsafe-inline' data: sgx.geodatenzentrum.de sg.geodatenzentrum.de utility.arcgisonline.com 'unsafe-eval' 1
default-src 'self' http: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.moatads.com *.addthis.com *.marketo.com munchkin.marketo.net *.strtrade.com *.jquery.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.cloudflare.com *.libsyn.com; style-src 'self' 'unsafe-inline' *.google.com *.marketo.com *.libsyn.com *.strtrade.com *.googleapis.com *.cloudflare.com;font-src 'self' data: 'unsafe-inline' *.gstatic.com; img-src 'self' * data: *.googletagmanager.com; frame-src 'self' *.addthis.com *.marketo.com *.libsyn.com *.strtrade.com *.facebook.com *.doubleclick.net *.vimeo.com *.youtube.com *.cookiebot.com *.gstatic.com *.google.com; form-action 'self'; base-uri 'self'; connect-src 'self' *.addthis.com *.mktoresp.com *.libsyn.com *.sentry.io *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
default-src 'self'; connect-src 'self' vandyke.com *.vandyke.com *.wistia.com *.litix.io *.akamaihd.net data:; img-src vandyke.com *.vandyke.com *.wistia.com *.akamaihd.net *.litix.io *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; frame-src 'self' fast.wistia.com *.doubleclick.net www.youtube-nocookie.com; media-src 'self' blob:; script-src vandyke.com *.vandyke.com fast.wistia.com www.google.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' blob:; style-src vandyke.com *.vandyke.com fonts.googleapis.com 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https:; form-action 'self'; frame-ancestors 'self' https://*.hdsb.ca https://*.myhdsb.ca; object-src 'none';base-uri 'none' 1
frame-ancestors 'self' http://www.philips.it *.philips.com *.philips.it https://philipsigtdpv.com 1
frame-ancestors 'self' https://*.mebis.bayern.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reiwa.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com securepubads.g.doubleclick.net m.addthis.com z.moatads.com *.safeframe.googlesyndication.com adservice.google.com https://assets.pinterest.com https://edge.addthis.com https://cdn.plyr.io *.leadplusdev.com.au *.leadplus.com.au player.vimeo.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.npgcdn.net/lec.js *.bootstrapcdn.com adservice.google.com.au *.2mdn.net *.googletagservices.com *.googlesyndication.com *.rubiconproject.com https://cdn.evgnet.com www.googletagmanager.com www.googleoptimize.com script.crazyegg.com www.googleadservices.com secure-ds.serving-sys.com bs.serving-sys.com s.yimg.com googleads.g.doubleclick.net rtb.loopa.net.au *.cloudflareinsights.com https://reiwa.australia-3.evergage.com *.jsdelivr.net *.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.plyr.io reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.leadplus.com.au *.leadplusdev.com.au *.bootstrapcdn.com https://reiwa.australia-3.evergage.com *.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au netdna.bootstrapcdn.com data: *.reiwa.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.addthis.com https://log.pinterest.com https://reiwa.com.au *.reiwa.net reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.npgcdn.net *.swagger.io *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com *.corelogic.asia reiwastorprimg.blob.core.windows.net reiwastortestimg.blob.core.windows.net googleads4.g.doubleclick.net *.moatads.com *.googlesyndication.com *.rubiconproject.com *.google.com *.google.com.au sp.analytics.yahoo.com *.reiwa.com.au *.googletagmanager.com reiwastordvcommon.blob.core.windows.net reiwastorprcommon.blob.core.windows.net *.ratemyagent.com.au *.doubleclick.net; media-src 'self' data: blob: *.captur3d.io *.matterport.com realestateinmotion.com.au *.ipropertyexpress.com; child-src 'self' *.reiwa.net *.reiwa.com.au https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.visionabacus.net edge.addthis.com https://assets.pinterest.com https://*.addthis.com https://www.google.com my.matterport.com *.captur3d.io https://vtc.virtualtourscreator.com.au https://fb.watch https://3dtours.aperture22.com.au https://bestvirtualtours.co https://tour.virtual-inspection.com https://kuula.co https://app.pirsee.com https://360tours.propertydigital.com.au reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.safeframe.googlesyndication.com *.2mdn.net *.googlesyndication.com *.fls.doubleclick.net bid.g.doubleclick.net *.safeframe.usercontent.goog console.googletagservices.com cdn.diakrit.com app.inspectrealestate.com.au openhouse.littlehinges.com.au matterport.com *.open2view.com.au *.openn.com.au anz.openn.com realestateinmotion.com.au roundme.com tour.vieweet.com *.diakrit.com *.realestateinmotion.com.au *.au.open2view.com *.cloudpano.com https://reiwa.australia-3.evergage.com *.ipropertyexpress.com *.doubleclick.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com securepubads.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://pagead2.googlesyndication.com https://maps.googleapis.com *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com wss://10.100.41.76:21021 *.g.doubleclick.net analytics.google.com lm.serving-sys.com secure-ds.serving-sys.com s.yimg.com www.google.com.au www.google.com *.evergage.com *.facebook.com *.addthis.com https://reiwa.australia-3.evergage.com *.hotjar.io wss://ws.hotjar.com; 1
default-src 'self' ; connect-src 'self' https: http://localhost:* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.ingest-lr.com https://*.logrocket.com https://*.logrocket.io https://*.lr-in-prod.com https://*.lr-in.com https://*.lr-ingest.com https://*.lr-ingest.io https://*.lr-intake.com ; font-src 'self' data: ; frame-ancestors 'none' ; frame-src https://calendly.com https://fast.chameleon.io https://hooks.stripe.com https://js.stripe.com ; img-src 'self' data: https: ; media-src 'none' ; object-src 'none' ; script-src 'self' 'unsafe-eval' blob: https://*.googletagmanager.com https://assets.calendly.com https://calendly.com https://cdn.ingest-lr.com https://cdn.logrocket.io https://cdn.lr-in-prod.com https://cdn.lr-in.com https://cdn.lr-ingest.com https://cdn.lr-ingest.io https://cdn.lr-intake.com https://cdn.intake-lr.com https://r.intake-lr.com https://cdn.redoc.ly https://fast.trychameleon.com https://js.stripe.com ; style-src 'self' 'unsafe-inline' https://assets.calendly.com https://calendly.com ; child-src 'self' blob: ; worker-src 'self' blob: 1
frame-ancestors https://rexona-studio-us.netlify.app/ https://rexona-studio-us-staging.netlify.app/ 1
default-src 'none'; script-src 'self' https://www.leopoldina.org/fileadmin/templates/js/etracker/disableCookies.js https://www.leopoldina.org/fileadmin/templates/js/etracker/etrackerpage.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery-1.8.3.min.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.effects.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.widget.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.datepicker.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.fancybox-1.3.4.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.hoverIntent.minified.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.slide.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Femanager.min.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Validation.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Form.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Tabs.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/parsley.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/jquery.datetimepicker.min.js https://www.leopoldina.org/typo3conf/ext/leoevents/Resources/Public/JavaScript/AutoComplete.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/main.js https://www.leopoldina.org/fileadmin/templates/js/plyr.min.js https://www.leopoldina.org/fileadmin/templates/js/select.js https://www.leopoldina.org/fileadmin/templates/js/swipesensejs.js https://www.leopoldina.org/fileadmin/templates/js/cookies/functions.js https://www.leopoldina.org/fileadmin/templates/js/cookies/js.cookie.min.js https://static.etracker.com https://www.etracker.de https://code.etracker.com https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/leaflet-core-1.4.0.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/Leaflet.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/GoogleMaps.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/LeafletBackend.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/sr_freecap/Resources/Public/JavaScript/freeCap.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceDragDrop.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/ContextMenuActions.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceOnReady.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Chart.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/FormModal.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/suggest_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/SearchStatistics.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/search_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-nl.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-de.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-fr.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.autocomplete.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery-ui.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_options_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_numericrange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/npm.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.js https://www.leopoldina.org/typo3conf/ext/leoperson/Resources/Public/JavaScript/AutoComplete.js https://maps.google.com https://maps.googleapis.com 'sha256-VnKcPF0SXI7vrqHHFBxL8Nu265d7FOcxnIR7UZMsmik=' 'sha256-EetSc5juzrKThnoUU8TiYNxEMQsUf2qgvd796Y1752c=' 'sha256-5PW87MEdKmJraglxwIr/bMIhXd1wO1jpkK43BfgKYp4=' 'sha256-eNrWMNNA2u2tgugMoaRfWUL9X/EPD9IJ2xYbLdh72z0=' 'sha256-ME31pCqq/7wD00eg3taCEaVmPN7dtAUOaf06Pql0t0Y=' 'sha256-Y/TZkhs0X7DJKF84rNRqe/Ln+I0RfOETL4P7oazR0fs=' 'sha256-0hFLJdsRf/fTQI9pvqO/Sqpiz5otuAGPlptTo/iBYfY=' 'sha256-Wpv58zCqWBy5cNtpCGlDuSxfM68Jt9nw9JX/ApU0zHo=' 'sha256-iNVTx2rrCEFZZqiFpJEIFSHSUdyLcOYpttdxVMnWA20=' 'sha256-NQ4ECg+FMl6LSSoGmYFqKfu5QQjDDE5stg7LGR4QyTM=' 'sha256-jobAp9Jo2TTOCKsgeKT2tK4Ne8fiz90iAA2Of8WdsIo='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.leopoldina.org https://maps.gstatic.com https://*.googleapis.com data:; font-src https://www.leopoldina.org https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.etracker.de https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube-nocookie.com https://player.vimeo.com https://play.google.com https://www.youtube.com https://maps.googleapis.com; report-uri /typo3conf/ext/csp/csp_report.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: d.lernsax.de; report-uri /security-report.php 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'  *.adsecurity.com *.qbigads.com *.mitgame.com *.mobmio.com *.univibes.ru *.admitad-connect.com *.bing.com *.clarity.ms *.ttwstatic.com  *.w.org  *.tapfiliate.com  *.convertsocial.net *.qbigtech.com *.admitad.ru *.stage.monetize *.tinkoff.ru *.smartredirect.de mtusgate.de linkitten.com mtusimg.de convertlink.com pmf.tech *.pmf.tech fairsavings.com *.fairsavings.com *.admitad.com *.admit.ad *.admitad.academy mitgo.com *.mitgo.com takeads.com *.takeads.com univibes.org *.univibes.org *.ads-twitter.com *.trustpilot.com *.zopim.io *.zopim.com *.smooch.io *.zdassets.com *.zendesk.com *.consentmanager.net *.mindbox.cloud *.popmechanic.ru *.gravatar.com *.facebook.net *.facebook.com *.fb.com *.consensu.org *.amazonaws.com *.twitter.com *.instagram.com *.tiktok.com *.webvisor.org *.quizyworld.tech *.linkedin.com *.ampproject.org yastatic.net *.yandex.com *.yandex.net *.yandex.ru *.ya.ru *.mail.ru vk.com *.scriptcdn.net *.typekit.net *.google.net *.google.io *.google.eu *.google.su *.gooogle.com *.gogle.com *.com.google *.google.be *.google.by *.google.ca *.google.cn *.g.cn *.google.dk *.google.ee *.google.fi *.google.gg *.google.gr *.google.hr *.google.hu *.google.is *.google.it *.google.co.jp *.google.kz *.google.lv *.google.md *.google.com.mx *.google.nl *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.com.ua *.google.ua *.google.us *.google.co.uz *.google.de *.google.cz *.google.at *.google.ae *.google.com.co *.google.com.do *.google.jo *.google.gl *.google.sc *.google.co.ve *.google.com.uv *.google.co.ao *.google.co.in *.google.bg *.google.com *.googleapis.com *.translate.goog *.gstatic.com *.google.co.uk *.google.com.tr *.google.fr *.google.es *.google.com.eg *.google.com.cy *.google.ge *.google.co.id *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.adwords.com *.adwords.ru *.adsense.com *.adsense.ru *.feedburner.com *.doubleclick.com *.doubleclick.net *.igoogle.com *.youtu.be *.youtube.com *.youtube.ru *.blogger.com *.chromium.com *.setka.io *.google.com.gh ymetrica1.com *.google.com.pk *.google.com.br *.google.co.th *.google.com.vn *.google.lt; report-uri /wp-json/csp-log/v1/report 1
default-src 'self' *.intelli.host;script-src 'self' use.fontawesome.com www.google.com www.googletagmanager.com *.intelli.host www.gstatic.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';media-src 'self' *.intelli.host; frame-src 'self' *.intelli.host www.google.com; 1
frame-src 'self' https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.b-ite.com cs-assets.b-ite.com https://www.deutsches-ausschreibungsblatt.de cdn.jsdelivr.net code.etracker.com https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' static.b-ite.com cs-assets.b-ite.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.ctfassets.net downloads.ctfassets.net www.google.ca hpg.heb.com www.google.com.tr woobox.com bam-cell.nr-data.net www.googletagmanager.com pwcdauseo-zone.cnstrc.com md-scp.kampyle.com cdn.honey.io *.scene7.com *.facebook.net *.pinimg.com www.google.de www.google.com images.heb.com *.doubleclick.net *.googleadservices.com resources.digital-cloud-west.medallia.com images.ctfassets.net logs.browser-intake-datadoghq.com *.gstatic.com services.centralmarket.com udc-neb.kampyle.com bat.bing.com sc-static.net www.innit.com *.facebook.com www.google.com.mx *.pinterest.com www.google.com.ph *.googleapis.com region1.google-analytics.com videos.ctfassets.net www.google-analytics.com cm-catalog-dot-heb-cm-prd1.appspot.com rum.browser-intake-datadoghq.com *.tiktok.com graphql.contentful.com pinpad.paysecure.acculynk.net www.google.co.in js-agent.newrelic.com adservice.google.com www.googleoptimize.com *.quantummetric.com cnstrc.com *.assets.ctfassets.net; frame-ancestors 'self' www.centralmarket.com www.google.com ;  1
connect-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com www.ssa.gov cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com dap.digitalgov.gov www.ssa.gov jsd-widget.atlassian.com; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.friendlycaptcha.com *.friendlycaptcha.eu www.gstatic.com static.queue-it.net bestunion.queue-it.net www.google.com blob:; c$ 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' *.awsstatic.com *.cdn.uis.awsstatic.com *.cdn.console.awsstatic.com d2c.aws.amazon.com a0.awsstatic.com *.feedback.console.aws.dev; object-src 'none'; 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com analytics.po.st po.st *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.ads-twitter.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.youvisit.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com *.pactsafe.io *.peerspot.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdwg.com *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com;img-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.twitter.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com *.everesttech.net *.adnxs.com ads.yahoo.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com *.twitter.com p.adsymptotic.com *.adsrvr.org data: *.dotomi.com *.flixsyndication.net *.adobe.com *.sc.omtrdc.net *.windows.net *.edgecastcdn.net *.licdn.com *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pactsafe.io *.peerspot.com;frame-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.hotjar.com *.needle.com *.doubleclick.net *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.hotjar.io *.exct.net *.youvisit.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com;font-src *;connect-src 'self' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.twitter.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.leadsrx.com *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com wss://*.botframework.com *.pactsafe.io p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
frame-ancestors app.storyblok.com *.myollie.com 1
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' blob: https: wss:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' blob: data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 1
default-src 'self' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.visualstudio.com *.fontawesome.com; img-src 'self' https://* *.chuo-bus.co.jp; script-src 'self' 'unsafe-eval' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.msecnd.net *.visualstudio.com 'nonce-xsQ+c+jWod93LvFN4efn+Q=='; style-src 'self' 'unsafe-inline' *.chuo-bus.co.jp *.ricoh.com *.fontawesome.com; frame-src 'self' *.chuo-bus.co.jp; font-src *.fontawesome.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wandering.shop; img-src 'self' https: data: blob: https://wandering.shop; style-src 'self' https://wandering.shop 'nonce-B8wUnrF2umlQ6+pMQvBVAA=='; media-src 'self' https: data: https://wandering.shop; frame-src 'self' https:; manifest-src 'self' https://wandering.shop; form-action 'self'; child-src 'self' blob: https://wandering.shop; worker-src 'self' blob: https://wandering.shop; connect-src 'self' data: blob: https://wandering.shop https://stockroom.wandering.shop wss://wandering.shop; script-src 'self' https://wandering.shop 'wasm-unsafe-eval' 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-noLC5ErR+d+liLUvKoAI6A==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
frame-ancestors https://www.cupraofficial.com https://author-seat-stage63.adobecqms.net https://seat-stage63.adobecqms.net https://author-seat-prod63.adobecqms.net https://seat-prod63.adobecqms.net 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://writingcooperative.com https://*.writingcooperative.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors *.office-partner.de 1
default-src 'self' https://ro.am https://*.wonder.inc https://*.ro.am data: blob: https://js.stripe.com https://calendly.com/ https://www.youtube.com https://*.zone.roam.io;script-src 'self' 'wasm-unsafe-eval' https://ro.am blob: https://js.stripe.com https://matomo.ro.am https://appsforoffice.microsoft.com https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/npm/ 'self';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://ro.am;connect-src 'self' blob: data: https://ro.am https://*.wonder.inc wss://*.wonder.inc https://*.ro.am wss://*.ro.am https://js.stripe.com https://matomo.wonder.inc https://matomo.ro.am https://region-probe.wonder.inc https://region-probe.ro.am https://browser-intake-datadoghq.com https://*.launchdarkly.com https://hooks.zapier.com https://download.ro.am https://atlas.shopifysvc.com/graphql https://*.giphy.com wss://ro.am;img-src 'self' blob: data: https: http://books.google.com;form-action 'self' https:;media-src 'self' blob: data: https:;frame-ancestors https://*.office.com https://outlook.office365.com;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none' 1
default-src 'self' *.eif.org; connect-src eib.containers.piwik.pro eib.piwik.pro *.eif.org; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com eib.piwik.pro eib.containers.piwik.pro  *.eif.org fonts.gstatic.com *.bootstrapcdn.com www.youtube.com *.typeform.com; style-src 'report-sample' 'self' 'unsafe-inline' eib.containers.piwik.pro  *.fontawesome.com *.eif.org fonts.googleapis.com *.bootstrapcdn.com *.typeform.com; object-src 'self'; worker-src 'none'; child-src 'self'; frame-src *.vimeo.com *.youtube.com europa.eu *.typeform.com; font-src fonts.gstatic.com *.fontawesome.com eib.containers.piwik.pro  *.eif.org; img-src 'self' data: *.youtube.com eib.containers.piwik.pro eib.piwik.pro  *.eif.org; form-action 'self' *.eif.org; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-reports.php; upgrade-insecure-requests; 1
report-uri https://o389095.ingest.sentry.io/api/4503974312935424/security/?sentry_key=b47d15718a5343f497259a10c33fd9e2&sentry_environment=vercel-production&sentry_release=e92d2ae930e285b2a676441c42c2c28286654b1b; default-src 'self' blob: https://*.decentralized-content.com; font-src 'self' data: *; media-src 'self' blob: *; object-src 'self' blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://challenges.cloudflare.com https://vercel.live; child-src 'self' blob: https://*.decentralized-content.com https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; frame-src 'self' data: 'unsafe-eval' blob: *; connect-src 'self' data: blob: *; frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.teensnow.com/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self'; report-uri https://www.ninhosdobrasil.com.br/report-uri/enforce 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODc2ZjZlMTIxMDYzNDEzMTk4ZDU5MGJlMzRhOGNjNzE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.cultureelerfgoed.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.cultureelerfgoed.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.cultureelerfgoed.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' *.nscc.ca:*; 1
default-src 'none';     connect-src 	https://choosemycompany.com/embedded/data/company/scores.json 	https://ask.hotjar.io  	https://script.hotjar.com          https://adie.piwik.pro/ppms.php 	https://content.hotjar.io         https://locator.uberall.com 	https://static-prod.uberall.com 	https://uberall.com         https://in.hotjar.com https://vc.hotjar.io         https://*.algolia.net https://*.algolianet.com         https://www.facebook.com         https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net         https://cdn.contentful.com/spaces/ef04tndlnzev/environments/production/entries         https://api-externe.adie.org/         https://api.yelloan.com/yello/api/         https://api.yelloan.com/yelloan-messenger-bff/socket.io/         wss://api.yelloan.com/yelloan-messenger-bff/socket.io/         wss://*.hotjar.com/api/v1/client/ws         wss://*.hotjar.com/api/v2/client/ws         https://ssl.google-analytics.com 	https://api.algoan.com/yello/api/ 	https://api.algoan.com/yelloan-messenger-bff/socket.io/ 	wss://api.algoan.com/yelloan-messenger-bff/socket.io/ 	wss://api.algoan.com/messenger/asyngular/ 	https://api.algoan.com/v1/oauth/token 	https://api-adresse.data.gouv.fr 	https://api-adresse.data.gouv.fr/search         ;     child-src blob:         ;     font-src 'self' 	https://uberall.com         https://locator.uberall.com 	https://static-prod.uberall.com         https://img.youtube.com 	https://s3.eu-central-1.amazonaws.com 	https://fonts.gstatic.com         https://script.hotjar.com 	https://adie.containers.piwik.pro         ;     frame-src         https://vars.hotjar.com https://static.hotjar.com         https://www.google.com https://www.google.com/recaptcha/         https://www.youtube.com         https://www.facebook.com         https://v.calameo.com 	https://td.doubleclick.net 	https://12993081.fls.doubleclick.net/         ;     img-src 'self' data: 	https://choosemycompany.com/img/loader-mentreprises.gif 	https://choosemycompany.com/img/loader-cmc.gif         https://adie.algoan.com/ 	https://s3.eu-central-1.amazonaws.com 	https://uberall.com         https://locator.uberall.com 	https://static-prod.uberall.com         https://img.youtube.com 	maps.gstatic.com *.googleapis.com *.ggpht         https://www.gstatic.com         https://www.google.com https://www.google.fr        https://www.googletagmanager.com https://www.google-analytics.com         https://www.facebook.com https://connect.facebook.net         https://lipis.github.io         https://ks.b26net.com         https://ks.invibes.com         https://secure.adnxs.com         https://script.hotjar.com http://script.hotjar.com         https://images.ctfassets.net         https://cdn.yelloan.com         https://stats.g.doubleclick.net 	https://px.ads.linkedin.com/collect 	https://nocookie.avads.net 	https://ads.avads.net 	https://googleads.g.doubleclick.net 	https://adie.containers.piwik.pro         ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' 	https://choosemycompany.com/ext/api.js 	https://adie.containers.piwik.pro/ppms.js 	https://adie.piwik.pro/ppms.js 	https://carsatse.containers.piwik.pro/e0b34325-620f-40a8-85b5-0b8377cbb629.js         https://adie.algoan.com/ 	https://static-prod.uberall.com 	https://uberall.com 	https://locator.uberall.com         https://cdn.ravenjs.com         https://event-logger.kantics.co/event/conversion         https://connect.facebook.net         https://ad.piximedia.com         https://secure.adnxs.com 	https://www.googleadservices.com         https://www.google.com 	https://static.adserver.pm 	https://googleads.g.doubleclick.net/pagead/viewthroug 	https://snap.licdn.com/ 	https://px.ads.linkedin.com/ 	https://s.kmtx.io/ 	https://vars.hotjar.com https://static.hotjar.com https://script.hotjar.com         https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/         https://cdn.yelloan.com/adie/         https://maps.googleapis.com/         https://www.googletagmanager.com         https://www.google-analytics.com         https://ssl.google-analytics.com         https://static.avads.net         ;     style-src 'self' 'unsafe-inline' blob: 	https://choosemycompany.com/ext/api.css 	https://choosemycompany.com/generated/css/stars.css         https://fonts.googleapis.com 	https://adie.containers.piwik.pro         ; 1
upgrade-insecure-requests ;     default-src 'self' stat.joomlapolis.com https:  ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com  ;     script-src-elem 'self' 'unsafe-inline' 'eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com  ;     style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com ;     style-src-elem 'self' 'unsafe-inline' translate.googleapis.com  ;     img-src 'self' data: www.joomlapolis.com stat.joomlapolis.com forge.joomlapolis.com *.stripe.com *.stripe.network *.ytimg.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com www.google.com/images  ;     frame-src 'self' *.stripe.com *.stripe.network www.youtube.com www.youtube-nocookie.com www.slideshare.net  ;     font-src 'self' data: fonts.gstatic.com use.typekit.net  ;     connect-src *.joomlapolis.com ; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://cdnjs.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://rum-static.pingdom.net https://docs.google.com/spreadsheets/ https://maps.googleapis.com/maps/api/js https://connect.facebook.net https://assets.calendly.com/assets/external/widget.js https://platform.twitter.com https://cdn.syndication.twimg.com https://*.google.com https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://platform.twitter.com/ https://*.gstatic.com https://ton.twimg.com/; img-src * data: blob:; font-src * 1
default-src 'none'; frame-src *.yandex.net *.yandex.ru yastatic.net; child-src forms.yandex.ru video.yandex.ru; object-src yandex.st; script-src 'unsafe-inline' 'nonce-Eqfwd6aLqihsJ6vTU3tadw==' 'unsafe-eval' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; style-src 'unsafe-inline' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; connect-src 'self' yandex.st *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; font-src yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; img-src 'self' data: *.yandex.net yandex.st yastatic.net a.tile.openstreetmap.org *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; report-uri https://csp.yandex.net/csp?from=promo-metrika-2016&yandex_login=undefined&yandexuid=6358632291705983054; 1
frame-ancestors 'self' *.crcndecc9r-shutterfl1-p1-public.model-t.cc.commerce.ondemand.com:443 1
frame-ancestors dontmessitup.ch *.campfire.ch 'self'; 1
default-src 'self' 'unsafe-inline' d2mkdgs306yypx.cloudfront.net cdn.cookielaw.org unpkg.com *.wistia.com;    object-src 'self' fonts.googleapis.com cdn.cookielaw.org fonts.googleapis.com www.google-analytics.com unpkg.com www.w3.org;   base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.wistia.net src.litix.io embed-cloudfront.wistia.com fast.wistia.net fast.wistia.com www.gstatic.com media.skyworksinc.com ajax.googleapis.com app.bowencraggs.com cdn.chatbot.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com d2mkdgs306yypx.cloudfront.net kit.fontawesome.com unpkg.com www.google-analytics.com www.googletagmanager.com www.google.com cdn.oribi.io bam.nr-data.net stats.g.doubleclick.net;    connect-src 'unsafe-inline' 'self' *.algolia.net fg8vvsvnieiv3ej16jby.litix.io *.litix.io *.wistia.com distillery.wistia.com embedwistia-a.akamaihd.net embed-cloudfront.wistia.com fast.wistia.net fast.wistia.com pipedream.wistia.com analytics.google.com cdnjs.cloudflare.com cdn.chatbot.com cdn.cookielaw.org geolocation.onetrust.com ka-f.fontawesome.com privacyportal.onetrust.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net app.bowencraggs.com rmk-map.jobs2web.com fonts.googleapis.com www.google.com;   img-src 'unsafe-inline' 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-ssl.wistia.com embed-cloudfront.wistia.com  fast.wistia.net app.bowencraggs.com cdn.cookielaw.org d2mkdgs306yypx.cloudfront.net www.google-analytics.com fonts.googleapis.com www.google.com www.w3.org www.googletagmanager.com i.ytimg.com data:; style-src 'unsafe-inline' 'self' 'unsafe-eval' fast.wistia.com unpkg.com fonts.googleapis.com cdn.cookielaw.org cdn.jsdelivr.net;   font-src 'unsafe-inline' 'self' data: fonts.gstatic.com *.wistia.com fast.wistia.net ka-f.fontawesome.com fonts.googleapis.com;   media-src 'unsafe-inline' 'self' data: blob: filesystem: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-cloudfront.wistia.com embed-ssl.wistia.com distillery.wistia.com cdn.cookielaw.org d2mkdgs306yypx.cloudfront.net app.bowencraggs.com www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com media.skyworksinc.com i.ytimg.com ; frame-src fast.wistia.com fast.wistia.net cdn.chatbot.com www.youtube.com www.google.com www.gstatic.com  media.skyworksinc.com 'self'; manifest-src 'self';   worker-src 'none';   style-src-elem 'self' 'unsafe-inline' fast.wistia.com unpkg.com cdn.jsdelivr.net fonts.googleapis.com; frame-ancestors 'self' cdn.chatbot.com www.youtube.com www.google.com www.gstatic.com media.skyworksinc.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.premiumparking.com *.icanhazip.com *.amazonaws.com *.cloudfront.net *.mapbox.com *.stripe.com *.freshchat.com tagmanager.google.com fonts.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.licdn.com *.quantserve.com *.adroll.com *.linkedin.com *.google.com *.taboola.com *.tremorhub.com *.teads.tv *.unrulymedia.com *.adsymptotic.com *.quantcount.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.freshworks.com *.freshdesk.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.youtube.com *.vimeo.com *.vimeocdn.com *.osano.com premiumparking.us9.list-manage.com *.google.ru px.ads.linkedin.com s.adroll.com static.ads-twitter.com *.pingdom.net *.driftt.com *.driftqa.com *.contentful.com *.ctfassets.net *.mazemap.com *.bc0a.com *.b0e8.com *.brightedge.com *.facebook.net *.facebook.com *.googleapis.com *.capterra.com *.marketingcloudfx.com *.zoominfo.com *.zi-scripts.com 1
default-src data: 'self' https://www.youtube.com/ https://matomo.dkrz.de https://mms.dkrz.de; img-src data: 'self' https://wdcc-status.dkrz.de/  https://matomo.dkrz.de  https://mms.dkrz.de/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.dkrz.de; connect-src 'self' https://matomo.dkrz.de; frame-ancestors 'self' 1
connect-src 'self' data: https://execution-ci360.icabanken.se https://delivery-ci360.icabanken.se https://analytics.icabanken.se https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://t2lcib.ica.se/ https://www.google.com/ads/ga-audiences https://www.google.se/ads/ga-audiences https://cms.icabanken.se https://privat.icabanken.se https://login.icabanken.se https://ims.icagruppen.se https://apimgw-pub.ica.se https://digital-assistant.ica.se https://calm-hill-02d934703.2.azurestaticapps.net http://*.mopinion.com execution-ci360.test.icabanken.se; default-src 'self'; media-src data:; font-src 'self' https://assets.icanet.se data: https://*.mopinion.com https://fonts.gstatic.com; frame-src 'self' bankid: https://9943820.fls.doubleclick.net https://stats.g.doubleclick.net https://secure.msse.se https://analytics.icabanken.se https://optimize.google.com https://login.icabanken.se https://*.mopinion.com https://player.cvm3.se; img-src 'self' data: https://content-ci360.icabanken.se https://analytics.icabanken.se https://www.icabanken.se https://www.google.se https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://9943820.fls.doubleclick.net https://stats.g.doubleclick.net https://assets.icanet.se https://bilder.hemnet.se https://optimize.google.com https://www.gstatic.com https://cms.icabanken.se https://*.mopinion.com https://calm-hill-02d934703.2.azurestaticapps.net; script-src 'self' 'unsafe-inline' https://execution-ci360.icabanken.se https://delivery-ci360.icabanken.se https://analytics.icabanken.se https://www.googleoptimize.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://optimize.google.com https://s2.adform.net https://track.adform.net https://digital-assistant.ica.se https://js-agent.newrelic.com https://calm-hill-02d934703.2.azurestaticapps.net https://*.mopinion.com execution-ci360.test.icabanken.se; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://analytics.icabanken.se https://optimize.google.com https://assets.icanet.se https://digital-assistant.ica.se https://calm-hill-02d934703.2.azurestaticapps.net https://*.mopinion.com 1
default-src 'self' ws: data: 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com *.gstatic.com www.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com www.youtube.com *.gravatar.com *.g.doubleclick.net yoast.com i.ytimg.com ps.w.org s.w.org tracking.groupe-ldlc.com gateway.euronext.com s.w.org 1
default-src 'self' globalpartnership.org assets.globalpartnership.org googletagmanager.com *.google-analytics.com google-analytics.com; child-src 'self' blob:; connect-src 'self' globalpartnership.org assets.globalpartnership.org events.mapbox.com api.mapbox.com *.google-analytics.com google-analytics.com ka-p.fontawesome.com kit.fontawesome.com translate.googleapis.com analytics.google.com region1.analytics.google.com stats.g.doubleclick.net; font-src 'self' ka-p.fontawesome.com kit.fontawesome.com cdnjs.cloudflare.com fonts.gstatic.com data:; frame-src 'self' player.vimeo.com www.youtube.com www.googletagmanager.com *.twitter.com *.surveymonkey.com; img-src 'self' globalpartnership.org assets.globalpartnership.org www.google-analytics.com www.googletagmanager.com region1.google-analytics.com fonts.gstatic.com translate.google.com i.ytimg.com data: *.surveymonkey.com *.smassets.net; media-src 'self' globalpartnership.org assets.globalpartnership.org data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' globalpartnership.org assets.globalpartnership.org www.googletagmanager.com www.google-analytics.com www.youtube.com ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com kit.fontawesome.com; script-src-elem 'self' 'unsafe-inline' globalpartnership.org assets.globalpartnership.org www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com kit.fontawesome.com gpe.dev ssl.google-analytics.com code.jquery.com *.twitter.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com *.surveymonkey.com; style-src 'self' 'unsafe-inline' globalpartnership.org assets.globalpartnership.org ka-p.fontawesome.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://gpe.dev https://unpkg.com www.globalpartnership.org; style-src-elem 'self' 'unsafe-inline' globalpartnership.org assets.globalpartnership.org kit.fontawesome.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://gpe.dev https://unpkg.com www.globalpartnership.org; report-uri https://o4504010371825664.ingest.sentry.io/api/4504010578395136/security/?sentry_key=daf89c21d3aa4ed8b5e84544ab72c27a&sentry_environment=prod 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YjUzYzVlYjQzMjkyNGQ4OWIzY2Y0MzhkZjUxZWI4ODA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-src *; frame-ancestors 'self' *.valvolineglobal.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://s3.eu-central-1.amazonaws.com/www.ecml.at/  https://www.beachguide.org http://www.beachguide.org http://www.sprachennetzwerkgraz.at http://cc.ecml.at *.ecml.at *.streaming.at *.vimeo.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.doubleclick.net; object-src 'self' *.ecml.at; 1
font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.qumucloud.com ashurstcd.azureedge.net ashurstuat.azureedge.net ashursttest.azureedge.net ashurstcdedev.azureedge.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' ashurst.kulu.net *.doubleclick.net amplify.outbrain.com cdn.qumucloud.com bam.nr-data.net cdnjs.cloudflare.com js-agent.newrelic.com maps.googleapis.com maxcdn.bootstrapcdn.com *.google-analytics.com www.googletagmanager.com snap.licdn.com ashurstcd.azureedge.net ashurstuat.azureedge.net ashursttest.azureedge.net ashurstcdedev.azureedge.net static.hotjar.com script.hotjar.com static.ads-twitter.com www.googleadservices.com tr.outbrain.com analytics.twitter.com connect.facebook.net www.google.com www.gstatic.com unpkg.com www.termsfeed.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com www.youtube.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' ashurst.kulu.net cdn.qumucloud.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com ashurstcd.azureedge.net ashurstuat.azureedge.net ashursttest.azureedge.net ashurstcdedev.azureedge.net;upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' use.typekit.net *.rotorootercdn.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.tt.omtrdc.net *.g.doubleclick.net *.facebook.com *.pinterest.com *.google.com *.google.ca *.bing.com data: *.cloudfront.net *.xg4ken.com *.dialogtech.com lptag.liveperson.net *.liveperson.net *.lpsnmedia.net *.ssl.cf1.rackcdn.com *.googletagmanager.com *.googleadservices.com *.pinimg.com *.facebook.net *.callrail.com *.mdhv.io *.advertiserreports.com lh3.googleusercontent.com tagmanager.google.com *.googleusercontent.com *.windows.net *.alpixtrack.com alpixtrack.com *.fls.doubleclick.net collector-14248.us.tvsquared.com solutions.invocacdn.com pnapi.invoca.net *.googlesyndication.com *.pinterest.ca assets.adobedtm.com *.luckyorange.net *.luckyorange.com *.podium.com *.helixbi.io speedtrkgood.com *.adsrvr.org *.adnxs.com rotorooterbranches.quiq-api.com static.quiq-cdn.com sentry.goquiq.com *.nextdoor.com cdn.cookielaw.org *.goquiq.com *.adroll.com *.convertexperiments.com *.rlets.com;style-src 'self' 'unsafe-inline' *.rotorootercdn.com *.googleapis.com *.google.com *.alpixtrack.com alpixtrack.com *.omtrdc.net *.googletagmanager.com *.podium.com static.quiq-cdn.com cdn.cookielaw.org *.goquiq.com *.convertexperiments.com;connect-src 'self' *.rotorooter.com localhost:3000 *.rotorootercdn.com *.tt.omtrdc.net *.bing.com *.pinterest.com *.googleapis.com *.google-analytics.com *.facebook.com *.g.doubleclick.net *.alpixtrack.com alpixtrack.com *.google.com assets.adobedtm.com *.luckyorange.net *.luckyorange.com *.podium.com *.speedtrkgood.com speedtrkgood.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com rotorooterbranches.quiq-api.com sentry.goquiq.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com analytics.tiktok.com *.goquiq.com *.adroll.com *.convertexperiments.com capture-api.reachlocalservices.com apgb2b-reachcodeandproxy.gannettdigital.com um.simpli.fi *.rlets.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.rotorootercdn.com stats.g.doubleclick.net *.google.com *.google-analytics.com *.tt.omtrdc.net *.googleapis.com *.bing.com *.googleadservices.com *.pinimg.com *.facebook.net *.g.doubleclick.net *.cloudfront.net *.xg4ken.com *.dialogtech.com lptag.liveperson.net *.liveperson.net *.lpsnmedia.net *.alpixtrack.com alpixtrack.com tpc.googlesyndication.com *.simpli.fi unpkg.com collector-14248.us.tvsquared.com solutions.invocacdn.com pnapi.invoca.net assets.adobedtm.com *.luckyorange.net *.luckyorange.com *.podium.com *.adsrvr.org *.helixbi.io speedtrkgood.com *.gstatic.com  www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com rotorooterbranches.quiq-api.com static.quiq-cdn.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com analytics.tiktok.com mpactions.superpages.com *.nextdoor.com *.goquiq.com *.adroll.com *.convertexperiments.com cdn.rlets.com;worker-src blob:;; 1
frame-ancestors 'self' https://requests.routesonline.com 1
default-src 'none'; object-src 'none'; script-src 'self' *.humaninterest.com *.visualwebsiteoptimizer.com *.clarity.ms app.vwo.com www.google-analytics.com https://cdn.segment.com https://humaninterest.com https://js.chilipiper.com https://googleads.g.doubleclick.net/pagead/ https://www.googletagmanager.com https://www.google.com/pagead/ https://www.googleadservices.com/pagead/ https://tpc.googlesyndication.com https://pagead2.googlesyndication.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://secure.perk0mean.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com https://*.hubspot.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.usemessages.com; connect-src 'self' *.humaninterest.com *.humaninterest.com.test *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms *.hotjar.com *.hotjar.io app.vwo.com www.google-analytics.com https://humaninterest.com https://api.segment.io https://cdn.segment.com https://api.rollbar.com https://stats.g.doubleclick.net https://bat.bing.com https://adservice.google.com/pagead/ https://www.google.com/pagead/ https://*.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pagead/ https://analytics.google.com https://graphql.contentful.com/content/v1/spaces/tj9jxg7kaxby https://assets.ctfassets.net/tj9jxg7kaxby/ https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://vimeo.com/api/ wss://*.hotjar.com https://*.hubspot.com https://*.hubapi.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/41889/domain/humaninterest.com/token https://px.ads.linkedin.com/wa/; img-src 'self' data data: *.humaninterest.com *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com www.google-analytics.com https://humaninterest.com https://hi-contentful.imgix.net https://human-interest-uploads.imgix.net https://humaninterest.imgix.net https://secure.gravatar.com https://px.ads.linkedin.com https://bat.bing.com https://c.bing.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.linkedin.com https://px4.ads.linkedin.com https://cx.atdmt.com https://googleads.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://i.vimeocdn.com/video/ https://images.ctfassets.net/tj9jxg7kaxby/ https://www.hotjar.com/images/ https://*.hubspot.com https://*.hsforms.com https://static.hsappstatic.net; style-src 'self' 'unsafe-inline' *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: script.hotjar.com; media-src https://videos.ctfassets.net/tj9jxg7kaxby/; frame-src 'self' *.google.com *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com vars.hotjar.com https://youtube.com https://player.vimeo.com https://bid.g.doubleclick.net https://td.doubleclick.net https://datawrapper.dwcdn.net https://businesscom.go2cloud.org https://www.g2.com/categories/401-k/ https://www.g2.com/products/human-interest-401-k/ https://app.hubspot.com https://*.hs-sites.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 1
default-src 'self' *.spim.ru spim.ru bid.g.doubleclick.net *.doubleclick.net yandex.ru youtube.com *.youtube.com goodmod.ru antisovetnic.ru kicksovetnik.ru *.kaspersky-labs.com *.vgtrk.com *.jivosite.com *.yandex.ru *.doubleclick.net *.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' antisovetnic.ru https://pay.yandex.ru/ https://mc.yandex.com cdn.rutarget.ru vk.com yandex.ru goodmod.ru  kicksovetnik.ru youtube.com *.youtube.com www.googletagmanager.com pickpoint.ru ajax.googleapis.com widget.bookform.ru vk.com  bid.g.doubleclick.net ssl.google-analytics.com google-analytics.com spim.ru *.spim.ru yandex.st *.criteo.net *.criteo.com *.mail.ru *.yandex.ru *.googleadservices.com www.google-analytics.com yandex.ru *.begun.ru *.jivosite.com cdn.retailrocket.ru *.doubleclick.net *.rambler.ru yastatic.net *.maps.yandex.net *.artfut.com *.mango-office.ru connect.facebook.net chimpstatic.com cdn.jsdelivr.net *.google.com *.gstatic.com; frame-src 'self' https://mc.yandex.ru/ rutube.ru *.1tv.ru https://vk.com https://pay.yandex.ru/ https://sandbox.pay.yandex.ru/ mc.yandex.md tag.rutarget.ru widget.bookform.ru player.vgtrk.com antisovetnic.ru youtube.com yandex.ru *.youtube.com *.criteo.com *.criteo.net yastatic.net api-maps.yandex.ru *.maps.yandex.net *.doubleclick.net www.facebook.com *.gstatic.com *.google.com vk.com code.jivosite.com; object-src 'self' blob: *; img-src 'self' blob: * https://mc.yandex.ru https://pay.yandex.ru/ spimg.ru *.spim.ru pozvonok.ru *.pozvonok.ru antisovetnic.ru yandex.ru data:; font-src 'self' *.spim.ru * data:; connect-src 'self' spim.ru *.spim.ru *.doubleclick.net https://pay.yandex.ru/ mc.yandex.com www.google-analytics.com *.mail.ru mc.yandex.md *.jivosite.com yandex.ru antisovetnic.ru https://tracking.retailrocket.net/ https://dsp.retailrocket.net/ https://mc.yandex.ru wss://*.jivosite.com/ vk.com suggestions.dadata.ru www.facebook.com analytics.google.com;  style-src 'self' *.spim.ru 'unsafe-inline' 'unsafe-eval' 'self' * 1
frame-ancestors 'none'; default-src 'self' blob:; worker-src blob:; img-src *.monetate.org t.co google.co.zw *.g.doubleclick.net *.googleusercontent.com *.google.co.uk *.2mdn.net *.doubleclick.net *.adnxs.com ib.adnxs.com google.com.tr *.google.ro *.google.com.hk google.com.hk google.com.sg google.gr google.ch google.dk google.bf google.gg google.kz google.com.cy google.lk google.es google.com.ph google.je google.no awin1.com *.awin1.com zenaps.com www.zenaps.com *.zenaps.com *.twitter.com twitter.com analytics.twitter.com *.clarity.ms *.bing.com *.contentsquare.net *.facebook.net data: http://sb.monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.amazonaws.com geo-tracker.smadex.com *.monetate.net travisperkins.scene7.com *.travisperkins.co.uk https://www.travisperkins.co.uk dam-assets.apps.travisperkins.group *.dam-assets.apps.travisperkins.group google-analytics.com www.google-analytics.com *.google-analytics.com maps.googleapis.com maps.gstatic.com *.adservice.google.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com ad.doubleclick.net *.powerreviews.com p-eu.brsrvr.com *.demoup.com *.doubleclick.net ct.pinterest.com *.ct.pinterest.com pinterest.com t.co www.facebook.com *.facebook.com *.mediaiqdigital.com bat.bing.com res.cloudinary.com wss://*.hotjar.com *.c.contentsquare.net increasingly.co www.increasingly.co *.increasingly.co gstatic.com www.gstatic.com *.gstatic.com google.pt adservice.google.pt *.adservice.google.pt google.com *.google.com google.com.ua *.google.com.ua google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie *.livechatinc.com *.youtube.com pixel-autofeed-custom-endpoint.uc.r.appspot.com; object-src 'none'; frame-src 'self' *.monetate.net *.livechatinc.com *.fls.doubleclick.net *.doubleclick.net pirbright.ac.uk *.pirbright.ac.uk www.pinterest.com *.pinterest.com www.pinterest.co.uk *.pinterest.co.uk www.pinterest.de *.pinterest.de www.pinterest.ie *.pinterest.ie *.travisperkins.co.uk https://www.travisperkins.co.uk www.facebook.com *.facebook.com pp.eshapay.net pp.ephapay.net dntcl.qualaroo.com *.doubleclick.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com vars.hotjar.com googleadservices.com www.googleadservices.com *.googleadservices.com www.youtube.com *.youtube.com googletagmanager.com www.googletagmanager.com *.googletagmanager.com pay.google.com; font-src 'self' *.amazonaws.com m7cdn.io *.m7cdn.io https://www.travisperkins.co.uk *.travisperkins.co.uk *.alicdn.com fonts.gstatic.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk data: data; connect-src 'self' *.monetate.net *.livechatinc.com *.googlesyndication.com *.sciencebehindecommerce.com analytics.tiktok.com *.noibu.com wss://input.noibu.com *.clarity.ms maps.googleapis.com bat.bing.com *.contentsquare.net *.c.contentsquare.net *.feedspark.com www.facebook.com *.facebook.com *.increasingly.com *.increasingly.co *.hotjar.com wss://*.hotjar.com vc.hotjar.io *.onetrust.com *.amazonaws.com api.woosmap.com *.demoup.com *.powerreviews.com ct.pinterest.com *.ct.pinterest.com google-analytics.com www.google-analytics.com *.google-analytics.com analytics.google.com adservice.google.com google.com *.google.com *.doubleclick.net *.g.doubleclick.net *.travisperkins.co.uk api.edq.com stats.g.doubleclick.net *.stats.g.doubleclick.net prf.audiencemanager.de *.prf.audiencemanager.de *.audiencemanager.de google.com *.google.com google.com.ua *.google.com.ua google.co.uk *.google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie atr-eu.veritonicmetrics.com api.uk.exponea.com; style-src 'self' 'unsafe-inline' api.content.travisperkins.co.uk *.monetate.net *.userconversion.com m7cdn.io *.m7cdn.io dev.m7cdn.io increasingly.co www.increasingly.co *.increasingly.co fonts.googleapis.com ui.powerreviews.com events.demoup.com cdn.parcellab.com *.cdn.parcellab.com *.livechatinc.com *.youtube.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.woosmap.com *.monetate.org *.pinimg.com www.zenaps.com *.brcdn.com *.qualaroo.com *.sciencebehindecommerce.com m7cdn.io *.brcdn.com *.adnxs.com *.googlesyndication.com analytics.tiktok.com *.tiktok.com *.facebook.net *.lavurtis.com lavurtis.com zenaps.com *.zenaps.com www.googleadservices.com *.noibu.com *.clarity.ms *.contentsquare.net app.contentsquare.com *.audiencemanager.de *.feedspark.com akt.audiencemanager.de api-internal.js *.demoup.com mpsnare.iesnare.com ui.powerreviews.com *.travisperkins.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com google-analytics.com www.google-analytics.com *.google-analytics.com www.googletagservices.com googleadservices.com www.googleadservices.com *.googleadservices.com maps.googleapis.com *.doubleclick.net ad.doubleclick.net *.ad.doubleclick.net *.monetate.net monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.hotjar.com www.dwin1.com cl.qualaroo.com ct.pinterest.com *.ct.pinterest.com increasingly.co www.increasingly.co *.increasingly.co connect.facebook.net *.connect.facebook.net static.ads-twitter.com *.ads-twitter.com analytics.twitter.com *.analytics.twitter.com s.pinimg.com bat.bing.com cdns.brsrvr.com *.cdns.brsrvr.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net *.g.doubleclick.net static.demoup.com *.static.demoup.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk google.com *.google.com *.livechatinc.com *.youtube.com cdn.veritonic.com api.uk.exponea.com static.powerreviews.com; media-src 'self' blob: *; ; report-uri /int-api/client-error-csp; report-to csp-endpoint 1
frame-ancestors 'self' http://0.0.0.0:* http://999.loc:* http://*.999.loc:* http://*.business.loc:* http://127.0.0.1:* http://localhost:* http://*.simpals.com http://*.achizitii.md https://999.md https://*.999.md https://m.999.md https://*.m.999.md https://achizitii.md https://*.achizitii.md https://afisha.md https://*.afisha.md https://elicitatie.md https://*.elicitatie.md https://etender.md https://*.etender.md https://forum.md https://*.forum.md https://joblist.md https://*.joblist.md https://mama.md https://*.mama.md https://map.md https://*.map.md https://maximum.md https://numbers.md https://*.numbers.md https://pay.md https://*.pay.md https://play.md https://*.play.md https://point.md https://*.point.md https://new.point.md https://*.new.point.md https://price.md https://*.price.md https://shop.price.md https://*.shop.price.md https://profi.md https://*.profi.md https://raport.md https://*.raport.md https://simpals.com https://*.simpals.com https://simpalsid.com https://*.simpalsid.com https://sporter.md https://*.sporter.md https://stiri.md https://*.stiri.md https://studii.md https://*.studii.md https://cursuri.studii.md https://*.cursuri.studii.md https://manuale.studii.md https://*.manuale.studii.md https://prelegeri.studii.md https://*.prelegeri.studii.md https://plus.studii.md https://*.plus.studii.md https://mentor.md https://*.mentor.md https://votum.md https://*.votum.md https://farmacie.md https://cartego.md https://alife.zone https://cleanline.md https://apabuna.md https://doxyterra.md https://yves-rocher.md https://promstore.md https://lovelybaby.md https://mlshop.md https://gig.md https://comenzi.md https://unishop.md https://robinet.md https://disciplined.md https://magnus.md https://sportline.md https://felicia.md https://ifarmer.md https://ekassa.id.md https://*.ekassa.id.md https://monreve.md https://esuper.md https://crismoto.md https://*.crismoto.md https://abcmoldova.md https://*.abcmoldova.md https://smarti.md https://*.smarti.md https://koodifood.com https://*.koodifood.com https://mobiplaza.md https://*.mobiplaza.md https://aalto.md https://*.aalto.md https://fortuna-service.md https://*.fortuna-service.md https://megaalina.md https://*.megaalina.md https://consteam.md https://*.consteam.md https://conex.md https://*.conex.md https://resor.md https://*.resor.md https://utilarium.md https://*.utilarium.md https://mobus.md https://*.mobus.md 1
default-src 'self' https://apps.sitecore.net https://sprcdn-assets.sprinklr.com/738/notification-4de93778-e7e2-403b-9035-46fddfe6df16-1610394477.mp3; connect-src stats.g.doubleclick.net *.ap-southeast-2.amazonaws.com *.mynrma.com.au *.mynrma.com.au:* *.nr-data.net *.newrelic.com *.google.com *.gstatic.com *.everydaygiftcards.com.au *.feefo.com *.googleapis.com *.google-analytics.com *.crazyegg.com *.choovie.com.au *.sprinklr.com https://www.roadtripforgood.travel/ https://datastudio.google.com/ https://www.audible.com.au/ https://explore.mynrma.com.au/ https://embed.alpacamaps.com/ https://prod-spr-livechat.s3.amazonaws.com/ wss://prod-live-chat-mqtt.sprinklr.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://rum.browser-intake-datadoghq.com https://sdk.fra-02.braze.eu; font-src *.mynrma.com.au https://fonts.gstatic.com https://fonts.googleapis.com *.stackla.com *.sprinklr.com 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src blob: data: https: *.google-analytics.com *.mynrma.com.au *.sprinklr.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com/ https://prod-spr-livechat.s3.amazonaws.com/ appboy-images.com braze-images.com cdn.braze.eu ; script-src *.mynrma.com.au *.newrelic.com *.googletagmanager.com  *.google.com *.google.com.au *.gstatic.com *.google-analytics.com *.googleapis.com *.nr-data.net *.facebook.net *.plavxml.com *.doubleclick.net *.stackla.com *.quantcount.com *.crazyegg.com *.zencdn.net *.sprinklr.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://js-agent.newrelic.com/nr-spa-1118.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/vJuUWXolyYJx1oqUVmpPuryQ/recaptcha__en.js https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://vxml4.plavxml.com/sited/ref/ctrk/139 https://everydaygiftcards.com.au/media/javascript/member/members_v1.js https://polyfill.io/v3/polyfill.min.js https://giftcards.woolworths.com.au/medias/members-v1.js https://script.crazyegg.com/pages/scripts/0013/7505.js https://secure.quantserve.com/quant.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.trybooking.com/widget.js https://code.jquery.com/jquery-3.0.0.min.js https://optimize.google.com/ https://api.feefo.com https://register.feefo.com https://prod-spr-livechat.s3.amazonaws.com/ 'unsafe-inline' blob: data: 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.appboycdn.com 'unsafe-eval' 'unsafe-inline';style-src *.sprinklr.com https://tagmanager.google.com/ https://optimize.google.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 'unsafe-inline' 'self';frame-src https://forms.office.com/ https://lookerstudio.google.com/ *.choovie.com.au https://www.roadtripforgood.travel/ https://datastudio.google.com/ https://www.audible.com.au/ https://explore.mynrma.com.au/ https://embed.alpacamaps.com/ https://w.soundcloud.com/ https://apollowhitelabelsearch.blob.core.windows.net/ https://open.spotify.com/ *.mynrma.com.au *.doubleclick.net https://www.google.com https://4315425.fls.doubleclick.net https://www.apollocamper.com/ https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.plugshare.com/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.nsw.gov.au *.virginaustralia.com *.my-voice.com.au https://www.trybooking.com/ https://accounts.velocityfrequentflyer.com/ 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com/; frame-ancestors 'self';base-uri 'self'; form-action *.mynrma.com.au *.mynrma.com.au:* *.securepay.com.au *.sprinklr.com https://giftcards.woolworths.com.au/memberRedirect https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.paypal.com *.choovie.com.au https://www.audible.com.au/ https://datastudio.google.com/ https://www.roadtripforgood.travel/ 'self'; manifest-src 'self'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
frame-ancestors 'self' https://*.toyota.pl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://*.mobileye.com https://*.twimg.com https://*.crazyegg.com https://*.crwdcntrl.net https://*.fontawesome.com https://platform.twitter.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://static.mobileye.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobileye.com https://*.cookielaw.org https://*.crazyegg.com https://*.demandbase.com https://*.crwdcntrl.net https://static.mobileye.com https://*.crwcntrl.net https://*.clarity.ms https://*.addthisedge.com https://*.moatads.com https://*.addthis.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://platform.twitter.com https://www.instagram.com https://forms.hsforms.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://js.hsforms.net https://maxcdn.bootstrapcdn.com https://www.youtube.com https://*.acsbapp.com https://*.opendns.com https://*.hs-scripts.com https://js.hs-banner.com https://js.usemessages.com/ https://js.hsadspixel.net/ https://cdn.taboola.com https://trc.taboola.com https://analytics.twitter.com https://js.hs-analytics.net https://static.ads-twitter.com https://bat.bing.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://acsbapp.com;frame-src 'self' https://*.mbly.co https://*.mobileye.com https://*.crazyegg.com https://*.company-target.com https://*.vimeo.com https://*.addthis.com https://*.mobileye-data-services.com https://*.ixstack.net https://*.intelgeospatial.com https://*.wistia.com https://www.bloomberg.com https://*.wistia.net https://*.accessibe.com https://acsbapp.com https://*.twitter.com https://www.instagram.com https://my.matterport.com https://www.youtube.com https://www.facebook.com https://vars.hotjar.com https://bid.g.doubleclick.net;connect-src https://*.mobileye.com https://*.google.com https://*.mbly.co https://*.company-target.com https://*.demandbase.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.crazyegg.com https://*.hsforms.com https://*.onetrust.com https://*.cookielaw.org https://*.addthis.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.clarity.ms https://*.acsbapp.com https://acsbapp.com https://bat.bing.com https://api.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.taboola.com https://*.hubspi.com https://*.hubspot.com https://cdn.acsbapp.com https://in.hotjar.com https://www.google-analytics.com https://*.crwdcntrl.net https://stats.g.doubleclick.net;object-src 'self';media-src 'self' https://static.mobileye.com;font-src 'self' data: https://*.mobileye.com https://*.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;img-src 'self' data: https://*.mobileye.com https://static2.mobileye.com https://i.vimeocdn.com https://*.crazyegg.com https://id.rlcdn.com https://*.company-target.com https://*.linkedin.com https://*.cookielaw.org https://i.ytimg.com https://*.youtube.com https://s3.eu-west-1.amazonaws.com https://*.clarity.ms https://*.bing.com https://*.twitter.com https://*.twimg.com https://trc.taboola.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.mobileye.com https://*.acsbapp.com https://bat.bing.com https://cds.taboola.com https://t.co https://*.hubspot.com https://www.google.com https://www.google.co.il https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://p.adsymptotic.com https://googleads.g.doubleclick.net;worker-src blob: 1
default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src *; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https:; script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' ssl.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' ssl.google-analytics.com ; report-uri / ; form-action 'self'; object-src 'none'; 1
default-src 'self'; script-src 'self' siteimproveanalytics.com cdn.siteimprove.net cdn.ampproject.org; style-src 'self'; img-src 'self' data: *.siteimproveanalytics.io *.rovid.nl *.rijksoverheid.nl; media-src 'self' *.rovid.nl *.rijksoverheid.nl; frame-ancestors 'self'; child-src 'self' *.siteimproveanalytics.io my2.siteimprove.com preview.amp.dev; font-src 'self'; connect-src 'self' *.siteimprove.com *.siteimproveanalytics.io; report-uri https://sentry.test.dtnr.nl/api/8/security/?sentry_key=ef2f25f4176b43ba83b66c4d8102e4cb 1
base-uri 'self';connect-src 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src data: 'self';manifest-src 'self';media-src data: 'self';object-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline';style-src-attr 'unsafe-inline'; 1
script-src 'self' https://mpsnare.iesnare.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js 'unsafe-inline'; object-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; form-action *, font-src * blob: data:; 1
default-src 'self'; img-src 'self' track.omnichat.ai chat-plugin.easychat.co s3-ap-southeast-1.amazonaws.com media-cdn.omnichat.ai *.gomaji.com images.buy123.com.tw image.kkday.com cdn.shopify.com photos.welcometw.com cdn.fontrip.com tr.line.me sb.scorecardresearch.com stats.g.doubleclick.net certify.alexametrics.com cx.atdmt.com *.cloudfront.net cloudfront-labs.amazonaws.com www.google-analytics.com bat.bing.com *.facebook.com *.facebook.net *.google.com *.google.com.tw www.googletagmanager.com data:; script-src 'self' 'unsafe-inline' chat-plugin.easychat.co *.gomaji.com *.google.com www.gstatic.com www.google-analytics.com www.googleadservices.com sb.scorecardresearch.com bat.bing.com certify-js.alexametrics.com connect.facebook.net code.jquery.com d.line-scdn.net d.line-cdn.net www.googletagmanager.com *.doubleclick.net *.instagram.com *.yahoo.com s.yimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.gomaji.com fonts.googleapis.com; font-src 'self' *.gomaji.com fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' client-chat.easychat.co *.gomaji.com *.google.com *.facebook.com *.youtube.com *.instagram.com; connect-src 'self' *.gomaji.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net s.yimg.com;report-uri https://csp.gomaji.com/report.php?s=www 1
frame-ancestors *.mastercardconnect.com 1
frame-src *; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; report-uri https://prodoctorov.ru/cspreport/ 1
frame-ancestors 'self' https://twitter.com; 1
style-src 'self' 'unsafe-inline'; block-all-mixed-content;img-src 'self' http: https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.inbenta.chat:* http://*.inbenta.io http://*.inbenta.com http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://*.claro.com.ec http://miclaro.com.ec http://*.geodata.com.ec http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://*.inbenta.chat:* https://*.inbenta.io https://*.inbenta.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://api-prod-ec.prod.clarodigital.net https://*.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://*.claro.com.ec https://miclaro.com.ec https://*.geodata.com.ec https://snap.licdn.com https://*.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://*.ggpht.com https://polyfill.io https://*.claromusica.com https://*.linkedin.com https://*.oribi.io https://*.clarity.ms https://www.youtube-nocookie.com; media-src mediastream:; worker-src 'self' blob:; 1
Content-Security-Policy: frame-src 'self' *.google.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://statistika.rik.ee/ https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://*.just.ee https://public.tableau.com https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://public.tableau.com/ https://ajax.cloudflare.com https://static.cloudflareinsights.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://statistika.rik.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://statistika.rik.ee cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 'unsafe-inline' https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' *.alphabet.com 10.0.20.57 *.linkedin.com *.adition.com *.vivocha.com https://vivocha-csm.s3.eu-central-1.amazonaws.com/alphabet/* *.facebook.net *.facebook.com *.eloqua.com *.doubleclick.net *.googletagmanager.com *.google.com *.google.de *.google.co.uk *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/react-client-captcha/dist/retry.svg data:; font-src 'self' *.alphabet.com *.gstatic.com *.vivocha.com; script-src 'self' *.alphabet.com *.bmw.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.licdn.com *.facebook.net *.vivocha.com *.en25.com *.adition.com *.hotjar.com 10.0.20.57 *.googleapis.com *.epaas.api.bmw *.criteo.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.alphabet.com 10.0.20.57 *.vivocha.com *.googleapis.com 'unsafe-inline'; connect-src 'self' *.alphabet.com 10.0.20.57 *.bmw.com bmwag.d3.sc.omtrdc.net *.vivocha.com *.hotjar.com *.epaas.api.bmw *.googleapis.com *.aladin.azure.bmw.cloud *.linkedin.oribi.io; frame-src 'self' *; frame-ancestors 'self' *.alphabet.com 10.0.20.57 *.bmw.com; object-src 'none'; base-uri 'self' alpha.alphabet.com 10.0.20.57; 1
default-src 'self'; script-src report-sample 'self' 'unsafe-inline' 'unsafe-eval' https://sidebar.bugherd.com https://www.bugherd.com https://www.youtube.com http://www.youtube.com https://widget.instabot.io https://widgetapi.instabot.io https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net data: https: wss: http://tag.demandbase.com https://addevent.com https://cdn.addevent.com https://cdn.evgnet.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://d2i34c80a0ftze.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://explore.parexel.com https://kit.fontawesome.com https://pi.pardot.com https://snap.licdn.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com http://amd.sellingsimplified.net http://cdn.pardot.com https://pi.pardot.com http://pi.pardot.com http://cdn.jsdelivr.net http://explore.parexel.com https://testing.parexel.site http://testing.parexel.site; style-src report-sample 'self' data: 'unsafe-inline' https://form.asana.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.googleapis.com https://translate.googleapis.com https://testing.parexel.com/ http://testing.parexel.com/; img-src 'self' data: blob: https: https://d2iiunr5ws5ch1.cloudfront.net http://www.parexel.site https://img.youtube.com https://i3.ytimg.com https://bugherd-attachments.s3.amazonaws.com https://sidebar.bugherd.com https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://ade.googlesyndication.com https://ade.googlesyndication.com https://cookie-cdn.cookiepro.com https://d2iiunr5ws5ch1.cloudfront.net https://i3.ytimg.com https://ib.adnxs.com https://insight.adsrvr.org https://px.ads.linkedin.com https://px4.ads.linkedin.com https://secure.adnxs.com https://static.instabot.io https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://testing.parexel.com/ http://testing.parexel.com/; object-src 'self'; connect-src 'self' wss: https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://static.instabot.io https://widgetapi.instabot.io https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com http://geodata.solutions https://ipinfo.io https://api.company-target.com https://cdn.linkedin.oribi.io https://content.hotjar.io https://maps.googleapis.com https://ad.doubleclick.net https://adservice.google.com https://amd.sellingsimplified.net https://chat.instabot.io https://cookie-cdn.cookiepro.com https://geodata.solutions https://geolocation.onetrust.com https://get663.com https://googleads.g.doubleclick.net https://in.hotjar.com https://ka-p.fontawesome.com https://livechat.instabot.io https://pagead2.googlesyndication.com https://privacyportal.cookiepro.com https://region1.analytics.google.com https://region1.google-analytics.com https://st.fullcircleinsights.com https://vc.hotjar.io https://widget.instabot.io https://widgetapi.instabot.io *.hotjar.com https://www.bugherd.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lt https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se wss://chat.instabot.io wss://ws.pusherapp.com https://tag-logger.demandbase.com https://amd.sellingsimplified.net http://amd.sellingsimplified.net https://notify.bugsnag.com https://testing.parexel.com/ http://testing.parexel.com/ https://px.ads.linkedin.com https://segments.company-target.com; font-src 'self' data: https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ https://cdnjs.cloudflare.com https://www.blacbloo.com https://at.alicdn.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://ka-p.fontawesome.com https://www.bugherd.com https://testing.parexel.com/ http://testing.parexel.com/; frame-src 'self' data https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ http://10631059.fls.doubleclick.net.x.033205b20bf0d044650a39908ae23d0cb757.d045241e.id.opendns.com http://35.71.131.137:6080 http://insight.adsrvr.org.x.97cd67fd0ae2e0448b0a07b01172d39bf9ff.d045241e.id.opendns.com https: https://10631059.fls.doubleclick.net https://content.cdntwrk.com https://www.facebook.com https://www.google.com https://www.podbean.com https://www.youtube.com http://player.vimeo.com https://testing.parexel.com/ http://testing.parexel.com/; media-src 'self' https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ https://download-video.akamaized.net https://player.vimeo.com https://mcdn.podbean.com https://6329104cef389e2c71224d98.endpoint.csper.io https://testing.parexel.com/ http://testing.parexel.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: google.com.sa *.google.com.sa googleapis.com *.googleapis.com fonts.googleapis.com gstatic.com *.gstatic.com fonts.gstatic.com cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com google.com *.google.com linkedin.com *.linkedin.com googletagmanager.com *.googletagmanager.com cloudfront.net *.cloudfront.net doubleclick.net *.doubleclick.net 1
upgrade-insecure-requests; default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de/ https://itunes.apple.com/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' data: blob: https://*.googleapis.com/ https://*.gstatic.com/ https://*.google.com/ https://*.googleusercontent.com/ https://ssl.gstatic.com/ https://stats.spdns.de/ https://status.securepoint.de/ https://*.mzstatic.com/; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' data: blob: wss://portal.securepoint.cloud/ https://itunes.apple.com/ https://*.googleapis.com https://*.google.com/ https://*.gstatic.com/; media-src 'none'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://play.google.com/; frame-ancestors 'self'; report-uri https://gt.securepoint.de/api/5/security/?glitchtip_key=abcbbf0393764e23b643a721fc4820cd; worker-src blob: 'self' 1
default-src 'self'; connect-src 'self' https://www.facebook.com https://*.omappapi.com *.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ekr.zdassets.com https://*.zopim.com https://oregonzoo.zendesk.com wss://*.zopim.com wss://oregonzoo.zendesk.com https://payments.blackbaud.com https://app.dafwidget.com/; font-src 'self' data: use.typekit.net fonts.gstatic.com use.fontawesome.com; frame-src 'self' *.youtube.com *.doubleclick.net *.vimeo.com https://bbox.blackbaudhosting.com https://*.google.com https://payments.blackbaud.com https://www.facebook.com https://host.nxt.blackbaud.com; img-src 'self' data: https://www.facebook.com https://*.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.omappapi.com https://bbox.blackbaudhosting.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.facebook.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://*.google-analytics.com https://*.omappapi.com https://*.doubleclick.net https://*.ytimg.com https://bbox.blackbaudhosting.com https://*.gstatic.com https://js-agent.newrelic.com https://static.zdassets.com https://payments.blackbaud.com https://app.dafwidget.com/ https://sky.blackbaudcdn.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.omappapi.com https://*.googleapis.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://app.dafwidget.com https://use.typekit.net; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com; connect-src 'self' *.googleapis.com; img-src 'self' *.cirreon.com data: *.gstatic.com *.google.com *.googleapis.com *.cloudfront.net *.amazonaws.com *.cirreon.com *.openstreetmap.org; style-src 'self' 'unsafe-inline' *.googleapis.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.brinksinc.com brinksext.okta.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://maps.google.com https://ssl.google-analytics.com https://fonts.gstatic.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://code.highcharts.com https://ajax.googleapis.com https://cdn.datatables.net https://kit.fontawesome.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com/ 1
base-uri 'self'; connect-src 'self' video-analytics-api.cloudinary.com analytics.climeworks.com; default-src 'self' widget.trustpilot.com fonts.gstatic.com data:; img-src 'self' data: api.producthunt.com res.cloudinary.com analytics.climeworks.com; media-src 'self' res.cloudinary.com; style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com widget.trustpilot.com analytics.climeworks.com; form-action 'self'; object-src 'none' 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' alixpartners.bynder.com alixpartners.podigee.io *.alixpartners.com alixpartners.com *.shorthand.com shorthand.com dashboard.umbraco.com i.vimeocdn.com flo.uri.sh public.flourish.studio *.lldns.net *.amazonaws.com *.vzaar.com *.cloudflare.com *.zencdn.net *.theoplayer.com *.dacast.com *.universlabs.io d3js.org *.cloudfront.net boards.greenhouse.io *.gravatar.com *.github.com github.com *.githubusercontent.com githubusercontent.com our.umbraco.com *.passle.net player.podigee-cdn.net mgpstudiostest.podigee.io bat.bing.com player.vzaar.com cdn.cookielaw.org www.googleadservices.com *.azure.com *.microsoft.com *.visualstudio.com *.trafficmanager.net *.windows.net *.microsoftonline.com *.microsoftonline-p.com *.gfx.ms *.live.com *.nuget.org *.vsallin.net *.applicationinsights.io *.loganalytics.io *.azureedge.net *.msecnd.net *.azureserviceprofiler.net cdn.ampproject.org maxcdn.bootstrapcdn.com d2xrrls2rhl7ow.cloudfront.net alixpartners.s3-website-eu-west-1.amazonaws.com cdn.foleon.com cdn.analytics.foleon.com api.analytics.foleon.com im-americas.foleon.com view.ceros.com s3-eu-west-1.amazonaws.com fyi.alixpartners.com alixpartners.vuture.net ajax.googleapis.com maps.googleapis.com s7.addthis.com www.googletagmanager.com google-analytics.com www.google-analytics.com sjs.bizographics.com static.ads-twitter.com rum-static.pingdom.net connect.facebook.net px.ads.linkedin.com analytics.twitter.com rum-collector-2.pingdom.net facebook.com rum-collector.pingdom.net m.addthisedge.com m.addthis.com stats.g.doubleclick.net t.co www.facebook.com angular-ui.github.io livestream.com maps.gstatic.com fonts.googleapis.com code.jquery.com www.google.com www.gstatic.com fonts.gstatic.com jobs.jobvite.com www.youtube.com data: assets.curationwall.com cdnjs.cloudflare.com clicktotweet.com consent.cookiebot.com emarketing.alixpartners.com legacy.alixpartners.com webcasts.weforum.org curationwall.com view.vzaar.com www.slideshare.net www.youtube-nocookie.com www.alixpartners.com www.linkedin.com youtube.com lftracker.leadfeeder.com tagmanager.google.com ssl.gstatic.com blob: s.ytimg.com video.vzaar.com umbraco.tv assets.pinterest.com resources.vzaar.com i.ytimg.com edge.addthis.com *.addthis.com *.addthisedge.com www.addthis.com log.pinterest.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com pi.pardot.com tr.lfeeder.com secure.leadforensics.com googleads.g.doubleclick.net snap.licdn.com cdn.linkedin.oribi.io idx.liadm.com z.moatads.com *.snitcher.com *.lfeeder.com *.albacross.com cdn.linkedin.oribi.io analytics.google.com *.liadm.com; form-action alixpartners.com *.alixpartners.com *.vuture.net *.marathonus.net *.facebook.com *.alixpartners.local alixpartners.local alixpartners-west.azurewebsites.net alixpartners.azurewebsites.net; report-to csp-endpoint; 1
frame-ancestors 'self' https://*.ciftm9oqyc-doveriebr1-p1-public.model-t.cc.commerce.ondemand.com 1
frame-ancestors 'none'; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https: wss:; frame-src 'self' https://*.google.com https://*.criteo.com; 1
block-all-mixed-content; frame-ancestors 'self' https://www.menards.com/ ; upgrade-insecure-requests; 1
frame-ancestors 'self' *.step.com; 1
frame-ancestors self https://content.tennet.eu *.platform.sh *.platformsh.site 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://1e9.community/logs/ https://1e9.community/sidekiq/ https://1e9.community/mini-profiler-resources/ https://1e9.community/assets/ https://1e9.community/brotli_asset/ https://1e9.community/extra-locales/ https://1e9.community/highlight-js/ https://1e9.community/javascripts/ https://1e9.community/plugins/ https://1e9.community/theme-javascripts/ https://1e9.community/svg-sprite/ 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg=' https://unpkg.com https://cdn.landbot.io/landbot-3/landbot-3.0.0.js https://plausible.io/js/plausible.hash.js https://widget.flowxo.com https://cdn.flipboard.com https://www.youtube.com https://xing.com https://1e9.community https://static.landbot.io https: https://chats.landbot.io 'unsafe-eval'  https://api.stripe.com https://q.stripe.com; worker-src 'self' https://1e9.community/assets/ https://1e9.community/brotli_asset/ https://1e9.community/javascripts/ https://1e9.community/plugins/; frame-ancestors 'self' https://1e9-community.ghost.io; manifest-src 'self' 1
script-src 'self' d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' t.contentsquare.net contentsquare.com; child-src blob:; worker-src blob:; img-src *.contentsquare.net www.dareboost.com d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com data:; connect-src *.contentsquare.net www.dareboost.com d2vnm3phybsw2q.cloudfront.net https://www.google-analytics.com; base-uri 'self'; object-src 'none'; 1
default-src https:; style-src https: 'unsafe-inline'; img-src * data:; font-src *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src *; 1
frame-ancestors 'self'  https://sites.google.com/usuhs.edu; 1
base-uri 'none'; connect-src 'self' https://retrocdn.net https://www.google-analytics.com; default-src 'none'; frame-ancestors 'none'; frame-src https://www.google.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; img-src 'self' https://retrocdn.net https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://www.googletagmanager.com/gtag/js data:; media-src 'self' https://retrocdn.net data:; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com/; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors https://*.vetsmart.com.br 1
connect-src 'self' *.ispapi.net wss:; default-src 'self' https:; img-src 'self' data: https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
frame-ancestors *.spiele123.com spiele123.com; 1
frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests;    default-src 'self' https://*.googlesyndication.com/  https://*.rfihub.net/ https://*.googleadservices.com/ https://*.itau.com.py/ https://*.googleoptimize.com/ https://*.google.com.py/ https://*.doubleclick.net/ https://*.facebook.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.google-analytics.com/ https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com  blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src * 'self' data: https: ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com/ https://fonts.googleapis.com/ https://*.rfihub.net/ https://*.googleadservices.com/ https://*.itau.com.py/ https://*.googleoptimize.com/ https://*.google.com.py/ https://*.doubleclick.net/ https://*.facebook.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.google-analytics.com/ https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com  blob:; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-eval' 'unsafe-inline' *; connect-src 'unsafe-eval' 'unsafe-inline' *; font-src 'unsafe-eval' 'unsafe-inline' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *;  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mathstodon.xyz; img-src 'self' https: data: blob: https://mathstodon.xyz; style-src 'self' 'unsafe-inline' 'nonce-dmFB31gYuTgScwbcCyr1Cw=='; media-src 'self' https: data: https://mathstodon.xyz; frame-src 'self' https:; manifest-src 'self' https://mathstodon.xyz; form-action 'self'; child-src 'self' blob: https://mathstodon.xyz; worker-src 'self' blob: https://mathstodon.xyz; connect-src 'self' data: blob: https://mathstodon.xyz https://media.mathstodon.xyz wss://mathstodon.xyz; script-src 'self' https://mathstodon.xyz 'unsafe-eval' 1
default-src 'self'; connect-src *; img-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/; 1
frame-ancestors 'self' resources.renishaw.com static.renishaw.net www.renishaw.cz www.renishaw.de www.renishaw.com www.renishaw.es www.renishaw.fr www.renishaw.it www.renishaw.hu www.renishaw.nl www.renishaw.pl www.renishaw.com.br www.renishaw.si www.renishaw.se www.renishaw.com.tr www.renishaw.ru www.renishaw.jp www.renishaw.co.kr www.renishaw.com.cn pg.info.renishaw.net; report-uri https://renishaw.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob:; font-src * 'unsafe-inline'  data: blob:; 1
frame-ancestors 'self' *.rosegal.com 1
connect-src https: wss:; default-src https:; img-src https: data:; script-src 'unsafe-inline' https: blob: 'unsafe-eval'; style-src 'unsafe-inline' https: blob: 'unsafe-eval'; font-src https: 'self' data:; worker-src https: blob:; child-src https: blob:; frame-src https: data: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.googleapis.com https://client.px-cloud.net https://client.px-cdn.net https://player.vimeo.com; img-src 'self' data: https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://collector-a.perimeterx.net https://i5.walmartimages.com https://ic.epic.com https://i.vimeocdn.com/video https://www.walmarthealth.com; object-src 'self' data:; media-src 'self' https://vimeo.com; connect-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.px-cloud.net https://*.px-client.net https://*.g.doubleclick.net https://vimeo.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://workforcenow.adp.com/ https://player.vimeo.com; worker-src 'self' blob: 1
font-src 'self'; img-src 'self'; upgrade-insecure-requests 1
default-src blob: data: wss://*.win2.ro:* wss://win2.ro:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://win2.ro https://*.win2.ro https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://*.doubleclick.net https://*.googlesyndication.com https://doubleclick.net https://googlesyndication.com ; frame-ancestors 'self' https://*.win2.ro 1
default-src 'none'; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://googleads.g.doubleclick.net https://*.ovotv.com https://www.google.com.tw https://www.google.com https://i.imgur.com https://imgur.com https://www.facebook.com data:; font-src 'self' https://ecpg-stage.ecpay.com.tw https://cdnjs.cloudflare.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-ovo20230821001' 'nonce-ovo20230605001' 'nonce-ovo20230629001' 'nonce-ovo20230629002' 'nonce-ovo20230629003' 'nonce-ovo20230629004' 'nonce-ovo20230605002' 'nonce-ovo20230605003' 'nonce-ovo20230605004' 'nonce-ovo20230605005' 'nonce-ovo20230605006' 'nonce-ovo20230605007' https://ecpg-stage.ecpay.com.tw https://code.jquery.com https://ct-auth.np-pay.com https://cdn.jsdelivr.net https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://polyfill.io https://maps.googleapis.com https://unpkg.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google.com.tw https://www.facebook.com https://script.google.com https://script.googleusercontent.com/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://analytics.google.com https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://maps.googleapis.com https://www.google-analytics.com;frame-ancestors 'self'; form-action https://gw12.newebpay.com/ https://www.facebook.com https://gw12a.newebpay.com; frame-src https://td.doubleclick.net https://ct-auth.np-pay.com https://www.facebook.com https://www.youtube.com 1
frame-ancestors 'self' clientportal.vertafore.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; media-src https://files.xeovo.com; frame-ancestors 'self' 1
default-src https: 'self' 'unsafe-inline' data:; connect-src wss: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; worker-src 'self' blob: https: 'unsafe-eval' 'unsafe-inline'; report-uri https://o45271.ingest.sentry.io/api/153259/security/?sentry_key=c81d5b2568894719b77b2979777f9db8; 1
default-src 'self'; img-src 'self' data: *.doubleclick.net *.google.com *.google-analytics.com *.facebook.com *.gstatic.com *.googleapis.com *.addthis.com *.cellcom.com  *.staticflickr.com flickrembed.com placehold.it blob: *.gravatar.com *.adsrvr.org *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.analytics.google.com insight.adsrvr.org dpm.demdex.net *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.flowplayer.org *.googleapis.com flickrembed.com *.bootstrapcdn.com *.ionicframework.com tagmanager.google.com *.net-results.io; frame-src 'self' *.addthis.com *.google.com *.shift4test.com *.youtube.com *.cellmaps.com *.i4go.com *.twitter.com *.linkedin.com *.facebook.com *.woobox.com *.trustev.com *.iesnare.com *.timetrade.com *.timetradesystems.com widgets.priceyourdevice.com *.adsrvr.org arcgis.com *.arcgis.com *.cellcom.com; connect-src 'self' *.addthis.com *.cellcom.com  *.nsight.com *.trustev.com *.iesnare.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.analytics.google.com apps.net-results.com *.clarity.ms bat.bing.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net beacon.cdnma.com *.facebook.com *.facebook.net *.addthis.com *.addthisedge.com *.i4go.com *.googleapis.com flickrembed.com *.jquery.com *.linkedin.com *.twitter.com *.woobox.com widgets.priceyourdevice.com *.polyfill.io *.trustev.com *.iesnare.com *.timetrade.com *.timetradesystems.com *.adsrvr.org *.net-results.io bat.bing.com *.clarity.ms cdnjs.cloudflare.com *.cellcom.com; frame-ancestors 'self' *.pcncell.net *.c-us-4wireless.com *.c-tcomputers.com *.doorcountycoop.com *.jtcrivitz.com *.lakewoodcellular.com *.arlenstvandappliance.com *.i4go; 1
frame-ancestors *.fidelityhouse.eu *.fidelityhouse.it 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.fonts.gstatic.com *.abtasty.com; img-src 'self' *.abtasty.com data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.abtasty.com https:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com https:; frame-ancestors 'self' https://www.finespirits.auction; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none' 1
frame-ancestors 'self' https://*.elal.com https://elal.clearmash.com https://experience.adobe.com https://*.amadeus.com; 1
default-src data: blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';style-src data: blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';img-src * data: blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';script-src blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';script-src-attr data: blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io 'unsafe-inline' 'unsafe-eval';frame-ancestors *.local blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io;form-action *.local blob: ws: wss: 'self' *.kkande-ci.com *.kkande-qa.com *.kop-kande.dk *.umbraco.io *.leadfamly.com *.quickpay.net *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.sentry.io *.b2clogin.com *.b2clogin.eu *.elisa.io *.pinimg.com *.mapbox.com *.trustpilot.com *.visualstudio.com *.doubleclick.net *.facebook.com *.facebook.net *.quickpay.net *.cookieinformation.com *.leadfamly.com *.gstatic.com *.googleapis.com *.google.com *.googlesyndication.com *.pinterest.com *.anyday.io *.aviou.io;base-uri 'self';font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.youravon.com https://*.avonrepresentative.com https://*.avon.com; 1
default-src 'self' data: *.theconstructionindex.co.uk amp.analytics-debugger.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.youtube.com *.youtu.be *.youtube-nocookie.com *.googletagmanager.com *.ampproject.net *.ampproject.org *.googlesyndication.com *.google-analytics.com *.vimeo.com *.wistia.net cdnjs.cloudflare.com *.gstatic.com *.g.doubleclick.net *.googlevideo.com *.hotjar.com *.hotjar.io pushpad.xyz cdn.plyr.io *.audioboom.com audioboom.com api.spreaker.com *.cloudfront.net *.theabcdn.com *.chtbl.com t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcindex.co.uk *.ampproject.org *.ampproject.net *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.gstatic.com *.googlevideo.com *.youtube.com *.ytimg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com pushpad.xyz code.jquery.com *.facebook.com *.facebook.net; img-src 'self' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcihost.co.uk *.tcitrader.co.uk *.tcindex.co.uk *.googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.youtube.com *.ytimg.com *.googlevideo.com *.placeholder.com *.googleapis.com *.gstatic.com *.google-analytics.com *.twimg.com code.jquery.com pushpad.xyz audioboom.com *.theabcdn.com *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.gstatic.com *.googleapis.com cdn.jsdelivr.net code.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.theconstructionindex.co.uk; worker-src 'self' blob:; font-src 'self'; 1
script-src 'self' 'nonce-h1viIzSEuf2eO9I8/8BCiV5/' www.google-analytics.com ajax.googleapis.com maps.googleapis.com *.google.com www.gstatic.com cloud.typography.com *.pardot.com *.tnsi.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://f.clarity.ms https://polo.feathr.co https://bat.bing.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://servedbyadbutler.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://e.clarity.ms https://cdn.feathr.co https://*.clarity.ms https://widget-mediator.zopim.com https://www.googletagservices.com ssl.google-analytics.com www.pagespeed-mod.com www.googleadservices.com d.clarity.ms cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com https://f.clarity.ms https://polo.feathr.co https://bat.bing.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://servedbyadbutler.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://e.clarity.ms https://cdn.feathr.co https://*.clarity.ms https://widget-mediator.zopim.com https://www.googletagservices.com ssl.google-analytics.com www.pagespeed-mod.com www.googleadservices.com d.clarity.ms cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://sentry.utdev.com/api/23/security/?sentry_key=1371e4e56fb64b82892e782238e6a4f7 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-ancestors 'self' https://www.hermespaketshop.de https://paketshop.myhermes.de 1
media-src 'self' blob: protocols.io www.protocols.io cdn.protocols.io content.protocols.io s3.amazonaws.com protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com https://ffmpeg.protocols.io; default-src 'self'; font-src 'self' fonts.gstatic.com; manifest-src 'self'; object-src 'none'; worker-src 'self' blob:; script-src-elem 'report-sample' 'self' cdn.protocols.io content.protocols.io apis.google.com cdnjs.cloudflare.com/ajax/libs/lottie-web/5.10.2/lottie_light.min.js www.google.com/recaptcha/api.js ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com *.stripe.com 'unsafe-eval' protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com 'nonce-8AC85A789A5073B99FC6E0A42C20B691'; img-src 'self' blob: data: protocols.io www.protocols.io cdn.protocols.io content.protocols.io s3.amazonaws.com *.googleusercontent.com www.googletagmanager.com cdn.jsdelivr.net bossanova.uk protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com https://ffmpeg.protocols.io; frame-src * data: blob:; connect-src 'self' blob: cdn.protocols.io content.protocols.io *.sentry.io *.stripe.com www.google-analytics.com api.dropboxapi.com content.dropboxapi.com maps.googleapis.com api.osf.io protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com wss://ws.protocols.io https://ffmpeg.protocols.io; script-src 'report-sample' 'self' cdn.protocols.io content.protocols.io apis.google.com cdnjs.cloudflare.com/ajax/libs/lottie-web/5.10.2/lottie_light.min.js www.google.com/recaptcha/api.js ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com *.stripe.com 'unsafe-eval' protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com 'nonce-8AC85A789A5073B99FC6E0A42C20B691'; style-src 'self' 'unsafe-inline' cdn.protocols.io content.protocols.io fonts.googleapis.com protocols-files.s3.amazonaws.com protocols-files.s3.us-east-1.amazonaws.com protocols-files.s3-us-east-1.amazonaws.com pr-journal.s3.amazonaws.com protocols-podcasts.s3.amazonaws.com; 1
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.b2clogin.com https://www.lenscrafters.com https://*.lenscrafters.com https://*.lenscrafters.ca https://*.pearlevision.ca https://*.pearlevision.com https://*.examappts.com https://www.targetoptical.com  https://*.luxottica.com https://*.essilorluxottica.com; 1
frame-ancestors 'self' https://*.persol.com https://*.luxottica.com https://*.essilorluxottica.com; 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.dynamicyield.com *.cloudmaestro.com *.searchspring.net *.googletagmanager.com *.cookiebot.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.bronto.com *.providentmetals.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.bootstrapcdn.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com cdnjs.cloudflare.com az690879.vo.msecnd.net api-cache.searchspring.io tpc.googlesyndication.com p11.techlab-cdn.com cdncy.providentmetals.com *.womp.me wompme.blob.core.windows.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com *.fpapi.io cdn.jsdelivr.net *.fpcdn.io fpcdn.io womp.me *.fptls.com fptls.com *.contentsquare.net app.contentsquare.com *.braintreegateway.com *.braintree-api.com; report-uri /.webscale/csp-report 1
base-uri 'self';                         default-src 'none';                         connect-src 'self' https://cdn.linkedin.oribi.io https://*.googleapis.com https://consentcdn.cookiebot.com/ https://mk-website-matomo.mehrkanal.com/ https://webforms.pipedrive.com/;                         frame-src 'self' https://consentcdn.cookiebot.com https://webforms.pipedrive.com/ http://www.mehrkanal.com/;                         frame-ancestors 'self';                         object-src 'none';                         img-src 'self' data: 'unsafe-inline' https://*.global.ssl.fastly.net/ https://tr.lfeeder.com/ https://px.ads.linkedin.com/ https://www.gstatic.com/;                         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://consent.cookiebot.com https://sc.lfeeder.com/ https://consentcdn.cookiebot.com https://webforms.pipedrive.com/ https://cdn.eu-central-1.pipedriveassets.com/ https://mk-website-matomo.mehrkanal.com/ https://snap.licdn.com/;                         form-action 'self';                         style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;                         font-src 'self' https://fonts.gstatic.com data:; 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.jotform.com *.marketo.com about.stlukeshealth.org api.digitalwerksautomation.com find-a-location.decodedigital.co find-a-location.decodedigital.workers.dev fonts.googleapis.com locations-slh.stlukeshealth.org locations.stlukeshealth.org p.typekit.net stlukeshealth.org use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marchex.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com ajax.cloudflare.com ajax.googleapis.com ajax.microsoft.com api.digitalwerksautomation.com bam-cell.nr-data.net bam.nr-data.net cdn.di-capt.com cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com decodedigital.jotform.com experience.adobe.com find-a-location.decodedigital.co find-a-location.decodedigital.workers.dev google-analytics.com googleads.g.doubleclick.net googletagmanager.com js-agent.newrelic.com js.jotform.com locations-aem-component.decodedigital.co locations-slh.stlukeshealth.org locations.stlukeshealth.org login.commonspirit.org maps.googleapis.com munchkin.marketo.net pc-dignityhealth-visitor-service.tealiumiq.com resources.static.evaliahealth.com script.hotjar.com static.hotjar.com stlukeshealth.org tags.tiqcdn.com tags.tiqcdn.com twemoji.maxcdn.com unpkg.com use.typekit.net www.youtube.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net decodedigital.jotform.com docasap.com docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.jotform.com *.marchex.io *.marketo.com *.youtube.com about.stlukeshealth.org atxc3.s3.us-east-2.amazonaws.com bam.nr-data.net cdn.jotfor.ms data: di.rlcdn.com dpm.demdex.net googleads.g.doubleclick.net googletagmanager.com i.ytimg.com locations-aem-component.decodedigital.co locations-slh.stlukeshealth.org locations.stlukeshealth.org login.commonspirit.org s3.amazonaws.com stlukeshealth.org use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com api.ipify.org bam.nr-data.net commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dpm.demdex.net fid.agkn.com find-a-location.decodedigital.co fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org in.hotjar.com locations-aem-component.decodedigital.co login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com translate.googleapis.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net find-a-location.decodedigital.co find-a-location.decodedigital.workers.dev identity-func.commonspirit.org identity-spa.commonspirit.org locations-slh.stlukeshealth.org locations.stlukeshealth.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com at.alicdn.com cdn.jorfor.ms data: locations.stlukeshealth.org script.hotjar.com stlukeshealth.org use.typekit.net; 1
frame-ancestors 'self' *.sbsolver.com; 1
frame-ancestors https://*.lifeextension.com http://localhost:4201/; 1
default-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net https://everfi-curriculums.s3.amazonaws.com https://d1vyejqi0lnyjd.cloudfront.net https://help.everfi.com https://everfi.com; font-src 'self' blob: https: data:; img-src 'self' blob: https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' 1
frame-src https://20331188.hs-sites.com https://shopify.dev.kubric.io https://mm.beta.kubric.io https://app.getmodemagic.com https://getmodemagic.com https://www.youtube.com https://*.typeform.com/ https://calendly.com/ https://*.arcade.software/ https://*.storylane.io https://*.hsforms.com/ https://open.spotify.com/ https://giphy.com/ https://media.kubric.io/; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob:; font-src 'self' data: https:; connect-src * 'unsafe-inline' https:; default-src *; img-src * data: 'unsafe-inline'; 1
frame-ancestors 'self' http://webvisor.com https://www.youtube.com/ https://api.flocktory.com/ https://pay.yandex.ru/ https://sandbox.pay.yandex.ru https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://static.doubleclick.net 1
frame-ancestors 'self' https://frontend-banca-persona.banco.cert.digital.consorcio.cl https://servicios.bancoconsorcio.cl https://www.bancoconsorcio.cl http://qbcnspeap02.bancoconsorcio.cl:8080 http://qbcnspeap03.bancoconsorcio.cl:8080 http://qbcnspeap04.bancoconsorcio.cl:8080 1
frame-ancestors *.dmp *.initiatives.vip *.initiatives.fr *.initiatives-etiquettes.fr *.leschocolatsducoeur.fr; 1
base-uri 'self'; font-src 'self' data:; media-src 'self'; connect-src 'self'; object-src 'self'; form-action 'self' *.izzysoft.de *.qumran.org; frame-ancestors 'self' *.izzysoft.de *.qumran.org; block-all-mixed-content; script-src 'self'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://*.carnivalcloud.net https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 1
font-src 'self' data:; img-src https: data:; default-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline';                                                      script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com code.jquery.com;                                                     font-src 'self' data: fonts.gstatic.com;                                                     style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net cdn.jsdelivr.net;                                                     object-src 'self';                                                     form-action 'self';                                                     img-src 'self';                                                     base-uri 'self';                                                     frame-ancestors *.lsccom.com ;                                                     connect-src 'self' www.google-analytics.com; 1
connect-src 'self' www.gstatic.com assets.adobedtm.com www.google.com www.bing.com metrics.myprime.com; 1
frame-ancestors 'self' https://*.clearly.ca https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src 'self' 'unsafe-inline' data: *.ytimg.com http://linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; script-src 'self' 'unsafe-inline' wss://10.184.0.89 *.service-kjt.id:8083 10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 https://*.jquery.com http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; style-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; font-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; connect-src 'self' 'unsafe-inline' wss://*.linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 wss://10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; 1
default-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.com/ 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.googletagmanager.com https://www.gstatic.com/ https://www.google.com/ *.google.co.nz https://js.adsrvr.org https://ws3.hotjar.com/ https://api.connectme.gen3ventures.com/ https://vc.hotjar.io/ https://connect.facebook.net/ https://script.hotjar.com/ https://www.google-analytics.com/ https://www.vbt.io/ https://static.hotjar.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://js.hs-scripts.com/ https://js.hs-banner.com https://js.hs-analytics.net/ https://maps.googleapis.com/ https://connect.facebook.net/en_US/fbevents.js https://js.hsforms.net/forms/v2.js https://maps.googleapis.com/maps-api-v3/api/js/49/10/common.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://r1-t.trackedlink.net/_dmpt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://trackit.ktxlytics.io/ktxevents.v1.js https://www.googletagmanager.com/gtag/js *.bing.com https://vxml4.plavxml.com https://*.clarity.ms https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://snap.licdn.com/ https://dx.mountain.com/ https://px.mountain.com/ https://www.youtube.com/ https://drive.google.com/ https://*.google.com/ https://gs.mountain.com/ https://static.zdassets.com/ https://widget.reviewability.com/ https://cdn.raygun.io/ *.elfsight.com https://showcase.shareasale.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://kendo.cdn.telerik.com https://pro.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://www.google.com/ https://widget.reviewability.com/ https://showcase.shareasale.com; font-src 'self' data: https://pro.fontawesome.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: *.allied.com https://www.linkedin.com/ https://img.icons8.com/ https://c2.ktxlytics.io/ https://www.google.com/ *.google.co.nz *.googletagmanager.com https://www.facebook.com/ https://track.hubspot.com/ https://googleads.g.doubleclick.net/ https://p.adsymptotic.com/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://maps.googleapis.com/ https://sirvaeastus2tstsa2.blob.core.windows.net https://avlnavlblob.blob.core.windows.net https://corporate.allied.com https://ib.adnxs.com https://maps.gstatic.com *.bing.com https://*.g.doubleclick.net https://vxml4.plavxml.com https://*.clarity.ms https://*.fls.doubleclick.net https://*.netdna-ssl.com https://*.connectme.gen3ventures.com https://insight.adsrvr.org https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://widget.reviewability.com/ *.googleusercontent.com https://www.boxengine.com https://showcase.shareasale.com; media-src 'self'; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://www.google.com/ *.google.co.nz match.adsrvr.org https://www.youtube.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://*.fls.doubleclick.net https://insight.adsrvr.org https://www.google.com https://forms.hsforms.com; connect-src * data: blob: filesystem: https://api.stripe.com https://maps.googleapis.com; object-src 'none' report-uri https://62e02773e7a4e344fdd76f60.endpoint.csper.io/?v=1; 1
frame-ancestors 'self' https://app.agilitycms.com https://*.publishwithagility.com:*; 1
frame-ancestors 'self' https://manage.waterworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://tag.tapad.com https://*.appboycdn.com https://*.intercomcdn.com https://*.crazyegg.com https://*.dashhudson.com https://*.stripe.com http://*.friendbuy.com http://djnf6e5yyirys.cloudfront.net http://idsync.rlcdn.com http://images.ctfassets.net http://tag.rmp.rakuten.com https://*.crazyegg.com https://*.friendbuy.com https://*.intercom.io https://*.linksynergy.com https://*.scene7.com https://api.recurly.com https://cdn.contentful.com https://cdn.polyfill.io https://connect.facebook.net https://www.pinterest.com https://ct.pinterest.com https://djnf6e5yyirys.cloudfront.net https://idsync.rlcdn.com https://images.contentful.com https://images.ctfassets.net https://js.appboycdn.com https://js.recurly.com https://nypi.dc-storm.com https://s.pinimg.com https://sdk.iad-01.braze.com https://static.intercomassets.com https://stats.g.doubleclick.net https://storage.googleapis.com https://tag.rmp.rakuten.com https://us-east4-rental-dev.cloudfunctions.net https://us-east4-rental-prod.cloudfunctions.net https://us-east4-rental-staging.cloudfunctions.net https://videos.contentful.com https://videos.ctfassets.net https://www.facebook.com https://*.google-analytics.com https://*.google.com https://www.google.com.pr https://www.google.co.uk https://www.google.ca https://www.google.de https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://www.google.it https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://www.google.co.in https://www.googletagmanager.com ws: wss: *.rewardstyle.com *.nuuly.com *.tiktok.com *.typhoona.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://d38xvr37kwwhcm.cloudfront.net https://www.cloudflare.com/cdn-cgi/trace https://trail.grin.co https://fast.fonts.net https://data.adxcel-ec2.com https://trkn.us https://js-agent.newrelic.com https://bam.nr-data.net https://*.clarity.ms https://*.bing.com https://*.pdst.fm https://*.cloudfunctions.net/pdst-events-prod-sink blob:;frame-ancestors 'none';report-uri https://www.nuuly.com/api/security/csp/violation 1
report-uri /projectx/papi/csp-report; default-src 'self' website-static.vivid.money data:; connect-src 'self' *.vivid.money *.builder.io *.google.com *.appsflyer.com *.snapchat.com *.facebook.com wa.onelink.me https://sdk.fra-02.braze.eu https://builder.io/api/v1/form-submit website-static.vivid.money https://www.google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com api.amplitude.com sentry.vivid.money browser.sentry-cdn.com foo.bar business.vivid.money; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.google.com *.appsflyer.com *.gstatic.com *.snapchat.com *.sentry-cdn.com *.ytimg.com *.builder.io https://js.appboycdn.com website-static.vivid.money https://www.google-analytics.com https://www.googletagmanager.com tagmanager.google.com static.ads-twitter.com analytics.twitter.com https://connect.facebook.net https://www.facebook.com https://sc-static.net cdn.amplitude.com; img-src 'self' data: website-static.vivid.money *.builder.io *.ytimg.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.google.co *.google.it *.google.nl *.google.bg *.google.ru *.google.pl *.google.hu *.google.ch *.google.at *.vivid.money *.vividinvest.net *.webflow.com *.vividinvest.io *.googleusercontent.com *.twelvedata.com appboy-images.com braze-images.com cdn.braze.eu https://www.google-analytics.com https://stats.g.doubleclick.net www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com t.co https://analytics.twitter.com https://www.google.com https://www.google.de https://www.google.es https://www.google.fr https://www.facebook.com; frame-src *.google.com *.appsflyer.com *.youtube.com *.facebook.com *.snapchat.com *.builder.io 'self' https://www.googletagmanager.com https://tr.snapchat.com; style-src 'unsafe-inline' 'self' website-static.vivid.money tagmanager.google.com https://fonts.googleapis.com; font-src website-static.vivid.money *.builder.io cdnjs.cloudflare.com https://fonts.gstatic.com data:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.google.com *.appsflyer.com *.gstatic.com *.snapchat.com *.sentry-cdn.com *.ytimg.com *.builder.io https://js.appboycdn.com website-static.vivid.money https://www.google-analytics.com https://www.googletagmanager.com tagmanager.google.com static.ads-twitter.com analytics.twitter.com https://connect.facebook.net https://www.facebook.com https://sc-static.net cdn.amplitude.com 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.pcprotect.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.pcprotect.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.pcprotect.com http://url.pcprotect.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.pcprotect.com https://www.google.com/; connect-src 'self' https://my.pcprotect.com https://ajax.pcprotect.com https://login.pcprotect.com https://signup.pcprotect.com https://my.pcprotect.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.pcprotect.com; frame-ancestors 'self' 1
script-src 'self'  gtm.js maps.googleapis.com polyfill.io pushimages.notifyvisitors.com push.notifyvisitors.com cdnp.notifyvisitors.com www.googletagmanager.com assets.adobedtm.com cdnt.netcoresmartech.com osjs.netcoresmartech.com www.googleadservices.com www.google-analytics.com *.facebook.net apis.google.com www.notifyvisitors.com cdn-sdk.hansel.io js.boxx.ai cdndc.netcoresmartech.com cdn.notifyvisitors.com googleads.g.doubleclick.net www.youtube.com ; script-src-elem 'self' 'unsafe-inline' gtm.js maps.googleapis.com polyfill.io pushimages.notifyvisitors.com push.notifyvisitors.com cdn.ampproject.org cdnp.notifyvisitors.com www.googletagmanager.com assets.adobedtm.com cdnt.netcoresmartech.com osjs.netcoresmartech.com www.googleadservices.com www.google-analytics.com *.facebook.net apis.google.com www.notifyvisitors.com cdn-sdk.hansel.io js.boxx.ai cdndc.netcoresmartech.com cdn.notifyvisitors.com googleads.g.doubleclick.net www.youtube.com *.serving-sys.com ; font-src 'self' fonts.gstatic.com cdn-sdk.hansel.io ; frame-src 'self' *.facebook.com *.google.com 5581446.fls.doubleclick.net khushi.uniphore.com bid.g.doubleclick.net www.youtube.com akeiradev.uniphore.com pnbmetlife.demdex.net ; connect-src 'self' pnbmetlifeproduction.112.2o7.net *.serving-sys.com *.googleapis.com *.gstatic.com *.google.com json.geoiplookup.io maps.googleapis.com api.ipify.org ujm.hansel.io www.google-analytics.com stats.g.doubleclick.net sdk.hansel.io analytics.google.com twa.netcoresmartech.com psegment.netcoresmartech.com dpm.demdex.net www.google.co.in ; img-src 'self' pnbmetlifeproduction.112.2o7.net adservice.google.co.in ad.doubleclick.net ads.instabid.tech *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com www.w3.org data: maps.googleapis.com maps.gstatic.com i.ytimg.com www.googletagmanager.com cm.everesttech.net www.pnbmetlife.com googleads.g.doubleclick.net s3.amazonaws.com pushimages.notifyvisitors.com www.google-analytics.com pnbmetlifedev.112.2o7.net www.google.co.in www.facebook.com www.google.com dpm.demdex.net ; manifest-src 'self' wdc.netcoresmartech.com cm.everesttech.net ; object-src 'self' ; frame-ancestors 'self' ; upgrade-insecure-requests 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' 'nonce-TyThosG6b/NnhPHbzwY7sg==' 'self' data: https://ask.couriersplease.com.au https://cab3-202-129-81-163.ngrok-free.app https://0.0.0.0:8081 https://localhost:8081 https://fontmetrics.net https://uat.couriersplease.com.au https://dev.couriersplease.com.au/ https://prod.couriersplease.com.au https://stcpfrontendcmsdev.blob.core.windows.net https://stcpfrontendcmsuat.blob.core.windows.net https://webapp-cp-back-dev.azurewebsites.net https://webapp-cp-back-uat.azurewebsites.net https://maps.googleapis.com https://maps.gstatic.com https://chart.apis.google.com https://app-cpmeilisearch-dev-001.azurewebsites.net https://frontend.couriersplease.com.au https://webapp-cp-back.azurewebsites.net; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'nonce-TyThosG6b/NnhPHbzwY7sg==' 'strict-dynamic' 'self' https: 'unsafe-inline' 'unsafe-eval' https://ask.couriersplease.com.au/ https://cdn.jsdelivr.net http://0.0.0.0:1337 https://cab3-202-129-81-163.ngrok-free.app https://0.0.0.0:8081 https://localhost:8081 https://fontmetrics.net https://uat.couriersplease.com.au https://dev.couriersplease.com.au/ https://prod.couriersplease.com.au https://webapp-cp-back-dev.azurewebsites.net https://webapp-cp-back-uat.azurewebsites.net https://app-cpmeilisearch-dev-001.azurewebsites.net https://frontend.couriersplease.com.au https://webapp-cp-back.azurewebsites.net; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://www.buzzsprout.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://www.buzzsprout.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.edenireland.ie; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' ad.doubleclick.net data:; 1
frame-src self youtube.com www.youtube.com https://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com https://www.google.com *.prismic.io https://player.vimeo.com/ https://client-registry.mutinycdn.com http://info.arcadia.com/ https://td.doubleclick.net/ hemsync.clickagy.com https://insight.adsrvr.org/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com oc-cdn-public.azureedge.net connect.facebook.net platform.twitter.com; style-src 'self' 'unsafe-inline' oc-cdn-public.azureedge.net fonts.cdnfonts.com; font-src 'self' fonts.cdnfonts.com data:; connect-src 'self' www.google-analytics.com vitals.vercel-insights.com graph.facebook.com res.cloudinary.com assets.metrolinx.com; img-src 'self' res.cloudinary.com assets.metrolinx.com d3t3ozftmdmh3i.cloudfront.net i.ytimg.com data:; media-src 'self' anchor.fm d3ctxlq1ktw2nl.cloudfront.net blob:; frame-src www.youtube.com www.instagram.com oc-cdn-public.azureedge.net www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com app.sli.do 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cpb.nl https://ajax.googleapis.com/ https://etalage.argumentenfabriek.nl/; frame-src 'self' https://cpbit.shinyapps.io/ https://www.youtube.com/ https://player.vimeo.com/ https://indd.adobe.com/; 1
script-src 'self'; script-src-elem 'self' 'unsafe-eval' 'nonce-Rs6T16HFRoS7tngt3HPD8xPN' 'sha256-8mhHF+WQFPbrFtZT3ILREQrpLHL4TVrQNQk6GdnEigE=' ssl.google-analytics.com platform.twitter.com cdn.syndication.twimg.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com thoughtleadershipmphasis.disqus.com www.linkedin.com graph.facebook.com c.disquscdn.com disqus.com munchkin.marketo.net https://assets.adobedtm.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://analytics.twitter.com https://tanzu.vmware.com  https://static.ads-twitter.com/uwt.js https://pbs.twimg.com/media https://cdn.cookie-script.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://beacon.crigloo.com/js/container_KAfRm6si.js https://stats.g.doubleclick.net https://smetrics.mphasis.com; object-src 'none'; base-uri 'none'; frame-src www.youtube.com platform.twitter.com syndication.twitter.com disqus.com www2.mphasis.com www.mphasis.com *.demdex.net *.doubleclick.net; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://tribune.net.ph;block-all-mixed-content; 1
script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' gist.github.com www.googletagmanager.com cdn.zapier.com;style-src 'self' 'unsafe-inline' github.githubassets.com cdn.zapier.com;img-src * data: blob:;frame-src * data:;connect-src * 1
frame-ancestors 'self' *.myraidbox.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.weborama.fr *.appboycdn.com *.licdn.com *.redditstatic.com *.googlesyndication.com *.magicline.com *.googleapis.com *.woosmap.com *.cookiebot.com connect.getflowbox.com widgets.trustedshops.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.google.de www.gstatic.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net vercel.live connect.facebook.net cdn.vercel-insights.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com sc-static.net *.adform.net metrics.rsggroup.com tr.snapchat.com tr.snapchat.com/config facebook.com *.cloudflare.com analytics.tiktok.com hal9000.redintelligence.net *.zdassets.com *.pinimg.com *.bing.com; connect-src 'self' data: *.linkedin.com *.snapchat.com *.bing.com https://facebook.com https://www.facebook.com *.magicline.com *.typekit.net *.googleapis.com *.woosmap.com *.sentry.io www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net vitals.vercel-insights.com vercel.live *.adyen.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com consentcdn.cookiebot.com tr.snapchat.com tr.snapchat.com/config facebook.com sc-static.net *.adform.net metrics.rsggroup.com analytics.tiktok.com hal9000.redintelligence.net rsg-group.course-api.mysports.com facebook.com com-magicline-tenant-assets-prod.s3.eu-west-1.amazonaws.com *.zdassets.com *.zendesk.com *.pangle-ads.com *.pinterest.com *.braze.eu; style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com *.typekit.net *.fontawesome.com; font-src 'self' data: assets.vercel.com fonts.gstatic.com *.typekit.net *.fontawesome.com; img-src 'self' blob: data: *.inlabserving.com *.bidr.io *.reddit.com *.linkedin.com *.google.es *.google.it *.gstatic.com *.googleapis.com *.woosmap.com *.rsggroup.com ssl.gstatic.com www.gstatic.com *.adyen.com googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com tr.snapchat.com analytics.tiktok.com hal9000.redintelligence.net assets.magicline.com googleadservices.com *.googleadservices.com *.pinterest.com *.bing.com *.cookiebot.com; media-src 'self' *.rsggroup.com *.streamabc.net *.typekit.net; manifest-src 'self' 1
default-src 'self'; child-src 'self'; connect-src 'self' https://test.insic.de https://eu-api.friendlycaptcha.eu/api/v1/puzzle https://*.lotto-niedersachsen.de https://sentry.sumcumo.net https://sc-sentry.sumcumo.net https://graphql.contentful.com https://checkoutshopper-test.adyen.com; font-src 'self' https://test.insic.de https://*.lotto-niedersachsen.de https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.lotto-ast.k8s.atmina.systems https://ast.morf-stage.lotto-niedersachsen.de https://ast.lotto-niedersachsen.de https://checkoutshopper-test.adyen.com; img-src 'self' data: https://test.insic.de https://*.lotto-niedersachsen.de https://images.ctfassets.net https://img.youtube.com https://i.ytimg.com https://checkoutshopper-test.adyen.com; object-src 'self'; media-src 'self' data:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://test.insic.de https://*.lotto-niedersachsen.de https://d.ratepay.com; style-src 'self' 'unsafe-inline' https://test.insic.de https://*.lotto-niedersachsen.de https://fonts.googleapis.com; worker-src 'self' blob:; report-uri https://sentry.sumcumo.net/api/158/security/?sentry_key=7dcd59f5e24c409283f8410aef4e8dd7 1
default-src 'self' dictu.bbvms.com sa-tb.nl  *.siteimprove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com chosen.jquery.js  statistiek.rvo.nl dictu.bbvms.com cdn.bluebillywig.com kaartapi.nl cdn.bootcdn.net cdn.jsdelivr.net publisher.formsengine.io sa-tb.nl code.jquery.com *.dtnr.nl cdn.ckeditor.com *.twimg.com *.twitter.com *.youtube.com *.facebook.net siteimproveanalytics.com sdc.mineleni.nl cdn.siteimprove.net cdnjs.cloudflare.com cdn.rawgit.com *.rijksoverheid.nl; connect-src 'self' statistiek.rvo.nl dictu.bbvms.com statistiek.rijksoverheid.nl piwik.dtnr.nl geodata.nationaalgeoregister.nl sa-tb.nl *.siteimprove.com api.pdok.nl; img-src 'self' dictu.bbvms.com stats.bluebillywig.com www.toegankelijkheidsverklaring.nl cdn.ckeditor.com service.pdok.nl geodata.nationaalgeoregister.nl code.jquery.com kaartapi.nl sa-tb.nl *.dtnr.nl *.twimg.com *.twitter.com *.googleapis.com *.ytimg.com data: *.siteimprove.com sdc.mineleni.nl *.rijksoverheid.nl; style-src  chosen.css dictu.bbvms.com code.jquery.com cdn.ckeditor.com cdn.jsdelivr.net sa-tb.nl *.twimg.com *.twitter.com *.facebook.com *.googleapis.com *.siteimproveanalytics.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; font-src sa-tb.nl *.gstatic.com 'self' data:; media-src 'self' www.rovid.nl dictu.bbvms.com *.bluebillywig.com *.cloudfront.net data:; frame-src *.twitter.com *.youtube.com *.facebook.com 'self' *.siteimprove.com *.bbvms.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://det.social; img-src 'self' https: data: blob: https://det.social; style-src 'self' https://det.social 'nonce-4ebVk1ytDOsjOXfCGOfkug=='; media-src 'self' https: data: https://det.social; frame-src 'self' https:; manifest-src 'self' https://det.social; form-action 'self'; child-src 'self' blob: https://det.social; worker-src 'self' blob: https://det.social; connect-src 'self' data: blob: https://det.social https://det.social wss://det.social; script-src 'self' https://det.social 'wasm-unsafe-eval' 1
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.walkme.com *.liveperson.com *.us.hsbc.com *.cdn-apple.com *.g.doubleclick.net *.brightcove.net *.google-analytics.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.walkme.com *.biocatch.com *.us.hsbc.com *.siteintercept.qualtrics.com *.facebook.com http://127.0.0.1:5000/* adservice.google.com *.googletagmanager.com *.amazonaws.com *.liveperson.net *.brightcove.com *.api.brightcove.com *.google-analytics.com *.g.doubleclick.net *.execute-api.us-east-1.amazonaws.com *.va.cobrowse.liveperson.net *.analytics.google.com www.google.com analytics.google.com *.google.com.sg *.google.cn ad.doubleclick.net *.eu.v2.customers.biocatch.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.online-metrix.net *.facebook.com bid.g.doubleclick.net connect.facebook.net *.v.liveperson.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.alicdn.com *.typekit.net *.googleusercontent.com *.avast.com fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.liveperson.net *.va.cobrowse.liveperson.net; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com; 1
frame-ancestors 'self' https://www.zoetispetcare.com/ https://z-virtualbooth.com/ https://www.z-virtualbooth.com/ https://z-virtualbooth.com/nav-panels/2022-aaep/aaep/aaep.html/ https://service.force.com/ https://zoetis-us.secure.force.com/ https://touchpointeca.my.salesforce-sites.com/ https://service.force.com/embeddedservice/5.0/esw.min.css https://zoetis-us.secure.force.com/zoey/resource/ChatStyle https://zoetis-us.secure.force.com/zoey/embeddedService/sidebarApp.app https://www.z-virtualbooth.com/nav/dx/index.html 1
upgrade-insecure-requests ; default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; connect-src 'self' https: ; style-src 'self' 'unsafe-inline' https: ; img-src 'self' https: data: blob: ; media-src 'self' https: blob: mediastream: ; font-src 'self' https: ; object-src 'none' ; manifest-src 'self' ; frame-src 'self' https: ; child-src 'self' https: blob: ; worker-src 'self' https: blob: ; report-uri https://api.weer.nl/v1/csp/reports ; frame-ancestors 'none' 1
font-src 'self' *; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; 1
frame-ancestors 'self' my.lotame.com forumbee.com; 1
frame-ancestors 'self' https://portalpasazerawidget.plk-sa.pl/; default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
block-all-mixed-content; base-uri 'self'; child-src 'self' *.googletagmanager.com *.youtube.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' 'report-sample' https://*.tidepool.org https://*.youtube.com https://cdn.embedly.com https://tidepool-analytics-plots.s3-us-west-2.amazonaws.com; script-src 'self' 'report-sample' 'unsafe-inline' https://*.tidepool.org https://*.salsalabs.org https://doublethedonation.com https://*.wepay.com https://*.marketo.com https://*.zendesk.com https://*.zdassets.com https://*.zopim.com https://*.maxmind.com https://*.youtube.com https://*.googletagmanager.com https://tagmanager.google.com https://assets-global.website-files.com https://cdn.embedly.com https://*.cloudfront.net https://cdn.jsdelivr.net/npm/@finsweet/; style-src 'self' 'report-sample' 'unsafe-inline' https://*.tidepool.org https://*.salsalabs.org https://doublethedonation.com https://*.jquery.com https://*.zdassets.com https://*.marketo.net https://*.marketo.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://assets-global.website-files.com https://cdn.embedly.com https://*.cloudfront.net; worker-src 'self'; 1
script-src 'self' https://hm.baidu.com https://wx.wind.com.cn https://res.wx.qq.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https:; connect-src 'self' https: ws://viget-craft.dev:* ws://localhost:*; font-src 'self' https: data:; frame-src 'self' https:; frame-ancestors 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; 1
default-src 'self' ; connect-src *; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://platform.twitter.com https://static.addtoany.com https://*.effectivemeasure.net https://*.soundcloud.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; connect-src 'self' https://analytics.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.soundcloud.com https://*.effectivemeasure.net https://*.sndcdn.com ; img-src 'self' 'unsafe-inline' data: https://analytics.google.com https://*.google-analytics.com https://www.google.co.za https://www.google.com https://stats.g.doubleclick.net https://*.openstreetmap.org https://*.dzcdn.net https://*.sndcdn.com https://*.ytimg.com https://*.effectivemeasure.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://themes.googleusercontent.com data: ; media-src 'self' data: https://*.soundcloud.com https://*.dzcdn.net https://*.sndcdn.com ; worker-src 'self' https://www.google.com data: ; frame-src 'self' https://platform.twitter.com https://www.google.com https://www.youtube.com https://static.addtoany.com ; manifest-src 'self'  1
base-uri 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data: https: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' data: * blob:; media-src 'self' 'unsafe-inline' data:; object-src 'self' 'unsafe-inline' data:; default-src 'self' 'unsafe-inline' 1
frame-ancestors 'self'  https://mtt.avp.tech; 1
frame-ancestors 'self' brunt.co *.brunt.co 1
default-src 'self' *.google-analytics.com *.analytics.google.com media.cinkciarz.pl; connect-src 'self' g2.cinkciarz.pl *.google-analytics.com *.analytics.google.com *.livesession.io *.cinkciarz.pl *.doubleclick.net *.google.com *.googlesyndication.com matomo.cinkciarz.pl; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.google-analytics.com *.analytics.google.com optimize.google.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' cinkciarz.pl conotoxia.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com www.googleanalytics.com www.googleoptimize.com www.google.com optimize.google.com stats.g.doubleclick.net *.youtube.com player.vimeo.com www.gstatic.com *.livesession.io *.cinkciarz.pl *.doubleclick.net www.googleadservices.com matomo.cinkciarz.pl; frame-src 'self' 'unsafe-inline' optimize.google.com *.youtube.com player.vimeo.com *.spotify.com *.spotify.net www.google.com *.doubleclick.net; frame-ancestors 'self' *.spotify.com *.spotify.net; img-src 'self' media.cinkciarz.pl www.googletagmanager.com *.google-analytics.com *.analytics.google.com optimize.google.com *.g.doubleclick.net cinkciarz.pl conotoxia.com data: www.google.pl www.google.com matomo.cinkciarz.pl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com *.teads.tv; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com catalog.aldi-suisse.ch; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://tigo.us9.list-manage.com https://criteo.com/ https://criteo.net https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-vhvnpm0WI1cX2aqr7F6q1DZsiz7jZxd16G6SDgAqi3M=' 'sha256-BzLOX48D/UDy3TJ0/dHLghnkHxaj8wgkSa2XsrjEojc=' 'sha256-Z+u0mB56g+eKhBcvOGM728f7VVmJyi+PSFYMuekaClQ=' 'sha256-C/13im+Qb+YfLNVa7SKze00xziLmTUxI8EF+nrABh50=' 'sha256-0HslBWhi6Zk/Yrg5WneRyzT7n/UkxVNfq3AbpT4d9QE=' 'sha256-l5VD+plVDMqEfXngc6qN/GWd5N5JL0GAY83O8YZ2WGQ='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-NTExODQyODgzNDc1NTA5' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
default-src 'none'; base-uri 'self'; frame-src 'self' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com *.google.gr; connect-src 'self' https://get-vpn.site *:888; font-src 'self' data: https://get-vpn.site; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr https://get-vpn.site trustzoneurl.com trustzonepost.xyz stats.g.doubleclick.net www.google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com; manifest-src 'self' https://get-vpn.site; style-src 'self' 'unsafe-inline' https://get-vpn.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get-vpn.site trustzoneurl.com platform.twitter.com connect.facebook.net  *.google-analytics.com; report-uri https://trust.zone/_csp_log 1
default-src 'self'; font-src 'self' *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googletagmanager.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.passle.net widget.spreaker.com github.com getglimpse.com cms.clydeco.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com www.youtube.com s.ytimg.com www.gstatic.com *.cookiebot.com cms.clydeco.com clyde-prod.azurewebsites.net clyde-cms-prod.azurewebsites.net clyde-cms-prod2.azurewebsites.net clyde-cms-uat.azurewebsites.net clyde-cms-uat2.azurewebsites.net clyde-uat2.azurewebsites.net clyde-uat.azurewebsites.net clyde-uat3.azurewebsites.net clyde-cms-qa.hosted.positive.co.uk clyde-qa.hosted.positive.co.uk www.clydeco.com clydeco.com www.cc.com cc.com *.twitter.com cdn.syndication.twimg.com *.ceros.com; style-src 'self' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; frame-src 'self' embedder.wirewax.com widget.spreaker.com w.soundcloud.com cms.clydeco.com clyde-qa.hosted.positive.co.uk www.clydeco.com clydeco.com www.cc.com cc.com cdn.yoshki.com www.youtube-nocookie.com *.google.com *.ngrok.io www.facebook.com *.pinterest.com pinterest.com player.vimeo.com www.google.com s7.addthis.com www.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.ceros.com *.googlesyndication.com *.googleadservices.com; object-src 'none'; img-src 'self' data: https: clydeco.vuturevx.com googleads.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.googletagmanager.com; connect-src 'self' *.googlesyndication.com  *.googleadservices.com *.google.com *.googletagmanager.com consentcdn.cookiebot.com maps.googleapis.com *.spreaker.com *.passle.net api.mixpanel.com cc.local *.google-analytics.com cms.clydeco.com clyde-prod.azurewebsites.net clyde-cms-prod.azurewebsites.net clyde-cms-prod2.azurewebsites.net clyde-cms-uat.azurewebsites.net clyde-qa.hosted.positive.co.uk clyde-cms-qa.hosted.positive.co.uk clyde-uat2.azurewebsites.net clyde-uat.azurewebsites.net clyde-uat3.azurewebsites.net *.doubleclick.net; media-src 'self' *.googlesyndication.com  *.googleadservices.com googleads.g.doubleclick.net api.spreaker.com cdn.clydeco.com clydeuat.azureedge.net clydedev.azureedge.net; frame-ancestors 'self' *.googlesyndication.com  *.googleadservices.com *.google.com *.googletagmanager.com cms.clydeco.com *.ceros.com clyde-cms-uat.azurewebsites.net clyde-cms-uat2.azurewebsites.net admin.cc.local clyde-cms-qa.hosted.positive.co.uk; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org device.clearsale.com.br get.geojs.io stag.nivea.com.br stats.g.doubleclick.net tm-eu.beiersdorf.com www.google-analytics.com www.google.co.in www.google.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com static.hotjar.com script.hotjar.com connect.facebook.net googleads.g.doubleclick.net www.googletagmanager.com admin.nivea.com.br www.googleadservices.com static.ads-twitter.com analytics.tiktok.com c.amazon-adsystem.com *.adform.net www.googleanalytics.com www.googleoptimize.com optimize.google.com www.gstatic.com cdn.evgnet.com cdn.krxd.net staticw2.yotpo.com consumer.krxd.net beacon.krxd.net mpsnare.iesnare.com content.syndigo.com stable.loyjoy.com getblue.io www.globo.com g1.globo.com gshow.globo.com globoplay.globo.com ge.globo.com tags.cgcmd.globo.com smpl.beiersdorf.com *.getblue.io cdn.consentmanager.net/delivery/autoblocking/3b39dc12714ae.js *.consentmanager.net https://*.clarity.ms https://c.bing.com www.youtube.com collect.vendavalida.com.br/push.js www.googleapis.com/youtube/* www.googleapis.com https://collect.vendavalida.com.br *.collect.vendavalida.com.br/* www.nivea.com.br; report-uri /.webscale/csp-report 1
img-src data: 'self' https://yandex.ru https://mc.yandex.ru https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://fonts.googleapis.com; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://mc.yandex.ru https://i.ytimg.com https://cdn.jsdelivr.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com data:; default-src blob:  'self' https://fonts.googleapis.com https://cdn.jsdelivr.net https://core-renderer-tiles.maps.yandex.net/ https://api-maps.yandex.ru https://www.google.com/ 'unsafe-inline'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://mc.yandex.ru https://yastatic.net http://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/gh/kartik-v/bootstrap-fileinput@5.2.2/js/fileinput.min.js https://core-renderer-tiles.maps.yandex.net/ https://www.google.com https://api-maps.yandex.ru https://www.gstatic.com https://yastatic.net 'self' 'unsafe-inline' 'unsafe-eval' 'self'; frame-src blob: https://mc.yandex.ru  'self' https://www.youtube.com/ https://www.google.com/; child-src 'self' blob: https://mc.yandex.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com https://cdn.insight.sitefinity.com https://code.jquery.com/jquery-3.4.1.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js *.youtube.com/ https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net https://connect.facebook.net/en_US/fbevents.js platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://chatbot-widget.jobijoba.io https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com cdn1.readspeaker.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/ https://js.datadome.co/tags.js js.datadome.co https://karriere.soprasteria.de https://cdn.mouseflow.com https://survey.survicate.com https://surveys-static.survicate.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css cdn1.readspeaker.com https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://surveys-static.survicate.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://surveys-static.survicate.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com https://surveys-static.survicate.com https://assets.survicate.com *.usercentrics.eu; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/ https://res.cloudinary.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/ *.doubleclick.net; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ *.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/; connect-src 'self' accounts.google.com *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ *.readspeaker.com https://media-eu.readspeaker.com/ https://cdn1.readspeaker.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://www.linkedin.com/ *.linkedin.com https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.pa-cd.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io https://o2.mouseflow.com https://eu-api.friendlycaptcha.eu https://respondent.survicate.com *.usercentrics.eu; 1
script-src 'unsafe-eval' 'unsafe-inline' qna.center *.qna.center ulogin.ru/js/ulogin.js *.ampproject.org *.gstatic.com *.googleapis.com *.tiktok.com tiktok.com *.ibytedtos.com *.tiktokcdn.com *.ttwstatic.com 1
connect-src 'self' vimeo.com *.vimeo.com api.websitecarbon.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com matomo.lkab.com;default-src 'self';font-src 'self' matomo.lkab.com;img-src 'self' mb.cision.com data: w3.org/svg/2000 i.vimeocdn.com i.ytimg.com *.google-analytics.com *.googletagmanager.com matomo.lkab.com;script-src 'self' 'sha256-KwjsHA+EsMbb1ylKxspeOyO7bQGEm/Rrda1uQ1Vfp7k=' 'sha256-AN4pO5LfFZ8nm9ROGeE1FnW+QWU7VEOWTrAHUthWjIM=' vimeo.com *.vimeo.com 'sha256-RPhUxarK9e7g7QSlFDXObbJg5G40WNLhElVJI36zeuQ=' youtube.com *.youtube.com 'sha256-YE+WaNSJPJd1dxnTF9W6F6FxTMCH1GG1Ejw7ERjvNVI=' 'sha256-JXxRhU9rSK5ChKenB/G3/iw9g4Jhqsy0XiITIEt87+s=' *.googletagmanager.com 'sha256-zrL3ROJP63mcZH+dXLik9tcBAtowlwjOHDWFiZi5jL4=' matomo.lkab.com;style-src 'self' 'unsafe-inline' matomo.lkab.com;frame-src api.screen9.com vimeo.com *.vimeo.com *.lkab.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://kit.fontawesome.com https://use.fontawesome.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' https://fonts.googleapis.com *.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.fontawesome.com localhost:* http://localhost:* ws://localhost:*; font-src 'self' data: https://fonts.gstatic.com *.fontawesome.com; frame-src 'self' https://skystudioapps.com https://allpoland.github.io/ArcViewer/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.beatsaver.com www.gravatar.com flagcdn.com data:; manifest-src 'self'; media-src 'self' *.beatsaver.com; worker-src 'none'; form-action 'self'; frame-ancestors 'self' https://www.questmodding.com; 1
default-src 'none'; media-src https: data: blob: ; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: ; img-src * data: blob: ; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: ; object-src 'none'; 1
frame-ancestors 'self' https://www.disabilityscoop.com https://jobs.disabilityscoop.com https://account.disabilityscoop.com 1
frame-ancestors 'self' https://jobcloud.ch https://www.jobcloud.ch https://jobs.ch https://www.jobs.ch https://jobup.ch https://www.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://www.jobscout24.ch https://jobscout24.ch https://impieghi.ch https://www.impieghi.ch https://www.stellenmarkt.ch https://stellenmarkt.ch https://www.jobbasel.ch https://www.jobbern.ch https://www.jobmittelland.ch https://www.myjob.ch https://www.ostjob.ch https://www.zentraljob.ch https://www.rhenus.com https://rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 1
frame-ancestors 'self' https://messaging.arrt.org https://apps.arrt.org https://stdata.arrt.org 1
default-src 'self';          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browser.sentry-cdn.com/6.19.2/bundle.min.js https://connect.facebook.net/en_GB/sdk.js https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com https://platform.twitter.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://ssl.p.jwpcdn.com https://www.googletagmanager.com/;          style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com;          object-src 'none';         connect-src 'self' https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com https://stats.g.doubleclick.net https://www.google-analytics.com https://o308448.ingest.sentry.io https://amazonpress-studio.s3-accelerate.amazonaws.com https://analytics.google.com/ https://www.google.co.in/ads/ga-audiences;          font-src 'self' https://fonts.gstatic.com https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com https://ssl.p.jwpcdn.com;          frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.google.com https://www.youtube.com;          img-src 'self' data: https://i.ytimg.com https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com https://prd.jwpltx.com https://syndication.twitter.com https://www.google-analytics.com https://www.gravatar.com https://www.google.co.in/ad/ https://www.googletagmanager.com/ https://www.google.co.in/ads/ga-audiences;          manifest-src 'self' https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com;          media-src 'self' https://devmedia.press.amazonstudios.com https://stgmedia.press.amazonstudios.com https://media.press.amazonstudios.com;          worker-src 'none'; 1
default-src 'self' data: td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com cdn.landbot.io fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.landbot.io *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: code.jquery.com cdn.landbot.io pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com cdn.landbot.io *.firebaseio.com www.google.com;img-src 'self' data: hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.livehelpnow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com service.ariba.com *.pcahomeschoolhub.com *.ops-online.com *.viedu.org *.vistaordering.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com service.ariba.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com service.ariba.com photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com hawksearch.net *.hawksearch.net *.rainbowresource.com rrc-temp.cldev.io images.salsify.com/ res.cloudinary.com *.livehelpnow.net wac.edgecastcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.turnto.com acsbapp.com *.livehelpnow.net *.polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline *.typekit.net *.turnto.com *.livehelpnow.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.turnto.com *.google.com google.com *.acsbapp.com https://searchapi-dev.hawksearch.net https://searchapi-test.hawksearch.net https://essearchapi-na.hawksearch.com https://tracking-dev.hawksearch.net https://tracking-test.hawksearch.net https://tracking-na.hawksearch.com https://recs-dev.hawksearch.net https://recs-test.hawksearch.net https://recs-na.hawksearch.com *.livehelpnow.net wss://app.livehelpnow.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://piwik.fsf.org 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self' https://www.usd.de data:; script-src 'self' https://www.usd.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.usd.de 'unsafe-inline'; img-src 'self' https://www.usd.de data: https://pci.usd.de https://stats.usd.de https://www.usd.de https://ps.w.org; frame-src 'self' data: *.usd.de *.youtube-nocookie.com; font-src 'self'; object-src 'self'; worker-src 'self' 1
default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src https: 'unsafe-inline' data: blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.green; img-src 'self' https: data: blob: https://mastodon.green; style-src 'self' https://mastodon.green 'nonce-osEwEdo+UCN18O5wpr2h1Q=='; media-src 'self' https: data: https://mastodon.green; frame-src 'self' https:; manifest-src 'self' https://mastodon.green; form-action 'self'; child-src 'self' blob: https://mastodon.green; worker-src 'self' blob: https://mastodon.green; connect-src 'self' data: blob: https://mastodon.green https://files.mastodon.green wss://mastodon.green; script-src 'self' https://mastodon.green 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.typeform.com/; default-src 'self' 'unsafe-inline' https://cdn.segment.com https://api.segment.io https://player.vimeo.com https://api.vimeo.com https://vimeo.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.usemessages.com https://snap.licdn.com https://api.hubspot.com https://forms.hubspot.com https://forms.hsforms.com https://api.hubapi.com https://px.ads.linkedin.com https://app.hubspot.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://static.hsappstatic.net https://meetings.hubspot.com youtube.com https://www.youtube.com https://app.hubspot.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://hsforms.com https://downloads.atomic.io wss://50-1.client-api.atomic.io https://lumpy-quilled-line.glitch.me https://50-1.client-api.atomic.io https://edge.atomic.io https://firebasestorage.googleapis.com https://www.developer.atomic.io https://www.atomic.io https://forms.hscollectedforms.net https://u1qch3rmn1.execute-api.us-east-1.amazonaws.com https://www.typeform.com https://www.googletagmanager.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://cdn.addevent.com https://cta-service-cms2.hubspot.com https://js.hubspot.com https://perf-na1.hsforms.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com wss://04.client-api.development.unobtainium.atomic.io https://04.client-api.development.unobtainium.atomic.io; font-src 'self' data: https://fonts.gstatic.com https://www.atomic.io https://www.typeform.com ; frame-src youtube.com https://www.youtube.com https://forms.hsforms.com https://perf.hsforms.com https://app.hubspot.com https://player.vimeo.com https://meetings.hubspot.com https://www.atomic.io https://www.developer.atomic.io https://www.google.com blob: https://www.typeform.com https://www.addevent.com https://atomic-demo-banking-e40bc9ead1d9.herokuapp.com/ https://td.doubleclick.net/ https://atomic-7898020.hs-sites.com/; img-src 'self' data: https://secure.gravatar.com https://s.w.org https://i.vimeocdn.com https://atomic.io https://www.atomic.io https://www.developer.atomic.io https://track.hubspot.com https://edge.development.unobtainium.atomic.io https://px.ads.linkedin.com https://forms.hsforms.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://perf.hsforms.com https://forms-na1.hsforms.com https://edge.atomic.io https://images.unsplash.com https://source.unsplash.com https://www.typeform.com https://www.linkedin.com  https://www.google.com  https://www.google-analytics.com/  https://www.google.co.nz https://workbench.atomic.io https://perf-na1.hsforms.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://firebasestorage.googleapis.com; 1
img-src 'self' data: https:; font-src 'self'; frame-src 'self'; 1
object-src 'none'; script-src 'self' https://translate.google.com https://translate.googleapis.com cdnjs.cloudflare.com dist https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com cdnjs.cloudflare.com dist https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; frame-src * ; media-src *; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' embed.typeform.com code.jquery.com *.google-analytics.com *.analytics.google.com www.googleoptimize.com maps.googleapis.com cdn.cookielaw.org www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com unpkg.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com www.google.com www.recaptcha.net www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' * data: blob: 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; media-src 'self' https:; 1
default-src blob: https: data: wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com www.redditstatic.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms; frame-src 'self' *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me; object-src 'self'; worker-src blob:; connect-src 'self' *.wpml.org https://*.doubleclick.net *.helpscout.net *.wistia.com d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com wss://chat-support.toolset.com https://chat-support.toolset.com wss://activity-tracker.toolset.com https://activity-tracker.toolset.com ams.wpml.org https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 1
frame-ancestors https://influencity.com *.influencity.com; upgrade-insecure-requests 1
default-src https: wss: ; img-src data: https: http: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: ; style-src https: 'unsafe-inline' http: ; font-src data: https: ; media-src http: ; frame-src blob: https: wss: 1
frame-ancestors redaspen.myvoffice.com redaspenlove.com www.redaspenlove.com; report-uri /cgi-bin/csp-violation 1
frame-ancestors *.elektramat.nl *.besteloverzicht.nl 52.137.60.253 1
default-src 'none'; script-src 'report-sample' 'self' http: https: wss: blob: 'nonce-8LZjQIgLJYGbVyXxbxW6Qyyii74URGw8BpdMBDfCtTg='; connect-src blob: data: 'self' https://analytics.finna.fi https://*.tv.funet.fi; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * blob:; font-src * data:; base-uri 'self'; manifest-src 'self'; child-src blob:; frame-src https://player.vimeo.com https://www.youtube.com https://players.icareus.com https://www.youtube-nocookie.com; 1
default-src 'self'; img-src * https://*.iadvize.com https://*.contentsquare.net 'self' data:; script-src https://insights.algolia.io https://prod-js.aws.y-track.com https://collect.commander1.com https://www.clarity.ms https://the.sciencebehindecommerce.com https://tags.creativecdn.com https://ams.creativecdn.com https://fledge-eu.creativecdn.com https://zenaps.com https://*.meubles.fr https://bat.bing.com https://d3ayv6nsn4rwn3.cloudfront.net *.mouseflow.com https://*.google-analytics.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.com https://*/kameleoon.io https://*.iadvize.com https://*.twic.pics https://www.gstatic.com https://mpsnare.iesnare.com https://libs.hipay.com https://www.paypal.com https://www.google.com https://asset.easydmp.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.userly.net https://*.criteo.com https://static.criteo.net https://appstatic.quanta.io https://halc.iadvize.com https://s.pinimg.com https://www.dwin1.com https://*.realytics.io https://cdn-eu.realytics.net https://analytics.tiktok.com https://cdn.trustcommander.net https://*.uzerly.net https://uzerly.net https://bam.eu01.nr-data.net https://cdn.tagcommander.com https://app.contentsquare.com https://t.contentsquare.net https://static.hotjar.com https://script.hotjar.com https://js-agent.newrelic.com https://*.camif.fr https://static.photoslurp.com https://region1.analytics.google.com https://google.com https://ct.pinterest.com/ https://www.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.iadvize.com https://region1.analytics.google.com https://google.com https://ct.pinterest.com/ https://fonts.googleapis.com https://static.photoslurp.com https://*.camif.fr 'self' 'unsafe-inline'; connect-src https://insights.algolia.io https://prod-js.aws.y-track.com https://collect.commander1.com https://ams.creativecdn.com https://fledge-eu.creativecdn.com https://fpc.camif.fr https://api.dmp.y-track.com https://*.clarity.ms https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://js-api.dial-once.com https://ct.pinterest.com/ https://*.trustcommander.net https://vc.hotjar.io https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.com https://region1.analytics.google.com https://google.com *.mouseflow.com https://*.google-analytics.com https://privacy.commander1.com https://*.iadvize.com wss://*.iadvize.com wss://*.twilio.com https://pro.ip-api.com wss://mpsnare.iesnare.com https://*.hipay.com https://*.paypal.com https://api-adresse.data.gouv.fr https://*.criteo.com https://asset.easydmp.net https://rum-metrics.quanta.io https://api.realytics.io https://analytics.tiktok.com https://*.pinterest.com https://secure-gateway.hipay-tpp.com wss://ws.hotjar.com https://content.hotjar.io https://api.photoslurp.com https://bam.eu01.nr-data.net https://*.contentsquare.net 'self'; font-src *.mouseflow.com https://region1.analytics.google.com https://google.com https://ct.pinterest.com/ https://static.iadvize.com https://static.photoslurp.com 'self' data:; frame-src https://region1.analytics.google.com https://google.com https://ct.pinterest.com/ https://*.meubles.fr https://zenaps.com https://static.photoslurp.com/ *.mouseflow.com https://ams.creativecdn.com https://fledge-eu.creativecdn.com https://www.paypalobjects.com https://cdn.trustcommander.net https://*.calameo.com  https://*.epticahosting.com https://td.doubleclick.net https://region1.analytics.google.com https://google.com https://ct.pinterest.com/ https://*.iadvize.com https://www.google.com https://cdnimage.camif.fr https://www.youtube.com https://libs.hipay.com https://*.paypal.com https://www.facebook.com https://asset.easydmp.net https://gum.criteo.com  https://fledge.eu.criteo.com https://static.criteo.net https://halc.iadvize.com 'self'; media-src m.photoslurp.com https://mpsnare.iesnare.com 'self' data:; worker-src  'self' data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://px.ads.linkedin.com https://static.trackedweb.net https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://privacycdn.directsupply.com https://ajax.googleapis.com https://*.tels.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tels.net; connect-src 'self' https://px.ads.linkedin.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://bam.nr-data.net https://r2.trackedweb.net https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google-analytics.com https://cdn.cookielaw.org https://*.tels.net; font-src 'self' https://fonts.gstatic.com https://*.tels.net; img-src 'self' https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google.com https://cdn.cookielaw.org https://branding.directsupply.com https://*.tels.net; object-src https://px.ads.linkedin.com https://r2.trackedweb.net https://pagead2.googlesyndication.com https://www.google.com https://cdn.cookielaw.org https://td.doubleclick.net https://cdn.cookielaw.org https://td.doubleclick.net; frame-src 'self' https://td.doubleclick.net/ 1
default-src 'self' *.bookmyforex.com *.fontawesome.com *.angularjs.org *.cloudflare.com *.googleapis.com rawgit.com facebook.com googletagmanager.com razorpay.com *.razorpay.com *.linkedin.com *.google.com *.botstrapcdn.com *.bootstrapcdn.com *.jsdelivr.net *.jquery.com *.getmdl.io cashfree.com *.googleusercontent.com *.chartjs.org *.maxcdn.com *.angular.org *.facebook.com *.applemediaservices.com *.typekit.net *.ccavenue.com *.mangodata.co.in unpkg.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.facebook.com *.cashfree.com *.sokrati.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.tawk.to tawk.to *.licdn.com *.facebook.net googleadservices.com *.googleadservices.com *.bing.com youtube.com *.youtube.com *.recaptcha.net *.linkedin.oribi.io data: gap: ws: blob: ssl.gstatic.com; img-src * data: blob: ; frame-ancestors www.paxcredit.com www.tripmoney.com dialer.bookmyforex.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.chartjs.org; object-src 'self' blob: ; 1
default-src * 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.operabase.net *.operabase.com *.google.com *.google-analytics.com *.googleadservices.com *.ssl.google-analytics.com *.googletagmanager.com *.tagmanager.google.com maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com *.chargebee.com *.hsforms.net *.hsforms.com *.hscollectedforms.net *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.usemessages.com *.facebook.net *.cookiebot.com *.appcues.com *.appcues.net *.hsappstatic.net *.newrelic.com *.licdn.com *.segment.com *.stripe.com *.gstatic.com *.lokalise.com *.marker.io *.youtube.com googleads.g.doubleclick.net polyfill.io *.soundcloud.com *.facebook.com *.vimeo.com *.wistia.com *.wistia.net *.mixcloud.com *.dailymotion.com fonts.googleapis.com appleid.cdn-apple.com *.googlesyndication.com fpnpmcdn.net;style-src-elem * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;media-src * 'unsafe-inline' data: blob:;object-src 'none';style-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob: 1
frame-ancestors 'self' *.nike.com.cn *.nikecloud.com.cn 1
https://www.kemet.com https://js.hsforms.net 1
frame-ancestors https://eres-apply.cloud.smit.dev https://eres-apply.cloud.smit.test https://eresident.politsei.ee https://e-resident.gov.ee https://www.e-resident.gov.ee 1
frame-ancestors 'self' https://*.patee.ru; 1
frame-ancestors 'self' https://home.meetmarlo.com; 1
default-src 'self'; script-src-elem 'self' https://cdn.usefathom.com; script-src 'self' https://cdn.usefathom.com; child-src 'self' https://hooktube.com https://www.hooktube.com https://youtube.com https://www.youtube.com https://youtu.be https://gfycat.com https://streamja.com https://streamable.com https://vimeo.com https://vine.co https://instaud.io https://player.vimeo.com; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.usefathom.com wss://ovarit.com ws://ovarit.com 1
connect-src 'self' https://region1.google-analytics.com data: https://www.youtube.com https://play.google.com data:; 1
default-src 'self' *.hasbrorisk.com 'nonce-WmE4UUtNdHRoektaRU1KSWhSNDBLd0FBQUV3' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.fontawesome.com *.jquery.com *.youtube.com; media-src 'self' data:; img-src 'self' data: *.hasbrorisk.com *.google-analytics.com *.google.com.au *.google.com *.googletagmanager.com api.qrserver.com; style-src 'self' 'unsafe-inline' *.hasbrorisk.com *.fontawesome.com; font-src 'self' *.hasbrorisk.com *.gstatic.com *.fontawesome.com; frame-ancestors 'self'; 1
default-src 'self' fonts.gstatic.com www.google-analytics.com *.webinstats.com pagead2.googlesyndication.com www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com dbfukofby5ycr.cloudfront.net *.webinstats.com; frame-src 'self' www.google.com dbfukofby5ycr.cloudfront.net googleads.g.doubleclick.net *.webinstats.com tpc.googlesyndication.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com pagead2.googlesyndication.com www.google-analytics.com connect.facebook.net dbfukofby5ycr.cloudfront.net partner.googleadservices.com adservice.google.com.tr adservice.google.com pagead2.googlesyndication.com tpc.googlesyndication.com *.webinstats.com 1
frame-ancestors 'self' pi.pardot.com t.co twitter.com;   block-all-mixed-content;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.js.ubembed.com https://agent.marketingcloudfx.com https://analytics.twitter.com https://assets.ubembed.com https://cdnjs.cloudflare.com https://cdn.freshbots.ai https://cdn.jsdelivr.net https://cdn.leadmanagerfx.com https://content.linkedin.com https://cdn-prod.securiti.ai https://cdn.syndication.twimg.com https://dsp-creative.demandbase.com https://en.twitter.com https://f.vimeocdn.com https://go.forte.net https://google-analytics.com https://googletagmanager.com https://maxcdn.bootstrapcdn.com https://m.youtube.com https://netdna.bootstrapcdn.com https://platform.linkedin.com https://pi.pardot.com https://platform.twitter.com https://player.vimeo.com https://static.ads-twitter.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://scout-cdn.salesloft.com https://s.swiftypecdn.com https://tag.demandbase.com https://tagmanager.google.com https://t.co https://www.google-analytics.com https://www.googletagmanager.com https://www.vimeo.com https://www.youtube.com https://*.gstatic.com;  style-src 'self' 'unsafe-inline' *.licdn.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.freshbots.ai cdn.jsdelivr.net cdn-prod.securiti.ai fonts.googleapis.com hello.myfonts.net platform.twitter.com s.swiftypecdn.com ton.twimg.com www.googletagmanager.com;   object-src *.googlesyndication.com;   child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.doubleclick.net platform.twitter.com vimeo.com www.googletagmanager.com www.youtube.com s.company-target.com go.forte.net;  base-uri 'self';  form-action 'self' *.twitter.com *.google.com;   worker-src 'self' blob: www.google.com; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-ff9374d16657074962e3bf71694257cf' 'nonce-74808caa5c9321ba45b283edfff2a12d' 'nonce-098b9b3ab02e401ee474406f4b56d5ae' 'nonce-0e05014a167dcf37002095abdd706bfe' 'nonce-674afdbe26ac29ef6c9c513da538c834' 'nonce-3ba3bfbe8a9dbb4e7fab7964f5bdbdae' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ff9374d16657074962e3bf71694257cf' 'nonce-74808caa5c9321ba45b283edfff2a12d' 'nonce-098b9b3ab02e401ee474406f4b56d5ae' 'nonce-0e05014a167dcf37002095abdd706bfe' 'nonce-674afdbe26ac29ef6c9c513da538c834' 'nonce-3ba3bfbe8a9dbb4e7fab7964f5bdbdae' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.multicert.com https://multicert.com https://cloud4.go-contact.com:3001 https://cloud4.go-contact.com:3002 https://cloud4.go-contact.com:50002 https://www.google-analytics.com https://www.googletagmanager.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.multicert.com https://multicert.com https://*.byside.com *.autenticacao.gov.pt www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net https://*.hotjar.com;   style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.multicert.com https://multicert.com *.autenticacao.gov.pt fonts.googleapis.com https://*.hotjar.com https://*.byside.com;   connect-src 'self' https://www.multicert.com https://multicert.com blob: https://multicert.com https://www.multicert.com https://cloud4.go-contact.com:3001 https://cloud4.go-contact.com:3002 https://cloud4.go-contact.com:50002 https://*.byside.com www.google-analytics.com region1.analytics.google.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.byside.com;   img-src 'self' https: data: blob: https://*.hotjar.com ;   font-src 'self' https://*.byside.com fonts.gstatic.com https://script.hotjar.com data:;   object-src 'self';   base-uri 'self';   form-action 'self' https://multicert.com https://tsa.multicert.com https://mtrust.pt;   frame-src 'self' 'unsafe-inline' https://www.multicert.com https://multicert.com youtube.com www.youtube.com  www.google.com www.gstatic.com;   frame-ancestors 'self' https://www.multicert.com https://multicert.com;   report-uri https://www.multicert.com/report-uri/csp-violation;   report-to default; 1
default-src 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https://jweiland.net https://stat.jweiland.net https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; font-src data: 'self'; style-src 'unsafe-inline' https://jweiland.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com; img-src 'self' 'unsafe-inline' https://stat.jweiland.net data:; frame-src https://jweiland.net https://www.google.com/ https://maps.google.de/ https://player.vimeo.com/ https://www.youtube.com https://www.youtube-nocookie.com https://stat.jweiland.net/ https://www.slideshare.net/ https://de.slideshare.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; connect-src https://jweiland.net/ https://stat.jweiland.net/ 1
child-src *; 1
style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://pages.fragomen.com http://pages.fragomen.com https://www.fragomen.com https://cdn.ckeditor.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://app-ab33.marketo.com data:; img-src 'self' https://cdn.cookielaw.org https://cdn.jotfor.ms https://i.vimeocdn.com https://analytics.rubyapps.io https://events.jotform.com https://cdnjs.cloudflare.com https://www.jotform.com https://pages.fragomen.com https://storage.googleapis.com https://www.fragomen.com https://cdn.ckeditor.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://i.ytimg.com https://tr.lfeeder.com https://player.flipsnack.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://view.ceros.com https://analytics.rubyapps.io https://cdn.jotfor.ms https://cdn.jotfor.ms https://cdn01.jotfor.ms https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://form.jotform.com https://www.googletagmanager.com http://munchkin.marketo.net https://geolocation.onetrust.com https://player.vimeo.com https://cdn.cookielaw.org https://www.youtube.com https://www.fragomen.com http://pages.fragomen.com https://pages.fragomen.com https://cdn.ckeditor.com https://www.gstatic.com https://www.google.com https://www.amcharts.com https://maps.googleapis.com https://static.addtoany.com https://www.buzzsprout.com https://app-ab33.marketo.com https://munchkin.marketo.net https://cdnjs.cloudflare.com https://code.jquery.com https://secure.leadforensics.com https://connect.facebook.net https://www.google-analytics.com https://sc.lfeeder.com https://siteimproveanalytics.com https://zingtree.com; connect-src 'self' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://analytics.rubyapps.io http://130-cki-333.mktoresp.com https://fragomen-privacyrequests.my.onetrust.com https://maps.googleapis.com https://cdn.cookielaw.org https://cdn.plyr.io https://noembed.com https://130-cki-333.mktoresp.com https://connect.facebook.net https://tr.lfeeder.com https://www.google-analytics.com https://www.fragomen.dev.ruby.app https://stats.g.doubleclick.net; frame-src 'self' https://xapis.onelink-edge.com https://view.ceros.com https://analytics.rubyapps.io https://cwa.mindpeer.com https://submit.jotform.com/ https://cdn.flipsnack.com https://form.jotform.com/ https://pages.fragomen.com http://pages.fragomen.com https://player.vimeo.com https://www.bloomberg.com/ https://www.buzzsprout.com https://www.youtube.com https://www.google.com https://app-ab33.marketo.com https://static.addtoany.com https://cdn.yoshki.com https://zingtree.com https://player.flipsnack.com; font-src 'self' https://cdn.jotfor.ms https://fonts.gstatic.com https://maps.googleapis.com https://player.flipsnack.com https://privacyportal-uk.onetrust.com https://privacyportal-cdn.onetrust.com/5f6c6a33-148d-4e8c-a636-34f51eea6d11/privacy-notices/6ac6769d-b16d-4e5e-8656-21c382a722d0.json https://privacyportal-cdn.onetrust.com/ 1
default-src 'self' wss: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' livechat.ethias.be blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self';worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *  * data: s6.searchcdn.com www.nbcc.informz.net www.gstatic.com app.termly.io www.google-analytics.com addsearch.com app.addsearch.com www.google.com nbcc_cce.informz.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' d20vwa69zln1wj.cloudfront.net app.addsearch.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net ; img-src 'self' * data:; connect-src 'self' nbcc.informz.net stats.g.doubleclick.net app.termly.io www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com; object-src 'self'; media-src media.example.com data: blob: *; frame-src 'self' https://public.tableau.com/ app.termly.io www.google.com www.youtube.com;  1
frame-ancestors 'self' truetour.app visitingmedia.com 360.visitingmedia.com my.matterport.com 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.cz https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.cz https://tags.tiqcdn.com https://www.dm.cz; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.cz https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.cz https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.cz https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.cz https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.cz https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.cz https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.cz https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.cz https://signin.dm.cz; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
frame-ancestors 'self' *.mybigcommerce.com my.ecwid.com; 1
frame-ancestors 'self' copasa.com.br *.copasa.com.br copasa.net.br *.copasa.net.br https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; script-src 'self' copasa.com.br *.copasa.com.br copasa.net.br *.copasa.net.br https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'self' copasa.com.br *.copasa.com.br copasa.net.br *.copasa.net.br https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-78903603-7f39-4123-be05-033315911fd1' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
frame-ancestors self https://*.swashapp.io 1
frame-ancestors 'self' https://*.mnogosna.team https://metrika.yandex.ru 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.texthelp.com *.browsealoud.com players.brightcove.net vjs.zencdn.net https://cdn.rawgit.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com blob: https://cdn.siteimprove.net https://unpkg.com; frame-ancestors 'self'; report-uri https://www.mumc.nl/report-uri/enforce; block-all-mixed-content 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; 1
default-src 'self' * *.uhaul.com https://www.google.com;script-src 'self' *.uhaul.com cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com;font-src fonts.gstatic.com cdnjs.cloudflare.com;frame-ancestors 'self' *.uhaul.net 1
default-src * blob: 'unsafe-inline' 'unsafe-eval';img-src * 'self' blob: data: https:; font-src * 'self' data: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.page9awry.com https://downloads-global.3cx.com https://cdn.3cx.com https://cdnjs.cloudflare.com https://*.google.com https://www.google-analytics.com https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://*.facebook.com https://connect.facebook.net https://*.tawk.to https://*.googleapis.com https://s7.addthis.com/js/300/addthis_widget.js https://*.hiss3lark.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://*.hotjar.com https://www.googletagmanager.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.page9awry.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.tawk.to; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.page9awry.com wss://nm-14550.3cx.co.uk https://*.google-analytics.com https://cdn.linkedin.oribi.io https://idx.liadm.com https://*.3cx.co.uk https://*.tawk.to wss://*.tawk.to https://*.addthis.com https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.tawk.to; frame-src 'self' https://www.google.com https://accounts.google.com https://*.hotjar.com https://*.tawk.to https://*.facebook.com https://www.gstatic.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://player.vimeo.com; img-src 'self' data: https://*.page9awry.com https://maps.googleapis.com https://*.google.co.uk https://*.googletagmanager.com https://*.google.com https://www.google-analytics.com https://*.adsymptotic.com https://*.doubleclick.net https://maps.gstatic.com https://*.linkedin.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://nm-14550.3cx.co.uk https://csi.gstatic.com/; manifest-src 'self'; media-src 'self' data:; report-uri https://5ed675c79f297888ec226770.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; style-src-elem 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; img-src 'self' data: *.css.ch *.pinterest.com s0.2mdn.net bat.bing.com *.mopinion.com www.facebook.com connect.facebook.net preview3.assetsadobe.com s7g10.scene7.com cssversicherung.scene7.com cm.everesttech.net dpm.demdex.net *.googlesyndication.com *.gstatic.com maps.googleapis.com *.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.google.ch *.google.de *.google.at *.google.it *.google.fr *.google.li; font-src 'self' data: *.gstatic.com *.mopinion.com; object-src 'self' data: blob:; media-src 'self' data: blob: s7mbrstream-g1.scene7.com cssversicherung.scene7.com; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; connect-src 'self' wss://*.css.ch *.css.ch analytics.tiktok.com maps.googleapis.com *.cookiebot.com *.pinterest.com api.weatherapi.com *.mopinion.com www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com css-api.smoope.net *.google.com *.doubleclick.net *.google-analytics.com *.analytics.google.com s7mbrstream-g1.scene7.com cssversicherung.scene7.com cssversicherung.tt.omtrdc.net dpm.demdex.net; frame-src 'self' *.css.ch analytics.tiktok.com live.brame-gamification.com *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com *.doubleclick.net cap.attempts.securecode.com *.datatrans.com sandbox.pci-proxy.com acs.swisscard.ch *.cookiebot.com www.youtube.com assets.adobedtm.com csskranken-versicherungag.demdex.net 3dsec.cardcenter.ch *.mopinion.com css-chat.smoope.net www.facebook.com; frame-ancestors 'self' *.css.ch csskranken-versicherungag.experiencecloud.adobe.com; form-action 'self' *.datatrans.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cssversicherung.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
default-src 'unsafe-inline' 'self' *.doubleclick.net *.tawk.to; font-src 'unsafe-inline' 'self' *.gstatic.com *.fontawesome.com *.tawk.to;img-src 'unsafe-inline' 'self' blob: data: *.netgsm.com.tr *.facebook.com *.google-analytics.com *.google.com *.google.com *.google.com.tr *.doubleclick.net * data:; script-src 'unsafe-inline' 'self' *.googletagmanager.com *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.doubleclick.net *.jquery.com *.fontawesome.com *.pstmn.io *.google.com *.google.com.tr *.tawk.to *.jsdelivr.net *.cookiebot.com *.licdn.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.fontawesome.com *.tawk.to; frame-src 'unsafe-inline' 'self' *.facebook.com *.google.com *.doubleclick.net *.cookiebot.com; connect-src 'unsafe-inline' 'self' *.doubleclick.net *.facebook.com *.tawk.to wss://*.tawk.to *.cookiebot.com *.linkedin.oribi.io *.google-analytics.com *.google.com; 1
default-src 'self';script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self' 1
frame-ancestors self *.scribendi.com *.scribendi.ai 1
default-src 'self' www.youtube.com maps.googleapis.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com www.google-analytics.com *.doubleclick.net;font-src 'self' data: *.fonts.net maps.googleapis.com fonts.gstatic.com 'unsafe-inline';script-src-elem 'self' www.google-analytics.com *.doubleclick.net maps.googleapis.com 'unsafe-inline';style-src-elem 'self' *.fonts.net www.google-analytics.com maps.googleapis.com fonts.googleapis.com 'unsafe-inline';style-src 'self' *.fonts.net maps.googleapis.com fonts.googleapis.com 'unsafe-inline';connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: api.bbdo.com bbdo-api.dev.provisionsofia.com www.google-analytics.com maps.googleapis.com;img-src 'self' *.ytimg.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: cdn.bbdo.com api.bbdo.com bbdo-api.dev.provisionsofia.com www.google-analytics.com 'unsafe-inline';media-src 'self' cdn.bbdo.com api.bbdo.com bbdo-api.dev.provisionsofia.com maps.googleapis.com;frame-src 'self' *.bbdo.com youtube.com www.youtube.com *.google.com; 1
frame-ancestors 'self' *.parquesreunidos.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.ciis.edu/report-uri/enforce 1
default-src 'self' ;                 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;              img-src 'self' data: image/svg+xml https://www.google-analytics.com ;              connect-src 'self' https://www.google-analytics.com ;              script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com ;        font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ; 1
frame-ancestors *.eventmobi.com eventmobi.com *.ccab.com ccab.com; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.upsellit.com https://dx.mountain.com https://px.mountain.com https://cdn.mxpnl.com https://connect.facebook.net https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://s.ntv.io https://jadserve.postrelease.com https://code.jquery.com https://netdna.bootstrapcdn.com https://shareasaleanalytics.com https://d3js.org https://js.braintreegateway.com https://netdna.bootstrapcdn.com https://cdn.optimizely.com https://cdn.optimizely.com https://cdn.walkme.com https://platform.twitter.com https://cdn.pdst.fm https://utt.impactcdn.com https://static.criteo.net https://edge.fullstory.com https://www.recaptcha.net https://js.hs-scripts.com https://static.criteo.net https://utt.impactcdn.com https://sslwidget.criteo.com https://sslwidget.criteo.com https://www.gstatic.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.usemessages.com https://js.hs-banner.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://gs.mountain.com/gs https://match.sharethrough.com https://maps.googleapis.com https://www.google.com https://sdk.postscript.io https://insidetracker3e41a.referralrock.com https://youtube.com https://www.youtube.com https://www.redditstatic.com https://api.gorgias.work https://storage.googleapis.com https://us-east1-898b.gorgias.chat https://assets.gorgias.chat https://config.gorgias.io https://config.gorgias.chat https://*.upsellit.com; upgrade-insecure-requests 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-X2E/Oeh23hu4Mf+CyKoMrw=='; style-src 'self' www.gstatic.com; font-src 'self'; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com 1
frame-ancestors  'self' https://library.mulesoft.com; 1
default-src 'none'; font-src https: data:; img-src https:; script-src-elem https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https:; frame-src https:; script-src https:; 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.d41.co *.cxense.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cloudfront.net *.bluecore.com *.adsrvr.org blob: data.g2.com *.g2crowd.com *.hotjar.io *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hsadspixel.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.linkedin.com *.w55c.net *.pdst.fm *.stackadapt.com *.pactsafe.io p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.stackadapt.com;img-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.linkedin.com *.facebook.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com cdn.optimizely.com *.adsrvr.org data: *.windows.net *.edgecastcdn.net *.licdn.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.linkedin.com *.w55c.net *.stackadapt.com *.pactsafe.io;frame-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.hotjar.com *.needle.com *.doubleclick.net *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.justuno.com *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.cloudfront.net *.cdwemail.com *.kingston.com *.hotjar.io *.swcontentsyndication.com *.exacttarget.com *.exct.net *.simplecast.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.userway.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com;font-src *;connect-src 'self' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.facebook.com *.cloudfront.net *.bluecore.com wss://*.hotjar.com *.akstat.io data.g2.com *.g2crowd.com *.hotjar.io *.leadsrx.com *.turnto.com *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.w55c.net *.pdst.fm *.stackadapt.com *.pactsafe.io p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.syndigo.com *.syndigo.cloud *.userway.org *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
default-src 'self' *.typeform.com; script-src 'self' 'unsafe-inline' *.sharethis.com *.ravenjs.com *.cloudflare.com *.facebook.net *.paypoint.com *.pardot.com *.hotjar.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.typeform.com *.typeform.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.typeform.com; connect-src 'self' *.oribi.io *.sharethis.com *.doubleclick.net *.google-analytics.com *.typeform.com; font-src 'self' *.cloudflare.com *.typeform.com; frame-src 'self' *.facebook.com youtube.com *.youtube.com *.typeform.com *.azurewebsites.net *.paypoint.com citcom.co.uk; img-src 'self' data: *.sharethis.com *.paypoint.com *.cloudflare.com *.paypoint.com *.amazonaws.com *.linkedin.com *.facebook.com *.google.co.uk *.google.com *.googletagmanager.com *.osm.org *.openstreetmap.org *.typeform.com dummyimage.com; 1
default-src 'self'; img-src 'self' data: https://services.geo.zg.ch/tc/wmts/1.0.0/zg.ortsplan_leicht_plus/default/zg/ https://i.ytimg.com/vi/; script-src 'self' https://matomo.zug.ch/js/ https://player.vimeo.com/api/ https://www.youtube.com/iframe_api/ https://www.youtube.com/s/player/ 'sha256-i55oiL2h7Ksz7g0aFk5Q+LtLTc85GmfXLj7jQnK9Ch4='; connect-src 'self' https://matomo.zug.ch; frame-src 'self' *.zg.ch *.zug.ch zg.ch https://zg.prospective.ch/ scnem.com https://player.vimeo.com/video/ youtube.com www.youtube.com; font-src 'self' https://edge-assets.wirewax.com https://fonts.gstatic.com https://player.vimeo.com data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'none'; connect-src 'self' https://adminforge.de https://piwik.adminforge.de; img-src 'self' data: https://community.adminforge.de https://piwik.adminforge.de; script-src 'self' 'unsafe-inline' https://piwik.adminforge.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'none'; frame-ancestors 'self' https://my.adminforge.de; form-action 'self'; block-all-mixed-content 1
connect-src 'self' mc.yandex.ru mc.yandex.md chatcenter.ftc.ru chatcenter-test.ftc.ru *.kvartplata.ru www.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' chatcenter.ftc.ru chatcenter-test.ftc.ru data:; img-src 'self' data: chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google.ru www.google-analytics.com www.googletagmanager.com mc.yandex.ru; object-src 'none'; report-uri https://www.kvartplata.ru/api/v1/cspReports; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src 'self' https://isc.sans.edu https://www.dshield.org;; report-uri https://isc.sans.edu/cspreport.html; 1
default-src 'self'; script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://use.typekit.net/gil3vgx.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://use.typekit.net; frame-src 'self'; img-src 'self' https://p.typekit.net; manifest-src 'self'; media-src 'self'; report-uri https://61573697fe86c15caaed69c2.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.googletagmanager.com fonts.googleapis.com *.onetrust.com fonts.gstatic.com api.reciteme.com use.typekit.net p.typekit.net; font-src 'self' *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online tourmkr.com use.typekit.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.queue-it.net *.lords.org *.interactive-img.com interactive-img.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com nvplay-gb-api-widgets.nvplay.com *.ampproject.org play01w6-staging-gb.azurewebsites.net cdnjs.cloudflare.com unpkg.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com rum-static.pingdom.net gb-api-widgets.nvplay.com api-widgets.nvplay.com ajax.googleapis.com widgets.nvplay.com connect.facebook.net *.pinterest.com pinterest.com static.hotjar.com maps.google.com www.gstatic.com www.google.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com *.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.webspellchecker.net www.linkedin.com www.gstatic.com graph.facebook.com;  frame-src 'self' *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online e.issuu.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com apps.lords.org sketchfab.com www.instagram.com *.tourdash.com *.smartrecruitonline.com servedby.flashtalking.com *.doubleclick.net twitter.com *.twitter.com www.facebook.com *.pinterest.com pinterest.com player.vimeo.com www.google.com s7.addthis.com www.youtube.com *.webspellchecker.net; img-src 'self' lordsstoragestg.blob.core.windows.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.com  *.google-analytics.com tourmkr.com syndication.twitter.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com lords-pos.azureedge.net lords-stg.azureedge.net *.googletagmanager.com www.google-analytics.com i.ytimg.com maps.googleapis.com maps.gstatic.com data:; media-src 'self' mcc-homeoffood.fanweave.online *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com lords-pos.azureedge.net lords-stg.azureedge.net; connect-src 'self' mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.google-analytics.com tourmkr.com https://mdcxml.file.core.windows.net *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com googleads.g.doubleclick.net stats.g.doubleclick.net rum-collector-2.pingdom.net www.youtube.com; 1
object-src none; frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' d.winrar.es data:; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; media-src 'self' https://js.intercomcdn.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.google.com; connect-src 'self' *.cryptlex.com https://www.google.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; script-src 'self' 'unsafe-inline' *.cryptlex.com https://www.google.com https://www.gstatic.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.cryptlex.com data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com; form-action 'self' *.cryptlex.com https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; base-uri 'self'; 1
base-uri 'self';connect-src 'self' https://*.acsbapp.com https://*.cloudfront.net https://*.doubleclick.net https://*.fullstory.com https://*.google-analytics.com https://analytics.google.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.bdjf2ls.com blob: data:;default-src 'self';font-src 'self' https://acsbapp.com https://fonts.gstatic.com data:;frame-src 'self' https://www.google.com;img-src 'self' https://*.acsbapp.com https://*.chartbeat.net http://*.chartbeat.net https://*.cloudfront.net https://*.google-analytics.com https://bad-dragon-production.s3.us-west-2.amazonaws.com/ https://bad-dragon-staging.s3.us-west-2.amazonaws.com/ https://s3-us-west-2.amazonaws.com/bad-dragon-production/ https://s3-us-west-2.amazonaws.com/bad-dragon-staging/ https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com data: blob:;manifest-src 'self' https://*.cloudfront.net;script-src 'self' http://static.chartbeat.com https://*.acsbapp.com https://*.cloudfront.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://acsbapp.com https://cdnjs.cloudflare.com https://static.chartbeat.com https://tagmanager.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.bdjf2ls.com https://secure.durango-direct.com 'nonce-fbe0be6da9dad60d4658beb495f6d7c0';style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com;worker-src 'self';report-uri /api/csp-violations 1
base-uri 'self'; default-src 'self'; connect-src 'self' https: wss:; font-src 'self' data: https:; img-src 'self' data: blob: about: https:; frame-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:;  style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; worker-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' https:; font-src 'self' data: 1
default-src blob: data: https: wss: 'self' 'unsafe-eval' 'unsafe-inline';connect-src blob: data: https: ws: wss:;object-src 'none';script-src 'self' 'unsafe-inline' https://client.crisp.chat https://tally.so https://tag.aticdn.net https://static.hotjar.com https://script.hotjar.com https://recaptcha.net https://www.gstatic.com https://www.youtube.com;style-src blob: data: https: 'self' 'unsafe-inline' https://client.crisp.chat;img-src blob: data: https: 'self' 'unsafe-inline' https://image.crisp.chat;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://octodon.social 'wasm-unsafe-eval'; font-src 'self' https://octodon.social; img-src 'self' data: blob: https://octodon.social https://assets.octodon.social; style-src 'self' https://octodon.social 'nonce-gYNpVR96me2cB8msyyP6jw=='; media-src 'self' data: https://octodon.social https://assets.octodon.social; frame-src 'self' https:; child-src 'self' blob: https://octodon.social; worker-src 'self' blob: https://octodon.social; connect-src 'self' blob: data: wss://octodon.social https://octodon.social https://assets.octodon.social; manifest-src 'self' https://octodon.social; form-action 'self' 1
child-src 'self' app.pendo.io *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; frame-src 'self' app.pendo.io *.plaid.com js.stripe.com *.youtube.com https://*.doubleclick.net https://a20898485993.cdn.optimizely.com https://a20898485993.cdn-pci.optimizely.com https://www.facebook.com/ https://tpc.googlesyndication.com; img-src 'self' *.guideline.io cms-assets.guideline.com data.pendo.io cdn.pendo.io app.pendo.io pendo-static-6259783729020928.storage.googleapis.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://cdn.optimizely.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'unsafe-eval' 'nonce-13cc4e8c2bbaf4102f1896e0aed542b8' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' app.pendo.io https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com; report-uri https://sentry2.guideline.tools/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
frame-ancestors 'self' www2.suresupport.com; 1
default-src 'self' www.mijngezondheid.net;          img-src 'self' data: home.mijngezondheid.net blob: https://www.mijngezondheid.net  1
default-src 'self' 'unsafe-inline' data: *.dustygroove.com *.dustygroove.org *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.youtube.com *.facebook.com *.facebook.net *.fbcdn.net *.twitter.com *.twimg.com *.aftership.com *.fedex.com *.usps.com www.howsmyssl.com *.17track.net *.vimeo.com ; frame-ancestors https://*.dustygroove.com ; object-src 'none' ; 1
default-src *.iyte.edu.tr *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.cloudflare.com; font-src * data:; connect-src *; frame-src *; style-src * 'unsafe-inline'; img-src 'self' *.googleapis.com *.gstatic.com data:; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://api.scrivito.com https://assets.scrivito.com https://cdn.consentmanager.net https://d.delivery.consentmanager.net https://delivery.consentmanager.net https://mehr-rheinbahn.de; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.videolyser.de *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net oembed.com broschuerenservice.mags.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net broschuerenservice.mags.nrw;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be oembed.com ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org oembed.com broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org oembed.com *.videolyser.de broschueren.nordrheinwestfalendirekt.de broschuerenservice.mags.nrw broschuerenservice.nrw.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
default-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; frame-ancestors 'self' https://www.suny.edu http://a.cms.omniupdate.com; reflected-xss block; 1
default-src https:; script-src https:; style-src https:; img-src https:; font-src https:; media-src https: 1
frame-ancestors https://tour.doka.com 'self' 1
default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'none' 1
default-src 'none'; img-src https://*.api.magicline.com https://checkoutshopper-live.adyen.com data: blob: 'self' https://www.google-analytics.com https://web.noexcuse.io https://*.amazonaws.com https://api.mapbox.com https://maps.noexcuse.io https://noexcuse.io https://www.noexcuse.io https://assets.magicline.com https://assets.dev.magicline.com https://cdn.mysports.com https://*.web.magicline.com https://ms-landingpage.s3-eu-west-1.amazonaws.com https://sponsorship-assets.dev.magicline.com https://www.mysports.com https://mysports.com https://sponsorship-assets.magicline.com https://global-assets.magicline.com https://global-assets.dev.magicline.com https://io-noexcuse-profile-images-prod.s3.eu-west-1.amazonaws.com https://io-noexcuse-public-assets.s3-eu-west-1.amazonaws.com https://www.paypalobjects.com; child-src blob: https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; script-src https://pal-live.adyen.com 'self' d2wy8f7a9ursnm.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://pptest.payengine.de https://pp.payengine.de https://www.google.com https://www.gstatic.com https://www.paypal.com 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU='; connect-src https://whitelabel-api.noexcuse.io https://api.noexcuse.io https://checkoutshopper-live.adyen.com https://app.payment.sportalliance.com https://www.paypal.com 'self' https://www.google-analytics.com https://connect.facebook.net *.bugsnag.com https://app.getsentry.com https://noexcuse.io https://api.mapbox.com https://maps.noexcuse.io https://*.tiles.mapbox.com https://events.mapbox.com https://apitest.payengine.de https://api.payengine.de https://ms-landingpage.s3-eu-west-1.amazonaws.com https://www.dev.mysports.com https://dev.mysports.com https://www.mysports.com https://mysports.com https://intl.sportalliance.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://ms-landingpage.s3-eu-west-1.amazonaws.com https://www.dev.mysports.com https://dev.mysports.com https://www.mysports.com https://mysports.com; font-src 'self' https://fonts.gstatic.com; frame-src *; manifest-src 'self' https://io-noexcuse-public-assets.s3-eu-west-1.amazonaws.com; media-src 'self'; worker-src blob:; report-uri https://sentry.io/api/1288212/security/?sentry_key=6cc02c2f82e74c96a0f160816df10fa0 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://admin.hbs.net admin.hbs.net http://hrtlp.com 1
connect-src 'self' https://api.testingmom.com cdn.testingmom.com *.adroll.com *.amazon.com *.attn.tv *.clarity.ms *.facebook.com *.facebook.net *.fbcdn.com *.fbcdn.net *.fontawesome.com *.google-analytics.com *.google.com *.googlesyndication.com *.helpscout.net *.hotjar.com *.hotjar.io *.learnosity.com *.olark.com *.plyr.io *.sentry.io *.sharethis.com *.sitejabber.com *.smartlook.cloud *.smartlook.com *.smooch.io *.trustpilot.com *.vimeo.com *.yoast.com api.hubapi.com api.ipify.org app.testingmom.com bat.bing.com cdn.ampproject.org creatives.attn.tv ct.pinterest.com d3hb14vkzrxvla.cloudfront.net dev.visualwebsiteoptimizer.com events.attentivemobile.com googleads.g.doubleclick.net my.yoast.com self sentry.io sockjs-helpscout.pusher.com stats.g.doubleclick.net vimeo.com wss://io.truconversion.com wss://ws-helpscout.pusher.com wss://ws2.hotjar.com wss://ws3.hotjar.com/api/v1/client/ws www.googletagmanager.com;default-src 'self' https://api.testingmom.com cdn.testingmom.com *.bootstrapcdn.com *.doubleclick.net *.fontawesome.com *.google-analytics.com *.images-amazon.com *.learnosity.com *.sitejabber.com data: fonts.gstatic.com;frame-ancestors 'self' https://app.testingmom.com https://members.testingmom.com ;frame-src 'self' https://api.testingmom.com cdn.testingmom.com *.attn.tv *.brainpop.com *.consensu.org *.google-analytics.com *.google.com *.googleapis.com *.hisawyer.com *.hotjar.com *.learnosity.com *.olark.com *.sharethis.com *.surveymonkey.com *.testingmom.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com calendly.com cdn.truconversion.com consentcdn.cookiebot.com na.account.amazon.com nytrng.com offers.pinchme.com rb.gy sboffers.swagbucks.com self vimeo.com www.facebook.com youtube.com;img-src 'self' * data:;media-src 'self' https://api.testingmom.com cdn.testingmom.com *.googleapis.com *.helpscout.net *.olark.com *.testingmom.com self;object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.testingmom.com cdn.testingmom.com 'unsafe-eval' *.addshoppers.com *.adroll.com *.amazon.com *.attn.tv *.bing.com *.calendly.com *.clarity.ms *.cookiebot.com *.doubleclick.net *.facebook.net *.fontawesome.com *.godaddy.com *.google-analytics.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.helpscout.net *.hisawyer.com *.hotjar.com *.jquery.com *.learnosity.com *.olark.com *.plyr.io *.sharethis.com *.shop.pe *.sitejabber.com *.sitescout.com *.smartlook.cloud *.smartlook.com *.surveymonkey.com *.traversedlp.com *.truconversion.com *.trustpilot.com *.vimeo.com *.vimeocdn.com *.voltn.com *.youtube.com *.ytimg.com addshoppers.s3.amazonaws.com ads.nextdoor.com bam.nr-data.net blob: browser.sentry-cdn.com cdn.ampproject.org cdn.datatables.net cdn.mouseflow.com cdn.smooch.io cdnjs.cloudflare.com d.adroll.mgr.consensu.org d3rr3d0n31t48m.cloudfront.net dev.visualwebsiteoptimizer.com js-agent.newrelic.com js.sentry-cdn.com maxcdn.bootstrapcdn.com player.vimeo.com s.pinimg.com shop.pe stackpath.bootstrapcdn.com unpkg.com www.googleadservices.com;style-src 'self' 'unsafe-inline' https://api.testingmom.com https://cdn.testingmom.com *.calendly.com *.fontawesome.com *.google.com *.googleapis.com *.learnosity.com *.olark.com *.plyr.io *.sharethis.com *.sitejabber.com cdn.datatables.net cdn.testingmom.com code.jquery.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com; 1
default-src    'self' ws:;script-src      'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com static.ads-twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com *.emailsys1c.net *.emailsys1a.net cdn-prod.wdesk.com cdn.jsdelivr.net;style-src        'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src          'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src            'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net *.emailsys1a.net t.co/i/adsct;frame-src        'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com;connect-src    'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings *.emailsys1c.net *.emailsys1a.net consentcdn.cookiebot.com analytics.twitter.com cdn.linkedin.oribi.io/partner/3468146/domain/gleif.org/token;prefetch-src  'self' *.disquscdn.com disqus.com; 1
child-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.invitationhomes.com; default-src 'self' *.contentful.com 'unsafe-inline' 'unsafe-eval' *.invitationhomes.com; frame-src https://rs.gwallet.com https://seal-dallas.bbb.org https://www.youtube.com/ https://*.doubleclick.net *.invitationhomes.com; connect-src https://*.onetrust.com https://*.cookielaw.org https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net *.contentful.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com *.datadoghq.com https://*.clarity.ms https://*.ctfassets.net https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.permutive.com *.qualtrics.com *.serving-sys.com https://*.stackadapt.com *.invitationhomes.com; font-src https://*.gstatic.com *.invitationhomes.com; img-src https: https://*.google.com https://*.google-analytics.com https://*.ctfassets.net https://*.kameleoon.com https://*.kameleoon.eu *.invitationhomes.com; manifest-src *.invitationhomes.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.onetrust.com https://*.cookielaw.org https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.adnxs.com https://*.clarity.ms https://www.datadoghq-browser-agent.com https://action.dstillery.com https://*.facebook.net https://go.affec.tv https://map.go.affec.tv https://*.kameleoon.com https://*.kameleoon.eu https://action.media6degrees.com https://cdn.permutive.com *.qualtrics.com https://*.serving-sys.com *.serving-sys.com *.stackadapt.com *.invitationhomes.com 'nonce-sTRRmD8AwD6WKeGnZabQ8Q=='; script-src-elem 'self' https://*.onetrust.com https://*.cookielaw.org https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.adnxs.com https://*.affec.tv https://*.clarity.ms *.contentful.com https://*.facebook.net https://*.gstatic.com https://*.kameleoon.com https://*.kameleoon.eu https://*.permutive.com https://*.qualtrics.com https://secure-ds.serving-sys.com *.serving-sys.com https://tags.srv.stackadapt.com *.stackadapt.com 'unsafe-inline' 'unsafe-eval' *.invitationhomes.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://*.stackadapt.com *.invitationhomes.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mindly.social; img-src 'self' https: data: blob: https://mindly.social; style-src 'self' https://mindly.social 'nonce-e4LknTqdWGhlUnaNmpgiwQ=='; media-src 'self' https: data: https://mindly.social; frame-src 'self' https:; manifest-src 'self' https://mindly.social; form-action 'self'; child-src 'self' blob: https://mindly.social; worker-src 'self' blob: https://mindly.social; connect-src 'self' data: blob: https://mindly.social https://a.mindlycdn.com wss://mindly.social; script-src 'self' https://mindly.social 'wasm-unsafe-eval' 1
default-src 'self'; frame-src https:; img-src https://nightstand.zikinf.com 'self' data: https:; object-src 'none'; script-src 'nonce-V+G5AInegmvdPsU5fQ2umGOwyZI=' 'self';base-uri 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; form-action 'self'; report-uri https://nightstand.zikinf.com/i/csp.php?uid=QGdjd3DjaxI&key=BJrm4PowLkc 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src blob: * data:; media-src * data: ; child-src *; font-src * data: ; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ google-analytics.com googletagmanager.com piper.filecamp.com public.tableau.com sf.wildapricot.org viewer.mapme.com youtube.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
frame-ancestors 'self' https://www.myemulator.online https://googleads.g.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com decibel.com landroverusa.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com wss://lo.msg.liveperson.net data: blob:; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://wcistage.gunsandammo.com https://*.wcistage.gunsandammo.com https://*.gunsandammo.com http://*.gunsandammo.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
frame-ancestors 'self' www.directvote.net directvote.net apps.asrt.org dev1.apps.asrt.org local.apps.asrt.org beta.apps.asrt.org convapps.asrt.org ajax.googleapis.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-giDolf/z8NE4jBpqaJa05rnZC2w='; style-src 'nonce-giDolf/z8NE4jBpqaJa05rnZC2w=' 1
default-src 'none';        connect-src 'self' https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com https://prod-web-analytics.wbs.ac.uk https://pwa.wbs.ac.uk https://cdn.linkedin.oribi.io/ https://region1.analytics.google.com https://o2.mouseflow.com  http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://clapi.civiccomputing.com https://apply.wbs.ac.uk https://www.wbs.ac.uk https://web-api.wbs.ac.uk https://web-api.wbs.ac.uk https://m.addthis.com/live/red_lojson/100eng.json https://stats.g.doubleclick.net/j/collect https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect adservice.google.com apikeys.civiccomputing.com l.sharethis.com www.google.com ui.customsearch.ai https://wbs-dev-video-in.s3.amazonaws.com/ https://plausible.io/api/event https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com;        font-src 'self' https://cdn.scite.ai http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com https://netdna.bootstrapcdn.com;        form-action 'self' https://apply.wbs.ac.uk https://onlinepayment.warwick.ac.uk/op/makepayment.htm https://www.facebook.com/tr/ https://email.wbs.ac.uk online.flippingbook.com;        frame-src 'self' https://email.wbs.ac.uk https://td.doubleclick.net/ https://r1.dotdigital-pages.com/ https://vimeo.com https://optimize.google.com https://t.sharethis.com  https://6522461.fls.doubleclick.net/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.vimeo.com https://my.matterport.com https://www.google.com https://preview.wbs.ac.uk https://prod-web1.wbs.ac.uk https://prod-web2.wbs.ac.uk https://www.buzzsprout.com  https://www.youtube-nocookie.com  https://www.youtube.com bid.g.doubleclick.net www.googletagmanager.com https://www.facebook.com https://3871460.fls.doubleclick.net https://3871459.fls.doubleclick.net https://s7.addthis.com edge.addthis.com https://your.warwick.ac.uk;        img-src 'self' https://cookie-cdn.cookiepro.com https://chart.apis.google.com https://ib.adnxs.com https://optimize.google.com https://chart.apis.google.com *.google-analytics.com *.googletagmanager.com https://l.sharethis.com  https://insight.adsrvr.org https://*.doubleclick.net https://967350698.privacysandbox.googleadservices.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io assets.buzzsprout.com https://i.ytimg.com https://www.wbs.ac.uk https://hosteduxprod.blob.core.windows.net https://www.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com r1-t.trackedlink.net translate.google.com https://www.googletagmanager.com https://www.googleadservices.com https://adservice.google.co.uk https://adservice.google.com adservice.google.az adservice.google.ca adservice.google.ie adservice.google.co.in adservice.google.co.jp www.google.co.ke https://www.google.co.ug  adservice.google.co.th adservice.google.com.ar adservice.google.com.au adservice.google.com.eg adservice.google.com.gh adservice.google.com.hk adservice.google.com.jm adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.pe adservice.google.com.sa www.google.com.tr adservice.google.com.tw adservice.google.com.vn adservice.google.de adservice.google.es adservice.google.fr adservice.google.it adservice.google.jo adservice.google.nl adservice.google.ru https://px.ads.linkedin.com https://secure.adnxs.com https://t.co https://web.facebook.com https://www.facebook.com connect.facebook.net p.adsymptotic.com https://www.google-analytics.com www.google.ae www.google.al www.google.at www.google.az https://*.google.be https://*.google.se www.google.ca www.google.cl www.google.cn https://*.google.co.kr www.google.co.id www.google.ie www.google.co.in www.google.co.jp www.google.so www.google.co.th www.google.co.ve www.google.co.za www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.ua www.google.com.vn www.google.ch www.google.de www.google.es www.google.fr www.google.gr www.google.hu www.google.it www.google.jo www.google.lv https://*.google.mu www.google.nl www.google.pl www.google.pt www.google.ro www.google.ru www.google.tt www.gstatic.com https://www.google.co.uk https://www.google.com https://code.jquery.com/jquery-1.12.4.js;        media-src https://download-video.akamaized.net https://vod-progressive.akamaized.net player.vimeo.com https://wbs-dev-video-out.s3.amazonaws.com;        script-src-elem 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com/ https://email.wbs.ac.uk https://vimeo.com/api/oembed.json http://vimeo.com/api/oembed.json https://prod-web-analytics.wbs.ac.uk/matomo.js https://pwa.wbs.ac.uk/matomo.js  https://acdn.adnxs.com/ https://r1.dotdigital-pages.com/ https://optimize.google.com https://www.googleoptimize.com/optimize.js  https://t.sharethis.com https://*.hotjar.com https://cdn1.fbri.co/revs/ https://apply.wbs.ac.uk https://cdn.jsdelivr.net/gh/hankchizljaw/boilerform@master/dist/css/boilerform.min.css https://updatemybrowser.org/umb.js https://platform-api.sharethis.com/js/sharethis.js analytics.twitter.com cdn.mouseflow.com code.jquery.com m.addthis.com snap.licdn.com t.trackedlink.net ui.customsearch.ai v1.addthisedge.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://maps.googleapis.com translate.google.com buttons-config.sharethis.com www.buzzsprout.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com connect.facebook.net edge.addthis.com googleads.g.doubleclick.net www.youtube.com platform.twitter.com s7.addthis.com static.ads-twitter.com traffic7.helponclick.com z.moatads.com https://extend.vimeocdn.com/ga/67478209.js https://plausible.io/js/plausible.js;        script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://snap.licdn.com https://t.sharethis.com https://cdn1.fbri.co https://buttons-config.sharethis.com https://platform-api.sharethis.com/js/sharethis.js https://www.buzzsprout.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://apply.wbs.ac.uk https://cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/ScrollTrigger.min.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/9e457a67/www-widgetapi.vflset/www-widgetapi.js https://code.jquery.com https://traffic7.helponclick.com https://www.googleadservices.com https://analytics.twitter.com/i/adsct https://cdn.mouseflow.com/projects/72c5efa5-52ff-4a78-b317-7bd89bc0910c.js https://code.jquery.com/jquery-migrate-1.2.1.min.js connect.facebook.net s7.addthis.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1531970826891575 https://connect.facebook.net/signals/config/280499642285709 https://connect.facebook.net/signals/config/314098465938575 https://connect.facebook.net/signals/config/439690266206150 https://googleads.g.doubleclick.net/pagead/viewthroughconversion/967350698/ https://m.addthis.com/live/red_lojson/300lo.json https://s7.addthis.com/js/300/addthis_widget.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://t.trackedlink.net/_dmpt.js https://traffic7.helponclick.com//assist https://ui.customsearch.ai/api/ux/rendering-js https://v1.addthisedge.com/live/boost/ra-5072eda86f06d8b0/_ate.track.config_resp https://www.google-analytics.com/analytics.js https://www.google.com/pagead/1p-conversion/967350698/ www.google.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://extend.vimeocdn.com/ga/67478209.js https://plausible.io/js/plausible.js *.googletagmanager.com;        style-src 'self' 'unsafe-inline' https://optimize.google.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://code.jquery.com https://fonts.googleapis.com/ translate.googleapis.com https://hosteduxprod.blob.core.windows.net/public-files/3.3.3/ https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/ https://cdn.jsdelivr.net https://cdn1.fbri.co;        report-uri https://warwickbschool.report-uri.com/r/d/csp/enforce;       style-src-elem 'self' 'unsafe-inline' https://optimize.google.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://cdn1.fbri.co/revs/7e53352eb4209794665e139bed0b1d11ce69a6d2/assets/vendor/embeddable/v2/stylesheets/manifest.css https://apply.wbs.ac.uk/ https://cdn1.fbri.co/revs/7e53352eb4209794665e139bed0b1d11ce69a6d2/assets/vendor/embeddable/v2/stylesheets/manifest.css https://cdn.jsdelivr.net/gh/hankchizljaw/boilerform@master/dist/css/boilerform.min.css https://fonts.googleapis.com 1
frame-ancestors 'none'; default-src 'self' https://*.onesearch.com; script-src 'self' 'unsafe-inline' 'nonce-EXhnIRB3WCT9Wvef0nWq7g==' 'unsafe-eval' https://*.onesearch.com; style-src 'self' 'unsafe-inline' https://*.onesearch.com; img-src 'self' data: https://*.onesearch.com; frame-src 'self'; media-src 'self' https://*.onesearch.com; object-src *; connect-src https://*.onesearch.com; font-src * data:; child-src blob:; report-uri https://www.onesearch.com/notracking/beacon/csp?src=privatesearch; 1
frame-ancestors 'self' https://www.mapama.gob.es https://www.mapa.gob.es *.adobecqms.net https://www.miteco.gob.es 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com *.vimeo.com vimeo.com *.treasuredata.com *.shortlyst.com  *.facebook.com *.clarity.ms *.facebook.net *.bing.com *.pinimg.com *.adsrvr.org *.jquery.com *.yotpo.com cdnjs.cloudflare.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.yotpo.com *.cloudflare.com  *.fonts.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.google.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.facebook.com *.google-analytics.com *.analytics.google.com *.shortlyst.com *.captainmorgan.com captainmorganstore.com *.clarity.ms *.bing.com *.google.com pinterest.com *.captainmorgan.com *.thebar.com *.diageoplatform.com *.diageohorizon.com *.yotpo.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self' *.cloudflare.com *.yotpo.com *.gstatic.com *.fontawesome.com *.bootstrapcdn.com data:; frame-src 'self' *.vimeo.com *.shortlyst.com *.google.com *.adsrvr.org *.youtube.com *.anyroad.com where-to-buy.co *.doubleclick.net; img-src 'self'  *.amazonaws.com *.vimeocdn.com *.googlesyndication.com *.drinkiq.com *.placeholder.com *.google-analytics.com *.analytics.google.com *.bing.com *.facebook.com *.clarity.ms *.pinterest.com *.google.com *.yotpo.com *.captainmorgan.com *.thebar.com *.diageoagegate.com *.diageoplatform.com *.onetrust.com *.doubleclick.net *.juicer.io *.mapbox.com *.googletagmanager.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.captainmorgan.com *.thebar.com *.diageoplatform.com; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.infosend.com *.onlinebiller.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.infosend.com *.onlinebiller.com; img-src 'self' 'unsafe-inline' data: *.google-analytics.com cdn.ywxi.net *.infosend.com *.onlinebiller.com; frame-ancestors 'self' *.infosend.com *.onlinebiller.com; object-src 'self' *.infosend.com *.onlinebiller.com; upgrade-insecure-requests; form-action 'self'; base-uri *.infosend.com *.onlinebiller.com; 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com; img-src 'self' data: https:; media-src 'self' https:; script-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com 'unsafe-inline'; object-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; 1
sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox 1
frame-ancestors 'self' https://*.lexus.ru https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' *.en-vols.com;object-src 'none';base-uri 'none'; 1
frame-ancestors 'self' *.webvisor.com *.yandex.com http://webvisor.com 1
base-uri 'self'; frame-ancestors 'none'; font-src 'self' data: https://*; img-src 'self' data: https://*;object-src 'none'; script-src 'strict-dynamic' 'self' 'nonce-6b2aac24-c44a-4669-a3af-12a0dde1199f' https://*; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-b96e491745fb4705bb9b4ae658bc8870'  https://assets.adobedtm.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net https://maps.googleapis.com https://swa.blgwonen.nl https://w.usabilla.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://api.usabilla.com https://tagmanager.google.com https://connect.facebook.net https://translate.google.com; connect-src 'self' https://cdn.cookielaw.org https://dpm.demdex.net https://maps.googleapis.com https://privacyportal-de.onetrust.com https://snsbank.tt.omtrdc.net https://stats.g.doubleclick.net https://swa.blgwonen.nl https://www.google-analytics.com https://api.usabilla.com https://geolocation.onetrust.com https://www.google.com https://adservice.google.com https://www.googletagmanager.com https://upload.snsbank.nl https://snsbank.sc.omtrdc.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://snsbank.demdex.net https://www.youtube.com https://projects.ivorystudio.net https://gateway.zscloud.net https://m.youtube.com; img-src 'self' data: https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://usabilla-themes.s3-eu-west-1.amazonaws.com https://w.usabilla.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.nl https://d6tizftlrpuof.cloudfront.net https://i.ytimg.com https://lh3.ggpht.com https://khms0.googleapis.com https://khms1.googleapis.com https://streetviewpixels-pa.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://www.gstatic.com https://ssl.gstatic.com https://swa.blgwonen.nl https://px4.ads.linkedin.com https://www.linkedin.com https://translate.google.com https://www.google.co.uk https://secure.adnxs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://w.usabilla.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com https://www.googletagmanager.com; object-src 'self'; base-uri 'self' https://d6tizftlrpuof.cloudfront.net; report-uri /web/reportreceiver; 1
frame-ancestors 'self' *.elluciancloud.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://player.vimeo.com https://mktdplp901cdn.azureedge.net https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://mktdplp102cdn.azureedge.net https://api.qr-code-generator.com https://www.google.com https://www.gstatic.com https://www.vimeo.com https://vimeo.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com  https://stackpath.bootstrapcdn.com https://pi.pardot.com https://www2.segalco.com https://unpkg.com https://create.piktochart.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://pro.fontawesome.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net; img-src 'self' data: https://mdbcdn.b-cdn.net https://umbraco.tv https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://api.qr-code-generator.com https://www.linkedin.com https://www.googletagmanager.com https://c0.piktochart.com https://create.piktochart.com https://www.gravatar.com https://i.vimeocdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google-analytics.com; frame-src 'self' https://td.doubleclick.net https://app.smartsheet.com https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://www.podbean.com https://www.google.com https://player.vimeo.com https://vars.hotjar.com; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://cdn.linkedin.oribi.io https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://content.hotjar.io wss://wsp32.hotjar.com wss://ws32.hotjar.com https://ws32.hotjar.com https://api.qr-code-generator.com https://fonts.piktochart.com https://stats.g.doubleclick.net https://create.piktochart.com https://www.google-analytics.com https://in.hotjar.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://cf.piktochart.com https://pro.fontawesome.com https://use.typekit.net; media-src 'self' https://vod-progressive.akamaized.net; 1
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation; 1
media-src 'self' storage.googleapis.com https://media.safedrivingforlife.info/; frame-src 'self' player.vimeo.com www.youtube.com https://www.google.com/recaptcha/ https://js.stripe.com/v3/ https://storage.googleapis.com/ https://private-media.safedrivingforlife.info/; font-src 'self' fonts.gstatic.com data: static.safedrivingforlife.info; connect-src 'self' www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk cdn.linkedin.oribi.io https://lrs.sdfl.spongeasaservice.com/lv7p6vnuk84bh7nax0kn/; default-src 'self' 'nonce-mdxQN+HZNpN50sC+tT7tbw=='; img-src 'self' data: www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk chart.googleapis.com storage.googleapis.com ad.broadstreetads.com cdn.broadstreetads.com px.ads.linkedin.com assets.publishing.service.gov.uk static.safedrivingforlife.info media.safedrivingforlife.info; script-src 'self' www.googletagmanager.com *.googletagmanager.com https://www.google.com/recaptcha/ https://js.stripe.com/v3/ static.safedrivingforlife.info 'nonce-mdxQN+HZNpN50sC+tT7tbw=='; style-src 'self' fonts.googleapis.com static.safedrivingforlife.info 'nonce-mdxQN+HZNpN50sC+tT7tbw=='; report-uri https://sentry.io/api/5040604/security/?sentry_key=2fef17899b924da6b4453a199ffbf12f 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-rHdYN4u9LZwx9J6T5FhOFQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
script-src 'nonce-a85245f8d2494f219976a8fcdb0fc36c'  'self' assets.adobedtm.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'; child-src 'self' *.bell.ca assets.adobedtm.com rt.newswire.ca www.youtube.com c212.net pixel.mathtag.com googleads.g.doubleclick.net static.doubleclick.net www.google.com www.gstatic.com data: 'unsafe-eval'; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' * data:; font-src 'self'; connect-src 'self' *.bell.ca; form-action 'self' https://export.highcharts.com/; media-src *; frame-ancestors 'none'; object-src 'self'; base-uri 'self' 1
img-src * data:; child-src * blob:;  frame-src *;  default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about:  oddsmonkey.com *.oddsmonkey.com theoddsmatcher.co.uk *.theoddsmatcher.co.uk safeurl.co.uk *.safeurl.co.uk dotnetpages.co.uk  *.jquery.com cdn.datatables.net *.bootstrapcdn.com  api.optmnstr.com  secure.adnxs.com  google.com *.google.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com cgstatic.info *.cgstatic.info googleapis.com *.googleapis.com http://fonts.googleapis.com stats.g.doubleclick.net googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com  clicky.com *.clicky.com getclicky.com *.getclicky.com  truconversion.com *.truconversion.com wss://io.truconversion.com:8080  use.fontawesome.com  *.facebook.net *.facebook.com  *.hubspot.com adroll.com *.adroll.com  api.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hsforms.net  *.wistia.com *.wistia.net *.24liveblog.com litix.io *.litix.io *.akamaihd.net  vimeo.com *.vimeo.com  calendly.com *.calendly.com  reviews.co.uk *.reviews.co.uk  bat.bing.com  twitter.com *.twitter.com ads-twitter.com *.ads-twitter.com  content.betfair.com  cloudflare.com *.cloudflare.com xx.xcetkbl.com  hpp.realexpayments.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net  *.addthis.com *.addthisedge.com  optinmonster.com *.optinmonster.com optnmnstr.com *.optnmnstr.com optnmstr.com *.optnmstr.com optmstr.com *.optmstr.com  gleam.io *.gleam.io  *.visualwebsiteoptimizer.com  woobox.com *.woobox.com  atsc.activetrail.com a.mstrlytcs.com  nikkomsgchannel http://nikkomsgchannel https://nikkomsgchannel https://nikkomsgchannel/e http://nikkomsgchannel/e adblockers.opera-mini.net  sibautomation.com  s.sib.im in-automate.sendinblue.com  rec1.visualwebsiteoptimizer.com rec2.visualwebsiteoptimizer.com rec3.visualwebsiteoptimizer.com rec4.visualwebsiteoptimizer.com heatmap.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com  chatlio.com *.chatlio.com js.pusher.com wss://ws.pusherapp.com  ubembed.com *.ubembed.com  cdn.pushcrew.com *.pushcrew.com pushcrew.com pushalert.co *.pushalert.co push.pushalert.co  request.pushalert.co cdn.pushalert.co test87.pushalert.co api.pushalert.co  fullstory.com *.fullstory.com  cdn.ampproject.org  az416426.vo.msecnd.net dc.services.visualstudio.com  events.genndi.com  cdn.jsdelivr.net nitrocdn.com acdn.adnxs.com js.adsrvr.org ajax.cloudflare.com assets.reviews.io *.reviews.io *.amazonaws.com omappapi.com *.omappapi.com *.trustpilot.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com cdn.amplitude.com *.amplitude.com amplitude.com; report-uri https://oddsmonkey.report-uri.io/r/default/csp/enforce 1
default-src *; img-src * data: https://*; style-src * https://* 'unsafe-inline'; script-src * https://* 'unsafe-inline' 'unsafe-eval'; font-src * data:; 1
default-src https: blob: 'self'; connect-src https: wss: 'self' *.opnx.com; script-src https: 'self' 'unsafe-inline' *.opnx.com; style-src https: fonts.googleapis.com 'self' 'unsafe-inline'; font-src https: fonts.gstatic.com; img-src https: 'self' data: blob:; object-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-eu-west-1.amazonaws.com/emergatev4/ https://cdn.emersya.com/ https://d3vmktulshtd50.cloudfront.net/ *.emersya.com:* emersya.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com data: blob:; frame-src 'self' *.emersya.com:* emersya.com https://www.youtube.com; img-src * data: blob: 1
default-src 'self' https://script.google.com https://app.powerbi.com/ https://*.fontawesome.com;    script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cse.google.com/cse.js https://kit.fontawesome.com/64827d476a.js  https://platform.twitter.com/widgets.js  https://www.google.com/cse/static/element/e992cd4de3c7044f/cse_element__en.js  https://static.addtoany.com/menu/page.js  https://www.googletagmanager.com/gtag/js  maps.googleapis.com  https://*.googleapis.com  https://*.gstatic.com  *.google.com  https://*.ggpht.com  *.googleusercontent.com  https://www.google.com/cse/static/element/2b35e7a15e0e30e2/cse_element__en.js https://www.google-analytics.com/analytics.js   blob:;   frame-ancestor 'self' https://app.powerbi.com https://www.google.com;   style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://script.google.com/ https://app.powerbi.com/ https://www.google.com https://stackpath.bootstrapcdn.com ;   object-src 'none';   base-uri 'self';   connect-src 'self' *.googleapis.com .google.com https://.gstatic.com https://analytics.google.com https://www.google-analytics.com https://ka-f.fontawesome.com data: blob:;   font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://s0.wp.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://stackpath.bootstrapcdn.com;   frame-src 'self' *.google.com https://platform.twitter.com https://static.addtoany.com https://syndication.twitter.com https://script.google.com/ https://app.powerbi.com/ https://www.youtube.com https://ka-f.fontawesome.com;   img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://secure.gravatar.com https://syndication.twitter.com https://clients1.google.com https://i.ytimg.com;   manifest-src 'self';   media-src 'self';   report-uri https://652f5053b6167cf8f68c66bc.endpoint.csper.io/?v=0 https://653a05deb6167cf8f68c7621.endpoint.csper.io/?v=1 worker-src blob:; 1
frame-ancestors 'self' egp-resources.enelgreenpower.com egp.webdraft.co.it resources.enelgreenpower.com resources-dev.enelint.global 1
font-src 'self' https://fonts.wpcdn.pl data:; media-src 'self' https://hmbk.wpcdn.pl; object-src 'none' 1
default-src * *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com; script-src 'unsafe-inline' 'unsafe-eval' rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.tiny.cloud; script-src-elem 'unsafe-inline' 'unsafe-eval' rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.tiny.cloud; script-src-attr 'unsafe-inline' 'unsafe-eval' rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.tiny.cloud; style-src 'unsafe-inline' rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.tiny.cloud; style-src-elem 'unsafe-inline'  rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.tiny.cloud; style-src-attr 'unsafe-inline'  rqi1stop.com *.rqi1stop.com *.cloudfront.net *.contentservice.net *.cookielaw.org *.jsdelivr.net *.gigya.com *.gstatic.com *.tiny.cloud; img-src * 'self' data: *.gigya.com 1
base-uri 'none'; object-src 'none'; script-src https://www.zbrushcentral.com/logs/ https://www.zbrushcentral.com/sidekiq/ https://www.zbrushcentral.com/mini-profiler-resources/ https://www.zbrushcentral.com/assets/ https://www.zbrushcentral.com/brotli_asset/ https://www.zbrushcentral.com/extra-locales/ https://www.zbrushcentral.com/highlight-js/ https://www.zbrushcentral.com/javascripts/ https://www.zbrushcentral.com/plugins/ https://www.zbrushcentral.com/theme-javascripts/ https://www.zbrushcentral.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.4.1/slick.min.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.4.1/slick.min.js https://pixologic.com/zbc/masonry.min.js http://pixologic.com/zbc/imagesloaded.min.js; worker-src 'self' https://www.zbrushcentral.com/assets/ https://www.zbrushcentral.com/brotli_asset/ https://www.zbrushcentral.com/javascripts/ https://www.zbrushcentral.com/plugins/ 1
default-src https://www.google.com 'self'; img-src 'self' data: http://*.gravatar.com/; style-src 'self' https://fonts.googleapis.com https://*.securiti.ai 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; script-src https://www.google.com https://www.gstatic.com 'self' https://ajax.googleapis.com https://*.securiti.ai 'unsafe-eval' 'unsafe-inline'; connect-src 'self'  https://ajax.googleapis.com  https://*.securiti.ai; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-/O9ydCtkRwYTrfyAH08b' 'nonce-eJvoxP5NmF0mzPMUKULK' 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; style-src 'self' https: 'unsafe-inline'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; font-src 'self' data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; connect-src 'self'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; frame-src 'self' data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; frame-ancestors 'self'  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com; object-src data:  *.amazon-adsystem.com *.analytics.google.com *.bing.com *.boomtrain.com *.clarity.ms *.cloudflare.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inflcr.co *.krxd.com *.krxd.net *.logalty.com *.logalty.es *.masmovil.com *.netmng.com *.onetrust.com *.outbrain.com *.pepeenergy.com *.pepephone.com *.pinimg.com *.pinterest.com *.pinterest.es *.plande.es *.quantummetric.com *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.useinsider.com *.yahoo.com *.yimg.com *.zetaglobal.net euhosted.live.rezync.com js.go2sdk.com wss://*.hotjar.com 1
frame-ancestors 'self' *.ne10.uol.com.br ne10.uol.com.br *.produtos.interior.ne10.uol.com.br produtos.interior.ne10.uol.com.br *.sjcc.com.br sjcc.com.br *.blogdoadepto.pt blogdoadepto.pt *.grupojcpm.sharepoint.com grupojcpm.sharepoint.com *.multitopicos.com.br multitopicos.com.br *.oviral.com.br oviral.com.br; 1
frame-ancestors 'self' http://*.dev.tangelo.nl https://*.dev.tangelo.nl https://*.pub.prd.tangelo.nl http://*.pub.prd.tangelo.nl http://*.tangelo.nl https://*.tangelo.nl https://*.umicore.com https://*.umicore.com http://*.eu.umicore.com 212.113.67.182; base-uri 'self' 1
script-src bettercloud.com *.bettercloud.com *.googleapis.com/ *.gravatar.com googleads.g.doubleclick.net/ www.google-analytics.com/ *.hotjar.com/ js.hsadspixel.net/ js.hscollectedforms.net/ js.hs-analytics.net/ js.hs-banner.com/ www.googletagmanager.com/ cdnjs.cloudflare.com/ use.fontawesome.com fonts.googleapis.com/ browser.sentry-cdn.com/ js.hs-scripts.com/ https://js.hsforms.net/ fonts.googleapis.com/ cdn.nitropack.io nitropack.io cdn-iokbh.nitrocdn.com *.chat.api.drift.com *.api.drift.com js.driftt.com api.company-target.com client-registry.mutinycdn.com www.redditstatic.com *.marketo.com *.marketo.net trk.techtarget.com acsbapp.com tag.demandbase.com bat.bing.com cdn.cookielaw.org cdn.bizible.com snap.licdn.com s.adroll.com connect.facebook.net d.adroll.com *.d.adroll.com *.cloudfront.net *.jquery.com *.calendly.com *.unbounce.com boards.greenhouse.io fast.wistia.net *.youtube.com *.twitter.com *.ceros.com api.ceros.com *.wistia.com 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src *; img-src data: *; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://static.ctctcdn.com https://maps.googleapis.com https://maps.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://servedbyadbutler.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://static.ctctcdn.com https://cdn.mouseflow.com https://maps.googleapis.com https://maps.gstatic.com; 1
default-src 'self' *.diy-shop.jp ; 	style-src 'unsafe-inline' 'self' *.diy-shop.jp fonts.googleapis.com maxcdn.bootstrapcdn.com support-widget.userlocal.jp ; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' *.diy-shop.jp connect.facebook.net ssl.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com www.google.com support-widget.userlocal.jp seal.digicert.com yubinbango.github.io assets.pinterest.com platform.twitter.com static-fe.payments-amazon.com static-na.payments-amazon.com www.clarity.ms ; 	img-src filesystem: data: blob: 'self' *.diy-shop.jp stats.g.doubleclick.net ssl.google-analytics.com www.google-analytics.com www.google.co.jp www.google.com www.google.co.jp storage.userlocal.jp www.facebook.com www.googletagmanager.com d1ctdua1fpv2wv.cloudfront.net seal.digicert.com i.ytimg.com syndication.twitter.com log.pinterest.com googleads.g.doubleclick.net api.veritrans.co.jp adservice.google.com ; 	font-src data: 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com ; 	frame-src 'self' www.youtube.com www.facebook.com bid.g.doubleclick.net td.doubleclick.net platform.twitter.com www.googletagmanager.com assets.pinterest.com ; 	frame-ancestors 'self' www.google.com ; 	connect-src 'self' *.diy-shop.jp payments-fe.amazon.com apay-us.amazon.com support-beacon.userlocal.jp www.facebook.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.google.com adservice.google.com www.googletagmanager.com pagead2.googlesyndication.com *.clarity.ms ;  1
default-src 'self' https://www.google-analytics.com; font-src 'self' data: https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.hiqcloud.net https://www.youtube.com https://dl.episerver.net https://www.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net https://use.typekit.net https://siteimproveanalytics.com https://script.e-space.se https://files.imbox.io https://apiv2.imbox.io https://*.rekai.se https://*.rek.ai https://www.riddle.com; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://*.imbox.io https://api.screen9.com https://api.kaltura.nordu.net https://dchsou11xk84p.cloudfront.net https://anchor.fm https://*.soundcloud.com https://share.transistor.fm https://mau.app.box.com https://www.podbean.com https://app.powerbi.com https://play.mau.se https://www.facebook.com https://www.riddle.com https://embed.ur.se https://podcasts.apple.com/se/podcast/ https://unibuddy.co/embed/ https://embed.podcasts.apple.com/se/podcast/ https://podcasters.spotify.com/*; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://*.typekit.net https://www.riddle.com; img-src 'self' data: https://*.hiqcloud.net https://www.google-analytics.com https://www.facebook.com https://*.bing.com https://*.pinterest.com https://*.google.com https://*.google.se https://*.mau.se https://mau.se https://static.mediaflowpro.com https://*.typekit.net https://*.siteimproveanalytics.io https://*.amazonaws.com https://assets.ur.se blob:; connect-src 'self' data: https://*.rekai.se https://*.rek.ai https://www.google-analytics.com blob:; worker-src blob:; child-src blob:; object-src 'self'; 1
frame-ancestors 'self' *.stockedge.com; 1
upgrade-insecure-requests;style-src 'self' 'nonce-n2NdV2053xWHSHH';font-src 'self';script-src 'self' 'nonce-n2NdV2053xWHSHH' ;connect-src 'self' https://froth.zone wss://froth.zone  https://cdn.froth.zone;media-src 'self' https://cdn.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
script-src 'self' 'unsafe-inline'; form-action 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; require-trusted-types-for 'script'; upgrade-insecure-requests; font-src 'self'; media-src 'self'; child-src 'self'; img-src 'self' data: *.mapgic.org; frame-src 'self' *.mapgic.org 1
default-src 'self' *.b-cdn.net *.s3.amazonaws.com curatorio.s3.amazonaws.com *.twimg.com *.streamlock.net streamlock.net *.issuu.com *.wiley.tools; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smsu.edu bot.ivy.ai tr.snapchat.com *.technolutions.net *.monsido.com *.curator.io curator.io *.cludo.com cludo.com *.wowza.com *.kaltura.com *.googletagmanager.com *.google-analytics.com google.com *.google.com https://www.google.com *.googleadservices.com googleadservices.com *.googleapis.com *.facebook.net *.facebook.com *.youtube.com *.youtu.be *.twitter.com *.twimg.com *.libcal.com *.tagul.com *.issuu.com *.libapps.com cdn.yoshki.com yoshki.com *.doubleclick.net youvisit.com *.youvisit.com *.wordart.com live.clive.cloud sc-static.net freya.embed.edu.help freya.distro.edu.help *.wiley.tools *.edu.help; style-src 'self' 'unsafe-inline' *.smsu.edu *.curator.io curator.io *.cludo.com cludo.com *.kaltura.com *.googletagmanager.com *.google-analytics.com *.google.com https://www.google.com *.googleapis.com *.facebook.net *.facebook.com *.youtube.com *.youtu.be *.twitter.com *.twimg.com *.libcal.com libcal.com *.technolutions.net *.edu.help; frame-src 'self' *.podbean.com podbean.com bot.ivy.ai *.tableagent.com tableagent.com *.snapchat.com *.soundcloud.com *.streamlock.net streamlock.net *.studio1.smsu.edu studio1.smsu.edu kaltura.com *.kaltura.com *.youtube.com *.youtu.be *.candidcareer.com *.askadmissions.net *.facebook.com *.governmentjobs.com *.google.com *.issuu.com libraryh3lp.com *.libraryh3lp.com *.libcal.com libcal.com studio1tv.ddns.net cdn.yoshki.com yoshki.com credly.com *.credly.com *.googleadservices.com googleadservices.com twitter.com *.twitter.com youvisit.com *.youvisit.com *.doubleclick.net sc-static.net; child-src 'self' kaltura.com *.kaltura.com *.youtube.com *.youtu.be *.candidcareer.com *.askadmissions.net *.facebook.com *.governmentjobs.com *.googlecom *.issuu.com libraryh3lp.com *.libraryh3lp.com *.libcal.com studio1tv.ddns.net cdn.yoshki.com yoshki.com *.googleadservices.com googleadservices.com twitter.com *.twitter.com youvisit.com *.youvisit.com;object-src 'self'; img-src * data:; connect-src 'self' *.smsu.edu content.edu.help *.googlesyndication.com smsu.libcal.com *.snapchat.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.clive.cloud *.cludo.com cludo.com *.streamlock.net streamlock.net google.com *.google.com twitter.com *.twitter.com *.facebook.com facebook.com *.curator.io curator.io *.wiley.tools *.edu.help; font-src 'self' fonts.gstatic.com bot.ivy.ai *.curator.io curator.io data: ; frame-ancestors 'self' *.facebook.com *.libcal.com libcal.com *.qualtrics.com qualtrics.com; 1
worker-src 'self' blob:; frame-ancestors 'self' *.westernunion.com *.wu.com *.wuedge.com *.convera.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com www.google-analytics.com https://www.googletagmanager.com fonts.googleapis.com https://ssl.google-analytics.com https://secure.geonames.org http://js-agent.newrelic.com/nr-536.min.js https://www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://rwforg.speechstream.net https://secure.geonames.org *.accuplacer.org 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://livechat.udmedia.de https://www.paypalobjects.com https://www.google.com https://www.gstatic.com 'unsafe-eval'; object-src 'self'; style-src 'self' https://livechat.udmedia.de https://udmedia.de https://www.udmedia.de 'unsafe-inline'; img-src 'self' data: https://livechat.udmedia.de https://hilfe.udmedia.de https://udmedia.de https://www.udmedia.de; media-src 'self' https://livechat.udmedia.de; frame-src 'self' https://www.google.com https://livechat.udmedia.de; font-src 'self' https://www.paypalobjects.com https://livechat.udmedia.de; connect-src 'self' https://livechat.udmedia.de; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-nNZ5QunQyTysAfEDemyezIvhkq8ApOsJ' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
frame-ancestors 'self' 'self' https://*.metrohmcom.sharepoint.com https://*.jobs.ch https://*.ostjob.ch https://*.westjob.at https://*.nicejob.de https://*.metrohm-cms.com https://*.metrohm.com; 1
default-src 'none'; script-src cdn.report-uri.com 'nonce-4DIhW6wHieq14QQ9p5fziTJu' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; frame-src 'self' cdn.forms-content.sg-form.com; frame-ancestors 'none'; form-action 'self'; connect-src 'self'; upgrade-insecure-requests; base-uri 'none'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
frame-ancestors *.bremerhaven.de; upgrade-insecure-requests 1
default-src 'self' https: data: totum.com *.totum.com; img-src 'self' http: ; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net services.cognitoforms.com www.cognitoforms.com fonts.googleapis.com cdn.embedly.com platform.twitter.com/ cdn.freshbots.ai/assets/ www.freshbots.ai https://onesignal.com embed.typeform.com; style-src-elem https: http: 'self' 'unsafe-inline' tags.srv.stackadapt.com; script-src data: https: 'self' 'unsafe-inline' 'unsafe-eval' cdn.embedly.com www.googletagmanager.com images.ctfassets.net www.googletagservices.com ssl.p.jwpcdn.com www.google-analytics.com adservice.google.co.in adservice.google.com securepubads.g.doubleclick.net services.cognitoforms.com www.cognitoforms.com platform.twitter.com cdn.onesignal.com onesignal.com; connect-src data: https: 'self' 'unsafe-inline' 'unsafe-eval' wss://rts-euc.freshworksapi.com rts-euc.freshworksapi.com wss://rts-us.freshworksapi.com rts-us.freshworksapi.com wss://ws-mt1.pusher.com; worker-src data: https: blob: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self' www.fibabanka.com.tr; script-src 'self' www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://optimize.google.com/ https://mc.yandex.ru/ maps.google.com https://cdn.efilli.com/ https://tagmanager.google.com/debug/api/vtinfo https://snap.licdn.com/ riza.efilli.com https://countly.fibabanka.com.tr/ https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://tagmanager.google.com/debug/* https://tagmanager.google.com/* *.doubleclick.net sjs.bizographics.com www.googleadservices.com *.maps.yandex.net www.googletagmanager.com www.gstatic.com api-maps.yandex.ru optimize.google.com maps.googleapis.com ajax.googleapis.com https://www.youtube.com/iframe_api *.linkedin.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://cdn.speedcurve.com https://static.criteo.net https://assets.cookieseal.com/ https://widget.fibabanka.com.tr www.fibabanka.com.tr web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://optimize.google.com/ https://countly.fibabanka.com.tr/ fonts.googleapis.com riza.efilli.com https://assets.cookieseal.com/ https://widget.fibabanka.com.tr www.fibabanka.com.tr web-chat.nativechat.com 'unsafe-inline'; img-src 'self' platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://cdn.fibabanka.com.tr https://app.cbot.ai https://mc.yandex.ru/ https://cdn.efilli.com/ riza.efilli.com https://ssl.gstatic.com https://optimize.google.com/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://countly.fibabanka.com.tr/ https://widget.fibabanka.com.tr https://ssl.gstatic.com/analytics-suite/header/legacy/v2/ic_tag_manager.svg https://www.gstatic.com/images/ api-maps.yandex.ru maps.gstatic.com maps.googleapis.com www.googletagmanager.com *.google.com *.doubleclick.net/* *.google.com.tr https://stats.g.doubleclick.net/r/collect *.maps.yandex.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com https://ad.adrttt.com www.fibabanka.com.tr web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://optimize.google.com/ https://cdn.efilli.com/ https://countly.fibabanka.com.tr/ riza.efilli.com https://widget.fibabanka.com.tr www.fibabanka.com.tr; frame-ancestors testib.fibabanka.com.tr uatib.fibabanka.com.tr preib.fibabanka.com.tr internetbankaciligi.fibabanka.com.tr fiba2021.agencylook.org www.google.com www.youtube.com youtube.com 'self'; connect-src 'self' accounts.google.com riza.efilli.com https://mc.yandex.ru https://cdn.efilli.com/ https://optimize.google.com/ https://widget.fibabanka.com.tr/ https://countly.fibabanka.com.tr/ *.mktoresp.com https://apinode.cookieseal.com wss://livechat.fibabanka.com.tr kor01rp02.signfordeaf.com maps.googleapis.com; media-src 'self' data: blob: widget.fibabanka.com.tr www.fibabanka.com.tr cdn01.signfordeaf.com https://cdn.fibabanka.com.tr; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://mc.yandex.ru https://cdn.efilli.com/ https://optimize.google.com/ https://countly.fibabanka.com.tr/ *.doubleclick.net/ riza.efilli.com www.google.com api-maps.yandex.ru https://apinode.cookieseal.com web-chat.nativechat.com; frame-src www.google.com www.youtube.com youtube.com countly.fibabanka.com.tr 'self' web-chat.nativechat.com 1
frame-ancestors http://optimizer.com http://*.optimizer.com https://optimizer.com https://*.optimizer.com https://url.onlinebusiness.com 1
base-uri 'self'; form-action 'self' www.paypal.com commerce.coinbase.com checkout.stripe.com rentrapidbox.com; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js https://js.stripe.com/v3/; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' https://www.google.com.br/ https://www.google.com/ https://login.microsoftonline.com https://demo.privacytools.com.br/ https://pagead2.googlesyndication.com/ https://dpo.privacytools.com.br/ https://snap.licdn.com/ https://gateway.pine.com/ https://script.hotjar.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.hotjar.com/ https://www.google-analytics.com/ https://cdn.privacytools.com.br/ https://code.jquery.com https://fonts.googleapis.com https://oc-cdn-public-sam.azureedge.net https://www.googletagmanager.com https://cdn-demo.privacytools.com.br https://www.google.com/ https://www.gstatic.com/ data: 'unsafe-inline'; img-src 'self' data: https://s3-sa-east-1.amazonaws.com/ https://pinecoms3-hml.s3-sa-east-1.amazonaws.com/ https://cdn-demo.privacytools.com.br/ https://www.google.com/ https://www.google.com.br/ https://www.googletagmanager.com/ https://dpo.privacytools.com.br/ 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 1
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 1
base-uri 'self';connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://fonts.googleapis.com https://api-public.addthis.com;default-src 'self';form-action 'self';img-src 'self' https: data: https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.com.au https://*.google-analytics.com https://*.googletagmanager.com;media-src 'self';object-src 'none';script-src 'self' 'nonce-iB7N0XYstH0jb2Z7WWIL0FulsKNfsDZk' *.google.com https://yt3.ggpht.com https://static-exp1.licdn.com https://www.google-analytics.com https://*.doubleclick.net https://*.doubleclick.com fonts.googleapis.com *.googletagmanager.com https://www.linkedin.com https://platform.linkedin.com https://btn.createsend1.com;style-src 'self' 'nonce-iB7N0XYstH0jb2Z7WWIL0FulsKNfsDZk' 'unsafe-inline' *.gstatic.com https://static-exp1.licdn.com https://www.youtube.com https://rsms.me fonts.googleapis.com;frame-src https://*.google.com https://www.linkedin.com *.youtube.com https://btn.createsend1.com;font-src 'self' https://rsms.me fonts.gstatic.com;frame-ancestors https://www.linkedin.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' ipgtest.monri.com www.sandbox.paypal.com cdn-web.crossbox.io mail.crossbox.io www.google-analytics.com www.googletagmanager.com crossbox.io maps.googleapis.com fonts.gstatic.com gstatic.com www.gstatic.com www.google.com google.com google-analytics.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw fonts.googleapis.com www.paypalobjects.com www.paypal.com https://t.paypal.com www.youtube.com stats.g.doubleclick.net platform.twitter.com cdn.syndication.twimg.com ton.twimg.com syndication.twitter.com pbs.twimg.com abs.twimg.com s.ytimg.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com/analytics.js https://*.imagemfilmes.com.br/hotsites/ http://imagemfilmes.disqus.com/embed.js https://ajax.cloudflare.com/ https://connect.facebook.net/en_US/fbevents.js https://cdn.ampproject.org/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://connect.facebook.net/signals/config/* https://www.googletagmanager.com/gtag/js http://www.google-analytics.com/collect/* https://connect.facebook.net/signals/config/666913753495536; style-src 'self' 'unsafe-inline' https://*.imagemfilmes.com.br/hotsites/; img-src 'self' data: https://*.wmixvideo.com.br https://*.imagemfilmes.com.br http://*.imagemfilmes.com.br https://www.google-analytics.com/ https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences http://www.google-analytics.com/r/collect http://www.google-analytics.com/* https://i.ytimg.com https://referrer.disqus.com https://c.disquscdn.com https://www.facebook.com/tr/ http://www.google-analytics.com; object-src 'none'; child-src 'self'; frame-src 'self' https://disqus.com http://www.youtube.com/ https://www.google.com/ https://www.facebook.com/ 1
frame-ancestors 'self' *.kuaidihelp.com; 1
script-src 'self' 'unsafe-inline' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net snap.licdn.com googleads.g.doubleclick.net cdn-cookieyes.com *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-analytics.net; frame-src 'self' td.doubleclick.net *.youtube.com *.hubspot.com; object-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors https://*.easyvista.com https://servicenav.io  https://*.easyvista-training.com https://*.butdsi.net https://*.but.local https://*.zebrix.net http://*.zebrix.net ; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' https://m.youtube.com https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self' *.youtube.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.ytimg.com *.youtube.com *.froala.com;font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self' 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.adobedtm.com https://*.googleapis.com https://*.cloudflare.com https://*.bootstrapcdn.com/ https://*.jquery.com https://*.sitescdn.net https://*.livechatinc.com https://*.nblyprod.com https://www.googletagmanager.com https://*.demdex.net https://*.addthis.com/ https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.pagescdn.com https://*.amazonaws.com https://www.google-analytics.com https://*.facebook.net https://*.rlets.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.reachlocallivechat.com https://reachlocallivechat.com https://chat.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.optimizely.com about://www.reachlocallivechat.com https://*.btttag.com https://*.mollymaid.com https://*.cloudflareinsights.com https://*.bing.com  https://*.doubleclick.net https://*.krxd.net https://*.google-analytics.com https://*.simpli.fi https://*.googleadservices.com https://*.googletagmanager.com https://*.mathtag.com https://*.thinkingchat.com https://www.reachlocallivechat.com https://*.liadm.com https://*.adroll.com https://*.yimg.com https://*.adsrvr.org https://*.33across.com https://*.outlook.com https://*.hibu.com https://*.web-2-tel.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.mollymaid.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.mollymaid.com https://*.nblyprod.com https://*.nblytest.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://nblyprod.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://www.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://rum.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.liadm.com https://*.yimg.com https://*.bing.com https://*.adsrvr.org https://*.doubleclick.net https://*.btttag.com https://*.googlesyndication.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai; font-src https://*.typekit.net https://*.nblyprod.com https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.mollymaid.com https://*.cloudflare.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://*.nblyprod.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.doubleclick.net https://*.adsrvr.org https://*.rlets.com https://*.broadly.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; report-uri //moneybird.com/csp_report 1
upgrade-insecure-requests;block-all-mixed-content;default-src 'self' *.driftt.com;connect-src 'self' *.analytics.google.com *.doubleclick.net *.energage.com *.google-analytics.com *.googleapis.com *.hotjar.com *.linkedin.com *.salesloft.com *.yoast.com analytics.google.com api.typeform.com aorta.clickagy.com cdn.linkedin.oribi.io edge.fullstory.com geoip.cookieyes.com hemsync.clickagy.com ipapi.co *.osano.com rs.fullstory.com ws.zoominfo.com yoast.com;font-src 'self' data: *.bootstrapcdn.com *.energage.com fonts.googleapis.com fonts.gstatic.com;form-action 'self' *.calendly.com calendly.com go.pardot.com info.energage.com player.vimeo.com www.facebook.com;frame-ancestors 'self';frame-src 'self' *.adsrvr.org *.doubleclick.net *.driftt.com *.energage.com *.google.com *.greenhouse.io *.hotjar.com *.osano.com *.vimeo.com *.youtube.com app.essential-addons.com form.typeform.com hemsync.clickagy.com static.addtoany.com www.facebook.com www.g2.com;img-src 'self' data: * 'unsafe-eval' 'unsafe-inline' *.addthisedge.com *.calendly.com *.calendly.com *.calendly.com *.crocoblock.com *.doubleclick.net *.doubleclick.net *.energage.com *.facebook.com *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.licdn.com *.linkedin.com *.moatads.com *.topworkplaces.com *.vimeocdn.com *.w.org calendly.com calendly.com calendly.com connect.facebook.net energage.com fonts.googleapis.com http://*.topworkplaces.com http://topworkplaces.com http://topworkplaces.com https://*.topworkplaces.com https://topworkplaces.com maxcdn.bootstrapcdn.com player.vimeo.com secure.gravatar.com topworkplaces.com www.google.com;object-src 'self' info.energage.com;script-src blob: http: https: 'self' 'unsafe-inline' 'unsafe-eval' *.addthisedge.com *.calendly.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.driftt.com *.energage.com *.facebook.com *.fullstory.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.greenhouse.io *.gstatic.com *.hotjar.com *.licdn.com *.osano.com *.pardot.com *.salesloft.com ajax.googleapis.com calendly.com cdn.calltrk.com connect.facebook.net info.energage.com js.adsrvr.org maxcdn.bootstrapcdn.com platform.twitter.com player.vimeo.com static.addtoany.com tag.simpli.fi tags.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.energage.com *.gstatic.com *.osano.com embed.typeform.com fonts.googleapis.com yoast.com;worker-src blob: *.osano.com *.energage.com; 1
object-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; frame-src 'self' https://*.nfb.ca https://*.onf.ca https://*.google.com https://bid.g.doubleclick.net https://www.gstatic.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://www.facebook.com https://pixel.mathtag.com/ https://d2v44bgsxxwb3t.cloudfront.net https://td.doubleclick.net https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; script-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://player.vimeo.com https://maps.googleapis.com https://dkyhanv6paotz.cloudfront.net connect.facebook.net https://graph.facebook.com https://*.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://apis.google.com/js/platform.js www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.c212.net/ https://c212.net/ https://pixel.mathtag.com/sync/js https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dkyhanv6paotz.cloudfront.net https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://c212.net https://thumbor-interactive-cms.s3.ca-central-1.amazonaws.com https://www.facebook.com https://sentry.nfb.ca:9443 https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ *.nfb.ca *.onf.ca; media-src 'self' https://*.onf.ca https://*.nfb.ca https://dkyhanv6paotz.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net blob: *.nfb.ca *.onf.ca; img-src 'self' https://*.onf.ca https://*.nfb.ca https://www.facebook.com https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com/ads https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.ca/ads https://www.google.ca/ads/ga-audiences https://www.google.ca/pagead/ https://pixel.mathtag.com/misc/img https://pixel.mathtag.com/comp/img https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; default-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca 'nonce-PYVy7ojmQhh6ROEJ3AwtBg=='; manifest-src 'self' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; worker-src 'self' *.onf.ca *.nfb.ca blob: *.nfb.ca *.onf.ca; style-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com *.nfb.ca *.onf.ca; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com data: https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca 1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline'; frame-ancestors *; report-uri https://www.merton.gov.uk/report-uri/enforce 1
frame-ancestors 'self' eternalhost.net *.eternalhost.net 1
frame-ancestors 'self' *.northcarolina.edu; 1
frame-ancestors 'self' https://childrens-admin.akronchildrens.org; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' acsbapp.com assets.sitescdn.net *.analytics.net *.doubleclick.net *.akronchildrens.org *.bootstrapcdn.com *.c212.net *.cookielaw.org c212.net *.facebook.net *.fontawesome.com *.google-analytics.com *.googleapis.com *.gravatar.com *.gstatic.com *.sitescdn.net *.jsdelivr.net *.jquery.com *.outbrain.com *.typekit.net *.swiftypecdn.com *.google.com *.googletagmanager.com *.cloudflare.com *.pagescdn.com *.pinterest.com *.nrchealth.com *.github.io *.sharethis.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.unpkg.com *.taboola.com *.trumba.com *.appcatalyst.com *.youtube.com *.wp.com *.adsrvr.org *.alpixtrack.com *.analytics.net *.congressweb.com *.crazyegg.com *.crwdcntrl.net *.earthcam.net familysurvey.org *.familysurvey.org *.hs-analytics.net *.iperceptions.com *.influencehealth.com *.licdn.com *.medtargetsystem.com *.medtargetsystems.com *.mouseflow.com mychartpoc.chmca.org *.outbrain.com *.mathtag.com *.quantserve.com *.quantcount.com *.rackcdn.com siteimproveanalytics.com *.steelhousemedia.com *.storygize.net *.simpli.fi *.tvsquared.com *.webspellchecker.net *.yext-cdn.com *.yext-pixel.com *.yext.com *.yextpages.net *.yieldmo.com; 1
media-src *; frame-src *; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com count.atm.youku.com valc.atm.youku.com *.youku.com www.googletagmanager.com *.cn.miaozhen.com stats.g.doubleclick.net news.panasonic.com *.gravatar.com www.google.com www.google.cn lbs.amap.com yui-s.yahooapis.com *.alicdn.com log.mmstat.com *.mmstat.com fourier.taobao.com *.ykimg.com pl-ali.youku.com ykugc.cp31.ott.cibntv.net *.mobgslb.tbcache.com cdnjs.cloudflare.com 1
default-src 'none';script-src 'self'  www.googletagmanager.com tagmanager.google.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com www.googleadservices.com https://googleads.g.doubleclick.net https://apisandboxstatic.zuora.com https://static.zuora.com https://static.ads-twitter.com https://analytics.twitter.com platform.twitter.com https://dc.ads.linkedin.com connect.facebook.net https://bs.serving-sys.com https://secure-ds.serving-sys.com https://gateway.zscalertwo.net http://cdn.segment.com *.adroll.com *.bizographics.com script.crazyegg.com api.demandbase.com https://snap.licdn.com *.evidon.com static.hotjar.com script.hotjar.com 'unsafe-inline' bam.nr-data.net https://scripts.demandbase.com/701ffaa3.min.js data:;connect-src 'self'  https://*.predix.io https://api.segment.io *.grc-apps.svc.ice.ge.com *.mktoresp.com bam.nr-data.net http://*.amazonaws.com  https://api.demandbase.com;img-src 'self'  https://*.predix.com https://stage.predix.com https://www.predix.io https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://secure.adnxs.com https://ib.adnxs.com *.evidon.com https://analytics.twitter.com https://www.facebook.com https://ads.yahoo.com https://d154rjc49kgakj.cloudfront.net https://gateway.zscalertwo.net https://d.adroll.com https://imp2.ads.linkedin.com https://idsync.rlcdn.com https://us-u.openx.net https://ex1.coull.com https://x.bidswitch.net a.company-target.com t.co http://online.swagger.io pixel.rubiconproject.com https://ssl.gstatic.com https://www.gstatic.com data:;media-src 'self'  http://d154rjc49kgakj.cloudfront.net https://d154rjc49kgakj.cloudfront.net http://www.predix.com https://www.predix.com blob:;style-src 'self' 'unsafe-inline' https://s.adroll.com https://d.adroll.com https://tagmanager.google.com https://fonts.googleapis.com *.evidon.com;font-src 'self' data: https://fonts.gstatic.com *.evidon.com;object-src 'self';child-src 'self' https://www.google.com https://www.youtube.com https://gateway.zscalertwo.net https://apisandbox-api.zuora.com https://api.zuora.com https://pt1-api.zuora.com *.evidon.com;frame-src 'self' https://www.google.com  https://www.youtube.com https://gateway.zscalertwo.net *.evidon.com https://apisandbox-api.zuora.com https://api.zuora.com https://pt1-api.zuora.com https://bid.g.doubleclick.net 1
default-src blob: 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://admin.relay42.com *.r42tag.com *.visualwebsiteoptimizer.com app.vwo.com *.pingvp.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com  www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.arcgis.com *.googleanalytics.com https://optimize.google.com http://*.hotjar.io:* https://*.hotjar.io:* googleads.g.doubleclick.net tpc.googlesyndication.com;style-src 'self' 'unsafe-inline' *.pingvp.com fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src data: 'self' *.pingvp.com *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net  https://script.hotjar.com http://script.hotjar.com optimize.google.com www.gstatic.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;font-src data: 'self' *.pingvp.com fonts.gstatic.com js.arcgis.com widget.greenonline.nl http://script.hotjar.com https://script.hotjar.com;connect-src 'self' *.pingvp.com *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io:* https://*.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net  *.visualwebsiteoptimizer.com app.vwo.com;media-src 'self' *.pingvp.com *.interpolis.nl;object-src 'self' *.pingvp.com;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com *.hotjar.io e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com optimize.google.com *.pingvp.com tpc.googlesyndication.com app.vwo.com;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com optimize.google.com tpc.googlesyndication.com app.vwo.com *.visualwebsiteoptimizer.com;form-action 'self' t.svtrd.com http://trx.ae https://transaction.acceptemail.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;upgrade-insecure-requests;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; connect-src 'self' https://webalytix.th-nuernberg.de https://jobs.b-ite.com; script-src 'unsafe-inline' 'self' https://webalytix.th-nuernberg.de https://static.b-ite.com https://cs-assets.b-ite.com; img-src 'self' data:; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; object-src 'none'; frame-src 'self' https://webalytix.th-nuernberg.de https://virtuohm.ohmportal.de https://jobboerse.th-nuernberg.de https://th-nuernberg.github.io/; base-uri 'none'; 1
default-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/; connect-src 'self' *.nshss.org/ nshss.org/ wss://ws.hotjar.com/ https://content.hotjar.io/ ct.pinterest.com/ analytics.tiktok.com/ analytics.google.com/ *.paypal.com/ *.bugsnag.com/ *.braintreegateway.com/ *.braintree-api.com/  *.nshss.org/ *.theoryfarm.com/ nshss-email.s3.amazonaws.com/ wss://localhost:44337/ wss://localhost:44391/ http://localhost:8080/ wss://nshss-2023-dev.azurewebsites.net/ wss://*.nshss.org/ wss://nshss.org/ *.cookiepro.com *.purechat.com https://s.pinimg.com/ct/core.js *.snapchat.com *.doubleclick.net/ www.google-analytics.com/ *.hotjar.com/ wss://ws3.hotjar.com/api/ *.googleapis.com/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/  wss://*.purechat.com/ *.hotjar.io/; font-src 'self' *.nshss.org/ nshss.org/ data: fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ fonts.gstatic.com/ *.gstatic.com/ *.gravatar.com/; frame-src 'self'  *.nshss.org/ nshss.org/ *.issuu.com/ ct.pinterest.com/ insight.adsrvr.org/ *.paypal.com/ *.braintreegateway.com/ www.googletagmanager.com/ www.google.com/recaptcha/ *.hotjar.com/ *.youtube.com/ *.gstatic.com/ *.gravatar.com/ *.umbraco.com/ *.vimeo.com/ *.snapchat.com/ *.doubleclick.net/; child-src *.nshss.org/ nshss.org/ www.youtube.com/ *.gravatar.com/; img-src 'self' *.nshss.org/ nshss.org/ data: blob: ct.pinterest.com/ *.vimeocdn.com www.facebook.com/ www.google-analytics.com/ www.google.com/ads/ maps.gstatic.com/mapfiles/ dev-store.nshss.org/ maps.googleapis.com/ dashboard.umbraco.org/ umbraco.tv/ *.paypal.com/ *.amazonaws.com/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/ https://prod.purechatcdn.com/ https://*.wp.com/app.purechat.com/ *.adsrvr.org/ *.doubleclick.net/; media-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/ dashboard.umbraco.com/ *.purechatcdn.com/; object-src 'self' *.nshss.org/ nshss.org/ *.gstatic.com/ *.gravatar.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nshss.org/ nshss.org/ d2wy8f7a9ursnm.cloudfront.net/ *.paypal.com/ *.paypalobjects.com/ *.braintreegateway.com/ *.braintreegateway.com/ *.googleapis.com/ https://s.pinimg.com/ct/core.js *.cookiepro.com/ cdn.ampproject.org/ *.purechat.com/ *.purechatcdn.com/ *.snapchat.com/ *.pinimg.com/ *.youtube.com/ analytics.tiktok.com/ https://js.adsrvr.org/ https://sc-static.net/scevent.min.js www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/2.0.0-alpha.2/cropper.min.js www.google.com/recaptcha/ maps.googleapis.com/ marathonconsulting.atlassian.net/ www.googletagmanager.com/ www.google-analytics.com/ *.hotjar.com/ dashboard.umbraco.com/ *.facebook.net/ *.snapchat.com/ sc-static.net/ *.googleadservices.com/; style-src 'self' 'unsafe-inline' *.nshss.org/ nshss.org/ nshss-east-staging.azurewebsites.net/ nshss-southcentral-staging.azurewebsites.net/ fonts.googleapis.com/ *.braintreegateway.com/ maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/2.0.0-alpha.2/cropper.css dashboard.umbraco.com/ *.googletagmanager.com/; 1
default-src 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de https://consentcdn.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; img-src 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de 'nonce-GbFraEyNmmi7eL4Bswtc' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; frame-ancestors 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de https://www.googletagmanager.com; script-src 'strict-dynamic' 'nonce-VoxFkxTxd6tHz2obxRZu'; frame-src 'self' blob: https://nomos-elibrary.de https://*.nomos-elibrary.de 'nonce-xGvL3i8j5FmwEqdQ7ETV' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com/video/; style-src 'self' 'unsafe-inline' https://nomos-elibrary.de https://*.nomos-elibrary.de https://consentcdn.cookiebot.com; base-uri 'self'; object-src 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflareaccess.com *.amazonaws.com *.buzzsprout.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudfront.net *.doubleclick.net *.youtube.com *.acuityscheduling.com *.newtonsoftware.com recruitingbypaycor.com *.pineapplepayments.com bam-cell.nr-data.net cdn.cookielaw.org js-agent.newrelic.com static.transaxgateway.com *.bc0a.com *.b0e8.com api.brightedge.com *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.onistaged.com *.wpengine.com *.onistaged.com *.onenorth.com *.clarkhill.com data: blob:; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.cloudfront.net data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.ie; img-src 'self' https: data: blob: https://mastodon.ie; style-src 'self' https://mastodon.ie 'nonce-gRJMeWay+YRnqMskNk9EZQ=='; media-src 'self' https: data: https://mastodon.ie; frame-src 'self' https:; manifest-src 'self' https://mastodon.ie; form-action 'self'; child-src 'self' blob: https://mastodon.ie; worker-src 'self' blob: https://mastodon.ie; connect-src 'self' data: blob: https://mastodon.ie https://cdn.masto.host wss://mastodon.ie; script-src 'self' https://mastodon.ie 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://widget.kapa.ai https://www.google.com https://www.gstatic.com;connect-src 'self' https://*.ic0.app https://ic0.app https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud ic-api.internetcomputer.org mxzaz-hqaaa-aaaar-qaada-cai.raw.ic0.app https://data.jsdelivr.com https://cdn.jsdelivr.net https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app;img-src 'self' data: https:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src https://www.youtube.com;base-uri 'self';frame-src https://motoko.agorapp.dev https://www.google.com https://internetcomputer.matomo.cloud;frame-ancestors https://internetcomputer.matomo.cloud;form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests; 1
base-uri 'self'; default-src 'self'; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' 		https://cdn.redoc.ly 		www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com 		https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.livechatinc.com *.youtube.com 		*.google.com cdn.polyfill.io connect.facebook.net static.cloudflareinsights.com; 		style-src 'self' 'unsafe-inline' fonts.googleapis.com; 		object-src 'self' *.livechatinc.com *.youtube.com *.google.com; 		form-action 'self' www.facebook.com; 		font-src 'self' data: fonts.gstatic.com https://cdn.livechatinc.com; 		connect-src 'self' stats.g.doubleclick.net www.google-analytics.com www.facebook.com 		api.etherscan.io *.google-analytics.com *.analytics.google.com; 		img-src 'self' data: www.google-analytics.com cdn.livechat-files.com https://cdn.redoc.ly 		www.facebook.com *.livechatinc.com *.youtube.com *.google.com *.google.lt *.google-analytics.com 		*.analytics.google.com www.googletagmanager.com; 		frame-src 'self' https://www.google.com/recaptcha/ 		https://recaptcha.google.com/recaptcha/ secure.livechatinc.com www.facebook.com 		https://calendly.com; 		media-src 'self' *.livechatinc.com *.youtube.com *.google.com; 		child-src 'self' *.livechatinc.com *.youtube.com *.google.com blob:; 1
default-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors listings.hibu.com *.yext.com hibu.optimizelocation.com hibu.my.salesforce.com dashboard.hibu.com www.facebook.com m.facebook.com; img-src * 'unsafe-eval' 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' *.freshthyme.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-0hCGCEWIh6e1JHI7zMhDXA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src: https: 'unsafe-inline' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https:; media-src 'self'; object-src 'self'; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' 1
upgrade-insecure-requests; default-src 'self'; media-src 'self'; frame-src 'self' *.tourmkr.com https://tourmkr.com *.pgtb.me *.cmpgn.page *.userway.org *.gradguard.com *.betterbot.com https://*.doubleclick.net/ https://*.googlesyndication.com https://*.google.com *.youtube.com *.hsforms.com *.hsforms.net https://*.hostedpayments.com www.facebook.com console.rul.ai https://*.redditstatic.com; script-src 'self' *.cloudflare.com *.applicationinsights.azure.com *.cloudfront.net *.azure.com *.userway.org *.engine.betterbot.com *.betterbot.com *.gradguard.com *.userway.org *.tiktok.com https://*.redditstatic.com *.cookie-script.com *.jsdelivr.net https://*.reddit.com *.salesforce.com https://*.google.com https://*.gstatic.com *.googleapis.com connect.facebook.net js.hsforms.net px.ads.linkedin.com snap.licdn.com use.typekit.net www.facebook.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.youtube.com console.rul.ai 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.cloudfront.net *.userway.org *.betterbot.com fonts.googleapis.com *.typekit.net fast.fonts.net *.gstatic.com 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com use.typekit.net *.userway.org; connect-src 'self' *.azure.com *.betterbot.com *.tiktok.com *.pangle-ads.com *.userway.org *.cookie-script.com *.doubleclick.net/ *.googlesyndication.com *.google.com www.google-analytics.com *.googleapis.com stats.g.doubleclick.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io console.rul.ai; img-src 'self' *.userway.org *.amazonaws.com *.reddit.com *.linkedin.com www.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com www.wirtgen-group.com data: *.gstatic.com p.typekit.net *.hsforms.com i.ytimg.com *.bluemod.us www.facebook.com px.ads.linkedin.com static.rul.ai www.linkedin.com; frame-ancestors 'self' *.cmpgn.page *.acctest.net *.userway.org https://renterswidget.gradguard.com *.gradguard.com *.americancampus.com https://*.acctest.net https://*.bluemod.us https://*.bluemod.me *.applicationinsights.azure.com *.pgtb.me *.tourmkr.com https://tourmkr.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com wss://*.amazonaws.com; media-src 'self' https://user-attachments-0-prod-us-east-2-135996661431.s3.us-east-2.amazonaws.com https://user-attachments-0-prod-us-west-1-135996661431.s3.us-west-1.amazonaws.com mediastream:; 1
default-src 'none';script-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com 'nonce-pKQy9zpxu64nkkgm7UQmZ324' 'nonce-c29tZSBjb29sIHN0cmluZyB3aWxsIHBvcCB1cCAxMjM=' blob: *.gstatic.com https://*.usercentrics.eu www.google-analytics.com *.facebook.com *.facebook.net;style-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com 'nonce-pKQy9zpxu64nkkgm7UQmZ324' 'nonce-c29tZSBjb29sIHN0cmluZyB3aWxsIHBvcCB1cCAxMjM=' *.gstatic.com https://*.usercentrics.eu fonts.googleapis.com *.facebook.com *.facebook.net;font-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com data: fonts.gstatic.com;img-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com data: blob: *.spark-static.com https://*.usercentrics.eu *.facebook.com *.facebook.net;connect-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com blob: https://*.usercentrics.eu www.google-analytics.com *.facebook.com *.facebook.net;media-src 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com blob:;frame-src *;worker-src 'self' blob:;manifest-src 'self';frame-ancestors *.d3.dyn.sport;form-action 'self' *.d3.dyn.sport *.dyn.sport *.d3.dyn.sport *.usercentrics.eu *.stag.dyn.sport *.dev.dyn.sport *.akamaized.net *.azurewebsites.net *.axisstatic.com *.streaming.mediaservices.windows.net *.googletagmanager.com *.google-analytics.com *.mtribes.com *.litix.io *.youborafds01.com *.youboranqs01.com *.drmtoday.com *.cloudflare.com *.googleapis.com;object-src 'none';base-uri 'self';block-all-mixed-content;script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' tags.tiqcdn.com p11.techlab-cdn.com; frame-src 'self' service.force.com https://sunlifeus.az1.qualtrics.com https://www.google.com/; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.lightning.force.com sunlifehelpcenter.force.com slfus.my.salesforce.com slfus.my.site.com d.la4-c3-ph2.salesforceliveagent.com d.la2-c2-ia5.salesforceliveagent.com service.force.com www.slfconnect.com stats.g.doubleclick.net ssl.google-analytics.com kit.fontawesome.com tags.tiqcdn.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.google-analytics.com p11.techlab-cdn.com; connect-src 'self' slfus.my.site.com sunlifehelpcenter.force.com smetrics.sunlifeconnect.com dpm.demdex.net localhost:58710 ka-f.fontawesome.com https://www.google-analytics.com p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' slfus.my.site.com sunlifehelpcenter.force.com service.force.com www.slfserviceresources.com account.sunlifeconnect.com; img-src 'self' https://qar-slfconnect.us.sunlife ssl.google-analytics.com smetrics.sunlifeconnect.com dev-content.us.sunlife sit-content.us.sunlife stage-content.sunlifeconnect.com content.sunlifeconnect.com https://www.slfserviceresources.com account.sunlifeconnect.com data: ; font-src 'self' ka-f.fontawesome.com data: application/octet-stream; 1
frame-ancestors 'self' https://*.ebrains.eu https://*.humanbrainproject.eu; 1
frame-ancestors 'self' https://metrika.yandex.ru/ http://webvisor.com/; img-src * 'self' https://facebook.com data: blob: https:; default-src 'self' https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net *.vimeo.com https://*.jsdelivr.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://s.ytimg.com https://www.youtube.com https://clo.ru https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org https://www.google.com/recaptcha/ https://vk.com/js/api/openapi.js https://connect.facebook.net wss://*.carrotquest.app *.carrotquest.app *.carrottrack.app https://clo.chathost.ru/widget/index.js https://clo.chathost.ru/widget_api/ https://api-front.clo.ru/unsubscribe data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' https://social.uploadcare.com/ https://calendly.com https://js.driftt.com https://www.youtube.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://helpcrunch.com; img-src 'self' data: https://s3.amazonaws.com https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com https://*.clearbit.com http://*.clearbit.com https://ucarecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://cdn.sanity.io https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.huntr.co blob: data: https://assets.calendly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.helpcrunch.com https://huntr.widget.helpcrunch.com https://widget.helpcrunch.com https://code.jquery.com https://www.google-analytics.com https://snap.licdn.com http://cdn.mxpnl.com https://js.driftt.com https://assets.calendly.com https://maps.googleapis.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://js.stripe.com https://clerk.huntr.co https://clerk.huntrstaging.com https://clerk.huntr-renniehaylock-hun-ljxbwh.herokuapp.com https://careerservices.purpleacademy.co https://careerservices.takeo.ai https://careers.reworktraining.org https://careersuccess.yellowtail.tech https://huntr.comptia.org https://huntr.icareersolutions.com https://jobs.312.school https://jobsearch.joinsatellite.io https://jobs.skills.tech https://jobs.rehigher.com https://talent.codeboxx.biz https://talent.codeboxx.com https://app.smarterjobhunting.com https://jobs.youareambitious.com https://huntr.thrivedx.com https://jobtracker.uvaro.com https://purpleacademy.huntr.co https://*.clerk.accounts.dev https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com blob: https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.calendly.com; connect-src 'self' http://localhost:3000 https://huntr.co https://huntrstaging.com https://*.huntr.co https://sentry.io https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com wss://huntr.helpcrunch.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://huntr.helpcrunch.com https://api-js.mixpanel.com https://upload.uploadcare.com https://uploadcare.s3-accelerate.amazonaws.com wss://ws.pusherapp.com ws://ws.pusherapp.com https://api.stripe.com https://clerk.huntr.co https://*.clerk.accounts.dev https://analytics.google.com https://huntr-dev.us.auth0.com https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com https://clerk.huntrstaging.com 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.ie https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.ie https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.ie  https://smetrics.vwfs.ie https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.ie https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.ie https://smetrics.vwfs.ie https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://online.flowpaper.com;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors 'self' https://*.pospal.cn 1
default-src 'self' data: ws: blob: wss: https://*.launchdarkly.com https://*.cloudfront.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/* https://api-iam.intercom.io/ https://www.edcast.me/ https://d.la2-c1cs-ord.salesforceliveagent.com/ https://*.agora.io https://*.agora.io:*/ https://*.agoraio.cn https://*.edcast.io/ https://*.edcast.com/ http://*.soc.edcast.com/ https://api-europe-edcast.io/ https://cdn.filestackcontent.com/ https://*.guideme.io/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.api.osano.com/ https://*.myguide.org/ https://*.s3.amazonaws.com/ https://s3.amazonaws.com/ https://*.s3.us-east-1.amazonaws.com/ https://*.s3-us-east-1.amazonaws.com/ https://*.filestackapi.com/ https://*.company-target.com/ https://*.6sc.co/ https://*.adnxs.com/ https://www.facebook.com https://*.googleapis.com/ https://www.edcastcloud.com/ https://*.clearbit.com/ https://example.com/ https://services.edcast.ai/ https://hlg.tokbox.com/ https://*.opentok.com/ https://api.go1.co/ https://d1iwkfmdo6oqxx.cloudfront.net/organizations/ https://api.unsplash.com/ https://cdn.linkedin.oribi.io/partner/ https://bam.nr-data.net/ https://api2.amplitude.com/2/ https://*.csod.com/ https://*.oracle.com/;script-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://bam-cell.nr-data.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/li.lms-analytics/ https://editor.unlayer.com/ https://widget.intercom.io/ https://js.intercomcdn.com https://*.guideme.io/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://d2r1yp2w7bby2u.cloudfront.net/js/ https://d1iwkfmdo6oqxx.cloudfront.net/organizations/ https://wzrkt.com/ https://*.my.salesforce.com/ https://*.salesforceliveagent.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.clearbitjs.com/ https://*.clearbit.com/ https://*.company-target.com/ https://tag.demandbase.com/ https://*.6sc.co https://*.google.com/ https://cdn.jsdelivr.net/ https://*.my.salesforce.com/ https://embedding.workato.com/r/ https://*.filestackapi.com/ https://*.osano.com/ https://*.hotjar.com/ https://www.youtube.com/ https://*.googleapis.com/ https://christus.okta.com/ https://tag.clearbitscripts.com/ https://cdn.walkme.com/ https://gateway.zscalerthree.net http://*.edcast.com/ https://*.edcast.com/ https://www.pagespeed-mod.com/v1/ https://els-jbs-prod-cdn.jbs.elsevierhealth.com/ https://www.pagespeed-mod.com/ https://*.ckeditor.com/ https://ckeditor.iframe.ly/ https://bam.nr-data.net/ https://*.oracle.com/ https://*.clevertap-prod.com;style-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://*.guideme.io/ https://*.my.salesforce.com/ https://service.force.com/ https://static.filestackapi.com/ https://*.ckeditor.com/ https://www.googletagmanager.com/ https://*.bootstrapcdn.com/ https://*.edcast.com/ https://lm.facebook.com/ https://*.oracle.com/;font-src 'self' blob: data: ws: wss: https://fonts.gstatic.com/s/ https://*.s3.amazonaws.com/fonts/ https://static3.avast.com/ https://*.guideme.io/ https://use.typekit.net/ https://*.edcast.com/ https://*.oracle.com/;img-src 'self' data: blob: https: http: about: android-webview-video-poster:;media-src blob: https: http:;frame-src 'self' atlassian-companion: data: blob: https:;report-uri /api/v2/csp_reports 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://consent.cookie-script.com https://translations.weglot.io https://cdn-api.weglot.com https://cdn.weglot.com https://arquivo.pt https://web.archive.org https://cdn-api.weglot.com cdn-api.weglot.com https://localhost:8081 localhost:8081; font-src 'self' https://www.fct.pt data:; frame-ancestors 'none'; frame-src https://www.youtube.com https://www.google.com https://app.powerbi.com https://cdn.weglot.com https://translations.weglot.io https://cdn-api.weglot.com cdn-api.weglot.com; img-src 'self' https://www.fct.pt https://former.fct.pt https://secure.gravatar.com https://translations.weglot.io https://cdn.weglot.com https://cdn-api.weglot.com data:; object-src 'none'; manifest-src 'self' https://cdn.cookie-script.com https://eu.cookie-script.com https://cdn.weglot.com https://translations.weglot.io; script-src 'self' https://cdn.cookie-script.com https://eu.cookie-script.com https://cdn.weglot.com https://translations.weglot.io 'nonce-fsHIiQe9Dmhopo1dr29kmFUF' 'unsafe-inline'; style-src 'self' https://www.fct.pt https://fonts.googleapis.com https://translations.weglot.io https://cdn.weglot.com https://cdn-api.weglot.com 'unsafe-inline' data:; upgrade-insecure-requests 1
default-src 'self' *.go.com * data:; script-src 'self' *.go.com *.wdpromedia.com 'unsafe-inline' 'unsafe-eval' *.demdex.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.scorecardresearch.com *.licdn.com *.google-analytics.com *.yimg.com *.bing.com *.linkedin.com *.yahoo.com *.disney.com *.akamaihd.net *.omtrdc.net *.twitter.com *.ads-twitter.com *.bkrtx.com *.bluekai.com *.youtube.com *.ytimg.com *.googleadservices.com *.resonate.com *.reson8.com *.instagram.com *.cookielaw.org js.adsrvr.org; style-src 'self' 'unsafe-inline' *.wdpromedia.com *.go.com *.disney.com; img-src 'self' *.go.com *.wdpromedia.com * data: *.disney.com; connect-src 'self' *.go.com *.google-analytics.com *.disney.com * data:; font-src 'self' *.go.com *.disney.com * data:; frame-src 'self' *.go.com *.adsrvr.org *.disney.com * data:; 1
frame-ancestors 'self' http://dsctouch.beazer.com http://dsctablet.beazer.com http://*.beazer.net; 1
frame-ancestors 'self' https://www.visit.fonterra.com; 1
script-src 'report-sample' 'self' 'nonce-d71a0305698be34808b5b45cde85323e'  https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-rtl-text/ https://cdn.matomo.cloud/voloocpter.matomo.cloud/ https://player.vimeo.com/api/player.js https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js;base-uri 'self';connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://flagsmith-api.volocloud.org https://vimeo.com https://voloocpter.matomo.cloud https://px.ads.linkedin.com/wa/;default-src 'self';font-src 'self' data:;frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com;img-src 'self' data: https://cdn.volocopter.com https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect;manifest-src 'self';media-src 'self' https://cdn.volocopter.com;object-src 'none';style-src 'report-sample' 'self' 'unsafe-inline';worker-src blob:; 1
default-src 'self' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.cookiebot.com *.hotjar.io *.reviews.io data: *.amazonaws.com *.cloudflare.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.typekit.net *.hsforms.com *.hs-sites.com *.wsemktapp.com *.reviews.co.uk  *.cloudfront.net wse-ctool.dns.guanxi.it  *.hs-banner.com *.doubleclick.net *.hubspot.com *.hotjar.com *.hubapi.com www.facebook.com www.google.co.in *.linkedin.com px.ads.linkedin.com *.adsymptotic.com wss: *.crwdcntrl.net *.bing.com *.clarity.ms *.cpmktg.co *.aimage.it:4000 *.cpmktg.com *.mathtag.com www.youtube.com www.slideshare.net mktmediadev.wallstreetenglish.com www.googletagmanager.com *.fna.fbcdn.net *.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.cookiebot.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.hsforms.net *.reviews.io *.hsforms.com js.hscta.com *.wsemktapp.com www.google.co.in *.google-analytics.com *.gstatic.com *.cloudfront.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net f.hubspotusercontent20.net www.googleoptimize.com *.hotjar.com *.facebook.net www.googleadservices.com snap.licdn.com *.doubleclick.net *.bing.com *.cpmktg.com *.orbitalwaves.it *.aimage.it:3000 *.bing.com *.clarity.ms *.crwdcntrl.net www.youtube.com www.google.com; style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *.googletagmanager.com *.cookiebot.com *.typekit.net *.googleapis.com *.reviews.io data: *.wsemktapp.com *.cloudfront.net *.fna.fbcdn.net *.hubspot.com *.cdninstagram.com; object-src 'none'; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.mojadm.sk https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.mojadm.sk https://tags.tiqcdn.com https://www.mojadm.sk; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.mojadm.sk https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.mojadm.sk https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.mojadm.sk https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://*.mojadm.sk https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.mojadm.sk https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.mojadm.sk https://signin.mojadm.sk; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.powerbi.com https://fonts.gstatic.com *.aptrinsic.com fonts.googleapis.com storage.googleapis.com; img-src 'self' https: data:; 1
default-src *; style-src 'self' 'unsafe-inline' https://esse.riafy.in https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://uat.esse.riafy.in https://unpkg.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.youtube.com https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://esse.riafy.in https://cdn.socket.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://uat.esse.riafy.in https://ajax.googleapis.com; frame-src 'self' 'unsafe-inline' blob: https://tawk.to https://s.tradingview.com https://www.facebook.com https://www.youtube.com https://esse.riafy.in https://td.doubleclick.net; media-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://walls.io https://*.walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://cdn.cookielaw.org https://static.cloudflareinsights.com https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://*.lkw-walter.com https://www.gstatic.com https://*.bing.com https://unpkg.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.hotjar.com; style-src 'self' 'unsafe-inline'  https://*.smartsuppcdn.com https://*.hotjar.com; frame-src 'self' https://*.youtube.com https://*.google.com https://walls.io https://*.walls.io https://*.youtube.com https://*.google.com https://*.youtube-nocookie.com; font-src 'self' data:  https://*.hotjar.com; form-action 'self'  ; connect-src 'self' https://cdn.cookielaw.org https://maps.googleapis.com https://*.onetrust.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://*.lkw-walter.com https://ipmeta.io  https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://maps.googleapis.com https://*.bing.com https://*.smartsuppchat.com https://*.smartsuppcdn.com wss://*.smartsupp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src * data:; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://*.enahost.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrap.com https://*.fontawesome.com https://code.jquery.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'none';frame-src 'self' *.trustyou.com *.youtube.com *.google.com review.holidaycheck.com review-service.holidaycheck.com *.a3mobile.com gm-destination-manager.com;media-src 'self' static.gebeco.de *.studiosus.com;font-src 'self' https://fonts.gstatic.com *.smartberatung.com;img-src * 'self' data:;object-src 'none';script-src 'strict-dynamic' 'nonce-CQEuRaLZ3+39d02Lei9dLoIwJQE=' ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.core.windows.net cdn.smartberatung.com;frame-ancestors *;base-uri 'self';form-action 'self';connect-src *; 1
default-src 'self' data:; 	script-src 'unsafe-inline' 'unsafe-eval' www.gstatic.com googletagmanager.com www.google.com www.googleadservices.com https:; 	font-src 'self' fonts.gstatic.com data:; 	style-src 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com https:; 	img-src 'self' phplive.astralinternet.com ps.w.org secure.gravatar.com www.google-analytics.com www.google.com www.google.ca www.gstatic.com googleads.g.doubleclick.net data:; 	frame-src 'self' www.google.com www.youtube.com phplive.astralinternet.com; 	connect-src 'self' www.google-analytics.com 1
default-src 'self' *ffn-cx-tooling-event-producer.* *.browser-intake-datadoghq.com *.tealiumiq.com https://www.google-analytics.com https://analytics.google.com vimeo.com *.trustpilot.com *.doubleclick.net *.achieve.com; script-src 'self' 'nonce-NDk5OTAwYjAtZmJhNy00OWNkLWIyNTAtM2E3YzBiNTc3NzE3' 'unsafe-inline' 'unsafe-eval' *.achieve.com https://connect.facebook.net https://frefi.sv.rkdms.com https://tags.achieve.com *.ctfassets.net https://www.googletagmanager.com *.tealiumiq.com *.trustpilot.com https://stats.g.doubleclick.net https://api.securedvisit.com; style-src 'self' 'unsafe-inline'; img-src * data:; font-src 'self' https://storage.googleapis.com; frame-src 'self' *.youtube.com *.vimeo.com *.trustpilot.com; media-src 'self' *.ctfassets.net; object-src 'self' blob: data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
object-src 'none'; script-src 'nonce-vGzgaS4jmrC7NCvrfq1eqA==' 'unsafe-inline' 'strict-dynamic' https: http:; base-uri 'none'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://api.quantyoo.io; font-src 'self'; form-action 'self'; img-src 'self' https://images.quantyoo.de/ https://images.userservice.cloud data:; object-src 'self'; script-src 'self'; style-src 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.magnumicecream.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
base-uri 'none'; default-src 'self' data: https: wss: 'unsafe-inline' blob:; style-src 'self' data: https: wss: 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://trck.maingau-energie.de https://ad4m.at https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://embed-cdn.surveyhero.com https://www.umfrageonline.com/ *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; script-src 'self' blob: https://api.scrivito.com https://assets.scrivito.com https://widget.intercom.io https://alomessageprod.maingau-tec.de https://alomessagetest.maingau-tec.de https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://d3dc1lgancj6l0.cloudfront.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://connect.facebook.net https://www.facebook.com https://bat.bing.com https://amplify.outbrain.com https://s.pinimg.com https://ct.pinterest.com https://services.maingau-energie.de https://cdn2.spatialbuzz.com https://netzwerk.uppr.de https://www.googleoptimize.com https://optimize.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.youtube.com https://tr.outbrain.com https://wave.outbrain.com/ https://trck.maingau-energie.de https://maps.googleapis.com https://maps.google.com https://ad4m.at https://snap.licdn.com https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://retrack-kupona.kuponacdn.de https://*.clarity.ms https://*.ad-serv.net 'unsafe-inline' 'unsafe-eval' https://embed-cdn.surveyhero.com https://www.umfrageonline.com/ *.visualwebsiteoptimizer.com app.vwo.com; font-src data: 'self'; frame-src 'self' https://www.google.com https://optimize.google.com https://bid.g.doubleclick.net https://alomessageprod.maingau-tec.de https://alomessagetest.maingau-tec.de https://www.pinterest.com https://trck.maingau-energie.de https://www.pinterest.de https://www.facebook.com https://maps.google.com https://maps.googleapis.com https://cdn2.spatialbuzz.com https://maps.google.com https://ad4m.at https://*.ad4mat.net https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.adnxs.com https://*.taboola.com https://*.kupona.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://*.ad-srv.net https://opt.kuponacdn.de https://*.adsrvr.org https://*.criteo.com https://*.doubleclick.net https://*.adform.net https://retrack-kupona.kuponacdn.de https://*.clarity.ms https://www.youtube-nocookie.com https://www.umfrageonline.com/ *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors www.lebourvil.fr; 1
img-src https://* data: 'self' https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://freewill.wpengine.com https://wp.wpenginepowered.com https://wordpress.freewill.com https://s3-us-west-2.amazonaws.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://cx.atdmt.com https://script.hotjar.com https://optimize.google.com https://www.googleoptimize.com https://rs.fullstory.com https://*.churnzero.net https://ct.pinterest.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.pushcrew.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://optimize.google.com https://www.googleoptimize.com https://fonts.googleapis.com https://*.churnzero.net https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.pushcrew.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.churnzero.net https://fonts.googleapis.com https://*.givechariot.com; connect-src 'self' https://cloud.iexapis.com https://www.facebook.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.google-analytics.com https://www.google.com https://*.g.doubleclick.net https://adservice.google.com https://*.execute-api.us-west-2.amazonaws.com https://wordpress.freewill.com https://freewill.wpengine.com https://wp.wpenginepowered.com https://sentry.io https://boards-api.greenhouse.io https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://*.hubapi.com https://*.nationwide.com https://rs.fullstory.com https://dpm.demdex.net wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.churnzero.net https://ct.pinterest.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.givechariot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fw-mercer-prod.us.auth0.com https://fw-mercer-demo.us.auth0.com https://px.ads.linkedin.com; form-action 'self' https://forms.hubspot.com https://*.hsforms.net https://*.hsforms.com https://www.facebook.com https://*.visualwebsiteoptimizer.com; frame-src *; child-src https://*.churnzero.net https://www.youtube.com blob:; media-src https://*.churnzero.net https://freewillpbc.s3.us-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://tpc.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://*.hs-scripts.com https://js.hs-banner.com https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net https://js.hs-analytics.net https://*.usemessages.com https://*.hubspot.com https://js.hsadspixel.net https://js.hscollectedforms.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://*.nationwide.com https://nexus.ensighten.com https://edge.fullstory.com https://www.fullstory.com https://fullstory.com https://*.plaid.com https://*.churnzero.net https://optimize.google.com https://www.googleoptimize.com https://*.freewillinternal.com/ https://s.pinimg.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.givechariot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com; frame-ancestors 'self'; report-uri https://o609278.ingest.sentry.io/api/5746814/security/?sentry_key=fc1e9f3de08c48018cc4b77705c8fdea; 1
frame-ancestors https://smart-bdash.com/ 1
frame-ancestors https://*.trueaccord.com https://flex.twilio.com 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/maps/; object-src 'none';  font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://gateway.zscaler.net/; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; script-src-elem 'self' 'unsafe-inline' https://gateway.zscaler.net/ https://googletagmanager.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dice.camp; img-src 'self' https: data: blob: https://dice.camp; style-src 'self' https://dice.camp 'nonce-SvY6lEUamJfDhDGMG2hkTw=='; media-src 'self' https: data: https://dice.camp; frame-src 'self' https:; manifest-src 'self' https://dice.camp; form-action 'self'; child-src 'self' blob: https://dice.camp; worker-src 'self' blob: https://dice.camp; connect-src 'self' data: blob: https://dice.camp https://cdn.masto.host wss://dice.camp; script-src 'self' https://dice.camp 'wasm-unsafe-eval' 1
default-src 'self'; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov dap.digitalgov.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; media-src 'self' *.consumerfinance.gov; font-src 'self' fonts.gstatic.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; style-src 'self' 'unsafe-inline' *.consumerfinance.gov optimize.google.com fonts.googleapis.com api.mapbox.com 1
default-src 'self' *.search.windows.net *.sitefinity.cloud isg-one.com *.isg-one.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com  connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.plyr.io d3js.org *.vo.msecnd.net www.googletagmanager.com snap.licdn.com *.cookiebot.com *.hotjar.com *.feathr.co *.marketo.com isg-one.com *.isg-one.com cdn.amcharts.com *.sharethis.com *.appdynamics.com *.cloudfront.net *.bidr.io jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net *.hiredesk.net *.slideshare.net fg8vvsvnieiv3ej16jby.litix.io *.stripe.com isgpay.ontrackevents.com script.crazyegg.com *.clarity.ms *.6sc.co/ https://static.srcspot.com/libs/tiphanie.js  https://embed.typeform.com https://embed.typeform.com/next/embed.js https://form.typeform.com *.typeform.com e.issuu.com; style-src 'self' 'unsafe-inline' https://embed.typeform.com https://form.typeform.com *.typeform.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com  connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.plyr.io *.vo.msecnd.net www.googletagmanager.com *.cookiebot.com isg-one.com *.isg-one.com *.marketo.com *.fontawesome.com *.sharethis.com jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net *.hiredesk.net *.slideshare.net *.stripe.com unpkg.com; font-src 'self' https://embed.typeform.com https://form.typeform.com *.typeform.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:  cdnjs.cloudflare.com *.cookiebot.com isg-one.com *.isg-one.com *.fontawesome.com jobs.jobvite.com *.slideshare.net *.stripe.com isgpay.ontrackevents.com  http://script.hotjar.com https://script.hotjar.com; img-src 'self' https://embed.typeform.com https://form.typeform.com *.typeform.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.sitefinity.cloud isg-one.com *.isg-one.com *.cookiebot.com px.ads.linkedin.com *.feathr.co *.adsrvr.org *.google.com *.marketo.com *.fontawesome.com https://sb.scorecardresearch.com *.googletagmanager.com jobs.jobvite.com *.wistia.com *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com https://p.adsymptotic.com *.6sc.co *.clarity.ms https://px4.ads.linkedin.com; media-src 'self' data: blob:  https://embed.typeform.com https://form.typeform.com *.typeform.com  *.cookiebot.com isg-one.com *.isg-one.com cdn.plyr.io jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ e.issuu.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com  *.cookiebot.com *.hotjar.com isg-one.com *.isg-one.com *.marketo.com *.sharethis.com jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com *.libsyn.com https://www.google.com/ https://isg.qualtrics.com/ https://embed.typeform.com https://form.typeform.com *.typeform.com; connect-src 'self' e.issuu.com https://embed.typeform.com https://form.typeform.com *.typeform.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com  *.search.windows.net *.visualstudio.com *.cookiebot.com *.doubleclick.net *.feathr.co isg-one.com *.isg-one.com noembed.com cdn.plyr.io *.sharethis.com *.appdynamics.com *.eum-appdynamics.com *.snplow.net jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com script.crazyegg.com secure.adnxs.com *.6sc.co *.clarity.ms  http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google.com *.crazyegg.com; 1
default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com static.addtoany.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net code.jquery.com *.youtube.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com blob: *.zencdn.net *.licdn.com unpkg.com *.cdc.gov *.blackbaudhosting.com *.blackbaud.com http://vjs.zencdn.net/7.0/video.min.js *.chsli.org search-embed.chsli.org.pagescdn.com *.sitescdn.net *.classy.org js.eruptr.io cdn.calltrk.com perfalytics.com *.kyruus.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.typekit.net cdn.cookielaw.org optanon.blob.core.windows.net *.gstatic.com *.blackbaudhosting.com *.blackbaud.com mychartscheduling.chsli.org *.pagescdn.com mycharttst.chsli.org *.sitescdn.net *.chsli.org  *.googletagmanager.com *.kyruus.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com *.amazonaws.com cdn.rawgit.com raw.githubusercontent.com stats.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.amazonaws.com cdn.jsdelivr.net *.chsli.org *.linkedin.com *.licdn.com *.blackbaudhosting.com *.pagescdn.com *.kyruus.com; frame-src 'self' 'unsafe-inline' static.addtoany.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud *.vimeo.com *.chsli.org *.cdc.gov *.blackbaudhosting.com *.blackbaud.com *.pagescdn.com *.googletagmanager.com tagassistant.google.com *.google.com *.video bcove.video search-embed.chsli.org.pagescdn.com www.chsli.org internet-stage.chsli.org www.googletagmanager.com *.classy.org *.chsli.org donate-good-samaritan-university-hospital.chsli.org; frame-ancestors 'self' *.chsli.org donate-good-samaritan-university-hospital.chsli.org *.catholichealthli.org; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com use.typekit.net *.pagescdn.com search-embed.chsli.org.pagescdn.com/* *.kyruus.com cdnjs.cloudflare.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com *.google-analytics.com stats.g.doubleclick.net www.google.com *.doubleclick.net *.googleapis.com joslin-stage.s3.amazonaws.com *.amazonaws.com *.chsli.org *.blackbaud.com *.pagescdn.com *.yext.com *.yext-pixel.com *.oribi.io *.googletagmanager.com tagassistant.google.com *.google.com *.provider-match.com *.catholichealthli.org perfalytics.com *.perfalytics.com; report-uri /report-csp-violation 1
default-src 'self' https://www.riigiteataja.ee; base-uri 'self' https://www.riigiteataja.ee; worker-src 'self' https://www.riigiteataja.ee; manifest-src 'self' https://www.riigiteataja.ee; media-src 'self' https://www.riigiteataja.ee; object-src 'self' https://www.riigiteataja.ee; frame-ancestors 'self' https://www.riigiteataja.ee; font-src 'self' https://www.riigiteataja.ee; form-action 'self' https://www.riigiteataja.ee; connect-src 'self' https://www.riigiteataja.ee *.riigiteataja.ee https://mstat.rik.ee; frame-src 'self' https://www.riigiteataja.ee *.riigiteataja.ee https://captcha.riigiteataja.ee; img-src 'self' https://www.riigiteataja.ee; script-src 'self' https://www.riigiteataja.ee https://mstat.rik.ee; style-src 'self' https://www.riigiteataja.ee ; ; upgrade-insecure-requests; report-uri /csp; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.probikekit.com https://m.probikekit.com https://checkout.probikekit.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-src https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' *; frame-src 'self' *.tableau.com *.youtube-nocookie.com *.youtube.com; script-src 'unsafe-eval' 'unsafe-inline' *; script-src-elem 'unsafe-inline' *;img-src * data:;font-src * data: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: data: blob: 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
default-src 'self';font-src 'self' https://ace-knowledge-cdn.teliacompany.net https://fonts.gstatic.com/s/lato/v11/ https://bup-region-skane.humany.net/ data: https://apps.icatserver.com https://mfstatic.com/ https://regionskane.icatserver.app https://vjs.zencdn.net/ http://vjs.zencdn.net/;img-src https://humany.blob.core.windows.net https://bup-region-skane.humany.net https://metrics.brightcove.com/ https://media.kunskapsstod.se/ https://sys-media.kunskapsstod.se/ https://mfstatic.com/ https://assets.mediaflowpro.com/ https://wds.ace.teliacompany.com http://metrics.brightcove.com/ https://regionskane.icatserver.app http://brightcove04.o.brightcove.com/ https://cf-images.eu-west-1.prod.boltdns.net/ https://d2flujgsl7escs.cloudfront.net/ https://brightcove04pmdo-a.akamaihd.net/ http://players.brightcove.net/ https://i.ytimg.com/ https://survey.userneeds.com/ 'self' data: maps.googleapis.com *.skane.se skane.se https://paladin1.icatserver.com/db_img/regionskane/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tracker.skane.analys.cloud/ https://addprocloud.nu/matomo/ https://addprocloud.nu/matomo/matomo.js maps.googleapis.com  https://dl.episerver.net https://apps.icatserver.com https://regionskane.icatserver.app https://ajax.googleapis.com http://ajax.googleapis.com https://wds.ace.teliacompany.com http://players.brightcove.net/ https://vjs.zencdn.net/ http://admin.brightcove.com/ https://widget.surveymonkey.com/ https://mfstatic.com/ https://bup-region-skane.humany.net/ https://17.inviewer.se/;style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://bup-region-skane.humany.net https://dl.episerver.net https://apps.icatserver.com https://regionskane.icatserver.app https://mfstatic.com https://wds.ace.teliacompany.com;frame-src 'self' https://wds.ace.teliacompany.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ http://players.brightcove.net/ https://survey.userneeds.com/ https://oresund.statistikbank.dk/ https://oresund.statbank.dk/ https://oresundse.statistikbank.dk/ https://play.mediaflowpro.com/;media-src 'self' https://*.prod.boltdns.net https://m.mediaflow.com/ https://v1.mediaflow.com/ https://v2.mediaflow.com/ https://mfstatic.com/ https://*.brightcovecdn.com https://*.brightcove.com https://*.media.brightcove.com https://*.cf.brightcove.com https://*.akafms.net https://17.inviewer.se/ https://*.mediaflowpro.com/ https://*.akamaihd.net blob:;connect-src 'self' https://bup-region-skane.humany.net/ https://tracker.skane.analys.cloud/ https://webbanalys.skane.analys.cloud/ https://v1.mediaflow.com/ https://v2.mediaflow.com/ https://17.inviewer.se/ https://mfstatic.com/ https://m.mediaflow.com/ https://stats.mediaflowpro.com/ https://lilum.lightsinline.se https://edge.api.brightcove.com/ https://regionskane.icatserver.app http://c.brightcove.com/ https://secure.brightcove.com/ http://hls.ak.o.brightcove.com/ http://hlsak-a.akamaihd.net/ http://brightcove01.brightcove.com/ http://manifest.prod.boltdns.net/ http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com/ http://players.brightcove.net/ https://chat.ace.teliacompany.com/ https://hlso-a.akamaihd.net/ https://eq.userneeds.com/ https://addprocloud.nu/matomo/ https://app.optimalworkshop.com/ maps.googleapis.com blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://stats.g.doubleclick.net;object-src 'self';child-src 'self' blob: https://www.skane.se/ https://utveckling.skane.se/;worker-src 'self' blob: *.skane.se;frame-ancestors 'self' ;base-uri 'self';form-action 'self';upgrade-insecure-requests;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: www.googletagmanager.com www.google-analytics.com s7.addthis.com platform.twitter.com a.adroll.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://shop.bzga.de/ https://service.bzga.de/ https://www.etracker.de/ https://static.etracker.com/ https://code.etracker.com/; img-src 'self' https://shop.bzga.de/ data: https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com 1
frame-ancestors 'self' www.psicologiaviva.com.br homologsalatwilio.psicologiaviva.com.br consulta.psicologiaviva.com.br consulta-dr123.halive.com.br integralmente.psicologiaviva.com.br unimedaraguaia.psicologiaviva.com.br preventsenior.psicologiaviva.com.br tem.psicologiaviva.com.br unimedvaledosepotuba.psicologiaviva.com.br unimedsanboa.psicologiaviva.com.br consulta.psicologiaviva.com.br sulamerica.psicologiaviva.com.br consulta-unimedceara.psicologiaviva.com.br consulta-uolmed-dr123.halive.com.br consultav2.psyalive.com blog.psyalive.com unimedaracatuba.psicologiaviva.com.br unimedcop.psicologiaviva.com.br corporate.psicologiaviva.com.br ead.psicologiaviva.com.br pasa.psicologiaviva.com.br unimedamparo.psicologiaviva.com.br unimedfesp.psicologiaviva.com.br unimedlins.psicologiaviva.com.br ams.psicologiaviva.com.br blog.psicologiaviva.com.br bcare.psicologiaviva.com.br einstein.psicologiaviva.com.br psicomanager.psicologiaviva.com.br consulta.psyalive.com pvatendimento.psicologiaviva.com.br unimedbh.psicologiaviva.com.br unimedfranca.psicologiaviva.com.br unimedparana.psicologiaviva.com.br unimedribeiraopreto.psicologiaviva.com.br unimedrio.psicologiaviva.com.br unimedvr.psicologiaviva.com.br vtrp.psicologiaviva.com.br consultav2.psicologiaviva.com.br atendimentov2.psicologiaviva.com.br universoadicto.blogspsicologiaviva.com.br redemorse.psicologiaviva.com.br eurofarma.psicologiaviva.com.br unimeditatiba.psicologiaviva.com.br arcelormittal.psicologiaviva.com.br unimed-maringa.psicologiaviva.com.br unimedpresidenteprudente.psicologiaviva.com.br unimedsjrp.psicologiaviva.com.br consulta-vitall.halive.com.br consulta-unimed531.halive.com.br unimedsaltoitu.psicologiaviva.com.br consulta-materdei.halive.com.br consulta-lifecenter.halive.com.br amil.psicologiaviva.com.br consulta-amil.psicologiaviva.com.br; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.bitonic.nl https://livechat.messagebird.com/bootstrap.js https://ocw.messagebird.com/bootstrap.js; style-src 'self' 'unsafe-inline'; img-src data: * blob:; connect-src 'self' https://stats.bitonic.nl https://pushpromjs.messagebird.com/measure https://messaging.messagebird.com/livechat/widget/; font-src data: 'self'; media-src 'self'; child-src 'self' https://livechat.messagebird.com/index.html https://ocw.messagebird.com/index.html; object-src 'self' blob:; report-uri /csp-failure-report 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3780156bafc7a67ce61b0556fc0efe65' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=5000885093683957; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=5000885093683957 1
default-src https: ws: wss: data: intent: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.scs.co.uk 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.tigo.com.py https://www.reportv.com.ar https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://*.tigo.com.py https://tigo.us7.list-manage.com https://www.reportv.com.ar https://*.cybba.solutions https://ads.sonataplatform.com https://web.webpushs.com 'sha256-1A8HjDgNe7cjNtTiJv15pZ1EwYz0YAi34wikAj7rTT0=' 'sha256-ValAKmzJqWSnn/48JPjSCKwQn7oWnnfvE7WP2TWnEc8=' 'sha256-QTukJ+LQPS+c2lrQZRVvdXFDrA5pMKajJq0Z7s0n7EA=' 'sha256-DA6YWOSAeqA9eCcwfjG2fTstEzPHeNwIC7IL0PuXmms=' 'sha256-qRVXGNUwin+YBamqhKkags+tFExhCjZq8WMLc4g4UNo=' 'sha256-MAJQF7DpxHWtqt5AmZwu54Z46hcqVGB68u2fUmA5eQA=' 'sha256-SgJm+igADPuSfQBsNzn1nv7wy/13hhWIVssmFu7z9Ks=' 'sha256-RN6oOt6HrIeQiNedPCwV2khJe/B25FZ/G23KurGCSzE='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://cdn.sendpulse.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://cdn.sendpulse.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline' blob:;img-src https: data: blob:;font-src https: data: blob:;frame-src https: blob:; 1
font-src *.fontawesome.com https://fonts.gstatic.com http://fonts.gstatic.com https://assets.sendinblue.com https://assets.brevo.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.e-transactions.fr https://*.paypal.fr https://*.paypal.com https://*.monetico-services.com https://*.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src https://amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com https://cl.avis-verifies.com http://amc.demdex.net https://sibautomation.com https://www.facebook.com https://www.googletagmanager.com https://forms.office.com https://*.sibforms.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.meetanshi.com https://meetanshi.com/media/logo.png https://*.cloudflare.com https://www.google.com.sg https://maps.googleapis.com https://maps.google.com http://maps.google.com https://maps.gstatic.com https://cl.avis-verifies.com https://*.openstreetmap.org https://black.bird.eu http://black.bird.eu https://bat.bing.com https://*.facebook.com https://*.google.fr https://*.google.com https://*.google-analytics.google.com https://www.googletagmanager.com https://burda-fr.mage.ovh https://*.sibforms.com https://img.mailinblue.com https://*.burdastyle.fr https://*.burdastyle.com https://*.abo-online.fr https://*.burdastyle.es https://*.burdastyle.pt https://*.burdastyle.uk https://*.burdastyle.nl https://*.faitmain-magazine.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.meetanshi.com https://www.google.com.sg https://googleads.g.doubleclick.net https://maps.googleapis.com https://cl.avis-verifies.com https://www.googletagmanager.com http://www.googletagmanager.com https://sibautomation.com https://connect.facebook.net https://bat.bing.com https://s3.amazonaws.com https://*.youtube.com https://downloads.mailchimp.com http://downloads.mailchimp.com https://*.sibforms.com https://sibforms.com/ https://static.cloudflareinsights.com https://www.clarity.ms/  https://js-agent.newrelic.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com https://*.sibforms.com https://sibforms.com/ https://cdnjs.cloudflare.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.meetanshi.com https://stats.g.doubleclick.net https://maps.googleapis.com https://in-automate.sendinblue.com https://in-automate.brevo.com https://*.brevo.com https://*.analytics.google.com/ https://analytics.google.com/ https://*.google-analytics.com https://*.facebook.com/ https://*.sibforms.com/ https://bam.eu01.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.sfopera.com/ 1
default-src 'self' https://maps.googleapis.com https://www.webstream.eu https://www.dbk.de/ https://login.bistumsatlas.de https://*.doubleclick.net/ https://domradiomedien.akamaized.net https://medien.domradio.de https://dbk.de/ https://youtu.be/ https://*.readspeaker.com/  https://www.dbk-shop.de https://player.vimeo.com https://www.google.com https://www.google-analytics.com https://graph.facebook.com https://www.juicer.io https://*.katholisch.de https://www.domradio.de https://www.youtube.com https://stats.dbk.de  https://cdn.myth.theoplayer.com; img-src 'self' data: https://dbk.de/ https://*.youtube.com/ https://www.webstream.eu https://www.dbk.de/ https://stats.dbk.de https://www.google-analytics.com https://pbs.twimg.com https://*.fbcdn.net https://*.juicer.io https://*.imgur.com https://*.gstatic.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://dbk.de/  https://www.google.com https://*.doubleclick.net https://www.webstream.eu https://www.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.juicer.io https://*.ytimg.com https://*.readspeaker.com https://stats.dbk.de https://*.youtube.com; font-src 'unsafe-inline' 'self' data: https://fonts.gstatic.com  https://*.juicer.io https://s3.amazonaws.com https://*.readspeaker.comd; style-src 'unsafe-inline' 'self' https://www.webstream.eu https://s3.amazonaws.com https://fonts.googleapis.com https://*.readspeaker.com https://*.juicer.io ; 1
default-src https://www.askmid.com; script-src  https://www.askmid.com  'unsafe-inline' 'unsafe-eval'; style-src https://www.askmid.com 'unsafe-inline' 1
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 1
frame-src 'self' *.facebook.com *.fbcdn.net *.helpscout.net themes.googleusercontent.com *.twitter.com accounts.google.com www.google.com ssl.gstatic.com; frame-ancestors *.transcribeme.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://indieweb.social; img-src 'self' https: data: blob: https://indieweb.social; style-src 'self' https://indieweb.social 'nonce-f3hBv7mrZjsf8OJWdA1J7A=='; media-src 'self' https: data: https://indieweb.social; frame-src 'self' https:; manifest-src 'self' https://indieweb.social; form-action 'self'; child-src 'self' blob: https://indieweb.social; worker-src 'self' blob: https://indieweb.social; connect-src 'self' data: blob: https://indieweb.social https://cdn.masto.host wss://indieweb.social; script-src 'self' https://indieweb.social 'wasm-unsafe-eval' 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' 1
upgrade-insecure-requests' 1
default-src https: data: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com api.smooch.io script.infinity-tracking.com ajax.googleapis.com cdnjs.cloudflare.com cdn.datatables.net *.onetrust.com analytics.tiktok.com *.evergage.com qvdt3feo.com tags.srv.stackadapt.com extend.vimeocdn.com *.stackadapt.com woobox.com kit.fontawesome.com *.stackadapt.com *.mention-me.com static.zdassets.com cdn.jsdelivr.net cdn-pci.optimizely.com widget.trustpilot.com analytics.freespee.com *.googletagmanager.com code.jquery.com widget-mediator.zopim.com www.google-analytics.com player.vimeo.com googleads.g.doubleclick.net bat.bing.com *.contentsquare.com *.contentsquare.net cdn.evgnet.com unpkg.com tags.srv.stackadapt.com cdn.taboola.com www.tag4arm.com connect.facebook.net trc.taboola.com; style-src 'self' 'unsafe-inline' *.hotjar.com cdnjs.cloudflare.com cdn.datatables.net fonts.googleapis.com tags.srv.stackadapt.com; child-src data: 'self' 'unsafe-inline' blob:; frame-src 'self' 'unsafe-inline' td.doubleclick.net woobox.com www.facebook.com widget.trustpilot.com a19950350606.cdn-pci.optimizely.com player.vimeo.com *.staysure.co.uk *.mention-me.com mention-me.com *.fls.doubleclick.net; connect-src 'self' *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://api.smooch.io googleads.g.doubleclick.net *.infinity-tracking.com ict.infinity-tracking.net bat.bing.com *.google.com *.onetrust.com analytics.tiktok.com analytics.google.com tags.srv.stackadapt.com webanalytics.interserv.co.uk  wss://widget-mediator.zopim.com logx.optimizely.com ekr.zdassets.com staysure.zendesk.com *.mention-me.com errors.client.optimizely.com *.analytics.google.com vimeo.com stats.g.doubleclick.net www.google-analytics.com trc-events.taboola.com www.tag4arm.com *.contentsquare.com *.contentsquare.net www.facebook.com staysuregroup.germany-2.evergage.com ka-f.fontawesome.com; frame-ancestors 'self' webanalytics.interserv.co.uk staysuregroup.germany-2.evergage.com; worker-src 'self' blob: 1
default-src * data: blob:; script-src *.swordandscale.com swordandscale.com *.bidchatserver.com *.cloudflare.com *.google.com *.googleadservices.com *.paypal.com *.chimpstatic.com chimpstatic.com *.twitter.com *.facebook.net *.facebook.com *.p.jwpcdn.com *.branch.io *.gstatic.com gstatic.com *.stripe.com *.google-analytics.com *.googletagmanager.com *.syndication.twimg.com *.disqus.com disqus.com *.disquscdn.com *.wp.com *.gravatar.com *.googlesyndication.com *.googletagservices.com *.google.co.in ckeditor.iframe.ly api.embed.ly *.google-analytics.com *.doubleclick.net *.cdn-apple.com app.link 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; style-src data: blob: 'unsafe-inline' *; connect-src *.swordandscale.com swordandscale.com gstatic.com *.gstatic.com *.rollbar.com *.facebook.com *.facebook.net *.branch.io *.bidchatserver.com *.geoplugin.net  oauth.io ckeditor.iframe.ly api.embed.ly *.google-analytics.com *.googleadservices.com *.paypal.com *.chimpstatic.com chimpstatic.com *.doubleclick.net *.googlesyndication.com *.cloudflare.com *.cdn-apple.com wss://*.swordandscale.com:* wss://*.bidchatserver.com:* ws://localhost:* blob: 'self'; 1
frame-src 'self' https://*.googleapis.com https://www.gstatic.com https://*.google.com https://*.facebook.com http://www.facebook.com https://*.fbcdn.net https://static.xx.fbcdn.net https://cdn.syndication.twimg.com https://*.api.twitter.com https://syndication.twitter.com https://*.twitter.com www.dilg.gov.ph https://www.dilg.gov.ph https://www.google-analytics.com www.google-analytics.com https://documentcloud.adobe.com; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-25f/4IyE4tWdlF/NSKRp5w=='  'sha256-wis8p5NwGQdo9HV9HnkYu2y3Uxr4lUKSmQbMs385MZs='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.lilly.tt.omtrdc.net https://lilly.demdex.net https://d.turn.com *.id.amgdgt.com *.pullthrough.tools https://www.facebook.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.rlcdn.com https://lilly.demdex.net https://omny.fm https://www.facebook.com; frame-ancestors 'self' https://endocrinologistnationsandbox.skipta.com/ https://endocrinologistnation.com/ https://doctorunite.com/ https://generationnp.com/ https://paunite.com/ https://endocrinologistnationsandbox.skipta.com/ https://endocrinologistnation.com/ https://doctorunite.com/ https://generationnp.com/ https://paunite.com/ 1
frame-ancestors 'self' http://www.philips.com.cn *.philips.com *.philips.com.cn https://philipsigtdpv.com 1
default-src 'self' https://*.enfocus.com; navigate-to *; style-src 'unsafe-inline' 'self' https://*.enfocus.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.enfocus.com https://*.googleapis.com https://*.doubleclick.net https://hello.myfonts.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.clarity.ms https://snap.licdn.com https://cdn.cookielaw.org https://secure.smart-business-foresight.com https://pi.pardot.com https://www.youtube.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.zuora.com https://privacyportalde-cdn.onetrust.com; font-src 'self' https://*.enfocus.com https://fonts.gstatic.com data:; img-src 'self' https://*.enfocus.com https://www.google.be https://www.google.com https://c.clarity.ms https://c.bing.com https://i.ytimg.com https://yt3.ggpht.com https://*.linkedin.com https://cdn.cookielaw.org https://gwg.org https://www.gwg.org https://maps.gstatic.com https://maps.googleapis.com https://eskofo2-stage.asknet.com https://www.googletagmanager.com https://lnd.esko.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.onfastspring.com data:; connect-src 'self' https://*.enfocus.com https://*.doubleclick.net https://*.googleapis.com https://cdn.linkedin.oribi.io https://r.clarity.ms https://cdn.cookielaw.org https://region1.analytics.google.com https://px.ads.linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://r.clarity.ms https://www.youtube.com https://pi.pardot.com https://www.google-analytics.com https://*.onfastspring.com https://privacyportalde-cdn.onetrust.com; child-src 'self' https://*.enfocus.com https://www.youtube.com https://www.youtube-nocookie.com https://*.onfastspring.com https://*.zuora.com; frame-ancestors 'self' https://*.enfocus.com https://*.enf-test.esko.rocks https://localhost.enf-test.esko.rocks:* 1
connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.yetiz.pl; default-src https://*.yetiz.pl blob:; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://humanized-www.ergohestia.pl https://humanized-kariera.ergohestia.pl http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://platform.twitter.com https://e.issuu.com https://*.windows.net https://www.youtube-nocookie.com https://www.webankieta.pl data:; img-src 'self' https://cdn.bsbox.pl http://cdn.bsbox.pl https://*.googleapis.com https://*.gstatic.com https://i.vimeocdn.com https://www.google-analytics.com https://www.ergohestia.pl *.gravatar.com data: https://www.facebook.com https://www.google.pl https://*.google.com https://*.3way.pl; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://cdn.jsdelivr.net https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://humanized-www.ergohestia.pl https://humanized-kariera.ergohestia.pl https://skk.erecruiter.pl https://cdnjs.cloudflare.com https://*.google.com https://www.googleadservices.com https://unpkg.com https://*.googlecode.com https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com http://platform.twitter.com https://*.vimeocdn.com https://*.3way.pl https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.3way.pl; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://wb.messengerpeople.com https://*.recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://beacon.rum.dynapis.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.hqhair.com https://m.hqhair.com https://checkout.hqhair.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://*.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://dyn-beacon.akamaized.net https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 1
frame-ancestors 'self' www.pgcc.edu; 1
default-src 'self' 'unsafe-inline' data: blob:  *.clarity.ms *.cloudflare.com *.yoast.com yoast.com *.tiktok.com *.hotjar.io *.google.com wp-rocket.me *.wistia.com *.litix.io *.helpscout.net distillery.wistia.com *.cloudfront.net *.googletagmanager.com *.mouseflow.com *.hotjar.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.gstatic.com *.doubleclick.net *.youtube.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' use.fontawesome.com *.jsdelivr.net *.google.com *.googletagmanager.com *.mouseflow.com *.gstatic.com *.hotjar.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.googleapis.com *.doubleclick.net *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:  www.clarity.ms *.cloudflare.com *.yoast.com yoast.com *.tiktok.com *.hotjar.io cdn.jsdelivr.net fast.wistia.com beacon-v2.helpscout.net wp-rocket.me *.googleapis.com *.googletagmanager.com *.mouseflow.com *.hotjar.com *.gstatic.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.google.com *.doubleclick.net *.youtube.com; object-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *.gravatar.com *.bing.com *.clarity.ms *.jsdelivr.net wp-rocket.me *.wistia.com *.wistia.com *.facebook.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.mouseflow.com *.hotjar.com *.gstatic.com *.google-analytics.com *.facebook.net *.pushwoosh.com *.google.com *.google.com.eg *.youtube.com; font-src 'self' data: *.gstatic.com *.fontawesome.com; 1
frame-ancestors 'self' https://online.hdisigorta.com.tr/; 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self' *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net  *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1
frame-ancestors 'self' https://manage.ledsmagazine.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-U6OMuyd0BkJ0Uw4Tt_xdMQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-maps.yandex.ru suggest-maps.yandex.ru mc.yandex.ru cdnjs.cloudflare.com *.maps.yandex.net https://yastatic.net https://stat.tildacdn.com; connect-src 'self' speller.yandex.net suggest-maps.yandex.ru yandex.ru wss://chat.nnt.global wss://3s-chat.dev-vps.ru wss://chat.rirportal.ru mc.yandex.ru https://stat.tildacdn.com; child-src 'self'; img-src * data:; style-src * 'unsafe-inline' cdnjs.cloudflare.com; font-src * data:;frame-src 'self' facecast.net vk.com; media-src 'self' vk.com; 1
frame-src 'self' youtube.com *.youtube.com https://optimize.google.com *.doubleclick.net www.facebook.com https://mc.yandex.ru/metrika/watch.js https://mc.yandex.ru/metrika/tag.js https://mc.yandex.ru/watch/10259011 player.vimeo.com maps.googleapis.com dct.mango-office.ru tag.oneretarget.com/11633_www.genotek.ru.js *.genotek.ru facebook.com b24.voximplant.xyz callhelper.kit-media.com app.aimylogic.com ajax.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' retagro.com citydsp.com youtube.com *.youtube.com api.mindbox.ru webecyzo.com *.webecyzo.com x.cnt.my static.indoleads.com dpartaptm.com dmrtx.com code.acstat.com *.googleoptimize.com core-renderer-tiles.maps.yandex.net api-maps.yandex.ru widgets.mango-office.ru http://localhost:3000/f/assets/main.bundle.js https://yastatic.net https://mc.yandex.ru/metrika/watch.js https://mc.yandex.ru/metrika/tag.js https://mc.yandex.ru/watch/10259011 https://www.google.com/pagead/conversion_async.js maps.googleapis.com player.vimeo.com dct.mango-office.ru tag.oneretarget.com/11633_www.genotek.ru.js tag.oneretarget.com/11633_lk.genotek.ru.js googletagmanager.com www.googletagmanager.com *.mail.ru https://optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com www.googleadservices.com vk.com top-fwz1.mail.ru ajax.googleapis.com *.roistat.com *.genotek.ru b24.voximplant.xyz callhelper.kit-media.com app.aimylogic.com connect.facebook.net *.doubleclick.net 1
default-src 'none';script-src 'self' 'nonce-c5aa3e1935fed00747800e98841b5bd3' 'unsafe-eval' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://ebsco.us1app.churnzero.net https://*.osano.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;img-src 'self' data: https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://*.ebsco.com https://*.ebsco.zone https://*.ebscohost.com https://p.typekit.net https://*.cloudflare.com https://mobile.micromedexsolutions.com https://cmp.osano.com https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png https://linkmaker.itunes.apple.com/en-us/badge-lrg.svg https://ebsco-dev.us1app.churnzero.net https://ebsco.us1app.churnzero.net;connect-src 'self' https://*.osano.com https://*.amplitude.com https://*.ebsco.com https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://dd.devqa.eismedi.com https://www.cloudflare.com https://rum.browser-intake-datadoghq.com https://use.typekit.net https://apis.ebsco.com https://login.ebsco.zone https://logon.ebsco.zone https://findmystacks.ebscomedical.com https://myaccount.ebsco.healthcare https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://resources.integration.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net https://analytics.churnzero.net;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;object-src 'self';media-src 'self' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com;manifest-src 'self';frame-src *;base-uri 'self';frame-ancestors *;form-action 'self';worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' siteimproveanalytics.com connect.facebook.net static.cloudflareinsights.com ajax.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:  i.ytimg.com *.siteimproveanalytics.io www.gstatic.com www.tehik.ee;frame-src 'self' www.youtube.com w.soundcloud.com; frame-ancestors 'self' www.youtube.com w.soundcloud.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com; 1
frame-ancestors 'self'  https://www.gov.co/ 1
Object-Src=self;default-src=none;Script-Src=self;require-sri-for=script;require-sri-for=style 1
default-src 'self'; frame-src http: https: *.google.com;img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.googletagmanager.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com;connect-src 'self' data: http: https: *.google-analytics.com; 1
connect-src 'self' https: wss: blob: data:; frame-ancestors 'self' https://www.remove.bg https://www.unscreen.com https://www.kaleido.ai https://accounts.kaleido.ai https://app.storyblok.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://js.zi-scripts.com https://cdn-prod.securiti.ai https://az416426.vo.msecnd.net https://tpc.googlesyndication.com https://tags.crwdcntrl.net https://www.rumiview.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.0/js.cookie.min.js https://js.hsforms.net https://e.clarity.ms https://i.clarity.ms/ https://www.clarity.ms https://googleads.g.doubleclick.net https://i.clarity.ms https://www.clarity.ms https://c.clarity.ms https://analytics.twitter.com https://static.ads-twitter.com https://script.crazyegg.com https://www.googleadservices.com https://cdn.mouseflow.com https://bat.bing.com https://snap.licdn.com https://analytics.clickdimensions.com https://translate.google.com https://translate.googleapis.com https://assets.adobedtm.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com  https://cdn.jsdelivr.net/ https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net https://analytics.google.com; style-src 'self' 'unsafe-inline' https://cdn-prod.securiti.ai https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/fontawesome.min.css https://fonts.cdnfonts.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com https://fonts.cdnfonts.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: blob:; img-src 'self' https://ad.doubleclick.net https://tags.w55c.net https://www.rumiview.com https://pixel.mediaiqdigital.com https://p.adsymptotic.com https://analytics.twitter.com https://bcp.crwdcntrl.net https://c.clarity.ms https://px.ads.linkedin.com https://px.ads.linkedin.com https://c.clarity.ms https://px.ads.linkedin.com https://t.co/i/adsct https://translate.google.com https://bat.bing.com https://secure.adnxs.com https://googleads.g.doubleclick.net https://www.google.com www.googletagmanager.com https://js.hsleadflows.net https://forms.hsforms.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com; media-src 'self' data: blob:; child-src 'self' https://forms.hubspot.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; connect-src 'self' https://ws.zoominfo.com/pixel/61c20dcc41e2e10020e3a6ff/ https://js.zi-scripts.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://forms.hscollectedforms.net https://www.google.com/pagead/attribution  https://cdn.linkedin.oribi.io/partner/5099178/domain/hrci.org/token https://cdn-prod.securiti.ai https://app.securiti.ai https://player.vimeo.com https://www.youtube.com https://dc.services.visualstudio.com/v2/track https://bat.bing.com https://*.clarity.ms/collect https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://www.googleadservices.com https://www.clarity.ms/eus2-c/collect https://script.crazyegg.com https://stats.g.doubleclick.net https://translate.googleapis.com https://forms.hubspot.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://analytics.google.com https://n2.mouseflow.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://bcp.crwdcntrl.net https://tpc.googlesyndication.com https://forms.hsforms.com https://bid.g.doubleclick.net https://*.doubleclick.net https://player.vimeo.com 1
child-src 'self';connect-src 'self' https://media.samegoal.com/ https://s0.samegoal.com https://s1.samegoal.com https://s2.samegoal.com https://s3.samegoal.com https://s4.samegoal.com https://s5.samegoal.com https://s6.samegoal.com https://s7.samegoal.com https://s8.samegoal.com https://s9.samegoal.com https://s10.samegoal.com https://s11.samegoal.com https://s12.samegoal.com https://s13.samegoal.com https://s14.samegoal.com https://s15.samegoal.com https://s16.samegoal.com https://s17.samegoal.com https://s18.samegoal.com https://s19.samegoal.com https://s20.samegoal.com https://s21.samegoal.com https://s22.samegoal.com https://s23.samegoal.com;default-src 'none';font-src 'self';frame-src 'self';img-src 'self' https://media.samegoal.com/ data:;media-src 'self' https://media.samegoal.com/ blob:;object-src 'self';report-uri /iep/csperror;script-src 'self';style-src 'self' 'unsafe-inline'; 1
connect-src adobedc.demdex.net edge.adobedc.net *.amazonaws.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.kyruus.com 'self' *.visualstudio.com wss:; default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src *.adobedtm.com *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.invoca.net *.invocacdn.com *.jsdelivr.net *.msecnd.net *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com datalayer.ucsfhealth.org 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com 'self' 'unsafe-inline'; worker-src blob:; 1
default-src 'self' 'unsafe-inline'; img-src * 'self' data: ; font-src 'self' https://fonts.gstatic.com/ https://use.typekit.net/ https://nationscdn.azureedge.net/ https://ka-f.fontawesome.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://nationscdn.azureedge.net/ https://fonts.googleapis.com/ https://use.typekit.net/ https://kit-free.fontawesome.com/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://ka-f.fontawesome.com/ ; frame-src 'self' https://11619105.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; media-src * 'self'; style-src 'self'  'unsafe-inline'  http://seal-seflorida.bbb.org https://fonts.googleapis.com/ https://code.jquery.com/ https://use.typekit.net https://p.typekit.net https://nationscdn.azureedge.net https://kit-free.fontawesome.com/ https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com ;  object-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://nationscdn.azureedge.net/ https://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://cdn.boomcdn.com/ https://www.googletagmanager.com/ https://www.google.com/ http://seal-seflorida.bbb.org/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.gstatic.com/ https://bat.bing.com http://bat.bing.com https://googleads.g.doubleclick.net/ 1
default-src *; img-src * 'self' data: https: blob:; connect-src * 'self' data: https: blob:; font-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
default-src 'self' data:  blob:  'unsafe-inline'  'unsafe-eval'  https:  wss:  android-webview:  android-webview-video-poster:  about:; font-src 'self' *.videobuster.de data: blob: chrome-extension: fonts.gstatic.com https://static.unzer.com; media-src 'self' *.videobuster.de www.sneakfilm.de ckd: data: blob:; block-all-mixed-content; report-uri /content-security-policy-violation; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://script.hotjar.com https://snap.licdn.com https://cdn.segment.com https://static.hotjar.com https://cdn.datatables.net https://app.posthog.com https://ml58lemqnh9a.i.optimole.com https://optimole.com https://i.optimole.com https://rewards-calculator.figment.io https://live-figment2023.pantheonsite.io https://www.googletagmanager.com https://figment.io https://cdn-cookieyes.com https://www.youtube.com https://www.google-analytics.com https://js-agent.newrelic.com https://ssl.google-analytics.com https://bam.nr-data.net https://s.ytimg.com https://www.youtube.com/iframe_api; img-src 'self' data: https://www.googletagmanager.com https://cdnjs.cloudflare.com https://px.ads.linkedin.com https://analytics.twitter.com https://cdn.datatables.net https://www.google.ca https://ml58lemqnh9a.i.optimole.com https://optimole.com https://i.optimole.com https://test-figment2023.panetheonsite.io https://live-figment2023.pantheonsite.io https://figment.io https://uploads-ssl.webflow.com/ https://secure.gravatar.com https://www.google-analytics.com https://live-figment2023.pantheonsite.io https://dev-figment2023.pantheonsite.io https://cdn-cookieyes.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.datatables.net https://app-static-prod.posthog.com https://fonts.googleapis.com https://figment.io https://live-figment2023.pantheonsite.io https://test-figment2023.panetheonsite.io; font-src 'self' data: https://cdnjs.cloudflare.com https://dev-figment2023.pantheonsite.io https://test-figment2023.panetheonsite.io https://live-figment2023.pantheonsite.io https://fonts.gstatic.com https://figment.io; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://api.segment.io https://content.hotjar.io wss://ws.hotjar.com ws.hotjar.com https://in.hotjar.com https://cdn.linkedin.oribi.io https://analytics-api.figment.io https://stats.g.doubleclick.net https://app.posthog.com https://analytics.google.com https://cdn.segment.com https://rewards-calculator.figment.io https://api.rollbar.com https://www.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://bam.nr-data.net; 1
default-src 'self' https://asi-beta.acousticsounds.com;                        script-src 'nonce-dWRmNU1zQnBmMnViQnYyZTBqaFJNdz09' 'self' 'unsafe-eval' https://ajax.googleapis.com https://asi-beta.acousticsounds.com https://seal.godaddy.com http://www.w3.org https://stackpath.bootstrapcdn.com https://www.facebook.com https://connect.facebook.net https://ajax.aspnetcdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://bat.bing.com https://www.clarity.ms https://s7.addthis.com https://tdsf.doubleclick.net https://code.jquery.com https://s3.amazonaws.com https://acousticsounds.us20.list-manage.com/ https://cdnjs.cloudflare.com;                                               style-src 'self' 'unsafe-inline' https://asi-beta.acousticsounds.com http://cdn-images.mailchimp.com;                        img-src 'self' https://asi-beta.acousticsounds.com https://www.google-analytics.com https: data: https://*.google-analytics.com https://*.googletagmanager.com;                        connect-src 'self' https://asi-beta.acousticsounds.com https://www.google-analytics.com https://*.google-analytics.com https://*.clarity.ms/collect https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://capig.stape.biz;                       frame-src 'self' https://td.doubleclick.net/ https://www.facebook.com/ https://www.youtube.com/ https://player.vimeo.com/ 1
frame-ancestors 'self' *.karte.io *.karte-io-works.in karte-io-works.in modeanalytics.com embed.chartio.com status.pusher.com www.datadoghq-browser-agent.com img-karte-io.s3.amazonaws.com template-karte.io.s3.amazonaws.com karte.thinkific.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.aiavaamo.com *.amazonaws.com *.fti-cloud.com *.avaamo.com *.bing.com *.brightcove.com *.brightcove.net *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.googleapis.com *.marketo.com *.marketo.net *.qualtrics.com *.quora.com *.twimg.com *.youtube.com accounts.franklintempletonindia.com accounts.stg.franklintempletonindia.com accounts.preprod.franklintempletonindia.com analytics.twitter.com bat.bing.com browser-update.org cdn.cookielaw.org connect.facebook.net *.firsthive.com firsthive.com platform.twitter.com snap.licdn.com static.ads-twitter.com use.fontawesome.com vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.google.co.in www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com z.moatads.com amplify.outbrain.com script.mfilterit.net ;  connect-src 'self' *.aiavaamo.com *.akamaihd.net *.amazonaws.com *.fti-cloud.com *.avaamo.com *.bing.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.googleapis.com *.marketo.com *.mktoresp.com *.onetrust.com *.onetrust.io *.qualtrics.com *.quora.com *.cloudhub.io *.widen.net *.widencdn.net *.youtube.com accounts.franklintempletonindia.com accounts.stg.franklintempletonindia.com accounts.preprod.franklintempletonindia.com cdn.cookielaw.org dc.services.visualstudio.com *.firsthive.com firsthive.com fti.wsodqa.com pdswebapi.fti-cloud.com pdswebapi.idhdev.us-west-2.int.fti-cloud.com use.fontawesome.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.fti.wallst.com www.google-analytics.com www.google.co.in www.google.com www.googleadservices.com www.gstatic.com cdn.linkedin.oribi.io ;  img-src 'self' data: *.addthis.com *.addthisedge.com *.aiavaamo.com *.akamaihd.net *.amazonaws.com *.fti-cloud.com *.avaamo.com *.bing.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.google.co.in *.google.co.uk *.google.com *.googleapis.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.qualtrics.com *.quora.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net *.youtube.com accounts.franklintempletonindia.com accounts.stg.franklintempletonindia.com accounts.preprod.franklintempletonindia.com d21y75miwcfqoq.cloudfront.net emergingmarkets.blog.franklintempleton.com *.firsthive.com firsthive.com global.beyondbullsandbears.com p.adsymptotic.com platform.twitter.com syndication.twitter.com use.fontawesome.com www.google-analytics.com www.googleadservices.com ade.clmbtech.com trk.clmbtrck.in ;  font-src 'self' data: *.addthis.com *.addthisedge.com *.avaamo.com *.bing.com *.ftsites.com *.googleapis.com *.quora.com *.youtube.com accounts.franklintempletonindia.com accounts.stg.franklintempletonindia.com accounts.preprod.franklintempletonindia.com *.firsthive.com firsthive.com fonts.googleapis.com fonts.gstatic.com use.fontawesome.com ;  style-src 'self' 'unsafe-inline' *.addthis.com *.addthisedge.com *.aiavaamo.com *.amazonaws.com *.fti-cloud.com *.avaamo.com *.bing.com *.franklintempleton.com *.ftsites.com *.googleapis.com *.googletagmanager.com *.marketo.com *.quora.com *.youtube.com accounts.franklintempletonindia.com accounts.stg.franklintempletonindia.com accounts.preprod.franklintempletonindia.com *.firsthive.com firsthive.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com use.fontawesome.com www.google.co.in www.google.com www.googleadservices.com www.gstatic.com ;  worker-src blob: *.aiavaamo.com *.avaamo.com firsthive.com *.franklintempletonindia.com ; 1
default-src 'self'; script-src 'sha256-W/8cTdaQVHipR5UUPhmF8pz1819I4qamnggWXrcrOCI=' 'nonce-cRn+rGkzKQLByxlCWKP0SQ==' 'self' 'report-sample' 'self' 'unsafe-eval' assets.adobedtm.com *.snsbank.nl www.googleadservices.com googleads.g.doubleclick.net sign.goodclothesfairpay.eu country.proca.foundation www.youtube.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com cdn.cookielaw.org swa.devolksbank.nl fonts.googleapis.com googletagmanager.com fonts.gstatic.com w.usabilla.com; style-src 'report-sample' 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net fonts.googleapis.com googletagmanager.com *.googletagmanager.com fonts.gstatic.com w.usabilla.com; object-src 'none'; base-uri 'self' *.cloudfront.net; connect-src 'self' https://backend.vanafhier.nl swa.devolksbank.nl sign.goodclothesfairpay.eu dpm.demdex.net country.proca.foundation captcha.proca.app check-mail.proca.app api.proca.app nl.proca.app cdn.cookielaw.org geolocation.onetrust.com sentry.netvlies.nl fonts.googleapis.com googletagmanager.com fonts.gstatic.com w.usabilla.com api.usabilla.com *.cloudfront.net privacyportal-de.onetrust.com; font-src 'self' fonts.googleapis.com googletagmanager.com fonts.gstatic.com w.usabilla.com *.cloudfront.net; frame-src 'self' https://snsbank.demdex.net *.googletagmanager.com https://www.youtube.com https://d6tizftlrpuof.cloudfront.net; img-src 'self' cdn.cookielaw.org swa.devolksbank.nl https://i.ytimg.com https://www.facebook.com https://docker.creative-serving.com secure.adnxs.com *.cloudfront.net fonts.googleapis.com googletagmanager.com *.googletagmanager.com fonts.gstatic.com w.usabilla.com data: https://backend.vanafhier.nl; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://backend.vanafhier.nl/report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.instagram.com *.cookie-script.com cookie-script.com *.clevercast.com *.webpushs.com *.gstatic.com *.recaptcha.net securepubads.g.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com *.googleadservices.com cdnjs.cloudflare.com *.hit.gemius.pl static.chartbeat.com cdn.ampproject.org *.twitter.com fonts.googleapis.com *.rmm.be matomo.live.digitalpulse.dev; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net web.webpushs.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.cookie-script.com cookie-script.com *.sendpulse.com:4434 *.gstatic.com matomo.live.digitalpulse.dev; font-src 'self' data: use.typekit.net fonts.gstatic.com; frame-src 'self' *.instagram.com player.cdn01.rambla.be player.clevercast.com www.recaptcha.net *.google.com *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.facebook.com *.twitter.com *.hit.gemius.pl *.youtube-nocookie.com *.youtube.com *.rmm.be; img-src 'self' 'unsafe-inline' data: *.googlesyndication.com *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.sendpulse.com cdnjs.cloudflare.com *.chartbeat.net *.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://app.storyblok.com 1
default-src 'self' https: *; font-src 'self' https: data: * https://js.intercomcdn.com http://fonts.intercomcdn.com; img-src 'self' https: data: * https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' * https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://calendly.com https://*.airbrake.io; style-src 'self' https: 'unsafe-inline' *; frame-src 'self' https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://calendly.com https://assets.calendly.com https://*.airbrake.io; child-src 'self' * https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://calendly.com https://*.airbrake.io; connect-src 'self' * https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://calendly.com https://*.airbrake.io; frame-ancestors https://*.myshopify.com https://*.shopify.com https://admin.shopify.com 1
base-uri 'none';object-src 'self' data:;script-src 'sha256-cn+m4pgNe3IRKICUaY3gG23Aofqr4BdxhBFi1A5Tg+Y=' 'sha256-ZNumia+5/9kqsTG18Bq9sp+4TDGre4ghlK5+/rgNZig=' 'sha256-TySAq9mfDJ7IPyttG9+RdOB+TGNDhey59XsGfFpw4vg=' 'sha256-Z2dLC8i/Z5SzG2LduMOBUlHHkTB1aQopojs5Dc1YwEA=' 'sha256-qBkywo7yasFP9P+ErkRH/VdHjUi3aNK7UdAAz1Ba674=' 'sha256-8vBHcrHltWkpbEVC4QKjHrFBgyZb+X32zKqeQ6l0qpo=' 'sha256-B7uwDAzv07fJBQ5Lrjd46hGfThZBHGY3KL3UGDKesA4=' 'sha256-btEfwm6PixrxsF3K/8pY/T+UZt6LkRdcbu5YRf2LJm0=' 'sha256-yRswpmov+AxTUvccky36ROK1GAliE/DVj3bVarRGS84=' 'sha256-oGbglMu4QQRoFeXBhCr2IZC3GZbvLqMD7Hn5z1nSqo0=' 'sha256-lWik/DTuzflALuwIdFoEa27YoO6Y3MkOtMVAwrTYdDU=' 'sha256-xkftsoET0xiFlHC4L/q7sdhNzuq8J6eTf7yjpinxIGw=' 'sha256-iovF5sV99VSTddV41IxK+2yeaUaTuft4hhMiFOaWvoA=' 'sha256-xnAQd9z3v53faS6N35LQru4VuYLDtInU9q9RCEQWLE8=' 'sha256-hUY9Z5K+ulj+moK1t1x0Nu/7rq0Bc3V9vcoElZvdeSk=' 'sha256-rG1ZiaWjXVtTxVly847cpV+Egnfaexpi2PH4o33yKbk=' 'sha256-JmOHOv6ifyNkf6A9XIvAo4+VC6+cLPQFhaG0C65KwC8=' 'sha256-Mfijc5ng1HSrdP0aV51ub1qul3u+ZbfdQDivCCTwaVQ=' 'sha256-2ACKbDhNAL28wjS7x6MmQJaCH4wvqFeL5ELgFzRVrN4=' 'sha256-n6vTNe/6PubA3aTuumlTB0MBB3tozgwz6+WptMm2h8w=' 'sha256-Sv7AYquCRjd3kM8iVFVsYJ8uZcMhOhfL3Xrf7al1kkQ=' 'sha256-F0c8w6FaizCiJOXVBPyYARX2vzPYnd8/e/z5pN5Aotg=' 'sha256-6RrYx2D6uzyYEZrjGxisfByNQVj5A9dnUOnfbQrcH2Y=' 'sha256-9d383ZP7Tg8tQVad/QXHU6HneRA+WBF+Vv41J/E1O08=' 'sha256-UgVdMIW7pAYdJ5YUqs1QVQ9YRFjHuu+aGUQVSSUhAnY=' 'sha256-kFggNugiMlQgV8PgG2kfw+T/rL/RehA9c+dmmzpWkiI=' 'sha256-pqlUlNTywujDA0M+2j5LuHLrM+4/Nxyom1mMfCNph9I=' 'sha256-n199oP83p72gzdQNIs6HAk2gSv0psuOcW1hZZ5RVcyM=' 'sha256-EDj7W9PPlDOnfrxwlZJboGk7wwu+J3wk8oTwWfffEBc=' 'sha256-v85YtynazVNzwFHrNo1gjzjnYnAxaCZPR1KMVQHFNdU=' 'sha256-u35GM1kxpA8/DCeeZy0G6Pl2pa1oXUebKf7VoPnTPsA=' 'sha256-E0z5qgk9mtw2Gim81djyDxPJ9GFPolS4P/T2yVJQbkY=' 'sha256-XB8/cQ54gItx6qZ4K1UBeWn+49o1h2TqGfoau1d16EA=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4='  https://a.localmonero.co 'sha256-kU270cRNgDiWGJyZygoB0f3LgtdWDmBQqyk4wxYOYq8=' 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A=' 'self' https://maps.googleapis.com 'unsafe-eval';worker-src 'self' blob:;default-src 'self' https://a.localmonero.co;img-src 'self' blob: data:;connect-src 'self' https://api.mapbox.com https://a.localmonero.co https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js https://blockchain.info https://mempool.space https://blockstream.info https://api.blockcypher.com https://api.coingecko.com https://api.coincap.io https://bitcoiner.live https://kowalski.fiatfaucet.com:443 https://dewitte.fiatfaucet.com:443 https://node.portemonero.com:443 https://node.sethforprivacy.com:443 https://monerod.slvit.us:443 https://xmr.yemekyedim.com:18081 https://xmr.yemekyedim.com:18089 https://node.sethforprivacy.com:18089 https://xmr.bunkerlab.net:443 https://chad.fiatfaucet.com:443 https://localhost:18081;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com *.google-analytics.com *.reactandshare.com *.cookiebot.com *.googletagmanager.com *.analytics.google.com *.cookiebot.eu plausible.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: static.addtoany.com consent.truste.com *.trustarc.com *.gstatic.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.pt *.googleusercontent.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.net *.facebook.com *.adform.net *.doubleclick.net *.youtube.com; report-uri /report-csp-violation 1
default-src blob: data: 'self' *.rubicon.com *.zoominfo.com *.w3.org http://*.gravatar.com https://*.jsdelivr.net https://*.googlesyndication.com *.jquery.com *.bootstrapcdn.com *.stackadapt.com *.zi-scripts.com https://*.pantheonsite.io https://js.zi-scripts.com/zi-tag.js *.pardot.com https://*.newrelic.com *.doubleclick.net *.linkedin.com *.clarity.ms https://unpkg.com *.bidr.io *.rlcdn.com *.company-target.com *.google.com *.google.com.np *.adsymptotic.com *.oribi.io *.nr-data.net *.googletagmanager.com *.akamaized.net https://cdn.cookielaw.org/ https://cdn.cookielaw.org/scripttemplates/ https://vod-progressive.akamaized.net *.youtube.com *.vimeo.com *.vimeocdn.com *.facebook.net *.facebook.com *.cloudfront.net *.googleapis.com *.demandbase.com *.pusher.com *.bugsnag.com *.gstatic.com *.incontact.com *.bing.com *.licdn.com *.google-analytics.com *.googleadservices.com *.clickcease.com https://qvdt3feo.com *.bugherd.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'none';form-action 'self' *.rubicon.com *.facebook.com; 1
default-src 'self' *.hubspot.com http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src * 'unsafe-eval' 'unsafe-inline' https: data: blob: about:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a-wilhelmsen.vev.site https://js.monitor.azure.com https://use.typekit.net https://platform.twitter.com https://connect.facebook.net https://platform.linkedin.com https://snap.licdn.com https://*.hotjar.com https://www.google-analytics.com https://www.google.com https://*.pardot.com https://*.wilhelmsen.com https://www.gstatic.com https://assets.juicer.io https://web-sdk-eu.aptrinsic.com https://maps.googleapis.com https://embed.vev.page *.vev.design https://s.adroll.com https://serve.albacross.com https://d.adroll.com https://www.ciaas.no/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.googletagmanager.com; object-src 'self'; frame-src 'self' viewer.mapme.com toll-calculators.herokuapp.com *.oms.no *.facebook.net utp.ucweb.com issuu.com *.issuu.com go.pardot.com ir.asp.manamind.com *.fls.doubleclick.net www.youtube.com mp.digital.wilhelmsen.com *.wilhelmsen.com *.doubleclick.net www.google.com www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.thinglink.com player.vimeo.com platform.twitter.com vars.hotjar.com https://www.ciaas.no/ app.powerbi.com; connect-src 'self' dc.services.visualstudio.com *.yandex.net *.wigoal.com uc.gre *.ucweb.com *.uc.cn *.dca0.com www.google.com stats.g.doubleclick.net new-collect.albacross.com www.juicer.io www.google-analytics.com esp-eu.aptrinsic.com *.hotjar.com *.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://www.ciaas.no/ https://*.analytics.google.com; img-src 'self' data: https://assets.juicer.io https://syndication.twitter.com https://*.google-analytics.com https://www.facebook.com https://p.typekit.net https://*.linkedin.com https://*.bluestonepim.com https://maps.gstatic.com https://maps.googleapis.com https://assets.juicer.io https://www.juicer.io https://ad.doubleclick.net https://www.google.pl/ads/ https://new-collect.albacross.com https://www.ciaas.no/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.vev.design https://*.googletagmanager.com; font-src 'self' *.cloudfront.net *.amazonaws.com static.juicer.io fonts.gstatic.com use.typekit.net script.hotjar.com https://www.ciaas.no/ *.vev.design data:; media-src 'self' *.vev.design; base-uri 'self'; form-action 'self' connect.facebook.net; frame-ancestors 'self' www.wilhelmsen.com *.wilhelmsen.com https://www.thinglink.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: maxcdn.bootstrapcdn.com fonts.gstatic.com embed-fastly.wistia.com blob: fast.wistia.com data: gap: mychart.northmemorial.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.addtoany.com static.ads-twitter.com *.bing.com d10lpsik1i8c69.cloudfront.net *.youtube.com *.resonate.com *.adsrvr.org sc-static.net analytics.tiktok.com *.fls.doubleclick.net px.ads.linkedin.com connect.facebook.net settings.luckyorange.net t.co ds.reson8.com www.google.com analytics.twitter.com js-agent.newrelic.com tr.snapchat.com *.nr-data.net *.snapchat.com *.googleadservices.com googleads.g.doubleclick.net snap.licdn.com www.google-analytics.com bbox.blackbaudhosting.com s0.2mdn.net tbcdn.talentbrew.com tbcdn.staging.talentbrew.com fast.wistia.com js.stripe.com mychart.northmemorial.com www.gstatic.com dc.ads.linkedin.com sjs.bizographics.com px4.ads.linkedin.com s.pinimg.com careers.static.pageuppeople.com sky.blackbaudcdn.net cdn.jsdelivr.net google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cloud.typography.com maxcdn.bootstrapcdn.com ajax.googleapis.com tbcdn.talentbrew.com fonts.googleapis.com bbox.blackbaudhosting.com mychart.northmemorial.com code.jquery.com sky.blackbaudcdn.net cdn.jsdelivr.net 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: px.ads.linkedin.com www.facebook.com t.co www.google.com bat.bing.com p.adsymptotic.com northmemorial.com connect.facebook.net fast.wistia.com maps.googleapis.com maps.gstatic.com *.wistia.com bbox.blackbaudhosting.com www.linkedin.com dev-north-memorial-health.pantheonsite.io test-north-memorial-health.pantheonsite.io embedwistia-a.akamaihd.net analytics.twitter.com s.w.org px4.ads.linkedin.com dc.ads.linkedin.com sjs.bizographics.com ct.pinterest.com sky.blackbaudcdn.net img.youtube.com ad.doubleclick.net secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' bat.bing.com ds.reson8.com stats.g.doubleclick.net settings.luckyorange.net www.facebook.com analytics.tiktok.com tr.snapchat.com *.nr-data.net yoast.com maps.googleapis.com *.wistia.com fg8vvsvnieiv3ej16jby.litix.io www.google.com adservice.google.com embedwistia-a.akamaihd.net ct.pinterest.com cdn.linkedin.oribi.io assets10.lottiefiles.com analytics.pangle-ads.com px.ads.linkedin.com tr6.snapchat.com www.google-analytics.com ampcid.google.com analytics.google.com about: maps.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com data:; media-src * embedwistia-a.akamaihd.net blob:; frame-src 'self' *.doubleclick.net *.adsrvr.org *.snapchat.com static.addtoany.com www.facebook.com northmemorial.wufoo.com bbox.blackbaudhosting.com *.stripe.com mychart.northmemorial.com javamatch.matchinggifts.com sc-static.net www.google.com mychart-north-memorial-health.pantheonsite.io ct.pinterest.com sky.blackbaudcdn.net host.nxt.blackbaud.com *.youtube-nocookie.com blob: northmemorial.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: data: gap: www.youtube.com www.googletagmanager.com; frame-ancestors * https://mychart-north-memorial-health.pantheonsite.io https://mychart.northmemorial.com mychart.northmemorial.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://zaproszenia.zakopane.pl; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://loli.best; img-src 'self' https: data: blob: https://loli.best; style-src 'self' https://loli.best 'nonce-3rTRD29eiozLlIB7Gt7OFw=='; media-src 'self' https: data: https://loli.best; frame-src 'self' https:; manifest-src 'self' https://loli.best; form-action 'self'; connect-src 'self' data: blob: https://loli.best https://loli.best wss://loli.best; script-src 'self' https://loli.best 'wasm-unsafe-eval'; child-src 'self' blob: https://loli.best; worker-src 'self' blob: https://loli.best 1
frame-ancestors 'self' https://live.bleulibellule.com 1
frame-ancestors https://*.swisscom.ch https://*.mycloud.ch http://localhost:4200 https://*.experiencecloud.adobe.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://*.mgbox.io/ https://*.magic.link/ https://*.fortmatic.com/ https://fortmatic.github.io/ blob: https://*.fortmatic.com https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://form.typeform.com  *.hs-sites.com *.hubspot.com; img-src 'self' https://tr.lfeeder.com/ https://api.producthunt.com https://*.magic.link/ https://*.fortmatic.com/ https://fortmatic.github.io/ https://anima-uploads.s3.amazonaws.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.githubusercontent.com https://www.google.com/ *.hubspot.com data:; connect-src 'self' https://*.magic.link/ https://*.fortmatic.com/ https://api.segment.io/ https://api.mixpanel.com/ https://api.amplitude.com/ https://api.stripe.com https://api.rollbar.com *.hs-banner.com *.hubspot.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/ https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://www.google-analytics.com/analytics.js https://cdn.amplitude.com/ https://js.stripe.com/v3 https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/embed.js *.hubspot.com; script-src-elem 'self' https://js.stripe.com/v3 https://cdn.segment.com/ https://www.google-analytics.com/analytics.js https://cdn.amplitude.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sc.lfeeder.com/ https://embed.typeform.com/embed.js *.usemessages.com *.hs-scripts.com *.hs-banner.com *.hsadspixel.net *.hs-analytics.net; font-src 'self'; base-uri 'self'; 1
default-src 'self' *.arekibo.com *.rsa.ie; script-src 'self' 'unsafe-inline' 'unsafe-eval' script.crazyegg.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.arekibo.com cdn.cookielaw.org www.googletagmanager.com polyfill.io browser-update.org *.rsa.ie *.addthis.com *.moatads.com *.addthisedge.com *.assets-queue-it.net *.cookiepro.com *.onetrust.com *.tableau.com sc-static.net *.tiktok.com *.snapchat.com cdn.botframework.com *.mailerlite.com *.mlcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.arekibo.com *.rsa.ie *.mailerlite.com *.mlcdn.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.arekibo.com *.rsa.ie *.mailerlite.com; img-src 'self' *.tableau.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.arekibo.com cdn.cookielaw.org img.youtube.com *.rsa.ie *.cookiepro.com sc-static.net *.tiktok.com *.snapchat.com *.mlcdn.com; media-src 'self' data: blob:; frame-src https://web.powerva.microsoft.com/ 'self' www.euroncap.com euroncap.com public.healthatlasireland.ie *.addthis.com *.soundcloud.com *.google.com *.youtube.com youtu.be *.tableau.com *.snapchat.com *.tiktok.com; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.arekibo.com *.rsa.ie *.addthis.com www.euroncap.com euroncap.com public.healthatlasireland.ie sc-static.net *.tiktok.com *.snapchat.com; connect-src 'self' blob: accounts.google.com *.crazyegg.com *.cookiepro.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.arekibo.com cdn.cookielaw.org www.google-analytics.com privacyportal-eu.onetrust.com *.rsa.ie soundcloud.com stats.g.doubleclick.net *.addthis.com public.healthatlasireland.ie maps.googleapis.com *.onetrust.com sc-static.net *.tiktok.com *.snapchat.com *.google-analytics.com *.environment.api.powerplatform.com https://europe.directline.botframework.com wss://europe.directline.botframework.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.com.hk:* *.hsbc.com.au *.veda.com.au *.widgetworks.com.au *.infochoice.com.au geocoderweb.veda.com.au *.member-hsbc-group.com *.licdn.com *.trkd-hs.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net tags.tiqcdn.com lpcdn.lpsnmedia.net cdn.optimizely.com lptag.liveperson.net accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com s.yimg.com bat.bing.com *.ebanking.hsbc.com.hk cdn-assets-prod.s3.amazonaws.com; img-src data: * android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.au *.veda.com.au wss://*.hsbc.com *.hsbc.com.hk:* *.onfido.com *.hsbc.com *.biocatch.com *.amazonaws.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com manifest.prod.boltdns.net *.brightcovecdn.com www.google.com www.facebook.com maps.googleapis.com ad.doubleclick.net www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com akamai.tiqcdn.com www.google.com.au www.hsbc.com.au col.eum-appdynamics.com *.tt.omtrdc.net rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn.linkedin.oribi.io translate.googleapis.com *.dbankcloud.com *.liveperson.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.hsbc.com.au *.bankstatements.com.au *.infochoice.com.au *.widgetworks.com.au *.trkd-hs.com *.googletagmanager.com www.facebook.com connect.facebook.net td.doubleclick.net *.demdex.net 8709841.fls.doubleclick.net *.ebanking.hsbc.com.hk *.hsbc.com.hk *.cdn.optimizely.com gateway.zscloud.net gateway.zscalertwo.net google.com gateway.zscaler.net; frame-ancestors 'self' www.hsbc.com.au; font-src 'self' data: *.hsbc.com.hk *.hsbc.com.au fonts.gstatic.com at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob: *.hsbc.com.au; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.au *.infochoice.com.au www.googletagmanager.com; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.com.au; upgrade-insecure-requests ; report-uri /csp/report; 1
font-src 'self' data: *; default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' https://logrhythm.com https://disqus.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://play.vidyard.com https://google.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.privacymanager.io https://*.6sc.co https://analytics.google.com https://*.googlesyndication.com https://ws.zoominfo.com https://bat.bing.com https://spcollector.pathfactory.com https://adservice.google.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://cdn-app.pathfactory.com https://*.fontawesome.com https://www.gartner.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://*.trustarc.com https://launchpad.privacymanager.io https://launchpad-wrapper.privacymanager.io https://jobs.jobvite.com https://play.vidyard.com https://yoast.com https://ws.zoominfo.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://cdn-app.pathfactory.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://demostack.app https://*.trustarc.com https://*.doubleclick.net https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://forms.office.com https://jobs.jobvite.com https://play.vidyard.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.getbambu.com https://*.logrhythm.com; 1
default-src 'self' 'unsafe-inline' data: *.topachat.com *.groupe-ldlc.com *.affilae.com www.recaptcha.net www.gstatic.com wss:;img-src 'self' blob: *.topachat.com i.ytimg.com data:;frame-ancestors 'self'; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.ru https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
frame-ancestors 'self' ; frame-src *.incb.org *.twitter.com *.youtube.com 1
frame-ancestors 'self' *.carrierenterprise.com *.carrierenterprise.ca *.punchout2go.com *.tradecentric.com *.buyerquest.net docs.google.com; 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.analyticspodium.com https://*.calltrk.com https://*.callrail.com https://*.brandcdn.com https://*.podium.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://www.mrhandyman.com blob: https://*.convertexperiments.com https://*.cloudfunctions.net https://*.rlcdn.net https://*.mountain.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellow.ai https://*.yellowmessenger.com https://*.web-2-tel.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com https://www.mrhandyman.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; object-src 'none'; connect-src https://*.analyticspodium.com https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.brandcdn.com https://*.podium.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.adroll.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://www.mrhandyman.com https://*.bing.com blob: https://*.cloudfunctions.net https://*.rlcdn.net https://*.convertexperiments.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellow.ai https://*.yellowmessenger.com; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com https://www.mrhandyman.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.google.com https://*.cloudfront.net https://*.cloudflare.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://www.mrhandyman.com https://*.broadly.com blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com https://*.tryinteract.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
default-src 'self' piwik.it.hs-hannover.de consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-hannover.de code.jquery.com *.instagram.com *.youtube.com *.ytimg.com *.jobware.net wissen.hannover.de *.cookiebot.com; style-src 'self' 'unsafe-inline' *.hs-hannover.de; img-src 'self' data: *.hs-hannover.de *.cdninstagram.com maps.googleapis.com; media-src 'self' *.youtube.com;font-src 'self' data: *.hs-hannover.de; frame-src 'self' *.hs-hannover.de *.youtube.com *.jobware.net wissen.hannover.de *.cookiebot.com; manifest-src 'self' *.hs-hannover.de; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.gstatic.com;connect-src 'self' https://www.google-analytics.com;img-src 'self' data: https://www.google-analytics.com;style-src 'self' 'unsafe-inline';frame-src https://www.google.com/recaptcha/; 1
frame-ancestors *.originlab.com 1
frame-ancestors 'self' https://*.bild.de http://*.bild.de https://*.meinestadt.de http://*.meinestadt.de https://*.schoener-wohnen.de http://*.schoener-wohnen.de https://*.stern.de http://*.stern.de https://*.handelsblatt.com http://*.handelsblatt.com https://*.spiegel.de http://*.spiegel.de https://*.sueddeutsche.de http://*.sueddeutsche.de https://*.tagesspiegel.de http://*.tagesspiegel.de https://*.wiwo.de http://*.wiwo.de https://*.homeday.de http://*.homeday.de https://*.homeday.dev http://*.homeday.dev https://localhost:* http://localhost:*; 1
frame-ancestors 'self' https://m.clubcodere.es https://m.apuestas.codere.es https://m.codere.pa https://m.codere.com.co https://blog.codere.com.co file://*; 1
frame-ancestors 'self' localhost fo.ru editor.fo.ru yep.com fosite.ru localhost:3000 172.16.55.208:3000 localhost:9222 betaeditor.fo.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com fo.vin editor.fo.vin; 1
frame-ancestors 'self' https://extrawatch.com https://app.extrawatch.com; upgrade-insecure-requests; 1
script-src 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js https://s3.waw2-1.cloudferro.com/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://region1.google-analytics.com; style-src 'unsafe-inline' https://s3.waw2-1.cloudferro.com/ https://platform.twitter.com/ https://ton.twimg.com/; connect-src 'self' https://www.google-analytics.com/j/ https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://region1.analytics.google.com/; frame-ancestors 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://cloudferro.softgarden.io/; default-src https://s3.waw2-1.cloudferro.com/; img-src https://s3.waw2-1.cloudferro.com/ https://www.google.com/ https://www.google.pl/ https://www.google-analytics.com/ https://abs.twimg.com/ https://pbs.twimg.com/ http://abs.twimg.com/ https://platform.twitter.com/ https://ton.twimg.com/ https://www.googletagmanager.com/ https://syndication.twitter.com/ data:; 1
font-src *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.usercentrics.eu *.google.com *.gstatic.com *.spotifycdn.com *.spotify.com e.issuu.com issuu.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com googleads.g.doubleclick.net *.googletagmanager.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.schott-music.com blob: *.usercentrics.eu schott-staging.s3.eu-central-1.amazonaws.com schott-production.s3.eu-central-1.amazonaws.com *.googleapis.com *.gstatic.com *.google.de www.magecomp.com integrations.etrusted.com *.isu.pub *.newsletter2go.com *.trustedshops.com *.googletagmanager.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.googletagmanager.com *.google-analytics.com *.usercentrics.eu *.gstatic.com *.googleapis.com cdnjs.cloudflare.com ipinfo.io *.isu.pub *.newsletter2go.com *.spotifycdn.com *.trustedshops.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com integrations.etrusted.com *.isu.pub *.spotifycdn.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src *.schott-music.com 'self' 'unsafe-inline'; media-src *.adobe.com *.schott-music.com schott-production.s3.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com *.google-analytics.com *.usercentrics.eu *.doubleclick.net *.googleapis.com *.newsletter2go.com *.google.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com static-eu.payments-amazon.com *.hotjar.com t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.schott-music.com/de/csp/report/; report-to report-endpoint; 1
default-src 'self' data: blob: https: *.fls.doubleclick.net *.brightcove.com *.brightcove.net *.fmglobal.com local.fmglobal pbs.twimg.com *.googletagmanager.com http://manifest.prod.boltdns.net *.akamaihd.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.bing.com cdn.datatables.net;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://mktdplp102cdn.azureedge.net/ https://cdn.cookielaw.org/ ws.zoominfo.com *.brightcove.com *.brightcove.net *.fmglobal.com local.fmglobal *.bing.com cdn.datatables.net cdnjs.cloudflare.com connect.facebook.net js.adsrvr.org s.go-mpulse.net s7.addthis.com snap.licdn.com static.ads-twitter.com tag.demandbase.com www.google-analytics.com www.googletagmanager.com *.addthis.com z.moatads.com *.addthisedge.com vjs.zencdn.net *.virtualearth.net www.googleadservices.com *.ceros.com; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' blob: *.fmglobal.com local.fmglobal; frame-ancestors 'self' https://huteight.co.uk/ 1
default-src 'none'; img-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://aws.demdex.net https://a0.awsstatic.com/ https://*.mrc-sunrise.marketing.aws.dev data:; script-src 'self' 'unsafe-inline' https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ https://*.mrc-sunrise.marketing.aws.dev ; font-src 'self' data:; media-src 'self' https://*.mrc-sunrise.marketing.aws.dev; style-src 'unsafe-inline' https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js 'self'; object-src 'none'; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net data:; connect-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://*.shortbread.aws.dev https://cm.everesttech.net https://vs.aws.amazon.com https://spot-bid-advisor.s3.amazonaws.com/spot-advisor-data.json https://aws.demdex.net https://dpm.demdex.net https://d1qsjq9pzbk1k6.cloudfront.net https://b0.p.awsstatic.com https://d2i2o7lgog0p0i.cloudfront.net/Prod/LogReactUIErrors https://hlwafrg42d.execute-api.us-east-1.amazonaws.com/prod/ https://aws.amazon.com https://csml-prc-prod.us-west-2.api.aws/prc/csml/logging https://dzzn6wbl7e9ou.cloudfront.net/ https://d3knqfixx3sbls.cloudfront.net/ https://dnd5zrqcec4or.cloudfront.net/Prod/v2/saveAs https://7bena91p37.execute-api.us-west-2.amazonaws.com/Prod/v1/graphql https://console.aws.amazon.com/aperture/feedback/render https://*.aperture-public-api.feedback.console.aws.dev https://d3pv0p0lgn4sbz.cloudfront.net https://d1cec4jo95y6k9.cloudfront.net https://d2c.aws.amazon.com/ https://d37oee5zp73e2j.cloudfront.net https://*.mrc-sunrise.marketing.aws.dev wss://*.transport.connect.us-east-1.amazonaws.com https://drm74kn5i7.execute-api.us-west-2.amazonaws.com/prod/pec/monitoring/logging ; 1
frame-ancestors *.spiele-kostenlos-online.de 1
default-src blob: data: wss://*.megawin.mk:* wss://megawin.mk:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://megawin.mk https://*.megawin.mk https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.mk https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://*.doubleclick.net https://*.googlesyndication.com https://doubleclick.net https://googlesyndication.com ; frame-ancestors 'self' https://*.megawin.mk 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.party; img-src 'self' https: data: blob: https://mstdn.party; style-src 'self' https://mstdn.party 'nonce-TqiVL1wiOjq8fyod+u1RSg=='; media-src 'self' https: data: https://mstdn.party; frame-src 'self' https:; manifest-src 'self' https://mstdn.party; form-action 'self'; child-src 'self' blob: https://mstdn.party; worker-src 'self' blob: https://mstdn.party; connect-src 'self' data: blob: https://mstdn.party https://files.mstdn.party wss://api.mstdn.party; script-src 'self' https://mstdn.party 'wasm-unsafe-eval' 1
default-src 'self'; child-src 'self'; connect-src *; style-src 'self' 'unsafe-inline' https://*.npo.nl https://*.nos.nl https://*.jeugdjournaal.nl; font-src 'self' https://*.nos.nl https://*.jeugdjournaal.nl data:; img-src * data:; style-src-elem 'self' 'unsafe-inline' https://*.npo.nl https://*.nos.nl https://*.jeugdjournaal.nl; worker-src 'self' blob:; media-src * blob:; frame-src *; script-src 'self' *.nos.nl https://*.npo.nl https://*.jeugdjournaal.nl; 1
default-src 'self' blob: data; frame-ancestors 'self'; form-action 'self' https://beehaw.org; manifest-src *; connect-src *; img-src https://* data:; child-src 'self'; object-src 'none'; script-src 'self' https://beehaw.org 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-src https://* ; media-src https://* ; upgrade-insecure-requests; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: http:; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net; object-src 'none'; frame-ancestors 'none' 1
object-src 'self' data: blob: https://*.atende.net https://*.ipm.com.br https://*.nfs-e.net https://seal.digicert.com; block-all-mixed-content; form-action 'self' *.nfs-e.net https://*.ipm.com.br https://*.atende.net https://*.acesso.gov.br; frame-ancestors 'self' https://*.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; 1
prefetch-src www.bing.com edgeshoppingstatic.azureedge.net; script-src-elem *.crazyegg.com *.popupsmart.com *.wisepops.com *.wisepops.net d.impactradius-event.com snapui.searchspring.io cdn-swell-assets.yotpo.com commerce.adobedtm.com static.zdassets.com www.google-analytics.com cdn.listrakbi.com www.googletagmanager.com apis.google.com cdn.swellrewards.com unpkg.com connect.facebook.net ajax.googleapis.com sdk.helloextend.com s1.listrakbi.com services.listrak.com at1.listrakbi.com bat.bing.com www.gstatic.com gc.kis.v2.scr.kaspersky-labs.com googleads.g.doubleclick.net www.google.com magento-recs-sdk.adobe.net js.braintreegateway.com cdn.searchspring.net cdn1.affirm.com m1.listrakbi.com www.paypal.com www.paypalobjects.com c.paypal.com imgs.signifyd.com cdn-scripts.signifyd.com cdn-widgetsrepository.yotpo.com cdn-widget-assets.yotpo.com js.authorize.net packout.milwaukeetool.com www.googleadservices.com tpc.googlesyndication.com *.viralsweep.com me.kis.v2.scr.kaspersky-labs.com ff.kis.v2.scr.kaspersky-labs.com me.kes.v2.scr.kaspersky-labs.com gc.kes.v2.scr.kaspersky-labs.com translate.google.com www.toolnut.com ssl.google-analytics.com ff.kes.v2.scr.kaspersky-labs.com api.sb.joinclyde.com imgs.cdn-btsg.com script.crazyegg.com cdn.attn.tv maps.googleapis.com dev.visualwebsiteoptimizer.com app.vwo.com gc.kis.scr.kaspersky-labs.com api.joinclyde.com api.stg.joinclyde.com cdn-loyalty.yotpo.com www.affirm.com cdn.jsdelivr.net cdn.pricespider.com ubiqcookie.pricespider.com cdn.joinclyde.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.popupsmart.com fonts.googleapis.com cdn.listrakbi.com gc.kis.v2.scr.kaspersky-labs.com *.yotpo.com *.bootstrapcdn.com me.kis.v2.scr.kaspersky-labs.com ff.kis.v2.scr.kaspersky-labs.com www.googletagmanager.com www.gstatic.com hud.crazyegg.com script.crazyegg.com www.youtube.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.toolnut.com *.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.honey.io zip.co www.affirm.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com swellrewards.com *.yotpo.com *.facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.toolnut.com 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.instagram.com www.google.com www.youtube.com *.toolnut.com *.affirm.com *.google.com/ www.xtento.com yotpo.com swellrewards.com *.listrak.com *.crazyegg.com *.yotpo.com https://api.joinclyde.com https://api.sb.joinclyde.com https://api.stg.joinclyde.com https://widgets.joinclyde.dev https://*.online-metrix.net https://imgs.signifyd.com www.facebook.com www.paypalobjects.com td.doubleclick.net www.milwaukeetool.com thetoolnut.sjv.io tpc.googlesyndication.com *.viralsweep.com services.listrak.com *.id.opendns.com imgs.cdn-btsg.com creatives.attn.tv dev.visualwebsiteoptimizer.com app.vwo.com widgets.joinclyde.com ubiqcookie.pricespider.com cdn.joinclyde.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: p.typekit.net www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.toolnut.com *.google.com *.google-analytics.com https://www.magezon.com store.paradoxlabs.com www.xtento.com cdn.xtento.com yotpo.com swellrewards.com *.gstatic.com *.crazyegg.com *.popupsmart.com *.wisepops.com *.yotpo.com *.facebook.com *.wisepops.net https://imgs.signifyd.com https://*.online-metrix.net sca1.listrakbi.com www.facebook.com bk12ka.a.searchspring.io bat.bing.com d3cgm8py10hi0z.cloudfront.net mediacdn.espssl.com m1.listrakbi.com s3.amazonaws.com extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com api.fillr.com s1.listrakbi.com cdn-assets.affirm.com www.google.co.in csi.gstatic.com *.paypal.com www.gstatic.com www.googletagmanager.com www.google.com.br googleads.g.doubleclick.net www.google.com.ph logs-01.loggly.com *.ojrq.net www.google.com.pr www.google.com.vn cdn.searchspring.net www.bing.com fonts.gstatic.com connect.facebook.net pagead2.googlesyndication.com s2.listrakbi.com snapui.searchspring.io imgs.signifyd.com ssl.google-analytics.com imgs.cdn-btsg.com cdn.jsdelivr.net events.attentivemobile.com toolnut.attn.tv redir.pricespider.com maps.gstatic.com dev.visualwebsiteoptimizer.com p.yotpo.com c.bing.com images.reverb.com cdn.toolnut.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.toolnut.com *.affirm.com *.facebook.net *.helloextend.com *.listrakbi.com *.google.com/ *.authorize.net https://cdn.searchspring.net/intellisuggest/is.min.js www.xtento.com cdn.xtento.com yotpo.com swellrewards.com https://www.googletagmanager.com tagmanager.google.com *.crazyegg.com *.attn.tv events.attentivemobile.com *.gstatic.com *.yotpo.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ https://api.joinclyde.com https://api.sb.joinclyde.com https://api.stg.joinclyde.com https://widgets.joinclyde.dev https://cdn-scripts.signifyd.com https://imgs.signifyd.com snapui.searchspring.io d.impactradius-event.com *.zdassets.com bat.bing.com googleads.g.doubleclick.net services.listrak.com ajax.googleapis.com www.googleadservices.com app.viralsweep.com connect.facebook.net tpc.googlesyndication.com cdn.listrakbi.com script.crazyegg.com widget-mediator.zopim.com cdn.attn.tv static.zdassets.com dev.visualwebsiteoptimizer.com s1.listrakbi.com api.joinclyde.com cdn-loyalty.yotpo.com cdn.jsdelivr.net cdn-swell-assets.yotpo.com unpkg.com cdn.pricespider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.toolnut.com *.googleapis.com *.affirm.com *.listrakbi.com yotpo.com swellrewards.com maxcdn.bootstrapcdn.com tagmanager.google.com *.crazyegg.com *.yotpo.com assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.bing.com ssl.gstatic.com static.zdassets.com www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.magento.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.affirm.com *.zendesk.com *.authorize.net https://beacon.searchspring.io/beacon yotpo.com swellrewards.com *.crazyegg.com *.attn.tv events.attentivemobile.com *.popupsmart.com *.wisepops.com *.yotpo.com *.google-analytics.com *.facebook.net *.wisepops.net https://api.joinclyde.com https://api.sb.joinclyde.com https://api.stg.joinclyde.com https://widgets.joinclyde.dev https://imgs.signifyd.com *.searchspring.io www.google-analytics.com bat.bing.com ekr.zdassets.com stats.g.doubleclick.net adservice.google.com www.google.com www.facebook.com cdn-loyalty.yotpo.com helloextend-static-assets.s3.amazonaws.com *.zopim.com www.googletagmanager.com thetoolnut.sjv.io zendesk-eu.my.sentry.io analytics.google.com imgs.cdn-btsg.com www.affirm.com bk12ka.a.searchspring.io script.crazyegg.com maps.googleapis.com toolnut.attn.tv wss://widget-mediator.zopim.com cdn.listrakbi.com pagead2.googlesyndication.com www.gstatic.com dev.visualwebsiteoptimizer.com www.bing.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com tracking.crazyegg.com maps.gstatic.com beacon.searchspring.io api.joinclyde.com region1.analytics.google.com loyalty.yotpo.com payments.braintree-api.com imgs.signifyd.com www.google.com.vn pathinsights.pricespider.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.wisepops.net fonts.gstatic.com edgeshoppingstatic.azureedge.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri toolnutcsd.zendesk.com bk12ka.a.searchspring.io myactivity.google.com client-analytics.braintreegateway.com 'self' 'unsafe-inline'; 1
default-src 'self' ws: wss: *.googletagmanager.com *.google-analytics.com *.cloud-iam.com *.brittanyferries.io *.hotjar.com *.hotjar.io *.reciteme.com *.onetrust.com *.doubleclick.net *.google.com *.google.fr *.google.co.uk *.google.es *.clarity.ms *.sentry.io *.contentful.com *.quantummetric.com *.googleadservices.com *.facebook.net *.facebook.com *.qualtrics.com *.bing.com *.infinity-tracking.net *.infinity-tracking.com *.googleapis.com *.onetrust.io *.googlesyndication.com *.matomo.cloud *.teads.tv *.sncf-connect.com *.piwik.pro *.mypurecloud.de;base-uri 'self' 'self' *.matomo.cloud;font-src 'self' https: data:;form-action 'self' *.sips-services.com *.facebook.net *.facebook.com *.qualtrics.com;frame-ancestors 'self' *.youtube.com *.sips-atos.com *.sips-services.com *.googletagmanager.com *.reciteme.com *.hotjar.com *.hotjar.io *.onetrust.com *.cloud-iam.com *.brittanyferries.io *.brittanyferries.com *.brittany-ferries.fr *.clarity.ms *.quantummetric.com *.googleadservices.com *.facebook.net *.facebook.com *.qualtrics.com *.matomo.cloud;img-src 'self' * data: 'self' *.matomo.cloud 'self' *.piwik.pro;object-src 'none';script-src 'unsafe-eval' 'strict-dynamic' 'nonce-c36cc534f791e0cd9446802a6acd9f81' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=';script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' * blob:;script-src-elem 'strict-dynamic' 'nonce-c36cc534f791e0cd9446802a6acd9f81' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=' 1
default-src *;img-src https: blob: data:;font-src 'self' https://fonts.gstatic.com data:;style-src 'self' https://fonts.googleapis.com https://cdn.zapier.com/packages/partner-sdk/ 'unsafe-inline';script-src 'strict-dynamic' 'nonce-Al6k/EB55znBarXGoCRdVFtdgI4=' 'unsafe-eval' https: 'unsafe-inline';base-uri 'none';object-src 'none';report-to main-endpoint; 1
base-uri   'self'   ;   connect-src   'self'   https://catalog.csmd.edu   https://*.ocelotbot.com   wss://ai.ocelotbot.com   https://*.blackbaud.com   https://analytics.google.com   https://l.sharethis.com   https://live.clive.cloud   https://stats.g.doubleclick.net   https://www.google-analytics.com   https://*.hotjar.com   https://*.hotjar.io   https://*.crwdcntrl.net   https://*.jotfor.ms   https://*.jotform.com   https://csp.withgoogle.com   https://*.google-analytics.com   https://*.analytics.google.com   https://*.googletagmanager.com   https://*.google-analytics.com   https://*.analytics.google.com   https://*.googletagmanager.com   https://*.g.doubleclick.net   https://*.google.com   https://*.userway.org   https://www.google-analytics.com   ;   default-src   'self'   ;   font-src   'self'   'unsafe-inline'   https://*.fontawesome.com   https://*.typekit.net   https://maxcdn.bootstrapcdn.com   https://*.jotfor.ms   https://fonts.gstatic.com   data:   ;   frame-src   'self'   http://aa.trkn.us   https://aa.trkn.us   https://*.knightlab.com   https://widget.lightcastcc.com   https://fecdn.user1st.info   https://host.nxt.blackbaud.com   https://*.blackbaudhosting.com   https://*.blackbaud.com   https://tours.invisionstudio.com   https://*.doubleclick.net   https://*.sharethis.com   https://*.jotform.com   https://*.jotform.io   https://*.ocelotbot.com   https://*.userway.org   http://www.youtube.com   https://www.youtube.com   https://platform.twitter.com   https://syndication.twitter.com   https://accounts.google.com   https://cse.google.com   https://www.google.com   https://bid.g.doubleclick.net  https://map.concept3d.com map.concept3d.com ;   img-src   'self'   https://api.genoo.com   https://*.doubleclick.net   https://*.simpli.fi   https://bbox.blackbaudhosting.com   https://www.google.com   https://www.googleadservices.com   https://www.google-analytics.com   https://*.ocelotbot.com   http://*.youtube.com   https://*.ytimg.com   https://syndication.twitter.com   https://ssl.gstatic.com   http://ssl.gstatic.com   https://*.sharethis.com   https://*.jotfor.ms   https://*.jotform.com   https://stags.bluekai.com   https://bcp.crwdcntrl.net   https://ce.lijit.com   https://sync.search.spotxchange.com   https://fei.pro-market.net   https://loadm.exelator.com   https://ups.analytics.yahoo.com   https://sync.intentiq.com   https://image2.pubmatic.com   https://ads.stickyadstv.com   https://eb2.3lift.com   https://simplifi.partners.tremorhub.com   https://pixel.tapad.com   https://us-u.openx.net   https://aa.agkn.com   https://pixel.rubiconproject.com   https://ib.adnxs.com   https://idsync.rlcdn.com   https://sync.bfmio.com   https://d.agkn.com   https://pippio.com   https://www.googleapis.com   http://clients1.google.com   https://www.googletagmanager.com   https://ssl.gstatic.com   https://www.gstatic.com   https://*.google-analytics.com   https://*.googletagmanager.com   https://*.analytics.google.com   https://*.g.doubleclick.net   https://*.google.com   https://www.google-analytics.com   https://googleads.g.doubleclick.net   https://www.google.com   googleads.g.doubleclick.net   www.google.com   https://*.userway.org   https://*1rx.io   https://ade.googlesyndication.com   ;   manifest-src   'self'   ;   media-src   'self'   ;   object-src   'none'   ;   report-uri   https://6459464a36369ad38a5c772d.endpoint.csper.io/   ;   script-src   'report-sample'   'self'   'unsafe-inline'   'unsafe-eval'   http://aa.trkn.us   https://aa.trkn.us   https://catalog.csmd.edu   https://widget.lightcastcc.com   https://www.gstatic.com   https://*.omnilert.net   https://*.ocelotbot.com   https://*.blackbaudhosting.com   https://*.blackbaudcdn.net   https://*.blackbaud.com   https://*.sharethis.com   https://*.jotform.com   https://*.jotform.us   https://*.jotfor.ms   https://*.jotformpro.com   https://api.genoo.com/js/gtrack.v2.js   https://buttons-config.sharethis.com/js/   https://fecdn.user1st.info/Loader/head   https://*.simpli.fi   https://live.clive.cloud   https://platform-api.sharethis.com   https://*.hotjar.com   https://fecdn.user1st.info   https://csmetrics.hotjar.com   https://l.sharethis.com   https://www.google-analytics.com   https://*.ocelotbot.com   https://i.ytimg.com   https://l.sharethis.com   https://platform.twitter.com   http://rss.bloople.net   https://syndication.twitter.com   http://maxcdn.bootstrapcdn.com/font-awesome/   https://maxcdn.bootstrapcdn.com/font-awesome/   https://ajax.googleapis.com/ajax/libs/jquery/   https://ajax.googleapis.com/ajax/libs/jqueryui/   https://apis.google.com   https://*.jotform.com   https://*.jotfor.ms   https://cdnjs.cloudflare.com   https://cse.google.com   https://www.google.com/cse/   http://cse.google.com/adsense/   https://partner.googleadservices.com   https://tagmanager.google.com   https://*.googletagmanager.com   https://*.google-analytics.com   https://*.analytics.google.com   https://*.g.doubleclick.net   https://*.google.com   https://www.google-analytics.com   https://ssl.google-analytics.com   https://www.googleadservices.com   https://www.google.com   https://*.userway.org   www.googleadservices.com   www.google.com   https://googleads.g.doubleclick.net   ;   style-src   'report-sample'   'self'   'unsafe-inline'   https://catalog.csmd.edu   https://www.gstatic.com   https://*.ocelotbot.com   https://fonts.googleapis.com   https://*.fontawesome.com   https://*.typekit.net   http://maxcdn.bootstrapcdn.com   https://*.jotfor.ms   https://www.google.com   https://tagmanager.google.com   https://fonts.googleapis.com   https://*.blackbaudhosting.com   https://*.userway.org   https://*.blackbaud.com   ;   worker-src   'none'   ; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.hsbc.com.tr *.optimizely.com *.cdn.optimizely.com ad.doubleclick.net adservice.google.com akamai.tiqcdn.com analytics.twitter.com *.tealiumiq.com googleads.g.doubleclick.net static.ads-twitter.com t.co track.adform.net *.googleadservices.com tags.tiqcdn.com *.googletagmanager.com bid.g.doubleclick.net *.doubleclick.net *.googleapis.com *.youtube.com *.gstatic.com *.google.com.tr *.highcharts.com *.brightcove.net *.google.com *.g.doubleclick.net *.hsbc.com.tr; 1
frame-ancestors classifieds.race-dezert.com c.race-dezert.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-okuLneWTGjtIwLedOmhqqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 1
default-src * 'self' ; script-src pagead2.googlesyndication.com tagmanager.google.com milkmaid.in cdns.us1.gigya.com cdns.gigya.com addtoany.com localhost www.googletagmanager.com ncc.shortlyst.com static.addtoany.com www.google-analytics.com cdn.krxd.net d22xmn10vbouk4.cloudfront.net connect.facebook.net d2oh4tlt9mrke9.cloudfront.net consumer.krxd.net beacon.krxd.net www.google.com www.recaptcha.net www.gstatic.com cdn.ampproject.org https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/amp-youtube-0.1.js cdn.ampproject.org/v0/amp-sidebar-0.1.js https://cdn.ampproject.org/v0/amp-accordion-0.1.js https://cdn.ampproject.org/v0/amp-carousel-0.2.js https://cdn.ampproject.org/v0/amp-analytics-0.1.js https://cdn.ampproject.org/rtv/012007302351001/v0/amp-auto-lightbox-0.1.js https://cdn.ampproject.org/rtv/012007302351001/v0/amp-loader-0.1.js cdn.az.ciam.nestle.com www.youtube.com cdn.hypemarks.com www.googleadservices.com www.clarity.ms cdn.cookielaw.org cookie-cdn.cookiepro.com onetrust.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' *; img-src * 'self' data:; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-LfSqBfvHtth3KdyJRHIZfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'  1
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 1
default-src 'self';  media-src 'self';  frame-ancestors 'self'; base-uri 'self';  form-action 'self';  object-src 'self';  frame-src https://instagram.com/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://policy.app.cookieinformation.com/uc.js https://policy.app.cookieinformation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bec.dk/ https://bec.dk/ https://consent.app.cookieinformation.com/ https://policy.app.cookieinformation.com/ https://geolocation.onetrust.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.cookielaw.org https://snap.licdn.com https://connect.facebook.net https://ajax.googleapis.com https://policy.app.cookieinformation.com/uc.js https://policy.app.cookieinformation.com/cid.js;  connect-src 'self' https://geolocation.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://api.hr-manager.net https://www.google-analytics.com https://policy.app.cookieinformation.com/uc.js https://policy.app.cookieinformation.com/cookie-data/bec.dk/cabl.json;  img-src 'self' data: https://cdn.cookielaw.org https://secure.gravatar.com https://www.bec.dk https://www.google-analytics.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://policy.app.cookieinformation.com/uc.js https://ps.w.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;  font-src 'self' data: https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://widget.usersnap.com/ https://fast.wistia.com https://player.vimeo.com https://*.usersnap.com https://*.usercentrics.eu https://www.bing.com https://dev.virtualearth.net https://www.googleadservices.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net https://cdn.bttrack.com https://cdn.pdst.fm http://*.bing.com https://*.virtualearth.net https://bttrack.com https://*.ditu.live.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.bing.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://useast2devbrandsites.blob.core.windows.net https://useast2qabrandsites.blob.core.windows.net https://useast2prodbrandsites.blob.core.windows.net https://img.youtube.com https://i.vimeocdn.com/ https://*.wistia.com https://*.usercentrics.eu https://*.virtualearth.net https://*.adnxs.com https://*.googlesyndication.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://*.google.com/ https://*.bing.com https://bttrack.com https://*.dynamic.tiles.ditu.live.com *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com https://app.usercentrics.eu/ https://*.doubleclick.net https://clariosdigitallibrary.widen.net/  web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://maps.googleapis.com https://*.wistia.com https://stats.g.doubleclick.net https://*.litix.io https://*.usersnap.com https://*.vimeo.com https://vimeo.com https://*.usercentrics.eu https://*.bing.com https://www.googleadservices.com/ https://*.google.com https://*.linkedin.oribi.io https://us-central1-adaptive-growth.cloudfunctions.net https://t0.dynamic.tiles.ditu.live.com https://bttrack.com *.google-analytics.com; media-src 'self' data: blob: https://*.wistia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self' www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com www.w3.org 1
frame-ancestors 'self' https://www.grp.vwhub.com/ https://www.grp.accessaudi.com/ https://www.vwhub.com 1
default-src 'self'; connect-src 'self' https://analytics.wozhost.ch https://static.woz.ch; font-src 'self' https://static.woz.ch; frame-src 'self' https://analytics.wozhost.ch; img-src 'self' data: https://creatives.woz.ch https://static.woz.ch https://media-4f11.kxcdn.com; manifest-src 'self' https://static.woz.ch; media-src 'self' https://media-4f11.kxcdn.com https://creatives.woz.ch; object-src 'none'; script-src 'self' https://analytics.wozhost.ch https://static.woz.ch; script-src-attr 'self'; style-src 'self' https://static.woz.ch; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hubspot.com https://www.tickcounter.com https://*.wisekey.com https://*.hsleadflows.net https://*.certifyid.com https://www.brighttalk.com https://cdn.jsdelivr.net https://unpkg.com https://*.tradingview.com https://js.hsforms.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/ https://z.moatads.com https://www.google-analytics.com https://www.googletagmanager.com https://*.addthis.com/ https://cdnjs.cloudflare.com/ https://*.twitter.com/ https://*.twimg.com https://s.ytimg.com https://*.google.com https://rawgit.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.youtube.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com/ https://*.twimg.com https://*.twitter.com https://*.bootstrapcdn.com https://*.googleapis.com https://cdn.wisekey.com; img-src 'self' data: https://*.linkedin.com https://*.hsforms.com https://www.google.com.vn https://*.certifyid.com https://api.mapbox.com https://unpkg.com https://maps.googleapis.com https://maps.google.com https://forms.hubspot.com https://perf.hsforms.com https://www.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com https://ml-eu.globenewswire.com/ https://hugin.info https://track.hubspot.com https://forms.hsforms.com https://*.twimg.com https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.gstatic.com https://cdn.wisekey.com; font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com/ https://*.gstatic.com https://*.bootstrapcdn.com https://d3o11irj9639cz.cloudfront.net https://cdn.wisekey.com https://*.googleapis.com; frame-src 'self' https://www.tickcounter.com https://cdnapisec.kaltura.com https://*.doubleclick.net https://*.certifyid.com https://www.brighttalk.com https://app.eu.veertly.com https://www.recaptcha.net/ https://s.tradingview.com https://forms.hsforms.com https://js.hsforms.net https://webcasts.weforum.org/ https://s7.addthis.com/ https://twitter.com htps://js.hsforms.net https://*.twitter.com https://*.facebook.com https://*.youtube-nocookie.com/ https://*.youtube.com https://*.google.com https://livestream.com https://*.wisekey.com; form-action 'self' https://*.twitter.com https://cdn.wisekey.com/ https://forms.hsforms.com; connect-src 'self' https://*.googlesyndication.com https://*.hscollectedforms.net https://cdn.linkedin.oribi.io https://js.hs-banner.com https://forms.hsforms.com https://api.hubapi.com https://m.addthis.com https://*.twitter.com https://www.google-analytics.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://*.wisekey.com; object-src 'self' https://*.certifyid.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://static.hotjar.com http://c.evidon.com https://connect.facebook.net https://de925a7a65c346758b3eb2ac90c940a3.js.ubembed.com https://*.js.ubembed.com https://www.gstatic.com https://s.ytimg.com https://assets.ubembed.com https://script.hotjar.com https://cdn-theforkmanager.external-staging.thefork.tech https://cdn.theforkmanager.com https://pi.pardot.com https://go.thefork.com https://pi.demo.pardot.com cdnjs.cloudflare.com https://www.google.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://static.hotjar.com http://c.evidon.com https://connect.facebook.net https://de925a7a65c346758b3eb2ac90c940a3.js.ubembed.com https://*.js.ubembed.com https://www.gstatic.com https://s.ytimg.com https://assets.ubembed.com https://script.hotjar.com https://cdn-theforkmanager.external-staging.thefork.tech https://cdn.theforkmanager.com http://www.googleadservices.com https://pi.pardot.com https://go.thefork.com https://pi.demo.pardot.com https://secure.adnxs.com https://snap.licdn.com cdnjs.cloudflare.com https://www.google.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://cdn-theforkmanager.external-staging.thefork.tech https://cdn.theforkmanager.com fonts.googleapis.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.buzzsprout.com https://app.mailjet.com https://lema.raisenow.com https://ajax.googleapis.com https://googleapis.com https://maps.googleapis.com https://code.etracker.com https://www.etracker.de https://static.etracker.com https://widget.raisenow.com/ https://www.google-analytics.com https://api.signalize.com; font-src 'self' data: https://fonts.gstatic.com *.signalize.com; style-src 'unsafe-inline' 'self' https://lema.raisenow.com/ https://fonts.googleapis.com https://widget.raisenow.com/ https://api.signalize.com; img-src 'self' data: 'self' https://lema.raisenow.com/ https://googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.etracker.de/ https://www.etracker.com https://widget.raisenow.com/ *.signalize.com; frame-src https://www.buzzsprout.com https://m.fibl.org https://www.fiblprojekte.de/ https://widget.raisenow.com/ https://organic-farmknowledge.org/ https://app.powerbi.com/; connect-src 'self' https://*.googleapis.com/ https://www.etracker.de https://www.etracker.com *.signalize.com; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; upgrade-insecure-requests 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; object-src 'self'; upgrade-insecure-requests; img-src 'self' * data:; 1
frame-ancestors 'self' https://www.kiamedia.ca https://www.autotrader.ca/ https://www.edealer.ca/ https://360.agency/ https://www.d2cmedia.ca/ https://www.applewoodkialangley.ca/ https://www.harriskia.ca/ https://www.kiarichmond.com/ https://www.kamloopskia.com/ https://www.kiaofbrampton.ca/ https://www.scarborokia.ca/ https://www.trentokia.com/ https://www.kiaofnewmarket.com/ https://www.bessadakia.com/ https://www.londonkia.com/ https://www.cardinalkia.com/ https://www.lambtonkia.com/ https://www.durhamkia.com/ https://www.bankstreetkia.com/ https://www.kingstonkia.com/ https://www.performancekia.ca/ https://www.worldcarskia.com/ https://www.kiasudbury.com/ https://www.muskokakia.ca/ https://www.kiagrenville.com/ https://www.albikia.com/ https://www.kiatroisrivieres.com/ https://www.kiasherbrooke.com/ https://www.kiarepentigny.com/ https://www.barnabekiasaintjean.com/ https://www.kiagranby.com/ https://www.kiadrummondville.com/ https://www.kiaharold.ca/ https://www.kialevis.com/ https://www.kiavictoriaville.com/ https://www.autoblvd.ca/ https://www.dubekia.com/ https://www.kianewrichmond.com/ https://www.kiathetford.ca/ https://www.kiamatane.com/ https://www.formulekia.com/ https://www.kiacharlevoix.com/ https://www.maisonkia.com/ https://www.oreganskiadartmouth.com/ https://www.forbeskia.com/ https://www.monctonkia.ca/ https://www.miramichikia.com/ https://www.baysidekia.net/ https://www.westernkia.com/ https://www.kiaofsaskatoon.com/ https://www.kiaquebec.com/ https://www.kialaurentides.com/ https://www.kiaowensound.ca/ https://www.gustafsonskia.ca/ https://www.planetkia.ca/ https://www.whitehorsekia.com/ https://www.cobourgkia.com/ https://www.kiaoftimmins.com/ https://www.megakiabrossard.com/ https://www.birchwoodkiaregent.ca/ https://www.kianorthbay.com/ https://www.kiabeauport.com/ https://www.kiashawi.com/ https://www.longueuilkia.com/ https://www.kiacapsante.com/ https://www.applewoodkiasurrey.ca/ https://www.gustafsonskia.ca/ https://www.georgetownkia.com/ https://www.boyerkia.com/ https://www.qewkia.com/ https://www.actionkia.ca/ https://www.kiaofbrockville.com/ https://www.westtorontokia.ca/ https://www.uptownkia.ca/ https://www.complexekia.com/ https://www.kiastefoy.com/ https://www.winnipegkia.com/ https://www.airportkia.ca/ https://www.gokia.ca/ https://www.lallierkia.com/ https://www.kiavalleyfield.com/ https://www.kiawest.com/ https://www.donnellykia.com/ https://www.kiavancouver.com/ https://www.villemariekia.com/ https://www.jeandumaskia.ca/ https://www.courtenaykia.com/ https://www.kiadesrosiers.com/ https://www.miltonkia.com/ https://www.pentictonkia.com/ https://www.atlantickia.ca/ https://www.turpinkia.ca/ https://www.gusrevenbergkia.com/ https://www.kiamagog.com/ https://www.fichaultkia.com/ https://www.vernonkia.ca/ https://www.listowelkia.com/ https://www.longmansmarkhamkia.ca/ https://www.fosterkia.com/ https://www.eastsidekia.ca/ https://www.brantfordkia.com/ https://www.andersonkia.ca/ https://www.stuartkia.com/ https://www.kitchenerkia.com/ https://www.edmundstonkia.com/ https://www.oreganskiahalifax.com/ https://www.birchwoodkiawest.ca/ https://www.londonsairportkia.ca/ https://www.leggatkia.ca/ https://www.boltonkia.com/ https://www.portcitykia.com/ https://www.nskia.ca/ https://www.lockwoodkia.com/ https://www.orangevillekia.ca/ https://www.kiadelasalle.ca/ https://www.kiastconstant.com/ https://www.spinellikia.com/ https://www.fewerkia.com/ https://www.portdoverkia.com/ https://www.kiacowansville.com/ https://www.kiaofstcatharines.com/ https://www.wheatonkia.ca/ https://www.lallykia.com/ https://www.kialethbridge.ca/ https://www.guelphkia.ca/ https://www.grimsbykia.com/ https://www.kiaofpa.com/ https://www.mississaugakia.com/ https://www.kiamontmagny.com/ https://www.centralkiaatholville.ca/ https://www.westcoastkia.ca/ https://www.torontokia.com/ https://www.murraykiaabbotsford.com/ https://www.castlegarkia.com/ https://www.kiasthyacinthe.com/ https://www.kiaonhuntclub.com/ https://www.forbeskiabridgewater.ca/ https://www.plazakia.com/ https://www.kiareddeer.ca/ https://www.smithsfallskia.com/ https://www.kiasoreltracy.com/ https://www.albikiasteustache.com/ https://www.keyyorktonkia.com/ https://www.southtrailkia.com/ https://www.kiawaterloo.com/ https://www.tillsonburgkia.com/ https://www.gatineaukia.ca/ https://www.aylmerkia.com/ https://www.orilliakia.com/ https://www.audetkiamegantic.com/ https://www.cranbrookkia.com/ https://www.kiagabrielnord.com/ https://www.straightlinekia.ca/ https://www.centennialkia.ca/ https://www.straitwaykia.com/ https://www.olivierkiabaiecomeau.com/ https://www.northyorkkia.ca/ https://www.kiavalbelair.com/ https://www.ganderkia.com/ https://www.peterboroughkia.ca/ https://www.cambridgekia.com/ https://www.kialaurier-station.com/ https://www.kiagabrielouest.com/ https://www.northlandkia.ca/ https://www.northedmontonkia.com/ https://www.centralkia.ca/ https://www.kiaofstouffville.ca/ https://www.discoverkia.com/ https://www.barriekia.com/ https://www.kiawestedmonton.com/ https://www.straightlinekiamh.ca/ https://www.orleanskia.com/ https://www.kia417.com/ https://www.kiavictoria.ca/ https://www.kiastejulie.ca/ https://www.downtownkia.com/ https://www.kiachambly.ca/ https://www.bannisterkia.com/ https://www.lallierkiavimont.com/ https://www.kiajoliette.com/ https://www.kelownakia.com/ https://www.petawawakia.com/ https://www.olivierkiamcmasterville.com/ https://www.poirierkia.com/ https://www.jimgauthierkia.com/ https://www.claringtonkia.ca/ https://www.kiacoldlake.com/ https://www.kiamontlaurier.ca/ https://www.kiaofhamilton.com/ https://www.stratfordkia.com/ https://www.401dixiekia.com/ https://www.bannistergpkia.ca/ https://www.performancekiamayfield.ca/ https://www.kiavaudreuil.com/ https://www.conceptkia.ca/ https://www.kia-sept-iles.com/ https://www.kiagaspe.com/ https://www.macdonaldkia.ca/ https://www.brucekia.com/ https://www.foxkiafredericton.com/ https://www.eastcoastkia.ca/ https://www.sherwoodkia.ca/ https://www.lindsaykia.ca/ https://www.boisvertkia.com/; 1
img-src 'self' *.tile.osm.org *.bundestag.de *.tv1.eu, form-action 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://mc.yandex.ru *.google-analytics.com *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md *.google-analytics.com https://px.ads.linkedin.com/wa/ https://analytics.google.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 1
frame-ancestors 'self' *.emotiv.com *.emotivpro.com 1
frame-ancestors 'self' app.socio.events; 1
default-src 'self' zensarwebcdn.azureedge.net; img-src 'self' https: data: zensar.com zensar.com:8443 www.zensar.com www.zensar.com:8443; worker-src 'self' blob: www.zensar.com *.logrocket.io; style-src 'self' 'unsafe-inline' www.zensar.com fonts.googleapis.com *.googleapis.com maxcdn.bootstrapcdn.com; style-src-elem 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com clarity.ms googletagmanager.com fonts.googleapis.com *.googleapis.com; script-src 'self' 'unsafe-eval' 'self' 'unsafe-inline' www.zensar.com snap.licdn.com sentry.io *.sentry-cdn.com *.google-analytics.com *.logrocket.io px.ads.linkedin.com www.recaptcha.net recaptcha.net www.gstatic.com gstatic.com *.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net content.zensar.com *.clarity.ms pi.pardot.com connect.facebook.net d1vg5xiq7qffdj.cloudfront.net; media-src 'self' zensarwebcdn.azureedge.net player.vimeo.com; connect-src 'self' www.zensar.com sentry.io zensar.com zensar.com:8443 www.zensar.com www.zensar.com:8443 *.google-analytics.com cdn.linkedin.oribi.io api.ipify.org *.googletagmanager.com *.googleads.g.doubleclick.net stats.g.doubleclick.net *.clarity.ms content.zensar.com px.ads.linkedin.com; form-action 'self'; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-ancestors 'none'; object-src 'none'; frame-src content.zensar.com youtube.com www.youtube.com www.recaptcha.net recaptcha.net player.vimeo.com; base-uri www.zensar.com 1
default-src 'self' https://assets.getmyboat.com; connect-src 'self' https://assets.getmyboat.com assets.getmyboat.com wss://*.getmyboat.com gtm.getmyboat.com o33203.ingest.sentry.io www.google-analytics.com stats.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net graph.facebook.com www.facebook.com api.mapbox.com *.tiles.mapbox.com events.mapbox.com getmyboat-uploads-temp-prod.s3.us-east-1.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms *.zdassets.com *.zendesk.com; script-src 'self' 'nonce-n8xJjSN_2wVS6N6mq3-vNA' www.getmyboat.com https://assets.getmyboat.com gtm.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com https://*.googleapis.com translate.googleapis.com connect.facebook.net s.pinimg.com *.clarity.ms *.zdassets.com; style-src 'self' 'unsafe-inline' https://assets.getmyboat.com https://fonts.googleapis.com translate.googleapis.com; img-src 'self' data: https://assets.getmyboat.com assets.getmyboat.com cms-media.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com https://*.gstatic.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net www.facebook.com web.facebook.com blob: api.mapbox.com getmyboat-uploads-processed.s3.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms c.bing.com pubads.g.doubleclick.net arttrk.com; font-src 'self' https://assets.getmyboat.com data: https://fonts.gstatic.com; worker-src 'self' https://assets.getmyboat.com blob:; child-src 'self' https://assets.getmyboat.com graph.facebook.com blob:; frame-src 'self' https://assets.getmyboat.com bid.g.doubleclick.net tpc.googlesyndication.com www.google.com https://www.youtube.com/ *.facebook.com ct.pinterest.com; base-uri 'none'; object-src 'none'; block-all-mixed-content; frame-ancestors 'self'; 1
frame-ancestors *.hilan.co.il ihilanet.tau.ac.il 1
script-src *.yotpo.com *.bigcommerce.com *.mybigcommerce.com *.googleadservices.com *.facebook.net *.bazaarvoice.com *.fonts.net *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.zendesk.com *.zdassets.com *.cloudfront.net *.google.com *.gstatic.com *.lightboxcdn.com *.iesnare.com *.braintreegateway.com *.paypal.com *.ordergroove.com *.afterpay.com *.attn.tv *.attentivemobile.com *.doubleclick.net *.mathtag.com *.salesforce-sites.com *.tapad.com *.tiktok.com *.snapchat.com *.s3.amazonaws.com *.addrexx10.com *.crazyegg.com *.segment.com sc-static.net *.pinimg.com *.adsrvr.org *.lytics.io *.dynatrace.com *.tapad.com *.azurewebsites.net *.moatads.com *.ipify.org *.rpxnow.com *.kaptcha.com rpxnow.com *.paypalobjects.com *.googlesyndication.com *.emjcd.com pghub.io cdn11.bigcommerce.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ;object-src 'none'; frame-ancestors 'self' ; 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;style-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline' 'unsafe-eval';font-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; object-src 'self' 'unsafe-inline' 'unsafe-eval';media-src * data:; default-src * 1
default-src 'self' *.google-analytics.com; frame-src 'self' *.facebook.com *.google.com/maps *.youtube-nocookie.com; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.gstatic.com 'unsafe-inline'; script-src 'self' *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net 'unsafe-inline'; img-src 'self' *.facebook.com *.google-analytics.com *.ytimg.com *.ucb.com.bd *.google.com.bd *.google.com 1
manifest-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; media-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests 1
script-src 'self' https://www.splash-screen.net https://www.google-analytics.com https://activitymap.adobe.com https://t.ssl.ak.dynamic.tiles.virtualearth.net  https://dev.virtualearth.net  https://r.bing.com  https://www.gstatic.com https://cn.bing.com https://www.bing.com https://www.google.com  https://www.cdn-net.com https://cdnjs.cloudflare.com https://cloud.51degrees.com https://tags.srv.stackadapt.com https://open.weixin.qq.com https://six.cdn-net.com https://staging.cdn-net.com https://nexus.ensighten.com https://emetrics.eastwestbank.com https://www.youtube.com https://s.ytimg.com connect.facebook.net www.googleadservices.com www.googletagmanager.com cdn.glassboxcdn.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' https://www.google-analytics.com https://activitymap.adobe.com https://www.earnie.us https://app.earnie.us https://app.dev.bayanipay.com https://app.dev-bank.bayanipay.com https://app2.bayanipay.com https://app.bayanipay.com https://app.stg.bayanipay.com https://*.velobank.com https://*.eastwestbank.com https://bookings-us.qudini.com; frame-src https://digital.eastwestbank.com https://anchor.fm https://www.google-analytics.com https://activitymap.adobe.com https://www.google.com https://www.youtube.com https://app.bayanipay.com https://staging.cdn-net.com https://www.cdn-net.com https://eastwestbank.demdex.net https://play.app.goo.gl https://itunes.apple.com  https://android.myapp.com https://bookings-us.qudini.com velo: 1
default-src 'self' data:; script-src https://s.ytimg.com https://*.googletagmanager.com https://static.hotjar.com https://diffuser-cdn.app-us1.com https://resources.digital-cloud-west.medallia.com https://prism.app-us1.com/ http://resources.digital-cloud-west.medallia.com https://script.hotjar.com https://maxcdn.bootstrapcdn.com https://mktdplp102cdn.azureedge.net https://*.serving-sys.com https://*.ufcu.org https://*.googleapis.com https://*.gstatic.com https://www.google.com https://apis.google.com https://connect.facebook.net https://ajax.aspnetcdn.com https://*.twitter.com https://*.twimg.com https://platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://*.sharethis.com https://*.youtube.com https://trackcmp.net http://js.web-2-tel.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com *.sharethis.com https://*.ufcu.org 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://insight.adsrvr.org https://pixel.rubiconproject.com https://ib.adnxs.com https://udc-neb.kampyle.com https://match.adsrvr.org https://cm.g.doubleclick.net https://ufcu-stg.sitefinity.cloud https://ups.analytics.yahoo.com *.sharethis.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.ufcu.org https://trkn.us 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.sharethis.com; frame-src 'self' https://www.facebook.com/ https://resources.digital-cloud-west.medallia.com *.youtube.com https://*.serving-sys.com https://www.agentinsure.com forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com https://maps.googleapis.com https://csmetrics.hotjar.com *.hawksearch.com *.hawksearch.net *.sharethis.com https://js.web-2-tel.com wss://ws.hotjar.com https://*.serving-sys.com https://content.hotjar.io 'self' forms.hubspot.com *.hsforms.com *.google-analytics.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com web-chat.nativechat.com 1
frame-ancestors 'self'; report-uri http://westlake.com/report-uri/enforce 1
default-src https://* blob: data: 'unsafe-inline' 'unsafe-eval'; font-src data: https://*.metrotransit.org https://use.typekit.net https://js.arcgis.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' https://*.metrotransit.org https://*.typekit.net https://translate.googleapis.com https://js.arcgis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com; base-uri 'none'; 1
object-src 'none'; base-uri 'self'; frame-ancestors 'none' 1
default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://*.samtec.com https://www.snapeda.com https://sibalco.weserve.ch https://shop-sibalco.weserve.ch https://*.sibalco.ch https://shop.powell.com https://www.tc-componentes.es; 1
default-src 'self' fsk.ru *.frabbit.ru; font-src 'self' fsk.ru *.frabbit.ru data:; connect-src 'self' fsk.ru *.frabbit.ru *.google-analytics.com mc.yandex.ru uaas.yandex.ru my.smartis.bi *.comagic.ru wss://server.comagic.ru wss://leadgen-prod-webchat.uiscom.ru core.smartcallback.ru crm.smartcallback.ru wss://smartcallback.ru:27500 www.googletagmanager.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com pixel.konnektu.ru *.datadrivenpromotion.com ad.adriver.ru leadgen-prod-api.uiscom.ru stats.g.doubleclick.net sjsmartcontent.org sync.bumlam.com sync.sniperlog.ru top-fwz1.mail.ru vk.com adservice.google.com iclicks.io adreturn.ru mc.yandex.md ad.doubleclick.net fpf.hybrid.ai mc.yandex.com www.google.com api-maps.yandex.ru; frame-src 'self' fsk.ru *.frabbit.ru www.youtube.com *.vimeo.com https://make.dvizh.io/ server.comagic.ru www.googletagmanager.com td.doubleclick.net *.fls.doubleclick.net content.adriver.ru static.bumlam.com adreturn.ru iclicks.io *.rtb.beeline.ru mc.yandex.ru visualhotels.com virtualland.ru biganto.com panopano.site vhsystem.ru kuula.co widget.planoplan.com sync.1dmp.io static.user-red.com synce.user-red.com; child-src 'self' fsk.ru *.frabbit.ru www.youtube.com *.vimeo.com server.comagic.ru www.googletagmanager.com td.doubleclick.net *.fls.doubleclick.net static.bumlam.com adreturn.ru iclicks.io *.rtb.beeline.ru mc.yandex.ru visualhotels.com virtualland.ru biganto.com panopano.site vhsystem.ru; script-src 'self' 'self' fsk.ru *.frabbit.ru 'unsafe-inline' 'unsafe-eval' eval 'report-sample' server.comagic.ru *.google-analytics.com abt.s3.yandex.net *.yandex.ru *.yandex.net *.yandex.com yastatic.net www.google.com www.googleoptimize.com *.otm-r.com tags.soloway.ru *.datadrivenpromotion.com *.hybrid.ai *.rtb.com.ru emd.hybrid.ai *.adriver.ru sync.bumlam.com cdn.jsdelivr.net app.comagic.ru smartcallback.ru core.smartcallback.ru www.googletagmanager.com sjsmartcontent.org altopd.com ajax.googleapis.com googleads.g.doubleclick.net static.terratraf.io top-fwz1.mail.ru matcher.upravel.com pixel-storage.konnektu.ru www.gstatic.com x01.aidata.io app.blinger.io www.googleadservices.com iclicks.io adreturn.ru www.google-analytics.com www.youtube.com www.google.com fp.hybrid.ai vk.com creatives.afp.ai; img-src 'self' fsk.ru *.frabbit.ru https: data: cdn.fsk.ru; style-src 'self' fsk.ru *.frabbit.ru 'unsafe-inline' 'report-sample' core.smartcallback.ru app.comagic.ru; media-src 'self' fsk.ru *.frabbit.ru *.fsk.ru fsk-uploads.hb.bizmrg.com; frame-ancestors 'self' https://fsk.ru *.fsk.ru *.frabbit.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com flagman.art3d.dev *.webvisor.com *.yandex.ru; object-src 'none'; base-uri 'self' fsk.ru *.frabbit.ru 1
default-src 'self' https://trc.taboola.com creativecdn.com http://maps.googleapis.com http://mapa.targeo.pl https://ams.creativecdn.com https://tags.creativecdn.com https://maps.googleapis.com https://mapa.targeo.pl https://pushpushgo.com https://fledge-eu.creativecdn.com fledge-eu.creativecdn.com https://creativecdn.com; font-src 'self' creativecdn.com http://maps.googleapis.com https://fonts.gstatic.com http://mapa.targeo.pl https://ams.creativecdn.com https://tags.creativecdn.com https://maps.googleapis.com https://mapa.targeo.pl https://fledge-eu.creativecdn.com fledge-eu.creativecdn.com https://creativecdn.com; style-src 'self' 'unsafe-inline' clients1.google.com https://cse.google.com https://tagmanager.google.com creativecdn.com https://*.hit.api.useinsider.com https://ams.creativecdn.com https://*.api.sociaplus.com https://uibcdn.com https://*.api.useinsider.com https://tags.creativecdn.com https://maps.googleapis.com www.googleapis.com https://*.google.com http://maps.googleapis.com http://mapa.targeo.pl https://api.useinsider.com www.google.com https://mapa.targeo.pl https://fledge-eu.creativecdn.com fledge-eu.creativecdn.com http://cse.google.com https://fonts.googleapis.com https://creativecdn.com; img-src 'self' data: *.analytics.google.com http://img.targeo.pl https://trc.taboola.com https://*.targeo.pl https://stats.g.doubleclick.net https://m40.targeo.pl https://ams.creativecdn.com https://www.facebook.com https://maps.googleapis.com https://tl.tradetracker.net https://ssl.google-analytics.com http://mapa.targeo.pl https://ssl.bankier.pl https://adservice.google.pl http://google.com www.google.com https://direct.money.pl https://mapa.targeo.pl https://fledge-eu.creativecdn.com https://public.tableau.com www.google-analytics.com clients1.google.com https://cse.google.com https://ssl.hit.stat24.com https://ad.doubleclick.net creativecdn.com ad.doubleclick.net https://image.useinsider.com https://region1.google-analytics.com https://pixel.rubiconproject.com https://m50.targeo.pl https://tags.creativecdn.com https://csi.gstatic.com www.googleapis.com *.google-analytics.com https://st.hit.gemius.pl https://www.google.pl https://maps.gstatic.com http://maps.googleapis.com https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com http://*.googleusercontent.com https://*.webankieta.pl fledge-eu.creativecdn.com https://www.google.com.tr http://maps.gstatic.com https://creativecdn.com; frame-src 'self' https://trc.taboola.com https://vars.hotjar.com https://www.linkedin.com https://fls.doubleclick.net https://optimize.google.com https://*.hit.api.useinsider.com https://ams.creativecdn.com https://*.api.useinsider.com https://www.facebook.com https://maps.googleapis.com https://8331881.fls.doubleclick.net http://mapa.targeo.pl cse.google.com https://mapa.targeo.pl https://fledge-eu.creativecdn.com https://www.bik.pl https://public.tableau.com https://www.youtube.com https://ad.doubleclick.net creativecdn.com https://*.api.sociaplus.com https://tags.creativecdn.com https://konto.bik.pl https://scorehunter.pl http://maps.googleapis.com https://www.googletagmanager.com https://scorehunter.edu.pl https://*.webankieta.pl fledge-eu.creativecdn.com staticxx.facebook.com https://creativecdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://trc.taboola.com https://vars.hotjar.com https://optimize.google.com https://*.hit.api.useinsider.com https://script.hotjar.com https://m40.targeo.pl https://static.hotjar.com https://ams.creativecdn.com https://*.api.useinsider.com https://www.facebook.com https://*.googleapis.com https://ssl.google-analytics.com https://*.google.com http://mapa.targeo.pl https://api.useinsider.com https://api.sociaplus.com https://mapa.targeo.pl https://fledge-eu.creativecdn.com https://public.tableau.com www.google-analytics.com https://connect.facebook.net https://s-eu-1.pushpushgo.com creativecdn.com https://*.api.sociaplus.com https://m20.targeo.pl https://uibcdn.com https://region1.google-analytics.com https://m50.targeo.pl https://tags.creativecdn.com https://snap.licdn.com https://www.googletagmanager.com https://googleapis.com https://www.google-analytics.com https://*.webankieta.pl https://pushpushgo.com fledge-eu.creativecdn.com https://creativecdn.com; object-src 'self' https://trc.taboola.com creativecdn.com http://maps.googleapis.com http://mapa.targeo.pl https://ams.creativecdn.com https://tags.creativecdn.com https://maps.googleapis.com https://mapa.targeo.pl https://pushpushgo.com https://fledge-eu.creativecdn.com fledge-eu.creativecdn.com https://creativecdn.com; connect-src 'self' https://api.pushpushgo.com *.analytics.google.com https://trc.taboola.com https://hit.api.useinsider.com https://stats.g.doubleclick.net https://static.hotjar.com https://ams.creativecdn.com https://ssl.google-analytics.com http://mapa.targeo.pl https://cdn.linkedin.oribi.io https://mapa.targeo.pl https://fledge-eu.creativecdn.com www.google-analytics.com https://connect.facebook.net creativecdn.com https://uibcdn.com https://region1.google-analytics.com https://tags.creativecdn.com *.useitbetter.com *.google-analytics.com https://snap.licdn.com https://insights.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://pushpushgo.com fledge-eu.creativecdn.com *.l.useitbetter.com https://creativecdn.com;  1
frame-ancestors 'self' waag.org *.waag.org 1
default-src * data: gap: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *.ssww.com ssww.com *.surveymonkey.com *.google.com teacherplanet.com seals.networksolutions.com 1
frame-ancestors 'self' https://dev-web.almashhad.tv/ 1
default-src https://*.ctfassets.net 'self' blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://pghub.io https://*.cookielaw.org https://*.bazaarvoice.com https://*.smartcommerce.co https://*.click2cart.com https://*.algolianet.com https://*.rpxnow.com https://rpxnow.com https://*.segment.com https://*.janrain.com https://*.cloudfront.net https://script.crazyegg.com https://*.facebook.net https://www.facebook.com https://z.moatads.com https://*.adsrvr.org https://pixel.tapad.com https://c.lytics.io https://s.amazon-adsystem.com https://*.pricespider.com https://*.segment.io https://*.click2cart.co https://*.lightboxcdn.com https://*.janraincapture.com https://*.iesnare.com https://*.segmanta.com https://s3.us-west-2.amazonaws.com https://*.google.com/recaptcha/ https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src 'self' * https: 'unsafe-inline' https://*.click2cart.com https://*.google.com https://*.gstatic.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.click2cart.com https://c.lytics.io https://*.janrain.com https://*.lightboxcdn.com https://display.ugc.bazaarvoice.com https://*.bazaarvoice.com https://*.segmanta.com https://s3.us-west-2.amazonaws.com https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net data: https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://www.facebook.com https://c.lytics.io https://s.amazon-adsystem.com https://*.lightboxcdn.com https://click2cart.co https://click2cart.com https://ssl.gstatic.com https://*.amazonaws.com https://*.bazaarvoice.com https://images.ctfassets.net data: https://pixel.tapad.com https://*.alwaysdiscreet.com https://*.cloudfront.net https://www.google.com https://www.google.co.in https://www.google-analytics.com https://*.segmanta.com https://login.windows.net https://*.cookielaw.org https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; font-src https://fonts.gstatic.com data: http://fast.fonts.net https://assets.ctfassets.net https://*.click2cart.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.alwaysdiscreet.com https://*.segmanta.com https://*.google.com https://*.gstatic.com feed.pghub.io pandg.tapad.com ; frame-src 'self' https://consumersupport.pg.com https://*.adsrvr.org https://www.facebook.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://*.api.bazaarvoice.com https://*.bazaarvoice.com https://*.janraincapture.com https://*.segmanta.com https://*.google.com https://*.gstatic.com https://www.youtube-nocookie.com feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 1
default-src 'self'; block-all-mixed-content; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://td.doubleclick.net https://www.youtube.com https://player.vimeo.com/video *.google.com https://consentcdn.cookiebot.com; img-src 'self' https://www.google.pl https://www.google.com https://*.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.googletagmanager.com https://wa-rekrutacja.ur.edu.pl https://consentcdn.cookiebot.com https://imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://a.omappapi.com https://snap.licdn.com https://connect.facebook.net https://www.google-analytics.com https://*.ur.edu.pl 'unsafe-eval' https://*.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://fonts.googleapis.com wa-rekrutacja.ur.edu.pl; connect-src 'self' https://googleads.g.doubleclick.net  https://www.google.com https://api.omappapi.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://wa-rekrutacja.ur.edu.pl wss://wa-rekrutacja.ur.edu.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com 1
frame-ancestors 'self' https://manage.offshore-mag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; default-src    'self' data: blob: optimize.google.com fonts.gstatic.com bid.g.doubleclick.net maps.googleapis.com maps.google.com www.google.com analytics.google.com td.doubleclick.net involve.asia *.facebook.com connect.facebook.net use.fontawesome.com *.youtube.com www.youtube-nocookie.com api.mightythemes.com www.tiktok.com fonts.bunny.net/roboto/files/; script-src     'self' 'unsafe-eval' 'unsafe-inline' data: blob: monica.wangpulio.com googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.googleadservices.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com iagtm.involve.asia connect.facebook.net graph.facebook.com js.facebook.com static.zdassets.com assets.zendesk.com invol.co snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com *.ep-mimecast.ads-twitter.com analytics.twitter.com static.ads-twitter.com t.co d.line-scdn.net analytics.tiktok.com www.tiktok.com lf16-tiktok-web.ttwstatic.com www.youtube.com m.youtube.com cdnt.netcoresmartech.com/smartechclient.js osjs.netcoresmartech.com/v1/js-versioning cdnjs.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com; connect-src    'self' data: blob: www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com maps.google.com analytics.google.com monica.wangpulio.com shopstylers.zendesk.com ekr.zdassets.com *.facebook.com connect.facebook.net *.linkedin.com *.licdn.com cdn.linkedin.oribi.io t.co *.twitter.com twitter.com analytics.tiktok.com; img-src        'self' data: blob: *.linkedin.com *.licdn.com p.adsymptotic.com img.involve.asia invol.co involve.asia www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com ssl.gstatic.com googleads.g.doubleclick.net www.google.com www.google.com.my *.googleapis.com maps.google.com aps.gstatic.com *.ggpht.com *.facebook.com *.facebook.net *.fbcdn.net t.co *.twitter.com twitter.com tr.line.me *.ytimg.com *.youtube.com s.w.org/images/core/emoji/ *.gravatar.com; style-src      'self' 'unsafe-inline' optimize.google.com tagmanager.google.com fonts.googleapis.com *.licdn.com use.fontawesome.com platform.twitter.com lf16-tiktok-web.ttwstatic.com fonts.bunny.net/css; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subscriptions.propertyweek.com; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com;           img-src 'self' data: https://a1cf74336522e87f135f-2f21ace9a6cf0052456644b80fa06d4f.ssl.cf2.rackcdn.com https://30c57e491d34574ac3c4-d69fd22d5bffeab44970d3ac75e05830.ssl.cf2.rackcdn.com;           font-src 'self' data: https://fonts.gstatic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://www.googletagmanager.com https://www.google-analytics.com https://track.leadlander.com https://lltrck.com https://*.pendo.io https://*.tenable.com https://cdn.amplitude.com https://*.intercom.io https://js.intercomcdn.com;connect-src 'self' https://api.amplitude.com https://www.google-analytics.com https://api-iam.intercom.io wss://*.intercom.io https://app.pendo.io https://data.pendo-tio.tenable.com https://cdn.pendo.io https://api.tenable.com;img-src * 'self' data:;frame-src https://app.pendo.io https://data.pendo-tio.tenable.com https://cdn.pendo.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/; script-src-elem * 'unsafe-inline'; script-src-attr * data: 'unsafe-inline'; img-src * data: 1
default-src 'self' 'unsafe-inline'; frame-src https://nextcloud.nlnet.nl; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://norden.social; img-src 'self' https: data: blob: https://norden.social; style-src 'self' https://norden.social 'nonce-80Dq9xvmk/5RdCbwx1nGyQ=='; media-src 'self' https: data: https://norden.social; frame-src 'self' https:; manifest-src 'self' https://norden.social; form-action 'self'; child-src 'self' blob: https://norden.social; worker-src 'self' blob: https://norden.social; connect-src 'self' data: blob: https://norden.social https://norden.social wss://norden.social; script-src 'self' https://norden.social 'wasm-unsafe-eval' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://chatbotsmagazine.com https://*.chatbotsmagazine.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors http://jct.gov http://www.jct.gov http://jct-cms.ae-admin.com http://jct-live.ae-admin.com *.hawksearch.com *.hawksearch.net *.roccommerce.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' *.youtube.com *.ytimg.com *.itzbund.de; object-src 'none'; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.youtube.com; img-src 'self' data: *.openstreetmap.org *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.twimg.com *.itzbund.de *.bund.de; connect-src 'self' *.itzbund.de; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://academy.rcvs.org.uk https://academydev.rcvs.org.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acquia.com *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.callrail.com *.globenewswire.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.audioeye.com *.amazonaws.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com *.sec.gov *.podium.com *.analyticspodium.com *.amplitude.com *.knightlab.com *.addtoany.com *.typekit.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' circl.lu www.circl.lu www.gstatic.com pandora.circl.lu cra.circl.lu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: circl.lu www.circl.lu www.gstatic.com pandora.circl.lu cra.circl.lu; 1
default-src http: https: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.gov.hk *.youtube.com *.facebook.com connect.facebook.net maps.google.com *.instagram.com *.twitter.com data:; 1
frame-ancestors 'self' https://*.seafight.com https://*.y8.com https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://www.minijuegos.com/ https://kizi.com/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/; 1
default-src 'self'; style-src 'self'; script-src 'self'; 1
frame-ancestors *.upgradabroad.com *.upgrad.com *.upgrad.dev *.upgradmed.com 1
default-src 'self' 'unsafe-inline' pruffme.com; frame-src 'self' data: *.youtube.com docs.google.com yandex.ru; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' yastatic.net *.yandex.net *.yandex.ru *.youtube.com pruffme.com; connect-src 'self' *.krasgmu.ru pruffme.com wss://*.pruffme.com *.yandex.ru *.yandex.md; img-src 'self' data: pruffme.com *.pruffme.com *.yandex.net yandex.ru *.yandex.ru krasgmu.ru *.krasgmu.ru; 1
worker-src blob:; script-src 'self' *.unpkg.com *.episerver.com *.cloudfront.net *.episerver.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.google.nl *.elitechnology.com *.licdn.com *.hotjar.com *.doubleclick.net *.linkedin.com *.azure.com *.vimeo.com *.youtube.com *.msecnd.net *.facebook.com *.facebook.net *.visualstudio.com *.jquery.com *.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' *.google.com *.google-analytics.com *.google.nl *.linkedin.com *.facebook.com  googleads.g.doubleclick.net blob: https: data:; frame-ancestors 'self' *.vimeo.com *.youtube.com; frame-src 'self' *.youtube.com *.episerver.net *.google.com *.hotjar.com 'unsafe-inline'; font-src 'self' *.gstatic.com *.episerver.net *.cmtelecom.com *.hotjar.com *.myfonts.net *.elitechnology.com data:; style-src-elem 'self' *.episerver.net *.googleapis.com *.jsdelivr.net *.myfonts.net *.typekit.net 'unsafe-inline'; style-src 'self' *.myfonts.net *.typekit.net *.bootstrapcdn.com 'unsafe-inline' data:; media-src 'self' *.cloudfront.net; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 1
base-uri 'self' https://bullish.com;       default-src 'self';       child-src 'self' 'unsafe-inline';       connect-src 'self' https://content.marketing.bullish.com assets.marketing.bullish.com bullish.piwik.pro bullish.containers.piwik.pro cdn-apac.onetrust.com vimeo.com player.vimeo.com https://plausible.io https://privacyportal-apac.onetrust.com *.oribi.io pagead2.googlesyndication.com;       font-src 'self' data:;       frame-src 'self' 'unsafe-inline' *.twitter.com vimeo.com player.vimeo.com https://www.google.com *.doubleclick.net *.adsrvr.org www.youtube.com *.youtube.com;       img-src 'self' https://content.marketing.bullish.com assets.marketing.bullish.com i.vimeocdn.com *.googletagmanager.com *.gstatic.com *.adsrvr.org *.linkedin.com *.ads-twitter.com snap.licdn.com *.doubleclick.net *.twitter.com t.co i.ytimg.com www.google.com data:;       manifest-src 'self';       media-src 'self' https://content.marketing.bullish.com assets.marketing.bullish.com;       object-src 'none';       script-src 'self' 'unsafe-inline' 'strict-dynamic'  *.googletagmanager.com bullish.containers.piwik.pro vimeo.com player.vimeo.com https://www.google.com/recaptcha/api.js *.gstatic.com/recaptcha/ www.youtube.com *.youtube.com 'nonce-jskiJHdQ7bAZYTDXocFhBx6gQE3A9layaI6GROHic6DP';       script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com bullish.containers.piwik.pro vimeo.com player.vimeo.com https://www.google.com/recaptcha/api.js *.gstatic.com/recaptcha/ *.doubleclick.net *.licdn.com *.ads-twitter.com *.adsrvr.org www.youtube.com *.youtube.com;       style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookiehub.com https://*.marketo.net https://*.olark.com https://*.licdn.com https://*.spreaker.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://*.demandbase.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.smartrecruiters.com https://cookiehub.net https://cdn.www.denodo.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.zoominfo.com https://tags.clickagy.com https://*.addtoany.com; style-src 'self' 'unsafe-inline' https://cookiehub.net https://*.olark.com https://cdn.www.denodo.com https://ajax.googleapis.com https://*.typekit.net; img-src 'self' 'unsafe-inline' data: https://*.olark.com https://www.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://*.denodo.com https://*.company-target.com https://*.rlcdn.com https://*.bidr.io https://*.google.es https://www.datamanagementblog.com https://aorta.clickagy.com https://aa.agkn.com; media-src 'self' 'unsafe-inline' https://*.olark.com https://*.denodo.com; frame-src 'self' 'unsafe-inline' https://*.olark.com https://*.vimeo.com https://*.addthis.com https://*.google.com https://*.spreaker.com https://*.smartrecruiters.com https://www.youtube.com https://*.company-target.com https://*.addtoany.com; font-src 'self' 'unsafe-inline' https://*.denodo.com https://*.olark.com https://*.typekit.net; connect-src 'self' 'unsafe-inline' https://*.olark.com https://*.doubleclick.net https://*.mktoresp.com https://*.company-target.com https://*.google-analytics.com https://*.addthis.com https://cookiehub.net https://*.cookiehub.net https://pagead2.googlesyndication.com https://www.google.com https://cdn.linkedin.oribi.io https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.demandbase.com; report-uri /en/report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.stanleysecuritysolutions.com https://*.stanleycss.com https://*.ctctcdn.com https://*.googleoptimize.com https://*.google.com https://www.google.fr https://www.google.be https://www.google.nl https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.bing.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://*.rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.marketo.net https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.onetrust.com https://*.cookielaw.org https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.hotjar.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net https://*.facebook.com https://rpxnow.com resource://pdf.js https://*.techlab-cdn.com cdn.jsdelivr.net https://app-ab06.marketo.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://*.visualwebsiteoptimizer.com https://*.6sc.co; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.stanleycss.com https://*.google.com https://*.ctctcdn.com https://www.google.nl https://www.google.fr https://www.google.be https://*.marketo.net https://*.marketo.com https://*.google-analytics.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://in.hotjar.com https://*.mapbox.com https://*.typekit.net https://p.typekit.net https://*.googletagmanager.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net https://*.gstatic.com; img-src 'self' data: blob: https://*.google.com https://www.google.nl https://www.google.be https://www.google.fr https://*.googleusercontent.com https://*.google.com.ua https://*.cookielaw.org https://optanon.blob.core.windows.net/logos/static/ot_persistent_cookie.png https://*.facebook.com https://*.facebook.net https://*.ads.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.linkedin.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.google.am https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.g.doubleclick.net https://*.bing.com https://*.stanleycss.com https://*.google.ca https://*.google.co.vi https://*.3xlogic.com https://*.google.pl https://*.google.co.uk https://*.google.com.eg https://*.google.co.uz https://*.google.com.ph https://*.google.com.my https://*.google.com.hk https://*.google.com.mx https://*.google.com.au https://*.google.ae https://*.google.co.id https://*.nr-data.net https://*.google.ie https://*.google.com.qa https://*.google.pt https://*.google.dk https://*.visualwebsiteoptimizer.com; media-src 'self' data: https://*.driftqa.com https://*.googletagmanager.com https://*.stanleycss.com; frame-src 'self' https://*.3xlogic.com https://*.stanleycss.com https://*.google.com https://*.renewityrma.com https://www.google.nl https://www.google.fr https://www.google.be https://*.marketo.net https://*.marketo.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.janraincapture.com https://*.youtube.com https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com; frame-ancestors 'self' https://*.3xlogic.com; worker-src 'self' data: blob:; font-src 'self' data: https://www.stanleysecuritysolutions.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net https://*.googletagmanager.com https://*.stanleycss.com; connect-src 'self' https://*.g.doubleclick.net https://*.ctctcdn.com https://*.google.com https://www.google.nl https://www.google.fr https://www.google.be https://optanon.blob.core.windows.net/logos/static/ot_guard_logo.svg https://*.facebook.com https://*.facebook.net https://*.driftcdn.com https://*.googleapis.com https://*.google-analytics.com https://*.mktoresp.com https://*.bing.com https://*.googlevideo.com https://*.hotjar.com https://*.hotjar.io https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://*.googletagmanager.com https://*.stanleycss.com https://*.marketo.net https://*.mktoutil.com https://*.6sc.co https://*.googlesyndication.com https://*.securitas.com https://*.visualwebsiteoptimizer.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'self' https://e.issuu.com https://configurator.soolutions.jibe.cloud https://www.greenchoice.adviesopmaat-milieucentraal.nl/ https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://greenchoice1.expoints.nl; upgrade-insecure-requests ; style-src 'unsafe-inline' 'self' https://fast.fonts.net https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://greenchoice.exponea.com https://cdn-greenchoice.exponea.com https://www.googletagmanager.com https://fonts.googleapis.com/ https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://cdn.expoints.nl; script-src 'unsafe-eval' 'self' https://cdn.duurzaam.greenchoice.nl https://api.ipify.org https://cdn.greenchoice.nl https://tracking.greenchoice.nl https://api.exponea.com https://greenchoice.exponea.com https://cdn-greenchoice.exponea.com https://api-greenchoice.exponea.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.googleanalytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googleadservices.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.clarity.ms https://chat.omnidesk.io https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl 'nonce-mNKEL7BCPPlN5rCBunraGfzDMhcrf5j1kIty306QUEbfpBQb' https://chat.greenchoice.nl https://www.gstatic.com; img-src 'self' data: https://www.greenchoice.nl/ https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://cdn-greenchoice.exponea.com media.greenchoice.nl https://*.google-analytics.com https://*.analytics.google.com https://track.hubspot.com https://bat.bing.com https://www.google.com https://www.google.nl https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://fonts.gstatic.com/ https://www.googletagmanager.com https://www.gstatic.com https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://chat.greenchoice.nl; media-src 'self' https://chat.greenchoice.nl; font-src 'self' https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://fonts.gstatic.com https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://cdn.expoints.nl; connect-src 'self' https://cdn.duurzaam.greenchoice.nl https://api.ipify.org https://tracking.greenchoice.nl https://api-greenchoice.exponea.com https://greenchoice.exponea.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://api.hubapi.com https://js.hs-banner.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://chat.greenchoice.nl https://greenchoice-greenchoice.digitalcx.com wss://chat.greenchoice.nl; 1
default-src 'self';script-src 'self' 'unsafe-eval' www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com *.googleapis.com https://js.monitor.azure.com net-inspect.atlassian.net *.pingdom.net *.googleadservices.com zn1yyvawxuwmxevu1-netinspect.siteintercept.qualtrics.com siteintercept.qualtrics.com *.youtube.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: *.mapbox.com;img-src 'self' www.google.com www.gstatic.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.ggpht.com *.vimeocdn.com blob: data: net-inspect-preview--c.documentforce.com *.ytimg.com siteintercept.qualtrics.com static-assets.qualtrics.com net-inspect.okta.com dev-70193003.oktapreview.com https://net-inspect.zendesk.com/;media-src 'none';frame-src 'self' www.google.com net-inspect.atlassian.net *.vimeo.com *.youtube.com netinspect.sjc1.qualtrics.com;font-src 'self' data: fonts.gstatic.com;connect-src 'self' https://api.net-inspect.com net-inspect.atlassian.net www.google-analytics.com www.googletagmanager.com *.pingdom.net data: *.mapbox.com dc.services.visualstudio.com *.applicationinsights.azure.us zn1yyvawxuwmxevu1-netinspect.siteintercept.qualtrics.com siteintercept.qualtrics.com *.googleapis.com;base-uri 'self';child-src 'self' blob:;form-action 'self' https://login.microsoftonline.us/4ae8d92a-08f3-46d3-8bdd-6d89db91fbc5/v2.0/oauth2/v2.0/logout https://*.net-inspect.com/ net-inspect.desk.com;frame-ancestors 'self';report-uri /cspreporthandler 1
img-src 'self' data: i.vimeocdn.com images.ctfassets.net p.typekit.net cdn.userway.org t.influ2.com/p/vt/ https://www.google-analytics.com/collect https://i.ytimg.com/vi_webp/; media-src 'self' assets.ctfassets.net videos.ctfassets.net downloads.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.userway.org https://cdn.userway.org/widget.js https://www.googletagmanager.com/gtag/js https://use.typekit.net/nvk1yiz.js https://pi.pardot.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://cdn.yoshki.com/yoshki-library.js https://www.influ2.com/tracker https://insights.paulhastings.com/analytics report-sample; font-src 'self' data: use.typekit.net cdn.userway.org; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net https://cdn.userway.org/widgetapp/bundles/udf/udf.css report-sample; connect-src 'self' gafzei06c4.execute-api.us-west-2.amazonaws.com/default/contactus-mailfwd 6dz7p56z7l.execute-api.us-east-1.amazonaws.com 2it1tv0w7h.execute-api.us-east-1.amazonaws.com api.userway.org soundcloud.com w.soundcloud.com vimeo.com embed.podcasts.apple.com cdn.userway.org graphql.contentful.com https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect t.influ2.com/u/ https://csr.paulhastings.com https://preview.contentful.com https://cdn.contentful.com https://www.google-analytics.com/g/collect; frame-src 'self' players.brightcove.net embed.podcasts.apple.com w.soundcloud.com soundcloud.com player.vimeo.com https://www.youtube.com/ https://cdn.yoshki.com/ https://cdn.userway.org/ https://www.youtube-nocookie.com/; frame-ancestors https://app.contentful.com; base-uri 'self'; object-src 'none'; default-src 'self'; report-to csp-report-endpoint; report-uri https://5favhyu9i1.execute-api.us-east-1.amazonaws.com/prod; form-action 'self'; 1
frame-ancestors 'self' https://*.facebook.com https://facebook.com https://*.giftaway.ph https://giftaway.ph https://portal.mygowifi.com https://sticky.whitecloak.io https://beta.ayalamalls.com https://www.ayalamalls.com https://ayalamalls.com https://elsa.care https://voucher.elsa.care https://voucher-sandbox.elsa.care https://api.elsa.care https://api.elsa.care:8080 1
frame-src 'self' youtube.com player.vimeo.com app.termly.io forms.hsforms.com app.hubspot.com; 1
script-src 'self' blob: https://www.googletagmanager.com/ https://www.googleadservices.com/ http://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://cdn-3.convertexperiments.com/ https://google-analytics.com/ https://www.google-analytics.com/ https://player.vimeo.com/ https://google.com/ https://www.google.com/ https://gstatic.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://platform.twitter.com/ https://widget.intercom.io/ https://connect.facebook.net https://js.intercomcdn.com https://fullstory.com https://staging.coincircle.com/ https://preprod.coincircle.com/ https://instant.0x.org https://coincircle.com/ https://translate.google.com https://translate.googleapis.com https://browser.sentry-cdn.com https://cdn.plaid.com https://pay.testwyre.com https://pay.sendwyre.com https://verify.sendwyre.com/ https://js.squareup.com https://cdn.google.com https://pay.google.com https://cdn.sift.com https://js.stripe.com https://js.sentry-cdn.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://use.typekit.net https://10361108.fls.doubleclick.net/ https://cdn.cluepixel.com https://www.google.com https://*.youtube.com https://cdnjs.cloudflare.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://use.typekit.net/ https://polyfill.io/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://maps.googleapis.com/ https://polyfill.io/v3/* https://cdn.jsdelivr.net/* https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://p.typekit.net/ https://use.typekit.net/ https://fonts.googleapis.com https://cdnjs.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https://cdn.cluepixel.com/ https://www.google-analytics.com https://www.google.com https://www.google.ca; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/ data: ; media-src 'self'; object-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://10361108.fls.doubleclick.net/ https://www.google.com/ https://*.youtube.com https://vars.hotjar.com https://*.vimeo.com; frame-ancestors 'self' https://*.youtube.com https://vars.hotjar.com https://*.vimeo.com; base-uri 'self'; connect-src 'self' https://vc.hotjar.io/ https://maps.googleapis.com/ https://api.redirect.li https://yp.cdnstream1.com https://www.google-analytics.com https://in.hotjar.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.verticalscreen.com https://maps.googleapis.com  https://*.newrelic.com https://pi.pardot.com https://ssl.google-analytics.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.verticalscreen.com https://*.googleapis.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data: https://maps.gstatic.com https://*.googleapis.com https://ssl.google-analytics.com www.google.com 1
frame-ancestors self https://campus.masterd.es https://www.itmasterd.es https://formacion.masterd.es https://cms2.masterd.es https://intranet.masterd.es https://aplicaciones.masterd.es https://www.cambiamostuvida.es https://somos.masterd.es https://www.estudioaudiovisualmasterd.es https://www.mdigital.es https://www.escuelaventasmasterd.es https://www.ventajasmasterd.es; 1
frame-ancestors *.edisonenergia.it *.edison.it *.edisonrisolve.it *.awsedison.it 1
frame-ancestors 'self' https://*.etracker.com www.myosram.com qa.myosram.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.www.google-analytics.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://pi.pardot.com/pd.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net pi.pardot.com *.cdn-images.mailchimp.com *.maxcdn.bootstrapcdn.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org info.acara.edu.au www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' *.cdn-images.mailchimp.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css https://cdn-images.mailchimp.com/embedcode/slim-10_7.css *.twimg.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://acaraweb.blob.core.windows.net https://nap.edu.au https://www.nap.edu.au *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net; media-src 'self' data: blob:; child-src 'self' https://app.powerbi.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net; 1
frame-ancestors 'self' visitamiapp.com www.visitamiapp.com; 1
default-src blob: wss: ws: 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google.com.mx *.googleadservices.com *.bidflyer.com static.wixstatic.com static.parastorage.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io siteassets.parastorage.com video.wixstatic.com bundler.wix-code.com *.facebook.com *.facebook.net *.fareplace.com fareplace.com *.adyen.com *.clearsale.com *.clearsale.com.br www.googletagmanager.com fonts.gstatic.com *.google-analytics.com *.googleapis.com *.licdn.com *.linkedin.com *.doubleclick.net; frame-ancestors 'self' viva-v1-staging.jaque.dev *.vivaaerobus.io *.bidflyer.com static.wixstatic.com static.parastorage.com siteassets.parastorage.com video.wixstatic.com bundler.wix-code.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io; img-src 'self' 'unsafe-eval' 'unsafe-inline' photos.hotelbeds.com *.fareplace.com fareplace.com *.facebook.com *.google.com *.google.com.mx *.analytics.google.com stats.g.doubleclick.net *.doubleclick.net *.facebook.net *.adyen.com *.clearsale.com *.clearsale.com.br *.bidflyer.com static.wixstatic.com static.parastorage.com video.wixstatic.com siteassets.parastorage.com bundler.wix-code.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io data:; connect-src * ws: wss:; 1
default-src 'self' 'unsafe-inline' data: *.localphone.com *.localphone.co.uk *; 1
default-src region1.analytics.google.com fonts.gstatic.com region1.analytics.google.comfonts.gstatic.com www.google-analytics.com matomo.archiwa.gov.pl stats.g.doubleclick.net www.facebook.com 'self'; script-src ajax.googleapis.com www.google-analytics.com www.google.com www.googletagmanager.com  region1.analytics.google.com www.gstatic.com connect.facebook.net matomo.archiwa.gov.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src ajax.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline'; img-src data: photos.szukajwarchiwach.gov.pl www.facebook.com www.google.com www.google.pl www.google-analytics.com http://lublin.ap.gov.pl https://i0.wp.com 'self'; frame-src www.google.com szukajwarchiwach.gov.pl www.szukajwarchiwach.gov.pl stg.szukajwarchiwach.gov.pl www.stg.szukajwarchiwach.gov.pl 1
frame-ancestors 'self' asistente.coopeuch.cl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.okanagan.bc.ca https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.socialintents.com https://chat.socialintents.com https://okanagan.kuali.co https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://9s51jp057lsz.statuspage.io https://ca.libraryh3lp.com https://okanagan.libcal.com https://e.issuu.com https://www.opentable.com https://cdn.otstatic.com https://www.googletagmanager.com https://connect.facebook.net https://unpkg.com https://polyfill.io; object-src 'none'; frame-ancestors 'self' https://*.okanagan.bc.ca https://*.kalamalkapress.ca https://*.myokanagan.bc.ca https://myokanagan.bc.ca; font-src 'self' https://fonts.gstatic.com https://*.kuali.co data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 1
report-uri https://forum-5.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-15323794f3db00c8b17d64631865ed79' 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net events.bouncex.net; script-src 'nonce-15323794f3db00c8b17d64631865ed79' 'nonce-9aae5874-2b7b-45ae-8bfe-5e91e02c5f8b' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com nexus.ensighten.com aexp.demdex.net *.bounceexchange.com analytics.newscred.com www.youtube.com s.ytimg.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com m.exactag.com/ai.aspx events.bouncex.net pixel.newscred.com jadserve.postrelease.com p.adsymptotic.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com www.linkedin.com/px/ www.facebook.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com alb.reddit.com sp.analytics.yahoo.com analytics.twitter.com t.co ad4.adfarm1.adition.com ad2.adfarm1.adition.com imagesrv.adition.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn adservice.google.com ad.doubleclick.net googleads.g.doubleclick.net ping.pdst.fm amex.sv.rkdms.com pixel.quantserve.com img.youtube.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; connect-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net wss://*.liveperson.net; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src aexp.demdex.net www.youtube.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; media-src 'self' blob: https: *.aexp.com *.americanexpress.com 1
default-src *; style-src 'self' https://www.jugendschutz.net 'unsafe-inline'; script-src 'self' https://www.jugendschutz.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.jugendschutz.net data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com/analytics.js; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mynextep.net https://*.nextepsystems.com http://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css; style-src-attr 'unsafe-inline'; img-src 'self' data: blob: http://www.google-analytics.com http://*.mynextep.net https://*.mynextep.net https://*.nextepsystems.com https://adobe.com/*; font-src 'self' https://fonts.googleapis.com https://*.mynextep.net https://*.nextepsystems.com https://fonts.gstatic.com http://netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/fontawesome-webfont.woff http://netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/fontawesome-webfont.ttf; connect-src 'self' https://*.mynextep.net https://*.nextepsystems.com https://www.google-analytics.com; media-src http://*.mynextep.net https://*.mynextep.net https://*.nextepsystems.com; object-src 'unsafe-inline' 'self'; child-src; frame-src 'self' https://*.duosecurity.com; worker-src; frame-ancestors 'self'; form-action 'self'; base-uri; manifest-src; 1
font-src 'self' fonts.gstatic.com cdn.appsflyer.com/creatives-fonts/ cs.inappstory.ru/ cdn.zvuk.com sber-zvuk.com;form-action 'self' sber-zvuk.com;base-uri 'self' sber-zvuk.com;manifest-src 'self' sber-zvuk.com;style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com fonts.googleapis.com cdn.zvuk.com sber-zvuk.com *.mindbox.ru;frame-ancestors 'self' *.sber.ru *.sber.com *.championat.com https://id.zvuk.com https://pr.zvuk.com;object-src 'none';media-src data: 'self' blob: *.zvuk.com unisound.cdnvideo.ru/static/creative/audio/ r.mradx.net *.emgsound.ru *.cdnvideo.ru *.101.ru:* *.n340.com:8443 *.hostingradio.ru:* icecast-zvezda.mediacdn.ru/radio/zvezda/zvezda_128 online.uniton.ru/uniton live.rzs.ru/ka.128.mp3 radio.mediacdn.ru radio.nikatv.ru online.mariafm.ru:8443/MariaFM 21220.web.hosting-russia.ru/transmit1044 stream.newradio.ru stream.studio21.ru online-fefm.signaltv.net:8443 hls.studio21.ru hls.newradio.ru air.unmixed.ru/lradio256 streamer01.1028.fm:8443/arstream microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64_reg_44 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_dacha_64_reg_1093 microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_14_dacha_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_18_vostok_64_reg_1 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_13_taxi_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_19_ruhit_64_reg_1 mg-kompas.ru/k1074 mg-kompas.ru/k1067 mg-kompas.ru/t1001 online2.gkvr.ru:8001/europa_eka_64.aac cdn.pifm.ru/mp3 hls.kalina.fm hls-radiokrasnodar.cdnvideo.ru radio.izhlife.ru hit.trkeurasia.ru sber-zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com cdn64.zvuk.com cdn.zvuk.com;child-src 'self' blob: sber-zvuk.com;frame-src 'self' *.fls.doubleclick.net/ sberzvook.clients.webcaster.pro hcaptcha.com *.hcaptcha.com mc.yandex.ru/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru sportrecs.com/embed/ secure.payture.com www.youtube.com/ online.sberbank.ru/CSAFront/oidc/authorizelow.do id.sber.ru content.adriver.ru sber-zvuk.com www.afisha.ru https://id.zvuk.com https://pr.zvuk.com vast.playmatic.video/ api.flocktory.com/ games.inappstory.com/;img-src 'self' data: blob: *.sber-zvuk.com *.zvuk.com *.zvooq.com zvooq.com zvuk.com www.tns-counter.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru/ profile.ssp.rambler.ru/ *.instreamatic.com unisound.cdnvideo.ru/static/creative/image/ *.adriver.ru x01.aidata.io pixel.konnektu.ru ad.mail.ru/ rtb-moscow.mail.ru *.ops.beeline.ru/ *.rtb.mts.ru/ an.yandex.ru/ rs.mail.ru/pixel/ r.mradx.net ad.doubleclick.net/ddm/trackimp/ kraken.rambler.ru/cnt/ login.vk.com cdn.appsflyer.com/creatives-mgmt/static-content/ analytics.tiktok.com impressions.onelink.me image-service.obs.ru-moscow-1.hc.sbercloud.ru obs-image-service-mz.obs.ru-moscow-1.hc.sbercloud.ru www.gstatic.com ssl.gstatic.com favicon.yandex.net/favicon/v2/zvuk.com cs.inappstory.ru/ sber-zvuk.com *.mindbox.ru secure.usedesk.ru vma.mts.ru/match/second api.flocktory.com/ ssp.rambler.ru mts-dsp-sync.rutarget.ru get4click.ru cdn.zvuk.com;connect-src data: 'self' catch.sbervisor.ru online.sberbank.ru id.sber.ru cms-res.online.sberbank.ru sve.online.sberbank.ru visor.sberbank.ru report.zvuk.com ads.adfox.ru *.adriver.ru tns-counter.ru ssp.rambler.ru kraken.rambler.ru dsp-rambler.ru *.ssp.rambler.ru *.instreamatic.com analytics.tiktok.com af-event-logger.appsflyer.com banner.appsflyer.com hcaptcha.com *.hcaptcha.com api.inappstory.ru/v2/ *.emgsound.ru hls.studio21.ru hls.newradio.ru hls-radiokrasnodar.cdnvideo.ru hls.kalina.fm *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr  *.sd-rtn.com wapi.afisha.ru creatives-cdn.appsflyer.com api.usedesk.ru pubsubsec2.usedesk.ru secure.usedesk.ru fcm.googleapis.com upload-bff.zvuk.com *.adlooxtracking.com:* zvuk.com msdrm.zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com   cdn64.zvuk.com zvuk.com monolith.zvq.me zvuk.com federation.zvq.me id.sber.ru wss://pubsubsec2.usedesk.ru firebase.googleapis.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com www.google-analytics.com cms-res-web.online.sberbank.ru/sberid/BlackList/Button/No_Button.json *.2gis.com *.2gis.ru;script-src 'nonce-5f9d262a-d72c-4e18-9344-c831b5ed47fe' 'self' ssp.rambler.ru/capirs_async.js hcaptcha.com *.hcaptcha.com dsp-rambler.ru/tpl/Unbounded/ ads.adfox.ru/getid content.adriver.ru ad.adriver.ru analytics.tiktok.com *.instreamatic.com websdk.appsflyer.com synchrobox.adswizz.com adlooxtracking.ru *.adlooxtracking.ru top-fwz1.mail.ru/js/code.js cdn.jsdelivr.net/npm/hls.js@latest sdk.inappstory.com/ sdk.inappstory.ru/ api.inappstory.ru/ *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr lib.usedesk.ru www.googletagmanager.com www.afisha.ru/w/ticketmanager.js get4click.ru api.flocktory.com partners.sbermarketing.ru/api/tracker/sdk.js 'sha256-ChUScVqwlZ5LajFSOi49H77LqYNje29cTNZM2V00VTM=' 'sha256-BvaZL6lFd0cUnpTj8qIXeZzuk2OsocIfThlS8sMe/D8=' *.2gis.com;default-src 'none';report-uri https://report.zvuk.com/api/21/security/?sentry_key=15d647f4c7eb422d98dc820cfc9b311f 1
frame-ancestors 'self' listerfertility.co.uk 1
frame-ancestors 'self' *.zendesk.com *.zdusercontent.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' *.youse.io *.youse.com.br *.zendesk.com *.visualwebsiteoptimizer.com *.privacytools.com.br *.appsflyer.com *.criteo.com *.g.doubleclick.net *.smooch.io https://checkoutshopper-test.adyen.com https://maps.googleapis.com https://www.google-analytics.com/gtm/optimize.js https://www.google-analytics.com/plugins/ua/ec.js *.facebook.net https://qa-widgets.youse.io/cookies-consent/production.min.js https://static.hotjar.com/c/hotjar-441708.js https://www.googleadservices.com/pagead/conversion_async.js https://rum-static.pingdom.net/pa-5bcf7f397e84eb0016000313.js https://bat.bing.com/bat.js https://s.yimg.com/wi/ytc.js https://tag.rmp.rakuten.com/121815.ct.js https://bat.bing.com/p/action/5224078.js https://script.hotjar.com/modules.7d3f952308caf42c2b67.js https://www.google-analytics.com/analytics.js https://static.ads-twitter.com/uwt.js; script-src-elem 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' *.voxus.com.br *.youse.io *.youse.com.br *.zendesk.com *.visualwebsiteoptimizer.com *.privacytools.com.br *.appsflyer.com *.criteo.com *.g.doubleclick.net *.smooch.io https://checkoutshopper-test.adyen.com https://maps.googleapis.com https://api.ipdata.co https://script.hotjar.com/ https://checkoutshopper-live.adyen.com https://live.adyen.com https://www.gstatic.com https://h.online-metrix.net https://static.zdassets.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.google-analytics.com/gtm/optimize.js https://www.google-analytics.com/plugins/ua/ec.js *.facebook.net https://qa-widgets.youse.io/cookies-consent/production.min.js https://static.hotjar.com/c/hotjar-441708.js https://www.googleadservices.com/pagead/conversion_async.js https://rum-static.pingdom.net/pa-5bcf7f397e84eb0016000313.js https://bat.bing.com/bat.js https://s.yimg.com/wi/ytc.js https://tag.rmp.rakuten.com/121815.ct.js https://bat.bing.com/p/action/5224078.js https://script.hotjar.com/modules.7d3f952308caf42c2b67.js https://www.google-analytics.com/analytics.js https://static.ads-twitter.com/uwt.js; object-src 'self' https://h.online-metrix.net; font-src data: *; img-src 'self' data: *.datocms-assets.com *; form-action 'self' *.youse.io *.youse.com.br; base-uri 'self'; 1
base-uri 'self'; block-all-mixed-content; frame-src 'self' https://player.vimeo.com app.hubspot.com youtube.com https://www.youtube.com assets.ctfassets.net https://consent-pref.trustarc.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://i.vimeocdn.com data: https://i.ytimg.com https://images.ctfassets.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://*.g.doubleclick.net https://*.google.com https://track.hubspot.com https://forms.hsforms.com https://consent.trustarc.com https://consent.truste.com; form-action 'self'; frame-ancestors 'self' app.contentful.com resources.planetscale.com 1
frame-ancestors *.manchester.ac.uk 'self' 1
object-src *; plugin-types application/pdf; script-src * 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms *.bing.com *.callrail.com *.doubleclick.net *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-scripts.com https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hs-scripts.com/ *.hubspot.com *.infusionsoft.app *.infusionsoft.com https://iptrack.io https://cdn.jsdelivr.net https://snap.licdn.com *.termly.io https://unpkg.com *.vimeo.com *.whoisvisiting.com https://dynamicedgeinc.b-cdn.net; connect-src 'self' *.hubspot.com *.hscollectedforms.net *.bing.com *.clarity.ms *.googlesyndication.com *.linkedin.com analytics.google.com cdn.linkedin.oribi.io *.callrail.com *.doubleclick.net *.google-analytics.com *.termly.io https://yoast.com *.wp-html-mail.com; img-src 'self' *.hsforms.com *.hubspot.com *.hsappstatic.net https://p.adsymptotic.com/ https://c.clarity.ms/ *.bing.com *.fbcdn.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.gravatar.com *.infusionsoft.app *.linkedin.com *.thememylogin.com *.w.org *.whoisvisiting.com *.wp-html-mail.com https://rlv.zcache.com https://dynamicedgeinc.b-cdn.net data:; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.googleapis.com https://dynamicedgeinc.b-cdn.net; base-uri 'self'; form-action 'self' https://analytics.wponlinesupport.com https://www.facebook.com *.infusionsoft.com *.infusionsoft.app *.salesforce.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com https://dynamicedgeinc.b-cdn.net data:; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.hsappstatic.net *.hubspot.com *.infusionsoft.app *.termly.io *.vimeo.com *.youtube.com; 1
script-src 'nonce-8RRGj7UoOK+tAznmPOvQCg==' 'strict-dynamic' 'unsafe-eval'; object-src 'none'; base-uri 'none' 1
script-src 'self' https://*.tradovate.com 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://apis.google.com https://www.google.com https://static.zdassets.com https://*.clarity.ms https://static.ada.support https://*.zopim.com https://*.indeed.com https://widget.trustpilot.com https://player.vimeo.com/api/player.js https://assets.calendly.com/assets/external/widget.js https://loader.wisepops.com/get-loader.js https://cdn.wisepops.com/shared/wisepops/9e0a8381eed553ad5ed5a3f2081f530c/265048.js https://forms.hsforms.com/embed/v3/form/546765/ea67c297-b514-4831-b863-f632d30a2909 https://js.hsforms.net/forms/v2.js https://cdn.userway.org www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://bat.bing.com https://static.ads-twitter.com https://analytics.twitter.com https://d.adroll.com/pixel/5QGDRA3FZFAFFBA7MVJBFK/VL6YVAG34ZHCJKUPM5G5SR https://d.adroll.mgr.consensu.org/consent/iabcheck/5QGDRA3FZFAFFBA7MVJBFK https://s.adroll.com/j/roundtrip.js https://js.hs-scripts.com/546765.js https://js-na1.hs-scripts.com/546765.js https://js.hs-analytics.net https://js.hs-banner.com/546765.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://pixel-geo.prfct.co/tagjs https://tag.marinsm.com/serve/5d66e6edb821e5933f000035.js https://www.redditstatic.com/ads/pixel.js https://cdn.heapanalytics.com https://heapanalytics.com https://znblxg1msi462olds-ninjatrader.siteintercept.qualtrics.com https://siteintercept.qualtrics.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: blob: https://*.tradovate.com https://tradovate.zendesk.com https://*.zopim.com https://*.zopim.io https://*.indeed.com https://cdn.userway.org https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://bat.bing.com https://t.co https://www.facebook.com https://track.hubspot.com https://d.adroll.com https://pixel-geo.prfct.co https://secure.adnxs.com https://alb.reddit.com https://analytics.twitter.com https://heapanalytics.com https://data.adxcel-ec2.com https://*.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://maxcdn.bootstrapcdn.com; default-src 'self' data: https://static.zdassets.com; base-uri 'self'; media-src 'self' https://static.zdassets.com https://cdn.userway.org; object-src 'none'; connect-src wss://*.tradovate.com https://*.tradovate.com wss://*.tradovateapi.com https://*.tradovateapi.com https://rollout.ada.support https://static.ada.support https://tradovate.ada.support https://sessions.bugsnag.com https://notify.bugsnag.com https://*.clarity.ms https://ekr.zdassets.com https://ekr.zendesk.com wss://tradovate.zendesk.com https://tradovate.zendesk.com wss://widget-mediator.zopim.com https://api.userway.org https://storage.googleapis.com https://www.google-analytics.com https://analytics.google.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://analytics.twitter.com https://www.facebook.com https://popup.wisepops.com https://tracking.wisepops.com https://stats.g.doubleclick.net https://alb.reddit.com https://bat.bing.com https://heapanalytics.com https://siteintercept.qualtrics.com; frame-src 'self' https://widget.trustpilot.com https://forms.hsforms.com https://www.cmegroup.com https://www.facebook.com https://cdn.userway.org https://calendly.com https://tradovate.ada.support https://bid.g.doubleclick.net; manifest-src https://*.tradovate.com; frame-ancestors https://*.tradovate.com https://*.ada.support 1
frame-ancestors 'self' https://biz.hitachi-hightech.com 1
default-src 'self'; img-src 'self' 'unsafe-inline' *.scontent-lcy1-1.cdninstagram.com * data: www.w3.org; frame-src 'self' *.vimeo.com *.player.vimeo.com *.soundcloud.com *.w.soundcloud.com *.sndcdn.com staticcontents.investis.com *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net bupa.stage-euw1.investis.com bupa.prod-euw1.investis.com *.doubleclick.net viz.tools.investis.com *.spotify.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.soundcloud.com *.sndcdn.com assets.investisdigital.com kenwheeler.github.io staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' 'unsafe-inline' data: kenwheeler.github.io fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.static.doubleclick.net https://static.hotjar.com *.hotjar.com *.googleads.g.doubleclick.net assets.investisdigital.com https://sc.lfeeder.com *.vimeo.com  *.player.vimeo.com *.soundcloud.com *.sndcdn.com *.doubleclick.net www.youtube.com staticcontents.investis.com otp.tools.investis.com viz.tools.investis.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com *.jquery.com irs.tools.investis.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com *.googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com  www.gstatic.com static.ads-twitter.com snap.licdn.com analytics.twitter.com fast.fonts.net *.typekit.net; media-src 'self' *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net; connect-src 'self' wss://ws.hotjar.com *.hotjar.com *.hotjar.io viz.tools.investis.com analytics.google.com *.google-analytics.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud *.typekit.net *.amazonaws.com *.google.com; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action not-configured-host www.kosmos.de payment.unzer.com www.sofort.com sbx-payment.heidelpay.com youtu.be youtube.com www.youtube.com komoot.de www.komoot.de www.yumpu.com play.google.com franz-zwerschina.itch.io fragkosmos.zendesk.com apps.apple.com  kosmos-prod.netformic.cloud noctis-spiele.de 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.express-scripts.com *.accredo.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.qualtrics.com *.cigna.com cdn.cookielaw.org *.onetrust.com; child-src 'self' blob: *.brightcove.net *.express-scripts.com *.accredo.com; connect-src 'self' *.express-scripts.com expressscriptsholdin.tt.omtrdc.net dpm.demdex.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net dotsub.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.mktoresp.com *.qualtrics.com *.akamaihd.net expressscripts.sc.omtrdc.net *.cigna.com cdn.cookielaw.org *.onetrust.com *.branch.io app.link bam.nr-data.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.accredo.com *.express-scripts.com; frame-src 'self' abesiemsen.github.io *.qualtrics.com expressscriptsholdingcompany.demdex.net *.accredo.com *.express-scripts.com tpidev7.com bcove.video players.brightcove.net *.doubleclick.net *.google.com; img-src 'self' data: *.accredo.com expressscripts.sc.omtrdc.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.boltdns.net *.qualtrics.com *.express-scripts.com dpm.demdex.net cm.everesttech.net *.googletagmanager.com *.doubleclick.net cdn.jsdelivr.net cdn.cookielaw.org *.onetrust.com *.branch.io app.link *.adsrvr.org *.google.com; media-src 'self' blob: *.brightcove.net *.brightcove.com *.dotsub.com *.express-scripts.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.qualtrics.com *.akamaihd.net dotsub.com; object-src 'self' *.accredo.com *.express-scripts.com *.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.everestjs.net *.cloudflare.com *.rawgit.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.dialogtech.com *.marketo.net *.qualtrics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.twitter.com *.accredo.com *.express-scripts.com *.cigna.com cdn.jsdelivr.net unpkg.com cdn.cookielaw.org *.onetrust.com snap.licdn.com *.facebook.net *.facebook.com *.branch.io app.link *.adsrvr.org *.google.com *.gstatic.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.express-scripts.com *.accredo.com *.cloudflare.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' *.express-scripts.com *.accredo.com 1
default-src 'self' *.picmir.pw; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.picmir.pw *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yandex.ru https://hcaptcha.com https://*.hcaptcha.com www.google.com www.gstatic.com blob:; img-src 'self' data: *.picmir.pw counter.yadro.ru *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yastat.net www.tns-counter.ru; style-src 'self' 'unsafe-inline' yastatic.net https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data:; frame-src 'self' tools.runetki.com *.yandex.com https://hcaptcha.com https://*.hcaptcha.com www.google.com; connect-src 'self' *.picmir.pw *.yandex.com *.yandex.ru http://*.yandex.ru https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; 1
frame-ancestors 'self' *.oxfam.de 1
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 1
frame-ancestors https://*.murrayscheese.com/; 1
frame-ancestors 'self' https://*.drfuhrman.com; report-uri /csp-report.ashx 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https: 1
report-uri /post/report/csp; report-to csp-endpoint; object-src 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' https://posten.boost.ai/chatPanel/ https://siteimproveanalytics.com/js/siteanalyze_6015663.js; style-src 'self' 'unsafe-inline'; img-src 'self' blob: https://6015663.global.siteimproveanalytics.io https://csi.gstatic.com:443 https://*.amazonaws.com:443 https://posten.boost.ai/img/ data:; font-src 'self'; connect-src 'self' https://script.google.com https://script.googleusercontent.com https://posten.boost.ai/api/ https://postentest.boost.ai/api/ https://kbkxsqvvqxsn.statuspage.io/api/ https://status.digipost.no; frame-src 'self' blob: https://www.posten.no https://www.youtube-nocookie.com:443; child-src 'self' blob: https://www.posten.no https://www.youtube-nocookie.com:443; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content 1
navigate-to hercrentals.com 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none'; default-src 'self' https://calendly.com/ https://wekaio.atlassian.net/ *.hsforms.com *.esnchocco.com *.brighttalk.com *.googleapis.com *.demandbase.com *.comeet.co *.comeet.com *.company-target.com *.doubleclick.net *.company-target.com *.calendly.com *.google.com *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.comeet.co *.gstatic.com *.podcastics.com *.comeet.com *.qualified.com *.hubspot.com *.youtube.com *.vimeo.com *.weka.io *.pantheonsite.io; font-src data: 'self' *.typekit.net *.calendly.com *.gstatic.com *.google.com *.esnchocco.com *.mutinycdn.com *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com; media-src blob: *.pantheonsite.io *.weka.io *.qualified.com  *.calendly.com *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.rawgit.com *.fusioncharts.com; frame-src 'self' https://calendly.com/ https://wekaio.atlassian.net/ *.brighttalk.com *.doubleclick.net *.esnchocco.com *.company-target.com *.calendly.com *.google.com *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.comeet.co *.gstatic.com *.podcastics.com *.comeet.com *.qualified.com *.hubspot.com  *.hsforms.com *.youtube.com *.vimeo.com *.weka.io *.pantheonsite.io; connect-src 'self' wss://ws.qualified.com *.fusioncharts.com *.esnchocco.com *.mktoresp.com *.marketo.net *.demandbase.com *.rawgit.com *.techtarget.com *.onetrust.com *.calendly.com *.gstatic.com *.weka.io *.google.com *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.zoominfo.com *.zi-scripts.com *.oribi.io *.ws.zoominfo.com *.ws-assets.zoominfo.com *.hsforms.com *.amazonaws.com *.mutinyhq.io *.mutinycdn.com *.qualified.com *.youtube.com *.vimeo.com *.googleapis.com *.google-analytics.com *.crazyegg.com/ *.hubspot.com *.comeet.co *.intercom.io *.company-target.com *.doubleclick.net; style-src 'self' *.weka.io *.googleapis.com *.calendly.com *.gstatic.com *.google.com *.comeet.co *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.esnchocco.com *.comeet.com 'unsafe-inline' *.bootstrapcdn.com *.podcastics.com *.typekit.net *.gstatic.com; script-src data: blob: gap: 'self' 'unsafe-inline' 'unsafe-eval' https://wekaio.atlassian.net/ https://rawgit.com *.rawgit.com *.cheekybranding.com *.esnchocco.com *.googleapis.com *.mktoresp.com *.marketo.net *.calendly.com *.fusioncharts.com  *.rawgit.com *.gstatic.com *.weka.io *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.pantheonsite.io *.zi-scripts.com *.zoominfo.com *.ws.zoominfo.com *.ws-assets.zoominfo.com *.comeet.co *.comeet.com *.hsforms.net *.hsforms.com *.podcastics.com *.mutinyhq.io *.mutinycdn.com *.hubspot.com *.google.com *.google.co.in *.gstatic.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.bootstrapcdn.com *.qualified.com *.comeet.co *.googletagmanager.com *.google-analytics.com *.techtarget.com *.demandbase.com *.intercom.io *.intercomcdn.com *.hs-scripts.com *.crazyegg.com *.jquery.com *.mutinycdn.com *.hsleadflows.net *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com *.licdn.com; img-src data: blob: 'self' *.weka.io *.cheekybranding.com *.esnchocco.com *.rawgit.com *.fusioncharts.com *.calendly.com *.gstatic.com *.brighttalk.com *.google.com *.cookielaw.org *.wistia.com *.litix.io *.akamaihd.net *.googletagmanager.com *.w.org *.google.com *.google.co.in *.podcastics.com *.gravatar.com *.linkedin.com *.hsforms.com *.hubspot.com *.comeet.co *.adsymptotic.com *.bidr.io *.rlcdn.com *.company-target.com *.techtarget.com *.google-analytics.com *.mutinycdn.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob: https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.mioskincare.com https://m.mioskincare.com https://checkout.mioskincare.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://ln-rules.rewardstyle.com https://*.sciencebehindecommerce.com https://*.recaptcha.net https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; img-src 'self' data: https:; 1
connect-src 'self' 'unsafe-inline'                                                                                                                   https://dc.services.visualstudio.com                                                                                                                  https://sso.eei.org                                                                                                                  https://stats.g.doubleclick.net                                                                                                                  https://www.cvent.com                                                                                                                  https://www.google-analytics.com                                                                                                                  https://*.hotjar.com                              https://analytics.google.com                                                                                                                  ;                                                                                                             default-src 'self' 'unsafe-inline';                                                                                                              font-src 'self' data:                                                                                                                 https://www.cvent-assets.com                                                                                                                 https://fonts.gstatic.com                                                                                                                                                                                                                                 ;                                                                                                             frame-src 'self'                                                                                                                 https://front.publing.co                                                                                                                 https://lsc-pagepro.mydigitalpublication.com                                                                                                   https://player.vimeo.com/                                                                                                                 https://www.podbean.com                                                                                                                 https://www.youtube.com                                                                                                                 https://www.youtube-nocookie.com                                                                                                                 ;                                                                                                             img-src 'self'                                                                                                                  https://www.google.com                                                                                                                 https://www.google-analytics.com                                                                                                                 ;                                                                                                             script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self'                                                                                                                  https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.1.js                                                                                                                 https://az416426.vo.msecnd.net/scripts/a/ai.0.js                                                                                                                 https://cdn.fusioncharts.com                                                                                                                 https://cdnjs.cloudflare.com                                                                                                                 https://code.jquery.com                                                                                                                 https://front.publing.co                                                                       https://player.vimeo.com/api/player.js                                                                                                                 https://www.cvent.com                                                                                                                 https://www.cvent-assets.com                                                                                                                 https://www.googletagmanager.com                                                                                                                 https://www.google-analytics.com/analytics.js                                                                                                                 https://*.hotjar.com                             https://analytics.google.com                                                                                                                 ;                                                                                                             style-src-elem  'report-sample' 'self' 'unsafe-inline'                                                                                                                  https://code.jquery.com                                                                                                                  https://fonts.googleapis.com                                                                                                                  https://www.cvent-assets.com                                                                                                                  ;                                                                                                             style-src 'report-sample' 'self' 'unsafe-inline'                                                                                                                  https://fonts.googleapis.com                                                                                                                  https://www.cvent-assets.com                                                                                                                 ;                                                                                                              upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-aj6/EVtYtcqyujyoCzYbJQ=='; style-src 'self' https: http://fonts.googleapis.com 'nonce-aj6/EVtYtcqyujyoCzYbJQ==' 1
frame-ancestors http://www.trf2.jus.br https://www.trf2.jus.br http://portalunificadodrupal10teste.jfrj.jus.br https://portalunificadodrupal10teste.jfrj.jus.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.top; img-src 'self' https: data: blob: https://mastodon.top; style-src 'self' https://mastodon.top 'nonce-ptz6FHUz4ZWb/LA2Jyjkwg=='; media-src 'self' https: data: https://mastodon.top; frame-src 'self' https:; manifest-src 'self' https://mastodon.top; form-action 'self'; child-src 'self' blob: https://mastodon.top; worker-src 'self' blob: https://mastodon.top; connect-src 'self' data: blob: https://mastodon.top https://mastodon.top wss://mastodon.top; script-src 'self' https://mastodon.top 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' https://5f3c395.ccm19.de/ https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com/ https://*.doubleclick.net/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' http://www.salesviewer.com/ http://salesviewer.org/ https://5f3c395.ccm19.de/ https://europe-west1-qnips-io.cloudfunctions.net https://*.bitbucket.org https://*.atlassian.com https://*.gravatar.com https://www.google-analytics.com https://*.doubleclick.net/ https://snap.licdn.com https://www.google.com https://cdn.linkedin.oribi.io; style-src 'self' https://5f3c395.ccm19.de/ https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; img-src * blob: data:; font-src 'self' https://fonts.gstatic.com data:; frame-src https://player.vimeo.com/ https://qnips-gmbh.jobs.personio.de/; prefetch-src 'self' https://5f3c395.ccm19.de/ https://www.googletagmanager.com/ https://www.google-analytics.com; frame-ancestors 'none' 1
default-src 'self' ;                style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://widget.mondialrelay.com https://api-clicandpay.groupecdn.fr https://scripts.publitas.com			https://api-clicandpay.groupcnd.fr;		img-src 'self' data:			https://ad.360yield.com https://ads.stickyadstv.com https://ads.yahoo.com https://c.bing.com https://cm.g.doubleclick.net			https://cm.meba.kr https://criteo-sync.teads.tv https://cw.addthis.com https://exchange.mediavine.com			https://googleads.g.doubleclick.net https://gum.criteo.com https://i.liadm.com https://ib.adnxs.com			https://match.sharethrough.com https://matching.ivitrack.com https://pixel.advertising.com			https://pixel.rubiconproject.com https://pixel.tapad.com https://public-prod-dspcookiematching.dmxleo.com			https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com			https://sp.analytics.yahoo.com https://sync-criteo.ads.yieldmo.com https://sync.ad-stir.com https://sync.outbrain.com		        https://t.mydialoginsight.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com			https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr			https://bat.bing.com https://ad.tpmn.co.kr https://tg.socdm.com https://adgen.socdm.com https://cs.adingo.jp			https://eb2.3lift.com https://contextual.media.net https://r.casalemedia.com https://adx.dable.io			https://x.bidswitch.net https://dis.criteo.com https://idsync.rlcdn.com https://d.turn.com https://*.clarity.ms			https://sync-t1.taboola.com https://ad.as.amanad.adtdp.com https://trends.revcontent.com https://cl.avis-verifies.com			https://googletagmanager.com https://sbm.nate.com https://jadserve.postrelease.com https://cdn.stickyadstv.com			https://*.cloudfront.net https://criteo-partners.tremorhub.com https://cm.adform.net https://widget.mondialrelay.com			https://maps.gstatic.com https://maps.googleapis.com https://*.tile.openstreetmap.org https://www.mondialrelay.com			https://statics.pushaddict.com https://notifpush.com blob: https://gjigle.com https://t.paypal.com https://reductionsprivees.com https://tbs.tradedoubler.com https://storage.googleapis.com			https://api-clicandpay.groupecdn.fr https://view.publitas.com http://preprod-sc.station-chargeur.com https://eu1-doofinderuser.s3.amazonaws.com https://assets.sc-trc.com                        https://static.reductionsprivees.com https://graphql.reductionsprivees.com https://www.googletagmanager.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval'                        https://maps.googleapis.com http://cl.avis-verifies.com https://cl.avis-verifies.com https://cdn.doofinder.com                        https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com			https://static.criteo.net https://connect.facebook.net https://www.googleadservices.com			https://asseteasydmp.net https://t.mydialoginsight.com https://gjigle.com			https://bat.bing.com https://notifpush.com https://www.googletagmanager.com https://sdk.reductionsprivees.com			https://www.google-analytics.com https://asset.easydmp.net https://*.cloudfront.net https://googleads.g.doubleclick.net			https://*.clarity.ms https://sslwidget.criteo.com https://dynamic.criteo.com https://ajax.googleapis.com			https://widget.mondialrelay.com https://unpkg.com https://www.youtube.com https://youtube.com https://secure-api.notifadz.com			https://secure-trig.notifadz.com https://www.paypalobjects.com https://www.paypal.com https://api-clicandpay.groupecdn.fr https://scripts.publitas.com https://view.publitas.com			https://www.google.com https://www.gstatic.com https://d3js.org http://preprod-sc.station-chargeur.com https://assets.sc-trc.com https://api-clicandpay.groupecnd.fr			https://tpc.googlesyndication.com https://trk.adbutter.net https://acdn.adnxs.com;                connect-src 'self' 			https://cdn.cookielaw.org https://eu1-search.doofinder.com https://maps.googleapis.com			https://*.salecycle.com https://privacyportal-fr.onetrust.com https://www.clarity.ms			https://awsapis3.netreviews.eu https://www.google-analytics.com https://notifpush.com			wss://ws.salecycle.com https://stats.g.doubleclick.net https://*.clarity.ms			https://widget.mondialrelay.com https://secure-apis.notifadz.com https://adservice.google.com			https://www.google.com https://gddglis.com https://gjigle.com https://secure-api.notifadz.com https://secure-trig.notifadz.com https://www.paypal.com https://reductionsprivees.com			https://services.publitastest.nl http://preprod-sc.station-chargeur.com https://ducatillon-privacy.my.onetrust.com https://region1.google-analytics.com			https://assets.sc-trc.com https://pagead2.googlesyndication.com;                font-src 'self' https://fonts.gstatic.com https://cl.avis-verifies.com;                child-src 'self'			https://cl.avis-verifies.com https://gum.criteo.com https://s.salecycle.com https://asset.easydmp.net https://gjigle.com			https://www.facebook.com https://dynamic.criteo.com https://www.avis-verifies.com https://youtube.com https://www.youtube.com https://www.paypal.com https://maps.google.fr https://google.com			https://www.google.com https://api-clicandpay.groupecdn.fr http://preprod-sc.station-chargeur.com https://view.publitas.com https://www.ecologie.gouv.fr https://td.doubleclick.net; 1
frame-ancestors 'self' *.excelsior.com.mx *.jediteam.mx *.imagendigital.com securepubads.g.doubleclick.net *.doubleclick.net *.melodijolola.com *.salud180.com 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://sicherheitsdatenblatt.lidl.at; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-82f189109e326837e8502ca212c0d293'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' dienste.kvb.de *.kv-safenet.de player.vimeo.com www.youtube.com 'nonce-f1f42d43d540d0bdee' 'nonce-2f592fc519148caa94' 'nonce-dcf0717be384513bce'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; font-src 'self'; connect-src 'self' dienste.kvb.de *.kv-safenet.de; report-uri https://7dx7gcb3.uriports.com/reports/enforce; report-to https://7dx7gcb3.uriports.com/reports/enforce 1
frame-ancestors 'self' uptimerobot.com; 1
script-src 'nonce-tamgHi9JQmVxWctWQlUrFA==' 'self' cdn.cookielaw.org ajax.googleapis.com www.google-analytics.com cmp.springernature.com www.googletagmanager.com; object-src 'none'; base-uri 'none' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=AU&lang=en-AU&device=desktop&yrid=2acndq1iqu4rc&partner=; 1
default-src 'self'; script-src 'unsafe-inline' *; font-src *; style-src 'unsafe-inline'  *; img-src 'self' data: *; connect-src 'self' *; frame-src * 1
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; frame-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; font-src 'self' https://fonts.gstatic.com data:; 1
default-src * data: blob: 'self'; connect-src https: data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://*.google.com https://853-gwt-606.mktoresp.com https://api.segment.io https://stats.g.doubleclick.net wss://*.hotjar.com wss://*.bing.com *.aptrinsic.com *.zoominfo.com; font-src data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com https://cdn.jsdelivr.net; frame-src data: blob: 'self' https://*.azureedge.net https://*.avepoint.com https://*.eventbrite.com https://*.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://www.googletagmanager.com https://tpc.googlesyndication.com https://lpcdn.lpsnmedia.net https://vars.hotjar.com https://*.osano.com https://boards.greenhouse.io https://www.facebook.com https://www.youtube.com https://*.liveperson.net https://pixel.mathtag.com https://c.sharethis.mgr.consensu.org https://sdx.microsoft.com https://*.sharethis.com https://*.twitter.com https://*.linkedin.com https://recaptcha.net https://*.recaptcha.net https://www.avepoint.com.cn https://*.clickagy.com https://avepoint.widget.insent.ai https://*.eventbrite.com https://*.buzzsprout.com; img-src https: data: blob: 'self' https://*.azureedge.net https://*.avepoint.com *.aptrinsic.com https://*.googleapis.com; media-src 'self' https://*.azureedge.net https://*.avepoint.com https://lpcdn.lpsnmedia.net https://maps.gstatic.com https://*.googleapis.com https://*.twitter.com; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com https://*.azureedge.net https://*.avepoint.com https://*.eventbrite.com https://sessionize.com https://*.clickagy.com https://*.6sc.co https://accdn.lpsnmedia.net https://*.bing.com https://*.clarity.ms https://c212.net https://cdn.c212.net https://cdn.segment.com https://*.osano.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://ajax.googleapis.com https://*.idio.co https://lpcdn.lpsnmedia.net https://*.liveperson.net https://x.clearbitjs.com https://tag.clearbitscripts.com https://marketo.clearbit.com https://ml314.com https://munchkin.marketo.net https://*.hotjar.com https://snap.licdn.com https://*.zoominfo.com https://js.zi-scripts.com https://www.googletagmanager.com https://www.gstatic.com https://www.gstatic.cn https://www.redditstatic.com https://*.greenhouse.io https://s3.amazonaws.com https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://www.youtube.com https://maps.googleapis.com https://*.sharethis.com https://pixel.mathtag.com https://s.yimg.jp https://static.ads-twitter.com https://*.twitter.com https://a.omappapi.com https://*.adroll.com https://cdn.ampproject.org https://cdn.polyfill.io https://*.yahoo.co.jp https://visualsponline.azurewebsites.net https://cdnjs.cloudflare.com https://recaptcha.net https://*.recaptcha.net *.aptrinsic.com https://*.admatrix.jp https://*.taboola.com https://avepoint.us3.list-manage.com https://avepoint.widget.insent.ai https://insentdev.widget.insent.ai https://prod.impartner.live https://packages.prmcdn.io https://*.eventbrite.com https://*.buzzsprout.com https://*.weglot.com; style-src 'self' 'unsafe-inline' https://*.azureedge.net https://*.avepoint.com https://sessionize.blob.core.windows.net https://sessionize.com https://tagmanager.google.com https://*.googleapis.com https://*.greenhouse.io https://static-exp1.licdn.com https://cdn-images.mailchimp.com https://use.fontawesome.com https://cdn.jsdelivr.net https://*.osano.com https://*.bing.com https://*.clarity.ms https://cdnjs.cloudflare.com *.aptrinsic.com https://www.googletagmanager.com https://optimize.google.com https://packages.prmcdn.io https://*.weglot.com; object-src 'self' data: 'unsafe-eval'; worker-src 'self' blob: https://*.azureedge.net https://*.avepoint.com https://*.osano.com https://*.recaptcha.net; report-uri https://webcspr.sharepointguild.com; frame-ancestors 'self' https://*.azureedge.net https://*.avepoint.com https://*.maivenpoint.com https://www.avepoint.com.cn https://www.avepointonlineservices.com https://apwebapptest.azurewebsites.net https://maiven.sharepointguild.com https://*.dealhub.io; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; media-src https: data: blob:; report-uri https://api.clearbooks.co.uk/security-reporting/csp 1
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 1
default-src 'self';font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.episerver.net;img-src 'self' data: *.gstatic.com *.google.com *.lakemedelsverket.open-analytics.se *.episerver.net *.vizzit.se;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vizzit.se *.readspeaker.com *.episerver.net *.kiprotect.com *.lakemedelsverket.open-analytics.se *.vo.msecnd.net *.gstatic.com *.google.com *.jquery.com *.bootstrapcdn.com *.aslint.org;style-src 'self' 'unsafe-inline' *.readspeaker.com *.bootstrapcdn.com *.episerver.net *.vizzit.se *.googleapis.com;frame-src 'self' *.screen9.com *.google.com;frame-ancestors 'self';connect-src 'self' *.vizzit.se *.lakemedelsverket.open-analytics.se *.services.visualstudio.com;report-uri /api/csp/cspreport 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://js.na.chilipiper.com https://cdn.tutorialjinni.com https://d.adroll.com https://*.hubspotusercontent-na1.net https://*.hubspot.net https://platform.twitter.com https://platform.linkedin.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://www.googleoptimize.com  https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com  https://js.usemessages.com  https://js.hsleadflows.net  https://js.hsadspixel.net  https://js.hs-analytics.net  https://js.hscollectedforms.net  https://js.hs-banner.com  https://app.hubspot.com  https://www.googletagmanager.com  https://connect.facebook.net  https://snap.licdn.com  https://s.adroll.com  https://ipv4.d.adroll.com  https://cdn.freshbots.ai  https://s.adroll.com  https://code.jquery.com  https://www.googletagmanager.com  https://googleads.g.doubleclick.net https://cdn-cookieyes.com https://*.hsappstatic.net https://*.ads-twitter.com https://cdn.jsdelivr.net https://*.unifonic.com https://maps.googleapis.com https://d10zminp1cyta8.cloudfront.net https://static.hotjar.com/ https://script.hotjar.com/;; upgrade-insecure-requests 1
default-src 'self' *.my.club *.hotjar.com;img-src 'self' * blob: data: android-webview-video-poster:;script-src 'self' *.my.club *.hotjar.com 'unsafe-inline' *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.strpjmp.com www.googleadservices.com www.googletagmanager.com;script-src-attr 'none';connect-src 'self' *.my.club *.hotjar.com *.google-analytics.com *.google.com *.googleapis.com *.amplitude.com *.doubleclick.net *.fanclubs.tech *.flixstorage.com *.hotjar.io wss://*.hotjar.com wss://*.my.club wss://my.club;media-src 'self' *.my.club blob: *.ahcdn.com *.strpst.com;style-src 'self' *.my.club *.hotjar.com 'unsafe-inline';frame-src * data:;report-uri /_csp 1
frame-ancestors 'self' mychart.sfmc.net ecs-mc-tv101.sfmc.net; 1
default-src 'self';script-src 'self' https://*.ticketinghub.com https://*.hotjar.com 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.hotjar.com *.youtube.com *.amazonaws.com *.hawleywharfcamden.com hawleywharfcamden.com *.buckstreet.market buckstreet.market www.camdenmarket.com *.camdenmarket.com *.exposebox.com *.windows.net *.googletagmanager.com *.google-analytics.com *.googleanalytics.com *.jquery.com *.us4.list-manage.com yoast.com unpkg.com *.cookiepro.com *.facebook.net *.cloudflare.com static.cloudflareinsights.com fast.wistia.com *.google.com *.gstatic.com *.instagram.com instagram.com cdn.jsdelivr.net *.googleoptimize.com optimize.google.com *.vimeocdn.com;style-src 'self' 'unsafe-inline' https://*.hotjar.com *.youtube.com *.mailchimp.com *.hawleywharfcamden.com hawleywharfcamden.com *.buckstreet.market buckstreet.market *.windows.net *.googleapis.com unpkg.com *.fontawesome.com *.cookiepro.com yoast.com maxcdn.bootstrapcdn.com *.googleoptimize.com optimize.google.com;img-src 'self' https://*.hotjar.com 'unsafe-inline' data: blob: *;child-src 'self' facebook.com instagram.com twitter.com *.hawleywharfcamden.com *.buckstreet.market *.exposebox.com yoast.com *.vimeo.com *.googleoptimize.com optimize.google.com;connect-src 'self' wss: https://*.ticketinghub.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://camdenmarket.us4.list-manage.com http://staging.camdenmarket.com *.hotjar.com *.camdenmarket.com *.hawleywharfcamden.com *.buckstreet.market yoast.com *.joomunited.com *.arcgis.com *.mapbox.com stats.g.doubleclick.net *.google-analytics.com *.googleanalytics.com *.instagram.com instagram.com *.cookiepro.com *.googleoptimize.com optimize.google.com *.camdenmarket.com;font-src 'self' https://*.hotjar.com 'unsafe-inline' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com yoast.com maxcdn.bootstrapcdn.com;frame-src 'self' https://*.ticketinghub.com *.hotjar.com *.youtube.com *.hawleywharfcamden.com *.buckstreet.market *.exposebox.com *.vimeo.com *.facebook.com *.cdnx.co.uk *.google.com *.instagram.com *.googleoptimize.com optimize.google.com;worker-src 'self' blob:;upgrade-insecure-requests;report-to default;media-src 'self' *.cdninstagram.com wp-media-staging.camdenmarket.com wp-media.camdenmarket.com wp-media.buckstreet.market wp-media.hawleywharfcamden.com 1
frame-ancestors https://artecgroup.zendesk.com https://cloud.artec3d.com https://support.artec-group.com http://webvisor.com 1
frame-ancestors 'self' *.scitrus.com https://scitrus.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-62f02b89e9b717c035743a5052258860'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.nextdayflyers.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
base-uri 'self' https://tall.ndla.no;default-src 'self' blob:;upgrade-insecure-requests;script-src 'self' 'unsafe-inline'  'unsafe-eval' http://api-gateway.ndla-local https://*.ndlah5p.com https://h5p.org https://*.ndla.no https://players.brightcove.net http://players.brightcove.net https://players.brightcove.net *.nrk.no http://nrk.no https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://cdn.auth0.com https://vjs.zencdn.net https://httpsak-a.akamaihd.net *.brightcove.com *.facebook.net *.twitter.com *.twimg.com *.brightcove.net bcove.me bcove.video *.api.brightcove.com *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.edgefcs.net *.akafms.net *.edgesuite.net *.akamaihd.net *.analytics.edgekey.net *.deploy.static.akamaitechnologies.com *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net  *.gallerysites.net ndla.no *.ndla.no cdnjs.cloudflare.com https://*.zendesk.com https://static.zdassets.com cdn.jsdelivr.net https://*.dataporten.no https://*.clarity.ms https://app-script.monsido.com;frame-src blob: http://api-gateway.ndla-local *.nrk.no nrk.no *.vg.no vg.no https://www.tv2skole.no/ *.elevkanalen.no elevkanalen.no https://www.scribd.com/ https://www.youtube.com ndla.no *.ndlah5p.com https://h5p.org *.ndla.no *.slideshare.net slideshare.net *.vimeo.com vimeo.com *.ndla.filmiundervisning.no ndla.filmiundervisning.no *.prezi.com prezi.com *.commoncraft.com commoncraft.com *.embed.kahoot.it *.brightcove.net embed.kahoot.it fast.wistia.com https://khanacademy.org/ *.khanacademy.org/ *.vg.no/ *.facebook.com *.twitter.com e.issuu.com new.livestream.com livestream.com channel9.msdn.com tomknudsen.no www.tomknudsen.no geogebra.org www.geogebra.org ggbm.at www.imdb.com imdb.com miljoatlas.miljodirektoratet.no www.miljostatus.no miljostatus.no phet.colorado.edu lab.concord.org worldbank.org *.worldbank.org ted.com embed.ted.com embed.molview.org reader.pubfront.com ebok.no trinket.io codepen.io public.flourish.studio flo.uri.sh ourworldindata.org *.sketchup.com www.gapminder.org www.facebook.com fb.watch sketchfab.com jeopardylabs.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ndla.no https://tagmanager.google.com *.twitter.com *.twimg.com;font-src 'self' data: https://*.ndla.no cdnjs.cloudflare.com https://*.clarity.ms cdn.jsdelivr.net;img-src 'self' http://api-gateway.ndla-local https://*.ndla.no https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net http://metrics.brightcove.com https://httpsak-a.akamaihd.net https://*.boltdns.net https://www.nrk.no/ https://ssl.gstatic.com https://www.gstatic.com https://*.clarity.ms https://ndla.zendesk.com tracking.monsido.com *.facebook.com *.twitter.com *.twimg.com  data:;media-src 'self' blob: https://*.ndla.no *.brightcove.com brightcove.com;connect-src  'self'  http://api-gateway.ndla-local https://*.ndla.no https://logs-01.loggly.com https://edge.api.brightcove.com https://*.brightcove.com https://bcsecure01-a.akamaihd.net https://hlsak-a.akamaihd.net https://*.google-analytics.com https://*.analytics.google.com https://*.zendesk.com https://ekr.zdassets.com https://ltiredirect.itslearning.com https://platform.itslearning.com cdn.jsdelivr.net https://*.dataporten.no https://*.clarity.ms;form-action 'self';object-src 'none';script-src-attr 'none' 1
frame-ancestors 'self' *.league.dev *.myhighmarkonline.com *.beneficity.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 1
frame-ancestors self staging.fundsindia.com www.fundsindia.com www.partner.fundsindia.com partner.fundsindia.com stagingpartner.fundsindia.com ; 1
default-src 'self' https://fuse.emilfrey.ch https://dash.freywohnmobil.ch https://*.emilfrey.ch/* https://nest.revolution.efg.prod.pixelgenau.dev/ https://sales-api.revolution.efg.prod.pixelgenau.dev/ https://sst.emilfrey.ch https://appointments.efg.prod.pixelgenau.dev/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fuse.emilfrey.ch https://www.youtube.com www.googletagmanager.com storage.googleapis.com i.ytimg.com https://d3ibz5jl4uhfvr.cloudfront.net/ https://api.yousty.ch www.google.com www.google.nl www.google.de cdn.jsdelivr.net www.googleoptimize.com api-fra.livechatinc.com api.livechatinc.com app.cituro.com cdn.jsdelivr.net/npm/cookieconsent cdn.livechatinc.com commerce-chat.com connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com *.matelso.de script.hotjar.com snap.licdn.com static.hotjar.com vc.hotjar.io www.google-analytics.com www.googleadservices.com cdn.livechatinc.com https://sst.emilfrey.ch https://*.matelso.de/webtracking/4/ https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://adservice.google.com  https://adservice.google.ch https://*.messengerpeople.com; style-src 'self' 'unsafe-inline' 'report-sample' www.googletagmanager.com storage.googleapis.com i.ytimg.com app.cituro.com cdn.jsdelivr.net commerce-chat.com fonts.googleapis.com https://sst.emilfrey.ch https://www.youtube.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://res.cloudinary.com https://img.jobcloud.ai https://emilfrey-pp-release.imgix.net https://vehicle.imgix.net *.google-analytics.com *.analytics.google.com www.google.nl http://dash.freywohnmobil.ch/storage/ https://dash.freywohnmobil.ch/ googleads.g.doubleclick.net/ https://hr-portal.emilfrey.ch https://partnerprofile.autoglobal.ch yousty-widget-assets.s3.eu-central-1.amazonaws.com www.google.de https://vp-ch.emilfreydigital.hr vp-ch.emilfreydigital.hr cas01.autoscout24.ch connect.facebook.net maps.googleapis.com maps.gstatic.com px.ads.linkedin.com res.cloudinary.com www.facebook.com www.google-analytics.com www.google.ch www.google.com www.googletagmanager.com https://maps.gstatic.com https://fuse.emilfrey.ch https://emilfrey-mip.imgix.net https://mips-live.imgix.net https://sst.emilfrey.ch https://api.emilfrey.ch https://hr-portal.emilfrey.ch https://www.google.co.uk https://dash-emilfrey-prod.imgix.net https://emilfrey-fe-prod.imgix.net https://emilfrey-be-prod.imgix.net https://cdn.livechat-files.com https://autoscout.imgix.net https://ch.insidehub.io https://img.jobcloud.ai https://jotrack.s3.amazonaws.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://adservice.google.com  https://adservice.google.ch https://www.youtube.com https://mips-live.imgix.net https://google.ch https://www.google.de https://www.google.co.uk https://www.google.ca https://www.google.it https://www.google.id https://www.google.nl https://www.google.mk https://www.google.br https://www.google.fr https://www.google.rs https://www.google.hu https://www.google.us https://www.google.ba https://www.google.tr https://www.google.nz https://www.google.au https://www.google.gr https://freywohnmobile.imgix.net https://static.hotjar.com https://script.hotjar.com; connect-src 'self' https://res.cloudinary.com https://vehicle.imgix.net https://img.jobcloud.ai https://emilfrey-pp-release.imgix.net https://*.emilfrey.ch https://*.emilfrey.ch/* https://fuse.emilfrey.ch wss://fuse.emilfrey.ch www.googletagmanager.com *.google-analytics.com *.analytics.google.com www.google.nl storage.googleapis.com i.ytimg.com https://dash.freywohnmobil.ch https://www.yousty.ch https://api.yousty.ch https://www.facebook.com maps.googleapis.com www.google.de analytics.google.com api-fra.livechatinc.com commerce-chat.com dash.emilfrey.ch in.hotjar.com vc.hotjar.io mautic.efg.pixelgenau.info *.matelso.de stats.g.doubleclick.net www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.livechatinc.com https://d3ibz5jl4uhfvr.cloudfront.net/ https://app.cituro.com api.livechatinc.com https://fonts.googleapis.com https://maps.gstatic.com https://www.google.ch https://www.google.com https://emilfrey-mip.imgix.net https://mips-live.imgix.net https://sst.emilfrey.ch https://yousty-widget-assets.s3.eu-central-1.amazonaws.com https://*.matelso.de/webtracking/4/ https://dash-emilfrey-prod.imgix.net https://emilfrey-fe-prod.imgix.net https://emilfrey-be-prod.imgix.net https://vimeo.com https://player.vimeo.com https://nest.revolution.efg.prod.pixelgenau.dev/ wss://nest.revolution.efg.prod.pixelgenau.dev https://sales-api.revolution.efg.prod.pixelgenau.dev/ https://appointments.efg.prod.pixelgenau.dev/ https://cdn.livechat-files.com https://www.googleadservices.com https://connect.facebook.net https://autoscout.imgix.net https://login.emilfrey.ch https://myemilfrey.emilfrey.ch https://ch.insidehub.io https://img.jobcloud.ai https://jotrack.s3.amazonaws.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://adservice.google.com  https://adservice.google.ch https://www.youtube.com https://mips-live.imgix.net https://google.ch https://www.google.de https://www.google.co.uk https://www.google.ca https://www.google.it https://www.google.id https://www.google.nl https://www.google.mk https://www.google.br https://www.google.fr https://www.google.rs https://www.google.hu https://www.google.us https://www.google.ba https://www.google.tr https://www.google.nz https://www.google.au https://www.google.gr https://freywohnmobile.imgix.net https://widget.msgp.pl  https://api.appengage.sinch.com https://*.messengerpeople.com  wss://*.messengerpeople.dev; font-src 'self' storage.googleapis.com www.googletagmanager.com i.ytimg.com https://d3ibz5jl4uhfvr.cloudfront.net/ https://www.emilfrey.ch cdn.cituro.com commerce-chat.com fonts.gstatic.com https://sst.emilfrey.ch https://www.youtube.com https://cdn.livechatinc.com https://script.hotjar.com; frame-src 'self' www.googletagmanager.com storage.googleapis.com i.ytimg.com e.issuu.com https://www.google.com https://www.google.nl https://cdn.flipsnack.com https://www.yousty.ch https://www.youtube.com https://www.youtube-nocookie.com https://app.cituro.com *.doubleclick.net *.fls.doubleclick.net secure-fra.livechatinc.com vars.hotjar.com vc.hotjar.io www.facebook.com https://sst.emilfrey.ch https://fonts.gstatic.com https://login.emilfrey.ch https://myemilfrey.emilfrey.ch https://issuu.com https://*.jotform.com; manifest-src 'self'; object-src 'none'; media-src 'self' https://cdn.livechatinc.com https://sst.emilfrey.ch https://api.emilfrey.ch https://emilfrey.ch https://www.youtube.com https://cdn.messengerpeople.com; worker-src 'self' data: https://res.cloudinary.com https://img.jobcloud.ai https://emilfrey-pp-release.imgix.net https://vehicle.imgix.net *.google-analytics.com *.analytics.google.com www.google.nl http://dash.freywohnmobil.ch/storage/ https://dash.freywohnmobil.ch/ googleads.g.doubleclick.net/ https://hr-portal.emilfrey.ch https://partnerprofile.autoglobal.ch yousty-widget-assets.s3.eu-central-1.amazonaws.com www.google.de https://vp-ch.emilfreydigital.hr vp-ch.emilfreydigital.hr cas01.autoscout24.ch connect.facebook.net maps.googleapis.com maps.gstatic.com px.ads.linkedin.com res.cloudinary.com www.facebook.com www.google-analytics.com www.google.ch www.google.com www.googletagmanager.com https://maps.gstatic.com https://fuse.emilfrey.ch https://emilfrey-mip.imgix.net https://mips-live.imgix.net https://sst.emilfrey.ch https://api.emilfrey.ch https://hr-portal.emilfrey.ch https://www.google.co.uk https://dash-emilfrey-prod.imgix.net https://emilfrey-fe-prod.imgix.net https://emilfrey-be-prod.imgix.net https://cdn.livechat-files.com https://autoscout.imgix.net https://ch.insidehub.io https://img.jobcloud.ai https://jotrack.s3.amazonaws.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://adservice.google.com  https://adservice.google.ch https://www.youtube.com https://mips-live.imgix.net https://google.ch https://www.google.de https://www.google.co.uk https://www.google.ca https://www.google.it https://www.google.id https://www.google.nl https://www.google.mk https://www.google.br https://www.google.fr https://www.google.rs https://www.google.hu https://www.google.us https://www.google.ba https://www.google.tr https://www.google.nz https://www.google.au https://www.google.gr https://freywohnmobile.imgix.net https://static.hotjar.com https://script.hotjar.com https://res.cloudinary.com https://vehicle.imgix.net https://img.jobcloud.ai https://emilfrey-pp-release.imgix.net https://*.emilfrey.ch https://app.cituro.com https://api.livechatinc.com https://fonts.googleapis.com https://maps.gstatic.com https://www.google.ch https://www.google.com https://www.google.nl https://dash-emilfrey-prod.imgix.net https://emilfrey-fe-prod.imgix.net https://emilfrey-be-prod.imgix.net https://nest.revolution.efg.prod.pixelgenau.dev/ https://sales-api.revolution.efg.prod.pixelgenau.dev/ https://appointments.efg.prod.pixelgenau.dev/ https://www.googleadservices.com https://connect.facebook.net https://autoscout.imgix.net https://fonts.gstatic.com https://login.emilfrey.ch https://myemilfrey.emilfrey.ch https://ch.insidehub.io https://mips-live.imgix.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://adservice.google.com  https://adservice.google.ch https://www.youtube.com https://cdn.livechatinc.com https://freywohnmobile.imgix.net https://*.jotform.com https://*.messengerpeople.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net/ https://ltfl.librarything.com/ https://www.librarything.com/ https://assets.wogaa.sg/ https://p.typekit.net https://poly-webchat.vica.gov.sg https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://cdnjs.cloudflare.com https://ka-f.fontawesome.com https://use.typekit.net https://maxcdn.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline'; frame-src 'self' https://pcmap-tp.netlify.app/ https://td.doubleclick.net/ https://temasekpolytechnic.wufoo.com/ https://content.googleapis.com/ https://drive.google.com/ https://www.instagram.com/ https://flipbookpdf.net/ https://www.flipbookpdf.net/ https://momento360.com/ https://wogaa.demdex.net/ https://ltfl.librarything.com/ https://temasekpolytechnic.demdex.net/ https://www.facebook.com/ https://jointpoly-prd.mybluemix.net/ https://temasekpoly-prd.mybluemix.net/ https://cetchatbot-dev.azurewebsites.net/ https://siichatbot-dev.azurewebsites.net/ https://www.google.com/ *.youtube.com https://12053952.fls.doubleclick.net/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/; script-src 'self' https://www.us14.list-manage.com/ https://cdn.lordicon.com/ https://s3.amazonaws.com/downloads.mailchimp.com/ https://ads-engagement.presage.io/ https://www.presage.io/ https://static.wufoo.com/ https://secure.wufoo.com/ https://content.googleapis.com/ https://www.instagram.com/ https://unpkg.com/ https://app-script.monsido.com/ https://cdn.jsdelivr.net/ https://poly-webchat.vica.gov.sg/ https://connect.facebook.net/ https://snap.licdn.com/ *.googletagmanager.com https://assets.dcube.cloud/ *.youtube.com *.adobedtm.com https://www.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://heatmaps.monsido.com https://www.google.com/ https://assets.wogaa.sg/ https://analytics.tiktok.com/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://unbound.syndetics.com https://ltfl.librarything.com/ https://lgapi-au.libapps.com/ https://code.jquery.com https://kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ioc.exchange; img-src 'self' https: data: blob: https://ioc.exchange; style-src 'self' https://ioc.exchange 'nonce-cAPuJnu0MJv8t1Yoqoyr1Q=='; media-src 'self' https: data: https://ioc.exchange; frame-src 'self' https:; manifest-src 'self' https://ioc.exchange; form-action 'self'; child-src 'self' blob: https://ioc.exchange; worker-src 'self' blob: https://ioc.exchange; connect-src 'self' data: blob: https://ioc.exchange https://files.ioc.exchange wss://ioc.exchange; script-src 'self' https://ioc.exchange 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.com.vn *.doubleclick.net *.facebook.net *.facebook.com *.jsdelivr.net *.amazonaws.com *.cloudflare.com *.hotjar.com *.hotjar.io *.singpost.com *.youtube.com *.nice-incontact.com data: *.newrelic.com *.nr-data.net; report-uri /report-csp-violation 1
default-src 'self' https://*.phasezero.xyz https://*.optimabatteries.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.google-analytics.com https://cxpoptimauat.phasezero.xyz https://app.usercentrics.eu https://www.clarity.ms https://*.doubleclick.net https://*.hotjar.com https://*.optimabatteries.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.hotjar.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com useast2devbrandsites.blob.core.windows.net useast2prodbrandsites.blob.core.windows.net useast2qabrandsites.blob.core.windows.net d4xkw526ofe75.cloudfront.net d2lum58i3w4swj.cloudfront.net dd06uqodq6kyk.cloudfront.net cxpoptimacmsdev.phasezero.xyz cxpoptimacmsqa.phasezero.xyz dev.optimabatteries.com qa.optimabatteries.com cxpoptimacmsuat-b.phasezero.xyz https://*.usercentrics.eu https://www.google.com prod1.optimabatteries.com https://*.hotjar.com https://*.optimabatteries.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com/ https://app.usercentrics.eu https://www.googletagmanager.com https://servedby.flashtalking.com https://*.doubleclick.net/ https://*.phasezero.xyz https://*.optimabatteries.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://cxpoptimauat.phasezero.xyz https://www.google-analytics.com https://maps.googleapis.com/ https://analytics.google.com/ https://*.usercentrics.eu https://*.googlesyndication.com https://*.hotjar.io/ *.hotjar.com wss://ws.hotjar.com https://*.clarity.ms https://*.phasezero.xyz https://*.azurewebsites.net https://*.optimabatteries.com; media-src 'self' data: blob: d4xkw526ofe75.cloudfront.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.phasezero.xyz https://*.optimabatteries.com web-chat.nativechat.com; frame-ancestors https://*.phasezero.xyz https://*.optimabatteries.com 'self' 1
frame-ancestors 'self' https://*.scmgroup.com/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob: *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
frame-ancestors 'self' *.vergic.com practice.acceptcare.com 1
frame-ancestors 'self' http://*.contactsdirect.com https://*.contactsdirect.com https://www.contactsdirect.com https://uat.contactsdirect.com https://www.examappts.com https://*.glasses.com; 1
default-src 'self' ; connect-src 'self' blob: wss://wormhole.app https://*.backblaze.com https://*.backblazeb2.com ; img-src 'self' blob: data: ; media-src 'self' blob: ; object-src 'none' ; script-src 'self' ; style-src 'self' 'unsafe-inline' ; base-uri 'none' ; frame-ancestors 'self' ; form-action 'self' ; 1
base-uri 'self';connect-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com https://api.spotify.com https://api.found.ee https://api.recurly.com https://stckjs.stackify.com https://rum.stackify.com *.cookieyes.com cdn-cookieyes.com;default-src 'self' https://api.recurly.com;font-src 'self' https://*.hearnow-cdn.com fonts.gstatic.com;form-action 'self' https://auth.cdbaby.com;frame-src 'self' site-stats.hearnow.com mailto: https://open.spotify.com https://accounts.spotify.com https://api.recurly.com;img-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com data: https://open.scdn.co https://www.gstatic.com cdn-cookieyes.com;media-src 'self' content.cdbaby.com;object-src 'none';script-src 'self' 'nonce-hfiBsmGttk4vmcjnmr3REKBlVNZw8QNh' https://*.hearnow-cdn.com site-stats.hearnow.com https://found.ee/dmp/pixel.js https://*.adnxs.com https://api.recurly.com https://js.recurly.com https://stckjs.stackify.com cdn-cookieyes.com;style-src 'self' 'unsafe-inline' https://*.hearnow-cdn.com https://api.recurly.com https://js.recurly.com fonts.googleapis.com 1
default-src 'self' 'unsafe-eval' ws:; frame-src 'self' https://quote-request.mymsc.com/ https://notifications.mymsc.com https://identityserver.msc.com https://mscciam.b2clogin.com https://ddp-portal-prod.mymsc.com/ https://mvp-portal-prod.mymsc.com/ *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.hotjar.com csxd.contentsquare.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com; script-src-elem 'self' blob: 'unsafe-inline' https://t.contentsquare.net https://app.contentsquare.com https://www.clarity.ms https://www.googletagmanager.com  https://js.monitor.azure.com https://go.microsoft.com  https://www.google-analytics.com  https://s.go-mpulse.net https://s.yimg.jp https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://notifications.mymsc.com https://cdn.cookielaw.org https://services.mymsc.com *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.bing.com *.hotjar.com; img-src * 'self' data: https: content: *.contentsquare.net;  style-src * 'self' 'unsafe-inline';  media-src * blob:;  object-src 'self'; worker-src 'self' blob: data:; font-src 'self' https: data:;   connect-src 'self' https:  https://notifications.mymsc.com wss: *.contentsquare.net; child-src blob:;  frame-ancestors 'self';  base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://chimpstatic.com https://www.google-analytics.com https://siteimproveanalytics.com https://www.googletagmanager.com https://www.google.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com https://public.tableau.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; img-src 'self' https://i.ytimg.com https://www.linkedin.com https://files-skywest-com.s3.us-west-2.amazonaws.com https://*.siteimproveanalytics.io https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.skywest.com https://placehold.it https://www.placeholder.com https://placeholder.com https://public.tableau.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.youtube.com https://youtube.com https://public.tableau.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com 1
frame-ancestors 'self' aruplab.csod.com scorm.com connect.aruplab.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NGIyMDUyNmY5OWNlNGEyZThiYzRiZWM4MDU3YTEzMjU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ncsc.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ncsc.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ncsc.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' www.myambiance.com.au www.bsrgroup.com.au www.furniturezone.com.au www.stancash.com.au www.billyguyatts.com.au 1
upgrade-insecure-requests; frame-ancestors 'self';default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.pendo.io https://*.storage.googleapis.com https://*.careporthealth.com https://*.pndsn.com; 1
frame-ancestors 'self' http://www.philips.ua *.philips.com *.philips.ua https://philipsigtdpv.com 1
frame-ancestors 'self' *.datacore.com https://datacore.custhelp.com/ https://www.perifery.com/ 1
object-src 'none'; report-uri https://www.mintz.com/report-uri/enforce 1
upgrade-insecure-requests; frame-ancestors 'self';object-src data: 'unsafe-eval'; default-src 'self' *.glance.net *.humanamilitary.com *.day.com *.everesttech.net *.g.doubleclick.net *.doubleclick.net *.day.com *.mpeasylink.com *.cloud.coveo.com *.orghipaa.coveo.com  *.analytics.orghipaa.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;style-src 'self' 'unsafe-Inline' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;img-src 'self' *.glance.net *.humanamilitary.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;font-src 'self' data: *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com 1
default-src 'self' https: blob: data: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.bellmts.ca https://fonts.googleapis.com https://hello.myfonts.net https://maxcdn.bootstrapcdn.com https://static.cloud.coveo.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'unsafe-inline' https://bellmaps.korem.com https://www.youtube.com https://tagmanager.google.com https://*.mts.ca https://tagmanager.google.com; script-src 'self' https://*.bellmts.ca https://accdn.lpsnmedia.net https://ajax.googleapis.com https://cdn.datatables.net https://code.jquery.com https://connect.facebook.net https://cse.google.com https://dnn506yrbagrg.cloudfront.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://maps.google.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.cloud.coveo.com https://va.v.liveperson.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.gstatic.com https://www.youtube.com https://playerlauncher.stingray.com https://bat.bing.com https://cdn.cookielaw.org https://www.clarity.ms 'sha256-H5TrXMeQJg6UUqvTMafIi00AvjDSLr1tYu5Z8iw/S3I=' 'sha256-vekoQat6t3svFlA/wyLBrQqp2qunOD7DpFcYM8WWTQY=' 'sha256-RLQMkrisFIyNJm2qd3lo+eOd55jAyTVwZ018VENcuyU=' 'sha256-ryWDl+ZHywCd+QmJPLhZJFaBg2xocEpYIiWM99VIhU4=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-V++5RwIrD5/XmiyQeF3Zimg/kQ1Cant75TtuDRikkkI=' 'sha256-4g64YaFWvv2Mi/LXZN/oSg7gmLKRiEEUqlAzh7B/j1M=' 'sha256-Z85GkSsMngP3j3841xTv04wwwn1oFtVZyfCUiEZK84M=' 'sha384-csFtHjOC/GZXafomo/Wsq9dsUDZUyvpCfRT8C4mc4s3TB/2Xo2vBbqkBZYEhAPOy' 'sha256-k5ARkEV2Fz0IN+GrMrIskb9DbxJBo5TPv23dxRTylZQ=' 'sha384-JTLZhfQGlj1Op6TIhlwOBYm5n0kw2Ay0VTUBblRYc6KxGK/i56M3K9Wa0BOlF7uO' 'sha384-JfnQ3JIc2KB6b+U4SwTITxrs0JuofWCNrJkot2uevcohUMvUm6qMrIiBnoIyLVRA' 'sha384-g2hp8f2sjtN/i+bmSD9Gm5Cdza9tq32l9D8R/q0mqOz6RN8ElUhkHSATcyT87rSo' 'sha256-3lCaLXiH4mLnUAXgQV8Y0WRPtZCVIcewvPVZAbKKA4U=' 'sha384-Qy0CedBHExB2+61g+5qgu6xnlkjC3/aTc874sXSWUFaZl4UqKA8EXy4avQ8sxXXT' 'sha256-W37jxF91u0IMC8Pu0UGzI8qFnMbzXcSJlKCZLsue6uc=' https://beacon.sojern.com https://ms1.eigendev.com https://ssl.google-analytics.com https://tagmanager.google.com https://c.bing.com https://*.int.bellmts.ca https://*.bellmts.ca https://bellmaps.korem.com https://cdnjs.cloudflare.com https://px.ads.linkedin.com https://ssl.google-analytics.com https://static.doubleclick.net https://tagmanager.google.com https://c.bing.com; img-src 'self' data: https://*.bellmts.ca https://*.mts.ca https://adservice.google.com https://cdn0.iconfinder.com https://connect.facebook.net https://lpcdn.lpsnmedia.net https://maps.gstatic.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net *.bing.com https://fonts.gstatic.com https://cdn.cookielaw.org *.ggpht.com *.googleapis.com https://ad.doubleclick.net https://adservice.google.com https://bellmaps.korem.com https://cm.g.doubleclick.net https://i.ytimg.com https://ib.adnxs.com https://maps.google.com https://match.adsrvr.org https://pixel.sojern.com https://www.linkedin.com https://yt3.ggpht.com https://10644187.fls.doubleclick.net https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://prdbellweb.hs.llnwd.net https://ms1.eigendev.com https://www.linkedin.com https://10644187.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; font-src 'self' https://*.bellmts.ca https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://*.bellmts.ca https://adservice.google.ca https://adservice.google.com https://2987979.fls.doubleclick.net https://lpcdn.lpsnmedia.net https://recaptcha.google.com https://sales.liveperson.net https://www.google.com https://www.facebook.com https://apitool.tve.na1.verimatrixcloud.net https://www.youtube.com https://www.bell.ca https://10644187.fls.doubleclick.net https://2987979.fls.doubleclick.net https://*.mts.ca http://*.bellmts.ca https://acs.adgear.com https://ms1.eigendev.com https://www.facebook.com https://10644187.fls.doubleclick.net https://2987979.fls.doubleclick.net; media-src 'self' https://lpcdn.lpsnmedia.net https://www.bell.ca; connect-src 'self' *.bellmts.ca *.mts.ca *.bell.ca https://sales.liveperson.net https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.ca *.bing.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportaluat.onetrust.com https://p.clarity.ms https://ms1.eigendev.com https://maps.googleapis.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://maps.noord-holland.nl https://geoapps.noord-holland.nl https://app.springcast.fm https://datalab.noord-holland.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-NjU1Zjc3ZWEtN2E1MC00YzcwLTk4NjItYWM3MzNjMDhhZTY2' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-NjU1Zjc3ZWEtN2E1MC00YzcwLTk4NjItYWM3MzNjMDhhZTY2' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' *.picmir2.pw; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.picmir2.pw *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yandex.ru https://hcaptcha.com https://*.hcaptcha.com www.google.com www.gstatic.com blob:; img-src 'self' data: *.picmir2.pw counter.yadro.ru *.st02.net *.yandex.com *.yandex.net *.yandex.ru http://*.yandex.ru yastatic.net yastat.net www.tns-counter.ru; style-src 'self' 'unsafe-inline' yastatic.net https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data:; frame-src 'self' tools.runetki.com *.yandex.com https://hcaptcha.com https://*.hcaptcha.com www.google.com; connect-src 'self' *.picmir2.pw *.yandex.com *.yandex.ru http://*.yandex.ru https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.io; img-src 'self' https: data: blob: https://mstdn.io; style-src 'self' https://mstdn.io 'nonce-m3sAIRVkVk+QERzDywEcpA=='; media-src 'self' https: data: https://mstdn.io; frame-src 'self' https:; manifest-src 'self' https://mstdn.io; form-action 'self'; child-src 'self' blob: https://mstdn.io; worker-src 'self' blob: https://mstdn.io; connect-src 'self' data: blob: https://mstdn.io https://media.mstdn.io wss://mstdn.io; script-src 'self' https://mstdn.io 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
frame-ancestors 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; 1
frame-ancestors http://admin.bangor.com http://www.bangor.com 1
default-src 'self' 'unsafe-inline' https://ociservices.gov.in/js/ https://ociservices.gov.in/css/  ; img-src 'self' data: 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' static.addtoany.com utt.impactcdn.com cdn.inpwrd.net content.inpwrd.net *.adobedtm.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src content.inpwrd.net *.google.com transunion.demdex.net *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' mysmartmove.pxf.io smartmove.pxf.io rentals-secure-uat.shareable.com rentals-api.shareable.com s.yimg.com api.iterable.com dpm.demdex.net *.tt.omtrdc.net wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.ifgza3.net smartmove.pxf.io *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.mysmartmove.com *.adobeaemcloud.com *.transunion.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com mysmartmove.pxf.io *.logs-01.loggly.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.dastereo.ru/logs/ https://www.dastereo.ru/sidekiq/ https://www.dastereo.ru/mini-profiler-resources/ https://www.dastereo.ru/assets/ https://www.dastereo.ru/extra-locales/ https://www.dastereo.ru/highlight-js/ https://www.dastereo.ru/javascripts/ https://www.dastereo.ru/plugins/ https://www.dastereo.ru/theme-javascripts/ https://www.dastereo.ru/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://www.dastereo.ru/assets/ https://www.dastereo.ru/javascripts/ https://www.dastereo.ru/plugins/; report-uri https://www.dastereo.ru/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors sync.me getdrupe.com; 1
default-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; font-src *; img-src * data:; object-src 'none'; 1
frame-ancestors https://*.trine.edu; 1
default-src * data: https: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors https://www.cupraofficial.de https://author-seat-stage63.adobecqms.net https://seat-stage63.adobecqms.net https://author-seat-prod63.adobecqms.net https://seat-prod63.adobecqms.net 'self' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-aee1e814-5158-497b-b318-70a75ebf515b' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
frame-ancestors 'self' https://www.weddingwire.ca https://community.weddingwire.ca https://landing.weddingwire.ca 1
report-uri https://www.nodepositbonus.cc 1
upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' wpengine.com *.wpengine.com *.netdna-ssl.com sarcos.com *.sarcos.com *.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.vimeo.com *.hs-scripts.com *.w3.org *.gstatic.com *.licdn.com *.google-analytics.com *.cloudfront.net *.stackadapt.com *.vimeocdn.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.luckyorange.net *.doubleclick.net *.hubspot.com *.hubapi.com *.google.com *.google.co.in *.googleadservices.com *.gravatar.com *.adsymptotic.com *.adobe.com *.newtonsoftware.com recruitingbypaycor.com *.ytimg.com *.youtube.com *.hubspotusercontent30.net *.hubspotusercontent-na1.net *.jazz.co;object-src 'self' data: 'unsafe-inline' 'unsafe-eval' wpengine.com *.wpengine.com *.netdna-ssl.com sarcos.com *.sarcos.com *.bootstrapcdn.com *.googleapis.com *.googletagmanager.com *.vimeo.com *.hs-scripts.com *.w3.org *.gstatic.com *.licdn.com *.google-analytics.com *.cloudfront.net *.stackadapt.com *.vimeocdn.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.luckyorange.net *.doubleclick.net *.hubspot.com *.hubapi.com *.google.com *.google.co.in *.googleadservices.com *.gravatar.com *.adsymptotic.com *.adobe.com *.newtonsoftware.com recruitingbypaycor.com *.ytimg.com *.youtube.com *.hubspotusercontent30.net *.jazz.co *.hubspotusercontent-na1.net 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://*.princesscasino.ro https://bingo-sw360.pragmaticplay.net 1
default-src *; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'; connect-src *; font-src 'self' data:; img-src * data:; frame-src 'self' https://connect.trezor.io https://beta.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com; frame-ancestors 'self' https://mycrypto.com https://app.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com 1
frame-ancestors https://forum.zenphoto.org 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors * https://app.hubspot.com; frame-src *; 1
frame-ancestors 'self' https://harga-emas.org/ https://pluang-production-uploads.s3-ap-southeast-1.amazonaws.com/ 1
frame-ancestors 'self' investors.lilium.com lilium-preview.gcs-web.com lilium.gcs-web.com; 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss:; font-src https:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https: 1
base-uri 'self'; default-src 'none'; font-src * data:; form-action 'self'; img-src * data: blob: 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'none'; media-src 'none' 1
default-src 'self' *.akamaized.net *.googlevideo.com *.ivi.ru *.mc.yandex.ru *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru blob: csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com instaloader.net marketingplatform.google.com mc.yandex.md mc.yandex.ru media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net unidownloader.com video-preview.s3.yandex.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com;frame-ancestors *.stackd.ru *.webvisor.com metrica.yandex.com.tr metrica.yandex.com metrika.yandex.by metrika.yandex.ru unidownloader.com webvisor.com;frame-src 'self' *.sharethis.com *.stackd.ru c.sharethis.mgr.consensu.org googleads.g.doubleclick.net mc.yandex.md mc.yandex.ru pagead2.googlesyndication.com survey.unidownloader.com tpc.googlesyndication.com udlsetup.ru www.google.com www.youtube.com;img-src 'self' *.rutube.ru *.sharethis.com *.tiktokcdn.com avatars.dzeninfra.ru avatars.mds.yandex.net data: i.mycdn.me i.vimeocdn.com i.ytimg.com i1.sndcdn.com instaloader.net mc.yandex.ru pagead2.googlesyndication.com pic.rutube.ru prismic.stackdeploy.ru unidownloader.cdn.prismic.io unidownloader.com www.google-analytics.com www.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru blob: cdn.jsdelivr.net cdnjs.cloudflare.com mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net;script-src-elem 'self' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru application/javascript cdn.jsdelivr.net cdnjs.cloudflare.com data:  mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;upgrade-insecure-requests;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none' 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ;img-src *  blob: ; 1
frame-ancestors 'self' https://info.a10networks.com https://glm.a10networks.com; 1
upgrade-insecure-requests;              form-action 'self';              frame-ancestors 'self';              object-src 'none';              base-uri 'none';              img-src                  https://static.ads-twitter.com                  https://s.amazon-adsystem.com                  https://*.bing.com                  https://ad.doubleclick.net                  https://*.g.doubleclick.net                  https://www.facebook.com                  https://*.google.ca                  https://*.google.com                  https://*.googletagmanager.com                  https://*.google-analytics.com                  https://ssl.gstatic.com                  https://www.gstatic.com                 https://ads.linkedin.com                  https://www.linkedin.com                  https://px.ads.linkedin.com                  https://ct.pinterest.com                  https://alb.reddit.com                  https://t.co                  https://qualtrics.com                  https://static-assets.qualtrics.com                  https://yul1.qualtrics.com                  https://analytics.twitter.com                  https://*.virtualearth.net                  https://sp.analytics.yahoo.com                  'self'                  data:;              media-src                  https://doubleclick.net                  'self';              font-src                  https://fonts.gstatic.com                  https://typekit.net                  https://use.typekit.net                  'self'                 data:;              connect-src                  https://static.ads-twitter.com                  https://s.amazon-adsystem.com                  https://www.bing.com                  https://ad.doubleclick.net                  https://*.g.doubleclick.net                  https://*.google.ca                  https://*.google.com                  https://*.googletagmanager.com                  https://*.google-analytics.com                  https://mktoresp.com                  https://047-pbv-647.mktoresp.com                  https://342-bkg-026.mktoresp.com                  https://ads.linkedin.com                  https://www.linkedin.com                  https://cdn.linkedin.oribi.io                  https://ct.pinterest.com                  https://siteintercept.qualtrics.com                  https://tealiumiq.com                  https://collect.tealiumiq.com                  https://s.yimg.com                  'self';          1
default-src victoriabitter.com.au;script-src *.azurewebsites.net *.victoriabitter.com.au victoriabitter.com.au cdn.jsdelivr.net blob: 'unsafe-inline' www.googletagmanager.com www.google-analytics.com analytics.google.com www.google.com www.gstatic.com static.hotjar.com script.hotjar.com *.krxd.net  *.cloudfront.net cub947.activehosted.com cub-common-components.azureedge.net gift-creation.vercel.app giftflick.com.au giftcreation.giftflick.com.au tag.lexer.io connect.facebook.net *.youtube.com;style-src *.azurewebsites.net 'unsafe-inline' *.victoriabitter.com.au victoriabitter.com.au giftcreation.giftflick.com.au gift-creation.vercel.app giftflick.com.au fonts.googleapis.com fonts.gstatic.com;font-src *.azurewebsites.net data: *.victoriabitter.com.au victoriabitter.com.au fonts.googleapis.com fonts.gstatic.com;media-src *.blob.core.windows.net *.victoriabitter.com.au victoriabitter.com.au victoria-bitter-cdn.azureedge.net gf-cdn.s3-ap-southeast-2.amazonaws.com data: videos.giftflick.com.au blob: *.youtube.com *.azurewebsites.net;img-src *.azurewebsites.net *.victoriabitter.com.au victoriabitter.com.au www.google-analytics.com www.googletagmanager.com www.google.com www.google.com.au www.facebook.com *.krxd.net data: cdn.shopify.com img.youtube.com gf-cdn.s3-ap-southeast-2.amazonaws.com gf-cdn.s3.ap-southeast-2.amazonaws.com data:;connect-src *.victoriabitter.com.au *.azurewebsites.net www.google-analytics.com analytics.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io/ www.google.com www.gstatic.com *.doubleclick.net victoriabitter.com.au dc.services.visualstudio.com victoria-bitter.myshopify.com cub-common-api-management.azure-api.net api-1house.azure-api.net upload-medias.s3.amazonaws.com upload-medias.s3.ap-southeast-2.amazonaws.com blob: *.youtube.com *.lexer.io *.applicationinsights.azure.com;frame-src vars.hotjar.com *.victoriabitter.com.au www.google.com *.krxd.net victoriabitter.com.au www.youtube.com 1
frame-ancestors 'self' https://*.vaasa.fi https://*.waltti.fi 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com *.google-analytics.com https://*.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net dev.visualwebsiteoptimizer.com *.leadfamly.com https://*.pinterest.com https://connect.facebook.net https://*.adform.net https://*.adnxs.com *.hotjar.com *.hotjar.io *.pinimg.com *.mailplus.nl https://*.gstatic.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://pipeline.operaballet.nl https://blokks.co https://themes.blokks.cloud https://*.clarity.ms https://widget.slinger.to; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com cdn.jsdelivr.net https://tagmanager.google.com https://fonts.googleapis.com dev.visualwebsiteoptimizer.com https://*.leadfamly.com *.mailplus.nl https://www.operaforwardfestival.nl https://operaforwardfestival.nl https://*.operaballet.nl themes.blokks.cloud https://widget.slinger.to; img-src 'self' data: i.vimeocdn.com https://*.operaballet.nl i.ytimg.com cdn.jsdelivr.net *.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.doubleclick.net *.google.com *.google.nl https://*.pinimg.com https://*.pinterest.com https://*.facebook.com https://*.seadform.net https://dev.visualwebsiteoptimizer.com https://*.leadfamly.com https://img.youtube.com/vi/ *.clarity.ms  https://c.bing.com uploads.blokks.cloud; media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net https://*.pinimg.com; frame-src 'self' https://www.lessonup.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com *.google-analytics.com https://www.googletagmanager.com https://m16.mailplus.nl https://*.doubleclick.net https://assets.pinterest.com  https://www.facebook.com https://*.adform.net https://*.hotjar.com https://c.spotler.com https://c.spotler.io  https://www.arte.tv https://*.google.com https://viewer.pdf-online.nl/ https://w.soundcloud.com/ https://open.spotify.com/ https://player.vimeo.com/ https://*.leadfamly.com https://*.operaballet.nl https://wdgt.slinger.to; child-src 'self'; font-src 'self' https://*.leadfamly.com https://fonts.gstatic.com https://themes.blokks.cloud; connect-src 'self' https://sentry.netvlies.nl *.google-analytics.com https://www.google.com/pagead/landing https://pagead2.googlesyndication.com *.leadfamly.com https://*.doubleclick.net https://*.hotjar.com https://*.pinterest.com https://consentcdn.cookiebot.com https://blokks.co https://*.operaballet.nl *.clarity.ms; report-uri /report-csp-violation 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'; 1
default-src 'self' data: 'unsafe-inline' blob:;child-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://dam.lexusasia.com https://*.metadome.ai https://preview.babylonjs.com https://curator-assets.b-cdn.net;report-uri https://o624961.ingest.sentry.io;font-src 'self' data: https://static.lexusasia.com https://font.googleapis.com https://*.metadome.ai https://preview.babylonjs.com/;connect-src 'self' data: blob: https://http-cookie.lexusindia.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com https://api-js.mixpanel.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com https://o624961.ingest.sentry.io wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;style-src 'self' data: 'unsafe-inline' https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://img.en25.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com https://o624961.ingest.sentry.io wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/;img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://curator-assets.b-cdn.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://tracking.lexusindia.co.in https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://www.googleadservices.com https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;worker-src 'self' blob:;frame-src 'self' https://*.fls.doubleclick.net https://www.lexusfinance.co.in/ https://tags.tiqcdn.com https://www.google.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://bs.serving-sys.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com; 1
base-uri 'none'; default-src 'self' data: https: blob: wss: *.crazyegg.com; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'blob: https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://maps.googleapis.com https://www.recaptcha.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.dealer-fp-usa.com/ https://play.webvideocore.net/ *.crazyegg.com https://www.googletagmanager.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
child-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.hotjar.com https://*.sitescout.com https://cataniaoils.com; connect-src 'self' 'unsafe-inline' https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.klaviyo.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.shopify.com https://*.wistia.com https://*.youtube.com https://cataniaoils.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com self wss://*.hotjar.com; default-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.getelevar.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.klaviyo.com https://*.shopify.com https://cataniaoils.com self; font-src 'self' data: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.gstatic.com https://cataniaoils.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.issuu.com https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://*.sitescout.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://cataniaoils.com https://s-static.ak.facebook.com https://tagmanager.google.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.cardlytics.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.klaviyo.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.shopify.com https://*.sitescout.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://cataniaoils.com https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://storage.pardot.com https://www.googletagmanager.com self; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.wistia.com/ https://cataniaoils.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.jsdelivr.net https://*.klaviyo.com https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.optmnstr.com https://*.pardot.com https://*.pixel.ad https://*.predictiveresponse.net https://*.shopify.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://cataniaoils.com https://connect.facebook.net https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com self; style-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.getelevar.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gravatar.com https://*.jsdelivr.net https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://cataniaoils.com https://tagmanager.google.com self; worker-src 'self' blob: data: file: filesystem: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://cataniaoils.com; frame-ancestors https://*.doubleclick.net self 1
frame-ancestors 'self' https://*.daytonastate.edu https://*.omniupdate.com http://*.omniupdate.com 1
default-src data: www.google-analytics.com *.datatables.net fonts.googleapis.com fonts.gstatic.com *.senado.cl  'self' 'unsafe-inline' 'unsafe-eval'; script-src *.google-analytics.com ssl.google-analytics.com *.jsdelivr.net *.cloudflare.com *.datatables.net facebook.com *.facebook.com *.rawgit.com www.googletagmanager.com www.gstatic.com www.google.com data: s0.2mdn.net 'unsafe-inline' 'unsafe-eval' 'self'; frame-src www.google.com www.youtube.com www.facebook.com janus-tv.senado.cl slr.senado.cl 'self'; img-src * 'self' blob: data: ; 1
child-src blob: 'self' *.fls.doubleclick.net assets.adfenix.com blob: pay.judopay.com player.vimeo.com *.addthis.com foxtons.na1.echosign.com secure.na1.echosign.com spec.co widget.trustpilot.com www.facebook.com; connect-src 'self' data: *.euw2.pure.cloud wss://webmessaging.euw2.pure.cloud wss://streaming.euw2.pure.cloud *.googlesyndication.com *.foxtons.co.uk *.clarity.ms https://*.google.com https://*.google.co.uk api.adfenix.com bat.bing.com ft.foxtons.co.uk *.addthis.com maps.googleapis.com *.ingest.sentry.io *.crazyegg.com https://*.g.doubleclick.net www.facebook.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.foxtons.co.uk *.fls.doubleclick.net *.clarity.ms adservice.google.com analytics.twitter.com assets-tracking.crazyegg.com *.foxtons.co.uk bat.bing.com blob: cdn.jsdelivr.net connect.facebook.net *.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com foxtons-static.global.ssl.fastly.net ft.foxtons.co.uk maps.googleapis.com maps.gstatic.com page-assets.foxtons.co.uk page-videos.foxtons.co.uk pagestates-tracking.crazyegg.com player.vimeo.com script.crazyegg.com spec.co static.ads-twitter.com stats.g.doubleclick.net t.co www.facebook.com www.google-analytics.com www.google.com www.googleoptimize.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdn.neverbounce.com *.sharepointonline.com page-assets.foxtons.co.uk; form-action 'self' 'unsafe-inline' javascript: bosintegweb bos bostrainweb bidx1.com www.tfl.gov.uk www.facebook.com; frame-ancestors 'self' *.foxtons.co.uk; frame-src 'self' td.doubleclick.net *.adobe.io *.adobe.com biddingagent.bidx1.com biddingagent-ppt.bidx1.com apps.euw2.pure.cloud player.simplecast.com www.instagram.com *.documents.adobe.com *.youtube-nocookie.com *.echocdn.com optimize.google.com www.youtube.com view.pagetiger.com vimeo.com foxtons.fixflo.com *.trendmicro.com tpc.googlesyndication.com *.judopay.com *.foxtons.co.uk widget.trustpilot.com foxtons-uat.fixflo.com *.fls.doubleclick.net assets.adfenix.com my.matterport.com player.vimeo.com *.addthis.com foxtons.na1.echosign.com secure.na1.echosign.com spec.co www.facebook.com; img-src 'self' *.basemaps.cartocdn.com *.yhd.net analytics.twitter.com *.foxtons.co.uk images.unsplash.com *.ytimg.com upload.wikimedia.org connect.facebook.net https://*.google.com https://*.google.co.uk translate.googleapis.com https://*.doubleclick.net https://googleads.g.doubleclick.net *.imgix.net images.twenty7tec.com *.googleapis.com *.foxtons.co.uk api.sfnix.net bat.bing.com web.facebook.com *.bing.com *.clarity.ms data: *.cloudfront.net fo-api.omnitagjs.com foxtons-static.global.ssl.fastly.net i.vimeocdn.com *.ggpht.com *.googleusercontent.com maps.googleapis.com secure.adnxs.com sneak-peek.imgix.net t.co www.facebook.com *.google-analytics.com https://*.analytics.google.com www.googletagmanager.com https://*.googletagmanager.com *.gstatic.com pagead2.googlesyndication.com; media-src data: *.foxtons.co.uk page-videos.foxtons.co.uk; object-src 'self' *.foxtons.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.foxtons.co.uk *.echosign.com apps.euw2.pure.cloud tpc.googlesyndication.com pixels.omnitagjs.com secure.adnxs.com www.googleadservices.com *.clarity.ms analytics.twitter.com api.sfnix.net bat.bing.com cdn.adfenix.com connect.facebook.net *.cloudfront.net foxtons.na1.echosign.com *.addthis.com *.googleapis.com page-assets.foxtons.co.uk *.addthis.com script.crazyegg.com static.ads-twitter.com v1.addthisedge.com widget.trustpilot.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com https://*.googletagmanager.com z.moatads.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' biddingagent.bidx1.com biddingagent-ppt.bidx1.com player.vimeo.com static.cloudflareinsights.com *.echosign.com cdn.neverbounce.com optimize.google.com apps.euw2.pure.cloud ajax.googleapis.com widget.trustpilot.com *.clarity.ms analytics.twitter.com api.sfnix.net bat.bing.com cdn.adfenix.com connect.facebook.net *.cloudfront.net foxtons.na1.echosign.com *.addthis.com maps.googleapis.com page-assets.foxtons.co.uk pixels.omnitagjs.com *.addthis.com script.crazyegg.com secure.adnxs.com static.ads-twitter.com v1.addthisedge.com *.google-analytics.com www.googleadservices.com www.googleoptimize.com  tagmanager.google.com *.googlesyndication.com www.googletagmanager.com www.gstatic.com *.moatads.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' biddingagent.bidx1.com cdn.jsdelivr.net fonts.googleapis.com page-assets.foxtons.co.uk; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.gstatic.com *.google-analytics.com *.google.com biddingagent.bidx1.com biddingagent-ppt.bidx1.com pwm-image.trendmicro.com apps.euw2.pure.cloud tpc.googlesyndication.com cdn.jsdelivr.net fonts.googleapis.com page-assets.foxtons.co.uk; worker-src blob: 'self' 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://beta.quantconnect.com https://cdn.quantconnect.com https://www.quantconnect.com https://static.intercomcdn.com https://www.googleadservices.com https://diffuser-cdn.app-us1.com https://www.googletagmanager.com https://www.googleoptimize.com https://prism.app-us1.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com/ https://js.stripe.com https://cdn.iframe.ly https://cdn.jsdelivr.net/npm/algoliasearch@3/dist/algoliasearchLite.min.js https://www.lean.io https://cdn.trackjs.com https://script.tapfiliate.com/tapfiliate.js https://public.profitwell.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://www.google.com/recaptcha/api.js https://www.gstatic.com https://wp-ui.app-us1.com https://trackcmp.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com fpjscdn.net; 1
upgrade-insecure-requests, frame-ancestors 'self' 1
default-src 'unsafe-inline' https://www.google.com/ https://www.google-analytics.com https://statistikyweb.ostrava.cz https://www.ostrava.cz http://ostrava.cz https://code.highcharts.com/highcharts.js https://cdnjs.cloudflare.com https://npmcdn.com/ https://ajax.googleapis.com/; style-src 'unsafe-inline' npmcdn.com www.ostrava.cz fonts.googleapis.com https://www.google.com/ https://se-forms.cz/; img-src data: image/svg+xml npmcdn.com https://statistikyweb.ostrava.cz statistikyweb.ostrava.cz www.ostrava.cz ostrava.cz https://www.ostrava.cz/ www.google-analytics.com https://i.ytimg.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com/ https://www.googleapis.com/ https://clients1.google.com/ https://ssl.gstatic.com/ https://encrypted-tbn0.gstatic.com/ https://encrypted-tbn2.gstatic.com https://encrypted-tbn1.gstatic.com/ https://encrypted-tbn3.gstatic.com; font-src fonts.gstatic.com www.ostrava.cz ostrava.cz; connect-src www.google-analytics.com https://www.ostrava.cz/ https://se-forms.cz/ https://statistikyweb.ostrava.cz; frame-src https://www.youtube-nocookie.com www.youtube.com  www.ostrava.cz ostrava.cz www.google.com https://maps.google.com/ https://cse.google.com/ https://mapy.ostrava.cz https://advbox.zachranny-kruh.cz; script-src 'unsafe-inline' 'unsafe-eval' www.ostrava.cz ajax.googleapis.com maps.google.com www.google-analytics.com code.highcharts.com cdnjs.cloudflare.com npmcdn.com www.google-analytics.com statistikyweb.ostrava.cz maps.googleapis.com cse.google.com www.google.com https://app.smartemailing.cz/ https://se-forms.cz/ https://cdn.polyfill.io/; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com otp.tools.investis.com *.investisdigital.com www.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com *.investisdigital.com geoid.investisdigital.com cookiemanager.investisdigital.com *.investis.com plugins.flockler.com fl-cdn.scdn1.secure.raxcdn.com *.flockler.com www.recaptcha.net www.google-analytics.com otp.tools.investis.com page-group-v3.pid2-e1.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net geoid.investisdigital.com *.flockler.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.fonts.com geoid.investisdigital.com *.jsdelivr.net; connect-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com geoid.investisdigital.com stats.g.doubleclick.net cookiemanager.investisdigital.com  https://assets.investisdigital.com; report-uri /report-csp-violation 1
default-src 'self' app.cloutly.com https://*.clarity.ms https://stats.g.doubleclick.net https://*.rackcdn.com https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://ourworldindata.org/grapher/ https://edweek.carto.com/builder/ *.languagecourse.net https://widget.getyourguide.com/ https://mc.yandex.ru/watch/ *.twitter.com *.google.com/ *.googleapis.com https://*.google-analytics.com/ https://staticxx.facebook.com https://g.jwpsrv.com https://www.paypal.com/ https://sis.redsys.es/ https://tunein.com/ https://*.youtube.com bid.g.doubleclick.net https://pay.skrill.com *.moneybookers.com https://vt-api.com.es/ www.facebook.com; img-src 'self' data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addtoany.com/ https://static.cloudflareinsights.com/ https://app.cloutly.com https://g.alicdn.com/code/ https://*.clarity.ms https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://www.youtube.com/ https://securepubads.g.doubleclick.net/ https://kit.fontawesome.com/ https://www.googletagservices.com/ https://*.googlesyndication.com/ https://estatic.languagecourse.net/ https://instant.page/ https://*.getyourguide.com/ https://bat.bing.com/ https://mc.yandex.ru/metrika/tag.js *.twimg.com *.gstatic.com *.google.com *.twitter.com https://code.jquery.com https://www.googletagmanager.com https://s.ytimg.com/ https://ssl.p.jwpcdn.com https://content.jwplatform.com *.googleapis.com *.google-analytics.com connect.facebook.net https://unpkg.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com maxcdn.bootstrapcdn.com *.cloudflare.com apis.google.com; font-src 'self' https://unpkg.com/bootstrap@3.4.1/ https://estatic.languagecourse.net https://cdnjs.cloudflare.com https://kit-free.fontawesome.com/ ssl.p.jwpcdn.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com https://estatic.languagecourse.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdnjs.cloudflare.com *.twimg.com *.twitter.com https://kit-free.fontawesome.com https://unpkg.com/ https://ssl.p.jwpcdn.com fonts.googleapis.com code.jquery.com *.bootstrapcdn.com https://estatic.languagecourse.net/ 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://fearnopeer.com:8443/socket.io/ wss://fearnopeer.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://caddy.community/logs/ https://caddy.community/sidekiq/ https://caddy.community/mini-profiler-resources/ https://caddy.community/assets/ https://caddy.community/extra-locales/ https://caddy.community/highlight-js/ https://caddy.community/javascripts/ https://caddy.community/plugins/ https://caddy.community/theme-javascripts/ https://caddy.community/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://caddy.community/assets/ https://caddy.community/javascripts/ https://caddy.community/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com/ *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com/ https://checkout.iglobalstores.com/ https://*.facebook.com/ *.kaptcha.com https://*.doubleclick.net/ *.hostedpayments.com/ *.weltpixel.com *.iubenda.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com https://www.facebook.com/tr/ *.gstatic.com *.google.com translate.googleapis.com hello.zonos.com https://*.bing.com/ https://app.jazz.co/ https://*.certcapture.com *.iubenda.com store.paradoxlabs.com https://redchamps.com 'self' data: *.ytimg.com *.ggpht.com *.googleusercontent.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://connect.facebook.net/ https://*.outleads.com/ https://*.doubleclick.net/ translate.google.com translate.googleapis.com translate-pa.googleapis.com *.zonos.com *.iglobalstores.com https://cdn.rejoiner.com/js/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.bing.com/ https://app.jazz.co/ https://*.certcapture.com https://*.hotjar.com *.kaptcha.com *.iubenda.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.certcapture.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com galcoblast.z13.web.core.windows.net https://*.certcapture.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://*.rejoiner.com/ https://*.zonos.com/ https://*.google.com/ https://bam.nr-data.net/ https://*.doubleclick.net/ https://pagead2.googlesyndication.com/ https://*.certcapture.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io *.kaptcha.com *.iubenda.com t.elasticsuite.io *.google-analytics.com *.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es assistencia.bbseguros.com.br *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;frame-ancestors 'self' https://*.avon.ca 1
style-src-elem 'unsafe-inline' 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ 1
connect-src 'self' 'unsafe-inline' https://ziglu.prismic.io https://ziglu.cdn.prismic.io https://europe-west2-customer-website-culinebr.cloudfunctions.net/send-sms https://api-iam.intercom.io https://api.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://js.adsrvr.org/up_loader.1.1.0.js https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; child-src https://ziglu.prismic.io/ https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' https://static.cdn.prismic.io/prismic.js http://static.cdn.prismic.io/prismic.js https://prismic.io/prismic-toolbar/4.0.2/toolbar.js https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://snap.licdn.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/603164147683626 https://js.adsrvr.org/up_loader.1.1.0.js https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' blob: data: https: https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https: fonts.googleapis.com https://js.intercomcdn.com; form-action https://intercom.help https://api-iam.intercom.io; media-src https://js.intercomcdn.com 1
upgrade-insecure-requests; sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-by-user-activation; default-src chat.serverius.net *.youtube.com; connect-src 'self' chat.serverius.net *.serverius.net *.wpforms.com *.youtube.com; script-src translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net translate.google.com 'unsafe-eval' *.youtube.com; style-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com chat.serverius.net *.serverius.net translate.google.com; form-action 'self' chat.serverius.net; frame-src tel: mailto: 'self' chat.serverius.net *.youtube.com; img-src telegram.org *.ytimg.com *.gstatic.com 'self' chat.serverius.net *.youtube.com data: *.serverius.net translate.google.com; script-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net translate.google.com; style-src translate.googleapis.com 'report-sample' 'unsafe-inline' *.gstatic.com 'self' chat.serverius.net *.serverius.net translate.google.com *.youtube.com; base-uri 'self' chat.serverius.net *.youtube.com; frame-ancestors 'self' chat.serverius.net *.youtube.com; font-src *.typekit.net *.gstatic.com 'self' fonts.googleapis.com chat.serverius.net data: *.serverius.net *.youtube.com; media-src 'self' chat.serverius.net *.youtube.com; report-uri /.well-known/csp/e5a0feaa-d6de-4d31-80f7-710621f76cc8 1
frame-ancestors 'self' http://www.slipcase.com https://www.slipcase.com https://marketplace.marsh.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.cookiepro.com *.datatables.net *.jquery.com https://twitter.github.io https://raw.githack.com https://cdnjs.cloudflare.com https://player.vimeo.com https://www.google.com *.github.io *.githack.com *.cloudflare.com *.vimeo.com *.google.com *.licdn.com *.cookielaw.org *.google-analytics.com; object-src 'self'; 1
default-src; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; prefetch-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors *.uaionline.edu.ar uaionline.edu.ar *.uai.edu.ar uai.edu.ar *.uai.edu.ar:8084 uai.edu.ar:8084 *.vaneduc.edu.ar vaneduc.edu.ar; form-action * 'self'; base-uri * 'self'; manifest-src * 'self'; plugin-types */*; report-uri; report-to 1
frame-ancestors https://*.fxiaoke.com/ https://tongji.baidu.com/ 1
img-src 'self' data: 'self'; object-src 'self'; script-src 'self'  'report-sample'  'unsafe-inline'  'unsafe-eval' https://* 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.instagram.com https://platform.instagram.com https://js.callrail.com https://cdn.callrail.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://bam.nr-data.net https://www.google-analytics.com https://js-agent.newrelic.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://unpkg.com https://*.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/OverlappingMarkerSpiderfier/1.0.3/oms.min.js  https://cdnjs.cloudflare.com/ajax/libs/js-marker-clusterer/1.0.0/markerclusterer_compiled.js https://player.vimeo.com/api/player.js https://polyfill.io/v3/polyfill.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://*.callrail.com https://analytics.google.com https://related-requests.my.onetrust.com https://pagead2.googlesyndication.com https://bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://cdn.plyr.io https://maps.googleapis.com https://stats.g.doubleclick.net https://vimeo.com https://www.google-analytics.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://td.doubleclick.net https://vars.hotjar.com https://player.vimeo.com https://www.instagram.com; img-src 'self' about: data: https://*; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' 'strict-dynamic' filesystem: https://taskus1.wpenginepowered.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com https://connect.facebook.net https://hackerone.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://static.eu.humanly.io/lib/import.js https://www.instagram.com/embed.js https://www.googleadservices.com https://taskus1.wpenginepowered.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js  https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com https://j.6sc.co/6si.min.js https://js.qualified.com/qualified.js https://www.google.com/recaptcha/api.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://connect.facebook.net/signals/config/961703157652438; style-src 'unsafe-inline' http: https: data: mediastream: blob:; img-src 'unsafe-inline' http: https: data: mediastream: blob:; connect-src 'self' https: filesystem: https://taskus1.wpenginepowered.com/ https://geoip.cookieyes.com https://ipapi.co/ https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com wss://ws.qualified.com/; font-src 'self' 'unsafe-inline' http: https: data: mediastream: blob: filesystem: https://marketing.taskus.com; media-src 'unsafe-inline' http: https: data: mediastream: blob:; child-src 'self' 'strict-dynamic' filesystem: https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://snap.licdn.com https://tag.demandbase.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com; frame-ancestors 'self' filesystem: https://www.linkedin.com/ https://www.taskus.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com; object-src 'self' 'strict-dynamic' filesystem: https://taskus1.wpenginepowered.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com; frame-src 'self' filesystem: https://chat.eu.humanly.io https://www.instagram.com https://taskus1.wpenginepowered.com/ https://embedder.wirewax.com/ https://www.linkedin.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://pi.pardot.com https://marketing.taskus.com https://taskus.seismic.com https://hackerone.com/ https://www.google.com/ https://www.facebook.com/ https://app.qualified.com/ https://www.youtube.com/ https://open.spotify.com/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://www.google.com/jsapi https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleapis.com https://*.digitalgov.gov https://public.govdelivery.com https://*.amazonaws.com/ https://cdnjs.cloudflare.com/ https://*.nicic.gov https://weatherwidget.io https://siteimproveanalytics.com https://unpkg.com https://code.highcharts.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.fontawesome.com https://www.gstatic.com/ https://*.amazonaws.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.nicic.gov; img-src 'self' 'unsafe-inline' https://*.amazonaws.com data: https://via.placeholder.com https://fonts.gstatic.com https://www.google-analytics.com https://*.tile.openstreetmap.org https://search.freefind.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://6018797.global.siteimproveanalytics.io https://*.nicic.gov https://*.global.siteimproveanalytics.io; media-src 'self' 'unsafe-inline' https://*.amazonaws.com https://*.nicic.gov; frame-src 'self' 'unsafe-inline' https://public.govdelivery.com https://weatherwidget.io https://*.nicic.gov; font-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.fontawesome.com https://fonts.gstatic.com https://search.freefind.com http://search.freefind.com https://cdnjs.cloudflare.com/ https://*.nicic.gov; connect-src 'self' 'unsafe-inline'  https://*.google-analytics.com https://*.doubleclick.net https://fonts.gstatic.com https://public.govdelivery.com https://www.google.com https://analytics.google.com https://*.nicic.gov; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-e541e999b09555ed5c1d10a293296b79' 'unsafe-inline' http: https:; frame-src https://gum.criteo.com https://dis.us.criteo.com https://*.doubleclick.net https://upgrade.pxf.io https://connect.facebook.net https://tpc.googlesyndication.com https://*.vimeo.com https://*.youtube.com https://widget.trustpilot.com https://hackerone.com https://www.google.com/recaptcha/ https://*.credify.tech; object-src 'none'; base-uri 'none'; 1
script-src * 'unsafe-inline' 'unsafe-eval' blob: 1
frame-ancestors 'self' *.cimmyt.org cimmyt.sharepoint.com 1
frame-ancestors 'self' *.google.com *.amp.colgate.com.br amp.colgate.com.br; 1
script-src 'self' https://cdn.sift.com/ https://secureacceptance.cybersource.com/ https://applepay.cdn-apple.com/ https://www.paypal.com/ https://code.jquery.com/ https://script.hotjar.com/ https://s.swiftypecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://cdn.cookielaw.org/ https://analytics.tiktok.com/ https://static.ads-twitter.com/ https://cdn.pdst.fm/ https://sc-static.net/ https://bat.bing.com/ https://*.pearson.com/ https://cdn.jsdelivr.net/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://*.salesforceliveagent.com/ https://pearson.mcxplatform.de/surveys/ https://js.adsrvr.org/ https://www.googleadservices.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://b-code.liadm.com/ https://analytics.twitter.com/ https://googleads.g.doubleclick.net/ https://pi.pardot.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://s.go-mpulse.net/boomerang/ https://static.lightning.force.com/ https://www.clarity.ms/ https://a.clarity.ms/ https://e.clarity.ms/ https://h.clarity.ms/ https://www.paypalobjects.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.siftscience.com/ https://d.la3-c1-cdg.salesforceliveagent.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://pearson.my.site.com/ https://bwq276ac.micpn.com/ blob: https://login.pearson.com https://k244.pearson.com 'unsafe-eval' 'unsafe-inline';           img-src 'self'  https://hexagon-analytics.com/ https://analytics.twitter.com/ https://*.pearson.com/ https://p.adsymptotic.com/ https://recommendationengine.googleapis.com/ https://cc.swiftype.com/ https://www.google-analytics.com https://optimize.google.com https://www.pearson.com/ https://i.liadm.com/ https://px.ads.linkedin.com/ https://pearson.mcxplatform.de/ https://www.google.com/ https://www.google.ie/ https://www.googletagmanager.com/ https://i6.liadm.com/ https://www.google.co.uk/ https://tr.snapchat.com/ https://t.co/i/ https://bat.bing.com/ https://www.facebook.com/ https://www.linkedin.com/ https://11052299.fls.doubleclick.net/ https://ptgmedia.pearsoncmg.com/ https://www.pearsonassessments.com/ https://pearsonassessments.com/ https://c.clarity.ms/ https://c.bing.com/ https://t.paypal.com/ data: https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://cdn.cookielaw.org/logos/ https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com https://www.google.com.ua/pagead/ https://bwq276ac.micpn.com ;           style-src 'self'  https://secureacceptance.cybersource.com/ https://cdn.cookielaw.org/ https://s.swiftypecdn.com/ https://fonts.googleapis.com/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://www.youtube.com/ https://pearson.mcxplatform.de/surveys/KXMPND/Scripts/ https://js.adsrvr.org/ https://tr.snapchat.com/ https://11052299.fls.doubleclick.net/ https://b-code.liadm.com/ https://*.pearson.com/ https://www.pearsonhighered.com/ https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://pearson.my.site.com/ https://www-pearsonhighered-com-stg.pearson.com 'unsafe-inline';           font-src 'self'  https://fonts.gstatic.com data: https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://k244.pearson.com/;           frame-src 'self' https://pearson.mcxplatform.de/ https://www.paypal.com/ https://secureacceptance.cybersource.com/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://www.youtube.com/ https://tr.snapchat.com/ https://11052299.fls.doubleclick.net/ https://b-code.liadm.com/ https://i.liadm.com/ https://www.facebook.com/ https://www.paypalobjects.com/ https://*.pearson.com/ https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://11855419.fls.doubleclick.net/ https://app.vwo.com https://*.visualwebsiteoptimizer.com https://td.doubleclick.net/ https://login.pearson.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: c.sf-syn.com go.mediavalet.com https://*.sanity.io https://0ffb646455434702ac0f847f73227a86.js.ubembed.com https://472-zmz-632.mktoresp.com/webevents/visitWebPage https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://analytics.google.com/g/collect https://assets.ubembed.com https://bat.bing.com https://builder-assets.unbounce.com/published-js/jquery-shims.bundle-aa41391.z.js https://cdn.metadata.io https://connect.facebook.net https://d34qb8suadcc4g.cloudfront.net/ub.js https://dev.visualwebsiteoptimizer.com/j.php https://fonts.googleapis.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068133277/ https://js.chilipiper.com https://js.hubspot.com https://js.pusher.com/6.0/pusher.min.js https://js.zi-scripts.com https://lftracker.leadfeeder.com/lftracker_v1_B5PwpxKpvnLg8Gea.js https://mediavaletinc.widget.insent.ai https://munchkin.marketo.net https://px.ads.linkedin.com https://sc.lfeeder.com https://snap.licdn.com https://static.ads-twitter.com/uwt.js https://thedigitalprojectmanager.com https://tracking.g2crowd.com/attribution_tracking/conversions/149.js https://trk.crozdesk.com/ https://unpkg.com https://ws-assets.zoominfo.com https://www.facebook.com https://www.google-analytics.com *.hotjar.com *.hotjar.io ws.zoominfo.com www.google.ca www.google.com www.googletagmanager.com https://t.co https://analytics.twitter.com/ https://px4.ads.linkedin.com https://tr.lfeeder.com *.cloudfront.net *.unbounce.com https://adservice.google.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' blob: https://*.sanity.io https://unpkg.com https://fonts.googleapis.com https://mediavaletstg.wpengine.com fonts.googleapis.com http://fonts.googleapis.com/css https://builder-assets.unbounce.com https://fonts.ub-assets.com https://go.mediavalet.com; img-src * blob: data:; manifest-src 'self'; media-src 'self' https://*.sanity.io https://cdn.mediavalet.com *.cloudfront.net; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.events.ubembed.com *.hotjar.com *.hotjar.io 472-zmz-632.mktoresp.com analytics.google.com c.sf-syn.com cdn.linkedin.oribi.io go.mediavalet.com https://*.chilipiper.com https://*.sanity.io https://0ffb646455434702ac0f847f73227a86.js.ubembed.com https://472-zmz-632.mktoresp.com/webevents/visitWebPage https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://bat.bing.com https://builder-assets.unbounce.com/published-js/jquery-shims.bundle-aa41391.z.js https://cdn.metadata.io https://cdn.metadata.io https://connect.facebook.net https://d34qb8suadcc4g.cloudfront.net/ub.js https://dev.visualwebsiteoptimizer.com/j.php https://fonts.googleapis.com https://googleads.g.doubleclick.net https://js.hubspot.com https://js.pusher.com/6.0/pusher.min.js https://js.zi-scripts.com https://lftracker.leadfeeder.com https://mediavaletinc.widget.insent.ai https://munchkin.marketo.net https://pagead2.googlesyndication.com/ https://platformapi.metadata.io/insight https://px.ads.linkedin.com https://sc.lfeeder.com https://snap.licdn.com/ https://static.ads-twitter.com/uwt.js https://thedigitalprojectmanager.com/ https://tracking.g2crowd.com/attribution_tracking/conversions/149.js https://trk.crozdesk.com/ https://unpkg.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com/gtag/js stats.g.doubleclick.net wss://*.hotjar.com www.google.ca www.google.com www.googletagmanager.com https://t.co https://analytics.twitter.com/ https://px4.ads.linkedin.com https://tr.lfeeder.com; form-action 'self' https://*.sanity.io go.mediavalet.com www.facebook.com 472-zmz-632.mktoresp.com analytics.google.com c.sf-syn.com *.cloudfront.net *.unbounce.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.events.ubembed.com *.hotjar.com *.hotjar.io 472-zmz-632.mktoresp.com analytics.google.com c.sf-syn.com cdn.linkedin.oribi.io go.mediavalet.com https://*.chilipiper.com https://*.sanity.io https://0ffb646455434702ac0f847f73227a86.js.ubembed.com *.ubembed.com https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://bat.bing.com https://builder-assets.unbounce.com/published-js/jquery-shims.bundle-aa41391.z.js https://cdn.metadata.io https://cdn.metadata.io https://connect.facebook.net https://d34qb8suadcc4g.cloudfront.net/ub.js https://dev.visualwebsiteoptimizer.com/j.php https://fonts.googleapis.com https://googleads.g.doubleclick.net https://js.hubspot.com https://js.pusher.com/6.0/pusher.min.js https://js.zi-scripts.com https://lftracker.leadfeeder.com https://mediavaletinc.widget.insent.ai https://munchkin.marketo.net https://pagead2.googlesyndication.com/ https://platformapi.metadata.io/insight https://px.ads.linkedin.com https://sc.lfeeder.com https://snap.licdn.com/ https://static.ads-twitter.com/uwt.js https://thedigitalprojectmanager.com/ https://tracking.g2crowd.com/attribution_tracking/conversions/149.js https://trk.crozdesk.com/ https://unpkg.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com/gtag/js stats.g.doubleclick.net wss://*.hotjar.com www.google.ca www.google.com www.googletagmanager.com https://t.co https://analytics.twitter.com/ https://px4.ads.linkedin.com https://tr.lfeeder.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.visualwebsiteoptimizer.com *.ub-analytics.com https://adservice.google.com https://www.googleadservices.com; font-src 'self' data: https://*.sanity.io https://fonts.gstatic.com https://fonts.gstatic.com https://fonts.ub-assets.com; frame-src 'self' https://*.sanity.io https://*.chilipiper.com https://www.youtube-nocookie.com www.youtube.com *.pages.ubembed.com https://0ffb646455434702ac0f847f73227a86.js.ubembed.com https://www.facebook.com https://go.mediavalet.com https://mediavaletinc.widget.insent.ai c.sf-syn.com *.mediavalet.com https://td.doubleclick.net/ https://www.google.com https://www.gstatic.com; frame-ancestors 'self' https://*.sanity.studio/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' hands.hb.bizmrg.com *.hands.ru *.jsdelivr.net *.bootstrapcdn.com  cdn.ckeditor.com *.intercom.io *.intercomcdn.com vk.com callibri.ru *.callibri.ru widget.bank131.ru *.fullstory.com hinted.me fullstory.com *.yandex.ru yandex.ru *.fullstory.com fullstory.com code.jquery.com yastatic.net *.yastatic.net optimize.google.com *.google-analytics.com google-analytics.com facebook.com appsflyer.com *.appsflyer.com eruditor-group.org repetitors.info www.facebook.com connect.facebook.net fonts.googleapis.com ajax.googleapis.com tagmanager.google.com *.googletagmanager.com googletagmanager.com sentry.io callibri-a.akamaihd.net; connect-src 'self' *.intercom.io https: wss:; frame-src https:; font-src data: filesystem: *.intercomcdn.com cdn.ckeditor.com cdnjs.cloudflare.com cdn.appsflyer.com fonts.gstatic.com *.hands.ru hands.ru; img-src data: blob: filesystem: http: https: 1
default-src 'self';connect-src *.woco-k12.org maps.googleapis.com 'self';font-src *.woco-k12.org fonts.gstatic.com data: 'self';img-src *.woco-k12.org data: maps.gstatic.com maps.googleapis.com 'self';script-src *.woco-k12.org maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';style-src *.woco-k12.org fonts.googleapis.com 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://*.usercentrics.eu https://matomo.samedi.de https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com; style-src 'self' 'unsafe-inline' https://matomo.samedi.de; img-src 'self' data: https://*.usercentrics.eu https://matomo.samedi.de https://*.hsforms.com https://*.hubspot.com; font-src 'self' data:; connect-src 'self' https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hscollectedforms.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hsforms.com https://js-eu1.hsforms.net https://*.usercentrics.eu https://matomo.samedi.de https://*.hubspot.com; media-src 'self'; object-src 'self' https://*.usercentrics.eu; frame-src 'self' https://forms-eu1.hsforms.com https://online.arzttermin-widget.de https://*.hubspot.com; frame-ancestors 'self' 1
default-src 'self' *.netlfy.app; media-src 'self' tagmanager.google.com *.netlify.app *.skydio.com stream.mux.com *.mux.com *.omappapi.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.cloudfront.net *.skydio.com *.omappapi.com; form-action 'self' *.skydio.com *.facebook.com; font-src 'self' *.cloudflare.com fonts.gstatic.com *.cloudfront.net *.netlify.app data:; img-src 'self' *.cloudfront.net analytics.twitter.com t.co *.omappapi.com *.skydio.com *.mux.com *.google.com www.google.co.uk *.clarity.ms *.netlify.app cdn.sanity.io *.linkedin.com p.adsymptotic.com *.google-analytics.com www.googletagmanager.com *.reddit.com *.doubleclick.net *.bing.com *.facebook.com *.bizible.com *.cookielaw.org *.bizibly.com okt.to data:; connect-src 'self' 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.skydio.com *.zi-scripts.com *.mktoutil.com track-v3.funnelytics.io *.linkedin.com ingesteer.services-prod.nsvcs.net *.litix.io *.omappapi.com https://analytics.google.com *.google.com wss://api.getkoala.com *.mux.com production--skydio.netlify.app *.fbot.me *.clarity.ms cdn.cookielaw.org *.mktoresp.com events.attentivemobile.com www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.cloud.es.io *.onetrust.com *.zoominfo.com *.getkoala.com *.cookielaw.org *.bizibly.com *.bizible.com *.oribi.io *.bing.com; child-src 'self' boards.greenhouse.io *.youtube.com *.facebook.com *.skydio.com https://sketchfab.com https://skydio.attn.tv/ *.netlify.app *.kuula.co kuula.co blob:; base-uri 'self'; script-src 'nonce-uWsfzAqXy7X8b3wJvDq+mC18VHkAZizC' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http: 'nonce-aXOh3w910Acl5qg11jBJn04ItO48CEXn' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: apps.sitecore.net *.linkedin.com cdn.cookielaw.org *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google-analytics.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com cdn.cookielaw.org *.doubleclick.net connect.facebook.net *.google.com www.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hubspot.com *.hsforms.net *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net forms.hsforms.com snap.licdn.com *.linkedin.com www.powr.io *.usemessages.com player.vimeo.com www.youtube.com; img-src 'self' data: ad.doubleclick.net *.google.com *.facebook.com cdn.cookielaw.org *.google-analytics.com *.gstatic.com *.googleapis.com *.doubleclick.net www.googletagmanager.com *.hsforms.com *.hubspot.com *.hotjar.com *.linkedin.com presspage-production-content.s3.amazonaws.com content.presspage.com apply.indeed.com *.tomra.com *.ytimg.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.hotjar.com *.gstatic.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com; frame-src 'self' 'unsafe-inline' *.hotjar.com *.hubspot.com *.hsforms.com ir.oms.no *.google.com www.googletagmanager.com *.tomra.com events.webcast.no sdk.companywebcast.com www.youtube-nocookie.com www.powr.io td.doubleclick.net; media-src 'self' 'unsafe-inline' data:; object-src 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com cdn.cookielaw.org www.facebook.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsadspixel.net *.hscollectedforms *.hsforms.com *.hotjar.com *.hotjar.io cdn.linkedin.oribi.io privacyportal-eu.onetrust.com stats.g.doubleclick.net wss://*.hotjar.com; report-uri https://98603d1ae0d730603f9d85834c3df264.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://trustseal.enamad.ir https://enamad.ir; style-src 'self' 'unsafe-inline' https://www.google.com https://trustseal.enamad.ir https://enamad.ir https://fonts.googleapis.com; img-src 'self' https://trustseal.enamad.ir https://www.gravatar.com data:; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://trustseal.enamad.ir https://enamad.ir; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' hexillion.com centralops.net; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' data: blob: https://*.msgr.com https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
default-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; script-src https: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; frame-src https: blob: 'self' www.google.com www.gstatic.com; object-src blob:; font-src buddy.net *.buddy.net fonts.gstatic.com data: blob:; connect-src buddy.net *.buddy.net *.buddy.net:2052 *.buddy.net:2053 *.google-analytics.com *.nr-data.net *.newrelic.com onesignal.com *.onesignal.com *.openstreetmap.org *.zendesk.com *.zdassets.com blob: wss: ws:; img-src https: data: blob:; 1
default-src 'self' https://*.freshsales.io https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ka-p.fontawesome.com https://videos.worden.com https://cdn.worden.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://netdna.bootstrapcdn.com https://polo.tc2000.com https://teamview.tc2000.com https://www.tc2000.com https://www.freestockcharts.com https://tc200cdn.azureedge.net https://kit.fontawesome.com data: blob: ; script-src https://*.googletagmanager.com https://*.freshsales.io https://tc2000.myfreshworks.com/  https://googleads.g.doubleclick.net https://www.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'  http://localhost:4043 blob: https://www.google-analytics.com https://cdn.worden.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://www.tc2000.com https://www.googletagmanager.com https://kit.fontawesome.com https://vjs.zencdn.net/; style-src https://*.freshsales.io 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://localhost:4043 https://fonts.googleapis.com https://cdn.worden.com https://netdna.bootstrapcdn.com https://ajax.googleapis.com https://www.tc2000.com https://tc200cdn.azureedge.net https://ka-f.fontawesome.com; img-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.tc2000.com https://i.ytimg.com https://*.tc2000.com; frame-src https://*.doubleclick.net https://polo.tc2000.com/ https://teamview.tc2000.com/ https://www.tc2000.com; connect-src https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  https://tc2000.myfreshworks.com  https://*.freshsales.io https://stats.g.doubleclick.net https://analytics.google.com 'self' http://localhost:4043 https://ka-p.fontawesome.com/ https://www.googletagmanager.com  https://www.google-analytics.com; 1
object-src 'none'; script-src 'sha256-+KWtD0pg8cePmXQY12ipUH1n91j0hF8XDaIMhJo7tDo=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self' 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-NzQ4Mzc0NDczMTc1ODk2' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
script-src 'self' https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5153244396912640.storage.googleapis.com; object-src 'none'; frame-ancestors https://app.pendo.io; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net *.demdex.net *.scene7.com *.amazonaws.com adnxs.com *.adnxs.com *.audioeye.com bidswitch.net x.bidswitch.net *.bing.com *.btttag.com adx.dable.io btttag.com cdnjs.cloudflare.com *.coach.com *.coachoutlet.com criteo.com *.criteo.net *.criteo.com *.cloudfront.net *.facebook.com *.facebook.net *.forter.com *.google.com www.google.co.jp www.google.co.kr www.google.ca www.google.com.ua www.google.co.uk www.google.se www.google.cn www.google.co.nz www.google.com.my www.google.com.vn www.google.com.au www.google.de www.google.co.il www.google.nl www.google.com.tw *.gstatic.com www.googleadservices.com *.googleapis.com www.google.co.th www.google.com.ph www.google.co.in www.google.fr www.google.com.hk www.google.co.id www.google.com.sg www.googletagmanager.com *.google-analytics.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.drivecommerce.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com www.res-x.com *.qualtrics.com *.quantummetric.com *.force.com *.my.salesforce.com *.salesforceliveagent.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co *.bluecore.com *.bluekai.com creativecdn.com *.creativecdn.com *.cquotient.com cquotient.com *.doubleclick.net stickyadstv.com ads.stickyadstv.com 360yield.com *.360yield.com casalemedia.com *.casalemedia.com ivitrack.com matching.ivitrack.com *.katespade.com *.katespade.jp katespade.com line-scdn.net *.line-scdn.net line.me *.line.me liadm.com *.liadm.com media.net *.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com outbrain.com sync.outbrain.com pubmatic.com simage2.pubmatic.com yahoo.co.jp *.yahoo.co.jp yimg.jp s.yimg.jp *.yahoo.com ad.smaato.net s.ad.smaato.net rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com imgvc.com *.imgvc.com valuecommerce.com *.valuecommerce.com itag.valuecommerce.ne.jp quantummetric.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com sharethrough.com match.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com tapad.com *.tapad.com teads.tv *.teads.tv *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org 3lift.com eb2.3lift.com *.tangiblee.com criteo-partners.tremorhub.com ade.clmbtech.com ad.tpmn.co.kr lcx-widgets.bambuser.com *.rakuten.co.jp *.amplience.net *.mul-pay.jp *.amazon.com m.media-amazon.com static-fe.payments-amazon.com payments.amazon.co.jp visitor.omnitagjs.com s.thebrighttag.com *.socdm.com api.addressy.com *.googlesyndication.com e1.emxdgt.com api.bluecore.app *.yieldmo.com sp.gmossp-sp.jp cs.adingo.jp cs.gssprt.jp rt.udmserve.net ad.as.amanad.adtdp.com s.seedtag.com vid.vidoomy.com cm-exchange.toast.com mixer.mobon.net *.docomo.ne.jp s-cs.send.microad.jp *.instagram.com sync.ad-stir.com sync.e-planning.net cm.adform.net sync.cenarius.orangeclickmedia.com bh.contextweb.com sync.1rx.io onetag-sys.com sync.go.sonobi.com sync.connectad.io sync.console.adtarget.com.tr www.denhamanobag.jp inv-nets.admixer.net us-u.openx.net us.ck-ie.com adn.caprofitx.com cm.mgid.com csync.loopme.me sync.bidence.net youtube.com www.youtube.com www.yext-pixel.com *.33across.com *.bigcontent.io www.buyma.com *.rakuten.com pixel.s3xified.com sync.cootlogix.com ad.yieldlab.net tapestry.support *.tapestry.support *.lijit.com *.powerreviews.com *.demandware.net usersync.gumgum.com *.rlcdn.com sync.aralego.com b.admedia.com liveapi.yext.com *.krxd.net *.mktgcdn.com fast.nexx360.io cdn.aralego.net gateway.zscalerthree.net cm.adgrx.com cms.quantserve.com odr.mookie1.com id5-sync.com code.jquery.com tst.kaptcha.com pm.w55c.net edge1.certona.net res.cloudinary.com *.qubit.com match.prod.bidr.io cm.igaw.io sync.crwdcntrl.net t.adx.opera.com *.adyen.com cs.mobfox.com mpsnare.iesnare.com i.ytimg.com sync.targeting.unrulymedia.com cm.meba.kr tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net www.linkedin.com www.tumblr.com *.medallia.com *.kampyle.com data: blob:; 1
default-src 'self'; connect-src https://*.adform.net https://*.adsafety.net https://*.analytics.google.com https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://api.feefo.com https://api-v2.tidio.co https://cdn.linkedin.oribi.io https://cdn-ukwest.onetrust.com https://collect.feefo.com https://content.hotjar.io https://cookies.ricoh-europe.com https://events.hotjar.io https://geolocation.onetrust.com https://idx.liadm.com https://ldynamicspublicapi.leadforensics.com https://maps.googleapis.com https://privacyportal-uk.onetrust.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://rs.fullstory.com https://sentry-new.tidio.co https://surveystats.hotjar.io https://vc.hotjar.io https://www.googleadservices.com https://www.google-analytics.com 'self' wss://*.hotjar.com wss://*.tawk.to wss://socket.tidio.co; font-src data: https://*.tawk.to https://cookies.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://resources.ricoh-europe.com https://script.hotjar.com https://use.fontawesome.com 'self'; frame-src https://*.adform.net https://*.dev.amelia.com https://*.fls.doubleclick.net https://*.ricoh-europe.com https://*.risenet.eu https://*.t.eloqua.com https://*.tawk.to https://app.livestorm.co https://bid.g.doubleclick.net https://cdn.jst.ai https://cdn.justuno.com https://discover.ricoh.co.uk https://download.ricoh-europe.com https://embed.ricohtours.com https://gestiondocumentaire.ricoh.fr https://open.spotify.com https://productquery.ricoh-europe.com https://recaptcha.google.com https://ricoh.turtl.co https://ricoh-docuware-calculator.tbtmarketing.com https://ricoh-warranty.convar.com https://s.pointerpro.com https://supportrequest.ricoh.ch https://vars.hotjar.com https://view.ceros.com https://webforms.ricoh.de https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com; img-src data: https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.en25.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.t.eloqua.com https://*.tawk.to https://ad.doubleclick.net https://ade.googlesyndication.com https://api.swiftype.com https://assets.ricoh-europe.com https://assets.turtl.co https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://i.ytimg.com https://id.rlcdn.com https://images.response.ricoh-europe.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://match.prod.bidr.io https://resources.ricoh-europe.com https://script.hotjar.com https://secure.leadforensics.com https://segments.company-target.com https://service.maxymiser.net https://ssl.gstatic.com https://static.hotjar.com https://tawk.link https://twemoji.maxcdn.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com 'self'; media-src https://widget-v4.tidiochat.com 'self'; script-src https://*.adform.net https://*.adsafety.net https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.en25.com https://*.googletagmanager.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://ajax.googleapis.com https://aly.jst.ai https://aly.justuno.com https://api.feefo.com https://api.swiftype.com https://app-static.turtl.co https://c.bing.com https://cdn.jsdelivr.net https://cdn.jst.ai https://cdn.justuno.com https://cdn.mouseflow.com https://code.jquery.com https://code.tidio.co https://connect.facebook.net https://edge.fullstory.com https://fullstory.com https://googleads.g.doubleclick.net https://ldynamicspublicapi.leadforensics.com https://lq3-production01.s3.amazonaws.com https://maps.googleapis.com https://my.jst.ai https://my.justuno.com https://register.feefo.com https://resources.ricoh-europe.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://s.ytimg.com https://script.hotjar.com https://secure.leadforensics.com https://service.maxymiser.net https://snap.licdn.com https://ssl.google-analytics.com https://static.hotjar.com https://tag.demandbase.com https://tagmanager.google.com https://unpkg.com https://use.fontawesome.com https://view.ceros.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://widget-v4.tidiochat.com https://www.fullstory.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-j/rXGRMt/LrvtOSZg1RZ/W6cK7WcsuBgOxuRmJqnoAqYNscQiKX3Pd95+EVULgCDGRhd9ydQs0xoYBHYSyFxOQ=='; style-src https://*.en25.com https://*.tawk.to https://app-static.turtl.co https://cdn.jsdelivr.net https://cookies.ricoh-europe.com https://fast.fonts.net https://fonts.googleapis.com https://images.response.ricoh-europe.com https://resources.ricoh-europe.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://unpkg.com https://use.fontawesome.com 'nonce-j/rXGRMt/LrvtOSZg1RZ/W6cK7WcsuBgOxuRmJqnoAqYNscQiKX3Pd95+EVULgCDGRhd9ydQs0xoYBHYSyFxOQ==' 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'unsafe-hashes'; report-uri https://ricoh.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src https:; frame-ancestors 'self'; img-src https: data:; script-src 'self' *.intercom.io *.intercomcdn.com *.cloudflare.com *.googleapis.com *.calendly.com *.googletagmanager.com *.google-analytics.com *.autopilothq.com *.googleoptimize.com *.hotjar.com *.google.com *.gstatic.com *.facebook.net *.twitter.com *.amazonaws.com axigen.us9.list-manage.com 'unsafe-inline' 'unsafe-eval' none; style-src https: 'unsafe-inline'; connect-src https: wss://*.intercom.io wss://*.hotjar.com; form-action https:; object-src 'none';  font-src https: data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://newsie.social; img-src 'self' https: data: blob: https://newsie.social; style-src 'self' https://newsie.social 'nonce-Vq1jeavS/BcrRD6pcMCbAA=='; media-src 'self' https: data: https://newsie.social; frame-src 'self' https:; manifest-src 'self' https://newsie.social; form-action 'self'; child-src 'self' blob: https://newsie.social; worker-src 'self' blob: https://newsie.social; connect-src 'self' data: blob: https://newsie.social https://assets.newsie.social wss://newsie.social; script-src 'self' https://newsie.social 'wasm-unsafe-eval' 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://static.ads-twitter.com https://s.yimg.jp https://cdn.taboola.com https://trc.taboola.com https://d.line-scdn.net https://cdn.smartnews-ads.com https://*.yahoo.co.jp; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://www.facebook.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://t.co https://analytics.twitter.com https://*.smartnews-ads.com https://*.yahoo.co.jp; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://tsdtocl.com/; object-src 'none'; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://nerdculture.de; img-src 'self' https: data: blob: https://nerdculture.de; style-src 'self' https://nerdculture.de 'nonce-LonVLvbBpvyvnOhI8IeIWw=='; media-src 'self' https: data: https://nerdculture.de; frame-src 'self' https:; manifest-src 'self' https://nerdculture.de; form-action 'self'; child-src 'self' blob: https://nerdculture.de; worker-src 'self' blob: https://nerdculture.de; connect-src 'self' data: blob: https://nerdculture.de https://nerdculture.de wss://nerdculture.de; script-src 'self' https://nerdculture.de 'wasm-unsafe-eval' 1
default-src 'none'; connect-src 'self' litho.silvercloudinc.com integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.google-analytics.com *.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net cdn.linkedin.oribi.io analytics.google.com; font-src 'self' *.gstatic.com; frame-src nwfcu.locatorsearch.com *.google.com www.youtube.com efraudprevention.net northwestfederalcreditunionfoundation.ddockforms.com www.dinkytown.net cucalc.org; img-src 'self' integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.linkedin.com *.adsymptotic.com *.facebook.com *.google-analytics.com *.google.com images.printable.com www.w3.org *.mdhv.io data:; media-src www.learnaboutmoneymovement.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.facebook.net *.licdn.com *.silvercloudinc.com code.jquery.com *.gstatic.com cdn.jsdelivr.net js.adsrvr.org js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net www.dinkytown.net cucalc.org analytics.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' integration.silvercloudinc.com *.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.nwfcu.org/report-uri/enforce 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-55078515ab04af8e0385a3387b136ce1'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https: wss:; style-src 'self' 'unsafe-inline' blob: https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://www.google.com https://www.gstatic.com https://edge.fullstory.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://widget.intercom.io https://js.intercomcdn.com https://cdn.hellosign.com https://cdn.segment.com https://cdn.cookielaw.org https://snap.licdn.com https://ws.zoominfo.com https://grow.clearbitjs.com; img-src 'self' data: https://info.coalitioninc.com https://images.assets.prod.binaryedge.io https://prod-collections-riskportalapi-resolution-requests.s3.amazonaws.com https://resolution-requests.assets.prod.binaryedge.io https://s.gravatar.com https://mcusercontent.com https://d3f9qnon04ymh2.cloudfront.net https://d1ngxp4ef6grqi.cloudfront.net https://d3qx8u8yhl2krn.cloudfront.net https://be-resources.s3.eu-west-1.amazonaws.com https://images.ctfassets.net https://cdnjs.cloudflare.com https://static.intercomassets.com https://px4.ads.linkedin.com https://www.google.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://grow.clearbitjs.com https://t.co https://fastapi.tiangolo.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://js.intercomcdn.com https://secure.gravatar.com https://use.typekit.net; object-src 'self'; frame-src blob: https://www.google.com https://js.stripe.com https://app.hellosign.com https://player.vimeo.com https://coalitioninc.auth0.com https://*.binaryedge.io; frame-ancestors https://*.binaryedge.io https://*.coalitioninc.com https://*.thecoalition.com 1
img-src * data: blob:; script-src 'unsafe-eval' 'unsafe-inline' *; worker-src 'unsafe-inline' * blob:; 1
frame-ancestors 'self' *.mts.ru metrica.yandex.com metrica.yandex.com.tr metrika.yandex.by metrika.yandex.ru *.webvisor.com webvisor.com *.mscdev.ru ; 1
default-src 'self' 'unsafe-eval'; media-src 'self' cdn.sanity.io *.svc.dynamics.com; frame-ancestors 'self' localhost:3333 *.innovasjonnorge.no; frame-src 'self' player.acast.com embed.acast.com m365-prod-barekraft-dataverse-proxy.azurewebsites.net app.powerbi.com *.svc.dynamics.com *.youtube-nocookie.com *.youtube.com player.vimeo.com; font-src 'self' res-1.cdn.office.net fonts.gstatic.com *.hotjar.com component-library-dev-cdn.azureedge.net; img-src 'self' data: *.svc.dynamics.com cdn.sanity.io maps.googleapis.com maps.gstatic.com www.facebook.com *.hotjar.com ssl.google-analytics.com stats.g.doubleclick.net *.siteimproveanalytics.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com; script-src-elem 'self' 'unsafe-inline' m365-prod-barekraft-dataverse-proxy.azurewebsites.net *.svc.dynamics.com cdn.jsdelivr.net mktdplp102cdn.azureedge.net connect.facebook.net maps.googleapis.com player.vimeo.com s.ytimg.com www.youtube.com s7.addthis.com az416426.vo.msecnd.net ssl.google-analytics.com static.hotjar.com v1.addthis.com v1.addthisedge.com www.googletagmanager.com px.ads.linkedin.com script.hotjar.com snap.licdn.com siteimproveanalytics.com cdn.cookielaw.org plausible.io; style-src 'self' 'unsafe-inline' *.hotjar.com; style-src-elem 'self' 'unsafe-inline' m365-prod-barekraft-dataverse-proxy.azurewebsites.net fonts.googleapis.com addtocalendar.com; connect-src 'self' data.brreg.no m365-prod-barekraft-dataverse-proxy.azurewebsites.net *.svc.dynamics.com *.algolia.net *.algolianet.com *.algolia.io loal7n8w.api.sanity.io loal7n8w.apicdn.sanity.io s7.addthis.com v1.addthis.com www.facebook.com plausible.io cdn.cookielaw.org geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; style-src-attr 'unsafe-inline'; 1
default-src 'none'; frame-ancestors https://matomo.eastsussex.gov.uk; media-src 'self' https://esccgovuk.blob.core.windows.net https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk;  worker-src blob: https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk; script-src 'self' 'sha256-l8zbJd8kXZ6zkrhwDpvnCZMy0hTHqX8L3/bCfSgiaAM=' 'sha256-rP+B3tYFuMv0SfsZavhdRMwfqW86QfTrfRz2RLBAlsk=' 'unsafe-eval' https://matomo.eastsussex.gov.uk https://www.youtube.com https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate-pa.googleapis.com https://translate.googleapis.com https://translate.google.com https://www.googleadservices.com https://flex.eastsussex.gov.uk https://plausible.io https://new.eastsussex.gov.uk https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com https://www.gstatic.com https://v4in1-si.click4assistance.co.uk https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://script.crazyegg.com; connect-src 'self' https://maps.googleapis.com https://cdn.plyr.io https://matomo.eastsussex.gov.uk https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://plausible.io https://new.eastsussex.gov.uk https://www.google-analytics.com https://apps.eastsussex.gov.uk https://script.crazyegg.com https://tracking.crazyegg.com; frame-src 'self'  https://matomo.eastsussex.gov.uk https://esccgovuk.blob.core.windows.net https://plausible.io https://eequ.org https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://flex.eastsussex.gov.uk https://www.youtube-nocookie.com https://feedback.eastsussex.gov.uk https://new.eastsussex.gov.uk https://web.facebook.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com/ https://eastsussex.spydus.co.uk/ https://eastsussexportal.icasework.com/ https://v4in1-ti.click4assistance.co.uk https://www.youtube.com https://www.google.com/; img-src 'self'  data: https://www.eastsussex.gov.uk  https://matomo.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://translate.google.com https://www.google.com https://www.gstatic.com https://orbis-uploads-eu-west-2.s3.amazonaws.com https://flex.eastsussex.gov.uk https://new.eastsussex.gov.uk https://tile.openstreetmap.org https://platform.twitter.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://pbs.twimg.com https://eastsussexgovuk.blob.core.windows.net https://www.eastsussex.gov.uk https://v4in1-si.click4assistance.co.uk https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://i.ytimg.com https://i.ibb.co/j3jcJKv/yt.png; style-src 'self' 'unsafe-inline' https://matomo.eastsussex.gov.uk https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://flex.eastsussex.gov.uk https://new.eastsussex.gov.uk https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com; object-src 'self' https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk; report-uri https://eastsussexgovuk.report-uri.com/r/d/csp/enforce; font-src 'self' https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk https://fonts.googleapis.com https://fonts.gstatic.com; manifest-src 'self'; 1
base-uri 'none'; default-src 'none'; child-src mc.yandex.md/ mc.yandex.ru/ metrika.yandex.ru/ www.google.com/; connect-src *.dvbank.ru/ bitrix.info/ mc.yandex.com/ mc.yandex.md/ mc.yandex.ru/ ymetrica1.com/; font-src 'self' *.dvbank.ru/ data: fonts.gstatic.com/; form-action *.dvbank.ru/; frame-ancestors *.dvbank.ru/;  img-src 'self' *.dvbank.ru/ data: mc.yandex.com/ mc.yandex.ru/;  media-src data:;  report-uri /violation-report-uri/; report-to csp-report-uri; script-src 'unsafe-eval' 'unsafe-inline' 'self' 'unsafe-inline' *.dvbank.ru/ bitrix.info/ mc.yandex.ru/ www.google.com/ www.gstatic.com/;   style-src 'self' 'unsafe-inline' 'unsafe-inline' *.dvbank.ru/;   upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; object-src 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://ajax.cloudflare.com/cdn-cgi/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src https: data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.googleapis.com/youtube/ https://www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.youtube.com https://videolevels.com https://www.facebook.com https://web.facebook.com https://m.facebook.com https://suite.icareus.com https://cdn.jwplayer.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.twitter.com *.useinsider.com *.visualwebsiteoptimizer.com *.ads-twitter.com *.yandex.ru *.google.com *.google.com.tr *.facebook.net *.google.js *.trademaster.com.tr *.isyatirim.com.tr *.youtube.com *.userguiding.com *.google-analytics.com *.doubleclick.net *.isvarant.com *.isbank.com.tr *.maxisinvestments.com *.efesvarlik.com.tr *.isportfoy.com.tr *.isgirisim.com.tr *.isyatort.com.tr *.foreks.com userguiding.com *.magiclick.com *.linkedin.com *.facebook.com *.instagram.com *.kap.org.tr *.euromoney.com  *.mergermarket.com *.home.saxo *.edfman.com  *.mitsuibussancommodities.com  *.marexspectron.com  support.google.com  *.googleapis.com  *.bootstrapcdn.com *.taboola.com *.googletagmanager.com *.spotify.com; frame-ancestors 'self' https://istest.prosp.devexperts.com https://online.herkeseborsa.com.tr 1
default-src 'self'; frame-src 'self' 'unsafe-inline' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' *:888 www.google-analytics.com trustzonevpn.info; font-src 'self' data: fonts.gstatic.com; form-action 'self'; img-src 'self' data: *.google.com trustzoneurl.com trustzonepost.xyz trustzonevpn.info get-trust-vpn.info trust.zone stats.g.doubleclick.net www.google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' get-trust-vpn.info; script-src 'self' 'unsafe-eval' 'nonce-185fdc2fce7f554e53844c555f0a663e' www.google.com www.gstatic.com www.googletagmanager.com trustzonevpn.info get-trust-vpn.info trustzoneurl.com platform.twitter.com connect.facebook.net; report-uri http://get-trust-vpn.info/_csp_log 1
script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.ajax.googleapis.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com challenges.cloudflare.com *.challenges.cloudflare.com cookiefirst.com *.cookiefirst.com doctena.be *.doctena.be doctena.com *.doctena.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net getbeamer.com *.getbeamer.com google.com *.google.com googletagmanager.com *.googletagmanager.com maps.googleapis.com *.maps.googleapis.com matomo.cloud *.matomo.cloud zdassets.com stripe.com *.stripe.com *.jquery.com ajax.cloudflare.com consent-eu.cookiefirst.com *.consent-eu.cookiefirst.com *.zdassets.com gstatic.com *.gstatic.com; report-uri /cdn-cgi/script_monitor/report?m=ZDjNwNraoHF_VcqJ71kT59MPLMvxlhK4tAoFTDkm4Ec-1705980759-1-Adieyu1jHp43mqTMZbieiasUJCVpbl1mXaNsL8cN_FNaj-lQ20zq_rG5P6-KEm6hjTxEEBE1nS7yo_aI1zO23-nr5zv8rqBMxl0J3OWQ7hg4UllFmA5_i9XL0fDcXI4zRsCZ59IqPoRf6q-Ml4QrS0k0c514dzrds-nBU4k_MI27SP0MOOpc58fUkOlU5w_JUEz4d6-lsFUeGaYFQs2Q-24; report-to cf-psjwxlumlnjeygdg 1
frame-ancestors 'self' https://*.nathan.fr; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com; img-src 'self' 'unsafe-inline' 'unsafe-hashes' data: 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com;connect-src 'self' 'unsafe-inline' 'unsafe-hashes' wss: 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com;style-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com;script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: media.nibco.com googletagmanager.com *.google.com dl.episerver.net *.googletagmanager.com google-analytics.com ajax.googleapis.com script.hotjar.com static.hotjar.com stats.doubleclick.net dc.services.visualstudio.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.hotjar.com static.hotjar.com dl.episerver.net www.googletagmanager.com google-analytics.com az416426.vo.msecnd.net teamup.com players.brightcove.net *.hotjar.com *.zencdn.net edge.api.brightcove.com cf-images.us-east-1.prod.boltdns.net *.brightcove.com *.boltdns.net *.googleapis.com *.gstatic.com *.akamaihd.net *.hotjar.io *.google.com.ec *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.jotfor.ms *.cloudflare.com *.pricespider.com *.mapbox.com *.hsforms.com *.jotform.com; 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com;script-src 'unsafe-eval' 'unsafe-inline' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com player.vimeo.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-eval' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;style-src-attr 'self' 'unsafe-eval' 'unsafe-inline';img-src 'self' data: *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src 'self' data: fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com vimeo.com px.ads.linkedin.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com player.vimeo.com t.svtrd.com vimeo.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self';report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
frame-src 'self' localhost:* youtube.com *.youtube.com *.stripe.com *.twitch.tv *.toothcdn.xyz *.cdn.ntruss.com *.gcdn.ntruss.com *.toon.at; 1
default-src 'self' *.stockity.id *.stockity.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com app.getsentry.com *.stockity.id *.stockity.com wss://as.stockity.id:* wss://as.stockity.com:* wss://ws.stockity.id:* wss://ws.stockity.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.stockity.id *.stockity.com; img-src * data:; media-src 'self' *.stockity.id *.stockity.com; script-src 'self' *.ada.support static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io stockity.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.stockity.id *.stockity.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://unpkg.com/simplex-noise@2.4.0/simplex-noise.js; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.stockity.id *.stockity.com 1
font-src 'self' data: https: https://fonts.gstatic.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; media-src 'self' https: blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; upgrade-insecure-requests; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; frame-src 'self' https: https://optimize.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.fi https://code.highcharts.com; object-src 'self' video.qbrick.com; frame-src 'self' https://9826794.fls.doubleclick.net https://shared-logon.danskebank.com  https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-7d1AFOHzMsEMtVTvzTgpuH8pa3lOVum4NGvlZMJy19dTePX3FU-Dk1gteyRaB72q' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://explore.tidelift.com; upgrade-insecure-requests 1
frame-ancestors 'self' *.americancruiselines.com 1
report-uri https://ulcm.report-uri.com/r/d/csp/enforce;base-uri 'none';object-src 'none';frame-ancestors 'self';form-action 'self' https://www.facebook.com;upgrade-insecure-requests;script-src 'self' https://www.googletagmanager.com/ https://bat.bing.com/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://api.swiftype.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://platform.twitter.com/ https://script.crazyegg.com/ 'unsafe-inline' 'strict-dynamic' 'nonce-MJZAD25epl99WqJO6ydeIniddQfLl04P' 1
script-src 'nonce-7774654207fb4b43a9e3951efb0424ab' 'strict-dynamic'; default-src 'self'; object-src 'none';frame-ancestors 'none'; frame-src https://mainfreight.topdesk.net https://www.mainfreight.topdesk.net https://vimeo.com https://www.youtube.com https://www.google.com https://vars.hotjar.com https://hemsync.clickagy.com https://www.facebook.com https://player.vimeo.com; form-action 'self' https://www.facebook.com/tr/; upgrade-insecure-requests; font-src 'self'  data: https: fonts.gstatic.com https://*.hotjar.com; style-src 'self' https: fonts.googleapis.com 'unsafe-inline' https://*.hotjar.com 'unsafe-inline'; base-uri 'self'; img-src https: https://*.hotjar.com data: www.gstatic.com; connect-src 'self' https: wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-e8206f1754b28ddd' 'unsafe-inline' blob: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; img-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com; media-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; font-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de; connect-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com 1
default-src 'self' https://*.aws.root-me.org:* https://dns.google https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src 'self' ; media-src * 'self' ; object-src 'self'; form-action 'self' https://secure.payzen.eu https://www.paypal.com; frame-ancestors 'none' ; frame-src http://* https://*:* 1
block-all-mixed-content; frame-ancestors 'self' https://search.google.com https://www.google.com https://untilgone-com.cdn.ampproject.org; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.philips.ro *.philips.com *.philips.ro https://philipsigtdpv.com 1
default-src 'self' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;script-src 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-M2x3v2sOL8i0LcRWPlXTIQ1ppaf6urya/5FLuss9A5A=' 'sha256-ncay0vLU4e1LwJXdiFb0cmxGvJ34kGp7AwuyvK5gqvc=' 'sha256-l6OX6+NLxF91XeeHsbFB3DhcSRC68fTuc2TRRBRlLdo=' 'sha256-5JzjenWweMw5xbQtRCoZHfweaaG9SAKri6LPl05yMfI=' 'sha256-Xk6rnDxb2nC09nRJd5kua4QT7SKkyCtxb2E3+G3tHSM=' 'sha256-ATTCE/zHudFqF9Y9jHzAUC1lmyE7f86q6aoqC/6c6U8=' 'self' 'nonce-9269ca745c29b3ac3d3f55ef203a0e1d' 'sha256-r5xutiab4KTmYLooatnYr9fDiEXoLol7Y2uGquCBJtY=' 'sha256-wG62HSCW15AvdDKJZDpKpEwgOrHtdjYEoSlzNIO74ls=' 'sha256-yesyhxQs/MxWbnMcLu1Ujl9D4IBr9sD+qbV1tVMY6Ko=' 'sha256-Ru+d/+1U04sx9gtyKNNATTUZWPxvL/3n4vcZ2byRA7k=' 'sha256-t+Hgtk8j37GNuJChq7VcjYRCus1g7dMM0o1wmo616mY=' 'sha256-zWbjMSPA3WVtIZdI2IlyN9b9SelFbYlTOHhC3ARBm14=' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;font-src 'self' data: calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;frame-ancestors 'self' ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;form-action 'self' ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;object-src 'none';connect-src 'self' blob: calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;upgrade-insecure-requests 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-NjcwNTA3ODYzMDQ4OTI4' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
frame-ancestors 'self' *.genekeys.ro viataconstienta.ro genekeys-bulgaria.com genekeys.ru *.genoveklice.cz genekeys.pl genkulcsok.hu *.genekeys.nl *.genekeysnederland.nl 1
default-src 'unsafe-inline' 'self' ;script-src  'unsafe-inline' 'self' https://challenges.cloudflare.com static.cloudflareinsights.com; connect-src 'self'  cloudflareinsights.com;img-src  'self'   data: ; frame-src  https://challenges.cloudflare.com ; object-src 'none' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-+rA+A+BTpTg7bl+IR6F5Vg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
object-src 'none'; frame-ancestors *.twitter.com twitter.com 1
default-src 'self' *.trancetraffic.com; script-src 'self' *.trancetraffic.com https://ssl.google-analytics.com; connect-src 'self' *.trancetraffic.com https://ssl.google-analytics.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; base-uri 'self';form-action 'self' 1
script-src 'self' 'nonce-846020880' 'unsafe-eval' 'report-sample'; report-uri /csp-submit.php 1
object-src 'none'; frame-ancestors 'self'; report-uri https://interagencystandingcommittee.org/report-uri/enforce 1
img-src * data:; frame-src 'self' www.youtube.com api.recurly.com apis.google.com accounts.google.com platform.twitter.com player.vimeo.com; script-src 'self' www.boomeranggmail.com js.recurly.com code.jquery.com https://connect.facebook.net apis.google.com ssl.google-analytics.com maxcdn.bootstrapcdn.com *.googleapis.com www.google-analytics.com www.youtube.com b4g.baydin.com www.googletagmanager.com https://appsforoffice.microsoft.com https://platform.twitter.com d3js.org cdn.optimizely.com 'nonce-E7TphyQuPzE+zyXI/4IZYA=='; connect-src 'self' api.recurly.com www.google-analytics.com *.googleapis.com b4g.baydin.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' b4g.baydin.com code.jquery.com ajax.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; default-src 'self' 'nonce-E7TphyQuPzE+zyXI/4IZYA==' 1
frame-ancestors 'self' https://*.alvieromartini.it; 1
frame-ancestors https://*.salesfra.me https://*.salesframe.com; 1
frame-ancestors 'self' https://hansa-autoversicherung.de https://lumen.da-dg.com https://www.wigger-versicherung.de https://www.elbtor-versicherungen.de https://www.sternauto-versicherung.de 1
default-src 'self'; font-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ 'nonce-2726c7f26c'; script-src 'strict-dynamic' 'unsafe-eval' *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.smartlook.com/ *.smartlook.cloud/ *.googletagmanager.com/ *.google-analytics.com/ *.googleadservices.com/ *.doubleclick.net/ connect.facebook.net/ 'nonce-2726c7f26c'; style-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ 'nonce-2726c7f26c'; connect-src 'self' *.smartlook.com/ *.smartlook.cloud/ *.doubleclick.net/ *.facebook.com *.google-analytics.com/ *.hotjar.com/ *.hotjar.io/; worker-src 'self' blob: ; img-src 'self' *.google-analytics.com/ *.google.com/ *.google.com.br/ *.facebook.com/ *.facebook.net/ *.doubleclick.net/; frame-ancestors 'self'; form-action 'self'; frame-src 'self' *.doubleclick.net/ *.google.com/ *.gstatic.com/ *.hotjar.com/ 1
default-src 'self' https://*; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; frame-ancestors 'self' https://*; 1
frame-ancestors 'self' http://www.philips.cz *.philips.com *.philips.cz https://philipsigtdpv.com 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-tVy2NSDlEfCVbO5PyfFnASynYPOi5/' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://inapp.planhat.com https://analytics.planhat.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com app.planhat.com cdn.announcekit.app cdn.segment.com ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co ; worker-src blob: ; font-src 'self' fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigmentsa-dev-ed.lightning.force.com/ https://pigmentsa-dev-ed--c.visualforce.com/; base-uri 'self' ; report-uri https://pigment.uriports.com/reports/report ; report-to enforce ; 1
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com  *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com; 1
default-src https: 'unsafe-inline' wss: data: 'unsafe-eval' 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/jsapi https://cdnjs.cloudflare.com/ https://www.googleapis.com https://cdn.jsdelivr.net https://secure.gravatar.com https://www.gstatic.com; font-src 'self' data: https://fonts.gstatic.com  https://themes.googleusercontent.com; connect-src 'self' https://apis.google.com https://www.wordpress.org https://www.google.com; frame-src 'self' https://akismet.com https://cgpeers.to https://cgpeers.com https://www.youtube.com; img-src 'self' data: https://i.imgur.com https://*.fastpic.ru https://imgur.com https://pixhost.eu https://ps.w.org https://*.gravatar.com https://secure.gravatar.com https://*.googleapis.com https://upload.wikimedia.org; upgrade-insecure-requests; form-action 'self'; base-uri 'self'; object-src 'none'; manifest-src 'self'; worker-src 'none'; style-src 'self' 'unsafe-inline' https://secure.gravatar.com https://cdnjs.cloudflare.com/ https://www.gstatic.com/ 1
frame-ancestors 'self' https://*.felgenoutlet.de 1
default-src 'self' 'unsafe-inline *.cardinalcommerce.com *.hotjar.com *.xendit.co *.zdassets.com *.skrill.com *.safecharge.com *.mcpayment.net *.tipalti.com *.facebook.com *.coinbase.com *.zeusx.com *.gstatic.com *.cloudflare.com *.google.com *.aws.com  *.stripe.com  *.googleapis.com  *.checkout.com  *.line-website.com *.paypal.com *.firebaseio.com *.amazonaws.com *.transferwise.tech  *.googletagmanager.com ; img-src *  'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; frame-src *; 1
frame-src 'self' *.mucem.org rooting.arenametrix.fr *.youtube.com *.facebook.com *.soundcloud.com* *.fbcdn.net *.sndcdn.com *.ausha.co *.notoryou.com https://mpembed.com/show/?m=kLFY43iYwS6&mpu=1027 *.soundcloud.com *.instagram.com *.play.acast.com embed.acast.com https://www.calameo.com https://v.calameo.com* *v.calameo.com https://v.calameo.com/?bkcode=002358376aa33755a8a80&mode=mini 1
default-src 'self' ariamarz.com *.ariamarz.com 'unsafe-inline' 'unsafe-eval' data: https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.analytics.google.com https://www.googleoptimize.com/ https://optimize.google.com/ https://unpkg.com https://cdn.ampproject.org https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.yektanet.com https://fonts.gstatic.com https://file.myfontastic.com https://www.google-analytics.com https://audience.yektanet.com https://ua.yektanet.com https://jung.yektanet.com https://freud.yektanet.com https://stats.g.doubleclick.net https://map.ir https://www.aparat.com https://nfetch.yektanet.com/api/v2/load https://native-removal.triboon.net https://fonts.googleapis.com https://analytics.google.com https://rum.corewebvitals.io https://coredash.app https://td.doubleclick.net https://maxcdn.bootstrapcdn.com/;img-src * data: blob:; 1
frame-ancestors 'self' https://www.liveshopping.bonprix.ch/ https://liveshopping.bonprix.ch/; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-jF2IQdgfeNrHVd9p3UNJBtMbPZHbLLI1tasrUhKdRRlTFnUheE4KL2s9gQqwzPwK' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src 'unsafe-inline' 'unsafe-eval'  https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; 1
default-src 'none'; 	connect-src 'self' https://play.openpolicyagent.org https://www.google-analytics.com https://kubernetesjsonschema.dev https://raw.githubusercontent.com/yannh/kubernetes-json-schema/ https://cncf.github.io/banners/banners.yml; 	font-src 'self'; 	img-src 'self' data: https:; 	manifest-src 'self'; 	script-src 'self' https://www.google-analytics.com; 	style-src 'self' 'unsafe-inline' 1
default-src 'self' *.ceros.com *.doubleclick.net *.facebook.com *.fontawesome.com *.fullstory.com *.linkedin.com *.marketo.com *.mktoresp.com *.onetrust.com *.siteimproveanalytics.io *.youtube-nocookie.com https://bam.nr-data.net https://*.6sc.co https://cdn.cookielaw.org https://cdn.jsdelivr.net https://go.optiv.com https://html5-player.libsyn.com https://play.libsyn.com/ https://pixel.sitescout.com https://platform.twitter.com https://secure.adnxs.com https://themes.googleusercontent.com https://www.google.com https://www.google-analytics.com https://www.youtube.com/iframe_api https://api.lever.co https://cdn.linkedin.oribi.io/ https://www.googletagmanager.com https://fonts.gstatic.com; img-src 'self' data: *.6sc.co *.g.doubleclick.net *.global.siteimproveanalytics.io *.linkedin.com *.ytimg.com https://cdn.bizible.com https://cdn.bizibly.com https://cdn.cookielaw.org https://p.adsymptotic.com https://pixel.sitescout.com https://www.facebook.com https://www.google.com https://t.co https://analytics.twitter.com https://www.googletagmanager.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ceros.com *.fullstory.com *.linkedin.com *.marketo.com *.marketo.net *.youtube-nocookie.com https://ajax.googleapis.com https://apis.google.com https://bam.nr-data.net https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://connect.facebook.net https://geolocation.onetrust.com https://go.optiv.com https://google.com https://j.6sc.co/6si.min.js https://js-agent.newrelic.com https://munchkin.marketo.net/159/munchkin.js https://platform.twitter.com https://s.ytimg.com https://siteimproveanalytics.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tagmanager.google.com https://themes.googleusercontent.com https://tracking.intentsify.io https://up.pixel.ad/assets/up.js https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://static.ads-twitter.com/uwt.js cdnjs.cloudflare.com go.optiv.com; style-src 'self' 'unsafe-inline' *.ceros.com *.marketo.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://fonts.googleapis.com https://go.optiv.com https://google.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.googletagmanager.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com;img-src 'self' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net https://use.fontawesome.com https://*.npolar.no https://polyfill.io https://*.jquery.com https://code.highcharts.com https://unpkg.com https://*.googleapis.com https://*.siteimprove.net;font-src https://fonts.gstatic.com https://use.typekit.net 'self' data:;object-src 'self' https://*.npolar.no ;base-uri 'none';frame-ancestors 'self' https://*.npolar.no;frame-src 'self' https://*.npolar.no https://*.spotify.com https://*.youtube.com https://*.facebook.com https://*.acast.com https://www.listennotes.com;form-action 'self';media-src 'self' https:;connect-src 'self' https:; 1
object-src 'self' http: https: data: blob: 'unsafe-inline' 1
frame-ancestors 'self' *.agechecker.net mybigcommerce.com *.mybigcommerce.com shopify.com *.shopify.com myshopify.com *.myshopify.com 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-cViik6oreE1UoHFnN+lAMQ=='; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com https://www.digitalkyc.unicreditbulbank.bg; connect-src 'self' https://localhost:53952/; frame-ancestors 'self'; 1
default-src 'self' http://*.vtechda.com https://*.vtechda.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://*.vtechda.com https://*.vtechda.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticxx.facebook.com https://www.facebook.com https://www.gstatic.com https://ssl.google-analytics.com https://connect.facebook.net https://static.criteo.net https://translate.googleapis.com https://translate.google.com https://apis.google.com https://maps.googleapis.com https://www.google.com https://www.googleadservices.com https://www.freecurrencyrates.com https://freecurrencyrates.com https://verify.authorize.net https://eval.bizrate.com https://ajax.aspnetcdn.com https://dharma-www.s3.us-west-1.amazonaws.com ; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6psljp9iqu681&partner=; 1
default-src 'self' https://*.userlane.com *.smart-tribune.com https://*.sentry.io; font-src *; frame-src 'unsafe-inline' *; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *;connect-src 'self' https://*.userlane.com https://*.sentry.io https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://api-gateway.app.smart-tribune.com https://cdn.cookielaw.org https://*.cookiebot.com https://erde-edenred-ucf-proxy.eu.edenred.io https://*.trustpilot.com https://*.xiti.com https://*.pa-cd.com 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self';font-src 'self' fonts.gstatic.com cdn.kustomerapp.com;frame-ancestors 'none';upgrade-insecure-requests;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' blob: data: res.cloudinary.com *.loungebuddy.com *.evidon.com *.apple-mapkit.com stripe.com *.stripe.com *.kustomerhostedcontent.com *.kustomerapp.com www.gravatar.com maps.googleapis.com *.americanexpress.com *.aexp-static.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.fr https://*.google.de https://*.google.com.mx;object-src 'self' data: blob:;connect-src 'self' api.amplitude.com stripe.com *.stripe.com *.evidon.com loungebuddy.api.kustomerapp.com rum-http-intake.logs.datadoghq.com *.pndsn.com maps.googleapis.com *.americanexpress.com *.aexp-static.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.fr https://*.google.de https://*.google.com.mx *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com;worker-src blob:;script-src 'self' 'sha384-vYYnQ3LPdp/RkQjoKBTGSq0X5F73gXU3G2QopHaIfna0Ct1JRWzwrmEz115NzOta' *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com;script-src-elem 'self' *.apple-mapkit.com stripe.com *.stripe.com *.evidon.com cdn.amplitude.com cdn.kustomerapp.com cdn.polyfill.io *.datadoghq.com www.datadoghq-browser-agent.com *.americanexpress.com *.aexp-static.com maps.googleapis.com https://*.googletagmanager.com 'sha384-vYYnQ3LPdp/RkQjoKBTGSq0X5F73gXU3G2QopHaIfna0Ct1JRWzwrmEz115NzOta' 'nonce-DkP8iIHXOmLsfy4atj+83g==';frame-src *.stripe.com *.loungebuddy.com *.loungebuddy.com.au *.loungebuddy.co.uk *.loungebuddy.de *.loungebuddy.fr *.loungebuddy.mx; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-myUtirxlbhTBk7QJtk4GmkdHKFsFm1' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors https://edicola.iltquotidiano.it/ 1
default-src 'self' https://cp.hubspot.com; style-src 'self' 'unsafe-inline' https://bakkt.com *.cookielaw.org *.onetrust.com https://unpkg.com/aos@next/dist/aos.css https://cdn2.hubspot.net https://unpkg.com https://static.hsappstatic.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https://api-na1.hubapi.com https://*.hsforms.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hubspot.net https://*.hsforms.net https://static.hsappstatic.net *.cookielaw.org https://px.ads.linkedin.com https://alb.reddit.com https://t.co/ https://analytics.twitter.com https://px4.ads.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.google.com data:; font-src 'self' https://bakkt.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn2.hubspot.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.hubspotusercontent-na1.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bakkt.com https://platform.linkedin.com https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com *.cookielaw.org *.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com/aos@next/dist/aos.js https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://*.redditstatic.com https://*.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://unpkg.com https://cdn2.hubspot.net https://*.hubspot.com https://*.hubspotusercontentxx.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://js.usemessages.com https://*.vidyard.com https://ws.zoominfo.com https://tags.clickagy.com https://js.hsforms.net https://js.hs-analytics.net https://forms.hubspot.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com/ https://ws.zoominfo.com https://api.hubapi.com https://privacyportal.onetrust.com https://forms.hubspot.com https://analytics.hubspot.com https://aorta.clickagy.com https://hemsync.clickagy.com https://cp.hubspot.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://forms.hscollectedforms.net https://*.g.doubleclick.net https://*.google.com https://recruiting.paylocity.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://www.google.com; frame-src 'self' https://play.hubspotvideo.com https://td.doubleclick.net/ https://hemsync.clickagy.com https://www.youtube.com/ https://app.hubspot.com https://platform.twitter.com/ https://12542075.fls.doubleclick.net https://forms.hsforms.com/ https://www.google.com; object-src 'none'; frame-ancestors 'self' https://play.hubspotvideo.com https://td.doubleclick.net/ https://hemsync.clickagy.com https://www.youtube.com/ https://app.hubspot.com https://platform.twitter.com/ https://12542075.fls.doubleclick.net https://forms.hsforms.com/ https://www.google.com;; upgrade-insecure-requests 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://*.vimeocdn.com https://player.vimeo.com https://*.akamaized.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://checkout.espaskincare.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.espaskincare.com https://*.vimeocdn.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.espaskincare.com blob: https://*.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://apps.storystream.ai http://platform.twitter.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cdn.pubnub.com https://ucarecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors https://www.abarset.com/ https://abarset-grandvalira.com/ http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com http://*.palarinsal.com https://*.palarinsal.com 1
default-src 'self' *.perahub.com.ph; style-src 'self' 'unsafe-inline' *.perahub.com.ph; style-src-elem 'self' 'unsafe-inline' *.force.com *.salesforce-sites.com; font-src 'self' data: *.perahub.com.ph; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.perahub.com.ph; script-src-elem 'self' 'unsafe-inline' *.salesforceliveagent.com *.salesforce.com *.force.com *.salesforce-sites.com *.recaptcha.net *.gstatic.com; frame-src 'self' data: *.youtube.com youtu.be *.force.com *.recaptcha.net; connect-src 'self' *.perahub.com.ph *.force.com; img-src 'self' blob: data: *.perahub.com.ph; frame-ancestors 'self' https://www.youtube.com; 1
upgrade-insecure-requests; default-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https: blob: 'self' https://*.brizy.io; object-src 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.kicad.info/logs/ https://forum.kicad.info/sidekiq/ https://forum.kicad.info/mini-profiler-resources/ https://forum.kicad.info/assets/ https://forum.kicad.info/brotli_asset/ https://forum.kicad.info/extra-locales/ https://forum.kicad.info/highlight-js/ https://forum.kicad.info/javascripts/ https://forum.kicad.info/plugins/ https://forum.kicad.info/theme-javascripts/ https://forum.kicad.info/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://forum.kicad.info/assets/ https://forum.kicad.info/brotli_asset/ https://forum.kicad.info/javascripts/ https://forum.kicad.info/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https://cdn.plaid.com https://static.zdassets.com https://ekr.zdassets.com https://riverfinancial.zendesk.com wss://riverfinancial.zendesk.com wss://*.zopim.com; connect-src 'self' https://sentry.io/api/ https://ekr.zdassets.com https://riverfinancial.zendesk.com https://api.hsforms.com wss://*.zopim.com https://*.zopim.com https://sentry2.knox.mx wss://river.com https://data.river.com https://www.google-analytics.com https://*.analytics.google.com https://*.google.com https://stats.g.doubleclick.net https://production.plaid.com https://o1382860.ingest.sentry.io/api/ https://ads-twitter.com https://static.ads-twitter.com/ ads-api.twitter.com analytics.twitter.com; script-src 'self' 'nonce-bLrdUeSVFKjPWo85KuyS6blTcF4vzPVFphqGLyY3yKI'  https://river.com/ https://static.zdassets.com https://cdn.plaid.com https://data.river.com https://cdn.sift.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/; img-src 'self' https://river.com https://data.river.com https://v2assets.zopim.io https://static.zdassets.com https://v2uploads.zopim.io https://hexagon-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://blog.river.com https://www.google.com https://googleads.g.doubleclick.net https://ads-twitter.com https://static.ads-twitter.com/ ads-api.twitter.com analytics.twitter.com https://t.co/1/i/adsct data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-src 'self' https://www.youtube.com https://cdn.plaid.com https://connect.trezor.io https://www.google.com/recaptcha/ https://demo.docusign.net https://account-d.docusign.com https://bid.g.doubleclick.net; base-uri 'none' 1
script-src http: https: https://wildcraft.com/ 'unsafe-inline' *.smartlook.com *.s3g6.com *.gotrackier.com; style-src 'self' blob: https: 'unsafe-inline' https://wildcraft.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.facebook.com *.criteo.com *.doubleclick.net *.moengage.com *.2trk.info *.smartlook.com *.s3g6.com *.gotrackier.com; 1
frame-ancestors 'self' https://investcab.ru https://spbexchange.ru https://finbasics.spbexchange.ru chrome-extension://* 1
frame-ancestors 'self' https://apply.deltacommunitycu.com https://experience.adobe.com 1
frame-ancestors 'self' *.officemax.com.mx *.gandhi.com.mx *.ondemand.com 1
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io *.vc-staging.com 1
default-src 'self';script-src 'self' 'unsafe-inline' data: https://js.hsforms.net https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com googleads.g.doubleclick.net www.googleadservices.com https://www.gstatic.com https://www.google.com/recaptcha/api.js *.cookiebot.com maps.googleapis.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://*.list-manage.com https://downloads.mailchimp.com https://chimpstatic.com https://gtm-tljzgsk-njczm.uc.r.appspot.com https://metrics.priva.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://*.hotjar.com/ https://*.hotjar.io/ *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com;style-src 'self' 'unsafe-inline' tagmanager.google.com https://cdn-images.mailchimp.com downloads.mailchimp.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com;img-src 'self' blob: data: *.privacysandbox.googleadservices.com *.vimeocdn.com *.vimeo.com www.google.nl www.google.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.mailchimp.com *.list-manage.com https://www.google-analytics.com https://px.ads.linkedin.com https://bat.bing.com/action/ https://www.linkedin.com https://www.facebook.com https://www.google.be https://www.clarity.ms https://*.hotjar.com https://*.hotjar.io *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.hsforms.com;media-src 'self' blob:;frame-src 'self' *.cookiebot.com *.vimeo.com vimeo.com youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://privacdn.blob.core.windows.net/prd-productwizard/simple_version.html https://www.google.com https://privacdn.blob.core.windows.net https://forms.hsforms.com https://cdn.flipsnack.com https://*.hotjar.com/ https://*.hotjar.io *.visualwebsiteoptimizer.com *.teamgantt.com/ app.vwo.com;font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com/ https://*.hotjar.io;connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://forms.hsforms.com vimeo.com https://maps.googleapis.com https://consentcdn.cookiebot.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com https://gtm-tljzgsk-njczm.uc.r.appspot.com https://metrics.priva.com https://e.clarity.ms https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.visualwebsiteoptimizer.com app.vwo.com https://cdn.linkedin.oribi.io/partner/3828489/domain/priva.com/token;base-uri 'self';child-src 'self' blob:;form-action 'self' *.hsforms.com;frame-ancestors 'self';worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.com.br https://www.myheritage.com.br  'nonce-0acf20b852767ac728d9fc6bb1575289' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
;         default-src 'self' *.vtc.ru ;         script-src 'self' *.vtc.ru www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' ;         connect-src 'self' *.vtc.ru ;         img-src data: * 'self' *.vtc.ru ;         media-src 'self' *.vtc.ru ;         style-src 'self' *.vtc.ru 'unsafe-inline' ;         font-src 'self' *.vtc.ru ;         frame-src 'self' *.vtc.ru www.google.com docs.roundcube.net; 1
frame-ancestors 'self'; default-src 'self' data:  *.googleapis.com *.ggpht.com *.doubleclick.net *.eww.at assets.sendinblue.com assets.brevo.com *.ooevv.at *.siteimprove.net *.siteimprove.com *.haf.as *.sibforms.com; img-src 'self' data: *.googleapis.com *.ggpht.com *.ooevv.at; frame-src 'self' *.vimeo.com *.youtube-nocookie.com *.youtube.com *.google.com *.ggpht.com *.googlevideo.com forms.websms.com *.eww.at map.chge.at eww.appointlet.com solarrechner.eturnity.io *.siteimprove.net *.siteimprove.com *.office365.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gstatic.com *.googleapis.com *.google.com *.eww.at sibforms.com *.ooevv.at *.siteimprove.net *.siteimprove.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com sibforms.com *.ooevv.at *.siteimprove.net *.siteimprove.com 1
default-src 'self'; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' wss: blob: accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com atag.adgile.media bat.bing.com *.clarity.ms *.hotjar.com *.hotjar.io script.crazyegg.com *.cloudfunctions.net www.google-analytics.com connect.facebook.netaccounts.google.com connect.facebook.net *.doubleclick.net *.googleapis.com *.wva.dev *.worldvision.com.au cdn.linkedin.oribi.io *.braintreegateway.com *.braintree-api.com www.paypal.com *.visualstudio.com cdn.plyr.io c3.adalyser.com *.crazyegg.com csp.withgoogle.com *.facebook.com *.mypurecloud.com.au https://noembed.com https://google.com/pay https://www.google.com/pay pay.google.com apps.mypurecloud.com *.googlesyndication.com *.hscollectedforms.net *.hubapi.com *.fullstory.com *.api.useinsider.com *.useinsider.com google.com *.maze.co *.linkedin.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com apps.mypurecloud.com *.wva.dev *.worldvision.com.au maxcdn.bootstrapcdn.com cdn.jsdelivr.net applepay.cdn-apple.com *.maze.co *.useinsider.com *.api.useinsider.com; frame-src 'self' *.doubleclick.net *.facebook.com *.hotjar.com www.youtube.com *.google.com www.gstatic.com assets.braintreegateway.com *.paypal.com *.kaptcha.com https://recaptcha.net *.vimeo.com *.worldvision.com.au *.wva.dev worldvisionau.api.useinsider.com *.googletagmanager.com *.mypurecloud.com.au *.maze.co; media-src 'self' data: blob: *.cloudfront.net storyhub.wvi.org wvdsawebpublicprd.blob.core.windows.net s3-ap-southeast-2.amazonaws.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.worldvision.com.au *.wva.dev *.facebook.net *.linkedin.com *.twitter.com *.ads-twitter.com *.youtube.com *.aspnetcdn.com s.ytimg.com *.twimg.com *.paypalobjects.com *.paypal.com *.stumbleupon.com *.azureedge.net *.vimeo.com *.eloqua.com *.marketo.net js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org snap.licdn.com bat.bing.com *.doubleclick.net surveydynamix.com *.adgile.media cdn.pdst.fm *.mypurecloud.com.au openfpcdn.io *.mypurecloud.ie *.quantserve.com *.quantcount.com *.omnitagjs.com *.tvsquared.com *.jquery.com js.braintreegateway.com *.clarity.ms recaptcha.net *.cloudfront.net s.po.st projects.lukehaas.me *.cdn-apple.com js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.api.useinsider.com *.monsido.com *.maze.co *.fullstory.com *.useinsider.com *.hotjar.com *.s3-ap-southeast-2.amazonaws.com *.creativa.com.au *.newrelic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.worldvision.com.au *.wva.dev *.facebook.net *.linkedin.com *.twitter.com *.ads-twitter.com *.youtube.com *.aspnetcdn.com s.ytimg.com *.twimg.com *.paypalobjects.com *.paypal.com *.stumbleupon.com *.azureedge.net *.vimeo.com *.eloqua.com *.marketo.net js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org snap.licdn.com bat.bing.com *.doubleclick.net surveydynamix.com *.adgile.media cdn.pdst.fm *.mypurecloud.com.au openfpcdn.io *.mypurecloud.ie *.quantserve.com *.quantcount.com *.omnitagjs.com *.tvsquared.com *.jquery.com js.braintreegateway.com *.clarity.ms recaptcha.net *.cloudfront.net s.po.st projects.lukehaas.me *.cdn-apple.com js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.api.useinsider.com *.monsido.com *.maze.co *.fullstory.com *.useinsider.com *.hotjar.com *.s3-ap-southeast-2.amazonaws.com *.creativa.com.au *.newrelic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com *.bootstrapcdn.com *.mypurecloud.com *.wva.dev *.worldvision.com.au code.jquery.com *.bootstrapcdn.com kendo.cdn.telerik.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net *.maze.co *.useinsider.com *.api.useinsider.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com *.bootstrapcdn.com *.mypurecloud.com *.wva.dev *.worldvision.com.au code.jquery.com *.bootstrapcdn.com kendo.cdn.telerik.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net *.maze.co *.useinsider.com *.api.useinsider.com; object-src 'none'; 1
default-src 'self' c.mmogah.com; connect-src *; font-src 'self' c.mmogah.com *.landbot.io *.comm100.com *.comm100vue.com *.comm100.io fonts.gstatic.com; child-src 'self'; media-src 'self'; worker-src 'self' blob:; object-src 'self' blob: data:; img-src 'self' blob: data: https: http: *; frame-src 'self' *.google.com mmogah.freshdesk.com *.spreedly.com *.youtube-nocookie.com *.youtube.com *.mmogah.com *.landbot.io *.comm100.com *.comm100vue.com *.comm100.io apis.google.com *.disqus.com disqus.com *.cloudflare.com bid.g.doubleclick.net td.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.bizrate.com *.gstatic.com c.mmogah.com *.landbot.io *.comm100.com *.comm100vue.com *.comm100.io apis.google.com *.disqus.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.vercel-insights.com *.vercel-scripts.com *.landbot.io *.comm100.com *.comm100vue.com *.comm100.io apis.google.com *.disqus.com *.cloudflare.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net vercel.live c.mmogah.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' data: *.ampproject.org *.payments-amazon.com *.googleapis.com *.google.com *.gstatic.com *.mmogah.com *.bizrate.com *.spreedly.com *.vercel-insights.com *.vercel-scripts.com *.landbot.io *.comm100.com *.comm100vue.com *.comm100.io apis.google.com *.disqus.com *.cloudflare.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net vercel.live c.mmogah.com device.maxmind.com *.sagepay.com; 1
default-src https: data: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com/iframe_api cdn.cookielaw.org *.google-analytics.com *.googletagmanager.com *.tiktok.com widget.tagembed.com *.facebook.net snap.licdn.com googleads.g.doubleclick.net px.ads.linkedin.com *.hotjar.com *.clarity.ms *.grupoboticario.com.br *.youtube.com; img-src 'self' data: ps.w.org *.linkedin.com *.googletagmanager.com secure.gravatar.com *.google-analytics.com *.facebook.com www.glassdoor.com.br s.w.org px.ads.linkedin.com *.google.com.br *.google.com *.clarity.ms *.bing.com i.ytimg.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; form-action 'self' *.facebook.com; frame-src 'self' *.facebook.com widget.tagembed.com *.youtube.com td.doubleclick.net airtable.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org cdn.linkedin.oribi.io *.facebook.com *.onetrust.com *.tiktok.com px.ads.linkedin.com/wa/ *.clarity.ms wss://ws.hotjar.com *.hotjar.io google.com; 1
default-src 'self' https:; font-src 'self' https: data: https://fonts.googleapis.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-2z5ObVOyX4MINUUWGlA3Cg=='; worker-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss://api.appcues.net wss://widget-mediator.zopim.com/ 1
upgrade-insecure-requests; img-src 'self' data: https://secure.gravatar.com  https://dify.wpengine.com  https://endpoint.wpenginepowered.com  https://px.ads.linkedin.com  https://www.linkedin.com  https://ps.w.org  https://wpmudev.com  https://s.w.org  https://i.vimeocdn.com  https://pd.w.org  https://cache.webcasts.com  https://px4.ads.linkedin.com  https://www.googletagmanager.com  https://www.google.co.uk  https://i0.wp.com  http://172.21.1.139  https://region1.google-analytics.com  https://www.google-analytics.com  https://fonts.gstatic.com  https://cdn.honey.io  https://hm.baidu.com  https://pos.baidu.com  blob:  https://really-simple-ssl.com  https://translate.google.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' https://endpoint.wpenginepowered.com  https://snap.licdn.com  https://static.hotjar.com  https://script.hotjar.com  https://app.greenhouse.io  https://www.google-analytics.com  https://www.googletagmanager.com  https://boards.greenhouse.io  https://www.pagespeed-mod.com  http://10.112.61.167  https://connect.facebook.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://xodihe.vabexici-fopixu.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://gateway.id.swg.umbrella.com  https://get663.com  https://andreasmb.github.io  https://ssl.google-analytics.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://endpoint.wpenginepowered.com  https://app.greenhouse.io  https://snap.licdn.com  https://static.hotjar.com  https://script.hotjar.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://boards.greenhouse.io  https://www.pagespeed-mod.com  https://connect.facebook.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://xodihe.vabexici-fopixu.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://gateway.id.swg.umbrella.com  https://get663.com  https://andreasmb.github.io  https://ssl.google-analytics.com ; style-src 'self' 'unsafe-inline' https://endpoint.wpenginepowered.com  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  data:  https://cdn.honey.io  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://andreasmb.github.io  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com ; style-src-elem 'self' 'unsafe-inline' https://endpoint.wpenginepowered.com  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  data:  https://cdn.honey.io  https://gc.kis.v2.scr.kaspersky-labs.com  https://me.kis.v2.scr.kaspersky-labs.com  https://andreasmb.github.io  https://ff.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com ; connect-src 'self' https://my.wpengine.com  https://vc.hotjar.io  https://in.hotjar.com  https://cdn.linkedin.oribi.io  https://content.hotjar.io  wss://ws.hotjar.com  https://csmetrics.hotjar.com  https://endpoint.wpenginepowered.com  https://www.google-analytics.com  https://yoast.com  https://analytics.google.com  https://region1.google-analytics.com  https://get663.com  https://stats.g.doubleclick.net  https://region1.analytics.google.com  https://plugin.ucads.ucweb.com  https://gjtrack.ucweb.com  https://api.solaranalyticscorp.com  https://api.awesomeblocker.com  https://metrics.hotjar.io  https://hm.baidu.com  wss://wsp46.hotjar.com  https://api.blocksly.org  wss://wsp8.hotjar.com  https://api.lever.co  https://translate.googleapis.com;  frame-src 'self' https://securityscorecard.com  https://go.pardot.com  https://boards.greenhouse.io  https://info.endpointclinical.com  https://gateway.id.swg.umbrella.com  https://gateway.zscloud.net  https://player.vimeo.com  https://www.google.com  https://mozbar.moz.com  https://gateway.zscalertwo.net  http://172.21.0.56  https://safe.menlosecurity.com  http://172.21.1.139  http://172.21.1.95  data:  https://saml.threatpulse.net  http://172.21.1.137  https://gateway.zscalerthree.net  http://25.19.243.76  http://172.25.241.32  http://10.14.124.25  https://www.youtube.com  http://172.21.0.75  http://172.25.241.31;  font-src 'self' data:  https://fonts.gstatic.com  https://cdnjs.cloudflare.com  https://endpoint.wpenginepowered.com  https://at.alicdn.com  https://cdn-uicons.flaticon.com  https://use.typekit.net  https://github.com  https://cdn.scite.ai  moz-extension;  media-src 'self' data:  https://upload.wikimedia.org;  worker-src 'self' blob:; 1
frame-ancestors "self" https://*.launchmetrics.com:*; 1
frame-ancestors 'self' webvisor.com metrika.yandex.ru 1
frame-ancestors 'self' http://*.conab.gov.br https://*.conab.gov.br http://*.ceasa.gov.br https://*.ceasa.gov.br; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com https://www.magnetmail.net https://tracking.magnetmail.net https://use.typekit.net https://cdn.jsdelivr.net *.feathr.co *.adroll.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://use.typekit.net data: https://cdn.jsdelivr.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://literacyworldwide.org https://p.typekit.net *.feathr.co *.adroll.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.magnetmail.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.feathr.co *.adroll.com; 1
frame-ancestors 'self'; connect-src 'self' analytics.google.com www.google-analytics.com leadbooster-chat.pipedrive.com wss://*.pusher.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.weglot.com https://webforms.pipedrive.com https://cdn-api.weglot.com https://stats.g.doubleclick.net https://bam.nr-data.net; object-src 'none'; img-src 'self' mgtemplate.wpengine.com dmarcian2022.wpengine.com dmarcian.com via.placeholder.com p.typekit.net analytics.google.com www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.weglot.com leadbooster-chat.pipedrive.com *.hotjar.com https://www.google.ba/; media-src 'self' ; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.pipedrive.com *.pipedriveassets.com js.pusher.com use.typekit.net ajax.googleapis.com www.googletagmanager.com www.google-analytics.com *.dmarcian.com *.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.us-east-1.pipedriveassets.com https://js-agent.newrelic.com; style-src 'unsafe-inline' 'self'; font-src 'self' data: *.typekit.net leadbooster-chat.pipedrive.com; frame-src 'self' *.youtube.com *.google.com *.pipedrive.com *.dmarcian.com airtable.com vars.hotjar.com; default-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval';frame-ancestors *; 1
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ 1
frame-ancestors 'self' https://www.coursera.support 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' https://*.google.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com; style-src 'self' data: 'unsafe-inline' *.aucklandmuseum.com ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-elem 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; style-src-attr 'self' data: 'unsafe-inline' ajrctguoxo.cloudimg.io *.google.com *.googleapis.com *.jotform.co *.jotfor.ms *.twitter.com *.twimg.com *.riddle.com; img-src * 'self' data: *.aucklandmuseum.com ajrctguoxo.cloudimg.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; font-src 'self' data: *.gstatic.com *.jotform.co *.hotjar.com; connect-src * 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com; media-src * 'self'; child-src 'self' blob:; frame-src * 'self' https://*.google.com; worker-src * https://*.google.com blob:; frame-ancestors * 'self' https://*.google.com; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self';connect-src 'self' https: *.camunda.io *.mixpanel.com *.osano.com cloudflareinsights.com *.appcues.net wss://api.appcues.net tour.camunda.io;script-src 'self' js.chargebee.com/v2/chargebee.js *.chargebee.com *.osano.com tour.camunda.io *.camunda.io ajax.cloudflare.com static.cloudflareinsights.com pactsafe.io *.pactsafe.io d3l1mqnl5xpsuc.cloudfront.net;style-src 'self' 'unsafe-inline' https: *.googleapis.com *.chargebee.com;img-src 'self' data: camunda.com https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com validator.swagger.io camundahelp.wpengine.com res.cloudinary.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.camunda.io;frame-ancestors;frame-src 'self' https: *.chargebee.com;child-src;worker-src 'self' blob:;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net oembed.com svc.webspellchecker.net broschuerenservice.wirtschaft.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net broschuerenservice.wirtschaft.nrw;    font-src data: *;    img-src  data: blob: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com broschuerenservice.wirtschaft.nrw;    worker-src  'self' blob: *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de broschuerenservice.wirtschaft.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none';      child-src blob: *.youtube.com *.youtube-nocookie.com *.limelight.com *.facebook.com *.doubleclick.net *.google.com *.surveymonkey.com;      connect-src 'self' *.kaplanco.com *.llnw.net *.scene7.com *.evergage.com *.facebook.com *.roirevolution.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.bing.com *.pinterest.com *.clarity.ms *.bing.com *.bazaarvoice.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hubapi.com *.luckyorange.com *.vidyard.com wss://*.visitors.live;      font-src 'self' data: *.kaplanco.com fonts.gstatic.com *.googleapis.com use.typekit.net;      frame-src 'self' *.kaplanco.com *.llnw.net *.bazaarvoice.com *.vimeo.com tpc.googlesyndication.com *.google.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.doubleclick.net *.surveymonkey.com *.roomstyler.com planner5d.com *.pinterest.com *.hsforms.com *.hs-sites.com app.hubspot.com *.cincopa.com *.vidyard.com *.egnyte.com;      img-src 'self' data: *.kaplanco.com *.llnw.net *.scene7.com *.bing.com *.bazaarvoice.com *.google.com *.facebook.com *.pinterest.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.smassets.net *.googletagmanager.com *.youtube.com *.clarity.ms planner5d.com *.floorplanner.com *.facebook.net alivestudiosco.com click.s12.exacttarget.com cdn1.hubspot.net cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net no-cache.hubspot.com cta-service-cms2.hubspot.com track.hubspot.com *.hsforms.com static.hubspot.com static.hsappstatic.net *.fs1.hubspotusercontent-na1.net *.vidyard.com *.egnyte.com;       manifest-src images.kaplanco.com;      media-src 'self' blob: *.kaplanco.com *.llnw.net;      object-src 'self' *.kaplanco.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kaplanco.com  *.limelight.com *.scene7.com *.bazaarvoice.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.googleadservices.com *.bing.com *.clarity.ms *.facebook.net *.pinimg.com *.pinterest.com *.google.com polyfill.io *.gstatic.com *.surveymonkey.com *.googleapis.com *.microsoft.com *.googlesyndication.com *.vimeo.com  *.googleoptimize.com js.hscollectedforms.net js.hsleadflows.net *.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com js.hubspot.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com js.hscta.net cta-service-cms2.hubspot.com *.vidyard.com tools.luckyorange.com unpkg.com scripts.publitas.com;      style-src 'self' 'unsafe-inline' *.kaplanco.com *.scene7.com *.bazaarvoice.com *.googleapis.com *.typekit.net unpkg.com;      worker-src 'self' blob: *.kaplanco.com; 1
frame-ancestors https://adminv3.luxauto.lu http://www.lessentiel.lu https://www.lessentiel.lu http://www.garage-pauly.lu https://www.garage-pauly.lu http://www.gti.lu http://automobiles-cr.lu http://www.automobiles-cr.lu https://www.garagethielen.lu http://www.reiserbann.lu https://www.reiserbann.lu https://www.smartcenter.lu https://www.marval.lu https://www.garagecastermans.lu http://www.schneiders.lu https://www.serviceautomobile.lu https://www.pirsch.lu https://www.grand-garage-mondercange.lu http://www.diegrenzgaenger.lu https://www.diegrenzgaenger.lu http://www.lesfrontaliers.lu https://www.lesfrontaliers.lu https://colle.lu https://actions-autodis.lu; 1
script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' blob:; worker-src 'self' blob: 1
default-src * blob: data:; script-src 'sha256-0EzT5rjCdQIs7Zb99eHUlAOmKUanRXRrJoqJ+VYepto=' 'sha256-5CxqAdDXlHviOy7zxeRpMobzRK/JNpLvkS+k8Zj3L3A=' 'sha256-FIBGC/wl1Qfnh2Fb5NPFHmRty7BHJdDpWW1FZ8egppI=' 'sha256-UXYprBCAtnqoL5acf14iemip/+HI+gDFh92yyXkM3XI=' 'sha256-dKn2nAtwgzaaXC8ZM58hhldxNyeuu4qrzW4H9//9YMA=' 'sha256-i9nAf5M9USb+lB7ZtayKdAWymLU1MCklCTdsyXbMgCs=' 'sha256-wjUSvXYNfPUUTPZYrn4pOEcf2ecDdjd3N9Av3GDSwZw=' 'sha256-yAAlWuem9ue55JEvxkWhcWWA1Zu0p6cgbYtDWJjsdvs=' blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com blob: data:; connect-src 'self' https://cdn.onesignal.com https://www.google.de https://*.google.com.mx https://*.google.it https://*.doubleclick.net https://*.google.be https://*.google.nl https://*.google.com https://*.nr-data.net https://*.google-analytics.com https://*.ip-api.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.hotjar.com https://connect.facebook.net https://*.googletagmanager.com wss://*.hotjar.com https://*.hotjar.io https://yoast.com https://www.facebook.com https://embedr.flickr.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://*.google-analytics.com; frame-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; child-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onesignal.com https://*.facebook.net https://*.google.com https://*.newrelic.com https://*.twitter.com https://*.vimeocdn.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.youtube.com https://*.vimeo.com https://*.googleapis.com https://ilost.co https://*.tiktok.com https://*.webhare.com https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://www.cognitoforms.com https://api.w3-edge.com https://widgets.flickr.com https://embedr.flickr.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.tivolivredenburg.nl; font-src 'self' https://fonts.googleapis.com https://www.facebook.com https://fonts.gstatic.com https://www.facebook.com https://fonts.gstatic.com data:; form-action 'self' https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com; frame-ancestors 'self' ; 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.lebkuchen-schmidt.com localhost www.lebkuchen-schmidt.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.clarity.ms www.lebkuchen-schmidt.com *.scarabresearch.com https://localhost ajax.googleapis.com api.userlike.com *.amazonaws.com *.juicer.io *.cloudfront.net *.convertexperiments.com *.usercentrics.eu *.simptrack.com *.trustedshops.com *.zdassets.com *.webgains.io *.webgains.link *.bounce-commerce.de *.etracker.com *.bing.com *.googleadservices.com *.trk42.net *.tiktok.com *.signalize.com *.etracker.de static.hotjar.com script.hotjar.com *.dwin1.com *.creative-serving.com https://pagead2.googlesyndication.com https://*.criteo.net https://*.criteo.com https://www.awin1.com;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com www.lebkuchen-schmidt.com *.googletagmanager.com 'unsafe-eval' fonts.googleapis.com *.signalize.com;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com *.clarity.ms www.lebkuchen-schmidt.com *.googletagmanager.com cdn.lebkuchen-schmidt.com *.usercentrics.eu *.trustedshops.com *.facebook.com *.juicer.io *.google.de *.google.com *.bing.com *.doubleclick.net *.lebkuchen-schmidt.com *.tracker.de *.signalize.com *.signalize.com *.etracker.de *.trk42.net *.bidswitch.net *.creative-serving.com https://*.criteo.com https://www.awin1.com *.simptrack.com;  font-src 'self' data: use.typekit.net fonts.gstatic.com www.lebkuchen-schmidt.com data: 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com use.typekit.net *.cloudfront.net *.juicer.io script.hotjar.com *.signalize.com;  object-src 'self' www.lebkuchen-schmidt.com;  media-src 'self' www.lebkuchen-schmidt.com data: *.cloudfront.net https://cdn.lebkuchen-schmidt.com/;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.lebkuchen-schmidt.com *.google.com;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com www.lebkuchen-schmidt.com *.facebook.com;  frame-ancestors 'self' www.lebkuchen-schmidt.com;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com *.clarity.ms www.lebkuchen-schmidt.com *.google-analytics.com *.amazon.com ws://127.0.0.1:35729 *.userlike.com *.typekit.net *.typekit.net *.scarabresearch.com maps.googleapis.com *.usercentrics.eu *.zdassets.com *.emarsys.net *.zendesk.com *.bounce-commerce.de *.doubleclick.net *.google.com *.juicer.io *.tiktok.com *.pange-ads.com analytics.pangle-ads.com *.etracker.de *.google.de bat.bing.com *.hotjar.io wss://ws.hotjar.com *.hotjar.com *.signalize.com *.convertexperiments.com *.trustedshops.com *.etrusted.com *.trustbadge.com id5-sync.com *.webgains.io https://*.criteo.com;  frame-src 'self' www.lebkuchen-schmidt.com *.computop-paygate.com *.simptrack.com *.webgains.link *.doubleclick.net *.facebook.com *.google.com https://gum.criteo.com/ https://*.criteo.com https://www.awin1.com https://ai.trk42.net https://www.youtube.com/; 1
frame-ancestors 'self' https://*.homeandsmart.de; 1
default-src bullionstar.com *.bullionstar.com www.bullionstar.co.nz www.bullionstar.us *.google-analytics.com *.googletagmanager.com *.google.com *.twitter.com *.twimg.com *.youtube.com disqus.com *.disqus.com *.disquscdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-inline'; media-src bullionstar.com *.bullionstar.com bullionstar.co.nz *.bullionstar.co.nz bullionstar.us *.bullionstar.us *.twitter.com *.youtube.com *.googlevideo.com data:; connect-src bullionstar.com *.bullionstar.com bullionstar.co.nz *.bullionstar.co.nz bullionstar.us *.bullionstar.us *.google-analytics.com *.googletagmanager.com disqus.com *.disqus.com *.disquscdn.com; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://luce-gas.it/report-uri/enforce 1
default-src 'self' *.cookiebot.com *.euroland.com *.eurolandir.com *.coveo.com *.omtrdc.net *.adobe.com *.experian.com *.experianmarketingservices.com *.adobedtm.com *.youtube.com *.brightcove.com *.brightcove.net *.demdex.net *.everesttech.net *.omniture.com *.zencdn.net bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://manage.foodprocessing.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' *.greenriver.edu https://greenriver.instructure.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-UhNnGMPTCCLQCseB7VLXHA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src blob: 'self' region1.google-analytics.com region1.analytics.google.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.youtube.com https://*.googleapis.com https://stats.g.doubleclick.net; child-src blob: 'self' https://www.facebook.com/ www.youtube.com player.vimeo.com www.google.com https://*.googleapis.com;       script-src http://localhost:* 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.trustpilot.com connect.facebook.net https://googleads.g.doubleclick.net/pagead/ https://www.googleadservices.com/pagead/ privatelease.services-int.athlon.com occasions.services-int.athlon.com privatelease.services.athlon.com occasions.services.athlon.com s.ytimg.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl ajax.aspnetcdn.com player.vimeo.com www.googletagmanager.com img.en25.com https://*.googleapis.com https://secure.half1hell.com https://snap.licdn.com *.piwik.pro;       style-src http://localhost:* 'self' 'unsafe-inline' fonts.googleapis.com occasions.services-int.athlon.com privatelease.services-int.athlon.com occasions.services.athlon.com privatelease.services.athlon.com; img-src 'self' http://localhost:* data: *.bing.com *.clarity.ms https://lt45.net/ https://www.lt45.net/t/ *.google.com *.linkedin.com https://www.linkedin.com/ https://www.athloncarlease.com/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.facebook.com/tr/ https://px4.ads.linkedin.com/ https://www.googletagmanager.com/ https://www.google.com/pagead services.perplex.eu region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com *.athlon.com *.athlon.nl *.imagin.studio www.perplex.nl *.eloqua.com http://tracking.athlon.com https://px.ads.linkedin.com https://www.google.com/ads https://rental.athlon.com https://acc-rentalathloncom.perplex.eu https://*.googleapis.com https://*.gstatic.com https://*.perplex.eu https://www.google.de/ads/ https://www.google.es/ads/ https://www.google.es/ads/ga-audiences https://www.google.es/pagead/1p-user-list/ https://www.google.nl/pagead/1p-user-list/ https://www.google.de/pagead/1p-user-list/ https://www.google.fr/pagead/1p-user-list/ https://www.google.it/pagead/1p-user-list/ https://www.google.pt/pagead/1p-user-list/ https://www.google.be/pagead/1p-user-list/ https://www.google.uk/pagead/1p-user-list/ https://www.google.pl/pagead/1p-user-list/ https://www.google.lu/pagead/1p-user-list/ https://www.google.se/pagead/1p-user-list/ p.adsymptotic.com;       connect-src ws://localhost:* 'self' *.clarity.ms https://stats.g.doubleclick.net https://*.googleapis.com https://gsp10-ssl.ls.apple.com *.athlon.com privatelease.services.athlon.com privatelease.services-int.athlon.com occasions.services-int.athlon.com occasions.services.athlon.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.athlon.nl www.athloncarlease.com *.oribi.io *.piwik.pro;       font-src 'self' http://localhost:* data: fonts.gstatic.com *.amazonaws.com; form-action 'self' https://www.facebook.com/tr/ secure.ogone.com;       frame-src *.trustpilot.com *.doubleclick.net https://www.facebook.com/ *.perplex.eu *.athlon.com https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/; frame-ancestors *.perplex.eu *.athlon.com;       report-uri https://perplex.report-uri.com/r/default/csp/enforce; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-303a8525396892c0588516b2eb86e8b7'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' c65a95b8ced34e28bf29-344426f49a32d05de5f2bd364c200d77.ssl.cf5.rackcdn.com 0ec4d360d724dc3ecece-9857564fa5f5cbda67ef795228532a45.ssl.cf5.rackcdn.com 178d4ee7081c27d817dc-df9f6963ee57703aea8fcabd620532b1.ssl.cf5.rackcdn.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.google.com tpc.googlesyndication.com www.gstatic.com www.googletagmanager.com *.doubleclick.net connect.facebook.net s.pinimg.com *.authorize.net *.bizrate.com *.livechatinc.com www.paypal.com www.paypalobjects.com analytics.tiktok.com widget.trustpilot.com cdnjs.cloudflare.com www.giftadvisor.com sig.edpo.brussels www.clickcease.com cdn.ctnsnet.com analytics.pangle-ads.com bat.bing.com *.fullstory.com *.lovebookonline.com blob:; connect-src 'self' c65a95b8ced34e28bf29-344426f49a32d05de5f2bd364c200d77.ssl.cf5.rackcdn.com 3b2d52a0be2545def248-aa75f843b310749378c7452979cee986.ssl.cf5.rackcdn.com f53789a1a6a8a53303b4-74b56c795742250e00b447f360ebbfb6.ssl.cf5.rackcdn.com b3f363a8d826d4f04d90-c60e8ecb06b3328345f058ab4e0ed88d.ssl.cf5.rackcdn.com *.paypal.com *.authorize.net *.facebook.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com google.com www.google.com.au www.google.ca www.google.de www.google.co.uk www.google.co.in www.google.fr www.google.ch www.google.nl www.google.be www.google.es www.google.bg www.google.com.mx *.doubleclick.net insights.bizrate.com *.pinterest.com *.livechatinc.com analytics.tiktok.com tr.snapchat.com www.instagram.com widget.trustpilot.com monitor.clickcease.com *.apple.com apple.com *.googlesyndication.com *.bing.com analytics.pangle-ads.com *.fullstory.com *.lovebookonline.com; frame-src 'self' secure.livechatinc.com *.facebook.com *.google.com tpc.googlesyndication.com *.doubleclick.net www.paypalobjects.com *.paypal.com www.sandbox.paypal.com widget.trustpilot.com *.snapchat.com www.youtube.com *.pinterest.com www.pinterest.co.uk www.pinterest.com.au; frame-ancestors 'self'; report-uri /csp-report/ 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-NjA2NDJhZTAtZGFhZS00ZTRkLWI0OWQtODA2OTkyNzc3MWE5'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.perfectaudience.com *.typekit.net *.smushcdn.com https://us-u.openx.net *.yahoo.com *.addthis.com *.twitter.com *.rlcdn.com *.clickagy.com https://tags.clickagy.com *.google.com *.cloudflare.com *.googleapis.com *.gstatic.com data: *.marketingautomation.services https://ws.zoominfo.com https://secure.gravatar.com https://aorta.clickagy.com https://tag.perfectaudience.com/ https://pixel-geo.prfct.co/ https://secure.adnxs.com/ https://rsms.me/ https://boards-api.greenhouse.io https://w.soundcloud.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://pixel.prfct.co/; 1
default-src 'self' wss: *.tawk.to *.doubleclick.net *.google-analytics.com google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com googleadservices.com *.googleadservices.com *.tawk.to https://cdn.jsdelivr.net *.google.com https://s.ytimg.com https://www.youtube.com https://googleads.g.doubleclick.net *.google-analytics.com *.mailerlite.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://connect.facebook.net; img-src 'self' data: https://optimize.google.com tawk.link *.tawk.to *.google.com *.google.rs google.com google.rs https://cdn.jsdelivr.net *.gstatic.com https://stats.g.doubleclick.net googletagmanager.com google.rs google.com *.facebook.com facebook.com *.mailerlite.com https://s.w.org https://ps.w.org https://www.paypalobjects.com https://secure.gravatar.com *.google-analytics.com google-analytics.com; style-src 'self' 'unsafe-inline' https://optimize.google.com *.tawk.to https://cdn.jsdelivr.net *.google.com *.mailerlite.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: *.tawk.to https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://optimize.google.com *.tawk.to https://bid.g.doubleclick.net https://www.facebook.com https://bid.g.doubleclick.net https://s-static.ak.facebook.com https://www.youtube.com; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline';connect-src 'self' ws:;img-src 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.adobedtm.com bbva.d3.sc.omtrdc.net dpm.demdex.net *.googleapis.com fonts.gstatic.com addtocalendar.com youtube.com www.youtube.com www.youtube-nocookie.com cdn.cookielaw.org cdn-od.world-television.com od.world-television.com cdn-streamstudio-ondemand.world-television.com cdn-wowzacoder-node11.world-television.com cdn-wowzacoder-node12.world-television.com cdn-wowzacoder-node13.world-television.com cdn-wowzacoder-node14.world-television.com cdn-wowza.world-television.com cdn-wowza2.world-television.com cdn-wowza4.world-television.com cdn-wowza5.world-television.com cdn-wowza-zur-cn.worldtelevision.cn cdn-wowza2-zur-cn.worldtelevision.cn streamstudio.world-television.com streamstudio-static.world-television.com streamstudio-static-cloudflare cdn-streamstudio-china.worldtelevision.cn cdn-streamstudio.world-television.com gaia.world-television.com stats.world-television.com d3l7jhiu2gy1zw.cloudfront.net d3rheyut2722wp.cloudfront.net d2u0sqszc4zqzn.cloudfront.net d13g3vp355w9vi.cloudfront.net d3nodaywjsh67y.cloudfront.net d1wgay39cved2v.cloudfront.net d2wha8clrw9yga.cloudfront.net www.fbbva.es www.redleonardo.es www.premiosfronterasdelconocimiento.es www.multiverso-fbbva.es www.contrapunto-fbbva.es www.biophilia-fbbva.es www.frontiersofknowledgeawards-fbbva.es ec2-34-251-159-89.eu-west-1.compute.amazonaws.com www.fbbva.es edicion-j93xtwf5.openweb.bbva revision-j93xtwf5.openweb.bbva j93xtwf5.openweb.bbva code.jquery.com *.watchity.com pruebasserviciosinfobbva.gnoss.com serviciosdms.gnoss.com bbvafundacion2018.112.2o7.net bbvafundacionlaunch2020dev.112.2o7.net urlmaker.overon.es code.highcharts.com books.google.com cdn.jsdelivr.net cdnjs.cloudflare.com privacyportal-eu.onetrust.com 1
script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.zaloapp.com *.tawk.to *.cloudflareinsights.com 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.ngsp.gov.vn *.canva.com tinnhiemmang.vn static.binhphuoc.gov.vn drive.google.com;object-src 'self';style-src 'self' *.google.com *.googleapis.com *.tawk.to 'unsafe-inline' *.binhphuoc.gov.vn *.canva.com tinnhiemmang.vn;img-src 'self' data: *.twitter.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com tawk.link *.tawk.to static.nukeviet.vn *.binhphuoc.gov.vn binhphuoc.gov.vn *.tinnhiemmang.vn *.ngsp.gov.vn *.googleusercontent.com *.canva.com *.baobinhphuoc.com.vn tinnhiemmang.vn;media-src 'self' *.tawk.to tinnhiemmang.vn;frame-src 'self' *.google.com *.binhphuoc.gov.vn *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.binhphuoc.gov.vn *.canva.com tinnhiemmang.vn drive.google.com;font-src 'self' *.googleapis.com *.gstatic.com *.tawk.to *.binhphuoc.gov.vn *.canva.com tinnhiemmang.vn;connect-src 'self' *.zalo.me *.tawk.to wss://*.tawk.to *.ngsp.gov.vn *.canva.com *.tinnhiemmang.vn;form-action 'self' *.google.com;base-uri 'self'; 1
frame-ancestors 'self' https://support.vpnproxymaster.com https://admin.vpnproxymaster.com 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-thRBOLDAFHF4fQ56' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; img-src http: https: blob: data:; 1
block-all-mixed-content; frame-ancestors 'self' http://nashvillefoodbloggers.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudbees.io *.cloudbees.com *.prodperfect.com pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com; connect-src * wss:; img-src * data:; frame-src 'self' https://embedded-dashboards.metronome.com/ 1
script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.vistasocial.com https://vistasocial.com 1
default-src 'self'; connect-src 'self' https://svc.webspellchecker.net https://storage.googleapis.com https://api.scribit.pro https://*.readspeaker.com https://*.siteimprove.com https://translate.googleapis.com https://translate-pa.googleapis.com wss://*.zopim.com https://ekr.zdassets.com https://www.google-analytics.com https://my2.siteimprove.com https://szsurvey-r1.siteimprove.com https://scribit-pro-hosting.storage.googleapis.com wss://virtuele-gemeente-assistent.nl wss://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://gemehv.zendesk.com; font-src 'self' data: https://*.zopim.com https://*.readspeaker.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://infogram.com https://e.infogram.com https://eindhoven.infogram.nl https://eindhoven.infogram.com https://issuu.com https://e.issuu.com https://www.arcgis.com https://*.maps.arcgis.com https://experience.arcgis.com https://szsurvey-r1.siteimprove.com https://my2.siteimprove.com https://app.powerbi.com https://kuula.co https://c.spotler.com https://eindhoven.mappi.nl https://bereikbaarheid.andes.nl https://kaart.eindhoven.nl https://data.eindhoven.nl https://participatie.evmaps.nl https://www.openstreetmap.org https://v2.zopim.com/; img-src 'self' data: https://svc.webspellchecker.net https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.zopim.io https://*.zopim.com https://*.siteimproveanalytics.io https://i.ytimg.com https://*.servmetric.com https://*.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://*.openstreetmap.org; media-src 'self' https://*.zopim.com https://storage.googleapis.com https://scribit-pro-hosting.storage.googleapis.com; script-src 'self' https://svc.webspellchecker.net https://www.youtube.com https://widget.scribit.pro https://use.fontawesome.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.zopim.com https://siteimproveanalytics.com https://www.google-analytics.com https://static.zdassets.com https://cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.0/textcounter.min.js https://*.servmetric.com https://e.infogram.com https://e.issuu.com https://eindhoven.infogram.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://cloudstatic.obi4wan.com https://stats.pusher.com hitcounter.govmetric.com https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://polyfill.io https://staging.eindhoven.openremote.io https://translate.google.com websurveys2.govmetric.com 'sha256-pfdTiE2ndaigZaUZmx7hF5zcumb9LW2Bzn/a7/jEg7Q='; script-src-elem 'self' https://svc.webspellchecker.net https://www.youtube.com https://widget.scribit.pro https://use.fontawesome.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.zopim.com https://siteimproveanalytics.com https://www.google-analytics.com https://static.zdassets.com https://cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.0/textcounter.min.js https://*.servmetric.com https://e.infogram.com https://issuu.com https://infogram.com https://e.issuu.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://cloudstatic.obi4wan.com https://stats.pusher.com hitcounter.govmetric.com https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://polyfill.io https://staging.eindhoven.openremote.io https://translate.google.com websurveys2.govmetric.com 'sha256-pfdTiE2ndaigZaUZmx7hF5zcumb9LW2Bzn/a7/jEg7Q='; style-src 'self' https://svc.webspellchecker.net https://translate.googleapis.com https://*.readspeaker.com https://*.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://cdnjs.cloudflare.com websurveys2.servmetric.com 1
default-src 'self' *.twl-kom.de 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com/* *.cloudflare.com *.gottardospa.it data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com *.tigota.it *.gottardospa.it clickcollect-mcstaging.tigota.it 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.shinystat.com *.criteo.com *.cookiebot.com amc.demdex.net *.gottardospa.it *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.clerk.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.outbrain.com *.shinystat.com *.brznetwork.com *.quantserve.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.360yield.com *.id5-sync.com *.ivitrack.com *.mediavine.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.facebook.com *.tigota.it *.googleapis.com *.clerk.io *.gstatic.com bam.nr-data.net *.gottardospa.it *.google.it data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.quantcount.com *.mainadv.com *.tiktok.com *.clerk.io magento.com *.cookiebot.com *.zdassets.com *.js-agent.newrelic.com *.maps.googleapis.com/* *.bam.nr-data.net *.cloudflare.com targetemsecure.blob.core.windows.net maps.googleapis.com api.smooch.io cdn.polyfill.io *.newrelic.com bam.nr-data.net ecomm.sella.it *.gestpay.net *.facebook.net *.facebook.com *.gottardospa.it *.hotjar.com *.quantserve.com *.outbrain.com *.pingdom.net *.shinystat.com *.criteo.com *.turboadv.com *.tradedoubler.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gottardospa.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.hotjar.com *.pingdom.net *.quantcount.com *.hotjar.io *.doubleclick.net *.tiktok.com *.googleapis.com *.bam.nr-data.net *.zendesk.com *.google-analytics.com *.zdassets.com servizioclientitigota.zendesk.com zendesk.eu wss://api.smooch.io site-azp.slgnt.eu zendesk-eu.my.sentry.io bam.nr-data.net ecomm.sella.it *.gestpay.net *.cookiebot.com *.gottardospa.it *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://anglianwater.co.uk https://my.anglianwater.co.uk/ https://anglianwater.sharepoint.com/ https://www.awg.com/ *.anglianwater.co.uk *.quantummetric.com 1
frame-ancestors 'self' www.signal-iduna.de www.signal-iduna-agentur.de onlineberatung.signal-iduna.de pdc.signal-iduna.de avusweb.system.local avusonline.signal-iduna.de test.reisekranken.signal-iduna.de reisekranken.signal-iduna.de 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.pratidintime.com https://jionews.com/ https://jionewsdev1.jio.ril.com/;block-all-mixed-content; 1
frame-ancestors 'none'; frame-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: photoprism.app *.photoprism.app *.photoprism.xyz *.photoprism.pro *.stripe.com *.maptiler.com; img-src * data: blob:; media-src * data: blob: 1
frame-ancestors 'self' https://universalspartan.rehabmart.com https://medical.universalspartan.com 1
default-src https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; object-src 'none'; img-src https: data:; connect-src https: wss:; frame-src  https: blob:; frame-ancestors 'none' 1
img-src * data: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https://zoom.us/ https://www.gartner.com/ https://*.yandex.ru/ https://*.yandex.by/ https://*.yandex.com/ https://*.yandex.com.tr/ https://stats.g.doubleclick.net/ https://*.facebook.net/ https://*.facebook.com/ https://*.google.com/ https://google.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.googleapis.com/ https://portal.immuniweb.com/ https://static.immuniweb.com/assets/ https://fs-static.immuniweb.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://buttons.github.io/; font-src 'self' data: https://static.immuniweb.com/ https://fs-static.immuniweb.com/ https://portal.immuniweb.com/ https://www.immuniweb.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data: https:; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; child-src * 'self' data: https: blob:; base-uri *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://csi.gstatic.com https://www.googletagmanager.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://csi.gstatic.com https://www.google.com https://www.gstatic.com; 1
frame-ancestors *.imu.nl *.phoenixsite.nl imu.nl 1
upgrade-insecure-requests;               frame-src 'self' https://*.udir.no/ https://player.vimeo.com/ https://policy.app.cookieinformation.com/ https://qap-prod.udirqlik.no/ https://www.google.com/ https://dreambroker.com/;               frame-ancestors 'self' https://*.udir.no/  https://*.instructure.com/; 1
default-src 'self'; child-src *; font-src http *; img-src http * data:; media-src http * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' 'unsafe-inline'; connect-src *; 1
frame-ancestors *.cruise.co.uk *.cruise.co www.aboveandbeyondluxury.cruises 1
base-uri 'self'; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://api-fra.livechatinc.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com analytics.twitter.com https://api.mapbox.com https://px.adhigh.net/ https://*.clarity.ms https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com; default-src 'self'; font-src 'self' data: https://synostatic.synology.com https://themes.googleusercontent.com https://fonts.gstatic.com *.mouseflow.com https://cdn.livechatinc.com; frame-ancestors https://tongji.baidu.com 'self' https://*.facebook.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com; frame-src https://www.ixigua.com/ 'self' https://*.synology.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://*.facebook.com https://staticxx.facebook.com *.mouseflow.com https://vars.hotjar.com/ https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://px.adhigh.net/ https://youtube.com https://www.youtube.com https://player.youku.com/ https://synology.jobbase.io https://synology.onlyfy.jobs https://synoform.synology.com; img-src https://hm.baidu.com/hm.gif https://px.ads.linkedin.cn/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com https://www.facebook.com https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://wcs.naver.com https://*.linkedin.com https://p.adsymptotic.com/d/px analytics.twitter.com https://t.co/ https://api.mapbox.com https://i.ytimg.com https://*.clarity.ms https://c.bing.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://hm.baidu.com/ https://tag.baidu.com/vcard/v.js https://tongji.baidu.com https://hmcdn.baidu.com/static/tongji/ https://ada.baidu.com/ https://*.baidu.com/ 'self' blob: 'unsafe-eval' 'nonce-a43231c2216f23db8d65bbd57e0ce6573654f9a102365cd4b345723f1437ab2b' https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://connect.facebook.net https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct https://api.mapbox.com https://px.adhigh.net/ https://www.youtube.com https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://synology.onlyfy.jobs fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-files.com https://api.mapbox.com https://cdnjs.cloudflare.com https://assets.freshsales.io 1
font-src 'self' https://use.typekit.net/ https://cdn.curator.io/ https://fonts.gstatic.com/; object-src 'none'; frame-ancestors 'self' 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' data:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https: data: https://*.facebook.net https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com http://www.w3.org https://cc.cdn.civiccomputing.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cam101.com *.cam101.com *.lovense-api.com *.lovense.com lovense.com https://static.cloudflareinsights.com  data: blob: https://www.googletagmanager.com https://at.alicdn.com wss://*.cam101.com wss://*.lovense.com wss://*.lovense-api.com https://www.google-analytics.com www.youtube.com *.googleapis.com *.gstatic.com *.hytto.com https://open.spotify.com *.twimg.com https://cdn.jsdelivr.net; 1
default-src 'self' *.perthmint.com perthmint.com; base-uri 'none'; style-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com/s/firasans/ *.perthmint.com perthmint.com https://script.hotjar.com; child-src 'self' https://www.googletagmanager.com https://www.google.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com; img-src 'self' https://www.google-analytics.com *.google.com.au google.com.au *.google.co.in *.google.com google.com *.googletagmanager.com googletagmanager.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com *.google-analytics.com *.cloudinary.com cloudinary.com data: blob: *.onetrust.com *.windows.net *.facebook.com *.yahoo.com *.linkedin.com *.cloudfunctions.net *.adsymptotic.com *.px.ads.linked.com *.online-metrix.net *.paypalobjects.com paypalobjects.com *.perthmint.com perthmint.com *.ytimg.com google.co.nz *.google.co.nz *.paypal.com *.hotjar.com; object-src *.onetrust.com *.online-metrix.net; worker-src 'self' blob:; connect-src 'self' ws://*.perthmint.com wss://*.perthmint.com *.perthmint.com perthmint.com *.b2clogin.com b2clogin.com *.google.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.edq.com edq.com *.cloudinary.com cloudinary.com *.dynamics.com dynamics.com *.visualstudio.com visualstudio.com *.msecnd.net msecnd.net *.azure.com *.linkedin.com *.cloudfunctions.net *.adsymptotic.com *.addthis.com *.online-metrix.net *.onetrust.com *.windows.net *.yimg.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://content.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com logx.optimizely.com *.optimizely.com *.tiktok.com https://cdn.linkedin.oribi.io https://*.livehire.com *.livehire.com https://*.facebook.com https://metrics.hotjar.io *.googlesyndication.com https://ask.hotjar.io; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' static.hotjar.com *.amazonaws.com 'nonce-To6C/Jgk6baJ2q06SR1lvJYpFrMMy0kPZvL9YX+YVxk='; media-src 'self' blob: *.cloudinary.com cloudinary.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' *.addthis.com *.dynamics.com *.joomag.com *.online-metrix.net *.onetrust.com *.facebook.com *.paypal.com *.google.com google.com *.doubleclick.net *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com https://vars.hotjar.com *.cdn.optimizely.com cdn.optimizely.com *.amazonaws.com https://livehire.com *.livehire.com https://metrics.hotjar.io; frame-ancestors 'self' *.livehire.com http://livehire.com 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://*.sharethis.com/ https://p2a.co/ *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.facebook.net *.google-analytics.com *.google.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://p2a.co/js/embed/widget/advocacywidget.min.js https://*.google.com https://www.googletagmanager.com/ https://svc.webspellchecker.net/ https://loader.webspellchecker.net/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.sharethis.com/ https://e.infogr.am/; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://svc.webspellchecker.net/ https://*.sharethis.com/; object-src 'self' https://playlist.podbean.com; frame-ancestors 'self' https://www.googletagmanager.com/ 1
frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com; report-uri https://www.backupify.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://wurfl.io https://platform3.cloud-iq.com https://cdnjs.cloudflare.com http://code.jquery.com http://kendo.cdn.telerik.com *.googletagmanager.com https://*.bing.com https://d2oh4tlt9mrke9.cloudfront.net https://www.dwin1.com *.exitintel.com *.brilliantcollector.com *.googleadservices.com *.doubleclick.net https://ws.sharethis.com https://www.googleoptimize.com https://lantern.roeyecdn.com https://www.thehotelsnetwork.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://d.impactradius-event.com https://tpc.googlesyndication.com https://dev.visualwebsiteoptimizer.com https://mozbar.moz.com https://www.opentable.co.uk https://js.stripe.com/v3/ https://consent.cookiebot.com https://c5.adalyser.com https://*.clarity.ms https://www.smallmeetings.co.uk https://api.reciteme.com https://euc-widget.freshworks.com https://analytics.tiktok.com https://cdn.gbqofs.com https://consentcdn.cookiebot.com https://widget.gleamjs.io *.awin1.com *.zenaps.com *.sciencebehindecommerce.com https://cloudiq-volary-prod-cdn.cloudiq.com/tag/e5ea3195-f791-4149-85d9-aa905795cf78-lct7erqm.js cdn.gbqofs.com *.report.gbss.io https://cloudiq-volary-prod-cdn.cloudiq.com/tag-modules-src/entry.js cdn-4.convertexperiments.com https://tyviso.com https://tyviso-rewards-page.netlify.app *.tryamped.com *.amped.io *.linkedin.com https://cloudiq-volary-prod-cdn.cloudiq.com *.cloudiq.com https://tyviso.com/rewards-page/loader.js https://tyviso-rewards-page.netlify.app/static/js/main.98975764.js cdn.otstatic.com snap.licdn.com *.salecycle.com //d16fk4ms6rqz1v.cloudfront.net/capture/bestwestern.js https://d16fk4ms6rqz1v.cloudfront.net/ tags.srv.stackadapt.com/events.js cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://da7xgjtj801h2.cloudfront.net https://ws.sharethis.com https://content.cloud-iq.com https://www.smallmeetings.co.uk https://api.reciteme.com https://euc-widget.freshworks.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://tyviso.com https://tyviso-rewards-page.netlify.app *.tryamped.com *.amped.io https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/cf3fb222-906c-48b3-ab2c-59c9efdab0bc/overlay_template_brem.css https://tyviso-rewards-page.netlify.app/static/css/main.20952983.css https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/f92eba1a-abb6-4506-a90c-8794a8a69252/overlay_template_brem.css tags.srv.stackadapt.com/sa.css web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://da7xgjtj801h2.cloudfront.net *.doubleclick.net *.cloud-iq.com https://*.bing.com https://www.google.com https://www.google.co.uk https://*.exitintel.com https://www.tripadvisor.com https://dt1azhrv7lzgm.cloudfront.net https://d2nuhorlnps36p.cloudfront.net https://l.sharethis.com https://lantern.roeye.com https://www.googletagmanager.com https://tag.yieldoptimizer.com https://www.googletraveladservices.com https://www.ojrq.net https://ws.sharethis.com https://*.clarity.ms https://c5.adalyser.com *.analytics.google.com https://api.reciteme.com https://euc-widget.freshworks.com https://js.gleam.io *.awin1.com *.zenaps.com https://consent.cookiebot.com https://consentcdn.cookiebot.com logs.convertexperiments.com *.cloudiq.com *.tryamped.com *.amped.io *.linkedin.com tyviso.fra1.digitaloceanspaces.com assets.sc-trc.com *.salecycle.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://api.reciteme.com *.tryamped.com *.amped.io; frame-src 'self' https://c.sharethis.mgr.consensu.org https://ws.sharethis.com https://www.thehotelsnetwork.com https://www.google.com https://content.cloud-iq.com https://best-western.sjv.io https://js.stripe.com https://roundme.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com https://www.facebook.com https://www.opentable.co.uk https://gleam.io *.awin1.com *.zenaps.com https://my.matterport.com https://tour.panoee.com https://13081604.fls.doubleclick.net https://naughtythings.dev2.oathstudio.com/ https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/cf3fb222-906c-48b3-ab2c-59c9efdab0bc/overlay_template_brem.html https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/f92eba1a-abb6-4506-a90c-8794a8a69252/overlay_template_brem.html *.salecycle.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://analytics.google.com https://www.google-analytics.com *.google-analytics.com https://*.bing.com http://*.brilliantcollector.com https://www.google.co.uk https://*.exitintel.com https://l.sharethis.com https://www.thehotelsnetwork.com https://api.addressy.com https://stats.g.doubleclick.net https://best-western.sjv.io https://ws.sessioncam.com https://*.clarity.ms https://c5.adalyser.com https://maps.googleapis.com *.analytics.google.com https://www.smallmeetings.co.uk https://api.reciteme.com https://stats.reciteme.com https://euc-widget.freshworks.com https://bwh.freshdesk.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/ https://wurfl.io https://analytics.tiktok.com *.report.gbss.io logs.convertexperiments.com metrics.convertexperiments.com *.metrics.convertexperiments.com https://tyviso-rewards-page.netlify.app blob: https://googleads.g.doubleclick.net/ *.tryamped.com *.amped.io https://tyviso-rewards-page.netlify.app/.netlify/functions/getManifest https://tyviso-rewards.netlify.app/.netlify/functions/sendEvent tyviso.fra1.cdn.digitaloceanspaces.com cdn.linkedin.oribi.io https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/f92eba1a-abb6-4506-a90c-8794a8a69252/overlay_template_brem.html https://storage.googleapis.com/cloudiq-volary-prod-cdn/assets/cf3fb222-906c-48b3-ab2c-59c9efdab0bc/overlay_template_brem.html https://tyviso.fra1.digitaloceanspaces.com https://tyviso-rewards.netlify.app *.tyviso.com *.salecycle.com *.stackadapt.com; media-src 'self' data: blob: https://api.reciteme.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://c.sharethis.mgr.consensu.org https://ws.sharethis.com https://www.thehotelsnetwork.com https://www.google.com https://content.cloud-iq.com https://best-western.sjv.io https://js.stripe.com https://roundme.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com web-chat.nativechat.com; report-uri /csp/report 'self'; worker-src 'self' 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://api.mypurecloud.com.au wss://carrier-pigeon.mypurecloud.com.au wss://streaming.mypurecloud.com.au stats.g.doubleclick.net; font-src *; frame-src 'self' apps.afca.org.au hcm613.peoplestreme.net www.google.com www.youtube.com docs.google.com service02.afca.org.au hcm616.peoplestreme.net; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com cdn.rawgit.com https://ssl.google-analytics.com https://api.mypurecloud.com.au wss://carrier-pigeon.mypurecloud.com.au www.googletagmanager.com cdnjs.cloudflare.com https://apps.mypurecloud.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com cdn.rawgit.com www.googletagmanager.com cdnjs.cloudflare.com https://apps.mypurecloud.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-ancestors 'self' stagingsecure.afca.org.au secure.afca.org.au 1
default-src https: 'unsafe-inline'; media-src * data:; img-src * data: 1
font-src mediacdn.espssl.com *.gstatic.com data: *.trustarc.com *.cloudflare.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com optimize.google.com *.google.com *.oraclecloud.com *.xisecurenet.com vice01.drybar.com *.hotjar.com imgs.signifyd.com h.online-metrix.net services.sdiapi.com stats.g.doubleclick.net connect.facebook.net *.doubleclick.net *.trustarc.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com youtube.com www.youtube.com vimeo.com www.vimeo.com www.xtento.com *.paymetric.com *.pixlee.com *.pixlee.co *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.pixlee.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de optimize.google.com *.google-analytics.com imgs.signifyd.com *.trustarc.com bat.bing.com www.google.com *.trustarc.com *.online-metrix.net connect.facebook.net *.googletagmanager.com *.linkedin.com *.facebook.com px.ads.linkedin.com *.trustarc.com *.postcodeanywhere.co.uk *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.pinterest.com www.xtento.com cdn.xtento.com *.pxlecdn.com https://redchamps.com *.edgecastcdn.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src static.cloudflareinsights.com *.yottaa.com assets.pixlee.com mpsnare.iesnare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com optimize.google.com *.cobrowse.com *.googletagmanager.com *.google.com *.oraclecloud.com *.gstatic.com *.amazonaws.com *.cloudflare.com helen11130.pcapredict.com *.hotjar.com bat.bing.com cdn-scripts.signifyd.com imgs.signifyd.com *.trustarc.com vice-prod.sdiapi.com services.sdiapi.com bam.nr-data.net *.doubleclick.net *.google-analytics.com connect.facebook.net js-agent.newrelic.com *.rapidspike.com *.turnto.com *.postcodeanywhere.co.uk *.licdn.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.pinimg.com youtube.com www.youtube.com www.xtento.com cdn.xtento.com *.pixlee.com *.pxlecdn.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src mediacdn.espssl.com *.adobe.com cdn.dnky.co webchat.dotdigital.com optimize.google.com services.postcodeanywhere.co.uk fonts.googleapis.com tagmanager.google.com *.turnto.com *.cloudflare.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.yottaa.net api.addressy.com cdn.linkedin.oribi.io *.linkedin.oribi.io dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com *.oraclecloud.com *.doubleclick.net bam.nr-data.net services.postcodeanywhere.co.uk analytics.google.com imgs.signifyd.com vice-prod.sdiapi.com stats.g.doubleclick.net bat.bing.com *.rapidspike.com *.turnto.com *.signifyd.com bt.signifyd.com:11103 *.algolianet.com *.sdiapi.com *.facebook.com *.hotjar.com *.hotjar.io *.trustarc.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com insights.algolia.io *.pinterest.com *.brilliantcollector.com *.pixlee.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.pharmica.co.uk *.pharmica.uk ;      script-src 'self' *.pharmica.co.uk *.pharmica.uk cdn.jsdelivr.net *.tawk.to 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org connect.facebook.net *.stripe.com *.paypal.com *.gstatic.com *.google.com googleads.g.doubleclick.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com *.hotjar.com *.braintreegateway.com www.paypalobjects.com bat.bing.com s.kk-resources.com static.site24x7rum.eu s.pinimg.com;      style-src 'self' *.pharmica.co.uk *.pharmica.uk 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com www.gstatic.com *.tawk.to;      font-src 'self' *.pharmica.co.uk *.pharmica.uk *.tawk.to *.gstatic.com;      img-src 'self' stats.g.doubleclick.net tawk.link *.pharmica.co.uk *.pharmica.uk *.tawk.to data: images.dmca.com *.google.com *.google.co.uk *.facebook.com *.facebook.net *.stripe.com *.paypal.com s.kelkoogroup.net *.googletagmanager.com *.google-analytics.com bat.bing.com i.ytimg.com s3.eu-west-2.amazonaws.com ct.pinterest.com s3.amazonaws.com gen.sendtric.com googleads.g.doubleclick.net;     connect-src 'self' *.facebook.com *.pharmica.co.uk *.pharmica.uk *.googletagmanager.com cdn.ampproject.org *.hotjar.com *.hotjar.io *.tawk.to wss: *.google-analytics.com javascript: *.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com stats.g.doubleclick.net s.kelkoogroup.net col.site24x7rum.eu bat.bing.com ct.pinterest.com;     frame-src * 'self' *.pharmica.co.uk *.pharmica.uk *.hotjar.com *.facebook.com *.google.com *.stripe.com *.paypal.com *.youtube.com *.pinterest.com *.pinterest.co.uk *.google-analytics.com 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com cdn.mycustomcase.com;frame-ancestors 'self' https://www.mycustomcase.com;object-src 'self' https://www.mycustomcase.com;upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net * *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * cl.s51.exct.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io * https://www.magezon.com https://ui1.img.digitalrivercontent.net *.adyen.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co *.pixlee.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * *.fontawesome.com https://js.digitalriverws.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io * https://getolympus.registria.com *.adyen.com https://maps.googleapis.com bam.nr-data.net *.marketo.com *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-to-api.raygun.com/reports?apikey=DzufkMvfyVLTrPSJBRAIpg; report-to report-endpoint; 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; 1
img-src 'self' data: https://lh3.ggpht.com https://*.google-analytics.com *.google.com https://www.google.com https://*.googleadservices.com https://*.googleapis.com *.googlesyndication.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hsforms.com *.hubspot.com https://*.lenze.com/ https://*.linkedin.com https://*.hana.ondemand.com/ https://via.placeholder.com https://*.twimg.com https://platform.twitter.com https://syndication.twitter.com https://*.vimeocdn.com *.youtube.com *.ytimg.com https://i.ytimg.com https://www.google.de https://eu6.heatmap.it *.doubleclick.net https://*.hubspotusercontent40.net https://*.google.nl https://cdn.cookielaw.org https://*.ads.linkedin.com fonts.gstatic.com *.gstatic.com gstatic.com https://www.google.hu https://www.google.co https://www.google.ch https://www.google.pt https://www.google.com.mx https://www.google.ca https://www.google.es https://www.google.sm https://www.google.com.sa https://www.google.com.tw https://www.google.com.pk https://www.facebook.com  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com blob: cdn2.hubspot.net forms.hsforms.com https://x4support.lenze.digital; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://*.google-analytics.com/ https://*.google.com https://www.google.com https://*.googleadservices.com https://maps.googleapis.com https://*.googlesyndication.com https://www.googletagmanager.com/ https://*.googletagservices.com https://js.hs-banner.com https://js.hs-scripts.com https://forms.hsforms.com https://*.hubspot.com https://code.jquery.com https://*.lenze.com https://snap.licdn.com/li.lms-analytics/ https://*.hana.ondemand.com/ https://geolocation.onetrust.com https://cdn.syndication.twimg.com https://platform.twitter.com https://unpkg.com https://js.usemessages.com https://m.youtube.com https://www.youtube.com https://players.yumpu.com https://polyfill.io https://u.heatmap.it https://u.heatmap.it/log.js https://*.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://cdn.jsdelivr.net https://cdn.cookielaw.org https://google-analytics.com about: https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.hscollectedforms.net https://js-na1.hs-scripts.com ajax.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com fonts.googleapis.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://ton.twimg.com https://platform.twitter.com https://www.googletagmanager.com translate.googleapis.com; frame-src https://player.vimeo.com blob: forms.hsforms.com *.yumpu.com *.google.com *.googlesyndication.com https://*.lenze.com/ https://lenze-portal.rexx-recruitment.com www.youtube-nocookie.com youtu.be *.youtube.com *.doubleclick.net *.hana.ondemand.com https://www.googletagmanager.com https://www.linkedin.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://onyx.www.linkedin.com https://www.linkedin.cn https://www.linkedin.com https://web.facebook.com https://bid.g.doubleclick.net js.hsadspixel.net *.hubspot.com js.hscollectedforms.net js.usemessages.com; media-src dai.google.com https://*.lenze.com/ data: https://*.hana.ondemand.com *.lenze.cn; object-src 'self' *.googlesyndication.com https://*.lenze.com/ https://*.hana.ondemand.com; font-src 'self' data: https://ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://ui5.sap.com; form-action forms.hsforms.com forms.hubspot.com *.google.com https://*.lenze.com https://*.hana.ondemand.com https://syndication.twitter.com platform.twitter.com *.lenze.cn https://get.teamviewer.com; worker-src blob: www.google.com https://*.lenze.com/ https://*.hana.ondemand.com; connect-src 'self' about: https://forms.hscollectedforms.net https://region1.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://extreme-ip-lookup.com https://ka-f.fontawesome.com https://www.google-analytics.com *.google.com https://maps.googleapis.com *.googlesyndication.com https://pagead2.googlesyndication.com www.googletagservices.com forms.hsforms.com api.hubapi.com *.hubspot.com https://forms.hubspot.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://privacyportal-de.onetrust.com https://scandk1.scandit.com https://*.lenze.eec.gec.io *.doubleclick.net https://cdn.jsdelivr.net https://cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com https://geolocation.onetrust.com api.hsforms.com apps-digital-services.lenze.com https://cdn.linkedin.oribi.io https://js.hscollectedforms.net https://www.google.hu https://www.google.co https://www.google.ch https://www.google.pt https://www.google.com.mx https://www.google.ca https://www.google.es https://www.google.sm https://www.google.com.sa https://www.google.com.tw https://www.google.com.pk https://www.facebook.com  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.de; child-src blob: *.google.com *.googlesyndication.com https://*.lenze.com/ www.youtube.com *.doubleclick.net https://*.hana.ondemand.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; default-src 'self' blob: https://*.facebook.com https://www.google.com https://forms.hsforms.com https://forms.hubspot.com https://*.lenze.com/ https://www.linkedin.com https://*.hana.ondemand.com/ https://lenze-portal.rexx-recruitment.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.yumpu.com https://*.doubleclick.net https://*.lenze.cn; report-uri https://csp-report.lenze.com/api/3/security/?sentry_key=38d57e3bed4640f198e8cb5a750ff134&sentry_environment=production 1
upgrade-insecure-requests; 	report-uri /cspreport; 	default-src 'self'; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googleadservices.com https://static.sojern.com https://*.cloudflare.com https://*.cardinalcommerce.com https://*.freedompay.com https://assets.pinterest.com https://connect.facebook.net *.hotjar.com https://*.cookiebot.com https://www.gstatic.com https://*.google.com https://*.doubleclick.net *.google-analytics.com *.googletagmanager.com http://ajax.googleapis.com https://www.googleoptimize.com https://rum-static.pingdom.net http://rum-static.pingdom.net https://*.triptease.io; 	style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.typekit.net https://fonts.googleapis.com https://cdn.honey.io; 	object-src 'none'; 	base-uri 'self'; 	connect-src 'self' https://mon-va.tiktokv.com https://googleads.g.doubleclick.net https://adservice.google.com https://www.google.co.uk https://translate.googleapis.com https://connect.facebook.net https://www.google.co.in https://www.google.be https://www.google.ie https://www.google.sc https://www.google.se https://www.google.nl https://www.google.gg https://www.google.de https://www.google.es https://www.google.fr https://*.googlesyndication.com https://*.freedompay.com https://*.cardinalcommerce.com https://*.amazonaws.com https://*.google.com https://www.google.ch https://www.google.je https://www.googletagmanager.com https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://www.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.triptease.io https://*.cookiebot.com http://rum-collector-2.pingdom.net https://analytics.tiktok.com; 	font-src 'self' data: https://*.alicdn.com https://cdn.honey.io *.gstatic.com https://use.typekit.net; 	frame-src 'self' https://acs.capitalone.com https://acs.revolut.com https://acs2-3dsecure.creditmutuel.fr https://secure.dkb.de https://acs2.edb.com https://acs.swisscard.ch https://verify.monzo.com https://*.3ds.modirum.com https://3dsecure-vrp.de https://*.cic.fr https://3dsec.cardcenter.ch https://gbemv3dsecure.garanti.com.tr https://3ds.nexigroup.com https://*.3dsecure.no https://3ds.redsys.es https://acs1-3dsecure.creditmutuel.fr https://www.rsa3dsauth.com https://3debspay.boc.cn https://*.emea.citibank.com https://acs.mercurypaymentservices.it https://*.googletagmanager.com https://*.rabobank.nl https://*.lloydsbankinggroup.com https://*.zscloud.net https://*.googlesyndication.com https://*.americanexpress.com https://*.arcot.com https://*.doubleclick.net https://www.rsa3dsauth.co.uk https://*.wlp-acs.com https://www.youtube.com https://www.facebook.com https://static.sojern.com https://*.cardinalcommerce.com https://*.freedompay.com https://*.resdiary.com https://*.cookiebot.com https://*.triptease.io https://www.google.com; 	img-src 'self' data: https://*.cookiebot.com https://code.jquery.com https://analytics.tiktok.com https://*.facebook.net https://*.googlesyndication.com https://widgetthemes-live.azureedge.net https://translate.google.com https://fonts.gstatic.com https://track.linksynergy.com https://cdn.honey.io https://googleads.g.doubleclick.net *.googleapis.com https://adservice.google.com https://*.ytimg.com https://googletraveladservices.com https://*.googletraveladservices.com https://secure-hotel-tracker.com https://*.bing.com https://bat.bing.com https://track.linksynergy.com *.doubleclick.net https://log.pinterest.com https://click.exacttarget.com https://www.facebook.com https://region1.analytics.google.com https://www.google.de https://www.google.ca https://www.google.ro https://www.google.com.tr https://www.google.com.hk https://www.google.gm https://www.google.cz https://www.google.mu https://www.google.com.gi https://www.google.com.ng https://www.google.com.co https://www.google.co.za https://www.google.com.mm https://www.google.com.sg https://www.google.at https://www.google.im https://www.google.dk https://www.google.gr https://www.google.no https://www.google.se https://www.google.lt https://www.google.com.mt https://www.google.ch https://www.google.hu https://www.google.com.cu https://www.google.gg https://www.google.ie https://www.google.nl https://www.google.be https://www.google.pt https://www.google.fr https://www.google.it https://www.google.es https://www.google.je https://www.google.co.in https://www.google.com.tj https://www.google.co.ke https://www.google.ae https://www.google.co.th https://www.google-analytics.com https://www.google.com.au https://www.google.pl *.googletagmanager.com https://*.googletagmanager.com https://www.google.co.uk https://www.google.com *.google-analytics.com https://oimgnn/; 	style-src-elem 'self' 'unsafe-inline' data: https://code.jquery.com https://www.gstatic.com https://fonts.googleapis.com https://cdn.honey.io https://*.cloudflare.com https://*.typography.com https://cloud.typography.com *.googleapis.com http://*.googleapis.com https://*.typekit.net https://use.typekit.net; 	script-src-elem 'self' 'unsafe-inline' data: https://*.freedompay.com https://maps.google.com https://tpc.googlesyndication.com https://ajax.googleapis.com https://pagespeed-mod.com https://*.kaspersky-labs.com https://*.hirizasune.com https://www.gstatic.com https://*.googlesyndication.com https://assets.pinterest.com https://*.googleapis.com https://www.googleadservices.com https://*.cloudflare.com https://*.cardinalcommerce.com https://*.freedompay.com https://*.triptease.io https://connect.facebook.net https://*.hotjar.com https://static.sojern.com https://*.cookiebot.com https://consent.cookiebot.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.com https://www.google-analytics.com https://rum-static.pingdom.net https://analytics.tiktok.com; 	manifest-src 'self'; 	media-src 'self'; 	worker-src 'none'; 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self' blob: data: https: wss: *.aven.com; child-src https: blob: *.aven.com; img-src 'unsafe-inline' blob: data: *.aven.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.aven.com; style-src 'self' 'unsafe-inline' https: *.aven.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self' https://dietpi.com/matomo/index.php https://dietpi.com/grafana/; default-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-src 'self'; manifest-src 'self'; connect-src 'self' https://api.github.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://www.googletagmanager.com https://www.facebook.com https://cdn.cookielaw.org https://unilever3.demdex.net https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://graph.facebook.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://dpm.demdex.net https://privacyportal-eu.onetrust.com https://googleads.g.doubleclick.net https://cdn.epsilondelta.co https://www.ed-sys.net https://sdk-01.moengage.com https://cdn.moengage.com https://unileverapac.sc.omtrdc.net https://geolocation.onetrust.com https://cm.everesttech.net https://dpm.demdex.net https://capi.unileversolutions.com https://bam.nr-data.net https://sdk-03.moengage.com https://youtube.com https://google.com https://*.clarity.ms https://js-agent.newrelic.com https://analytics.google.com https://www.google.com.sg https://pagead2.googlesyndication.com http: https: https://www.pureitwater.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.pureitwater.com/; connect-src 'self' assets.adobedtm.com www.googletagmanager.com www.facebook.com cdn.cookielaw.org unilever3.demdex.net www.google-analytics.com www.googleadservices.com connect.facebook.net graph.facebook.com stats.g.doubleclick.net geolocation.onetrust.com dpm.demdex.net privacyportal-eu.onetrust.com googleads.g.doubleclick.net cdn.epsilondelta.co www.ed-sys.net sdk-01.moengage.com cdn.moengage.com unileverapac.sc.omtrdc.net geolocation.onetrust.com cm.everesttech.net dpm.demdex.net capi.unileversolutions.com bam.nr-data.net sdk-03.moengage.com youtube.com google.com *.clarity.ms js-agent.newrelic.com *.google.com geolocation-db.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com unilever3.demdex.net *.youtube.com *.youtube *.vimeo.com *.google.com *.facebook.com *.twitter.com bid.g.doubleclick.net cdn.moengage.com tpc.googlesyndication.com td.doubleclick.net; 1
default-src 'self';script-src 'self' https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://form.typeform.com https://static.geetest.com https://snap.licdn.com https://*.hotjar.com http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://analytics.twitter.com https://t.co https://connect.facebook.net http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://gcaptcha4.geevisit.com http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://*.bitdelta.com wss://*.bitdelta.com wss://*.firebaseio.com wss://*.zendesk.com https://bitdelta.zendesk.com https://ltp.linktr.ee https://ekr.zdassets.com https://*.googleapis.com https://www.gstatic.com https://*.hyperverge.co https://*.amazonaws.com https://stats.g.doubleclick.net https://vitals.vercel-insights.com/v1/vitals http://gcaptcha4.gsensebot.com https://*.hotjar.com wss://*.hotjar.com https://www.facebook.com https://*.hotjar.io https://o1100856.ingest.sentry.io https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://snap.licdn.com https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://*.amazonaws.com https://*.hotjar.com http://gcaptcha4.geevisit.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://analytics.twitter.com https://t.co https://connect.facebook.net https://www.google.com/recaptcha https://static.geetest.com http://static.geetest.com http://gcaptcha4.geetest.com http://static.geevisit.com/ https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ;style-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com http://static.geetest.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval';img-src 'self' blob: https://*.bitdelta.com data: https://bitdelta.com https://*.amazonaws.com https://bitdelta.zendesk.com https://static.zdassets.com https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.ae http://*.cloudfront.net https://www.facebook.com https://t.co https://analytics.twitter.com http://static.geetest.com https://www.googletagmanager.com https://www.google-analytics.com http://static.geevisit.com http://dn-staticdown.qbox.me https://flagcdn.com 'unsafe-inline' 'unsafe-eval';frame-src 'self' data: https://*.veriff.com https://*.veriff.me https://www.google.com https://www.typeform.com https://form.typeform.com/ https://www.facebook.com https://www.youtube.com https://*.hotjar.com https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com https://onramp.money https://*.onramp.money; 1
default-src https: 'unsafe-inline'; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; script-src 'nonce-WnIxRVM3aE9HVGJZcUdmQWFwSzZFQT09' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'report-sample'; object-src 'none'; base-uri 'self'; frame-src 'self' www.google.com bid.g.doubleclick.net cdn.ssmedia.com; frame-ancestors 'self'; child-src 'self'; report-uri https://api.ssmedia.com/cspreport?u=yygpKSi20tcvLy_XKy7NKy5JLMpNTclM1EvOz9UHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.neto2.net *.netoxygen.ch www.google-analytics.com *.google.com *.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com *.cloudflare.com https://secure.gravatar.com https://github.com data: 1
frame-ancestors 'self' https://*.iprox.nl https://*.hetcak.nl 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.cz https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.cz https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://c.imedia.cz https://*.seznam.cz https://*.google.cz;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.cz  https://smetrics.vwfs.cz https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://c.imedia.cz https://*.seznam.cz https://*.google.cz;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.cz https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.cz https://smetrics.vwfs.cz https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cz http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'self' data: *.cloudfront.net *.doublerobotics.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.eloqua.com *.en25.com *.google-analytics.com *.google.com *.hsforms.net *.timevaluecalculators.com hello.myfonts.net https://*.hsforms.com https://*.hsleadflows.net https://*.hubspot.com https://dec.azureedge.net/ https://www.youtube.com/iframe_api munchkin.marketo.net www.googletagmanager.com cdn.userway.org https://*.hotjar.com https://usrwy.com/widget.js https://js.hs-banner.com/3599095.js https://player.vimeo.com/api/player.js https://tags.srv.stackadapt.com/events.js https://js.hscollectedforms.net/collectedforms.js cdnjs.cloudflare.com/ajax/libs/angular-filter/0.5.17/angular-filter.min.js siteimproveanalytics.com/js/siteanalyze_82285.js https://amplify.review-alerts.com/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/56355930.js https://bat.bing.com/ https://api.userway.org https://up.pixel.ad https://www.sitescout.com https://llxp.additionfi.com https://googleads.g.doubleclick.net https://js.hs-banner.com https://js.adsrvr.org https://cdn.userway.org https://analytics.tiktok.com https://cunexus-dmz.additionfi.com/ https://collector-29671.us.tvsquared.com/ https://js.hscta.net 'self' cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.timevaluecalculators.com https://tags.srv.stackadapt.com/sa.css *.additionfi.com https://insight.adsrvr.org https://cdn.userway.org/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.timevaluecalculators.com *.google.com *.google-analytics.com https://*.hubspot.com https://*.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com pages.mycfe.com pages.additionfi.com cdn.userway.org/ https://rqfi3tmw.cdn.imgeng.in https://82285.global.siteimproveanalytics.io/image.aspx https://82285.global.siteimproveanalytics.io/heat.aspx https://rtx-source-icons.s3.amazonaws.com/logos/google.png https://rtx-source-icons.s3.amazonaws.com/logos/facebook.png images.additionfi.com *.lemonadelxp.com *.additionfi.com https://bat.bing.com https://www.googletagmanager.com https://pixel.sitescout.com/ https://collector-29671.us.tvsquared.com/ 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.userway.org; frame-src https://*.doubleclick.net https://*.hsforms.com https://app.hubspot.com https://vars.hotjar.com/ cdn.userway.org/ https://www.youtube.com/ https://forms.hubspot.com/ https://player.vimeo.com/ https://form.jotform.com/ https://insight.adsrvr.org https://pixel.sitescout.com https://match.adsrvr.org https://cunexus-dmz.additionfi.com/ 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com https://*.hubspot.com https://*.hsforms.com https://maps.googleapis.com https://api.userway.org/api/tunings/1fJAlvpd8l in.hotjar.com vc.hotjar.io wss://ws2.hotjar.com/ wss://ws6.hotjar.com/api/v1/client/ws https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking https://tags.srv.stackadapt.com/sa.jpeg https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://amplify.review-alerts.com/public/api/analytics https://amplify.review-alerts.com/public/api/testimonials https://api.ipify.org/ https://api.userway.org https://amplify.review-alerts.com *.additionfi.com https://analytics.tiktok.com https://cdn.userway.org https://www.google-analytics.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://pages.additionfi.com/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ffclub.ru yastatic.net yandex.ru metrika.yandex.ru *.googleapis.com *.gstatic.com www.google-analytics.com www.google.com *.googlesyndication.com googleads.g.doubleclick.net adservice.google.com adservice.google.si adservice.google.ru *.googletagservices.com *.googleadservices.com translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net st.yandexadexchange.net an.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.md mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.com googletagmanager.com *.googletagmanager.com *.google-analytics.com http://www.youtube.com https://www.youtube.com coub.com dl.metabar.ru top-fwz1.mail.ru counter.rambler.ru st.top100.ru kraken.rambler.ru player.vimeo.com rutube.ru; img-src 'self' *.ffclub.ru kraken.rambler.ru yastatic.net *.verify.yandex.ru an.yandex.ru mc.yandex.ru amc.yandex.ru *.yandex.net ad.doubleclick.net *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com translate.google.com counter.yadro.ru img.youtube.com i.ytimg.com coubsecure-s.akamaihd.net top-fwz1.mail.ru i.vimeocdn.com counter.rambler.ru data:; font-src 'self' *.ffclub.ru yastatic.net chrome-extension: data: *.gstatic.com; 1
default-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uistats.sitevision.se/ https://www.browsealoud.com/ https://www.netpublicator.com/ https://code.jquery.com/ https://skattekollen.se/ https://*.chat.kundo.se https://chat.kundo.se/ https://static-chat.kundo.se/ https://sentry.kundo.se https://docs.netpublicator.com/ https://karlstad.containers.piwik.pro/ https://oppnadata.skl.se/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://karlstad.imagevault.app/ https://skattekollen.se/ https://oppnadata.skl.se/ https://www.gstatic.com/ https://static-chat.kundo.se/ https://chat.kundo.se; object-src 'none'; base-uri 'self'; connect-src 'self' https://plus.browsealoud.com/ https://uistats.sitevision.se https://www.browsealoud.com/ https://youtube.com https://vimeo.com/ https://turid.visitvarmland.com/public/api/ https://chat.kundo.se/chat/svarsgrupp-2-r2r4toz2/customer-actions/ https://sentry.kundo.se/ https://karlstadskommunonline.sharepoint.com/ https://skattekollen.se/ https://eu-api.friendlycaptcha.eu/ https://karlstad.piwik.pro/ https://speech-eu.speechstream.net/ https://oppnadata.skl.se/ https://api.kolada.se/ https://*.chat.kundo.se https://chat.kundo.se/ https://sentry.kundo.se/api/ wss://ws-eu.pusher.com/app/ https://*.pusher.com/ https://kundo.se/attachment/upload/ https://static.kundo.se/static/ https://*.chat.kundo.se https://turid.visitvarmland.com/api/v8/; frame-ancestors 'self' https://eu.opencitiesplanner.bentley.com/; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://youtube.com https://gi.karlstad.se/ https://lex2api.evarmland.se/ https://org-1329.chat.kundo.se https://player.vimeo.com https://mpi.mashie.com/ https://online.infracontrol.com/ https://oppnadata.skl.se/ https://view.wec360.com/ https://www.idrelay.com/ https://trk.idrelay.com/ https://chat.kundo.se/ https://sentry.kundo.se/api/ https://*.chat.kundo.se; img-src 'self' https://i.ytimg.com https://karlstad.imagevault.app/ https://static.netpublicator.com https://img.turid.visitvarmland.com https://karlstad.se/imagevault/ https://i.vimeocdn.com/ https://karlstad.piwik.pro/ data: https://oppnadata.skl.se/ https://kundo.se https://static.kundo.se https://chat.kundo.se turid.visitvarmland.com https://skattekollen.se/; manifest-src 'self' https://skattekollen.se/; media-src 'self' https://static-chat.kundo.se/ https://speech-eu.speechstream.net/ blob:; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://media.twiliocdn.com https://d1gg1zl1g72y96.cloudfront.net https://cdnjs.cloudflare.com https://du7aon534iz4j.cloudfront.net https://s3.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.adroll.com https://*.intercom.io https://*.intercomcdn.com https://snap.licdn.com https://px.ads.linkedin.com https://bam.nr-data.net https://*.spectrumemp.com https://code.highcharts.com https://*.trychameleon.com/ https://*.heapanalytics.com https://*.getbee.io https://auth.getbee.io; object-src 'self' 1
frame-ancestors 'self' https://livesale.insportline.cz 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3v3g01hiqu5gm&partner=; 1
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' https: blob: data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.youtube.com www.tagassistant.google.com www.google-analytics.com *.mypurecloud.ie siteimproveanalytics.com apps.mypurecloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com rawgit.com code.jquery.com seairetrofitpbiembeddedprd.azurewebsites.net public.tableau.com static.hotjar.com script.hotjar.com wurfl.io *.cognitoforms.com www.cognitoforms.com/f/seamless.js static.cognitoforms.com cdn.jsdelivr.net code.highcharts.com cdnjs.cloudflare.com *.texthelp.com *.browsealoud.com; 1
default-src 'none' ;frame-ancestors 'none' ;form-action 'self' ;connect-src 'self' https://*.usercentrics.eu https://matomo.kbs.de https://kbs-crm.de/ https://*.linkedin.oribi.io https://www.facebook.com https://*.linkedin.com https://connect.facebook.net ;base-uri 'self' ;style-src 'self' 'unsafe-inline' ;object-src 'none' ;frame-src https://*.youtube-nocookie.com https://*.usercentrics.eu https://*.doubleclick.net https://www.facebook.com ;img-src 'self' https://*.ytimg.com https://*.usercentrics.eu https://www.facebook.com https://www.google.com https://www.google.de https://www.minijob-zentrale.de https://magazin.minijob-zentrale.de/ https://minijob-magazin-website.blee.ch/ https://*.linkedin.com https://*.doubleclick.net ;media-src 'self' blob: https://multimedia.gsb.bund.de https://*.youtube-nocookie.com https://*.youtube-nocookie-nocookie.com https://*.youtube.com https://youtu.be/ ;script-src 'self' 'strict-dynamic' https://*.youtube.com 'sha256-EtnUVjyrHBRNeNkP5vDcZYe2ew3Wg1lpgGl/JZCMRAI=' 'sha256-eEIY/NzHnlLKJ8GDl/oDT1ssnhj3SKdcm239GpRkmHQ=' https://*.usercentrics.eu 'nonce-RV8E7TPQPSIMR3LLWPRL2N86U' https://matomo.kbs.de 'nonce-M0TNX4SSJJ28G0DZGS1SRMZXD' 'sha256-P+Ab8EBuYWVmxxggKX2jM0GgBpKu+6oUNGol/XP/5ek=' 'sha256-JhAld3sUfBMIuAf2IyRTyKZelFiSZZXV8fojmy5XDL0=' https://snap.licdn.com https://connect.facebook.net https://www.googletagmanager.com 'sha256-lQLSmTZAGfOgLpwW6D9AQCKMMt5O3bPZNOMgbD92yPk=' 'sha256-3c1agrU2EbDbWQLzXKDRR7k3eXjr4+OMBUvRhtOUF2U=' 'sha256-L8F0fuuKjO4+FkSNNnqJ7xKZTQMIYMui1lN8iORwbcU=' 'sha256-7s7d9J/0gxSP7UclbUiWU7hMN+eCj11odMjUoTMWHq0=' https://www.googleadservices.com https://googleads.g.doubleclick.net https://kbs-crm.de/ 'nonce-cuxcAasoroY2JrZHnAKBOs8eNzKNdoPmE09QwjDAi2Q=' 'sha256-tA2WJIvxtflN5AmVLl9EQ2vcD6CsqZSwPtbT7bZ+oHA=' https://play.google.com 'sha256-orcyqyxTv7vPYQStk8F4XJKeVoK9imykNAfmDi1kYbY=' 'sha256-+DDeQ8D3iAvbLf6PV1cGpDrZeZtg5PI9peOZB1Fdy8s=' 'nonce-OTEXNY02XEYJ85XC5Y8F33UL4' 'nonce-294131381079081' ;font-src 'self' 'unsafe-inline' data: ; 1
upgrade-insecure-requests;    default-src https: 'unsafe-eval' 'unsafe-inline';    form-action 'self' https://antville.org https://*.antville.org;    img-src * data:;    object-src 'none'; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://paulmitchell.com https://www.googletagmanager.com; style-src 'self' blob: https: 'unsafe-inline' https://paulmitchell.com; img-src data: http: https: www.googletagmanager.com https://paulmitchell.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com use.typekit.net static.klaviyo.com; frame-src 'self' *.g.doubleclick.net *.doubleclick.net *.osano.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com assets.braintreegateway.com *.google.com * *.youtube.com *.youtu.be *.vimeo.com; 1
object-src 'self'; frame-ancestors 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.projecthax.com/logs/ https://forum.projecthax.com/sidekiq/ https://forum.projecthax.com/mini-profiler-resources/ https://forum.projecthax.com/assets/ https://forum.projecthax.com/extra-locales/ https://forum.projecthax.com/highlight-js/ https://forum.projecthax.com/javascripts/ https://forum.projecthax.com/plugins/ https://forum.projecthax.com/theme-javascripts/ https://forum.projecthax.com/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https 'unsafe-inline'; worker-src 'self' https://forum.projecthax.com/assets/ https://forum.projecthax.com/javascripts/ https://forum.projecthax.com/plugins/; report-uri https://forum.projecthax.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' ; worker-src 'self' data: blob: https://js.arcgis.com ; default-src 'self'  ; frame-src 'self' embed https://waterschappen.mijnstem.nl https://agv.mijnstem.nl https://app.mijnstem.nl https://mijnstem.sales.ivox.be https://waternet.pti.nl https://chat1.waternet.nl https://app.cobrowser.com https://hotjar.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google.nl https://www.google.com https://recaptcha.google.com/recaptcha/ https://www.kcmsurvey.com https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://facebook.com https://platform.hireserve.nl https://podcasts.apple.com https://open.spotify.com ; script-src 'self' https://js.monitor.azure.com https://dl.episerver.net https://collect.mopinion.com https://cdn.optimizely.com https://js.arcgis.com https://ytimg.com https://www.youtube.com https://epi.waternet.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.google.com/recaptcha https://ajax.googleapis.com https://maps.gstatic.com https://app.cobrowser.com https://script.hotjar.com https://cdnjs.cloudflare.com https://cdn.nowinteract.com https://imp2.nowinteract.com https://js-agent.newrelic.com https://bam.nr-data.net https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://facebook.com https://platform.hireserve.nl 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-Q+8a/o63rQfS2FbM/kdZuS1YefaBDavYFe0rSXCVTY8=' 'nonce-3IEkk4ie+uggPIavqPY8C5zxkFlXj5cbkYXIwTkZcpM=' ; style-src 'self' https://dl.episerver.net https://fonts.mopinion.com https://js.arcgis.com https://epi.waternet.nl https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://app.cobrowser.com https://platform.twitter.com https://facebook.com https://platform.hireserve.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-RXxNUJG3UfHAeHA4copS/oAu4QHoWavn3IraEQ+XrTk=' 'sha256-HoHeSFZ2KzRVUbA0hgnOQrMyvA5bmJp9vMDhzKnBVw8=' 'nonce-3IEkk4ie+uggPIavqPY8C5zxkFlXj5cbkYXIwTkZcpM='; font-src 'self' https://fonts.gstatic.com https://gstatic.mopinion.com https://platform.hireserve.nl https://dl.episerver.net ; img-src 'self' data: https://www.google.nl https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://services.arcgisonline.com https://server.arcgisonline.com https://platform.hireserve.nl https://dl.episerver.net ; connect-src https: wss:;object-src 'none';base-uri 'self'; 1
script-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 polyfill.io *.google-analytics.com *.google.com *.gstatic.com https://*.yellowmessenger.com https://*.webengage.com https://*.webengage.co https://*.microsoftstream.com https://*.cloudfront.net https://raw.githubusercontent.com https://www.googletagmanager.com https://*.amazonaws.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 'self'; 1
default-src https: https://*.landstar.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://*.landstar.com; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data: 1
script-src 'self' ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com cdn.usefathom.com cdn.matomo.cloud cdn.paddle.com 1.replies.io checkout.paddle.com cdn.ampproject.org public.profitwell.com static.profitwell.com polyfill.io js.sentry-cdn.com browser.sentry-cdn.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com dayohvjefwkyk.cloudfront.net cdnjs.cloudflare.com connect.facebook.net lovado.net:3000 wss://lovado.net:3000 piwik.micropayment.de *.stripe.com code.jquery.com maxcdn.bootstrapcdn.com www.facebook.com compliesfolonest.com pactickyvilsents.com www.gstatic.com cdn.rawgit.com www.google.com cdn.jsdelivr.net; img-src 'self' data: dayohvjefwkyk.cloudfront.net cdn.jsdelivr.net code.jquery.com; 1
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' editor.unlayer.com cdnjs.cloudflare.com o478387.ingest.sentry.io js.stripe.com maps.googleapis.com carelaunch-dev.my.connect.aws;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com;img-src 'self' data: https:;font-src 'self' data:;frame-ancestors 'self' carelaunch-dev.my.connect.aws;worker-src 'self' blob: 1
frame-ancestors 'self' https://www.matrimonios.cl https://comunidad.matrimonios.cl https://landing.matrimonios.cl 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6takbmdiquc0s&partner=; 1
frame-ancestors https://www.cloudrexx.com 1
connect-src 'self' *.nrw.de; default-src 'self' *.nrw.de; font-src data: *; frame-ancestors 'self' *.nrw.de; frame-src 'self' *.nrw.de geo-statistik.it.nrw *.giscloud.nrw.de *.statistikportal.de *.destatis.de *.geo-statistik.it.nrw broschueren.nordrheinwestfalendirekt.de *.openstreetmap.org it.statistik.niedersachsen.de; img-src data: *; media-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.openstreetmap.org it.statistik.niedersachsen.de; style-src 'self' 'unsafe-inline' *.nrw.de; worker-src 'self' *.nrw.de *.openstreetmap.org it.statistik.niedersachsen.de; upgrade-insecure-requests; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; manifest-src 'self' *.billets.ca *.2tickets.ca *.tickets.ca; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.billets.ca *.2tickets.ca *.tickets.ca https://widget-mediator.zopim.com/ https://static.zdassets.com https://maps.googleapis.com https://analytics.google.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://connect.facebook.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-analytics.net https://www.clarity.ms https://analytics.tiktok.com; font-src 'self' fonts.gstatic.com; img-src 'self' *.billets.ca *.2tickets.ca *.tickets.ca *.amazonaws.com data: blob: https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.ca https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://px.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com https://www.linkedin.com https://p.adsymptotic.com https://c.clarity.ms https://c.bing.com; connect-src 'self' data: http://0.0.0.0:* ws://localhost:* *.oribi.io *.billets.ca *.tickets.ca *.2tickets.ca https://widget-mediator.zopim.com/ wss://widget-mediator.zopim.com https://billets.zendesk.com https://ekr.zdassets.com/ https://maps.googleapis.com https://www.facebook.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hubapi.com https://forms.hubspot.com https://*.clarity.ms https://c.clarity.ms https://vc.hotjar.io https://analytics.tiktok.com https://o1428952.ingest.sentry.io; frame-src 'self' https://vars.hotjar.com https://vc.hotjar.io https://bid.g.doubleclick.net; media-src 'self' https://static.zdassets.com *.billets.ca *.2tickets.ca *.tickets.ca *.amazonaws.com; frame-ancestors 'none'; 1
default-src 'self' https://trustseal.enamad.ir/ https://www.sinainsurance.com/ https://sinainsurance.com/; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.sinainsurance.com/ https://sinainsurance.com/ https://www.google-analytics.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js ; img-src data: blob 'self' 'unsafe-inline' https://www.sinainsurance.com/ https://sinainsurance.com/ https://trustseal.enamad.ir/  http://www.google-analytics.com/ ; style-src 'self' 'unsafe-inline';media-src 'self' 'unsafe-inline' https://trustseal.enamad.ir/ https://www.sinainsurance.com/ https://sinainsurance.com ;  1
frame-ancestors 'self' https://hilfe.campz.de https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src https: data: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' builder.io 1
frame-ancestors 'self' https://*.canyons.edu; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://*.googletagmanager.com/; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.stripe.com/ https://www.paypal.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://sentry.feelingsurf.fr/; img-src 'self' data: https://*.stripe.com/ https://syndication.twitter.com/ https://*.paypal.com/ https://*.paypalobjects.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/; font-src data:; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.stripe.com/; frame-ancestors 'none'; media-src 'self'; manifest-src 'self'; worker-src blob:; report-uri https://sentry.feelingsurf.fr/api/5/security/?sentry_key=43ec3ee807854e269d65d5f81c639e51&sentry_environment=prod 1
object-src: none default-src * data: 'self' blob:; frame-ancestors 'self' *.juridischloket.nl test-botclient.juridischloket.nl; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gstatic.com siteimproveanalytics.com *.juridischloket.nl test-botclient.juridischloket.nl *.youtube.com *.googletagmanager.com *.vimeo.com *.userback.io *.custhelp.com *.cookiebot.com *.google.com *.googleapis.com; 1
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be www.lifewatch.be lifewatch.be www.seachangeproject.eu seachangeproject.eu; 1
default-src 'self' https://youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com http://cdn4.mxpnl.com https://fonts.googleapis.com https://fonts.gstatic.com/ http://www.youtube.com/ https://s3-us-west-2.amazonaws.com/ https://ct.pinterest.com/ https://test-toybox.myshopify.com/ https://toyboxlabs.myshopify.com/ https://cdn.shopify.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net https://s.pinimg.com/ http://static.ads-twitter.com http://www.googleadservices.com http://www.google-analytics.com https://analytics.twitter.com https://connect.facebook.net https://toysearch-test.herokuapp.com/getHomeToyData https://toysearch-prod.herokuapp.com/getHomeToyData https://search.make.toys/  https://content.make.toys/ https://toyboxlabs.myshopify.com https://search.make.toys https://content.make.toys;connect-src * data:;frame-src *;img-src * blob: data:;frame-ancestors https://*.myshopify.com;media-src *;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;font-src https://fonts.gstatic.com 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mailplus.nl cdn.rawgit.com cdnjs.cloudflare.com cdn.jsdelivr.net static.addtoany.com connect.facebook.net *.facebook.com siteimproveanalytics.com sdc.mineleni.nl statistiek.rijksoverheid.nl piwik.dtnr.nl ajax.googleapis.com cdn.siteimprove.net www.google.com *.google-analytics.com tagmanager.google.com *.googletagmanager.com *.ckeditor.com *.hotjar.com extreme-ip-lookup.com; connect-src 'self' *.siteimprove.com *.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://www.cbi.eu https://www.cbi.eu cdn.rawgit.com raw.githubusercontent.com http://www.rovid.nl https://www.rovid.nl *.rijksoverheid.nl sdc.mineleni.nl *.google-analytics.com *.doubleclick.net *.ckeditor.com statistiek.rijksoverheid.nl piwik.dtnr.nl; style-src 'self' 'unsafe-inline' http://www.cbi.eu https://www.cbi.eu *.mailplus.nl  cdnjs.cloudflare.com www.google.com tagmanager.google.com *.googleapis.com ssl.gstatic.com *.ckeditor.com; font-src 'self' themes.googleusercontent.com; media-src 'self' http://www.rovid.nl https://www.rovid.nl *.rijksoverheid.nl player.vimeo.com *.vimeocdn.com; child-src 'self' rvo.bbvms.com static.addtoany.com *.facebook.com *.siteimprove.com *.youtube.com *.hotjar.com; object-src 'self'; frame-ancestors 'self' *.gcci.ge *.sliepa.org *.afdb.org *.kemendag.go.id *.idrc.ca *.paltrade.org *.aeb.gov.rw *.thecdi.org.za *.apen.org.ni *.sidec.vn *.siicex.gob.mx *.senegalexport.com *.gufebenin.org *.gepaghana.org *.mongoltextile.mn *.must.edu.mn *.africatradefund.org http://ugandacoffeefederation.org http://www.apexb.bf *.apexb.bf *.bahamastradeinfo.gov.bs http://maliexport.com *.portailexportbenin.com myantrade.org http://pameranln.kemenperin.go.id *.blueoasiseg.com *.hbmcorp.co.id *.globalinvestmentco.co.za *.keproba.go.ke *.procuba.cu *.lebtrade.gov.lb lebtrade.gov.lb sites.google.com www.marketingengineers.nl marketingengineers.nl; 1
default-src 'self'; script-src 'unsafe-eval' *; script-src-elem 'unsafe-inline' *; script-src-attr 'unsafe-inline'; connect-src *; img-src data: *; style-src 'unsafe-inline' *; media-src blob: *;frame-ancestors *; worker-src blob: *;frame-src *; font-src data: *; form-action *; upgrade-insecure-requests; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-3OnAvOSbtp4LiQw4QldTPfZzh0dU31oJA7xzlIV67LH6Gy6N' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://toot.cat 'wasm-unsafe-eval'; font-src 'self' https://toot.cat; img-src 'self' data: blob: https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com; style-src 'self' https://toot.cat 'nonce-iFrSHOXXVN9PxVXNNbgTPg=='; media-src 'self' data: https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com; frame-src 'self' https:; child-src 'self' blob: https://toot.cat; worker-src 'self' blob: https://toot.cat; connect-src 'self' blob: data: wss://toot.cat https://toot.cat https://pool.jortage.com/tootcat/ https://blob.jortage.com; manifest-src 'self' https://toot.cat; form-action 'self' 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self' www.youtube.com www.econsumeraffairs.com; img-src 'self' data: https: cdn.shopify.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' consent.trustarc.com; upgrade-insecure-requests 1
upgrade-insecure-requests; base-uri 'self' https://wa.vinnova.se https://vinnova.matomo.cloud/ https://cdn.matomo.cloud; default-src 'self' https://www.youtube.com/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://wa.vinnova.se/plugins/Morpheus/fonts/ data: https://vinnova.matomo.cloud/plugins/Morpheus/fonts/ https://vinnova.matomo.cloud/plugins/AbTesting/libs/abtestingicons/fonts/abtestingicons.woff%0a; style-src 'self' https://fonts.googleapis.com/ https://dl.episerver.net/13.4.4.1/ https://wa.vinnova.se/plugins/Overlay/client/client.css https://wa.vinnova.se/index.php 'unsafe-inline' https://vinnova.matomo.cloud/index.php; img-src 'self' https://www.google-analytics.com/collect https://www.google.com/ads/ga-audiences https://www.google.se/ads/ga-audiences https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://img.youtube.com https://dl.episerver.net/13.4.4.1/ https://wa.vinnova.se https://i.vimeocdn.com/ data: https://vinnova.matomo.cloud/plugins/; script-src 'self' 'nonce-svLDPFGDx8gSDadqtQ6ERwMwHxB7WFFlgjnlPnxZ/io=' https://maps.googleapis.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/ https://www.google-analytics.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/vanilla-lazyload/10.3.5/ https://dl.episerver.net/ http://cdn.datatables.net/ http://bartaz.github.io/ https://5p4rk13.com/ https://wa.vinnova.se/ https://wa.vinnova.se/ 'unsafe-inline' https://forms.apsisforms.com/ http://s3-eu-west-1.amazonaws.com/apsis-forms-published-settings-one/js/ *.apsisforms.com 'sha256-nxs4O/FRaYOijnK20DUrGLaf/7y3FWnuh4bwy5veH0E=' 'sha256-YuZ4FYOvNbGLtFSF2K1TCvG1I+qJVuVNEq8hZ/c6hvU=' http://platform.twitter.com/ https://polyfill.io/v3/polyfill.min.js https://static.entryscape.com https://vinnova.entryscape.net https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-eval' https://static.rekai.se/bd0a3abb.js 'self' https://vinnova.matomo.cloud https://cdn.matomo.cloud/ https://cdn.matomo.cloud/ 'unsafe-inline'; frame-src 'self' https://www.youtube.com/ https://wa.vinnova.se https://player.vimeo.com/ https://vimeo.com/ https://html5-player.libsyn.com/ 'self'; child-src 'self' ; connect-src 'self' https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://maps.googleapis.com/maps/api/geocode/ *.analytics.google.com/ https://wa.vinnova.se/matomo.php https://bam.nr-data.net https://vimeo.com/ https://www.livsmedelsverket.se/ https://jpi-urbaneurope.eu/ https://www.regeringen.se/ https://www.forskasverige.se/ https://ec.europa.eu/ https://www.eurekanetwork.org/ https://view.officeapps.live.com/ https://www.technopolis-group.com/ https://www.business-sweden.com/ http://www.diva-portal.org/ https://reglab.se/ https://cdn.sei.org/ https://pub.norden.org/ https://blogg.vinnova.se/ http://ratio.se/ https://www.kth.se/ https://nps.edu/ http://www.vaxtbaseratsverige.se/ https://view.rekai.se/view https://view.rekai.se/view/event https://predict.rekai.se/predict https://vinnova.matomo.cloud/ https://cdn.matomo.cloud/matomo.php; frame-ancestors 'self' https://wa.vinnova.se 'self' https://cdn.matomo.cloud; form-action 'self' ; object-src 'self' ; manifest-src 'self' ; media-src 'self' ; worker-src 'self' ; report-uri https://www.vinnova.se/cspreport 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://z.moatads.com https://pghub.io https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://assets.ctfassets.net https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.crazyegg.com *.jebbit.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; img-src 'self' https://ct.pinterest.com https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net https://match.adsrvr.org- https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://ct.pinterest.com https://www.youtube.com https://consumersupport.pg.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com youtu.be blob: feed.pghub.io pandg.tapad.com ; connect-src 'self' https://ct.pinterest.com https://www.google-analytics.com https://mediaid.pg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io https://api-test.pg.com https://api.pg.com *.pinimg.com *.google.com *.segment.com https://*.bazaarvoice.com https://api-nonprod.pgsvc.com https://api.pgsvc.com https://connect.facebook.net *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; style-src 'self'; script-src 'self' 1
frame-ancestors https://*.activtrades.com https://*.activtrades.co.uk https://*.activtrades.eu https://*.activtrades.com.br 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YWFkMDkzYTYzNDhlNGQxZGIyMzFkMzJhMjg5ZTI3MWQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=69tsda1iqu86g&partner=; 1
base-uri 'self'; frame-ancestors 'none'; object-src 'none'; worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' *.fxsights.com *.mitrade.com 1
default-src 'self' www.youtube.com wms.nic.in player.mycast.in webcast.gov.in rathjatra.nic.in independenceday.nic.in republicday.nic.in budgetlive.nic.in pmonradio.nic.in yogaday.nic.in *.media.nic.in; script-src-elem 'self' 'unsafe-inline' *.analytics.edgekey.net wms.nic.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' wms.nic.in; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.akamaihd.net *.media.nic.in api.ipify.org ipapi.co wms.nic.in; media-src *.akamaihd.net *.media.nic.in wms.nic.in 'self' blob:; worker-src wms.nic.in 'self' blob:; img-src 'unsafe-inline' wms.nic.in 'self' webcast.gov.in pmindiawebcast.nic.in rathjatra.nic.in independenceday.nic.in republicday.nic.in budgetlive.nic.in pmonradio.nic.in yogaday.nic.in *.media.nic.in data:; frame-src wms.nic.in 'self' *.media.nic.in player.mycast.in www.youtube.com; font-src 'self' data:; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: 1
font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://www.google.ca https://cdnjs.cloudflare.com https://adservice.google.com  *.doubleclick.net; object-src 'none'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://adservice.google.com  https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://gcptm.bmoharris.com https://googleadservices.com https://www.google.com/ads/ga-audiences www.google.com/ads/ga-audiences adservice.google.com/ddm/fls/z/ *.doubleclick.net www.google.ca/pagead/; img-src 'self' 'unsafe-inline' https://id.rlcdn.com id.rlcdn.com *.company-target.com https://id.rlcdn.com/464526.gif *.demdex.net https://ad.doubleclick.net https://www.facebook.com  https://www.google-analytics.com https://preview.wealth.bmoharris.com https://www.facebook.com https://ad.doubleclick.net https://cdn.cookielaw.org *.onetrust.com https://smetrics.bmo.com https://www.googletagmanager.com https://bat.bing.com https://cm.everesttech.net https://px.ads.linkedin.com https://snap.licdn.com *.doubleclick.net https://www.google-analytics.com *.google.com www.google.ca; default-src 'self' https: data: blob: 'unsafe-inline' https://s.company-target.com/ segments.company-target.com https://smetrics.bmo.com https://dpm.demdex.net https://www.youtube.com https://youtu.be https://player.vimeo.com https://megaphone.fm/ https://playlist.megaphone.fm https://megaphone.link *.doubleclick.net; base-uri 'self'; frame-src 'self' *.demdex.net https://www.googletagmanager.com *.company-target.com *.doubleclick.net *.google.com; connect-src 'self' https://bankofmontreal.us-1.evergage.com https://api.company-target.com api.company-target.com *.company-target.com *.demdex.net *.demandbase.com https://www.google-analytics.com gcptm.bmoharris.com https://analytics.google.com *.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com https://*.google-analytics.com https://gcptm.bmo.com https://*.doubleclick.net https://gcptm.bmoharris.com https://id.rlcdn.com/464526.gif https://api.company-target.com/ https://s.company-target.com/ *.company-target.com *.demandbase.com *.google-analytics.com gcptm.bmo.com gcptm.bmoharris.com *.googleadservices.co *.gstatic.com *.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://cdnjs.cloudflare.com  https://stackpath.bootstrapcdn.com https://gcptm.bmoharris.com *.google.com *.doubleclick.net www.google.ca/pagead/ https://googleadservices.com https://cdn.polyfill.io https://www.youtube.com https://youtu.be https://player.vimeo.com https://megaphone.fm/ https://playlist.megaphone.fm https://megaphone.link https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://cdn.evgnet.com/beacon/bankofmontreal/engage/scripts/evergage.min.js https://bat.bing.com/bat.js https://dpm.demdex.net https://tags.bluekai.com https://ad.doubleclick.net https://idsync.rlcdn.com https://tapestry.tapad.com https://www.facebook.com https://www.google-analytics.com *.doubleclick.net https://bat.bing.com https://snap.licdn.com/ https://px.ads.linkedin.com/ 1
frame-src *; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'none'; child-src https://www.lolli.com; connect-src https://*.algolia.net https://*.algolianet.com https://wa.appsflyer.com https://wa.onelink.me data: https://bat.bing.com https://sdk.iad-05.braze.com https://cdn.contentful.com/spaces/lcg55p58f347/ https://images.ctfassets.net/lcg55p58f347/ https://firestore.googleapis.com/ https://identitytoolkit.googleapis.com/v1/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/ https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://*.g.doubleclick.net https://measurement.lolli.com/g/collect https://api.rollbar.com/api/1/item/ https://tr.snapchat.com https://cdn.contentful.com/spaces/lcg55p58f347/environments/master/entries https://api.dwolla.com https://firebaseinstallations.googleapis.com/v1/projects/lolli-prod-fire/ https://firebaseremoteconfig.googleapis.com/v1/projects/lolli-prod-fire/ https://api.lolli.com https://www.lolli.com https://connect.lolli.com; font-src 'self'; form-action https://tr.snapchat.com https://api.lolli.com https://www.lolli.com https://www.lolli.com/account/login; frame-ancestors https://www.lolli.com; frame-src https://lolli.webpush.freshchat.com https://lollicare.freshchat.com https://www.google.com/recaptcha/ https://www.google.com/recaptcha/enterprise/ https://tr.snapchat.com https://optimize.google.com https://lolli-prod-fire.firebaseapp.com https://www.lolli.com https://connect.lolli.com https://widgets.moneydesktop.com; img-src 'self' data: https://bat.bing.com https://appboy-images.com https://braze-images.com https://images.ctfassets.net/lcg55p58f347/ https://*.g.doubleclick.net https://measurement.lolli.com/collect https://www.googletagmanager.com https://content.moneydesktop.com https://alb.reddit.com/rp.gif https://tr.snapchat.com https://static.lolli.com; manifest-src https://www.lolli.com/site.webmanifest; media-src; object-src 'none'; script-src https://websdk.appsflyer.com/ https://cdn.dwolla.com/1/dwolla.min.js https://apis.google.com/js/api.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/enterprise.js 'sha256-Hbqi1Bk2d4kW2fR3hLXcsQs+cdjU6yX3f4U3jGxcZYk=' 'sha256-v8QvaXibYxZyRlPckpp91vb6eZuajj1Vc8RZYgS5e4Q=' https://www.lolli.com https://bat.bing.com https://js.appboycdn.com https://connect.facebook.net/en_US/fbevents.js https://assetscdn-wchat.freshchat.com/static/assets/ https://rts-static-prod.freshworksapi.com https://lollicare.freshchat.com/js/widget.js https://www.googleadservices.com https://measurement.lolli.com https://www.googletagmanager.com/gtag/ https://apis.google.com/_/scs/abc-static/_/js/ 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' https://optimize.google.com https://www.googleoptimize.com 'sha256-f8nS1SFG7RGs3fmDwVLRaylqBvCgeiVA8jtz4xPg7+s=' https://www.redditstatic.com/ads/pixel.js https://sc-static.net/scevent.min.js https://analytics.twitter.com/i/adsct https://static.ads-twitter.com/uwt.js https://connect.facebook.net/signals/config/712536369102043 'sha256-w88c9dDyrmROGT5sV4Hdyw1CHcB7SNnicY20d5snt38=' 'sha256-peQh3eiuRnoEJ+AAgfBEv1T1oG7FDmbjJSNevHTSSvQ=' 'sha256-f8nS1SFG7RGs3fmDwVLRaylqBvCgeiVA8jtz4xPg7+s='; style-src 'self' 'unsafe-inline' https://lollicare.freshchat.com/ https://optimize.google.com/optimize/editor/css/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.www.google-analytics.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://pi.pardot.com/pd.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.pi.pardot.com *.cdn-images.mailchimp.com *.maxcdn.bootstrapcdn.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org widget.surveymonkey.com www.googletagmanager.com pi.pardot.com info.acara.edu.au www.youtube.com; style-src 'self' 'unsafe-inline' *.cdn-images.mailchimp.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css https://cdn-images.mailchimp.com/embedcode/slim-10_7.css *.twimg.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://acaraweb.blob.core.windows.net https://dataandreporting.blob.core.windows.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://app.powerbi.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.surveymonkey.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net; 1
child-src blob:; connect-src 'self' dc.services.visualstudio.com/v2/track westeurope-4.in.applicationinsights.azure.com bat.bing.com consent.cookie-script.com www.facebook.com *.google-analytics.com *.g.doubleclick.net/ *.analytics.google.com *.googletagmanager.com *.google.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.licdn.com *.linkedin.com *.orib.io *.tiles.mapbox.com api.mapbox.com events.mapbox.com gapi.storyblok.com/v1/api app.storyblok.com app.storyblok.com/f/storyblok-latest.js t.co analytics.twitter.com player.vimeo.com/api/player.js player.vimeo.com; default-src 'self'; font-src 'self' fonts.gstatic.com tagmanager.google.com script.hotjar.com; frame-src www.facebook.com/tr/ bid.g.doubleclick.net vars.hotjar.com www.linkedin.com go.damen.com recaptcha.net player.vimeo.com www.youtube-nocookie.com www.youtube.com; img-src 'self' bat.bing.com res.cloudinary.com media.damen.com www.facebook.com *.google.com *.googletagmanager.com *.google-analytics.com www.google-analytics.com/collect ssl.gstatic.com www.gstatic.com *.analytics.google.com *.g.doubleclick.net maps.googleapis.com/ script.hotjar.com *.linkedin.com *.licdn.com p.adsymptotic.com data: blob: a.storyblok.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.licdn.com app.storyblok.com app.storyblok.com/f/blokeditor.css; script-src 'self' 'nonce-WmNFB1' *.cookie-script.com connect.facebook.net/en_US/fbevents.js connect.facebook.net tagmanager.google.com *.googletagmanager.com www.gstatic.com/ www.google-analytics.com ssl.google-analytics.com www.recaptcha.net www.googleadservices.com www.google.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com pi.pardot.com recaptcha.net/recaptcha/api.js app.storyblok.com app.storyblok.com/f/storyblok-latest.js player.vimeo.com/api/player.js player.vimeo.com; worker-src blob:; form-action www.facebook.com/tr; frame-ancestors app.storyblok.com 1
frame-ancestors 'self' kcm.org *.kcm.org govictory.com govictorystage.wpengine.com *.govictory.com emic.org *.emic.org skadev.wpengine.com *.superkidacademy.com inthevision.wpengine.com inthevisiondev.wpengine.com inthevisionstg.wpengine.com *.insidethevision.org *.terricopelandpearsons.com *.revivalradiotv.com 1
default-src 'self' https://consentcdn.cookiebot.com https://unpkg.com https://cdn.jsdelivr.net https://freegeoip.app https://www.google.com https://cdn.ckeditor.com http://www.w3.org/2000/svg; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://consentcdn.cookiebot.com https://consent.cookiebot.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.quilljs.com https://www.google.com https://www.gstatic.com https://cdn.ckeditor.com https://momentjs.com https://cdnjs.cloudflare.com https://s10.histats.com https://s4.histats.com; style-src 'self' 'unsafe-inline' data: https://consent.cookiebot.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.quilljs.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.ckeditor.com https://rsms.me; font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://rsms.me https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: images.com https://cdn.ckeditor.com; worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.usercentrics.eu https://*.vimeocdn.com https://player.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://maps.googleapis.com https://*.googletagmanager.com https://analytics.diakonie.de; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.youtube-nocookie.com; img-src 'self' data: https://www.kirchen-diakonie-jobs.de https://*.usercentrics.eu https://*.service.usercentrics.eu https://cdn.plyr.io https://*.ytimg.com https://*.ggpht.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://analytics.diakonie.de; connect-src 'self' https://*.usercentrics.eu https://*.vimeocdn.com https://*.youtube-nocookie.com https://*.googleapis.com https://play.google.com https://noembed.com https://cdn.plyr.io https://api.diakonie.de https://www.kirchen-diakonie-jobs.de https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://analytics.diakonie.de; object-src 'none'; media-src 'self' https://*.vimeocdn.com; child-src 'self' https://app.usercentrics.eu https://player.vimeo.com https://*.youtube-nocookie.com https://live.flyp.tv; frame-src 'self' https://app.usercentrics.eu https://player.vimeo.com https://*.youtube-nocookie.com https://live.flyp.tv; frame-ancestors 'self' 1
default-src 'self';	style-src 'unsafe-inline'	https://personalexcellence.co	https://*.googleapis.com	https://*.cloudflare.com	https://*.fontawesome.com	https://*.convertbox.com	https://*.disquscdn.com	https://fonts.bunny.net	https://*.bootstrapcdn.com;	font-src	data:	https://personalexcellence.co	https://*.fontawesome.com	https://*.convertbox.com	https://fonts.gstatic.com	https://fonts.bunny.net	https://*.bootstrapcdn.com;	img-src *	data:;	media-src	https://personalexcellence.co	*.libsyn.com	http://*.libsyn.com;	connect-src	https://personalexcellence.co	https://*.statcounter.com	http://*.google-analytics.com	https://*.googlesyndication.com	https://*.convertbox.com	https://*.convertkit.com	https://*.fomo.com	http://*.unsplash.com      https://scripts.mediavine.com      https://securepubads.g.doubleclick.net      * ;	frame-src	https://personalexcellence.co	https://*.google.com	https://*.doubleclick.net	https://*.googlesyndication.com	https://*.youtube.com	https://*.youtube-nocookie.com	https://*.convertbox.com	https://disqus.com	https://www.speakpipe.com	  https://scripts.mediavine.com	  https://exchange.mediavine.com	  https://ads.pubmatic.com	  https://acdn.adnxs.com	  https://rtb.gumgum.com	  https://ads.yieldmo.com	  https://*.3lift.com	  https://feed.pghub.io      https://gum.criteo.com      https://google-bidout-d.openx.net      https://pexcellence.substack.com;	script-src 'unsafe-inline' 'unsafe-eval'	* ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.pdk.io https://js.stripe.com https://static.zdassets.com; connect-src 'self' https://*.pdk.io wss://*.pdk.io https://*.googleapis.com https://prodatakey.zendesk.com https://*.sentry.io https://*.zdassets.com; img-src 'self' data: https://*.pdk.io https://prodatakey.zendesk.com; font-src 'self' https://*.pdk.io https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.pdk.io https://*.googleapis.com; frame-src 'self' https://*.pdk.io https://js.stripe.com https://www.youtube.com https://www.youtube-nocookie.com; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: russellinvestments.com *.russellinvestments.com russellinvestments.com.au *.russellinvestments.com.au russellinvestmentsb2c.b2clogin.com russellinvestmentsb2cuat.b2clogin.com russellinvestmentsb2cdev.b2clogin.com spoppe-b.azureedge.net mapbuilder-local mapbuilder-dev mapbuilder-qa mapbuilder-sit mapbuilder-uat cookies.engage.russellinvestments.com bigmarker.com *.bigmarker.com *.b0e8.com cdn.linkedin.oribi.io *.ceros.com api.ipify.org docraptor.com *.linkedin.com *.marketo.net *.mktoresp.com *.coveo.com fast.fonts.net fonts.googleapis.com fonts.gstatic.com *.freshrelevance.com wss://am.freshrelevance.com *.glassboxdigital.io *.glassboxcdn.com www.google.com/jsapi www.gstatic.com/charts/ *.google-analytics.com *.googletagmanager.com www.google.com/ads/ ajax.googleapis.com/ajax/libs/angularjs/ ajax.googleapis.com/ajax/libs/jquery/ cdnjs.cloudflare.com d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net *.buzzsprout.com code.highcharts.com img.en25.com marvel-b1-cdn.bc0a.com marvel-b2-cdn.bc0a.com marvel-processor.bc0a.com *.aas.com.au *.clickdimensions.com *.msecnd.net omny.fm *.powerapps.com *.powerbi.com *.sharepointonline.com siteimproveanalytics.com *.siteimproveanalytics.io https://snap.licdn.com *.fls.doubleclick.net stats.g.doubleclick.net vimeo.com *.vimeo.com *.windows.net *.youtube.com; 1
frame-ancestors 'self'; object-src http://quick.andestech.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.askallegiance.com https://html5shiv.googlecode.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://widgets.omnilert.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.petlink.net *.adyen.com https://www.google-analytics.com https://maps.google.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://connect.facebook.net https://beacon-v2.helpscout.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://static.doubleclick.net https://maps.googleapis.com https://f.vimeocdn.com https://fastgull.io 1
frame-ancestors 'self' *.edock.it *.storeden.com *.shippypro.com 1
frame-ancestors 'none'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.priv.center *.truendo.com https://cdn.jsdelivr.net https://embed.typeform.com *.popupsmart.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://eldritch.cafe 'wasm-unsafe-eval'; font-src 'self' https://eldritch.cafe; img-src 'self' data: blob: https://eldritch.cafe https://eldritchcafe.files.fedi.monster; style-src 'self' https://eldritch.cafe 'nonce-6YLmNeY8hq1UqnMtOC+1aw=='; media-src 'self' data: https://eldritch.cafe https://eldritchcafe.files.fedi.monster; frame-src 'self' https:; child-src 'self' blob: https://eldritch.cafe; worker-src 'self' blob: https://eldritch.cafe; connect-src 'self' blob: data: wss://eldritch.cafe https://eldritch.cafe https://eldritchcafe.files.fedi.monster; manifest-src 'self' https://eldritch.cafe; form-action 'self' 1
object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' https: 'nonce-624e848b1c6c19d9d64cf4ede193c1b1' 'strict-dynamic'; 1
frame-ancestors 'self' http://kiosk.wdepo.ru https://stelarium.online; 1
frame-ancestors 'self' https://secure.ubicentrex.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com www.youtube.com www.googletagmanager.com drinkiq.com *.google-analytics.com *.onetrust.com *.cloudflare.com footer.diageohorizon.com web.diageoagegate.com;             style-src 'self' 'unsafe-inline' web.diageoagegate.com *.onetrust.com *.google-analytics.com footer.diageohorizon.com;             font-src 'self';             img-src 'self' *.cloudflare.com *.onetrust.com *.youtube.com www.google-analytics.com data: blob;             object-src 'self';             frame-ancestors 'none'; 1
frame-ancestors https://hd.co.th/ https://www.honestdocs.co/ 'self' 1
frame-ancestors 'self' https://next.brella.io/ 1
"" 1
frame-ancestors 'none'; connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.crazyegg.com *.google-analytics.com *.google.com https://stats.g.doubleclick.net/j/collect *.doubleclick.net *.liadm.com; default-src 'self' *.google-analytics.com *.googletagmanager.com  *.crazyegg.com https://*.clarity.ms https://c.bing.com 'unsafe-inline'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data: 'unsafe-eval'; frame-src 'self'  *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com  *.crazyegg.com *.google.com  *.flipsnack.com *.libsyn.com *.audioboom.com *.soundcloud.com *.brightcove.net/; img-src 'self' 'unsafe-inline' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com  *.crazyegg.com *.gravatar.com *.google-analytics.com https://www.google.com/ads/ga-audiences  *.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.doubleclick.net *.trustcommerce.com 'unsafe-eval' data: ; object-src 'none'; script-src 'self' 'unsafe-inline' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com  *.crazyegg.com *.workable.com 'unsafe-eval' *.google.com *.google-analytics.com tagmanager.google.com *.googletagmanager.com stats.g.doubleclick.net  *.gstatic.com *.doubleclick.net *.smartcloudinsight.com *.googleadservices.com *.cloudfront.net; style-src 'self' cdn2.hubspot.net *.crazyegg.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; worker-src 'self' blob:; 1
base-uri 'self'; connect-src 'self' https: wss:; default-src 'none'; img-src 'self' https://*.gleap.io https: data: blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.gleap.io https://player.vimeo.com https://td.doubleclick.net https://*.sandbox.dat https://*.datatrans.com https://*.paypal.com; frame-ancestors 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' https://*.gleap.io https://*.googletagmanager.com https://*.google-analytics.com https://*.trstplse.com https://*.cloudflare.com https://*.googleapis.com https://*.doubleclick.net https://*.datatrans.com https://*.paypal.com https://*.gstatic.com https://*.hotjar.com https://*.facebook.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
frame-ancestors 'self' https://*.braintreegateway.com https://musthaveideas.co.uk https://*.musthaveideas.co.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content; img-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';connect-src * 'unsafe-inline';frame-src *;worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bettermarketing.pub https://*.bettermarketing.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
connect-src 'self' *.mioot.com 1
frame-ancestors 'self' *.ariba.com *.theinstitutes.org https://www.suppliersolutions.com 1
frame-ancestors bbs.elecfans.com www.elecfans.com www.hqchip.com tongji.baidu.com www.hqpcb.com smt.hqchip.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://metalhead.club; img-src 'self' https: data: blob: https://metalhead.club; style-src 'self' https://metalhead.club 'nonce-7j7+RIN8RMeRoymrEU0MYQ=='; media-src 'self' https: data: https://metalhead.club; frame-src 'self' https:; manifest-src 'self' https://metalhead.club; form-action 'self'; child-src 'self' blob: https://metalhead.club; worker-src 'self' blob: https://metalhead.club; connect-src 'self' data: blob: https://metalhead.club https://media.metalhead.club wss://metalhead.club; script-src 'self' https://metalhead.club 'wasm-unsafe-eval' 1
frame-ancestors 'self' catshows.us; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-na.geetest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://csi.gstatic.com https://kit.fontawesome.com https://maps.googleapis.com https://oss.maxcdn.com https://rum-static.pingdom.net https://sealserver.trustwave.com https://ssl.comodoca.com https://stackpath.bootstrapcdn.com https://static.geetest.com https://translate.google.com/ https://translate.googleapis.com https://www.bing.com/translator/api/translate https://www.google.com https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://accept.authorize.net/payment/payment https://verify.authorize.net:443 https://snap.licdn.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://csi.gstatic.com https://fonts.googleapis.com https://maps.googleapis.com https://oss.maxcdn.com https://sealserver.trustwave.com https://ssl.comodoca.com https://static.geetest.com https://translate.googleapis.com https://www.google-analytics.com https://accept.authorize.net/payment/payment; img-src 'self' data: https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://ads.yahoo.com https://cdnjs.cloudflare.com https://csi.gstatic.com https://insight.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com/ https://oss.maxcdn.com https://sealserver.trustwave.com https://ssl.comodoca.com https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://www.facebook.com https://www.google.com/images/ https://www.google-analytics.com https://www.gstatic.com https://www.paypalobjects.com https://x.bidswitch.net https://accept.authorize.net/payment/payment https://verify.authorize.net/ https://ssl.comodoca.com/ https://px.ads.linkedin.com; frame-src 'self' https://www.google.com/recaptcha/ https://payflowlink.paypal.com/ https://www.facebook.com https://accept.authorize.net/payment/payment; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://ka-f.fontawesome.com; connect-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://rum-collector-2.pingdom.net https://stats.g.doubleclick.net/j/collect https://translate.googleapis.com https://www.bing.com/translator/api/translate https://www.google-analytics.com https://accept.authorize.net/payment/payment https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://www.googletagmanager.com; frame-ancestors 'self' *.nursys.com *.authorize.net 1
frame-ancestors 'self' https://*.adventureacademy.com 1
frame-ancestors 'self' www.castandcrew.com 1
default-src 'self'; script-src 'self' https://static.mailerlite.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://vitals.vercel-insights.com/v1/vitals https://static.mailerlite.com https://app.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://images.contentful.com http://images.contentful.com https://images.ctfassets.net http://images.ctfassets.net; frame-src 'self' https://www.google.com; frame-ancestors 'none' 1
img-src 'self' data: https://verhuuroffice.nl https://*.clarity.ms https://c.bing.com https://maps2.nbo.nl https://ikwilhuren.nu https://bi-mvgm2.eye-move.nl https://bi-hcf.eye-move.nl https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.at https://www.google.com.au https://www.google.az https://www.google.be https://www.google.com.br https://www.google.ch https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.co.in https://www.google.it https://www.google.nl https://www.google.co.nz https://www.google.pl https://www.google.se https://www.google.to https://www.google.com.tw https://www.google.com.ua https://www.google.co.uk https://www.google.co.ma https://www.google.ae https://www.google.sr https://www.google.me https://www.google.ro ;object-src 'none' ;default-src 'self' data: blob: https://*.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.google.com https://maps2.nbo.nl https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://td.doubleclick.net https://*.typekit.net https://service.pdok.nl https://*.clarity.ms https://cdn.cookiecode.nl https://api.cookiecode.nl https://www.google.com https://www.google.com.ar https://www.google.at https://www.google.com.au https://www.google.az https://www.google.be https://www.google.com.br https://www.google.ch https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.co.in https://www.google.it https://www.google.nl https://www.google.co.nz https://www.google.pl https://www.google.se https://www.google.to https://www.google.com.tw https://www.google.com.ua https://www.google.co.uk https://www.google.co.ma https://www.google.ae https://www.google.sr https://www.google.me https://www.google.ro 'unsafe-inline' 'unsafe-eval' ; report-uri https://verhuuroffice.nl/req/bin/csp/?mvgm=true 1
upgrade-insecure-requests; default-src 'self' https://d33jwwqjgyjnuj.cloudfront.net *.intercomcdn.com *.intercomassets.com *.youtube.com; base-uri 'self'; script-src 'self' https://d33jwwqjgyjnuj.cloudfront.net cdn.horizonwebref.com *.horizonwebref.com *.gstatic.com *.jquery.com *.quilljs.com *.googleapis.com *.youtube.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.12/cropper.min.js *.googleadservices.com *.google.com *.google.ca *.google.ie *.google.ae *.google.de *.google.pt *.google.hn *.google.fr *.google.co.uk *.google.co.nz *.google.com.mx *.google.com.au *.google.com.br *.google.co.jp *.google.com.sg *.google.com.pr *.google.nl *.google.co.th *.google.com.pa *.ampproject.org googletagmanager.com *.googletagmanager.com *.dwolla.com *.googlesyndication.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.intercomcdn.com *.intercom.io *.uservoice.com *.headwayapp.co *.stripe.com by2.uservoice.com https://unpkg.com/leaflet@1.4.0/ https://api.mapbox.com/mapbox.js/plugins/leaflet-fullscreen/ https://s3.amazonaws.com/downloads.mailchimp.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' d33jwwqjgyjnuj.cloudfront.net *.webspellchecker.net wss://*.intercom.io *.intercomcdn.com properties: *.dwolla.com *.intercom.io nexus-websocket-a.intercom.io *.doubleclick.net *.g.doubleclick.net stats.g.doubleclick.net *.facebook.com *.googlesyndication.com *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com; img-src * data: blob: https:; style-src 'self' https://d33jwwqjgyjnuj.cloudfront.net https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://api.mapbox.com/mapbox.js/plugins/leaflet-fullscreen/ https://cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.12/cropper.min.css https://unpkg.com/leaflet@1.4.0/ *.headwayapp.co *.jquery.com *.quilljs.com data: *.googleapis.com *.gstatic.com 'unsafe-inline'; frame-ancestors 'self' *.horizonwebref.com; form-action 'self' intercom.help *.intercom.com *.facebook.com *.facebook.net; font-src 'self' data: https://d33jwwqjgyjnuj.cloudfront.net/ *.webspellchecker.net *.intercomcdn.com *.intercomassets.com *.gstatic.com; frame-src 'self' https://d33jwwqjgyjnuj.cloudfront.net/ *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.google.com *.google.com.au *.google.ca *.facebook.com *.facebook.net headway-widget.net intercom-sheets.com *.horizonwebref.com *.horizonstaffscheduler.com *.dwolla.com *.googlesyndication.com *.stripe.com *.googleadservices.com *.opendns.com securityscorecard.com *.intercom-reporting.com; report-uri /csp_violations.hwr; 1
frame-ancestors 'self' https://www.immobilier-danger.com https://www.lelynx.fr https://www.ouest-france.fr https://www.pap.fr https://www.century21.fr https://www.orpi.com https://www.lavieimmo.com https://www.aide-sociale.fr https://www.banques-en-ligne.fr https://www.lefinanceur.fr https://www.financierement.fr https://www.leazing.fr https://www.assurementcourtier.fr https://www.assurementfinance.fr https://www.lemagdelimmobilier.com https://www.finna.fr https://www.explorimmoneuf.com https://www.capital.fr https://www.jechange.fr https://www.combien-emprunter.com https://proprietes.lefigaro.fr https://www.assurementfinance.fr https://www.aufilducredit.fr https://www.aide-sociale.fr https://maxiassur.fr https://www.credit-moins-cher.fr https://www.forumconstruire.com https://www.immonot.com https://mon-credit.co https://www.comparateurbanque.com https://www.lepretmalin.com https://www.onfaitconstruire.fr https://www.autocadre.com https://www.choisir.com https://www.simulationdecredit.fr https://www.pretargent.fr http://simulationcreditimmobilier.fr https://www.mon-credit-maison.fr https://www.terrain-construction.com https://www.empruntis-montpellier.com; base-uri 'self'; default-src https: blob:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https://www.empruntis.com/ blob:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' cdn.jsdelivr.net *.azureedge.net *.ghostretail.com *.userway.org *.clearbitjs.com *.evidon.com *.clearbitscripts.com *.bing.com *.clarity.ms qvdt3feo.com *.google.ca *.zscalerthree.net *.googlesyndication.com *.fontawesome.com *.demandbase.com *.6sc.co cdnjs.cloudflare.com *.actonsoftware.com *.mnp.ca *.callrail.com *.adnxs.com *.hscollectedforms.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.googleadservices.com gtm.js *.olark.com *.visualwebsiteoptimizer.com *.wufoo.com *.hsforms.com *.hsforms.net data.processwebsitedata.com *.calendly.com *.ubembed.com *.js.ubembed.com *.googleapis.com *.hubspot.com *.youtube.com *.vimeocdn.com *.stackadapt.com *.simpli.fi *.sharethis.com *.licdn.com *.hotjar.com *.googletagmanager.com *.jquery.com *.google.com www.gstatic.com www.google-analytics.com connect.facebook.net js.adsrvr.org platform.twitter.com secure.quantserve.com static.ads-twitter.com rules.quantcount.com insight.adsrvr.org analytics.twitter.com *.doubleclick.net; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net *.userway.org cdnjs.cloudflare.com *.actonsoftware.com *.mnp.ca *.googletagmanager.com *.olark.com *.typekit.net fonts.googleapis.com; font-src cdn.jsdelivr.net *.userway.org cdnjs.cloudflare.com *.mnp.ca *.fontawesome.com *.olark.com fonts.gstatic.com use.typekit.net; img-src 'self' data: *.ghostretail.com cdn.jsdelivr.net *.krxd.net *.userway.org *.evidon.com *.clarity.ms *.bing.com *.zscalerthree.net *.website-files.com *.rlcdn.com *.company-target.com *.bidr.io *.6sc.co *.sharethis.com *.twitter.com *.adnxs.com *.hsforms.com *.atedra.com *.olark.com *.visualwebsiteoptimizer.com *.gstatic.com *.googleapis.com *.hubspot.com *.googletagmanager.com *.facebook.net *.adsymptotic.com *.linkedin.com *.stackadapt.com *.google.ca *.google.com *.google.co.in *.doubleclick.net *.adsrvr.org pixel.quantserve.com www.google-analytics.com www.facebook.com dpm.demdex.net t.co; connect-src 'self' ws: *.googlesyndication.com *.dynamics.com *.evidon.com *.linkedin.com *.ghostretail.com *.userway.org *.clearbit.com *.clarity.ms *.facebook.com bcp.crwdcntrl.net *.google.com *.linkedin.oribi.io *.google.ca *.fontawesome.com *.adnxs.com *.company-target.com *.6sc.co *.callrail.com *.visualwebsiteoptimizer.com app.vwo.com *.hubapi.com *.hubspot.com *.olark.com *.events.ubembed.com *.hsforms.com *.s3.amazonaws.com *.hotjar.com *.hotjar.io *.sharethis.com *.google-analytics.com analytics.google.com *.googleapis.com *.doubleclick.net; frame-src 'self' *.dynamics.com *.userway.org *.evidon.com *.ghostretail.com *.googlesyndication.com *.hsforms.net *.mnp.ca *.podcasts.apple.com *.spotify.com *.olark.com *.pages.ubembed.com *.hsforms.com calendly.com *.sendthisfile.com *.sharethis.com *.hotjar.com *.consensu.org *.adsrvr.org *.youtube.com *.vimeo.com *.wufoo.com *.doubleclick.net insight.adsrvr.org www.facebook.com www.google.com; form-action 'self' *.mnp.ca www.facebook.com *.hsforms.com; media-src 'unsafe-inline' 'self' *.ghostretail.com *.evidon.com *.olark.com; 1
frame-ancestors 'self' *.pennantchase.com 1
script-src 'self' *.parom.hu *.premiumtarskereso.hu *.szenakazal.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org *.clarity.ms connect.facebook.net bbcdn-static.bbelements.com *.quantcast.com *.quantserve.com *.quantcount.com *.ibillboard.com cdn.jsdelivr.net *.bing.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: 1
default-src 'self' mailto: tel: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src 'self' 'unsafe-inline' blob: *.aia.com.ph; style-src 'self' 'unsafe-inline' *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com *.lemnisk.co https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.philamlife.com *.aia.com.ph *.google.com https://img.icons8.com *.aia-dfs.originally.us *.baidu.com *.moz.com *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com *.lemnisk.co *.contentsquare.net https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.philamlife.com *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://analytics.tiktok.com *.cloudflare.com https://dpm.demdex.net *.lemnisk.co *.dynatrace.com *.contentsquare.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.ucweb.com *.vzeesp.com *.dbankcloud.com *.googleapis.com *.dbankcloud.cn *.moz.com https://analytics.tiktok.com wss://uat.apigw.philamlife.com/ph/myaia/utility/v1-uat/ws wss://myaia.apigw.philamlife.com/ph/myaia/utility/v1/ws *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://c.go-mpulse.net/ *.akstat.io *.bf.dynatrace.com *.demdex.net *.contentsquare.net *.lemnisk.co https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: *.google.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.bancnetonline.com/ *.moz.com https://testpti.payserv.net/ https://ptiapps.paynamics.net/ https://8034780.fls.doubleclick.net/ https://aiagroup.demdex.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data:; media-src 'self' data: blob: *.google.com *.aia.com *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://*.aia.com.ph; 1
frame-ancestors 'self'; default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://*.vica.gov.sg va.ecitizen.gov.sg ifaqs.flexanswer.com www.google-analytics.com s3-us-west-2.amazonaws.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://*.wogaa.sg https://*.demdex.net/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@govtechsg/sgds-masthead/dist/sgds-masthead/sgds-masthead.css https://*.vica.gov.sg va.ecitizen.gov.sg https://assets.wogaa.sg/fonts/; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.jsdelivr.net/npm/@govtechsg/sgds-masthead/dist/sgds-masthead/ https://*.vica.gov.sg va.ecitizen.gov.sg ifaqs.flexanswer.com www.adobetag.com www.google-analytics.com/analytics.js https://*.wogaa.sg https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'self'; img-src 'self' data: https://bucket-common.vica.gov.sg/unified_webchat_image_feedback.png https://*.vica.gov.sg https://evvomedia.pc.cdn.bitgravity.com/ https://evvomedia.pc-s.cdn.bitgravity.com/ https://jwpltx.com https://dpm.demdex.net/ va.ecitizen.gov.sg www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/; frame-src 'self' https://v2.evvochannel.tv/ wogaa.demdex.net fast.wogaa.demdex.net dpm.demdex.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://evvomedia.pc-s.cdn.bitgravity.com/ va.ecitizen.gov.sg https://*.wogaa.sg https://dpm.demdex.net/ https://www.google-analytics.com www.google-analytics.com ws: https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com https://*.vica.gov.sg wss://chat.vica.gov.sg; font-src 'self' data: https://assets.wogaa.sg/fonts/ s3-us-west-2.amazonaws.com va.ecitizen.gov.sg; frame-ancestors 'none'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.autotorino.it https://fonts.gstatic.com *.typekit.net *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com acsbapp.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://0merchantacsstag.cardinalcommerce.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.google.com *.yotpo.com *.autotorino.it https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://bid.g.doubleclick.net https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com *.cookiebot.com https://player.vimeo.com *.videoask.com *.typeform.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.criteo.com youtube.com *.doubleclick.net *.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://www.google.it https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.nimbata.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com https://img.youtube.com https://www.facebook.com https://www.youtube.com https://www.bat.bing.com *.google.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.outbrain.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.emxdgt.com *.adform.net *.omnitagjs.com *.criteo.com id5-sync.com *.ivitrack.com *.mediavine.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.pubmatic.com *.krxd.net *.thebrighttag.com *.allibo.com *.acsbapp.com *.zuko.io acsbapp.com *.shopify.com *.shopifycdn.com *.postrelease.com *.evergage.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com https://www.youtube.com *.yotpo.com *.autotorino.it https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://googleads.g.doubleclick.net *.google-analytics.com https://c.paypal.com https://www.clarity.ms *.clarity.ms *.omappapi.com *.optinmonster.com *.cloudflareinsights.com https://songbirdstag.cardinalcommerce.com https://joblink.allibo.com https://connect.facebook.net https://bat.bing.com *.jquery.com *.cookiebot.com *.criteo.net *.criteo.com *.typeform.com *.microsoft.com *.livechat.com *.fontawesome.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.outbrain.com *.allibo.com *.acsbapp.com acsbapp.com *.mousestats.com *.jotform.io *.zuko.io *.unpkg.com unpkg.com *.shopifycdn.com *.googlesyndication.com *.evgnet.com *.evergage.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cloudinary.com *.cloudinary.com *.yotpo.com *.googleapis.com *.autotorino.it https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com *.typekit.net https://joblink.allibo.com *.typeform.com *.fontawesome.com *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.evergage.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.evergage.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com *.google-analytics.com *.googlesyndication.com *.cookiebot.com https://centinelapistag.cardinalcommerce.com *.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://www.youtube.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com https://joblink.allibo.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cloudflareinsights.com *.criteo.com *.google.it *.bing.com *.acsbapp.com *.mousestats.com *.zuko.io acsbapp.com *.shopifysvc.com *.myshopify.com *.evergage.com *.typeform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; img-src 'self' data: https://api.stand.fail https://stand.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net https://flagcdn.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://tra.cker.club; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://maps.googleapis.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://intercom-sheets.com https://intercom.help; frame-ancestors 'self' https://app.utorg.pro; connect-src 'self' data: wss://stand.fail/api/ws https://stand.fail https://*.giphy.com https://*.ingest.sentry.io https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.intercom.io wss://*.intercom.io wss://*.hotjar.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://tra.cker.club; object-src 'none'; 1
frame-ancestors https://*.kneipp.com 1
font-src 'self' fonts.gstatic.com cdn.appsflyer.com/creatives-fonts/ cs.inappstory.ru/ cdn.zvuk.com sber-zvuk.com;form-action 'self' sber-zvuk.com;base-uri 'self' sber-zvuk.com;manifest-src 'self' sber-zvuk.com;style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com fonts.googleapis.com cdn.zvuk.com sber-zvuk.com *.mindbox.ru;frame-ancestors 'self' *.sber.ru *.sber.com *.championat.com https://id.zvuk.com https://pr.zvuk.com;object-src 'none';media-src data: 'self' blob: *.zvuk.com unisound.cdnvideo.ru/static/creative/audio/ r.mradx.net *.emgsound.ru *.cdnvideo.ru *.101.ru:* *.n340.com:8443 *.hostingradio.ru:* icecast-zvezda.mediacdn.ru/radio/zvezda/zvezda_128 online.uniton.ru/uniton live.rzs.ru/ka.128.mp3 radio.mediacdn.ru radio.nikatv.ru online.mariafm.ru:8443/MariaFM 21220.web.hosting-russia.ru/transmit1044 stream.newradio.ru stream.studio21.ru online-fefm.signaltv.net:8443 hls.studio21.ru hls.newradio.ru air.unmixed.ru/lradio256 streamer01.1028.fm:8443/arstream microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64_reg_44 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_dacha_64_reg_1093 microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_14_dacha_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_18_vostok_64_reg_1 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_13_taxi_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_19_ruhit_64_reg_1 mg-kompas.ru/k1074 mg-kompas.ru/k1067 mg-kompas.ru/t1001 online2.gkvr.ru:8001/europa_eka_64.aac cdn.pifm.ru/mp3 hls.kalina.fm hls-radiokrasnodar.cdnvideo.ru radio.izhlife.ru hit.trkeurasia.ru sber-zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com cdn64.zvuk.com cdn.zvuk.com;child-src 'self' blob: sber-zvuk.com;frame-src 'self' *.fls.doubleclick.net/ sberzvook.clients.webcaster.pro hcaptcha.com *.hcaptcha.com mc.yandex.ru/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru sportrecs.com/embed/ secure.payture.com www.youtube.com/ online.sberbank.ru/CSAFront/oidc/authorizelow.do id.sber.ru content.adriver.ru sber-zvuk.com www.afisha.ru https://id.zvuk.com https://pr.zvuk.com vast.playmatic.video/ api.flocktory.com/ games.inappstory.com/;img-src 'self' data: blob: *.sber-zvuk.com *.zvuk.com *.zvooq.com zvooq.com zvuk.com www.tns-counter.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru/ profile.ssp.rambler.ru/ *.instreamatic.com unisound.cdnvideo.ru/static/creative/image/ *.adriver.ru x01.aidata.io pixel.konnektu.ru ad.mail.ru/ rtb-moscow.mail.ru *.ops.beeline.ru/ *.rtb.mts.ru/ an.yandex.ru/ rs.mail.ru/pixel/ r.mradx.net ad.doubleclick.net/ddm/trackimp/ kraken.rambler.ru/cnt/ login.vk.com cdn.appsflyer.com/creatives-mgmt/static-content/ analytics.tiktok.com impressions.onelink.me image-service.obs.ru-moscow-1.hc.sbercloud.ru obs-image-service-mz.obs.ru-moscow-1.hc.sbercloud.ru www.gstatic.com ssl.gstatic.com favicon.yandex.net/favicon/v2/zvuk.com cs.inappstory.ru/ sber-zvuk.com *.mindbox.ru secure.usedesk.ru vma.mts.ru/match/second api.flocktory.com/ ssp.rambler.ru mts-dsp-sync.rutarget.ru get4click.ru cdn.zvuk.com;connect-src data: 'self' catch.sbervisor.ru online.sberbank.ru id.sber.ru cms-res.online.sberbank.ru sve.online.sberbank.ru visor.sberbank.ru report.zvuk.com ads.adfox.ru *.adriver.ru tns-counter.ru ssp.rambler.ru kraken.rambler.ru dsp-rambler.ru *.ssp.rambler.ru *.instreamatic.com analytics.tiktok.com af-event-logger.appsflyer.com banner.appsflyer.com hcaptcha.com *.hcaptcha.com api.inappstory.ru/v2/ *.emgsound.ru hls.studio21.ru hls.newradio.ru hls-radiokrasnodar.cdnvideo.ru hls.kalina.fm *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr  *.sd-rtn.com wapi.afisha.ru creatives-cdn.appsflyer.com api.usedesk.ru pubsubsec2.usedesk.ru secure.usedesk.ru fcm.googleapis.com upload-bff.zvuk.com *.adlooxtracking.com:* zvuk.com msdrm.zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com   cdn64.zvuk.com zvuk.com monolith.zvq.me zvuk.com federation.zvq.me id.sber.ru wss://pubsubsec2.usedesk.ru firebase.googleapis.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com www.google-analytics.com cms-res-web.online.sberbank.ru/sberid/BlackList/Button/No_Button.json *.2gis.com *.2gis.ru;script-src 'nonce-1df8e219-502e-423b-b307-c601d2ecacfe' 'self' ssp.rambler.ru/capirs_async.js hcaptcha.com *.hcaptcha.com dsp-rambler.ru/tpl/Unbounded/ ads.adfox.ru/getid content.adriver.ru ad.adriver.ru analytics.tiktok.com *.instreamatic.com websdk.appsflyer.com synchrobox.adswizz.com adlooxtracking.ru *.adlooxtracking.ru top-fwz1.mail.ru/js/code.js cdn.jsdelivr.net/npm/hls.js@latest sdk.inappstory.com/ sdk.inappstory.ru/ api.inappstory.ru/ *.mindbox.ru cdn.zvuk.com sber-zvuk.com mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr lib.usedesk.ru www.googletagmanager.com www.afisha.ru/w/ticketmanager.js get4click.ru api.flocktory.com partners.sbermarketing.ru/api/tracker/sdk.js 'sha256-ChUScVqwlZ5LajFSOi49H77LqYNje29cTNZM2V00VTM=' 'sha256-BvaZL6lFd0cUnpTj8qIXeZzuk2OsocIfThlS8sMe/D8=' *.2gis.com;default-src 'none';report-uri https://report.zvuk.com/api/21/security/?sentry_key=15d647f4c7eb422d98dc820cfc9b311f 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705982289; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
image-src 'self'; 1
frame-ancestors 'self'; report-to https://empire.report-uri.com/r/d/csp/enforce 1
frame-ancestors *.listenlively.com *.jabraenhance.com 1
frame-ancestors https://*.etracker.com https://*.etracker.de https://www.pilz.com; frame-src 'self' *.cookiebot.com *.etracker.com *.etracker.de *.pilz.com *.signalize.com *.vimeo.com *.worldpay.com vimeo.com www.facebook.com; script-src 'nonce-14741d616f1e86171467fcc1d077da36' 'self' 'sha256-6NTzwwonHCuchbsHvWyXZBkztJReJYgIIszy5ZViMyA=' 'sha256-6g6TyOnnzOVNxI2m41eXkOTtoiNydslM13x3BUnHCWI=' 'sha256-9Okx8csbXHuOUSqNFPzubOazpHQx4k7d0b2BWVS+eKA=' 'sha256-PoktmZQkl424QxKfaYkCiD1VezqFkcfEzfPaJ+C+hrc=' 'sha256-k+NpGJV/ukcTaF1DQUHWvde1eVY6jUi7zDonSNRaAO4=' 'sha256-mdi1D8Gr7PLz36EIt0sUgrhOVup/Equ9K1AGIXNTLqs=' 'sha256-rNe0S5NjVrhq4wSix1OPzmrcudsDwIXDM1LrxD0CLzI=' consent.cookiebot.com https://*.etracker.de https://*.pilz.com https://*.vimeocdn.com/ https://api.signalize.com https://connect.facebook.net https://consentcdn.cookiebot.com https://maps.googleapis.com https://player.vimeo.com https://www.googletagmanager.com stats.pilz.com; 1
default-src 'unsafe-eval' 'unsafe-inline' img-src: 'self' data: issuu.com *.issuu.com *.spotify.com *.instagram.com *.megaphone.fm *.podcasts.apple.com *.apple.com *.monday.com *.soundcloud.com *.w.org *.whooshkaa.com *.elmotalent.com.au *.mailchimp.com *.eventbrite.com.au *.eventbrite.com *.googletagmanager.com *.crazyegg.com *.jquery.com *.datatables.net *.cloudflare.com *.pinterest.com developers.google.com *.google.com *.google.co.in *.google.com.au *.twitter.com *.youtube.com *.doubleclick.net *.bootstrapcdn.com *.gstatic.com *.grv.org.au *.wpengine.com *.facebook.net *.facebook.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.googlecode.com *.windows.net 1
frame-ancestors app.storyblok.com *.pub.sfmc-content.com cloud.my.silhouette-group.com www.silhouette.com 1
update-insecure-requests 1
frame-ancestors 'self' *.jeuxonline.info 1
default-src 'self' https://dmbqekwh0sti7.cloudfront.net/; base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; object-src 'self' https://www.youtube-nocookie.com/ blob:; child-src 'self' https://*.aegon.nl/ https://aegon.24sessions.com/ https://d6tizftlrpuof.cloudfront.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://apis.google.com/ https://accounts.google.com/ https://optimize.google.com/ https://static.licdn.com/ https://www.youtube-nocookie.com/ https://funnels.aegon.nl/ https://player.quadia.net/ https://www.youtube.com/ https://www.googletagmanager.com/; img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://log.firedesk.nl/aegon/ https://ssl.gstatic.com/analytics-suite/header/suite/v2/ic_tag_manager.svg https://www.gstatic.com/images/icons/material/system/1x/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.google.nl/pagead/ https://d6tizftlrpuof.cloudfront.net/ https://static.licdn.com/ https://bat.bing.com/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://googleads.g.doubleclick.net/pagead/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.awin1.com/sread.img https://www.awin1.com/sread.php https://s3.amazonaws.com/glancecdn/ https://s3-eu-west-1.amazonaws.com/anl-ma-staticcontent/ https://s3-eu-west-1.amazonaws.com/anl-ma-static-content/ https://www.facebook.com/ https://stats.g.doubleclick.net/ https://prd.jwpltx.com/ https://rid.webtvframework.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://www.googleadservices.com/pagead/conversion/ https://optimize.google.com/ https://apmeum.aegon.com/ https://*.novusoft.nl/static/img/ https://www.google.com/ads/ https://www.google.nl/ads/ https://secure.adnxs.com/px https://secure.adnxs.com/seg https://assets.secumail.nl/img/aegon/ https://assets.secumail.nl/img/default/ https://storage.glancecdn.net/cobrowse/ https://content.solera.nl/isa-vfoto/autotelex https://www.nl.aegon.com/ https://*.gstatic.com https://www.google.com/images/cleardot.gif blob:; frame-src 'self' https://optimize.google.com https://www.youtube.com https://particulier.aegon.nl https://*.aegon.nl/ https://d6tizftlrpuof.cloudfront.net/; frame-ancestors 'self'; font-src 'self' data: aeon-cdn-prod.axlops.nl.aegon.io https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://aegon.24sessions.com/ https://themes.googleusercontent.com/static/fonts/opensans/ https://d6tizftlrpuof.cloudfront.net/live/resources/fonts/ https://fonts.gstatic.com/ https://*.novusoft.nl/static/fonts/ https://*.novusoft.nl/static/css/fonts/ https://player.quadia.net/ https://storage.glancecdn.net/cobrowse/ https://d6tizftlrpuof.cloudfront.net/themes/production/nlaegon-aegon-2022-font-file-url-db64c51123ddff1174f975e859558a7c.woff https://optimize.google.com https://*.mopinion.com; form-action 'self' https://*.intra.aegon.nl https://www.verzuimsignaal2.nl/pub/request_handler.php; manifest-src 'self' https://aeon-cdn-prod.axlops.nl.aegon.io/assets/latest/favicon/aegonnl/site.webmanifest; style-src 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://aegon.24sessions.com/ https://styles.24sessions.com/ui-theme.css https://d6tizftlrpuof.cloudfront.net/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/ https://tagmanager.google.com/debug/css.css https://fonts.googleapis.com/ https://optimize.google.com/ https://*.novusoft.nl/ https://player.quadia.net/ https://storage.glancecdn.net/cobrowse/ https://*.glancecdn.net/ cdn.jsdelivr.net https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://aegon-nonlife-api-flexfunnel.novusoft.nl/static/css/themes/wvtp.min.css https://d6tizftlrpuof.cloudfront.net/live/ https://d6tizftlrpuof.cloudfront.net/ https://fonts.googleapis.com https://optimize.google.com https://*.glancecdn.net/cobrowse/styles/Cobrowse_5.4.3.css https://*.glancecdn.net/cobrowse/customstyles/CustomSkin_19459_P.css https://translate.googleapis.com/translate_static/css/translateelement.css https://www.gstatic.com https://*.glancecdn.net/ cdn.jsdelivr.net https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; script-src 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-eval' https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://eu-de.appid.cloud.ibm.com/ https://cdn.botframework.com/ https://aegon.24sessions.com/ https://s.ytimg.com/yts/jsbin/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/ https://glancecdn.net/cobrowse/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/cobrowse/ https://code.highcharts.com/9.1.0/highcharts.js https://code.highcharts.com/9.1.0/highcharts-more.js https://code.highcharts.com/9.1.0/modules/accessibility.js https://cdn.appdynamics.com/ https://platform.linkedin.com/ https://platform.twitter.com/ https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://apis.google.com/ https://maps.googleapis.com/ https://code.jquery.com/ https://connect.facebook.net/ https://d6tizftlrpuof.cloudfront.net/ https://*.google-analytics.com/ https://www.google-analytics.com https://optimize.google.com/ https://*.salesforceliveagent.com/ https://*.novusoft.nl/ https://az416426.vo.msecnd.net/scripts/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleoptimize.com/optimize.js https://player.quadia.net/ https://ssl.p.jwpcdn.com/player/ https://www.googleadservices.com/pagead/ https://portal.secumail.nl/v5/assets/js/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.google.com/js/bg/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://storage.glancecdn.net/cobrowse/ https://js-agent.newrelic.com/nr-rum-1.246.1.min.js https://js-agent.newrelic.com/nr-1216.min.js https://translate-pa.googleapis.com/v1/supportedLanguages https://*.glancecdn.net/ https://*.mopinion.com data: cdn.jsdelivr.net cdnjs.cloudflare.com https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com; script-src-elem 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/bootstrap https://*.google-analytics.com/ https://aegon-nonlife-api-flexfunnel.novusoft.nl/ https://code.jquery.com/ https://az416426.vo.msecnd.net/scripts/ https://portal.secumail.nl/v5/assets/js/ https://aegon.24sessions.com/ https://d6tizftlrpuof.cloudfront.net/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://code.highcharts.com/ https://js-agent.newrelic.com/nr-1215.min.js https://js-agent.newrelic.com/nr-rum-1.246.1.min.js https://bam.nr-data.net/1/NRJS-a680a937ef6e365bd3c https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js https://js-agent.newrelic.com/nr-1216.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/4012566.js https://glancecdn.net/cobrowse/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/cobrowse/ https://storage.glancecdn.net/cobrowse/ https://optimize.google.com/ https://www.googleoptimize.com/optimize.js https://www.googleadservices.com/pagead/ https://cdn.botframework.com/botframework-webchat/4.13.0/webchat-minimal.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/exm=el_conf/ed=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/m=el_main https://translate-pa.googleapis.com/v1/supportedLanguages https://js-agent.newrelic.com/* https://js-agent.newrelic.com/552.2d6a2503-1220.js https://js-agent.newrelic.com/290.2d6a2503-1220.js https://js-agent.newrelic.com/368.2d6a2503-1220.js https://js-agent.newrelic.com/768.2d6a2503-1220.js https://js-agent.newrelic.com/775.2d6a2503-1220.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.I_n1hHNKRQg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq1BaON9PeD_0qd-QgiiAO9yry5vg/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.tvzdIv5D-Fk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq0reXC1mmnnZ1UyCZOCXrnJUuBeA/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.JTyN52BySEs.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpzThVPOJaHoq9wj-dvUsLWTH3i5w/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.eyrOBZP0LRM.O/am=Cg/d=1/exm=el_conf/ed=1/rs=AN8SPfoNTgPl7r65db7DhKqDHEC07ZqHpw/m=el_main https://translate.googleapis.com/_/translate_http/_/js/ https://*.glancecdn.net/ https://*.mopinion.com cdn.jsdelivr.net cdnjs.cloudflare.com https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com; connect-src 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://eu-de.appid.cloud.ibm.com/ https://*.aegon.com/ https://keeper.24sessions.com/api/v1/instance/timeslots/available/ https://directline.botframework.com/ wss://directline.botframework.com/ https://*.s3-accelerate.amazonaws.com/ https://s3.eu-west-1.amazonaws.com/secumail.cloud.processed/ https://*.google-analytics.com/ https://log.firedesk.nl/aegon/ https://bat.bing.com/actionp/ https://www.linkedin.com/analytics/ https://*.novusoft.nl/ https://dc.services.visualstudio.com/ https://*.glance.net/ wss://*.glance.net/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/ https://www.googleapis.com/youtube/ https://fra-col.eum-appdynamics.com/ https://stats.g.doubleclick.net/ https://quadia.webtvframework.com/ https://api.secumail.nl/ https://storage.glancecdn.net/cobrowse/ https://maps.googleapis.com/ https://bam.nr-data.net/1/NRJS-a680a937ef6e365bd3c https://bam.nr-data.net/events/1/NRJS-a680a937ef6e365bd3c https://translate.googleapis.com/element/log https://translate.googleapis.com/translate_a/t https://cacheorcheck.mopinion.com/ https://survey.mopinion.com https://*.mopinion.com blob:; report-to csp-endpoint; report-uri /beacon/deprecated/csp https://www.aegon.nl/report-uri/enforce; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' *.linkedin.com *.nkolay.com *.aktifbank.com.tr *.doubleclick.net *.google.com.tr *.maps.googleapis.com *.googleapis.com *.googleoptimize.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-eval'  'unsafe-inline' *.aktifbank.com.tr *.nkolay.com *.maps.googleapis.com *.googleapis.com *.cloudflare.com *.efilli.com *.google-analytics.com *.google.com.tr *.google.com *.googleoptimize.com *.gstatic.com  *.facebook.com  *.facebook.net *.fbcdn.net  *.linkedin.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.aktifbank.com.tr *.linkedin.com *.nkolay.com *.googleoptimize.com *.googleapis.com 1
default-src 'self' https://nia.identitaobcana.cz; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://nia.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; connect-src 'self' https://www.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data:;  script-src 'self' portal.gov.cz *.portal.gov.cz https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ matomoas.westeurope.cloudapp.azure.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' blob: * 1
default-src 'self' *.dailian.co.kr *.google.co.kr *.google.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.naver.com *.kakao.com *.taboola.com *.facebook.net *.facebook.com *.youtube.com *.ad4989.co.kr *.doubleclick.net gum.criteo.com *.livere.net *.livere.me saluton.cizion.com/livere *.dable.io *.criteo.com *.criteo.net *.adop.cc *.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz *.shoppingcall.me *.pltapad.com *.innorame.com *.adinc.kr *.aceplanet.co.kr *.intentiq.com *.gstatic.com *.bfmio.com *.tend-table.com *.rubiconproject.com *.covi.co.kr *.wecandeo.com *.navercorp.com *.ampproject.net *.tadapi.info *.openx.net *.rtbhouse.com id5-sync.com *.crwdcntrl.net *.adpnut.com *.digitalcamp.co.kr *.targetpush.co.kr *.yahoo.com *.jsdelivr.net *.astasdf.net 'unsafe-inline';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' openweathermap.org *.dailian.co.kr *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.co.kr *.scorecardresearch.com *.adop.cc *.criteo.com *.criteo.net *.ytimg.com *.intentiq.com *.covi.co.kr *.widerplanet.com *.skplanet.com *.rubiconproject.com *.smaato.net *.pstatic.net *.naver.net *.amazonaws.com *.adnxs.com *.cloudfront.net *.socdm.com *.adscale.de *.smartadserver.com *.contextweb.com *.yahoo.com *.bluekai.com *.zeotap.com *.mookie1.com *.agkn.com *.connexity.net *.liadm.com *.onaudience.com *.doubleclick.net *.rlcdn.com *.pubmatic.com ml314.com *.adsrvr.org *.lijit.com id5-sync.com *.advertising.com *.bidswitch.net *.crwdcntrl.net *.mfadsrvr.com *.openx.net *.krxd.net *.3lift.com *.casalemedia.com creativecdn.com *.stackadapt.com *.opera.com *.im-apps.net pippio.com *.w55c.net *.admixer.net *.turn.com *.betweendigital.com *.adition.com *.mathtag.com *.ad-m.asia *.loopme.me *.audrte.com *.mathtag.com *.demdex.net *.admatrix.jp *.google.com *.ipredictive.com *.inmobi.com *.adform.net *.semasio.net *.everesttech.net *.amazon-adsystem.com *.gumgum.com *.mediago.io *.primis.tech *.digitalcamp.co.kr *.sharethis.com *.popin.cc *.yieldmo.com *.1rx.io *.omnitagjs.com *.targeting.unrulymedia.com *.media.net *.sitescout.com *.pro-market.net *.postrelease.com *.adtive.com *.adplex.co.kr *.targetpush.co.kr *.facebook.com *.taboola.com *.astasdf.net data:;object-src 'none';script-src 'self' *.dailian.co.kr *.google.co.kr *.google.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.naver.com *.kakao.com *.taboola.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net *.doubleclick.net *.livere.net *.livere.com *.dable.io *.mci1.co.kr *.kakaocdn.net *.perfectmarket.com *.scorecardresearch.com *.adop.cc *.da29e6b8-f018-490f-b25f-39a887fc95e7.xyz *.aceplanet.co.kr *.ad4989.co.kr *.pstatic.net *.naver.net *.covi.co.kr *.ampproject.org *.rubiconproject.com *.hani.co.kr *.adingo.jp *.id5-sync.com *.creativecdn.com *.crwdcntrl.net *.uidapi.com *.openxcdn.net *.digitalcamp.co.kr *.targetpush.co.kr *.adtive.com *.yahoo.com *.33across.com *.adplex.co.kr *.jsdelivr.net *.astasdf.net 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-hashes' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
connect-src 'self' *.bigid.com *.bigidprivacy.cloud *.dspm.ai *.usercentrics.eu *.hsforms.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.fontawesome.com *.document360.io *.gopronto.io *.googleapis.com *.gstatic.com *.jsdelivr.net *.iconify.design *.bigid.tools; 1
default-src 'self' data: data:* https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://code.createjs.com/createjs-2015.11.26.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.googleapis.com; frame-src 'self'; frame-ancestors 'self';font-src 'self' data: data:* https://fonts.gstatic.com; 1
default-src 'self' *.nonstopbonus.com *.getsitecontrol.com *.getsitectrl.com *.youtube.com *.datamother.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.getsitecontrol.com *.getsitectrl.com;connect-src 'self' *.getsitecontrol.com *.getsitectrl.com *.googletagmanager.com *.google-analytics.com *.firebaseio.com *.doubleclick.net  wss: datamother.com;img-src 'self' data: *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self';font-src data: 'self' *.getsitecontrol.com *.getsitectrl.com 1
default-src 'self'; frame-ancestors 'self' https://www.iil.slackandcompany.com/ https://iil.slackandcompany.com/ http://www.iil.slackandcompany.com/ http://iil.slackandcompany.com/ https://www.insideidealabs.com/ https://insideidealabs.com/ http://www.insideidealabs.com/ http://insideidealabs.com/ https://www.insideidealabs.com.ar https://insideidealabs.com.ar http://www.insideidealabs.com.ar http://insideidealabs.com.ar https://www.insideidealabs.de https://insideidealabs.de http://www.insideidealabs.de http://insideidealabs.de https://www.insideidealabs.pe https://insideidealabs.pe http://www.insideidealabs.pe http://insideidealabs.pe https://www.insideidealabs.com.br https://insideidealabs.com.br http://www.insideidealabs.com.br http://insideidealabs.com.br https://www.insideidealabs.jp https://insideidealabs.jp http://www.insideidealabs.jp http://insideidealabs.jp https://www.insideidealabs.eu https://insideidealabs.eu http://www.insideidealabs.eu http://insideidealabs.eu https://www.insideidealabs.co.kr https://insideidealabs.co.kr http://www.insideidealabs.co.kr http://insideidealabs.co.kr https://www.insideidealabs.kr https://insideidealabs.kr http://www.insideidealabs.kr http://insideidealabs.kr https://www.insideidealabs.cn https://insideidealabs.cn http://www.insideidealabs.cn http://insideidealabs.cn https://www.insideidealabs.com.cn https://insideidealabs.com.cn http://www.insideidealabs.com.cn http://insideidealabs.com.cn https://www.insideidealabs.mx https://insideidealabs.mx http://www.insideidealabs.mx http://insideidealabs.mx https://www.insideidealabs.sg https://insideidealabs.sg http://www.insideidealabs.sg http://insideidealabs.sg https://www.insideidealabs.asia https://insideidealabs.asia http://www.insideidealabs.asia http://insideidealabs.asia https://www.insideidealabs.co https://insideidealabs.co http://www.insideidealabs.co http://insideidealabs.co https://www.insideidealabs.co.uk https://insideidealabs.co.uk http://www.insideidealabs.co.uk http://insideidealabs.co.uk https://www.insideidealabs.uk https://insideidealabs.uk http://www.insideidealabs.uk http://insideidealabs.uk http://iildev.rivetagency.com https://fcuat-myingredion.cs166.force.com http://myingredion.com https://myingredion.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; media-src 'self' *; connect-src 'self' *; frame-src  'self' *; style-src 'self' 'unsafe-inline' * 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-fy146JHzs0ENYZAXPLEsQ2vAZ9JU5R' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; child-src http: https:; frame-ancestors http: https:; object-src http: https: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-KByts2SnrftlHsLPIbVKSCVvB8k89iemIj8nZnWfBBkkYR+I' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; img-src 'self' https:; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' http: https:; worker-src * data: blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com esquared.bamboohr.com; img-src * data: *.ctfassets.net; frame-src * *.zohopublic.com; connect-src *; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' videos.ctfassets.net; base-uri 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' perfalytics.com www.googletagmanager.com ajax.googleapis.com mychart.crh.org mychartpoc.crh.org crhepic-mc02.crh.org http://mychartpoc.crh.org/mychartpoc/Scripts/lib/Widget/widget_sdk.js assets.transparently.com bbox.blackbaudhosting.com payments.blackbaud.com ajax.aspnetcdn.com https://dec.azureedge.net/ cdn.ampproject.org https://www.google.com/recaptcha/api.js www.gstatic.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' 'unsafe-inline' mychart.crh.org bbox.blackbaudhosting.com netdna.bootstrapcdn.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' data: blob: www.crh.org bbox.blackbaudhosting.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://dec.azureedge.net https://*.dec.sitefinity.com *.azureedge.net crhorg.sitefinity.cloud crhorg-stg.sitefinity.cloud *.crh.org www.googletagmanager.com server.arcgisonline.com *.google-analytics.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' ka-f.fontawesome.com maxcdn.bootstrapcdn.com data: kendo.cdn.telerik.com; frame-src 'self' bbox.blackbaudhosting.com/ mychart.crh.org www.google.com web-chat.nativechat.com; connect-src 'self' https://*.dec.sitefinity.com *.visualstudio.com assets.transparently.com ka-f.fontawesome.com mychartpoc.crh.org crhepic-mc02.crh.org mychart.crh.org perfalytics.com api.perfalytics.com *.google-analytics.com https://*.insight.sitefinity.com; media-src 'self' data: blob: *.crh.org *.azureedge.net; child-src 'self' mychart.crh.org crhepic-mc02.crh.org bbox.blackbaudhosting.com tcfpa10k-wcg.crh.org web-chat.nativechat.com; frame-ancestors 'self' https://www.crh.org https://mychart.crh.org 1
default-src 'self'; script-src 'report-sample' 'self' www.google-analytics.com/analytics.js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-uogddBLIKmJa413dyT0iPejBg3VFcO+4x6B+vw3jng0=' 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik='; script-src-elem 'report-sample' 'self' www.google-analytics.com/analytics.js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-uogddBLIKmJa413dyT0iPejBg3VFcO+4x6B+vw3jng0=' 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org www.google-analytics.com stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net live-samples.developer.allizom.xyz *.mdnplay.dev *.mdnyalp.dev jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org www.google-analytics.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net; child-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' blob: https://*.gurobi.com; child-src SAMEORIGIN gurobi-dev.flywheelsites.com *.gurobi.com; default-src 'self' gurobi-dev.flywheelsites.com *.gurobi.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com data: cdn.plyr.io i.ytimg.com andreasmb.github.io api.lever.co vimeo.com i.vimeocdn.com cdn.linkedin.oribi.io www.google-analytics.com analytics.demandjump.com secure.adnxs.com c.6sc.co ipv6.6sc.co cdn.linkedin.oribi.io *.google-analytics.com analytics.demandjump.com secure.adnxs.com *.6sc.co *.linkedin.com *.adroll.com *.google.com *.facebook.com ipv4.d.adroll.com px.ads.linkedin.com *.6sc.co *.doubleclick.net *.googletagmanager.com a1.b0e8.com cdn.bizible.com cdn.bizibly.com *.hotjar.com *.hotjar.io ws.hotjar.com 181-zys-005.mktoresp.com pagead2.googlesyndication.com; frame-src 'self' https://*.gurobi.com *.marketo.com *.youtube.com *.vimeo.com *.google.com *.brighttalk.com *.hotjar.com static.addtoany.com whova.com calendly.com *.facebook.com *.hsforms.net *.hsforms.com *.statuspage.io 181-zys-005.mktoresp.com td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gurobi.com *.google.com *.gstatic.com *.google-analytics.com ajax.googleapis.com munchkin.marketo.net *.marketo.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com cdn.jsdelivr.net *.hotjar.com *.hotjar.io googleads.g.doubleclick.net snap.licdn.com connect.facebook.net static.addtoany.com bat.bing.com *.adroll.com player.vimeo.com *.brighttalk.com *.bc0a.com *.b0e8.com *.6sc.co *.demandjump.com whova.com d1keuthy5s86c8.cloudfront.net *.calendly.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com *.youtube.com cdn.bizible.com cdn.bizibly.com 181-zys-005.mktoresp.com; 1
default-src *;  style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; img-src 'self' data: *; 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self' genius.avoxi.com orders.avoxi.com development-us1.avoxi.com staging-us1.avoxi.com staging-us2.avoxi.com local.avoxi.com core.avoxi.com development-iw1.avoxi.com development-iw2.avoxi.com development-iw3.avoxi.com development-iw4.avoxi.com development-iw5.avoxi.com shoppingcart-development-iw1.avoxi.com shoppingcart-development-iw2.avoxi.com shoppingcart-development-iw3.avoxi.com shoppingcart-development-iw4.avoxi.com shoppingcart-development-iw5.avoxi.com shoppingcart-development-us1.avoxi.com shoppingcart-staging.com shoppingcart-staging-us2.avoxi.com *.avoxi.com; 1
default-src 'none'; script-src 'self' https://umami.sp-codes.de; object-src 'none'; style-src 'self'; img-src 'self' https://status.sp-codes.de https://shields.sp-codes.de; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://plausible.sp-codes.de https://umami.sp-codes.de 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.hotjar.com *.yandex.ru *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ads-twitter.com *.twitter.com https://dev.visualwebsiteoptimizer.com https://static.criteo.net https://isortagim.hangikredi.com https://sslwidget.criteo.com https://cdn.ampproject.org https://cdn.dataroid.com https://cdn.efilli.com https://www.tiktok.com https://www.amazon.com https://analytics.tiktok.com https://c.amazon-adsystem.com/ https://bonuscomtr.api.useinsider.com *.useinsider.com 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.twitter.com *.brandweer.nl *.brandweernederland.nl *.googleapis.com cdnjs.cloudflare.com *.google-analytics.com *.gstatic.com *.readspeaker.com www.google.com ssl.medialive.nl *.scribit.pro *.youtube-nocookie.com 1
frame-ancestors 'self' https://dev07-eu01-debeers.demandware.net/ https://demo-eu01-debeers.demandware.net/ *.debeers.co.uk *.debeers.com *.debeers.com.cn *.debeers.fr *.debeers.ca *.debeers.hk *.debeers.tw debeers.ca debeers.co.uk debeers.com debeers.fr debeers.hk debeers.tw debeers.com.cn; 1
default-src 'self' data: https://*.doofinder.com/ https://*.quivers.com https://*.cloudfront.net https://*.klarna.com https://*.fischersports.com https://*.youtube.com https://*.hotjar.com https://*.mollie.com https://*.3dfits.com https://*.stripe.com https://*.outtra.com https://*.locally.com https://cookiehub.net https://images.prismic.io https://fonts.gstatic.com https://fonts.googleapis.com/ https://cdn.3dfits.com https://vars.hotjar.com https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com/ https://www.google-analytics.com https://ajax.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com; script-src 'self' https://js.bankpay.certegy.com/ https://fischer-sports-matomo.scalecommerce.cloud/ https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.googleapis.com/ https://*.mouseflow.com/ https://*.paypal.com/ https://*.bluesnap.com/ https://*.paypalobjects.com https://*.quivers.com/ https://*.twitter.com/ https://*.taggbox.com https://*.doofinder.com/ https://*.intedia.de/ https://*.3dfits.com https://*.locally.com/ https://fischersports.secure.force.com/ https://static.lightning.force.com/ https://wsv3cdn.audioeye.com/ https://wsmcdn.audioeye.com/ https://*.cloudfront.net/ https://x.klarnacdn.net/ https://*.3dfits.com/ https://d.la3-c1-fra.salesforceliveagent.com/ *.salesforceliveagent.com/ https://service.force.com/ https://*.salesforce.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://*.locally.com https://*.outtra.com https://js.mollie.com/ https://js.stripe.com/ https://www.youtube.com/ https://maps.googleapis.com/ https://s.brand.outtra.com/ https://cookiehub.net/ https://vars.hotjar.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://images.prismic.io/ https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdn.3dfits.com https://fonts.gstatic.com/ https://www.facebook.com/ https://connect.facebook.net/ 'unsafe-eval' 'unsafe-inline';style-src 'self' https://*.salesforce-sites.com/ https://*.quivers.com/ https://*.paypal.com/ https://*.taggbox.com/ https://*.doofinder.com/ https://fischersports.secure.force.com/ *.audioeye.com https://static.cookiehub.com/ https://fast.fonts.net/ https://service.force.com/ *.outtra.com/ https://tagmanager.google.com/ https://cookiehub.net/ https://fonts.gstatic.com/  'unsafe-inline';media-src 'self' https://images.taggbox.com https://cloud.taggbox.com https://cdn.flbx.io/ ;img-src 'self' https: https://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com/ data: 'unsafe-inline';connect-src wss: *.quivers.com/ 'self' *.googleusercontent.com/ https://fischer-sports-matomo.scalecommerce.cloud/ *.paypal.com/ *.googleapis.com/ *.taggbox.com/ *.doofinder.com/ *.hotjar.com wss://*.hotjar.com wss://*.doofinder.com/ *.doofinder.com/ *.3dabout.me/ *.quivers.com/ *.quiversdemo.com/ *.execute-api.us-west-2.amazonaws.com/ *.audioeye.com/ *.locally.com/ *.afterpay.com/ *.klarnaevt.com/ *.cookiehub.net/ https://api.ipify.org/ https://fischersports.secure.force.com/ *.amazonaws.com/live/ *.locally.com/ *.outtra.com/ *.3dfits.com/ https://www.facebook.com/ https://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net;frame-src 'self' https://*.taggbox.com https://*.twitter.com/ https://*.precismo.tech/ https://*.audioeye.com/ https://*.locally.com/ https://*.outtra.com/ https://*.klarna.com/ https://service.force.com/ https://www.google.com/ https://*.issuu.com/ https://*.shopware.de/ https://www.youtube-nocookie.com/ https://modal.locally.com/ https://www.locally.com/ https://js.stripe.com/ https://js.mollie.com/ https://vars.hotjar.com/ https://script.hotjar.com/ https://s.brand.outtra.com/ https://maps.googleapis.com/ https://www.facebook.com/;worker-src 'self' blob:;font-src 'self' *.quivers.com/ *.taggbox.com/ *.audioeye.com/ https://assets.shopware.com/ https://assets.3dabout.me https://assets.3dfits.me/ https://assets.3dfits.com/ https://fonts.gstatic.com/ https://s.brand.outtra.com/ *.hotjar.com/ data:; 1
frame-ancestors 'self' *.enamad.ir  1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.nutriclub.co.id; style-src * 'self' data: 'unsafe-inline' 1
script-src 'self' https://optimize.google.com/optimize/editor/js/js.js https://optimize.google.com https://assets.ctfassets.net *.adalyser.com/adalyser.js *.amplify.outbrain.com *.trustpilot.com *.zdassets.com *.outbrain.com/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.net http://platform.twitter.com https://a.quora.com https://websdk.appsflyer.com *.hotjar.com *.analytics.twitter.com http://cdn.mxpnl.com http://bat.bing.com/bat.js https://googleads.g.doubleclick.net https://script.hotjar.com *.ads-twitter.com http://widgets.getsitecontrol.com https://analytics.twitter.com https://tyviso.com/rewards-page/ *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com 'unsafe-inline' 'unsafe-eval'; object-src none 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://api.github.com https://disqus.com https://go.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://paulirish.disqus.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://paulirish.com https://fonts.gstatic.com https://firebaseinstallations.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google-analytics.com https://firebaselogging-pa.googleapis.com; frame-src 'self' https://platform.twitter.com https://accounts.google.com https://jsfiddle.net https://vimeo.com https://player.vimeo.com https://embed.verite.co https://www.youtube.com https://apis.google.com https://disqus.com https://paulirish.wufoo.com; upgrade-insecure-requests; report-uri https://paulirish.report-uri.com/r/d/csp/enforce; 1
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:;style-src https: data: 'unsafe-inline'; base-uri 'self'; object-src 'none'; 1
upgrade-insecure-requests; default-src 'none'; media-src 'self' https://www.youtube.com; script-src 'self' https://*.google.com https://region1.analytics.google.com https://ajax.googleapis.com https://www.youtube.com https://*.adobe.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://recruitingbypaycor.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://*.google.com https://ssl.gstatic.com https://region1.analytics.google.com https://region1.google-analytics.com https://viewlicense.adobe.io https://www.google-analytics.com https://www.itic.org 'unsafe-inline';  form-action 'self'; object-src https://www.itic.org 'self' 'unsafe-inline'; frame-src 'self' https://region1.analytics.google.com https://docs.google.com https://www.youtube.com https://www.itic.org https://*.adobe.com https://recruitingbypaycor.com 'unsafe-inline'; 1
block-all-mixed-content; connect-src 'self' services.thelist.tas.gov.au *.googleapis.com *.google-analytics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.sproutlabs.com.au wss: *.hotjar.com cdnjs.cloudflare.com cdn.jsdelivr.net; default-src 'none'; font-src 'self' data: application/font-woff *.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com; frame-src 'self' *.hotjar.com *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.surveymonkey.com *.createsend1.com *.tas.gov.au *.vimeo.com zingtree.com nre.snapforms.com.au; img-src 'self' *.tas.gov.au *.openstreetmap.org i.ytimg.com prod.smassets.net data: www.google-analytics.com *.google.com *.gstatic.com *.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net; manifest-src 'self'; media-src 'self'; object-src 'self' zingtree.com; script-src 'self' *.tas.gov.au *.google.com *.googleapis.com *.surveymonkey.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.facebook.net *.createsend1.com *.hotjar.com *.jwpcdn.com *.ravenjs.com code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com zingtree.com cdn.jsdelivr.net cdn.jsdelivr.net nre.snapforms.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com code.jquery.com *.jwpcdn.com *.bootstrapcdn.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.driver.top; img-src * 'unsafe-inline' data:; script-src 'self' *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com *.jsdelivr.net 'nonce-mlYLHObWz9JlznUNnJ81Rg=='; style-src * 'unsafe-inline'; connect-src 'self' *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com; frame-src 'self' youtube.com *.youtube.com youtu.be *.youtu.be *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com; script-src-attr 'self' 'unsafe-inline'; font-src *; 1
frame-ancestors 'self' http://www.philips.hu *.philips.com *.philips.hu https://philipsigtdpv.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-e13c2c0cb0772a5cdf25d731edd854b5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src https://www.paypal.com https://configurator.doorbird.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com  'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
default-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https:;script-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: 'unsafe-inline' http://js.hs-scripts.com/21589371.js https://app.termly.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' data: https://fonts.gstatic.com;img-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: data: blob: http://td.doubleclick.net;connect-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: wss://*.hotjar.com https://www.google-analytics.com https://analytics.google.com http://td.doubleclick.net https://adservice.google.com;frame-src https://www.google.com https://stats.g.doubleclick.net https://td.doubleclick.net http://td.doubleclick.net https://app.termly.io https://meetings.hubspot.com https://forms.hsforms.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba68f50445f9d2f0ddec700d7440e704b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.dental-tribune.com *.googletagmanager.com *.cookie-script.com *.google-analytics.com *.etracker.com *.hs-banner.com *.usemessages.com *.etracker.de *.licdn.com *.jquery.com *.cloudfront.net *.cloudflare.com *.bootstrapcdn.com *.unpkg.com *.hs-scripts.com *.hs-analytics.net *.vimeocdn.com *.vimeo.com *.jwplayer.com *.jwpcdn.com *.datatables.net *.jsdelivr.net *.google.com *.gstatic.com *.googleapis.com *.hsadspixel.net *.googleadservices.com *.facebook.net *.doubleclick.net *.dtstudyclub.com *.hsforms.net 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://*.list-manage.com https://*.bmg.com https://*.countdownmedia.com https://*.bmgproductionmusic.com https://*.bmgproductionmusic.be https://*.bmgproductionmusic.nl https://*.bmgproductionmusic.fr https://*.bmgproductionmusic.de https://cookie-consent.bmg.com https://f.vimeocdn.com https://player.vimeo.com https://www.vimeo.com https://*.bmgproductionmusic.co.uk https://analytics-eu.clickdimensions.com https://cdnjs.cloudflare.com https://cookie.bmgproductionmusic.com https://hit.uptrendsdata.com https://image.providesupport.com https://messenger.providesupport.com https://vm.providesupport.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://static.olark.com https://m.youtube.com https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://www.google-analytics.com; style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com; object-src 'none'; frame-src 'self' *.youtube.com *.vimeo.com *.bmg.com *.countdownmedia.com *.bmgproductionmusic.com *.bmgproductionmusic.be *.bmgproductionmusic.nl *.bmgproductionmusic.fr *.bmgproductionmusic.de *.bmgproductionmusic.co.uk maps.googleapis.com maps.google.com play.soundsgood.co thedubliners.lnk.to vm.providesupport.com www.googletagmanager.com www.youtube-nocookie.com; child-src 'self' *.vimeo.com vimeo.com www.youtube.com *.facebook.com connect.facebook.net www.googletagmanager.com; img-src 'self' data: blob: *.vimeocdn.com *.vimeo.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.ggpht.com images.musicdirector.nl ajax.googleapis.com *.ytimg.com *.youtube.com cdnjs.cloudflare.com d2zsljmk3mm9kv.cloudfront.net image.providesupport.com maps.googleapis.com www.googletagmanager.com *.bmgproductionmusic.nl *.bmgproductionmusic.be *.bmgproductionmusic.fr *.bmgproductionmusic.de *.bmgproductionmusic.co.uk; font-src 'self' data: fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' *.google.com ajax.googleapis.com *.bmg.com *.countdownmedia.com *.bmgproductionmusic.com *.bmgproductionmusic.be *.bmgproductionmusic.nl *.bmgproductionmusic.fr *.bmgproductionmusic.de cookie-consent.bmg.com *.bmgproductionmusic.co.uk *.bmgproductionmusic.com chatapi.providesupport.com cdnjs.cloudflare.com d2zsljmk3mm9kv.cloudfront.net hit.uptrendsdata.com service.harvestmedia.net fonts.gstatic.com fonts.googleapis.com maps.googleapis.com stats.g.doubleclick.net *.google-analytics.com vimeo.com www.googletagmanager.com; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net; media-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com; worker-src 'self'; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-EnTxqkyLEdXvcpuwZe7iPA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com d.line-scdn.net www.googletagmanager.com www.google-analytics.com connect.facebook.net https://ajax.googleapis.com https://cdn.syndication.twimg.com https://code.jquery.com https://cdn.jsdelivr.net https://www.youtube.com https://analytics.tiktok.com; frame-src 'self' platform.twitter.com social-plugins.line.me staticxx.facebook.com www.facebook.com https://*.google.com https://www.youtube.com https://syndication.twitter.com https://www.tiktok.com; style-src 'self' fonts.googleapis.com https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' data: platform.twitter.com https://www.google.com https://www.google.co.jp syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com www.google-analytics.com 7premium.jp https://*.amazonaws.com http://*.amazonaws.com https://image.prd-gen.dam.7andi-gdpf.com https://ssl.google-analytics.com data: https://s3.us-west-2.amazonaws.com blob: 7premium.jp; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://image.prd-gen.dam.7andi-gdpf.com https://*.amazonaws.com https://www.google-analytics.com https://*.cloudfront.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.tiktok.com; 1
default-src 'none'; img-src * data:; script-src 'nonce-common1705880244397001' 'nonce-datadogNEIScript_700011705880244397001' 'nonce-gtmNEIScript_700011705880244397001' 'nonce-LoadScriptJS_STATIC_NONCE_KEY1705880244397001' 'nonce-LoadScript_STATIC_NONCE_KEY1705880244397001' 'self' 'unsafe-eval' 'sha256-p9KddiZ/pApOiEmzU5mULr09k4wQOfBotu36ZRDDG/0=' 'sha256-zAeQdiLcDqqvkaGtGq1CaXCHOruoyHhAa8YdSmxTMNs=' 'sha256-YX+CrGuHScmaMQMYKYve+iV8tibMNxk3OyuOOi612eA=' 'sha256-lkM7xeDP894brT/X1xWpLD24iSG2AcRORNwX0pfDFy8=' 'sha256-D9UL8f5veX+G3gMMFS+GiqXVpcBAaAXmDzo7J3S3fxo=' 'nonce-datadogNEIScript_70001' 'sha256-5FIBt0+8L8WNtmYmFd/iL4muH+Za6jPggtQrZjpF/ek=' 'sha256-5yQpwZiyWFbOf8R0xJsEtkQYLEKXNQv9vKhTVZR43RA=' https://*.googletagmanager.com https://*.datadoghq-browser-agent.com  https://*.hotjar.com https://*.livechatinc.com https://*.googleapis.com https://*.cloudflare.com https://*.googlesyndication.com https://*.hereapi.com https://*.crownpeak.net *.google-analytics.com *.doubleclick.net *.en25.com *.mouseflow.com *.google.com *.co.in *.googleadservices.com *.liadm.com *.amazon-adsystem.com *.dstillery.com *.rlets.com *.campaign.id *.btttag.com https://*.optimizely.com https://*.everesttech.net https://*.facebook.net https://*.facebook.com https://*.getneighborly.com https://*.adsrvr.org https://*.yimg.com 'sha256-fvXEkfUkQ/n6KI23CZRCeYg4A62gn8zNpXpg5ECKmM4=' 'sha256-ppEz6smcwXYD2ZkdzXQkpuuVaXSBRreGXSrzci10oeM=' 'sha256-VazGNhqEQCFapiau4ZoovKFgOfA62ubV6e45XDr2Mb0=' 'sha256-yJgwczxP+xkTFFqKcrIpkbF+Rkee7/06yohXCrUabGs=' 'sha256-Yzzym0GR3IXVb6Iyc/0xP+PJ421OuXP9ncMf8ahXVw4=' 'sha256-wD5bUx5FD7zFWlRF2nWPQ1RS1bNBJFrBLhIAdKDMPww=' 'sha256-JC2YV7SRlj83uyDXnMLRW5wB2Gix/K2lYCzg0ejzU24=' 'sha256-HD1fTJYec9ajFFVogB4X0FZaQup7ytfuJxlYXbvbPF0=' 'sha256-U2NOWHHX02obzTXPCj11hpQrRi6+INQbWMyFHWdEtCg=' 'sha256-7fo/jgndXxAUtg4kkwpVzWtj6IcVjsahcsIS2dOJAno=' 'sha256-84B+/W7d9SE+gVdkn7NiBdwEr5reVwzOmosjDsUrB4s=' 'sha256-lAnHvoMHsnnBVcYlYUUfDzd9lksn0mdmuuZC18B/Ha8=' 'sha256-iCjracY4qdib9YP4SzwAo0Tst/0ECCBUBBw6ZXmgWa8=' 'sha256-W22BWeWubsyishpsk4plq0L2L2D7WQ+pcOZsN2dWYaA=' 'sha256-89C0M8jQo2TaymvI3tLWi4iBpM40jF+dSaTNhc+q1m4=' 'sha256-03IOM/kcrF18l83/WaAhwqrYd8OTWSYONSU8kWx7ycE=' 'sha256-HmC9uRs201ulqBeEzAjCzfbPa9pQY0ILJ9/ePOmnE9k=' 'sha256-lL+0BOuh2mDz4oaQZh0nrzDrWgMA3jNFNcWpWEUIV7o=' 'sha256-uWTD7KMUv4JTXNEgbO1KG1/sha/krrod6jJdFOmqIkQ=' 'sha256-xiSgCzcMd9owGGvtsXV5QTvy0jey9jCw8k/0LGIWW6s=' 'sha256-Vj3hgqIhg2SIGseToYxFY19MguXBQL7WubhWWQX4RzE=' 'sha256-K2o0ORs3us1kqrkoVBzqxOU6zp7ENMfAbOtMH7bkkcU=' 'sha256-AWIsOLozIZ9gqIL31FzLMrAUaP7VGXUSky6rMOzO8is=' 'sha256-5/Il4k+Nf38Vaq8H6rx+iPIDAmOLbSSOLn0iSW4xlyk=' 'sha256-24jbipBAhrCj6a+U/hVmTKGGU0bwzd9LNvGN3VN8s6U=' 'sha256-suOxIQW8JipS9NRIdHcP6AHvmu+axCo03fS4rm4WbRg=' 'sha256-4roNJ9Q25bOYoTX0LrP6MqvcYVs0kP50hl6y2SZM8wc=' 'sha256-1RbcHk80yLnCMIOvgp2STvrema/XO9RgpbINinJ+o4U=' 'sha256-j/ORikh5e77JLfVRGdnLmoFvyiTz2vU4QrE7RpJB/Io=' 'sha256-2vhAk7gfNvnGlw7oQerBOp24nthFvjczeZ8wJoaP5DM=' 'sha256-jsI3tuWVqBjA6pqz2lkc1EUVJs4t3Slm+ol1GUGL3WI=' 'sha256-YYLbHuRHoX8WFFCnZyQGT0XXc2nXiH6QPcM8yB5eBVM=' 'sha256-gcwHyKL1dpHIWExdzusn8aIJBDWC9V+8wgZnRDhWjoQ=' 'sha256-Us+KK2qYpAbqORT25Z85z8I640avqB3FIp82uILZ0YM=' 'sha256-jHtI2bkWfqV+D9k7Y1EL8yOUcvFCSRfvW+h1611VJgM=' 'sha256-LN9dghTIYFcHcj/sJ2cv2zvUDFLoOclB8i76IhfFDak=' 'sha256-3xQ2gsFFftIO9Hq5LNETAyppu+nlIXaIqORflSpD+j8='; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.typekit.net https://*.neighborly.com https://*.hotjar.com/ ; object-src 'none'; connect-src https://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/api/v2/client/ws https://*.nblyprod.com https://*.googleapis.com https://rum.browser-intake-datadoghq.com https://*.neighborly.com https://*.b2clogin.com https://api2-unifiedsyncplatform.dwyergroup.com https://*.amazonaws.com https://*.livechatinc.com https://*.broadly.com https://*.hotjar.io https://*.googlesyndication.com https://*.hereapi.com https://*.crownpeak.net *.google-analytics.com *.doubleclick.net *.en25.com *.mouseflow.com *.google.com *.co.in *.googleadservices.com *.liadm.com *.amazon-adsystem.com *.dstillery.com *.rlets.com *.campaign.id *.btttag.com https://*.optimizely.com https://*.everesttech.net https://*.facebook.net https://*.facebook.com https://*.googletagmanager.com https://*.getneighborly.com https://*.adsrvr.org https://*.yimg.com; font-src https://*.typekit.net https://*.gstatic.com https://*.livechatinc.com https://*.neighborly.com ; frame-src https://*.youtube.com https://*.livechatinc.com https://vars.hotjar.com/ https://*.hotjar.com/ *.google-analytics.com *.doubleclick.net *.en25.com *.mouseflow.com *.google.com *.co.in *.googleadservices.com *.liadm.com *.amazon-adsystem.com *.dstillery.com *.rlets.com *.campaign.id *.btttag.com https://*.optimizely.com https://*.everesttech.net https://*.facebook.net https://*.facebook.com https://*.googletagmanager.com https://*.getneighborly.com https://*.adsrvr.org https://*.yimg.com 1
upgrade-insecure-requests; frame-ancestors https://*.golfonline.co.uk; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval';report-uri /ClientSideErrorLogger.ashx?mode=csp-report 1
default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval';         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com;         img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ;         connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com;         script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com www.bugherd.com *.googletagmanager.com 'unsafe-inline'             'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com;         font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net www.bugherd.com data: 'unsafe-eval'; 1
'unsafe-inline' 'unsafe-eval' 'script-src' 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://static-web.jjdsn.vip https://bitkeep.page https://*.bitkeep.fun https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com; connect-src 'self' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://*.bitkeep.fun https://bitkeep.page https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com; frame-src 'self' 'report-sample' https://www.google.com https://www.recaptcha.net; frame-ancestors 'self'; report-uri https://64ad2bae905b5c797e632276.endpoint.csper.io?v=9; 1
default-src 'self' https:;             worker-src 'self' blob: data:;             script-src 'self' 'unsafe-hashes' 'unsafe-eval' https: https://js.hs-scripts.com http://*.google-analytics.com http://*.googleapis.com https://www.googletagmanager.com *.msecnd.net localhost:*                 'sha256-GQKXR3cnP1TPe6ruNwfhQjFPFnug/AbgXa0yWkWIECc=' 'sha256-HA9BXdIPfcJPBdJ0W3wpOkZJakctvCgcNCIIdgwNxCU='                  'sha256-GpBxliaBvUNzEDR7T9ESwQyfHWrp4dmZUKkM5wRCKjU=' 'sha256-uBGbD14oGXAxc0m4b8kc5bRsgKqzSNe5/BDQgDJp5J0='                 'sha256-a7SwDWHDAlBYQLXTZ3Hc51aA3j9VPWLepBK6w8b9w7E=' 'sha256-eirLmyWA9usjBWVBkMPZLd4NEWmEvUCgyMqmPzhKaMM=' 'sha256-1NHdkzLSqvB4iyfZJDXPIVOp3OAPzWezgzOGtTNtfC8=';                script-src-attr 'self' 'unsafe-inline';          font-src 'self' https: http://*.gstatic.com;           img-src 'self' https: http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com data:;           connect-src 'self' https: https://js.monitor.azure.com https://westus2-5.in.applicationinsights.azure.com localhost:*;           frame-src *;           style-src 'self' 'unsafe-hashes' https: http://*.googleapis.com                  'sha256-7uHBt5vRwIxn0kJv43ZeZA+qhu1R5kALXmlniU5UUhc=' 'sha256-iZM0adR0InbgA+J6g+Vyi/SdovHNdYNv0w4/Z4L8RZQ='                 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU='                 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-k5/nWte4ypyuMgQJaYXGRCM3pEWD6q5VSnA+339I16o='                 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='                                   'sha256-sXlH6tbt9TJPOE2y1lpIfsBqXcYx8j1AfZITS60Iwmo=' 'sha256-4/gHwqyVKh2014KEWQM1FYnyKXN5KePSUMXwjgLGFz8='                 'sha256-iP2nR74/OZJA/4cy1Ug+d/41EfzWLuOlutm/FvWgmog=' 'sha256-JhCS0emBLziZRHxrVw0Vf2ZCBykAhU+bGVemaHiLezk='                 'sha256-YoOQrCohwOLcjO58W1u2XCDDkpTyDXz19mAIDWod3mA=' 'sha256-YJqyuGu6/H2XHPz3E8Qs3Kd0q5yr5Dz3jNgqb3ie6h4='                 'sha256-wm4uv7VQCfJGIRMVgyJUi5NwL8lNg9HVQEw5iufJAgw=' 'sha256-NyBpYhQlD2gcv/gFjXdaVDGbIoul8rF5az60h6BdziE='                 'sha256-f6efTJvyIlxfThfhHs9rF5Oi8jmD3R8QEcb/LRYRxE0=' 'sha256-Pdwi0GrnlfwGz2lFpsueNE/upkTBhqgIKoWZj9xgahg='                 'sha256-37Kz181k2CmJ0WrPkGfHrpjMSCSid6+k06mYOgrzqkQ=' 'sha256-BKdLneL8DqXhDqbL20NVC/WD8rz/ERsmo6ztI7cjo34='                 'sha256-EaQQo6r+9RnV2p1vUFJvXKePcTv9wd1W3PX5StXBrcE=' 'sha256-WbanUBFU33q5H2bx9VRi3BclXDAtSfuzoi7mOXEwPuw='                 'sha256-IOWYPccv4+GIAWz50PQ4hgBzwty+G8ckj9XrN5jdx6g=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw='                 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U='                 'sha256-VFkcZKIwYxNm8Z6oY+AC70f2fuyHVm5fJgnpOkYBF3Q=' 'sha256-g9aHNH7iF2hhGZYtVVd5mKQSnyLPmXWw5gwiuxBVonI='                 'sha256-VjKqXV9i0mo5RzxvaQpz7qQA91PkjLVqLQGYNI4Cc/I=' 'sha256-NsEzkM762veirpWZeMiqlWTPdCYrm1uJHLzzwfYnDLM='                                  'sha256-s5B5Aj3yyy9qpz6aWVtg2cAvDjZyxULJwm5TZ3VIuGs='                 'sha256-6RN7p33Fdhb0WzjWvMKfDnZoOm31e7UGqBtdsqelMF4=' 'sha256-eM4sNiGKt7Dk2J/lmndBxMxh5LsgW5Sn4l1tmFQvIho='                 'sha256-UXZboCJG4GfhsEgqEvUhLXfNx0TVgBMUv7XoV3JiC1Q=' ;           object-src https:; 1
frame-ancestors 'self' https://www.rpr1.de 1
frame-ancestors 'self'; frame-src 'self' https://*.mathilde-ads.com https://*.google.com https://*.google.com.co https://www.youtube.com https://td.doubleclick.net; default-src 'self'; script-src 'report-sample' 'self' https://d3kc4ryc0t7x4f.cloudfront.net https://ajax.googleapis.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.browseranalytic.com https://www.gstatic.com https://*.google.com https://*.google.com.co https://*.mathilde-ads.com https://www.bancopopular.com.co https://*.facebook.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://service.maxymiser.net https://tags.tiqcdn.com https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://opensheet.elk.sh https://*.mathilde-ads.com https://*.hotjar.io wss://ws.hotjar.com https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://www.bancopopular.com.co https://www.google.com https://www.google.com.co https://stats.g.doubleclick.net; img-src 'self' https://*.mathilde-ads.com https://www.google-analytics.com https://*.doubleclick.net https://www.bancopopular.com.co https://cs.mathilde-ads.com https://emailbancopopular.com.co https://www.facebook.com https://www.google.com https://www.google.com.co https://www.googletagmanager.com; report-uri https://64da77d985fc03c44f1c0960.endpoint.csper.io/?v=0; style-src 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://d3kc4ryc0t7x4f.cloudfront.net; font-src 'self' https://fonts.gstatic.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://isitetv.com https://*.akamaihd.net https://*.hotjar.com https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.fr https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.fr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.fr https://m.lookfantastic.fr https://checkout.lookfantastic.fr https://www.glossybox.fr https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://google.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' va2023.sanity.studio qa234.ombudev.com stage234.ombudev.com beta-editor.verificationacademy.com editor.verificationacademy.com 1
script-src 'self' https: 'unsafe-inline' *.fontawesome.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' *.prosoft.io *.belden.io prosoft.io belden.io cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.prosoft-technology.com www.google-analytics.com *.googleapis.com *.mailgun.net *.intercom.io *.s3.us-west-2.amazonaws.com wss:; media-src 'self' *.intercomcdn.com www.google-analytics.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; img-src 'self' data: maps.google.com cdn.cookielaw.org maps.gstatic.com *.googleapis.com www.google-analytics.com *.intercomcdn.com *.intercomassets.com *.ggpht *.prosoft-technology.com *.mailgun.net; font-src 'self' data: fonts.gstatic.com *.intercomcdn.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com *.intercom.io *.intercomassets.com *.intercomcdn.com polyfill.io *.prosoft-technology.com *.mailgun.net cdn.cookielaw.org 1
default-src 'self' *.binomo-investbroker.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo-investbroker.com *.binomo.com wss://as.binomo-investbroker.com:* wss://as.binomo.com:* wss://ws.binomo-investbroker.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo-investbroker.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomo-investbroker.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo-investbroker.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo-investbroker.com *.binomo.com 1
frame-ancestors 'self' https://marialunarillos.com; 1
your-csp-directives 1
font-src *; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org fonts.googleapis.com font.gstatic.com use.fontawesome.com privacyportal-br-cdn.onetrust.com www.google-analytics.com www.googletagmanager.com tag.goadopt.io disclaimer-api.goadopt.io 1
frame-ancestors 'none'; default-src 'self'  'unsafe-inline' 'unsafe-eval' https://metrics.hotjar.io https://unpkg.com https://www.youtube.com https://stats.g.doubleclick.net https://content.hotjar.io https://www.google.com https://region1.google-analytics.com wss://ws.hotjar.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com ; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com/ https://static.hotjar.com/c/hotjar-3389414.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__fr.js https://www.youtube.com/iframe_api ; form-action 'none'; base-uri 'self';object-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.youtube.com https://stats.g.doubleclick.net https://content.hotjar.io https://www.google.com https://region1.google-analytics.com wss://ws.hotjar.com https://www.google-analytics.com ;report-uri https://6581383a06d4cc5cba5502fc.endpoint.csper.io/?v=1 1
default-src 'self' *.mynewsdesk.com *.siteimprove.com d13g4x10t81j6a.cloudfront.net d2mps4tyw153hx.cloudfront.net *.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' siteimproveanalytics.com *.siteimprove.net *.twitter.com *.mediaflowpro.com *.inviewer.se *.youtube.com d13g4x10t81j6a.cloudfront.net d2mps4tyw153hx.cloudfront.net sdk.amazonaws.com dl.episerver.net;font-src 'self' https://fonts.gstatic.com *.mediaflowpro.com dl.episerver.net;style-src 'self' 'unsafe-inline' *.mediaflowpro.com d13g4x10t81j6a.cloudfront.net d2mps4tyw153hx.cloudfront.net dl.episerver.net;frame-ancestors 'self' *.hv.se hv.instructure.com hv.test.instructure.com;frame-src 'self' *.hv.se *.youtube.com *.kaltura.nordu.net studenthv.sharepoint.com d13g4x10t81j6a.cloudfront.net d2mps4tyw153hx.cloudfront.net *.idrelay.com *.soundcloud.com;img-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; font-src 'self' data: https: *.crazyegg.com; img-src 'self' data: https: *.crazyegg.com; 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com;connect-src 'self' stats.g.doubleclick.net region1.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: www.gravatar.com umbraco.tv www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' fonts.googleapis.com data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com;form-action 'self' ddlnk.net;frame-src 'self' ir.design-portfolio.co.uk platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net; 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com kit.fontawesome.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net www.garp.org *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com 'strict-dynamic' 'nonce-NhdW4SmIhe2XkHq4YU5x5A=='; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' *.google.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.vidyard.com *.fontawesome.com content.hotjar.io *.hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com www.garp.org *.hsforms.net *.hsforms.com *.googletagmanager.com *.twitter.com *.facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/; ; upgrade-insecure-requests; 1
script-src 'self' blob: 'nonce-1ebbcf4e-414f-4d3e-8a8c-d439cc59fc60' https://*.msecnd.net https://*.mxpnl.com https://cdn-mxpnl.com https://cdn.ravenjs.com https://checkout.razorpay.com https://wzrkt.com https://d2r1yp2w7bby2u.cloudfront.net https://www.googletagmanager.com https://s3.amazonaws.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'sha256-TIei6Vc7qpWDKd55pVhOnEqsSzAudvgQTNgWB9zHeZY='; img-src 'self' data: blob: https://www.gravatar.com https://ud-img.azureedge.net https://ud-img-v2.azureedge.net https://ud-dev-img.azureedge.net https://ud-video.azureedge.net https://udaan.azureedge.net https://ud-dev-cdn.azureedge.net https://checkout.razorpay.com https://cdn-mxpnl.com https://www.googletagmanager.com https://www.google-analytics.com https://img.udaan.com/ https://img.udaan.com/v1 http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://ud-video.azureedge.net https://www.youtube.com https://api.razorpay.com https://docs.google.com https://drive.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' data: https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src blob:; 1
default-src 'none';  script-src 'self' maps.googleapis.com ajax.googleapis.com jnn-pa.googleapis.com play.google.com tracker.gaconnector.com assets.adobedtm.com *.doubleclick.net maxcdn.bootstrapcdn.com youtube.com; connect-src 'self' https://www.youtube.com jnn-pa.googleapis.com *.doubleclick.net play.google.com; img-src 'self' i.ytimg.com yt3.ggpht.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube.com; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self'; child-src 'self' www.youtube.com; 1
frame-ancestors 'self' 'reborns.com' 'bearpile.com'; 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com  https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.ytimg.com https://bancoserfinanza.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.elementor.com https://*.infobip.com https://connect.facebook.net; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.elementor.com;  object-src 'self' blob:;  base-uri 'self'; connect-src 'self' blob: data: https://*.google-analytics.com https://tarjetaolimpica.com.co https://yoast.com https://bancoserfinanza.com https://stats.g.doubleclick.net https://*.elementor.com https://fonts.googleapis.com https://*.infobip.com https://analytics.google.com/g/collect; font-src 'self' data: 'unsafe-inline' https://*.gstatic.com https://*.elementor.com;  frame-src 'self' blob: https://*.youtube.com https://*.wpdownloadmanager.com https://www.google.com https://bancoserfinanza.com https://*.elementor.com https://*.infobip.com https://devserfinanza.tmsapps.co:85/; img-src 'self' blob: data: https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://secure.gravatar.com https://ps.w.org https://*.elementor.com https://updates.themepunch.tools https://d1ygi81q02zqx0.cloudfront.net https://www.segurosmundial.com.co/media/Terminos_y_Condiciones_2022.png; manifest-src 'self' blob: data:;  worker-src 'self' blob: data:; media-src 'self' blob: data: https://sliderrevolution.com; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors  'self' *; child-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://themes.googleusercontent.com https://*.gstatic.com *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'nonce-erPRsQOm69QCOhfp8bXCNI9kR5bZGd-Wm00kyc7-R5m54z-UmDvBfQ' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://webcache-eu.datareporter.eu https://sybos.ooelfv.at https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://swarmcrawler.datareporter.eu https://*.google-analytics.com https://proxy.cld.cyber.house https://maps.googleapis.com; style-src-elem 'self' 'nonce-erPRsQOm69QCOhfp8bXCNI9kR5bZGd-Wm00kyc7-R5m54z-UmDvBfQ' https://fonts.googleapis.com https://webcache-eu.datareporter.eu 'report-sample'; script-src-elem 'self' 'nonce-erPRsQOm69QCOhfp8bXCNI9kR5bZGd-Wm00kyc7-R5m54z-UmDvBfQ' https://webcache-eu.datareporter.eu https://www.googletagmanager.com https://maps.googleapis.com 'report-sample'; report-uri https://www.ooelfv.at/@http-reporting?csp=report&requestTime=1705971814797905 1
default-src 'self' blob: *.videoglaz.ru data: ws: wss: https: http: 'unsafe-inline' yandex.ru mc.yandex.ru yastatic.net 'unsafe-eval' *.comagic.ru *.reenter.ru *.mneniya.pro *.gravatar.com *.retailrocket.ru *.retailrocket.net *.wp.com *.google-analytics.com *.googleapis.com reformal.ru *.reformal.ru *.googleadservices.com *.gstatic.com *.callbackhunter.com *.jquery.com *.yadro.ru www.youtube.com *.youtube.com *.wep.wf server.comagic.ru 1
default-src 'none'; connect-src https://notallmine.net; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; img-src https://notallmine.net https://www.notallmine.net; script-src https://notallmine.net https://www.notallmine.net https://static.cloudflareinsights.com/; style-src * data: blob: 'unsafe-inline'; font-src https://fonts.gstatic.com:443 https://notallmine.net https://www.notallmine.net; 1
default-src 'self'; block-all-mixed-content; img-src 'self' www.google-analytics.com www.googletagmanager.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; report-uri /nelmio/csp/report 1
frame-ancestors https://www.qzwb.com http://v6.qzwb.com https://lite.qzwb.com https://app.qzwb.com 1
upgrade-insecure-requests;connect-src 'self' https://our.umbraco.com https://www.google-analytics.com https://analytics.google.com https://ka-f.fontawesome.com https://*.userway.org https://*.doubleclick.net https://*.attn.tv https://*.attentivemobile.com;default-src 'self';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://ka-f.fontawesome.com https://*.telerik.com https://*.userway.org data:;frame-ancestors 'self';frame-src 'self' https://marketplace.umbraco.com https://www.google.com https://www.youtube.com https://*.stripe.com https://*.userway.org https://*.attn.tv;img-src 'self' https://cdn.jsdelivr.net https://www.gravatar.com https://*.stripe.com https://www.googletagmanager.com https://i.ytimg.com https://cdn.userway.org https://www.google.com https://www.bing.com https://our.umbraco.com https://www.github.com https://github.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdn.jsdelivr.net https://*.stripe.com https://*.telerik.com https://cdnjs.cloudflare.com https://*.userway.org https://*.attn.tv https://joinemaillist.musictoday.com data:;style-src 'self' 'unsafe-inline' https://*.telerik.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://*.userway.org data: 1
frame-ancestors 'self' https://manage.dentaleconomics.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors http://gobrowser.com/ http://gologin.com/ http://myip.link/ 1
frame-ancestors 'self' globalgatewaye4.firstdata.com; 1
frame-ancestors 'self'; object-src 'none'; report-to default; 1
default-src 'self' *.shipco.com *.google-analytics.com *.onetrust.com *.cookielaw.org *.amazonaws.com *.hydelogistics.com *.scan-shipping.com *.phxcloud.io *.straitair.com *.wwalliance.com; script-src 'self' *.googletagmanager.com unpkg.com *.amazonaws.com *.scan-shipping.com *.straitair.com *.globeassist.shipco.com *.shipco.com *.cookielaw.org *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com *.jquery.com *.cloudfront.net *.googleapis.com *.cloudflare.com *.mxpnl.com *.github.io *.google.com *.gstatic.com *.mtcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src  'self' https://unpkg.com *.amazonaws.com *.globeassist.shipco.com *.shipco.com *.datatables.net *.googleapis.com *.cloudflare.com *.fontawesome.com *.cloudfront.net *.jquery.com 'unsafe-inline'; font-src  'self' *.shipco.com *.googleapis.com  *.cloudfront.net *.gstatic.com *.cloudflare.com *.fontawesome.com data: 'unsafe-inline'; img-src 'self' https://unpkg.com http://jqueryui.com *.arcgisonline.com  *.amazonaws.com *.google-analytics.com *.shipco.com *.doubleclick.net *.google-analytics.com *.jquery.com *.cookielaw.org *.swagger.io *.youtube.com https://openweathermap.org *.cloudfront.net *.googleapis.com *.icons8.com *.gstatic.com data:; media-src 'self' *.amazonaws.com *.cloudfront.net https://player.vimeo.com; frame-src 'self' *.cloudfront.net *.vimeo.com *.youtube.com *.mtcaptcha.com *.doubleclick.net *.phxcloud.io *.globeassist.com *.pier2pier.com *.amazonaws.com *.shipco.com data: ; worker-src 'self' blob:;frame-ancestors 'self' *.wwalliance.com staging.www.shipco.com https://shipco.sharepoint.com; connect-src self *; 1
default-src 'none' ; base-uri 'self' ; child-src *.cloudflarestream.com insights.hinshawlaw.com platform.twitter.com player.vimeo.com view.ceros.com www.google.com www.iheart.com www.youtube.com ; connect-src 'self' *.cloudflarestream.com *.parmonic.ai *.parmonic.com https://amplilyimagecap.azureedge.net https://awapi.blob.core.windows.net https://go.parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net parmonic.com stats.g.doubleclick.net www.google-analytics.com ; font-src 'self' data: fonts.gstatic.com www.hinshawlaw.com ; form-action 'self' ; frame-ancestors https://hinshaw.pathfactory.com *.cloudflarestream.com ; img-src blob: data: * *.parmonic.ai https://parmonic.com https://amplilyimagecap.azureedge.net ; media-src blob: *.cloudflarestream.com *.parmonic.ai https://amplilyimagecap.azureedge.net https://parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net ; object-src 'self' www.hinshawlaw.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflarestream.com *.parmonic.ai *.parmonic.com hosting.simplemaps.com https://awjs.blob.core.windows.net https://view.ceros.com/ www.google-analytics.com www.googletagmanager.com www.hinshawlaw.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; 1
default-src *;img-src * data:; style-src 'self' 'unsafe-inline' *.fbstatic.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbstatic.cn *.captcha.qq.com *.gtimg.com 1
default-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; img-src 'self' data:; 1
connect-src 'self' https://search.swedbank.se https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net https://*.swedbank.net https://dpm.demdex.net https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/ https://www.swedbank.com/sv https://swedbank.com/sv https://www.swedbank.com https://swedbank.com https://www.swedbank.se https://swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://www.swedbank.dfs.investis.com https://swedbank.dfs.investis.com https://blikund.swedbank.se 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nz; img-src 'self' https: data: blob: https://mastodon.nz; style-src 'self' https://mastodon.nz 'nonce-p56Zp9Y6x/lc6tiLV/pdGw=='; media-src 'self' https: data: https://mastodon.nz; frame-src 'self' https:; manifest-src 'self' https://mastodon.nz; form-action 'self'; child-src 'self' blob: https://mastodon.nz; worker-src 'self' blob: https://mastodon.nz; connect-src 'self' data: blob: https://mastodon.nz https://mastodon.nz wss://mastodon.nz; script-src 'self' https://mastodon.nz 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.ericgoldman.org http://*.ericgoldman.org 1
connect-src 'self' https://*.wogaa.sg; default-src 'self' 'unsafe-inline' *.hsa.gov.sg *.cwp-stg.sg *.cwp.sg *.wogaa.sg *.demdex.net cm.everesttech.net wogadobeanalytics.sc.omtrdc.net www.google.com *.googleapis.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.dcube.cloud assets.dcube.cloud https://stats.g.doubleclick.net/; script-src 'self' blob: https://*.wogaa.sg 'unsafe-inline' 'unsafe-eval' data: *.wogaa.sg *.adobedtm.com www.googletagmanager.com www.google-analytics.com *.google.com www.google.com assets.dcube.cloud *.gstatic.com cdn.polyfill.io *.hsa.gov.sg; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net www.google-analytics.com wogadobeanalytics.sc.omtrdc.net www.google.com clients1.google.com wogadobeanalytics.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wogaa.sg *.googleapis.com www.google.com assets.dcube.cloud; font-src 'self' data: *.dcube.cloud *.wogaa.sg *.googleapis.com www.google.com *.gstatic.com 1
frame-ancestors https://*.bancoripley.cl https://*.ripley.cl https://*.mouseflow.com 1
frame-ancestors 'self' https://curucuru.jp https://www.curucuru.jp https://prod-apnortheast-a.online.tableau.com; form-action 'self' https://www.facebook.com https://pt01.mul-pay.jp https://p01.mul-pay.jp https://sentry.io; 1
frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; script-src 'self' https://pi.pardot.com; 1
default-src 'self' *.callibri.ru *.saas-support.com *.dadata.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk  *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru *.yandex.ru *.yandex.net *.googleusercontent.com *.googleapis.com *.gstatic.com yandex.ru ; connect-src 'self' *.callibri.ru *.saas-support.com *.googleapis.com *.dadata.ru *.leadgenic.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk whitesaas.com chat.envybox.io wss://*.firebaseio.com *.firebaseio.com mebelion.push4site.com push4site.com *.antisov.ru *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru vk.com yandex.ru *.yandex.ru *.yandex.net *.google.ru *.google.com *.googleusercontent.com *.google-analytics.com *.mail.ru *.selcdn.ru *.enkod.ru tracker.enkod.ru chat.callbackkiller.com ; script-src 'self' *.callibri.ru *.saas-support.com *.dadata.ru *.leadgenic.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk *.ytthn.com ytthn.com *.pwieu.com pwieu.com *.firebaseio.com envybox-1e1bf.firebaseio.com cdnjs.cloudflare.com *.sendpulse.com static-login.sendpulse.com *.adriver.ru tags.soloway.ru *.me-talk.ru zcdn.ru mebelion.push4site.com push4site.com *.aprtn.com aprtn.com *.antisov.ru retagro.com *.artfut.com apypp.com vk.com yandex.ru *.yandex.ru *.yandex.by yandex.st *.ytimg.com *.mail.ru *.inettorg.ru *.doubleclick.net *.yandex.net yastatic.net *.google.ru *.google-analytics.com *.googleapis.com *.google.com *.googleusercontent.com *.googletagmanager.com *.googleadservices.com *.adv-cake.ru *.dumedia.ru sas-pro.ru *.gdeslon.ru gdeslon.ru *.criteo.com *.criteo.net x.cnt.my *.lenmit.com code.jquery.com *.selcdn.ru *.enkod.ru tracker.enkod.ru cdn.envybox.io *.envybox.io cdn.saas-support.com cdn.callbackkiller.com whitesaas.com sas-pro.ru ixseptor.ru statistik1.ru qoopler.ru apypx.com statad.ru x01.aidata.io callbackhunter.com callbaska.ru my.callbaska.ru perezvoni.com yadro.ro statik-us.info  x.cnt.my advergine.ru *.facebook.net *.boxberry.ru *.boxberry.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.gstatic.com data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' *.callibri.ru *.saas-support.com *.dadata.ru *.leadgenic.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me   *.google.com.ua *.google.com.hk static-login.sendpulse.com push4site.com *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru yandex.ru *.yandex.ru *.yandex.net *.ytimg.com *.google.com *.google.ru *.googleusercontent.com *.googleapis.com *.opera-mini.net cdn.envybox.io cdn.saas-support.com cdn.callbackkiller.com *.boxberry.de *.gstatic.com 'unsafe-inline' ; img-src 'self' *.callibri.ru *.saas-support.com *.dadata.ru *.leadgenic.ru *.leadgenic.com *.facebook.com *.enkod-a.akamaihd.net enkod-a.akamaihd.net cdn.enkod.ru *.mebelion.me mebelion.me i.pinimg.com storage.yandexcloud.net  media.popmechanic.io *.google.com.ua *.google.com.hk whitesaas.com saas-support.com static-login.sendpulse.com push4site.com artfut.com *.artfut.com apypp.com  gravatar.com i1.wp.com *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru photo.mebelion.ru yandex.ru *.yandex.ru yandex.st *.yandex.net *.maps.yandex.net yastatic.net *.mail.ru *.inettorg.ru *.google.ru *.google.by *.google.nl *.google.kz *.google.lv *.google.cz *.google.de *.google.com *.google.com.ua *.google-analytics.com *.googleapis.com *.yadro.ru *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.doubleclick.net *.ytimg.com *.admitad.co sas-pro.ru cityadspix.com vk.com *.facebook.com *.adv-cake.ru *.criteo.com *.criteo.net *.envybox.io cdn.saas-support.com cdn.callbackkiller.com ps.ntvk1.ru my.rtmark.net apypx.com statad.ru *.amazonaws.com  x.cnt.my advergine.ru  *.boxberry.de statistik1.ru  apypp.com data:; font-src 'self' *.callibri.ru *.saas-support.com *.googleapis.com *.dadata.ru *.leadgenic.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me   media.popmechanic.io  *.bootstrapcdn.com *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru cdn.saas-support.com  fonts.gstatic.com data: ; media-src 'self' *.callibri.ru *.saas-support.com *.googleapis.com *.dadata.ru *.leadgenic.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me cdn.saas-support.com *.envybox.io  *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru ;frame-src 'self' *.callibri.ru *.googleapis.com *.dadata.ru *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk *.firebaseio.com *.adriver.ru *.me-talk.ru events.sendpulse.com sovest.ru *.mebel-svetilniki-krasnoyarsk.ru mebel-svetilniki-krasnoyarsk.ru *.mebel-svetilniki-himki.ru mebel-svetilniki-himki.ru *.mebel-svetilniki-samara.ru mebel-svetilniki-samara.ru *.mebelion.ru yandex.ru *.yandex.ru *.youtube.com yastatic.net *.yandex.net *.googleusercontent.com *.google.com *.google.ru *.google.by *.google.de *.google.cz *.doubleclick.net *.criteo.com *.criteo.net www.facebook.com *.boxberry.de ; 1
default-src 'self' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.hotjar.com *.visualstudio.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.azure.com *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jquery.com *.jsdelivr.net *.mouseflow.com *.msecnd.net *.sharethis.com *.typekit.net *.youtube.com;               style-src 'self' 'unsafe-inline' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.typography.com *.typekit.net;               frame-src 'self' *.arcgis.com *.cookiebot.com *.cyfoethnaturiolcymru.gov.uk *.google.com *.googletagmanager.com *.hotjar.com *.powerbi.com *.youtube.com;               font-src 'self' data: *.bootstrapcdn.com *.hotjar.com *.typekit.net;               img-src 'self' data: *.azureedge.net *.cyfoethnaturiol.cymru *.google-analytics.com *.hotjar.com *.naturalresources.wales *.sharethis.com *.umbraco.com *.ytimg.com;               connect-src 'self' ws: wss: *.azure.com *.cookiebot.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.sharethis.com *.visualstudio.com;               worker-src blob:;               upgrade-insecure-requests 1
default-src 'self' *.doubleclick.net; img-src 'self' data: *.useinsider.com *.google.com i.ytimg.com server.seadform.net *.google.com.tr pisano.com.tr cdn.pisano.com.tr *.doubleclick.net *.google-analytics.com t.co *.twitter.com *.facebook.com static.ads-twitter.com *.googletagmanager.com *.gstatic.com; font-src 'self' 'unsafe-inline' data: *.useinsider.com adservice.google.com *.bootstrapcdn.com *.google.com *.googletagmanager.com adservice.google.com.tr connect.facebook.net *.gstatic.com stackpath.bootstrapcdn.com *.googletagmanager.com t.co *.google-analytics.com; frame-src 'self' 'unsafe-inline' data: blob: *.useinsider.com c1.adform.net consentcdn.cookiebot.com *.google.com.tr *.doubleclick.net www.youtube-nocookie.com *.youtube.com *.google.com *.googletagmanager.com *.google-analytics.com tsdtocl.com; connect-src 'self' data: *.axasigorta.com.tr *.useinsider.com maps.googleapis.com consentcdn.cookiebot.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.taboola.com analytics.tiktok.com pisano.com.tr ccdn.mobildev.in  cdn.pisano.com.tr *.google.com *.doubleclick.net api.ipify.org *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.useinsider.com *.bootstrapcdn.com *.google.com fonts.googleapis.com *.gstatic.com code.jquery.com stackpath.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.useinsider.com consent.cookiebot.com *.glassboxcdn.com ccdn.mobildev.in static.hotjar.com script.hotjar.com *.taboola.com analytics.tiktok.com *.google.com www.google.com.tr cdn.tagcommander.com axasigorta.unbd.agency www.axasigorta.unbd.agency pisano.com.tr cdn.pisano.com.tr *.gstatic.com  maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com www.youtube.com *.twitter.com *.adform.net static.ads-twitter.com t.co 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azureedge.us *.msecnd.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com translate.google.com apis.google.com connect.facebook.net https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org public.govdelivery.com https://www.googletagmanager.com https://*.hotjar.com https://cdn.sajari.com/ https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' *.azureedge.us *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://*.hotjar.com; font-src 'self' *.azureedge.us fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.hotjar.com; img-src 'self' *.gstatic.com *.azureedge.us *.google.com *.googleapis.com *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com *.blob.core.usgovcloudapi.net data: blob: *.eloqua.com track.hubspot.com https://i.ytimg.com/ https://*.siteimproveanalytics.io/ re.sajari.com https://*.hotjar.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com public.govdelivery.com https://m.youtube.com/ https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription https://www.google.com/ https://*.hotjar.com https://webapps.ridemetro.org/; connect-src 'self' *.visualstudio.com accounts.google.com https://translate.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com localhost:9000 ws://localhost:9000 public.govdelivery.com https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com jsonapi-us-valkyrie.sajari.net; 1
default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'nonce-9856c6cd-9f0c-4be8-92eb-ad0ec5c791c4' https://www.google-analytics.com https://*.googletagmanager.com;img-src https: data:;connect-src 'self' https://backend.gem.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' ; img-src https://*.paynimo.com 'self'; script-src https://*.paynimo.com https://*.jquery.com 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: filesystem:; style-src https://*.paynimo.com 'self' data: chrome-extension-resource: 'unsafe-inline'; img-src https://*.paynimo.com 'self' data: chrome-extension-resource:; frame-src https://*.paynimo.com 'self' data: chrome-extension-resource:; font-src https://*.paynimo.com 'self' data: chrome-extension-resource:; media-src https://*.paynimo.com * data: blob: filesystem:; 1
frame-ancestors 'self' https://home.aami.com.au *.home.aami.com.au https://motor.aami.com.au https://beta-motor.aami.com.au *.motor.aami.com.au *.ctp.aami.com.au https://beta-ctp.aami.com.au https://online1.test.aami.com.au https://online.aami.com.au https://pvt-online.aami.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pixel.byspotify.com https://ct.pinterest.com https://s.pinimg.com https://assets.adobedtm.com https://mpsnare.iesnare.com https://static.soulmachines.com https://assets1.aami.com.au https://chat.test.suncorp.com.au https://chat.suncorp.com.au https://www.googletagmanager.com https://cdn.gbqofs.com https://atag.adgile.media https://connect.facebook.net *.inmoment.com.au https://www.googletagmanager.com https://intercept.inmoment.com.au https://snap.licdn.com https://sc-static.net https://api.pushio.com https://connect.facebook.net https://tr.snapchat.com https://smetrics.aami.com.au https://www.google-analytics.com *.bazaarvoice.com https://vxml4.plavxml.com https://www.youtube.com https://www.google.com https://www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.bazaarvoice.com https://www.youtube.com https://static.soulmachines.com https://fonts.googleapis.com; worker-src blob:; 1
child-src 'self'; default-src 'self' *.moneyexpert.com 'unsafe-eval' 'unsafe-inline' *.inspectlet.com exchange.cdnedge.bluemix.net *.eu-gb.mybluemix.net *.2mee.com wss://ws.inspectlet.com ajax.cloudflare.com static.cloudflareinsights.com cdn.cloudflare.com cdnjs.cloudflare.com www.googletagmanager.com *.google-analytics.com *.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net *.googleadservices.com *.google.com *.google.co.uk *.googletagservices.com www.gstatic.com  https://optimize.google.com *.cookiebot.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud www.motopoliza.com www.autopoliza.com stackpath.bootstrapcdn.com pcuktelecom.tdsapi.com *.tdscd.com https://unpkg.com code.jquery.com quote.wd.creditplus.co.uk use.fontawesome.com energy.simplyswitch.com *.quotehaven.co.uk my-protection-guru.iress.quotehaven.co.uk widget.trustpilot.com; img-src https: data:; frame-src www.googletagmanager.com *.2mee.com exchange.cdnedge.bluemix.net *.eu-gb.mybluemix.net widget.trustpilot.com www.measurementlab.net www.facebook.com www.google.com pcuktelecom.tdsapi.com *.tdscd.com www.autopoliza.com www.motopoliza.com *.cookiebot.com googleads.g.doubleclick.net *.googlesyndication.com https://optimize.google.com; 1
report-uri https://www.yelp.com/csp_block?id=7433f60a38c9cc21&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1705982558; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com fast.fonts.net siteimproveanalytics.com snap.licdn.com *.googleapis.com *.cloudfront.net ipmeta.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net p.typekit.net use.typekit.net; font-src 'self' data: fast.fonts.net fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: www.faegrebd.com *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com *.linkedin.com *.doubleclick.net fast.fonts.net; frame-src 'self' *.google.com cdn.yoshki.com faegredrinker.mediasite.com html5-player.libsyn.com player.pbs.org legaltalknetwork.com sho.co *.youtube.com *.vimeo.com podcast-stream.wbez.org *.embedly.com; connect-src 'self' *.google-analytics.com analytics.google.com fast.fonts.net *.doubleclick.net cdn.linkedin.oribi.io ipmeta.io; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' gather.town *.gather.town 1
default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.typekit.net; img-src 'self' www.google-analytics.com secure.gravatar.com p.typekit.net data: ps.w.org s.w.org; font-src 'self' use.typekit.net fonts.gstatic.com data:; script-src 'self' www.buzzsprout.com *.meritain.com www.googletagmanager.com pi.pardot.com cdnjs.cloudflare.com  use.typekit.net ajax.googleapis.com www.google-analytics.com www.linkedin.com platform.linkedin.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.buzzsprout.com www.youtube.com www.linkedin.com; connect-src 'self' *.meritain.com pi.pardot.com yoast.com www.google-analytics.com; worker-src 'self' blob:; frame-ancestors 'self' www.youtube.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://ws.zoominfo.com https://www.googletagmanager.com https://navia.my.site.com https://connect.facebook.net https://mypopups.com https://*.naviabenefits.com https://www.youtube.com https://secure.gravatar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google.com https://stats.g.doubleclick.net https://www.youtube-nocookie.com https://*.usaepay.com https://player.vimeo.com 1
frame-src 'self' https://insight.adsrvr.org https://www.facebook.com https://www.google.com https://bid.g.doubleclick.net/ https://forms.hsforms.com/ https://js.hsforms.net/ https://attackronyms.redditinc.com/ https://choozle.com/ https://www.ensighten.com/ https://cs.choozle.com/ https://nexus.ensighten.com https://match.adsrvr https://adsrvr.org/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/ https://d1aqngvyeciqhf.cloudfront.net/ https://td.doubleclick.net/ 1
frame-ancestors 'self' https://*.atrapalo.com.co; report-uri /csp/report; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fediscience.org; img-src 'self' https: data: blob: https://fediscience.org; style-src 'self' https://fediscience.org 'nonce-qObdhsZdIOtS8bFDNWgqKg=='; media-src 'self' https: data: https://fediscience.org; frame-src 'self' https:; manifest-src 'self' https://fediscience.org; form-action 'self'; connect-src 'self' data: blob: https://fediscience.org https://files.example.com wss://fediscience.org; script-src 'self' https://fediscience.org 'wasm-unsafe-eval'; child-src 'self' blob: https://fediscience.org; worker-src 'self' blob: https://fediscience.org 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-UmqJKMEUVms40P+k5FqRqQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-tTZImMuWRmpSMjjeJZ8ImfPzle8Ar4' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io www.dwin1.com cdn.mookie1.com *.outbrain.com *.pinimg.com snap.licdn.com *.adition.com unpkg.com www.decathlon.be *.retailrocket.net *.cloudfront.net *.serving-sys.com static.zdassets.com widget-mediator.zopim.com *.yimg.com *.ligatus.com www.zenaps.com the.sciencebehindecommerce.com t.contentsquare.net contentsquare.com analytics.tiktok.com script.google.com *.jsdelivr.net *.cloudflare.com script.googleusercontent.com decathlon.fr *.numerized.com view.publitas.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com *.mopinion.com syte-client-inspo.s3.eu-central-1.amazonaws.com deploy.mopinion.com plugin.prod.buyfive.co api.prod.buyfive.co act-eu.rd.linksynergy.com gum.criteo.com resources.dev.buyfive.co player.vimeo.com *.buyfive.tech console.rul.ai www.youtube.com/player_api resources.prod.buyfive.co *.batch.com js.adsrvr.org/ insight.adsrvr.org/ match.adsrvr.org/ thetradedesk.com/ googleads.g.doubleclick.net/ cm.g.doubleclick.net/ stats.g.doubleclick.net/ campaignmanager.google.com/ s2.adform.net/ a1.adform.net/ flow.adform.com/ one.zemanta.com/ p1.zemanta.com/ p.teads.tv/teads-fellow.js js-tag.zemanta.com/zcpt.js track.adform.net/Serving/TrackPoint/ rtb-csync.smartadserver.com/redir sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ criteo-sync.teads.tv/um cm.adform.net/pixel criteo-partners.tremorhub.com/sync sync-criteo.ads.yieldmo.com/sync affiliation.decathlon.be/ scripts.publitas.com polyfill.io *.smart-tribune.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app insights.decathlon.net transaction-api-4lasu2nlcq-ew.a.run.app order-insights.decathlon.net *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io development.transcript-qualification.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.pinterest.com www.decathlon.be *.retailrocket.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.salecycle.com wss://*.salecycle.com s.yimg.com the.sciencebehindecommerce.com script.google.com script.googleusercontent.com decathlon.fr *.numerized.com cache-api-6y24sun4va-ew.a.run.app settings.luckyorange.net analytics.tiktok.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com api.prod.buyfive.co *.mopinion.com act-eu.rd.linksynergy.com plugin.prod.buyfive.co maintenance.decathlon.be sslwidget.criteo.com vimeo.com *.buyfive.tech console.rul.ai spreadsheets.google.com resources.prod.buyfive.co fpc.decathlon.be *.batch.com t.teads.tv/track cm.teads.tv/v2/advertiser;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.linkedin.com *.pinterest.com *.outbrain.com *.criteo.com sync.adotmob.com prod.y-medialink.com sp.analytics.yahoo.com ext.ligatus.com www.zenaps.com www.decathlon.fr analytics.tiktok.com assets.sc-trc.com www.awin1.com www.decathlon.be decathlon.fr *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com resources.prod.buyfive.co plugin.prod.buyfive.co *.buyfive.tech console.rul.ai i.ytimg.com assets.decathlon.site www.tribord.tm.fr *.batch.com l.teads.tv/performance/http-source t.teads.tv/track p1.zemanta.com/v2/p/js/57641/PAGE_VIEW/ pixel.rubiconproject.com/tap.php ad.360yield.com/match contextual.media.net/cksync.php rtb-csync.smartadserver.com/redir/ criteo-sync.teads.tv/um cm.adform.net/pixel criteo-partners.tremorhub.com/sync ad.yieldlab.net/m sync-criteo.ads.yieldmo.com/sync server.seadform.net/serving/cookie/sync/ smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ *.criteo.com *.cube-net.org *.cube-net.pub 9152527.fls.doubleclick.net cdn.rawgit.com cdn.retailrocket.net cdnjs.cloudflare.com decathlon-be-fr--tst2.custhelp.com decathlon-be-fr--tst2.widget.custhelp.com decathlon-be-fr.custhelp.com decathlon-be-nl--tst2.custhelp.com decathlon-be-nl--tst2.widget.custhelp.com decathlon-be-nl.custhelp.com fonts.gstatic.com maxcdn.bootstrapcdn.com qanda.decathlon.com rrstatic.retailrocket.net unpkg.com www.googletagmanager.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com resources.prod.buyfive.co *.mopinion.com gum.criteo.com plugin.prod.buyfive.co *.buyfive.tech console.rul.ai smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.cube-net.org *.cube-net.pub maxcdn.bootstrapcdn.com www.decathlon.be resources.prod.buyfive.co *.buyfive.tech console.rul.ai smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com *.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net static.zdassets.com www.decathlon.fr decathlon.fr resources.prod.buyfive.co *.buyfive.tech console.rul.ai;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com decathlon-be-fr--tst2.custhelp.com *.salecycle.com www.zenaps.com embed.windy.com decathlon-be-fr.custhelp.com helpfr.decathlon.be decathlon-be-nl.custhelp.com helpnl.decathlon.be www.youtube-nocookie.com gum.criteo.com *.pinterest.com player.vimeo.com console.rul.ai www.pinterest.fr form.jotform.com submit.jotformeu.com c1.adform.net/ insight.adsrvr.org/;frame-ancestors 'self'; 1
frame-ancestors 'self' us.hivebrite.com 1
default-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' uniklinikum-dresden.de youtube.com; connect-src 'self' cgcweb.med.tu-dresden.de; img-src https: 'self' uniklinikum-dresden.de data:; style-src 'unsafe-inline' 'self' uniklinikum-dresden.de; font-src 'unsafe-inline' 'self' https://www.uniklinikum-dresden.de data: uniklinikum-dresden.de; frame-src 'self' www.youtube.com cgcweb.med.tu-dresden.de ukd-navigator.de em.altruja.de altruja.de ukdd.de www.ukdd.de; media-src 'self' data: uniklinikum-dresden.de; object-src 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 'self' blob: ;connect-src https: wss: 1
base-uri 'self'; object-src 'none'; script-src 'self' 'report-sample'    'nonce-a61965c764' 'nonce-9d3f436162' 'nonce-a00684272d' 'nonce-47ca9587c8' 'nonce-a4d3c79fda' 'nonce-90cf56519e' 'nonce-72e98245b7' 'nonce-01aa08a111' 'nonce-e265c01f95' 'nonce-e45c74d27f' 'nonce-5fcc80362e' 'nonce-47ca9587c8' 'nonce-47ca9587c8' 'nonce-fc19f148fd' 'nonce-4edb9d575f' 'nonce-a61965c764' 'nonce-ed46a0f039' 'nonce-8afd98d377' 'nonce-44a8f042e7' 'nonce-2a2891ec4a' 'nonce-8c2795c727' 'nonce-c1d76cec94' 'nonce-32d89aeb1d' 'nonce-0700f0ce94' 'nonce-db1a7bdaa0' 'nonce-353aa9cd84' 'nonce-e6cabab3ad' 'nonce-7123a9620d' 'nonce-1b003d2303' 'nonce-764acf4650' 'nonce-adb18bfe73' 'nonce-e392ebb450' 'nonce-71217b1ac0' 'nonce-0e8d394847' 'nonce-a355c9b4a7' 'nonce-e095941d22' 'nonce-b59cfab182' 'nonce-b826bf0aa5' 'nonce-b1ad2a8a48' 'nonce-5ba9867054' 'nonce-4d2a92fd81' 'nonce-4d2a92fd81'     https://www.googletagmanager.com/ https://tracker.metricool.com/app/resources/be.js https://t3078dff3.emailsys1a.net/form/ https://cdnjs.cloudflare.com/ajax/libs/punycode/ https://cdn02.jotfor.ms/static/ https://cdn03.jotfor.ms/static/ https://form.jotformeu.com/jsform/ https://jobs.jobvite.com https://cdn.jsdelivr.net/npm/@splidejs/ https://connect.facebook.net/en_US/; form-action 'self'      ; frame-ancestors 'self'; report-uri https://64bdae064f8049a8e8accbc0.endpoint.csper.io/?v=11; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; media-src * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors map.mchs.gov.by mchs.gov.by 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com https://sts.windows.net https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl https://*.govmetric.com https://*.servmetric.com api.scribit.pro  *.siteimprove.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://sts.windows.net https://login.microsoftonline.com  https://*.govmetric.com https://*.servmetric.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report *.readspeaker.com; img-src 'self' data: https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://www.toegankelijkheidsverklaring.nl https://*.govmetric.com https://*.servmetric.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com https://virtuele-gemeente-assistent.nl 'sha256-1kurchXLenhrSc79qV7LVZcpEByPrF/MZFfKBqDPfGQ=' https://*.govmetric.com https://*.servmetric.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js 'sha256-Fv3CN9btEFmQ9tCoNN5oAQKT/uq8+QHdyEpL0PAYEKI='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-WKudBRScFMawOynLwmqcXVii9WI2cS22W9g748Limec=' cdn1.readspeaker.com; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-WKudBRScFMawOynLwmqcXVii9WI2cS22W9g748Limec='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-WKudBRScFMawOynLwmqcXVii9WI2cS22W9g748Limec=' cdn1.readspeaker.com; base-uri 'self'; frame-ancestors 'self' 1
default-src 'none'; base-uri 'self'; font-src 'self' https: data: https://fonts.gstatic.com; img-src 'self' https: https://modernmsg.com https://communityrewards.me data: blob: https://players.brightcove.net https://*.boltdns.net https://*.akamaihd.net; media-src blob: https://static.zdassets.com https://web1.acsbapp.com/ https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://*.cf.brightcove.com; object-src 'self'; frame-ancestors https://www.gables.com; frame-src 'self' https://acsbapp.com https://web1.acsbapp.com/ https://players.brightcove.net https://looker.realpage.com http://looker.realpage.com https://looker.communityrewards.me http://looker.communityrewards.me https://looker-dev.g5devops.com http://looker-dev.g5devops.com https://reports-dev.internal.mmops.net http://reports-dev.internal.mmops.net https://reports-staging.internal.mmops.net http://reports-staging.internal.mmops.net https://reports.communityrewards.me http://reports.communityrewards.me; script-src 'self' blob: 'unsafe-eval' https://acsbap.com https://acsbapp.com https://accessibeapp.com https://accessibe.com https://cdn.acsbapp.com https://web1.acsbapp.com/ https://*.brightcove.net https://vjs.zencdn.net https://connect.facebook.net http://fast.appcues.com https://fast.appcues.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://static.filestackapi.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com/ https://ajax.googleapis.com https://maps.googleapis.com https://sentry.io https://assets.customer.io https://assets.zendesk.com https://static.zdassets.com https://widget-mediator.zopim.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://cs-cdn.realpage.com https://cdn.realpage.com https://tracking-dev.realpage.com https://www.youtube.com 'nonce-8uDyZjpy5wn+FqC983JePA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.filestackapi.com https://cs-cdn.realpage.com https://players.brightcove.net https://fast.appcues.com; connect-src 'self' blob: https://acsbap.com https://acsbapp.com https://accessibeapp.com https://accessibe.com https://cdn.acsbapp.com https://web1.acsbapp.com/ https://en.wikipedia.org/ https://en.wiktionary.org/ https://*.akafms.net https://*.akamaihd.net https://*.api.brightcove.com http://*.boltdns.net https://*.brightcove.com https://*.brightcove.net https://*.cf.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.media.brightcove.com https://hlstoken-a.akamaihd.net https://modernmsg-assets.s3.amazonaws.com https://cdn.filestackcontent.com https://*.filestackapi.com https://s3.amazonaws.com/filestack-uploads-persist-production/ https://mm-dev-filestack.s3-us-east-2.amazonaws.com/ https://filestack-uploads-persist-production.s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com/ https://stats.g.doubleclick.net https://ekr.zdassets.com https://modernmsg.zendesk.com https://mminternal.zendesk.com https://modernmsgdashboard.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.facebook.com https://*.lr-in.com https://r.lr-ingest.io https://sentry.io https://cs-cdn.realpage.com https://cdn.realpage.com https://tracking-dev.realpage.com wss://api.appcues.net https://api.appcues.net; child-src 'self' blob: https://acsbapp.com; form-action 'self' https://www.realpage.com; manifest-src 'self' 1
base-uri 'self' 'unsafe-inline' 'unsafe-eval'  https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.trustedshops.co.uk/buyerrating/info_X93D475E1BF679F083C0D1582454C3483.html https://www.trustedshops.es/evaluacion/info_X20DF4B0194522AAB4B67F1BD773A7534.html https://hooks.slack.com/services/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 https://umap.openstreetmap.fr/ https://fonts.googleapis.com https://mypudo.pickup-services.com/mypudo/mypudo.asmx https://api.trustedshops.com/rest/restricted/v2/shops https://733-cee-728.mktorest.com https://www.fna-cartegrise.fr/euro4x4parts.asp https: www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ga.js https://va.tawk.to/v1/session/start https://embed.tawk.to/ https://www.tawk.to/; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https:;  connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; object-src 'self'; font-src 'self' https://embed.tawk.to/ data: fonts.gstatic.com; 1
default-src 'self' data: https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data:; font-src *; connect-src 'self' 1
frame-ancestors 'self' http://www.hellmanns.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://app.storyblok.com; object-src 'none'; img-src  * 'unsafe-inline' 'unsafe-eval' data:; report-uri https://1tt00t50.uriports.com/reports/enforce; report-to default 1
default-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'nonce-5eb90a15d0aae4e760fca4ac135d1819' 'strict-dynamic' 'self' 'unsafe-eval' https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com; connect-src 'self' wss://bitnodes.io https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com; img-src data: 'self' https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' d2f5cg397c40hu.cloudfront.net *.disquscdn.com disqus.com *.googleapis.com github.githubassets.com stats.g.doubleclick.net; script-src 'self' cdn.jsdelivr.net www.google.com player.vimeo.com d2f5cg397c40hu.cloudfront.net maps.googleapis.com js.stripe.com www.facebook.com connect.facebook.net https://connect.facebook.net platform.twitter.com *.disqus.com *.disquscdn.com www.google-analytics.com www.gstatic.com recaptcha.net 'unsafe-inline' 'unsafe-eval' *.algolianet.com *.algolia.net gist.github.com *.helpscout.net ssl.google-analytics.com *.gstatic.cn *.googletagmanager.com tagmanager.google.com cdn-cookieyes.com *.googleoptimize.com optimize.google.com www.klaviyo.com cdnjs.cloudflare.com *.licdn.com *.redditstatic.com static.klaviyo.com static-tracking.klaviyo.com accounts.google.com www.clarity.ms; frame-src 'self' www.youtube.com www.google.com recaptcha.net js.stripe.com player.vimeo.com www.facebook.com web.facebook.com platform.twitter.com e.widgetbot.io disqus.com optimize.google.com; frame-ancestors 'self'; img-src * data:; font-src 'self' d2f5cg397c40hu.cloudfront.net fonts.gstatic.com recaptcha.net data: *.googleapis.com; connect-src 'self' www.google-analytics.com www.facebook.com stats.g.doubleclick.net *.algolia.net links.services.disqus.com syndication.twitter.com *.algolianet.com r2cn6b0sec-dsn.algolia.net recaptcha.net https://ssl.google-analytics.com https://d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net maps.googleapis.com *.widgetbot.io *.cookieyes.com cdn-cookieyes.com manage.kmail-lists.com cdn.linkedin.oribi.io static-forms.klaviyo.com *.klaviyo.com *.clarity.ms; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com recaptcha.net *.algolianet.com *.algolia.net *.google-analytics.com *.disquscdn.com *.googleapis.com github.githubassets.com optimize.google.com www.googletagmanager.com *.klaviyo.com; report-uri /_csp-report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;base-uri 'self'; frame-ancestors 'self'; block-all-mixed-content; 1
frame-ancestors 'self' www.misericordia.edu misericordia.edu mymu.misericordia.edu; 1
img-src 'self' *.mylo.id https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com assets.hearstapps.com https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ data: *.resin.com;default-src 'self' *.mylo.id https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com *.resin.com;script-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';frame-ancestors 'self' *.resin.com *.mylo.id;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' gazetki.aldi.pl experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'none'; connect-src 'self' https://region1.google-analytics.com https://analytics.google.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://apps.watershed.co.uk https://www.youtube.com https://www.google.com/maps/; img-src 'self' https://apps.watershed.co.uk www.googletagmanager.com https://img.youtube.com data:; script-src 'self' 'unsafe-eval' https://unpkg.com https://www.googletagmanager.com; script-src-elem 'self' https://unpkg.com https://www.googletagmanager.com 'unsafe-hashes' 'sha256-Ifde1ouNzCnx1cWIgzBRPGzCx9yebj06xTB7Cq8ro0E='; style-src 'self' https://p.typekit.net https://use.typekit.net; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' *.monday.com/ https://iframetester.com/ 1
default-src 'self'; script-src 'self' 'nonce-JTi3TDKuO5LNB5WI5QSenPVpwEmku5zGHYJ3hhzY9/4=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-JTi3TDKuO5LNB5WI5QSenPVpwEmku5zGHYJ3hhzY9/4=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-JTi3TDKuO5LNB5WI5QSenPVpwEmku5zGHYJ3hhzY9/4=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1
default-src 'self' https://*.chesstempo.com:*;connect-src 'self' https://*.chesstempo.com:* wss://*.chesstempo.com:* wss://chesstempo.com;upgrade-insecure-requests;base-uri 'self' https://*.chesstempo.com:*;form-action 'self' https://*.chesstempo.com:*;frame-ancestors 'self' https://*.chesstempo.com:*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chesstempo.com:*;object-src 'none';worker-src blob: 'self';style-src 'self' 'unsafe-inline' https://*.chesstempo.com:*;frame-src 'self' https://*.chesstempo.com:*;font-src 'self' data: https://*.chesstempo.com:*;img-src 'self' data: https://* http://* 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://isitetv.com https://www.zenaps.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.it https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://*.criteo.net https://*.obsess-vr.com data: https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.it https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://cdn.obsess-vr.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.it https://m.lookfantastic.it https://checkout.lookfantastic.it https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.akamaihd.net https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://cdn.obsess-vr.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; base-uri 'self'; script-src 'self' https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://*.instana.io; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.elitepartner.de https://tms.elitepartner.de https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self'; font-src * data: https:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' https:; style-src * 'unsafe-inline' https:; connect-src * https:; frame-src * https:;worker-src 'self' blob:; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob: https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.co.jp https://www.google.co.jp https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.jp https://m.lookfantastic.jp https://checkout.lookfantastic.jp https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://mondaynote.com https://*.mondaynote.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: wss:; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' *.letsgo.golf *.azurewebsites.net *.windows.net           *.supremegolf.com *.amazonaws.com *.google.com *.googleapis.com           bid.g.doubleclick.net www.facebook.com app.trustlock.co *.spreedly.com           *.hsforms.com blob:; script-src * 'unsafe-inline' blob:; connect-src           *; img-src * data: blob: 'unsafe-inline'; font-src * data: blob:           'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; 1
default-src 'self' *.linq.com *.titank12.com *.linqconnect.com *.linqengineering.com cdnjs.cloudflare.com *.typekit.net unpkg.com *.launchdarkly.com *.datadog.com cdn.jsdelivr.net *.storage.googleapis.com *.googletagmanager.com fonts.googleapis.com *.gstatic.com api.rss2json.com *.google-analytics.com *.fullstory.com *.pendo.io linqlearning.wistia.com *.wistia.net connect.facebook.net at.alicdn.com translate.google.com translate.yandex.net translate.googleapis.com *.force.com *.salesforce.com i.ibb.co *.salesforceliveagent.com emslinq313547.my.site.com emslinq313547.my.salesforce.com *.browser-intake-us3-datadoghq.com 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'none'; frame-src 'self' *.pendo.io portal.feedback.us.pendo.io *.wistia.net linqlearning.wistia.com emslinq313547.my.salesforce.com service.force.com; frame-ancestors 'none'; worker-src 'self' blob:; report-uri https://sapi.titank12.com/linq-connect/csp-violation-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' media.cdn.epic.com mediacustomerstreaming01.keydelivery.northcentralus.media.azure.net keydelivery.epic.com; object-src 'none'; media-src 'self' blob: cdn.epic.com media.cdn.epic.com; worker-src blob:; frame-ancestors 'self'  1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.youtube.com  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  *.greenwichcompliance.com; 1
frame-ancestors 'self' http://www.1001jogos.pt 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.clientpay.com/scripts/embed.js http://us2.siteimprove.com/js/siteanalyze_17084.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline' https://cloud.typography.com/ https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com/ https://player.vimeo.com/ https://app.clientpay.com/ https://www.youtube-nocookie.com;  img-src 'self' data: https://17084.global.siteimproveanalytics.io https://www.google-analytics.com https://i.vimeocdn.com/ https://i.ytimg.com/; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.pl https://adservice.google.com https://tpc.googlesyndication.com; connect-src https://grooove.pl https://*.grooove.pl https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline'; frame-src https://googleads.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com; font-src 'self' https:; img-src https: data: 1
frame-ancestors 'self' https://i9sports.brightpattern.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
default-src=* 1
default-src 'none' ; frame-ancestors 'self' https://www.epay.bg/ ; base-uri 'none' ; connect-src 'self' http://127.0.0.1:*/ https://*.openstreetmap.org/ https://maps.easypay.bg/ https://maps.googleapis.com/ ; script-src 'self' 'unsafe-inline' https://online.datamax.bg/ https://maps.googleapis.com/ https://www.google-analytics.com/ ; style-src 'self' 'unsafe-inline' https://online.datamax.bg/ https://fonts.googleapis.com/ ; img-src 'self' data: https://online.datamax.bg/ https://maps.easypay.bg/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.google-analytics.com/ ; font-src 'self' data: https://fonts.gstatic.com/ ; media-src 'self' ; frame-src 'self' https://www.epay.bg/ https://www.google.com/ https://www.youtube.com/ ; report-uri https://www.easypay.bg/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' intervia.com *.intervia.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.lg.lv 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://floss.social; img-src 'self' https: data: blob: https://floss.social; style-src 'self' https://floss.social 'nonce-MVYuN4HOIqlWYbyCx6AEEA=='; media-src 'self' https: data: https://floss.social; frame-src 'self' https:; manifest-src 'self' https://floss.social; form-action 'self'; child-src 'self' blob: https://floss.social; worker-src 'self' blob: https://floss.social; connect-src 'self' data: blob: https://floss.social https://cdn.masto.host wss://floss.social; script-src 'self' https://floss.social 'wasm-unsafe-eval' 1
frame-src *.criteo.com *.google.com *.issuu.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.ibb.com 1
upgrade-insecure-requests; block-all-mixed-content; object-src 'none' 1
default-src * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none' 1
default-src 'none'; upgrade-insecure-requests; img-src data: https://cambriancollege.ca https://www.facebook.com https://www.google.com https://*.google.com https://*.google.ca https://www.google-analytics.com https://*.g.doubleclick.net https://www.googleapis.com https://*.jquery.com https://*.gravatar.com https://www.googletagmanager.com https://*.clickdimensions.com https://scontent.cdninstagram.com https://*.b0e8.com https://*.amazonaws.com https://*.prestosports.com https://*.instagram.com https://*.cdninstagram.com https://*.cloudflare.com https://*.google.se https://*.comm100.io https://*.comm100vue.com https://*.bc0a.com https://*.placeholder.com https://*.eqads.com https://img.youtube.com https://i.ytimg.com https://pixel.sitescout.com https://tr.snapchat.com https://i.giphy.com https://*.cognitoforms.com https://*.hotjar.com;; script-src 'unsafe-inline' 'unsafe-eval' https://cambriancollege.ca https://www.google.com https://*.google.com https://*.google.ca https://www.googleadservices.com https://www.googletagmanager.com https://cdn.desk.com https://*.clickdimensions.com https://*.cloudflare.com https://*.facebook.net https://*.jquery.com https://*.googleapis.com https://*.g.doubleclick.net https://*.gstatic.com https://*.youtube.com https://www.google-analytics.com https://siteimproveanalytics.com https://livestream.com https://s.ytimg.com https://*.b0e8.com https://*.cloudfront.net https://ethn.io https://unpkg.com https://*.instagram.com https://*.cdninstagram.com https://*.hotjar.com https://*.simpli.fi https://acuityplatform.com https://*.comm100.io https://*.comm100vue.com https://*.bc0a.com https://*.jsdelivr.net https://polyfill.io https://*.eqads.com https://*.pagespeed-mod.com https://*.cambriancollege.ca https://up.pixel.ad https://*.comm100.com https://tags.srv.stackadapt.com https://*.googleapis.com https://sc-static.net https://*.googleadservices.com https://*.cognitoforms.com https://*.hotjar.com;; connect-src https://cambriancollege.ca https://*.clickdimensions.com https://*.google-analytics.com https://google-analytics.com https://*.panono.com https://*.facebook.com https://*.hotjar.com https://*.comm100vue.com https://*.comm100.io https://stats.g.doubleclick.net https://*.youtube.com https://spreadsheets.google.com https://tags.srv.stackadapt.com https://*.googleapis.com https://tr.snapchat.com https://*.cognitoforms.com https://www.cloudflare.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cognitoprod.blob.core.windows.net;; frame-src https://cambriancollege.ca https://www.facebook.com https://cse.google.com https://*.g.doubleclick.net https://*.youtube.com https://*.twitter.com https://livestream.com https://embed.expertfile.com https://*.panono.com https://ethn.io https://www.google.com https://*.hotjar.com https://*.comm100.io  https://*.comm100vue.com https://*.matterport.com https://*.adobe.com https://*.cambriancollege.ca https://pixel.sitescout.com https://ccmtc.janeapp.com https://tr.snapchat.com https://giphy.com https://*.hotjar.com;; font-src data: https://cambriancollege.ca https://*.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.hotjar.com https://www.facebook.com https://*.comm100.io  https://*.comm100vue.com https://*.cdnfonts.com https://*.comm100.com https://*.hotjar.com;; style-src 'unsafe-inline' https://cambriancollege.ca https://www.gstatic.com https://www.google.com https://*.google.com https://*.google.ca https://*.bootstrapcdn.com https://*.googleapis.com https://*.jquery.com https://hello.myfonts.net https://cdn.desk.com https://unpkg.com https://*.cloudflare.com https://*.comm100.io https://*.comm100vue.com https://*.cdnfonts.com https://*.jsdelivr.net https://tags.srv.stackadapt.com https://*.hotjar.com;; manifest-src https://cambriancollege.ca; media-src https://cambriancollege.ca https://*.comm100.io https://*.comm100vue.com https://*.bc0a.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://hackers.town 'wasm-unsafe-eval'; font-src 'self' https://hackers.town; img-src 'self' data: blob: https://hackers.town; style-src 'self' https://hackers.town 'nonce-KOrwCS9kJEVgTYGI1qnSoQ=='; media-src 'self' data: https://hackers.town; frame-src 'self' https:; child-src 'self' blob: https://hackers.town; worker-src 'self' blob: https://hackers.town; connect-src 'self' blob: data: wss://hackers.town https://hackers.town; manifest-src 'self' https://hackers.town; form-action 'self' 1
frame-ancestors 'self' *.diabetesdaily.com *.everydayhealth.com *.ceros.com *.googleapis.com *.zdbb.net 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://bae.st wss://bae.st https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' cdn.vena.io; object-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.pendo.io https://pendo-static-5675147559960576.storage.googleapis.com; img-src 'self' *.pendo.io *.zendesk.com *.zdusercontent.com *.smooch.io blog: *.vena.io cdn.vena.io https://app.hubspot.com/ https://forms.hsforms.com/ https://stats.g.doubleclick.net/ https://f.hubspotusercontent30.net *.hubspotusercontent-na1.net *.hubspotusercontent-eu1.net https://pendo-static-5675147559960576.storage.googleapis.com https://track.hubspot.com/ *.office.net data:; media-src *.vena.io; script-src 'self' 'unsafe-eval' cdn.vena.io *.pendo.io pendo-io-static.storage.googleapis.com js.hs-scripts.com https://js.usemessages.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js-na1.hs-scripts.com/ *.hs-scripts.com/ js.hsadspixel.net js.hsleadflows.net 'sha256-SbiQe5oCB/VZww2VIswn0bcGBSncnqSIGJT65vx0PTA=' 'sha256-0qfSunzFXBOpqHqsdsSCzvpvMc7t0Sf7Wnfp7ybY+W4='; script-src-elem 'self' 'unsafe-eval' *.pendo.io *.zdassets.com *.sentry.io *.smooch.io pendo-io-static.storage.googleapis.com https://pendo-static-5675147559960576.storage.googleapis.com js.hs-scripts.com https://js.usemessages.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js-na1.hs-scripts.com/ *.hs-scripts.com/ js.hsadspixel.net js.hsleadflows.net 'sha256-SbiQe5oCB/VZww2VIswn0bcGBSncnqSIGJT65vx0PTA=' 'sha256-0qfSunzFXBOpqHqsdsSCzvpvMc7t0Sf7Wnfp7ybY+W4=' cdn.vena.io; frame-src 'self' https://app.powerbi.com/ https://app.hubspot.com/ *.vena.io app.pendo.io api.feedback.us.pendo.io portal.feedback.eu.pendo.io *.officeapps.live.com; child-src 'self' https://app.powerbi.com/ https://app.hubspot.com/ *.vena.io app.pendo.io; connect-src 'self' sentry.io *.sentry.io *.vena.io *.zendesk.com *.zdassets.com *.smooch.io wss://api.smooch.io https://forms.hubspot.com/ https://api.hubspot.com/ api.hubapi.com/ *.pendo.io/; form-action 'self' *.vena.io; frame-ancestors 'self' https://app.powerbi.com/ https://app.hubspot.com/ *.vena.io app.pendo.io; font-src 'self' fonts.gstatic.com data:; report-uri https://o61911.ingest.sentry.io/api/6309179/security/?sentry_key=effce250545b4e33925d9d2bcd22234d&sentry_environment=us1; 1
default-src * blob:; font-src * data:; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; report-uri https://cspreports.azurewebsites.net/api/PostReport 1
frame-ancestors https://usabilitytools.com https://www.elektrum.lv https://static.elektrum.lv https://mans.elektrum.lv https://card.elektrum.lv https://elektrum.lv https://istends.energo.lv 1
default-src 'self' https: data: wss://api.smooch.io/faye ; script-src 'self' http://*.googletagmanager.com http://static.klaviyo.com 'unsafe-eval' 'unsafe-inline' blob: https:; child-src lume.com https://mywallet.deals/ https://enrollnow.vip/ https://join.mywallet.deals/ https://pixel.sitescout.com https://www.googletagmanager.com https://servedby.flashtalking.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https:; font-src 'self' https://*.typekit.net data: https: ; img-src 'self' https://images.dutchie.com https://s3-us-west-2.amazonaws.com https://images.contentstack.io https://ad.ipredictive.com https://clickserv.sitescout.com https://maps.gstatic.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://pixel.sitescout.com https://i.ytimg.com/ https://raw.githubusercontent.com https://t.co https://analytics.twitter.com https://lumehelp.zendesk.com https://p23.zdusercontent.com https://media.smooch.io/ data:; 1
child-src https://share.intercom.io   https://intercom-sheets.com https://www.youtube-nocookie.com  https://www.youtube.com   https://player.vimeo.com   https://fast.wistia.net blob:; connect-src 'self' www.facebook.com dev.visualwebsiteoptimizer.com *.wisepops.com *.googlesyndication.com *.typekit.net  https://appupdate.intoithost.be https://client.localmiddleware.be:20202  https://api.intercom.io   https://api-iam.intercom.io   https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io   https://nexus-websocket-b.intercom.io   https://nexus-long-poller-a.intercom.io   https://nexus-long-poller-b.intercom.io   wss://nexus-websocket-a.intercom.io   wss://nexus-websocket-b.intercom.io   https://uploads.intercomcdn.com   https://uploads.intercomusercontent.com   https://app.getsentry.com *.google-analytics.com cdn.cookielaw.org https://s.yimg.com *.analytics.google.com *.dela-env.net dela-real-time-ui-events-prd.azurewebsites.net customer-portal-ui-gateway.prd.dela-env.net dela-signalr-customer-portal-prd.service.signalr.net wss://dela-signalr-customer-portal-prd.service.signalr.net www.googleapis.com https://www.ingedachten.be https://www.dansnospensees.be stats.g.doubleclick.net  https://privacyportal-eu.onetrust.com *.google.com https://googleads.g.doubleclick.net delabe-api-addressservice-prd.azurewebsites.net delabe-api-premiumcalculation-prd.azurewebsites.net https://tpc.googlesyndication.com *.googleapis.com *.gsitrix.com webtrafficsource.com geolocation.onetrust.com middleware.diossupdate.com middleware-update-test.dioss.io https://hcaptcha.com https://*.hcaptcha.com api.cludo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com api-iam.eu.intercom.io wss://nexus-europe-websocket.intercom.io activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net a.clarity.ms bat.bing.com r.clarity.ms https://*.clarity.ms *.kameleoon.io *.kameleoon.com *.kameleoon.eu tr.outbrain.com; default-src 'self' https://*.kameleoon.com https://jpc9r4857m.kameleoon.eu https://*.kameleoon.io;; font-src 'self' sp-bootstrap.global.ssl.fastly.net apikeys.civiccomputing.com fonts.gstatic.com use.typekit.com https://js.intercomcdn.com data: *.dela-env.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.intercomcdn.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com *.doubleclick.net *.facebook.com *.vimeo.com *.spotify.com *.cvwarehouse.com www.google.com appupdate.intoithost.be  https://optimize.google.com app.livestorm.co cdn.cookielaw.org drive.google.com embed.webinargeek.com vimeo.com tpc.googlesyndication.com *.fls.doubleclick.net *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.soundcloud.com https://intercom-sheets.com https://*.tradedoubler.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; img-src 'self' data: dev.visualwebsiteoptimizer.com stats.g.doubleclick.net *.facebook.com *.google-analytics.com i.ytimg.com maps.gstatic.com maps.googleapis.com csi.gstatic.com googleads.g.doubleclick.net *.google.com *.typekit.net *.wisepops.com *.qualys.com http://www.euroflorist.be *.google.it *.googleapis.com *.gstatic.com *.tradetracker.net *.googleadservices.com *.mediahuis.be secure.adnxs.com *.atemda.com *.tradedoubler.com *.google.com.tr *.google.be http://tracking.lqm.io *.metaffiliation.com https://pubads.g.doubleclick.net https://js.intercomcdn.com   https://static.intercomassets.com   https://downloads.intercomcdn.com   https://uploads.intercomusercontent.com   https://gifs.intercomcdn.com  https://www.google.nl www.googletagmanager.com https://lt45.net https://www.lt45.net https://optimize.google.com cdn.cookielaw.org *.dela-env.net *.google.kz  https://www.ingedachten.be https://www.dansnospensees.be atelierfleur.be sp.analytics.yahoo.com p1.zemanta.com tr.outbrain.com igdstorageprd.blob.core.windows.net customer.cludo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.analytics.google.com downloads.intercomcdn.eu https://bat.bing.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net c.clarity.ms https://c.bing.com https://c.clarity.ms *.kameleoon.io *.kameleoon.com *.kameleoon.eu https://static.intercomassets.eu; media-src 'self' data: https://js.intercomcdn.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu; object-src 'self' drive.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.dela.be dev.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval' www.dela.be dev.visualwebsiteoptimizer.com www.youtube-nocookie.com www.youtube.com s.ytimg.com www.google.com www.google-analytics.com *.facebook.com *.facebook.net apikeys.civiccomputing.com www.googletagmanager.com  ajax.googleapis.com *.adhese.com ajax.aspnetcdn.com use.typekit.com www.googleadservices.com *.wisepops.com *.cvwarehouse.com *.google.com secure.adnxs.com maps.googleapis.com http://api.cvwarehouse.com *.lqm.io  www.gstatic.com  https://app.intercom.io   https://widget.intercom.io https://intercom-sheets.com https://js.intercomcdn.com https://googleads.g.doubleclick.net cdn.cookielaw.org s.yimg.com sp.analytics.yahoo.com *.dela-env.net *.moatads.com info.dela.be http://info.dela.be https://geolocation.onetrust.com amplify.outbrain.com tpc.googlesyndication.com tr.outbrain.com cdn.jsdelivr.net *.metaffiliation.com *.bsmartdata.com *.gsitrix.com *.adserverboost.com webtrafficsource.com *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdnjs.cloudflare.com https://bat.bing.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net www.youtube-nocookie.com www.youtube.com s.ytimg.com www.google.com www.google-analytics.com *.facebook.com *.facebook.net apikeys.civiccomputing.com www.googletagmanager.com  ajax.googleapis.com *.adhese.com ajax.aspnetcdn.com use.typekit.com www.googleadservices.com *.wisepops.com *.cvwarehouse.com *.google.com secure.adnxs.com maps.googleapis.com http://api.cvwarehouse.com *.lqm.io  www.gstatic.com  https://app.intercom.io   https://widget.intercom.io https://intercom-sheets.com https://js.intercomcdn.com https://googleads.g.doubleclick.net cdn.cookielaw.org s.yimg.com sp.analytics.yahoo.com *.dela-env.net *.moatads.com info.dela.be http://info.dela.be https://geolocation.onetrust.com amplify.outbrain.com tpc.googlesyndication.com tr.outbrain.com cdn.jsdelivr.net *.metaffiliation.com *.bsmartdata.com *.gsitrix.com *.adserverboost.com webtrafficsource.com *.mathtag.com https://hcaptcha.com https://*.hcaptcha.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdnjs.cloudflare.com https://bat.bing.com www.googleoptimize.com https://*.clarity.ms jpc9r4857m.kameleoon.eu *.kameleoon.com *.kameleoon.io *.kameleoon.eu https://dela.emsecure.net https://*.outbrain.com https://*.tradedoubler.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.dela-env.net customer.cludo.com https://hcaptcha.com https://*.hcaptcha.com https://*.hotjar.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 1
report-uri https://sinjali.com 1
block-all-mixed-content; frame-ancestors *.lojavirus.com.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://journa.host; img-src 'self' https: data: blob: https://journa.host; style-src 'self' https://journa.host 'nonce-AfB5CBlUMiCdk3KA8oR8ng=='; media-src 'self' https: data: https://journa.host; frame-src 'self' https:; manifest-src 'self' https://journa.host; form-action 'self'; child-src 'self' blob: https://journa.host; worker-src 'self' blob: https://journa.host; connect-src 'self' data: blob: https://journa.host https://assets.journa.host wss://journa.host; script-src 'self' https://journa.host 'wasm-unsafe-eval' 1
frame-ancestors 'self'; block-all-mixed-content; frame-src 'self' https://*.kliniki.pl *.google.com *.maptiler.com *.proassist.pl *.youtube.com *.facebook.com *.googletagmanager.com *.medonet.pl *.cookiebot.com 1
default-src 'self';img-src 'self' 'unsafe-inline' * data: www.w3.org;frame-src 'self' staticcontents.investis.com vars.hotjar.com in.hotjar.com *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net *.webvideocore.net *.smartrecruiters.com *.investis.com cdgwebsites.com *.doubleclick.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com cdnjs.cloudflare.com *.idigitalcontents.com fast.fonts.net *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.idigitalcontents.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' staticcontents.investis.com cdn.cookielaw.org viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com www.youtube.com *.vimeo.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.googleadservices.com *.onetrust.com;media-src 'self' *.brightcove.com *.brightcovecdn.com *.investis.com;connect-src 'self' *.facebook.net *.facebook.com cdn.cookielaw.org viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.googleapis.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.onetrust.com;base-uri 'none'; form-action 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-kGDo0ZzLPaCjI5UYFBq4DPW/TRqhITPO+I9rObXHAjKjRCtm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors hello.useme.com meet.useme.com 1
default-src 'self' data: blob: *.safechat.com safechat.com *.gstatic.com *.googleapis.com *.maps.googleapis.com *.youtube.com *.vimeo.com rumble.com;frame-ancestors 'self' *.safechat.com;script-src 'self' *.safechat.com *.maps.googleapis.com *.googleapis.com *.doubleclick.net *.ytimg.com 'unsafe-eval' blob: 'unsafe-inline' *.youtube.com *.vimeo.com rumble.com *.googletagmanager.com;style-src 'self' *.safechat.com 'unsafe-inline' *.gstatic.com *.googleapis.com;img-src 'self' blob: data: safechat.com *.safechat.com *.ytimg.com *;connect-src 'self' data: *.safechat.com wss://*.safechat.com:* *.youtube.com *.vimeo.com rumble.com *.google-analytics.com;upgrade-insecure-requests 1
default-src https://dev40.aspetos.com/ https://test.aspetos.com/ https://live.aspetos.com/ https://aspetos.com/  https://media.aspetos.com/ https://cdnjs.cloudflare.com/ https://*.googleusercontent.com/ https://s3.eu-central-1.amazonaws.com/static.aspetos.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.google.de/ 'unsafe-inline' 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com https://maps.googleapis.com *.mouseflow.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.cookiebot.com *.mouseflow.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-1KwM3xkDEGlzYcPRwwQp/6rqwKbJyKpDAUOnDHg7VGE=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com https://developers.google.com https://maps.googleapis.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl 1
script-src 'self' 'unsafe-inline' 'nonce-MjRjYTQyOTFmYWNjNDI5Y2M5MjBlYjY1OWU0ODg4M2E=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self' 1
frame-ancestors dealcloud.com www.dealcloud.com dealcloud.wpengine.com dealcloudstage.wpengine.com dealcloud2019.wpengine.com; 1
default-src 'self' 'unsafe-inline' data: *.algolia.net optanon.blob.core.windows.net stats.g.doubleclick.net api.craftcms.com go.pardot.com maps.googleapis.com geolocation.onetrust.com www.google-analytics.com googleads.g.doubleclick.net cdn.cookielaw.org downloads.microscope.healthcare.nikon.com *.healthcare.nikon.com d2yjaub2m73j9n.cloudfront.net; frame-ancestors 'self'; img-src 'self' data: i.ytimg.com cdn.cookielaw.org i.vimeocdn.com pluginicons.craft-cdn.com maps.googleapis.com maps.gstatic.com www.google.com downloads.microscope.healthcare.nikon.com www.google-analytics.com; font-src 'self' data: fast.fonts.net d2yjaub2m73j9n.cloudfront.net; script-src 'self' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com cdn.jsdelivr.net polyfill.io www.youtube.com ajax.googleapis.com www.gstatic.com www.google.com mktdplp102cdn.azureedge.net maps.googleapis.com go.healthcare.nikon.com use.typekit.net  pi.pardot.com www.googletagmanager.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline' blob: fast.fonts.net www.googleadservices.com cdn.cookielaw.org pages.nikoninst.com pi.pardot.com googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net optanon.blob.core.windows.net fast.fonts.net fonts.googleapis.com; frame-src 'self' www.youtube-nocookie.com player.vimeo.com js.stripe.com *.nikon.com pages.nikoninst.com bid.g.doubleclick.net; 1
frame-ancestors 'self' folhetos.aldi.pt experience.adobe.com aldinord.experiencecloud.adobe.com http://soualdi.pt https://soualdi.pt http://www.soualdi.pt https://www.soualdi.pt http://staffbase.com localhost:* capacitor://soualdi.pt; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
font-src 'self' data: http: https: fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com 1
frame-src 'self' youtube.com www.youtube.com ; 1
default-src 'self'; img-src * data: 'unsafe-inline'; media-src *; script-src 'self' munchkin.marketo.net secure.adnxs.com *.affec.tv *.tiktok.com *.appsflyer.com *.bing.com *.marketo.com *.smadex.com s3.amazonaws.com apis.google.com *.list-manage.com www.instagram.com *.hotjar.com *.adroll.com *.adroll.mgr.consensu.org *.analytics.yahoo.com s.yimg.com static.zdassets.com www.recaptcha.net *.poems.com.sg *.facebook.net tagmanager.google.com *.twitter.com *.twimg.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.zopim.com *.googletagmanager.com *.cloudflare.com www.google.com googleads.g.doubleclick.net *.gstatic.com maps.google.com *.zumata.com snap.licdn.com cdn.polyfill.io *.linkedin.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src 'self' *.mktoresp.com *.tiktok.com *.appsflyer.com *.bing.com *.marketo.com *.smadex.com *.list-manage.com vc.hotjar.io *.hotjar.com *.adroll.com s.yimg.com chatbot.poems.com.sg:1234 chatbot.poems.com.sg:1235 *.poems.com.sg www.facebook.com yoast.com *.g.doubleclick.net *.google-analytics.com *.zumata.com *.zopim.com *.zdassets.com phillipchatbot3.zendesk.com wss: ; frame-src 'self' vars.hotjar.com *.phillipmobile.com.sg *.phillip.com.sg *.poems.com.sg www.youtube.com www.google.com www.facebook.com connect.facebook.net *.cqtrader.com.sg www1.cqtraderonline.com *.cqtraderonline.com  *.doubleclick.net view.vzaar.com *.recaptcha.net open.spotify.com www.instagram.com docs.google.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com/ https://foryou.redbeemedia.com/ https://pi.pardot.com/ https://www.google.com/ https://www.google-analytics.com/ https://unpkg.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ https://www.redbeemedia.com/ https://redbeemedia.com/ https://consentcdn.cookiebot.com 1
default-src https: wss: data: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 1
frame-ancestors 'self' https://www.otto.de https://develop.otto.de; 1
default-src 'self' *.damanhealth.ae; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.damanhealth.ae secure.gravatar.com www.google.ae www.google-analytics.com www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.damanhealth.ae cdn.rawgit.com cdn.jsdelivr.net www.googletagmanager.com cdn-prod.eu.securiti.ai www.google.ae www.google-analytics.com cdn-app5.securiti.ai app5.securiti.ai maps.googleapis.com;  style-src 'self' 'unsafe-inline' *.damanhealth.ae fonts.googleapis.com cdn.jsdelivr.net unpkg.com cdn-prod.eu.securiti.ai cdnjs.cloudflare.com use.fontawesome.com cdn-app5.securiti.ai;  font-src 'self' data: *.damanhealth.ae fonts.gstatic.com cdnjs.cloudflare.com use.fontawesome.com;  frame-src 'self' *.damanhealth.ae www.damanhealth.ae www.damanhealth.ae outlook.office365.com www.youtube.com app.smartsheet.com;  object-src 'self' *.damanhealth.ae;  connect-src 'self' *.damanhealth.ae cdn-prod.eu.securiti.ai analytics.google.com stats.g.doubleclick.net app.eu.securiti.ai www.google-analytics.com pdx-col.eum-appdynamics.com api.iconify.design api.simplesvg.com api.unisvg.com cdn-app5.securiti.ai app5.securiti.ai;  worker-src 'self' blob:;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  tpc.googlesyndication.com cdn.mailshake.com mat.shuftiapps.com matomo.js storage.googleapis.com *.clarity.ms *.cloudflare.com *.gartner.com static.addtoany.com admin-sp.shuftipro.com ipinfo.io *.shuftipro.com *.google.com www.googletagmanager.com bat.bing.com a.quora.com www.google-analytics.com js.hsadspixel.net static.hsappstatic.net assets.calendly.com beacon-v2.helpscout.net https://js.hsadspixel.net/fb.js https://js.hsforms.net/forms/embed/v2.js b8g2m5x9.rocketcdn.me cdn.dashjs.org googleads.g.doubleclick.net widget.intercom.io js.intercomcdn.com *.gstatic.com cdn.mouseflow.com js.hs-scripts.com www.googleadservices.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net cdn.jsdelivr.net snap.licdn.com static.cloudflareinsights.com ajax.googleapis.com fast.wistia.com platform.twitter.com unpkg.com connect.facebook.net cdn.ampproject.org code.jquery.com maxcdn.bootstrapcdn.com sc.lfeeder.com mat.shuftiapps.com uxz.shuftiapps.com prismjs.com blob:; frame-ancestors * ionic://*; report-to endpoint;  report-uri https://api.shuftipro.com/log/errors/report 1
child-src 'self' blob: https://connect.facebook.net https://www.youtube.com sumo.com load.sumo.com fancy.com slashdot.org; connect-src 'self' https://rs.fullstory.com https://sentry.io https://api.mixpanel.com https://www.facebook.com sumome.com sumo.com load.sumo.com *.google.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.google.com ws: wss: a.mstrlytcs.com *.visualwebsiteoptimizer.com app.vwo.com *.mixpanel.com *.ingest.sentry.io https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com; default-src 'none'; font-src 'self' fonts.gstatic.com *.vwo.com; frame-src 'self' *.youtube.com *.vwo.com *.visualwebsiteoptimizer.com player.vimeo.com www.google.com; img-src 'self' data: https://p.praymorenovenas.com sumo.b-cdn.net sumo.com load.sumo.com load.sumome.com www.google-analytics.com www.facebook.com www.diigo.com www.houzz.com praymoreretreat.org slashdot.org *.visualwebsiteoptimizer.com *.vwo.com https://rs.fullstory.com; script-src blob: data: 'self' 'unsafe-inline' https://edge.fullstory.com https://ajax.cloudflare.com load.sumome.com load.sumo.com sumo.b-cdn.net https://api.bufferapp.com *.facebook.com https://www.linkedin.com widgets.pinterest.com buttons.reddit.com www.reddit.com https://reddit.com www.yummly.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.soup.io images.slashdot.org www.houzz.com www.diigo.com ajax.googleapis.com *.mxpnl.com *.visualwebsiteoptimizer.com 'unsafe-eval' app.vwo.com d5phz18u4wuww.cloudfront.netdev.visualwebsiteoptimizer.com player.vimeo.com www.google.com www.gstatic.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com; style-src 'self' 'unsafe-inline' cdn.quilljs.com sumo.b-cdn.net load.sumo.com fonts.googleapis.com www.houzz.com *.vwo.com; worker-src 'self' blob: 1
default-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com; script-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.bing.com *.virtualearth.net *.kampyle.com 'unsafe-inline' 'unsafe-eval'; frame-src cdn.360-value.com/ *.melissadata.net *.360-value.com *.kampyle.com; style-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.bing.com 'unsafe-inline'; img-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.gstatic.com *.ggpht.com *.propmix.io *.bing.com *.virtualearth.net *.iso.com http://www.airmapserver.com:8080 https://www.airmapserver.com:8080 *.kampyle.com data:; font-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.google.com *.googleapis.com *.gstatic.com data:; connect-src 'self' cdn.360-value.com/ *.melissadata.net *.360-value.com *.googleapis.com *.gstatic.com *.bing.com *.virtualearth.net *.kampyle.com *.cybersource.com; report-uri https://360-value.com/apps/iv/rest/cspReport 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://platform.twitter.com https://www.googletagmanager.com connect.facebook.net; object-src 'none'; frame-ancestors https://youtube.com https://facebook.com https://api.mfa.go.th always; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' data: https:; img-src * data:; style-src 'unsafe-inline' *; media-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; font-src * data:; worker-src 'self' https: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com collect.tealiumiq.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com volantino.aldi.it; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at localhost:* 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-k9EiQN4Xcp9D8+FAWby4Brid8sEYsn25ayqECib5Usy0rwZq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; img-src * data:; script-src 'nonce-searchG2NEI638415765841297130' 'nonce-datadogNEIScript_70001638415765841297139' 'nonce-gtmNEIScript_70001638415765841297142' 'nonce-LoadScriptJS_STATIC_NONCE_KEY638415765841297143' 'nonce-LoadScript_STATIC_NONCE_KEY638415765841297144' 'self' 'unsafe-eval' 'nonce-gtmNEIScript_70001638332442437105913'  https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.web-2-tel.com https://*.mrelectric.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.ybn.io 'sha256-RLy6t8Uzo7yhtP2BlXRwJviNDmwjt47Njo54HHuR8PE=' https://mrelectric.com https://*.mrelectric.com https://*.servicetitan.com https://*.natpal.com https://www.clarity.ms; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.mrelectric.com https://mrelectric.com; object-src 'none'; connect-src auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.mrelectric.com https://mrelectric.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.linkedin.com https://*.cloudflare.com https://*.natpal.com https://*.servicetitan.com https://*.natpal.com https://www.clarity.ms; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://*.mrelectric.com https://mrelectric.com; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.broadly.com https://*.cloudfront.net blob: https://*.mrelectric.com https://*.nblyprod.com https://mrelectric.com; manifest-src https://*.nblydev.com https://*.nblytest.com https://*.nblyprod.com https://mrelectric.com/ 1
frame-ancestors 'self' payment.hepiyi.com.tr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nexx.cloud https://unpkg.com/ https://cdn.jsdelivr.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google-analytics.com/ https://consent.trustarc.com/ https://www.googletagmanager.com/ https://tags.tiqcdn.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://googleads.g.doubleclick.net/ https://analytics.twitter.com/ https://100011006.collect.igodigital.com/ https://www.google.com/ https://www.gstatic.com/ https://www.linkedin.com/ https://maps.googleapis.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://app.gehaltsreporter.de/js/embed-library-app/app.js https://platform.twitter.com/ https://www.slideshare.net/ https://www.google.com/recaptcha/api.js https://cdn.syndication.twimg.com/ https://www.youtube.com/ https://cdncss.cloudflare.com/ https://widget.moin.ai https://cdn.optimizely.com/ https://cdnjs.cloudflare.com/ http://www.google.com/jsapi https://www.google.com/jsapi https://www.gstatic.com/charts/loader.js https://app.23degrees.io/ https://www.eye-able-cdn.com/ https://eye-able.b-cdn.net/public/lang/eyeAble_lang_en.js code.etracker.com/code/e.js https://*.trustarc.com/ code.etracker.com/code/e.js https://*.linkedin.com/ 1
default-src 'self' 'report-sample' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://nijmegen.easycruit.com; script-src 'self' 'unsafe-eval' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://www.formdesk.com/nijmegen/ https://fd7.formdesk.com/ https://siteimproveanalytics.com https://6006118.global.siteimproveanalytics.io 'sha256-KzV5k+DqfDXOmepWaDHX0SVHSupg+Bn8djac9YQG844=' 'sha256-YCS5yq7tC+E4vm0z6AnILeI50c3nfbpFgBo8uM0o8vQ='; style-src 'self' 'unsafe-inline' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://www.formdesk.com/nijmegen/ https://fd7.formdesk.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.opwegnaarzes.nl; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://siteimproveanalytics.com https://6006118.global.siteimproveanalytics.io https://nijmegen.easycruit.com; font-src 'self' https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.opwegnaarzes.nl https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/; form-action 'self' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/; object-src 'none'; media-src 'self' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/; frame-ancestors 'self' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://www.formdesk.com/nijmegen/ https://fd7.formdesk.com/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com; frame-src 'self' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://www.formdesk.com/nijmegen/ https://fd7.formdesk.com/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com; base-uri 'self' https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/; connect-src 'self' https://www.nijmegen.nl https://nijmegen.proudreports.nl https://*.irma-bellen.nl https://*.nijmegen.nl https://*.kaartviewer.nl https://*.openbasiskaart.nl https://*.pdok.nl https://*.w3.org https://*.reactjs.org https://*.wa.me https://kentekencheck.opwegnaarzes.nl https://www.toegankelijkheidsverklaring.nl/ https://code.jquery.com/ https://componenten.nijmegen.nl https://public.pandosearch.com/ https://nijmegen.easycruit.com; report-uri https://nijmegen.proudreports.nl/report.php; 1
frame-ancestors 'self'; default-src 'self' https://*.tagvenue.com https://*.wp.com; connect-src * data: blob: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://*.tagvenue.com https://connect.facebook.net https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://cdnjs.cloudflare.com https://*.hotjar.com https://ssl.gstatic.com https://*.wp.com https://*.twitter.com https://tagmanager.google.com https://assets.calendly.com https://sibautomation.com blob: https://*.jivosite.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://snap.licdn.com data: https://*.olark.com https://js.stripe.com https://cdn.popt.in https://googleads.g.doubleclick.net https://www.gstatic.com https://cdn.rollbar.com https://www.instagram.com https://cdn.mxpnl.com https://cdn.jsdelivr.net https://cdn.amplitude.com; img-src data: blob: https:; frame-src 'self' https://accounts.google.com https://staticxx.facebook.com https://*.hotjar.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://*.wp.com https://*.twitter.com https://maps.google.com https://calendly.com https://sibautomation.com https://www.google.com https://bid.g.doubleclick.net https://www.facebook.com https://*.olark.com https://player.vimeo.com https://js.stripe.com https://googleads.g.doubleclick.net data: https://mozbar.moz.com https://td.doubleclick.net https://www.instagram.com; style-src 'unsafe-inline' https://*.tagvenue.com https://ssl.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://assets.calendly.com https://*.wp.com https://*.olark.com https://cdn.popt.in https://cdnjs.cloudflare.com https://use.fontawesome.com https://accounts.google.com https://www.gstatic.com https://www.googletagmanager.com; font-src * data: blob: 'unsafe-inline' moz-extension; media-src 'self' https://static.olark.com https://*.jivosite.com; report-uri /logging/csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:     https://advertiserpro.flexoffers.com/     https://api.joinnow.live/     https://bat.bing.com/     https://cdn.foxycart.com/     https://cdn.jsdelivr.net/     https://cdn.jwplayer.com/     https://cdn.knightlab.com/     https://cdn.pdst.fm/     https://cdnjs.cloudflare.com/     https://code.jquery.com/     https://connect.facebook.net/     https://connect.facebook.net/     https://diffuser-cdn.app-us1.com/     https://ef.richdadworld.com/     https://experts.richdadworld.com/     https://google.com/     https://googleads.g.doubleclick.net/     https://intljs.rmtag.com/     https://joinnow.live/     https://ka-f.fontawesome.com/     https://kit.fontawesome.com/     https://o228308.ingest.sentry.io/     https://pei.activehosted.com/     https://prism.app-us1.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://script.hotjar.com/     https://sealserver.trustwave.com/     https://ssl.p.jwpcdn.com/     https://static.hotjar.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://trackcmp.net/     https://tracker.marinsm.com/     https://unpkg.com/     https://use.fontawesome.com/     https://ut.rd.linksynergy.com/     https://vjs.zencdn.net/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gstatic.com/     https://www.richdadworld.com/     https://www.upsellit.com/; style-src 'self' 'unsafe-inline'     https://cdn.joinnow.live/     https://cdn.jsdelivr.net/     https://cdn.knightlab.com/     https://cdnjs.cloudflare.com/     https://experts.richdadworld.com/     https://fonts.googleapis.com/     https://netdna.bootstrapcdn.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.richdadworld.com/; img-src 'self' data: blob:     https://api.joinnow.live/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://dev.richdadworld.com/     https://experts.richdadworld.com/     https://googleads.g.doubleclick.net/     https://idsync.rlcdn.com/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://richdad.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://sealserver.trustwave.com/     https://stats.g.doubleclick.net/     https://trackcmp.net/     https://use.fontawesome.com/     https://www.facebook.com/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gravatar.com/     https://www.richdadworld.com/; font-src 'self' data:     https://cdn.knightlab.com/     https://fonts.gstatic.com/     https://ka-f.fontawesome.com/     https://netdna.bootstrapcdn.com/     https://recaptchaenterprise.googleapis.com/     https://ssl.p.jwpcdn.com/     https://use.fontawesome.com/; media-src 'self' blob:     https://experts.richdadworld.com/     https://joinnow.live/     https://profedu.hs.llnwd.net/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.richdadworld.com/     https://videos-cloudfront-usp.jwpsrv.com/     https://cdn.jwplayer.com/; connect-src 'self'     https://analytics.google.com/     https://api.joinnow.live/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://content.hotjar.io/     https://experts.richdadworld.com/     https://google.com/     https://joinnow.live/     https://richdadworld.com/     https://ka-f.fontawesome.com/     https://metrics.hotjar.io/     https://o228308.ingest.sentry.io/     https://pagead2.googlesyndication.com/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://profedu.hs.llnwd.net/     https://pxy.thepei.com/     https://recaptchaenterprise.googleapis.com/     https://sheets-proxy.knightlab.com/     https://stats.g.doubleclick.net/     https://td.doubleclick.net/     https://td.doubleclick.net/     https://thepei.com/     https://track.flexlinkspro.com/     https://us-central1-adaptive-growth.cloudfunctions.net/     https://videos-cloudfront-usp.jwpsrv.com/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googleadservices.com/     wss://ws.hotjar.com/; frame-src 'self'     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://google.com/     https://joinnow.live/     https://pei.activehosted.com/     https://richdad.foxycart.com/     https://richdadworld.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://www.facebook.com/     https://www.google.com/     https://www.monthlyshoppingdollars.com/     https://www.richdadworld.com/     https://www.richdadespanol.com/     https://www.peicoachnetwork.com/; frame-ancestors 'self'     https://api.joinnow.live/     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://joinnow.live/     https://richdad.foxycart.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://www.carletonsheets.com/     https://www.peicoachnetwork.com/; worker-src 'self' blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com http://i.ytimg.com https://i.ytimg.com https://cookie-cdn.cookiepro.com https://ad.doubleclick.net https://px.ads.linkedin.com https://www.linkedin.com https://tr.snapchat.com https://www.facebook.com https://t.co https://analytics.twitter.com https://qiddiya.com https://www.qiddiya.com; media-src 'self' https://qiddiya.com https://www.qiddiya.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com http://www.youtube.com https://www.youtube.com https://cookie-cdn.cookiepro.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://snap.licdn.com https://sc-static.net https://tr.snapchat.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com; frame-src 'self' http://www.google.com.com https://www.google.com http://www.youtube.com https://www.youtube.com https://13947756.fls.doubleclick.net https://td.doubleclick.net https://tr.snapchat.com https://www.facebook.com; connect-src 'self' *.google-analytics.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://px.ads.linkedin.com https://tr.snapchat.com https://tr6.snapchat.com https://analytics.tiktok.com; manifest-src 'self'; object-src 'none'; 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
frame-ancestors 'self' mendfamily.com *.mendfamily.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: jquery.com *.jquery.com *.cloudflare.com mobiliar.rokka.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.jquery.com cdn.jsdelivr.net www.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com www.gstatic.com ajax.aspnetcdn.com *.google.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net *.cloudflare.com cdn.rawgit.com *.youtube.com *.tiqcdn.com *.tealiumiq.com visitor-service-eu-central-1.tealiumiq.com *.jacando.jobs *.evenito.com evenito.com *.ytimg.com rtclauncher.luware.com *.googleoptimize.com *.hotjar.com *.newrelic.com bam.eu01.nr-data.net https://googleads.g.doubleclick.net *.google.ch unpkg.com jquery.com code.jquery.com *.googleadservices.com mobiliar.ch mobiliere.ch mobiliare.ch protekta.ch mobi24.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.protekta.ch *.mobi24.ch *.facebook.com *.facebook.net *.googleanalytics.com www.googleanalytics.com js-cdn.dynatrace.com *.bf.dynatrace.com die-mobiliar.stg.tools.factsheetslive.com die-mobiliar.tools.factsheetslive.com *.linkedin.com *.licdn.com *.anchor.fm https://podcasters.spotify.com *.evenito.site *.event-anmeldung.com *.fraud0.com *.onetrust.com *.cookielaw.org ; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cloudflare.com *.googleapis.com *.jsdelivr.net *.evenito.com fonts.googleapis.com *.google.com *.event-anmeldung.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com *.google-analytics.com *.linkedin.com *.gstatic.com *.googleusercontent.com *.facebook.com *.googleapis.com www.google.com *.google.com www.google.ch *.google.ch *.googletagmanager.com *.doubleclick.net cdn.rawgit.com raw.githubusercontent.com *.rokka.io *.jsdelivr.net *.doubleclick.net *.tdbtrk.com *.tiqcdn.com *.tealiumiq.com mobiliar-pub.ch *.googleapis.com *.google.de *.google.mk *.google.ml i.ytimg.com cm.g.doubleclick.net translate.google.com mobiliar.ch mobiliare.ch mobiliere.ch google.gr *.google.it *.google.com.mx *.google.com.pk *.google.co.kr *.google.ae *.facebook.com *.facebook.net *.linkedin.com *.licdn.com *.fraud0.com *.onetrust.com *.cookielaw.org; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.doubleclick.net *.youtube.com *.jacando.jobs *.helloeko.com *.eko.com anchor.fm *.hotjar.com zswpmanager.wip.mmc.com *.essd.ch *.3w-group.ch *.simplex.tv *.fls.doubleclick.net gateway.zscloud.net mobiliar.ch mobiliere.ch mobiliare.ch protekta.ch mobi24.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.protekta.ch *.mobi24.ch *.facebook.com *.google.com die-mobiliar.stg.tools.factsheetslive.com die-mobiliar.tools.factsheetslive.com mobi-check-hochwasserschutz.whatwedo.io giphy.com *.vimeo.com *.linkedin.com *.licdn.com *.anchor.fm *.spotify.com podcasters.spotify.com *.evenito.site *.event-anmeldung.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleusercontent.com fonts.gstatic.com github.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com *.google.com *.google.ch analytics.google.com *.doubleclick.net *.tealiumiq.com *.tiqcdn.com *.tdbtrk.com rtclauncherapi.luware.com wss://rtclauncherapi.luware.com *.googleapis.com *.databridge.tdbtrk.com *.akamai.tiqcdn.com wss://*.hotjar.com *.hotjar.com *.hotjar.io bam.eu01.nr-data.net jquery.com code.jquery.com rdtds.net js-cdn.dynatrace.com *.bf.dynatrace.com cdn.linkedin.oribi.io *.fraud0.com *.onetrust.com *.cookielaw.org *.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors self publishers.monetag.com 1
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cookielaw.org www.buzzsprout.com www.gstatic.com *.gstatic.com *.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com cc.cdn.civiccomputing.com maps.googleapis.com *.twimg.com connect.facebook.net *.googleapis.com siteimproveanalytics.com *.siteimproveanalytics.com admin.w.local w-cms-uat.hosted.positive.co.uk w-cms-uat2.hosted.positive.co.uk uat-cms.withersworldwide.com cms.withersworldwide.com;manifest-src 'self';style-src 'self' 'unsafe-inline' www.googletagmanager.com  fonts.googleapis.com *.linkedin.com *.licdn.com *.twitter.com *.twimg.com;connect-src 'self' *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.analytics.google.com analytics.google.com geolocation.onetrust.com cdn.cookielaw.org maps.googleapis.com apikeys.civiccomputing.com *.google-analytics.com *.doubleclick.net withersworldwide.com www.withersworldwide.com *.hosted.positive.co.uk www.facebook.com;font-src 'self' fonts.gstatic.com *.twimg.com;frame-ancestors 'self' within.withersworldwide.com admin.w.local w-cms-uat.hosted.positive.co.uk w-cms-uat2.hosted.positive.co.uk uat-cms.withersworldwide.com cms.withersworldwide.com;frame-src 'self' within.withersworldwide.com player.vimeo.com cdn.yoshki.com www.buzzsprout.com www.google.com www.facebook.com cms.withersworldwide.com w.local w-uat.hosted.positive.co.uk w-uat2.hosted.positive.co.uk uat.withersworldwide.com www.withersworldwide.com;img-src 'self' *.withersworldwide.com cdn.cookielaw.org *.google.ch *.googletagmanager.com api.mapbox.com maps.gstatic.com maps.googleapis.com *.twimg.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.co.uk i.vimeocdn.com *.siteimproveanalytics.io cms.withersworldwide.com w-cms-uat.hosted.positive.co.uk w-cms-uat2.hosted.positive.co.uk uat-cms.withersworldwide.com admin.w.local data:;worker-src 'self' blob: *.hosted.positive.co.uk *.withersworldwide.com;media-src 'self' cms.withersworldwide.com w-cms-uat.hosted.positive.co.uk w-cms-uat2.hosted.positive.co.uk uat-cms.withersworldwide.com admin.w.local;form-action 'self' www.facebook.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amplitude.com https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.hubapi.com https://stats.g.doubleclick.net wss://*.hotjar.com; font-src 'self' https://*.hotjar.com; frame-src https://*.hotjar.com https://*.hubspot.com; img-src 'self' data: https://*.clarity.ms https://*.google.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hsforms.com https://*.hubspot.com https://stats.g.doubleclick.net; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amplitude.com https://*.bing.com https://*.clarity.ms https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.hs-scripts.com https://*.hubspot.com https://*.usemessages.com https://forms.hsforms.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.pingdom.net https://js.usemessages.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com; worker-src 'self'; frame-ancestors 'none' 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://api.github.com https://*.amplitude.com https://*.api.sanity.io https://getform.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://vimeo.com https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.sanity.io/files/3ugk85nk/; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com https://calendly.com; img-src 'self' data: https://cdn.sanity.io/images/3ugk85nk/ https://cdn.sanity.io/files/3ugk85nk/ https://*.google-analytics.com https://*.googletagmanager.com https://assets.calendly.com; manifest-src 'self'; media-src 'self' https://cdn.sanity.io/images/3ugk85nk/ https://cdn.sanity.io/files/3ugk85nk/; object-src 'none'; script-src 'none'; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.addevent.com https://js.zi-scripts.com https://ws-assets.zoominfo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'none'; worker-src 'none' 1
frame-ancestors 'self' https://clientuat.zinghr.com/ *.clarity.ms https://zingnext.zinghr.com/ https://portal.zinghr.com/ https://www.youtube.com/ https://www.google.com/ https://freegeoip.app/ *.zoom.us wss://*.zoom.us;     script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.jsdelivr.net *.googlesyndication.com *.clarity.ms *.fontawesome.com *.allincall.in *.datatables.net *.bootstrapcdn.com *.mxradon.com *.quora.com *.googleadservices.com *.yellowmessenger.com *.cloudflare.com https://www.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://web-in21.mxradon.com *.outbrain.com https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js *.taboola.com *.bing.com https://amplify.outbrain.com/cp/obtp.js https://web-in21.mxradon.com/t/Tracker.js *.facebook.net https://googleads.g.doubleclick.net http://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/js/bootstrap.min.js https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/js/easychat-crypto.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.0/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://poonawalla-fincorp-uat.allincall.in/files/deploy/embed_chatbot_1.js https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.jquery.com *.googleapis.com;     style-src 'self' 'unsafe-inline' *.fontawesome.com *.allincall.in *.datatables.net *.bootstrapcdn.com *.cloudflare.com *.jquery.com https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/embed.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/animate.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/theme4_embed.css https://poonawalla-fincorp-uat.allincall.in/static/EasyChatApp/css/themes_popup.css https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css *.jsdelivr.net *.googleapis.com;     font-src 'self' *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com https://fonts.gstatic.com/ *.yellowmessenger.com *.cloudflare.com *.googleapis.com;     frame-src 'self' *.google.com https://inzzc2ab3671.in.webengage.co https://td.doubleclick.net *.googlesyndication.com *.allincall.in *.facebook.com https://zingnext.zinghr.com;     connect-src 'self' *.google-analytics.com *.google.com *.yellowmessenger.com *.taboola.com *.clarity.ms *.allincall.in *.outbrain.com https://px.ads.linkedin.com/wa/ https://bat.bing.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://analytics.google.com https://q.quora.com/ https://www.google.co.in *.googlesyndication.com wss://app.yellowmessenger.com https://poonawalla-fincorp-uat.allincall.in/chat/get-bot-image/ *.facebook.com;     object-src 'none';     media-src 'self' *.yellowmessenger.com https://q.quora.com;     img-src 'self' data: *.facebook.com *.datatables.net *.jquery.com *.clarity.ms *.bing.com *.googlesyndication.com *.page-source.com *.google-analytics.com https://googleads.g.doubleclick.net *.payu.in *.allincall.in *.ads.linkedin.com *.googletagmanager.com *.yellowmessenger.com *.google.com https://px.ads.linkedin.com https://bat.bing.com https://q.quora.com/ https://www.google.co.in;     base-uri 'self';     default-src 'self'; 1
default-src 'self'; connect-src 'self' res.cloudinary.com assets.lh.co.th fb-apigw.lh.co.th graphql.lh.co.th www.lh.co.th api.lh.co.th wss://fb-apigw.lh.co.th www.googletagmanager.com www.google.com www.google-analytics.com o401495.ingest.sentry.io o2.mouseflow.com www.gstatic.com 360.lh.co.th *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com/s/W/ws/slZMUmy81eFr7242/c/1597592717787 ws://widget-mediator.zopim.com/s/W/ws/slZMUmy81eFr7242/c/1597592717787 wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com ws://zopim.com wss://zopim.com in.hotjar.com *.hotjar.com vc.hotjar.io *.hotjar.io trc-events.taboola.com *.taboola.com www.facebook.com *.facebook.com *.ingest.sentry.io stats.g.doubleclick.net googleads.g.doubleclick.net my.matterport.com *.matterport.com; img-src * data: my.matterport.com *.matterport.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com www.googleadservices.com www.googletagmanager.com www.google.com o401495.ingest.sentry.io www.gstatic.com ajax.cloudflare.com cdnjs.cloudflare.com 360.lh.co.th *.zdassets.com *.zendesk.com *.zopim.com *.chromestatus.com google-analytics.com www.google-analytics.com *.google-analytics.com cdn.mouseflow.com *.mouseflow.com cdn.taboola.com *.taboola.com apiv2.popupsmart.com *.popupsmart.com static.ads-twitter.com *.ads-twitter.com www.clickcease.com *.clickcease.com static.hotjar.com *.hotjar.com connect.facebook.net *.facebook.net d.line-scdn.net *.line-scdn.net analytics.twitter.com *.twitter.com www.hotjar.com *.hotjar.com d.line-cdn.net *.line-cdn.net stats.g.doubleclick.net googleads.g.doubleclick.net my.matterport.com *.matterport.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' res.cloudinary.com youtu.be assets.lh.co.th lh-dev-res.cloudinary.com www.youtube.com www.youtu.be 360.lh.co.th www.google.co.th www.google.com www.hotjar.com *.hotjar.com www.facebook.com *.facebook.com my.matterport.com *.matterport.com; media-src 'self' res.cloudinary.com assets.lh.co.th *.lh.co.th 360.lh.co.th lh-dev-res.cloudinary.com *.cloudinary.com *.zdassets.com static.zdassets.com *.cloudfront.net my.matterport.com *.matterport.com; font-src 'self' data: res.cloudinary.com assets.lh.co.th fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.skatewarehouse.com http://*.skatewarehouse.com; 1
default-src 'self' data: https: ; img-src 'self' data: https: *.gravatar.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.pardot.com go.ascenderhcm.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.net snap.licdn.com *.hotjar.com *.crazyegg.com *.fontawesome.com *.addthis.com ct.capterra.com *.cookielaw.org bat.bing.com *.clarity.ms ajax.aspnetcdn.com *.jquery.com cdnjs.cloudflare.com marketingops.ceridian.ca 818-kgd-727.mktoweb.com   *.addthisedge.com  *.moatads.com go.ceridian.com;style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' data: https: go.ascenderhcm.com *.pardot.com 818-kgd-727.mktoweb.com go.ceridian.com marketingops.ceridian.ca https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; frame-src 'self' *.ascenderhcm.com *.pardot.com 818-kgd-727.mktoweb.com go.ceridian.com *.facebook.com *.facebook.net marketingops.ceridian.ca *.youtube.com *.hotjar.com *.doubleclick.net *.addthis.com *.zscalertwo.net *.addthisedge.com  *.moatads.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.evgnet.com *.zoominfo.com *.eum-appdynamics.com polyfill.io *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.marketo.com cdn.appdynamics.com www.googletagmanager.com code.jquery.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.crazyegg.com *.adsymptotic.com www.youtube.com *.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com tools.cdc.gov/TemplatePackage/contrib/libs/jquery/1.12.4/jquery.js tools.cdc.gov/TemplatePackage/contrib/widgets/tp-widget-external-loader.js https://data.processwebsitedata.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com app-sjo.marketo.com code.jquery.com *.marketo.com https://tagmanager.google.com *.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.googleapis.com data:; img-src 'self' forms.hsforms.com *.google.com *.linkedin.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://aedevstoragecdn.azureedge.net https://aeprdcmsstoragecdn.azureedge.net https://aeprdusstoragecdn.azureedge.net code.jquery.com *.googletagmanager.com *.adsymptotic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://cdn.cookielaw.org/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com app-sjo.marketo.com *.sirva.com.au www.cdc.gov/ https://player.youku.com https://valc.atm.youku.com; connect-src 'self' api.hubapi.com forms.hubspot.com *.doubleclick.net *.evergage.com *.google-analytics.com *.crazyegg.com *.marketo.com *.eum-appdynamics.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.zoominfo.com https://js.hs-banner.com https://cdn.cookielaw.org https://*.onetrust.com; 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net *.criteo.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com amc.demdex.net js.playground.klarna.com js.klarna.com *.google.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com plugins.flockler.com checkoutapistage.svea.com/ batterylookupfi.yuasa.co.uk apps.ikh.fi *.giosg.com *.giosgusercontent.com map.karttapalvelut.fi *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ * *.giosg.com *.giosgusercontent.com https://www.maksuturva.fi/ https://test1.maksuturva.fi/ https://payments.maksuturva.fi/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ajax.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.avada.io https://api.unifaun.com data: www.google.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com js.klarna.com api.custobar.com connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.confirmit.com *.doubleclick.net plugins.flockler.com *.cdn.flockler.com checkoutapistage.svea.com/ cdn.cookielaw.org *.giosg.com *.giosgusercontent.com magento-recs-sdk.adobe.net *.clarity.ms https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com *.cdn.flockler.com/ *.giosg.com *.giosgusercontent.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io env-6410208.paas.datacenter.fi bam.nr-data.net eu.klarnaevt.com eu.playground.klarnaevt.com stats.g.doubleclick.net googleads.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.google.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com plugins.flockler.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com/ *.giosg.com *.giosgusercontent.com *.clarity.ms www.maksuturva.fi//GetPaymentMethods.pmt https://test1.maksuturva.fi/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.giosg.com *.giosgusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.redditstatic.com www.googleadservices.com fhb-engineering.atlassian.net www.youtube.com cdn.jsdelivr.net builder.lift.acquia.com cdn.lift.acquia.com www.googletagmanager.com www.google-analytics.com production-cdn.lift.acquia.com siteimproveanalytics.com js-agent.newrelic.com bam.nr-data.net www.onlinebanktours.com *.vimeo.com ajax.googleapis.com unpkg.com connect.facebook.net connect.facebook.net/en_US/fbevents.js cdn.segment.com cdn.amplitude.com *.resonate.com *.google-analytics.com *.analytics.google.com www.facebook.com/* bat.bing.com sc-static.net snap.licdn.com *.tpc.googlesyndication.com s.pinimg.com tr.snapchat.com cds-sdkcfg.onlineaccess1.com cdn.timetrade.com api.glia.com *.salemove.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.onlinebanktours.com cdnjs.cloudflare.com builder.lift.acquia.com *.salemove.com; img-src 'self' 'unsafe-inline' d.turn.com 10563763.fls.doubleclick.net fonts.gstatic.com r.turn.com data.adxcel-ec2.com www.googleadservices.com alb.reddit.com googleads.g.doubleclick.net www.googletagmanager.com www.facebook.com www.google.com www.google-analytics.com alpixtrack.com *.global.siteimproveanalytics.io cdn.oectours.com *.calcxml.com i.ytimg.com *.onlinebanktours.com bat.bing.com px.ads.linkedin.com *.insight-event.brandcdn.com tr.snapchat.com px.ads.linkedin.com *.adsymptotic.com ct.pinterest.com ad.doubleclick.net fhb.prod.acquia-sites.com data:; media-src 'self' 'unsafe-inline' www.youtube.com youtube.com *.youtu.be youtu.be vimeo.com *.vimeo.com cdn.oectours.com www.learnaboutmoneymovement.com fhb.com; frame-src 'self' 10563763.fls.doubleclick.net www.onlinebanktours.com onlinebanktours.com www.youtube.com *.vimeo.com www.figma.com *.doubleclick.net www.facebook.com/* bat.bing.com tr.snapchat.com ct.pinterest.com *.timetradesystems.com www04.timetrade.com; frame-ancestors 'self'; child-src 'self' 10563763.fls.doubleclick.net www.onlinebanktours.com www.youtube.com *.vimeo.com www.figma.com *.doubleclick.net www.facebook.com/* bat.bing.com tr.snapchat.com blob:; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' sessions.bugsnag.com us-east-1-decisionapi.lift.acquia.com www.google.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net alpixtrack.com www.onlinebanktours.com cdn.oectours.com api.segment.io api.amplitude.com d.turn.com ds.reson8.com connect.facebook.net/* www.facebook.com/* bat.bing.com tr.snapchat.com cdn.linkedin.oribi.io ct.pinterest.com  api.glia.com *.salemove.com wss://pubsub.salemove.com analytics.google.com *.linkedin.com *.snapchat.com 1
default-src 'none'; form-action 'self' 3dsecure.gpwebpay.com test.3dsecure.gpwebpay.com www.facebook.com; font-src 'self' data: fonts.gstatic.com script.hotjar.com *.optimonk.com; frame-ancestors 'self'; frame-src 'self' ehub.cz accounts.google.com *.doubleclick.net c.imedia.cz connect.facebook.net fbrpc://call staticxx.facebook.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.googletagmanager.com www.instagram.com www.youtube.com www.zbozi.cz www.paypal.com www.sandbox.paypal.com *.optimonk.com *.ceneo.pl studentenrabatt.com strava-embeds.com www.tiktok.com; manifest-src 'self'; img-src data: https: script.hotjar.com ssl.gstatic.com www.gstatic.com www.paypal.com www.sandbox.paypal.com *.google-analytics.com; media-src 'self' https:; script-src 'nonce-JCOND/+0jyqJK6MutJzbJw==' 'unsafe-inline' 'unsafe-eval' 'self' ehub.cz browser.sentry-cdn.com js.sentry-cdn.com connect.facebook.net d70shl7vidtft.cloudfront.net googleads.g.doubleclick.net im9.cz platform.instagram.com client.smartform.cz script.hotjar.com static.hotjar.com tpc.googlesyndication.com *.google-analytics.com *.analytics.google.com www.googleadservices.com www.googletagmanager.com www.instagram.com www.zbozi.cz tagmanager.google.com www.paypal.com www.sandbox.paypal.com *.smartlook.com *.smartlook.cloud *.optimonk.com *.bing.com https://accounts.google.com/gsi/client; script-src-attr 'unsafe-hashes'; style-src 'unsafe-inline' 'self' client.smartform.cz tagmanager.google.com fonts.googleapis.com www.paypal.com www.sandbox.paypal.com *.optimonk.com https://accounts.google.com/gsi/style; connect-src 'self' wss: ehub.cz *.hotjar.com:* *.hotjar.io:* api.instagram.com stats.g.doubleclick.net www.facebook.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com www.instagram.com *.sentry.io www.paypal.com www.sandbox.paypal.com analytics.tiktok.com *.smartlook.com *.smartlook.cloud *.optimonk.com *.clarity.ms *.bing.com *.luigisbox.com metrics.aktin.cz https://accounts.google.com/gsi/ api.mapy.cz; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; frame-ancestors https://www.babyboom.pl https://*.safeframe.googlesyndication.com ; font-src * data: blob: 'unsafe-inline' 1
default-src 'self';script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.getsitecontrol.com *.segment.io *.segment.com *.kissmetrics.com *.kissmetrics.io https://www.gstatic.com *.google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com *.intercom.io *.intercomcdn.com *.cloudflare.com *.logrocket.io https://*.lr-in-prod.com https://optimize.google.com https://apis.google.com *.googletagmanager.com *.googleapis.com *.lr-ingest.io https://app.resolvepay.com https://grow.clearbitjs.com https://snap.licdn.com/ js.braintreegateway.com assets.braintreegateway.com;img-src 'self' *.google-analytics.com https://optimize.google.com data: *.ponoko.com *.google-analytics.com *.doubleclick.net *.intercomcdn.com *.intercomassets.com *.kissmetrics.com *.kissmetrics.io *.googletagmanager.com *.googleapis.com  https://app.getsitecontrol.com https://grow.clearbitjs.com https://px.ads.linkedin.com https://secure.gravatar.com assets.braintreegateway.com; style-src 'self' https://www.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.jsdelivr.net/ assets.braintreegateway.com;font-src 'self' data: *.ponoko.com *.intercomcdn.com https://fonts.gstatic.com https://assets.braintreegateway.com; child-src 'self' blob:  https://optimize.google.com assets.braintreegateway.com;connect-src *.ponoko.com *.segment.io *.segment.com *.kissmetrics.com *.kissmetrics.io *.google-analytics.com *.intercom.io *.intercomcdn.com *.logrocket.io https://*.lr-in-prod.com wss://*.intercom.io https://us-central1-ponokocloud.cloudfunctions.net api.sandbox.braintreegateway.com *.braintree-api.com *.lr-ingest.io https://app.resolvepay.com https://app-sandbox.resolvepay.com https://storage.googleapis.com https://analytics.google.com https://stats.g.doubleclick.net/ api.braintreegateway.com;object-src 'none'; media-src 'self' *.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://www.youtube.com/  https://app.resolvepay.com/ https://app-sandbox.resolvepay.com/ https://us-central1-ponokocloud.cloudfunctions.net/ https://optimize.google.com/ https://intercom-sheets.com/ assets.braintreegateway.com; frame-ancestors 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://www.recaptcha.net https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.liveperson.net wss://*.liveperson.net  https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com wss://*.liveperson.net https://www.allsole.com/e2/ds/relay https://horizon-api.www.allsole.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.allsole.com https://checkout.allsole.com https://www.allsole.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://cdn.parcellab.com 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.parcellab.com https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://www.recaptcha.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://www.allsole.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
defalut-src &#8217;self&#8217; 1
frame-ancestors *.nicolas.com 1
frame-ancestors http://*.so-gov.cn http://www.quanzhou.gov.cn http://www.fjqz.gov.cn http://quanzhou.gov.cn http://fjqz.gov.cn http://aisp.quanzhou.gov.cn/ 1
default-src 'self'; media-src 'self' https:; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.cookielaw.org; connect-src 'self' https:; style-src 'self' 'unsafe-inline'; img-src * data:; font-src 'self' data:; frame-ancestors 'none'; frame-src https:; 1
frame-src 'self' *.adcell.com *.amazon.de *.cookiebot.com *.criteo.com *.doubleclick.net *.facebook.com *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de map.nrw *.google.com *.youtube.com oembed.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net *.tools.lehrer-werden.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com oembed.com *.youtu.be ytchannelembed.com *.tools.lehrer-werden.nrw;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.vimeo.com *.vimeocdn.com;    frame-src   'self' *.nrw.de map.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be oembed.com ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.tools.lehrer-werden.nrw *.vimeo.com *.vimeocdn.com;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
default-src 'self' ; connect-src 'self' https://*.liquidswap.com https://*.google-analytics.com https://api.etherscan.io https://aptos-mainnet.pontem.network https://aptos-testnet.pontem.network https://control.pontem.network https://fullnode.devnet.aptoslabs.com https://fullnode.testnet.aptoslabs.com https://raw.githubusercontent.com/pontem-network/coins-registry/ https://sentrio-api.devops.mom https://sentrio-api.pontem.network https://sentry.pontem.network https://testnet-node.devops.mom https://api.notifi.network https://dpapi.prd.notifi.network https://control.devops.mom https://wallet.blocto.app https://cloudflare-ipfs.com https://staking-testnet.pontem.network https://staking-testnet.devops.mom https://staking.pontem.network https://api-js.mixpanel.com https://indexer-testnet.staging.gcp.aptosdev.com https://indexer.mainnet.aptoslabs.com https://adapter.magic.devops.mom https://*.lumio.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://embed.typeform.com https://wallet-testnet.blocto.app https://wallet.blocto.app https://mc.yandex.ru https://mc.yandex.com; img-src 'self' data: https://mc.yandex.ru https://mc.yandex.com https://cloudflare-ipfs.com https://*.ipfs.w3s.link https://www.topaz.so ipfs://* https://raw.githubusercontent.com https://www.gitbook.com/ https://static.risewallet.io/ https://miro.medium.com/ https://tp-statics.tokenpocket.pro/ https://trustwallet.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.typeform.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https://form.typeform.com https://wallet-testnet.blocto.app https://wallet.blocto.app https://global-stg.transak.com/ https://global.transak.com/; object-src 'self' blob: ; frame-ancestors * 'self'; 1
frame-ancestors 'self' *.moneyfarm.com 1
default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.youtube.com *.ytimg.com *.cloudfront.net https://code.jquery.com https://snap.licdn.com https://www.bugherd.com https://sidebar.bugherd.com blob:; font-src 'self' https://fonts.gstatic.com *.bugherd.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.cloudfront.net https://fonts.googleapis.com https://www.bugherd.com; img-src 'self' https://brandzone.ngk.de https://app.usercentrics.eu https://www.google-analytics.com https://www.google.com *.ytimg.com *.cdninstagram.com *.fbcdn.net *.cloudfront.net https://*.linkedin.com https://privacy-proxy-server.usercentrics.eu data://* https://uct.service.usercentrics.eu https://*.amazonaws.com https://sidebar.bugherd.com https://www.googletagmanager.com https://img.youtube.com blob:; connect-src 'self' *.usercentrics.eu https://*.google-analytics.com *.doubleclick.net *.bugsnag.com wss://*.pusherapp.com wss://*.pusher.com *.pusher.com *.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://cdn.linkedin.oribi.io https://api.friendlycaptcha.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.google-analytics.com v.calameo.com https://sidebar.bugherd.com https://wpp.admiralcloud.com https://images.admiralcloud.com https://filehub.admiralcloud.com https://video.admiralcloud.com; 1
child-src http: https: blob:; default-src *.fridayparts.com a.klaviyo.com *.taboola.com *.googleapis.com *.gstatic.com blob: *.youtube.com s.ytimg.com *.bing.com *.facebook.com *.facebook.net *.zdassets.com *.zopim.com *.zopim.io *.sentry.io wss://widget-mediator.zopim.com/ fridayparts.zendesk.com *.pinterest.com s.pinimg.com js.braintreegateway.com *.paypal.com *.paypalobjects.com getfirebug.com *.newrelic.com *.nr-data.net https://google.com *.google.com *.google.com.au *.google.com.mx *.google.com.br *.google.com.ph *.google.co.uk *.google.co.jp *.google.co.id *.google.co.in *.google.fr *.google.de *.google.pt *.google.es *.google.ru *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com stripe.com www.sandbox.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com www.googleapis.com vimeo.com www.vimeo.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.clientgear.com *.bidswitch.net *.smaato.net *.seedtag.com *.openx.net *.loopme.me *.opera.com *.mdspinc.com *.spotxchange.com *.outbrain.com *.tumblr.com *.criteo.com *.adnxs.com *.mediawallahscript.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.socdm.com *.omnitagjs.com *.casalemedia.com *.360yield.com *.ivitrack.com *.liadm.com *.mediavine.com *.postrelease.com *.pubmatic.com *.revcontent.com *.tapad.com *.bluekai.com *.demdex.net *.agkn.com *.adsrvr.org *.tremorhub.com *.clmbtech.com https://ad.tpmn.co.kr *.yieldmo.com *.stickyadstv.com *.rqtrk.eu https://match.prod.bidr.io *.fwmrm.net *.adform.net *.optinadserving.com *.toast.com *.avada.io *.omnisnippet1.com omnisnippet1.com *.soundestlink.com openfpcdn.io *.twitter.com wss://api.smooch.io/ api.smooch.io *.emxdgt.com *.rezync.com *.amazon-adsystem.com *.tiktok.com *.klaviyo.com data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: 'unsafe-inline' 1
base-uri 'none'; object-src 'none';             style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.securiti.ai *.onetrust.com *.googleapis.com *.lightboxcdn.com *.google.com;             script-src 'nonce-IqpB9n2yShPiDW/bQWfB2A==' 'strict-dynamic' 'unsafe-eval'; frame-ancestors *.onetrust.com *.nonprod-asurion53.com *.asurion.com *.asurion53.com *.google.com;             frame-src https://www.google.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com             https://10177734.fls.doubleclick.net https://assets.contently.com https://docs.google.com/             https://form.jotform.com/ https://submit.jotform.com/ https://aa.trkn.us https://www.lightboxcdn.com             https://lightboxapi.azurewebsites.net https://asurion.az1.qualtrics.com https://siteintercept.qualtrics.com             https://webforms.pipedrive.com https://*.cdn.optimizely.com https://cdn.jsdelivr.net/ https://my.asurion.com; 1
default-src 'self' https://www.gravatar.com https://player.vimeo.com *.vimeocdn.com https://packages.umbraco.org https://our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://use.typekit.net https://www.youtube.com https://*.vo.msecnd.net https://visitscotlandsto-wip-web.azurewebsites.net https://visitscotlandsto-test-web.azurewebsites.net https://visitscotlandsto-prod-web.azurewebsites.net https://ajax.googleapis.com https://player.vimeo.com http://www.googleadservices.com http://platform.twitter.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://s.ytimg.com https://www.youtube.com/iframe_api https://dc.services.visualstudio.com https://maps.googleapis.com https://www.google.co.uk https://googleads.g.doubleclick.net http://connect.facebook.net https://analytics.twitter.com https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://my2.siteimprove.com https://id.siteimprove.com;style-src 'self' 'unsafe-inline' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net unsafe-inline https://fonts.googleapis.com https://fast.fonts.net https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://cloud.typography.com https://cdn.siteimprove.net https://my2.siteimprove.com https://id.siteimprove.com https://www.youtube.com;img-src 'self' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net https://www.google-analytics.com https://p.typekit.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://i.vimeocdn.com https://www.gravatar.com http://umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org https://our.umbraco.com https://secure.adnxs.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.facebook.com http://t.co https://www.youtube.com https://blog.edinburghcastle.scot https://app-hes-evnts-test-neu-01.azurewebsites.net https://app-hes-evnts-prod-neu-01.azurewebsites.net https://heseventsapi.stormid.site https://qablob.blob.core.windows.net https://prodblob.blob.core.windows.net;media-src 'self' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net blob:;font-src 'self' https://www.edinburghcastle.scot https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com data: https://cloud.typography.com http://fast.fonts.net;connect-src 'self' https://dc.services.visualstudio.com https://www.edinburghcastle.scot https://app-hes-edc-wip-neu-01.azurewebsites.net https://app-hes-edc-test-neu-01.azurewebsites.net https://app-hes-edc-prod-neu-01.azurewebsites.net https://www.google-analytics.com https://region1.google-analytics.com https://our.umbraco.com/webapi/packages/v1 https://stats.g.doubleclick.net https://analytics.google.com https://region1.analytics.google.com https://www.google.co.uk;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://connect.facebook.net https://www.google.com *.doubleclick.net https://my2.siteimprove.com;worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors 'self' https://trello.com/ https://*.atlassian.net/ https://teams.microsoft.com/ https://app.clickup.com/ 1
base-uri https://*.tennisfame.com; default-src 'self' 'unsafe-inline' data: https: wss: http://192.168.105.45 https://ithof.staging53.com http://res.cloudinary.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://itp-atp-sls.infosys-platforms.com https://connect.facebook.net https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://*.googleapis.com https://www.google-analytics.com https://translate.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.sharethis.com https://count-server.sharethis.com https://ithf.disqus.com https://c.disquscdn.com https://disqus.com http://res.cloudinary.com https://www.tennisfame.com https://bbox.blackbaudhosting.com https://t.sharethis.com https://*.en25.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.adnxs.com http://*.affec.tv https://*.hs-scripts.com https://*.dafdirect.org https://*.hs-analytics.net https://*.hsadspixel.net https://*.hscollectedforms.net https://*.licdn.com https://*.curator.io https://*.hsforms.net https://*.hsforms.com https://*.youtube.com https://*.ytimg.com https://*.hs-banner.com https://*.visme.co https://*.hubapi.com https://*.rtb123.com; object-src 'self' 'unsafe-inline' data: https://www.tennisfame.com https://cdn0.scrvt.com; block-all-mixed-content; 1
default-src 'self' blob:;img-src https: *.google-analytics.com 'self' * data: blob:;style-src 'self' https: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.bb-os.com *.bingx.com *.webpushs.com *.legendtrading.com *.sendpulse.com *.bing.com *.googletagmanager.com static.zdassets.com *.google-analytics.com ajax.cloudflare.com *.geetest.com *.qbox.me *.zopim.com *.tradingview.com *.twitter.com *.ads-twitter.com *.recaptcha.net *.google.com *.facebook.net *.facebook.com *.gstatic.com *.doubleclick.net *.googleadservices.com *.volccdn.com *.ibytedtos.com fpnpmcdn.net fpcdn.io *.prdredir.com *.geevisit.com *.mql5.com *.taboola.com *.ads-twitter.com *.yandex.ru;script-src-elem 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' * data: blob: *.fptls.com api.fpjs.io *.api.fpjs.io fp.bingx.com;form-action 'self' *.facebook.com *.facebook.net *.advcash.com *.mrcr.io *.mercuryo.io;frame-src 'self' * blob:;object-src 'none';font-src 'self' * data:;media-src 'self' *;manifest-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src * blob:;child-src * blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wetdry.world; img-src 'self' data: blob: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im; style-src 'self' https://wetdry.world 'nonce-eokwi7O62eMGdzBMgHbrEg=='; media-src 'self' data: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im; frame-src 'self' https:; manifest-src 'self' https://wetdry.world; form-action 'self'; child-src 'self' blob: https://wetdry.world; worker-src 'self' blob: https://wetdry.world; connect-src 'self' data: blob: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im wss://wetdry.world https://api.tenor.com; script-src 'self' https://wetdry.world 'wasm-unsafe-eval' 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.googleapis.com stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.linkedin.com *.twitter.com; form-action 'self' *.linkedin.com *.twitter.com *.facebook.com *.google.com https://wpengine.blogvault.net; frame-ancestors 'self'; frame-src 'self' *.doxim.com *.linkedin.com *.twitter.com *.google.com *.elegantthemes.com *.youtube.com *.facebook.com; img-src 'self' data: *.striata.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.co.za *.googleapis.com *.gstatic.com *.google-analytics.com *.gravatar.com *.linkedin.com *.twitter.com *.twimg.com *.jquery.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' reader.striata.com *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.licdn.com *.linkedin.com *.twitter.com *.twimg.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.jqueryui.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' reader.striata.com *.fontawesome.com *.google.com *.googleapis.com *.linkedin.com *.twitter.com *.twimg.com *.jquery.com; 1
frame-ancestors  'self' *.tadu.com  *.kaiqi.com  *.baidu.com  *.qq.com 1
default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 1
connect-src 'self' blob: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;default-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;frame-ancestors *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;font-src 'self' data: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;media-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;img-src 'self' blob: data: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;frame-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;style-src 'self' 'unsafe-inline' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net uplay.exertisztorm.net ups.analytics.yahoo.com visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co; 1
default-src 'self' *.google.com;font-src 'self' fonts.gstatic.com data:;style-src 'self' 'unsafe-inline' www.google.com ajax.googleapis.com fonts.googleapis.com;frame-src 'self' www.google.com www.youtube.com accounts.google.com www.googletagmanager.com widget.trustpilot.com platform.twitter.com www.facebook.com web.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; img-src 'self' https://* data:; script-src-elem 'self' 'unsafe-inline' *.google.com www.youtube.com www.googletagmanager.com connect.facebook.net platform.twitter.com widget.trustpilot.com beacon-v2.helpscout.net emailoctopus.com;style-src-elem 'self' 'unsafe-inline' www.google.com fonts.googleapis.com ajax.googleapis.com emailoctopus.com; connect-src 'self' analytics.google.com www.google.co.jp *.cloudfront.net stats.g.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net www.buzzsprout.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net cdn.schemaapp.com fcscdn.broadridge.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net; 1
frame-ancestors https://*.cuesta.edu 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://api.signalize.com/ https://cdn.signalize.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.signalize.com/ https://www.etracker.de/ https://code.etracker.com/ https://default.signalize.com/sw.js; img-src 'self' data: https://api.signalize.com/ https://cdn.signalize.com/ s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; connect-src 'self' https://www.etracker.de/api/ https://api.signalize.com/; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' ; upgrade-insecure-requests; report-uri https://www.signalize.com?gdsih-csp-report; 1
frame-ancestors 'self' *.dq8f3vwigpg6x.cloudfront.net *.d1hnva2y44e2g5.cloudfront.net *.virtusagaming.com alumni.virtusa.com d1gv2dk0ka0s3a.cloudfront.net https://d1hnva2y44e2g5.cloudfront.net https://alumni.virtusa.com https://dq8f3vwigpg6x.cloudfront.net https://d1gv2dk0ka0s3a.cloudfront.net https://virtusagaming.com; default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; img-src 'self' http: https: data: mediastream: blob: filesystem: https://roko-mobi.s3.amazonaws.com https://dq8f3vwigpg6x.cloudfront.net https://metrics.brightcove.com https://secure.gravatar.com https://px.ads.linkedin.com https://www.google-analytics.com https://p.adsymptotic.com https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.lk https://www.linkedin.com https://googleads.g.doubleclick.net; connect-src 'self' https: data: blob: filesystem: http://manifest.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://db08nj6y4bt00.cloudfront.net/; font-src 'self' https: data: blob:; media-src 'self' https: data: blob:; report-uri https:; object-src 'none' 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.bundesfinanzministerium.de;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.clarity.ms partner.vxcp.de apis.google.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com www.autouncle.de;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com p.typekit.net  https://www.googletagmanager.com;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com *.clarity.ms partner.verivox.de www.facebook.com dummyimage.com *.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://www.google.de  https://stats.g.doubleclick.net https://analytics.google.com assets.autouncle.com www.autouncle.de;  font-src 'self' data: use.typekit.net fonts.gstatic.com *.cloudfront.net;  object-src 'self';  media-src 'self';  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.bundesfinanzministerium.de partner.vxcp.de partner.verivox.de *.google.com www.unserebroschuere.de www.autouncle.de;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com;  frame-ancestors 'self' www.bundesfinanzministerium.de;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com *.clarity.ms maps.googleapis.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://umd.userlike.com/umd/  https://stats.g.doubleclick.net https://analytics.google.com; 1
base-uri 'self'; child-src 'self' data: *.google.com *.google.com.vn *.youtube.com *.youtu.be; connect-src 'self' *.google-analytics.com *.tiktok.com *.tawk.to wss://*.tawk.to *.google.com *.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net *.gstatic.com *.tawk.to; form-action 'self'; frame-src 'self' data: *.google.com *.google.com.vn *.youtube.com *.youtu.be youtu.be *.doubleclick.net; img-src 'self' data: *.google.com *.google.com.vn *.googletagmanager.com *.tawk.to cdn.jsdelivr.net hostingviet.vn *.hostingviet.vn *.hostingviet.com.vn tawk.link *.amazonaws.com *.ytimg.com; object-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.com.vn *.googleapis.com *.fbcdn.net *.facebook.com *.googletagmanager.com *.tiktok.com *.doubleclick.net *.tawk.to cdn.jsdelivr.net 'nonce-7bfb45f7610f7c005f66af9a'; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.facebook.net *.googleapis.com *.tawk.to cdn.jsdelivr.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.lol; img-src 'self' https: data: blob: https://social.lol; style-src 'self' https://social.lol 'nonce-hELjmTLZxVSby7I/eeMT/w=='; media-src 'self' https: data: https://social.lol; frame-src 'self' https:; manifest-src 'self' https://social.lol; form-action 'self'; child-src 'self' blob: https://social.lol; worker-src 'self' blob: https://social.lol; connect-src 'self' data: blob: https://social.lol https://media.social.lol wss://social.lol; script-src 'self' https://social.lol 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.brightsites.co.uk https://*.independent.co.uk https://*.the-independent.com; 1
frame-ancestors 'self' https://manage.automationworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://rookdsp.com *.rookdsp.com *.vic-m.co unpkg.com analytics.vicinity.media *.spar.co.za *.spar.co.bw cdnjs.cloudflare.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.googleadservices.com *.addthis.com *.addthisedge.com *.moatads.com *.google.com *.google.co.za *.facebook.com *.doubleclick.net *.pinterest.com *.gstatic.com static.vic-m.co *.mapbox.com *.hotjar.com https://woobox.com https://analytics.tiktok.com https://dsp-trk.eskimi.com https://dsp-media.eskimi.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.spar.co.za *.spar.co.bw *.gstatic.com cdnjs.cloudflare.com *.googleapis.com *.mapbox.com *.pubhub.studio; img-src 'self' blob: *.spar.co.za analytics.vicinity.media spar.co.za *.spar.co.za *.spar.co.bw *.spar.co.na *.spar.net *.sparsz.com *.google-analytics.com *.facebook.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.co.za www.google.com *.googleapis.com *.gstatic.com secure.adnxs.com rtd.tubemogul.com *.everesttech.net *.imgur.com *.ytimg.com *.fbcdn.net data: *.google.com *.google.co.za *.googletagmanager.com *.addthis.com *.pinterest.com https://analytics.tiktok.com; frame-src 'self' 'unsafe-inline' *.spar.co.za *.spar.co.bw connect.facebook.net www.facebook.com *.google.com *.youtube.com *.addthis.com s7.addthis.com *.doubleclick.net *.pinterest.com *.soft8soft.com *.hotjar.com *.spar2u.co.za https://woobox.com; connect-src 'self' *.buildit.co.za *.foodieservices.com pro.ip-api.com cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.google.com *.google.co.za *.spar.co.za *.spar.co.bw *.mapbox.com *.hotjar.com *.doubleclick.net *.hotjar.io *.juicer.io *.facebook.com *.pubhub.studio wss://www.spar.co.za ws: *.addthis.com https://analytics.tiktok.com https://dsp-trk.eskimi.com https://dsp-ap.eskimi.com; font-src 'self' *.juicer.io data: *.spar.co.za *.spar.co.bw cdnjs.cloudflare.com *.googleapis.com fonts.gstatic.com *.juicer.io; frame-ancestors 'self' http://*.spar.co.za https://*.spar.co.za https://spar.co.bw http://*.spar2u.co.za https://spar2u.co.za; worker-src 'self' *.mapbox.com blob: *.spar.co.za 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com https://ad.doubleclick.net https://i.vimeocdn.com https://www.facebook.com https://www.google.com https://www.google.ch; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com ; font-src 'self' data: https://fonts.gstatic.com ;  script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com  https://www.googleadservices.com https://analytics.tiktok.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://matomo.securitas.ch https://connect.facebook.net; frame-src https://6494580.fls.doubleclick.net https://td.doubleclick.net https://td.doubleclick.net https://player.vimeo.com https://www.securitas.ch https://www.google.com https://www.youtube.com https://13442904.fls.doubleclick.net; connect-src https://pagead2.googlesyndication.com https://matomo.securitas.ch https://www.securitas.ch region1.google-analytics.com maps.googleapis.com analytics.tiktok.com; 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://*.leadoo.com https://*.cookiebot.com https://*.linkedin.com https://*.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.leadoo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.leadoo.com https://*.zoominfo.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com https://www.youtube.com https://*.doubleclick.net https://js.hsforms.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://snap.licdn.com https://js.hubspot.com https://js.chilipiper.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.leadoo.com; frame-src 'self' https://www.google.com https://player.vimeo.com https://*.cookiebot.com https://www.youtube-nocookie.com https://www.youtube.com https://*.doubleclick.net https://*.spotify.com https://facetwp.com; connect-src 'self' https://*.leadoo.com https://*.zoominfo.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.doubleclick.net https://yoast.com https://vimeo.com https://*.cookiebot.com https://*.googlesyndication.com https://*.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://js.hs-banner.com https://px.ads.linkedin.com; 1
default-src 'none'; script-src 'self' 'nonce-77c04881e5a4f26151c1ed906fd1bb01' https://*.lendingpoint.com https://cdn.mouseflow.com https://www.googletagmanager.com https://www.googleadservices.com https://sentry.io https://cdn.heapanalytics.com https://optimize.google.com https://www.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://www.googleoptimize.com https://widget.trustpilot.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://bat.bing.com https://rs.fullstory.com https://edge.fullstory.com https://cdn.evgnet.com; style-src 'self' 'unsafe-inline' https://*.lendingpoint.com https://optimize.google.com https://*.googleapis.com; img-src 'self' data: https://*.lendingpoint.com https://www.google-analytics.com https://heapanalytics.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com/tr https://www.facebook.com/tr/ https://www.google.com https://bat.bing.com https://d21y75miwcfqoq.cloudfront.net; font-src 'self' data: https://*.lendingpoint.com fonts.gstatic.com; connect-src 'self' data: https://*.lendingpoint.com https://*.ingest.sentry.io https://analytics.google.com https://www.google-analytics.com https://sentry.io https://n2.mouseflow.com https://*.googleapis.com https://io.lendingpoint.com https://rum-collector-2.pingdom.net https://stats.g.doubleclick.net https://rs.fullstory.com https://edge.fullstory.com https://lendingpoint.us-5.evergage.com; media-src 'self' https://*.lendingpoint.com; object-src 'self' https://*.lendingpoint.com; child-src 'self' https://*.lendingpoint.com; frame-src 'self' https://*.lendingpoint.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com; worker-src 'self' https://*.lendingpoint.com; frame-ancestors 'self' *.lendingpoint.com;; form-action 'self' https://*.lendingpoint.com https://www.facebook.com/tr https://www.facebook.com/tr/; manifest-src 'self' https://*.lendingpoint.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 1
frame-ancestors https://www.carnegiecouncil.org https://eia.rygn.io https://www.ethicsandinternationalaffairs.org; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' https: 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.hotjar.com 'self' data: *.subdued.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.subdued.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.facebook.com *.cookiebot.com *.subdued.com *.pinterest.com *.salesmanago.pl *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.google.de *.google.it *.visualwebsiteoptimizer.com *.facebook.com *.pinterest.com *.subdued.com *.klarnacdn.net *.jmango360.com *.klarna.com *.klarnaevt.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.facebook.net *.tiktok.com *.zdassets.com *.hotjar.com *.visualwebsiteoptimizer.com *.newrelic.com *.pinimg.com *.doubleclick.net *.cookiebot.com *.googlesyndication.com *.nr-data.net *.subdued.com *.klarnaservices.com *.googleoptimize.com *.klarna.com *.klarnacdn.net *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.stripe.com klarna.com *.klarnaevt.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.subdued.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.tiktok.com *.pinterest.com *.google-analytics.com *.googlesyndication.com *.cookiebot.com *.nr-data.net *.subdued.com *.klarnaevt.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src "none" 1
frame-ancestors 'self' *.cloudme.com 1
default-src 'self'; frame-ancestors 'self'; connect-src https://*;frame-src https://*; img-src https://*; style-src 'self' 'unsafe-inline' ajax.googleapis.com code.jquery.com https://*; font-src 'self' data: fonts.gstatic.com https://*;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com https://*;form-action 'self' 1
default-src *;script-src 'self' ajax.googleapis.com cdn.cookielaw.org cdnjs.cloudflare.com cdn.jsdelivr.net cdn.statuspage.io code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com snippets.freshchat.com wchat.freshchat.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' ajax.googleapis.com cdn.cookielaw.org cdnjs.cloudflare.com cdn.jsdelivr.net cdn.statuspage.io code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com snippets.freshchat.com wchat.freshchat.com www.googletagmanager.com 'unsafe-inline';object-src 'none' 1
frame-ancestors www.sonnentor.com *.emarsys.net; 1
font-src *.fontawesome.com fonts.gstatic.com *.nxedge.io *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.globalglove.com *.bullheadsafety.com *.yourggs.com *.nxedge.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.addthis.com *.moatads.com *.addthisedge.com *.nxedge.io maps.googleapis.com chart.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.nxedge.io unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.addthis.com *.nxedge.io maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint;, upgrade-insecure-requests; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://external.quantummetric.com https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.fr https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.fr https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' maps.googleapis.com *.googletagmanager.com *.google-analytics.com blob: *.azureedge.net *.dynamics.com  cdn.cookielaw.org; img-src 'self' data: res.cloudinary.com maps.googleapis.com maps.gstatic.com *.emtekaws.com www.google-analytics.com cdn.cookielaw.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' app.glitchtip.com *.sentry.io *.googleapis.com www.google-analytics.com *.dynamics.com cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self' *.cloudinary.com ; frame-src 'self' *.dynamics.com; frame-ancestors 'self' 1
frame-ancestors shadowpay.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clickdesk.com *.cdnma.com *.cloudfront.net https://cloudfront.net https://facebook.com https://facebook.net *.facebook.net https://www.google-analytics.com *.googleapis.com https://googletagmanager.com *.googletagmanager.com https://googleapis.com https://bing.com *.bing.com https://www.adelixir.com *.episerver.com *.episerver.net *.newrelic.com *.vimeocdn.com *.clarity.ms https://scripts.tadpull.com https://storage.googleapis.com https://bam-cell.nr-data.net https://bam.nr-data.net https://cdn.b0e8.com https://player.vimeo.com *.vimeo.com https://forms.net-results.io *.net-results.io https://www.youtube.com *.youtube.com https://www.googleadservices.com *.googleadservices.com *.bc0a.com/ https://apps.mypurecloud.com *.mypurecloud.com *.flinnsci.com *.flinnsci.ca;object-src 'self';style-src 'self' 'unsafe-inline' *.cloudfront.net *.episerver.com *.episerver.net;img-src 'self' *.amazonaws.com *.cloudfront.net *.episerver.net *.bing.com https://www.adelixir.com *.clarity.ms https://www.google-analytics.com https://www.facebook.com *.b0e8.com https://a.b0e8.com https://i.vimeocdn.com *.vimeocdn.com https://www.youtube.com *.youtube.com *.flinnsci.com *.flinnsci.ca;media-src 'self' https://www.youtube.com https://vimeo.com *.cloudfront.net;frame-src 'self' https://player.vimeo.com https://accept.authorize.net https://test.authorize.net https://www.youtube.com *.youtube.com https://apps.mypurecloud.com *.mypurecloud.com;font-src 'self' *.episerver.com *.episerver.net;connect-src 'self' https://www.google-analytics.com wss://in.visitors.live wss://visitors.live *.googleapis.com *.clarity.ms https://connect.facebook.net *.facebook.net https://js-agent.newrelic.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://bat.bing.com *.bing.com https://scripts.tadpull.com *.tadpull.com https://sc.cdnma.com *.cdnma.com *.cloudfront.net/ *.vimeocdn.com https://bam-cell.nr-data.net https://bam.nr-data.net *.nr-data.net *.b0e8.com https://www.adelixir.com https://www.facebook.com *.vimeo.com https://vimeo.com https://forms.net-results.io *.net-results.io https://www.youtube.com *.youtube.com *.episerver.com *.episerver.net https://www.googleadservices.com *.googleadservices.com *.bc0a.com/ https://api-cdn.mypurecloud.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.flinnsci.com *.flinnsci.ca;frame-ancestors 'self' https://portal.mpls.k12.mn.us *.mpls.k12.mn.us/ *.flinnpavo.com *.flinnsci.com *.flinnsci.ca;worker-src 'self' blob: 1
upgrade-insecure-requests;script-src https://shitposter.club/static/ https://shitposter.club/pleroma/admin/static/js/; connect-src 'self' blob: https://shitposter.club wss://shitposter.club;media-src 'self' https://static.banky.club https://media.shitposter.club https://s3.shitposter.club;img-src 'self' data: blob: https://static.banky.club https://captcha.kotobank.ch https://media.shitposter.club https://s3.shitposter.club;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self' *.imi.chat:* help.imonov.com *.welldata.net:*;style-src 'self' 'unsafe-inline' *.imi.chat:* fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imi.chat:* help.imonov.com *.welldata.net:* ;font-src 'self' *.imi.chat:* fonts.gstatic.com 1
base-uri 'none'; font-src 'self' data: https://cdnjs.cloudflare.com *.crazyegg.com https://fonts.googleapis.com https://pub.mdpi-res.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src * data:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://pub.mdpi-res.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleusercontent.com https://*.googletagmanager.com *.crazyegg.com *.cookiebot.com; default-src *; connect-src 'self' ws: https://cdnjs.cloudflare.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleusercontent.com https://*.googletagmanager.com *.crazyegg.com *.cookiebot.com; frame-src 'self' *.cookiebot.com; child-src 'self' blob:; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://corporatev3.hyperion.acsitefactory.com eu-central-1-decisionapi.lift.acquia.com bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com; connect-src 'self' eu-central-1-decisionapi.lift.acquia.com https://bam.nr-data.net www.google-analytics.com https://stats.g.doubleclick.net http://hits-i.iubenda.com https://rs.fullstory.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk svc.webspellchecker.net consent.iubenda.com https://edge.fullstory.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://corporatev3.hyperion.acsitefactory.com fast.fonts.net https://fonts.gstatic.com svc.webspellchecker.net; frame-src 'self' www.youtube.com player.vimeo.com www.google.com https://corporatev3.hyperion.acsitefactory.com forms.hsforms.com https://cdn.iubenda.com http://cdn.iubenda.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://corporatev3.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://www.googleoptimize.com https://snap.licdn.com player.vimeo.com https://edge.fullstory.com/s/fs.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js cdn.jsdelivr.net https://assets.pinterest.com https://cdnjs.cloudflare.com https://polyfill.io https://secure.ewaypayments.com https://www.google.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' lift3assets.lift.acquia.com production-cdn.lift.acquia.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://corporatev3.hyperion.acsitefactory.com stats.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net https://secure.perk0mean.com https://ajax.cloudflare.com https://static.cloudflareinsights.com player.vimeo.com js.hsforms.net forms.hsforms.com http://cdn.iubenda.com http://www.iubenda.com https://snap.licdn.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.iife.js https://rs.fullstory.com https://survey.survicate.com http://cdnjs.cloudflare.com svc.webspellchecker.net https://edge.fullstory.com https://cs.iubenda.com cdn.jsdelivr.net https://assets.pinterest.com https://cdnjs.cloudflare.com https://polyfill.io https://secure.ewaypayments.com https://www.google.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://corporatev3.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fast.fonts.net tagmanager.google.com fonts.googleapis.com https://corporatev3.hyperion.acsitefactory.com https://www.googletagmanager.com/debug/badge.css svc.webspellchecker.net https://cdnjs.cloudflare.com; base-uri 'self' https://corporatev3.hyperion.acsitefactory.com 1
default-src 'unsafe-inline' 'unsafe-eval' data:  https://*; 1
default-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://*.analytics.google.com/ https://www.google-analytics.com/ https://*.hotjar.co/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://stats.g.doubleclick.net/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.sesamnet.net/ https://*.sesamnet.ch/ https://www.google-analytics.com/ https://*.hotjar.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://npmcdn.com/isotope-layout@3/dist/; style-src-elem 'self' 'unsafe-inline' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://p.typekit.net/ https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/ https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://cdnjs.cloudflare.com/ajax/libs/ https://code.jquery.com/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net; font-src 'self' https://*.sesamnet.net https://*.sesamnet.ch https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/releases/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://youtube.com/ https://www.youtube.com/ https://www.google.com/; img-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://favicons https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
base-uri 'self'; default-src 'self' blob: https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://mg.blogvault.net https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://forms.hsforms.com https://www.facebook.com; connect-src 'self' 'unsafe-inline' https://content.hotjar.io https://dev.visualwebsiteoptimizer.com https://sst.acornfinance.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://websitedemos.net http://*.hotjar.com:* https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.analytics.google.com https://*.api.acornfinance.com https://*.google-analytics.com https://*.hotjar.com:* https://*.hotjar.io https://*.pr.acornfinance.com https://adservice.google.com https://analytics.google.com https://api-iam.intercom.io https://api.acornfinance.com https://api.hubapi.com https://api.ipify.org https://cdn.linkedin.oribi.io https://exceptions.hubspot.com https://forms.hsforms.com https://fs.acornfinance.com https://google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://in.hotjar.com https://maps.googleapis.com https://my.yoast.com https://o489149.ingest.sentry.io https://p.adsymptotic.com https://px.ads.linkedin.com https://region1.analytics.google.com https://snap.licdn.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://vc.hotjar.io:* https://www.facebook.com https://www.google-analytics.com https://www.google.co.in wss://*.hotjar.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com http://script.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.your.acornfinance.com https://assets.quadpay.com https://cdn.linkedin.oribi.io https://cdn.loom.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://script.hotjar.com https://snap.licdn.com https://widget.intercom.io https://widget.trustpilot.com https://your.acornfinance.com; frame-ancestors 'self' https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.studio-shed.com https://*.your.acornfinance.com https://fs.acornfinance.com https://payest.acornfinance.com https://pr.acornfinance.com https://qa.pr.acornfinance.com https://uat.pr.acornfinance.com https://www.youtube.com https://your.acornfinance.com; frame-src 'self' 'unsafe-inline' data: blob: https://wp.freemius.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.hotjar.com https://*.hotjar.io https://accounts.google.com https://app.hubspot.com https://app.lendflow.io https://cdn.linkedin.oribi.io https://forms.hsforms.com https://fs.acornfinance.com https://googletagmanager.com https://iw.lendflow.com https://js.hsadspixel.net https://optimize.google.com https://p.adsymptotic.com https://platform.twitter.com https://play.vidyard.com https://pr.acornfinance.com https://px.ads.linkedin.com https://qa.pr.acornfinance.com https://snap.licdn.com https://static.hsappstatic.net https://uat.acornfinance.com https://uat.pr.acornfinance.com https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.youtube.com https://youtu.be https://youtube.com; img-src 'self' blob: data: https://dev.visualwebsiteoptimizer.com https://static.hsappstatic.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.w.org chart.googleapis.com wingify-assets.s3.amazonaws.com https://ps.w.org https://source.unsplash.com https://library.ghostkit.io https://websitedemos.net https://*.ads.linkedin.com https://s.w.org https://*.acornfinance.com https://analytics.google.com http://script.hotjar.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.pressablecdn.com https://*.your.acornfinance.com https://cdn.linkedin.oribi.io https://cdn.vidyard.com https://connect.facebook.net https://downloads.intercomcdn.com https://forms-na1.hsforms.com https://forms.hsforms.com https://fs.acornfinance.com https://google-analytics.com https://media.bizj.us https://optimize.google.com https://p.adsymptotic.com https://pixel.wp.com https://play.vidyard.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.gaug.es https://secure.gravatar.com https://snap.licdn.com https://static.intercomassets.com https://stats.g.doubleclick.net https://thetechtribune.com https://track.hubspot.com https://translate.google.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.co.in https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://www.gstatic.com https://www.nerdwallet.com https://www.primerates.com https://www.prnewswire.com https://www.studio-shed.com https://your.acornfinance.com; media-src 'self' https://js.intercomcdn.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com https://*.your.acornfinance.com https://api.ipify.org https://js.intercomcdn.com https://pr.acornfinance.com https://www.youtube.com https://your.acornfinance.com; object-src https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com https://api.ipify.org https://pr.acornfinance.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://qa.pr.acornfinance.com https://sst.acornfinance.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com http://static.hotjar.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.pr.acornfinance.com https://ajax.googleapis.com https://app.lendflow.io/ https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://connect.facebook.net https://forms.hsforms.com https://google-analytics.com https://iw.lendflow.com https://js.hs-analytics.net https://js.hs-banner.com/ https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.intercomcdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://p.adsymptotic.com https://play.vidyard.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.gaug.es https://snap.licdn.com https://static.hotjar.com https://widget.intercom.io https://widget.trustpilot.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://js.hubspot.com https://sst.acornfinance.com http://script.hotjar.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.pr.acornfinance.com https://ajax.googleapis.com https://app.lendflow.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://connect.facebook.net https://forms.hsforms.com https://gc.kes.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://google-analytics.com https://iw.lendflow.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.intercomcdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://me.kis.v2.scr.kaspersky-labs.com https://optimize.google.com/ https://p.adsymptotic.com https://payest.acornfinance.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com https://secure.gaug.es https://secure.gravatar.com https://snap.licdn.com https://static.hotjar.com https://use.fontawesome.com https://widget.intercom.io https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://yoast.com; style-src 'self' 'unsafe-inline' s3.amazonaws.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://fonts.googleapis.com https://payest.acornfinance.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://gc.kis.v2.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://optimize.google.com/ https://widget.intercom.io; report-uri https://o489149.ingest.sentry.io/api/5995675/security/?sentry_key=b011d1ccc0f6456bb41b981294106653; 1
default-src 'self' blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consentmanager.net https://www.googletagmanager.com https://secure.quantserve.com/ https://www.google-analytics.com/ https://*.usabilla.com/ https://platform.twitter.com https://*.vattenfall.se https://rules.quantcount.com/ https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://bat.bing.com https://platform.twitter.com/ https://rules.quantcount.com/ https://*.snapchat.com/ https://dev.visualwebsiteoptimizer.com https://www.google.com https://*; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.consentmanager.net https://www.googletagmanager.com https://secure.quantserve.com/ https://www.google-analytics.com/ https://app.readpeak.com/* https://connect.facebook.net/ https://platform.twitter.com/* https://www.youtube.com/ https://*.vattenfall.se/ https://bat.bing.com/ https://dev.visualwebsiteoptimizer.com/ https://www.gstatic.com/ https://www.google.com/ https://ecpacc-gwe.vattenfall.se/ https://*.usabilla.com/ https://rules.quantcount.com/ https://*; img-src 'self' data: blob: *.consentmanager.net *.vattenfall.se https://www.facebook.com https://analytics.twitter.com/ https://sync.taboola.com https://*.visualwebsiteoptimizer.com/ https://bat.bing.com/ https://www.linkedin.com/ https://cm.g.doubleclick.net/ https://*.visualwebsiteoptimizer.com/ https://app.readpeak.com https://www.google.com/ https://www.google.se/ https://www.google-analytics.com/* https://*.linkedin.com/ https://www.google-analytics.com https://*.pinterest.com/ https://pixel.quantserve.com/ https://*.usabilla.com/ https://platform.twitter.com/* https://www.googletagmanager.com/ https://*.snapchat.com/ https://www.gstatic.com/ https://t.co/ https://prreqcroab.icu/ https://*; style-src 'self' 'unsafe-inline' 'strict-dynamic' data: https://*; style-src-elem 'self' https://*.vattenfall.se/ 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://elements.vattenfall.se https://ecp-gwe.vattenfall.se/ https://*; font-src 'self' data: https://*.vattenfall.nl https://vfsalesstorageprd.blob.core.windows.net/ https://*.vattenfall.se/ https://fonts.gstatic.com/ https://incharge.azureedge.net/ data: https://*; connect-src 'self' wss://*.vattenfall.se/ data: blob: properties https://*.google-analytics.com/ https://*.doubleclick.net https://dev.visualwebsiteoptimizer.com/* https://*.visualwebsiteoptimizer.com/ https://dc.services.visualstudio.com/* https://bat.bing.com/* https://*.vattenfall.se/ https://*.visualwebsiteoptimizer.com/* https://pixel.quantcount.com/ https://*.visualstudio.com/ https://*.pinterest.com/ https://bat.bing.com/ https://www.facebook.com/ https://app.readpeak.com/ https://adservice.google.com/ https://cdn.linkedin.oribi.io/ https://www.google.com/ https://businessspecificapimanglobal.azure-api.net/ https://tr.snapchat.com https://*; frame-src 'self' https://*.doubleclick.net https://*.snapchat.com https://*.pinterest.com https://www.youtube.com https://www.facebook.com https://* anwebconsole; worker-src blob:; object-src 'none';report-uri https://selfserviceapi.www.vattenfall.se/api/csp-report/report-uri?key=fib963d74f; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GroupsFrontendUi/cspreport/allowlist 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-vVsylCY6FPNDATMrNmbagQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors *.bolignet.dk 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com iprom.net *.iprom.net *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com iprom.net collect.tealiumiq.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com letaki.hofer.si; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at app.mojhofer.hofer.si mojhofer.hofer.si staffbase.com localhost:* 1
default-src 'self'; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.youtube.com *.wistia.net api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com *.piktochart.com *.youtu.be; report-uri https://www.euronext.com/nb/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self' iconic-assets.azureedge.net blob:; connect-src *; font-src *; frame-src *; img-src * blob: data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' ama.com.au apis.google.com cdn.syndication.twimg.com content-customsearch.googleapis.com content.googleapis.com e.infogram.com fonts.gstatic.com in.hotjar.com ka-p.fontawesome.com kit-uploads.fontawesome.com platform.twitter.com script.hotjar.com static.hotjar.com stats.g.doubleclick.net syndication.twitter.com join.ama.com.au vars.hotjar.com vc.hotjar.io ws1.hotjar.com ws10.hotjar.com ws13.hotjar.com ws14.hotjar.com ws15.hotjar.com ws18.hotjar.com ws19.hotjar.com ws2.hotjar.com ws20.hotjar.com ws23.hotjar.com ws24.hotjar.com ws4.hotjar.com ws25.hotjar.com ws26.hotjar.com ws27.hotjar.com ws28.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com ws9.hotjar.com wsp20.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws2.hotjar.com wss://ws20.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com www.google-analytics.com www.googleoptimize.com live-ama-d9.pantheonsite.io ws11.hotjar.com ws12.hotjar.com ws16.hotjar.com ws21.hotjar.com ws22.hotjar.com ws3.hotjar.com ws5.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws21.hotjar.com wss://ws3.hotjar.com wss://wsp20.hotjar.com; child-src 'self' content-customsearch.googleapis.com content.googleapis.com e.infogram.com platform.twitter.com syndication.twitter.com vars.hotjar.com www.youtube.com; connect-src 'self' in.hotjar.com ka-p.fontawesome.com kit-uploads.fontawesome.com sentry-proxy.hotjar.com stats.g.doubleclick.net vc.hotjar.io *.hotjar.com ws10.hotjar.com ws11.hotjar.com ws12.hotjar.com ws13.hotjar.com ws14.hotjar.com ws15.hotjar.com ws16.hotjar.com ws17.hotjar.com ws18.hotjar.com ws19.hotjar.com ws2.hotjar.com ws20.hotjar.com ws21.hotjar.com ws22.hotjar.com ws23.hotjar.com ws24.hotjar.com ws25.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com ws9.hotjar.com wsp20.hotjar.com wsp21.hotjar.com wsp22.hotjar.com wsp23.hotjar.com wsp24.hotjar.com wsp25.hotjar.com wsp26.hotjar.com wsp27.hotjar.com wsp28.hotjar.com wsp29.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws2.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://wsp20.hotjar.com www.google-analytics.com https://maps.googleapis.com wss://ws-us2.pusher.com https://sockjs-us2.pusher.com wss://wsp21.hotjar.com wss://wsp22.hotjar.com wss://wsp23.hotjar.com wss://wsp24.hotjar.com wss://wsp25.hotjar.com wss://wsp26.hotjar.com wss://wsp27.hotjar.com wss://wsp28.hotjar.com wss://wsp29.hotjar.com wss://*.hotjar.com https://www.chatbase.co/ https://cdn.linkedin.oribi.io/ https://content.hotjar.io https://metrics.hotjar.io; font-src 'self' fonts.gstatic.com data:; frame-src 'self' content-customsearch.googleapis.com maps.google.com content.googleapis.com e.infogram.com platform.twitter.com pme.proquest.com pwm-image.trendmicro.com syndication.twitter.com vars.hotjar.com www.youtube.com www.google.com www.givenow.com.au https://embedsocial.com js.stripe.com https://e.issuu.com/ https://quote.nobleoak.com.au/ https://api.connectedcommunity.org/ https://player.vimeo.com/ https://www.chatbase.co/ https://www.surveymonkey.com/ https://js.stripe.com https://hooks.stripe.com; img-src 'self' abs.twimg.com ama.com.au old1.ama.com.au pbs.twimg.com platform.twitter.com ssl.google-analytics.com syndication.twitter.com ton.twimg.com translate.google.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.gstatic.com csi.gstatic.com live-ama-d9.pantheonsite.io www.ama.com.au https://sp.tinymce.com ama-au-q.informz.net qld.ama.com.au data: https://cdn.jsdelivr.net https://maps.gstatic.com blob: https://via.placeholder.com https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/; media-src 'self'; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com ton.twimg.com translate.googleapis.com platform.twitter.com https://cdn.tiny.cloud https://fonts.googleapis.com https://cdn.rawgit.com ; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' unpkg.com cdn.jsdelivr.net platform.twitter.com pwm-image.trendmicro.com ton.twimg.com www.opoint.no cdn.tiny.cloud fonts.googleapis.com https://embedsocial.com https://kit.fontawesome.com https://cdn.rawgit.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; form-action 'self' community.amaq.com.au feeslist.ama.com.au platform.twitter.com qld.ama.com.au syndication.twitter.com extranet.ama.com.au sa.ama.com.au test.dplearning.com.au www.dplearning.com.au www.mja.com.au tas.ama.com.au fld.ama.com.au www.givenow.com.au www.ama.com.au ama-feeslist.azurewebsites.net joinama.ama.com.au dplearning.vps.hostaway.net.au amaq.rewards-plus.com.au dev-shop-mja.pantheonsite.io shop.mja.com.au; frame-ancestors 'self'; report-uri https://www.ama.com.au/report-uri/enforce 1
default-src 'none'; base-uri 'self'; connect-src api.funcaptcha.com api.arkoselabs.com github-api.arkoselabs.com; form-action 'none'; frame-ancestors github.com *.github.com *.githubapp.com www-staging.npm.red www-sandbox.npm.red www.npmjs.com www-production.npmjs.com; frame-src api.funcaptcha.com api.arkoselabs.com github-api.arkoselabs.com; script-src api.funcaptcha.com api.arkoselabs.com cdn.arkoselabs.com github-api.arkoselabs.com 'unsafe-eval' github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests 1
font-src *.stripe.com *.google.com *.sagepay.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.facebook.com *.yotpo.com https://plumrocket.com *.twitter.com secure4.arcot.com *.rsa3dsauth.co.uk secure7.arcot.com secure5.arcot.com *.mpts.modirum.com verify.monzo.com acs.revolut.com acs.apata.io *.smartsecure.tsys.co.uk acs2.swedbank.se 3ds.optimuscards.com acs1.swedbank.se foriseu-vbv.mycardplace.com secure2.arcot.com *.bkm.com.tr 3ds-challenge.n26.com danskebank-3ds-bxl.wlp-acs.com cdn-3ds-bxl.wlp-acs.com cdn-3ds-vdm.wlp-acs.com acs2.edb.com acs1.edb.com *.emea.citibank.com tsys.arcot.com danskebank-3ds-vdm.wlp-acs.com 3ds2-visasecure.acdcproc.com 3ds2-idcheck.acdcproc.com vapouriz.uk authentication-acs.marqeta.com 3dsecure.mbank.pl acs2.mutualtrustbank.com *.3ds.modirum.com api.ometria.com *.fssnet.co.in mycardsecure.com 3dsecure.leobank.az acs.stripeauthentications.com 3dsecure.sumup.com 3ds.emlpayments.com secure-acs2ui-bk2-indblr-blrtdc.wibmo.com *.abmb.com.my 3ds.kaspi.kz *.garanti.com.tr acs.capitalone.com acs.sibs.pt acs.gc.ge betalen.rabobank.nl *.centrum24.pl secure-acs2ui-b1-indblr-blrtdc.wibmo.com 3ds.nexigroup.com *.apac.citibank.com authentication.cardinalcommerce.com *.capitecbank.co.za secure-acs2ui-b1-indmum-mumrdc.wibmo.com 3ds.qnb.com acs3.edb.com wirexeu-msc.mycardplace.com securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com acs4.privatbank.ua secureicici-cr1.icicibank.com acsv2.m2pfintech.com 3ds.redsys.es op-bxl.wlp-acs.com *.alfransi.com.sa *.pl.ing.com acs1.3dsecure.no acs2.3dsecure.no 3dsecure.bcc.kz uobt3dsg2.uobgroup.com bpcepaymentservices-3ds-vdm.wlp-acs.com 3ds.borica.bg *.sensebank.com.ua 3ds.upc.ua *.live.ext.prod.enfuce.com ecommerce.aps.iq *.stcpay.com.sa *.standardbank.co.za acs.ababank.com acs2.arca.am *.3ds.acssecure.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de *.vib.com.vn *.3d2.icbc.com.cn *.techcombank.com.vn *.rsa3dsauth.com ims.euronet3dsecure.com 3dsecure.nexi.it *.nedsecure.co.za 3ds.pkobp.pl 3ds-n2.nbg.gr acssv.otpbank.hu 3debspay.boc.cn acs.attijariwafa.com acs.mercurypaymentservices.it ch-acs2.cafis-paynet.jp 3dsec.postfinance.ch acsemv.mepspay.com *.afs.com.bh ipay.bangkokbank.com luxembourg-3ds-bxl.wlp-acs.com belgium-3ds-bxl.wlp-acs.com acs2.3dsecure.az vsconsumer2saib.emcrey.com acs3.3dsecure.no pay.eewosecure.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self' 'unsafe-inline'; frame-ancestors www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.yotpo.com www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com https://plumrocket.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com consentcdn.cookiebot.com acs2.swedbank.se popup.laybuy.com acs.stripeauthentications.com userapi2.danskebank.com authentication.cardinalcommerce.com js.stripe.com wirexeu-msc.mycardplace.com securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com acs4.privatbank.ua *.alfransi.com.sa *.apac.citibank.com *.live.ext.prod.enfuce.com *.standardbank.co.za acs.ababank.com acs2.arca.am 3ds.nexigroup.com *.yapikredi.com.tr *.3ds.acssecure.com *.rsa3dsauth.co.uk acs.attijariwafa.com secure4.arcot.com secure7.arcot.com secure5.arcot.com acs.mercurypaymentservices.it *.akbank.com.tr *.afs.com.bh luxembourg-3ds-bxl.wlp-acs.com acs2.3dsecure.az pay.eewosecure.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com play.google.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.yotpo.com *.klevu.com *.ksearchnet.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net scripts.affiliatefuture.com p.yotpo.com trk.ometria.com c.clarity.ms integration-assets.laybuy.com *.paypalobjects.com pay.laybuy.com *.vapouriz.co.uk cdn.simplycodes.com s3.amazonaws.com imgsct.cookiebot.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk *.cookiebot.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ www.google.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com *.yotpo.com js.klevu.com *.ksearchnet.com *.searchspring.io connect.facebook.net twitter.com platform.twitter.com https://player.vimeo.com https://www.youtube.com https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu https://www.googletagmanager.com tagmanager.google.com *.ometria.com widget.freshworks.com tags.affiliatefuture.com consent.cookiebot.com invitejs.trustpilot.com consentcdn.cookiebot.com staticw2.yotpo.com scripts.affiliatefuture.com widget.trustpilot.com pi-live.sagepay.com cdn.ometria.com js.stripe.com web-sdk.smartlook.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com/* consent.cookiebot.com/uc.js www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com stats.g.doubleclick.net test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com platform.instagram.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agechecked.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.googleapis.com checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.yotpo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com widget.freshworks.com www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; object-src www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com blob: www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; manifest-src *.vapestore.co.uk *.vapouriz.co.uk www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.sagepay.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.yotpo.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://beacon.searchspring.io/beacon *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com *.ometria.com widget.freshworks.com *.ingest.sentry.io consentcdn.cookiebot.com am.freshrelevance.com ws38.hotjar.com ws36.hotjar.com wsp28.hotjar.com wsp2.hotjar.com wsp13.hotjar.com wsp3.hotjar.com ws.hotjar.com *.analytics.google.com api.yotpo.com *.eu.smartlook.cloud *.craftyclicks.co.uk invitejs.trustpilot.com *.a.searchspring.io www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.rsa3dsauth.co.uk www.rsa3dsauth.com vapouriz.freshdesk.com api.ometria.com *.smartlook.cloud *.searchspring.io 'self' 'unsafe-inline'; child-src www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io http: https: blob: 'self' 'unsafe-inline'; default-src www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.vapestore.co.uk www.vapouriz.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
base-uri 'self' ; font-src 'self' https: data: *.gstatic.com; form-action 'self' wellingtonnz.formstack.com *.facebook.com; frame-ancestors 'self' *.wellingtonnz-uat.com *.wellingtonnz.com; img-src 'self' data: blob: *.analytics.google.com *.cdninstagram.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google-analytics.com *.google.co.nz *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.monsido.com *.siteimproveanalytics.io *.ytimg.com api.mapbox.com shielded.co.nz staticcdn.co.nz twemoji.maxcdn.com wellingtonnz.bynder.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' *.google.com *.googleapis.com *.zencdn.net; script-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' *.analytics.google.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jquery.com *.monsido.com *.vimeo.com *.youtube.com *.zencdn.net browser-update.org code.highcharts.com siteimproveanalytics.com staticcdn.co.nz; upgrade-insecure-requests; connect-src 'self' https: wss: *.analytics.google.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.monsido.com *.windows.net *.wellingtonnz.com; frame-src 'self' *.doubleclick.net *.dwcdn.net *.google.com *.infogram.com *.metservice.com *.monsido.com *.spotify.com *.vimeo.com *.youtube.com configurator.takina.co.nz configurator.wcec.co.nz goo.gl nzhistory.govt.nz omny.fm radian.mintdesign.co.nz radianstaging.mintdemo.co.nz staticcdn.co.nz viewer.mapme.com wellingtonnz.formstack.com *.facebook.com; manifest-src 'self'; media-src 'self' *.cdninstagram.com maori-dictionary-media.s3.amazonaws.com storage.googleapis.com 1
default-src 'self' farmersinsurance.okta.com *.oktacdn.com; connect-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com farmersinsurance.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' farmersinsurance.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' farmersinsurance.okta.com *.oktacdn.com; frame-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com login.okta.com ok4-devicetrust.okta.com com-okta-authenticator:; img-src 'self' farmersinsurance.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' farmersinsurance.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; worker-src * 'self' data: blob: 'unsafe-inline'; img-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors https://app.cux.io 1
frame-ancestors 'self'  https://app.contentful.com 1
frame-ancestors 'self' https://m.mygovernmentonline.org/ 1
connect-src 'self' ownerclan.com stats.g.doubleclick.net adservice.google.com www.google.com www.google.co.kr www.googletagmanager.com cloudflareinsights.com www.google-analytics.com wcs.naver.com;font-src 'self' data: use.fontawesome.com fonts.gstatic.com;frame-src 'self' www.google.com bid.g.doubleclick.net www.youtube.com googleads.g.doubleclick.net www.allthegate.com m.youtube.com player.vimeo.com serviceapi.nmv.naver.com www.allra.co.kr;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net tpc.googlesyndication.com ssl.google-analytics.com cdn.jsdelivr.net static.cloudflareinsights.com cdnjs.cloudflare.com ajax.cloudflare.com wcs.naver.net ownerclan.com *.ownerclan.com ssl.daum.net t1.daum.net t1.daumcdn.net t1.kakaocdn.net ssl.daumcdn.net s1.daumcdn.net dapi.kakao.com code.jquery.com unpkg.com connect.facebook.com connect.facebook.net cdn.megadata.co.kr www.allthegate.com;style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' unpkg.com fonts.googleapis.com use.fontawesome.com ownerclan.com *.ownerclan.com;object-src none;upgrade-insecure-requests;report-uri /csp-report/; 1
default-src 'self';    script-src-elem 'self' r.wdfl.co *.taboola.com 'unsafe-eval' 'unsafe-inline' *.youtube.com *.twitter.com *.sleekflow.io *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.licdn.com *.facebook.net *.convertflow.co *.hs-scripts.com *.facebook.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.doubleclick.net *.googleoptimize.com optimize.google.com *.chilipiper.com phrase.com consent.cookiebot.com consentcdn.cookiebot.com cdn.dreamdata.cloud asset.dyh8ken8pc.com tag.clearbitscripts.com x.clearbitjs.com *.hsforms.net *.clarity.ms;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.twitter.com *.sleekflow.io *.googletagmanager.com *.googleanalytics.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.licdn.com *.facebook.net *.convertflow.co *.hs-scripts.com *.facebook.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.doubleclick.net *.googleoptimize.com optimize.google.com *.chilipiper.com consentden.cookiebot.com;    child-src *.youtube.com *.twitter.com *.sleekflow.io *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.licdn.com *.facebook.net *.convertflow.co *.hs-scripts.com *.facebook.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.doubleclick.net *.chilipiper.com *.phrase.com consentcdn.cookiebot.com *.hsforms.com 'self' blob:;    style-src 'self' 'unsafe-inline' *.googleapis.com phrase.com optimize.google.com;    img-src * blob: data:;    media-src *.ctfassets.net *.phrase.com *.cloudinary.com;    connect-src *;    font-src 'self' fonts.gstatic.com;    frame-ancestors https://app.contentful.com;    worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.civiccomputing.com *.matomo.cloud cdn.ijsweb.com cdn-vtech-jouets.vtech.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com *.google.com.hk *.gstatic.com www.youtube.com *.doubleclick.net googleads.g.doubleclick.net social-sb.com static-sb.com assets.app.smart-tribune.com polyfill.io stv2-uploads-prod.s3.eu-west-3.amazonaws.com *.clic2buy.com www.actito.be fonts.googleapis.com; frame-src *.google.com *.gstatic.com api-gateway.app.smart-tribune.com www.youtube-nocookie.com *.doubleclick.net *.clic2buy.com www.actito.be; frame-ancestors 'self' www.actito.be 1
frame-ancestors 'self'            https://www.hdsr.nl           https://netwerkwaterenklimaat.nl           https://klimaatklaar.nl 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflareaccess.com cdnjs.cloudflare.com *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudfront.net *.doubleclick.net *.youtube.com *.vimeo.com vimeo.com *.cookielaw.org *.onetrust.com *.gstatic.com *.oniqa.com onenorth.blob.core.windows.net onenorthpr.blob.core.windows.net *.onistaged.com *.wpengine.com *.onistaged.com *.onenorth.com *.hsforms.com *.hsforms.net.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hubapi.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.licdn.com hscollectedforms.net js.hscollectedforms.net hsadspixel.net *.hsadspixel.net googleads.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net px.ads.linkedin.com p.adsymptotic.com analytics.twitter.com static.ads-twitter.com t.co *.lfeeder.com data: blob:; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.cloudfront.net data:; 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.sagepay.com verify.monzo.com secure4.arcot.com secure5.arcot.com *.rsa3dsauth.co.uk authentication.cardinalcommerce.com danskebank-3ds-vdm.wlp-acs.com tsys.arcot.com secure7.arcot.com acs2.edb.com acs1.edb.com 3ds.nexigroup.com safekey-3.americanexpress.com sicher-bezahlen.sparkasse.at op-bxl.wlp-acs.com 3dsecure.psa.at *.mpts.modirum.com acs.swisscard.ch authentication-acs.marqeta.com 3ds.redsys.es acs2.swedbank.se acs-trides2.asseco-see.hr 3d-secure1.sbanken.no acs1.3dsecure.no mastercardidentitycheck.sparkassen-kreditkarten.de *.3ds.cornercard.ch belgium-3ds-bxl.wlp-acs.com *.3ds.modirum.com acs2.3dsecure.no acs4.privatbank.ua betalen.rabobank.nl online.citadele.lv acs.touch.tech 3dsecure.sumup.com acs1.swedbank.se 3ds2-idcheck.acdcproc.com poseidon.revolut.com 3ds-challenge.n26.com acs-jcn.dnp-cdms.jp acs.netsgroup.com danskebank-3ds-bxl.wlp-acs.com acssv.otpbank.hu acs.mercurypaymentservices.it safekey-2.americanexpress.com 3ds2-visasecure.acdcproc.com visasecure2.comdirect.de esecure.sia.eu *.hu.bpcbt.com foriseu-vbv.mycardplace.com acs.sibs.pt ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com *.vampirevape.co.uk *.nccc.com.tw 3d-secure.pluscard.de 3ds.consorsfinanz.de bnpp-3ds-bxl.wlp-acs.com *.pl.ing.com 3ds.pkobp.pl *.bkm.com.tr pay.eewosecure.com acs2.rba.hr secure2.arcot.com op-vdm.wlp-acs.com biztonsagikod.raiffeisen.hu acs.3ds-hanseaticbank.de labanquepostale-3ds-vdm.wlp-acs.com 3dsecureb.sparda.de secure.dkb.de luxembourg-3ds-bxl.wlp-acs.com acs3.luottokunta.fi emvacs.2c2p.com acs.capitalone.com 3dsecure-vrp.de *.cld.asseco-see.hr geschuetztkaufen2.commerzbank.de 3dsecure.mbank.pl acs1.luottokunta.fi threedomainsecure.pekao24.pl *.centrum24.pl 4606e363-3ds.sibs.ro acs.apata.io postbank-3ds-bxl.wlp-acs.com 3dsecure.nexi.it *.hanacard.co.kr *.3ds.bonuscard.ch 3dsecure.ing.ro *.acs.touchtechpayments.com *.citibank.co.in acs3.swedbank.se acs3.edb.com natixispaymentsolutions-3ds-bxl.wlp-acs.com 3dsecure.tatrabanka.sk acs.revolut.com acs.luminorgroup.com acs1-3dsecure.cic.fr acs2-3dsecure.cic.fr *.maybank.com.my secure-acs2ui-b1-indmum-mumrdc.wibmo.com 3d-secure2.sbanken.no 3ds.egcp.com 3dsec.postfinance.ch *.stcpay.com.sa *.secure.lcl.fr mcconsumerv2.alahli.com *.live.ext.prod.enfuce.com acs3ds2.hyundaicard.com acsv2.m2pfintech.com ecclients.btrl.ro *.zaba.hr mycardsecure.com acs1-3dsecure.targobank.de 3ds.bov.com 3dsec.cardcenter.ch *.rsa3dsauth.com visa-secure-bxl.ing.de *.secure22gw.ro *.emea.citibank.com acs.up-ng.com *.elfbar.co.uk 3debspay.boc.cn 3ds.emlpayments.com authentication2.six-group.com acs1.viseca.ch *.apac.citibank.com acs.moneta.cz *.cgbchina.com.cn 3ds.sebkort.com 3ds.soldo.com acs2.luottokunta.fi *.fssnet.co.in visa-secure-vdm.ing.de secure-acs2ui-b1-indblr-blrtdc.wibmo.com *.ccb.com.cn emvacssp.thecardservicesonline.com 3ds.optimuscards.com acs2.ufc.ge ims.euronet3dsecure.com *.3d2.icbc.com.cn *.spdb.com.cn acs2.ipakyulibank.uz *.gps.com.bh *.garanti.com.tr acs2p.gpesecure.com acs2.kasikornbank.com acs.shinhancard.com *.smartsecure.tsys.co.uk *.3ds.acssecure.com acs.gc.ge *.securepay.aeon.com.hk securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com 3ds.banquemisr.com emv3dsauth1.secureacs.com acs.samsungcard.com acs.stripeauthentications.com secure-acs2ui-bk2-indmum-mumrdc.wibmo.com *.lostmary.co.uk secure-acs2ui-bk2-indblr-blrtdc.wibmo.com *.eglobal.com.mx acs.redbanc.cl *.standardbank.co.za *.nedsecure.co.za 3ds.rpc-raiffeisen.com *.acs.cmbchina.com acs.inecoecom.am api.ometria.com acs.mashreq.com acsus1.netsgroup.com safekey-sl.americanexpress.com *.recycleyourelectricals.org.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com account.fetchify.com *.sagepay.com *.wesupply.xyz *.weltpixel.com t.sharethis.com elfbar.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com api.agechecked.com *.cookiebot.com *.dycdn.net *.elfbar.com *.lost-mary.com *.odysee.com odysee.com *.calconic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net ts.tradetracker.net www.magmodules.eu maps.googleapis.com l.sharethis.com d1f0tbk1v3e25u.cloudfront.net *.google.co.uk *.hsbc.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.sharethis.com google.co.uk *.google-analytics.com trk.ometria.com *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.agechecked.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.sagepay.com tm.tradetracker.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.ometria.com platform-api.sharethis.com dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d81mfvml8p5ml.cloudfront.net buttons-config.sharethis.com t.sharethis.com assets.zendesk.com static.zdassets.com agechecked.com pi-live.sagepay.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.cloudfront.net *.sharethis.com googleoptimize.com *.zendesk.com r1-t.trackedlink.net google-analytics.com widget.trustpilot.com *.cookiebot.com/ cookiebot.com/* *.dycdn.net unpkg.com/* https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.umd.js' *.ometria.com/* *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agechecked.com downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cc-cdn.com tagmanager.google.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com totalvapour.co.uk/static/* www.totalvapour.co.uk/* https://www.totalvapour.co.uk/* recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk 'self' 'unsafe-inline'; object-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com flavourwarehouse.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.zdassets.com dbh4s5ja0maaw.cloudfront.net/security_video.mp4 youtube.com https://dbh4s5ja0maaw.cloudfront.net/verify/verify_product.mp4 'self' 'unsafe-inline'; manifest-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.sagepay.com https://www.google-analytics.com *.ometria.com l.sharethis.com am.freshrelevance.com *.g.doubleclick.net dn1i8v75r669j.cloudfront.net ekr.zdassets.com *.craftyclicks.co.uk *.kattel.com invitejs.trustpilot.com oversight.stwaw.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com wss://am.freshrelevance.com kattel.com/* *.dycdn.net *.elfbar.com *.cookiebot.com cookiebot.com/* *.lost-mary.com *.stbuttons.click *.crwdcntrl.net *.odysee.com odysee.com 'self' 'unsafe-inline'; child-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com http: https: blob: 'self' 'unsafe-inline'; default-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=HK&lang=zh-Hant-HK&device=desktop&yrid=3ql6tatiqu659&partner=; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://d.agkn.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://irazor.stage.gillette.co.uk https://insight.adsrvr.org/track/up https://match.adsrvr.org https://tr6.snapchat.com https://pandg.tapad.com blob: https://www.pinterest.com https://www.pinterest.co.uk; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://www.google.co.uk https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://lime.cdncontentdelivery.com https://www.tp88trk.com https://tr.snapchat.com https://*.sjv.io https://analytics.tiktok.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://hello.myfonts.net; form-action 'self' https://www.facebook.com https://www.gillette.co.uk https://gillette.co.uk https://m.gillette.co.uk https://checkout.gillette.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://geolocation.onetrust.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://hello.myfonts.net https://pghub.io; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' cdn.jsdelivr.net *.orange.cm orange.cm *.google.com *.readspeaker.com *.gstatic.com orange-rdv.right-q.com *.googleapis.com googleapis.com www.googleadservices.com api.orangefootballclub.com www.surveygizmo.eu help.dimelo.com orange-cameroun.dimelochat.com cobrowsing.eu2.digital.ringcentral.com orange-cameroun.engagement.dimelo.com dimelo-chat.s3.amazonaws.com orange-cameroun.ws.dimelo.com www.googletagmanager.com orange-cameroun.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com s3.amazonaws.com 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com 0-dsn.algolia.net s.ytimg.com www.youtube.com www.googletagmanager.com tagmanager.google.com appstatic.quanta.io completion.ke.orange.fr img.ke.woopic.com www.google-analytics.com graph.facebook.com urls.api.twitter.com api.pinterest.com www.linkedin.com *.crazyegg.com; style-src 'self' 'unsafe-inline' *.crazyegg.com *.gstatic.com *.readspeaker.com orange-rdv.right-q.com *.googleapis.com googleapis.com api.orangefootballclub.com orange-cameroun.dimelochat.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-cameroun.engagement.dimelo.com dimelo-chat.s3.amazonaws.com orange-cameroun.ws.dimelo.com www.googletagmanager.com orange-cameroun.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com img.ke.woopic.com; img-src blob: data: 'self' 'unsafe-inline' *.orange.cm orange.cm sport365.fr *.sport365.fr *.crazyegg.com *.readspeaker.com *.googleapis.com googleapis.com *.gstatic.com orange-rdv.right-q.com img-s-msn-com.akamaized.net *.googleapis.com googleapis.com api.orangefootballclub.com orange-cameroun.dimelochat.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-cameroun.engagement.dimelo.com dimelo-chat.s3.amazonaws.com orange-cameroun.ws.dimelo.com www.googletagmanager.com optimize.google.com jeuneafrique.com i.ytimg.com fr.orangefootballclub.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.pk www.google.fr rum-metrics.quanta.io d212beldn0wvcm.cloudfront.net; form-action 'self' *.crazyegg.com api.orangefootballclub.com orange-cameroun.dimelochat.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-cameroun.engagement.dimelo.com dimelo-chat.s3.amazonaws.com orange-cameroun.ws.dimelo.com www.googletagmanager.com orange-cameroun.dimelochat.com; object-src 'self' *.orange.cm orange.cm *.crazyegg.com *.readspeaker.com *.googleapis.com googleapis.com *.gstatic.com orange-rdv.right-q.com api.orangefootballclub.com www.googletagmanager.com orange-cameroun.dimelochat.com; frame-src 'self' blob: 'unsafe-inline' *.orange.cm orange.cm td.doubleclick.net *.crazyegg.com *.readspeaker.com *.gstatic.com orange-rdv.right-q.com api.orangefootballclub.com *.googleapis.com googleapis.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-cameroun.engagement.dimelo.com dimelo-chat.s3.amazonaws.com orange-cameroun.ws.dimelo.com www.googletagmanager.com orange-cameroun.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com s3.amazonaws.com www.dailymotion.com www.googletagmanager.com orange-cameroun.dimelochat.com mastermedia.orange-business.com www.youtube.com datastudio.google.com orange-cameroun.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com; frame-ancestors 'self' live-homescreen.orange.com preprod.live-homescreen.orange.com livescreen-pwa-demo.apps.fr01.paas.diod.orange.com livescreen-react-weather-branch.apps.fr01.paas.diod.orange.com; 1
default-src www.youtube.com; script-src 'self' 'unsafe-inline' *.etracker.com www.etracker.de https://*.jwpcdn.com; connect-src 'self' www.etracker.de https://*.jwpcdn.com; img-src 'self' data: i.creativecommons.org licensebuttons.net/l *.bmwi.de www.existenzgruender.de; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; font-src 'self' https://*.jwpcdn.com; frame-ancestors 'self'; form-action 'self'; media-src 'self'; 1
self; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' 'self' gelderland.bbvms.com d2por9cp9kn8i4.cloudfront.net *.bluebillywig.com blob:; frame-ancestors 'self' archiefweb.eu *.archiefweb.eu *.gelderland.bbvms.com *.vimeo.com *.custhelp.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gstatic.com siteimproveanalytics.com *.readspeaker.com gelderland.bbvms.com cdn.bluebillywig.com *.youtube.com *.googletagmanager.com *.vimeo.com *.userback.io *.custhelp.com *.cookiebot.com; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://app.lottiefiles.com https://lottie.host https://maps.googleapis.com https://us-east-1-decisionapi.lift.acquia.com https://bam.nr-data.net https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.linkedin.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' mailto: https://*.google.com https://www.mccarthyviz.com https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://jobs.jobvite.com; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://jobs.jobvite.com https://player.vimeo.com https://*.youtube.com https://*.ytimg.com https://lift3assets.lift.acquia.com https://production-cdn.lift.acquia.com https://js-agent.newrelic.com https://bam.nr-data.net https://snap.licdn.com https://connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com; report-uri https://tokybd.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://csplite.com https://tpc.googlesyndication.com https://js.adsrvr.org https://secure.adnxs.com http://89.185.38.89:6080 https://the.sciencebehindecommerce.com https://zenaps.com https://www.awin1.com https://www.dwin1.com https://wepowerconnections.com https://api.mapbox.com https://tracking.publicidees.com https://u.logbor.com https://unpkg.com https://use.fontawesome.com https://cdn.tagcommander.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://connect.facebook.net https://www.googletagmanager.com https://tag.aticdn.net https://widget.trustpilot.com https://googleads.g.doubleclick.net https://www.googleadservices.com blob: 'unsafe-inline'; connect-src 'self' https://zeta.fulli.com https://events-phoenix.commander1.com https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://ecplus-bo-api.aprr.fr https://cdn.cookielaw.org https://geolocation.onetrust.com https://logs1412.xiti.com https://privacyportal-eu.onetrust.com https://www.facebook.com https://google.com; img-src 'self' https://www.the.sciencebehindecommerce.com https://www.zenaps.com https://www.awin1.com https://www.dwin1.com https://www.wepowerconnections.com https://www.googletagmanager.com https://ecplus-bo-api.aprr.fr https://*.unsplash.com https://cdn.cookielaw.org https://manager.tagcommander.com https://www.facebook.com https://*.tile.openstreetmap.org https://www.google.com https://www.google.fr https://www.googleadservices.com https://googleads.g.doubleclick.net data:; frame-src 'self' https://publicatorbrands.qualifioapp.com https://insight.adsrvr.org https://13299567.fls.doubleclick.net https://www.awin1.com https://tracking.publicidees.com https://www.google.com https://fi.aprr.fr https://fonts.gstatic.com https://route.kiwhipass.fr https://www.facebook.com; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://logs1412.xiti.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 1
default-src 'self' blob: *.prv.se googletagmanager.com prv.imagevault.app prv.imagevault.media amp.azure.net tracking.prv.se teliacompany.com *.teliacompany.com licdn.com *.licdn.com facebook.net *.facebook.net 'unsafe-inline' data: netdna.bootstrapcdn.com wds.callguide.telia.com;              script-src 'self' blob: *.prv.se https://www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/ m.extellio.com amp.azure.net tracking.prv.se script.e-space.se tracker.e-space.se 'unsafe-inline' 'unsafe-eval' player.vimeo.com www.browsealoud.com wds.callguide.telia.com wds.ace.teliacompany.com connect.facebook.net mmxdebe-d6b9.kxcdn.com;              connect-src 'self' chat.ace.teliacompany.net wds.callguide.telia.com https://www.prv.se/edit/ImageVault.EPiServer.UI/11.12.36/ClientResources/Common/scripts/ netdna.bootstrapcdn.com tracking.prv.se m.extellio.com tracker.e-space.se www.browsealoud.com plus.browsealoud.com https://speech-eu.speechstream.net/Generator/voice/Alva vc.hotjar.io *.teliacompany.com api.ace.teliacompany.net *.local.metamatrix.se  *.prv.se *.prv.se/edit/Shell/epiproducts *.prv.se/edit/cms/ www.prv.se/edit/Shell/epiproducts;              frame-ancestors 'self' https://tc.prv.se;              frame-src survey.extellio.com  www.google.com form.apsis.one prv.imagevault.app web103.reachmee.com player.vimeo.com *.teliacompany.com *.local.metamatrix.se *.prv.se; 1
frame-src 'self' blob: https://www.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors 'self' *.abelandcole.co.uk https://abelandcoleb2c.b2clogin.com 1
frame-ancestors super.com staging.super.com *.super.com www.super.com 1
frame-ancestors 'self' vakansii.ua pro-robotu.ua training.ua resume.ua srochno.ua profi.ua jobsite.com.ua jobsite.*.ua jobsite.kiev.ua ladyjob.com.ua zarplata.ua personal.ua uajobs.com.ua job4you.com.ua 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.blob.core.windows.net cdnjs.cloudflare.com ajax.aspnetcdn.com *.google.com https://*.ggpht.com *.googleusercontent.com https://cdn.syndication.twimg.com api.twitter.com platform.twitter.com  https://tag.aticdn.net *.google-analytics.com *.googletagmanager.com;      frame-ancestors 'self' http://sitgestion.mtq.min.intra https://www.quebec511.info file://* filesystem:;       object-src 'none';       img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com *.google.com *.blob.core.windows.net  *.googleusercontent.com data: abs.twimg.com https://pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com https://logs5.xiti.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; font-src * data:; frame-src *; style-src * 'unsafe-inline'; frame-ancestors https://*.flukecal.com; object-src 'none'; 1
frame-ancestors 'self' https://vistalid-automatisation.fr; 1
frame-ancestors 'self' bildungsportal.sachsen.de; 1
upgrade-insecure-requests; base-uri 'none'; object-src 'none'; img-src data: https:; frame-src https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-3Q_bVVtpWu9tWtYWdzGQng-6FyI'; default-src 'self'; frame-ancestors 'self' 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; worker-src * blob: ; frame-ancestors 'self' ; connect-src * *.onetrust.com *.google-analytics.com *.analytics.google.com ; img-src * *.cloudfunctions.net *.diageoplatform.com *.google-analytics.com *.analytics.google.com data:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' * about:; font-src * data:; style-src 'unsafe-inline' *; connect-src *; img-src * data:; frame-src *; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.org; default-src 'self' https:; font-src 'self' data: https:; frame-src *; img-src 'self' https: data:; media-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-96k+AOKIYoML3O+lb2L6QMfXHg/Ddn4WVb9vVVu6NMc=' 'sha256-x9qrZuocTEr1tOGphIwP5Mv7KhBpl6RF2jsvp2TcWoE='; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=dot-org-loop&action=%2F&req_uuid=509a4bca-6dd5-4e00-bd6a-4d984055b1c0&version=sha%3D15a2d0818c3d&report_only=false; report-to /tracking/csp?controller=dot-org-loop&action=%2F&req_uuid=509a4bca-6dd5-4e00-bd6a-4d984055b1c0&version=sha%3D15a2d0818c3d&report_only=false 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.contentsquare.com https://*.contentsquare.net https://www.google-analytics.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://*.contentsquare.com https://*.contentsquare.net https://cl.s11.exct.net/ https://cloud.emailco.merck-animal-health-usa.com https://cloud.emailca.merck-animal-health-usa.com/ https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net https://4918300.fls.doubleclick.net; frame-ancestors 'self'; img-src 'self' https://*.contentsquare.com https://*.contentsquare.net https://assets.merck-animal-health.com https://assets.msd-animal-health.com https://*.tile.openstreetmap.org https://unpkg.com https://www.msd-animal-health.com https://secure.gravatar.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://policy.privacyandcookies.eu data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline' https://unpkg.com fonts.googleapis.com; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types goog#html default; 1
worker-src 'self' https://*.piscapisca.pt blob:; object-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://us1.siteimprove.com use.typekit.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com p.typekit.net use.typekit.net https://cdnjs.cloudflare.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com p.typekit.net *.google.com *.googletagmanager.com https://vuture.debevoise.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://media.debevoise.com https://www.newyorkdiversity.com https://cdn.yoshki.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io https://media.debevoise.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self'; form-action *.facebook.com/ 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; child-src *.trustpilot.com/ 'self'; connect-src *.googletagmanager.com/ *.civiccomputing.com/ *.google.com/ *.googleapis.com/ *.google-analytics.com/ *.facebook.net/ *.doubleclick.net/ *.oribi.io/ *.pingdom.net/ *.hotjar.io/ *.hotjar.com/ wss://ws.hotjar.com/ *.xecurify.com/ 'self'; default-src 'self'; font-src *.gstatic.com/ use.typekit.net/ 'self' data:; frame-src *.liveperson.net/ *.lpsnmedia.net/ *.wistia.net/ *.trustpilot.com/ *.facebook.com/ *.doubleclick.net/ 'self'; img-src *.googleapis.com/ *.google.co.uk/ *.google.com/ *.googletagmanager.com/ *.gstatic.com/ *.t.co/ t.co/ *.twitter.com/ *.linkedin.com/ *.tvsquared.com/ *.facebook.com/ *.demdex.net/ *.xecurify.com/ *.github.com/ github.com/ *.githubusercontent.com/ *.lpsnmedia.net/ 'self' data:; manifest-src 'self'; media-src *.lpsnmedia.net/ 'self'; object-src 'self'; script-src *.lpsnmedia.net/ *.trustpilot.com/ *.civiccomputing.com/ *.googleapis.com/ 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem *.googletagmanager.com/  *.lpsnmedia.net/ *.liveperson.net/ *.wistia.net/ *.trustpilot.com/ *.civiccomputing.com/ *.googleapis.com/ *.google-analytics.com/ *.licdn.com/ *.ads-twitter.com/ *.facebook.net/ *.pingdom.net/ *.hotjar.com/ *.tvsquared.com/ 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem *.googleapis.com/ 'self' 'unsafe-inline'; worker-src blob: 'self'; 1
default-src 'self' *.wikiforge.net *.your.wf *.wikitide.org; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.wikiforge.net *.your.wf *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com platform.twitter.com hcaptcha.com *.hcaptcha.com code.jquery.com cdn.jsdelivr.net; style-src 'self' data: 'unsafe-inline' *.wikiforge.net *.your.wf *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com; img-src blob: 'self' data: *.wikiforge.net *.your.wf *.wikitide.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com mirrors.creativecommons.org www.gnu.org cdn.geogebra.org scratchblocks.github.io tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com discordapp.com; font-src 'self' data: *.wikiforge.net *.your.wf *.wikitide.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org cdnjs.cloudflare.com; media-src 'self' blob: *.wikiforge.net *.your.wf *.wikitide.org upload.wikimedia.org *.youtube.com *.youtube-nocookie.com; frame-src 'self' *.wikiforge.net *.your.wf *.wikitide.org www.google.com docs.google.com web.libera.chat *.youtube-nocookie.com www.youtube.com platform.twitter.com discord.com discordapp.com syndication.twitter.com www.gofundme.com archive.org query.wikidata.org www.bing.com hcaptcha.com *.hcaptcha.com player.vimeo.com; connect-src 'self' *.wikiforge.net *.your.wf *.wikitide.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 1
default-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com; worker-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com blob:; script-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; style-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; img-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; frame-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.youtube.com https://*.serverpilot-phpversions.info; font-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.algolia.net https://*.algolianet.com; 1
default-src 'none';      style-src 'self' 'unsafe-inline' https://go.appleone.com https://cloud.typography.com https://www.appleone.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://hello.myfonts.net https://pro.fontawesome.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://www.youtube.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.cookielaw.org/ https://code.jquery.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.appleone.com/ http://munchkin.marketo.net https://munchkin.marketo.net/ https://go.appleone.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://munchkin.marketo.net https://www.youtube.com https://s.ytimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://code.jquery.com https://cdn.datatables.net https://connect.facebook.net https://ajax.googleapis.com https://www.dropbox.com https://apis.google.com https://unpkg.com https://maps.googleapis.com https://www.googleapis.com https://www.google.com https://www.gstatic.com https://plugins.eventable.com/ *.addthis.com *.addthisedge.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://kit.fontawesome.com/ https://accounts.google.com/;        img-src 'self' https://www.appleone.com/ https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com https://cdn.datatables.net https://track.ziprecruiter.com https://www.youtube.com https://maps.gstatic.com https://maps.googleapis.com data: https://add.eventable.com/ https://plugins.eventable.com/ https://cdn.cookielaw.org/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/;      font-src 'self' https://www.appleone.com/ https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://pro.fontawesome.com https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://cdn.cookielaw.org/ https://ka-f.fontawesome.com/;      connect-src 'self' http://815-tmy-864.mktoresp.com http://jobs.brettspencer.us https://stage.actonescale.com https://actonescale.com/ https://815-tmy-864.mktoresp.com https://www.facebook.com https://www.youtube.com https://www.googleapis.com https://cdn.cookielaw.org/ https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-f.fontawesome.com/ https://appleone.com https://analytics.google.com/;      frame-src 'self' http://go.appleone.com/ https://go.appleone.com/ https://appleone.com https://www.sertifi.com/allin1/ https://sandbox.sertifi.net/allin1/ https://wotcintgsvc.maxinc.com https://s7.addthis.com https://www.youtube.com https://Ain1.sharepoint.com https://accounts.google.com/ https://docs.google.com/ https://www.google.com/recaptcha/ https://add.eventable.com/ https://wotc.maximus.com https://wotcdemo.maximus.com https://www.facebook.com/ https://web.microsoftstream.com/ https://integration-talentcentral.us.shl.com/ https://talentcentral.us.shl.com/ data:;      frame-ancestors 'self'; object-src 'self' data:; form-action 'self' https://www.facebook.com; base-uri 'none'; media-src 'self'  https://www.youtube.com 1
worker-src * blob:; frame-ancestors 'self' https://www.youtube.com https://www.instagram.com https://www.facebook.com https://accounts.google.com https://kritique-widgets-stage.unileversolutions.com https://unilever3.demdex.net https://widget.kritique.io 1
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:; style-src 'unsafe-inline' 'self' https:; connect-src 'self' wss: https:; 1
frame-ancestors 'self' www.runnersneed.com preview.runnersneed.com runnersneed.com product001.runnersneed.com product002.runnersneed.com product003.runnersneed.com product004.runnersneed.com ; 1
default-src 'self' https://brand.amia.org https://*.googlesyndication.com; connect-src 'self' https://bam.nr-data.net https://www.google-analytics.com https://sentry.utdev.com https://stats.addtoany.com http://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://stats.g.doubleclick.net https://brand.amia.org https://*.cloudfront.net https://my.amia.org https://*.webspellchecker.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.acquia.com https://sessions.bugsnag.com https://*.surveymonkey.com https://analytics.google.com https://*.flickr.com https://sentry10.bynder.cloud/ https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com https://*.cloudfront.net https://*.webspellchecker.net; frame-src 'self' https://static.addtoany.com https://www.youtube.com https://maps.google.com https://youtube.com https://bid.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://*.vimeo.com https://vars.hotjar.com https://brand.amia.org https://*.soundcloud.com https://*.googleadservices.com https://*.googlesyndication.com https://ad.doubleclick.net https://adclick.g.doubleclick.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://*.googletagservices.com https://*.surveymonkey.com; img-src 'self' data: https: http://script.hotjar.com; media-src 'self' https://*.cloudfront.net https://brand.amia.org; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.locatorsearch.com https://*.newrelic.com https://*.nr-data.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.cloudflare.com https://static.cloudflareinsights.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://svc.webspellchecker.net https://securepubads.g.doubleclick.net/ https://adservice.google.com/ https://*.googlesyndication.com https://*.googletagservices.com https://*.acquia.com https://*.surveymonkey.com https://ajax.googleapis.com https://snap.licdn.com https://*.flickr.com https://*.googleadservices.com https://adservice.google.com https://adservice.google.com.uy https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com/ https://cdn.jsdelivr.net https://d8ejoa1fys2rk.cloudfront.net https://static.addtoany.com https://unpkg.com securepubads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.webspellchecker.net https://securepubads.g.doubleclick.net https://*.acquia.com https://*.googletagmanager.com https://sentry10.bynder.cloud/ https://*.cloudfront.net/ https://unpkg.com; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.createjs.com/ https://www.googletagmanager.com/%20 https://www.google-analytics.com/%20 https://cse.google.com/%20 https://code.createjs.com/%20 https://www.google.com/%20 https://googleads.g.doubleclick.net/%20 https://maps.googleapis.com/ https://cse.google.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/; img-src 'self' data: https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.createjs.com/ https://www.googletagmanager.com/%20 https://www.google-analytics.com/%20 https://cse.google.com/%20 https://code.createjs.com/%20 https://www.google.com/%20 https://googleads.g.doubleclick.net/%20 https://maps.googleapis.com/ https://s3.tradingview.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://code.jquery.com/ https://s.tradingview.com/; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.industowers.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.industowers.com/ https://cse.google.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ https://secure.gravatar.com/ https://www.google.co.in/ https://www.industowers.com/ https://sc-static.net/ https://s3.tradingview.com/ https://code.jquery.com/ https://s.tradingview.com/; form-action 'self' data: ; 1
default-src * 'self' data: https: http: ; img-src * 'self' data: https: http:; font-src * 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; 1
default-src 'report-sample' 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://api-gateway.nib.com.au/csp-report-uri/v1/report; 1
default-src 'self' https:; connect-src 'self' https: wss: https://localhost:3035 wss://localhost:3035 ws://localhost:3000; font-src 'self' https: data:; img-src 'self' https: data:; frame-src 'self' https:; object-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' data: blob: 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.trendmicro.com http://*.trendmicro.com https://*.simpli.fi https://*.adsrvr.org https://*.yimg.com https://*.mypostcardmania.com https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob: https://*.web-2-tel.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.mrappliance.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellowmessenger.com; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.nblyprod.com https://*.yimg.com https://*.mrappliance.com https://*.btttag.com https://*.doubleclick.net https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob:; font-src https://*.cloudflare.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.nblyprod.com https://*.mrappliance.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.adsrvr.org https://*.rlets.com https://*.broadly.com https://*.mrappliance.com https://*.facebook.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
default-src 'self'; img-src 'self' https: *.google-analytics.com data: www.google.com www.gravatar.com img.youtube.com https://gezondpl-production-files.s3.amazonaws.com/sync/site; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com assets.mlcdn.com *.mailerlite.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mailerlite.com tpc.googlesyndication.com data:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.io *.sentry-cdn.com *.google-analytics.com www.google.com adservice.google.com adservice.google.nl adservice.google.be adservice.google.es adservice.google.de adservice.google.co.uk adservice.google.co.th adservice.google.pl adservice.google.au adservice.google.sr adservice.google.fr adservice.google.tr adservice.google.it adservice.google.ch adservice.google.pt adservice.google.com.au adservice.google.com.eg adservice.google.com.mx adservice.google.co.za adservice.google.co.id adservice.google.at tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net www.gstatic.com static.mailerlite.com cdn.mailerlite.com d24s38jd6z1bka.cloudfront.net www.googletagmanager.com cdn.ampproject.org adsfac.eu connect.facebook.net pagead2.googlesyndication.com assets.mlcdn.com adsfac.eu mlcdn.com *.adform.net; connect-src 'self' ejeylotbz1.execute-api.eu-west-1.amazonaws.com iarbv22z1h.execute-api.eu-west-1.amazonaws.com *.sentry.io *.google-analytics.com securepubads.g.doubleclick.net pagead2.googlesyndication.com csi.gstatic.com adservice.google.com www.facebook.com stats.g.doubleclick.net ad.doubleclick.net *.doubleclick.net adclick.g.doubleclick.net doublieclick.net googleads.g.doubleclick.net www.googletagmanager.com; form-action 'self' static.mailerlite.com; frame-ancestors 'none'; frame-src 'self' *.safeframe.googlesyndication.com www.google.com www.youtube.com www.onlineassessmenttool.com www.onlinequizcreator.com securepubads.g.doubleclick.net player.vimeo.com vimeo.com 10063619.fls.doubleclick.net doubleclick.net googlesyndication.com *.googlesyndication.com; object-src 'none'; base-uri 'self' gezondheidsplein-nuxt-node14-development.eba-yacsfrnc.eu-west-1.elasticbeanstalk.com; report-to ; report-uri 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;  img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-static.paw.cloud https://cdn.ravenjs.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://platform.twitter.com https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://optimize.google.com; style-src 'unsafe-inline' https://cdn-static.paw.cloud https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://cdn-static.paw.cloud https://cdn-content.paw.cloud https://cdn-docs-images.paw.cloud https://ssl.google-analytics.com https://www.gravatar.com https://stats.g.doubleclick.net https://www.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com https://www.google.com.eg https://www.google.ee https://www.google.com https://www.google.de https://www.google.fr https://googleads.g.doubleclick.net https://www.google.jo https://www.google.co.in https://www.google.co.ao https://www.google.co.kr https://www.google.co.ma https://www.google.com.ua https://www.google.com.vc https://www.google.es https://www.google.com.hk https://www.google.ae https://www.google.ru https://www.google.nl https://www.google.it https://www.google.co.il https://www.google.pt https://www.google.be https://www.google.ca https://www.google.pl https://www.google.co.uk https://www.google.se https://www.google.no https://www.google.fi https://www.google.lv https://www.google.lt; font-src data: https://cdn-static.paw.cloud https://fonts.gstatic.com; connect-src https://paw.cloud https://cdn-static.paw.cloud https://cdn-docs.paw.cloud https://luckymarmot-pawprint.s3.amazonaws.com https://api.stripe.com https://*.algolia.net https://*.algolianet.com https://syndication.twitter.com https://app.getsentry.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.segment.io; media-src 'none'; object-src 'none'; frame-src https://platform.twitter.com https://syndication.twitter.com https://js.stripe.com https://www.google.com/recaptcha/ https://www.youtube.com https://cdn-content.paw.cloud https://bid.g.doubleclick.net https://optimize.google.com; block-all-mixed-content; report-uri https://pawcloud.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com  https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.mimecast.com *.ads-twitter.com *.doubleclick.net *.bing.com *.clarity.ms data:    d3dh5c7rwzliwm.cloudfront.net    d32106rlhdcogo.cloudfront.net    dgf0rw7orw6vf.cloudfront.net    td.doubleclick.net    googleads.g.doubleclick.net    ad.doubleclick.net    maxcdn.bootstrapcdn.com    pagead2.googlesyndication.com    region1.google-analytics.com    api.consentric.io  networkfeed.tpexpress.co.uk  lantern.roeyecdn.com  cdn.jsdelivr.net lantern.roeye.com  scripts.consentric.io    tpexpress.co.uk    code.jquery.com    https://js.adsrvr.org/up_loader.1.1.0.js    *.salesforce.com    *.force.com    myaccount.tpexpress.co.uk    retailhub.tpexpress.co.uk    railinfo.preprod.tpexpress.co.uk    retailhub.preprod.tpexpress.co.uk    consent-pref.trustarc.com www.awin1.com the.sciencebehindecommerce.com *.salesforceliveagent.com *.cloudfront.net *.salesforce-sites.com    ws.sessioncam.com apps.sitecore.net maps.googleapis.com consent.truste.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com kit.fontawesome.com    ka-f.fontawesome.com *.usabilla.com d2oh4tlt9mrke9.cloudfront.net www.dwin1.com ssl.google-analytics.com consent.trustarc.com servedby.flashtalking.com    9412802.fls.doubleclick.net 2042217.fls.doubleclick.net stats.g.doubleclick.net www.google.com www.gstatic.com secure.quantserve.com    connect.facebook.net rules.quantcount.com www.facebook.com railinfo.tpexpress.co.uk fonts.gstatic.com ftedisruption.appspot.com player.vimeo.com service.force.com   d.la3-c1cs-ph2.salesforceliveagent.com edge.quantserve.com platform.twitter.com syndication.twitter.com widgets.otrl.io *.hotjar.com *.hotjar.io wss://*.hotjar.com www.youtube.com   firstrailservice.my.salesforce-sites.com fglivechat.secure.force.com   *.adsrvr.org;    img-src 'self' data: https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.doubleclick.net *.bing.com *.clarity.ms www.google-analytics.com secure.adnxs.com consent.trustarc.com d6tizftlrpuof.cloudfront.net www.google.com    www.google.co.in secure.quantserve.com connect.facebook.net www.facebook.com pixel.quantserve.com ssl.google-analytics.com maps.gstatic.com *.usabilla.com    maps.googleapis.com ade.googlesyndication.com stats.g.doubleclick.net www.awin1.com d1fd8aj8bhyfe9.cloudfront.net www.google.ie syndication.twitter.com www.googletagmanager.com firstrailservice.my.salesforce-sites.com fglivechat.secure.force.com;    style-src 'self' 'unsafe-inline' https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.ads-twitter.com *.mimecast.com *.doubleclick.net *.bing.com *.clarity.ms cloud.typography.com fonts.googleapis.com cdnjs.cloudflare.com service.force.com maxcdn.bootstrapcdn.com *.cloudfront.net    *.force.com *.adsrvr.org *.my.salesforce.com *.googletagmanager.com *.salesforce-sites.com; 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.co/report-uri/enforce 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://js.appetize.io https://appetize.io https://fonts.googleapis.com https://fonts.gstatic.com/ https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.stripe.com https://cdnjs.cloudflare.com https://*.widget.cluster.groovehq.com https://cdn.segment.com https://clarity.ms https://cdn2.hubspot.net https://*.hs-analytics.net https://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.usemessages.com https://player.vimeo.com https://snap.licdn.com https://snid.snitcher.com https://app.posthog.com; connect-src *; img-src 'self' data: https://site.appetize.io https://appetizeio-static.s3.amazonaws.com https://s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com/ https://www.google.ca https://*.google-analytics.com https://www.googletagmanager.com https://*.stripe.com https://c.clarity.ms https://track.hubspot.com https://*.hsforms.com https://c.bing.com https://i.vimeocdn.com https://px.ads.linkedin.com https://www.linkedin.com 1
base-uri 'self' ;connect-src 'self' *.youtube.com consentcdn.cookiebot.com www.googletagmanager.com *.google-analytics.com *.googlesyndication.com securepubads.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.raicore.com *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu stats.g.doubleclick.net *.formitable.com site-rai.rai.mobilityportal.nl maps.googleapis.com etender-connect.com;default-src 'self' ;font-src 'self' fonts.gstatic.com cdn.jsdelivr.net *.raicore.com kit.fontawesome.com ka-p.fontawesome.com maxcdn.bootstrapcdn.com data:;frame-ancestors 'self' tiki-toki.com *.stachanov.com *.amsterdam.nl penr.stachanov.com;frame-src consentcdn.cookiebot.com *.youtube.com *.googlesyndication.com www.google.com www.google.rs *.vimeo.com *.vimeocdn.com snapwidget.com ep.rai.nl *.google-analytics.com *.googleadservices.com ajax.googleapis.com fonts.googleapis.com www.google.nl www.googletagmanager.com www.googletagservices.com *.doubleclick.net stats.g.doubleclick.net preferencecenter.metstrade.com widget.formitable.com *.tiki-toki.com penr.stachanov.com maps.google.com widget-rai.rai.mobilityportal.nl site-rai.rai.mobilityportal.nl arai.facilitor.nl cdn.formitable.com e.issuu.com penr.stachanov.com youreka-virtualtours.be newsletters.rai.nl youtube.com preferencecenter.rai.nl;img-src 'self' *.google-analytics.com *.googlesyndication.com ep.rai.nl *.vimeo.com *.vimeocdn.com data: www.google.com www.google.rs *.raicore.com connect.facebook.net *.facebook.com *.visualwebsiteoptimizer.com maps.gstatic.com uploads.rai.mobilityportal.nl maps.googleapis.com  *.azureedge.net *.github.io *.guestplan.com;script-src 'self' www.googletagmanager.com *.google-analytics.com consentcdn.cookiebot.com *.googleadservices.com code.jquery.com cdn.jsdelivr.net unpkg.com 'unsafe-inline' 'unsafe-eval' services.crmservice.eu www.googletagservices.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com adservice.google.nl adservice.google.rs *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu *.raicore.com ajax.cloudflare.com cdnjs.cloudflare.com consent.cookiebot.com stats.g.doubleclick.net ep.rai.nl connect.facebook.net *.facebook.com ajax.googleapis.com www.google.com www.google.rs *.doubleclick.net fonts.gstatic.com fonts.googleapis.com www.google.nl maxcdn.icons8.com data: preferencecenter.metstrade.com snapwidget.com static.ads-twitter.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.visualwebsiteoptimizer.com *.consent.cookiebot.com *.formitable.com site-rai.rai.mobilityportal.nl maps.googleapis.com *.hotjar.com *.hotjar.io *.hotjar.com 'unsafe-inline' *.guestplan.com;style-src 'self' cdn.jsdelivr.net 'unsafe-inline' fonts.googleapis.com *.raicore.com * kit.fontawesome.com ka-p.fontawesome.com ; 1
default-src 'self'; frame-ancestors *.localize.com *.localizejs.com *.localizecdn.com; connect-src 'self' saltosystem-cvs-prod.appspot.com cms.saltosystems.com pardot.saltosystems.com cdn.cookielaw.org *.linkedin.com *.localize.com *.localizecdn.com *.localizejs.com *.hotjar.com *.hotjar.io *.clarity.ms www.google-analytics.com stats.g.doubleclick.net ws25.hotjar.com analytics.google.com *.analytics.google.com geolocation-db.com *.oribi.io *.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com *.googlesyndication.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com; worker-src 'self' blob:; img-src 'self' data: *.localizecdn.com www.google-analytics.com www.google.com www.google.es *.linkedin.com *.onetrust.com *.facebook.com googleads.g.doubleclick.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' 'unsafe-inline' global.localizecdn.com cdn.cookielaw.org *.onetrust.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net pi.pardot.com pardot.saltosystems.com *.hotjar.com *.licdn.com www.google-analytics.com www.google.com www.google.es www.gstatic.com www.googleadservices.com www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; frame-src 'self' cms.saltosystems.com pardot.saltosystems.com vars.hotjar.com www.google.com *.localizecdn.com *.youtube.com *.facebook.com *.twitter.com app.vwo.com *.visualwebsiteoptimizer.com *.doubleclick.net 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ethresear.ch/logs/ https://ethresear.ch/sidekiq/ https://ethresear.ch/mini-profiler-resources/ https://ethresear.ch/assets/ https://ethresear.ch/brotli_asset/ https://ethresear.ch/extra-locales/ https://ethresear.ch/highlight-js/ https://ethresear.ch/javascripts/ https://ethresear.ch/plugins/ https://ethresear.ch/theme-javascripts/ https://ethresear.ch/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://ethresear.ch/assets/ https://ethresear.ch/brotli_asset/ https://ethresear.ch/javascripts/ https://ethresear.ch/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' inform.okta.com *.oktacdn.com; connect-src 'self' inform.okta.com inform-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com inform.kerberos.okta.com inform.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' inform.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' inform.okta.com *.oktacdn.com; frame-src 'self' inform.okta.com inform-admin.okta.com login.okta.com; img-src 'self' inform.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' inform.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'unsafe-inline' 'unsafe-eval' museumofthebible.org museumofthebible.cdn.prismic.io info.museumofthebible.org login.museumofthebible.org www.museumofthebible.org phpstack-448274-1403762.cloudwaysapps.com player.vimeo.com api.vimeo.com www.youtube.com museumofthebible.prismic.io www.google-analytics.com analytics.google.com adservice.google.com 8092262.fls.doubleclick.net stats.g.doubleclick.net static.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net prismic.io wroom.io code.jquery.com googleapis.com ajax.googleapis.com recruitingbypaycor.com www.google.com cdnjs.cloudflare.com static.cdn.prismic.io static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io wss://ws9.hotjar.com cs.yieldoptimizer.com tag.yieldoptimizer.com pixel.mathtag.com 11007.iceuc.com iceim01.iceuc.com s7.addthis.com m.addthis.com www.cognitoforms.com static.cognitoforms.com api.idonate.com embed.idonate.com widget.spreaker.com a36748.actonsoftware.com connect.facebook.net www.facebook.com my.matterport.com s3.us-east-1.amazonaws.com pixel.sitescout.com cdn.linkedin.oribi.io bat.bing.com static.addtoany.com; script-src-elem 'unsafe-inline' data: www.cognitoforms.com www.google.com www.gstatic.com embed.idonate.com z.moatads.com v1.addthisedge.com www.google-analytics.com static.hotjar.com script.hotjar.com wss://ws9.hotjar.com www.googleadservices.com bat.bing.com 8092262.fls.doubleclick.net stats.g.doubleclick.net static.doubleclick.net googleads.g.doubleclick.net s.adroll.com info.museumofthebible.org www.museumofthebible.org prismic.io wroom.io www.googletagmanager.com unpkg.com static.cognitoforms.com html2canvas.hertzen.com s.ytimg.com d.adroll.com player.vimeo.com api.vimeo.com www.youtube.com snap.licdn.com static.ads-twitter.com analytics.twitter.com d.adroll.mgr.consensu.org connect.facebook.net cdnjs.cloudflare.com phpstack-448274-1403762.cloudwaysapps.com static.cdn.prismic.io 11007.iceuc.com iceim01.iceuc.com s7.addthis.com m.addthis.com code.jquery.com googleapis.com ajax.googleapis.com recruitingbypaycor.com static.addtoany.com; font-src data: *; frame-ancestors 'self' my.matterport.com static.cdn.prismic.io 11007.iceuc.com; img-src 'unsafe-inline' data: *; style-src 'unsafe-inline' *; style-src-elem 'unsafe-inline' *; 1
frame-ancestors 'self' https://insivia.app 1
frame-ancestors 'self' https://*.iversity.org *.springernature.com 1
default-src 'self' spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital *.bacardilimited.com *.martini.com d2z05otmbim3z8.cloudfront.net walkinto.in www.google.com www.googletagmanager.com stats.g.doubleclick.net www.instagram.com instagram.com www.martiniracingciclismo.com www.youtube.com *.snapchat.com player.vimeo.com store.terrazza.martini.com responsibledrinking.eu www.facebook.com *.adimo.co *.adsrvr.org rfi.martini-casa-terrazza.com www.tripadvisor.co.uk contact.visitcasamartini.com www.lamaisonwellness.com www.museoauto.it 5337729.fls.doubleclick.net asystem-library.s3.amazonaws.com d.agkn.com grandhotelsitea.it www.museoauto.com my.hornblower.com pay.google.com; connect-src 'self' *.facebook.com www.facebook.com spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital maps.googleapis.com region1.google-analytics.com *.google-analytics.com *.onetrust.com *.liquidcheckout.com www.googletagmanager.com stats.g.doubleclick.net www.google-analytics.com bacardilimited.channelsight.com d3hnlaz0mzjpz0.cloudfront.net *.teads.tv *.snapchat.com *.pinterest.com *.usersnap.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com www.google.com googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' spl.martini.com www.googletagmanager.com d3hnlaz0mzjpz0.cloudfront.net player.vimeo.com *.prod.bacardi.digital *.dev.bacardi.digital *.onetrust.com *.instagram.com *.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com www.youtube.com *.teads.tv *.snapchat.com sc-static.net *.twitter.com *.ads-twitter.com s.pinimg.com cdn.adimo.co connect.facebook.net js.adsrvr.org maxcdn.bootstrapcdn.com d29mknc5251yuj.cloudfront.net asystem-library.s3.amazonaws.com platform.vine.co fast.fonts.net *.usersnap.com cdn.jsdelivr.net my.hornblower.com pay.google.com; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com *.prod.bacardi.digital *.dev.bacardi.digital store-locator-frontend-prod.prod.bacardi.digital cloud.typography.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src * 'self' http://images.salsify.com/ images.salsify.com data: http://* https://* blob:; font-src 'self' data: https://* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*:*; style-src * 'unsafe-inline' fonts.googleapis.com; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src 'self' data: https://cdn.cookielaw.org https://*.rewardsweb.com https://*.zendesk.com; font-src * 'self' data: fonts.gstatic.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-D1sRnwdou2tZLZjY3KoVqw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-src https://eclerx.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/; script-src   'unsafe-eval' 'unsafe-inline'  https://ws.zoominfo.com/pixel/     https://extend.vimeocdn.com/ga/   https://img.en25.com/  https://extend.vimeocdn.com/  https://eclerx.com/  https://www.gstatic.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com/; default-src https://eclerx.com/; connect-src https://ws.zoominfo.com/pixel/ https://eclerx.com/ https://www.google-analytics.com/;  font-src data: https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://eclerx.com/; img-src https://eclerx.com/ data: https: https://eclerx.com/ https://www.w3.org/2000/svg/; style-src https://eclerx.com/ https://fonts.googleapis.com/ 'unsafe-inline'; base-uri 'none'; object-src 'none'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3dr3mhdiqu9u6&partner=; 1
default-src https://*.storylane.io/ https://*.googlesyndication.com https://dejero.enablix.com https://www.dejero.com https://go.dejero.com https://go.dejero.com https://play.hubspotvideo.com https://js.hscta.net https://*.hubspot.net https://*.usemessages.com https://*.hs-sites.com https://no-cache.hubspot.com https://*.amazonaws.com https://*.jquery.com https://cdn2.hubspot.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://js.usemessages.com https://*.vidyard.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent-eu1.net https://platform.linkedin.com https://app.jazz.co https://script.hotjar.com https://*.hotjar.com https://*.hotjar.io ws://*.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://www.google.ca https://*.dejero.com https://*.google.com https://*.hubapi.com https://*.linkedin.com https://*.twitter.com https://*.facebook.net https://*.facebook.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://*.ytimg.com 'unsafe-inline' https://*.enablix.com https://www-dejero-com.sandbox.hs-sites.com https://*.w3.com http://*.w3.com https://cdn.linkedin.oribi.io https://*.googleusercontent.com data:; frame-ancestors 'self' https://*.amazonaws.com https://cdn2.hubspot.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://js.usemessages.com https://*.vidyard.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://*.hubspotusercontent-na1.net https://*.hubspotusercontent-eu1.net https://platform.linkedin.com https://app.jazz.co https://script.hotjar.com https://*.hotjar.com https://*.hotjar.io ws://*.hotjar.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://www.google.ca https://*.dejero.com https://*.google.com https://*.hubapi.com https://*.linkedin.com https://*.twitter.com https://*.facebook.net https://*.facebook.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://*.ytimg.com https://*.enablix.com https://www-dejero-com.sandbox.hs-sites.com https://usepastel.com https://no-cache.hubspot.com https://*.hs-sites.com https://*.usemessages.com https://*.hubspot.net https://js.hscta.net https://play.hubspotvideo.com https://dejero.enablix.com https://www.dejero.com https://go.dejero.com https://go.dejero.com https://*.googlesyndication.com https://*.storylane.io/; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://region1.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://content.hotjar.io https://va.tilde.com https://www.google-analytics.com  https://connect.facebook.net  https://www.facebook.com https://chat.regitra.lt/ https://www.youtube.com https://stats.g.doubleclick.net https://cdn.consentmanager.net https://d.delivery.consentmanager.net; img-src 'self' 'unsafe-eval' data: https://va.tilde.com https://www.facebook.com https://cdn.consentmanager.net https://d.delivery.consentmanager.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://va.tilde.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://cdn.consentmanager.net https://d.delivery.consentmanager.net 1
default-src 'none';style-src 'self' 'unsafe-inline' https://cdn.eye-able.com;script-src 'self' 'unsafe-inline' https://embed.journey.epilot.io https://analytics.stadtwerke-ratingen.de https://cdn.eye-able.com;img-src 'self' data: https:;font-src 'self';manifest-src 'self';connect-src 'self';frame-src https:;report-uri https://sentry.km2.de/api/10/security/?sentry_key=3548d5d299304ea88eb88d8f38310f6f 1
frame-ancestors kcls.org *.kcls.org kcls.bibliocms.com *.kcls.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src kcls.org *.kcls.org kcls.bibliocms.com *.kcls.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
frame-ancestors 'self' https://ufainfa.ru 1
frame-src 'self'; connect-src 'self'; base-uri 'self';default-src 'none' ; script-src 'self'; img-src 'self'; style-src https://dismail.de; font-src 'self'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
frame-ancestors 'self' *.credit-agricole.com 1
frame-ancestors 'self'; frame-src 'self' https://app.aiden.cx https://consentcdn.cookiebot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://a.omappapi.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.aiden.cx https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://a.omappapi.com ads.creative-serving.com static2.creative-serving.com www.facebook.com code.jquery.com; report-uri https://o264437.ingest.sentry.io/api/6295136/security/?sentry_key=f3e93252271a4659b969f2cb4ee11435 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.matomo.cloud https://boards-api.greenhouse.io;connect-src 'self' https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://boards-api.greenhouse.io https://api.github.com;img-src 'self' data: https://images.ctfassets.net https://i.ytimg.com;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests;frame-src https://bugcrowd.com https://www.youtube.com; 1
default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com partner.googleadservices.com site.yandex.net yastatic.net mc.yandex.ru metrika.yandex.ru an.yandex.ru *.yandex.ru yandex.ru clck.yandex.ru connect.facebook.net *.facebook.net *.facebook.com *.fb.com vk.com dadata.ru www.google-analytics.com *.google-analytics.com webvisor.com *.googlesyndication.com *.googleapis.com *.freshdoc.ru freshdoc.ru *.addthis.com cdn.ampproject.org *.nalog.ru *.playbuzz.com *.mail.ru *.regberry.ru *.sendpulse.com adservice.google.com adservice.google.ru *.googletagservices.com *.google.com *.gstatic.com 1c-partnerka.ru code.jquery.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
connect-src 'self' data: accounts.google.com https://bl.listrakbi.com https://analytics.google.com/g/collect https://www.paypal.com/ https://stats.g.doubleclick.net/j/collect https://art-to-frames.pxf.io https://apay-us.amazon.com  https://www.arttoframe.com https://ajax.googleapis.com https://popup.wisepops.com https://s3.amazonaws.com https://s.yimg.com https://in.hotjar.com https://t.mplxtms.com https://ct.pinterest.com https://vc.hotjar.io https://www.googleapis.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://secure-cdn.mplxtms.com wss://ws7.hotjar.com/api/v1/client/ws https://payments-sandbox.amazon.com https://apay-us.amazon.com/cs/uedata https://stats.g.doubleclick.net wss://ws4.hotjar.com https://www.paypal.com/sdk/js https://www.paypalobjects.com/upstream/assets/messaging/modal/ramp-experiment-ssr.json https://www.paypal.com/xoplatform/logger/api/logger https://www.paypal.com/credit-presentment/log https://www.sandbox.paypal.com/xoplatform/logger/api/logger https://www.sandbox.paypal.com/credit-presentment/log https://www.hotjar.com https://sucuri.net https://sucuri.com https://securetoken.googleapis.com https://console.firebase.google.com/ https://www.facebook.com/tr/ https://www.facebook.com https://*.firebaseio.com https://www.firebase.com https://cdn.firebase.com https://waf.sucuri.net/ wss://arttoframes-5c941.firebaseio.com/.ws wss://s-usc1c-nss-248.firebaseio.com/.ws https://arttoframe.go2cloud.org https://fonts.googleapis.com https://fonts.gstatic.com https://utt.impactcdn.com https://www.ojrq.net https://logs-01.loggly.com https://bat.bing.com/actionp https://maps.googleapis.com https://*.google-analytics.com https://payments.amazon.com https://payments.amazon.com/merchantAccount https://www.google-analytics.com/j/collect https://art-to-frames.pxf.io/ https://analytics.tiktok.com https://*.analytics.google.com https://*.googletagmanager.com  https://payments.sandbox.braintree-api.com/graphql https://api.sandbox.braintreegateway.com/merchants https://logs.convertexperiments.com/log https://origin-analytics-sand.sandbox.braintree-api.com/ https://10041527.metrics.convertexperiments.com https://payments.braintree-api.com/graphql https://api.braintreegateway.com/merchants https://client-analytics.braintreegateway.com https://*.clarity.ms/collect https://*.snapchat.com/ https://*.googlesyndication.com https://content.hotjar.io wss://ws.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.firebaseio.com wss://s-usc1b-nss-2133.firebaseio.com https://cdnjs.cloudflare.com https://*.listrak.com https://s.pinimg.com/;script-src 'self'  'nonce-wfT9SV6ACskjs+Ec6IJm8Q==' https://*.googletagmanager.com https://script.hotjar.com https://sc-static.net/ https://www.paypal.com https://chimpstatic.com https://www.paypalobjects.com/ https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.clarity.ms/collect https://www.google.co.in https://bat.bing.com https://*.google.co.in; script-src-elem 'nonce-wfT9SV6ACskjs+Ec6IJm8Q==' 'self'  https://www.paypal.com/tagmanager/pptm.js https://script.hotjar.com  https://bat.bing.com/p/action/4069255.js https://script.hotjar.com/modules.6fa394eeadbec946a34a.js https://*.clarity.ms https://www.paypalobjects.com/muse/muse.js https://connect.facebook.net https://ssl.google-analytics.com https://intljs.rmtag.com/114877.ct.js https://d1igp3oop3iho5.cloudfront.net https://analytics.tiktok.com https://utt.impactcdn.com https://cdn.listrakbi.com/scripts/script.js https://dev.visualwebsiteoptimizer.com https://ut.rd.linksynergy.com https://*.listrakbi.com/ https://www.googlecommerce.com/trustedstores/api/js https://www.google.com https://apis.google.com/js/api.js https://www.googletagmanager.com/gtm.js https://script.hotjar.com/modules.710fa773759992ae5199.js https://script.hotjar.com/modules.4aa8d748500a28f64f6e.js https://analytics.tiktok.com https://play.google.com/log https://apis.google.com https://googleads.g.doubleclick.net https://tr.snapchat.com https://*.snapchat.com https://static.addtoany.com https://www.googleadservices.com https://code.jquery.com https://www.paypalobjects.com/api/checkout.min.js https://static-na.payments-amazon.com/v2/login.js https://cdnjs.cloudflare.com https://*.firebaseio.com wss://s-usc1b-nss-2133.firebaseio.com https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/dojo/1.9.1/dojo/dojo.js https://*.listrak.com https://s.pinimg.com/ 'sha256-oZu8Xog49u/EO1SNHmdyVwX0QMPAOgKlWl+CJpa1Q2g=' 'sha256-BmFlTockZ3KWrXeIoJa8obWKM8KS3OBo6Z/6SnXjCoI=' 'sha256-dzHVd8XfpfOOm/gt7a5RF0yd3U09RmjuqdHlHWzhPWY=' 'sha256-Xu9Qne3PenOWsOtsVVSgaJkix9LWAKe6IhuV+Nr7hRs=' 'sha256-DBJk4uzYpowCwYgIXMqiYHl6MhDFpPd8JqzVk3rmaeg=' 'sha256-ZqOfblcRr1058a3n4el+Wb2KWIBFit/qqITX8qfAuQ8=' 'sha256-Yjvnrb2UGjaVPuP1nGf+IwlE8pAnhe5XB3Mj0TEunHc=' 'sha256-KyHKeGl+rzMPreSbrpE1XFoYLUn37DKDFX5xsqHhhSo=' 'sha256-Pv2ASG8xBDmr0G9EqvoLNiSIUwAC5y6kHQkvc8YJsew=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-BmFlTockZ3KWrXeIoJa8obWKM8KS3OBo6Z/6SnXjCoI=' 'sha256-dzHVd8XfpfOOm/gt7a5RF0yd3U09RmjuqdHlHWzhPWY=' 'sha256-tBsLFpGbnCUGj7AajeVbeAVEG4o5pIppOxgsBwhDYEg=' 'sha256-ycb63UfIqnM8QbnvviRjmP524XG7anBQXIUufuKx+pg=' 'sha256-Ka39uj4Q4cJaOl+KsdMW58FfdUezaJaOBCHhsDmlcJg=' 'sha256-DOd/iZ7zncVc3zqJCDlyPbCgb0c1G+JDmMj2bbCBhIg=' 'sha256-fXWBsNXcg0sIyUY9jkKdqrowSqgixcEMvuATY9Freb4=' 'sha256-5y27efbOi+bZhe+lhdnlGJtBYR80JRgtxJOVzSAOyJY=' 'sha256-5y27efbOi+bZhe+lhdnlGJtBYR80JRgtxJOVzSAOyJY=' 'sha256-0PIVEAfqlfRPEKHdmkiKja6syanZzu+jvovvHM7qE1M=' 'sha256-fhNbpCL03C8kzCyNOSRZFHOe0F0FVAXfNgmAMSxentc=' 'sha256-gTrZuuv2IOQMsb/CDSCuv2tAwl7QYWupgSgX41djDh0=' 'sha256-TTzuy9a3cgO0kwK7Y6/omk8F9SLVN7pWpxXMNZbx1/Y=' 'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo=' 'sha256-Rh5r8kIWlfIHzIMhOy2iFQYWO0IPO/m5zbqyLFo1VSE='; 1
default-src 'self' www.chinaums.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://smmplanner.com 1
frame-ancestors 'self' *.hendricksgin.com *.contentful.com 1
default-src 'self' wss://www.zenhr.com/ wss://app.zenhr.com/ wss://sa.zenhr.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://calendly.com/ https://connect.facebook.net/ https://forms-eu1.hsforms.com/ https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/ https://www.google.com/ https://cdn.linkedin.oribi.io/ https://app.pendo.io/ https://leadbooster-chat.pipedrive.com/ https://www.recaptcha.net/ https://api-eu1.hubspot.com/ https://forms-eu1.hscollectedforms.net/ https://api-eu1.hubapi.com/ https://www.facebook.com/ https://adservice.google.com/ https://www.google.jo/ https://www.google.sa/ https://www.google.ae/ https://www.google.qa/ https://www.google.eg/ https://www.google.iq/ https://www.google.fr/ https://www.google.ps/ https://www.google.co.in/ https://www.google.co.id/ https://www.google.com.kh/ https://www.google.com.pk/ https://www.google.com.ph/ https://www.google.com.ly/ https://www.google.com.sa/ https://www.google.com.jo/ https://www.google.com.kw/ https://www.google.com.eg/ https://www.google.com.qa/ https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://a.omappapi.com https://idx.liadm.com/ https://api.omappapi.com/ https://inapp.planhat.com/ https://tr.snapchat.com/ https://widget.freshworks.com/widgets/ https://widget.freshworks.com/ https://widget.freshworks.com/widgetBase/locales/ https://zenhrsolutions.freshdesk.com/api/widget/solutions/ https://zenhrsolutions.freshdesk.com/api/widget/ticket-forms https://zenhrsolutions.freshdesk.com/api/widget/ https://zenhrsolutions.freshdesk.com/api/widget/ticket_fields https://cta-eu1.hubspot.com/ https://analytics.tiktok.com https://px.ads.linkedin.com/ https://tr6.snapchat.com/ https://app.clearbit.com/ https://in.hotjar.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.cloudfront.net https://leadbooster-chat.pipedrive.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com/ https://tag.clearbitscripts.com/ https://analytics.tiktok.com/ https://widget.freshworks.com/widgets/ https://widget.freshworks.com/ https://*.planhat.com/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/ https://www.googletagmanager.com/gtag/js https://cdn.pendo.io/agent/static/efab39c9-e1e5-4c7c-6c69-7dc38b1f1a78/pendo.js https://www.googleoptimize.com/optimize.js https://cdnjs.cloudflare.com/ajax/libs/jQuery.dotdotdot/4.1.0/dotdotdot.js https://cdnjs.cloudflare.com/ajax/libs/simplebar/5.3.9/simplebar.min.js https://cdn.jsdelivr.net/npm/simplebar@v5.3.9/dist/simplebar.min.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/optimize.js https://sc.lfeeder.com/lftracker_v1_3P1w24d0GMB4mY5n.js https://app.pendo.io/ http://gyrocode.github.io/jquery-datatables-checkboxes/1.2.11/js/dataTables.checkboxes.min.js https://assets.calendly.com/assets/external/widget.js http://js-eu1.hsforms.net/forms/embed/v2.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://leadbooster-chat.pipedrive.com/assets/ https://connect.facebook.net/signals/config/ https://www.recaptcha.net/recaptcha/api.js https://*.cloudfront.net/ https://cdn.tiny.cloud/1/no-api-key/tinymce/ https://js-eu1.hs-scripts.com/26849107.js https://js-eu1.hscollectedforms.net/ https://js-eu1.hsadspixel.net/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.usemessages.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js https://www.googleadservices.com/ https://ct.capterra.com/ https://a.omappapi.com/ https://a.omappapi.com/app/js/api.min.js https://maps.googleapis.com/ https://secure.leadforensics.com/ https://idx.liadm.com/ https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://optimize.google.com/optimize/inject/inject.js https://sc-static.net/ https://tr.snapchat.com/ https://js-eu1.hubspot.com/ https://x.clearbitjs.com/v2/; style-src 'self' 'unsafe-inline' https://widget.freshworks.com/widgetBase/static/media/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://cdn.tiny.cloud/ https://a.omappapi.com/; frame-src 'self' https://www.facebook.com/ https://www.recaptcha.net/ https://calendly.com/ https://app-eu1.hubspot.com/ https://forms-eu1.hsforms.com/ https://td.doubleclick.net/ https://s3.eu-central-1.amazonaws.com/ https://tr.snapchat.com/; report-uri /en/api/v1/csp_reports 1
frame-ancestors 'self';         style-src 'self' https://*.chase.com https://*.f9client.com https://*.f9dev.com;         script-src 'self' https://*.f9client.com https://*.chase.com https://*.f9dev.com https://*.chasebonus.com https://*.liquidhost2.com https://*.chasecdn.com;         img-src 'self' https://*.chase.com https://*.facebook.com https://*.outbrain.com https://*.amazon-adsystem.com https://*.doubleclick.net https://jpmcbankna.demdex.net https://*.adsymptotic.com https://*.linkedin.com https://s3.amazonaws.com https://*.gravatar.com https://*.umbraco.tv https://*.mbraco.org https://*.mbraco.com https://*.boltdns.net https://*.sp.analytics.yahoo.com https://secure.adnxs.com https://*.f9dev.com https://*.liquidhost2.com https://*.chasecreditcards.com https://tr.snapchat.com https://ct.pinterest.com https://t.acxiom-online.com https://insight.adsrvr.org https://pixel.mathtag.com https://bat.bing.com https://tags.mediaforge.com https://i.simpli.f https://a.amxdt.com https://*.outpace.com https://analytics.twitter.com https://*.t.co https://dc.ads.linkedin.com data: blob: *;         font-src data: 'self' https://*.f9client.com https://*.f9dev.com;         media-src 'self' https://*.f9client.com;         connect-src 'self' https://*.f9dev.com https://*.f9client.com https://*.liquidhost2.com https://*.chasecreditcards.com https://analytics.chase.com https://dpm.demdex.net https://*.chase.com https://*.chasecdn.com https://*.doubleclick.net https://*.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://*.linkedin.com https://insight.adsrvr.org;         frame-src https://*.f9dev.com;         default-src 'self' 1
default-src https://www.motortax.ie/OMT/ https://www.motarchain.ie/OMT/ https://www.motarchain.ie/OMT/css/bootstrap.min.css https://www.motarchain.ie/OMT/css/ie10-viewport-bug-workaround.css https://www.motortax.ie/favicon.ico https://www.google-analytics.com/analytics.js https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://www.googletagmanager.com/gtm.js 'unsafe-inline';script-src-elm https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rtN9L/PlnopqErminK1laRaed/v5L3wuuuZPenG7eFZ6uFIm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
worker-src blob:; object-src *;script-src * 'unsafe-inline' 'unsafe-eval' 1
report-to 'self' ; child-src 'self' ; connect-src 'self' *.getnitropack.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net *.gstatic.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' swiftcdn6.global.ssl.fastly.net px4.ads.linkedin.com blob: player.vimeo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.google.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' px4.ads.linkedin.com swiftcdn6.global.ssl.fastly.net www.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org cdn.usefathom.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline' ; style-src 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:;  upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.arz.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arz.at maps.google.com www.googleadservices.com maps.googleapis.com; img-src 'self' *.accenture.com *.arz.at maps.google.com maps.googleapis.com maps.gstatic.com data:; connect-src 'self' *.accenture.com *.arz.at maps.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.arz.at www.youtube.com;  block-all-mixed-content 1
default-src 'self'; connect-src 'self' *.ifs-certification.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.ifs-certification.com code.jquery.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.ifs-certification.com *.ifs-digital.de; frame-src *.ifs-certification.com *.ifs-digital.de *.youtube-nocookie.com www.google.com; frame-ancestors 'none'; form-action 'self'; font-src 'self' data:; 1
connect-src 'self' http://kunpeng.csdn.net/ https://event.csdn.net/ https://codechina.csdn.net/ https://localhost:* http://codechina.csdn.net/ http://localhost:* ws://localhost:* wss://localhost:* https://passport.csdn.net/ https://hm.baidu.com/ https://connect-drcn.dbankcloud.cn/ https://datacollector-drcn.dt.hicloud.com/ https://eva.csdn.net/ https://ev.csdn.net/ https://eva2.csdn.net/; default-src 'self'; font-src 'self' 'unsafe-inline' https://csdnimg.cn/ http://csdnimg.cn/ http://g.csdnimg.cn/ https://g.csdnimg.cn/; frame-ancestors 'self' https://live.csdn.net/; frame-src 'self' https://live.csdn.net/ https://kunpeng-sc.csdnimg.cn/ https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com; img-src * data: blob: https://codechina.csdn.net/ https://gitcode.net/; object-src 'none'; script-src 'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://csdnimg.cn/ https://g.csdnimg.cn/ https://hm.baidu.com/ 'nonce-9xb+UPdOtcsRf6Dq8VIs7g=='; style-src 'self' 'unsafe-inline' https://csdnimg.cn/ http://csdnimg.cn/ http://g.csdnimg.cn/ https://g.csdnimg.cn/; worker-src 'self' blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.runnings.com *.cloudmaestro.com *.googleapis.com *.google-analytics.com *.vaimo.net *.cloudfront.net *.google.com www.gstatic.com *.yotpo.com fonts.gstatic.com staticw2.yotpo.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.gstatic.com *.listrakbi.com js.adsrvr.org cdn.noibu.com s.pinimg.com connect.facebook.net docs.paymentjs.firstdata.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com *.googletagmanager.com services.listrak.com *.secure.quantserve.com secure.quantserve.com rules.quantcount.com *.duosecurity.com *.simpli.fi *.criteo.com *.criteo.net *.paypal.com *.klevu.com blob: www.paypalobjects.com; worker-src www.runnings.com blob:; report-uri /.webscale/csp-report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://siteimproveanalytics.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net https://cloud.typography.com/ ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://*.global.siteimproveanalytics.io https://steptoe.vuturevx.com/ ; frame-src 'self' mailto: https://mail.google.com/ https://cdn.yoshki.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://email.steptoecommunications.com https://emails.steptoecommunications.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-0bc4e8fbefd8482cc8dfcceb81bed0eb' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 1
default-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:*; script-src 'self' 'unsafe-inline' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.google-analytics.com https://*.google-analytics.com http://*.twitter.com https://*.twitter.com http://*.facebook.net https://*.facebook.net http://*.paypalobjects.com https://*.paypalobjects.com http://*.paypal.com https://*.paypal.com http://*.stripe.com https://*.stripe.com http://*.googletagmanager.com https://*.googletagmanager.com 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com; connect-src * 'self' https://wwwddp.linguahouse.com ws://wwwddp.linguahouse.com https://www.linguahouse.com ws://www.linguahouse.com wss://wwwddp.linguahouse.com wss://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:*; img-src data: 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.doubleclick.net https://*.doubleclick.net http://*.facebook.com https://*.facebook.com http://*.google.com https://*.google.com https://* http://www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.googleapis.com https://*.googleapis.com; frame-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.ted.com https://*.ted.com http://*.youtube.com https://*.youtube.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com http://*.paypal.com https://*.paypal.com http://*.stripe.com https://*.stripe.com; font-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.gstatic.com https://*.gstatic.com data:; media-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* data:; frame-ancestors 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://localhost:*; 1
frame-ancestors 'self' https://*.myshopify.com https://*.mybigcommerce.com; 1
frame-ancestors 'self' https://cocc.instructure.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.onetrust.com www.youtube.com www.youtube-nocookie.com d3l7jhiu2gy1zw.cloudfront.net *.cookielaw.org *.gnoss.com ldmypjv2.openweb.bbva *.bbvaresearch.com www.bbva.com edicion-j6yx1hfp.openweb.bbva *.refinitiv.com *.thomsonreuters.com *.lseg.com *.demdex.net *.gstatic.com www.google.com *.gravatar.com www.w3.org *.omtrdc.net; object-src 'unsafe-eval'; img-src * 'self' data: *.w3.org; frame-ancestors 'self' www.bbva.com edicion-j6yx1hfp.openweb.bbva *.refinitiv.com *.thomsonreuters.com *.lseg.com; font-src 'self' data: *.gstatic.com; 1
frame-ancestors self *.permenergosbyt.ru webvisor.com; 1
frame-ancestors https://*.bclc.com 'self' 1
default-src 'self' https://www.google.com https://embedwistia-a.akamaihd.net *.greenheck.com https://login.greenheck.com https://c.clarity.ms https://d.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' greenheck.hawksearch.com *.greenheck.com *.wistia.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com youtube.com *.twitter.com *.twitter.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.jquery.com *.hawksearch.net *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.datatables.net *.jsdelivr.net *.providesupport.com *.createjs.com *.sitefinity.com https://fast.wistia.com/ https://fast.wistia.net/ https://gateway.zscalertwo.net *.msecnd.net lusearchapi-na.hawksearch.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://www.clarity.ms https://snap.licdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.cdn.telerik.com google.com *.azureedge.net *.twitter.com *.twimg.com *.cloudflare.com *.bootstrapcdn.com *.hawksearch.net *.datatables.net *.jsdelivr.net *.greenheck.com *.accurex.com *.dynamics.com cdn.datatables.net *.hawksearch.com https://fast.wistia.com/ https://gateway.zscalertwo.net; font-src 'self' fonts.gstatic.com *.hawksearch.com stats.g.doubleclick.net kendo.cdn.telerik.com netdna.bootstrapcdn.com stackpath.bootstrapcdn.com data: https://test.hawksearch.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.google.com googletagmanager.com http://script.hotjar.com https://fast.wistia.net; img-src 'self' *.greenheck.com *.wistia.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://ghsitefinitytesting.blob.core.windows.net/ https://stats.g.doubleclick.net/ https://www.google.com https://www.google.co.in *.greenheck.com https://embedwistia-a.akamaihd.net fast.wistia.net embed-fastly.wistia.com http://greenheck-cms-work.azurewebsites.net https://www.googletagmanager.com https://bat.bing.com https://c.clarity.ms https://c.bing.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.wistia.com https://embedwistia-a.akamaihd.net fast.wistia.net embed-fastly.wistia.com; frame-src 'self' https://accurex.crm.dynamics.com https://*.greenheck.com *.crm.dynamics.com https://www.googletagmanager.com *.greenheck.com *.google.com https://www.google.com https://app.powerbi.com https://*.innoventair.com https://*.valentair.com https://*.precision-coils.com https://*.mepremisys.com https://*.airolite.com https://vars.hotjar.com https://echogloballogistics.looker.com https://echoinsights.azurewebsites.net; frame-ancestors 'self' https://accurex.crm.dynamics.com http://accurex.crm.dynamics.com https://*.greenheck.com *.crm.dynamics.com *.greenheck.com *.google.com *.valentair.com https://*.innoventair.com https://*.valentair.com https://*.precision-coils.com https://*.mepremisys.com https://*.airolite.com https://vars.hotjar.com https://echogloballogistics.looker.com https://echoinsights.azurewebsites.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.greenheck.com *.crm.dynamics.com *.bing.com blob:; connect-src 'self' accounts.google.com *.clarity.ms *.bing.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.greenheck.com *.mktoresp.com google-analytics.com *.wistia.com *.litix.io https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://embedwistia-a.akamaihd.net fast.wistia.net embed-fastly.wistia.com https://login.greenheck.com *.crm.dynamics.com *.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://a.clarity.ms https://www.facebook.com https://cdn.linkedin.oribi.io https://content.hotjar.io https://metrics.hotjar.io/ https://px.ads.linkedin.com; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * https://plumrocket.com https://accounts.google.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.adobedtm.com *.omtrdc.net *.adobe.net *.magentocommerce.com *.doubleclick.net *.google.co.in *.typekit.net *.paypal.com *.ytimg.com *.swagger.io *.whiteteak.com *.bidswitch.net *.pingdom.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.criteo.com *.yahoo.net *.smartadserver.com *.rubiconproject.com *.media.net *.aralego.net *.dmxleo.com *.razorpay.com *.licdn.com *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.braintreegateway.com *.stickyadstv.com *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.yahoo.com *.facebook.com *.aralego.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ https://img.youtube.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.addthis.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.net *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.net *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.yahoo.com *.facebook.com *.aralego.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ s7.addthis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com cdn.ampproject.org *.googleapis.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.vimeocdn.com *.youtube.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ ekr.zdassets.com/ https://get.geojs.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com google.com https://accounts.google.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1
frame-ancestors self https://s1.ariba.com https://service.ariba.com https://*.punchout2go.com http://*.punchout2go.com http://portal.punchout2go.com https://portal.punchout2go.com https://danafarber.edirx.com http://translate.google.com https://translate.google.com https://s1-2.ariba.com https://*.labcloudinc.com https://*.optimizely.com https://*.sciquest.com http://bchtest.edirx.com https://bchtest.edirx.com https://qa-connect.punchout2go.com http://*.edirx.com https://*.edirx.com http://finpiadev4.tch.harvard.edu:8220 http://finprd.tch.harvard.edu http://bch.edirx.com https://bch.edirx.com http://s1-2.ariba.com http://*.ariba.com https://*.stemcell.com https://youtube.com http://livechatinc.com/ https://qaapp02.xisecurenet.com/ https://*.unimarket.com/ https://*.recapture.io https://*.labfellows.org https://*.labfellowsdemo.com https://*.labfellows.com https://scn.6connex.com/ https://*.elevate.bio https://*.tradecentric.com https://*.chatbot.com https://*.chatbot.io https://*.instagram.com https://wd5-enterprise-services1.workday.com/ccx/ProcurementcXMLReceiver https://td.doubleclick.net; frame-src https://bchtest.edirx.com http://bchtest.edirx.com http://bch.edirx.com https://bch.edirx.com http://danafarber.edirx.com https://danafarber.edirx.com https://s1-2.ariba.com http://s1-2.ariba.com *.brightcove.net *.soundcloud.com *.jotformpro.com *.jotform.com *.jotform2.com *.jotform.net cdn.jotfor.ms vars.hotjar.com disqus.com *.disquscdn.com *.disqus.com *.jotform.io *.livechatinc.com *.jotform.ca *.google.com *.paymetric.com *.xipaynet.com *.xisecurenet.com *.shortstack.com https://www.youtube.com/ *.stemcell.com http://livechatinc.com/ https://calendar.time.ly/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.unimarket.com/ *.recapture.io *.labfellows.org *.labfellowsdemo.com *.labfellows.com jotpoll.com *.shortstack.page *.jotform.co https://*.instagram.com https://wd5-enterprise-services1.workday.com/ccx/ProcurementcXMLReceiver https://td.doubleclick.net https://*.chatbot.com https://*.chatbot.io; 1
base-uri 'self'; default-src 'self'; object-src 'none'; connect-src 'self' *.juicer.io graph.facebook.com; font-src 'self' *.gstatic.com *.juicer.io; script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-7dc4b07f5361935506e55f8552dbe802'; script-src-attr 'none'; script-src-elem 'self' 'strict-dynamic' 'report-sample' 'nonce-7dc4b07f5361935506e55f8552dbe802'; style-src 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.juicer.io *.twimg.com *.imgur.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.podigee-cdn.net data:; child-src 'none'; frame-src 'self' *.podigee.io *.podigee-cdn.net; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; report-uri /csp-violations 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.scottishbooktrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.youtube.com *.stripe.com *.facebook.net *.soundcloud.com *.google-analytics.com *.cloudfront.net cdn-cookieyes.com *.pingdom.net *.googletagmanager.com *.addsearch.com *.typekit.net *.recaptcha.net *.gstatic.com; style-src fonts.googleapis.com *.cloudfront.net 'self' data: 'unsafe-inline'; style-src-elem cdn-images.mailchimp.com *.googleapis.com *.cloudfront.net 'self' data: 'unsafe-inline'; style-src-attr 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: www.scottishbooktrust.com; font-src 'self' *.gstatic.com *.typekit.net; connect-src 'self' *.facebook.com *.googleapis.com *.addsearch.com *.doubleclick.net cdn.plyr.io wss://in.visitors.live wss://visitors.live *.cloudfront.net *.google-analytics.com *.google.com *.pingdom.net *.cookieyes.com cdn-cookieyes.com *.luckyorange.com *.luckyorange.net; media-src *; object-src 'self' blob; frame-src *.facebook.com sbt-website-video.s3.eu-west-1.amazonaws.com *.flockler.com s3.amazonaws.com s3.amazon.com www.google.com *.youtube.com *.twitter.com *.vimeo.com *.soundcloud.com *.recaptcha.net *.stripe.com www.bbc.co.uk bandcamp.com viewer.drawpoint.io; form-action *.facebook.com scottishbooktrust.us7.list-manage.com 'self'; worker-src 'self' blob: *.scottishbooktrust.com wss://in.visitors.live wss://visitors.live visitors.live *.visitors.live; upgrade-insecure-requests; block-all-mixed-content 1
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com https://www.google.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 1
connect-src 'self' https: ws: wss: wss://nexus-websocket-a.intercom.io 1
default-src 'self' *.kicad.org;img-src * data:;font-src 'self' fonts.gstatic.com *.kicad.org;style-src 'self' 'unsafe-inline' *.kicad.org fonts.googleapis.com;media-src 'self' *.youtube.com player.vimeo.com *.kicad.org;object-src 'self' *.youtube.com *.kicad.org;script-src 'self' 'unsafe-inline' *.kicad.org static.cloudflareinsights.com ajax.cloudflare.com;frame-src 'self' *.kicad.org *.youtube.com *.dl.osdn.jp osdn.net *.osdn.net *.rwth-aachen.de *.nchc.org.tw mirrors.gigenet.com mirrors.xtom.com mirrors.dotsrc.org mirrors.tuna.tsinghua.edu.cn mirrors.xtom.com.hk mirrors.bfsu.edu.cn mirror.liquidtelecom.com ftp.acc.umu.se osdn.mirror.constant.com mirror.math.princeton.edu plug-mirror.rcac.purdue.edu openbsd.c3sl.ufpr.br ftp.iij.ad.jp ftp.jaist.ac.jp ftp.onet.pl mirror.sjtu.edu.cn mirrors.nju.edu.cn player.vimeo.com mailto: 1
frame-ancestors 'self' *.hendyla.com *.h.local *.hendyla.local; 1
base-uri 'none'; object-src 'none'; script-src https://www.elektronauts.com/logs/ https://www.elektronauts.com/sidekiq/ https://www.elektronauts.com/mini-profiler-resources/ https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/extra-locales/ https://www.elektronauts.com/highlight-js/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ https://www.elektronauts.com/theme-javascripts/ https://www.elektronauts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: wss: 1
frame-ancestors *.igrice123.rs igrice123.rs; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-MwyO0IJ8qXAuLN4YM+jkUmOmt7fwYjzYg16Z3Wm0ikiZi61q' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self'; frame-ancestors 'none'; font-src https://*.cloudfront.net/ https://fonts.gstatic.com https://use.fontawesome.com data: 'self'; style-src https://*.cloudfront.net/ https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline' 'self'; script-src https://*.cloudfront.net/ https://api.rudderlabs.com https://cdn.rudderlabs.com 'unsafe-eval' 'unsafe-inline' 'self'; frame-src https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/Oaq4P-7YJBU; img-src https://*.cloudfront.net/ https://www.gravatar.com 'self'; connect-src https://api.rudderlabs.com https://messagebird-dataplane.rudderstack.com 'self'; 1
img-src data: 'self' *.gstatic.com www.facebook.com www.google.it https://*.fna.fbcdn.net www.google.com www.google-analytics.com https://region1.google-analytics.com https://maps.googleapis.com *.ggpht *.ytimg.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net ; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.espoo.fi *.wdr.io; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src blob:; frame-src https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https://* data:; media-src 'self'; frame-src 'self' td.doubleclick.net www.googletagmanager.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net translate.googleapis.com www.google.com.af www.google.mw www.google.co.uk www.google.com.ly www.google.co.uz www.google.com.ng www.google.sn www.google.com.pk www.google.com.et; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.mailfence.com https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 1
default-src https: mailto: wss: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src * data:; base-uri 'none'; 1
frame-src 'self' https://www.google.com; frame-ancestors 'self' https://www.google.com https://www.jooraccess.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 1
default-src 'self' https://secure.e-konsulat.gov.pl https://api.e-konsulat.gov.pl https://www.google.com https://hcaptcha.com https://newassets.hcaptcha.com;    script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://hcaptcha.com https://newassets.hcaptcha.com;     style-src 'self' 'unsafe-eval' 'unsafe-inline';     font-src 'self' https://fonts.gstatic.com;    object-src 'none';    img-src 'self' data: http: https: 1
default-src 'self'; script-src 'self' 'nonce-RG1FTncvTlF1bWZ5QXB0V1lSaEE0S1JwMnB3by81OVplcVh0WUJvVkZ0QT06YkJsWGtvTWI2eW1FZXZRUExVQUcxK2NPczloc3JjNXlJNUtESjFWbWNMaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.treasuredata.com *.google.com *.gstatic.com js.adsrvr.org cdnjs.cloudflare.com *.resonate.com js.monitor.azure.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.fonts.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.diageohorizon.com dc.services.visualstudio.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.fontawesome.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com vimeo.com *.adsrvr.org *.anyroad.com where-to-buy.co *.doubleclick.net *.vtinfo.com; img-src 'self' *.diageoagegate.com *.diageoplatform.com *.drinkiq.com *.onetrust.com *.googletagmanager.com *.doubleclick.net *.juicer.io *.mapbox.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
frame-ancestors 'self' mga.libwizard.com https://*.mga.edu ; form-action 'self' ; base-uri 'self'; object-src 'self' ; media-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' player.vimeo.com; img-src 'self' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudflare.com 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' 'unsafe-inline' data: https: wss:; object-src 'none'; script-src 'self' https://*.firebaseio.com https://apis.google.com https://app.intercom.io https://assets.scrivito.com https://beta-api.scrivito.com https://cdn.segment.com https://connect.facebook.net https://js.honeybadger.io https://js.intercomcdn.com https://maps.googleapis.com https://cdn.mxpnl.com https://rum-static.pingdom.net https://snap.licdn.com https://widget.intercom.io https://www.google-analytics.com https://www.googletagmanager.com https://c.leadlab.click/b052ffa1f30b0ca3.js wss:; upgrade-insecure-requests; frame-ancestors 'self' https://*.scrivito.com https://*.netlify.app 1
default-src 'self'; style-src 'self' 'unsafe-inline' www.youtube.com assets.wogaa.sg *.googleapis.com *.google.com va.ecitizen.gov.sg *.algolia.net *.jsdelivr.net webchat.vica.gov.sg; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com cdn.jsdelivr.net snap.licdn.com opreq.observepoint.com app-script.monsido.com activitymap.adobe.com *.doubleclick.net *.googleadservices.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com va.ecitizen.gov.sg assets.adobedtm.com connect.facebook.net assets.dcube.cloud assets.wogaa.sg *.algolia.net *.algolianet.com webchat.vica.gov.sg; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  https://*.linkedin.oribi.io adobedc.demdex.net bucket-vica.vica.gov.sg opreq.observepoint.com webchannel-content.eservice.emarsys.net enterprisesg.sc.omtrdc.net smetrics.enterprisesg.gov.sg stats.g.doubleclick.net snowplow-web.wogaa.sg snowplow-sentiments.wogaa.sg *.googleapis.com *.gstatic.com dpm.demdex.net va.ecitizen.gov.sg wogadobeanalytics.sc.omtrdc.net wogaa.demdex.net wogadobeanalytics.sc.omtrdc.net *.algolia.net *.algolianet.com s3-va-stg-vica.s3-ap-southeast-1.amazonaws.com chat.vica.gov.sg s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg data:; font-src 'self' assets.wogaa.sg *.gstatic.com *.amazonaws.com va.ecitizen.gov.sg data:; img-src 'self' * data:; media-src 'self' data:; frame-src 'self' www.youtube.com *.micepad.co *.micepad.app *.omniture.com activitymap.adobe.com enterprisesg.demdex.net fast.wogaa.demdex.net *.google.com *.facebook.com wogaa.demdex.net *.doubleclick.net; object-src 'none'; 1
default-src * https: ws: blob: data: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; default-src 'none'; child-src blob:; connect-src 'self' https://maps.googleapis.com https://cdn.linkedin.oribi.io https://*.outbrain.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.go-mpulse.net https://s2.go-mpulse.net https://c.go-mpulse.net https://*.akstat.io https://www.google-analytics.com https://*.crazyegg.com https://s.yimg.com https://adservice.google.com https://*.addthis.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.brightcove.com https://*.brightcove.net  https://*.brightcovecdn.com https://syndication.twitter.com https://*.zscaler.net https://*.visualwebsiteoptimizer.com https://*.brightcove.com https://brightcove.hs.llnwd.net https://*.akamaihd.net https://m.addthis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https:; img-src 'self' data: https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://insight.adsrvr.org https://sp.analytics.yahoo.com https://www.google.com.sg https://www.google.com https://*.outbrain.com https://secure.adnxs.com https://*.crazyegg.com https://adservice.google.com https://*.mookie1.com https://*.doubleclick.net https://*.boltdns.net https://stats.g.doubleclick.net https://*.brightcove.net https://*.brightcovecdn.com https://*.visualwebsiteoptimizer.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://*.gstatic.com https://m.addthis.com/live/ https://*.zscaler.net https://*.google-analytics.com https://*.brightcove.com https://brightcove.hs.llnwd.net https://www.facebook.com https://t.co https://*.linkedin.com https://*.akamaihd.net; media-src 'self' https://*.akamaihd.net https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://brightcove.hs.llnwd.net https://*.boltdns.net https://*.brightcove.net https://*.brightcovecdn.com https://*.brightcove.com blob:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://s.go-mpulse.net https://s2.go-mpulse.net https://c.go-mpulse.net https://*.akstat.io https://tagmanager.google.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.crazyegg.com https://*.outbrain.com https://trk.cetrk.com https://s3.amazonaws.com https://www.instagram.com https://www.facebook.com https://*.addthisedge.com https://www.googletagmanager.com https://*.crazyegg.com https://*.visualwebsiteoptimizer.com https://*.linkedin.com https://s.ytimg.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://assets.adobedtm.com https://ssl.google-analytics.com https://*.twitter.com https://static.ads-twitter.com https://addevent.com https://*.addthis.com https://graph.facebook.com https://connect.facebook.net https://www.linkedin.com https://snap.licdn.com https://m.addthisedge.com https://*.zscaler.net https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://*.brightcove.net https://vjs.zencdn.net https://www.youtube.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://ton.twimg.com https://*.brightcove.net https://*.brightcove.com https://platform.twitter.com https://fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; 1
frame-ancestors 'self'; default-src 'self' *.facebook.com *.facebook.net *.twitter.com cdnjs.cloudflare.com cdnjs.com code.jquery.com maxcdn.bootstrapcdn.com https://owncube.com *.owncube.com https://appsfeed.whmcs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.cloudflare.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://owncube.com/; object-src 'none'; base-uri 'self' https://owncube.com; form-action 'self' https://www.paypal.com/ ; worker-src 'none'; img-src 'self' data: *.facebook.com *.facebook.net *.twitter.com cdnjs.cloudflare.com cdnjs.com code.jquery.com maxcdn.bootstrapcdn.com https://owncube.com *.owncube.com https://www.paypalobjects.com https://www.paypal.com 1
default-src 'self' https://www.citybankplc.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/; script-src 'self' https://www.citybankplc.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/; 1
default-src 'self' ajax.googleapis.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; img-src 'self' data: 'unsafe-inline' * data: www.w3.org; frame-src 'self' td.doubleclick.net viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com ir.connectidfeed.com www.youtube.com *.vimeo.com; frame-ancestors 'self' connectidfeed.com *.connectidfeed.com ir.connectidfeed.com https: http:; style-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net *.typekit.net google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com; font-src 'self' data: 'unsafe-inline' fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net bat.bing.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com; connect-src 'self' region1.analytics.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com; form-action 'self' ; 1
default-src 'self'; img-src * data:; script-src 'self' www.googletagmanager.com connect.facebook.net mc.yandex.ru www.google.com www.google-analytics.com vk.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com www.facebook.com drive.google.com; media-src 'self'; connect-src 'self' mc.yandex.ru connect.facebook.net www.facebook.com www.google-analytics.com vk.com 1
default-src 'self' https://cdn.siteone.io 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.clarity.ms https://static.hotjar.com https://script.hotjar.com https://script.crazyegg.com https://s3.scriptcdn.net/ https://partner.zonky.cz https://cdn.siteone.io https://c.seznam.cz/js/rc.js https://cdn.cookielaw.org/scripttemplates/ https://connect.facebook.net  https://*.salesforceliveagent.com https://*.la1-c1-par.salesforceliveagent.com https://*.g.doubleclick.net https://login.dognet.sk  https://polyfill.io https://service.force.com https://static.lightning.force.com https://zonky.force.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://*.googletagmanager.com https://www.youtube.com https://zonky.my.salesforce.com https://zonky--stage.sandbox.my.salesforce.com  https://zonky.my.site.com https://tpc.googlesyndication.com https://www.googleadservices.com https://analytics.zonky.cz https://*.analytics.zonky.cz; style-src 'unsafe-inline' 'self' https://static.hotjar.com https://script.hotjar.com https://cdn.siteone.io https://fonts.googleapis.com https://*.force.com https://zonky.my.site.com https://tagmanager.google.com https://analytics.zonky.cz https://*.analytics.zonky.cz https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com https://*.force.com https://adservice.google.com https://*.google-analytics.com https://airbank-privacy.my.onetrust.com https://cdn.cookielaw.org https://cdn.siteone.io https://geolocation.onetrust.com https://www.google.com https://*.g.doubleclick.net https://www.facebook.com https://sentry.siteone.cz https://googletagmanager.com https://zonky.my.salesforce.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.cz https://*.google.sk https://*.google.pl https://*.google.be https://*.google.rs https://*.google.hu https://*.google.ch https://*.google.de https://analytics.zonky.cz https://*.analytics.zonky.cz; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://cdn.siteone.io https://analytics.zonky.cz https://*.analytics.zonky.cz; frame-src 'self' https://public.tableau.com https://service.force.com https://www.youtube-nocookie.com https://partner.zonky.cz https://tpc.googlesyndication.com https://*.doubleclick.net https://bid.g.doubleclick.net https://analytics.zonky.cz https://*.analytics.zonky.cz; img-src 'self' data: https://c.bing.com https://c.clarity.ms https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.google.com https://www.facebook.com/tr/ https://cdn.cookielaw.org https://cdn.siteone.io https://*.g.doubleclick.net https://*.google.com https://*.google.cz https://*.google.sk https://*.google.pl https://*.google.be https://*.google.rs https://*.google.hu https://*.google.ch https://*.google.de https://*.google.co.uk https://*.google.nl https://*.google.es https://*.google.ie https://*.google.it https://*.google.fr https://*.seznam.cz https://www.ziskejte.cz https://*.google-analytics.com https://*.googletagmanager.com https://www.google.at https://tpc.googlesyndication.com https://www.gstatic.com https://ssl.gstatic.com https://*.analytics.google.com https://analytics.zonky.cz https://*.analytics.zonky.cz https://fonts.gstatic.com; manifest-src 'self' https://cdn.siteone.io; media-src 'self'; worker-src blob: ; report-uri https://sentry.siteone.cz/api/40/security/?sentry_key=a7eb944c169f4d088950e78d11e17f59; 1
default-src 'self' data: https://dc.services.visualstudio.com/v2/track; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com dl.episerver.net https://www.google.com https://www.gstatic.com *.msecnd.net/ *.matomo.cloud *.plausible.io *.googletagmanager.com *.siteimproveanalytics.com https://siteimproveanalytics.com/js/  https://cdn.siteimprove.net *.arcgis.is https://storymaps.arcgis.com/stories/ https://js.monitor.azure.com/scripts/ *.optimizely.com https://app.powerbi.com *.skyra.no https://cdn.jsdelivr.net/npm/; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/; img-src 'self' blob: data: *.openstreetmap.org https://services.geodataonline.no/ https://lovdata.no *.siteimproveanalytics.io/ *.miljodirektoratet.no https://p-tursti-cdne.azureedge.net/ https://t-tursti-cdne.azureedge.net/ https://www.googletagmanager.com https://nasjonaleturiststier.no https://storymaps.arcgis.com; connect-src 'self' blob: my2.siteimprove.com id.siteimprove.com pui.episerver.net *.visualstudio.com *.plausible.io *.miljodirektoratet.matomo.cloud *.miljodirektoratet.no *.vannportalen.no *.optimizely.com  https://app.powerbi.com *.skyra.no *.arcg.is *.experience.arcgis.com/ https://www.miljodirektoratet.no/ https://services.geodataonline.no; font-src 'self' fonts.gstatic.com hello.myfonts.net *.cloudfront.net; object-src 'none'; ; media-src 'none'; ; frame-src 'self' *.miljodirektoratet.no https://www.youtube-nocookie.com/ https://www.google.com https://app.powerbi.com/ https://storymaps.arcgis.com https://play.libsyn.com *.libsyn.com *.experience.arcgis.com/ *.arcg.is https://arcg.is/ https://experience.arcgis.com/ https://kart.barentswatch.no/ https://miljoatlas.miljodirektoratet.no *.video.qbrick.com  https://player.vimeo.com/video/ ; child-src 'self' ; form-action 'self' ; frame-ancestors https://www.miljodirektoratet.no/ https://dsa.no/ https://dsa.no/ https://storymaps.arcgis.com; base-uri 'self' ; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com https://salesiq.zoho.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googletagmanager.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com  https://salesiq.zoho.com  https://ajax.aspnetcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googletagmanager.com  https://salesiq.zoho.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; style-src 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; style-src-elem 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; style-src-attr 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; font-src 'self' 'unsafe-inline' https://www.mawhiba.org https://services.mawhiba.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v2.zopim.com https://tagmanager.google.com https://www.google-analytics.com https://js.braintreegateway.com https://d1n7u6d5707h07.cloudfront.net https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://cdn.capturly.com https://static.hotjar.com https://script.hotjar.com https://cdn.ampproject.org https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.raptorsupplies.com https://widget.trustpilot.com http://gd.geobytes.com https://www.raptorsupplies.co.uk https://*.zopim.com https://www.googletagmanager.com https://script.opentracker.net https://www.googleadservices.com https://bat.bing.com https://static.zdassets.com https://connect.facebook.net https://googleads.g.doubleclick.net https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://www.paypal.com https://sc.lfeeder.com https://www.paypalobjects.com https://c.paypal.com https://songbird.cardinalcommerce.com  https://fpnpmcdn.net/ https://cdn.jsdelivr.net/ https://www.googleoptimize.com/ https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://pwa.raptorsupplies.com *.wp.com https://secure.gravatar.com/ https://js.stripe.com/ https://embedsocial.com/ 1
default-src 'self'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self'; img-src 'self' data:; object-src 'self'; frame-ancestors 'none'; connect-src 'self' https://api.transferwise.com; 1
worker-src blob:; media-src * blob:; script-src-attr 'unsafe-inline'; default-src  'self' http: 'unsafe-inline'; img-src 'unsafe-inline' http: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'               *.hs-scripts.com               *.hs-analytics.net              *.doubleclick.net                *.azureedge.net               *.azurewebsites.net              *.typekit.net               *.cookielaw.org              *.google-analytics.com              *.googletagmanager.com              *.googleadservices.com              *.g.doubleclick.net              *.gstatic.com              *.search.windows.net              *.hs-banner.com              *.textkernel.com              *.ads.linkedin.com              *.hsadspixel.net              *.hubapi.com              *.hubspot.com              *.licdn.com              *.azure.net               *.facebook.net              *.facebook.com              *.pardot.com               *.kforce.com               *.googleapis.com               *.google.com               *.dropbox.com               *.ceros.com              *.ytimg.com              *.ggpht.com              *.cloudfront.net              *.cloudflare.com              *.youtube.com              *.linkedin.com              *.monster.com               *.twitter.com               *.indeed.com              *.apply.indeed.com              http://www.google-analytics.com/analytics.js               https://snap.licdn.com/li.lms-analytics/insight.min.js               https://cdn.cookielaw.org/scripttemplates/otSDKStub.js               https://use.typekit.net/ukt6xtu.js              https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js              http://view.ceros.com/scroll-proxy.min.js              https://www.gstatic.com/charts/loader.js              https://www.gstatic.com/charts/loader.js              http://localhost:3000/3eab5490-eadc-43d5-87bc-2657aae153dd              http://localhost:3000/0867403a-379c-4b62-a8df-69e3ad545b27              http://localhost:3000/1aaeb673-3786-4d80-849e-76ae71249686              http://localhost:3000/048650c0-1d10-426d-8e6d-e235201124d3              https://stage2.kforce.com/64ec2d2d-acc2-4834-866a-ff3384224de9              https://stage2.kforce.com/abb93004-e801-4692-a182-a51d27a9bc33              https://staging.textkernel.com/match/js/tkwidget.js              https://apply.indeed.com/indeedapply/env              https://login.monster.com/awm/en_US/awm.js              https://apis.google.com/js/api.js              https://apis.google.com/js/client.js              https://kforceuploadstage.azurewebsites.net/signalr/hubs              https://d3fw5vlhllyvee.cloudfront.net/indeedapply/s/6637e31/indeedapply-compiled.js               https://www.googletagmanager.com/              https://js.hsadspixel.net/fb.js              https://js.hs-analytics.net/              https://js.hs-banner.com/v2/20553560/banner.js              https://www.youtube.com/              http://www.googleadservices.com/;                             1
default-src 'self' *.saptco.com.sa *.oppwa.com *.mastercard.com ;              font-src 'self' data: fonts.gstatic.com *.googleapis.com ;              img-src * data: ;              style-src 'self' 'unsafe-inline' *.oppwa.com ppipe.net *.ppipe.net ;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost *.googletagmanager.com *.google-analytics.com *.google.com *.saptco.com.sa saptco.com.sa *.googleapis.com *.gstatic.com https://www.gstatic.com code.jquery.com *.oppwa.com oppwa.com ppipe.net *.ppipe.net;              frame-src 'self' https://www.youtube.com/ youtube.com  *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.mastercard.com *.ppipe.net ppipe.net oppwa.com ppipe.net *.ppipe.net ;              frame-ancestors 'self'  *.google.com *.saptco.com.sa *.oppwa.com *.mastercard.com mtf.gateway.mastercard.com saptco.com.sa https://mtf.gateway.mastercard.com ppipe.net oppwa.com *.ppipe.net ;              connect-src 'self' localhost *.google-analytics.com stats.g.doubleclick.net *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com ppipe.net *.ppipe.net ;              style-src-elem 'self' 'unsafe-inline' *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com oppwa.com ppipe.net *.ppipe.net ; 1
frame-ancestors 'self' https://*.axfood.se https://*.willys.se https://*.hemkop.se 1
base-uri 'self';img-src https:;object-src 'none';upgrade-insecure-requests; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: data:; style-src https: 'unsafe-inline'; 1
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com;upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' http://cdnjs.cloudflare.com/ajax/libs/babel-core/5.6.15/browser-polyfill.min.js https://cdnjs.cloudflare.com https://www.gstatic.com *.google.com www.google-analytics.com https://js-agent.newrelic.com https://aamc.tfaforms.net https://www.googletagmanager.com https://gateway.foresee.com https://www.youtube.com https://bam.nr-data.net https://bam-cell.nr-data.net https://platform.twitter.com https://api.connectedcommunity.org https://unpkg.com https://cdn.jsdelivr.net https://extend.vimeocdn.com https://ajax.googleapis.com/ https://www.googleadservices.com https://gateway.answerscloud.com https://connect.facebook.net https://www.google.co.in *.aamc.org https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://gateway.foresee.com https://fonts.googleapis.com *.aamc.org https://aamc.tfaforms.net https://unpkg.com https://gateway.answerscloud.com; img-src 'self' https://www.google-analytics.com https://gateway.foresee.com data: *.aamc.org https://www.googletagmanager.com https://bam.nr-data.net https://aamc.tfaforms.net https://i.vimeocdn.com https://i.ytimg.com https://gateway.answerscloud.com https://www.facebook.com https://googleads.g.doubleclick.net  https://www.google.com https://www.google.co.in https://feedback-logo.foresee.com; frame-src 'self' https://www.youtube.com *.google.com https://player.vimeo.com https://platform.twitter.com https://api.connectedcommunity.org *.simplecast.com https://aamc-medical-breakthroughs.netlify.com https://aamc-shub2.s3.amazonaws.com/ https://aamc-shub.s3.amazonaws.com/ *.aamc.org https://td.doubleclick.net; child-src 'self' https://www.youtube.com *.google.com https://player.vimeo.com https://platform.twitter.com https://api.connectedcommunity.org *.simplecast.com https://aamc-medical-breakthroughs.netlify.com https://aamc-shub2.s3.amazonaws.com/ https://aamc-shub.s3.amazonaws.com/ *.aamc.org https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://gateway.foresee.com https://themes.googleusercontent.com https://fonts.gstatic.com data data:; report-uri /report-csp-violation 1
default-src 'none'; navigate-to 'none'; form-action 'none' 1
default-src 'self'; font-src https://fonts.gstatic.com; img-src 'self' https://play.google.com; style-src 'self' https://fonts.googleapis.com 1
default-src 'self';base-uri 'self';font-src 'self';frame-ancestors 'self';img-src * 'self' data:;object-src 'none';script-src 'self' https://webstatistik.landbw.de;script-src-attr 'none';style-src 'self' 'unsafe-inline';block-all-mixed-content ;media-src https:;frame-src 'self' https://youtube.com https://www.youtube.com https://*.service-bw.de:*;connect-src 'self' http://127.0.0.1:24727 https://webstatistik.landbw.de 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com https://cdnjs.cloudflare.com https://www.youtube.com https://z.moatads.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://api.ipify.org https://googleads.g.doubleclick.net https://www.googleadservices.com api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com https://display.ugc.bazaarvoice.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://ad.doubleclick.net https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://res.cloudinary.com https://www.google.com https://www.google.hr https://googleads.g.doubleclick.net https://insight.adsrvr.org i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com https://pandg.tapad.com https://www.youtube-nocookie.com www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self' https://newaccount.wsfsbank.com; 1
frame-src *; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.sheerid.com https://*.truefitcorp.com https://adservice.google.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://cfjump.lululemon.co.nz https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://o4503962274299904.ingest.sentry.io https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://smetrics.lululemon.co.nz https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.cfjump.com https://t.teads.tv https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.nz https://www.lululemon.co.uk https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com api.scribit.pro  *.siteimprove.com *.haarlem.nl *.openstreetmap.org; font-src 'self' data: *.googleusercontent.com *.haarlem.nl; frame-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu https://kaart.haarlem.nl https://open.spotify.com https://api.soundcloud.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.haarlem.nl *.openstreetmap.org; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js *.haarlem.nl 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-hashes' *.haarlem.nl 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://zandvoort.nl 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com *.google-analytics.com *.analytics.google.com analytics.google.com tpc.googlesyndication.com www.googletagmanager.com tagmanager.google.com www.gstatic.com players.brightcove.net app-lon09.marketo.com vjs.zencdn.net cdn.ampproject.org adservice.google.com sadmin.brightcove.com www.eventbrite.com cdn.mouseflow.com optimize.google.com www.googleadservices.com thedeal.com metrics.brightcove.com secure.gravatar.com pagead2.googlesyndication.com dify.wpengine.com ssl.gstatic.com fonts.googleapis.com yoast.com fonts.gstatic.com w.soundcloud.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net o2.mouseflow.com *.euromoneyplc.com ps.w.org my.wpengine.com www.googletagservices.com *.googlesyndication.com www.buzzsprout.com cdn.shortpixel.ai snap.licdn.com px.ads.linkedin.com p.adsymptotic.com s.w.org *.pardot.com bankingfinance.euromoney.com *.thedeal.com code.jquery.com cdn.jsdelivr.net *.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.linkedin.oribi.io *.doubleclick.net *.g.doubleclick.net www.google.co.uk js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com blob: data: 1
script-src 'self' blob: https://www.smartsuppchat.com/ https://*.smartsuppcdn.com/ https://www.googletagmanager.com/ https://*.googleapis.com/ https://*.facebook.net/ 'nonce-XmfnXcKhz78rBHwwo6EF6w==' 1
default-src 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; style-src 'self' 'unsafe-inline' *.abtasty.com *.inbenta.com *.whisbi.com https://www2.movistar.com.ec https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://i.icomoon.io/ https://statics.rigel-m.com; img-src 'self' https://mcstaging.movistar.com.ec https://tienda.movistar.com.ec *.abtasty.com *.awin1.com https://digitalhub.g2afse.com *.zenaps.com https://www.lightboxcdn.com *.googleusercontent.com https://ad.soicos.com https://googleads.g.doubleclick.net https://track.leadsinbx.com https://tracking.global-analitics.net https://inboxlabs.go2cloud.org https://pixel.loganmedia.mobi https://leadgenios.net https://pixel.loganmedia.mobi https://digitalhub.g2afse.com https://offers-digitalhub.affise.com https://track.notonlymedia.com *.jwpltx.com https://s3-eu-west-1.amazonaws.com *.whisbi.com *.clarity.ms https://rigelprod.s3-us-west-2.amazonaws.com *.googleusercontent.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://analytics.twitter.com https://bat.bing.com https://statics.rigel-m.com https://ww2.movistar.cl https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com https://static-a.pushpushgo.com https://fonts.googleapis.com https://www.google-analytics.com https://t.co https://px.ads.linkedin.com https://p.adsymptotic.com https://www2.movistar.com.ec https://www.linkedin.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.ec https://optimize.google.com https://www.facebook.com https://connect.facebook.net https://vyvenv.movistar.com.ec data: https://rigelprod.s3.us-west-2.amazonaws.com; child-src 'self'; font-src 'self' data: *.whisbi.com *.abtasty.com https://statics.rigel-m.com https://i.icomoon.io https://fonts.gstatic.com https://i.icomoon.io/public/7ef7ab5d8b/NuevoSitioPblico/icomoon https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com; script-src 'self' 'unsafe-inline' https://geolocation-db.com/json 'unsafe-eval' *.abtasty.com https://www.dwin1.com *.awin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://optimize.google.com https://cf.ignitionone.com https://api.zetaglobal.net https://api.lightboxcdn.com https://d30o4d63vvluug.cloudfront.net https://cdn.boomtrain.com https://www.lightboxcdn.com https://live.rezync.com *.facebook.com *.jwpcdn.com *.inbenta.com *.whisbi.com https://script.hotjar.com https://maps.googleapis.com https://execution-ci360.movistar.com.ec https://www.clarity.ms https://lambda.rigel-m.com/ https://www.gstatic.com https://resources-rt.idx.lat https://googleads.g.doubleclick.net http://bat.bing.com http://cdn.matomo.cloud https://analytics.tiktok.com https://connect.facebook.net http://platform.twitter.com https://www.google-analytics.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://statics.rigel-m.com http://static.ads-twitter.com http://api.retargetly.com https://s-eu-1.pushpushgo.com/; frame-src 'self' *.awin1.com *.abtasty.com *.zenaps.com https://chattde.socialgateway.net https://movistarecuador.speedtestcustom.com/ https://resources-rt.idx.lat https://www.youtube.com https://www.tiktok.com/ http://api.retargetly.com https://www.facebook.com/ https://www.google.com/ https://4625545.fls.doubleclick.net https://api.retargetly.com https://optimize.google.com https://vars.hotjar.com https://gum.criteo.com/; object-src 'none'; frame-ancestors 'self' *.abtasty.com https://www.akimovil.ec https://www.maxiplus.ec ; connect-src 'self' *.abtasty.com https://statics.rigel-m.com https://i.icomoon.io/public/7ef7ab5d8b/NuevoSitioPblico/style.css https://rigelprod.s3.us-west-2.amazonaws.com https://lambda.rigel-m.com/sitio-publico/push-web/subscription https://lambda.rigel-m.com/sitio-publico/push-web/remove-subscription https://lambda.rigel-m.com/sitio-publico/push-web/install https://lambda.rigel-m.com/sitio-publico/analytic/subscription https://api.ipify.org/?format=json https://mcstaging.movistar.com.ec https://tienda.movistar.com.ec https://dwin1.com https://awin1.com https://zenaps.com https://*.wepowerconnections.com http://the.sciencebehindecommerce.com https://wepowerconnections.com https://meta.rigel-m.com https://googleads.g.doubleclick.net https://google.com https://www.google.com https://cf.ignitionone.com https://api.zetaglobal.net https://onsiterecs.api.boomtrain.com https://events.api.boomtrain.com https://api.lightboxcdn.com https://people.api.boomtrain.com https://cdn.boomtrain.com https://www.lightboxcdn.com https://live.rezync.com https://region1.analytics.google.com *.facebook.com https://www.googleadservices.com *.jwpcdn.com *.clarity.ms *.movistar.com.ec *.whisbi.com https://statics.rigel-m.com https://l.clarity.ms https://maps.googleapis.com https://execution-ci360.movistar.com.ec https://i.clarity.ms https://s-eu-1.pushpushgo.com https://analytics.tiktok.com https://integradsmedia.matomo.cloud https://rigelprod.s3-us-west-2.amazonaws.com https://api.pushpushgo.com https://www.googletagmanager.com https://lambda.rigel-m.com https://wa.appsflyer.com/ https://wa.onelink.me/ https://rt.idx.lat/ https://www.gstatic.com/recaptcha/ https://www2.rigel-m.com https://analytics.google.com https://uat.rigel-m.com https://www.google-analytics.com https://stats.g.doubleclick.net wss: *.hotjar.com https://vc.hotjar.io hotjar.io hotjar.com; media-src 'self' blob: *.movistar.com.ec https://statics.rigel-m.com; worker-src 'self' blob: https://api.pushpushgo.com https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com; 1
default-src 'self';script-src 'self' 'nonce-S2UqbR8ckGLz1EtFiRkNGOph8'; style-src 'self' 'nonce-S2UqbR8ckGLz1EtFiRkNGOph8'; object-src 'none';base-uri 'self';img-src 'self' https:;connect-src 'self' https://pagure.io:8088;frame-src https://docs.pagure.org;frame-ancestors https://pagure.io; 1
style-src 'self' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-71b63080-ccc0-46e0-baa2-00c397f63088' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
object-src 'none'; script-src 'nonce-8VPNAsmHDTfM+W3FdPoF6w==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
default-src 'self' *.zohostatic.com *.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoho.com d17nz991552y2g.cloudfront.net *.zohostatic.com *.zohocdn.com *.googleapis.com desk.zoho.com wchat.freshchat.com unpkg.com cdn.ckeditor.com widget.freshworks.com *.runsam.com *.google.com *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com/ajax/libs/popper.js/ cdnjs.cloudflare.com/ajax/libs/Chart.js/ cdn.slaask.com js.stripe.com cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/ gitcdn.github.io/bootstrap-toggle/ cdnjs.cloudflare.com/ajax/libs/moment.js/ stats.pusher.com;style-src 'self' 'unsafe-inline' static.zohocdn.com css.zohocdn.com d3el7j01zd7apf.cloudfront.net *.runsam.com *.zohostatic.com cdn.ckeditor.com widget.freshworks.com stackpath.bootstrapcdn.com *.typekit.net wchat.freshchat.com maxcdn.bootstrapcdn.com gitcdn.github.io/bootstrap-toggle/ fonts.googleapis.com data:;img-src 'self' *.zoho.com *.zohopublic.com developers.google.com maps.google.com *.zohocdn.com d3el7j01zd7apf.cloudfront.net *.googleapis.com avatars.slack-edge.com *.gstatic.com cdn.ckeditor.com cdn.slaask.com ssl.gstatic.com/accounts/strongauth/ files.runsam.com www.gravatar.com i2.wp.com via.placeholder.com cms.runsam.com samcmsuser.s3.amazonaws.com samscreenshots.s3.amazonaws.com secure.gravatar.com uploads.slaask.com data:;font-src 'self' *.zohocdn.com webfonts.zohowebstatic.com *.zohostatic.com d3el7j01zd7apf.cloudfront.net stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com use.typekit.net files.runsam.com fonts.gstatic.com data:;frame-src 'self' *.signsdev.runsam.com *.signs.runsam.com *.youtube.com *.zohopublic.com js.stripe.com *.google.com wchat.freshchat.com *.webpush.freshchat.com;connect-src 'self' wss://vts.zohopublic.com *.runsam.com *.zoho.com salesiq.zohopublic.com slaask.com *.pusher.com editnew.freshdesk.com samsignlogs.s3.amazonaws.com widget.freshworks.com ws://ws.pusherapp.com wss://remote.runsam.com;media-src 'self' samcmsuser.s3.amazonaws.com cdn.slaask.com *.zohostatic.com;prefetch-src 'self' *.zohostatic.com d3el7j01zd7apf.cloudfront.net ; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.amkor.com amkor.com *.cookieyes.com cdn-cookieyes.com *.clarity.ms *.litix.io *.wistia.net *.wistia.com embedwistia-a.akamaihd.net *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.youtube.com; img-src 'self' data: c44f5d406df450f4a66b-1b94a87d576253d9446df0a9ca62e142.ssl.cf2.rackcdn.com cdn-cookieyes.com *.doubleclick.net *.youtube.com *.clarity.ms *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net; style-src 'self' data: 'unsafe-inline' *.youtube.com fonts.googleapis.com use.fontawesome.com; 1
default-src 'self'; script-src 'self' *.cloudflare.com *.google.com cdn.datatables.net maps.googleapis.com www.gstatic.com cdn.jsdelivr.net www.youtube.com *.kapturecrm.com *.adjetter.com mrdiy.aichat.site www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.datatables.net *.cloudflare.com fonts.googleapis.com unpkg.com *.kapturecrm.com *.adjetter.com mrdiy.aichat.site 'unsafe-inline'; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com *.kapturecrm.com www.gozayaan.com mrdiy.aichat.site; connect-src 'self' *.kapdesk.com wss: maps.googleapis.com *.facebook.com *.kapturecrm.com *.adjetter.com socialplugin.facebook.net; media-src 'self'; frame-src 'self' *.facebook.com *.google.com plugins.flockler.com mrdiy.listedcompany.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com/ https://fonts.googleapis.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://player.vimeo.com/ https://developers.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://widgets.q4app.com/ https://maxcdn.bootstrapcdn.com/ https://secure.gravatar.com/ https://s.w.org/ https://ps.w.org/; script-src 'unsafe-inline' https: *.google-analytics.com/; connect-src https://www.google-analytics.com/ 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.adnxs.com *.hays.com.au *.recaptcha.net tag.benchplatform.com  *.serving-sys.com *.iron0walk.com *.botrecruiter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com  *.accesstrade.net *.ads-twitter.com  *.audioboom.com  secure-ds.serving-sys.com  soundcloud.com *.licdn.com *.doubleclick.net *.googleadservices.com acsbapp.com *.criteo.net  *.criteo.com  *.outbrain.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.quantserve.com *.quantcount.com *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.youku.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com font-src https://v.qq.com prefmgr-cookie.truste-svc.ne 'self' 'unsafe-inline'; v.qq.com data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-912fa9afec4f22c9a3fcc0c7d247348d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://ihealthspot.com https://*.ihealthspot.com 1
frame-ancestors 'self' https://*.property-research-prod.property.com.au; upgrade-insecure-requests; 1
frame-ancestors 'self' https://clientpoint.net https://*.clientpoint.net; 1
default-src v8.seco.tools 'self' 'unsafe-inline' 'unsafe-eval' data: test-secotools.service.signalr.net rc-secotools.service.signalr.net test-secotools.azurewebsites.net staging-secotools.azurewebsites.net rc-secotools.azurewebsites.net demo-secotools.azurewebsites.net usercontent.azureedge.net prod-usercontent.azureedge.net dev-usercontent.azureedge.net test-usercontent.azureedge.net secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net staging-secotools.azureedge.net test-secotools.azureedge.net dev-secotools.azureedge.net secoresources.azureedge.net common-secoresources.azureedge.net *.secotools.com www.secotools.com seco.tools *.google.com www.google-analytics.com *.google-analytics.com *.g.doubleclick.net www.googleadservices.com www.sitester.com *.ipapercms.dk *.ytimg.com *.youtube.com *.qq.com *.qpic.cn *.jotformeu.com *.jotform.me w.usabilla.com *.googletagmanager.com *.facebook.com www.facebook.com connect.facebook.net www.linkedin.com *.linkedin.com snap.licdn.com d6tizftlrpuof.cloudfront.net p.adsymptotic.com cdn.cookielaw.org www.home.sandvik manufacturingtransformation.io media-api.flockler.com s3.amazonaws.com gallery.secotools.data-room.de rsms.me talenthub-storage.s3.eu-central-1.amazonaws.com *.talenthub.io sf-asset-manager.s3.amazonaws.com cdn.linkedin.oribi.io googleads.g.doubleclick.net bizzabo.com fonts.bunny.net toolassemblerservices-assets.tdm-cloud.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws; font-src 'self' secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net test-secotools.azureedge.net staging-secotools.azureedge.net dev-secotools.azureedge.net fonts.gstatic.com d6tizftlrpuof.cloudfront.net fonts.bunny.net rsms.me cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.secotools.com securetest.secotools.com emails.secotools.com secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net test-secotools.azureedge.net staging-secotools.azureedge.net dev-secotools.azureedge.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net snap.licdn.com connect.facebook.net w.usabilla.com api.usabilla.com cdn.cookielaw.org https://talenthub.io https://s3.eu-central-1.amazonaws.com www.googletagmanager.com *.talenthub.io s3.eu-central-1.amazonaws.com info.secotools.com snap.licdn.com d6tizftlrpuof.cloudfront.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; frame-src https://secure.secotools.com https://securetest.secotools.com *.secotools.com https://secolocator.com www.secolocator.com form.jotform.com form.jotformeu.com ipaper.ipapercms.dk www.youtube.com www.facebook.com d6tizftlrpuof.cloudfront.net step.manufacturingtransformation.io accounts.bizzabo.com forms.office.com v.qq.com; connect-src https: wss://test-secotools.service.signalr.net wss://rc-secotools.service.signalr.net wss://prod-secotools.service.signalr.net; report-uri /core/api/Monitoring/SaveCSPReport 1
default-src 'self';script-src 'self' 'nonce-NGRmOTMxYzc1ZDc1NjczMQ==' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.youtube.com addthis.com *.addthis.com *.google.com z.moatads.com v1.addthisedge.com *.googleadservices.com;img-src 'self' data: *.gstatic.com *.google.com www.googleapis.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com;frame-src 'self' www.youtube.com addthis.com *.addthis.com *.google.com;font-src 'self' data: fonts.gstatic.com;connect-src 'self' www.google-analytics.com addthis.com *.addthis.com *.doubleclick.net;frame-ancestors 'self';form-action 'self'; 1
default-src 'none'; script-src 'unsafe-inline' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline'; img-src *; style-src * 'unsafe-inline'; font-src *; frame-src 'self' https://www.google.com/recaptcha/; form-action 'self' 1
default-src 'self' widget.trustpilot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://web-sdk.smartlook.com/ https://api.uxsniff.com/cdn/js/uxsnf_track.js https://teddytor.abtasty.com/ https://player.vimeo.com/api/ x.clearbitjs.com reveal.clearbit.com wwww.trustpilot.com widget.trustpilot.com js.na.chilipiper.com www.googleadservices.com tag.clearbitscripts.com bat.bing.com unpkg.com www.googleoptimize.com static.ads-twitter.com snap.licdn.com js.partnerstack.com prismic.io widget.trustpilot.com connect.facebook.net googleads.g.doubleclick.net js.intercomcdn.com js.hsleadflows.net widget.intercom.io client.axept.io static.axept.io serve.albacross.com www.google-analytics.com js.hs-analytics.net try.abtasty.com b.sf-syn.com js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com capterra.com sourceforge.net static.cdn.prismic.io js.hs-scripts.com analytics.google.com https://web-sdk.smartlook.com/recorder.js https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://www.gstatic.com/recaptcha/ blob: *.abtasty.com *.googleapis.com; child-src 'self'; connect-src *; frame-ancestors 'self' localhost:9999 localhost:3000; style-src 'self' 'unsafe-inline' teddytor.abtasty.com common-fonts.abtasty.com https://teddytor.abtasty.com/ https://common-fonts.abtasty.com/; img-src 'self' data: https: greenly.cdn.prismic.io images.prismic.io prismic-io.s3.amazonaws.com assets.capterra.com; font-src 'self' fonts.intercomcdn.com common-fonts.abtasty.com; media-src 'self' greenly.cdn.prismic.io js.intercomcdn.com; frame-src 'self' https://greenly.cdn.prismic.io/ https://player.vimeo.com/video/ https://player.vimeo.com player.vimeo.com player.vimeo.com/ www.youtube.com youtube.com www.facebook.com wwww.trustpilot.com widget.trustpilot.com greenly.prismic.io td.doubleclick.net https://greenly.na.chilipiper.com/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://recaptcha.google.com/recaptcha/ https://app.storylane.io/ 1
block-all-mixed-content; default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' https://up.nttdata.com/ https://app.secureprivacy.ai https://www.googleadservices.com http://fast.wistia.net https://www.google.co.uk https://www.youtube.com https://secure.hiss3lark.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://region1.google-analytics.com https://www.google-analytics.com http://report.datamints.com https://www.googletagmanager.com http://pi.pardot.com http://cdn.pardot.com https://cdn.cookielaw.org https://snap.licdn.com/ https://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://px.ads.linkedin.com https://analytics.twitter.com 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com 'unsafe-inline'; style-src 'self'  https://app.secureprivacy.ai https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src data: 'self' https://assets-jpcust.jwpsrv.com/ https://cdn.jwplayer.com/ https://p.adsymptotic.com/d/px/ https://app.secureprivacy.ai https://mc-a78accac-9008-4b4a-a630-822738-cdn-endpoint.azureedge.net https://mc-df12be52-7d83-4f7a-b108-778850-cdn-endpoint.azureedge.net https://mc-8afc6902-e56c-432c-8c3f-3991-cdn-endpoint.azureedge.net https://googleads.g.doubleclick.net https://www.google.co.uk https://px4.ads.linkedin.com https://ps.eyeota.net https://tags.bluekai.com/ https://x.bidswitch.net/ https://us-u.openx.net/ https://dpm.demdex.net/ https://id5-sync.com https://attr.ml-api.io https://secure.adnxs.com https://ads.avct.cloud https://s.ml-attr.com https://ads.avocet.io http://www.googletagmanager.com https://www.google.it https://www.google.com https://www.google-analytics.com http://report.datamints.com https://cdn.cookielaw.org/ https://px.ads.linkedin.com https://t.co https://www.linkedin.com https://www.linkedin.com https://www.facebook.com https://optimize.google.com; media-src 'self' https://mc-a78accac-9008-4b4a-a630-822738-cdn-endpoint.azureedge.net https://mc-df12be52-7d83-4f7a-b108-778850-cdn-endpoint.azureedge.net https://mc-8afc6902-e56c-432c-8c3f-3991-cdn-endpoint.azureedge.net; font-src 'self' https://fonts.gstatic.com/ https://fonts.gstatic.com; connect-src 'self' https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://pagead2.googlesyndication.com/ https://cdn.linkedin.oribi.io/ https://api-prod.secureprivacy.ai https://region1.google-analytics.com https://report.datamints.com https://privacyportal-de.onetrust.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com; child-src 'self'  http://fast.wistia.net https://player.vimeo.com https://www.gstatic.com https://www.google.com https://w.soundcloud.com https://www.ivoox.com https://open.spotify.com https://www.youtube-nocookie.com; object-src 'self'; form-action 'self' ; frame-ancestors 'self'; frame-src https://nttdatanewyear.com/ https://diadegalicia2023.com/ https://www.diadegalicia2023.com/ https://api.dolffia.com/ https://player.simplecast.com/ https://embed.podcasts.apple.com/ https://www.ivoox.com/ https://player.hihaho.com/ https://app.secureprivacy.ai https://w.soundcloud.com https://optimize.google.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://www.youtube-nocookie.com https://api.nttdatanewyear.com/ 1
frame-ancestors 'self' https://*.civic.com.au https://*.xpress.com.au; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.google.com *.tawk.to *.hoanmy.com *.googletagmanager.com *.gstatic.com *.doubleclick.net maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.google.com *.hoanmy.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
default-src 'self' *.hs-mannheim.de *.b-ite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-mannheim.de *.b-ite.com; img-src 'self' data: *.hs-mannheim.de; style-src 'self' 'unsafe-inline' *.hs-mannheim.de; frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 1
frame-ancestors 'self' *.gomarquis.com *.zagclients.net 1
frame-ancestors 'self' *.elavonpaymentgateway.com  1
default-src 'self' multimedia.gsb.bund.de medien.bmi.bund.de; base-uri 'self'; font-src 'self'  data: medien.bmi.bund.de; style-src 'self' 'unsafe-inline' *.twitter.com medien.bmi.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com   medien.bmi.bund.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com hls-hd.myrasec.de     medien.bmi.bund.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com medien.bmi.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.cio.bund.de *.newsletter2go.com   medien.bmi.bund.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 1
frame-ancestors 'self'; frame-src https://gateway.fxhash2.xyz https://fs-emulator.fxhash2.xyz https://onchfs.fxhash2.xyz https://*.spotify.com/ https://spotify.com https://*.youtube.com/ https://youtube.com https://*.twitter.com/ https://twitter.com https://codepen.io https://openprocessing.org https://checkout.usewinter.com/ https://widget.wert.io https://centinelapi.cardinalcommerce.com https://verify.walletconnect.com/ 'self'; 1
frame-ancestors 'self' *.tcgplayer.com *.channelfireball.com app.optimizely.com 1
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; img-src *; connect-src *; style-src 'self' 'unsafe-inline';frame-src 'self' *; frame-ancestors *; 1
upgrade-insecure-requests; base-uri 'self'; default-src 'none'; frame-ancestors 'none'; object-src 'none'; script-src 'none'; require-trusted-types-for 'script'; form-action 'none'; report-uri https://defesa.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.facebook.com 1
default-src 'self';img-src 'self' data: www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net script.hotjar.com bat.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://portal.resurgent.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.vo.msecnd.net static.hotjar.com script.hotjar.com bat.bing.com;script-src-elem 'self' 'unsafe-inline' https://portal.resurgent.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ www.googletagmanager.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com bat.bing.com;connect-src 'self' https://portal.resurgent.com  *.services.visualstudio.com www.google-analytics.com analytics.google.com adservice.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bat.bing.com;font-src 'self' portal.resurgent.com script.hotjar.com;style-src 'self' 'unsafe-inline';frame-src 'self' www.youtube-nocookie.com;block-all-mixed-content;report-uri /api/csp-violation/;report-to csp-endpoint 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MDkyZWRmYjI2Y2FhNGNjOWE3NTNjZWE5OGU3NGEwMmE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.scp.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.scp.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.scp.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com servicekrungsrigroup.com *.2c2p.com *.ktc.co.th *.kasikornbank.com *.facebook.com https://webto.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8 https://test.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8&orgId=00DA80000002Hft https://dohomecrm--dev.sandbox.my.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8&orgId=00DA80000002Hft https://dohomecrm--uat.sandbox.my.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8&orgId=00DA80000002HhV 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.google.com/ https://www.youtube.com *.cardinalcommerce.com *.google.com *.authorize.net *.weltpixel.com *.wesupply.xyz *.kasikornbank.com *.doubleclick.net *.facebook.com *.polydojo.com *.dohome.technology *.sfmc-content.com *.pub.sfmc-content.com *.dohome.co.th 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com data: maps.googleapis.com maps.gstatic.com gateway.apaylater.com gateway.atome.sg https://www.magezon.com *.paypal.com *.ytimg.com *.dohome.com *.dohome.co *.dohome.co.th *.magentocommerce.com *.dohome.technology *.facebook.com *.smartosc.com *.flix360.io *.flix360.com *.flixcar.com *.google.com *.line.me *.google.com.vn *.doubleclick.net *.google.co.th *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com www.youtube.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com gateway.apaylater.com *.atome.sg *.avada.io *.google.com/ *.dohome.technology *.smartosc.com *.dohome.co *.cardinalcommerce.com *.getnitropack.com *.zendesk.com *.zdassets.com *.nitrocdn.com *.getfirebug.com *.googleapis.com *.apaylater.com *.fontawesome.com *.bootstrapcdn.com *.google.com *.authorize.net *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.braintreegateway.com *.paypal.com *.ccdc02.com *.ytimg.com *.youtube.com *.gstatic.com *.googletagmanager.com *.magentocommerce.com *.vimeocdn.com data: *.magezon.com *.nitropack.io *.wesupply.xyz *.weltpixel.com *.requirejs.org *.kasikornbank.com *.facebook.net *.flixfacts.com *.flix360.io *.flixcar.com *.newrelic.com *.tiktok.com *.hotjar.com *.line-scdn.net *.doubleclick.net www.googletagmanager.com *.publitas.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com fonts.googleapis.com gateway.apaylater.com gateway.atome.sg *.fontawesome.com maxcdn.bootstrapcdn.com *.google.com/ *.avada.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.nr-data.net/ *.flixcar.com *.avada.io *.google.com google.com *.google.com.vn *.tiktok.com *.facebook.com www.facebook.com *.hotjar.io *.doubleclick.net *.googlesyndication.com *.google-analytics.com wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.48hourprint.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
frame-ancestors 'self' https://insights.openasset.com https://openasset.pathfactory.com 1
frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://*.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.googleadservices.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com; img-src 'self' data: blob: https://www.google.ro https://www.google.com https://*.gstatic.com https://www.zoho.com https://sources-fgo.s3.eu-central-1.amazonaws.com https://sources-fgo-test.s3.eu-central-1.amazonaws.com https://fgo-ext-docs.s3.eu-central-1.amazonaws.com https://sources.fgo.ro https://s3.eu-central-1.amazonaws.com https://www.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self' https://accounts.google.com https://login.microsoftonline.com https://logincert.anaf.ro https://www.facebook.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' https://www.youtube.com https://www.google.com https://fgo-docs.s3.eu-central-1.amazonaws.com https://td.doubleclick.net https://www.facebook.com 1
base-uri 'self'; default-src 'self' https://*.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://embed.tawk.to https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://*.vimeo.com https://www.google-analytics.com https://*.simplycast.com https://*.simplycast.ca 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' * 'self' data:; font-src *; connect-src 'self' https://*.tawk.to wss://*.tawk.to https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.simplycast.com; img-src * 'self' data:; 1
default-src 'none'; style-src 'self'; img-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
frame-src 'self' *.youtube.com *.line.me *.line-beta.biz *.line.biz *.facebook.com *.twitter.com;frame-ancestors 'self' https://admanager.line-beta.biz/ https://ladm-internal.beta-sentinel.linecorp.com/ https://rc-admanager.line.biz/ https://rc-admanager.line.biz/ https://admanager.line.biz/ https://ladm-internal.sentinel.linecorp.com/ 1
frame-ancestors 'self' https://obramax.lightning.force.com https://obramax--staging.sandbox.my.salesforce.com https://obramax.my.salesforce.com https://obramax--staging.sandbox.my.salesforce.com https://obramaxdev.service-now.com https://obramax--staging.sandbox.lightning.force.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://player.vimeo.com https://*.translate.naver.net https://*.akamaihd.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.co.uk blob: https://tr6.snapchat.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindcommerece.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net  https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.exantediet.com https://m.exantediet.com https://checkout.exantediet.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://s.trustpilot.com https://*.microsofttranslator.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://tr.snapchat.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-2HcD2SuuhCKmlxewhkFy9AuUxk4DwZJLbA0CHWyO22dM9jfm'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net *.surveymonkey.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/  https://snap.licdn.com https://player.vimeo.com/ https://maps.googleapis.com https://*.skedify.io https://ajax.googleapis.com 'strict-dynamic' 'nonce-YcSg9YYjWrRMJC1ySrI9Ng=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://forms.hscollectedforms.net https://www.google.com https://www.facebook.com/  *.linkedin.com *.g.doubleclick.net https://keeper.24sessions.com/ https://gwg2gtbjx2.execute-api.eu-central-1.amazonaws.com/ https://maps.googleapis.com https://api.skedify.io https://o323299.ingest.sentry.io https://cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.hsappstatic.net cdn2.hubspot.net https://ajax.googleapis.com https://plugin.skedify.io; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com https://www.google.be maps.googleapis.com maps.gstatic.com; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://vimeo.com/ https://player.vimeo.com/ https://bankvanbreda.24sessions.com/ https://rekentool.allyoursbe.be/ https://www.facebook.com/ https://platform.twitter.com/ https://view.genial.ly/ *.libsyn.com https://*.skedify.io https://nl.eu.surveymonkey.com/ https://open.spotify.com/; ; upgrade-insecure-requests; 1
frame-ancestors 'self' https://display-rfh.webflow.io; 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn *.gstatic.com *.googleapis.com; connect-src 'self' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com data: *.google-analytics.com *.perfdrive.com *.analytics.google.com *.doubleclick.net *.googleapis.com *.shopping.com *.ebayimg.com wss://127.0.0.1:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn blob: data: *.google-analytics.com *.googletagmanager.com *.fidoapi.com *.translate.google.com *.akamaihd.net; upgrade-insecure-requests; frame-ancestors 'none' ; img-src 'self' https://* data:; default-src 'self' blob: data: wss: mediastream: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebayimg.com *.shopping.com *.gstatic.com https://github.com/google *.fontawesome.com *.bootstrapcdn.com *.doubleclick.net *.cloudflare.com;  report-uri https://monitor.ebay.com/csp-report/sdcui/DefaultPage?id=376973399910924398&rid=t6paerj1%3F%3D9iptpaerj1%3F*%3Bi~mw(rbpv674%3C-18d343ea4c0-0x2702#pd 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://writing.exchange; img-src 'self' https: data: blob: https://writing.exchange; style-src 'self' https://writing.exchange 'nonce-PjP6X/4+I3JIy9tqpqnJZA=='; media-src 'self' https: data: https://writing.exchange; frame-src 'self' https:; manifest-src 'self' https://writing.exchange; form-action 'self'; child-src 'self' blob: https://writing.exchange; worker-src 'self' blob: https://writing.exchange; connect-src 'self' data: blob: https://writing.exchange https://cdn.masto.host wss://writing.exchange; script-src 'self' https://writing.exchange 'wasm-unsafe-eval' 1
frame-ancestors https://www.as-goal.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; connect-src 'self' wss://nothirdpartycookies-roomapi-signalr.prod-aws.purechat.com https://b.clarity.ms wss://*.purechat.com https://*.purechat.com https://www.google-analytics.com https://apay-us.amazon.com https://www.paypal.com https://maps.googleapis.com https://bat.bing.com https://www.googletagmanager.com https://www.clarity.ms https://adservice.google.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.acsbapp.com https://*.clarity.ms https://pagead2.googlesyndication.com https://*.userway.org; 1
frame-ancestors 'self' *.doubleclick.net *.yape.tech *.yapetienda.com.pe *.yape.com.pe; form-action 'self' *.facebook.com *.qualtrics.com; default-src 'self' data: blob: *.dynatrace.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teads.tv *.tiktok.com *.cookiebot.com *.smooch.io https://zendesk-eu.my.sentry.io *.khoros.com *.hotjar.com *.office.net https://www.google-analytics.com *.office.com *.botframework.com *.youtube.com *.google.com https://www.googletagmanager.com https://www.googleanalytics.com *.google.com https://connect.facebook.net https://www.google.com *.easysol.net *.googleapis.com *.dynatrace.com https://www.gstatic.com *.conoret.com https://conoret.com https://static.ada.support *.zdassets.com *.zendesk.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.smooch.io https://zendesk-eu.my.sentry.io *.tiktok.com *.facebook.net *.teads.tv *.ada.support *.zdassets.com *.zendesk.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com https://www.google-analytics.com *.hotjar.com *.google.com https://www.googleadservices.com *.qualtrics.com https://unruffled-shannon-1a7413.netlify.app; img-src 'self' data: blob: *.teads.tv *.smooch.io https://zendesk-eu.my.sentry.io *.googleapis.com *.khoros.com *.doubleclick.net https://www.datocms-assets.com *.google.com *.googlesyndication.com https://www.google-analytics.com https://www.google.com *.google-analytics.com *.analytics.google.com *.facebook.com *.easysol.net https://www.gstatic.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com *.googleadservices.com *.gstatic.com *.doubleclick.net https://www.googleadservices.com https://staceu2yapefrntd10.blob.core.windows.net https://staceu2yapefrntc10.blob.core.windows.net https://staceu2yapefrntp10.blob.core.windows.net http://www.googletagmanager.com https://www.google.com.pe *.yandex.net *.ytimg.com *.qualtrics.com *.zdassets.com *.zendesk.com; style-src 'self' 'unsafe-inline' *.khoros.com https://www.gstatic.com *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com; font-src 'self' data: *.khoros.com *.azureedge.net *.gstatic.com; child-src *.office.com https://www.google.com *.googleapis.com; object-src 'self' blob https://noop.style; connect-src 'self' *.smooch.io https://zendesk-eu.my.sentry.io *.teads.tv *.tiktok.com *.cookiebot.com wss://*.zendesk.com wss://*.hotjar.com wss://api.smooch.io *.smooch.io https://zendesk-eu.my.sentry.io *.lcloud.com *.khoros.com *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com https://www.facebook.com *.botframework.com https://www.youtube.com wss://directline.botframework.com https://www.google-analytics.com *.doubleclick.net *.botframework.com https://www.googletagmanager.com *.space https://*.ada.support *.zdassets.com *.zendesk.com https://www.google.com *.google.com *.qualtrics.com https://bcpr42sh.staticmon.com https://eu2.device-api.indigitall.com https://www.datocms-assets.com; worker-src *.yape.com.pe www.yape.com.pe; frame-src 'self' https://www.facebook.com *.teads.tv *.cookiebot.com *.hotjar.com *.doubleclick.net https://bit.ly js2ios: * *.youtube.com *.office.com *.google.com http://google.com *.tiktok.com *.facebook.net yapepro.b2clogin.com; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ro https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.ro https://tags.tiqcdn.com https://www.dm.ro; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.ro https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.ro https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.ro https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.ro https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.ro https://signin.dm.ro; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self' https://docs.google.com https://app.hubspot.com https://www.google.com/; img-src 'self' data: https://www.google-analytics.com https://static.netify.ai https://track.hubspot.com; media-src 'self' https://static.netify.ai; connect-src 'self' https://www.google-analytics.com https://forms.hubspot.com https://api.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://forms.hubspot.com https://js.usemessages.com https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'unsafe-inline';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.toyota.gr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' http://buga23.magenta-magenta.de/; 1
default-src 'self'; script-src 'self' https://matomo.uniklinik-ulm.de/piwik.js *.usercentrics.eu https://www.youtube.com d3dc1lgancj6l0.cloudfront.net https://ausschreibungen.landbw.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://matomo.uniklinik-ulm.de *.usercentrics.eu; frame-src 'self' https://www.betterplace-widget.org https://www.swr.de/ https://www.google.com d3dc1lgancj6l0.cloudfront.net www.youtube-nocookie.com www.youtube.com; img-src 'self' data: www.uniklinik-ulm.de *.usercentrics.eu i.ytimg.com; manifest-src 'self'; media-src 'self' d3dc1lgancj6l0.cloudfront.net; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zoominfo.com https://ws.zoominfo.com https://lightning.us1.helium.servismatrixcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://tags.srv.stackadapt.com https://snap.licdn.com https://script.crazyegg.com https://js.zi-scripts.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tags.srv.stackadapt.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' wss://*.appsync-realtime-api.us-east-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://*.appsync-api.us-east-1.amazonaws.com https://www.google.com https://cognito-identity.us-east-1.amazonaws.com https://api.us1.helium.servismatrix.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://script.crazyegg.com https://px.ads.linkedin.com https://tags.srv.stackadapt.com https://js.zi-scripts.com https://ws.zoominfo.com https://tracking.crazyegg.com; img-src 'self' https://sborg-us1-stgcenlar.s3.amazonaws.com https://www.google.com https://px.ads.linkedin.com data: http://www.google-analytics.com https://www.linkedin.com; frame-src 'self' https://loanadministration.hosted.panopto.com https://www.google.com; frame-ancestors 'self' https://*.cenlar.com 1
default-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https:; font-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: data: http://fonts.gstatic.com; img-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: data: blob:; object-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https:; script-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: 'unsafe-inline' 'unsafe-eval'; style-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com/css; worker-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: blob:; media-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: blob:; connect-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: wss://realtime.sonix.ai wss://nexus-websocket-a.intercom.io ws://nexus-websocket-a.intercom.io 1
default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src www.googletagmanager.com kit.fontawesome.com code.jquery.com cse.google.com cdn.insight.sitefinity.com dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com web.edgewood.edu www.edgewood.edu td.doubleclick.net/ https://td.doubleclick.net/ 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.technolutions.net https://cdnjs.cloudflare.com https://doublethedonation.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://static.formstack.com https://edgewood.edu *.vimeocdn.com https://insight.adsrvr.org https://edgewood.aidcalculator.com/ *.aidcalculator.com/ *.edgewood.edu *.hotjar.com *.google-analytics.com *.doubleclick.net *.monsido.com *.eab.com https://*.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.technolutions.net https://cdnjs.cloudflare.com https://doublethedonation.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://static.formstack.com https://edgewood.edu *.vimeocdn.com https://*.hotjar.com *.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.edgewood.edu https://tk0x1.com www.google.com clients1.google.com px.ads.linkedin.com https://insight.adsrvr.org https://*.monsido.com https://*.google-analytics.com https://trkn.us https://marvel-b1-cdn.bc0a.com https://srv.stackadapt.com https://bbox.blackbaudhosting.com https://edgewood-college.formstack.com https://doublethedonation.com https://edgewood.edu *.vimeo.com https://*.hotjar.com *.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com doublethedonation.com static.formstack.com https://edgewood.edu https://*.hotjar.com *.hotjar.com; frame-src 'self' https://insight.adsrvr.org https://massinteract.com https://www.youtube.com https://www.facebook.com https://cdn.yoshki.com https://www.google.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://*.edgewood.edu https://edgewood-college.formstack.com https://afs.googlesyndication.com https://cse.google.com https://edgewood.edu *.vimeo.com https://d1eoo1tco6rr5e.cloudfront.net/ https://td.doubleclick.net/ https://edgewood.aidcalculator.com/ *.aidcalculator.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com analytics.google.com https://*.google-analytics.com https://*.fontawesome.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.technolutions.net https://*.monsido.com https://doublethedonation.com https://payments.blackbaud.com https://csp.withgoogle.com https://cse.google.com/ https://*.hotjar.com https://*.hotjar.io *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://cdn.edgewood.edu https://edgewood.edu https://vimeo.com https://youtube.com *.vimeo.com https://player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
object-src * data:;connect-src *;img-src data: d2d4310rrwbaad.cloudfront.net d1bfmhtbvef4pj.cloudfront.net drcntvyzls715.cloudfront.net d1kli5crpnno2b.cloudfront.net localhost:3001 localhost:3010 localhost:8188 localhost:44332 *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.justserve.org *.servir.org *.mithelfen.org *.sirveahora.org *.trustarc.com appleid.cdn-apple.com *.facebook.com maps.googleapis.com maps.gstatic.com *.googleapis.com i.ytimg.com *.facebook.net;script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.mithelfen.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval' app.leadsrx.com;script-src-attr *.facebook.net *.facebook.com 'unsafe-inline' 'unsafe-eval';style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.mithelfen.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline';frame-src *.youtube-nocookie.com *.trustarc.com;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self' *.projects-abroad.net fonts.googleapis.com fonts.gstatic.com code.jquery.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com native.testing.equest.com www.google.com *.docusign.net www.youtube.com youtu.be player.vimeo.com docs.google.com 'unsafe-inline' 'unsafe-eval' data: font;frame-src 'self' www.youtube.com www.vimeo.com vimeo.com www.yahoo.com www.dailymotion.com www.metacafe.com www.ustream.tv native.testing.equest.com *.amazonaws.com;connect-src 'self' *.orangehrm.com *.orangehrmlive.com;worker-src blob: 'self';img-src * 'self' data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ca.cib ca-cib.com *.ca-cib.com ca-cib.fr *.ca-cib.fr *.googleapis.com *.twitter.com *.gstatic.com *.google-analytics.com *.streamlike.com *.doubleclick.net *.typekit.net *.googletagmanager.com *.youtube.com youtube.com *.youtu.be youtu.be *.cloudfront.net *.cloudflare.com *.komgo.io ps-cdn1.imgix.net *.fontawesome.com *.matomo.cloud *.publispeak.com *.sentry-cdn.net *.sentry-cdn.com *.aticdn.net ext2.publispeak.com *.sentry.io *.xiti.com *.credit-agricole.fr *.credit-agricole.com *.emea.cib cdn.jsdelivr.net *.jsdelivr.net udvpaap000001zp.dev.cm.par.emea.cib:* uivpaap000000x9.int.cm.par.emea.cib:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ca.cib ca-cib.com *.ca-cib.com ca-cib.fr *.ca-cib.fr *.googleapis.com *.twitter.com *.gstatic.com *.google-analytics.com *.streamlike.com *.doubleclick.net *.typekit.net *.googletagmanager.com *.youtube.com youtube.com *.youtu.be youtu.be *.cloudfront.net *.cloudflare.com *.komgo.io ps-cdn1.imgix.net *.fontawesome.com *.matomo.cloud *.publispeak.com *.sentry-cdn.net *.sentry-cdn.com *.aticdn.net ext2.publispeak.com *.sentry.io *.xiti.com *.credit-agricole.fr *.credit-agricole.com *.emea.cib cdn.jsdelivr.net *.jsdelivr.net udvpaap000001zp.dev.cm.par.emea.cib:* uivpaap000000x9.int.cm.par.emea.cib:* https://www.google.com mdbootstrap.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.ca.cib ca-cib.com *.ca-cib.com ca-cib.fr *.ca-cib.fr *.googleapis.com *.twitter.com *.gstatic.com *.google-analytics.com *.streamlike.com *.doubleclick.net *.typekit.net *.googletagmanager.com *.youtube.com youtube.com *.youtu.be youtu.be *.cloudfront.net *.cloudflare.com *.komgo.io ps-cdn1.imgix.net *.fontawesome.com *.matomo.cloud *.publispeak.com *.sentry-cdn.net *.sentry-cdn.com *.aticdn.net ext2.publispeak.com *.sentry.io *.xiti.com *.credit-agricole.fr *.credit-agricole.com *.emea.cib cdn.jsdelivr.net *.jsdelivr.net udvpaap000001zp.dev.cm.par.emea.cib:* uivpaap000000x9.int.cm.par.emea.cib:* cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com 1
frame-ancestors *.payback.pl 1
frame-ancestors *.a2gov.org 1
child-src 'self' *.google.com; 1
frame-ancestors https://bgstay.com https://pochivka.bg https://*.pochivka.bg https://*.bgstay.com 1
default-src 'self' *.runsky.com http: https: 'unsafe-inline' 'unsafe-eval' blob: data: ;img-src *;frame-ancestors *.runsky.com; 1
frame-src 'self' vimeo.com *.vimeo.com *.vimeocdn.com vimeocdn.com youtube.com *.youtube.com *.google.com ilost.co *.ilost.co *.twitter.com *.meteo.be 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2M5NDBmOGRiOWU3NGMzZjgzNzgzMDQ5OGYwZjEwMTU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ilent.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ilent.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ilent.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com https://zingtree.com 1
default-src 'self' blob: data: https: https://camo.4f.to; connect-src 'self' blob: data: https: https://camo.4f.to; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: https: https://camo.4f.to; style-src 'self' 'unsafe-inline' data: https: https://camo.4f.to; font-src 'self' fonts.gstatic.com; object-src 'self' data: https: https://camo.4f.to; frame-ancestors 'self' https: https://camo.4f.to; frame-src 'self' https: https://camo.4f.to; form-action 'self' https:; manifest-src 'self'; img-src 'self' data: blob: https: https://camo.4f.to; media-src 'self' data: blob: https: https://camo.4f.to; block-all-mixed-content 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-GJ-APWSWFYXknnZEOr6SPw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'unsafe-eval' 'self' blob: *.convertlanguage.com *.clarity.ms *.bcbsok.com *.walkme.com *.jquery.com *.brightcove.com *.tvsquared.com *.marinsm.com *.steelhousemedia.com *.clarity.ms *.stackadapt.com 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-Mme3KA7+pA4UbGH5JkgUQSYvf/zd5Ub+KaJs0uRu8ZU=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.bcbsok.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://www.googletagmanager.com https://js.monitor.azure.com azure.com https://www.google-analytics.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.amrest.eu/en/report-uri/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' *.restaurantlogin.com *.gloriafood.com *.foodbooking.com *.fbgcdn.com 1
report-uri https://sentry.io/api/1404128/security/?sentry_key=00dd0ccf3aeb455caa93d2eaca779ef8; 1
default-src 'self';media-src 'self' blob: *.dna.ip-only.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google-analytics.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com dev.virtualearth.net *.highcharts.com https://*.facebook.net *.google-analytics.com *.googletagmanager.com *.qbrick.com forsvaret.boost.ai *.googleapis.com unpkg.com rawcdn.githack.com blob:;img-src 'self' data: http://mt1.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.openstreetmap.org *.virtualearth.net boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com *.dna.ip-only.net kommunikasjon.ntb.no;font-src 'self' fonts.gstatic.com;frame-src 'self' *.vimeo.com *.youtube.com embed.acast.com *.spinviewglobal.com *.acast.com/;connect-src 'self' opencache.statkart.no *.google-analytics.com *.googletagmanager.com *.highcharts.com *.qbrick.com https://*.facebook.net *.dna.ip-only.net wss://notification.qbrick.com/ https://connect.facebook.net/en_US/fbevents.js forsvaret.boost.ai i.ytimg.com; 1
https: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com *.googletagmanager.com google-analytics.com *.googleadservices.com *.doubleclick.net bat.bing.com *.hotjar.com disqus.com *.disqus.com www.googleadservices.com vars.hotjar.com *.google.com www.googleoptimize.com *.auth0.com secure.gravatar.com s.yimg.com sp.analytics.yahoo.com secure-cdn.mplxtms.com maps.googleapis.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdn.jsdelivr.net ajax.googleapis.com *.adroll.com *.adroll.mgr.consensu.org *.dca0.com tags.srv.stackadapt.com js.hubspot.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net www.youtube.com *.fullstory.com cdn.heapanalytics.com www.mczbf.com; frame-src 'self' *.upack.com *.youtube.com *.hotjar.com *.facebook.com disqus.com *.disqus.com *.doubleclick.net *.auth0.com *.google.com www.googleoptimize.com js.hsadspixel.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com *.msecnd.net https://wsba.app.box.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://i0.wp.com https://widgets.guidestar.org https://www.googletagmanager.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://wsba.app.box.com https://www.google.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com stats.g.doubleclick.net https://dc.services.visualstudio.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www.eae.es/report-uri/enforce 1
default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com media.twiliocdn.com *.twilio.com wss://*.twilio.com optanon.blob.core.windows.net klinikoms.manodaktaras.lt klinikoms.manodaktaras.local:8890; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'strict-dynamic' data: blob:; connect-src *; font-src 'self' *.swaven.com *.static-swaven.com https://static.tacdn.com/css2/webfonts/TripAdvisor/; frame-src *; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src-elem * 'unsafe-inline' data: blob:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src-elem * 'unsafe-inline' data: blob:; frame-ancestors * 1
default-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
script-src 'nonce-d8f47098d9eb8c09380b45dd53d7c6ee964ba0e62c066bde4ec257cb6a2b6936' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https:; object-src 'none'; base-uri 'self' acowtancy.reamaze.io 1
frame-ancestors 'self' https://blaetterkatalog.wittich.de/ https://archiv.wittich.de/ https://meinwittich.wittich.de/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.dk https://www.myheritage.dk  'nonce-cee2f47756bc1e72181f6b88de5c6255' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.dk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; script-src-elem 'unsafe-eval' 'unsafe-inline' self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; style-src 'unsafe-inline' self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; img-src 'self' blob: data: self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; media-src 'self' blob: data: self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; font-src self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; connect-src self localhost:* ws://localhost:* *.agkn.com *.adp.com *.adsrvr.org *.adxcel-ec2.com *.ads-twitter.com *.azurewebsites.net *.azure-api.net *.bing.com *.callrail.com *.cloudflare.com *.cloudfunctions.net *.contextweb.com *.ctfassets.net *.demdex.net *.doubleclick.net *.exelator.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleadservices.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inspiresleep.com *.ispot.tv *.kore.ai *.krxd.net *.mookie1.com *.osano.com *.pdst.fm *.pinimg.com *.pinterest.com *.quora.com *.reddit.com *.redditstatic.com *.rlcdn.com *.snapengage.com *.spotxchange.com *.stackadapt.com *.tapad.com *.tiktok.com *.twitter.com *.videoamp.com *.vimeo.com *.vimeocdn.com *.w55c.net *.youtube.com *.ytimg.com *.yahoo.com https://inspire-medpro-refresh-s150-10e71bef23e5.herokuapp.com https://inspire-refresh-dev-playground-2d8c36e60063.herokuapp.com https://inspire-refresh-medpro-preview-10150d06c9be.herokuapp.com https://inspire-refresh-s150-12807a1d1efb.herokuapp.com https://inspire-refresh-www-preview-7d8233390685.herokuapp.com https://inspiresleep.com https://t.co https://trkn.us https://vimeo.com; block-all-mixed-content; upgrade-insecure-requests; 1
object-src *; frame-ancestors *; report-uri https://www.ntta.org/report-uri/enforce 1
default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; 1
frame-src https://beta.supersport.com/ https://www.supersport.com/ https://www.superpicks.com/ https://youtube.com/ https://www.youtube.com/ https://10283871.fls.doubleclick.net/ https://td.doubleclick.net/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data:; frame-ancestors cms.lcu-internal.com; 1
img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com *.vimeo.com *.flipsnack.com; frame-src https://insight.ltts.com https://mpembed.com/  *.cloudfront.net *.matterport.com *.userway.org *.ltts.com *.questionpro.com *.flipsnack.com *.turtl.co *.linkedin.com *.youtube.com youtube.com *.vimeo.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com https://www.easytourz.com/; connect-src 'self' *.clarity.ms *.userway.org https://tdns4.gtranslate.net https://mc.yandex.ru https://in.hotjar.com https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com https://trc.taboola.com https://s.yimg.com https://bam.nr-data.net https://t.leady.com crazyegg.com *.crazyegg.com *.flipsnack.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' *.gaadibazaar.in *.googleapis.com *.clarity.ms *.googletagmanager.com *.netcoresmartech.com *.googlesyndication.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.gaadibazaar.in *.googleapis.com *.clarity.ms *.googletagmanager.com *.netcoresmartech.com *.googlesyndication.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net  'unsafe-inline'; img-src 'self' * data:; font-src 'self' *.gstatic.com data: ; connect-src 'self' *.gaadibazaar.in *.googleapis.com *.clarity.ms *.googletagmanager.com *.netcoresmartech.com *.googlesyndication.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net ; media-src 'self'; frame-src 'self' *.gaadibazaar.in *.googleapis.com *.clarity.ms *.googletagmanager.com *.netcoresmartech.com *.googlesyndication.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.doubleclick.net ; object-src 'none'; base-uri 'self'; report-uri 1
default-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net p.scdn.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net www.topticketshop.io az416426.vo.msecnd.net ajax.googleapis.com ajax.aspnetcdn.com res.cloudinary.com cdn.mathjax.org www.dwin1.com www.awin1.com *.criteo.net *.queue-it.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.livechatinc.com chat.livechatinc.net www.google-analytics.com *.buckaroo.nl *.buckaroo.io *.samenresultaat.nl wt1.rqtrk.eu apis.google.com partners.webmasterplan.com www.zenaps.com fp.zenaps.com secure.livechatinc.com;object-src 'self' blob:;style-src 'self' 'unsafe-inline' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net maxcdn.bootstrapcdn.com *.buckaroo.nl *.buckaroo.io cdnjs.cloudflare.com;img-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net *.cloudinary.com res.cloudinary.com s3-eu-west-1.amazonaws.com www.dwin1.com www.awin1.com data: *.livechatinc.com *.feedbackcompany.nl *.doubleclick.net www.google-analytics.com www.google.com www.google.nl ssl.gstatic.com www.zenaps.com zijn.samenresultaat.nl blob: i.scdn.co;media-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net *.cloudinary.com cdn.livechatinc.com blob: i.scdn.co;frame-src widget.eu.criteo.com *.trustpilot.com secure.livechatinc.com gum.criteo.com dis.eu.criteo.com static.criteo.net *.feedbackcompany.nl zijn.samenresultaat.nl *.google.com *.google.nl www.facebook.com www.zenaps.com optimize.google.com;font-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net maxcdn.bootstrapcdn.com cdn.livechatinc.com themes.googleusercontent.com data:;connect-src 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net wss://www.topticketshop.io ws://www.topticketshop.io act.samenresultaat.nl www.feedbackcompany.com dc.services.visualstudio.com fp.zenaps.com cdn.livechatinc.com *.buckaroo.nl *.buckaroo.io api.spotify.com;child-src self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net secure.livechatinc.com;form-action 'self' self localhost:5000 10.3.0.7:5000 10.3.2.4:5000 *.topticketshop.nl *.topticketshop.eu *.topticketshop.io wss://www.topticketshop.nl ws://www.topticketshop.nl *.google-analytics.com cdn.ampproject.org *.google.nl *.google.com www.googletagmanager.com widget.trustpilot.com bat.bing.com www.googleadservices.com flex.msn.com googleads.g.doubleclick.net ws://topticketshop.nl connect.facebook.net www.facebook.com optimize.google.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net api.livechatinc.com www.google.ie *.bitpay.com bitpay.com *.trustpilot.com *.clarity.ms cdn-cookieyes.com *.cookieyes.com *.mouseflow.com *.criteo.com assets.website-files.com use.typekit.net ajax.googleapis.com ajax.aspnetcdn.com res.cloudinary.com cdn.mathjax.org testcheckout.buckaroo.nl checkout.buckaroo.nl pay.buckaroo.nl *.buckaroo.nl *.buckaroo.io www.abnamro.nl ideal.ing.nl diensten.asnbank.nl ideal2.knab.nl betalen.rabobank.nl diensten.regiobank.nl diensten.snsbank.nl ideal.triodos.nl app.n26.com www.nn.nl ideal.vanlanschotkempen.com ideal.bunq.com ideal.revolut.com pay.bitsafe.com applepay.buckaroo.io www.belfius.be www.kbc.be routing.eps.or.at r3.girogate.de checkout.trustly.com multibanco.secure.girogate.de mbway.secure.girogate.de *.nexigroup.com *.przelewy24.pl zijn.samenresultaat.nl;frame-ancestors secure.livechatinc.com *.feedbackcompany.nl 1
frame-ancestors 'self' *.spreadex.com/ 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.etracker.com https://*.etracker.de https://*.podigee-cdn.net https://cdn.podigee.com https://statistik.bgw-online.de https://www.youtube.com; font-src 'self' https://player.podigee-cdn.net https://fonts.gstatic.com https://statistik.bgw-online.de; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdn.podigee.com https://player.podigee-cdn.net; img-src 'self' https://statistik.bgw-online.de https://maps.gstatic.com https://*.googleapis.com https://cdn.podigee.com https://*.podigee-cdn.net data:; object-src 'none'; frame-src 'self' https://*.bgw-online.de https://www.youtube.com https://www.google.com https://cdn.podigee.com https://player.podigee-cdn.net https://my.matterport.com https://storage.net-fs.com https://start.video-stream-hosting.de https://*.feedbackmodul.de; connect-src 'self' https://*.googleapis.com https://statistik.bgw-online.de https://*.etracker.com https://*.etracker.de; 1
object-src 'none'; frame-ancestors 'self' https://play.smmetaverse.world https://superpets.boomtech.co 1
script-src 'self' https://platform.twitter.com https://www.facebook.com www.google-analytics.com sdk.privacy-center.org api.privacy-center.org https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://cdnjs.cloudflare.com http://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://m.facebook.com; connect-src api.privacy-center.org *.google-analytics.com *.googletagmanager.com 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; default-src 'self' https://syndication.twitter.com sdk.privacy-center.org https://www.facebook.com data: 1
default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
connect-src 'self' data: az589851.vo.msecnd.net embed.binkies3d.com binkiesproductionweu.servicebus.windows.net *.snapchat.com wss://collection.decibelinsight.net wss://bots.alphablues.com *.livechatinc.com *.getsitecontrol.com *.cookiebot.com *.decibelinsight.net *.alphablues.com *.tiktok.com *.exponea.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se pildyk.lt *.pildyk.lt *.usabilla.com *.doubleclick.net;      script-src 'self' binkiesteaserstorage.blob.core.windows.net az589851.vo.msecnd.net embed.binkies3d.com binkiescontentnode.blob.core.windows.net  *.livechatinc.com *.googlesyndication.com *.decibelinsight.net *.alphablues.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.facebook.net *.usabilla.com *.exponea.com *.googletagmanager.com *.pushpushgo.com *.getsitecontrol.com *.adform.net *.sc-static.net sc-static.net *.jquery.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.ytimg.com pildyk.lt *.pildyk.lt *.tiktok.com *.ipstatp.com *.ibytedtos.com *.google.com *.googleapis.com;      style-src 'self' 'unsafe-inline' az589851.vo.msecnd.net binkiescontentnode.blob.core.windows.net embed.binkies3d.com *.alphablues.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.google.com pildyk.lt;      img-src 'self' data: blob: az589851.vo.msecnd.net binkiesdevnode.blob.core.windows.net binkiescontentnode.blob.core.windows.net 'unsafe-inline' tele2.lt *.livechat-files.com *.livechat-static.com *.alphablues.com *.amazonaws.com *.pildyk.lt *.google-analytics.com *.facebook.com *.facebook.net *.cloudfront.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se *.doubleclick.net *.pushpushgo.com *.getsitecontrol.com *.usabilla.com *.gstatic.com pildyk.lt *.pildyk.lt ; worker-src 'self' blob: 1
default-src 'self' https://api.userway.org/ https://cdn.userway.org/ https://www.google-analytics.com https://connect.facebook.net https://script.crazyegg.com/ https://chatbot.visionbanco.com/ https://tracking.crazyegg.com/ https://stats.g.doubleclick.net/ https://www.youtube.com/ https://www.visionbanco.com https://cdn.jsdelivr.net/ https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api/siteverify https://www.gstatic.com/recaptcha/ https://www.google.com https://goo.gl/7K7WLu https://www.w3.org/2000/svg https://banner.visionbanco.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://chatbot.visionbanco.com;font-src *; img-src * 'self' data: https:; 1
frame-ancestors 'self'  https://*.house.gov; form-action 'self' https://*.house.gov https://congress.gov https://www.congress.gov https://www.google.com https://vekeo.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://maps.google.com https://cse.google.com https://ajax.googleapis.com https://maps.googleapis.com https://video.teleforumonline.com https://platform.twitter.com https://widgets.twimg.com https://cdn.syndication.twimg.com https://static.sk.facebook.com https://connect.facebook.net https://www.instagram.com/embed.js https://js.arcgis.com https://video.foxbusiness.com https://rumble.com https://code.jquery.com https://platform-api.sharethis.com https://ws.sharethis.com https://s7.addthis.com; object-src 'none';; upgrade-insecure-requests 1
default-src 'self' www: fonts.googleapis.com fonts.gstatic.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net pay.mtn.ng sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-ui.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net test-gateway.mastercard.com js.mtnpaygw.mtnnigeria.net js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.dimelochat.com mtn-nga.ws.dimelo.com mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net ui.mtnpay.mtnnigeria.net maps.googleapis.com data: vincentcabrera.fr www.google-analytics.com www.mymtn.com.ng mtnng-prod.voiceweb.eu mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com cpg-api.mtnpay.mtnnigeria.net/v2 https://pay.mtn.ng/ https://sdk.mtnpaygw.mtnnigeria.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' mtn-nga.dimelochat.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com test-gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net mtn-ui.mtnpaygw.mtnnigeria.net js.mtnpaygw.mtnnigeria.net mtn-nga.ws.dimelo.com js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net maps.googleapis.com ui.mtnpay.mtnnigeria.net www.mymtn.com.ng mtnng-test.voiceweb.eu mtnng-prod.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://sdk.mtnpaygw.mtnnigeria.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data: http: vincentcabrera.fr www.google-analytics.com; connect-src 'self' ws: wss: blob: https: http: mtn-nga.dimelochat.com mtnng-prod.voiceweb.eu sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-nga.messaging.dimelo.com www.google-analytics.com mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://pay.mtn.ng; frame-ancestors 'self' https://mtf.gateway.mastercard.com/ https://cpg.mtnpay.mtnnigeria.net/ sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org pghub.io *.google-analytics.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' consumersupport.pg.com *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.google-analytics.com *.cookielaw.org feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.algolia.net cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' www.kutxabank.es; 1
script-src 'nonce-Rm5jcnftSmQWPSIXXrCm8mNMe1bXZ3LonhbvvX/OThY=' 'strict-dynamic' 1
default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self' 1
frame-ancestors 'self' https://lbhill1-dev.gosshosted.com https://activehousing.co.uk https://lbhill1-prp.gov.uk https://lbhill1-tst.gosshosted.com; report-to csp-endpoint; report-uri https://www.hillingdon.gov.uk/csp-reports; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com fonts.gstatic.com discgolfmetrix.com dgmtrx.com connect.facebook.net graph.facebook.com facebook.com *.mapbox.com vk.com api.pinterest.com paypalobjects.com *.paypalobjects.com *.paypal.com *.paytrail.com *.jquery.com *.jquerycdn.com *.highcharts.com *.dgmtrx.com:5999 discgolfmetrix.com:5999 *.api.here.com npmcdn.com metrix.live *.metrix.live *.gstatic.com gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src *; frame-src 'self' *.google.com *.facebook.com; 1
script-src 'self' 'unsafe-inline' https://unpkg.com https://code.jquery.com https://instagram.com https://www.instagram.com https://www.google.com https://www.gstatic.com https://platform.instagram.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://connect.facebook.net https://widget.intercom.io https://js.intercomcdn.com https://blog.hoolah.co https://c0.wp.com https://static.ada.support; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://blog.hoolah.co 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: data: blob: *.google-analytics.com *.googleapis.com *.twic.pics *.doofinder.com *.newrelic.com *.nr-data.net *.typekit.net *.gstatic.com *.paypal.com *.adyen.com *.jsdelivr.net *.iesnare.com *.paypalobjects.com *.googletagmanager.com *.contentsquare.com *.contentsquare.net *.prismic.io *.pinimg.com *.ads-twitter.com *.tiktok.com *.bobbies.com *.doubleclick.net *.pinterest.com *.twitter.com t.co *.cloudflare.com *.googlesyndication.com github.com s3s.fr *.zopim.com *.zendesk.com *.zdassets.com *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.net *.getalma.eu *.stripe.com *.prestashop.com *.sentry.io *.segment.com *.segment.io *.vimeo.com wss://*.doofinder.com analytics.pangle-ads.com; frame-ancestors 'self'; report-uri https://o501012.ingest.sentry.io/api/4504928621232128/security/?sentry_key=b06edaa9056e48fcbba2f36c2d5eeeec 1
script-src http: https: https://www.hardwarestore.com/ 'nonce-ekitjdJokcE8Rer4eKVHW61iyVNR3nOC2PqnEKbMCTiI7' 'unsafe-eval' 'unsafe-hashes' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net *.wknd.ai *.bounceexchange.com 'sha256-+hSsSV2IXXRsl5bMQeEDYHtphbqnY8bJDu6xoakSuXA=' https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com *.turnto.com https://dev.visualwebsiteoptimizer.com *.vwo.com; style-src 'self' blob: https: 'unsafe-inline' https://www.hardwarestore.com/ https://tagmanager.google.com https://fonts.googleapis.com *.bounceexchange.com; img-src data: http: https: https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com *.bounceexchange.com *.bouncex.net; object-src 'none'; base-uri 'none'; child-src 'self' blob: *.bounceexchange.com; font-src 'self' use.typekit.net https://fonts.gstatic.com data https://cdn.userway.org *.bounceexchange.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.userway.org *.facebook.com *.bounceexchange.com https://photos.pixlee.co/ https://dev.visualwebsiteoptimizer.com https://ct.pinterest.com; 1
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com; 1
frame-src *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.qualtrics.com td.doubleclick.net; report-uri /report-csp-violation 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.monumentalsportsnetwork.com https://appcms.monumentalsportsnetwork.com;font-src https: data: 'self'; img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.redditstatic.com https://*.mbsy.co https://*.bttrack.com https://bttrack.com https://enable.customerjourney.com https://*.greenmountain.com https://*.greenmountainenergy.com https://*.contentsquare.com https://tags.tiqcdn.com  https://tags.tigcdn.com https://*.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stg-wheelock.nrg.com https://wheelock.nrg.com https://cdn01.basis.net https://analytics.tiktok.com https://js.ipredictive.com https://cdn.tapad.app https://*.braintree-api.com https://*.braintreegateway.com https://*.adobetm.com https://*.analytics-egain.com https://reliantenergyretails.tt.omtrdc.net https://*.adnxs-simple.com https://*.adnxs.com https://*.ep-mimecast.ads-twitter.com https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.sc.omtrdc.net https://*.yahoo.com https://assets.adobedtm.com https://assets.quantcount.com https://analytics.twitter.com https://bat.bing.com https://beacon.krxd.net https://commerce.adobedtm.com https://cdn.browsiprod.com https://connect.facebook.net https://cdn.getambassador.com https://chat.greenmountain.com https://cdn.inpwrd.net https://content.inpwrd.net https://code.jquery.com https://cdn.jsdelivr.net https://cdn.krxd.net https://consumer.krxd.net https://cdn.rawgit.com https://checkout.stripe.com https://*.tvsquared.com https://cdn.syndication.twimg.com https://e.acuityplatform.com https://en.twitter.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.adsrvr.org https://js.facebook.com https://js.stripe.com https://maxcdn.bootstrapcdn.com https://mbsy.co https://nrg.allegiancetech.com https://netdna.bootstrapcdn.com https://origin.acuityplatform.com https://pixel.quantserve.com https://platform.twitter.com https://query.yahooapis.com https://r.bing.com https://rules.quantcount.com https://r.turn.com https://static.ads-twitter.com https://siteintercept.allegiancetech.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://s.pinimg.com https://secure.quantserve.com https://s.yimg.com https://t.contentsquare.net https://t.co https://tag.yieldoptimizer.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net/ https://necolas.github.io/normalize.css/ https://google.com/pagead/ https://platform.twitter.com/widgets.js https://ajax.googleapis.com/ajax/ https://storage.googleapis.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.4.1.min.220afd743d.js https://necolas.github.io/normalize.css/5.0.0/normalize.css https://maps.googleapis.com https://ajax.aspnetcdn.com https://s3.amazonaws.com https://cloud-emea.analytics-egain.com https://www.greenmountainenergy.com https://analytics.analytics-egain.com https://bat.bing.com/bat.js https://secure.quantserve.com/quant.js https://acdn.adnxs.com/dmp/up/pixie.js https://*.clarity.ms https://ui.powerreviews.com https://*.3lift.com https://*.youtube.com https://reliantenergy.sc.omtrdc.net; style-src 'self' 'unsafe-inline' https://*.mbsy.co https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.greenmountainenergy.com https://*.hotjar.com https://assets.braintreegateway.com/web/dropin/1.25.0/css/dropin.min.css https://*.google.com https://*.bootstrapcdn.com https://*.bing.com https://chat.greenmountain.com https://code.ionicframework.com https://code.jquery.com https://cdn.jsdelivr.net https://content.quantcount.com https://checkout.stripe.com https://cloud.typography.com https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://www.googletagmanager.com https://ui.powerreviews.com https://code.jquery.com; object-src https://*.mbsy.co https://*.googlesyndication.com; frame-src 'self' https://*.mbsy.co https://ad.ipredictive.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.salesforce-sites.com https://*.pinterest.com https://*.greenmountain.com https://*.greenmountainenergy.com https://cdn.getambassador.com https://*.amazon-adsystem.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.greenmountainenergy.com https://nrghomesolar.secure.force.com https://assets.braintreegateway.com/ https://platform.twitter.com https://signup.greenmountain.com https://www.youtube-nocookie.com https://match.adsrvr.org https://www.youtube.com https://www.facebook.com https://reliantenergyretailservicesllc.demdex.net https://www.pinterest.com https://pixel-a.basis.net https://js.stripe.com https://analytics.analytics-egain.com https://pixel.sitescout.com https://*.doubleclick.net https://vars.hotjar.com https://insight.adsrvr.org https://csxd.contentsquare.net https://cdn.krxd.net https://content.inpwrd.net https://reliant.egain.cloud; frame-ancestors 'self' https://*.greenmountainenergy.com; child-src 'self' data: blob: https://*.greenmountain.com https://*.greenmountainenergy.com https://*.youtube.com https://*.googlesyndication.com https://*.google.com https://*.facebook.com https://*.everesttech.net https://*.doubleclick.net https://*.demdex.net https://*.adnxs.com https://connect.facebook.net https://platform.twitter.com https://www.googletagmanager.com; img-src data: https://*.mbsy.co https://*.greenmountain.com https://*.greenmountainenergy.com * *.contentsquare.net https://*.hotjar.com; font-src https://*.mbsy.co https://*.greenmountain.com https://*.greenmountainenergy.com https://*.greenmountainenergy.com https://*.hotjar.com https://code.ionicframework.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com https://*.mbsy.co https://*.bttrack.com https://bttrack.com  https://enable.customerjourney.com https://l.contentsquare.net https://collect.tealiumiq.com https://analytics.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.greenmountain.com https://*.greenmountainenergy.com https://tag.tapad.com https://www.google.com/recaptcha/api/siteverify wss://ws.pusherapp.com https://sockjs.pusher.com  https://*.icanhazip.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.yimg.com https://*.braintree-api.com https://*.braintreegateway.com https://*.adobetm.com https://*.analytics-egain.com https://reliantenergyretails.tt.omtrdc.net https://client-analytics.braintreegateway.com https://maps.googleapis.com https://bat.bing.com/ https://*.bf.dynatrace.com https://*.hotjar.com https://beacon.krxd.net https://cdn.getambassador.com https://www.facebook.com/tr/ https://vc.hotjar.io https://q-aus1.contentsquare.net https://requests.getambassador.com wss://ws28.hotjar.com wss://ws20.hotjar.com/api/v2/client/ws wss://ws10.hotjar.com/api/v2/client/ws https://k-aus1.contentsquare.net https://payments.braintree-api.com https://api.braintreegateway.com wss://ws17.hotjar.com/api/v2/client/ws https://dpm.demdex.net https://reliantenergy.sc.omtrdc.net https://ui.powerreviews.com https://analytics.google.com https://stats.g.doubleclick.net https://api.ipify.org https://ct.pinterest.com https://*.clarity.ms https://www.google-analytics.com https://c.contentsquare.net https://*.bf.dynatrace.com;   worker-src blob:; 1
frame-ancestors 'self' https://portal.fibe.in/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.burohappold.com *.google-analytics.com *.google.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.youtube.com *.youtu.be *.linkedin.com *.vimeo.com *.sketchfab.com * data: ; 1
frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io 1
frame-ancestors 'self' https://roamresearch.com https://*.roamresearch.com; 1
frame-ancestors https://m.facebook.com https://www.facebook.com https://connect.facebook.net; 1
frame-ancestors 'self' *.amboss.com 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.forewordreviews.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://secure.quantserve.com; style-src 'unsafe-inline' https://*.forewordreviews.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net; img-src data: blob: https://*.forewordreviews.com https://www.google-analytics.com; frame-src https://*.forewordreviews.com https://www.youtube.com https://e.issuu.com https://www.google.com; frame-ancestors https://*.forewordreviews.com; font-src data: https://fonts.typekit.net https://use.typekit.net; connect-src https://*.forewordreviews.com https://www.google-analytics.com; report-uri https://www.forewordreviews.com/api/csp-error.log 1
frame-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://onesignal.com https://www.youtube.com https://www.instagram.com https://omny.fm https://secure-assets.rubiconproject.com https://eus.rubiconproject.com https://sync.richaudience.com https://imasdk.googleapis.com https://cdn-ssl.vidible.tv https://track.adform.net https://pagead2.googlesyndication.com https://sync.teads.tv https://cdn.doubleverify.com https://cs.seedtag.com https://*.lijit.com https://spl.zeotap.com https://*.doubleclick.net https://cdn3.doubleverify.com https://connected-stories.hypertvx.com https://*.teads.tv https://*.googlesyndication.com https://*.smartadserver.com/ https://ads.pubmatic.com https://*.criteo.com https://viralize-d.openx.net https://js-sec.indexww.com https://acdn.adnxs.com  1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.contactpigeon.com *.bootstrapcdn.com *.youtu.be *.youtube.com *.kikocosmetics.gr *.ns-cdn.net *.adobedtm.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.tawk.to fonts.gstatic.com 'self' 'unsafe-inline'; form-action *.facebook.com *.bootstrapcdn.com *.youtu.be *.youtube.com *.twitter.com *.simplify.com osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://kikocosmetics.shout.contactpigeon.com/ *.bootstrapcdn.com 'self' youtu.be *.twitter.com *.facebook.com *.simplify.com *.youtube.com osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.tawk.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.bootstrapcdn.com *.youtu.be *.youtube.com *.kikocosmetics.gr amcglobal.sc.omtrdc.net *.ns-cdn.net *.adobedtm.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google.gr *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://tawk.link *.simplify.com *.amazonaws.com osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.tawk.to cdn.jsdelivr.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.avada.io *.bootstrapcdn.com *.youtu.be *.youtube.com data: *.kikocosmetics.gr web-sdk.aptrinsic.com *.ns-cdn.net *.cloudflare.com *.adobedtm.com *.twitter.com *.googleapis.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.simplify.com ipinfo.io osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.tawk.to cdn.jsdelivr.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.findbar.io *.contactpigeon.com *.bootstrapcdn.com *.youtu.be *.youtube.com *.kikocosmetics.gr web-sdk.aptrinsic.com *.ns-cdn.net *.adobedtm.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://embed.tawk.to osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.findbar.io *.contactpigeon.com *.bootstrapcdn.com *.youtu.be *.youtube.com *.kikocosmetics.gr esp-m.aptrinsic.com *.ns-cdn.net *.adobedtm.com *.doubleclick.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com maps.googleapis.com ipinfo.io osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com osm.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.klarna.com 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mediastream: blob:; connect-src *; frame-ancestors *; frame-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  * 1
default-src 'self' *.uni-jena.de *.dosis-jena.de https://www.uniklinikum-jena.de https://www.youtube.com https://dr-flex.de https://www.yumpu.com https://www.google.com https://vimeo.com https://player.vimeo.com https://*.mana-hr.net https://ukj.mana-jobs.de; img-src 'self' https://www.uniklinikum-jena.de www.krz.uni-jena.de *.dosis-jena.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.uniklinikum-jena.de www.krz.uni-jena.de https://*.mana-hr.net; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none' 1
default-src 'self' *.lusini.com *.lusini.dev https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lusini.com *.lusini.dev *.netlify.app https://connect.facebook.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'unsafe-inline' https://bat.bing.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.awin1.com https://www.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.cookielaw.org; frame-src 'self' *.lusini.dev *.netlify.app *.lusini.com http://*.lusini.dev http://*.lusini.com https://www.facebook.com/ https://bid.g.doubleclick.net https://td.doubleclick.net https://fast.wistia.com https://fast.wistia.net *.awin1.com *.zenaps.com; connect-src 'self' *.lusini.dev *.lusini.com *.netlify.app *.algolia.net *.algolianet.com *.contentful.com 8nesac7we0.execute-api.eu-central-1.amazonaws.com https://www.facebook.com/tr/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.nl https://*.google.pt https://*.google.se https://*.google.no https://*.google.be https://*.google.dk https://www.google-analytics.com *.googlesyndication.com https://bat.bing.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://the.sciencebehindecommerce.com https://*.wepowerconnections.com sslwidget.criteo.com *.onetrust.com *.cookielaw.org https://*.dy-api.eu *.getform.io getform.io https://insights.algolia.io https://*.browser-intake-datadoghq.eu; img-src 'self' *.lusini.com *.lusini.dev *.cloudinary.com/lusini/ https://www.facebook.com/tr/ https://connect.facebook.net www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.nl https://*.google.pt https://*.google.se https://*.google.no https://*.google.be https://*.google.dk https://www.google-analytics.com https://www.google.com https://bat.bing.com 'self' data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net *.awin1.com *.zenaps.com sslwidget.criteo.com dq4irj27fs462.cloudfront.net *.cookielaw.org; media-src 'self' blob: data: *.cloudinary.com/lusini/ 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com; font-src 'self' data: https://*.wistia.com; object-src 'none'; frame-ancestors 'self' *.lusini.com *.lusini.dev *.netlify.app *.contentful.com; child-src 'self' blob:; worker-src 'self' blob: 'self' blob: blob:; 1
frame-ancestors 'self' http://www.giochixl.it 1
'unsafe-inline'  default-src 'self' style-src 'self' 'https://fonts.googleapis.com' font-src 'self' 'https://fonts.gstatic.com' frame-src youtube.com https://www.youtube.com facebook.com https://www.facebook.com twitter.com https://www.twitter.com https://playhls.media.nic.in https://platform.twitter.com; 1
default-src *; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.tawk.to *.wisepops.com *.amazonaws.com *.google.com *.google.co.in *.google-analytics.com *.taboola.com *.clmbtech.com *.facebook.com *.cloudfront.net;  worker-src 'self' blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.cloudflare.com *.razorpay.com *.google.com *.gstatic.com *.googletagmanager.com *.tawk.to *.googleapis.com *.hotjar.com *.clmbtech.com *.facebook.net *.taboola.com *.jsdelivr.net *.google-analytics.com;  script-src-elem    'self' 'unsafe-inline' *.razorpay.com *.digio.in *.egov-nsdl.com *.verasys.in *.cdslindia.com *.cloudfront.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.crwdcntrl.net *.clmbtech.com *.licdn.com  *.facebook.net *.taboola.com *.jsdelivr.net *.hotjar.com *.tawk.to *.google.com *.gstatic.com *.wisepops.com wisepops.net *.cloudflare.com;  style-src    'self' 'unsafe-inline' *.razorpay.com *.tawk.to *.googleapis.com *.google.com *.gstatic.com *.cloudfront.net;  font-src     'self' data: *.gstatic.com *.tawk.to *.hotjar.com *.googleapis.com;  frame-src    'self' data: *.cloudfront.net *.tawk.to *.youtube.com *.hotjar.com *.google.com *.digio.in *.egov-nsdl.com *.verasys.in *.cdslindia.com *.razorpay.com;  frame-ancestors 'self' https://goldenpiplus.com https://www.goldenpiplus.com;  connect-src    'self' blob: wss: *.goldenpi.com *.cloudfront.net *.google.com *.googleapis.com *.wisepops.com wisepops.net *.google-analytics.com *.tawk.to *.taboola.com *.clmbtech.com *.crwdcntrl.net *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com *.amazonaws.com;  media-src     'self' *.tawk.to *.amazonaws.com;  object-src   'self' ; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' wss://chat.furuke.com 1
child-src 'self' https://www.youtube.com https://www.google.com https://*.google.fr https://stats.g.doubleclick.net https://intercom-sheets.com; frame-ancestors 'self'; frame-src https://*.google.com https://td.doubleclick.net https://intercom-sheets.com https://www.youtube.com https://www.googletagmanager.com blob: https://drouot.com https://drouot.slgnt.eu 1
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'self' *.plentymarkets-cloud-10.com 1
frame-ancestors 'self' https://www.energiaxxi.com https://www.endesaclientes.com https://tempoconbisbal.com http://www.endesadiagnosticoenergetico.com http://www.endesadiagnosticoenergetico.com https://www.facebook.es https://www.facebook.com https://www.aaff.endesaclientes.com 1
frame-ancestors 'self' https://edicola.giornalelavoce.it/ https://testbaba.virtualcms.it 1
script-src http: https: https://www.joyalukkas.in/ 'nonce-PW8rcpmW3Vpe7rPzv0hVFFflEnqDc31BTLrLywgWAlMSB'; style-src 'self' blob: https: 'unsafe-inline' https://www.joyalukkas.in/; img-src data: http: https: https://*.google-analytics.com https://*.googletagmanager.com *.analytics.google.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.razorpay.com api.razorpay.com checkout.razorpay.com; 1
frame-ancestors 'self' https://*.klaxoon.com https://teams.microsoft.com https://*.teams.microsoft.com https://*.skype.com https://meet.google.com 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://directline.botframework.com *.pluxee.cz *.sodexhopass.cz  https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://twemoji.maxcdn.com https://cdn.feedyou.ai https://cdn.cookielaw.org https://feedbot-sodexo.azurewebsites.net https://directline.botframework.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://stats.g.doubleclick.net *.sodexo-ucet.cz https://skin.sodexo-ucet.cz api.mapy.cz *.google.com https://www.gstatic.com https://kendo.cdn.telerik.com https://www.googleadservices.com https://connect.facebook.net https://c.imedia.cz https://googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com https://secure.payu.com https://www.facebook.com ; img-src 'self' 'unsafe-inline'  blob: data: image/svg+xml  *.pluxee.cz *.sodexhopass.cz https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://feedbotsodexo1021.blob.core.windows.net https://feedbotsodexo6026.blob.core.windows.net https://twemoji.maxcdn.com cdn.feedyou.ai https://www.googletagmanager.com https://c.seznam.cz https://skin.sodexo-ucet.cz *.sodexo-ucet.cz  https://mujpass.cz http://www.w3.org api.mapy.cz mujpass.cz *.google-analytics.com https://www.google-analytics.com https://www.google.cz https://www.google.com https://www.facebook.com https://c.imedia.cz ;style-src 'self' 'unsafe-inline' *.pluxee.cz *.sodexo-ucet.cz *.sodexhopass.cz https://kendo.cdn.telerik.com api.mapy.cz https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://cdn.feedyou.ai https://directline.botframework.com https://feedyou.azureedge.net;font-src 'self' data: *.pluxee.cz *.sodexo-ucet.cz *.sodexhopass.cz https://kendo.cdn.telerik.com api.mapy.cz https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://cdn.feedyou.ai https://directline.botframework.com https://feedyou.azureedge.net;connect-src 'self' wss://directline.botframework.com *.pluxee.cz *.sodexhopass.cz  https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://twemoji.maxcdn.com https://cdn.feedyou.ai https://cdn.cookielaw.org https://feedbot-sodexo.azurewebsites.net https://directline.botframework.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://stats.g.doubleclick.net *.sodexo-ucet.cz https://skin.sodexo-ucet.cz api.mapy.cz *.google.com https://www.gstatic.com https://kendo.cdn.telerik.com https://www.googleadservices.com https://connect.facebook.net https://c.imedia.cz https://googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com https://secure.payu.com https://www.facebook.com ;form-action 'self' *.pluxee.cz *.sodexhopass.cz https://cdn.feedyou.ai https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://directline.botframework.com https://feedbot-sodexo.azurewebsites.net *.sodexo.cz *.sodexo-ucet.cz https://onemenu.cz https://www.facebook.com https://www.google-analytics.com http://www.activepass.cz *.mujpass.cz *.mojebenefity.cz *.skoda-auto.com *.skoda.vwg https://connect.facebook.net https://c.imedia.cz https://googleads.g.doubleclick.net https://klient-portal.sodexo.cz https://www.googleadservices.com *.e-sodexo.cz https://www.googletagmanager.com *.skoda-auto.cz https://secure.payu.com http://exampledomain.com; frame-src 'self' *.pluxee.cz *.sodexo.cz *.sodexo-ucet.cz *.sodexhopass.cz *.google.com https://sodexo-shopware-custom-cz-wa.azurewebsites.net https://onemenu.cz https://hrportal.sodexo.cz/ https://www.facebook.com https://www.google-analytics.com https://sdxtsebpwetst.azurewebsites.net https://connect.facebook.net https://c.imedia.cz https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://secure.payu.com https://cdn.feedyou.ai 1
default-src 'none'; connect-src https: blob: wss: data: media.twiliocdn.com api.my-care-plan.com my-care-plan.com pro.my-care-plan.com; script-src 'self' 'unsafe-eval' 'nonce-8f769817e35b087a' *.twiliocdn.com youtube.com www.youtube.com maps.googleapis.com cdn.jsdelivr.net acsbapp.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: pro.my-care-plan.com my-care-plan.com www.my-care-plan.com api.my-care-plan.com *.s3.amazonaws.com maps.googleapis.com maps.gstatic.com www.my-care-plan.com *.acsbapp.com; frame-src 'self' www.youtube.com pro-landing.my-care-plan.com pro.my-care-plan.com care-manager-plugin.my-care-plan.com qure4u-frontend-prod.s3.amazonaws.com; frame-ancestors 'none'; form-action 'none'; font-src 'self' fonts.gstatic.com acsbapp.com; object-src 'self'; base-uri 'self'; worker-src blob:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.thestrad.com; 1
frame-src delivery2.widgetworks.com.au www.youtube.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
script-src 'self' https://*.cloudflareinsights.com https://cloudflareinsights.com https://challenges.cloudflare.com https://*.ethicalads.io https:// 'nonce-UQSSqRvLnJ66uRWTDEF0vA==' 1
base-uri 'self'; default-src 'self' https://cdn.plaid.com/; script-src 'self' 'unsafe-eval' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.adsrvr.org https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://maps.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.fbot.me https://js-agent.newrelic.com https://bam.nr-data.net https://*.pointmediatracker.com https://*.bidr.io 'sha256-rJz00iUQvqf1Z+zTXK119Dz1QKuh0Hef6S9ERXPq9tA=' https://cdn.plaid.com/link/v2/stable/link-initialize.js https://*.onetrust.com https://hbiq.net 'nonce-PPAjsdRsCmdup5UwtyLkdg==' 'nonce-APAjsdRsCmdup5UwtyLkdg==' cdn.cookielaw.org tag.rmp.rakuten.com https://*.zdassets.com 'sha256-vmJ7W12IlLYloAaCUycQnW2PNlBm1VhBCyv9LDCDAtY=' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css; img-src 'self' data: https: https://*.adsrvr.org https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.google.com https://www.google.com.au https://adservice.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.pointmediatracker.com https://*.bidr.io https://*.onetrust.com data: https://*.afterpay.com https://8780545.fls.doubleclick.net https://*.linksynergy.com; connect-src 'self' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.launchdarkly.com https://www.google-analytics.com https://sentry.io https://api.amplitude.com https://bam.nr-data.net https://*.fbot.me https://*.pointmediatracker.com https://*.bidr.io https://*.afterpay.com https://sandbox.plaid.com/link/heartbeat https://*.onetrust.com https://stats.g.doubleclick.net https://*.zdassets.com https://*.zendesk.com; frame-src 'self' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.fbot.me https://insight.adsrvr.org https://rsx.afterpay.com https://8780545.fls.doubleclick.net https://cdn.plaid.com/ https://*.onetrust.com https://js.stripe.com https://hooks.stripe.com https://stripe.com https://test-payments-threeds.afterpaytouch.dev https://prod-payments-threeds.afterpay.com https://bid.g.doubleclick.net; 1
frame-ancestors 'self' https://*.cosmote.gr https://*.ote.gr https://*.11888.gr https://*.giaola.gr https://joiningdots.co https://*.helppost.gr https://*.irafina.gr https://*.notia.gr 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://bcharts.com.br/logs/ https://bcharts.com.br/sidekiq/ https://bcharts.com.br/mini-profiler-resources/ https://bcharts.com.br/assets/ https://bcharts.com.br/extra-locales/ https://bcharts.com.br/highlight-js/ https://bcharts.com.br/javascripts/ https://bcharts.com.br/plugins/ https://bcharts.com.br/theme-javascripts/ https://bcharts.com.br/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://fundingchoicesmessages.google.com/i/pub-8548723484392267 https://www.googletagmanager.com/gtag/js https://platform.twitter.com/ https: 'unsafe-inline'; worker-src 'self' https://bcharts.com.br/assets/ https://bcharts.com.br/javascripts/ https://bcharts.com.br/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
block-all-mixed-content; frame-ancestors *.boutiquedassi.com.br 1
default-src 'self' *.catapa.com *.google.com *.google.co.id *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.tawk.to *.sentry.io assets-global.website-files.com https: wss: blob:; script-src 'self' 'unsafe-eval' *.catapa.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.tawk.to *.hotjar.com *.cloudfront.net *.cloudflare.com *.youtube.com *.sentry-cdn.com *.midtrans.com *.sharethis.com googleads.g.doubleclick.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdn.ampproject.org polyfill.io snap.licdn.com rec.smartlook.com use.typekit.net rec.smartlook.com connect.facebook.net *.googleoptimize.com assets.calendly.com assets-global.website-files.com blob: 'unsafe-inline'; img-src 'self' *.catapa.com *.google.com *.google.co.id *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.tawk.to tawk.link img.youtube.com *.cloudfront.net s3.ap-southeast-3.amazonaws.com s3.amazonaws.com stats.g.doubleclick.net cdn.jsdelivr.net redirect.prod.experiment.routing.cloudfront.aws.a2z.com p.adsymptotic.com p.typekit.net platform-cdn.sharethis.com *.ads.linkedin.com googleads.g.doubleclick.net *.facebook.com assets-global.website-files.com data: blob:; style-src 'self' *.catapa.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net embed.tawk.to cdnjs.cloudflare.com assets-global.website-files.com 'unsafe-inline'; font-src 'self' *.catapa.com *.gstatic.com *.tawk.to maxcdn.bootstrapcdn.com use.typekit.net script.hotjar.com cdnjs.cloudflare.com uploads-ssl.webflow.com data:; frame-src * blob:; 1
default-src 'self' 'unsafe-inline' https://www.google.com https://www.google-analytics.com https://storage.googleapis.com https://*.azurestaticapps.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://mondrian.claro.com.br; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com *.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://mondrian.claro.com.br; img-src 'self' data: *.google-analytics.com *.googletagmanager.com https://mondrian.claro.com.br; connect-src https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.claronegocie.com.br https://claronegocie.com.br https://mondrian.claro.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.privacytools.com.br *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.ampproject.org *.taboola.com *.criteo.com *.criteo.net *.bing.com *.clarity.ms *.clarity.net *.facebook.net *.facebook.com *.google.com *.google.com.br *.vercel.com vercel.live *.force.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.documentforce.com *.doubleclick.net *.zoho.com *.zohocdn.com *.zohostatic.com *.embracon.online *.embracon.com.br ws://vts.zohopublic.com wss://ws-us3.pusher.com *.zohopublic.com *.socdm.com *.yahoo.com *.outbrain.com *.emxdgt.com *.useinsider.com *.salesforce-sites.com *.handtalk.me assets.volkswagen.com *.digitaloceanspaces.com data:; img-src * data: blob:; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ba https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.ba https://tags.tiqcdn.com https://www.dm-drogeriemarkt.ba; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.ba https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm-drogeriemarkt.ba https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.ba https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.ba https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.ba https://signin.dm-drogeriemarkt.ba; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
frame-ancestors *.igre123.net igre123.net; 1
frame-ancestors *.jeux123.fr jeux123.fr; 1
font-src *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com *.gstatic.com js.klevu.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.pingdom.net *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action *.paytrail.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.twitter.com https://www.facebook.com *.klarna.com *.klarnaevt.com *.criteo.net *.criteo.com *.amazonaws.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.pinterest.com *.pingdom.net *.feedbackly.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.kekale.fi *.accolade.fi *.paytrail.com *.placeholder.com *.zopim.com *.zopim.io *.klevu.com *.ctfassets.net *.facebook.com https://stats.g.doubleclick.net *.google.com *.google.co.in *.google.fi *.google.ro *.connect.facebook.net *.segmentify.com *.klarna.com *.klarnaevt.com *.smaato.net *.doubleclick.net *.360yield.com *.adnxs.com *.rubiconproject.com *.yahoo.com *.yahoo.net *.smartadserver.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.adform.com *.adform.net *.openx.net *.advertising.com *.ivitrack.com *.omnitagjs.com *.twiago.com *.3lift.com *.taboola.com *.adscale.de *.teads.tv *.media.net *.bidswitch.net *.yieldlab.net *.criteo.com *.houston-analytics.com *.cookieinformation.com *.sizebay.technology *.amplifyapp.com *.google-analytics.com *.analytics.google.com *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.seadform.net *.postrelease.com *.omappapi.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.kekale.fi *.accolade.fi *.google.com *.gstatic.com *.ccdc02.com *.zdassets.com *.klevu.com *.zopim.com *.googletagmanager.com *.facebook.net *.segmentify.com *.custobar.com adtr.io *.criteo.net *.criteo.com *.googleapis.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.bootstrapcdn.com *.klarna.com *.klarnaevt.com *.doubleclick.net *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.clarity.ms *.pinimg.com *.pinterest.com *.bing.com *.sgmntfy.com *.pingdom.net *.feedbackly.com *.omappapi.com *.tiktok.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.kekale.fi *.accolade.fi maxcdn.bootstrapcdn.com fonts.gstatic.com js.klevu.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.google.fi *.google.ro *.facebook.com *.segmentify.com *.klarna.com *.klarnaevt.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.google-analytics.com *.analytics.google.com *.pingdom.net *.omappapi.com *.klevu.com *.ksearchnet.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.kekale.fi *.accolade.fi *.authorize.net *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.ksearchnet.com *.segmentify.com *.klarna.com *.klarnaevt.com *.criteo.net *.criteo.com *.custobar.com *.facebook.com *.amazonaws.com *.houston-analytics.com *.cookieinformation.com *.wisepops.com *.adform.net *.sizebay.technology *.amplifyapp.com *.clarity.ms *.pinterest.com *.bing.com *.pingdom.net *.sharethrough.com *.emxdgt.com https://id5-sync.com *.mediavine.com *.tremorhub.com *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.omappapi.com *.feedbackly.com *.tiktok.com *.klevu.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 1
frame-ancestors 'self' http://vaistai.lt 1
frame-ancestors 'self' 'darwinbox.in'; 1
default-src		'self' 'unsafe-inline' 'unsafe-eval'							data: blob:							localhost:2000							https://static.xperienceunited.com https://xperienceunited.com:8080 wss://xperienceunited.com							*.mapbox.com							*.addthiscdn.com							fonts.googleapis.com fonts.gstatic.com							https://www.google-analytics.com  *.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com								*.google.com www.google.fi www.google.se www.google.es							maps.gstatic.com *.googleapis.com *.ggpht.com							code.jquery.com								https://www.paypalobjects.com *.paypal.com							*.youtube.com https://i.ytimg.com							*.facebook.net *.facebook.com								*.trackjs.com								*.google-analytics.com *.analytics.google.com *.googletagmanager.com;			img-src			https: data: blob:;				frame-src		tokbox.com *.youtube.com *.paypal.com;			report-uri		/csp-violation-report-endpoint?who= 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * self data:; font-src * data: about:; 1
default-src 'self' 'unsafe-eval' https://apps.sitecore.net; connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.youtube.com/ https://www.gstatic.com/ https://*.hotjar.com/ https://*.bing.com/ https://unpkg.com/ https://*.facebook.net/ https://*.hotjar.com/ https://*.clarity.ms/ https://*.vimeocdn.com/ https://www.vimeo.com https://player.vimeo.com https://*.facebook.com/ https://*.airportrentals.com/ https://*.imallcdn.net/ https://addevent.com/ https://*.addevent.com/;frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube.com/ https://*.hotjar.com/ https://*.doubleclick.net/ https://player.vimeo.com/api/ *.vimeo.com vimeo.com https://*.facebook.com/;child-src 'self' *.vimeo.com vimeo.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.imallcdn.net/; font-src 'self' https://fonts.gstatic.com https://*.imallcdn.net https://script.hotjar.com; media-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; style-src 'self' 'unsafe-inline' data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; connect-src 'self'; frame-src 'self' www.youtube.com https://www.facebook.com; script-src-elem  'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.pl 1
default-src *.hydac.com *.cookielaw.org 'self'; style-src *.hydac.com *.googleapis.com *.google.com *.licdn.com 'self' 'unsafe-inline'; connect-src *.oribi.io *.onetrust.io *.usersnap.com *.onetrust.com *.cookielaw.org *.google-analytics.com maps.googleapis.com bam.eu01.nr-data.net *.linkedin.com *.licdn.com *.oribi.io *.friendlycaptcha.com 'self'; img-src *.googleapis.com *.ggpht.com *.usersnap.com maps.googleapis.com *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org *.linkedin.com *.licdn.com p.adsymptotic.com 'self' data: maps.gstatic.com; script-src *.hydac.com *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.usersnap.com *.newrelic.com *.nr-data.net *.licdn.com 'unsafe-inline' 'unsafe-eval' blob:; font-src *.hydac.com *.google.com *.gstatic.com 'self'; frame-src *.youtube.com *.youtube-nocookie.com *.youku.com *.hydac.com www.linkedin.com *.hydac-na.com hydac-na.com; child-src *.hydac.com *.youtube.com *.youtube-nocookie.com *.youku.com blob:; media-src *.hydac.com *.youtube.com *.youtube-nocookie.com *.youku.com media.licdn.com 'self'; 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-b7a24ce00b2dc6e14ddedf86e07151bd'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
object-src 'none'; base-uri 'none';frame-ancestors 'self' *.myscheme.gov.in *.myscheme.in; 1
frame-ancestors 'self'; frame-src 'self' https://svbconnect.com *.svbconnect.com https://h.online-metrix.net https://whatfix.com *.whatfix.com *.docusign.com *.docusign.net *.appiancloud-static.com https://gateway.zscloud.net *.zscloud.net https://cdn.cookielaw.org *.cookielaw.org *.onetrust.com https://cdn.quantummetric.com *.quantummetric.com 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 1
frame-ancestors 'self' easypay5.com 1
frame-ancestors 'self' https://www.grp.vwhub.com/ https://www.grp.accessaudi.com/ https://www.accessaudi.com 1
frame-ancestors 'self' cultura.biografieonline.it www.facebook.com; 1
default-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.genial.it https://*.clarity.ms https://unpkg.com https://*.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.camping.it;  script-src-elem 'unsafe-inline' 'self' https://*.traghettilines.it https://www.gstatic.com https://*.genial.it https://*.clarity.ms https://unpkg.com https://*.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.camping.it; connect-src 'unsafe-inline' 'self' https://*.genial.it https://*.google-analytics.com https://*.clarity.ms https://unpkg.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleapis.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://xbserver.camping.it; style-src-elem 'unsafe-inline' 'self' https://*.googleapis.com https://xbserver.camping.it; font-src 'self' https://*.gstatic.com; img-src 'self' https://*.italiapromotion.it https://xbserver.camping.it https://*.vimeocdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.google.com https://*.googleapis.com data:; frame-src 'self' https://www.google.com/ https://*.traghettilines.it https://*.clarity.ms https://unpkg.com https://*.genial.it https://*.camping.it https://*.vimeo.com https://iframe.mediadelivery.net/ 1
frame-ancestors 'self' https://www.cpay.com.mk 1
base-uri 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'https://www.gstatic.com/charts' https:  'nonce-67a012c0c1' 'nonce-8ef9a58f45' 'nonce-32a25bfc7b' 'nonce-6e6e963af9' 'nonce-eac0e583b9' 'nonce-9fc2aef2cf' 'nonce-899c738849' 'nonce-dc9e3f2da0' 'nonce-5a2d6180dc' 'nonce-2af1caeb0d' 'nonce-f96e1900f1' 'nonce-756f204681' 'nonce-8626796c33' 'nonce-ee8f1d101b' 'nonce-c0da090082' 'nonce-0839e2417f' 'nonce-6ab9647689' 'nonce-d2c21a6d40' 'nonce-010dc0b010' 'nonce-d2c21a6d40' 'nonce-c9b9d7b5da' 'nonce-e0832b5061' 'nonce-c9b9d7b5da' 'nonce-c9b9d7b5da' 'nonce-c9b9d7b5da' 'nonce-cc05dd4a60' 'nonce-2c406a35d0' 'nonce-32a25bfc7b' 'nonce-53698d748c' 'nonce-2c406a35d0' 'nonce-32a25bfc7b' 'nonce-2c406a35d0' 'nonce-cc05dd4a60' 'nonce-cc05dd4a60' 'nonce-32a25bfc7b' 'nonce-32a25bfc7b' 'nonce-32a25bfc7b' 'nonce-cc05dd4a60' 'nonce-cc05dd4a60' 'nonce-9973484b15' 'nonce-32a25bfc7b' 'nonce-69f414b2f6' 'nonce-32a25bfc7b' 'nonce-c9b9d7b5da' 'nonce-32a25bfc7b' 'nonce-7a2ecb7b11' 'nonce-4f7a42188d' 'nonce-c7332023e9' 'nonce-869873bfde' 'nonce-e0152fc581' 'nonce-bb9262232b' 'nonce-ac995147e4' 'nonce-d031709315' 'nonce-bde9f7716f' 'nonce-58ce366b05' 'nonce-93ade08752' 'nonce-70af6d2e24' 'nonce-d3d0555f60' 'nonce-635e0c9205' 'nonce-31898b4de6' 'nonce-0483c91cef' 'nonce-6decdfdfe7' 'nonce-6a73d4abf6' 'nonce-cf7353fa4b' 'nonce-aad43ba416' 'nonce-d777185a28' 'nonce-9ce77df943' 'nonce-7a302e320b' 'nonce-68a9960a19' 'nonce-32a25bfc7b' 'strict-dynamic' 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss:; style-src 'self' 'unsafe-inline' https://static.small.chat blob: https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: https://netdna.bootstrapcdn.com https://static.small.chat; img-src https: data: 1
frame-ancestors 'self' http://www.1001pelit.com 1
default-src 'self' data: *.pax8.com *.mycommandconsole.com; child-src 'report-sample' blob: *.pax8.com *.mycommandconsole.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *.pax8.com *.mycommandconsole.com www.googletagmanager.com *.google-analytics.com *.googleapis.com https://*.smartlook.com https://*.smartlook.cloud *.pendo.io munchkin.marketo.net cdn.jsdelivr.net js.stripe.com cdnjs.cloudflare.com cdn.statuspage.io cdn.onesignal.com onesignal.com https://*.maze.co/; style-src 'report-sample' 'self' 'unsafe-inline' *.pax8.com *.mycommandconsole.com cdn.pendo.io cdnjs.cloudflare.com *.onesignal.com https://onesignal.com *.googleapis.com https://*.maze.co/; img-src 'report-sample' 'self' data: https://www.pax8nebula.com http://go.pax8.com *.pax8.com *.mycommandconsole.com *.google.com www.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com i.ytimg.com img.youtube.com i.vimeocdn.com s3.amazonaws.com onesignal-email.s3.amazonaws.com *.pendo.io pax8prod.service-now.com *.onesignal.com https://*.maze.co/ https://player.vimeo.com/; media-src 'self' data: *.pax8.com *.mycommandconsole.com; object-src 'self' data: *.pax8.com *.mycommandconsole.com; frame-src 'self' data: *.pax8.com *.mycommandconsole.com js.stripe.com www.msspalert.com player.vimeo.com mozbar.moz.com www.channele2e.com secure2.authorize.net www.the2112group.com channelnomics.com www.youtube.com app.pendo.io pax8-document-builder.firebaseapp.com; connect-src 'self' *.pax8.com *.mycommandconsole.com wss://*.pax8.com wss://*.mycommandconsole.com js.stripe.com www.google-analytics.com *.googleapis.com https://stats.g.doubleclick.net https://*.smartlook.com https://*.smartlook.cloud *.pendo.io *.mktoutil.com *.mktoresp.com *.algolia.net *.algolianet.com login.microsoftonline.com *.statuspage.io us-central1-pax8-document-builder.cloudfunctions.net onesignal.com *.launchdarkly.com *.honeycomb.io https://*.maze.co/; worker-src blob: *.pax8.com *.mycommandconsole.com; font-src 'self' data: *.pax8.com *.mycommandconsole.com fonts.gstatic.com cdn.faceworks.nl cdnjs.cloudflare.com https://*.maze.co/; 1
base-uri 'none'; default-src 'self' data: blob: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://webmedia.ypsilon.net https://api.specials.de https://b2b.specials.de https://flr.ypsilon.net https://code.etracker.com https://www.etracker.de/ https://widgets.regiondo.net/ https://app.cituro.com/ https://app.usercentrics.eu https://webmedia.ypsilon.net; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
script-src 'strict-dynamic' 'nonce-lB3wwJsl7jyTdYpT' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://lp.thinkproject.com http://lp.thinkproject.com https://snap.licdn.com https://munchkin.marketo.net https://js.storylane.io; img-src 'self' data: blob: https://*.google.com https://*.google.ch https://*.google.de https://*.google.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://assets.juicer.io https://imageproxy.juicer.io https://pbs.twimg.com https://*.doubleclick.net https://*.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://*.ytimg.com https://secure.adnxs.com https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://static.juicer.io https://*.ytimg.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://www.juicer.io https://lp.thinkproject.com https://*.mktoresp.com http://*.mktoresp.com https://*.mktoutil.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://cdn.linkedin.oribi.io https://*.cookielaw.org https://*.onetrust.com; frame-src https://www.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://*.juicer.io https://lp.thinkproject.com http://lp.thinkproject.com/ https://app.storylane.io https://play.goconsensus.com 1
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.invocacdn.com pnapi.invoca.net *.invoca.net *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com https://cdn.jsdelivr.net connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.jsdelivr.net telegram.org *.instagram.com *.dcube.cloud *.cwp.sg *.cwp-stg.sg *.addthis.com *.addthisedge.com *.moatads.com *.wogaa.sg *.wogaa.cloud *.googleadservices.com *.google.com vimeo.com *.googletagmanager.com *.sharethis.com https://connect.facebook.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com platform.linkedin.com https://www.linkedin.com *.quantcount.com *.quantserve.com *.quantcount.com *.quantserve.com https://webchat.vica.gov.sg https://faq.vica.gov.sg; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com assets.dcube.cloud *.cwp.sg *.cwp-stg.sg assets.wogaa.sg https://webchat.vica.gov.sg https://faq.vica.gov.sg; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com assets.dcube.cloud s3-us-west-2.amazonaws.com *.cwp.sg *.cwp-stg.sg *.vimeo.com assets.wogaa.sg *.vica.gov.sg; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.onemap.sg *.cwp.sg *.cwp-stg.sg https://img.youtube.com/ https://i.vimeocdn.com/ *.google.com www.google.com.sg *.sharethis.com https://ad.doubleclick.net https://ade.googlesyndication.com https://*.fls.doubleclick.net https://www.facebook.com www.google-analytics.com https://www.google.com/ads/ga-audiences *.quantcount.com *.quantserve.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://www.msf.gov.sg https://www.google.com *.vica.gov.sg *.sharethis.com https://stats.g.doubleclick.net/r/collect https://www.babybonus.msf.gov.sg https://tagmanager.google.com/ www.onemap.gov.sg; media-src 'self' data: blob: *.cwp.sg *.cwp-stg.sg *.vica.gov.sg; frame-src 'self' https://*.fls.doubleclick.net https://web.facebook.com https://www.facebook.com https://www.linkedin.com sync.taboola.com cdn.taboola.com trc.taboola.com https://js-tag.zemanta.com https://www.youtube.com https://t.sharethis.com https://www.google.com/ https://form.gov.sg *.vica.gov.sg *.sharethis.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com *.vimeo.com vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com cse.google.com staticxx.facebook.com www.facebook.com web.facebook.com m.facebook.com badge.stumbleupon.com t.me telegram.org *.instagram.com *.cwp.sg youtu.be youtube.com *.googlesyndication.com https://form.gov.sg/ *.vica.gov.sg; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://telegram.org/ *.dcube.cloud *.onemap.sg *.onemap.gov.sg *.cwp.sg vimeo.com *.wogaa.sg csp.withgoogle.com analytics.google.com stats.g.doubleclick.net analytics.google.com https://www.youtube.com/iframe_api *.sharethis.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://chat.vica.gov.sg https://autocomplete.vica.gov.sg https://bucket-vica.vica.gov.sg wss://chat.vica.gov.sg https://api-vica-bp.vica.gov.sg bcp.crwdcntrl.net crwdcntrl.net https://www.babybonus.msf.gov.sg *.vica.gov.sg *.sharethis.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cdn.cookielaw.org *.onetrust.com *.google.com *.google.nl *.googletagmanager.com fonts.googleapis.com; frame-src https://td.doubleclick.net/ https://*.gotowebinar.com/ https://www.youtube.com/ https://open.spotify.com https://*.orangecyberdefense.com https://www.orangecyberdefense.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com  https://www.googletagmanager.com data:; script-src 'nonce-vPHC5OJO6bLa5fD0nzoKSQ==' 'strict-dynamic' 'self' https:; connect-src https: cdn.cookielaw.org; img-src 'self' https: data:; manifest-src 'self' *.akamai-access.com; object-src 'none'; base-uri 'none'; report-to reports 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net *.cirium.com 1
img-src * data: *.hondabigwing.in:443; default-src * 'self'  https://* 'unsafe-inline' 'unsafe-eval'*.hondabigwing.in:8083;  1
default-src 'self'; script-src 'self' https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://d3js.org/ https://unpkg.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://www.youtube.com/ https://cibse-pst-umbraco.dev-log10.uk/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://pagecorrect.monsido.com/ https://heatmaps.monsido.com/ https://secure.visionary-enterprise-ingenuity.com/ https://app-script.monsido.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline'; img-src * data: umb:; frame-src 'self' https://go.cibse.org/ https://cibse-pst-umbraco.dev-log10.uk/ https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com/ https://forms.monday.com/ https://www.cognitoforms.com/ https://td.doubleclick.net/; font-src 'self' data: ;connect-src 'self' https://content.hotjar.io/ wss://ws.hotjar.com/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/ https://*.cibse.org/ https://cibse-cct-api.dev-log10.uk/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://cdn.linkedin.oribi.io/ https://idx.liadm.com/ https://heatmaps.monsido.com/ https://pagecorrect.monsido.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/ 1
default-src 'self'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https:; script-src-attr 'none'; script-src-elem 'report-sample' 'unsafe-inline' 'unsafe-eval' https: about: widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.bowtie.com.hk *.website-files.com *.cloudfront.net optimize.google.com tagmanager.google.com www.googletagmanager.com www.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.webflow.com assets.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io wss://*.cobrowse.io ekr.zendesk.com *.zdassets.com bowtieinsurance.zendesk.com wss://widget-mediator.zopim.com api.thereviewsplace.com web.delighted.com api.sprig.com api.userleap.com *.my.sentry.io sentry.io *.mixpanel.com cdn.mxpnl.com www.facebook.com capig.bowtie.hk *.google-analytics.com www.googletagmanager.com www.google.com www.google.com.hk adservice.google.com analytics.google.com *.analytics.google.com *.doubleclick.net *.googlesyndication.com bat.bing.com *.linkedin.com cdn.linkedin.oribi.io s.yimg.com; font-src 'self' data: fonts.gstatic.com *.bowtie.com.hk *.website-files.com *.cloudfront.net; form-action 'self' www.facebook.com; frame-src 'self' *.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io webflow.com optimize.google.com www.google.com www.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.facebook.com mozbar.moz.com www.youtube.com bowtieinsurance.typeform.com; media-src 'self' ssl.gstatic.com static.zdassets.com; frame-ancestors 'self'; child-src www.facebook.com; object-src 'none'; upgrade-insecure-requests; report-uri https://report-uri.bowtie.com.hk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss://*.driverscollection.com https://*.facebook.net https://*.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.yadro.ru https://widgets.pinterest.com https://www.linkedin.com https://www.reddit.com https://cdn.ampproject.org https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://translate.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://adservice.google.ad https://adservice.google.ae https://adservice.google.al https://adservice.google.am https://adservice.google.as https://adservice.google.at https://adservice.google.az https://adservice.google.ba https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.bi https://adservice.google.bj https://adservice.google.bs https://adservice.google.bt https://adservice.google.bt https://adservice.google.by https://adservice.google.ca https://adservice.google.cd https://adservice.google.cf https://adservice.google.cf https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.cl https://adservice.google.cm https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.ck https://adservice.google.co.cr https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.kr https://adservice.google.co.ls https://adservice.google.co.ma https://adservice.google.co.mz https://adservice.google.co.nz https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.ve https://adservice.google.co.vi https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw https://adservice.google.com https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.bd https://adservice.google.com.bh https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.com.bz https://adservice.google.com.co https://adservice.google.com.cu https://adservice.google.com.cy https://adservice.google.com.ec https://adservice.google.com.eg https://adservice.google.com.et https://adservice.google.com.fj https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.com.gt https://adservice.google.com.hk https://adservice.google.com.jm https://adservice.google.com.kh https://adservice.google.com.kw https://adservice.google.com.lb https://adservice.google.com.ly https://adservice.google.com.mm https://adservice.google.com.mt https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.com.na https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.com.np https://adservice.google.com.om https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.pg https://adservice.google.com.ph https://adservice.google.com.pk https://adservice.google.com.pr https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.com.sg https://adservice.google.com.sv https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.uy https://adservice.google.com.vc https://adservice.google.com.vn https://adservice.google.cv https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.dz https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gg https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.gy https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.ie https://adservice.google.im https://adservice.google.iq https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.jo https://adservice.google.ki https://adservice.google.kg https://adservice.google.kz https://adservice.google.la https://adservice.google.li https://adservice.google.lk https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.mn https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.ne https://adservice.google.nl https://adservice.google.no https://adservice.google.nr https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.sc https://adservice.google.se https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.sm https://adservice.google.sn https://adservice.google.so https://adservice.google.sr https://adservice.google.st https://adservice.google.td https://adservice.google.tg https://adservice.google.tl https://adservice.google.tm https://adservice.google.tn https://adservice.google.to https://adservice.google.tt https://adservice.google.vg https://adservice.google.vu https://adservice.google.ws https://cdnjs.cloudflare.com; report-uri https://driverscollection.com/csp-track.php; 1
frame-ancestors 'self'; report-uri https://nestlefamilyclub.es/report-uri/enforce 1
frame-src https://www.youtube-nocookie.com https://*.google.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-056983988d694c59f35202c931410a55'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://amp.azure.net/libs/amp/2.3.5/ https://rbsmediaprod-aueas.streaming.media.azure.net/ https://*.harmonykids.com.au/ data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://flex.cybersource.com/  https://redidocs-api.redbourne.com.au https://www.google.com/recaptcha/api.js https://www.gstatic.com https://amp.azure.net/libs/amp/2.3.5/ kendo.min.all.js https://*.harmonykids.com.au; worker-src blob:; connect-src 'self' ws://localhost:* ws://harmonyweb.au ws://harmonykids.au  ws://childcarecentral.au ws://childcarecentralkids.au https://rbsmediaprod-aueas.streaming.media.azure.net/; img-src 'self' https://flex.cybersource.com/ https://amp.azure.net/libs/amp/2.3.5/ data: blob:; style-src 'self' 'unsafe-inline' https://amp.azure.net/libs/amp/2.3.5/; frame-ancestors 'self'; form-action 'self'; frame-src 'self'  https://redidocs-api.redbourne.com.au  https://flex.cybersource.com/ https://www.google.com/ https://amp.azure.net/libs/amp/2.3.5/ data: blob:; 1
default-src 'self' http:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 1
default-src 'self'; img-src 'self' data: https://api.mapbox.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.mapbox.com https://js.stripe.com/v3/ https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.mapbox.com https://js.stripe.com/v3/ https://www.google-analytics.com; frame-src 'self' https://js.stripe.com https://calendar.google.com https://drive.google.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZDIyNzJmZWViZmEzMWVmYQ==' 'nonce-MTQxNjlkOTIwY2QzNDg2Mg==' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://code.jquery.com/jquery-3.5.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' data:; style-src 'sha256-u63PihE3COghISHa7lKT36CKADhM8M5ovxCijvnCeGg=' 'sha256-j4KLt4kEQ312AuUqAy5XvWbcZbwKYDa26bRMNy/j9vA=' 'sha256-8Ayo8ctgXanxvG567YD3IxJJ80DsgTgZRp+KZrpXGzk='; script-src 'sha256-/nEeE86N8ykMvnpONoxUKIKVkpk2VLejLWBhR4UuEPk=' 'sha256-wcSNn2MvQ0/HuUJ8EjnWeSIxYhHiP1BoyMqWqxwWBII=' 'sha256-uX1YEkZnD94HWAnmRFGobUERw5GnYj1r/4MaQxZwOO0='; frame-src https://ad.a-ads.com/ 1
script-src 'self' usa.experian.com smetrics1.experian.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com tagmanager.google.com pay.google.com www.google.com/recaptcha/api.js *.youtube.com *.facebook.net *.discover.com *.btstatic.com *.thebrighttag.com *.visualwebsiteoptimizer.com *.cloudflare.com *.clicktale.net *.siteimproveanalytics.com siteimproveanalytics.com *.pendo.io *.heapanalytics.com *.websecurity.norton.com nexus.ensighten.com *.aexp-static.com service.maxymiser.net omns.americanexpress.com lptag.liveperson.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.humanapi.co *.sundaysky.com edge.fullstory.com *.datadoghq-browser-agent.com *.datadoghq.com connect.finicity.com connect2.finicity.com bat.bing.com *.doubleclick.net *.truebill.com *.truebill.dev *.truebill.work *.amazonaws.com *.adobedtm.com *.decibelinsight.net 'unsafe-inline' 'unsafe-eval' blob: ; object-src 'self'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.doubleclick.net *.hotjar.com *.fontawesome.com data: *.oraclecloud.com *.monetate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.paypal.com * *.oraclecloud.com *.monetate.net 'self' 'unsafe-inline'; frame-ancestors *.coupahost.com *.demco.com *.equallevel.com *.k12.in.us *.ocps.net *.sciquest.com *.unimarket.com *.vusd.com *.eprosvcs.com *.e-procurementservices.com *.oraclecloud.com *.monetate.net https://marketer.monetate.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.paypal.com youtu.be *.bazaarvoice.com *.coupahost.com *.demco.com *.equallevel.com *.facebook.com *.google.com *.google-analytics.com *.hotjar.com *.k12.in.us *.sciquest.com *.unimarket.com *.mypurecloud.com *.ocps.net *.schoolfundingcenter.net *.vusd.com *.wistia.net *.doubleclick.net *.eprosvcs.com *.e-procurementservices.com *.pinterest.com *.oraclecloud.com https://demco.widen.net https://previews.us-east-1.widencdn.net *.monetate.net https://marketer.monetate.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com ct.pinterest.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com https://t.co *.facebook.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bing.com *.googletagmanager.com *.google.com *.google.com.mx *.doubleclick.net *.demco.com *.clarity.ms *.linkedin.com *.adsymptotic.com *.pages04.net images.applicant-tracking.com 8312.xg4ken.com fonts.gstatic.com *.eprosvcs.com *.e-procurementservices.com *.demcointeriors.com *.oraclecloud.com *.monetate.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.pinterest.com s.pinimg.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.bing.com *.googletagmanager.com *.hotjar.com *.bugherd.com chimpstatic.com gleam.io *.gleam.io *.doubleclick.net *.google.com *.facebook.net *.gstatic.com *.newrelic.com *.nr-data.net *.mypurecloud.com *.certona.net *.res-x.com *.cloudfront.net *.ads-twitter.com *.licdn.com *.fullstory.com *.clarity.ms *.pages04.net *.xg4ken.com assets.prismhr-hire.com code.jquery.com demco.applicant-tracking.com *.youtube.com *.oraclecloud.com *.monetate.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com assets.prismhr-hire.com *.oraclecloud.com *.monetate.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com https://previews.us-east-1.widencdn.net https://demco.widen.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com ct.pinterest.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.facebook.com *.nr-data.net *.adobedc.net *.google-analytics.com *.cloudfront.net *.fullstory.com *.ipgeolocation.io *.doubleclick.net *.clarity.ms *.google.com *.googlesyndication.com *.linkedin.oribi.io *.oraclecloud.com *.linkedin.com *.monetate.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.monetate.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://demco.com/demco/endpoint; report-to report-endpoint; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.escapebox.si  https://sveze-sadje-zelenjava.si; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  http://m.dolenjskilist.si  https://*.metropolitan.si  https://*.slo-podnapisi.eu  https://*.svet24.si  https://bivanje.si  https://creatives.sascdn.com  https://dijaski.net  https://e-vozila.si  https://enspot.si  https://fokuspokus.si  https://jejzdravo.si  https://kosarka.info  https://megasvet.si  https://moderna-zenska.si  https://nascas.si  https://necenzurirano.si  https://nogomania.si  https://nt-rc.si  https://pravi-moski.si  https://radio80.si  https://reporter.si  https://revijazeleniraj.si  https://rock-celje.si  https://rockmaribor.si  https://rokomet.net  https://smart-ad.com  https://snportal.si  https://spletnicasopis.eu  https://sprosti.se  https://studentski.net  https://vecer.com  https://velenje.com  https://www.angleskaliga.com  https://www.bambino.si  https://www.bodieko.si  https://www.dnevnik.si  https://www.dolenjskilist.si  https://www.domacebranje.com  https://www.ekohisastil.si  https://www.lepdan.si  https://www.megasvet.si  https://www.mojaozimnica.com  https://www.moji-recepti.net  https://www.monitor.si  https://www.pomurec.com  https://www.portalplus.si  https://www.portalplus.si  https://www.prlekija-on.net  https://www.razlagasanj.com  https://www.sanjskaknjiga.com  https://www.slovenskenovice.si  https://www.studentarija.net  https://www.velenje.com  https://www.vemkajjem.si  https://www.vemkajjem.si  https://www.vrtnarica.si  https://www.zenskisvet.si  https://zastarse.si  https://zdravstvena.info  https://zimski-sporti.si; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://kit.fontawesome.com/959e9b8767.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__en.js https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js; style-src 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://ka-f.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self'; img-src 'self' data: https://secure.gravatar.com https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://659d7351086f86bedad79875.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' google.com *.google.com gstatic.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.google.com gstatic.com *.gstatic.com yandexcloud.net *.yandexcloud.net; style-src 'unsafe-inline' *; img-src *; media-src *; frame-src https://privetmir.ru https://form.privetmir.ru https://www.google.com https://smartcaptcha.yandexcloud.net; 1
frame-ancestors ragingbull.com app.ragingbull.com dev.ragingbull.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: https://use.typekit.net data: https://www.googletagmanager.com https://*.adobe.com https://*.rolex.com https://bing.com https://*.bing.com https://*.google-analytics.com https://www.googleadservices.com  https://ajax.googleapis.com https://p.typekit.net https://*.approachguides.co https://approachguides.co https://*.approachguides.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://open.spotify.com  https://explorajourneys-b2b.oktapreview.com https://explorajourneys-b2c.oktapreview.com https://explorajourneystest-b2c.okta.com https://explorajourneystest-b2b.okta.com https://explorajourneys-b2b.okta.com https://explorajourneys-b2c.okta.com https://global.oktacdn.com https://*.instagram.com https://*.cdninstagram.com  https://*.explorajourneys.com https://explorajourneys.com https://maps.googleapis.com  https://assets.calendly.com https://calendly.com https://*.youtube.com https://www.google.com https://*.teads.tv https://maps.google.com https://maps.gstatic.com https://www.gstatic.com https://sdk.privacy-center.org https://snap.licdn.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.google.it https://api.privacy-center.org https://*.oribi.io https://*.exp360.com https://*.zencdn.net https://*.imgix.net https://*.day.com  https://*.jsdelivr.net https://*.fliphtml5.com https://fliphtml5.com https://*.acsbapp.com https://acsbapp.com https://adyen.com https://*.adyen.com; frame-ancestors  'none'; 1
frame-ancestors 'self'; report-uri https://logs.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub293163a918901030b79492fe1ab424cf&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=site%3Adatad0g.com 1
frame-ancestors http://sc.lcsd.gov.hk https://sc.lcsd.gov.hk https://*.hkpl.gov.hk https://*.lcsd-ngils.local 1
default-src 'self'; frame-src 'self' https://*.google.com https://*.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; sandbox allow-forms allow-scripts 1
report-uri //www.shihuo.cn/api/cspReport;child-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: blob: data: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com *.volcengineapi.com *.snssdk.com *.volcvod.com;frame-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: blob: data: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com *.volcengineapi.com *.snssdk.com *.volcvod.com;default-src 'unsafe-inline' 'unsafe-eval' https://shihuo.cn-hangzhou.log.aliyuncs.com http://*.hupu.com https://*.hupu.com http://*.alicdn.com https://*.alicdn.com http://*.taobaocdn.com https://*.taobaocdn.com http://*.taobao.com https://*.taobao.com http://*.alimama.cn http://*.tbcdn.cn https://*.alimama.cn http://*.doubleclick.net https://*.doubleclick.net *.hoopchina.com.cn *.hupucdn.com http://*.shihuocdn.cn https://*.shihuocdn.cn *.theyaoapp.com *.dewucdn.com *.weibo.com *.google.com *.shihuo.cn http://*.shihuocdn.cn https://*.shihuocdn.cn *.qq.com *.cnzz.com http://i.theyaoapp.com https://i.theyaoapp.com *.mmstat.com *.c-cnzz.com *.aliyuncs.com *.googleadservices.com *.googleadsserving.cn *.googletagservices.com *.googlesyndication.com *.haitaodashi.cn *.baidu.com *.sinajs.cn *.gstatic.com *.appadhoc.com *.tanx.com www.bilibili.com *.qiniu.com *.qiniup.com *.volcengineapi.com *.snssdk.com *.volcvod.com data: shimage: https://davstatic.dewu.com http://davstatic.dewu.com https://dav.dewu.com http://dav.dewu.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net 1
frame-ancestors 'self' *.arcgis.com *.nve.no; 1
frame-ancestors 'self' https://www.ocbc.com.my https://internet.ocbc.com.my https://unifymymobile.ocbc.com htpps://www.ocbcmalaysia.com *.qualtrics.com; default-src 'self' data: blob: *.ocbc.com *.ocbc.com.my *.ocbcmalaysia.com *.qualtrics.com; img-src 'self' data: *;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ocbc.com *.ocbc.com.my *.ocbc.local *.ocbcmalaysia.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.youtube.com *.google.com *.adobedtm.com *.alexa.com *.facebook.net *.facebook.com *.adroll.com *.jquery.com *.bootstrapcdn.com *.hotjar.com *.consensu.org *.brand-display.com *.amazonaws.com *.ytimg.com *.cloudfront.net *.morningstar.com https://optimize.urekamedia.com *.adnxs.com analytics.google.com *.qualtrics.com; font-src 'self' *;frame-src 'self' https://internet.ocbc.com https://internet.ocbc.com.my  https://www.ocbcmalaysia.com/ https://8414639.fls.doubleclick.net https://vars.hotjar.com https://bid.g.doubleclick.net https://cdn.brand-display.com *.youtube.com https://optimize.urekamedia.com *.qualtrics.com; style-src 'self' 'unsafe-inline' *.ocbc.com *.ocbc.com.my *.ocbc.local http://dcistaging.com https://dcistaging.com *.jquery.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.morningstar.com; connect-src 'self' *.ocbc.com *.ocbc.com.my *.ocbc.local *.ocbcmalaysia.com *.morningstar.com *.doubleclick.net *.google-analytics.com analytics.google.com *.qualtrics.com; 1
frame-ancestors *.ansarada.com https://go.ansarada.com 1
frame-ancestors 'self' https://mail.missiveapp.com; 1
frame-ancestors 'self' https://*.corcentricplatform.com https://*.determine.com; 1
frame-ancestors 'self' https://www.glance.net 1
default-src https: data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com htps://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.googlesyndication.com https://ad.atdmt.com https://*.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.googlesyndication.com https://platform.twitter.com https://cdn.ampproject.org https://*.truste.com; connect-src https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.googlesyndication.com 1
default-src 'self' https://*.microsoft.com https://*.microsoft.us https://*.microsoftonline.com https://*.youtube.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com  ;font-src data: 'self' https://*.akamaihd.net https://*.sharepointonline.com fonts.gstatic.com https://*.avepointonlineservices.com https://*.azureedge.net https://*.office.net https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;img-src data: 'self' * *.aptrinsic.com  https://*.segment.com https://*.segment.io https://*.avepointonlineservices.com storage.googleapis.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;frame-src 'self' https://*.microsoftonline.com https://*.microsoftonline.us https://*.youtube.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;script-src 'self'  'nonce-m9LS1l5jQnqZbTKrMKtL5FGbbQqUBbuW'  *.aptrinsic.com https://*.segment.com https://*.segment.io https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;style-src 'self' 'unsafe-inline' *.aptrinsic.com https://*.avepointonlineservices.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com  ;connect-src 'self' https://*.microsoft.com https://*.microsoft.us https://*.microsoftonline.com https://*.blob.core.windows.net https://*.blob.core.usgovcloudapi.net *.aptrinsic.com https://*.segment.com https://*.segment.io https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com ;frame-ancestors https://*.microsoft.com https://*.microsoft.us https://*.sharepoint.us https://*.sharepoint.com https://*.avepointonlineservices.com https://*.avepointonlineservices.com https://prod.aos.cdn.avepointonlineservices.com  https://graph-public.sharepointguild.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noagendasocial.com; img-src 'self' https: data: blob: https://noagendasocial.com; style-src 'self' https://noagendasocial.com 'nonce-nf1m0UFzeiJHltMUHPl3gw=='; media-src 'self' https: data: https://noagendasocial.com; frame-src 'self' https:; manifest-src 'self' https://noagendasocial.com; form-action 'self'; child-src 'self' blob: https://noagendasocial.com; worker-src 'self' blob: https://noagendasocial.com; connect-src 'self' data: blob: https://noagendasocial.com https://static.noagendasocial.com wss://noagendasocial.com; script-src 'self' https://noagendasocial.com 'wasm-unsafe-eval' 1
connect-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://dpm.demdex.net *.tt.omtrdc.net https://lasteventf-tm.everesttech.net https://display.ipaper.io https://cdn.ipaper.io app.responseiq.com static.responseiq.com storage.googleapis.com https://vimeo.com *.starkgroup.dk https://*.stark.dk https://dawa.aws.dk policy.app.cookieinformation.com consent.app.cookieinformation.com dpm.demdex.net https://stark-test.criipto.id/ api.relewise.com https://squid-api.tjek.com https://api.etilbudsavis.dk https://events.service.shopgun.com/sync https://wolf-api.tjek.com/sync https://*.wistia.com https://*.litix.io/ https://*.akamaihd.net https://psaecomendpoints.blob.core.windows.net/  https://*.viamap-gms.net/ https://s2.adform.net/ https://*.viamap.net/ https://submit.jotformeu.com/server.php https://eu-submit.jotform.com/server.php https://www.stark.vg.outline.dk/umbraco/api/icarus/configuration https://adobedc.demdex.net/  https://edge.adobedc.net/  https://bumblebee-api.tjek.com/api/v2/generate_publication_section_incito https://*.aviou.io;default-src 'self' blob: https://stark.mapinfo.viamap-gms.net/ https://adobedc.demdex.net/ https://*.aviou.io;font-src 'self' data: app.responseiq.com static.responseiq.com storage.googleapis.com https://d3qnoxvhi29qvt.cloudfront.net https://*.gstatic.com/ https://*.aviou.io;frame-ancestors 'self' https://service.ariba.com/ https://s1-eu.ariba.com/;frame-src 'self' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com * ;img-src 'self' *.starkgroup.dk https://*.stark.dk * data: http://www.w3.org/2000/svg *.doubleclick.net https://www.google.com ;media-src 'self' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com blob: https://*.wistia.net https://*.cloudfront.net data: https://*.akamaihd.net http://*.googleapis.com https://*.aviou.io;script-src 'self' www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://www.youtube-nocookie.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://assets.adobedtm.com https://www.everestjs.net/static/le/last-event-tag-latest.min.js https://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com mypresswire.com *.starkgroup.dk https://*.stark.dk *.tt.omtrdc.net https://www.googleadservices.com https://www.google.com https://display.ipaper.io https://cdn.ipaper.io https://*.scratcher.io policy.app.cookieinformation.com consent.app.cookieinformation.com app.responseiq.com static.responseiq.com storage.googleapis.com  https://d21oefkcnoen8i.cloudfront.net https://code.jquery.com/jquery-3.4.1.min.js https://d3qnoxvhi29qvt.cloudfront.net https://*.wistia.com blob: https://*.wistia.net https://*.akamaihd.net https://via.ritzau.dk/embedded/prs_embedded.js https://via.ritzau.dk/embedded/iframeResizer.min.js https://*.ritzau.dk blob:  https://*.viamap-gms.net/  https://*.outline.dk https://outline.dk/scripts/iframeResizer.min.js https://*.facebook.net/ https://s2.adform.net/ https://form.jotform.com/jsform/212241750019344 https://browser.sentry-cdn.com/5.12.1/bundle.min.js https://cdn01.jotfor.ms/static/prototype.forms.js https://cdn02.jotfor.ms/static/jotform.forms.js https://cdn.jotfor.ms/s/umd/5470ace351f/for-cardform-js.js https://www.jotform.com/ownerView.php https://cdn.jotfor.ms/js/formTranslation.v2.js https://track.adform.net https://cdn01.jotfor.ms/s/umd/c39932cd62a/for-cardform-js.js https://adobedc.demdex.net/  https://d21oefkcnoen8i.cloudfront.net/sgn-sdk-4.x.x.min.js https://*.aviou.io;style-src 'self' 'unsafe-inline' *.tt.omtrdc.net app.responseiq.com static.responseiq.com storage.googleapis.com policy.app.cookieinformation.com consent.app.cookieinformation.com https://d21oefkcnoen8i.cloudfront.net  https://*.viamap-gms.net/ https://unpkg.com/maplibre-gl@2.1.9/dist/maplibre-gl.css https://cdn.jotfor.ms/stylebuilder/default.css https://cdn.jotfor.ms/stylebuilder/212241750019344.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/lang-dd.css https://fonts.googleapis.com/css https://cdn.jotfor.ms/stylebuilder/212241750019344/style.css https://*.aviou.io; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://answers.silvercloudinc.com https://js.locatorsearch.com https://ci-mpsnare.iovation.com https://integration.silvercloudinc.com https://siteimproveanalytics.com https://code.jquery.com https://cportal.lendingqb.com https://secure.pricemyloan.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://web.baconpay.com https://*.salemove.com https://*.glia.com https://libs.salemove.com https://cdn.segmint.net https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://js.poshdevelopment.com https://ajax.microsoft.com https://kendo.cdn.telerik.com https://cdnjs.cloudflare.com https://chat.nasafcu.com:8085 https://maps.googleapis.com https://nasafculocator.wave2.io https://cdn.signalfx.com https://integration-cdn.silvercloudinc.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.typekit.net p.typekit.net https://integration.silvercloudinc.com https://tagmanager.google.com https://*.salemove.com https://*.glia.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net https://assets.salemove.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://answers.silvercloudinc.com https://images.locatorsearch.com https://us2.siteimprove.com https://integration.silvercloudinc.com https://*.salemove.com https://*.glia.com https://www.google.com https://cdn.segmint.net https://86400.global.siteimproveanalytics.io https://cdn.cookielaw.org https://www.nasafcu.com https://chat.nasafcu.com:8085 https://nasafcu.com https://winstar-92-adswizz.attribution.adswizz.com https://pixel.tapad.com https://integration-cdn.silvercloudinc.com; media-src 'self' data: blob: https://*.salemove.com https://*.glia.com https://chat.nasafcu.com:8085; frame-src 'self' https://nasafcu.locatorsearch.com https://www.googletagmanager.com/ https://wwwbeta.nasafcu.com https://www.nasafcu.com https://ebranch.nasafcu.com/ https://www.stickleyonsecurity.com/ https://player.vimeo.com/ https://accountguardian.nasafcu.com https://balancetransfer.nasafcu.com https://checkingdecision.nasafcu.com https://electronicprocessingnumber.nasafcu.com https://fraudalerts.nasafcu.com https://openchecking.nasafcu.com https://opencertificate.nasafcu.com https://remotedeposit.nasafcu.com https://cportal.lendingqb.com https://secure.pricemyloan.com https://estatementenrollment.nasafcu.com/ https://web.baconpay.com https://creditlimitpromo.nasafcu.com https://connect.segmint.net/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://website-productionversion112.nasafcu-ase.com https://origination.mortgage.meridianlink.com/ https://edocs2.mortgage.meridianlink.com/ https://www.calcxml.com/ https://nasafculocator.wave2.io https://outlook.office365.com/owa/calendar/krhineNASAFCUinvestments@nasafcu.onmicrosoft.com/bookings/ https://td.doubleclick.net; frame-ancestors 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.googletagmanager.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://litho.silvercloudinc.com https://integration.silvercloudinc.com https://*.glia.com wss://*.glia.com https://*.twilio.com wss://*.twilio.com https://*.salemove.com wss://*.salemove.com https://cdn.segmint.net https://connect.segmint.net https://s3.amazonaws.com/cdn.segmint.net/ https://api.segmint.net https://stats.g.doubleclick.net https://in.hotjar.com https://cdn.cookielaw.org https://vc.hotjar.io https://privacyportal-eu.onetrust.com https://chat.nasafcu.com:8085 https://maps.googleapis.com https://rum-ingest.us1.signalfx.com https://analytics.google.com https://integration-cdn.silvercloudinc.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com; 1
frame-ancestors 'self' https://emeraude.lightning.force.com  https://www.espacepro-programme-voyageur.sncf.com 1
object-src 'none'; form-action 'self' https://*.hypotheker.nl; frame-ancestors 'self' https://*.huislijn.nl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com db.revoffers.com sp.analytics.yahoo.com s.yimg.com insight.adsrvr.org api.privy.com www.google-analytics.com dpm.demdex.net *.userway.org app.termly.io js.driftt.com *.slack.com diamondcbd.go2cloud.org *.fls.doubleclick.net global.ib-ibi.com tags.bluekai.com pixel.tapad.com uipglob.semasio.net dsum-sec.casalemedia.com player.vimeo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net app.shop.pe *.intercomcdn.com; connect-src 'self' stats.g.doubleclick.net s.yimg.com db.revoffers.com db.trackcb.com www.google-analytics.com a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com telemetrics.klaviyo.com app.termly.io js.driftt.com widget.privy.com *.privy.com *.userway.org *.ipqualityscore.com *.yotpo.com *.authorize.net track.flexlinks.com vimeo.com shop.pe *.datadome.co *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://track.segmetrics.io *.cloudfront.net *.google.com api.agechecker.net https://db.trackcb.com app.shop.pe shopper.shop.pe https://o1281800.ingest.sentry.io/api/6614326/store/ https://o1281800.ingest.sentry.io/api/6614326/envelope/; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.intercomcdn.com https://*.hotjar.com https://cdn.userway.org cdn.agechecker.net *.cdnfonts.com; frame-src 'self' nytrng.com *.revoffers.com *.driftt.com *.userway.org *.go2cloud.org *.fls.doubleclick.net track.flexlinks.com *.vimeo.com *.googlevideo.com *.gvt1.com video.google.com *.youtu.be *.youtube.com https://*.hotjar.com app.termly.io; img-src 'self' upx.provenpixel.com telemetrics.klaviyo.com insight.adsrvr.org *.google.com *.google.pl *.google.us sp.analytics.yahoo.com www.google-analytics.com *.userway.org privymktg.com google-analytics.com dpm.demdex.net *.privy.com diamondcbd.go2cloud.org service.trafficroots.com sigma2.pubmatic.com *.adsrvr.org *.google.am *.doubleclick.net *.mantisadnetwork.com *.shareasale.com *.shareasale-analytics.com i.vimeocdn.com data: *.truoptik.com *.google.me *.adnxs.com *.bluekai.com *.ib-ibi.com *.semasio.net *.yotpo.com *.dotomi.com *.media6degrees.com https://usermatch.krxd.net https://*.hotjar.com *.cloudfront.net img.agechecker.net api.agechecker.net blob: shopper.shop.pe *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com *.ipqualityscore.com *.yotpo.com www.googletagmanager.com s.btstatic.com *.cloudflareinsights.com *.driftt.com *.klaviyo.com *.authorize.net s.thebrighttag.com cdn-swell-assets.yotpo.com static.klaviyo.com www.google-analytics.com static.cloudflareinsights.com *.userway.org *.termly.io *.privy.com shop.pe *.cloudfront.net *.s3.amaonaws.com *.shop.pe js.intercomcdn.com *.intercom.io https://*.hotjar.com app.shop.pe cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static-tracking.klaviyo.com *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com cdn-loyalty.yotpo.com www.googletagmanager.com s.btstatic.com static.cloudflareinsights.com a.klaviyo.com www.google-analytics.com cdn-swell-assets.yotpo.com s.thebrighttag.com static.klaviyo.com *.userway.org app.termly.io js.driftt.com *.privy.com shop.pe *.ipqualityscore.com *.cloudfront.net ajax.cloudflare.com *.authorize.net *.gstatic.com shareasale-analytics.com *.s3.amazonaws.com *.shop.pe *.datadome.co *.yotpo.com *.intercom.io *.intercomcdn.com *.newrelic.com bam.nr-data.net *.hotjar.com *.facebook.net sdk.trackcb.com https://tag.segmetrics.io cdn.agechecker.net app.shop.pe cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdn-swell-assets.yotpo.com maxcdn.bootstrapcdn.com *.klaviyo.com *.privy.com *.gstatic.com *.cloudfront.net *.addshoppers.com *.userway.org https://*.hotjar.com *.cdnfonts.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://manage.rdhmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
script-src 'self' ssl.google-analytics.com www.pagespeed-mod.com www.googleadservices.com cdnjs.cloudflare.com unpkg.com code.jquery.com dmogdx0jrul3u.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com static.opentok.com cdn.finsweet.com assets.website-files.com js.stripe.com js.hsforms.net d3e54v103j8qbb.cloudfront.net ajax.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com cdn.calibermind.com js.hs-scripts.com bat.bing.com snap.licdn.com googleads.g.doubleclick.net www.googleoptimize.com cdn.popupsmart.com cdn.usefathom.com cdn-cookieyes.com px.airpr.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net finsweet-cmslib-scripter.s3.us-east-2.amazonaws.com assets-global.website-files.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com j.6sc.co px.ads.linkedin.com vidassets.terminus.services www.facebook.com 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src asset.mavenclinic.com asset.mvnctl.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub98c828d344e4e597329d4c9c232ee109&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src https://mobile.enpf.kz/JasperReports/api/sendPDFtoEmail https://mobile.enpf.kz/JasperReports/api/EnpfCalculator2 https://mobile.enpf.kz/restService/mobileservice/generic/calcPension https://web.enpf.kz https://web.enpf.kz/web/js/jquery.signalR-1.1.3.min.js https://mobileservice.enpf.kz/signalr/signalr/hubs https://public.slidesharecdn.com http://enpf24.kz https://enpf.kz https://172.31.0.130 https://www.enpf.kz https://onlinechat.enpf.kz https://www.google.com; script-src https://etels.enpf.kz https://digitalofficeps.enpf.kz/* https://digitalofficepss.enpf.kz/* wss://digitalofficeps.enpf.kz/* wss://digitalofficepss.enpf.kz/* https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://portfoliows.enpf.kz/ https://livechat.chat2desk.kz https://www.googletagmanager.com https://mc.yandex.ru https://yastatic.net https://web.enpf.kz/web/js/jquery.signalR-1.1.3.min.js https://mobileservice.enpf.kz/signalr/signalr/hubs https://web.enpf.kz  https://mobile.e-npf.kz https://api.post.kz/ https://ssl.livezilla.net https://enpf.kz https://ip-api.com/ https://api-maps.yandex.ru https://code.jquery.com https://www.gstatic.com/ https://www.google.com/ https://172.31.0.130 https://bitrix.info https://onlinechat.enpf.kz https://www.enpf.kz http://www.enpf.kz https://www.googleapis.com https://www.google-analytics.com/analytics.js  127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src https://etels.enpf.kz https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz https://www.gstatic.com https://enpf.kz https://code.jquery.com https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://fonts.gstatic.com https://fonts.googleapis.com https://onlinechat.enpf.kz 'unsafe-inline'; connect-src 'self' https://cabinet.enpf.kz/restServiceCabinet/ https://nomadterminal.enpf.kz/ https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new wss://livechat.chat2desk.kz/ https://portfoliows.enpf.kz/ https://mobile.enpf.kz https://stats.g.doubleclick.net https://www.google-analytics.com/ https://mc.yandex.ru ws://localhost:8887/ws wss://mobileservice.enpf.kz/signalr/signalr/* wss://mobile.e-npf.kz https://livechat.chat2desk.kz https://mobile.e-npf.kz https://api.post.kz/ https://enpf.kz wss://127.0.0.1:* https://ip-api.com https://mobileservice.enpf.kz/ https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://bitrix.info; font-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz http://enpf24.kz https://enpf.kz https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://fonts.gstatic.com https://fonts.googleapis.com; media-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://enpf.kz https://onlinechat.enpf.kz; plugin-types application/x-shockwave-flash application/x-java-applet application/pdf application/xml; img-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz 'self' data: https://chart.googleapis.com https://mc.yandex.ru https://web.enpf.kz  https://code.jquery.com https://enpf.kz https://172.31.0.130 https://mobileservice.enpf.kz https://onlinechat.enpf.kz https://*.yandex.ru https://api-maps.yandex.ru https://*.yandex.net http://www.enpf.kz https://www.google-analytics.com  https://www.enpf.kz; child-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://onlinechat.enpf.kz https://www.google.com https://api-maps.yandex.ru http://www.enpf.kz https://www.enpf.kz https://172.31.0.130 https://enpf.kz https://www.youtube.com https://www.slideshare.net/ object-src http://gcvpproxy-egov.enpf.kz/* 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.mouseflow.com https://news.quinnemanuel.com https://pi.pardot.com https://snap.licdn.com https://static.srcspot.com/libs/avril.js https://www.google.com/recaptcha/api.js https://www.redditstatic.com/ads/pixel.js https://www.gstatic.com https://www.googleadservices.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.22.2/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/moment-timezone/0.5.34/moment-timezone-with-data-10-year-range.js https://addevent.com/libs/atc/1.6.1/atc.min.js https://cdn.addevent.com/legacy2000/libs/atc/1.6.1/atc.min.js https://www.addevent.com https://adservice.google.com; media-src https://quinnemanuel.com; connect-src 'self' https://our.umbraco.com https://n2.mouseflow.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://news.quinnemanuel.com https://www.google.com https://www.youtube.com https://cdn.yoshki.com; child-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src 'self' www.book2look.com 'unsafe-inline' 'unsafe-eval' beckassets.blob.core.windows.net/author/portrait/ rd-space-de.fra1.cdn.digitaloceanspaces.com/prod/beck/ www.chbeck.de *.usercentrics.eu *.googletagmanager.com *.google-analytics.com imageservice.azureedge.net *.google.com *.gstatic.com *.youtube.com i.ytimg.com *.cloudflare.com *.beck-shop.de *.doubleclick.net *.hotjar.io *.hotjar.com *.googleapis.com *.ggpht.com *.aspnetcdn.com *.spotify.com *.zdf.de *.sensic.net *.akamaihd.net *.nmrodam.com *.ioam.de *.soundcloud.com *.sndcdn.com *.ggpht.com apim-unverlangtedigmanusscripte.azure-api.net ik.imagekit.io/ mailing.beck.de/ cdn-assetservice.ecom-api.beck-shop.de *.beck-shop.de; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nu; img-src 'self' https: data: blob: https://mastodon.nu; style-src 'self' https://mastodon.nu 'nonce-avHi3+OS7xlAxGQjwTxbvg=='; media-src 'self' https: data: https://mastodon.nu; frame-src 'self' https:; manifest-src 'self' https://mastodon.nu; form-action 'self'; child-src 'self' blob: https://mastodon.nu; worker-src 'self' blob: https://mastodon.nu; connect-src 'self' data: blob: https://mastodon.nu https://media.mastodon.nu wss://mastodon.nu; script-src 'self' https://mastodon.nu 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com herokuapp.com *.herokuapp.com amazonaws.com *.amazonaws.com sentry.dev.nn-services.de *.dev.nn-services.de *.nn-services.de stripe.com *.stripe.com stripe.network *.stripe.network chargebee.com *.chargebee.com iterable.com *.iterable.com doubleclick.com *.doubleclick.com plyr.io *.plyr.io unity3d.com *.unity3d.com *.cloud.unity3d.com googleapis.com *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; img-src 'self' data: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com plyr.io *.plyr.io analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com stripe.com *.stripe.com chargebee.com *.chargebee.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com; child-src 'self' blob: chargebee.com *.chargebee.com neuronation.com *.neuronation.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com; frame-ancestors 'self' neuronation.com *.neuronation.com *.evocare.org evocare.org 1
default-src 'self'; connect-src 'self' https://maps.googleapis.com https://developers.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://graph.facebook.com https://www.linkedin.com; font-src 'self' https://fonts.gstatic.com https://unpkg.com; frame-src https://www.recaptcha.net https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.recaptcha.net https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Kp5KH+HEY9v+mvhqkj2kwQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' *.shannons.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.shannons.com.au *.typekit.net *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ensighten.com *.suncorp.com.au *.googletagmanager.com *.plavxml.com *.bugherd.com *.facebook.net *.clicktale.net *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.g.doubleclick.net *.moatads.com *.sharethis.com *.addthisedge.com *.cloudfront.net *.siteintercept.qualtrics.com *.pinterest.com *.inmoment.com.au *.adgile.media blob:; connect-src 'self' *.shannons.com.au *.studiomoso.com.au *.demdex.net *.tt.omtrdc.net *.vimeo.com *.clicktale.net *.sharethis.com *.suncorp.com.au *.qualtrics.com *.typekit.net sessions.bugsnag.com *.bugherd.com *.cloudfront.net *.pusher.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net frankmooreadvertising.createsend.com *.inmoment.com.au *.adgile.media *.test.aami.com.au *.bugsnag.com; img-src 'self' *.shannons.com.au *.studiomoso.com.au *.ytimg.com *.vimeocdn.com *.clicktale.net *.doubleclick.net *.g.doubleclick.net *.ensighten.com *.google.com *.google.com.au *.facebook.com *.google-analytics.com *.googletagmanager.com *.plavxml.com *.typekit.net *.cloudfront.net *.amazon-adsystem.com bugherd-attachments.s3.amazonaws.com *.sharethis.com *.pinterest.com *.bugherd.com data:; style-src 'self' 'unsafe-inline' *.shannons.com.au *.typekit.net *.googleapis.com *.bootstrapcdn.com *.cloudfront.net *.bugherd.com; font-src 'self' *.shannons.com.au *.typekit.net *.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.bugherd.com data:; frame-src 'self' *.shannons.com.au *.youtube-nocookie.com *.youtube.com *.vimeo.com *.demdex.net *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.sharethis.com *.nextlot.com *.google.com *.pinterest.com *.google.com.au omny.fm; frame-ancestors 'self' *.test.shannons.com.au *.test.suncorp.com.au *.test.shannons.com.au *.shannons.com.au *.suncorp.com.au; media-src 'self' *.shannons.com.au *.vimeo.com *.youtube-nocookie.com *.youtube.com *.facebook.com *.akamaized.net *.cloudfront.net 1
default-src 'self'; script-src 'self' https://platform.twitter.com/widgets.js https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://www.calendarwiz.com https://cdn.plot.ly https://players.brightcove.net https://analytics.brightcove.net https://kit.fontawesome.com  https://s0.2mdn.net https://adservice.google.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ js.hs-scripts.com js.hsforms.net/ js.hs-analytics.net *.en25.com cdn.ampproject.org cbbb.realmagnet.land http://bbbprograms.org/Sitefinity/Authenticate/OpenID/assets/app.FormPostResponse.js https://tagmanager.google.com https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com https://assets.bbbprograms.org/ https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 *.crazyegg.com https://stats.g.doubleclick.net/j/collect https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://js.hsforms.net/forms/v2.js https://js.hs-banner.com/8712603.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.paypalobjects.com/ https://googleads.g.doubleclick.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/; style-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://www.calendarwiz.com https://cbbb.wufoo.com https://players.brightcove.net 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://bbbprograms.org https://assets.bbbprograms.org; font-src 'self' https://cloud.typography.com/ https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com http://www.calendarwiz.com https://players.brightcove.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/ https://bbbprograms.org/ https://assets.bbbprograms.org; img-src *.s3.amazonaws.com https://www.calendarwiz.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://secure-cf-c.ooyala.com http://cf.c.ooyala.com https://players.brightcove.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com clients1.google.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.coms https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://d3w4wo0n3briz3.cloudfront.net/ https://assets.bbbprograms.org/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://perf.hsforms.com/ https://p.adsymptotic.com/ https://px4.ads.linkedin.com/ https://analytics.google.com/; media-src http://cf.c.ooyala.com 'self' data: blob:; form-action 'self' https://cbbb.wufoo.com https://bbbprograms.org https://forms.hsforms.com/ https://js.hsforms.net/ https://desk.zoho.com/support/WebToCase; child-src https://www.google.com https://auto.bbbnp.org/ https://caru.bbbnp.org https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net http://imasdk.googleapis.com/ http://l.ooyala.com/ 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com https://privacyseals.bbbprograms.org/ web.facebook.com badge.stumbleupon.com https://js.hsforms.net/forms-next/shell-recaptcha https://applications.bbbprograms.org https://forms.hsforms.com/submissions/ https://bbbprograms.org blob: *.adobe.com/ https://assets.bbbprograms.org https://privacyinitiatives.bbbprograms.org https://privacyinitiatives.bbbnp.org; connect-src *.google-analytics.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net https://licensing.bitmovin.com https://metrics-api.librato.com 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://stats.g.doubleclick.net/ https://js.hs-banner.com/cookie-banner-public/v1/domain-collection https://ka-f.fontawesome.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/aafc1d80-12f1-408c-8344-a1ec382e57db.json.gz https://script.crazyegg.com/ https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/86a3b92f-d714-41db-b093-1a560633c100.json.gz https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://pagestates-tracking.crazyegg.com/ https://analytics.google.com/ https://assets.bbbprograms.org https://cdn.linkedin.oribi.io/ https://api.hubapi.com/hs-script-loader-public/; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://iframe-mdm.kahlua.com *.sleeknote.com; worker-src blob: 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org fpnpmcdn.net *.gstatic.com *.googletagmanager.com *.hotjar.com *.fbcdn.net https://ssl.gstatic.com https://www.google-analytics.com *.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org *.adform.net https://static.zdassets.com *.zendesk.com connect.facebook.net 1
frame-src 'self' uzis.cz  https://www.youtube.com https://audiovisual.ec.europa.eu; frame-ancestors 'self' nzip.cz https://www.nzip.cz 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.wp.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://* http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline'; img-src https://* 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src https://* 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.wp.com; frame-src https://* 'self' data: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src-elem https://* 'self' https://*.wp.com 'unsafe-inline'; connect-src https://* 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://989425.apps.zdusercontent.com https://clipboardhealth.zendesk.com; 1
frame-ancestors 'self' ida-akdb.coyocloud.com *.akdb.de *.akdb.net *.gkds.bayern *.gkds.de *.bay-innovationsstiftung.de *.innovationsstiftung.bayern www.akdb-kommunalforum.de 1
default-src 'self' https: recipeland.com c.recipeland.com ws-na.amazon-adsystem.com ir-na.amazon-adsystem.com pixel.adsafeprotected.com chicoryapp.com; font-src 'self' https: data: c.recipeland.com fonts.gstatic.com; img-src 'self' https: data: c.recipeland.com pixel.adsafeprotected.com ib.adnxs.com; object-src 'none'; script-src 'self' https: recipeland.com c.recipeland.com mato.recipeland.com ads.blogherads.com 'unsafe-inline' 'unsafe-eval' assets.pinterest.com cdn.adsafeprotected.com secure.cdn.fastclick.net cdn.id5-sync.com ats.rlcdn.com native.sharethrough.com chicoryapp.com cdn-gateflipp.flippback.com; style-src 'self' https: c.recipeland.com 'unsafe-inline' fonts.googleapis.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.hotjar.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://www.paypal.com https://www.paypalobjects.com https://www.google.pt https://s.go-mpulse.net https://*.googleapis.com https://*.cookielaw.org https://*.googleoptimize.com https://*.klarnacdn.net; img-src 'self' data: https://*.google-analytics.com https://*.doubleclick.net https://*.googleadservices.com https://www.google.com https://www.google.pt https://www.facebook.com https://*.paypal.com https://www.paypalobjects.com https://*.googleapis.com https://*.gstatic.com https://*.cookielaw.org https://*.googletagmanager.com; child-src 'self' https://www.paypalobjects.com https://*.paypal.com; frame-src 'self' https://www.google.com https://vars.hotjar.com https://www.facebook.com https://www.paypalobjects.com https://*.paypal.com https://www.youtube.com https://www.catalogoboticario.com https://*.vimeo.com https://*.issuu.com https://*.klarna.com https://*.google.com; connect-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://stats.g.doubleclick.net https://c.go-mpulse.net https://*.hotjar.com wss://*.hotjar.com https://*.akstat.io https://*.googleapis.com https://*.cookielaw.org https://*.analytics.google.com https://*.google-analytics.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.klarna.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com 1
default-src 'self' *.bokf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.ipdata.co cdn.stape.io https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://www.clarity.ms https://www.clarity.ms https://geolocation.onetrust.com/ https://bat.bing.com *.bokf.com *.mpeasylink.com https://i.tryinteract.com https://tr-rc.lfeeder.com https://tag.clearbitscripts.com ws.sessioncam.com https://bokf.wufoo.com https://sc.lfeeder.com https://www.googleanalytics.com https://www.googleoptimize.com  https://optimize.google.com cdn.timetrade.com *.googletagmanager.com *.calcxml.com http://cdnjs.cloudflare.com http://www.google.com http://ajax.googleapis.com *.google-analytics.com http://maxcdn.bootstrapcdn.com *.cloudfront.net *.googleadservices.com app.quotemedia.com http://qmod.quotemedia.com c1.rfihub.net http://connect.facebook.net img.en25.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com *.doubleclick.net *.convertlanguage.com s3.amazonaws.com/trk.cetrk.com/9/t.js s3.amazonaws.com/trk.cetrk.com/b/t.js *.facebook.com https://www.linkedin.com/ www.gstatic.com cdn.glassboxcdn.com snap.licdn.com tracking.bokfinancial.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.adsrvr.org https://insight.adsrvr.org https://extend.vimeocdn.com http://player.vimeo.com https://www.vimeo.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com vimeo.com/api/oembed.js www.bokfinancial.com www.bankofalbuquerque.com www.bankofoklahoma.com www.bankoftexas.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ fast.fonts.net https://optimize.google.com http://www.calcxml.com *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://bat.bing.com *.kaltura.com i.ytimg.com https://www.google-analytics.com https://tr-rc.lfeeder.com https://www.googletagmanager.com/ https://www.google.com.mx/ads/ *.mpeasylink.com http://www.google-analytics.com *.google.com https://stats.g.doubleclick.net insight.adsrvr.org *.bokfinancial.com *.bankofoklahoma.com *.bankofalbuquerque.com *.bankoftexas.com https://www.facebook.com http://www.calcxml.com https://i.vimeocdn.com px.ads.linkedin.com p.adsymptotic.com https://cm.g.doubleclick.net https://analytics.convertlanguage.com https://dpm.demdex.net https://www.linkedin.com/ https://match.adsrvr.org https://idpix.media6degrees.com https://s.thebrighttag.com https://uipglob.semasio.net https://loadm.exelator.com https://ads.scorecardresearch.com https://cw.addthis.com https://e.nexac.com https://match.sync.ad.cpe.dotomi.com https://cs.adingo.jp https://usermatch.krxd.net https://x.dlx.addthis.com https://x.bidswitch.net https://match.sharethrough.com https://simage2.pubmatic.com https://eb2.3lift.com https://load77.exelator.com https://pixel.rubiconproject.com https://su.addthis.com https://ib.adnxs.com https://pixel.tapad.com https://mid.rkdms.com/ https://dmp.truoptik.com https://i.liadm.com https://io.narrative.io https://odr.mookie1.com https://ups.analytics.yahoo.com https://ml314.com/utsync.ashx https://beacon.krxd.net https://tags.rd.linksynergy.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://data.adxcel-ec2.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; font-src 'self' data: https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fast.fonts.net *.cloudflare.com fonts.gstatic.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://z.clarity.ms/collect https://geolocation.onetrust.com/ chat.bok.com https://cdn.linkedin.oribi.io/ *.googleapis.com *.calcxml.com app.quotemedia.com https://cdn.linkedin.oribi.io api.addsearch.com report.bokf.glassboxdigital.io http://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; frame-src 'self' https://cdn.cookielaw.org/ https://www.calcxml.com/ https://www.clarity.ms https://geolocation.onetrust.com/ *.mpeasylink.com *.timetrade.com https://optimize.google.com https://quiz.tryinteract.com/ https://bokf.wufoo.com https://cdn.embedly.com/ http://player.vimeo.com http://www.surveygizmo.com *.doubleclick.net adservice.google.com *.youtube.com http://www.google.com *.kaltura.com http://videos.bokf.com tracking.bokfinancial.com https://insight.adsrvr.org https://quickquote-config.optimalblue.com https://quickquote-consumer.optimalblue.com/ https://match.adsrvr.org https://*.bokf.com; frame-ancestors 'self' *.bokf.com; 1
default-src https: 'self'; object-src https: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* ; style-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/jspdf/1.5.3/jspdf.min.js https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js; img-src https: data: 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' rosmorport.ru *.rosmorport.ru rosmorport.com *.rosmorport.com fonts.gstatic.com cdn.jsdelivr.net yandex.ru ymetrica1.com yandexmetrica.com google.com *.google.com google.ru *.google.ru  *.kaspersky-labs.com kaspersky-labs.com *.yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net google.com fonts.googleapis.com *.fonts.googleapis.com vk.com *.vk.com  youtube.com *.youtube.com *.youtube-nocookie.com youtube-nocookie.com bitrix.info rutube.ru *.rutube.ru 1tv.ru *.1tv.ru smotrim.ru *.smotrim.ru vgtrk.com *.vgtrk.com; img-src 'self' https: data:; form-action 'self'; object-src 'none'; report-uri https://www.rosmorport.ru/csp.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.svvsd.org *.twitter.com *.instagram.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.fontawesome.com *.polyfill.io *.google-analytics.com *.syndication.twimg.com *.newrelic.com *.nr-data.net *.curator.io *.google.com *.gstatic.com *.dialogflow.com *.pagespeed-mod.com unpkg.com *.list-manage.com stvrainnutrition.org *.isitesoftware.com *.calendly.com sibautomation.com *.sendinblue.com *.statuspage.io *.weglot.com *.clarity.ms *.sentry-cdn.com *.svvsdtemp.org 1
frame-ancestors 'self' https://enterprise.legion.work https://uat.enterprise.legion.work; object-src 'none'; script-src 'nonce-RAltFMi/+YvqpWW3Sn3mYy6+Fl8akaLP1Tskd1rEA04VVz9Wfy+pCAg53Oacg2XmWaPfZg4hzUnN/5akvIZ3FA==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'self' https://maps.googleapis.com https://code.jquery.com https://www.googleadservices.com https://js.hsforms.net https://www.google-analytics.com https://static.hotjar.com https://kit.fontawesome.com https://platform.linkedin.com https://apis.google.com https://connect.facebook.net https://maps.google.com https://ajax.googleapis.com https://platform.twitter.com https://*.onetrust.com https://cdnjs.cloudflare.com https://*.brighthorizons.com  https://cm.perf.brighthorizons.com https://snap.licdn.com https://www.googletagmanager.com https://polyfill.io/ https://api.ipify.org/ https://www.googleoptimize.com/ https://js-agent.newrelic.com/ https://*.cloudfront.net https://*.nr-data.net https://script.hotjar.com https://static.hotjar.io https://script.hotjar.io; base-uri 'none'; 1
default-src 'self' blob:; child-src blob:; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob: data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src *; 1
frame-ancestors 'self' *.comune.milano.it 1
default-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; script-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; font-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; img-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; child-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.image.sc/logs/ https://forum.image.sc/sidekiq/ https://forum.image.sc/mini-profiler-resources/ https://global.discourse-cdn.com/business4/assets/ https://forum.image.sc/extra-locales/ https://sea1.discourse-cdn.com/business4/highlight-js/ https://sea1.discourse-cdn.com/business4/javascripts/ https://sea1.discourse-cdn.com/business4/plugins/ https://sea1.discourse-cdn.com/business4/theme-javascripts/ https://sea1.discourse-cdn.com/business4/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://forum.image.sc/plugins/discourse-client-performance/javascripts/discourse-client-performance.js; worker-src 'self' https://global.discourse-cdn.com/business4/assets/ https://sea1.discourse-cdn.com/business4/javascripts/ https://sea1.discourse-cdn.com/business4/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
media-src media.example.com 1
font-src *.klarnacdn.net *.fontawesome.com *.gstatic.com 'self' data: *.swogo.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com https://connect.facebook.net/ *.cookiefirst.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ egoi.page *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.googletagmanager.com *.google.com *.facebook.com https://connect.facebook.net/ *.cookiefirst.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io egoimmerce.e-goi.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://connect.facebook.net/ https://www.facebook.com/ https://www.google.pt/ https://www.kuantokusta.pt/ https://ib.adnxs.com/ https://eu-assets.klarnaservices.com/ osm.klarnaservices.com/ *.cookiefirst.com *.swogo.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ e-goi.com cdn-te.e-goi.com egoi.site *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com https://www.gstatic.com/ https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.nr-data.net/ https://connect.facebook.net/ https://static.cloudflareinsights.com/ *.cloudflare.com *.egoiapp.com *.piwik.org https://acdn.adnxs.com/ stats.g.doubleclick.net tpc.googlesyndication.com *.cookiefirst.com *.swogo.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com egoiapp2.com *.klarnacdn.net *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://ampcid.google.com *.google.com/ *.nr-data.net/ https://edw-3.egoiapp.com/ *.facebook.com https://connect.facebook.net/ *.cookiefirst.com *.swogo.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' blob: https://*.zoom.us https://www.sandbox.paypal.com https://www.paypal.com; connect-src 'self' data: blob: wss://*.zoom.us https://*.zoom.us https://zoom.us; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://source.zoom.us https://zoom.us https://platform.twitter.com https://login.totara.community https://js.stripe.com https://polyfill.io https://www.paypal.com https://www.gstatic.com https://www.recaptcha.net https://cdn.jsdelivr.net https://f.vimeocdn.com https://www.youtube.com https://s.ytimg.com; worker-src 'self' blob: ; font-src 'self' data: https://source.zoom.us https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: blob: https://*.zoom.us https://www.iss.it https://syndication.twitter.com https://www.microsoft.com https://t.paypal.com https://libapps-eu.s3.amazonaws.com https://accounts.google.com https://www.google.com https://i.ytimg.com https://i.vimeocdn.com https://img.youtube.com; style-src 'self' 'unsafe-inline' https://*.zoom.us https://f.vimeocdn.com https://fonts.googleapis.com; child-src 'self' https://*.zoom.us https://videos.sproutvideo.com https://platform.twitter.com https://opendatadpc.maps.arcgis.com https://drive.google.com https://docs.google.com https://www.paypal.com https://www.sandbox.paypal.com https://js.stripe.com https://campaign.moodle.org https://enovation.ie https://www.google.com https://player.vimeo.com https://www.youtube.com; media-src 'self' data: blob: https://*.zoom.us https://www.youtube.com https://vod-progressive.akamaized.net https://player.vimeo.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.no https://www.myheritage.no  'nonce-178521f0b854c41d997fa48f4caf503b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
img-src *; frame-ancestors 'self' *.cayuse.com http://cayuse.lookbookhq.com https://cayuse.lookbookhq.com http://cayuse.pathfactory.com https://cayuse.pathfactory.com  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' z.moatads.com *.addthis.com *.addthisedge.com *.cloudflare.com *.cookieinformation.com *.googletagmanager.com *.google-analytics.com *.googleapis.com translate.google.com *.facebook.net *.twitter.com *.instagram.com *.twimg.com *.youtube.com *.vimeo.com; frame-ancestors 'self' admin.industriall-union.org; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com www.googletagmanager.com www.google-analytics.com https://delft1.expoints.nl *.monsido.com api.scribit.pro *.google-analytics.com; font-src 'self' data: *.googleusercontent.com https://delft1.expoints.nl https://cdn.expoints.nl; frame-src 'self' *.youtube.com https://delft1.expoints.nl https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com; img-src 'self' data: www.googletagmanager.com www.google-analytics.com https://www.toegankelijkheidsverklaring.nl https://delft1.expoints.nl https://tracking.monsido.com/; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com www.googletagmanager.com www.google-analytics.com https://delft1.expoints.nl 'sha256-MXSDaSk9iOVBAZomml6T0509TZG/Q/7rccFiG/GlaL4=' *.monsido.com 'sha256-zH2S2/S9JBe2/gqn8+AY4z+P3Gbx9cfCj4kN2FL+H2Q=' 'sha256-1P65VV5GaqQOzZspHLMrgG8wudpJ5Y4Apv/2GCuRhZU=' *.scribit.pro www.youtube.com 'nonce-T1dObE5UZzBZbVk0TW1GaFlXVTU='; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://delft1.expoints.nl; base-uri 'self'; frame-ancestors 'self' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.onestopenglish.com; 1
upgrade-insecure-requests; frame-ancestors 'self' data: *.niitmts.com *.niit.com 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.db.de; img-src 'self' data: st.iceportal.de; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; default-src 'self' deutschebahn.com *.db.de *.iceportal.de ws://localhost:*; frame-src 'self' https://studio-ecm-eu.apps.dbcs-madrid.comp.db.de https://*.bahn.de https://*.deutschebahn.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' deutschebahn.com assets.adobedtm.com 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ajax.aspnetcdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net;object-src 'self' data:;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com stats.g.doubleclick.net i.ytimg.com data:;frame-src 'self' www.youtube.com;font-src 'self' data:;connect-src 'self';form-action 'self' 1
frame-ancestors 'self' https://as.com https://argentina.as.com https://chile.as.com https://colombia.as.com https://en.as.com https://mexico.as.com https://peru.as.com https://us.as.com https://apuestas.as.com 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com https://www.vcs.co.za *.paygate.co.za https://pay.ozow.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.freshchat.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.s.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com https://*.gstatic.com *.facebook.com https://*.google.com *.google.com *.mobicredwidget.co.za https://www.okfurniture.co.za https://ozow-live-cdn.s3.eu-west-1.amazonaws.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com https://houseandhome.co.za *.cloudflare.com *.twitter.com *.google-analytics.com https://*.google.com *.twimg.com https://*.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.facebook.com *.cloudfront.net *.freshchat.com connect.facebook.net https://cdn.jsdelivr.net https://unpkg.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.getfirebug.com https://fonts.googleapis.com 'self' data: *.freshchat.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' data: *.cardinalcommerce.com *.graph.instagram.com https://graph.instagram.com *.google-analytics.com *.doubleclick.net *.mobicredwidget.co.za https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.addthis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src id.paytogate.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ravenation.club; img-src 'self' https: data: blob: https://ravenation.club; style-src 'self' https://ravenation.club 'nonce-fbu1tujZy3LrdGzjOiW3NA=='; media-src 'self' https: data: https://ravenation.club; frame-src 'self' https:; manifest-src 'self' https://ravenation.club; form-action 'self'; child-src 'self' blob: https://ravenation.club; worker-src 'self' blob: https://ravenation.club; connect-src 'self' data: blob: https://ravenation.club https://media.ravenation.club wss://ravenation.club; script-src 'self' https://ravenation.club 'wasm-unsafe-eval' 1
default-src 'self'; base-uri 'self'; connect-src 'self' www.googletagmanager.com www.google-analytics.com; script-src 'self' 'nonce-4110831568' https://www.googletagmanager.com www.google-analytics.com www.gstatic.com 'sha256-ph/b+3qF4spVwP9M6v4AATdkvP9zhZRneN2sMUakcv4=' 'unsafe-inline'; object-src 'none'; style-src 'self' www.gstatic.com cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: w3.org/svg/2000 *.sonichealthcare.com cms-liquidstate-cloud.s3.amazonaws.com www.googletagmanager.com www.google-analytics.com 1
upgrade-insecure-requests; default-src blob: data: 'self' 'unsafe-inline' *.cvs.com *.caremark.com:11091 *.cvshealth.com *.kampyle.com *.launchdarkly.com *.medallia.com *.foresee.com *.go-mpulse.net *.akstat.io *.monetate.net *.foreseeresults.com *.secure.checkout.visa.com *.google-analytics.com *.googletagservices.com *.px-cloud.net dev.virtualearth.net *.px-cdn.net *.pxchk.net *.braintreegateway.com *.paypal.com *.demdex.net *.criteo.com *.tiqcdn.com *.quantummetric.com *.braintree-api.com *.cloudflare.com *.criteo.net request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.visa.com *.groupbycloud.com *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com cdn.binaryfountain.com *.wistia.com *.wistia.net *.adobedtm.com *.adoberesources.net *.adobedc.net *.tt.omtrdc.net; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' *.cvs.com *.cvshealth.com *.go-mpulse.net *.kampyle.com *.medallia.com *.appdynamics.com *.googleapis.com *.braintreegateway.com *.googleadservices.com *.google-analytics.com *.googletagservices.com *.googletagmanager.com *.akstat.io *.monetate.net *.foresee.com *.foreseeresults.com code.jquery.com *.g.doubleclick.net *.virtualearth.net *.paypalobjects.com *.rlcdn.com *.secure.checkout.visa.com *.paypal.com *.mastercard.com *.discover.com *.aexp-static.com *.quantummetric.com *.demdex.net *.criteo.com *.tiqcdn.com *.akstat.io *.americanexpress.com cdn.polyfill.io *.cloudflare.com *.px-cloud.net www.hlserve.com cdn.groupbycloud.com *.criteo.net *.bluecore.com *.px-cdn.net *.pxchk.net *.aexp-static.com *.visa.com request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.appspot.com *.bing.com *.cvscaremark.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.brsrvr.com cdn.binaryfountain.com *.wistia.com *.discovercard.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.facebook.com *.facebook.net *.oracleinfinity.io *.appdynamics.com *.eum-appdynamics.com *.launchdarkly.com; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cvs.com *.cvshealth.com *.kampyle.com *.medallia.com *.caremark.com:11091 *.virtualearth.net *.launchdarkly.com *.groupbycloud.com request.eprotect.vantivcnp.com secondary.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.adobeaemcloud.com *.google-analytics.com *.bluecore.com *.foreseeresults.com *.4seeresults.com *.quantummetric.com *.px-cloud.net *.px-cdn.net *.pxchk.net *.criteo.net *.secure.checkout.visa.com *.akstat.io *.go-mpulse.net *.paypal.com *.foresee.com *.mastercard.com *.braintreegateway.com *.visa.com *.braintree-api.com *.rlcdn.com *.go-mpulse.net *.criteo.com *.akamaihd.net *.demdex.net *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.wistia.com *.googleapis.com *.discover.com *.discovercard.com *.adobedtm.com *.adoberesources.net *.adobedc.net *.eum-appdynamics.com *.tt.omtrdc.net *.launchdarkly.com; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kampyle.com *.medallia.com *.appdynamics.com request.eprotect.vantivcnp.com request.eprotect.vantivprelive.com *.secure.checkout.visa.com *.braintreegateway.com *.criteo.com *.paypal.com cj.dotomi.com *.mastercard.com di.rlcdn.com www.emjcd.com *.americanexpress.com *.visa.com cvs.demdex.net cdn.cpnscdn.com *.fls.doubleclick.net *.g.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.flippback.com *.flipp.com *.wishabi.ca *.google.com *.gstatic.com *.youtube.com youtube.com *.wistia.com *.discover.com *.discovercard.com *.launchdarkly.com *.quantummetric.com; img-src blob: data: 'self' data: *.cvs.com *.kampyle.com *.medallia.com cm.everesttech.net *.cvshealth.com *.akstat.io *.visa.com *.rlcdn.com *.secure.checkout.visa.com *.hlserve.com *.foreseeresults.com *.4see.mobi *.foresee.com www.google.com *.demdex.net *.monetate.net *.criteo.com *.criteo.net *.paypal.com *.bluecore.com *.virtualearth.net *.doubleclick.net *.bing.com cdn.cpnscdn.com *.fls.doubleclick.net *.wishabi.com *.flippenterprise.net fonts.gstatic.com *.googleapis.com *.googleadservices.com *.flippback.com *.flipp.com *.wishabi.ca *.gstatic.com *.ctfassets.net *.scene7.com *.clip.pdn.coupons.com *.origin-cdn.pdn.coupons.com *.brsrvr.com *.wistia.com *.discovercard.com *.facebook.com *.facebook.net *.oracleinfinity.io *.eum-appdynamics.com *.launchdarkly.com; object-src thm.visa.com 1
default-src dock.ui.bosch.tech  *.hotjar.io *.hotjar.com wss://*.hotjar.com 'self'  script.hotjar.com vc.hotjar.io in.hotjar.com *.yandex.com *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' *.hotjar.com *.yandex.ru *.comagic.ru fonts.gstatic.com data:; object-src data: 'self'  *.yandex.ru *.comagic.ru ; img-src 'self' *.buderus.com buderus.com *.azurewebsites.net http: bott-tc.nautilus bott-fs.nautilus https: *.azurewebsites.net bott-tc.nautilus bott-fs.nautilus blob: data: https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yandex.ru *.comagic.ru cdn.datatables.net fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; script-src dock.ui.bosch.tech  https: 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.comagic.ru https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com https://optimize.google.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net; connect-src http: https: wss://ws.hotjar.com wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
default-src 'self';style-src 'self' 'unsafe-inline' https://www.qliro.com https://translate.googleapis.com https://*.niceincontact.com;script-src 'self' 'unsafe-inline' https://*.qliro.com https://*.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://static.zdassets.com https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-eval' https://translate.googleapis.com https://serve.albacross.com https://snap.licdn.com https://secure.agile-company-365.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://sc.lfeeder.com https://js-eu1.hsforms.net https://*.niceincontact.com https://connect.facebook.net;img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bam.nr-data.net https://bam.eu01.nr-data.net https://www.gstatic.com https://translate.google.com https://v2assets.zopim.io https://assets.qliro.com https://cdn.cookielaw.org https://*.albacross.com https://px.ads.linkedin.com https://secure.data-insight365.com https://app.quartr.com https://*.hsforms.com https://track-eu1.hubspot.com https://www.linkedin.com https://tr.lfeeder.com https://*.niceincontact.com https://unpkg.com https://af-de-platform-avatars.s3.eu-central-1.amazonaws.com https://www.facebook.com;font-src 'self' data: https://*.niceincontact.com;frame-src https://vars.hotjar.com https://app.quartr.com https://*.hsforms.com;connect-src 'self' https://consumer-api.qliro.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://cookies-data.onetrust.io https://geolocation.onetrust.com https://idx.liadm.com forms-eu1.hscollectedforms.net https://cdn.linkedin.oribi.io  https://new-collect.albacross.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.niceincontact.com wss://*.niceincontact.com https://*.niceincontact.com;media-src https://*.niceincontact.com https://q-com-media.s3.eu-north-1.amazonaws.com; 1
default-src https: 'unsafe-inline'; object-src 'none'; media-src https: data: blob:; font-src https: data:; img-src https: data:; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.psychic-readings-for-free.com; 1
frame-ancestors 'self' https://*.bridgeclimb.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://c.lytics.io https://api.ipify.org https://cdn.segment.com https://z.moatads.com https://s3.us-west-2.amazonaws.com https://ss.click2cart.com https://click2cart.com api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://s3-us-west-2.amazonaws.com https://cdn.pricespider.com https://c.lytics.io https://maxcdn.bootstrapcdn.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://ad.doubleclick.net https://d.agkn.com https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://www.google.com https://s.amazon-adsystem.com https://click2cart.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://c.lytics.io i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com https://click2cart.com https://click2cart.co https://www.youtube-nocookie.com www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; frame-ancestors https://app.contentful.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self' https://designsystem.advisor360.com https://*.force.com https://*.salesforce.com; 1
default-src 'self' blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.diageoai.com *.amplifyapp.com *.vimeo.com *.seedlipdrinks.com *.treasuredata.com *.channeladvisor.com *.fbot.me *.eum-appdynamics.com *.appdynamics.com *.quantummetric.com *.klaviyo.com *.facebook.com *.facebook.net *.clarity.ms *.bing.com *.pinimg.com *.adsrvr.org *.jquery.com *.yotpo.com *.cloudflare.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.gstatic.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.onetrust.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.shopifycdn.com *.klaviyo.com *.yotpo.com *.fonts.net *.typekit.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.google.com https://api *.fbot.me *.quantummetric.com *.myshopify.com *.onetrust.com *.eum-appdynamics.com *.appdynamics.com *.klaviyo.com *.clarity.ms *.bing.com *.pinterest.com *.thebar.com *.diageoplatform.com *.yotpo.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.analytics.google.com *.shortlyst.com *.juicer.io ws: wss: gap://ready ; font-src 'self' *.typekit.net *.fonts.com *.cloudflare.com *.gstatic.com *.yotpo.com *.fontawesome.com *.bootstrapcdn.com data: blob:; frame-src 'self' *.faire.com *.vimeo.com *.facebook.com *.facebook.net *.pinterest.com *.google.com *.shortlyst.com *.thebar.com *.threedium.co.uk https://*.interactnow.tv *.adsrvr.org *.youtube.com *.anyroad.com where-to-buy.co *.doubleclick.net; img-src 'self' *.google.co.uk *.diageoai.com *.diageohorizon.com *.amplifyapp.com *.vimeocdn.com *.eum-appdynamics.com *.ytimg.com *.youtube.com *.seedlipdrinks.com *.shopify.com *.salsify.com *.thoriumd.com *.bing.com *.facebook.com *.clarity.ms *.pinterest.com *.yotpo.com *.thebar.com *.diageoplatform.com *.onetrust.com *.doubleclick.net *.juicer.io *.mapbox.com *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.seedlipdrinks.com *.thebar.com *.thoriumd.com *.diageoplatform.com; worker-src blob:; frame-ancestors 'self' *.shop-au-seedlip.com *.shopalyst.com *.diageoplatform.com *.shortlyst.com *.thoriumd.com *.thebar.com https://*.interactnow.tv; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; 1
base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: about: d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net ajax.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.googletagmanager.com *.google-analytics.com snap.licdn.com *.ads-twitter.com *.youtube.com *.facebook.net *.facebook.com *.doubleclick.net *.clarity.ms load.sumo.com load.sumome.com ws.zoominfo.com *.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com forms.hubspot.com *.influ2.com *.smartlook.com sc.lfeeder.com; style-src 'self' 'unsafe-inline' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com www.gstatic.com; img-src data: https:; object-src 'none'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; frame-ancestors 'self'; default-src blob: 'self' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net *.doubleclick.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.smartlook.cloud *.googlesyndication.com *.influ2.com www.google-analytics.com analytics.google.com *.hscollectedforms.net *.clarity.ms www.youtube.com www.google.com sumo.com sumome.com *.oribi.io *.zoominfo.com yoast.com *.linkedin.com 1
default-src 'self' https:; base-uri 'self'; img-src data: https:; font-src data: https:; media-src 'self' data: https: youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com embed.tawk.to app.usercentrics.eu privacy-proxy.usercentrics.eu; script-src-elem 'self' 'unsafe-inline' https:; connect-src 'self' https: wss:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; child-src 'self' https: *; worker-src blob:; frame-src 'self' https: * 1
frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: interactive-img.com/js/include.js *.datatables.net yoast.com stylemixthemes.com *.bootstrapcdn.com *.chilipiper.com *.na.chilipiper.com *.storylane.io *.clearbitscripts.com *.clearbitjs.com *.clarity.ms *.googleoptimize.com *.mouseflow.com *.lfeeder.com *.addtoany.com *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net *.hsforms.net *.js-hsforms.net *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.hotjar.io *.bing.com *.microsoft.com *.clarity.ms *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com *.redditstatic.com *.getkoala.com *.cookieyes.com *.cdn-cookieyes.com; object-src 'self'; frame-src 'self'  *.storylane.io *.chilipiper.com *.na.chilipiper.com *.mouseflow.com *.lfeeder.com *.addtoany.com *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.hotjar.io *.hsforms.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.facebook.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' *.hsforms.com *.twitter.com *.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;; default-src https://login.supplieroasis.com https://*.oktacdn.com; frame-src https://login.supplieroasis.com https://*.oktacdn.com; img-src https://login.supplieroasis.com https://*.oktacdn.com 1
frame-ancestors 'none'; base-uri 'self'; script-src 'nonce-CqUh8mZjs2boP2RP+ANZhg==' 'strict-dynamic' 'unsafe-eval' https://*.stripe.com https://*.awswaf.com https://*.googleapis.com https://*.google.com https://*.appsflyer.com https://tr.snapchat.com https://sc-static.net https://analytics.tiktok.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://s.pinimg.com https://appleid.cdn-apple.com https://*.apple-mapkit.com https://d2a201lx7fs8og.cloudfront.net https://*.awswaf.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com self; style-src 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://tise-static.telenorcdn.net https://d2a201lx7fs8og.cloudfront.net https://cdnjs.cloudflare.com https://*.intercomcdn.com; frame-src https://editorials.tise.com https://*.stripe.com https://www.google.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com *.google.com https://intercom-sheets.com https://www.intercom-reporting.com  https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src blob: 1
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com 1
default-src 'self'; script-src 'self' 'nonce-aeaYXeN54AkGNAaJ' 'nonce-CQCua5a3B2n8dDSn' 'sha256-Mtcw4Nq0wKdsr8EBgC/HOn1R/qHNWA2rAopQI7XTvKE=' 'unsafe-eval' https://analytics.clickdimensions.com https://www.googletagmanager.com https://maps.googleapis.com https://apis.google.com https://connect.facebook.net https://www.youtube.com https://static.doubleclick.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://apis.google.com https://s33.socialannex.com https://cdn.bc0a.com https://cdn.socialannex.com https://maxcdn.bootstrapcdn.com https://c1.socialannex.com https://pixel.dealtale.com https://znbavxboa6svncnp0-firstkeyhomes.siteintercept.qualtrics.com https://towntag.co https://siteintercept.qualtrics.com https://accounts.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://tag.simpli.fi https://i.simpli.fi; style-src 'self' 'unsafe-inline' https://www.youtube.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s33.socialannex.com https://test.socialannex.com https://s15.socialannex.com https://cdn.socialannex.com https://s22.socialannex.com https://accounts.google.com; img-src 'self' data: https://d5vj4lk1we9ln.cloudfront.net https://d3udfg0qwoce05.cloudfront.net https://www.youtube.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.socialannex.com https://yt3.ggpht.com https://i.ytimg.com https://www.googletagmanager.com https://www.google.com https://siteintercept.qualtrics.com https://ttag.io https://di.rlcdn.com https://d.agkn.com https://www.google.com.pk https://image.paylode.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com.pk https://um.simpli.fi https://fei.pro-market.net https://www.googleadservices.com https://cm.g.doubleclick.net https://pixel.tapad.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.1rx.io https://s.ad.smaato.net https://eb2.3lift.com https://sync.intentiq.com https://loadm.exelator.com https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://idsync.rlcdn.com https://ib.adnxs.com https://us-u.openx.net https://pixel.rubiconproject.com https://match.sharethrough.com https://pippio.com; media-src 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdngeneralcf.rentcafe.com https://cdngeneral.rentcafe.com https://cdn.socialannex.com; child-src 'self'; form-action 'self' https://firstkeyhomes.qualtrics.com https://connect.facebook.net; frame-src 'self' https://www.youtube.com https://accounts.google.com https://s15.socialannex.net https://s22.socialannex.com https://firstkeyhomes.qualtrics.com https://consentcdn.cookiebot.com https://td.doubleclick.net; frame-ancestors 'self' https://connect.facebook.net; base-uri 'self'; navigate-to 'self'; manifest-src 'self'; connect-src 'self' wss://jit.firstkeyhomes.com https://maps.googleapis.com https://jit.firstkeyhomes.com https://*.facebook.com https://googleads.g.doubleclick.net https://www.youtube.com https://rr4---sn-bxggtpo4v23-3ipl.googlevideo.com https://t.rentcafe.com https://maps.googleapis.com https://www.google-analytics.com https://*.bc0a.com https://s33.socialannex.com https://api.brightedge.com https://*.b0e8.com https://s15.socialannex.com https://scraper.socialannex.com https://c1.socialannex.com https://stats.g.doubleclick.net https://siteintercept.qualtrics.com https://app.dealtale.com https://consentcdn.cookiebot.com https://pixel.dealtale.com https://www.googletagmanager.com https://analytics.google.com https://pagead2.googlesyndication.com; object-src 'none'; 1
base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.qq.com/ https://turing.captcha.qcloud.com https://*.geetest.com https://*.zuora.com/apps/PublicHostedPageLite.do https://jihulab.com/admin/ https://jihulab.com/assets/ https://jihulab.com/-/speedscope/index.html https://jihulab.com/-/sandbox/ https://customers.jihulab.com/ https://jihulab.com/assets/ blob: data:; connect-src 'self' https://jihulab.com wss://jihulab.com https://sentry.gitlab.net https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com/ https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src 'self' https://www.recaptcha.net/ https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com https://*.captcha.qcloud.com https://*.captcha.gtimg.com; img-src * data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net/ https://*.qq.com/ https://cdn-go.cn/aegis/aegis-sdk/ https://*.captcha.qcloud.com https://*.captcha.gtimg.com https://*.google-analytics.com https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com https://cdn.bizible.com/scripts/bizible.js *.googletagmanager.com 'nonce-9tB1Kuwys/kxh/uTsHbP9Q=='; style-src 'self' 'unsafe-inline'; worker-src https://jihulab.com blob: data: 1
frame-ancestors 'self' https://my.accessportals.com https://my2.accessportals.com  ;     default-src 'self' mailto: tel: data: blob: *.accessportals.com *.windows.net         https://cdn.cookielaw.org https://geolocation.onetrust.com         https://www.google-analytics.com https://www.googletagmanager.com         https://fonts.googleapis.com https://fonts.gstatic.com         https://*.plaid.com https://*.eaccountservices.com https://*.onetrust.com/         https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.accessportals.com         https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com/         https://www.google-analytics.com https://www.googletagmanager.com         https://optanon.blob.core.windows.net https://*.plaid.com https://cdn.appdynamics.com;     style-src 'self' 'unsafe-inline' https://*.accessportals.com https://optanon.blob.core.windows.net         https://*.onetrust.com/ https://fonts.googleapis.com;     img-src 'self' data: https:; 1
img-src 'self' blob: https://*;               worker-src 'self' https://connect.facebook.net https://snap.licdn.com;               child-src 'none';               object-src 'none';                frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.cookieinformation.com 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://mvp.professional.works 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' qaltd.outgrow.us dyv6f9ner1ir9.cloudfront.net *.6sc.co *.6sense.com *.quantcount.com *.quantserve.com google.com www.google.com *.oribi.io pixel.mathtag.com secure.adnxs.com *.techtarget.com s.ml-attr.com attr.ml-api.io analytics.tiktok.com js.usemessages.com qaapprenticeships.com cgtforms.com fonts.gstatic.com fonts.googleapis.com s3-eu-west-1.amazonaws.com *.leadforensics.com webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net ldynamicspublicapi.leadforensics.com *.postcodeanywhere.co.uk secure.cold5road.com  *.vzaar.com *.hsleadflows.net *.brightedge.com *.b0e8.com *.b038.com *.bc0a.com *.feefo.com *.soundcloud.com  *.hotjar.com *.google-analytics.com *.googleadservices.com *.vimeo.com vimeo.com *.hubapi.com *.google.co.uk *.doubleclick.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.cookiebot.com *.hotjar.com *.hotjar.io *.pcapredict.com cdn.jsdelivr.net *.hsforms.net *.hsforms.com static.hotjar.com *.google-analytics.com *.wowanalytics.com *.wowanalytics.co.uk *.bing.com *.infinity-tracking.net *.facebook.com *.facebook.net *.twitter.com *.licdn.com *.mailanyone.net *.googleapis.com fonts.gstatic.com *.googlesyndication.com *.google-analytics.com *.algolianet.com *.algolia.net *.youtube.com *.qa-stg.com *.qa.com *.google.com *.ads-twitter.com *.gstatic.com t.co *.gatorleads.co.uk *.hubspot.com *.googletagmanager.com *.linkedin.com *.thinkology.co.uk *.twitter.com data: wss: edge.fullstory.com rs.fullstory.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com *.tiktok.com sc-static.net *.sc-static.net *.licdn.com *.facebook.net *.snapchat.com https://analytics.tiktok.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://journeyplanner.transportforireland.ie https://maps.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com *.linkedin.oribi.io *.tiktok.com *.linkedin.oribi.io *.tiktok.com *.snapchat.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://journeyplanner-production.transportforireland.ie https://wavregisterprod.nationaltransport.ie https://wavregisterpreprod.nationaltransport.ie https://complimentscomplaintsprod.nationaltransport.ie https://complimentscomplaintspreprod.nationaltransport.ie https://publicregisterprod.nationaltransport.ie https://publicregisterpreprod.nationaltransport.ie https://publicregister.nationaltransport.ie https://wavregister.nationaltransport.ie https://complimentscomplaints.nationaltransport.ie https://journeyplanner.transportforireland.ie https://www.google.com https://www.journeyplanner.transportforireland.ie https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com *.snapchat.com; img-src 'self' data: https://ps.w.org https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://www.google-analytics.com *.linkedin.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors *.kameleoon.eu *.kameleoon.com 90.103.58.111 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.googletagmanager.com googleads.g.doubleclick.net js.adsrvr.org https://collector-29429.us.tvsquared.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.google.com https://collector-29429.us.tvsquared.com/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com insight.adsrvr.org; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com; 1
style-src 'self' 'unsafe-inline' *.eth-services.de; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-6dd6110439dc9573b0d325a479234fff'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.metrolisboa.pt/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.admissionfp.com *.cloudflare.com *.moneris.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' *.admissionfp.com *.cloudflare.com *.moneris.com; img-src 'self' www.inforoutefpt.org *.moneris.com *.youtube.com *.googleapis.com; frame-src 'self' *.admissionfp.com *.moneris.com *.youtube.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://s3.amazonaws.com/files.etagdigital.com.br/418742EC-8C93-457D-94F1-618874809B56.js https://s.pinimg.com/ https://script.hotjar.com/modules.14b820ab47d618317075.js https://script.hotjar.com https://www.google-analytics.com/analytics.js https://s.pinimg.com/ct/lib/main.85b84545.js https://static.hotjar.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com sha256 https://lett.2buycdn.com/embed/v1/plugin.js https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://static.ads-twitter.com/uwt.js https://s.pinimg.com/ct/core.js https://script.crazyegg.com https://www.dwin1.com/58251.js https://analytics.tiktok.com https://connect.facebook.net https://s1.kwai.net/kos/s101/nlav11187/pixel/events.js https://analytics.tiktok.com/i18n/pixel/events.js https://hit.clickhit.com.br https://s.pinimg.com/ct/lib/main.04e94784.js https://s1.kwai.net https://www.googleoptimize.com/optimize.js https://das.clickhit.com.br https://www.googleoptimize.com https://seara2.adttemp.com.br/wp-content/themes/seara/library/js/libs/scripts.min.js https://seara2.adttemp.com.br/wp-content/plugins/wp-compress-image-optimizer/assets/js/dist/optimizer.local.pixel.min.js; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://hit.clickhit.com.br/app/js/api.min.css; object-src 'self' https://www.googletagmanager.com  https://s1.kwai.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://api.mythad.com;  frame-src 'self' https://embed.2b.uy https://www.youtube.com https://ct.pinterest.com  https://www.facebook.com/ https://5780050.fls.doubleclick.net; img-src 'self' https://cdn.cookielaw.org/logos/static/ot_company_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://cdn.cookielaw.org/logos/static/ot_persistent_cookie.png https://ad.doubleclick.net https://www.google-analytics.com https://secure.insightexpressai.com https://pubads.g.doubleclick.net https://googleads.g.doubleclick.net  https://api.mythad.com https://t.co https://analytics.twitter.com https://ct.pinterest.com https://www.google.com https://www.google.com.br https://www.facebook.com data: ; manifest-src 'self'; media-src 'self';  worker-src 'self'; default-src 'self' https://metrics.hotjar.io https://content.hotjar.io/ wss://ws.hotjar.com/api/v2/client/ws ws.hotjar.com/api https://analytics.pangle-ads.com https://stats.g.doubleclick.net/j/collect https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/g/collect  https://api.mythad.com https://script.crazyegg.com https://ct.pinterest.com https://cdn.cookielaw.org https://logsdk.kwai-pro.com https://analytics.tiktok.com https://das.clickhit.com.br 1
default-src 'self' https:; img-src * 'self' data: https:; frame-ancestors 'self'; frame-src youtube.com https://www.youtube.com; form-action https://*.techgearlab.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' cdn.wcc.sieh-an.de https://cdn.wcc.sieh-an.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.sieh-an.de fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net http://dq4irj27fs462.cloudfront.net;    img-src * data:;    connect-src 'self' https://cdn.wcc.sieh-an.de/graphql cdn.wcc.sieh-an.de cdn.witt.info/ images.ctfassets.net te.sieh-an.de tp.sieh-an.de wasp.sieh-an.de wst.sieh-an.de *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.sieh-an.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com;    style-src 'self' cdn.wcc.sieh-an.de www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.sieh-an.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.sieh-an.de *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.sieh-an.de cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.sieh-an.de;    worker-src 'self' cdn.wcc.sieh-an.de blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src 'self' https://cdn.evergage.com 'unsafe-inline'; connect-src 'self' https://adservice.google.com https://privacyportal-de.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://api.locationbank.net https://maps.googleapis.com https://locationbank.net https://cdn.linkedin.oribi.io https://tbpqep1a https://dpm.demdex.net https://accstandardbank.d1.sc.omtrdc.net libertygroup.germany-2.evergage.com oc-cdn-public-eur.azureedge.net pagead2.googlesyndication.com  stats.g.doubleclick.net www.google-analytics.com; font-src 'self' data: https://locationbank.net https://libertygroup.germany-2.evergage.com fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://standardbank.demdex.net mailto: tel: https://mc5jck0ynj774byftrdg9h9wf4p8.pub.sfmc-content.com https://liberty.everlyticdev.net/ https://10358911.fls.doubleclick.net dev-web.short-term-wip.liberty.co.za googleads.g.doubleclick.net insight.adsrvr.org lpcdn.lpsnmedia.net match.adsrvr.org optimize.google.com oc-cdn-public-eur.azureedge.net server.lon.liveperson.net short-term.liberty.co.za stg-web.short-term-wip.liberty.co.za tpc.googlesyndication.com www.facebook.com www.google.com www.youtube.com; img-src 'self' https://www.linkedin.com https://px.ads.linkedin.com https://cdn.evergage.com https://cdn.cookielaw.org https://storage.googleapis.com https://analytics.twitter.com/ https://accstandardbank.d1.sc.omtrdc.net data: apps.liberty.co.za cm.g.doubleclick.net dsum-sec.casalemedia.com googleads.g.doubleclick.net ib.adnxs.com insight.adsrvr.org lpcdn.lpsnmedia.net maps.googleapis.com maps.gstatic.com match.adsrvr.org optimize.google.com p.adsymptotic.com pagead2.googlesyndication.com simage2.pubmatic.com stats.g.doubleclick.net t.co www.facebook.com www.google.co.za www.google.com www.google-analytics.com www.googletagmanager.com www.liberty.co.za x.bidswitch.net https://cm.everesttech.net https://dpm.demdex.net https://i.ytimg.com/ 'unsafe-inline'; media-src 'self' https://cdn.evergage.com lpcdn.lpsnmedia.net; script-src 'self' https://px.ads.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://libertygroup.germany-2.evergage.com https://cdn.evergage.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://developers.google.com https://ajax.googleapis.com https://locationbank.net https://assets.adobedtm.com https://static.cloudflareinsights.com cdn.evgnet.com accdn.lpsnmedia.net adservice.google.co.za adservice.google.com analytics.twitter.com apps.liberty.co.za js.adsrvr.org lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net maps.googleapis.com optimize.google.com oc-cdn-public-eur.azureedge.net pagead2.googlesyndication.com snap.licdn.com stats.g.doubleclick.net tpc.googlesyndication.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com www.googletagservices.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://libertygroup.germany-2.evergage.com https://cdn.evergage.com https://cdnjs.cloudflare.com https://locationbank.net fonts.googleapis.com oc-cdn-public-eur.azureedge.net optimize.google.com 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors 'self' matomo.empreintedigitale.fr 1
frame-ancestors 'self' https://travelpoop.com https://webrezpro.com https://webrez.com https://dev.webrez.com https://secure.webrez.com https://worldweb.com https://webrezpro.com/status; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://*.netbet.com https://*.netbet.ca https://*.netbet.com.mx https://*.netbet.co.uk https://*.netbet.ie https://*.netbet.de https://*.netbet.ro https://*.netbet.gr https://*.netbet.fi https://*.netbet.ng https://*.netbet.net 1
script-src-elem 'self' https://connect.facebook.net/ https://www.googletagmanager.com https://cdn.matomo.cloud https://*.adroll.com https://ssl.geoplugin.net https://*.youtube.com https://js.hsforms.net/forms/v2.jss 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://forms.hsforms.com 'unsafe-inline'; connect-src 'self' https://*.adroll.com https://*.onetrust.com https://cdn.cookielaw.org https://forms.hsforms.com 'unsafe-inline'; connect-src 'self' https://*.adroll.com https://*.onetrust.com https://cdn.cookielaw.org https://forms.hsforms.com https://*google-analytics.com 'unsafe-inline'; 1
default-src 'self' blob: data: 'unsafe-inline' calcuttahighcourt.nic.in calcuttahighcourt.gov.in www.calcuttahighcourt.gov.in docs.google.com ; frame-ancestors 'self' https://calcuttahighcourt.gov.in https://www.calcuttahighcourt.gov.in; 1
default-src 'self' googleads.g.doubleclick.net; connect-src 'self' fast.wistia.net *.hotjar.com *.hotjar.io px.ads.linkedin.com cdn.cookielaw.org fast.wistia.com pipedream.wistia.com embedwistia-a.akamaihd.net content.hotjar.io wss://ws43.hotjar.com wss://ws43.hotjar.io embed-fastly.wistia.com distillery.wistia.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net privacyportal.onetrust.com cdn.linkedin.oribi.io vc.hotjar.io wss://*.hotjar.com wss://*.hotjar.io geolocation.onetrust.com cdn.acsbapp.com wss://ws35.hotjar.com wss://ws35.hotjar.io analytics.google.com ws.zoominfo.com www.google.co.uk *.analytics.google.com www.google.ca www.google.com.co ws13.hotjar.com ws13.hotjar.io login.microsoftonline.com graph.microsoft.com twodegrees1.sharepoint.com www.google.com.mx www.google.com.br www.google.com.au www.google.co.jp www.google.co.in embed-ssl.wistia.com www.google.ie www.google.com.sa www.google.com.pk www.google.es www.google.com.cy www.google.de www.google.be app.wistia.com www.google.co.nz www.google.fr www.google.ae www.google.com.ng www.google.com.sg www.google.com.ph embed-cloudfront.wistia.com *.googletagmanager.com dpm.demdex.net *.g.doubleclick.net *.google.com pagead2.googlesyndication.com slalom.tt.omtrdc.net smetrics.slalom.com prev.slalom.com adobedc.demdex.net fg8vvsvnieiv3ej16jby.litix.io; font-src 'self' data: fast.wistia.com script.hotjar.com fonts.gstatic.com themes.googleusercontent.com at.alicdn.com github.com www.slant.co www.slalom.com; frame-src 'self' www.google.com go.slalom.com view.ceros.com static.hotjar.com vars.hotjar.com vars.hotjar.io www.facebook.com www.youtube.com pixel.sitescout.com td.doubleclick.net tpc.googlesyndication.com login.microsoftonline.com www.podbean.com *.fls.doubleclick.net mozbar.moz.com fast.wistia.net vimeo.com www.slalom.com big.g.doubleclick.net slalom.demdex.net; img-src 'self' s7d9.scene7.com embed-ssl.wistia.com fast.wistia.com data: cdn.cookielaw.org *.google-analytics.com www.facebook.com *.linkedin.com *.googletagmanager.com googleads.g.doubleclick.net *.google.com img.youtube.com s.ml-attr.com pixel.sitescout.com secure.adnxs.com attr.ml-api.io www.google.co.uk *.doubleclick.net px.ads.linkedin.com www.google.ca www.google.com.ng www.google.com.pk twodegrees1.sharepoint.com login.microsoftonline.com www.google.com.au www.google.com.br www.google.co.jp www.google.ie www.google.co.in embed-fastly.wistia.com embedwistia-a.akamaihd.net www.google.mu www.gstatic.com www.google.de www.google.it www.google.dk www.google.com.tr www.google.co.ke www.google.com.co www.google.com.qa www.google.es www.google.com.cy www.google.ae www.google.fr www.google.co.il www.google.com.ec www.google.com.mx www.google.ee www.google.be translate.google.com www.google.com.sg www.google.co.za www.google.ch www.google.com.ph www.slalom.com www.google.co.nz i.vimeocdn.com slalomdotcomdev.112.2o7.net ssl.gstatic.com *.analytics.google.com *.g.doubleclick.net www.google.com www.google.nl dev.day.com cm.everesttech.net dpm.demdex.net prev.slalom.com; media-src 'self' blob: data: embedwistia-a.akamaihd.net embed-fastly.wistia.com embed-ssl.wistia.com ade.googlesyndication.com fast.wistia.com embed-cloudfront.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com static.cloudflareinsights.com cdn.cookielaw.org *.googletagmanager.com www.googleoptimize.com www.google-analytics.com static.hotjar.com googleads.g.doubleclick.net snap.licdn.com connect.facebook.net ws.zoominfo.com up.pixel.ad script.hotjar.com www.google.com www.google.kz embedwistia-a.akamaihd.net embed-fastly.wistia.com labs.ceros.com assets.adobedtm.com pi.pardot.com tagmanager.google.com www.googleadservices.com fast.wistia.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' unpkg.com www.gstatic.com activitymap.adobe.com cdn.cookielaw.org www.googletagmanager.com static.hotjar.com www.google-analytics.com pi.pardot.com *.googlesyndication.com connect.facebook.net script.hotjar.com snap.licdn.com view.ceros.com www.googleadservices.com googleads.g.doubleclick.net js-agent.newrelic.com acsbapp.com bam.nr-data.net static.cloudflareinsights.com up.pixel.ad www.googleoptimize.com ws.zoominfo.com fast.wistia.com app.wistia.com ssl.google-analytics.com go.slalom.com www.google.com player.invintus.com gc.kis.v2.scr.kaspersky-labs.com fast.wistia.net me.kis.v2.scr.kaspersky-labs.com labs.ceros.com sdk.ceros.com ajax.cloudflare.com assets.adobedtm.com prod.slalom.com.seg.js; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' data: www.googletagmanager.com fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'self' www.slalom.com; report-uri https://www.slalom.com/report-uri/enforce; upgrade-insecure-requests 1
frame-ancestors *.herostart.com; 1
base-uri 'self' https://*.cookiebot.com https://www.cookiebot.com https://*.ddev.site https://*.olympiapark.de https://olympiapark.de https://*.f61jfz9rjc.ol1.28011.c.bnerd.io https://f61jfz9rjc.ol1.28011.c.bnerd.io https://*.storage.muc1.de.bnerd.com https://storage.muc1.de.bnerd.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://youtube.com https://*.youtube.com https://webtv.feratel.com https://*.openstreetmap.org https://*.tile.osm.org https://youtu.be https://*.soundcloud.com https://soundcloud.com https://*.vimeo.com https://vimeo.com https://vimeocdn.com https://*.vimeocdn.com; font-src 'self' https://*.cookiebot.com https://www.cookiebot.com https://*.ddev.site https://*.olympiapark.de https://olympiapark.de https://*.f61jfz9rjc.ol1.28011.c.bnerd.io https://f61jfz9rjc.ol1.28011.c.bnerd.io https://*.storage.muc1.de.bnerd.com https://storage.muc1.de.bnerd.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://youtube.com https://*.youtube.com https://webtv.feratel.com https://*.openstreetmap.org https://*.tile.osm.org https://youtu.be https://*.soundcloud.com https://soundcloud.com https://*.vimeo.com https://vimeo.com https://vimeocdn.com https://*.vimeocdn.com; form-action 'self' https://*.cookiebot.com https://www.cookiebot.com https://*.ddev.site https://*.olympiapark.de https://olympiapark.de https://*.f61jfz9rjc.ol1.28011.c.bnerd.io https://f61jfz9rjc.ol1.28011.c.bnerd.io https://*.storage.muc1.de.bnerd.com https://storage.muc1.de.bnerd.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://youtube.com https://*.youtube.com https://webtv.feratel.com https://*.openstreetmap.org https://*.tile.osm.org https://youtu.be https://*.soundcloud.com https://soundcloud.com https://*.vimeo.com https://vimeo.com https://vimeocdn.com https://*.vimeocdn.com; frame-ancestors 'self' https://*.cookiebot.com https://www.cookiebot.com https://*.ddev.site https://*.olympiapark.de https://olympiapark.de https://*.f61jfz9rjc.ol1.28011.c.bnerd.io https://f61jfz9rjc.ol1.28011.c.bnerd.io https://*.storage.muc1.de.bnerd.com https://storage.muc1.de.bnerd.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://youtube.com https://*.youtube.com https://webtv.feratel.com https://*.openstreetmap.org https://*.tile.osm.org https://youtu.be https://*.soundcloud.com https://soundcloud.com https://*.vimeo.com https://vimeo.com https://vimeocdn.com https://*.vimeocdn.com; img-src 'self' data: https://*.cookiebot.com https://www.cookiebot.com https://*.ddev.site https://*.olympiapark.de https://olympiapark.de https://*.f61jfz9rjc.ol1.28011.c.bnerd.io https://f61jfz9rjc.ol1.28011.c.bnerd.io https://*.storage.muc1.de.bnerd.com https://storage.muc1.de.bnerd.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://youtube.com https://*.youtube.com https://webtv.feratel.com https://*.openstreetmap.org https://*.tile.osm.org https://youtu.be https://*.soundcloud.com https://soundcloud.com https://*.vimeo.com https://vimeo.com https://vimeocdn.com https://*.vimeocdn.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.weightgaming.com/logs/ https://forum.weightgaming.com/sidekiq/ https://forum.weightgaming.com/mini-profiler-resources/ https://d1au4vljv71t01.cloudfront.net/forum/assets/ https://forum.weightgaming.com/extra-locales/ https://forum.weightgaming.com/highlight-js/ https://forum.weightgaming.com/javascripts/ https://forum.weightgaming.com/plugins/ https://forum.weightgaming.com/theme-javascripts/ https://forum.weightgaming.com/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https: 'unsafe-inline'; worker-src 'self' https://d1au4vljv71t01.cloudfront.net/forum/assets/ https://forum.weightgaming.com/javascripts/ https://forum.weightgaming.com/plugins/; report-uri https://forum.weightgaming.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net translate.google.com translate.googleapis.com www.google.com www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net www.gstatic.com; img-src 'self' data: cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net fonts.gstatic.com www.gstatic.com www.google.com; media-src 'none'; frame-src 'none'; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net netdna.bootstrapcdn.com; connect-src 'self' translate.googleapis.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://win.theglenlivet.com; 1
base-uri 'self';default-src 'self' blob:;font-src 'self' res.cloudinary.com script.hotjar.com fonts.gstatic.com data:;media-src 'self' res.cloudinary.com blob:;form-action 'self' qa-extra2-core.qa.gneis.io qa-circlekid-core.qa.gneis.io id.circlekeurope.com extra.circlekeurope.com;frame-src app.vwo.com https://*.visualwebsiteoptimizer.com omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com https://*.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com consent.cookiebot.com google.com https://*.google.com google.no https://*.google.no tpc.googlesyndication.com tourstart.org d1omrgmvhbogxk.cloudfront.net td.doubleclick.net secure.viewer.zmags.com;child-src omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com vars.hotjar.com static.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com consent.cookiebot.com google.com;style-src 'self' 'unsafe-inline' 'report-sample' https://*.visualwebsiteoptimizer.com s3.amazonaws.com app.vwo.com cdn.pushcrew.com fonts.googleapis.com optimize.google.com translate.googleapis.com https://*.hotjar.com www.googletagmanager.com;img-src 'self' *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com chart.googleapis.com cdn.sanity.io sgtm.naf.no google.ie *.google.ie script.hotjar.com ade.googlesyndication.com data: www.naf.no res.cloudinary.com bildata.ofv.no *.google.com *.google.no *.google.dk *.google.es *.google.se *.google.de *.google.fi *.google.lv *.google.co.th *.google.pl *.google.com.tr *.google.co.uk *.google.co.nz *.google.lk *.google.co.id *.google.pt *.google.ch *.google.be *.googletagmanager.com www.googletagmanager.com *.googleapis.com pagead2.googlesyndication.com 6054118.global.siteimproveanalytics.io www.facebook.com marketing.naf.no *.clarity.ms c.clarity.ms bat.bing.com c.bing.com ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.gstatic.com img.youtube.com www.googleadservices.com www.analytics-debugger.com imgsct.cookiebot.com;script-src 'strict-dynamic' 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com consent.cookiebot.com consentcdn.cookiebot.com *.sgtm.naf.no sgtm.naf.no 'nonce-Kmf2NZp2QESDDMVmNh/nSA==' script.hotjar.com euwa.puzzel.com connect.facebook.net maps.googleapis.com 'report-sample';script-src-attr 'self' 'unsafe-inline' consent.cookiebot.com m.facebook.com 'report-sample';object-src 'none';connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.ent.northeurope.azure.elastic-cloud.com *.puzzel.com google.com google.ie *.google.ie googleads.g.doubleclick.net *.google.com *.cookiebot.com *.hotjar.io *.hotjar.com *.mouseflow.com vc.hotjar.io pagead2.googlesyndication.com wss://sr-naf-ch-dev.service.signalr.net wss://sr-naf-ch-test.service.signalr.net wss://sr-naf-ch-prod.service.signalr.net sr-naf-ch-dev.service.signalr.net sr-naf-ch-test.service.signalr.net sr-naf-ch-prod.service.signalr.net wss://sigr-nafch-dev.service.signalr.net wss://sigr-nafch-test.service.signalr.net wss://sigr-nafch-prod.service.signalr.net sigr-nafch-dev.service.signalr.net sigr-nafch-test.service.signalr.net sigr-nafch-prod.service.signalr.net res.cloudinary.com in.hotjar.com stats.g.doubleclick.net stage.id.naf.no id.naf.no dev-api2.naf.no test-api2.naf.no api2.naf.no dc.services.visualstudio.com *.sgtm.naf.no sgtm.naf.no api.billan.nordea.no bat.bing.com *.clarity.ms www.clarity.ms wss://*.hotjar.com maps.googleapis.com www.gstatic.com naf.matomo.cloud video-analytics-api.cloudinary.com ws.geonorge.no/ region1.google-analytics.com analytics-api-s.cloudinary.com dev-api2.naf.no test-api2.naf.no api2.naf.no;frame-ancestors https://*.naf.no https://dev.cms.naf.no https://test.cms.naf.no https://cms.naf.no;upgrade-insecure-requests;worker-src 'self' blob:;manifest-src 'self' 1
default-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com;  style-src-elem  'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' *.qualtrics.com *.bing.com *.quantserve.com *.facebook.com *.google.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.w3.org *.lpsnmedia.net *.nycm.com data:; font-src 'self'  'unsafe-inline' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.liveperson.net *.qualtrics.com *.googletagmanager.com *.lpsnmedia.net *.googleadservices.com *.bing.com *.google-analytics.com *.facebook.net https://cdn.callreports.com https://js.acq.io *.yimg.com *.quantserve.com *.lpsnmedia.net *.yahoo.com *.doubleclick.net *.quantcount.com *.liveperson.net *.googleapis.com *.google.com; script-src-elem 'self' 'unsafe-inline' *.liveperson.net *.qualtrics.com *.googletagmanager.com *.lpsnmedia.net *.googleadservices.com *.bing.com *.google-analytics.com *.facebook.net https://cdn.callreports.com https://js.acq.io *.yimg.com *.quantserve.com *.lpsnmedia.net *.yahoo.com *.doubleclick.net *.quantcount.com *.liveperson.net *.googleapis.com; frame-src *.lpsnmedia.net/ *.liveperson.net *.qualtrics.com *.doubleclick.net *.youtube.com; connect-src 'self' *.googleapis.com *.qualtrics.com  *.google-analytics.com *.yimg.com *.doubleclick.net *.bing.com *.liveperson.net wss://va.msg.liveperson.net; form-action 'self' *.nycm.com *.qualtrics.com; object-src 'self' *.youtube.com; media-src 'self' *.lpsnmedia.net 1
base-uri 'self';default-src 'none';object-src 'none';script-src 'self' https://css.underdark.nl https://piwik.underdark.nl https://api.tiles.mapbox.com https://api.mapbox.com;style-src 'self' https://css.underdark.nl https://api.tiles.mapbox.com;form-action 'self' https://customers.underdark.nl;connect-src 'self' https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;img-src 'self' data: blob: https://*.tiles.mapbox.com https://css.underdark.nl;font-src 'self' https://css.underdark.nl;frame-ancestors 'self' 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com blob:; connect-src 'self' wss://proxy.pharmahub.org wss://vncproxy.pharmahub.org wss://pharmahub.org https://pharmahub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://cdnapisec.kaltura.com/api_v3/index.php https://stats.kaltura.com/api_v3/index.php https://analytics.kaltura.com/api_v3/index.php https://cdnapisec.kaltura.com/p/ https://cfvod.kaltura.com/hls/p/ https://api.cdnjs.com/libraries/; default-src 'self' https://*.pharmahub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnapisec.kaltura.com/html5/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self' https://pharmahub.org/ https://pharmahub.org/; frame-src 'self' https://*.pharmahub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://syndication.twitter.com https://platform.twitter.com; img-src * data: image: file: blob: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com; media-src 'self' data: blob: https://cdnapisec.kaltura.com/p/ https://cfvod.kaltura.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdnapisec.kaltura.com/html5/ https://cdnapisec.kaltura.com/p/ https://code.jquery.com/ui/ https://cdnjs.cloudflare.com/ajax/libs/require.js/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ api.twitter.com https://cdn.syndication.twimg.com/timeline/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com/css https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/; worker-src blob:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
connect-src 'self' https://*.optimizely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://livechat.lge-ku.com wss://livechat.lge-ku.com; img-src 'self' https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.adsrvr.org/ https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://kit-pro.fontawesome.com https://js.adsrvr.org/ https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval'  'self' https: data:; base-uri 'self'; 1
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://www.googleoptimize.com https://script.hotjar.com/ https://static.hotjar.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ https://www.calcxml.com/ https://cdnjs.cloudflare.com/ https://*.firebaseio.com https://*.landbot.io https://*.google.com https://*.facebook.net https://*.trustpilot.com https://*.jquery.com https://*.callrail.com https://*.pardot.com https://*.googleapis.com https://*.jsdelivr.net https://*.pingdom.net https://*.brandcdn.com https://*.licdn.com https://*.swiftyecdn.com https://*.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://profontawesome.com/ https://www.incharge.org/ https://fonts.googleapis.com/ https://www.calcxml.com/ https://www.google.com/ https://optimize.google.com/; connect-src 'self' https://content.hotjar.io/ https://analytics.tiktok.com wss://*.firebaseio.com https://*.landbot.io https://*.google.com https://stats.g.doubleclick.net https://*.hotjar.com/ wss://*.hotjar.com/ https://www.calcxml.com/ https://*.googleapis.com/ https://google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://*.facebook.net/ https://*.callrail.com https://*.yoast.com https://yoast.com https://*.wpengine.com https://*.pingdom.net https://cdn.linkedin.oribi.io https://player.vimeo.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://manage.vehicleservicepros.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'nonce-v3kau38zbagv2vpm' https://*.mta.info https://*.mylirr.org https://*.mapbox.com https://*.sentry.io data: blob:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self';  script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net js.hsadspixel.net js.hs-banner.com js.hubspotfeedback.com js.usemessages.com https://connect.facebook.net https://connect.facebook.net/* https://graph.facebook.com https://js.facebook.com *.googletagmanager.com https://js.hs-scripts.com https://js.hsleadflows.net js.hs-analytics.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com s3.amazonaws.com cdnjs.cloudflare.com *.google-analytics.com *.analytics.google.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.google-analytics.com *.analytics.google.com use.fontawesome.com kit.fontawesome.com https://js.hscollectedforms.net https://js.hscollectedforms.net/* https://gateway.zscalertwo.net/* https://snap.licdn.com https://snap.licdn.com/* https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://js.hscollectedforms.net https://js.hscollectedforms.net/* https://snap.licdn.com https://snap.licdn.com/*;  style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.fontawesome.com code.jquery.com *.googleapis.com cdnjs.cloudflare.com cdn-images.mailchimp.com maxcdn.bootstrapcdn.com hello.myfonts.net/count/315e84 gateway.zscalertwo.net;  img-src 'self' data: blob: *.facebook.com *.facebook.net *.fbcdn.net *.hubspot.com cdn2.hubspot.net *.freshdesk.com *.redatatech.com *.mccdn01.com forms.hsforms.com forms.hubspot.com wpjobmanager.com track.hubspot.com www.googletagmanager.com www.google.co.in www.google.com paypal.com *.gravatar.com *.w.org *.linkedin.com *.licdn.com p.adsymptotic.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com;  font-src 'self' data: hello.myfonts.net/count/315e84 maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com;  connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com cdn.linkedin.oribi.io *.licdn.com *.hscollectedforms.net fonts.googleapis.com fonts.gstatic.com *.facebook.com *.freshdesk.com connect.facebook.net *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com bam.nr-data.net yoast.com www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com https://forms.hsforms.com https://forms.hsforms.com/* https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hubspot.com https://forms.hubspot.com/* about: *.fontawesome.com;  manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; object-src 'none'; frame-src 'self' www.linkedin.com *.facebook.com connect.facebook.net *.doubleclick.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com *.vimeo.com; child-src 'self' *.facebook.com connect.facebook.net app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com;  media-src 'self' *.w.org media.licdn.com; prefetch-src 'self'; worker-src 'self';report-uri https://endpoint.42-q.com;report-to sanminadmin; 1
frame-ancestors http://methstreams.com http://nbastreamswatch.com http://watchnbastreams.com http://crackstreams.ws http://the.crackstreams.ws http://reddit.watchnbastreams.com 1
default-src 'self' 'nonce-s01mlap3ijaq290i'  soicos.com *.soicos.com google.com gtm.js *.google.com googleapis.com *.googleapis.com  googletagmanager.com *.googletagmanager.com *.google-analytics.com *.gstatic.com cloudflare.com *.cloudflare.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com stackpath.bootstrapcdn.com cdn.datatables.net bing.com *.bing.com; frame-ancestors 'self'; form-action 'self'; object-src 'none'; base-uri soicos.com; font-src 'self' *.googleapis.com *.gstatic.com *.jsdelivr.net;style-src 'self' 'unsafe-hashes' 'unsafe-inline' soicos.com *.soicos.com google.com gtm.js *.google.com googleapis.com *.googleapis.com  googletagmanager.com *.googletagmanager.com *.google-analytics.com *.gstatic.com cloudflare.com *.cloudflare.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com stackpath.bootstrapcdn.com cdn.datatables.net 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 1
default-src  'self' *.fg.cz tagmanager.google.com *.google-analytics.com;font-src  'self' data: *.typekit.net *.typekit.com *.gstatic.com *.bootstrapcdn.com;connect-src  'self' *.fg.cz *.google-analytics.com *.typekit.net *.fullstory.com *.zeerat.com wss://collector.zeerat.com *.doubleclick.net *.sociablekit.com *.clarity.ms *.google.com *.facebook.com *.googleapis.com  plausible.io *.oribi.io *.googlesyndication.com *.linkedin.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com sjs.bizographics.com *.imedia.cz *.seznam.cz *.clarity.ms *.youtube.com *.adform.net plausible.io;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.twimg.com *.geoplugin.net *.zeerat.com *.fullstory.com *.sociablekit.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com sjs.bizographics.com *.imedia.cz *.seznam.cz *.clarity.ms *.youtube.com *.adform.net plausible.io;form-action  'self' *.facebook.com *.facebook.net;frame-src  'self' *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.sociablekit.com indd.adobe.com *.imedia.cz *.google.com *.faceup.com *.doubleclick.net;worker-src  'self' *.youtube.com *.facebook.com *.facebook.net *.googletagmanager.com *.sociablekit.com indd.adobe.com *.imedia.cz *.google.com *.faceup.com *.doubleclick.net;frame-ancestors  'self';img-src  'self' data: blob: *.fg.cz *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.typekit.net *.typekit.com *.facebook.com *.facebook.net *.twimg.com *.google.am *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.ies *.google.iq *.google.it *.google.kz *.google.li *.google.lt *.google.lu *.google.md *.google.mk *.google.mn *.google.mv *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.tn *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.uz *.google.co.za *.google.co.zw *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.my *.google.com.ng *.google.com.np *.google.com.om *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn *.youtube.com *.sociablekit.com *.fbcdn.net *.linkedin.com *.imedia.cz *.seznam.cz *.clarity.ms android-webview-video-poster: *.bing.com *.ytimg.com p.adsymptotic.com *.fullstory.com;style-src  'self' 'unsafe-inline' *.fg.cz *.googleapis.com *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.gstatic.com;style-src-elem  'self' 'unsafe-inline' *.fg.cz *.googleapis.com *.typekit.net *.typekit.com tagmanager.google.com *.sociablekit.com *.bootstrapcdn.com *.google.com *.gstatic.com;object-src  'self';report-uri https://fgforrest.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self'; report-uri https://qbemqfaz.com.br/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' quantcast.mgr.consensu.org *.youtube.com *.googlesyndication.com cdn.ampproject.org *.amazon-adsystem.com *.cookiebot.com https://contextual.media.net https://lg3.media.net https://www.clickcease.com/monitor/stat.js https://consent.cookiefirst.com https://rules.quantcount.com *.quantcast.mgr.consensu.org https://secure.quantserve.com/quant.js www.gstatic.com maps.gstatic.com cdn.datatables.net maxcdn.bootstrapcdn.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net ajax.cloudflare.com cdnjs.cloudflare.com www.googletagservices.com tpc.googlesyndication.com/sodar/sodar2.js adservice.google.es adservice.google.com https://www.google.com/pagead/conversion_async.js www.googletagmanager.com tagmanager.google.com s.ytimg.com *.taboola.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.g.doubleclick.net *.youtube.com https://rcm-eu.amazon-adsystem.com *.googlesyndication.com *.quantcast.mgr.consensu.org *.cookiebot.com https://www.google.com/recaptcha/api2/aframe https://contextual.media.net/checksync.php https://rcm-na.amazon-adsystem.com *.assoc-amazon.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
script-src 'self' https: 'unsafe-inline' unsafe-eval https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.adobedtm.com/ https://*.assets.adobedtm.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ http://metlifeglobal.tt.omtrdc.net/ http://*.metlifeglobal.tt.omtrdc.net/ https://connect.facebook.net/ https://*.connect.facebook.net/ https://www.googletagmanager.com/ https://*.googletagmanager.com/ https://vjs.zencdn.net/ https://*.vjs.zencdn.net/ http://www.youtube.com/ http://*.youtube.com/ https://*.gueno.com/ https://gueno.com/;script-src-attr 'unsafe-inline';img-src 'self' https://storage.googleapis.com/ https://*.storage.googleapis.com/ https://www.facebook.com/ https://*.facebook.com/ https://learning-services-media.brightcove.com/ https://*.learning-services-media.brightcove.com/ https://www.google-analytics.com/ https://*.google-analytics.com/;default-src 'self' https: 'unsafe-inline' https://*.chats.landbot.io https://chats.landbot.io wss://s-usc1c-nss-291.firebaseio.com/ wss://*.s-usc1c-nss-291.firebaseio.com/ http://metlifeglobal.tt.omtrdc.net/ http://*.metlifeglobal.tt.omtrdc.net/ https://www.youtube.com/ https://*.youtube.com/ https://edge.api.brightcove.com/ https://*.edge.api.brightcove.com/ https://secure.brightcove.com/ https://*.secure.brightcove.com/ https://f1.cf.brightcove.com/ https://*.f1.cf.brightcove.com/ https://manifest.prod.boltdns.net/ https://*.manifest.prod.boltdns.net/;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crystalsport.ge *.crystalauto.ge *.google.com *.cloudflare.com cloudflare.com *.youtube.com *.twitter.com *.facebook.net facebook.net *.googlesyndication.com *.instagram.com googlesyndication.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googletagservices.com googletagservices.com *.googleapis.com *.tinymce.com *.gstatic.com *.tiny.cloud *.doubleclick.net doubleclick.net *.2mdn.net 2mdn.net *.enetscores.com *.facebook.com *.sharethis.com *.streams.ge streams.ge crystal-ad.ge; img-src * data:; 1
frame-ancestors 'self' https://www.icscorrections.com https://corrections.ky.gov https://icscorrections.com https://doc.arkansas.gov *.corrlinks.com corrlinks.com; 1
script-src 'nonce-b2632658a75348eaa1d22d05aecba892' 'self' *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com snap.licdn.com *.googleapis.com cdn.segment.com js.intercomcdn.com connect.facebook.net cdn.mxpnl.com edge.fullstory.com js.hsforms.net js.stripe.com public.profitwell.com r.wdfl.co widget.intercom.io *.sentry-cdn.com polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com px.ads.linkedin.com edge.fullstory.com cdn.linkedin.oribi.io cdn.segment.com api.segment.io *.segmentapis.com api-iam.intercom.io api-js.mixpanel.com api.singa.com *.googleapis.com *.ingest.sentry.io rs.fullstory.com *.profitwell.com wss://nexus-websocket-a.intercom.io *.facebook.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.youtube.com js.stripe.com *.google.com forms.hsforms.com *.g.doubleclick.net; manifest-src 'self'; media-src 'self' images.cdn.singa.com cdn.singa.com d2g61ocp5jx3ie.cloudfront.net d2ddkzh4sqyojx.cloudfront.net; worker-src 'none'; frame-ancestors https://app.storyblok.com 1
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 1
frame-ancestors https://www.cupraofficial.co.uk https://author-seat-stage63.adobecqms.net https://seat-stage63.adobecqms.net https://author-seat-prod63.adobecqms.net https://seat-prod63.adobecqms.net 'self' 1
default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://cdn.jsdelivr.net/npm/@rive-app/canvas@2.9.0/rive.wasm https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://cdn.linkedin.oribi.io https://*.singular.net https://unpkg.com/@rive-app/canvas@2.9.0/rive.wasm https://*.zoominfo.com; img-src 'self' blob: data: https://*.chmln-cdn.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.openx.net https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpenginepowered.com https://*.analytics.yahoo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://js.stripe.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net; worker-src 'self' blob:; 1
frame-ancestors 'self' *.flexera.com *.app.flexera.com *.rightscale.com *.flexnetmanager.com localhost:*; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.transcat.ca *.transcat.com *.tfaforms.com *.tfaforms.net *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tfaforms.com https://*.cloudfront.net https://us-cdn.inside-graph.com https://fonts.googleapis.com https://service.force.com https://cdn.jst.ai https://cdn.amazon.channels.magento.com https://*.hotjar.com *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.gstatic.com *.tfaforms.net *.tfaforms.com *.hsforms.com tagmanager.google.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://www.tfaforms.com https://www.googlecommerce.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.cenpos.com https://apis.google.com https://bat.bing.com https://cdn.b0e8.com https://cdn.bc0a.com https://cdn.jsdelivr.net https://cdn.inspectlet.com https://cdn.bizible.com https://connect.facebook.net https://ssl.google-analytics.com https://st1.dialogtech.com https://us-tracker.inside-graph.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://static.trackedweb.net https://www.gstatic.com https://fonts.googleapis.com https://service.force.com https://*.salesforceliveagent.com https://my.jst.ai https://online.flippingbook.com https://cdn.jst.ai https://aly.jst.ai https://www.googleadservices.com https://us-live.inside-graph.com https://cdn.amazon.channels.magento.com https://use.typekit.net https://us-cdn.inside-graph.com https://static.hotjar.com https://script.hotjar.com https://*.dotdigital-pages.com https://solutions.invocacdn.com https://cdn.heapanalytics.com https://pnapi.invoca.net/ https://home-c52.nice-incontact.com/ https://*.hotjar.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.transcat.com *.tfaforms.com *.tfaforms.net *.hsforms.net *.hsforms.com js.hs-scripts.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; img-src 'self' data: about: http://www.transcat.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://*.cloudfront.net https://bat.bing.com https://cdn.bizible.com https://amcglobal.sc.omtrdc.net https://ssl.google-analytics.com https://cm.everesttech.net https://st2.dialogtech.com https://*.smarterspecies.com https://*.transcat.com https://a.b0e8.com https://online.flippingbook.com https://www.paypalobjects.com https://googleads.g.doubleclick.net https://i.ytimg.com https://stats.g.doubleclick.net https://cdn.bizibly.com https://p.typekit.net https://us-cdn.inside-graph.com https://c.bing.com https://heapanalytics.com https://*.hotjar.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.tfaforms.net *.tfaforms.com *.hsforms.com *.transcat.ca *.gstatic.com data: 'self' 'unsafe-inline'; frame-src 'self' https://bid.g.doubleclick.net https://amc.demdex.net https://us-live.inside-graph.com https://www.cenpos.net https://www.google.com https://www.youtube.com https://maps.google.com https://www.facebook.com https://www.tfaforms.com https://online.flippingbook.com https://vars.hotjar.com https://*.dotdigital-pages.com https://home-c52.nice-incontact.com https://*.hotjar.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.transcat.com *.tfaforms.com *.tfaforms.net *.hsforms.net *.hsforms.com *.weltpixel.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://us-cdn.inside-graph.com https://c1.sfdcstatic.com https://use.typekit.net https://*.hotjar.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; connect-src 'self' https://aly.jst.ai https://my.jst.ai https://bat.bing.com https://*.cloudfront.net https://dpm.demdex.net https://hn.inspectlet.com https://ixfd1-api.bc0a.com https://r2.trackedweb.net https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://us-live.inside-graph.com wss://us-live.inside-graph.com https://fbo-b.flippingbook.com https://tcatptcopy-transcat.cs34.force.com https://cdn.amazon.channels.magento.com https://online.flippingbook.com https://*.hotjar.com wss://*.hotjar.com https://us-cdn.inside-graph.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com *.tfaforms.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; default-src 'self' https://*.cloudfront.net https://*.hotjar.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://connect.facebook.net/en_US/fbevents.js http://connect.facebook.net/ http://tagmanager.google.com/ http://tagmanager.google.com/debug https: https://tagmanager.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: https://www.snowboard-banff.net https://pixel.morphio.info; font-src 'self' data: https:; connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://*.fixer.io https://s.adroll.com https://tagmanager.google.com/debug https://maps.googleapis.com https://developer.livehelpnow.net wss://app.livehelpnow.net https://api.fixer.io https://www.facebook.com https://www.google-analytics.com https://brain.morphio.info https://graylog.hotjar.com:12443 wss://ws4.hotjar.com https://insights.hotjar.com https://www.reseze.net; media-src 'self' https:; object-src 'self'; frame-src 'self' https: http://skiron.intermaps.com; form-action 'self' https://www.facebook.com/tr/ https://www.pages03.net/sunshinevillage/NewsletterSignup/Newsletter_Signup https://www.reseze.net; 1
upgrade-insecure-requests;default-src 'self' play.vidyard.com;img-src 'self' https://* data: cm.g.doubleclick.net;media-src 'self' play.vidyard.com fresnel.vimeocdn.com *.vimeo.com *.youtube.com youtu.be;script-src 'self' 'unsafe-inline'  js.usemessages.com tag.demandbase.com api.hubspot.com js.usemessages.com *.googleadservices.com *.doubleclick.net www.gstatic.com  play.vidyard.com player.vimeo.com fonolo.bamboohr.com www.googletagmanager.com www.google-analytics.com www.google.com *.hubspot.com *.hsforms.net *.hsforms.com js.hscta.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com px.ads.linkedin.com snap.licdn.com api.hubapi.com platform.twitter.com snid.snitcher.com connect.facebook.net *.hotjar.com;style-src 'self' 'unsafe-inline' fonolo.bamboohr.com fonts.googleapis.com *.googletagmanager.com;font-src 'self' data: p.adsymptotic.com www.google.ca track.hubspot.com fonts.gstatic.com;frame-src 'self'  *.hs-sites.com *.google.com *.company-target.com *.slidesharecdn.com *.slideshare.net *.hotjar.com play.vidyard.com *.youtube.com *.vimeo.com *.hsforms.com *.hubspot.com *.facebook.com td.doubleclick.net bid.g.doubleclick.net;child-src 'self' *.youtube.com *.vimeo.com;frame-ancestors 'self' *.hubspot.com *.youtube.com *.vimeo.com;connect-src 'self'  analytics.google.com tag-logger.demandbase.com *.demandbase.com *.company-target.com cdn.linkedin.oribi.io fonolo.bamboohr.com *.facebook.com *.amazonaws.com  *.hubspot.com api.hubapi.com *.hsforms.com *.snitcher.com stats.g.doubleclick.net  *.hotjar.com *.google-analytics.com *.linkedin.com 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pt https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.pt https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.pt;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.pt  https://smetrics.vwfs.pt https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.pt;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pt https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pt https://smetrics.vwfs.pt https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
script-src 'self' *.atl-paas.net *.atlassian.net *.jira.com *.jira-dev.com *.statuspage.io 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com polyfill.io; object-src 'none' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndicaton.com https://*.formsite.com https://up.pixel.ad https://*.mapbox.com https://*.dtn.com  https://*.land.com https://*.landsofamerica.com https://*.licdn.com  https://*.googleoptimize.com https://*.qualtrics.com https://*.onetrust.com https://*.forms-db.com https://*.fcsamerica.com https://*.farmlend.com https://*.clarity.ms https://*.cookielaw.org https://*.fontawesome.com https://*.adobedtm.com https://*.facebook.net/ https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://d10lpsik1i8c69.cloudfront.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://static.ads-twitter.com https://bat.bing.com https://analytics.twitter.com https://*.pardot.com https://*.g.doubleclick.net/ https://*.fcsamerica.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.aspnetcdn.com https://www.youtube.com/iframe_api https://*.twitter.com https://s.ytimg.com https://*.twimg.com https://*.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net https://munchkin.marketo.net https://*.eloqua.com https://js.hs-scripts.com https://js.hs-analytics.net https://*.adsrvr.org https://*.en25.com https://cdn.ampproject.org https://*.newrelic.com https://*.googletagmanager.com https://cdn01.basis.net https://*.fcsamerica.com https://*.launchdarkly.com;object-src 'none';style-src 'self' 'unsafe-inline' https://*.dtn.com https://*.mapbox.com https://*.onetrust.com https://*.farmlend.com https://*.fcsamerica.com https://*.adobedtm https://*.cookielaw.org https://*.fontawesome.com https://*.adobedtm.com https://tagmanager.google.com https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net/css/reset.css https://*.typekit.net/ https://*.googleapis.com https://*.gstatic.com https://netdna.bootstrapcdn.com https://kendo.cdn.telerik.com https://*.google.com https://dec.azureedge.net https://platform.twitter.com/css https://*.twimg.com https://*.typekit.net https://d10lpsik1i8c69.cloudfront.net/css/reset.css;img-src 'self' https://*.adnxs.com https://*.doubleclick.net https://*.facebook.net https://*.mapbox.com https://*.dtn.com https://*.qualtrics.com https://*.farmlend.com https://*.fcsamerica.com https://*.cookielaw.org https://fmgaggi.com/ https://www.google-analytics.com https://www.google.com https://*.g.doubleclick.net/ https://ssl.gstatic.com https://www.gstatic.com https://pixel-a.basis.net https://pixel.sitescout.com https://*.facebook.com/ https://clickserv.basis.net https://clickserv.sitescout.com https://d10lpsik1i8c69.cloudfront.net https://www.gravatar.com https://secure.gravatar.com https://devwww.fcsamerica.com https://testwww.fcsamerica.com https://inttestwww.fcsamerica.com https://www.fcsamerica.com https://bat.bing.com https://t.co https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://platform.tumblr.com https://*.facebook.com https://delicious.com https://*.redditstatic.com https://*.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://https//dec.azureedge.net https://*.dec.sitefinity.com https://pbs.twimg.com https://platform.twitter.com/css/ https://*.twimg.com https://*.eloqua.com https://track.hubspot.com https://*.googletagmanager.com https://*.gravatar.com https://*.adsrvr.org data: blob:;media-src 'self' https://d10lpsik1i8c69.cloudfront.net https://*.cloudfront.net data: blob:;frame-ancestors 'self' *.fcsamerica.com *.farmlend.com *.frontierfarmcredit.com *.agdirect.com;frame-src 'self' https://*.formsite.com https://*.qualtrics.com https://up.pixel.ad https://*.youtube.com https://*.farmlend.com https://*.frontierfarmcredit.com https://*.fcsamerica.com https://*.agdirect.com https://*.land.com https://*.landsofamerica.com https://*.captivate.fm https://*.onetrust.com https://*.forms-db.com https://*.fcsamerica.com https://*.farmlend.com https://*.agdirect.com https://*.doubleclick.net https://www.google.com https://www.facebook.com https://connect.facebook.net https://pixel-a.basis.net https://pixel.sitescout.com https://dev-281270.oktapreview.com https://devlogin.fcsamerica.com https://testlogin.fcsamerica.com https://inttestlogin.fcsamerica.com https://login.fcsamerica.com https://player.vimeo.com https://*.g.doubleclick.net https://*.adsrvr.org https://link.sharebase.com;font-src 'self' https://*.onetrust.com *.adobetm https://*.cookielaw.org https://*.fontawesome.com https://*.adobetm.com https://fonts.gstatic.com https://*.typekit.net/ https://kendo.cdn.telerik.com https://netdna.bootstrapcdn.com data:;connect-src 'self' https://*.linkedin.com https://google.com https://*.demdex.net https://*.mapbox.com https://*.dtn.com https://*.qualtrics.com https://*.onetrust.com https://*.farmlend.com https://*.fcsamerica.com https://*.adobedc.net https://*.googlesyndication.com https://*.clarity.ms *.adobetm https://*.cookielaw.org https://*.fontawesome.com https://*.adobetm.com https://settings.luckyorange.net https://pubsub.googleapis.com https://api.luckyorange.com https://app.launchdarkly.com https://events.launchdarkly.com wss://visitors.live wss://*.visitors.live https://clientstream.launchdarkly.com https://js-agent.newrelic.com https://bam.nr-data.net https://gstatic.com https://bat.bing.com https://analytics.twitter.com https://t.co https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.dec.sitefinity.com https://*.mktoresp.com https://wss//in.visitors.live https://wss//visitors.live https://*.google-analytics.com;worker-src 'self' blob: https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://*.google.com https://*.facebook.com https://badge.stumbleupon.com https://d10lpsik1i8c69.cloudfront.net 1
default-src 'self' *.dotomi.com; script-src 'self' api.fouanalytics.com *.dotomi.com tr.contextweb.com c82308.csd.dotomi.com assets.adobedtm.com td.doubleclick.net gateway.zscalerthree.net analytics.tiktok.com www.facebook.com insight.adsrvr.org thrtle.com js.adsrvr.org js.pulseinsights.com survey.pulseinsights.com activitymap.adobe.com www.googletagmanager.com bat.bing.com ad.doubleclick.net googleads.g.doubleclick.net dpm.demdex.net www.googleadservices.com *.fls.doubleclick.net bh.contextweb.com cdn.di-capt.com connect.facebook.net astellas.demdex.net cm.everesttech.net cdn.cookielaw.org 'unsafe-inline'; object-src 'none' ; connect-src *; font-src * data:; frame-src 'self' match.adsrvr.org gateway.zscalerthree.net astellas.demdex.net insight.adsrvr.org *.fls.doubleclick.net td.doubleclick.net tr.contextweb.com thrtle.com analytics.tiktok.com activitymap.adobe.com www.facebook.com js.adsrvr.org;style-src 'self' 'unsafe-inline'; img-src 'self' *.fls.doubleclick.net di.rlcdn.com www.facebook.com gateway.zscalerthree.net bh.contextweb.com ad.doubleclick.net dpm.demdex.net cdn.cookielaw.org bat.bing.com thrtle.com cm.everesttech.net insight.adsrvr.org www.google.com www.google.co.in googleads.g.doubleclick.net astellasusllc.data.adobedc.net tr.contextweb.com *.dotomi.com data:; 1
object-src 'none'; script-src 'self' 'nonce-5b31e8713dbd426a96a2c72f44de5adf' 'sha256-bYH6V1Wby/yQdY+2mNHLWDwG3e3AUGv1/pm0vhS1/2Q=' https://snap.licdn.com/ https://f.vimeocdn.com/ https://acdn.adnxs.com/ https://maps.googleapis.com/ https://otp.tools.investis.com/ https://cc.cdn.civiccomputing.com/ http://s7.addthis.com/ https://www.googletagmanager.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com ; style-src 'self' 'unsafe-inline' https://sse-prelive.emperordev.com https://cc.cdn.civiccomputing.com/ https://fonts.googleapis.com/ https://tools.eurolandir.com/ ; img-src 'self' data: https://sse-prelive.emperordev.com https://ib.adnxs.com/ https://analytics.twitter.com/ https://t.co/ https://i.vimeocdn.com/ https://www.sserenewables.com/ https://tiscreport.org/ https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px https://tr.lfeeder.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; frame-src 'self' https://sse-prelive.emperordev.com  https://td.doubleclick.net/ https://indd.adobe.com/ https://otp.tools.investis.com/ https://irs.tools.investis.com/ https://tools.eurolandir.com/ https://www.youtube.com https://www.ustream.tv https://www.facebook.com https://player.vimeo.com https://www.google.com 1
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get.creaform3d.com/ https://www.msn.com/ https://creaform.my.site.com/ https://a.quora.com/ https://ajax.aspnetcdn.com/ https://static.lightning.force.com/ https://d.la3-c1-ia5.salesforceliveagent.com/ https://d.la3-c1-ia4.salesforceliveagent.com/ https://creaform.my.salesforce.com/ https://service.force.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://www.google.com/ https://a.omappapi.com/app/js/ https://acuityplatform.com/Adserver/pxlj/3726197806279171821 https://*.googleapis.com/ https://analytics.tiktok.com/i18n/pixel/ https://apis.google.com/js/ https://assets.ubembed.com/universalscript/ https://b4cb121747ac4fc997b7cc96e71faab3.js.ubembed.com/ https://b92.yahoo.co.jp/rt/ https://bat.bing.com/ https://cdn.callrail.com/companies/329882866/bf9348cf6a834fc3270e/12/swap.js https://*.pushengage.com/ https://connect.facebook.net/ https://e.acuityplatform.com/ https://fast.wistia.net/ https://fast.wistia.com/ https://*.bizspring.net/ https://go.creaform3d.com/ https://hm.mieru-ca.com/service/js/ https://hpjp.mieru-ca.com/embed https://origin.acuityplatform.com/ https://pi.pardot.com/ https://script.hotjar.com/ https://secure.adnxs.com/seg https://snap.licdn.com/li.lms-analytics/ https://static.hotjar.com/ https://tags.clickagy.com/ https://urldefense.proofpoint.com/ https://wcs.naver.net/ https://ws.zoominfo.com/pixel/ https://www.clarity.ms/ https://www.google-analytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.msgapp.com/ https://www.optico.fr/ https://www.redditstatic.com/ads/ https://www.webtraxs.com/ https://www.youtube.com/ https://acuityplatform.com/ https://*.yimg.jp/ https://call.chatra.io/ https://chat.chatra.io/ https://optimize.google.com/ https://d3pkntwtp2ukl5.cloudfront.net/uba.js https://*.cloudfront.net/sp-2.14.0.js https://flex.msn.com/ https://tpc.googlesyndication.com/ https://*.yahoo.co.jp/ https://t.unbounce.com/ https://cdn.cookielaw.org/ https://tag.demandbase.com/0d233bb0737fd287.min.js https://*.salesforceliveagent.com/ https://*.quora.com/'; style-src 'self' 'unsafe-inline' https://creaform.my.site.com/ https://service.force.com/ https://a.omappapi.com https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com; object-src 'none'; base-uri 'self'; connect-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://service.force.com/ https://fast.wistia.com https://fast.wistia.net https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com/ https://go.creaform3d.com/ https://tourmkr.com/ https://call.chatra.io/ https://chat.chatra.io/ https://*.pages.ubembed.com/ https://*.clickagy.com/ https://tpc.googlesyndication.com/ https://optimize.google.com https://demo.visao.ca/ https://sketchfab.com/ https://s.company-target.com/; img-src * data: blob: 'unsafe-inline'; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com sentry.io stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: static-cdn.ammunitiontogo.com themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io data: pubads.g.doubleclick.net static-cdn.ammunitiontogo.com stats.g.doubleclick.net verify.authorize.net; manifest-src static-cdn.ammunitiontogo.com www.ammunitiontogo.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 static-cdn.ammunitiontogo.com stats.g.doubleclick.net verify.authorize.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org static-cdn.ammunitiontogo.com 1
default-src 'self'; img-src 'self' data: blob: https://pendo-us1-static-6231007996805120.storage.googleapis.com/ https://us1.app.pendo.io/ https://core.uniteus.io/rails/active_storage/blobs/ https://s3.amazonaws.com/static-public-v3-uudev/ https://s3.amazonaws.com/cdn-public-v3-uudev/ https://core.uniteus.io https://s3.amazonaws.com/uniteus-io-assets/ https://us1.data.pendo.io https://maps.gstatic.com https://maps.googleapis.com core; child-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://us1.app.pendo.io/ https://tableau.uniteus.io/ https://js-agent.newrelic.com/nr-spa-1016.min.js https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://cdn.polyfill.io https://*.intercom.io https://*.intercomcdn.com https://cdn.pendo.io/agent/ https://bam.nr-data.net https://us1.data.pendo.io https://maps.googleapis.com; font-src https://app.uniteus.io/dashboard/new/node_modules/@pendo/components/lib/fonts/ https://s3.amazonaws.com/uniteus-io-assets/ https://fast.fonts.net https://fonts.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.pendo.io https://fast.fonts.net https://fonts.googleapis.com; connect-src https://us1.app.pendo.io/api/s/ https://us1.data.pendo.io/data/ https://*.browser-intake-ddog-gov.com wss://tsock.us1.twilio.com/v3/wsconnect https://*.uniteus.io https://*.uniteus.io https://*.launchdarkly.com https://*.rollbar.com https://*.intercom.io https://bam.nr-data.net wss://*.intercom.io https://ipinfo.io https://maps.googleapis.com; frame-src http://us1.app.pendo.io https://tableau.uniteus.io/ https://core.uniteus.io/ https://s3.amazonaws.com/ https://consent.uniteus.io; object-src https://core.uniteus.io/; worker-src blob:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OGU1Y2FiN2ZmNWQzNDZhODhiMDI5YmY5YzQ4YmNlMjU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.huurcommissie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.huurcommissie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.huurcommissie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors https://apps.facebook.com/ 1
default-src 'none';script-src cdn.syndication.twimg.com cookie-cdn.cookiepro.com 'nonce-BH5CMGXCqF28IU3m-wzDAsI6' *.hotjar.com 'sha256-Wb0nyozPeRQkqBk0879ZNBR3TR4acmD4XHJN8geuVdg=' img06.en25.com www.google-analytics.com 'self' privacyportal.onetrust.com geolocation.onetrust.com 'nonce-yQE1OPHG1g6w7p5c6XgSiEEo' platform.twitter.com cdn.cookielaw.org;style-src cookie-cdn.cookiepro.com 'nonce-s0K8sS8A9IW5fl5xTCuQFxLs' 'nonce-BH5CMGXCqF28IU3m-wzDAsI6' 'self' privacyportal.onetrust.com fonts.googleapis.com platform.twitter.com cdn.cookielaw.org;img-src pbs.twimg.com kp-pdf.s3.amazonaws.com stats.g.doubleclick.net www.googletagmanager.com cookie-cdn.cookiepro.com 'nonce-BH5CMGXCqF28IU3m-wzDAsI6' www.google-analytics.com 'self' privacyportal.onetrust.com data: cdn.cookielaw.org;font-src 'self' fonts.gstatic.com;connect-src snowplow.apps.clarivate.com cookie-cdn.cookiepro.com 'nonce-BH5CMGXCqF28IU3m-wzDAsI6' *.hotjar.com wss://*.hotjar.com https://*.hotjar.io www.google-analytics.com 'self' privacyportal.onetrust.com www.google.com stats.g.doubleclick.net geolocation.onetrust.com vc.hotjar.io cdn.cookielaw.org;base-uri 'none';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests;frame-src platform.twitter.com vars.hotjar.com; 1
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none';base-uri 'none' 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com https://*.govmetric.com https://*.servmetric.com api.scribit.pro  *.siteimprove.com piwik.breda.nl https://*.ats-platform.com https://*.hireserve.nl https://piwik.breda.nl/; font-src 'self' data: *.googleusercontent.com https://*.ats-platform.com https://*.hireserve.nl; frame-src 'self' *.youtube.com https://login.microsoftonline.com https://www.google.com https://websiteacc.breda.nl https://formulieren.breda.nl https://breda-bba.vercel.app https://*.govmetric.com https://*.servmetric.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report https://*.ats-platform.com https://*.hireserve.nl; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.govmetric.com https://*.servmetric.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.breda.nl https://*.ats-platform.com https://*.hireserve.nl; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js piwik.breda.nl 'nonce-WkRObU5tUTFaakJrWVRVellXWms=' 'nonce-WXpjeU1UVXlaVEZpWkdObE9Ua3g=' 'sha256-sLveLlY6lTSX9j1j9OklTbpdDynFDkjhHNWQaPCM2Go=' https://*.ats-platform.com https://*.hireserve.nl 'unsafe-inline' https://piwik.breda.nl/; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js piwik.breda.nl 'nonce-WkRObU5tUTFaakJrWVRVellXWms=' 'nonce-WXpjeU1UVXlaVEZpWkdObE9Ua3g=' 'sha256-sLveLlY6lTSX9j1j9OklTbpdDynFDkjhHNWQaPCM2Go=' https://*.ats-platform.com https://*.hireserve.nl; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' https://*.ats-platform.com https://*.hireserve.nl 'sha256-bXK8t6XsljjUwy/bDRmfeZmdP1lX9wpipPCr7ulwVDo=' 'sha256-/d5P431opDe9iudPW48fHc7bSsZ72Sta7Lj06GeT6CQ=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng=' 'sha256-OwM+Y+6bZyHYjTF71IxRANXuzyYKalTPnCCZLmuQltE=' ; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-bXK8t6XsljjUwy/bDRmfeZmdP1lX9wpipPCr7ulwVDo='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' https://*.ats-platform.com https://*.hireserve.nl 'sha256-bXK8t6XsljjUwy/bDRmfeZmdP1lX9wpipPCr7ulwVDo=' 'sha256-/d5P431opDe9iudPW48fHc7bSsZ72Sta7Lj06GeT6CQ=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng=' 'sha256-OwM+Y+6bZyHYjTF71IxRANXuzyYKalTPnCCZLmuQltE=' ; base-uri 'self'; frame-ancestors 'self' piwik.breda.nl 1
frame-ancestors 'self'; default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.gr https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.gr https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.gr;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.gr  https://smetrics.vwfs.gr https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.gr;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.gr https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.gr https://smetrics.vwfs.gr https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.gr http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/shopify-channel-prod-group/1;script-src 'report-sample' 'nonce-B1o8OPQJr9rrtLjxPKJS_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob: 1
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com *.qualtrics.com *.DoubleClick.net *.trkn.us *.youtube.com insight.adsrvr.org app.smartsheet.com; frame-src 'self' https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com *.qualtrics.com *.DoubleClick.net  *.trkn.us *.youtube.com insight.adsrvr.org app.smartsheet.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com https:; 1
object-src 'none'; frame-ancestors 'self' https://bloganchoi.com https://*.bloganchoi.com 1
upgrade-insecure-requests; default-src 'self' data: https://www.die-bibel.de/ https://shop.die-bibel.de/ https://cdn.podigee.com/ https://www.youtube-nocookie.com/ https://player.podigee-cdn.net/ https://bibliotalk.podigee.io/ https://111-bibeltexte-die-man-kennen-muss.podigee.io/ https://piwik.diebibel.mdc.de/ https://code.etracker.com/ https://www.etracker.de/ https://maps.google.de/ https://www.google.com/ https://ajax.googleapis.com https://maps.googleapis.com/ https://fonts.gstatic.com/ https://secure.spendenbank.de/ https://spenden.twingle.de/ https://static3.avast.com/ https://embed.acast.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.die-bibel.de/ https://shop.die-bibel.de/ https://cdn.podigee.com https://player.podigee-cdn.net/ https://bibliotalk.podigee.io/ https://111-bibeltexte-die-man-kennen-muss.podigee.io/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://piwik.diebibel.mdc.de/ https://code.etracker.com/ https://www.etracker.de/ https://connect.facebook.net/ https://gisoje.loxutusize.com/ https://data1.eurosty.com/ https://maps.googleapis.com/ https://secure.spendenbank.de/ https://spenden.twingle.de/ https://embed.acast.com/; style-src 'self' data: 'unsafe-inline' https://www.die-bibel.de/ https://cdn.podigee.com https://player.podigee-cdn.net https://hello.myfonts.net/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://secure.spendenbank.de/ https://spenden.twingle.de/ https://embed.acast.com/ https://maps.googleapis.com/; img-src 'self' data: https://www.die-bibel.de/ https://*; base-uri 'self' https://www.die-bibel.de/ https://secure.spendenbank.de/ https://spenden.twingle.de/ https://embed.acast.com/; report-uri /typo3conf/ext/bibelportal_template/Resources/Public/Script/csp-report.php 1
default-src 'self' * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:;style-src 'self' 'unsafe-inline' *;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:;connect-src 'self' blob: *.bg.co.uk *.wgp-bgs.co.uk *.birdguides.com *.birdguides-cdn.com *.google-analytics.com *.analytics.google.com *.google.com *.g.doubleclick.net *.gstatic.com *.cmp.quantcast.com *.quantcast.com https://vimeo.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com ws://am.freshrelevance.com http://am.freshrelevance.com *.traveldesk.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com *.googlesyndication.com *.pbstck.com bid.contextweb.com hb-api.omnitagjs.com ssc.33across.com quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org audit-tcfv2.quantcast.mgr.consensu.org *.teads.tv *.skimresources.com *.trackedlink.net *.trackedweb.net https://*.unibots.in *.tagdeliver.com *.inmobi.com;base-uri 'self' 1
frame-ancestors 'self' www.grilld.force.com grilld.force.com 1
frame-ancestors 'self' https://app.kontent.ai https://*.azrielimalls.co.il https://azrielimalls.co.il https://azrieli.inmanage.com https://*.azrieli.xyz http://localhost:* http://127.0.0.1:* 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.botsfordiscord.com www.googletagmanager.com tagmanager.google.com *.jquery.com www.google.com www.google-analytics.com *.cloudflare.com carbonads.com *.carbonads.com *.carbonads.net carbonads.net *.fontawesome.com fontawesome.com dmca.com *.dmca.com *.googlesyndication.com *.google.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googletagservices.com googletagservices.com *.googlesyndication.com googlesyndication.com *.tawk.to *.jsdelivr.net dapperdiscussion.com *.gstatic.com *.doubleclick.net *.googleadservices.com googleads.g.doubleclick.net arc.io *.arc.io *.ezoic.net *.stripe.com *.ezojs.com go.ezodn.com cdn.ampproject.org *.sentry-cdn.com ajax.googleapis.com static.criteo.net cdn.tiny.cloud *.paypal.com 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://wwww.google.com https://www.google.com https://js.arcgis.com https://platform.twitter.com https://www.gstatic.com https://cdn.siftscience.com https://maps.googleapis.com https://unpkg.com https://js.stripe.com https://*.stripe.network https://*.stripe.com; style-src 'self' 'unsafe-inline' http://wigle.net https://js.arcgis.com https://fonts.googleapis.com; img-src 'self' data: https://api.wigle.net https://wigle.net https://images-na.ssl-images-amazon.com https://*.gstatic.com https://*.googleapis.com https://play.google.com *.google.com *.googleusercontent.com https://cdn.arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://*.stripe.com; connect-src 'self' https://api.wigle.net https://www.arcgis.com https://basemaps.arcgis.com https://*.arcgisonline.com https://*.arcgis.com https://js.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://*.googleapis.com https://*.gstatic.com https://*.stripe.com *.google.com https://play.google.com; font-src 'self' http://wigle.net https://fonts.gstatic.com https://js.arcgis.com; child-src 'self' *.google.com https://platform.twitter.com https://play.google.com https://*.stripe.com; form-action 'self' https://api.wigle.net https://*.stripe.com; object-src 'none'; worker-src blob:; frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; report-uri https://catylist.report-uri.com/r/d/csp/reportOnly; 1
default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 1
base-uri 'self'; default-src 'self'; script-src 'nonce-MzhhZGExODUtMDE3Yy00NjkwLTgwZDQtZTRlM2UwNzY2YTg1' 'self' https://connect.facebook.net https://gateway.zscaler.net 'sha256-o8MsT+ybfaDcjwBFA3ry6ORJMj8ZubWycesh6WKQJhU=' 'sha256-+S6pgEqdb8TFlYZOjIV5ocKPJ3kFRAXQi8TUN7+xpmQ=' https://recaptcha.net https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com/maps/api/ 'sha256-islgbgq+YlN6XMfIX8L9NlMWSOOO3qorYzkxBcxLUTI=' 'sha256-FyhF119vYBjexIV5MJoh7n99U/CGrzJZghVkL/z0TB0=' 'sha256-UcKneRapMcuCJzIVhysuxYBI1ywOAC8n1SUytvNAKXE=' 'sha256-bjutey+CqpCYK+tiaVkhk+cex4n3KsfIjMR7/kz/d/k=' 'sha256-a5L9kw5QLIWBCliPy4U99GDxrjb+wzX5Y1tonMFFNss='; style-src 'nonce-MzhhZGExODUtMDE3Yy00NjkwLTgwZDQtZTRlM2UwNzY2YTg1' 'self' https://fonts.googleapis.com https://aioapps-qa.hkbn.net 'sha256-QTTeE5LBaII+tJ6ngkLeeEoGNof3Nvqqfhh/RE1rZg4=' 'sha256-RCMj/9VQhfHisi3lTuQ2jwck71n1i0dOVzxbSJoaU6U=' 'sha256-uBwO5wj060MA3ZtGq06LqGvy2kcdrcexynL25MmhSiY='; object-src 'none'; img-src 'self' https://www.facebook.com https://www.google.com.hk https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://img.youtube.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://www.hkbnes.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://recaptcha.net https://www.youtube.com www.youtube.com; font-src 'self' https://fonts.gstatic.com; child-src https://www.youtube.com/ https://s.ytimg.com; 1
frame-ancestors 'self' dosmovies.com *.dosmovies.com translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com yahoo.com www.yahoo.com 1
default-src https://disqus.com https://*.disquscdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://c.disquscdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.disquscdn.com https://*.disqus.com https://gapl.hit.gemius.pl https://ssl.google-analytics.com https://cdnjs.cloudflare.com; img-src 'self' data: https://ssl.google-analytics.com https://cdn.viglink.com https://*.disqus.com https://juicebox.net https://stats.g.doubleclick.net; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; frame-src 'self' https://ls.hit.gemius.pl https://disqus.com https://ljsp.lwcdn.com https://*.dcs.redcdn.pl https://www.facebook.com https://www.youtube.com; frame-ancestors 'self'; connect-src 'self' https://*.google-analytics.com https://*.disqus.com; base-uri 'self'; 1
default-src 'self' *.auditboard.com *.doubleclick.net *.google.com *.googlesyndication.com *.greenhouse.io *.marketo.com *.vidyard.com *.wistia.com www.facebook.com www.youtube.com; child-src 'self' blob: *.addthis.com *.auditboard.com *.auditboard.com.pagescdn.com *.auditboardmarketing.com.pagescdn.com *.google.com *.greenhouse.io *.marketo.com *.ps-bizzabo.com *.qualified.com *.wistia.com 961-zqv-184.mktoweb.com auditboard.atlassian.net bid.g.doubleclick.net events.bizzabo.com js.driftt.com play.vidyard.com secure.livechatinc.com tpc.googlesyndication.com www.facebook.com www.googletagmanager.com www.visualize-roi.com www.youtube.com; connect-src 'self' 'unsafe-inline' https: wss://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.addthisedge.com *.cloudfront.net *.google-analytics.com *.googleapis.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com cdn.livechatinc.com optimize.google.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' data: *.eventscloud.com *.gstatic.com; img-src 'self' 'unsafe-inline' https: data: optimize.google.com www.google-analytics.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https: *.qualified.com; media-src 'self' data: blob: mediastream: *.livechatinc.com *.qualified.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net js.driftt.com; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net 1
default-src * 'self' data: *.typekit.net *.vimeo.com *.siteimproveanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.fontawesome.com *.typekit.net siteimproveanalytics.com *.wp.com https://www.googletagmanager.com https://cdn.cookielaw.org https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' http: https: https://tagmanager.google.com fonts.googleapis.com; img-src 'self' data: http: https: *.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://*.algolia.net https://*.algolianet.com https://*.algolia.io; frame-ancestors 'self' 1
script-src 'report-sample' 'nonce-EDa_nO8L426qhPRJtvCqJA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js; style-src 'self' 'unsafe-inline'; frame-src *; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js; media-src *; img-src * data: 1
form-action 'self'; frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.laendlejob.at https://*.ostjob.ch https://jobs.ch https://*.jobs.ch https://*.linkedin.com https://*.jobs.nzz.ch https://jobs.nzz.ch https://*.suedostschweizjobs.ch https://*.liechtensteinjobs.li https://*.app.profilmatcher.ch https://*.indeed.ch https://*.webspidermount.com https://brame.io/ https://live.brame-gamification.com https://app.brame-gamification.com; frame-src live.brame-gamification.com app.brame-gamification.com events.lgt-cloud.com online.flippingbook.com bc.pressmatrix.com td.doubleclick.net 'self'; script-src 'nonce-piwik' lgt.containers.piwik.pro snap.licdn.com connect.facebook.net 'self'; object-src 'none' 1
frame-ancestors *.istanbuleczaciodasi.org.tr 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net 'nonce-f1676935f9304b97d59b0738289d2e22' https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googletagmanager.com http://connect.facebook.net https://connect.facebook.net https://graph.facebook.com; style-src  'self' 'unsafe-inline'; img-src 'self' data: www.googletagmanager.com  https://www.google-analytics.com/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ru https://www.google-analytics.com www.googletagmanager.com https://www.facebook.com; frame-src http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com; child-src http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com http://www.youtube.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com; media-src *.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com/x/oauth/status https://graph.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cc.cdn.civiccomputing.com https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com https://ssl.p.jwpcdn.com https://s7.addthis.com ; frame-src https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://apikeys.civiccomputing.com https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io https://analytics.rubensteintech.com https://clapi.civiccomputing.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com https://ssl.p.jwpcdn.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net https://ssl.p.jwpcdn.com data: ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co https://analytics.twitter.com data:; form-action 'self' https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-Yy6AWsySE7rC9CD93gEk4oQXDZj8an7wDSBVfZFJ1o4/GA/P' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://pypd.paypal-mktg.com; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://www.youtube-nocookie.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
fonts.googleapis.com fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.feathr.co *.adroll.com *.hscollectedforms.net https://csi.gstatic.com https://www.google-analytics.com *.hubspot.com *.doubleclick.net https://cdn.linkedin.oribi.io *.googlesyndication.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.doubleclick.net https://snap.licdn.com https://partner.googleadservices.com https://fb.me https://www.googletagmanager.com *.googlesyndication.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/knockout/3.5.0/knockout-min.js https://polyfill.io/v3/polyfill.min.js *.adroll.com https://connect.facebook.net *.feathr.co https://js.hs-scripts.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com *.hubspot.com https://js.hscollectedforms.net; img-src 'self' data: *.googletagmanager.com *.doubleclick.net https://x.bidswitch.net https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://ups.analytics.yahoo.com https://sync.outbrain.com https://ib.adnxs.com https://eb2.3lift.com https://sync.taboola.com https://image2.pubmatic.com https://www.linkedin.com https://www.facebook.com https://www.google.com *.feathr.co *.adroll.com https://www.google-analytics.com https://match.adsrvr.org https://track.hubspot.com *.hsforms.com *.googlesyndication.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d1azc1qln24ryf.cloudfront.net https://cdn.icomoon.io ; font-src 'self' 'unsafe-inline'  data: https://fonts.gstatic.com https://cdn.icomoon.io; frame-src 'self'  *.vimeo.com/ https://www.google.com *.youtube.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net *.googlesyndication.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6t1efq5iqu9jo&partner=; 1
default-src 'self' https:; font-src 'self' https://cdnjs.cloudflare.com https://site-assets.fontawesome.com https://maxcdn.bootstrapcdn.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://monecole.fr https://motoufo.fr; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-bXVoSDVYT3NWdnpYNldrL0JmOThxSUpBUytIekFUZFZTUEk3NzVHbm1tRT06OEpJbTFDSEticzJra3djSVlhZ09nK2dIWU5HMVozSmpPOEJZaUxydjcxWT0=';script-src-elem 'strict-dynamic' 'nonce-bXVoSDVYT3NWdnpYNldrL0JmOThxSUpBUytIekFUZFZTUEk3NzVHbm1tRT06OEpJbTFDSEticzJra3djSVlhZ09nK2dIWU5HMVozSmpPOEJZaUxydjcxWT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-ancestors 'self' theline.idemia.com; 1
default-src 'self' data:     *     blob:     data:     ;  img-src 'self' data:     *     blob:     data:     ;  frame-src 'self'     *     ;  style-src 'self' 'unsafe-inline'     *     blob:     data:     ;  style-src-elem 'self' 'unsafe-inline'     *     blob:     data:     ;  font-src 'self' data:     *     blob:     data:     ;   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  connect-src     *     blob:     data:     ; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-inline' https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://player.vimeo.com; object-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.yahoo.com *.optimizely.com *.hotjar.com *.snapchat.com google.com *.google.com *.google.com.ar *.google.co.in *.google-analytics.com google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.zendesk.com *.yext.com *.hotjar.io everestjs.net *.everestjs.net jsdelivr.net *.jsdelivr.net *.adobedtm.com *.amplitude.com *.kmtx.io *.zdassets.com *.youtube.com *.facebook.com *.simonsignal.com *.tiktok.com *.bing.com *.quantserve.com *.quantcount.com *.fbot.me *.useinsider.com *.doubleclick.net *.facebook.net *.micpn.com *.yimg.com *.cloudfront.net *.rakuten.com *.criteo.net *.criteo.com *.clarity.ms *.linksynergy.com *.gstatic.com gstatic.com *.mountain.com fontawesome.com *.fontawesome.com blinkfitness.com *.blinkfitness.com *.demdex.net *.getletterpress.com *.agkn.com *.sentry.io *.everesttech.net *.bidr.io *.casalemedia.com *.emxdgt.com *.crwdcntrl.net *.3lift.com *.sharethrough.com *.rlcdn.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.mediavine.com *.outbrain.com *.pubmatic.com *.revcontent.com *.smaato.net *.yieldmo.com *.tremorhub.com *.bluekai.com pippio.com *.pippio.com *.openx.net *.adsrvr.org *.clmbtech.com *.adgrx.com *.infolinks.com *.krxd.net 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' https: https: 'strict-dynamic' 'nonce-7vmAnc/k5FIA3UKpMi4ufg=='; default-src 'self' 'unsafe-inline' 'unsafe-eval' viewlicense.adobe.io *.adobe.io *.adobe.com *.youtube-nocookie.com *.linkedin.oribi.io *.googlesyndication.com *.googletagmanager.com *.adroll.com *.addthis.com id.rlcdn.com *.clickagy.com *.hubspotusercontent-na1.net api.ipstack.com googleads.g.doubleclick.net *.googleadservices.com *.linkedin.com public-rest40.bullhornstaffing.com *.softtek.com *.hubapi.com *.hubspotvideo.com web.powerva.microsoft.com *.gstatic.com *.ytimg.com *.vidyard.com softtek.webex.com cdn.jsdelivr.net f.hubspotusercontent30.net *.hubspot.com www.softtek.co api.html5media.info perf-.hsforms.com perf.hsforms.com js.hsforms.net js.hs-scripts.com snap.licdn.com *.google-analytics.com s.adroll.com js.hs-analytics.net js.usemessages.com js.hs-banner.com js.hsadspixel.net no-cache.hubspot.com js.hsleadflows.net p.adsymptotic.com cdn2.hubspot.net forms.hubspot.com api.hubapi.com cta-service-cms2.hubspot.com f.hubspotusercontent20.net track.hubspot.com www.googletagmanager.com app.jobcast.net cp.hubspot.com code.jquery.com unpkg.com cdnjs.cloudflare.com *.softtek.com app.hubspot.com px.ads.linkedin.com cdn2.hubspot.net play.vidyard.com static.hsappstatic.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com d.adroll.com documentcloud.adobe.com connect.facebook.net js.hscta.net no-cache.hubspot.com dsum-sec.casalemedia.com pixel.rubiconproject.com pixel.advertising.com sync.outbrain.com simage2.pubmatic.com eb2.3lift.com sync.taboola.com ads.yahoo.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net www.facebook.com viewlicense.adobe.io sync.ipredictive.com sync.ipredictive.com ups.analytics.yahoo.com sync.tidaltv.com img.webmd.com ds.reson8.com cdn.vidyard.com seg.sharethis.com mpp.vindicosuite.com global.ib-ibi.com b1img.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co su.addthis.com aorta.clickagy.com www.linkedin.com cm.g.doubleclick.net *.doubleclick.net pippio.com *.youtube.com maxcdn.bootstrapcdn.com rc.rlcdn.com *.googleapis.com segments.company-target.com image.flaticon.com preview.hs-sites.com testnjjhb.com *.google.com *.click2sync.com www.yotube-nocookie.com e.infogram.com subscription.omnithrottle.com player.vimeo.com www2.jobdiva.com image.flaticon.com reprints2.forrester.com *.pubmatic.com *.reson8.com *.office365.com *.crazyegg.com *.zoominfo.com *.google.com.mx js.zi-scripts.com; worker-src blob:; base-uri 'none'; object-src 'none'; ; upgrade-insecure-requests; 1
frame-src https://www.google.com https://tpc.googlesyndication.com https://tbs.tradedoubler.com https://consentcdn.cookiebot.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com/ https://pal.adyen.com/ https://pal-live.adyen.com/ https://3ds-a.live.ext.prod.enfuce.com/ *.thehotelsnetwork.com https://app.waiteraid.com https://tr-shadow.snapchat.com https://ct.pinterest.com https://tr.snapchat.com https://td.doubleclick.net https://player.vimeo.com/ 'self' https://www.googletagmanager.com *.google.com; font-src https://use.typekit.net data: https://cdn.proposales.com *.thehotelsnetwork.com 'nonce-3f8384e0-f0bf-4d47-9b36-7a908307f586' 'self' https://fonts.gstatic.com; script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hcaptcha.com https://region1.google-analytics.com https://consent.cookiebot.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js https://js.monitor.azure.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com *.thehotelsnetwork.com https://www.bokabord.se/widget.min.js https://connect.facebook.net https://snap.licdn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://static.proposales.com/embed.js https://bat.bing.com/p/action/56342803.js https://bat.bing.com/bat.js https://s.pinimg.com/ct/lib/main.b4887131.js https://s.pinimg.com/ct/core.js https://analytics.tiktok.com https://sc-static.net/scevent.min.js 'self' https://*.googletagmanager.com https://www.googletagmanager.com https://*.googleapis.com https: https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com 'unsafe-eval' blob:; style-src https://use.typekit.net https://p.typekit.net https://consent.cookiebot.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://inbox.proposales.com *.thehotelsnetwork.com https://www.bokabord.se/static/css/modal.css https://bat.bing.com/bat.js 'self' https://*.googletagmanager.com 'unsafe-inline' https://fonts.googleapis.com; img-src https://www.facebook.com/privacy_sandbox/pixel/ 'self' data: https://bookings.elite.se https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.com/ads/ https://www.google.se/ads/ https://www.google.no/ads/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com https://imgstatic.eu https://linkcenterus.derbysoftca.com https://imgsct.cookiebot.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://cdf6519016.cdn.adyen.com/ *.thehotelsnetwork.com https://bat.bing.com https://ct.pinterest.com https://www.pinterest.com https://px.ads.linkedin.com https://tr.snapchat.com https://www.linkedin.com/px https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://pxl.upsales.com/ https://*.googletagmanager.com https://*.google-analytics.com; connect-src https://tr6.snapchat.com/p https://bat.bing.com http://localhost:* https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://adservice.google.com/pagead/ https://maps.googleapis.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com ws://rrpmn45g-9378.euw.devtunnels.ms:* ws://nd292235-9378.euw.devtunnels.ms:* ws://41jmgw9r-9378.euw.devtunnels.ms:* https://secure.proposales.com *.thehotelsnetwork.com https://app.waiteraid.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://tr-shadow.snapchat.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://vimeo.com/api/ 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; base-uri 'self'; default-src 'self'; 1
frame-ancestors 'self' https://www.educastream.com https://enseignement-a-distance.educastream.com https://educastream.dev https://po-george.educastream.dev http://test-prepmyfuture.herokuapp.com/ https://*.1to1progress.com https://1to1.educastream.com/ https://lms.educastream.com https://*.7speaking.com lms-1to1.educastream.com https://*.educastream.com 1
frame-ancestors *.villarecruit.com *.pya.org *.crewunlimited.com; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors *; form-action *;media-src *; default-src 'self' www.optimizecdn.com; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; frame-src *; connect-src *; 1
default-src 'self' eventseeker.com data: instagram.com *.braintreegateway.com *.wcities.com http: *.fbcdn.net data: *.scdn.co *.fbsbx.com *.chromestatus.com *.youtube.com *.google.co.in *.doubleclick.net *.google-analytics.com *.ytimg.com *.twimg.com fareharbor.com *.eventseeker.com *.bbb.org *.hereapi.com *.googleapis.com *.here.com *.pinterest.com  *.cloudfront.net *.rackcdn.com  *.twitter.com  *.facebook.net *.facebook.com *.gstatic.com *.googleusercontent.com *.google.com blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
default-src 'self' *.tecob.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'self' https://pagesense.zoho.eu 1
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob:; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://altibbi.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.google.com google-analytics.com *.google-analytics.com *.gstatic.com platform-api.sharethis.com *.sharethis.com tcr-manager.net cdnjs.cloudflare.com cdn.jsdelivr.net *.cloudfront.net *.fontawesome.com unpkg.com *.emolytics.com; 1
frame-ancestors 'self' http://172.28.109.174/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
frame-ancestors '*' 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Nx36cbrJwP48JQ' 'unsafe-hashes' 'sha256-xPFQMZneoRxFljeMIHQ4vPKPyDPgoABR+GFcO5aEhCg=' 'sha256-vJtl2RfhRVeaVjHri3h9zh+irblwCgC8O+2KO5SwjUE=' 'sha256-0YvrqKbbMt2EskJYz2VCrMp2hLAw5SnvKXcZiZNADEs=' 'sha256-ZzU+qOmZERkwCUIxTe7nDzk1ThNaLGel+/J1iWx+nSU=' 'sha256-7PR+0/+ZmUwb4JADPqIYhsBV5VPhfdB2IYp2W4Nc8Xo='  https://sofire.baidu.com https://affim.baidu.com https://safe.cdn.bcebos.com https://sofire.bdstatic.com https://aifanfan.baidu.com https://dmpstatic.cdn.bcebos.com https://aiff.cdn.bcebos.com https://goutong.baidu.com https://hm.baidu.com https://aff-im.cdn.bcebos.com *.azureedge.net *.calltrk.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js tagmanager.google.com *.bdimg.com *.bookeo.com applus.media data cdn.usefathom.com  code.jquery.com  docs.google.com https://v.qq.com m.youtube.com *.baidu.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://aff-im.cdn.bcebos.com https://aff-im.bj.bcebos.com https://tracker.metricool.com *.ytimg.com www.google.es *.svc.dynamics.com https://tracker.metricool.com *.ytimg.com *.youtube.com  www.google-analytics.com secure.papelaweb.com aidback.applus.solutions www.applus.com https://api.map.baidu.com  *.bdimg.com *.baidu.com  *.googleusercontent.com cdn.usefathom.com code.jquery.com  maps.gstatic.com *.googleapis.com *.ggpht.com https://v.qq.com  ssl.gstatic.com www.gstatic.com https://www.googletagmanager.com stats.g.doubleclick.net adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' https://portal.r2docuo.com/ https://*.bookeo.com https://applus.media/ *.svc.dynamics.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com  player.vimeo.com  *.youtube.com  www.youtube-nocookie.com  docs.google.com https://v.qq.com accounts.google.com; child-src 'self' *.doubleclick.net www.youtube.com docs.google.com  https://v.qq.com *.bookeo.com; style-src 'unsafe-inline' 'self' https://aff-im.cdn.bcebos.com code.jquery.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data:  fonts.gstatic.com; manifest-src 'self'; frame-ancestors 'self' https://docs.google.com; connect-src 'self' https://aifanfan.baidu.com https://sofire.baidu.com https://sfp.safe.baidu.com https://fclog.baidu.com https://hm.baidu.com *.svc.dynamics.com https://www.google-analytics.com https://apps-cal.applus.com https://region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com httpbin.org maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net aidback-test.applus.solutions aidback.applus.solutions aid-public.applus.solutions apps.applus.com apps.applus.solutions api.ipify.org applus-test.applus.solutions analytics.google.com adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.baidu.com; form-action 'self' https://apps.applus.com; report-to default; 1
frame-ancestors 'self' http://www.gierkionline.pl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.doubleclick.net *.gstatic.com *.googlesyndication.com *.ampproject.org *.googletagmanager.com *.aspnetcdn.com *.visualstudio.com *.googletagservices.com *.bperx.com *.cloudflare.com *.google-analytics.com *.pagespeed-mod.com *.rokt.com cdn.pubtailer.com openfpcdn.io; 1
default-src 'self' *.dashhudson.com 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://staticfiles.digitalchargingsolutions.com https://*.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
block-all-mixed-content;frame-ancestors *.gmx.net gmx.net adimg.uimserv.net advideo.uimserv.net www.united-internet-media.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com cdn.linkedin.oribi.io *.analytics.google.com cdnjs.cloudflare.com ajax.aspnetcdn.com *.aspnetcdn.com www.google.com www.gstatic.com cdn.jsdelivr.net tile.openstreetmap.org www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com connect.facebook.net stats.g.doubleclick.net googleads.g.doubleclick.net static.hotjar.com script.hotjar.com cdn.botframework.com chatbotapitoken.azurewebsites.net snap.licdn.com analytics.google.com directline.botframework.com wss://directline.botframework.com https://static.ads-twitter.com/uwt.js; img-src 'self' blob: https://t.co/i/adsct https://analytics.twitter.com/ https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/ http://tile.openstreetmap.org https://www.google.com https://www.google.es https://www.facebook.com https://www.google-analytics.com https://www.applusiteuve.com; frame-src 'self' https://my.matterport.com/ 1
default-src 'self' 'unsafe-inline';  img-src 'self' data:;object-src 'none'; frame-ancestors 'none'; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.printplace.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
frame-ancestors 'self' https://app.amplience.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aacomcrm.azurewebsites.net *.googleapis.com *.gstatic.com unpkg.com *.google.com *.googletagmanager.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.fontawesome.com use.fontawesome.com *.jquery.com www.brainshark.com www.juicer.io *.aacom.org https://aacom.zoom.us https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io *.equalweb.com; style-src 'self' 'unsafe-inline' https://aacomcrm.azurewebsites.net https://assets.juicer.io *.googleapis.com *.gstatic.com unpkg.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com *.fontawesome.com use.fontawesome.com www.juicer.io *.aacom.org https://aacom.zoom.us *.equalweb.com; font-src 'self' static.juicer.io fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data:; img-src 'self' *.aacom.org https://aacom.azurewebsites.net *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com placeimg.com https://picsum.photos/ *.picsum.photos www.brainshark.com www.juicer.io vimeo.com *.locker2.com; media-src 'self' data: blob: https://www.youtube.com https://aacom.zoom.us https://vimeo.com/ https://player.vimeo.com https://www.brainshark.com/; form-action 'self' https://www.votervoice.net; frame-src 'self' https://www.votervoice.net https://www.youtube.com https://www.google.com https://matchbook.aacom.org https://assets.juicer.io https://vimeo.com https://player.vimeo.com https://www.juicer.io https://www.brainshark.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ www.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com www.juicer.io *.aacom.org https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io; connect-src 'self' data: https://aacomcrm.azurewebsites.net https://altaiqaservices.azurewebsites.net *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io https://research.aacom.org/ https://www.juicer.io/ *.equalweb.com; plugin-types 'self' https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io; 1
defaul-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.woff2 https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.woff https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.ttf https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.woff2 https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.woff https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.ttf data:; media-src * blob:; 1
default-src 'none'; media-src 'self' videos.ctfassets.net; connect-src 'self' api-eindhoven-airport.ipcontrol.nl airtrotterapi.com tradetracker.net convertexperiments.com *.convertexperiments.com sba282.web-05.sba.nl sba282-p296.acc-01.sba.nl facebook.com *.facebook.com *.hotjar.io *.hotjar.com bing.com *.bing.com *.clarity.ms region1.google-analytics.com *.google-analytics.com *.googleadservices.com *.google.com *.google.nl 9289143.fls.doubleclick.net googleads.g.doubleclick.net consentcdn.cookiebot.com *.googlesyndication.com stats.g.doubleclick.net images.ctfassets.net gtm-k3k344d-yji0n.uc.r.appspot.com gtm-n3vqxqm-ywu1z.uc.r.appspot.com wss://*.hotjar.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com *.google.com *.google.nl *.hotjar.com; img-src 'self' https://imgsct.cookiebot.com/ https://ad.doubleclick.net *.hotjar.com googleads.g.doubleclick.net convertexperiments.com *.convertexperiments.com *.unsplash.com *.clarity.ms *.ctfassets.net i.ytimg.com data: *.gravatar.com storage.googleapis.com consentcdn.cookiebot.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.nl *.googlesyndication.com bat.bing.com *.facebook.com *.bing.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' tradetracker.net *.hotjar.com gstatic.com *.googletagmanager.com *.google.com *.google.nl gstatic.com consent.cookiebot.com *.google-analytics.com *.googleadservices.com 9289143.fls.doubleclick.net googleads.g.doubleclick.net consentcdn.cookiebot.com bat.bing.com connect.facebook.net clarity.ms *.facebook.com *.clarity.ms https://www.gstatic.com stats.g.doubleclick.net convertexperiments.com *.convertexperiments.com; style-src data: 'self' 'unsafe-inline' *.hotjar.com fonts.googleapis.com tradetracker.net *.google.com *.google.nl convertexperiments.com *.convertexperiments.com ; frame-src 'self' *.hotjar.com https://td.doubleclick.net *.youtube-nocookie.com *.google.com tradetracker.net *.google.nl consent.cookiebot.com *.google-analytics.com 9289143.fls.doubleclick.net *.google.com *.google.nl consentcdn.cookiebot.com; 1
default-src 'none'; script-src 'self' https://matomo.museum-digital.de; img-src 'self' data: https://matomo.museum-digital.de https://matomo.museum-digital.org https://*.museum-digital.org https://*.museum-digital.de; style-src 'self'; font-src 'self'; frame-src 'none'; object-src 'none'; base-uri 'none'; form-action 'self' https://nat.museum-digital.de; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' https://matomo.museum-digital.de; 1
default-src 'self'; connect-src 'self' https://api.ngmc.co https://sentry.nethergames.org; style-src 'self' 'unsafe-inline' 1
script-src 'unsafe-eval' blob: 'self' *.traditio.wiki ⧼embed-csp⧽ *.⧼embed-csp⧽ 'unsafe-inline'; default-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.traditio.wiki ⧼embed-csp⧽ *.⧼embed-csp⧽; style-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.traditio.wiki ⧼embed-csp⧽ *.⧼embed-csp⧽ 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json 1
script-src blob: 'self' 'unsafe-inline' 'unsafe-eval'  *  https: data data: safari-extension:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * https: data: gsa: *.factorydirectcraft.com *; style-src 'self' 'unsafe-inline' *; frame-ancestors https://*.facebook.com 'self' 1
default-src 'self' ;script-src 'self' 'unsafe-inline' dbpmfedev.blob.core.windows.net dbpmfeqa.blob.core.windows.net dbpmfestg.blob.core.windows.net dbpmfeprd.blob.core.windows.net ;frame-ancestors 'none';font-src 'self' data: https://fonts.gstatic.com https://netdna.bootstrapcdn.com dbpmfedev.blob.core.windows.net dbpmfeqa.blob.core.windows.net dbpmfestg.blob.core.windows.net dbpmfeprd.blob.core.windows.net ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com dbpmfedev.blob.core.windows.net dbpmfeqa.blob.core.windows.net dbpmfestg.blob.core.windows.net dbpmfeprd.blob.core.windows.net; object-src 'self';media-src 'self' blob: dbpmfedev.blob.core.windows.net dbpmfeqa.blob.core.windows.net dbpmfestg.blob.core.windows.net dbpmfeprd.blob.core.windows.net ;form-action 'self'; connect-src 'unsafe-inline' 'self'  *.in.applicationinsights.azure.com; img-src 'self' 'unsafe-inline' data: 1
default-src 'self' feed.pghub.io pandg.tapad.com ; child-src blob: feed.pghub.io pandg.tapad.com ; media-src * 'self' data: https: blob: ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.onetrust.com ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: https: ; frame-src * ; 1
font-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://fonts.gstatic.com https://*.hotjar.com https://*.tiktok.com https: data:;img-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://googleads.g.doubleclick.net https://www.facebook.com *.google.com *.google.com.br *.googleusercontent.com https://*.hotjar.com https://*.tiktok.com https://px.ads.linkedin.com https://forms.hsforms.com/ https://track.hubspot.com/ https://*.handtalk.me data: blob:;script-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.hotjar.com https://*.tiktok.com https://*.navdmp.com/ https://connect.facebook.net https://plugin.handtalk.me https://snap.licdn.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net blob:;connect-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://*.digital-segurosunimed.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.tiktok.com https://cdn.linkedin.oribi.io https://*.segurosunimed.tokenlab.dev https://dev-seguros-unimed-geral.firebaseio.com https://prd-seguros-unimed-geral.firebaseio.com/ https://api.hubapi.com/ https://forms.hscollectedforms.net/ https://*.handtalk.me https://js.hs-banner.com https://pagead2.googlesyndication.com data: blob:;frame-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br *.google.com *.youtube.com https://*.hotjar.com https://*.tiktok.com https://www.facebook.com https://*.handtalk.me https://*.hsforms.com https://*.spotify.com https://*.googletagmanager.com https://td.doubleclick.net https://rtorquato.github.io;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://*.tiktok.com https:;worker-src blob:;form-action 'self' https://www.facebook.com;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.bidassist.com 1
style-src-elem 'unsafe-inline' data: *.brooksengland.com *.getfirebug.com *.bootstrapcdn.com *.googleapis.com *.omappapi.com *.livestory.io *.gstatic.com *.iubenda.com *.cloudfront.net web-sdk.aptrinsic.com; script-src-elem 'self' data: 'unsafe-inline' data: *.brooksengland.com *.googlesyndication.com *.google.com *.google.it *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.paypal.com *.ytimg.com *.vimeo.com vimeo.com *.authorize.net *.braintreegateway.com *.signifyd.com *.iubenda.com *.facebook.net *.youtube.com www.paypalobjects.com *.hotjar.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.omappapi.com *.adyen.com *.adyenpayments.com *.nagich.com *.livestory.io *.evgnet.com chimpstatic.com *.cloudfront.net *.adobedtm.com *.clarity.ms *.aptrinsic.com *.bing.com; font-src *.gstatic.com 'unsafe-inline' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com fonts.gstatic.com *.cloudfront.net yastatic.net *.yastatic.net *.slant.co *.merci-app.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net https://brooksengland.us1.list-manage.com *.sia.eu 3ds.sia.eu *.verifiedbyvisa.com *.adyenpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googletagmanager.com *.authorize.net *.iubenda.com *.hotjar.com *.adyenpayments.com *.acs.sia.eu 3ds.sia.eu *.asseco-see.hr *.3ds-secure.cardcomplete.com *.ecclients.btrl.ro *.bofp.erstebank.hu www.clicksafe.lloydstsb.com *.pay.activa-card.com *.wirecard.com *.acssv.otpbank.hu *.idcheck.acs.touchtechpayments.com *.sicher-bezahlen.sparkasse.at *.bred.wlp-acs.com *.bnpp-3ds.wlp-acs.com *.vimeo.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.nexi.it *.nagich.com *.mercurypaymentservices.it *.arcot.com *.capitalone.com *.monzo.com *.americanexpress.com *.revolut.com *.ocbc.com *.bankserv.co.za *.viseca.ch *.swisscard.ch *.dkb.de *.cic.fr *.citibank.com *.nbg.gr *.swedbank.se *.nexigroup.com *.creditmutuel.fr *.sparkassen-kreditkarten.de *.citibank.pl *.monext.fr *.six-group.com *.wlp-acs.com *.rsa3dsauth.com *.rsa3dsauth.co.uk 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu pay.activa-card.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at secure5.arcot.com securesuite.net *.securesuite.net securesuite.co.uk *.securesuite.co.uk mc-id-check.firstdata.de *.apata.io 3ds.redsys.es online.citadele.lv 3dsec.cardcenter.ch 3dsecure.mbank.pl 3ds.sebkort.com 3dsecure-vrp.de *.3dsecure.no *.edb.com visa2.acs.cmbchina.com acs.stripeauthentications.com dig3ds.cafis-paynet.jp *.danskebank.com *.acs3d.fisc.com.tw *.ing.ro *.n26.com *.rabobank.nl *.op.fi *.bunq.com *.bgpb.by *.mitid.dk *.dnp-cdms.jp *.live.ext.prod.enfuce.com *.3ds.modirum.com *.klikbca.com *.pluscard.de *.modirum.com acs.sibs.pt *.mycardsecure.com *.enfuce.com *.cornercard.ch *.airplus.com *.luottokunta.fi *.rpc-raiffeisen.com emvacs.bkm.com.tr pkobp.pl 3debspay.boc.cn *.secure.lcl.fr *.acdcproc.com esecure.sia.eu *.hyundaicard.com visa-secure-bxl.ing.de acs.3ds-hanseaticbank.de channel-cards-html.lloydsbankinggroup.com securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.brooksengland.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.magentocommerce.com *.pinterest.com *.ytimg.com connect.facebook.net *.google.it *.placeholder.com *.adyenpayments.com *.ebizmarts-website.s3.amazonaws.com *.amcglobal.sc.omtrdc.net *.omappapi.com *.iubenda.com *.google.be *.google.bt *.livestory.io *.google.ad *.google.al *.google.am *.google.az *.google.bs *.google.kg *.google.fr *.google.ch *.google.es *.google.pt *.google.se *.google.sk *.google.dk *.google.fi *.google.de *.google.no *.google.pl *.google.ca *.google.nl *.google.ru *.google.cz *.google.li *.google.lu *.google.at *.google.rs *.google.hu *.google.gr *.google.cn *.google.ae *.google.lt *.google.ie *.google.ro *.google.si *.google.hr *.google.co.uk *.google.co.jp *.google.com.tw *.nagich.com *.cloudfront.net click.s51.exacttarget.com *.clarity.ms *.aptrinsic.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' data: *.brooksengland.com *.google.it *.googleadservices.com *.googleapis.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com vimeo.com *.authorize.net *.braintreegateway.com *.signifyd.com *.iubenda.com *.hotjar.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.omappapi.com *.adyenpayments.com aacdn.nagich.com *.livestory.io *.evgnet.com *.chimpstatic.com chimpstatic.com *.cloudfront.net *.clarity.ms *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'unsafe-inline' data: *.brooksengland.com *.getfirebug.com *.bootstrapcdn.com *.omappapi.com *.livestory.io *.iubenda.com *.cloudfront.net access.nagich.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: *.getfirebug.com *.livestory.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.brooksengland.com *.google.at *.google.be *.google.bg *.google.ca *.google.ch *.google.cz *.google.de *.google.dk *.google.ee *.google.fr *.google.fi *.google.gr *.google.hu *.google.kg *.google.ie *.google.it *.google.lt *.google.lv *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.co.uk *.google.co.jp *.google.com.jp *.google.com.tw *.googleadservices.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.iubenda.com *.hotjar.com in.hotjar.com api.omappapi.com *.dpm.demdex.net *.doubleclick.net *.adyenpayments.com *.amcglobal.sc.omtrdc.net aacdn.nagich.com access.nagich.com *.hotjar.io *.livestory.io *.withgoogle.com *.nagich.com *.cloudfront.net *.clarity.ms *.aptrinsic.com *.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.brooksengland.com/en_eu/webformat_csptools/report/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://layer8.space; img-src 'self' https: data: blob: https://layer8.space; style-src 'self' https://layer8.space 'nonce-XOnuq9jXhX7cuA2CZxvtCA=='; media-src 'self' https: data: https://layer8.space; frame-src 'self' https:; manifest-src 'self' https://layer8.space; form-action 'self'; child-src 'self' blob: https://layer8.space; worker-src 'self' blob: https://layer8.space; connect-src 'self' data: blob: https://layer8.space https://files.layer8.space wss://layer8.space; script-src 'self' https://layer8.space 'wasm-unsafe-eval' 1
default-src 'self'; connect-src https: wss: data:; font-src https: data:; frame-src https: mailto:; img-src blob: https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'self' https://web.telegram.org 1
default-src 'self' https://api2.fonts.com; script-src 'self' 'unsafe-inline' https://boards.greenhouse.io; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; img-src 'self' https://www.greatplacetowork.ca; font-src 'self' https://api2.fonts.com https://fonts.gstatic.com; frame-src 'self' https://boards.greenhouse.io/; worker-src 'self'; frame-ancestors 'self' 1
default-src https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de/; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.lamapoll.de https://*.eduversum.de https://*.activehosted.com https://h5p.org https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.googletagmanager.com https://*.vidis.schule; style-src 'self' data: 'unsafe-inline' https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://fast.fonts.net https://fonts.googleapis.com; img-src 'self' data: https://*.lehrer-online.de/ https://*.handwerk-macht-schule.de https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com w3.org/svg/2000 https://h5p.org https://secure.gravatar.com https://*.vidis.schule; font-src 'self' data: https://fonts.gstatic.com https://fast.fonts.net https://*.vidis.schule; connect-src 'self' data: blob: https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.eduversum.de https://h5p.org https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com; media-src 'self' https://*.lehrer-online.de/ https://*.edupool.cloud/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; object-src 'self' data: https://*.lehrer-online.de/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; prefetch-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; child-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://*.eduversum.de https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; frame-src 'self' https://*.lehrer-online.de/ https://*.stripe.com https://*.paypalobjects.com https://*.paypal.com https://h5p.org https://*.h5p.org https://*.edupool.cloud https://*.lamapoll.de https://*.eduversum.de https://*.canva.com https://*.mastertool-online.com https://*.vimeo.com https://*.h5p.com https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com https://*.google.com https://*.zdf.de; worker-src 'self' blob: https://*.lehrer-online.de/ https://*.adspirit.de https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; frame-ancestors 'self' https://*.lehrer-online.de/; form-action 'self' https://*.lehrer-online.de/ https://*.adspirit.de https://*.paypalobjects.com https://*.paypal.com https://*.googleapis.com https://*.youtube-nocookie.com https://*.cloudfront.net https://*.jwplayer.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' wss: https: data: 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://ssl.google-analytics.com/urchin.js https://embed.tawk.to https://dc.services.visualstudio.com ;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;media-src 'self';font-src 'self' data:;form-action 'self' *.cybersource.com;frame-ancestors 'self';frame-src 'self' www.google.com/recaptcha/;block-all-mixed-content 1
frame-ancestors 'self' https://app.cloudcannon.com https://dev-app.cloudcannon.com https://staging-app.cloudcannon.io; 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' api.bufferapp.com graph.facebook.com api.facebook.com widgets.pinterest.com www.reddit.com reddit.com *.entertainment.com *.visualwebsiteoptimizer.com *.google-analytics.com crtl.aimatch.com load.sumome.com *.sumo.com maxcdn.bootstrapcdn.com ajax.googleapis.com sumo.com sumo.b-cdn.net www.googleadservices.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com sumo.b-cdn.net fonts.googleapis.com; img-src 'self' cdn.shopify.com data: *.entertainment.com *.google.com *.doubleclick.net *.visualwebsiteoptimizer.com *.google-analytics.com *.sumo.com sumo.com content.aimatch.com www.googletagmanager.com; connect-src 'self' *.doubleclick.net www.google-analytics.com clients6.google.com sumo.com *.sumo.com; frame-ancestors 'none'; frame-src www.google.com *.doubleclick.net; media-src 'self' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: alfiekohn.org 1
default-src 'self' https://*.wogaa.sg https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ staticxx.facebook.com *.youtube.com cse.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.wogaa.sg *.googletagmanager.com https://*.dcube.cloud https://assets.adobedtm.com/ static.doubleclick.net *.google-analytics.com connect.facebook.net apis.google.com www.youtube.com s.ytimg.com *.google.com;img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ i.ytimg.com yt3.ggpht.com www.google-analytics.com  ssl.google-analytics.com *.google.com *.gstatic.com www.googleapis.com;connect-src 'self' https://*.wogaa.sg https://*.dcube.cloud https://dpm.demdex.net googleads.g.doubleclick.net www.google-analytics.com;style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/ https://assets.dcube.cloud/fonts/ fonts.gstatic.com fonts.googleapis.com *.google.com;font-src 'self' data: https://assets.wogaa.sg/fonts/ https://assets.dcube.cloud/fonts/ fonts.gstatic.com fonts.googleapis.com *.google.com;media-src 'self' *.googlevideo.com; 1
default-src 'self' www.googletagmanager.com *.google-analytics.com static.dvinci-easy.com player.vimeo.com jobs.phoenixgroup.eu; form-action 'self'; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com static.dvinci-easy.com; img-src 'self' data: *.cookiebot.com *.vimeocdn.com https://raw.githubusercontent.com/gmaps-marker-clusterer/gmaps-marker-clusterer/master/images/m1.png googleapis.com *.gstatic.com translate.google.com www.googletagmanager.com *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com hcaptcha.com *.cookiebot.com static.dvinci-easy.com *.google-analytics.com googleapis.com www.googletagmanager.com *.googleapis.com; style-src 'self' 'unsafe-inline' googleapis.com *.googleapis.com static.dvinci-easy.com; manifest-src 'self'; connect-src 'self' googleapis.com *.googleapis.com *.hcaptcha.com *.cookiebot.com *.google-analytics.com static.dvinci-easy.com jobs.phoenixgroup.eu; frame-src 'self' *.hcaptcha.com blomann-design.1kcloud.com www.googletagmanager.com player.vimeo.com *.cookiebot.com 1
default-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com; script-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' *.google-analytics.com platform.twitter.com cdn.syndication.twimg.com mcmurrayhatchery.refersion.com; style-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com; font-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com fonts.gstatic.com fonts.googleapis.com; img-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com blob: data: *.google-analytics.com *.gstatic.com *.googletagmanager.com *.twitter.com *.twimg.com *.cloudfront.net scontent.cdninstagram.com www.paypal.com; frame-ancestors 'none'; 1
frame-ancestors 'self' https://empresas.bbvanetcash.pe https://empresas.bbva.pe; 1
frame-ancestors 'self' https://insights.hotjar.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.helena.care; img-src blob: 'self' data: *.helena.care; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; frame-src *.vimeo.com blob: 'self'; connect-src 'self' blob: wss: ws: *.helena.care *.opentok.com *.tokbox.com *.hereapi.com; object-src 'self' blob: 1
base-uri 'self';default-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ;script-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' 'unsafe-eval' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com https://pendo-io-static.storage.googleapis.com;style-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' https://cdn.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;img-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  data: 'unsafe-inline' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;connect-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;frame-ancestors 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ; 1
default-src http: https:; script-src 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https: blob:; img-src * data:; font-src http: https: data: blob:; frame-ancestors 'self' https://*.goccl.co.uk https://*.uatcarnival.com https://*.syscarnival.com https://*.syscarnival.co.uk https://*.uatcarnival.com https://*.goccl.com https://*.goccl.co.uk https://*.goccl.com.au https://*.carnivalcloud.net 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NGE2MWNhMWU5NTZhNGVhY2I0NTZmYzQzNDI0ZjQ4MjY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.zorginstituutnederland.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.zorginstituutnederland.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.zorginstituutnederland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://p.anypromo.com https://p.anypromo.com:8443 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' eventcinemas.co.nz *.eventcinemas.co.nz *.americanexpress.com *.android.com *.braintree-api.com *.braintreegateway.com *.braze.com *.byspotify.com *.cardinalcommerce.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.eventcinemas.co.nz *.eventcinemas.com.au *.facebook.com *.fontawesome.com *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.imdb.com *.instagram.com *.kaptcha.com *.movio.co *.mycardsecure.com *.parlourlane.com *.paypal.com *.paypalobjects.com *.quantcount.com *.quantserve.com *.rialto.co.nz *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.shift72.com *.spotify.com *.stripe.com *.tiktok.com *.typekit.net *.unpkg.com *.vimeo.com *.wp.com *.wufoo.com *.wufoo.eu *.youtube.com adservice.google.de adservice.google.fr americanexpress.com analytics.pangle-ads.com analytics.tiktok.com android.com attestation.android.com bam.nr-data.net braze.com cardinalcommerce.com cdn.honey.io cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net dggwxdl5oqubl.cloudfront.net eventcinemas.com.au fontawesome.com google.com googletagmanager.com i.ytimg.com instagram.com js-agent.newrelic.com js.appboycdn.com kg668dbov0.execute-api.us-east-1.amazonaws.com mpsnare.iesnare.com mycardsecure.com parlourlane.com participant.connect.ap-southeast-2.amazonaws.com paypal.com rsa3dsauth.co.uk secure7.arcot.com securepubads.g.doubleclick.net sharepointonline.com shift72.com spotify.com stripe.com tiktok.com typekit.net unpkg.com vimeo.com wp.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.moonlight.com.au www.surveymonkey.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' kozbeszerzes.hu *.kozbeszerzes.hu kt.hu *.kt.hu 1
frame-ancestors 'self' https://roserocket.com https://network.roserocket.com 1
frame-ancestors 'self' ff-fieldfishercom-prod-cms.azurewebsites.net admin.fieldfisher.com 1
frame-ancestors 'self' https://enextrunrunit.s3-us-west-2.amazonaws.com https://teams.microsoft.com 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://static.cloudflareinsights.com https://rum-static.pingdom.net/ https://cdn.oribi.io/ https://modelsaber.com/; script-src-elem 'self' https://stats.wp.com/ https://ajax.googleapis.com/ajax/libs/webfont/ https://stats.wp.com/w.js https://s0.wp.com/wp-content/ https://s1.wp.com/wp-content/ https://ssl.google-analytics.com/ga.js https://static.cloudflareinsights.com https://ajax.cloudflare.com/cdn-cgi/scripts/ https://cdn.oribi.io/Xy0yMDk3MjI0Mzg3/oribi.js https://cdnjs.cloudflare.com/ajax/libs/select2/ 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com/releases/ https://s0.wp.com/ 'self' 'unsafe-inline'; img-src data:  https: 'self' https://avatars.dicebear.com/v2/avataaars/; object-src 'none'; base-uri 'self'; connect-src https: 'self' https://gw.oribi.io/event; font-src https: data: https://cdnjs.cloudflare.com https://fonts.gstatic.com 'self'; frame-src 'self' https://akismet.com/ https://widgets.wp.com/ https://jetpack.wordpress.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://skystudioapps.com/ https://modelsaber.com/ https://discord.com/ https://scoresaber.com/ modelsaber: https://accounts.google.com/ https://calendar.google.com/; media-src https://cdn.beatmaps.io https://cdn.beatsaver.com 'self' blob:; frame-ancestors 'self' https://www.questmodding.com 1
frame-ancestors localhost localhost:3000 http://localhost:3000 bx.verstov.info verstov.info www.verstov.info 1
default-src 'none'; object-src 'none'; base-uri 'self'; worker-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' tagmanager.google.com www.googleanalytics.com www.googleoptimize.com optimize.google.com static.ads-twitter.com www.youtube.com apis.google.com beacon-v2.helpscout.net cdn.cookielaw.org cdn.segment.com connect.facebook.net geoip-js.com js.stripe.com geoip-js.com script.hotjar.com snap.licdn.com static.hotjar.com www.googletagmanager.com cdn.ably.com cdn.builder.io cdn.branch.io app.link *.google-analytics.com fablecdn.net *.fablecdn.net unpkg.com; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com optimize.google.com fablecdn.net *.fablecdn.net; connect-src 'self' wss: www.facebook.com api.staging.fable.co api.fable.co geolocation.onetrust.com geoip-js.com api.segment.io cdn.segment.com cdn.cookielaw.org graphql.contentful.com identitytoolkit.googleapis.com *.ingest.sentry.io securetoken.googleapis.com *.google-analytics.com *.hotjar.io https://*.hotjar.com wss://*.hotjar.com d3hb14vkzrxvla.cloudfront.net rest.ably.io internet-up.ably-realtime.com cdn.builder.io api2.branch.io *.doubleclick.net cdn.linkedin.oribi.io us-central1-fable-backend.cloudfunctions.net wss://realtime.ably.io/* assets.ctfassets.net the-vale-dot-fable-recommender-api.uc.r.appspot.com multivac-dot-fable-recommender-api.uc.r.appspot.com; font-src 'self' fonts.gstatic.com fablecdn.net *.fablecdn.net; frame-src 'self' optimize.google.com www.youtube.com fable-backend.firebaseapp.com js.stripe.com vars.hotjar.com www.facebook.com https://quiz.tryinteract.com; img-src 'self' https: data:; media-src 'self' cdn.fable.co cdn.builder.io fablecdn.net *.fablecdn.net; form-action 'self' www.facebook.com; manifest-src 'self' fablecdn.net *.fablecdn.net; report-uri https://us-central1-fable-backend.cloudfunctions.net/cspRateLimiter; 1
default-src 'self' 'unsafe-inline' eonsn.ro; 1
default-src 'self' data:; connect-src 'self' https://cdn.tricefy.com/ https://*.sentry.io/ https://sentry.io/ https://*.cloudfront.net/frontend/; font-src 'self' data: https://*.cloudfront.net/frontend/assets/ https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' blob: data: https:; object-src 'self'; script-src 'self' https://cdn.tricefy.com/ https://*.cloudfront.net/frontend/assets/ https://connect.facebook.net 'nonce-pzE1guaiMZCatw+XPI4EKg=='; style-src 'self' 'unsafe-inline' https:; frame-src 'self' data: https://announcekit.co; worker-src 'self' data: blob:; report-uri https://o22399.ingest.sentry.io/api/53607/security/?sentry_key=de3484f5998b48f9bec4f5016b69d880&sentry_release=410dd546fe975b2d03999af630059d1561f3bfcc&sentry_environment=production 1
default-src 'self' *.prorealtime.com prorealtimesoftware: data: 'report-sample'; block-all-mixed-content; font-src 'self' *.prorealtime.com *.avast.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; form-action 'self' *.prorealtime.com *.it-finance.com https://p.monetico-services.com https://*.e-transactions.fr 'report-sample'; frame-ancestors 'self' https://*.prorealtime.com; frame-src 'self' *.prorealtime.com *.it-finance.com prorealtimesoftware: youtube.com www.youtube.com 'report-sample'; img-src 'self' *.prorealtime.com *.it-finance.com data: i.ytimg.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; object-src 'none'; script-src 'self' *.prorealtime.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.googleapis.com s.ytimg.com 'report-sample'; style-src 'self' *.prorealtime.com 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com 'report-sample'; report-uri /csp-report 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.tukif.love:9080 www.tukif.love:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.tukif.love wss://www.tukif.love *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705974369 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://becominghuman.ai https://*.becominghuman.ai https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors https://*.cisin.com https://*.developers.dev https://*.esignly.com https://*.idea2app.dev https://*.coders.dev; 1
style-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
connect-src *.google-analytics.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net analytics.tiktok.com *.analytics.google.com earthshotprize.org www.facebook.com *.googletagmanager.com analytics.google.com *.googlesyndication.com *.crazyegg.com adservice.google.com; default-src 'self' 'unsafe-inline' *.googletagmanager.com cdn.jsdelivr.net fonts.gstatic.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com *.crazyegg.com; frame-src www.google.com platform.twitter.com www.googletagmanager.com www.facebook.com www.youtube-nocookie.com www.instagram.com *.instagram.com earthshotprize.org player.vimeo.com *.vimeo.com *.youtube.com *.googlesyndication.com *.doubleclick.net *.crazyegg.com; img-src 'self' data: *.google-analytics.com cdn.jsdelivr.net t.co analytics.twitter.com www.facebook.com www.google.com www.google.co.uk googleads.g.doubleclick.net i.ytimg.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com sa.earthshotprize.org player.vimeo.com *.googletagmanager.com www.google.com.au *.crazyegg.com ; script-src-elem 'self' 'unsafe-inline'  player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com ps://static.ads-twitter.com/uwt.js fonts.googleapis.com cdn.jsdelivr.net static.ads-twitter.com connect.facebook.net googleads.g.doubleclick.net analytics.tiktok.com script.crazyegg.com www.googleadservices.com sa.earthshotprize.org tpc.googlesyndication.com *.crazyegg.com www.instagram.com www.instagram.com/embed.js; style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net fonts.googleapis.com script.crazyegg.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com *.crazyegg.com; worker-src       'self'       blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: * 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src *; img-src * 'self' data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' www.googletagmanager.com cdn.cookielaw.org costconextcom.bigscoots-staging.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://entrepreneurshandbook.co https://*.entrepreneurshandbook.co https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://1.awardhq.com https://www.1.awardhq.com https://fedex.awardhq.com https://us.hiltonhhonorsshopping.com  https://diamondmall.hiltonhhonorsshopping.com https://shop-with-points.marriott.com https://shop.wyndhamrewards.com  https://giving.ihg.com https://catalog.ihg.com https://yourjourney.ihgrewardsclub.com https://yourrewards.awardhq.com; 1
default-src * gap: ws: https://ssl.gstatic.com;style-src * 'unsafe-inline' 'self' data: blob:;font-src 'self' data: fonts.gstatic.com;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;img-src * data: 'unsafe-inline' 'self' content:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.com https://*.webvisor.com http://webvisor.com 1
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src  www.gstatic.com *.googleapis.com 'unsafe-inline' 'self'; script-src  'self'  www.gstatic.com translate.google.com *.googleapis.com *.datadoghq-browser-agent.com 'nonce-N43BZAzslBeysoe4jcxmusnM4gRTO72p' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'unsafe-hashes'; img-src * data:; connect-src * data:; frame-src 'self' * 1
img-src 'self' api.paylibo.com xzone.cz csfd.cz *.seznam.cz blob: data: tracking.smartemailing.cz *.twisto.cz i.ibb.co *.xzone.cz *.xzone.sk *.xzone.hu *.gamlery.pl *.gamlery.cz *.gameexpres.sk *.csfd.cz www.google-analytics.com www.google.com www.google.cz www.google.sk www.google.hu googleads.g.doubleclick.net www.googletagmanager.com stats.g.doubleclick.net c.imedia.cz www.facebook.com https://connect.facebook.net https://script.hotjar.com cdnjs.cloudflare.com steamcdn-a.akamaihd.net static.muve.cz ssl.heureka.cz *.heureka.cz *.heureka.sk *.estores.cz *.dvdexpres.sk *.gameexpress.hu c.seznam.cz *.cdninstagram.com *.supportbox.cz *.arukereso.hu *.steamstatic.com; frame-ancestors c.imedia.cz g; script-src 'strict-dynamic' 'nonce-040cba03526b4ce9b66c79d724da1244' 'unsafe-eval' http: https:; object-src 'none'; base-uri 'none'; form-action 'self' *.facebook.com *.csob.cz moja.tatrabanka.sk *.gopay.com *.gopay.cz *.homecredit.cz *.hccs.cz; 1
default-src https: 'unsafe-eval' 'unsafe-inline';object-src 'self'; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.fobos.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.fobos.de https://*.w.org https://wordpress.org https://secure.gravatar.com; form-action 'self' 'unsafe-inline'; 1
frame-src *.xq.com.tw *.esunsec.com.tw *.youtube.com *.vimeo.com *.facebook.com;frame-ancestors *.xq.com.tw *.esunsec.com.tw *.youtube.com *.vimeo.com *.facebook.com;font-src * data:;img-src * data:; 1
connect-src 'self' 'unsafe-inline' *.google-analytics.com www.google-analytics.com www.plantlife.org.uk plantlife.org.uk wss://ws.hotjar.com *.analytics.google.com *.hotjar.io *.hotjar.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline'  www.googletagmanager.com data:; font-src data: www.plantlife.org.uk plantlife.org.uk staging-plantlife-staging.kinsta.cloud fonts.gstatic.com  fonts.googleapis.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com app.donorfy.com r.stripe.com m.stripe.com storymaps.arcgis.com plantlife.maps.arcgis.com survey123.arcgis.com js.arcgis.com pay.gocardless.com api.donorfy.com www.facebook.com facebook.com; img-src 'self' 'unsafe-inline' data: www.plantlife.org.uk plantlife.org.uk staging-plantlife-staging.kinsta.cloud www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com *.stripe.com www.facebook.com facebook.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hotjar.com script.hotjar.com player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net app.donorfy.com r.stripe.com m.stripe.com survey123.arcgis.com js.arcgis.com www.plantlife.org.uk plantlife.org.uk; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; style-src-elem 'self' www.plantlife.org.uk plantlife.org.uk 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; worker-src 'self' blob:; 1
default-src 'self' https://validator.w3.org https://imis.aami.org https://vimeo.com https://player.vimeo.com placehold.it https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com https://farm8.staticflickr.com aamiblog.org https://cdn.sitesearch360.com *.sitesearch360.com https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com *.surveymonkey.com *.google.com *.go.aami.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://use.fontawesome.com https://platform.twitter.com https://twitter.com https://imis.aami.org/aami/certification_directory https://vimeo.com https://*.googletagmanager.com/ https://flickr.com flickr.com www.flickr.com live.staticflickr.com https://embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com widgets.flickr.com snap.licdn.com www.youtube.com *.aami.org https://cdn.sitesearch360.com *.sitesearch360.com https://cdn.jsdelivr.net *.surveymonkey.com *.google.com *.go.aami.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.sitesearch360.com *.sitesearch360.com *.surveymonkey.com *.google.com *.go.aami.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: screenfeed.com; img-src 'self' https://www.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com https://px.ads.linkedin.com https://insights.sitesearch360.com https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com *.sitesearch360.com https://array.aami.org *.surveymonkey.com *.google.com *.go.aami.org; media-src 'self' data: blob: https://vimeo.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com https://player.vimeo.com screenfeed.com https://player.captivate.fm https://photos.app.goo.gl https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com; form-action 'self' *.surveymonkey.com *.google.com *.go.aami.org; frame-src 'self' https://html5-player.libsyn.com https://www.youtube.com https://platform.twitter.com https://imis.aami.org/aami/certification_directory https://vimeo.com https://player.vimeo.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com https://player.captivate.fm https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com https://syndication.twitter.com https://www.surveymonkey.com https://www.google.com/ https://go.aami.org; frame-ancestors 'self' widget.surveymonkey.com https://maps.google.com/ https://go.aami.org; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com screenfeed.com widget.surveymonkey.com https://maps.google.com/ go.aami.org; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com screenfeed.com https://embedr.flickr.com https://farm8.staticflickr.com https://cdn.sitesearch360.com https://insights.sitesearch360.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://global.sitesearch360.com/sites https://cdn.jsdelivr.net https://analytics.google.com https://widget.surveymonkey.com https://maps.google.com/ https://go.aami.org; object-src https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com https://maps.google.com/; 1
frame-ancestors 'self' lobe-search.squiz.cloud lbedev.home.ukpreview.empro.verintcloudservices.com lbeqa.home.ukpreview.empro.verintcloudservices.com lbe.home.uk.empro.verintcloudservices.com lbe.portal.uk.empro.verintcloudservices.com lbe.clients.squiz.net https://lbedev.ukpreview.empro.verintcloudservices.com/ https://lbeqa.ukpreview.empro.verintcloudservices.com/ https://lbe.uk.empro.verintcloudservices.com/ https://www.enfield.gov.uk/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bundles.efilli.com/ https://connect.facebook.net http://connect.facebook.net https://platform.twitter.com http://www.google-analytics.com/ https://ajax.googleapis.com/ https://www.google.com/recaptcha/api.js https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://bodrumarchlib.blob.core.windows.net https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com/ 1
base-uri 'self'; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://maps.googleapis.com/maps/api/mapsjs https://maps.googleapis.com/maps/api/js https://developers.google.com/maps/documentation https://apis.google.com https://www.gstatic.com/recaptcha/releases https://www.google.com/recaptcha/api.js https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net https://analytics.google.com https://analytics.google.com https://www.google.com.sg/ads/ga-audiences https://*.zendesk.com https://www.facebook.com https://connect.facebook.net https://www.you.co https://*.typeform.com https://*.zdassets.com https://cdnjs.cloudflare.com https://*.bamboohr.com https://7blcqgbwpb.execute-api.ap-southeast-1.amazonaws.com https://www.googletagmanager.com https://fonts.googleapis.com https://www.you.co https://fonts.gstatic.com https://secure.gravatar.com https://youcostaging2.wpengine.com https://m0x4bwf99a.execute-api.ap-southeast-1.amazonaws.com https://ygd22apn99.execute-api.ap-southeast-1.amazonaws.com https://ygd22apn99.execute-api.ap-southeast-1.amazonaws.com/prod https://edge.fullstory.com/s/fs.js https://edge.fullstory.com https://rs.fullstory.com https://m0x4bwf99a.execute-api.ap-southeast-1.amazonaws.com/test/u-data-MKT-campaign/; 1
default-src 'self' 'unsafe-inline' https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de/ https://service.bzga.de/ https://shop.bzga.de/ https://www.etracker.de/ https://static.etracker.com/ https://code.etracker.com/; img-src 'self' https://shop.bzga.de/ data: https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com 1
frame-ancestors *.lions.de *.leo-clubs.de *.lions-quest.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24i7-news.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
frame-ancestors 'self' https://sites.google.com/ https://n-i42r3zyn7klgg7odsvzmmbpviikyf75zosl6skq-0lu-script.googleusercontent.com/ https://script.google.com 1
style-src 'unsafe-inline' *; script-src 'nonce-5685acc1-415e-4683-9d33-8f2e6f7b694b' 'unsafe-eval' 'self' communicode.de communicode.com *.google.com www.googletagmanager.com tagmanager.google.com googleadservices.com google-analytics.com *.twitter.com cdn.syndication.twimg.com www.xing-share.com *.linkedin.com https://www.youtube.com snap.licdn.com communicode.dev; img-src 'self' data: * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.secure-exchange.de/piwik/ youtube.com https://www.youtube.com/ https://secure.mobile.trotto.performgroup.com; 1
frame-ancestors 'self' https://www.atitesting.com https://stage-www.atitesting.com *.atitesting.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freiburg.social; img-src 'self' https: data: blob: https://freiburg.social; style-src 'self' https://freiburg.social 'nonce-n78dTw6z/7cP70R4c+ndJA=='; media-src 'self' https: data: https://freiburg.social; frame-src 'self' https:; manifest-src 'self' https://freiburg.social; form-action 'self'; child-src 'self' blob: https://freiburg.social; worker-src 'self' blob: https://freiburg.social; connect-src 'self' data: blob: https://freiburg.social https://freiburg.social wss://freiburg.social; script-src 'self' https://freiburg.social 'wasm-unsafe-eval' 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com/ https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com player.vimeo.com;     1
frame-ancestors 'self' https://www.news18.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.slimcd.com recruitingbypaycor.com *.crazyegg.com *.scarabresearch.com https://www.google-analytics.com www.googletagmanager.com *.google-analytics.com sc-static.net *.quantserve.com *.quantcount.com *.youtube.com *.teads.tv http://api.ipstack.com *.googleadservices.com *.merchantware.net *.snapchat.com *.tiktok.com *.niceincontact.com *.rezync.com *.boomtrain.com *.rfihub.net *.ensighten.com *.rapidscansecure.com *.ipdata.co *.doubleclick.net *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net https://livechat-static-de-na1.niceincontact.com *.niceincontact.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.typekit.net data: https://livechat-static-de-na1.niceincontact.com *.niceincontact.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.windows.net *.crazyegg.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com *.google.com *.googletagmanager.com *.adsrvr.org spotxbeacons.com *.doubleclick.net *.quantserve.com *.teads.tv *.emarsys.net *.amazonaws.com *.rezync.com *.liadm.com *.choozle.com *.rapidscansecure.com *.pangle-ads.com google.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com recruitingbypaycor.com *.crazyegg.com *.doubleclick.net *.snapchat.com *.rfihub.com *.adsrvr.org *.cloudfront.net *.niceincontact.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.crazyegg.com *.scarabresearch.com *.google-analytics.com https://www.google-analytics.com *.doubleclick.net analytics.google.com *.emarsys.net *.teads.tv *.merchantware.net *.snapchat.com *.tiktok.com wss://chat-gateway-de-na1.niceincontact.com *.niceincontact.com *.boomtrain.com *.cloudflare.com *.facebook.com *.pangle-ads.com google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://d2i34c80a0ftze.cloudfront.net *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://*.cloudfront.net https://1e5e001cac52428daa2d7f8bcde3aac0.js.ubembed.com https://*.js.ubembed.com https://*.ssl.cf2.rackcdn.com https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://tag.demandbase.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://assets.ubembed.com https://js.driftt.com https://go.league.com https://js.adsrvr.org https://pi.pardot.com https://static.hotjar.com https://script.hotjar.com unsafe-eval unsafe-inline *.visualwebsiteoptimizer.com app.vwo.com https://assets.contently.com/insights/insights.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflT-xPmY/www-widgetapi.js https://track.contently.com/track https://assets.contently.com https://eywkvsmxggi.exactdn.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://d2i34c80a0ftze.cloudfront.net https://static.hotjar.com https://script.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com unsafe-inline https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://d2i34c80a0ftze.cloudfront.net *.vidyard.com https://eywkvsmxggi.exactdn.com https://match.prod.bidr.io https://id.rlcdn.com https://px.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://www.facebook.com https://static.hotjar.com https://script.hotjar.com https://px4.ads.linkedin.com https://www.google.ca/ads/ga-audiences https://e3r429ujnza.exactdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com wingify-assets.s3.amazonaws.com https://cdn.cookielaw.org s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net blob: https://play.vidyard.com https://geolocation.onetrust.com https://api.company-target.com https://in.hotjar.com https://*.onetrust.com https://scout.salesloft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://*.oribi.io *.visualwebsiteoptimizer.com app.vwo.com https://track.contently.com/track *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://d2i34c80a0ftze.cloudfront.net https://script.hotjar.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com; media-src 'self' https://d2i34c80a0ftze.cloudfront.net https://play.vidyard.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com; frame-src 'self' https://go.league.com https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://vars.hotjar.com https://js.driftt.com https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org app.vwo.com *.visualwebsiteoptimizer.com https://assets.contently.com/ https://www.youtube-nocookie.com www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
frame-src 'self' https://*.linkedin.com https://*.audioeye.com https://activitymap.adobe.com https://lordabbett.demdex.net/ https://vds.issgovernance.com https://vds.issproxy.com https://www.googletagmanager.com https://pages.exacttarget.com https://page.email.lordabbett.com https://players.brightcove.net https://*.go-mpulse.net https://html5-player.libsyn.com https://twitter.com https://*.twitter.com https://pbs.twimg.com https://*.financialtrans.com; frame-ancestors 'self' https://*.linkedin.com https://*.audioeye.com https://activitymap.adobe.com https://*.go-mpulse.net https://*.twitter.com  https://*.financialtrans.com; 1
frame-ancestors 'self' webvisor.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://accounts.google.com https://www.gstatic.com https://access.nagich.co.il https://*.firebaseio.com https://apis.google.com https://*.survicate.com https://*.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://paypalobjects.com https://*.paypalobjects.com https://paypal.com https://*.paypal.com https://ajax.cloudflare.com https://vimeocdn.com/ https://*.vimeocdn.com/ https://vimeo.com https://negina.co.il/ https://code.jquery.com/ https://cdn.popt.in/ https://cdnjs.cloudflare.com/ https://client.crisp.chat/ https://clientcdn.pushengage.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://js.nagich.co.il/ https://static.cloudflareinsights.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com https://player.vimeo.com https://www.vimeo.com/ https://*.elfsight.com https://negina.pushengage.com; style-src 'report-sample' 'self' 'unsafe-inline' https://accounts.google.com https://client.crisp.chat/ https://negina.co.il/ https://fonts.googleapis.com/ https://negina.pushengage.com https://surveys-static.survicate.com https://cdn.popt.in https://cdnjs.cloudflare.com https://translate.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ocr.nagich.co.il https://pagead2.googlesyndication.com https://securetoken.googleapis.com wss://*.firebaseio.com https://www.googleapis.com https://*.survicate.com https://access.nagich.co.il/ https://paypal.com https://*.paypal.com https://js.nagich.co.il/ wss://client.relay.crisp.chat/ https://stats.g.doubleclick.net/ https://www.google-analytics.com https://display.popt.in https://www.facebook.com https://apps.elfsight.com https://clients-api.pushengage.com https://*.amazonaws.com https://*.cloudfront.net; font-src 'self' https://client.crisp.chat https://fonts.gstatic.com https://surveys-static.survicate.com https://cdnjs.cloudflare.com; frame-src 'self' https://*.googlesyndication.com  https://googleads.g.doubleclick.net  https://accounts.google.com https://*.firebaseapp.com https://www.paypalobjects.com https://*.paypalobjects.com https://*.paypal.com https://paypal.com https://*.pelecard.biz https://www.youtube-nocookie.com https://www.youtube.com https://*.youtube.com https://player.vimeo.com https://www.facebook.com https://bid.g.doubleclick.net https://buyme.co.il/ https://www.google.com; img-src * 'self' 'unsafe-eval' data:; manifest-src 'self'; media-src 'self'; worker-src 'self' https://negina.co.il; 1
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://peso.gov.in/web/report-uri/enforce 1
frame-ancestors 'self'; manifest-src 'none'; font-src https: data: 'self'; img-src https: data: blob: 'self'; style-src https: data: blob: 'unsafe-inline' 'self'; script-src 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' data: https://www.shopmania.ro https://s.cdnshm.com www.shopmania.net *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google.com 'self'; object-src 'self'; media-src 'self'; default-src https://www.shopmania.ro https://s.cdnshm.com www.shopmania.net *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google.com 'self'; report-to csp_reports; report-uri https://www.shopmania.ro/csp?action=report_csph&k=ByIhExAZb0dGfAcXMRxiYW9EOCM%3D 1
frame-ancestors 'self' covideo.com *.covideo.com vidmails.com *.vidmails.com eleadcrm.com *.eleadcrm.com forddirectcrm.com *.forddirectcrm.com usherpa.com *.usherpa.com *.autoipacket.com *.autoipacket.net *.ipacket.us *.ipacket.info dealersocket.com *.dealersocket.com dealersocket.engineering *.dealersocket.engineering linkedin.com *.linkedin.com *.kennected.video watch.kennected.video; 1
frame-ancestors 'self' https://*.gnttv.com/  https://*.aajtak.in/ https://*.indiatoday.in/ https://www.kisantak.in/ https://*.aajtakonline.in/ https://*.indiatodayonline.in/ https://*.intoday.in/ https://*.businesstoday.in/ 1
frame-ancestors 'self' https://app.contentful.com/ https://studio.contentful.com/ https://compose.contentful.com/ 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-+dyhcDxGya9mQbfzYdn+zA=='  'sha256-5yLEE/jUF5eoOefsINotD+tXeklSYMKlhm5Zl+biNrg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com 1
upgrade-insecure-requests; base-uri 'none'; font-src 'self' data: fonts.gstatic.com consent.trustarc.com; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com consent.trustarc.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com consent-pref.trustarc.com; 1
default-src 'self' https://www.google-analytics.com/ ;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://s7.addthis.com/ https://connect.facebook.net/en_US/sdk.js https://apis.google.com/ https://www.googleadservices.com/;style-src 'report-sample' 'self' 'unsafe-inline';frame-ancestors https://gainhow.tw/ https://book.gainhow.tw/ https://mask.gainhow.tw/ https://care.gainhow.tw/ https://wish.gainhow.tw/ http://localhost:8080/ ;img-src 'self' https: data:;frame-src 'self' https://editor.gainhow.tw/ https://accounts.google.com/ https://www.youtube.com/ https://maps.google.com.tw/ https://www.google.com/;connect-src 'self' *.google-analytics.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://analytics.google.com; 1
upgrade-insecure-requests; report-uri https://busuupromotions.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://mc.yandex.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://analytics.tiktok.com https://dashperfluencenet.webim.ru https: data:; base-uri 'self'; 1
frame-ancestors 'self' X-Frame-Options: sameorigin; base-uri 'self'; 1
frame-ancestors 'self' http://www.paixnidiaxl.gr 1
default-src 'self'; frame-ancestors 'self'; block-all-mixed-content;          frame-src 'self' https://mpembed.com https://*.tridimedya.com https://buyin.social https://*.buyin.social https://*.criteo.com https://*.criteo.net https://*.google.com https://*.doubleclick.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.efilli.com https://*.jsdelivr.net/ https://*.pinterest.com https://*.gstatic.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.truste.com https://connect.facebook.net https://cc-spectochat.echoccs.com https://graph.facebook.com https://google-analytics.com https://googleads.g.doubleclick.net https://googletagmanager.com https://js.facebook.com https://kit.fontawesome.com https://static.criteo.net https://sslwidget.criteo.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.fontawesome.com https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.fontawesome.com cc-spectochat.echoccs.com fonts.googleapis.com www.googletagmanager.com *.payten.com.tr; object-src *.googlesyndication.com; child-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net connect.facebook.net www.googletagmanager.com; form-action 'self' *.efilli.com  *.google.com *.facebook.com connect.facebook.net *.isbank.com.tr *.isbank.com.tr *.isbank.com.tr *.qnbfinansbank.com *.fbwebpos.com *.garanti.com.tr *.yapikredi.com.tr *.bkm.com.tr *.payten.com.tr *.bkmexpress.com *.bkmexpress.com.tr; worker-src 'self' data: blob: *.google.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com; connect-src 'self' https://*.efilli.com https://*.google-analytics.com https://*.hotjar.io https://*.doubleclick.net https://*.criteo.com https://*.googlesyndication https://*.clarity.ms https://*.fontawesome.com https://*.echoccs.com https://*.google.com https://*.googlesyndication.com; img-src 'self' data: https://*.efilli.com https://*.postrelease.com https://*.google-analytics.com https://*.webflow.com https://*.pasabahcemagazalari.com https://*.google.de https://*.bing.com https://*.clarity.ms https://id5-sync.com https://hb.yahoo.net https://se.semasio.net https://*.pinterest.com https://*.thebrighttag.com https://*.krxd.net https://*.twiago.com https://*.demdex.net https://*.ads.yieldmo.com https://*.echoccs.com https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.google.com.tr https://*.doubleclick.net https://*.bidswitch.net https://*.adnxs.com https://*.media.net https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.analytics.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.casalemedia.com https://*.criteo.com https://*.360yield.com https://*.ivitrack.com https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.tremorhub.com https://*.yieldlab.net https://*.ds.yieldmo.com https://*.emxdgt.com https://*.criteo.com https://*.payten.com.tr; manifest-src 'self'; media-src 'self'; base-uri 'self'; 1
block-all-mixed-content; frame-src 'self' https://www.paypalobjects.com https://storage.googleapis.com https://payl8r.com; upgrade-insecure-requests; 1
frame-ancestors *.swingeren.dk;  1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data: https://*.help.com.br; 1
frame-ancestors 'self' *.mvrz.works *.muenchener-verein.de *.mv-partnernetz.de *.mv-maklernetz.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.soundcloud.com *.report-uri.com *.cookielaw.org ajax.cloudflare.com *.googleapis.com *.facebook.net cdn.linkedin.oribi.io *.instagram.com *.cdninstagram.com *.amazonaws.com *.google.com *.youtube.com *.megaphone.fm *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.onistaged.com *.onenorth.com *.velaw.com *.vuturevx.com *.googletagmanager.com *.google-analytics.com *.yoshki.com *.stitcher.com stitcher.com sentry.io *.helpshift.com *.apple.com apple.com tunein.com *.tunein.com static.ads-twitter.com snap.licdn.com anchor.fm; object-src 'self'; img-src 'self' *.cookielaw.org *.googleapis.com *.instagram.com *.cdninstagram.com *.amazonaws.com *.google.com *.youtube.com *.megaphone.fm *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.onistaged.com *.onenorth.com *.vuturevx.com *.velaw.com *.googletagmanager.com *.google-analytics.com *.yoshki.com *.heyzine.com static.ads-twitter.com analytics.twitter.com *.facebook.net *.facebook.com snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io t.co *.adsymptotic.com data:; font-src 'self' fonts.gstatic.com data:; report-uri 1
script-src 'nonce-A6+oryOtAzTH5FyAwIVs2ZUS1bhC' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; base-uri 'none'; 1
default-src 'self' dev-nas.io dev-nas-io.web.app nas.io *.dev-nas.io *.nas.io *.nasacademy.com data: *.framer.website; img-src 'self' dev-nas-io.web.app data: https: blob:; script-src * 'self' dev-nas-io.web.app 'unsafe-eval' 'unsafe-inline' blob: data: gap:; connect-src * 'self' dev-nas-io.web.app 'unsafe-inline' blob: data: gap:; media-src dev-nas-io.web.app *.dev-nas.io *.nas.io *.nasacademy.com *.vercel.app blob: *.cloudfront.net s3.ap-southeast-1.amazonaws.com; object-src 'none'; style-src 'self' dev-nas-io.web.app 'unsafe-inline' *.nas.io *.dev-nas.io fonts.googleapis.com www.googletagmanager.com; font-src 'self' dev-nas-io.web.app fonts.gstatic.com *.fontawesome.com data: *.framerstatic.com framerusercontent.com *.fonts.intercomcdn.com; frame-src 'self' vercel.live dev-nas.io nas.io nasacademy.com *.dev-nas.io *.nas.io *.nasacademy.com *.snapchat.com *.stripe.com google.com *.google.com *.youtube.com *.typeform.com intercom-sheets.com *.intercom.io; frame-ancestors 'self' *; form-action 'self'; worker-src 'self' blob; child-src 'self' blob; 1
script-src 'self' 'unsafe-inline' connect.facebook.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.upmenu.com unpkg.com www.gstatic.com 1
frame-ancestors 'self' https://bsf-autoservicio-videocall-prod.web.app/ 1
default-src 'self'; script-src 'self' https://snap.licdn.com/ https://*.matomo.cloud/ http://cdn.matomo.cloud/passbolt.matomo.cloud/ https://*.cookiebot.com/ https://plausible.io/js/ https://js.usemessages.com/ https://js.hscollectedforms.net/ https://js.hs-analytics.net/analytics/ https://js.hs-scripts.com/ https://js-na1.hs-scripts.com/ https://js.hsforms.net/forms/ https://js.hs-banner.com/ https://forms.hsforms.com/ https://static.hsappstatic.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.chargebee.com/ 'sha256-LHKsfrlB0pbutII03Ou2/ZzQhyBbud5KHNUQHG76ET8=' 'sha256-kbFzizjHJkcNX8x1QYM2M5k0Sh9zfVZWU40I0NJ1yOA=' 'sha256-wv/I/LPuXwB6r3l37sb3L829AfSkPQdHNNP39Xiigc4='; style-src 'self' 'unsafe-hashes' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.matomo.cloud/ https://js.chargebee.com/; frame-src 'self' https://*.cookiebot.com/ https://app.hubspot.com/ https://meetings.hubspot.com/ https://www.youtube-nocookie.com https://www.google.com/ https://js.chargebee.com/ https://passbolt.chargebee.com/; connect-src 'self' https://*.cookiebot.com/ https://plausible.io/api/ https://api.hubspot.com/livechat-public/v1/message/public https://forms.hubspot.com/collected-forms/v1/config/ https://passbolt.matomo.cloud/; img-src 'self' data: https://www.linkedin.com https://p.adsymptotic.com https://px.ads.linkedin.com https://*.matomo.cloud/ https://*.cookiebot.com/ https://s3.amazonaws.com/ https://forms.hsforms.com/embed/v3/ https://track.hubspot.com/ i.ytimg.com passbolt-blog-2.ghost.io; font-src 'self' https://passbolt.matomo.cloud/; 1
font-src https: data:; 1
frame-ancestors 'self' https://www.sosbornebyerne.dk/ 1
frame-ancestors 'self' https://*.cssconventus.com https://*.conferencesolutions.info https://companydev.com/ https://myacg-stage.acg.org https://myacg.acg.org http://acg-dev.companydev.localhost:3000; 1
style-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://davmedia.cups.online https://vk.com https://vk.ru https://top-fwz1.mail.ru https://mytopf.com https://www.googletagmanager.com https://www.google-analytics.com http://ajax.googleapis.com https://analytics.google.com https://mc.yandex.ru https://lcab.talk-me.ru https://static.me-talk.ru https://static.site-chat.me; img-src 'self' 'unsafe-inline' data: blob: *; connect-src 'self' https://davmedia.cups.online https://tminio.tech-mail.ru https://vk.com https://vk.ru https://tminio.tech-mail.ru https://minio-stage.tech-mail.ru https://minio-stage.tech-mail.ru https://top-fwz1.mail.ru https://mytopf.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://static.me-talk.ru https://widget.me-talk.ru wss://widget.me-talk.ru; font-src 'self' data: *; frame-src 'self' https://technocup.proctoring.online https://vk.com https://id.vk.com; default-src 'self' 'unsafe-inline' * 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://*.bootstrapcdn.com https://fonts.gstatic.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://www.jennieo.com https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://analytics.twitter.com https://t.co https://www.google-analytics.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://pixel.quantserve.com https://r.turn.com https://*.iriworldwide.com https://s.amazon-adsystem.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://*.salesforceliveagent.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://www.clarity.ms https://rules.quantcount.com https://*.doubleclick.net https://static.ads-twitter.com https://js-agent.newrelic.com https://rum-static.pingdom.net https://js.adsrvr.org https://s.pinimg.com https://www.youtube.com https://platform.twitter.com https://secure.quantserve.com https://*.bing.com https://cdn.mouseflow.com https://www.googleadservices.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' wss://ws-mt1.pusher.com https://analytics.google.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.pusher.com wss://*.pusherapp.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://d.clarity.ms https://*.pingdom.net https://*.doubleclick.net https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://*.google.com https://*.bugherd.com https://www.coupons.com https://s.amazon-adsystem.com https://*.force.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net https://insight.adsrvr.org 1
default-src https: 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.jp dfm-cast-v2.gyro-n.com/ *.sprocket.bz sprocket-ping.s3.amazonaws.com *.criteo.com *.criteo.net; font-src 'self' https: data:; img-src 'self' https: data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.jp dfm-cast-v2.gyro-n.com/ *.sprocket.bz sprocket-ping.s3.amazonaws.com *.criteo.com *.criteo.net; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com dfm-cast-v2.gyro-n.com/ *.sprocket.bz sprocket-ping.s3.amazonaws.com 'https://*.criteo.com' 'https://*.criteo.net'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
default-src 'self' *.floir.com https://floir.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.floir.com https://floir.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.floir.com https://floir.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.floir.com floir.com; 1
default-src 'unsafe-inline' 'unsafe-eval' http: https:; script-src 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'unsafe-inline' http: https:; img-src http: https: data: blob:; connect-src http: https:; font-src http: https: data:; media-src http: https:; child-src 'none'; form-action http: https:; object-src 'none'; frame-src http: https:; worker-src http: https:; manifest-src http: https: blob:; base-uri http: https: 1
frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1
frame-ancestors: 'self'; default-src 'self'; script-src 'report-sample' 'self' https://matomo.go-springtime.com/piwik.js 'unsafe-inline'; style-src 'report-sample' 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://jobs.go-springtime.com https://matomo.go-springtime.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors https://app.ecwid.com 'self' 1
default-src https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src 'self' 'unsafe-inline' *.fonts.net *.upsales.com *.bidtheatre.com *.google.com *.googleapis.com; connect-src 'self' *.fonts.net *.upsales.com *.bidtheatre.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleapis.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.hcaptcha.com *.reachmee.com *.youtube.com *.vimeo.com *.google.com *.doubleclick.net *.googletagmanager.com; child-src 'self';font-src * data:; object-src 'none'; manifest-src 'self' 'unsafe-inline' data:; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com 1
default-src https:; style-src 'unsafe-inline' https:; script-src 'unsafe-inline' https:; img-src data: https:; connect-src wss://come.test.kartaca.com https: 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.googlesyndication.com *.outbrain.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data: blob:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' *.vynetrellis.com vynetrellis.com *.rpractice.com rpractice.com; child-src 'self' blob: *.pendo.io vynetrellis.com *.vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.vynetrellis.com wss://vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.vynetrellis.com vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.vynetrellis.com vynetrellis.com *.rpractice.com rpractice.com *.pendo.io; frame-src 'self' *.vynetrellis.com vynetrellis.com previewapp.vynetrellis.com *.pendo.io; img-src 'self' blob: data: *.vynetrellis.com vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.vynetrellis.com vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self' https://cdn.haywyre.co.uk/ ; script-src https://s3.creation.co.uk 'self' https://unpkg.com/ 'unsafe-inline' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' *.googletagmanager.com *.google-analytics.com https://cdn.cookielaw.org/ 'sha256-4CvayC4Ok6d1a6e3UazuPEPVsCNm0EgyPrUsV3POmSI=' 'sha256-AXIIM4FqCo1K0BX1hMIT/+4imm0zG/aDGzoTP0A8q84=' https://resources.digital-cloud.medallia.eu/ 'sha256-syPUeMi2THgcS3Oqscv6dDYFTrUbWSk8YLdugGe2TnM=' ; style-src 'self' 'unsafe-inline' https://s3.creation.co.uk ; img-src https://s3.creation.co.uk 'self' https://www.creation.co.uk/ https://cdn.cookielaw.org/ data: via.placeholder.com www.google.com www.google.co.uk www.google-analytics.com https://resources.digital-cloud.medallia.eu/ https://cdn.usersnap.com/ www.googletagmanager.com https://udc-neb.kampyle.com ; connect-src https://bnp-privacy.my.onetrust.com/request/v1/consentreceipts  www.creation.co.uk:9443 https://ua-api.haywyre.co.uk 'self' www.creation.co.uk www.creation.co.uk:8443 https://www.google.com/pagead/conversion_async.js https://privacyportal-eu.onetrust.com/ https://lottie.host https://region1.analytics.google.com https://geolocation.onetrust.com googleads.g.doubleclick.net *.google-analytics.com www.googleadservices.com https://cdn.cookielaw.org/ stats.g.doubleclick.net https://api.usersnap.com/ https://cdn.usersnap.com/ https://screencapture.kampyle.com https://resources.digital-cloud.medallia.eu/ https://udc-neb.kampyle.com ; font-src 'self' https://s3.creation.co.uk ; object-src 'none' ; media-src https://s3.creation.co.uk ; child-src https://resources.digital-cloud.medallia.eu/ ; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-1e4c3590f14497218cc3674679ed1944' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.com https://tms.parship.com https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self'; script-src 'unsafe-inline' 'self' maps.googleapis.com maps.google.com *.itzbund.de; style-src 'unsafe-inline' 'self' maps.gstatic.com *.googleapis.com *.ggpht.com; img-src data: blob: 'self' a.tile.openstreetmap.de maps.gstatic.com *.googleapis.com *.ggpht.com maps.google.com; font-src 'self' fonts.gstatic.com *.googleapis.com *.ggpht.com; frame-src 'self' *.youtube-nocookie.com *.vimeo.com *.blitzvideoserver.de intocities.com maps.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' *.googleapis.com *.itzbund.de 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 1
block-all-mixed-content; default-src https: 'self'; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'self' https://www.youtube.com  https://consent.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://matomo.publicisfrance.com https://matomo.colas.com https://consentcdn.cookiebot.com https://www.google.com https://www.google.com/recaptcha https://www.gstatic.com https://s.go-mpulse.net https://snap.licdn.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self'; base-uri 'self'; worker-src 'self'; frame-ancestors 'self'; object-src 'self'; form-action 'self'; 1
base-uri 'self'; frame-ancestors 'self' https://gocustaging.orb.alkamitech.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.cloudflare.com https://*.googletagmanager.com https://*.google.com https://*.facebook.net https://www.google-analytics.com https://www.googleoptimize.com https://*.clickagy.com https://use.fontawesome.com https://fonts.googleapis.com https://*.hubspot.com https://*.hsforms.net https://*.licdn.com https://www.googleadservices.com https://*.clearbitjs.com https://*.zoominfo.com https://*.g2crowd.com https://*.hsforms.com https://*.chilipiper.com https://*.amazonaws.com https://*.facebook.com https://*.doubleclick.net https://*.hs-analytics.net https://*.hs-scripts.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://*.hsleadflows.net https://*.hsadspixel.net/ https://*.hs-banner.com https://*.hubapi.com https://boards.greenhouse.io https://player.vimeo.com https://*.vimeo.com https://*.lfeeder.com https://*.youtube.com https://cdn.linkedin.oribi.io https://*.factors.ai https://*.clearbit.com https://*.clearbitscripts.com https://*.clarity.ms https://airtable.com https://js.hscta.net https://*.6sc.co https://epsilon.6sense.com https://*.intercom.io https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.greenhouse.io https://*.dreamdata.cloud data:;img-src * 'self' data: https: 1
object-src 'none'; frame-ancestors 'self'; form-action 'self' ddlnk.net kie-14655.azurewebsites.net kie-14655.design-portfolio.info edit.kie-14655.design-portfolio.info kier.co.uk login.microsoftonline.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' https://pembina2022tf.q4web.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-9db5008ed0674a3f9cef4c2e9a21a6e5'  https://assets.adobedtm.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net https://maps.googleapis.com https://swa.blgwonen.nl https://w.usabilla.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://api.usabilla.com https://tagmanager.google.com https://connect.facebook.net https://translate.google.com; connect-src 'self' https://cdn.cookielaw.org https://dpm.demdex.net https://maps.googleapis.com https://privacyportal-de.onetrust.com https://snsbank.tt.omtrdc.net https://stats.g.doubleclick.net https://swa.blgwonen.nl https://www.google-analytics.com https://api.usabilla.com https://geolocation.onetrust.com https://www.google.com https://adservice.google.com https://www.googletagmanager.com https://upload.snsbank.nl https://snsbank.sc.omtrdc.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://snsbank.demdex.net https://www.youtube.com https://projects.ivorystudio.net https://gateway.zscloud.net https://m.youtube.com; img-src 'self' data: https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://usabilla-themes.s3-eu-west-1.amazonaws.com https://w.usabilla.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.nl https://d6tizftlrpuof.cloudfront.net https://i.ytimg.com https://lh3.ggpht.com https://khms0.googleapis.com https://khms1.googleapis.com https://streetviewpixels-pa.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://www.gstatic.com https://ssl.gstatic.com https://swa.blgwonen.nl https://px4.ads.linkedin.com https://www.linkedin.com https://translate.google.com https://www.google.co.uk https://secure.adnxs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://w.usabilla.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com https://www.googletagmanager.com; object-src 'self'; base-uri 'self' https://d6tizftlrpuof.cloudfront.net; report-uri /web/reportreceiver; 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.google.com www.googleadservices.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com *.g.doubleclick.net js.stripe.com app.certcapture.com www.gstatic.com/recaptcha/ js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com optimize.google.com app.certcapture.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com optimize.google.com *.g.doubleclick.net app.certcapture.com s3.amazonaws.com/certcapture_versioned/ s3.amazonaws.com/certcapture_unversioned/ www.google.ca www.google.co.au www.google.co.in www.google.co.uk www.google.com.mx www.google.com.ph www.google.de www.google.jo www.google.tt; frame-src 'self' www.youtube.com www.youtube-nocookie.com bid.g.doubleclick.net www.googleadservices.com optimize.google.com js.stripe.com app.certcapture.com s3.amazonaws.com/certcapture_versioned/ s3.amazonaws.com/certcapture_unversioned/ www.google.com/recaptcha/; connect-src 'self' www.google-analytics.com analytics.google.com adservice.google.com *.g.doubleclick.net https://*.algolia.net https://*.algolianet.com https://insights.algolia.io app.certcapture.com https://track1099-default-production-activestorage.s3.amazonaws.com bam.nr-data.net; manifest-src 'self'; form-action 'self'; base-uri 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors https://metrika.yandex.ru *.shop.aquaphor.ru ; upgrade-insecure-requests 1
default-src 'self' js.stripe.com challenges.cloudflare.com; font-src 'self' data:; img-src 'self' data:; object-src 'none'; script-src 'self' js.stripe.com challenges.cloudflare.com 'nonce-'; style-src 'self'; connect-src 'self' wss://ws.chain.so js.stripe.com challenges.cloudflare.com 1
frame-ancestors 'self' https: *.wigmore-hall.org.uk; frame-src 'self' https: *.wigmore-hall.org.uk 1
frame-ancestors 'self' https://engage-sj.marketo.com/ 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com https://*.siteimprove.net 'unsafe-inline' 'unsafe-eval' *.msecnd.net *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.ads-twitter.com *.callrail.com *.licdn.com https://siteimproveanalytics.com *.bing.com *.hotjar.com *.doubleclick.net *.livehelpnow.net https://www.youtube.com/iframe_api *.azureedge.net https://w.soundcloud.com *.twitter.com *.rdoequipment.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.polyfill.io https://*.criteo.com https://static.criteo.net https://tags.srv.stackadapt.com https://qvdt3feo.com https://www.clarity.ms https://js.adsrvr.org/up_loader.1.1.0.js https://assets.sitescdn.net/ytag/ytag.min.js https://analytics.tiktok.com/i18n/pixel/events.js 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.azureedge.net *.livehelpnow.net *.rdoequipment.com https://tags.srv.stackadapt.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com data: blob: marketing.rdoequipment.com https://i.ytimg.com https://www.googletagmanager.com *.doubleclick.net https://urldefense.proofpoint.com *.google.bg *.google-analytics.com *.fbcdn.net *.facebook.com *.hotjar.com *.cdninstagram.com *.azurewebsites.net *.blob.core.windows.net *.bigcommerce.com *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://i.vimeocdn.com *.adentifi.com *.linkedin.com https://t.co https://*.twitter.com *.bing.com *.siteimproveanalytics.io *.google.com *.livehelpnow.net https://fmgaggi.com https://p.adsymptotic.com *.hawksearch.net https://*.criteo.com https://manage.hawksearch.com https://cdn.cookielaw.org https://*.clarity.ms https://place-hold.it https://*.dynamics.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.azureedge.net *.hotjar.com *.livehelpnow.net; connect-src https://*.siteimprove.com https://dc.services.visualstudio.com *.livehelpnow.net *.hawksearch.net *.hawksearch.com https://maps.googleapis.com https://*.hawksearch.net https://*.hawksearch.com https://*.americaneagle.com *.google-analytics.com https://*.google.com *.doubleclick.net *.callrail.com wss://app.livehelpnow.net https://mydealer.rdoequipment.com/cdkhe/login *.bing.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.rdoequipment.com https://cdn.cookielaw.org https://*.onetrust.com https://vimeo.com https://*.criteo.com https://tags.srv.stackadapt.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.dynamics.com https://*.googlesyndication.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://developer.livehelpnow.net *.cdninstagram.com; child-src 'self' https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.siteimprove.com *.rdoequipment.com *.azureedge.net *.doubleclick.net *.google.com https://youtube.com *.facebook.com *.hotjar.com https://*.criteo.com https://*.deere.com https://insight.adsrvr.org https://*.dynamics.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.net https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com https://cdn.onesignal.com https://www.google-analytics.com https://v2.zopim.com https://onesignal.com https://www.google.com https://developers.google.com 1
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.skechers.com.au/ *.adobetm.com *.afterpay.com *.demdex.net *.google-analytics.com *.usehero.com afterpay.com foursixty.com; style-src 'self' https: 'unsafe-inline' https://www.skechers.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.usehero.com *.useinsider.com developers.google.com hero-prod-assets.s3-eu-west-1.amazonaws.com hero-service-media-upload-production.s3.eu-west-1.amazonaws.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com *.usehero.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.criteo.com *.demdex.net *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.usehero.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com api.usehero.com bcp.crwdcntrl.net facebook.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com *.pinterest.com; worker-src 'self' blob: *.accentgra.com *.skechers.co.nz *.skechers.com.au; 1
frame-ancestors 'self' *.applitools.com 1
default-src 'self' 'unsafe-inline';frame-src *.google.com *.google.co.in *.googletagmanager.com *.woohoo.in *.valiramgifts.com *.branch.io *.giftbig.com *.youtube.com *.doubleclick.net *.adyen.com;img-src 'self' 'unsafe-inline' checkoutshopper-live.adyen.com ssl.gstatic.com *.gstatic.com *.zopim.com *.cloudfront.net *.google.com *.google.co.in *.facebook.com *.facebook.net *.googleadservices.com *.woohoo.in *.valiramgifts.com *.branch.io *.giftbig.com data: *.google-analytics.com *.amazonaws.com *.googletagmanager.com *.doubleclick.net;media-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.zopim.com data: ;script-src 'self' 'unsafe-inline' checkoutshopper-live.adyen.com *.zdassets.com *.gstatic.com wzrkt.com *.wzrkt.com *.cloudfront.net *.google.com *.google.co.in *.facebook.net *.gstatic.com *.twemoji.maxcdn.com *.segment.com *.zopim.com *.platform.twitter.com *.youtube.com *.apis.google.com *.woohoo.in *.valiramgifts.com *.branch.io *.giftbig.com cdn.polyfill.io *.clevertap.com *.google-analytics.com app.link *.googletagmanager.com *.googleadservices.com *.clevertap-prod.com *.doubleclick.net beacon.crigloo.com;style-src 'self' 'unsafe-inline' checkoutshopper-live.adyen.com *.cloudfront.net tagmanager.google.com *.youtube.com *.woohoo.in *.valiramgifts.com *.branch.io *.giftbig.com *.googleapis.com ;font-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com *.zopim.com *.woohoo.in *.valiramgifts.com *.branch.io *.giftbig.com *.gstatic.com *.googletagmanager.com data: ;connect-src 'self' wss://*.zopim.com *.woohoo.in *.zdassets.com *.zopim.com *.segment.com *.segment.io *.google-analytics.com *.branch.io *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net checkoutshopper-live.adyen.com beacon.crigloo.com; 1
default-src 'self' mark43.com www.mark43.com bugcrowd.com assets.bugcrowdusercontent.com stats.g.doubleclick.net track.hubspot.com perf.hsforms.com forms-na1.hsforms.com gstatic.com www.gstatic.com api.hubapi.com forms.hubspot.com hubspot.com js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net api.livechatinc.com secure.livechatinc.com google.com www.google.com google.ro www.google.ro www.google-analytics.com google-analytics.com googletagmanager.com www.googletagmanager.com googleads.g.doubleclick.net js.hs-scripts.com cdn.livechatinc.com boards.greenhouse.io boards-api.greenhouse.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hsforms.net devmatroid.wpengine.com devmatroid.wpengine.com cdnjs.cloudflare.com unpkg.com secure.gravatar.com fonts.googleapis.com fonts.gstatic.com browser.sentry-cdn.com app.hubspot.com huemor.rocks www.google.com.ph www.google.com forms.hscollectedforms.net  static.hsappstatic.net www.youtube.com analytics.google.com  *.vimeo.com 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self'; 1
upgrade-insecure-requests;connect-src *; frame-ancestors 'self' *.grepolis.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rQDZv7uEfj87lILajvTPxaWvSKa4IZIv0TwEVsufQ8WS+y2i' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 1
default-src 'self' https:; font-src 'self' https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://fonts.gstatic.com/ https://p1.answerdash.com/ https://maxcdn.bootstrapcdn.com/; img-src 'self' data: https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.paypal.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com https://chart.googleapis.com/ https://www.google.com/ https://www.google.ca/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.zopim.io/ https://api.smooch.io/ https://hover.zendesk.com/ https://*.licdn.com/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.google-analytics.com/ https://www.googleadservices.com/ https://*.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com https://*.braintreegateway.com/ https://*.paypal.com/ https://*.marketingsolutions.yahoo.com/ https://cdnjs.cloudflare.com/ https://www.paypalobjects.com/ https://browser.sentry-cdn.com/ https://sentry.io/ https://p1.answerdash.com/ https://utt.impactcdn.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://static.zdassets.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://googleads.g.doubleclick.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://p1.answerdash.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.paypal.com/; frame-src 'self' https://assets.braintreegateway.com/ https://td.doubleclick.net/ https://*.fls.doubleclick.net/ https://*.kaptcha.com/ https://*.paypal.com/ https://*.hsforms.net/ https://*.hsforms.com/; connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://*.braintree-api.com/ https://*.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://*.paypal.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://ekr.zdassets.com/ https://ad.doubleclick.net/ https://stats.g.doubleclick.net/ wss://widget-mediator.zopim.com/ https://cdn.linkedin.oribi.io/ https://sentry.io/ https://www.facebook.com/ https://*.hscollectedforms.net/ https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://static.zdassets.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/raven.js/3.25.2/raven.js https://d10zminp1cyta8.cloudfront.net/widget.js https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hs-banner.com/v2/25492484/banner.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-scripts.com/25492484.js https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://js-eu1.hsadspixel.net/fb.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://career.recruitee.com https://forms-eu1.hubspot.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://js-eu1.hs-analytics.net/analytics/ https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://lg.core-backbone.com; img-src 'self' data: https://forms-eu1.hsforms.com https://maps.google.com https://maps.gstatic.com https://www.google-analytics/collect https://maps.googleapis.com https://ps.w.org https://forms-eu1.hsforms.com/embed/v3/counters.gif https://track-eu1.hubspot.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.consentmanager.net www.etracker.de de.etracker.com https://delivery.consentmanager.net https://use.typekit.net/eho0yem.js cdn.consentmanager.net delivery.consentmanager.ne use.typekit.net c.delivery.consentmanager.net code.etracker.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' https://cdn.consentmanager.net www.etracker.de de.etracker.com https://delivery.consentmanager.net https://use.typekit.net/eho0yem.js cdn.consentmanager.net delivery.consentmanager.net use.typekit.net c.delivery.consentmanager.net code.etracker.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; frame-ancestors 'self' https://*.etracker.com *.etracker.com; report-uri https://www.volkswagenstiftung.de/de/report-uri/enforce 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-N2M4MDJmN2ItZjQzNS00ZjUzLWFjZDItYTVkZTQwZDQ0NjI1' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://*.timeblockr.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.timeblockr.com; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-N2M4MDJmN2ItZjQzNS00ZjUzLWFjZDItYTVkZTQwZDQ0NjI1' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://*.timeblockr.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://*.timeblockr.com;  1
default-src 'none';frame-src 'self' blob: *.boxtal.com; frame-ancestors 'self'; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.boxtal.com; connect-src *.boxtal.com; img-src 'self' blob: data: https://* resource.boxtal.com; form-action 'self'; base-uri 'self' 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'self' blob: https: 'unsafe-inline'; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com static.olark.com use.typekit.net; frame-src 'self' www.sandbox.paypal.com www.paypalobjects.com www.paypal.com static.olark.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com guarantee-cdn.com; 1
frame-ancestors 'self' https://dasmailarchiv.ch https://www.sitejet.io 1
style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com; img-src 'self' data: *.google-analytics.com https://evocms.s3.amazonaws.com *.doubleclick.net *.adfenix.com *.sfnix.com *.sfnix.net *.googleapis.com *.google.com *.google.co.uk *.google.ie *.gstatic.com *.ggpht.com *.googletagmanager.com *.facebook.com *.ytimg.com  *.vimeocdn.com *.icims.com  *.postcodeanywhere.co.uk *.your-move.co.uk *.reedsrains.co.uk https://script.hotjar.com/ *.convertize.io https://www.your-move.co.uk/uploads; frame-src 'self' *.doubleclick.net *.adfenix.com *.hotjar.com *.facebook.com *.google.com *.audioagent.com https://watchvid.io premium.giraffe360.com tour.giraffe360.com *.youtube.com  https://youtu.be  *.vimeo.com  *.icims.com  *.matterport.com  *.vieweet.com *.livechatinc.com *.investis.com; script-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.adfenix.com *.hotjar.com *.googletagmanager.com https://core-aws.evocdn.co.uk *.youtube.com  https://akya.io *.convertize.io https://cs.commversion.com *.livechatinc.com https://cht-srvc.net 'nonce-1d315a'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://evocms.s3.amazonaws.com/ https://script.hotjar.com/ https://cdn.livechatinc.com/widget/; connect-src 'self' *.facebook.com *.adfenix.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.doubleclick.net *.convertize.io; 1
default-src 'self' blob: https://player.vimeo.com https://vod-progressive.akamaized.net https://*.reiseversicherung.de; child-src 'self' *.mouseflow.com; connect-src 'self' ws: sentry.sumcumo.net sc-sentry.sumcumo.net *.google-analytics.com pagead2.googlesyndication.com/ https://www.reiseversicherung.de https://gapi.storyblok.com/v1/api https://scip-sales.nexible.de/form-api https://player.vimeo.com https://privacyportal-de.onetrust.com  https://api.inbenta.io https://api-gce2.inbenta.io https://geolocation.onetrust.com https://app.storyblok.com https://gapi.storyblok.com https://a.storyblok.com auth.stage.nexible.io customer.stage.nexible.io https://*.nexible.de adservice.google.com https://bat.bing.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org ct.pinterest.com https://o2.mouseflow.com https://stats.g.doubleclick.net https://ad.doubleclick.net www.google-analytics.com www.facebook.com www.google.com www.google.at pagead2.googlesyndication.com/ https://api.storyblok.com https://*.emarsys.net https://*.nexible.de app.vwo.com *.visualwebsiteoptimizer.com https://*.scarabresearch.com/ *.mouseflow.com *.dev.nonprod.nexible.de https://privacyportal-de.onetrust.com https://*.stage.nexible.io https://*.nexible.io https://*.reiseversicherung.de; font-src 'self' https://cdn.inbenta.io https://*.nexible.de/ data: https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com https://*.nexible.de *.mouseflow.com https://*.reiseversicherung.de https://*.nexible.de; frame-src 'self' *.trustpilot.com https://player.vimeo.com *.nexible.de *.nexible.at *.nexible.es *.nexible.io *.doubleclick.net https://tracker.yougov.com https://track.adform.net tpc.googlesyndication.com www.googletagmanager.com www.facebook.com ct.pinterest.com www.pinterest.de www.pinterest.com app.vwo.com *.visualwebsiteoptimizer.com *.mouseflow.com; frame-ancestors 'self' *.nexible.de *.nexible.at *.nexible.es *.storyblok.com *.reiseversicherung.de; img-src 'self' data: https://gapi.storyblok.com/v1/api https://scip-sales.nexible.de/form-api https://i.vimeocdn.com https://static-or00.inbenta.com https://a.storyblok.com 'unsafe-inline' browser-update.org cx.atdmt.com https://bat.bing.com https://cdn.cookielaw.org https://www.pinterest.com ct.pinterest.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.at https://www.google.de https://www.google.be https://www.google.com https://www.google.de https://www.google.it https://www.google.lv https://www.google.pl https://www.google.sk https://www.google.hr https://www.google.co.uk https://www.googletagmanager.com https://www.gstatic.com images.unsplash.com https://pagead2.googlesyndication.com/ optanon.blob.core.windows.net https://fonts.gstatic.com https://*.nexible.de/ app.vwo.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com *.mouseflow.com cdn.cookielaw.org *.reiseversicherung.de; media-src https://player.vimeo.com https://vod-progressive.akamaized.net https://a.storyblok.com https://*.reiseversicherung.de; object-src 'self'; report-uri ; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'  https://geolocation.onetrust.com https://sdk.inbenta.io https://app.storyblok.com https://gapi.storyblok.com https://*.nexible.de *.trustpilot.com https://bat.bing.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.pinimg.com https://tagmanager.google.com https://track.adform.net https://tracker.yougov.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com tpc.googlesyndication.com https://app.storyblok.com https://*.nexible.de/ app.vwo.com *.visualwebsiteoptimizer.com https://*.scarabresearch.com/ *.mouseflow.com https://geolocation.onetrust.com https://www2.reiseversicherung.de https://*.reiseversicherung.de; style-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https://sdk.inbenta.io https://*.nexible.de data: https://cdnjs.cloudflare.com https://d2914r2tyo8b9v.cloudfront.net https://dhm5hy2vn8l0l.cloudfront.net https://fonts.googleapis.com https://*.googletagmanager.com https://*.nexible.de/ app.vwo.com *.visualwebsiteoptimizer.com s3.amazonaws.com https://*.reiseversicherung.de; worker-src 'self' blob: 1
report-uri https://www.i24.nl, default-src 'self', base-uri 'self', form-action = 'self, frame-ancestors 'none' 1
default-src 'self';script-src www.epool.ru 'unsafe-inline' 'unsafe-eval' business.cdn-tinkoff.ru tagmanager.google.com www.google-analytics.com connect.facebook.net *.yandex.ru yastatic.net sso-forms-prod.cdn-tinkoff.ru *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org 'self' *.retailrocket.ru cdn.ravenjs.com *.criteo.net vjs.zencdn.net www.facebook.com top-fwz1.mail.ru *.criteo.com ajax.googleapis.com *.retailrocket.net cdn.diginetica.net *.googletagmanager.com ulogin.ru *.mango-office.ru *.googleadservices.com tracking.diginetica.net cdn.jsdelivr.net *.doubleclick.net code.jquery.com vk.com cdn.pydata.org *.maps.yandex.net yandex.st *.caltat.com *.epool.ru doubleclick.net googleadservices.com *.twiago.com https://unpkg.com/swiper@6/swiper-bundle.min.js;style-src 'self' 'unsafe-inline' *.retailrocket.ru tagmanager.google.com vjs.zencdn.net maxcdn.bootstrapcdn.com *.retailrocket.net fonts.googleapis.com cdn.jsdelivr.net cdn.pydata.org cdn.diginetica.net;font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com vjs.zencdn.net cdn.retailrocket.net;img-src 'self' data: ssl.gstatic.com www.google-analytics.com yandex.ru grade.market.yandex.ru *.yandex.ru counter.yadro.ru www.facebook.com ad.mail.ru yastatic.net google-analytics.bi.owox.com dis.eu.criteo.com yendex.st tracking.diginetica.net *.google.com *.doubleclick.net video.egazon.ru avatars.mds.yandex.net *.yandex.net *.criteo.com www.gstatic.com www.google.ru vk.com *.retailrocket.net ulogin.ru clck.yandex.ru www.google.com.ua gstatic.com www.googletagmanager.com *.rupool.ru *.aquamarket.ru *.azuro.ru *.ebolgarka.ru *.efontan.ru *.ekamin.ru *.emozaika.ru *.enasos.ru  *.eparilka.ru *.eskazka.ru *.estairs.ru *.evanna.ru *.evoda.ru *.evozduh.ru *.pavilions.ru *.poolmagic.ru *.super-spa.ru *.epool.ru *.egazon.ru top-fwz1.mail.ru www.google.by www.google.kz *.criteo.net *.elustra.ru *.lubluteplo.ru login.vk.com;media-src video.egazon.ru *.epool.ru blob:;worker-src 'self' *.criteo.com *.epool.ru blob:;connect-src 'self' analytics.google.com vk.com top-fwz1.mail.ru yandex.ru mc.yandex.ru *.retailrocket.net logstash.epool.ru doubleclick.net googleadservices.com cdn.jsdelivr.net api-statist.tinkoff.ru *.diginetica.net 7.evoda.ru www.evoda.ru www.google-analytics.com autocomplete.diginetica.net google-analytics.bi.owox.com *.dadata.ru *.doubleclick.net *.googleadservices.com www.google.com queries.diginetica.net cdn.diginetica.net ajax.googleapis.com mc.yandex.kz *.azuro.ru *.epool.ru *.aquamarket.ru stats.g.doubleclick.net *.retailrocket.ru www.google.ru data:;frame-src 'self' www.facebook.com *.criteo.com *.criteo.net yandex.ru connect.facebook.net code.jquery.com *.yandex.ru ulogin.ru *.twiago.com; 1
default-src 'self' api.marker.io app.guestoo.de app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.linkedin.oribi.io cdn.matomo.cloud *.cdninstagram.com *.clarity.ms *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io *.excentos.com www.facebook.com *.fbcdn.net *.firebot.io *.flockler.app *.flockler.com flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.iconfinder.com *.ingest.sentry.io *.licdn.com *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io svrdntfctn.com *.twimg.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io app.guestoo.de app.marker.io *.aticdn.net *.bootstrapcdn.com *.clarity.ms *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.excentos.com *.firebot.io *.flockler.app *.flockler.com *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me snap.licdn.com ssr.marker.io svrdntfctn.com *.webasto.com webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io app.guestoo.de app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.clarity.ms *.clickdimensions.com https://connect.facebook.net/ *.easyway.site edge.marker.io *.elfsquad.io *.excentos.com *.firebot.io firebot.io *.flockler.app *.flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io svrdntfctn.com *.usercentrics.eu *.webasto.com webasto.matomo.cloud webastoamericas.bullseyelocations.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://climatejustice.social; img-src 'self' https: data: blob: https://climatejustice.social; style-src 'self' https://climatejustice.social 'nonce-Rn4FMzP4DhCvBGttrQCUBA=='; media-src 'self' https: data: https://climatejustice.social; frame-src 'self' https:; manifest-src 'self' https://climatejustice.social; form-action 'self'; child-src 'self' blob: https://climatejustice.social; worker-src 'self' blob: https://climatejustice.social; connect-src 'self' data: blob: https://climatejustice.social https://climatejustice.social wss://climatejustice.social; script-src 'self' https://climatejustice.social 'wasm-unsafe-eval' 1
script-src 'strict-dynamic' 'self' 'nonce-UYuvLNTWgYLuBEgWA4jMXw==' 'report-sample'; report-uri /lakeviewiamprod.onmicrosoft.com/B2C_1A_SignUpOrSignIn/client/cspreport?p=B2C_1A_SignUpOrSignIn 1
frame-ancestors https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; media-src mediastream: blob: https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; style-src blob: 'self' 'unsafe-inline' https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; img-src * blob: 'self' data: https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; connect-src blob: 'unsafe-inline' https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; frame-src https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; font-src https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; default-src https://online.uniton.ru https://go.uniton.ru https://stat.uniton.ru https://www.uniton.ru https://uniton.ru https://mail.uniton.ru https://www.r-uniton.ru https://r-uniton.ru https://xn--h1ajbdt3e.xn--p1ai https://uniton.yabudu.ru https://ajax.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://cdn.dashjs.org https://www.google-analytics.com https://vk.com https://mc.yandex.ru https://www.googletagmanager.com https://mc.yandex.ru https://google-analytics.com https://login.vk.com https://yandex.ru https://youtube.com https://www.youtube.com https://metrika.yandex.ru https://fonts.googleapis.com; 1
default-src 'self' www.youtube.com youtube.com embedr.flickr.com www.facebook.com facebook.com player.vimeo.com *.vimeocdn.com my.matterport.com packages.umbraco.org our.umbraco.org www.google-analytics.com *.typekit.net stats.g.doubleclick.net  'unsafe-inline';    script-src 'self' 'unsafe-inline' 'unsafe-eval' embedr.flickr.com *.youtube.com *  *.my.matterport.com *.ytimg.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com ajax.aspnetcdn.com cdnjs.cloudflare.com *.typekit.net ajax.googleapis.com;    style-src 'self'  'unsafe-inline' fonts.googleapis.com embedr.flickr.com cdnjs.cloudflare.com *.typekit.net cdn.jsdelivr.net stackpath.bootstrapcdn.com ajax.aspnetcdn.com ajax.googleapis.com stats.g.doubleclick.net code.jquery.com;    img-src 'self' live.staticflickr.com embedr.flickr.com i.ytimg.com  *.google.com *.google.ca www.google-analytics.com www.youtube.com my.matterport.com *.typekit.net umbraco.tv *.googleapis.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com stats.g.doubleclick.net data:;    font-src 'self' fonts.googleapis.com fonts.gstatic.com embedr.flickr.com cdnjs.cloudflare.com *.typekit.net cdn.jsdelivr.net ;  frame-src 'self' *.vimeo.com *.facebook.com embedr.flickr.com facebook.com *.fbcdn.net *.facebook.net video.fyka1-1.fna.fbcdn.net secure.campaigner.com *.youtube.com *.my.matterport.com * www.google.com; form-action 'self'; base-uri 'self'; 1
child-src 'self' https://www.youtube.com https://www.google.com 1
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch; object-src 'self'; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fonts.intercomcdn.com data:; connect-src 'self' c.jobscout24.ch adservice.google.com *.g.doubleclick.net *.tealiumiq.com *.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com www.google.ch www.google.com www.google.de www.google.fr www.google.it wss://*.intercom.io https://*.intercom.io https://*.eu.intercom.io https://*.eu.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com *.jobs.ch *.lokalise.com https://www.facebook.com/tr/ https://ingest.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://bat.bing.com *.clarity.ms/collect *.creativecdn.com; frame-src 'self' https://*.hotjar.com *.jobs.ch tpc.googlesyndication.com *.google.com landbot.io *.alisearch.ch *.criteo.com *.doubleclick.net https://maps.google.de https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://widget.eu.criteo.com/ *.creativecdn.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com; script-src 'nonce-0deIHT7mD26To7OOHrzmSgbTLXIpAlXJUBAR3r5pMp4=' 'self' 'sha256-4xaBeTeGhaTJUTflU97MvimdBrAPDQ8nIcRN627uhqQ=' 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-zl6W6Kb3WQbCwq/2GhFpSTTmTKL0WJPu7xBa2A1gxrU=' https://visitor-service-eu-central-1.tealiumiq.com https://visitor-service.tealiumiq.com *.tealiumiq.com *.tiqcdn.com *.criteo.net *.hotjar.com https://www.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.appcast.io https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.fr https://api.microsofttranslator.com https://sslwidget.criteo.com https://tpc.googlesyndication.com *.gstatic.com *.intercom.io *.intercomcdn.com *.landbot.io c.jobscout24.ch https://524003370.collect.igodigital.com lokalise.co lokalise.com *.lokalise.com https://connect.facebook.net https://sslwidget.criteo.com https://package.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://*.hotjar.com https://bat.bing.com/ https://www.clarity.ms/ tags.creativecdn.com 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-EhZylS+VkNAyZeNbVSY9oQZpK1Eu/148ksMpqd2IWJY=' 'sha256-KaIKxRygrKWFF9Qry6CqCrzyop6GuujvlA3kB2l/5PQ=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-rfxMjpKvHZ5q7a0ZIT4Dzs87I4/diEeTs4ujyYs2u3g=' 'sha256-ziBMm/iX6dmVGECRsbk6tynf1XeLf3Okehr5YmdujKM='; report-uri https://o348636.ingest.sentry.io/api/5513946/security/?sentry_key=98e5add7cc8144b7a8bf44f69c20cb42; report-to csp-endpoint;  1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://hm.baidu.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://www.googletagmanager.com https://www.google-analytics.com https://www.recaptcha.net https://www.gstatic.com 1
frame-src www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net vars.hotjar.com www.youtube.com www.booking.com air-miles.leadfamly.com *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' https://loyaltygateway.com/rewards/ fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' https://loyaltygateway.com/rewards/ script.hotjar.com fonts.gstatic.com; img-src 'self' *.airmiles.nl *.airmilesshop.nl *.jibecompany.com media.umbraco.io www.googletagmanager.com www.google-analytics.com www.google.com www.google.nl *.doubleclick.net s3-eu-west-1.amazonaws.com obipubvideo.s3.eu-central-1.amazonaws.com script.hotjar.com www.facebook.com cook.shortest-route.com *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com data:; connect-src 'self' *.airmiles.nl *.umbraco.io *.blob.core.windows.net *.google-analytics.com stats.g.doubleclick.net *.obi4wan.com obipubvideo.s3.eu-central-1.amazonaws.com *.pusher.com wss://*.pusher.com *.visualwebsiteoptimizer.com app.vwo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.applicationinsights.azure.com https://loyaltygateway.com/rewards/ https://api.airmiles.nl; script-src 'self' 'unsafe-eval' *.airmiles.nl www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.adform.net *.visualwebsiteoptimizer.com app.vwo.com cloudstatic.obi4wan.com/chat/ stats.pusher.com *.hotjar.com connect.facebook.net https://loyaltygateway.com/rewards/ 'nonce-cb271a41-c01e-0071-6eb0-4db408000000'; frame-ancestors 'self' www.shell.nl; worker-src blob: 1
frame-ancestors 'self' *.moveinsync.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.rusweek.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
script-src 'self' 'unsafe-inline' ajax.cloudflare.com static.cloudflareinsights.com www.paypal.com googleads.g.doubleclick.net static.ads-twitter.com analytics.tiktok.com www.google.com www.clarity.ms connect.facebook.net script.hotjar.com static.hotjar.com widget.trustpilot.com widget.mercuryo.io www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://widget.mercuryo.io; worker-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http:; style-src 'self' 'unsafe-inline'; img-src 'self' http: data:; connect-src 'self' http://www.clarkcountycourts.us/; font-src 'self' data: https://fonts.gstatic.com; media-src 'self'; frame-src https: 1
frame-ancestors ; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com dev.visualwebsiteoptimizer.com; font-src 'self' use.typekit.net fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org dev.visualwebsiteoptimizer.com blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com; 1
default-src 'self' https://www.cdnvx.com/; connect-src 'self' https://www.cdnvx.com/ https://gray1.webtomed.com:12202/ https://*.algolia.net https://*.algolianet.com https://tagmanager.google.com/debug https://www.google-analytics.com https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.com https://*.google.com https://*.gstatic.com https://attestation.android.com https://*.googleapis.com; font-src * data:; frame-src 'self' https://www.youtube.com https://*.vimeo.com https://*.google.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://adserve.webtomed.com; img-src * data:; script-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; report-uri /_csp/report 1
default-src 'self' *.uhk.cz;font-src 'self' data: fonts.gstatic.com;connect-src 'self' *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.google-analytics.com *.uhk.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.glami.cz *.ebscohost.com *.facebook.net *.imedia.cz *.seznam.cz *.doubleclick.net *.gstatic.com reenio.cz *.licdn.com *.uhk.cz;form-action 'self' *.facebook.com *.facebook.net uhk.rezervace.online;frame-src 'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz *.seznam.cz uhk.rezervace.online tourmkr.com experts.ai *.spotify.com forms.office.com login.windows.net login.microsoftonline.com;worker-src 'self' blob: www.youtube.com *.iplatba.cz *.google.com *.facebook.com cdn.knightlab.com *.imedia.cz *.seznam.cz uhk.rezervace.online tourmkr.com experts.ai;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.glami.cz *.fg.cz *.placeholder.com *.uhk.cz *.ebscohost.com *.facebook.com *.imedia.cz *.seznam.cz i.ytimg.com *.linkedin.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.uhk.cz;object-src 'self' 1
frame-ancestors doradobet.com www.doradobet.com sb1client-altenar.biahosted.com *.virtualsoft.tech https://casinogranpalaciomx.com https://casinomiravallepalace.com https://casinointercontinentalmx.com https://netabet.com.mx https://casinoastoriamx.com https://winbet.la https://ecuabet.com https://mobile.justbetja.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.w4.no; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.w4.no js.stripe.com *.paddle.com *.googletagmanager.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.facebook.net challenges.cloudflare.com; img-src 'self' i.imgur.com *.paddle.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.no i.ytimg.com *.gravatar.com data:; style-src 'self' 'unsafe-inline' *.paddle.com fonts.googleapis.com; child-src 'self'; connect-src 'self' *.w4.no api.stripe.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.no; font-src 'self' fonts.gstatic.com data:; frame-src 'self' js.stripe.com hooks.stripe.com www.youtube-nocookie.com *.paddle.com bid.g.doubleclick.net *.facebook.com challenges.cloudflare.com; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://rt.poleasingowe.pl https://auth.carscanner.io https://api.carscanner.io https://cdn.carscanner.io https://www.google-analytics.com https://stats.g.doubleclick.net/ https://api.rankolabs.net/ https://cdn.linkedin.oribi.io/ https://consentcdn.cookiebot.com/ https://in.hotjar.com https://content.hotjar.io https://vc.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://scripts.viewer.vumo.ai https://api.carscanner.vumo.ai https://cdn.scans.vumo.ai; font-src 'self' https://fonts.googleapis.com  data: https:; form-action 'self' 'report-sample' https:; frame-ancestors 'self'; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://www.google.com https://www.openstreetmap.org *.fls.doubleclick.net https://www.youtube.com https://www.autotesto.pl https://autotesto.pl https://ls.hit.gemius.pl https://consentcdn.cookiebot.com/ https://vars.hotjar.com; img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://region1.google-analytics.com http://remarketing.serwersms.pl https://remarketing.serwersms.pl https://www.facebook.com https://www.google.pl https://a-poleasingowe.youlead.pl http://m-poleasingowe.youlead.pl https://m-poleasingowe.youlead.pl https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com https://linkedin.com http://www.googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.tile.openstreetmap.org https://px.ads.linkedin.com https://i.ytimg.com https://www.pkobp.pl https://www.autotesto.pl https://autotesto.pl https://www.linkedin.com https://cdn.carscanner.io https://scripts.carscanner.io https://googleads.g.doubleclick.net https://incsstorageprod.blob.core.windows.net https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com/ https://*.tile.openstreetmap.org/ https://poleasingowe.pl https://aukcje.pkoleasing.pl https://nissan.poleasingowe.pl https://aukcje.sgef.pl https://aliorleasing.poleasingowe.pl https://pekaoleasing.poleasingowe.pl https://santander.poleasingowe.pl https://inglease.poleasingowe.pl https://millenniumleasing.poleasingowe.pl https://pko.dev.ecr.com.pl https://dev.poleasingowe.pl https://nissan.dev.poleasingowe.pl https://dev.aukcje.sgef.pl https://millenniumleasing.dev.poleasingowe.pl/ https://cdn.scans.vumo.ai data: https: blob:; manifest-src 'self'; media-src 'self' 'unsafe-inline' data: https:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://connect.facebook.net https://snap.licdn.com http://remarketing.serwersms.pl https://remarketing.serwersms.pl http://m-poleasingowe.youlead.pl https://m-poleasingowe.youlead.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://region1.google-analytics.com http://cdnjs.cloudflare.com http://script.crazyegg.com https://script.crazyegg.com https://a-poleasingowe.youlead.pl https://www.gstatic.com https://px.ads.linkedin.com http://connect.facebook.net https://connect.facebook.net https://staticxx.facebook.com https://maps.googleapis.com https://www.google.com https://www.facebook.com https://www.openstreetmap.org https://ajax.googleapis.com https://www.autotesto.pl https://autotesto.pl https://scripts.carscanner.io https://auth.carscanner.io https://api.carscanner.io https://prefix.hit.gemius.pl https://pro.hit.gemius.pl https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.youtube.com https://s.ytimg.com https://unpkg.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://static.hotjar.com https://script.hotjar.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://partner.rankomat.pl https://scripts.viewer.vumo.ai; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.pe doctoraliaone-pe2-candidate.azurewebsites.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://customer.uat.irembopay.com  https://maxcdn.bootstrapcdn.com  code.jquery.com  netdna.bootstrapcdn.com maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com  maps.googleapis.com netdna.bootstrapcdn.com cdnjs.cloudflare.com;  style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com code.getmdl.io netdna.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com ; font-src 'self' data: https://maxcdn.bootstrapcdn.com  kendo.cdn.telerik.com fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  data: w3.org  www.google-analytics.com;  connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com kendo.cdn.telerik.com fonts.googleapis.com unpkg.com www.google-analytics.com fonts.gstatic.com https://stats.g.doubleclick.net ; 1
frame-ancestors https://tataepp.stagingshop.com 1
frame-ancestors 'none'; always; 1
frame-ancestors 'self' https://mydomains.marcaria.com https://www.marcaria.com http://www.marcaria.com https://appz.marcaria.com http://appz.marcaria.com http://panel.marcaria.com http://panel.marcaria.com https://localhost:44354/ https://website.marcaria.net 1
default-src 'self'; script-src 'self' 'nonce-leX-WkejKsgKWo9qXtiW91xBTDODqS60oW_rodw5AnceMsopMdWr8g' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com hmbbfdi-staging.tom.augenarbeiter.de hmbbfdi-prod.tom.augenarbeiter.de datenschutz-hamburg.de *.datenschutz-hamburg.de blob:; style-src-elem 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://datenschutz-hamburg.de/@http-reporting?csp=report&requestTime=1705977337585146 1
report-to slardar-endpoint; frame-ancestors 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com blob: https://app.qubit.com https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://analytics.tiktok.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myvitamins.com https://*.storystream.ai https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://*.vimeocdn.com https://*.akamaized.net https://*.pndsn.com https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://player.vimeo.com https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://checkout.myvitamins.com https://m.myvitamins.com https://www.myvitamins.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn https://media.storystream.ai https://d7c4jjeugag9w.cloudfront.net https://player.vimeo.com https://*.akamaized.net https://*.vimeocdn.com blob: https://*.myvitamins.com https://d7c4jjeuqag9w.cloudfront.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://ssl.trustpilot.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://apps.storystream.ai https://ucarecdn.com https://cdn.pubnub.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-src 'self' *.voxus.com.br *.voxus.tv optimize.google.com *.hotjar.com *.hotjar.io *.handtalk.me tpc.googlesyndication.com *.pinterest.com archtrends.com *.sendlook.com *.facebook.com www.googletagmanager.com *.matterport.com *.youtube-nocookie.com www.google-analytics.com www.youtube.com www.google.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.gruposinternet.com.br; img-src 'self' data: blob: https: 'unsafe-inline' *.crazyegg.com  portobelloshop.my.site.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.gruposinternet.com.br www.google-analytics.com *.googleapis.com *.gstatic.com *.kaspersky-labs.com; style-src 'self' cdn.jsdelivr.net *.crazyegg.com  portobelloshop.my.site.com optimize.google.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.typekit.net fonts.googleapis.com *.sfdcstatic.com *.typekit.net *.gstatic.com 'unsafe-inline'; font-src fonts.googleapis.com *.sfdcstatic.com *.typekit.net *.gstatic.com data: 'unsafe-inline' 'self';   script-src 'self' *.licdn.com *.crazyegg.com cdn.jsdelivr.net *.datadoghq-browser-agent.com *.voxus.com.br api.scalink.com.br unpkg.com script.crazyegg.com *.clarity.ms portobelloshop.my.site.com tpc.googlesyndication.com static.indoleads.com *.yimg.com www.googleoptimize.com *.cloudflare.com *.google.com.br *.hotjar.com *.hotjar.io  *.google.com s.pinimg.com www.googleadservices.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.tailtarget.com *.go2cloud.org *.salesforceliveagent.com  *.handtalk.me *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.igodigital.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.googleapis.com www.google.com static.cloudflareinsights.com *.gstatic.com *.cloudfront.net 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com; default-src 'self' *.crazyegg.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.gruposinternet.com.br *.typekit.net *.gstatic.com; child-src 'self' blob: www.googletagmanager.com www.google-analytics.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.gruposinternet.com.br www.youtube.com; connect-src 'self' blob: *.linkedin.com *.googlesyndication.com checkip.amazonaws.com *.crazyegg.com *.browser-intake-datadoghq.com api.ipify.org *.loggly.com *.voxus.com.br api.scalink.com.br script.crazyegg.com *.clarity.ms *.yimg.com vc.hotjar.io *.gstatic.com analytics.google.com wss://*.hotjar.com *.hotjar.io *.r2u.io *.cloudfunctions.net *.hotjar.com *.hotjar.io *.archtrends.com *.portobello.com.br *.ibge.gov.br tools.ietf.org ct.pinterest.com *.handtalk.me *.doubleclick.net *.facebook.com *.archtrends.com portokollportobello.websiteseguro.com *.securiti.ai *.salesforceliveagent.com *.force.com *.salesforce.com *.facebook.net *.navdmp.com *.doubleclick.net  *.portobello.com.br *.tradetools.co *.portobelloshop.com.br *.gruposinternet.com.br www.googletagmanager.com www.google-analytics.com *.googleapis.com *.rdstation.com.br *.archtrend.com archtrends.com  *.enturma.com.br *.devel2 viacep.com.br; frame-ancestors 'self' *.pointer.com.br  *.archtrends.com *.portobello.com.br; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-DF6nOftCq803CiTf6TrjCg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.datacenterhub.org wss://vncproxy.datacenterhub.org wss://datacenterhub.org https://datacenterhub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://www.purdue.edu; default-src 'self' https://*.datacenterhub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://at.alicdn.com/t/; form-action 'self'; frame-ancestors 'self' https://ag.purdue.edu; frame-src 'self' https://*.datacenterhub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com; worker-src blob:; media-src 'self' data:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
frame-ancestors 'self' http://mgr.moe.edu.tw https://epaper.edu.tw 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-K2p6QldpejFncXVlSzcvdEk5aW9Nc3owWkNvdnhKWVprVVN0a2E1c2RLYz06blV1dU5oVEYrT0RyZi9TOFJ2ZnVDdm1lTEZwSjkvVnEwQ2ZpM01BNElNRT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self' https://colla.test.msk-com.ru;frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' https://colla.test.msk-com.ru 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.dk *.danskebank.se https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com; object-src 'self' video.qbrick.com; frame-src 'self' https://9856684.fls.doubleclick.net https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.se https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com bankid://* https://cloud-emea.analytics-egain.com https://logon.danskenet.com; 1
img-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com https://*.google.co.in https://lh5.ggpht.com https://*.carwale.com http://*.carwale.com https://*.autobiz.in/bhrigu/pixel.gif https://*.lead2retail.in/bhrigu/pixel.gif data:;script-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://script.crazyegg.com https://dialer.cwsystem.in https://emergeapp6.ameyoemerge.in:8443 https://*.google.com/jsapi https://*.firebaseio.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com/ads https://*.google.co.in/ads https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.gstatic.com https://emergeapp6.ameyoemerge.in:8443 https://dialer.cwsystem.in https://code.jquery.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.autobiz.in https://*.lead2retail.in https://autobiz.in https://lead2retail.in;frame-src 'self' https://ops.autobiz.in https://*.lead2retail.in https://dialer.cwsystem.in https://agent1.cloudagent.in https://emergeapp6.ameyoemerge.in:8443 https://*.carwale.com/ https://*.bikewale.com/; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
script-src 'report-sample' 'nonce-ngUCRS5h640dauLL1BzsfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self' *.hotjar.com *.hotjar.io app.cloud.scorm.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; script-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com js.recurly.com knowany.service.signalr.net knowany-dev.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google.com www.google-analytics.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com fonts.googleapis.com fonts.gstatic.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com js.recurly.com knowany.service.signalr.net knowany-dev.service.signalr.net netdna.bootstrapcdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; img-src 'self' data: *.hotjar.com *.hotjar.io *.knowledgeanywhere.com *.lynda.com *.opensesame.com app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com blob: bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com i.vimeocdn.com i.ytimg.com knowany.service.signalr.net knowany-dev.service.signalr.net media.licdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com www.google-analytics.com; font-src 'self' *.hotjar.com *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com fonts.googleapis.com fonts.gstatic.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net netdna.bootstrapcdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; media-src *.hotjar.com *.hotjar.io app.cloud.scorm.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; frame-src 'self' *.hotjar.com *.hotjar.io *.vimeo.com *.youtube.com app.cloud.scorm.com app.cloud.scorm.com app.getbeamer.com app.pandadoc.com backend.getbeamer.com bookmarklet-prototype.lrs.io cloud.scorm.com content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net players.brightcove.net stats.g.doubleclick.net vod-progressive.akamaized.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google.com www.google-analytics.com; 1
default-src 'none'; child-src 'none'; connect-src 'self' *.fullstory.com *.gbci.org https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net *.slideshare.net prd-msearch.usgbc.org https://analytics.google.com *.analytics.google.com googletagmanager.com https://platform-api.usgbc.org/ https://platform-api.usgbc.org; font-src *; frame-src 'self' *.vimeo.com *.youtube.com *.gbci.org *.slideshare.net build.usgbc.org *.recaptcha.net cert-xiecomm.paymetric.com xiecomm.paymetric.com; img-src * data:; media-src 'self' *.gbci.org *.slideshare.net usgbc-web.s3.amazonaws.com gbci.s3.amazonaws.com; object-src 'self'; script-src 'self' *.twitter.com bomeimedia.com analytics.kapost.com cdn.ckeditor.com netdna.bootstrapcdn.com/ www.google-analytics.com/ s3.amazonaws.com/gbci/ use.typekit.com *.fullstory.com pi.pardot.com *.gbci.org fullstory.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com https://pi.pardot.com https://build.usgbc.org https://www.googletagmanager.com googletagmanager.com ajax.googleapis.com https://ajax.googleapis.com googleadservices.com www.googleadservices.com recaptcha.net https://www.recaptcha.net gstatic.com https://www.gstatic.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com *.gbci.org s3.amazonaws.com/gbci/ use.fontawesome.com maxcdn.bootstrapcdn.com p.typekit.net cloud.typography.com usgbc-web.s3.amazonaws.com fonts.googleapis.com https://cdn.datatables.net https://cdn.linearicons.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; base-uri 'self'; form-action 'self' cert-xiecomm.paymetric.com xiecomm.paymetric.com; frame-ancestors 'self' *.gbci.org *.slideshare.net; report-uri https://www.gbci.org/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.honeybadger.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com cdn.exceedlms.com img.en25.com assets.adobedtm.com; img-src * data: blob:; media-src * blob: mediastream:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googleusercontent.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com img.en25.com assets.adobedtm.com; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri https://secure.acsevents.org/site/XFrameViolation 1
default-src blob: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com go.symrise.com 955-rro-397.mktoresp.com 955-rro-397.mktoweb.com munchkin.marketo.com munchkin.marketo.net app-nld102.marketo.com snap.licdn.com webmecanik.diana-food.com www.linkedin.com maxcdn.bootstrapcdn.com code.jquery.com *.recruitmentplatform.com www.gstatic.com maps.googleapis.com *.google.com *.myaudience.de www.googletagmanager.com *.google-analytics.com www.youtube.com cdn.cookielaw.org walls.io s.ytimg.com syndication.twitter.com friendlycaptcha.com; style-src 'self' 'unsafe-inline' go.symrise.com 955-rro-397.mktoweb.com app-nld102.marketo.com webmecanik.diana-food.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com; img-src 'self' go.symrise.com 955-rro-397.mktoweb.com app-nld102.marketo.com *.linkedin.com *.diana-food.com maps.gstatic.com maps.google.com *.myaudience.de www.google.de *.google-analytics.com img.youtube.com pbs.twimg.com cdn.cookielaw.org www.googletagmanager.com data:; frame-src 'self' www.symrise.com go.symrise.com app-nld102.marketo.com playout.3qsdn.com webmecanik.diana-food.com www.linkedin.com *.streamshark.io www.ardmediathek.de www.google.com irs.tools.investis.com vara-services.com walls.io *.myaudience.de www.youtube.com www.youtube-nocookie.com; connect-src 'self' *.googleapis.com *.analytics.google.com smc-lp.s4hana.ondemand.com *.mktoresp.com *.doubleclick.net *.diana-food.com *.google-analytics.com *.recruitmentplatform.com cdn.cookielaw.org *.friendlycaptcha.eu *.friendlycaptcha.com video.symrise.com; worker-src 'self' blob:; media-src 'self' video.symrise.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.rp-photonics.com/csp-reports.php; 1
default-src 'self' *; frame-src 'self' www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: *.google-analytics.com *.gravatar.com d2ev5dg63zosux.cloudfront.net; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realme.govt.nz *.google.com *.google-analytics.com *.googleapis.com *.youtube.com *.ytimg.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ d2ev5dg63zosux.cloudfront.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://beige.party; img-src 'self' https: data: blob: https://beige.party; style-src 'self' https://beige.party 'nonce-emovqDZtcW3nLRNFzZwq/Q=='; media-src 'self' https: data: https://beige.party; frame-src 'self' https:; manifest-src 'self' https://beige.party; form-action 'self'; child-src 'self' blob: https://beige.party; worker-src 'self' blob: https://beige.party; connect-src 'self' data: blob: https://beige.party https://media.beige.party wss://beige.party; script-src 'self' https://beige.party 'wasm-unsafe-eval' 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com unpkg.com woobox.com www.google-analytics.com *.typekit.net cdn.jsdelivr.net; font-src * 'self' 'unsafe-eval' 'unsafe-inline' data:; connect-src * 'self'; object-src 'self' 'unsafe-eval' 'unsafe-inline'; child-src 'self' youtube.com  woobox.com www.google-analytics.com *.youtube.com www.google.com; frame-src * 'self' 'unsafe-eval' 'unsafe-inline' youtube.com  woobox.com www.google-analytics.com *.youtube.com; script-src * 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com www.google.com www.google-analytics.com unpkg.com  woobox.com; media-src * 'self' 'unsafe-eval' 'unsafe-inline'; img-src * 'self' filesystem: data: blob:; 1
script-src 'strict-dynamic' 'nonce-L1y3Ilp6piP8zdvX0XivkN1eVBq9fyol' 'sha256-sbIzq/B3Moc7Z8GJDpiM7CPGeVJJ4NESPqideG6wH68=' 'sha256-uY8m7zMNIqf8ZkNwIesxTSganjJpAkwcL19QPeTXZvs=' 'sha256-Sft4URquaszVYlXKO1z7bxdvtraMCTFz6YhMMcUnIuQ=' 'sha256-ZiAAGTNze5qRr4hNxa0VXE6HfTBAMVpZPGJ//m9XnvM=' 'sha256-2ueXaClGdXj4Ds3gr5JlIPlpWwlF6rdGAk5e7yWXi1A=' 'sha256-9OoutRgCn4Y8wmfVHBH25xUpDbbbzf2q/TGlGOI5q3s=' 'sha256-UbUtN+ecs7ZJTlb0IFv7+DwXdfpOiYZAQEZMzW8XHA8=' 'sha256-yi8CZLXPK2BRUp+hGiKcw83liCbwinyoQxgKbeIpwd0=' 'sha256-URmXtuEEuM+49xElNrzRUW2IYvXIMsqQIGZKXyjuNeQ=' 'unsafe-eval' 'unsafe-inline' https:;object-src 'none';base-uri 'self';script-src-attr 'unsafe-inline' blob:;frame-src https://*.google.com 'self' blob:;form-action 'none';frame-ancestors 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://twit.social; img-src 'self' https: data: blob: https://twit.social; style-src 'self' https://twit.social 'nonce-RZINxCCZ6vVTsAV8bnX/9g=='; media-src 'self' https: data: https://twit.social; frame-src 'self' https:; manifest-src 'self' https://twit.social; form-action 'self'; child-src 'self' blob: https://twit.social; worker-src 'self' blob: https://twit.social; connect-src 'self' data: blob: https://twit.social https://cdn.masto.host wss://twit.social; script-src 'self' https://twit.social 'wasm-unsafe-eval' 1
default-src	'self'; script-src	'self' 'unsafe-inline'	https://*.demdex.net/	https://*.onetrust.com/	https://*.clarity.ms	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://connect.facebook.net/	https://dc.ads.linkedin.com/	https://googleads.g.doubleclick.net/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://sjs.bizographics.com/	https://www.google.com/	https://www.google.com/recaptcha/	https://www.google.de/	https://www.googleadservices.com/	https://www.googletagmanager.com/	https://www.gstatic.com/recaptcha/	https://www.youtube.com/	; style-src	'self' 'unsafe-inline'	https://fonts.googleapis.com/	; connect-src	'self'	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.omtrdc.net/	https://*.onetrust.com/	https://airfiltration.mann-hummel.com/	https://assets.adobedtm.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://dc.ads.linkedin.com/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tridim.mann-hummel.com/	https://www.facebook.com/	https://www.google-analytics.com/	https://www.mann-filter.com/	https://www.mann-hummel.com/	https://www.purolatornow.com/; font-src	data:	https://fonts.gstatic.com/	; img-src	'self' data:	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.doubleclick.net/	https://*.ggpht.com/	https://*.google.com/	https://*.google.de/	https://*.googleapis.com/	https://*.omtrdc.net/	https://ad.doubleclick.net/	https://ade.googlesyndication.com/	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cm.everesttech.net/	https://googleads.g.doubleclick.net/	https://i.ytimg.com/	https://maps.gstatic.com/	https://p.adsymptotic.com/	https://px.ads.linkedin.com	https://px4.ads.linkedin.com/	https://s7g10.scene7.com/	https://s7ips3.scene7.com	https://www.facebook.com/	https://www.googletagmanager.com/	; form-action	'self'	https://newsletter.filtron.eu/	; frame-src	'self'	https://*.assetsadobe.com	https://*.demdex.net/	https://*.doubleclick.net/	https://*.filtron.eu/	https://*.scene7.com	https://bid.g.doubleclick.net/	https://cdn.linkedin.oribi.io/	https://cloud.mann-hummel-filtration.com/	https://dc.ads.linkedin.com/	https://gw.linkedin.oribi.io/	https://recaptcha.google.com/recaptcha/	https://sjs.bizographics.com/	https://www.facebook.com/	https://www.google.com/recaptcha/	https://www.nothinggetsbyus.com/	https://www.youtube-nocookie.com/	https://www.youtube.com/	; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 1
base-uri 'self';connect-src 'self';default-src 'self';form-action 'self';img-src 'self' 'unsafe-eval' 'unsafe-inline' data:;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://cdn.polyfill.io;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://unpkg.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: 1
default-src 'self' *.google-analytics.com maps.googleapis.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; frame-src 'self' *.google.com youtube.com www.youtube.com yout.be; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com yout.be maxcdn.bootstrapcdn.com s3.amazonaws.com connect.facebook.net *.gstatic.com maps.googleapis.com *.googletagmanager.com *.google.com; font-src data: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com  fonts.gstatic.com; img-src data: 'self' 'unsafe-inline' *.w.org secure.gravatar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src 'self' www.openmp.org; object-src data: *.openmp.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.predictive.dev maps.googleapis.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.googleadservices.com *.google.co.th *.youtube.com *.doubleclick.net *.s3.ap-southeast-1.amazonaws.com *.roddonjai.com *.cloudflare.com *.cookieplus.com connect.facebook.net analytics.tiktok.com cdn-cmp.predictive.dev https://cdn.ckeditor.com https://cke4.ckeditor.com *.creativecdn.com gtm-m7drzknd-zja4m.uc.r.appspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.predictive.dev maps.googleapis.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.googleadservices.com *.google.co.th *.youtube.com *.doubleclick.net *.s3.ap-southeast-1.amazonaws.com *.roddonjai.com *.cloudflare.com *.cookieplus.com connect.facebook.net analytics.tiktok.com cdn-cmp.predictive.dev https://cdn.ckeditor.com https://cke4.ckeditor.com *.creativecdn.com gtm-m7drzknd-zja4m.uc.r.appspot.com; img-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.doubleclick.net connect.facebook.net analytics.tiktok.com *.cookieplus.com data: *.roddonjai.com *.s3.ap-southeast-1.amazonaws.com *.google.co.th *.bopsandbox2.com *.tconfirmtest.com blob: data: *.google.com *.youtube.com https://cdn.ckeditor.com; frame-ancestors https://touch.ttbdirect.com *.tau2904.com *.roddonjai.com *.doubleclick.net bytedance: sslocal:; form-action 'self' *.ttbbank.com; 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self'; 1
frame-ancestors https://*.telapex.com:* 1
child-src  www.paypalobjects.com; connect-src  bitsus.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com cdn.acsbapp.com bp.attn.tv events.attentivemobile.com s.yimg.com *.clarity.ms inbound-analytics.pixlee.com *.powerreviews.com *.searchspring.io *.sharethis.com maps.googleapis.com www.bitsandpieces.com www.facebook.com bam.nr-data.net *.pingdom.net *.google.com bcp.crwdcntrl.net *.crazyegg.com *.hotjar.io *.hotjar.com gardensalive.force.com *.googleapis.com bam.nr-data.net bam.nr-data.net www.googletagmanager.com api.cloudinary.com *.gardensalive.com photos.pixlee.co gaorder.gardensalive.com wss://*.hotjar.com gardensalive.my.site.com *.omnichannelengagementhub.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; default-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com www.youtube.com www.bing.com; font-src  bitsus.cv3admin.com h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com www.bitsandpieces.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com *.bitsandpieces.com *.salesforce.com bitsus.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com gum.criteo.com *.sharethis.com photos.pixlee.com photos.pixlee.co *.hotjar.com service.force.com *.criteo.com *.criteo.net creatives.attn.tv tpc.googlesyndication.com secure.trust-provider.com www.youtube.com *.bitsandpieces.com *.facebook.com gardensalive.my.salesforce.com www.googletagmanager.com *.azureedge.net; frame-ancestors  ; img-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com *.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net *.bing.com  t.paypal.com www.facebook.com  www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/  f.monetate.net bitsus.cv3admin.com *.yahoo.com ads.avocet.io *.outbrain.com ib.adnxs.com *.criteo.com visitor.omnitagjs.com tg.socdm.com ad.yieldlab.net eb2.3lift.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com pixel.rubiconproject.com simage2.pubmatic.com exchange.mediavine.com contextual.media.net ad.360yield.com r.casalemedia.com partner.mediawallahscript.com x.bidswitch.net idsync.rlcdn.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com ade.clmbtech.com tapestry.tapad.com s.ad.smaato.net trends.revcontent.com jadserve.postrelease.com www.pages08.net *.sharethis.com *.powerreviews.com d3cgm8py10hi0z.cloudfront.net *.searchspring.io i.liadm.com matching.ivitrack.com *.tremorhub.com h2.commercev3.net *.clarity.ms ib.adnxs.com partner.mediawallahscript.com ads.avocet.io assets.pixlee.com maps.gstatic.com www.bitsandpieces.com secure.trust-provider.com connect.facebook.net ads.avocet.io ads.avct.cloud id.rlcdn.com ads.betweendigital.com ws.rqtrk.eu tags.bluekai.com dpm.demdex.net aa.agkn.com sofia.trustx.org *.acsbapp.com *.criteo.net *.searchspring.net *.addthis.com bam.nr-data.net  *.acsbapp.com www.gstatic.com  *.casalemedia.com pippio.com i6.liadm.com ads.stickyadstv.com bp.attn.tv events.attentivemobile.com www.google.co.in tracking.searchmarketing.com sync.bfmio.com *.cloudinary.com *.cloudfront.net adgen.socdm.com cs.adingo.jp adx.dable.io sync.aralego.com cdn.aralego.net match.adsrvr.org odr.mookie1.com pixel.tapad.com sync.teads.tv *.cloudfront.net; script-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com ajax.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ www.clarity.ms sslwidget.criteo.com f.monetate.net www.google.com cdn.attn.tv static.criteo.net assets.pixlee.com s.yimg.com amplify.outbrain.com tag.measured.com static.hotjar.com cdn.searchspring.net acsbapp.com api.universalcookie.com bitsus.cv3admin.com www.sc.pages08.net ajax.aspnetcdn.com garecommend.gardensalive.com *.monetate.net *.sharethis.com assets.pxlecdn.com maps.googleapis.com *.salesforceliveagent.com *.hotjar.com service.force.com www.bitsandpieces.com secure.comodo.com *.pingdom.net *.crazyegg.com adadvisor.net bam.nr-data.net *.outbrain.com js-agent.newrelic.com static.lightning.force.com gardensalive.force.com gardensalive.my.salesforce.com tpc.googlesyndication.com view.publitas.com aa.agkn.com *.salesforceliveagent.com widget.us.criteo.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net blob: 'self' 'unsafe-eval' 'unsafe-inline' *.mountain.com; script-src-elem  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com ajax.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ www.clarity.ms sslwidget.criteo.com f.monetate.net www.google.com cdn.attn.tv static.criteo.net assets.pixlee.com s.yimg.com amplify.outbrain.com tag.measured.com static.hotjar.com cdn.searchspring.net acsbapp.com api.universalcookie.com bitsus.cv3admin.com www.sc.pages08.net ajax.aspnetcdn.com garecommend.gardensalive.com *.monetate.net *.sharethis.com assets.pxlecdn.com maps.googleapis.com *.salesforceliveagent.com *.hotjar.com service.force.com www.bitsandpieces.com secure.comodo.com *.pingdom.net *.crazyegg.com adadvisor.net bam.nr-data.net *.outbrain.com js-agent.newrelic.com static.lightning.force.com gardensalive.force.com gardensalive.my.salesforce.com tpc.googlesyndication.com view.publitas.com aa.agkn.com *.salesforceliveagent.com widget.us.criteo.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net blob: 'self' 'unsafe-eval' 'unsafe-inline' *.mountain.com; style-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net bitsus.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpieces.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net bitsus.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpieces.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  bitsus.cv3admin.com h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com www.bing.com www.bitsandpieces.com *.acsbapp.com www.youtube.com res.cloudinary.com; 1
frame-ancestors 'self'; frame-src 'self' *.audima.co *.slideshare.net *.issuu.com youtu.be *.youtube.com *.youtube-nocookie.com td.doubleclick.net bid.g.doubleclick.net www.google.com *.facebook.com *.facebook.net; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com ajax.cloudflare.com static.cloudflareinsights.com *.cloudfront.com *.cloudfront.net *.tail.digital *.audima.co *.issuu.com www.googletagmanager.com tagmanager.google.com *.google-analytics.com *.analytics.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com cse.google.com tag.goadopt.io connect.facebook.com connect.facebook.net youtu.be www.youtube.com youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google.com; img-src 'self' *.googletagmanager.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.gstatic.com * data:; font-src 'self' fonts.gstatic.com data: ; connect-src 'self' cloudflareinsights.com *.rdstation.com.br *.issuu.com *.sentry.io *.googletagmanager.com *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com *.g.doubleclick.net *.google.com *.googlesyndication.com noembed.com *.noembed.com *.plyr.io *.rockeroo.com *.goadopt.io; media-src 'self' *.vimeo.com *.akamaized.net *.azimutyachts.com azimutyachts.com; object-src 'none'; base-uri 'self'; 1
connect-src 'self' https://cdn.linkedin.oribi.io https://*.acsbapp.com https://bat.bing.com https://adservice.google.com https://cdn.acsbapp.com https://rs.fullstory.com https://edge.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tattle.api.osano.com   https://*.hsforms.com https://maps.googleapis.com https://5868ykqcn6-dsn.algolia.net https://my.hy.ly https://*.algolianet.com  https://*.hy.ly https://consent.api.osano.com https://www.facebook.com https://*.bozzuto.com https://ga4-project-bozzuto.bozzuto.com https://pagead2.googlesyndication.com/; default-src 'self'; font-src 'self' data:  https://fonts.gstatic.com https://fonts.googleapis.com https://acsbapp.com https://*.acsbapp.com; frame-src 'self' blob: mailto: sms: tel: data: https://open.spotify.com https://11748100.fls.doubleclick.net/ https://pixel.mathtag.com/ https://www.facebook.com/ https://beacon.hy.ly https://*.hsforms.com https://www.google.com https://www.screencast.com https://sightmap.com https://my.hy.ly https://www.youtube.com/ https://sightmap.com/  https://schedule.tours/; img-src 'self' https://*.linksynergy.com https://browser-update.org https://*.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://pippio.com https://d.agkn.com https://ce.lijit.com  https://eb2.3lift.com https://fei.pro-market.net https://loadm.exelator.com https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://bcp.crwdcntrl.net https://idsync.rlcdn.com https://sync.search.spotxchange.com https://ib.adnxs.com https://pixel.rubiconproject.com https://us-u.openx.net https://simplifi.partners.tremorhub.com https://pixel.tapad.com https://aa.agkn.com https://sync.intentiq.com https://pixel.mathtag.com https://um.simpli.fi https://www.googleadservices.com https://cm.g.doubleclick.net  https://bat.bing.com https://cdn.acsbapp.com https://*.acsbapp.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com https://*.hs-growth-metrics.com https://api.hubspot.com https://*.hsforms.net https://*.hsforms.com https://lh3.googleusercontent.com https://s3.amazonaws.com https://googleads.g.doubleclick.net https://www.google.co.in https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.bozzuto.com https://img.youtube.com https://www.google.ca/ https://ad.doubleclick.net https://td.doubleclick.net  data:; object-src 'none'; script-src 'self' https://www.wufoo.com https://browser-update.org https://skyw.io https://static.oktopost.com https://snap.licdn.com https://cmp.osano.com  https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://*.hy.ly https://*.algolianet.com https://ajax.googleapis.com https://bat.bing.com https://pixel.mathtag.com https://i.simpli.fi https://www.googletagmanager.com https://cdnjs.cloudflare.com https://bat.bing.com/bat.js https://my.hy.ly https://connect.facebook.net https://tag.simpli.fi https://edge.fullstory.com https://acsbapp.com https://*.acsbapp.com https://protect-us.mimecast.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.youtube.com/ https://sightmap.com/ https://cdn.jsdelivr.net/algoliasearch/3/algoliasearch.min.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.18.1/moment.min.js https://dni.bozzuto.com https://www.youtube.com/s/player/dac945fd/ www-widgetapi.vflset/ www-widgetapi.js https://js.hsforms.net/ https://cdn.jsdelivr.net https://lcp360.cachefly.net https://browserupdate.org 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'none'; connect-src https://*.cbmalta.com; font-src 'self'; frame-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src https://*.cbmalta.com/program/resources/dummy.pdf; report-uri https://tecnalis.report-uri.com/r/d/csp/enforce/ 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: *.pricespider.com https: blob: ; script-src * data: blob: *.pricespider.com 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://videos.ctfassets.net https://videos.ctfassets.net blob:; img-src 'self' https://sgtm.spaceforce.com www.google.co.in *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://tr.snapchat.com https://www.facebook.com https://cdn.cookielaw.org https://images.ctfassets.net https://4136874.fls.doubleclick.net https://fonts.gstatic.com https://i.ytimg.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://tr.snapchat.com https://www.redditstatic.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.youtube.com https://o1036881.ingest.sentry.io https://c.la1-c1-hio.salesforceliveagent.com https://d.la1-c1-hio.salesforceliveagent.com https://c.la1cx.salesforceliveagent.com https://d.la1cx.salesforceliveagent.com  blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com https://tr.snapchat.com https://4136874.fls.doubleclick.net https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://tr.snapchat.com https://www.redditstatic.com https://cdn.cookielaw.org https://sc-static.net https://connect.facebook.net https://www.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://c.la1-c1-hio.salesforceliveagent.com https://d.la1-c1-hio.salesforceliveagent.com https://c.la1cx.salesforceliveagent.com https://d.la1cx.salesforceliveagent.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; connect-src 'self' https://sgtm.spaceforce.com *.visualwebsiteoptimizer.com app.vwo.com https://tr.snapchat.com https://unpkg.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://o1036881.ingest.sentry.io blob: data:; worker-src 'self' blob:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.milfmovs.com/csp-reports; report-to csp-endpoint 1
default-src http: https: 'unsafe-inline'; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com registration.firstam.com; style-src 'self' fast.fonts.com 'unsafe-inline'; frame-src registration.firstam.com 'self'; img-src 'self' ssl.google-analytics.com; 1
frame-ancestors 'self' https://*.toyota.dk https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' *.offenbach.de vhskurse.offenbach.de www-offenbach-de.translate.goog 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-3df19f603ea6e3a0b82b2e238d127565' 'nonce-05960434328dd6a675086bee9da8626c' 'nonce-61627f9fc3e5faf23170ed82fda2a5a7' 'nonce-e2170a55feada93d00c946faaa3a9817' 'nonce-8595255d5e9b07e2502dd182be35a956' 'nonce-84e7c8ad09d3f91fa11a7363d07f21a4' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3df19f603ea6e3a0b82b2e238d127565' 'nonce-05960434328dd6a675086bee9da8626c' 'nonce-61627f9fc3e5faf23170ed82fda2a5a7' 'nonce-e2170a55feada93d00c946faaa3a9817' 'nonce-8595255d5e9b07e2502dd182be35a956' 'nonce-84e7c8ad09d3f91fa11a7363d07f21a4' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' www.youtube.com https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://cdn.matomo.cloud/pagopa.matomo.cloud https://pagopa.matomo.cloud https://recaptcha.net https://www.gstatic.com https://www.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' recaptcha.net; object-src 'none'; form-action 'self'; font-src data: 'self'; connect-src 'self' https://pagopa.matomo.cloud https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://api.io.italia.it *.google-analytics.com; img-src data: 'self' *.cloudfront.net recaptcha.net; frame-src https://www.google.com https://recaptcha.net https://www.youtube.com https://pagopa.applytojob.com https://career55preview.sapsf.eu 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zirk.us; img-src 'self' https: data: blob: https://zirk.us; style-src 'self' https://zirk.us 'nonce-Zl2CWUgsUvHkT+hBckxJ2w=='; media-src 'self' https: data: https://zirk.us; frame-src 'self' https:; manifest-src 'self' https://zirk.us; form-action 'self'; child-src 'self' blob: https://zirk.us; worker-src 'self' blob: https://zirk.us; connect-src 'self' data: blob: https://zirk.us https://cdn.masto.host wss://zirk.us; script-src 'self' https://zirk.us 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; 1
default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 1
default-src https: https: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' https://www.pildorasdefe.net/cc-sty/nopre.css connect.facebook.net/es_LA/sdk.js 'unsafe-inline' *.googleapis.com apis.google.com https://platform.twitter.com; font-src 'self' apis.google.com https://platform.twitter.com *.gstatic.com data:; connect-src 'self' https://platform.twitter.com apis.google.com *.google-analytics.com *.googleapis.com *.gstatic.com data: ; media-src 'self' https://platform.twitter.com apis.google.com; img-src 'self' apis.google.com * data:; object-src 'self'; base-uri 'none'; 1
default-src 'self' 'wasm-unsafe-eval'  'unsafe-inline' js.hsforms.net https://*.hsforms.com https://*.google-analytics.com https://www.googletagmanager.com https://*.ctfassets.net https://unpkg.com https://cdn.jsdelivr.net https://i22.jobs.personio.de https://*.hubspot.com; frame-ancestors https://app.contentful.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self'; font-src 'self' use.typekit.net fonts.gstatic.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' prismic.io player.vimeo.com use.typekit.net js.hs-analytics.net *.hs-banner.com js.hs-scripts.com js.hsforms.net *.prismic.io static.zdassets.com *.google-analytics.com *.googletagmanager.com *.brightsg.com js.hsadspixel.net www.google.com www.gstatic.com *.doubleclick.net snap.licdn.com netlify-cdp-loader.netlify.app js.hubspot.com *.onetrust.com; style-src 'report-sample' 'self' 'unsafe-inline' use.typekit.net p.typekit.net fonts.googleapis.com; img-src 'self' prismic-io.s3.amazonaws.com p.typekit.net brightsg.cdn.prismic.io images.prismic.io *.hubspot.com *.google-analytics.com *.analytics.google.com googletagmanager.com *.hs-embed-reporting.com *.hsappstatic.net *.hsforms.com data: www.google.com www.google.co.uk *.linkedin.com *.onetrust.com www.google.co.in; connect-src 'self' *.doubleclick.net vimeo.com performance.typekit.net *.zendesk.com ekr.zdassets.com js.hs-banner.com *.google-analytics.com *.analytics.google.com *.prismic.io hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.hs-embed-reporting.com *.smooch.io api.hubapi.com cdn.linkedin.oribi.io cta-service-cms2.hubspot.com *.onetrust.com analytics.google.com; frame-src 'self' brightsg.prismic.io *.jotform.com *.jotformeu.com *.hsforms.com player.vimeo.com *.youtube.com www.google.com app.netlify.com 5255713.hs-sites.com td.doubleclick.net; frame-ancestors 'self' brightsg.prismic.io *.jotform.com *.jotformeu.com *.hsforms.com player.vimeo.com *.youtube.com; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.google-analytics.com https://*.googletagmanager.com https://catalyst-analytics.net/; style-src 'self' 'unsafe-inline' cdn-images.mailchimp.com fonts.googleapis.com; img-src 'self' i.ytimg.com translate.google.com www.gstatic.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' anchor.fm player.vimeo.com webplayer.whooshkaa.com www.youtube.com www.googletagmanager.com www.podbean.com app.powerbi.com ; child-src 'self' player.vimeo.com www.youtube.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' https://catalyst-analytics.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; object-src 'none'; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http: https: 1
frame-ancestors 'self'; report-uri https://www.justice.gouv.fr/report-uri/enforce 1
report-to endpoint; report-uri /api/csp/violations; worker-src 'self' blob: 1
default-src 'self' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; media-src 'self' https://stileapp.com blob: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://abcmedia.akamaized.net/ https://mediacore-live-production.akamaized.net/; script-src 'self' https://vimeo.com s.ytimg.com www.youtube.com https://player.vimeo.com 'unsafe-inline' 'unsafe-eval' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://js.live.net https://static.zdassets.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; worker-src 'self' https://stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; style-src 'self' 'unsafe-inline' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.googleapis.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://www.abc.net.au https://live-production.wcms.abc-cdn.net.au https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://p.sfx.ms help.stileapp.com https://static1.squarespace.com https://*.stileapp.com; frame-src 'self' https://stileapp.com www.youtube.com vimeo.com player.vimeo.com https://online.clickview.com.au https://online.clickview.co.uk https://online.clickview.co.nz https://www.clickview.net https://primary.clickview.net https://auth.clickviewapp.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com iframesandbox.stileapp.com https://onedrive.live.com https://fast.wistia.com https://fast.wistia.net https://makecode.microbit.org https://desmos.com https://geogebra.org https://www.geogebra.org; connect-src 'self' data: blob: vimeo.com gdata.youtube.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://ekr.zdassets.com https://help.stileapp.com https://stileapp.zendesk.com https://stile-testing.zendesk.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 https://prod-slb.au.s522.net:1943 https://graph.microsoft.com https://login.microsoftonline.com https://api.onedrive.com https://stileapp.com; font-src 'self' data: about: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.instructure.com https://*.schoology.com https://my.padua.qld.edu.au https://canvas.education.tas.gov.au https://canvas.au.oneschoolglobal.com https://canvas.parra.catholic.edu.au https://learning.xavier.vic.edu.au/ https://*.prerender.io https://*.desmos.com https://*.geogebra.org https://lti.schoolbox.cloud; 1
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://onesignal.com https://cdn.onesignal.com https://code.jivosite.com https://code-ya.jivosite.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://market.yt.ua https://demo.yt.ua https://static.liqpay.ua https://connect.facebook.net;style-src 'self' 'unsafe-inline' https: data:;img-src 'self' https: data: blob:;connect-src 'self' https://static.cloudflareinsights.com https://www.google-analytics.com https://stats.g.doubleclick.net wss://node-ya7.jivosite.com https://node-ya7.jivosite.com https://code.jivosite.com https://telemetry.jivosite.com https://onesignal.com https://sid.uakey.com.ua https://admin.uakey.com.ua;child-src 'self' data: blob: https://www.google.com https://127.0.0.1:20026 https://onesignal.com https://www.youtube.com https://www.liqpay.ua https://www.facebook.com https://docs.google.com https://cash.sota-buh.com.ua https://sid.uakey.com.ua https://admin.uakey.com.ua;worker-src 'self' blob: data: 1
frame-ancestors 'self' https://*.anywayanyday.com 1
script-src 'report-sample' 'nonce-hTaNMx01n3lAPc62D3Na4g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; form-action *; frame-ancestors 'self' https://heatmap.it/; upgrade-insecure-requests; base-uri 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.valiant.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.valiant.ch https://valiant.reader.epaper.guru https://io.fusedeck.net https://connect.facebook.net https://snap.licdn.com https://www.youtube.com https://*.googletagmanager.com https://www.google.com https://www.google.ch https://www.google.fr https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleanalytics.com https://www.googleadservices.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://*.teads.tv https://*.teads.com; style-src 'self' 'unsafe-inline' https://wwwsec.valiant.ch https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' data: https://wwwsec.valiant.ch https://fonts.gstatic.com; img-src 'self' data: blob: https://wwwsec.valiant.ch https://io.fusedeck.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://nrcm.s3.amazonaws.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.ch https://www.google.fr https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://5472548.fls.doubleclick.net https://10785982.fls.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://analytics.google.com https://www.googletagmanager.com https://optimize.google.com https://*.teads.tv https://*.teads.com; frame-ancestors 'self' https://*.valiant.ch; frame-src 'self' https://*.valiant.ch https://valiant.mxm.ch https://valiant.reader.epaper.guru https://evoja-etools.sinso.ch https://app.newsroom.co https://www.kununu.com https://www.agentselly.ch https://www.facebook.com https://www.youtube.com https://bid.g.doubleclick.net https://5472548.fls.doubleclick.net https://10785982.fls.doubleclick.net https://optimize.google.com https://live.brame-gamification.com; connect-src 'self' https://*.valiant.ch wss://io.fusedeck.net https://webservice.cybwell.ch https://www.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://*.teads.tv https://*.teads.com; base-uri 'self'; object-src 'self'; media-src 'self' data:; child-src 'none'; worker-src 'self'; manifest-src 'self'; prefetch-src 'self'; form-action 'self' https://www.facebook.com/tr/; navigate-to 'self'; 1
frame-ancestors 'self' https://www.espacemembre.macsf.fr/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noc.social; img-src 'self' https: data: blob: https://noc.social; style-src 'self' https://noc.social 'nonce-C21o0KA3x2dkw1xGZ0c77w=='; media-src 'self' https: data: https://noc.social; frame-src 'self' https:; manifest-src 'self' https://noc.social; form-action 'self'; connect-src 'self' data: blob: https://noc.social https://noc.social wss://noc.social; script-src 'self' https://noc.social 'wasm-unsafe-eval'; child-src 'self' blob: https://noc.social; worker-src 'self' blob: https://noc.social 1
default-src 'none'; connect-src 'self' blob: https://res.cloudinary.com https://accounts.spotify.com https://fanhouse-staging--staging-v5ho8y0j.web.app/ https://api.fanhouse.app https://us-central1-fanhouse-staging.cloudfunctions.net https://api.stripe.com https://botd.fpapi.io https://securetoken.googleapis.com https://firestore.googleapis.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://www.googleapis.com https://api.amplitude.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; frame-src 'self' https://fanhouse.app https://js.stripe.com https://www.youtube.com https://hooks.stripe.com https://fanhouse-staging.firebaseapp.com/; script-src 'self' blob: 'sha256-jAKQ61BFJ9QMmd+aURgAWIDQvg7k58/GCDU3ISLK9IU=' 'sha256-FvEKghNLP0YzyZSAxnPKuXunfcpTJfm4/Tuu/j9uBRw=' https://apis.google.com https://js.stripe.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://unpkg.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://res.cloudinary.com https://fanhouse-res.cloudinary.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://purecatamphetamine.github.io/ *.googletagmanager.com *.google.com *.twimg.com *.googleusercontent.com i.scdn.co data: blob:; media-src 'self' https://firebasestorage.googleapis.com data: blob:; base-uri 'none'; object-src 'none'; manifest-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; form-action 'none'; frame-ancestors 'self' https://sonnyangel.watch http://sonnyangel.watch https://zizz.ai http://zizz.ai; 1
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com *.jahia.cloud.com 1
connect-src blob: data: http://*.paypal.com http://*.paypalobjects.com http://api.fraud0.com/ http://paypal.com http://paypalobjects.com https://*.adyen.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.amazonaws.com https://*.bing.com https://*.contentsquare.net https://*.cptrack.de https://*.doubleclick.net https://*.etrusted.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.de https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.klarna.com https://*.luxdeepblue.com https://*.luxottica.com https://*.paypal.com https://*.paypalobjects.com https://*.pinterest.com https://*.sentry.io https://*.taboola.com https://*.trbo.com https://*.trustbadge.com https://*.trustedshops.com https://*.usercentrics.eu https://*.webgains.com https://*.webgains.io https://*.woosmap.com https://*.zopim.com https://aclapo2021.zendesk.com https://adyen.com https://analytics.tiktok.com https://api.fraud0.com https://bing.com https://bsdk.api.ditto.com https://bt.fraud0.com https://cdn.pearle.at/ticker.js https://collect.tealiumiq.com https://couponmonger.com/gutschein/apollo https://d5nhc6q3o19l2.cloudfront.net https://doubleclick.net https://ekr.zdassets.com https://etrusted.com https://eu.b2c.com https://facebook.com https://facebook.net https://google-analytics.com https://google.com https://google.de https://googleads.g.doubleclick.net https://googleapis.com https://googlesyndication.com https://googletagmanager.com https://hotjar.com https://hotjar.io https://insights.algolia.io https://klarna.com https://luxdeepblue.github.io https://paypal.com https://paypalobjects.com https://pinterest.com https://sentry.io https://servedby.flashtalking.com https://sgtm.apollo.de https://static.zdassets.com https://stats.g.doubleclick.net https://t.teads.tv https://taboola.com https://test-gateway-vtoprofile.luxdeepblue.com https://tracking.s24.com https://trbo.com https://trc-events.taboola.com https://trc.taboola.com https://trustbadge.com https://usercentrics.eu https://w-it.m-t.io https://webgains.com https://webgains.io https://zendesk-eu.my.sentry.io https://zopim.com wss://*.hotjar.com wss://*.zopim.com wss://aclapo2021.zendesk.com wss://hotjar.com wss://zopim.com 'self' ws: wss:; font-src http://*.paypal.com http://*.paypalobjects.com http://paypal.com http://paypalobjects.com https://*.adyen.com https://*.cptrack.de https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.paypal.com https://*.paypalobjects.com https://*.trbo.com https://*.trustedshops.com https://adyen.com https://cdn.pearle.at/ticker.js https://gstatic.com https://hotjar.com https://hotjar.io https://paypal.com https://paypalobjects.com https://servedby.flashtalking.com https://trbo.com 'self' https://themes.googleusercontent.com data: *; frame-src http://*.paypal.com http://*.paypalobjects.com http://paypal.com http://paypalobjects.com https://*.2c2p.com https://*.acdcproc.com https://*.ad4m.at https://*.ad4mat.net https://*.adyen.com https://*.americanexpress.com https://*.arcot.com https://*.bkm.com.tr https://*.boc.cn https://*.cardinalcommerce.com https://*.cardstandard.com https://*.cm-cic.com https://*.comdirect.de https://*.commerzbank.de https://*.consorsbank.de https://*.contentsquare.net https://*.cptrack.de https://*.criteo.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.ing.de https://*.klarna.com https://*.luxottica.com https://*.oschadbank.ua https://*.paypal.com https://*.paypalobjects.com https://*.petafuel.net https://*.pinterest.com https://*.redsys.es https://*.sparda.de https://*.sparkassen-kreditkarten.de https://*.swedbank.se https://*.targobank.de https://*.tradedoubler.com https://*.trbo.com https://*.trustbadge.com https://*.usercentrics.eu https://*.viseca.ch https://*.wlp-acs.com https://*.youtube.com https://3d-secure.pluscard.de https://3ds-challenge.n26.com https://3ds-n3.nbg.gr https://3ds-secure.cardcomplete.com https://3ds.borica.bg https://3ds.cathaybk.com.tw https://3ds.consorsfinanz.de https://3ds.nexigroup.com https://3ds.rpc-raiffeisen.com https://3ds.sia.eu https://3dsec.cardcenter.ch https://3dsecure-vrp.de https://3dsecure.ing.ro https://3dsecure.nexi.it https://3dsecure.psa.at https://3dsecure.s-id-check-sparkassen.de https://3dspayment.easybank.at https://3dspayment.easybank.de https://3dspayment.paylife.at https://3dspayment.paylife.de https://aclapo2021.zendesk.com https://acs-trides2.cld.asseco-see.hr https://acs.3ds-hanseaticbank.de https://acs.airplus.com https://acs.apata.io https://acs.revolut.com https://acs.swisscard.ch https://acs.upc.ua https://acs1.edb.com https://acs1.mpts.modirum.com https://acs2.a-bank.com.ua https://acs2.edb.com https://acs4.privatbank.ua https://acssv.dskbank.bg https://acssv.otpbank.hu https://ad4m.at https://ad4mat.net https://adyen.com https://americanexpress.com https://api.id.mastercard.bunq.com https://authentication2.six-group.com https://bsdk.api.ditto.com https://cardsec.postfinance.ch https://cdn.pearle.at/ticker.js https://comdirect.de https://commerzbank.de https://csxd.www.apollo.de https://doubleclick.net https://e0yka.d2sri.com https://facebook.com https://facebook.net https://family.ctbcbank.com https://foriseu-vbv.mycardplace.com https://gat19.grandvision.com https://gat20.grandvision.com https://google.com https://hotjar.com https://hotjar.io https://ims.euronet3dsecure.com https://ing.de https://klarna.com https://mc-id-check.firstdata.de https://paypal.com https://paypalobjects.com https://pinterest.com https://ps4acs.netcetera-payment.ch https://roioptimizer.guenstiger.de https://secure.dkb.de https://securepayment2.reisebank.de https://servedby.flashtalking.com https://sicher-bezahlen.sparkasse.at https://static.criteo.net https://static.guenstiger.de https://targobank.de https://tradedoubler.com https://trbo.com https://uatgat19.grandvision.com https://uatgat20.grandvision.com https://usercentrics.eu https://visa2.acs.cmbchina.com https://wlp-acs.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk https://youtube.com 'self'; img-src blob: data: http://*.paypal.com http://*.paypalobjects.com http://paypal.com http://paypalobjects.com https://*.ad4m.at https://*.ad4mat.de https://*.adc-serv.net https://*.adform.net https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.adserver01.de https://*.adyen.com https://*.amazonaws.com https://*.casalemedia.com https://*.contentsquare.net https://*.cptrack.de https://*.df-srv.de https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.kuponacdn.de https://*.luxdeepblue.com https://*.luxottica.com https://*.paypal.com https://*.paypalobjects.com https://*.pinterest.com https://*.pubmatic.com https://*.smartadserver.com https://*.trbo.com https://*.twiago.com https://*.usercentrics.eu https://*.yieldlab.net https://ad4m.at https://ad4mat.de https://adc-serv.net https://adform.net https://adition.com https://adnxs.com https://adscale.de https://adserver01.de https://adyen.com https://casalemedia.com https://cdn.pearle.at/ticker.js https://df-srv.de https://doubleclick.net https://google-analytics.com https://google.com https://googleads.g.doubleclick.net https://gstatic.com https://hotjar.com https://hotjar.io https://kuponacdn.de https://paypal.com https://paypalobjects.com https://pinterest.com https://pubmatic.com https://px.ads.linkedin.com https://servedby.flashtalking.com https://smartadserver.com https://static.zdassets.com https://trbo.com https://twiago.com https://usercentrics.eu https://v2assets.zopim.io https://www.facebook.com https://www.google.de https://yieldlab.net 'self' *; object-src https://*.usercentrics.eu https://usercentrics.eu 'self'; media-src https://static.zdassets.com 'self'; script-src data: http://*.paypal.com http://*.paypalobjects.com http://api.fraud0.com/ http://paypal.com http://paypalobjects.com https://*.adyen.com https://*.amazonaws.com https://*.cnslta.com https://*.container.webgains.link https://*.contentsquare.com https://*.contentsquare.net https://*.cptrack.de https://*.criteo.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.luxdeepblue.com https://*.luxottica.com https://*.paypal.com https://*.paypalobjects.com https://*.pinterest.com https://*.taboola.com https://*.trbo.com https://*.trustedshops.com https://*.usercentrics.eu https://*.webgains.com https://*.webgains.io https://*.woosmap.com https://*.youtube.com https://*.ytimg.com https://*.zopim.com https://3dsecure.psa.at https://aclapo2021.zendesk.com https://ad3.adfarm1.adition.com https://ad4m.at https://adyen.com https://analytics.tiktok.com https://api.fraud0.com https://api.microsofttranslator.com https://bat.bing.com https://bit.ly https://bsdk.api.ditto.com https://bt.fraud0.com https://btc.fraud0.com https://cdn.pearle.at/ticker.js https://cdn.taboola.com https://cnslta.com https://connect.facebook.net https://doubleclick.net https://ekr.zdassets.com https://eu.b2c.com https://facebook.com https://facebook.net https://google.com https://googleadservices.com https://googleapis.com https://googletagmanager.com https://gstatic.com https://hotjar.com https://hotjar.io https://paypal.com https://paypalobjects.com https://pinterest.com https://roioptimizer.guenstiger.de https://s.pinimg.com https://s3.amazonaws.com https://servedby.flashtalking.com https://sgtm.apollo.de https://static.criteo.net https://static.guenstiger.de https://static.zdassets.com https://taboola.com https://tracking.s24.com https://trbo.com https://trc.taboola.com https://unpkg.com https://usercentrics.eu https://w-it.m-t.io https://webgains.com https://webgains.io https://www.googleadservices.com https://youtube.com https://ytimg.com https://zopim.com wss://*.zopim.com wss://aclapo2021.zendesk.com wss://zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src http://*.paypal.com http://*.paypalobjects.com http://paypal.com http://paypalobjects.com https://*.adyen.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.paypal.com https://*.paypalobjects.com https://*.trbo.com https://*.trustedshops.com https://*.woosmap.com https://adyen.com https://cdn.pearle.at/ticker.js https://paypal.com https://paypalobjects.com https://trbo.com 'self' 'unsafe-inline' https://fonts.googleapis.com blob:; default-src https://*.luxottica.com 'self'; report-to ; report-uri ; worker-src blob: https://*.contentsquare.com https://*.contentsquare.net; child-src blob: data: https://*.contentsquare.com https://*.contentsquare.net; frame-ancestors-src 'self' https://*.frontastic.io frontastic.io.local 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; connect-src 'self' *.suntransfers.com cdn.polyfill.io www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com *.google.es *.g.doubleclick.net *.googleapis.com *.algolia.net *.algolianet.com *.visualwebsiteoptimizer.com *.hotjar.com *.hotjar.io *.bing.com d2oh4tlt9mrke9.cloudfront.net *.zendesk.com *.zopim.com *.zdassets.com ws://*.zopim.com wss://*.zopim.com *.abtasty.com *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.trustpilot.com *.sessioncam.com ws://*.sessioncam.com wss://*.sessioncam.com *.firebaseio.com ws://*.firebaseio.com wss://*.firebaseio.com *.addonpayments.com ws://*.addonpayments.com wss://*.addonpayments.com *.paypal.com ws://*.paypal.com wss://*.paypal.com *.redsys.es ws://*.redsys.es wss://*.redsys.es *.ada.support ws://*.ada.support wss://*.ada.support *.clarity.ms *.google-analytics.com *.adyen.com *.googlesyndication.com *.glassboxdigital.io *.gbqofs.com *.report.gbss.io *.gbqofs.io sentry.io ws://sentry.io wss://sentry.io *.sibforms.com ; frame-ancestors 'self' *.suntransfers.com *.addonpayments.com *.paypal.com *.redsys.es *.adyen.com *.sibforms.com; object-src 'self' *.suntransfers.com *.addonpayments.com *.paypal.com *.redsys.es *.adyen.com *.sibforms.com; 1
default-src 'self' http: https: data: blob: 'unsafe-inline';  1
script-src 'self' asystem-library.s3.amazonaws.com cdn.usersnap.com *.onetrust.com s.ytimg.com www.youtube.com cdn.polyfill.io browserupdate.org https://browser-update.org/ www.google-analytics.com platform.twitter.com platform.linkedin.com tagmanager.google.com www.googletagmanager.com bacardilimited.zendesk.com api.usersnap.com https://www.gstatic.com https://www.googleadservices.com https://m.addthis.com https://s7.addthis.com https://use.typekit.net https://d3mvnvhjmkxpjz.cloudfront.net https://v1.addthis.com https://www.google.com/recaptcha/ https://z.moatads.com https://googleads.g.doubleclick.net https://d29mknc5251yuj.cloudfront.net https://spl.bacardi.com https://spl.bacardilimited.com/ https://vk.com/js/api/ https://www.recaptcha.net/recaptcha/ 'unsafe-inline' 'unsafe-eval' 1
Content-Security-Policy: default-src 'self' *.bs-it.gmbh; frame-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; 1
frame-ancestors 'self' *.surescripts.com; report-uri https://surescripts.com/report-uri/enforce 1
default-src 'self' data: blob:    https://brandenburg.cloud wss://brandenburg.cloud https://api.brandenburg.cloud https://chat.brandenburg.cloud https://embed.brandenburg.cloud https://libreoffice.brandenburg.cloud https://oauth.brandenburg.cloud https://storage.brandenburg.cloud https://etherpad.brandenburg.cloud https://blog.niedersachsen.cloud https://blog.dbildungscloud.de https://docs.dbildungscloud.de https://sc-content-resources.schul-cloud.org https://sc-content-resources.hpi-schul-cloud.de https://open.hpi.de https://s3.hidrive.strato.com https://scalelite.bbb.messenger.schule  https://www10-fms.hpi.uni-potsdam.de https://blog.dbildungscloud.de https://s3.hidrive.strato.com https://cloud-instances.s3.hidrive.strato.com; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; frame-src 'self' https://libreoffice.brandenburg.cloud https://docs.dbildungscloud.de https://chat.brandenburg.cloud; frame-ancestors 'self' https://apps.bettermarks.com; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/kliimamin https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/kliimamin https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://old.envir.ee/ https://infogram.com/ https://e.infogram.com/ https://public.tableau.com https://www.figma.com/file/LBjkW3Uyo8tV1uq2MyyDfH/Kriips https://www.figma.com/proto/q832bcC2B9MLdJ3tPi1aDc/waste-of-management https://infogram.com/kriips-1h7k23058yo0g2x https://youtu.be/Q-KdVMS8Jq0 https://www.youtube.com/watch https://www.canva.com/design/DAF1dDPyam4/view https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
script-src 'unsafe-eval' 'self' 'nonce-DBp6aoJvLLQA36EK6bWOG/7Iv0vPv4t6ULrw1JX54Ew=' 'unsafe-hashes' 'sha256-rRMdkshZyJlCmDX27XnL7g3zXaxv7ei6Sg+yt4R3svU=' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.echosdunet.net/report-uri/enforce 1
frame-ancestors 'self' http://app.knovel.com https://app.knovel.com *.knovel.com *.omniture.com *.elsevier.com *.google.com *.mendeley.com *.brightcove.com *.google.com app.pendo.io *.serialssolutions.com *.lexis.com *.lexisnexis.com http://cpml2a587.lexisnexis.com:7382 *.demdex.net *.omtrdc.net https://virginiadot.libanswers.com/; frame-src 'self' http://app.knovel.com https://app.knovel.com *.knovel.com *.omniture.com *.elsevier.com *.google.com *.mendeley.com *.brightcove.com *.google.com app.pendo.io *.serialssolutions.com *.lexis.com *.lexisnexis.com http://cpml2a587.lexisnexis.com:7382 *.demdex.net *.omtrdc.net https://virginiadot.libanswers.com/ 1
frame-ancestors 'self' waltdisney.org wdfmuseum.org wdfm.stqry.app app.mytoursapp.com ; 1
frame-ancestors https://gstournaments.com/ https://www.gstournaments.com/ https://www.gsgaming.com https://gsgaming.com https://www.gamersaloon.com https://gamersaloon.com https://www.fifaaddiction.com https://fifaaddiction.com https://plusgamingmagazine.com https://www.plusgamingmagazine.com https://www.footballmag.nl https://footballmag.nl https://gagner-argent-jeux-video.com https://www.gagner-argent-jeux-video.com https://nba2kw.com https://www.nba2kw.com https://prosportsextra.com/ https://www.epkdesign.com https://epkdesign.com http://playfuzzword.com 1
default-src https://www.happygocard.com.tw/ https://www.facebook.com/ https://ssl.google-analytics.com/ https://pagead2.googlesyndication.com/ https://cm.g.doubleclick.net/ *.happyclick.com.tw/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://static.xx.fbcdn.net/ 'unsafe-inline' 'unsafe-eval' https://partner.googleadservices.com/ https://adservice.google.com.tw/ https://www.googletagservices.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.happygocard.com.tw/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.youtube.com/ https://api.google.com/ *.google.com/ https://adservice.google.com/ https://www.google.com.tw/ *.happygocard.com.tw/ *.amazonaws.com/ https://storage.googleapis.com/ *.cloudfront.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://mktcard.happygocard.com.tw/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://fonts.googleapis.com https://fast.fonts.net; connect-src 'self' https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com; font-src 'self' https://maps.gstatic.com https://fast.fonts.net https://fonts.gstatic.com https://use.typekit.net data:; img-src 'self' https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data:; object-src 'self'; frame-src 'self' https://play.libsyn.com/ https://embed.acast.com/ https://personal-jurisdiction-podcast.simplecast.com/ https://player.simplecast.com/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors 'self' http://home.cravath.com https://home.cravath.com https://www.mymeetingroom.com http://www.mymeetingroom.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://oldbytes.space 'wasm-unsafe-eval'; font-src 'self' https://oldbytes.space; img-src 'self' data: blob: https://oldbytes.space https://assets.oldbytes.space; style-src 'self' https://oldbytes.space 'nonce-eWCHhu2WK0DRLaVj6/NNBw=='; media-src 'self' data: https://oldbytes.space https://assets.oldbytes.space; frame-src 'self' https:; child-src 'self' blob: https://oldbytes.space; worker-src 'self' blob: https://oldbytes.space; connect-src 'self' blob: data: wss://oldbytes.space https://oldbytes.space https://assets.oldbytes.space; manifest-src 'self' https://oldbytes.space; form-action 'self' 1
base-uri 'self'; default-src 'self'; script-src 'nonce-XSJYKB5Mq5mvFlwbSA6Q4HUfF7eCup7y' 'strict-dynamic' 'unsafe-inline' https: http:; object-src 'none'; img-src 'self' data: https://*.googleapis.com https://maps.gstatic.com https://www.google.com https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://storage.googleapis.com https://*.ggpht.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.googleapis.com https://securetoken.googleapis.com https://accounts.google.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://policies.google.com https://*.doubleclick.net; media-src 'self'; report-uri https://csp.withgoogle.com/csp/gweb-prod-campus-k-frontend/c0e91e5f; 1
default-src 'self';img-src * blob: data:;style-src 'self' 'unsafe-inline' *.salesforce.com *.force.com *.salesforce-sites.com;script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu *.appsflyer.com *.onelink.me *.googletagmanager.com *.personio.de *.salesforce.com *.force.com *.salesforceliveagent.com *.salesforce-sites.com;media-src 'self' blob: *.smartbrokerplus.de *.wocio.de;connect-src *.wocio.de *.smartbrokerplus.de *.ariva-services.de *.amazonaws.com *.sentry.io *.usercentrics.eu *.appsflyer.com *.onelink.me *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.personio.de wss://mds-cat.ariva-services.de wss://mds.ariva-services.de *.salesforce-sites.com *.doubleclick.net;font-src 'self' data: *.gstatic.com;frame-src *.usercentrics.eu *.salesforce.com *.force.com *.smartbrokerplus.de smartbrokerplus.de;frame-ancestors *.smartbrokerplus.de smartbrokerplus.de;script-src *.wocio.de *.smartbrokerplus.de 'unsafe-eval' 1
default-src 'unsafe-inline' https://code.jquery.com https://info.moogsoft.com/ https://092-egh-780.mktoresp.com/ https://moogsoftcom.wpengine.com https://www.moogsoft.com/ https://www.moogsoft.com/wp-admin/admin-ajax.php  https://deliciousbrains.com/wp-json/mdb-api/v1/ https://www.googletagmanager.com/ https://www.youtube.com/ https://moogsoftcom.wpenginepowered.com/wp-content/themes/moogsoft/dist/images/hpaniA052421.webm https://js.driftt.com/ https://info.moogsoft.com/ https://www.moogsoft.com/wp-admin/themes.php; connect-src 'self' https://www.facebook.com/tr/ https://ws.zoominfo.com/formcomplete-v2/ https://cdn.linkedin.oribi.io/ https://ws.zoominfo.com/form-complete/ https://092-egh-780.mktoresp.com/ https://app-sj27.marketo.com http://www.google-analytics.com https://google-analytics.com https://connect.facebook.com https://js.driftt.com https://api.lever.co/ https://yoast.com/ https://my.wpengine.com/ https://stats.g.doubleclick.net/ https://moogsoftcom.wpenginepowered.com/ https://092-egh-780.mktoutil.com/ https://analytics.google.com/g/collect; script-src 'unsafe-inline' 'unsafe-eval' https://info.moogosoft.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com/ https://ws-assets.zoominfo.com/formcomplete.js https://www.moogsoft.com/wp-content/uploads/2020/06/teknkl-simpledto-1.0.4.js https://info.moogsoft.com/rs/092-EGH-780/images/teknkl-formsplus-1.0.5.js https://www.moogsoft.com/ https://www.google-analytics.com http:; style-src 'unsafe-inline' https://info.moogsoft.com http:; font-src 'self' https://fonts.gstatic.com/s/worksans/ https://fonts.gstatic.com/s/playfairdisplay/ https://fonts.gstatic.com/s/poppins/ https://fonts.googleapis.com/; media-src 'unsafe-inline' https://youtube.com/ https://moogsoftcom.wpenginepowered.com/ ; img-src 'self' https://info.moogsoft.com http: data:; frame-src https://app-sj27.marketo.com/ https://moogsoftcom.wpenginepowered.com/ https://player.vimeo.com/ https://marketingplatform.google.com/ https://www.facebook.com https://js.driftt.com https://widget.drift.com https://www.youtube.com/ https://info.moogsoft.com/ https://bid.g.doubleclick.net/ https://www.moogsoft.com/ https://www.google.com/; frame-ancestors https://youtube.com https://vimeo.com https://api.lever.co/ https://www.moogsoft.com https://info.moogsoft.com/; manifest-src https://www.moogsoft.com/ https://moogsoftcom.wpenginepowered.com/; form-action 'unsafe-inline' https://info.moogsoft.com/ https://info.moogsoft.com/Trial-Signup-Follow-Up.html https://info.moogsoft.com/Trial-Signup-Thank-You.html https://092-egh-780.mktoresp.com/ https://app-sj27.marketo.com https://www.facebook.com/tr/ https://www.moogsoft.com/; 1
frame-ancestors http://www.naturalmedicinejournal.com https://divcomplatform.s3.amazonaws.com 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://optmize.google.com https://www.instagram.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://mcprod.russellstover.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com landofcoder.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.instagram.com https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js https://www.lindt-spruengli.com/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-inline' 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com landofcoder.com https://vc.hotjar.io https://cdn.linkedin.oribi.io *.russellstover.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src http: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; style-src * 'unsafe-inline'; img-src * 'self' data:; media-src * 'self'; font-src * 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; frame-src * 'self'; worker-src * 'self' blob: 1
default-src 'self'; script-src https://cdn01.basis.net https://www.mabeindex.com https://www.googletagmanager.com https://storage.googleapis.com https://media.flixfacts.com https://prod.flixgvid.flix360.io https://media.flixcar.com https://www.google.com https://www.gstatic.com https://seal.godaddy.com https://cdn.wishpond.net https://venred.s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://s3.amazonaws.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://ssl.google-analytics.com  https://connect.facebook.net https://cdn.ckeditor.com https://maps.googleapis.com; img-src 'self' data: https://pixel.sitescout.com https://googleads.g.doubleclick.net https://media.flixcar.com https://rt.flix360.com https://cx.atdmt.com https://seal.godaddy.com https://shield.sitelock.com https://www.facebook.com https://www.google.com https://www.google.com.sv https://www.google-analytics.com https://buketomnisportpweb.s3.us-east-2.amazonaws.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://cdn.ckeditor.com  https://maps.gstatic.com https://maps.googleapis.com ; style-src 'self' 'unsafe-inline' https://media.flixcar.com https://fonts.googleapis.com https://cdn.ckeditor.com; font-src 'self' https://media.flixfacts.com https://media.flixcar.com fonts.gstatic.com data:; frame-src https://pixel.sitescout.com https://www.mabeindex.com https://www.youtube.com https://media.flixcar.com https://front-notrack.indexado.production.pmbox.cloud https://www.google.com https://undefined https://venred.s3.amazonaws.com/samsung/homeshop/templates/omnisport/index.html https://www.facebook.com https://s-static.ak.facebook.com https://bid.g.doubleclick.net https://syndication-sola.com; object-src 'none'; connect-src 'self' https://www.google.com.sv https://analytics.google.com https://api.repositorio.production.alquimio.cloud https://media.flixcar.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net; media-src 'self' https://buketomnisportpweb.s3.us-east-2.amazonaws.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
font-src *.googleapis.com *.gstatic.com https://static.micuentaweb.pe/static/ *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.twitter.com *.bootstrapcdn.com https://css.zohocdn.com https://secure.micuentaweb.pe h.online-metrix.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.twitter.com https://www.facebook.com https://secure.micuentaweb.pe h.online-metrix.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com www.google.com https://secure.micuentaweb.pe/vads-payment/ https://static.micuentaweb.pe/static/ youtu.be *.vimeo.com *.addthis.com *.google.com/ *.twitter.com *.google.com https://www.facebook.com https://secure.micuentaweb.pe h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.cdninstagram.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.micuentaweb.pe/static/latest/images/type-carte/ https://static.micuentaweb.pe/static/ https://secure.micuentaweb.pe/vads-payment/ *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.usercentrics.eu blob: *.googleadservices.com *.google-analytics.com *.twitter.com https://www.facebook.com https://css.zohocdn.com https://salesiq.zohopublic.com https://secure.micuentaweb.pe h.online-metrix.net *.d.aa.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apis.google.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.twitter.com googletagmanager.com *.fontawesome.com m.addthis.com z.moatads.com https://connect.facebook.net widgets.pinterest.com download.zohopublic.com vts.zohopublic.com salesiq.zoho.com js.zohostatic.com css.zohostatic.com wms.zohopublic.com media.zohostatic.com dyjgaef5vuq51.cloudfront.net dtzpfzv31buvf.cloudfront.net js.zohocdn.com css.zohocdn.com img.zohostatic.com fonts.zohostatic.com https://secure.micuentaweb.pe h.online-metrix.net https://static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com https://static.micuentaweb.pe/static/ *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.twitter.com *.gstatic.com *.bootstrapcdn.com use.fontawesome.com *.google-analytics.com https://accounts.google.com/gsi/style https://css.zohocdn.com https://secure.micuentaweb.pe h.online-metrix.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ *.cloudflare.com ekr.zdassets.com/ *.twitter.com https://connect.facebook.net https://www.facebook.com https://salesiq.zoho.com wss://vts.zohopublic.com https://salesiq.zohopublic.com https://secure.micuentaweb.pe h.online-metrix.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.micuentaweb.pe/vads-payment/ https://api.micuentaweb.pe/api-payment/ https://static.micuentaweb.pe/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.departement06.fr 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' analytics.cdmon.com widget.scrads.com connect.facebook.net bat.bing.com static.ads-twitter.com static.hotjar.com *.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com widget.scrads.com *.doubleclick.net; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.cdmon.com widget.scrads.com *.facebook.com bat.bing.com; font-src 'self' fonts.gstatic.com; frame-src 'self' widget.scrads.com *.facebook.com *.youtube.com *.doubleclick.net; img-src 'self' data: hostwordpress.es *.hostwordpress.es widget.scrads.com analytics.twitter.com t.co *.facebook.com google.com google.es *.ytimg.com bat.bing.com *.google.com *.google.es; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' exelatech.com *.exelatech.com; connect-src 'self' exelatech.com *.exelatech.com *.onetrust.com *.leadpages.io *.leadpages.net *.lpages.co *.jsdelivr.net *.onetrust.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net https://e.clarity.ms/ https://cdn.linkedin.oribi.io/ https://analytics.google.com/ *.vimeo.com *.prezi.com *.zdassets.com widget-mediator.zopim.com t.co; font-src 'self' exelatech.com *.exelatech.com *.googleapis.com *.gstatic.com *.leadpages.io *.leadpages.net *.lpages.co *.onetrust.com *.jsdelivr.net https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ *.vimeo.com *.prezi.com; frame-src 'self' exelatech.com *.exelatech.com *.onetrust.com *.googleapis.com *.leadpages.io *.leadpages.net *.lpages.co *.youtube.com *.vimeo.com https://prezi.com *.googletagmanager.com bid.g.doubleclick.net t.co; img-src * 'self' data: https: exelatech.com *.exelatech.com 'unsafe-inline' *.googleapis.com *.google.com *.google.co.in *.google-analytics.com *.g.doubleclick.net *.bing.com t.co *.vimeo.com *.prezi.com *.facebook.com px.ads.linkedin.com *.leadpages.io *.leadpages.net *.lpages.co *.onetrust.com *.globenewswire.com https://px.ads.linkedin.com/ https://p.adsymptotic.com; media-src 'self' exelatech.com *.exelatech.com *.googleapis.com *.leadpages.io *.leadpages.net *.lpages.co *.vimeo.com *.prezi.com *.vimeocdn.com *.akamaized.net px.ads.linkedin.com; object-src 'self' exelatech.com *.exelatech.com *.googleapis.com *.leadpages.io *.leadpages.net *.lpages.co *.vimeo.com *.prezi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' exelatech.com *.exelatech.com *.jquery.com *.jsdelivr.net *.googleapis.com *.leadpages.io *.leadpages.net *.lpages.co *.licdn.com www.googleadservices.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net *.vimeo.com *.prezi.com *.vimeocdn.com *.pardot.com *.zopim.com *.zdassets.com *.onetrust.com t.co addtocalendar.com https://www.clarity.ms/ https://www.dwin1.com/ https://cdn.jsdelivr.net https://ml314.com/ https://cdn.rawgit.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.exelatech.com *.googleapis.com *.gstatic.com *.leadpages.io *.leadpages.net *.lpages.co *.jsdelivr.net www.googleadservices.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com https://stackpath.bootstrapcdn.com/ *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net *.vimeo.com *.prezi.com *.pardot.com *.zopim.com *.zdassets.com addtocalendar.com *.onetrust.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com t.co *.bing.com; form-action 'self' exelatech.com *.exelatech.com; frame-ancestors 'none'; 1
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors https://www.aigconnect.aig https://www-cms.aigconnect.aig https://share.connect.aig/ 1
frame-ancestors 'self' uat.adnocdistribution.ae 1
frame-ancestors 'self' https://royalcopenhagen.nordicmediaplay.dk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' 'self' https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://yastatic.net https://app.blinger.io; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com; base-uri 'self'; frame-src 'self' https://www.recaptcha.net viber: https://youtube.com; manifest-src 'self'; media-src 'self' https://box.bsb.by; connect-src 'self' data: https://analytics.google.com https://mc.yandex.ru https://mc.yandex.by https://www.google-analytics.com https://www.google.by wss://app.blinger.io https://stats.g.doubleclick.net https://box.bsb.by https://api-site.bsb.by/wp-json/ https://mobile.bsb.by/api/v1/ https://landing.bsb.by/api/site/ https://api.bsb.by/card-offers/api/; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://api-maps.yandex.ru https://yandex.ru https://core-sat.maps.yandex.net https://app.blinger.io https://blinger.io https://box.bsb.by https://www.bsb.by https://core-renderer-tiles.maps.yandex.net https://www.google.by https://www.googletagmanager.com https://www.google-analytics.com https://*.core-stv-renderer.maps.yandex.net https://mastercard-offers.digitalizm.com https://www.visa.com https://mc.yandex.ru https://pano.maps.yandex.net https://burp/favicon.ico https://zap/favicon.ico; script-src-elem 'unsafe-inline' 'self' https://app.blinger.io https://www.googletagmanager.com https://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://www.recaptcha.net https://www.gstatic.com https://www.googleadservices.com https://core-stv-renderer.maps.yandex.net; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; worker-src 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.recaptcha.net/recaptcha/api.js https://c0.pubmine.com https://s.pubmine.com https://criteo.com https://*.criteo.com https://criteo.net https://*.criteo.net https://*.vexowi.com https://vexowi.com https://c.amazon-adsystem.com https://*.3lift.com https://3lift.com https://z.moatads.com https://*.moatads.com https://*.smartadserver.com https://app.link https://*.sascdn.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagservices.com/ https://cdn.parsely.com https://a.teads.tv/analytics/tag.js https://assets.tumblr.com https://ads.pubmatic.com https://cdn.jsdelivr.net https://*.privacymanager.io https://*.rlcdn.com https://s3-us-west-2.amazonaws.com/sftemp/sf_v1.0.1/ https://assets.tumblr.com/pop/ 'nonce-N2VhMTQ0MzQ4Njk4YmNiZGJiZmRjMjczNmViYWY1YjA='; report-uri /svc/cspreports; object-src 'none'; worker-src blob: 'self'; base-uri 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://porno.dreammovies.com/csp-reports; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com ws.zoominfo.com www.googletagmanager.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hsforms.net https://app-sj25.marketo.com https://player.vimeo.com/; img-src 'self' https://i.vimeocdn.com/ https://forms.hsforms.com https://forms-na1.hsforms.com data:; font-src 'self' data:; 1
frame-ancestors 'self' https://files.fue.edu.eg 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.skroutz.gr https://skroutza.skroutz.gr *.socital.com *.taboola.com *.criteo.net https://sslwidget.criteo.com https://analytics.tiktok.com https://collection.e-satisfaction.com *.ubembed.com *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://optimize.google.com https://www.googleoptimize.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://sslwidget.criteo.com https://plugin.socital.com https://collection.e-satisfaction.com https://collection.e-sa https://cdn.jsdelivr.net https://fonts.googleapis.com https://optimize.google.com; object-src 'self'; img-src 'self' data: *.youtube.com *.doubleclick.net *.socital.com https://e1.emxdgt.com https://fonts.gstatic.com https://www.googletagmanager.com *.skroutz.gr https://visitor.omnitagjs.com https://s.thebrighttag.com https://dpm.demdex.net https://eb2.3lift.com https://simage2.pubmatic.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://id5-sync.com https://ad.360yield.com https://ad.yieldlab.net *.e-satisfaction.com *.criteo.com https://beacon.krxd.net https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://sync.outbrain.com https://exchange.mediavine.com https://matching.ivitrack.com https://cm.adform.net https://ups.analytics.yahoo.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://cm.g.doubleclick.net https://x.bidswitch.net https://www.homemarkt.gr https://homemarktnew2018.staginglh.com https://homemarktnew2018.test.devlh.com https://local.homemarktnew2018.gr https://homemarkt.gr https://homemarkt https://local.homemarktnew2018.gr https://homemarkt.lhscdn.com https://homemar  *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr https://collection.e-satisfaction.com https://www.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com *.taboola.com https://www.facebook.com/ https://plugin.socital.com https://googleads.g.doubleclick.net *.google.com https://analytics.tiktok.com https://www.googleadservices.com https://conversionsapi.homemarkt.gr https://www.google.com https://www.google.gr https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://cdn.e-satisfaction.com https://collection.e-satisfaction.com ; frame-src *; media-src 'self' 1
script-src 'self' https://code.jquery.com/jquery-1.4.2.min.js 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' api.ipify.org plausible.cubecoders.com manage.cubecoders.com i.ytimg.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.masterpassturkiye.com;                      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net https://*.tiktok.com https://*.criteo.com https://*.yandex.ru https://*.nr-data.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://as-sec.casalemedia.com https://cdn.scarabresearch.com https://cdnjs.cloudflare.com https://connect.facebook.net https://cdn.cookielaw.org https://google-analytics.com https://googleads.g.doubleclick.net https://graph.facebook.com https://googletagmanager.com https://*.newrelic.com https://js.facebook.com https://maps.googleapis.com https://maps.google.com https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://st-thenorthface.mncdn.com https://tags.creativecdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://js.bkmexpress.com.tr https://*.youtube.com https://www.gstatic.com https://www.clarity.ms;                      style-src 'self' 'unsafe-inline' *.jsdelivr.net https://*.tiktok.com *.google.com cdnjs.cloudflare.com st-thenorthface.mncdn.com www.googletagmanager.com;                      child-src 'self' blob: *.masterpassturkiye.com *.facebook.com *.google.com *.doubleclick.net https://*.creativecdn.com https://*.blivenyc.com *.googlesyndication.com *.criteo.com *.criteo.net connect.facebook.net fledge-eu.creativecdn.com vars.hotjar.com www.googletagmanager.com https://*.youtube.com https://js.bkmexpress.com.tr;                      base-uri 'self' *.casalemedia.com;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true 1
frame-ancestors https://furniture.jordans.com https://www.jordans.com http://main.planningwiz.com http://apps.jnet.biz http://iis-dev.jnet.biz https://apps.jnet.biz https://iis-dev.jnet.biz https://162.209.18.9 https://*.vee24.com https://*.turnto.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.spotify.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' webwavecms.com webwave.me ro.webwave.me webwave.ro webwave.com.au szablony.webwavecms.com templates.webwave.me templates.webwave.com.au sabloane.webwave.ro ; 1
base-uri 'self'; default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http: https:; connect-src 'self' * ws: wss: blob:; worker-src 'self' * data: blob:; font-src 'self' * data: blob:; frame-src 'self' * data: blob: about: mailto: mstrapp: dossier:; img-src 'self' * data: blob: about:; media-src 'self' * data: blob: rtsp: rtmp:; child-src 'self' * data: blob:; 1
default-src *.sanuk.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.sanuk.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; worker-src *.sanuk.com blob: *.osano.com; child-src *.sanuk.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.sanuk.com/_/csp-reports 1
frame-ancestors 'self' https://www.itransition.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *; frame-ancestors 'self' https://*.extrememusic.com 1
frame-ancestors 'self' shoparena.pl *.shoparena.pl shoper.pl *.shoper.pl; 1
child-src 'self' * ;connect-src 'self' acsbapp.com *.acsbapp.com *.google.com *.gstatic.com *.googleapis.com *.cookielaw.org * ;default-src 'self' * ;font-src 'self' fonts.gstatic.com *.googleapis.com * ;frame-src 'self' *.google.com *.matterport.com *.sightmap.com sightmap.com * MailTo ;img-src 'self' *.gstatic.com *.googleapis.com *.photoshelter.com *.rentcafe.com * data:;media-src 'self' *.funnelleasing.com *.nestio.com * data:;script-src 'self' www.googletagmanager.com fonts.gstatic.com *.googleapis.com *.google-analytics.com code.jquery.com script.crazyegg.com 'unsafe-inline' 'unsafe-eval' acsbapp.com *.acsbapp.com *.google.com *.cookielaw.org *.gstatic.com *.funnelleasing.com *.nestio.com *.newrelic.com *.sightmap.com sightmap.com * ;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.funnelleasing.com *.nestio.com * ;worker-src 'self' * blob:; 1
default-src 'self' www.compassionandchoices.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://acsbapp.com/apps/app/dist/js/app.js https://cdn.acsbapp.com/  https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org amplify.outbrain.com *.hotjar.com https://vc.hotjar.io/* *.hotjar.io tags.wdsvc.net www.googletagmanager.com tag.simpli.fi tr.outbrain.com www.youtube.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.cloudfront.net *.ngpvan.com *.verygoodvault.com *.msecnd.net https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js compassionandchoices.bamboohr.com tags.srv.stackadapt.com https://www.dafdirect.org https://wave.outbrain.com https://acsbapp.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudfront.net hello.myfonts.net https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css tags.srv.stackadapt.com https://www.dafdirect.org/; font-src 'self' https://acsbapp.com/ fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cloudfront.net; img-src 'self' *.insight.adsrvr.org *.acsbapp.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tr.outbrain.com bcp.crwdcntrl.net *.everyaction.com *.doubleclick.net www.googletagmanager.com *.cloudfront.net resources.bamboohr.com tags.srv.stackadapt.com https://www.dafdirect.org/ https://insight.adsrvr.org https://mid.rkdms.com https://loadm.exelator.com https://secure.insightexpressai.com https://uipglob.semasio.net https://s.thebrighttag.com https://match.adsrvr.org https://match.sync.ad.cpe.dotomi.com; media-src 'self' data: blob:; child-src * 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.doubleclick.net *.hotjar.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com wss://*.hotjar.com *.hotjar.com *.everyaction.com *.doubleclick.net https://dc.services.visualstudio.com/v2/track https://advocator.ngpvan.com *.ngpvan.com *.wdsvc.net *.adsrvr.org https://cdn.acsbapp.com/ tags.srv.stackadapt.com compassionandchoices.bamboohr.com https://content.hotjar.io https://acsbapp.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-AXI-SCRIPT-1358171' 'strict-dynamic'; style-src 'self' 'unsafe-inline' 1
X-Frame-Options: SAMEORIGIN 1
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://*.salesmanago.com https://*.salesmanago.com wss://*.salesmanago.com http://*.salesmanago.pl https://*.salesmanago.pl wss://*.salesmanago.pl http://*.salesmanago.es https://*.salesmanago.es wss://*.salesmanago.es 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: ecosystem.matomo.cloud fonts.googleapis.com fonts.gstatic.com; base-uri 'self' ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: *.creativecdn.com *.criteo.com *.hotjar.com *.hotjar.io *.taboola.com consentcdn.cookiebot.com ecosystem.matomo.cloud maps.googleapis.com region1.analytics.google.com stats.g.doubleclick.net; frame-src 'self' *.doubleclick.net *.creativecdn.com *.criteo.com *.greenconnected.fr bonusqualirepar.ecosystem.eco consentcdn.cookiebot.com ecosystem.matomo.cloud form.jotform.com f.ecosystem.eco page.ecosystem.eco portail-reparateurs.ecosystem.eco www.google.com www.youtube-nocookie.com www.youtube.com; img-src 'self' data: *.creativecdn.com *.doubleclick.net *.ecosystem.eco *.taboola.com img.youtube.com jedonnemontelephone.fr maps.googleapis.com maps.gstatic.com r.phywi.org www.google.fr www.googletagmanager.com www.img-static.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'report-sample' 'self' nonce-gtm251 *.criteo.com *.hotjar.com *.pwspace.com *.taboola.com cdn.datatables.net cdn.matomo.cloud cdn.powerspace.com consent.cookiebot.com consentcdn.cookiebot.com ecosystem.matomo.cloud js-tag.zemanta.com maps.googleapis.com tags.creativecdn.com www.googletagmanager.com www.youtube.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.datatables.net ecosystem.matomo.cloud fonts.googleapis.com fonts.gstatic.com; worker-src 'none' 1
connect-src 'self' https://*.cookiebot.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.infogram.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskydaily.com https://*.mail.ru https://*.mktoresp.com https://*.omtrdc.net https://*.pingdom.net https://*.podbean.com https://*.reddit.com https://*.taboola.com https://*.yandex.ru https://*.youtube.com https://hn.algolia.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.googletagmanager.com https://www.opinionstage.com https://www.riddle.com; default-src 'self' https://*.kasperskydaily.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.riddle.com; font-src 'self' data: https://*.cloudfront.net https://*.gstatic.com https://*.kasperskydaily.com https://*.slideshare.net https://*.slidesharecdn.com https://*.wp.com https://assets.kasperskydaily.com https://fonts.googleapis.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.riddle.com; frame-ancestors 'self' http://webvisor.com https://*.kasperskydaily.com https://kasperskydaily.com https://latam.kaspersky.com https://me-en.kaspersky.com https://me.kaspersky.com https://media.kasperskydaily.com https://usa.kaspersky.com https://webvisor.com https://www.kaspersky.co.in https://www.kaspersky.co.jp https://www.kaspersky.co.uk https://www.kaspersky.co.za https://www.kaspersky.com https://www.kaspersky.com.au https://www.kaspersky.com.br https://www.kaspersky.com.cn https://www.kaspersky.com.tr https://www.kaspersky.de https://www.kaspersky.es https://www.kaspersky.fr https://www.kaspersky.it https://www.kaspersky.nl https://www.kaspersky.pl https://www.kaspersky.ru https://www.riddle.com; frame-src 'self' http://www.tiki-toki.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.infogram.com https://*.instagram.com https://*.kaspersky.com https://*.kasperskydaily.com https://*.libsyn.com https://*.marketo.com https://*.podbean.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.usabilla.com https://*.wp.com https://*.youtube.com https://amuselabs.com https://cdn.knightlab.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net https://infogram.com https://kaspersky.berkeleypr.com https://kaspersky.demdex.net https://kasperskydaily.com https://media.kasperskydaily.com https://online.pubhtml5.com https://player.vimeo.com https://safebook.kaspersky.ru https://techscout.vc https://view.genial.ly https://www.brighttalk.com https://www.ivoox.com https://www.opinionstage.com https://www.riddle.com; img-src 'self' data: http://*.cloudfront.net http://*.imgix.net http://*.ipinyou.com http://*.wordpress.com http://*.wp.com http://i0.poll.fm https://*.cloudfront.net https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.imgix.net https://*.infogram.com https://*.instagram.com https://*.ipinyou.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskydaily.com https://*.linkedin.com https://*.omtrdc.net https://*.qq.com https://*.rutarget.ru https://*.sharethis.com https://*.staticflickr.com https://*.taboola.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.yahoo.co.jp https://*.yandex.ru https://*.youku.com https://cm.pos.baidu.com https://geo.yahoo.com https://img.youtube.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://kasperskydaily.com https://maps.googleapis.com https://media.kasperskydaily.com https://pixel.quantserve.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3.amazonaws.com https://scontent.cdninstagram.com https://t.co https://vk.com https://www.google.hr https://www.riddle.com; media-src 'self' https://*.kasperskydaily.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.riddle.com; object-src 'self' https://*.kasperskydaily.com https://kasperskydaily.com https://media.kasperskydaily.com https://player.vimeo.com https://polldaddy.com https://www.riddle.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bizographics.com https://*.cloudfront.net https://*.cookiebot.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.ipinyou.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskydaily.com https://*.mail.ru https://*.marketo.com https://*.marketo.net https://*.polldaddy.com https://*.push4site.com https://*.quantserve.com https://*.sharethis.com https://*.taboola.com https://*.twimg.com https://*.twitter.com https://*.usabilla.com https://*.woopra.com https://*.wp.com https://*.yahoo.co.jp https://*.yandex.ru https://*.yimg.com https://*.yimg.jp https://addthisevent.com https://analytics-scripts.s3-eu-west-1.amazonaws.com https://assets.adobedtm.com https://assets.kasperskydaily.com https://connect.mail.ru https://kaspersky.berkeleypr.com https://kaspersky.d2.sc.omtrdc.net https://kasperskydaily.com https://media.kasperskydaily.com https://player.vimeo.com https://push4site.com https://rum-static.pingdom.net https://s.ytimg.com https://s3.amazonaws.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://sp.analytics.yahoo.com https://techscout.vc https://unpkg.com https://vk.com https://www.brighttalk.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.linkedin.com https://www.opinionstage.com https://www.riddle.com https://www.youtube.com https://yastatic.net; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.google.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.kasperskydaily.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskydaily.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.riddle.com; worker-src 'self' blob: data: file: filesystem: https://*.kaspersky.com https://*.kasperskydaily.com https://kasperskydaily.com https://media.kasperskydaily.com https://www.riddle.com unsafe-eval unsafe-inline 1
default-src 'self'; script-src 'self' data: https://www.gstatic.com data: https://form.typeform.com data: https://static.geetest.com data: https://*.hotjar.com data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://connect.facebook.net data: https://connect.facebook.net data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://static.ads-twitter.com data: http://gcaptcha4.geevisit.com data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://www.googletagmanager.com data: https://www.google-analytics.com data: https://widget.intercom.io data: https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: wss://*.firebaseio.com data: https://*.googleapis.com data: https://www.gstatic.com data: https://*.hyperverge.co data: https://*.amazonaws.com data: https://stats.g.doubleclick.net data: https://vitals.vercel-insights.com/v1/vitals data: https://test-api.difx.com data: http://gcaptcha4.gsensebot.com data: https://*.hotjar.com data: wss://*.hotjar.com data: https://www.facebook.com data: https://*.hotjar.io data: https://api-v2.difx.com data: wss://test-api.difx.com data: wss://api-v2.difx.com data: https://api-iam.intercom.io data: wss://nexus-websocket-a.intercom.io data: https://o1100856.ingest.sentry.io data: https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://www.gstatic.com data: https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js data: https://*.amazonaws.com data: https://connect.facebook.net data: https://*.hotjar.com data: http://gcaptcha4.geevisit.com data: http://gcaptcha4.gsensebot.com data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: https://www.google.com/recaptcha data: https://static.geetest.com data: http://static.geetest.com data: http://gcaptcha4.geetest.com data: http://static.geevisit.com/ data: https://widget.intercom.io data: https://js.intercomcdn.com/ data: https://www.google-analytics.com data: https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geetest.com data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://cdnjs.cloudflare.com data: https://js.intercomcdn.com data: https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: https://difx-futures-app.vercel.app blob: data: https://media.difx.com data: https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com data: https://www.google.com data: https://www.google.ae data: http://*.cloudfront.net data: https://downloads.intercomcdn.com data: https://js.intercomcdn.com data: https://www.facebook.com data: https://t.co data: https://analytics.twitter.com data: http://static.geetest.com data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://difxio.medium.com data: https://flagcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data: https://alchemy.veriff.com data: https://www.google.com data: https://www.typeform.com data: https://form.typeform.com/ data: https://www.facebook.com data: https://*.hotjar.com data: https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com data: https://onramp.money data: https://*.onramp.money; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* loyalty.us10.list-manage.com s3.amazonaws.com/downloads.mailchimp.com/ *.google.com *.gstatic.com www.google-analytics.com *.youtube.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.ads.linkedin.com cdn.cookielaw.org cookielaw.org *.cookielaw.org cookiepro.com *.cookiepro.com onetrust.com *.onetrust.com *.eyereturn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com *.fontawesome.com *.myfonts.net; font-src 'self' *.amazonaws.com *.gstatic.com *.fontawesome.com *.myfonts.net data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.ca *.g.doubleclick.net *.adsrvr.org *.facebook.com *.linkedin.com cdn.cookielaw.org; frame-src 'self' localhost:* *.google.com *.youtube.com go.loyalty.com *.doubleclick.net; connect-src 'self' *.loyalty.com http://ipinfo.io *.google-analytics.com cookielaw.org *.cookielaw.org cookiepro.com *.cookiepro.com onetrust.com *.onetrust.com; 1
default-src 'none'; base-uri 'self'; manifest-src 'self'; connect-src 'self' https://svanalytics.piwik.pro https://svanalytics.containers.piwik.pro https://rstts-eu.readspeaker.com https://vtdnntts-eu.readspeaker.com/ https://api.mediaflow.com https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://i14.inviewer.se *.sandviken.se https://m.mediaflow.com https://m1.analytics.sitevision-cloud.se https://mfstatic.com https://predict.rekai.se https://skattekollen.se https://stats.mediaflowpro.com https://uistats.sitevision.se https://v1.mediaflow.com https://v2.mediaflow.com https://view.rekai.se; font-src 'self' data: https://mfstatic.com https://static.mediaflowpro.com; form-action 'self' https://m1.analytics.sitevision-cloud.se *.sandviken.se; frame-src 'self' *.sandviken.se https://exportservice.actorsmartbook.se https://m1.analytics.sitevision-cloud.se https://marketplace.sitevision.se https://mpi.mashie.com https://play.mediaflow.com https://sandviken.ondemand.formpipe.com https://w.soundcloud.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://assets.mediaflowpro.com https://im14.inviewer.se https://images.citybreakcdn.com https://img.youtube.com *.sandviken.se https://media.objektvision.se https://mfstatic.com https://oppnadata.skl.se https://skattekollen.se https://static.mediaflowpro.com https://www.skidspar.se; media-src 'self' blob: https://m.mediaflow.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://svanalytics.containers.piwik.pro https://cdn-eu.readspeaker.com https://code.jquery.com https://i14.inviewer.se *.sandviken.se https://m1.analytics.sitevision-cloud.se https://mfstatic.com https://oppnadata.skl.se https://platform.linkedin.com https://skattekollen.se https://static.mediaflowpro.com https://static.rekai.se https://uistats.sitevision.se  https://www.gstatic.com https://www.linkedin.com https://www.skidspar.se; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://cdn-images.mailchimp.com *.sandviken.se https://mfstatic.com https://oppnadata.skl.se https://skattekollen.se https://static.mediaflowpro.com https://www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://boarshead.scdn5.secure.raxcdn.com *.typekit.net ajax.googleapis.com *.addthis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.bugherd.com *.facebook.net *.facebook.com www.google-analytics.com *.chartbeat.com *.pinterest.com *.youtube.com *.serving-sys.com *.ytimg.com a248.e.akamai.net dnn506yrbagrg.cloudfront.net *.addthisedge.com *.twitter.com *.newrelic.com cdn.ampproject.org *.google.com *.nr-data.net hosted.where2stageit.com *.omnivirt.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://edge.marker.io https://marker.io *.pinimg.com *.chicoryapp.com chicoryapp.com *.quantserve.com *.quantcount.com *.cookielaw.org *.onetrust.com *.blob.core.windows.net *.moatads.com cdnjs.cloudflare.com https://cdn.tiny.cloud *.ensighten.com *.adsrvr.org *.pdst.fm *.spotify.com *.spotifycdn.com https://analytics.tiktok.com *.addtoany.com; font-src 'self' data: *.typekit.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io https://edge.marker.io *.onetrust.com https://boarshead.scdn5.secure.raxcdn.com; style-src 'self' 'unsafe-inline' https://boarshead.scdn5.secure.raxcdn.com tagmanager.google.com fonts.googleapis.com *.myfonts.net *.onetrust.com *.typography.com https://cdn.tiny.cloud *.typekit.net *.googletagmanager.com; img-src 'self' blob: data: https://boarshead.scdn5.secure.raxcdn.com *.typekit.net www.google-analytics.com *.facebook.com *.chartbeat.net *.ytimg.com img.youtube.com *.adsrvr.org *.pinterest.com *.doubleclick.net *.gstatic.com *.google.com loadm.exelator.com ib.adnxs.com odr.mookie1.com tags.rd.linksynergy.com image2.pubmatic.com i.liadm.com io.narrative.io dmp.truoptik.com e.nexac.com match.sharethrough.com pixel.advertising.com pixel.tapad.com ads.scorecardresearch.com x.bidswitch.net adadvisor.net t.mookie1.com *.boarshead.com boarshead.com load77.exelator.com *.cdninstagram.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://media.marker.io https://marker.io https://edge.marker.io *.mathtag.com *.quantserve.com *.cookielaw.org *.twitter.com https://sp.tinymce.com/ *.docker.localhost/ https://www.googletagmanager.com; connect-src 'self' performance.typekit.net *.facebook.com *.addthis.com www.googletagmanager.com *.boarshead.com *.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.marker.io https://ssr.marker.io https://*.pinterest.com chicoryapp.com *.chicoryapp.com *.cookielaw.org *.blob.core.windows.net *.onetrust.com *.doubleclick.net *.nr-data.net *.cloudfunctions.net https://adservice.google.com https://www.google.com *.sentry.io https://analytics.tiktok.com; frame-src 'self' *.youtube.com *.addthis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com locations.boarshead.com *.omnivirt.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io/ *.chicoryapp.com chicoryapp.com https://app.marker.io https://ct.pinterest.com https://*.adsrvr.org https://*.spotify.com; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io; media-src 'self' *.vimeo.com download-video.akamaized.net gcs-vimeo.akamaized.net *.vimeocdn.com *.omnivirt.com *.youtube.com vod-progressive.akamaized.net https://media.marker.io https://marker.io https://marker.io https://edge.marker.io; form-action *; report-uri https://boarshead.endpoint.csper.io; 1
default-src 'self' *.cookiepro.com *.crazyegg.com *.doubleclick.net *.episerver.net *.gmo.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.jquery.com *.jsdelivr.net *.kaltura.com *.lever.co *.moatads.com *.monitor.azure.com *.msecnd.net *.onetrust.com *.pardot.com *.quantcount.com *.quantserve.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.taleo.net *.visualstudio.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookiepro.com *.crazyegg.com *.doubleclick.net *.episerver.net *.google.com *.google-analytics.com *.googletagmanager.com *.gmo.com *.gstatic.com *.jquery.com *.jsdelivr.net *.kaltura.com *.moatads.com *.monitor.azure.com *.msecnd.net *.onetrust.com *.quantcount.com *.quantserve.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.taleo.net *.visualstudio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' acuris.wpengine.com * www.googletagmanager.com www.google.com ajax.googleapis.com en25.com  google-analytics.com analytics.google.com www.google-analytics.com; 1
default-src https://dzieje.pl; style-src 'self' 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.podigee.com https://player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://ssl.google-analytics.com https://player.podigee-cdn.net https://cdn.podigee.com; img-src 'self' data: https://dzieje.pl https://*.tile.openstreetmap.org https://ssl.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://maps.gstatic.com https://unpkg.com https://images.podigee-cdn.net; font-src 'self' data: https://fonts.gstatic.com https://player.podigee-cdn.net; frame-src 'self' ljsp.lwcdn.com https://*.dcs.redcdn.pl https://*.spotify.com https://igrafika.pap.pl https://www.youtube.com https://www.google.com https://podcasts.google.com https://player.podigee-cdn.net https://audioteka.com; frame-ancestors 'self'; connect-src 'self' https://*.google-analytics.com; base-uri 'self'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NWUxOWFmZjM5Yjg2NGIyNWJmODFmYjc1YWVjMjcxMTY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.cbg-meb.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.cbg-meb.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.cbg-meb.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' http: https: data: 'unsafe-inline';script-src https: *.trustlogo.com *.secure.comodo.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://manage.mhlnews.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline' hm.baidu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' hm.baidu.com; 1
frame-src 'self' *; frame-ancestors 'self' * 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ctrlq.org/logs/ https://ctrlq.org/sidekiq/ https://ctrlq.org/mini-profiler-resources/ https://ctrlq.org/assets/ https://ctrlq.org/extra-locales/ https://ctrlq.org/highlight-js/ https://ctrlq.org/javascripts/ https://ctrlq.org/plugins/ https://ctrlq.org/theme-javascripts/ https://ctrlq.org/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://ctrlq.org/assets/ https://ctrlq.org/javascripts/ https://ctrlq.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' blob: https: data: https 'unsafe-inline' *.uktv.co.uk *.uktvplay.co.uk *.ppdplay.co.uk *.ppplay.co.uk *.ppdevuktv.co.uk *.ppswitchuktv.co.uk *.staginguktv.co.uk *.ppstageuktv.co.uk *.uatuktv.co.uk *.ppuktv.co.uk *.uktvapi.co.uk https://ad.doubleclick.net https://*.fls.doubleclick.net; object-src 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: https:; media-src 'self' data: https blob: https:; manifest-src 'self' data: https https://s3-eu-west-1.amazonaws.com; script-src 'self' 'self' data: https: 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleusercontent.com 'unsafe-inline' https://www.googletagmanager.com *.players.brightcove.net https://s3-eu-west-1.amazonaws.com https://client.rum.us-east-1.amazonaws.com https://edge.api.brightcove.com https://uktvltd.hb.omtrdc.net https://cdn.polyfill.io *.tiqcdn.com https://vjs.zencdn.net https://uktvdotcomtest.2cnt.net *.uktv.co.uk *.uktvplay.co.uk *.ppdplay.co.uk *.ppplay.co.uk *.ppdevuktv.co.uk *.ppswitchuktv.co.uk *.staginguktv.co.uk *.ppstageuktv.co.uk *.uatuktv.co.uk *.ppuktv.co.uk *.uktvapi.co.uk https://tag.aticdn.net/611311/smarttag.js https://tags.tiqcdn.com/utag/uktv/main/prod/utag.js https://mp.simplestream.com https://players.brightcove.net/1242911124001/OrCyvJ2gyL_default/index.min.js https://manifest.prod.boltdns.net https://mssl.fwmrm.net/p/release/latest-JS/adm/prd/AdManager.js https://2a7e9.v.fwmrm.net *.everestjs.net; script-src-attr 'unsafe-inline'; connect-src 'self' blob: https: data: https: *.uktv.co.uk *.uktvplay.co.uk *.ppdplay.co.uk *.ppplay.co.uk *.ppdevuktv.co.uk *.ppswitchuktv.co.uk *.staginguktv.co.uk *.ppstageuktv.co.uk *.uatuktv.co.uk *.ppuktv.co.uk *.uktvapi.co.uk *.thefilter.com https://players.brightcove.net https://uktvdotcomtest.2cnt.net *.mppglobal.com https://mp.simplestream.com *.simplestreamcdn.com https://2a7e9.v.fwmrm.net https://edge.api.brightcove.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://sentry.io https://manifest.prod.boltdns.net https://bcbolt-uktv.akamaized.net https://logws1363.ati-host.net https://dataplane.rum.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' data: https: *.thefilter.com https://uktv-res.cloudinary.com data: https://s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com; prefetch-src 'self' *.boltdns.net https://bcbolt-uktv.akamaized.net https://uktv-res.cloudinary.com https://s3-eu-west-1.amazonaws.com https://players.brightcove.net https://mp.simplestream.com 1
default-src 'self' https:; object-src 'self'; font-src 'self' data: https:; img-src 'self' https: data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 1
default-src 'self'  *.typeform.com ; script-src 'self' 'unsafe-inline' *.typeform.com *.googletagmanager.com *.google.com *.facebook.net *.google-analytics.com ; connect-src 'self' *.google-analytics.com ; img-src 'self' data: *.nayapay.com *.google-analytics.com *.facebook.com; style-src 'self' 'unsafe-inline'; base-uri 'self';form-action 'self'; font-src 'self' data:; frame-src staging.cyber.net.pk *.typeform.com ; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://admin.arbfile.org; default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://distillery.wistia.com https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://polyfill.io https://subrogation.connectedcommunity.org https://p.typekit.net https://use.typekit.net https://workforcenow.adp.com https://www.arbfile.org https://www.dfs.ny.gov https://www.google-analytics.com https://www.googletagmanager.com https://www.research.net https://embed-cloudfront.wistia.com https://pipedream.wistia.com https://fonts.googleapis.com https://fg8vvsvnieiv3ej16jby.litix.io https://communications.arbfile.org data: blob: 1
frame-ancestors 'self' https://hootsuite.com https://*.hootsuite.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.recaptcha.net https://plugin.monotote.com https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://www.pinterest.com https://www.pinterest.co.uk https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.abtasty.com https://tr6.snapchat.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com wss://lo.msg.liveperson.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.io https://*.smct.io https://*.abtasty.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.glossybox.co.uk https://m.glossybox.co.uk https://checkout.glossybox.co.uk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.ads-twitter.com https://analytics.twitter.com https://plugin.monotote.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.tribalfusion.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://s.pinimg.com https://s.tribalfusion.com https://a.tribalfusion.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io blob: https://*.abtasty.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://fcc.websol.barchart.com https://acrobatservices.adobe.com https://cdn.jsdelivr.net https://*.clarity.ms https://netlify-cdp-loader.netlify.app https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/tex-mml-chtml.js https://netlify-rum.netlify.app; img-src 'self' https://cdn.cookielaw.org https://*.bing.com https://www.googletagmanager.com https://*.clarity.ms https://*.googleapis.com https://*.gstatic.com *.google.com https://www.google.ca *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://images.ctfassets.net https://api.mapbox.com https://img.youtube.com https://img.evbuc.com https://*.ytimg.com; frame-src 'self' https://form.typeform.com *.google.com https://fcc.websol.barchart.com https://www.youtube-nocookie.com https://www.youtube.com https://acrobatservices.adobe.com https://cdn.knightlab.com https://td.doubleclick.net https://app.netlify.com/; frame-ancestors 'self' https://app.stackbit.com https://app.netlify.com/; connect-src 'self' https://ingesteer.services-prod.nsvcs.net/rum_collection https://cdn.cookielaw.org https://privacyportal-ca.onetrust.com https://geolocation.onetrust.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com https://cdn.contentful.com https://graphql.contentful.com https://*.algolia.net https://*.algolianet.com https://assets.ctfassets.net https://downloads.ctfassets.net https://viewlicense.adobe.io/viewsdklicense/jwt https://webhook.gatsbyjs.com/ https://analytics.gatsbyjs.com/ https://stats.g.doubleclick.net https://*.clarity.ms https://preview.contentful.com; font-src https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/; style-src 'self' 'unsafe-inline' https://connect.facebook.net https://www.googletagmanager.com https://fonts.googleapis.com platform.twitter.com ton.twimg.com embed.typeform.com; media-src https://downloads.ctfassets.net/ https://assets.ctfassets.net; form-action 'self' https://fcc-fac.us4.list-manage.com/subscribe/post https://fac-fcc.us4.list-manage.com/subscribe/post https://*.fcc-fac.ca 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com.br https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com.br https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com.br;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com.br  https://smetrics.vwfs.com.br https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com.br;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com.br https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com.br https://smetrics.vwfs.com.br https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://faleconosco.bancovw.com.br https://atendimento-eletronico.bancovw.com.br https://lead.vwfsstore.com.br;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' blob:;frame-ancestors 'self';frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;script-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;img-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com *.trustarc.com *.stape.io *.crazyegg.com *.zoominfo.com *.g2crowd.com *.adroll.com *.techtarget.com *.ubembed.com *.visualwebsiteoptimizer.com *.intentsify.io *.oomnitza.com *.wpengine.com *.insent.ai *.chilipiper.com *.bugherd.com *.storylane.io *.analytics.yahoo.com *.rlcdn.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.mktoresp.com *.doubleclick.net *.cloudfront.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.taboola.com *.3lift.com *.company-target.com *.oribi.io *.github.io *.lever.co *.bidswitch.net *.adnxs.com *.reson8.com *.vimeocdn.com *.mathtag.com *.thrtle.com *.bluekai.com *.demdex.net *.thrtle.com app.vwo.com s3.amazonaws.com chart.googleapis.com wingify-assets.s3.amazonaws.com ;worker-src 'self' blob:; 1
script-src 'unsafe-inline' 'self' blob: data:  https://widget.intercom.io/widget/x9ly9yez https://calendly.com/ https://www.google-analytics.com https://api.amplitude.com/ https://cdn.bek.coop https://www.gstatic.com https://www.google.com https://www.youtube.com wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://fonts.gstatic.com https://code.ionicframework.com https://use.typekit.net https://static.hotjar.com https://www.googletagmanager.com https://unpkg.com https://api.testbek.com https://js.intercomcdn.com https://vjs.zencdn.net/7.11.4/video.min.js https://unpkg.com/vue@2.6.14 https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://assets.swarmcdn.com/cross/swarmdetect.js https://assets.calendly.com/assets/external/widget.js https://js.chargebee.com/v2/chargebee.js; worker-src 'self' 'unsafe-inline' blob: https://testbek.com; img-src https://* data:*; style-src 'unsafe-inline' 'self' https://testbek.com https://vjs.zencdn.net  https://code.ionicframework.com https://fonts.googleapis.com https://*.typekit.net https://cdn.bek.coop https://dkg63mm7284y1.cloudfront.net/bf07ba443086f7571751d351510fbc359a828177/widget/captivated.css; script-src-elem https: 'unsafe-inline'; 1
block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net gdpr.madwire.com js.driftt.com maps.googleapis.com googleapis.com platform.twitter.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.googleadservices.com der.joshuarms.com po.joshuarms.com apiv2.popupsmart.com accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com accounts.google.com; img-src 'self' data: a.mktgcdn.com bat.bing.com d22s7xnafxduco.cloudfront.net maps.googleapis.com googleapis.com maps.gstatic.com s3.amazonaws.com stats.g.doubleclick.net topratedlocal.s3.amazonaws.com www.facebook.com www.google.com www.google-analytics.com www.yextstatic.com der.joshuarms.com apiv2.popupsmart.com pagead2.googlesyndication.com analytics.google.com *.analytics.google.com; connect-src 'self' bat.bing.com www.facebook.com googleapis.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net der.joshuarms.com apiv2.popupsmart.com accounts.google.com analytics.google.com *.analytics.google.com pagead2.googlesyndication.com www.google.co.uk; font-src 'self' fonts.gstatic.com; frame-src 'self' accounts.google.com bid.g.doubleclick.net facebook.com js.driftt.com www.google.com player.vimeo.com po.joshuarms.com apiv2.popupsmart.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.bluecosmo.com *.garmin.com *.garmin.com:*; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-tXt1eLmMv7K3YrG/UoZDKw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com webchat.dstnyengage.com res.cloudinary.com; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src * 'self'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri https://meta.shaunc.com/report-uri/csp 1
base-uri 'self' https://fonts.googleapis.com/ https://www.googletagmanager.com/; default-src 'self' s.w.org; object-src 'none'; script-src https://*.lukasiewicz.gov.pl  'nonce-OTFmOGQ4YWY1Yg==' 'nonce-MDU4NTFhYWI0ZQ==' 'nonce-ZWQ4ZmUzZmQxZA==' 'nonce-ZGY1MjcyZjNlMw==' 'nonce-NTFlOGJkZmFlYg==' 'nonce-OTg1YjE0MTBhOQ==' 'nonce-OTI3M2MxZmNmYw==' 'nonce-ZWFmMmEwZmRkMQ==' 'nonce-ZTczNmFlNzc1ZQ==' 'nonce-MWIwNzNmZmE0Yg==' 'nonce-OTE5ODQ0YjA2YQ==' 'nonce-ZTM1OGRlM2Q3Nw==' 'nonce-YmRjOWMwNzBkNg==' 'nonce-NjhiYjI5OWM2NA==' 'nonce-ODE1OTY5OWY4Yg==' 'nonce-YWU2NzFjMmRkYQ==' 'nonce-ZGM3NTA2YTM2Mg==' 'nonce-ZmUwOGJhMjljZA==' 'nonce-M2UyMjgzNzg5MQ==' 'nonce-MmY1NTRiZjJhOA==' 'nonce-MDMxOWI2YWM0ZA==' 'nonce-OTI0MTM5N2I2Ng==' 'nonce-MjU0NmZlYTg3NA==' 'nonce-ZWFlZjVkMjM3NQ==' 'nonce-NGE2ZmQwMjZhMw==' 'nonce-N2U2OTY4MWRkYw==' 'nonce-OGJlYWNjMzZjZA==' 'nonce-ZWNlMzM2MzFjMQ==' 'nonce-MzAyMzNlZmZkZQ==' 'nonce-YmUwNjljOTM0Mw==' 'nonce-OTBkZjM2YzYwZg==' 'nonce-ZDE0ODRlOTYxOQ==' 'nonce-MjBjNzM2N2Y4NA==' 'nonce-OThkYWEzMDkzZg==' 'nonce-Yzk3NTVjNDg2Yg==' 'nonce-OGQ1YzgyNzM2MQ==' 'nonce-OWRkMzlhYzQ2Yg==' 'nonce-MTU5YjZhZjkzMA==' 'nonce-MGRlMjY5MjFmNg==' 'nonce-MmQ0MDNlODVjYw==' 'nonce-Yjc4MzAxYTlhNw==' 'nonce-NjEyZGM2ZGRhMQ==' 'nonce-NTA2NzExZTJlYg==' 'nonce-OWY1YzE2ODA3ZA==' 'nonce-Y2ZmNDY0YWJmNw==' 'nonce-ZTBmMjA4YjE1YQ==' 'nonce-ODY0NTBkMThlZQ==' 'nonce-ZTMxZWFkNDdkZA==' 'nonce-ZDU2M2M0M2Q3Zg==' 'nonce-YTlkNWQxYWM1NQ==' 'nonce-YjdiNDhhNTA1Mw==' 'nonce-NjZhYTZhY2MxMQ==' 'nonce-MjIwMzM1YmVhOA==' 'nonce-YWRhZWM3NzQ3YQ==' 'nonce-NGM1YmIxM2E2MA==' 'nonce-YjA0NDUzY2I5Ng==' 'nonce-NTk2M2EyZjY5Mw==' 'nonce-Yjk0OWVhN2UwNg==' 'nonce-OTAxZjk4ODZjYg==' 'nonce-ZGE4MDdkMGQ4ZQ==' 'nonce-ZjQ0OTZmMjUzYQ==' 'nonce-MDA3OGExODM5Zg==' 'nonce-ZmVlYmNiM2RiMA==' 'nonce-MDgyNGUxOTFkMA==' 'nonce-MjVhNWIzYTk5MQ==' 'nonce-YWEyMTdlN2Y4NA==' 'nonce-NWRjZmJkMTVkYQ==' 'nonce-ODZlNzkxOTU5Nw==' 'nonce-NWNmNWE0MTEzOQ==' 'nonce-NDhkNGE0NzgzOQ==' 'nonce-ZmZhNzZjYTFjZQ==' 'nonce-Mjg4M2Q1MGJkNg==' 'nonce-MDgyNjkyY2EzMw==' 'nonce-ZDliNGZmODE5Zg==' 'nonce-NzViMjdlNTI0Nw==' 'nonce-N2JmZWFlNjZlNQ==' 'nonce-YTUwZmM2NjJiMg==' 'nonce-OTJkNjAxMzk3Yw==' 'nonce-ZGRmM2M5NjllNA==' 'nonce-NjEwOTNmYTI1Yw==' 'nonce-NTI2MTc2NGU0YQ==' 'nonce-ZTIyOTYwYjgxNQ==' 'nonce-MTA4YzZkNDg1OQ==' 'nonce-YzBkMDk4YzJiNQ==' 'nonce-MDllZGI3NDUyYQ==' 'nonce-ZDc5NzQ0ODdmZg==' 'nonce-ZGQwZmEzNjU2Mw==' 'nonce-YzgzNTkyMjc2Mw==' 'nonce-Nzg2MWIzYzRlNg==' 'nonce-ZGZlZWYxZjk4Yg==' 'nonce-MGE2ZGM3ZDgxYQ==' 'nonce-ZjAwNzk0YTg5ZQ==' 'nonce-Nzc3NTY5MmI3ZA==' 'nonce-ZWU5ZGYzMGI1Nw==' 'nonce-ODk1MTkxZThhYg==' 'nonce-MjQ1YWVhNzdjZg==' 'nonce-NDNmMzZjOGFkNg==' 'nonce-NDBhOGQwODNjNw==' 'nonce-ZDZkNmE5YTQ4MA==' 'nonce-Mzc0ZDdhZjQzNA==' 'nonce-ZDRmMjc2NzQxZg==' 'nonce-MjA2MGQ3NDU5Ng==' 'nonce-NmMwOTEwMDU4NQ==' 'nonce-YmE1OTkwMTg5Nw==' 'nonce-YTYyM2VhYWZiZQ==' 'nonce-ZjIwMjdmZTA5Nw==' 'nonce-MzdmMjUwZmM2ZQ==' 'nonce-ODYzMTdiZDlkOA==' 'nonce-ODQ1N2UxYjNlZA==' 'nonce-ODJjYWQ1MWFjZg==' 'nonce-MDEyNzllZWMzNA==' 'unsafe-hashes' 'sha256-Aajrk2aqPW2es8Zhh7RGO98KAFtogitkC5mSBKgzFd0=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://i.ytimg.com https://wp-cl.mobilems.pl https://*.google-analytics.com https://*.analytics.google.com https://ps.w.org https://s.w.org  https://secure.gravatar.com data:; connect-src 'self' https://www.youtube.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; child-src 'self' https://www.youtube-nocookie.com https://open.spotify.com https://embed.podcasts.apple.com https://www.youtube.com https://www.google.com https://platform.twitter.com https://maps.google.com https://innovatorium2023.systemcoffee.pl; form-action 'self'; media-src 'self'; manifest-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.google.com https://innovatorium2023.systemcoffee.pl; 1
frame-ancestors http://cswe-admin.ae-admin.com/ https://cswe-live.ae-admin.com/ http://cms.cswe.org http://www.cswe.org http://cswe.org 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.fruitnet.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.3lift.com *.acuityplatform.com *.adadvisor.net *.addthis.com *.addthisedge.com *.addthisevent.com *.adform.net *.adgrx.com *.admission.net *.admixer.net *.adnxs.com *.adotmob.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.alcmpn.com *.amazon-adsystem.com *.amazonaws.com *.apxlv.com *.arcgis.com *.betweendigital.com *.bfmio.com *.bidr.io *.bidswitch.net *.bluekai.com *.bootstrapcdn.com *.brandcdn.com *.cdc.gov *.choozle.com *.cloudflare.com *.cloudfront.net *.cogocast.net *.company-target.com *.contextweb.com *.crazyegg.com *.crwdcntrl.net *.demdex.net *.docscores.com *.domdex.com *.dotomi.com *.doubleclick.net *.eloqua.com *.emailsrvr.com *.en25.com *.ensighten.com *.entitytag.co.uk *.epichosted.com *.everesttech.net *.exelator.com *.facebook.com *.facebook.net *.fg8dgt.com *.force.com *.fwmrm.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.healthgrades.com *.mercuryhealthcare.com *.imrworldwide.com *.insightexpressai.com *.intentiq.com *.ipredictive.com *.jumptap.com *.krxd.com *.krxd.net *.liadm.com *.libsyn.com *.licdn.com *.lijit.com *.linkedin.com *.linksynergy.com *.mathtag.com *.mdhv.io *.medtouch.com *.ml314.com *.ml314.com *.moatads.com *.mookie1.com *.ngrok.io *.nrchealth.com *.openx.net *.placelocal.com *.prfct.com *.pro-market.net *.pubmatic.com *.quantserve.com *.reson8.com *.rfihub.com *.rkdms.com *.rlcdn.com *.rubiconproject.com *.rundsp.com *.salesforce.com *.scorecardresearch.com *.semasio.net *.sharethis.com *.simpli.fi *.siteimproveanalytics.com *.siteimproveanalytics.io *.sitescout.com *.spotify.com *.spotxchange.com *.stickyadstv.com *.sundaysky.com *.survata.com *.swarminteractive.com *.tapad.com *.thrtle.com *.tidaltv.com *.tinypic.com *.tremorhub.com *.tribalfusion.com *.trueleadid.com *.truoptik.com *.turn.com *.twitter.com *.twimg.com *.undertone.com *.universityhealthsystem.com *.universityhealth.com *.universityhealthsystemsc.dev.local *.viewmedica.com *.vindicosuite.com *.w55c.net *.walmart.com *.xspadvertising.com *.yahoo.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yextpages.net https://addevent.com http://siteimproveanalytics.com https://oxblue.com https://pippio.com https://siteimproveanalytics.com https://thrtle.com https://uhs-portal.com https://universityhealthsystemsc.dev.local https://viewmedica.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://rg-uh-corpcomm-sitecore-pr-288890-cd.azurewebsites.net/ https://rg-uh-corpcomm-sitecore-pr-288890-cm.azurewebsites.net/ ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' dpd2pej3gwwvh.cloudfront.net https://maps.googleapis.com blob: https://auth.bankid.no https://cdn.plaid.com/link/v2/stable/link-initialize.js 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.popinabox.co.uk https://m.popinabox.co.uk https://checkout.popinabox.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-src 'self' *.marketo.com *.spreedly.com *.reviews.io *.site24x7statusiq.com td.doubleclick.net; form-action 'self' *.marketo.com *.spreedly.com *.reviews.io *.site24x7statusiq.com;  1
default-src 'self'; img-src 'self' https: data:; font-src 'self' https:; script-src 'unsafe-inline' https:; object-src 'none'; frame-ancestors https: http://localhost:4200; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; frame-src 'self' https://www.google.com https://kleos2.wolterskluwer.com https://qa2eu.kleosapp.com https://staging.kleosapp.com https://eu.kleosapp.com http://landing.kleos.wolterskluwer.com https://landing-kleos.wolterskluwer.com https://www.wkf.fr http://www.nj.se/kleos http://www.kleossupport.be http://avvocatiliberi.it/kleos http://www.wk-logiciels.fr https://info.wolterskluwer.com https://pagelogin.avvocatiliberi.it https://demologinpage.labonext.com https://comm.lopcloud.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.googletagmanager.com www.congressweb.com https://cdnjs.cloudflare.com/ajax/libs/ *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://code.jquery.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://archaeology.blob.core.windows.net https://images.saa.org https://documents.saa.org data: blob: *.eloqua.com; media-src 'self' data: blob:; frame-src 'self' https://www.google.com/ https://www.congressweb.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com; 1
frame-ancestors 'self'; 1
base-uri 'self';connect-src 'self' cdn-cookieyes.com *.cookieyes.com *.googlesyndication.com *.google-analytics.com www.google.com cdn.linkedin.oribi.io *.doubleclick.net;default-src 'self';form-action 'self';img-src 'self' cdn-cookieyes.com staticblob.insitessquare.com squarenprdblob01.blob.core.windows.net cdn.usefathom.com *.ads.linkedin.com *.googlesyndication.com *.google-analytics.com www.googletagmanager.com data:;media-src 'self';object-src 'none';font-src 'self' fonts.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google.com www.googletagmanager.com cdn.usefathom.com cdn-cookieyes.com snap.licdn.com cdn.linkedin.oribi.io;style-src fonts.googleapis.com 'self' 'unsafe-inline';frame-src www.googletagmanager.com 1
frame-ancestors 'self' vittude.com corporate.vittude.com 1
frame-ancestors 'self' *; script-src https://ajax.googleapis.com/ https://eu.yextstatic.com/ https://www.yext.com/ 'unsafe-inline' https://tileproxy.cloud.mapquest.com/ https://ajax.aspnetcdn.com/ https://cmp.osano.com/ https://www.yextstatic.com/ https://www.googleapis.com/ 'unsafe-eval' 'self' 'report-sample' https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ https://assets.sitescdn.net/ https://apis.google.com/ https://www.google-analytics.com/; report-uri /cspreports/error 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.ae *.recaptcha.net *.hsbc.com.hk:* *.jsdelivr.net bat.bing.com *.amazon-adsystem.com static.ads-twitter.com tpc.googlesyndication.com lo.v.liveperson.net tags.tiqcdn.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com lpcdn.lpsnmedia.net lptag.liveperson.net accdn.lpsnmedia.net cdn.optimizely.com cdn.appdynamics.com www.googletagmanager.com www.isstmena.hsbc.ae ssl.google-analytics.com www.google-analytics.com maps.googleapis.com *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.walkme.com pixel.everesttech.net *.contentsquare.com *.qualtrics.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.adsrvr.org *.hsbc.com.hk:* *.amazonaws.com *.hsbc.com *.onfido.com wss://*.hsbc.com bat.bing.com *.siteintercept.qualtrics.com adservice.google.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.brightcovecdn.com www.facebook.com www.google.com ad.doubleclick.net servicing.hsbc.co.uk maps.googleapis.com www.googletagmanager.com analytics.google.com akamai.tiqcdn.com stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.qualtrics.com *.contentsquare.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net col.eum-appdynamics.com cdn-assets-prod.s3.amazonaws.com *.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com www.googletagmanager.com td.doubleclick.net 8715533.fls.doubleclick.net *.demdex.net *.walkme.com liveperson.com *.qualtrics.com connect.facebook.net; frame-ancestors 'self' www.hsbc.ae; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com; worker-src 'self' blob: *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.ae; upgrade-insecure-requests ; report-uri /csp/report; 1
base-uri 'self'; default-src 'self' *.plyr.io *.clarity.ms *.youtube.com *.capturemedia.io  http://*.hotjar.com:* http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com shop.bls.ch https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://analytics.google.com/ http://*.curator.io https://*.curator.io https://curator-assets.b-cdn.net https://curatorio.s3.amazonaws.com https://static.zdassets.com wss://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com https://*.zendesk.com wss://*.zendesk.com https://bat.bing.com https://www.google.ch https://cfg.moin.ai/ https://api.moin.ai/ wss://bot.moin.ai https://*.maptiler.com https://www.google.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://consentcdn.cookiebot.com/  https://*.google-analytics.com https://*.analytics.google.com https://io.fusedeck.net wss://io.fusedeck.net https://cdn.fusedeck.net cdn.cookielaw.org bls-privacy.my.onetrust.com; font-src 'self' data: *.gstatic.com *.fonts.net https://script.hotjar.com https://*.curator.io https://widget.moin.ai/; form-action 'self' www.facebook.com; frame-ancestors 'self'; child-src 'self' blob: https://www.youtube.com 81.hci-is24.ch www.blsag.ch https://bls-newosletter.mxm.ch api.capturemedia.io https://bid.g.doubleclick.net https://www.facebook.com https://vars.hotjar.com https://loetschberger.ch *.google.com https://partner.sunnycars.ch/ https://bls.hafas.de https://fahrplan.bls.ch https://cdnapisec.kaltura.com *.roundshot.com https://*.cookiebot.com https://*.roundshot.com https://*.fls.doubleclick.net https://oeschinensee.roundsht.co https://webtv.feratel.com/ https://www.webcam-4insiders.com/  https://www.niederhorn.ch/ https://prod-161.westeurope.logic.azure.com/ https://api.wetteronline.de/wetterwidget https://maps.trafimage.ch bls.frontnow.dev https://booking.sunnycars.ch/; img-src 'self' blob: data: *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.clarity.ms *.youtube.com *.ytimg.com analytics-eu.clickdimensions.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.capturemedia.io https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ch *.gstatic.com *.google.com bls.hafas.de https://analytics.google.com/ https://*.curator.io http://*.curator.io static.zdassets.com https://*.cookiebot.com https://bat.bing.com https://www.google.ch https://widget.moin.ai  https://report-uri.com https://io.fusedeck.net wss://io.fusedeck.net https://cdn.fusedeck.net cdn.frontnow.site cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.fonts.net https://*.curator.io https://widget.moin.ai/ https://unpkg.com https://www.google.com/ https://pagead2.googlesyndication.com/ 1
frame-ancestors localhost *.vapesupplies.com *.e-liquids.uk vapemail.uk *.notblowingsmoke.com recaptcha.net google.com gstatic.com www.apsp.biz 1
frame-ancestors *; object-src 'none' 1
frame-ancestors 'self' https://*.agencyanalytics.com https://app.contentful.com 1
default-src 'self' 'unsafe-inline' playsportsnetwork.com www.playsportsnetwork.com youtube.com yt3.ggpht.com io.wp.com www.googletagmanager.com google.com google.co.uk maps.googleapis.com www.google-analytics.com facebook.com use.typekit.net stats.wp.com *.wp.com i2.wp.com i1.wp.com i0.wp.com stats.g.doubleclick.net static.doubleclick.net s0.wp.com s.timg.com pixel.wp.com p.typekit.com p.typekit.net i.ytimg.com googleads g.doubleclick.net fonts.gstatic.com connect.facebook.net cdn.cookielaw.org data: maps.gstatic.com www.youtube.com www.google.co.uk www.facebook.com www.google.com s.ytimg.com fonts.googleapis.com *.onetrust.com optimize.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.twitter.com *.google.co.th *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none';      style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.appleone.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://hello.myfonts.net https://pro.fontawesome.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://www.youtube.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://munchkin.marketo.net https://www.youtube.com https://s.ytimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://code.jquery.com https://cdn.datatables.net https://connect.facebook.net https://ajax.googleapis.com https://www.dropbox.com https://apis.google.com https://unpkg.com https://maps.googleapis.com https://www.googleapis.com https://www.google.com https://www.gstatic.com https://plugins.eventable.com/ *.addthis.com *.addthisedge.com;       img-src 'self' https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com https://cdn.datatables.net https://track.ziprecruiter.com https://www.youtube.com https://maps.gstatic.com https://maps.googleapis.com data: https://add.eventable.com/ https://plugins.eventable.com/;      font-src 'self' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://pro.fontawesome.com https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com;      connect-src 'self' https://815-tmy-864.mktoresp.com https://www.facebook.com https://www.youtube.com https://www.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net;      frame-src 'self' https://appleone.com https://www.sertifi.com/allin1/ https://sandbox.sertifi.net/allin1/ https://wotcintgsvc.maxinc.com https://s7.addthis.com https://www.youtube.com https://Ain1.sharepoint.com https://accounts.google.com/ https://docs.google.com/ https://www.google.com/recaptcha/ https://add.eventable.com/ https://wotc.maximus.com https://wotcdemo.maximus.com;      frame-ancestors 'self'; object-src 'self'; form-action 'self'; base-uri 'none'; media-src 'self' https://www.youtube.com 1
default-src 'self' https: data: blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-be9ae1ea-59d7-464e-af40-bac96707d14c' http: https: ; style-src 'self' 'unsafe-inline' https://*.arcgis.com; connect-src 'self' data: blob: wss: analytics.google.com https://*.arcgis.com https://*.arcgisonline.com https://dc.services.visualstudio.com https://*.doubleclick.net wss://ws.hotjar.com https://*.hotjar.io https://content.hotjar.io https://vc.hotjar.io https://surveystats.hotjar.io; font-src 'self' https://*.arcgis.com https://script.hotjar.com; object-src 'none'; ; frame-src 'self' https://*.google.com https://*.youtube.com *.westernpower.com.au https://*.microsoftcrmportals.com/ https://*.doubleclick.net https://*.apac01.idio.episerver.net/; base-uri 'self' ;  report-uri https://www.westernpower.com.au/api/csp;  report-to csp-endpoint; 1
upgrade-insecure-requests; frame-ancestors 'self' nowsecure.pathfactory.com discover.nowsecure.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.wales; img-src 'self' https: data: blob: https://toot.wales; style-src 'self' https://toot.wales 'nonce-ZGE3+c3hMa/fjQouPIkfcg=='; media-src 'self' https: data: https://toot.wales; frame-src 'self' https:; manifest-src 'self' https://toot.wales; form-action 'self'; child-src 'self' blob: https://toot.wales; worker-src 'self' blob: https://toot.wales; connect-src 'self' data: blob: https://toot.wales https://cdn.masto.host wss://toot.wales; script-src 'self' https://toot.wales 'wasm-unsafe-eval' 1
frame-ancestors *.3ds.com *.solidworks.com *.itvpc.3ds.com *.itvpc.solidworks.com *.draftsight.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; 1
default-src 'self' *.crscube.io *.cubecdms.com *.crscube.cn edisweb.kims.co.kr unpkg.com *.googletagmanager.com *.google-analytics.com cdn.raygun.io/ api.raygun.io 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: wss: data: https://ucarecdn.com:* https://assets.plumecdn.com:* https://v1-api.plume.com:* http://*.ceros.com:* http://*.mktoweb.com:* http://*.quantcount.com:* http://*.quantserve.com:* http://*.wp.com:* http://bat.bing.com:* http://cdn.heapanalytics.com:* http://cdn.mxpnl.com:* http://cdn.segment.com:* http://j.6sc.co:* http://js.hsforms.net:* http://www.google-analytics.com:* http://www.googleadservices.com:* http://www.googletagmanager.com:* http://www.youtube.com:* https://*.6sc.co:* https://*.adnxs.com:* https://*.affirm.com:* https://*.amazon.com:* https://*.auryc.com:* https://*.bing.com:* https://*.ceros.com:* https://*.clarity.ms:* https://*.cloudflareinsights.com:* https://*.cloudfront.net:* https://*.contently.com:* https://*.doubleclick.net:* https://*.impactradius-event.com:* https://cdn.heapanalytics.com:* https://*.heapanalytics.com:* https://*.jsdelivr.net:* https://*.loggly.com:* https://*.mixpanel.com:* https://*.mktoweb.com:* https://*.mutinycdn.com:* https://*.mutinyhq.io:* https://*.netlify.app:* https://*.netlify.com:* https://*.osano.com:* https://cmp.osano.com:* https://*.payments-amazon.com:* https://*.quantserve.com:* https://*.rollbar.com:* https://*.sentry.io:* https://*.stripe.com:* https://*.ucr.io:* https://*.uploadcare.com:* https://uploadcare.s3-accelerate.amazonaws.com:* https://*.wp.com:* https://*.zdassets.com:* https://ads.nextdoor.com:* https://api.segment.io:* https://api.smooch.io:* https://bat.bing.com:* https://cdn.segment.com:* https://connect.facebook.net:* https://flask.nextdoor.com:* https://forms.hsforms.com:* https://heapanalytics.com:* https://hubspot-forms-static-embed.s3.amazonaws.com:* https://js.adsrvr.org:* https://js.hsforms.net:* https://perf.hsforms.com:* https://plume-web-prod.herokuapp.com:* https://px.ads.linkedin.com:* https://q.quora.com:* https://snap.licdn.com:* https://storage.googleapis.com:* https://tribl.io:* https://view.ceros.com:* https://www.google-analytics.com:* https://www.google.com:* https://www.youtube.com:* https://*.ytimg.com:* https://*.gstatic.com:* https://*.plume.com:* https://*.plume-develop.com:* https://*.plume-preprod.com:* https://*.marketo.net:* https://*.mktoresp.com:* https://ws-assets.zoominfo.com:* https://ws.zoominfo.com:* https://plume.my.salesforce.com:* https://plume.my.site.com:* https://d.la1-c2-ia4.salesforceliveagent.com:* https://static.lightning.force.com:* https://cdn.linkedin.oribi.io:* https://plume.file.force.com:*; frame-src *; frame-ancestors 'self' view.ceros.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com webrtc.github.io assets.zendesk.com static.zendesk.com static.zdassets.com c.na50.visual.force.com; report-uri ?OPTION=CSPREPORT 1
default-src 'self' 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src 'self' 'unsafe-inline' https: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-mPKn1rUQ0Fn77eqlBwpoYQ==' yastatic.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru *.maps.yandex.net suggest-maps.yandex.ru www.youtube.com s.ytimg.com; style-src fonts.googleapis.com 'unsafe-inline' yastatic.net mc.yandex.ru blob:; font-src fonts.gstatic.com yastatic.net data:; img-src 'self' data: blob: avatars.yandex.net mc.admetrica.ru mc.yandex.ru mc.yandex.com yastatic.net avatars.mds.yandex.net *.cdn.yandex.net api-maps.yandex.ru *.maps.yandex.net static-maps.yandex.ru yandex.ru *.captcha.yandex.net storage-int.mds.yandex.net tc.mobile.yandex.net www.facebook.com carsharing.s3.yandex.net carsharing-violations.s3.yandex.net linkedin.com *.ads.linkedin.com www.linkedin.com www.google.com www.google.kz www.google.ru www.googleadservices.com googleads.g.doubleclick.net view.adjust.com ya-authproxy.taxi.yandex.com taxi-promotions.s3.yandex.net; frame-src 'self' forms.yandex.ru forms.yandex.com forms.yandex.kz forms.yandex.by forms.yandex.com www.youtube.com www.youtube-nocookie.com download.yandex.ru *.cdn.yandex.net trust.yandex.com; child-src 'self' blob:; connect-src 'self' mc.yandex.ru mc.yandex.com blob: yandex.ru passport.yandex.com *.yandex.net api-maps.yandex.ru trust.yandex.com ya-authproxy.taxi.yandex.com yastatic.net; media-src streaming.video.yandex.ru *.storage.yandex.net *.cdn.yandex.net yastatic.net; frame-ancestors 'self' support-uber.com *.support-uber.com yango.yandex.com http://webvisor.com eda.yandex *.yandex-team.ru yandex.com *.yandex.com *.yandex.com; manifest-src 'self'; report-uri https://csp.yandex.net/csp?from=taxi-uber-frontend&project=taxi-uber-frontend&yandex_login=&yandexuid=; 1
connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://ajax.aspnetcdn.com http://munchkin.marketo.net https://cdn.jsdelivr.net http://cdn.bizible.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://pages.altisource.com https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.skoda-storyboard.com skoda-storyboard.s3.amazonaws.com d37wqhjyfq7840.cloudfront.net *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlevideo.com *.youtube.com *.ytimg.com *.vimeo.com *.doubleclick.net *.gomexlive.com *.hotjar.com *.googleapis.com cdnjs.cloudflare.com www.googletagmanager.com static.hotjar.com *.mailguide.cz *.twitter.com twitter.com *.twimg.com www.instagram.com *.instagram.com *.ads-twitter.com *.cookies.skoda-auto.com chargingcalculator.skoda-auto.com geolocation.onetrust.com sdrive.skoda-auto.com chargemap.skoda-auto.com charging-calculator.skoda-auto.com cross.skoda-auto.com europe-west3-skoda-gtm-sync-server.cloudfunctions.net *.onetrust.com europe-west3-skoda-gtm-sync-server.cloudfunctions.net sdrive.azureedge.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' consentcdn.cookiebot.com cdn.jsdelivr.net cdnjs.cloudflare.com consent.cookiebot.com; connect-src 'self' consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com;base-uri 'self';form-action 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com 1
base-uri 'self';default-src 'self' https://*.crazyegg.com;form-action 'self' https://www.facebook.com;img-src 'self' blob: data: https:;media-src 'self' https://cdn.tenantcloud.net https://tenantcloud.s3.us-west-2.amazonaws.com/;object-src 'none';frame-src https://www.google.com https://www.facebook.com https://accounts.google.com https://*.doubleclick.net https://www.youtube.com https://anchor.fm https://podcasters.spotify.com https://tenantcloud.typeform.com https://form.typeform.com;script-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://google-analytics.com https://*.googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://accounts.google.com https://*.facebook.net https://*.crazyegg.com https://*.purechat.com https://*.purechatcdn.com https://embed.typeform.com https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-qGKfkSMRakkcP.js https://scripts.claspo.io https://app.convertful.com;connect-src 'self' https://cdn.tenantcloud.net https://*.google-analytics.com https://google-analytics.com https://*.googleadservices.com https://*.google.com https://stats.g.doubleclick.net https://*.facebook.com https://*.crazyegg.com https://*.purechat.com https://*.sentry.io https://app.convertful.com https://script.claspo.io;style-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css https://unpkg.com/swiper@8/swiper-bundle.min.css https://embed.typeform.com https://www.googletagmanager.com https://fonts.googleapis.com;font-src data: https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com;child-src blob: 1
media-src 'self'; object-src 'self' 1
default-src 'self'; media-src http://videos.ctfassets.net/ images.sparhandy.de images.deinhandy.de; script-src bat.bing.com/ eu.b2c.com/ http://fonts.gstatic.com/ http://tr.outbrain.com/ http://www.adcell.de https://*.abtasty.com/ https://*.adform.net/ https://ad.doubleclick.net https://aggregator.service.usercentrics.eu/ https://amplify.outbrain.com/ https://analytics.tiktok.com/ https://api.aklamio.com https://api.fraud0.com/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://bt.fraud0.com/api/ https://cdn.parcellab.com/ https://cdn.taboola.com https://connect.facebook.net https://*.criteo.com/ https://*.criteo.net/ https://dev.visualwebsiteoptimizer.com/ https://googleads.g.doubleclick.net/ https://iframe.duverkaufst.de https://jsctool.com https://middleware.sparhandy.de/ https://p.teads.tv/ https://pagead2.googlesyndication.com/ https://script.hotjar.com https://secure.pay1.de https://static.hotjar.com https://t.adcell.com/ https://trc.taboola.com/ https://wave.outbrain.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.dwin1.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'self' 'unsafe-eval' 'unsafe-inline' ws: wss: www.googleadservices.com/pagead/; img-src 'self' data: * editor-assets.abtasty.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ws: * wss: * https://jsctool.com rish.sparhandy.de; font-src https://common-fonts.abtasty.com https://script.hotjar.com https://secure.pay1.de https://themes.googleusercontent.com 'self'; frame-src 'self' ws: * wss: * https://app.usercentrics.eu/ https://cdn.parcellab.com/; frame-ancestors 'self' https://app.contentful.com; object-src 'self'; connect-src *.abtasty.com https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.googletagmanager.com/ 'self' ws: * wss: *; 1
img-src 'self' * blob: data:;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com cdn.jsdelivr.net;default-src 'self' *;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; connect-src *; font-src 'self' *.netdna-ssl.com *.gstatic.com *.wpenginepowered.com data:; frame-src 'self' *.netdna-ssl.com *.paycomonline.net *.newtonsoftware.com *.youtube.com *.hubspot.com *.hsforms.com *.quantros.com *.screencast.com; img-src 'self' data: *.netdna-ssl.com *.googletagmanager.com *.w3.org *.hubspot.com *.wpengine.com *.healthcarebluebook.com *.google-analytics.com *.wistia.com *.wpenginepowered.com *.bilinmedia.net *.hsforms.com; manifest-src 'self'; media-src 'self' *.wistia.com; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.usemessages.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com *.hsleadflows.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsforms.net *.hsforms.com *.wistia.com *.calendly.com *.wpenginepowered.com *.bilinmedia.net; style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.calendly.com *.wpenginepowered.com *.googleapis.com 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.googleapis.com *.artibot.ai *.artibotcdn.com *.adobedtm.com *.adobe.com includestest.ccdc02.com s.ytimg.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com api.razorpay.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://maps.google.com *.addthis.com *.artibot.ai dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.vimeo.com *.sandbox.paypal.com *.paypal.com *.braintreegateway.com *.braintree-api.com *.paypalobjects.com *.googletagmanager.com *.moatads.com *.addthisedge.com googleads.g.doubleclick.net *.landofcoder.com *.artibotcdn.com *.adobedtm.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.razorpay.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.artibot.ai *.artibotcdn.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in *.zohopublic.com *.zoho.com salesio.zoho.in *.zohopublic.in *.bing.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.razorpay.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.addthis.com *.moatads.com *.addthisedge.com https://googleads.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.sandbox.paypal.com *.braintreegateway.com *.braintree-api.com *.artibot.ai *.landofcoder.com *.artibotcdn.com *.googleapis.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.salesio.zoho.in salesio.zoho.in *.zohocdn.com *.zohostatic.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.artibot.ai dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.vimeo.com *.sandbox.paypal.com *.paypal.com *.braintreegateway.com *.braintree-api.com *.paypalobjects.com *.googletagmanager.com *.youtube.com *.addthis.com *.moatads.com *.addthisedge.com googleads.g.doubleclick.net *.landofcoder.com *.artibotcdn.com *.adobedtm.com includestest.ccdc02.com s.ytimg.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.addthis.com *.moatads.com *.addthisedge.com https://googleads.g.doubleclick.net *.cardinalcommerce.com *.sandbox.paypal.com *.braintreegateway.com *.braintree-api.com googleads.g.doubleclick.net *.artibot.ai *.landofcoder.com *.artibotcdn.com *.adobedtm.com *.adobe.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.zoho.in *.salesio.zoho.in salesio.zoho.in *.zohocdn.com *.zohostatic.in *.zohopublic.com *.zoho.com *.zohopublic.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.gdms.cloud; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.mapbox.com js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org *.moatads.com www.youtube.com pghub.io *.bazaarvoice.com *.pricespider.com js.jebbit.com cdn.segment.com *.lytics.io connect.facebook.net cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: cdn.pricespider.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.fls.doubleclick.net feed.pghub.io consumersupport.pg.com www.facebook.com jebbit.dreft.com td.doubleclick.net pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.akamaihd.net *.moatads.com www.google-analytics.com *.bazaarvoice.com *.lytics.io www.facebook.com *.pricespider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.bazaarvoice.com *.google-analytics.com cdn.cookielaw.org *.doubleclick.net *.algolia.net match.adsrvr.org *.segment.com *.segment.io *.jebbit.com *.pricespider.com *.mapbox.com geolocation-db.com adservice.google.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cv.lv https://cv.lv; 1
default-src *.crazyegg.com blob: 'self' https: 'unsafe-inline' 'unsafe-eval' 1
script-src https://*.goyellow.de https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.wipe.de https://*.meinungsmeister.de https://*.ioam.de https://*.consensu.org https://*.consentmanager.net https://*.googlesyndication.com https://*.googleadservices.com https://adservice.google.de 'self' 'unsafe-inline'; frame-ancestors https://*.goyellow.de https://*.gyl2it.de https://*.meinungsmeister.de 'self'; connect-src https://*.goyellow.de https://*.googlesyndication.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.ioam.de https://*.meinungsmeister.de https://*.consensu.org https://*.consentmanager.net 'self'; img-src https://*.google.de https://*.google-analytics.com https://*.google.com https://*.wipe.de https://*.consensu.org https://*.consentmanager.net https://*.meinungsmeister.de https://*.googlesyndication.com https://*.golocal.de https://*.meinungsmeister.de 'self'; style-src https://*.consensu.org https://*.consentmanager.net https://*.meinungsmeister.de 'unsafe-inline' 'self'; font-src https://*.meinungsmeister.de 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; frame-ancestors 'self' *.ambank.com.my; 1
frame-ancestors jddonline.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; object-src 'none'; 1
default-src 'self' http://localhost/ http://localhost:* https://localhost:* http://localhost:4200 *.hollandbakery.co.id *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.chimpstatic.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.tawk.to *.amazonaws.com ; script-src 'self' *.hollandbakery.co.id *.google.com *.gstatic.com *.googleapis.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.google-analytics.com *.tawk.to *.datatables.net *.jquery.com *.jsdelivr.net *.bootstrapcdn.com *.googletagmanager.com *.cloudflare.com *.tawk.to *.chimpstatic.com *.facebook.net data: https://hollandbakery.co.id 'unsafe-inline' 'unsafe-eval' ; style-src  data: https://hollandbakery.co.id 'unsafe-inline' 'unsafe-eval' *.datatables.net *.cloudflare.com *.gstatic.com *.hollandbakery.co.id *.googleapis.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.bootstrapcdn.com *.tawk.to *.jsdelivr.net ; font-src 'self' *.hollandbakery.co.id *.gstatic.com *.tawk.to *.bootstrapcdn.com *.chimpstatic.com *.facebook.com *.amazonaws.com ; img-src 'self' *.cloudinary.com *.cloudfront.net http://localhost/ http://localhost:4200 http://localhost:* https://localhost:* *.hollandbakery.co.id *.graph.facebook.com *.googletagmanager.com *.google.com *.gstatic.com *.link *.googleusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.amazonaws.com *.g.doubleclick.net https://stats.g.doubleclick.net/j http://s3.amazonaws.com/37assets/svn/765-default-avatar.png *.tokopedia.net data: maps.gstatic.com *.ggpht *.g.doubleclick.net https://stats.g.doubleclick.net/j *.tawk.to *.jsdelivr.net; worker-src 'self' *.hollandbakery.co.id ; media-src 'self' http://localhost:4200 http://localhost/ http://localhost:* https://localhost:* *.hollandbakery.co.id *.google-analytics.com *.g.doubleclick.net; manifest-src 'self' *.hollandbakery.co.id *.google-analytics.com *.g.doubleclick.net https://stats.g.doubleclick.net/j; frame-src 'self' *.hollandbakery.co.id *.google.com *.facebook.net *.facebook.com *.youtube.com; connect-src 'self' *.hbes.co.id:* *.google-analytics.com *.googleapis.com *.hollandbakery.co.id *.embed.tawk.to *.tawk.to *.to wss: https://vsb36.tawk.to/* *.g.doubleclick.net; base-uri 'self' *.hollandbakery.co.id ; object-src 'none'; report-uri https://www.hollandbakery.co.id; 1
default-src 'self';style-src 'self' 'nonce-MDIuMjgxOCMhMDEyMyAzMuKCrDI2';script-src 'self' 'nonce-MDIuMjgxOCMhMDEyMyAzMuKCrDI2' 'sha256-+MMnV71yMCjTyI7EM5tX0cyo5Eee7C20ECssES0Igjc=' 'sha256-3LKhIej4e9q6E1aE2rJJUmYCVSpST0KSuPvWU/02ARg=' 'sha256-4URc27M3VCaVxeE8VJ//hRAf/ZghgsxXn3mqDVj6Z/Q=' 'sha256-gT8tfv/jAOqd3PPjqhBLpTaOGjElvzgRmc8z0jIGcI0=' 'sha256-w3fIZ90TmhzyBjQOYuVue16FVWEyFnX0o+a6VRlW6kw=' 'sha256-YnlvgfTV+2uktXlKDNsm4wnYmBHLopw05nQNoEsoOrc=' 'sha256-UDGoMN+r63VOf11uBuuUVlXVDKQqqAR14UJmuiNKWPs=' dl.episerver.net ajax.cloudflare.com static.dloudflareinsights.com cdn.vizzit.se tag.vizzit.se;connect-src 'self' www.vizzit.se;img-src 'self';frame-src 'self' www.youtube.com;report-uri /api/ContentSecurityPolicyReportViolation/Add 1
script-src 'self' 'nonce-b4754558b0d64a44a86d1ea808221e7d' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com; img-src 'self' blob: data: www2.silkhorseclub.jp null www.google-analytics.com ssl.google-analytics.com img.youtube.com i.ytimg.com *.prod.boltdns.net; connect-src 'self' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com; 1
frame-ancestors 'self' https://www.tiendasmass.com.pe https://tiendasmass.com.pe; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.casinos.at *.lotterien.at *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.google.at *.googletagmanager.com *.gstatic.com *.usercentrics.eu *.econda-monitor.de *.quandoo.at *.vimeo.com *.youtube.com track.adform.net s2.adform.net *.friendlycaptcha.com *.friendlycaptcha.eu; 1
child-src diem25.org mera25.de mera25.it mera25.se *.wp.com *.vimeo.com *.list-manage.com *.mailchimp.com app.getchunky.io *.ytimg.com *.diem25.org *.youtube.com *.youtube-nocookie.com *.stripe.com *.paypal.com *.soundcloud.com *.podbean.com *.twitter.com *.addtoany.com *.yanisvaroufakis.eu *.stoppt-die-schuldenbremse.jetzt 1
frame-ancestors 'self' *.lifetime.life 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.platform.uc.se *.allabolag.se allabolag.se *.episerver.net *.myfonts.net gtm.uc.se *.googletagmanager.com *.hotjar.com *.facebook.net *.google-analytics.com *.apsislead.com sjs.bizographics.com *.linkedin.com *.jobylon.com *.youtube.com *.prospecteye.com *.ytimg.com *.bing.com *.learning.nu cdn-sitegainer.com sitegainer.com *.klarnacdn.net *.ip-api.com polyfill.io *.klarna.com cdnjs.cloudflare.com snap.licdn.com *.albacross.com *.adform.net *.gstatic.com *.cookieinformation.com *.inzynk.io *.taggbox.com marketing.uc.se *.code.jquery.com; frame-ancestors *.allabolag.se *.app-at-allabolag.platform.uc.se *.uc.se *.apps.ocp01.softronic.se http://test.allabolag.se http://allabolag.test 1
default-src 'self' *.stripe.com spleis.freetls.fastly.net;script-src 'self' 'nonce-a82264e0-be0c-431c-90cb-49ff928c666e' js.stripe.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://connect.facebook.net/en_US/fbevents.js https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-3.min.js connect.facebook.net https://graph.facebook.com app.intercom.io widget.intercom.io *.intercomcdn.com cdn.amplitude.com blob: https://*.googletagmanager.com https://static.nrk.no spleis.freetls.fastly.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com spleis.freetls.fastly.net;font-src 'self' fonts.gstatic.com data: js.intercomcdn.com https://fonts.intercomcdn.com maxcdn.bootstrapcdn.com spleis.freetls.fastly.net;img-src 'self' data: blob: *.fbcdn.net *.fbsbx.com *.stripe.com *.gstatic.com *.facebook.com images.ctfassets.net notify.bugsnag.com spleisprod.s3.amazonaws.com innhold.spleis.no *.intercomcdn.com *.intercomassets.com https://downloads.intercomcdn.eu https://uploads.intercomusercontent.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu *.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com spleis.freetls.fastly.net;connect-src 'self' wss://*.spleis.no github.com checkout.stripe.com *.signicat.com api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io *.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com notify.bugsnag.com https://data.brreg.no https://sessions.bugsnag.com api.amplitude.com https://graph.facebook.com/v2.3/me www.facebook.com data.heroku.com https://dataclips-v2.s3.amazonaws.com/dataclips https://api.sjpf.io/ https://eu.api.fpjs.io/ https://fingerprint-worker-production.spleis.workers.dev *.fpapi.io https://data-nsr.udir.no/v3/enheter/sok https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://openfpcdn.io spleis.freetls.fastly.net;object-src 'none';frame-src 'self' js.stripe.com share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://fast.wistia.net www.youtube.com youtube.com player.twitch.tv twitch.tv player.vimeo.com https://www.google.com www.facebook.com s-static.ak.facebook.com static.ak.facebook.com staticxx.facebook.com connect.facebook.net m.facebook.com https://static.nrk.no;form-action 'self' https://api.vipps.no;frame-ancestors 'self' www.facebook.com;media-src 'self' *.intercomcdn.com videos.ctfassets.net blob:;base-uri 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net www.google.com code.jquery.com www.googleapis.com maps.googleapis.com www.gstatic.com maps.gstatic.com www.google.com maps.google.com www.googleadservices.com googleads.g.doubleclick.net www.youtube.com www.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com www.twimg.com platform.linkedin.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ js.hs-scripts.com js.hs-analytics.net www.en25.com cdn.ampproject.org cdn.cookielaw.org www.googletagmanager.com polyfill.io browser-update.org www.addthis.com snap.licdn.com sc-static.net analytics.tiktok.com static.ads-twitter.com analytics.twitter.com myaccount.esbecars.com http://10.80.46.60:15871 cdnjs.cloudflare.com tr.snapchat.com; style-src 'self' 'unsafe-inline' www.googleapis.com www.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ www.twimg.com hello.myfonts.net www.google.com myaccount.esbecars.com fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie myaccount.esbecars.com fonts.googleapis.com; img-src 'self' www.gstatic.com www.googleapis.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com web.facebook.com www.facebook.com www.redditstatic.com *.ads.linkedin.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ www.twimg.com tr.snapchat.com ad.doubleclick.net data: blob: www.eloqua.com track.hubspot.com cdn.cookielaw.org img.youtube.com cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie www.google.com i.ytimg.com t.co www.esbstaffservices.com analytics.twitter.com www.google.ie myaccount.esbecars.com *.ggpht.com https://10.80.46.60:15871 maps.gstatic.com maps.google.com maps.googleapis.com; media-src 'self' data: blob: cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie; frame-src 'self' www.addthis.com www.soundcloud.com www.google.com www.youtube.com youtu.be player.vimeo.com www.doubleclick.net td.doubleclick.net tr.snapchat.com *.fls.doubleclick.net http://10.80.46.60:15871 https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com pay.elavonpaymentgateway.com; connect-src 'self' blob: accounts.google.com www.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com privacyportal-eu.onetrust.com soundcloud.com stats.g.doubleclick.net www.addthis.com maps.googleapis.com tr.snapchat.com www.onetrust.com analytics.tiktok.com myaccount.esbecars.com wss://myaccount.esbecars.com http://10.80.46.60:15871 privacyportal-de.onetrust.com dc.services.visualstudio.com cdn.linkedin.oribi.io; 1
frame-ancestors https://www.entrio.si https://www.entrio.hr www.entrio.com; 1
frame-ancestors https://*.paxum.com 1
default-src 'self' *.twitter.com wss://*.iesnare.com https://*.iesnare.com https://c868f50ba0a44ab1a49811d2861c57f7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com/ data: https://www.google.com *.youtube.com *.youtube-nocookie.com; img-src 'self' *.twimg.com https://cifas.matomo.cloud/ *.twitter.com https://assets-gbr.mkt.dynamics.com/ https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com data: *.cifas.org.uk *.google-analytics.com; frame-ancestors 'self' *.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com *.google-analytics.com https://mpsnare.iesnare.com https://cdn.matomo.cloud/cifas.matomo.cloud/ https://www.youtube.com https://mktdplp102cdn.azureedge.net/ blob: 'unsafe-eval' https://www.google.com http://www.google-analytics.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://www.googletagmanager.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.io; img-src 'self' https: data: blob: https://toot.io; style-src 'self' https://toot.io 'nonce-dN1jFkt2iJyNQ1yj0qhhyw=='; media-src 'self' https: data: https://toot.io; frame-src 'self' https:; manifest-src 'self' https://toot.io; form-action 'self'; child-src 'self' blob: https://toot.io; worker-src 'self' blob: https://toot.io; connect-src 'self' data: blob: https://toot.io https://s3.toot.io wss://toot.io; script-src 'self' https://toot.io 'wasm-unsafe-eval' 1
default-src 'self'; worker-src 'self' *.comgas.com.br https://script.crazyegg.com blob:; object-src 'none'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com/recaptcha/releases/0hCdE87LyjzAkFO5Ff-v7Hj1/recaptcha__pt_br.js cdn.equalweb.com access.equalweb.com *.smooch.io *.go-mpulse.net *.pmweb.com.br viacep.com.br *.umbraco.com unpkg.com *.onetrust.com ajax.googleapis.com cdn.cookielaw.org geolocation.onetrust.com *.equalweb.com cdn.jsdelivr.net cdn.statically.io snap.licdn.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com connect.facebook.net px.ads.linkedin.com facebook.com developers.facebook.com www.google.com googleads.g.doubleclick.net ajax.aspnetcdn.com *.hotjar.com *.clarity.ms *.jotform.com *.jotfor.ms cdnjs.cloudflare.com *.handtalk.me img03.en25.com *.licdn.com *.crazyegg.com https://www.gstatic.com; script-src-elem 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com/recaptcha/releases/0hCdE87LyjzAkFO5Ff-v7Hj1/recaptcha__pt_br.js cdn.equalweb.com access.equalweb.com *.smooch.io *.go-mpulse.net *.pmweb.com.br viacep.com.br *.umbraco.com unpkg.com *.onetrust.com ajax.googleapis.com cdn.cookielaw.org geolocation.onetrust.com *.equalweb.com cdn.jsdelivr.net cdn.statically.io snap.licdn.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com connect.facebook.net px.ads.linkedin.com facebook.com developers.facebook.com www.google.com googleads.g.doubleclick.net ajax.aspnetcdn.com *.hotjar.com *.clarity.ms *.jotform.com *.jotfor.ms cdnjs.cloudflare.com *.handtalk.me img03.en25.com *.licdn.com *.crazyegg.com https://www.gstatic.com; style-src 'report-sample' 'unsafe-inline' 'self' *.umbraco.com *.smooch.io unpkg.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.equalweb.com cdn.jsdelivr.net *.hotjar.com *.jotfor.ms cdn.cookielaw.org geolocation.onetrust.com *.handtalk.me *.onetrust.com *.crazyegg.com *.gstatic.com; connect-src 'self' https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io wss://ws.hotjar.com *.pmweb.com.br *.go-mpulse.net *.onetrust.com api.smooch.io *.smooch.io *.google-analytics.com *.google.com *.analytics.google.com analytics.google.com *.googletagmanager.com webservices.minhati.com.br cdn.cookielaw.org geolocation.onetrust.com *.equalweb.com *.hotjar.com *.clarity.ms *.jotform.com *.jotfor.ms *.handtalk.me stats.g.doubleclick.net *.licdn.com *.crazyegg.com *.gstatic.com https://17de4c1a.akstat.io https://17de4c1e.akstat.io *.akstat.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net; font-src 'self' *.umbraco.com *.onetrust.com *.smooch.io fonts.gstatic.com cdn.jsdelivr.net *.hotjar.com *.jotfor.ms *.handtalk.me *.crazyegg.com *.gstatic.com; frame-src 'self' *.umbraco.com *.comgas.com.br www.google.com *.hotjar.com *.jotform.com *.youtube.com *.youtube-nocookie.com *.jotform.io *.handtalk.me *.crazyegg.com *.gstatic.com https://access.equalweb.com; img-src 'self' data: blob: *.umbraco.com *.smooch.io *.jsdelivr.net *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com px.ads.linkedin.com *.facebook.com googleads.g.doubleclick.net www.google.com *.hotjar.com c.bing.com c.clarity.ms *.jotform.com *.jotfor.ms cdn.cookielaw.org geolocation.onetrust.com *.equalweb.com *.handtalk.me *.eloqua.com *.umbraco.com *.crazyegg.com *.gstatic.com; media-src 'self' *.smooch.io *.crazyegg.com *.gstatic.com https://*.smooch.io https://*.crazyegg.com 1
frame-src 'self' *.ph-freiburg.de www.thinglink.com www.bookcreator.com learningapps.org www.youtube-nocookie.com videoportal.vm.uni-freiburg.de; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://*.razorpay.com https://*.akasaair.com/  https://*.youtube.com https://*.webengage.co https://*.webengage.com https://*.numr.app https://*.rakuten.com; frame-ancestors 'self' https://*.storyblok.com https://*.rakuten.com; base-uri 'none'; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://webstatistics.apps.cssf.lu/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://webstatistics.apps.cssf.lu/ https://*.tile.openstreetmap.org data: ; style-src 'self' 'unsafe-inline'; frame-src https://player.vimeo.com/ https://www.google.com/recaptcha/ https://*.soundcloud.com; connect-src 'self' https://webstatistics.apps.cssf.lu/; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self'; font-src 'self' https://cdn.cookielaw.org https://fonts.gstatic.com https://fonts.googleapis.com https://yoast.com https://www.google.com https://www.google.es www.google-analytics.com *.doubleclick.net data:; img-src 'self' https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://optanon.blob.core.windows.net https://www.googletagmanager.com https://pixel.mathtag.com *.doubleclick.net *.gstatic.com https://code.jquery.com data:; script-src 'self' *.opendns.com https://cdn.cookielaw.org https://www.google.com https://www.google.es https://www.gstatic.com https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://optanon.blob.core.windows.net https://pixel.mathtag.com *.doubleclick.net *.onetrust.com https://code.jquery.com https://tagmanager.google.com https://cdn.cookielaw.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://contribucion-hq-portal-corp-dev.apps.scq01.scq.dev.cn2.paas.cloudcenter.corp https://cdn.cookielaw.org https://fonts.googleapis.com https://code.jquery.com https://yoast.com https://optanon.blob.core.windows.net https://www.google.com https://www.google-analytics.com https://tagmanager.google.com https://static.addtoany.com 'unsafe-inline'; connect-src 'self' *.opendns.com https://www.google-analytics.com https://geolocation.onetrust.com https://yoast.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net ; child-src 'self' https://youtu.be https://cdn.cookielaw.org https://www.google.com https://www.google.es/ https://www.youtube.com https://www.youtube-nocookie.com https://static.addtoany.com *.doubleclick.net 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.buymusic.club wss://ws.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors https://zebrix.abconcerts.be https://*.zebrix.net; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com 'nonce-qyKYso/7epsMEeyCmm041A=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1
default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data: *.s3.amazonaws.com *.gravatar.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.pardot.com info.lissongallery.com unpkg.com *.shopifycdn.com player.vimeo.com *.cloudflare.com *.googletagmanager.com cdn.rollbar.com; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.youtube.com *.vimeo.com *.acast.com *.listennotes.com *.youtube-nocookie.com *.podbean.com *.soundcloud.com *.mixcloud.com *.wnyc.org *.galleriesnow.net *.spotify.com *.nowness.com *.cbsnews.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dspim.com *.dspuat.com kirby.ebiz.in.dspim.com *.cloudflare.com *.lemnisk.co *.cloudflareinsights.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.ads-twitter.com *.licdn.com *.yimg.com *.facebook.net *.doubleclick.net *.mgid.com *.clarity.ms d2r1yp2w7bby2u.cloudfront.net in1.clevertap-prod.com; frame-ancestors 'self'; 1
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; frame-src 'self' a15928870500.cdn.optimizely.com d168ry9k9aor0i.cloudfront.net *.stripe.com *.sagepay.com *.bws.birst.com *.facebook.com *.pendo.io *.quicksight.aws.amazon.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://storage.googleapis.com https://api.xrpscan.com; img-src 'self' data: 'report-sample' https://www.gstatic.com https://www.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; object-src 'none'; worker-src 'self'; connect-src 'self' https://api.xrpscan.com wss://api.xrpscan.com https://ws.xrpscan.com wss://ws.xrpscan.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://report-uri.xrpscan.workers.dev/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'nonce-YTQ0NGY4MmQ5ZWEwZDM3OTYwMTliZDNjN2Q1YzVjZjc=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self' 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=iregiony&d=2024-01-23 1
object-src 'none'; base-uri 'self'; script-src 'self' 'wasm-unsafe-eval' https://appleid.cdn-apple.com https://stats.g.doubleclick.net https://platform.twitter.com https://js.braintreegateway.com https://js.live.net https://www.dropbox.com https://app.box.com https://apis.google.com https://www.youtube.com https://www.paypalobjects.com https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://gitcdn.github.io https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.4/Chart.js https://cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.3/toastr.min.js https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://code.createjs.com https://accounts.google.com/gsi/client https://code.jquery.com/jquery-3.6.3.min.js 1
default-src *;img-src https: data:;font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com https://dash.sparkloop.app/styles/ 'unsafe-inline';script-src 'strict-dynamic' 'nonce-qTvQjRxW5HAEeqClHQPEDbIqvAk=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' *.jjkeller.com *.gstatic.com *.mypurecloud.com; script-src 'self' tagmanager.google.com www.googletagmanager.com www.google-analytics.com learn.vubiz.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval' *.mypureconnect.com *.mypurecloud.com *.pureconnect.com *.jjkeller.com *.cloudfront.net *.us.cscp.hosted-inin.com cloud.scorm.com; frame-src 'self' *; style-src 'self' cdnjs.cloudflare.com tagmanager.google.com learn.vubiz.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' cdnjs.cloudflare.com *.gstatic.com data:; img-src 'self' jjk-tod-dev.s3.us-east-2.amazonaws.com jjk-tod-qas.s3.us-east-2.amazonaws.com jjk-tod-prod.s3.us-east-2.amazonaws.com jjk-training-mc.s3.us-east-2.amazonaws.com jjk-training-mc-qas.s3.us-east-2.amazonaws.com jjk-training-mc-prod.s3.us-east-2.amazonaws.com student-center-dev.s3.us-east-2.amazonaws.com student-center-prod.s3.us-east-2.amazonaws.com *.gstatic.com www.googletagmanager.com www.google-analytics.com data: www.jjkellertraining.com *.us.cscp.hosted-inin.com *.jjkeller.com; media-src 'self' data:; connect-src 'self' wss: cloud.scorm.com www.google-analytics.com metrics.articulate.com elearning.heart.org *.mypurecloud.com *.us.cscp.hosted-inin.com *.jjkeller.com 1
child-src *.paypal.com assets.braintreegateway.com c.paypal.com; connect-src *.acsbapp.com *.algolia.net *.algolianet.com *.calranch.com *.dynamicyield.com *.flipp.com *.flippback.com *.flippenterprise.net *.g.doubleclick.net *.googleapis.com *.hotjar.com *.hotjar.io *.kaptcha.com *.livechatinc.com *.livesession.io *.nr-data.net acsbapp.com analytics.google.com pagead2.googlesyndication.com script.crazyegg.com wss: www.facebook.com www.google-analytics.com bl.listrakbi.com *.listrakbi.com gstatic.com google.com api.convergepay.com api.demo.convergepay.com *.authorize.net *.algolia.com *.insights.algolia.io *.aptrinsic.com *.braintree-api.com *.cardinalcommerce.com *.facebook.com *.google.com *.paypal.com amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net dpm.demdex.net facebook.com vimeo.com www.apptrian.com www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; font-src 'self' *.acsbapp.com *.calranch.com *.dynamicyield.com *.fontawesome.com *.hotjar.com acsbapp.com cdn.livechatinc.com data: fonts.gstatic.com mediacdn.espssl.com; frame-src *.adobe.com *.calranch.com *.cardinalcommerce.com *.doubleclick.net *.facebook.com *.fls.doubleclick.net *.hotjar.com *.jotform.com *.kaptcha.com *.livechatinc.com *.paypal.com *.youtube-nocookie.com *.youtube.com api.convergepay.com api.demo.convergepay.com assets.braintreegateway.com bid.g.doubleclick.net c.paypal.com cdn.lightwidget.com checkout.paypal.com connect.facebook.net facebook.com fast.amc.demdex.net google.com gstatic.com https://www.google.com/recaptcha/ m24staging.calranch.com pay.google.com player.vimeo.com t.lt02.net www.apptrian.com www.google.com www.googletagmanager.com www.gstatic.com www.paypal.com www.sandbox.paypal.com; form-action *.calranch.com submit.jotform.com *.cardinalcommerce.com *.monzo.com *.arcot.com *.paypal.com *.touchtechpayments.com *.wirecard.com *.wlp-acs.com 3ds-secure.cardcomplete.com acs.sia.eu connect.facebook.net facebook.com graph.facebook.com pay.activa-card.com rsa3dsauth.com www.apptrian.com www.clicksafe.lloydstsb.com www.facebook.com www.sandbox.paypal.com www.securesuite.co.uk; img-src 'self' *.acsbapp.com *.azureedge.net *.calranch.com *.dynamicyield.com *.flippenterprise.net *.g.doubleclick.net *.google.co.in *.googleapis.com *.gstatic.com *.hotjar.com *.jotfor.ms *.jotform.com *.listrakbi.com *.mxptint.net *.quantserve.com *.rlcdn.com *.windows.net *.wishabi.com *.wishabi.net acsbapp.com analytics.google.com data: dpm.demdex.net mpp.mxptint.net ups.analytics.yahoo.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.paypalobjects.com mediacdn.espssl.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adobe.com *.aptrinsic.com *.behance.net *.facebook.com *.ftcdn.net *.paypal.com aa.agkn.com amasty.com amcglobal.sc.omtrdc.net assets.adobedtm.com assets.braintreegateway.com b.stats.paypal.com bid.g.doubleclick.net c.paypal.com checkout.paypal.com cm.everesttech.net connect.facebook.net dub.stats.paypal.com fpdbs.sandbox.paypal.com googleads.g.doubleclick.net https://redchamps.com redchamps.com sealserver.trustwave.com stags.bluekai.com store.paradoxlabs.com t.paypal.com us-u.openx.net validator.swagger.io www.apptrian.com www.googleadservices.com www.paypal.com www.sandbox.paypal.com *.doubleclick.net; media-src *.adobe.com *.calranch.com *.magento.com devdocs.magento.com https://devdocs.magento.com https://magento.com magento.com www.apptrian.com; object-src *.magento.com http://magento.com https://devdocs.magento.com magento.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.acsbapp.com *.azureedge.net *.azurewebsites.net *.calranch.com *.cloudflare.com *.dynamicyield.com *.flippenterprise.net *.googleapis.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotform.us *.kaptcha.com *.lightwidget.com *.listrakbi.com *.livechatinc.com *.livesession.io *.newrelic.com *.nr-data.net *.quantserve.com *.wheelio-app.com acsbapp.com blob: cdn.avmws.com cdn.dynamicyield.com cdn.lightwidget.com cdn.listrakbi.com connect.facebook.net googleads.g.doubleclick.net polyfill.io rules.quantcount.com script.crazyegg.com sec.webeyez.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com devdocs.magento.com api.demo.convergepay.com api.convergepay.com google.com gstatic.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.authorize.net *.adobe.com *.aptrinsic.com *.cardinalcommerce.com *.paypal.com analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com assets.adobedtm.com assets.braintreegateway.com c.paypal.com cdn-scripts.signifyd.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com facebook.com graph.facebook.com https://devdocs.magento.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js.braintreegateway.com pay.google.com sealserver.trustwave.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com www.apptrian.com www.facebook.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; style-src 'unsafe-inline' *.calranch.com *.dynamicyield.com *.flippenterprise.net *.googleapis.com *.jotfor.ms *.listrakbi.com fonts.googleapis.com *.adobe.com *.aptrinsic.com *.fontawesome.com assets.braintreegateway.com; report-uri /.webscale/csp-report 1
default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://widget.trustpilot.com https://cdn.mouseflow.com https://bat.bing.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src  'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.techem.com *.youtube.com *.yextpages.net *.marketo.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com https://widget.trustpilot.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://o2.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de; media-src 'self' https://static.widget.trengo.eu https://s7g10.scene7.com blob:; frame-ancestors 'self' https://www.rooom.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-82acd8dfb3093a82678e679a16e1ae2f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://lib-us-2.brilliantcollector.com https://lib-us-3.brilliantcollector.com https://*.harryrosen.com https://*.monetate.net https://*.doubleclick.net https://*.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.google.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://*.newrelic.com https://*.coremetrics.com https://www.facebook.com https://collector.tealeaf.ibmcloud.com https://h.online-metrix.net/fp/tags.js https://static.zdassets.com https://*.adform.net https://*.taboola.com https://analytics.tiktok.com https://sf19-scmcdn-va.ibytedtos.com https://ash-telemetry.production.bot-brain.com https://*.bing.com https://*.criteo.net https://*.criteo.com https://*.pinimg.com https://sc-static.net https://*.xtlo.net https://api.cloudsponge.com https://cdn.syteapi.com https://*.mczbf.com https://*.qualtrics.com https://*.quantserve.com https://*.quantcount.com https://*.dynamicyield.com https://*.adroll.com https://*.licdn.com https://*.linkedin.com https://*.twitter.com https://*.ads-twitter.com https://*.klarnaservices.com https://*.paypal.com https://*.paypalobjects.com https://*.adsrvr.org https://h7mmhw2x4a.execute-api.eu-west-1.amazonaws.com https://*.personifyxpassets.com https://d38xvr37kwwhcm.cloudfront.net https://*.opentok.com https://*.solarwinds.cloud https://*.stackadapt.com https://cdn.segment.com wss://*.noibu.com https://*.noibu.com https://*.netomi.com https://js.narvar.com https://js-st01.narvar.qa https://*.clarity.ms; frame-ancestors https://*.harryrosen.com https://*.amplience.net; 1
default-src 'self' data:  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.kixify.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bing.com *.googletagmanager.com *.gstatic.com *.statcounter.com *.kicksonfire.com *.mxpnl.com *.cloudflare.com *.doubleclick.net *.cdn-apple.com *.apple.com *.twitter.com *.aftership.com *.googleapis.com *.zdassets.com *.zendesk.com *.zopim.com; media-src 'none'; object-src 'none'; upgrade-insecure-requests 1
connect-src 'self' wss://*.hotjar.com api.privy.com https://*.linkedin.com https://*.google.co.uk https://*.silktide.com https://*.oribi.io https://*.twitter.com https://api.privy.com https://events.privy.com https://*.addthis.com https://l.sharethis.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://tri.privy.com https://www.google-analytics.com https://*.doubleclick.net https://*.callhandling.co.uk https://www.moneyadviceservice.org.uk https://ndcs.ebm.ai https://region1.google-analytics.com https://*.analytics.google.com https://r1.trackedweb.net; img-src 'self' data: https://*.linkedin.com https://*.twitter.com https://t.co https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://www.google.com https://privymktg.com https://www.google.co.uk https://www.google.by https://ic.tynt.com https://google-analytics.com http://www.gravatar.com https://*.hotjar.com https://d.adroll.com https://www.googletagmanager.com https://pixel.advertising.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://sync.outbrain.com https://simage2.pubmatic.com https://x.bidswitch.net https://eb2.3lift.com https://ads.yahoo.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://img.youtube.com https://ssl.gstatic.com https://www.gstatic.com https://platform.twitter.com https://www.instagram.com https://*.twitter.com https://pbs.twimg.com https://ton.twimg.com https://abs.twimg.com https://l.sharethis.com https://www.moneyadviceservice.org.uk https://i.vimeocdn.com https://*.google.com https://*.siteimproveanalytics.io https://ndcs.ebm.ai https://new-smart-feed.vacancy-filler.co.uk; style-src 'self' 'unsafe-inline' www.google-analytics.com https://www.google-analytics.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://hello.myfonts.net https://assets.privy.com https://tagmanager.google.com https://platform.twitter.com https://ton.twimg.com https://www.moneyadviceservice.org.uk https://optimize.google.com https://ndcs.ebm.ai https://new-smart-feed.vacancy-filler.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.trackedlink.net https://*.silktide.com https://*.twitter.com http://*.ads-twitter.com https://ajax.googleapis.com https://www.googletagmanager.com https://*.addthis.com https://www.google-analytics.com https://*.hotjar.com https://s.adroll.com https://*.facebook.net https://*.privy.com https://*.sharethis.com https://cdn.tynt.com https://de.tynt.com https://d.adroll.com https://secure.callhandling.co.uk https://*.google.com https://www.gstatic.com  https://www.instagram.com https://cdn.syndication.twimg.com https://ton.twimg.com https://z.moatads.com https://www.moneyadviceservice.org.uk https://siteimproveanalytics.com https://snap.licdn.com https://ndcs.ebm.ai https://www.youtube.com https://new-smart-feed.vacancy-filler.co.uk https://sf.vacancy-filler.co.uk https://challenges.cloudflare.com https://static.trackedweb.net; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://*.hotjar.com https://www.moneyadviceservice.org.uk https://new-smart-feed.vacancy-filler.co.uk; frame-src 'self' https://issuu.com https://e.issuu.com www.youtube.com https://www.youtube.com https://player.vimeo.com https://*.addthis.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://www.google.com https://youtube.com https://connect.facebook.net https://www.facebook.com https://www.vectary.com https://platform.twitter.com https://www.instagram.com https://cdn.syndication.twimg.com https://ton.twimg.com https://syndication.twitter.com https://twitter.com https://www.moneyadviceservice.org.uk https://partner-tools.moneyadviceservice.org.uk https://optimize.google.com https://datawrapper.dwcdn.net https://challenges.cloudflare.com; form-action 'self' secure-test.worldpay.com https://secure-test.worldpay.com https://connect.facebook.net https://www.facebook.com https://syndication.twitter.com https://www.moneyadviceservice.org.uk 1
worker-src blob:; font-src *.fontawesome.com *.gstatic.com 'self' data: *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hsforms.com *.hubspot.com *.amazonaws.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.prooftag.com *.google.com *.googletagmanager.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com *.amazonaws.com www.xtento.com forms.hsforms.com *.doubleclick.net ct.pinterest.com www.theoceanrace.com vars.hotjar.com theoceanrace.geovoile.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.cloudfront.net *.google-analytics.com *.hubspot.com *.hubspot.net *.hsforms.com blob: www.xtento.com cdn.xtento.com media.ulysse-nardin.com eu3-cdn.inside-graph.com www.google.ch *.facebook.com ct.pinterest.com *.ads.linkedin.com bat.bing.com www.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.cookielaw.org *.jsdelivr.net *.hotjar.com *.newrelic.com *.inside-graph.com *.google-analytics.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hubspot.net *.hubapi.com www.xtento.com cdn.xtento.com bat.bing.com snap.licdn.com connect.facebook.net s.pinimg.com cdnjs.cloudflare.com service.force.com tfour.my.salesforce.com *.salesforceliveagent.com static.lightning.force.com tfour.my.site.com 125268c633e8.eu-west-1.sdk.awswaf.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com eu3-cdn.inside-graph.com service.force.com tfour.my.site.com 'self' 'unsafe-inline'; object-src blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net media.ulysse-nardin.com google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://geoip-js.com t.elasticsuite.io *.google-analytics.com *.cookielaw.org *.onetrust.com *.hubspot.com *.hubapi.com *.usemessages.com *.hsleadflows.net *.hs-banner.com *.hubspotfeedback.com *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hsforms.com *.amazonaws.com *.mapbox.com *.doubleclick.net eu3-live.inside-graph.com wss://eu3-live.inside-graph.com/ ct.pinterest.com *.hotjar.com *.hotjar.io wss://ws29.hotjar.com/api/v2/client/ws tfour.my.site.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com 'self' 'unsafe-inline'; child-src *.hubspot.com *.hsforms.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors http://*.butlercc.edu; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://d1stxfv94hrhia.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com https://www.google.hr i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://assets.ctfassets.net https://s3.lightboxcdn.com fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube-nocookie.com https://www.youtube.com *.bazaarvoice.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com/; img-src 'self' https://espmstorage.blob.core.windows.net/espm/ 1
default-src https: data: 'unsafe-inline'; font-src 'self' data: https://js.arcgis.com; img-src https: data: blob:; media-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' https://www.bayerninfo.de https://verkehrsinfo-bw.de https://js.arcgis.com; object-src 'none'; frame-src https:; form-action 'self'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-yN0KjTld4njKa9YQ2KLVSqLgIl1R/aRuFQc0Zk8rm0dKYg6I' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';font-src * data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://todon.eu; img-src 'self' https: data: blob: https://todon.eu; style-src 'self' https://todon.eu 'nonce-8TFe+uEmCPB/k5cGwNxYUg=='; media-src 'self' https: data: https://todon.eu; frame-src 'self' https:; manifest-src 'self' https://todon.eu; form-action 'self'; child-src 'self' blob: https://todon.eu; worker-src 'self' blob: https://todon.eu; connect-src 'self' data: blob: https://todon.eu https://todon.eu wss://todon.eu; script-src 'self' https://todon.eu 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.ostfalia.de https://*.sonia.de 1
frame-ancestors 'self' https://myaccount.lingotek.com:* localhost:*; 1
default-src 'self' https://apps.sitecore.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://www.google-analytics.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com https://www.youtube.com https://www.facebook.com https://cdn.logwork.com/ https://logwork.com/;      font-src 'self' https://fonts.gstatic.com data:;      frame-src 'self' https://service.video.taxi https://www.youtube.com https://consentcdn.cookiebot.com https://sdn.sitecore.net https://ping.sitecore.com/ https://www.yumpu.com https://co2.smarttrailerworld.cargobull.com https://www.google.com/ https://www.facebook.com/ https://cdn.logwork.com/ https://logwork.com/ https://vevox.app/ https://*.online-adventskalender.de/;      img-src 'self' data: https: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com;      media-src 'self' data: https: blob:;     script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://connect.facebook.net https://az416426.vo.msecnd.net https://snap.licdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://cdn.logwork.com/ https://logwork.com/ https://player.cloud.wowza.com/ https://s3.amazonaws.com https://s2.amazonaws.com https://s1.amazonaws.com https://tagmanager.google.com;      script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com  https://az416426.vo.msecnd.net https://maps.googleapis.com https://www.yumpu.com https://players.yumpu.com https://www.google.com https://www.gstatic.com https://cdn.logwork.com/ https://logwork.com/ https://player.cloud.wowza.com https://player-dev.cloud.wowza.com https://vevox.app https://s3.amazonaws.com https://s2.amazonaws.com https://s1.amazonaws.com https://tagmanager.google.com https://code.jquery.com https://*.online-adventskalender.de https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://player.cloud.wowza.com https://player-dev.cloud.wowza.com;     frame-ancestors 'self' https://smarttrailerworld.cargobull.com;     connect-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://cdn.logwork.com/ https://logwork.com/ https://cdn3.wowza.com https://cdn2.wowza.com https://cdn1.wowza.com https://player.cloud.wowza.com https://vevox.app https://s3.amazonaws.com https://s2.amazonaws.com https://s1.amazonaws.com https://latencytimer.azurewebsites.net https://zap.cloud.wowza.com https://restcountries.eu https://maps.googleapis.com https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.usercentrics.eu https://cdn.linkedin.oribi.io https://www.google.nl/ https://www.google.pl https://px.ads.linkedin.com/;     form-action 'self'; 1
frame-ancestors 'self' https://portal.mendfamily.com/ 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: ;worker-src blob:;  1
default-src 'self'; img-src 'self' data: https://app.h3z.jp/ https://media.h3z.jp/ https://logging.h3z.jp/ https://ul.h3z.jp/ https://hm-nrm.h3z.jp/ https://thumb.h3z.jp/ https://basercms.net/img/ https://www.abuseipdb.com/contributor/ https://embed.twentyuno.net/qr/; style-src 'self' 'unsafe-inline' https://app.h3z.jp/ https://media.h3z.jp/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.h3z.jp/ https://media.h3z.jp/ https://logging.h3z.jp/ https://webfont.fontplus.jp/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/; font-src 'self' https://media.h3z.jp/ https://webfont.fontplus.jp/ https://s3-ap-northeast-1.amazonaws.com/fp-bf/; child-src 'self' https://app.h3z.jp/ https://webfont.fontplus.jp/ https://challenges.cloudflare.com/ https://embed.music.apple.com/; connect-src 'self' https://logging.h3z.jp/ https://webfont.fontplus.jp/ https://cloudflareinsights.com/ https://embed.twentyuno.net/invoice; 1
default-src 'none';script-src 'self' 'nonce-f+HfK5MrWOgIQXKvB89lg5EU' 'unsafe-eval' https://player.vimeo.com/api/player.js https://www.instagram.com/embed.js https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/ https://tags.tiqcdn.com https://tags.tiqcdn.cn https://tags-eu.tiqcdn.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://cdn.cookielaw.org;object-src 'self';style-src 'self' 'unsafe-inline' https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/;img-src 'self' https://i.ytimg.com https://i.vimeocdn.com/video/ https://cldnr.talpa.network https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.cookielaw.org;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://open.spotify.com https://w.soundcloud.com https://www.facebook.com https://www.linkedin.com https://www.instagram.com https://platform.twitter.com https://www.tiktok.com https://embed.kijk.nl https://*.sbs6.nl https://*.net5.nl https://*.veronicatv.nl https://*.sbs9.nl https://*.talpanetwork.com;font-src 'self';connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://talpanetwork-privacy.my.onetrust.com;base-uri 'self';child-src 'self';form-action 'self';frame-ancestors 'self';manifest-src 'self';worker-src 'self';upgrade-insecure-requests 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; media-src https:; frame-src https:; manifest-src 'self'; connect-src https: ws:; worker-src blob:; form-action 'self' https:; 1
default-src https: wss: http:; child-src 'self' http://www.youtube.com https://www.youtube.com http://www.google.com/ https://www.google.com/ http://www.google.com/maps/ https://www.google.com/maps/ http://www.opinionstage.com/polls/ https://www.opinionstage.com/polls/ http://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/anchor http://www.google.com/recaptcha/api2/bframe https://www.google.com/recaptcha/api2/bframe http://player.vimeo.com/ https://player.vimeo.com/ http://stage.midas-pps.tractivity.co.uk/ https://stage.midas-pps.tractivity.co.uk/ *.cloudfront.net/butotv/live/ https://y84kj.videomarketingplatform.co/ http://www.facebook.com/ https://www.facebook.com/ http://www.instagram.com/ https://www.instagram.com/ *.stockport.gov.uk *.smbcdigital.net http://stockportmaps.github.io https://stockportmaps.github.io blob: http://vars.hotjar.com/ https://vars.hotjar.com/ http://embed.buto.tv/ https://embed.buto.tv/ http://butoembed.twentythree.net/ https://butoembed.twentythree.net/ http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com; font-src 'self' http://font.googleapis.com https://font.googleapis.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://maxcdn.bootstrapcdn.com/font-awesome/ http://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ http://fonts.gstatic.com/ https://fonts.gstatic.com/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://static.tacdn.com https://static.tacdn.com data: http://s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com http://api.reciteme.com/assets/ https://api.reciteme.com/assets/; img-src 'self' http://khms0.googleapis.com https://khms0.googleapis.com http://khms1.googleapis.com https://khms1.googleapis.com http://geo0.ggpht.com https://geo0.ggpht.com http://geo1.ggpht.com https://geo1.ggpht.com http://geo2.ggpht.com https://geo2.ggpht.com http://geo3.ggpht.com https://geo3.ggpht.com http://cbks0.googleapis.com https://cbks0.googleapis.com http://csi.gstatic.com https://csi.gstatic.com http://maps.gstatic.com https://maps.gstatic.com http://maps.googleapis.com https://maps.googleapis.com http://images.contentful.com/ https://images.contentful.com/ http://images.ctfassets.net https://images.ctfassets.net http://www.google-analytics.com/r/collect https://www.google-analytics.com/r/collect http://www.google-analytics.com/collect https://www.google-analytics.com/collect http://stats.g.doubleclick.net/r/collect https://stats.g.doubleclick.net/r/collect http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://interactive.stockport.gov.uk/ https://interactive.stockport.gov.uk/ http://ads.astuntechnology.com/ https://ads.astuntechnology.com/ http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://customer.cludo.com/img/ https://customer.cludo.com/img/ http://uk1.siteimprove.com/ https://uk1.siteimprove.com/ http://stockportb.logo-net.co.uk/ https://stockportb.logo-net.co.uk/ http://cloudfront.net/butotv/ https://cloudfront.net/butotv/ data: http://www.tripadvisor.co.uk/ https://www.tripadvisor.co.uk/ http://syndication.twitter.com/i/ https://syndication.twitter.com/i/ http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://pbs.twimg.com/ https://pbs.twimg.com/ http://1.bp.blogspot.com/-v6yARqgGaBc/WKL2ZtO9lhI/AAAAAAAAEDU/0CJfMgpdnWg0i6-Wd87E1vTtdKk4TeikQCLcB/s1600/Fake-or-Counterfeit-Bathmate-Pumps.png https://1.bp.blogspot.com/-v6yARqgGaBc/WKL2ZtO9lhI/AAAAAAAAEDU/0CJfMgpdnWg0i6-Wd87E1vTtdKk4TeikQCLcB/s1600/Fake-or-Counterfeit-Bathmate-Pumps.png http://content.govdelivery.com/attachments/fancy_images/UKSMBC/2018/01/1741761/reviewoverlay_original.png https://content.govdelivery.com/attachments/fancy_images/UKSMBC/2018/01/1741761/reviewoverlay_original.png http://app.meetami.ai https://app.meetami.ai *.cloudfront.net/butotv/live/ http://www.facebook.com/ https://www.facebook.com/ *.siteimproveanalytics.io/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ blob: http://spatial.stockport.gov.uk/ https://spatial.stockport.gov.uk/ http://ssl.gstatic.com/ https://ssl.gstatic.com/ http://www.gstatic.com/ https://www.gstatic.com/ http://lh3.googleusercontent.com/ https://lh3.googleusercontent.com/ http://api.reciteme.com/ https://api.reciteme.com/ http://aomg-sr-app-live.s3.eu-west-1.amazonaws.com/ https://aomg-sr-app-live.s3.eu-west-1.amazonaws.com/ http://forms.hsforms.com https://forms.hsforms.com http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com; style-src 'self' 'unsafe-inline' http://cludo.com/css/ https://cludo.com/css/ http://customer.cludo.com/css/ https://customer.cludo.com/css/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://maxcdn.bootstrapcdn.com/font-awesome/ https://maxcdn.bootstrapcdn.com/font-awesome/ http://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ http://fonts.googleapis.com/ https://fonts.googleapis.com/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://cloudfront.net/butotv/ https://cloudfront.net/butotv/ http://tripadvisor.com https://tripadvisor.com http://tripadvisor.co.uk https://tripadvisor.co.uk http://static.tacdn.com https://static.tacdn.com data: http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://stockportb.logo-net.co.uk/Delivery/ https://stockportb.logo-net.co.uk/Delivery/ *.cloudfront.net/butotv/live/ http://tagmanager.google.com/ https://tagmanager.google.com/ http://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css http://unpkg.com/ https://unpkg.com/ http://api.mapbox.com/ https://api.mapbox.com/ http://api.reciteme.com/ https://api.reciteme.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/ http://maps.googleapis.com https://maps.googleapis.com http://apis.google.com https://apis.google.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js http://tagmanager.google.com/ https://tagmanager.google.com/ http://api.cludo.com/scripts/ https://api.cludo.com/scripts/ http://customer.cludo.com/scripts/ https://customer.cludo.com/scripts/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://s3.eu-west-1.amazonaws.com/ https://s3.eu-west-1.amazonaws.com/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://js.buto.tv/video/ https://js.buto.tv/video/ http://siteimproveanalytics.com/js/ https://siteimproveanalytics.com/js/ http://logo-net.co.uk/Delivery/ https://logo-net.co.uk/Delivery/ http://www.opinionstage.com/assets/loader.js https://www.opinionstage.com/assets/loader.js http://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js http://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.1.3.min.js https://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.1.3.min.js http://www.jscache.com/ https://www.jscache.com/ http://tripadvisor.com https://tripadvisor.com http://tripadvisor.co.uk https://tripadvisor.co.uk http://static.tacdn.com https://static.tacdn.com http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js http://platform.twitter.com/ https://platform.twitter.com/ http://cdn.syndication.twimg.com/timeline/ https://cdn.syndication.twimg.com/timeline/ http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://local.tractivity.co.uk/wp-includes/js/ https://local.tractivity.co.uk/wp-includes/js/ http://stage.midas-pps.tractivity.co.uk/ https://stage.midas-pps.tractivity.co.uk/ http://content.govdelivery.com/overlay/js/4939.js https://content.govdelivery.com/overlay/js/4939.js http://core-api-eu1.cludo.com/ https://core-api-eu1.cludo.com/ http://app.meetami.ai/ https://app.meetami.ai/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ wss://chat.meetami.ai/ wss://chat.meetami.ai/socket.io/ http://cdn.trackjs.com/releases/current/tracker.js https://cdn.trackjs.com/releases/current/tracker.js http://feed2js.org/feed2js.php https://feed2js.org/feed2js.php http://connect.facebook.net/ https://connect.facebook.net/ http://widget.wheredoivote.co.uk/ https://widget.wheredoivote.co.uk/ http://static.hotjar.com/ https://static.hotjar.com/ http://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js http://unpkg.com/ https://unpkg.com/ http://api.mapbox.com/ https://api.mapbox.com/ http://script.hotjar.com/ https://script.hotjar.com/ http://spatialgeojson.s3.eu-west-1.amazonaws.com https://spatialgeojson.s3.eu-west-1.amazonaws.com http://spatialgeojson.s3-eu-west-1.amazonaws.com https://spatialgeojson.s3-eu-west-1.amazonaws.com http://www.browsealoud.com/ https://www.browsealoud.com/ http://plus.browsealoud.com/ https://plus.browsealoud.com/ http://speech.speechstream.net/ https://speech.speechstream.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://api.reciteme.com https://api.reciteme.com http://js-eu1.hsforms.net https://js-eu1.hsforms.net http://js-eu1.hs-scripts.com https://js-eu1.hs-scripts.com http://js-eu1.hscollectedforms.net https://js-eu1.hscollectedforms.net http://js-eu1.hs-analytics.net https://js-eu1.hs-analytics.net http://js-eu1.hs-banner.com https://js-eu1.hs-banner.com http://js-eu1.hsadspixel.net https://js-eu1.hsadspixel.net http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com; connect-src 'self' http://api.cludo.com/ https://api.cludo.com/ http://buto-ping-middleman.buto.tv/ https://buto-ping-middleman.buto.tv/ http://kinesis-ping-middleman.buto.tv https://kinesis-ping-middleman.buto.tv http://kinesis.eu-west-1.amazonaws.com/ https://kinesis.eu-west-1.amazonaws.com/ http://zldiarvaya.execute-api.eu-west-1.amazonaws.com/prod/ https://zldiarvaya.execute-api.eu-west-1.amazonaws.com/prod/ http://13bg9nmobj.execute-api.eu-west-1.amazonaws.com/production/player-analytics https://13bg9nmobj.execute-api.eu-west-1.amazonaws.com/production/player-analytics http://core-api-eu1.cludo.com/ https://core-api-eu1.cludo.com/ http://api-eu1.cludo.com/ https://api-eu1.cludo.com/ http://event-collector.buto.tv/ https://event-collector.buto.tv/ http://app.meetami.ai/ https://app.meetami.ai/ http://chat.meetami.ai/ https://chat.meetami.ai/ wss://chat.meetami.ai/ wss://chat.meetami.ai/socket.io/ http://localhost/sitereplier/chats/enabled/ https://localhost/sitereplier/chats/enabled/ *.stockport.gov.uk *.smbcdigital.net http://api.mapbox.com/ https://api.mapbox.com/ http://events.mapbox.com/ https://events.mapbox.com/ http://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css http://api.buto.tv/ https://api.buto.tv/ http://spatialgeojson.s3.eu-west-1.amazonaws.com https://spatialgeojson.s3.eu-west-1.amazonaws.com http://spatialgeojson.s3-eu-west-1.amazonaws.com https://spatialgeojson.s3-eu-west-1.amazonaws.com http://report.23video.com/ https://report.23video.com/ http://plus.browsealoud.com/ https://plus.browsealoud.com/ http://www.browsealoud.com/ https://www.browsealoud.com/ http://speech.speechstream.net/ https://speech.speechstream.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://region1.google-analytics.com/g/collect https://region1.google-analytics.com/g/collect http://maps.googleapis.com https://maps.googleapis.com http://stats.reciteme.com https://stats.reciteme.com http://api.reciteme.com https://api.reciteme.com http://s3.eu-west-1.amazonaws.com/maps.stockport.gov.uk/ https://s3.eu-west-1.amazonaws.com/maps.stockport.gov.uk/ http://raw.githubusercontent.com/OrdnanceSurvey/ https://raw.githubusercontent.com/OrdnanceSurvey/ http://api.os.uk/ https://api.os.uk/ http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com http://forms.hsforms.com https://forms.hsforms.com http://forms-eu1.hscollectedforms.net https://forms-eu1.hscollectedforms.net http://api-eu1.hubapi.com https://api-eu1.hubapi.com http://hubspot-forms-static-embed-eu1.s3.amazonaws.com/ https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/; media-src 'self' blob: http://www.youtube.com/ https://www.youtube.com/ *.cloudfront.net/butotv/live/ http://wpc.196c.planetstream.net/00196C/audio/ https://wpc.196c.planetstream.net/00196C/audio/ http://app.meetami.ai/ https://app.meetami.ai/ *.meetami.ai/ http://api.reciteme.com/ https://api.reciteme.com/; object-src 'self' http://www.youtube.com https://www.youtube.com http://www.youtube.com https://www.youtube.com; manifest-src 'self' http://localhost:5000/assets/images/ui-images/sg/manifest.json https://localhost:5000/assets/images/ui-images/sg/manifest.json; frame-ancestors 'self' *.stockport.gov.uk *.smbcdigital.net *.meetami.ai/ *.chat.meetami.ai/ http://forms.stockport.gov.uk https://forms.stockport.gov.uk http://app.contentful.com https://app.contentful.com http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com; 1
default-src 'self' *.smassets.net *.navitor.com navitor.com *.labelworks.com *.google-analytics.com *.typekit.net *.doubleclick.net *.xg4ken.com *.sitesearch360.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://www.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://seal.digicert.com https://widget.surveymonkey.com facebook.com *.facebook.com ws.zoominfo.com data:; frame-src 'self' *.navitor.com navitor.com *.secure.orders.com secure.orders.com https://tags.tiqcdn.com *.surveymonkey.com *.hotjar.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.labelworks.com *.typekit.net * *.googleapis.com *.google-analytics.com *.google.com cdn.optimizely.com https://www.googletagmanager.com https://www.googleadservices.com https://widget.surveymonkey.com https://tagmanager.google.com https://www.youtube.com https://tags.tiqcdn.com *.xg4ken.com *.sitesearch360.com *.hotjar.com https://seal.digicert.com; style-src 'self' 'unsafe-inline' *.google.com https://tagmanager.google.com https://fonts.googleapis.com https://widget.surveymonkey.com *.sitesearch360.com; frame-ancestors 'self' *.navitor.com navitor.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.qalink.cn:443 1
: frame-ancestors 'none' 1
frame-ancestors 'self' *.mm-boardpaper.com *.mm.group *.mm-packaging.com *.dwtest.at *.dwpreview.com https://app.veertly.com; frame-src *.mm-boardpaper.com *.mm.group *.mm-packaging.com *.dwtest.at *.dwpreview.com *.vimeo.com *.youtube.com *.youtube-nocookie.com https://app.veertly.com 1
child-src  www.paypalobjects.com blob: data:; connect-src  brecksredo.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com  *.clarity.ms content.discovercard.com *.searchspring.io *.searchspring.net src.apis.discover.com cdn.acsbapp.com events.attentivemobile.com brecks.attn.tv *.powerreviews.com *.pixlee.com *.sharethis.com brecks-ca.attn.tv events.attentivemobile.com s.yimg.com *.crazyegg.com www.brecks.com *.google.com app.leadsrx.com assets-www.facebook.com sslwidget.criteo.com maps.googleapis.com *.criteo.com *.crazyegg.com app.leadsrx.com *.google.com gardensalive.force.com *.pingdom.net www.facebook.com *.acsbapp.com acsbapp.com web1.acsbapp.com www.googletagmanager.com gaorder.gardensalive.com *.pixlee.co geoip-js.com www.facebook.com *.bizrate.com bcp.crwdcntrl.net brecksredo.cv3admin.com 2mdtgz.a.searchspring.io google.com gardensalive.my.site.com api.cloudinary.com *.omnichannelengagementhub.com pagead2.googlesyndication.com; default-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  brecksredo.cv3admin.com h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com www.brecks.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.brecks.com *.salesforce.com brecksredo.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com content.discovercard.com h.online-metrix.net src.mastercard.com secure.checkout.visa.com srcdcf.americanexpress.com gum.criteo.com *.sharethis.com lpcdn.lpsnmedia.net photos.pixlee.co ct.pinterest.com creatives.attn.tv static.criteo.net service.force.com tpc.googlesyndication.com secure.trust-provider.com www.googletagmanager.com *.pixlee.com catalog.brecks.com gardensalive.my.salesforce.com gumi.criteo.com t.pepperjamnetwork.com optimize.google.com *.azureedge.net fledge.us.criteo.com; frame-ancestors  www.brecks.com; img-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net *.bing.com *.paypal.com *.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com  2ol9uikbcyevqtdg2z3tej7kpah7xfzeg5wsi7qv4dd33981a058e384sac.d.aa.online-metrix.net x.bidswitch.net matching.ivitrack.com i.liadm.com idsync.rlcdn.com sync-criteo.ads.yieldmo.com ad.tpmn.co.kr tapestry.tapad.com trends.revcontent.com jadserve.postrelease.com gum.criteo.com visitor.omnitagjs.com tg.socdm.com ad.yieldlab.net ups.analytics.yahoo.com eb2.3lift.com criteo-sync.teads.tv sync-t1.taboola.com exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com contextual.media.net rtb-csync.smartadserver.com match.sharethrough.com ade.clmbtech.com sync.outbrain.com content.discovercard.com www.pages08.net ads.avocet.io brecksredo.cv3admin.com assets.secure.checkout.visa.com d3cgm8py10hi0z.cloudfront.net *.powerreviews.com ib.adnxs.com partner.mediawallahscript.com ad.360yield.com r.casalemedia.com criteo-partners.tremorhub.com s.ad.smaato.net assets.pixlee.com *.searchspring.io brecksca.cv3admin.com sp.analytics.yahoo.com www.brecks.com *.online-metrix.net secure.trust-provider.com *.clarity.ms res.cloudinary.com brecks.attn.tv *.google.com *.sharethis.com assets.pxlecdn.com *.gstatic.com ads.avct.cloud id.rlcdn.com sync.search.spotxchange.com ws.rqtrk.eu *.criteo.com tags.bluekai.com dpm.demdex.net aa.agkn.com *.acsbapp.com dsum.casalemedia.com www.google.co.in events.attentivemobile.com *.searchspring.net h2.commercev3.net sync.aralego.com cs.adingo.jp adx.dable.io adgen.socdm.com *.bizrate.com www.google.com blog.brecks.com brecks.com; script-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ content.discovercard.com h.online-metrix.net *.searchspring.net *.clarity.ms src.mastercard.com webapp.src.discover.com secure.checkout.visa.com www.aexp-static.com cdn.attn.tv s.pinimg.com static.criteo.net tag.measured.com dynamic.criteo.com container.pepperjam.com www.google.com brecksredo.cv3admin.com ajax.aspnetcdn.com js.maxmind.com acsbapp.com api.universalcookie.com assets.secure.checkout.visa.com sslwidget.criteo.com *.criteo.com *.salesforceliveagent.com www.sc.pages08.net va.v.liveperson.net mpsnare.iesnare.com assets.pixlee.com *.sharethis.com  lpcdn.lpsnmedia.net assets.pxlecdn.com accdn.lpsnmedia.net lptag.liveperson.net www.googleoptimize.com brecksca.cv3admin.com ajax.aspnetcdn.com cdn.attn.tv www.clarity.ms api.universalcookie.com s.yimg.com www.googleoptimize.com garecommend.gardensalive.com www.google.com  service.force.com *.crazyegg.com secure.trust-provider.com dnn506yrbagrg.cloudfront.net css3-mediaqueries-js.googlecode.com app.leadsrx.com tpc.googlesyndication.com *.pingdom.net gardensalive.force.com gardensalive.my.salesforce.com static.lightning.force.com maps.googleapis.com view.publitas.com widget.us.criteo.com www.google.co.in *.bizrate.com secure.comodo.net optimize.google.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ content.discovercard.com h.online-metrix.net *.searchspring.net *.clarity.ms src.mastercard.com webapp.src.discover.com secure.checkout.visa.com www.aexp-static.com cdn.attn.tv s.pinimg.com static.criteo.net tag.measured.com dynamic.criteo.com container.pepperjam.com www.google.com brecksredo.cv3admin.com ajax.aspnetcdn.com js.maxmind.com acsbapp.com api.universalcookie.com assets.secure.checkout.visa.com sslwidget.criteo.com *.criteo.com *.salesforceliveagent.com www.sc.pages08.net va.v.liveperson.net mpsnare.iesnare.com assets.pixlee.com *.sharethis.com  lpcdn.lpsnmedia.net assets.pxlecdn.com accdn.lpsnmedia.net lptag.liveperson.net www.googleoptimize.com brecksca.cv3admin.com ajax.aspnetcdn.com cdn.attn.tv www.clarity.ms api.universalcookie.com s.yimg.com www.googleoptimize.com garecommend.gardensalive.com www.google.com  service.force.com *.crazyegg.com secure.trust-provider.com dnn506yrbagrg.cloudfront.net css3-mediaqueries-js.googlecode.com app.leadsrx.com tpc.googlesyndication.com *.pingdom.net gardensalive.force.com gardensalive.my.salesforce.com static.lightning.force.com maps.googleapis.com view.publitas.com widget.us.criteo.com www.google.co.in *.bizrate.com secure.comodo.net optimize.google.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net; style-src  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com  cdn.searchspring.net brecksredo.cv3admin.com ajax.googleapis.com *.sharethis.com brecksca.cv3admin.com  service.force.com gardensalive.force.com gardensalive.my.salesforce.com *.bizrate.com www.googletagmanager.com *.bizrate.com optimize.google.com gardensalive.my.site.com s3.amazonaws.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com  cdn.searchspring.net brecksredo.cv3admin.com ajax.googleapis.com *.sharethis.com brecksca.cv3admin.com  service.force.com gardensalive.force.com gardensalive.my.salesforce.com *.bizrate.com www.googletagmanager.com *.bizrate.com optimize.google.com gardensalive.my.site.com s3.amazonaws.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  brecksredo.cv3admin.com h2.commercev3.net/cdn.brecks.com/ cdn.brecks.com www.bing.com www.brecks.com *.acsbapp.com acsbapp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://code.jquery.com/ https://plugins.institut-pandore.com/ https://cdn.jsdelivr.net/ https://use.fontawesome.com/ https://d33v4339jhl8k0.cloudfront.net https://beaconapi.helpscout.net https://www.facebook.com/ https://www.instagram.com/ https://scontent.fccu5-1.fna.fbcdn.net/ https://my.yoast.com/ https://www.fs-poster.com/ https://graph.facebook.com/ https://m.facebook.com/ https://facebook.com/ https://fonts.gstatic.com/ https://adservice.google.com https://partner.googleadservices.com https://adservice.google.co.in https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net/ https://www.google.co.in https://stats.g.doubleclick.net https://cdnjs.cloudflare.com/ https://static.addtoany.com/ https://code.jquery.com/ http://2.gravatar.com https://s.w.org https://www.google.com/ https://www.googletagmanager.com https://www.gstatic.com/ *.youtube.com https://i.ytimg.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://ssl.gstatic.com https://www.google-analytics.com https://beacon-v2.helpscout.net https://yoast.com *.gravatar.com https://d3hb14vkzrxvla.cloudfront.net *.pinterest.com *.googleapis.com https://wp.freemius.com; 1
default-src 'self' cityseeker.com data:  *.fbcdn.net *.cloudflare.com *.wcities.com *.fbsbx.com *.itstourvideo.tv *.doubleclick.net *.vimeo.com *.youtube.com *.what3words.com *.googletagmanager.com *.google.co.in *.doubleclick.net *.google-analytics.com *.cityseeker.com *.apple-mapkit.com *.apple.com  *.hereapi.com *.googleapis.com *.here.com *.pinterest.com  *.cloudfront.net *.rackcdn.com *.resy.com *.twitter.com *.facebook.net *.facebook.com *.googletagmanager.com *.gstatic.com *.googleusercontent.com *.google.com blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:;frame-src * 'self' data: https:; 1
frame-ancestors 'self' https://*.theindependentpharmacy.co.uk 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.gstatic.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' data: *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com https://www.glami.hu https://www.glami.cz https://maps.googleapis.com https://www.google.hu https://admin.fogyasztobarat.hu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com https://*.optimonk.com https://*.hotjar.com https://*.hotjar.io https://www.glami.cz https://analytics.tiktok.com https://maps.googleapis.com https://rum.uptime.com https://ajax.googleapis.com https://admin.fogyasztobarat.hu https://*.mailerlite.com https://vjs.zencdn.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com https://p.typekit.net https://vjs.zencdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.google-analytics.com *.facebook.net https://*.optimonk.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://rum.uptime.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://admin.fogyasztobarat.hu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-2zwM5uhi/byCSWfDPzN8bQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1
default-src * data: blob:; child-src https: http: 'self' *.facebook.com *.facebook.net *.ontraport.com usersnap.com load.sumome.com *.sumo.com *.twitter.com *.kxcdn.com d3mvnvhjmkxpjz.cloudfront.net/*; connect-src 'self' sumome.com sumo.com api.hubapi.com *.googletagmanager.com www.google-analytics.com forms.hubspot.com *.usersnap.com blob:; script-src https: http: 'self' 'unsafe-eval' 'unsafe-inline' d3mvnvhjmkxpjz.cloudfront.net/* *.facebook.net *.ontraport.com *.googletagmanager.com load.sumome.com *.sumo.com *.twitter.com *.kxcdn.com www.google-analytics.com api.usersnap.com/load/fb92bdd3-36ab-42b8-81ac-295a4bf444cb.js cdn.optimizely.com/js/ edge.quantserve.com/quant.js www.google.com/recaptcha/api.js; style-src https: 'self' 'unsafe-inline' d3mvnvhjmkxpjz.cloudfront.net/* *.facebook.net *.ontraport.com usersnap.com *.twitter.com load.sumome.com *.sumo.com *.kxcdn.com www.google-analytics.com *.googletagmanager.com api.usersnap.com *.googleapis.com 1
selfframe-ancestors 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDlhN2UwNmI3ZGYxNGM4OGI0NWIzYWEzYzhmOGQxYmM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.kiesraad.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.kiesraad.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.kiesraad.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'        https://*.bhitest.com https://*.secure.footprint.net https://*.eyereturn.com https://*.hotjar.com        https://stagemh-secure.akamaized.net https://mattamy-secure.akamaized.net        https://*.doubleclick.net https://*.stackadapt.com https://*.linkedin.com https://*.ml3ds-icon.com        https://*.ml3ds-cloud.com https://*.roomored.com https://*.siteimprove.com https://*.sharethis.com        https://*.amazonaws.com https://*.onetrust.com https://*.youtube.com https://*.googletagmanager.com        https://*.focus360.com *.mattamyhomes.com *.thebdxinteractive.com https://thebdxinteractive.com http://thebdxinteractive.com        https://calendly.com https://assets.calendly.com https://js.driftt.com https://rc-follow-me.js.driftt.com        https://cm.eyedemand.com https://extend.vimeocdn.com https://settings.luckyorange.net https://vc.hotjar.io        https://snap.licdn.com https://www.googleadservices.com https://connect.facebook.net https://bat.bing.com        https://pm.boostintegrated.com https://d10lpsik1i8c69.cloudfront.net https://cdn-3.convertexperiments.com        https://www.mybuildercloud.com https://projects.blacklineapp.com https://youtu.be https://img.en25.com        https://js.driftqa.com https://cdn.cookielaw.org https://c.sharethis.mgr.consensu.org https://analytics.google.com        https://maps.googleapis.com http://ip-api.com https://ip-api.com https://apps.sitecore.net        https://geocode.xyz https://rendering.house https://myhome.anewgo.com https://my.matterport.com        https://mattamy.utourhomes.com https://mattamyhomesraleigh.as.me https://myscp.ml3ds-iconstage.com        https://www.google-analytics.com https://player.vimeo.com https://jobs.jobvite.com        http://mattamyhomes.mediaroom.com http://salesarchitect.exsquared.com https://youriguide.com        https://openhouse.odyssey3d.ca http://149.photos https://149.photos https://mattamyhomes.com        https://file-examples-com.github.io https://e29fac8frh.execute-api.us-east-1.amazonaws.com        https://myhomesstory.com https://app.waitwhile.com https://www.facebook.com wss://*.hotjar.com        https://projects.blacklineapp.com https://analytics.tiktok.com https://sc-static.net https://*.snapchat.com        https://stagemh.secure.footprint.net https://*.luckyorange.com https://pubsub.googleapis.com        wss://*.visitors.live wss://realtime.luckyorange.com *.mouseflow.com https://555fee78eb8542c3a298f69e583c9930.svc.dynamics.com        https://a938dd2966244ca8bbc39fa7ae339641.svc.dynamics.com https://cdn.linkedin.oribi.io        https://oc-cdn-public.azureedge.net https://bcp.crwdcntrl.net https://tags.srv.stackadapt.com        https://mktdplp102cdn.azureedge.net https://507242ed65e14ed9ab1f3ce7ea363096.svc.dynamics.com        https://mattamymarketinguat.powerappsportals.com https://files.myhomestory.com https://share.myhomestory.com        https://ajax.aspnetcdn.com/ajax/modernizr/modernizr-2.8.3.js https://mattamyhomes.powerappsportals.com https://tag.simpli.fi        https://i.simpli.fi https://adservice.google.com https://www.google.com/pagead/landing https://tpc.googlesyndication.com;       img-src 'self' data:        https://*.bhitest.com https://*.secure.footprint.net https://*.eyereturn.com https://*.doubleclick.net        https://stagemh-secure.akamaized.net https://mattamy-secure.akamaized.net        https://*.stackadapt.com https://*.linkedin.com https://*.roomored.com https://*.googletagmanager.com        *.mattamyhomes.com https://assets.calendly.com        https://cm.eyedemand.com https://adservice.google.com https://p.adsymptotic.com https://image2.pubmatic.com        https://dsum-sec.casalemedia.com https://sync.search.spotxchange.com https://match.adsrvr.org        https://www.google.com https://bat.bing.com https://www.facebook.com https://maps.googleapis.com        https://maps.gstatic.com https://www.google-analytics.com https://res.cloudinary.com https://www.google.ca        https://stagemh.secure.footprint.net https://mattamyhomes.mediaroom.com https://cdn.cookielaw.org *.mouseflow.com        https://sync.sharethis.com https://lh3.ggpht.com https://files.myhomesstory.com https://um.simpli.fi       https://www.googleadservices.com https://fei.pro-market.net;       style-src 'self' 'unsafe-inline'        https://*.stackadapt.com https://*.typekit.net        https://fonts.googleapis.com https://mattamyhomes.mediaroom.com https://assets.calendly.com https://oc-cdn-public.azureedge.net;       font-src 'self' 'unsafe-inline'        https://*.typekit.net        https://fonts.gstatic.com *.mouseflow.com;       upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com connect.facebook.net *.facebook.com https://fbanalytics.theticketfactory.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net https://*.hotjar.com; img-src 'self' 'self' data: www.awin1.com https://*.hotjar.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com bat.bing.com https://clarity.microsoft.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net *.facebook.com theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com https://*.hotjar.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk connect.facebook.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com d16fk4ms6rqz1v.cloudfront.net gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1
frame-ancestors 'self' http://tw2prod-cms.technologyevaluation.com ; 1
frame-ancestors 'self' https://*.entsoe.eu https://*.eudonet.com https://*.cmar-paca.fr https://*.norddefrance.cci.fr https://*.oaciq.com https://*.inria.fr https://*.sattse.com https://*.11.be https://*.afm-telethon.fr; 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/g/; 1
default-src 'none'; font-src 'self' data: obcan.justice.sk; script-src 'self' 'unsafe-inline' 'unsafe-eval' obcan.justice.sk; connect-src 'self' api.justice.gov.sk obchodnyvestnik.justice.gov.sk obcan.justice.sk; img-src 'self' data: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org obcan.justice.sk; style-src 'self' 'unsafe-inline' obcan.justice.sk; base-uri 'self'; form-action 'self'; frame-src www.openstreetmap.org 1
frame-ancestors 'self' https://*.myshopify.com https://appery.io 1
default-src 'self' www.cpbrandsite.com; connect-src 'self' www.cpbrandsite.com *.algolianet.com *.algolia.net *.amplitude.com cloudflareinsights.com *.doubleclick.net www.google.co.th/ads/ga-audiences *.google-analytics.com *.googleapis.com analytics.google.com *.googletagmanager.com *.tealiumiq.com *.tiqcdn.com *.tiqcdn.cn *.tiktok.com *.webtrendslive.com; form-action 'self' www.cpbrandsite.com'; font-src 'self' data: www.cpbrandsite.com cdnjs.cloudflare.com; frame-ancestors 'self' www.cpbrandsite.com; frame-src 'self' www.cpbrandsite.com *.doubleclick.net *.facebook.com *.youtube.com *.twitter.com; img-src * blob: data: cdnjs.cloudflare.com *.facebook.com *.google-analytics.com www.google.co.th/ads/ga-audiences *.googletagmanager.com *.webtrendslive.com *.ytimg.com *.youtube.com; media-src 'self' www.cpbrandsite.com storage.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.cpbrandsite.com *.amplitude.com *.jquery.com cdn.jsdelivr.net *.cloudflare.com static.cloudflareinsights.com *.doubleclick.net *.facebook.net twitter.github.io *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com www.inetasia.com d.line-scdn.net *.tiktok.com *.tiqcdn.com *.tiqcdn.cn *.twitter.com *.webtrends.com *.webtrendslive.com *.youtube.com; style-src 'self' 'unsafe-inline' www.cpbrandsite.com cdnjs.cloudflare.com cdn.jsdelivr.net; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; 	img-src data: blob: android-webview-video-poster: *; 	style-src 'unsafe-inline' *; 	font-src data: chrome-extension: moz-extension: safari-extension: 'self' fonts.gstatic.com cdnjs.cloudflare.com use.fontawesome.com; 	child-src 'self' www.googletagmanager.com www.youtube.com; 	connect-src wss: 'self' *.liveact.cri-mw.jp stats.g.doubleclick.net *.google-analytics.com analytics.google.com www.google.co.jp www.googletagmanager.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' *.liveact.cri-mw.jp *.google-analytics.com www.googletagmanager.com jaysalvat.github.io code.jquery.com cdn.jsdelivr.net; 	report-uri https://e-cgift.net/reporturi.php 1
default-src 'self' 'unsafe-inline' www.google-analytics.com region1.google-analytics.com cdnjs.cloudflare.com www.googletagmanager.com oss.maxcdn.com www.w3.org; img-src 'self' data: * 1
default-src 'self' blob: *.fitch.group; frame-ancestors 'self' *.fitchratings.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/npm/css-vars-ponyfill@2 *.evidon.com ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js cdn.jsdelivr.net/npm/lodash@4.17.15/lodash.min.js vjs.zencdn.net/7.3.0/video.js use.fontawesome.com your.fitch.group/rs/732-CKH-767/images/jquery.lazy.min.js unpkg.com/aos@2.3.1/dist/aos.css cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js unpkg.com/aos@2.3.1/dist/aos.js ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js *.jsdelivr.net www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.clearbitscripts.com fitchconnect.piwikpro.com cdn.polyfill.io  *.fitch.group *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co *.googletagmanager.com fitchconnect.piwikpro.com cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co *.hotjar.com *.marketo.com; style-src 'self' 'unsafe-inline' blob: *.fitch.group your.fitchratings.com fonts.googleapis.com fonts.googleapis.com vjs.zencdn.net/7.7.6/video-js.css unpkg.com/aos@2.3.1/dist/aos.css *.hotjar.com use.fontawesome.com; connect-src 'self' blob: *.fitch.group *.evidon.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net your.fitch.group *.evidon.com  *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net unpkg.com/aos@2.3.1/dist/aos.css *.hotjar.com *.hotjar.io use.fontawesome.com; prefetch-src 'self' *.funnelenvy.com *.evidon.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com *.evidon.com  fitchconnect.piwikpro.com munchkin.marketo.net snap.licdn.com script.crazyegg.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com unpkg.com/aos@2.3.1/dist/aos.css  *.brightcove.com *.hotjar.com use.fontawesome.com; img-src 'self' data: images.ctfassets.net *.boltdns.net metrics.brightcove.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net l.betrad.com *.evidon.com fitchconnect.piwikpro.com *.linkedin.com p.adsymptotic.com *.idio.co your.fitch.group *.fitch.group httpsak-a.akamaihd.net *.hotjar.com use.fontawesome.com; font-src 'self' data: *.fitch.group fonts.gstatic.com use.fontawesome.com; frame-src unpkg.com/aos@2.3.1/dist/aos.css indd.adobe.com  'self' *.fitch.group infogram.com e.infogram.com  infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group use.fontawesome.com *.hotjar.com *.evidon.com; media-src 'self' blob: *.fitch.group *.brightcove.com videos.ctfassets.net *.akamaihd.net unpkg.com/aos@2.3.1/dist/aos.css  manifest.prod.boltdns.net *.hotjar.com; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.vmst.io; img-src 'self' data: blob: https://assets.vmst.io https://cdn.vmst.io; style-src 'self' https://assets.vmst.io 'nonce-hI5OIbzOajqgOFqpGXLDqg=='; media-src 'self' data: https://assets.vmst.io https://cdn.vmst.io; frame-src 'self' https:; manifest-src 'self' https://assets.vmst.io; form-action 'self'; child-src 'self' blob: https://assets.vmst.io; worker-src 'self' blob: https://assets.vmst.io; connect-src 'self' data: blob: https://assets.vmst.io https://cdn.vmst.io wss://streaming.vmst.io; script-src 'self' https://assets.vmst.io 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bicomsystems.com/ data: ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; connect-src 'self' https://www.bicomsystems.com/ wss: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-47cfe5e0b477f1be6419973d20a296f8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.google.com *.instagram.com *.chatbase.co cdn.jsdelivr.net *.writesonic.com *.d1m9uqhmlogh4h.cloudfront.net *.amazonaws.com *.elfsight.com *.googleapis.com *.facebook.com googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com *.cloudfront.net disqus.com s7.addthis.com *.disqus.com *.cloudflare.com *.youtube.com youtube.com *.clarity.ms *.disquscdn.com *.google-analytics.com google-analytics.com escapemotions.disqus.com *.gcsip.com *.addthis.com *.doubleclick.net static.doubleclick.net *.cookiehub.net cookiehub.net v1.addthisedge.com z.moatads.com *.analytics.google.com *.escapemotions1.b-cdn.net escapemotions1.b-cdn.net fonts.gstatic.com *.onfastspring.com *.fastspring.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.disquscdn.com escapemotions.disqus.com *.google-analytics.com google-analytics.com *.gcsip.com *.disqus.com *.addthis.com s7.addthis.com v1.addthisedge.com *.moatads.com z.moatads.com *.instagram.com *.chatbase.co cdn.jsdelivr.net *.writesonic.com *.d1m9uqhmlogh4h.cloudfront.net *.amazonaws.com *.elfsight.com googletagmanager.com connect.facebook.net *.googletagmanager.com *.escapemotions1.b-cdn.net escapemotions1.b-cdn.net *.google.com *.facebook.com *.googleapis.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com youtube.com *.cloudflare.com *.clarity.ms *.google-analytics.com *.doubleclick.net static.doubleclick.net *.cookiehub.net cookiehub.net *.analytics.google.com *.escapemotions1.b-cdn.net fonts.gstatic.com *.onfastspring.com *.fastspring.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.cloudfront.net youtube.com *.google.com *.instagram.com *.chatbase.co cdn.jsdelivr.net *.writesonic.com *.d1m9uqhmlogh4h.cloudfront.net *.amazonaws.com *.elfsight.com *.escapemotions1.b-cdn.net static.doubleclick.net s7.addthis.com *.facebook.com *.googleapis.com googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com googleanalytics.com google-analytics.com *.addthis.com v1.addthisedge.com z.moatads.com *.cloudflare.com escapemotions1.b-cdn.net cookiehub.net escapemotions.disqus.com *.gcsip.com *.gcsip.com *.disqus.com *.facebook.com *.jsdelivr.net *.disquscdn.com; img-src data: *; object-src 'none'; font-src 'self' *.google.com *.instagram.com *.chatbase.co cdn.jsdelivr.net *.writesonic.com *.d1m9uqhmlogh4h.cloudfront.net *.amazonaws.com *.elfsight.com *.googleapis.com *.facebook.com googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com *.cloudfront.net disqus.com s7.addthis.com *.disqus.com *.cloudflare.com *.youtube.com youtube.com *.clarity.ms *.disquscdn.com *.google-analytics.com google-analytics.com escapemotions.disqus.com *.gcsip.com *.addthis.com *.doubleclick.net static.doubleclick.net *.cookiehub.net cookiehub.net v1.addthisedge.com z.moatads.com *.analytics.google.com *.escapemotions1.b-cdn.net escapemotions1.b-cdn.net fonts.gstatic.com *.onfastspring.com *.fastspring.com data:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' source-expression; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: youtube.com www.youtube.com; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://koi-3qnc1s0lny.marketingautomation.services/ https://tag.perfectaudience.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://static.hotjar.com/ https://consent.cookiebot.com/ https://ajax.googleapis.com/ https://fonts.googleapis.com/ https://script.hotjar.com/ https://edge.fullstory.com/ https://cdnjs.cloudflare.com/ https://secure.quantserve.com/ https://cdn.livechatinc.com/ https://invitation.opinionbar.com/ https://www.google.com/ https://api.livechatinc.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://fonts.googleapis.com/ https://invitation.opinionbar.com/; img-src 'self' https: data: https://1.gravatar.com/ https://www.w3.org/; connect-src 'self' https: data:; font-src 'self' https: data: https://fonts.googleapis.com; media-src 'self'; frame-src 'self' https://secure.livechatinc.com/ https://e.issuu.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.ispot.tv/ https://www.buzzsprout.com/ https://td.doubleclick.net/ https://consentcdn.cookiebot.com/ https://www.facebook.com/; worker-src https:; navigate-to https://www.ispot.tv/; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.carhp.com 1
default-src 'self' data: 'unsafe-inline' *.powerbi.com *.jsdelivr.net *.chargebee.com *.cloudflare.com *.googleapis.com; script-src https: 'self' 'unsafe-inline' blob: 'unsafe-eval' fast.wistia.com *.unpkg.com *.powerbi.com *.chargebee.com *.onetrust.com *.cookielaw.org *.googletagmanager.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.google.com *.google-analytics.com *.youtube-nocookie.com *.bing.com *.googleleadservices.com *.fast.wistia.net;; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.powerbi.com *.chargebee.com *.jsdelivr.net *.cloudflare.com *.googleapis.com; img-src * data:  *.dataguidance.com *.amazonaws.com *.onetrust.com ;; media-src 'self'; frame-src 'self' *.vimeo.com *.cookielaw.org static.addtoany.com *.googletagmanager.com *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.google.com *.powerbi.com *.gstatic.com *.cloudflare.com;; frame-ancestors 'self'; child-src 'self'; font-src https: 'self' data: *.googletagmanager.com fonts.google.com *.googleapis.com *.gstatic.com;; connect-src 'self' data: * cdn.cookielaw.org ;; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wlresources.com *.my.cam *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.google-analytics.com *.googlesyndication.com https://www.googletagservices.com https://www.googletagmanager.com *.doubleclick.net; connect-src 'self' *.wlresources.com *.my.cam wss://api.my.cam *.facebook.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com; worker-src 'self' blob:; report-uri /err0r/js?ts=1705980033 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'none' 1
default-src * data:;img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src https: 'unsafe-inline' 'unsafe-eval';frame-src  * data: ;frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://cdn.yosushi.com; 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com 'nonce-YTZkNzRjMWI4NmE5MDZiNTNlYTdkYjk2YjQ4MzA0ZmVkYjMyNDczY2U5ZWQ5NzQ0NWZlOTdjYWJmYTAxMzhmMmFjNWI5ODg5ZGY2NjRkYjM0MDNhMjBjOTFhODVjYjRmYmY5OWNhYzBhYzM2YmUxYmEwNDBjM2IxMGVkZTc5OTA=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 1
default-src 'self' apiv1.publicators.com www.publicators.com www.publicators.co.il fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com www.googletagmanager.com app.termly.io google.com negishim.com www.negishim.com www.google.com google-analytics.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net code.jquery.com camp.mini-sites.net icreate-campaign.com r.icreate-campaign.com center.icreate-campaign.com camp.icreate-campaign.com www.youtube.com youtube.com tips.teamcad.co.il data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.honeybadger.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com facebook-cdn.exceedlms.com *.instagram.com *.bornoninstagram.com *.dropbox.com *.cdn.jsdelivr.net *.jsdelivr.com *.hotjar.com *.static.hojar.com; img-src * data: blob:; media-src * blob: mediastream:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googleusercontent.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com *.instagram.com *.bornoninstagram.com *.dropbox.com *.cdn.jsdelivr.net *.jsdelivr.com *.hotjar.com *.static.hojar.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; 1
default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src *;script-src 'self';form-action * ;frame-ancestors 'none'; 1
frame-ancestors 'self' testing.singleinterface.com stores.exidecare.com flpnwc-m5c04spz8p.dispatcher.eu2.hana.ondemand.com; 1
default-src 'self'; font-src 'self'; frame-src 'self' https://www.youtube.com https://maps.google.com https://www.google.com; style-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'self'; img-src 'self' http: https: *.gravatar.com data:; 1
default-src 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: 22h.s3.nl-ams.scw.cloud; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; base-uri 'self'; form-action 'self'  1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.criteo.com https://*.api.useinsider.com https://*.quinengine.com https://*.segmentify.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.enhencer.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://google-analytics.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://googletagmanager.com https://graph.facebook.com https://*.bkmexpress.com.tr https://js.facebook.com https://mc.yandex.ru https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://st-hummel.mncdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.clarity.ms https://www.googleoptimize.com https://www.google.com https://www.googletagmanager.com https://*.useinsider.com https://*.newrelic.com https://*.nr-data.net https://*.googleapis.com https://*.sgmntfy.com https://www.gstatic.com/;                      style-src 'self' 'unsafe-inline' *.google.com *.api.useinsider.com fonts.googleapis.com https://*.quinengine.com privacyportal-cdn.onetrust.com st-hummel.mncdn.com www.googletagmanager.com https://*.segmentify.com https://*.bkmexpress.com.tr https://*.useinsider.com;                      child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.api.useinsider.com creativecdn.com connect.facebook.net www.googletagmanager.com https://*.googleapis.com https://*.bkmexpress.com.tr https://*.yandex.ru/;                      base-uri 'self';                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true; 1
default-src 'self' https://analytics.google.com https://ap-gateway.mastercard.com https://test-gateway.mastercard.com https://www.gstatic.com https://connect.facebook.net https://apis.google.com https://www.google.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://localhost https://kfc.lk https://kfc-web.azurewebsites.net https://admin-kfc-web.azurewebsites.net https://cdnjs.cloudflare.com https://code.jquery.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com 'unsafe-inline'  1
object-src 'none'; base-uri 'self'; media-src 'self' *.cachefly.net 1
default-src 'self'  *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *;style-src 'self' 'unsafe-inline' *; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com;form-action 'self' *;frame-src * 1
default-src 'self';img-src * 'self' blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net/  https://marutistoragenew.blob.core.windows.net/ https://www.google-analytics.com https://www.googletagmanager.com https://cdn.treasuredata.com https://in.treasuredata.com;frame-src 'self' 'unsafe-inline' https://www.facebook.com/;connect-src 'self'  'unsafe-inline' https://stats.g.doubleclick.net https://lm.serving-sys.com/ https://secure-ds.serving-sys.com/ ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://connect.facebook.net/ http://www.google-analytics.com/ http://www.googletagmanager.com http://cdn.treasuredata.com https://ajax.googleapis.com/ https://www.google-analytics.com/ https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://secure-ds.serving-sys.com/ https://cdn.treasuredata.com https://in.treasuredata.com https://cdn.jsdelivr.net https://bs.serving-sys.com/;font-src 'self' ;style-src  'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/;worker-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://fonts.googleapis.com/ https://cse.google.com/ https://www.google.com/; img-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://www.gstatic.com/ https://fonts.googleapis.com/ https://cse.google.com/ https://www.google.com/; frame-src 'self' https://www.google.com/maps/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;frame-ancestors 'none';object-src 'self'; 1
report-uri https://ent-csp-report2.azurewebsites.net ; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://*.yahoo.co.jp https://s.yimg.jp https://code.createjs.com https://cdn.rawgit.com/ics-creative/ParticleJS/ https://static.criteo.net https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net/particles.js/ https://tpc.googlesyndication.com https://trusted-web-seal.cybertrust.ne.jp/seal/ https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.criteo.com https://t.contentsquare.net/ app.contentsquare.com ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome-animation/ https://cdnjs.cloudflare.com/ajax/libs/animate.css https://unpkg.com/swiper@7/ https://*.googleapis.com ; font-src 'self' data: https://use.fontawesome.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.gstatic.com ; img-src * data: ; connect-src 'self' https://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://*.criteo.com *.contentsquare.net ; frame-src 'self' https://bid.g.doubleclick.net https://www.youtube.com https://static.criteo.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://widgets.itunes.apple.com https://tools.applemediaservices.com https://*.criteo.com https://*.google.com csxd.harlequin-library.jp csxd.hqcomic.jp ; child-src 'self' blob: ; 1
default-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org data:; connect-src 'self' *.onetrust.com metrics.articulate.com cdn.cookielaw.org; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' ; frame-src 'self' youtube.com *.youtube.com ; img-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org i.ytimg.com data: 1
connect-src 'self' api.mercadopago.com sdkmetrics.mercadopago.com.br maps.googleapis.com bin-ip-checker.p.rapidapi.com bincheck.io rapidapi.com wss://saem.com.ar; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com bin-ip-checker.p.rapidapi.comhtml5shim.googlecode.com code.jquery.com secure.mlstatic.com rapidapi.com content.mercadopago.com cdnjs.cloudflare.com cdn.rawgit.com; frame-src mldp.mercadopago.com content.mercadopago.com cdn.rawgit.com; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.rawgit.com; img-src 'self' csi.gstatic.com maps.gstatic.com maps.googleapis.com data: content.mercadopago.com cdn.rawgit.com raw.githubusercontent.com www.mercadopago.com saem.s3.amazonaws.com 1
script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src *; img-src * data:; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com http://translate.google.com https://translate.googleapis.com https://code.ionicframework.com; script-src 'self' 'unsafe-inline' http://translate.google.com https://translate.googleapis.com localhost:*/* https://facebook.com *.facebook.com http://translate.google.com *.translate.google.com http://indiannetwork.in/ https://indiannetwork.in/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.google-analytics.com https://www.google-analytics.com http://upsdmabas.auashreetron.com https://upsdmabas.auashreetron.com http://202.65.131.96 https://202.65.131.96 http://auakua.auashreetron.com https://auakua.auashreetron.com http://www.googleadservices.com https://www.googleadservices.com  1
base-uri 'self';connect-src 'self';form-action 'self';img-src 'self' data:;media-src 'self';object-src 'none' 1
*.womaneconomy.co.kr 1
frame-ancestors www.krankenpflege-journal.site https://mailings.esanum.de http://krankenpflege-journal.site/ https://cmeassist.academy2.de krankenpflege-journal.site https://static.esanum.de https://krankenpflege-journal.site 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cse.expertrec.com www.google-analytics.com adservice.google.com www.google.com partner.googleadservices.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.youtube.com cdn.plyr.io cdn.jsdelivr.net adservice.google.co.uk fundingchoicesmessages.google.com cdn.scaleflex.it 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; frame-src 'self' https://*; img-src 'self' https://* data:; connect-src 'self' https://*; 1
frame-ancestors 'self' https://*.gewiss.com; frame-src 'self'  https://www.youtube.com https://www.youtube-nocookie.com https://gectotem.gewiss.com https://fastcalc.dialux.com https://www.facebook.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms  https://snap.licdn.com https://embed.tawk.to https://cdn.jsdelivr.net/ https://www.gstatic.com  https://developers.google.com https://www.googletagmanager.com *.youtube.com https://maps.google.com https://www.google.com https://www.google-analytics.com https://maps.googleapis.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://cdn.jsdelivr.net/ https://static-v.tawk.to 1
frame-ancestors 'self' *.brin.go.id *.lapan.go.id *.batan.go.id *.bppt.go.id *.lipi.go.id; 1
frame-ancestors 'none'; default-src 'self' blob: https://*.smit.ee https://*.smit.prelive https://talendipank.ee wss://*.smit.ee; script-src 'self' 'unsafe-eval' blob: https://smit.ee https://*.smit.ee https://*.gstatic.com https://*.googleapis.com https://*.google.com https://piwik.smit.ee https://youtube.com https://*.youtube.com 'unsafe-inline'; img-src 'self' data: https://placehold.it https://*.gstatic.com https://*.googleapis.com https://*.google.com https://piwik.smit.ee https://*.smit.ee https://*.youtube.com https://tiles.maaamet.ee; style-src 'self' 'unsafe-inline' https://*.google.com; font-src 'self'; frame-src 'self' https://*.youtube.com https://*.facebook.com https://*.google.com; object-src https://www.smit.ee https://*.www.smit.ee 1
default-src 'self' https://lareb.containers.piwik.pro *.lareb.nl/rss; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://lareb.containers.piwik.pro *.googleapis.com *.google.com *.gstatic.com *.sendinblue.com *.dublincore.org *.cdn.jsdelivr.net https://cdn1.readspeaker.com https://rsms.me *.captcha.at *.captcha.eu blob: ; style-src 'self' 'unsafe-inline' *.typekit.net *.gstatic.com https://fonts.googleapis.com *.dublincore.org; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.gstatic.com https://fonts.googleapis.com *.jsdelivr.net *.dublincore.org https://rsms.me *.lareb.nl/rss; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.sendinblue.com *.dublincore.org *.w3.org *.captcha.eu; font-src 'self' data: *.typekit.net https://fonts.gstatic.com *.dublincore.org; connect-src 'self' https://w19.captcha.at/challenge https://vttts-eu.readspeaker.com https://lareb.piwik.pro/ppms.php https://app-eu.readspeaker.com https://cdn1.readspeaker.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.lareb.nl *.typekit.net *.sendinblue.com *.dublincore.org; object-src 'none'; frame-src https://app-eu.readspeaker.com https://65d39324.sibforms.com; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.zecible.fr *.notebleue.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.fontawesome.com; img-src * data:; frame-src *; frame-ancestors 'self' data: blob: www.b2cdata.fr www.b2b-data.fr *.zecible.fr *.notebleue.com; 1
frame-ancestors *.firstclasswatches.co.uk *.firstclasswatches.com 1
default-src 'self' 'unsafe-inline' www.google-analytics.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.google.com *.google.ch www.googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net hello.myfonts.net *.jobcloud.ch *.jobs.ch *.jobup.ch *.stellen.ch *.impieghi.ch *.ingjobs.ch *.ictcareer.ch *.jobs4sales.ch *.financejobs.ch *.medtalents.ch *.jobwinner.ch *.alpha.ch *.topjobs.ch *.jobscout24.ch *.disqus.com *.disquscdn.com disqus.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.google-analytics.com *.analytics.google.com *.google.com www.googletagmanager.com tpc.googlesyndication.com *.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com ajax.googleapis.com *.googleadservices.com cdn.jsdelivr.net bam.nr-data.net *.disqus.com *.disquscdn.com; frame-src tpc.googlesyndication.com; media-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-ancestors 'self' https://*.zingermans.com https://*.authorize.net; 1
default-src 'self' 'unsafe-inline' blob: data: *.lk-cs.com https://myconsumers.org *.myconsumers.org http://www.myconsumers.org https://woobox.com *.hotjar.com https://*.optimizely.com https://*.s3.amazonaws.com https://tagmanager.google.com https://www.googleadservices.com https://d.impactradius-event.com https://kingsumo.com https://www.livelook.com *.idevdesign.net *.marketo.com consumerscreditunion.mktoweb.com *.marketopreview.com https://lkcssecurehosting.com *.creatio.com https://www.learnaboutmoneymovement.com https://feed.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://*.onlineaccess1.com https://consumer-credit-union.4cna.net https://*.loggly.com https://*.googletagmanager.com *.google-analytics.com https://analytics.google.com https://prod.northstar.ellielabs.com https://*.googlesyndication.com https://consumer-credit-union.4cna.net wss://*.hotjar.com *.hotjar.io https://google.com https://cms.myconsumers.org https://widget.ellieservices.com/* https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com https://prod.northstar.ellielabs.com/* https://logx.optimizely.com/* https://logx.optimizely.com/v1/events https://clients.lk-cs.com https://www.google-analytics.com analytics.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://protect-us.mimecast.com *.bing.com https://prod.northstar.ellielabs.com https://cms.myconsumers.org https://widget.ellieservices.com/* https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://myconsumers.org https://utt.impactcdn.com https://clients.lk-cs.com/id/62161/custom/rates/ *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com https://cdn.polyfill.io https://stackpath.bootstrapcdn.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.googletagmanager.com *.lk-cs.com *.cobrowse.oraclecloud.com maps.google.com https://static.hotjar.com https://lkcssecurehosting.com https://cdn.optimizely.com https://woobox.com https://kingsumo.com https://*.optimizely.com https://*.hotjar.com https://*.s3.amazonaws.com https://lkcssecurehosting.com https://optimizely.s3.amazonaws.com tagmanager.google.com *.googleadservices.com *.impactradius-event.com *.doubleclick.net *.kingsumo.com *.livelook.com *.marketo.com *.cloudflareinsights.com *.google.com consumerscreditunion.mktoweb.com *.marketopreview.com https://lkcssecurehosting.com https://www.learnaboutmoneymovement.com https://*.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://analytics.google.com https://cucalc.org https://cms.myconsumers.org https://widget.ellieservices.com https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com https://bat.bing.com/ https://stats.g.doubleclick.net https://analytics.google.com https://sjrtp8.marketo.com https://prod.northstar.ellielabs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com *.twimg.com https://clients.lk-cs.com https://lkcssecurehosting.com https://tagmanager.google.com *.livelook.com https://clients.lk-cs.com data: *.marketo.com *.google.com consumerscreditunion.mktoweb.com *.marketopreview.com https://*.mikle.com http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://consumer-credit-union.4cna.net https://*.loggly.com https://www.googletagmanager.com https://cucalc.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.cloudfront.net consumerscreditunion.mktoweb.com *.marketopreview.com *.hotjar.com *.marketo.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com; img-src 'self' *.doubleclick.net *.lk-cs.com *.myconsumers.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.cobrowse.oraclecloud.com http://www.myconsumers.org platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://lkcssecurehosting.com https://www.learnaboutmoneymovement.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://*.mktoresp.com http://js.hsforms.net https://forms.hsforms.com https://consumer-credit-union.4cna.net https://*.loggly.com https://*.googletagmanager.com https://consumer-credit-union.4cna.net *.bing.com https://www.ojrq.net https://logs-01.loggly.com; media-src 'self' https://www.learnaboutmoneymovement.com https://lkcssecurehosting.com http://www.myconsumers.org https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com data: blob:; form-action 'self' *.lk-cs.com *.myconsumers.org *.vimeo.com *.youtube.com *.livelook.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com; frame-src 'self' data: *.myconsumers.org *.google.com https://*.google.com *.youtube.com https://consumer-credit-union.4cna.net *.cobrowse.oraclecloud.com http://www.myconsumers.org https://lkcssecurehosting.com https://cdn.optimizely.com https://vimeo.com https://woobox.com *.woobox.com *.hotjar.com *.doubleclick.net *.livelook.com https://kingsumo.com https://clients.lk-cs.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://feed.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://cucalc.org https://prod.northstar.ellielabs.com https://api.elliemae.com https://idp.elliemae.com https://na3.docusign.net https://na.account.docusign.com; connect-src 'self' https://logx.optimizely.com https://logx.optimizely.com/v1/events https://clients.lk-cs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://sjrtp8.marketo.com wss://ws.hotjar.com/ https://metrics.hotjar.io/ https://content.hotjar.io/ https://content.hotjar.io/ https://bat.bing.com/ https://bat.bing.com/; 1
default-src 'self' *.kinoplan.io; report-uri https://sentry.kinoplan.tech/api/13/csp-report/?sentry_key=79a56ddb03474a1eb318c77391692ec1; connect-src 'self' *.kinoplan24.ru *.kinoplan.io wss://* mc.yandex.ru mc.yandex.com www.google-analytics.com https://ssl.google-analytics.com https://sentry.kinoplan.tech https://servicedesk.dcp24.ru https://stats.g.doubleclick.net *.jivo.ru *.jivosite.com; child-src blob: 'self' mc.yandex.ru mc.yandex.com; style-src 'self' 'unsafe-inline' https: data: blob: *.kinoplan.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinoplan.io ssl.google-analytics.com www.google-analytics.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://tagmanager.google.com/ https://www.googletagmanager.com https://cdn.nolt.io/ *.jivo.ru *.jivosite.com; img-src blob: 'self' ssl.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com www.google-analytics.com mc.yandex.ru mc.yandex.com *.dcp24.ru *.kinoplan24.ru kinoplan24.ru *.kinoplan.io kinoplan.io kinoplan.ru img.youtube.com data: *.jivo.ru *.jivosite.com; font-src 'self' https://fonts.gstatic.com *.kinoplan.io; frame-src 'self' *.kinoplan24.ru *.dcp24.ru *.kinoplan.io blob: mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://www.youtube.com https://kinoplan.nolt.io https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com; media-src 'self' https:; worker-src blob: 'self' 1
frame-src 'self' https://www.google.com https://player.vimeo.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.staples.com *.staplesadvantage.com 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.awin1.com *.bing.com *.clarity.ms *.cookie-script.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.msecnd.net *.visualstudio.com *.visualwebsiteoptimizer.com *.wepowerconnections.com *.youtube.com *.ytimg.com bat.bing.com cdn.cookie-script.com player.vimeo.com www.dwin1.com www.dwin2.com www.google-analytics.com; report-uri https://www.financenetwork.nl/csp 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.globenewswire.com unpkg.com www.globenewswire.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net hello.myfonts.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com f1.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com cs.globenewswire.com pr.globenewswire.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' geoid.investisdigital.com edge.api.brightcove.com www.google-analytics.com cookiemanager.investisdigital.com viz.tools.investis.com stats.g.doubleclick.net analytics.google.com region1.analytics.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://md-scp.kampyle.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://assets.adobedtm.com https://unpkg.com https://www.google-analytics.com https://9873963.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://m.clarity.ms https://stats.g.doubleclick.net https://www.clarity.ms https://analytics.newscred.com https://snap.licdn.com https://www.google-analytics.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.googletagmanager.com https://api.bnpparibas-am.com https://api.staging.bnpparibas-am.com https://player.ausha.co https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com; font-src 'self' 'unsafe-inline' data: https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.gstatic.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; img-src 'self' https://bnpparibas-am-com.go-vip.net https://bnpparibas-am.com https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnppampublicglobalprod.112.2o7.net https://diversification.bnpparibas-am.com https://pixel.wp.com https://secure.gravatar.com https://bnppampublicglobaldev.112.2o7.net https://ad.doubleclick.net https://www.linkedin.com https://udc-neb.kampyle.com data:  https://resources.digital-cloud.medallia.eu https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.stoneshot.com https://www.google-analytics.com https://pixel.welcomesoftware.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; base-uri 'self'; object-src 'self'; media-src 'self' https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://audio.ausha.co https://audiofiles.ausha.co; child-src 'self' https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://widgets.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://td.doubleclick.net https://9054818.fls.doubleclick.net https://www.youtube.com https://resources.digital-cloud.medallia.eu https://9873963.fls.doubleclick.net https://bnpparibas-am.libcast.com https://embed.api.video https://player.ausha.co; worker-src 'self';style-src 'self' 'unsafe-inline' https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.googleapis.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; connect-src 'self' https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://bnp-privacy.my.onetrust.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://region1.google-analytics.com https://dpm.demdex.net https://resources.digital-cloud.medallia.eu https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com https://stats.g.doubleclick.net https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.google-analytics.com; 1
frame-ancestors 'self' https://*.verizon.com https://*.verizonwireless.com https://*.vzwcorp.com 1
frame-ancestors 'self' http://*.sunsuite.com.au https://*.sunsuite.com.au http://*.opensolar.com https://*.opensolar.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.criteo.com https://static.criteo.net https://www.zenaps.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.mankind.co.uk https://m.mankind.co.uk https://www.mankind.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://*.shoplooks.com https://slooks.top https://slooks.me https://*.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' staging.mmoculture.com now.gg 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com googletagmanager.com *.google.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleadservices.com *.googleapis.com www.google.com.au www.google.co.id cdn-ukwest.onetrust.com cdn.linkedin.oribi.io syndication.twitter.com snap.licdn.com connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com px.ads.linkedin.com www.linkedin.com www.facebook.com dc.services.visualstudio.com vimeo.com player.vimeo.com www.youtube.com *.searchstax.com *.managedcloud.sitecore.com datawrapper.dwcdn.net *.buzzsprout.com *.yoshki.com; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.minervaproject.com https://*.kgi.edu https://dev.harald.schil.ly https://*.doulos.com https://*.codesignal.com https://roamresearch.com; 1
base-uri 'self';object-src 'none';script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-AdA18Bxx9GjoXz4kYSqeZuunYRL82koXva8t5GXd' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' widget.trustpilot.com trustpilot.com livechat.shellrent.com manager.shellrent.com www.google.com www.google.it www.google-analytics.com fonts.gstatic.com www.gstatic.com connect.facebook.net www.facebook.com www.googletagmanager.com ajax.googleapis.com fonts.googleapis.com stats.g.doubleclick.net polyfill.io secure.gravatar.com ps.w.org shellrent.com  pro.fontawesome.com fontawesome.com ams.wpml.org wpml.org js.stripe.com stripe.com cdnjs.cloudflare.com static.cloudflareinsights.com use.fontawesome.com googleads.g.doubleclick.net googlesyndication.com tpc.googlesyndication.com unpkg.com snap.licdn.com static.ads-twitter.com t.co analytics.twitter.com cdn.linkedin.oribi.io px.ads.linkedin.com region1.analytics.google.com www.linkedin.com region1.google-analytics.com data:; 1
script-src 'self' bing.com *.bing.com callrail.com *.callrail.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com dcatalog.com *.dcatalog.com facebook.net *.facebook.net fullstory.com *.fullstory.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com hotjar.com *.hotjar.com jit.si *.jit.si jotfor.ms *.jotfor.ms jotform.com *.jotform.com jotform.io *.jotform.io jsdelivr.net *.jsdelivr.net livechatinc.com *.livechatinc.com maps.googleapis.com *.maps.googleapis.com nitrocdn.com *.nitrocdn.com ntv.io *.ntv.io postrelease.com *.postrelease.com storage.googleapis.com *.storage.googleapis.com tawk.to *.tawk.to typeform.com *.typeform.com werner.com *.werner.com zoominfo.com *.zoominfo.com doubleclick.net *.doubleclick.net inmarkethub.com *.inmarkethub.com wernertk.wpenginepowered.com 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.ajax.googleapis.com arcgis.com *.arcgis.com bootstrapcdn.com *.bootstrapcdn.com datatables.net *.datatables.net jquery.com *.jquery.com trustedform.com *.trustedform.com randallreillyrecruiting.com *.randallreillyrecruiting.com randallreilly.com *.randallreilly.com msecnd.net *.msecnd.net pardot.com *.pardot.com pendo.io *.pendo.io *.wernertk.wpenginepowered.com cdn-cookieyes.com *.cdn-cookieyes.com pixel.ad *.pixel.ad blob: acsbapp.com toolsmagick.com tailwindcss.com *.tailwindcss.com; worker-src 'self' blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ItN7B.qwsKV6GhDoH4eI6Y50h2RT7vWcs7BB4YyRXxY-1705977062-1-ATG9_QhNDbivLjClqpLb4hO6k39CP4w1rNwK5huW1ya7Q4IY_KDQiBaUAaOjFlL0plIurCOWQ_GjZFCv5MwrJ6LyVo-N9LyjwnQ422uu7pVIzHKRKzgk8yC2TTj4Oh0nEX6Dy7ozb1OzcpH1k_ITVCI8Cm2jAvy8D-M3K_-pr-FDHk9NUztqwHva8Dp3hPoQbUEDmFJ3pBPx8GlnKXX0y9w; report-to cf-lexvnkccwudwnymn 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-NFdoY0c5eGZFamxRbDlCbmxDV3JaMlNHWkZvcWRFUWV6b0tiQk1FeW55QT06cEIwMFE1Y1RSUTBpcGFNeDVoM0tNU3Z4Rnc5Q016ZDdyOEN1UWJsTDlFVT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-EsIJDwJfa86rAYvOERHCiA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'none';base-uri 'self';form-action 'self' https://crm.pawfinity.com;media-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net;connect-src 'self' https://www.google-analytics.com;script-src 'nonce-NjU0Nzg0MjQ4MDE3NDUzNQ' 'strict-dynamic' 'self' https://d2fxuh9ok6cv3f.cloudfront.net https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://d2fxuh9ok6cv3f.cloudfront.net ;img-src 'self' data: https://d2fxuh9ok6cv3f.cloudfront.net;font-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net;object-src 'none';manifest-src 'self' https://d2fxuh9ok6cv3f.cloudfront.net https://www.pawfinity.com;frame-ancestors 'self' https://*.pawfinity.com;frame-src 'self' https://*.pawfinity.com https://www.youtube.com https://www.google.com https://calendly.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sigmoid.social; img-src 'self' https: data: blob: https://sigmoid.social; style-src 'self' https://sigmoid.social 'nonce-Og+lB/74YYuO+AoS0OTV9g=='; media-src 'self' https: data: https://sigmoid.social; frame-src 'self' https:; manifest-src 'self' https://sigmoid.social; form-action 'self'; child-src 'self' blob: https://sigmoid.social; worker-src 'self' blob: https://sigmoid.social; connect-src 'self' data: blob: https://sigmoid.social https://cdn.masto.host wss://sigmoid.social; script-src 'self' https://sigmoid.social 'wasm-unsafe-eval' 1
default-src 'self'; img-src 'self' https://*.awin1.com https://*.zenaps.com https://*.bing.com data: https://cookie-cdn.cookiepro.com https://cxsurvey.foresee.com https://gateway.foresee.com https://s.foresee.com https://static.foresee.com https: https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://attachuk.imi.chat https://*.magnolia-cloud.com https://cdn.optimizely.com https://ads-api.twitter.com https://ads-twitter.com https://analytics.twitter.com https://ucm-eu.verint-cdn.com https://survey.efmfeedback.com; script-src 'self' 'unsafe-eval' https://www.dwin1.com/ https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.bing.com https://*.btttag.com https://btttag.com https://cookie-cdn.cookiepro.com https://connect.facebook.net https://*.fontawesome.com/ 'unsafe-inline' https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.answerscloud.com https://survey.foreseeresults.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://attachuk.imi.chat https://widget-api.imi.chat https://script.infinity-tracking.com https://*.magnolia-cloud.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://s.pinimg.com/ https://*.quantummetric.com https://trc.taboola.com/ https://cdn.taboola.com/ https://widget.trustpilot.com https://static.ads-twitter.com/ https://ucm-eu.verint-cdn.com; frame-src 'self' https://prod.respondselfserve.com https://*.awin1.com https://*.zenaps.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net/ https://attachuk.imi.chat https://a659861340.cdn.optimizely.com https://a659861340.cdn-pci.optimizely.com https://ct.pinterest.com/ https://*.quantummetric.com https://dgscottishpower.tmtx.co.uk https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://cxsurvey.foresee.com https://gateway.foresee.com https://tagmanager.google.com https://fonts.googleapis.com https://attachuk.imi.chat https://*.magnolia-cloud.com https://ucm-eu.verint-cdn.com; font-src 'self' https://*.fontawesome.com https://cxsurvey.foresee.com https://gateway.foresee.com https://fonts.gstatic.com data: https://attachuk.imi.chat https://ucm-eu.verint-cdn.com; connect-src 'self' https://*.athome.domesticandgeneral.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.bing.com https://*.btttag.com https://btttag.com https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://*.fontawesome.com/ https://analytics.foresee.com https://brain.foresee.com https://cxsurvey.foresee.com https://device.4seeresults.com https://gateway.foresee.com https://record.foresee.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://hoover.foresee.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://rtm.imiconnect.io https://attachuk.imi.chat https://widget-api.imi.chat https://*.infinity-tracking.com https://ict.infinity-tracking.net https://*.lightstep.com https://api.addressy.com https://*.magnolia-cloud.com https://gmail.us13.list-manage.com/subscribe/post https://logx.optimizely.com https://*.optimizely.com https://ct.pinterest.com/ https://*.quantummetric.com https://*.taboola.com/ https://ucm-eu.verint-cdn.com https://survey.efmfeedback.com; object-src 'none'; worker-src blob:; child-src blob:; frame-ancestors https://*.magnolia-cloud.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://* https://*;style-src 'self' 'unsafe-inline' https://*;img-src 'self' data: https://*;frame-src 'self' *.youtube.com *.google.com;frame-ancestors 'self' *.yandex.net http://webvisor.com https://webvisor.com *.webvisor.com;object-src 'none';base-uri 'none';connect-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://icard.zendesk.com https://*.zopim.com wss://icard.zendesk.com wss://*.zopim.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.yandex.ru https://*.facebook.com https://*.googleapis.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com; 1
frame-ancestors 'self' https://central-build.bedfordborough.gov.uk; report-uri /report-csp-violation 1
frame-ancestors 'self' https://royalcollege.docebosaas.com; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'self' *.firebaseapp.com wss://*.firebaseio.com * 1
default-src 'self' * *.universityliving.com localhost:4000 *.google.com bid.g.doubleclick.net maps.googleapis.com google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.universityliving.com partners.api.skyscanner.net *.babble-ai.com *.zoho.com *.amazonaws.com *.notifyvisitors.com unsafe-eval *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com unpkg.com *.zohocdn.com *.zohostatic.com *.stripe.com *.razorpay.com googleads.g.doubleclick.net *.googleapis.com connect.facebook.net *.worldpay.com; form-action desk.zoho.com universityliving.transfermateeducation.com uniliving.cohortgo.app *.cardinalcommerce.com; style-src 'self' 'unsafe-inline' *.universityliving.com unsafe-inline *.zohopublic.com *.zohocdn.com *.zohostatic.com *.google.com *.googleapis.com *.zohopublic.com unpkg.com cdnjs.cloudflare.com *.notifyvisitors.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' *.universityliving.com; img-src 'self' * data:; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=45ud2fpiquelh&partner=; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors https://pole.egroupware.org https://www.smallpart.de https://smallpart.de 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com.au; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info analytics.twitter.com static.ads-twitter.com secure.quantserve.com rules.quantcount.com auth.airnewzealand.co.nz auth.airnewzealand.com.au ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com xsell.expedia.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com hotels.airnewzealand.com.au forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html airnz-cargo.chooose.today airnz-corporate.chooose.today oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com.au identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https:; report-uri /csp-report 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.practicalaction.org practicalaction.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.cookiepro.com *.onetrust.com *.sharethis.com  *.google.com  *.ads.linkedin.com  *.linkedin.com *.bing.com *.soundcloud.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.practicalaction.org practicalaction.org *.gstatic.com *.bootstrapcdn.com *.fontawesome.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com  *.fls.doubleclick.net *.doubleclick.net *.soundcloud.com *.kall.work; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com  *.twitter.com *.youtube.com *.practicalaction.org practicalaction.org  ad.doubleclick.net  *.nextdoor.com  *.cookiepro.com  bat.bing.com  *.ads.linkedin.com  *.linkedin.com  t.co *.facebook.com  *.sharethis.com platform-cdn.sharethis.com *.soundcloud.com; media-src 'self' blob: data: *.soundcloud.com *.youtube.com *.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.cookiepro.com *.visitdatajs.com code.jquery.com *.sharethis.com  static.ads-twitter.com  static.hotjar.com  bat.bing.com  snap.licdn.com  unpkg.com  ads.nextdoor.com  *.hotjar.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com *.bootstrapcdn.com *.jquery.com *.fontawesome.com; worker-src 'self' blob:; 1
img-src data: https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.youmo.se/ https://*.inviewer.se/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://maps.googleapis.com/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://webanalytics.inera.se/ https://maps.googleapis.com/ 'report-sample' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-LVT31TVv1RMXcFWu63uIIzH8DNYUb2TYml6QElOeGlM=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: 'self'; style-src-elem https://fonts.googleapis.com/ 'report-sample' 'unsafe-inline' 'self'; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; object-src 'none'; base-uri 'self'; worker-src 'self'; manifest-src 'self'; media-src 'self'; form-action 'self' https://www.youmo.se/; child-src 'self'; frame-ancestors 'self'; report-uri https://www.umo.se/api/v1/csp/report; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
default-src 'self'; connect-src 'self' https://payments.blackbaud.com https://api.joomlatools.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://connect.facebook.net https://themes.googleusercontent.com/ https://www.google.com/jsapi https://www.gstatic.com/charts/ https://www.google.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://siteimproveanalytics.com https://maxcdn.bootstrapcdn.com/bootstrap/; img-src 'self' https://www.facebook.com https://www.google.com.au https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://s-static.ak.facebook.com https://bbox.blackbaudhosting.com https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://abs.twimg.com https://pbs.twimg.com https://*.siteimproveanalytics.io data:; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/ https://fonts.googleapis.com https://www.gstatic.com https://code.jquery.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://omny.fm https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://cdnjs.cloudflare.com data:; frame-src 'self' https://www.facebook.com https://s-static.ak.facebook.com https://e.issuu.com https://www.google.com https://www.google.com/maps https://www.google.com/recaptcha/ https://youtube.com https://www.youtube.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://omny.fm https://platform.twitter.com https://embed.podcasts.apple.com https://open.spotify.com; frame-ancestors 'self'; object-src 'self'; media-src 'self' https://www.listnr.com https://open.spotify.com https://podcasts.apple.com https://www.spreaker.com 1
default-src 'self'; script-src 'unsafe-eval' 'self' stats.aws.at unpkg.com www.google.com www.gstatic.com www.youtube.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com 'nonce-W59jk9Di9'; style-src 'self' 'unsafe-inline' fast.fonts.net unpkg.com fonts.gstatic.com; img-src 'self' data: unpkg.com *.tile.openstreetmap.org stats.aws.at; frame-src www.google.com www.youtube.com www.youtube-nocookie.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com; font-src 'self' data: fast.fonts.net fonts.gstatic.com; connect-src 'self' stats.aws.at nominatim.openstreetmap.org api.mapbox.com letter.eyepin.com 1
default-src https://img.youtube.com/ 'self' 'unsafe-eval'; frame-src 'self' https://www.youtube-nocookie.com/ https://pr.globenewswire.com/ https://www.globenewswire.com/ https://dreambroker.com/ https://cws.huginonline.com/ https://inpublic.globenewswire.com/ https://www.google.com/ https://www.youtube.com/ https://tools.euroland.com https://tools.eurolandir.com *.tools.euroland.com *.vo.msecnd.net https://gamma.euroland.com https://*.hotjar.com https://*.hotjar.io; script-src 'self' https://thinkcircle.mailpv.net https://cookie-cdn.cookiepro.com https://snap.licdn.com/ http://code.jquery.com https://tools.euroland.com https://gamma.euroland.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://tagmanager.google.com https://dl.episerver.net https://www.youtube.com/ https://dreambroker.com/ https://static.doubleclick.net https://siteimproveanalytics.com https://maps.googleapis.com https://bam.eu01.nr-data.net https://sjs.bizographics.com/ https://tagging-server.sst.huhtamaki.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://dl.episerver.net https://www.googletagmanager.com 'unsafe-inline'; img-src * data:; media-src 'self' https://dreambroker.com/ https://www.youtube.com/; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' ws: https://*.hotjar.com https://*.hotjar.io https://thinkcircle.mailpv.net https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://bam.eu01.nr-data.net https://www.salesviewer.com/ https://salesviewer.org/ https://tagging-server.sst.huhtamaki.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://maps.googleapis.com 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; script-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/ https://nitroscripts.com/; style-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/; worker-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/; child-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; img-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/; connect-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/ https://to.getnitropack.com/; font-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https://cdn-gondp.nitrocdn.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://use.typekit.net https://siteimproveanalytics.com https://ajax.googleapis.com https://app.whoisvisiting.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; img-src 'self' 'unsafe-inline' blob: data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://p.typekit.net https://alston.vuture.net https://dashboard.whoisvisiting.com https://*.siteimproveanalytics.io; frame-src 'self' https://www.google.com https://www.youtube.com https://html5-player.libsyn.com https://player.vimeo.com https://sites-alston.vuture.net/ https://comms.alstonandbird.com/ https://cdn.yoshki.com/ https://www.youtube-nocookie.com https://www.bbc.co.uk https://view.ceros.com/ https://player.blubrry.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com *.doubleclick.net www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.usercentrics.eu chat600.realperson.de webid-gateway.de api.ahoyrtc.com;connect-src 'self' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com webid-gateway.de api.ahoyrtc.com *.usercentrics.eu wss://*.degussa-bank.de wss://*.liferay.prod.aws.degbank.local www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com webid-gateway.de api.ahoyrtc.com chat600.realperson.de *.usercentrics.eu www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com;frame-src 'self' outlook.office365.com *.vimeo.com www.mr-money.de www.youtube.com *.usercentrics.eu degussapublic.factsheetslive.com;frame-ancestors 'self' *.degussa-bank.de *.liferay.prod.aws.degbank.local www.heim-und-immobilie.de *.mitarbeitervorteile.de intranet.indego.de intranet.degbank.local *.prodyna.com *.check24.de liferay-develop-iframe-test.s3.eu-central-1.amazonaws.com;img-src 'self' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.usercentrics.eu data:;worker-src blob: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.google.com/recaptcha/api.js https://*.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.googleapis.com; font-src 'self' data: https://*.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.google.com/ https://*.youtube.com; img-src 'self' https://*.gstatic.com data: https:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.livechat-static.com https://*.livechatinc.com https://cdn.leadinfo.net https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.ads.linkedin.com https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://maps.google.com https://googleapis.com https://marketing.guardian360.nl https://prism.app-us1.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.adnxs.com https://sjs.bizographics.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://trackcmp.net https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.guardian360.nl; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://www.guardian360.nl; img-src 'self' data: https://s.w.org https://ps.w.org https://*.doubleclick.net https://*.sharpspring.com https://csi.gstatic.com https://imp2.ads.linkedin.com https://*.google.nl https://maps.google.com https://googleapis.com https://maps.gstatic.com https://marketing.guardian360.nl https://px.ads.linkedin.com https://queue.livechatinc.com https://secure.adnxs.com https://secure.gravatar.com https://secure.livechatinc.com https://ssl.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com/ads https://www.google.com/ads/user-lists/ https://www.google.com/pagead/ https://www.google.nl/ads https://www.google.nl/ads/users-lists/ https://www.google.nl/pagead/ https://www.gstatic.com https://www.guardian360.de https://www.guardian360.nl; font-src 'self' data: https://cdn.livechatinc.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://themes.googleusercontent.com https://www.guardian360.net https://www.guardian360.nl; frame-src 'self' https://connect.livechatinc.com https://www.livechat.com https://*.doubleclick.net https://consentcdn.cookiebot.com https://marketing.guardian360.nl https://secure.livechatinc.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.google.nl https://www.guardian360.de https://www.guardian360.net https://www.guardian360.nl https://www.youtube.com; connect-src 'self' https://*.doubleclick.net https://collector.leadinfo.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.guardian360.nl; upgrade-insecure-requests; block-all-mixed-content; media-src data: https://cdn.livechatinc.com https://hackerhotel.sigio.nl; object-src 'self' 1
default-src 'self' https://player.vimeo.com https://e.issuu.com  https://*.facebook.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.cavulus.com https://*.darwinrx.com https://*.google.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com; img-src * data:;script-src 'self' https://player.vimeo.com/api/player.js https://*.facebook.net https://*.pinterest.com https://ajax.googleapis.com https://amerihealth.enroll.cavulus.com https://*.google.com https://formularynavigator.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.time.ly https://*.cavulus.com https://*.darwinrx.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com 'unsafe-inline' 'unsafe-eval' ;style-src 'self' https://use.typekit.net https://p.typekit.net https://app.icontact.com https://fonts.googleapis.com https://*.google.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' ;font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; media-src 'self' http://www.qntmnet.com; 1
default-src 'self'; style-src 'self' *.googleapis.com 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-4797646009073664.storage.googleapis.com; worker-src blob:; script-src-elem 'self' cdn.jsdelivr.net/npm/pdfjs-dist@2.11.338/legacy/build/pdf.worker.js cdn.pendo.io app.pendo.io data.pendo.io 'sha256-N8o7FJ1pTuisMm9tW2WBS8OOgSHchbeFRNsEPvYJZXA='; connect-src 'self' *.visualstudio.com *.js.org blob: app.pendo.io data.pendo.io pendo-static-4797646009073664.storage.googleapis.com; font-src 'self' *.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn.jsdelivr.net/npm/pdfjs-dist@2.11.338/legacy/build/pdf.worker.js app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4797646009073664.storage.googleapis.com data.pendo.io; img-src 'self' data: blob: cdn.pendo.io app.pendo.io pendo-static-4797646009073664.storage.googleapis.com data.pendo.io; frame-src 'self' nextech.cardconnect.com:* nextech-payfac-ui-dev.azurewebsites.net nextech-payfac-ui-qa.azurewebsites.net payfac.nextech.com app.pendo.io; frame-ancestors app.pendo.io;child-src app.pendo.io; 1
object-src 'none'; script-src 'nonce-732ec9157a354c559212ecb2ced43440' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' cdn.botframework.com https: http:; base-uri 'none'; 1
frame-src https://www.google.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://snap.licdn.com https://cdn.jsdelivr.net https://*.usabilla.com https://*.cdn.apollographql.com https://cdn.cookielaw.org https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://sgtm.allinclusive-collection.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cdn.apollographql.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com;img-src https: data: 'self' 'unsafe-inline';default-src 'self' 'unsafe-inline' data: https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com https://sgtm.allinclusive-collection.com https://*.cookielaw.org https://*.onetrust.com https://*.googleapis.com https://*.gstatic.com https://*.analytics.google.com https://www.google-analytics.com https://images.ctfassets.net https://*.imgix.net;object-src 'none' 1
frame-ancestors 'self';report-uri https://o53358.ingest.sentry.io/api/1372210/security/?sentry_key=d50570b24e9b4697bf0f914701f911f9 1
'default-src' 'unsafe-inline' 'unsafe-eval' 'self' api.sacscoc.org googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://rmbutterfly.com https://*.rightmessage.com https://*.orbi.io https://*.liadm.com https://*.livechatinc.com https://*.adsymptotic.com https://*.linkedin.com https://*.licdn.com https://*.lk-cs.com https://*.schemaapp.com https://woobox.com https://lkcs.lkcsmap.com https://d3rxaij56vjege.cloudfront.net/ https://trackcmp.net https://*.app-us1.com https://*.amazonaws.com https://*.formstack.com https://*.ubembed.com https://*.gstatic.com https://chat.lk-cs.com wss://*.hotjar.com https://platform.twitter.com https://*.sitefinity.com https://dec.azureedge.net https://lkcssecurehosting.com https://vars.hotjar.com https://cdn.schemaapp.com https://www.facebook.com https://www.google.com https://*.google.com https://*.hotjar.io https://maps.google.com https://securenetgate9.com https://trkn.us https://*.leadforensics.com https://*.lk-cs.com https://*.securenetgate9.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://s.ytimg.com https://*.facebook.com https://app.termly.io https://www.googletagmanager.com https://netdna.bootstrapcdn.com https://*.typekit.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://clients.lk-cs.com https://lkcsunix.com https://maps.googleapis.com https://content-partnersbadge-pa.googleapis.com https://secure.adnxs.com https://maps.gstatic.com https://stats.g.doubleclick.net https://*.vimeo.com https://*.sharefile.com https://*.calendly.com https://calendly.com https://*.youtube.com https://*.hotjar.com; frame-ancestors 'self' https://lkcsweb.activehosted.com https://lkcs.sharefile.com https://*.vimeo.com https://www.youtube.com https://*.calendly.com https://calendly.com https://*.rightmessage.com; report-uri https://lkcs.report-uri.com/r/d/csp/enforce 1
default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' cookiehub.net https://dash.cookiehub.com/; img-src 'self' https://kvika.cdn.prismic.io https://prismic-io.s3.amazonaws.com images.prismic.io assets.kvika.is https://assets.vercel.com https://www.facebook.com data:; font-src 'self' data:; manifest-src 'self'; script-src 'self' https://cookiehub.net/c2/cbd8fa92.js 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; connect-src 'self' cdn.segment.com api.segment.io *.segmentapis.com https://api.staging.kvika.is o394619.ingest.sentry.io https://prod-232.westeurope.logic.azure.com https://api.kvika.is cookiehub.net consent.cookiehub.net https://vitals.vercel-insights.com/v1/vitals https://consent.cookiehub.net/log https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://*.algolia.net https://*.algolianet.com https://region1.google-analytics.com 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; frame-src www.google.com https://kvika.prismic.io/ https://www.youtube.com https://vimeo.com https://vercel.live/; object-src 'none'; frame-ancestors 'none'; media-src 'none'; worker-src 'none'; child-src 'none'; form-action 'none'; script-src-elem 'self' cdn.segment.com api.segment.io www.google.com https://www.gstatic.com https://static.cdn.prismic.io https://prismic.io https://www.youtube.com https://cdn.vercel-insights.com/v1/script.debug.js https://vercel.live/_next-live/feedback/feedback.js https://cookiehub.net/c2/cbd8fa92.js 'sha256-gWCqfvMz6gFY4H/Mp7RV+XjLH7rk7PPLATCuGeG+iXI=' 'sha256-Yp8iS3F034uTKuR4TdrPhoUldVQPTmqM7o6bdu1USS8=' 'sha256-JvbmMLt1q/lwi8wQLTE/LnQWNGjodcH1QIUO/5GGdRA=' 'sha256-gl8xNJRHfG8vAtbpa3dnM5IFgTj+MX2Jj/YAo8X8afQ=' 'sha256-X9ULMWyazaLadUxVXpgiextyE/U3aX2FK/rcjrya3gc=' 'sha256-WNPGWdj2di0h2Lb/r3IDKqFbnj0Cx3ECli0VsVTGtVE=' 'sha256-uMeGRS4Ymwe80vgv/35Fz7dbN5np7QoZJ3uutNOoCSk=' 'sha256-km+zOqalmwWcNr9vswrWcmXNpD78mtPohx8sh9YexGc=' https://www.googletagmanager.com http://www.googletagmanager.com https://region1.google-analytics.com connect.facebook.net/ 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; 1
default-src 'none'; base-uri 'none'; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'self'; frame-src https://xmpp.anoxinon.me:443/; media-src 'self'; 1
default-src *; img-src https: data:; script-src 'self' 'unsafe-inline' s.yimg.jp www.gstatic.com *.jsdelivr.net *.paypalobjects.com *.ads-twitter.com  *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.jennifersoft.com *.cloudflare.com *.cloudflareinsights.com *.googleapis.com *.paypal.com *.google.com *.bootpay.co.kr *.stripe.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; font-src 'self' data: *.gstatic.com; frame-src 'self' www.google.com *.doubleclick.net *.googletagmanager.com  *.stripe.com *.bootpay.co.kr *.paypal.com youtube.com *.youtube.com *.paypalobjects.com; worker-src blob:; 1
frame-ancestors https://*.woman.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.delivery.consentmanager.net cdn.consentmanager.net *.shopmate.de *.vimeo.com chimpstatic.com tc.connects.ch maps.googleapis.com *.hotjar.com *.photoslurp.com www.dwin1.com *.ad4mat.de *.adnet.de *.facebook.net *.google.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com www.google-analytics.com cookie-cdn.cookiepro.com *.expivi.net cdnjs.cloudflare.com/ajax/libs/fabric.js/4.4.0/fabric.min.js *.cloundfront.net cloudfront.net blob: *.getback.ch ad4m.at *.mailchimp.com *.list-manage.com script.hotjar.com *.iamstudent.com *.brame-gamification.com *.roeyecdn.com *.youtube.com s.ytimg.com *.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net *.g.doubleclick.net cdn.jsdelivr.net d2wzl9lnvjz3bh.cloudfront.net cdn.adt348.net cdn.adt623.net cdn.behamics.com 1
default-src 'self' ws: wss: https://*.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; script-src 'self' https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://fonts.googleapis.com/ https://*.gstatic.com/ https://*.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://code.jquery.com https://*.bootstrapcdn.com https://*.fonts.net https://*.typekit.net https://*.dafontfree.net 'sha256-cC7sg4/VRhUkxyod+raNpHTNHZ516Cqks712b6dkuLo=' 'sha256-/4Jw79MuszarvPOWplEvgyditLUGjBGW1fkvFBKBKyQ=' 'sha256-tqxX+uto47ARbO0pksHtJ+XRaPsrHKzIbBNBzZ/MmG8='; style-src 'self' 'unsafe-inline' https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://fonts.googleapis.com/ https://*.gstatic.com/ https://*.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://code.jquery.com https://*.bootstrapcdn.com https://*.fonts.net https://*.typekit.net https://*.dafontfree.net; img-src 'self' data: https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://fonts.googleapis.com/ https://*.gstatic.com/ https://*.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://*.siteimproveanalytics.io https://siteimproveanalytics.com; font-src 'self' data: https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://fonts.googleapis.com/ https://*.gstatic.com/ https://*.readspeaker.com https://code.jquery.com https://*.bootstrapcdn.com https://*.fonts.net https://*.typekit.net https://*.dafontfree.net; object-src 'none'; media-src 'self' https://*.readspeaker.com; frame-ancestors 'self'; frame-src 'self' https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://fonts.googleapis.com/ https://*.gstatic.com/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com; base-uri 'self'; connect-src 'self' ws: wss: https://tilburg.proudreports.nl https://*.tilburg.nl https://*.vrmwb.nl https://*.timeblockr.com https://*.sobolt.com/ https://*.energieklus.nl/ https://*.powerbi.com https://*.readspeaker.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; 1
object-src"none" 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adlittle.com https://cdn.jsdelivr.net https://unpkg.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://connect.facebook.net https://snap.licdn.com https://cdnjs.cloudflare.com https://organizer.bizzabo.com/widgets/tickets/tickets.js https://experts.cutter.com/acton/content/ https://*.jotform.com https://*.formstack.com https://*.jotfor.ms https://hcaptcha.com/1/api.js https://paperform.co https://mktdplp102cdn.azureedge.net/ https://fffedfe139ff4a9ba20f6b5e92fd4e5a.svc.dynamics.com https://client.prod.repmap.microsoft.com https://cc.cdn.civiccomputing.com https://edge.fullstory.com https://4bf8b5abab434f2e86052e251c1d44a4.svc.dynamics.com; style-src 'self' 'unsafe-inline' https://*.adlittle.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com/ https://experts.cutter.com/acton/content/ https://*.jotfor.ms https://static.formstack.com https://ext-static-assets.s3.us-east-2.amazonaws.com; img-src 'self' 'unsafe-inline' data: https://*.adlittle.com https://img.youtube.com https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com https://stats.g.doubleclick.net https://www.facebook.com https://*.linkedin.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ssl.gstatic.com/ https://experts.cutter.com/acton/content/ https://*.jotfor.ms https://fffedfe139ff4a9ba20f6b5e92fd4e5a.svc.dynamics.com https://client.prod.repmap.microsoft.com https://assets-eur.mkt.dynamics.com https://4bf8b5abab434f2e86052e251c1d44a4.svc.dynamics.com; frame-src https://*.adlittle.com https://*.anw.digitalproblemsolving.com https://www.google.com https://*.youtube.com https://*.vimeo.com https://s7.addthis.com https://accounts.bizzabo.com/ https://fwdruevg.paperform.co/ https://newassets.hcaptcha.com/ https://fffedfe139ff4a9ba20f6b5e92fd4e5a.svc.dynamics.com https://4bf8b5abab434f2e86052e251c1d44a4.svc.dynamics.com; font-src 'self' data: https://themes.googleusercontent.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://static.formstack.com https://ext-static-assets.s3.us-east-2.amazonaws.com; connect-src 'self' https://*.analytics.google.com https://*.adlittle.com https://*.addthis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com/ https://experts.cutter.com/acton/ https://cdn.linkedin.oribi.io https://fffedfe139ff4a9ba20f6b5e92fd4e5a.svc.dynamics.com https://apikeys.civiccomputing.com https://edge.fullstory.com https://rs.fullstory.com https://4bf8b5abab434f2e86052e251c1d44a4.svc.dynamics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://flipboard.social; img-src 'self' https: data: blob: https://flipboard.social; style-src 'self' https://flipboard.social 'nonce-5a5tbUQmrDcg/CDgx4Z4hw=='; media-src 'self' https: data: https://flipboard.social; frame-src 'self' https:; manifest-src 'self' https://flipboard.social; form-action 'self'; child-src 'self' blob: https://flipboard.social; worker-src 'self' blob: https://flipboard.social; connect-src 'self' data: blob: https://flipboard.social https://m-cdn.flipboard.social wss://flipboard.social; script-src 'self' https://flipboard.social 'wasm-unsafe-eval' 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 1
default-src 'self' www.youtube-nocookie.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js consent.cookiebot.eu consentcdn.cookiebot.eu https://consentcdn.cookiebot.eu/ https://secure.adnxs.com *.doubleclick.net www.googleadservices.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://eadsrv.com/js/px.js https://snap.licdn.com/li.lms-analytics/insight.min.js www.youtube.com www.googletagmanager.com https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg *.hotjar.com www.redditstatic.com https://static.addtoany.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg https://uat.dskbank.bg https://snap.licdn.com https://bg.search.etargetnet.com https://unpkg.com https://www.clarity.ms https://bg.hit.gemius.pl 'self' *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.google.bg https://www.google.com *.youtube.com *.doubleclick.net *.linkedin.com dskbank.bg eadsrv.com secure.adnxs.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com dskam.bg https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://alb.reddit.com https://stats.addtoany.com *.googlesyndication.com dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg www.googletagmanager.com https://ib.adnxs.com 'self' *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://dskbank.webim.chat https://chatbot.dskbank.bg; frame-ancestors 'self'; connect-src accounts.google.com https://isic.bg/api/v1/dsk/discounts *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net https://consentcdn.cookiebot.com http://dskbank.webim.chat https://dskbank.webim.chat http://maps.googleapis.com https://maps.googleapis.com http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://consentcdn.cookiebot.eu *.hotjar.com https://stats.addtoany.com *.googlesyndication.com wss://ws28.hotjar.com *.google.com https://googleads.g.doubleclick.net https://cdn.linkedin.oribi.io https://uat.dskbank.bg https://*.hotjar.io wss://ws.hotjar.com 'self' forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com consentcdn.cookiebot.com https://www.youtube-nocookie.com/ www.google.com https://consentcdn.cookiebot.eu *.hotjar.com *.doubleclick.net https://static.addtoany.com wss://ws28.hotjar.com 'self' web-chat.nativechat.com; frame-src https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.eu/ https://www.facebook.com/ https://12090499.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://td.doubleclick.net https://bg.hit.gemius.pl www.google.com 'self' forms.hsforms.com web-chat.nativechat.com 1
default-src 'unsafe-inline' 'self' *.webscale.support https://www.podbean.com https://*.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.crownpeak.net https://*.imgix.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://*.onetrust.com https://*.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com; frame-src https://cdn.yoshki.com/ https://www.podbean.com https://*.cookiepro.com https://*.youtube.com; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-NvBFZBjvLpLFjEFdTUId3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src * *.bugherd.com *.pusher.com sessions.bugsnag.com data:; worker-src * blob:; img-src * d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com data:; font-src 'self' https://talk.hyvor.com https://static.juicer.io https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; style-src 'self' 'unsafe-inline' https://talk.hyvor.com https://assets.juicer.io https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.clickdimensions.com https://*.aurecongroup.com https://maxcdn.bootstrapcdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com https://talk.hyvor.com https://assets.juicer.io https://cdnjs.cloudflare.com https://cdn.rawgit.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://snap.licdn.com https://*.vo.msecnd.net https://js.monitor.azure.com https://script.crazyegg.com https://www.google-analytics.com https://www.youtube.com https://*.clickdimensions.com https://p.teads.tv https://connect.facebook.net https://*.aurecongroup.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ *.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com bam.nr-data.net *.google.com https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://js-agent.newrelic.com https://www.google.com/recaptcha/api.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://cdn.jsdelivr.net/gh/w8tcha/ https://pi.pardot.com https://static.hotjar.com https://gl.hostcg.com https://script.hotjar.com/ bam-cell.nr-data.net/ *.bureauveritas.com https://connect.facebook.net https://cdn.jsdelivr.net https://www.link-page.info https://*.amcharts.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com https://connect.facebook.net https://cdn.jsdelivr.net/gh/ https://cdn.jsdelivr.net/gh/jackocnr/; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net https://gl.hostcg.com https://www.google.co.in https://www.google.com https://www.facebook.com/ https://cdn.jsdelivr.net/gh/ ; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js https://www.google.com https://vars.hotjar.com/ https://www.recaptcha.net/; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://in.hotjar.com *.nr-data.net https://vc.hotjar.io/ https://*.analytics.google.com https://*.google-analytics.com; report-uri https://csp-report-uri.bureauveritas.com 1
default-src https: data:;frame-src 'self' https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.google.com/recaptcha/ https://*.g.doubleclick.net/ https://*.doubleclick.net/;style-src 'self' 'unsafe-inline' https://cdn.hotcleaner.com/ https://fonts.googleapis.com/;script-src https: 'sha256-9LVfPJ4Gidj76L+68hlXa5sBT85pzhbFKHeZTsorCXk=' 'sha256-L9NtTqBLxf1z3sIza7z/JTtm01m91a8xVl07p4WTMYw=' 'strict-dynamic';base-uri 'self';require-trusted-types-for 'script';report-uri https://appn.center/apiv1/csp2; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.packagingeurope.com; 1
frame-ancestors 'self' https://app.emlen.io https://content.wearedevelopers.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-nOtefow5uMEuv8yqw2ji4wvCaBQPfVMMPoR1E3yEE6h1pkj8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
connect-src *; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://bat.bing.com data: https://www.facebook.com https://www.google.nl/ https://sst.vluchtelingenwerk.nl https://maps.googleapis.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.googletagmanager.com https://static.hotjar.com https://connect.facebook.net/ https://script.hotjar.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://sst.vluchtelingenwerk.nl https://stats.g.doubleclick.net https://in.hotjar.com https://adservice.google.com https://maps.googleapis.com https://www.youtube.com/ https://load.sst.vluchtelingenwerk.nl/ https://analytics.tiktok.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://script.crazyegg.com/ https://player.vimeo.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://tagmanager.google.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://e.infogram.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://sectraprodstorage01.blob.core.windows.net https://sectrastagestorage01.blob.core.windows.net https://sectradevstorage01.blob.core.windows.net *.gravatar.com https://fonts.googleapis.com https://websolutions.ne.cision.com https://mb.cision.com https://publish.ne.cision.com https://code.highcharts.com https://analytics-eu.clickdimensions.com https://*.vo.msecnd.net https://cdn-eu.clickdimensions.com https://cdn.jobylon.com https://static-eu.jobylon.com https://pro.ip-api.com https://tv.streamfabriken.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://yoast.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.spotify.com https://*.wg.spotify.com https://*.spotifycdn.com https://*.scdn.co https://*.libsyn.com https://matomotracking.sectra.com data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self'; 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' wss://*.liveperson.net http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src        'self' ; img-src            'self' *.google-analytics.com *.bing.com *.clarity.ms *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.linkedin.com www.facebook.com *.google.com *.google.no *.google.se *.google.co.uk *.google.dk *.google.nl *.google.fi *.google.ua *.google.com.au *.google.com.ua *.google.com.co *.google.es *.google.pl *.google.ro;  script-src         'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googletagmanager.com *.clarity.ms connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.google.com snap.licdn.com;  style-src          'self';  media-src          'self';  font-src           'self' data:;  frame-src          'self' *.doubleclick.net *.youtube.com player.vimeo.com;  frame-ancestors    'none';  object-src         'none';  connect-src        'self' *.facebook.com *.clarity.ms *.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; 1
frame-ancestors self memberedelivery.com www.memberedelivery.com 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com; style-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com 'unsafe-inline'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com data: 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com *.outbrain.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.googlesyndication.com *.outbrain.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: connect.facebook.net www.facebook.com *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
frame-ancestors 'self'; report-uri frame-src 'self'; frame-ancestors 'self'; report-uri https://entertainmentcareers.report-uri.com/r/d/csp/enforce 1
child-src 'self' https://www.google.com https://*.gazette-drouot.com https://*.drouot.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://www.youtube.com; frame-ancestors 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com cdnjs.cloudflare.com files.meridianapps.com; style-src 'self' 'unsafe-inline' *.googleapis.com www.google.com cdnjs.cloudflare.com; default-src 'self'; img-src 'self' data: blob: files.meridianapps.com edit.meridianapps.com www.google-analytics.com storage.googleapis.com edit-eu.meridianapps.com maps.gstatic.com *.googleusercontent.com http://*.googleusercontent.com http://*.ggpht.com *.ggpht.com http://*.googleapis.com *.googleapis.com; connect-src 'self' api.keen.io sentry.io wss: www.google-analytics.com staging-tags.meridianapps.com tags-eu.meridianapps.com dev-tags.meridianapps.com tags.meridianapps.com *.appspot.com maps.googleapis.com storage.googleapis.com; object-src 'self' blob:; font-src 'self' data: *.googleapis.com *.gstatic.com 1
frame-ancestors accessibe.com 'self' 1
default-src 'none'; base-uri 'self'; form-action 'self'; img-src https: data:; font-src https: data:; script-src 'self' https://*.archieven.nl https://*.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://vjs.zencdn.net https://unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-src 'self' mailto: https:; media-src 'self' https:; connect-src 'self' https://*.archieven.nl https://*.google-analytics.com https://maps.googleapis.com; frame-ancestors 'self' https://*.archieven.nl https://www.lwl-medienzentrum.de https://www.erfgoedkloosterleven.nl http://archieven.groningermuseum.nl/; 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.altru.org 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://chatbot.serviciosmin.gob.es https://stats.g.doubleclick.net https://unpkg.com https://www.mintur.gob.es http://www.mintur.gob.es https://use.fontawesome.com https://comercio.gob.es/ https://comercio.gob.es.aplicaciones https://comercio.serviciosmin.gob.es https://apis.google.com https://collect.sdgacceptance.eu https://collect.youreurope.europa.eu https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://cdn.syndication.twimg.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com https://app-eu.readspeaker.com https://rstts-eu.readspeaker.com https://*.readspeaker.com; img-src 'unsafe-inline' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://* http://* data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://*; style-src-elem 'unsafe-inline' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://fonts.googleapis.com http://fonts.googleapis.com https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com https://*.readspeaker.com http://*.readspeaker.com https://cdnjs.cloudflare.com https://chatbot.serviciosmin.gob.es; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://platform.twitter.com https://*.readspeaker.com http://cdn1.readspeaker.com https://fonts.googleapis.com; media-src 'unsafe-inline' 'unsafe-eval' 'self' https://* http://*; font-src 'self' data: https://* http://* https://fonts.gstatic.com/ 1
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors 'self' https://entapps.entandallergy.com https://tim.scorpionwebsite.com https://codepen.io https://www.entandallergy.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-agent.newrelic.com/ https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://unpkg.com/vue https://unpkg.com/axios/dist/axios.min.js https://connect.facebook.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://vjs.zencdn.net/ https://securepubads.g.doubleclick.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com http://static.ads-twitter.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ ;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com;worker-src blob: 1
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://fast.appcues.com https://api.appcues.net wss://api.appcues.net https://vulpix.appcues.com https://appcues-content-api-prod.herokuapp.com https://nh436jpc4i.execute-api.us-west-2.amazonaws.com https://104cl9psz3.execute-api.us-west-2.amazonaws.com https://appcues-quickstart.s3-us-west-2.amazonaws.com https://*.firebase.com wss://*.firebaseio.com https://*.firebaseio.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; font-src https: data:; frame-src https:; img-src https: data:; media-src blob: data: https:; object-src https:; style-src 'unsafe-inline' https: 1
default-src 'self' 'unsafe-inline' *.googlesyndication.com ; 	connect-src 'self' *.onetrust.com *.bing.com *.googlesyndication.com *.demdex.net *.tvpixel.com *.amplifoninternal.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com https://simage2.pubmatic.com http://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com https://sync.outbrain.com http://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com https://pixel.advertising.com http://pixel.advertising.com http://pixel.advertising.com *.omtrdc.net *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net cm.teads.tv ct.pinterest.com smetrics.miracle-ear.com amplifongroup.tt.omtrdc.net maps.googleapis.com www.youtube-nocookie.com www.google-analytics.com stats.g.doubleclick.net amplifon.d3.sc.omtrdc.net dpm.demdex.net in.hotjar.com lasteventf-tm.everesttech.net vc.hotjar.io trc-events.taboola.com pips.taboola.com cds.taboola.com *.linkedin.oribi.io cdn.cookielaw.org; 	script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.googlesyndication.com *.adsrvr.org *.clarity.ms *.hrzn-nxt.com *.tvpixel.com *.rlets.com *.typixel.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.jsdelivr.net *.adroll.com *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net smetrics.miracle-ear.com js-tag.zemanta.com ads.nextdoor.com bat.bing.com connect.facebook.net www.google-analytics.com assets.adobedtm.com maps.googleapis.com solutions.invocacdn.com pnapi.invoca.net www.google.com www.youtube.com www.gstatic.com www.googletagmanager.com s.pinimg.com p.teads.tv tag.simpli.fi i.simpli.fi static.hotjar.com script.hotjar.com www.everestjs.net www.youtube-nocookie.com amplify.outbrain.com tr.outbrain.com www.googleadservices.com cdn.taboola.com amplifon.d3.sc.omtrdc.net googleads.g.doubleclick.net trc.taboola.com cdn.cookielaw.org; 	style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.jsdelivr.net fonts.googleapis.com www.youtube-nocookie.com; 	img-src 'self' *.1rx.io *.smaato.net *.googlesyndication.com *.adsrvr.org *.hrzn-nxt.com *.videoamp.com *.mdhv.io *.adxcel-ec2.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.doubleclick.net *.tribalfusion.com *.googleadservices.com *.postimg.cc *.ibb.co p1.zemanta.com flask.nextdoor.com cm.teads.tv www.google.hu l.teads.tv t.teads.tv ct.pinterest.com bat.bing.com www.facebook.com www.google-analytics.com www.google.com www.google.it maps.gstatic.com maps.googleapis.com cm.everesttech.net amplifon.d3.sc.omtrdc.net i.ytimg.com dev.day.com tr.outbrain.com googleads.g.doubleclick.net www.youtube-nocookie.com lh3.googleusercontent.com dpm.demdex.net cds.taboola.com trc.taboola.com connect.facebook.net um.simpli.fi www.googleadservices.com cm.g.doubleclick.net simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com sync.intentiq.com loadm.exelator.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net 8462007.fls.doubleclick.net d.agkn.com *.linkedin.com cdn.cookielaw.org data:; 	frame-src 'self' *.googlesyndication.com *.pinterest.com *.adsrvr.org *.doubleclick.net *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net www.pinterest.com amplifon.demdex.net www.youtube-nocookie.com www.google.com vars.hotjar.com www.facebook.com 8462007.fls.doubleclick.net bid.g.doubleclick.net cdn.cookielaw.org; 	font-src 'self' fonts.gstatic.com fonts.googleapis.com; 1
upgrade-insecure-requests; default-src 'self' *.myinwebo.com ult-inwebo.com; img-src 'self' *.myinwebo.com data:; style-src 'unsafe-inline' 'self' *.myinwebo.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.myinwebo.com ult-inwebo.com https://code.jquery.com; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.nr-data.net *.doubleclick.net *.qualtrics.com *.kaltura.com *.clarip.com *.google.com *.linkedin.oribi.io *.ceros.com *.googlesyndication.com *.recaptcha.net *.linkedin.com; font-src * data:; frame-src 'self' *.adsrvr.org *.allianzgi.com *.clarip.com *.doubleclick.net *.gotowebinar.com *.icsdelivery.com *.involve.me *.kaltura.com *.newrelic.com *.nr-data.net *.pantheonsite.io *.qualtrics.com *.savingforcollege.com *.voya.com *.voya.net *.youtube.com *.zscalertwo.net *.microsoftonline.com *.linkedin.oribi.io *.ceros.com *.recaptcha.net *.google.com; img-src * data:; media-src * blob:; object-src 'self' *.kaltura.com; script-src 'self' 'unsafe-inline' blob: *.adsrvr.org *.bam.nr-data.net *.clarip.com *.cloudflare.com *.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gotowebinar.com *.gstatic.com *.icsdelivery.com *.igodigital.com *.involve.me *.kaltura.com *.licdn.com *.newrelic.com *.nr-data.net *.pantheonsite.io *.polyfill.io *.qualtrics.com *.savingforcollege.com *.snap.licdn.com *.visualwebsiteoptimizer.com *.voya.com *.voya.net *.youtube.com *.zscalertwo.net *.linkedin.oribi.io *.recaptcha.net https://cdnjs.cloudflare.com https://polyfill.io https://www.gstatic.com https://www.recaptcha.net; script-src-elem 'self' 'unsafe-inline' *.clarip.com *.googletagmanager.com *.google-analytics.com *.qualtrics.com *.gstatic.com *.zscalertwo.net *.licdn.com *.adsrvr.org *.igodigital.com *.kaltura.com *.doubleclick.net *.recaptcha.net *.google.com *.evgnet.com *.ceros.com https://cdnjs.cloudflare.com https://polyfill.io https://www.gstatic.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' *.clarip.com *.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.gstatic.com *.clarip.com *.zscalertwo.net; base-uri 'self'; form-action 'self' *.qualtrics.com; frame-ancestors 'self'; report-uri https://investments.voya.com/system/reporting/csp; report-to csp 1
frame-ancestors 'self' *.safecu.org *.safecuhb.org; object-src 'none' 1
frame-ancestors 'self' https://*.sharkscope.com 1
frame-ancestors 'self' *.elsiglodedurango.com.mx *.elsiglodedurango.com.mx *.tar.mx *.elsiglo.mx siglomania.com tar.mx 1
object-src 'self'; connect-src 'self' ws: *.tiktok.com *.rimac.com experiencia.force.com *.youtube.com *.googletagmanager.com dynamic.criteo.com *.demdex.net rimacsegurosyreasegu.tt.omtrdc.net *.google-analytics.com *.facebook.net *.hotjar.com *.hotjar.io rimac.demdex.net cm.everesttech.net js-agent.newrelic.com bat.bing.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.com *.omtrdc.net *.demdex.net *.googlemaps.com *.googleapis.com *.nr-data.net stats.g.doubleclick.net *.dynatrace-managed.com *.youtube.com *.adobedtm.com hit.api.useinsider.com rimacperu.api.useinsider.com segment.api.useinsider.com  inference.api.useinsider.com location.api.useinsider.com carrier.useinsider.com assets.api.useinsider.com cognito-idp.us-east-1.amazonaws.com cognito-idp.us-east-2.amazonaws.com tmyye0l8jl.execute-api.us-east-1.amazonaws.com hy3g990yo8.execute-api.us-east-1.amazonaws.com jiw3r1uxol.execute-api.us-east-2.amazonaws.com qotbbq902i.execute-api.us-east-2.amazonaws.com 3wxyj8a8th.execute-api.us-east-2.amazonaws.com 56w0ynzig7.execute-api.us-east-2.amazonaws.com 34qll44aol.execute-api.us-east-1.amazonaws.com t5pq62qop8.execute-api.us-east-2.amazonaws.com gnfomwolfj.execute-api.us-east-1.amazonaws.com 5wsimc5ap6.execute-api.us-east-1.amazonaws.com dxft9dkcc1.execute-api.us-east-2.amazonaws.com ue1stgtestas3ecm001.s3.us-east-2.amazonaws.com ue1stgprodas3ecm001.s3.us-east-1.amazonaws.com ue1stgprodas3ecm001.s3.amazonaws.com j89jgt7z8h.execute-api.us-east-2.amazonaws.com apitest.rimac.com cognito-identity.us-east-1.amazonaws.com *.hotjar.com *.hotjar.io *.teads.tv cognito-identity.us-east-2.amazonaws.com *.idx.lat *.force.com experiencia.force.com *.site.com; style-src 'self' 'unsafe-inline' *.force.com *.site.com experiencia.force.com assets.api.useinsider.com; font-src 'self' data: *.gstatic.com *.rimac.com; frame-src 'self' *.demdex.net *.dynatrace-managed.com *.criteo.com *.hotjar.com *.hotjar.io *.youtube.com *.retargetly.com *.force.com *.idx.lat *.site.com experiencia.force.com hit.api.useinsider.com rimacperu.api.useinsider.com segment.api.useinsider.com inference.api.useinsider.com location.api.useinsider.com carrier.useinsider.com assets.api.useinsider.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3dv2gfliqu8pa&partner=; 1
frame-ancestors 'self' https://*.bungalow.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com youtube.com *.twitter.com maps.googleapis.com googleapis.com *.googleapis.com *.youtu.be youtu.be *.fbcdn.net fbcdn.net static.xx.fbcdn.net *.cdn-today.com cdn-today.com *.tawk.to cdn.jsdelivr.net *.bootstrapcdn.com *.gstatic.com maps.gstatic.com cdn-today.com *.uptocloud.net uptocloud.net *.google.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com youtube.com *.youtu.be youtu.be *.twitter.com *.google.com *.googleapis.com *.devoyard.com:1444 assets.zendesk.com cdn-today.com *.facebook.com *.uptocloud.net uptocloud.net s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' *.youtube.com *.googleapis.com maps.googleapis.com *.youtu.be static.xx.fbcdn.net *.fbcdn.net *.cdn-today.com cdn-today.com *.bootstrapcdn.com 1
frame-ancestors *.hafen-hamburg.de *.vimeo.com vimeo.com *.youtube.com youtube.com; frame-src *.hafen-hamburg.de *.vimeo.com vimeo.com *.youtube.com youtube.com jotform.com *.jotform.com www.google.com cdn.blkknt.dev; 1
default-src 'self' *.crazyegg.com wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' https: data: *.reactful.com blob: ; object-src 'none'; 1
frame-ancestors 'self' *.azurewebsites.net *.mychildatschool.com 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://partssource.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://my.stcu.org https://spokanestaging.orb.alkamitech.com https://developer.dev.alkamitech.com 1
frame-ancestors 'self' https://apg.experiencecloud.adobe.com https://experience.adobe.com 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src  https: data: 1
frame-ancestors 'self' https://*.wilwood.com http://*.wilwood.com; img-src 'self' img.youtube.com *.google-analytics.com data:; 1
frame-ancestors 'self' https://upload.charityauctionstoday.com/uploads 1
default-src 'self' https://cdn.jsdelivr.net https://*.vica.gov.sg https://www.gstatic.com/recaptcha/ va.ecitizen.gov.sg http://callisto-preprod-gcc.hpb.gov.sg https://callisto-preprod-gcc.hpb.gov.sg  http://www.hpb.gov.sg http://hpb.gov.sg *.hpb.gov.sg https://www.hpb.gov.sg https://hpb.gov.sg ajax.googleapis.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com www.google.com csi.gstatic.com survey.g.doubleclick.net stats.g.doubleclick.net m.addthis.com s7.addthis.com *.adservice.google.de *.adservice.google.com *.algolianet.com *.algolia.net https://*.wogaa.sg/ http://*.pageuppeople.com https://*.pageuppeople.com assets.adobedtm.com dpm.demdex.net wogadobeanalytics.sc.omtrdc.net cm.everesttech.net fast.wogaa.demdex.net www.adobetag.com wogaa.demdex.net ad.doubleclick.net fls.doubleclick.net tagmanager.google.com sjs.bizographics.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com adservice.google.com.sg adservice.google.com 'unsafe-inline' 'unsafe-eval' region1.google-analytics.com region1.analytics.google.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://accounts.google.com https://apikeys.civiccomputing.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://optimize.google.com https://snap.licdn.com https://www.civicuk.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com; object-src 'self'; frame-ancestors 'self'; child-src https://s2.chorus-mk.thirdlight.com/ https://tools.eurolandir.com/ https://www.linkedin.com/ https://www.petrofac.com/ https://www.youtube.com/; frame-src https://www.google.com/ https://s2.chorus-mk.thirdlight.com/ https://s3.chorus-mk.thirdlight.com/ https://s4.chorus-mk.thirdlight.com/ https://www.buzzsprout.com/ https://open.spotify.com/ https://tools.eurolandir.com/ https://www.linkedin.com/ https://www.petrofac.com/ https://www.youtube.com/ www.googletagmanager.com https://optimize.google.com; img-src 'self' storage.googleapis.com https://p.adsymptotic.com https://www.gstatic.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://embed.typeform.com/embed.js https://cc.cdn.civiccomputing.com/ https://www.google-analytics.com/ https://tools.eurolandir.com/ https://cdn.videosync.fi/ https://www.googleadservices.com/ https://snap.licdn.com/ https://komito.net/ https://googleads.g.doubleclick.net/ https://3xscreen.videosync.fi/ https://crh.qumucloud.com/ https://*.googletagmanager.com;  font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ http://cdn.qumucloud.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.qumucloud.com/ https://crh.qumucloud.com/; frame-ancestors 'self' https://aodocs.altirnao.com/ https://ao-docs-staging.appspot.com/ https://form.typeform.com; connect-src 'self'  https://apikeys.civiccomputing.com/ https://our.umbraco.com/  cdn.qumucloud.com stats.g.doubleclick.net clapi.civiccomputing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com  https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-src 'self' https://aodocs.altirnao.com/ https://ao-docs-staging.appspot.com/ https://form.typeform.com/ https://tools.eurolandir.com/ https://www.thewaterfront.com/ https://gamma.euroland.com/ https://fast.wistia.net/ https://view.vzaar.com/ https://player.vimeo.com/ https://www.youtube.com/ https://crh.qumucloud.com; img-src 'self' data: *.googleapis.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://accounts.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://p.adsymptotic.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://www.google.rs/ https://cdn.qumucloud.com/ https://crh.qumucloud.com/ https://www.googletagmanager.com/ https://www.google.ie/ https://emperor.works/   https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com   https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://digitalcourage.social; img-src 'self' https: data: blob: https://digitalcourage.social; style-src 'self' https://digitalcourage.social 'nonce-d2T/dUyl9qKqeG5aZ22knw=='; media-src 'self' https: data: https://digitalcourage.social; frame-src 'self' https:; manifest-src 'self' https://digitalcourage.social; form-action 'self'; child-src 'self' blob: https://digitalcourage.social; worker-src 'self' blob: https://digitalcourage.social; connect-src 'self' data: blob: https://digitalcourage.social https://digitalcourage.social wss://digitalcourage.social; script-src 'self' https://digitalcourage.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-3.6.0.js; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; frame-ancestors 'self' https://futucortex.play.futurice.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.situsamc.com *.pantheonsite.io *.vimeo.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.googleapis.com *.trustarc.com *.licdn.com *.hs-scripts.com *.marketo.net *.marketo.com *.hs-analytics.net *.hs-banner.com *.newrelic.com *.nr-data.net *.linkedin.com *.google.com *.hsforms.com *.hubspot.com *.doubleclick.net *.hsadspixel.net *.hscollectedforms.net *.mktoresp.com *.hubapi.com *.ceros.com *.sharethis.com *.oribi.io *.soundcloud.com *.coveo.com *.canva.com; frame-ancestors none 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://mbs.website.org.nz/ 1
script-src https://includes.ccdc02.com/ assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.cookiebot.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'  https://maps.google.com/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://connect.facebook.net/  https://www.googletagmanager.com/ https://static.criteo.net/  https://stackpath.bootstrapcdn.com/  https://analytics.twitter.com/  https://sslwidget.criteo.com/  https://stats.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google-analytics.com/  https://www.paypalobjects.com/  https://js.braintreegateway.com/ *.paypal.com/ https://www.google.com/  https://www.gstatic.com/ https://www.paypal.com/ https://ulnxlv.garrafeiranacional.com/  https://embed.tawk.to/  https://cdn.jsdelivr.net/ https://egoimmerce.e-goi.com/ 1
script-src https://www.gstatic.com https://www.google.com https://maps.google.com:* https://maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net *.rmmportal.com *.rmmconsole.com *.rmmdashboard.com *.opti-tune.com *.optitune.us s3.us-west-000.backblazeb2.com blob: *.mapbox.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com; font-src 'self' use.fontawesome.com; img-src 'self' *.google-analytics.com *.analytics.google.com; script-src 'self' www.googletagmanager.com 'unsafe-inline' 'nonce-RIfoQ2IfPusgeLl3qm/Rlg=='; style-src 'self' 'unsafe-inline' 'nonce-RIfoQ2IfPusgeLl3qm/Rlg=='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
child-src https://www.youtube.com https://bid.g.doubleclick.net; connect-src 'self' https://forms.hscollectedforms.net https://*.linkedin.oribi.io https://forms.hsforms.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://*.hubspot.com https://*.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ads.linkedin.com; default-src 'self'; font-src 'self' https://use.fontawesome.com https://*.hotjar.com; frame-src https://*.facebook.com https://app.hubspot.com https://forms.hsforms.com https://www.youtube.com https://*.hotjar.com; img-src 'self' data: https://www.employers.com https://bat.bing.com https://www.google-analytics.com https://www.google.com https://*.ads.linkedin.com https://www.facebook.com https://t.co https://analytics.twitter.com https://track.hubspot.com https://*.hsforms.com https://p.adsymptotic.com https://*.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/ https://js.hsforms.net https://js.hsleadflows.net https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://unpkg.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://ajax.googleapis.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://static.ads-twitter.com https://168825.tctm.co https://*.usemessages.com https://snap.licdn.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://unpkg.com/ https://*.fontawesome.com/ https://*.hotjar.com; 1
default-src 'none'; img-src 'self' https://cadillacfairview.sc.omtrdc.net https://*.ctfassets.net https://d3j72de684fey1.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://cm.everesttech.net https://www.google-analytics.com *.cookielaw.org *.demdex.net *.facebook.com https://assets.cadillacfairview.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://maps.googleapis.com https://customsearch.googleapis.com https://d1p5cqqchvbqmy.cloudfront.net https://cadillacfairview.talcura.com https://analytics.tiktok.com https://www.googletagmanager.com https://www.google-analytics.com *.cookielaw.org https://www.youtube.com https://www.google.com https://www.gstatic.com connect.facebook.net; connect-src 'self' 'unsafe-eval' https://www.cadillacfairview.com https://*.form.io https://cdn.mappedin.com *.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://cadillacfairview.sc.omtrdc.net https://api-gateway.mappedin.com https://leasing-data-poc.s3.amazonaws.com https://d3j72de684fey1.cloudfront.net https://mipubapistorageprod.blob.core.windows.net https://*.ctfassets.net https://assets.cadillacfairview.com https://analytics.tiktok.com https://www.google-analytics.com https://maps.googleapis.com https://customsearch.googleapis.com *.google.com https://*.gstatic.com https://*.doubleclick.net data: blob: *.cookielaw.org *.onetrust.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://*.form.io; frame-src 'self' *.demdex.net https://*.youtube.com https://cadillacfairview.talcura.com https://*.ctfassets.net *.google.com https://my.matterport.com/ https://player.vimeo.com https://assets.cadillacfairview.com; media-src 'self' https://*.ctfassets.net https://assets.cadillacfairview.com 1
frame-ancestors 'self' *.intergrall.com.br *.uranet.com.br; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' forms.hsforms.com forms-na1.hsforms.com; frame-ancestors 'self' player.vimeo.com/video; img-src 'self' https: data: cms.virginactive.co.za nice-sand-0200ef403-8.westeurope.2.azurestaticapps.net maps.gstatic.com forms.hsforms.com forms-na1.hsforms.com maps.googleapis.com itensitystorage.blob.core.windows.net px.ads.linkedin.com google.co.za google.co.za/pagead/ google.co.com/ads/ facebook.com/tr/ track.hubspot.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' *.uniqa.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uniqa.at https://www.googletagmanager.com https://assets.adobedtm.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://cdn1.api.trustedshops.com https://api.trustedshops.com https://connect.facebook.net https://googleads.g.doubleclick.net https://uniqaitservicesgmbh.d3.sc.omtrdc.net https://uniqaitservicesgmbh.tt.omtrdc.net https://www.facebook.com https://www.google.com https://www.google.at https://www.googleadservices.com https://bot-t.testcloud.uniqa.at https://bot.cloud.uniqa.at https://smartform-react-t.testcloud.uniqa.at https://smartform-react.cloud.uniqa.at https://*.serving-sys.com https://*.mindtake.com https://*.cloudfront.net https://maps.googleapis.com https://smartform-api.cloud.uniqa.at https://smartform-api-t.testcloud.uniqa.at https://www.gstatic.com https://w.usabilla.com https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://smartforms.ekomi.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sueden.social; img-src 'self' https: data: blob: https://sueden.social; style-src 'self' https://sueden.social 'nonce-zoXhUShxG8b2DHEc1oUNCA=='; media-src 'self' https: data: https://sueden.social; frame-src 'self' https:; manifest-src 'self' https://sueden.social; form-action 'self'; child-src 'self' blob: https://sueden.social; worker-src 'self' blob: https://sueden.social; connect-src 'self' data: blob: https://sueden.social https://files.sueden.social wss://sueden.social; script-src 'self' https://sueden.social 'wasm-unsafe-eval' 1
frame-ancestors www.hawk.de piwik.hawk.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleadservices.com *.googletagservices.com *.connatix.com connatix.com secure.adnxs.com pixel.adsafeprotected.com static.adsafeprotected.com connatix-d.openx.net *.pixel-sync.sitescout.com pixel-sync.sitescout.com sync.search.spotxchange.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com analytics.twitter.com app.optimizely.com assets.crowdpac.com assets.staging.crowdpac.com bam.nr-data.net cdn.optimizely.com securepubads.g.doubleclick.net *.googlesyndication.com cdn.segment.com code.jquery.com connect.facebook.net fullstory.com googleads.g.doubleclick.net html5shim.googlecode.com js-agent.newrelic.com js.stripe.com maps.googleapis.com optimizely.s3.amazonaws.com platform.twitter.com s3-eu-west-1.amazonaws.com static.ads-twitter.com use.typekit.net www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com bucket1.mm-syringe.com www.googletagmanager.com imasdk.googleapis.com www.oo-syringe.com cdn.jsdelivr.net s0.2mdn.net query.fqtag.com adservice.google.com adservice.google.com.ar edge.fullstory.com cdn.ampproject.org *.infolinks.com *.casalemedia.com match.prod.bidr.io match.adsrvr.org *.prod.bidr.io *.adsrvr.org blob: js.sparkloop.app http://www.fullstory.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsappstatic.net *.vimeo.com connect.facebook.net *.fontawesome.com www.google-analytics.com *.clarity.ms snap.licdn.com cdn4.mxpnl.com *.g.doubleclick.net www.googletagmanager.com js.hsforms.net s7.addthis.com boards.greenhouse.io www.googleoptimize.com static.addtoany.com *.tiqcdn.com cdn.jsdelivr.net js.hs-scripts.com www.google.com *.cdnma.com www.gstatic.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: *.fontawesome.com *.clarity.ms *.gravatar.com www.glassdoor.com *.hubspot.com *.hsforms.com *.doubleclick.net www.google.com px.ads.linkedin.com www.facebook.com *.bing.com www.google-analytics.com www.googletagmanager.com; font-src 'self' *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' *.youtube.com *.hubspot.com *.vimeo.com *.hsforms.com www.facebook.com td.doubleclick.net www.google.com static.addtoany.com; connect-src 'self' collect.tealiumiq.com forms.hscollectedforms.net www.google-analytics.com *.doubleclick.net *.clarity.ms pagead2.googlesyndication.com *.google.com api-js.mixpanel.com forms.hsforms.com *.amazonaws.com; 1
default-src https: ; img-src https: blob: data: https://Trustseal.enamad.ir/logo.aspx https://logo.samandehi.ir/logo.aspx 'self' ; script-src https: 'unsafe-inline' 'unsafe-eval' ; worker-src https: blob: data: ; style-src https: 'self' 'unsafe-inline' 'unsafe-hashes' ; connect-src https: wss:; font-src https:; object-src 'self'; media-src https:;  frame-src https: blob: data: 'unsafe-inline';  1
default-src 'self' 'unsafe-inline' data: *.eatclub.com *.myeatclub.com *.typekit.net unpkg.com *.google.com *.googleapis.com *.cloudfront.net *.sentry.io *.sentry-cdn.com *.braintreegateway.com *.freedompay.com newrelic.com *.newrelic.com *.googletagmanager.com *.fastly.net *.googleadservices.com bat.bing.com connect.facebook.net www.facebook.com *.google-analytics.com *.inspectlet.com *.newrelic.com *.doubleclick.net *.nr-data.net *.optimizely.com *.hs-scripts.com *.leadpages.net *.hsforms.net *.hsforms.com *.licdn.com *.workable.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.amazonaws.com *.lpages.co *.linkedin.com *.leadpages.io *.gstatic.com *.hubspot.com *.hubapi.com p.adsymptotic.com *.cloudflare.com *.github.io opensource.twitter.dev *.statuspage.io *.bootstrapcdn.com code.jquery.com *.onetrust.com eatclub.looker.com assets.website-files.com *.webflow.com cdn.jsdelivr.net cdn.embedly.com assets-global.website-files.com *.productfruits.com wss://*.productfruits.com sentry.io; frame-ancestors 'self' *.eatclub.com *.myeatclub.com *.inspectlet.com 1
object-src 'none';base-uri 'self';script-src 'nonce-2TW5szuv0Ka0iDjq9C4G8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-vPqxOw5EAHFKK6cMLFD8fRqSCbkzdnp6' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;worker-src 'self' self blob: 'unsafe-inline'; 1
default-src 'self'  https://*.vimeo.com https://*.youtube.com https://*.arcgis.com https://onesignal.com www.youtube.com https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com http://s7.addthis.com https://connect.facebook.net https://*.google.com;                                              connect-src 'self' https://*.onesignal.com https://onesignal.com https://www.google-analytics.com https://region1.google-analytics.com https://*.facebook.com https://graph.facebook.com https://accounts.google.com/gsi/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/;                font-src 'self' https://use.typekit.net https://fonts.gstatic.com/;                img-src 'self' https://*.azureedge.net/* https://*.blob.core.windows.net/* https://*.onesignal.com https://onesignal.com https://www.google-analytics.com https://ssl.gstatic.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com/ https://i.ytimg.com https://www.facebook.com data:;                media-src 'self';                script-src 'self' https://*.onesignal.com https://onesignal.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com http://s7.addthis.com https://connect.facebook.net https://*.google.com https://accounts.google.com/gsi/client 'sha256-Jm/NbLCWThZhuXWoZmyXlKsIXE6rIWrkF3ejrWYW6O0=';                style-src 'self' 'unsafe-inline' https://*.onesignal.com https://onesignal.com https://p.typekit.net/ https://use.typekit.net/ https://*.googleapis.com/ https://accounts.google.com/gsi/style; 1
default-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com google.com connect.facebook.net ajax.cloudflare.com static.cloudflareinsights.com  youtube.com satoristudio.us13.list-manage.com plausible.io npm-assets.fiverrcdn.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.adform.net *.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com *.googlesyndication.com adservice.google.se *.spinnaker-js.com chat.kindlycdn.com bot.kindly.ai *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' https://videos.sproutvideo.com https://www.altra.org; frame-src https://player.vimeo.com https://videos.sproutvideo.com *.altra.org https://www.google.com https://optimize.google.com https://*.altraonline.org https://*.connectfssonline.com *.crazyegg.com https://woobox.com https://*.cfssinternal.com https://6065303866.mortgage-application.net https://mortgage.altra.org https://www.slideshare.net https://tags.tiqcdn.com https://connect.segmint.net https://c.sharethis.mgr.consensu.org https://*.facebook.com https://*.facebook.net https://*.youtube.com https://www.youtube-nocookie.com https://*.duosecurity.com https://www.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://*.doubleclick.net https://cdn.jsdelivr.net https://teachbanzai.com https://altrafederalcreditunionhoops.upickem.net https://talkative-cdn.com https://web.digitalconsumerapp.com https://static.hotjar.com https://script.hotjar.com https://widget.trustpilot.com https://wt.dm00.com https://s.vibe.co https://*.instagram.com https://twitter.com https://www.dailymotion.com https://www.flickr.com http://www.kickstarter.com https://www.gettyimages.in https://www.ted.com https://soundcloud.com http://issuu.com http://www.hulu.com; object-src 'none'; child-src blob:; worker-src blob: https://www.altra.org; report-uri https://altra.report-uri.com/r/d/csp/enforce 1
base-uri 'self' https://fonts.googleapis.com/; object-src 'none'; script-src https: 'nonce-e454987f9b' 'nonce-fcfcea50a6' 'nonce-010d1f9fcd' 'nonce-28f23306c4' 'nonce-41a3d7d248' 'nonce-55bbf19492' 'nonce-0c0ab79ca6' 'nonce-0c0ab79ca6' 'nonce-cbe28c1f6a' 'nonce-747198ddcc' 'nonce-38f0d62a81' 'nonce-35e9ac88ed' 'nonce-d01cc7f940' 'nonce-b52b1629d9' 'nonce-5850d70362' 'nonce-07e8870feb' 'nonce-11d3f652ce' 'nonce-ab13802485' 'nonce-929dfeaf47' 'nonce-5e9a459e40' 'nonce-1acc4fcc91' 'nonce-3ffee375d7' 'nonce-ea8fd13903' 'nonce-cf8b726535' 'nonce-b0bdce876b' 'nonce-e5b1bdad3d' 'nonce-e6dddfb829' 'nonce-7118fd5f7e' 'nonce-5f8347aeb3' 'nonce-7c823487ed' 'nonce-4c30aa5273' 'nonce-14e54b6837' 'nonce-d4f1d5c9fe' 'nonce-198ced0660' 'nonce-6b9d17c395' 'nonce-923e13fdaa' 'nonce-faab5080f0' 'nonce-a4ca7a37d8' 'nonce-a90e0e1662' 'nonce-49e9186b04' 'nonce-e386e4bb99' 'nonce-6addd33137' 'nonce-8dca3a2e68' 'nonce-9a16e1ee5b' 'nonce-b63a099efc' 'nonce-f0ffbccb68' 'nonce-3a595b6576' 'nonce-994f234ea0' 'nonce-de0cb4f896' 'nonce-af4a67c0ae' 'nonce-1edd06ec06' 'nonce-d4f9263c94' 'nonce-02d78515f3' 'nonce-00c5a7769d' 'nonce-b98ab8c689' 'nonce-c20112d0da' 'nonce-ec64ce01b0' 'nonce-f4f778d5f8' 'nonce-6f4766b52f'     'strict-dynamic' 1
frame-ancestors https://sheamoisture-studio-us.netlify.app/ https://sheamoisture-studio-us-staging.netlify.app/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.bunny.net app.snipcart.com data: payment.snipcart.com  cdn.snipcart.com;img-src 'self' bouletcorp-admin.cepcam.fr; 1
default-src 'self' blob: https://*.avrotros.org https://*.avrotros.nl https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://worldtimeapi.org https://*.gstatic.com https://webchat.eazy.im https://www.riddle.com;         font-src data: https://fonts.gstatic.com https://*.avrotros.nl https://*.avrotros.org https://webchat.eazy.im https://s3-eu-west-1.amazonaws.com;         img-src * data: 'report-sample';         script-src data: 'unsafe-inline' 'unsafe-eval' https://*.avrotros.org https://*.avrotros.nl https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://platform.twitter.com https://worldtimeapi.org https://polyfill.io https://*.gstatic.com https://webchat.eazy.im https://api.smooch.io https://api.eu-1.smooch.io https://www.riddle.com https://s3-eu-west-1.amazonaws.com 'report-sample';         style-src * 'unsafe-inline' 'report-sample';         connect-src * https://fonts.gstatic.com;         media-src * data:;         frame-src *;         object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.avrotros.org https://*.avrotros.nl https://radiobox2.omroep.nl https://players.brightcove.net https://localfocus2.appspot.com https://storify.com https://embed.vpro.nl https://s3.amazonaws.com https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://cdn.knightlab.com https://www.sutori.com https://www.dumpert.nl https://public.flourish.studio https://flo.uri.sh https://rekentools.webbridge.nl;         base-uri 'self';         form-action 'self' 'report-sample';         manifest-src 'self' https://accounts.google.com;         worker-src 'self' blob:;         report-uri https://europe-west1-avrotros-im-web-2-prod.cloudfunctions.net/csp-reporter 1
frame-ancestors 'self' https://*.irem.org https://app.dev.lobbycre.com https://app.qa.lobbycre.com https://app.staging.lobbycre.com https://app.lobbycre.com; 1
frame-ancestors 'self' vcc.ca *.vcc.ca 1
default-src 'self'; img-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org assets.calendly.com data: ; style-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org fonts.gstatic.com fonts.googleapis.com use.fontawesome.com assets.calendly.com 'nonce-OTFhNGRhMjZjMWZi'; font-src fonts.gstatic.com use.fontawesome.com; script-src 'self' assets.calendly.com cdnjs.cloudflare.com 'nonce-OTFhNGRhMjZjMWZi'; frame-src 'self' calendly.com 'nonce-OTFhNGRhMjZjMWZi'; connect-src 'self' nasigoreng.travelfish.org 'nonce-OTFhNGRhMjZjMWZi'; 1
connect-src 'self' ws://127.0.0.1:35729 *.juicer.io wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.convertexperiments.com *.googleapis.com *.google.com *.trustedshops.com *.google-analytics.com w-it.m-t.io *.webgains.io  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.userlike.com wss://umd.userlike.com *.bing.com https://integration-api.sovendus.com https://identification-api.sovendus.com *.mollie.com *.algolia.net *.algolianet.com *.facebook.com *.hello-charles.com;default-src  https://www.jako.de *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com;frame-ancestors 'self'  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com;worker-src 'self' blob: *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com;child-src 'self' https://www.computop-paygate.com  https://*.amazon.de  https://*.amazon.com https://*.payments-amazon.com *.googleapis.com *.hotjar.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.amazonaws.com;font-src 'self' data: *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com *.cloudfront.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com;media-src 'self' https://www.jako.de *.googleapis.com *.gstatic.com *.juicer.io *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com;img-src 'self' data: https://*.amazon.com https://*.amazon.de *.juicer.io *.ggpht.com *.trustedshops.com *.ssl-images-amazon.com https://*.payments-amazon.com  https://*.google-analytics.com https://d23yuld0pofhhw.cloudfront.net *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de *.g.doubleclick.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com bat.bing.com *.amazonaws.com *.atdmt.com *.mollie.com *.myafterpay.com *.localhost *.localhost:8090 https://c.paypal.com https://b.stats.paypal.com;frame-src 'self' https://www.computop-paygate.com  https://*.amazon.de  https://*.amazon.com https://*.payments-amazon.com *.youtube.com *.google.com *.facebook.com  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.container.webgains.link *.instagram.com benefits.sovendus.com https://c.paypal.com *.sovendus-connect.com;manifest-src 'self';object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.convertexperiments.com *.juicer.io *.cloudfront.net *.userlike.com https://www.jako.de *.ssl-images-amazon.com *.amazon.com *.amazon.de  *.payments-amazon.com *.googleapis.com googlemaps.github.io *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com *.jquery.com *.googleadservices.com bat.bing.com googleads.g.doubleclick.net analytics.webgains.io w-it.m-t.io *.container.webgains.link track.webgains.com *.webgains.io *.amazonaws.com *.instagram.com api.sovendus.com cdn.jsdelivr.net *.googleoptimize.com https://c.paypal.com *.hello-charles.com;style-src 'self' 'unsafe-inline' *.juicer.io *.googleapis.com *.gstatic.com *.youtube.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.typekit.net *.google.com *.google.de stats.g.doubleclick.net *.trustedshops.com cdn.jsdelivr.net  *.bing.com *.clarity.ms *.dc-test.de *.jako.com *.jako.de *.jako.be *.jako.ch *.jako.fr *.jakosport.nl *.amazon.de *.amazon.com *.amazonpay.com *.etracker.de *.etracker.com *.signalize.com *.kameleoon.eu *.kameleoon.com payment.unzer.com *.etrusted.com *.paypalobjects.com *.paypal.com *.b-cdn.net *.jfnet.de https://analytics.tiktok.com; 1
default-src 'self' 'unsafe-inline' stats.g.doubleclick.net ssl.gstatic.com lh3.googleusercontent.com tagmanager.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com rumtag.netvigie.com www.googletagmanager.com www.google-analytics.com rum.netvigie.com www.google.com blog.netvigie.com secure.gravatar.com apis.google.com platform.linkedin.com accounts.google.com widgets.pinterest.com log.pinterest.com syndication.twitter.com platform.twitter.com www.slideshare.net sdk.privacy-center.org static.axept.io client.axept.io api.axept.io axeptio.imgix.net api.privacy-center.org googleads.g.doubleclick.net www.googleadservices.com www.google.fr region1.google-analytics.com  www.google.com widgets.rr.skeepers.io blog.netvigie.com  www.seenaptic.com assets.pinterest.com data: 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.googlesyndication.com *.debounce.io *.unbounce.com *.d1wbjksx0xxdn3.cloudfront.net *.cloudfront.net *.interactivecalculator.com *.doubleclick.net *.oribi.io *.linkedin.com *.intercomcdn.com *.intercom.io *.zoominfo.com *.vimeocdn.com *.licdn.com *.bing.com *.googleoptimize.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleoptimize.com *.googleapis.com https://apis.google.com/js/api.js *.google.com *.gstatic.com *.wpenginepowered.com; connect-src 'self' *.linkedin.com *.clarity.ms *.celayix.com *.cloudfront.net *.googlesyndication.com *.intercom.io *.interactivecalculator.com *.debounce.io *.oribi.io *.wpengine.com *.google-analytics.com *.bing.com *.zoominfo.com *.google.ca *.fontawesome.com *.doubleclick.net *.amazonaws.com *.googleapis.com *.wpenginepowered.com *.google.com *.gstatic.com wss://*.intercom.io wss://*.wpengine.com; frame-src 'self' data:  *.doubleclick.net *.googlesyndication.com *.microsoft.com *.vimeo.com *.google.com; img-src 'self' *.intercomassets.com *.clarity.ms *.gravatar.com *.windows.net *.linkedin.com *.googlesyndication.com *.google-analytics.com *.cloudfront.net *.debounce.io *.intercom.io *.bing.com *.googletagmanager.com *.smushcdn.com *.wpenginepowered.com data: *.googleapis.com *.gstatic.com *.google.com *.google.ca *.amazonaws.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googlesyndication.com *.unbounce.com *.ub-assets.com *.googletagmanager.com *.wpenginepowered.com https://fonts.googleapis.com blob:; font-src 'self' *.googlesyndication.com *.wpenginepowered.com *.intercomcdn.com *.ub-assets.com *.fontawesome.com https://fonts.gstatic.com data:; 1
frame-ancestors self https://www.vetostore.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=4lqqce9iquip4&partner=; 1
frame-ancestors 'self' *.jubelio.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.fontawesome.com;  img-src 'self' data:  *.yadro.ru 1
default-src 'self' data: https://svc.webspellchecker.net				;				script-src 'self' 'unsafe-inline' 'unsafe-eval'														https://www.google.com https://www.googletagmanager.com https://www.gstatic.com	https://www.recaptcha.net					https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net								https://js.hs-banner.com https://js.hsforms.net https://az763204.vo.msecnd.net https://js.stripe.com						https://services.postcodeanywhere.co.uk https://www.currency.me.uk https://ajax.aspnetcdn.com							https://svc.webspellchecker.net https://gsnocs.noc.ac.uk https://www.findaphd.com https://cdnjs.cloudflare.com					https://d1bxh8uas1mnw7.cloudfront.net https://api.altmetric.com https://www.youtube.com			;				connect-src 'self' 'unsafe-inline'															https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com						https://region1.google-analytics.com https://stats.g.doubleclick.net https://svc.webspellchecker.net						https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.donorfy.com	;				img-src data: *													;				font-src 'self' 'unsafe-inline'																https://gsnocs.noc.ac.uk https://fonts.googleapis.com https://fonts.gstatic.com https://svc.webspellchecker.net					https://maxcdn.bootstrapcdn.com										;				style-src 'self' 'unsafe-inline'															https://gsnocs.noc.ac.uk https://fonts.googleapis.com https://svc.webspellchecker.net https://www.findaphd.com					https://cdnjs.cloudflare.com https://az763204.vo.msecnd.net https://services.postcodeanywhere.co.uk	;				frame-src 'self' 'unsafe-inline'															https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.youtube.com						https://player.vimeo.com https://embeds.audioboom.com https://my.matterport.com https://mpembed.com						https://mars.noc.ac.uk https://forms.hsforms.com https://app.donorfy.com https://js.stripe.com							https://www.currency.me.uk https://live.brame-gamification.com/										;				frame-ancestors 'self'												;	 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.printrunner.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'self'; frame-ancestors *.celticandco.com *.dotomi.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: tokenview.io *.tokenview.io pagead2.googlesyndication.com www.googletagmanager.com www.google-analytics.com tpc.googlesyndication.com *.baidu.com *.bdstatic.com coinzillatag.com *.czilladx.com js.hsforms.net recaptcha.net www.gstatic.cn www.gstatic.com 1
frame-ancestors 'self' https://manage.datacenterfrontier.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.pg.com *.jebbit.com *.contentful.com *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org *.ctfassets.net connect.facebook.net z.moatads.com pghub.io *.tapad.com *.doubleclick.net *.google.com *.pghub.io match.adsrvr.org *.facebook.com *.youtube.com *.gstatic.com *.googleapis.com i.ytimg.com yt3.ggpht.com *.braze.com *.tidelaundry.com cdnjs.cloudflare.com *.algolia.net *.pricespider.com *.replypro.io *.tidecleaners.com stage-braze.tidecleaners.com braze.tidecleaners.com 1
default-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data: blob: https://onenote.officeapps-df.live.com/ https://portal.productboard.com/ https://urldefense.com https://urldefense.proofpoint.com; script-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io 'nonce-dmVyeSBzZWN1cmU=' 'sha256-QHiPiX9KPtuCOZtmuHIuKAquRFwTfa4lIIx3nRVaLCo='; style-src 'unsafe-inline' 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data:; img-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data: blob: https://onenote.officeapps-df.live.com/ http://www.office.com/; connect-src 'self' https://proofpointisolation.com wss://proofpointisolation.com https://*.proofpointisolation.com wss://*.proofpointisolation.com https://app.getsentry.com https://sentry.io *.pendo.io *.storage.googleapis.com; object-src 'none'; report-uri /report/csp 1
connect-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src localhost:3008 acritica.com cms.acritica.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.fonts.gstatic.com *.youtube.com *.aso1.net * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segmint.net *.insureio.com *.siteimproveanalytics.io siteimproveanalytics.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com adservice.google.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net wesbanco.learnbanzai.com teachbanzai.com banzai.org bat.bing.com *.facebook.net *.facebook.com *.adsymptotic.com linkedin.com *.linkedin.com snap.licdn.com *.youtube.com cdn.jsdelivr.net *.tiktok.com; child-src *.segmint.net *.insureio.com *.doubleclick.net *.fundsxpress.com *.google.com wesbanco.locatorsearch.com youtu.be youtube.com *.youtube.com player.vimeo.com player-telemetry.vimeo.com *.vimeocdn.com vimeo.com cdn.jsdelivr.net demos.wesbanco.com webchat.wesbanco.com *.mortgagewebcenter.com *.locatorsearch.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru  https://www.google.com https://www.googletagmanager.com  https://ssl.google-analytics.com  https://connect.facebook.net https://www.google-analytics.com/analytics.js https://api-maps.yandex.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net; img-src 'self' data: image/svg+xml https://cdn.plyr.io https://ssl.google-analytics.com https://s-static.ak.facebook.com https://mc.yandex.ru/metrika/advert.gif https://www.facebook.com https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://vsrobotics.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://vsrobotics.ru; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com; object-src 'none'; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com 1
base-uri 'self'; default-src 'self'; script-src 'self' cdn.polyfill.io www.google-analytics.com analytics.google.com 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; font-src 'self' data:; connect-src 'self' www.google-analytics.com analytics.google.com isell.svcapps.eogresources.com; img-src 'self' data: www.google-analytics.com analytics.google.com www.googletagmanager.com; frame-ancestors 'none'; 1
frame-ancestors 'self'; default-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https://*.deskdirector.com https://ddfiles.azureedge.net https://deskdirectorfiles.blob.core.windows.net 1
frame-ancestors 'self' *.thebestof.co.uk 1
frame-src 'self' *.ubcmain.com *.ubc.com www.google.com 1
connect-src 'self' https://top-fwz1.mail.ru/ https://pos.gosuslugi.ru/ http://connectgas.ru/ https://connectgas.ru/ https://sentry.paygas.ru/ https://sentry.connectgas.ru/ https://mc.yandex.ru/ https://www.google-analytics.com/ https://suggestions.dadata.ru/ https://dadata.connectgas.ru/ data: blob: 'unsafe-inline' 1
default-src mebhome.ru www.mebhome.ru m.mebhome.ru https://ssl.google-analytics.com telemetry.jivosite.com bid.g.doubleclick.net *.googleapis.com antisovetnic.ru youtube.com *.youtube.com *.jivosite.com *.yandex.ru *.mail.ru *.doubleclick.net *.spim.ru spim.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net antisovetnic.ru kicksovetnik.ru www.youtube.com vk.com core-renderer-tiles.maps.yandex.net https://mc.yandex.com/ https://code.jquery.com ajax.googleapis.com w2ui.com https://yastatic.net http://cdn.rawgit.com https://cdn.cloudflare.com/ http://cdnjs.cloudflare.com/ *.mail.ru https://ssl.google-analytics.com bid.g.doubleclick.net ssl.google-analytics.com google-analytics.com spim.ru yandex.st *.criteo.net *.criteo.com cdn.rutarget.ru *.mail.ru *.yandex.ru *.googleadservices.com www.google-analytics.com *.begun.ru *.jivosite.com cdn.retailrocket.ru *.doubleclick.net https://www.google.com https://www.gstatic.com *.rambler.ru; child-src blob: https://mc.yandex.ru;  frame-src 'self' rutube.ru *.1tv.ru http://www.mebhome.ru https://code.jivosite.com yandex.ru webvisor.ru api-maps.yandex.ru  antisovetnic.ru img.mebhome.ru andria.ru https://www.google.com/ https://bid.g.doubleclick.net/ https://ren.tv/ youtube.com *.youtube.com *.criteo.com tag.rutarget.ru cdn.rutarget.ru *.criteo.net yastatic.net blob: https://mc.yandex.ru; object-src 'self' blob: *; img-src 'self' blob: * https://mc.yandex.ru spimg.ru *.spim.ru  antisovetnic.ru pozvonok.ru *.pozvonok.ru data:; font-src 'self' * data: blob:; connect-src 'self' https://mc.yandex.com/ https://www.youtube.com https://ssl.google-analytics.com https://suggestions.dadata.ru mc.yandex.md https://www.google.com/ https://www.google.ru/ *.mail.ru *.jivosite.com  antisovetnic.ru https://tracking.retailrocket.net/ https://dsp.retailrocket.net/ https://mc.yandex.ru wss://*.jivosite.com/;  style-src 'unsafe-inline' 'unsafe-eval' 'self' *; report-uri /csp/csp.php 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' banzai.org connect.facebook.net platform.twitter.com maxcdn.bootstrapcdn.com cdn.perfdrive.com www.google-analytics.com www.googletagmanager.com teachbanzai.com www.gstatic.com ajax.googleapis.com translate-pa.googleapis.com translate.google.com translate.googleapis.com cdnjs.cloudflare.com datatables.net cdn.datatables.net editor.datatables.net maps.google.com maps.googleapis.com www.google.com *.liveperson.net *.lpsnmedia.net; style-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net platform.twitter.com maxcdn.bootstrapcdn.com teachbanzai.com www.gstatic.com fonts.googleapis.com translate.googleapis.com cdnjs.cloudflare.com  datatables.net cdn.datatables.net editor.datatables.net www.google.com; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self'; frame-src * data: blob: 1
default-src 'self' https: *.sbk.org welcome-center-germany.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.sbk.org welcome-center-germany.com chat.lust-auf-gesundheit.org; img-src data: 'self' https: *.sbk.org 'self' https://csi.gstatic.com/ maps.googleapis.com *.cloudfront.net maps.gstatic.com scontent.xx.fbcdn.net pbs.twimg.com external.xx.fbcdn.net welcome-center-germany.com; media-src 'self' https: *.sbk.org welcome-center-germany.com; frame-ancestors 'self' https://leben.sbk.org https://sbk.t-systems-mms.eu; font-src * 1
default-src 'self' https://i.ytimg.com https://plausible.io; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://plausible.io https://cdn.jsdelivr.net https://*.cloudflare.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://g.algonode.cloud https://www.youtube.com; img-src * 1
child-src 'self' hackthissite.org *.hackthissite.org htscdn.org *.htscdn.org discord.com; form-action 'self' hackthissite.org *.hackthissite.org htscdn.org *.htscdn.org; upgrade-insecure-requests; report-uri https://hackthissite.report-uri.com/r/d/csp/enforce 1
default-src 'none'; style-src 'self' 'unsafe-inline' *.cloud.sap *.successfactors.com *.successfactors.eu *.sapsf.com *.sapsf.eu *.sapsf.cn *.ondemand.com *.ns2cloud.com *.sapcloud.cn; font-src 'self' ui5.sap.com *.cloud.sap *.successfactors.com *.successfactors.eu *.sapsf.com *.sapsf.eu *.sapsf.cn *.ondemand.com *.ns2cloud.com *.sapcloud.cn; connect-src 'self' *.cloud.sap *.successfactors.com *.successfactors.eu *.sapsf.com *.sapsf.eu *.sapsf.cn *.ondemand.com *.ns2cloud.com *.sapcloud.cn; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.multiposting.fr cdnjs.cloudflare.com ajax.googleapis.com *.cloud.sap *.successfactors.com *.successfactors.eu *.sapsf.com *.sapsf.eu *.sapsf.cn *.ondemand.com *.ns2cloud.com *.sapcloud.cn; frame-src 'self'; img-src 'self' *.multiposting.fr data: *.cloud.sap *.successfactors.com *.successfactors.eu *.sapsf.com *.sapsf.eu *.sapsf.cn *.ondemand.com *.ns2cloud.com *.sapcloud.cn 1
frame-ancestors 'self' *.voc.ai *.easyya.com *.shulex.com www.sellersprite.com https://checkout.stripe.com ankertechnologycompanyltd.lightning.force.com ankertechnologycompanyltd.lightning.salesforce.com ankertechnologycompanyltd.my.salesforce.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://cdn.pricespider.com https://player.quadia.net https://pym.nprapps.org blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; img-src 'self' https://assets.msd-animal-health.com https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 1
frame-ancestors 'self' https://meetings.hubspot.com https://fast.wistia.net https://www.google.com https://www.youtube.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self';  img-src 'self' data: 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src *; frame-ancestors https://*.uniweb.be cookiehub.net https://*.uniweb.eu 1
default-src https:  wss://*.hotjar.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
object-src 'none';frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://maps.google.com https://*.twitter.com ;script-src 'self' https://fonts.googleapis.com https://www.youtube.com https://ajax.googleapis.com https://*.twitter.com https://ssl.google-analytics.com https: http: 'nonce-a4c89b3b354049dc8aec51863c223fcc' 'strict-dynamic' 'unsafe-inline' ;base-uri 'self';font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://cdnjs.cloudflare.com https://use.fontawesome.com;form-action 'self' https://*.twitter.com ;manifest-src 'self';block-all-mixed-content;img-src 'self' data: https://netsential.com https://*.google-analytics.com https://*.ytimg.com data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.twitter.com https://*.twimg.com https://twitter-badges.s3.amazonaws.com/ data: https://*.netsential.com https://netsential.com https://*.ytimg.com https://www.facebook.com;report-uri /Content_Security_Policy.aspx 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZDFiM2FiNDEzYzk5NGEwODk4NWY4OWVjMGU4ZGNjZjc=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.gezondheidsraad.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.gezondheidsraad.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.gezondheidsraad.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://aeroreport.de; 1
default-src 'self' https://liberty-bank-demos.com/ forms.hsforms.com web-chat.nativechat.com https://lbhomeloans.liberty-bank.com/ https://api.glia.com/; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.salemove.com *.glia.com snap.licdn.com *.bugherd.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net *.salemove.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.unsplash.com *.ads.linkedin.com https://www.google.com bugherd-attachments.s3.amazonaws.com 363-003-libertybankrebuild.azurewebsites.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net; frame-src 'self' https://liberty-bank-demos.com/ forms.hsforms.com web-chat.nativechat.com https://www.google.com/ sidebar.bugherd.com https://www.dayforcehcm.com/CandidatePortal/en-US/lbank https://us231.dayforcehcm.com/CandidatePortal/en-US/lbank https://www.youtube.com https://files.connellypartners.com/ http://liberty-bank-demos.com/ https://www.dayforcehcm.com https://us232.dayforcehcm.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://api.glia.com/visitor_config https://analytics.google.com *.salemove.com *.googleapis.com stats.g.doubleclick.net cdn.linkedin.oribi.io wss://pubsub.salemove.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
object-src 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com;default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' * data:;worker-src 'self' * data: blob:;media-src 'self' * data:;script-src 'self' 'nonce-MkE1MDBDNjQ4Q0NEMkQzMUQyQUYzMkE0RjZGM0JBN0E' https://www.google-analytics.com https://siteimproveanalytics.com https:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com http://cms.dev.kiesbeter https://cms-o.kiesbeter.nl https://cms-ts.kiesbeter.nl https://cms-ac.kiesbeter.nl https://cms.kiesbeter.nl;connect-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;child-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;font-src 'self' 1
default-src 'self' https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud https://unleash-edge.web.mattilsynet.io; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://app.powerbi.com https://embedded.powerbi.com; connect-src 'self' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud ws://mattilsynet-xp7qa.enonic.cloud ws://mattilsynet-xp7prod.enonic.cloud https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud https://unleash-edge.web.mattilsynet.io; font-src 'self' data: https://mattilsynet.matomo.cloud https://cdn.matomo.cloud; img-src 'self' data: https://mattilsynet.matomo.cloud https://cdn.matomo.cloud https://mattilsynet-xp7qa.enonic.cloud https://mattilsynet-xp7prod.enonic.cloud; object-src 'none'; script-src 'self' 'unsafe-eval' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-Q9vPNvpI3BYCNwzFpA56s9IESqfHGcA8LabbrsO988U=' 'sha256-kjnm6Rh0x+Gul1OW/wzmk9dfzz+Mi7p9+NUa9808dXM=' 'sha256-YEdE45l3HQmUsCkIquemxQPI8snc97t4ldUHeWRXRZI=' 'nonce-4brVWUM0LW6uViriCVyGkw=='; style-src 'self' 'unsafe-inline' https://mattilsynet.matomo.cloud https://cdn.matomo.cloud 1
frame-ancestors 'self' *.punchout2go.com *.birchstreetsystems.com *.birchstreet.net *.pepsicopartners.com 1
script-src 'self' 'report-sample' 'nonce-iGxG/xqJlYEoSpWdo+sNqQ==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'sha256-kbHtQyYDQKz4SWMQ8OHVol3EC0t3tHEJFPCSwNG9NxQ=' 'sha256-NCKNRxHOZ9NZZP1xYaFbbqjnjnIkTO+5uafvQF2F+Ok=' 'sha256-MF4OdOnsHLn63JSCXslyutSsN6cn2VjFCfcBkh8UA+U=' 'sha256-NyU5VcnUQ+qsk+xqFFnzgzL0ogzibyKUEOEJiGnm6LI=' 'sha256-xqRANPm8v5XHL3LopmHGSCIBVnSm+dHOI4AnlD0pWeY=' 'sha256-+w8qqRyG3+lLwdlPmZJJA5+4engGjZ6fe9i303mvhpg=' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI='; object-src 'none'; base-uri 'self'; frame-ancestors https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://*.mygreatlearning.com https://*.greatlearning.in https://mbaonline.snu.edu.in https://snu.edu.in https://sme.snu.edu.in https://iiitd.ac.in https://www.iiitd.ac.in https://pgdcsai.iiitd.ac.in https://www.greatlakes.edu.in https://onlinejain.com https://www.onlinejain.com https://www.jain-online.com https://jain-online.com https://*.bhartiaxa.com https://professionalonline2.mit.edu https://professional.mit.edu https://www.srmonline.in https://srmonline.in https://careerkarma.com https://pes.edu https://*.olympuslms.com; report-uri /csp-report; report-to web-csp-endpoint; 1
default-src http://127.0.0.1:* http://localhost:* https://fonts.googleapis.com https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net data:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://api.pool.pm data: blob: http://127.0.0.1:* http://localhost:* https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net https://www.gstatic.com/draco/; font-src 'self' data: blob: https://fonts.gstatic.com; frame-src data: http://127.0.0.1:* http://localhost:* https://*.poolpm.nftcdn.io https://nftstorage.link https://*.nftstorage.link https://*.ipfs.dweb.link https://arweave.net https://*.arweave.net; img-src 'self' data: blob: http://127.0.0.1:* http://localhost:* https://*; media-src https://* data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com/@google/model-viewer/; style-src 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' https: blob:; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com https://dcg.my.site.com https://dcg--baudev.sandbox.lightning.force.com https://dcg--e2e.sandbox.lightning.force.com https://dcg.lightning.force.com https://dcg--e2e--c.sandbox.vf.force.com https://dcg--c.visualforce.com https://auth01.tastecard.co.uk https://auth02.tastecard.co.uk https://dcg--uat.sandbox.my.salesforce.com https://auth01-uat.tastecard.co.uk https://auth02-uat.tastecard.co.uk https://dcg--baudev.sandbox.my.site.com https://dcg--baudev--c.sandbox.vf.force.com https://auth01-e2e.tastecard.co.uk https://auth02-e2e.tastecard.co.uk https://auth01.gourmetsociety.co.uk https://auth02.gourmetsociety.co.uk https:; frame-ancestors 'self' https://dcg.my.site.com https://dcg--baudev.sandbox.lightning.force.com https://dcg--e2e.sandbox.lightning.force.com https://dcg.lightning.force.com https://dcg--e2e--c.sandbox.vf.force.com https://dcg--c.visualforce.com https://auth01.tastecard.co.uk https://auth02.tastecard.co.uk https://dcg--uat.sandbox.my.salesforce.com https://auth01-uat.tastecard.co.uk https://auth02-uat.tastecard.co.uk https://dcg--baudev.sandbox.my.site.com https://dcg--baudev--c.sandbox.vf.force.com https://auth01-e2e.tastecard.co.uk https://auth02-e2e.tastecard.co.uk https://auth01.gourmetsociety.co.uk https://auth02.gourmetsociety.co.uk; style-src 'self' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; connect-src 'self' https: wss: *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-eval' https: 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob: https:; img-src 'self' https: data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com 1
default-src 'self' https://ruukin-kattolaskuri.idbbn.com/fi browser-update.org 1235.clients.giosgusercontent.com *.fls.doubleclick.net ajax.microsoft.com api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se *.g.doubleclick.net c.imedia.cz cdn.mxpnl.com cdn.optimizely.com cdnjs.cloudflare.com cdn-sitegainer.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com *.upseller.cloud gcm.ctnsnet.com graph.facebook.com i.ctnsnet.com i.imgur.com i.ytimg.com img.en25.com inres.uspech.sk ipac.ctnsnet.com kendo.cdn.telerik.com mc.yandex.md mc.yandex.ru pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com scontent.cdninstagram.com *.fbcdn.net *.hotjar.com secure.adnxs.com static.juicer.io static.zdassets.com *.google.com track.adform.net v2.zopim.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.juicer.ios www.kromo.eu *.eloqua.com *.bootstrapcdn.com www.pinterest.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdnjs.cloudflare.com unpkg.com *.juicer.io *.ruukki.com https://ruukin-kattolaskuri.idbbn.com/fi ajax.aspnetcdn.com browser-update.org 1235.clients.giosgusercontent.com *.fls.doubleclick.net ajax.microsoft.com api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se *.g.doubleclick.net c.imedia.cz cdn.mxpnl.com cdn.optimizely.com cdnjs.cloudflare.com cdn-sitegainer.com code.jquery.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com *.upseller.cloud gcm.ctnsnet.com graph.facebook.com i.ctnsnet.com i.imgur.com i.ytimg.com img.en25.com *.hotjar.com inres.uspech.sk ipac.ctnsnet.com kendo.cdn.telerik.com mc.yandex.md mc.yandex.ru pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com scontent.cdninstagram.com *.fbcdn.net secure.adnxs.com service.giosg.com static.zdassets.com track.adform.net v2.zopim.com https://*.hotjar.io www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.juicer.ios www.kromo.eu *.eloqua.com https://s.pinimg.com *.seznam.cz auth.iws-hybrid.trendmicro.com snap.licdn.com https://cdn.cookielaw.org app.comagic.ru *.google.com *.yandex.ua *.clarity.ms *.yandex.by *.nulead.pl stats.docu.info *.livechatinc.com https://globalcdn.interactiondesigner.giosg.com https://plannjano-modul.realcontent.se https://plannja-modul.realcontent.se https://analytics.cisk.se; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com unpkg.com *.juicer.io https://ruukin-kattolaskuri.idbbn.com/fi ajax.aspnetcdn.com browser-update.org 1235.clients.giosgusercontent.com *.fls.doubleclick.net ajax.microsoft.com api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se *.g.doubleclick.net c.imedia.cz cdn.mxpnl.com cdn.optimizely.com *.ruukki.com cdnjs.cloudflare.com cdn-sitegainer.com code.jquery.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com *.upseller.cloud *.fbcdn.net gcm.ctnsnet.com graph.facebook.com i.ctnsnet.com i.imgur.com i.ytimg.com img.en25.com *.hotjar.com inres.uspech.sk ipac.ctnsnet.com kendo.cdn.telerik.com mc.yandex.md mc.yandex.ru pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com scontent.cdninstagram.com secure.adnxs.com service.giosg.com static.zdassets.com track.adform.net v2.zopim.com https://*.hotjar.io www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.juicer.ios www.kromo.eu *.eloqua.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com data: yastatic.net https://cdn.livechatinc.com; img-src 'self' * data: blob:; media-src 'self' data: blob: api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se cdn.mxpnl.com cdn.optimizely.com cdn.ruukki.com cdnjs.cloudflare.com cdn-sitegainer.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com inres.uspech.sk ipac.ctnsnet.com pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com howtofy.blob.core.windows.net www.plannjaplay.no www.plannjaplay.se plannjaplay.howtofy.se https://cdn.livechatinc.com; frame-src 'self' *.pinterest.se www.facebook.com *.fls.doubleclick.net *.hotjar.com *.pinterest.com pixel.mathtag.com designyourdreamhouse.azurewebsites.net *.plannja.se ruukin-kattolaskuri.idbbn.com *.clients.giosgusercontent.com www.google.com track.adform.net auth.iws-hybrid.trendmicro.com www.youtube.com *.upseller.cloud ruukkikattotakuu.appgyverapp.black www.googletagmanager.com www.pinterest.com.au inres.uspech.sk *.adform.net *.g.doubleclick.net plannjaplay.howtofy.se www.plannjaplay.se www.plannjaplay.no https://kullas.net c.imedia.cz player.vimeo.com api.nulead.pl https://www.prodlib.com https://ruukkiect.azurewebsites.net https://secure-fra.livechatinc.com https://service.giosg.com https://simplebooklet.com https://*.doubleclick.net; child-src 'self' https://designyourdreamhouse.azurewebsites.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://w.soundcloud.com/ *.google.com *.facebook.com badge.stumbleupon.com youtu.be *.juicer.io *.ruukki.com https://ruukin-kattolaskuri.idbbn.com/fi browser-update.org 1235.clients.giosgusercontent.com *.fls.doubleclick.net ajax.microsoft.com api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se *.g.doubleclick.net c.imedia.cz cdn.mxpnl.com cdn.optimizely.com cdnjs.cloudflare.com cdn-sitegainer.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com *.upseller.cloud gcm.ctnsnet.com i.ctnsnet.com i.imgur.com i.ytimg.com img.en25.com inres.uspech.sk ipac.ctnsnet.com mc.yandex.md mc.yandex.ru pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com scontent.cdninstagram.com *.fbcdn.net *.hotjar.com secure.adnxs.com service.giosg.com static.zdassets.com track.adform.net v2.zopim.com https://*.hotjar.io www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.juicer.ios www.kromo.eu *.eloqua.com ruukki-com-stage-mvc.sitefinity.fi ruukki-com-prod-mvc.sitefinity.fi www.google.com https://ruukkikattotakuu.appgyverapp.black auth.iws-hybrid.trendmicro.com howtofy.azurewebsites.net howtofy.blob.core.windows.net https://plannjaplay.howtofy.se www.plannjaplay.se www.plannjaplay.no https://www.pinterest.com; connect-src 'self' *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com velux.contented.pl *.juicer.io *.ruukki.com https://ruukin-kattolaskuri.idbbn.com/fi browser-update.org 1235.clients.giosgusercontent.com *.fls.doubleclick.net ajax.microsoft.com api.browser.yandex.ru api-js.mixpanel.com app.interactiveads.ai assets.pahka.fi assets.vahakas.fi beraknamittak.plannja.se *.g.doubleclick.net c.imedia.cz cdn.mxpnl.com cdn.optimizely.com cdnjs.cloudflare.com cdn-sitegainer.com cx.atdmt.com *.cloudfront.net ekr.zdassets.com *.upseller.cloud *.fbcdn.net gcm.ctnsnet.com i.ctnsnet.com i.imgur.com i.ytimg.com img.en25.com *.hotjar.com wss://*.hotjar.com inres.uspech.sk ipac.ctnsnet.com mc.yandex.md mc.yandex.ru pixel.mathtag.com recruitmentssab.csod.com ruukin-kattolaskuri.idbbn.com ruukkikattotakuuv2.appgyverapp.eu s2.adform.net s3-eu-west-1.amazonaws.com scontent.cdninstagram.com secure.adnxs.com service.giosg.com static.zdassets.com track.adform.net v2.zopim.com https://*.hotjar.io www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.juicer.ios www.kromo.eu *.eloqua.com https://ct.pinterest.com https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://bat.bing.com https://maps.googleapis.com *.google.com *.comagic.ru *.yandex.com *.yandex.ua *.yandex.by sovetnik.market.yandex.ru api.nulead.pl *.clarity.ms stats.docu.info https://pagead2.googlesyndication.com https://optanon.blob.core.windows.net https://ruukkiect.azurewebsites.net https://cookies-data.onetrust.io https://api-fra.livechatinc.com ad.doubleclick.net https://region1.google-analytics.com https://*.interactions.giosgusercontent.com https://*.giosg.com https://plannja-modul.realcontent.se https://plannjano-modul.realcontent.se; report-uri https://ruukki.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com fonts.googleapis.com maps.gstatic.com maps.googleapis.com media.ziraatkatilim.com.tr zkustats.ziraatkatilim.com.tr images.tapu.com ziraatkatilim.intengo.com ziraatkatilim.propturk.com www.youtube.com youtube.com i.ytimg.com data: https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob: *.unicaf.org; media-src https: blob: 'unsafe-inline' 'self'; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' ws: blob:   ;script-src      'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com        ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com https://*.charmsolutions.ai         ;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com https://*.charmsolutions.ai 1
default-src 'self' www.gravatar.com packages.umbraco.org our.umbraco.org;           media-src 'self' *.thuisarts.nl;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-eu.readspeaker.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com fonts.googleapis.com;           style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com/ http://cdnjs.cloudflare.com fonts.googleapis.com;           img-src 'self' data: gravatar.com umbraco.tv https://dashboard.umbraco.com https://i.ytimg.com *.thuisarts.nl;           frame-src 'self' https://app-eu.readspeaker.com/ youtube.com https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;           font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;           connect-src 'self' https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://app-eu.readspeaker.com/ https://cdn-eu.readspeaker.com/ https://www.google-analytics.com https://*.google-analytics.com/ https://www.recaptcha.net https://our.umbraco.com/;           object-src 'none' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-4023afb5-9413-46ba-bbc9-cb6aad3a2bc6' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
frame-ancestors 'self' *.klekt.com; 1
default-src 'self'; img-src 'self' blob: data: https://*.adsymptotic.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.cookiebot.com https://*.expoints.nl https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.visualwebsiteoptimizer.com https://*.youtube.com https://analytics.twitter.com https://app.vwo.com https://cdn.pushcrew.com https://geodata.nationaalgeoregister.nl https://i.ytimg.com https://service.pdok.nl https://t.co https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.expoints.nl https://*.google.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://fonts.googleapis.com https://s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms https://*.cookiebot.com https://*.enexis.nl https://*.expoints.nl https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleanalytics.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://connect.facebook.net https://extreme-ip-lookup.com https://maps.googleapis.com https://nlmaps.nl https://static.ads-twitter.com; connect-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.cookiebot.com https://*.expoints.nl https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.identity.oraclecloud.com https://*.oribi.io https://*.pdok.nl https://*.visualwebsiteoptimizer.com https://app.vwo.com https://geodata.nationaalgeoregister.nl https://www.facebook.com wss://*.hotjar.com https://enexis-prod-signalr.service.signalr.net wss://enexis-prod-signalr.service.signalr.net; frame-src 'self' https://*.enexis.nl https://*.expoints.nl https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mendixcloud.com https://*.netbeheernederland.nl https://*.pti.nl https://*.visualwebsiteoptimizer.com https://app.vwo.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; font-src 'self' data: https://*.expoints.nl https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com; object-src 'none'; worker-src 'self' blob:; 1
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com 1
default-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk; base-uri 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.cloudflareinsights.com *.cloudflare.com www.redditstatic.com www.muchloved.com www.instagram.com www.cqc.org.uk services.postcodeanywhere.co.uk www.paypal.com www.google-analytics.com *.googleapis.com www.gstatic.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com c5.adalyser.com connect.facebook.net *.hotjar.com sense11122.pcapredict.com pcapredict.com services.postcodeanywhere.co.uk www.google.co.uk www.googletagmanager.com www.google.com maps.gstatic.com js.stripe.com www.youtube.com; frame-src 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk www.instagram.com www.sandbox.paypal.com www.paypal.com www.google.com www.muchloved.com js.stripe.com youtube.com www.youtube.com vimeo.com www.facebook.com *.reach-ats.com;  connect-src 'self' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.doubleclick.net www.google-analytics.com *.google.com services.postcodeanywhere.co.uk sandbox.paypal.com www.paypal.com maps.googleapis.com ajax.googleapis.com cookie-cdn.cookiepro.com *.onetrust.com; style-src 'self' 'unsafe-inline' sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk *.googleapis.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com; font-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk fonts.gstatic.com data:; img-src 'self' sense.org.uk *.sense.org.uk sense.org *.sense.org *.reddit.com *.adalyser.com www.cqc.org.uk www.facebook.com images.muchloved.com www.paypalobjects.com *.gravatar.com maps.googleapis.com maps.gstatic.com www.google.com www.google.co.uk www.google-analytics.com www.googletagmanager.com services.postcodeanywhere.co.uk cookie-cdn.cookiepro.com i.ytimg.com picsum.photos fastly.picsum.photos t.paypal.com data:; style-src-elem 'self' 'unsafe-inline' sense.org.uk *.sense.org.uk sense.org *.sense.org *.senseevents.co.uk *.touchbasepears.co.uk *.touchbasepears.com *.touchbasepears.net *.touchbasepears.org *.touchbasepears.org.uk www.cqc.org.uk ajax.googleapis.com fonts.googleapis.com www.paypal.com services.postcodeanywhere.co.uk; 1
frame-ancestors 'self' https://www.gridliancewest.com https://www.floridacitygas.com https://www.horizonwesttransmission.com https://www.drivegreenlane.com https://www.nexteraenergytransmission.com https://www.nexteraenergy.com https://www.nexteraenergyresources.com https://www.nexteraenergycanada.com https://www.nexteraanalytics.com https://www.nexterawater.com https://www.distributedwater.com https://www.neetny.com https://www.empirestateline.com https://www.lonestartransmission.com https://www.transbaycable.com https://www.gridliance.com https://www.floridarenewablepartners.com https://www.palms-insurance.com https://www.nexteraenergyservices.com https://www.energycurriculum.com https://www.poweringflorida.com https://www.NexteraMitigationBanks.com https://www.35mules.com; 1
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.local *.umbraco.io *.selfmade.com 1
object-src 'none'; script-src 'strict-dynamic' https: 'unsafe-inline' 'nonce-tu3mfOZdPojIrWK5S5uSVrsWl206YaWN'; base-uri 'none' 1
default-src 'self' *.cornelliron.com *.cooksondoor.com *.cornellcookson.com *.sitefinity.com https://clopaycorporationproductselector.com/ http://clopaycorporationproductselector.com/product-selector/ *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://td.doubleclick.net/ https://cdn.leadmanagerfx.com/reviews https://snap.licdn.com/li.lms-analytics/insight.old.min.js *.linkedin.com *.linked.com *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.clarity.ms *.cornelliron.com *.cooksondoor.com *.cornellcookson.com *.sitefinity.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.google.com *.google-analytics.com *.twimg.com *.eloqua.com *.en25.com *.hotjar.com *.googletagmanager.com *.googleadservices.com *.marketingcloudfx.com *.leadmanagerfx.com *.youtube.com script.crazyegg.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com syndication.twitter.com s.ytimg.com publish.twitter.com platform.linkedin.com platform.stumbleupon.com dec.azureedge.net munchkin.marketo.net js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org maxcdn.bootstrapcdn.com stats.g.doubleclick.net googleads.g.doubleclick.net platform.stumbleupon.com syndication.twitter.com d2s9v0v2t0z9gk.cloudfront.net cdnjs.cloudflare.com cdn.callrail.com www.thecontinuingarchitect.com www.google.bg bat.bing.com app-sj32.marketo.com https://cdn.leadmanagerfx.com/reviews/3069/ https://clopaycorporationproductselector.com/ http://clopaycorporationproductselector.com/product-selector/ *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://td.doubleclick.net/ https://cdn.leadmanagerfx.com/reviews https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://px.ads.linkedin.com/ https://px4.ads.linked.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ *.twimg.com maxcdn.bootstrapcdn.com www.thecontinuingarchitect.com app-sj32.marketo.com/ *.cornelliron.com *.cooksondoor.com *.cornellcookson.com optimize.google.com fonts.googleapis.com https://clopaycorporationproductselector.com/ http://clopaycorporationproductselector.com/product-selector/ *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://td.doubleclick.net/ https://cdn.leadmanagerfx.com/reviews https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://px.ads.linkedin.com/ https://px4.ads.linked.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com data: *.cornelliron.com *.cooksondoor.com *.cornellcookson.com * *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://px.ads.linkedin.com/ https://px4.ads.linked.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net *.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com www.google.com googleads.g.doubleclick.net www.google.bg bat.bing.com stats.g.doubleclick.net app-sj32.marketo.com/ *.cornelliron.com *.cooksondoor.com *.cornellcookson.com https://optimize.google.com *.vimeocdn.com c.clarity.ms *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/api/mapsjs/gen_204 *.linkedin.com *.linked.com; media-src 'self' data: blob: *.cornelliron.com *.cooksondoor.com *.cornellcookson.com https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://px.ads.linkedin.com/ https://px4.ads.linked.com/; frame-src https://optimize.google.com 'self' vars.hotjar.com app-sj32.marketo.com *.cornelliron.com *.cooksondoor.com *.cornellcookson.com *.vimeo.com *.google.com *.youtube.com https://clopaycorporationproductselector.com http://clopaycorporationproductselector.com/product-selector/ *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://insight.adsrvr.org/ https://px.ads.linkedin.com/ https://px4.ads.linked.com/; child-src 'self' platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ player.vimeo.com/ w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.hotjar.com bid.g.doubleclick.net *.google.com www.thecontinuingarchitect.com app-sj32.marketo.com/ *.cornelliron.com *.cooksondoor.com *.cornellcookson.com *.sitefinity.com *.thecontinuingarchitect.edu blob: *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://px.ads.linkedin.com/ https://px4.ads.linked.com/; connect-src 'self' accounts.google.com *.dec.sitefinity.com *.mktoresp.com stats.g.doubleclick.net c.inbox.guru in.hotjar.com vc.hotjar.io t.marketingcloudfx.com *.clarity.ms *.crazyegg.com *.hotjar.com www.google-analytics.com t.leadmanagerfx.com recorder.marketingcloudfx.com us-east1-idyllic-vehicle-159522.cloudfunctions.net analytics.google.com www.googleadservices.com *.google.com *.cornelliron.com *.cooksondoor.com *.cornellcookson.com *.sitefinity.com wss://ws30.hotjar.com wss://ws32.hotjar.com/api/v2/client/ws https://cdn.leadmanagerfx.com/reviews/3069/ https://clopaycorporationproductselector.com/ http://clopaycorporationproductselector.com/product-selector/ *.freshchat.com *.freshworksapi.com *.webpush.freshchat.com s3.amazonaws.com fc-use1-00-pics-bkt-00.s3.amazonaws.com *.freddyproject.com *.prod.freddyproject.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://cdn.leadmanagerfx.com/reviews/4941/ https://px.ads.linkedin.com/ https://px4.ads.linked.com/ *.hotjar.io *.hotjar.com wss://ws.hotjar.com/api/v2/client/ws; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors https://*.peta.org; 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' https://rcu.groovecar.com/ https://www.googleoptimize.com/ https://www.timevaluecalculators.com https://www.youtube.com/ https://www.gstatic.com/ https://www.google.com/ https://rculocator.wave2.io/ https://*.adroll.com/ https://js.adsrvr.org/ https://*.simpli.fi/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://detectca.easysol.net/ https://ai.rcu.org/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://514001781.collect.igodigital.com/ https://cdn.timetrade.com/ https://connect.facebook.com/ https://maps.googleapis.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://highmonkey-search.clients.us.funnelback.com/ 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https://code.jquery.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ ; img-src * data:; font-src 'self' data: https://www.groovecar.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; connect-src 'self' https://cloud.email-rcu.org/ https://*.googlesyndication.com/ https://*.adroll.com/ https://cdn.linkedin.oribi.io/ https://rcu-search.clients.us.funnelback.com/ https://maps.googleapis.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ wss://*.hotjar.com/ https://content.hotjar.io/ https://in.hotjar.com/ https://highmonkey-search.clients.us.funnelback.com/ ; media-src 'self'; object-src 'self'; child-src 'self'; frame-src * ; worker-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' http://webvisor.com *.metrics.yandex https://metrika.yandex.ru https://metrica.yandex.com https://metrica.yandex.com.tr 1
frame-ancestors 'self' https://*.norisbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu http://dpm.demdex.net http://assets.adobedtm.com http://*.googletagmanager.com http://googleads.g.doubleclick.net blob: 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/vue@2.6.12 https://connect.facebook.net/ https://www3.objective.com/ https://form.jotform.com/jsform/ https://extend.vimeocdn.com/ga/3682823.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me https://grow.clearbitjs.com/api/pixel.js https://iptrack.io/api/v1/wiv.js https://pi.pardot.com/  https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com *.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www3.objective.com/analytics 'nonce-Za8aIqvNiAeGAfwiUZ1jKQABQRI' https://ipinfo.io https://www.google.com/ https://www.gstatic.com/ https://secure.leadforensics.com/; style-src 'report-sample' 'unsafe-inline' 'self' https://fast.fonts.net https://fast.wistia.com https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipify.org https://fast.wistia.net https://*.wistia.com https://ipapi.co https://s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net *.google-analytics.com wss://*.wistia.com *.litix.io *.analytics.google.com https://analytics.google.com *.akamaihd.net https://api.lever.co https://s3.ap-southeast-2.amazonaws.com/trapezedownload.objective.com https://cdn.linkedin.oribi.io/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://s3.ap-southeast-2.amazonaws.com/trapezedownload.objective.com/; font-src 'self' data: https://fast.wistia.net https://fast.wistia.com https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' *.youtube.com https://calendly.com/ https://www.objective.com https://vars.hotjar.com https://www.facebook.com https://www3.objective.com https://objectiveredact.com https://www.googletagmanager.com https://www.google.com/ https://player.vimeo.com/ https://*.jotform.com/  https://app.livestorm.co/; img-src 'self' data: https://dashboard.whoisvisiting.com https://fast.wistia.net https://grow.clearbitjs.com https://px.ads.linkedin.com https://www.facebook.com *.facebook.net *.google-analytics.com https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.my *.wistia.com *.youtube.com https://www.objective.com.au https://www.objective.co.uk *.objective.com https://secure.leadforensics.com https://www.linkedin.com/ https://*.hotjar.com; manifest-src 'self'; media-src 'self' data: blob: *; worker-src blob:; 1
default-src https 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws: https: dot.niiid.io jobs.b-ite.com cs-assets.b-ite.com;  frame-ancestors 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-a01373d9acfd0a8f2dcaa6181ab359d9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
connect-src 'self' https://maps.googleapis.com; default-src 'self'; font-src 'self' data:  https://use.fontawesome.com  https://fonts.gstatic.com  ; frame-src 'self' https://www.google.com  https://www.youtube.com  ; img-src 'self' data: https://secure.gravatar.com  https://wordpress.slimcd.com  https://s.w.org   ; script-src script-src 'self' 'unsafe-inline' data:  https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  'unsafe-eval' ; script-src-elem script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  ; style-src style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; style-src-elem style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://optimize.google.com *.googleanalytics.com *.google-analytics.com *.googleadservices.com *.pagead2.googelsyndication.com *.googleoptimize.com *.clarity.ms  https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://snap.licdn.com https://unpkg.com https://cdnjs.cloudflare.com *.linkedin.com https://cdn.stat-track.com *; img-src 'self' https: data: blob:;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com; font-src https://fonts.gstatic.com * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src https://optimize.google.com * data:; 1
script-src 'self' 'unsafe-inline' api.company-target.com/api/ stats.g.doubleclick.net www.googletagmanager.com munchkin.marketo.net static.hotjar.com j.6sc.co/6si.min.js tag.demandbase.com/ script.hotjar.com snap.licdn.com connect.facebook.net view.ceros.com sc.lfeeder.com www.clarity.ms directline.botframework.com q.clarity.ms/collect googleads.g.doubleclick.net www.youtube.com jnn-pa.googleapis.com pcl-prd-hrchatbot-web.azurewebsites.net pcl-stg-hrchatbot-web.azurewebsites.net pcl-dev-hrchatbot-bsweb.azurewebsites.net cdn.botframework.com pcl.egnyte.com urldefense.com www.logicmonitor.com docs.rapid7.com www.google-analytics.com; 1
base-uri 'self' *.portfoliorecovery.com;              connect-src 'self' *.portfoliorecovery.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://surveystats.hotjar.io https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://cdn.cookielaw.org https://origin.marketinghub.opentext.com https://www.google-analytics.com https://www.analytics.google.com/g/ https://analytics.google.com/g/ https://stats.g.doubleclick.net/ https://privacyportal.onetrust.com/request/v1/consentreceipts;               default-src 'self' *.portfoliorecovery.com;              font-src 'self' *.portfoliorecovery.com https://fonts.gstatic.com https://script.hotjar.com data:;              frame-src 'self' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/ https://www.surveymonkey.com/ https://player.vimeo.com/ https://www.marketinghub.opentext.com https://www.google.com/ https://vars.hotjar.com https://bid.g.doubleclick.net https://*.cybersource.com/;              frame-ancestors 'self' *.portfoliorecovery.com;              img-src 'self' *.portfoliorecovery.com *.google-analytics.com *.googletagmanager.com https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://cdn-assets-cloud.frontify.com https://cdn.optimizely.com https://content.pra1.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://origin.marketinghub.opentext.com https://www.marketinghub.opentext.com https://tags.w55c.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://aa.agkn.com https://prod.smassets.net/assets/responseweb/responseweb/ data: https://i.vimeocdn.com/video/861062727-ac8d5e060a589bdcc041d00f17d6a15bf8d2ba63372b02cf1c7eeb4f4e6d59d3-d_640 https://cdn.cookielaw.org https://analytics.convertlanguage.com https://static.hotjar.com https://script.hotjar.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com/ https://c.bing.com/ https://i.vimeocdn.com/video/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.portfoliorecovery.com *.googletagmanager.com https://bat.bing.com/bat.js https://cdn.cookielaw.org/scripttemplates/ https://cloud-us.analytics-egain.com https://www.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js https://widget.surveymonkey.com https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://www.google.com https://www.gstatic.com https://analytics.convertlanguage.com/mpwat.js https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com/api/player.js https://*.cybersource.com/;     style-src 'self' 'unsafe-inline' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/system/templates/chat/prava/css/iframe-style.css https://portfoliorecovery.egain.cloud/system/templates/chat/prava_dev/css/iframe-style.css https://fonts.googleapis.com https://www.marketinghub.opentext.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.aspnetcdn.com fonts.gstatic.com *.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.facebook.com *.googleadservices.com siteimproveanalytics.com *.doubleclick.net *.simpleviewcrm.com *.moatads.com *.pinterest.com *.spintest.com *.traveliowa.com *.cloudflare.com *.hotjar.com *.privy.com *.adnxs.com *.amp.travel *.ipredictive.com *.instagram.com *.bttrack.com *.presage.io s.pinimg.com *.stackadapt.com *.iowawineandbeer.com;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' *.traveliowa.com iowa.gov *.jquery.com maxcdn.bootstrapcdn.com *.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com *.spintest.com explore.traveliowa.com *.amp.travel *.jsdelivr.net *.stackadapt.com *.iowawineandbeer.com;img-src 'self' data: *.traveliowa.com localhost:* localtest:* *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.arrivalist.com *.google.com *.siteimproveanalytics.io *.simpleviewcrm.com *.sa-as.com *.cloudfront.net *.googleapis.com *.jquery.com *.spintest.com *.youtube.com *.adnxs.com *.ads.linkedin.com *.facebook.com *.linkedin.com *.doubleclick.net *.adsymptotic.com *.ytimg.com explore.traveliowa.com *.cloudinary.com *.bandwango.com *.googletagmanager.com *.crowdriff.com *.imgix.net *.ipredictive.com *.amazonaws.com *.presage.io *.pinterest.com *.iowawineandbeer.com;media-src *.spindustry.com *.spintest.com *.localtest.com *.spinstage.com *.traveliowa.com traveliowa.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com *.addthis.com *.hotjar.com explore.traveliowa.com *.ipredictive.com *.instagram.com *.traveliowa.com *.pinterest.com *.iowawineandbeer.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com *.jsdelivr.net storage.googleapis.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.googleapis.com *.addthis.com *.google-analytics.com *.privy.com *.hotjar.io *.hotjar.com *.facebook.com explore.traveliowa.com *.facebook.net *.googletagmanager.com *.jquery.com *.amp.travel localhood.com cdn.linkedin.oribi.io pagead2.googlesyndication.com analytics.google.com *.pinterest.com *.linkedin.com *.stackadapt.com *.iowawineandbeer.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' localhost:* localtest.com:* *.traveliowa.com *.spindustry.com *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com/ data: *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; default-src *.klarna.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; style-src cache.anita.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.mailchimp.com seal-seflorida.bbb.org fonts.googleapis.com *.google.com *.google.de *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; script-src email.anita.com s.pinimg.com cache.anita.com *.clarity.ms shop.anita.com sgtm.anita.com anita-shop-fr.zendesk.com api.smooch.io assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com https://sandbox.crefopay.de/ https://api.crefopay.de https://code.jquery.com/jquery-3.3.1.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js www.googletagmanager.com cdn.dnky.co api.comapi.com webchat.dotdigital.com x.klarnacdn.net http://maps.googleapis.com/ d.ratepay.com secure.pay1.de static.zdassets.com *.cookielaw.org *.mailchimp.com *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org *.google.com tagmanager.google.com www.gstatic.com js.playground.klarna.com js.klarna.com bat.bing.com *.zopim.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src static.zdassets.com cache.anita.com http://maps.googleapis.com/ http://maps.gstatic.com/ 'self' 'unsafe-inline'; img-src na.klarnaevt.com ct.pinterest.com cache.anita.com *.clarity.ms *.bing.com b.stats.paypal.com *.stats.paypal.com *.paypal.com anita-shop.zendesk.com anita-shop-fr.zendesk.com static.zdassets.com www.google.co.ma www.googletagmanager.com www.gravatar.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://images.unsplash.com *.payments-amazon.com *.media-amazon.com i.ytimg.com x.klarnacdn.net *.klarnaevt.com http://maps.googleapis.com/ http://maps.gstatic.com/ www.facebook.com *.mailchimp.com tracking.qa.paypal.com seal-seflorida.bbb.org *.playground.klarnaevt.com bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net 'self' data: 'self' 'unsafe-inline'; frame-src www.jsctool.com email.anita.com www.pinterest.com www.pinterest.de e.issuu.com shop.anita.com ct.pinterest.com assets.braintreegateway.com c.paypal.com checkout.paypal.com sgtm.anita.com ssl.kaptcha.com fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com https://sandbox.crefopay.de https://api.crefopay.de *.amazon.com *.payments-amazon.com www.youtube.com www.youtube-nocookie.com cdn.dnky.co webchat.dotdigital.com *.klarna.com http://maps.googleapis.com/ secure.pay1.de www.google.com 'self' 'unsafe-inline'; connect-src d.ratepay.com wss://widget-mediator.zopim.com ct.pinterest.com *.clarity.ms ekr.zendesk.com payments.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com *.google.com sgtm.anita.com api.smooch.io wss://api.smooch.io anita-shop-fr.zendesk.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://sandbox.crefopay.de https://api.crefopay.de *.amazon.com maps.googleapis.com api.comapi.com webchat.dotdigital.com *.klarnaevt.com ekr.zdassets.com anita-shop.zendesk.com connect.facebook.net t.elasticsuite.io *.cookielaw.org www.paypal.com bat.bing.com *.google-analytics.com *.doubleclick.net *.zopim.com 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://play-lh.googleusercontent.com https://is1-ssl.mzstatic.com https://cdn-api.weglot.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com https://analytics.google.com https://ttcu.locatorsearch.net https://*.vimeo.com https://*.pure.cloud https://*.paypalobjects.com https://*.giveworx.com https://www.datadoghq-browser-agent.com https://ttcu.com https://*.ttcu.com https://*.pinterest.com https://t.co https://analytics.twitter.com https://ajax.cloudflare.com https://*.qualtrics.com https://marketing.ttcu.com https://s.pinimg.com/ https://static.ads-twitter.com https://*.cloudflareinsights.com https://*.addthis.com https://*.issuu.com https://*.lk-cs.com https://ttcu.locatorsearch.com https://cdn.weglot.com https://c.bing.com https://api.shelf.io https://*.adsrvr.org https://*.clarity.ms https://*.schemaapp.com https://cds-sdkcfg.onlineaccess1.com https://*.addthisedge.com wss://*.hotjar.com https://s3.amazonaws.com https://*.youtube-nocookie.com https://*.formstack.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.facebook.com https://www.gstatic.com https://connect.facebook.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com; frame-ancestors 'self' https://www.youtube.com https://*.vimeo.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * blob:; font-src 'self' s0.wp.com https://use.fontawesome.com data: fonts.gstatic.com; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' mytst.acpny.com my.acpny.com; 1
default-src 'self';img-src 'self' http: https: data: blob: *.google.com;font-src 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.the1.co.th *.googletagservices.com *.doubleclick.net *.google.com *.google.co.th *.googlesyndication.com *.googletagmanager.com;connect-src 'self' *.the1.co.th *.demdex.net *.doubleclick.net *.googlesyndication.com *.gstatic.com *.analytics.google.com/g/collect;frame-src *.youtube.com *.googlesyndication.com *.google.com *.googletagservices.com;frame-ancestors 'none';object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.rentcentric.com *.browser-update.org *.trupayments.com *.mobilityworks.com *.onesignal.com onesignal.com *.wpenginepowered.com woobox.com *.woobox.com *.bamboohr.com *.googleadservices.com *.carfax.com *.googletagmanager.com ssum.casalemedia.com *.google-analytics.com *.fliphtml5.com *.dealertrack.com *.wp.com *.rlcdn.com ups.analytics.yahoo.com *.netdna-ssl.com *.ads.linkedin.com pippio.com *.bc0a.com *.pardot.com *.adroll.com *.purechat.com pixel.rubiconproject.com lex.33across.com *.agkn.com tr.snapchat.com ads.yahoo.com dsum-sec.casalemedia.com pixel.prfct.co us-u.openx.net *.adnxs.com *.google.com *.googleapis.com *.youtube.com *.gstatic.com *.addthis.com *.moatads.com *.pinimg.com *.addthisedge.com ct.pinterest.com *.amazonaws.com odr.mookie1.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com thrtle.com *.company-target.com *.purechatcdn.com *.bing.com *.moatads.com *.wistia.com pixel.mathtag.com *.litix.io *.dotomi.com *.doubleclick.net secure.gravatar.com tags.bluekai.com dpm.demdex.net *.reson8.com *.b0e8.com *.buildfire.com connect.facebook.net *.3lift.com *.facebook.com *.hotjar.com *.hotjar.io *.bidswitch.net *.pubmatic.com *.outbrain.com *.taboola.com *.clarity.ms *.liadm.com pippio.com *.webmd.com *.ina.la *.semasio.net sync.commander1.com tg.socdm.com google.com analytics.twitter.com platform.rtbiq.com adventori.com *.dyntrk.com fksnk.com *.rezync.com s3-us-west-2.amazonaws.com data: blob:; frame-ancestors 'self' insights.hotjar.com *.hotjar.io *.fliphtml5.com woobox.com *.mobilityworks.com *.wpenginepowered.com *.litix.io *.netdna-ssl.com usermatch.krxd.net *.googleadservices.com *.youtube.com *.adroll.com; font-src 'self' *.netdna-ssl.com *.buildfire.com *.wistia.com *.wpenginepowered.com fonts.gstatic.com https://*.hotjar.com data:; connect-src 'self' https://* ws://*.hotjar.com wss://*.hotjar.com ws://*.hotjar.io wss://*.hotjar.io wss://roomapi-signalr.prod-aws.purechat.com ws:* *.wistia.com tr.snapchat.com *.buildfire.com *.woobox.com; object-src 'self' *.netdna-ssl.com *.buildfire.com *.wistia.com *.fliphtml5.com *.mobilityworks.com *.wpenginepowered.com; 1
default-src 'self' 'unsafe-inline' *.cookie-script.com *.snapwidget.com snapwidget.com *.tiktokv.com www.google.com data: *.bkv.hu *.snapwidget.com *.google-analytics.com *.facebook.com *.fbcdn.net *.fburl.com fburl.com *.ttwstatic.com www.tiktok.com *.tiktok.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net *.facebook.com *.fbcdn.net *.fburl.com fburl.com www.tiktok.com *.tiktok.com *.tiktokv.com cdn.cookie-script.com *.google-analytics.com *.newrelic.com *.ttwstatic.com *.cookie-script.com *.snapwidget.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self' 1
base-uri 'self';object-src 'none';connect-src 'self' *.h2w1h50fwn.online *.ravens-hm.online *.raven-hm.online *.raven-eyes.online *.google.com *.amazonaws.com *.sentry.io https://*.mapbox.com https://*.googleapis.com wss://*.raven-hm.online;default-src 'self' https://www.google.com;form-action 'self';img-src * 'unsafe-inline' data: https://ravens-hm.online ui-avatars.com;media-src 'self' *.h2w1h50fwn.online *.raven-hm.online *.raven-eyes.online;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://js.sentry-cdn.com *.cloudflare.com *.google.com *.gstatic.com *.bunny.net https://m.ravens-hm.online/matomo.js https://*.googleapis.com https://unpkg.com https://vjs.zencdn.net;style-src 'self' 'unsafe-inline' *.bunny.net https://*.sentry-cdn.com https://*.googleapis.com https://*.gstatic.com https://unpkg.com https://vjs.zencdn.net;frame-src 'self' *.cloudflare.com *.google.com;font-src 'self' *.bunny.net https://*.googleapis.com https://*.gstatic.com data: 1
default-src 'self' rocmondriaan.nl *.rocmondriaan.nl; connect-src 'self' *.genial.ly *.calendly.com rocmondriaan.nl *.rocmondriaan.nl stats.g.doubleclick.net tr.snapchat.com *.analytics.google.com *.google-analytics.com *.googlesyndication.com www.googletagmanager.com cdn.linkedin.oribi.io analytics.tiktok.com *.clarity.ms; img-src * data:; style-src 'self' rocmondriaan.nl *.rocmondriaan.nl *.typekit.net *.genial.ly *.calendly.com 'unsafe-inline'; script-src 'self' rocmondriaan.nl *.rocmondriaan.nl *.genial.ly *.calendly.com *.googleapis.com www.youtube.com www.google-analytics.com www.googletagmanager.com connect.facebook.net snap.licdn.com sc-static.net d12ue6f2329cfl.cloudfront.net googleads.g.doubleclick.net www.clarity.ms analytics.tiktok.com tr.snapchat.com 'unsafe-inline'; font-src use.typekit.net; frame-src *.genial.ly *.calendly.com *.connexys.nl *.facebook.com www.youtube.com player.vimeo.com letszoip.com www.letszoip.com tr.snapchat.com; object-src 'none' 1
style-src * 'unsafe-inline' 'unsafe-eval'; media-src *; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; frame-ancestors 'none' 1
font-src *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.fontawesome.com https://*.gstatic.com data: https://www.googletagmanager.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net *.twitter.com www.xtento.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com account.fetchify.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.klarna.com *.lightemporium.com *.paypal.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.cloudflare.com *.fontawesome.com *.google-analytics.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.trackedlink.net *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.clarity.ms d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net ds9p2a60lh6fp.cloudfront.net c8.dycdn.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com static.cloudflareinsights.com bat.bing.com *.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.klevu.com *.ksearchnet.com *.avada.io player.vimeo.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.paypal.com *.adyen.com https://static.klaviyo.com https://fonts.googleapis.com/ unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com cc-cdn.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.pcapredict.com *.sandbox.paypal.com *.trackedlink.net *.twimg.com *.twitter.com *.clarity.ms d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d1y9qtn9cuc3xw.cloudfront.net ds9p2a60lh6fp.cloudfront.net c8.dycdn.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com static.cloudflareinsights.com bat.bing.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com http://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.oswald.ai  https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://*.mobiscroll.com https://cdn.jsdelivr.net https://unpkg.com https://datacapture.dropsolid.com https://sc-static.net https://www.google.com https://www.gstatic.com https://*.unibuddy.co/ https://firebaseinstallations.googleapis.com https://cookie-cdn.cookiepro.com/ https://cdn1.fbri.co; object-src 'self'; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.facebook.com data: https://www.makeitfly.group https://www.google.be https://px.ads.linkedin.com https://cdn.jsdelivr.net https://www.linkedin.com https://*.snapchat.com *.google-analytics.com *.analytics.google.com https://cookie-cdn.cookiepro.com/; media-src 'self'; frame-src 'self' https://*.hotjar.com https://www.google.com https://www.youtube.com https://*.oswald.ai https://kuula.co/ https://*.vimeo.com https://*.doubleclick.net https://*.snapchat.com https://unibuddy.co/ https://*.odisee.be https://services.libis.be/ https://firebaseinstallations.googleapis.com https://*.unibuddy.co/ https://maps.google.com https://cdnapisec.kaltura.com https://e.issuu.com https://return.flexmail.eu https://open.spotify.com/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://pro.fontawesome.com https://*.cloudflare.com; connect-src 'self' https://*.oswald.ai https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfunctions.net *.google-analytics.com *.analytics.google.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cookie-cdn.cookiepro.com/ 1
default-src https://msutexas.edu https://*.msutexas.edu 'sha256-POrICB9a1bmhO8yl+rfcX8vA/Z6GI+ZxgS81fIX5sX4='; img-src https://msutexas.edu https://*.msutexas.edu data: https://www.googleapis.com *.gstatic.com https://*.google.com www.googletagmanager.com *.google-analytics.com google-analytics.com calendarmedia.blob.core.windows.net youvisit.com *.youvisit.com *.siteimproveanalytics.io siteimproveanalytics.io *.campuslabs.com campuslabs.com https://www.facebook.com https://*.bing.com trkn.us doubleclick.net *.doubleclick.net https://*.adsrvr.org https://*.simpli.fi https://ml314.com https://*.visitdays.com https://visitdays.com https://*.adentifi.com https://adentifi.com https://*.googleusercontent.com https://static.ctctcdn.com; style-src https://msutexas.edu https://*.msutexas.edu 'unsafe-inline' https://cse.google.com https://*.google.com www.googletagmanager.com cookiepro.com *.cookiepro.com fontawesome.com *.fontawesome.com *.googleapis.com googleapis.com https://*.admithub.com https://admithub.com https://*.visitdays.com https://visitdays.com https://stackpath.bootstrapcdn.com https://static.ctctcdn.com https://*.gstatic.com/; connect-src https://msutexas.edu https://*.msutexas.edu *.googletagmanager.com *.googlesyndication.com *.google-analytics.com google-analytics.com cookiepro.com *.cookiepro.com *.campuslabs.com campuslabs.com https://*.clive.cloud https://www.facebook.com https://cdn.rlets.com https://*.rlets.com https://*.gannettdigital.com https://capture-api.reachlocalservices.com/ https://reachlocalservices.com https://*.visitdays.com https://visitdays.com https://chat-us.libanswers.com https://csp.withgoogle.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com; font-src https://msutexas.edu https://*.msutexas.edu data: fontawesome.com *.fontawesome.com *.gstatic.com gstatic.com https://*.admithub.com https://admithub.com https://*.visitdays.com https://visitdays.com https://stackpath.bootstrapcdn.com; script-src https://msutexas.edu https://*.msutexas.edu 'strict-dynamic' 'nonce-6cdd28ee2fce8347763b7ade6c292c41f051494c586654d0870d9720ea1267d9' https: 'unsafe-eval' https://cse.google.com *.googletagmanager.com https://www.googletagmanager.com www.googletagmanager.com *.google-analytics.com google-analytics.com cookiepro.com *.cookiepro.com https://*.youvisit.com https://youvisit.com https://www.youvisit.com fontawesome.com *.fontawesome.com *.jsdelivr.net jsdelivr.net https://*.clive.cloud https://cdn.rlets.com https://*.rlets.com https://*.admithub.com https://admithub.com https://*.visitdays.com https://visitdays.com https://mobi.visitdays.com https://libanswers.msutexas.edu https://www.google.com 'unsafe-inline' https://mwsu.apparmor.com/ https://*.gstatic.com/; frame-src https://msutexas.edu https://*.msutexas.edu https://*.msutexas.edu https://cse.google.com https://forms.office.com/ *.googletagmanager.com www.google.com youvisit.com *.youvisit.com *.youtube.com youtube.com https://player.vimeo.com  https://vimeo.com  https://cdn.rlets.com https://*.rlets.com doubleclick.net *.doubleclick.net https://insight.adsrvr.org https://d1eoo1tco6rr5e.cloudfront.net https://adservices.brandcdn.com https://*.admithub.com https://admithub.com https://*.visitdays.com https://visitdays.com https://my.matterport.com https://e.issuu.com https://w.soundcloud.com https://prezi.com https://app.powerbi.com https://www.facebook.com https://calendar.google.com https://accounts.google.com https://mwsu.radiusbycampusmgmt.com/ https://fred.stlouisfed.org/; object-src https://my.matterport.com; script-src-elem https://msutexas.edu https://*.msutexas.edu 'unsafe-inline' https://cse.google.com https://google.com https://*.google.com *.googletagmanager.com googletagmanager.com https://www.googletagmanager.com/ *.google-analytics.com google-analytics.com cookiepro.com *.cookiepro.com https://*.youvisit.com https://youvisit.com https://www.youvisit.com *.siteimproveanalytics.com siteimproveanalytics.com *.campuslabs.com campuslabs.com *.jsdelivr.net jsdelivr.net https://*.clive.cloud https://*.facebook.net https://*.bing.com https://*.google.com https://cdn.rlets.com https://*.rlets.com doubleclick.net *.doubleclick.net https://*.simpli.fi https://*.gannettdigital.com https://capture-api.reachlocalservices.com/ https://reachlocalservices.com https://adservices.brandcdn.com https://*.visitdays.com https://visitdays.com https://mobi.visitdays.com https://stackpath.bootstrapcdn.com https://mwsu.apparmor.com/; 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; img-src 'self' data: images.ctfassets.net cdnjs.cloudflare.com/ajax/libs/leaflet/1.3.1/images/ api.mapbox.com/ https://wds.ace.teliacompany.com https://i.ytimg.com/ *.browsealoud.com https://*.texthelp.com/ https://kundo-web-uploaded-files-prod.s3.amazonaws.com https://kundo.se https://static.kundo.se https://*.loop11.com https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com https://*.dna.ip-only.net; style-src 'self' 'unsafe-hashes' 'nonce-RKTgLr2R22PCO1XHMTEyQgOurts2f1Bisgle0/bAFDg=' https://wds.ace.teliacompany.com/wds/instances/JovKjqJs/ACEChat.css *.browsealoud.com https://fonts.googleapis.com https://*.loop11.com https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.3.1/leaflet.css https://ui.ungpd.com https://cdn.ungpd.com; script-src 'self' 'sha256-junL63zWyeJnAzuhe25Hew4rOMW5C4vwwEz2rudSORQ=' 'nonce-RKTgLr2R22PCO1XHMTEyQgOurts2f1Bisgle0/bAFDg=' https://edge.fullstory.com/s/fs.js https://rs.fullstory.com/ https://wds.ace.teliacompany.com https://wds.ace.teliacompany.net https://www.youtube.com/ https://www.streamio.com/ https://streamio.com/ https://s.ytimg.com/ *.browsealoud.com *.speechstream.net/ https://*.loop11.com https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com; frame-src 'self' https://wds.ace.teliacompany.com https://www.youtube.com/ *.cloudfront.net https://html5-player.libsyn.com https://www.streamio.com/ https://streamio.com/ https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com; media-src * data: blob: 'unsafe-inline'; child-src 'self' https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com; object-src 'self' data: https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://fonts.gstatic.com/ https://ui.ungpd.com https://cdn.ungpd.com; manifest-src 'self'; connect-src 'self' https://chat.ace.teliacompany.com https://chat.ace.teliacompany.net *.browsealoud.com *.speechstream.net/ *.texthelp.com/ api.addsearch.com https://rs.fullstory.com/ https://*.loop11.com https://ko.analytics.ozzi.io http://ko.analytics.ozzi.io https://ui.ungpd.com https://cdn.ungpd.com https://streamio.com/ https://www.streamio.com/; 1
frame-ancestors 4fansites.de *.4fansites.de *.google.de *.google.com *.cdn.ampproject.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.googletagmanager.com https://*.google.com https://*.rumiview.com https://*.bing.com https://*.clarity.ms https://www.google-analytics.com/ https://maps.googleapis.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net https://api.bluecore.com/triggermail.js/ecowater.js https://assets.adobedtm.com/175f7caa2b90/28cce541436d/launch-6a7c59bdc5d4.min.js https://bat.bing.com/bat.js https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://k.clarity.ms/s/0.6.34/clarity.js https://prism.app-us1.com/ https://trackcmp.net/t_prism_sitemessages.php https://twin-iq.kickfire.com/twin.js https://www.google-analytics.com/gtm/optimize.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js https://www.rumiview.com/containers/e49b0c40-4512-49ab-bd25-0b17a7b5ba30.js;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net https://stackpath.bootstrapcdn.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.clarity.ms https://bat.bing.com https://api-preview.luckyorange.com https://settings.luckyorange.net https://maps.googleapis.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com wss://in.visitors.live wss://visitors.live;font-src 'self' data: https://stackpath.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://10874975.fls.doubleclick.net https://www.facebook.com https://www.google.com https://www.youtube.com/ https://costcous.centah.com;img-src 'self' 'unsafe-inline' data: https://*.bing.com https://*.googletagmanager.com https://maps.googleapis.com/ https://c.clarity.ms https://maps.gstatic.com/ https://www.google-analytics.com https://d10lpsik1i8c69.cloudfront.net https://twin-iq.kickfire.com https://www.facebook.com https://www.google.com https://www.rumiview.com;manifest-src 'self';media-src 'self' https://d10lpsik1i8c69.cloudfront.net;worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors 'self' socalcustaging.orb.alkamitech.com my.cusocal.org; 1
default-src 'self' *.alsacreations.net *.alsacreations.test *.gstatic.com *.googleapis.com *.bootstrapcdn.com *.youtube.com *.twitter.com *.codepen.io codepen.io codesandbox.io; style-src 'self' fonts.googleapis.com *.alsacreations.net *.alsacreations.test *.bootstrapcdn.com 'unsafe-inline'; img-src * data:; frame-ancestors 'none'; base-uri 'none'; form-action 'self' *.alsacreations.com *.alsacreations.test 1
frame-ancestors 'self' *.webuntis.dev *.webuntis.com 1
default-src 'self' www.spellzone.com googleads.g.doubleclick.net www.google-analytics.com app-eu.readspeaker.com f1-eu.readspeaker.com vttts-eu.readspeaker.com vtdnntts-se.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com https://r3.talklets-secure.com r3.talklets-secure.com spellzone.youcanbook.me spellzone-us.youcanbook.me www.youtube.com player.vimeo.com pagead2.googlesyndication.com partner.googleadservices.com/ tpc.googlesyndication.com/ api.edtechimpact.com/ region1.google-analytics.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com   ssl.google-analytics.com pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com www.googletagservices.com ajax.googleapis.com adservice.google.com adservice.google.co.uk f1-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com https://r3.talklets-secure.com www.googleapis.com player.vimeo.com cloudflare.com/cdn-cgi/ cdn.ampproject.org partner.googleadservices.com/ tpc.googlesyndication.com/ adservice.google.be/adsid/ widget.edtechimpact.com/ www.youtube.com/ www.profitablecreativeformat.com/;     frame-src 'self' *;    img-src 'self' data: storage.googleapis.com pagead2.googlesyndication.com www.google-analytics.com ssl.google-analytics.com f1-eu.readspeaker.com app-eu.readspeaker.com vttts-eu.readspeaker.com vtdnntts-se.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com chart.googleapis.com/chart https://cdn.livechatinc.com/ https://secure.livechatinc.com/ www.googletagmanager.com googleads.g.doubleclick.net media.edtechimpact.com/ m.media-amazon.com/;  style-src 'self' 'unsafe-inline' app-eu.readspeaker.com f1-eu.readspeaker.com fonts.googleapis.com/;   font-src 'self' fonts.googleapis.com fonts.gstatic.com/; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors *.codingdojo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.codingdojo.com https://tagmanager.google.com/ https://www.googletagmanager.com/ *.stripe.com https://www.googleadservices.com/ *.googleoptimize.com sc-static.net *.vimeo.com *.youtube.com *.googleapis.com js.hubspot.com gs.mountain.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.chilipiper.com js.hsforms.net d2jjzw81hqbuqv.cloudfront.net *.sentry-cdn.com bat.bing.com *.quantserve.com js.hs-scripts.com *.doubleclick.net snap.licdn.com dx.mountain.com static.ads-twitter.com www.clarity.ms cdn.taboola.com *.tiktok.com tr.snapchat.com *.intercom.io ws.zoominfo.com www.clickcease.com www.talkable.com js.intercomcdn.com px.mountain.com trc.taboola.com *.quantcount.com js.hs-banner.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net *.ubembed.com cdn.ampproject.org static.hsappstatic.net script.crazyegg.com; style-src 'self' 'unsafe-inline' *.codingdojo.com https://tagmanager.google.com/ https://fonts.googleapis.com/ hello.myfonts.net; frame-src 'self' *.codingdojo.com *.vimeo.com *.youtube.com *.snapchat.com td.doubleclick.net www.talkable.com www.facebook.com codingdojo.na.chilipiper.com forms.hsforms.com meetings.hubspot.com; object-src 'self' 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://click2cart.co https://ss.click2cart.com locate.pricespider.com api.tiles.mapbox.com pghub.io cdn.pricespider.com wtbevents.pricespider.com cdn.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com cdn.pricespider.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://click2cart.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://res.cloudinary.com https://www.google.com cdn.pricespider.com wwwassets.pricespider.com embeddedcloud.pricespider.com i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://click2cart.co https://pandg.tapad.com https://www.youtube-nocookie.com www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * about:; font-src * 'self' data: https://fonts.gstatic.com; img-src * 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; worker-src blob: data: *; 1
frame-ancestors https://ankiweb.net 1
default-src 'self' https://www.debtdomain.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.gstatic.com https://www.debtdomain.com/ https://*.fontawesome.com data: blob:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://*.fontawesome.com https://www.debtdomain.com data:; style-src 'self' 'unsafe-inline' www.gstatic.com https://www.debtdomain.com; img-src 'self' data: blob: https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.ihs.com https://www.gstatic.com https://www.debtdomain.com; frame-src 'self'  https://www.debtdomain.com mailto: tel: https://www.google.com blob:; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.fontawesome.com https://www.debtdomain.com; manifest-src 'self' https://www.debtdomain.com; media-src https://www.debtdomain.com; report-uri https://62qmu92e1g.execute-api.eu-west-1.amazonaws.com/dd-prod-irl-csp-reporting_stage/default; report-to csp-default-report-group; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de bid.g.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.livechatinc.com *.hostedpayments.com *.bugherd.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de googleads.g.doubleclick.net analytics.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.newrelic.com *.bugherd.com *.nr-data.net *.livechatinc.com https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.googleadservices.com analytics.google.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.livechatinc.com *.nr-data.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; report-uri https://www.biotronik.com/en-us/report-uri/enforce 1
default-src 'self' https://ssl.google-analytics.com/ https://www.google.com/analytics/ https://marketingplatform.google.com/about/analytics/ https://counter.yadro.ru/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; img-src 'self' https://mc.yandex.ru/clmap/ https://www.reklama-online.ru/ https://r-o.ru/ https://mc.yandex.ru/webvisor/15606835 https://s.r-o.ru/ data: https://*.userapi.com https://top-fwz1.mail.ru/tracker https://core-renderer-tiles.maps.yandex.net/ https://web.icq.com/whitepages/online https://status.icq.com/ https://api-maps.yandex.ru/ https://top-fwz1.mail.ru/counter https://counter.yadro.ru/hit https://ssl.google-analytics.com/ https://code-ya.jivosite.com/images/ https://code.jivo.ru/images/ https://mc.yandex.ru/metrika/ https://www.sostav.ru/images/ https://adindex.ru/ https://vk.com/emoji/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/iconify/ https://suggest-maps.yandex.ru/suggest-geo https://mc.yandex.ru/watch/ https://widget.flamp.ru/loader.js https://api.iconify.design/ https://code.iconify.design/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net/tiles https://api-maps.yandex.ru/ https://mc.yandex.ru/metrika/tag.js https://top-fwz1.mail.ru/js/code.js https://ssl.google-analytics.com/ga.js https://code-ya.jivosite.com/ https://code.jivo.ru/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://code-ya.jivosite.com/css/ https://code.jivo.ru/; connect-src 'self' https://api.simplesvg.com/ https://ssl.google-analytics.com/ https://api.iconify.design/ https://api.unisvg.com/ wss://*.jivo.ru/ https://*.jivo.ru/ wss://*.jivosite.com/cometcn https://mc.yandex.ru/ https://mc.yandex.md/ https://top-fwz1.mail.ru/counter https://top-fwz1.mail.ru/tracker https://*.jivosite.com; media-src https://code-ya.jivosite.com/sounds/ https://code.jivo.ru/sounds/; frame-src https://yandex.ru/ https://www.youtube.com/ https://widget.flamp.ru/ https://api-maps.yandex.ru/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cta-service-cms2.hubspot.com js.hubspot.com connect.facebook.net js.hscta.net js.jotform.com *.jotfor.ms links.services.disqus.com https://ats.rlcdn.com/ats.js c.disquscdn.com blogsdsd.disqus.com maps.googleapis.com www.google.com www.gstatic.com ajax.cloudflare.com cdnjs.cloudflare.com player.vimeo.com static.hsappstatic.net connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net js.hs-scripts.com snap.licdn.com www.google-analytics.com forms.hsforms.com www.googletagmanager.com static.datasciencedojo.com js.hsforms.net datasciencedojo.com *.datasciencedojo.com js.stripe.com form.jotform.com datasciencedojo.sharepoint.com https://www.facebook.com https://www.youtube.com https://dojobinder.datasciencedojo.com; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' 'https://*.boydcorp.com''; 1
object-src 'none'; script-src 'self' 'strict-dynamic' https://www.capitasfinancial.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com use.typekit.net yui.yahooapis.com; script-src-attr 'self'; script-src-elem 'self' https://www.capitasfinancial.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com use.typekit.net yui.yahooapis.com; style-src 'self' https://www.capitasfinancial.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js; frame-ancestors 'self' https://www.capitasfinancial.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js; block-all-mixed-content 1
frame-ancestors 'self' *.smart2.biz 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-jmBjDhqg3rwRK25vyJBjr0sUPJk=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-ZzkzQU1lZHFuWktHMTdXNTdJazZKMi9aak5kL0RRNDk1c3RHekJHUnNFVT06eXJ5MFdvRXIyY1BzNVBUeG1NNE1jUXV4eDdBMVhVOElwNjBMbGxEYTRSdz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self' nc:;frame-ancestors 'self';form-action 'self' 1
frame-ancestors *.advisor.travel; 1
default-src 'self' https://www.google.com/ads/ https://s7.addthis.com/ https://api-public.addthis.com/ https://www.youtube-nocookie.com/ https://jnn-pa.googleapis.com/ https://play.google.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com/ https://www.youtube-nocookie.com/; img-src 'self' https://jbs.i-maxpr.com/ data: https://www.google-analytics.com/ https://www.facebook.com/ https://www.google.com.br/ https://i.ytimg.com/ https://yt3.ggpht.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/ https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data:application/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/; media-src 'self' https://s7.addthis.com/; object-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com; worker-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rec.smartlook.com https://www.google-analytics.com https://cdn.cookielaw.org/ https://fonts.googleapis.com/ https://s7.addthis.com/ https://www.googletagmanager.com/ https://z.moatads.com/ https://www.google-analytics.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://rec.smartlook.com/recorder.js https://s7.addthis.com/js/300/addthis_widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; 1
default-src 'none'; frame-src 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://portal-fl.smbsecurecloud.net https://*.livehelpnow.net; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://portal-fl.smbsecurecloud.net https://rtm.carrierzone.com https://rte.carrierzone.com https://rte.megawebservers.com https://assets.braintreegateway.com https://rte.megawebservers.eu https://*.livehelpnow.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.paypalobjects.com https://www.paypal.com https://portal-fl.smbsecurecloud.net https://rtm-to.smbsecurecloud.net https://oss.maxcdn.com https://js.braintreegateway.com https://*.qualtrics.com https://rtm.carrierzone.com https://rte.carrierzone.com https://rte.megawebservers.com https://*.salesforceliveagent.com https://rte.megawebservers.eu https://cdn.cookielaw.org https://*.googleapis.com https://cdn.appdynamics.com https://*.livehelpnow.net; connect-src 'self' https://www.paypal.com https://www.paypalobjects.com https://*.googleapis.com https://www.google-analytics.com https://portal-fl.smbsecurecloud.net https://siteintercept.qualtrics.com https://rtm-to.smbsecurecloud.net https://rtm.carrierzone.com https://rte.carrierzone.com https://rte.megawebservers.com https://*.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://rte.megawebservers.eu https://*.braintree-api.com https://cdn.cookielaw.org https://*.g.doubleclick.net https://pdx-col.eum-appdynamics.com https://*.livehelpnow.net wss://app.livehelpnow.net; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://google-analytics.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://portal-fl.smbsecurecloud.net http://remotedesktops.websiteos.com https://rtm.carrierzone.com https://rte.carrierzone.com https://rte.megawebservers.com https://portal.mktgsuite.deluxe.com https://*.qualtrics.com https://rte.megawebservers.eu https://cdn.cookielaw.org https://*.livehelpnow.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://plugin.monotote.com https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://*.thcdn.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://plugins.makeupar.com https://plugins-media.makeupar.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.illamasqua.com https://m.illamasqua.com https://checkout.illamasqua.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://plugins-media.makeupar.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://yuantabank.com.tw/ https://b2bank.yuantabank.com.tw/ https://ebank.yuantabank.com.tw/ https://accessibility.yuantabank.com.tw http://epe.corp.yuanta.com/ https://superatm.tw/  ; script-src 'self' https://ssl.google-analytics.com https://*.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://ebank.yuantabank.com.tw/; connect-src 'self' https://localhost:* https://api.yuantafunds.com/ https://yuanta-search.bondlinc.com https://www.google-analytics.com https://stats.g.doubleclick.net ; img-src 'self' data: https://www.google-analytics.com maps.gstatic.com *.googleapis.com *.ggpht https://ebank.yuantabank.com.tw/ https://yuantabank.com.tw/ https://www.yuantabank.com.tw/ https://stats.g.doubleclick.net; child-src 'self' ; frame-ancestors 'self' https://b2bank.yuantabank.com.tw/ https://ebank.yuantabank.com.tw/ https://accessibility.yuantabank.com.tw http://epe.corp.yuanta.com/ https://superatm.tw/ ; frame-src 'self' https://www.youtube.com/ https://ebank.yuantabank.com.tw/ https://accessibility.yuantabank.com.tw http://epe.corp.yuanta.com/ https://superatm.tw/ ; media-src 'self' data: ; font-src 'self' data: ; 1
frame-ancestors http://*.povison.com https://*.povison.com https://povison.com http://povison.com https://*.povison-inc.com http://*.musem.com https://*.musem.com 1
frame-src 'self' *.eqs.com *.facebook.com *.youtube.com *.equitystory.com *.vimeo.com; default-src  'self' *.eqs.com *.crazyegg.com *.azurewebsites.net *.windows.net data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' api.mapbox.com *.crazyegg.com *.azurewebsites.net *.windows.net *.eqs.com https:;child-src 'self' blob: data: *.facebook.com *.youtube.com *.azurewebsites.net;style-src 'unsafe-inline' 'self' api.mapbox.com *.crazyegg.com *.azurewebsites.net *.windows.net https:; img-src 'self' blob: data: *.facebook.com *.onetrust.com *.linkedin.com *.twitter.com *.azurewebsites.net *.windows.net t.co *.eqs.com https://www.google.com https://www.google.co.uk *.www.google-analytics.com https://www.google-analytics.com; connect-src 'self' blob: data: *.crazyegg.com *.onetrust.com *.onetrust.com *.mapbox.com *.linkedin.oribi.io https://region1.analytics.google.com https://stats.g.doubleclick.net *.google-analytics.com 1
frame-ancestors 'self' https://www.nbmincorporated.com https://li-baplu-p01.compsych-ad.int:8443 https://li-baplu-p02.compsych-ad.int:8443; 1
default-src 'self' *.bancoagricola.com https://bancoagricola.s1gateway.com; script-src 'self' https://ssl.gstatic.com https://apis.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://atentosv2.s1gateway.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://static.hotjar.com https://static.ads-twitter.com https://snap.licdn.com https://websdk.appsflyer.com/ https://script.hotjar.com https://px.ads.linkedin.com http://t.co https://www.google.com https://www.google.com.sv https://www.facebook.com https://analytics.twitter.com https://p.adsymptotic.com https://vars.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://bancoagricola.s1gateway.com https://cdnva.s1gateway.com https://www.youtube.com https://www.youtube.com/ https://www.google-analytics.com https://www.optimize.google.com https://www.googleoptimize.com https://google-analytics.com https://optimize.google.com https://googleoptimize.com https://www.gstatic.com data: 'unsafe-eval' 'unsafe-inline'; object-src *; style-src 'self' https://ssl.gstatic.com https://apis.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://atentosv2.s1gateway.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://static.hotjar.com https://static.ads-twitter.com https://snap.licdn.com https://websdk.appsflyer.com/ https://script.hotjar.com https://px.ads.linkedin.com http://t.co https://www.google.com https://www.google.com.sv https://www.facebook.com https://analytics.twitter.com https://p.adsymptotic.com https://vars.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://bancoagricola.s1gateway.com https://cdnva.s1gateway.com https://www.youtube.com https://www.youtube.com/ https://www.google-analytics.com https://www.optimize.google.com https://www.googleoptimize.com https://google-analytics.com https://optimize.google.com https://googleoptimize.com https://www.gstatic.com data: 'unsafe-inline'; img-src 'self' https://ssl.gstatic.com https://apis.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://atentosv2.s1gateway.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://static.hotjar.com https://static.ads-twitter.com https://snap.licdn.com https://websdk.appsflyer.com/ https://script.hotjar.com https://px.ads.linkedin.com http://t.co https://www.google.com https://www.google.com.sv https://www.facebook.com https://analytics.twitter.com https://p.adsymptotic.com https://vars.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://bancoagricola.s1gateway.com https://cdnva.s1gateway.com https://www.youtube.com https://www.youtube.com/ https://www.google-analytics.com https://www.optimize.google.com https://www.googleoptimize.com https://google-analytics.com https://optimize.google.com https://googleoptimize.com https://www.gstatic.com data:; media-src 'self' data:; font-src 'self' https://ssl.gstatic.com https://apis.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://atentosv2.s1gateway.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://static.hotjar.com https://static.ads-twitter.com https://snap.licdn.com https://websdk.appsflyer.com/ https://script.hotjar.com https://px.ads.linkedin.com http://t.co https://www.google.com https://www.google.com.sv https://www.facebook.com https://analytics.twitter.com https://p.adsymptotic.com https://vars.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://bancoagricola.s1gateway.com https://cdnva.s1gateway.com https://www.youtube.com https://www.youtube.com/ https://www.google-analytics.com https://www.optimize.google.com https://www.googleoptimize.com https://google-analytics.com https://optimize.google.com https://googleoptimize.com https://www.gstatic.com; connect-src *; frame-src youtube.com https://www.youtube.com https://vars.hotjar.com https://logo.prismasystems.com.ar https://bancoagricola.s1gateway.com https://www.google-analytics.com https://www.optimize.google.com https://www.googleoptimize.com https://google-analytics.com https://optimize.google.com https://googleoptimize.com https://www.google.com; 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' https://www.rust-lang.org; font-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://siteimproveanalytics.com/ https://use.typekit.net/ https://snap.licdn.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net https://fast.fonts.net ; connect-src 'self' https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com https://p.typekit.net https://use.typekit.net https://cdn.linkedin.oribi.io/ ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net/ https://fast.fonts.net/ ; img-src 'self' data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://*.global.siteimproveanalytics.io https://finnegan.vuture.net/ https://px.ads.linkedin.com ; frame-src 'self' mailto: blob: https://mail.google.com/ https://cdn.yoshki.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://www.google.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
frame-ancestors 'self' https://jupiter.central-insurance.com https://arche.central-insurance.com https://carme.central-insurance.com https://adrastea.central-insurance.com https://pandia.central-insurance.com https://amalthea.central-insurance.com https://www.central-insurance.com https://central-insurance.com https://apps.facebook.com https://www.facebook.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com https://wss.mnc790.mcc313.pub.3gppnetwork.org:10076; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://libertypr.com https://www.libertypr.com; form-action *; worker-src * blob:; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.sk https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.sk https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.sk;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.sk  https://smetrics.vwfs.sk https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.sk;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.sk https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.sk https://smetrics.vwfs.sk https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.sk http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src self *. mibanco.com.pe; 1
default-src 'self'; script-src *; style-src *; font-src *;img-src *; includeSubDomains 1
default-src 'self';  script-src-elem 'self' *.netlify.app *.licdn.com *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.facebook.net *.vimeo.com *.clarity.ms 'unsafe-eval' 'unsafe-inline';  script-src 'unsafe-eval' 'unsafe-inline';  style-src 'self' 'unsafe-inline';  img-src * blob: data:;  media-src 'none';  frame-src *.vimeo.com *.netlify.com data:;  connect-src *;  font-src 'self'; 1
default-src 'self' 'unsafe-eval' data: *.gstatic.com *.google-analytics.com *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com bat.bing.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.gravatar.com bat.bing.com; font-src 'self' data: https:; connect-src 'self' *.datadoghq.com *.linkedin.com *.eventconnect.io *.bamboohr.com *.ada.support *.yoast.com *.facebook.com *.google.com *.google-analytics.com *.yoast.com wss://*.hotjar.com *.hotjar.io *.hotjar.com *.hubspot.com *.hubapi.com *.hsforms.com wss://ws22.hotjar.com/api/v2/client/ws stats.g.doubleclick.net https://cdnjs.cloudflare.com *.hotjar.com; media-src 'self' https:; object-src 'self'; frame-src 'self' *.doubleclick.net *.youtube.com *.jotform.com *.eventconnect.io *.ada.support xd.adobe.com/ www.google.com www.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net *.hotjar.com *.hsforms.com; frame-ancestors 'self' about: *.eventconnect.io *.ada.support; form-action 'self' *.facebook.com *.hsforms.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' snap.licdn.com public.tableau.com googletagmanager.com google-analytics.com linkedin.com *.linkedin.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.mouseflow.com https://*.googleoptimize.com https://*.hsadspixel.net https://*.hs-analytics.net/* https://*.hsleadflows.net https://*.hs-abanner.com https://*.hs-analytics.net https://js.hs-banner.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com https://www.googleadservices.com https://tpc.googlesyndication.com web.cvent.com dev.visualwebsiteoptimizer.com https://cdn.jsdelivr.net; worker-src 'self' blob:; frame-ancestors 'self' snap.licdn.com public.tableau.com googletagmanager.com/* google-analytics.com linkedin.com *.linkedin.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com; report-uri https://www.chartis.com/report-uri/enforce 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com blob: data: *.googleapis.com *.jivo.ru *.jivosite.com *.google-analytics.com *.bitrix.info bitrix.info *.yandex.ru *.maps.yandex.net *.yamentrics.ru https://yastatic.net http://yastatic.net *.pscb.ru pscb.ru *.1c-bitrix.ru *.gstatic.com; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.jivo.ru *.jivo.com; frame-ancestors *.pscb.ru metrika.yandex.ru webvisor.com *.webvisor.com; connect-src wss://*.jivosite.com *.yandex.ru *.yametrcis.ru https://*.jivosite.com 'self' bitrix.info; frame-src 'self' https: 1
default-src 'self' blob: data: *.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: redtrack.thebraintumourcharity.org *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.stripe.com *.paypal.com *.paypalobjects.com www.sandbox.paypal.com *.hotjar.com service.force.com thebraintumourcharity.my.salesforce.com thebraintumourcharity.my.salesforce-sites.com *.salesforceliveagent.com cookiehub.net *.cookiehub.eu *.civiccomputing.com *.licdn.com *.linkedin.com *.facebook.net *.youtube.com cdn.usefathom.com *.tiktok.com *.ttwstatic.com tfaforms.com cdn.getaddress.io static.lightning.force.com; style-src 'self' 'unsafe-inline' blob: data: cdn.usefathom.com service.force.com cookiehub.net *.civiccomputing.com *.linkedin.com thebraintumourcharity.my.salesforce-sites.com static.lightning.force.com *.ttwstatic.com; img-src 'self' data: assets.thebraintumourcharity.org *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com maps.gstatic.com *.stripe.com *.facebook.com cdn.usefathom.com cookiehub.net *.cookiehub.eu *.civiccomputing.com *.linkedin.com *.paypal.com *.paypalobjects.com upload.wikimedia.org static.lightning.force.com; manifest-src 'self'; media-src 'self' assets.thebraintumourcharity.org; child-src 'self'; worker-src 'self' blob: data:; object-src 'self'; frame-src 'self' *.google.com *.stripe.com app.acuityscheduling.com *.paypal.com *.paypalobjects.com *.facebook.com *.googletagmanager.com *.doubleclick.net www.sandbox.paypal.com assets.braintreegateway.com tfaforms.com *.cookiehub.eu *.cookiehub.net *.civiccomputing.com www.tfaforms.com service.force.com thebraintumourcharity.my.salesforce-sites.com static.lightning.force.com *.youtube.com *.tiktok.com *.vimeo.com *.spotify.com; connect-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.doubleclick.net checkout.stripe.com api.stripe.com cdn.linkedin.oribi.io analytics.tiktok.com wss://ws.hotjar.com *.hotjar.io *.facebook.com service.force.com app.acuityscheduling.com *.paypal.com *.cookiehub.eu *.cookiehub.net *.civiccomputing.com www.sandbox.paypal.com tfaforms.com redtrack.thebraintumourcharity.org thebraintumourcharity.my.salesforce-sites.com api.getaddress.io static.lightning.force.com px.ads.linkedin.com ds.cookiehub.net; frame-ancestors 'self' thebraintumourcharity.my.salesforce.com; upgrade-insecure-requests ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://cdn-saas.broadage.com https://fonts.googleapis.com https://onesignal.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.cxense.com cdn-saas.broadage.com www.googletagmanager.com www.google-analytics.com connect.facebook.net platform.twitter.com www.instagram.com *.hotjar.com *.google.com *.piri.net platform.instagram.com tiktok onesignal.com *.onesignal.com *.googleads.g.doubleclick.net; img-src http: data:; font-src 'self' data: *.hotjar.com fonts.googleapis.com cdn-saas.broadage.com fonts.gstatic.com; media-src 'self' image.piri.net video.piri.net; worker-src 'self' blob:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.piri.net *.azureedge.net pro.ip-api.com cdn-saas.broadage.com accounts.google.com dc.services.visualstudio.com www.google-analytics.com piri.net stats.g.doubleclick.net *.googleapis.com *.hotjar.com *.hotjar.io api.cxense.com *.facebook.com onesignal.com; frame-src * data: blob: 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.jsdelivr.net connect.facebook.net www.google-analytics.com; object-src 'self' 1
default-src 'self' *.nshipster.com; script-src 'self' *.nshipster.com https://*.apple-mapkit.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.gravatar.com https://*.apple-mapkit.com; frame-ancestors 'none'; object-src 'none'; connect-src 'self' *.nshipster.com https://*.apple-mapkit.com; base-uri 'none'; upgrade-insecure-requests; report-uri https://readeval.report-uri.com/r/d/ct/reportOnly; 1
frame-ancestors 'self' *.empowerfcu.com *.zagclients.net 1
frame-ancestors www.helixstudios.com www.spankthishookups.com www.spankthis.com 1
connect-src 'self' *.appsflyer.com *.lr-in-prod.com *.creativecdn.com measurement-api.criteo.com api.thehelloworld.com apistaging.thehelloworld.com api.infobip.com api.mapbox.com api-staging.eqaroguarantees.com api.amplitude.com clickwrap-assets.nestaway.com nestaway-assets.nestaway.com api.gtw.repute.net sdk-01.moengage.com sdk-02.moengage.com sdk-03.moengage.com wss://*.nestaway.com:* *.nestaway.com *.recruiterbox.com metapod-nestaway.firebaseio.com *.googleapis.com *.razorpay.com us-central1-production-nestaway.cloudfunctions.net us-central1-metapod-nestaway.cloudfunctions.net graph.facebook.com www.facebook.com www.google-analytics.com *.mixpanel.com *.freshmarketer.com wss://*.freshmarketer.com cdnjs.cloudflare.com/ajax/libs/knockout/ *.google.com www.google.co.in *.doubleclick.net *.jquery.com *.mouseflow.com nestaway-assets.nestaway.com *.twitter.com *.qualaroo.com wss://*.qualaroo.com *.nr-data.net wss://*.nr-data.net hooks.zapier.com/hooks/catch/1199663/ hooks.zapier.com/hooks/catch/3492762/ hooks.zapier.com/hooks/catch/5238762/ wss://production-nestaway.firebaseio.com production-nestaway.firebaseio.com *.ucweb.com *.bugsnag.com *.m.pipedream.net in.api.tru.id websdk.moengage.com; manifest-src 'self' https://nestaway-assets.nestaway.com/ https://s3.amazonaws.com/webapp-prod-assets/; report-uri https://nestawayphoenix.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com pay.google.com *.amplitude.com *.privetmir.ru adservice.google.co.uk *.hotjar.com *.clicktripz.com *.intercom.io *.intercomcdn.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru  ostrovokru006.webim.ru ostrovokru007.webim.ru *.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com js.adara.com sdk.adara.com pay.yandex.ru thrtle.com js.stripe.com api.stripe.com ux-etg.surveysparrow.com assets.surveysparrow.com widget.surveysparrow.com; frame-src 'self' *.ostrovok.ru *.privetmir.ru privetmir.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com tracking.bonusway.com checkout.paypal.com pay.google.com static.criteo.net pay.yandex.ru gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com  *.bluekai.com *.mail.ru ru.surveymonkey.com www.surveymonkey.com js.stripe.com *.doubleclick.net ux-etg.surveysparrow.com widget.surveysparrow.com; frame-ancestors 'self' metrika.yandex.ru metrica.yandex.com  *.webvisor.com webvisor.com; img-src * data:; report-uri /hc/csp 1
default-src 'self' https://www.sp.edu.sg/ www-sp-edu-sg.cwp-stg.sg *.vica.gov.sg/  *.googletagmanager.com https://*.wogaa.sg https://*.dcube.cloud https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://jointpoly-uat-app.12j34gqapo5v.us-south.codeengine.appdomain.cloud https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud *.elfsight.com api.curator.io https://analytics.tiktok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://universe-static.elfsightcdn.com https://partner.googleadservices.com https://cse.google.com https://snap.licdn.com https://*.wogaa.sg https://*.dcube.cloud *.vica.gov.sg/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/recaptcha https://google.com/recaptcha https://assets.adobedtm.com/ *.googletagmanager.com static.zdassets.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ https://jointpoly-uat-app.12j34gqapo5v.us-south.codeengine.appdomain.cloud https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud *.elfsight.com api.curator.io *.tiktok.com *.telerik.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.vica.gov.sg/ https://assets.wogaa.sg/fonts/ *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://assets.dcube.cloud/fonts/ *.cloudflare.com; font-src 'self' data: https://assets.wogaa.sg/fonts/ fonts.gstatic.com kendo.cdn.telerik.com data: https://assets.dcube.cloud/fonts/ *.cloudflare.com; img-src 'self' https://phosphor.ivanenko.workers.dev/ https://padlet.net/ https://padlet.com/ https://www.sp.edu.sg.lb.cwp.sg https://www.sp-upgrade2.edu.sg https://px.ads.linkedin.com https://www-sp-edu-sg-admin.cwp.sg http://www.sp.edu.sg/ https://www.sp.edu.sg/ https://www-sp-edu-sg-admin.cwp-stg.sg https://www-sp-edu-sg.cwp-stg.sg https://*.vica.gov.sg/ https://img.youtube.com/ data: *.googletagmanager.com https://wogadobeanalytics.sc.omtrdc.net/ *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.linkedin.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.google.com *.google.com.sg data: blob: track.hubspot.com https://cm.everesttech.net/ https://dpm.demdex.net/ https://curator-assets.b-cdn.net/ https://curatorio.s3.amazonaws.com *.elfsightcdn.com; media-src 'self' data: https://*.cdninstagram.com https://curator-assets.b-cdn.net https://www-sp-edu-sg-admin.cwp.sg; frame-src 'self' https://video.eko.com/ https://video.helloeko.com/ https://padlet.com/ https://cse.google.com https://cdn.flipsnack.com/ https://tourmkr.com https://www.google.com/ https://www.gstatic.com/recaptcha https://google.com/recaptcha https://wogaa.demdex.net *.youtube.com *.facebook.com https://jointpoly-prd.mybluemix.net/ https://openhouse.sp.edu.sg https://openhouse-sp-edu-sg.cwp.sg/ https://summer-dust-rtbfcozlfcur.vapor-farm-e1.com/ https://jointpoly-uat-app.12j34gqapo5v.us-south.codeengine.appdomain.cloud https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com; connect-src 'self' https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.google.com wss://*.vica.gov.sg/ https://*.vica.gov.sg/ https://*.wogaa.sg https://*.dcube.cloud https://www.google-analytics.com accounts.google.com ekr.zdassets.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://stats.g.doubleclick.net https://dpm.demdex.net/ api.curator.io *.elfsight.com *.googleapis.com *.tiktok.com *.facebook.com; object-src 'none'; 1
default-src 'self' https://lpcdn.lpsnmedia.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.ipify.org *.googleapis.com *.gstatic.com  *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://horizonbank-507817.workflowcloud.com/ https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/ https://code.jquery.com/ https://www.youtube.com/ https://lptag.liveperson.net/ https://accdn.lpsnmedia.net/ http://s7.addthis.com/ https://lpcdn.lpsnmedia.net/ https://va.v.liveperson.net/ https://www.youtube.com/ https://syndication.twitter.com/ https://s.ytimg.com/ https://publish.twitter.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://www.googletagmanager.com/ https://api-public.addthis.com/ https://cds-sdkcfg.onlineaccess1.com/ www.googleadservices.com *.bing.com http://siteimproveanalytics.com googleads.g.doubleclick.net *.googleadservices.com  *.doubleclick.net *.bing.com js.adsrvr.org *.adsrvr.org https://*.ggpht.com *.googleusercontent.com blob: https://emea3.recruitmentplatform.com/; style-src 'self' 'unsafe-inline' www.googletagmanager.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/  https://fonts.googleapis.com https://emea5-foc.lumessetalentlink.com/ https://emea3.recruitmentplatform.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://apply5.lumessetalentlink.com/ https://cdn-ui.lumessetalentlink.com/ https://fonts.gstatic.com https://emea3.recruitmentplatform.com/; img-src 'self' ups.analytics.yahoo.com https://data.adxcel-ec2.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com maps.google.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://static.licdn.com/ https://dec.azureedge.net https://www.horizonbank.com/ *.insight.sitefinity.com *.dec.sitefinity.com https://lpcdn.lpsnmedia.net/ *.google.com/ *.googletagmanager.com bat.bing.com *.siteimproveanalytics.io googleads.g.doubleclick.net divisiond-82-adswizz.attribution.adswizz.com www.googleadservices.com insight.adsrvr.org *.fls.doubleclick.net  *.adsrvr.org *.adswizz.com horizonbank.com  *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.bing.com *.doubleclick.net; media-src 'self' data: blob: https://lpcdn.lpsnmedia.net/ *.googleusercontent.com data:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://horizonbank-507817.workflowcloud.com/ https://gbo-app-znc.nintex.io/ maps.google.com www.google.com https://lpcdn.lpsnmedia.net/ https://s7.addthis.com/ https://va.idp.liveperson.net/ bid.g.doubleclick.net *.fls.doubleclick.net  *.doubleclick.net; connect-src 'self' analytics.google.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com bankonline.horizonbank.com https://apply5.lumessetalentlink.com/ https://emea5-foc.lumessetalentlink.com/ wss://va.msg.liveperson.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ bat.bing.com *.addthis.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; 1
default-src 'none'; script-src-elem 'self' 'nonce-175535c1-c2f0-481c-b739354950915cf4' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; script-src 'self' 'nonce-175535c1-c2f0-481c-b739354950915cf4' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.algolia.net *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; connect-src 'self' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com *.analytics.google.com *.google.com *.oribi.io *.g.doubleclick.net *.algolia.net *.evgnet.com *.evergage.com *.ads.linkedin.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com https://vialto.wpengine.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.vialtopartners.com https://vialto.wpengine.com; img-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.google.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.linkedin.com https: data: *.evergage.com 'unsafe-eval' 'unsafe-inline' *.evergage.com https://vialto.wpengine.com; media-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.youtube.com *.vimeo.com https://vialto.wpengine.com; frame-src 'self' cdn.yoshki.com *.doubleclick.net *.google.com *.podbean.com *.vimeo.com https://vialto.wpengine.com 1
upgrade-insecure-requests; base-uri 'self'; default-src 'self' stat.ee *.stat.ee rahvaloendus.ee; connect-src 'self' stat.ee *.stat.ee rahvaloendus.ee www.facebook.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net respondent.survicate.com; font-src 'self' stat.ee *.stat.ee rahvaloendus.ee data: fonts.gstatic.com themes.googleusercontent.com surveys-static.survicate.com; frame-ancestors 'self' stat.ee *.stat.ee rahvaloendus.ee; frame-src 'self' stat.ee *.stat.ee rahvaloendus.ee 'unsafe-inline' www.facebook.com web.facebook.com public.flourish.studio flo.uri.sh www.google.com www.google.ee surveys-static.survicate.com platform.twitter.com www.youtube.com; img-src 'self' stat.ee *.stat.ee rahvaloendus.ee data: www.facebook.com public.flourish.studio www.googletagmanager.com www.google.com www.google.ee translate.google.com *.google-analytics.com *.analytics.google.com www.gstatic.com stats.g.doubleclick.net syndication.twitter.com; script-src 'self' stat.ee *.stat.ee rahvaloendus.ee 'unsafe-inline' 'unsafe-eval' connect.facebook.net public.flourish.studio www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com ajax.googleapis.com cdn.jsdelivr.net noembed.com polyfill.io cdn.polyfill.ios survey.survicate.com surveys-static.survicate.com platform.twitter.com; style-src 'self' stat.ee *.stat.ee rahvaloendus.ee 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net surveys-static.survicate.com; worker-src 'self' stat.ee *.stat.ee rahvaloendus.ee blob:; report-uri 2c84a220b9d36f30525b30328c838bfb.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.calcxml.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://accounts.google.com https://cdnapisec.kaltura.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.newrelic.com https://embed.widget.cx ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com http: https:; base-uri 'self'; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://cdnapisec.kaltura.com data: ; img-src 'self' https://www.calcxml.com https://cfvod.kaltura.com https://cdn.careeronestop.org blob: data: ; media-src 'self' https://cdnapisec.kaltura.com https://www.careeronestop.org https://cdn.careeronestop.org https://cfvod.kaltura.com blob: ; frame-src 'self' https://accounts.google.com https://www.careeronestop.org https://web2.0calc.com blob: ; connect-src 'self' www.learningexpresshub.com *.learningexpresshub.info https://www.calcxml.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnapisec.kaltura.com https://analytics.kaltura.com https://cfvod.kaltura.com https://www.careeronestop.org https://cdn.careeronestop.org *.cloudfront.net https://bam-cell.nr-data.net https://bam.nr-data.net https://api.widget.cx https://accounts.google.com https://metrics.articulate.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' https://static.tacdn.com https://ton.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://fonts.googleapis.com/css https://www.tweetjs.com; font-src 'self' https://static.tacdn.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://livestream.com https://static.tacdn.com https://www.tripadvisor.co.nz https://www.tripadvisor.com http://www.jscache.com https://cdn.syndication.twimg.com https://platform.twitter.com https://public.tableau.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.google.com https://www.gstatic.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https://www.tripadvisor.co.nz https://ton.twimg.com https://pbs.twimg.com https://abs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://khms0.googleapis.com https://khms1.googleapis.com https://public.tableau.com https://maps.google.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://raw.githubusercontent.com; frame-src 'self' https://identity.whispir.com https://www.facebook.com https://livestream.com https://nzpolice.nz.whispir.com https://syndication.twitter.com https://platform.twitter.com https://public.tableau.com https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://www.tweetjs.com; object-src 'none'; 1
default-scr https: data:  'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
default-src 'self'; img-src 'self' data: https://www.vhv-veranstaltungen.de https://*.vhv.de https://archiv.vhv-partner.de https://www.facebook.com https://bat.bing.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://*.cookielaw.org; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://archiv.vhv-partner.de https://www.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://tm.k8s.vhv.de https://eu.posthog.com https://www.vhv-veranstaltungen.de https://*.google.com https://*.googleadservices.com https://*.doubleclick.net https://www.vhv.de https://app.posthog.com https://geolocation.onetrust.com https://api.efeedback.de https://feedback.callexa.com https://*.analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://bat.bing.com; frame-src data: https://*.webflow.com https://*.webflow.io https://webflow.com https://webflow.com https://*.schnellschaden.de https://*.devclaimscheck.com https://*.vhv.de https://www.youtube.com https://s.ytimg.com https://cloud.nc3-cdn.com; media-src https://www.youtube.com https://youtu.be https://www.vimeo.com; object-src 'none'; script-src 'strict-dynamic' 'nonce-d1pJUAGgDd2rgP5usJEJcrnwJ4Sr0J7h' https:; base-uri 'self' 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch; upgrade-insecure-requests 1
style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css https://p.typekit.net/p.css https://www.southerncross.co.nz https://mc-fec8b19f-c7fd-4e56-8bfe-1850-cdn-endpoint.azureedge.net;base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://easyclaim.southerncross.co.nz https://my.southerncross.co.nz https://advisers.southerncross.co.nz https://providers.southerncross.co.nz https://workscheme.southerncross.co.nz https://identity.southerncross.co.nz https://join.southerncross.co.nz; block-all-mixed-content; 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://testnet.omni.network https://sepolia-rollup.arbitrum.io https://arb1.arbitrum.io https://*.base.org https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com https://api.web3modal.com wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://rpc.ankr.com https://cloudflare-eth.com/ https://*.polkastarter.com https://*.cookie3.co;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' https://*.polkastarter.com;frame-ancestors 'none';frame-src https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live;img-src 'self' blob: data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com https://explorer-api.walletconnect.com https://vercel.com/ https://api.web3modal.com https://token-icons.s3.amazonaws.com;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-WUx6Z2VlclVmbitWUnREdXB3d0plYm5GV0RGQlByRG1DVytBOEQzczdrTT06RFpQWlFJTHNHaXZmSTU2R3pIdFpTZno4YjFVTVhlS0VVenZQeVYvWm5nRT0=';script-src-elem 'strict-dynamic' 'nonce-WUx6Z2VlclVmbitWUnREdXB3d0plYm5GV0RGQlByRG1DVytBOEQzczdrTT06RFpQWlFJTHNHaXZmSTU2R3pIdFpTZno4YjFVTVhlS0VVenZQeVYvWm5nRT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-ancestors *.albint.com gcs-web.com *.gcs-web.com 1
frame-src 'self' *.antoniusziekenhuis.nl; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net 'unsafe-inline'; style-src 'self' cdn.jsdelivr.net 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
script-src 'report-sample' 'nonce-OwlM4l4gEw9xhEKDDjZVGw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'self';connect-src 'self' wss://logflare.app https://api.github.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://buttons.github.io https://platform.twitter.com https://cdnjs.cloudflare.com https://js.stripe.com;style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://api.github.com;img-src 'self' data: https://*.googleusercontent.com https://www.gravatar.com https://avatars.githubusercontent.com https://platform.slack-edge.com;font-src 'self' https://use.fontawesome.com;frame-src 'self' https://platform.twitter.com https://install.cloudflareapps.com https://datastudio.google.com https://js.stripe.com https://www.youtube.com https://lookerstudio.google.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://knowledgetags.yextpages.net https://visionsfcu.org https://www.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com *.glia.com https://*.fls.doubleclick.net https://www.youtube.com/ https://expert.visionsfcu.org/ https://ads.o142.com https://files.marcomcentral.app.pti.com https://www.stgfinalyticsdemo.com https://www.finalyticsdemo.com stgfinalyticsdata.com finalyticsdata.com https://finpixel.s3.us-east-2.amazonaws.com/finalytics.js https://stgfinpixel.s3.us-east-2.amazonaws.com/finalytics.js https://finpixel.s3.us-east-2.amazonaws.com/controlbar.js https://stgfinpixel.s3.us-east-2.amazonaws.com/controlbar.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com https://finalyticsprod.s3.us-east-2.amazonaws.com https://dfy3oyzv6dw2d.cloudfront.net https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com/pixel/finalytics.js https://extractable-finalytics-stable.s3.us-west-2.amazonaws.com https://d1v4vw9mwf7wyh.cloudfront.net https://cdn.jsdelivr.net https://unpkg.com https://polyfill.io; connect-src 'self' *.visionsfcu.org https://visionsfcu.org https://www.visionsfcu.org https://cdn.cookielaw.org https://geolocation.onetrust.com *.onetrust.com https://www.google-analytics.com *.googleapis.com https://stats.g.doubleclick.net/ *.cloudsponge.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com *.kadince.com stgfinalyticsdata.com finalyticsdata.com https://stgfinpixel.s3.us-east-2.amazonaws.com/finalytics.js https://finpixel.s3.us-east-2.amazonaws.com/finalytics.js https://stgfinpixel.s3.us-east-2.amazonaws.com/controlbar.js https://finpixel.s3.us-east-2.amazonaws.com/controlbar.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com/pixel/finalytics.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com https://finalyticsprod.s3.us-east-2.amazonaws.com https://dfy3oyzv6dw2d.cloudfront.net https://extractable-finalytics-stable.s3.us-west-2.amazonaws.com https://d1v4vw9mwf7wyh.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net https://*.xtlo.net https://thefontzone.com https://px.ads.linkedin.com/wa/ data: https://www.googletagmanager.com; font-src 'self' *.cloudsponge.com use.fontawesome.com http://fonts.gstatic.com *.xtlo.net https://fonts.gstatic.com https://files.marcomcentral.app.pti.com data:; frame-src 'self' https://*.bloomfire.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://s.amazon-adsystem.com/ https://expert.visionsfcu.org/ https://customer.jrni.com/ https://*.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com *.glia.com https://www.youtube.com/ https://www.youtube-nocookie.com https://ads.o142.com; img-src * data:; object-src 'self' https://*.bloomfire.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://origin.extole.io https://referrals.visionsfcu.org https://*.xtlo.net *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://wt.dm00.com/ https://siteimproveanalytics.com https://d1v4vw9mwf7wyh.cloudfront.net/ https://dfy3oyzv6dw2d.cloudfront.net finalyticsdata.com stgfinalyticsdata.com blob: cds-sdkcfg.onlineaccess1.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.votervoice.net maps.googleapis.com; frame-ancestors 'self' https://visionsfcu.org https://digital.visionsfcu.org http://dev-01.q2developer.com; report-uri https://visionsfcu.org/report-uri/enforce 1
frame-ancestors * 'self'; default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; object-src * 'self'; frame-src * 'self'; child-src * 'self' blob:; img-src * 'self' data: blob:; font-src * 'self' data:; connect-src * 'self'; manifest-src * 'self'; base-uri 'self'; form-action * 'self'; media-src * 'self'; worker-src * 'self' blob:; 1
default-src 'self' *.google.com *.google-analytics.com; img-src 'self' 'unsafe-inline' data: *.uto.edu.bo; font-src 'self' 'unsafe-inline' data: *.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: *.googleapis.com assets-cdn.github.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.uto.edu.bo *.google-analytics.com; media-src 'self' *.youtube-nocookie.com; frame-src 'self' *.youtube-nocookie.com; 1
frame-ancestors 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://w52.net.espci.fr/ https://stats.espci.fr/ https://espci.fr/;  style-src 'self' 'unsafe-inline' https://www.espci.fr/   https://w52.net.espci.fr/ https://espci.fr/;  img-src 'self' blob: https://www.espci.fr/ https://espci.fr/   https://w52.net.espci.fr/ https://stats.espci.fr/    https://i.ytimg.com/ https://espci.fr/;  font-src 'self';  connect-src 'self' https://stats.espci.fr/ https://vip.espci.fr/ https://vip2.espci.fr/;  prefetch-src 'self';  media-src 'self';  object-src 'self' https://haltools.archives-ouvertes.fr/;  plugin-types application/pdf text/html;  frame-src 'self' https://v.calameo.com/ https://www.canal-u.tv/  https://www.dailymotion.com/ https://www.scoop.it/ https://www.youtube.com/  https://player.vimeo.com/ https://openstreetmap.org/  https://www.openstreetmap.org/ https://openlayers.org/ https://widgets.figshare.com/;  default-src 'self' 1
script-src-elem 'self' 'unsafe-inline' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js0.cdn.applicationinsights.io https://js0.cdn.monitor.azure.com https://js2.cdn.applicationinsights.io https://js2.cdn.monitor.azure.com https://az416426.vo.msecnd.net https://cdn.jobgether.com https://cdn.jsdelivr.net https://cdn.growthbook.io https://ka-p.fontawesome.com https://app.ablecdp.com https://kit.fontawesome.com https://ajax.googleapis.com https://track.jobgether.com https://client.crisp.chat https://api.mapbox.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://app.ablecdp.com https://d3no41yaodisss.cloudfront.net; worker-src https://api.mapbox.com https://jobgether.com blob: https://jobgether.com/~partytown/partytown-sw.js https://www.googletagmanager.com/gtm.js https://connect.facebook.net/en_US/fbevents.js; 1
connect-src 'self' http://localhost:* ws://localhost:* wss://localhost:* https://cdn.cookielaw.org https://*.onetrust.com; default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.bizible.com/scripts/bizible.js 'nonce-E5ndlrzCUFhCVh1MfWdWQw=='; style-src 'self' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' webusstatic.yo-star.com cdn.jsdelivr.net unpkg.com;style-src 'self' 'unsafe-inline' webusstatic.yo-star.com fonts.googleapis.com cdn.jsdelivr.net unpkg.com;font-src 'self' data: fonts.gstatic.com webusstatic.yo-star.com unpkg.com;img-src 'self' data: webusstatic.yo-star.com;script-src 'self' 'unsafe-inline' webusstatic.yo-star.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com;frame-src 'self' www.google.com www.youtube.com 1
default-src * data: blob:;script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.fbcdn.net;style-src data: blob: 'unsafe-inline' *;connect-src blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net *.metaenterprise.com wss://*.facebook.com:* wss://*.facebookenterprise.com:* wss://*.metaenterprise.com:* wss://edge-chat.facebook.com gateway.metaenterprise.com gateway.facebookenterprise.com rupload.metaenterprise.com rupload.facebookenterprise.com;block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' qchat.rizon.net https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' api.modarchive.org; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com 1
script-src 'self' http: https: 'unsafe-inline'; default-src * http: https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com; script-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com 'unsafe-inline' 'unsafe-eval' app.enzuzo.com apis.google.com accounts.google.com www.gstatic.com *.google.com app.certcapture.com *.googleapis.com js.stripe.com connect.facebook.net s.farmersbusinessnetwork.com go.fbn.com munchkin.marketo.net *.datadoghq-browser-agent.com *.g.doubleclick.net bat.bing.com www.clarity.ms fast.wistia.com *.youtube.com www.googletagmanager.com service.force.com *.salesforceliveagent.com *.my.salesforce.com farmersbusinessnetwork--fullsb.sandbox.my.salesforce-sites.com static.lightning.force.com; script-src-elem 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com 'unsafe-inline' app.enzuzo.com apis.google.com accounts.google.com www.gstatic.com *.google.com app.certcapture.com *.googleapis.com js.stripe.com connect.facebook.net s.farmersbusinessnetwork.com go.fbn.com munchkin.marketo.net *.datadoghq-browser-agent.com *.g.doubleclick.net bat.bing.com www.clarity.ms fast.wistia.com *.youtube.com www.googletagmanager.com service.force.com *.salesforceliveagent.com *.my.salesforce.com farmersbusinessnetwork--fullsb.sandbox.my.salesforce-sites.com static.lightning.force.com; connect-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com app.enzuzo.com js.stripe.com www.google.ca go.fbn.com sentry.io *.sentry.io boards-api.greenhouse.io *.amazonaws.com app.certcapture.com *.facebook.com *.facebook.net *.datadoghq.com *.googleapis.com accounts.google.com www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net *.clarity.ms bat.bing.com ws: wss: *.contentful.com *.ctfassets.net 197-hfr-752.mktoresp.com 197-hfr-752.mktoutil.com api.lab.amplitude.com farmersbusinessnetwork--fullsb.sandbox.my.salesforce-sites.com; style-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com 'unsafe-inline' app.certcapture.com *.googleusercontent.com *.googleapis.com platform.twitter.com blob: go.fbn.com accounts.google.com service.force.com farmersbusinessnetwork--fullsb.sandbox.my.salesforce-sites.com; style-src-elem 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com *.gradable.com 'unsafe-inline' app.certcapture.com *.googleusercontent.com *.googleapis.com platform.twitter.com blob: go.fbn.com accounts.google.com service.force.com farmersbusinessnetwork--fullsb.sandbox.my.salesforce-sites.com; font-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com data: fonts.gstatic.com *.fbn.com; img-src data: blob: https: ; frame-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com track.gradable.com track.fbn.com *.youtube.com *.google.com js.stripe.com www.facebook.com fast.wistia.net www.recaptcha.net go.fbn.com service.force.com *.amazonaws.com td.doubleclick.net www.googletagmanager.com; child-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com www.youtube.com player.vimeo.com fast.wistia.net go.fbn.com; media-src data:; object-src 'self' www.farmersbusinessnetwork.com www.fbn.com track.gradable.com track.fbn.com; report-uri https://o243042.ingest.sentry.io/api/1418262/security/?sentry_key=67b44296190f4a1090e945cdec9e7f4d; 1
frame-src 'self' https://cheidemann.bannerview.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.google.com https://platform.twitter.com https://www.twitter.com 1
frame-ancestors 'none'; font-src 'self' data: https://assets.website-files.com/; img-src 'self' data: blob: https://res.cloudinary.com/art-blocks/image/fetch/ https://public-assets.artblocks.io https://d2ekshiy7r5vl7.cloudfront.net https://production-cms-bucket.s3.amazonaws.com/ https://ipfs.io/ https://twemoji.maxcdn.com/ https://cdn.jsdelivr.net/ https://assets.website-files.com/ https://uploads-ssl.webflow.com/ https://explorer-api.walletconnect.com/ https://assets-global.website-files.com/; 1
frame-ancestors 'self' https:; default-src 'self' https: wss:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' blob: https: data: 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://pacl.pchome.com.tw https://d.line-scdn.net https://cdn.taboola.com https://trc.taboola.com https://cds.taboola.com https://trc-events.taboola.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://pips.taboola.com https://cdn.taboola.com https://trc.taboola.com https://cds.taboola.com https://trc-events.taboola.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://d1stxfv94hrhia.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://www.gillettevenus.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.gillette.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://script.crazyegg.com https://snap.licdn.com https://www.tfaforms.com https://unpkg.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.tfaforms.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://www.fundraisingregulator.org.uk/report-uri/enforce 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://connect.facebook.net https://code.jquery.com maps.gstatic.com https://*.clarity.ms https://*.g.doubleclick.net www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googleapis.com ;style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.gstatic.com *.googleapis.com ;img-src 'self' maps.gstatic.com *.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://www.facebook.com https://*.google.com  https://*.google.ad  https://*.google.ae  https://*.google.com.af  https://*.google.com.ag  https://*.google.al  https://*.google.am  https://*.google.co.ao  https://*.google.com.ar  https://*.google.as  https://*.google.at  https://*.google.com.au  https://*.google.az  https://*.google.ba  https://*.google.com.bd  https://*.google.be  https://*.google.bf  https://*.google.bg  https://*.google.com.bh  https://*.google.bi  https://*.google.bj  https://*.google.com.bn  https://*.google.com.bo  https://*.google.com.br  https://*.google.bs  https://*.google.bt  https://*.google.co.bw  https://*.google.by  https://*.google.com.bz  https://*.google.ca  https://*.google.cd  https://*.google.cf  https://*.google.cg  https://*.google.ch  https://*.google.ci  https://*.google.co.ck  https://*.google.cl  https://*.google.cm  https://*.google.cn  https://*.google.com.co  https://*.google.co.cr  https://*.google.com.cu  https://*.google.cv  https://*.google.com.cy  https://*.google.cz  https://*.google.de  https://*.google.dj  https://*.google.dk  https://*.google.dm  https://*.google.com.do  https://*.google.dz  https://*.google.com.ec  https://*.google.ee  https://*.google.com.eg  https://*.google.es  https://*.google.com.et  https://*.google.fi  https://*.google.com.fj  https://*.google.fm  https://*.google.fr  https://*.google.ga  https://*.google.ge  https://*.google.gg  https://*.google.com.gh  https://*.google.com.gi  https://*.google.gl  https://*.google.gm  https://*.google.gr  https://*.google.com.gt  https://*.google.gy  https://*.google.com.hk  https://*.google.hn  https://*.google.hr  https://*.google.ht  https://*.google.hu  https://*.google.co.id  https://*.google.ie  https://*.google.co.il  https://*.google.im  https://*.google.co.in  https://*.google.iq  https://*.google.is  https://*.google.it  https://*.google.je  https://*.google.com.jm  https://*.google.jo  https://*.google.co.jp  https://*.google.co.ke  https://*.google.com.kh  https://*.google.ki  https://*.google.kg  https://*.google.co.kr  https://*.google.com.kw  https://*.google.kz  https://*.google.la  https://*.google.com.lb  https://*.google.li  https://*.google.lk  https://*.google.co.ls  https://*.google.lt  https://*.google.lu  https://*.google.lv  https://*.google.com.ly  https://*.google.co.ma  https://*.google.md  https://*.google.me  https://*.google.mg  https://*.google.mk  https://*.google.ml  https://*.google.com.mm  https://*.google.mn  https://*.google.com.mt  https://*.google.mu  https://*.google.mv  https://*.google.mw  https://*.google.com.mx  https://*.google.com.my  https://*.google.co.mz  https://*.google.com.na  https://*.google.com.ng  https://*.google.com.ni  https://*.google.ne  https://*.google.nl  https://*.google.no  https://*.google.com.np  https://*.google.nr  https://*.google.nu  https://*.google.co.nz  https://*.google.com.om  https://*.google.com.pa  https://*.google.com.pe  https://*.google.com.pg  https://*.google.com.ph  https://*.google.com.pk  https://*.google.pl  https://*.google.pn  https://*.google.com.pr  https://*.google.ps  https://*.google.pt  https://*.google.com.py  https://*.google.com.qa  https://*.google.ro  https://*.google.ru  https://*.google.rw  https://*.google.com.sa  https://*.google.com.sb  https://*.google.sc  https://*.google.se  https://*.google.com.sg  https://*.google.sh  https://*.google.si  https://*.google.sk  https://*.google.com.sl  https://*.google.sn  https://*.google.so  https://*.google.sm  https://*.google.sr  https://*.google.st  https://*.google.com.sv  https://*.google.td  https://*.google.tg  https://*.google.co.th  https://*.google.com.tj  https://*.google.tl  https://*.google.tm  https://*.google.tn  https://*.google.to  https://*.google.com.tr  https://*.google.tt  https://*.google.com.tw  https://*.google.co.tz  https://*.google.com.ua  https://*.google.co.ug  https://*.google.co.uk  https://*.google.com.uy  https://*.google.co.uz  https://*.google.com.vc  https://*.google.co.ve  https://*.google.co.vi  https://*.google.com.vn  https://*.google.vu  https://*.google.ws  https://*.google.rs  https://*.google.co.za  https://*.google.co.zm  https://*.google.co.zw  https://*.google.cat data:;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com ;connect-src 'self' https://*.clarity.ms https://connect.facebook.net https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net *.googleapis.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;media-src * ;object-src 'none' ;frame-src 'self' www.google.com/recaptcha/ ;frame-ancestors 'self' ;base-uri 'self' ;form-action 'self' ; 1
default-src ‘none’; script-src ‘self’; connect-src ‘self’; img-src ‘self’; style-src ‘self’; frame-ancestors ‘self’; form-action ‘self’; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://pay.google.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://*.abtasty.com https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://ampcid.google.nl https://*.parcellab.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.nl; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.nl https://m.lookfantastic.nl https://checkout.lookfantastic.nl https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://app.talkjs.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://s1.thcdn.com/ https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com; form-action 'self' https://www.facebook.com https://m.bhcosmetics.com https://checkout.bhcosmetics.com https://www.bhcosmetics.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.devereux.org/site/XFrameViolation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com symfony.wpro.site infostrah.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.calltouch.ru *.facebook.net *.yandex.ru yastatic.net *.doubleclick.net *.cloudflare.com *.googleoptimize.com *.ipotekalab.ru; frame-src 'self' *.banki.ru symfony.wpro.site infostrah.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.calltouch.ru *.facebook.net *.yandex.ru yastatic.net *.doubleclick.net *.cloudflare.com *.google.com *.gstatic.com *.googleoptimize.com *.skpari.local *.ipotekalab.ru; frame-ancestors 'self' *.banki.ru; object-src 'self' blob: 1
default-src 'self' data: *.kashanu.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ignitr.com *.ignitr.com *.mouseflow.com *.elfsight.com www.gstatic.com *.livechatinc.com *.attn.tv events.attentivemobile.com *.youtube.com f.vimeocdn.com player.vimeo.com api.instacloud.io *.doubleclick.net *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.typekit.com *.typekit.net *.livechatinc.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.squareup.com *.elfsightcdn.com www.googleadservices.com *.doublclick.net *.loggly.com *.fbcdn.net *.adsrvr.org *.jsdelivr.net *.jquery.com *.rss.com *.squareupsandbox.com *.sentry.io *.squarecdn.com *.cloudfront.net *.cloudflare.com *.tiny.cloud *.hotjar.com *.hotjar.io wss://*.hotjar.com;img-src 'self' ignitr.com phosphor.ivanenko.workers.dev *.google-analytics.com *.googletagmanager.com *.ignitr.com *.typekit.net *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.pinterest.com *.hotjar.com *.elfsightcdn.com data:;font-src 'self' *.gstatic.com *.typekit.net *.typekit.com *.fontawesome.com *.hotjar.com *.livechatinc.com *.squareupsandbox.com *.squarecdn.com *.cloudfront.net; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; media-src 'self' data: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org script.crazyegg.com pghub.io www.youtube.com *.bazaarvoice.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io www.youtube.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' images.ctfassets.net pixel.tapad.com cdn.cookielaw.org www.googletagmanager.com *.ytimg.com *.bazaarvoice.com data: feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org geolocation.onetrust.com script.crazyegg.com *.google-analytics.com *.bazaarvoice.com az-apigateway-cs-prod-20180702.azure-api.net geolocation-db.com *.algolia.net wss: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
script-src 'self' 'unsafe-inline' powerad.ai js.stripe.com checkout.stripe.com api.nettoolkit.com ajax.googleapis.com patients.doctor.com www.amcharts.com www.googletagmanager.com pagead2.googlesyndication.com partner.googleadservices.com adservice.google.com tpc.googlesyndication.com ssl.google-analytics.com ; worker-src blob:;  1
default-src 'self' https://maxcdn.bootstrapcdn.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com use.typekit.net; script-src 'strict-dynamic' 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA==' 'self' *.youtube.com *.googletagmanager.com *.demandbase.com *.licdn.com *.cloudfront.com *.cloudfront.net *.mktoutil.com assets.adobedtm.com *.wipro.com *.woolmagazine.com match.prod.bidr.io google-analytics.com analytics.twitter.com static.ads-twitter.com *.twitter.com t.co *.marketo.com *.marketo.net geolocation.onetrust.com https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com ssl.p.jwpcdn.com content.jwplatform.com *.encoretheme.com use.typekit.net; connect-src 'self' https://www.google-analytics.com/ https://823-vdb-175.mktoresp.com wss://ws16.hotjar.com wss://*.hotjar.com wss://ws8.hotjar.com *.mktoutil.com *.wipro.com *.hotjar.com d.adroll.com *.hotjar.io api.company-target.com 921-uou-112.mktoresp.com *.sc.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com https://dpm.demdex.net https://privacyportal-apac.onetrust.com https://wiprolimited.tt.omtrdc.net https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA==' cdn.linkedin.oribi.io https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.appirio.com https://maxcdn.bootstrapcdn.com https://go.wipro.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com fonts.googleapis.com stackpath.bootstrapcdn.com *.encoretheme.com use.typekit.net p.typekit.net https://app-static.turtl.co/embed/turtl.embed.v1.css; frame-src 'self' *.vimeo.com *.appirio.com share.transistor.fm go.wipro.com spark.adobe.com *.hotjar.com *.demdex.net www.google.com *.doubleclick.net *.youtube-nocookie.com *.youtube.com https://app-ab39.marketo.com https://www.facebook.com assets.adobedtm.com https://explore.wipro.com/ 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA=='; img-src 'self' data: *.demdex.net *.wipro.com stage2.wipro.com cm.everesttech.net https://i.ytimg.com/ https://prd.jwpltx.com https://www.google.com https://www.facebook.com app-ab39.marketo.com www.google.co.in https://wiprolimited.sc.omtrdc.net p.typekit.net http: https:; form-action facebook.com app-ab39.marketo.com 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA=='; object-src *.wipro.com 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA==' ; media-src 'self' *.youtube.com blob: 'nonce-MTcwNTk3MzIxMDc0OTAuNTMwMzIzNTgwMTE4OTQzOA==';base-uri 'none' 1
frame-ancestors 'self' profectus.prod.stonebridge.uk.com 1
script-src 'unsafe-inline' 'unsafe-eval' enormail.eu embed.enormail.eu www.google-analytics.com ajax.googleapis.com consent.cookiebot.com www.googletagmanager.com connect.facebook.net 1
default-src 'self' 'https://slipfox.xyz'; img-src 'self' https://i.creativecommons.org/ https://licensebuttons.net/; style-src 'self' 'https://slipfox.xyz' 'unsafe-inline' 1
https://client.libertydentalplan.com; https://libertydentalplan.com  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.evergage.com https://cdn.evgnet.com https://*.qualtrics.com https://unpkg.com https://healthbenefitinsight.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ http://customer.cludo.com/ http://siteimproveanalytics.com/ https://www.googletagmanager.com/ https://bookeo.com/ https://bat.bing.com/ https://up.pixel.ad/ https://hub.arkansasbluecross.com/ https://cdnjs.cloudflare.com/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.tvsquared.com https://collector-26040.us.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.dstillery.com *.facebook.com *.adnxs.com/ https://players.yumpu.com/; style-src 'self' 'unsafe-inline' *.googleapis.com use.typekit.net *.typekit.net *.gstatic.com https://*.qualtrics.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://hub.arkansasbluecross.com platform.twitter.com/css/ *.twimg.com https://*.tvsquared.com https://collector-26040.us.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.adnxs.com/; font-src 'self' *.typekit.net use.typekit.net https://*.qualtrics.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.ib-ibi.com https://*.qualtrics.com *.myspace.com *.zales.com *.addthis.com *.krxd.net *.rlcdn.com *.doubleclick.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com https://www.arkansasbluecross.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://*.global.siteimproveanalytics.io https://*.cludo.com https://*.vindicosuite.com https://bat.bing.com/ *.pixel.ad *.dstillery.com *.tvsquared.com *.us.tvsquared.com *.vindicosuite.com *.ipredictive.com *.sitescout.com  *.facebook.com *.adnxs.com/; media-src 'self' data: blob: *.arkansasbluecross.com arkansasbluecross.com; child-src 'self' https://*.qualtrics.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ https://*.dentaltotalhealth.com/ https://hub.arkansasbluecross.com/ https://*.bookeo.com/ https://*.fls.doubleclick.net/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.yumpu.com https://*.tvsquared.com https://collector-26040.us.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.facebook.com *.google.com; connect-src 'self' data: *.evergage.com https://healthbenefitinsight.com https://*.qualtrics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.cludo.com https://hub.arkansasbluecross.com https://stats.g.doubleclick.net/ *.mktoresp.com *.google-analytics.com *.gstatic.com *.pixel.ad *.dstillery.com *.tvsquared.com *.us.tvsquared.com *.vindicosuite.com *.ipredictive.com *.sitescout.com  *.facebook.com; 1
default-src 'self' *.heg-cp.com www.google-analytics.com; font-src 'self' fonts.gstatic.com; img-src 'self' *.wsimg.com paintbrush.heg-cp.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com cdn.polyfill.io www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.heg-cp.com; object-src 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://lighthouse.buildersshow.com 1
frame-src 'self' https://cdn.onesignal.com/sdks/OneSignalSDKWorker.js *.stripe.com *.youtube.com *.google.com *.googletagmanager.com *.thehotelsnetwork.com solmar.skyvr.mx *.facebook.com *.facebook.net https://static.addtoany.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.13chats.com https://cdn-cookieyes.com  https://connect.facebook.net https://*.hotjar.com https://www.clarity.ms https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://cdn.jsdelivr.net https://use.fontawesome.com; report-uri https://proximaresearch.com 1
frame-src 'self' https://www.youtube.com https://visualcontentivo.com/https://visualcontentivo.com/ https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.google.com http://172.17.1.45 1
default-src 'self';img-src 'self' data: https://blog.cfbenchmarks.com https://static.ghost.org https://images.unsplash.com https://cm.g.doubleclick.net https://sync.crwdcntrl.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://px.ads.linkedin.com https://www.linkedin.com https://aorta.clickagy.com https://pixel-sync.sitescout.com https://aa.agkn.com https://d.agkn.com https://idsync.rlcdn.com https://us-u.openx.net;media-src 'self' https://content-cfbenchmarks.s3.amazonaws.com;style-src 'self' 'unsafe-inline';script-src 'self' www.youtube.com https://ws.zoominfo.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://js.hs-scripts.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://tags.clickagy.com 'sha256-QwSiu6zsgPogzpkG+RVdosZFMyiGt6UKJYNMgqPrrLw=' ;frame-src www.youtube.com *.vimeo.com;connect-src 'self' wss://cfbenchmarks.com wss://*.cfbenchmarks.com https://cfbenchmarks.com https://*.cfbenchmarks.com cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com https://forms.hscollectedforms.net https://aorta.clickagy.com https://hemsync.clickagy.com 1
frame-ancestors 'self' https://w3f-website-gatsby-8b7e0a.netlify.app/ https://www.web3.foundation https://web3.foundation 1
worker-src blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com matomo.ilovefreegle.org *.sentry.io *.google.com *.googletagservices.com *.gstatic.com cdn.jsdelivr.net *.paypalobjects.com securepubads.g.doubleclick.net *.googlesyndication.com *.netlify.app cdn-cookieyes.com; report-uri https://fdapilive.ilovefreegle.org/csp.php 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://cdn.cookielaw.org https://widget.trustpilot.com https://assets.adobedtm.com https://activitymap.adobe.com https://consorsfinanzgermany.d3.sc.omtrdc.net https://consorsfinanzgermany.tt.omtrdc.net https://consorsfinanzgermany.demdex.net/ https://connect.facebook.net https://www.google.com/pagead/conversion_async.js https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleadservices.com https://googleads.g.doubleclick.net https://doubleclick.net https://*.outbrain.com https://outbrain.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://fat.financeads.net/fpc.js https://*.adnxs.com http://cdn.tt.omt.rdc.net https://*.adsrvr.org https://*.taboola.com https://*.adup-tech.com https://bat.bing.com https://consorsfinanzgermany.experiencecloud.adobe.com; frame-src 'self' https://activitymap.adobe.com https://consorsfinanzgermany.d3.sc.omtrdc.net https://consorsfinanzgermany.tt.omtrdc.net https://consorsfinanzgermany.demdex.net/ https://cdn.cookielaw.org https://85.215.217.53 https://webform.consorsfinanz.de https://webform2.consorsfinanz.de https://webform.staging.consorsfinanz.de https://webform2.staging.consorsfinanz.de https://www-tus.consorsfinanz.de https://googleadservices.com https://googleads.g.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://td.doubleclick.net/ https://*.adsrvr.org https://*.taboola.com https://*.adup-tech.com http://cdn.tt.omt.rdc.net https://consorsfinanzgermany.experiencecloud.adobe.com; frame-ancestors 'self' https: https://cdn.cookielaw.org https://*.scrivito.com https://85.215.217.53 https://webform.consorsfinanz.de https://webform2.consorsfinanz.de https://webform.staging.consorsfinanz.de https://webform2.staging.consorsfinanz.de https://www-tus.consorsfinanz.de http://cdn.tt.omt.rdc.net https://consorsfinanzgermany.experiencecloud.adobe.com; object-src 'none'; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' https://colesonline.sc.omtrdc.net https://colessupermarketspty.tt.omtrdc.net https://nebula-cdn.kampyle.com;script-src 'self' 'unsafe-inline' https://www.colesgroupprofile.com.au https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://*.googletagmanager.com https://www.adservice.google.com https://analytics.google.com;connect-src https://api.colesgroupprofile.com.au https://dc.services.visualstudio.com https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://colesonline.sc.omtrdc.net https://colessupermarketspty.tt.omtrdc.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://*.googletagmanager.com https://analytics.google.com https://*.g.doubleclick.net;img-src 'self' data: https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://colesonline.sc.omtrdc.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://*.googletagmanager.com https://analytics.google.com https://*.google.com.au;object-src 'self' data:;frame-src 'self' data: https://assets.adobedtm.com https://colesonline.demdex.net https://dpm.demdex.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com; 1
frame-ancestors 'self' https://dev.zurn-elkay.com/ https://zurn-elkay.com/ https://dev.zurnelkay.com/ https://zurnelkay.com/; upgrade-insecure-requests; default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap:; 1
frame-ancestors 'self' http://superrecruit.jobtopgun.com https://superemployerbeta.jobtopgun.com https://employer.jobtopgun.com http://localhost:7001 https://jobfair-dev.jobtopgun.com https://jobfair-uat.jobtopgun.com https://virtualcareerfair.jobtopgun.com 1
frame-ancestors 'self'; script-src *.tp88trk.com *.bigcommerce.com *.haircode.com pghub.io *.moatads.com *.online-metrix.net *.azurewebsites.net *.jquery.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.lightboxcdn.com *.lytics.io *.cookielaw.org *.onetrust.com *.crazyegg.com *.segment.com *.segment.io *.snapchat.com sc-static.net *.tapad.com *.google.com *.gstatic.com *.adsrvr.org blob: 'self' 'unsafe-eval' 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-0xr92ojfm3NxBl3CzN37sQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors *.snowsoftware.com; object-src 'none'; 1
frame-ancestors https://www.henley.ac.uk https://www.icmacentre.ac.uk 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
font-src 'self' data: http: https: https://www.growfinancial.org; form-action 'self' https: https://www.growfinancial.org; frame-ancestors 'self' https://*.growfinancial.com https://*.siteimprove.com https://www.growfinancial.org; frame-src 'self' growfinancial.locatorsearch.com https: https://www.growfinancial.org; child-src 'self' growfinancial.locatorsearch.com https: https://www.growfinancial.org; img-src 'self' data: http: https: https://www.growfinancial.org; script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-oXcj3AAidI0tMEFBDqujmYyIlxYabdirSXELEXhSX9kHTRz0jprQACYa6LTDmt31QFHl9Hda53AAWIz7I3UIetMO9vtD5BtOrmjLHbqvDNsyGqWI4t7mVFYlieMUXgiY'; style-src 'self' 'unsafe-inline' http: https: https://www.growfinancial.org; report-uri https://www.growfinancial.org/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=1503bc531b 1
default-src 'none'; script-src 'self' 'nonce-emma-inline-script' https://www.paypal.com https://www.paypalobjects.com https://www.googleadservices.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.instagram.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; prefetch-src https://cdnjs.cloudflare.com https://fonts.googleapis.com; child-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.evolve-mma.com https://www.paypal.com https://analytics.tiktok.com https://adservice.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://checkout.paypal.com https://www.paypal.com https://www.paypalobjects.com https://www.google.com https://www.youtube.com https://web.facebook.com https://www.facebook.com https://www.instagram.com https://platform.twitter.com https://td.doubleclick.net https://player.vimeo.com; img-src 'self' data: https://cdn.evolve-mma.com https://adservice.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.ua https://www.googletagmanager.com https://www.paypalobjects.com https://img.youtube.com https://syndication.twitter.com https://www.facebook.com https://i.ytimg.com https://i.vimeocdn.com; manifest-src 'self'; media-src 'self' https://cdn.evolve-mma.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.paypal.com https://www.facebook.com; 1
default-src 'none'; script-src 'self' *.ceros.com cdn-cookieyes.com *.licdn.com *.matomo.cloud *.clarity.ms *.newtonsoftware.com recruitingbypaycor.com *.youtube.com youtu.be *.ytimg.com www.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.pingdom.net *.vimeo.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.matomo.cloud *.cookieyes.com cdn-cookieyes.com *.linkedin.oribi.io *.clarity.ms *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.pingdom.net yoast.com; img-src 'self' data: cdn-cookieyes.com formfactor.matomo.cloud *.linkedin.com toolset.com wpml.org *.vimeocdn.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.gravatar.com *.w.org; style-src 'self' formfactor.matomo.cloud *.clouflare.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com *.myfonts.com *.myfonts.net 'unsafe-inline';media-src 'self' vimeo.com *.vimeo youtu.be *.youtube.com; base-uri 'self' formfactor.matomo.cloud; frame-src 'self' *.ceros.com *.twitter.com *.newtonsoftware.com recruitingbypaycor.com *.formfactor.com vimeo.com *.vimeo.com *.youtube.com *.google.com *.gstatic.com *.wpdownloadmanager.com; frame-ancestors 'self' https://*.formfactor.com;  font-src 'self' *.formfactor.com *.fontawesome.com *.myfonts.com *.myfonts.net formfactor.matomo.cloud *.gstatic.com data:;form-action 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ws: blob:; 1
default-src 'self' www.lba.de www2.lba.de; script-src 'self' *.res.bund.de 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
default-src 'self' ; img-src * 'self' data: https: ; style-src 'self' www.checkfree.com 'unsafe-inline' ; script-src 'self' www.checkfree.com cdn.segment.com segment.com cdn.heapanalytics.com heapanalytics.com google-analytics.com maps.googleapis.com ajax.googleapis.com ssl.google-analytics.com adserver.adtechus.com vn.ft1.cashedge.com fundstransfer.cashedge.com 'unsafe-eval' 'unsafe-inline' ; connect-src 'self' api.segment.io cdn.segment.com segment.com cdn.heapanalytics.com heapanalytics.com eg2145prl.egain.net ; frame-src vn.ft1.cashedge.com fundstransfer.cashedge.com matchyourlender.com hv.getbills.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eoportal.org eoportal.org *.youtube.com *.gsfc.nasa.gov *.astrocast.com cdn.arcgis.com *.dlr.de *.skatelescope.org *.skatelescope.org *.wixstatic.com *.esa.int *.cloudfront.net *.nasa.gov *.vimeo.com exolaunch.com *.hayabusa2.jaxa.jp *.jaxa.jp *.desy.de *.soundcloud.com *.prnewswire.com *.tubitak.gov.tr *.s3.us-west-2.amazonaws.com *.akamaihd.net *.googleapis.com *.asc-csa.gc.ca spacewerx.us; 1
frame-ancestors 'self' *.etracker.com *.mainova.de *.abtasty.com; 1
frame-ancestors 'self'; img-src data: blob: *; media-src data: blob: *; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: gap: ws: wss: *.exosite.com *.exosite.io *.statuspage.io assets.chargeover.com fast.wistia.com fonts.googleapis.com fonts.gstatic.com googletagmanager.com js.hs-scripts.com s3.us-west-1.amazonaws.com murano-content-service-prod.s3.us-west-1.amazonaws.com exosite-exchange-prod.s3.amazonaws.com  docs.exosite.io  exosite.chargeover.com  bizapi.hosted.exosite.io  bjrxlnv3yqfm.statuspage.io  support.exosite.com  m2.exosite.com  www.exosite.io 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.jizzle.com/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self' https://www.casamientos.com.ar https://comunidad.casamientos.com.ar https://landing.casamientos.com.ar 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.stuartslondon.com; base-uri 'self' 1
default-src 'self';       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://snap.licdn.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://m.addthis.com/ https://v1.addthisedge.com/ https://z.moatads.com/ http://s7.addthis.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://cc.cdn.civiccomputing.com/;       font-src 'self' data: *.jsdelivr.net https://fonts.googleapis.com/ https://fonts.gstatic.com/;       style-src 'self' 'unsafe-inline' *.jsdelivr.net https://fonts.googleapis.com/;       connect-src 'self' maps.googleapis.com  https://cdn.linkedin.oribi.io/ https://region1.google-analytics.com https://m.addthis.com/ https://maps.googleapis.com/maps/ https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/;       frame-src 'self' https://s7.addthis.com/ https://tools.eurolandir.com/  https://gamma.euroland.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://tools.euroland.com/;       img-src 'self' data: https://www.linkedin.com/ https://px.ads.linkedin.com/ http://cvc-private-equity.emperordev.com https://cvc-private-equity.emperordev.com https://dashboard.umbraco.com https://cvc-prelive.emperordev.com/ https://maps.gstatic.com/ https://connect.facebook.net/ https://i.vimeocdn.com/ https://www.google.com/ https://accounts.google.com https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://maps.googleapis.com/ https://www.googletagmanager.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
default-src 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
block-all-mixed-content; upgrade-insecure-requests; form-action 'self' 1
default-src 'self' https://assets.injixo.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.hsforms.com https://*.hubspot.com https://*.intercom.io https://*.intercomcdn.com https://analytics.google.com https://analytics.twitter.com https://api-eu.mixpanel.com https://api.rollbar.com https://assets.injixo.com https://cdn.linkedin.oribi.io https://geoip-js.com https://geoip-js.maxmind.com https://hits-i.iubenda.com https://o1174532.ingest.sentry.io/ https://stats.g.doubleclick.net https://translate.googleapis.com https://ws.injixo.com wss://*.intercom.io wss://ws.injixo.com; font-src 'self' https://assets.injixo.com https://cdn2.hubspot.net https://fonts.intercomcdn.com https://injixo-assets.s3-eu-west-1.amazonaws.com https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://wfm.injixo.com data:; frame-ancestors 'self' *.injixo.com; frame-src 'self' https://560643.hs-sites.com https://app.hubspot.com https://cdn.iubenda.com https://forms.hsforms.com https://m20586k2p6h5.statuspage.io https://shiftcenter.injixo.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com; img-src 'self' https://560643.fs1.hubspotusercontent-na1.net https://560643.hs-sites.com https://analytics.twitter.com https://assets.injixo.com https://forms-na1.hsforms.com https://forms.hsforms.com https://github.githubassets.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://static.hsappstatic.net https://t.co https://track.hubspot.com https://wfm.injixo.com/ https://widget.intercom.io https://www.google-analytics.com https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.de https://www.google.es https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.googletagmanager.com https://www.linkedin.com data:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.hubspot.com https://assets.injixo.com https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://cdn.iubenda.com https://code.jquery.com https://cs.iubenda.com https://geoip-js.com https://injixo-assets.s3-eu-west-1.amazonaws.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hubspot.com https://js.hubspotfeedback.com https://js.intercomcdn.com https://js.usemessages.com https://m20586k2p6h5.statuspage.io https://snap.licdn.com https://static.ads-twitter.com https://static.hsappstatic.net https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iubenda.com; style-src 'self' 'unsafe-inline' https://assets.injixo.com https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://injixo-assets.s3-eu-west-1.amazonaws.com https://ka-p.fontawesome.com https://maxcdn.bootstrapcdn.com https://static.hsappstatic.net https://wfm.injixo.com data:; report-uri /csp; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://static.zenvia.com https://www.googletagmanager.com https://www.unigran.edu.br https://www.unigran.br https://apis.google.com https://cdnjs.cloudflare.com https://www.unigraneuropa.com; object-src 'self'; font-src 'self' https://www.unigran.br https://www.unigran.edu.br https://stackpath.bootstrapcdn.com https://www.unigraneuropa.com https://fonts.gstatic.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZDE0MjczNzhlOTI1NDRkMTgwYzYzMzQ1YWE2YWNhZmI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.aivd.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.aivd.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.aivd.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'nonce-bf9f097771954fef87882b52ba5874c6' 'unsafe-eval' https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com ;connect-src 'self' https://docs.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://infosecwriteups.com https://*.infosecwriteups.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' https://*.abtasty.com https://*.zwitserleven.nl;script-src 'self' 'nonce-cZNWTq129VGIJfE+yYT6r5ti' 'strict-dynamic' https: blob: https://*.abtasty.com https://*.adform.net https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://az416426.vo.msecnd.net https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dl.episerver.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.contentpagina.nl https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.youtube.com;object-src 'none';style-src 'self' 'unsafe-inline' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://dl.episerver.net https://tagmanager.google.com https://www.contentpagina.nl/viv/ https://www.googletagmanager.com;img-src 'self' data: https://*.abtasty.com https://*.amazonaws.com https://*.cloudfront.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.zwitserleven.nl https://5827026.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://dl.episerver.net https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://i.ytimg.com https://maps.gstatic.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.linkedin.com/px/ https://www.google.nl https://www.google.com https://www.gstatic.com;media-src 'self' blob: https://storage.googleapis.com https://*.zwitserleven.nl;frame-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://5827026.fls.doubleclick.net https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://clone-chatbot.zwitserleven.local https://googleads.g.doubleclick.net https://qa-assistant.abtasty.com https://sdk.companywebcast.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com;font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.zwitserleven.nl;connect-src 'self' https://*.abtasty.com https://*.analytics.google.com https://*.azurewebsites.net https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://ad.doubleclick.net https://adservice.google.com https://api.storyteq.com https://az416426.vo.msecnd.net https://bat.bing.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://o132438.ingest.sentry.io https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.contentpagina.nl/viv/ https://www.facebook.com/tr/ https://www.google.com wss://*.hotjar.com wss://chatbot.zwitserleven.nl wss://eu.usefirefly.com wss://euuat.usefirefly.com;frame-ancestors 'self' https://www.zwitserleven.nl https://*.zwitserleven.nl;manifest-src 'self' https://*.zwitserleven.nl;worker-src 'self' blob: https://*.zwitserleven.nl;report-uri https://api.zwitserleven.nl/common.webapi/api/v1/csp/report 1
script-src 'unsafe-inline' 'unsafe-eval' 'self'               *.generalmobile.com *.jquery.com www.googletagmanager.com *.facebook.net mc.yandex.ru               www.google-analytics.com *.google.com *.googleapis.com *.useinsider.com *.gstatic.com stpmgo.com js.go2sdk.com intelligenceretarget.com;      style-src 'unsafe-inline' 'self'      *.generalmobile.com *.jquery.com *.googleapis.com *.useinsider.com; 1
font-src fonts.gstatic.com *.userway.org *.zopim.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.creativememories.com https://www.facebook.com https://payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.creativememories.com https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com https://payflowlink.paypal.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.creativememories.com https://app.zinrelo.com https://mc-hub-designer-sto-use.azureedge.net https://designer.mediacliphub.com https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com https://www.google.com https://www.facebook.com https://www.youtube.com https://payflowlink.paypal.com *.userway.org *.osano.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.creativememories.com *.creativememoriesau.com *.creativememories.ca https://seal-minnesota.bbb.org https://dgjcoqnzn763b.cloudfront.net https://www.creativememories.com https://d3k81ch9hvuctc.cloudfront.net https://www.facebook.com https://www.google.com https://render.mediacliphub.com *.cloudfront.net *.searchspring.net *.searchspring.io https://cdnjs.cloudflare.com https://v2assets.zopim.io *.userway.org creativememories.zendesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.zopim.com *.zopim.io *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.creativememories.com https://cdn.zinrelo.com https://static.cloudflareinsights.com https://assets.zendesk.com https://static.zdassets.com https://google.com https://www.google.com https://d395yjvh5spyzw.cloudfront.net https://js-agent.newrelic.com https://bam.nr-data.net https://app.zinrelo.com https://api.mediacliphub.com https://static.mediacliphub.com https://ajax.cloudflare.com https://connect.facebook.net *.searchspring.io *.klaviyo.com dc.services.visualstudio.com *.gstatic.com cdn.userway.org api.userway.org *.userway.org *.osano.com https://unpkg.com/flickity@2/dist/flickity.pkgd.min.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zopim.com *.zdassets.com https://cdn.searchspring.net/intellisuggest/is.min.js ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.creativememories.com https://static.klaviyo.com *.userway.org maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.creativememories.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.creativememories.com https://bam.nr-data.net https://creativememories.zendesk.com https://ekr.zdassets.com https://a.klaviyo.com https://static-forms.klaviyo.com wss://widget-mediator.zopim.com https://telemetrics.klaviyo.com https://app.zinrelo.com https://api.mediacliphub.com https://geo-cdn.creativememoriesau.com https://geo-cdn.creativememories.ca https://geo-cdn.creativememories.com https://stats.g.doubleclick.net *.searchspring.io *.facebook.com dc.services.visualstudio.com https://www.xtento.com ekr.zendesk.com api.userway.org *.userway.org *.osano.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.zdassets.com *.zopim.com widget-mediator.zopim.com https://beacon.searchspring.io/beacon *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.creativememories.com https://static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; manifest-src 'self' https:; report-uri https://app.airdata.com/csp_report; 1
default-src https://*; script-src 'self' *.googleapis.com https://ws.sharethis.com https://js.arcgis.com https://s.w.org https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://*.pingdom.net https://*.google-analytics.com https://*.facebook.net https://*.ads-twitter.com https://*.licdn.com https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://*.google.com https://*.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* data: 'unsafe-inline';img-src https://* data:; font-src 'self' *.gstatic.com https://maxcdn.bootstrapcdn.com data:; 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-3ttI2ZE30TprBFldRk1UQw3P' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' https://d3oam8dvxlog8e.cloudfront.net https://a.tiles.mapbox.com https://analytics.google.com https://api.abenity.com https://api.mapbox.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.linkedin.oribi.io https://distillery.wistia.com https://distillery.wistia.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fast.wistia.com https://fast.wistia.net https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://cloud.typography.com https://fast.wistia.com https://fast.wistia.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://storage.googleapis.com https://use.fontawesome.com data:; form-action https:; frame-ancestors 'self'; frame-src 'self' https://abenityinc.freshdesk.com https://accounts.google.com https://calendly.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://td.doubleclick.net https://www.google.com https://www.youtube.com; img-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://analytics.google.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://chart.apis.google.com https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fonts.gstatic.com https://fast.wistia.com https://fast.wistia.net https://i.ytimg.com https://img.youtube.com https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://s3.amazonaws.com https://static.accessdevelopment.com https://stats.g.doubleclick.net https://syndication.twitter.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com data:; manifest-src 'self'; media-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com blob: data:; object-src 'self' https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com; script-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://assets.calendly.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://fast.wistia.net https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://snap.licdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com;worker-src 'self' blob:; report-uri https://api.abenity.com/public/csp-logger.json; 1
default-src 'self' sentiagroup.okta-emea.com *.oktacdn.com; connect-src 'self' sentiagroup.okta-emea.com sentiagroup-admin.okta-emea.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta-emea.com sentiagroup.kerberos.okta-emea.com sentiagroup.mtls.okta-emea.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' sentiagroup.okta-emea.com *.oktacdn.com; style-src 'unsafe-inline' 'self' sentiagroup.okta-emea.com *.oktacdn.com; frame-src 'self' sentiagroup.okta-emea.com sentiagroup-admin.okta-emea.com login.okta.com; img-src 'self' sentiagroup.okta-emea.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' sentiagroup.okta-emea.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://www.paypal.com https://fonts.googleapis.com; script-src 'unsafe-inline' 'self' https://www.paypal.com https://donorbox.org; img-src 'self' data:; frame-src 'self' https://outreach.abetterinternet.org https://donorbox.org https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://www.paypal.com; font-src https://fonts.gstatic.com data:; connect-src 'self' https://www.paypal.com; object-src 'self'; 1
frame-ancestors https://zub.ru 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rA5Ag9szuqM62UyWGUz7J4ghlD+umDPwkf8yaMyvsUEiVg5B' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hostux.social; img-src 'self' https: data: blob: https://hostux.social; style-src 'self' https://hostux.social 'nonce-8zQu3oTE9xRbvAzQdFHs1A=='; media-src 'self' https: data: https://hostux.social; frame-src 'self' https:; manifest-src 'self' https://hostux.social; form-action 'self'; child-src 'self' blob: https://hostux.social; worker-src 'self' blob: https://hostux.social; connect-src 'self' data: blob: https://hostux.social https://hostux.social wss://hostux.social; script-src 'self' https://hostux.social 'wasm-unsafe-eval' 1
frame-ancestors www.litencyc.com; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.cloudfront.net analytics.videomyjob.com *.googlesyndication.com *.websitecarbon.com *.onetrust.com *.userway.org https://cdn.linkedin.oribi.io https://api.websitecarbon.com *.cookielaw.org https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com ; font-src 'self' data: *.userway.org https://fonts.gstatic.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net https://static.cloudflareinsights.com *.websitecarbon.com *.userway.org https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://app.bowencraggs.com *.cookielaw.org https://unpkg.com *.addevent.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com  ; style-src 'self' 'unsafe-inline' *.userway.org *.haleon.com https://cloud.typography.com https://fonts.googleapis.com; img-src 'self' *.googlesyndication.com data: *.doubleclick.net *.linkedin.com *.userway.org https://a-cf65.ch-static.com https://*.cdninstagram.com https://i.ytimg.com https://analytics.twitter.com https://www.facebook.com https://t.co https://px.ads.linkedin.com https://cdn.cookielaw.org *.addevent.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; child-src 'self' https://www.google.com ; frame-src 'self' https://*.soundcloud.com *.cloudfront.net *.doubleclick.net https://www.googletagmanager.com/ *.investis.com https://www.connectidfeed.com *.userway.org https://www.linkedin.com https://www.facebook.com https://player.vimeo.com *.eurolandir.com *.euroland.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src 'self' blob: https://www.paypal.com https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://t.paypal.com https://www.paypalobjects.com https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://cdn.ampproject.org https://www.paypal.com https://www.paypalobjects.com 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' https://adservice.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com; report-uri https://zipextractorapp.report-uri.com/r/d/csp/enforce 1
frame-ancestors my.christchurchcitylibraries.com *.my.christchurchcitylibraries.com christchurch.bibliocms.com *.christchurch.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src my.christchurchcitylibraries.com *.my.christchurchcitylibraries.com christchurch.bibliocms.com *.christchurch.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
child-src 'self' *.prodpad.com prodpad2017.staging.wpengine.com calendly.com *.twitter.com www.youtube.com player.vimeo.com www.slideshare.net downloads.mailchimp.com s3.amazonaws.com;; connect-src 'self' api.segment.io cdn.segment.com api.amplitude.com *.fullstory.com prodpad2017.wpengine.com api-widget.prodpad.com https://api.hubapi.com *.hubspot.com https://www.facebook.com https://hubspot-forms-static-embed.s3.amazonaws.com *.doubleclick.net *.google-analytics.com *.fontawesome.com *.cloudfront.net *.helpscout.net *.pusher.com wss://*.pusher.com *.sumologic.com *.hsforms.com https://pro.ip-api.com *.hs-banner.com https://cdn.linkedin.oribi.io *.crazyegg.com *.hscollectedforms.net https://region1.analytics.google.com *.ads.linkedin.com;; default-src blob: 'self' api.segment.io cdn.segment.com api.amplitude.com *.fullstory.com prodpad2017.wpengine.com;; font-src 'self' *.prodpad.com fonts.gstatic.com fonts.googleapis.com data: *.fontawesome.com;; frame-src *.twitter.com *.prodpad.com *.vimeo.com *.youtube.com calendly.com www.slideshare.net www.instagram.com https://optimize.google.com *.hubspot.com https://cards.producthunt.com https://www.facebook.com https://forms.hsforms.com https://venngage.net *.venngage.com *.zoom.us *.google.com;; img-src 'self' *.prodpad.com *.twitter.com *.prodpad2017.staging.wpengine.com *.gravatar.com data: *.google.com *.google.co.uk *.doubleclick.net *.googleadservices.net *.google-analytics.com *.twimg.com *.linkedin.com data: cdn-images.mailchimp.com https://optimize.google.com https://i.ytimg.com https://track.hubspot.com https://px.ads.linkedin.com https://www.facebook.com https://forms.hsforms.com https://forms.hubspot.com https://cdn2.hubspot.net *.w.org https://q.quora.com *.hubspot.com *.cloudfront.net *.adsymptotic.com perf.hsforms.com hi.hellobar.com forms-na1.hsforms.com google.nl *.crazyegg.com *.googletagmanager.com https://6306234.fs1.hubspotusercontent-na1.net https://6306234.fs2.hubspotusercontent-na1.net https://6306234.fs1.hubspotusercontent-eu1.net https://6306234.fs2.hubspotusercontent-eu1.net;; media-src 'self' *.prodpad.com prodpad2017.staging.wpengine.com *.twimg.com fonts.gstatic.com www.google-analytics.com js.intercomcdn.com *.helpscout.net;; object-src 'self' *.prodpad.com prodpad2017.staging.wpengine.com calendly.com ext.prodpad.com platform.twitter.com www.youtube.com player.vimeo.com www.slideshare.net widget.intercom.io downloads.mailchimp.com s3.amazonaws.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prodpad.com prodpad2017.staging.wpengine.com cdn.segment.com www.googletagmanager.com cdn.amplitude.com www.googleadservices.com d2wy8f7a9ursnm.cloudfront.net *.fullstory.com www.google-analytics.com googleads.g.doubleclick.net *.twitter.com downloads.mailchimp.com s3.amazonaws.com www.google-analytics.com *.twimg.com mc.us5.list-manage.com assets.calendly.com platform.instagram.com www.instagram.com tagmanager.google.com https://optimize.google.com https://static.hsappstatic.net https://www.youtube.com https://s.ytimg.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net *.hscollectedforms.net https://connect.facebook.net https://snap.licdn.com https://js.hsforms.net https://forms.hsforms.com https://js.hsleadflows.net https://api.hubapi.com *.venngage.com *.usemessages.com *.fontawesome.com *.hs-banner.com *.hscta.net *.hubspot.com *.helpscout.net *.cloudflare.com js-na1.hs-scripts.com *.hellobar.com *.google.com/recaptcha/enterprise.js *.gstatic.com *.g2crowd.com;; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com downloads.mailchimp.com *.prodpad.com tagmanager.google.com https://optimize.google.com *.fontawesome.com;; worker-src blob:; form-action 'self' *.prodpad.com prodpad.us5.list-manage.com *.twitter.com calendly.com https://www.facebook.com https://forms.hsforms.com *.hubspot.com;; 1
default-src 'self' *.westend61.com *.westend61.de www.paypal.com; connect-src 'self' *.westend61.de *.westend61.com https://www.paypal.com https://stats.g.doubleclick.net https://ct.pinterest.com www.facebook.com; font-src 'self' *.westend61.com *.westend61.de; child-src 'self' *.westend61.com *.westend61.de https://player.vimeo.com https://www.paypal.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' blob: data: *.westend61.de *.westend61.com https://www.paypalobjects.com https://www.google.com https://www.google.de https://t.paypal.com https://stats.g.doubleclick.net https://ct.pinterest.com https://px.ads.linkedin.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.westend61.de *.westend61.com https://www.paypal.com paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://www.googletagmanager.com https://s.pinimg.com https://snap.licdn.com https://px.ads.linkedin.com app.plant-for-the-planet.org www.plant-for-the-planet.org https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.westend61.com *.westend61.de ; manifest-src 'self' *.westend61.com *.westend61.de; frame-src 'self' *.westend61.com *.westend61.de https://www.paypal.com https://www.paypalobjects.com https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'self' blob:; 1
default-src 'none'; base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://app.hubspot.com/ blob: https://mc.yandex.ru blob: https://mc.yandex.ru; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net track.gaconnector.com js.hscollectedforms.net js.usemessages.com https://*.hubspot.com https://*.hubapi.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://static.zohocdn.com https://informer.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://css.zohocdn.com https://d1uuj3mi6rzwpm.cloudfront.net; form-action 'self'; frame-ancestors 'self' metrika.yandex.ru; frame-src * https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.hubspot.com blob: https://mc.yandex.ru blob: https://mc.yandex.ru; img-src 'self' * data: https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://ssl.gstatic.com www.googletagmanager.com https://*.hsforms.com https://*.hubspot.com https://informer.yandex.ru https://mc.yandex.com https://mc.yandex.ru; media-src 'self' https: https://d1uuj3mi6rzwpm.cloudfront.net; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://www.google.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net https://*.hs-scripts.com https://*.hubspot.com https://app.hubspot.com https://forms.hsforms.com https://forms.hscollectedforms.net https://*.usemessages.com https://salesiq.zohopublic.eu https://css.zohocdn.com https://js.zohocdn.com https://js.zohostatic.eu https://static.zohocdn.com wss://vts.zohopublic.eu https://connect.facebook.net https://sc.lfeeder.com https://px.ads.linkedin.com https://snap.licdn.com https://informer.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://d1uuj3mi6rzwpm.cloudfront.net; style-src 'self' * 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://d1uuj3mi6rzwpm.cloudfront.net; report-uri /logger/csp 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net pghub.io *.pricespider.com mpsnare.iesnare.com cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com *.pricespider.com *.contentful.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com cdn.cookielaw.org *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
script-src 'self' https://maps.googleapis.com; frame-ancestors 'self' https://*.myshopify.com https://*.staplescopyandprint.ca https://*.staplesprint.ca https://*.staples.ca https://*.shopify.com/; 1
upgrade-insecure-requests;   default-src 'self' https: bimtrack.co *.bimtrack.co *.hubspot.com connect.facebook.net www.facebook.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com *.doubleclick.net *.addtoany.com *.clarity.ms www.google.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com fonts.googleapis.com cdn.jsdelivr.net *.newforma.com *.wistia.com *.wistia.net  *.litix.io *.akamaihd.net *.marketo.com *.semrush.com www.google-analytics.com *.amplitude.com;  font-src 'self' data: static.addtoany.com fonts.googleapis.com service.force.com fast.wistia.com fast.wistia.net *.netdna-ssl.com https:;  img-src 'self' data: https:;  object-src 'self';  media-src 'self' blob: https:;  worker-src 'self' blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' https: 'unsafe-inline';  frame-ancestors 'self' https://*.my.salesforce.com/ https://*.lightning.force.com https://newforma.my.salesforce.com/ https://service.force.com/ https://customercommunity.newforma.com/ https://newforma--full.sandbox.my.site.com/  *.bimtrackapp.co *.btlocal.xyz https://btlocal.xyz https://bimtrackapp.us *.bimtrackapp.us https://bimtrackapp.ca *.bimtrackapp.ca https://bimtrackbeta.co *.bimtrackbeta.co https://bimtrackqa.co  https://bimtrackdev.co *.bimtrackdev.co *.bimtrackqa.co https://bimtrackapp.app *.bimtrackapp.app https://bimtrackapp.biz *.bimtrackapp.biz https://bimtrackapp.co.uk *.bimtrackapp.co.uk https://bimtrackapp.com *.bimtrackapp.com https://bimtrackapp.info *.bimtrackapp.info https://bimtrackapp.live *.bimtrackapp.live https://bimtrackapp.mobi *.bimtrackapp.mobi https://bimtrackapp.online *.bimtrackapp.online https://bimtrackapp.org *.bimtrackapp.org https://bimtrackapp.uk *.bimtrackapp.uk https://bimtrackapp.app *.bimtrackapp.app btlocalauth.xyz/identityserver auth.bimtrackdev.co auth.bimtrackqa.co auth.bimtrackbeta.co auth.bimtrackapp.co auth.bimtrackio.xyz auth.bimtrackalpha.xyz auth.bimtrackrocket.xyz auth.bimtracknightly.xyz; 1
frame-ancestors https://newapp.etracker.com https://securemail.olb.de/ 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-S3wd9oIn4Bo2Uo-pSdDTjA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; img-src https: data:; media-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; frame-src https: 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' data: *; media-src 'self' *; manifest-src 'self'; script-src 'self' https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://www.uafs.edu https://uafs.edu; 1
frame-ancestors 'self' *.vitra.com.tr cdn.cookiesuit.com www.googletagmanager.com www.google.com www.gstatic.com snap.licdn.com www.google-analytics.com connect.facebook.net *.api.useinsider.com tags.bkrtx.com static.hotjar.com script.hotjar.com maps.google.com maps.googleapis.com stats.g.doubleclick.net analytics.google.com api.cookiesuit.com 10644616.fls.doubleclick.net vars.hotjar.com stags.bluekai.com fonts.googleapis.com fonts.gstatic.com www.google.com.tr px.ads.linkedin.com https: ; default-src wss: about: data: https: 'unsafe-eval' 'unsafe-inline' 'self' https://www.vitra.com.tr https://vitra.com.tr https://vitra.com.tr https://panel.vitra.com.tr https://cdn.cookiesuit.com/ https://www.googletagmanager.com https://www.google.com www.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://vitra.api.useinsider.com https://tags.bkrtx.com https://maps.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net analytics.google.com https://api.cookiesuit.com 10644616.fls.doubleclick.net vars.hotjar.com https://stags.bluekai.com https://fonts.googleapis.com fonts.gstatic.com https://www.google.com/tr ; script-src data: wss: about: https: 'unsafe-eval' 'unsafe-inline' 'self' https://www.vitra.com.tr https://vitra.com.tr https://vitra.com.tr https://panel.vitra.com.tr https://cdn.cookiesuit.com/ https://www.googletagmanager.com https://www.google.com www.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://vitra.api.useinsider.com https://tags.bkrtx.com eitri.api.useinsider.com https://maps.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net analytics.google.com https://api.cookiesuit.com hit.api.useinsider.com 10644616.fls.doubleclick.net vars.hotjar.com https://stags.bluekai.com https://fonts.googleapis.com fonts.gstatic.com https://www.google.com/tr px.ads.linkedin.com; img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' https://vitra.api.useinsider.com https://www.vitra.com.tr https://vitra.com.tr https://vitra.com.tr https://panel.vitra.com.tr https://cdn.cookiesuit.com/ ; form-action 'self' ; report-uri hookb.in/6J1W8x3xX1ToO0ro3P3o9; 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.googletagmanager.com *.addtoany.com api.iconify.design api.simplesvg.com api.unisvg.com *.youtube-nocookie.com *.google.com *.google-analytics.com *.ytimg.com *.facebook.com forms.gle 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e22a2da3fc1a964006987fb61e47845f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors *.microsoft.com *.sharepoint.com *.office.net 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://devcommunity.x.com/logs/ https://devcommunity.x.com/sidekiq/ https://devcommunity.x.com/mini-profiler-resources/ https://global.discourse-cdn.com/twitter/assets/ https://devcommunity.x.com/extra-locales/ https://sea2.discourse-cdn.com/twitter/highlight-js/ https://sea2.discourse-cdn.com/twitter/javascripts/ https://sea2.discourse-cdn.com/twitter/plugins/ https://sea2.discourse-cdn.com/twitter/theme-javascripts/ https://sea2.discourse-cdn.com/twitter/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://platform.twitter.com/widgets.js https://devcommunity.x.com/plugins/discourse-client-performance/javascripts/discourse-client-performance.js https://platform.twitter.com/widgets.js; worker-src 'self' https://global.discourse-cdn.com/twitter/assets/ https://sea2.discourse-cdn.com/twitter/javascripts/ https://sea2.discourse-cdn.com/twitter/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src                 'self'                 'unsafe-inline'                 'unsafe-eval'                     navisite.com                     *.navisite.com                     lp.navisite.com                     play.vidyard.com             ;             font-src                 'self'                 https:                 data:                     navisite.com                     *.navisite.com                     lp.navisite.com                     fonts.googleapis.com                     fonts.gstatic.com             ;             img-src                 'self'                 https:                 data:                     navisite.com                     *.navisite.com                     lp.navisite.com                     www.google.com                     d.adroll.com                     www.facebook.com             ;             media-src                 'self'                 https:                     navisite.com                     *.navisite.com                     lp.navisite.com                     js.driftt.com             ;             frame-src                 'self'                 https:                     navisite.com                     *.navisite.com                     lp.navisite.com                     js.driftt.com             ;             style-src                 'self'                 'unsafe-inline'                 'unsafe-eval'                 https:                     navisite.com                     *.navisite.com                     fonts.googleapis.com                     *.uberflip.com                     *.pardot.com                     lp.navisite.com                     www.youtube.com                     js.driftt.com                     www.gstatic.com                     h2k8p8a6.rocketcdn.me             ;             script-src                 'self'                 'unsafe-eval'                 'unsafe-inline'                     navisite.com                     *.navisite.com                     *.uberflip.com                     *.pardot.com                     lp.navisite.com                     js.driftt.com                     bat.bing.com                     *.hotjar.com                     snap.licdn.com                     *.adroll.com                     connect.facebook.net                     js.intercomcdn.com                     d.adroll.mgr.consensu.org                     www.googletagmanager.com                     www.google-analytics.com                     www.googleadservices.com                     googleads.g.doubleclick.net                     widget.intercom.io                     cdnjs.cloudflare.com                     assets.pinterest.com                     content.cdntwrk.com                     in.ml314.com                     ml314.com                     play.vidyard.com                     h2k8p8a6.rocketcdn.me             ;             connect-src                 'self'                 https:                 wss:                     navisite.com                     *.navisite.com                     lp.navisite.com                     *.api.drift.com                     *.intercom.io                     www.youtube.com             ;             object-src                 'none'             ;  1
frame-ancestors 'self' catalogues.corolle.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://acsbapp.com/apps/app/dist/js/loader.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.8.1/jquery.validate.js https://ajax.aspnetcdn.com/ajax/mvc/4.0/jquery.validate.unobtrusive.min.js https://acsbapp.com/apps/app/dist/js/app.js https://www.google-analytics.com/analytics.js https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/api/js/ https://platform.twitter.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://syndication.twitter.com/ https://s.ytimg.com/ https://publish.twitter.com/ https://twimg.com/ https://platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.adroll.com/j/ https://d.adroll.com/consent/check/ https://d.adroll.com/pixel/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/ https://cdnjs.cloudflare.com/ajax/libs/angular.js/ https://www.googletagmanager.com/gtag/ https://ajax.googleapis.com/ajax/libs/ https://snap.licdn.com/ https://lex.33across.com/; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com kendo.cdn.telerik.com https://www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://platform.twitter.com/css/ https://fast.fonts.net https://fonts.googleapis.com/; font-src 'self' https://cdn.acsbapp.com/apps/app/dist/fonts/* fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' image/* https://cdn.acsbapp.com/apps/app/dist/media/logomono.svg *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://d.adroll.com https://img.youtube.com/vi/ *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.bidswitch.net *.yahoo.com https://eb2.3lift.com https://sync.taboola.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://cm.g.doubleclick.net https://sync.mathtag.com https://*.google.com https://match.adsrvr.org https://pippio.com *.krxd.net *.bluekai.com https://new.aam.com https://px.ads.linkedin.com/ data:; media-src 'self'; form-action 'self'; frame-src 'self' https://*.cookiebot.com https://www.youtube.com/ https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' https://process.acsbapp.com/apps/app/* https://cdn.acsbapp.com/cache/app/en.build.json https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://cdn.acsbapp.com/config/aam.com/config.json https://new.aam.com https://www.facebook.com/tr/ https://consentcdn.cookiebot.com/consentconfig/ https://maps.googleapis.com/ https://careers.aam.com https://www.google-analytics.com/ https://px.ads.linkedin.com/; object-src 'none'; 1
frame-ancestors self mudgames.in www.mudgames.in  h5.cocosjoy.com stg-play.jagran.com 35.200.132.204:3002 api.jagranplay.com *.jagranplay.com *.doubleclick.net *.google.com *.googleads.g.doubleclick.net *.securepubads.g.doubleclick.net 143.110.250.15:80 adidev01.ipadlive.com event.jagran.com preview.construct.net; 1
frame-ancestors 'self' *.uaig.net  rating.netbt.us www.amaxinsurance.com/get-a-quote 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' orc.widepoint.com; img-src 'self' www.googletagmanager.com https://www.google-analytics.com https://perf.hsforms.com s.w.org data:;style-src 'self' 'unsafe-inline'  fonts.googleapis.com;font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com ; connect-src 'self' https://forms.hsforms.com https://www.google-analytics.com ; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.hsforms.net/ https://forms.hsforms.com/ ; 1
connect-src  www.listarobinson.es; img-src 'self' www.listarobinson.es data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.mscbook.com https://checkoutshopper-live.adyen.com https://virtual-tours.msccruises.com; 1
object-src 'none'; script-src 'nonce-7zsskha+lveJOPAoSC5CKg==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
default-src        'self'        *.caymanchem.com        https://www.caymanchem.com/        *.caymanchem.com/    ; connect-src        'self'        https://www.caymanchem.com        https://www.caymanchem.com/        *.caymanchem.com        *.caymanpharma.com        *.sapphire-usa.com        *.sapphirebioscience.com        fresnel.vimeocdn.com        https://hcaptcha.com https://*.hcaptcha.com        in.hotjar.com        *.logic.azure.com        stats.g.doubleclick.net        vimeo.com        www.gstatic.com        www.google-analytics.com        caymanchem.us7.list-manage.com    ; font-src        caymanwebcdn.azureedge.net        cdn.caymanchem.com        cdn.datatables.net        cdn.jsdelivr.net        fonts.gstatic.com        pro.fontawesome.com        use.typekit.net        www.caymanchem.com    ; frame-ancestors        'self'    ; frame-src        'self'        app.fluorofinder.com        bid.g.doubleclick.net		export.highcharts.com        https://hcaptcha.com https://*.hcaptcha.com        maps.google.com        player.vimeo.com        vars.hotjar.com        www.google.com        www.googletagmanager.com        www.youtube.com    ; img-src        'self'        data:        *.caymanchem.com        *.caymanpharma.com        *.sapphire-usa.com        *.sapphirebioscience.com        67e41cd437d94bf6a5e229720d038760.svc.dynamics.com        i.vimeocdn.com        i.ytimg.com        lptag.liveperson.net        p.typekit.net        sapphirebioscience.com        www.google-analytics.com        www.google.com        *    ; object-src        'none'    ; script-src        'self'        'unsafe-eval'        'unsafe-inline'        *.caymanchem.com        *.caymanpharma.com        *.sapphire-usa.com        *.sapphirebioscience.com        67e41cd437d94bf6a5e229720d038760.svc.dynamics.com        ajax.aspnetcdn.com        ajax.googleapis.com        cdn.datatables.net        cdnjs.aspnetcdn.com        cdnjs.cloudflare.com        f.vimeocdn.com        googleads.g.doubleclick.net        https://hcaptcha.com https://*.hcaptcha.com        lptag.liveperson.net        maxcdn.bootstrapcdn.com        player.vimeo.com        snap.licdn.com        script.hotjar.com        static.hotjar.com        use.fontawesome.com        use.typekit.net        va.v.liveperson.net        www.google-analytics.com        www.google.com        www.googleadservices.com        www.googletagmanager.com        www.gstatic.com        https://www.gstatic.com        www.youtube.com        s3.amazonaws.com		caymanchem.us7.list-manage.com    ; style-src        'self'        'unsafe-inline'        *.caymanchem.com        *.caymanpharma.com        *.sapphire-usa.com        *.sapphirebioscience.com        cdn.datatables.net        cdn-images.mailchimp.com        fonts.googleapis.com        https://hcaptcha.com https://*.hcaptcha.com        lptag.liveperson.net        maxcdn.bootstrapcdn.com        pro.fontawesome.com        translate.googleapis.com        www.gstatic.com        https://www.gstatic.com    ; report-uri https://www.caymanchem.com/report-uri 1
default-src 'none';object-src 'self';form-action 'self' https://openstreetmap.opportunity-projects.de; base-uri 'self'; connect-src 'self' https://stats.opportunity.de; img-src 'self' https://*.opportunity.de https://openstreetmap.opportunity-projects.de; frame-src 'self' *.opportunity.de; script-src 'self' 'unsafe-inline' *.opportunity.de; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'self'; 1
default-src 'self' analytics.init.de sgx.geodatenzentrum.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.init.de blob:; style-src 'self' 'unsafe-inline'; img-src 'self' *.osm.org analytics.init.de data: sgx.geodatenzentrum.de 1
script-src 'unsafe-inline' 'unsafe-eval' data: filesystem: www.resolver.com resolver.com *.resolver.com *.clarity.ms *.userway.org *.js.ubembed.com a.omappapi.com ajax.googleapis.com analytics.twitter.com app.ewebinar.com assets.ewebinar.com assets.ubembed.com bat.bing.com cdn.funnelytics.io cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net content.resolver.com ct.capterra.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net i.tryinteract.com ipinfo.io jobs.jobvite.com js.chilipiper.com munchkin.marketo.net optimize.google.com play.vidyard.com snap.licdn.com static.ads-twitter.com tags.clickagy.com tags.srv.stackadapt.com ws-assets.zoominfo.com ws.zoominfo.com ws.zoominfo.com www.google-analytics.com www.google.ca www.google.com www.googleadservices.com www.googletagmanager.com www.resolver.com z.moatads.com t.unbounce.com trust.bitsighttech.com qvdt3feo.com www.resolver.com code.jquery.com js.zi-scripts.com *.hotjar.com; style-src 'unsafe-inline' https: filesystem: resolver.com cdn.jsdelivr.net cdnjs.cloudflare.com content.resolver.com fonts.googleapis.com i.tryinteract.com www.resolver.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io d.clarity.ms *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net tags.clickagy.com t.unbounce.com ; img-src https: data: filesystem: bat.bing.com www.googletagmanager.com www.resolver.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net t.unbounce.com; font-src https: data: filesystem: fonts.gstatic.com content.resolver.com www.resolver.com www.resolver.com; media-src https:; form-action https:; frame-ancestors 'self'; object-src 'self'; frame-src 'self' https: 1
worker-src blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.chilipiper.com www.youtube.com *.googleapis.com  www.datadoghq-browser-agent.com cdn.optimizely.com google.com cdn.heapanalytics.com *.pendo.io www.google-analytics.com snap.licdn.com youtube.com analytics.google.com  www.google.com fonts.gstatic.com www.gstatic.com reorg.com *.reorg.com reorg-research.com *.reorg-research.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cookie-cdn.cookiepro.com www.googletagmanager.com googleoptimize.com *.googleoptimize.com unpkg.com ; frame-src 'self' reorg.com *.reorg.com reorg-research.com *.reorg-research.com *.pendo.io reorg-research.chilipiper.com youtube.com *.youtube.com google.com *.google.com *.vimeo.com *.soundcloud.com *.doubleclick.net; frame-ancestors https://login.reorg.com https://login.qa.reorg.com http://localhost:*; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' https://*.userway.org/ https://*.welcomesoftware.com/ https://*.cmp.optimizely.com/ https://flagcdn.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://dxp-dev.rakbank.ae/ https://dxp-uat.rakbank.ae/ https://dxp-staging.rakbank.ae/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://d5xydlzdo08s0.cloudfront.net https://*.doubleclick.net/ https://www.linkedin.com/ https://*.ads.linkedin.com/ https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.youtube.com/ https://*.userway.org/ https://web-sdk-eu.aptrinsic.com/ https://www.googletagmanager.com/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com/ https://*.userway.org/ https://*.cloudfront.net/; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://*.userway.org/  https://tools.euroland.com/tools/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://www.youtube.com/ https://uatrmt.rakbankonline.ae/ https://*.rakbank.ae/ https://sc-static.net/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.userway.org/  https://www.google-analytics.com  https://maps.googleapis.com/ https://pui.episerver.net/ https://dc.services.visualstudio.com/ https://esp-eu.aptrinsic.com/ https://*.welcomesoftware.com/ https://*.cmp.optimizely.com/ https://www.youtube.com/ https://uatrmt.rakbankonline.ae/ https://*.rakbank.ae/ https://www.google.com/recaptcha/ https://localhost:8001/ http://localhost:8000/  https://www.google.com/ https://www.google.ae/ https://www.google.co.in/ https://www.google.co.uk/ https://stats.g.doubleclick.net https://adservice.google.com/ https://www.facebook.com/ https://*.vizury.com/ https://cdn25.vzeesp.com/ https://sport360.com/ https://sandbox.api.mastercard.com/ https://*.rakbankonline.ae/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://stats.g.doubleclick.net/  https://www.google.com/ https://www.google.ae/ https://www.google.co.in https://www.google.co.uk/ https://csi.gstatic.com/ https://analytics.tiktok.com/ https://analytics.google.com/ wss://localhost/ https://px.ads.linkedin.com/; frame-src 'self' https://tools.euroland.com/ https://tools.eurolandir.com/ https://www.youtube.com/ https://*.userway.org/ https://www.google.com/ https://*.doubleclick.net/; media-src 'self' https://*.userway.org/ blob:; worker-src 'self' blob:; 1
default-src 'self' data: *.fishing-v.jp *.doubleclick.net *.youtube.com *.ckeditor.com *.facebook.com *.twitter.com *.bootstrapcdn.com *.fontawesome.com *.google.com google.com *.google.co.jp *.googleapis.com *.google-analytics.com *.googleadservices.com *.w.org *.gstatic.com *.kollus.com d.line-scdn.net social-plugins.line.me s.yimg.jp ws://ntjp.mieru-ca.com/hm *.clarity.ms munchkin.marketo.net hpjp.mieru-ca.com 774-kok-634.mktoresp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fishing-v.jp *.google.com *.googleapis.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.twitter.com *.ytimg.com *.youtube.com *.fontawesome.com *.facebook.net *.twimg.com *.gstatic.com *.ckeditor.com *.bootstrapcdn.com d.line-scdn.net s.yimg.jp *.yahoo.co.jp *.doubleclick.net hm.mieru-ca.com *.clarity.ms munchkin.marketo.net hpjp.mieru-ca.com 774-kok-634.mktoresp.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.fishing-v.jp *.twimg.com *.twitter.com *.ytimg.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.ckeditor.com *.clarity.ms; img-src data: *; media-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss://*.driver.ru https://*.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.by https://mc.yandex.uz https://mc.yandex.fr https://mc.yandex.com.tr https://yandex.st https://connect.ok.ru https://vk.com https://login.vk.com https://www.odnoklassniki.ru wss://*.driverscollection.com https://*.facebook.net https://*.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.yadro.ru https://widgets.pinterest.com https://www.linkedin.com https://www.reddit.com https://cdn.ampproject.org https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://translate.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://adservice.google.ad https://adservice.google.ae https://adservice.google.al https://adservice.google.am https://adservice.google.as https://adservice.google.at https://adservice.google.az https://adservice.google.ba https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.bi https://adservice.google.bj https://adservice.google.bs https://adservice.google.bt https://adservice.google.bt https://adservice.google.by https://adservice.google.ca https://adservice.google.cd https://adservice.google.cf https://adservice.google.cf https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.cl https://adservice.google.cm https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.ck https://adservice.google.co.cr https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.kr https://adservice.google.co.ls https://adservice.google.co.ma https://adservice.google.co.mz https://adservice.google.co.nz https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.ve https://adservice.google.co.vi https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw https://adservice.google.com https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.bd https://adservice.google.com.bh https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.com.bz https://adservice.google.com.co https://adservice.google.com.cu https://adservice.google.com.cy https://adservice.google.com.ec https://adservice.google.com.eg https://adservice.google.com.et https://adservice.google.com.fj https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.com.gt https://adservice.google.com.hk https://adservice.google.com.jm https://adservice.google.com.kh https://adservice.google.com.kw https://adservice.google.com.lb https://adservice.google.com.ly https://adservice.google.com.mm https://adservice.google.com.mt https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.com.na https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.com.np https://adservice.google.com.om https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.pg https://adservice.google.com.ph https://adservice.google.com.pk https://adservice.google.com.pr https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.com.sg https://adservice.google.com.sv https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.uy https://adservice.google.com.vc https://adservice.google.com.vn https://adservice.google.cv https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.dz https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gg https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.gy https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.ie https://adservice.google.im https://adservice.google.iq https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.jo https://adservice.google.ki https://adservice.google.kg https://adservice.google.kz https://adservice.google.la https://adservice.google.li https://adservice.google.lk https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.mn https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.ne https://adservice.google.nl https://adservice.google.no https://adservice.google.nr https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.sc https://adservice.google.se https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.sm https://adservice.google.sn https://adservice.google.so https://adservice.google.sr https://adservice.google.st https://adservice.google.td https://adservice.google.tg https://adservice.google.tl https://adservice.google.tm https://adservice.google.tn https://adservice.google.to https://adservice.google.tt https://adservice.google.vg https://adservice.google.vu https://adservice.google.ws https://cdnjs.cloudflare.com; report-uri https://driverscollection.com/csp-track.php; 1
default-src 'self' https://jquery.com/; connect-src https://stats.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://www-int0.nowcom.com/ https://www.nowcom.com/; script-src https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www-int0.nowcom.com/ https://www.nowcom.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https://secure.gravatar.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://nowcomportal.blob.core.windows.net/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/ https://nowcomportal.blob.core.windows.net/; object-src 'none' 1
font-src *.gstatic.com data: *.fontawesome.com fonts.gstatic.com apps.bazaarvoice.com use.typekit.net *.zopim.com mediacdn.espssl.com themes.googleusercontent.com svcs.tql.com at.alicdn.com https://www.vintagetub.com static.photoslurp.com www.shopperapproved.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.wesupply.xyz https://wesupplylabs.com *.onetrust.com s7.addthis.com ct.pinterest.com *.visualwebsiteoptimizer.com app.vwo.com td.doubleclick.net edge.addthis.com *.sharethis.com t.pepperjamnetwork.com tpc.googlesyndication.com www.paypalobjects.com static.photoslurp.com https://salsify-ecdn.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com static-na.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com edge.curalate.com https://photos-us.bazaarvoice.com https://c1.ugc.bazaarvoice.com rd.connexity.net *.vintagetub.com *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com sp.analytics.yahoo.com ct.pinterest.com d3cgm8py10hi0z.cloudfront.net www.bizrate.com *.bing.com https://v2assets.zopim.io https://static.zdassets.com *.zopim.com *.listrakbi.com c.clarity.ms yncuaq.a.searchspring.io mediacdn.espssl.com *.sharethis.com bam.nr-data.net cfvod.kaltura.com v2uploads.zopim.io cdn.ivaws.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.analytics.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org static.photoslurp.com m.photoslurp.com www.shopperapproved.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com edge.curalate.com *.addthis.com v1.addthisedge.com s.yimg.com s.pinimg.com cdn.searchspring.net z.moatads.com *.visualwebsiteoptimizer.com app.vwo.com js-agent.newrelic.com bam.nr-data.net bat.bing.com container.pepperjam.com www.gstatic.com www.clarity.ms *.zopim.com https://static.zdassets.com *.listrakbi.com *.disqus.com cdnapisec.kaltura.com *.sharethis.com ssl.google-analytics.com tpc.googlesyndication.com *.googletagmanager.com js.cnnx.link www.bizrate.com rr.bizrate.com cdn.taboola.com trc-events.taboola.com trc.taboola.com cdn.cookielaw.org static.photoslurp.com cdn.pricespider.com https://salsify-ecdn.com www.shopperapproved.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com *.fontawesome.com fonts.googleapis.com cdn.searchspring.net use.typekit.net p.typekit.net *.listrakbi.com *.sharethis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.googletagmanager.com static.photoslurp.com www.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com edge.curalate.com v2.zopim.com www.bing.com m.photoslurp.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net https://beacon.searchspring.io/beacon edge.curalate.com wss://mpsnare.iesnare.com https://network-a.bazaarvoice.com *.onetrust.com s.yimg.com ct.pinterest.com *.visualwebsiteoptimizer.com app.vwo.com bam.nr-data.net stats.g.doubleclick.net ad.doubleclick.net i.clarity.ms m.addthis.com yncuaq.a.searchspring.io https://ekr.zdassets.com wss://*.zopim.com affirm.com *.listrakbi.com *.bing.com *.clarity.ms pagead2.googlesyndication.com cdnapisec.kaltura.com cfvod.kaltura.com cdn.searchspring.net fonts.googleapis.com fonts.gstatic.com *.sharethis.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.analytics.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org api.photoslurp.com static.photoslurp.com https://salsify-ecdn.com https://retail-client-events-service.internal.salsify.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://vin2906.report-uri.com/a/d/g; report-to report-endpoint;, upgrade-insecure-requests; 1
default-src 'self'; script-src 'self'  https://hcaptcha.com https://*.hcaptcha.com https://code.jquery.com https://www.gstatic.com https://code.jquery.com/jquery-3.3.1.min.js https://lightbox.cardx.com/v1/lightbox.min.js https://www.ssa.gov/accessibility/andi/ https://c.evidon.com  'unsafe-inline' 'unsafe-eval';    style-src 'self' https://hcaptcha.com https://*.hcaptcha.com  https://fonts.googleapis.com/css https://snappayglobal.com/Resource/  https://www.ssa.gov/accessibility/andi/andi.css 'unsafe-inline';    img-src 'self' data: https:;    font-src 'self' *.googleapis.com *.gstatic.com ;    connect-src 'self' https://l.evidon.com https://optoutapi.evidon.com; form-action https: 'self' https://hcaptcha.com *.ipg-online.com  secure.bluepay.com  https://api.lightbox.cardx.com https://3ds-acs.test.modirum.com/; frame-ancestors 'self' https:;   frame-src 'self'  https://hcaptcha.com https://*.hcaptcha.com https: https://www.google.com *.ipg-online.com secure.bluepay.com https://*.cardconnect.com https://api.lightbox.cardx.com https://lightbox.cardx.com/ https://paywithcardx.com/payment/auth.cgi securepayments.cardpointe.com *.cardpointe.com https://3ds-acs.test.modirum.com/ https://www.yokohamatire.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' mdrc.org s3.amazonaws.com stats.g.doubleclick.net www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com z.moatads.com s7.addthis.com v1.addthisedge.com m.addthis.com connect.facebook.net www.google.com cse.google.com s7.addthis.com www.youtube.com www.facebook.com maps.googleapis.com kit.fontawesome.com code.jquery.com *.googletagmanager.com *.newrelic.com cdn-cookieyes.com platform.twitter.com; object-src 'self'; style-src 'self' 'unsafe-inline' mdrc.org www.gstatic.com cdn-images.mailchimp.com fonts.googleapis.com www.google.com cdnjs.cloudflare.com; img-src 'self' data: www.google.com www.facebook.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.googletagmanager.com www.googleapis.com clients1.google.com ssl.gstatic.com d2q0qd5iz04n9u.cloudfront.net www.google-analytics.com www.google.co.uk www.google.com.my www.google.com.gh connect.facebook.net www.google.co.in googleads.g.doubleclick.net www.google.com.ph www.google.com.th www.google.ca www.google.co.za www.google.com.sg www.google.com.et www.google.es www.google.com.pk www.google.co.zm www.google.co.tz www.google.com.ua www.google.com.mx www.google.fr www.google.de www.google.pt www.google.co.zm www.gstatic.com cdn-cookieyes.com syndication.twitter.com; frame-src 'self' s7.addthis.com www.facebook.com cse.google.com www.youtube.com www.googletagmanager.com html5-player.libsyn.com secure4.saashr.com secure6.saashr.com c-hill-mdrc.shinyapps.io mdrc.shinyapps.io play.libsyn.com public.mdrc.org www.mdrc.org platform.twitter.com syndication.twitter.com; frame-ancestors 'self' secure4.saashr.com secure6.saashr.com; font-src 'self' fonts.gstatic.com ka-p.fontawesome.com cdnjs.cloudflare.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com m.addthis.com www.facebook.com connect.facebook.com ka-p.fontawesome.com kit.fontawesome.com log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com  analytics.google.com bam.nr-data.net consentlog.cookieyes.com; report-uri /report-csp-violation 1
default-src 'self' pure.okta.com *.oktacdn.com; connect-src 'self' pure.okta.com pure-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com pure.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' pure.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' pure.okta.com *.oktacdn.com; frame-src 'self' pure.okta.com pure-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' pure.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' pure.okta.com data: *.oktacdn.com fonts.gstatic.com 1
frame-ancestors 'self' https://relabel.us https://www.sos-kinderdorf.at 1
frame-ancestors 'self' http://porrtogo.staffbase.com https://porrtogo.staffbase.com http://staffbase.com capacitor://porrtogo.staffbase.com capacitor://staffbase.com localhost:* 1
script-src 'self' 'unsafe-inline' https://spi.uz/ https://www.gstatic.com https://www.google.com https://api-maps.yandex.ru https://yandex.st https://cdn.jsdelivr.net https://fonts.googleapis.com https://yastatic.net https://yandex.ru/; default-src 'self'; img-src 'self' data: https://api-maps.yandex.ru https://spi.uz/ https://core-renderer-tiles.maps.yandex.net; object-src 'none'; frame-src 'self' https://www.google.com https://chat.spi.uz https://yandex.ru/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://chat.spi.uz; style-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://itk.spi.uz 1
object-src data:; base-uri 'self' studio.plasmic.app; frame-ancestors 'self' studio.plasmic.app partners.abnormalsecurity.com cms.abnormalsecurity.com staging-cms.abnormalmarketing.dev 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://d2d7do8qaecbru.cloudfront.net blob: https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.akamaihd.net https://services.postcodeanywhere.co.uk https://translate.yandex.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://tr.snapchat.com https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.growgorgeous.com https://checkout.growgorgeous.com https://m.growgorgeous.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://ssl.bing.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai http://platform.twitter.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.paderborn.de *.krz.de 1
default-src 'none'; script-src 'self' 'unsafe-eval' *.workable.com *.cloudfront.net *.clarity.ms *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.art19.com *.hellowaitwhat.com *.facebook.net *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.firebaseapp.com *.stripe.com *.tinypass.com *.cloudfunctions.net https://ausi.github.io/ *.twitter.com 'sha256-juq9zO2WCA9w5Ga1d7nhJnOeqHQC8lzcPJcK7NoNNfw='  'sha256-CdFExR5DPU/IrgPgJNDpJlYX5YBpw+fC5lJWxpl+CXk='  'sha256-+U8zzTDQo9LD6nz3M/zfxbMqk48CNeEfTBtf62rfnbI=' ; font-src 'self' *.art19.com data: *.hellowaitwhat.com; img-src 'self' data: https://images.squarespace-cdn.com *.bing.com *.clarity.ms *.hsforms.net *.hsforms.com *.hubspot.com *.art19.com *.hellowaitwhat.com *.facebook.net *.facebook.com *.google-analytics.com *.doubleclick.net *.google.com *.firebaseapp.com *.stripe.com https://ausi.github.io/ *.googletagmanager.com *.vimeocdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.art19.com *.hellowaitwhat.com *.google.com; frame-src 'self' *.youtube.com *.art19.com *.hellowaitwhat.com *.hsforms.com *.facebook.net *.facebook.com *.stripe.com *.tinypass.com *.google.com *.firebaseapp.com https://ausi.github.io/ *.twitter.com *.vimeo.com *.spotify.com; form-action 'self' mastersofscale.com *.hellowaitwhat.com hellowaitwhat.com *.hsforms.com *.list-manage.com *.facebook.net *.facebook.com; frame-ancestors 'self'; base-uri 'self'; manifest-src 'self'; connect-src 'self' *.clarity.ms wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.hsforms.net *.hsforms.com *.hscollectedforms.net *.art19.com *.sentry-cdn.com *.sentry.io *.stripe.com *.piano.io *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net *.tinypass.com *.facebook.com *.firebaseapp.com *.cloudfunctions.net; media-src 'self' mastersofscale.com *.hellowaitwhat.com *.art19.com; 1
default-src * data: ;script-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com syndication.twitter.com https://www.vimeo.com https://tagmanager.google.com https://*.cloudflare.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googleoptimize.com https://polyfill.io https://js.adsrvr.org https://*.siteimprove.net https://siteimproveanalytics.com https://connect.facebook.net https://snap.licdn.com https://www.fullstory.com https://fullstory.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.adsymptotic.com https://*.nr-data.net https://*.googleapis.com https://*.analytics.google.com https://analytics.google.com https://tags.srv.stackadapt.com https://*.stackadapt.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://*.cloudflare.com https://*.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://*.typekit.net https://tags.srv.stackadapt.com https://*.stackadapt.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://*.bootstrapcdn.com; connect-src 'self'  https://tagmanager.google.com https://analytics.google.com https://*.energytrust.org https://*.ipstack.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.nr-data.net https://*.pantheonsite.io https://*.energytrust.org  https://*.googleapis.com https://tags.srv.stackadapt.com https://*.stackadapt.com; frame-src 'self' platform.twitter.com https://*.doubleclick.net https://match.adsrvr.org https://insight.adsrvr.org https://www.facebook.com https://*.youtube.com https://player.vimeo.com https://youtu.be https://*.google.com https://*.orgchartnow.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com js-agent.newrelic.com bam.nr-data.net cdn.plyr.io www.googletagmanager.com www.google-analytics.com connect.facebook.net www.youtube.com player.vimeo.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net chat.satis.fi prod-satisfilabs-resources-gcs.satis.fi https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; media-src res.cloudinary.com www.youtube.com m.youtube.com vimeo.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net; img-src 'self' data: res.cloudinary.com i.ytimg.com i.vimeocdn.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net prod-satisfilabs-resources-gcs.satis.fi www.facebook.com www.google-analytics.com; frame-src 'self' console.cloudinary.com cloudinary.com w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com chat.satis.fi www.facebook.com; style-src 'unsafe-inline' 'self' 'unsafe-inline' cdn.plyr.io use.typekit.net p.typekit.net d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net chat.satis.fi; manifest-src 'self' d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net; font-src 'self' use.typekit.net prod-satisfilabs-resources-gcs.satis.fi; connect-src 'self' https://ramp.mysticaquarium.org api.swiftype.com vimeo.com cdn.plyr.io https://d35y46dv539h1e.cloudfront.net noembed.com bam.nr-data.net chat.satis.fi prod-satisfilabs-resources-gcs.satis.fi www.google-analytics.com; 1
require-trusted-types-for 'script';report-uri /_/ConversionPanelUi/cspreport 1
default-src: 'self'; style-src: 'self' https://fonts.googleapis.com; font-src: 'self' https://fonts.gstatic.com; 1
default-src 'report-sample' 'self'; base-uri 'self'; child-src 'self' https://app.marker.io; connect-src 'self' https://*.clarity.ms https://*.cloudsponge.com https://*.hotjar.com https://*.hotjar.io https://*.marker.io https://*.omappapi.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.withgoogle.com https://api.idonate.com/embed/ https://bat.bing.com https://connect.facebook.net https://doublethedonation.com https://embedr.flickr.com https://rest.boxcast.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net https://tags.wdsvc.net https://maps.googleapis.com https://www.facebook.com https://www.googletagmanager.com wss://*.hotjar.com wss://*.firebaseio.com; font-src 'self' data: https://*.marker.io https://api.cloudsponge.com https://cdnjs.cloudflare.com/ajax/ https://doublethedonation.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://js.boxcast.com https://static.formstack.com https://use.fontawesome.com https://www.bigmarker.com https://www.wycliffe.org https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2; frame-src 'self' https://*.doubleclick.net https://*.firebaseio.com https://*.googlesyndication.com https://app.marker.io https://boxcast.tv https://cse.google.com https://embed.idonate.com https://player.vimeo.com https://request.eprotect.vantivcnp.com https://vars.hotjar.com https://vimeo.com https://w.soundcloud.com https://www.bigmarker.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.podbean.com https://www.youtube.com; frame-ancestors 'self' https://wycliffe.org; img-src 'self' data: *; manifest-src 'self'; media-src 'self' https://*.marker.io; object-src 'self'; script-src 'report-sample' 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.firebaseio.com https://www.wycliffe.org https://*.flickr.com https://*.googleapis.com https://*.hotjar.com https://*.marker.io https://*.omappapi.com https://api.cloudsponge.com https://bat.bing.com https://cdn.jsdelivr.net https://cdn.logwork.com/widget/ https://cdn.polyfill.io https://cdn.tailwindcss.com https://cdnjs.cloudflare.com/ajax/ https://connect.facebook.net https://cse.google.com https://embed.idonate.com https://doublethedonation.com https://googleads.g.doubleclick.net https://js.boxcast.com https://kit.fontawesome.com https://pi.pardot.com https://player.vimeo.com https://maxcdn.bootstrapcdn.com https://request.eprotect.vantivcnp.com https://static.formstack.com https://static.hotjar.com https://tags.wdsvc.net https://unpkg.com/imagesloaded@4/ https://wycliffe.formstack.com https://www.bigmarker.com https://www.clarity.ms https://www.eventbrite.com/static/ https://*.google-analytics.com https://www.google.com/cse/ https://www.google.com/jsapi https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://*.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://www2.wycliffe.org; script-src-elem 'report-sample' 'self' 'unsafe-inline' https://www.wycliffe.org https://*.firebaseio.com https://*.flickr.com https://*.googleapis.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.hotjar.com https://*.marker.io https://*.omappapi.com https://api.cloudsponge.com https://bat.bing.com https://cdn.jsdelivr.net https://cdn.logwork.com/widget/ https://cdn.tailwindcss.com https://cdn.polyfill.io https://cdnjs.cloudflare.com/ajax/ https://connect.facebook.net https://cse.google.com https://doublethedonation.com https://embed.idonate.com https://googleads.g.doubleclick.net https://js.boxcast.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://player.vimeo.com https://request.eprotect.vantivcnp.com https://static.formstack.com https://static.hotjar.com https://tags.wdsvc.net https://unpkg.com/imagesloaded@4/ https://wycliffe.formstack.com https://www.bigmarker.com https://www.clarity.ms https://www.eventbrite.com/static/ https://www.google.com/cse/ https://www.google.com/jsapi https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.pagespeed-mod.com https://www.youtube.com https://www2.wycliffe.org; style-src 'report-sample' 'self' 'unsafe-inline' https://*.omappapi.com https://*.google.com https://api.cloudsponge.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/ https://cloud.typography.com https://doublethedonation.com https://fonts.googleapis.com https://static.formstack.com https://use.fontawesome.com https://www.wycliffe.org https://maxcdn.bootstrapcdn.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' https://*.omappapi.com https://*.google.com https://api.cloudsponge.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/ https://cloud.typography.com https://doublethedonation.com https://fonts.googleapis.com https://static.formstack.com https://use.fontawesome.com https://www.googletagmanager.com https://www.wycliffe.org https://maxcdn.bootstrapcdn.com; worker-src 'none'; report-uri https://o1409076.ingest.sentry.io/api/6745134/security/?sentry_key=c1e4b0915e334f2884541edd0cb3a1b0 1
default-src https: https://*.wistia.com https://*.wistia.net wss://ufa.uberflip.com https://*.marketo.com https://*.marketo.net; img-src * data:; font-src * data:; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; worker-src 'self' blob:; child-src 'self' blob: *.driftt.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net youtube.com www.youtube.com s7.addthis.com *.transistor.fm *.google.com *.pros.com www.iorad.com 4x8oo3.axshare.com s.company-target.com; script-src 'self' 'unsafe-eval' *.googletagmanager.com *.driftt.com *.demandbase.com *.google-analytics.com *.cookielaw.org *.licdn.com *.crazyegg.com *.bizible.com *.cloudfront.net *.onetrust.com *.bidr.io *.marketo.com *.marketo.net *.leadspace.com *.wistia.com cdnjs.cloudflare.com cdn.jsdelivr.net scout-cdn.salesloft.com  content.cdntwrk.com *.addthis.com *.uberflip.com *.addthisedge.com z.moatads.com ml314.com *.ml314.com *.googleoptimize.com *.google.com ajax.googleapis.com *.pros.com uberflip.cdntwrk.com *.pcdn.co code.createjs.com *.sprinklr.com tmp.argusplatform.com analytics.funnelfuel.io j.6sc.co 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com content.cdntwrk.com cihost.uberflip.com maxcdn.bootstrapcdn.com use.fontawesome.com pros.com hello.myfonts.net *.uberflip.com *.google.com app-abj.marketo.com *.marketo.com *.marketo.net *.pros.com *.pcdn.co *.sprinklr.com rlcdn.com *.crazyegg.com 1
frame-src ops-cb.namabank.com.vn ops-static.namabank.com.vn ; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be  https://app.usercentrics.eu/ https://burden.sciensano.be; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1
default-src 'self' ; base-uri 'self' ; connect-src 'self' https://api-v1.cromwell.co.uk https://*.analytics.google.com https://*.ariba.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googletagmanager.com https://*.zoovu.com https://4pgv9quzck.execute-api.eu-west-1.amazonaws.com/dev/ https://63di6za7i5.execute-api.eu-west-1.amazonaws.com/prod/ https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/ https://cognito-idp.eu-west-1.amazonaws.com https://d271flgwt028im.cloudfront.net/public-assets/ https://db39q5fy19vb3.cloudfront.net/zoovu/ https://digitalfeedback.euro.confirmit.com/api/digitalfeedback/loader/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://maps.googleapis.com https://privacyportal.onetrust.com/request/v1/ https://sentry.smartassistant.com/api/ https://tags.srv.stackadapt.com ; font-src 'self' data: https://*.zoovu.com/ https://fonts.gstatic.com ; frame-ancestors 'self' http://*.chem.royston.jm https://*.ariba.com https://ebuy.bt.bombardier.net:44300 https://sourcing-compass.honeywell.com ; frame-src https://*.doubleclick.net https://cromwell-industrial.co.uk https://survey.euro.confirmit.com https://view.genial.ly https://widget.trustpilot.com https://www.google.com https://www.youtube.com ; img-src 'self' data: https://www.cromwell.co.id https://www.cromwell.co.in https://www.cromwell.co.th https://www.cromwell.co.uk https://staff.cromwell.co.uk https://www.cromwell.co.za https://www.cromwell.com.my https://www.cromwell.pl https://www.cromwell.ro https://www.doitcromwell.co.uk https://www.kennedy-tools.co.uk https://www.ted.co.uk https://www.ted.ie https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.zoovu.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://cdn.cookielaw.org https://content.zoro.co.uk https://d3smx8fpgq4j0l.cloudfront.net https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://retailer.commerce-connector.com https://static-content.cromwell.co.uk https://t.co https://via.placeholder.com https://www.ansell.com https://www.google.co.uk https://www.google.com ; script-src 'self' 'unsafe-inline' https://*.clarity.ms https://*.googletagmanager.com https://*.zoovu.com https://bat.bing.com https://cdn.cookielaw.org/scripttemplates/ https://code.jquery.com https://digitalfeedback.euro.confirmit.com/api/digitalfeedback/ https://geolocation.onetrust.com/cookieconsentpub/v1/ https://maps.googleapis.com https://optanon.blob.core.windows.net https://snap.licdn.com/li.lms-analytics/ https://static.ads-twitter.com https://tags.srv.stackadapt.com https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.gstatic.com/recaptcha/releases/ ; style-src 'self' 'unsafe-inline' https://*.zoovu.com https://fonts.googleapis.com https://optanon.blob.core.windows.net https://tags.srv.stackadapt.com ; object-src 'none' ; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub7daccecd3c293d254b0adbee5db73e00&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=account_name%3Ab2m-prod%2Cenv%3Aprod%2Creport-type%3Areport-uri ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://gum.criteo.com https://fledge.eu.criteo.com blob: https://www.provenance.org https://app.qubit.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://*.contentsquare.net https://api.provenance.org https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://analytics.tiktok.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myvegan.com https://*.vimeocdn.com https://*.akamaized.net https://*.pndsn.com https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://player.vimeo.com https://tr.snapchat.com https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.myvegan.com https://m.myvegan.com https://checkout.myvegan.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://download-media.akamaized.net https://*.myvegan.com https://*.vimeocdn.com https://player.vimeo.com https://*.akamaized.net https://*.vimeocdn.com blob: https://*.myvegan.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://*.contentsquare.net https://app.contentsquare.com https://unpkg.com/@provenance/ https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://ucarecdn.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://cdn.pubnub.com https://tr.snapchat.com https://lantern.roeyecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google.com https://www.googletagmanager.com http://www.google-analytics.com https://www.googleadservices.com https://api.ipify.org https://zn8zst2cvb1znxgeq-bmwna.siteintercept.qualtrics.com https://connect.facebook.net https://www.gstatic.com https://siteintercept.qualtrics.com https://static-na.payments-amazon.com https://ssl.google-analytics.com https://js.stripe.com https://assets.adobedtm.com https://www.paypal.com https://zn9yrhiyy7ikq7gwi-bmwna.siteintercept.qualtrics.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net;font-src 'self' https://fonts.gstatic.com https://use.typekit.net;img-src 'self' data: https://adservice.google.co.in https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://bmw-accessories-configurator.com https://images-na.ssl-images-amazon.com https://images-na.ssl-images-amazon.com https://assets.shopbmwusa.com http://www.google-analytics.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://payments.amazon.com https://www.googletagmanager.com https://ssl.google-analytics.com https://shopbmwusa.com https://bmwmotor.122.2o7.net https://cache.miniusa.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://adservice.google.com https://www.paypalobjects.com;connect-src 'self' https://stats.g.doubleclick.net https://assets.shopbmwusa.com https://www.facebook.com https://www.paypal.com https://api.braintreegateway.com https://siteintercept.qualtrics.com https://payments.amazon.com https://apay-us.amazon.com https://www.google-analytics.com https://dpm.demdex.net https://payments.braintree-api.com  https://client-analytics.braintreegateway.com https://bmwgroupusa.mbwwit.com https://analytics.google.com;frame-src 'self' https://bmwna.co1.qualtrics.com https://apay-us.amazon.com https://3864313.fls.doubleclick.net https://www.google.com https://js.stripe.com https://static-na.payments-amazon.com https://8203642.fls.doubleclick.net https://td.doubleclick.net https://checkout.paypal.com https://www.paypal.com https://assets.braintreegateway.com https://www.facebook.com;frame-ancestors 'self' ;media-src 'self' https://assets.shopbmwusa.com; 1
frame-ancestors 'self' grn-www.freedomboatclub.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com use.typekit.net https://cc.cdn.civiccomputing.com https://imagesloaded.desandro.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net https://p.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: *.google-analytics.com *.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com p.typekit.net; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://html5-player.libsyn.com https://www.youtube-nocookie.com https://share.transistor.fm; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io https://apikeys.civiccomputing.com; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: consent.cookiebot.com consentcdn.cookiebot.com cookiebot.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.gstatic.com static.ads-twitter.com a.quora.com quora.com snap.licdn.com s-na1.hs-scripts.com js-na1.hs-scripts.com hs-scripts.com js.hsforms.net hs-scripts.com www.clarity.ms clarity.ms js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hubspot.com googleads.g.doubleclick.net bizzabo.com organizer.bizzabo.com events.bizzabo.com wp.com stats.wp.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com yoast.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
report-uri https://ulcm.report-uri.com/r/d/csp/enforce;base-uri 'none';object-src 'none';frame-ancestors 'self';form-action 'self' https://www.facebook.com;upgrade-insecure-requests;script-src 'self' https://www.googletagmanager.com/ https://bat.bing.com/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://api.swiftype.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://platform.twitter.com/ https://script.crazyegg.com/ 'unsafe-inline' 'strict-dynamic' 'nonce-fvCC7fL4ybEJI1buknynnscEPIRDaL3X' 1
frame-ancestors backupassist.com *.backupassist.com 1
default-src 'self' 'unsafe-inline' *.ggc.byf1.io *.grandchallenges.org *.youtube.com youtu.be *.youtube-nocookie.com https://www.google-analytics.com/ https://*.googletagmanager.com/ https://fonts.googleapis.com/ https://go.communications.gatesfoundation.org/ https://*.typekit.net/ https://fonts.gstatic.com https://*.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ggc.byf1.io *.grandchallenges.org *.youtube.com youtu.be https://www.google-analytics.com/ https://*.googletagmanager.com/ https://fonts.googleapis.com/ https://go.communications.gatesfoundation.org/ https://*.typekit.net/ https://fonts.gstatic.com https://*.cookielaw.org; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com https://fonts.googleapis.com/ data:; 1
frame-ancestors 'self' *.queerty.com *.lgbtqnation.com *.intomore.com *.pantheonsite.io 1
default-src 'self' data: https://mc.yandex.md/ https://www.google.by https://www.gstatic.com https://analytics.google.com http://www.google.com/ https://www.google.kz  https://mc.yandex.ru/ https://www.google-analytics.com https://www.youtube.com https://api-maps.yandex.ru https://bitrix.info https://www.googletagmanager.com https://cdnjs.cloudflare.com https://yastatic.net https://*.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com http://www.google.com https://www.google.kz  https://mc.yandex.ru/ https://api-maps.yandex.ru  https://www.google-analytics.com https://bitrix.info https://www.googletagmanager.com https://cdnjs.cloudflare.com https://yastatic.net https://core-renderer-tiles.maps.yandex.net; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://www.gstatic.com http://www.google.com  https://www.google.kz https://mc.yandex.ru/ https://www.google-analytics.com https://www.google.com https://www.google.ru  https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net blob: ; font-src 'self' ; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://track.bikesonline.com.au https://help.catch.com.au https://uattesting-catch.cs112.force.com; 1
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 1
child-src *.facebook.com connect.facebook.net ;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net *.facebook.com connect.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com *.flockler.com https://*.omappapi.com https://analytics.tiktok.com https://*.cognitoforms.com https://apps.elfsight.com https://cdn.linkedin.oribi.io ;default-src 'self' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ;font-src 'self' data: https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io ;form-action 'self' *.facebook.com connect.facebook.net secure.oxfamnovib.nl ;frame-ancestors 'self' ;frame-src 'self' https://bid.g.doubleclick.net https://atlas.oxfamnovib.nl https://11674542.fls.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.facebook.com connect.facebook.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io app.vwo.com *.visualwebsiteoptimizer.com www.youtube.com mchd-1sbqh9xf5gt4z7rdck6c-78.pub.sfmc-content.com https://cloud.supporters.oxfamnovib.nl https://twitframe.com https://platform.twitter.com https://www.anbigift.nl https://actions.oxfam.org ;img-src 'self' data: www.googletagmanager.com  https://ssl.gstatic.com  https://www.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://11674542.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com *.facebook.com *.facebook.net *.fbcdn.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com flockler.com *.flockler.com https://*.omappapi.com https://analytics.twitter.com/ https://t.co/ https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com ;report-uri /cspreport ;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://graph.facebook.com https://js.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://*.optnmnstr.com https://*.omappapi.com ;script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.hotjar.com *.visualwebsiteoptimizer.com 'unsafe-inline' *.flockler.com https://*.optnmnstr.com https://*.omappapi.com https://analytics.tiktok.com https://*.cognitoforms.com https://code.jquery.com https://platform.twitter.com https://static.ads-twitter.com https://apps.elfsight.com https://static.elfsight.com https://storage.elfsight.com https://www.youtube.com https://apis.google.com https://snap.licdn.com https://pym.nprapps.org ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://*.omappapi.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.flockler.com https://*.omappapi.com ;worker-src 'self' blob:; 1
default-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.googleapis.com; 1
frame-ancestors 'self' jionews.com 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.google.com *.google.ro *.youtube.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.cardinalcommerce.com *.bootstrapcdn.com *.smct.io smct.co 'self' data: *.useinsider.com *.facebook.com https://www.facebook.com https://static.xx.fbcdn.net *.fbcdn.net *.clarity.ms data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com https://www.facebook.com *.2performant.com *.profitshare.ro https://profitshare.ro/tgt/js https://profitshare.ro *.litera.ro 'self' data: 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.facebook.com https://www.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.innoship.ro *.twitter.com *.demdex.net *.google.com *.googleapis.com *.addthis.com smct.co *.cloudfront.net *.facebook.com https://www.facebook.com *.2performant.com *.profitshare.ro https://profitshare.ro/tgt/js https://profitshare.ro *.apple.com *.googlesyndication.com *.useinsider.com 'self' data: e.issuu.com edu.litera.ro *.fbcdn.net https://static.xx.fbcdn.net *.doubleclick.net *.clarity.ms 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: maps.gstatic.com *.googleapis.com *.ggpht www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.googleapis.com *.gstatic.com *.tile.openstreetmap.org *.openstreetmap.org *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com https://www.facebook.com *.doubleclick.net *.google.com *.google.ro *.googletagmanager.com *.fbsbx.com *.trusted.ro *.searchanise.com *.ggpht.com *.smct.io *.litera.ro cdn.litera.ro staging.litera.ro *.smct.co *.useinsider.com *.paypalobjects.com *.2performant.com *.profitshare.ro https://profitshare.ro/tgt/js https://profitshare.ro 'self' data: https://static.xx.fbcdn.net *.fbcdn.net *.clarity.ms https://s3.eu-west-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.facebook.com https://www.facebook.com *.google.ro *.google.com *.newsman.app *.doubleclick.net *.addthis.com *.addthisedge.com *.googlesyndication.com *.tiktok.com smct.co *.smct.io *.payments-amazon.it *.googletagmanager.com *.paypal.com *.apple.com *.7w.ro *.useinsider.com plausible.io attr-2p.com *.2performant.com *.profitshare.ro https://profitshare.ro/tgt/js https://profitshare.ro e.issuu.com edu.litera.ro https://static.xx.fbcdn.net *.fbcdn.net https://www.clarity.ms *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bootstrapcdn.com *.smct.io *.apple.com *.useinsider.com 'self' data: *.facebook.com https://www.facebook.com https://static.xx.fbcdn.net *.fbcdn.net *.clarity.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.demdex.net *.facebook.com *.facebook.net https://www.facebook.com *.google.com *.google.ro *.google-analytics.com *.omtrdc.net *.amplitude.com *.gstatic.com *.cardinalcommerce.com *.tiktok.com *.smct.io smct.co *.amazonaws.com *.doubleclick.net *.7w.ro *.2performant.com *.profitshare.ro https://profitshare.ro/tgt/js https://profitshare.ro attr-2p.com *.useinsider.com plausible.io 'self' data: e.issuu.com edu.litera.ro stats.g.doubleclick.net https://static.xx.fbcdn.net *.fbcdn.net *.clarity.ms *.googlesyndication.com https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://static.xx.fbcdn.net *.fbcdn.net *.facebook.com https://www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'  blob: *.bailliegifford.com https://d2yo5j8385mod6.cloudfront.net http://video.bailliegifford.com https://video.bailliegifford.com https://diny04oi6alqe.cloudfront.net https://d1jbu16z788zgx.cloudfront.net https://*.gstatic.com https://*.googleapis.com https://www.google.com https://*.typekit.net *.mktoresp.com https://*.cookiebot.com/ https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://*.hotjar.com https://*.doubleclick.net wss://*.hotjar.com https://app-lon09.marketo.com/ *.twitter.com:* *.ads-twitter.com:* *.facebook.com:* *.linkedin.com:* https://t.co/ http://t.co/ https://vc.hotjar.io/ https://content.hotjar.io/ https://sslwidget.criteo.com/ https://fml-x.com https://tk-static.fml-x.com https://138-xij-867.mktorest.com/; script-src 'self'  'unsafe-eval' 'unsafe-inline'  blob: *.bailliegifford.com blob: *.azurewebsites.net blob: *.typekit.net https://*.typekit.net http://app-lon09.marketo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js munchkin.marketo.net https://d1jbu16z788zgx.cloudfront.net https://diny04oi6alqe.cloudfront.net www.googletagmanager.com www.google-analytics.com https://*.google.com https://www.gstatic.com https://maps.googleapis.com https://*.googleapis.com http://4a3dbfdd6470b7f43a03-1ec0805dd88c137a7d9b221342ef4c8b.r63.cf1.rackcdn.com ssl.p.jwpcdn.com p.jwpcdn.com https://js.hs-scripts.com/5368402.js https://js.hs-analytics.net/analytics/ https://*.cookiebot.com/ http://tagmanager.google.com https://static.cloudflareinsights.com/ https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://www.googleadservices.com/ http://www.googleadservices.com/ https://*.hotjar.com/ *.twitter.com:* *.ads-twitter.com:* https://connect.facebook.net:* *.facebook.com:* *.linkedin.com:* *.criteo.com:* https://static.criteo.net/ https://t.co/ http://t.co/  https://insight.bailliegifford.com/ https://web.bailliegifford.com https://fml-x.com https://tk-static.fml-x.com https://cdn.jwplayer.com/libraries/vbzUlmP4.js https://*.ceros.com/; style-src 'self'  'unsafe-inline'  *.bailliegifford.com  http://app-lon09.marketo.com/js/forms2/css/forms2-theme-simple.css  http://app-lon09.marketo.com/js/forms2/css/forms2-theme-inset.css  http://app-lon09.marketo.com/js/forms2/css/forms2.css  https://d1jbu16z788zgx.cloudfront.net  https://diny04oi6alqe.cloudfront.net  https://*.typekit.net  https://*.googleapis.com  https://tagmanager.google.com https://cdn.fonts.net  https://*.ceros.com/; img-src 'self'  data: https://*.typekit.net https://d2yo5j8385mod6.cloudfront.net https://diny04oi6alqe.cloudfront.net https://d1jbu16z788zgx.cloudfront.net https://stats.g.doubleclick.net https://*.fls.doubleclick.net https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://*.gstatic.com https://*.googleapis.com *.bailliegifford.com *.jwpltx.com www.google-analytics.com *.google-analytics.com *.analytics.google.com https://bglivemedia.blob.core.windows.net https://geo0.ggpht.com/cbk https://track.hubspot.com/__ptq.gif https://www.google.com https://www.googletagmanager.com https://www.google:* https://www.google.co.uk https://p.adsymptotic.com https://www.google.pl/ https://googleads.g.doubleclick.net adf79a6387b6.o3n.io *.twitter.com:* *.ads-twitter.com:* *.facebook.com:* *.linkedin.com:* https://t.co/ http://t.co/ https://stpukswebsharedmedia.blob.core.windows.net https://secure.adnxs.com/ https://fml-x.com https://tk-static.fml-x.com *.privacysandbox.googleadservices.com https://cm.g.doubleclick.net  https://stdukswebsharedmedia.blob.core.windows.net; media-src 'self'  https://stdukswebsharedmedia.blob.core.windows.net  https://stpukswebsharedmedia.blob.core.windows.net  https://bguatmedia.blob.core.windows.net  https://ap-int-sheq-2.azurewebsites.net  *.bailliegifford.com  http://video.bailliegifford.com  https://video.bailliegifford.com  https://bglivemedia.blob.core.windows.net  https://d1jbu16z788zgx.cloudfront.net  https://d2yo5j8385mod6.cloudfront.net  blob: *.bailliegifford.com  https://bgdevmedia.blob.core.windows.net; font-src 'self'  https://cdn.fonts.net  data: https://*.typekit.net http://*.typekit.net https://diny04oi6alqe.cloudfront.net https://fonts.gstatic.com ssl.p.jwpcdn.com; object-src 'self' ssl.p.jwpcdn.com; frame-src https://*.bailliegifford.com  https://app-lon09.marketo.com/  http://www.googletagmanager.com  https://www.google.com/recaptcha/  https://5358203.fls.doubleclick.net  https://9001729.fls.doubleclick.net/  https://d14ed0t47z3981.cloudfront.net  https://d1jbu16z788zgx.cloudfront.net  https://*.cookiebot.com/  https://vars.hotjar.com/  http://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.ceros.com/; frame-ancestors 'self'  https://*.ceros.com/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://budgetlightforum.com/logs/ https://budgetlightforum.com/sidekiq/ https://budgetlightforum.com/mini-profiler-resources/ https://budgetlightforum.com/assets/ https://budgetlightforum.com/extra-locales/ https://budgetlightforum.com/highlight-js/ https://budgetlightforum.com/javascripts/ https://budgetlightforum.com/plugins/ https://budgetlightforum.com/theme-javascripts/ https://budgetlightforum.com/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://budgetlightforum.com/assets/ https://budgetlightforum.com/javascripts/ https://budgetlightforum.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.pfsweb.com https://*.pfscommerce.com https://cdn.cookielaw.org https://script.crazyegg.com https://*.googletagmanager.com https://fonts.googleapis.com https://s.swiftypecdn.com https://*.gstatic.com https://*.zoominfo.com https://js.hs-scripts.com https://*.youtube.com https://*.visitor-track.com https://*.licdn.com https://*.facebook.net https://*.sumo.com https://*.doubleclick.net https://*.vimeo.com https://boards.greenhouse.io https://*.greenhouse.io https://*.google-analytics.com https://*.googleadservices.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://sumo.com https://*.googleapis.com https://forms.hubspot.com https://*.bootstrapcdn.com https://wufoo.com https://*.wufoo.com https://*.hubapi.com https://*.hsforms.net https://*.hsforms.com https://*.s3.amazonaws.com https://*.google.com https://graph.facebook.com https://*.swiftype.com https://*.bing.com https://js.usemessages.com ; img-src * 'self' data:; report-uri https://pfsweb.report-uri.com/r/d/csp/wizard 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.piano.io *.tinypass.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net cdn.ampproject.org *.googlesyndication.com adservice.google.com *.ampproject.net cdn.linkedin.oribi.io forms.hubspot.com forms.hscollectedforms.net api.hubapi.com js.hs-banner.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecyberwire.com *.piano.io *.tinypass.com www.npttech.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net code.jquery.com pay.gocardless.com cdn.ampproject.org snap.licdn.com js-na1.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net; frame-src 'self' *.tinypass.com *.megaphone.fm *.vimeo.com *.youtube.com cyberwire.wufoo.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: i.vimeocdn.com www.googletagmanager.com www.google.com translate.google.com *.google-analytics.com *.analytics.google.com www.gstatic.com *.linkedin.com *.adsymptotic.com forms.hsforms.com track.hubspot.com; media-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; report-uri /csp/report 1
default-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src *;object-src 'none';script-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline' https: 'unsafe-eval';script-src-attr 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline' https: 'unsafe-eval';style-src 'self' *.sixt-neuwagen.de *.sixt-leasing.com https: 'unsafe-inline';upgrade-insecure-requests;frame-src *;connect-src * 1
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; script-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; connect-src * 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' ws: wss: blob: data: 'unsafe-eval' *.pjplace.com *.sugarandjade.com *.gymboree.com *.childrensplace.com *.rewardstyle.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com *.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com gymboree.fhsxpf.net *.pegacloud.net *.epsilon.com *.wufoo.com match.prod.bidr.io *.adsrvr.org *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com *.mapbox.com search-dr.unbxd.io *.speedcurve.com *.afterpay.com *.us.afterpay.com *.cloudflare.com *.paysecure.acculynk.net tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.tiktok.com *.loggly.com *.pinterest.com s.pinimg.com sugarjade.sjv.io *.syteapi.com *.pinterest.com s.pinimg.com *.criteo.com *.criteo.net utt.impactcdn.com pj-place.sjv.io *.youtube.com *.pega.digital js.appboycdn.com sdk.iad-05.braze.com *.raygun.com *.pixlee.co *.edgecastcdn.net *.turnto.com *.ytimg.com *.tcpholidaycountdown.com *.rokt.com rest.iad-05.braze.com; worker-src 'self' blob: 1
connect-src data: https://auth.passage.id https://storage.googleapis.com https://checkout.stripe.com; frame-src https://checkout.stripe.com; script-src 'self' 'nonce-0deaf0a17843241a75e7bc0ad343457f'; object-src 'none'; base-uri 'none'; img-src 'self' https://*.stripe.com; style-src 'self' https://cdn.cache.lol; frame-ancestors 'none'; font-src 'self' https://cdn.cache.lol; default-src 'none'; form-action 'self' 1
base-uri 'self'; form-action 'self' https://high5.nl; frame-ancestors 'none'; default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://high5.nl https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; 1
frame-ancestors 'self' *.stoneshot.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-NyQufPKC5h9Kuh6sF//29Q=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://ai.wiki; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'self' statistiek.rijksoverheid.nl 'report-sample' 'sha256-7yhooqwNYVEOl887EMUjbAUCTSKfwShYcXAR7GMdHb4='; object-src 'none'; style-src 'self' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='; img-src statistiek.rijksoverheid.nl *.rovid.nl 'self' data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self'; font-src 'self'; report-uri https://sentry.dtnr.nl/api/39/security/?sentry_key=1fd69fe64819432c9ab270f861d038a3&sentry_environment=production 1
default-src 'self' data: blob: *.navattic.com  *.typeform.com *.zoom.us *.spotify.com *.googleapis.com *.chilipiper.com *.mouseflow.com cdn.mouseflow.com *.litix.io *.wistia.net *.wistia.com getbuilt.com *.getbuilt.com *.oktopost.com *.company-target.com *.gotolstoy.com api.hubapi.com *.hubspot.com *.influitive.com api.locize.io bat.bing.com bltstaging.wpengine.com *.salesforceliveagent.com cdn.linkedin.oribi.io connect.facebook.net js.hs-analytics.net js.hs-banner.com *.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.usemessages.com match.prod.bidr.io *.ingest.sentry.io okt.to *.pardot.com px.ads.linkedin.com snap.licdn.com *.doubleclick.net *.demandbase.com *.typekit.net www.facebook.com *.google-analytics.com *.googleadservices.com www.googleoptimize.com www.googletagmanager.com *.gstatic.com www.linkedin.com cdn.polyfill.io *.fontawesome.com web-analytics.engagio.com id.rlcdn.com *.mutinycdn.com *.mutinyhq.io *.bugsnag.com *.akamaihd.net *.hsforms.net *.hsforms.com *.cloudflare.com *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'sha256-qn97DK1nF9AxGGJ/OcWjmowZekPIWIewfRhRzaqu0e0=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'unsafe-hashes' 'sha256-DFFLwIcztss+sv3K4A7eR4/LomZ63ZtfLANbnojNCOc=' 'sha256-RWcCDEtM029fTvR3ANpJ/hYSWtP+KIc1ZyWMPnb04z4=' 'sha256-Aajrk2aqPW2es8Zhh7RGO98KAFtogitkC5mSBKgzFd0='; font-src 'self' data: fonts.gstatic.com *.fontawesome.com *.wistia.com *.mutinycdn.com js.hs-banner.com; style-src 'self' 'unsafe-inline' *.typeform.com fonts.googleapis.com *.gotolstoy.com *.getbuilt.tfaforms.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' intersolute.de *.intersolute.de *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; object-src 'self'; img-src * data:;; base-uri 'none'; form-action 'self' *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; frame-ancestors 'self' *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; 1
img-src 'self' https: data: 1
default-src 'self'; media-src self media.videoask.com https://www.datocms-assets.com/ *.mux.com tpc.googlesyndication.com cdn.reshift.nl; connect-src self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; frame-src gfycat.com media.adrcdn.com self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; script-src 'unsafe-inline' 'unsafe-eval' media.adrcdn.com self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; style-src 'unsafe-inline' self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; font-src data: self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; img-src data: self localhost:3000 *.eu-west-1.elasticbeanstalk.com gamer-nl-prd.eba-i6u8mium.eu-west-1.elasticbeanstalk.com blob: data: gamer.nl *.gamer.nl api.datatrics.com *.2mdn.net *.adsrvr.org *.amazonaws.com *.anchor.fm anchor.fm *.datatrics.com *.datocms-assets.com *.datocms.com *.deezer.com *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.genial.ly *.google-analytics.com *.google.com *.google.nl *.googleapis.com *.googleoptimize.com www.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.howuku.com *.icanhazip.com *.imrworldwide.com *.instagram.com *.kieskeurig.nl *.luckyorange.com *.matomo.cloud *.moatads.com *.myfonts.net *.omappapi.com *.pu.nl *.podbean.com podcasts.apple.com *.podcasts.apple.com *.reshift.nl *.slimster.nl *.snap-360.nl *.soundcloud.com *.spotify.com *.stitcher.com *.tiktok.com *.ttwstatic.com *.twitch.tv *.twitter.com *.typekit.net *.typeform.com *.videoask.com *.weborama.fr cstatic.weborama.fr *.weborama.nl *.pexi.nl *.quantcast.com secure.quantserve.com *.quantcount.com *.inmobi.com *.wufoo.com *.youtu.be *.youtube.com hooks.zapier.com in.visitors.live reshift.atlassian.net youtu.be youtube.com cdn.knightlab.com; frame-ancestors 'self' 1
default-src 'none' ; base-uri 'none' ; script-src 'self' https://www-powermapper-com.azureedge.net https://code.jquery.com https://cdn.matomo.cloud/powermapper.matomo.cloud/matomo.js 'sha256-wnAo7QxNEX0vkezmzajqqwoNj+0LfIUzBPKaeR6sG7M=' https://www.googletagmanager.com 'sha256-MHL9GoXatLo0I81zn6Q4vYMRQxuaeGp+cn/5JDA5CdE=' ; img-src 'self' data: https://www-powermapper-com.azureedge.net https://try.powermapper.com https://maps.google.com *.analytics.google.com *.google-analytics.com www.googletagmanager.com ; style-src 'self' https://www-powermapper-com.azureedge.net https://fonts.googleapis.com 'sha256-x78P3cfcD1ce7ZwDmidRkJECJaHuC+aeYPT7QDSM5BY=' ; frame-src https://download.powermapper.com https://www.google.com https://secure-stats.pingdom.com ; frame-ancestors 'self' ; connect-src https://order.powermapper.com *.analytics.google.com *.google-analytics.com https://powermapper.matomo.cloud ; object-src 'self' ; form-action 'self' https://try.powermapper.com ; font-src https://fonts.gstatic.com  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.efilli.com *.googletagmanager.com *.google-analytics.com;  frame-src 'self' *.google.com 1
upgrade-insecure-requests; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:;  connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://bam.nr-data.net https://maps.googleapis.com;  img-src 'self' data: *.pantheonsite.io *.wlrk.com https://wlrk.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com; 1
default-src 'self';    connect-src 'self' 'unsafe-inline' wss: *.saint-maclou.com *.abtasty.com ib.adnxs.com s3-eu-central-1.amazonaws.com vlz-optimeeze-tsm.ew.r.appspot.com bat.bing.com cdn.contentful.com *.contentsquare.net *.doubleclick.net *.facebook.com flagship.com *.getflowbox.com www.googleadservices.com *.google-analytics.com *.googleapis.com *.iadvize.com cookie-matching.mediarithmics.com *.myshopify.com awsapis3.netreviews.eu api.partoo.co ct.pinterest.com *.prediggo.io *.prediggo.net *.privacy-center.org cdn.segment.com sk.ht analytics.valiuz.com *.woosmap.com *.intercom.io www.roomvo.com *.unbounce.com web.valiuz.com *.hotjar.com adservice.google.com *.webeyez.com api.social-media-system.com *.hotjar.io *.sentry.io *.clic2buy.com *.clic2drive.com *.click2buy.com api.easiconnect.io s3.eu-west-1.amazonaws.com *.smartadserver.com tag.aticdn.net logs1412.xiti.com awsapis3.netreviews.eu *.clarity.ms pagead2.googlesyndication.com analytics.optimalpeople.fr tpc.googlesyndication.com static.criteo.net *.criteo.com *.adnxs.com *.tradedoubler.com status.didomi.io vendor-list.consensu.org *.ekoo.co ktzzmcm.pa-cd.com *.tiktok.com;    font-src *;    frame-ancestors 'self' *.saint-maclou.com *.hotjar.com intercom-sheets.com;    frame-src 'self' tracking-front-dot-data-sandbox-326814.ew.r.appspot.com *.saint-maclou.com *.abtasty.com www.dailymotion.com www.facebook.com flagship.com *.google.com halc.iadvize.com cdn.segment.com book.timify.com www.youtube.com *.avis-verifies.com *.pinterest.com intercom-sheets.com www.roomvo.com web.valiuz.com *.hotjar.com adservice.google.com *.webeyez.com api.social-media-system.com awsapis3.netreviews.eu *.doubleclick.net tpc.googlesyndication.com static.criteo.net *.criteo.com *.tradedoubler.com *.adnxs.com *.ekoo.co *.tiktok.com *.cloudflare.com;    img-src data: *;    media-src *;    script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: wss: *.saint-maclou.com *.abtasty.com ib.adnxs.com vlz-optimeeze-tsm.ew.r.appspot.com cl.avis-verifies.com ad.avtm.fr bat.bing.com cdn.contentful.com *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net connect.facebook.net flagship.com *.getflowbox.com *.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com www.gstatic.com *.iadvize.com cookie-matching.mediarithmics.com s.pinimg.com sdk.privacy-center.org cdn.segment.com events.sk.ht *.social-media-system.com *.tradedoubler.com analytics.valiuz.com webapp.woosmap.com *.intercom.io *.intercomcdn.com *.prediggo.net *.roomvo.com web.valiuz.com *.hotjar.com adservice.google.com *.webeyez.com *.sentry.io *.clic2buy.com *.clic2drive.com *.click2buy.com saintmaclou.easiwebforms.net api.easiconnect.io *.smartadserver.com tag.aticdn.net *.clarity.ms analytics.optimalpeople.fr tpc.googlesyndication.com static.criteo.net *.adnxs.com *.ekoo.co ktzzmcm.pa-cd.com *.tiktok.com *.cloudflare.com;    style-src 'unsafe-inline' *; 1
frame-ancestors 'self' https://hsdcoilovers.com https://wisefab.co.uk https://wisefabworld.com https://work-wheels.co.uk https://workwheelsuk.com https://www.hsdcoilovers.com https://www.wisefab.co.uk https://www.wisefabworld.com https://www.work-wheels.co.uk https://www.workwheelsuk.com; 1
frame-ancestors 'self' twg2022.com https://wdg.kinetic.com https://*.bhamnow.com https://*.thebamabuzz.com https://*.hvilleblast.com 1
report-uri https://fifauteam.com/ 1
script-src blob: api.ipify.org getshogun-cache-production.s3.amazonaws.com gateway.zscalertwo.net m.addthisedge.com m.addthis.com cdn.ravenjs.com www.dttrpx.com h.online-metrix.net zevoinsect.com zevo-insect.mybigcommerce.com *.bazaarvoice.com s.ytimg.com www.youtube.com *.simpli.fi mpsnare.iesnare.com www.google.com www.gstatic.com script.crazyegg.com ajax.googleapis.com *.ajax.googleapis.com *.adsrvr.org *.klaviyo.com *.google-analytics.com *.betrad.com *.findzevo.com *.zevooffer.com *.googletagmanager.com *.microsoft.com *.bigcommerce.com www.googleadservices.com *.doubleclick.net tagmanager.google.com *.facebook.net *.privy.com *.mapbox.com *.entrust.net *.pricespider.com *.pypestream.com *.getshogun.com z.moatads.com js.agkn.com s7.addthis.com *.cloudfront.net *.cookielaw.org code.jquery.com geolocation.onetrust.com *.tiktok.com *.paypalobjects.com *.paypal.com optanon.blob.core.windows.net pghub.io s.yimg.com aa.agkn.com bat.bing.com *.taboola.com *.analytics.yahoo.com 'self' *.criteo.com *.criteo.net *.jebbit.com *.instagram.com *.pinterest.com *.pinimg.com 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com *.kampyle.com *.medallia.com; style-src 'self' 'unsafe-inline' https://shareowneronline.com https://eqsolprodusapp.blob.core.windows.net https://fast.fonts.net *.kampyle.com *.medallia.com https://eq-sol-prod-us-fd-main-b2c.azurefd.net/; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://eq-sol-prod-us-fd-main-b2c.azurefd.net/ https://shareowneronline.com https://eqsolprodusapp.blob.core.windows.net *.kampyle.com *.medallia.com; connect-src 'self' https://devadfs.usatest.eqtest.internal/ https://shareowneronline.com https://www.google-analytics.com https://eqsolprodusapp.blob.core.windows.net https://eqsolprodusb2cmain.b2clogin.com/ *.kampyle.com *.medallia.com https://eqsolprodusapp.blob.core.windows.net/sol-media https://eq-sol-prod-us-fd-main-b2c.azurefd.net/ https://shareowneronline.com https://region1.google-analytics.com; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://devadfs.usatest.eqtest.internal/ https://www.google.com/ https://sso-us.equiniti.com https://djcs.factsetdigitalsolutions.com https://custom.factsetdigitalsolutions.com *.kampyle.com *.medallia.com http://www.abbvie.com; 1
default-src 'self' *.solidifi.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jobvite.com ipinfo.io *.solidifi.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.addthis.com *.addthisedge.com *.pardot.com https://static.cloudflareinsights.com/beacon.min.js *.moatads.com https://acsbapp.com; style-src 'self' 'unsafe-inline' *.solidifi.com; object-src 'none'; connect-src 'self' *.solidifi.com *.google-analytics.com *.addthis.com https://stats.g.doubleclick.net *.acsbapp.com; font-src 'self' *.acsbapp.com https://acsbapp.com data:; media-src 'self' *.dropbox.com *.dropboxusercontent.com *.solidifi.com *.acsbapp.com; img-src 'self' data: *.solidifi.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.ggpht.com https://www.google.ca *.acsbapp.com https://acsbapp.com; frame-src 'self' https://player.vimeo.com *.jobvite.com *.addthis.com https://acsbapp.com https://accounts.accessibe.com; frame-ancestors 'self' *.solidifi.com; 1
frame-ancestors 'self' natdcp.com ndcp-zend.natdcp.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.es; img-src 'self' https: data: blob: https://masto.es; style-src 'self' https://masto.es 'nonce-e5YGhiCvfROETIQWg8d7IQ=='; media-src 'self' https: data: https://masto.es; frame-src 'self' https:; manifest-src 'self' https://masto.es; form-action 'self'; child-src 'self' blob: https://masto.es; worker-src 'self' blob: https://masto.es; connect-src 'self' data: blob: https://masto.es https://media.masto.es wss://masto.es; script-src 'self' https://masto.es 'wasm-unsafe-eval' 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-KhKhOh4irtuUOdDvpQLxcQ=='; 1
frame-ancestors 'self' http://opernhaus.ch https://backstage.opernhaus.ch http://staffbase.com capacitor://opernhaus.ch capacitor://staffbase.com localhost:* https://*.attoprimo.ch https://*.atto-primo.ch https://*.operinos.ch https://*.opernfreunde.ch https://*.ballettfreunde.ch https://*.ballett-zuerich.ch https://*.philharmonia-zuerich.ch https://*.philharmonia-records.com https://*.bernadette.ch https://*.opernhaus.ch https://*.spinetix.com https://*.spinetix.cloud; 1
frame-ancestors 'self' https://www.aussie-dev.com.au https://www.aussie-stg.com.au https://www.aussie-preprod.com.au 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.parcellab.com *.taskrabbit.com acdn.adnxs.com secure.adnxs.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.it *.pinterest.com s.pinimg.com api.pinpiaa.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self';img-src 'self' * data:;worker-src 'self' * data: blob:;media-src 'self' * data:;script-src 'self' 'nonce-NjNEOUE1RTFDQjE3RTNGNzhGN0JEQzc0OTFFODU0ODQ' https://www.google-analytics.com http://siteimproveanalytics.com https:;style-src 'self' 'unsafe-inline' https://fk.cornelis.amsterdam;connect-src 'self' https://www.youtube.com https://www.google-analytics.com;child-src 'self' https://www.youtube.com https://www.google-analytics.com;font-src 'self' https://fk.cornelis.amsterdam;frame-ancestors http://www.pscribe.nl http://acceptatie.pscribe.nl https://test.pscribe.nl https://www.mijnmedicijn.nl https://dental.meamedica.nl https://acta.meamedica.nl https://www.meamedicapro.com 1
default-src 'none';connect-src 'self' *.google-analytics.com www.google-analytics.com;font-src 'self' fonts.gstatic.com;frame-src *.actiris.brussels www.facebook.com player.vimeo.com youtu.be www.youtube.com www.gstatic.com www.google.com static.ak.facebook.com s-static.ak.facebook.com connect.facebook.net 8765843.fls.doubleclick.net/;frame-ancestors 'self';img-src 'self' data: *.google-analytics.com www.google-analytics.com *.actiris.brussels *.selectactiris.brussels *.basemaps.cartocdn.com i.ytimg.com www.facebook.com stats.g.doubleclick.net connect.facebook.net/ www.google.com/pagead/ https://yestest.actiris.brussels:4443 www.google.be/pagead/ *.actiris.brussels:443;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net urldefense.proofpoint.com www.googleadservices.com googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; 1
default-src * data: blob: 'self';script-src 'self' *.ragic.com 'unsafe-inline' 'unsafe-eval' appleid.cdn-apple.com zapier.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.crisp.chat *.googletagmanager.com *.stripe.com www.instagram.com *.facebook.net *.twitter.com *.slideshare.net www.redditstatic.com cdn.amcharts.com 127.0.0.1:* cdn.zapier.com;style-src 'self' fonts.googleapis.com cdn.zapier.com *.ragic.com *.crisp.chat data: blob: 'unsafe-inline';font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.zapier.com *.ragic.com *.crisp.chat;frame-src 'self' www.instagram.com *.ragic.com *.google.com *.facebook.com *.twitter.com office.com www.youtube.com *.youku.com *.stripe.com *.slideshare.net view.officeapps.live.com; 1
connect-src 'self' https: https://api.womany.net https://say.womany.net https://cn-api.womany.net https://en-api.womany.net https://jp-api.womany.net https://member.womany.net https://go.justfont.com 1
style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.eu&showid=1705976294446326-14424760941408459636-balancer-l7leveler-kubr-yp-sas-40-BAL-2810&h=stable-portal-mordago-179.sas.yp-c.yandex.net&yandexuid=2084596361705976294&&version=2024-01-19-465&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.eu yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.eu;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: yandex.eu favicon.yandex.net avatars.mds.yandex.net mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu mc.yandex.ru;script-src 'nonce-gV8MC8dr1L6kK4yNdGSmog==' mc.yandex.com yastatic.net yandex.eu mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net yandex.eu mc.yandex.ru mc.yandex.md mc.yandex.eu *.ya.ru *.yandex.ru ya.ru yandex.ru;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors onestream.live 'self'; worker-src blob onestream.live https://onestream.live; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiefirst.com connect.onestream.live cdn.firstpromoter.com www.googletagmanager.com client.crisp.chat www.google.com connect.facebook.net googleads.g.doubleclick.net www.gstatic.com www.youtube.com code.jquery.com cdnjs.cloudflare.com www.clarity.ms analytics.tiktok.com bat.bing.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arsy.cz http: https: https://track.adform.net https://cdn.jsdelivr.net https://www.smartsuppchat.com/ https://ads.google.com/ https://analytics.google.com/ https://sklik.cz/; worker-src 'self' http: https: https://track.adform.net https://cdn.jsdelivr.net https://www.smartsuppchat.com/ https://ads.google.com/ https://analytics.google.com/ https://sklik.cz/; frame-ancestors https://www.facebook.com/ https://www.messenger.com/; frame-src github.io https://www.google.com/ https://analytics.google.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.smartsuppchat.com/ https://s7.addthis.com/ https://cdn.jsdelivr.net https://widget.packeta.com https://walkinto.in/ https://ads.google.com/ https://track.adform.net https://sklik.cz/ https://wlk.im/ *.youtube.com 'self'; form-action 'self' https://*.facebook.com; font-src *.gstatic.com *.typekit.net *.arsy.cz 'self'; object-src 'none'; style-src https://www.arsyline.cz/cookies/cookies_script_dark.css fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' *.typekit.net data: *.arsy.cz 'self'; base-uri 'none'; 1
default-src 'self' https: *.4ig.hu; script-src 'unsafe-eval' 'unsafe-inline' 'self'  https:; style-src 'unsafe-inline' 'self' https:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.powerreviews.com https://*.salemove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salemove.com https://*.glia.com  https://www.google.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.powerreviews.com https://*.newtonsoftware.com https://recruitingbypaycor.com https://*.visualcalc.com https://*.checkout.visa.com https://*.locatorsearch.com https://*.salemove.com wss://*.salemove.com https://addsearch.com https://*.searchcdn.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net; style-src 'self' 'unsafe-inline' https://*.salemove.com https://*.glia.com https://*.powerreviews.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://www.starone.org https://*.typekit.net https://fonts.googleapis.com https://*.powerreviews.com https://*.salemove.com https://*.addsearch.com https://*.cloudfront.net; connect-src 'self' https://*.powerreviews.com https://www.google-analytics.com https://*.doubleclick.net https://*.salemove.com wss://*.salemove.com https://*.glia.com wss://*.glia.com https://*.twilio.com wss://*.twilio.com; img-src 'self' blob: data: https://aa.trkn.us https://content-cdn.com https://res.cloudinary.com https://*.powerreviews.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.locatorsearch.com https://*.salemove.com https://*.glia.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net; frame-src 'self' https://campaign.documatix.com https://mortgage.starone.org https://www.youtube.com https://recruitingbypaycor.com https://*.newtonsoftware.com https://*.doubleclick.net https://*.locatorsearch.com; media-src 'self' https://*.salemove.com https://*.glia.com https://*.powerreviews.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://maps.googleapis.com/* https://maps.googleapis.com/maps/api/mapsjs/gen_204 onesignal.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.googletagmanager.com *.doubleclick.net/* *.googletagmanager.com/* https://td.doubleclick.net/ https://www.googletagmanager.com/ https://outlook.office365.com/ googletagmanager.com/* webbookingapiuat.nakheel.com/* *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com cdnjs.cloudflare.com/ajax/libs/twemoji/* https://cdnjs.cloudflare.com/ajax/libs/twemoji https://www.tripadvisor.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://*.googletagmanager.com https://maps.googleapis.com/* https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://*.google.com https://outlook.office365.com/owa/calendar/NakheelOnlineMeeting@Nakheelofficial.onmicrosoft.com/bookings/ https://*.office365.com/* youtube.com *.youtube.com *.youtube.com/* *.doubleclick.net/* *.googletagmanager.com *.googletagmanager.com/* https://td.doubleclick.net/ https://www.googletagmanager.com/ https://outlook.office365.com/ googletagmanager.com/*; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com onesignal.com https://maps.googleapis.com/* https://maps.googleapis.com/maps/api/mapsjs/gen_204 *.google-analytics.com https://analytics.google.com/g/collect https://analytics.google.com/g/collect/* *.googleapis.com *.googletagmanager.com *.doubleclick.net/* *.googletagmanager.com/* webbookingapiuat.nakheel.com/* https://webbookingapiuat.nakheel.com *.tripadvisor.com/* https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cms.nakheel.com cmsuat.nakheel.com cmsstg.nakheel.com admin.nakheelmarinas.com adminuat.nakheelmarinas.com adminstg.nakheelmarinas.com https://*.nakheel.com/* https://www.nakheelcommunities.com/ https://*.nakheelcommunities.com/* https://analytics.google.com https://*.google.com/* *.googletagmanager.com *.googleapis.com/* *.onesignal.com *.gstatic.com *.gstatic.com/* maps.googleapis.com/* *.google-analytics.com www.googletagmanager.com *.doubleclick.net/* *.googletagmanager.com/* webbookingapiuat.nakheel.com/* *.tripadvisor.com/* 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.spellsmell.ru cdn.spellsmell.ru https://vk.com vk.com *.spellsmell.ru direct.yandex.ru https://direct.yandex.ru *.google.ru awaps.yandex.ruhttps://awaps.yandex.ru https://*.ytimg.com https://*.doubleclick.net https://*.google.com https://api-maps.yandex.ru api-maps.yandex.ru maps.yandex.ru *.talk-me.ru *.me-talk.ru https://connect.ok.ru https://www.instagram.com https://www.googletagmanager.com https://www.googleoptimize.com *.mail.ru *.tiktok.com yastatic.net https://cdn.rollbar.com https://www.google-analytics.com https://mc.yandex.ru https://yandex.st yandex.st https://*.yandex.net *.yandex.net *.yandex.ru webvisor.com; child-src  data:  blob:  https://cdn.spellsmell.ru https://vk.com vk.com *.spellsmell.ru *.google.ru *.youtube.com youtube.com https://*.google.com https://api-maps.yandex.ru api-maps.yandex.ru maps.yandex.ru https://connect.ok.ru webvisor.com https://www.tiktok.com https://www.instagram.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com *.twitter.com *.twimg.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com *.facebook.net *.twitter.com *.twimg.com; img-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com data:; media-src 'self'; connect-src 'self'; frame-src www.google.com www.youtube.com *.facebook.com *.twitter.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.w3-edge.com www.google-analytics.com js.recurly.com ssl.kaptcha.com cdn.optimizely.com wufoo.com www.wufoo.com secure.wufoo.com cdn.equalweb.com access.equalweb.com; 1
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' blob:; connect-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors http://gobrowser.com/ http://gologin.com/ http://iphey.com/ 1
frame-ancestors 'self' https://www.chat-avenue.com/; 1
script-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; connect-src 'self'; base-uri 'self'; 1
script-src 'self' https://cdnjs.cloudflare.com 'nonce-fDknzb6roEEwSaRw1mcSqLA/F7g='  'strict-dynamic' 'unsafe-inline'   https://*.googleapis.com/  static.elfsight.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.gartner.com/; connect-src https: 'unsafe-inline' 'unsafe-eval' wss://reflex.bigpicture.io; frame-ancestors 'self' https://yugabyte.thinkific.com/ https://*.yugabyte.com/; 1
frame-ancestors 'self' *.fizy.com; 1
script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://www.googletagmanager.com  https://platform.twitter.com  https://ajax.googleapis.com  https://cc.cdn.civiccomputing.com  https://cdn.ywxi.net  https://bat.bing.com  https://platform.twitter.com  https://www.google-analytics.com  https://www.googleadservices.com  https://cdn.syndication.twimg.com  https://googleads.g.doubleclick.net   https://www.trustedsite.com  https://app.viralsweep.com  https://ww.trustedsite.com  https://webchat.dotdigital.com  https://cdn.rawgit.com/  https://staplesblog.azurewebsites.net https://www.mczbf.com https://connect.facebook.net https://ssl.kaptcha.com/ http://18.134.42.191 https://static.trackedweb.net https://ui.powerreviews.com https://static.powerreviews.com https://mpsnare.iesnare.com https://cdnjs.cloudflare.com https://static.ads-twitter.com https://analytics.twitter.com https://paypage-cdn.adflex.co.uk https://email-staples.co.uk https://snap.licdn.com https://www.clarity.ms https://*.clarity.ms https://c5.adalyser.com https://policy.cookiereports.com https://widget.trustpilot.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://www.clickcease.com https://analytics.tiktok.com https://*.cookiebot.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.skypack.dev https://vcc-eu8.8x8.com https://lantern.roeyecdn.com 1
default-src 'self' https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: blob: https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com; base-uri 'self'; connect-src 'self' https://www.googleapis.com https://*.google-analytics.com https://*.googleapis.com https://www.googleapis.com https://storage.googleapis.com https://sworkit-user.firebaseio.com https://sworkit-api.herokuapp.com https://*.hubspot.com https://yoast.com https://my.wpengine.com https://www.facebook.com https://*.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com https://us-central1-sworkit-user.cloudfunctions.net https://*.giftup.app https://forms.hsforms.com https://api-iam.intercom.io https://www.google-analytics.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com; img-src 'self' https://*.wpengine.com https://www.gstatic.com https://s.w.org http://sworkit.com https://www.gravatar.com/ https://sworkit-staging.flywheelsites.com https://www.googletagmanager.com https://storage.googleapis.com https://*.stripe.com https://*.giftup.app https://7984145.fs1.hubspotusercontent-na1.net https://initiatives.sworkit.com https://f.hubspotusercontent40.net https://i.ytimg.com https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://www.google-analytics.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com data:; media-src 'self' https://storage.googleapis.com https://js.intercomcdn.com; form-action 'self' https://*.hsforms.com https://www.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; child-src 'self' https://sworkit.com https://www.facebook.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://static.hsappstatic.net https://sworkit-user.firebaseapp.com https://app.sworkit.com https://*.hubspot.com https://www.facebook.com https://*.hsforms.com https://www.youtube.com https://js.hsforms.net https://www.google.com https://*.stripe.com https://*.giftup.app; frame-ancestors 'self' https://*.sworkit.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4jh5mc5iqu421&partner=; 1
frame-ancestors 'self' sdk-cdn.onlineaccess1.com sdk-stg.onlineaccess1.com online.dfcufinancial.com aus-temporary.q2ebanking.com; upgrade-insecure-requests; 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com zenvia.com *.zenvia.com *.fundacred.org.br 1
frame-ancestors 'self' https://www.drankgigant.nl/ https://be.drankgigant.nl/ https://www.drankgigant.de/ 1
frame-ancestors https://trustmark.sbresources.com/ https://investorrelations.trustmark.com/ https://expert.trustmark.com/ https://trustmark.custhelp.com/ http://www.trustmarkforeclosedproperties.com/ https://jobs-trustmark.icims.com/ https://intranet-trustmark.icims.com/ https://careers-fisherbrownbottrell.icims.com/ https://onboarding-trustmark.icims.com/ https://reorganizationcareers-trustmark.icims.com/ https://trustmark--tst2.custhelp.com/ https://dev.sbresources.com https://trustmarkcorp2020index.s4.q4web.com/ https://mortgagewebcenter.com https://trustmark.mortgagewebcenter.com/ https://www.mytrustmark.com http://trustmarkforeclosedproperties.trustmark.local https://www.trustmarkforeclosedproperties.com/ https://www-lc3t.myappro.com/login/trustmark https://www-lc3.myappro.com/login/trustmark https://www-aola52t.myappro.com/approonline/A52/Trustmark/co/ https://www-aolb52p.myappro.com/approonline/B52/Trustmark/co/ https://www-aola52t.myappro.com/ https://trustmark-stage.adobemsbasic.com/ https://trustmark-prod.adobemsbasic.com/ https://trustmark.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://ws.sharethis.com/button/buttons.js https://ws.sharethis.com/button/async-buttons.js https://ws.sharethis.com/button/p.js https://t.sharethis.com/1/d/t.dhj https://players.brightcove.net/ https://www.podbean.com/ *.zencdn.net https://maps.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://content.jwplatform.com/ https://ssl.p.jwpcdn.com/player/ https://pweiss.containers.piwik.pro/ https://platform-api.sharethis.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/css https://ws.sharethis.com/button/css/buttons-secure.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://pweiss.containers.piwik.pro/; img-src 'self' data: https://prd.jwpltx.com/v1/jwplayer6/ https://redcraftvideos.s3.amazonaws.com/paul-weiss/ *.cloudfront.net *.podbean.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com/r/__utm.gif https://ssl.google-analytics.com/__utm.gif https://metrics.brightcove.com/v2/tracker https://www.podbean.com/ *.akamaihd.net *.boltdns.net https://maps.googleapis.com https://maps.gstatic.com https://l.sharethis.com https://pweiss.containers.piwik.pro/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ https://pweiss.containers.piwik.pro/; connect-src 'self' https://www.google-analytics.com https://l.sharethis.com *.brightcove.com  *.brightcovecdn.com *.brightcove.net *.api.brightcove.com *.bcovlive.io *.sep.bcovlive.io *.o.brightcove.com *.boltdns.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com *.boltdns.net https://ssl.google-analytics.com https://pweiss.piwik.pro; frame-src 'self' https://t.sharethis.com/ https://ws.sharethis.com/ https://c.sharethis.mgr.consensu.org https://players.brightcove.net/ https://www.podbean.com/; object-src 'self' blob:; media-src 'self' blob: https://bcbolt446c5271-a.akamaihd.net https://redcraftvideos.s3.amazonaws.com/paul-weiss/ https://redcraftvideos.s3.us-west-2.amazonaws.com/21-paulweiss/ https://f12.cf.brightcove.com https://secure.brightcove.com https://admin.brightcove.com https://api.brightcove.com https://analytics.api.brightcove.com https://bcove.video https://api.bcovlive.io https://static.brightcove.com https://bcvid.brightcove.com https://studio.brightcove.com https://billing.brightcove.com https://players.api.brightcove.com https://oauth.brightcove.com https://my.brightcove.com https://metrics.brightcove.com https://hlstoken-a.akamaihd.net https://hls.ak.o.brightcove.com https://bcovlive-a.akamaihd.net https://images.gallerysites.net https://a139.vi5g5.akafms.net https://docs.brightcove.com https://solutions.brightcove.com https://learning-services-media.brightcove.com https://support.brightcove.com www.brightcove.com vjs.zencdn.net https://uds.ak.o.brightcove.com https://smartplayers.api.brightcove.com https://signin.brightcove.com https://share.brightcove.com https://services.brightcove.com https://search.brightcove.com https://sadmin.brightcove.com https://reporting.brightcove.com https://preview-players.brightcove.net https://repos.api.brightcove.com https://link.brightcove.com https://live.brightcove.com https://live.api.brightcove.com https://internal.api.brightcove.com https://ingestion.api.brightcove.com https://images.gallery.brightcove.com https://img.brightcove.com https://httpsak-a.akamaihd.net https://hlsak-a.akamaihd.net https://go.brightcove.com https://gallery.assets.brightcove.com https://gallery.brightcove.com https://files.brightcove.com https://experiences.assets.brightcove.com https://edge-elb.api.brightcove.com https://edge.api.brightcove.com https://data.brightcove.com https://cms.api.brightcove.com https://c.brightcove.com https://brightcove04.o.brightcove.com https://brightcove-03.fcod.llnwd.net https://brightcove-02.fcod.llnwd.net https://brightcove-01.fcod.llnwd.net https://brightcove.vo.llnwd.net https://brightcove04.brightcove.com https://house-cloudfront.us-east-1.prod.boltdns.net https://house-cloudfront.eu-west-1.prod.boltdns.net https://house-cloudfront.ap-southeast-2.prod.boltdns.net https://house-cloudfront.ap-southeast-1.prod.boltdns.net https://house-cloudfront.ap-northeast-1.prod.boltdns.net https://bcsecure01-a.akamaihd.net https://f1.media.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://www.podbean.com/; worker-src 'self' blob:; report-uri https://mschosting.report-uri.com/r/t/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src 'self' 'unsafe-inline'; img-src 'self' https:; block-all-mixed-content; 1
media-src 'self' data: mpsnare.iesnare.com; style-src 'self' *.disquscdn.com ajax.googleapis.com fonts.googleapis.com 'unsafe-inline' static.snoweb.fr static.snoweb.io unpkg.com cdn.jsdelivr.net libs.hipay.com; default-src 'self' https://maps.googleapis.com *.checkout.com *.disqus.com *.disquscdn.com *.sumo.com *.zopim.com *.iubenda.com disqus.com ekr.zdassets.com google.com www.google.com googleads.g.doubleclick.net sumo.com wss://widget-mediator.zopim.com *.wagtail.io weenect.zendesk.com www.facebook.com sibautomation.com *.google-analytics.com stats.g.doubleclick.net in-automate.sendinblue.com https://oms.salesupply.com:52222 *.clarity.ms *.bing.com static.weenect.com *.ubembed.com ipapi.co mpsnare.iesnare.com wss://mpsnare.iesnare.com *.hipay.com the.sciencebehindecommerce.com; img-src 'self' *.sumo.com *.trustpilot.com *.iubenda.com images-static.trustpilot.com static.weenect.com sumo.com *.googleapis.com www.google-analytics.com weenect.s3.eu-west-3.amazonaws.com d128mjo55rz53e.cloudfront.net www.gravatar.com v2.zopim.com v2assets.zopim.io data: stats.g.doubleclick.net www.facebook.com www.google.com www.google.fr www.googletagmanager.com googleads.g.doubleclick.net *.gstatic.com *.bing.com static.snoweb.fr static.snoweb.io cx.atdmt.com *.disqus.com *.disquscdn.com *.clarity.ms cdn.jsdelivr.net www.awin1.com; script-src 'self' script.js *.checkout.com *.cloudflare.com *.disqus.com *.disquscdn.com *.google.com *.sumo.com *.trustpilot.com *.zdassets.com *.zopim.com *.iubenda.com ajax.googleapis.com stackpath.bootstrapcdn.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net static.affilae.com tpc.googlesyndication.com sibautomation.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com bat.bing.com cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com unpkg.com lb.affilae.com www.compado-tracking.com stats.g.doubleclick.net a.quora.com *.clarity.ms *.ubembed.com libs.hipay.com mpsnare.iesnare.com www.dwin1.com www.awin1.com the.sciencebehindecommerce.com; frame-src 'self' *.checkout.com *.vimeo.com *.youtube.com disqus.com *.iubenda.com www.facebook.com lb.affilae.com www.compado-tracking.com sibautomation.com *.ubembed.com libs.hipay.com www.awin1.com; font-src 'self' fonts.googleapis.com v2.zopim.com fonts.gstatic.com data: blob: 1
frame-ancestors 'self' https://my.ibexfusion.com/ https://web.tweebie.com https://www.zermatt.ch https://zermatt.ch https://www.matterhornparadise.ch https://zermatt.traumgutscheine.com https://development-eu01-bonfire.demandware.net https://staging-eu01-bonfire.demandware.net https://bggj-001.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-002.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-003.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-004.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-005.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-006.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-007.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-008.sandbox.us01.dx.commercecloud.salesforce.com https://bggj-009.sandbox.us01.dx.commercecloud.salesforce.com https://dev-cc.zermatt.swiss https://stg-cc.zermatt.swiss https://www.zermatt.swiss https://*.ibextouch.ch https://*.ibexsmart.ch; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=entertainment&region=US&lang=en-US&device=desktop&yrid=47b4ui1iqu6po&partner=; 1
report-uri /csp-report?p=questions%2F%3Aslug; block-all-mixed-content; default-src 'none'; base-uri 'none'; script-src 'sha256-2vvxOZGNaNgKc6hsklalFxowLrGGY77RhgtSdOmreSQ=' 'sha256-HhVIFMsFgQRGJz8hlmlQnV4vKOS5xlt8WH3+fHbAXuo=' https://js.stripe.com https://stripe.com https://b.stripecdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'report-sample'; style-src 'self' 'sha256-rhCVbbGt++ztYg3mqAj6TmOAovUg5Otx5ahkz1Nd6O8=' 'sha256-K4b1nkAuoFrcGc6ATIrRt4+EOt+8+l+Ggaih7c+huyM=' https://stripe.com https://b.stripecdn.com 'report-sample'; frame-ancestors 'self' https://dashboard.stripe.com; frame-src https://stripe.com https://js.stripe.com https://b.stripecdn.com https://dashboard.stripe.com https://dashboard-admin.stripe.com https://connect.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://support-conversations.stripe.com; font-src 'self'; form-action 'self'; img-src 'self' data: https://media.stripe.com https://t.stripe.com https://q.stripe.com https://files.stripe.com https://b.stripecdn.com https://stripe-support-uploads.s3.amazonaws.com https://s3.amazonaws.com/stripe-uploads/; connect-src 'self' https://stripe.com https://files.stripe.com https://api.stripe.com https://errors.stripe.com 1
frame-ancestors https://www.aviakassa.com https://webvisor.com https://metrika.yandex.com https://metrika.yandex.ru https://metrica.yandex.com https://metrica.yandex.ru 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://o3o.ca; img-src 'self' https: data: blob: https://o3o.ca; style-src 'self' https://o3o.ca 'nonce-/p8gQGJBoUZqKtfIf1fGBA=='; media-src 'self' https: data: https://o3o.ca; frame-src 'self' https:; manifest-src 'self' https://o3o.ca; form-action 'self'; child-src 'self' blob: https://o3o.ca; worker-src 'self' blob: https://o3o.ca; connect-src 'self' data: blob: https://o3o.ca https://mstdn-s3.o3o.studio wss://o3o.ca; script-src 'self' https://o3o.ca 'wasm-unsafe-eval' 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.chorki.com https://appcmsprod.viewlift.com/;font-src https: data: 'self' code.ionicframework.com;img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
frame-ancestors https://mobz.io/ 1
frame-ancestors 'self' *.fontstand.com; 1
img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io  ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://www.francealumni.fr/; form-action 'self' https://france-alumni-network.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com 1
default-src 'self' 'unsafe-inline' data: *.groupe-mediactive.fr *.typekit.net *.pingdom.net fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com; frame-src 'self'; object-src 'self'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' https://bellsbeer.com;  connect-src 'self' https://bellsbeer.com https://analytics.google.com https://www.google-analytics.com https://ekr.zdassets.com https://stats.g.doubleclick.net https://xola.com https://bellsbeer.zendesk.com https://bot.xola.com https://metrics.hotjar.io https://embed.mikmak.tv https://api.amplitude.com https://vc.hotjar.io https://us-central1-mikmak-microservices.cloudfunctions.net https://logs.browser-intake-datadoghq.com https://shop.mikmak.tv https://content.hotjar.io wss://ws.hotjar.com https://yoast.com https://maps.googleapis.com https://ai.elegantthemes.com/ https://zendesk-eu.my.sentry.io https://offers.pearcommerce.com;  script-src 'self' https://bellsbeer.com 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://static.hotjar.com https://acdn.adnxs.com https://xola.com https://static.zdassets.com https://www.google-analytics.com https://connect.facebook.net https://js.adsrvr.org https://cdn.polyfill.io https://cdnjs.cloudflare.com https://botcdn.xola.com https://static.zdassets.com https://cdn.jsdelivr.net https://code.jquery.com https://api.tripleseat.com https://www.google.com https://www.gstatic.com https://embed.mikmak.tv https://script.hotjar.com http://acdn.adnxs.com https://platform.twitter.com https://maps.googleapis.com https://fast.wistia.com https://offers.pearcommerce.com;  frame-src 'self' https://bellsbeer.com https://www.youtube.com https://12852831.fls.doubleclick.net https://insight.adsrvr.org https://www.google.com https://www.facebook.com https://www.vtinfo.com https://finder.vtinfo.com https://td.doubleclick.net https://match.adsrvr.org https://di.rlcdn.com https://www.googletagmanager.com https://platform.twitter.com https://open.spotify.com https://offers.pearcommerce.com;  style-src 'self' https://bellsbeer.com 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://offers.pearcommerce.com;  font-src 'self' https://bellsbeer.com data: https://fonts.gstatic.com https://use.typekit.net https://stackpath.bootstrapcdn.com https://s0.wp.com https://use.fontawesome.com/ https://us.fontawesome.com;  img-src 'self' https://bellsbeer.com data: https://ib.adnxs.com https://www.facebook.com https://secure.gravatar.com https://www.google-analytics.com https://www.googletagmanager.com https://assets.mikmak.workers.dev https://ad.doubleclick.net https://attach-videos.s3.amazonaws.com https://d6n1tv6uj12rv.cloudfront.net https://www.etix.com https://offers.pearcommerce.com/ https://offers.pearcommerce.com/img/spinner.gif;  worker-src 'self' blob:; 1
frame-src 'self' https://*.capitalone.com https://dealernavigator.com https://*.dealernavigator.com https://*.medallia.com https://*.zuora.com https://*.salemove.com https://*.glia.com wss://*.glia.com wss://*.salemove.com; frame-ancestors 'self'; 1
default-src usim.beprod.cosentyx.com 'self'; style-src usim.beprod.cosentyx.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' *.doctor.com; script-src usim.beprod.cosentyx.com unpkg.com kaltura.com *.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.facebook.net medtargetsystem.com *.medtargetsystem.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doctor.com *.healthgrades.com *.googleapis.com *.pmsrv.co cdn.evgnet.com maps.googleapis.com t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com; child-src blob:; worker-src blob:; object-src 'none'; font-src fonts.gstatic.com *.kaltura.com 'self' data: application: *.doctor.com; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com contextweb.com *.contextweb.com medtargetsystem.com *.medtargetsystem.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' *.doctor.com *.healthgrades.com maps.googleapis.com; connect-src usim.beprod.cosentyx.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.consumerism.pressganey.com *.doctor.com *.healthgrades.com *.googleapis.com *.tealiumiq.com *.tiqcdn.com maps.googleapis.com cloudflareinsights.com; media-src usim.beprod.cosentyx.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.cosentyx.com 'self' 1
default-src 'self' www.youtube.com https://www.google-analytics.com region1.google-analytics.com https://stats.g.doubleclick.net betaisalanl.perplex.eu maps.googleapis.com;               child-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com cse.google.com player.vimeo.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com www.google-analytics.com cse.google.com cse.google.nl www.google.nl www.google.com www.youtube.com www.gstatic.com www.googleapis.com www.perplex.nl maps.google.com maps.googleapis.com;               style-src 'self' 'unsafe-inline' www.google.com cse.google.com fonts.googleapis.com;               img-src 'self' data: betaisalanl.perplex.eu services.perplex.eu www.google-analytics.com www.google.com www.googleapis.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.perplex.nl www.isala.nl maps.gstatic.com mt.googleapis.com maps.google.com maps.googleapis.com *.g.doubleclick.net https://isalajaarversl.wpengine.com;               font-src 'self' data: fonts.gstatic.com;               form-action 'self' secure.ogone.com;               report-uri https://perplex.report-uri.io/r/default/csp/enforce;  1
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' gc.zgo.at; img-src 'self' masfloss.goatcounter.com; media-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; connect-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' 'diffbot.com'; 1
frame-ancestors https://wwwak.dbsvonline.com https://wwwak.dbsvickers.com http://undefined https://undefined http://www.dbsvonline.com https://www.dbsvonline.com http://www.dbsvickers.com https://www.dbsvickers.com https://internet-banking.dbs.com.sg http://www1.dbsvonline.com https://www1.dbsvonline.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' www.dbsvonline.com z.moatads.com v1.addthisedge.com m.addthis.com s7.addthis.com assets.adobedtm.com dbs.tt.omtrdc.net www.dbs.com.sg wss://chatbanking.dbs.com chatbanking.dbs.com wss://chatbanking.dbs.com chatbanking.dbs.com dpm.demdex.net somniture.dbs.com.sg www.dbs.com.sg tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com cdn.appdynamics.com http://cdn.appdynamics.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com www.dbs.com.sg directline.botframework.com directline.com 1
default-src 'self' *.innerrange.com *.innerrange.cloud *.skytunnel.com *.skytunnel.com.au; form-action 'self' *.innerrange.com *.innerrange.cloud *.skytunnel.com *.skytunnel.com.au; report-to default 1
frame-ancestors 'self' https://*.opsm.com.au https://*.luxottica.com https://*.essilorluxottica.com; 1
script-src 'self' *.gstatic.com *.google.com *.siteimprove.net *.youtube.com *.googletagmanager.com *.cookielaw.org *.facebook.net *.google-analytics.com *.jsdelivr.net 'unsafe-inline' *.cloudflare.com *.newrelic.com *.rawgit.com *.googleapis.com *.onetrust.com *.nr-data.net *.highcharts.com *.jquery.com; frame-src 'self' *.doubleclick.net *.google.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com; frame-ancestors *.edp.com *.cliente.edp.pt; child-src 'self' *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com; 1
default-src 'self' blob: https://api2.amplitude.com https://*.zopim.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com wss://*.smooch.com https://js.intercomcdn.com; connect-src 'self' *.smooch.io wss://*.smooch.io https://api2.amplitude.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com *.gentu.com.au https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com wss://ws-api.production.genie-platform-production.com/websocket https://support.geniesolutions.com.au https://api.production.genie-platform-production.com https://production-template-public-images.s3.ap-southeast-2.amazonaws.com https://*.browser-intake-datadoghq.com https://*.geniesolutions.cloud; font-src 'self' data: https://fonts.gstatic.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://app.powerbi.com/ *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://www.youtube.com blob: https://*.geniesolutions.cloud; img-src 'self' https://support.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com data: blob: https://v2assets.zopim.io http://production-template-public-images.s3.amazonaws.com https://*.gentu.com.au https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' blob: *.smooch.io https://app.powerbi.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'sha256-4ahLko5vU/CyrnVEylFrEST+snqnQGVDj3Bn7HsRCMw=' 'nonce-Lt06KXWUb6asRUPRCm6cnolFJcB1A0PJI6lhx8FcicI=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com blob: 1
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online  https://local.tatacwr.com/CWR/docroot/; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.callawayconnect.com/; 1
default-src 'self' *.clarity.ms c.bing.com mediabank.valkenhorst.nl; child-src 'self' js.stripe.com p.travelsmarter.net valkexclusief-virtueletours.nl www.googletagmanager.com www.google.com www.youtube.com www.visitzuidlimburg.nl zien360.nl *.facebook.com; connect-src 'self' wss: data: api.widget.trengo.eu gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com adservice.google.com www.google.com *.g.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com *.hotjar.com *.hotjar.io *.sovendus.com *.adyen.com *.paypal.com *.klippa.com login.microsoftonline.com analytics.tiktok.com/api/ region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hojar.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com *.clarity.ms *.exponea.com api.exponea.com cdn.linkedin.oribi.io capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com mediabank.valkenhorst.nl; img-src 'self' data: ads.creative-serving.com cdn.feedbackify.com gravatar.com onlinedialogue.s3-eu-west-1.amazonaws.com/valk portal.payconiq.com s3.amazonaws.com/fby-form/ i.vimeocdn.com ta-client-assets.s3.amazonaws.com valkexclusief-virtueletours.nl video.jobpromo.nl *.google-analytics.com www.googletagmanager.com www.google.com *.analytics.google.com www.tripadvisor.com www.tripadvisor.de www.tripadvisor.nl aws-tiqets-cdn.imgix.net/images/content/ zien360.nl cx.atdmt.com *.g.doubleclick.net *.facebook.com *.facebook.net *.gstatic.com *.google.ae *.google.al *.google.am *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.ch *.google.ci *.google.cl *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sl *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gg *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.hu *.google.ie *.google.it *.google.im *.google.iq *.google.is *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.sn *.google.sr *.google.st *.google.tn *.google.tm *.google.tt *.ggpht.com *.googleapis.com *.googletraveladservices.com *.fls.doubleclick.net ade.googlesyndication.com *.linkedin.com *.ytimg.com dashboard.umbraco.org our.umbraco.com mediabank.valkenhorst.nl imagebank.valkenhorst.nl *.adyen.com *.paypalobjects.com *.giphy.com trengo.s3.eu-central-1.amazonaws.com www.eenvacaturebij.nl/pixel/ www.visitzuidlimburg.nl script.hotjar.com t.paypal.com analytics.tiktok.com c.bing.com c.clarity.ms cdn.bfldr.com cdn-goproxy.brandfolder-svc.com dbr.dutchbicyclerental.nl cdn.linkedin.oribi.io *.brandfolder.com *.static.widget.trengo.eu *.bing.com; frame-src 'self' js.stripe.com live.tourdash.com loyaltymanager.nl myalbum.com p.travelsmarter.net ts.ticketcounter.nl valkexclusief-virtueletours.nl web-widget.mobility.here.com widget.salonhub.nl widgets.vvvzeeland.nl www.googletagmanager.com s3.eu-west-3.amazonaws.com/omnivr.nl/ www.panowalks.com www.youtube.com www.eenvacaturebij.nl www.werkenbijavifauna.nl www.werkenbijvandervalkhoteltilburg.nl www.werkenbijvandervalkhotelutrecht.nl www.visitzuidlimburg.nl zien360.nl *.facebook.com *.facebook.net *.hotjar.com *.googlesyndication.com *.google.com *.salonized.com *.sovendus.com vimeo.com *.vimeo.com *.adyen.com *.paypal.com rtsp.me valkexclusief.typeform.com *.signicat.com *.fls.doubleclick.net *.g.doubleclick.net td.doubleclick.net vars.hotjar.com *.visa.com www.securesuite.co.uk www.rsa3dsauth.co.uk *.cardinalcommerce.com *.arcot.com *.americanexpress.com *.wlp-acs.com 3d-secure.pluscard.de acs.touch.tech *.rabobank.nl ps4acs.netcetera-payment.ch secure.dkb.de emv3ds-acs.nccc.com.tw *.3dsecure.no *.viseca.ch foriseu-vbv.mycardplace.com acs2.six-payment-services.com threedomainsecure.pekao24.pl acssbafrica.bankserv.co.za sas.redsys.es sas.mc.redsys.es acs1-3dsecure.cic.fr foriseu-vbv.mycardplace.com www.securesuite.net www.europabank.be www.ebonline.be www.centrum24.pl wirexeu-msc.mycardplace.com vkanalytics.net visa-secure-vdm.ing.de visa-secure-bxl.ing.de visasecure2.consorsbank.de visasecure2.comdirect.de visasecure.sparkassen-kreditkarten.de userapi2.danskebank.com sicher-bezahlen.sparkasse.at service.avengeradblocker.com ps4acs-mc-1.netcetera-payment.ch paiement2.secure.lcl.fr online.citadele.lv mycardsecure.com mc-id-check.firstdata.de mci.acs.sibs.pt mastercardidentitycheck.sparkassen-kreditkarten.de mastercard2.acs.cmbchina.com geschuetztkaufen2.commerzbank.de geschuetztkaufen1.commerzbank.de ecclients.btrl.ro clients.smartsecure.tsys.co.uk:446 channel-cards-html.lloydsbankinggroup.com cacs-v2.icard.com bps.itcardpaymentservice.pl authentication-acs.marqeta.com acs4.privatbank.ua acs2-3dsecure.targobank.de acs2-3dsecure.creditmutuel.fr acs2-3dsecure.cm-cic.com acs2-3dsecure.cic.fr acs2.swedbank.se acs2.sparebank1.no acs2.gpesecure.com acs2.edb.com acs2.3ds.modirum.com acs1-3dsecure.targobank.de acs1-3dsecure.creditmutuel.fr acs1-3dsecure.cm-cic.com acs1.swedbank.se acs1.sparebank1.no acs1.six-payment-services.com acs1.edb.com acs1.3ds.modirum.com acs.swedbank.se acs.six-payment-services.com acs.sibs.pt acs.mercurypaymentservices.it acs.edb.com acs.capitalone.com acs.airplus.com acs.3ds-hanseaticbank.de 3ds-secure.cardcomplete.com 3dspayment.paylife.at 3dspayment.easybank.at 3dsecure-vrp.de 3dsecure.zen.com 3dsecure.slsp.sk 3dsecure.psa.at 3dsecure.nexi.it 3dsecure.monext.fr 3dsecure.mbank.pl 3dsecure.mbank.cz 3ds-a.live.ext.prod.enfuce.com 3ds.vinea.es 3ds.sia.eu 3ds.rpc-raiffeisen.com 3ds.redsys.es 3ds.pkobp.pl 3ds.nexigroup.com *.six-group.com *.bunq.com 3ds-challenge.n26.com *.swisscard.ch *.standardbank.co.za identify.nordea.com *.brandfolder.com *.valkexclusief.nl staging.valk-to-go-shop.pages.dev shop.valk-togo.nl; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com static.tacdn.com script.hotjar.com mediabank.valkenhorst.nl; media-src 'self' static.widget.trengo.eu video.jobpromo.nl mediabank.valkenhorst.nl *.brandfolder.com; style-src 'self' 'unsafe-inline' static.tacdn.com fonts.googleapis.com *.google.com *.adyen.com mediabank.valkenhorst.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.widget.trengo.eu static.widget.trengo.eu stats.pusher.com/timeline/v4/jsonp/1 js.stripe.com s.ytimg.com marketplace.mobility.here.com player.vimeo.com static.tacdn.com s3.amazonaws.com/fby-form/ widget.salonhub.nl www.googletagmanager.com www.google-analytics.com www.tripadvisor.nl www.youtube.com snap.licdn.com *.facebook.net *.feedbackify.com *.g.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net *.gstatic.com *.hotjar.com *.klippa.com *.sovendus.com *.adyen.com *.paypal.com *.cdn-apple.com analytics.tiktok.com/i18n/pixel/ static.hotjar.com script.hotjar.com *.clarity.ms onlinedialogue.s3.amazonaws.com *.exponea.com capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com mediabank.valkenhorst.nl; block-all-mixed-content; report-uri /Api/ContentSecurityPolicyApi/Report; 1
default-src data: * 'unsafe-inline' 'self' 1
script-src 'self' *.googleapis.com *.fontawesome.com *.cloudflare.com *.msecnd.net *.google.com *.force.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.force.com  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://nrw.social; img-src 'self' https: data: blob: https://nrw.social; style-src 'self' https://nrw.social 'nonce-L0Jz5wHfxbprdT39wWaO9A=='; media-src 'self' https: data: https://nrw.social; frame-src 'self' https:; manifest-src 'self' https://nrw.social; form-action 'self'; child-src 'self' blob: https://nrw.social; worker-src 'self' blob: https://nrw.social; connect-src 'self' data: blob: https://nrw.social https://nrw.social wss://nrw.social; script-src 'self' https://nrw.social 'wasm-unsafe-eval' 1
default-src 'self' data: klett.ch *.klett.ch; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.klett.ch *.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' *.klett.ch *.jsdelivr.net *.msecnd.net *.clickdimensions.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.klett.ch; connect-src 'self' *.klett.ch *.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' *.klett.ch *.msecnd.net *.clickdimensions.com 1
block-all-mixed-content; require-sri-for 'self'; upgrade-insecure-requests; report-uri https://bitwoci.report-uri.com/r/d/csp/enforce 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.library.wales/?eID=error 1
default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ db.onlinewebfonts.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org blob: https://*.wogaa.sg https://assets.adobedtm.com/ blob: https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ https://www.caas.gov.sg https://www.recaptcha.net/recaptcha/api.js https://www.googletagmanager.com/ https://assets.dcube.cloud/ http://code.jquery.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://assets.wogaa.sg/fonts/ db.onlinewebfonts.com static.parastorage.com static.wixstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://assets.wogaa.sg/fonts/ static.parastorage.com static.wixstatic.com db.onlinewebfonts.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://d33wubrfki0l68.cloudfront.net/ https://caas.gov.sg/ https://www.caas.gov.sg/; media-src 'self' data: blob:; frame-src 'self' https://wogaa.demdex.net/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://www.google.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://web.facebook.com/ http://maps.google.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://*.wogaa.sg https://dpm.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://www.google-analytics.com/; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://external.quantummetric.com https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.es https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.es https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OWVkOTRiYmFhYmU5NDJlNDlmMWZkZTJhMjlkNTQ0M2U=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.bigregister.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.bigregister.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.bigregister.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors http://cms.flcu.org http://www.flcu.org http://flcu.org 1
"default-src *" 1
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 1
frame-ancestors 'self'; frame-src 'self' https://veterans.hillandponton.com https://*.pages.ubembed.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://anchor.fm https://podcasters.spotify.com https://www.google.com https://hill-ponton.breezy.hr https://form.typeform.com https://www.iubenda.com https://td.doubleclick.net/; child-src 'self'; upgrade-insecure-requests; form-action 'self' https://www.facebook.com; base-uri 'self'; object-src 'self'; 1
base-uri 'self' www.securiteinfo.com securiteinfo.com ; default-src 'self' www.securiteinfo.com securiteinfo.com *.paypal.com *.paypalobjects.com www.chatbase.co ajax.cloudflare.com www.printfriendly.com www.worldcommunitygrid.org static.cloudflareinsights.com www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com chrome-extension: 'unsafe-inline'; script-src 'self' www.securiteinfo.com securiteinfo.com *.paypal.com *.paypalobjects.com www.chatbase.co ajax.cloudflare.com static.cloudflareinsights.com https://static.cloudflareinsights.com/beacon.min.js maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.securiteinfo.com securiteinfo.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: translate.googleapis.com hcaptcha.com *.hcaptcha.com ; font-src 'self' www.securiteinfo.com securiteinfo.com maxcdn.bootstrapcdn.com fonts.gstatic.com github.com data: ; frame-ancestors www.worldcommunitygrid.org www.youtube-nocookie.com hcaptcha.com *.hcaptcha.com *.paypal.com *.paypalobjects.com ; img-src 'self' www.securiteinfo.com securiteinfo.com https://* data: blob: ; object-src 'self' www.securiteinfo.com securiteinfo.com ; connect-src 'self' www.securiteinfo.com securiteinfo.com *.paypal.com *.paypalobjects.com www.chatbase.co api.cognitive.microsofttranslator.com hcaptcha.com *.hcaptcha.com ; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://linfan.moe wss://linfan.moe https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' blob: data: *.gegridsolutions.com think-grid.org http://*.think-grid.org *.think-grid.org www.gedigitalenergy.com https://appdash.gedigitalenergy.com *.bootstrapcdn.com *.googletagmanager.com *.googlesyndication.com *.addthis.com snap.licdn.com *.linkedin.com *.jabmo.app api.ipify.org secure.adnxs.com *.cloudfront.net *.evidon.com *.6sc.co *.sharethis.com platform.twitter.com *.google-analytics.com *.analytics.google.com analytics.google.com *.marketo.net *.marketo.com *.adobedtm.com cm.everesttech.net *.demdex.net c.sharethis.mgr.consensu.org *.mktoutil.com *.mktoresp.com gepowerandwater.tt.omtrdc.net gepowerandwater.d2.sc.omtrdc.net z.moatads.com v1.addthisedge.com www.googleadservices.com *.doubleclick.net www.google.com connect.facebook.net www.facebook.com p.adsymptotic.com citia.com *.youtube.com addsearch.com *.addsearch.com *.searchcdn.com www.mygegrid.com *.cloudflare.com *.cdntwrk.com *.uberflip.com *.zencdn.net *.jsdelivr.net *.jquery.com dqm.crownpeak.com *.googleapis.com *.crownpeak.net *.gstatic.com http://*.cloudfront.net https://*.cloudfront.net export.highcharts.com *.webflow.com https://www.youtube.com dfjwbjdffd4z4.cloudfront.net https://ssl.p.jwpcdn.com player.vimeo.com *.vimeocdn.com https://cdn.linkedin.oribi.io https://siteimproveanalytics.com *.siteimproveanalytics.io https://*.hotjar.com wss://*.hotjar.com https://*.bing.com https://*.hotjar.io https://*.clarity.ms *.addtoany.com https://*.elfsight.com https://*.elfsightcdn.com https://assets.gevernova.com; frame-ancestors 'self' https://www.gegridsolutions.com https://resources.gegridsolutions.com https://appdash.gedigitalenergy.com; object-src 'self'; form-action 'self' https://www.gegridsolutions.com https://resources.gegridsolutions.com export.highcharts.com http://export.highcharts.com https://dqm.crownpeak.com; report-to 'none' 1
script-src 'self' 'unsafe-inline' https://*.vimeo.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://maps.googleapis.com; object-src 'self'; frame-src https://www.googletagmanager.com/ https://*.google.com/ https://www.youtube.com https://www.youtube.com/embed https://vimeo.com https://player.vimeo.com https://api.nasdaqomx.wallst.com https://crowncork.gcs-web.com; child-src https://www.youtube.com https://www.youtube.com/embed https://vimeo.com https://player.vimeo.com https://api.nasdaqomx.wallst.com https://crowncork.gcs-web.com; report-uri /report-csp-violation 1
default-src 'self' maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net *.localhost; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.pardot.com *.gstatic.com landing.daikinapplied.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.typekit.net *.fontawesome.com *.wistia.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.bing.com *.licdn.com *.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.srv.stackadapt.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.wistia.com *.akamaihd.net dotcom.blob.core.windows.net *.g.doubleclick.net *.google.com *.bing.com *.linkedin.com *.adsymptotic.com; media-src 'self' data: blob: *.wistia.com dotcom.blob.core.windows.net *.akamaihd.net; frame-src 'self' *.doubleclick.net *.daikinapplied.com daikinapplied.secure.force.com *.google.com *.twitter.com *.four51.com *.salesforce-sites.com; frame-ancestors 'self' *.google.com *.daikinapplied.com *.localhost; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.daikinapplied.com daikinapplied.secure.force.com *.google.com blob:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.googleadservices.com *.mktoresp.com *.wistia.com *.litix.io *.akamaihd.net *.stackadapt.com *.google.com *.doubleclick.net *.google-analytics.com *.fontawesome.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; default-src 'self' https://forms.hsforms.com https://*.lottiefiles.com https://www.google-analytics.com https://api.lever.co; font-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com data: 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://youtube.com https://open.spotify.com https://player.vimeo.com; img-src 'self' data: https://secure.gravatar.com https://forms.hsforms.com https://forms-na1.hsforms.com https://googletagmanager.com https://i.vimeocdn.com/ https://www.googletagmanager.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://leolabs.space https://www.leolabs.space https://www.googletagmanager.com https://unpkg.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.bugherd.com https://js.hsforms.net 'unsafe-eval' https://player.vimeo.com https://andreasmb.github.io  https://youtube.com https://www.youtube.com; style-src 'self' https://cdnjs.cloudflare.com https://unpkg.com https://stackpath.bootstrapcdn.com 'unsafe-inline' https://fonts.googleapis.com; 1
default-src www.nac.gov.pl ajax.googleapis.com fonts.googleapis.com *.gstatic.com www.facebook.com 'self'; script-src www.nac.gov.pl 'self' 'unsafe-inline'; style-src www.nac.gov.pl ajax.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline'; img-src www.nac.gov.pl 'self'  www.szukajwarchiwach.gov.pl: default-src fonts.gstatic.com www.google-analytics.com matomo.archiwa.gov.pl stats.g.doubleclick.net www.facebook.com 'self'; script-src ajax.googleapis.com www.google-analytics.com connect.facebook.net matomo.archiwa.gov.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src ajax.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline'; img-src data: photos.szukajwarchiwach.gov.pl www.facebook.com www.google.com www.google.pl http://lublin.ap.gov.pl https://i0.wp.com 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl; img-src 'self' data: https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; media-src 'self'; child-src 'self'; object-src 'self'; frame-src 'self' https://statistiek.rijksoverheid.nl https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://statistiek.rijksoverheid.nl; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruby.social; img-src 'self' https: data: blob: https://ruby.social; style-src 'self' https://ruby.social 'nonce-PvsNdO+N7T/TdezSHvC7qg=='; media-src 'self' https: data: https://ruby.social; frame-src 'self' https:; manifest-src 'self' https://ruby.social; form-action 'self'; child-src 'self' blob: https://ruby.social; worker-src 'self' blob: https://ruby.social; connect-src 'self' data: blob: https://ruby.social https://cdn.masto.host wss://ruby.social; script-src 'self' https://ruby.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.hsforms.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://kit.fontawesome.com https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com; frame-src https://forms.hsforms.com https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://forms.hscollectedforms.net https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://forms.hubspot.com https://ka-f.fontawesome.com https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com; font-src 'self' https://ka-f.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' https://www.google.com https://track.hubspot.com https://forms-na1.hsforms.com https://forms.hsforms.com https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co data:; form-action 'self' https://forms.hsforms.com https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
default-src 'self';connect-src 'self' *.google-analytics.com *.doubleclick.net *.google.com *.sentry.io *.force.com *.facebook.com *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com *.amazonaws.com wss: blob:;media-src 'self' blob: https:;font-src 'self' fonts.gstatic.com data:;;frame-src 'self' *.google.com *.force.com *.salesforce.com https://hackerone.com *.facebook.com *.labelbox.com *.doubleclick.net;img-src 'self' blob: data: https:;base-uri 'none';object-src 'none';script-src 'nonce-A4L8yV8XsTtYtI3TuqHr4zehiM3t+TwtvLdAUN7+oHU' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.force.com *.salesforce.com *.salesforceliveagent.com *.facebook.net 'self';script-src-elem 'unsafe-inline' *.doubleclick.net *.googleadservices.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.cdn-apple.com *.force.com https://hackerone.com https://cdn.logrocket.io https://cdn.lr-ingest.com https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com *.salesforce.com *.salesforceliveagent.com *.facebook.net 'self';style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.force.com *.salesforce.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  https://culoansaver.com https://delivery.datatrac.net *.datatrac.net https://3riversfculocator.wave2.io https://*.msecnd.net apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com *.msecnd.net https://stackpath.bootstrapcdn.com/ https://cdn.boomcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://www.onlinebanktours.com/external/v5/BCM_Light_Box.js *.addthis.com *.addthisedge.com https://graph.facebook.com https://z.moatads.com https://api.alpharank.io apis.google.com *.simpli.fi *.salemove.com *.glia.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://www.googleanalytics.com https://www.google-analytics.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-src.js https://dev.virtualearth.net https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.js https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.datatrac.net www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://stackpath.bootstrapcdn.com/bootstrap/4.1.2/css/bootstrap.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.theme.default.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.carousel.min.css https://use.fontawesome.com/ https://cdn.boomcdn.com/ https://www.onlinebanktours.com/external/v5/BCM_Ad_Styles.css *.salemove.com *.glia.com recruitingbypaycor.com https://fonts.googleapis.com https://assets.sitescdn.net *.canva.com *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; img-src 'self' *.gstatic.com *.datatrac.net *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: *.datatrac.net blob: *.eloqua.com track.hubspot.com https://cdn.oectours.com/media/ https://www.onlinebanktours.com https://i.ytimg.com https://www.googletagmanager.com *.googleusercontent.com *.simpli.fi https://www.googleadservices.com *.doubleclick.net *.tremorhub.com *.yahoo.com *.bfmio.com *.rlcdn.com *.lijit.com *.tapad.com https://bcp.crwdcntrl.net *.agkn.com *.exelator.com *.bluekai.com *.pubmatic.com https://fei.pro-market.net *.advertising.com *.spotxchange.com *.rubiconproject.com *.openx.net https://ib.adnxs.com *.intentiq.com https://ads.stickyadstv.com *.google.com https://sync.mathtag.com https://secure.insightexpressai.com https://1f2e7.v.fwmrm.net https://pbid.pro-market.net https://match.adsrvr.org https://segments.company-target.com https://jelly.mdhv.io https://sync.tidaltv.com https://www.entitytag.co.uk https://www.totaljobs.com *.webmd.com https://pippio.com https://tag.apxlv.com *.salemove.com *.glia.com https://www.google-analytics.com https://www.googletagmanager.com https://assets.sitescdn.net *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; media-src 'self' data: blob: *.glia.com https://www.eventbrite.com; child-src 'self' https://cdn.flipsnack.com https://culoansaver.com *.datatrac.net https://delivery.datatrac.net https://3riversfculocator.wave2.io https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onlinebanktours.com *.datatrac.net *.addthis.com *.timetrade.com https://webchat.3riversfcu.com *.tryinteract.com *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net 3riversfcu.hosted.panopto.com *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com; connect-src 'self' wss: accounts.google.com https://*.dec.sitefinity.com 3riversfcu.hosted.panopto.com *.datatrac.net *.mktoresp.com https://dc.services.visualstudio.com/v2/ https://pixel.alpharank.io https://www.google-analytics.com https://stats.g.doubleclick.net *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com; object-src 'none'; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-UcKqUFatOsHa3WoO0XRJO8InkHU=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' data: 'unsafe-eval';     style-src 'self' 'unsafe-inline';     img-src 'self' ;     connect-src 'self';     script-src 'self' 'unsafe-inline'         'unsafe-eval';     font-src 'self' data: 'unsafe-eval'; 1
frame-ancestors 'self' *.straumann.com *.nuvoimplants.com *.teethtoday.com *.straumanngroup.com  1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.3playmedia.com *.googleadservices.com *.googleads.g.doubleclick.net *.acsbapp.com acsbapp.com *.mktoweb.com https://js.adsrvr.org/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://optimize.google.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://tracker.adreadyclick.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://munchkin.marketo.net/ *.4seeresults.com https://gateway.foresee.com/ https://www.youtube.com/ https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 cdnjs.cloudflare.com polyfill.io www.googletagmanager.com maxcdn.bootstrapcdn.com https://*.google-analytics.com connect.facebook.net s.btstatic.com s.thebrighttag.com https://rlforms.referlive.com; style-src 'self' 'unsafe-inline' *.3playmedia.com originp3.s3.amazonaws.com *.4seeresults.com *.foresee.com *.mktoweb.com https://optimize.google.com https://rlforms.referlive.com https://fonts.googleapis.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 builder.risdall.com; img-src 'self' data: googleads.g.doubleclick.net *.acsbapp.com acsbapp.com https://azurestorefront.blob.core.windows.net https://rlforms.referlive.com https://trustage.liveplatform.com https://optimize.google.com https://script.hotjar.com http://script.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.google.com/ads/ga-audiences https://tn.alphonso.tv https://*.gstatic.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com https://insight.adsrvr.org https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dpm.demdex.net https://io.narrative.io https://idpix.media6degrees.com https://mid.rkdms.com https://play.google.com https://developer.apple.com; font-src 'self' *.3playmedia.com acsbapp.com http://script.hotjar.com https://script.hotjar.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.gstatic.com *.4seeresults.com *.foresee.com; connect-src 'self' *.google.com *.doubleclick.net *.3playmedia.com *.4seeresults.com *.foresee.com *.acsbapp.com https://rlforms.referlive.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://in.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.mktoresp.com/ https://*.sharethis.com https://www.calcxml.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com; object-src 'self' https://player.vimeo.com https://vimeo.com https://www.youtube.com/; frame-src 'self' *.google.com *.doubleclick.net t.sharethis.com plugin.3playmedia.com *.3playmedia.com *.mktoweb.com https://match.adsrvr.org/ https://insight.adsrvr.org/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://optimize.google.com https://player.vimeo.com https://vimeo.com https://vars.hotjar.com *.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.youtube.com/ https://wings.locatorsearch.com/ www.facebook.com:443 https://*.sharethis.mgr.consensu.org; form-action 'self' *.architect-cert.fiservapps.com *.referlive.com *.touchcommerce.com *.inq.com *.nuance.com https://wingsfinancial.onlinebank.com https://www.facebook.com; frame-ancestors 'self' https://wingsfinancial.onlinebank.com/; upgrade-insecure-requests; block-all-mixed-content; 1
font-src *.gstatic.com *.cloudfront.net *.klaviyo.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.sharethis.com *.affirm.com *.affirm.ca *.signifyd.com *.online-metrix.net *.paypal.com *.braintreegateway.com *.facebook.com *.cdn-btsg.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.affirm.com *.affirm.ca *.google.co.in *.klaviyo.com *.signifyd.com *.paypalobjects.com *.googletagmanager.com *.online-metrix.net *.cdn-btsg.com *.zopim.io *.cloudfront.net *.facebook.com *.google-analytics.com *.paypal.com *.google.com *.google.com.mx *.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.affirm.com *.affirm.ca *.authorize.net *.klevu.com *.klaviyo.com *.braintreegateway.com *.cdn-btsg.com *.signifyd.com *.cloudfront.net *.attn.tv *.gstatic.com *.crazyegg.com *.paypal.com *.doubleclick.net *.facebook.net *.bing.com *.google-analytics.com *.zopim.com *.paypalobjects.com *.googletagmanager.com *.zdassets.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.klevu.com *.klaviyo.com *.googleapis.com *.cloudfront.net https://static.klaviyo.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.sharethis.com *.affirm.com *.affirm.ca *.klevu.com *.authorize.net *.sentry.io *.google.co.in *.ksearchnet.com *.datadome.co *.klaviyo.com *.signifyd.com *.braintree-api.com *.braintreegateway.com *.facebook.com *.cdn-btsg.com *.cloudfront.net *.bing.com *.attentivemobile.com *.attn.tv *.doubleclick.net *.googleadservices.com *.crazyegg.com *.paypal.com *.gstatic.com *.google-analytics.com *.zopim.com *.google.com *.zendesk.com *.zdassets.com  wss://widget-mediator.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' https://media.chelseapiers.com https://playbook.chelseapiers.com https://www.chelseapiers.com https://www.chelseapiersct.com https://signs.reachcm.com https://www.fitmetrix.io https://www.youtube.com https://bid.g.doubleclick.net https://apps.dashplatform.com https://apps2.dashplatform.com https://pr.dashplatform.com www.googletagmanager.com https://snapwidget.com https://www.paycomonline.net https://www.today.com https://abcnews.go.com https://w3.cdn.anvato.net http://players.brightcove.net https://giphy.com https://www.goodmorningamerica.com https://player.vimeo.com https://dockwa.com/ https://chelseapiers.zohobookings.com https://crmplus.zoho.com https://widgets.resy.com/ https://www.opentable.com/ https://forms.zohopublic.com https://salesiq.zohopublic.com/ https://apps.daysmartrecreation.com https://fitness.chelseapiers.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com http://pdx-col.eum-appdynamics.com https://pdx-col.eum-appdynamics.com https://appdynamics-eum.elliemae.com platform.cloud.coveo.com https://usageanalytics.coveo.com/rest/v15/analytics/click https://usageanalytics.coveo.com/rest/v15/analytics/searches https://themes.googleusercontent.com/ https://edge.fullstory.com https://rs.fullstory.com/; img-src 'self' data:;  1
default-src 'self' *.payportal.net payportal.net cloudflare.com *.cloudflare.com wss://analytex.userpilot.io *.userpilot.io userpilot.io googleapis.com *.googleapis.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com jsdelivr.net *.jsdelivr.net cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com  google-analytics.com *.google-analytics.com intuit.com *.intuit.com fontawesome.com *.fontawesome.com gravatar.com *.gravatar.com stripe.com *.stripe.com zoominfo.com *.zoominfo.com lfeeder.com *.lfeeder.com marketingautomation.services *.marketingautomation.services googleadservices.com *.googleadservices.com facebook.net *.facebook.net doubleclick.net *.doubleclick.net perfectaudience.com *.perfectaudience.com facebook.com *.facebook.com google.com *.google.com google.co.in *.google.co.in prfct.co *.prfct.co adnxs.com *.adnxs.com *.freshsuccess.com freshsuccess.com *.ckeditor.com ckeditor.com 'unsafe-inline' hatchbuck.com *.hatchbuck.com email2go.io *.email2go.io *.bootstrapcdn.com bootstrapcdn.com *.freshchat.com freshchat.com *.luckyorange.com luckyorange.com 'unsafe-eval' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.klarna.com https://*.medallia.com https://*.paypal.com https://*.sheerid.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://apprl.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://eu-library.klarnaservices.com https://eu.klarnaevt.com https://evt-eu.klarnaservices.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://rcgmal4n.klarnaservices.com https://s.apprl.com https://s.pinimg.com https://s3.eu-west-1.amazonaws.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.de https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.de https://www.paypalobjects.com https://x.klarnacdn.net https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://services.mypetcloud.com https://quote.figopetinsurance.com https://wonderful-grass-0bd7e0310-main.centralus.3.azurestaticapps.net/ https://*.sleeknote.com https://*.gstatic.com https://*.adobedtm.com https://sc-static.net https://*.licdn.com https://*.pinimg.com https://*.pinterest.com https://*.rackcdn.com http://*.rtb123.com https://*.oribi.io https://*.f7egtrk.com https://*.googletagmanager.com https://*.contentful.com https://*.ctfassets.net https://*.snapchat.com https://*.tiktok.com https://*.acsbapp.com https://acsbapp.com https://*.gonorth.io https://*.doubleclick.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.com.mx https://*.google.ca https://*.redditstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://figotp.force.com https://static.lightning.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleapis.com https://*.azurewebsites.net https://*.reddit.com https://*.googleadservices.com https://*.adsymptotic.com http://script.crazyegg.com https://*.figopetinsurance.com https://*.mypetcloud.com https://ptzinsurance.tt.omtrdc.net https://figo.my.site.com https://www.google-analytics.com https://*.tapad.com https://pippio.com https://*.hotjar.io https://*.hotjar.com/ https://*.simpli.fi https://*.google-analytics.com https://*.rtb123.com http://*.crazyegg.com https://*.hotjar.com https://ptzinsurance.tt.omtrdc.net https://google.com https://sync.1rx.io http://*.xtlo.net https://*.xtlo.net https://*.salesforce-sites.com https://*.stackadapt.com https://*.bing.com https://*.clarity.ms https://*.googlesyndication.com https://*.pangle-ads.com https://*.exct.net https://pvdpix.com; frame-ancestors 'self' data: https://wonderful-grass-0bd7e0310-main.centralus.3.azurestaticapps.net/ https://figo.my.salesforce.com/ https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleadservices.com https://*.acsbapp.com https://app.contentful.com https://*.diamondasaservice.com https://*.clarity.ms https://*.stackadapt.com https://*.bing.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: wss: data: https://services.mypetcloud.com https://quote.figopetinsurance.com https://wonderful-grass-0bd7e0310-main.centralus.3.azurestaticapps.net/ https://*.sleeknote.com https://*.gstatic.com https://*.adobedtm.com https://sc-static.net https://*.licdn.com https://*.pinimg.com https://*.pinterest.com https://*.rackcdn.com http://*.rtb123.com https://*.oribi.io https://*.f7egtrk.com https://*.googletagmanager.com https://*.contentful.com https://*.ctfassets.net https://*.snapchat.com https://*.tiktok.com https://*.acsbapp.com https://acsbapp.com https://*.gonorth.io https://*.doubleclick.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.com.mx https://*.google.ca https://*.redditstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://figotp.force.com https://static.lightning.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleapis.com https://*.azurewebsites.net https://*.reddit.com https://*.googleadservices.com https://*.adsymptotic.com http://script.crazyegg.com https://*.figopetinsurance.com https://*.mypetcloud.com https://ptzinsurance.tt.omtrdc.net https://figo.my.site.com https://www.google-analytics.com https://*.tapad.com https://pippio.com https://*.hotjar.io https://*.hotjar.com/ https://*.simpli.fi https://*.google-analytics.com https://*.rtb123.com http://*.crazyegg.com https://*.hotjar.com https://ptzinsurance.tt.omtrdc.net https://google.com https://sync.1rx.io http://*.xtlo.net https://*.xtlo.net https://*.salesforce-sites.com https://*.stackadapt.com https://*.bing.com https://*.clarity.ms https://*.googlesyndication.com https://*.pangle-ads.com https://*.exct.net https://pvdpix.com; 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn.iubenda.com https://www.iubenda.com https://cs.iubenda.com https://www.googletagmanager.com https://js.hs-analytics.net https://*.hubapi.com/ https://app.hubspot.com/ https://connect.facebook.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/9412099.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hsleadflows.net/leadflows.js https://platform.linkedin.com/in.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/gtag/js 'strict-dynamic' 'nonce-mjq0odqyntc2niwzndcxodc3ntkz' https://static.hsappstatic.net https://js.hubspot.com https://*.hotjar.com 'nonce-+3AR00nkNBJC45+1tC1Tnw=='; script-src-elem 'self' 'unsafe-inline' https://cdn.iubenda.com https://www.iubenda.com https://cs.iubenda.com https://ajax.googleapis.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://js.hs-analytics.net https://*.hubapi.com/ https://app.hubspot.com/ https://connect.facebook.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net/ https://js.hsleadflows.net https://platform.linkedin.com https://platform.twitter.com https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com https://static.hsappstatic.net https://js.hubspot.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.hsappstatic.net https://*.hotjar.com; img-src 'self' data: https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://static.hsappstatic.net https://px.ads.linkedin.com https://*.hubspotusercontent40.net https://i.ytimg.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://*.hotjar.com; font-src 'self' https://25688260.fs1.hubspotusercontent-eu1.net/ https://fonts.gstatic.com https://*.hotjar.com; connect-src 'self' https://hits-i.iubenda.com https://cp.hubspot.com https://region1.analytics.google.com https://forms-eu1.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://region1.google-analytics.com https://www.googletagmanager.com https://forms-na1.hsforms.com https://js.hs-banner.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hsforms.com https://cdn.linkedin.oribi.io https://forms.hscollectedforms.net  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src 'self' https://f.hubspotusercontent40.net; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://forms.hsforms.com https://platform.twitter.com https://www.youtube.com; worker-src 'none'; form-action 'self' https://forms.hsforms.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://61b7343f14685c32c2347988.endpoint.csper.io; 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://code.visitor-track.com https://info.crd.com/analytics https://pi.pardot.com/pd.js https://fonts.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://s7.addthis.com https://siteimproveanalytics.com https://pi.pardot.com https://cdn.siteimprove.com https://maps.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com data: https://s0.wp.com; frame-src 'self' https://*.brightcove.net https://*.crd.com https://*.google.com; img-src 'self' https://*.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net; manifest-src 'self'; media-src 'self'; report-uri https://65292a4da5a15fa1ff36ab6f.endpoint.csper.io/?v=0; worker-src 'self'; 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://relativity.com https://www.relativity.com; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://todon.nl; img-src 'self' https: data: blob: https://todon.nl; style-src 'self' https://todon.nl 'nonce-ESd28QvS4KyHbDCFPOe+Qg=='; media-src 'self' https: data: https://todon.nl; frame-src 'self' https:; manifest-src 'self' https://todon.nl; form-action 'self'; child-src 'self' blob: https://todon.nl; worker-src 'self' blob: https://todon.nl; connect-src 'self' data: blob: https://todon.nl https://todon.nl wss://todon.nl; script-src 'self' https://todon.nl 'wasm-unsafe-eval' 1
frame-ancestors 'self' booksy.com semilac.strix.app; 1
frame-ancestors https://www.findmyshift.com 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co 'nonce-62a764f5-35f1-4e62-ac51-12ab7ddaefbf' https://log.bntrace.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://www.googleanalytics.com https://www.googleoptimize.com https://www.gstatic.com https://www.google.com https://accounts.google.com/gsi/client https://apis.google.com/js/api:client.js https://maps.googleapis.com https://optimize.google.com https://euob.segreencolumn.com https://bat.bing.com https://obseu.segreencolumn.com https://appleid.cdn-apple.com unsafe-inline https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://accounts.binance.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://api.smartling.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com unsafe-inline;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://api.smartling.com https://accounts.google.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.com https://*.binance.com https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://api.smartling.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://bat.bing.com https://obseu.segreencolumn.com https://logan-log.binance.gg wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://stream.binance.com wss://nbstream.binance.com wss://bstream.binance.com:9443 https://api.saasexch.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://static.devfdg.net https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://obseu.segreencolumn.com https://bat.bing.com https://sensors.binance.cloud https://bin.bnbstatic.com https://public.bnbstatic.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://api.smartling.com https://accounts.google.com https://fast.wistia.net blob:;frame-src 'self' https://api.smartling.com https://accounts.google.com https://*.saasexch.co https://www.google.com https://optimize.google.com https://accounts.google.com/ https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net;object-src 'none';base-uri 'self';report-uri https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a;report-to https://o529943.ingest.sentry.io/api/6149229/security/?sentry_key=949d37812f604f039041170b5601fa1a 1
frame-ancestors 'self' *.abaa.com *.abaa.org 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.baidu.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.beautyexpert.com https://checkout.beautyexpert.com https://www.beautyexpert.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://translate.yandex.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' sixthman.net *.sixthman.net cdn.sixthman.net cdn1.sixthman.net tradablebits.com *.amazonaws.com; img-src 'self' 'unsafe-inline' cdn1.sixthman.net cdn.sixthman.net d2z4nov6ck0fcb.cloudfront.net *.amazonaws.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.google.com *.datasteam.io *.doubleclick.net *.liadm.com adadvisor.net ask-assets.com *.dtstmio.com *.agkn.com *.spotify.com *.slaask.com slaask.com *.slack-edge.com *.pusher.com *.pusherapp.com ucarecdn.com xenoapp.com *.uplift-platform.com *.gravatar.com *.facebook.com *.facebook.net *.twimg.com *.twitter.com *.adroll.com data:; font-src 'self' *.typekit.net cdn.xeno.app fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdn.sixthman.net cdn1.sixthman.net *.typekit.net *.googleapis.com *.cloudflare.com *.twitter.com cdn.xeno.app *.twimg.com *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monday.com *.datasteam.io sixthman.net *.sixthman.net cdn1.sixthman.net cdn.sixthman.net d2z4nov6ck0fcb.cloudfront.net *.cloudflare.com tradablebits.com *.dstillery.com *.media6degrees.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.doubleclick.net *.adsrvr.org *.agkn.com *.consensu.org *.facebook.net *.vimeo.com *.twitter.com *.adroll.com *.segment.com cdn.xeno.app *.slaask.com slaask.com *.rfihub.net *.pusher.com *.twimg.com *.uplift.com *.uplift-platform.com; frame-src 'self' *.monday.com *.google.com *.vimeo.com *.facebook.com *.youtube.com *.spotify.com *.twitter.com *.twimg.com *.adsrvr.org *.doubleclick.net *.uplift.com; connect-src 'self' sixthman.net *.sixthman.net tradablebits.com *.segment.com *.segment.io *.uplift.co *.uplift.com *.uplift-platform.com slaask.com *.pusher.com *.pusherapp.com wss://ws.pusherapp.com *.facebook.com *.googlesyndication.com stats.g.doubleclick.net *.adroll.com *.google.com *.google-analytics.com *.googleapis.com *.spotify.com data:; media-src 'self' 'unsafe-inline' sixthman.net *.sixthman.net *.slaask.com slaask.com *.pusher.com; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com *.twitter.com; frame-ancestors 'self' *.sixthman.net; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://assets.tomorrow.one; object-src 'none'; media-src 'self' https://videos.ctfassets.net https://assets.tomorrow.one; connect-src 'self' https://api.staging.aws.tomorrow.one https://api.tomorrow.one https://web.staging.internal.aws.tomorrow.one https://www.tomorrow.one https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.adjust.com https://evnt.byspotify.com https://analytics.tiktok.com https://www.facebook.com https://ct.pinterest.com https://bat.bing.com *.clarity.ms https://tr.snapchat.com https://trc-events.taboola.com https://trc.taboola.com https://s2s.adjust.com https://www.financeads.net; frame-src https://cdn.podigee.com https://player.podigee-cdn.net https://player.vimeo.com https://ueber-morgen.podigee.io https://www.facebook.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://optimize.google.com https://www.pinterest.com https://tr.snapchat.com https://www.surveymonkey.com; img-src 'self' data: https://assets.tomorrow.one https://content.live.aws.tomorrow.one https://images.ctfassets.net https://images.podigee.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com https://www.pinterest.com https://bat.bing.com https://c.bing.com *.clarity.ms https://optimize.google.com https://tr.snapchat.com https://www.financeads.net https://prod.smassets.net; worker-src 'none'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://connect.facebook.net https://cdn.adjust.com https://pixel.byspotify.com https://analytics.tiktok.com https://tr.snapchat.com https://s.pinimg.com https://ct.pinterest.com https://bat.bing.com https://www.clarity.ms https://optimize.google.com https://cdn.taboola.com https://trc.taboola.com https://sc-static.net https://widget.surveymonkey.com https://ajax.googleapis.com; manifest-src 'self' https://assets.tomorrow.one; 1
default-src 'self' https: data: blob: wss: 'unsafe-inline'; base-uri 'none'; script-src 'self' blob: https://*.ampproject.org/ https://*.paypal.com/ https://platform.twitter.com https://platform.x.com https://songbirdstag.cardinalcommerce.com/edge/v1/ https://checkout.razorpay.com/ 'nonce-bZf7D69AhNhA4BM+bnR7SQ=='; object-src 'none' 1
frame-ancestors 'self' http://localhost; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.szhome.com *.sohu.com *.qq.com data:;img-src 'self' http: *.bdimg.com *.baidu.com *.qrcreator.net *.org.cn *.szhomeimg.com *.szhome.com data:; 1
frame-ancestors 'self' https://mash.sanity.studio 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDM2ZDhkYmNmZGYyNDU5MDk2NGMwNDAyM2M3ZDRhOTM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.onderwijsinspectie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self';script-src 'unsafe-inline' 'report-sample' 'self' https://aurory.atlassian.net https://www.googletagmanager.com/gtag/js;style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.live.aurory.io;font-src 'self' data: https://fonts.gstatic.com;frame-ancestors 'none';frame-src 'self' https://www.youtube.com;img-src 'self' data:;manifest-src 'self';media-src 'self';worker-src 'none' 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
default-src 'self' *.bossa.pl www.google.com; script-src 'self' 'unsafe-eval' *.bossa.pl www.salesmanago.pl *.salesmanago.pl www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com www.gstatic.com maps.googleapis.com www.google.com unpkg.com www.clarity.ms 'unsafe-inline'; style-src 'self' *.bossa.pl www.gstatic.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' bossa.pl *.bossa.pl bossafx.pl *.bossafx.pl *.salesmanago.pl www.googletagmanager.com *.google-analytics.com  stats.g.doubleclick.net maps.googleapis.com google.com *.google.com google.pl *.google.pl google.fi *.google.fi google.dk *.google.dk google.de *.google.de google.nl *.google.nl google.ch *.google.ch google.se *.google.se google.ie *.google.ie google.co.uk *.google.co.uk www.gstatic.com maps.gstatic.com 'unsafe-inline' 'unsafe-eval' data: img.youtube.com *.ytimg.com *.clarity.ms c.bing.com; media-src 'self' *.bossa.pl 'unsafe-inline'; frame-src 'self' datajournalism.pap.pl www.google.com *.salesmanago.pl www.youtube.com td.doubleclick.net www.googletagmanager.com; font-src 'self' *.bossa.pl themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data:; connect-src ws://websocket.bossa.pl wss://websocket.bossa.pl http://websocket.bossa.pl https://websocket.bossa.pl 'self' *.bossa.pl *.bossafx.pl bossafx.pl *.salesmanago.pl *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net maps.googleapis.com *.google.com *.google.pl *.clarity.ms *.saleago.com; report-uri /report-csp-violation 1
default-src https://*.ilive.cn https://*.lenovo.com.cn https://*.ifeng.com https://wbd.kuwo.cn https://*.bdxiguaimg.com https://hm.baidu.com data: 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-8mvcuj5+opujufi8JVX++g==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1705975100452823-15227370532500652757-cjw26fao2fpw6zpd-BAL-6360&yandexuid=4648807341705975100&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=&yandexuid=; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net ya.ru *.ya.ru; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.cenhud.com use.typekit.net p.typekit.net use.fontawesome.com fonts.googleapis.com dl.episerver.net https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cenhud.com dl.episerver.net cdn.appdynamics.com az416426.vo.msecnd.net d2oh4tlt9mrke9.cloudfront.net www.gstatic.com www.google.com https://analytics.google.com www.googletagmanager.com static.dialogflow.com www.paypal.com https://maps.googleapis.com https://platform.twitter.com https://cdn.syndication.twimg.com cdn.gbqofs.com cdn2.gbqofs.com *.report.gbss.io; connect-src 'self' localhost:5011 *.cenhud.com *.report.gbss.io dn.gbqofs.com cdn2.gbqofs.com *.sessioncam.com *.visualstudio.com https://analytics.google.com https://maps.googleapis.com pdx-col.eum-appdynamics.com dialogflow.cloud.google.com www.paypal.com https://platform.twitter.com *.azurewebsites.net; worker-src 'self' *.report.gbss.io dn.gbqofs.com cdn2.gbqofs.com; img-src 'self' data: *.cenhud.com *.centralhudson.com www.googletagmanager.com https://analytics.google.com *.sessioncam.com dl.episerver.net maps.gstatic.com https://maps.googleapis.com syndication.twitter.com *.twimg.com data; font-src 'self' data: *.cenhud.com use.typekit.net use.fontawesome.com fonts.gstatic.com https://platform.twitter.com; frame-src 'self' www.google.com *.ifactornotifi.com *.appdynamics.com player.vimeo.com www.youtube.com syndication.twitter.com https://platform.twitter.com 1
default-src https: blob: 'self'; style-src https: 'self' 'unsafe-inline'; img-src 'self' blob: data: https:; script-src blob: 'unsafe-eval' 'unsafe-inline' 'self' https: m.addthis.com www.googleanalytics.com www.gstatic.com www.googletagmanager.com assets.pinterest.com connect.facebook.net cdn.jsdelivr.net www.google.com s7.addthis.com platform.twitter.com log.pinterest.com; 1
frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.instagram.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudflare.com *.cookieyes.com cdn-cookieyes.com *.googleapis.com *.google.com *.youtube.com *.facebook.com numerique.disqus.com *.facebook.net *.gstatic.com *.googletagmanager.com *.pinterest.com *.instagram.com *.numerique.ca *.mamachine *.local *.cdninstagram.com kit.fontawesome.com cdn.jsdelivr.net *.acsbapp.com acsbapp.com *.accessibe.com 67.207.94.120 35.196.122.47; 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.cynthia.dev https://img.shields.io; font-src 'self'; connect-src 'self'; form-action 'self'; base-uri 'none'; child-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'none'; style-src 'self'; img-src 'self'; frame-ancestors 'none'; form-action 'none'; 1
frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://optanon.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://optanon.blob.core.windows.net https://code.jquery.com; img-src 'self' data: https://api.mapbox.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://api.mapbox.com; object-src 'self'; default-src 'self'; frame-src 'self' https://www.youtube.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com/ 1
default-src * 'unsafe-inline' data: blob: mediastream: 'unsafe-eval' 'unsafe-hashes' 'wasm-unsafe-eval' 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src https: data: 1
frame-ancestors 'self' *.prudential.com; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.pgim.com *.jennison.com *.pgimquantitativesolutions.com *.pgimwadhwani.com *.aws.prudential.com cdn.pficdn.com *.pruvpcaws074.prudential.com *.scene7.com video.limelight.com assets.video.limelight.com *.llnw.net nexus.ensighten.com cdn.cookielaw.org service.maxymiser.net *.ceros.com *.highcharts.com *.everviz.com *.onetrust.com *.adobedtm.com placeimg.com *.demandbase.com *.mouseflow.com *.company-target.com *.bluekai.com *.doubleclick.net *.adsrvr.org *.google.com *.google.co.uk *.google.co.in *.google.de *.google.it *.google.fr *.google.es *.google.co.jp *.google.ca www.googletagmanager.com www.google-analytics.com www.googleadservices.com analytics.twitter.com static.ads-twitter.com t.co *.company-target.com bat.bing.com *.en25.com *.adsymptotic.com pixel.mathtag.com *.sc.omtrdc.net *.tt.omtrdc.net *.eloqua.com snap.licdn.com tags.bkrtx.com *.linkedin.com *.demdex.net pgim.piwik.pro pgim.containers.piwik.pro *.chartblocks.com cdnjs.cloudflare.com *.cloudfront.net *.micpn.com *.pub.sfmc-content.com *.prudential.com *.exacttarget.com match.prod.bidr.io id.rlcdn.com www.ssa.gov wave.webaim.org cm.everesttech.net cdn.linkedin.oribi.io *.clarity.ms *.bing.com prudentialglobalqa.112.2o7.net prudentialusprod.112.2o7.net *.googlesyndication.com *.adobedc.net 1
default-src https: gap: ws: wss: data:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://pia-frontend.eu-de.mybluemix.net/ https://eva-frontend-lucrative-hoe.eu-de.mybluemix.net/ 'self'; 1
frame-ancestors 'self' https://book.wightlink.co.uk http://intranet; frame-src 'self' data: https://sway.office.com https://forms.office.com https://*.clickdimensions.com https://indd.adobe.com https://www.youtube.com https://*.vimeo.com https://*.facebook.com https://*.google.com https://*.fls.doubleclick.net https://*.hotjar.com https://consentcdn.cookiebot.com https://*.niceincontact.com https://www.tiktok.com; report-uri https://nf8848gopc.execute-api.eu-west-1.amazonaws.com/prod/csp-reports 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.localhost *.googleapis.com *.gstatic.com *.nebih.gov.hu *.google.com *.okf2018-uj.rsoe.hu *.katasztrofavedelem.hu unpkg.com *.fontawesome.com *.wmflabs.org *.cloudflare.com *.google-analytics.com *.tile.openstreetmap.org *.wikimedia.org api.tiles.mapbox.com *.googletagmanager.com *.arcgisonline.com; frame-src https://www.youtube.com https://youtube.com https://youtu.be *.google.com *.katasztrofavedelem.hu; frame-ancestors 'self' https://rsoe.hu; 1
referrer origin 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googletagmanager.com fonts.googleapis.com js.hs-analytics.net salesiq.zoho.com secure.gravatar.com fonts.gstatic.com css.zohocdn.com track.hubspot.com js-na1.hs-scripts.com www.google-analytics.com google-analytics.com js.zohocdn.com vts.zohopublic.com zohopublic.com js.hs-banner.com data: static.zohocdn.com salesiq.zohopublic.com js.zohostatic.com www.google.com cdn.jsdelivr.net yoast.com ; 1
default-src https://*.yandex.ru  'self'; script-src https://yastatic.net https://*.mail.ru https://*.yandex.net https://*.skbbank.ru https://*.sinara.ru 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem https://*.googleadservices.com https://*.google-analytics.com https://yastatic.net https://*.sendsay.ru https://*.mail.ru https://vk.com https://*.yandex.ru https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.googletagmanager.com https://*.kbki.ru 'self' 'unsafe-inline'; connect-src https://*.gov.ru https://suggestions.dadata.ru https://*.amplitude.com https://*.google.com https://*.doubleclick.net https://sendsay.ru https://*.sendsay.ru https://*.kbki.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.scoring.ru 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src https://*.doubleclick.net https://*.google.com https://vk.com https://*.google.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.mail.ru https://*.sinara.ru https://*.google-analytics.com 'self' blob: data:; frame-src https://youtube.com https://*.youtube.com https://rutube.ru https://*.rutube.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com 'self' blob: data: 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705972960; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pixel-geo.prfct.co tag.perfectaudience.com *.marketingautomation.services googleads.g.doubleclick.net analytics.tiktok.com sibautomation.com sonda.com www.sonda.com d23wbnplfnnqu6.cloudfront.net d23wbnplfnnqu6.cloudfront.net www.datadoghq-browser-agent.com *.googletagmanager.com sonda.com www.sonda.com snap.licdn.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.weglot.com cdn.weglot.com *.google.com translate.google.com *.googleapis.com *.gstatic.com  www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com; style-src 'self' 'unsafe-inline' d23wbnplfnnqu6.cloudfront.net *.googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com cdn.weglot.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' d2cqazago6uw8v.cloudfront.net ad.doubleclick.net s3-docs-sonda.s3.amazonaws.com d23wbnplfnnqu6.cloudfront.net *.linkedin.com www.googletagmanager.com sonda.com www.sonda.com www.google.cl p.adsymptotic.com px.ads.linkedin.com *.google.com *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://www.google.co.ve:* https://secure.adnxs.com:* https://pixel-geo.prfct.co:* https://us-u.openx.net:*; media-src 'self' d2cqazago6uw8v.cloudfront.net d23wbnplfnnqu6.cloudfront.net s3-docs-sonda.s3.amazonaws.com data: blob: *.frontify.com *.cloudinary.com; child-src 'self' 13133940.fls.doubleclick.net sibautomation.com td.doubleclick.net d23wbnplfnnqu6.cloudfront.net 12163336.fls.doubleclick.net maps.google.com *.google.com vars.hotjar.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; connect-src 'self' *.hotjar.io wss://ws.hotjar.com in-automate.brevo.com *.tiktok.com www.google-analytics.com px.ads.linkedin.com www.sonda.com sonda.com d23wbnplfnnqu6.cloudfront.net s3-docs-sonda.s3.amazonaws.com https://ws15.hotjar.com wss://ws15.hotjar.com ws24.hotjar.com wss://ws24.hotjar.com vc.hotjar.io cdn-api-weglot.com stats.g.doubleclick.net analytics.google.com in.hotjar.com cdn.weglot.com translate.googleapis.com data:  https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.gstatic.com *.frontify.com *.cloudinary.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https:; child-src blob: data: https: 1
frame-ancestors 'self' labflow.com *.labflow.com labflow.ca *.labflow.ca *.instructure.com blackboard.com *.blackboard.com  ; 1
default-src * 'unsafe-eval' 'unsafe-inline';block-all-mixed-content;upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bark.lgbt; img-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt; style-src 'self' https://bark.lgbt 'nonce-eeHXV2tHXqdI/h09MVDF9A=='; media-src 'self' data: https://bark.lgbt https://media.bark.lgbt; frame-src 'self' https:; manifest-src 'self' https://bark.lgbt; form-action 'self'; child-src 'self' blob: https://bark.lgbt; worker-src 'self' blob: https://bark.lgbt; connect-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt wss://bark.lgbt; script-src 'self' https://bark.lgbt 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.sompojapan.com.tr  *.somposigorta.com.tr *.onesignal.com *.os.tc 1
default-src 'self' https://rybihvlqs.rbh-logistics.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://rybihvlqs.rbh-logistics.com https://www.googletagmanager.com https://www.googleadservices.com; img-src 'self' data: https://recruiting.rbh-logistics.com https://rybihvlqs.rbh-logistics.com https://i.ytimg.com https://via.placeholder.com https://fonts.gstatic.com/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/pagead https://www.google.de/pagead; frame-src 'self' https://www.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://localhost:8080 https://api.kooding.com https://prod.kooding.com https://lpfirw.kooding.com https://cdn.kooding.com https://cdn-static.kooding.com https://cdn-images.kooding.com https://google.com https://*.google.com https://www.google.co.kr https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://www.googleadservices.com https://*.googlesyndication.com https://*.ggpht.com https://www.recaptcha.net https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.braintree-api.com https://*.criteo.net https://*.criteo.com https://sync-criteo.teads.tv https://*.adnxs.com https://*.taboola.com https://*.yieldmo.com https://*.outbrain.com https://statics.a8.net https://px.a8.net https://*.im-apps.net https://www.facebook.com https://connect.facebook.net https://scontent.xx.fbcdn.net https://*.microsoft.com https://*.clarity.ms https://*.bing.com https://s.yimg.com https://sp.analytics.yahoo.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://api.getcandid.com https://analytics.candid.io https://content-getcandid.netdna-ssl.com https://assets.imgix.net https://candid.azureedge.net https://cdn-images.mailchimp.com https://in.hotjar.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://vc.hotjar.io https://maxcdn.bootstrapcdn.com https://www.youtube.com https://img.youtube.com https://i.vimeocdn.com https://player.vimeo.com https://www.shareasale.com https://shareasale-analytics.com https://www.shareasale-analytics.com https://www.dwin1.com https://*.afterpay.com https://x.bidswitch.net https://api.amplitude.com https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/kooding.html https://s.pinimg.com https://*.pinterest.com https://*.attn.tv https://*.attentivemobile.com https://insight.adsrvr.org https://s.ad.smaato.net https://acsbapp.com https://*.acsbapp.com https://*.accessibe.com https://*.advertising.com https://*.pubmatic.com https://*.hotjar.com wss://*.hotjar.com https://*.reviews.io https://*.termly.io https://*.fatmedia.io https://*.upsellit.com https://*.cytelligence.io https://*.awin1.com https://shop.pe https://*.shop.pe https://addshoppers.s3.amazonaws.com https://*.cloudfront.net https://*.klaviyo.com https://*.datadome.co https://*.icomoon.io; img-src https: data:; frame-src https: data:; 1
fintest.cmbchina.cn fintest.cmburl.cn tcexam.cmbchina.cn 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.heritage.com.au; script-src 'self'  http://10.110.25.158 http://10.120.25.132 http://10.110.25.132:15871 https://*.heritage.com.au https://connect.facebook.net https://siteintercept.qualtrics.com https://www.images-home.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.ytimg.com https://*.siteintercept.qualtrics.com https://snap.licdn.com https://s.yimg.com https://bat.bing.com https://js.adsrvr.org https://connect.facebook.net https://vxml4.plavxml.com https://bs.serving-sys.com https://www.google-analytics.com https://vxml4.plavxml.com https://www.googletagmanager.com https://maps.googleapis.com https://*.widgetworks.com.au https://*.cloudfront.net https://online.flippingbook.com 'unsafe-inline' 'unsafe-eval' https://analytics.google.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://code.jquery.com;  base-uri 'self'; connect-src 'self' https://s.yimg.com https://siteintercept.qualtrics.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://maps.googleapis.com https://apps.heritage.com.au https://apps.heritage.com.au https://*.heritage.com.au https://forms.heritage.com.au https://lib-ap-1.brilliantcollector.com https://s.qualtrics.com https://cdn.linkedin.oribi.io/ https://analytics.google.com;  font-src 'self' https://fonts.gstatic.com https://*.heritage.com.au https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src 'self' https://match.adsrvr.org https://insight.adsrvr.org https://*.doubleclick.net https://servedby.flashtalking.com https://www.qzzr.com/ https://www.googletagmanager.com/ https://*.widgetworks.com.au https://player.vimeo.com/ https://gpm.westernunion.com/ https://xjobs.brassring.com/ https://flickrembed.com https://heritagebank.au1.qualtrics.com https://www.youtube.com/ https://forms.heritage.com.au/ https://*.heritage.com.au https://player.vimeo.com;  img-src 'self' https://103.243.148.117 https://10.120.25.152 https://www.google.com/pagead/1p-user-list/957642343/ https://www.google.com.au/pagead/1p-user-list/957642343/ https://www.google.com.au/* https://sp.analytics.yahoo.com https://vxml4.plavxml.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.google.com/ads/* https://www.google.com.au/ads/* https://www.google.com.au/ads/ga-audiences https://www.google.com/ads/ga-audiences https://www.heritage.com.au https://sc-cm.hbs.net.au https://*.doubleclick.net https://bat.bing.com https://*.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.images-home.com https://*.heritage.com.au https://*.googleapis.com https://maps.gstatic.com data:;  manifest-src 'self'; media-src 'self'; 1
frame-ancestors 'self' https://manage.hpac.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https://*.gusto.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
img-src 'self' www.facebook.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://plugin.monotote.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://analytics.tiktok.com https://*.contentsquare.net https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.com https://m.glossybox.com https://checkout.glossybox.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://static.ads-twitter.com https://*.twitter.com https://*.recaptcha.net https://*.tribalfusion.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.criteo.net https://*.shoplooks.com https://slooks.top https://slooks.me https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src https://cdn.digi4school.at 'self';font-src 'self' data:;img-src https://cdn.digi4school.at https://a.digi4school.at data: blob: 'self';report-uri /SYSTEM/csp-collector.tcl;script-src https://cdn.digi4school.at 'self' 'nonce-0CE5A5DA481AC4DEB4F08BCB7246CFF7C5275FFF';style-src https://cdn.digi4school.at 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.davidclulow.com https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'self'; form-action 'self' *.personio.de https://seu2.cleverreach.com/f/289071-324288/wcs/; font-src 'self' *.gstatic.com ;img-src 'self' *.googleapis.com *.googletagmanager.com *.gstatic.com https://www.facebook.com data:; connect-src 'self' *.personio.de *.googleapis.com *.googletagmanager.com *.google-analytics.com; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.polyfill.io; style-src 'self' *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com; frame-ancestors 'self'; 1
connect-src 'self' https://apis.google.com https://dev.onepay.vn/home/; 1
default-src 'self' https://cdnjs.cloudflare.com https://cdn.icomoon.io https://demo.hafas.de https://www.facebook.com https://capmetro.maps.arcgis.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://capmetro.hafas.cloud https://maps.google.com https://action.dstillery.com https://www.google.com  https://apis.google.com  https://www.gstatic.com https://s.thebrighttag.com https://translate.googleapis.com http://s.btstatic.com  https://s.btstatic.com  https://geo1.ggpht.com  https://geo2.ggpht.com  https://geo3.ggpht.com https://cbks0.googleapis.com https://geo0.ggpht.com  https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.youtube.com  https://ssl.google-analytics.com https://fonts.googleapis.com  https://gishost-osm-b.hacon.de https://s3.amazonaws.com https://fonts.gstatic.com  https://i.icomoon.io  https://translate.google.com  https://www.google-analytics.com https://capmetro.hafas.de; script-src 'self' 'unsafe-inline' nonce-metro3d54h3sdf13a4f https://static.hotjar.com https://script.hotjar.com *.sitescout.com *.pixel.ad *.basis.net https://capmetro-cmpt-instance-1.prod.c1conversations.io https://cdn01.basis.net https://siteimproveanalytics.com/ https://refactor.capmetro.hafas.cloud https://analytics.tiktok.com https://js.adsrvr.org https://www.googleoptimize.com https://publicinput.com https://www.youtube.com/ https://cdn.siteimprove.net https://analytics.twitter.com https://static.ads-twitter.com https://code.jquery.com 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://content.govdelivery.com https://demo.hafas.de https://connect.facebook.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com  https://www.googletagmanager.com https://bs.serving-sys.com https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://www.googletagmanager.com http://s.btstatic.com/  https://static.ctctcdn.com https://static.ctctcdn.com/ https://apis.google.com https://translate.googleapis.com https://s.btstatic.com   https://s.thebrighttag.com https://maps.google.com https://maps.googleapis.com https://fonts.googleapis.com https://s3.amazonaws.com https://ssl.google-analytics.com https://fonts.gstatic.com  https://i.icomoon.io  https://translate.google.com https://www.google-analytics.com https://capmetro.hafas.de https://capmetro.hafas.cloud; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://cdn.icomoon.io https://optimize.google.com https://d1azc1qln24ryf.cloudfront.net *.hawksearch.net *.hawksearch.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://demo.hafas.de https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com  https://www.googletagmanager.com https://translate.googleapis.com/ https://fonts.googleapis.com https://s3.amazonaws.com https://fonts.gstatic.com  https://i.icomoon.io  https://translate.google.com  https://www.google-analytics.com https://capmetro.hafas.de https://capmetro.hafas.cloud; font-src 'self' https://script.hotjar.com https://cdn.icomoon.io https://d1azc1qln24ryf.cloudfront.net https://cdnjs.cloudflare.com https://www.googletagmanager.com/ https://capmetro.hafas.cloud *.hawksearch.net *.hawksearch.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://static.hotjar.com https://script.hotjar.com *.sitescout.com *.siteimproveanalytics.io www.capmetro.org https://tracking.hawksearch.net https://trkn.us https://googleads.g.doubleclick.net https://ad.ipredictive.com https://insight.adsrvr.org https://analytics.twitter.com https://capmetro.org https://www.googletagmanager.com/ https://i.ytimg.com/ *.google.bg https://capmetro.hafas.cloud   https://t.co/i/adsct *.hawksearch.net *.hawksearch.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; frame-src 'self' https://capmetro-cmpt-instance-1.prod.c1conversations.io/ https://atptx.new.swagit.com/ *.escribemeetings.com https://insight.adsrvr.org https://player.flipsnack.com https://forms.monday.com/ https://optimize.google.com/ https://gis.capmetro.org/ https://publicinput.com https://*.siteimprove.com https://bid.g.doubleclick.net https://www.facebook.com https://platform.twitter.com https://capmetro.maps.arcgis.com https://app.powerbi.com https://tagmanager.google.com https://www.googletagmanager.com https://app.capmetro.org https://www.google.com http://www.youtube.com  https://i.icomoon.io https://s3.amazonaws.com https://translate.google.com https://www.google-analytics.com https://capmetro.hafas.de https://capmetro.hafas.cloud; frame-ancestors 'self' id.siteimprove.com *.publicinput.com d1azc1qln24ryf.cloudfront.net https://app.powerbi.com https://tagmanager.google.com https://www.googletagmanager.com https://translate.google.com http://www.youtube.com https://capmetro.hafas.de https://capmetro.hafas.cloud; child-src 'self' https://*.siteimprove.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://tagmanager.google.com https://www.googletagmanager.com http://www.youtube.com https://translate.google.com https://s3.amazonaws.com https://capmetro.hafas.de https://capmetro.hafas.cloud; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://capmetro-cmpt-instance-1.prod.c1conversations.io https://maps.googleapis.com https://analytics.tiktok.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://services6.arcgis.com https://*.siteimprove.com https://capmetro.hafas.cloud/ https://www.google-analytics.com/ https://translate.googleapis.com https://stats.g.doubleclick.net/j/collect accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; 1
frame-ancestors *.landmarkworldwide.com 1
default-src 'self' *.waiverforever.com *.herokuapp.com; font-src 'self' data: *.waiverforever.com *.herokuapp.com *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.waiverforever.com *.herokuapp.com *.calendly.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.doubleclick.net *.zdassets.com *.hotjar.com *.stripe.com *.cloudflare.com *.ctctcdn.com *.vimeocdn.com *.facebook.net cdn.jsdelivr.com *.cookiebot.com; child-src 'self' *.waiverforever.com *.herokuapp.com *.amazonaws.com *.cloudfront.net *.vimeo.com *.doubleclick.net code.jquery.com; style-src 'self' 'unsafe-inline' *.waiverforever.com *.herokuapp.com *.cloudflare.com *.ctctcdn.com *.googleapis.com; img-src 'self' data: *.waiverforever.com *.herokuapp.com *.g2.com *.google.com *.googletagmanager.com *.facebook.com *.google-analytics.com s3.amazonaws.com imgsct.cookiebot.com; connect-src *; frame-src 'self' *.waiverforever.com *.herokuapp.com calendly.com *.calendly.com *.vimeo.com *.google.com *.doubleclick.net *.hotjar.com consentcdn.cookiebot.com; frame-ancestors 'self' *.waiverforever.com *.herokuapp.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9d584f3a0d8e583ef793a14bbf60c782'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' www.facebook.com; 1
default-src 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; script-src 'self'; style-src 'self'; 1
default-src 'self'; img-src 'self' https://files.catbox.moe; media-src 'self' https://files.catbox.moe; style-src 'self' 'unsafe-inline'; script-src https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; frame-src https://www.google.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: * 1
default-src 'self' ; connect-src 'self' https://socketusercontent.com *.hubspot.com *.hscollectedforms.net *.getkoala.com *.crowdin.com https://crowdin.com/api/v2/jipt/cookie https://crowdin.com/api/v2/jipt/project/SocketSecurity https://crowdin.com/api/v2/jipt/project/SocketSecurity/strings wss://api.getkoala.com ; frame-src 'self' *.hubspot.com https://www.youtube.com https://platform.twitter.com https://crowdin.com *.loom.com *.syntax.fm https://syntax.fm ; img-src * data: ; object-src 'none' ; script-src 'self' *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com *.getkoala.com *.crowdin.com https://www.youtube.com https://platform.twitter.com ; style-src 'self' 'unsafe-inline' *.crowdin.com fonts.googleapis.com ; font-src 'self' fonts.gstatic.com ; base-uri 'none' ; frame-ancestors https://socket.sanity.studio 'self' ; form-action 'self' https://github.com ; worker-src 'self' *.usemessages.com *.getkoala.com *.crowdin.com ; 1
default-src 'self' data:;script-src 'self' 'unsafe-eval' https: 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=';style-src 'self' 'unsafe-inline' https:;img-src data: https:;media-src 'self' data:;frame-src 'self' https: data: blob:;font-src 'self';connect-src 'self' https:;child-src 'self' https: data:;frame-ancestors 'none';worker-src blob:;upgrade-insecure-requests 1
default-src 'self';     font-src 'self' data:;     img-src * data:;     media-src 'self';     object-src 'self';      frame-src https://usb.ac.ir https://research.usb.ac.ir http://research.usb.ac.ir https://www.usb.ac.ir https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;     script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://usb.ac.ir https://www.usb.ac.ir  https://www.google-analytics.com https://www.googletagmanager.com https://apis.google.com/js/plusone.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;     style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; 1
style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.fontawesome.com/ https://*.cloudflare.com/ https://*.jsdelivr.net/; script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com/ https://*.google.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.jsdelivr.net/ https://*.google-analytics.com/ https://*.googleapis.com/;  1
default-src 'self';style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google.ru http://google.ru https://google.com http://google.com https://*.google.ru http://*.google.ru https://*.google.com http://*.google.com http://*.googlesyndication.com https://*.googlesyndication.com http://www.googletagservices.com https://www.googletagservices.com https://googleapis.com http://googleapis.com https://*.googleapis.com http://*.googleapis.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com https://yandex.ru https://yandex.net http://yandex.ru http://yandex.net https://*.yandex.ru https://*.yandex.net http://*.yandex.ru http://*.yandex.net https://yastatic.net http://yastatic.net https://*.yastatic.net http://*.yastatic.net http://rambler.ru https://rambler.ru http://*.rambler.ru https://*.rambler.ru https://vk.com http://vk.com https://*.vk.com http://*.vk.com http://lc2ads.ru http://ladycash.ru http://faggrim.com http://*.lc2ads.ru http://*.ladycash.ru http://*.faggrim.com http://*.m2corp.ru http://*.openstat.net http://*.reformal.ru http://yandex.st http://*.levelpay.ru http://*.yandex.st http://*.onthe.io https://*.onthe.io http://*.criteo.com http://stattds.club http://*.adsniper.ru http://*.mail.ru http://st.ad.smaclick.com http://*.vn-chk777.com/ http://*.ads1-adnow.com/ https://*.users-api.com https://xlog.info https://*.vn-chk123.com http://*.users-api.com  http://xlog.info http://*.vn-chk123.com http://*.cdn1now.com https://*.cdn1now.com http://cdn1now.com https://cdn1now.com http://*.cdn2now.com https://*.cdn2now.com http://cdn2now.com https://cdn2now.com http://*.cdn3now.com https://*.cdn3now.com http://cdn3now.com https://cdn3now.com http://*.cdn4now.com https://*.cdn4now.com http://cdn4now.com https://cdn45now.com http://*.cdn5now.com https://*.cdn5now.com http://cdn5now.com https://cdn5now.com http://*.cdn6now.com https://*.cdn6now.com http://cdn6now.com https://cdn6now.com http://*.cdn7now.com https://*.cdn7now.com http://cdn7now.com https://cdn7now.com http://*.cdn8now.com https://*.cdn8now.com http://cdn8now.com https://cdn8now.com http://*.cdn9now.com https://*.cdn9now.com http://cdn9now.com https://cdn9now.com http://*.cdn10now.com https://*.cdn10now.com http://cdn10now.com https://cdn10now.com http://*.videonow.ru https://*.videonow.ru http://videonow.ru https://videonow.ru http://*.moevideo.biz https://*.moevideo.biz http://moevideo.biz https://moevideo.biz http://*.lcads.ru https://*.lcads.ru http://lcads.ru https://lcads.ru http://*.googleadservices.com https://*.googleadservices.com http://googleadservices.com https://googleadservices.com ;report-uri /csp/log.php 1
frame-ancestors *.umay.club *.mycollege.kz *.codo.kz *.hrplus.kz *.nis.edu.kz *.edu.kz 1
base-uri 'self' https://desk.maila.net.br; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-vMBHefJ7na576ElGt3+FmA=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com 1
base-uri 'self' ;connect-src https: wss: *.mktoresp.com 700-ZMT-762.marketo.com marketo.clearbit.com *.clearbitscripts.com;default-src 'self' ;font-src 'self' data: fonts.gstatic.com use.fontawesome.com ;form-action 'self' ;frame-ancestors 'self' *.wpengine.com;frame-src 'unsafe-inline' 700-ZMT-762.marketo.com marketo.clearbit.com *.clearbitscripts.com https://platform.instagram.com https://www.instagram.com *.cdninstagram.com https: ;img-src 'self' data: https: ;media-src 'self' ;object-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com https://munchkin.marketo.net *.clearbit.com *.clearbitscripts.com https://platform.instagram.com https://www.instagram.com *.cdninstagram.com https: ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com info.metapack.com *.marketo.com *.marketo.net https://marketo.clearbit.com https://tag.clearbitscripts.com *.stackadapt.com https: ;style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com info.metapack.com *.marketo.com *.marketo.net https://marketo.clearbit.com https://tag.clearbitscripts.com *.stackadapt.com https://platform.instagram.com https://www.instagram.com *.cdninstagram.com https: ;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com info.metapack.com use.fontawesome.com *.stackadapt.com ;upgrade-insecure-requests ; 1
report-uri https://ivywise.report-uri.com/r/d/csp/enforce ; default-src * data: blob: 'self' ; script-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com snap.licdn.com *.licdn.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ; style-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ; font-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ; img-src * *.ivywise.com www.ivywise.com team.ivywise.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' * ; connect-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ; frame-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ; object-src *.ivywise.com www.ivywise.com team.ivywise.com *.google-analytics.com *.googleapis.com play.google.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.hs-analytics.net *.hsleadflows.net *.hubspot.com *.hs-scripts.com *.hs-banner.com *.hsforms.net *.hsforms.com *.cloudflareinsights.com *.vimeo.com vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.optimizely.com *.cdn.optimizely.com *.cdn-pci.optimizely.com cdn-assets-prod.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://*.hotjar.com doubleclick.net *.doubleclick.net stats.g.doubleclick.net youtube.com *.youtube.com www.youtube-nocookie.com v1.addthisedge.com googleads.g.doubleclick.net ivywise-com.disqus.com *.disquscdn.com disqus.com *.disqus.com *.podbean.com indd.adobe.com *.office.net ivywise.sharepoint.com script.advertiserreports.com pi.pardot.com *.googleadservices.com ivywise.force.com ivywise.my.salesforce.com ivywise.secure.force.com linkin.bio www.linkin.bio *.linkin.bio analytics.tiktok.com *.tiktok.com *.tiktokcdn-us.com mon.us.tiktokv.com *.googleoptimize.com static.ads-twitter.com *.ads-twitter.com *.clickcease.com bat.bing.com linkin.bio snap.licdn.com static.addtoany.com *.coadesign.org 'unsafe-inline' 'unsafe-eval' blob: data: 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-411a73eac846e11c109bb283b598a897'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self'   data:; object-src 'none'; script-src https: 'nonce-c7cf86c0e6' 'nonce-17a2d070e6' 'nonce-998bd120f5' 'nonce-d9ce01adf6' 'nonce-d7ba23d58f' 'nonce-1588b81d01' 'nonce-6ca0f249be' 'nonce-17a2d070e6' 'nonce-17a2d070e6' 'nonce-ee93c29819' 'nonce-57cb0dddc9' 'nonce-760fef24b9' 'nonce-a961014b3a' 'nonce-78a0622db1' 'nonce-46855f0f56' 'nonce-c656eee6ce' 'nonce-db7c2a3481' 'nonce-0539d896ba' 'nonce-d2eb030ef8' 'nonce-f86e1ed373' 'nonce-e5f28f1028' 'nonce-089440591c' 'nonce-b8c0bac1c4' 'nonce-d6ff6f4b67' 'nonce-99ef758b78' 'nonce-1ea2a46327' 'nonce-409a187d00' 'nonce-1c64bf44d9' 'nonce-950830519b' 'nonce-8347bbefeb' 'nonce-608c039001' 'nonce-221adb5dea' 'nonce-929b51f221' 'nonce-efedc01615' 'nonce-b372473cc6' 'nonce-e166c9087f' 'nonce-6930182ff7' 'nonce-8322aa5981' 'nonce-c8632434ed' 'nonce-cd14833a34' 'nonce-164eb6abc7' 'nonce-3917f7ad08' 'nonce-3917f7ad08' 'nonce-8f7b7fbf8b' 'nonce-4c4ba78edf' 'nonce-6bd147e4fa' 'nonce-bee42a6fcd' 'nonce-bc3c6e5516' 'nonce-96187021e2' 'nonce-483fa1f2ed' 'nonce-ba17053df2' 'nonce-092e5f006c' 'nonce-73f6d63473' 'nonce-346fbbea74' 'nonce-9e95bd31cf' 'nonce-8879533796' 'nonce-c2c218eb92' 'nonce-220a428c77' 'nonce-db22ac9620' 'nonce-9eb117119a' 'nonce-2318571dc0' 'nonce-cb4bc253ce' 'nonce-933bcda145' 'nonce-f6d5527db2' 'nonce-c20c1445a2' 'nonce-35a2b408f6' 'nonce-e80f9c67ff' 'nonce-fa8920b349' 'nonce-bcb55c45e3' 'nonce-b0bc96d326' 'nonce-98af2fdd37' 'nonce-98af2fdd37' 'nonce-98af2fdd37' 'nonce-98af2fdd37' 'nonce-98af2fdd37' 'nonce-d7dade4d76'     'strict-dynamic' 1
font-src *.gstatic.com *.carrotquest.app *.flocktory.com streamerce.ru *.loreal.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.pharmacosmetica.ru *.rigla.ru rigla.ru https://webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com makeupstat.ru *.makeupstat.ru *.doubleclick.net *.flocktory.com *.modiface.com *.streamerce.ru *.1dmp.io *.facebook.com *.creativesoldiers.ru *.mail.ru *.adhigh.net *.weborama.fr www.youtube-nocookie.com *.ok.ru *.loreal.com.ru skinq-lamoda-landing.l2.oggettoweb.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com metrica.yandex.ru vk.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googletagmanager.com *.maps.yandex.net vk.com *.vk.me *.mail.ru *.mneniya.pro *.carrotquest.app *.carrotquest.io *.mobfox.com *.betweendigital.com *.onaudience.com *.adnxs.com *.digitaltarget.ru *.bestssp.com *.whiteboxdigital.ru *.rutarget.ru *.admixer.net *.1dmp.io *.aidata.io *.weborama.fr *.doubleclick.net *.adriver.ru *.bidswitch.net *.facebook.com flocktory.com *.flocktory.com *.hybrid.ai *.openx.net *.retailrocket.net *.scaletrk.com *.jivosite.com pafutos.com lenkmio.com *.admitad.com *.asbmit.com artfut.com advertising.com *.advertising.com *.adform.net adform.net *.adhigh.net *.mts.ru *.popmechanic.ru *.userapi.com *.360yield.com *.stevensegallery.com streamerce.ru *.analytics.yahoo.com *.rubiconproject.com vichy.ru *.pubmatic.com *.taboola.com *.loreal.io *.smartadserver.com *.gumgum.com blob: *.vichyconsult.ru *.mindbox.ru *.ck-ie.com cstatic.weborama-tech.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.mindbox.ru *.yandex.ru *.maps.yandex.net yastatic.net *.yastatic.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.mail.ru vk.com *.facebook.net cdn.jsdelivr.net *.carrotquest.io *.retailrocket.ru *.tkrconnector.com *.artfut.com *.doubleclick.net *.jivosite.com *.youtube.com *.facebook.com *.fbcdn.net *.modiface.com *.cloudflare.com *.carrotquest.app *.carrottrack.io *.nr-data.net flocktory.com *.flocktory.com *.hybrid.ai *.jsdelivr.net *.lenmit.com *.newrelic.com *.retailrocket.net *.ttarget.ru *.unpkg.com *.jquery.com *.popmechanic.ru streamerce.ru dsf-cdn.loreal.io *.loreal.io *.tiktok.com *.weborama.fr *.ok.ru *.loreal.com.ru inside-our-products.wsf-e-loreal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.jivosite.com wss://*.jivosite.com *.retailrocket.net *.flocktory.com *.googletagmanager.com www.googletagmanager.com *.cloudflare.com *.popmechanic.ru streamerce.ru *.loreal.io *.mindbox.ru 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.jivosite.com *.carrotquest.app *.flocktory.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mindbox.ru yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleapis.com *.googletagmanager.com *.dadata.ru *.carrotquest.app ws://*.carrotquest.app wss://*.carrotquest.app *.carrotquest.io *.carrottrack.io *.jivosite.com wss://*.jivosite.com *.modiface.com *.doubleclick.net *.retailrocket.net *.mail.ru vk.com *.adhigh.net *.nr-data.net *.hybrid.ai *.weborama.fr *.akamai.com *.facebook.com *.popmechanic.ru streamerce.ru *.loreal.io *.visualstudio.com *.mux.com/ inside-our-products.wsf-e-loreal.com worldtimeapi.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline';connect-src https://api.growingio.com; font-src 'self' data:;script-src 'self' 'unsafe-inline' https://assets.giocdn.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.youtu.be; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.tatesbakeshop.com *.bootstrapcdn.com *.fonts.googleapis.com *.cloudapi.de *.fonts.gstatic.com *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.authorize.net *.tatesbakeshop.com *.qualtrics.com *.facebook.com *.clarity.ms *.googleoptimize.com 'self' data: 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net *.tatesbakeshop.com *.qualtrics.com *.facebook.com *.clarity.ms *.optimize.google.com *.googleoptimize.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.authorize.net *.tatesbakeshop.com *.addthis.com *.qualtrics.com *.google.com *.demdex.net *.facebook.com *.jotform.com *.cloudapi.de *.clarity.ms *.optimize.google.com *.cloudflare.com *.jquery.com *.onetrust.com 'self' data: *.googleoptimize.com *.cdninstagram.com destinilocators.com www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tatesbakeshop.com *.doubleclick.net *.bing.com *.listrakbi.com *.convergetrack.com *.qualtrics.com *.edgecastcdn.net *.orientaltrading.com *.rfksrv.com *.googletagmanager.com *.amazonaws.com *.google.com *.google.co.in *.magentocommerce.com *.facebook.com *.espssl.com *.pinterest.com *.optimize.google.com *.clarity.ms *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.privy.com *.tatesbakeshop.com *.addthis.com *.doubleclick.com *.convergetrack.com *.bing.com *.cardinalcommerce.com *.ccdc02.com *.orientaltrading.com *.paypalobjects.com *.ytimg.com vimeo.com *.braintreegateway.com *.signifyd.com *.moatads.com *.addthisedge.com *.listrakbi.com *.facebook.com *.facebook.net *.listrak.com *.google.com google.com *.googletagmanager.com *.pinimg.com *.cloudapi.de *.clarity.ms *.optimize.google.com *.cloudflare.com *.jquery.com *.onetrust.com 'self' unsafe-inline: *.googleoptimize.com *.cdninstagram.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tatesbakeshop.com *.bootstrapcdn.com *.listrakbi.com *.cloudapi.de *.optimize.google.com *.clarity.ms *.cloudflare.com *.jquery.com *.onetrust.com *.googleoptimize.com *.cdninstagram.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.authorize.net *.tatesbakeshop.com *.doubleclick.net *.google-analytics.com *.addthis.com *.cloudapi.de *.cloudflare.com *.jquery.com *.onetrust.com *.pinterest.com *.clarity.ms *.googleoptimize.com *.listrakbi.com *.facebook.com *.cdninstagram.com *.bing.com *.klaviyo.com *.privy.com *.datadome.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.philips.com.sg *.philips.com *.philips.com.sg https://philipsigtdpv.com 1
default-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://login.kfc.ca https://www.google-analytics.com https://appds8093.blob.core.windows.net;style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com;font-src 'self' https: https://fonts.googleapis.com https://tools.ietf.org https://fonts.gstatic.com;connect-src 'self' 'unsafe-inline' https: https://www.kfc.ca https://cdn.contentful.com;media-src 'self' 'unsafe-inline' https: https://videos.ctfassets.net;img-src 'self' 'unsafe-inline' data: https: https://images.ctfassets.net https://www.kfc.ca;frame-src 'self' *;upgrade-insecure-requests 1
frame-ancestors 'self' *.bluemod.me *.bluemod.us credithuman-cms-stage-k13-2022.azurewebsites.net credithuman-cms-prod-k13-2022.azurewebsites.net; 1
default-src 'self'; script-src 'self' 'nonce-99c60a3c-f628-4eef-b3b1-2f89cbb34495'; object-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com 1
default-src 'self' https: *.google.com.ua *.google-analytics.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ua w3.org/svg/2000 *.gstatic.com; object-src 'none'; style-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ua; 1
media-src 'self' *.readspeaker.com; frame-src 'self' www.youtube-nocookie.com *.readspeaker.com *.handy-signatur.at extern.cardcomplete.signaturbox.at cardcomplete.containers.piwik.pro *.googletagmanager.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.g.doubleclick.net/pagead/ https://*.google.at/pagead/ https://*.googleadservices.com/pagead/ www.cardcomplete.com; default-src 'self' *.tile.openstreetmap.de 'nonce-0rOW8iZ4P/MlxMMy1y0hJg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.readspeaker.com cardcomplete.containers.piwik.pro www.cardcomplete.com; connect-src 'self' cardcomplete.containers.piwik.pro cardcomplete.piwik.pro *.tile.openstreetmap.de; frame-ancestors 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com cardcomplete.containers.piwik.pro cardcomplete.piwik.pro *.googletagmanager.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.g.doubleclick.net/pagead/ https://*.google.at/pagead/ https://*.googleadservices.com/pagead/ www.cardcomplete.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com cardcomplete.containers.piwik.pro cardcomplete.piwik.pro *.googletagmanager.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.g.doubleclick.net/pagead/ https://*.google.at/pagead/ https://*.googleadservices.com/pagead/ www.cardcomplete.com; object-src 'self' www.cardcomplete.com; img-src 'self' data: blob: i.ytimg.com *.readspeaker.com *.tile.openstreetmap.de cardcomplete.piwik.pro *.googletagmanager.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.g.doubleclick.net/pagead/ https://*.google.at/pagead/ https://*.googleadservices.com/pagead/; form-action 'self'; report-uri /api/json-receiver/csp/ 1
default-src 'self' blob:;frame-src 'self' meteoschweiz.roundshot.com *.meteoswiss.ch *.youtube.com player.vimeo.com *.admin.ch worldweather.wmo.int *.yumpu.com blob:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: players.yumpu.com;img-src 'self' https://s3-eu-central-1.amazonaws.com blob: data: *.geo.admin.ch api.maptiler.com;connect-src 'self' *.geo.admin.ch api.maptiler.com https://app-prod-static-crowd.meteoswiss-app.ch 1
default-src 'self' *.mendix.com/ *.mendixcloud.com/ play.vidyard.com/ ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.googleadservices.com/  https://munchkin.marketo.net/ https://tag.demandbase.com/ https://www.redditstatic.com/ https://googleads.g.doubleclick.net/ https://web-analytics.engagio.com/ https://dn1f1hmdujj40.cloudfront.net/  https://cdn.bizible.com/ https://www.clickcease.com/ https://www.google.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ *.mendix.com/ *.mendixcloud.com/ https://js.driftt.com https://fast.appcues.com https://www.datadoghq-browser-agent.com ; connect-src 'self' *.mendix.com *.mendixcloud.com/ https://729-zyh-434.mktoresp.com/ https://api.company-target.com/  https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://fast.appcues.com wss://api.appcues.net https://api.appcues.net *.algolia.net *.algolianet.com https://*.browser-intake-datadoghq.eu ; font-src 'self' *.mendix.com *.mendixcloud.com/ https://cdnjs.cloudflare.com/ https://s3.amazonaws.com/dock-static.mendix.com/ https://fonts.gstatic.com https://use.typekit.net/ data: ; img-src 'self' https://www.google.com/ https://id.rlcdn.com/ https://segments.company-target.com/ https://alb.reddit.com/ https://match.prod.bidr.io/  https://q.quora.com/ https://cdn.bizible.com/  https://cdn.bizibly.com/  https://www.google.nl/ https://www.googletagmanager.com/ *.mendix.com *.mendixcloud.com/ https://www.google-analytics.com data: res.cloudinary.com/ ; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com *.mendix.com *.mendixcloud.com/ https://p.typekit.net/ https://use.typekit.net/ https://fast.appcues.com ;  frame-ancestors 'self' https://bid.g.doubleclick.net/ *.mendix.com/ *.mendixcloud.com/ ; base-uri 'self' *.mendix.com/ *.mendixcloud.com/ ; form-action 'self' *.mendix.com/ *.mendixcloud.com/ ; object-src 'self' *.mendix.com/ *.mendixcloud.com/ ; frame-src 'self'  https://js.driftt.com  play.vidyard.com/ ; worker-src 'self' blob: ; 1
default-src 'self' https: https://klue.com; base-uri 'none'; connect-src *; font-src data: https:; form-action https:; frame-ancestors https:; img-src 'unsafe-inline' data: https:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://forms.hubspot.com https://hsforms.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://klue.com; style-src 'unsafe-inline' https:; worker-src blob:; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.wwdmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' http: https: data:; connect-src 'self' https:; font-src 'self' http: https: data:; media-src 'self' https: blob:; object-src 'self'; worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: 1
default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com embedr.flickr.com widgets.flickr.com; img-src 'self' blob: data: 'unsafe-inline' placehold.it *.iscte-iul.pt iscte-iul.pt *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com www.google.com www.google.pt www.linkedin.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com live.staticflickr.com *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.pt *.clarity.ms *.googleapis.com *.google-analytics.com *.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.googleadservices.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com embedr.flickr.com widgets.flickr.com https://hcaptcha.com https://*.hcaptcha.com *.unibuddy.co cdn.jsdelivr.net code.jquery.com fonts.googleapis.com code.jquery.com; object-src 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.googleapis.com www.googleadservices.com *.clarity.ms embedr.flickr.com *.hcaptcha.com; frame-src 'self' *.iscte-iul.pt *.eventbrite.pt *.eventbrite.com *.google.com *.google.pt *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com https://www.strava.com https://hcaptcha.com https://*.hcaptcha.com forms.office.com *.unibuddy.co unibuddy.co; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com *.gstatic.com cdn.jsdelivr.net fonts.googleapis.com 1
frame-ancestors 'self' https://*.biblesociety.org.uk; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cytron.io *.cytron.io cytrontech.vn *.google.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com www.youtube.com *.googleapis.com *.fbcdn.net *.facebook.net *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.gstatic.com *.googlesyndication.com *.sharethis.com *.omise.co *.stripe.com *.getresponse.com *.gr-cdn.com fonts.bunny.net *.messagebird.com *.bing.com *.goaffpro.com cdn.ampproject.org gist.github.com github.githubassets.com emgithub.com *.emgithub.com *.githubusercontent.com *.addtoany.com developers.onemap.sg *.cloudflare.com *.doubleclick.net *.clarity.ms  bothelp.io code.jquery.com cdn.jsdelivr.net blob:; img-src * data: blob:; media-src * blob:; 1
frame-ancestors 'self' http://*.arnette.com https://*.arnette.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://*.google-analytics.com  https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.cloudflare.com https://*.fontawesome.com https://*.googletagmanager.com https://unpkg.com https://*.jsdelivr.net; object-src 'unsafe-inline' 'self' https://*.googleapis.com https://*.cloudflare.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://*.cloudflare.com; img-src  'self' data: https://*.google-analytics.com https://*.gstatic.com https://*.ytimg.com https://*.jsdelivr.net https://*.googletagmanager.com; frame-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://*.google.com  https://*.yoshki.com; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://*.google-analytics.com; report-uri /report-csp-violation 1
block-all-mixed-content; frame-ancestors 'self' fantasticservices.com cdn.fantasticservices.com api.fantasticservices.com accounts.fantasticservices.com *.fantasticservices.com wss://*.hotjar.com wss://*.hotjar.io cobrowsing.freshchat.com wss://*.pusher.com wss://*.freshworksapi.com https://*.pusher.com https://*.freshworksapi.com; 1
upgrade-insecure-requests; report-uri https://o6032.ingest.sentry.io/api/4505803005755392/security/?sentry_key=970f6f812c7e8254217ce59aa01bce69; frame-ancestors 'self'; default-src 'none'; script-src https: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *.appcues.com *.appcues.net bat.bing.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net edge.fullstory.com googleads.g.doubleclick.net grow.clearbitjs.com/api/pixel.js maps.googleapis.com player.vimeo.com snap.licdn.com ws.zoominfo.com/pixel/613e89da96cf45001cc32050 rs.fullstory.com www.clickcease.com/monitor/stat.js www.google-analytics.com www.googleoptimize.com www.googletagmanager.com; style-src https: 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' *.appcues.com *.appcues.net cdnjs.cloudflare.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src https: 'self' *.appcues.com *.appcues.net *.google.com *.googlesyndication.com *.intentiq.com api.segment.io cdn.linkedin.oribi.io cdn.segment.com connect.facebook.net edge.fullstory.com maps.googleapis.com monitor.clickcease.com rs.fullstory.com www.facebook.com www.google-analytics.com www.google.com.au wss://*.appcues.com wss://*.appcues.net; font-src https: data: 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src https: 'self' *.appcues.com player.vimeo.com www.facebook.com; img-src https: 'self' data: cdnjs.cloudflare.com cm.g.doubleclick.net d.adroll.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com rc.rlcdn.com rs.fullstory.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.com.au x.bidswitch.net; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
base-uri 'self' ; child-src 'self' https://range.co https://*.range.co https://intercom-sheets.com https://www.intercom-reporting.com  https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.youtube.com ; connect-src 'self' https://range.co https://*.range.co wss://*.range.co https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io  wss://nexus-europe-websocket.intercom.io  https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com https://seg-api.range.co https://app.getsentry.com https://sentry.io https://api.stripe.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com ; default-src 'self' https://range.co https://*.range.co ; font-src 'self' data: https://range.co https://*.range.co https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com ; form-action https://*.range.co https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://www.facebook.com/tr/ ; frame-ancestors 'self' https://range.co https://*.range.co ; frame-src 'self' https://range.co https://*.range.co https://accounts.google.com self https://*.appcues.com https://share.intercom.io https://intercom-sheets.com https://fast.wistia.net https://js.stripe.com https://hooks.stripe.com https://www.facebook.com https://bid.g.doubleclick.net https://player.vimeo.com https://www.youtube.com ; img-src 'self' data: https://range.co https://*.range.co https://*.gstatic.com https://csi.gstatic.com self https://res.cloudinary.com https://twemoji.maxcdn.com https://habitat-team.imgix.net https://range.imgix.net https://rangeweb-staging.imgix.net https://rangeweb.imgix.net blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.linkedin.com https://*.adsymptotic.com https://alb.reddit.com https://*.twitter.com https://t.co https://i.ytimg.com ; media-src 'self' https://js.intercomcdn.com ; object-src 'none' ; script-src 'self' 'unsafe-inline' https://range.co https://*.range.co https://apis.google.com self https://*.appcues.com https://*.appcues.net unsafe-inline https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://app.intercom.io https://js.intercomcdn.com https://widget.intercom.io https://cdn.ravenjs.com https://js.stripe.com https://connect.facebook.net https://*.googleadservices.com https://*.gstatic.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://*.licdn.com https://*.linkedin.com https://*.adsymptotic.com https://www.redditstatic.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://s.ytimg.com https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://range.co https://*.range.co self https://*.appcues.com https://fonts.googleapis.com https://fonts.google.com unsafe-inline https://fonts.googleapis.com unsafe-inline https://tagmanager.google.com ; worker-src 'self' https://range.co https://*.range.co ; report-uri https://in.range.co/csp 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dancenter.de/pubweb/csp-violation 1
default-src 'self'; frame-src 'self'; object-src 'self'; script-src 'self' https://statistiek.rijksoverheid.nl; style-src 'self';frame-ancestors 'self'; child-src 'self'; upgrade-insecure-requests; base-uri 'self'; media-src 'self' data: 1
frame-ancestors 'self' http://mx.mercadojobs.com http://empleo.trovit.com.mx; script-src 'unsafe-inline' 'unsafe-eval' blob: https://*.openreplay.com https://*.sentry-cdn.com https://*.talenteca.com https://api.hubspot.com https://accounts.google.com https://analytics.trovit.com https://connect.facebook.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://partner.googleadservices.com https://platform.twitter.com https://static.ads-twitter.com https://script.crazyegg.com https://secure.avangate.com https://tpc.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://cdn.ampproject.org; worker-src 'self' blob: 1
default-src * 'unsafe-inline'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src-elem * 'unsafe-inline'; frame-src *; connect-src *; worker-src * blob: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://pay.google.com https://www.shoplooks.com https://tr.snapchat.com blob: https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://ds-aksb-a.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.bing.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.criteo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://*.lookfantastic.ca https://tr.snapchat.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://sc-static.net https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval';font-src https: data:; style-src https: 'unsafe-inline' ;img-src * data: 1
frame-ancestors 'self' *.feedzai.com;default-src 'self' *.feedzai.com https: wss: blob: 'unsafe-inline' 'unsafe-eval';font-src https: data:;img-src https: data:;form-action 'self' forms.hsforms.com accounts.google.com;base-uri 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.feedzai.com consent-manager.metomic.io config.metomic.io js.usemessages.com js.hs-scripts.com js.hsforms.net forms.hsforms.com js.hs-banner.com fast.wistia.net js.hs-analytics.net js.hsadspixel.net *.hotjar.com www.googleadservices.com www.googletagmanager.com googletagmanager.com www.google-analytics.com static.hsappstatic.net googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com snap.licdn.com cdn.jsdelivr.net config.confirmic.com consent-manager.confirmic.com js.hsadspixel.net distillery.wistia.com pipedream.wistia.com wistia.com track.hubspot.com cdn.linearicons.com greenhouse.io cdn.datatables.net www.google.com tag.demandbase.com boards.greenhouse.io maps.googleapis.com cdn.cookielaw.org fast.wistia.com js.hscta.net cta-service-cms2.hubspot.com unpkg.com;object-src 'none' 1
default-src https://iaf.nu; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/lightgallery/1.6.14/fonts/lg.woff?n1z373 fonts.googleapis.com fonts.gstatic.com data:; img-src * 'self' data: secure.gravatar.com www.google-analytics.com; frame-src 'self' https://*.twitter.com/ https://www.recaptcha.net/ https://www.google.com/ www.youtube.com; frame-ancestors 'none'; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://*.twitter.com/ https://cdn.ckeditor.com https://code.highcharts.com https://ckeditor.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net https://cdn.ckeditor.com/ https://cdnjs.cloudflare.com https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://static.addtoany.com/ https://www.google-analytics.com/ https://code.jquery.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ajax/libs/webfont/ www.google-analytics.com s0.wp.com; connect-src 'self' https://firebaseinstallations.googleapis.com/ https://firebase.googleapis.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com 1
frame-ancestors 'self' http://localhost:3333 https://gentux.sanity.studio https://*.optimizely.com 1
default-src 'self' *.episerver.net *.jquery.com *.soundcloud.com *.podbean.com player.vimeo.com *.youtube.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com; frame-ancestors 'self' *.vhb.com; script-src 'self' http://localhost:* http://localhost:51381 http://localhost:50093 http://localhost:55256 http://localhost:52756 http://localhost api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws://localhost:49369 http://localhost:* ws://localhost:* ws://localhost:52756 http://localhost:50093 http://localhost:51381 ws://localhost:51381 ws://localhost:50093  http://localhost:52756 ws://localhost:55256 http://localhost:55256 http://localhost:49369 api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src  * data: blob: 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com;base-uri 'self'; form-action 'self'; 1
block-all-mixed-content; base-uri 'none'; default-src 'self' refx-static.b-cdn.net; script-src 'self' 'nonce-7f82130f1fc6501e288823fadab9b618368c6a39529a38c56fe3d8c66b191bb8' 'strict-dynamic' refx-static.b-cdn.net w.soundcloud.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com/ translate.google.com *.fontawesome.com; style-src 'self' 'unsafe-inline' refx-static.b-cdn.net *.googleapis.com *.fontawesome.com *.gstatic.com; child-src 'self' www.google.com www.youtube.com w.soundcloud.com; img-src 'self' data: refx-static.b-cdn.net i.ytimg.com www.gstatic.com/images/ translate.google.com *.googleapis.com maps.gstatic.com/mapfiles/ cdn.jsdelivr.net/emojione/; font-src 'self' data: refx-static.b-cdn.net fonts.gstatic.com *.fontawesome.com; connect-src 'self' *.googleapis.com *.fontawesome.com; worker-src 'self' 1
default-src 'self' 'unsafe-inline' *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.bc0a.com *.b0e8.com api.brightedge.com *.youtube.com *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.cookielaw.org *.hotjar.com *.onistaged.com *.typekit.net *.onenorth.com *.thinkbrg.com *.vidyard.com embed.vidyard.com *.libsyn.com *.doubleclick.net snap.licdn.com cdn.linkedin.oribi.io; object-src 'self'; img-src 'self' *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.bc0a.com *.b0e8.com *.youtube.com *.vimeo.com vimeo.com px.ads.linkedin.com *.linkedin.com *.gstatic.com *.oniqa.com *.cookielaw.org *.onistaged.com *.typekit.net *.onenorth.com *.thinkbrg.com *.vidyard.com data:; font-src 'self' *.typekit.net data:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; base-uri 'self'; 1
frame-ancestors https://deportes.marcaapuestas.es/ 1
default-src 'unsafe-inline' data: https://www.sicherheitstacho.eu/ https://api.sicherheitstacho.eu/; frame-ancestors 'self' https://wa-frontend-cso-cockpit-dev.privatelink.azurewebsites.net/ https://wa-frontend-cso-cockpit-dev.azurewebsites.net/ https://cso-cockpit.telekom.de/ https://dev.cso-cockpit.telekom.de/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://snap.licdn.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://sjs.bizographics.com/insight.min.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://static.hotjar.com/ https://script.hotjar.com/ https://munchkin.marketo.net/ https://*.marketo.com/ https://connect.facebook.net/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.kameleoon.com/ https://*.kameleoon.net https://*.kameleoon.eu https://kick-my-bot.s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/kick-my-bot/KMBotUI/ https://d134jvmqfdbkyi.cloudfront.net https://d24s38jd6z1bka.cloudfront.net https://d1986lffsl15jz.cloudfront.net https://bat.bing.com https://*.abtasty.com https://flagship.com https://cdn.segment.com https://cdn.matomo.cloud/ https://cegos.matomo.cloud/ https://*.clarity.ms https://accounts.google.com; object-src 'self'; base-uri 'none'; 1
default-src 'self' https://dev.visualwebsiteoptimizer.com https://*.cj.com https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://*.cj.com https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.cj.com https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.cj.com https://*.gstatic.com data:; img-src 'self' https://dev.visualwebsiteoptimizer.com https://*.cj.com https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:; 1
script-src 'self'  'unsafe-inline' 'unsafe-eval'  https://tokeninsight.com  https://*.tokeninsight.com https://www.googletagmanager.com  https://static.cloudflareinsights.com https://challenges.cloudflare.com 1
default-src 'self'; connect-src 'self' https://analytics.google.com https://*.vimeocdn.com https://www.google-analytics.com; form-action 'self' https://broker.gotoassist.com/; font-src 'self' https://maxcdn.bootstrapcdn.com; frame-src 'self' https://player.vimeo.com https://analytics.clickdimensions.com/ https://www.googletagmanager.com; img-src 'self' https://*.vimeocdn.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.clickdimensions.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com 1
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 1
default-src * 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.rawgit.com; font-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' https://ncatlab.org *; report-uri /cspreport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: api.corporateshowcase.com *.irasia.com *.addthis.com; connect-src 'self' *.addthis.com; frame-src 'self' *.irasia.com *.aastocks.com *.addthis.com; frame-ancestors 'self'; font-src 'self'; media-src 'self' ; object-src 'none'; manifest-src 'none'; prefetch-src 'none'; form-action 'self'; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics https://webform-console.pernod-ricard.io https://ct.pinterest.com *.google-analytics.com *.zendesk.com *.zdassets.com *.yahoo.co.jp *.bazaarvoice.com *.perrier-jouet.com *.hotjar.com wss://*.hotjar.com *.sleeknote.com *.googleapis.com https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.io https://optimize.google.com https://matomo.pernod-ricard.io https://adservice.google.com https://pernodricardusa.blueconic.net https://nyc3.digitaloceanspaces.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://archeio.nyc3.digitaloceanspaces.com http://juice.hellosandia.com http://seeds.hellosandia.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://fonts.gstatic.com https://fonts.googleapis.com data: *.perrier-jouet.com https://*.hotjar.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com; frame-src 'self' https://insight.adsrvr.org https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery *.doubleclick.net https://vars.hotjar.com https://webform-console.pernod-ricard.io https://www.facebook.com *.perrier-jouet.com *.sleeknote.com *.pernod-ricard.de *.pernod-ricard.com *.pinterest.com https://*.hotjar.com https://optimize.google.com https://www.google.com; img-src 'self' https: data: blob: *.perrier-jouet.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com; media-src 'self' data: blob:; object-src 'self' https://optimize.google.com http://juice.hellosandia.com http://seeds.hellosandia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.adsrvr.org https://www.googleoptimize.com https://www.googletagmanager.com https://avp.pravp.com https://www.googleanalytics.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s.yimg.jp https://static.hotjar.com https://www.googleadservices.com *.sleeknote.com https://s.pinimg.com https://static.ads-twitter.com https://script.hotjar.com https://googleads.g.doubleclick.net *.yahoo.co.jp https://apps.bazaarvoice.com https://static.zdassets.com *.bazaarvoice.com *.shopifycdn.com *.googleapis.com *.perrier-jouet.com https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.com https://optimize.google.com https://matomo.pernod-ricard.io https://cdn.blueconic.net https://voxdplif.micpn.com https://pernodricardusa.blueconic.net http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com http://juice.hellosandia.com http://seeds.hellosandia.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://developers.google.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com https://webform-console.pernod-ricard.io; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io https://fonts.googleapis.com https://display.ugc.bazaarvoice.com *.perrier-jouet.com data: https://live-pernod-ricard-global-cms.pantheonsite.io https://*.hotjar.com https://optimize.google.com http://plant.hellosandia.com http://archeio.nyc3.digitaloceanspaces.com http://archeio2.nyc3.digitaloceanspaces.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com https://www.facebook.com *.perrier-jouet.com https://plant.hellosandia.com; frame-ancestors 'self' 1
default-src 'self'; img-src 'self' https://images.ctfassets.net/ https://cookie-cdn.cookiepro.com/ https://lux.speedcurve.com/; media-src 'self' https://videos.ctfassets.net/; connect-src 'self' https://cookie-cdn.cookiepro.com/ https://*.applicationinsights.azure.com/ https://*.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://js.monitor.azure.com/ https://cookie-cdn.cookiepro.com/ https://cdn.speedcurve.com/ https://www.youtube.com/; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://test-u8-www.verbeterjehuis.nl https://mili-vjh-websiteu8-acc.azurewebsites.net https://statistiek.rijksoverheid.nl https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js; style-src 'self' 'unsafe-inline' https://test-u8-www.verbeterjehuis.nl https://fonts.googleapis.com https://mili-vjh-websiteu8-acc.azurewebsites.net; img-src 'self' https://dummyimage.com/ https://*.smarttwin.nl https://www.toegankelijkheidsverklaring.nl https://test-u8-www.verbeterjehuis.nl https://mili-vjh-websiteu8-acc.azurewebsites.net https://milivjhstoru8test.blob.core.windows.net https://milivjhstoru8prod.blob.core.windows.net https://milivjhstoru8acc.blob.core.windows.net https://statistiek.rijksoverheid.nl data: https://dashboard.umbraco.org; font-src 'self' https://www.rovid.nl:* https://fonts.googleapis.com:* https://fonts.gstatic.com:*; connect-src *; media-src * https://www.rovid.nl:*; object-src *; prefetch-src *; frame-src *; worker-src *; frame-ancestors 'self' https://slimwoner.dev.gohike.nl:* https://www.slimwoner.nl:* https://energieloketflevoland.nl:* https://www.drentsenergieloket.nl:* https://watlaatjeliggen.nl:* https://www.duurzaambouwloket.nl:* https://energieloketrivierenland.nl:* http://bter.heibel.nl:* http://bterfinancieel.nl:*; upgrade-insecure-requests 1
default-src 'self' c.disquscdn.com disqus.com *.twitter.com; script-src 'self' 'unsafe-inline' www.paypal.com www.googletagmanager.com *.cloudflare.com static.cloudflareinsights.com cdn.coil.com ajax.googleapis.com bithomp.disqus.com code.jivosite.com translate.google.com translate.googleapis.com translate-pa.googleapis.com a.disquscdn.com public.bnbstatic.com www.xrptipbot.com; connect-src https: wss: blob:; img-src https: data: blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com c.disquscdn.com translate.googleapis.com use.typekit.net p.typekit.net xumm.app; base-uri 'self'; form-action 'self' www.paypal.com perfectmoney.is; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com use.typekit.net; media-src https: data:; frame-src 'self' www.paypal.com www.youtube.com disqus.com platform.twitter.com connect.trezor.io challenges.cloudflare.com www.xrptipbot.com tempest.services.disqus.com; 1
default-src 'self' www.motabilityoperations.co.uk *.mapbox.com ssl.p.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com assets-jpcust.jwpsrv.com videos-cloudfront-usp.jwpsrv.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.co.uk *.umbraco.com *.umbraco.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.motabilityoperations.co.uk *.mapbox.com  *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.co.uk ssl.p.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com assets-jpcust.jwpsrv.com ; style-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.co.uk; img-src 'self' *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.co.uk *.umbraco.com *.umbraco.org data: www.motabilityoperations.co.uk *.mapbox.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.co.uk umbraco.tv ssl.p.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com assets-jpcust.jwpsrv.com videos-cloudfront-usp.jwpsrv.com ; font-src 'self'; media-src 'self' blob: data: ssl.p.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com assets-jpcust.jwpsrv.com videos-cloudfront-usp.jwpsrv.com www.motabilityoperations.co.uk *.mapbox.com; 1
frame-ancestors 'self' https://*.netsapiens.com https://*.a4uc.com.au https://*.uc-xpress.com https://uc-xpress.com https://*.pendo.io 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://img.galaxymacau.com https://image.galaxymacau.com https://assets.galaxyresorts.com.cn https://*.aliyuncs.com https://www.galaxyresorts.com.cn https://tagmanager.google.com https://fonts.googleapis.com https://*.bokecc.com https://*.galaxymacau.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://img.galaxymacau.com https://image.galaxymacau.com https://assets.galaxyresorts.com.cn https://*.aliyuncs.com https://qr.workbuys.cn https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://api.map.baidu.com https://*.bokecc.com https://www.googletagmanager.com https://tagmanager.google.com https://*.galaxymacau.com https://bat.bing.com https://hm.baidu.com https://cdn.grata.cn https://*.scarabresearch.com http://*.scarabresearch.com https://www.facebook.com https://*.facebook.net https://*.aliyuncs.com https://*.crazyegg.com https://*.googleadservices.com https://*.smg.gov.mo https://img.galaxymacau.com https://image.galaxymacau.com https://assets.galaxyresorts.com.cn https://*.aliyuncs.com; font-src 'self' https://img.galaxymacau.com https://image.galaxymacau.com https://assets.galaxyresorts.com.cn https://*.aliyuncs.com https://www.galaxyresorts.com.cn; connect-src *; img-src data: *; media-src *; object-src 'none'; frame-ancestors 'self'; frame-src *; base-uri 'none'; form-action * 1
script-src 'self' https://www.gstatic.com/ https://www.google-analytics.com https://www.google.com/recaptcha/ ; script-src-elem 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/ 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-bgf8f8nUTQCDjohlZExfYQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.cnzz.com zfwzgl.www.gov.cn *.changde.gov.cn; object-src 'self'; frame-ancestors http://www.hunan.gov.cn http://120.226.245.226:33525 http://120.226.245.226:33526 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arbeitsschutz-express.de *.attributy.com *.bing.com cdnjs.cloudflare.com *.clarity.ms *.consensu.org *.consentmanager.net connect.facebook.net *.criteo.com *.doofinder.com *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.intedia.de *.jsdelivr.net unpkg.com orbitvu.co *.orbitvu.co orbitvu.cloud *.paypal.com *.paypalobjects.com *.sovendus.com *.tinymce.com *.taboola.com *.tiny.cloud static.newsletter2go.com static.zdassets.com *.spoteffects.net widgets.trustedshops.com *.zopim.com *.cloudfront.net;img-src 'self' blob: data: *.arbeitsschutz-express.de *.bing.com *.consentmanager.net *.clarity.ms *.consensu.org *.facebook.com *.facebook.net files.newsletter2go.com *.google-analytics.com *.google.com *.google.de *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com maps.googleapis.com orbitvu.co *.orbitvu.co *.paypal.com *.tinymce.com *.paypalobjects.com s3-eu-west-1.amazonaws.com sbp-plugin-images.s3.eu-west-1.amazonaws.com sbp-plugin-images.s3.amazonaws.com *.trustedshops.com *.spoteffects.net *.ytimg.com *.zopim.com *.zopim.io *.cloudfront.net cm.g.doubleclick.net x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com criteo-partners.tremorhub.com a.twiago.com ad.yieldlab.net sync-criteo.ads.yieldmo.com ib.adnxs.com ups.analytics.yahoo.com gum.criteo.com e1.emxdgt.com dis.criteo.com beacon.krxd.net dpm.demdex.net s.thebrighttag.com;style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.consensu.org *.fontawesome.com fonts.googleapis.com *.googletagmanager.com *.googleapis.com *.orbitvu.co *.typekit.net unpkg.com *.cloudfront.net hb.yahoo.net;connect-src 'self' ws: *.attributy.com api.newsletter2go.com *.bing.com *.consentmanager.net *.clarity.ms *.consensu.org *.criteo.com *.doofinder.com *.doubleclick.net *.etrusted.com *.facebook.com *.google-analytics.com *.google.com maps.googleapis.com *.googletagmanager.com *.googlesyndication.com *.orbitvu.cloud *.paypal.com scnem2.com stats.g.doubleclick.net *.sovendus.com *.taboola.com *.trustbadge.etrusted.com *.trustedshops.com *.trustbadge.com *.zdassets.com *.zopim.com *.zendesk.com;font-src 'self' data: *.arbeitsschutz-express.de *.zopim.com fonts.gstatic.com *.fontawesome.com;object-src 'self';media-src 'self' *.arbeitsschutz-express.de *.zopim.com *.zdassets.com;child-src 'self' *.facebook.com *.paypal.com *.paypalobjects.com *.sovendus-connect.com *.sovendus.com *.braintreegateway.com *.youtube.com *.youtube-nocookie.com;worker-src 'self' blob:;frame-ancestors 'self';frame-src 'self' data: *.criteo.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.paypal.com *.paypalobjects.com *.sovendus-connect.com *.sovendus.com *.braintreegateway.com *.youtube.com *.youtube-nocookie.com;form-action 'self' *.coupahost.com *.facebook.com *.paypal.com; 1
Report-Only 1
frame-ancestors mybill.com mybill.ru direct.yandex.ru 1
base-uri 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https: http: data: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https: http: wss: ws:; frame-src https:; manifest-src 'self'; media-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://code.jquery.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://kendo.cdn.telerik.com/2017.2.504/js/kendo.all.min.js https://gateway.answerscloud.com/beaumont-org/production/gateway.min.js https://gateway.foresee.com/sites/beaumont-org/production/gateway.min.js https://cookie-cdn.cookiepro.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.2/js/bootstrap.min.js https://cdn.kyruus.com https://api.enqbator.com https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com http://cdn.b0e8.com https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://kit.fontawesome.com *.sharethis.com 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://unpkg.com/ionicons@4.5.10-0/dist/css/ionicons.min.css https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/releases/v5.14.0/css/all.css https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.beaumont.org/images/ https://kloggyr-service.kyruus.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://cdn-images.kyruus.com https://cdn.kyruus.com http://a.b0e8.com/brightedge3.php https://a1.b0e8.com/brightedge3.php https://kyruus-app-static.kyruus.com https://www.beaumont.edu https://www.beaumont.org https://a1.b0e8.com *.sharethis.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com/ https://unpkg.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net; frame-src https://www.beaumont.org/MyChart/mychart.dev.html https://info.beaumont.org https://www.youtube.com https://d6tizftlrpuof.cloudfront.net https://mroexpress.mrocorp.com https://secure.beaumont.org/ https://w.soundcloud.com/ https://www.google.com https://e.issuu.com https://www.auntbertha.com https://player.vimeo.com https://beaumonthealth.smugmug.com https://www.facebook.com https://platform.twitter.com https://external-stage.beaumont.org 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com https://cookie-cdn.cookiepro.com/ https://api.enqbator.com https://doctors.beaumont.org https://maps.googleapis.com https://analytics.google.com https://mroexpress.mrocorp.com https://forms.office.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com/pagead/ https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://careers.beaumont.org *.doubleclick.net 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://info.beaumont.org/ https://secure.beaumont.org 'self' web-chat.nativechat.com 1
"default-src 'none'; img-src 'self'; script-src 'self'; object-src 'self';" 1
frame-ancestors 'self' https://*.thesmartlocal.com https://*.thesmartlocal.id https://*.thesmartlocal.my https://*.thesmartlocal.jp https://*.thesmartlocal.kr https://*.thesmartlocal.co.th https://*.thesmartlocal.ph https://zula.sg https://mustsharenews.com; 1
script-src 'unsafe-inline' 'unsafe-eval' https://foro.unionfansub.com http://127.0.0.1:9666/jdcheck.js https://ssl.google-analytics.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' openfed.github.io ajax.googleapis.com remote.captcha.com maps.googleapis.com cdn.gcloud.belgium.be cdn.jsdelivr.net analytics.socialsecurity.be blob:;img-src 'self' data: justonweb.be cbo-content-pr.bpost.cloud api-cbo-content-ext-pr.bpost.cloud openfed.github.io blob:;font-src 'self' justonweb.be secure.ogone.com fonts.gstatic.com;connect-src 'self' api-cbo-bosa-ext-pr.bpost.cloud api-cbo-backend-ext-pr.bpost.cloud api-jow-backend.bpost.cloud justonweb.be webservices-pub.acbpost.be analytics.socialsecurity.be cdn.gcloud.belgium.be blob: *.amazonaws.com;object-src 'self';report-uri justonweb.be;style-src 'unsafe-inline' openfed.github.io justonweb.be fonts.googleapis.com cdn.gcloud.belgium.be;media-src 'self' api-cbo-bosa-ext-pr.bpost.cloud api-cbo-backend-ext-pr.bpost.cloud justonweb.be api-cbo-content-ext-pr.bpost.cloud cbo-content-pr.bpost.cloud webservices-pub.bpost.be; 1
script-src 'nonce-uEn5AdUiTIFO+4QPZ0lp/w==' 'strict-dynamic' https: 'unsafe-inline'; object-src 'none'; base-uri 'none'; report-uri https://www.bennadel.com/index.cfm?event=api.csp.report; report-to csp-endpoint 1
default-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com; connect-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com; script-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'nonce-cBXfOdkMTD2E1zAu6QrghQ' data: https://consent.truste.com https://consent.trustarc.com; style-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com 'unsafe-inline'; img-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com data: https://www.ziprecruiter.com https://static.ziprecruiter.com https://privacy-policy.truste.com https://consent.trustarc.com https://consent-pref.trustarc.com; frame-src https://www.ziprecruiter.com 'self' https://accounts.google.com https://global.ketchcdn.com https://*.ketchjs.com https://consent-pref.trustarc.com 1
script-src *.bigcommerce.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.attn.tv *.adobe.com *.crazyegg.com *.jquery.com *.doubleclick.net *.fonts.net *.googleadservices.com *.googletagmanager.com *.gorgias.chat *.xg4ken.com *.klaviyo.com *.lytics.io *.mathtag.com *.moatads.com *.cookielaw.org *.pinimg.com *.segment.com *.serving-sys.com *.sc-static.net *.tapad.com *.adsrvr.org *.tiktok.com *.afterpay.com *.bazaarvoice.com *.youtube.com *.adnxs.com *.rubiconproject.com *.yahoo.com *.bidswitch.net *.casalemedia.com *.pubmatic.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.gstatic.com *.cloudfront.net *.segment.com *.pgsitecore.com *.pghub.io *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.yotpo.com *.rechargeadapter.com *.highdegree.io *.getshogun.com *.myshlf.us *.postie.com sc-static.net *.snapchat.com *.iesnare.com *.payments-amazon.com *.kaptcha.com tr.snapchat.com *.addrexx10.com *.pg.com pghub.io https://tr.snapchat.com *.tp88trk.com *.sensor.highdegree.io *.mczbf.com *.reddit.com *.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' https:; connect-src 'self' https: *.yousty.ch wss://*.hotjar.com; font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: cdn.yousty.ch cdn.www.yousty.ch cf-images.yousty.ch yousty-switzerland.imgix.net yousty-hubspot.imgix.net px.ads.linkedin.com www.facebook.com ws.srf.ch http://ws.srf.ch img.youtube.com; object-src cf-images.yousty.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' sc-static.net tr.snapchat.com bam.eu01.nr-data.net www.googletagmanager.com *.tiktok.com js.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hubspotfeedback.com js.hs-banner.com connect.facebook.net www.google-analytics.com snap.licdn.com polyfill.io cdn.www.yousty.ch d3ibz5jl4uhfvr.cloudfront.net script.hotjar.com static.hotjar.com googleads.g.doubleclick.net js.hs-scripts.com static.hsappstatic.net www.youtube.com player.vimeo.com f.vimeocdn.com www.gstatic.com storage.googleapis.com maps.googleapis.com cdn.cookielaw.org assets.customer.io js-agent.newrelic.com sst.yousty.ch js.hsforms.net js.hubspot.com *.gist.build; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com cdn.www.yousty.ch; frame-src 'self' *.youtube.com *.vimeo.com vars.hotjar.com doubleclick.net tr.snapchat.com http://tr.snapchat.com www.googletagmanager.com app.hubspot.com www.facebook.com datastudio.google.com lookerstudio.google.com *.srf.ch *.srgssr.ch youtube.com www.youstychecks.ch demo-app.gateway.one *.google.com *.google.ch cf-images.yousty.ch *.doubleclick.net sst.yousty.ch *.hsforms.com *.gist.build 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: javascript:; frame-src *; frame-ancestors *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ch *.gstatic.com *.launchdarkly.com *.hotjar.com secure.adnxs.com acdn.adnxs.com amplify.outbrain.com tr.outbrain.com sc-static.net tr.snapchat.com *.googleadservices.com *.criteo.net *.criteo.com cdn.cookielaw.org geolocation.onetrust.com bat.bing.com *.doubleclick.net *.googletagservices.com adservice.google.ch tpc.googlesyndication.com *.da-services.ch *.adsafeprotected.com bs.serving-sys.com secure-ds.serving-sys.com tagger.opecloud.com beagle.dev.tda.link beagle.prod.tda.link https://assets.carforyou.ch https://emotional-takeover.carforyou.ch 1
default-src 'self' ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://secure.adnxs.com https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com ; script-src-elem 'self' 'unsafe-inline' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.mxpnl https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com; style-src 'self' *.typekit.net fonts.googleapis.com cdn.invitereferrals.com 'unsafe-inline'; font-src 'self' *.typekit.net fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: blob: *; worker-src 'self' https://*.flexiloans.com blob:; connect-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com *.peli.com *.pelican.com *.stackadapt.com *.emarsys.net *.adroll.com cdnjs.cloudflare.com ajax.googleapis.com *.klaviyo.com js.adsrvr.org tags.crwdcntrl.net *.dynamicyield.com *.hotjar.com www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com bat.bing.com *.avmws.com use.fontawesome.com googleads.g.doubleclick.net *.yotpo.com *.en25.com www.google-analytics.com *.clarity.ms assets.pinterest.com www.google.com cdnapisec.kaltura.com www.gstatic.com cdn.rawgit.com *.datadome.co code.jquery.com *.svn0czn.com cdn.dynamicyield.com *.scarabresearch.com *.simpli.fi *.klarnaservices.com app.intercom.io widget.intercom.io js.intercomcdn.com; script-src-elem 'unsafe-inline' *; media-src data: media.peli.com media.pelican.com cdnapisec.kaltura.com js.intercomcdn.com; connect-src javascript: data: *.hscollectedforms.net *.hsforms.com *.oribi.io *.google-analytics.com *.analytics.google.com analytics.google.com *.hubspot.com *.hubapi.com store.peli.com *.peli.com peli.com *.pelican.com *.stackadapt.com *.emarsys.net *.yotpo.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com fast.a.klaviyo.com *.klaviyo.com bat.bing.com *.clarity.ms www.facebook.com vc.hotjar.io adservice.google.com www.google.com *.datadome.co analytics.kaltura.com manage.kmail-lists.com www.instagram.com *.scarabresearch.com *.klarnaservices.com api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com; img-src * data: *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.hubspot.com *.hsforms.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com; frame-src 'self' *.hsforms.net *.hsforms.com *.hs-sites.com *.hubspot.com *.pelican.com www.facebook.com vars.hotjar.com bid.g.doubleclick.net www.youtube.com www.google.com www.googletagmanager.com insight.adsrvr.org; font-src data: peli.com *.peli.com *.pelican.com staticw2.yotpo.com use.fontawesome.com fonts.gstatic.com cdn.honey.io www.slant.co at.alicdn.com fonts.googleapis.com *.klarnacdn.net js.intercomcdn.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.pelican.com staticw2.yotpo.com use.fontawesome.com cdnjs.cloudflare.com *.klaviyo.com fonts.googleapis.com cdn.honey.io translate.googleapis.com cdn.rawgit.com *.trendmicro.com *.klarnacdn.net; style-src-elem 'unsafe-inline' *; child-src *.hsforms.com www.google.com www.youtube.com bid.g.doubleclick.net insight.adsrvr.org vars.hotjar.com match.adsrvr.org intercom-sheets.com www.intercom-reporting.com player.vimeo.com fast.wistia.net; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.hsforms.com *.hubspot.com *.pelican.com www.facebook.com webto.salesforce.com *.eloqua.com; report-uri /csp-reports.php 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.facebook.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.carcarekiosk.com/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudflare.com *.facebook.com *.facebook.net *.google.com *.google.com.mx *.gstatic.com *.googleusercontent.com *.paypal.com *.icons8.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.showmethepartsdb2.com *.showmethepartsdb.com 7ec3985af1.nxcli.io *.fram.com *.linkedin.com *.doubleclick.net *.yahoo.com *.yahoo.net cbaa309e81.nxcli.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.fontawesome.com *.newrelic.com *.nr-data.net *.facebook.net *.doubleclick.net *.gstatic.com *.bizible.com *.bing.com *.marketo.net *.livechatinc.com *.weglot.com *.licdn.com *.hotjar.com *.boomtrain.com *.linkedin.com *.ipify.org s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.rackcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.facebook.com *.gstatic.com *.googleapis.com *.boomtrain.com *.linkedin.com *.livechatinc.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.ics.com; img-src 'self' *.ics.com https://www.google.com/ads/ https://px.ads.linkedin.com/ https://*.ads.linkedin.com https://www.linkedin.com/px/ https://www.google.com/pagead/ https://p.adsymptotic.com/d/px/ https://t.paypal.com/ https://lh4.googleusercontent.com https://forms.hsforms.com/ https://perf.hsforms.com/embed/ https://track.hubspot.com/ https://i.vimeocdn.com/video/ https://www.google-analytics.com/ https://forms.hubspot.com https://googleads.g.doubleclick.net/pagead/ https://forms-na1.hsforms.com/embed/v3/ https://www.googletagmanager.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://bat.bing.com https://perf-na1.hsforms.com/embed/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/img/ https://static.hsappstatic.net/ data:; font-src 'self' *.ics.com https://themes.googleusercontent.com/static/fonts/ https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' *.ics.com *.pardot.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.linkedin.com *.licdn.com *.google-analytics.com static.addtoany.com *.paypal.com https://js.hs-scripts.com/ https://js.hsforms.net/forms/embed/v2.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/embed/ https://js.usemessages.com/conversations-embed.js https://www.paypalobjects.com/ https://mtag.microsoft.com/tags/ https://tpc.googlesyndication.com/sodar/ https://bat.bing.com/ https://js.hubspot.com/web-interactives-embed.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/debug/; frame-src 'self' *.ics.com *.pardot.com *.addtoany.com *.linkedin.com *.paypal.com https://*.doubleclick.net/ https://www.slideshare.net/ https://player.vimeo.com/ https://www.google.com/ https://www.youtube.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://app.hubspot.com/ https://www.paypalobjects.com/ https://open.spotify.com/ https://tpc.googlesyndication.com/ https://share.transistor.fm/ https://bostonux-21001159.hs-sites.com/; connect-src 'self' *.google-analytics.com https://pagead2.googlesyndication.com stats.g.doubleclick.net *.addtoany.com *.pardot.com *.paypal.com https://api.hubapi.com/hs-script-loader-public/ https://forms.hubspot.com/collected-forms/ https://forms.hscollectedforms.net/collected-forms/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ https://forms.hsforms.com/emailcheck/ https://api.hubspot.com/ https://forms.hsforms.com/embed/v3/form/21001159/ https://analytics.google.com/ https://cdn.linkedin.oribi.io/partner/76168/ https://cta-service-cms2.hubspot.com/ https://px.ads.linkedin.com/wa/; media-src 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1je8b7piqubup&partner=; 1
report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self' https://*.ict.lan; 1
frame-src 'self' *.jict.fi https://www.recaptcha.net https://www.google.com; object-src 'self' *.jict.fi; style-src 'self' 'unsafe-inline' *.jict.fi fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com; base-uri 'self' *.jict.fi; form-action 'self' *.jict.fi; frame-ancestors 'self' *.jict.fi; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' ; style-src https://www.google.com/uds/api/picker/ 'self' 'unsafe-inline'; font-src 'self' data: ; img-src * 'self' blob: data: ; object-src 'self' blob: ; media-src https://s3-de-central.profitbricks.com 'self' blob: ; child-src * ; frame-ancestors 'none'; connect-src 'self' ; 1
frame-ancestors 'self' https://prod.bikinivillage.com https://lver04aapaj15wprod.dxcloud.episerver.net; 1
default-src 'self'; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com cloud.typography.com *.companies.gov.nu *.cwp.govt.nz *.companiesoffice.govt.nz; form-action 'self' *.facebook.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; frame-src 'self' d3f5l8ze0o4j2m.cloudfront.net *.google.com *.youtube.com *.youtube-nocookie.com *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu vars.hotjar.com *.societies.govt.nz *.vimeo.com *.facebook.com; child-src 'self' d3f5l8ze0o4j2m.cloudfront.net *.google.com *.youtube.com *.youtube-nocookie.com *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu *.societies.govt.nz *.vimeo.com *.facebook.com; img-src 'self' data: *.ytimg.com *.google.com *.gstatic.com *.google.co.nz *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz script.hotjar.com *.companies.gov.nu d3f5l8ze0o4j2m.cloudfront.net; media-src 'self' *.youtube.com *.youtube-nocookie.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: d3f5l8ze0o4j2m.cloudfront.net *.gstatic.com *.google.com *.google.co.nz *.script.hotjar.com script.hotjar.com static.hotjar.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.ytimg.com stats.g.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; style-src 'self' 'unsafe-inline' *.googleapis.com *.typography.com *.google.com *.google.co.nz *.youtube.com *.youtube-nocookie.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; base-uri 'self'; object-src 'none'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.in.hotjar.com *.hotjar.com wss://*.hotjar.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu *.ext.wd.govt.nz:8380; manifest-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' blob:        *.google.com *.microsoft.com *.cloudflare.com *.googleapis.com *.gstatic.com *.datatables.net *.aspnetcdn.com        *.jsdelivr.net *.jquery.com rawgit.com *.rawgit.com *.github.io *.stripe.com *.youtube.com *.vimeo.com *.dailymotion.com data:        *.startupspace.app *.eispaces.com *.startupspace.us *.ssastaging.com *.startupbot.app *.google-analytics.com *.fontawesome.com  cdnjs.cloudflare.com unpkg.com *.ckeditor.com startupspace.app  *.startupspacedev.com *.bootstrapcdn.com ucarecdn.com *.uploadcare.com *.economiccatalyst.com        *.facebook.net *.licdn.com *.ads-twitter.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.facebook.com *.twitter.com;         media-src https://* 'self' *.d261z61ppuenth.cloudfront.net *.economiccatalyst.com ;        img-src https://* 'self' data: ; report-uri /csp-report/ *.economiccatalyst.com 1
frame-ancestors 'self' *.wilcom.com 1
frame-ancestors 'self' https://www.surveymonkey.com; 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
script-src 'self' *.webshark.hu *.smartlook.com *.hotjar.com *.disqus.com *.google.com 'unsafe-inline' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com; frame-src 'self' *.webshark.hu *.facebook.com *.hotjar.com *.youtube.com *.google.com; object-src 'self' 1
frame-ancestors 'self' preview.themeforest.net themeforest.net preview.codecanyon.net codecanyon.net; 1
default-src 'self'; frame-src 'self' 'unsafe-inline' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' *:888 www.google-analytics.com trustzonevpn.info; font-src 'self' data: fonts.gstatic.com; form-action 'self'; img-src 'self' data: *.google.com trustzoneurl.com trustzonepost.xyz trustzonevpn.info get-trust-vpn.info trust.zone stats.g.doubleclick.net www.google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' get-trust-vpn.info; script-src 'self' 'unsafe-eval' 'nonce-4f8f33a0c75dec67168e5193f9e60168' www.google.com www.gstatic.com www.googletagmanager.com trustzonevpn.info get-trust-vpn.info trustzoneurl.com platform.twitter.com connect.facebook.net; report-uri http://trustzonevpn.info/_csp_log 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MTU5LDE2OSwyNTEsNzksMjE1LDE1OCwxOTAsMTA4' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
frame-ancestors 'self'  sgwistgcopydev.wpengine.com *.safeguardglobal.com; 1
default-src https://api.welbiltconnect.com https://welbiltconnect.com https://www.welbiltconnect.com https://www.google-analytics.com https://www.google.com https://welbilt-kitchenconnect-file-management-london.s3.amazonaws.com https://welbilt-kitchenconnect-file-management-northvirginia.s3.amazonaws.com https://welbilt-kitchenconnect-media-library-london.s3.amazonaws.com https://welbilt-kitchenconnect-media-library-northvirginia.s3.amazonaws.com https://welbilt-kitchenconnect-file-management-london.s3.eu-west-2.amazonaws.com https://welbilt-kitchenconnect-file-management-northvirginia.s3.us-east-1.amazonaws.com https://welbilt-kitchenconnect-media-library-london.s3.eu-west-2.amazonaws.com https://welbilt-kitchenconnect-media-library-northvirginia.s3.us-east-1.amazonaws.com https://maps.google.com https://static.woopra.com https://www.woopra.com https://js.chargify.com https://kc-uat-sandbox.chargify.com https://kc-uat-sandbox-active.chargify.com https://kc-production.chargify.com https://kc-help-document.s3.eu-west-2.amazonaws.com https://kc-help-document.s3.amazonaws.com https://static.zdassets.com https://ekr.zdassets.com https://welbilt.zendesk.com https://*.zopim.com wss://welbilt.zendesk.com wss://*.zopim.com data: blob: ; img-src 'self' https://www.google-analytics.com https://welbilt-kitchenconnect-file-management-london.s3.amazonaws.com https://welbilt-kitchenconnect-file-management-northvirginia.s3.amazonaws.com https://welbilt-kitchenconnect-media-library-london.s3.amazonaws.com https://welbilt-kitchenconnect-media-library-northvirginia.s3.amazonaws.com https://welbilt-kitchenconnect-file-management-london.s3.eu-west-2.amazonaws.com https://welbilt-kitchenconnect-file-management-northvirginia.s3.us-east-1.amazonaws.com https://welbilt-kitchenconnect-media-library-london.s3.eu-west-2.amazonaws.com https://welbilt-kitchenconnect-media-library-northvirginia.s3.us-east-1.amazonaws.com https://v2assets.zopim.io https://static.zdassets.com https://kc-help-document.s3.eu-west-2.amazonaws.com https://kc-help-document.s3.amazonaws.com data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.woopra.com https://static.woopra.com https://js.chargify.com https://kc-uat-sandbox.chargify.com https://kc-uat-sandbox-active.chargify.com https://kc-production.chargify.com ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.woopra.com https://static.woopra.com https://static.zdassets.com https://js.chargify.com https://kc-uat-sandbox.chargify.com https://kc-uat-sandbox-active.chargify.com https://kc-production.chargify.com ; style-src 'self' 'unsafe-inline' ; font-src 'self' ; object-src 'none' ; manifest-src 'self' ; 1
default-src 'self' 'sha256-pS9jMdouCowcasjL2sgHooV094O5iLx4c9rDQw4cFA8=' 'sha256-YJN4OD5I28yho1FvK4s502zmaTBBYV1J8Xm5wxx2hiE=' 'sha256-vbET04fZfFQYnWNvO2utYce6kqtxFoQH07VB6s1ma30=' 'sha256-K+laD8RLXqfuaBbYEKDdiyOXfrhn0VgIkWYAE3AhyDo=' https://analytics.google.com https://www.srcc.gov.au https://www.comcare.gov.au https://app-script.monsido.com https://www.google-analytics.com https://www.google.com.au https://www.googletagmanager.com https://fonts.gstatic.com https://fonts.googleapis.com https://tracking.monsido.com https://stats.g.doubleclick.net https://heatmaps.monsido.com https://search.comcare.gov.au;  style-src 'self' 'unsafe-inline' 'sha256-1JxUUhMq6bK5X4ACu0nfZXt9vvTqOWD5xBHl14koBio=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://www.comcare.gov.au  https://fonts.googleapis.com ;object-src 'none'; 1
img-src 'self' data: https://px.ads.linkedin.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://staticbvdev.am4.com.br/ https://staticbvhmg.am4.com.br/ https://staticbv.am4.com.br/ https://staticbv.bvirtual.com.br/; style-src 'self' https://code.jquery.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://js.hsforms.net https://forms.hsforms.com https://connect.facebook.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://d335luupugsy2.cloudfront.net/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/; 1
default-src https: 'self' data: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms www.google.ca cdn.cookielaw.org https://www.googletagmanager.com https://images.ctfassets.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com/ https://snap.licdn.com/ https://js.adsrvr.org/ https://px.ads.linkedin.com/ https://p.adsymptotic.com/; img-src 'self' *.bing.com *.clarity.ms www.google.ca gstatic.com cdn.cookielaw.org res.cloudinary.com www.googletagmanager.com images.ctfassets.net downloads.ctfassets.net www.google-analytics.com www.google.com.co www.google.com snap.licdn.com js.adsrvr.org px.ads.linkedin.com p.adsymptotic.com www.linkedin.com 1
default-src 'self'; connect-src https: wss:; font-src 'self'; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 1
frame-ancestors 'self' data: blob: https://*.cenfedcu.org loanliner.com https://*.loanliner.com; 1
frame-ancestors 'self' https://*.partijvoordedieren.nl; 1
frame-ancestors 'self' https://*.meetville.com 1
default-src 'self' *.sentry.io *.zoominfo.com *.facebook.com *.ctfassets.net *.algolia.net *.contentful.com *.vercel-insights.com *.google.com *.google-analytics.com *.cookielaw.org *.intercom.io *.onetrust.io *.onetrust.com *.clickagy.com wss://nexus-websocket-a.intercom.io *.mktoresp.com cdn.linkedin.oribi.io *.linkedin.com qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com ekr.zdassets.com coalition1659361680.zendesk.com wss://widget-mediator.zopim.com api.control.stg.binaryedge.io api.control.dev.binaryedge.io api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io coalition.zendesk.com rum.browser-intake-datadoghq.com *.auryc.com *.chilipiper.com *.coalitioninc.com maps.googleapis.com blob:; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.sentry.io fonts.googleapis.com use.fontawesome.com unpkg.com info.coalitioninc.com heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com *.sentry.io *.googleoptimize.com *.heapanalytics.com heapanalytics.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.googleadservices.com *.facebook.net *.zoominfo.com *.ads-twitter.com *.licdn.com *.clearbitjs.com *.intercom.io *.clickagy.com *.intercomcdn.com *.doubleclick.net *.google.com *.gstatic.com prism.app-us1.com munchkin.marketo.net info.coalitioninc.com *.mktoresp.com static.zdassets.com widget-mediator.zopim.com *.chilipiper.com maps.googleapis.com *.auryc.com; font-src 'self' *.sentry.io fonts.gstatic.com use.fontawesome.com data: *.intercomcdn.com heapanalytics.com *.auryc.com; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *.youtube.com *.clickagy.com *.doubleclick.net intercom-sheets.com *.google.com info.coalitioninc.com videos.ctfassets.net videos.contentful.com vimeo.com player.vimeo.com *.chilipiper.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.auryc.com heapanalytics.com *.google-analytics.com *.vercel.app *.algolia.net qf23dtaqm7-2.algolianet.com qf23dtaqm7-3.algolianet.com qf23dtaqm7-1.algolianet.com *.cookielaw.org ekr.zdassets.com *.zoominfo.com cdn.linkedin.oribi.io *.linkedin.com *.mktoresp.com *.onetrust.io *.onetrust.com coalition.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com api.control.coalitioninc.com api.control.dev.binaryedge.io api.control.demo.binaryedge.io api.control.stg.binaryedge.io *.chilipiper.com *.sentry.io maps.googleapis.com *.coalitioninc.com; img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * data:; media-src * data:; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self' https://app.contentful.com 1
default-src 'self'  'unsafe-hashes' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://youtube.com  https://www.google.com/recaptcha/ https://cdn.userway.org https://www.gstatic.com/recaptcha/ https://cdn.cookielaw.org  https://js.hs-scripts.com  https://js.hsforms.net https://ajax.googleapis.com https://play.vidyard.com https://www.googletagmanager.com   https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com 'unsafe-hashes' 'unsafe-inline'; style-src  'self' https://fonts.googleapis.com/ https://cdn.userway.org  'unsafe-hashes' 'unsafe-inline'; img-src 'self'  https://play.vidyard.com https://track.hubspot.com https://cdn.userway.org https://perf.hsforms.com https://cdn.vidyard.com https://forms-na1.hsforms.com https://forms.hsforms.com https://no-cache.hubspot.com data: https://www.google-analytics.com  https://cdn.cookielaw.org;font-src 'self' https://cdn.userway.org  data: https://fonts.gstatic.com; media-src 'self' https://cdn.userway.org ;connect-src 'self' https://www.google-analytics.com https://cdn.userway.org https://api.userway.org/ https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.youtube.com https://forms.hsforms.com  https://forms.hubspot.com;frame-src 'self' https://www.youtube.com https://cdn.userway.org https://play.vidyard.com https://js.hsforms.net https://forms.hsforms.com https://maps.google.com  https://www.google.com/recaptcha https://www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: d.vhs.cloud; report-uri /security-report.php 1
default-src * 'self' data: * 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; style-src-elem * 'self' data: 'unsafe-inline'; style-src-attr * 'self' data: 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 1
default-src 'self' 'unsafe-eval' data: munchkin.marketo.net cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-eval' munchkin.marketo.net cookie-cdn.cookiepro.com go.safebreach.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com serve.nrich.ai googleads.g.doubleclick.net static.doubleclick.net tag.nrich.ai audience.nrich.ai connect.facebook.net www.comeet.co js.driftt.com ws.zoominfo.com https://www.googleadservices.com https://cdn.bizible.com https://snap.licdn.com https://px.ads.linkedin.com https://tags.clickagy.com https://www.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://js.zi-scripts.com/zi-tag.js https://safebreachinc.widget.insent.ai/insent https://ws-assets.zoominfo.com/formcomplete.js tribl.io https://tribl.io https://www.gstatic.com https://assets.calendly.com https://cdn.cookielaw.org https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://demostack.app 'nonce-oDYfvF8BBQqdOchKmCipgeNpNxU=' platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: https://go.safebreach.com https://www.comeet.co https://www.comeet.com https://cdn.bizible.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://audience.nrich.ai https://tag.nrich.ai https://www.comeet.co https://www.facebook.com https://comeet-euw-app.s3.amazonaws.com https://cdn.bizible.com https://*.clickagy.com https://px.ads.linkedin.com https://p.adsymptotic.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://*.bluekai.com https://*.agkn.com https://*.openx.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://dpm.demdex.net https://cdn.bizibly.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://tribl.io https://px4.ads.linkedin.com https://www.safebreach.com https://www.google.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://forms-na1.hsforms.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://535-ixz-934.mktoresp.com https://cookie-cdn.cookiepro.com munchkin.marketo.net https://geolocation.onetrust.com https://go.safebreach.com https://static.doubleclick.net https://serve.nrich.ai https://googleads.g.doubleclick.net https://connect.facebook.net https://www.comeet.co https://www.facebook.com https://privacyportal.cookiepro.com https://js.driftt.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://535-ixz-934.mktoutil.com https://cdn.bizible.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.clickagy.com https://dpm.demdex.net/ https://www.google.com https://cdn.linkedin.oribi.io/partner/1777625/domain/safebreach.com/token https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://tag.nrich.ai https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://forms.hscollectedforms.net https://forms.hsforms.com https://demostack.app www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://fonts.gstatic.com cookie-cdn.cookiepro.com https://cdn.bizible.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com https://cdn.bizible.com; media-src 'self' https://www.youtube-nocookie.com https://js.driftt.com https://cdn.bizible.com cookie-cdn.cookiepro.com 3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com; frame-src 'self' https://go.safebreach.com https://www.youtube-nocookie.com https://www.comeet.co https://www.comeet.com https://www.facebook.com https://3xcvkr2e010ilg1un1om5r6f-wpengine.netdna-ssl.com/ https://js.driftt.com https://cdn.bizible.com https://w.soundcloud.com https://bid.g.doubleclick.net https://optimize.google.com https://safebreachinc.widget.insent.ai https://www.google.com https://calendly.com https://td.doubleclick.net https://forms.hsforms.com https://demostack.app www.instagram.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jlr-dev.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.securedvisit.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com landroverusa.com leasinglandrover.de psyma.com sophus3.com syndication.kbb.com web.app pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.decibel.com *.scene7.com *.sfmc-content.com *.userlike.com decibel.com scene7.com userlike.com data: blob:; 1
default-src 'self'; worker-src 'none'; connect-src 'self' https://product-details.mozilla.org https://www.google-analytics.com https://treeherder.mozilla.org/api/failurecount/ https://crash-stats.mozilla.org/api/SuperSearch/; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://secure.gravatar.com; object-src 'none'; script-src 'self' 'nonce-T8iHw3N6aQKQOH4LKRS1umWIbwGrvKeBKJN12gitpgkMwmhD' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src https://crash-stop-addon.herokuapp.com; frame-ancestors 'self'; form-action 'self' https://www.google.com/search https://github.com/login/oauth/authorize https://github.com/login https://phabricator.services.mozilla.com/ https://people.mozilla.org 1
font-src *.stripe.com *.google.com *.sagepay.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.facebook.com *.yotpo.com https://plumrocket.com *.twitter.com secure4.arcot.com *.rsa3dsauth.co.uk secure7.arcot.com secure5.arcot.com *.mpts.modirum.com verify.monzo.com acs.revolut.com acs.apata.io *.smartsecure.tsys.co.uk acs2.swedbank.se 3ds.optimuscards.com acs1.swedbank.se foriseu-vbv.mycardplace.com secure2.arcot.com *.bkm.com.tr 3ds-challenge.n26.com danskebank-3ds-bxl.wlp-acs.com cdn-3ds-bxl.wlp-acs.com cdn-3ds-vdm.wlp-acs.com acs2.edb.com acs1.edb.com *.emea.citibank.com tsys.arcot.com danskebank-3ds-vdm.wlp-acs.com 3ds2-visasecure.acdcproc.com 3ds2-idcheck.acdcproc.com vapouriz.uk authentication-acs.marqeta.com 3dsecure.mbank.pl acs2.mutualtrustbank.com *.3ds.modirum.com api.ometria.com *.fssnet.co.in mycardsecure.com 3dsecure.leobank.az acs.stripeauthentications.com 3dsecure.sumup.com 3ds.emlpayments.com secure-acs2ui-bk2-indblr-blrtdc.wibmo.com *.abmb.com.my 3ds.kaspi.kz *.garanti.com.tr acs.capitalone.com acs.sibs.pt acs.gc.ge betalen.rabobank.nl *.centrum24.pl secure-acs2ui-b1-indblr-blrtdc.wibmo.com 3ds.nexigroup.com *.apac.citibank.com authentication.cardinalcommerce.com *.capitecbank.co.za secure-acs2ui-b1-indmum-mumrdc.wibmo.com 3ds.qnb.com acs3.edb.com wirexeu-msc.mycardplace.com securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com acs4.privatbank.ua secureicici-cr1.icicibank.com acsv2.m2pfintech.com 3ds.redsys.es op-bxl.wlp-acs.com *.alfransi.com.sa *.pl.ing.com acs1.3dsecure.no acs2.3dsecure.no 3dsecure.bcc.kz uobt3dsg2.uobgroup.com bpcepaymentservices-3ds-vdm.wlp-acs.com 3ds.borica.bg *.sensebank.com.ua 3ds.upc.ua *.live.ext.prod.enfuce.com ecommerce.aps.iq *.stcpay.com.sa *.standardbank.co.za acs.ababank.com acs2.arca.am *.3ds.acssecure.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de *.vib.com.vn *.3d2.icbc.com.cn *.techcombank.com.vn *.rsa3dsauth.com ims.euronet3dsecure.com 3dsecure.nexi.it *.nedsecure.co.za 3ds.pkobp.pl 3ds-n2.nbg.gr acssv.otpbank.hu 3debspay.boc.cn acs.attijariwafa.com acs.mercurypaymentservices.it ch-acs2.cafis-paynet.jp 3dsec.postfinance.ch acsemv.mepspay.com *.afs.com.bh ipay.bangkokbank.com luxembourg-3ds-bxl.wlp-acs.com belgium-3ds-bxl.wlp-acs.com acs2.3dsecure.az vsconsumer2saib.emcrey.com acs3.3dsecure.no pay.eewosecure.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self' 'unsafe-inline'; frame-ancestors www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.yotpo.com www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com https://plumrocket.com *.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com consentcdn.cookiebot.com acs2.swedbank.se popup.laybuy.com acs.stripeauthentications.com userapi2.danskebank.com authentication.cardinalcommerce.com js.stripe.com wirexeu-msc.mycardplace.com securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com acs4.privatbank.ua *.alfransi.com.sa *.apac.citibank.com *.live.ext.prod.enfuce.com *.standardbank.co.za acs.ababank.com acs2.arca.am 3ds.nexigroup.com *.yapikredi.com.tr *.3ds.acssecure.com *.rsa3dsauth.co.uk acs.attijariwafa.com secure4.arcot.com secure7.arcot.com secure5.arcot.com acs.mercurypaymentservices.it *.akbank.com.tr *.afs.com.bh luxembourg-3ds-bxl.wlp-acs.com acs2.3dsecure.az pay.eewosecure.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com play.google.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.yotpo.com *.klevu.com *.ksearchnet.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net scripts.affiliatefuture.com p.yotpo.com trk.ometria.com c.clarity.ms integration-assets.laybuy.com *.paypalobjects.com pay.laybuy.com *.vapouriz.co.uk cdn.simplycodes.com s3.amazonaws.com imgsct.cookiebot.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk *.cookiebot.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ www.google.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com *.yotpo.com js.klevu.com *.ksearchnet.com *.searchspring.io connect.facebook.net twitter.com platform.twitter.com https://player.vimeo.com https://www.youtube.com https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu https://www.googletagmanager.com tagmanager.google.com *.ometria.com widget.freshworks.com tags.affiliatefuture.com consent.cookiebot.com invitejs.trustpilot.com consentcdn.cookiebot.com staticw2.yotpo.com scripts.affiliatefuture.com widget.trustpilot.com pi-live.sagepay.com cdn.ometria.com js.stripe.com web-sdk.smartlook.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com/* consent.cookiebot.com/uc.js www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com stats.g.doubleclick.net test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com platform.instagram.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agechecked.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.googleapis.com checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.yotpo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com widget.freshworks.com www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; object-src www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com blob: www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; manifest-src *.vapestore.co.uk *.vapouriz.co.uk www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.sagepay.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.yotpo.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://beacon.searchspring.io/beacon *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com *.ometria.com widget.freshworks.com *.ingest.sentry.io consentcdn.cookiebot.com am.freshrelevance.com ws38.hotjar.com ws36.hotjar.com wsp28.hotjar.com wsp2.hotjar.com wsp13.hotjar.com wsp3.hotjar.com ws.hotjar.com *.analytics.google.com api.yotpo.com *.eu.smartlook.cloud *.craftyclicks.co.uk invitejs.trustpilot.com *.a.searchspring.io www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.rsa3dsauth.co.uk www.rsa3dsauth.com vapouriz.freshdesk.com api.ometria.com *.smartlook.cloud *.searchspring.io 'self' 'unsafe-inline'; child-src www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com api.ometria.com *.searchspring.io http: https: blob: 'self' 'unsafe-inline'; default-src www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk consent.cookiebot.com www.google-analytics.com www.googletagmanager.com vapouriz.uk ssl.gstatic.com static.hotjar.com staticw2.yotpo.com stats.g.doubleclick.net tags.affiliatefuture.com test.vapestore.co.uk test1.vapestore.co.uk script.hotjar.com scripts.affiliatefuture.com secure2.arcot.com secure4.arcot.com secure5.arcot.com secure7.arcot.com dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net tsys.arcot.com tts.baidu.com r1-t.trackedlink.net r1.trackedweb.net fonts.googleapis.com region1.analytics.google.com region1.google-analytics.com p.yotpo.com paymentauthenticationchallenge30.emea.citibank.com paymentauthenticationchallenge32.emea.citibank.com pi-live.sagepay.com platform.instagram.com platform.twitter.com play.google.com popup.laybuy.com d1f0tbk1v3e25u.cloudfront.net d1q4q7ketxgxfn.cloudfront.net d33wubrfki0l68.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.vapestore.co.uk c.clarity.ms api.agechecked.com api.craftyclicks.co.uk code.jquery.com api.feefo.com js.klevu.com chat.freshdesk.com ajax.googleapis.com am.freshrelevance.com translate.google.cn translate.googleapis.com analytics.google.com widget.trustpilot.com www.instagram.com www.magentocommerce.com www.mageworx.com 3debspay.boc.cn 3ds-challenge.n26.com 3ds.cloud.animal.engineering 3ds.emlpayments.com 3ds.optimuscards.com 3ds.redsys.es 3ds2-idcheck.acdcproc.com 3ds2-visasecure.acdcproc.com 3dsec.cardcenter.ch 3dsecure.ing.ro 3dsecure.mbank.pl 3dsecure.zen.com 3dverify2.stcpay.com.sa acs.apata.io acs.capitalone.com acs.fssnet.co.in acs.hanacard.co.kr acs.revolut.com acs.sibs.pt acs.touch.tech acs.up-ng.com acs.wooricard.com acs1.3dsecure.no acs1.edb.com acs1.mpts.modirum.com acs1.swedbank.se acs1.viseca.ch acs2.3ds.modirum.com acs2.3dsecure.no acs2.edb.com acs2.estcard.ee acs2.mpts.modirum.com acs3.edb.com acs3.mpts.modirum.com acsemv.mepspay.com acsv2.m2pfintech.com api.emv.acs.opentech.com api.freevideoguard.com api.id.mastercard.bunq.com aptopaysafe-vbv.mycardplace.com auth.iws-hybrid.trendmicro.com authentication-acs.marqeta.com belgium-3ds-bxl.wlp-acs.com c8.dycdn.net cdn.honey.io channel-cards-html.lloydsbankinggroup.com channel.shinhan.com.vn clients.smartsecure.tsys.co.uk crqsbiacs.sbi danskebank-3ds-bxl.wlp-acs.com danskebank-3ds-vdm.wlp-acs.com emvacs.2c2p.com emvacs.bkm.com.tr emvacsip.thecardservicesonline.com foriseu-vbv.mycardplace.com gateway.id.swg.umbrella.com gbemv3dsecure.garanti.com.tr ims.euronet3dsecure.com integration-assets.laybuy.com invitejs.trustpilot.com mcconsumerv2.alahli.com mycardsecure.com natixispaymentsolutions-3ds-vdm.wlp-acs.com op-bxl.wlp-acs.com poseidon.revolut.com scatec.io secure-acs2ui-b1-indblr-blrtdc.wibmo.com secure-acs2ui-b1-indmum-mumrdc.wibmo.com securegw1.micb.md secureicici-cr1.icicibank.com shopping.bing-shopping.microsoft-falcon.io valtuutus.op.fi verifiedbyvisa.skandia.se verify.monzo.com www.bing.com www.clicksafe.lloydstsb.com www.coupert.com www.couponscdn.com www.google.co.uk www.google.com www.paypalobjects.com www.rsa3dsauth.co.uk www.rsa3dsauth.com api.ometria.com *.searchspring.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.vapouriz.co.uk www.vapestore.co.uk www.vtrade.co www.greenstemcbd.com www1.vapestorecbd.co.uk 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com; form-action 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net; connect-src 'self'; base-uri 'none'; frame-ancestors 'none'; 1
img-src 'self' d8yi8jifmzjzr.cloudfront.net d1lbs1a20jqs8l.cloudfront.net d2f94ihqbiayoj.cloudfront.net d3geq2kneybzsf.cloudfront.net d2js22npb95j0e.cloudfront.net d39eo07iavn1vt.cloudfront.net https: blob: data:; default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; frame-ancestors www.instantprint.co.uk 1
frame-ancestors https://*.ojo-publico.com 1
frame-ancestors 'self' https://m.cupid.com https://www.cupid.com 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'strict-dynamic' 'nonce-ecb664c969' 'unsafe-inline' https: http:; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'self'; frame-src 'self'; font-src 'self' data:; connect-src 'self' *.pl-business.com 1
frame-ancestors 'self'; upgrade-insecure-requests; referrer 'origin-when-cross-origin'; plugin-types 'none'; reflected-xss 'block' 1
frame-ancestors 'self' https://*.leads.staging.homeflow.co.uk https://leads.staging.homeflow.co.uk https://*.homeflow.co.uk/ https://admin.content.homeflow.co.uk/ https://projects.zoho.eu/ 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-aydJmKPORreFzx5NHdsLcA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors https://developer.equifax.com/; 1
frame-ancestors 'self' *.towerfcu.org 1
default-src 'self' https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://use.fontawesome.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/; script-src 'self' https://www.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.googleapis.com; frame-src https://*.vimeo.com; img-src data: https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/; frame-ancestors 'self' https://*.synlab.com; 1
frame-ancestors https://*.goforward.com 1
frame-ancestors 'none';; upgrade-insecure-requests 1
default-src 'self' www.google-analytics.com; script-src 'self' play.vidyard.com pi.pardot.com static.addtoany.com www.googletagmanager.com cookie-script.com ajax.googleapis.com pixel.mathtag.com www.google-analytics.com vidassets.terminus.services  snap.licdn.com tribl.io www.googleadservices.com up.pixel.ad  go.northhighland.com googleads.g.doubleclick.net view.ceros.com 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hotjar.com js-agent.newrelic.com script.hotjar.com bam-cell.nr-data.net online.flippingbook.com d33i2vgywgme2s.cloudfront.net player.vimeo.com youtube.com www.youtube.com/iframe_api *.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data:  pixel.sitescout.com wec-assets.terminus.services pixel.mathtag.com www.google.com match.adsrvr.org wec-assets-api.terminus.services www.google.co.in www.google-analytics.com p.adsymptotic.com www.google.com p.adsymptotic.com play.vidyard.com cdn.vidyard.com online.flippingbook.com d17lvj5xn8sco6.cloudfront.net insight.adsrvr.org *.linkedin.com cm.g.doubleclick.net pixel.rubiconproject.com *.yahoo.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; media-src 'self'; frame-src 'self'  view.ceros.com www.youtube.com www.googletagmanager.com go.northhighland.com pixel.sitescout.com pixel.mathtag.com static.addtoany.com bid.g.doubleclick.net play.vidyard.com vars.hotjar.com online.flippingbook.com player.vimeo.com; font-src 'self'  themes.googleusercontent.com use.fontawesome.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com consent.cookie-script.com bam-cell.nr-data.net in.hotjar.com ws26.hotjar.com wss://ws26.hotjar.com online.flippingbook.com fbo-b.flippingbook.com ws28.hotjar.com wss://ws28.hotjar.com player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; report-uri /report-csp-violation 1
default-src 'self' chat.chatra.io www.facebook.com www.google-analytics.com stats.g.doubleclick.net api.mailbluster.com www.youtube.com static.addtoany.com; connect-src 'self' cdn.linkedin.oribi.io www.facebook.com api.mailbluster.com www.google-analytics.com *.cookieyes.com cdn-cookieyes.com stats.g.doubleclick.net yoast.com; font-src 'self' fonts.gstatic.com data:; img-src * 'self' data:; script-src 'unsafe-inline' 'self' 'unsafe-eval' snap.licdn.com www.google.com www.gstatic.com cdnjs.cloudflare.com connect.facebook.net call.chatra.io www.google-analytics.com cdn-cookieyes.com www.googletagmanager.com b.sf-syn.com static.addtoany.com emailoctopus.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com www.gstatic.com emailoctopus.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' www.facebook.com 1
frame-ancestors 'self' *.sf.gov *.sfgov.org *.ca.gov sf.courts.ca.gov sf-fire.org sfport.com sfpublicdefender.org www.flysfo.com www.sfanimalcare.org www.sfartscommission.org asianart.org www.sfassessor.org sfbos.org www.calacademy.org www.dcyf.org www.sfcityattorney.org www.sfhsa.org www.sfcdcp.org sfdistrictattorney.org sfenvironment.org www.sfdph.org sfethics.org www.famsf.org sfplanning.org sfdhr.org www.sfmta.com sfocii.org www.sfpuc.org www.sfpublicworks.org sfrecpark.org www.sfcityhallevents.org mysfers.org sfhss.org sfpl.org www.sfusd.edu www.sfsheriff.com sftreasurer.org fwarmemorial.org; report-uri /report-csp-violation 1
default-src 'none'; child-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://www.google.com https://www.google.co.uk https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://yoast.com http://yoast.com yoast.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline'; font-src 'self' https://use.typekit.net http://use.typekit.net use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' data: https:; frame-ancestors 'none'; frame-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com https://td.doubleclick.net; img-src 'self' https://s3-eu-west-2.amazonaws.com http://s3-eu-west-2.amazonaws.com s3-eu-west-2.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk data: https:; object-src 'none'; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://maps.googleapis.com http://maps.googleapis.com maps.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://sjs.bizographics.com http://sjs.bizographics.com sjs.bizographics.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://code.jquery.com http://code.jquery.com code.jquery.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://f.vimeocdn.com http://f.vimeocdn.com f.vimeocdn.com https://use.typekit.net http://use.typekit.net use.typekit.net https://p.typekit.net http://p.typekit.net p.typekit.net 'unsafe-inline'; worker-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://api.ipify.org https://c.lytics.io https://cdn.segment.com https://z.moatads.com *.cloudfront.net *.agkn.org api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com https://c.lytics.io api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://c.lytics.io https://www.google.com https://www.google.hr i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com www.youtube.com https://www.youtube-nocookie.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-68187eabf4f7863d5ead864090406f12'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://manage.constructionequipment.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors default-src 'self' 'unsafe-inline' 'unsafe-eval' material-exchange.com *.material-exchange.com feedback.hubapi.com fonts.gstatic.com sc.lfeeder.com materialexchan.wpengine.com www.googletagmanager.com static.hsappstatic.net js.hubspotfeedback.com *.hubspot.com fonts.googleapis.com www.google-analytics.com static.hsappstatic.net tr.lfeeder.com js.hs-banner.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com assets.surveysparrow.com material-exchange.surveysparrow.com materialexchange.bamboohr.com data:; 1
frame-ancestors 'self' https://tritektinting.com  https://midwesttinting.com  https://www.protintutah.com  https://truxx.com   https://www.dashauto.ca  https://protexcanada.com https://canadianautoshield.com/ 1
default-src 'self' https://*.rentalcover.com; object-src 'self'; style-src 'unsafe-inline' *; img-src data: blob: * assets.braintreegateway.com checkout.paypal.com; font-src data: *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://r.turn.com https://fomo.com https://*.jotfor.ms https://*.jotform.co https://*.fomo.com https://*.keen.io https://*.yandex.ru https://*.nr-data.net https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.cloudfront.net https://*.fullstory.com https://*.hotjar.com https://*.newrelic.com https://*.alphatec.net https://googleads.g.doubleclick.net https://*.rentalcover.com https://*.usefomo.com https://www.googletagmanager.com https://www.googleadservices.com https://komito.net https://*.brightwrite.com https://bat.bing.com https://ajax.googleapis.com https://*.zopim.com https://*.trustpilot.com https://linksynergy.com https://track.linksynergy.com https://*.linksynergy.com https://intljs.rmtag.com https://*.xpay.xcover.com https://*.covergenius.com https://*.taboola.com https://www.gstatic.com https://*.zdassets.com https://*.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com https://js.stripe.com https://*.ccdc02.com https://cdnjs.cloudflare.com https://www.emjcd.com https://js.hsforms.net https://forms.hsforms.com https://*.adyen.com https://static.cloudflareinsights.com https://www.clarity.ms/ https://cdn-cookieyes.com/ https://maps.googleapis.com https://*.zendesk.com; connect-src 'self' https://*.fullstory.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.segment.io https://*.alphatec.net https://stats.usefomo.com wss://*.zopim.com https://*.google-analytics.com https://*.google.com https://*.yandex.ru https://*.trustpilot.com https://*.brightwrite.com https://*.sentry.io https://*.xpay.xcover.com https://*.covergenius.com https://*.taboola.com https://www.gstatic.com https://firestore.googleapis.com https://*.zendesk.com wss://*.zendesk.com https://*.zdassets.com https://*.nr-data.net *.braintreegateway.com *.braintree-api.com https://api.stripe.com *.amazonaws.com *.cardinalcommerce.com https://www.emjcd.com https://forms.hsforms.com https://*.g.doubleclick.net https://*.cloudfront.net https://*.rentalcover.com https://*.adyen.com https://*.typekit.net https://*.clarity.ms https://cdn-cookieyes.com/ https://*.cookieyes.com https://maps.googleapis.com; media-src 'none'; frame-src *; worker-src 'self'; frame-ancestors *; report-uri https://cf0194cd2283b886ce2fcef6a1976e05.report-uri.com/r/d/csp/reportOnly; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://connect.facebook.net https://sp.zalo.me https://platform.twitter.com https://code.responsivevoice.org https://stackpath.bootstrapcdn.com https://f-emc.ngsp.gov.vn https://connect.facebook.net https://jquery.com https://f-emc.ngsp.gov.vn https://code.responsivevoice.org https://f-emc.ngsp.gov.vn;        img-src 'self' blob: data: https://storage-vnportal.vnpt.vn https://img.youtube.com https://baohiemxahoi.gov.vn:* https://datafiles.nghean.gov.vn https://user-images.githubusercontent.com;        style-src 'unsafe-inline' 'self' https://storage-vnportal.vnpt.vn https://datafiles.nghean.gov.vn https://pro.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;        font-src  'unsafe-inline' 'self' https://pro.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://datafiles.nghean.gov.vn;       frame-src 'self' https://nghean.vnptioffice.vn https://www.youtube.com https://dichvucong.nghean.gov.vn https://storage-vnportal.vnpt.vn https://datafiles.nghean.gov.vn https://platform.twitter.com https://twitter.com https://www.facebook.com https://button-share.zalo.me https://docs.google.com https://view.officeapps.live.com https://page.widget.zalo.me https://www.google.com https://google.com https://web.facebook.com;        media-src 'self' https://storage-vnportal.vnpt.vn https://datafiles.nghean.gov.vn; 1
default-src 'none'; img-src https: data:; media-src 'self' *.solcast.com.au *.solcast.com media.licdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.solcast.com statuspal.io *.mapbox.com *.google.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.quantserve.com *.linkedin.com *.licdn.com *.googleapis.com *.facebook.net *.stripe.com  *.gstatic.com/recaptcha/ *.statuspage.io *.googletagmanager.com *.lfeeder.com *.leadfeeder.com *.fullstory.com *.redditstatic.com; style-src 'self' 'unsafe-inline' *.mapbox.com *.googleapis.com *.google.com *.licdn.com; object-src  'self' *.solcast.com.au *.solcast.com media.licdn.com :data; base-uri 'self'; frame-src *.solcast.com.au *.solcast.com *.google.com *.doubleclick.net *.youtube.com *.stripe.com *.statuspage.io *.linkedin.com; frame-ancestors 'none'; font-src 'self' data: *.solcast.com.au https://fonts.gstatic.com; manifest-src 'self'; connect-src 'self' ws: *.solcast.com.au *.solcast.com https://2v0mmgz9p6.execute-api.ap-southeast-2.amazonaws.com https://77h0dv3vl6.execute-api.ap-southeast-2.amazonaws.com *.mapbox.com *.browser-intake-datadoghq.com https://browser-intake-datadoghq.com *.solcast.com.au *.statuspal.io https://statuspal.io *.linkedin.oribi.io *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.google.com *.linkedin.com *.licdn.com *.doubleclick.net *.fullstory.com *.stripe.com *.facebook.com; child-src data:;worker-src blob:; 1
default-src 'self' 'nonce-E0j2YKGO5gsnB2kHh3FISItBCd4+xqhsAWQIH68vVAE=' https://analytics.google.com https://www.google.com.tr https://stats.g.doubleclick.net https://www.googleapis.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://googleads.g.doubleclick.net https://recaptcha.google.com https://online.anyflip.com https://static.anyflip.com https://interaktif.istanbulmodern.org https://e-bulten.istanbulmodern.com; frame-ancestors 'self' https://youtu.be https://www.youtube.com https://e-bulten.istanbulmodern.com https://recaptcha.google.com https://online.anyflip.com https://static.anyflip.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.com.tr https://i.ytimg.com https://interaktif.istanbulmodern.org; style-src 'self' 'unsafe-inline' 'unsafe-hashes' 1
default-src 'self' https://*.bitrix24.ru wss://*.bitrix24.com:* https://googleads.g.doubleclick.net https://mc.yandex.ru https://www.google-analytics.com/ https://bitrix.info/ https://api-maps.yandex.ru/ https://yastatic.net/ https://www.youtube.com/ https://rutube.ru/ https://vk.com/ https://*.vk.com/ ; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bitrix24.ru https://*.bitrix24.com https://www.googletagmanager.com https://code.jquery.com/ https://bitrix.info/ https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://mc.yandex.ru https://api-maps.yandex.ru/ https://yastatic.net/ https://www.youtube.com/ https://rutube.ru/ https://vk.com/ https://*.vk.com/ ; style-src 'self' 'unsafe-inline' https://*.bitrix24.ru https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://api-maps.yandex.ru/; img-src 'self' data: https://*.bitrix24.ru https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru:* https://*.maps.yandex.net:*; font-src 'self' https://*.bitrix24.ru https://*.gstatic.com:* ; object-src 'none'  ; 1
default-src 'self' d4trk9u7h7k98.cloudfront.net *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' contentnotif.dorcel.com d4trk9u7h7k98.cloudfront.net assets.dorcel.com xadmin.dorcelclub.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com widget.gleamjs.io *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt www.google-analytics.com ssl.google-analytics.com static.axept.io client.axept.io stats.g.doubleclick.net ajax.googleapis.com maps.google.com maps.gstatic.com maps.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com www.clarity.ms ga.dorcel.com www.account-dorcel.com; style-src 'self' 'unsafe-inline' d4trk9u7h7k98.cloudfront.net assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com *.vimeocdn.com fonts.googleapis.com maps.googleapis.com translate.googleapis.com ga.dorcel.com; img-src 'self' data: https: blob:; media-src 'self' data: assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com; font-src 'self' data: d4trk9u7h7k98.cloudfront.net assets.dorcel.com www.dorcelclub.com embedsocial.com www.dorcel.com dorcel-com-preprod.s3.eu-west-3.amazonaws.com dev.www.dorcel.com staging.www.dorcel.com fonts.gstatic.com ga.dorcel.com; frame-src 'self' contentnotif.dorcel.com d4trk9u7h7k98.cloudfront.net assets.dorcel.com embedsocial.com xadmin.dorcelclub.com www.dorcelclub.com www.w3-edge.com gleam.io *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com; child-src 'self' d4trk9u7h7k98.cloudfront.net *.vimeo.com *.vimeocdn.com www.youtube.com dev.www.dorcel.com staging.www.dorcel.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.vimeo.com api.axept.io *.googlesyndication.com static.axept.io client.axept.io www.dorcel.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com *.clarity.ms; form-action 'self' https:; object-src *; 1
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com https://www.restaurantware.com; 1
default-src 'self';script-src 'self' 'sha256-SkZYlM/DnEYa1DqVEpWdJ4xu32ABcyryxEgY0GX7Rsw=' 'sha256-AYyIhiyVwTLrw2hrJ3/PqIZxE9iM5rhnrFKGWh27Qqo=' 'sha256-LECLh+TbJs5nJ1VIZ4UE+KQD0LQkvJ+LU/0YoF9W6As=' 'sha256-u1rON8FMTy/xzocP1NMZCeuxgT7prQyncEoFw5vweoI=' 'sha256-f5lsRfP9D3IfItCArg/eFPe3u1pBW1Uh5IahkioNYEA=' 'sha256-vwUBT1MmLENiSSTPXpUO/dTjtJzZY9byamZkhJNq3lo=' 'sha256-0KdjwaiUg+h6Sf489zmQKCWt8Bn24yyzaWsXbIFOpk4=' 'sha256-g+odoihHDk8pagnVrEcdVdm2Ifbw8G3zE8HIPmy2y8o=' 'sha256-hModenNvf9UAnNt4GeQmPsL63bAnxv/tcc9jCpxFPTg=' 'sha256-G4vYaxMoSqy5fXryHD+HPOaQkwa3H0h8Yd/VkGQoBEY=' 'sha256-OfqdnCO5xH3GzYzxEBIplO3KdVb2tQ2pqhHxNEQzK5Q=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-QIWZ41MW+Sx+14+5rMza0ridotq9bHOYjpPRQTD8i2E=' 'sha256-9IdTXgKO1bc58nnKeLH/j1dFsIggoLCnu5W5zwSVbBs=' 'sha256-YrtASzyaONIhkxu39zmgucRm5lcOazJWmBdi5NVPqck=' https://ajax.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://plausible.io https://player.vimeo.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com/;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://unpkg.com https://fonts.googleapis.com;font-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net;connect-src 'self' https://numerai-pickled-user-models.s3-us-west-2.amazonaws.com https://numerai-production-uploads-us-west-2.s3-us-west-2.amazonaws.com https://numerai-production-signals-us-west-2.s3-us-west-2.amazonaws.com https://numerai-production-uploads.s3-us-west-2.amazonaws.com https://numerai-public-images.s3.amazonaws.com https://api-tournament.numer.ai/ https://api-financial.numer.ai https://www.google-analytics.com https://stats.g.doubleclick.net/ https://api.amplitude.com https://sentry.io https://plausible.io/;img-src 'self' data: https://numerai-public-images.s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;child-src 'self' numer.ai https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com;frame-src 'self' numer.ai https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: dp8k5pf9le6li.cloudfront.net themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io data: dp8k5pf9le6li.cloudfront.net media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com; manifest-src dp8k5pf9le6li.cloudfront.net www.ammoman.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: code.jquery.com dp8k5pf9le6li.cloudfront.net https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org dp8k5pf9le6li.cloudfront.net sload.sumo.com sumo.b-cdn.net 1
default-src 'self'; form-action 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' maps.googleapis.com cdn-apac.onetrust.com www.google.com assets.adobedtm.com www.googletagmanager.com www.gstatic.com www.youtube.com kit.fontawesome.com cdnjs.cloudflare.com rawgit.com 'nonce-3947263940126385629'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.onetrust.com https://*.myfonts.net https://*.cloudflare.com; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://olaminformation.demdex.net https://public.tableau.com 'nonce-3947263940126385629'; img-src 'self' maps.gstatic.com maps.googleapis.com pbs.twimg.com dpm.demdex.net olaminformationservices.sc.omtrdc.net https://cdn-apac.onetrust.com https://cm.everesttech.net www.google.co.in data:; connect-src 'self' *; object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com; 1
frame-ancestors 'self';default-src 'self';script-src 'self' 'report-sample'  'unsafe-inline' 'unsafe-eval' *.zohostatic.eu https://www.google-analytics.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com  https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://nisu-zcmp.maillist-manage.eu  https://consent.cookiebot.com/uc.js     https://campaigns.zoho.eu https://cdn.jsdelivr.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://google-analytics.com https://googletagmanager.com https://maillist-manage.eu https://m.youtube.com https://maps.googleapis.com https://maps.google.com https://s7.addthis.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com https://www.gstatic.com https://www.youtube.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;style-src 'self'  'report-sample' 'unsafe-inline' *.zohostatic.eu https://css.zohostatic.eu campaigns.zoho.eu cdn.jsdelivr.net https://css.zohostatic.eu/campaigns/static6/css/zcfonts.css fonts.googleapis.com tagmanager.google.com unpkg.com www.googletagmanager.com;object-src 'none';frame-src 'self' *.zohostatic.eu *.youtube.com *.doubleclick.net *.googlesyndication.com https://www.google-analytics.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com  https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com  consentcdn.cookiebot.com maps.googleapis.com maps.google.com www.youtube-nocookie.com www.googletagmanager.com;child-src 'self' *.zohostatic.eu www.youtube.com www.googletagmanager.com;img-src 'self' data: blob: *.gstatic.com *.zohostatic.eu *.google-analytics.com *.google.com *.google.es *.googleapis.com *.ggpht.com *.ytimg.com *.youtube.com campaigns.zoho.eu campaign-image.eu cdn.jsdelivr.net maps.googleapis.com unpkg.com www.googletagmanager.com;font-src 'self' data: cdn.jsdelivr.net *.zohostatic.eu fonts.googleapis.com fonts.gstatic.com unpkg.com;connect-src 'self' https://www.gstatic.com https://fermax.com https://fermax.com/.rest/products https://unpkg.com https://campaigns.zoho.eu https://googleads.g.doubleclick.net *.googlesyndication.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com  *.google.com cdn.jsdelivr.net consentcdn.cookiebot.com fonts.gstatic.com fonts.googleapis.com maps.googleapis.com nisu-zcmp.maillist-manage.eu stats.g.doubleclick.net undefined www.google-analytics.com www.googletagmanager.com region1.google-analytics.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self'; 1
default-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; base-uri https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz; frame-ancestors https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz; style-src 'unsafe-inline' https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://*.typography.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com https://fonts.googleapis.com https://*.gstatic.com https://tagmanager.google.com https://optimize.google.com; script-src 'unsafe-inline' https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://app-script.monsido.com https://player.vimeo.com https://code.jquery.com https://staticcdn.co.nz https://snap.licdn.com https://www.google.com https://*.doubleclick.net https://www.googleadservices.com https://*.fontawesome.com https://connect.facebook.net https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.google-analytics.com http://*.google-analytics.com http://tagmanager.google.com https://optimize.google.com https://code.jquery.com 'unsafe-eval'; img-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz 'self' data: https://staticcdn.co.nz https://i.vimeocdn.com https://img.youtube.com https://i.ytimg.com http://tracking.monsido.com https://tracking.monsido.com https://shielded.co.nz https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.co.nz https://p.adsymptotic.com https://www.google.com https://px.ads.linkedin.com https://*.facebook.com https://*.google-analytics.com http://*.google-analytics.com https://*.swagger.io https://optimize.google.com; font-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz data: https://*.fontawesome.com https://*.typography.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; object-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz 'self'; frame-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz 'self' https://www.facebook.com https://staticcdn.co.nz https://bid.g.doubleclick.net https://www.google.com data: https://*.youtube-nocookie.com https://player.vimeo.com https://*.youtube.com https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; child-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://*.youtube-nocookie.com https://player.vimeo.com http://player.vimeo.com https://*.youtube.com  https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; connect-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://stats.g.doubleclick.net https://*.algolia.net https://*.algolianet.com https://www.google-analytics.com; form-action https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz https://www.facebook.com 'self'; 1
connect-src     'self' https://*.clarity.ms/ https://adservice.google.com/ https://api.securemyemail.com https://frstre.com https://webadmin.witopia.com/api/ https://www.google-analytics.com https://www.google.com/ https://www.sjwoe.com ;        default-src     'self' https://w.cdn.witopia.com/ https://*.clarity.ms https://c.bing.com 'unsafe-inline' ;        font-src        'self' data: https://w.cdn.witopia.com https://fonts.gstatic.com data: ;        frame-src       'self' https://optimize.google.com https://td.doubleclick.net/ ;        img-src         'self' data: https://w.cdn.witopia.com https://*.bing.com/ https://*.clarity.ms https://fonts.gstatic.com/ https://googleads.g.doubleclick.net/ https://optimize.google.com https://ssl.gstatic.com https://www.google-analytics.com https://www.google.com/ https://www.googletagmanager.com https://www.gstatic.com ;        object-src      'none' ;        script-src      'self' 'unsafe-eval' 'unsafe-inline' https://script.tapfiliate.com https://tagmanager.google.com https://unpkg.com/ https://w.cdn.witopia.com https://www.clarity.ms/ https://www.google-analytics.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com ;        style-src       'self' https://w.cdn.witopia.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://tagmanager.google.com ;        worker-src      https://www.witopia.com/ ; 1
default-src https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
frame-ancestors 'self' www.facebook.com www.youtube.com 1
script-src 'self' 'unsafe-inline' data: about: *.typekit.net *.gravatar.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.instagram.com; style-src 'self' 'unsafe-inline' *.typekit.net *.instagram.com; img-src 'self' data: *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.instagram.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.googletagmanager.com/ https://extend.vimeocdn.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.msecnd.net www.votervoice.net js.usemessages.com js.hscollectedforms.net js.hs-banner.com js-na1.hs-scripts.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://forms.hsforms.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-ancestors 'self' *.Eventpedia.us https://app.hubspot.com; connect-src accounts.google.com https://www.google-analytics.com *.mktoresp.com *.visualstudio.com *.hubspot.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.votervoice.net app.hubspot.com www.podbean.com 'self' web-chat.nativechat.com; frame-src https://app.hubspot.com 'self' web-chat.nativechat.com https://www.youtube.com https://apis.google.com https://accounts.google.com 1
frame-ancestors 'self' https://www.sto.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kendo.cdn.telerik.com https://www.google-analytics.com https://maps.googleapis.com https://apis.google.com https://developers.google.com https://az416426.vo.msecnd.net https://appds8093.blob.core.windows.net https://widget.intercom.io https://js.intercomcdn.com https://share-component-uat.adesaauctionoperations.com/adesa-share-component.js https://share-component.adesaintegrations.com/adesa-share-component.js https://accounts.google.com https://cdn.segment.com/; 1
default-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-src 'self' https://metabase.mixin.ir/ https://www.aparat.com/; script-src 'self' 'unsafe-inline' *; frame-ancestors 'self' https://trustseal.enamad.ir/ 1
default-src 'self' data: blob: ws: *.g2.com *.canddi.io *.canddi.com *.crisp.chat www.google-analytics.com *.analytics.google.com pixel.pvd.to stats.g.doubleclick.net vgkgl5kmed.execute-api.eu-west-1.amazonaws.com *.wistia.net *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.googleapis.com lcj9zwv5p3.execute-api.eu-west-1.amazonaws.com; img-src 'self' data: *.g2.com s.canddi.io pixel.pvd.to px.ads.linkedin.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk image.crisp.chat www.googletagmanager.com *.wistia.com embedwistia-a.akamaihd.net googleads.g.doubleclick.net *.googleadservices.com *.contentengine.net *.linkedin.com *.canddi.com *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *.canddi.com www.googletagmanager.com cdn.canddi.io s.canddi.io www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net js.pvd.to googleads.g.doubleclick.net www.linkedin.com px.ads.linkedin.com *.crisp.chat www.googleoptimize.com *.wistia.com *.stripe.com *.google.com *.gstatic.com *.capterra.com *.calendly.com *.g2crowd.com; style-src 'self' 'unsafe-inline' *.crisp.chat; frame-src 'self' *.canddi.com www.facebook.com *.wistia.net *.stripe.com *.google.com *.calendy.com calendly.com *.g2.com *.youtube.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com *.crisp.chat; frame-ancestors 'self' *.canddi.local *.canddi.com www.canddi.download www.canddi.download.local www.canddi.link www.canddi.link.local 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://googleads.g.doubleclick.net/ https://stats.wp.com/e-202322.js https://sase.merck.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://player.quadia.net/quadia.player.min.js https://s0.wp.com https://*.contentsquare.com https://*.usabilla.com https://*.contentsquare.net/ https://pym.nprapps.org https://*.wotnot.io https://www.googletagmanager.com https://www.google-analytics.com/ https://players.brightcove.net https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://*.pricespider.com https://api.tiles.mapbox.com https://vjs.zencdn.net https://bat.bing.com https://js.adsrvr.org https://connect.facebook.net https://bam.nr-data.net blob:; object-src 'none'; base-uri https://d6tizftlrpuof.cloudfront.net/; frame-src 'self' https://td.doubleclick.net/ https://www.google.com.my/pagead/ https://sase.merck.com/ https://4918300.fls.doubleclick.net/ https://widgets.wp.com/ https://*.contentsquare.com https://*.contentsquare.net https://*.exacttarget.com/ https://*.facebook.com/ https://*.exct.net/ https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net https://pages.emailca.merck-animal-health-usa.com https://cloud.emailca.merck-animal-health-usa.com https://*.akamaihd.net https://insight.adsrvr.org https://match.adsrvr.org; frame-ancestors 'self'; img-src 'self' https://www.google.com.my/pagead/ https://connect.facebook.net/ https://www.google.com.my/ads/ga-audiences https://px.ads.linkedin.com/ https://www.google.de https://mid.rkdms.com/ https://match.sharethrough.com/ https://x.bidswitch.net/ https://match.adsrvr.org/ https://tags.bluekai.com/ https://pixel.rubiconproject.com/ https://cm.g.doubleclick.net/ https://dpm.demdex.net/ https://insight.adsrvr.org/ https://*.wp.com https://*.wotnot.io/ https://wotnot-chat-widget-icon.storage.googleapis.com https://*.contentsquare.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://*.contentsquare.net https://assets.msd-animal-health.com https://wotnot-bot-title-logo.storage.googleapis.com/ https://wotnot-avatar.storage.googleapis.com https://*.merck-animal-health.com https://unpkg.com https://cdn.jsdelivr.net https://secure.adnxs.com/ https://px.adentifi.com/ https://pubads.g.doubleclick.net https://cf-images.us-east-1.prod.boltdns.net https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ https://*.deepintent.com/ https://*.brightcove.com https://brightcove.hs.llnwd.net https://*.brightcove.hs https://manifest.prod.boltdns.net data: https://www.google.com/ https://*.bing.com/ https://*.facebook.com/ https://*.pricespider.com/ https://*.turn.com https://*.googletagmanager.com/ https://www.google.pl/; media-src 'self' blob: https://*.wotnot.io https://*.brightcove.com https://manifest.prod.boltdns.net https://*.akamaihd.net; style-src 'self' 'unsafe-inline' https://s0.wp.com https://d6tizftlrpuof.cloudfront.net/ https://*.mapbox.com/ https://*.pricespider.com/; upgrade-insecure-requests; default-src blob: https: data: 'self' wss://*.wotnot.io; trusted-types connect.facebook.net/fbevents facebook.com/signals/iwl youtube-widget-api goog#html default; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' pixel.sitescout.com *.basis.net api.w3-edge.com scatec.io *.scatec.io spreedly.com sdk.selfbook.com pay.google.com *.googlesyndication.com linkcenter.derbysoftca.com *.ingest.sentry.io visitingmedia.com *.clarity.ms *.onetrust.com *.cookielaw.org *.sentry-cdn.com *.cendyn.com *.cendynhub.com capture.duettoresearch.com *.pcibooking.net secure.livechatinc.com *.thehotelsnetwork.com tag.yieldoptimizer.com *.livechatinc.com booking.azds.com linkcenterus.derbysoftsec.com cdnjs.cloudflare.com *.otstatic.com *.triptease.io *.opentable.com *.sojern.com api.ipstack.com newbooking.azds.com rw1.marchex.io widgets.nightpro.co *.youtube.com api.ipstack.com widgets.tablelist.com *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; font-src 'self' data: *.wp.com *.thehotelsnetwork.com *.otstatic.com newbooking.azds.com *.properhotel.com *.gstatic.com *.typekit.net; img-src 'self' data: *.basis.net pixel.sitescout.com scatec.io c1.adform.net d1t1qzzb2zwrre.cloudfront.net dbmajt85xhr99.cloudfront.net *.thehotelsnetwork.com *.google.es linkcenter.derbysoftca.com *.clarity.ms *.youtube.com *.properhotel.com *.w.org *.synxis.com newbooking.azds.com linkcenterus.derbysoftca.com dk66958tcpc60.cloudfront.net pixel.sojern.com match.adsrvr.org ib.adnxs.com px.marchex.io *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' *.basis.net *.thehotelsnetwork.com *.gstatic.com *.otstatic.com newbooking.azds.com *.typekit.net 'unsafe-inline' *.googleapis.com 1
style-src 'self' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-e9c324d9-0653-4319-b6a7-72cadbd9a468' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
img-src 'self' *.zlb.de *.voebb.de *.ytimg.com *.vimeocdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com matomo.zlb.de *.vimeo.com vimeo.com *.youtube.com https://www.youtube.com blob:; frame-src *.google.com *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com *.vimeo.com vimeo.com ; connect-src 'self' matomo.zlb.de https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; form-action 'self'; object-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dadata.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mod.calltouch.ru https://ipa.iitrust.ru https://*.googleapis.com https://*.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://*.maps.yandex.net https://*.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://*.dadata.ru; font-src 'self' https://fonts.gstatic.com https://*.dadata.ru data:; img-src 'self' data: https://developers.google.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://*.yandex.ru https://*.maps.yandex.net https://*.dadata.ru; connect-src 'self' https://ipa.iitrust.ru https://*.googleapis.com https://www.google-analytics.com https://*.gstatic.com https://mc.yandex.ru https://*.yandex.ru https://mc.yandex.md https://*.dadata.ru; child-src 'self' https://mc.yandex.md; frame-src 'self' https://www.youtube.com/ 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-pUA4uqXIcpR6K56SzQZ5mw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-src 'self' js.tito.io *.youtube.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.recruitmilitary.com a2.adform.net acsbap.com *.taboola.com connect.facebook.net/en_US/fbds.js cookie-cdn.cookiepro.com front.optimonk.com go.hirevets.com *.doubleclick.net gs-cdn.optimonk.com reverseads.matomo.cloud rm-marketing-production.s3.amazonaws.com *.criteo.com static.hotjar.com *.googlesyndication.com use.typekit.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googletagservices.com *.google.com www.youtube.com *.licdn.com *.facebook.net *.bing.com *.matomo.cloud *.qualified.com acsbapp.com script.hotjar.com s2.adform.net *.outbrain.com ; style-src 'report-sample' 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com rm-marketing-production.s3.amazonaws.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.intentiq.com *.hotjar.com *.hotjar.io *.outbrain.com *.gstatic.com *.google-analytics.com *.google.com ad.doubleclick.net analytics.google.com bat.bing.com cdn.acsbapp.com cds.taboola.com cookie-cdn.cookiepro.com front.optimonk.com geolocation.onetrust.com googleads4.g.doubleclick.net jfapiprod.optimonk.com my.recruitmilitary.com pagead2.googlesyndication.com pips.taboola.com reverseads.matomo.cloud securepubads.g.doubleclick.net stats.g.doubleclick.net trc-events.taboola.com trc.taboola.com wss://ws.qualified.com; font-src 'self' maxcdn.bootstrapcdn.com rm-marketing-production.s3.amazonaws.com use.typekit.net; frame-src 'self' go.hirevets.com tsdtocl.com *.googlesyndication.com *.safeframe.googlesyndication.com app.qualified.com gum.criteo.com www.google.com www.youtube.com; img-src 'self' data: *.intentiq.com *.taboola.com *.addthis.com ei.rlcdn.com pippio.com *.googletagmanager.com *.criteo.com *.agkn.com *.bluekai.com *.bing.com analytics.trafficroots.com s0.2mdn.net *.gstatic.com *.doubleclick.net ad.360yield.com ad.tpmn.co.kr ade.clmbtech.com ads.stickyadstv.com assets.recruitmilitary.com c.bing.com cm.g.doubleclick.net contextual.media.net cookie-cdn.cookiepro.com criteo-partners.tremorhub.com criteo-sync.teads.tv e1.emxdgt.com eb2.3lift.com exchange.mediavine.com googleads.g.doubleclick.net *.criteo.com *.demdex.net i.liadm.com ib.adnxs.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com p.typekit.net pagead2.googlesyndication.com partner.mediawallahscript.com pixel.rubiconproject.com px.ads.linkedin.com r.casalemedia.com rm-marketing-production.s3.amazonaws.com rtb-csync.smartadserver.com s.ad.smaato.net s3.amazonaws.com securepubads.g.doubleclick.net simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com tapestry.tapad.com tg.socdm.com tpc.googlesyndication.com trends.revcontent.com ups.analytics.yahoo.com visitor.omnitagjs.com www.facebook.com www.google-analytics.com www.google.com x.bidswitch.net; manifest-src 'self'; media-src 'self' app.qualified.com; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cls-erecording-marketing-website-chatbot-app-service.azurewebsites.net wss://directline.botframework.com directline.botframework.com *.botframework.com webchat.botframework.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com; script-src 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com wss://directline.botframework.com directline.botframework.com *.botframework.com webchat.botframework.com *.licdn.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.facebook.net *.youtube.com *.googlesyndication.com; script-src-elem 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com wss://directline.botframework.com directline.botframework.com *.botframework.com webchat.botframework.com *.licdn.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.facebook.net *.youtube.com *.googlesyndication.com *.cookielaw.org 'unsafe-inline'; style-src 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.gstatic.com 'unsafe-inline'; img-src 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com *.facebook.com *.doubleclick.net *.gstatic.com i.ytimg.com *.gravatar.com *.cookielaw.org; font-src 'self' erecordingapp-test.azurewebsites.net cscmarketing-erecording-prod-container.azurewebsites.net *.erecording.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.facebook.com *.verse.com *.googlesyndication.com *.hsforms.com *.doubleclick.net; object-src 'none' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.fanucamerica.com *.cloudflare.com *.bootstrapcdn.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://kendo.cdn.telerik.com https://cdn.kendostatic.com www.googletagmanager.com snap.licdn.com static.ctctcdn.com *.azureedge.net *.wistia.com googleads.g.doubleclick.net cdn.linkedin.oribi.io listgrowth.ctctcdn.com https://www.google-analytics.com google-analytics.com s3.amazonaws.com prospector.pmmimediagroup.com cdn.jsdelivr.net *.mapbox.com *.googleadservices.com youtube.com *.netlify.app *.swiftype.com *.hotjar.com *.hotjar.io *.dynamics.com *.sharethis.com wss://ws.hotjar.com *.ourcareerpages.com *.addthis.com *.litix.io https://fast.wistia.com https://distillery.wistia.com *.doubleclick.net https://stats.g.doubleclick.net/ *.google.com *.tvsquared.com *.cloudflareinsights.com *.crwdcntrl.net *.wistia.net *.googlesyndication.com *.surveymonkey.com *.brightcove.net https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.fanucamerica.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://kendo.cdn.telerik.com https://cdn.kendostatic.com use.typekit.net *.typekit.net platform.twitter.com http://static.ctctcdn.com/ www.gstatic.com *.wistia.com googleads.g.doubleclick.net www.google-analytics.com cdn.linkedin.oribi.io prospector.pmmimediagroup.com listgrowth.ctctcdn.com *.jsdelivr.net *.mapbox.com *.hotjar.com *.ourcareerpages.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com kendo.cdn.telerik.com *.fanucamerica.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://www.fanucamerica.com https://px.ads.linkedin.com/ *.google.com https://www.google-analytics.com *.wistia.com *.dynamics.com embed-ssl.wistia.com https://embedwistia-a.akamaihd.net *.doubleclick.net fanucamerica.com *.sharethis.com *.tvsquared.com *.wistia.net *.googlesyndication.com *.smassets.net https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net cdnjs.cloudflare.com *.eloqua.com track.hubspot.com *.wistia.com *.wistia.net *.googlesyndication.com; frame-src 'self' *.google.com *.wistia.net *.dynamics.com *.sharethis.com *.youtube.com *.doubleclick.net *.surveymonkey.com *.brightcove.net web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com listgrowth.ctctcdn.com https://www.google-analytics.com google-analytics.com s3.amazonaws.com prospector.pmmimediagroup.com stats.g.doubleclick.net cdn.linkedin.oribi.io *.wistia.com static.ctctcdn.com embed-ssl.wistia.com *.netlify.app *.dynamics.com *.hotjar.com *.sharethis.com *.hotjar.io wss://ws.hotjar.com *.ourcareerpages.com *.addthis.com *.litix.io https://fast.wistia.com https://distillery.wistia.com https://stats.g.doubleclick.net/ *.google.com *.fanucamerica.com *.crwdcntrl.net *.wistia.net *.googlesyndication.com *.signalfx.com *.linkedin.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.eloqua.com track.hubspot.com *.wistia.com *.fanucamerica.com *.wistia.net *.googlesyndication.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.wistia.net *.googlesyndication.com web-chat.nativechat.com 1
default-src 'self';block-all-mixed-content;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://player.vimeo.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com;img-src 'self' data: https:;frame-src 'self' www.googletagmanager.com www.youtube.com www.youtube-nocookie.com player.vimeo.com https://www.google.com;child-src 'self' www.googletagmanager.com player.vimeo.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com tools.cofrac.fr *.s3.amazonaws.com;media-src 'self' *.s3.amazonaws.com blob:;frame-ancestors 'self'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' data: *.vwo.com; frame-ancestors https://*.storyblok.com https://*.vwo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com https://hcaptcha.com https://*.hcaptcha.com; img-src blob: data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' authentication.me  *.authentication.me https://softok.info https://*.softok.info https://installpack.net https://installpack.ru https://installpack.one *.apps-windows.com *.soft-apps.ru http://*.servtodown.ru https://*.servtodown.ru https://*.sftwr.ru https://knowens.com https://mpraven.org https://smatr.icu https://msstral.icu *.jquery.com jquery.com *.disqus.com https://*.disqus.com https://disqus.com disqus.com *.disquscdn.com https://*.disquscdn.com https://disquscdn.com disquscdn.com *.vk.com https://*.vk.com https://vk.com vk.com *.facebook.com https://*.facebook.com https://facebook.com facebook.com *.facebook.net https://*.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.addthis.com addthis.com *.opera.com *.yandex.ru https://*.yandex.ru http://*.yandex.ru https://yandex.ru yandex.ru https://ymetrica.com *.yandex.net https://*.webvisor.org *.googlesyndication.com https://*.googlesyndication.com https://googlesyndication.com googlesyndication.com *.googletagservices.com https://*.googletagservices.com https://googletagservices.com googletagservices.com *.googleadservices.com https://*.googleadservices.com https://googleadservices.com googleadservices.com https://adservice.google.com.ua *.gstatic.com https://*.gstatic.com https://gstatic.com gstatic.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com google-analytics.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com publisherconsole.appspot.com *.google.com https://*.google.com https://google.com google.com http://*.google.ru https://fonts.googleapis.com  http://fonts.googleapis.com *.googletagmanager.com *.doubleclick.net https://*.doubleclick.net https://doubleclick.net doubleclick.net https://images.dmca.com *.youtube.com https://*.youtube.com https://youtube.com youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' softok.info *.softok.info https://secure.gravatar.com data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.softok.info data: *;media-src 'self' 'unsafe-inline' 'unsafe-eval' softok.info *.softok.info mediastream: *; report-uri /csp 1
child-src data: https: blob:; img-src data: https: blob:; object-src https:; font-src data: https:; connect-src https: wss: blob:; form-action https:; upgrade-insecure-requests; style-src data: 'unsafe-inline' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; default-src data: 'unsafe-inline' 'unsafe-eval' https:; media-src data: https: blob:; 1
default-src 'self' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://ad.enviedebienmanger.fr https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://dgvoua7mh4f9h.cloudfront.net https://www.enviedebienmanger.fr https://5301507.fls.doubleclick.net https://www.google.com https://www.google.fr https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://connect.facebook.net https://staticxx.facebook.com https://www.gstatic.com/ https://www.uptilabtest1.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://extl.ebtrk1.com https://7950743.fls.doubleclick.net https://7972514.fls.doubleclick.net https://7965989.fls.doubleclick.net https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://contact.president.fr https://kwptg.kantarworldpanel.fr https://fonts.gstatic.com https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://api.flymenu.fr https://v3.enviedebienmanger.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://www.primevere.com https://primevere.com; connect-src 'self' https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com https://cdn.cookielaw.org https://logs1412.xiti.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.primevere.com https://primevere.com; frame-src 'self' https://5301507.fls.doubleclick.net https://tagmanager.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.google.com/ https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://extl.ebtrk1.com https://7950743.fls.doubleclick.net https://7972514.fls.doubleclick.net https://cdn.cookielaw.org https://7965989.fls.doubleclick.net https://geolocation.onetrust.com https://contact.president.fr https://www.jeu-enviedebienmanger.fr https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://stats.g.doubleclick.net blob: https://api.flymenu.fr https://app.flymenu.fr https://v3.enviedebienmanger.fr https://form.jevousremercie.fr https://www.enviedebienmanger.fr https://action.metaffiliation.com https://gum.criteo.com https://galbani-dolcevitachallenge.enviedebienmanger.fr https://caast.tv https://*.caast.tv https://logs1412.xiti.com https://www.primevere.com https://primevere.com https://td.doubleclick.net; img-src 'self' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://www.enviedebienmanger.fr https://ad.enviedebienmanger.fr https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://analytics.digital-metric.net https://dgvoua7mh4f9h.cloudfront.net https://stats.g.doubleclick.net https://5301507.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://connect.facebook.net https://staticxx.facebook.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://extl.ebtrk1.com https://7950743.fls.doubleclick.net https://7972514.fls.doubleclick.net https://7965989.fls.doubleclick.net https://geolocation.onetrust.com https://contact.president.fr data: https://kwptg.kantarworldpanel.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://api.flymenu.fr https://static.flymenu.fr https://v3.enviedebienmanger.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://cm.g.doubleclick.net https://*.caast.tv https://logs1412.xiti.com https://www.primevere.com https://primevere.com https://fonts.gstatic.com https://ad.doubleclick.net; media-src 'self' https://*.mux.com blob: https://www.primevere.com https://primevere.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.enviedebienmanger.fr https://www.googletagmanager.com https://optanon.blob.core.windows.net https://ad.enviedebienmanger.fr https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://analytics.digital-metric.net https://static.digital-metric.net https://dgvoua7mh4f9h.cloudfront.net https://5301507.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://www.google.fr https://tagmanager.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://staticxx.facebook.com https://connect.facebook.net https://www.gstatic.com https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://extl.ebtrk1.com https://7950743.fls.doubleclick.net https://7972514.fls.doubleclick.net https://7965989.fls.doubleclick.net https://geolocation.onetrust.com https://contact.president.fr https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.jeu-enviedebienmanger.fr https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://v3.enviedebienmanger.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://caast.tv https://*.caast.tv https://tag.aticdn.net https://logs1412.xiti.com https://www.primevere.com https://primevere.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://ad.enviedebienmanger.fr https://cdnjs.cloudflare.com https://invitation.opinionbar.com https://www.google-analytics.com https://tags.digital-metric.com https://analytics.digital-metric.com https://analytics.digital-metric.net https://dgvoua7mh4f9h.cloudfront.net https://www.enviedebienmanger.fr https://5301507.fls.doubleclick.net https://www.google.com https://tbl.tradedoubler.com https://track.effiliation.com https://tagmanager.google.com https://tracker.optin-lead.com https://snakeinteractive.go2cloud.org https://www.google.fr https://www.gstatic.com/ https://track.actiplay-network.com https://7890636.fls.doubleclick.net https://www.youtube.com https://extl.ebtrk1.com https://7950743.fls.doubleclick.net https://7972514.fls.doubleclick.net https://7965989.fls.doubleclick.net https://geolocation.onetrust.com https://contact.president.fr https://fonts.googleapis.com https://tracker.mailomedia-tracking.com https://swrap.tradoubler.com https://cdn.cookielaw.org https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://mobile.mng-ads.com https://sslwidget.criteo.com https://gum.criteo.com https://stats.g.doubleclick.net https://api.flymenu.fr data: https://v3.enviedebienmanger.fr https://form.jevousremercie.fr https://action.metaffiliation.com https://www.primevere.com https://primevere.com 1
frame-ancestors *.hss.com *.hsstraining.com 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.klevu.com *.googletagmanager.com *.headcovers.com *.userway.org *.hotjar.com *.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.facebook.com *.googletagmanager.com *.headcovers.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.yotpo.com https://api.boldcommerce.com *.facebook.com *.addthis.com *.headcovers.com *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.googletagmanager.com *.paypalobjects.com *.g.doubleclick.net *.hotjar.com *.userway.org *.freshchat.com *.instagram.com *.vimeo.com saasphoto.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.yotpo.com https://static.boldcommerce.com https://static.xx.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.userway.org *.facebook.com *.klevu.com *.bing.com *.headcovers.com *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.googletagmanager.com *.shopperapproved.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.ytimg.com *.hotjar.com *.clarity.ms *.searchspring.net *.searchspring.io d3cgm8py10hi0z.cloudfront.net https://img.youtube.com flagpedia.net https://redchamps.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.yotpo.com https://api.boldcommerce.com https://static.xx.fbcdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://cashier.boldcommerce.com/assets/experience/flow_sdk.js chimpstatic.com downloads.mailchimp.com *.list-manage.com *.userway.org *.facebook.com *.facebook.net *.headcovers.com *.addthisedge.com *.addthis.com *.moatads.com *.azureedge.net *.google.com *.gstatic.com *.klevu.com *.bing.com *.hotjar.com *.shopperapproved.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleadservices.com *.g.doubleclick.net *.freshchat.com *.instagram.com *.clarity.ms *.searchspring.io *.searchspring.net *.chimpstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io https://cdn.searchspring.net/intellisuggest/is.min.js maps.googleapis.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com downloads.mailchimp.com *.klevu.com *.googletagmanager.com *.google.com *.headcovers.com *.userway.org *.freshchat.com *.hotjar.com *.searchspring.io *.searchspring.net *.shopperapproved.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.yotpo.com https://api.boldcommerce.com https://api.staging.boldcommerce.com https://cashier.boldcommerce.com https://graph.facebook.com https://secure.boldcommerce.com https://secure.staging.boldcommerce.com *.userway.org *.signifyd.com https://bt.signifyd.com:11103 *.klevu.com *.headcovers.com *.core.windows.net *.4-tell.net *.paypal.com *.g.doubleclick.net *.bing.com *.google-analytics.com *.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.ksearchnet.com *.facebook.com *.clarity.ms *.googleapis.com *.searchspring.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://get.geojs.io *.avada.io www.gstatic.com https://beacon.searchspring.io/beacon https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.headcovers.com; report-to report-endpoint; 1
frame-ancestors 'self' https://*.firsttuesday.us https://journal.firsttuesday.us 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-89b583fdcb5567b60ff5d80a2f452eaa'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' uwcsea-portal.edu.sg uwcsea-qa.teamieapp.com app.happeo.com staffhub.uwcsea.edu.sg uwcsealearning.theteamie.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.workbooks.com/ https://www.youtube.com/ https://*.googleadservices.com https://*.google.com https://*.hotjar.com https://workbooks.com https://www.workbooks.com https://*.livechatinc.com data: https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.calendly.com https://s.ytimg.com https://maps.googleapis.com https://maps.google.com https://*.liveperson.net https://*.lpsnmedia.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://load.sumome.com https://cdn.optimizely.com https://js.hs-analytics.net https://connect.facebook.net https://js.hsforms.net https://forms.hubspot.com https://js.hs-scripts.com https://communigator.co.uk https://*.communigator.co.uk https://*.gatorleads.co.uk https://t.wowanalytics.co.uk https://cgtforms.com https://sumome-140a.kxcdn.com https://api.bufferapp.com https://graph.facebook.com https://api.facebook.com https://www.linkedin.com https://widgets.pinterest.com https://buttons.reddit.com https://api.hubapi.com https://api.survicate.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://zapier.com https://api.usemessages.com https://www.bizographics.com https://sumo.b-cdn.net https://workbooks.bamboohr.com https://workbooks-dev.workbooks.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://wb.workbooks.com https://sjs.bizographics.com https://storage.googleapis.com https://uaadcodedsp.rontar.com https://app-static.turtl.co; object-src 'self' 1
default-src 'self' 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://js.hsforms.net/*; style-src 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; connect-src * https://3xd036ih17q1nzvrw17q3vhz-wpengine.netdna-ssl.com; font-src 'self' 'unsafe-inline' https: data:; media-src *; form-action https: *.hsforms.com; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
report-uri https://www.yelp.com/csp_block?id=197aebb07086fb5d&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1705978770; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hcaptcha.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' *.hcaptcha.com *.google.com *.vimeo.com; connect-src 'self' *.hcaptcha.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data:;manifest-src 'self';media-src 'self' *.vimeo.com *.akamaized.net data:; object-src 'self'; 1
style-src 'self' fonts.googleapis.com fonts.traceless.io staging-assets.traceless.io fonts.traceless.io.s3-us-west-2.amazonaws.com assets.traceless.io unpkg.com 'unsafe-inline'; default-src 'self'; frame-ancestors; form-action 'self'; script-src 'self' browser.sentry-cdn.com traceless.us4.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net assets.traceless.io https://js.stripe.com cdnjs.cloudflare.com widget.intercom.io js.intercom.io js.intercomcdn.com cdn.polyfill.io cdn.split.io consent.cookiebot.com consentcdn.cookiebot.com; media-src 'self' js.intercomcdn.com; frame-src *.stripe.com https://hooks.stripe.com https://www.youtube.com consentcdn.cookiebot.com intercom-sheets.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.traceless.io.s3-us-west-2.amazonaws.com fonts.traceless.io staging-assets.traceless.io assets.traceless.io js.intercomcdn.com; connect-src traceless.io www.traceless.io secure.point.co api.stripe.com www.dinopass.com www.google-analytics.com sentry.io traceless-staging-files.s3.amazonaws.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io stats.g.doubleclick.net graphql.contentful.com sdk.split.io auth.split.io streaming.split.io events.split.io consentcdn.cookiebot.com; img-src 'self' *.google-analytics.com *.googleusercontent.com *.gravatar.com www.googletagmanager.com gravatar.com *.wp.com traceless.io staging-assets.traceless.io assets.traceless.io downloads.intercomcdn.com js.intercomcdn.com static.intercomassets.com images.ctfassets.net videos.ctfassets.net platform.slack-edge.com traceless.com 1
frame-ancestors https://herbies.postaffiliatepro.com https://affiliate.herbiesheadshop.com https://admin.1703.team 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://use.typekit.net data: https://www.googletagmanager.com https://ajax.googleapis.com https://p.typekit.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.iubenda.com http://*.iubenda.com https://*.adobe.com https://*.adobedtm.com https://*.gruppoiren.it https://gruppoiren.sharepoint.com https://dev01.codeland.it https://*.teleborsa.it https://www.google.com https://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://maps.google.com https://*.youtube.com https://youtube.com https://*.gstatic.com https://www.gstatic.com https://codeland.us14.list-manage.com https://*.amazonaws.com https://eep.io https://*.mailchimp.com https://liveservice.cloud-care.it wss://*.cloud-care.it https://*.cloud-care.it https://*.acsbapp.com https://acsbapp.com https://*.licdn.com https://*.linkedin.com; frame-ancestors 'self'; 1
default-src 'self' ghostboard.io *.ghostboard.io;script-src 'self' ghostboard.io *.ghostboard.io plausible.io *.plausible.io *.stripe.com *.gstatic.com *.githubusercontent.com 'unsafe-inline';img-src 'self' ghostboard.io * *.ghostboard.io data: https:;font-src 'self' ghostboard.io *.ghostboard.io *.gstatic.com;frame-src 'self' ghostboard.io *.ghostboard.io *.stripe.com;connect-src 'self' wss: ghostboard.io *.ghostboard.io *.gstatic.com plausible.io;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://script.hotjar.com  https://static.zdassets.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.phpjabbers.com https://www.google-analytics.com https://connect.facebook.net https://js.stripe.com https://www.googleadservices.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.phpjabbers.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.phpjabbers.com; img-src * 'self' data: https: https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com; connect-src 'self' https://in.hotjar.com wss://ws33.hotjar.com  https://phpjabbers.zendesk.com wss://widget-mediator.zopim.com  https://ekr.zdassets.com https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://vars.hotjar.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.phpjabbers.com https://js.stripe.com 1
frame-ancestors 'self' https://app.brivity.com https://www.brivity.com 1
"frame-ancestors 'self';" 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-4ntWfN2XyW99rk8YHJD_SA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
img-src 'self' data: https://ps.w.org https://s.w.org https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://cdn.oectours.com https://static.hupso.com https://t.co https://analytics.twitter.com https://ct.pinterest.com https://secure.gravatar.com https://www.google-analytics.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://qa-cdn-talkdesk.talkdeskdev.com https://talkdeskchatsdk.talkdeskapp.com; 1
default-src https: data: 'self' blob: data:; style-src 'self' 'unsafe-inline' *.shopperapproved.com *.cloudfront.net https://www.googletagmanager.com fonts.googleapis.com use.fontawesome.com *.mypurecloud.com *.sociablekit.com *.bootstrapcdn.com *.google.com;font-src 'self' *.bing.com *.cloudfront.net fonts.gstatic.com use.fontawesome.com *.bootstrapcdn.com *.mypurecloud.com *.google.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zapier.com *.roeyecdn.com *.upsellit.com *.iconnode.com *.bing.com https://googleads.g.doubleclick.net *.sciencebehindecommerce.com *.awin1.com *.convertexperiments.com *.amazon-adsystem.com *.cloudfront.net https://www.dwin1.com *.cloudflare.com https://partner.googleadservices.com https://googleads.g.doubleclick.net https://v2.crocdn.com https://woobox.com *.instagram.com www.shopperapproved.com www.googleadservices.com *.facebook.net www.google-analytics.com www.googletagmanager.com *.google.com *.sociablekit.com *.pure.cloud *.pages04.net *.hotjar.com  *.clarity.ms *.ceros.com *.b0e8.com *.marinsm.com *.prfct.co *.bing.com *.evidence.io unpkg.com *.digicert.com *.gstatic.com *.auth0.com optimize.google.com www.googleoptimize.com blob: data:;connect-src 'self' *.bing.com *.upsellit.com *.iconnode.com *.sciencebehindecommerce.com *.awin1.com *.convertexperiments.com *.cloudfront.net https://api.ipify.org https://images.sociablekit.com https://csp.withgoogle.com wss://streaming.usw2.pure.cloud api.usw2.pure.cloud www.google-analytics.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.google.com *.evidence.io *.accentapi.com wss://wss.evidence.io *.hotjar.com wss://ws8.hotjar.com *.generalitravelinsurance.com *.gstatic.com *.auth0.com blob: data:;img-src data: 'self' *.roeye.com *.upsellit.com *.doubleclick.net *.consumeraffairs.com *.awin1.com *.iconnode.com *.convertexperiments.com https://googleads.g.doubleclick.net *.cloudfront.net https://www.googleapis.com/generate_204 https://lh3.googleusercontent.com www.shopperapproved.com *.generalitravelinsurance.com www.google-analytics.com www.googletagmanager.com *.google.com *.gstatic.com  *.clarity.ms *.bc0a.com *.b0e8.com *.prfct.co *.facebook.com *.adnxs.com *.bing.com *.bc0a.com *.sociablekit.com *.pages04.net *.accentapi.com *.digicert.com *.evidence.io evidenceapp.s3-us-west-2.amazonaws.com *.cloudfront.net blob: data:; frame-src 'self' *.upsellit.com *.zapier.com *.zapier.app *.generalitravelinsurance.com *.awin1.com *.iconnode.com *.cloudfront.net https://afs.googlesyndication.com *.youtube.com *.bing.com *.ggatravelservices.com *.ceros.com *.facebook.com *.instagram.com https://woobox.com https://player.vimeo.com https://map.openupforbusiness.com *.research.net *.surveymonkey.com *.amazon-adsystem.com *.doubleclick.net *.hotjar.com *.google.com www.googleoptimize.com *.pages04.net blob: data:; frame-ancestors 'self' *.generalitravelinsurance.com *.vacationprotection.com *.vacationrentalinsurance.com *.generalipartner.com 1
default-src 'unsafe-inline' 'unsafe-eval' data: pilatus-aircraft.com *.pilatus-aircraft.com hello.myfonts.net *.youtube.com *.youtube-nocookie.com *.googleapis.com *.ytimg.com *.gstatic.com *.webspellchecker.net cdnjs.cloudflare.com mrr-pilatus-explore.vercel.app sketchfab.com *.sketchfab.com; frame-ancestors 'self' *.pilatus-aircraft.com stage.januar.ch mrr-pilatus-explore.vercel.app sketchfab.com *.sketchfab.com 1
default-src 'self' *.plagium.com;img-src 'self' *;font-src 'self' *.plagium.com use.fontawesome.com;media-src 'self' *.plagium.com *.youtube.com *.instagram.com *.facebook.net *.facebook.com;frame-src 'self' *.plagium.com *.youtube.com *.addthis.com *.instagram.com *.facebook.net *.facebook.com;style-src 'self' 'unsafe-inline' *.plagium.com use.fontawesome.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.plagium.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.addthis.com *.addthisedge.com *.instagram.com *.facebook.net *.facebook.com *.amcharts.com;connect-src 'self' 'unsafe-inline' *.plagium.com *.googleadservices.com *.google-analytics.com *.facebook.net *.facebook.com *.addthis.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: avatars.githubusercontent.com;object-src 'none';script-src 'self' 'unsafe-eval';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' http: https: 1
default-src 'self'; script-src 'self' https://www.youtube.com 'sha256-bsriBHhd3ID9p66p9X58fI1QXOmr7Xa/VNqUGfGlE0o' 'sha256-CIIWJRx1FMu7SRVDnbgTr4xXu3pL3G6hBk4N6SI4/Uw=' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.hotjar.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com http://*.googleapis.com https://*.googleapis.com http://*.googleadservices.com https://*.googleadservices.com https://maps.googleapis.com https://www.youtube.com/iframe_api 'unsafe-eval'; connect-src * 'self' 'unsafe-inline' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net; img-src data: 'self' blob: https: http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.google.com:* https://*.google.com:* http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://widget.intercom.io/widget https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com http://www.googletagmanager.com http://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cloud.typography.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com https://optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com http://cloud.typography.com/6162672/684584/css/fonts.css https://cloud.typography.com/6162672/684584/css/fonts.css https://www.vangoghmuseum.nl/statics/fonts/796821/50011f6b07dc2a0f8.css https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com/iframe_api; media-src 'self' https://api.lessonup.com https://lessonup-assets.appspot.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com https://js.intercomcdn.com; font-src 'self' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://cloud.typography.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://q42.nl https://q42.com https://*.wikipedia.org https://*.schoolblocks.nl https://app.wereldvanoz.org https://flamingo.digibord-tool.c66.me https://natuurlab.q42labs.com https://kominactie.npo3fm.nl https://umu.nl https://jck.nl https://micr.io https://sketchfab.com https://wtfff.nl https://*.helpmaya.nl https://walk-in-my-shoes.be http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://test.lessonup.dev https://staging.lessonup.app https://lessonup.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://intercom-sheets.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.jquery.com https://*.youtube.com https://*.google-analytics.com https://*.facebook.net https://*.twitter.com https://*.vimeo.com blob: https://*.nis.rs; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com/; img-src 'self' data: https://*.youtube.com https://i0.wp.com/wpmudev.com https://api012.successfactors.eu https://*.nis.eu https://*.nis.rs https://*.wpmudev.org https://wpmudev.com https://*.w.org https://*.nis.rs https://*.twitter.com http://*.desgsr.com https://*.smushcdn.com https://*.google-analytics.com https://*.gravatar.com; media-src 'self' https://*.nis.eu https://*.nis.rs; frame-src 'self' https://www.youtube.com/embed/ https://castbox.fm https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.vimeo.com; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://yoast.com https://wpmudev.com https://*.google-analytics.com; frame-ancestors 'self'; 1
default-src 'none'; img-src 'self' https: data:; style-src 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; script-src https://static.cloudflareinsights.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://easyapply.co https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com https://s.gethired.com https://www.googletagmanager.com https://*.acsbapp.com https://acsbapp.com https://unpkg.com https://momentjs.com https://www.google-analytics.com https://polyfill.io https://gitcdn.github.io https://*.googleapis.com https://s3.amazonaws.com https://cdn.jsdelivr.net https://apply.indeed.com https://www.googleadservices.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.opentok.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://*.axdapi.com https://*.google-analytics.com https://*.opendns.com https://www.dropbox.com https://*.pendo.io https://optanon.blob.core.windows.net https://click.appcast.io https://*.checkr.com https://cdn.hleb.prd.hlprd.com https://*.s3.indeed.com 1
script-src 'self'; script-src-elem 'self' 'unsafe-eval' 'nonce-Rs6T16HFRoS7tngt3HPD8xPN' 'sha256-8mhHF+WQFPbrFtZT3ILREQrpLHL4TVrQNQk6GdnEigE=' ssl.google-analytics.com platform.twitter.com cdn.syndication.twimg.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com thoughtleadershipmphasis.disqus.com www.linkedin.com graph.facebook.com c.disquscdn.com disqus.com munchkin.marketo.net https://assets.adobedtm.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://pbs.twimg.com/media https://cdn.cookie-script.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://beacon.crigloo.com/js/container_KAfRm6si.js; object-src 'none'; base-uri 'none'; frame-src www.youtube.com platform.twitter.com syndication.twitter.com disqus.com www2.mphasis.com www.mphasis.com *.demdex.net *.doubleclick.net; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; script-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.force.com wingate.edu; 1
default-src 'self' 'unsafe-inline';                     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.map.baidu.com ;                    img-src 'self' 'unsafe-inline' *.baidu.com *.map.baidu.com ;                    connect-src 'self' 'unsafe-inline' *.baidu.com *.map.baidu.com ;   1
frame-ancestors https://*.socialnature.com 1
frame-ancestors https://www.webcms.lu https://webcms.lu; 1
default-src 'self' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://nmonpoendpoint.2cnt.net blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 1
frame-ancestors 'self' https://*.lawschooldata.org; 1
default-src 'self' blob: https://*.lrsoutputmanagement.com:* http://*.lrsoutputmanagement.com:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src *.google-analytics.com 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src *.google-analytics.com 'self' data: *; frame-ancestors 'self' https://*.lrsoutputmanagement.com:* http://*.lrsoutputmanagement.com:*; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: https: 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
img-src 'self' *.commercecloud.salesforce.com *.demandware.net data: *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io i8.amplience.net https: *.adyen.com *.apple.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com *.paypal.com *.klarna.com *.klarnaservices.com https://js.klarna.com/web-sdk/v1/klarna.js https://services.postcodeanywhere.co.uk https://yourcommunify.com/api/onetoone/recommendation/getRecommendation *.curalate.com connect.facebook.net *.seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js *.cardcomplete.com *.btrl.ro *.erstebank.hu *.lloydstsb.com pay.activa-card.com *.wirecard.com *.otpbank.hu acs.sia.eu *.touchtechpayments.com *.sparkasse.at secure5.arcot.com www.securesuite.co.uk *.wlp-acs.com *.cardinalcommerce.com;media-src 'self' *.commercecloud.salesforce.com *.demandware.net data: *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io i8.amplience.net https: https://js.klarna.com/web-sdk/v1/klarna.js https://services.postcodeanywhere.co.uk *.seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js;script-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io *.adyen.com *.apple.com *.afterpay.com https://tagmanager.google.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.googleadservices.com *.doubleclick.net *.collect.igodigital.com/collect.js *.klarna.com *.paypal.com *.klarnaservices.com *.klarna.com *.playground.klarnaevt.com https://services.postcodeanywhere.co.uk https://js.klarna.com/web-sdk/v1/klarna.js https://js.klarna.com/web-sdk/v1/0.0.40/sdk.js https://js.klarna.com/web-sdk/v1/v1/sdk.js *.curalate.com connect.facebook.net *.webgains.io *.webgains.com *.facebook.net *.klarna.com *.klarnaevt.com *.playground.klarnaevt.com *.seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js https://js-agent.newrelic.com/nr-spa-1.243.1.min.js https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js https://js-agent.newrelic.com/nr-spa.1097a448-1.238.0.min.js *.cardcomplete.com *.btrl.ro *.erstebank.hu *.lloydstsb.com pay.activa-card.com *.wirecard.com *.otpbank.hu acs.sia.eu *.touchtechpayments.com *.sparkasse.at secure5.arcot.com www.securesuite.co.uk *.wlp-acs.com *.cardinalcommerce.com https://analytics.tiktok.com/i18n/pixel/events.js https://bat.bing.com/bat.js;connect-src 'self' 'unsafe-inline' api.cquotient.com *.adyen.com *.apple.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.googleadservices.com *.google.com *.doubleclick.net *.cdn.content.amplience.net cdn.media.amplience.net cdn.static.amplience.net *.collect.igodigital.com connect.facebook.net *.webgains.io *.webgains.com *.facebook.net *.facebook.com *.staging.bigcontent.io *.paypal.com *.afterpay.com *.klarna.com *.klarnaservices.com *.klarnaevt.com agent.newrelic.com *.nr-data.net https://services.postcodeanywhere.co.uk https://yourcommunify.com/api/onetoone/recommendation/getRecommendation https://js.klarna.com/web-sdk/v1/klarna.js https://js.klarna.com/web-sdk/config/runtime-config-playground.json https://o24547.ingest.sentry.io/api/4505471301713920/store/ *.salesforce.com/on/demandware.store/Sites-FiorucciUS-Site/default/Callback-SendConfirmationEmail *.demandware.net/on/demandware.store/Sites-FiorucciUS-Site/default/Callback-SendConfirmationEmail *.salesforce.com/on/demandware.store/Sites-FiorucciUK-Site/default/Callback-SendConfirmationEmail *.demandware.net/on/demandware.store/Sites-FiorucciUK-Site/default/Callback-SendConfirmationEmail *.salesforce.com/on/demandware.store/Sites-FiorucciEU-Site/default/Callback-SendConfirmationEmail *.demandware.net/on/demandware.store/Sites-FiorucciEU-Site/default/Callback-SendConfirmationEmail *.fiorucci.com/on/demandware.store/Sites-FiorucciEU-Site/default/Callback-SendConfirmationEmail *.fiorucci.com/on/demandware.store/Sites-FiorucciUS-Site/default/Callback-SendConfirmationEmail *.fiorucci.com/on/demandware.store/Sites-FiorucciUK-Site/default/Callback-SendConfirmationEmail *.mobify-storefront.com/en-US/Callback-SendConfirmationEmail *.mobify-storefront.com/en-GB/Callback-SendConfirmationEmail *.mobify-storefront.com/en/Callback-SendConfirmationEmail *.curalate.com connect.facebook.net *.playground.klarnaevt.com *.seal.digicert.com https://seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js ipapi.co *.cardcomplete.com *.btrl.ro *.erstebank.hu *.lloydstsb.com pay.activa-card.com *.wirecard.com *.otpbank.hu acs.sia.eu *.touchtechpayments.com *.sparkasse.at secure5.arcot.com www.securesuite.co.uk *.wlp-acs.com *.cardinalcommerce.com;default-src 'self' 'unsafe-eval' *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io *.cdn.static.amplience.net *.curalate.com connect.facebook.net *.seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js;frame-ancestors 'self' *.amplience.net;frame-src *.adyen.com *.apple.com *.youtube.com *.vimeo.com *.doubleclick.net *.playground.klarnaservices.com *.seal.digicert.com http://seal.digicert.com/seals/cascade/seal.min.js https://seal.digicert.com/seals/cascade/seal.min.js *.paypal.com *.cardcomplete.com *.btrl.ro *.erstebank.hu *.lloydstsb.com pay.activa-card.com *.wirecard.com *.otpbank.hu acs.sia.eu *.touchtechpayments.com *.sparkasse.at secure5.arcot.com www.securesuite.co.uk *.wlp-acs.com *.cardinalcommerce.com;font-src 'self' data: *.klarnacdn.net *.cloudflare.com *.js;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freeradical.zone; img-src 'self' https: data: blob: https://freeradical.zone; style-src 'self' https://freeradical.zone 'nonce-zObrQe44VHUpdGtz+LEdOQ=='; media-src 'self' https: data: https://freeradical.zone; frame-src 'self' https:; manifest-src 'self' https://freeradical.zone; form-action 'self'; child-src 'self' blob: https://freeradical.zone; worker-src 'self' blob: https://freeradical.zone; connect-src 'self' data: blob: https://freeradical.zone https://nfts.freeradical.zone wss://freeradical.zone; script-src 'self' https://freeradical.zone 'wasm-unsafe-eval' 1
"default-src 'self';" always; 1
frame-ancestors 'self' plays.org; 1
child-src 'none'; connect-src 'self' https://an.yandex.ru https://csi.gstatic.com https://mc.yandex.ru https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com https://yandex.ru; default-src 'self'; font-src 'self' https://yastatic.net; frame-src 'self' https://www.google.com https://googleads.g.doubleclick.net https://mc.yandex.ru https://metrika.yandex.ru https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://yastatic.net; img-src https://* data:; script-src 'self' https://www.google-analytics.com https://mc.yandex.ru https://yastatic.net 'nonce-27f0e5de436eec6173e1d247aacd8740'; style-src 'self' 'unsafe-inline'; worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com home-c36.nice-incontact.com www.360-value.com acceptance.360-value.com uat.360-value.com cdn.360-value.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.xverify.com; img-src 'self' data: images.scanalert.com universalproperty.com; font-src 'self' fonts.gstatic.com; frame-src 'self' home-c36.nice-incontact.com www.360-value.com acceptance.360-value.com uat.360-value.com cdn.360-value.com 1
frame-ancestors 'self' *.first.bank https://admin.first.bank/ https://admin.belay.bank/  https://ondemand.eoriginal.com https://firstbankmo--sbadev.sandbox.lightning.force.com https://firstbankmo--sbadev.sandbox.my.site.com https://firstbankmo--uat.sandbox.my.salesforce.com https://firstbankmo--uat.sandbox.lightning.force.com https://firstbankmo.my.salesforce.com; 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://classe-numerique.fr https://motoufo.fr; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tokhmi.xyz; img-src 'self' https: data: blob: https://tokhmi.xyz; style-src 'self' https://tokhmi.xyz 'nonce-xlLjhadn4kZgDtekq1MA/w=='; media-src 'self' https: data: https://tokhmi.xyz; frame-src 'self' https:; manifest-src 'self' https://tokhmi.xyz; connect-src 'self' data: blob: https://tokhmi.xyz https://tokhmi.xyz wss://tokhmi.xyz; script-src 'self' https://tokhmi.xyz 'wasm-unsafe-eval'; child-src 'self' blob: https://tokhmi.xyz; worker-src 'self' blob: https://tokhmi.xyz 1
default-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://www.youtube.com/ https://*.jsdelivr.net https://*.gravatar.com https://*.iubenda.com https://*.googletagmanager.com https://j.6sc.co https://*.hs-scripts.com https://*.hsforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.google-analytics.com https://*.gstatic.com https://b.6sc.co https://*.g.doubleclick.net https://*.google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hubspot.com https://www.google.co.uk https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsforms.com https://api.hubapi.com https://www.googleadservices.com https://*.licdn.com https://*.linkedin.com https://p.adsymptotic.com https://i.ytimg.com https://secure.adnxs.com https://c.6sc.co https://ipv6.6sc.co https://*.youtube-nocookie.com https://*.usemessages.com https://*.zoominfo.com https://*.clickagy.com https://*.hsleadflows.net https://ipv6.6sc.co https://*.usemessages.com https://*.zoominfo.com https://*.youtube-nocookie.com https://*.rlcdn.com https://*.hotjar.com https://*.bluekai.com https://*.crwdcntrl.net wss://ws6.hotjar.com wss://ws45.hotjar.com https://*.linkedin.oribi.io https://*.hotjar.io/ https://*.vimeo.com https://pre.wp-api.depicter.com https://*.depicter.com https://*.pexels.com https://*.unsplash.com https://*.demandbase.com https://api.company-target.com https://*.company-target.com; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7uvjdj1iqubks&partner=; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.salecycle.com *.bing.com *.sojern.com c.go-mpulse.net s.go-mpulse.net *.google.com *.youtube.com *.googletagmanager.com *.gstatic.com *.ytimg.com *.googleapis.com code.jquery.com addevent.com *.tribalfusion.com *.hotjar.com *.facebook.net *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net ad.doubleclick.net *.google.co.in appdyn.dp-r.com mc.yandex.md mc.yandex.ru static.ads-twitter.com cdnjs.cloudflare.com motiongatedubai.api.useinsider.com *.twitter.com *.googleadservices.com *.google-analytics.com paypage.sandbox.ngenius-payments.com  paypage.ngenius-payments.com t.co *.googleusercontent.com *.mouseflow.com vc.hotjar.io *.google.ae *.akamaihd.net geo-tracker.ads.memob.com *.cloudfront.net *.akstat.io sc-static.net match.adsrvr.org tr.snapchat.com *.adnxs.com trk.adbutter.net  *.travelaudience.com stags.bluekai.com policy.cookiereports.com cdn.ckeditor.com *.typeform.com cdn.logwork.com logwork.com *.123formbuilder.com *.teads.tv data:; 1
script-src 'self' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob:;img-src 'self' data: blob:;media-src 'self';connect-src 'self' https://*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; report-to default 1
default-src 'none';font-src 'self';style-src 'self' *.stripe.com;img-src 'self' data: *.stripe.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com https://www.google.com chart.googleapis.com ;connect-src 'self' *.googletagmanager.com *.google-analytics.com *.analytics.google.com; form-action 'self' *.mobilecheckin.net ;object-src 'none';base-uri 'none';script-src 'self' 'nonce-ZSun567s' *.stripe.com https://www.googletagmanager.com; media-src 'self';frame-src 'self' *.stripe.com *.youtube.com; frame-ancestors *.stripe.com *.youtube.com; 1
default-src 'self' *.google-analytics.com *.google.com *.youtube.com performance.typekit.net www.contentpagina.nl my2.siteimprove.com id.siteimprove.com *.readspeaker.com stats.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://widget.onlineafspraken.nl;        child-src 'self' *.google.com *.youtube.com open.spotify.com *.vimeo.com rijnstate.patientjourneyapp.com rijnstate.behandelpad.nl app-eu.readspeaker.com isappdc.nl widget.onlineafspraken.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.nl *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.youtube.com s.ytimg.com *.perplex.nl use.typekit.net www.zorgkaartnederland.nl www.contentpagina.nl cdn.siteimprove.net *.readspeaker.com https://widget.onlineafspraken.nl;        style-src  'self' data: 'unsafe-inline' *.google.nl *.google.com *.googleapis.com www.zorgkaartnederland.nl www.contentpagina.nl maxcdn.bootstrapcdn.com *.readspeaker.com i3.ytimg.com https://widget.onlineafspraken.nl;        img-src 'self' p.typekit.net data: *.google.nl *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.perplex.nl www.zorgkaartnederland.nl www.gravatar.com https://i3.ytimg.com;        font-src 'self' use.typekit.net data: *.gstatic.com maxcdn.bootstrapcdn.com https://widget.onlineafspraken.nl;        frame-ancestors 'self' https://widget.onlineafspraken.nl;        form-action 'self' https://widget.onlineafspraken.nl;               upgrade-insecure-requests; block-all-mixed-content; 1
default-src data: blob: *; script-src 'self' 'unsafe-inline' blob: data: keram-market.ru *.keram-market.ru keram-market.ru:* *.keram-market.ru:* cdn.keram-market.ru 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net *.fbcdn.net *.facebook.net *.twitter.com mc.yandex.ru api-maps.yandex.ru suggest-maps.yandex.ru *.yandex.net yastatic.net webvisor.com *.webvisor.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.google.com 127.0.0.1:* icasa.ru *.icasa.ru; connect-src 'self' 'unsafe-inline' mc.yandex.ru google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net keram-market.ru:* *.keram-market.ru:* wss://keram-market.ru:* wss://*.keram-market.ru:*; style-src data: blob: 'unsafe-inline' *; font-src 'self' 'unsafe-inline' blob: data: keram-market.ru *.keram-market.ru keram-market.ru:* *.keram-market.ru:* cdn.keram-market.ru 127.0.0.1:* fonts.gstatic.com icasa.ru *.icasa.ru; 1
frame-ancestors 'self' *.diil.ee 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://mf.igspectrum.net https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl  https://*.webspellchecker.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.nu; img-src 'self' https: data: blob: https://masto.nu; style-src 'self' https://masto.nu 'nonce-9qmbLotodzijT5eo3Ijb1g=='; media-src 'self' https: data: https://masto.nu; frame-src 'self' https:; manifest-src 'self' https://masto.nu; form-action 'self'; child-src 'self' blob: https://masto.nu; worker-src 'self' blob: https://masto.nu; connect-src 'self' data: blob: https://masto.nu https://media.masto.nu wss://masto.nu; script-src 'self' https://masto.nu 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com app.usercentrics.eu cdn.livechatinc.com api.livechatinc.com www.gstatic.com www.googleadservices.com maps.googleapis.com www.google.com; frame-src 'self' secure.livechatinc.com www.google.com www.youtube-nocookie.com www.youtube.com servicesdes.indenova.eu services.indenova.eu services.indenova.net services.esigna.es sign.clickandsign.eu signtest.clickandsign.eu; object-src 'self'; frame-ancestors 'self' 1
default-src https:; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
frame-ancestors 'self' *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.licdn.com *.doubleclick.net *.facebook.net cdnjs.cloudflare.com *.onetrust.com *.typeform.com unpkg.com/flickity-fade@1/flickity-fade.js unpkg.com/flickity-transformer/dist/flickity-transformer.pkgd.min.js unpkg.com *.tiktok.com 1
default-src 'self' www.raa.se raa.diva-portal.org *.readspeaker.com sketchfab.com feeds.feedburner.com k-blogg.se *.flickr.com *.staticflickr.com *.elementor.com *.typekit.net *.google.com *.gravatar.com *.youtube.com code.jquery.com libguides-proc-eu.springyaws.com lgapi-eu.libapps.com libapps-eu.s3.amazonaws.com *.youtu.be *.youtube-nocookie.com webshop.publit.com *.infra.entryscape.com webstats.sgit.se webbanalys.sgit.se widget.publit.com *.hotjar.io ws: ws.hotjar.com *.anpdm.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com *.typekit.net code.jquery.com *.google.com *.gstatic.com cdn.jsdelivr.net unpkg.com *.hotjar.com catalog.raa.se static.entryscape.com webstats.sgit.se *.publit.com webbanalys.sgit.se widget.publit.com *.libapps.com; style-src 'self' 'unsafe-inline' *.readspeaker.com *.libapps.com *.googleapis.com unpkg.com; font-src 'self' data: *.typekit.net fonts.gstatic.com static.entryscape.com *.libapps.com; frame-ancestors 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.join.com join.com *.clickup.com clickup.com;style-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com;style-src-elem 'self' 'unsafe-inline'  *.usercentrics.eu *.join.com join.com blob: data:;font-src 'self' 'unsafe-inline'  *.usercentrics.eu *.join.com join.com blob: data:;connect-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com;img-src 'self' 'unsafe-inline' *.usercentrics.eu *.join.com join.com data: secure.gravatar.com;frame-src 'self' *.usercentrics.eu *.join.com join.com forms.clickup.com; 1
default-src 'self' *.phonebooky.com *.booky.ph *.bky.ph;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com static.clevertap.com sg1.wzrkt.com d2r1yp2w7bby2u.cloudfront.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.booky.ph booky-nonprod-images.s3-ap-southeast-1.amazonaws.com booky-merchant-dashboard.s3.amazonaws.com *.bky.ph *.phonebooky.com data: *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com;object-src 'none';media-src 'self' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com;font-src 'self' data: fonts.gstatic.com;report-uri /report-violation;worker-src none;connect-src 'self' *.phonebooky.com *.booky.ph *.bky.ph https://api.v5.booky.ph/booky-apollo-serverless static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mementomori.social; img-src 'self' data: blob: https://mementomori.social https://media.mementomori.social; style-src 'self' https://mementomori.social 'nonce-reSu3n21Mo4ihEAZBGuo3A=='; media-src 'self' data: https://mementomori.social https://media.mementomori.social; frame-src 'self' https:; manifest-src 'self' https://mementomori.social; form-action 'self'; child-src 'self' blob: https://mementomori.social; worker-src 'self' blob: https://mementomori.social; connect-src 'self' analytics.dude.fi data: blob: https://mementomori.social https://media.mementomori.social wss://mementomori.social; script-src 'self' https://mementomori.social 'wasm-unsafe-eval' analytics.dude.fi 1
default-src 'self' *.dlgsc.wa.gov.au *.facebook.com *.facebook.net www.youtube.com *.google.com *.google.com/maps *.facebook.com *.monsido.com *.fbcdn.net *.b-cdn.net *.service.wa.gov.au https://platform.twitter.com anchor.fm *.soundcloud.com https://www.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dlgsc.wa.gov.au *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org 35.189.0.46 *.monsido.com *.tracking.monsido.com *.google.com https://cdnjs.cloudflare.com https://www.feedrapp.info 127.0.0.1 *.hotjar.com *.monsido.com *.curator.io *.visualwebsiteoptimizer.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.dlgsc.wa.gov.au *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.dlgsc.wa.gov.au *.curator.io; img-src 'self' *.dlgsc.wa.gov.au *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.monsido.com *.curator.io *.fbcdn.net *.b-cdn.net *.visualwebsiteoptimizer.com; media-src 'self' data: blob: cdn.dlgsc.wa.gov.au *.dlgsc.wa.gov.au; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com outlook.office365.com anchor.fm google.com; connect-src 'self' accounts.google.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.feedrapp.info *.hotjar.com *.curator.io *.wa.gov.au *.service.wa.gov.au https://platform.twitter.com anchor.fm https://www.google-analytics.com *.googleapis.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-66ec0c725cff0b46797516b0474025d7'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com https://www.youtube.com https://googleads.g.doubleclick.net *.crazyegg.com api.ipify.org *.cookielaw.org *.onetrust.com cdn.pricespider.com connect.facebook.net s.pinimg.com *.google-analytics.com *.googletagmanager.com pghub.io z.moatads.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://downloads.ctfassets.net https://assets.ctfassets.net https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://img.youtube.com https://i.ytimg.com videos.ctfassets.net images.ctfassets.net match.adsrvr.org ct.pinterest.com pixel.tapad.com px.moatads.com *.akamaihd.net *.google.hr *.google-analytics.com www.facebook.com *.googletagmanager.com *.google.com feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * script.crazyegg.com:* *.crazyegg.com ; frame-src 'self' https://td.doubleclick.net https://videos.ctfassets.net https://www.youtube-nocookie.com https://www.youtube.com pandg.tapad.com ct.pinterest.com www.facebook.com feed.pghub.io ; manifest-src * ; 1
default-src 'self'; child-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/exif-js https://cdn.jsdelivr.net/npm/uuid@latest/dist/umd/uuidv4.min.js https://cdnjs.cloudflare.com/ajax/libs/html5-qrcode/1.2.4/html5-qrcode.min.js; img-src 'self' data: https://baggage-files-prod.s3.eu-west-2.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline'  https://cdn.cookielaw.org https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://www.recaptcha.net https://cdn.cookielaw.org; connect-src 'self' https://www.google-analytics.com https://cdn.cookielaw.org https://s3.eu-west-2.amazonaws.com/baggage-files-prod https://wtss-api.mybag.aero; frame-src 'self' https://fonts.gstatic.com https://google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha; 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'self' blob: https: 'unsafe-inline' https://manager.lecoqsportif.com; img-src data: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.facebook.com *.criteo.com *.criteo.net *.woorank.com *.lablcs.com *.sinfin.fr *.matomo.cloud *.pingdom.net *.googlesyndication.com 1
default-srd 'self'; 1
connect-src 'self' surveys.enalyzer.com https://*.servmetric.com *.readspeaker.com ;default-src 'self' ;font-src 'self' data: *.typekit.net ;form-action 'self' https://easionsurvey.parantion.nl https://apps.parantion.nl ;frame-ancestors 'self' ;frame-src 'self' surveys.enalyzer.com *.formdesk.com *.govmetric.com *.youtube-nocookie.com *.youtube.com *.storing24.nl gis.apeldoorn.nl https://*.google.com ;img-src 'self' gis.apeldoorn.nl https://www.toegankelijkheidsverklaring.nl https://*.govmetric.com https://*.global.siteimproveanalytics.io https://i.ytimg.com ;script-src 'self' surveys.enalyzer.com *.formdesk.com *.readspeaker.com 'nonce-BuitenlnScr' 'nonce-SiteImp' ajax.googleapis.com *.youtube.com https://*.servmetric.com https://*.govmetric.com https://siteimproveanalytics.com https://*.google.com ;style-src 'self' 'nonce-BuitenlnSty' *.typekit.net *.readspeaker.com https://*.servmetric.com https://*.govmetric.com; 1
default-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';script-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob:  'self' 'unsafe-inline' 'unsafe-eval';style-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self' 'unsafe-inline';img-src * data: blob: filesystem: cid:;connect-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: data:  'self';base-uri *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';form-action *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';object-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';frame-ancestors *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';font-src data: *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';media-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: file: blob: https://videodelivery.net 'self';frame-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net https://www.youtube.com https://player.vimeo.com data: mailto: blob: ;manifest-src 'self';worker-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: 'self';child-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: 'self'; 1
; connect-src 'self' www.google-analytics.com cdn.segment.com api.segment.io analytics.tiktok.com stats.g.doubleclick.net ct.pinterest.com cdn.linkedin.oribi.io csmetrics.hotjar.com public.fbot.me events.attentivemobile.com yardzen.attn.tv api-iam.intercom.io wss://nexus-websocket-a.intercom.io www.facebook.com reviewsonmywebsite.com cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/ gtm-tldzcx7-mjdhm.uc.r.appspot.com in.hotjar.com vc.hotjar.io yardzen2023.wpengine.com www.lightboxcdn.com wss://ws41.hotjar.com content.hotjar.io wss://wsp10.hotjar.com wss://wsp19.hotjar.com sdk.split.io auth.split.io events.split.io streaming.split.io ipapi.co https://ipapi.co/json yardzen-us.attn.tv pangaea.yardzen.com; object-src 'none'; img-src 'self' yardzen2023.wpengine.com yardzendev.wpengine.com yardzenstage.wpengine.com p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com storage.googleapis.com/yardzen-public-assets/ t.co analytics.twitter.com www.facebook.com data.adxcel-ec2.com www.lightboxcdn.com ct.pinterest.com flask.nextdoor.com px.ads.linkedin.com www.google.com bat.bing.com px4.ads.linkedin.com s3.lightboxcdn.com cdn.giftup.app reviewsonmywebsite.com s3.romw-cdn.co ui-avatars.com *.google.rs/ads/ga-audiences js.intercomcdn.com/images/ static.intercomassets.com/avatars/ images.squarespace-cdn.com www.linkedin.com alb.reddit.com optimize.google.com public-assets.yardzen.com gtlyimg.co yardzen.com images.unsplash.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' use.typekit.net ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleanalytics.com static.addtoany.com www.lightboxcdn.com connect.facebook.net static.ads-twitter.com www.dwin1.com cdn.segment.com utt.impactcdn.com static.hotjar.com analytics.tiktok.com embedsocial.com www.googleoptimize.com s.pinimg.com snap.licdn.com ads.nextdoor.com bat.bing.com static.fbot.me campaign.fbot.me cdn.attn.tv api.lightboxcdn.com widget.intercom.io js.intercomcdn.com script.hotjar.com reviewsonmywebsite.com cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/ www.googleadservices.com www.redditstatic.com optimize.google.com creatives.attn.tv cdn.polyfill.io/v2/polyfill.min.js cdn.split.io/sdk/split-10.22.4.js cdn.split.io/sdk/split-10.23.0.min.js sdk.split.io js.stripe.com/v3/; style-src 'unsafe-inline' 'self' embedsocial.com www.lightboxcdn.com fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/ optimize.google.com fonts.googleapis.com; font-src 'self' data: *.typekit.net fonts.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.intercomcdn.com; frame-src 'self' *.youtube.com *.vimeo.com static.addtoany.com www.facebook.com embedsocial.com ct.pinterest.com vars.hotjar.com calendly.com www.google.com cdn.giftup.app widget.fbot.me optimize.google.com creatives.attn.tv cdn.attn.tv js.stripe.com; default-src 'self' js.intercomcdn.com yardzen2023.wpengine.com yardzen.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.biexcellence.com cdn.biexcellence.com *.fontawesome.com *.googleapis.com https://www.google.de/maps *.emailsys1a.net *.etracker.com *.etracker.de cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com cdn.jsdelivr.net; img-src 'self' data: cdn.biexcellence.com *.fontawesome.com c.emailsys1a.net cdn.biexcellence.com cdn.jsdelivr.net *.tile.openstreetmap.org; font-src 'self' data: *.fontawesome.com cdn.biexcellence.com; media-src 'self'; object-src 'none'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://www.google.com/ https://t21dcdde4.emailsys1a.net/; frame-ancestors 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com maja.ai *.fontawesome.com *.google-analytics.com cdn.biexcellence.com nominatim.openstreetmap.org 1
base-uri https://www.mbank.pl; report-uri https://wwwsk.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://c.imedia.cz https://cdn.mbiscuit.mbank.sk https://cdn.skp.mbank.pl https://connect.facebook.net https://cz.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ctnsnet.com https://ls.hit.gemius.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://s.ytimg.com https://s2.adform.net https://script.hotjar.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://track.adform.net/ https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.sk https://www.seznam.cz/ https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://www.mbank.sk; img-src 'self' data: https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://bcp.crwdcntrl.net https://c.imedia.cz https://cdn.ctnsnet.com https://cdn.skp.mbank.pl https://cm.ctnsnet.com https://cm.g.doubleclick.net https://csi.gstatic.com https://cz.hit.gemius.pl https://gcm.ctnsnet.com https://googleads.g.doubleclick.net https://i.ctnsnet.com https://i.ytimg.com https://ib.adnxs.com https://inl.ctnsnet.com https://ipac.ctnsnet.com https://khms0.googleapis.com https://khms1.googleapis.com https://ls.hit.gemius.pl https://maps.googleapis.com https://maps.gstatic.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://s2.adform.net https://scm.ctnsnet.com https://script.hotjar.com https://secure.adnxs.com https://sk-gmtdmp.mookie1.com/ https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://tagmanager.google.com https://track.adform.net/ https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.cz https://www.mbank.sk; font-src 'self' data: https://cdn.mbiscuit.mbank.sk https://fonts.gstatic.com https://script.hotjar.com https://www.mbank.sk; connect-src 'self' https://*.hotjar.com https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.sk https://api.skp.mbank.pl https://cm.g.doubleclick.net https://cz.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://ls.hit.gemius.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tracker.skp.mbank.pl https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.sk wss://*.hotjar.com wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.sk; object-src 'self' https://www.mbank.sk https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://c.imedia.cz https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://tagmanager.google.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.sk https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://tagmanager.google.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.sk https://www.youtube.com; form-action 'self' https://form.mbank.sk https://www.mbank.sk; frame-ancestors 'self' https://www.mbank.sk; 1
frame-ancestors agc.ardaghgroup.com 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.addthis.com *.adnxs.com *.akamaized.net *.amazonaws.com *.americanexpress.com *.android.com *.aturahotels.com *.azureedge.net *.bing.com *.bootstrapcdn.com *.braintree-api.com *.braintreegateway.com *.braze.com *.browser-update.org *.cardinalcommerce.com *.cendynhub.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.criteo.com *.criteo.net *.d-edgeconnect.media *.datatrans.com *.demdex.net *.doubleclick.net *.duosecurity.com *.elev.io *.estherrestaurant.com *.event-restaurants-venues.com *.eventcinemas.com.au *.everestjs.net *.everesttech.net *.facebook.com *.fontawesome.com *.gleam.io *.gleamjs.io *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.independentcollection.com.au *.instagram.com *.ivvy.com *.ivvy.com.au *.jquery.com *.jsdelivr.net *.kaptcha.com *.lafourchette.com *.mews-demo.com *.mews.com *.mews.li *.mintdesign.co.nz *.mycardsecure.com *.myma.ai *.ovalhotel.com.au *.paypal.com *.paypalobjects.com *.planpay.com *.priorityguestrewards.com *.qtathome.com *.qthotels.com *.quantcount.com *.quantserve.com *.resdiary.com *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.sentry-cdn.com *.sg-form.com *.sharepointonline.com *.sojern.com *.stripe.com *.tamgrt.com *.thehotelsnetwork.com *.tiktok.com *.typekit.net *.vimeo.com *.weatherwidget.io *.wistia.com *.wp.com *.wpo365.com *.wufoo.com *.wufoo.eu *.yoast.com *.youtube.com addthis.com ade.clmbtech.com adnxs.com ads.yahoo.com adservice.google.de adservice.google.fr akamaized.net amazonaws.com americanexpress.com analytics.tiktok.com android.com attestation.android.com azureedge.net bam.nr-data.net bat.bing.com beacon-v2.helpscout.net bing.com bookings.qthotels.com bootstrapcdn.com braintree-api.com braintreegateway.com braze.com browser-update.org c.bing.com cardinalcommerce.com cdn.forms-content.sg-form.com cdn.jsdelivr.net cendynhub.com clarity.ms cloud.typography.com cloudflare.hcaptcha.com cloudfront.net cm.g.doubleclick.net cm.mgid.com code.jquery.com connect.facebook.net contextual.media.net criteo-sync.teads.tv criteo.com criteo.net cw.addthis.com d-edgeconnect.media datatrans.com demdex.net duosecurity.com eb2.3lift.com elev.io estherrestaurant.com event-restaurants-venues.com eventcinemas.com.au everestjs.net everesttech.net extreme-ip-lookup.com fontawesome.com fonts.googleapis.com fonts.gstatic.com gleam.io gleamjs.io google.com googletagmanager.com hotjar.com hotjar.io i.ytimg.com idsync.rlcdn.com independentcollection.com.au instagram.com ivvy.com ivvy.com.au jquery.com js-agent.newrelic.com js.appboycdn.com js.sentry-cdn.com kaptcha.com kg668dbov0.execute-api.us-east-1.amazonaws.com lafourchette.com match.adsrvr.org match.sharethrough.com maxcdn.bootstrapcdn.com mews-demo.com mews.com mews.li mintdesign.co.nz mpsnare.iesnare.com mycardsecure.com myma.ai p.typekit.net participant.connect.ap-southeast-2.amazonaws.com paypal.com pixel.advertising.com pixel.quantserve.com pixel.rubiconproject.com pixel.tapad.com planpay.com polyfill.io qtathome.com r.casalemedia.com resdiary.com rsa3dsauth.co.uk rtb-csync.smartadserver.com rtd-tm.everesttech.net s.ad.smaato.net secure.adnxs.com secure7.arcot.com securepubads.g.doubleclick.net sentry-cdn.com sharepointonline.com simage2.pubmatic.com sojern.com sp.analytics.yahoo.com spoprod-a.akamaihd.net static.tacdn.com stripe.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.e-planning.net tamgrt.com tiktok.com typekit.net ups.analytics.yahoo.com us-u.openx.net use.typekit.net vimeo.com visitor.omnitagjs.com weatherwidget.io wistia.com wp.com wpo365.com www.aexp-static.com www.everestjs.net www.google.com www.google.com.au www.googletagmanager.com www.googletagservices.com www.gstatic.com www.qthotels.com www.surveymonkey.com www.thehotelsnetwork.com xhr.spec.whatwg.org yoast.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
default-src 'self' maxcdn.bootstrapcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineafspraken.nl *.facebook.net  *.jsdelivr.net *.mouseflow.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl *.facebook.net *.jsdelivr.net *.mouseflow.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;connect-src 'self' *.jsdelivr.net *.onlineafspraken.nl code.jquery.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;manifest-src 'self';img-src 'self' *.onlineafspraken.nl *.facebook.net *.facebook.com *.ytimg.com data: *.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;style-src 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu;style-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu;base-uri 'self';frame-src 'self' *.facebook.com *.youtube.com *.youtu.be *.google.com portal.websecurityscan.eu;font-src 'self' *.onlineafspraken.nl maxcdn.bootstrapcdn.com fonts.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com; connect-src 'self' https://region1.google-analytics.com; frame-src 'self' https://maps.google.com www.google.com https://www.youtube.com; 1
default-src https: 'self' *.yhlsoft.com *.advyzon.com *.advisorservices.com *.tdainstitutional.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * data:; frame-ancestors 'self' *.yhlsoft.com *.advyzon.com *.advisorservices.com *.tdainstitutional.com investwithintegrity.com www.logicwealthmanagement.com jvglobalcap.com protrading.stirlingshire.com ss-live-prod.etnasoft.us *.force.com *.salesforce.com *.visualforce.com; font-src * data:; connect-src wss: https:; media-src 'self' *.zdassets.com data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.pardot.com content.openbanking.org.uk wss://*.hotjar.com *.hotjar.com *.hotjar.io s.w.org cdnjs.cloudflare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com googleapis.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.gravatar.com *.gstatic.com *.plyr.io *.vimeocdn.com *.tiki-toki.com *.workable.com *.google.co.uk data:; 1
frame-ancestors 'self' https://*.dealogic.com; 1
default-src 'self' *.autopanorama.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *.motorpage.ru *.inrd.ru 6ag.ru *.googletagmanager.com *.googlesyndication.com *.facebook.com *.vk.com vk.com https://apis.google.com *.serving-sys.com *.google.com *.google.ru *.google.com.ua *.twitter.com *.youtube.com https://www.youtube.com *.odnoklassniki.ru *.adriver.ru *.doubleclick.net discovery-russia.ru https://accounts.google.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com https://code.createjs.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' site.yandex.net clck.yandex.ru an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.motorpage.ru *.inrd.ru  *.google.com https://apis.google.com *.serving-sys.com ajax.googleapis.com www.gstatic.com https://pagead2.googlesyndication.com https://yastatic.net https://code.createjs.com http://pagead2.googlesyndication.com http://localhost:59376 https://adservice.google.ru vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru *.pinterest.com counter.rambler.ru www.googletagservices.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com *.adlabs.ru *.adriver.ru *.ok.ru ok.ru *.odnoklassniki.ru *.adsafeprotected.com; object-src 'self' *.adriver.ru *.gstatic.com;style-src 'self' 'unsafe-inline' *.motorpage.ru *.inrd.ru fonts.googleapis.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net;img-src 'self' data: mc.yandex.ru bs.serving-sys.com bs.serving-sys.ru secure-ds.serving-sys.com avatars-fast.yandex.net avatars.mds.yandex.net site.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net counter.yadro.ru *.motorpage.ru *.inrd.ru *.weborama.fr *.gemius.pl *.google.md *.google.lt *.google.co.uk *.pinterest.com vk.com *.googleusercontent.com www.google-analytics.com *.google.com *.google.ru *.google.by *.google.com.ua *.google.be *.google.kz *.gstatic.com counter.rambler.ru *.mail.ru *.tns-counter.ru *.adriver.ru *.doubleclick.net https://stats.g.doubleclick.net *.adlooxtracking.com *.adsafeprotected.com; media-src 'self' data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; font-src 'self' data: fonts.gstatic.com data: an.yandex.ru yastatic.net yastat.net cdnjs.cloudflare.com; connect-src 'self' *.adriver.ru *.serving-sys.com www.google-analytics.com stats.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *.adsafeprotected.com; 1
frame-ancestors 'self' livanova-global-cms-prod-2020.azurewebsites.net; 1
frame-ancestors 'self' https://*.enkatfabriken.com https://enkatfabriken.com 1
connect-src 'self' https://stats.g.doubleclick.net/j/collect https://*.googleapis.com https://www.google-analytics.com https://cdn.linkedin.oribi.io https://www.facebook.com/tr/;              default-src 'self';       frame-src 'self' https://maps.kimcorealty.com https://kimcorealty.widen.net https://id-plans.vr-360-tour.com https://id360.idplans.com https://virtualtour.idplans.com https://idcloud.idplans.com https://idvision.idplans.com https://hubster.idplans.com https://idintel.idplans.com https://idinspect.idplans.com https://my.mpskin.com https://cf-store.widencdn.net/;             font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com;              img-src 'self' data: https://eu2allwebext.blob.core.windows.net https://kimcorealty.widen.net https://www.facebook.com/tr/ https://px.ads.linkedin.com/collect https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com www.w3.org https://www.google-analytics.com https://www.google.com/pagead/  https://www.googletagmanager.com/  https://embed.widencdn.net https://cdn.vr-360-tour.com/ https://cf-store.widencdn.net;             media-src 'self' https://eu2allwebext.blob.core.windows.net https://kimcorealty.widen.net https://cf-store.widencdn.net;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://eu2allwebext.blob.core.windows.net https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.googleapis.com https://www.google-analytics.com;              style-src 'self' 'unsafe-inline'  https://eu2allwebext.blob.core.windows.net https://fonts.googleapis.com https://kit.fontawesome.com https://ka-p.fontawesome.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://linuxrocks.online; img-src 'self' https: data: blob: https://linuxrocks.online; style-src 'self' https://linuxrocks.online 'nonce-tg18flmBDU6FCpufHJdteg=='; media-src 'self' https: data: https://linuxrocks.online; frame-src 'self' https:; manifest-src 'self' https://linuxrocks.online; form-action 'self'; child-src 'self' blob: https://linuxrocks.online; worker-src 'self' blob: https://linuxrocks.online; connect-src 'self' data: blob: https://linuxrocks.online https://linuxrocks.online wss://linuxrocks.online; script-src 'self' https://linuxrocks.online 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net http://webvisor.com https://metrika.yandex.ru; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.jooancloud.com:443 1
default-src 'self' data: ; script-src 'self' https://*.bing.com https://*.facebook.net https://*.doubleclick.net https://*.trustedshops.com https://*.vchfy.com https://*.googletagmanager.com https://*.google-analytics.com https://*.yellowmap.de https://*.unzer.com https://*.samhammer.de https://*.melitta.de https://*.loyjoy.com https://privacyportal-eu-cdn.onetrust.com https://melitta.matomo.cloud https://cdn.cookielaw.org https://challenges.cloudflare.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.yellowmap.de https://*.unzer.com https://*.samhammer.de https://fast.fonts.net https://*.melitta.de https://privacyportal-eu-cdn.onetrust.com 'unsafe-inline'; media-src 'self' https://*.melitta.de; img-src * 'self' blob: data: 'unsafe-inline'; connect-src https://*.facebook.com/ https://*.trustbadge.com/ https://*.etrusted.com https://*.trustedshops.com https://*.doubleclick.net https://*.melitta-group.com https://*.google-analytics.com https://*.vchfy.com https://*.yellowmap.de https://*.heidelpay.com https://*.unzer.com https://melitta.matomo.cloud https://*.loyjoy.com https://*.samhammer.de https://*.melitta.de https://cdn.cookielaw.org https://*.onetrust.com wss: 'self'; frame-src 'self' https://*.facebook.com/ https://*.doubleclick.net/ https://*.vchfy.com https://*.heidelpay.com https://www.youtube-nocookie.com https://*.trustedshops.com https://challenges.cloudflare.com; worker-src 'self' blob:; font-src https://*.yellowmap.de https://*.unzer.com https://*.loyjoy.com https://*.samhammer.de https://*.melitta.de 'self' https://*.onetrust.com data:; object-src 'none'; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.sentry.io https://api.bullet-train.io https://apis.postcode-jp.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://recaptcha.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self' https://www.google.com; img-src data: blob: 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self';child-src 'self' www.youtube.com livemap.getwemap.com *.fls.doubleclick.net;img-src 'self' ws-events.fr www.google-analytics.com *.youtube.com i.ytimg.com www.googletagmanager.com axeptio.imgix.net favicons.axept.io *.gstatic.com 'unsafe-inline' data: maps.gstatic.com *.googleapis.com *.ggpht livemap.getwemap.com ;script-src 'self' 'unsafe-inline' www.google-analytics.com s.ytimg.com www.youtube.com www.googletagmanager.com maps.googleapis.com unpkg.com ws-events.fr livemap.getwemap.com api.getwemap.com static.axept.io api.axept.io client.axept.io googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net region1.analytics.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com livemap.getwemap.com;connect-src 'self' 'unsafe-inline' www.google-analytics.com s.ytimg.com www.youtube.com www.googletagmanager.com maps.googleapis.com unpkg.com ws-events.fr livemap.getwemap.com api.getwemap.com static.axept.io api.axept.io client.axept.io googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net region1.analytics.google.com fonts.googleapis.com fonts.gstatic.com; 1
script-src https://connect.facebook.net https://linkprotect.cudasvc.com https://www.googletagmanager.com https://fonts.gstatic.com *.hotjar.com *.google-analytics.com *.americaneagle.com *.hawksearch.com *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'none'; base-uri 'none'; object-src 'none'; script-src 'nonce-4d3a0d5d92b2efe6a801ae8c219d05d3' 'strict-dynamic' plausible.io www.googletagmanager.com *.google-analytics.com https: 'self' 'report-sample' 'unsafe-inline'; style-src 'self' tagmanager.google.com *.googleapis.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com www.googletagmanager.com plausible.io; img-src 'self' *.google-analytics.com www.googletagmanager.com *.gstatic.com data:; media-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none'; manifest-src 'self'; frame-src 'none'; form-action 'self' ibuildings.nl api.ibuildings.nl ibuildings.com; report-to default 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-OWQwNmRjMmQtMzgzYS00ZDQyLWE0ZGEtYTQ3OTU1YmRmMzJh'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai vidtok.ru https://vidtok.ru https://tivizor.ru tivizor.ru *.am15.net am15.net x.mobalert.net *.vk.me *.vk.com vk.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vidtok.ru vidtok.ru https://tivizor.ru tivizor.ru videopotok.pro *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai am15.net *.am15.net translate.google.com x.mobalert.net *.vk.com vk.com;child-src 'self' *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai https://vidtok.ru vidtok.ru https://tivizor.ru tivizor.ru *.am15.net:8081 am15.net:8081 am15.net *.am15.net m.vk.com *.vk.com vk.com;connect-src 'self' *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai;style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.fonts.googleapis.com *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai *.am15.net https://fonts.googleapis.com;font-src 'self' *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai  data: http://fonts.gstatic.com;img-src 'self' *.xn--80adhccsnv2afbpk.xn--p1ai xn--80adhccsnv2afbpk.xn--p1ai am15.net *.am15.net https://*.vk.me *.vk.me *.vk.com vk.com counter.yadro.ru;object-src 'self' am15.net;report-uri http://xn--80adhccsnv2afbpk.xn--p1ai/CSP-only-my.php; 1
default-src 'self'  https://*.obralia.com shttps://*.nalandaglobal.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com https: data: 'unsafe-inline' 'unsafe-eval'; style-src 'self'   https://*.obralia.com https://*.nalandaglobal.com 'unsafe-inline'; img-src 'self' https://ssl.google-analytics.com https://track.hubspot.com https://*.linkedin.com  https://*.obralia.com https://*.nalandaglobal.com https://v2assets.zopim.io https://static.zdassets.com data:; 1
frame-ancestors 'self' hubspot.com youtube.com 1
default-src https: 'self' wss: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 1
default-src 'self'; child-src 'self' https://*.holidaytaxis.com https://www.facebook.com https://staticxx.facebook.com; connect-src 'self' https://*.holidaytaxis.com https://*.cdninstagram.com https://https//www.facebook.com https//www.facebook.com https://*.facebook.net https://*.feefo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://widget.trustpilot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://*.8x8.com https://endpoint-app-uk.cognigy.ai wss://*.facebook.com wss://*.holidaytaxis.com wss://endpoint-app-uk.cognigy.ai; font-src 'self' https://*.holidaytaxis.com https://fonts.gstatic.com data:; frame-src https://*.holidaytaxis.com https://*.conxxe.com https://*.doubleclick.net https://*.worldpay.com https://widget.trustpilot.com https://widgets.wp.com https://*.8x8.com; img-src 'self' https://*.holidaytaxis.com https://holidaytaxis.com https://*.awin1.com https://*.doubleclick.net https://*.feefo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.quora.com https://*.vzaar.com https://bat.bing.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.se https://*.adroll.com https://*.bidswitch.net https://*.adnxs.com https://crossmetrix.com https://*.openx.net https://*.yahoo.com https://*.rlcdn.com https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://d3k81ch9hvuctc.cloudfront.net https://*.8x8.com data:; media-src data:; script-src 'self' https://*.holidaytaxis.com https://*.doubleclick.net https://*.dwin1.com https://*.dwin2.com https://*.facebook.com https://*.facebook.net https://*.feefo.com https://*.google-analytics.com https://*.quora.com https://*.worldpay.com https://ajax.googleapis.com https://bat.bing.com https://d2oh4tlt9mrke9.cloudfront.net https://dn1i8v75r669j.cloudfront.net https://maps.googleapis.com https://tagmanager.google.com https://widget.trustpilot.com https://www.googleadservices.com https://*.googletagmanager.com https://www.zenaps.com https://*.adroll.com https://*.bidswitch.net https://*.adnxs.com https://crossmetrix.com https://*.openx.net https://*.yahoo.com https://*.rlcdn.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://static-forms.klaviyo.com https://*.8x8.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.holidaytaxis.com https://*.worldpay.com https://cdn.materialdesignicons.com https://fonts.googleapis.com https://maps.googleapis.com https://static.klaviyo.com https://*.8x8.com 'unsafe-inline' 1
script-src 'sha256-Q8fiCmIeOakDMke1sI5pcFjzEGRAzanhIET4HnTXyvc=' 'nonce-S/Hcp3+zR7WGSN8EgaG4KA==' 'strict-dynamic' https: 'unsafe-inline' 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self' 1
img-src * 'self' data:;script-src 'self' https://polyfill.io/v3/polyfill.min.js https://chatbot.vakifkatilim.com.tr/widget/widget.js https://chatbot.vakifkatilim.com.tr/content/js/moment-with-locales.min.js https://chatbot.vakifkatilim.com.tr/content/js/angular.min.js   https://chatbot.vakifkatilim.com.tr/content/js/vendors-sdk.min.js https://chatbot.vakifkatilim.com.tr/content/js/dom4.js https://chatbot.vakifkatilim.com.tr/content/js/es5-shim.min.js https://chatbot.vakifkatilim.com.tr/widget/widget.js   https://chatbot.vakifkatilim.com.tr/content/js/es6-promise.min.js https://chatbot.vakifkatilim.com.tr/content/js/jquery-2.1.3.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://fonts.shopifycdn.com https://www.gstatic.com https://maps.googleapis.com https://code.jquery.com https://www.googleadservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.facebook.com https://googleads.g.doubleclick.net/ https://www.google.com.tr 'unsafe-eval' 'unsafe-inline'; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://yuurewards.com/en/report-uri/enforce 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.ro 1
frame-ancestors 'self' *.postsovet.ru *.rosbalt.ru 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net; font-src data: https:; frame-ancestors 'self' https://intercomrades.support https://intercom.skilljar.com https://academy.intercom.com https://academy.guests.intercom.com https://app.intercom.com https://app.eu.intercom.com https://app.au.intercom.com https://intercomrades.intercom.com https://intercomrades.eu.intercom.com https://intercomrades.au.intercom.com; frame-src 'self' https://platform.twitter.com https://staticxx.facebook.com https://www.facebook.com https://fast.wistia.net https://fast.wistia.com https://www.useloom.com https://www.loom.com https://play.vidyard.com https://player.vimeo.com https://web.microsoftstream.com https://share.synthesia.io https://embed.app.guidde.com https://share.descript.com https://app.guideflow.com https://www.youtube.com https://www.youtube-nocookie.com https://content.jwplatform.com https://players.brightcove.net https://intercom-sheets.com https://www.intercom-reporting.com https://*.sharepoint.com; img-src data: blob: https: http:; media-src data: blob: https:; object-src 'self' https://static.intercomassets.com; script-src 'self' https://connect.facebook.net https://platform.twitter.com https://static.intercomassets.com https://googleadservices.com https://googletagmanager.com https://google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://intercom.help https://intercom-help.eu https://au.intercom.help 'nonce-JO9yFNzc9x1TUZsx8YjtMA7gj7qjk2zVE56dVqg5oQ8='; style-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com https://static.intercomassets.com https://static.intercomcdn.com https://marketing.intercomassets.com https://marketing.intercomcdn.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://static.intercomassets.eu https://static.au.intercomassets.com 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-d0905c85-2ea3-4c97-81a4-3c32b1e6a85e' https://www.google.com/recaptcha/api.js; 1
frame-ancestors https://passport.tutorabc.com https://www.tutorabc.com https://omsorder.tutorabc.com https://consultant.tutorabc.com 1
default-src 'self' 'unsafe-inline' data: https:; upgrade-insecure-requests 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-55f34acdb5ea43c798bffd8502f0b4ff' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
child-src shippingwatch.com *.shippingwatch.com; frame-src https://*; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-fS8zEgojhS8op250a134oA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' *.amazonaws.com *.snappayglobal.com https://media.faneuil-esupport.com:446 *.us-gov-pure.cloud wss://*.use2.us-gov-pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com *.amazonaws.com *.us-gov-pure.cloud wss://*.use2.us-gov-pure.cloud; connect-src 'self' https://www.google-analytics.com https://media.faneuil-esupport.com:452 *.us-gov-pure.cloud wss://*.use2.us-gov-pure.cloud *.amazonaws.com; img-src 'self' data https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.youtube.com/embed/ https://www.surveymonkey.com/ *.snappayglobal.com https://media.faneuil-esupport.com:446 *.us-gov-pure.cloud wss://*.use2.us-gov-pure.cloud; object-src data: 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ZDE0YzIzNWUtNWI1MS00M2M5LThiZTctNzhiMDRjM2NhNzQy'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src https: https://*.hotjar.com:* wss://*.hotjar.com wss://*.tokbox.com 'unsafe-eval' 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data: blob: 'self'; worker-src blob: 'self' 1
frame-ancestors 'self' bcaa.me https://insurance.bcaa.com https://*.vulog.center 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-2758e622537b4550abc2eb4b2f16344b' 'self' 'unsafe-eval' blob https://cdn.gbqofs.com/ https://www.clarity.ms/ https://raconteur.london/ https://secure.scan6show.com https://lonrtp1-cdn.marketo.com https://munchkin.marketo.net https://d2oh4tlt9mrke9.cloudfront.net https://region1.google-analytics.com/ https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://widgets.getsitecontrol.com https://static.oktopost.com https://view.ceros.com https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://tagmanager.google.com/ https://www.googletagmanager.com/ https://c.evidon.com/ https://www.gstatic.com/ https://www.google.com/ https://dl.episerver.net https://maps.googleapis.com https://uk1.siteimprove.com https://analytics.newscred.com https://siteimproveanalytics.com https://www.youtube.com https://s.ytimg.com https://www.grantthornton.co.uk/ https://*.googletagmanager.com; img-src 'self' data: https://*.google-analytics.com/ https://www.google.com/ https://www.google.com.vn/ https://*.analytics.google.com/ https://www.gstatic.com/i https://t.co/ https://px.ads.linkedin.com/ https://c.evidon.com/ https://c.bing.com/ https://c.clarity.ms/ https://pixel.welcomesoftware.com/ https://l.evidon.com/ https://l3.evidon.com https://b.ws.sessioncam.com https://ws.sessioncam.com https://l.betrad.com https://a.usea01.idio.episerver.net https://stats.g.doubleclick.net https://passle-net.s3.amazonaws.com/ https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co https://1175.global.siteimproveanalytics.io https://www.linkedin.com https://www.facebook.com https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://images.passle.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://pixel.newscred.com https://i.ytimg.com https://emergencyresponse.grantthornton.co.uk https://img.youtube.com https://grant-thornton.vuturevx.com https://ton.twimg.com https://ssl.gstatic.com/ https://c.evidon.com https://raconteur.london https://app.getsitecontrol.com https://gtukstaticwebcontenttest.azurewebsites.net/ https://webstaticcontent.grantthornton.co.uk/ https://analytics.twitter.com/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www2.grantthornton.co.uk/js/forms2/css/forms2-theme-simple.css https://www2.grantthornton.co.uk/js/forms2/css/forms2-theme-plain.css https://www2.grantthornton.co.uk/js/forms2/css/forms2.css https://rtp-static.marketo.com https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://dukb55syzud3u.cloudfront.net https://sdk.passle.net https://fonts.googleapis.com https://clientapi.passle.net https://ton.twimg.com https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' data: https://static3.avast.com/ https://st.getsitecontrol.com https://dukb55syzud3u.cloudfront.net https://fonts.gstatic.com https://webstaticcontent.grantthornton.co.uk ; frame-src 'self' https://rss.app/ https://l3.evidon.com/ https://www2.grantthornton.co.uk https://flo.uri.sh https://embed.chartblocks.com/ https://app.powerbi.com/ https://www.facebook.com https://www.podbean.com/ https://syndication.twitter.com/ https://platform.twitter.com https://www.passle.net https://view.ceros.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://a10084069166.cdn.optimizely.com https://www.slideshare.net https://www.google.com https://flo.uri.sh/ https://polite-island-04548d803.1.azurestaticapps.net/; connect-src 'self' https://maps.googleapis.com/ https://analytics.google.com https://*.analytics.google.com/ https://googleads.g.doubleclick.net https://www.google.com/ https://*.google-analytics.com/ https://445-uit-144.mktoutil.com https://l.evidon.com/site/v3/userPref/ https://app.getsitecontrol.com https://dc.services.visualstudio.com https://www.passle.net https://clientapi.passle.net https://az416426.vo.msecnd.net https://logx.optimizely.com https://extreme-ip-lookup.com https://lonrtp1.marketo.com/ https://445-uit-144.mktoresp.com https://ws.sessioncam.com https://stats.g.doubleclick.net https://www.facebook.com https://l3.evidon.com https://optoutapi.evidon.com https://b.ws.sessioncam.com/ https://www.clarity.ms/ https://idx.liadm.com/ https://c1001.report.gbss.io/ https://*.googletagmanager.com; report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
frame-ancestors 'self' http://*.dentrodahistoria.com.br https://*.dentrodahistoria.com.br https://*.facebook.com 1
default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com; font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net *.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net  https://app httpsdelen://app  https://oyensappsimulator.acpt.delen.be   https://delenappsimulator.acpt.delen.be   https://login.acpt.delen.be   https://online.acpt.delen.bank  https://loginoyens.acpt.delen.be   https://delenappsimulator.acpt.delen.lu   https://delenchappsimulator.acpt.delen.lu  https://login.acpt.delen.lu  https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com blog.delen.bank;; upgrade-insecure-requests 1
script-src 'self' 'nonce-a89fa4c123946457f21bb400caaaa211' www.fiduciedesjardins.com *.desjardins.com *.desjardins.ca www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net geolocation.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com desjardins-cookies-privacy.my.onetrust.com; 1
frame-ancestors *.annthegran.com; 1
default-src 'self' https: ws:;script-src 'self'  'unsafe-inline' 'unsafe-eval';media-src 'self' data: blob:;img-src 'self' https: data:;frame-ancestors *;frame-src * blob:;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' *.home.co.uk home.co.uk file://* 1
base-uri https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io https://*.golinks.com https://*.golinks.dev; connect-src 'self' https://*.6sc.co/ https://*.chilipiper.com/ https://*.clearbit.com/ https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://api.company-target.com/ https://secure.adnxs.com/ https://www.g2.com https://golinks.io https://golinks.com https://golinks.dev https://*.factors.ai/ https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://accounts.google.com/ https://analytics.google.com/ wss://*.intercom.io/ https://*.intercomcdn.com/ https://*.intercom.io/ https://www.facebook.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.google.com/ https://*.doubleclick.net/ https://*.hubspot.com/ https://api.hubapi.com/ https://js.hs-scripts.com/ https://cdn2.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.com https://*.hsforms.net https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://cdn.linkedin.oribi.io/ https://js.usemessages.com https://*.vidyard.com https://*.hsforms.com/ https://*.uptime.com/ https://*.fullstory.com; default-src 'self' ;font-src 'self' data: https://js.intercomcdn.com/ https://fonts.gstatic.com/ https://pro.fontawesome.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/;frame-src 'self' https://*.chilipiper.com/ https://boards.greenhouse.io/ https://www.facebook.com/ https://optimize.google.com https://app.hubspot.com/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.google.com/ https://*.googletagmanager.com https://accounts.google.com/ https://js.stripe.com/ https://www.youtube.com/ https://*.loom.com/ https://bid.g.doubleclick.net/ https://www.g2.com/products/;img-src 'self' data: https: blob: https://rs.fullstory.com https://www.g2.com/products/golinks/ https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://favicon-cdn.golinks.io https://www.g2.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ws.zoominfo.com/ ;media-src 'self' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.dev/ https://*.golinks.com/ ; object-src 'none'; report-uri https://www.golinks.io/csp-violation-report.php; script-src 'self' 'strict-dynamic' 'nonce-MjkwODgwYmJjYmM0YjVjNTExOThjZWE1MDg3MDliNTE2MTg2M2MwZmNmNDFjZGUyMDZmMjRkYzM0NWJhYmE5Ng==' https: https://boards.greenhouse.io/ https://connect.facebook.net/ https://api.hubapi.com/ https://code.jquery.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://cdn.polyfill.io/ https://d3js.org/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://cdnjs.cloudflare.com/ajax/libs/ https://cdnjs.com/libraries/bodymovin/ https://*.google-analytics.com/ https://analytics.google.com/ https://*.googletagmanager.com https://bid.g.doubleclick.net/ https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://www.g2.com/ https://ws.zoominfo.com/ https://js.hs-scripts.com/ https://www.g2.com/products/ https://*.uptime.com/ https://*.fullstory.com; style-src 'self' 'unsafe-inline' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://fonts.googleapis.com/ https://accounts.google.com/ https://*.googletagmanager.com https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://pro.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/c3/ https://optimize.google.com/optimize/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tour/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *;     img-src * data:;     object-src 'none';      1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com https://postnl-develop.eu.auth0.com https://postnl-prod.eu.auth0.com; img-src 'self' *.google-analytics.com data:; frame-ancestors 'none'; form-action 'self'; font-src 'self'; script-src 'self' *.googletagmanager.com 'sha256-HTDTpp59ZCHzfUbTMDlOG1bPZS88SdYgDefji3ELn8g=' 'sha256-dMCnmd1EoURRH7Imophd3M0K+HfPg2IOB3pqFWdLGhg='; style-src 'self' 'unsafe-inline'; frame-src https://postnl-develop.eu.auth0.com https://postnl-prod.eu.auth0.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';  worker-src  'self' blob: 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com; worker-src 'self' blob: data:; prefetch-src 'self'; frame-src 'self' www.google.com; connect-src 'self' *.pingdom.net stats.g.doubleclick.net google-analytics.com *.google-analytics.com; img-src 'self' data: stationerycentral.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com google.com *.google.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com; font-src 'self' data: fonts.gstatic.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app; manifest-src 'self'; style-src 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self'; script-src-elem 'self' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app www.gstatic.com b.sf-syn.com 1
connect-src 'self' cdn-eu.cookietractor.com app.cookietractor.com https://gtm.afaforsakring.se graphql.contentful.com hooks.slack.com https://www.youtube-nocookie.com https://in.hotjar.com/api/ https://ask.hotjar.io/api/ https://metrics.hotjar.io wss://ws.hotjar.com/api/ https://content.hotjar.io/ assets.strossle.com strossle.com bonfire.spklw.com connect.facebook.net www.facebook.com https://afaforsakring.psplugin.com wss://afaforsakring.psplugin.com; child-src https://www.youtube-nocookie.com; frame-src https://www.youtube-nocookie.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.facebook.com/; 1
frame-ancestors 'self' https://manage.noln.net  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' ce-user-scripts-production.s3.amazonaws.com scout-cdn.salesloft.com js.usemessages.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js.hsleadflows.net cdn.cookielaw.org d10zminp1cyta8.cloudfront.net js.hsforms.net forms.hsforms.com www.clickcease.com *.adroll.com player.vimeo.com analytics.tiktok.com www.googleadservices.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net snap.licdn.com cdnjs.cloudflare.com *.typeform.com *.consensu.org connect.facebook.net script.crazyegg.com chimpstatic.com platform.twitter.com www.googletagmanager.com *.siteblimp.com cdn.amplitude.com a.omappapi.com; font-src 'self' data: fonts.gstatic.com; worker-src blob:; object-src 'none'; base-uri 'self'; img-src 'self' https: data:; frame-src 'self' app.hubspot.com player.vimeo.com hnshah.typeform.com fast.wistia.net www.google.com www.google.com/recaptcha recaptcha.google.com/recaptcha www.facebook.com forms.hubspot.com forms.hsforms.com www.youtube.com 1
object-src 'none'; prefetch-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors * 'self'; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src * 'self' 1
script-src 'nonce-Z11vya669N4CRdLaQT2uuZkh46JwmTr6ls5PNenN5VnForGNrS0V4tNtjREJCJaC' 'strict-dynamic' https: 'self'; object-src 'none'; base-uri 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; worker-src blob: ; child-src blob: *  ; img-src data: blob: * ;  connect-src https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *; 1
frame-ancestors 'self' http://www.lovebeautyandplanet.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.afterpay.com trackjs.com authentication.cardinalcommerce.com ppipe.net api.everythinglocation.com *.ikea-canada.ca *.taskrabbit.com *.adform.net acdn.adnxs.com secure.adnxs.com js.adsrvr.org insight.adsrvr.org x.bidswitch.net *.bing.com cdn.curalate.com edge.curalate.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.ca *.pinterest.com s.pinimg.com api.pinpiaa.com *.pubmatic.com analytics.yahoo.com sp.analytics.yahoo.com *.teads.tv analytics.tiktok.com s.yimg.com *.flippenterprise.net *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com rules.quantcount.com secure.quantserve.com pixel.quantcount.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 1
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:; 1
default-src https:; script-src 'self' https://cdn.tiny.cloud https://kit.fontawesome.com/ *.googletagmanager.com https://cdn.jsdelivr.net 'strict-dynamic' 'nonce-af6f9f8d9ca7a34f1b07a559c3568d8d' 'sha256-3Ey30PJkNcf9LrK7CIqrujoq79a+uJqKgYsaBDj15Eo=' 'sha256-XUAOoXgas8fgNuX3dPUbmC3HvtG28k7DdxtftQVQOlY=' ; style-src https: 'unsafe-inline'; img-src https: www.googletagmanager.com data:; font-src https: data:; connect-src https: wss://ws.edas.info; frame-ancestors 'none'; 1
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com http://127.0.0.1:5000/* *.hsbc.co.uk bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.brightcovecdn.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; manifest-src *.hsbc.com.tw; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
frame-ancestors 'self' *.vergic.com 1
default-src 'self' blob:; style-src 'self'; img-src 'self' data:; object-src 'none'; connect-src 'self' https://post.proctorio.com 1
frame-ancestors 'self' *.lolivier.fr *.cartegriseminute.fr *.carte-grise.org *.guide-carte-grise.info *.depotcartegrise.fr *.toodigit.com *.assucartegrise.com; 1
default-src 'self'; child-src 'self' blob: *.koblenz.de https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' *.koblenz.de https://app-eu.readspeaker.com https://buergerservice.ionas.de/ https://f1-eu.readspeaker.com https://i.ytimg.com/ https://rstts-eu.readspeaker.com https://sgx.geodatenzentrum.de https://tracking-nc.chamaeleon.de https://web3d.basemap.de; font-src 'self' data: *.koblenz.de; frame-ancestors 'self' https://ride2go.com; frame-src 'self' *.koblenz.de https://client.rlpdirekt.de https://geoportal.koblenz.de/cmsclient/ https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://my.mission360.de https://public.tableau.com https://ride2go.com https://www.stadtradeln.de https://www.visit-koblenz.de/ https://www.watch-my-city.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/ mailto:; img-src 'self' blob: data: 'unsafe-inline' *.koblenz.de https://buergerservice.ionas.de/ https://client.rlpdirekt.de https://client.rlpdirekt.de/ https://dam.destination.one https://i.ytimg.com/ https://public.tableau.com https://s.ytimg.com/ https://sgx.geodatenzentrum.de https://tracking-nc.chamaeleon.de https://www.koblenz-baut.de https://www.koblenz.de https://www.koveb.de; media-src *.koblenz.de https://www.stadtwerke-koblenz.de; object-src *.koblenz.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.koblenz.de https://f1-eu.readspeaker.com https://public.tableau.com https://tracking-nc.chamaeleon.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' *.koblenz.de https://f1-eu.readspeaker.com https://i.ytimg.com/ https://public.tableau.com https://s.ytimg.com/ https://tracking-nc.chamaeleon.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline' *.koblenz.de; style-src 'self' 'unsafe-inline' *.koblenz.de https://f1-eu.readspeaker.com; style-src-elem 'self' 'unsafe-inline' *.koblenz.de https://f1-eu.readspeaker.com; style-src-attr 'self' 'unsafe-inline' *.koblenz.de; worker-src 'self' blob:; report-to main 1
default-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/;                script-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/;                child-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/ blob:;                style-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/;                font-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/;                img-src                 'self' 'unsafe-inline' 'unsafe-eval' https://*.jewsforjesus.org http://192.168.1.11:3000 https://utilityapp.azurewebsites.net/api/fetchLiveChat https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com/ https://www.googletagmanager.com/gtag/js https://cdn.livechatinc.com https://api.livechatinc.com https://static.cloudflareinsights.com https://www.google.com/ https://www.google.mn/ https://www.gstatic.com https://www.google-analytics.com https://secure.livechatinc.com/* https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://connect.facebook.net/ http://nexus.ensighten.com/ https://tags.srv.stackadapt.com/ https://qvdt3feo.com https://jforj.org/ https://my.livechatinc.com/ https://secure.livechatinc.com/ https://*.facebook.com/ https://vitals.vercel-insights.com/v1/vitals https://www.youtube.com https://*.algolia.net https://*.algolia.com https://*.instagram.com https://*.cdninstagram.com https://*.vercel.app https://idonate-sentry.herokuapp.com/ https://embed.idonate.com/ https://insight.adsrvr.org/ https://cs.choozle.com/dp/ https://jfj.stellate.sh/ https://jfj-live.stellate.sh/ https://*.stellate.sh/ https://www.googleoptimize.com/optimize.js https://api.idonate.com/ https://*.cloudfront.net/ https://idsync.rlcdn.com/ https://tags.bluekai.com/ https://cdn.livechat-files.com/ https://*.algolianet.com/ https://www.googleadservices.com/ http://form.jotformpro.com/ https://api.esv.org/ https://bat.bing.com/ https://analytics.google.com/ wss://api.livechatinc.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://analytics.tiktok.com https://www.clarity.ms https://p.clarity.ms/collect https://www.eventbrite.com http://jfj.local/ https://*.clarity.ms https://p.clarity.ms/collect https://images.firstpost.com/ data: blob: https://td.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://fonts.googleapis.com/ https://fonts.gstatic.com https://www.googletagmanager.com/debug/bootstrap https://crm17112s.sky.blackbaud.com https://apps.idonate.com/ https://donorbox.org/ https://www.paypalobjects.com/api/checkout.js https://*.paypal.com/ https://www.canadahelps.org/;                frame-ancestors https://jforj.org https://my.livechatinc.com;                object-src data:; 1
frame-ancestors 'https://pensionersportal.gov.in/' style-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.arcgis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://kaart.pdok.nl https://www.kaartapi.nl https://geocode.arcgis.com https://js.arcgis.com https://services.arcgisonline.com https://server.arcgisonline.com https://static.arcgis.com https://www.arcgis.com https://player.vimeo.com/ https://www.youtube.com https://vitens.maps.arcgis.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; connect-src 'self' 'unsafe-inline' data: blob: https://api.pdok.nl https://www.youtube.com https://dc.services.visualstudio.com https://surveystats.hotjar.io https://ask.hotjar.io https://region1.google-analytics.com https://in.hotjar.com https://content.hotjar.io https://www.arcgis.com/ https://js.arcgis.com https://geocode.arcgis.com https://static.arcgis.com https://services.arcgisonline.com https://server.arcgisonline.com wss://ws.hotjar.com; media-src 'self' data: blob:; frame-ancestors 'self'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vc.hotjar.io https://js.arcgis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://js.arcgis.com https://fonts.gstatic.com; worker-src blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://aic.cdn.neptuneweb.com https://acdn.adnxs.com https://bbox.blackbaudhosting.com https://cdn.sendpulse.com https://code.jquery.com https://connect.facebook.net https://go.aic.edu/ping https://googleads.g.doubleclick.net https://insiderdata360online.com https://maps.googleapis.com https://mx.technolutions.net/ping https://use.typekit.net/mxo3hkd.js https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com https://script.advertiserreports.com https://cdn.yoshki.com https://doublethedonation.com https://www.youtube.com https://payments.blackbaud.com https://aic-prod-shfyma6gkskdk-chatbot.azurewebsites.net https://www.aidcalculator.com; style-src 'report-sample' 'self' 'unsafe-inline' https://aic.cdn.neptuneweb.com https://ajax.googleapis.com https://bbox.blackbaudhosting.com https://cdn.sendpulse.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://doublethedonation.com https://payments.blackbaud.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://insiderdata360online.com https://maps.googleapis.com https://mx.technolutions.net https://stats.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://analytics.google.com https://pushdata.sendpulse.com:4434 https://click.pushpush.io https://meetlookup.com https://doublethedonation.com https://www.googletagmanager.com https://payments.blackbaud.com https://aic-prod-shfyma6gkskdk-chatbot.azurewebsites.net https://pagead2.googlesyndication.com https://my.aic.edu https://directline.botframework.com wss://directline.botframework.com; font-src 'self' data: https://aic.cdn.neptuneweb.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://at.alicdn.com https://doublethedonation.com; frame-src 'self' *.doubleclick.net https://bbox.blackbaudhosting.com https://player.vimeo.com https://tcc.ruffalonl.com *.matchinggifts.com https://www.google.com https://www.facebook.com *.youtube.com http://lsrelay-config-production.s3.amazonaws.com https://www.googletagmanager.com yoshki.com https://payments.blackbaud.com https://aic.aidcalculator.com; img-src 'self' data: blob: https://aic.cdn.neptuneweb.com https://bbox.blackbaudhosting.com https://bcp.crwdcntrl.net https://ib.adnxs.com https://insiderdata360online.com *.doubleclick.net *.fbcdn.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://secure.gravatar.com https://www.googletagmanager.com https://connect.facebook.net https://eu.pushmeup.art https://cdn.yoshki.com https://s.w.org https://www.gstatic.com https://doublethedonation.com https://img.youtube.com https://i.ytimg.com https://aicshfyma6gkskdkjzaprod.blob.core.windows.net; manifest-src 'self'; media-src 'self' https://aic.cdn.neptuneweb.com; worker-src 'self' blob:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self'; form-action 'self' https://www.mnhn.fr; frame-ancestors 'self'; report-uri https://www.jardindesplantesdeparis.fr/fr/report-uri/enforce 1
font-src 'self' 'unsafe-eval' js.driftt.com/conductor/* application/* * *.mortgagecadence.com *.oxygenbuilder.com; 1
frame-ancestors 'self'; frame-src 'self' smartrecruiters.com *.smartrecruiters.com youtube.com *.youtube.com *.wistia.net 1
default-src 'self'; connect-src 'self' *.cookiebot.com *.googlesyndication.com *.addthis.com *.doubleclick.net *.google.com *.google-analytics.com; child-src 'self' *.cookiebot.com *.amazon.co.uk *.assoc-amazon.com *.facebook.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.googlesyndication.com *.google.com *.addthis.com; style-src 'self' *.googleapis.com *.cloudflare.com *.google.com 'unsafe-inline'; script-src 'self' *.cookiebot.com *.google.co.uk *.googletagservices.com *.googlesyndication.com *.cloudflare.com *.addthis.com *.google.com *.facebook.net *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googleapis.com *.moatads.com *.addthisedge.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.gstatic.com; img-src 'self' data: *.cookiebot.com *.googlesyndication.com *.google-analytics.com; object-src 'self' *.youtube.com *.youtube-nocookie.com 1
form-action 'self'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' localhost:3006 static.trunkpkg.com www.googletagmanager.com apis.google.com accounts.google.com www.google.com *.mediacdn.vn *.cnnd.vn vscc-hosting.mediacdn.vn platform.twitter.com connect.facebook.net  www.google-analytics.com cdn.syndication.twimg.com *.sohatv.vn media1.admicro.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn static.amcdn.vn deqik.com imasdk.googleapis.com;  child-src 'self' *.cnnd.vn *.mediacdn.vn *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com www.google-analytics.com apis.google.com accounts.google.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn www.google.com; form-action 'self' *.cnnd.vn; object-src 'self'; media-src 'self' blob: *.sohatv.vn *.qltns.mediacdn.vn *.mediacdn.vn www.google.com; 1
report-to 'https://stratixsystems.com'; 1
font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com/; 1
frame-ancestors *.northoaks.org *.nohs.org/ 1
default-src 'self'; connect-src 'self' *.senat.cz https://*.google-analytics.com https://cdn.cookielaw.org *.cdn77.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://www.facebook.com https://*.senat.cz *.bradmax.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com https://connect.facebook.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://cdn.cookielaw.org https://*.senat.cz https://*.cloudfront.net; font-src 'self' data: https://*.gstatic.com; media-src 'self' blob: https://senat.cz https://*.senat.cz *.cdn77.org; child-src 'self' blob: https://walkinto.in https://*.facebook.com https://*.google.com https://senat.cz https://*.senat.cz http://*.senat.cz; frame-ancestors 'self' https://senat.cz https://www.senat.cz http://pes https://pes https://intranet 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.peach.com https://peach.com https://events.launchdarkly.com https://js-agent.newrelic.com https://*.nr-data.net ; style-src 'self' 'unsafe-inline' https://*.peach.com https://peach.com https://fonts.googleapis.com ; img-src 'self' data: blob: https://*.peach.com https://peach.com https://storage.googleapis.com https://purecatamphetamine.github.io ; font-src 'self' data: https://*.peach.com https://peach.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.peach.com https://peach.com https://storage.googleapis.com https://*.launchdarkly.com https://*.newrelic.com https://*.nr-data.net https://*.mux.com ; media-src 'self' blob: https://*.peach.com https://peach.com https://storage.googleapis.com https://*.mux.com ; object-src 'none' ; frame-src 'self' https://*.peach.com https://peach.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.peach.com https://peach.com ; manifest-src 'self' https://*.peach.com https://peach.com ; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors pacleasetrialorg--simplus.sandbox.my.site.com paccar-na--sit.sandbox.my.site.com paccar-na.my.site.com kenworth.com 1
frame-ancestors 'none'; report-uri /csp-report.php 1
default-src 'self' 'unsafe-inline' https://api.undetectable.io/ https://*.googleapis.com https://*.carrotquest.app/ ws://*.carrotquest.app/ https://www.youtube.com/ *.carrottrack.app/ https://mc.yandex.ru/ https://analytics.google.com/ https://t.co/ https://facebook.com/ https://*.twitter.com/ https://*.analytics.google.com/ https://*.doubleclick.net/; script-src 'self' 'unsafe-inline'  https://*.googleapis.com https://*.googletagmanager.com https://mc.yandex.ru/ https://connect.facebook.net/ https://vk.com/ http://static.ads-twitter.com/ http://*.carrotquest.app/; font-src 'self' https://*.carrotquest.app/ https://*.gstatic.com data:; img-src * data:; 1
default-src 'self' https://cargolux-cdn-endpoint-prod.azureedge.net https://cargolux-cdn-endpoint-test.azureedge.net https://cargolux-app-service-prod.azurewebsites.net https://cargolux-app-service-test.azurewebsites.net https://cargoluxstoragetest.blob.core.windows.net https://www.google.com https://www.youtube.com https://youtu.be https://player.vimeo.com localhost https://amssamples.streaming.mediaservices.windows.net/91492735-c523-432b-ba01-faba6c2206a2/AzureMediaServicesPromo.ism/manifest https://cargolux-icargo-api-app-test.niceglacier-3d926687.northeurope.azurecontainerapps.io https://localhost:44334 https://cargolux-icargo-api-app-prod.politesmoke-46f514de.westeurope.azurecontainerapps.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://amp.azure.net/libs/amp/2.3.8/azuremediaplayer.min.js https://www.cargolux.com/cargolux-pharma-map/custom-element/cargolux-map-embed.umd.min.js https://cargolux-map-api.fallwinter.dk https://maps.googleapis.com https://maps.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://mktdplp102cdn.azureedge.net https://www.google-analytics.com https://www.googletagmanager.com https://cargolux.containers.piwik.pro;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://amp.azure.net;img-src 'self' https://cargolux-cdn-endpoint-prod.azureedge.net https://cargolux-cdn-endpoint-test.azureedge.net https://dashboard.umbraco.org https://cargolux-app-service-prod.azurewebsites.net https://cargolux-app-service-test.azurewebsites.net https://cargoluxstoragetest.blob.core.windows.net raw.githubusercontent.com *.umbraco.com data: https://www.cargolux.com https://maps.googleapis.com https://maps.gstatic.com https://0234c080236740789ff53756ac35c5e1.svc.dynamics.com https://www.gravatar.com;frame-src 'self' https://cargolux.com https://youtube.com https://www.youtube.com https://cvtnt.champ.aero https://www.flightradar24.com https://consentcdn.cookiebot.com https://0234c080236740789ff53756ac35c5e1.svc.dynamics.com https://www.google.com https://e.issuu.com https://form.typeform.com;font-src 'self' https://fonts.gstatic.com https://amp.azure.net/libs/amp/2.3.8/skins/amp-flush/assets/fonts/azuremediaplayer.woff https://amp.azure.net/libs/amp/2.3.8/skins/amp-flush/assets/fonts/azuremediaplayer.ttf;connect-src 'self' https://dc.services.visualstudio.com/v2/track *.umbraco.com https://cargolux-map-api.fallwinter.dk https://consentcdn.cookiebot.com https://maps.googleapis.com https://0234c080236740789ff53756ac35c5e1.svc.dynamics.com https://www.google-analytics.com https://cargolux.piwik.pro https://cargolux.containers.piwik.pro https://cargolux-icargo-api-app-test.niceglacier-3d926687.northeurope.azurecontainerapps.io https://localhost:44334 https://cargolux-icargo-api-app-prod.politesmoke-46f514de.westeurope.azurecontainerapps.io;worker-src 'self' blob: 1
default-src 'self' api.celebrationcinema.com *.google-analytics.com 127.0.0.1 google-analytics.com *.braintreegateway.com *.braintree-api.com *.tiktok.com *.google-analytics.com *.doubleclick.net *.facebook.net https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr celebrationcinema.com *.celebrationcinema.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.tagmanager.google.com *.google.com *.tiktok.com *.google-analytics.com *.doubleclick.net *.adroll.com *.surveymonkey.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr recruitingbypaycor.com *.recruitingbypaycor.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.googletagmanager.com *.tagmanager.google.com *.google.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.doubleclick.net *.google.com *.adsrvr.org *.demdex.net *.bluekai.com *.rubiconproject.com *.yahoo.com api.celebrationcinema.com 127.0.0.1 http://127.0.0.1 https://127.0.0.1 https://bystudioc-stage.azurewebsites.net https://bystudioc-sync-auto.azurewebsites.net https://celebrationcinema.com *; media-src 'self' data: blob:; frame-src *.helpscoutdocs.com *.braintreegateway.com 'self' *.youtube.com *.spotify.com *.google.com *.surveymonkey.com recruitingbypaycor.com *.recruitingbypaycor.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com *.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com open.spotify.com/ https://moviecelebrationapi.peachdigital.com *.braintree-api.com/ *.braintreegateway.com/ *.helpscoutdocs.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.braintree-api.com/ *.braintreegateway.com/ *.tiktok.com *.google-analytics.com *.doubleclick.net d.adroll.com api.celebrationcinema.com *.googleapis.com maps.googleapis.com celebrationcinema.com *.celebrationcinema.com; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;  style-src * 'unsafe-inline'; img-src * data: *; frame-ancestors 'self' 1
frame-ancestors 'self' swk.kcenter.usu.com 1
frame-ancestors 'self'; form-action 'self' https://crm.zoho.com/crm/ https://desk.zoho.com/support/WebToCase 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.footjoy.com *.akamaihd.net *.ondemand.com *.pingdom.net *.google-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.newrelic.com *.nr-data.net; frame-src 'self' *.ondemand.com *.footjoy.com *.inforcloudsuite.com *.acushnetgolf.com http: https: data:; frame-ancestors 'self' *.ondemand.com *.inforcloudsuite.com *.acushnetgolf.com http: https: data:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ondemand.com; img-src * blob: data:; font-src 'self' *.googleapis.com *.gstatic.com *.ondemand.com *.bootstrapcdn.com data:; connect-src 'self' *.pingdom.net *.ondemand.com *.google-analytics.com *.nr-data.net; 1
frame-ancestors *.yunzhongzhuan.com 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-df755df0a53d4744aa3a5c88a32f6b1d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' https://www.travelsupermarket.com; 1
frame-ancestors 'self' https://www.mymrs.mrs.org.uk/ https://test.mymrs.mrs.org.uk/ https://mrsprod.imiscloud.com/ https://www.my.research-live.com/ 1
connect-src 'self' https: https://*.lic.co.nz wss://*.lic.co.nz wss://*.hotjar.com; media-src https://*.lic.co.nz; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com https://*.lic.co.nz https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com/ https://*.hotjar.com https://*.hotjar.io https://livestream.com https://staticcdn.co.nz https://dk4bbxgalxqek.cloudfront.net; manifest-src https:; frame-ancestors 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; default-src 'none'; style-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://stellen.hfwu.de; font-src 'self' data:; default-src 'self' 'unsafe-inline' https://www.google.com/maps/embed  https://www.youtube-nocookie.com https://cs-assets.b-ite.com https://static.b-ite.com https://jobs.b-ite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cs-assets.b-ite.com https://static.b-ite.com https://www.youtube-nocookie.com  https://ad1.adfarm1.adition.com;  img-src 'self' 'unsafe-inline' data: https://imagesrv.adition.com 1
base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.onetrust.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com cdn-ukwest.onetrust.com ict.infinity-tracking.net snap.licdn.com unpkg.com widget.trustpilot.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=z%2BqVJJH3jCiCUfuWCdPFgiA92ixXRoMCb5EQ%2BIQGvjLMUmQXk5SsMauhAlvVtn2ep%2BqUzQt29Cw8nHQI1gLw3w%3D%3D; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' stripe.com  *.stripe.com cdn.jsdelivr.net  *.google-analytics.com *.google.com *.addthis.com *.moatads.com svc.webspellchecker.net  maps.googleapis.com  www.google-analytics.com  *.googletagmanager.com *.gstatic.com  *.twitter.com; style-src 'self'   'unsafe-inline'  *.googleapis.com *.jsdelivr.net *.stripe.com *.webspellchecker.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.youtube.com *.vimeo.com *.twitter.com *.facebook.com *.brightcove.net *.gstatic.com *.stripe.com *.google-analytics.com *.googleapis.com; frame-src 'self' *.stripe.com *.youtube.com *.vimeo.com *.brightcove.net *.addthis.com *.twitter.com *.facebook.com *.bbc.co.uk *.google.com *.googletagmanager.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com *.webspellchecker.net; connect-src 'self'   'unsafe-inline'  *.google-analytics.com *.googleapis.com  *.stripe.com *.addthis.com  *.webspellchecker.net *.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://player.vimeo.com/; font-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src blob: ; child-src blob: ; img-src * data: blob:; frame-src 'self'  https://www.facebook.com/ https://player.vimeo.com/ https://exclusiveresorts.prismic.io/ https://10499898.fls.doubleclick.net https://pixel.sitescout.com/ https://app.qualified.com/; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; object-src *; media-src *; connect-src * https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; script-src * https://player.vimeo.com/ 'unsafe-inline' 'unsafe-eval'; frame-ancestors * 'self' https://player.vimeo.com https://exclusiveresorts.prismic.io; 1
child-src  www.paypalobjects.com; connect-src  gardens.cv3admin.com *.listrakbi.com *.listrak.com *.google-analytics.com *.powerreviews.com *.doubleclick.net *.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.searchspring.io *.sharethis.com bcp.crwdcntrl.net *.googleapis.com gardensalive.force.com geoip-js.com api.universalcookie.com gardensalive.attn.tv *.acsbapp.com *.clarity.ms *.crazyegg.com events.attentivemobile.com widget.bizrate.com *.criteo.com s.yimg.com *.pingdom.net www.facebook.com www.gardensalive.com inbound-analytics.pixlee.com api.cloudinary.com/ gaorder.gardensalive.com gardensalive.my.site.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com www.bing.com www.youtube.com; font-src  gardens.cv3admin.com h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: cdnjs.cloudflare.com h2.commercev3.net acsbapp.com paypalobjects.com www.gardensalive.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com webto.salesforce.com *.gardensalive.com gardens.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com *.facebook.com *.pinterest.com *.google.com *.sharethis.com service.force.com *.googlesyndication.com gardensalive.my.salesforce.com *.pinterest.com www.googletagmanager.com www.youtube.comww.gardensalive.com www.youtube.com *.pixlee.co *.criteo.com creatives.attn.tv photos.pixlee.com *.gardensalive.com *.criteo.net h2.commercev3.net secure.trust-provider.com *.azureedge.net; frame-ancestors  ; img-src  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com *.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net *.bing.com *.paypal.com *.facebook.com *.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ directgardening.cv3admin.com d3cgm8py10hi0z.cloudfront.net *.sharethis.com *.gstatic.com *.googlesyndication.com *.googleapis.com h2.commercev3.net gardens.cv3admin.com gum.criteo.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr trends.revcontent.com i.liadm.com jadserve.postrelease.com matching.ivitrack.com visitor.omnitagjs.com tg.socdm.com ups.analytics.yahoo.com eb2.3lift.com ade.clmbtech.com www.pages08.net www.gardensalive.com sync-criteo.ads.yieldmo.com x.bidswitch.net idsync.rlcdn.com s.ad.smaato.net assets.pixlee.com ib.adnxs.com partner.mediawallahscript.com contextual.media.net ad.360yield.com r.casalemedia.com exchange.mediavine.com *.pubmatic.com *.outbrain.com *.criteo.com partner.mediawallahscript.com ib.adnxs.com i.liadm.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com pixel.rubiconproject.com *.criteo.com *.liadm.com tags.bluekai.com ws.rqtrk.eu dpm.demdex.net connect.facebook.net *.powerreviews.com *.clarity.ms *.agkn.com *.searchspring.io secure.trust-provider.com *.acsbapp.com sp.analytics.yahoo.com ads.stickyadstv.com res.cloudinary.com gardensalive.attn.tv assets.pxlecdn.com *.searchspring.net *.outbrain.com paypalobjects.com events.attentivemobile.com; script-src  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com *.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/  *.google.com api.universalcookie.com ajax.aspnetcdn.com *.searchspring.net js.maxmind.com garecommend.gardensalive.com *.sharethis.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com *.salesforceliveagent.com service.force.com *.googlesyndication.com chirp.bizrate.com dynamic.criteo.com *.clarity.ms *.crazyegg.com widget.bizrate.com cdn.attn.tv acsbapp.com dnn506yrbagrg.cloudfront.net assets.pixlee.com assets.pxlecdn.com garde11150.pcapredict.com www.sc.pages08.net sslwidget.criteo.com gardens.cv3admin.com *.criteo.com www.gardensalive.com secure.comodo.com s.yimg.com *.pingdom.net view.publitas.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com *.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/  *.google.com api.universalcookie.com ajax.aspnetcdn.com *.searchspring.net js.maxmind.com garecommend.gardensalive.com *.sharethis.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com *.salesforceliveagent.com service.force.com *.googlesyndication.com chirp.bizrate.com dynamic.criteo.com *.clarity.ms *.crazyegg.com widget.bizrate.com cdn.attn.tv acsbapp.com dnn506yrbagrg.cloudfront.net assets.pixlee.com assets.pxlecdn.com garde11150.pcapredict.com www.sc.pages08.net sslwidget.criteo.com gardens.cv3admin.com *.criteo.com www.gardensalive.com secure.comodo.com s.yimg.com *.pingdom.net view.publitas.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net; style-src  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdnjs.cloudflare.com *.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardens.cv3admin.com ajax.googleapis.com gardens.cv3admin.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdnjs.cloudflare.com *.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardens.cv3admin.com ajax.googleapis.com gardens.cv3admin.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  gardens.cv3admin.com h2.commercev3.net/cdn.gardensalive.com/ cdn.gardensalive.com www.bing.com www.gardensalive.com *.acsbapp.com www.youtube.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-1bMeTsd2xURrkzfRpMWrlfGEDAbIfs3h3a76s3hEoMZAYYMG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https://*.1fbusa.com *.leadsrx.com *.hubspot.com *.hubapi.com *.google-analytics.com *.doubleclick.net *.facebook.com *.snapchat.com; font-src 'self' *.hubspot.com *.cloudflare.com; img-src 'self' *.hubspot.com *.hubspot.net *.hsappstatic.net *.google.com *.google-analytics.com *.leadsrx.com *.snapchat.com *.facebook.com; script-src 'self' *.cloudflare.com *.googletagmanager.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net sc-static.net *.leadsrx.com *.google-analytics.com *.facebook.net *.snapchat.com 'unsafe-inline'; style-src 'self' *.cloudflare.com *.hsappstatic.net 'unsafe-inline'; upgrade-insecure-requests 1
block-all-mixed-content; frame-ancestors *.cisco.com *.devnetcloud.com;frame-src docs.google.com www.youtube.com www.youtube-nocookie.com; report-uri https://qoeujrgmve.execute-api.ap-northeast-1.amazonaws.com/prod/report 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tilde.zone; img-src 'self' data: blob: https://tilde.zone https://media.tilde.zone; style-src 'self' https://tilde.zone 'nonce-0IJphF44k7XkdHenFWhjWQ=='; media-src 'self' data: https://tilde.zone https://media.tilde.zone; frame-src 'self' https:; manifest-src 'self' https://tilde.zone; form-action 'self'; child-src 'self' blob: https://tilde.zone; worker-src 'self' blob: https://tilde.zone; connect-src 'self' data: blob: https://tilde.zone https://media.tilde.zone wss://tilde.zone; script-src 'self' https://tilde.zone 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * boxtec.ch *.boxtec.ch *.boxtec.shop boxtec.shop *.boxtec.eu boxtec.eu *.tisnet.ch tisnet.ch telemedia.ch *.telemedia.ch; object-src 'none' 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.zoom.us zoom.us wss://*.zoom.us www.bing.com *.virtualearth.net connect.facebook.net www.google-analytics.com ajax.googleapis.com www.googletagmanager.com data:; connect-src *; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://*.workable.com/ https://workable.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.googleadservices.com/ https://vimeo.com/ https://www.vimeo.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.linkedin.com/ https://*.6sc.co/ https://px.ads.linkedin.com/ https://*.wp.com/ https://snap.licdn.com/ https://tracking.g2crowd.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://js.qualified.com/ https://bat.bing.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/ https://paymerangprd.wpenginepowered.com/ https://crm.zoho.com/ https://*.wistia.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://js.hscta.net/ https://*.hubspot.com/ https://static.hsappstatic.net/ https://*.usemessages.com/ https://*.hs-banner.com/ https://*.hubspot.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hs-scripts.com/ https://*.hubspotfeedback.com/ https://feedback.hubapi.com/ https://dcvxs6ggqztsa.cloudfront.net/; img-src 'self' data: blob: https://www.google.com https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://*.cdninstagram.com/ https://*.vimeo.com/ https://www.vimeo.com/ https://*.ytimg.com/ https://*.twimg.com/ https://platform.twitter.com/ https://secure.gravatar.com/ https://d10lpsik1i8c69.cloudfront.net/ https://*.6sc.co/ https://*.wp.com/ https://*.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://*.adsymptotic.com/ https://bat.bing.com/ https://paymerangprd.wpenginepowered.com/ https://*.wistia.com/ https://js.hscta.net/ https://no-cache.hubspot.com/ https://*.hubspot.com/ https://*.hubspot.net/ https://cdn2.hubspot.net/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://vimeo.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://*.wp.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://app.qualified.com/ https://paymerang.zoom.us/ https://paymerangprd.wpenginepowered.com/ https://*.hubspot.com/ https://*.hs-sites.com/ https://*.hubspot.net/ https://play.hubspotvideo.com/ https://*.hsforms.net/ https://*.hsforms.com/; frame-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://vimeo.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://*.wp.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://app.qualified.com/ https://paymerang.zoom.us/ https://paymerangprd.wpenginepowered.com/ https://*.hubspot.com/ https://*.hs-sites.com/ https://*.hubspot.net/ https://play.hubspotvideo.com/ https://*.hsforms.net/ https://*.hsforms.com/; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.mygeekbox.co.uk https://m.mygeekbox.co.uk https://checkout.mygeekbox.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors https://cast-iron.frb.io https://www.castiron.media 1
connect-src 'self' https://www.google-analytics.com/ https://*.analytics.google.com/g/ https://*.google-analytics.com/g/ https://www.google.co.uk/ads/ https://pagead2.googlesyndication.com/pagead/buyside_topics/ https://l.getsitecontrol.com/ https://forms.pib-insurance.com/   https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/request/ https://cdn-ukwest.onetrust.com/logos/ https://stats.g.doubleclick.net/ https://api.feefo.com/api/ https://collect.feefo.com/api/  https://d.adroll.com/ https://app.responseiq.com/ https://in.hotjar.com/api/ https://content.hotjar.io/ https://csmetrics.hotjar.com/ wss://ws.hotjar.com/api/ https://metrics.hotjar.io/ https://vc.hotjar.io/sessions/ https://surveystats.hotjar.io/ https://metrics.hotjar.io/ https://respondent.survicate.com/ https://www.youtube.com/ https://player.vimeo.com/; default-src 'none'; font-src 'self' https://fonts.gstatic.com/ https://cdn.jotfor.ms/fonts/ https://surveys-static.survicate.com/fonts/ https://storage.googleapis.com/static.responseiq.com/; form-action 'self' https://forms.pib-insurance.com/ https://forms.pib-insurance.com/submit/; frame-ancestors 'self'; frame-src 'self' https://app-widgets.jotform.io/ https://forms.pib-insurance.com/ https://pibgroup.jotform.com/ https://www.youtube.com/ https://player.vimeo.com/ https://6024010.fls.doubleclick.net/ https://td.doubleclick.net/; img-src 'self' https://d.adroll.com/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.google.com/ads/ https://www.google.co.uk/ads/ https://cm.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://ad.doubleclick.net/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/ https://api.feefo.com/ https://register.feefo.com/ https://www.google.co.uk/ads/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://forms.pib-insurance.com/ https://cdn.jotfor.ms/images/ https://cdn-ukwest.onetrust.com/logos/ https://ups.analytics.yahoo.com/ data: https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com/ https://api.responseiq.com/api/ https://storage.responseiq.com/files/images/ https://x.bidswitch.net/ https://dsum-sec.casalemedia.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://sync.outbrain.com/ https://image2.pubmatic.com/ https://sync.taboola.com/ https://eb2.3lift.com/ https://ib.adnxs.com/ https://reporting.homelet.co.uk/cgi-bin/; media-src 'self' data: https://www.snapengage.com/sounds/; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.co.uk/ads/ https://js.jotform.com/vendor/ https://cdnjs.cloudflare.com/ajax/libs/punycode/ https://forms.pib-insurance.com/ https://cdn-ukwest.onetrust.com/consent/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://s.adroll.com/ https://d.adroll.com/ https://googleads.g.doubleclick.net/pagead/ https://www.googleadservices.com/pagead/ https://www.google.com/pagead/ https://api.feefo.com/api/javascript/homelet https://register.feefo.com//feefo-widget-v2/js/ https://l.getsitecontrol.com/ https://static.hotjar.com/c/ https://script.hotjar.com/ https://survey.survicate.com/workspaces/ https://surveys-static.survicate.com/  https://reporting.homelet.co.uk/cgi/wcjs https://cdn-sitegainer.com/ https://connect.facebook.net/ https://app.responseiq.com/ https://static.responseiq.com/ https://storage.googleapis.com/code.snapengage.com/js/ https://www.snapengage.com/chatjs/ 'unsafe-hashes' 'sha256-0TRvto3FHx0ZrDontsUc9Cy4HTqqcHHt7KeuuxvhIqs=' 'sha256-2RyuMIS8WWxVbyP76V6Aa1gT+S4Ljo3I9vrxI/4octE=' 'sha256-4RbFnWHnySUJmVxn8Aj6iIXAcNIaQJaGhshqg5etR/c=' 'sha256-5TlZ83t3YdaOBUonWcoKiEa8hKijkcGL11/vERYYw3E=' 'sha256-7T+pAFY6VmznJK7nIgNQr1KC6fObdBB1ESj9MBNgauE=' 'sha256-7WQSX3BNG5BMWpK8nGeguj2VlVAJyYMRNlnhTyqSewU=' 'sha256-8rSBW6+nULeD2ygVkbGrZW/BIK8tjhVbAK89HlsV1Aw=' 'sha256-9J+qwDQD/uC8j3z7BMDIL5cJzuc7U/GEXezjqsK10sc=' 'sha256-9w2xroqhd+3/KYo4tOoFZ44nmvyuBcS8cikwFpE/Ia4=' 'sha256-A8XKBo7M8dQehHBEi9BWXHcaNUuCtNL3k2dLcq1ievE=' 'sha256-ACc8nI5S9iUGF+HtjCA8im3HJfnC90AvCA3FiT5JBZg=' 'sha256-ACs5+KOw75v3urFQEsB5e7tzTSIP51LOzupNLQWm2b8=' 'sha256-bF8r26zTgoV54el8vM6SmQM2cDi7eKamqMzRYptieWw=' 'sha256-BYN5UFg8gGdZuvxKLiTHFc/5KVEKDl4NhFNgjiCAq/Q=' 'sha256-E9waXliy9KrNXNr48LZzM6y1keSfw223fzfKf2stNKM=' 'sha256-eRnvLNS2cMSjkLLanUaryPiU5DCqquJh0kl4ZuGJWZo=' 'sha256-EUCOgcOjwCAo0UqR4Ep/FCXbq+NUM6Ggtau/g4S8Es0=' 'sha256-FbapCBdaEEJ54X8nIOMSi6CTIisMeuHh+lD/sbIQRBk=' 'sha256-FP2LPG2rDQAfQVkVzJZ5ef9s1Sb2IhnhfMhe9diNAgc=' 'sha256-Fw5/q/HhKqXZqKjD76iItfGJdF5A689w/3m1U2DdJWk=' 'sha256-HnkzNRFLLgjwc74pxTYfGg6UhmI0Vyz4Ze6dtfHMYQc=' 'sha256-Jdu1rvmHDqBF0a8JLliTQijBFhUrfolis+hO6TXUJfQ=' 'sha256-JNZf95H3oR5g6ShaA17h4DAY++0rKAvpvLUgX4/cG2M=' 'sha256-JQiWdm8VwS6Q0JNtBk39OmuD7dD8SfOM/Izmn8zoYp8=' 'sha256-l0LyGzAECDWGZIrBA17wWUUKFemjaH+7pnsPXD4QxJg=' 'sha256-LgToB2yMrE8BspIZ6p3N9nUPIzDbTM97aY17oqrIR9U=' 'sha256-lUfV9yaBKKEcJL7IWUmn1nnCX1Yy6rSgDjA6NbjzEe4=' 'sha256-MI2UJF4NO61cRxaNMEcp4zhPVhtAz7GfJ9XHL3cAkYw=' 'sha256-TbWGvHttlK3LWbwwB5YLKE/Kk0B8SXoFhJVuyK1nuj4=' 'sha256-5TlZ83t3YdaOBUonWcoKiEa8hKijkcGL11/vERYYw3E='; style-src 'self' https://fonts.googleapis.com/ https://forms.pib-insurance.com/ https://cdn.jotfor.ms/fonts/ https://surveys-static.survicate.com/fonts/ 'unsafe-inline' https://register.feefo.com//feefo-widget-v2/ https://static.responseiq.com/; report-uri https://homelet.co.uk/report-csp; report-to https://homelet.co.uk/report-csp; 1
frame-ancestors https://*.backline-health.com; 1
frame-ancestors 'self' http://localhost; 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net mc.yandex.ru; style-src 'self' 'unsafe-inline'; object-src 'none'; font-src 'self' data:; 1
frame-ancestors https://*.nrla.org.uk https://engage.talkative.uk https://ignite.mitel.com 1
frame-ancestors *.youtube.com *.pearsoncmg.com *.pearsonsupport.com *.pearson.com *.ecollege.com *.mathxl.com; 1
default-src 'self' data: https:; font-src https:; img-src 'self' data: https: *.google-analytics.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://player.vimeo.com https://sealserver.trustwave.com; script-src 'self' 'self' https: https://hcaptcha.com 'unsafe-inline' *.google-analytics.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://freddyfeedback.com/widget/freddyfeedback.js wss://ws-mt1.pusher.com https://player.vimeo.com https://sealserver.trustwave.com; connect-src 'self' https: *.google-analytics.com https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://freddyfeedback.com/widget/freddyfeedback.js ws: https://sealserver.trustwave.com https://player.vimeo.com; form-action 'self'; object-src 'none' 1
frame-ancestors 'self' *.mercyone.org *.authorize.net; 1
default-src 'self' myinwebo.com *.myinwebo.com ult-inwebo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' myinwebo.com *.myinwebo.com ult-inwebo.com data:; frame-src 'self' myinwebo.com *.myinwebo.com ult-inwebo.com data: inwebo:; 1
default-src 'self' *.google.com *.googleanalytics.com *.googleapis.com *.gstatic.com *.hsforms.net *.kustomer.com *.visualwebsiteoptimizer.com *.vwo.com blob: https://www.kustomer.com; connect-src 'self' *.6sc.co *.adnxs.com *.adroll.com *.akamaihd.net *.bing.com *.chilipiper.com *.clarity.ms *.clearbit.com *.company-target.com *.cookiepro.com *.crwdcntrl.net *.doubleclick.net *.facebook.com *.g.doubleclick.net *.getnitropack.com *.google-analytics.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hubapi.com *.hubspot.com *.instagram.com *.kustomer.com *.kustomerapp.com *.litix.io *.mktoresp.com *.mktoutil.com *.nitrocdn.com *.omappapi.com *.pndsn.com *.taboola.com *.visualwebsiteoptimizer.com *.vwo.com *.weglot.com *.wistia.com *.z1.dca0.com cdn-api-weglot.com data: wss: https://*.ads.linkedin.com https://*.browser-intake-datadoghq.com https://*.twitter.com https://api.ipgeolocation.io/ipgeo https://api.opmnstr.com https://cdn.jsdelivr.net/sm/faf6d55098e1508e734b8d46d24275dfab989387daf0f743d27321af0d2cdf5b.map https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://hubspot-forms-static-embed.s3.amazonaws.com https://logs.browser-intake-datadoghq.com https://pagead2.googlesyndication.com https://s3.amazonaws.com/kustomer-prod1-attachments https://sessions.bugsnag.com https://t.co https://translate.googleapis.com https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink https://www.kustomer.com https://cdn-adihc.nitrocdn.com/ https://to.getnitropack.com/; font-src 'self' * data: https://www.kustomer.com https://cdn-adihc.nitrocdn.com/; frame-src 'self' *.ceros.com *.chilipiper.com *.demandbase.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.instagram.com *.kustomer.com *.kustomerapp.com *.moz.com *.nitrocdn.com *.soundcloud.com *.spreaker.com *.vimeo.com *.visualwebsiteoptimizer.com *.vwo.com *.wistia.net bugcrowd.com https://*.doubleclick.net https://*.hs-sites.com https://hubspot-forms-static-embed.s3.amazonaws.com https://insight.adsrvr.org http://kustomer.kustomer.help https://kustomer.kustomer.help https://match.adsrvr.org https://tsdtocl.com https://www.brighttalk.com https://www.googletagmanager.com https://www.youtube.com https://www.kustomer.com data:; child-src 'self' *.ceros.com *.chilipiper.com *.demandbase.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.instagram.com *.kustomer.com *.kustomerapp.com *.moz.com *.nitrocdn.com *.soundcloud.com *.spreaker.com *.vimeo.com *.visualwebsiteoptimizer.com *.vwo.com *.wistia.net bugcrowd.com https://*.doubleclick.net https://*.hs-sites.com https://hubspot-forms-static-embed.s3.amazonaws.com https://insight.adsrvr.org http://kustomer.kustomer.help https://kustomer.kustomer.help https://match.adsrvr.org https://tsdtocl.com https://www.brighttalk.com https://www.googletagmanager.com https://www.youtube.com https://www.kustomer.com blob:; img-src 'self' * data: https://www.kustomer.com https://cdn-adihc.nitrocdn.com/; media-src 'self' * blob: data: https://www.kustomer.com; object-src 'self' *.hsforms.net *.kustomer.com https://*.wistia.com https://www.kustomer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.6sc.co *.adroll.com *.ads-twitter.com *.bing.com *.bizible.com *.brighttalk.com *.bugcrowdusercontent.com *.capterra.com *.ceros.com *.chilipiper.com *.clarity.ms *.clearbit.com *.clearbitjs.com *.clearbitscripts.com *.company-target.com *.cookiepro.com *.crwdcntrl.net *.dca0.com *.demandbase.com *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleanalytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hubapi.com *.hubspot.com *.instagram.com *.jquery.com *.kustomer.com *.kustomerapp.com *.licdn.com *.marketo.net *.nitrocdn.com *.omappapi.com *.onetrust.com *.opmnstr.com *.polyfill.io *.spreaker.com *.taboola.com *.twitter.com *.visualwebsiteoptimizer.com *.vwo.com *.weglot.com *.wistia.com *.wistia.net blob: bugcrowd.com data: https://*.datadoghq-browser-agent.com https://*.sentry-cdn.com https://amplify.outbrain.com https://api.ipgeolocation.io/ipgeo https://cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.1.0/ipgeolocation.min.js https://cdn.pdst.fm/ping.min.js https://d.adroll.mgr.consensu.org https://dev.visualwebsiteoptimizer.com/j.php https://hubspot-forms-static-embed.s3.amazonaws.com https://js.adsrvr.org/up_loader.1.1.0.js https://js.chilipiper.com/marketing.js https://nitroscripts.com https://ssl.geoplugin.net https://ssl.geoplugin.net/javascript.gp https://www.redditstatic.com/ads/pixel.js https://www.kustomer.com https://cdn-adihc.nitrocdn.com/; style-src 'self' 'unsafe-inline' * https://www.kustomer.com blob: 'unsafe-eval' https://cdn-adihc.nitrocdn.com/; worker-src 'self' *.kustomer.com blob: https://www.kustomer.com https://cdn-adihc.nitrocdn.com/; report-uri https://www.kustomer.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=37c4415ff5 1
frame-ancestors https://myaccount.mnpower.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: https://www.clarity.ms/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net/ https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://www.clarity.ms/ https://restcountries.eu/rest/ https://www.google-analytics.com https://bam.nr-data.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.google.com/recaptcha/ https://recaptcha.net/  https://www.youtube.com; img-src 'self' data: blob: https:; media-src https://cdn.mysalemarketplace.com; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.jquery.com *.googleapis.com piwik.engitel.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' data:; font-src 'self'; img-src 'self' data: piwik.engitel.com; frame-src 'self' *.google.com 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.facebook.net pghub.io *.crazyegg.com *.tapad.com feed.pghub.io ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org www.facebook.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.crazyegg.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://virtualshowroom.navico.com 1
default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://code.jquery.com/ cdnjs.cloudflare.com *.googletagmanager.com https://cdn.cookielaw.org/ https://assets.mcb.mu/ https://assets.mcb.group/ *.azureedge.net *.fontawesome.com *.dynamics.com *.oraclecloud.com *.oracleinfinity.io maps.google.com *.trueengage.com webrtc.github.io unpkg.com cdn.jsdelivr.net *.licdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://assets.mcb.mu/ https://unpkg.com/ https://assets.mcb.group/ *.oraclecloud.com *.oracle.com *.trueengage.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://assets.mcb.group/ https://assets.mcb.group/ cdn.cookielaw.org *.transparenttexture.com *.dynamics.com *.oraclecloud.com *.mcbgroup.com mcbgroup.com maps.google.com maps.googleapis.com *.trueengage.com *.google.mu; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com assets.mcb.group *.oraclecloud.com data:; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com analytics.google.com *.gstatic.com *.frontify.com *.cloudinary.com https://socialplugin.facebook.net/ https://cdn.cookielaw.org/ *.dynamics.com geolocation.onetrust.com *.oraclecloud.com maps.googleapis.com *.trueengage.com *.onetrust.com *.doubleclick.net; media-src 'self' data: blob: *.frontify.com *.cloudinary.com *.oraclecloud.com *.trueengage.com ;child-src 'self' https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://research.mcbgroup.com/ *.dynamics.com *.oraclecloud.com; frame-src 'self' http://www.youtube.com https://www.google.com/  http://www.youtube-nocookie.com *.dynamics.com youtu.be *.oraclecloud.com *.mcbgroup.com *.trueengage.com; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; object-src 'none'; worker-src 'none'; child-src 'none'; frame-src 'none'; connect-src 'self'; form-action 'self'; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.io.gov.mo; 1
report-uri https://a17cannon.report-uri.com/r/d/csp/enforce;base-uri 'self';connect-src 'self' https: https://198vod-adaptive.akamaized.net https://region1.google-analytics.com https://px.ads.linkedin.com https://www.google-analytics.com https://forms.hsforms.com/ https://forms.hubspot.com/ https://api.hubapi.com/ https://133vod-adaptive.akamaized.net https://player.vimeo.com https://stats.g.doubleclick.net https://js.hs-banner.com https://cdn.linkedin.oribi.io https://www.google.com/recaptcha/enterprise.js https://hubspot-forms-static-embed.s3.amazonaws.com https://translate.googleapis.com https://88vod-adaptive.akamaized.net https://y.clarity.ms https://q.clarity.ms https://u.clarity.ms https://v.clarity.ms https://p.clarity.ms https://r.clarity.ms https://x.clarity.ms *.clarity.ms;default-src 'self';form-action 'self' https://forms.hsforms.com;img-src 'self' data: https:;media-src 'self' https: blob:;object-src 'self';script-src 'self' 'unsafe-eval' https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://connect.facebook.net https://js.hsforms.net/forms/v2.js https://js.hs-scripts.com/560679.js 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://js.hs-banner.com/560679.js https://js.hs-analytics.net/analytics/1678288500000/560679.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.hs-analytics.net https://boards.greenhouse.io https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://snap.licdn.com https://www.clarity.ms 'sha256-NQfc27RODJMCUmaqjMwdfn4W0gAOlXht1ZZm3Yldg8E=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-MkW+m5y8pBcpylY2TLHx3Uv6bgvUH8xt+8IxKoq0c1c=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'nonce-ybMPMfDyUlGSlmIfquC9Ly0hdP70x9Mn';style-src 'self' 'unsafe-inline' 'unsafe-hashes' https:;frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://boards.greenhouse.io/ https://www.google.com https://player.vimeo.com https://www.cannondesign.com https://forms.hsforms.com;font-src 'self' https: data:;worker-src blob: 1
img-src https: data: 'self';default-src https: 'self' 'unsafe-inline' 'unsafe-eval';connect-src https: wss: data: 'self' 1
default-src 'none'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' *.6sc.co *.ads-twitter.com *.bing.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.globant.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.intercom.io *.intercomcdn.com *.linkedin.com *.livechatinc.com *.pardot.com *.starmeup.com https://acuityplatform.com/Adserver/pxlj/7113490242530631700 https://analytics.twitter.com https://cdn.chatcenter.net https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://optimize.google.com https://snap.licdn.com https://t.co https://tags.crwdcntrl.net https://www.googleoptimize.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.linkedin.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://stackpath.bootstrapcdn.com; img-src 'self' *.6sc.co *.adsymptotic.com *.bing.com *.capterra.com *.facebook.com *.google-analytics.com *.google.com *.google.com.ar *.google.com.co *.googletagmanager.com *.gstatic.com *.intercomassets.com *.intercomcdn.com *.linkedin.com *.starmeup.com data: https://analytics.twitter.com https://optimize.google.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://t.co https://www.linkedin.com; font-src 'self' *.intercomcdn.com *.linkedin.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; connect-src 'self' *.6sc.co *.6sense.com *.adnxs.com *.bing.com *.crwdcntrl.net *.facebook.com *.globant.com *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.intercom.io *.linkedin.com *.livechatinc.com *.starmeup.com https://analytics.twitter.com https://api.ipify.org https://bv03yp18t7.execute-api.us-east-1.amazonaws.com/prod https://ipapi.co https://stats.g.doubleclick.net https://t.co ws:; frame-ancestors 'self' *.starmeup.com https://teams.microsoft.com; form-action 'self' *.facebook.com *.globant.com *.starmeup.com https://more.globant.com/l/497451/2020-05-27/4dz91q https://more.globant.com/l/497451/2020-09-18/4lrmjg https://more.globant.com/l/497451/2020-11-19/4t5d9v https://more.globant.com/l/497451/2021-06-08/56nt2n https://more.globant.com/l/497451/2022-03-07/5w7tpk https://more.globant.com/l/497451/2022-03-08/5w9b5y https://more.globant.com/l/497451/2022-04-08/6217pd https://more.globant.com/l/497451/2022-04-08/6217sh; frame-src 'self' *.doubleclick.net *.facebook.com *.linkedin.com *.starmeup.com https://accounts.google.com https://apis.google.com https://optimize.google.com https://recaptcha.google.com/recaptcha/ https://secure.livechatinc.com/ https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://teams.microsoft.com; media-src 'self' data: blob: *.starmeup.com *.amazonaws.com 1
frame-ancestors 'self'                    cbsplit.com       cms.cbsplit.com ; 1
default-src *;img-src * 'self' data: https: https://cdn.sekerbank.com.tr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 1
default-src 'self' blob: player.vimeo.com s.adroll.com *.quantserve.com fonts.gstatic.com fonts.googleapis.com js.stripe.com *.google.com js.intercomcdn.com js.stripe.com 'unsafe-inline'; script-src 'self' app.titanfile.com www.google-analytics.com *.intercom.io cdn-cookieyes.com cdn.jsdelivr.net js.intercomcdn.com cdn.trustindex.io cdnjs.cloudflare.com *.googleapis.com *.google.com *.gstatic.com www.googletagmanager.com www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.doubleclick.net snap.licdn.com https://*.facebook.net https://cdn.ampproject.org https://*.hotjar.com/ https://assets.calendly.com/ *.visualwebsiteoptimizer.com app.vwo.com my.hellobar.com js.stripe.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.titanfile.com www.google-analytics.com log.cookieyes.com cdn-cookieyes.com stats.g.doubleclick.net https://pro.ip-api.com https://api.hellobar.com wss: *.intercom.io https://cdn.ampproject.org/ https://*.hotjar.com/ https://*.hotjar.io/ px.ads.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com; img-src * blob: data: https://www.google-analytics.com https://optimize.google.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com 'self'; style-src 'self' use.fontawesome.com fonts.googleapis.com www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net/ code.jquery.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com 'unsafe-inline'; base-uri 'self'; form-action 'self' *.titanfile.com https://www.facebook.com/; font-src 'self' cdn.trustindex.io data: js.intercomcdn.com optimize.google.com fonts.gstatic.com; frame-src 'self' https://optimize.google.com https://www.google.com https://player.vimeo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://*.zoom.us/ https://calendly.com/ app.vwo.com *.visualwebsiteoptimizer.com td.doubleclick.net js.stripe.com; worker-src blob: 1
default-src 'self' 'unsafe-inline' data: ;     script-src 'self' 'unsafe-inline'  'unsafe-hashes' 'unsafe-eval' ;      style-src  'self' 'unsafe-inline'  'unsafe-hashes' ;      img-src * blob: ;     font-src * data: ;     connect-src *;     style-src-elem * 'unsafe-inline';    script-src-elem * 'unsafe-inline';    frame-src 'self' https://www.youtube.com; 1
child-src bid.g.doubleclick.net js.stripe.com tpc.googlesyndication.com *.clarity.ms vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; connect-src 'self' data: blob: *.onfido.com wss://*.onfido.com clarity.microsoft.com *.clarity.ms snappcar.nl dzklgi3s0q69j.cloudfront.net api.woosmap.com api-js.mixpanel.com api.snappcar.de api.snappcar.nl api2.branch.io apitst1.snappcar.nl ekr.zdassets.com snappcar.zendesk.com app.getsitecontrol.com in.hotjar.com stats.g.doubleclick.net tst1.snappcar.nl *.hotjar.com wss://*.hotjar.com vc.hotjar.io wss://api.snappcar.de wss://api.snappcar.nl wss://apitst1.snappcar.nl www.facebook.com www.google-analytics.com www.google.com www.snappcar.nl api.trustpilot.com ka-f.fontawesome.com sentry.io bat.bing.com rum-collector-2.pingdom.net unpkg.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com    https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com; default-src 'self' api.snappcar.de api.snappcar.nl bid.g.doubleclick.net cdn.snappcar.nl connect.facebook.net googleads.g.doubleclick.net linkmaker.itunes.apple.com sentry.io st.getsitecontrol.com stats.g.doubleclick.net web.facebook.com widget.trustpilot.com widgets.getsitecontrol.com wss://api.snappcar.de wss://api.snappcar.nl www.facebook.com www.google-analytics.com www.google.nl www.googleadservices.com www.googletagmanager.com ajax.googleapis.com api-js.mixpanel.com api.trustpilot.com api2.branch.io app.getsitecontrol.com appleid.cdn-apple.com assets.customer.io blog.snappcar.nl cdn.branch.io cdn.mxpnl.com cdn.siftscience.com dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com in.hotjar.com js.stripe.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com   maps.gstatic.com script.hotjar.com static.hotjar.com track.customer.io vars.hotjar.com vc.hotjar.io *.clarity.ms www.gstatic.com www.snappcar.nl www.youtube.com www.lt45.net www.google.ie bat.bing.com heiseonline.github.io rum-collector-2.pingdom.net rum-static.pingdom.net unpkg.com  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com; font-src 'self' connect.facebook.net d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net fonts.googleapis.com fonts.gstatic.com js.stripe.com ka-f.fontawesome.com kit-free.fontawesome.com optimize.google.com script.hotjar.com snappcar st.getsitecontrol.com static.hotjar.com *.clarity.ms staticxx.facebook.com use.fontawesome.com vars.hotjar.com web.facebook.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com youtube.com maxcdn.bootstrapcdn.com  https://*.hotjar.com data 'unsafe-inline' data:; frame-src bid.g.doubleclick.net js.stripe.com optimize.google.com tpc.googlesyndication.com *.clarity.ms vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com 10281877.fls.doubleclick.net  https://*.googleapis.com *.google-analytics.com *.analytics.google.com    https://*.hotjar.com  https://consentcdn.cookiebot.com; img-src 'self' https://assets.onfido.com/ www.googleadservices.com theme.zdassets.com accounts.google.com apitst1.snappcar.nl app.getsitecontrol.com blog.snappcar.nl cbks0.googleapis.com cdn.branch.io cdn.snappcar.nl connect.facebook.net www.snappcar.nl d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net emailsignature.trustpilot.com *.clarity.ms googleads.g.doubleclick.net hexagon-analytics.com l.facebook.com l.instagram.com linkmaker.itunes.apple.com lt45.net maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com   maps.gstatic.com pagead2.googlesyndication.com snappcarblogse.files.wordpress.com stats.g.doubleclick.net track.customer.io tst1.snappcar.nl web.facebook.com www.adyen.com www.facebook.com www.google-analytics.com www.google.com www.google.de www.google.nl www.googletagmanager.com www.gstatic.com www.lt45.net www.snappcar.de www.google.ie bat.bing.com data data: s3-eu-west-1.amazonaws.com d2j07qayxax6cc.cloudfront.net media.getsitecontrol.com  https://*.hotjar.com; media-src dzklgi3s0q69j.cloudfront.net  https://*.hotjar.com; script-src-elem 'self' cdn.polyfill.io static.zdassets.com adservice.google.com ajax.googleapis.com api.mixpanel.com api.snappcar.de api.snappcar.nl apitst1.snappcar.nl app.link appleid.cdn-apple.com assets.customer.io cdn.branch.io cdn.mxpnl.com cdn.siftscience.com cdn.snappcar.nl code.jquery.com connect.facebook.net d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net facebook.com getsitecontrol.com googleads.g.doubleclick.net clarity.microsoft.com *.clarity.ms hotjar.com hotjar.io itunes.apple.com js.stripe.com ka-f.fontawesome.com kit.fontawesome.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com   mixpanel.com optimize.google.com script.hotjar.com sentry.io st.getsitecontrol.com static.hotjar.com stats.g.doubleclick.net tpc.googlesyndication.com widget.trustpilot.com widgets.getsitecontrol.com ws2.hotjar.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.snappcar.nl www.youtube.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com 'unsafe-inline' bat.bing.com heiseonline.github.io rum-static.pingdom.net snappcar.nl unpkg.com cdn.jsdelivr.net  https://*.hotjar.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com; script-src 'self' cdn.polyfill.io code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com static.zdassets.com assets.zendesk.com ajax.googleapis.com app.link appleid.cdn-apple.com assets.customer.io cdn.branch.io cdn.mxpnl.com cdn.siftscience.com connect.facebook.net clarity.microsoft.com *.clarity.ms dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com   script.hotjar.com st.getsitecontrol.com static.hotjar.com tpc.googlesyndication.com widget.trustpilot.com widgets.getsitecontrol.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com maxcdn.bootstrapcdn.com  https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' bat.bing.com heiseonline.github.io rum-static.pingdom.net d3ef8kpmd7tehc.cloudfront.net unpkg.com; style-src-elem 'self' dzklgi3s0q69j.cloudfront.net fonts.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com   optimize.google.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com 'unsafe-inline' snappcar.nl  https://*.hotjar.com; style-src 'self' dzklgi3s0q69j.cloudfront.net stackpath.bootstrapcdn.com fonts.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com    https://*.hotjar.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors * 1
frame-ancestors https://puls.com https://*.puls.com https://ownerly.com https://*.ownerly.com https://essentialhomeandgarden.com https://*.essentialhomeandgarden.com https://homeappliancehero.com https://todayrepairs.com/ https://machinelounge.com https://devpuls.com https://*.devpuls.com http://localhost:3000; default-src * 'unsafe-inline' 'unsafe-eval'; font-src data: *; img-src data: blob: * 1
upgrade-insecure-requests; sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-by-user-activation; style-src translate.googleapis.com 'report-sample' 'unsafe-inline' *.gstatic.com 'self' chat.serverius.net *.serverius.net translate.google.com *.youtube.com; base-uri 'self' chat.serverius.net *.youtube.com; default-src chat.serverius.net *.youtube.com; font-src *.typekit.net *.gstatic.com 'self' fonts.googleapis.com chat.serverius.net data: *.serverius.net *.youtube.com; img-src telegram.org *.ytimg.com *.gstatic.com 'self' chat.serverius.net *.youtube.com data: *.serverius.net translate.google.com; frame-ancestors 'self' chat.serverius.net *.youtube.com; frame-src tel: mailto: 'self' chat.serverius.net *.youtube.com; script-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net translate.google.com; media-src 'self' chat.serverius.net *.youtube.com; script-src translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net translate.google.com 'unsafe-eval' *.youtube.com; connect-src 'self' chat.serverius.net *.serverius.net *.wpforms.com *.youtube.com; form-action 'self' chat.serverius.net; style-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com chat.serverius.net *.serverius.net translate.google.com; report-uri /.well-known/csp/e5a0feaa-d6de-4d31-80f7-710621f76cc8 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.discordapp.com discord.com e.widgetbot.io *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 1
default-src 'self' 'unsafe-inline' https://revain.org https://ru.revain.org https://revain.com; connect-src 'self' wss://revain.org/api/v3/notifications wss://ru.revain.org/api/v3/notifications *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googlesyndication.com *.googleapis.com *.google-analytics.com stats.g.doubleclick.net facebook.com *.facebook.net *.facebook.com *.fbcdn.net cointelegraph.com *.cointelegraph.com linkedin.com *.linkedin.com request-global.czilladx.com *.cointraffic.io top-fwz1.mail.ru adx.adform.net prebid.smilewanted.com a.teads.tv inv-nets.admixer.net hbopenbid.pubmatic.com prebid-eu.creativecdn.com bidder.criteo.com prg.smartadserver.com prebid-inv-eu.admixer.net static.criteo.net securepubads.g.doubleclick.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; font-src 'self' data: https://revain.org https://ru.revain.org https://revain.com fonts.googleapis.com fonts.gstatic.com yastatic.net kucoin-assets.s3-ap-southeast-1.amazonaws.com; frame-src 'self' https://revain.org https://ru.revain.org https://revain.com https://widgets.revain.org yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googlesyndication.com googleads.g.doubleclick.net facebook.com *.facebook.net *.facebook.com linkedin.com *.linkedin.com gleam.io coinzillatag.com request-global.czilladx.com *.cointraffic.io player.vimeo.com www.youtube.com gum.criteo.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://revain.org https://ru.revain.org https://revain.com images.revain.org *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net *.google-analytics.com *.gstatic.com facebook.com *.facebook.net *.facebook.com cointelegraph.com *.cointelegraph.com certify.alexametrics.com images.ctfassets.net *.cointraffic.io coinzillatag.com unpkg.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com securepubads.g.doubleclick.net www.google.co.in www.google.nl www.google.be googleads.g.doubleclick.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; manifest-src 'self' https://revain.org https://ru.revain.org https://revain.com; media-src 'self' data: blob: yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz https://revain.org https://ru.revain.org https://revain.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://revain.org https://ru.revain.org https://revain.com *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com certify-js.alexametrics.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com facebook.com *.facebook.net *.facebook.com linkedin.com *.linkedin.com cointelegraph.com *.cointelegraph.com *.cointraffic.io coinzillatag.com top-fwz1.mail.ru s.adroll.com s0.2mdn.net securepubads.g.doubleclick.net prebid-inv-eu.admixer.net cdn.admixer.net static.criteo.net cdn.ampproject.org adservice.google.co.in static.cloudflareinsights.com yastatic.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; style-src 'self' 'unsafe-inline' https://revain.org https://ru.revain.org https://revain.com yastatic.net *.adfox.ru *.googleapis.com; child-src 'self' blob: 1
frame-ancestors 'self' foxbit.com.br 1
script-src 'self' 'unsafe-eval' https://*.adform.net https://*.widgets.tryg.dk https://*.boost.ai https://cdn-sitegainer.com https://connect.facebook.net https://dawa.aws.dk https://fonts.googleapis.com https://googleads.g.doubleclick.net https://ipapi.co https://insight.bellmetric.net https://policy.app.cookieinformation.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://snap.licdn.com https://*.queue-it.net https://tags.tiqcdn.com https://talenthub.io https://track.adform.net https://trygdk.ankiro.dk https://*.tealiumiq.com https://*.telemetric.dk https://*.tryg.dk https://widget.trustpilot.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.penni-connect.io https://cdn.penni-connect.io https://www.talenthub.io https://s3.eu-central-1.amazonaws.com https://tracker.leadenhancer.com https://static.leadenhancer.info https://openapi.leadenhancer.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://activitymap.adobe.com https://*.albacross.com https://*.dev-dkcomwidgets.prd1.prdroot.net/ https://*.test-dkcomwidgets.prd1.prdroot.net/ https://*.uat-dkcomwidgets.prd1.prdroot.net/ https://*.uat-comwidgets.tryg.dk/ https://*.comwidgets.tryg.dk/ https://*.dkcomwidgets.prd1.prdroot.net/ https://gateway.zscloud.net cdn.appdynamics.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io static.queue-it.net tags.tryg.dk talenthub.io widget.trustpilot.com 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adform.net https://*.widgets.tryg.dk https://*.boost.ai https://cdn-sitegainer.com https://connect.facebook.net https://dawa.aws.dk https://fonts.googleapis.com https://googleads.g.doubleclick.net https://ipapi.co https://insight.bellmetric.net https://policy.app.cookieinformation.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://snap.licdn.com https://*.queue-it.net https://tags.tiqcdn.com https://talenthub.io https://track.adform.net https://trygdk.ankiro.dk https://*.tealiumiq.com https://*.telemetric.dk https://*.tryg.dk https://widget.trustpilot.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.penni-connect.io https://cdn.penni-connect.io https://www.talenthub.io https://s3.eu-central-1.amazonaws.com https://tracker.leadenhancer.com https://static.leadenhancer.info https://openapi.leadenhancer.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://activitymap.adobe.com https://*.albacross.com https://*.dev-dkcomwidgets.prd1.prdroot.net/ https://*.test-dkcomwidgets.prd1.prdroot.net/ https://*.uat-dkcomwidgets.prd1.prdroot.net/ https://*.uat-comwidgets.tryg.dk/ https://*.comwidgets.tryg.dk/ https://*.dkcomwidgets.prd1.prdroot.net/ http://10.91.148.20 https://gateway.zscloud.net cdn.appdynamics.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io static.queue-it.net tags.tryg.dk talenthub.io widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://*.tryg.dk https://gateway.zscloud.net  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.tryg.dk https://gateway.zscloud.net 1
default-src https://kredobank.com.ua; base-uri 'none'; connect-src https://kredobank.com.ua maps.googleapis.com online.kredobank.com.ua data: https: mailto:; font-src https://kredobank.com.ua data: https: http:; form-action https://kredobank.com.ua; frame-ancestors https://kredobank.com.ua; frame-src https://kredobank.com.ua www.youtube.com www.portmone.com.ua px.adhigh.net online.kredobank.com.ua; img-src https://kredobank.com.ua maps.google.com maps.gstatic.com online.kredobank.com.ua data: http: https:; manifest-src https://kredobank.com.ua; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://kredobank.com.ua ajax.googleapis.com maxcdn.bootstrapcdn.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com portmone.com.ua online.kredobank.com.ua https:; style-src 'self' 'unsafe-inline' 'report-sample' https://kredobank.com.ua fonts.googleapis.com online.kredobank.com.ua https:; worker-src 'none' 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=cLZSV9JRtJWoVRV%2B9afz11VGjCOcCHw1wwcWUzy9xB1O5Zjke0y94ua%2BXHaVk6nq702m6YreraqO6%2BvMJQkGMQ%3D%3D; 1
frame-ancestors 'self'; report-uri https://sentry.io/api/117329/security/?sentry_key=474a4252f48648649d7a97b86890eed3 1
default-src 'self'  'unsafe-inline' ;  1
upgrade-insecure-requests; default-src 'self' data: *.facebook.com *.google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.exoweb.ca *.rapide.net; object-src 'none'; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.facebook.net *.googleapis.com *.exoweb.ca *.rapide.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.exoweb.ca *.rapide.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.exoweb.ca *.rapide.net; child-src 'self' ; font-src 'self' *.gstatic.com ; frame-src 'self' *.google.com *.facebook.com ; frame-ancestors 'none' ; block-all-mixed-content ; 1
frame-ancestors 'self' ailabtools.com *.ailabtools.com 1
default-src 'self' https://www.google.com; img-src 'self'  *.tinymce.com *.tiny.cloud https://cochinshipyard.com data: blob:; style-src 'self' *.tinymce.com *.tiny.cloud 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self'  https://fonts.gstatic.com  *.tinymce.com *.tiny.cloud data: ; script-src 'self'   'unsafe-inline' 'unsafe-eval' *.tinymce.com *.tiny.cloud; connect-src 'self' *.tinymce.com *.tiny.cloud; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.eu.usercentrics.eu https://sdp.eu.usercentrics.eu https://app.usercentrics.eu https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fast-static.smarketer.de https://fast.smarketer.de https://www.google.com https://www.youtube.com https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://app.usercentrics.eu/latest/main.js https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://static.b-ite.com https://cs-assets.b-ite.com https://api.usercentrics.eu https://tarteaucitron.io; frame-ancestors 'self' 1
frame-ancestors 'self' http://localhost:3000 http://localhost:4005 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 1
frame-ancestors 'self' hxa.stage.cosmicdev.com cms.heterodoxacademy.org 1
frame-ancestors https://getfoureyes.com https://*.getfoureyes.com https://4eyes.io https://*.4eyes.io 1
default-src 'self' *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com api-us1.cludo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com translate.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com unpkg.com www.googletagmanager.com translate.google.com customer.cludo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com customer.cludo.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com ka-f.fontawesome.com; img-src 'self' *.google.com *.gstatic.com *.googleapis.com https://www.wrh.noaa.gov *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.typekit.net stackpath.bootstrapcdn.com sjgov.org resource.sjgov.org customer.cludo.com; media-src 'self' data: blob: https://resource.sjgov.org/; frame-src 'self' https://sjc-gis.maps.arcgis.com/ https://*.google.com/ *.verkada.com https://www.uyt.co/ https://www.youtube.com/ https://childsupport.ca.gov/ https://feed.mikle.com https://www.dhs.gov *.twitter.com https://sanjoaquin.granicus.com/ https://www.publicpurchase.com/ www.facebook.com https://user.govoutreach.com/ https://publicrealtime.dm1.tech/ *.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.typekit.net stackpath.bootstrapcdn.com *.verkada.com *.twitter.com *.vimeo.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.verkada.com https://translate.googleapis.com *.cludo.com sjgov.org/; object-src 'self'; 1
upgrade-insecure-requests; default-src 'self' 'report-sample'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: *.authorize.net *.hotjar.com *.hotjar.io *.clarity.ms *.opendns.com https://cdnjs.cloudflare.com/ajax/libs/select2/ *.jwpcdn.com *.olark.com *.google.com *.ckeditor.com *.scorm.com *.google-analytics.com *.googletagmanager.com *.bing.com *.marchex.io https://stats.g.doubleclick.net *.doubleclick.net *.gstatic.com https://seal-alaskaoregonwesternwashington.bbb.org *.youtube-nocookie.com *.youtube.com *.youtu.be *.ytimg.com onlineed.api.oneall.com unpkg.com data:; object-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.olark.com *.onlineed.com *.onlineed.net *.googleapis.com *.ckeditor.com *.scorm.com *.bbb.org https://cdnjs.cloudflare.com/ajax/libs/select2/; img-src * data: blob: android-webview-video-poster:; media-src 'self' 'report-sample' blob: *.cloudfront.com *.onlineed.com *.onlineed.net *.google.com *.olark.com *.gstatic.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.ytimg.com; frame-src 'self' 'report-sample' *.authorize.net onlineed.api.oneall.com *.scorm.com *.ckeditor.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.vimeo.com *.olark.com *.google.com; font-src 'self' 'report-sample' *.olark.com *.hotjar.com *.gstatic.com http://fonts.gstatic.com *.google.com *.ckeditor.com *.jwpcdn.com data: blob: *.googleapis.com *.fontawesome.com; connect-src 'self' *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.clarity.ms https://s3.amazonaws.com/www.onlineed.com/ https://s3-us-west-2.amazonaws.com/onlineed-test/ *.opendns.com *.olark.com *.google.com *.onlineed.com *.googleapis.com *.onlineed.net *.bbb.org *.googletagmanager.com *.google-analytics.com https://stats.g.doubleclick.net *.doubleclick.net *.bing.com; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' http://www.inselhotel-poel.de http://*.m-vp.de; 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de *.usercentrics.eu www.openpetition.de; 1
default-src cartus.com *.cartus.com; script-src 'unsafe-inline' 'unsafe-eval' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.qumucloud.com *.trustarc.com *.googletagmanager.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; style-src 'unsafe-inline' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.qumucloud.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; img-src data: blob: https: cartus.com *.cartus.com *.googleapis.com *.google-analytics.com; frame-src data: blob: https: *.cartus.com *.qumucloud.com; font-src cartus.com *.gstatic.com *.cartus.com *.trustarc.com; connect-src cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.qumucloud.com *.gstatic.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com https: wss: 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=SG&lang=en-SG&device=desktop&yrid=4khk6e9iqufum&partner=; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.dk/adsid/integrator.js https://adservice.google.com/adsid/integrator.js http://pagead2.googlesyndication.com ajax.cloudflare.com www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com cdn.clicktale.net connect.facebook.net https://platform.twitter.com 1
frame-ancestors 'self' https://microapps.google.com https://freshpik.hostx5.de https://fynd.hostx5.de https://*.werafoods.com 1
default-src 'unsafe-inline' https: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self' https://*.laregione.ch 1
script-src 'self' https://cdn.heapanalytics.com https://heapanalytics.com 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://js.alpixtrack.com https://trackcmp.net https://js.adsrvr.org https://www.google.com https://a.optmnstr.com https://s.btstatic.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://bat.bing.com https://connect.facebook.net https://rec.smartlook.com https://www.gstatic.com https://s.thebrighttag.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://a.omappapi.com https://insight.adsrvr.org *.livechatinc.com *.youtube.com *.google.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://www.google.com.ph https://collector-9895.us.tvsquared.com https://cdn.callrail.com https://js.callrail.com https://lptag.liveperson.net https://accdn.lpsnmedia.net https://va.v.liveperson.net https://lpcdn.lpsnmedia.net *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://www.instagram.com https://widget.gleamjs.io https://acdn.adnxs.com/dmp/up/pixie.js https://jelly.mdhv.io https://live.chatmeter.com https://bat.bing.com https://pubads.g.doubleclick.net https://beacon.krxd.net https://ssl.google-analytics.com https://tag.simpli.fi https://i.simpli.fi https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://pixel.mathtag.com https://reachlocal.thinkingchat.com https://eu.thinkingchat.com https://www.reachlocallivechat.com https://cdn.rlets.com https://pix.cadent.tv https://tags.tiqcdn.com/utag/adtaxi/goodfeet.com/prod/utag.js https://tags.tiqcdn.com *.adroll.com https://jelly-v6.mdhv.io https://collector-31609.tvsquared.com https://tag.simpli.fi/sifitag/2179bee5-37ed-4376-86c0-1de94f789362; img-src 'self' https://www.goodfeet.com:* https://goodfeet.com:* https://heapanalytics.com https://alpixtrack.com https://tn.alphonso.tv https://bat.bing.com https://www.google.com https://www.google.com.ph https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com data: 'unsafe-eval' https://www.facebook.com https://cx.atdmt.com https://insight.adsrvr.org https://www.google-analytics.com https://a.omappapi.com https://connect.facebook.net https://dpm.demdex.net *.livechatinc.com *.youtube.com *.google.com https://www.googleadservices.com https://script.hotjar.com http://script.hotjar.com https://cm.g.doubleclick.net https://lh3.ggpht.com https://collector-9895.us.tvsquared.com https://lpcdn.lpsnmedia.net *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://www.instagram.com *.privacysandbox.googleadservices.com *.springserve.com https://js.gleam.io https://ib.adnxs.com https://jelly.mdhv.io https://s.amazon-adsystem.com https://dmp.truoptik.com https://ml314.com https://fault.rlets.com https://pix.cadent.tv https://jelly-v6.mdhv.io;style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com *.livechatinc.com *.youtube.com *.google.com http://www.instagram.com https://a.omappapi.com/app/js/api.min.css; connect-src 'self' https://heapanalytics.com https://api.omappapi.com https://www.google-analytics.com https://stats.g.doubleclick.net https://a.omappapi.com https://z.omappapi.com https://tn.alphonso.tv https://manager.eu.smartlook.cloud https://alpixtrack.com https://bat.bing.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud/cache https://www.googleadservices.com https://www.google.com.ph https://js.callrail.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net maps.googleapis.com https://apgb2b-reachcodeandproxy.gannettdigital.com https://*.rlets.com https://capture-api.reachlocalservices.com https://um.simpli.fi https://google.com https://collect.tealiumiq.com *.adroll.com https://analytics.google.com https://jelly-v6.mdhv.io; font-src 'self' https://heapanalytics.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com https://jelly-v6.mdhv.io; media-src 'self' *.livechatinc.com *.youtube.com *.google.com https://lpcdn.lpsnmedia.net https://jelly-v6.mdhv.io; object-src 'self' *.livechatinc.com *.youtube.com *.google.com https://jelly-v6.mdhv.io; child-src 'self' *.livechatinc.com *.youtube.com *.google.com https://jelly-v6.mdhv.io; frame-src 'self' 'unsafe-inline' https://insight.adsrvr.org https://bid.g.doubleclick.net https://d1eoo1tco6rr5e.cloudfront.net https://secure.livechatinc.com https://app.acuityscheduling.com https://www.google.com https://www.youtube.com https://vars.hotjar.com https://app.squarespacescheduling.com https://youtu.be https://lpcdn.lpsnmedia.net https://va-s.c.liveperson.net *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net https://gleam.io https://s.amazon-adsystem.com https://match.adsrvr.org https://live.chatmeter.com https://jelly-v6.mdhv.io; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/ https://www.google.com/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'self' 1
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src data: https: 'unsafe-eval' 'unsafe-inline' wss:; img-src * 'self' data: https:; object-src 'none'; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://www.google.com/recaptcha/ https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://js-agent.newrelic.com https://bam-cell.nr-data.net https://kit.fontawesome.com https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://use.fontawesome.com http://www.google-analytics.com https://code.jquery.com/jquery-2.2.0.min.js 1
img-src 'self' data: https://cdn.accmed.org https://www.accmed.org https://siti.accmed.org https://fad.accmed.org https://www.forumservice.net https://pbs.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://grasp.accmed.org; media-src 'self' data: https://cdn.accmed.org https://mediafad.accmed.org https://www.accmed.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siti.accmed.org https://www.accmed.org https://securityscorecard.com https://cdn.datatables.net/ https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://siti.accmed.org  https://www.accmed.org https://cdn.datatables.net/ https://ajax.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net/;object-src 'none';frame-ancestors 'self' https://*.accmed.org htts://hematologykeys.it; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.80scasualclassics.co.uk; base-uri 'self' 1
default-src 'self' data: http: https: p.typekit.net use.typekit.net www.google-analytics.com; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: *.test-web-pf.work; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
frame-ancestors 'self' *.klueber.com.cn *.thinglink.com https://klueber.matomo.cloud; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src http: https: blob: data:; font-src https: data:; object-src 'none'; connect-src https: wss://api.appcues.net; frame-src https: blob: data:; 1
frame-ancestors 'self' https://*.alpin.de; 1
default-src 'self' *.snpmarket.com snpmarket.com api.snp.market blob: data: wss: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://yandex.ru https://mc.yandex.ru https://admin.verbox.ru https://widget.apibcknd.com https://static.me-talk.ru https://yastatic.net http://yastatic.net https://chat.s3.yandex.net https://suggestions.dadata.ru https://widgets.2gis.com https://api-maps.yandex.ru https://www.gstatic.com https://profilepxl.ru https://cfv4.com https://acint.net https://manalyticshub.com https://pixel.hot-wifi.ru https://get4click.ru https://pixel.detmir.ru https://pxl.knam.pro https://fonts.googleapis.com https://me-talk.ru https://widget.me-talk.ru https://stats.g.doubleclick.net https://e-solution.pickpoint.ru https://core-renderer-tiles.maps.yandex.net https://pvzimage.cdek.ru https://captcha-api.yandex.ru 'unsafe-eval' 1
img-src 'self' *.crowdstreet.com https://cdn2.hubspot.net *.hubapi.com https://www.googletagmanger.com https://prod-thumbnails.investorportal.pictures *.hsstatic.net *.fs1.hubspotusercontent-na1.net *.hubspotusercontent00.net  *.no-cache.hubspot.com *.js.hsforms.net *.vidyard.com *.googleusercontent.com data: *.hsforms.com *.google.com *.hsappstatic.net https://t.co https://heapanalytics.com https://www.google-analytics.com   *.hubspot.com https://scontent.xx.fbcdn.net https://www.facebook.com https://www.google-analytics.com https://bat.bing.com/  *.linkedin.com *.twitter.com *.webp *.jpg *.jpeg *.png *.gif *.svg; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com *.fs1.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.hubspotusercontent00.net *.no-cache.hubspot.com *.fontawesome.com/; object-src 'none'; frame-src 'self' *.crowdstreet.com *.facebook.com https://www.youtube.com https://fast.wistia.com https://platform.linkedin.com https://www.linkedin.com  https://platform.twitter.com *.hubspot.com *.google.com *.hubapi.com *.vidyard.com *.hsforms.com *.hubspotvideo.com *.greenhouse.io;; upgrade-insecure-requests 1
default-src 'self' www.google-analytics.com www.facebook.com tr.lfeeder.com consentcdn.cookiebot.eu data:; style-src 'unsafe-inline' 'self'; frame-src 'self' player.vimeo.com *.cookiebot.eu; script-src 'self' 'unsafe-inline' www.google-analytics.com connect.facebook.net lftracker.leadfeeder.com *.cookiebot.eu; report-uri https://21torr.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.eu;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.eu;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.akamaihd.net *.g.doubleclick.net *.addthis.com *.feathr.co *.facebook.net v1.addthisedge.com *.linkedin.com *.licdn.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.wistia.com *.smugmug.com *.apple.com *.fireside.fm *.infogram.com *.youtube.com *.typekit.net *.olark.com *.litix.io *.connectedcommunity.org doublethedonation.com *.vimeo.com;  style-src 'self' 'unsafe-inline' *.olark.com doublethedonation.com; img-src 'self' data: *.adsymptotic.com *.google-analytics.com *.facebook.com *.linkedin.com *.typekit.net *.google.com *.g.doubleclick.net *.feathr.co *.wistia.com *.smugmug.com *.olark.com  *.cloudfront.net doublethedonation.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OTlmYTM4YWYzNjMyNGQ1MGFiMTIwM2E0MWIzYTYzMjg=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.regelhulp.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.regelhulp.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.regelhulp.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://aqr.lightning.force.com/ https://aqr.my.salesforce.com/ https://aqr--uat.lightning.force.com/ https://aqr--uat.cs42.my.salesforce.com/;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cmp.osano.com www.googletagmanager.com players.brightcove.net js-agent.newrelic.com pi.pardot.com www.google-analytics.com home.aqr.com www.google.com www.gstatic.com bam.nr-data.net manifest.prod.boltdns.net vjs.zencdn.net funds-staging.prd.aqrcapital.com *.aqr.com *.aqrcapital.dmz:14001; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-MTYxYmJkZjFlOWEyN2YyMA==' 'nonce-MGMwNGNiZTdjYjNmNzMxNw==' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://code.jquery.com/jquery-3.5.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' *.ivido.nl ivido.nl; 1
default-src 'self' data: ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: api.plezi.co *.linkedin.com www.google.com www.google.fr www.facebook.com ; frame-src 'self' https://www.youtube.com/  data: td.doubleclick.net ; script-src 'self' www.googletagmanager.com googleads.g.doubleclick.net snap.licdn.com www.google.com connect.facebook.net matomo.experts-comptables.org https://*.plezi.co px.ads.linkedin.com 'sha256-C34p1hzZPpoypdPXxKu+FU4eDWs4c78xuGNL0X0n3g0=' 'sha256-zavyfWr5kqvWdeTTIrlTxzH9/VPo9T7442u9l+zK48k=' 'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI=' 'sha256-HSqKTM0wkk/rIt4hOtZ1eTBNJ3HioqPaoz2iEmFvcZc=' 'sha256-sufKSTGkz0crOcA6GzdK9zzKywVSzl7yu57XJAnPC4E=' 'sha256-Yv/nXAj9ithogZZQnzyrhNoCW+ZyHlQs1rc95cr1OU4=' 'sha256-Qxs5k6wrUMyfEKhh0V3EEcpVPM5ZAfNOof1ecYIy7SU=' 'sha256-WiMTLiUL/XzLm2uMIJbXiDqELEYanrW8dE837WW199I=' 'sha256-o1t7/+fdHIXqwtTQGXxKlKOzzR1tgVQjCk9IQF0kn/8=' 'sha256-OBh43QisG5XcpCgTAZvF/s1S8IRa6Q7g4E6Hd2zlzUo=' 'sha256-uvn1zCrAjzY9hg4Sof8j5ekKdcuI78rmwxFBEYWMrbM=' 'sha256-HzEsIcpe2XaDHJPrqUrhJLtGNRHyOr6sqpaOaQpJXnM='; connect-src 'self' matomo.experts-comptables.org *.plezi.co px.ads.linkedin.com ; frame-ancestors 'self' https://admin.ecma-solutions.com; 1
frame-ancestors 'self' https://virtual-tours.msccruises.com/ 1
frame-ancestors 'self' https://*.zoocasa.com; 1
default-src 'self' vend-o.com *.vend-o.com vendoservices.com *.vendoservices.com cdn.vendocdn.com *.quicksight.aws.amazon.com d3ns5crcgwfodk.cloudfront.net d65e0wuog4vfl.cloudfront.net d2i4kumhnhdkf0.cloudfront.net d14k38g86f558b.cloudfront.net 'unsafe-inline' 'unsafe-eval' data: ajax.googleapis.com www.gstatic.com www.google-analytics.com region1.google-analytics.com www.googletagmanager.com www.google.com www.recaptcha.net; report-uri https://secure.vend-o.com/api/traffic-tracking/csp 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b77b34b07cd9c3c8aeeeaccce49642d4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.choosebrisbane.com.au *.beda.systems beda-choose.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live *.vercel.app pagecorrect.monsido.com stats.g.doubleclick.net sketchfab.com *.gstatic.com apps.sitecore.net connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.yimg.com *.linkedin.oribi.io airtable.com *.vercel-insights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.choosebrisbane.com.au *.beda.systems beda-choose.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live *.vercel.app app-script.monsido.com pagecorrect.monsido.com tracking.monsido.com script.crazyegg.com sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.airtable.com *.yimg.com *.ads-twitter.com secure.quantserve.com snap.licdn.com *.quantcount.com https://static.cloudflareinsights.com; img-src 'self' www.choosebrisbane.com.au *.beda.systems beda-choose.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live *.vercel.app pagecorrect.monsido.com tracking.monsido.com sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com www.google-analytics.com www.google.com.au googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com *.yahoo.com *.quantserve.com *.linkedin.com t.co *.twitter.com *.sojern.com *.doubleclick.net *.google.com.au data: *.zprk.io; style-src 'self' 'unsafe-inline' www.choosebrisbane.com.au *.beda.systems beda-choose.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live *.vercel.app pagecorrect.monsido.com sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com fonts.googleapis.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com; font-src 'self' 'unsafe-inline' www.choosebrisbane.com.au *.beda.systems beda-choose.vercel.app mc-c55e1dc3-7362-48d7-a479-6476-cm.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cm-staging.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd.azurewebsites.net mc-c55e1dc3-7362-48d7-a479-6476-cd-staging.azurewebsites.net *.brisbane.qld.au *.dev.local vercel.live *.vercel.app pagecorrect.monsido.com sketchfab.com *.gstatic.com connect.facebook.net www.facebook.com *.google.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.ytimg.com starling.crowdriff.com *.cloudfront.net *.cloudflarestream.com *.atdw-online.com.au *.podio.com; upgrade-insecure-requests; block-all-mixed-content;frame-ancestors 'self'; 1
default-src 'self';script-src 'self' vimeo.com snap.licdn.com www.google.com www.gstatic.com tools.euroland.com region1.analytics.google.com script.hotjar.com www.vimeo.com st-eu.dynamicyield.com cdn-eu.dynamicyield.com www.googletagmanager.com cookiehub.net www.google-analytics.com static.hotjar.com cdn.pardot.com pi.pardot.com info.marel.com www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com js.monitor.azure.com widget.datablocks.se rcom-eu.dynamicyield.com 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn-eu.dynamicyield.com use.typekit.net p.typekit.net cookiehub.net www.youtube.com 'unsafe-inline';connect-src 'self' cdn-eu.dynamicyield.com px-eu.dynamicyield.com cdn.linkedin.oribi.io adm.dynamicyield.eu region1.google-analytics.com region1.analytics.google.com consent.cookiehub.net st-eu.dynamicyield.com async-px-eu.dynamicyield.com/ www.google-analytics.com analytics.google.com stats.g.doubleclick.net www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com westeurope-5.in.applicationinsights.azure.com widget.datablocks.se vc.hotjar.io rcom-eu.dynamicyield.com;font-src 'self' use.typekit.net www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com;img-src 'self' data: www.google.nl px.ads.linkedin.com www.google.dk i.vimeocdn.com dashboard.umbraco.com www.google.com www.google.com.ph www.google-analytics.com www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com;frame-ancestors 'self';frame-src 'self' www.slideshare.net www.google.com/ tools.eurolandir.com/ info.marel.com player.vimeo.com/ www.youtube.com/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com 1
frame-ancestors 'self' platform.dev.bolero.be platform.acc.bolero.be platform.bolero.be 1
frame-ancestors 'self'; form-action 'self'; base-uri https://optimize.google.com; object-src 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-src *.google.com; script-src 'self' 'nonce-zS56DC9M4uRSGBT4JcpF' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.magicmovies.com/csp-reports; report-to csp-endpoint 1
img-src 'self' data: bblunt.com bblunt-com.honasa-dev.net *.bblunt.com *.mamaearth.in  *.imgix.net images.ctfassets.net honasa-bblunt-prod-images.s3.ap-south-1.amazonaws.com honasa-bblunt-images-nonprod.s3.ap-south-1.amazonaws.com honasa-ucr-be.honasa-production.net www.google-analytics.com www.google.com www.google.co.in www.googleadservices.com www.googleanalytics.com www.facebook.com connect.facebook.net www.googletagmanager.com googleads.g.doubleclick.net *.g2afse.com image.moengage.com track.bblunt.com ik.imagekit.io moe-email-campaigns.s3.amazonaws.com neo.labournet.in labournet.s3.amazonaws.com honasa-strapi-production.s3.ap-south-1.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bblunt.com cdn.moengage.com *.razorpay.com www.google.com www.google.co.in www.google-analytics.com www.googleoptimize.com www.googletagmanager.com www.googleadservices.com www.googleanalytics.com *.google.com googleads.g.doubleclick.net connect.facebook.net instagram.com *.twitter.com *.snapchat.com sc-static.net *.hotjar.com cdn.rudderlabs.com stackpath.bootstrapcdn.com www.facebook.com data.easyinsights.in *.g2afse.com appspot.com app.limechat.ai semrush.com yandex.com bing.com yahoo.com msn.com ahrefs.com track.bblunt.com linksg.bblunt.com;worker-src 'self' blob: cdn.moengage.com stackpath.bootstrapcdn.com ; 1
frame-ancestors apps.mypurecloud.com lumisfera.com.br 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://assets.panascais.net https://s.ytimg.com https://www.youtube.com https://vimeo.com https://player.vimeo.com; style-src https://assets.panascais.net 'unsafe-inline'; img-src 'self' https://static.panascais.net https://images.panascais.net https://videos.panascais.net https://i.ytimg.com https://img.youtube.com https://i.vimeocdn.com data: blob:; font-src https://static.panascais.net; connect-src 'self' https://static.panascais.net https://assets.panascais.net https://images.panascais.net https://noembed.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://api.mapbox.com https://events.mapbox.com; media-src https://static.panascais.net https://videos.panascais.net; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com blob:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com; manifest-src 'self'; object-src 'none'; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; report-uri https://panascais.net/api/report/content-security-policy; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com/ https://bat.bing.com/ https://connect.facebook.net https://extreme-ip-lookup.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com https://snap.licdn.com/ https://cdn.leadinfo.net/ https://conversation24.com/ https://app.conversation24.com https://assets.calendly.com/ ;style-src 'self' https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://app.conversation24.com/ https://conversation24.com/ 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-0MC35p+eS0qvYUz6lHA9LnfYiLiKhfTOglWIPjH5D8w=' 'sha256-L5DLWp2f/RbEn4+58sBv8v0AoWr/Jg5gF4/EEwtZtdY=' 'sha256-mSJIAeFnfqW/UWDO6UhZjEKXhhUtWUjOztT2lQiSADw=' 'sha256-ArOAFpVzuBU52wB0c4fOm7cuyzDB99J9GCn7NKnVqDE=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-5/uu3/QMWiAr/Uk2RgWRMr2U82Rkn004WlaazXlovWc=' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-bi4kO7E36RGgl61YkoTf4e7SSnesiZE6/sKSg4iImoM=' ; img-src data: 'self' https://www.facebook.com/ https://bat.bing.com/ https://app.conversation24.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://www.google.de/ https://www.google.nl/ https://www.google.com/ https://www.google.co.uk/ https://www.google.fr/ https://www.google.es/ https://conversation24.com/ https://c24-production-public-files-20210824142345471300000001.s3.eu-central-1.amazonaws.com/ https://googleads.g.doubleclick.net/ ; font-src data: 'self' https://fonts.gstatic.com/ https://app.conversation24.com/ https://assets.calendly.com/ ; media-src 'self' https://app.conversation24.com/ ; connect-src 'self' https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://collector.leadinfo.net/ https://api.leadinfo.com/ https://app.conversation24.com/ https://extreme-ip-lookup.com/ wss://app.conversation24.com/ ; frame-src https://www.facebook.com/ https://www.google.com/ https://conversation24.com/ https://conversation24.de/ https://conversation24.fr/ https://conversation24.es/ https://conversation24.nl/ https://www.youtube.com/ https://calendly.com/ ; 1
default-src 'self' https://api-gateway.mappedin.com https://vars.hotjar.com https://www.youtube.com https://www.youtube.com/iframe_api https://connect.facebook.net/ https://bid.g.doubleclick.net https://www.facebook.com *.fbcdn.net https://tag.yieldoptimizer.com https://curatorio.s3.amazonaws.com *.pagespeed-mod.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com; connect-src 'self' blob: *.crazyegg.com *.doubleclick.net *.google.co.uk *.mappedin.com https://d3j72de684fey1.cloudfront.net https://sentry.io *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com https://static.hotjar.com https://stats.g.doubleclick.net https://connect.facebook.ne https://script.hotjar.com https://connect.facebook.net https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://cdn.ampproject.org https://secure.leadforensics.com https://static.ads-twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://analytics.twitter.com https://adadvisor.net https://js.hs-scripts.com https://js.hs-analytics.net https://bat.bing.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.curator.io http://api.curator.io https://static.zdassets.com https://ekr.zdassets.com https://related.zendesk.com wss://widget-mediator.zopim.com https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com *.cookielaw.org *.quantserve.com *.quantcount.com https://bam-cell.nr-data.net *.tiktok.com *.teads.tv *.onetrust.com https://api.curator.io; font-src 'self' data: *.google.co.uk https://tagmanager.google.com *.facebook.com https://fonts.gstatic.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com https://cdn.curator.io; frame-src 'self' *.crazyegg.com *.webdamdb.com *.doubleclick.net https://www.youtube.com https://player.vimeo.com https://twitter.com https://www.dailymotion.com https://www.facebook.com https://insight.adsrvr.org *.google.com; img-src 'self' data: *.crazyegg.com *.google.co.uk *.quantserve.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com https://static.hotjar.com https://stats.g.doubleclick.net https://connect.facebook.ne https://script.hotjar.com https://connect.facebook.net https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://cdn.ampproject.org https://secure.leadforensics.com https://static.ads-twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://analytics.twitter.com https://adadvisor.net https://js.hs-scripts.com https://js.hs-analytics.net https://bat.bing.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://d3j72de684fey1.cloudfront.net https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v15.1.0/ https://cdn2.webdamdb.com https://www.instagram.com https://scontent.xx.fbcdn.net https://cdn.curator.io *.cdninstagram.com https://cdn.jsdelivr.net *.fbcdn.net https://curatorio.s3.amazonaws.com *.curator.io https://v2assets.zopim.io https://static.zdassets.com *.doubleclick.net https://match.adsrvr.org https://idsync.rlcdn.com *.adaraanalytics.com *.demdex.net https://beacon.krxd.net *.cookielaw.org *.yieldoptimizer.com *.turn.com *.googleusercontent.com https://cdn.cookielaw.org *.teads.tv *.ctnsnet.com *.curator-assets.b-cdn.net https://curator-assets.b-cdn.net *.atdmt.com *.youtube.com *.adnxs.com https://cms.analytics.yahoo.com *.sojern.com *.qccerttest.com *.google.nl; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.crazyegg.com *.doubleclick.net *.google.co.uk *.quantcount.com tagmanager.google.com *.quantserve.com https://api-gateway.mappedin.com https://d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com https://static.hotjar.com https://stats.g.doubleclick.net https://connect.facebook.ne https://script.hotjar.com https://connect.facebook.net https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://cdn.ampproject.org https://secure.leadforensics.com https://static.ads-twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://analytics.twitter.com https://adadvisor.net https://js.hs-scripts.com https://js.hs-analytics.net https://bat.bing.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.curator.io https://cdn.jsdelivr.net https://tag.yieldoptimizer.com https://cdn.rawgit.com *.pagespeed-mod.com https://ekr.zdassets.com https://static.zdassets.com https://widget-mediator.zopim.com *.curator.io https://*.zendesk.com wss://*.zendesk.com wss://*.zopim.com *.cookielaw.org *.onetrust.com *.teads.tv https://js.adsrvr.org/up_loader.1.1.0.js https://bam-cell.nr-data.net *.sojern.com blob: *.tiktok.com *.googleoptimize.com *.adnxs.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.crazyegg.com *.doubleclick.net *.google.co.uk https://tagmanager.google.com *.googleapis.com *.bootstrapcdn.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com *.curator.io *.googletagmanager.com *.googleoptimize.com *.google.com *.kdanmobile.com https://unpkg.com; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self' 1
default-src *; font-src *;img-src * data:; script-src 'unsafe-inline' https://api.ipify.org https://www.google-analytics.com https://stats.g.doubleclick.net *; style-src 'unsafe-inline' *; 1
default-src 'self';                                                     frame-src 'self' https://*.bernstein.com/ https://www.facebook.com/ https://prezi-nocookies.com/ https://*.acml.com/ https://players.brightcove.net/ https://html5-player.libsyn.com/ https://alliancebernstein.demdex.net/ https://www.alliancebernstein.com/ https://*.glance.net;                                                      frame-ancestors 'self' https://alliancebernstein.demdex.net/ https://*.acml.com https://*.bernstein.com/;                                                     script-src  'self' https://*.bernstein.com https://*.acml.com/ https://www.google-analytics.com/ https://*.prezicdn.net/ https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://cdn.pardot.com/ https://pi.pardot.com/ https://players.brightcove.net/ https://vjs.zencdn.net/ https://*.glance.net https://*.glancecdn.net 'unsafe-inline';                                                      img-src 'self' https://*.glance.net https://*.glancecdn.net data: blob: *;                                                      worker-src blob:;                                                      font-src 'self' https://fonts.gstatic.com/ https://*.glance.net https://*.glancecdn.net data:;                                                      style-src 'self' https://fonts.googleapis.com/ https://*.glance.net https://*.glancecdn.net 'unsafe-inline';                                                      connect-src 'self' https://alliancebernstein.122.2o7.net/ https://www.google-analytics.com/ https://cdn.linkedin.oribi.io https://dpm.demdex.net/ https://alliancebernstein.tt.omtrdc.net/  https://cdn.cookielaw.org/ https://edge.api.brightcove.com https://dpm.demdex.net/ https://manifest.prod.boltdns.net/ https://*.akamaihd.net/media/ wss://*.glance.net  https://*.glance.net https://*.glancecdn.net https://px.ads.linkedin.com/;                                                      media-src 'self' https://manifest.prod.boltdns.net/ https://*.akamaihd.net/media/ blob:; 1
connect-src 'self' ws: wss: https://cdn.contentful.com https://preview.contentful.com https://stats.g.doubleclick.net https://assets.ctfassets.net https://analytics.google.com https://www.google-analytics.com moreways-lower.loblaw.digital moreways-preprd.loblaw.digital moreways-upper.loblaw.digital https://mwtb-search-service-lower.loblaw.digital https://mwtb-search-service-preprd.loblaw.digital https://mwtb-search-service-upper.loblaw.digital morewaystobenefit.ca www.morewaystobenefit.ca https://www.morewaystobenefit.ca http://www.morewaystobenefit.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca; default-src 'self'; img-src 'self' data: https://ade.googlesyndication.com https://ad.doubleclick.net www.googletagmanager.com https://dis-prod.assetful.loblaw.ca http://images.ctfassets.net https://images.ctfassets.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google.ca https://www.google.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca; font-src 'self' https://s1.q4cdn.com https://loblaw2015.q4web.com https://global.oktacdn.com https://assets.beautyboutique.ca https://fonts.gstatic.com https://api2.fonts.com data:; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s7d1.scene7.com https://www.googletagmanager.com/ https://www.google-analytics.com https://dis-prod.assetful.loblaw.ca data:; frame-src 'self' 'unsafe-inline' blob: data:; 1
default-src 'self'; connect-src 'self' *.readspeaker.com *.google-analytics.com stats.g.doubleclick.net *.googleapis.com; font-src 'self' *.gstatic.com data: cdn.jsdelivr.net; frame-src 'self' *.google.com menafn.com *.youtube-nocookie.com *.true-markets.net *.youtube.com; img-src 'self' data: *.google-analytics.com *.readspeaker.com *.gstatic.com *.google.com *.googleapis.com i.ytimg.com *.google.jo *.facebook.com; manifest-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.readspeaker.com *.jsdelivr.net *.facebook.net *.youtube.com ; style-src 'self' 'unsafe-inline' *.googleapis.com *.readspeaker.com *.jsdelivr.net ; media-src 'self'; form-action 'self'  *.com/search/; worker-src 'self'; child-src 'self'; frame-ancestors 'self' 1
child-src mycabi.my.salesforce.com *.cabiclio.com www.cabionline.com 1
default-src 'self' *.e-lens.com.br *.eotica.com.br *.eotica.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.surveymonkey.com *.cloudflare.com *.akamaihd.net luxdeepblue.github.io *.luxottica.com *.virtooal.com *.g.doubleclick.net *.google-analytics.com *.creativecdn.com *.criteo.com *.criteo.net *.voxus.com.br api.octadesk.services hits-banner-cloud-function.azurewebsites.net *.konduto.com *.getblue.io *.voxus.tv *.zenaps.com *.google.com *.ipify.org *.loggly.com *.adyen.com *.youtube.com *.sciencebehindecommerce.com *.facebook.com *.reclameaqui.com.br onesignal.com *.etagdigital.com.br *.amazonaws.com; img-src 'self' *.e-lens.com.br *.eotica.com.br *.eotica.net *.cloudflare.com *.google.it *.adform.net beacon.krxd.net *.thebrighttag.com *.akamaihd.net *.tapad.com *.tpmn.co.kr *.mediawallahscript.com *.stickyadstv.com *.postrelease.com *.agkn.com *.narrative.io *.placeholder.com *.google-analytics.com *.doubleclick.net *.google.com.br *.cloudfunctions.net smartbmc.com.br t.co *.twitter.com *.bing.com *.google.com *.facebook.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.yieldlab.net *.socdm.com *.omnitagjs.com *.criteo.com *.ivitrack.com *.liadm.com *.revcontent.com *.ad.smaato.net *.tremorhub.com *.clmbtech.com *.ads.yieldmo.com *.facebook.com *.bing.com redirect.allin.com.br tags.bluekai.com dpm.demdex.net *.ebitempresa.com.br *.adyen.com *.ebit.com.br *.awin1.com *.googletagmanager.com match.adsrvr.org ws.rqtrk.eu px.ads.linkedin.com *.e-lens.com.br *.zenaps.com *.magento.com *.collect.igodigital.com *.amazonaws.com *.filepicker.io idsync.rlcdn.com data: ; style-src 'unsafe-inline' *.e-lens.com.br *.eotica.com.br *.eotica.net *.cloudflare.com *.akamaihd.net *.adyen.com *.virtooal.com smartbmc.com.br t.co *.twitter.com *.bing.com *.google.com *.facebook.com *.ebit.com.br *.googleapis.com *.amazonaws.com onesignal.com; script-src 'unsafe-eval' *.e-lens.com.br *.hotjar.com *.eotica.com.br *.eotica.net *.cloudflare.com *.akamaihd.net *.googletagmanager.com *.jsdelivr.net *.virtooal.com *.github.io *.luxottica.com *.adyen.com *.ebit.com.br *.google-analytics.com nxtck.com *.googleadservices.com *.ads-twitter.com *.dwin1.com *.mouseflow.com *.bing.com *.google.com *.criteo.net *.k-analytix.com *.voxus.com.br *.app-us1.com *.facebook.net proxydata.com.br *.onesignal.com *.getblue.io *.g.doubleclick.net *.criteo.com *.voxus.com.br onesignal.com *.googleoptimize.com *.amazonaws.com *.collect.igodigital.com; font-src 'self' *.gstatic.com *.virtooal.com *.cloudflare.com *.zenaps.com; script-src-elem 'unsafe-inline' *.e-lens.com.br *.eotica.com.br *.eotica.net *.etagdigital.com.br *.cloudflare.com *.hotjar.com *.akamaihd.net *.googletagmanager.com *.jsdelivr.net *.virtooal.com *.github.io *.luxottica.com *.adyen.com *.ebit.com.br *.google-analytics.com nxtck.com *.googleadservices.com *.ads-twitter.com *.dwin1.com *.mouseflow.com *.bing.com *.google.com *.criteo.net *.k-analytix.com *.voxus.com.br *.app-us1.com *.facebook.net proxydata.com.br *.onesignal.com *.getblue.io *.g.doubleclick.net *.criteo.com *.voxus.com.br onesignal.com *.cloudfront.net *.sciencebehindecommerce.com *.zenaps.com *.surveymonkey.com *.googlesyndication.com *.googleoptimize.com *.amazonaws.com *.collect.igodigital.com 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https: *.ometria.com; frame-ancestors 'self' www.youtube.com; img-src 'self' data: https: http://*.trustarc.com https://fonts.gstatic.com https://www.google.com https://www.googletagmanager.com https://directus.filorga-us.colpal.cloud https://directus.dev-filorga-us.colpal.cloud https://*.shopify.com https://*.yotpo.com https://tvspix.com http://trk.ometria.localhost https://d3g420rgevyqxw.cloudfront.net https://cdn.automat-ai.com https://static.ordergroove.com https://shopify.privy.com https://d18eg7dreypte5.cloudfront.net https://*.afterpay.com; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' *.trustarc.com; upgrade-insecure-requests 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
default-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com fonts.googleapis.com;  font-src 'self' fonts.gstatic.com; script-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com 'sha256-TSHJdrewuAaYe3Td3BmmZzmWBauNsfLc3VuVK9zayzA=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-xJqrQIwtnysUoiC7tVDUVKultWRyUhJNB4/72KBQmag=' ; object-src 'self'; form-action 'none'; report-to /csp-violation-report-endpoint/ 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-b/C1DUxQf1Mps6WBsw2owQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' absencetracker.com *.absencetracker.com ; 1
base-uri 'none'; object-src 'none'; report-uri https://bandcamp.com/api/cspreport/1/violation; script-src http: https: 'nonce-ZmyaoEtnbB4rmIFQIp3Ecw==' 'report-sample' 'strict-dynamic' 1
default-src 'self' *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com ; connect-src *; font-src *; frame-src 'self' *.google.com *.livechatinc.com cdn.livechat-static.com *.doubleclick.net *.hotjar.com *.youtube.com *.facebook.com ; img-src * data:; media-src *; object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackcmp.net/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com *.doubleclick.net *.hotjar.com *.livechatinc.com https://cdn.livechatinc.com/ https://code.highcharts.com/ https://www.googleadservices.com/ https://connect.facebook.net https://www.facebook.com/ https://js.recurly.com/v4/recurly.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/analytics.js ; style-src * 'unsafe-inline' ; frame-ancestors 'self' https://senokoenergy.activehosted.com https://www.activecampaign.com ; 1
frame-ancestors 'self' *.dimelochat.com *.engagement.dimelo.com www.wepowerconnections.com 1
block-all-mixed-content; frame-ancestors *.martinello.com.br 1
frame-ancestors 'self' http://www.spillespill.no 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com www.paypalobjects.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://0merchantacsstag.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.bird.eu *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net *.cdninstagram.com *.instagram.com meetanshi.com black.bird.eu criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com beacon.krxd.net e1.emxdgt.com exchange.mediavine.com id5-sync.com jadserve.postrelease.com matching.ivitrack.com s.thebrighttag.com visitor.omnitagjs.com bat.bing.com c.clarity.ms events.smct.co imgsct.cookiebot.com https://c.bing.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com s7.addthis.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net static.zdassets.com *.newrelic.com *.nr-data.net *.cookiebot.com https://connect.facebook.net www.dwin1.com bat.bing.com static.hotjar.com analytics.tiktok.com smct.co script.hotjar.com js.smct.co www.clarity.ms www.google.it http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://www.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com ekr.zdassets.com/ *.yamamotonutrition.com yamamotonutrition.zendesk.com zendesk-eu.my.sentry.io invitejs.trustpilot.com *.newrelic.com *.nr-data.net measurement-api.criteo.com *.analytics.google.com www.google.it consentcdn.cookiebot.com js.smct.io js.smct.co analytics.tiktok.com z.clarity.ms ws.hotjar.com content.hotjar.io analytics.pangle-ads.com rest.iafnetwork.com metrics.hotjar.io w.clarity.ms wss://ws.hotjar.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://persiansmastodon.com; img-src 'self' https: data: blob: https://persiansmastodon.com; style-src 'self' https://persiansmastodon.com 'nonce-TKWZxg7hJ5vePb3MgKBMaA=='; media-src 'self' https: data: https://persiansmastodon.com; frame-src 'self' https:; manifest-src 'self' https://persiansmastodon.com; form-action 'self'; child-src 'self' blob: https://persiansmastodon.com; worker-src 'self' blob: https://persiansmastodon.com; connect-src 'self' data: blob: https://persiansmastodon.com https://s3-us-west-2.amazonaws.com wss://persiansmastodon.com; script-src 'self' https://persiansmastodon.com 'wasm-unsafe-eval' 1
default-src 'self' https://*.hr4you.de https://*.livezilla.net https://secure.gravatar.com https://firehose.us-west-2.amazonaws.com https://yoast.com https://www.google.de https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tag.manager.google.com/ https://www.googletagmanager.com/ https://stats.hr4you.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hr4you.de https://www.google.de https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tag.manager.google.com/ https://www.googletagmanager.com/ https://stats.hr4you.de/; img-src 'self' 'unsafe-inline' https://*.hr4you.de https://www.google.de https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com/ https://stats.hr4you.de/; style-src 'self' 'unsafe-inline' https://*.hr4you.de https://www.google.de https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tag.manager.google.com/ https://www.googletagmanager.com/; font-src 'self' https://*.hr4you.de https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.hr4you.de https://start.livezilla.net; object-src 'none' 1
default-src 'self'; base-uri 'self'; connect-src 'self' https://api-prod.omnivore.app https://proxy-prod.omnivore-image-cache.app https://accounts.google.com https://proxy-demo.omnivore-image-cache.app https://storage.googleapis.com https://api.segment.io https://cdn.segment.com https://widget.intercom.io https://api-iam.intercom.io https://static.intercomassets.com https://downloads.intercomcdn.com https://platform.twitter.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://tools.applemediaservices.com; font-src 'self' data: https://cdn.jsdelivr.net https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action 'self' https://api-prod.omnivore.app https://getpocket.com/auth/authorize https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-ancestors 'none'; frame-src 'self' https://accounts.google.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.segment.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: https:; worker-src 'self' blob:; media-src https://js.intercomcdn.com; 1
upgrade-insecure-requests; frame-ancestors 'self' www1.danielfootwear.com www1.danielfootwear.com; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://tagging.engie.it https://sslwidget.criteo.com https://dynamic.criteo.com https://c1.rfihub.net https://js-tag.zemanta.com https://ads-engagement.presage.io https://pixel.quantcount.com https://apps.mypurecloud.ie https://wave.outbrain.com https://tr.outbrain.com https://p.teads.tv https://amplify.outbrain.com https://snap.licdn.com https://analytics.tiktok.com https://acsbapp.com https://www.gstatic.com https://ad.doubleclick.net https://www.googletagservices.com https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.onetrust.com https://connect.facebook.net https://js-agent.newrelic.com https://in.hotjar.com https://vvars.hotjar.com https://script.hotjar.com https://static.hotjar.com https://bam.nr-data.net https://www.google.it https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://s.ytimg.com https://cdnjs.cloudflare.com https://www.youtube.com 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://ace.accessibe.com https://accessibe.com https://acsbace.com; frame-src 'self' https://*.rfihub.com https://gum.criteo.com https://fledge.eu.criteo.com https://p.teads.tv https://fledge.teads.tv https://td.doubleclick.net https://apps.mypurecloud.ie https://www.google.com https://*.fls.doubleclick.net https://vars.hotjar.com https://www.youtube.com https://www.youtube-nocookie.com; form-action 'self'; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://acsbapp.com https://use.fontawesome.com https://fonts.gstatic.com; img-src 'self' data: https://p1.zemanta.com https://cm.teads.tv https://ad.doubleclick.net https://ads-engagement.presage.io https://px4.ads.linkedin.com https://connect.facebook.net https://t.teads.tv https://l.teads.tv https://tr.outbrain.com https://ad.360yield.com https://cdn.acsbapp.com https://www.linkedin.com https://px.ads.linkedin.com https://web1.acsbapp.com https://cm.g.doubleclick.net https://cdn.cookielaw.org  https://*.fls.doubleclick.net https://www.facebook.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.it https://www.google.com https://www.googletagmanager.com https://i.ytimg.com https://d3ckdismoppnvt.cloudfront.net https://d3evrc0h48esvv.cloudfront.net https://googleads4.g.doubleclick.net; connect-src 'self' https://tagging.engie.it https://px.ads.linkedin.com https://measurement-api.criteo.com https://accesswidget-log-receiver.acsbapp.com https://process.acsbapp.com https://fileupload.mypurecloud.ie wss://webmessaging.mypurecloud.ie https://pagead2.googlesyndication.com https://tr.outbrain.com https://api-cdn.mypurecloud.ie https://pixel.quantcount.com https://t.teads.tv https://cm.teads.tv https://acsbapp.com https://jobs.engie.com https://capigateway.alkemy.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io https://web1.acsbapp.com https://cdn.acsbapp.com https://region1.google-analytics.com https://googleads4.g.doubleclick.net https://facebook-capi.engie.it https://cdn.cookielaw.org https://*.onetrust.com https://stats.g.doubleclick.net https://in.hotjar.com https://www.google-analytics.com https://portali-apg.prod.aws.engie.it https://ljucv4r4qc.execute-api.eu-west-1.amazonaws.com https://vc.hotjar.io https://casa.engie.it https://d70ggs2qfh.execute-api.eu-west-1.amazonaws.com https://avq1svu6n6.execute-api.eu-west-1.amazonaws.com *.algolia.net *.algolianet.com; media-src 'self' https://www.youtube.com https://d3ckdismoppnvt.cloudfront.net https://d3evrc0h48esvv.cloudfront.net 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-0960b62fd52817346ded3c09264b6f2e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'unsafe-inline' 'unsafe-eval' https: data:; object-src 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 1
frame-ancestors 'self' *.moneyam.com *.ajbell.co.uk *.ajbbuild.uk; 1
frame-ancestors 'self' https://*.papayaglobal.com https://papayaglobal.com https://*.kb.papayaglobal.com; 1
block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self' https://myconnect.bhhscalifornia.com; 1
default-src 'none'; form-action 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://vimeo.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ampcid.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.stape.io https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://*.vimeocdn.com https://*.googleapis.com https://maps.google.com https://maps.gstatic.com https://www.gstatic.com https://*.ggpht.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://www.facebook.com; frame-src https://consentcdn.cookiebot.com https://vimeo.com https://*.vimeo.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://maps.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src https://vimeo.com https://*.vimeo.com 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=noizz.hu::noizz_HU-master-1.0.4 1
frame-ancestors https://*.targethunter.ru http://webvisor.com 1
frame-ancestors 'self' https://www.lamonasafetynotice.co.uk; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-5d1e385621dbcbba209efb7d6551395d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' infoblox.okta.com *.oktacdn.com; connect-src 'self' infoblox.okta.com infoblox-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com infoblox.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' infoblox.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' infoblox.okta.com *.oktacdn.com; frame-src 'self' infoblox.okta.com infoblox-admin.okta.com login.okta.com com-okta-authenticator: api-76e5adb9.duosecurity.com; img-src 'self' infoblox.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' infoblox.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.legitscript.com www.youtube.com static.hotjar.com script.hotjar.com *.ctctcdn.com *.usekzn.com *.consensu.org *.adroll.com prism.app-us1.com *.callrail.com adcsxamplifier.activehosted.com maps.googleapis.com d3rxaij56vjege.cloudfront.net home-c33.nice-incontact.com *.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.cloudflare.com *.cookiebot.com code.jquery.com cdn.jsdelivr.net nominatim.openstreetmap.org; style-src 'self' 'unsafe-inline' *.ctctcdn.com *.googleapis.com *.cloudflare.com *.google.com cdn.jsdelivr.net *.typekit.net;font-src 'self' data: 'unsafe-inline' *.gstatic.com *.typekit.net cdnjs.cloudflare.com; img-src 'self' * data: *.googletagmanager.com; frame-src 'self' home-c33.nice-incontact.com upnorthlive.com www.practicematch.com vars.hotjar.com *.facebook.com *.usekzn.com *.office.com *.doubleclick.net *.vimeo.com *.youtube.com *.cookiebot.com *.gstatic.com *.google.com; form-action 'self' *.facebook.com *.facebook.net; base-uri 'self'; connect-src 'self' *.constantcontact.com *.googlesyndication.com *.google.com *.ctctcdn.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.usekzn.com *.adroll.com *.callrail.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.hubspot.com maps.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://ssl.google-analytics.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net https://tagmanager.google.com/ https://fonts.googleapis.com/ web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://dec.azureedge.net https://useast2devbrandsites.blob.core.windows.net https://useast2qabrandsites.blob.core.windows.net https://useast2prodbrandsites.blob.core.windows.net https://sqlvagrdwjlmsmgrf4.blob.core.windows.net https://sqlvauegg2ud2m3rds.blob.core.windows.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://ssl.gstatic.com/ https://www.gstatic.com/ https://*.google-analytics.com/ https://*.g.doubleclick.net https://*.analytics.google.com https://*.google.com *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com/; frame-src 'self' self https://www.youtube.com/ web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.googletagmanager.com https://*.dec.sitefinity.com *.mktoresp.com https://*.google-analytics.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.google.bg/ https://maps.googleapis.com/ https://*.analytics.google.com https://*.google.com *.google-analytics.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
frame-ancestors 'self' https://cttnet.cybozu.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com *.googletagmanager.com https://static.addtoany.com https://graph.facebook.com; style-src 'self' 'unsafe-inline' ; 1
script-src self 1
default-src 'none'; script-src 'self' 'unsafe-eval' data: solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net solarvic.force.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au *.openforms.com www.googleoptimize.com optimize.google.com www.google.com *.googleadservices.com; style-src 'self' 'unsafe-inline' solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au fonts.googleapis.com tagmanager.google.com *.openforms.com optimize.google.com drwgdblqzrfiz.cloudfront.net; img-src 'self' data: solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com www.google.com.au www.facebook.com i.ytimg.com www.google.co.uk www.google.com.bd www.googletagmanager.com www.google.co.in www.google.co.th www.google.com.ph www.google.co.nz www.google.ie secure.adnxs.com au-gmtdmp.mookie1.com optimize.google.com drwgdblqzrfiz.cloudfront.net; font-src 'self' data: solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au fonts.gstatic.com script.hotjar.com; frame-src 'self' solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.soundcloud.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com public.tableau.com www.facebook.com *.vic.gov.au *.openforms.com *.doubleclick.net optimize.google.com; manifest-src 'self'; connect-src 'self' solar.vic.gov.au content.solar.vic.gov.au *.content.solar.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sdp.vic.gov.au api.ipify.org solarvic.force.com *.solarvic.force.com drwgdblqzrfiz.cloudfront.net *.doubleclick.net www.facebook.com www.google-analytics.com analytics.google.com solarvic.my.site.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests ; font-src data:; worker-src blob:; img-src data: https: https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/; report-uri /x-csp-reports/; report-to csp-endpoint; frame-src https://cloud9-assets.development-workspace.amazonaws.com/ https://www.youtube-nocookie.com https://aws.demdex.net https://dpm.demdex.net; style-src 'unsafe-inline' https://d3o2ymk2y0f5eh.cloudfront.net; connect-src https://codecatalyst.aws https://public.console.codecatalyst.aws/graphql https://pj7agc663g.execute-api.us-west-2.amazonaws.com/prod https://lryd6x1u7g.execute-api.us-west-2.amazonaws.com/prod/ https://global.help-panel.docs.aws.a2z.com https://prod.log.shortbread.aws.dev/1x1.png https://prod.tools.shortbread.aws.dev/1x1.png https://data.pendo.io https://participant.connect.us-east-1.amazonaws.com wss://tufsuyburufn.transport.connect.us-east-1.amazonaws.com https://public.console.codecatalyst.aws/v1/ https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://vs.aws.amazon.com https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js; script-src https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js https://d3o2ymk2y0f5eh.cloudfront.net, base-uri 'none'; default-src 'none'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests ; font-src data:; worker-src blob:; img-src data: https: https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/; report-uri /x-csp-reports/; report-to csp-endpoint; frame-src https://cloud9-assets.development-workspace.amazonaws.com/ https://www.youtube-nocookie.com https://aws.demdex.net https://dpm.demdex.net; style-src 'unsafe-inline' https://d3o2ymk2y0f5eh.cloudfront.net; connect-src https://codecatalyst.aws https://public.console.codecatalyst.aws/graphql https://pj7agc663g.execute-api.us-west-2.amazonaws.com/prod https://lryd6x1u7g.execute-api.us-west-2.amazonaws.com/prod/ https://global.help-panel.docs.aws.a2z.com https://prod.log.shortbread.aws.dev/1x1.png https://prod.tools.shortbread.aws.dev/1x1.png https://data.pendo.io https://participant.connect.us-east-1.amazonaws.com wss://tufsuyburufn.transport.connect.us-east-1.amazonaws.com https://public.console.codecatalyst.aws/v1/ https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://vs.aws.amazon.com https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js; script-src https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js https://d3o2ymk2y0f5eh.cloudfront.net 'nonce-TsY8TSjLCeBSnwPkoWakaw==' 'strict-dynamic' https://d3o2ymk2y0f5eh.cloudfront.net/ 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
script-src 'unsafe-eval' 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com stats.g.doubleclick.net maps.googleapis.com; img-src 'self' www.google-analytics.com maps.gstatic.com maps.googleapis.com data: stats.g.doubleclick.net; 1
upgrade-insecure-requests; frame-ancestors 'none'; script-src blob: 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.googleadservices.com https://careers-kemin.icims.com https://maps.googleapis.com https://www.googleoptimize.com https://www.clarity.ms https://assets.adobedtm.com https://embed.typeform.com https://mc.yandex.ru https://js.usemessages.com https://code.jquery.com https://cdn.jsdelivr.net *.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://forms.hsforms.com https://hsforms.com *.g.doubleclick.net *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com https://keminindustries.sc.omtrdc.net *.typekit.net *.sitescout.com *.cloud.coveo.com https://s7d2.scene7.com https://fast.wistia.net  https://fast.wistia.com  *.licdn.com https://stats.g.doubleclick.net https://stats.sa-as.com *.marketingcloudfx.com *.hubspot.com *.pixel.ad *.typekit.net *.google.ca *.google-analytics.com *.googletagmanager.com *.gstatic.com *.youtube.com https://cdn.leadmanagerfx.com;  object-src 'none' 1
frame-ancestors https://page.blubybcadigital.id 1
default-src 'self' *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.wistia.com js.intercomcdn.com; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.wistia.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.intercom.io calendly.com *.calendly.com *.paperlesspipeline.com; img-src 'self' data: *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.bing.com *.wistia.com *.clarity.ms *.calendly.com; script-src 'self' 'unsafe-inline' www.facebook.com connect.facebook.net www.google.com stats.g *.doubleclick.net *.wistia.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io *.paperlesspipeline.com bat.bing.com *.clarity.ms *.calendly.com; frame-src 'self' calendly.com *.calendly.com *.facebook.com *.doubleclick.net *.wistia.com; 1
frame-ancestors 'self'  compass.fti-group.com; 1
frame-ancestors 'self' https://my.gsw.edu; 1
report-uri /error/csp;frame-ancestors widget.trustpilot.com www.facebook.com https://pricetag.viabill.com https://event-client.viabill.com www.youtube.com tpc.googlesyndication.com www.addwish.com policy.app.cookieinformation.com tm.av-cables.dk tr.snapchat.com widget-launcher.imbox.io widget.imbox.io 1
frame-ancestors 'self' plans.mlabs.io; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NWNlYmViNTc1YzllNDIyM2E3ODlmNmQ4NjVhYjQzZDA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nza.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nza.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nza.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline'  https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self'  https://q.stripe.com/ https://www.google-analytics.com/ https://www.zuzanalicko.com/; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://js.stripe.com/ https://www.google.com/recaptcha/ https://www.gstatic.com; font-src 'self' 1
default-src 'self' https://www.freshbots.ai https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; img-src 'self' https://i.ytimg.com https://cdn.cookielaw.org https://*.bing.com https://*.clarity.ms https://*.privacysandbox.googleadservices.com https://tr.snapchat.com https://www.google-analytics.com https://ps.w.org https://*.google-analytics.com/ https://*.doubleclick.net https://www.google.com https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://www.facebook.com https://secure.gravatar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com https://tr.snapchat.com https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://connect.facebook.net https://sc-static.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://cdn.freshbots.ai https://cdn.announcekit.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cloud.typography.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com data:; frame-src 'self' https://usaf.sites.crmforce.mil https://tr.snapchat.com https://www.youtube.com https://*.doubleclick.net https://www.facebook.com; object-src 'self'; connect-src 'self' https://usaf--afuat.sandbox.sites.crmforce.mil https://usaf--afuat.sandbox.my.salesforce.mil https://usaf.my.salesforce.mil https://*.salesforce.mil https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.clarity.ms https://tr.snapchat.com https://maps.googleapis.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://sc-static.net https://d3hb14vkzrxvla.cloudfront.net; 1
frame-src 'self' mailto: https://*.omniture.com https://*.adobe.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com  https://*.princesscruises.com https://*.princess.com; frame-ancestors 'self' https://*.princess.com https://*.polarres.com; 1
frame-ancestors 'self' www.ravensburger-retailer.fr; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e3c9460e7187949948822e58891a165e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://assets.stuudium.net; style-src 'unsafe-inline' https://assets.stuudium.net 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https://b24.one-touch.ru wss://rtc-cloud-ms1.bitrix.info https://one-touch.ru https://mc.yandex.com https://mc.yandex.ru https://region1.analytics.google.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io 1
frame-ancestors 'self' https://*.webintegrity.com; 1
base-uri 'self'; connect-src 'self' *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com https://*.clearbit.com https://*.algolianet.com https://*.algolia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.6sc.co https://*.chilipiper.com https://*.mktoresp.com https://*.contextly.com https://*.context.ly https://*.6sense.com https://app.calconic.com https://bat.bing.com *.cookieyes.com cdn-cookieyes.com  https://ipv6.6sc.co https://*.doubleclick.net https://visitor-scoring-c.marketlinc.com https://ws.zoominfo.com https://www.google-analytics.com *.googlesyndication.com *.linkedin.com *.google.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com *.context.ly https://*.wp.com https://*.mutinycdn.com; frame-src 'self' https://*.recruiterbox.com https://*.chilipiper.com https://*.vimeo.com https://get.chronus.com https://js.driftt.com https://widget.drift.com https://bid.g.doubleclick.net https://*.doubleclick.net https://*.youtube-nocookie.com https://*.youtube.com; frame-ancestors 'self' https://app.mutinyhq.com; img-src 'self' data: *.mutinycdn.com *.mutinyhq.io *.twitter.com *.context.ly *.gravatar.com https://*.chilipiper.com https://*.vimeocdn.com https://*.hotjar.com https://*.linkedin.com cdn-cookieyes.com https://b.6sc.co https://bat.bing.com https://cdn.bizibly.com https://cdn.bizible.com https://cdn.chronus.com https://get.chronus.com https://px.ads.linkedin.com https://*.recruiterbox.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://js.driftt.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' data: https://1d5ef9e9369608f625a8-878b10192d4a956595449977ade9187d.ssl.cf2.rackcdn.com/ctk.js https://*.algolianet.com https://*.vimeo.com https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://*.clearbitscripts.com https://*.clearbitjs.com  https://*.context.ly https://*.chilipiper.com https://bat.bing.com cdn-cookieyes.com https://cdn.bizible.com https://cdn.calconic.com https://chronus.marketlinc.com *.mutinycdn.com https://get.chronus.com https://googleads.g.doubleclick.net https://j.6sc.co https://js.driftt.com https://widget.drift.com https://munchkin.marketo.net https://*.hotjar.com https://snap.licdn.com https://tracking.g2crowd.com https://*.recruiterbox.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.hotjar.com https://get.chronus.com https://*.recruiterbox.com; worker-src 'self'; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'nonce-gtag-xfe6b85wruZGVcVA' 'nonce-facepixel-OjsspHJKE1Hblzwh' 'nonce-site-Ytt9SDyxy7'; style-src https: 'unsafe-inline'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.fournisseurs-electricite.com/report-uri/enforce 1
default-src 'self' https:; img-src * 'self' data: https:; frame-ancestors 'self'; frame-src youtube.com https://www.youtube.com; form-action https://*.babygearlab.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' www.fullstackacademy.com fullstack.academy www.gracehopper.com bootcamp-extended.calpoly.edu bootcamp.unf.edu bootcamp.sandiego.edu bootcamp.online.lsu.edu bootcamp.ctme.caltech.edu bootcamp.outreach.ou.edu bootcamp.cpe.vt.edu bootcamp.ce.csueastbay.edu bootcamp.sjsu.edu bootcamp.emory.edu bootcamp.uic.edu bootcamp.colostate.edu bootcamp.oregonstate.edu bootcamp.csuohio.edu careerkarma.com; 1
default-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com google.com www.google.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com media.twiliocdn.com cdn.statuspage.io cdn.jsdelivr.net code.jquery.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: *.cloudfront.net *.googleapis.com *.rapidrad.com *.totalcloudpacs.com *.gstatic.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com www.google.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *pghub.io pghub.io www.youtube.com *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *pghub.io *.pghub.io consumersupport.pg.com www.youtube-nocookie.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org feed.pghub.io ; connect-src 'self' *.cookielaw.org *.algolia.net *.algolianet.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lepoulsdumonde.com; img-src 'self' data: blob: https://lepoulsdumonde.com https://i.lepoulsdumonde.com; style-src 'self' https://lepoulsdumonde.com 'nonce-tt72/Nf1e4ZRdl+ZRgGtGA=='; media-src 'self' data: https://lepoulsdumonde.com https://i.lepoulsdumonde.com; frame-src 'self' https:; manifest-src 'self' https://lepoulsdumonde.com; form-action 'self'; child-src 'self' blob: https://lepoulsdumonde.com; worker-src 'self' blob: https://lepoulsdumonde.com; connect-src 'self' data: blob: https://lepoulsdumonde.com https://i.lepoulsdumonde.com wss://lepoulsdumonde.com; script-src 'self' https://lepoulsdumonde.com 'wasm-unsafe-eval' 1
frame-ancestors https://sahubprd.b2clogin.com/ https://login.serviceapotheek.nl 'self'; frame-src https://vars.hotjar.com https://*.kijksluiter.nl https://mijn.ncontrol.nl https://www.locatiekiezer.nl https://www.kijksluiter.nl https://kijksluiter.nl https://www.youtube.com/ https://www.vimeo.com/ https://msd.bbvms.com/ https://calendly.com https://nieuw.herhaalnummer.nl https://herhaalnummer.nl https://herhaal.leef.nl https://www.google.com https://msxhubdev.b2clogin.com/ http://login.serviceapotheek.nl https://livechat.zaurus.io 'self'; connect-src *.googleapis.com https://webshop.serviceapotheek.nl *.analytics.google.com *.google-analytics.com https://gate.serviceapotheek.nl https://www.serviceapotheek.nl https://in.hotjar.com;font-src https://fonts.gstatic.com https://fonts.googleapis.com 'self' ;img-src https://www.serviceapotheek.nl https://maps.googleapis.com https://webshop.serviceapotheek.nl https://shop.serviceapotheek.nl *.google-analytics.com *.analytics.google.com https://maps.gstatic.com https://git.isatis-teamonline.nl https://desk.isatis-teamonline.nl https://media.serviceapotheek.nl https://static.serviceapotheek.nl 'self' 'unsafe-inline' data:;style-src 'self' 'unsafe-inline';style-src-elem https://fonts.googleapis.com 'self' 'unsafe-inline' ; script-src https://script.hotjar.com http://www2.serviceapotheek.nl http://mijn.serviceapotheek.nl http://kennisbank.serviceapotheek.nl https://www.google-analytics.com https://www.googletagmanager.com https://livechat.zaurus.io https://maps.googleapis.com 'self' 'nonce-5cef453a03f518111b7301e9e7379db6'; default-src https://webshop.serviceapotheek.nl 'self' 1
frame-src 'self' https: blob: data:; connect-src 'self' https:; font-src https: data:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; object-src https: data:; form-action 'self' https:; default-src https: 1
frame-ancestors 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tecnoempleo.com tecnoempleo.com tecnoempleostatic.firebaseapp.com www.googletagmanager.com www.google-analytics.com translate.google.com www.clarity.ms bebee.rurl.me cdnjs.cloudflare.com www.google.com www.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagservices.com ad.doubleclick.net *.googlesyndication.com cdn.jsdelivr.net *.whatjobs.com *.jobsora.com fundaciontelefonica-graphics-data.s3.eu-west-1.amazonaws.com; object-src 'self' *.tecnoempleo.com tecnoempleo.com; form-action 'self' *.redsys.es *.linkedin.com *.tecnosaber.com 1
default-src 'self' 'unsafe-inline' *.sanity.io *.doubleclick.net *.facebook.com *.vimeo.com *.vimeocdn.com *.swaven.com data:; font-src 'self' 'unsafe-inline' data: *.swaven.com; img-src 'self' 'unsafe-inline' data: *.sanity.io *.googleapis.com *.googleusercontent.com *.gstatic.com *.googleusercontent.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.facebook.com *.swaven.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.googleapis.com:* *.facebook.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.vimeo.com *.sentry-cdn.com sentry.numbered.studio *.swaven.com; connect-src 'self' vitals.vercel-insights.com *.sanity.io wss://*.sanity.io vimeo.com https://*.moet-hennessy.net:* *.googleapis.com:* *.cookielaw.org *.onetrust.com *.google-analytics.com *.doubleclick.net sentry.numbered.studio *.swaven.com ; media-src 'self' *.sanity.io player.vimeo.com download-video.akamaized.net vod-progressive.akamaized.net *.swaven.com; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://player.vimeo.com/api/player.js https://apply.workable.com/api/v1/widget/accounts/118638 https://dcvxs6ggqztsa.cloudfront.net/widget/production/embed.js https://www.workable.com/assets/embed.js https://snap.licdn.com https://pi.pardot.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://widget.trustpilot.com  https://cdn.segment.com https://cdn.mxpnl.com https://widget.intercom.io https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://fonts.googleapis.com https://js.intercomcdn.com https://*.satago.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://region1.analytics.google.com  https://cdn.linkedin.oribi.io https://uploads.intercomcdn.eu/ https://events.eu1.segmentapis.com https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api-js.mixpanel.com  https://api-iam.eu.intercom.io wss://nexus-europe-websocket.intercom.io/ https://cdn.linkedin.oribi.io; img-src 'self' https://fonts.intercomcdn.com https://static.intercomassets.eu https://secure.gravatar.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://static.intercomassets.com/ https://static.intercomassets.eu/ https://js.intercomcdn.com/ https://downloads.intercomcdn.eu https://www.isoqsltd.com/logos/fullsize/27001.png; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'self'; form-action 'self' https://*.satago.com https://www.facebook.com/tr/; frame-src 'self' https://static.hsappstatic.net/ https://app.hubspot.com/ https://widget.trustpilot.com https://widget.intercom.io https://intercom-sheets.com https://www.facebook.com/ https://player.vimeo.com/ ; font-src 'self'  https://fonts.gstatic.com https://js.intercomcdn.com/fonts/ https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-ancestors 'self'; media-src 'self' https://js.intercomcdn.com/; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://api.glia.com https://libs.salemove.com www.googletagmanager.com https://www.timevaluecalculators.com https://*.salemove.com https://*.glia.com https://autolink.io https://rlforms.referlive.com 'self' https://googleads.g.doubleclick.net https://insiderdata360online.com https://stats.g.doubleclick.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://libs.salemove.com https://www.timevaluecalculators.com https://*.salemove.com https://*.glia.com https://autolink.io https://rlforms.referlive.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://uploads.salemove.com https://www.timevaluecalculators.com https://*.salemove.com https://*.glia.com https://autolink.io https://rlforms.referlive.com 'self' https://www.google.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://autolink.io; frame-src https://www.youtube.com https://texanscreditunion.qualtrics.com/jfe/form/SV_djwn3Dl0aS8ASW2 https://autolink.io https://cloud.paymentsemails.com *.cloudfront.net https://texanscreditunion.qualtrics.com/jfe/form/SV_0Dttv8EUAumCoei https://td.doubleclick.net/ https://texanscu.uateltropy.com/ 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com https://api.glia.com https://pubsub.salemove.com https://client-logger.salemove.com wss://pubsub.salemove.com https://api.salemove.com https://thefontzone.com https://www.timevaluecalculators.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://maps.googleapis.com https://autolink.io https://rlforms.referlive.com https://analytics.google.com https://pagead2.googlesyndication.com https://insiderdata360online.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://*.salemove.com https://*.glia.com https://autolink.io; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com qualtrics.com https://pagead2.googlesyndication.com 'self' web-chat.nativechat.com; form-action https://autolink.io https://my.texanscu.org 'self' 1
default-src 'self' *.myasnb.com.my:* *.facebook.com:* *.facebook.net:* *.asnb.com.my:* *.googleapis.com:* www.google-analytics.com *.google.com:* *.cloudflare.com:* *.group-ib.com:* *.gstatic.com:* *.asnbacademy.com.my *.youtube.com; style-src 'unsafe-inline' *.myasnb.com.my *.googleapis.com *.cloudflare.com *.asnb.com.my *.youtube.com *.asnbacademy.com.my; img-src 'self' data: *.youtube.com *.myasnb.com.my *.asnb.com.my *.facebook.com *.aliyuncs.com *.asnbacademy.com.my *.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' *.asnb.com.my *.myasnb.com.my www.googletagmanager.com www.google-analytics.com *.facebook.net openfpcdn.io *.asnbacademy.com.my *.youtube.com; font-src data: fonts.gstatic.com *.cloudflare.com *.asnb.com.my *.myasnb.com.my *.asnbacademy.com.my *.youtube.com 1
default-src 'self' *.customuse.com; script-src 'self' *.customuse.com appleid.cdn-apple.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://analytics.tiktok.com/ https://cf-st.sc-cdn.net/ blob: 'wasm-unsafe-eval' https://js.stripe.com/v3/pricing-table.js https://connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' *.customuse.com 'unsafe-inline'; font-src 'self' *.customuse.com customuse-public.s3.eu-central-1.amazonaws.com customuse-public-dev.s3.eu-central-1.amazonaws.com customuse-public-rc.s3.eu-central-1.amazonaws.com data:; img-src 'self' data: blob: *.customuse.com ouch-cdn2.icons8.com ab3c23e75d928be2f890.ucr.io customuse-public.s3.eu-central-1.amazonaws.com customuse-public-dev.s3.eu-central-1.amazonaws.com customuse-public-rc.s3.eu-central-1.amazonaws.com ucarecdn.com images.ctfassets.net https://images.unsplash.com https://www.facebook.com/tr/; connect-src 'self' blob: *.customuse.com wss://*.customuse.com customuse-public.s3.eu-central-1.amazonaws.com ab3c23e75d928be2f890.ucr.io https://*.snapar.com/ https://*.snapchat.com/ https://cf-st.sc-cdn.net/ https://bolt-gcdn.sc-cdn.net https://analytics.tiktok.com *.browser-intake-datadoghq.eu; base-uri 'self' *.customuse.com; form-action 'self' *.customuse.com; frame-src 'self' *.customuse.com form.typeform.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.stripe.com/ https://www.youtube.com/ *.tipalti.com; frame-ancestors 'self' *.customuse.com form.typeform.com https://app.contentful.com; 1
default-src 'self';script-src 'nonce-9c534ad2-353e-4d48-a41d-204824dec738' 'strict-dynamic' https://static.zdassets.com/ https://*.google.com https://*.google.com.au https://*.google-analytics.com https://*.split.io https://pagead2.googlesyndication.com https://*.awswaf.com https://*.brainfi.sh;style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://www.googletagmanager.com/ https://fonts.googleapis.com/;img-src 'self' data: https://res.cloudinary.com/madpaws/image/ https://madpaws.zendesk.com/ http://mtc.qantas.com/ https://smtc.qantas.com/ https://pagead2.googlesyndication.com https://fonts.gstatic.com/s/i/ https://www.googletagmanager.com/ https://api.mapbox.com/;font-src 'self' https://script.hotjar.com https://fonts.gstatic.com/;media-src 'self' https://static.zdassets.com/;connect-src 'self' https://o53414.ingest.sentry.io/api/5833079/ https://ekr.zdassets.com https://madpaws.zendesk.com/ https://widget-mediator.zopim.com/ wss://widget-mediator.zopim.com https://cdn.segment.com/v1/projects/ https://api.segment.io/v1/ https://in.au1.segmentapis.com/v1/ https://staging-api.madpaws.com.au/api/v1/ https://test-api.madpaws.com.au/api/v1/ https://api.madpaws.com.au/api/v1/ https://api-js.mixpanel.com/track/ http://dpm.demdex.net/ http://qantasairways.tt.omtrdc.net/m2/ https://bam.nr-data.net/ https://api.trafficguard.ai/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.google.com.au https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.awswaf.com https://*.split.io https://*.brainfi.sh;base-uri 'self';frame-ancestors 'none';frame-src https://static.zdassets.com/ https://player.vimeo.com/ https://qantas.demdex.net/ http://fast.qantas.demdex.net/ https://accounts.google.com/ 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live *.vercel-scripts.com *.googletagmanager.com snap.licdn.com *.googleadservices.com *.spotify.com *.byspotify.com *.google-analytics.com  *.spotifycdn.com; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com googleads.g.doubleclick.net *.google.com *.google-analytics.com; frame-ancestors https://cms.nea.com 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5sqg6ipique2l&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://koi-3qnilx5wcs.marketingautomation.services/ https://cdn.jotfor.ms/ https://createaclickablemap.com/ https://cdnjs.cloudflare.com/ https://form.jotform.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://tbcdn.talentbrew.com/ https://s0.2mdn.net/ https://static.hotjar.com/ https://script.hotjar.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.jotfor.ms/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com https://cdn.jotfor.ms/ https://events.jotform.com/jsform/ https://stats.g.doubleclick.net/ https://events.jotform.com/; media-src 'self' data: blob: https://player.vimeo.com/ https://gcs-vimeo.akamaized.net/ https://vod-progressive.akamaized.net/ https://fpdl.vimeocdn.com/; frame-src *; child-src 'self' https://syndication.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://app-3qnilx5wcs.marketingautomation.services/ https://createaclickablemap.com/ https://script.hotjar.com/modules.fee7048ea23070895b33.js; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://platform.talentbrew.com/ https://in.hotjar.com/ wss://ws9.hotjar.com/ https://vc.hotjar.io/; 1
frame-ancestors http://*.upay.uz https://*.upay.uz 1
default-src https:; script-src 'self' piwik.stairweb.de; media-src 'self'; object-src 'none'; worker-src 'self'; font-src 'self'; img-src 'self' https://piwik.stairweb.de/; style-src 'self'; frame-src 'self' https://*.stairweb.de/; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
script-src 'self' https://*.google.com https://www.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.msecnd.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' font-src 'self' 'unsafe-inline'; frame-src https://www.youtube.com; img-src 'self' *.ytimg.com *.maps.yandex.net www.googletagmanager.com https://www.google-analytics.com https://yandex.ru https://api-maps.yandex.ru https://mc.yandex.ru data:; form-action 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.maps.yandex.net www.googletagmanager.com https://www.google-analytics.com https://yastatic.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://mc.yandex.ru; connect-src 'self' *.doubleclick.net *.maps.yandex.net www.googletagmanager.com https://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com cdn1.stamped.io *.klevu.com *.bootstrapcdn.com *.fontawesome.com x.klarnacdn.net *.klarnacdn.net *.ksearchnet.com maxcdn.bootstrapcdn.com stamped.io *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.authorize.net *.cardinalcommerce.com *.cybersource.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.smartsheet.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net facebook.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.xtento.com *.paypalobjects.com ct.pinterest.com *.klarna.com tr.snapchat.com paypal.com *.cloudflarestream.com iframe.videodelivery.net cdn.userway.org embedsocial.com h.online-metrix.net *.afterpay.com *.loyaltylion.net *.cardinalcommerce.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com store.paradoxlabs.com www.xtento.com cdn.xtento.com *.capezio.com bat.bing.com cdn.stamped.io cdn.userway.org *.pinterest.com *.klevu.com m.media-amazon.com static-na.payments-amazon.com *.afterpay.com *.paypal.com *.snapchat.com google-analytics.com google.com paypalobjects.com x.klarnacdn.net *.cloudflarestream.com *.clarity.ms services.postcodeanywhere.co.uk oc.klarnaevt.com *.bing.com *.online-metrix.net *.amazonaws.com *.google.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ksearchnet.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net www.xtento.com cdn.xtento.com polyfill.io *.tiktok.com *.pcapredict.com bam.nr-data.net bat.bing.com cdn.userway.org *.stamped.io *.newrelic.com polaris.truevaultcdn.com *.apprl.com *.pinimg.com sc-static.net *.loyaltylion.net services.postcodeanywhere.co.uk *.amazon.com *.snapchat.com *.clarity.ms *.paypal.com *.paypalobjects.com *.klarnacdn.net *.cloudflarestream.com *.klarnaservices.com geotargetly-api-4.com *.noibu.com *.privy.com *.pinterest.com *.iesnare.com embedsocial.com *.afterpay.com cdn.storelocatorwidgets.com player.vimeo.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com maps.googleapis.com *.northbeam.io *.cardinalcommerce.com h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.stamped.io *.klevu.com *.klaviyo.com *.fontawesome.com *.klarnacdn.net services.postcodeanywhere.co.uk cdn.userway.org embedsocial.com https://static.klaviyo.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com cdn1.stamped.io stamped.io *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com s3.us-west-2.amazonaws.com *.iesnare.com data: cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net *.klaviyo.com *.tiktok.com *.userway.org bam.nr-data.net bat.bing.com cnstats.ksearchnet.com *.pinterest.com *.clarity.ms *.noibu.com *.klarnaevt.com *.loyaltylion.com services.postcodeanywhere.co.uk stamped.io stats.g.doubleclick.net *.paypal.com *.klarnacdn.net *.cloudflarestream.com *.klarnaservices.com *.truevaultcdn.com sdk.loyaltylion.net api.ipgeolocation.io api.amplitude.com wss://input.noibu.com/pv_part *.afterpay.com wss://mpsnare.iesnare.com *.iesnare.com *.snapchat.com *.datadome.co *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.gstatic.com *.northbeam.io i.capezio.com *.cardinalcommerce.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com cdn1.stamped.io *.stripe.com klarna.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' https://plausible.io 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; font-src 'self' https://*.digitalpurchaseorder.com https://fonts.gstatic.com data:; connect-src 'self' https://*.digitalpurchaseorder.com; media-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; manifest-src 'self'; object-src 'none'; prefetch-src 'self' https://*.digitalpurchaseorder.com; child-src 'self' https://*.digitalpurchaseorder.com; worker-src 'self'; frame-ancestors 'self' https://*.digitalpurchaseorder.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com maps.googleapis.com *.ikeajpapi.com www.aawrnstrk.com insight.adsrvr.org js.adsrvr.org ipac.ctnsnet.com *.doubleclick.net stats.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com d.line-scdn.net tr.line.me *.twitter.com ads-twitter.com *.ads-twitter.com *.yimg.com *.yimg.jp *.yahoo.co.jp ct.pinterest.com s.pinimg.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com fonts.googleapis.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' www.bso.at; 1
default-src 'self' *.legocdn.com *.lego.com;script-src 'self' *.legocdn.com *.lego.com *.adobedtm.com *.iesnare.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s.pinimg.com https://bat.bing.com https://tag.demandbase.com https://snap.licdn.com 'unsafe-inline';connect-src 'self' *.lego.com dpm.demdex.net lego.demdex.net *.adyen.com *.experianmarketingservices.com https://ct.pinterest.com https://api.company-target.com https://tag-logger.demandbase.com https://cdn.linkedin.oribi.io;style-src 'self' 'unsafe-inline';frame-src 'self' legoeducation.23video.com lego.demdex.net legoeducation.com *.legoeducation.com *.svc.dynamics.com  https://www.facebook.com https://ct.pinterest.com https://tag.demandbase.com https://s.company-target.com identity.lego.com xiecomm.paymetric.com checkoutshopper-live.adyen.com;frame-ancestors 'self' legoeducation.com *.legoeducation.com identity.lego.com;font-src 'self' data: *.legocdn.com *.lego.com https://assets.education.lego.com;img-src 'self' data: cm.everesttech.net *.adyen.com https://www.google.com https://www.facebook.com https://googleads.g.doubleclick.net https://ct.pinterest.com https://id.rlcdn.com https://bat.bing.com https://px.ads.linkedin.com https://assets.education.lego.com;media-src 'self' https://assets.education.lego.com;object-src 'none' 1
script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' plausible.io; font-src data: 'self' fonts.gstatic.com; img-src * data: 'self'; frame-ancestors 'self' *.convert.com *.paperflite.com; connect-src wss: https: 'self' plausible.io 1
frame-ancestors www.epl.ca *.www.epl.ca epl.ca *.epl.ca epl.bibliocms.com *.epl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.epl.ca *.www.epl.ca epl.ca *.epl.ca epl.bibliocms.com *.epl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.taskrabbit.com acdn.adnxs.com secure.adnxs.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.criteo.net *.criteo.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com cdnapisec.kaltura.com s.kmtx.io t.kmtx.io act-eu.rd.linksynergy.com nxtck.com fo-api.omnitagjs.com *.pinterest.com s.pinimg.com api.pinpiaa.com intljs.rmtag.com *.teads.tv cdn.v3ty.com *.yimg.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com/ https://script.hotjar.com assets.betterplace.me; img-src 'self' https: data: blob: assets.betterplace.me; object-src 'none'; script-src 'self' 'unsafe-eval' https://bam.nr-data.net https://cdn.polyfill.io https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://js.honeybadger.io https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://www.youtube.com https://s.ytimg.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu blob: assets.betterplace.me 'nonce-ezZ7x67SwdR8esJEdzM3sg=='; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://storage.googleapis.com https://api.honeybadger.io https://*.hotjar.com https://*.hotjar.io https://*.friendlycaptcha.com https://*.friendlycaptcha.eu wss: ws:; style-src 'self' https: 'unsafe-inline' blob: assets.betterplace.me; frame-src 'self' https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://vars.hotjar.com https://www.google.com https://www.youtube-nocookie.com 1
frame-ancestors 'self' spoxy3.insipio.com; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sodertalje.se https://dl.episerver.net/ https://web-sdk-eu.aptrinsic.com https://insipio.com/ https://974se.boost.ai/chatPanel/chatPanel.js https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://js.monitor.azure.com/ https://static.rekai.se/faadcc89.js https://chat.kindlycdn.com/ https://sockjs-eu.pusher.com/ wss://ws-eu.pusher.com/app/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.vizzit.se/integration/ https://tag.vizzit.se/ https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com https://5p4rk13.com https://*.cookiebot.com/ https://digitalfeedback.euro.confirmit.com/api/digitalfeedback/ https://amplify.notified.com/ https://static.entryscape.com/ https://docs.netpublicator.com/api/public/sodertalje/channel/; style-src 'unsafe-inline' 'self' *.sodertalje.se https://cdn.jsdelivr.net *.bootstrapcdn.com fonts.googleapis.com https://www.gstatic.com https://cdn.vizzit.se/integration/ https://*.aptrinsic.com https://insipio.com/; connect-src 'self' *.sodertalje.se https://chat.kindlycdn.com/ https://bot.kindly.ai/ https://sockjs-eu.pusher.com/ wss://sage.kindly.ai/ wss://ws-eu.pusher.com/app/ https://dc.services.visualstudio.com https://translate.googleapis.com https://5p4rk13.com https://974se.boost.ai/api/ https://consentcdn.cookiebot.com https://digitalfeedback.euro.confirmit.com https://view.rekai.se https://predict.rekai.se/predict https://www.vizzit.se https://amplify.notified.com/ https://*.aptrinsic.com https://static.infra.entryscape.com/ https://spoxy8.insipio.com/; font-src 'self' *.sodertalje.se https://*.cloudfront.net https://chat.kindlycdn.com/ https://static.entryscape.com/ *.gstatic.com; frame-src 'self' *.sodertalje.se https://sodertalje.miljobarometern.se https://sodertalje.fri-go.se/ https://www.facebook.com https://e.infogram.com https://calepermit.com/ https://web2pay.3cint.com/ https://candidate.hr-manager.net https://5p4rk13.com https://www.google.com https://consentcdn.cookiebot.com https://dreambroker.com https://www.hitta.se https://amplify.notified.com/ www.youtube.com; img-src 'self' data: *.sodertalje.se https://maps.infra.entryscape.com https://5p4rk13.com *.fbcdn.net/ *.cdninstagram.com/ https://media.ticketmaster.eu https://s1.ticketm.net https://www.destinationsodertalje.se https://www.hejahojen.se https://www.stadsscen.se https://www.sodertaljesgymnasier.se/ https://static.tickster.com https://www.gstatic.com https://www.google.com/images/ https://translate.googleapis.com/translate_static/img/ https://translate.google.com/ https://insipio.com/readit3/ https://i.ytimg.com https://static.kindlycdn.com/media/ https://chat.kindlycdn.com/ https://amplify.notified.com/ https://s3-bestevent-prod.innocode.dev https://tile.openstreetmap.org https://imgsct.cookiebot.com/; manifest-src 'self' *.sodertalje.se; media-src 'self' *.sodertalje.se https://www.hejahojen.se https://dreambroker.com https://www.pappakapsyl.se https://spoxy8.insipio.com/; object-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://twitter.com https://cdn.ampproject.org https://*.googleapis.com https://marketing.linknacional.com.br https://cdn.ampproject.org https://tagmanager.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://w.org https://*.w.org https://twitter.com https://*.twitter.com https://*.twimg.com https://cdn.ampproject.org https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://marketing.linknacional.com.br https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://apis.google.com; img-src 'self' data: https://*.twimg.com https://twitter.com https://*.twitter.com https://*.googleusercontent.com https://www.facebook.com  https://secure.gravatar.com https://ssl.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; object-src 'self'; font-src 'self' data: https://*.twitter.com https://*.twimg.com https://fonts.gstatic.com https://s0.wp.com; connect-src 'self' https://*.twitter.com https://twitter.com https://cdn.ampproject.org https://www.facebook.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://api.linknacional.com.br https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://twitter.com https://*.twitter.com https://www.youtube-nocookie.com https://www.facebook.com https://marketing.linknacional.com.br https://www.youtube.com https://bid.g.doubleclick.net https://*.google.com/; style-src-elem 'self' 'unsafe-inline' https://twitter.com https://*.twitter.com https://*.twimg.com https://cdn.ampproject.org https://fonts.googleapis.com https://marketing.linknacional.com.br; 1
default-src 'self'; worker-src 'self' *.monetate.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.trustpilot.com  ct.pinterest.com s.pinimg.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.twitter.com *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.google.com *.onetrust.com https://www.datadoghq-browser-agent.com; prefetch-src *.amplifyapp.com *.tmtest.co.uk *.thinkmoney.co.uk *.onetrust.com *.monetate.net; style-src 'self' 'unsafe-inline' *.monetate.net *.google.com *.googleapis.com; img-src 'self' ct.pinterest.com *.linksynergy.com https://www.datocms-assets.com/ *.gstatic.com t.co *.google.com *.google.co.uk *.facebook.com *.monetate.net chart.googleapis.com wingify-assets.s3.amazonaws.com *.googletagmanager.com *.tmtest.co.uk *.thinkmoney.co.uk *.google-analytics.com *.bing.com  *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com data:; font-src 'self' *.gstatic.com *.monetate.net data:; manifest-src 'self'; connect-src 'self' *.trustpilot.com ct.pinterest.com *.google.com *.google.co.uk *.visualstudio.com *.execute-api.eu-west-1.amazonaws.com *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com https://*.logs.datadoghq.eu https://www.datocms-assets.com; upgrade-insecure-requests; block-all-mixed-content; frame-src *.trustpilot.com https://www.youtube.com/ https://forms.office.com/ *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com 1
default-src 'self' *.doubleclick.net *.synthetix.com https://stats.g.doubleclick.net *.responsetap.com blob:; media-src 'self' *.synthetix.com; frame-ancestors 'self' *.doubleclick.net *.hotjar.com *.youtube.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com; frame-src 'self' *.doubleclick.net *.hotjar.com *.youtube.com *.pardot.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com https://www.opinionstage.com https://www.googletagmanager.com https://connect.facebook.net https://embed.ex.co https://cdnjs.cloudflare.com https://optimize.google.com https://recaptcha.google.com app.vwo.com *.visualwebsiteoptimizer.com; font-src 'self' *.synthetix.com *.gstatic.com https://cloud.typography.com https://hello.myfonts.net https://benendenglobalassets.blob.core.windows.net https://benenden-global-assets-cdn.azureedge.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://script.hotjar.com https://cdnjs.cloudflare.com data:; connect-src 'self' *.synthetix.com *.hotjar.com *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net *.playbuzz.com *.perfdrive.com https://www.facebook.com https://*.hotjar.io *.mapbox.com https://api.postcodes.io https://www.opinionstage.com https://www.google.com wss://*.hotjar.com https://adservice.google.com https://t.co https://prd-collector-platform.ex.co https://cdn.cookielaw.org https://benenden-privacy.my.onetrust.com https://optanon.blob.core.windows.net *.responsetap.com *.onetrust.com idx.liadm.com www.gravatar.com *.quantcount.com *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' *.googleapis.com *.synthetix.com https://hello.myfonts.net https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://benenden-global-assets-cdn.azureedge.net https://benenden.syn-finity.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdnjs.cloudflare.com *.pardot.com *.googletagmanager.com https://optimize.google.com *.hotjar.com 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com *.googleapis.com *.facebook.net *.linkedin.com *.synthetix.com *.googletagmanager.com *.hotjar.com *.playbuzz.com *.benenden.co.uk https://secure.adnxs.com https://www.google.co.uk https://www.google.com https://t.co https://www.facebook.com https://bguksrowebsitestr01.blob.core.windows.net *.mapbox.com https://p.typekit.net https://i.ytimg.com https://amplifypixel.outbrain.com https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com https://px.ads.linkedin.com https://tracking.audio.thisisdax.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://optimize.google.com analytics.twitter.com *.quantserve.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src 'self' *.benenden.co.uk *.googleapis.com *.google-analytics.com *.googleanalytics.com *.pardot.com *.visualwebsiteoptimizer.com app.vwo.com *.synthetix.com *.doubleclick.net *.responsetap.com *.hotjar.com *.googletagmanager.com *.twitter.com *.playbuzz.com https://pixel.mathtag.com https://vc.hotjar.io https://sjs.bizographics.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.google.com https://benenden.syn-finity.com https://t.co https://www.facebook.com https://www.google.co.uk https://live-chat-help.com *.googleadservices.com https://widget.trustpilot.com *.mapbox.com https://api.postcodes.io https://maxcdn.bootstrapcdn.com https://connect.facebook.net *.youtube.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://snap.licdn.com https://www.opinionstage.com https://cdnjs.cloudflare.com https://polyfill.io *.googleoptimize.com https://optimize.google.com *.perfdrive.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://c5.adalyser.com https://www.pagespeed-mod.com https://static.ex.co *.gstatic.com *.quantserve.com *.quantcount.com 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob:; report-uri https://benwebteam.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.marcomcentral.app.pti.com *.geotargetly-api-1.com embed.signalintent.com geotargetly-api-1.com *.sandbox.my.site.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.hotjar.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.calcxml.com *.cloudflare.com *.bootstrapcdn.com *.wave2.io *.matomo.cloud *.googleoptimize.com siteimproveanalytics.com maps.googleapis.com *.googletagmanager.com *.cookiepro.com snap.licdn.com *.cookielaw.org code.jquery.com geolocation.onetrust.com *.srv.stackadapt.com *.geotargetly-api-1.com geotargetly-api-1.com embed.signalintent.com *.segment.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com *.typekit.net *.cloudflare.com *.calcxml.com *.google-analytics.com *.cookielaw.org *.cookiepro.com *.geotargetly-api-1.com geotargetly-api-1.com embed.signalintent.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.cloudflare.com embed.signalintent.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.chevronfcu.org http://images.printable.com *.calcxml.com *.spectrumcu.org *.google.com px.ads.linkedin.com *.cookiepro.com *.adsymptotic.com *.segment.com calc-backend-prod.herokuapp.com s3.us-east-2.amazonaws.com embed.signalintent.com; media-src 'self' data: blob: *.marcomcentral.app.pti.com *.chevronfcu.org *.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.hotjar.com *.google.com *.wave2.io *.optimalblue.com 11549827.fls.doubleclick.net *.doubleclick.net; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.calcxml.com *.googleapis.com *.hotjar.com *.doubleclick.net wss://ws24.hotjar.com wss://ws1.hotjar.com wss://*.hotjar.com *.hotjar.io cdn.linkedin.oribi.io https://analytics.google.com/ *.segment.com calc-backend-prod.herokuapp.com api.segment.io; 1
default-src 'self' *.wenxiaozhan.cn *.wenxiaozhan.com *.wenshushu.cn *.wenshushu.com hm.baidu.com http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://*.pori.fi https://*.virtualartgallery.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com booking.live.ch.dovetail-tops.com *.adform.net bat.bing.com *.doubleclick.net *.exactag.com static.getback.ch www.getback.ch *.getflowbox.com *.facebook.com *.facebook.net *.pinterest.com s.pinimg.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self';                  script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com https://www.googleoptimize.com *.mastercraft.com tagmanager.google.com www.googletagmanager.com *.livechatinc.com *.youtube.com *.google.com *.googleoptimize.com *.googleadservices.com *.livechat-static.com https://cdn.userway.org/widget.js *.userway.org *.usersnap.com *.zmags.com https://www.google.com/recaptcha/ *.gstatic.com *.widget.usersnap.com *.resources.usersnap.com https://ethn.io/ https://connect.facebook.net *.doubleclick.net *.facebook.net *.facebook.com https://bat.bing.com/bat.js *.bat.bing.com *.bing.com  https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googleadservices.com https://googleads.g.doubleclick.net blob:;                  style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.livechatinc.com *.googleapis.com *.usersnap.com *.zmags.com *.mastercraft.com https://optimize.google.com https://fonts.googleapis.com;                  media-src 'self' *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com *.mastercraft.com;                   object-src 'self' *.livechatinc.com *.youtube.com *.google.com *.mastercraft.com;                   img-src 'self' data: www.google-analytics.com *.livechatinc.com *.livechat-files.com *.i.ytimg.com *.googleads.g.doubleclick.net *.facebook.com *.bat.bing.com *.bing.com *.usersnap.com *.userway.org *.livechat-static.com *.w3.org http://www.w3.org/2000/svg http://www.w3.org/1999/xlink *.mastercraft.com *.googleapis.com *.gstatic.com *.google.com  *.googleusercontent.com https://www.youtube.com https://i.ytimg.com https://googleads.g.doubleclick.net data:;                  font-src 'self' fonts.gstatic.com *.userway.org *.widget.usersnap.com *.gstatic.com *.facebook.com *.googleads.g.doubleclick.net *.bat.bing.com *.bing.com *.mastercraft.com https://fonts.gstatic.com *.at.alicdn.com data:;                  connect-src 'self' *.userway.org www.google-analytics.com *.google.com *.doubleclick.net *.usersnap.com *.mastercraft.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;                  style-src-elem 'self' 'unsafe-inline' *.zmags.com *.userway.org fonts.googleapis.com *.userway.org *.cdn.userway.org *.mastercraft.com https://fonts.googleapis.com;                  worker-src blob:;                  frame-src mailto: tel: www.google.com www.youtube.com *.mastercraft.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://hosted.where2getit.com/ https://cdn.userway.org/ https://optimize.google.com https://ethn.io/ *.google.com https://bid.g.doubleclick.net; 1
frame-ancestors 'none' always; object-src 'none' 1
default-src https://www.prioritycolo.com https://mrtg.prioritycolo.com https://api.na.bambora.com https://api.paypal.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4hsq1qdiqubuh&partner=; 1
default-src https://*.blockedservers.com; style-src 'unsafe-inline'; script-src 'unsafe-inline' https://*.blockedservers.com; worker-src https://*.blockedservers.com; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com; img-src 'self' data: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cupoftea.social; img-src 'self' data: blob: https://cupoftea.social https://cdn.cupoftea.social; style-src 'self' https://cupoftea.social 'nonce-pSlgEJmHE6gaAPELSNeRuA=='; media-src 'self' data: https://cupoftea.social https://cdn.cupoftea.social; frame-src 'self' https:; manifest-src 'self' https://cupoftea.social; form-action 'self'; child-src 'self' blob: https://cupoftea.social; worker-src 'self' blob: https://cupoftea.social; connect-src 'self' data: blob: https://cupoftea.social https://cdn.cupoftea.social wss://cupoftea.social; script-src 'self' https://cupoftea.social 'wasm-unsafe-eval' 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com  cdn.jsdelivr.net 'strict-dynamic' 'nonce-CRdk2dLomjX7S3jSPeKGzg=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://www.google.com https://www.facebook.com/ *.g.doubleclick.net  https://cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net fonts.googleapis.com cdn2.hubspot.net cdn.jsdelivr.net https://ajax.googleapis.com; font-src 'self' fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://img.youtube.com/  maps.googleapis.com maps.gstatic.com https://www.facebook.com/ *.linkedin.com https://www.google.com https://www.google.be https://www.google-analytics.com https://www.googletagmanager.com/; frame-src *.hubspot.com *.hsforms.com https://www.youtube.com/ https://www.google.com https://www.facebook.com/ https://platform.twitter.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' https://piwik.westfaelische-hochschule.org https://jobs.b-ite.com https://www.youtube-nocookie.com https://cdn.eye-able.com; font-src 'self' data:; img-src https: data: https://piwik.westfaelische-hochschule.org; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.westfaelische-hochschule.org https://static.b-ite.com https://cs-assets.b-ite.com https://jobs.b-ite.com https://cdn.eye-able.com; form-action 'self'; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.swisscard.ch www.google.de google.de www.google.com google.com analytics.google.com adservice.google.com google-analytics.com www.google-analytics.com www.google.ch google.ch www.googletagmanager.com www.googletagservices.com googletagservices.com tag.swisscard.ch tag.myaspectra.ch https://logs1412.xiti.com/ https://tag.aticdn.net https://cdn.exactag.com/ https://m.exactag.com/ vimeo.com player.vimeo.com f.vimeocdn.com i.vimeocdn.com use.typekit.net p.typekit.net performance.typekit.net *.doubleclick.net fonts.gstatic.com fonts.googleapis.com www.googleadservices.com bat.bing.com webservice.cybwell.ch pagead2.googlesyndication.com connect.facebook.net www.facebook.com facebook.com my2.siteimprove.com id.siteimprove.com sso2.siteimprove.com cdn.adtelligence.de swisscard-service.adtelligence.de swisscard-tracking.adtelligence.de testcdn.adtelligence.de tag.aticdn.net fghvnms.pa-cd.com; upgrade-insecure-requests 1
default-src 'self' guiadosmelhores.com.br *.guiadosmelhores.com.br data: www.google-analytics.com  plausible.io www.youtube.com www.google.com www.google.com.br www.googletagmanager.com stats.g.doubleclick.net *.facebook.net *.doubleclick.net *.facebook.com us8.list-manage.com *.googleadservices.com 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.esmeralda-psychic.com; 1
default-src 'self' generator.urn.fi api.finto.fi www.google-analytics.com; script-src 'self' https://code.jquery.com 'unsafe-inline' https://www.google-analytics.com; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; 1
default-src self *.fsbpt.org; 1
frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 1
default-src 'self' 'unsafe-inline' data: blob: *.liander.nl *.alliander.local *.google-analytics.com *.googleapis.com *.gstatic.com  livechat.alliander.com *.visualwebsiteoptimizer.com *.gstatic.com *.doubleclick.net https://dpm.demdex.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:  *.liander.nl static.orion-intelligence.com alliander.orion-intelligence.com *.google-analytics.com *.googleapis.com tags.tiqcdn.com livechat.alliander.com *.usabilla.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.newrelic.com bam.eu01.nr-data.net googleads.g.doubleclick.net www.googleadservices.com assets.adobedtm.com connect.facebook.net *.cloudfront.net *.google.com *.google.nl alliander.bbvms.com https://js.arcgis.com cdn.bluebillywig.com assets.adobedtm.com secure.quantserve.com rules.quantcount.com  bat.bing.com code.jquery.com; object-src 'self' data: kaartendans.synology.me; style-src 'self' 'unsafe-inline' data: *.googleapis.com static.orion-intelligence.com alliander.orion-intelligence.com  livechat.alliander.com webchat.liander.nl js.arcgis.com cdn.bluebillywig.com webchat.alliander.com *.cloudfront.net; img-src * data:; media-src 'self' data: *.cloudfront.net cdn.bluebillywig.com static.orion-intelligence.com; frame-src 'self' alliandernv.demdex.net *.cloudfront.net webchat.liander.nl *.youtube.com *.youtube-nocookie.com webchat.alliander.com blob: player.vimeo.com alliander.bbvms.com alliander.maps.arcgis.com  debouw.app forms.office.com; frame-ancestors 'self'; child-src 'self' blob: alliandernv.demdex.net *.cloudfront.net webchat.liander.nl *.youtube.com alliander.bbvms.com  debouw.app; font-src 'self' 'unsafe-inline'  data: *.liander.nl *.alliander.local google-analytics.com *.googleapis.com  livechat.alliander.com *.visualwebsiteoptimizer.com *.gstatic.com *.doubleclick.net maxcdn.bootstrapcdn.com js.arcgis.com cdn.bluebillywig.com; connect-src data: bam.eu01.nr-data.net alliander.bbvms.com alliander.orion-intelligence.com static.orion-intelligence.com  *.web.liander.nl *.liander.nl alliandernv.tt.omtrdc.net  dpm.demdex.net services1.arcgis.com *.google.com geocode.arcgis.com services.arcgisonline.nl api.usabilla.com rules.quantcount.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src https: data:; img-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; object-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://cms.lko.at ; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action demo-spryker.e-spirit.hosting seu1.cleverreach.com us.pferd.com 'self' 1
frame-ancestors 'self' *.capex.com capex.com development.capex.com *.capexstagging.com capexstagging.com; 1
frame-ancestors 'none'; default-src 'self' *.zendesk.com assets.digitalclimatestrike.net *.digitalclimatestrike.net *.vimeo.com *.youtube.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com www.facebook.com *.zdassets.com data:; script-src 'self' *.zendesk.com *.instagram.com *.googleapis.com *.gstatic.com *.googletagmanager.com connect.facebook.net *.licdn.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.digitalclimatestrike.net px.ads.linkedin.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.zendesk.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.digitalclimatestrike.net 'unsafe-inline' data: 1
default-src 'self' *.argyle.com; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com *.sitewit.com *.google.com *.google-analytics.com *.youtube.com syndication.twitter.com s.ytimg.com publish.twitter.com cdn.insight.sitefinity.com dec.azureedge.net *.silvercloudinc.com *.fontawesome.com *.googletagmanager.com *.cloudfront.net cdn.timetrade.com *.wave2.io wave2.blob.core.windows.net *.vo.msecnd.net dc.services.visualstudio.com autolink.io app.ecwid.com analytics.sitewit.com ecomm.events calcs.moneyedu.org *.entertimeonline.com www.googleadservices.com *.argyle.com get.geojs.io *.analytics.google.com collector-31434.tvsquared.com/tv2track.js 'self' web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wave2.io *.silvercloudinc.com wave2.blob.core.windows.net *.fontawesome.com *.cloudfront.net *.entertimeonline.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: wave2blob.blob.core.windows.net *.google-analytics.com *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.silvercloudinc.com *.amazonaws.com *.cloudfront.net *.lovemycreditunion.org *.sitewit.com www.google.com *.prod.bidr.io googleads.g.doubleclick.net res.cloudinary.com collector-31434.tvsquared.com 'self' web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: wave2.blob.core.windows.net *.fontawesome.com *.cloudfront.net ec-icons.shopsettings.com jsbin-user-assets.s3.amazonaws.com res.cloudinary.com; frame-src calcs.moneyedu.org ithinkfilocator.wave2.io player.vimeo.com *.timetrade.com campaign.documatix.com www.youtube.com www.google.com www.iorad.com autolink.io www.culookup.com lovemycreditunion.org creditcardform.ecwid.com *.ecwid.com *.entertimeonline.com https://t-mobile.zohobookings.com/ 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.insight.sitefinity.com autolink.io dc.services.visualstudio.com *.dec.sitefinity.com *.google-analytics.com *.silvercloudinc.com wss://ws.pusherapp.com *.wave2.io *.pusher.com app.ecwid.com ecomm.events *.doubleclick.net *.sitewit.com *.entertimeonline.com kayofthejungle.com https://*.argyle.com https://get.geojs.io *.analytics.google.co analytics.google.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' data: wss://pubsub.salemove.com https://*.salemove.com https://*.glia.com https://*.twilio.com wss://*.salemove.com wss://*.glia.com wss://*.twilio.com; script-src https: 'unsafe-inline' 'unsafe-eval' data: https://*.salemove.com https://*.glia.com;media-src 'self' blob: data: https://*.salemove.com https://*.glia.com;connect-src 'self' data: wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://*.segmint.net https://*.amazonaws.com https://*.hsforms.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.trumeasure.com https://*.googleapis.com;style-src 'self' 'unsafe-inline' data: https://*.salemove.com https://*.glia.com https://*.typekit.net https://*.googleapis.com; img-src 'self' blob: data: https://*.salemove.com https://*.glia.com https://*.google.com https://*.doubleclick.net https://*.facebook.com https://*.hsforms.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://azuracu.com https://*.ytimg.com; 1
"default-src 'self';"; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googleadservices.com *.facebook.net *.facebook.com script.crazyegg.com *.doubleclick.net https://media.busyrooms.co https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://bat.bing.com https://f24.org https://az416281.vo.msecnd.net https://app-wallee.com https://data.my.permaleads.ch *.youtube.com https://s.ytimg.com https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://snap.licdn.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://cdn.segment.com https://linkedin.oribi.io https://googletagmanager.com https://ibe.reka.ch https://live.reka.ch;style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://media.busyrooms.co https://tagmanager.google.com https://az416281.vo.msecnd.net https://app-wallee.com https://bat.bing.com *.vo.msecnd.net/fonts/amenity-fonts/style.css https://cdn.fusedeck.net https://*.onesignal.com https://onesignal.com https://cdn.trustyou.com https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://ibe.reka.ch https://live.reka.ch;img-src 'self' data:  *.facebook.com *.doubleclick.net maps.googleapis.com maps.gstatic.com https://media.busyrooms.co https://www.google.com https://www.google.de https://www.google.ch https://www.google.fr https://www.google.it https://reka-cdn.busyrooms.co https://ssl.gstatic.com https://f24.org https://app-wallee.com https://bat.bing.com https://az416281.vo.msecnd.net https://khms0.googleapis.com https://khms1.googleapis.com https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://az275753.vo.msecnd.net https://px.ads.linkedin.com *.google-analytics.com *.analytics.google.com https://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://cdn.trustyou.com https://reka-stage-cdn.busyrooms.co https://track.adform.net https://ibe.reka.ch https://live.reka.ch;font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://media.busyrooms.co https://fonts.googleapis.com https://app-wallee.com https://addajet.blob.core.windows.net https://cdn.trustyou.com https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://ibe.reka.ch;connect-src 'self'  https://busyrooms.azure-api.net https://www.youtube.com https://vimeo.com https://app-wallee.com https://bat.bing.com https://script.crazyegg.com https://*.facebook.com https://*.doubleclick.net https://tracking.crazyegg.com https://stage.reka.ch https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://maps.googleapis.com https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck *.google-analytics.com *.analytics.google.com https://consentcdn.cookiebot.eu wss://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://data.my.permaleads.ch https://api.segment.io https://cdn.segment.com https://linkedin.oribi.io https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://ibe.reka.ch https://live.reka.ch https://legally-snippet.legal-cdn.com;frame-src 'self'  *.facebook.com *.google.com *.google.ch *.google.de *.google.fr *.google.it *.doubleclick.net *.reka.ch *.youtube.com https://www.yumpu.com https://app-wallee.com blob: https://feed.yellow.webcam https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://consentcdn.cookiebot.eu https://*.onesignal.com https://onesignal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api.trustyou.com https://my.matterport.com https://*.surveymonkey.com;object-src 'self' blob: ;manifest-src 'self'  ; 1
frame-ancestors 'self' *.dmlib.de *.dmlib.in *.dmlib.io one.bydeluxe.com one-demo.bydeluxe.com 1
default-src 'self';script-src 'self' 'unsafe-inline' maps.googleapis.com *.etracker.com *.etracker.de webcache-eu.datareporter.eu;style-src 'self' 'unsafe-inline' fonts.googleapis.com webcache-eu.datareporter.eu;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com webcache-eu.datareporter.eu;frame-src www.youtube.com charts3.equitystory.com www.stoerung24.at;font-src 'self' fonts.gstatic.com webcachex-eu.datareporter.eu;connect-src 'self' maps.googleapis.com *.in.applicationinsights.azure.com *.etracker.com *.etracker.de webcache-eu.datareporter.eu swarmcrawler.datareporter.eu c.datareporter.eu *.friendlycaptcha.eu;base-uri 'none';frame-ancestors https://evn-ea-evn-evnat-prod-admin.azurewebsites.net;worker-src 'self' blob: 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.streamsex.com/csp-reports; report-to csp-endpoint 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.google.es *.facebook.net *.facebook.com *.doubleclick.net tiqets-cdn.s3.amazonaws.com *.readspeaker.com *.tiqets.com *.cloudflareinsights.com *.fmirobcn.org *.vimeo.com *.cloudflare.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.cafe; img-src 'self' https: data: blob: https://toot.cafe; style-src 'self' https://toot.cafe 'nonce-OuVR+CImUoZarge4U+6DEQ=='; media-src 'self' https: data: https://toot.cafe; frame-src 'self' https:; manifest-src 'self' https://toot.cafe; form-action 'self'; child-src 'self' blob: https://toot.cafe; worker-src 'self' blob: https://toot.cafe; connect-src 'self' data: blob: https://toot.cafe https://assets.toot.cafe wss://toot.cafe; script-src 'self' https://toot.cafe 'wasm-unsafe-eval' 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-64af7481c089b045e9f33a8f25decb99'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aptrinsic.com https://*.getsmartcontent.com https://*.fullstory.com; worker-src https://*.terminusplatform.com blob:; style-src 'self' 'unsafe-inline' https://*.aptrinsic.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://cdn.getsmartcontent.com https://*.terminusplatform.com https://*.terminus.ninja https://*.terminus.services https://*.aptrinsic.com https://*.split.io https://*.fullstory.com https://*.rollbar.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://*.browser-intake-datadoghq.com; img-src 'self' https://*.terminusplatform.com https://s3.amazonaws.com/terminus-creatives/  https://*.s3.amazonaws.com https://s3.amazonaws.com *.aptrinsic.com storage.googleapis.com data:; frame-src https://terminus-production-east1-slerms-files.s3.amazonaws.com https://*.terminusplatform.com https://terminus-product.com https://d1uldancseh4g9.cloudfront.net  https://d2rm4sizl35drq.cloudfront.net; frame-ancestors https://*.terminusplatform.com https://*.terminusplatform.com:4200; object-src 'none'; media-src 'self' https://*.s3.amazonaws.com https://s3.amazonaws.com blob: data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com https://translate.google.com https://siteimproveanalytics.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://cdn.rawgit.com https://www.googletagmanager.com https://siteimproveanalytics.com/ https://translate-pa.googleapis.com https://cdn.iframe.ly https://connect.facebook.net https://www.gstatic.com https://translate.google.com/ https://translate.google.com/* https://rialto-gms.s3.amazonaws.com ads.counciladvertising.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://pagead2.googlesyndication.com https://platform.twitter.com https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://platform.twitter.com https://www.gstatic.com https://translate.google.com https://www.gstatic.com/* cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://www.warrington.gov.uk/report-uri/enforce 1
default-src 'self' https: data; 
  script-src 'self' https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/ https://remote.captcha.com/ https://edge.fullstory.com/ https://rs.fullstory.com/
  https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://*.googletagmanager.com/ https://www.google-analytics.com/analytics.js
  https://nrs.awstest.netroadshow.com/ https://nrs.awsstg.netroadshow.com/ https://www.netroadshow.com/
  'sha256-iloQVIFgTcBUvsPmNb00h8UFVvkCakaKGAWdbMQjsOg=' 'sha256-Zm0oho/jI9sD28RNRneRmfNNRl5+QGMyRq6cRWL1gNI=' 'sha256-6N1lDOx9ybagJykEzvBGw2h49zp09B1784yaK0GFHCI='
  'sha256-cHBBZylk90AwdvxfIp9iE7RJdkuyLLXsv1ypaAV6330=' 'sha256-dXsgdFSy7cZ5gel9rGmeNW0d4g3P742a+a0eaZexhxI=' 'sha256-ZDwfPi7NPhIb0XOa/PIo9qZhxMgnJ7SjwVOhNNBR7U0='
  'sha256-nVobhHCquimvff9/wMN2ZFliBeY3mUW1yzGXJH/O0to=' 'sha256-poZ6NxxorZuF5SLckET+AYdxXFNaeHslMbYl3ewxc/A=' 'sha256-K8KhCyswA8fG1ciwe0lB0wKNk38v/xBRzccrnZWq+1Q='
  'sha256-OPP66k747C0UHTwZmCWQ96zwf/4wcvThwVSay1GLjWM=' 'sha256-bCP7Nc/LviXRg6IEYhcfU0fPBjWjHgsyi/iFcPdj6+A=' 'sha256-f44HlfJVAlvli6CU8PnDDWTzilQ4tFrxMfFP72OOnR0='
  'sha256-sytnHN9w879LGtqcjA/9GGklGHIJtOveLBnWj46IIWE=' 'sha256-q33rPBsOCdi8yXbu4Ht8ZBEfSnab3F793X/JmuGdkto=' 'sha256-BVhiNj/O7J5uWPN56pS3+t+Of/Sle0RD9DajHhLFK3U=';
  font-src 'self' https://fonts.gstatic.com/s/ data:;
  style-src 'self' 'sha256-lx1U3tR6IntJ8WKLg+p6ErkR6bCRRhNGKs2tp8+P0Zs=' 'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM=' 'sha256-4wxka6f7hQ5Cgo7YfnbOmbL8k7+r/BN9bAwOJM/vvDU='
  'sha256-vfPfxPuSiBoH25sq8rIXoMNgwSZ+41RBhQ8QSeBao08=' 'sha256-frSLRQi6nL19MNZRhCCjs73w2VUVYWPNNdWauThzvoY=' 'sha256-AkGc/9SiOd74zk72UnCdLs+k10sM4iy2uKmgoXkaHe0=' 
  'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-UtUbbZ5pLwzvjGTHwLTsbIxr5p5bX60ndOEI8wF3bo4=' 'sha256-QG3Eg3DGi8tPwqt0K2eUwBqB1GNl19PjW/3Ex5i5mPk='
  'sha256-pSJ3mKkpKCRMub/4VC+QXgZS+y+3+5w9EMRavXs3s38=' 'sha256-j3gGPuXMDPpU+BxRYg+qUVF0TSGtFEKcp1muBBATanE=' 'sha256-3RgHoWfZTUIYaaqXpyMi4osn0e3W0oyKtFnPAFo1uvI='
  'sha256-n9t4cSjdGHb1Hj8yhaCQy3nxaXjPnaDbPkrwYo97sdI=' 'sha256-PDYg/vkWbGnl+ya8uasRQlyo8wGc+3ANz5x3d3aNWUI=';
  media-src 'self' https://dj4eq0zj42d0q.cloudfront.net/ https://corecf.awstest.netroadshow.com/ https://corecf.awsstg.netroadshow.com/ https://corecf.awsprod.netroadshow.com/ https://corecf.netroadshow.com/ blob:;
  img-src 'self' blob: data: https://dj4eq0zj42d0q.cloudfront.net/ https://corecf.awstest.netroadshow.com/ https://corecf.awsstg.netroadshow.com/ https://corecf.awsprod.netroadshow.com/ 
  https://corecf.netroadshow.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/collect;
  connect-src 'self' https://pmi.flowplayer.com/in https://edge.fullstory.com/ https://rs.fullstory.com/
  https://nrs.awstest.netroadshow.com/ https://nrs.awsstg.netroadshow.com/ https://www.netroadshow.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ always 1
base-uri 'self'; img-src 'self' https://pixel.wp.com data:; media-src 'self'; frame-src 'self' https://boards.greenhouse.io https://widgets.wp.com; font-src 'self' https://fonts.wp.com https://s0.wp.com data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'none'; object-src 'none'; prefetch-src 'self' https://chat.fairydust.space; child-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 1
block-all-mixed-content; frame-ancestors *.hippieartesanatos.com 1
frame-ancestors 'self' analytics.micuro.it; 1
default-src 'self' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/  https://www.youtube-nocookie.com/ http://www.un.org/  https://player.vimeo.com/ https://i.vimeocdn.com/  https://open.spotify.com/ https://jobsapi.ceipal.com/ https://www.clarity.ms/ https://analytics.google.com/ https://cdnjs.cloudflare.com/ https://serve.nrich.ai/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net  https://comvivasocial.com/ https://platform.twitter.com https://www.googletagmanager.com http://platform.twitter.com/ https://ajax.googleapis.com/  https://s0.wp.com/ https://stats.wp.com/ https://s1.wp.com/ https://tracker.factoreal.com/  https://open.spotify.com/ https://jobsapi.ceipal.com/ https://cdnjs.cloudflare.com/ https://serve.nrich.ai https://tag.nrich.ai https://audience.nrich.ai https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://www.clarity.ms https://adservice.google.com https://p.clarity.ms https://js.hsadspixel.net/fb.js; style-src 'self' 'unsafe-inline' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net http://fonts.googleapis.com https://open.spotify.com/ https://cdnjs.cloudflare.com/ ; img-src 'self' 'unsafe-inline' data: https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.google.co.in https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.facebook.com https://www.google.com/ http://t.co https://ps.w.org/ *.gravatar.com https://s.w.org/ https://i.ytimg.com http://img.youtube.com https://img.youtube.com https://cdn1.iconfinder.com https://pixel.wp.com/ https://majorelevents.in/ https://www.comviva.com/ https://i.vimeocdn.com/ https://open.spotify.com/ https://tag.nrich.ai https://audience.nrich.ai https://track.hubspot.com https://forms.hsforms.com https://www.googletagmanager.com https://c.clarity.ms https://c.bing.com; connect-src 'self' 'unsafe-inline' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/ https://stats.g.doubleclick.net https://developer.hirexp.com/ https://majorelevents.in/ https://app.factoreal.com/ https://requestint.comviva.com:81/ https://request.comviva.com/ https://open.spotify.com/ https://jobsapi.ceipal.com/ https://pagead2.googlesyndication.com https://q.clarity.ms https://forms.hscollectedforms.net https://analytics.google.com https://api.ceipal.com https://p.clarity.ms https://cdn.linkedin.oribi.io https://k.clarity.ms/collect  https://px.ads.linkedin.com/wa/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json; font-src 'self' data: http://fonts.gstatic.com; report-uri https://www.comviva.com; frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.facebook.com https://bid.g.doubleclick.net https://jobsapi.ceipal.com https://www.youtube.com https://open.spotify.com https://www.youtube-nocookie.com/; upgrade-insecure-requests 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; worker-src 'self' https: blob:; connect-src 'self' https: itms-appss://apps.apple.com; child-src 'self' blob:; media-src 'self' https: blob:; frame-src 'self' https:; script-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' app.contentful.com; style-src 'self' https: 'unsafe-inline'; report-uri https://o1201719.ingest.sentry.io/api/6326639/security/?sentry_key=0ff893b541ce4bc2b04b8ef80fed0a9d 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'self' 'unsafe-inline' https: data:; img-src 'self' https: data: blob: android-webview-video-poster:; font-src https: data:; connect-src https: wss: blob:; media-src https: data: blob:; object-src 'none'; child-src https: data: blob:; form-action https:; frame-ancestors 'self' https://*.collegeadvisor.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss://*.hotjar.com; frame-ancestors 'self' *.vandebron.nl *.vdbinfra.nl *.salesforce.com *.force.com; 1
default-src 'self' 'unsafe-inline' *.hrmdirect.com *.gstatic.com *.googleapis.com *.twitter.com *.linkedin.com *.google-analytics.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       script-src 'unsafe-eval' 'unsafe-inline' *.azureedge.net *.hrmdirect.com *.vimeo.com *.typekit.net *.googletagmanager.com *.ceros.com *.azurewebsites.net *.freedomagreement.com *.checkimagecentral.org *.patentqualityinitiative.com *.theclearinghouse.org *.twitter.com *.google-analytics.com *.linkedin.com *.googleapis.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       img-src 'self' *.googletagmanager.com *.typekit.net *.azureedge.net data: *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       frame-src 'self' *.hrmdirect.com *.vimeo.com *.azurewebsites.net uid-c9b09fc9-06fb-4538-9a48-9aaa904e6e1e.azurewebsites.net *.google.com *.youtube.com *.ceros.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.twitter.com *.linkedin.com *.azurewebsites.net *.theclearinghouse.org *.googleapis.com *.azureedge.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       frame-ancestors 'self' *.azureedge.net *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com dev-cm.theclearinghouse.org dev.theclearinghouse.org uat-cm.theclearinghouse.org uat.theclearinghouse.org mc-e7e64852-0e90-4a63-9a83-1251-cd.azurewebsites.net mc-e7e64852-0e90-4a63-9a83-1251-cm.azurewebsites.net mc-f7994b58-2b12-4a97-b400-6337-cd.azurewebsites.net mc-f7994b58-2b12-4a97-b400-6337-cm.azurewebsites.net mc-e3a82812-8e7a-44d9-956f-8910-cd.azurewebsites.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       font-src 'self' *.typekit.com *.typekit.net *.gstatic.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;       connect-src 'self' analytics.google.com *.google-analytics.com *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com;       media-src 'self' *.azureedge.net *.tchbpiconference.com *.checkimagecentral.com *.patentqualityinitiative.com *.freedomagreement.com *.tchconference.com *.theclearinghouse.org;         1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruhr.social; img-src 'self' https: data: blob: https://ruhr.social; style-src 'self' https://ruhr.social 'nonce-gG9BdvYTnco1zyQU3t0rSQ=='; media-src 'self' https: data: https://ruhr.social; frame-src 'self' https:; manifest-src 'self' https://ruhr.social; form-action 'self'; child-src 'self' blob: https://ruhr.social; worker-src 'self' blob: https://ruhr.social; connect-src 'self' data: blob: https://ruhr.social https://media.ruhr.social wss://ruhr.social; script-src 'self' https://ruhr.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.beigene.com api.tiles.mapbox.com *.mapbox.com npmcdn.com cdn.jsdelivr.net cdn.cookielaw.org static.ads-twitter.com cdnjs.cloudflare.com www.google-analytics.com pi.pardot.com bat.bing.com code.jquery.com cookie-cdn.cookiepro.com js.qualified.com snap.licdn.com www.googletagmanager.com www.gstatic.com www.beigene.com; style-src 'self' 'unsafe-inline' code.jquery.com *.beigene.com api.tiles.mapbox.com *.mapbox.com unpkg.com *.icims.com *.vidyard.com *.bioz.com fonts.googleapis.com; object-src 'self' *.bioz.com; base-uri 'self'; connect-src 'self' *.beigene.com cdn.linkedin.oribi.io *.mapbox.com api.tiles.mapbox.com cdn.cookielaw.org *.go-mpulse.net *.vidyard.com *.bioz.com *.google.com *.google.com.ar app.qualified.com bat.bing.com cookie-cdn.cookiepro.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com wss://ws.qualified.com; font-src 'self' data: *.beigene.com *.bioz.com fonts.gstatic.com; frame-src 'self' *.beigene.com *.icims.com app.qualified.com go.beigene.com play.vidyard.com *.bioz.com; img-src 'self' *.beigenemedical.com www.linkedin.com data: cdn.cookielaw.org assets.codepen.io analytics.twitter.com *.adsymptotic.com *.beigene.com t.co *.icims.com *.googleapis.com *.ads.linkedin.com www.google-analytics.com *.google.com www.googletagmanager.com *.gravatar.com; manifest-src 'self' *.beigene.com; media-src 'self' *.beigene.com blob:; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self'; manifest-src 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'none' 1
frame-ancestors 'self' https://home.gio.com.au *.home.gio.com.au https://motor.gio.com.au *.motor.gio.com.au *.ctp.gio.com.au  https://beta-ctp.gio.com.au https://online1.test.gio.com.au https://online.gio.com.au https://pvt-online.gio.com.au; 1
default-src 'self' https://*.keva.fi https://disqus.com https://*.disquscdn.com; style-src 'self' 'unsafe-inline' *.tinymce.com *.tiny.cloud https://*.googleapis.com https://*.episerver.net https://*.disquscdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://ton.twimg.com https://platform.twitter.com https://hello.myfonts.net https://fonts.googleapis.com https://*.giosg.com https://cdn.reactandshare.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tinymce.com *.tiny.cloud https://*.reactandshare.com https://*.keva.fi https://disqus.com https://keva-fi.disqus.com https://*.disquscdn.com https://cdn.syndication.twimg.com https://api.twitter.com https://platform.twitter.com https://*.snoobi.com https://insight.fonecta.fi https://netdna.bootstrapcdn.com https://*.episerver.net https://code.jquery.com https://ajax.aspnetcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://*.vo.msecnd.net https://connect.facebook.net https://*.krxd.net https://survey.taloustutkimus.fi https://www.googleadservices.com https://snap.licdn.com https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://unpkg.com https://js.monitor.azure.com; img-src 'self' data: blob: kevaprodstorage.blob.core.windows.net  *.tinymce.com *.tiny.cloud https://*.reactandshare.com https://*.adsymptotic.com/ https://*.gstatic.com https://*.keva.fi https://*.episerver.net https://*.twitter.com https://*.twimg.com https://insight.fonecta.fi https://cdn.shopify.com https://nuget.episerver.com https://raw.githubusercontent.com https://www.facebook.com https://referrer.disqus.com https://*.disquscdn.com https://beacon.krxd.net https://*.snoobi.com https://www.linkedin.com https://*.ads.linkedin.com https://giosg-chat-public-eu.s3.amazonaws.com https://*.giosgusercontent.com; connect-src wss: https: ws: https://dc.services.visualstudio.com; font-src 'self' *.tinymce.com *.tiny.cloud https://*.cloudflare.com https://*.keva.fi https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://cdn.reactandshare.com; frame-src 'self' *.tinymce.com *.tiny.cloud https://*.keva.fi https://*.twitter.com https://www.youtube.com https://disqus.com https://staticxx.facebook.com https://cdn.krxd.net https://survey.taloustutkimus.fi https://player.vimeo.com https://www.riddle.com https://*.clients.giosgusercontent.com https://service.giosg.com https://*.soundcloud.com https://app.powerbi.com; object-src 'self'; 1
child-src blob: 'self' https://www.google.com/; frame-src *.hotjar.com https://www.google.com; default-src 'self'; script-src 'self' https://api.mapbox.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://www.googletagmanager.com https://region1.analytics.google.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://*.hubspot.com https://*.hs-scripts.com http://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.hscollectedforms.net https://snap.licdn.com/ https://*.hotjar.com 'nonce-ym67h4+J9q4l1oiJy5BQMw=='; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com; connect-src 'self' https://www.google.nl https://region1.google-analytics.com https://region1.analytics.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://*.hubspot.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.doubleclick.net; img-src 'self' data: https://nl-ix.net https://www.nl-ix.net https://api.mapbox.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.nl/ https://*.hsforms.com https://track-eu1.hubspot.com https://*.ads.linkedin.com; worker-src blob: 'self' 1
default-src 'self' 'unsafe-inline' data: https://service.mtcaptcha.com https://service2.mtcaptcha.com https://*.investhk.gov.hk https://investhk.gov.hk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.hk https://*.googleapis.com https://*.gstatic.com https://ad.doubleclick.net https://*.fls.doubleclick.net https://ade.googlesyndication.com https://*.youtube.com https://*.baidu.com https://*.emtana.com https://e03.optimix.cn https://e03.optimix.asia https://j03.optimix.cn https://j03.optimix.asia https://libjs.s4mdsp.com https://evt.s4mdsp.com https://www.googleadservices.com/ https://*.qq.com https://qzonestyle.gtimg.cn https://usc.cpp32.com https://asc.cpp32.com  https://*.youku.com https://*.teads.tv; frame-src https://service.mtcaptcha.com https://service2.mtcaptcha.com youtube.com www.youtube.com https://player.vimeo.com https://e03.optimix.cn https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.teads.tv 1
frame-ancestors 'self' t.co twitter.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.syndication.twimg.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://cdn.syndication.twimg.com https://en.twitter.com https://graph.facebook.com https://js.facebook.com https://platform.twitter.com https://static.ads-twitter.com https://secure.gravatar.com https://t.co https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' ajax.googleapis.com platform.twitter.com secure.gravatar.com ton.twimg.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com https://syndication.twitter.com https://www.youtube.com;base-uri 'self';form-action 'self' *.twitter.com *.facebook.com connect.facebook.net;worker-src 'self'; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https: https://*.id.opendns.com; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob: *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src: 'self' 'googleads.g.doubleclick.net' 'fonts.googleapi.com' 'img.youtube.com' 'i.ytimg.com' 'latencytimer.azurewebsites.net''s.ytimg.com' 'youtube.com' 'googleads.g.doubleclick.net' 'yt3.ggpht.com' 'fonts.gstatic.com'; script-src: 'self' 'www.googletagmanager.com' 'www.google-analytics.com' 'player.wowza.com' 'youtube.com' 'static.doubleclick.net' 'googleads.g.doubleclick.net'; style-src: 'self' 'youtube.com' 'googleads.g.doubleclick.net' 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com pwna4hope.org; report-uri http://www.nativepartnership.org/site/XFrameViolation 1
base-uri 'none';child-src 'none';connect-src 'self' https://staging.api.gam3s.gg/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://dev.api.polkastarter.gg/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://127.0.0.1:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self' *;frame-ancestors http://127.0.0.1:* https://polkastarter.gg https://www.polkastarter.gg https://www.gam3s.gg https://gam3s.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://va.vercel-scripts.com https://cdn.vercel-insights.com https://*.hotjar.com http://*.hotjar.com;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1
default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:; media-src data:; object-src data:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals 1
frame-ancestors 'self' https://*.force.com; 1
default-src 'self' *.edenred.be *.edenredcdn.com *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.outspot.be *.youtube.com *.msecnd.net tag.aticdn.net wrflkmr.pa-cd.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.be *.edenred.io *.edenred.sk *.edenredcdn.com *.mojedenred.sk *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.google.com www.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googletagservices.com maxcdn.bootstrapcdn.com *.onetrust.com *.cookielaw.org *.windows.net *.jquery.com tag.aticdn.net wrflkmr.pa-cd.com tagmanager.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;object-src 'self' *.edenredcdn.com *.google.com www.googletagmanager.com *.zendesk.com *.zdassets.com *.google-analytics.com *.googletagservices.com *.edenred.net *.edenred.io *.edenred.com tag.aticdn.net wrflkmr.pa-cd.com;style-src 'self' 'unsafe-inline' *.edenredcdn.com *.google.com *.googleapis.com *.windows.net *.cookielaw.org *.onetrust.com *.edenred.net *.edenred.com *.edenred.be *.mojedenred.sk *.edenred.sk;img-src 'self' * data: *.edenredcdn.com *.google.com *.doubleclick.net *.cookielaw.org *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;media-src 'self' *.youtube.com *.edenredcdn.com;frame-src 'self' *.edenred.be *.edenredcdn.com *.edenred.net *.edenred.io *.edenred.com *.edenred.sk *.mojedenred.sk *.zendesk.com *.zdassets.com *.outspot.be *.netdna-ssl.com *.youtube.com *.gstatic.com *.google.com *.emsecure.net *.azurewebsites.net tag.aticdn.net wrflkmr.pa-cd.com;font-src 'self' data: *.edenredcdn.com *.googleapis.com *.gstatic.com *.edenred.net *.edenred.com;connect-src 'self' *.edenred.be *.edenred.com *.edenredcdn.com *.edenred.io *.hungryminds.host *.zendesk.com *.zdassets.com *.youtube.com *.visualstudio.com *.cookielaw.org *.googleapis.com *.google-analytics.com tag.aticdn.net wrflkmr.pa-cd.com *.google.com *.doubleclick.net bat.bing.com *.linkedin.com www.facebook.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com;base-uri 'self' *.edenred.be *.edenredcdn.com *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.outspot.be *.youtube.com tag.aticdn.net wrflkmr.pa-cd.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;child-src 'self' *.edenred.be *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.outspot.be *.netdna-ssl.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.emsecure.net tag.aticdn.net wrflkmr.pa-cd.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;form-action 'self' *.edenred.net *.edenred.com *.edenred.io;frame-ancestors 'self' *.edenred.be *.edenred.io *.edenred.sk *.mojedenred.sk;report-uri /WebResource.axd?cspReport=true 1
base-uri 'self';connect-src 'self' https://search.lnr.fr https://api.privacy-center.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.fastory.io https://*.googlesyndication.com https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com https://matomo.lnr.fr ws://*.pusher.com wss://*.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com https://api.realytics.io https://*.typeform.com;default-src 'self' https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr;font-src 'self' data: https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr fonts.gstatic.com;frame-src 'self' https://giphy.com/ https://www.dailymotion.com/ https://www.youtube.com https://youtu.be https://dai.ly https://adictiz.io/fr https://adbx.io/ https://www.sporcle.com https://www.typeform.com form.typeform.com cdn.iframe.ly geo.dailymotion.com https://app.genial.ly https://view.genial.ly/static/embed/embed.js view.genial.ly platform.twitter.com connect.facebook.net www.instagram.com www.facebook.com https://www.rugbyworldcup.com https://console.googletagservices.com https://docs.google.com/forms/d/e/ https://form.typeform.com/to/ https://cagnotte-solidaire.restosducoeur.org/projects/boxing-day-2023/ https://api.typeform.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://platform.twitter.com https://www.google.com/pagead/1p-user-list https://googleads.g.doubleclick.net/ https://*.googlesyndication.com https://notifications.wisepops.com https://wisepops.net https://tag.leadplace.fr;frame-ancestors 'none';img-src https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr 'self' data: img.youtube.com www.dailymotion.com *.dmcdn.net zupimages.net *.zupimages.net top14.lnr.fr www.lnr.fr lnr.fr prod2.lnr.fr supersevens.lnr.fr https://sdk.privacy-center.org https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://*.googlesyndication.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://matomo.lnr.fr https://www.facebook.com https://secure.adnx.com https://secure.adnxs.com;media-src 'self';object-src https://twitter.com https://api.typeform.com https://www.typeform.com/ embed.typeform.com;script-src-elem 'self' 'unsafe-eval' 'nonce-4Kz6BQAkYZrT1UQFbTmHuqQmABLrraKRxMkgifi7' top14.lnr.fr www.lnr.fr lnr.fr prod2.lnr.fr supersevens.lnr.fr https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://sdk.privacy-center.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.fastory.io https://*.googlesyndication.com https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://matomo.lnr.fr https://connect.facebook.net https://tag.leadplace.fr https://cdn-eu.realytics.net https://i.realytics.io https://tp.realytics.io https://*.typeform.com;script-src 'self' 'unsafe-eval' 'nonce-4Kz6BQAkYZrT1UQFbTmHuqQmABLrraKRxMkgifi7' top14.lnr.fr www.lnr.fr lnr.fr prod2.lnr.fr supersevens.lnr.fr https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://sdk.privacy-center.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.fastory.io https://*.googlesyndication.com https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net https://matomo.lnr.fr https://connect.facebook.net https://cdn-eu.realytics.net https://i.realytics.io https://tp.realytics.io;style-src 'self' 'unsafe-inline' https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr fonts.googleapis.com https://www.googletagmanager.com/;style-src-elem 'self' 'unsafe-inline' https://cdn.lnr.fr https://lnr-prod-cdn.webqamapps.com https://assets.lnr.fr fonts.googleapis.com https://www.googletagmanager.com/ https://*.typeform.com 1
frame-ancestors 'self' https://www.ourlounge.at/; block-all-mixed-content 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.meo.de *.meo.cz *.meoteam.dk *.meo.ro *.meo.pl *.meo.lt *.meo.lv *.meo.cn *.meo.jp *.meo.si *.meo.gr *.meo.sk *.meo.es *.meo.bg *.meo.ee *.meo.fi data: *.meo.de *.meo.cz *.meoteam.dk *.meo.ro *.meo.pl *.meo.lt *.meo.lv *.meo.cn *.meo.jp *.meo.si *.meo.gr *.meo.sk *.meo.es *.meo.bg *.meo.ee *.meo.fi *.meo24.de *.facebook.net *.facebook.com *.google-analytics.com *.xtube.com *.youtube.com *.googlevideo.com *.google.com *.vzaar.com *.vimeo.com *.vimeocdn.com *.googleapis.com *.pingdom.net *.twitter.com *.gstatic.com *.saferpay.com *.cloudflare.com s3.amazonaws.com www.googletagmanager.com; frame-ancestors 'self' *.meo.de *.meo.cz *.meoteam.dk *.meo.ro *.meo.pl *.meo.lt *.meo.lv *.meo.cn *.meo.jp *.meo.si *.meo.gr *.meo.sk *.meo.es *.meo.bg *.meo.ee *.meo.fi https://www.meo.de https://www.meo.cz https://www.meoteam.dk https://www.meo.ro https://www.meo.pl https://www.meo.lt https://www.meo.lv https://www.meo.cn https://www.meo.jp https://www.meo.si https://www.meo.gr https://www.meo.sk https://www.meo.es https://www.meo.bg https://www.meo.ee https://www.meo.fi https://cdn.meo.de http://www.cellmate-keuschheitsguertel.de; 1
frame-ancestors https://www.astro.sk/  https://www.ta3.sk/  http://www.astro.sk/  http://www.ta3.sk/  https://wwwWRK.astro.sk/  https://wwwWRK.ta3.sk/  http://wwwWRK.astro.sk/  http://wwwWRK.ta3.sk/ https://sas.astro.sk/  https://sas.ta3.sk/  http://sas.astro.sk/  http://sas.ta3.sk/; 1
frame-ancestors 'self' https://*.suppliersolutions.com/ https://*.ariba.com/ https://psrscs.sap.johndeerecloud.com:40443 https://marketplace.qmerit.com https://www.buyerquest.net https://*.textron.com https://*.aquiire.net https://sourcing-compass.honeywell.com https://guidedbuying.basf.net https://*.seagate.com https://*.raiven.com 1
default-src 'self';font-src 'self' data: maxcdn.bootstrapcdn.com fonts.gstatic.com *.cookielaw.org;img-src 'self' data: *.cookiepro.com ui.se www.facebook.com *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.ytimg.com *.twimg.com *.youtube.com www.googletagmanager.com www.google.com  www.google.se ssl.gstatic.com www.gstatic.com *.cookielaw.org ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.datatables.net connect.facebook.net platform.twitter.com *.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com *.twimg.com www.googletagmanager.com tagmanager.google.com *.cookielaw.org geolocation.onetrust.com *.cookiepro.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.datatables.net dl.episerver.net *.twitter.com *.twimg.com tagmanager.google.com fonts.googleapis.com www.googletagmanager.com *.cookielaw.org cdn.cookielaw.org *.cookiepro.com;frame-src 'self' vimeo.com www.youtube-nocookie.com w.soundcloud.com www.facebook.com embed.acast.com player.acast.com platform.twitter.com www.google.com *.twitter.com *.youtube.com player.vimeo.com *.cookielaw.org ;media-src 'self' *.cookielaw.org;connect-src 'self' *.onetrust.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.cookielaw.org *.cookiepro.com;object-src 'none'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com https://tvwh62.grueneerde.com app.usercentrics.eu *.publitas.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net https://scripts.publitas.com; img-src 'self' *.usercentrics.eu https://tvwh62.grueneerde.com https://track.adform.net 'nonce-3125e18c-5b50-4643-9b84-d68084c95a13' data:; connect-src 'self' https://tvwh62.grueneerde.com https://track.adform.net *.usercentrics.eu; font-src 'self' data: https://fonts.gstatic.com www.grueneerde.com; object-src 'self'; manifest-src 'self'; media-src 'self' https://presse.grueneerde.com https://karriere.grueneerde.com; frame-ancestors 'self'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com shopberatung.grueneerde.com http://www.grueneerdeapps.com https://media.grueneerde.com https://beteiligungsmodell.grueneerde.com https://www.sandbox.paypal.com https://www.paypal.com https://meet.jit.si https://my.matterport.com https://vimeo.com app.usercentrics.eu https://tvwh62.grueneerde.com https://track.adform.net https://*.gpwebpay.com https://view.publitas.com; form-action 'self' 'unsafe-inline' https://www.sandbox.paypal.com https://www.paypal.com; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon-japan.net; img-src 'self' https: data: blob: https://mastodon-japan.net; style-src 'self' https://mastodon-japan.net 'nonce-cSrjTez1UcxHMOMnURHXXw=='; media-src 'self' https: data: https://mastodon-japan.net; frame-src 'self' https:; manifest-src 'self' https://mastodon-japan.net; form-action 'self'; child-src 'self' blob: https://mastodon-japan.net; worker-src 'self' blob: https://mastodon-japan.net; connect-src 'self' data: blob: https://mastodon-japan.net https://files.mastodon-japan.net wss://mastodon-japan.net; script-src 'self' https://mastodon-japan.net 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleapis.com *.google-analytics.com www.google.com *.gstatic.com *.cookieinformation.com *.totalkredit.dk *.ritzau.dk *.youtube.com *.cookiebot.com *.adnxs.com *.licdn.com *.facebook.net *.doubleclick.net *.raffle.ai *.bing.com *.aws.dk;object-src 'none';style-src 'self' 'unsafe-inline' data: *.typekit.net *.gstatic.com *.youtube.com *.googleapis.com;img-src 'self' data: *.umbraco.com *.imgix.net www.google.com *.google.dk *.linkedin.com *.facebook.com *.facebook.net github.com www.github.com *.bing.com *.google-analytics.com *.totalkredit.dk *.al-bank.dk *.youtube.com *.appspot.com *.adnxs.com *.googletagmanager.com;media-src 'self' data: *.umbraco.com *.imgix.net www.google.com github.com www.github.com www.bing.com *.google-analytics.com *.totalkredit.dk *.al-bank.dk *.youtube.com;frame-src 'self' localhost *.cookieinformation.com *.al-bank.dk www.google.com *.ritzau.dk *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.doubleclick.net *.bing.com *.raffle.ai;font-src 'self' data: *.typekit.net *.youtube.com *.gstatic.com;connect-src 'self' our.umbraco.com ws: wss: *.cookieinformation.com *.raffle.ai *.aws.dk *.googleapis.com *.google-analytics.com *.totalkredit.dk *.youtube.com *.doubleclick.net *.al-bank.dk *.google.com *.oribi.io *.google.dk *.bing.com;frame-ancestors 'self' localhost *.al-bank.dk www.google.com *.ritzau.dk;upgrade-insecure-requests;block-all-mixed-content 1
default-src https: http; script-src https http: 'unsafe-inline' 'unsafe-eval' http://*.addthis.com ; style-src https http: 'unsafe-inline'; media-src https http: 'unsafe-inline'; img-src https http: 'unsafe-eval' data:; font-src https http: 'unsafe-inline'; connect-src https http: 'unsafe-inline' ; frame-src https http: 'unsafe-inline' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' data: https:; 1
default-src https: data: ws: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' free-apply.com *.free-apply.com 1
default-src 'self'; script-src 'self'     'unsafe-inline'     'unsafe-eval'     *.google.com     *.googlesyndication.com     analytics.google.com     www.google-analytics.com     www.googletagmanager.com     www.googletagservices.com     stats.g.doubleclick.net     partner.googleadservices.com     adservice.google.co.jp     www.gstatic.com     www.clarity.ms     static.xx.fbcdn.net     cdn.syndication.twimg.com     platform.twitter.com     cdn.onesignal.com     onesignal.com     blob:; style-src 'self'     'unsafe-inline'     *.google.com     onesignal.com; img-src * data:; font-src 'self'     s0.wp.com     data:; frame-src 'self'     www.facebook.com     staticxx.facebook.com     *.google.com     www.googletagmanager.com     googleads.g.doubleclick.net     securepubads.g.doubleclick.net     tpc.googlesyndication.com     www.adsensecustomsearchads.com     platform.twitter.com     www.youtube.com; connect-src 'self'     www.google.co.jp     *.google.com     www.google-analytics.com     stats.g.doubleclick.net     pagead2.googlesyndication.com     csp.withgoogle.com     csi.gstatic.com     *.clarity.ms     onesignal.com; 1
frame-ancestors 'self' *.alation.com www.alationuniversity.com *.alationuniversity.com *.splashthat.com https://app.contentful.com app.optimizely.com 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' *.facebook.net *.adroll.com *.googleapis.com *.gstatic.com *.doubleclick.net *.prismic.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hubspot.com *.fontawesome.com *.linkedin.com *.airpr.com qh-corp-sites *.licdn.com *.googletagmanager.com *.netlify.app *.algolia.net *.algolianet.com *.algolia.io *.hsforms.net *.jotform.com *.jotfor.ms *.cloudflare.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com *.hubspot.net *.jotfor.ms *.jotform.com; img-src 'self' data: *.prismic.io *.netlify.app *.linkedin.com *.google.com *.facebook.com *.facebook.net *.hsforms.com *.adroll.com *.pubmatic.com *.airpr.com *.hubspot.com *.openx.net *.rlcdn.com *.outbrain.com *.hsappstatic.net *.glassdoor.com *.vimeocdn.com *.jotfor.ms *.jotform.com; font-src 'self' data: *.fontawesome.com *.googleapis.com *.gstatic.com *.jotfor.ms; connect-src 'self' *.fontawesome.com *.hubapi.com *.hscollectedforms.net *.hubspot.com *.google.com *.linkedin.com *.doubleclick.net *.algolia.net *.algolianet.com *.hsforms.com *.amazonaws.com *.jotform.co; media-src 'self' *.hubspot.com; child-src 'self' *.vimeo.com *.vimeocdn.com *.googletagmanager.com; frame-src 'self' *.doubleclick.net *.adsrvr.org *.vimeo.com *.facebook.com *.hsappstatic.net *.hsforms.com *.hs-sites.com *.vimeocdn.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.prismic.io; form-action 'self' *.facebook.com *.hsforms.com; base-uri 'self' 1
frame-ancestors https://*.cms.koala.io https://cms.koala.io 1
default-src 'self'; script-src 'self' https: blob: https://csam2.wpenginepowered.com; style-src 'self' https: https://csam2.wpenginepowered.com; img-src 'self' https: https://csam2.wpenginepowered.com; font-src 'self' https: https://csam2.wpenginepowered.com; frame-src 'self' https: https://platform.twitter.com; upgrade-insecure-requests 1
frame-ancestors 'self' solution.lengow.com *.mybigcommerce.com; 1
default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; object-src 'none'; worker-src 'none'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://mafo1.myaudience.de; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 1
default-src 'self' ajax.googleapis.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com media.idigitalcontents.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' td.doubleclick.net viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com staticcontents.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com *.brightcove.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net bat.bing.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com *.vimeo.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com; connect-src 'self' region1.analytics.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com www.facebook.com; base-uri 'none'; form-action 'self' ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-fdc6cbc8483e577e1f52b1296fda26a9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://*.sterrenhemel.nl https://*.wietroostmij.nl https://*.teambijzondereuitvaarten.nl https://*.monuta.nl https://*.monutanet.nl https://*.monuta.net https://*.alpina.nl https://*.heilbron.nl https://*.finly.nl https://*.schuurmanfinancieeladvies.nl https://*.kralwesten.nl https://*.brantjes.nl https://ikvergelijkonline.nl https://*.ikvergelijkonline.nl; script-src https://www.eventbrite.nl https://www.googleoptimize.com https://optimize.google.com https://www.google.com https://www.gstatic.com/recaptcha https://cdn.conversationalsdevelopment.nl https://cdn.jsdelivr.net https://unpkg.com https://script.hotjar.com https://static.hotjar.com https://www.clickcease.com https://rum-static.pingdom.net https://www.dwin1.com https://connect.facebook.net https://w.usabilla.com https://channel.me https://maps.googleapis.com https://script.adcalls.nl https://*.sterrenhemel.nl https://*.wietroostmij.nl https://*.teambijzondereuitvaarten.nl frame-src: youtube.com https://www.youtube.com data: ajax.aspnetcdn.com code.jquery.com cdn.ckeditor.com cdn.cxcompany.com *.cloudflare.com 'unsafe-eval' https://*.cxcompany.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com 'self' 'unsafe-inline' https://*.monuta.nl https://*.monutanet.nl https://*.monuta.net https://www.googletagmanager.com/ https://www.google-analytics.com/; object-src  'self'  https://*.sterrenhemel.nl https://*.wietroostmij.nl https://*.teambijzondereuitvaarten.nl  https://*.monuta.nl https://*.monutanet.nl https://*.monuta.net; 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; connect-src * data: 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' ort.org.il *.ort.org.il; 1
default-src 'unsafe-inline' code.jquery.com cognito-identity.us-west-2.amazonaws.com access.i4go.com i4m.i4go.com stats.g.doubleclick.net *.holts.com *.e2ma.net fonts.googleapis.com *.ckeditor.com *.youtube.com *.vimeo.com www.googletagmanager.com cdn.viglink.com links.services.disqus.com disqus.com referrer.disqus.com c.disquscdn.com platform.twitter.com connect.facebook.net holts.disqus.com *.google-apis.com *.stackadapt.com *.qvdt3feo.com qvdt3feo.com *.b1js.com *.b1img.com b1img.com *.adsrvr.org *.google-analytics.com *.google.com *.livechatinc.com  *.adnxs.com *.gstatic.com use.typekit.com *.doubleclick.net use.typekit.net commercemarketplace.adobe.com ssl.kaptcha.com i4m.shift4test.com i4m.i4go.com ajax.googleapis.com *.google-analytics.com p.typekit.net client.rum.us-east-1.amazonaws.com *.rum.us-west-2.amazonaws.com sts.us-west-2.amazonaws.com www.paypalobjects.com; img-src * data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.instagram.com *.svc.dynamics.com ajax.aspnetcdn.com mktdplp102cdn.azureedge.net player.vimeo.com radiomd.com public.earthcam.net healthcare.healthrecordwizard.com connect.facebook.net *.hotjar.com www.youtube.com www.google-analytics.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com www.gstatic.com maps.googleapis.com unpkg.com cdn.jsdelivr.net www.google.com optimize.google.com ajax.googleapis.com cdnjs.cloudflare.com; object-src 'self' 'unsafe-eval' 'unsafe-inline' healthcare.healthrecordwizard.com; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.shawcontract.com localhost:51873 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' chrome-extension https: wss:; img-src https: data: blob:; object-src 'none'; frame-ancestors *.zurich.ch *.autosense.ch  'self'; worker-src blob:; 1
frame-ancestors 'self' *.foscarini.com; 1
default-src 'self';    report-to csp-endpoint;      object-src http://*.neulion.net https://*.neulion.net;      connect-src 'self' *.doubleclick.net www.google-analytics.com https://*.twitter.com https://*.instagram.com http://*.twitter.com http://*.instagram.com https://*.visualstudio.com http://*.visualstudio.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.opendns.com http://*.opendns.com https://*.tiktok.com http://*.tiktok.com https://*.tiktokcdn.com http://*.tiktokcdn.com https://*.unpkg.com http://unpkg.com https://unpkg.com http://*.unpkg.com https://*.google.com http://*.google.com https://*.gstatic.com http://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.visualstudio.com https://*.jquery.com https://*.msecnd.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.instagram.com https://*.twitter.com https://*.twimg.com https://cdn.iframe.ly http://*.bootstrapcdn.com http://cdnjs.cloudflare.com http://*.instagram.com http://*.twitter.com http://*.twimg.com http://cdn.iframe.ly http://*.msecnd.net http://*.visualstudio.com http://*.jquery.com http://*.googletagmanager.com http://*.google-analytics.com;     frame-src 'self' https://open.spotify.com http://open.spotify.com https://*.tiktok.com http://*.tiktok.com https://*.msgnetworks.com https://*.msgnetworks.com https://cdn.iframe.ly https://twitter.com https://vimeo.com https://*.vimeo.com https://*.nhl.com https://*.sportsnet.ca https://*.tsn.ca https://*.espn.com https://*.google.com https://*.instagram.com https://*.youtube.com https://*.twitter.com http://cdn.iframe.ly http://*.google.com http://*.instagram.com http://*.youtube.com http://*.twitter.com http://*.nhl.com http://*.sportsnet.ca http://*.tsn.ca http://*.espn.com http://twitter.com http://vimeo.com http://*.vimeo.com;     style-src 'self' 'unsafe-inline' https://*.twimg.com http://*.twimg.com https://*.googleapis.com https://*.twitter.com https://*.instagram.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com http://*.googleapis.com http://*.twitter.com http://*.instagram.com http://*.bootstrapcdn.com https://cdnjs.cloudflare.com;     font-src 'self' https://cdnjs.cloudflare.com https://*.bootstrapcdn.com https://cdn.ckeditor.com https://fonts.gstatic.com http://cdnjs.cloudflare.com http://*.bootstrapcdn.com http://cdn.ckeditor.com http://fonts.gstatic.com;     img-src 'self' https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.google-analytics.com https://i.ytimg.com https://media.nhlpa.com https://cdn.nhlpa.com https://cdnorigin.nhlpa.com https://twitter.com https://cdn.agilitycms.com https://*.twitter.com https://*.instagram.com  https://*.twimg.com http://i.ytimg.com http://media.nhlpa.com http://cdn.nhlpa.com http://cdnorigin.nhlpa.com http://twitter.com http://cdn.agilitycms.com http://*.twitter.com http://*.instagram.com http://*.twimg.com data: blob: http://*.google-analytics.com 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google.com  https://consent.cookiebot.com https://consentcdn.cookiebot.com;  worker-src 'self' blob:;   style-src 'self' 'unsafe-inline';  img-src * blob: data:;  media-src *;  connect-src 'self' https://consentcdn.cookiebot.com https://www.google-analytics.com;  font-src 'self' data:;  frame-src www.googletagmanager.com  https://consentcdn.cookiebot.com; 1
block-all-mixed-content; base-uri 'self'; default-src 'none'; img-src https://*.premiumkino.de https://*.google.de https://*.doubleclick.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com http://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.paypal.com data:; media-src 'self' https://*.premiumkino.de https://*.publyc.com https://*.slmedien.de; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.datatrans.com https://google.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.googleadservices.com https://*.paypal.com https://*.datatrans.com https://*.googleapis.com https://*.gstatic.com http://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.googlesyndication.com; frame-src 'self' https://*; form-action 'self' https://*.datatrans.com; frame-ancestors 'self'; font-src 'self' data:; manifest-src 'self' 1
frame-ancestors 'self' dashboard.fundedengineer.com; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-NDM3NTkyY2YtNDczMy00OTYwLWE5NzctNWNlMDU3MDY1MjYx'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.modainpelle.com; base-uri 'self' 1
frame-ancestors 'self' *.scfederal.org *.zagclients.net 1
frame-ancestors 'self' https://*.motionpoint.com 1
script-src http: https: https://shop.harpersbazaar.com *.listrakbi.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://shop.harpersbazaar.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.googletagmanager.com assets.braintreegateway.com *.youtube.com *.interest.com *.youtu.be *.vimeo.com *.stripe.com; worker-src blob: 'self'; 1
default-src 'self' tpc.googlesyndication.com;prefetch-src 'self' tpc.googlesyndication.com *.googlesyndication.com;connect-src 'self' securepubads.g.doubleclick.net csi.gstatic.com api.hubspot.com forms.hubspot.com pagead2.googlesyndication.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net api.hubapi.com forms.hsforms.com ct.pinterest.com api.traversedlp.com onesignal.com hubspot-forms-static-embed.s3.amazonaws.com analytics.google.com region1.analytics.google.com k.p-n.io;font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com use.typekit.net data:;img-src 'self' data: * s3.amazonaws.com aimmedia.com *.aimmedia.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.cuisinelibrary.com images.contentful.com former.cuisineathome.com images.ctfassets.net tpc.googlesyndication.com www.google.com securepubads.g.doubleclick.net www.facebook.com pagead2.googlesyndication.com ad.doubleclick.net csi.gstatic.com *.amazon-adsystem.com images-na.ssl-images-amazon.com images.ahpc.us track.hubspot.com forms.hubspot.com pix.revjet.com cdn.revjet.com log.pinterest.com ct.pinterest.com media.pushlycdn.com;manifest-src 'self';media-src 'self' data: videos.ctfassets.net s3.amazonaws.com assets.ctfassets.net;object-src 'self';script-src 'self' 'unsafe-inline' blob: www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com code.jquery.com securepubads.g.doubleclick.net connect.facebook.net browser-update.org adservice.google.com cdn.ampproject.org www.googletagservices.com images.ahpc.us js.hs-scripts.com *.augusthome.com optimize.google.com tpc.googlesyndication.com pagead2.googlesyndication.com js.hs-analytics.net js.hsleadflows.net js.usemessages.com vjs.zencdn.net js.hs-banner.com assets.pinterest.com browser-update.org stackpath.bootstrapcdn.com js.hsadspixel.net assets.pinterest.com s.pinimg.com ndn.statistinamics.com js-na1.hs-scripts.com static.traversedlp.com *.s3.amazonaws.com cdn.onesignal.com onesignal.com js.hsforms.net forms.hsforms.com bat.bing.com www.aimmedia.com cdn.p-n.io js.hubspot.com olytics.omeda.com;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net vjs.zencdn.net onesignal.com olytics.omeda.com;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;frame-src 'self' www.youtube.com staticxx.facebook.com tpc.googlesyndication.com optimize.google.com www.googletagservices.com www.megaphone.fm www.google.com *.safeframe.googlesyndication.com assets.pinterest.com playlist.megaphone.fm www.facebook.com pagead2.googlesyndication.com forms.hubspot.com cdn.onesignal.com cuisineathome.os.tc forms.hsforms.com ct.pinterest.com;worker-src 'self' k.p-n.io; 1
frame-ancestors 'self' https://www.livesupportteam.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://www.pinterest.com https://www.pinterest.co.uk https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ct.pinterest.com https://analytics.tiktok.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://checkout.toblerone.co.uk https://www.toblerone.co.uk/ https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net  https://s1.thcdn.com/ https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com/; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' yoast.com *.bugsnag.com api.tripleseat.com api.rollbar.com api.segment.io widgets.resy.com extreme-ip-lookup.com core.spreedly.com cdn.segment.com *.selfbook.com code.jquery.com contact-api.inguest.com playlist.megaphone.fm *.cendynhub.com *.iubenda.com *.pcibooking.net secure.livechatinc.com *.thehotelsnetwork.com tag.yieldoptimizer.com *.livechatinc.com booking.azds.com linkcenterus.derbysoftsec.com cdnjs.cloudflare.com *.otstatic.com *.triptease.io *.opentable.com beacon.sojern.com api.ipstack.com newbooking.azds.com rw1.marchex.io widgets.nightpro.co *.youtube.com api.ipstack.com widgets.tablelist.com *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; font-src 'self' data: *.selfbook.com *.otstatic.com newbooking.azds.com *.gstatic.com *.typekit.net; frame-src *.resy.com *.thenomadhotel.com *.google.com *.vimeo.com *.triptease.io playlist.megaphone.fm *.facebook.com; img-src 'self' data: *.google.es tripleseat-static-production.s3.amazonaws.com theeventscalendar.com six-middelware-backend.s3.amazonaws.com d321ocj5nbe62c.cloudfront.net 596937014.privacysandbox.googleadservices.com *.selfbook.com *.thenomadhotel.com *.w.org *.synxis.com newbooking.azds.com linkcenterus.derbysoftca.com pixel.sojern.com match.adsrvr.org ib.adnxs.com px.marchex.io *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' *.selfbook.com *.thenomadhotel.com cloud.typography.com *.otstatic.com newbooking.azds.com *.typekit.net 'unsafe-inline' *.googleapis.com 1
frame-ancestors 'self' fieb.org.br 1
base-uri 'none'; object-src 'self' *.amazonaws.com; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'nonce-mm3YIoYnI+jjMCQxuR51tKQ9bNvraY4uDg0pXhFfz7I='; report-uri https://europe-central2-fundigic-cloud.cloudfunctions.net/siepomaga-csp 1
frame-ancestors 'self' https://magazine.cheex.me https://help.getcheex.com https://social.getcheex.com/ https://social2.getcheex.com 1
block-all-mixed-content; frame-ancestors 'self' https://www.menards.com ; upgrade-insecure-requests; 1
default-src          'unsafe-inline' 'unsafe-eval' 'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net, frame-ancestors      'unsafe-inline' 'unsafe-eval' 'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net *.optum.com optum.com *.optumrx.com optumrx.com *.helioscomp.com helioscomp.com *.owcafeddmz.com *.dol.gov, frame-src            'unsafe-inline' 'unsafe-eval' 'self' '' blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net *.optum.com optum.com *.optumrx.com optumrx.com *.helioscomp.com helioscomp.com *.owcafeddmz.com *.dol.gov, style-src            'unsafe-inline' 'unsafe-eval' 'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net, script-src           'unsafe-inline' 'unsafe-eval' 'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.twimg.com *.travp.net, script-src-elem      'unsafe-inline' 'unsafe-eval' 'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.twimg.com *.travp.net, img-src                                            'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net, font-src                                           'self'    blob: data: *.talispoint.com *.talisys.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.microsoftonline.com *.windowsazure.com *.okta.com *.oktapreview.com *.travp.net, allow-popups, allow-same-origin, allow-scripts 1
default-src 'self' kma.biz *.kma.biz code.jivosite.com; script-src 'self' kma.biz *.kma.biz 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com vk.com connect.facebook.net code.jquery.com ajax.cloudflare.com cdn.jsdelivr.net www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com code.jivosite.com maxcdn.bootstrapcdn.com; img-src 'self' blob: vk.com kma.biz *.kma.biz mc.yandex.ru mc.webvisor.org *.vk.com *.facebook.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com data:; style-src 'self' kma.biz *.kma.biz 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com code.jivosite.com stackpath.bootstrapcdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com; font-src 'self' kma.biz *.kma.biz 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' kma.biz *.kma.biz vk.com code.jivosite.com www.youtube.com www.google.com; object-src 'self'; connect-src 'self' ws: wss: blob: kma.biz *.kma.biz mc.webvisor.org mc.yandex.ru vk.com *.jivosite.com fcm.googleapis.com www.google-analytics.com www.googletagmanager.com *.doubleclick.net 1
frame-ancestors 'self' https://dashboard.tawk.to/; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
script-src 'nonce-273a65b8-4c69-4716-8326-6ce33d9522b2' 'strict-dynamic';base-uri 'none';form-action 'self' hmwk.ru disser.me accounts.google.com oauth.vk.com id.vk.com login.vk.com oauth.yandex.ru passport.yandex.ru;object-src 'none';default-src 'self';report-uri /shared/csp-report;img-src 'self' data: vk.com m.vk.com login.vk.com *.livetex.ru www.facebook.com connect.facebook.com yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com analytics.google.com ssl.google-analytics.com www.google.com www.google.kz www.google.ru *.livetex.me www.googletagmanager.com core-renderer-tiles.maps.yandex.net api-maps.yandex.ru cdn.nanotech42.com/images/ i.ibb.co dmp.one pxl.hot-wifi.ru whitesaas.com/api/phone/check counter.yadro.ru/id/finmed.gif dmg.digitaltarget.ru/1/ *.dmg.digitaltarget.ru/1/ statik-us.info/loadfp acint.net/rmatch get4click.ru/api/get-cookie/ profilepxl.ru/c/sape_match;font-src 'self' data: *.livetex.me fonts.gstatic.com www.googletagmanager.com cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ fonts.googleapis.com;style-src 'self' 'unsafe-inline' www.gstatic.com hcaptcha.com *.hcaptcha.com fonts.googleapis.com;child-src 'self' blob: mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net;frame-src 'self' blob: *.livetex.me www.youtube.com www.facebook.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net hcaptcha.com *.hcaptcha.com rupertino.ru sonar.semantiqo.com https://hmwk.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com https://webvisor.com http://*.webvisor.com https://*.webvisor.com https://hmwk.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;connect-src 'self' www.facebook.com connect.facebook.com www.google-analytics.com analytics.google.com ssl.google-analytics.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net stats.g.doubleclick.net statusnpd.nalog.ru hcaptcha.com *.hcaptcha.com *.livetex.ru *.livetex.me uaas.yandex.ru eun1.fptls.com eun1.fptls3.com dmp.one c.dmp.one profilepxl.ru/t/ green.concilio.ru/app/app.php profilepxl.ru/invoke; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
default-src 'self' *.klarnaservices.com *.pcapredict.com services.postcodeanywhere.co.uk *.onetrust.com cdn.cookielaw.org *.klarnacdn.net pay.google.com *.google.com *.gstatic.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.crazyegg.com; img-src 'self' *.contentsquare.net integrations.fitanalytics.com data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' *.klarnaservices.com *.klarna.com *.adyen.com *.google.com *.nosto.com vimeo.com *.adyen.com *.doubleclick.net player.vimeo.com *.paypal.com www.youtube.com vod-progressive.akamaized.net *.criteo.com vars.hotjar.com *.facebook.com *.pinterest.com *.contentsquare.net csxd.championstore.com https:; connect-src 'self' *.klarnaevt.com https: wss:; worker-src 'self' https: blob:; font-src 'self' data: https:; frame-ancestors 'self' https://*.championstore.com; child-src blob:;script-src 'unsafe-inline' t.contentsquare.net app.contentsquare.com; img-src *.contentsquare.net; connect-src *.contentsquare.net; 1
frame-ancestors 'self' data: northernlighthealth.org *.northernlighthealth.org *.workforceeap.com *.healthylifeeap.com *.cerner.com *.healtheintent.com *.blackbaudhosting.com *.blackbaud.com *.google.com *.findhelp.com *.youtube.com; frame-src 'self' data: northernlighthealth.org *.northernlighthealth.org *.force.com *.workforceeap.com *.healthylifeeap.com *.cerner.com *.healtheintent.com *.blackbaudhosting.com *.blackbaud.com *.google.com *.votervoice.net *.findhelp.com *.youtube.com *.millerdrug.com *.understand.com *.doubleclick.net *.userway.org *.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' data: cdn.evgnet.com *.fontawesome.com *.force.com *.salesforce.com *.salesforce-sites.com *.salesforceliveagent.com *.datatables.net workforceeap.com healthylifeeap.com northernlighthealth.org *.northernlighthealth.org accessibilityserver.org siteimproveanalytics.com unpkg.com *.votervoice.net *.youtube.com *.sharethis.com *.findhelp.com *.workforceeap.com *.healthylifeeap.com *.cerner.com *.nr-data.net *.newrelic.com *.healtheintent.com *.bootstrapcdn.com *.jsdelivr.net *.jquery.com *.blackbaudhosting.com *.blackbaud.com *.bidswitch.net *.gstatic.com *.google.com *.userway.org *.licdn.com *.google-analytics.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.googletagmanager.com *.twitter.com *.nr-data.net *.tonicforhealth.com *.healtheintent.com northernlighthealth.org *.northernlighthealth.org *.emhs.org; object-src 'self' data: *.workforceeap.com *.healthylifeeap.com  *.votervoice.net *.nr-data.net *.tonicforhealth.com *.healtheintent.com northernlighthealth.org  *.northernlighthealth.org *.emhs.org; img-src 'self' data: *.fontawesome.com *.documentforce.com *.salesforce.com *.rlcdn.com *.force.com *.youtube.com *.sharethis.com northernlighthealth.org *.northernlighthealth.org *.emhs.org *.siteimproveanalytics.io *.google.com maps.gstatic.com *.google-analytics.com *.googleapis.com *.ggpht maps.googleapis.com *.kyruus.com *.nr-data.net *.tonicforhealth.com *.healtheintent.com *.cloudflare.com *.adsrvr.org *.blackbaudhosting.com *.blackbaud.com *.googletagmanager.com *.rlcdn.com *.bidswitch.net *.userway.org *.cloudfront.com *.cloudfront.net *.media.net *.stackadapt.com *.findhelp.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.americaneagle.com *.hawksearch.com https://www.googletagmanager.com https://www.google-analytics.com *.buzzsprout.com *.votervoice.net *.hsforms.net *.hsforms.com *.snap.licdn.com *.hubapi.com https://cdnjs.cloudflare.com *.siteimproveanalytics.com *.hotjar.com *.licdn.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://p.typekit.net https://use.typekit.net *.americaneagle.com *.hawksearch.com *.jsdelivr.net/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.hsforms.com *.hubspotusercontent20.net forms.hubspot.com https://6003930.global.siteimproveanalytics.io/ *.oribi.io *.linkedin.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.buzzsprout.com *.aristotle.com *.votervoice.net *.google.com *.doubleclick.net *.hsforms.net forms.hsforms.com *.hotjar.com *.licdn.com *.siteimproveanalytics.com; connect-src 'self' accounts.google.com *.google-analytics.com *.google.com *.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.americaneagle.com *.hawksearch.com *.amazonaws.com forms.hsforms.com forms.hubspot.com *.hotjar.com https://content.hotjar.io *.licdn.com *.siteimproveanalytics.com https://siteimproveanalytics.com *.oribi.io *.linkedin.com *.hotjar.io wss://*.hotjar.com; 1
default-src 'self'; img-src 'self' data: *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com maps.googleapis.com maps.googleapis.com www.googletagmanager.com www.google.com connect.facebook.net www.gstatic.com www.google-analytics.com apis.google.com; style-src 'self' 'unsafe-inline' www.costacoffee.pl cloud.typography.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.vili.pl accounts.google.com www.google.com www.youtube.com 1
font-src 'self' *.gstatic.com data:; img-src 'self'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.truefitcorp.com https://adservice.google.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://assets.adobedtm.com https://careers.lululemon.com https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://postcode.map.daum.net https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://smetrics.lululemon.co.kr https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://t1.daumcdn.net https://tag.rmp.rakuten.com https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.kr https://www.lululemon.co.uk https://www.paypalobjects.com https://wcs.naver.net https://wcs.naver.com https://smartstore.naver.com https://m.smartstore.naver.com https://storefarm.naver.com https://m.storefarm.naver.com https://naver.net https://naver.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.govmetric.com *.servmetric.com requirejs.org *.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.govmetric.com data:; 1
frame-ancestors https://app.storyblok.com *.abtasty.com; 1
script-src *.bigcommerce.com *.bazaarvoice.com *.addrexx10.com *.fonts.net *.googletagmanager.com *.google-analytics.com *.zendesk.com *.zdassets.com *.cloudfront.net *.cookielaw.org *.google.com *.gstatic.com *.lightboxcdn.com *.iesnare.com *.braintreegateway.com *.paypal.com *.googleapis.com *.newchapter.com *.facebook.com *.instagram.com *.youtube.com *.addthis.com *.visualwebsiteoptimizer.com *.ytimg.com *.twitter.com *.pgsvc.com *.pinterest.com *.attn.tv *.smile.io *.sweettooth.io *.lifedna.com *.afterpay.com *.payments-amazon.com *.crazyegg.com *.pinimg.com *.dwin1.com *.facebook.net *.adsrvr.org *.storemapper.co *.fastly.net *.doubleclick.net *.amazonaws.com *.klaviyo.com *.innovid.com *.paypalobjects.com *.attentivemobile.com *.attentive *.avalara.com *.rewind.com *.kount.com *.costrategix.com *.salesandorders.com *.kaptcha.com *.ordergroove.com blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' ; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.hotjar.com *.jsdelivr.net *.cloudflare.com *.gstatic.com *.yoast.com yoast.com *.vimeo.com youtube.com *.youtube.com *.twitter.com *.youtube-nocookie.com provider.pl *.provider.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.hotjar.com *.jsdelivr.net *.cloudflare.com *.gstatic.com *.twitter.com *.youtube.com youtube.com *.vimeo.com cdn.syndication.twimg.com *.twimg.com provider.pl *.provider.pl www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.google.com maps.gstatic.com maps.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.cloudflare.com *.twitter.com *.twimg.com provider.pl *.provider.pl fonts.googleapis.com maps.googleapis.com translate.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com www.google.pl/ads/ google.pl/ads/ updates.themepunch-ext-a.tools *.twimg.com *.twitter.com provider.pl *.provider.pl s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com translate.google.com www.google.com www.gstatic.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.analytics.google.com analytics.google.com *.yoast.com yoast.com provider.pl *.provider.pl *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com translate.googleapis.com; font-src 'self' data: *.jsdelivr.net provider.pl *.provider.pl fonts.gstatic.com; media-src 'self' *.google.pl *.google.com google.pl google.com updates.themepunch-ext-a.tools *.twimg.com *.twitter.com provider.pl *.provider.pl; frame-src 'self' data: *.hotjar.com *.google.pl *.google.com *.twitter.com *.youtube-nocookie.com provider.pl *.provider.pl *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com; child-src 'self' data: www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.memoriapress.com https://player.vimeo.com https://*.swarmcdn.com https://cse.expertrec.com https://cdn.flowplayer.com https://1310149c45a5.entrypoint.cloud.wowza.com 1
frame-src 'self' https://app.powerbi.com https://vimeo.com https://www.youtube.com; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.water.org.uk/report-uri/enforce 1
default-src 'none'; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; connect-src 'self' sentry.io *.analytics.google.com *.google-analytics.com *.mktoresp.com *.doubleclick.net t.co t.c *.demdex.net *.snapchat.com *.pinterest.com assets.adobedtm.com *.blueconic.net sc-static.net *.facebook.net www.googletagmanager.com *.hotjar.com searchrys.com *.kampyle.com cdn.nowinteract.com bat.bing.com *.energiedirect.nl *.innogynederland.nl *.iadvize.com essent.tt.omtrdc.net *.contentsquare.net wss://*.iadvize.com *.membergetmember.co www.google.com/pagead/ *.amazonaws.com *.qualtrics.com; font-src 'self' *.energiedirect.nl *.innogynederland.nl fonts.gstatic.com *.iadvize.com; form-action 'self' tr.snapchat.com/cm/i tr.snapchat.com/p www.facebook.com/tr/ *.qualtrics.com; frame-src *.doubleclick.net vars.hotjar.com *.energiedirect.nl *.facebook.com *.kampyle.com tr.snapchat.com www.youtube-nocookie.com www.youtube.com *.demdex.net *.iadvize.com *.zonatlas.nl *.tetraeder.com www.google.com *.qualtrics.com; frame-ancestors 'self'; img-src 'self' data: blob: *.s3.eu-central-1.amazonaws.com analytics.twitter.com *.googleadservices.com www.google.at www.google.no www.google.co.id www.google.pl www.google.pt www.google.gr www.google.it www.google.com.tr www.google.co.uk www.google.se www.google.be www.google.com www.google.de www.google.nl www.google.es www.google.fr t.co searchrys.com *.kampyle.com cx.atdmt.com dpm.demdex.net cm.everesttech.net bat.bing.com www.facebook.com *.energiedirect.nl *.innogynederland.nl *.analytics.google.com *.google-analytics.com google.ie *.doubleclick.net www.googletagmanager.com px.ads.linkedin.com/collect www.linkedin.com/px/ www.gstatic.com/images/branding lt45.net ds1.nl *.iadvize.com *.contentsquare.net swa.essent.nl *.qualtrics.com; object-src 'self' *.energiedirect.nl *.innogynederland.nl; script-src 'unsafe-inline' www.googleadservices.com www.google-analytics.com assets.adobedtm.com *.blueconic.net sc-static.net *.facebook.net www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com searchrys.com *.kampyle.com cdn.nowinteract.com bat.bing.com energiedirect.nl *.energiedirect.nl *.innogynederland.nl *.doubleclick.net *.iadvize.com *.contentsquare.net *.contentsquare.com *.membergetmember.co www.gstatic.com *.qualtrics.com ; style-src 'self' *.energiedirect.nl *.innogynederland.nl fonts.googleapis.com *.iadvize.com *.contentsquare.net 'unsafe-inline'; child-src blob:; worker-src blob:; 1
frame-ancestors 'self' http://manage.hawksearch.com https://manage.hawksearch.com http://dev.hawksearch.net https://dev.hawksearch.net 1
frame-ancestors members.yulife.com 1
base-uri 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' connect.facebook.net ws.zoominfo.com www.google.com/recaptcha/enterprise.js js.hs-banner.com forms.hsforms.com js-na1.hs-scripts.com js.hsforms.net www.googletagmanager.com www.google-analytics.com *.ecrs.com ecrs.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net *.googleadservices.com *.amazonaws.com googleads.g.doubleclick.net www.google.com/recaptcha/api.js www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' *.ecrs.com ecrs.com *.googleapis.com; img-src 'self' data: *.hsforms.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.ecrs.com ecrs.com s3.amazonaws.com 2.gravatar.com secure.gravatar.com px.ads.linkedin.com 10.93.3.139 track.hubspot.com www.google.com p.adsymptotic.com *.amazonaws.com; media-src 'self' *.ecrs.com ecrs.com; frame-src 'unsafe-eval' 'self' static.hsappstatic.net app.hubspot.com forms.hsforms.com www.google.com player.vimeo.com www.youtube.com bid.g.doubleclick.net; font-src 'self' data: *.ecrs.com ecrs.com *.googleapis.com *.gstatic.com *.amazonaws.com; connect-src 'unsafe-eval' 'self' www.google-analytics.com forms.hsforms.com *.amazonaws.com builder.ecrs.com; 1
img-src 'self' * data:;script-src 'self' * 'unsafe-eval' storage.googleapis.com googletagmanager.com 'unsafe-inline' *.facebook.net *.facebook.com *.google-analytics.com applepay.cdn-apple.com *.googletagmanager.com x.klarnacdn.net *.klarna.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com;connect-src 'unsafe-eval' 'unsafe-inline' 'self' google.com *.google.com api.addressy.com *.facebook.net *.facebook.com *.googletagmanager.com googletagmanager.com *.google-analytics.com storage.googleapis.com api.yotpo.com api-cdn.yotpo.com *.klarnaevt.com x.klarnacdn.net *.klarna.com *.api.commercecloud.salesforce.com *.collect.igodigital.com *.criteo.com api.cquotient.com *.doubleclick.net wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com https://sfcc.predatornutrition.com;default-src 'unsafe-eval' 'unsafe-inline' 'self' api.addressy.com *.facebook.net *.facebook.com googletagmanager.com *.google-analytics.com storage.googleapis.com *.googletagmanager.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com;media-src *;script-src-attr 'unsafe-inline' x.klarnacdn.net x.klarnacdn.net *.klarna.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com;frame-src 'self' *;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://ssl.google-analytics.com/ga.js https://fonts.googleapis.com https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; img-src 'self' https://ssl.google-analytics.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; 1
frame-ancestors https://*.wizdom.ai https://wizdom.ai capacitor://wizdom.ai 1
default-src 'none'; img-src 'self' https://d3t0im579cvxtw.cloudfront.net data:; style-src 'self' 'unsafe-inline'; script-src 'self' data: https://tracking2.miloncare.com; connect-src 'self' https://tracking2.miloncare.com https://dio7q6x5myw9r.cloudfront.net; font-src 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' *; img-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; font-src 'unsafe-inline' 'unsafe-eval' *; media-src 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' *.beingbui.lt media.skyline.beingbui.lt d32uoi6z5t9smp.cloudfront.net *.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.hotjar.com *.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.curator.io maps.googleapis.com young-shand.atlassian.net connect.facebook.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.rollerdigital.com; frame-src 'self' open.spotify.com www.youtube.com anchor.fm podcasters.spotify.com *.opinionstage.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.curator.io checkout.play.roller.app; child-src 'self' blob: beingbui.lt www.facebook.com; style-src 'self' 'unsafe-inline' *.typekit.net *.beingbui.lt fonts.googleapis.com cloud.typography.com *.curator.io; img-src 'self' *.beingbui.lt media.skyline.beingbui.lt *.skyline.co.nz d32uoi6z5t9smp.cloudfront.net skyline.co.nz openweathermap.org *.google-analytics.com *.google.com *.google.co.nz *.googleapis.com maps.gstatic.com www.facebook.com instagram.com curator-assets.b-cdn.net curatorio.s3.amazonaws.com img.evbuc.com www.googletagmanager.com *.youtube.com forms.hsforms.com track.hubspot.com *.ytimg.com api.skyline.wayfinder.beingbui.lt data:; media-src 'self' curator-assets.b-cdn.net curatorio.s3.amazonaws.com *.beingbui.lt d32uoi6z5t9smp.cloudfront.net api.skyline.wayfinder.beingbui.lt; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; object-src 'self' *.beingbui.lt data:; frame-ancestors 'none'; connect-src 'self' api.skyline.wayfinder.beingbui.lt 127.0.0.1 api.skyline.test *.beingbui.lt maps.googleapis.com analytics.google.com www.google-analytics.com noembed.com forms.hscollectedforms.net stats.g.doubleclick.net *.curator.io; 1
default-src 'self' https://*.eum-appdynamics.com/; script-src https://*.appdynamics.com/  https://*.salesforceliveagent.com/ 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.powerbi.com https://*.eum-appdynamics.com/ https://cloud-api.highcharts.com/openincloud https://portal.knowledgebase.net https://*.salesforceliveagent.com/; img-src 'self' data: https:; style-src 'self' 'unsafe-inline';object-src 'self'; font-src 'self'; frame-src 'self' https://*.take-survey.dev.wkelms.com/ https://*.stgsurvey.wkelms.net/ https://*.survey.wkelms.net/ https://docs.microsoft.com/en-us/ http://www.google.com/intl/en/chrome/business/ https://*.powerbi.com mailto:;frame-ancestors 'self'; 1
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.bing.com/ https:; style-src 'self' 'unsafe-inline'; img-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:;
img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:;
frame-src *.google.com;
connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;
font-src https://fonts.gstatic.com;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
worker-src blob:; 1
default-src https: wss: data: 'self' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data:; font-src https: data: ; 1
default-src 'self' *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; img-src 'self' * data:; font-src 'self' * data: 1
block-all-mixed-content; report-uri https://www.endurasport.com/cspReport.txt; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://forms.contacta.io/assets/intlTelInput.min.css; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src 'self' data:; connect-src * 'self' https://noembed.com https://consentcdn.cookiebot.com/consentconfig/5ebc3f43-f03f-4fbf-94e4-24e7579b4806/settings.json https://apps.elfsight.com/p/platform.js https://ka-p.fontawesome.com; frame-src * 'self' https://www.youtube-nocookie.com https://boxpark.atreemosurvey.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action lu.teufelaudio.com zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
script-src 'self' https://www.googletagmanager.com https://*.monsido.com https://*.cludo.com https://*.hotjar.com https://action.dstillery.com https://apply.caspercollege.edu https://apply-caspercollege-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://connect.facebook.net https://mx.technolutions.net https://action.media6degrees.com https://25livepub.collegenet.com https://caspercollege.summon.serialssolutions.com https://caspercollege.libcal.com https://static-cdn.summon.serialssolutions.com https://cdnjs.cloudflare.com https://www.jobwise.com https://api-us1.cludo.com 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-SwOn5bWmosZd7g5JX5SyDhEQBbuIf80FruSxl0X9mx3DP8t/' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src 'self' *.smithdrug.com openbadges.blob.core.windows.net ping.eeharbor.com www.google-analytics.com www.google.com data: blob:;            style-src 'self' *.smithdrug.com netdna.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com 'unsafe-inline';            script-src 'self' *.smithdrug.com www.google.com ajax.googleapis.com www.gstatic.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';            font-src 'self' *.smithdrug.com ajax.googleapis.com use.fontawesome.com fonts.googleapis.com netdna.bootstrapcdn.com fonts.gstatic.com;            frame-src 'self' *.smithdrug.com www.google.com;            connect-src 'self' *.smithdrug.com updates.expressionengine.com stats.g.doubleclick.net www.google-analytics.com;            media-src 'self' *.smithdrug.com;            object-src 'self' *.smithdrug.com;            worker-src 'self' *.smithdrug.com blob: data:;            manifest-src 'self' *.smithdrug.com;            base-uri 'self' *.smithdrug.com;            default-src 'self' *.smithdrug.com;            form-action 'self' *.smithdrug.com webto.salesforce.com;         1
script-src https: 'nonce-1f330e43-72bf-4d4d-889f-20b73f579f9f' 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https: www.googletagmanager.com; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.venus.io 1
font-src https://*.servicemax.com https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-ancestors https://*.servicemax.com https://servicemaxlogin.cloudforce.com https://servicemaxinc.sharepoint.com https://svmx.my.salesforce.com https://servicemax.pathfactory.com; 1
object-src 'self' script-src 'self' 'unsafe-inline' https://connect.facebook.net https://www.facebook.com https://cdn.jsdelivr.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://vjs.zencdn.net https://youtube.com; frame-ancestors 'none'; form-action 'none'; report-uri https://compassbox.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.vanguard.com *.vanguard.com.au;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src 'self' 'unsafe-inline' https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://www.youtube.com https://*.doubleclick.net https://*.omniture.com https://activitymap.adobe.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://sc5.omniture.com;connect-src 'self' *.vanguard.com *.vanguard.com.au https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://*.api.company-target.com https://*.tt.omtrdc.net;img-src 'self' data: *.vanguard.com *.vanguard.com.au https://*.vgdynamic.info https://vanguard.d2.sc.omtrdc.net https://sjs.bizographics.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://P.adsymptotic.com https://www.google.com https://assets.adobedtm.com https://*.linkedin.com https://*.facebook.net https://analytics.twitter.com https://t.co https://www.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vanguard.com *.vanguard.com.au https://*.vgcontent.info https://*.doubleclick.net https://*.demdex.net https://*.vgdynamic.info https://*.omniture.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://assets.adobedtm.com https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.facebook.net;form-action 'self' https://www.googletagmanager.com *.vanguard.com *.vanguard.com.au;script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline' *.vanguard.com *.vanguard.com.au;upgrade-insecure-requests 1
default-src 'self' *.propertycapsule.com;script-src 'self' * blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' * 'unsafe-inline';font-src 'self' * data:;img-src 'self' * data: blob:;connect-src 'self' * data: blob:;frame-src 'self' *.propertycapsule.com www.google.com *.shopcore.com *.cbre.us *.cbre.com *.kimcorealty.com my.matterport.com embed.widencdn.net marketplace.vts.com properties.brixmor.com *.widen.net *.rlets.com;frame-ancestors 'self' https://tolsonenterprises.com http://tolsonenterprises.com https://www.barnescreativestudios.com http://www.barnescreativestudios.com https://barnescreativestudios.com *.barnescreativestudios.com *.cloudfront.net *.brixmor.com *.propertycapsule.com *.vts.com;media-src 'self' * ; 1
block-all-mixed-content;upgrade-insecure-requests;, frame-ancestors 'self' *.aavas.in; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' museum.qld.gov.au *.museum.qld.gov.au mc-24937cab-d83c-449f-a961-1808-cd.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cd-staging.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm-staging.azurewebsites.net qm.qld.gov.au *.qm.qld.gov.au vercel.live *.vercel.app *.azurewebsites.net *.littlehinges.com.au *.crazyegg.com pagecorrect.monsido.com stats.g.doubleclick.net *.raisely.com sketchfab.com www.paperturn-view.com www.gstatic.com apps.sitecore.net connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.jotform.com *.unpkg.com sketchfab-prod-media.s3.amazonaws.com; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' museum.qld.gov.au *.museum.qld.gov.au mc-24937cab-d83c-449f-a961-1808-cd.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cd-staging.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm-staging.azurewebsites.net *.qm.qld.gov.au qm.qld.gov.au vercel.live *.vercel.app *.azurewebsites.net cdn-au.clickdimensions.com analytics-au.clickdimensions.com *.littlehinges.com.au app-script.monsido.com pagecorrect.monsido.com tracking.monsido.com script.crazyegg.com *.raisely.com sketchfab.com www.gstatic.com connect.facebook.net www.facebook.com *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.jotform.com *.unpkg.com sketchfab-prod-media.s3.amazonaws.com; img-src 'self' museum.qld.gov.au *.museum.qld.gov.au mc-24937cab-d83c-449f-a961-1808-cd.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cd-staging.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm-staging.azurewebsites.net qm.qld.gov.au *.qm.qld.gov.au vercel.live *.vercel.app cdn-au.clickdimensions.com pagecorrect.monsido.com tracking.monsido.com *.littlehinges.com.au *.raisely.com sketchfab.com www.gstatic.com connect.facebook.net www.facebook.com *.google.com www.google-analytics.com www.google.com.au googleads.g.doubleclick.net db6.auroracloud.com.au *.sharethis.com *.apple.com rss.app *.jotform.com *.unpkg.com www.youtube.com data:; style-src 'self' 'unsafe-inline' museum.qld.gov.au *.museum.qld.gov.au mc-24937cab-d83c-449f-a961-1808-cd.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cd-staging.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm-staging.azurewebsites.net qm.qld.gov.au *.qm.qld.gov.au vercel.live *.vercel.app cdn-au.clickdimensions.com pagecorrect.monsido.com *.raisely.com *.littlehinges.com.au sketchfab.com www.gstatic.com connect.facebook.net www.facebook.com *.google.com fonts.googleapis.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.jotform.com *.unpkg.com; font-src 'self' 'unsafe-inline' museum.qld.gov.au *.museum.qld.gov.au mc-24937cab-d83c-449f-a961-1808-cd.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cd-staging.azurewebsites.net mc-24937cab-d83c-449f-a961-1808-cm-staging.azurewebsites.net qm.qld.gov.au vercel.live *.vercel.app cdn-au.clickdimensions.com *.littlehinges.com.au pagecorrect.monsido.com *.raisely.com sketchfab.com www.gstatic.com connect.facebook.net www.facebook.com *.google.com fonts.gstatic.com googleads.g.doubleclick.net *.sharethis.com *.apple.com rss.app www.youtube.com *.jotform.com *.unpkg.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self';
             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com;
             img-src 'self' data: https://secure.gravatar.com https://www.google-analytics.com https://ps.w.org https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.paypalobjects.com;
             style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://assets.zendesk.com;
             font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com;
             frame-src 'self' https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com;
             object-src 'self' 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.forbole.com 1
frame-ancestors https://coopcustomertest.b2clogin.com https://coopcustomer.b2clogin.com 1
report-uri https://www.bodycote.com 1
default-src data: blob: 'unsafe-inline'  'self' https://platform.twitter.com https://player.vimeo.com  https://acsbapp.com https://google.com https://www.google.com https://youtube.com https://wistia.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com  https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://s.imgur.com https://imgur.com https://i.imgur.com https://500px.com https://drscdn.500px.org https://www.reddit.com https://www.flickr.com https://c1.staticflickr.com https://maxcdn.bootstrapcdn.com http://code.ionicframework.com https://www.youtube.com https://mapbox.com https://cdn.fontawesome.com/ https://player.vimeo.com; script-src blob: 'self' 'unsafe-inline'  https://www.google-analytics.com https://platform.twitter.com/ https://bam.nr-data.net  https://js-agent.newrelic.com https://www.google.com https://acsbapp.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://acsbapp.com/ https://wistia.com https://api.tiles.mapbox.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.google.com https://api.tiles.mapbox.com; img-src blob: 'self' data: https://cdn.acsbapp.com/apps/app/dist/media/logomono.svg https://platform.twitter.com https://www.google-analytics.com  https://secure.gravatar.com https://acsbapp.com https://embedwistia-a.akamaihd.net https://wistia.com https://www.google-analytics.com https://acsbapp.com www.googletagmanager.com; connect-src https://stats.g.doubleclick.net https://www.google-analytics.com  https://bam.nr-data.net https://events.mapbox.com/ https://cdn.acsbapp.com https://embedwistia-a.akamaihd.net https://api.mapbox.com https://litix.io 'self' https://mapbox.com https://wistia.com; font-src blob: data: 'self' https://acsbapp.com/ https://api.mapbox.com; object-src 'none'; media-src 'self'; form-action 'self' https://webto.salesforce.com/servlet/servlet.WebToCase https://webto.salesforce.com/servlet/servlet.WebToLead; frame-ancestors 'self' https://acsbapp.com/ https://www.google.com/; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://www.google.com https://youtube.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://image.providesupport.com https://vm.providesupport.com https://cdnjs.cloudflare.com/ https://cdnjs.com/ https://unpkg.com/ https://connect.facebook.net/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com;img-src 'self' https://*.google.com https://www.gstatic.com https://translate.googleapis.com http://translate.google.com https://*.google-analytics.com data: https://image.providesupport.com https://fonts.gstatic.com https://www.facebook.com/ https://www.googletagmanager.com/;frame-src https://www.google.com https://www.youtube.com https://vm.providesupport.com http://vm.providesupport.com https://servis.webhouse.cz/;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://translate.googleapis.com https://*.google-analytics.com https://chatapi.providesupport.com https://www.facebook.com/ https://reporter.seznam.cz/;form-action 'self';frame-ancestors 'self';block-all-mixed-content 1
base-uri 'self'; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; connect-src * blob: https: 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' data: blob: https: sylaps: gap:; object-src 'self' mediastream: blob: 1
frame-ancestors 'self' *.1hotels.com 1
default-src 'self' tbi.net www.tbi.net; frame-ancestors 'self'; child-src 'self'; frame-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tbi.net https://tbi.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com secure.gravatar.com; font-src * 'self' data: https:; img-src * 'self' data: https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bgme.me; img-src 'self' https: data: blob: https://bgme.me; style-src 'self' https://bgme.me 'nonce-noV6Utx3WBEGUrdn7fA0mg=='; media-src 'self' https: data: https://bgme.me; frame-src 'self' https:; manifest-src 'self' https://bgme.me; form-action 'self'; child-src 'self' blob: https://bgme.me; worker-src 'self' blob: https://bgme.me; connect-src 'self' data: blob: https://bgme.me https://img.bgme.me wss://bgme.me; script-src 'self' https://bgme.me 'wasm-unsafe-eval' 1
default-src *.bsr.de bsr.apimanagement.eu2.hana.ondemand.com *.abfallarmeveranstaltungen-berlin.de abfallarmeveranstaltungen-berlin.de *.typekit.net *.googleapis.com bsr01.wt-eu02.net *.cloudfront.net *.fonts.net *.twimg.com *.wt-safetag.com www.juicer.io *.usercentrics.eu fonts.gstatic.com; script-src 'unsafe-inline' *.jquery.com *.abfallarmeveranstaltungen-berlin.de abfallarmeveranstaltungen-berlin.de *.podlove.org *.usercentrics.eu *.bsr.de 'unsafe-eval' *.usercentrics.eu maps.googleapis.com responder.wt-safetag.com *.wbtrk.net bsr01.wt-eu02.net; style-src 'unsafe-inline' *.bsr.de *.abfallarmeveranstaltungen-berlin.de abfallarmeveranstaltungen-berlin.de *.fonts.net *.typekit.net *.jsdelivr.net fonts.googleapis.com cdn.podlove.org; img-src 'self' maps.googleapis.com maps.gstatic.com *.abfallarmeveranstaltungen-berlin.de *.bsr.de abfallarmeveranstaltungen-berlin.de berlin-ivm-202010.epresto-orange.de *.usercentrics.eu *.twimg.com *.juicer.io *.fbcdn.net bsr01.wt-eu02.net data: w3.org/svg/2000; object-src 'none'; frame-src 'self' *.bsr.de maps.google.com www.google.com  www.youtube.com https://tiptapp.com/ https://de.tapaway.tiptapp.com/; font-src 'self' data: *.typekit.net; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-wKTx2uiG7gwEHP1zzz/Mhw=='; 1
frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://dc.applicationinsights.us/v2/track/v2/track; default-src 'self'; font-src 'self' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https://app.powerbigov.us; img-src 'self'  https://www.macpac.gov https://macpac.gov https://www.google-analytics.com https://6013428.global.siteimproveanalytics.io; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://ajax.googleapis.com https://siteimproveanalytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com; 1
default-src 'self' https://www.google-analytics.com;    font-src  'self'                https://use.fontawesome.com  https://fonts.googleapis.com https://fonts.gstatic.com https://unpkg.com data:;   img-src 'self' https://www.google.com https://platform-cdn.sharethis.com https://s4desktop.com              https://www.google.co.in  https://www.google-analytics.com  https://s3.amazonaws.com;   frame-ancestors 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com               https://4654125057.encompasstpoconnect.com;   frame-src  'self'               https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com https://bid.g.doubleclick.net https://www.google.com http://dntcl.qualaroo.com https://s4desktop.com;                  script-src 'self' 'unsafe-inline' 'unsafe-eval'                https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://s4desktop.com               https://platform-api.sharethis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com              https://buttons-config.sharethis.com  https://www.googletagmanager.com               https://www.google-analytics.com https://unpkg.com https://www.google.com               https://www.gstatic.com  https://cdn.jsdelivr.net https://cl.qualaroo.com http://cl.qualaroo.com https://turbo.qualaroo.com;    style-src 'self' 'unsafe-inline'               https://maxcdn.bootstrapcdn.com  https://use.fontawesome.com      https://fonts.googleapis.com         https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://unpkg.com https://s4desktop.com  https://cdn.jsdelivr.net;object-src               'none';   base-uri 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com; 1
script-src http://www.chu-bordeaux.fr https://www.chu-bordeaux.fr https://piwikpro.chu-bordeaux.fr  'unsafe-inline' 'unsafe-eval'; style-src 'self'  'unsafe-inline'; object-src 'none'; frame-ancestors http://www.chu-bordeaux.fr https://www.chu-bordeaux.fr https://piwikpro.chu-bordeaux.fr ; worker-src 'self' 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 'unsafe-eval' ajax.googleapis.com; style-src 'self' data: 'unsafe-inline' *.fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: *.lubuntu.me secure.gravatar.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
default-src 'self' https://crm.zohopublic.eu https://crm.zoho.eu https://*.fls.doubleclick.net https://*.cloudfront.net https://www.googletagmanager.com https://*.jungleminds.com https://*.imc.com https://*.cdn.prismic.io https://player.vimeo.com https://www.youtube.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://crm.zoho.eu https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://bat.bing.com https://amplify.outbrain.com https://*.doubleclick.net https://*.fls.doubleclick.net https://analytics.google.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/count/389847; img-src * data: blob: 'unsafe-inline'; connect-src 'self' https://wd5-services1.myworkday.com https://analytics.google.com https://*.doubleclick.net https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com  www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com;  frame-src 'self' assets.prod.heartline.com www.youtube.com; 1
default-src 'self' https://www.mirdvornikov.ru; connect-src 'self' https://yandex.ru/ads/adfox/1503404/ https://top-fwz1.mail.ru  https://mc.yandex.com/  https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://o354851.ingest.sentry.io https://widget.me-talk.ru wss://widget.me-talk.ru wss://widget.apibcknd.com https://widget.apibcknd.com https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/ https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.webvisor.org https://mc.yandex.md https://mc.yandex.ru;  font-src 'self' https://yastatic.net/ https://www.mirdvornikov.ru data: https://maxcdn.bootstrapcdn.com;  form-action 'self' https://pay.modulbank.ru https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://money.yandex.ru/eshop.xml https://yoomoney.ru/;  frame-src 'self'  https://mc.yandex.com https://vk.com/widget_community.php https://login.vk.com https://www.mirdvornikov.ru  https://www.banki.ru/insurance/ https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.youtube.com https://yandex.ru https://f302aeeda1c251762669ddab75ed76ca.me-talk.ru blob: https://mc.yandex.ru;  img-src 'self' https://banners.adfox.ru/ https://ads.adfox.ru/ https://www.mirdvornikov.ru https://mc.yandex.com/sync_cookie_image_check https://vk.com/images/upload.gif https://googleads.g.doubleclick.net www.googletagmanager.com https://www.facebook.com/tr/ https://www.google.ae/ads/ga-audiences data: https://api-maps.yandex.ru https://static.me-talk.ru/uploads/avatars/ https://avatars.mds.yandex.net https://img.youtube.com https://mc.webvisor.org https://mc.yandex.ru https://*.maps.yandex.net https://www.google-analytics.com  https://www.google.ru/ads/ga-audiences https://stats.g.doubleclick.net https://www.google.com/ads/;  object-src 'self' https://www.mirdvornikov.ru;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://banners.adfox.ru/ https://yandex.ru/ads/system/context.js https://vk.com/js/api/openapi.js https://top-fwz1.mail.ru https://widget.me-talk.ru/ https://www.banki.ru/static/bundles/ https://top-fwz1.mail.ru/js/code.js https://www.mirdvornikov.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net/ https://www.googletagmanager.com https://js.sentry-cdn.com/ https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://static.me-talk.ru/cabinet/build/chat/ https://browser.sentry-cdn.com https://suggest-maps.yandex.ru https://lux.speedcurve.com https://cdn.speedcurve.com/js/lux.js https://mc.yandex.ru https://yastatic.net https://ajax.googleapis.com https://api-maps.yandex.ru https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://lcab.talk-me.ru/support/support.js https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/www.mirdvornikov.ru.js https://*.maps.yandex.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' https://www.mirdvornikov.ru;  child-src blob: https://mc.yandex.ru; manifest-src https://www.mirdvornikov.ru/manifest.json; 1
frame-ancestors 'self' vdp-editor.yeswehack.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://maps.googleapis.com https://maps.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cookie-cdn.cookiepro.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://www.google.com *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com www.paypalobjects.com c.paypal.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com *.littlepay.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com https://*.cardinalcommerce.com https://static.hotjar.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.braintree-api.com assets.braintreegateway.com https://maps.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com https://unpkg.com https://ajax.googleapis.com *.littlepay.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.tiktok.com maps.googleapis.com kg668dbov0.execute-api.us-east-1.amazonaws.com https://cookie-cdn.cookiepro.com *.cardinalcommerce.com *.braintreegateway.com *.braintree-api.com *.littlepay.com https://sentry.io *.littlepay.com wss://checkout-wss.littlepay.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' * tracker-embed.aircoach.ie ssl.kaptcha.com tst.kaptcha.com *.braintree-api.com assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com https://www.youtube-nocookie.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com https://www.sandbox.paypal.com *.littlepay.com https://*.cardinalcommerce.com; img-src 'self' https://analytics.tiktok.com assets.braintreegateway.com *.paypal.com data: https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://r.turn.com *.littlepay.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; child-src 'self' *.braintree-api.com assets.braintreegateway.com c.paypal.com; form-action 'self' * https://*.cardinalcommerce.com 1
frame-ancestors 'self' http://localhost:8080 http://*.localhost:8080 https://*.master-dev.d3jehkguztxip4.amplifyapp.com https://master-dev.d3jehkguztxip4.amplifyapp.com https://*.master-staging.d3jehkguztxip4.amplifyapp.com https://master-staging.d3jehkguztxip4.amplifyapp.com https://*.master-production.d3jehkguztxip4.amplifyapp.com https://master-production.d3jehkguztxip4.amplifyapp.com http://*.university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com http://university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://*.university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://*.university.moon-audio.com https://university.moon-audio.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure.gravatar.com https://i.ytimg.com https://www.google-analytics.com https://ps.w.org https://0.gravatar.com https://1.gravatar.com https://2.gravatar.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.google.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://buttons-config.sharethis.com https://translate.googleapis.com https://js-agent.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.ne https://beacon.sojern.com/ https://connect.facebook.net/ https://script.crazyegg.com/ https://count-server.sharethis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.googleapis.com platform-api.sharethis.com translate.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com https://cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://translate.googleapis.com/translate_static/css/translateelement.css cloud.typography.com https://cdn.jsdelivr.net; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.arrowfilms.com https://connect.facebook.net https://tr.snapchat.com https://www.arrowfilms.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://s1.thcdn.com/ https://cdn.parcellab.com/; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' localhost 127.0.0.1 *.8020.net *.authorize.net 1
script-src 'unsafe-inline' 'unsafe-eval' http://127.0.0.1:* http://localhost:* docker:* dockerhost:* *.ad.questel.com:* *.kube-dev.qal.questel.fr:* *.kube-poc.qal.questel.fr:* *.orbit.com orbit.com *.orbit-intelligence.cn orbit-intelligence.cn *.questel.fr *.questel.com *.freshworks.com *.trychameleon.com *.google.com *.google.com.hk *.googleapis.com 1
connect-src https://auth.sdc.dk https://api-proxy-neos.sdc.eu https://azure-sign-p1.sdc.dk https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://*.sdc.dk/ https://*.sdc.eu/ https://api.cludo.com https://career.recruitee.com https://consent.app.cookieinformation.com https://dc.services.visualstudio.com/ https://policy.app.cookieinformation.com https://sdc.containers.piwik.pro/ https://sdc.piwik.pro https://vimeo.com https://www.totalkredit.dk/ 'self'; default-src 'self'; font-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://career.recruitee.com https://cdnjs.cloudflare.com https://d10zminp1cyta8.cloudfront.net 'self'; frame-src https://auth.sdc.dk https://azure-sign-p1.sdc.dk https://e.issuu.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://www.youtube.com/ 'self'; img-src data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ 'self'; script-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://cdnjs.cloudflare.com https://consent.cookiebot.com/ https://customer.cludo.com https://d10zminp1cyta8.cloudfront.net https://jobs-widget.recruiteecdn.com/ https://maps.googleapis.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/ https://s.ytimg.com/ https://sdc.containers.piwik.pro https://www.googletagmanager.com/ https://www.totalkredit.dk/ https://www.youtube.com/ 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://policy.app.cookieinformation.com https://www.totalkredit.dk/ 'self' 'unsafe-inline'; report-uri /api/sdc/security/csp/report; report-to default 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz *.seznam.cz admin.sdovolena.cz *.sdovolena.seznam.cz http://sdovolena.seznam.cz https://sdovolena.seznam.cz *.szn.cz *.szn.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.sdn.cz *.sdn.cz *.szn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.hit.gemius.pl *.mapy.cz www.googleadservices.com connect.facebook.net www.google-analytics.com https://www.googletagmanager.com/gtag/js *.sdovolena.seznam.cz https://sdovolena.seznam.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.sdn.cz *.sdn.cz *.szn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com *.hit.gemius.pl *.mapy.cz www.googleadservices.com connect.facebook.net www.google-analytics.com https://www.googletagmanager.com/gtag/js *.sdovolena.seznam.cz https://sdovolena.seznam.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://furry.engineer 'wasm-unsafe-eval'; font-src 'self' https://furry.engineer; img-src 'self' data: blob: https://furry.engineer https://cdn.pawb.social; style-src 'self' https://furry.engineer 'nonce-ptkXuOhUws+m78IJakHp8Q=='; media-src 'self' data: https://furry.engineer https://cdn.pawb.social; frame-src 'self' https:; child-src 'self' blob: https://furry.engineer; worker-src 'self' blob: https://furry.engineer; connect-src 'self' blob: data: wss://furry.engineer https://furry.engineer https://cdn.pawb.social; manifest-src 'self' https://furry.engineer; form-action 'self' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.typekit.net *.googletagmanager.com *.google.com *.itunes.apple.com *.doubleclick.net cdnjs.cloudflare.com kendo.cdn.telerik.com *.hotjar.com http://tether.io https://www.youtube.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.google-analytics.com *.typekit.net *.googletagmanager.com *.doubleclick.net cdnjs.cloudflare.com *.fontawesome.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.googletagmanager.com *.google.com *.itunes.apple.com *.doubleclick.net *.typekit.net *.fontawesome.com www.lehighhanson.com www.heidelbergmaterials.us heidelbergmaterials.us track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.google.com *.itunes.apple.com *.google-analytics.com *.doubleclick.net cdnjs.cloudflare.com *.fontawesome.com; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.mktoresp.com *.google.com *.itunes.apple.com *.doubleclick.net *.hotjar.com maps.googleapis.com forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: www.lehighhanson.com heidelbergmaterials.us www.heidelbergmaterials.us; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.google.com *.itunes.apple.com *.doubleclick.net *.hotjar.com web-chat.nativechat.com 1
frame-ancestors 'self' https://www.zerowastescotland.org.uk 1
frame-ancestors 'self' *.univisionnow.com *.neulion.com *.endeavorstreaming.com 1
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 1
default-src 'self' ws: wss: data:;media-src 'self' blob: data: *.akamaihd.net *.hotjar.com *.wistia.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.akamaihd.net *.aptrinsic.com *.arjo.com *.azure.com *.azurestaticapps.net *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cookiebot.com *.episerver.net *.euroland.com *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.jquery.com *.jsdelivr.net *.licdn.com *.litix.io *.msecnd.net *.on24.com *.pardot.com *.qbank.se *.siteimprove.net *.virtualearth.net *.visualstudio.com *.wistia.com siteimproveanalytics.com;style-src 'self' 'unsafe-inline' *.aptrinsic.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudflare.com *.episerver.net *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.litix.io *.qbank.se *.wistia.com;font-src 'self' data: *.bootstrapcdn.com *.cloudflare.com *.cloudflare.com *.cloudfront.net *.gstatic.com *.litix.io *.qbank.se *.wistia.com;connect-src 'self' ws: wss: *.akamaihd.net *.analytics.google.com *.aptrinsic.com *.arjo-express.com *.arjo.com *.articulate.com *.bing.com *.cloudfront.net *.cookiebot.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.litix.io *.litix.io *.oribi.io *.qbank.se *.qbank.se *.siteimprove.com *.virtualearth.net *.visualstudio.com *.wistia.com *.wistia.com;img-src 'self' blob: data: http: https: *.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com;child-src data: 'self' blob: *.arjo-express.com *.arjo.com *.azurestaticapps.net *.b2clogin.com *.cookiebot.com *.dxcloud.episerver.net *.episerver.net *.euroland.com *.eurolandir.com *.facebook.com *.google.com *.hotjar.com *.licdn.com *.on24.com *.pardot.com *.powerbi.com *.qbank.se *.siteimprove.com *.vimeo.com *.wistia.com *.wistia.net *.youtube.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://musiciansunion.info https://r1.dotdigital-pages.com https://mail.themu.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://code.jquery.com https://cdnjs.cloudflare.com/ajax/libs/cropper/0.9.3/cropper.min.js https://connect.facebook.net https://platform.twitter.com https://www.instagram.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://embed.typeform.com https://podbean.com https://*.podbean.com https://*.tiktok.com https://*.ttwstatic.com https://plausible.io/js/script.js; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/cropper/0.9.3/cropper.min.css https://fonts.googleapis.com https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css  https://*.ttwstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com tiktok.com *.tiktok.com https://plausible.io/api/event; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://musiciansunion.info https://r1.dotdigital-pages.com https://app.wiredplus.com https://vars.hotjar.com https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://www.google.com https://www.youtube.com https://w.soundcloud.com https://open.spotify.com https://embed.music.apple.com https://player.vimeo.com https://bandcamp.com https://www.facebook.com https://form.typeform.com https://www.crowdcast.io https://podbean.com https://*.podbean.com https://*.audioboom.com tiktok.com *.tiktok.com; img-src 'self' https://*.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://script.hotjar.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://60104d4bbcd8c7f28285dbe7.endpoint.csper.io/; worker-src 'none'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: videa-web.eb.dev videa-web2.eb.dev videa-sec.eb.dev videa-sec2.eb.dev sec.videadev.co.il videa.eb.dev *.videa.eb.dev videadlv.co.il *.videadlv.co.il localhost *.g.doubleclick.net *.googleadservices.com *.taboola.com  *.facebook.net *.facebook.com *.sekindo.com *.google-analytics.com *.googletagmanager.com *.videa.co.il *.bankleumi.co.il *.google.co.il *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.outbrain.com feinteg.user1st.info be.user1st.info 9177976.fls.doubleclick.net 1
frame-ancestors 'self' https://buttercms.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://partner.googleadservices.com https://*.google.com https://tpc.googlesyndication.com https://csi.gstatic.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.google.com; connect-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://csi.gstatic.com; frame-src 'self' https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com; font-src 'self' https://fonts.gstatic.com 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: lcx-embed.bambuser.com dp64mxip2za0c.cloudfront.net widget-mediator.zopim.com d3saea0ftg7bjt.cloudfront.net static.zdassets.com *.cloudmaestro.com cdn.usehero.com www.elemis.com js-agent.newrelic.com www.googletagmanager.com www.google.com bam.nr-data.net bat.bing.com container.pepperjam.com tag.rmp.rakuten.com connect.facebook.net td.yieldify.com *.listrakbi.com cdn.attn.tv rec.smartlook.com www.google-analytics.com *.criteo.net *.us.criteo.com *.eu.criteo.com ut.ra.linksynergy.com custom.yieldify.com *.googleapis.com rec.smartlook.com *.thcdn.com rum-static.pingdom.net googleads.g.doubleclick.net bat.bing.com www.recaptcha.net www.gstatic.com www.googleadservices.com www.dwin1.com userexperience.thehut.net accdn.lpsnmedia.net pay.google.com lptag.liveperson.net na-library.playground.klarnaservices.com *.bazaarvoice.com *.signifyd.com *.akamaihd.net *.criteo.com  *.socialannex.com *.iubenda.com  cdn.iubenda.com intljs.rmtag.com  maxcdn.bootstrapcdn.com tpc.googlesyndication.com widget-mediator.zopim.com *.rewardstyle.com *.braintreegateway.com us.elemis.com uk.elemis.com eu.elemis.com *.klarnaservices.com *.klarnacdn.net *.cardinalcommerce.com js.braintreegateway.com na-library.klarnaservices.com b-code.liadm.com *.iesnare.com *.vimeo.com vimeo.com *.shopstylecollective.com s.pinimg.com ct.pinterest.com *.googleoptimize.com cdn.systema.ai ut.rd.linksynergy.com analytics.tiktok.com i.loopme.me api.addressy.com www.paypalobjects.com sc-static.net *.ascendpartner.com c1.socialannex.com *.paypal.com *.btttag.com acdn.adnxs.com *.clarity.ms *.google.com *.btttag.com *.google-analytics.com *.adnxs.com sc-static.net sslwidget.criteo.com *.duel.me *.pinterest.com *.ordergroove.com *.duel.me *.xtento.com *.livescale.tv *.smartlook.com *.snapchat.com *.permutive.com *.makeupar.com *.contentsquare.net app.contentsquare.com *.onetrust.com *.abtasty.com 1
default-src 'self' https://*.vica.gov.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org onemap.sg https://google.com/recaptcha/api.js http://assets.adobedtm.com/ https://www.googletagmanager.com/ http://va.ecitizen.gov.sg/ https://assets.dcube.cloud/ https://assets.wogaa.sg/ https://app-script.monsido.com/ https://*.vica.gov.sg/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com http://va.ecitizen.gov.sg/ netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://va.ecitizen.gov.sg/ https://assets.wogaa.sg/ https://*.vica.gov.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.amazonaws.com https://va.ecitizen.gov.sg/ https://assets.wogaa.sg/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com http://va.ecitizen.gov.sg/ http://wogadobeanalytics.sc.omtrdc.net/ http://cm.everesttech.net/ https://dpm.demdex.net/ https://tracking.monsido.com/ https://s3-va-vica-common.s3.ap-southeast-1.amazonaws.com/ https://*.vica.gov.sg https://www.mha.gov.sg/ https://d33wubrfki0l68.cloudfront.net/; media-src 'self' data: blob: https://www.youtube.com/ http://www.youtube.com/ https://www.mha.gov.sg/; frame-src 'self' https://forms.cwp.gov.sg/ http://www.youtube.com/ https://www.onemap.sg/ https://cdn.knightlab.com/ https://www.google.com/ https://www.facebook.com/ https://wogaa.demdex.net/ http://fast.wogaa.demdex.net/ https://form.gov.sg/ https://www.onemap.gov.sg/ https://www.youtube.com/; frame-ancestors https://forms.cwp.gov.sg/ https://form.gov.sg/ https://www.youtube.com/ http://www.youtube.com/ 'self'; connect-src 'self' http://va.ecitizen.gov.sg/ http://wogadobeanalytics.sc.omtrdc.net/ http://dpm.demdex.net/ https://snowplow-web.wogaa.sg/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ wss://chat.vica.gov.sg https://*.vica.gov.sg https://www.mha.gov.sg/; 1
frame-ancestors 'self' https://manage.contractormag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
script-src 'self' 'nonce-KBWmE4ei1Qdk45N05uekR3MHBYYjRHZ0FBQVVj' 'unsafe-inline' kingbrand.com www.kingbrand.com shop.kingbrand.com www.googleadservices.com/pagead/conversion.js googleads.g.doubleclick.net/pagead/viewthroughconversion/1002953941/ www.googletagmanager.com/gtag/js;object-src 'none'; base-uri 'self'; 1
default-src 'self' *.associatedasset.com *.aamresales.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io *.vimeocdn.com *.vimeo.com *.youtube.com *.msecnd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.associatedasset.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.hotjar.com *.hotjar.io *.vimeocdn.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.msecnd.net; connect-src 'self' *.associatedasset.com wss://*.associatedasset.com *.google.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io; frame-ancestors 'self' 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.jsdelivr.net https://unpkg.com *.google-analytics.com *.googletagmanager.com https://bam.nr-data.net https://js-agent.newrelic.com/ https://cdn-gl.imrworldwide.com https://secure-sg.imrworldwide.com  *.bootstrapcdn.com *.gstatic.com *.google.com *.cloudflare.com; child-src 'self' www.google.com; frame-src 'self' www.google.com https://secure-sg.imrworldwide.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net https://cdn.jsdelivr.net *.bootstrapcdn.com; frame-ancestors 'self';  object-src 'self'; base-uri 'self'; 1
frame-ancestors https://*.embed.tawk.to; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24newsrf.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self';  style-src 'self' https://unpkg.com https://fonts.googleapis.com https://embed.tawk.to https://client.crisp.chat 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net https://embed.tawk.to https://connect.facebook.net  https://www.google-analytics.com  https://unpkg.com   ajax.googleapis.com https://www.googletagmanager.com https://client.crisp.chat/l.js https://client.crisp.chat/static/javascripts/client.js https://client.crisp.chat 'unsafe-inline' 'unsafe-eval';  media-src *; img-src *  'self' data: https:;  font-src 'self' https://fonts.googleapis.com https://client.crisp.chat https://embed.tawk.to https://fonts.gstatic.com;connect-src 'self' wss://client.relay.crisp.chat  https://client.crisp.chat https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com;frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://drive.google.com/ https://www.google.com/; 1
base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1
frame-ancestors 'self' https://www.hotjar.com/ https://insights.hotjar.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://plugin.monotote.com https://*.smct.co https://smct.co https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://www.pinterest.com blob: https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://smct.io https://*.smct.io; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.glossybox.de https://m.glossybox.de https://checkout.glossybox.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://static.ads-twitter.com https://*.twitter.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://smct.co https://*.smct.co https://*.tribalfusion.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.shoplooks.com https://slooks.top https://slooks.me https://s.pinimg.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://ucarecdn.com https://apps.storystream.ai https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self' https: 1
frame-ancestors 'self' https://erleben.landshut.de/ 1
default-src 'self' 'unsafe-inline' data: https://updown.io https://*.updown.io https://www.paypalobjects.com https://cdn.headwayapp.co http://headway-widget.net; font-src 'self' https: data: 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: http://*.gstatic.com:* https://*.intercom.io:* https://*.intercomcdn.com:* http://*.lightboxcdn.com:* https://www.lightboxcdn.com:* https://*.doubleclick.net:* https://*.google-analytics.com:* https://*.googleoptimize.com:* https://*.googletagmanager.com:* https://*.gstatic.com:* https://acsbapp.com:* https://assets.adobedtm.com:* https://cdn.abrankings.com:* https://connect.facebook.net:* https://js.adsrvr.org:* https://snap.licdn.com:* https://tags.srv.stackadapt.com:* https://*.youtube.com:* http://*.youtube.com:* https://*.digioh.com:* https://*.hotjar.com:* https://*.salesforce.com:* https://*.salesforceliveagent.com:* https://*.salesforce-sites.com:* https://*.force.com:*; frame-ancestors 'self' data: https://match.adsrvr.org:* https://*.salesforce.com:* https://*.salesforceliveagent.com:*; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: wss: data: http://lightboxcdn.com:* http://www.lightboxcdn.com:* https://www.lightboxcdn.com:* https://*.akcpetinsurance.com:* https://*.contentful.com:* https://*.ctfassets.net:* https://*.google-analytics.com:* https://*.googletagmanager.com:* https://*.gstatic.com:* https://*.shopperapproved.com:* https://*.vercel.live:* https://*.google.com:* https://api.iterable.com:* https://assets.adobedtm.com:* https://cdn.abrankings.com:* https://*.acsbapp.com:* https://acsbapp.com:* https://cdn.linkedin.oribi.io:* https://fonts.googleapis.com:* https://*.adsrvr.org:* https://px.ads.linkedin.com:* https://www.googleadservices.com:* https://images.ctfassets.net:* https://px.ads.linkedin.com:* https://www.facebook.com:* https://www.google.com:* https://www.google.ca:* https://google-analytics.com:* https://tags.srv.stackadapt.com:* https://*.youtube.com:* http://*.youtube.com:* https://*.intercom.io:* https://*.digioh.com:* https://*.hotjar.com:* https://*.intercomcdn.com:* https://*.intercomassets.com:* https://intercom-sheets.com:* https://*.doubleclick.net:* https://*.googlesyndication.com:* https://*.salesforce.com:* https://*.salesforceliveagent.com:* https://*.salesforce-sites.com:* https://*.force.com:*; 1
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation; base-uri 'self'; form-action 'self' 1
font-src fonts.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com api.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io bat.bing.com cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.attn.tv bat.bing.com cdnjs.cloudflare.com cdn.avmws.com ssl.avmws.com cdn.livechatinc.com api.livechatinc.com *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static-tracking.klaviyo.com static.klaviyo.com cdn.livechatinc.com api.livechatinc.com *.googleapis.com *.cloudflare.com *.turnto.com https://static.klaviyo.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.attn.tv cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com events.attentivemobile.com outdoorgearexchange.attn.tv ssl.avmws.com api.livechatinc.com *.arizonreports.cloud *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
default-src 'none'; child-src 'self' www.youtube.com www.googletagmanager.com; connect-src 'self' *.typekit.net *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net *.ads.linkedin.com metrics.hotjar.io vc.hotjar.io; font-src 'self' *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com data:; frame-src 'self' *.youtube.com www.youtube-nocookie.com www.googletagmanager.com recaptcha.google.com www.google.com; img-src 'self' *.jandenul.com *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com *.ads.linkedin.com *.basemaps.cartocdn.com www.google-analytics.com data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'report-sample' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net *.licdn.com tagmanager.google.com www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' www.google-analytics.com *.linkedin.com stats.g.doubleclick.net; base-uri 'self'; form-action 'self' http://staging.jdn-ds-jandenulcom.calibrate.dev; frame-ancestors 'self'; report-uri https://www.jandenul.com/log-report-uri/enforce; block-all-mixed-content 1
default-src 'self' cibng.ibanking-services.com *.ellieservices.com *.docusign.ne; font-src 'self' cibng.ibanking-services.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.johnsonfinancialgroup.com cibng.ibanking-services.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qualtrics.com *.cloudfront.net *.googleapis.com *.johnsonfinancialgroup.com cibng.ibanking-services.com *.episerver.net *.addthis.com *.addthisedge.com *.moatads.com *.onlineaccess1.com *.levelaccess.net *.marketo.net *.pdst.fm *.ads-twitter.com *.crazyegg.com *.twitter.com *.pinimg.com *.adsrvr.org *.adform.net *.doubleclick.net *.facebook.net *.licdn.com *.google-analytics.com *.googletagmanager.com *.google.com *.visualstudio.com *.msecnd.net *.gstatic.com *.ellieservices.com *.docusign.net; img-src 'self' data: *; connect-src 'self' cibng.ibanking-services.com *.qualtrics.com *.oribi.io *.googleapis.com *.crazyegg.com *.addthis.com *.levelaccess.net *.cloudfunctions.net *.google-analytics.com *.google.com *.mktoresp.com *.pinterest.com *.doubleclick.net *.visualstudio.com run.mocky.io *.ellieservices.com *.docusign.net; frame-src 'self' *.libsyn.com *.buzzsprout.com *.qualtrics.com *.johnsonfinancialgroup.com *.docusign.com *.docusign.net *.ellielabs.com *.ellieservices.com *.elliemae.com *.pinterest.com cibng.ibanking-services.com *.vimeo.com *.addthis.com *.agentinsure.com *.locatorsearch.com *.facebook.com *.google-analytics.com *.google.com *.doubleclick.net *.brainshark.com lifehappenspro.org *.adsrvr.org; worker-src 'self' blob: *.johnsonfinancialgroup.com *.ellieservices.com *.docusign.ne; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; object-src 'self' 1
frame-ancestors https://goloadup.com 1
script-src 'unsafe-eval' 'self' blob: *.bcbsmt.com *.convertlanguage.com *.walkme.com *.jquery.com *.brightcove.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-wdeGPZ1HJ+lMQiVfS4znvmAO3Fmlc1V4FXPoN7598Kk=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-SwyKbZ54VAT7TGzBcl3GoAg00lZI99A0vLQ3BHuFvUY=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.bcbsmt.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://proandroiddev.com https://*.proandroiddev.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://* *.sprylabprojects.com resource://* 1
frame-ancestors 'self' https://*.ph-karlsruhe.de; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=entertainment&region=US&lang=en-US&device=desktop&yrid=08skuqdiquddi&partner=; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-h3WJ6SXFl7RtxJ1aqKIFDRQsC3VdEG4AltcoaiKCsGhgFMeK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://adminwebops.buysubscriptions.com 1
frame-ancestors 'self' texas.simpleviewcms.com www.traveltexas.com; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ZGNmMTdhOTItZmQ2Ny00ZWFhLThlNzYtYWExOTUxZWJiZTdk'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://*.fh-kaernten.at; upgrade-insecure-requests 1
default-src 'unsafe-inline' self *.toytoy.ir ajax.aspnetcdn.com *.sendpulse.com *.pegah.tech *.mediaad.org cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.mediaad.org *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.gstatic.com; img-src 'unsafe-inline' *.amazonaws.com c.bing.com *.sendpulse.com *.toytoy.ir trustseal.enamad.ir *.google.com *.google.nl *.clarity.ms *.gstatic.com data: www.google-analytics.com *.sendpulse.com *.googletagmanager.com *.yandex.ru yastatic.net *.amazonaws.com *.yandex.net; frame-src *.pegah.tech *.mediaad.org *.toytoy.ir toytoy.ir *.yektanet.com *.sendpulse.com *.clarity.ms *.aparat.com *.google.com trustseal.enamad.ir *.gstatic.com; font-src 'unsafe-inline' 'self' *.googleusercontent.com *.searchanise.com *.sendpulse.com *.toytoy.ir *.google.com data: ;connect-src self *.toytoy.ir *.pegah.tech *.mediaad.org ajax.aspnetcdn.com *.sendpulse.com cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.gstatic.com https://pushdata.sendpulse.com:4434 1
default-src 'unsafe-inline' 'unsafe-eval' https; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com ajax.googleapis.com *.doubleclick.net use.typekit.net www.google.com cdn.datatables.net www.googleadservices.com code.jquery.com www.googletagmanager.com www.google-analytics.com platform.twitter.com *.facebook.net *.qssupplies.co.uk api.mailgun.net files.qssupplies.co.uk *.cloudflare.com *.jsdelivr.net kit.fontawesome.com *.sagepay.com *.neomam.com widget.trustpilot.com *.searchspring.io s.pinimg.com bat.bing.com secure.checkrate.co.uk *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net files.qssupplies.co.uk *.cloudflare.com *.googletagmanager.com; img-src 'self' data: *.qssupplies.co.uk p.typekit.net www.google.com www.google.co.in stats.g.doubleclick.net files.qssupplies.co.uk www.google-analytics.com i.ytimg.com *.cloudfront.net *.googletagmanager.com https://fonts.gstatic.com ct.pinterest.com googleads.g.doubleclick.net 6f0vtr.a.searchspring.io bat.bing.com *.google.co.uk *.clarity.ms; font-src 'self' data: use.typekit.net fonts.gstatic.com files.qssupplies.co.uk *.fontawesome.com *.cloudflare.com; connect-src * https://www.qssupplies.co.uk/ https://api.ideal-postcodes.co.uk/ https://api.mailgun.net/ performance.typekit.net; media-src 'self'; object-src 'none'; frame-src https://bid.g.doubleclick.net https://www.youtube.com https://www.qssupplies.co.uk *.facebook.com *.twitter.com *.google.com *.googletagmanager.com *.sagepay.com *.qssupplies.co.uk *.neomam.com widget.trustpilot.com ct.pinterest.com player.vimeo.com td.doubleclick.net 1
default-src 'self' 'unsafe-inline'; connect-src 'self' https://www.1c-bitrix.ru/ https://bitrix.info https://mc.yandex.ru/clmap/ https://mc.yandex.ru/watch/ https://mc.yandex.ru/webvisor/ https://yandex.ru/clck/ https://cdn.ampproject.org/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; font-src 'self' data: https://fonts.gstatic.com https://w.uptolike.com https://yastatic.net https://maxcdn.bootstrapcdn.com/; frame-src https://yandex.ru/map-widget/ https://vk.com/ https://www.nsktv.ru/bitrix/ https://frontend.vh.yandex.ru https://mc.yandex.md https://player.smotrim.ru https://w.uptolike.com https://www.youtube.com/; img-src 'self' data: https://marketplace.1c-bitrix.ru/ https://mc.yandex.ru https://www.tns-counter.ru https://counter.yadro.ru/ https://px201.medhills.ru/ blob: ; script-src-elem 'self' 'unsafe-inline' https://cdn.ampproject.org/ https://vk.com/js/api/ https://bitrix.info/ https://www.tns-counter.ru/ https://mc.yandex.ru/ https://an.yandex.ru/system/ https://yastatic.net/ https://fonts.googleapis.com/ https://w.uptolike.com/widgets/v1/ https://supraneet.ru/minus/ https://af.click.ru/; script-src 'unsafe-eval' 'unsafe-inline' blob: ; media-src 'self' 1
default-src 'self' tassphoto.com tassphoto.ru; style-src 'self' tassphoto.com tassphoto.ru 'unsafe-inline'; img-src 'self' *.tassphoto.com *.tassphoto.ru data: https:; script-src 'self' mc.yandex.ru yastatic.net tassphoto.com tassphoto.ru 'unsafe-inline' 'unsafe-eval'; media-src 'self' tassphoto.com tassphoto.ru; connect-src 'self' mc.yandex.ru; frame-src 'self' blob: mc.yandex.ru; font-src 'self' tassphoto.com tassphoto.ru data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com  *.cloudflare.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.googleapis.com stats.g.doubleclick.net *.google-analytics.com; font-src 'self' *.gstatic.com; frame-src 'self' *.google.com.my *.facebook.com *.google.com; img-src 'self' *.google-analytics.com *.google.com *.google.com.my; manifest-src 'self'; media-src 'self'; report-uri https://63dbeaac1110c9e871bfd13e.endpoint.csper.io/?v=2; worker-src https://www.maskargo.com; 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.ec/report-uri/enforce 1
child-src blob: https://*.afilio.de; connect-src https://*.afilio.de https://*.algolia.net https://*.etrusted.com https://*.getvero.com https://*.hotjar.com https://*.hotjar.io https://*.trustedshops.com https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://us-central1-afilio-de.cloudfunctions.net wss://*.afilio.de wss://*.hotjar.com wss://*.upscope.io; default-src 'none'; font-src https://*.afilio.de https://*.hotjar.com; frame-ancestors https://*.afilio.de; frame-src blob: https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.hotjar.com https://afilio-de.firebaseapp.com/ https://calendly.com; img-src data: https://*.afilio.de https://*.hotjar.com https://*.trustedshops.com; manifest-src https://*.afilio.de; media-src https://*.afilio.de; object-src https://*.afilio.de; script-src https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.getvero.com https://*.hotjar.com https://*.trustedshops.com https://*.upscope.io https://apis.google.com https://d3qxef4rp70elm.cloudfront.net; style-src 'unsafe-inline' https://*.afilio.de; report-uri https://o1357534.ingest.sentry.io/api/4504418313502720/security/?sentry_key=213bcc9a958643b79f4762ab22959b99 1
default-src 'self' *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src *;font-src *;object-src *;media-src * 1
default-src 'self' https://*.chatlio.com; img-src * data:; style-src *  'unsafe-inline' 'unsafe-eval' https://*.chatlio.com; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' zapier.com *.zapier.com *.braintreegateway.com *.cardinalcommerce.com *.paypalobjects.com *.paypal.com *.paypalobjects.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.cookiebot.com *.gstatic.com *.chatlio.com *.msecnd.net; object-src 'none'; form-action 'self' *.google.com *.facebook.com *.microsoftonline.com *.linkedin.com zapier.com *.zapier.com *.cardinalcommerce.com; font-src * data:; connect-src 'self' *.cookiebot.com wss://*.enalyzer.com *.unsplash.com https://*.chatlio.com wss://*.chatlio.com wss://ws.pusherapp.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.services.visualstudio.com *.chatlio.com *.googlesyndication.com *.google.com *.doubleclick.net *.google-analytics.com *.applicationinsights.azure.com; frame-src 'self' youtube.com www.youtube.com *.braintreegateway.com *.google.com *.doubleclick.net *.paypal.com *.cardinalcommerce.com *.kaptcha.com *.cookiebot.com *.enalyzer.com https://surveys.enalyzer.com; base-uri 'self'; child-src *.braintreegateway.com *.paypal.com; manifest-src 'self' enalyzer.com www.enalyzer.com 1
frame-ancestors 'self' https://*.childrensomaha.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' resource: blob: *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.sleeknote.com *.googletagmanager.com *.convertize.io *.convertexperiments.com *.polyfill.io *.driftt.com *.qualtrics.com *.adform.net *.app-us1.com *.osano.com *.typekit.net *.licdn.com *.hotjar.com *.hotjar.io *.doubleclick.net *.youtube.com *.mouseflow.com *.trengo.eu trackcmp.net *.wistia.com *.adsrvr.org *.gstatic.com *.vimeo.com vimeo.com *.wistia.com static.srcspot.com ;img-src 'self' data: d3b71lwf7xoduu.cloudfront.net *.execute-api.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com s3.eu-central-1.amazonaws.com www.softcat.com *.driftt.com *.google-analytics.com *.linkedin.com *.sleeknote.com *.googletagmanager.com *.youtube.com *.concrete5.org *.concretecms.com *.rawnet.com *.softcat.com *.qualtrics.com *.google.com *.google.co.uk *.vimeo.com vimeo.com *.wistia.com *.ytimg.com *.vimeocdn.com ;child-src 'self' blob: *.driftt.com *.youtube.com *.vimeo.com vimeo.com *.adform.net *.investis.com *.wirewax.com *.softcat.com *.qualtrics.com *.adsrvr.org *.gstatic.com *.google.com *.google.co.uk *.doubleclick.net ;default-src 'self' 'unsafe-inline' www.softcat.com blob: data: *.google.com *.google-analytics.com *.qualtrics.com *.youtube.com *.vimeo.com vimeo.com ;worker-src 'self' blob: www.softcat.com *.youtube.com *.vimeo.com vimeo.com ;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.driftt.com *.googleapis.com *.google.com *.typekit.net *.youtube.com *.vimeo.com vimeo.com ;connect-src 'self' *.api.brightcove.com *.brightcove.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.oribi.io *.qualtrics.com *.doubleclick.net *.osano.com *.bugsnag.com *.trengo.eu *.execute-api.eu-central-1.amazonaws.com *.mouseflow.com *.acast.com *.youtube.com *.vimeo.com vimeo.com *.wistia.com ;object-src data: 'unsafe-eval' image/svg+xml blob: *.youtube.com *.vimeo.com vimeo.com *.wistia.com ;media-src 'self' *.brightcove.com blob: *.trengo.eu *.qualtrics.com *.acast.com *.youtube.com *.vimeo.com vimeo.com *.wistia.com ;font-src 'self' data: *.gstatic.com *.typekit.net *.bootstrapcdn.com *.cloudflare.com *.wistia.com ;form-action 'self' *.qualtrics.com www.softcat.com *.youtube.com *.vimeo.com vimeo.com ;frame-ancestors 'self' www.softcat.com *.youtube.com *.vimeo.com vimeo.com ; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-yfg6vV5ovaB2u+32n42M8RqrJrMK+4Wk5rfmHz1m8FKEr1Jz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://e1.envoke.com https://engage.envoke.com/ext/embed/engagements/ https://eml.envoke.com/ext/embed/engagements/ https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://widget.intercom.io/widget/ev9a263d https://w338l7p6z1nt.statuspage.io https://files.envoke.com/web_files/812/scripts/nvk.js https://player.vimeo.com/api/player.js https://sc.lfeeder.com/lftracker_v1_bElvO73rqp18ZMqj.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/ba2b83a682.js https://ct.capterra.com/capterra_tracker.js https://cdnjs.cloudflare.com/ajax/libs/ https://unpkg.com/micromodal/dist/micromodal.min.js https://unpkg.com/alpinejs https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js; style-src 'self' 'unsafe-inline' data: https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://e1.envoke.com/css/nvk-content.min.css https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css; img-src 'self' http: https: data: https://e1.envoke.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://capterra.s3.amazonaws.com/assets/images/ https://assets.capterra.com; connect-src 'self' https://*.envoke.com/form.php https://*.google.com https://*.google.ca https://*.google.co.uk https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://stats.g.doubleclick.net https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://fonts.intercomcdn.com/messenger-m4/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/; media-src 'self' https://js.intercomcdn.com; child-src 'self' https://*.google.com https://td.doubleclick.net https://player.vimeo.com https://w338l7p6z1nt.statuspage.io; frame-ancestors 'self'; report-to envoke-csp; report-uri https://envoke.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-xxEhr83u0lxKONy0yDu4+w=='; 1
default-src 'self' https://api.mapbox.com; script-src 'report-sample' 'self' https://api.mapbox.com https://connect.facebook.net https://d2iiunr5ws5ch1.cloudfront.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://www.bugherd.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://maps.googleapis.com https://www.tfaforms.com https://unicefau.elmotalent.com.au https://embed.typeform.com https://e.infogram.com/ https://c.paypal.com https://www.paypal.com https://tgbwidget.com https://www.googleadservices.com https://s.pinimg.com https://secure.quantserve.com https://*.igodigital.com https://*.hotjar.com https://*.tvsquared.com https://*.yimg.com https://*.ads-twitter.com https://analytics.ads-twitter.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://rules.quantcount.com https://c1.rfihub.net https://*.rfihub.com https://*.bugherd.com https://*.pusher.com https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://bugherd-attachments.s3.amazonaws.com https://ws.pusherapp.com https://screenshots.bugherd.com https://sdks.shopifycdn.com https://*.getwhichit.com https://www.getwhichit.com https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://pay.google.com https://c5.adalyser.com https://platform.twitter.com https://*.mouseflow.com https://*.googleoptimize.com https://capi.unicef.org.au https://cdnjs.cloudflare.com https://snap.licdn.com https://cdn.jsdelivr.net/ https://bat.bing.com https://www.clarity.ms https://atag.adgile.media https://cdn.mida.so https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://www.buzzsprout.com 'unsafe-eval' 'unsafe-inline'; style-src 'report-sample' 'self' 'unsafe-inline' https://d2iiunr5ws5ch1.cloudfront.net https://fonts.googleapis.com https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://www.tfaforms.com https://*.youtube.com https://*.hotjar.com https://tgbwidget.com https://d2iiunr5ws5ch1.cloudfront.net https://optimize.google.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://embed.typeform.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://api.mapbox.com https://events.mapbox.com https://rn4zthyb0f-dsn.algolia.net https://sf.unicef.org.au https://unicefaustralia--wit.sandbox.my.site.com https://unicefaustralia--full.sandbox.my.site.com https://*.vimeo.com https://vimeo.com https://*.facebook.net https://*.facebook.com https://www.bugherd.com wss://ws.pusherapp.com https://www.tfaforms.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.hotjar.com https://hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tgbwidget.com https://www.paypal.com https://*.pusher.com https://sessions.bugsnag.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://ws.pusherapp.com https://screenshots.bugherd.com https://sessions.bugsnag.com https://*.algolianet.com https://s.yimg.com https://ct.pinterest.com https://analytics.tiktok.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://monorail-edge.shopifysvc.com https://unicef-australia-inspired-gifts.myshopify.com https://*.getwhichit.com https://www.getwhichit.com https://maps.googleapis.com https://capi.unicef.org.au https://cdn.linkedin.oribi.io https://shop.unicef.org.au https://*.clarity.ms https://google.com https://pay.google.com https://www.sandbox.paypal.com https://atag.adgile.media https://analytics.pangle-ads.com https://bat.bing.com https://api.howuku.com https://dev.visualwebsiteoptimizer.com https://*.ads.linkedin.com https://api.typeform.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://*.hotjar.com https://assets-us-01.kc-usercontent.com; frame-ancestors 'self' https://app.kontent.ai https://unicefaustralia--wit.sandbox.my.site.com https://lookerstudio.google.com https://shop.unicef.org.au https://admin.shopify.com https://unicef-australia-inspired-gifts.myshopify.com https://online-store-web.shopifyapps.com; frame-src 'self' https://player.vimeo.com https://unicefau.elmotalent.com.au https://*.youtube.com https://*.facebook.com https://*.doubleclick.net https://ct.pinterest.com https://www.google.com https://unicefaustralia.typeform.com https://www.typeform.com https://e.infogram.com https://tgbwidget.com https://c.paypal.com https://www.paypal.com https://*.hotjar.com https://*.rfihub.com https://*.getwhichit.com https://www.getwhichit.com https://form.typeform.com https://platform.twitter.com https://optimize.google.com https://e.issuu.com https://*.bugherd.com https://bugherd.com https://unicefaustralia--wit.sandbox.my.site.com https://sf.unicef.org.au https://pay.google.com https://www.sandbox.paypal.com https://app.vwo.com https://wit-custom.unicef.au https://dev-wit-custom.unicef.au https://www.buzzsprout.com; img-src 'self' data: https://assets-us-01.kc-usercontent.com https://preview-assets-us-01.kc-usercontent.com https://d2iiunr5ws5ch1.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.vimeocdn.com https://*.yimg.com https://*.ytimg.com https://ade.googlesyndication.com https://*.hotjar.com https://tgbwidget.com https://*.paypal.com https://b.stats.paypal.com https://www.paypal.com https://d2iiunr5ws5ch1.cloudfront.net https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://*.bugherd.com data: https://pixel.quantserve.com https://pxl.qccerttest.com https://sp.analytics.yahoo.com https://t.co https://*.twitter.com https://*.pinterest.com https://*.tvsquared.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://cdn.shopify.com https://*.getwhichit.com https://www.tfaforms.com https://c5.adalyser.com https://picsum.photos https://www.gstatic.com https://www.paypalobjects.com https://px.ads.linkedin.com https://*.shopifycdn.com https://bat.bing.com https://prreqcroab.icu https://*.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com; manifest-src 'self'; media-src 'self'; report-uri https://631568e523064c2afafa7168.endpoint.csper.io/?v=0; worker-src blob: 1
script-src 'strict-dynamic' https: 'self' 'nonce-x8k5JiESess93wHyoDGarL2mE8ZL+g0JCu+zDqV/30o='; object-src 'none'; base-uri 'none'; form-action 'self' https://live.ekashu.com; frame-ancestors 'self'; style-src 'unsafe-inline' https: 'self'; style-src-attr 'unsafe-inline'; frame-src 'self' e.issuu.com player.vimeo.com 1
default-src 'self' ; script-src 'self' https: 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline'; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' *.gstatic.com; frame-src *.google.com *.youtube.com *.youtu.be *.vimeo.com *.gstatic.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http:; frame-ancestors 'self' https://integrator.io/ https://eu.integrator.io/ https://staging.integrator.io/ http://localhost:6006 http://localhost.io:4000/ https://celigo.github.io/ http://165.232.183.57/ https://qa.staging.integrator.io/ https://iaqa.staging.integrator.io/ https://qaprod.staging.integrator.io/ https://platform1.dev.integrator.io/ https://platform2.dev.integrator.io/ https://core.dev.integrator.io/ https://discover.celigo.com/ https://platform5.dev.integrator.io/; 1
default-src 'self' https://maps.googleapis.com;script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com www.gstatic.com www.googletagmanager.com cookie-cdn.cookiepro.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com;img-src 'self' https://secure.gravatar.com maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://telpark.cmspro.telpark.com https://www.googletagmanager.com https://www.google.es/ https://telpark.com/ https://stats.g.doubleclick.net data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/;connect-src 'self' https://*.google-analytics.com cookie-cdn.cookiepro.com https://maps.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://geolocation.onetrust.com https://region1.analytics.google.com https://stats.g.doubleclick.net/; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-446f67d6fdb8f6354add22e7da3b17c4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' data:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com maps.googleapis.com browser-update.org googleapis.com polyfill.io *.googleapis.com *.polyfill.io google-analytics.com stats.g.doubleclick.net;  style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none';  base-uri 'self';  connect-src 'self' stats.g.doubleclick.net maps.googleapis.com *.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.marketdata.feeds.iress.com videos.gold.org *.youtube.com; img-src 'self' *.googletagmanager.com *.google-analytics.com data: maps.googleapis.com maps.gstatic.com thevault.exchange i.ytimg.com *.staticflickr.com; manifest-src 'self';  media-src 'self' thevault.exchange;  worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.coveo.com *.cloudflare.com *.cookielaw.org *.onetrust.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com *.gstatic.com code.jquery.com *.doubleclick.net *.youtube.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-I74BOR4Vn3dZQC+z1B+ASw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://matomo.liberties.eu https://use.typekit.net https://polyfill.io https://js.stripe.com https://www.recaptcha.net https://www.gstatic.com https://d1072trjkrt9qn.cloudfront.net 1
style-src 'unsafe-inline' 'self' *.accesswca.com *.nuance.com *.wellsfargo.com:* *.wellsfargo.net; script-src 'self' 'nonce-b439e64f-d735-4947-a922-1f93adc60160' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.accesswca.com *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net; img-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:;	 default-src 'none'; connect-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:; frame-src 'self' *.wf.com *.advanced-web-analytics.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data: *.accesswca.com; font-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:; media-src 'self' *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.accesswca.com *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dresden.network; img-src 'self' https: data: blob: https://dresden.network; style-src 'self' https://dresden.network 'nonce-ZFq2AINCeOTH0eKs5wt5XQ=='; media-src 'self' https: data: https://dresden.network; frame-src 'self' https:; manifest-src 'self' https://dresden.network; form-action 'self'; child-src 'self' blob: https://dresden.network; worker-src 'self' blob: https://dresden.network; connect-src 'self' data: blob: https://dresden.network https://dresden.s3proxy.de wss://dresden.network; script-src 'self' https://dresden.network 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.arvato-systems-media.net https://*.bic-media.com 1
default-src 'self' *.jala.tech *.intercomcdn.com app.posthog.com; connect-src 'self' analytics.google.com analytics.tiktok.com *.google-analytics.com stats.g.doubleclick.net *.jala.tech app.posthog.com js.hs-banner.com *.hubspot.com api.hubapi.com *.hsforms.com *.intercom.io *.s3.amazonaws.com wss: forms.hscollectedforms.net noembed.com www.facebook.com api.vercel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.tiktok.com *.intercom.io *.intercomcdn.com *.google-analytics.com *.google.com *.gstatic.com *.jala.tech js.hs-scripts.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net app.posthog.com js.hsforms.net connect.facebook.net js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com *.youtube.com; child-src 'self' *.jala.tech; style-src 'self' 'unsafe-inline' *.jala.tech fonts.googleapis.com *.googleapis.com data: 'unsafe-hashes'; frame-src 'self' *.jala.tech bid.g.doubleclick.net *.hsforms.net *.google.com *.hsforms.com www.youtube.com www.facebook.com; img-src 'self' blob: data: https: *.jala.tech; font-src 'self' *.jala.tech fonts.gstatic.com fonts.googleapis.com data: *.intercomcdn.com data:; media-src 'self' *.jala.tech www.youtube.com js.intercomcdn.com m.youtube.com; object-src 'self' *.jala.tech data:; worker-src 'self' blob: *.jala.tech; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://union.place; img-src 'self' https: data: blob: https://union.place; style-src 'self' https://union.place 'nonce-YlOAS+yyNjr/xhUPg5aB+Q=='; media-src 'self' https: data: https://union.place; frame-src 'self' https:; manifest-src 'self' https://union.place; form-action 'self'; child-src 'self' blob: https://union.place; worker-src 'self' blob: https://union.place; connect-src 'self' data: blob: https://union.place https://media.union.place wss://union.place; script-src 'self' https://union.place 'wasm-unsafe-eval' 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.bg https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.bg https://tags.tiqcdn.com https://www.dm-drogeriemarkt.bg; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.bg https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm-drogeriemarkt.bg https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.bg https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.bg https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.bg https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.bg https://signin.dm-drogeriemarkt.bg; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
frame-ancestors 'self' twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://analytics.twitter.com https://apis.google.com https://cdn.syndication.twimg.com https://content.linkedin.com https://connect.facebook.net https://emailoctopus.com https://en.twitter.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://m.youtube.com https://maps.googleapis.com https://maps.google.com https://platform.twitter.com https://platform.linkedin.com https://static.ads-twitter.com https://static-exp1.licdn.com https://snap.licdn.com https://t.co https://tagmanager.google.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com emailoctopus.com fonts.googleapis.com platform.twitter.com ton.twimg.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com www.youtube.com www.googletagmanager.com;frame-src 'self' https://maps.google.com  https://www.google.com;base-uri 'self';form-action 'self' *.facebook.com *.twitter.com connect.facebook.net;worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ https://v2.zopim.com/ data:; object-src 'self' https://www.youtube.com/; img-src 'self' https://fonts.gstatic.com/ https://www.stormware.cz/ http://www.mojepohoda.cz/ https://ssl.google-analytics.com/ https://www.adobe.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://v2.zopim.com https://www.google.com https://www.google-analytics.com https://www.google.cz https://i.ytimg.com https://stormware.bot.artin.cz https://c.seznam.cz https://stats.g.doubleclick.net https://www.facebook.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com data:; child-src https://www.youtube.com https://www.instagram.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.googletagmanager.com/; media-src 'self' https://stormware.bot.artin.cz/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://s.ytimg.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://code.createjs.com/ https://maps.googleapis.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://widget-mediator.zopim.com https://www.instagram.com https://www.googletagmanager.com https://www.google-analytics.com https://stormware.bot.artin.cz https://*.seznam.cz  https://connect.facebook.net https://*.clarity.ms; connect-src 'self' https://*.googlesyndication.com https://*.googleapis.com https://*.google-analytics.com wss://stormware.bot.artin.cz/ https://stormware.bot.artin.cz/ https://*.clarity.ms https://stats.g.doubleclick.net; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/; frame-src https://www.facebook.com/ 'self' https://*.doubleclick.net https://www.youtube.com https://www.instagram.com https://www.youtube-nocookie.com https://youtu.be/ 1
frame-ancestors 'self' https://admin.darlingharbour.com http://admin.darlingharbour.com:60006 https://www.darlingharbour.com http://www.darlingharbour.com:40006 1
upgrade-insecure-requests; report-uri https://jobs.teleperformance.com/privacy-policy/; form-action 'self'; object-src 'none'; script-src http: https: data: 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://scout-cdn.salesloft.com https://bat.bing.com https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://s0.wp.com https://static.hsappstatic.net https://bam.nr-data.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.usemessages.com https://js.hs-banner.com https://js.hsleadflows.net https://connect.facebook.net https://js-agent.newrelic.com https://js.hsforms.net https://www.google.com https://jobs.jobvite.com https://www.gstatic.com https://stats.wp.com https://s2.wp.com https://*.duosecurity.com https://widgets.wp.com https://*.wp.com https://js.adsrvr.org https://js.hscollectedforms.net https://*.hscollectedforms.net https://*.addtoany.com https://*.sf-syn.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://c.sf-syn.com/conversion_js?slug=Spok-Care-Connect https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://s0.wp.com https://*.wp.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://www.spok.com https://pixel.wp.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://analytics.twitter.com https://track.hubspot.com https://www.facebook.com https://p.adsymptotic.com https://test-spok-gov.pantheonsite.io https://dev-spok-gov.pantheonsite.io https://live-spok-gov.pantheonsite.io https://perf.hsforms.com https://s2.wp.com https://i0.wp.com https://*.wp.com https://forms.hsforms.com https://*.hsforms.com https://forms-na1.hsforms.com https://*.addtoany.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://c.sf-syn.com/conversion_js?slug=Spok-Care-Connect https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://bam.nr-data.net https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com https://js-agent.newrelic.com https://js.hs-banner.com https://cdn.linkedin.oribi.io https://scout.salesloft.com https://bat.bing.com https://www.facebook.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://yoast.com https://*.wp.com https://*.hsforms.com https://*.hscollectedforms.net https://js.hscollectedforms.net https://*.addtoany.com https://c.sf-syn.com https://c.sf-syn.com/conversion_js?slug=Spok-Care-Connect https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://widgets.wp.com https://static.hsappstatic.net https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org/ https://jobs.jobvite.com https://www.google.com https://js.hsforms.net https://*.duosecurity.com https://app.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://js.hscollectedforms.net/collectedforms.js https://js.hscollectedforms.net https://*.hscollectedforms.net https://*.addtoany.com https://*.sf-syn.com https://googleads.g.doubleclick.net https://9171557.fls.doubleclick.net https://*.doubleclick.net https://c.sf-syn.com https://c.sf-syn.com/conversion_js?slug=Spok-Care-Connect https://script.hotjar.com https://insight.adsrvr.org/ https://*.adsrvr.org/ *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spok.com?gdsih-csp-report; 1
frame-ancestors 'self' https://verintimsstg.crm.dynamics.com https://verintims.crm.dynamics.com https://egdemo.eg.lab.local https://*.verintcloudservices.com https://*.egportal.co.uk https://*.egportal.com https://verintimsdev2.crm.dynamics.com https://verintdev.service-now.com https://verint.service-now.com https://verintqa.service-now.com https://verintcloud.service-now.com https://verintcloudqa.service-now.com https://verinttemp.service-now.com https://ptev152mt2.telab.local https://stage.connect.verint.com/ https://efm.sandbox.vovici.com https://efmpreview.verintefm.com https://staging.qudini.com; 1
default-src 'self' via.placeholder.com 172.16.9.107:8080 *.cookiefirst.com www.etracker.de www.dtvp.de 'unsafe-inline' nbank.myaudience.de search.nbank.de data:; 		media-src 'self'; 		font-src 'self' fonts.gstatic.com data:; 		style-src 'self' fonts.googleapis.com *.cookiefirst.com https://unpkg.com/leaflet@1.7.1/dist/leaflet.css 'unsafe-inline'; 		script-src 'self' 172.16.9.107:8080 *.cookiefirst.com www.etracker.de *.etracker.com 81.173.216.176/umrp/ www.dtvp.de nbank.myaudience.de 'unsafe-inline'; 		img-src 'self' https://unpkg.com/leaflet@1.7.1/dist/images/ *.tile.openstreetmap.org/ https://mafo1.myaudience.de/ www.kununu.com/de/partner/ data:; 		frame-src www.youtube.com www.youtube-nocookie.com www.podcaster.de innomatch.nds.de; 	 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de threedssvc.pay1.de gpc-sys.pay1.de www.paypal.com www.paydirekt.de www.sofort.com ratenkauf.easycredit.de www.koempf24.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.paydirekt.de https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com 1
default-src 'self' 'unsafe-inline' * data: blob: 'unsafe-eval'; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.googleapis.com https://*.recaptcha.net https://*.akamaihd.net https://*.translate.naver.net https://www.zenaps.com https://tr.snapchat.com https://ln-rules.rewardstyle.com https://www.youtube.com https://cdn-akamai.mookie1.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://gum.criteo.com https://www.pinterest.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://analytics.tiktok.com https://privacyportal-eu.onetrust.com https://*.wepowerconnections.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://*.no7beauty.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://connect.facebook.net https://*.pinimg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.recaptcha.net https://*.gstatic.com https://*.googleapis.com https://*.gstatic.cn https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.zenaps.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://geolocation.onetrust.com https://www.youtube.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.amazonaws.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.criteo.net https://*.criteo.com https://www.dwin1.com https://*.awin1.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://fonts.googleapis.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
report-uri https://www.master.118000.preprod.gp-int.fr/contact.html; base-uri 'self' https://apis.google.com https://sle.pagesjaunes.fr/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: *; media-src 'self' *; frame-src 'self' *; font-src 'self' data: *; connect-src 'self' *; prefetch-src 'self' * 1
media-src  * blob: 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-rqwBbOsh8FhvQgPCNLDLvw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://matomo.kvwl.de/ https://www.gstatic.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' viewer.joomag.com player.yumpu.news publikationen.kvwl.de www.youtube-nocookie.com; connect-src 'self' https://matomo.kvwl.de/ https://jnn-pa.googleapis.com/ https://www.youtube-nocookie.com/ https://play.google.com/; img-src 'self' data: https://*.tile.openstreetmap.org/ 1
frame-ancestors 'self'                    cbsplit.com       getokinawatonic.com       getokinawatonic-com.cbsplit.com ; 1
frame-ancestors file: https://*.retiehe.com https://airportal.cn https://*.airportal.cn https://localhost http://localhost:* 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' https://cdn.aicart.com; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; img-src https: data: blob: https://cdn.aicart.com 'self' 1
default-src 'self' *.affinitywater.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.affinitywater.co.uk *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.addthis.com *.addthisedge.com *.moatads.com *.civiccomputing.com *.qualtrics.com siteimproveanalytics.com *.siteimproveanalytics.com *.puzzel.com *.jquery.com *.engagor.com *.reciteme.com *.one.network *.youtube.com *.youtube-nocookie.com cdnjs.cloudflare.com unpkg.com *.facebook.net *.klaviyo.com js.adsrvr.org *.smooch.io *.quantserve.com *.quantcount.com prreqcroab.icu *.tvsquared.com; style-src 'self' 'unsafe-inline' *.affinitywater.co.uk *.googleapis.com *.puzzel.com *.engagor.com *.reciteme.com *.typekit.net cdnjs.cloudflare.com unpkg.com *.jquery.com *.klaviyo.com; font-src 'self' *.affinitywater.co.uk *.gstatic.com *.puzzel.com *.engagor.com *.reciteme.com *.typekit.net cdnjs.cloudflare.com; img-src 'self' data: *.affinitywater.co.uk *.siteimproveanalytics.io *.google.com *.google.co.uk *.googleapis.com *.qualtrics.com *.reciteme.com cdnjs.cloudflare.com *.facebook.com www.googletagmanager.com *.cloudfront.net *.engagor.com prreqcroab.icu *.tvsquared.com dpm.demdex.net *.quantserve.com; frame-src 'self' *.affinitywater.co.uk *.google.com *.google.co.uk *.addthis.com *.one.network *.youtube.com *.youtube-nocookie.com *.vimeo.com *.facebook.com *.doubleclick.net insight.adsrvr.org *.engagor.com; connect-src 'self' ws: *.affinitywater.co.uk *.addthis.com *.civiccomputing.com *.google-analytics.com *.doubleclick.net *.qualtrics.com *.engagor.com *.smooch.io *.reciteme.com *.facebook.com *.puzzel.com *.klaviyo.com; media-src 'self' *.affinitywater.co.uk *.reciteme.com *.engagor.com; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://api.schedule.zoominfo.com https://js.zi-scripts.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.clickagy.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com https://calendly.com https://fider.simplerisk.com https://www.googletagmanager.com https://*.clickagy.com https://insight.adsrvr.org https://match.adsrvr.org; img-src 'self' https://i.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.gstatic.com https://bat.bing.com https://px.ads.linkedin.com https://*.clickagy.com https://idsync.rlcdn.com https://*.doubleclick.net https://sync.crwdcntrl.net https://us-u.openx.net https://pixel-sync.sitescout.com https://dpm.demdex.net https://*.agkn.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://bat.bing.com https://ws-assets.zoominfo.com https://schedule.zoominfo.com https://snap.licdn.com https://ws.zoominfo.com https://js.zi-scripts.com https://tags.clickagy.com https://js.adsrvr.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://bat.bing.com https://ws-assets.zoominfo.com https://schedule.zoominfo.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://bat.bing.com https://www.youtube.com https://cdn.jsdelivr.net https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.calendly.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://snap.licdn.com https://*.clickagy.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.simplerisk.com/report-uri/enforce 1
base-uri 'self';connect-src 'self' https://*.pendo.io https://login.v2.researchbinders.com https://auth.v2.researchbinders.com https://us-apryse.se.v2.researchbinders.com wss://us-apryse.se.v2.researchbinders.com https://*.launchdarkly.com http://www.google-analytics.com https://*.googletagmanager.com http://*.tagmanager.google.com https://sentry.io https://*.churnzero.net blob:;default-src 'self';font-src 'self' https://fonts.gstatic.com https://fonts.researchbinders.com https://*.churnzero.net data:;frame-src 'self' https://*.pendo.io https://login.v2.researchbinders.com https://assets.researchbinders.com https://consentcdn.cookiebot.com https://*.us1app.churnzero.net;img-src 'self' https://*.pendo.io wss://us-apryse.se.v2.researchbinders.com https://us-apryse.se.v2.researchbinders.com http://www.google-analytics.com https://*.googletagmanager.com http://*.googletagmanager.com http://*.tagmanager.google.com https://*.churnzero.net blob: data:;media-src 'self' https://*.churnzero.net;object-src 'none';script-src 'self' 'unsafe-eval' https://*.churnzero.net 'sha256-lHgryqiyITfa3GlKd5zc0Wy+Yz/7MTXFKAHsC/7mOy0=' 'sha256-8VWEfV1MHXcCbi/lcOneF2oDbPdYwskZilS/Xih/+zc=' 'nonce-83a3c614faa0b347dbfd18a86422bcfd';style-src 'self' 'unsafe-inline' https://*.pendo.io https://fonts.googleapis.com https://fonts.researchbinders.com https://*.churnzero.net;worker-src 'self' blob: 1
default-src: *://*.turktrust.com.tr:* *://www.google-analytics.com:* 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com; font-src 'self'; img-src 'self' data: blob: https://trustseal.enamad.ir https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com; media-src 'self'; object-src 'self' blob:; report-uri /api/cspreport/log 1
upgrade-insecure-requests; default-src 'self' chat.sameday.ro; script-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://ajax.cloudflare.com https://*.wp.com https://*.hotjar.com  https://*.gstatic.com/recaptcha/ https://*.fontawesome.com https://*.recaptcha.net https://consent.cookiebot.com https://*.googleapis.com https://*.facebook.net https://*.sameday.ro *.sameday.ro *.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://*.doubleclick.net https://*.googleapis.com https://*.oribi.io https://*.zitec.dev https://*.zitec.com https://*.sameday.bg https://*.sameday.hu https://*.sameday.ro wss://chat.sameday.ro *.sameday.ro wss://chat.sameday.ro *.googlesyndication.com *.linkedin.com; media-src  *; object-src 'none'; child-src 'self'; frame-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro; worker-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro; manifest-src *; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro;; 1
default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https: data:; 1
frame-ancestors 'self' http://localhost:8000 https://app.storyblok.com https://www.waz.de https://widget.mcmakler.de/ https://das-immo-journal.de/ https://nebenan.de https://kampagnen.nebenan.de https://www.aktuelle-grundstueckspreise.de/ https://www.anwalt.org/ https://www.degussa-bank.de/ https://www.hausverkauf.de/ https://www.miet-check.de/ https://www.ratgeber-eigentumswohnung.de/ https://www.miete-aktuell.de/ https://googleapis.com/ 1
default-src https: data: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'self'; base-uri 'none'; img-src 'self' data:; worker-src 'none'; frame-src 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' localhost:* *.tason.com http://localhost:3000 https://www.targetmarketing.co.kr https://mktplatform.tason.com https://dev-mktplatform.tason.com 1
frame-ancestors 'self' http://metrocouncil.granicus.com 1
default-src * data:; script-src 'self' https://*.cerberusapp.com http://*.cerberusapp.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.googleadservices.com *.stripe.com data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src https://*.cerberusapp.com http://*.cerberusapp.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.googlesyndication.com wss://*.cerberusapp.com:* https://*.googleapis.com https://*.stripe.com https://*.doubleclick.net 1
default-src 'self' http://www.cmbwinglungbank.com http://cmf https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://api.map.baidu.com; frame-ancestors 'self' fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://forms.hubspot.com https://*.hsforms.com https://app-usermanager-aimpoint-weu-stag.azurewebsites.net/api; frame-ancestors 'self'; img-src 'self' https: data: blob:; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.cookiebot.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://js.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.vidyard.com https://*.azureedge.net; frame-src 'self' https://js-eu1.hsforms.net https://*.vidyard.com https://*.cookiebot.com https://*.dynamics.com https://*.google.com https://*.hsforms.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://info.manz.at https://resource.manz.at https://maps.googleapis.com https://www.google.com https://manz.onlyfy.jobs https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://info.manz.at https://resource.manz.at https://fonts.googleapis.com; img-src 'self' data: https://info.manz.at https://resource.manz.at https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://trs.manz.at/ https://assets.manz.at https://shop.manz.at https://trs-api.manz.at/ https://shop-api.manz.at/  https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com https://maps.google.com https://eu42.spreed.com/ https://player.simplecast.com/ https://cdn.simplecast.com https://issuu.com/ http://issuu.com/ https://manz.onlyfy.jobs http://e.issuu.com https://e.issuu.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://api.friendlycaptcha.com https://stats.g.doubleclick.net https://maps.googleapis.com; worker-src 'self' blob: 1
frame-ancestors 'self' *.leadsbridge.com *.facebook.com *.fb.com *.facebook.net *.tiktok.com 1
default-src 'self' *.itw.com;            style-src 'self' 'unsafe-inline' *.bootstrapcdn.com npmcdn.com *.googleapis.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.fontawesome.com *.wpcc.io *.cloudflare.com *.thunderstone.cloud;            font-src 'self' acsbapp.com *.fontawesome.com *.cloudflare.com;            script-src 'self' 'unsafe-inline' npmcdn.com *.cloudflare.com *.bootstrapcdn.com *.googletagmanager.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.google-analytics.com acsbap.com acsbapp.com *.wpcc.io *.thunderstone.cloud;           connect-src 'self' *.google-analytics.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.doubleclick.net *.acsbapp.com;           img-src 'self' acsbapp.com *.ytimg.com *.youtube.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.googletagmanager.com *.google-analytics.com *.google.com *.cloudflare.com;           frame-src acsbapp.com *.youtube.com *.googlevideo.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube     platform.mi.spglobal.com; 1
frame-ancestors 'self' rectangle.design localhost middleeasteye.net *.middleeasteye.net alaraby.co.uk *.alaraby.co.uk theintercept.com *.theintercept.com thetimes.co.uk *.thetimes.co.uk telegraph.co.uk *.telegraph.co.uk aljazeera.com *.aljazeera.com timesofisrael.com *.timesofisrael.com jpost.com *.jpost.com vercel.app *.vercel.app; 1
connect-src 'self' 'unsafe-inline' https://cdn-gateflipp.flippback.com preview.contentful.com https://analytics.google.com/g/collect *.flippenterprise.net aq.flippenterprise.net https://assets.ctfassets.net https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca dpm.demdex.net stats.g.doubleclick.net lcljoefresh.sc.omtrdc.net sfml.flippback.com p.flipp.com https://sentry.io https://api.pcexpress.ca https://prod-catalog.api.loblaw.digital https://pr-pcexpress.api.loblaw.digital https://dev-pcexpress.api.loblaw.digital https://blue-preprod-pcexpress.api.loblaw.digital https://cdn.contentful.com https://col.eum-appdynamics.com https://resources.digital-cloud.medallia.ca https://udc-neb.kampyle.com https://www.facebook.com https://www.nofrills.ca https://www.loblaws.ca https://www.realcanadiansuperstore.ca https://www.provigo.ca https://www.maxi.ca https://www.zehrs.ca https://www.atlanticsuperstore.ca https://www.yourindependentgrocer.ca https://www.superstore.ca https://s7d1.scene7.com https://s7mbrstream.scene7.com http://aem.hb.omtrdc.net https://aem.hb.omtrdc.net http://aem.hb.omtrdc.net https://cdn.hypemarks.com https://api.tintup.com https://cognito-identity.us-east-1.amazonaws.com https://kinesis.us-east-1.amazonaws.com multi-item-broker.flippback.com flippback.com *.flippback.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://api2.fonts.com i5.walmartimages.com data:; frame-ancestors 'self'; frame-src 'self' http://11599633.fls.doubleclick.net https://bid.g.doubleclick.net bid.g.doubleclick.net https://lcljoefresh.demdex.net https://resources.digital-cloud.medallia.ca https://fast.lcljoefresh.demdex.net https://www.facebook.com https://s7d1.scene7.com https://s7mbrstream.scene7.com https://cdn.hypemarks.com http://aem.hb.omtrdc.net https://api.tintup.com f.wishabi.net; img-src 'self' data: https://f.wishabi.net https://dis-prod.assetful.loblaw.ca images.ctfassets.net http://images.ctfassets.net https://images.ctfassets.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com udc-neb.kampyle.com https://www.google.ca https://www.google.com https://www.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca https://www.facebook.com cdn.flippenterprise.net aq.flippenterprise.net *.wishabi.com assets.shop.loblaws.ca https://resources.digital-cloud.medallia.ca https://cm.everesttech.net https://dpm.demdex.net https://s7d1.scene7.com https://s7mbrstream.scene7.com http://lcljoefresh.sc.omtrdc.net http://aem.hb.omtrdc.net https://cdn.hypemarks.com col.eum-appdynamics.com; media-src 'self' blob: data: https://dis-prod.assetful.loblaw.ca http://videos.ctfassets.net https://videos.ctfassets.net https://s7d1.scene7.com http://s7d1.scene7.com https://s7mbrstream.scene7.com http://s7mbrstream.scene7.com http://aem.hb.omtrdc.net https://aem.hb.omtrdc.net https://cdn.hypemarks.com https://api.tintup.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: aq.flippenterprise.net resources.digital-cloud.medallia.ca cdn.polyfill.io/v2/polyfill.min.js https://www.google.com https://www.googleadservices.com http://tagmanager.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com nebula-cdn.kampyle.com udc-neb.kampyle.com cdn.appdynamics.com https://connect.facebook.net lcljoefresh.sc.omtrdc.net https://sentry.io https://cdn.contentful.com https://col.eum-appdynamics.com https://resources.digital-cloud.medallia.ca https://screencapture.kampyle.com https://cdn.usersnap.com https://s7d1.scene7.com https://dis-prod.assetful.loblaw.ca http://dpm.demdex.net http://aem.hb.omtrdc.net https://aem.hb.omtrdc.net https://cdn.hypemarks.com https://api.tintup.com; style-src 'self' 'unsafe-inline' https://aq.flippenterprise.net https://s7d1.scene7.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://cdn.fonts.net https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self'; img-src * data:; frame-src *.google.com *.googlesyndication.com *.youtube.com *.soundcloud.com *.vimeo.com *.doubleclick.net https://bandcamp.com; style-src 'self' 'unsafe-inline'; font-src https: data:;media-src * blob:; connect-src 'self' *.modulargrid.net *.google-analytics.com https://www.googleapis.com *.googlesyndication.com https://sentry.io; script-src 'self' *.google.com *.google.de *.googletagservices.com https://www.gstatic.com www.googletagmanager.com https://www.google-analytics.com *.googleapis.com *.googlesyndication.com *.youtube.com https://s.ytimg.com https://svcs.ebay.com https://cdn.ravenjs.com https://browser.sentry-cdn.com 'sha256-Us/oj4ftL5JKI9/5Nj0/Ccw+R4vMfgFLR5oEpbqJOiw='; 1
default-src 'self' *.googlesyndication.com https://*.googlesyndication.com blob:;        script-src 'self' https://www.dwin1.com/7188.js https://*.onetrust.com https://cdn.cookielaw.org https://*.googlesyndication.com 'unsafe-inline' 'unsafe-eval' https://assertis-widget.s3.eu-west-2.amazonaws.com/ https://www.paypal.com acdn.adnxs.com *.facebook.net https://*.googletagmanager.com https://ws.sharethis.com *.gstatic.com https://*.gstatic.com *.4zw.pw *.ytimg.com https://*.googleapis.com https://*.google.com *.google.com www.google-analytics.com https://www.google-analytics.com http://*.googlesyndication.com *.googleapis.com *.doubleclick.net blob: https://*.vergic.com https://*.psplugin.com https://*.psplugin.com/ *.analytics.google.com https://lantern.roeyecdn.com/;        object-src 'self' *.gstatic.com https://*.gstatic.com https://*.googleapis.com http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com http://*.youtube.com https://www.youtube.com *.googlevideo.com *.anayltics.google.com;        style-src 'self' 'unsafe-inline' *.googleapis.com https://maxcdn.bootstrapcdn.com *.psplugin.com;        img-src https://*.vergic.com https://*.psplugin.com * data:;        media-src 'self' * mediastream:;        frame-src 'self' 'unsafe-eval' *.4zw.pw https://*.google.com http://*.googlesyndication.com *.doubleclick.net https://www.youtube.com www.facebook.com https://staticxx.facebook.com https://c.sharethis.mgr.consensu.org https://cdn.ritekit.com http://imrk.net https://c.mscimg.com *.qservz.com http://www.youtube.com https://*.doubleclick.net http://*.google.com https://forms.office.com;        font-src 'self' https://*.vergic.com https://*.psplugin.com * data: http://*.psplugin.com http://*.vergic.com;        connect-src 'self' https://sleeper.scot/booking/api/auth/session https://sleeper.scot/booking/api/custom/locations https://*.onetrust.com https://cdn.cookielaw.org https://www.paypal.com https://*.vergic.com https://*.psplugin.com https://www.youtube.com *.googlevideo.com stats.g.doubleclick.net https://l.sharethis.com wss://*.psplugin.com wss://*.vergic.com https://new.sleeper.scot https://www.sleeper.scot/api/customer/tokens https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net http://*.google.com https://data.stbuttons.click;        frame-ancestors 'self' https://*.vergic.com *.psplugin.com 1
object-src 'none'; script-src 'nonce-o7LejGm7tKRSa9N_FO4T0A' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http:  'sha256-+jtIXnp4jaRwChPWYufsw8SryFrPKZW88zFM9vFpz90=' 'sha256-PuP32OCd7pIuUWBiuIB59V85y92xPmumRUUYYG3JPDY=' 'sha256-wwcq2gpzREkxwB5vL6lERAUm8fFBUhNzMLogHuo2h2I=' 'sha256-L8w6brt1joNtRpJTVAT6mgJgZhmr72a3nLJOMqAjVEk=' 'sha256-7waJpyLPnQc4kbxOsPaiMmvIERpkvV/3RNlR7aok3uQ=' 'sha256-oRMjspmSZFAdYl4tEvhyd//kIKT5YFu28dk/HPP/bTs=' 'sha256-5L5l/CYiAwKOt9+hWFJzR7kGi/ha2XeVmZBGy41/ok8=' 'sha256-8DrLC86BUajkiYu4UTJ/8Oxt4k+axttaqMr/Iz5v3Oc=' 'sha256-gFvNdQwcDLfZLgpoTzV3/gVCfX+t9rMYiwE0Dxjszaw=' 'sha256-oQVl45DW8c9AGBtmCE6C5dM5ZBU0saqvsqBiFO3ASr0=' 'sha256-sH9jeLHlYmFgh+n1MhDJ/UFpG6I9CnIpli3flNkDtmI=' 'sha256-v2z40Sl9z15XsZJeuyCvAIzVBbq2+xau9rBEWKsOJUY=' 'sha256-zQK6gwxujGPtDsxCIxJkdbb5+J9Zth2ZM2PZQW56mGU=' 'report-sample' https://*.omniupdate.com https://*.ep-mimecast.ads-twitter.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://analytics.twitter.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://m.youtube.com https://platform.linkedin.com https://platform.twitter.com https://rw1.marchex.io https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://siteimproveanalytics.com https://tagmanager.google.com https://t.co https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.youvisit.com https://secureform.delhi.edu https://use.fontawesome.com https://app.geckoform.com https://www.delhi.edu https://cdn.youvisit.com https://cdn.omniupdate.com https://cse.google.com https://google.com https://libraryh3lp.com https://my2.siteimprove.com https://siteimprove.com https://faculty.delhi.edu https://apply-delhi-edu.cdn.technolutions.net https://apply.delhi.edu https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net; worker-src 'self' blob: www.google.com; 1
default-src 'self'; child-src 'self' https://*.googlesyndication.com https://player.vimeo.com https://www.youtube.com https://sibautomation.com https://*.hotjar.com https://*.sibforms.com/ https://tr.snapchat.com https://rxfrance.outgrow.us https://*.safeframe.usercontent.goog https://*.g.doubleclick.net https://platform.twitter.com https://www.vip-studio360.fr https://www.facebook.com https://*.abtasty.com https://*.criteo.com https://*.google.com; connect-src 'self' https://cdn.cookielaw.org https://*.googlesyndication.com https://maps.googleapis.com https://tr.snapchat.com https://matomo.reds.rxweb-pre.com https://privacyportal.onetrust.com https://bam.nr-data.net https://in-automate.sendinblue.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.piwik.pro https://*.abtasty.com https://*.ingest.sentry.io https://*.brevo.com https://api-js.mixpanel.com https://www.clarity.ms https://*.doubleclick.net; font-src 'self' https://common-fonts.abtasty.com; frame-src 'self' https://*.googlesyndication.com https://player.vimeo.com https://www.youtube.com https://sibautomation.com https://*.hotjar.com https://*.sibforms.com/ https://tr.snapchat.com https://rxfrance.outgrow.us https://*.safeframe.usercontent.goog https://*.g.doubleclick.net https://platform.twitter.com https://www.vip-studio360.fr https://www.facebook.com https://*.abtasty.com https://*.criteo.com https://*.google.com; img-src 'self' 'unsafe-inline' data: https://*.googlesyndication.com https://*.doubleclick.net https://*.openstreetmap.fr https://maps.gstatic.com https://www.google.com https://www.google.fr https://*.linkedin.com https://www.facebook.com https://img.mailinblue.com https://*.s3.eu-west-3.amazonaws.com https://*.google-analytics.com https://cdn.cookielaw.org https://syndication.twitter.com https://*.googletagmanager.com https://*.abtasty.com https://static.observatoiredelafranchise.fr/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://adservice.google.fr https://adservice.google.com https://connect.facebook.net https://snap.licdn.com https://sibautomation.com https://sc-static.net https://*.hotjar.com https://*.criteo.com https://*.criteo.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googletagservices.com https://js-agent.newrelic.com https://*.googlesyndication.com https://*.doubleclick.net https://bam.nr-data.net https://maps.googleapis.com https://tpc.googlesyndication.com https://www.google.com https://platform.twitter.com https://*.googleadservices.com https://*.clarity.ms https://*.piwik.pro https://*.abtasty.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.abtasty.com https://cdn.cookielaw.org 1
upgrade-insecure-requests; default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://ajax.googleapis.com https://backend.productworld.com https://code.jquery.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://maps.googleapis.com https://optimize.google.com https://pi.pardot.com https://snap.licdn.com https://static.cloudflareinsights.com https://*.hotjar.com https://storage.pardot.com https://www.google-analytics.com https://www.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www2.xppower.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://ajax.googleapis.com https://backend.productworld.com https://code.jquery.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://maps.googleapis.com https://pi.pardot.com https://snap.licdn.com https://static.cloudflareinsights.com https://storage.pardot.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www2.xppower.com https://*.hotjar.com https://*.g.doubleclick.net https://*.mathtag.com https://*.teads.tv; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com https://optimize.google.com https://storage.pardot.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' https://*.hotjar.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://go.pardot.com https://maps.googleapis.com https://maps.gstatic.com https://*.linkedin.com https://region1.google-analytics.com https://storage.pardot.com https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.uk https://*.google.com https://www.google.com.jp https://www.google.com.ph https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.la https://www.google.li https://www.google.lk https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.se https://www.googletagmanager.com https://www.gstatic.com https://www.xppower.com https://www2.xppower.com https://*.mathtag.com https://*.teads.tv data: 'unsafe-inline'; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com; object-src 'self'; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://www2.xppower.com https://*.mathtag.com; child-src 'self' https://fast.wistia.com https://fast.wistia.net https://www2.xppower.com; base-uri 'self'; worker-src 'none'; frame-ancestors 'self'; form-action 'self' https://www2.xppower.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://*.google.com https://www.google.com.jp https://www.google.com.ph https://www.google.com.sg https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.dk https://www.google.es https://www.google.fi https://www.google.gr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.la https://www.google.li https://www.google.lk https://www.google.nl https://www.google.no https://www.google.pt https://www.google.ro https://www.google.se https://www2.xppower.com https://*.teads.tv; report-uri https://csp-reports.code23.com/api/collect 1
“block-all-mixed-content;” 1
frame-ancestors *.uhive.com; 1
default-src 'self' data: ws: blob: *.goodenergy.co.uk www.goodenergy.co.uk *.google-analytics.com *.shortpixel.ai *.googletagmanager.com analytics.google.com *.google.com google.com *.google.co.uk/ads *.gstatic.com *.collect.igodigital.com *.facebook.com snap.licdn.com *.hotjar.com *.hotjar.io *.linkedin.com linkedin.com *.shortpixel.ai plausible.io *.ads-twitter.com t.co analytics.twitter.com *.youtube.com unpkg.com/website-carbon-badge *.doubleclick.net api.websitecarbon.com i.ytimg.com assets.windowsphone.com cdn.trustpilot.net v4in1-ti.click4assistance.co.uk v4in1-si.click4assistance.co.uk gebusinessstaticprod01.blob.core.windows.net ir.q4europe.com goodenergy2018corp.q4web.com *.gravatar.com sentry.io s.w.org youtube-nocookie.com *.youtube-nocookie.com *.cloudfront.net sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.goodenergy.co.uk *.google-analytics.com *.shortpixel.ai *.googletagmanager.com analytics.google.com *.collect.igodigital.com *.facebook.com *.facebook.net snap.licdn.com *.hotjar.com *.linkedin.com linkedin.com *.shortpixel.ai plausible.io *.ads-twitter.com t.co analytics.twitter.com *.youtube.com unpkg.com ws12.hotjar.com *.leadforensics.com *.cloudfront.net ajax.aspnetcdn.com v4in1-ti.click4assistance.co.uk v4in1-si.click4assistance.co.uk code.jquery.com *.google.com data: blob: *.gstatic.com; style-src 'self' 'unsafe-inline' https:; 1
default-src 'self' data: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://cdn.jsdelivr.net https://www.google-analytics.com https://connect.facebook.net https://static.sojern.com https://www.googletagmanager.com https://www.nagaworld.com https://a18514.actonsoftware.com/cdnr/300/acton/bn/tracker/18514 https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.nagaworld.com/wp-includes/js/wp-emoji-release.min.js https://www.nagaworld.com/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.nagaworld.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://analytics.google.com; font-src 'self' data: https://cdn.jsdelivr.net/ https://fonts.gstatic.com https://www.nagaworld.com; frame-src https://static.sojern.com https://www.facebook.com 'self'; img-src data: https://secure.gravatar.com https://www.google.com https://www.google.com.kh https://www.google-analytics.com http://wwww.nagaworld.com https://www.nagaworld.com https://www.facebook.com https://www.nagaworld.com 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self';img-src http: https: 'self' 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha;form-action 'self' https://www.google.com/recaptcha/ 1
connect-src * ws:; img-src 'self' 'unsafe-inline' data: cdn.shopify.com cdn2.shopify.com cdn-images-1.medium.com medium.com images.contentful.com images.ctfassets.net www.nova.is *.google-analytics.com www.google.com www.google.is www.facebook.com stats.g.doubleclick.net *.gstatic.com http://kort.samsyn.is https://www.sitewatch.is eu2.siteimprove.com *.global.siteimproveanalytics.io *.cloudfront.net bat.bing.com support.nova.is v2assets.zopim.io mpi.borgun.is novadesk.zendesk.com server.seadform.net; font-src 'self' fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self' blob: videos.contentful.com videos.ctfassets.net support.nova.is; manifest-src 'self'; script-src 'self' 'nonce-39a9b2cd-3c4d-4c25-89a1-c61662ae04ce' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.google-analytics.com www.googletagmanager.com connect.facebook.net tagmanager.google.com *.google.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://kort.samsyn.is api.autopilothq.com cdn.embedly.com static.zdassets.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com blob: kort.samsyn.is hello.myfonts.net cdn.embedly.com mpi.borgun.is 1
default-src 'self' data: *.iisertvm.ac.in *.google.com *.googleapis.com *.gstatic.com *.youtube.com; img-src * *.iisertvm.ac.in; script-src 'self' 'unsafe-inline' translate.google.com *.googleapis.com *.google.com *.youtube.com *.iisertvm.ac.in; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.iisertvm.ac.in; 1
default-src 'self'; script-src 'self' cdnjs.cloudflare.com static.cloudflareinsights.com analytics.nodecraft.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: nodecraft.com; child-src 'none'; font-src 'self' fonts.gstatic.com; connect-src 'self' api.nodecdn.net analytics.nodecraft.com; prefetch-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com chat.g2khosting.com www.googletagmanager.com connect.facebook.net www.google-analytics.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.games; img-src 'self' https: data: blob: https://mstdn.games; style-src 'self' https://mstdn.games 'nonce-+TiBexE3TtSaVHWUOIavaQ=='; media-src 'self' https: data: https://mstdn.games; frame-src 'self' https:; manifest-src 'self' https://mstdn.games; form-action 'self'; child-src 'self' blob: https://mstdn.games; worker-src 'self' blob: https://mstdn.games; connect-src 'self' data: blob: https://mstdn.games https://cdn.masto.host wss://mstdn.games; script-src 'self' https://mstdn.games 'wasm-unsafe-eval' 1
frame-ancestors https://cms.aitworldwide.com https://cms.prod.aitworldwide.com https://aitworldwide.com https://www.aitworldwide.com https://prod.aitworldwide.com 1
child-src 'self' blob:;connect-src 'self' https://www.google-analytics.com https://cdn.polyfill.io https://maps.googleapis.com facebook.com google-analytics.com cdn.islandsbanki.is 12pjqcn2sm-dsn.algolia.net https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://consentcdn.cookiebot.com/ https://edge.adobedc.net https://adobedc.demdex.net https://widget.datablocks.se https://hub.mfn.se/ https://auth-test.isbank.is https://auth.islandsbanki.is https://*.google-analytics.com;default-src 'self';img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://cdn.islandsbanki.is/;object-src 'none';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.prismic.io https://maps.googleapis.com https://prismic.io https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://www.googletagmanager.com https://www.gstatic.com https://siteimproveanalytics.com *.adobedc.net https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://assets.adobedtm.com https://*.infogram.com 'nonce-ab32ba31-cf08-4b51-89d7-5143c0da8708' 'sha256-QsLvY8Rx6B9JCjWGBE5gM3IN+2uclV2FJAUWMC4o58k=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-VOKFUvNfkwMr5fXJ0x9D0BzAnwp8OVOCI9KU0Z+TU3g=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-1n+nKmi7yloFYyLVT2zzULopHQjP0nFj0/o5RAohOAM=' 'sha256-bThgwhxJzyVwHL27q9n7UkF9smMI1M+u/xI4Ln1n6NY=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk=';style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com *.adobedc.net;frame-src https://*.islandsbanki.is https://*.isbank.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/ https://www.recaptcha.net/ https://auth-test.isbank.is/ https://auth.islandsbanki.is/ http://localhost:5000 https://islandsbanki-frodi-authentication.dev.kube.isbank.is;worker-src 'self' blob: 1
report-uri https://www.desteklio.com 1
default-src 'none'; img-src 'self' https://status.icq.com/; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' 'sha256-0hRhHmaDBhoSH8qvbpP1Afm6ojhgB02ALT5xBcxrnaI='; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; font-src *; 1
default-src 'self'; script-src 'self'; 1
default-src 'self' *.zdn.vn *.zing.vn *.adtima.vn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adtima.vn *.zalo.me *.google.com *.gstatic.com *.zdn.vn *.zing.vn www.googletagmanager.com *.facebook.net www.google-analytics.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.adtima.vn *.googleapis.com *.gstatic.com *.zdn.vn *.zing.vn; connect-src 'self' *.adtima.vn *.adtimabox.vn *.zdn.vn *.zing.vn www.google-analytics.com *.google.com *.doubleclick.net www.google.com.vn *.zalo.me; img-src 'self' *.adtima.vn *.zdn.vn data: *.zingcdn.me *.zing.vn *.zadn.vn *.google.com *.placeholder.com www.facebook.com www.google-analytics.com www.google.com.vn www.googletagmanager.com *.adtima.vn opencollective.com; font-src 'self' *.adtima.vn *.zdn.vn 'unsafe-inline' *.googleapis.com *.gstatic.com data: *.zing.vn; frame-src 'self' *.adtima.vn *.zdn.vn *.google.com *.zing.vn www.facebook.com www.youtube.com *.zalo.me; frame-ancestors 'self' *.adtima.vn *.zdn.vn *.zing.vn; object-src 'self' *.adtima.vn *.zdn.vn *.zing.vn; media-src 'self' *.adtima.vn *.zdn.vn *.zing.vn www.youtube.com www.facebook.com www.google-analytics.com *.adtima.vn; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.jsdelivr.net *.addsearch.com *.doubleclick.net code.jquery.com translate.google.com www.gstatic.com fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com www.rumiview.com; script-src-elem  'unsafe-inline' 'self' *.addthis.com *.addthisedge.com code.jquery.com cdn.jsdelivr.net translate.google.com *.googleapis.com *.fontawesome.com assets.adobedtm.com *.fullstory.com fullstory.com js.braintreegateway.com addsearch.com www.google-analytics.com www.googletagmanager.com www.rumiview.com connect.facebook.net www.gstatic.com *.searchcdn.com www.google.com maxcdn.bootstrapcdn.com; script-src  'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com code.jquery.com cdn.jsdelivr.net translate.google.com *.googleapis.com *.fontawesome.com assets.adobedtm.com *.fullstory.com js.braintreegateway.com addsearch.com www.google-analytics.com www.googletagmanager.com www.rumiview.com *.searchcdn.com www.gstatic.com www.google.com maxcdn.bootstrapcdn.com; connect-src 'self' *.addthis.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com www.google-analytics.com www.nccwebsite.org connect.facebook.net payments.sandbox.braintree-api.com www.googletagmanager.com stats.g.doubleclick.net payments.braintree-api.com client-analytics.braintreegateway.com *.fullstory.com maxcdn.bootstrapcdn.com; style-src-elem 'self' 'unsafe-inline' *.addsearch.com maxcdn.bootstrapcdn.com fonts.googleapis.com netdna.bootstrapcdn.com *.cloudfront.net maxcdn.bootstrapcdn.com; img-src * data: blob:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'self'; base-uri 'self'; report-uri https://services.spinudev.com/csp/cspreport; worker-src; frame-src 'self' www.facebook.com www.linkedin.com www.youtube.com assets.braintreegateway.com assets.adobedtm.com *.doubleclick.net www.google.com; form-action 'self' *.psionline.com *.psiexams.com; manifest-src 'self' https://www.nccwebsite.org/manifest.json; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self' http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://www.google-analytics.com https://ssl.google-analytics.com https://unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com; default-src 'self'; child-src 'self';  report-uri https://www.e-oscar-web.net/prweb/PRAuth/app/default/crlyydmA1BgMou4Debvu4WVzarCN36Y6*/!STANDARD 1
default-src https: data: wss://*.hotjar.com wss://*.intercom.io; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://gum.criteo.com https://www.youtube.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://*.criteo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.zavvi.jp https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;default-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-ancestors 'self' https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://berlin.social; img-src 'self' https: data: blob: https://berlin.social; style-src 'self' https://berlin.social 'nonce-eBne0nvFYyXPNtKPAJ6srg=='; media-src 'self' https: data: https://berlin.social; frame-src 'self' https:; manifest-src 'self' https://berlin.social; form-action 'self'; child-src 'self' blob: https://berlin.social; worker-src 'self' blob: https://berlin.social; connect-src 'self' data: blob: https://berlin.social https://link.storjshare.io/raw/jvzxcq67r23d2otjv45i6ygt4h2q/berlin.social/ wss://berlin.social; script-src 'self' https://berlin.social 'wasm-unsafe-eval' 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 'self' blob:; media-src * blob:; img-src * data: 'unsafe-inline' blob: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.heapanalytics.com; font-src * data: 'unsafe-inline'; frame-ancestors *.amway.it; connect-src 'self' api-js.datadome.co *.amway.eu https://siteintercept.qualtrics.com https://maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com https://*.clarity.ms https://c.bing.com *.auryc.com; frame-src https://players.brightcove.net geo.captcha-delivery.com https://coreplus.amwayglobal.com https://coreplus-qa.amwayglobal.com https://coreplus-regional.gmb-preprod.corp.amway.net https://coreplus-stage.amwayglobal.com *.qualtrics.com https://bonus.amway-services.com https://online.flippingbook.com https://amway-achievers.web.app app.vwo.com *.visualwebsiteoptimizer.com https://www.youtube.com; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com tags.tiqcdn.com js.datadome.co *.googleapis.com *.heapanalytics.com *.qualtrics.com *.clarity.ms amway-api.exponea.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.googleapis.com *.gstatic.com 1
default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; connect-src 'self'; object-src 'none'  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com www.google-analytics.com ajax.googleapis.com data:; img-src 'self' data:; frame-ancestors 'self' 1
frame-ancestors 'self' *.zondacrypto.exchange zondacrypto.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' thmep.zondacrypto.com h.online-metrix.net *.google.com google.com gstatic.com *.gstatic.com www.google-analytics.com ssl.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' gstatic.com https://thmep.zondacrypto.com; font-src 'self' gstatic.com; connect-src *.zondacrypto.exchange wss://*.zondacrypto.exchange www.google-analytics.com stats.g.doubleclick.net https://thmep.zondacrypto.com wss://127.0.0.1:* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' thmep.zondacrypto.com h.online-metrix.net google.com *.google.com; object-src 'self' https://thmep.zondacrypto.com *.online-metrix.net *.zondacrypto.exchange; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob: 1
object-src 'self'; connect-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: mailto: tel: https://*.specialprograms.powerschool.com https://*.auroraedtech.com https://support.powerschool.com https://cdn.rawgit.com http://fonts.googleapis.com https://auroraedtech.com http://yui.yahooapis.com https://maxcdn.bootstrapcdn.com https://assets.powerschool.com https://*.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.gstatic.com/ https://*.accelaschool.com https://web-sdk-us2.aptrinsic.com https://gp.powerschool.com/ https://*.specialeducation.powerschool.com 1
default-src 'self' *.amazonaws.com https://*.ccavenue.com https://*.razorpay.com https://view.officeapps.live.com https://www.google.com https://use.fontawesome.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.elitmus.com https://*.elitmus.net https://*.nr-data.net https://sentry.elitmusmail.com https://*.google-analytics.com https://www.googletagmanager.com https://api.mixpanel.com https://api.github.com/ https://api.postalpincode.in/pincode/ wss:; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://use.fontawesome.com https: data:; img-src 'self' blob: https://cdn0.elitmus.net *.amazonaws.com data: https: https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com https://api.mixpanel.com; media-src 'self' blob:; object-src 'self' *.amazonaws.com; script-src 'self' blob: *.newrelic.com https://*.nr-data.net https://cdn0.elitmus.net https://*.google-analytics.com https://www.googletagmanager.com https://api.mixpanel.com https://www.google.com 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js https://cdn.jsdelivr.net/momentjs/latest/moment.min.js https://cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' https://cdn0.elitmus.net https://www.google.com https://use.fontawesome.com/releases/v5.0.6/css/all.css https://cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https: 1
script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 1
script-src 'self' 'nonce-dFqJUrI+jPWA2M86oiTJhP3yZ/Y='  'strict-dynamic' 'unsafe-inline'  https://*.googleapis.com/  https://connect.facebook.net/ https://s.adroll.com/ 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2024-01-23 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.underskrift.no s.ytimg.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com ajax.aspnetcdn.com ng-multikanal-admin-cdn.azureedge.net *.reachmee.com kiwi-norge.mynewsdesk.com execution-ci360.kiwi.no *.ci360.sas.com norgesgruppen.containers.piwik.pro; connect-src 'self' *.ngdata.no *.trumf.no  *.cloudinary.com *.screen9.com ngdapidev.azure-api.net ng-azure-rest-api-preprod.azurewebsites.net ng-azure-rest-api-prod.azurewebsites.net ng-events.servicebus.windows.net dc.services.visualstudio.com data.brreg.no www.google-analytics.com delivery-ci360.kiwi.no execution-ci360.kiwi.no *.ci360.sas.com *.google-analytics.com maps.googleapis.com norgesgruppen.piwik.pro; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com ng-multikanal-admin-cdn.azureedge.net; img-src 'self' bilder.ngdata.no data: res.cloudinary.com bilder.ngdata.no maps.gstatic.com maps.googleapis.com *.google.com *.googleapis.com *.ggpht.com www.google-analytics.com *.screen9.com delivery-ci360.kiwi.no *.reachmee.com s.ytimg.com content-ci360.kiwi.no; font-src 'self' cdn.jsdelivr.net data: fonts.gstatic.com ng-multikanal-admin-cdn.azureedge.net; media-src 'self' blob: *.screen9.com; worker-src 'self' blob:; frame-ancestors 'self' *.ci360.sas.com; frame-src 'self' *.screen9.com kiwi-norge.mynewsdesk.com *.reachmee.com *.underskrift.no *.ci360.sas.com *.aerahost.com trumf-react-preprod.azurewebsites.net csfe-preprod.bankid.no; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com https://fast.wistia.com https://pi.pardot.com https://translate.google.com http://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://bpasblog.disqus.com https://challenges.cloudflare.com https://www.dinkytown.net; style-src 'self' https://fast.wistia.net https://bpas.com 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com http://translate.google.com https://www.dinkytown.net; default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.newrelic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.hsforms.net https://*.googleapis.com https://analytics.influenceandco.com https://connect.facebook.net https://tag.demandbase.com https://*.cookiebot.com https://*.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://cdn.taboola.com https://connect.facebook.net https://tag.demandbase.com https://bat.bing.com https://analytics.influenceandco.com https://script.hotjar.com https://googleads.g.doubleclick.net https://play.vidyard.com https://trc.taboola.com https://www.clarity.ms https://app-ab22.marketo.com https://s.company-target.com https://boards.greenhouse.io https://dev.visualwebsiteoptimizer.com https://js.qualified.com https://www.youtube.com https://view-su2.highspot.com https://*.googleadservices.com https://*.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://app-ab22.marketo.com https://*.googletagmanager.com; media-src * blob: data:; img-src * blob: data:; connect-src *; object-src *; frame-ancestors 'self' https://*.augury.com https://augury.com https://*.salesforce.com https://*.force.com https://www.youtube.com https://*.company-target.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://googleads.g.doubleclick.net  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://affilae.com https://lb.affilae.com https://static.affilae.com/ https://polyfill.io https://s.ytimg.com https://polyfill.io/v3/polyfill.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@7/dist/polyfill.min.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflVEu0bL/www-widgetapi.js https://static.cloudflareinsights.com https://www.google-analytics.com https://region1.google-analytics.com  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://affilae.com https://lb.affilae.com https://static.affilae.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://bat.bing.com https://connect.facebook.net https://lizere.nepefeseju.com  https://static.doubleclick.net/instream/ad_status.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://affilae.com https://lb.affilae.com https://static.affilae.com/ae-v3.5.js https://sp.analytics.yahoo.com; script-src-elem 'self' 'unsafe-inline' https://ajax.cloudflare.com  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://ajax.googleapis.com https://affilae.com https://lb.affilae.com https://static.affilae.com https://static.doubleclick.net/instream/ad_status.js https://cdn.datatables.net https://cdnjs.cloudflare.com  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://googleads.g.doubleclick.net https://affilae.com https://lb.affilae.com https://static.affilae.com https://nocabo.fedicohipa.com https://polyfill.io https://s.ytimg.com https://static.cloudflareinsights.com https://www.google-analytics.com https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://region1.google-analytics.com https://affilae.com https://lb.affilae.com https://static.affilae.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://fonts.googleapis.com https://affilae.com https://lb.affilae.com https://static.affilae.com https://cdn.datatables.net; style-src-elem 'self' 'unsafe-inline' https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://cdn.datatables.net https://affilae.com https://lb.affilae.com https://static.affilae.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.zupimages.net https://cl.avis-verifies.com https://i.ytimg.com https://lipis.github.io https://use.fontawesome.com/releases/v5.8.2/svgs/regular/calendar-alt.svg https://www.google-analytics.com https://region1.google-analytics.com  https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://affilae.com https://lb.affilae.com https://static.affilae.com https://static.doubleclick.net/instream/ad_status.js https://www.google.bg https://www.google.ca https://www.google.ci https://www.google.cm https://www.google.co.kr https://www.google.co.uk https://www.google.com https://www.google.fr https://www.google.ru https://www.googletagmanager.com https://www.google.com.pk https://www.google.rs https://www.gstatic.com https://translate.google.com https://www.facebook.com https://www.google.sn https://www.google.sr https://bat.bing.com https://www.google.co.uz https://www.google.be https://www.google.mu https://www.google.de https://googleads.g.doubleclick.net https://www.google.co.th https://www.google.ch https://www.google.pl https://www.google.ae https://www.google.cl https://www.google.com.ph https://www.google.dj https://www.google.dk https://www.google.fi https://www.google.ht https://www.google.mg https://upload.wikimedia.org https://www.google.bi https://www.google.bj https://www.google.by https://www.google.cd https://www.google.cf https://www.google.co.ao https://www.google.co.id https://www.google.co.ke https://www.google.co.ma https://www.google.co.za https://www.google.com.au https://www.google.com.co https://www.google.com.eg https://www.google.com.kh https://www.google.com.pe https://www.google.com.tr https://www.google.es https://www.google.ga https://www.google.ad https://www.google.nl https://www.google.com.sa https://www.google.bf https://www.google.com.kw https://www.google.tn https://www.google.tg https://www.google.pt https://www.google.dz https://www.google.ie https://www.google.td https://www.google.com.sg https://www.google.co.in https://www.google.cg https://www.google.it; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://affilae.com https://lb.affilae.com https://static.affilae.com https://www.facebook.com/tr/ https://www.google.com https://bat.bing.com https://feed.jquery-plugins.net; object-src 'self'; child-src 'self' https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://bid.g.doubleclick.net https://www.google.com https://affilae.com https://lb.affilae.com https://static.affilae.com https://www.youtube.com; frame-src 'self' https://bid.g.doubleclick.net https://rapidevisa-robsqui.vercel.app grown-generous-hamster.ngrok-free.app https://cl.avis-verifies.com https://www.facebook.com/ https://affilae.com https://lb.affilae.com https://static.affilae.com https://www.google.com https://www.youtube.com; form-action 'self' https://tpeweb.paybox.com https://www.facebook.com/tr/ https://tpeweb.e-transactions.fr; base-uri 'self'; manifest-src 'self' https://www.rapidevisa.fr; report-uri https://cododigital.report-uri.com/r/d/csp/enforce; 1
default-src 'self' d2r72yk5wmppdj.cloudfront.net iframely.shorthand.com sketchfab.com d8ejoa1fys2rk.cloudfront.net sentry10.bynder.cloud www.teknion.com preview.threekit.com oneplace.teknion.com teknionpreprod.enginess.net oneplace.teknion.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com view.ceros.com teknion.qa.enginess.net *.gstatic.com code.jquery.com *.equalweb.com gateway-test.teknion.com *.threekit.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com syndication.twitter.com *.ytimg.com publish.twitter.com *.twimg.com platform.linkedin.com cdn.insight.sitefinity.com dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org unpkg.com/packery@2/dist/ cdnjs.cloudflare.com assets.pinterest.com stats.g.doubleclick.net browser-update.org maxcdn.bootstrapcdn.com teknion-limited.shorthandstories.com *.shorthand.com unpkg.com d8ejoa1fys2rk.cloudfront.net sentry10.bynder.cloud teknion.qa.enginess.net www.google.com main.teknion.pages.dev teknion.3kit.com www.googletagmanager.com oneplace.teknion.com ws.zoominfo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdn.insight.sitefinity.com dec.azureedge.net platform.twitter.com/css/ *.twimg.com teknion-limited.shorthandstories.com/ code.jquery.com/ui/1.12.1/themes/blitzer/jquery-ui.css ajax.aspnetcdn.com d8ejoa1fys2rk.cloudfront.net sentry10.bynder.cloud code.jquery.com teknion.com www.teknion.com gateway-test.teknion.com oneplace.teknion.com main.teknion.pages.dev teknion.3kit.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com teknion-limited.shorthandstories.com assets.teknion.com d8ejoa1fys2rk.cloudfront.net *.teknion.com data: 'self' db.onlinewebfonts.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com dec.azureedge.net *.insight.sitefinity.com *.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com *.eloqua.com track.hubspot.com d2r72yk5wmppdj.cloudfront.net assets.teknion.com log.pinterest.com *.teknion.com http://www.teknion.com/pricingguides teknion-limited.shorthandstories.com www.google.com iframely.shorthand.com sketchfab.com www.google.ca www.teknion.com i.ibb.co preview.threekit.com admin-fts.threekit.com pixel-sync.sitescout.com data: blob:; media-src 'self' *.cloudfront.net assets.teknion.com teknion-limited.shorthandstories.com cdn.plyr.io; form-action 'self' gateway-test.teknion.com oneplace.teknion.com; child-src 'self' platform.twitter.com syndication.twitter.com www.youtube.com/ www.youtube-nocookie.com player.vimeo.com/ w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com/ cdnjs.cloudflare.com/ docs.google.com/ view.officeapps.live.com/ teknion-limited.shorthandstories.com iframely.shorthand.com sketchfab.com view.ceros.com; connect-src 'self' accounts.google.com *.insight.sitefinity.com *.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com stats.g.doubleclick.net teknion-es-dev.enginess.net:9200 cdn.equalweb.com cdn.equalweb.com access.equalweb.com sentry10.bynder.cloud d8ejoa1fys2rk.cloudfront.net assets.teknion.com preview.threekit.com gateway-test.teknion.com oneplace.teknion.com ws.zoominfo.com admin-fts.threekit.com; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.yotpo.com *.gstatic.com *.hsforms.com *.duosecurity.com *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.north40.com *.facebook.com north40.com *.us19.list-manage.com *.hsforms.com *.duosecurity.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com *.weltpixel.com *.signifyd.com *.online-metrix.net *.facebook.com *.google.com snapwidget.com *.addthis.com *.weather.gov widget.surveymonkey.com *.surveymonkey.com *.paypalobjects.com *.hsforms.net *.hsforms.com *.hubspot.com *.duosecurity.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io maps.googleapis.com *.yotpo.com *.signifyd.com *.nexcesscdn.net *.unbxdapi.com *.fna.fbcdn.net *.bing.com *.cloudfront.net *.online-metrix.net *.facebook.com *.amazonaws.com *.weltpixel.com *.google-analytics.com *.north40.com *.google.com images.north40.com.global.prod.fastly.net *.zopim.com *.googleapis.com *.xtento.com waterdata.usgs.gov www.google.co.in widget.surveymonkey.com *.surveymonkey.com *.zopim.io n40.s3.us-east-1.amazonaws.com *.clarity.ms *.hsforms.net *.hsforms.com *.simpli.fi *.hubspot.com *.doubleclick.net *.3lift.com *.tremorhub.com *.exelator.com *.intentiq.com *.agkn.com *.tapad.com *.crwdcntrl.net  *.bluekai.com *.bfmio.com *.spotxchange.com *.rlcdn.com *.lijit.com *.openx.net *.rubiconproject.com *.adnxs.com *.pro-market.net cfvod.kaltura.com *.duosecurity.com *.hubspotusercontent-na1.net psyberware.com www.xtento.com cdn.xtento.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.gstatic.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net www.googletagmanager.com ajax.googleapis.com maps.googleapis.com *.cloudflare.com *.cloudfront.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.facebook.net *.yotpo.com *.signifyd.com *.unbxdapi.com *.unbxd.io *.gstatic.com *.bing.com *.addthis.com *.zdassets.com *.weltpixel.com *.zopim.com *.moatads.com *.addthisedge.com *.north40.com resources.xg4ken.com googleads.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com cdn.scarabresearch.com static.scarabresearch.com cdn.noibu.com *.amazonaws.com *.acsbap.com *.acsbapp.com 'unsafe-inline' *.clarity.ms *.hubspot.com *.hsforms.net *.hsforms.com *.simpli.fi *.hs-scripts.com js.hs-banner.com js.hs-analytics.net *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hsadspixel.net *.hsleadflows.net js.hscta.net *.usemessages.com cdnapisec.kaltura.com *.duosecurity.com https://js-agent.newrelic.com/ www.xtento.com cdn.xtento.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.cloudfront.net *.unbxdapi.com *.gstatic.com *.unbxd.io widget.surveymonkey.com *.mailchimp.com *.duosecurity.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.hsforms.com *.duosecurity.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.paypal.com *.yotpo.com *.instagram.com *.signifyd.com *.zdassets.com *.zendesk.com *.north40.com *.weltpixel.com *.google-analytics.com *.zopim.com wss://widget-mediator.zopim.com bt.signifyd.com:11103 stats.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com recommender.scarabresearch.com recommender-eu.scarabresearch.com wss://input.noibu.com https://input.noibu.com/pv *.noibu.com *.clarity.ms *.us19.list-manage.com *.hsforms.net *.hsforms.com *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.googleapis.com *.hubapi.com *.duosecurity.com *.unbxdapi.com *.unbxd.io analytics.google.com test-unbxd-console-platform.s3.amazonaws.com unbxd-console-platform.s3.amazonaws.com d3oudgusdzf61y.cloudfront.net ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.doubleclick.net https://*.blueconic.net https://g942.rocva.nl https://e004.rocvanflevoland.nl https://edge.cookieconsent.io https://botsrv.com https://static.botsrv2.com https://*.hotjar.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net https://tr.snapchat.com https://www.snapengage.com https://instafeed.assets.pixlee.com https://www.youtube.com https://www.rocvanflevoland.nl https://www.googleadservices.com https://analytics.tiktok.com https://px.ads.linkedin.com/; style-src 'self' 'unsafe-inline'  https://fast.fonts.net https://edge.cookieconsent.io https://static.botsrv2.com https://fonts.googleapis.com https://g942.rocva.nl https://storage.googleapis.com https://www.googletagmanager.com https://e004.rocvanflevoland.nl; img-src 'self'  data: https://*.google.nl https://*.google.com https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://media.botsrv2.com https://assets.pxlecdn.com https://i.ytimg.com https://www.rocvanflevoland.nl https://fonts.gstatic.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://tr.snapchat.com; media-src 'self'  https://storage.googleapis.com; font-src 'self'  data: https://fonts.gstatic.com https://cdn.faceworks.nl; frame-ancestors 'self'; frame-src 'self'  https://*.doubleclick.net https://tr.snapchat.com https://vars.hotjar.com https://www.facebook.com https://www.carrieregps.rocva.nl https://instafeed.pixlee.co https://www.youtube.com https://botsrv2.com https://www.carrieregps.rocvanflevoland.nl; connect-src 'self'  https://*.google-analytics.com https://maps.googleapis.com https://*.doubleclick.net https://roc.sb.blueconic.net https://roc.blueconic.net/ https://api.cookieconsent.io https://e004.rocvanflevoland.nl https://botsrv2.com https://tr.snapchat.com https://in.hotjar.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://g942.rocva.nl https://www.facebook.com https://api.storyteq.com https://region1.analytics.google.com/ https://px.ads.linkedin.com https://analytics.tiktok.com https://tr6.snapchat.com; object-src 'none'; manifest-src 'self'; base-uri 'self'; form-action 'self'  https://www.facebook.com;  1
default-src 'self' fonts.gstatic.com themes.googleusercontent.com stats.g.doubleclick.net *.google-analytics.com *.hotjar.com *.google.com *.youtube.com csbs.mautic.net wss://*.hotjar.com *.soundcloud.com *.infogram.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com static.addtoany.com *.buzzsprout.com *.twitter.com *.hotjar.com *.cloudflareinsights.com *.cloudflare.com *.mautic.net unpkg.com cdn.jsdelivr.net *.soundcloud.com *.infogram.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com static.addtoany.com *.infogram.com cdn.jsdelivr.net; img-src 'self' data: *.csbs.org *.google.com *.google-analytics.com *.googletagmanager.com csbs.mautic.net stats.g.doubleclick.net; frame-src 'self' *.buzzsprout.com *.twitter.com *.google.com *.youtube.com *.cld.bz *.hotjar.com *.data.csbs.org *.facts.csbs.org *.buzzsprout.com *.simplystated.csbs.org  *.csbs.org *.powerbi.com *.dayforcehcm.com *.mautic.net *.addtoany.com *.soundcloud.com *.infogram.com ; child-src 'self' *.buzzsprout.com *.twitter.com *.google.com *.youtube.com *.cld.bz *.hotjar.com *.data.csbs.org *.facts.csbs.org *.buzzsprout.com *.simplystated.csbs.org *.csbs.org *.powerbi.com *.dayforcehcm.com *.mautic.net *.addtoany.com *.soundcloud.com *.infogram.com ; connect-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com static.addtoany.com *.buzzsprout.com *.twitter.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.cloudflareinsights.com *.cloudflare.com *.mautic.net unpkg.com cdn.jsdelivr.net *.soundcloud.com *.infogram.com stats.g.doubleclick.net ; report-uri /report-csp-violation 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-WgvUQ/ifzZkYI/QDgdv2NetrkCCkKP5uMeRUqgSEHLpahL62' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' saleshood.com 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.amazonaws.com *.facebook.com *.facebook.net *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.addthis.com *.hotjar.com *.doubleclick.net *.freshchat.com *.facebook.net *.lomadee.com *.weltpixel.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.amazonaws.com *.mundipagg.com *.google.com.br *.clarity.ms *.facebook.net *.event.syndigo.cloud *.siteblindado.com *.akamaihd.net *.bing.com *.pagar.me *.ebitempresa.com.br *.ebit.com.br *.lomadee.com cdn.mundipagg.com api.pagar.me *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://viacep.com.br *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com widgets.pinterest.com *.amazonaws.com *.lomadee.com *.hotjar.com *.doubleclick.net *.facebook.net *.freshchat.com *.clarity.ms d335luupugsy2.cloudfront.net *.content.syndigo.com *.pagar.me *.ebitempresa.com.br *.ebit.com.br *.siteblindado.com *.navdmp.com *.tramontina.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.amazonaws.com *.freshchat.com *.facebook.com *.facebook.net *.reclameaqui.com.br *.ebit.com.br *.ebitempresa.com.br *.pagar.me 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.twitter.com *.paypal.com *.amazonaws.com *.reclameaqui.com.br *.google-analytics.com *.graph.instagram.com *.hotjar.com *.clarity.ms *.rdstation.com.br *.facebook.net *.moatads.com *.siteblindado.com *.rdops.systems *.azurewebsites.net api.mundipagg.com api.pagar.me *.googleapis.com *.addthis.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://web.aresep.go.cr; 1
default-src 'self' https:;script-src 'self' https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline';media-src 'none';object-src 'none';worker-src 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' stccnetportal.stcc.edu; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https: http: 'nonce-2b1de47b-7ae2-4d93-9c3c-e2f9bf4b24cf' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com try.abtasty.com *.abtasty.com; connect-src 'self' http://demo.safti.local:12081 https://googleads.g.doubleclick.net https://*.abtasty.com https://*.clarity.ms https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.new-immo-group.app https://*.new-immo-group.dev https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://abtasty.com http://dcinfos-cache.abtasty.com https://api.privacy-center.org https://ariane.abtasty.com/ https://bo.safeti-immobilien.de/api https://bo.safti.es https://bo.safti.es/api/highlightblock https://bo.safti.es/api/saftiblock https://bo.safti.fr https://bo.safti.fr/api/highlightblock https://bo.safti.fr/api/saftiblock https://clarity.ms https://dcinfos-cache.abtasty.com https://google-analytics.com https://google.com https://googletagmanager.com https://maps.googleapis.com https://new-immo-group.app https://new-immo-group.dev https://safeti-immobilien.de https://safti.es https://safti.fr https://stats.g.doubleclick.net; font-src 'self' *.abtasty.com https://abtasty.com https://fonts.gstatic.com; img-src 'self' data: *.new-immo-group.app *.new-immo-group.dev http://demo.safti.local:9873 https://*.clarity.ms https://*.leadsmonitor.io https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://c.bing.com https://clarity.ms https://leadsmonitor.io https://maps.googleapis.com https://maps.gstatic.com https://nig-aws-preprod-bien-photo.s3.eu-west-3.amazonaws.com https://nig-aws-prod-bien-photo.s3.eu-west-3.amazonaws.com https://photo.safeti-immobilien.de https://purecatamphetamine.github.io https://safeti-immobilien.de https://safti.es https://safti.fr https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.es https://www.google.fr https://www.googletagmanager.com https://sdk.privacy-center.org; worker-src 'self' blob:; frame-src 'self' https://*.alainbossard.fr https://*.bien-estimer-safti.fr https://*.cloudpano.com https://*.dailymotion.com https://*.facebook.com https://*.floorfy.com https://*.google.com https://*.istaging.com https://*.klapty.com https://*.matterport.com https://*.nodalview.com https://*.previsite.com https://*.previsite.net https://*.provirtualvisit.com https://*.rhinov.pro https://*.ricohtours.com https://*.youtu.be https://*.youtube.com https://alainbossard.fr https://bien-estimer-safti.fr https://cloudpano.com https://dailymotion.com https://facebook.com https://floorfy.com https://google.com https://istaging.com https://klapty.com https://matterport.com https://nodalview.com https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-preprod-safti-de.new-immo-group.app https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://player.vimeo.com https://previsite.com https://previsite.net https://provirtualvisit.com https://rhinov.pro https://ricohtours.com https://td.doubleclick.net https://tour.giraffe360.com https://youtu.be https://youtube.com https://qa-assistant.abtasty.com/; frame-ancestors 'self' http://*.safti-fr.localhost http://safti-fr.localhost https://*.safeti-immobilien.de https://*.safti.es https://*.safti.fr https://omega-de.new-immo-group.dev https://omega-es.new-immo-group.dev https://omega-fr.new-immo-group.dev https://omega-pt.new-immo-group.dev https://omega.safti.de https://omega.safti.es https://omega.safti.fr https://omega.safti.pt https://safeti-immobilien.de https://safti.es https://safti.fr; media-src 'self' https://*.safti.es https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; object-src 'self' https://*.safti.es https://*.safti.fr https://*.safeti-immobilien.de https://safti.es https://safti.fr https://safeti-immobilien.de; manifest-src 'self' *.new-immo-group.app https://*.safeti-immobilien.de/ https://*.safti.es https://*.safti.fr https://safeti-immobilien.de https://safti.es https://safti.fr 1
frame-ancestors 'self' *.uhg.com *.googleapis.com *.everettclinic.optum.com *.optum.com *.uhc.com *.pagescdn.com *.yextpages.net *.ahni.com; 1
frame-ancestors http://www.workboat.com https://divcomplatform.s3.amazonaws.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.ass4all.com/csp-reports; report-to csp-endpoint 1
report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://www.google-analytics.com https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com https://cdnjs.cloudflare.com ir-vh.akamaihd.net https://amp.akamaized.net goldmansachsindices.com:* *.goldmansachsindices.com:* https://cdn.appdynamics.com https://consent.truste.com https://consent.trustarc.com https://*.googletagmanager.com ; connect-src 'self' wss://*.gs.com:* http://localhost.gs.com:12030 *.gs.com:* wss://*.goldmansachsindices.com:* *.goldmansachsindices.com:* wss://goldmansachsindices.com:* goldmansachsindices.com:* https://marqueevod-vh.akamaihd.net https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com https://cdnjs.cloudflare.com ir-vh.akamaihd.net https://amp.akamaized.net *.launchdarkly.com https://goldmansachs.my.sentry.io https://*.openfin.co https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com https://*.qualtrics.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com ; img-src *.gs.com:* goldmansachsindices.com:* *.goldmansachsindices.com:* https://github.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com https://*.qualtrics.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ad.doubleclick.net https://adservice.google.com https://consent.truste.com https://consent.trustarc.com http://assets.storyports.com ; style-src 'unsafe-inline' *.gs.com:* goldmansachsindices.com:* *.goldmansachsindices.com:* https://fast.fonts.net https://fonts.googleapis.com ; media-src 'self' *.gs.com goldmansachsindices.com *.goldmansachsindices.com https://marqueevod-vh.akamaihd.net ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com ; frame-ancestors 'self' https://secdiv.web.gs.com https://goldmansachs.experiencecloud.adobe.com:* https://publishing.gs.com ; worker-src blob: https://marquee.gs.com:* https://*.marquee.gs.com:* ; 1
form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' i0.wp.com k.clarity.ms *.clarity.ms *.google.nl *.google.fr *.google.es *.google.it *.google.de *.google.co.uk *.google.da *.google.pt *.google.com  *.googleadservices.com *.googlesyndication.com *.google.com https://www.googletagservices.com https://adservice.google.bg https://pagead2.googlesyndication.com sensorstechforum.com https://fonts.gstatic.com/ https://www.youtube.com https://ajax.cloudflare.com https://www.google-analytics.com https://ajax.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-mtg2wZebOqQlvpfT0uYyNfq8';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
frame-ancestors 'self' *charltonlife.com *forum.charltonlife.com http://dev.bermudawebhosting.com/charltonlife/ forum.charltonlife.com 1
default-src 'self' www.google-analytics.com analytics.google.com www.google.md stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com www.youtube.com www.facebook.com 1
script-src www.gstatic.com *.360-value.com 360-value.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net https://www.demotech.com demotech.com *.smartystreets.com 'unsafe-eval' 'unsafe-inline'; object-src www.gstatic.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net *.demotech.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.stillwater.com *.cloudinsurer.com *.majesco.com:9443 capacitor://localhost http://localhost; worker-src 'self' blob: 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://cdn.jsdelivr.net/ https://www.googletagmanager.com https://*.mail.ru https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://api-maps.yandex.ru https://bitrix.info https://staffcop.bitrix24.ru https://*.bitrix24.ru https://*.bitrix24.com https://*.yandex.ru https://staffcop.bitrix24.ru https://*.mango-office.ru https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net; style-src 'report-sample' 'unsafe-inline' 'self' https://cdn.jsdelivr.net/ https://www.googletagmanager.com https://staffcop.bitrix24.ru; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com wss://*.bitrix24.com/ https://*.bitrix24.com https://analytics.google.com https://bitrix.info https://*.bitrix.info https://*.mail.ru  https://mc.yandex.ru https://staffcop.bitrix24.ru https://www.google.ru ; font-src * 'self' data: https:; frame-src 'self' https://aspro.ru https://www.googletagmanager.com https://www.youtube.com https://*.yandex.ru https://www.google.com; img-src * 'self' data: https: https://*.yandex.ru https://core-renderer-tiles.maps.yandex.net https://*.bitrix24.ru; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' ansoniacreditdata.com fonts.googleapis.com fonts.gstatic.com cdn.polyfill.io cdnjs.cloudflare.com code.highcharts.com api.anscers.com *.ncscredit.com www.youtube.com data: 'unsafe-inline' 'unsafe-eval'; 1
https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://www.zenaps.com https://isitetv.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://gum.criteo.com https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.de https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.de https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.de https://checkout.lookfantastic.de https://www.lookfantastic.de https://www.glossybox.de https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; font-src 'self' data:; img-src 'self' data:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self';     style-src 'self' 'unsafe-inline' embed.typeform.com fonts.googleapis.com dl.episerver.net amp.azure.net;     script-src 'self' api.kartverket.no embed.typeform.com historier.ks.no sc-static.net snap.licdn.com consentcdn.cookiebot.com consent.cookiebot.com *.vo.msecnd.net tr.snapchat.com unpkg.com ajax.aspnetcdn.com code.jquery.com *.cloudfront.net *.gosquared.com siteimproveanalytics.com web103.reachmee.com connect.facebook.net www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' dl.episerver.net ajax.aspnetcdn.com www.youtube.com youtube.com code.highcharts.com cloud.highcharts.com e.infogram.com public.tableau.com s.infogram.com cloud-api.highcharts.com amp.azure.net;     img-src 'self' historier.ks.no airtable.com *.airtable.com px.ads.linkedin.com www.facebook.com *.global.siteimproveanalytics.io ssl.siteimprove.com www.google.com www.google.no www.google-analytics.com stats.g.doubleclick.net dl.episerver.net data: blob:;     connect-src 'self' api.kartverket.no region1.google-analytics.com historier.ks.no tr.snapchat.com dc.services.visualstudio.com cloud-api.highcharts.com consentcdn.cookiebot.com statistikk.ks.no dev.ks.statistikk.no statistikk-test.ks.no www.google-analytics.com stats.g.doubleclick.net hotell.difi.no ws.geonorge.no cdn.linkedin.oribi.io ws: www.ks.no;     frame-src 'self' form.typeform.com learning.elucidat.com ahmonday.com www.ahmonday.com historier.ks.no airtable.com *.airtable.com tr.snapchat.com consentcdn.cookiebot.com consent.cookiebot.com login.windows.net login.microsoftonline.com app.everviz.com player.acast.com play.acast.com embed.acast.com ksagenda.trippelm.tv ks-kart.carto.com player.pippa.io video.qbrick.com player.vimeo.com vimeo.com livestream.com sway.office.com app.powerbi.com web103.reachmee.com cloud.highcharts.com ivks.dev.bouvet.no youtube.com www.youtube.com ks-test.imagevault.app ks.imagevault.app iv.nytest.ks.no iv.nyprod.ks.no e.infogram.com public.tableau.com s.infogram.com cloud-api.highcharts.com forms.office.com office.com;     media-src 'self' historier.ks.no airtable.com *.airtable.com;     font-src 'self' fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self'; object-src 'none' 1
frame-ancestors 'self' *.kgibank.com; 1
default-src 'self' data:       https://braze-images.com       https://*.go2bankonline.com       https://*.nextestate.com       https://*.twilio.com/       https://*.gobank.com       wss://tsock.us1.twilio.com/v3/wsconnect     wss://mpsnare.iesnare.com               https://*.salesforceliveagent.com     https://xg4ken.com/               https://*.demdex.net               https://assets.adobedtm.com                       https://*.walmartmoneycard.com                        https://*.walmart.com                         https://*.typekit.net                          https://ds.reson8.com                           https://*.typekit.com                        https://*.gdottrk.com                       https://*.msn.com                       https://*.bing.com                      https://*.iesnare.com                        https://*.yimg.com                           https://*.facebook.com                            https://*.omtrdc.net                                            https://*.gstatic.com                           https://*.greendot.com                           https://*.xg4ken.com                         https://*.doubleclick.net                         http://*.adobedtm.com                               https://*.vimeo.com                          https://*.google.com                          https://*.advertising.com                          https://*.google-analytics.com                        https://*.chango.com                          http://*.facebook.net                           https://*.fastclick.net                          https://*.googleadservices.com                          https://*.googleapis.com                           http://*.bbb.org                           https://*.iovation.com                           https://sdk.iad-05.braze.com     https://*.decibelinsight.net              https://*.decibel.com              wss://*.decibelinsight.net     https://*.api.decibel.com;           img-src 'self' data:              www.googletagmanager.com            https://braze-images.com            https://*.twilio.com/       https://*.go2bankonline.com            https://*.force.com             https://*.kampyle.com               https://*.google-analytics.com                         https://*.walmart.com                          https://*.typekit.net                          https://*.walmartmoneycard.com                          https://*.greendot.com                          https://stats.g.doubleclick.net                          https://seal.thawte.com                         https://*.upsellit.com                        https://*.adobe.com                         https://www.facebook.com                          https://www.google.com                        https://googleads.g.doubleclick.net                       https://*.bing.com;                   child-src 'self' blob:                    https://ds.reson8.com                          https://*.google.com                         https://*.doubleclick.net                         https://*.cdn-gdc.com                         https://*.youtube.com      https://*.vimeo.com                       https://*.pegacloud.net            https://*.quantumdisputes.com               https://*.adsrvr.org                      http://*.greendot.com;                         style-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://braze-images.com              https://secure.go2bank.com/web-chat/       https://*.go2bankonline.com/              https://*.fontawesome.com                            https://*.googleapis.com                       https://*.typekit.com                         https://*.typekit.net;                script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://*.decibelinsight.net              https://*.decibel.com     https://braze-images.com           https://*.go2bankonline.com           https://*.go2bank.com/web-chat/           https://*.appboycdn.com                    https://*.salesforceliveagent.com                      https://assets.adobedtm.com                       https://*.google-analytics.com                          https://*.doubleclick.net                         https://*.yahoo.com                https://*.kampyle.com              https://*.google.com                         https://*.adobedtm.com                              https://*.yimg.com                            https://*.googleapis.com                       https://*.facebook.com                         https://*.googleadservices.com                          https://*.iesnare.com                          https://*.bing.com                          https://*.typekit.com                         https://*.typekit.net                          https://*.facebook.net                       https://*.tt.omtrdc.net                       http://*.tt.omtrdc.net                       https://widgets.twimg.com                       https://seal.thawte.com                          https://*.youtube.com                         https://s.ytimg.com                        https://configusa.veinteractive.com                         https://ots.optimize.webtrends.com                        https://*.greendot.com                         https://*.iovation.com                        https://*.gstatic.com                       https://www.googletagmanager.com                      https://*.xg4ken.com                      https://*.adsrvr.org;                     font-src 'self' data:                         https://braze-images.com                         https://*.fontawesome.com                         https://*.typekit.com                          https://*.typekit.net                           https://*.gstatic.com;           1
default-src *; style-src https://www.kepinfra.com/ 'self' 'unsafe-inline' http://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://*.google.com/ https://*.google.com/; script-src 'self' https://www.kepinfra.com/ 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://fonts.googleapis.com/ http://*.google.com/ https://*.google.com/ https://*.gstatic.com/ https://cse.google.com/ http://cse.google.com/ http://partner.googleadservices.com https://partner.googleadservices.com; frame-ancestors https://www.kepinfra.com/ https://wpcms.kepcorp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: discord.com e.widgetbot.io *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: googleapis.com  gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com; style-src 'self' 'unsafe-inline' blob: http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' 'unsafe-inline' https: cdn.flipsnack.com *.google.com gtranslate.io; connect-src 'self' *.unilock.com *.cloudfront.net cdn.cookielaw.org *.clarity.ms analytics.tiktok.com ct.pinterest.com *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com *.hotjar.com *.gtranslate.net *.doubleclick.net *.linkedin.com data: blob:; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles abtm.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com *.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.searchspring.io *.hotjar.com *.sezzle.com www.google.com adservice.google.com *.mitel.io *.freshrelevance.com *.convertexperiments.com liveart.cv3.co go.flx1.com c1.dycdn.net/hnypfzne/ dn1i8v75r669j.cloudfront.net/ r.mateti.net wss://am.freshrelevance.com wss://*.hotjar.io s.yimg.com *.hotjar.io *.autobodytoolmart.com www.barilliance.net wss://*.hotjar.com *.hotjar.com www.googletagmanager.com; default-src 'self' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' abtm.commercev3.com s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: s3.amazonaws.com/liveart/ *.hotjar.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com  gum.criteo.com vars.hotjar.com webchat.mitel.io static.criteo.net email.autobodytoolmart.com *.youtube.com *.googletagmanager.com *.dotdigital-pages.com player.vimeo.com youtu.be liveart.cv3.co  tuxedoautoequip.com tpc.googlesyndication.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ *.google.com ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com sp.analytics.yahoo.com  log.pinterest.com *.criteo.net liveart.cv3.co media.sezzle.com  t.mateti.net *.barilliance.com bimgs.s3.amazonaws.com i.ytimg.com *.searchspring.io www.gstatic.com *.searchspring.net  d26mcxysj4kba8.cloudfront.net *.autobodytoolmart.com *.ideaautorepair.com www.monthlywarranty.com *.convertexperiments.com www.bing.com *.hotjar.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  cdn.jsdelivr.net cdn.searchspring.net apis.google.com secure.trust-provider.com go.flx1.com cdnjs.cloudflare.com p.bm23.com s.yimg.com *.convertexperiments.com wurfl.io assets.pinterest.com cloudfront.barilliance.com  webchat.mitel.io static.criteo.net *.criteo.com www.barilliance.net *.hotjar.com *.sezzle.com liveart.cv3.co  dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.mateti.net d2iq7kcocq4ytp.cloudfront.net *.dotdigital-pages.com s3.amazonaws.com/static.barilliance.com/ secure.comodo.com www.youtube.com www.monthlywarranty.com tpc.googlesyndication.com *.dotmailer-surveys.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  cdn.jsdelivr.net cdn.searchspring.net apis.google.com secure.trust-provider.com go.flx1.com cdnjs.cloudflare.com p.bm23.com s.yimg.com *.convertexperiments.com wurfl.io assets.pinterest.com cloudfront.barilliance.com  webchat.mitel.io static.criteo.net *.criteo.com www.barilliance.net *.hotjar.com *.sezzle.com liveart.cv3.co  dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net d81mfvml8p5ml.cloudfront.net cdn.mateti.net d2iq7kcocq4ytp.cloudfront.net *.dotdigital-pages.com s3.amazonaws.com/static.barilliance.com/ secure.comodo.com www.youtube.com www.monthlywarranty.com tpc.googlesyndication.com *.dotmailer-surveys.com; style-src 'self' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net media.sezzle.com liveart.cv3.co  d2iq7kcocq4ytp.cloudfront.net s3.amazonaws.com/liveart/ *.googleapis.com s3.amazonaws.com/static.barilliance.com/ www.monthlywarranty.com; style-src-elem 'self' s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net media.sezzle.com liveart.cv3.co  d2iq7kcocq4ytp.cloudfront.net s3.amazonaws.com/liveart/ *.googleapis.com s3.amazonaws.com/static.barilliance.com/ www.monthlywarranty.com; style-src-attr  'unsafe-inline'; media-src 'self' abtm.commercev3.com s3.amazonaws.com/cdn.autobodytoolmart.com/ cdn.commercev3.net/cdn.autobodytoolmart.com/ cdn.autobodytoolmart.com www.bing.com liveart.cv3.co; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://urbanists.social; img-src 'self' https: data: blob: https://urbanists.social; style-src 'self' https://urbanists.social 'nonce-6YLXizEF6M8+o+bl9zhi4Q=='; media-src 'self' https: data: https://urbanists.social; frame-src 'self' https:; manifest-src 'self' https://urbanists.social; form-action 'self'; child-src 'self' blob: https://urbanists.social; worker-src 'self' blob: https://urbanists.social; connect-src 'self' data: blob: https://urbanists.social https://cdn.masto.host wss://urbanists.social; script-src 'self' https://urbanists.social 'wasm-unsafe-eval' 1
default-src 'self' https://www.youtube-nocookie.com https://svc.webspellchecker.net https://www.webspellchecker.net; base-uri 'none'; form-action 'self' https://search.google.com/test/rich-results https://validator.schema.org; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://svc.webspellchecker.net https://www.webspellchecker.net; style-src 'self' 'unsafe-inline' https://svc.webspellchecker.net; img-src 'self' https://www.webspellchecker.net https://svc.webspellchecker.net data:; worker-src 'self' blob:; font-src 'self' data:; upgrade-insecure-requests 1
default-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1
frame-ancestors 'none'; default-src *; script-src 'self' 'unsafe-eval' *.sentry.io *.googletagmanager.com *.google-analytics.com *.stripe.com *.calendly.com *.trengo.eu *.stripe.network *.userguiding.com *.fullstory.com *.hotjar.com; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com public.tableau.com nonce-RxTk7Hc9kx4ZT1B0elUR-g; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://cse.google.com https://polyfill.io https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
max-age=31536000; includeSubDomains; preload 1
default-src 'none'; script-src 'self' assets.churnkey.co *.firebaseio.com https://r.wdfl.co cdn.paddle.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com checkout.paddle.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ funretro-pro.firebaseapp.com funretro-pro.firebaseio.com easyretro-track.firebaseapp.com; img-src 'self' data: images.unsplash.com cdn.paddle.com us-central1-funretro-pro.cloudfunctions.net lh1.googleusercontent.com lh2.googleusercontent.com lh3.googleusercontent.com lh4.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com js.intercomcdn.com downloads.intercomcdn.com static.intercomassets.com firebasestorage.googleapis.com *.giphy.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com blob: https://easyretro.io/*; font-src 'self' data: js.intercomcdn.com fonts.intercomcdn.com fonts.gstatic.com; connect-src 'self' api.churnkey.co api.unsplash.com/photos api.unsplash.com/photos/random us-central1-funretro-pro.cloudfunctions.net checkout-service.paddle.com www.google-analytics.com firebaseio.com *.googleapis.com wss://*.firebaseio.com  wss://funretro-pro.firebaseio.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com api.giphy.com easyretro-track.firebaseapp.com api.getrewardful.com; object-src 'none'; child-src https://intercom-sheets.com https://www.intercom-reporting.com; frame-src checkout-service.paddle.com *.firebaseio.com cdn.paddle.com easyretro.io funretro-pro.firebaseapp.com www.google.com https://recaptcha.google.com/recaptcha/ checkout.paddle.com create-checkout.paddle.com subscription-management.paddle.com buy.paddle.com https://intercom-sheets.com https://www.intercom-reporting.com bid.g.doubleclick.net youtube.com www.youtube.com; frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com; form-action https://intercom.help https://api-iam.intercom.io; manifest-src funretro-pro.firebaseapp.com/_nuxt/ funretro-pro.firebaseapp.com/site.webmanifest easyretro.io/site.webmanifest easyretro.io/_nuxt/; media-src https://js.intercomcdn.com https://easyretro.io/sounds/alarm1.mp3 https://easyretro.io/sounds/alarm2.mp3 https://easyretro.io/sounds/alarm3.mp3 https://easyretro.io/sounds/alarm4.mp3 https://easyretro.io/sounds/alarm5.mp3 https://easyretro.io/sounds/alarm6.mp3 https://easyretro.io/sounds/start.mp3 https://easyretro.io/sounds/stop.mp3; base-uri 'self'; upgrade-insecure-requests; worker-src 'none'; style-src 'self' 'unsafe-inline' assets.churnkey.co cdn.paddle.com 1
frame-ancestors https://hcpportal.test.accelerator.sanofi https://hcpportal.prod.accelerator.sanofi https://www.campus.sanofi https://new.campus.sanofi 1
default-src 'self'; style-src 'self' 'unsafe-inline' m.panelook.com; script-src 'self' 'unsafe-inline' m.panelook.com;img-src 'self'  m.panelook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: track.yello.de *.cloudfront.net *.ekomi.com *.doubleclick.net *.googleadservices.com *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com tpc.googlesyndication.com *.adform.net *.adjust.com *.dwin1.com *.awin1.com *.zenaps.com *.adfarm1.adition.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com t.nativendo.de *.youtube.com *.ytimg.com *.instagram.com *.twitter.com *.twimg.com *.ytimg.com *.twitch.tv *.mapbox.com *.mapbox localhost r.df-srv.de bat.bing.com analytics-udg.netdna-ssl.com connect.facebook.net amplify.outbrain.com *.taboola.com tr.outbrain.com *.redintelligence.net zenloop-website-overlay-production.s3.amazonaws.com hal9000.redintelligence.net api.zenloop.com www.redditstatic.com static.hotjar.com script.hotjar.com cdn.cookielaw.org the.sciencebehindecommerce.com *.pso-vertrieb.de yello-freunde-werben.de geolocation.onetrust.com *.ctfassets.net widget.cammio.me cdn.trkkn.com cdn.mouseflow.com analytics.tiktok.com static.heyflow.app walls.io *.trustpilot.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com website-overlay.zenloop.com wave.outbrain.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com *.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site *.adservice.google.com *.twiago.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.thunderhead.com *.twitter.com *.twimg.com *.mapbox.com *.mapbox *.googletagmanager.com *.mouseflow.com fonts.heyflow.cloud integrations.etrusted.com integrations.etrusted.site;img-src 'self' data: blob: track.yello.de *.contentful.com *.ctfassets.net *.google-analytics.com *.doubleclick.net *.google.com *.google.de *.gstatic.com *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.googleusercontent.com tpc.googlesyndication.com *.ytimg.com *.youtube-nocookie.com *.awin1.com *.tradedoubler.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.communicationads.net *.cadsuta.net *.twitter.com *.twimg.com track.adform.net *.twimg.com *.adserver01.de *.adc-serv.net *.df-srv.de *.adition.com *.doubleclick.net *.adscale.de *.twiago.com *.casalemedia.com *.adfarm1.adition.com *.adform.net *.secure.adnxs.com *.taboola.com *.retrack-kupona.kuponacdn.de *.smartadserver.com *.pubmatic.com *.yieldlab.net *.adform.net d.adup-tech.com insight.adsrvr.org *.taboola.com www.facebook.com connect.facebook.net cx.atdmt.com bat.bing.com dsum-sec.casalemedia.com tr.outbrain.com amplifypixel.outbrain.com zenloop-assets.s3.amazonaws.com alb.reddit.com cdn.cookielaw.org assets.zenloop.com *.amazonaws.com images.ctfassets.net secure.adnxs.com *.privacysandbox.googleadservices.com *.mouseflow.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com siteintercept.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site;frame-src *.yello.de *.ekomi.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net tpc.googlesyndication.com *.adform.net *.awin1.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com yello.mitgedacht.nrw sales.tetraeder.solar dev.tetraeder.solar *.twitch.tv *.instagram.com *.twitter.com *.taboola.com www.facebook.com *.redintelligence.net hal9000.redintelligence.net channels-api.zenloop.com vars.hotjar.com *.amazon-adsystem.com api.tetraeder.solar/ widget.cammio.me *.mouseflow.com my.walls.io widget.walls.io *.trustpilot.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com enbwwebsitetrail.qualtrics.com *.google.com;connect-src 'self' ws://localhost:8080 wss://localhost:8080 track.yello.de dc.services.visualstudio.com localhost:* *.ekomi.com *.zenaps.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.nexcheck.de wss://*.nexcheck.de *.mapbox.com *.google-analytics.com analytics.google.com *.taboola.com *.doubleclick.net bat.bing.com *.facebook.com channels-api.zenloop.com zenloop-website-overlay-production.s3.amazonaws.com api.zenloop.com *.hotjar.com cdn.cookielaw.org privacyportal-de.onetrust.com *.onetrust.com *.ctfassets.net *.analytics.google.com *.mouseflow.com analytics.tiktok.com storage.googleapis.com firestore.googleapis.com europe-west1-niro-tracking.cloudfunctions.net www.googletagmanager.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com website-overlay.zenloop.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com siteintercept.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site *.adservice.google.com;frame-ancestors 'self' *.yello.de localhost:* hal9000.redintelligence.net channels-api.zenloop.com *.contentful.com https://app.contentful.com 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' wss://*.hotjar.com *.learningtree.com *.learningtree.ca *.learningtree.co.uk *.learningtree.se js.calltrk.com *.hotjar.com www.facebook.com prezi.com www.youtube.com *.reembed.com privacyportal.onetrust.com www.google-analytics.com www.google.com www.google.se api.opmnstr.com youtu.be api.omappapi.com stats.g.doubleclick.net app.five9.com a.omappapi.com z.omappapi.com cdn.cookielaw.org forms.hubspot.com *.6sc.co *.6sense.com analytics.google.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com bat.bing.com ws.zoominfo.com www.wepowerconnections.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.calltrk.com *.hotjar.com *.incontact.com s.reembed.com www.googletagmanager.com www.google-analytics.com connect.facebook.net s.ytimg.com *.reembed.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com bat.bing.com sjs.bizographics.com a.optnmstr.com optimize.google.com tagmanager.google.com a.opmnstr.com px.ads.linkedin.com optanon.blob.core.windows.net www.youtube.com *.omappapi.com snap.licdn.com stats.g.doubleclick.net s3-us-west-2.amazonaws.com www.dwin1.com ws.zoominfo.com pagead2.googlesyndication.com *.infusionsoft.app www.clarity.ms app.five9.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsforms.net js.hs-scripts.com *.6sc.co *.6sense.com lantern.roeyecdn.com www.awin1.com the.sciencebehindecommerce.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.reembed.com cdn.cookielaw.org optanon.blob.core.windows.net app.five9.com a.omappapi.com;img-src 'self' data: ltre-web.azureedge.net www.googletagmanager.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com ltre-web-img.azureedge.net img.youtube.com i.ytimg.com cdn.cookielaw.org bat.bing.com app.five9.com a.omappapi.com cdn.buttercms.com *.infusionsoft.app forms.hsforms.com track.hubspot.com *.6sc.co forms-na1.hsforms.com www.awin1.com lantern.roeye.com www.zenaps.com;frame-src 'self' prezi.com www.youtube.com tbs.tradedoubler.com app.five9.com www.google.com *.infusionsoft.app forms.hsforms.com googleads.g.doubleclick.net;font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.reembed.com data:;form-action 'self' forms.hsforms.com;frame-ancestors 'none' 1
default-src *; style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net *.licdn.com connect.facebook.net lptag.liveperson.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net cdn.optimizely.com cdn.appdynamics.com *.v.liveperson.net cdn-assets-prod.s3.amazonaws.com; img-src data: * android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk adservice.google.com *.qualtrics.com *.boltdns.net *.brightcovecdn.com *.brightcove.com ad.doubleclick.net www.facebook.com www.google.com www.googletagmanager.com *.googleapis.com analytics.google.com *.doubleclick.net www.google-analytics.com www.google.com.vn *.dbankcloud.com www.google.com.hk *.baidu.com http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn.linkedin.oribi.io *.siteintercept.qualtrics.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net sts-aad.auth.hsbc.com *.zscloud.net gateway.zscalerthree.net gateway.zscaler.net 8783714.fls.doubleclick.net connect.facebook.net; frame-ancestors 'self' www.hsbc.com.vn; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.jsdelivr.net fonts.googleapis.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.prod.boltdns.net ssl.gstatic.com lpcdn.lpsnmedia.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
script-src 'strict-dynamic' 'nonce-856437082c' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; font-src 'nonce-856437082c' 'unsafe-inline' http: https:; frame-ancestors 'none'; form-action 'self'; img-src 'self'; 1
default-src 'self'; script-src 'self' *.energiewechsel.de *.bmwi.db-n.com cdnjs.cloudflare.com *.twimg.com *.twitter.com api.energielabel-erklaert.de static.etracker.com code.etracker.com www.etracker.de www.energie-effizienz-experten.de customers.lmis.de 'unsafe-eval' 'unsafe-inline' *.jwpcdn.com *.jquery.com eww-bmwi.init-ag.de raa.bmwi.de advisor.co2online.de; connect-src 'self' *.bmwi.db-n.com *.streamfarm.net *.deutschland-machts-effizient.de *.energiewechsel.de *.etracker.de eww-bmwi.init-ag.de raa.bmwi.de; img-src * data:; style-src 'self' *.twimg.com *.twitter.com api.energielabel-erklaert.de 'unsafe-inline' *.jwpcdn.com; font-src 'self' *.jwpcdn.com data:; frame-src *.twitter.com *.deutschland-machts-effizient.de *.energiewechsel.de *.energielabel-erklaert.de *.energie-effizienz-experten.de customers.lmis.de:443 advisor.co2online.de; media-src 'self' *.streamfarm.net; frame-ancestors 'self'  *.kfw.de *.bafa.de *.bmwsb.bund.de; object-src 'self'; 1
frame-ancestors 'self' https://surfrider.eu 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YTdkMTI3MWVhYzhlNGQwNTg4NTdmY2Y1YWZlNDFmN2E=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.sbv-z.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.sbv-z.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.sbv-z.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' packages.umbraco.org our.umbraco.org api.cludo.com;script-src 'self' cdnjs.cloudflare.com content.govdelivery.com f1-eu.readspeaker.com code.jquery.com ajax.googleapis.com maps.google.com customer.cludo.com api.cludo.com siteimproveanalytics.com www.googletagmanager.com *.gstatic.com www.google-analytics.com maps.googleapis.com www.google.com www.youtube.com d3saea0ftg7bjt.cloudfront.net *.civiccomputing.com app.10to8.com connect.facebook.net app-script.monsido.com code.myadvent.net calendar.myadvent.net analytics.silktide.com cdn.ons.gov.uk www.ons.gov.uk *.communitybox.co 'unsafe-eval' 'unsafe-inline';style-src 'self' customer.cludo.com f1-eu.readspeaker.com fonts.googleapis.com 'unsafe-inline';connect-src 'self' directories.spindogs.com maps.googleapis.com api.cludo.com *.civiccomputing.com *.google-analytics.com *.google.com *.communitybox.co;font-src 'self' cdn.jsdelivr.net fonts.gstatic.com;img-src 'self' chelmsfordcc.blob.core.windows.net 365501.global.siteimproveanalytics.io f1-eu.readspeaker.com customer.cludo.com www.google-analytics.com maps.gstatic.com maps.google.com img.youtube.com *.googleapis.com content.govdelivery.com data: *.google.co.uk *.google.com *.facebook.com;media-src 'self' www.youtube.com player.vimeo.com app-eu.readspeaker.com rstts-eu.readspeaker.com;frame-src 'self' www.youtube.com www.google.com player.vimeo.com app-eu.readspeaker.com rstts-eu.readspeaker.com www.google.com www.google-analytics.com chelmsford-gov.maps.arcgis.com activeintime.com *.activeintime.com *.chelmsford.gov.uk www.jigsawexplorer.com app.10to8.com code.myadvent.net calendar.myadvent.net *.facebook.com *.soundcloud.com cdn.ons.gov.uk www.ons.gov.uk *.communitybox.co 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com https://ssl.p.jwpcdn.com https://s7.addthis.com ; frame-src https://updates.kramerlevin.com https://www.surveymonkey.com https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io https://analytics.rubensteintech.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com https://ssl.p.jwpcdn.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net https://ssl.p.jwpcdn.com data: ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co https://analytics.twitter.com data:; form-action 'self' https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3c5jde9iqua3u&partner=; 1
default-src 'self' https://www.figma.com/ https://cdnjs.cloudflare.com/ https://plugin.handtalk.me https://stats.g.doubleclick.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net http://maps.google.com https://unpkg.com www.googletagmanager.com https://*.cookiebot.com *.ads-twitter.com *.doubleclick.net *.teads.tv *.cdnjs.cloudflare.com plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net *.plugin.handtalk.me https://www.gstatic.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://fledge.teads.tv https://cloud.news.borgwarner.com; connect-src accounts.google.com *.mktoresp.com *.visualstudio.com http://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.teads.tv https://api.mypartfinder.com https://webservice.tecalliance.services https://stats.g.doubleclick.net https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br https://*.handtalk.me 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://www.figma.com/ https://www.google.com/ *.borgwarner.com borgwarner.com https://*.cookiebot.com https://plugin.handtalk.me phinia.wd5.myworkdayjobs.com configurator.delphiautoparts.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-baaf73e2888b1b4cd5cee9edd9f0eeda'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' www.googletagmanager.com https://www.google-analytics.com/analytics.js https://js.stripe.com/v3; base-uri 'self'; frame-src https://js.stripe.com https://www.paypal.com/ https://www.paypalobjects.com https://player.vimeo.com/ https://app.netlify.com/; img-src 'self' data: blob: https://www.googletagmanager.com https://t.paypal.com https://www.paypalobjects.com https://images.ctfassets.net/ https://d33wubrfki0l68.cloudfront.net https://firebasestorage.googleapis.com/ https://www.google-analytics.com; connect-src 'self' https://api-js.mixpanel.com https://images.ctfassets.net/ https://*.cloudfront.net https://js.stripe.com/v3/ https://www.paypal.com/ https://www.paypalobjects.com https://netlify-cdp-loader.netlify.app/netlify.js www.googleapis.com https://firebasestorage.googleapis.com https://api.dropboxapi.com/ www.figma.com https://cdn.contentful.com/ https://vimeo.com/ https://firestore.googleapis.com/ https://us-central1-designcodeio.cloudfunctions.net/ https://www.google-analytics.com/ https://securetoken.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com https://*.stripe.com/ https://www.paypal.com https://www.paypalobjects.com https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-9b6e874f149cc545c2c2335f8707fd1f.js https://js.stripe.com/ https://designcode.us18.list-manage.com/ https://widget.intercom.io https://www.googletagmanager.com https://www.google-analytics.com/ https://netlify-cdp-loader.netlify.app/ https://app.netlify.com/; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data:; frame-ancestors https://sea-emt-dev-api.ap.manulife.com/qa/cws-vn https://sea-emm-uat-api.ap.manulife.com/int/cws-vn-preprod https://hopdongcuatoi.manulife.com.vn 1
frame-ancestors 'self' *.quantinsti.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pm.geniusmonkey.com https://cdn.jsdelivr.net https://www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com tagmanager.google.com https://ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net vjs.zencdn.net connect.facebook.net https://dnn506yrbagrg.cloudfront.net https://pm.geniusmonkey.com https://t.ztsrv.com https://cdn.ztsrv.com https://www.votervoice.net https://platform.twitter.com https://cdn.syndication.twimg.com https://s3.amazonaws.com https://ncsbn.us2.list-manage.com https://snap.licdn.com player.video.wowza.com cdn3.wowza.com https://cdn.flowplayer.com embed.flowplayer.com ; media-src 'self' blob: https://dev.ncsbn.org https://test.ncsbn.org https://ncsbn.org ncsbnmediaservices01str.blob.core.windows.net https://ncsbnmediaservices01-usct.streaming.media.azure.net https://prod-railsapp.s3.amazonaws.com https://cdn3.wowza.com; img-src 'self' https://pm.geniusmonkey.com https://px.ads.linkedin.com *.google.com  *.facebook.com *.adsrvr.org data: https://prod-railsapp.s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.mailchimp.com https://cdn.jsdelivr.net tagmanager.google.com vjs.zencdn.net fonts.googleapis.com ajax.googleapis.com https://cdn.flowplayer.com; connect-src 'self' https://px.ads.linkedin.com https://pmi.flowplayer.com/in https://cdn3.wowza.com https://stats.g.doubleclick.net www.google-analytics.com ncsbnmediaservices01str.blob.core.windows.net https://ncsbnmediaservices01-usct.streaming.media.azure.net https://cdn.linkedin.oribi.io https://ihi.flowplayer.com https://ljsp.lwcdn.com ptm.flowplayer.com wss://player.ws.flowplayer.com; 1
default-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://cse.google.com https://www.google-analytics.com https://www.gstatic.com http://emma-content-aggregates-prd.s3.amazonaws.com http://dk98ddgl0znzm.cloudfront.net https://www.googletagmanager.com https://www.google.com; style-src 'unsafe-inline' 'self' https://www.google.com https://use.typekit.net https://p.typekit.net; font-src 'self' https://use.typekit.net  https://fonts.gstatic.com data: ; img-src * data:; frame-src 'self' https://signup.e2ma.net/ https://app.e2ma.net/ https://usstore.biohorizons.com/ https://www.player.vimeo.com https://player.vimeo.com/ https://www.google.com https://www.youtube.com/; connect-src 'self' https://www.google-analytics.com  1
frame-ancestors 'self' partner-live.globalrescue.com ssstaging.globalrescue.com ss.globalrescue.com partnerstg.globalrescue.com partner.globalrescue.com dynamics.globalrescue.com http://cms.globalrescue.com www.globalrescue.com globalrescue.com 1
object-src 'self'; frame-ancestors 'self' https://services.hoplr.com https://dashboard.hoplr.com; upgrade-insecure-requests;  1
default-src 'self'; object-src 'none'; script-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; connect-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; script-src-elem 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; img-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; style-src 'self' 'unsafe-hashes' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc='; frame-ancestors 'self'; form-action 'self'; manifest-src 'self'; font-src 'self'; frame-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://cdn.eye-able.com; style-src 'self' 'unsafe-inline' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://cdn.eye-able.com; img-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info  https://cdn.eye-able.com data: ; font-src 'self' 'unsafe-inline' data: https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info ; connect-src 'self' https://*.kvv-efa.de https://*.kvv.de  https://*.vbk.info https://*.avg.info ; media-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info ; object-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info; child-src 'self'; frame-src 'self' https://*.smartmobilitymap.de https://whitelabel.vergabe24.de https://homezone.regiomove.de https://tuerchen.app https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info; base-uri 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://101010.pl; img-src 'self' data: blob: https://101010.pl https://storage.waw.cloud.ovh.net; style-src 'self' https://101010.pl 'nonce-pUh+Ip+6TDyToSwGqX6Eog=='; media-src 'self' data: https://101010.pl https://storage.waw.cloud.ovh.net; frame-src 'self' https:; manifest-src 'self' https://101010.pl; form-action 'self'; child-src 'self' blob: https://101010.pl; worker-src 'self' blob: https://101010.pl; connect-src 'self' data: blob: https://101010.pl https://storage.waw.cloud.ovh.net wss://101010.pl; script-src 'self' https://101010.pl 'wasm-unsafe-eval' 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: clouddata.analytics.venafi.com simulator.connector-sdk.venafi.cloud wss://simulator.connector-sdk.venafi.cloud data.analytics.venafi.com cdn.analytics.venafi.com use.fontawesome.com www.google-analytics.com www.google.com www.gstatic.com recaptcha.net cloudcdn.analytics.venafi.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-62068175.storage.googleapis.com *.walkme.com venafi.okta.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' blob: cloudcdn.analytics.venafi.com use.fontawesome.com fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-62068175.storage.googleapis.com *.walkme.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' api.venafi.cloud api.eu.venafi.cloud docs.venafi.cloud wss://api.venafi.cloud wss://api.eu.venafi.cloud simulator.connector-sdk.venafi.cloud wss://simulator.connector-sdk.venafi.cloud docs.venafi.cloud fonts.googleapis.com app.pendo.io *.walkme.com cdn.jsdelivr.net blob:; img-src 'self' data: cloudcdn.analytics.venafi.com clouddata.analytics.venafi.com data.analytics.venafi.com stats.g.doubleclick.net www.google-analytics.com cdn.pendo.io app.pendo.io pendo-static-62068175.storage.googleapis.com *.walkme.com s3.walkmeusercontent.com; frame-src www.youtube.com www.google.com recaptcha.net app.pendo.io ui.venafi.cloud *.walkme.com docs.venafi.cloud docs.staging.qa.venafi.io; 1
frame-ancestors 'self' https://dekra.e-spirit.hosting 1
frame-ancestors 'self' https://measureup.com; 1
frame-ancestors *.fsf.org *.gnu.org *.libreplanet.org 1
default-src 'none';base-uri 'none';object-src 'none';form-action 'self' ;frame-ancestors 'none';connect-src 'self' ;img-src 'self' auctores.de   i.ytimg.com;media-src 'self' ;script-src 'self' 'strict-dynamic' 'nonce-aet93162716narh49hjpr9fo7vm';style-src 'self' 'unsafe-inline' ;font-src 'self' ;manifest-src 'self';upgrade-insecure-requests;report-uri https://csp-report.auctores.de/resources/index;frame-src  www.youtube-nocookie.com youtu.be; 1
default-src 'self'; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; object-src 'none'; script-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 1
frame-ancestors 'self' *.mastercard.com *.gatwickparking.co.uk 1
frame-ancestors https://*.maialearning.com/ 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-TjjgA6kON/ETWgASYBZLkdv4b9ffogH247hLA+15HPRxWuZf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mailchimp.com https://*.doubleclick.net https://*.amazonaws.com  https://chimpstatic.com https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.onesignal.com https://onesignal.com https://*.googlesyndication.com https://*.gemius.pl https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://*.google.com https://*.gstatic.com https://www.google.hu https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.mailchimp.com https://*.doubleclick.net https://*.amazonaws.com  https://chimpstatic.com https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.onesignal.com https://onesignal.com https://*.googlesyndication.com https://*.gemius.pl https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://*.gstatic.com https://platform.twitter.com; img-src * data:; font-src 'self' data: https://*.hotjar.com https://fonts.googleapis.com https://*.gstatic.com; frame-src https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://*.google.com https://*.youtube.com https://*.googleadservices.com https://*.mailchimp.com https://*.doubleclick.net https://*.amazonaws.com  https://chimpstatic.com https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.onesignal.com https://onesignal.com https://*.googlesyndication.com https://*.gemius.pl https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com; connect-src 'self' https://*.mailchimp.com https://*.doubleclick.net https://*.amazonaws.com  https://chimpstatic.com https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.onesignal.com https://onesignal.com https://*.googlesyndication.com https://*.gemius.pl https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com; 1
default-src 'self' https:; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.tpay.me *.monitoringservice.co wss://*.monitoringservice.co *.empello.net wss://*.empello.net *.clfldcbprotect.com *.dcbprotect.com wss://*.dcbprotect.com:8080; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; worker-src data: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://connect.facebook.net https://ajax.googleapis.com https://use.fontawesome.com https://cdn.jsdelivr.net https://www.smartsuppchat.com https://bootstrap.smartsuppchat.com https://widget-v1.smartsuppcdn.com https://widget-v2.smartsuppcdn.com https://loader.smartsuppchat.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://widget-v1.smartsuppcdn.com https://cdnjs.cloudflare.com; img-src 'self' data: https://www.google-analytics.com https://query.hicoria.com https://scr.hicoria.com https://upload.hicoria.com https://upload.hicoria.cloud http://help.gopay.com/ https://files.smartsuppcdn.com https://widget-v2.smartsuppcdn.com; font-src 'self' data: https://widget-v1.smartsuppcdn.com; connect-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://bootstrap.smartsuppchat.com https://widget-v1.smartsuppcdn.com https://widget-v2.smartsuppcdn.com https://server.smartsupp.com wss://server.smartsupp.com wss://websocket-visitors.smartsupp.com; frame-src 'self' data: https://staticxx.facebook.com https://www.facebook.com https://server.smartsupp.com; media-src 'self' data: https://widget-v1.smartsuppcdn.com https://widget-v2.smartsuppcdn.com; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kabeltje.com *.jquery.com *.google.com *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googleadservices.com *.googletagmanager.com *.adroll.com *.trustpilot.com *.gstatic.com *.fontawesome.com *.wlservices.fr *.wlscripts.net *.barilliance.com *.bing.com *.leadinfo.net *.clarity.ms *.hotjar.com *.facebook.net *.cloudfront.net 1
base-uri 'self'; default-src 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' https://d1215ijo50bwf7.cloudfront.net; frame-src 'self' https://aws.demdex.net; connect-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://241-ysw-981.mktoresp.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.us-east-2.amazonaws.com https://cognito-identity.us-west-2.amazonaws.com https://bhauthngateway.us-east-1.beta.lowcodeapp.dev https://bhauthngateway.us-east-1.honeycode.aws https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev; style-src 'self' https://d1215ijo50bwf7.cloudfront.net 'unsafe-inline'; img-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://cm.everesttech.net https://googleads.g.doubleclick.net https://www.google.com https://dc.ads.linkedin.com https://px.ads.linkedin.com  https://www.linkedin.com https://p.adsymptotic.com https://cdn.honeycode.aws; 1
upgrade-insecure-requests; frame-ancestors 'self' *.packlane.com *.digitalroom.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com; 1
frame-ancestors 'self' https://help.addnature.com https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'self' *.imed.pt *.imed.com.pt *.acin.pt *.myshopify.com *.igest.pt igest.pt *.igest.cv igest.cv *.igest.es igest.es *.igest.co.mz igest.co.mz *.jumpseller.com 1
base-uri 'none'; font-src 'self' *.gstatic.com *.dixa.io; form-action 'self'; frame-ancestors 'self'; img-src 'self' blob: data: *.vimeocdn.com *.google-analytics.com *.dixa.io *.gstatic.com *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.google.dk *.storyblok.com *.ytimg.com *.platego.io *.spilnu.dk *.lyckost.se *.happytiger.co.uk; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.dixa.io; script-src 'self' *.cegoaffiliate.com *.cloudflare.com *.cloudflareinsights.com *.cookieinformation.com *.dixa.io *.gii.cloud *.google-analytics.com *.googletagmanager.com *.polyfill.io *.smartlook.com *.smartlook.cloud; upgrade-insecure-requests; default-src 'self'; script-src-elem 'self' 'unsafe-inline' *.cego.dk *.cloudflare.com *.bing.com *.facebook.net *.cegoaffiliate.com *.smartlook.com *.smartlook.cloud *.googletagmanager.com *.google-analytics.com *.cookieinformation.com *.dixa.io *.polyfill.io *.cloudflareinsights.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.trustpilot.com *.platego.io *.happytiger.co.uk *.lyckost.se *.spilnu.dk *.adalyser.com *.clickcease.com; connect-src 'self' *.paymentiq.io *.cego.dk *.doubleclick.net *.google.com *.googlesyndication.com *.google-analytics.com *.cookieinformation.com *.dixa.io *.smartlook.com *.smartlook.cloud ws: *.dixa.io *.storyblok.com *.sentry.io *.hotjar.io *.lyckost.se *.happytiger.co.uk *.spilnu.dk *.ogec.dk *.stocklydev.se *.lupinsdev.dk *.greathippydev.co.uk *.platego.io; frame-src 'self' *.paymentiq.io *.gii.cloud *.vimeo.com *.youtube.com *.v-psp.com *.dixa.io *.cookieinformation.com *.trustpilot.com *.lyckost.se *.happytiger.co.uk *.spilnu.dk *.stocklydev.se *.lupinsdev.dk *.greathippydev.co.uk; manifest-src 'self' *.dixa.io; media-src 'self' *.dixa.io *.platego.io; 1
default-src 'self' vercel.live view.ceros.com https://www.google.com calendar.thetrackapp.com boards.greenhouse.io s.company-target.com forms.hsforms.com player.vimeo.com https://www.youtube.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: cdn.vercel-insights.com vercel.live js.hsforms.net cdn.cookielaw.org static.hotjar.com js.hs-scripts.com tag.demandbase.com cdn.heapanalytics.com thetrackapp.com www.googletagmanager.com;    style-src 'self' 'unsafe-inline';    img-src * blob: data:;    media-src 'self';    connect-src *;    font-src 'self';    frame-ancestors 'self' *.nayya.com; 1
frame-src 'self' https://www.google.com https://keycloak.nl.ci.fdmg.org https://login.company.info; frame-ancestors 'self' https://companyinfo.nl https://*.ci.fdmg.org  https://company.info; object-src 'none'; 1
Content-Security-Policy: frame-ancestors 'none' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.doubleclick.net *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss *.galenica.com *.google-analytics.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.com *.hubspot.com *.linkedin.com *.prospective.ch *.solique.ch *.tools.investis.com *.vimeo.com *.weblication.de *.youtube.com *.ytimg.com adservice.google.com analytics.google.com api.hubapi.com code.createjs.com ir.tools.investis.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com share.pingdom.com snap.licdn.com static.hsappstatic.net vimeo.com weblics.de www.google.ch www.google.com www.googleadservices.com www.googletagmanager.com www.yousty.ch yousty-switzerland.imgix.net youtu.be; frame-ancestors 'self' *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss; report-uri https://cms1.app.e-galexis.com/csp-report.php; 1
frame-ancestors 'self' https://rallye-lecture.fr https://classe-numerique.fr https://monecole.fr https://motoufo.fr 195.221.81.1; 1
default-src 'self';script-src 'self' https://maps.googleapis.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://*.ingest.sentry.io/ https://www.googletagmanager.com/ https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://*.hotjar.com https://bat.bing.com https://cc.cdn.civiccomputing.com 'nonce-QJVr7clKw+Hl3DUJ+tGWqQ==';style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';font-src https://fonts.gstatic.com/ https://*.hotjar.com;img-src 'self' https://cms.trustmark.org.uk/ https://i.ytimg.com/ https://i.vimeocdn.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://px.ads.linkedin.com https://www.linkedin.com https://analytics.twitter.com https://bat.bing.com https://www.facebook.com https://t.co https://*.hotjar.com https://trustmark.reputations.net;connect-src 'self' https://cms.trustmark.org.uk/ https://www.trustmark.org.uk/auth/ https://*.googleapis.com *.google.com https://*.gstatic.com https://*.ingest.sentry.io/ https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://www.facebook.com https://apikeys.civiccomputing.com;object-src 'none';frame-ancestors 'self' https://cms.trustmark.org.uk/ *.google.com;base-uri 'self';block-all-mixed-content;script-src-attr 'none';frame-src 'self' https://www.trustmark.org.uk/auth/ https://www.youtube.com/ https://player.vimeo.com/ *.google.com https://trustmark.reputations.net;form-action 'self' 1
script-src 'self' 'unsafe-eval' 'sha256-sNC3NIhL46ozieLtCyo3MlvedgHeAtQ9ei0DgVIQbdA=' 'sha256-Z3EKJ+XLDnh1aWaLECKetMHfmEgaDqTjJ/9ZeRk2VJE=' 'sha256-jkMdVlciXfcIV8BZ5hVc8BMGOQOwseHeAL4srd5jixk=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ www.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com; frame-src https://www.google.com/recaptcha/; connect-src 'self' https://stats.g.doubleclick.net www.google-analytics.com; frame-ancestors 'self'; media-src 'self'; manifest-src 'self'; prefetch-src 'none'; form-action 'self'; report-uri https://g7connect.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-6cf6edf9ea7cc5b51ce3ce0b3c627c1c' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.eharmony.com.au https://tms.eharmony.com.au https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.jquery.com ajax.cloudflare.com *.onenorth.com *.oniqa.com *.onistaged.com *.crai.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.podbean.com *.cookielaw.org *.onetrust.com sc.lfeeder.com ; img-src * data:; frame-src *.amazonaws.com player.captivate.fm *.google.com player.vimeo.com *.youtube.com *.crai.com; font-src 'self' data:; 1
default-src https: blob: data: ws: wss: 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self'; 1
frame-ancestors https://mnscu.sharepoint.com 1
frame-ancestors 'self' cws-preprod.east-west.dk selvbetjening.rejsekort.dk cws-tsta.east-west.dk cws-buc.east-west.dk cws-tstc.east-west.dk 1
frame-ancestors https://webdev.prophix.com https://webstaging.prophix.com https://*.prophix.com webdev.prophix.com webstaging.prophix.com https://*.prophix-devops.com https://*.uk.prophix.cloud https://*.us1.prophix.cloud https://*.us2.prophix.cloud https://*.ca.prophix.cloud https://*.eu.prophix.cloud https://*.ap.prophix.cloud https://*.au.prophix.cloud https://*.sa.prophix.cloud https://*.prophix.cloud https://*.prophixdemo.cloud https://*.prophixdemo.com https://*.devops-uat.cloud resources.prophix.com prophix.pathfactory.com prophix.lookbookhq.com 1
default-src 'self' https://*.safeframe.googlesyndication.com tpc.googlesyndication.com www.myhealth1st.com.au vars.hotjar.com staticxx.facebook.com https://static.zdassets.com https://ekr.zdassets.com https://healthshare.zendesk.com wss://healthshare.zendesk.com wss://*.zopim.com; child-src 'self' driptracker.com *.healthshare.com.au www.myhealth1st.com.au player.vimeo.com youtube.com https: blob:; worker-src 'self' blob:; img-src 'self' *.healthshare.com.au https://v2assets.zopim.io https://static.zdassets.com data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.facebook.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-intake.com https:; connect-src 'self' http://localhost:52480 sentry.io wss://*.hotjar.com https://static.zdassets.com https://ekr.zdassets.com https://healthshare.zendesk.com wss://healthshare.zendesk.com wss://*.zopim.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com https://*.ingest-lr.com https://*.lr-intake.com https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' netdna.bootstrapcdn.com fonts.gstatic.com script.hotjar.com data:; report-uri https://sentry.io/api/41432/security/?sentry_key=8263757b037c48dcafd3483e0970ca14 1
default-src 'self'; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'self'; object-src 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd771a23f8cb1e4f45f24b5fd37e11a96&dd-evp-origin=content-security-policy&ddsource=csp-report; script-src 'nonce-jWSFSSx42FloBkNWDUZ4nSGLbbXkiPPz' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http: 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/maaamet https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/maaamet https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.maaamet.ee https://old.maaamet.ee https://public.tableau.com/ https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://public.tableau.com/ https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://public.tableau.com/ https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://public.tableau.com/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://unpkg.com/sweetalert/dist/sweetalert.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/ https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://www.google-analytics.com https://editor.unlayer.com/embed.js https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.ckeditor.com https://translate.googleapis.com https://translate.google.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://widget.freshworks.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/ https://cdn.ckeditor.com/ https://platform.twitter.com https://fonts.googleapis.com https://translate.google.com https://translate.googleapis.com https://widget.freshworks.com; object-src 'self'; frame-ancestors https://webpoint.us; 1
frame-ancestors *.jobmd.cn *.jobmd.net https://openplatform-app.lctest.cn:* https://identity-app.linkedcare.cn:* *.baidu.com *.google.com https://www.google.com.hk *.dxy.net *.dxy.cn 1
base-uri 'none';default-src 'self' securepubads.g.doubleclick.net *.googlesyndication.com;form-action 'self';img-src 'self' http: https: data: *.google-analytics.com *.analytics.google.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' www.google.com www.dwin2.com *.googlesyndication.com www.google-analytics.com ssl.google-analytics.com *.facebook.net *.gstatic.com adservice.google.fr adservice.google.com *.googletagservices.com maps.googleapis.com *.tagmanager.google.com *.googletagmanager.com *.clarity.ms www.googleadservices.com googleads.g.doubleclick.net sdk.privacy-center.org securepubads.g.doubleclick.net partner.googleadservices.com cdn.matomo.cloud plusquepro.matomo.cloud *.siligon-valley.org www.youtube.com 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.googleapis.com *.gstatic.com data:;frame-src www.youtube.com www.youtube-nocookie.com *.doubleclick.net www.google.com *.facebook.com *.vimeo.com www.dailymotion.com *.googlesyndication.com;frame-ancestors 'self';connect-src 'self' https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net *.googlesyndication.com api.privacy-center.org securepubads.g.doubleclick.net googleads.g.doubleclick.net plusquepro.matomo.cloud *.siligon-valley.org *.clarity.ms *.googletagmanager.com 1
frame-ancestors 'self' http://www.ponds.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
script-src 'unsafe-inline' 'unsafe-eval' https://* 1
default-src 'self' 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/; img-src 'self' https://www.facebook.com https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://widget.intercom.io/widget/ https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net images.prismic.io https://lessonup.cdn.prismic.io *.hsforms.net *.hsforms.com *.hubspot.com cdn2.hubspot.net static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; style-src 'self' unsafe-inline https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com cloud.typography.com/6162672/684584/css/fonts.css https://www.vangoghmuseum.nl/statics/fonts/796821/50011F6B07DC2A0F8.css https://fonts.googleapis.com/; media-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://js.intercomcdn.com; font-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.googleapis.com/; frame-src 'self' https://www.avo.app/ https://webforms.pipedrive.com/ https://vars.hotjar.com/ https://www.facebook.com/tr/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://intercom-sheets.com https://js.stripe.com https://hooks.stripe.com youtube.com www.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://i.ytimg.com/ https://www.facebook.com/ *.pipedriveassets.com/ https://webforms.pipedrive.com https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.googletagmanager.com *.g.doubleclick.net http://*.hotjar.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-inline' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.googleapis.com *.googleadservices.com 'unsafe-inline' https://www.googletagmanager.com 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com/iframe_api https://js.stripe.com https://images.prismic.io/ https://lessonup.cdn.prismic.io *.hscollectedforms.net *.hsleadflows.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.usemessages.com *.hs-banner.net *.hubspotfeedback.com static.hsappstatic.net *.hsforms.net *.hsforms.com *.hubspot.com cdn2.hubspot.net; connect-src 'self' https://api.avo.app/ https://collector.test.lessonup.dev https://collector.lessonup.com/ https://stats.g.doubleclick.net https://collector.test.lessonup.com https://vc.hotjar.io/ ws://localhost:3200/site https://in.hotjar.com/api/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://api-iam.intercom.io/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://api.stripe.com *.hubapi.com *.hsforms.net *.hsforms.com *.hubspot.com *.hscollectedforms.net; child-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://intercom-sheets.com; form-action 'self' https://www.facebook.com/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io *.hsforms.net *.hsforms.com *.hubspot.com 1
default-src 'self';script-src 'self' 'nonce-UD4a11WJCQnp01naB6ixGFnbRMFuiizNBLHOp4GtGf4=' ajax.cloudflare.com cdnjs.cloudflare.com www.google.com www.gstatic.com secure.wufoo.com static.wufoo.com cc.cdn.civiccomputing.com maps.googleapis.com player.vimeo.com *.googletagmanager.com googletagmanager.com www.google-analytics.com tools.eurolandir.com 3xscreen.videosync.fi s3.amazonaws.com laingorourke.us1.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'none';connect-src 'self' maps.googleapis.com our.umbraco.com *.google-analytics.com google-analytics.com apikeys.civiccomputing.com clapi.civiccomputing.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com region1.google-analytics.com region1.analytics.google.com printreleaf.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.wufoo.com www.google.com printreleaf.com marketplace.umbraco.com youtube.com www.youtube.com player.vimeo.com forms.zohopublic.eu tools.eurolandir.com my.matterport.com;img-src 'self' data: *.googleusercontent.com i.vimeocdn.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google.co www.google.co.uk i.ytimg.com www.google-analytics.com accounts.google.co.uk;frame-ancestors 'self';upgrade-insecure-requests ;block-all-mixed-content 1
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://cdn.aplazame.com; img-src 'self' https://s-media-cache-ak0.pinimg.com https://as2.ftcdn.net https://as1.ftcdn.net https://t1.ftcdn.net https://t2.ftcdn.net https://t3.ftcdn.net https://t4.ftcdn.net https://www.google-analytics.com https://cdn.connectif.cloud https://www.google.com https://www.google.es https://www.cortinadecor.com https://cortinadecor.com https://cortinadecor.local https://googleads.g.doubleclick.net https://connect.ekomi.de https://bat.bing.com https://www.facebook.com https://blog.cortinadecor.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.googletagmanager.com https://optimize.google.com https://www.gstatic.com https://*.clarity.ms https://t.paypal.com https://v2assets.zopim.io https://cortinadecor.zendesk.com https://ct.pinterest.com https://*.zdusercontent.com https://c.bing.com https://static.zdassets.com https://i.ytimg.com https://www.paypalobjects.com https://d2rfa446ja7yzb.cloudfront.net https://connect.getflowbox.com https://post-image.getflowbox.com https://*.cdn.adyen.com https://scontent-lhr8-1.xx.fbcdn.net https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://scontent-lcy1-1.xx.fbcdn.net data:; media-src 'self' https://cdn.flbx.io; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.windguru.cz https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.analytics.google.com https://region1.google-analytics.com https://eu3-api.connectif.cloud https://api.aplazame.com https://analytics.google.com https://bat.bing.com https://maps.googleapis.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://ekr.zdassets.com https://cortinadecor.zendesk.com wss://widget-mediator.zopim.com https://*.clarity.ms https://ekr.zendesk.com https://widget-mediator.zopim.com https://ct.pinterest.com https://adservice.google.com https://www.google.com https://sessions.bugsnag.com/ https://notify.bugsnag.com/ https://zendesk-eu.my.sentry.io https://api.smooch.io wss://api.smooch.io/faye https://analytics.tiktok.com https://www.google.es https://gateway.getflowbox.com https://a.getflowbox.com https://experience.getflowbox.com https://pagead2.googlesyndication.com; frame-src 'self' https://www.google.com https://checkout.aplazame.com https://cdn.aplazame.com https://www.youtube.com https://www.facebook.com https://g0.ipcamlive.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com/ https://optimize.google.com https://ct.pinterest.com https://td.doubleclick.net https://e.issuu.com/ https://www.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://www.googletagmanager.com https://optimize.google.com https://www.googleoptimize.com https://cdn.connectif.cloud https://www.google-analytics.com https://www.googleanalytics.com https://www.googleadservices.com https://apis.google.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://cdn.aplazame.com https://bat.bing.com https://connect.facebook.net https://www.youtube.com https://connect.ekomi.de https://www.paypal.com https://cdnjs.cloudflare.com https://*.clarity.ms https://static.zdassets.com https://s.pinimg.com https://api.smooch.io https://analytics.tiktok.com https://connect.getflowbox.com https://www.paypalobjects.com; 1
default-src 'self';object-src 'none';img-src 'self' data: blob:;font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' wss://bilaxy.com wss://www.bilaxy.com wss://m.bilaxy.com https://newapi.bilaxy.com/ https://bilaxy.zendesk.com/api/v2/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;frame-src 'self' blob: https://www.google.com/recaptcha/; 1
frame-ancestors 'self' https://prdhorizon.mirvac.com 1
frame-ancestors 'self' folder.aldi.be experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors https://*.imoney.my 1
default-src https: 'self' 'unsafe-inline' data:; connect-src https: wss: 1
default-src 'self'; connect-src 'self' https://js.stripe.com/ https://www.google-analytics.com https://q.quora.com https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com data:; img-src 'self' https://www.google-analytics.com/ https://cdn.shopify.com https://apps.shopifycdn.com https://images.editor.website https://*.bigcommerce.com https://run.pstmn.io https://*.quora.com data: *; frame-ancestors 'self' ; frame-src 'self' https://js.stripe.com https://www.google.com https://player.vimeo.com https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; script-src 'self' https://www.google-analytics.com/ https://js.stripe.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://a.quora.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com 'unsafe-eval' 'unsafe-inline' data:; style-src 'self' https://fonts.googleapis.com/ https://sdks.shopifycdn.com 'unsafe-inline' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.pricespider.com *.doubleclick.net pghub.io *.adsrvr.org *.facebook.net *.bazaarvoice.com *.cloudflare.com api.tiles.mapbox.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com *.ctfassets.net data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net *.flashtalking.com *.pghub.io *.adsrvr.org consumersupport.pg.com *.jebbit.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com www.google.com www.google.cz *.pricespider.com www.facebook.com *.bazaarvoice.com www.facebook.com *cookielaw.org www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.mapbox.com *.bazaarvoice.com *.pricespider.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat graphql.contentful.com feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors https://www.rldatix.com/ https://rldatix.com/ https://cms.rldatix.com/ 1
frame-ancestors https://*.veygo.com https://*.preprod-veygo.com 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de https://*.usercentrics.eu www.googletagmanager.com; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data: https://*.usercentrics.eu; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net https://*.usercentrics.eu www.googletagmanager.com *.google-analytics.com; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://mein.clickskeks.at/;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ data:;img-src 'self' 'unsafe-inline' https://*.buerklin.com/ https://cdn.cookielaw.org/ https://www.google.de/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://buerklin.componentsearchengine.com https://googleoptimize.com/ https://*.google.com/ https://www.gstatic.com/ https://bat.bing.com/ https://*.linkedin.com/ https://*.facebook.com/ https://cdn.cookielaw.org/ https://mein.clickskeks.at/ http://*.outbrain.com/ https://*.criteo.com/ https://*.criteo.net/ https://googleads.g.doubleclick.net/ https://*.ablyft.com/ https://*.clarity.ms/ https://de.snippet-ablyft.com/ data:;style-src 'self' 'unsafe-inline' https://www.google.com/ https://fonts.googleapis.com/ https://optimize.google.com/ https://www.gstatic.com/recaptcha/ https://mein.clickskeks.at/ https://*.criteo.com/ https://*.criteo.net/ https://*.ablyft.com/ https://de.snippet-ablyft.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://www.gstatic.com/recaptcha/ https://pp.payengine.de/ https://pptest.payengine.de/ https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://www.optimize.google.com/ https://googleoptimize.com/ https://optimize.google.com/ https://buerklin.componentsearchengine.com/common/plugin.js https://*.clarity.ms/ https://snap.licdn.com/ https://amplify.outbrain.com/ https://mein.clickskeks.at/ https://*.criteo.com/ https://*.criteo.net/ https://*.ablyft.com/ https://de.snippet-ablyft.com/ http://*.outbrain.com/ https://cdn.cookielaw.org/ https://bat.bing.com/ https://connect.facebook.net/;frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://pptest.payengine.de/ https://pp.payengine.de/ https://www.google.com/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://googleoptimize.com/ https://optimize.google.com/ https://www.yumpu.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://*.sibforms.com/ https://buerklin.componentsearchengine.com/ https://my.visme.co/ https://*.criteo.com/ https://*.criteo.net/;connect-src https://www.buerklin.com https://pptest.payengine.de/ https://pp.payengine.de/ https://api.payengine.de/ https://apitest.payengine.de/ https://*.clarity.ms/ https://snap.licdn.com/ https://*.outbrain.com/ https://cdn.linkedin.oribi.io/ https://cdn.cookielaw.org/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://mein.clickskeks.at/ https://stats.g.doubleclick.net/ https://bat.bing.com/ https://www.google.de/ https://*.criteo.com/ https://*.criteo.net/ https://*.ablyft.com/ https://de.snippet-ablyft.com/; 1
frame-ancestors 'self'  https://findadoctor.rsfh.com https://dev.px.roperstfrancis.connecthealthcare.com https://callcenter.rsfh.com http://careline 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s3.tradingview.com; connect-src 'self' wss: xexchange.com *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com *.maiar.exchange *.google-analytics.com s3.amazonaws.com/xexchange.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com raw.githubusercontent.com s3.amazonaws.com *.google-analytics.com i.ytimg.com; frame-src *.xexchange.com *.multiversx.com *.elrond.com *.maiar.com verify.walletconnect.com buy.moonpay.io www.google.com/recaptcha/ widget-instant.ramp.network www.youtube.com s.tradingview.com; manifest-src 'self'; frame-ancestors 'self' xexchange.com *.xexchange.com multiversx.com *.multiversx.com elrond.com *.elrond.com maiar.com *.maiar.com 1
default-src 'self'; connect-src http: https: wss:; form-action * 'unsafe-inline' 'unsafe-eval'; frame-src https:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/siteanalyze_6003145.js ;object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https://i.ytimg.com https://lovdata.no/static/SF/sf-20211215-3636-01-01.png https://6003145.global.siteimproveanalytics.io https://szsurvey.siteimprove.com https://szsurvey-r1.siteimprove.com;frame-src https://www.youtube.com https://app.powerbi.com 'self';font-src 'self';connect-src 'self' https://pdx-col.eum-appdynamics.com https://fra-col.eum-appdynamics.com;base-uri 'self';manifest-src 'none';upgrade-insecure-requests;block-all-mixed-content;report-uri /api/mt1535/csp/report; 1
frame-ancestors https://*.semrush.com 'self' 1
upgrade-insecure-requests; frame-ancestors *.volnamista.cz 'self' *.seznam.cz *.sdn.cz; script-src *.volnamista.cz blob: 'self' 'unsafe-inline' 'unsafe-eval' *.seznam.cz *.sdn.cz *.szn.cz *.pszn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.volnamista.cz https://www.volnamista.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz www.googletagmanager.com connect.facebook.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com; script-src-elem *.volnamista.cz blob: 'self' 'unsafe-inline' 'unsafe-eval' *.seznam.cz *.sdn.cz *.szn.cz *.pszn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.volnamista.cz https://www.volnamista.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz www.googletagmanager.com connect.facebook.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://speedtest.cableonda.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://speedtest.cableonda.com https://*.inbenta.chat https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-FT67iM70ozqdwzIJj2UbjRtg9DkJeJRLSkDnTfbfSBY=' 'sha256-fUkmihH4oQ4ili5Ndzz6qydXNGEhb+UluZHLbqF0wjQ=' 'sha256-NqqiyvEeEFJkR0Rg7jhJSR9xq1wgGitchXYzVmo6HBc=' 'sha256-O59a6NYH9S3trb0C+Whqls29Oh8Y1/cHsSMUuaB3t4o=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-AdrKFRwbXYnt+NArcWuOA3p5Uu+OM2x5iXbnbok+VTg=' 'sha256-4hoN6F9BfowQyuAhVYDwSfbq3dIEO1y5+B9LIAesRog='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com https://*.inbenta.io https://speedtest.cableonda.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://*.inbenta.com https://*.inbenta.io https://speedtest.cableonda.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.inbenta.io https://speedtest.cableonda.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
form-action 'self' https://www.facebook.com/tr/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://crowdin.com https://cdn.jsdelivr.net http://cdn.crowdin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://*.google-analytics.com https://*.stripe.com https://*.cloudflare.com connect.facebook.net https://djtflbt20bdde.cloudfront.net *.amplitude.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://*.outbrain.com https://*.sentry-cdn.com https://beacon-v2.helpscout.net https://cdn.checkout.com https://*.cloudinary.com https://*.elfsight.com; child-src 'self' http://crowdin.com http://cdn.crowdin.com https://*.facebook.com https://www.google.com/recaptcha/ https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.stripe.com https://djtflbt20bdde.cloudfront.net https://connect.facebook.net https://bid.g.doubleclick.net https://*.checkout.com; base-uri 'self'; img-src * data:; media-src 'self' blob: https://*.cloudinary.com; style-src 'self' 'unsafe-inline' http://crowdin.com http://cdn.crowdin.com https://fonts.googleapis.com https://*.stripe.com https://djtflbt20bdde.cloudfront.net https://use.fontawesome.com https://cdnjs.cloudflare.com; connect-src 'self' https://*.cloudinary.com https://*.stripe.com *.helpscoutdocs.com *.helpscout.net *.amplitude.com *.facebook.com api.unsplash.com api.typeform.com images.unsplash.com *.google-analytics.com *.analytics.google.com analytics.google.com *.algolia.net *.algolianet.com https://maps.googleapis.com stats.g.doubleclick.net analytics.tiktok.com https://*.ingest.sentry.io https://d3hb14vkzrxvla.cloudfront.net https://*.checkout.com https://*.outbrain.com  https://*.elfsight.com; default-src 'self' https://djtflbt20bdde.cloudfront.net; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com 1
frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl; 1
default-src https://td.doubleclick.net https://*.google.com 'self'; script-src https://*.googleapis.com https://*.google.com/ https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.google.com; connect-src https://*.googleapis.com https://*.google.com https://*.doubleclick.net https://*.google-analytics.com/ 'self'; img-src * 'self' data:; style-src https://*.googleapis.com 'self' 'unsafe-inline'; font-src 'self' data: https://*.gstatic.com https://cdnjs.cloudflare.com; base-uri 'self'; report-uri https://53a9c3d30e2981e5ca0712c25eb22f21.report-uri.com/a/d/g; upgrade-insecure-requests; block-all-mixed-content; 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.i-active.be googleads.g.doubleclick.net connect.facebook.net analytics.tiktok.com code.jquery.com deploy.mopinion.com static.hotjar.com script.hotjar.com static.forum.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.i-active.be static.forum.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com *.i-active.be static.forum.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com www.google.nl www.facebook.com connect.facebook.net cover.biblion.nl *.ytimg.com *.nbc.bibliotheek.nl catalogus.bibliothekengroningen.nl *.leibniz.zbkb.nl static.forum.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.twizzit.com safepay.com *.saferpay.com td.doubleclick.net open.spotify.com static.forum.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.twizzit.com safepay.com *.saferpay.com td.doubleclick.net open.spotify.com static.forum.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net  static.forum.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.i-active.be stats.g.doubleclick.net analytics.tiktok.com deploy.mopinion.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io static.forum.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.forum.nl; form-action 'self' catalogus.forum.nl; worker-src 'self' static.forum.nl; manifest-src 'self' static.forum.nl; prefetch-src 'self' static.forum.nl; frame-ancestors 'self' *.bnc.nl;  1
default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://stats.g.doubleclick.net https://www.facebook.com https://adservice.google.com https://www.google.com; base-uri 'self'; connect-src 'self' https://adservice.google.com https://www.google.com data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.google.com; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; form-action 'self' https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; frame-ancestors 'self'  https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://*.kaingaora-kiosk.co.nz; frame-src 'self' blob: https://*.hotjar.com https://staticcdn.co.nz https://www.google.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://app.powerbi.com https://www.facebook.com https://bid.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://vimeo.com; img-src 'self' https://staticcdn.co.nz https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.nz https://*.outbrain.com https://www.facebook.com https://connect.facebook.net https://i.ytimg.com https://i.vimeocdn.com https://www.gstatic.com https://adservice.google.com https://*.hotjar.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://code.jquery.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://*.outbrain.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://www.vimeo.com https://vimeo.com https://ssl.google-analytics.com https://translate.google.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; block-all-mixed-content 1
frame-ancestors 'self' rock.newspring.cc beta-rock.newspring.cc alpha-rock.newspring.cc rich-rock.newspring.cc brian-rock.newspring.cc newspring.cc alpha.newspring.cc beta.newspring.cc rich.newspring.cc brian.newspring.cc newspringnetwork.com beta.newspringnetwork.com alpha.newspringnetwork.com rich.newspringnetwork.cc brian.newspringnetwork.cc rockapi.newspring.cc rc.newspring.cc facebook.com http://localhost 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Y6R4TDhUwoWGNZPx70TdhOKTnYFUDoUGj/wru4nQ5l0CYzpz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'none'; font-src 'self'; object-src 'none' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.gr https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.gr https://m.myprotein.gr https://checkout.myprotein.gr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self' https://www.paypal.com; script-src 'self' https://unpkg.com/ https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://e.widgetbot.io https://www.datadoghq-browser-agent.com https://api.lovense.com 'unsafe-inline'; style-src 'self' https://unpkg.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' http: https: data:; connect-src 'self' wss://www.erofights.com/cable wss://stonks.widgetbot.io/ws/graphql https://stonks.widgetbot.io/api/graphql https://e.widgetbot.io/ https://api.lovense.com *.lovense.club:*; manifest-src 'self'; media-src 'self' http: https:;  frame-src https://*.widgetbot.io https://widgetbot.io https://discord.com/ https://www.eporner.com https://hypnotube.com https://www.redgifs.com https://www.xvideos.com https://*.pornhub.com https://www.dailymotion.com https://www.youtube.com https://heavyfetish.com https://spankbang.com https://www.spankbang.com 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; frame-ancestors 'none'; 1
frame-ancestors self https://*.schoolpay.com https://*.schoolpayqa.com https://schoolpay.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-O2QDGHYGqgNNHVKh3DXy' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 1
default-src https: *.voxengo.com 'unsafe-inline' *.google.com *.gstatic.com *.youtube.com *.ytimg.com;object-src 'none';upgrade-insecure-requests;block-all-mixed-content;frame-ancestors 'self' *.2checkout.com 1
default-src 'self' *.sberdisk.dev *.sberdisk.ru; script-src 'self' *.sberdisk.dev *.sberdisk.ru *.googletagmanager.com https://mc.yandex.ru https://cdn.amplitude.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' https: blob: data:; frame-src 'self' https: blob: atlassian-companion:; media-src 'self' https: blob: data:; font-src *; 1
frame-ancestors 'self' *.planet-cards.co.uk *.planet-photo.co.uk *.planet-cards.com *.planet-photo.com *.planet-cards.de *.planet-photo.de *.planet-cards.es *.planet-photo.es *.planet-cards.it *.planet-photo.it *.planet-cards.nl 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://snap.licdn.com *.google-analytics.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org www.googletagmanager.com http://banners.aipla.org https://banners.aipla.org www.buzzsprout.com *.googleadservices.com https://googleads.g.doubleclick.net *.connectedcommunity.org community.aipla.org https://live-tag.bannersnack.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.connectedcommunity.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.ads.linkedin.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net https://googleads.g.doubleclick.net *.google.com/pagead *.adsymptotic.com *.connectedcommunity.org; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.buzzsprout.com *.connectedcommunity.org https://live-tag.bannersnack.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.doubleclick.net *.connectedcommunity.org analytics.google.com; 1
script-src 'unsafe-inline' 'self' https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.calendly.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.curator.io https://use.fontawesome.com https://fuse.shooju.com https://cdn.shooju.com/ https://d1vl91sh9bpatf.cloudfront.net/fuseTracker.js https://fuse.fusesearch.app https://snap.licdn.com https://googleads.g.doubleclick.net https://s.adroll.com https://d.adroll.com https://cdn.feathr.co https://polo.feathr.co https://aium.informz.net *.hsforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.curator.io https://s.adroll.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://cdnjs.cloudflare.com https://curator-assets.b-cdn.net https://px.ads.linkedin.com https://www.google.com https://d.adroll.com https://x.bidswitch.net https://cm.g.doubleclick.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.outbrain.com https://sync.taboola.com https://image2.pubmatic.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://ib.adnxs.com https://www.google.com.ph https://marco.feathr.co https://polo.feathr.co https://match.adsrvr.org https://polo-v1.feathr.co *.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.shooju.com; frame-src 'self' https://aium.wufoo.com https://aium.informz.net https://js.hsforms.net https://www.google.com https://app.hubspot.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://fuse.shooju.com https://api.curator.io https://fuse.fusesearch.app https://stats.g.doubleclick.net https://www.facebook.com https://cdn.linkedin.oribi.io https://d.adroll.com https://polo.feathr.co *.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://curator-assets.b-cdn.net https://video.twimg.com https://curatorio.s3.amazonaws.com https://aium.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
base-uri 'none'; default-src 'none'; child-src blob:; font-src data: https://assets.filmmakers.eu; img-src 'self' data: blob: android-webview-video-poster: android-webview: https://filmmakers-eu-west-1.s3.eu-west-1.amazonaws.com https://assets.filmmakers.eu https://d205pfv3qf1itp.cloudfront.net https://dzigyf6xnsi9x.cloudfront.net https://static.filmmakers.eu https://maps.gstatic.com https://cd.filmmakers.eu https://www.ufa-base.de https://www.troeber-castingbase.de https://www.filmpool-casting.de https://www.pro.castupload.com; media-src https://static.filmmakers.eu; object-src 'none'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'report-sample' https://assets.filmmakers.eu https://maps.googleapis.com 'nonce-bf15bab80192f41d63f401cbe761ebf2'; style-src 'unsafe-inline' https://assets.filmmakers.eu; connect-src 'self' https://filmmakers-eu-west-1.s3.eu-west-1.amazonaws.com https://api.rollbar.com https://maps.googleapis.com; block-all-mixed-content; manifest-src 'self' https://assets.filmmakers.eu; frame-ancestors 'none'; report-uri https://o384298.ingest.sentry.io/api/5215332/security/?sentry_key=e8deefcb271f4ecbabf96cf79f0fe558 1
script-src 'self' s.yimg.com sp.analytics.yahoo.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net maps.googleapis.com googleads.g.doubleclick.net bat.bing.com dts57qhtf7twy.cloudfront.net insights.bizrate.com gap.bizrate.com ; 1
default-src 'self';script-src 'self' 'nonce-Mzk1YjkxNTIwYQ==' 'strict-dynamic' https://*.smarticket.co.il https://*.google-analytics.com https://www.googletagmanager.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.cloudflareinsights.com;style-src 'self' 'unsafe-inline' https://*.smarticket.co.il https://fonts.googleapis.com https://*.google.com https://*.gstatic.com;img-src 'self' 'nonce-Mzk1YjkxNTIwYQ==' https:;font-src 'self' 'nonce-Mzk1YjkxNTIwYQ==' https://*.smarticket.co.il data: https://*.gstatic.com https://*.megabonus.com;media-src 'self' https://*.pelecard.biz;frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.facebook.net https://*.facebook.com https://*.pelecard.biz https://*.trendmicro.com;frame-ancestors https:;connect-src 'self' 'nonce-Mzk1YjkxNTIwYQ==' https: https://*.googleapis.com;object-src 'none';base-uri 'self' 1
frame-ancestors 'self' *.abtasty.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YzQ2NTk1Y2ZjZjYzNGUyZThlZmY0ZWJiNGFlMmU1YzI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nlarbeidsinspectie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nlarbeidsinspectie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nlarbeidsinspectie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-2FXX+9Q9Tu+DANPlI7pW8d0ebFw=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src *; img-src 'self' data: https:; style-src 'self' https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ https://fonts.googleapis.com 'unsafe-inline' ; script-src 'self' https://js.boxx.ai/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google.com/ https://www.facebook.com/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://ajax.googleapis.com https://connect.facebook.net/ https://www.gstatic.com/ https://gateway.smallcase.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://marketingplatform.google.com/ http://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://cdnt.netcoresmartech.com/ https://osjs.netcoresmartech.com/ https://developers.google.com/ https://cdndc.netcoresmartech.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ ; font-src 'self' https://fonts.gstatic.com/ https://ka-f.fontawesome.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ data: ; media-src 'self' data: blob: ; child-src 'self' data: blob: ; frame-src 'self' https://www.google.com/ https://www.facebook.com/ https://www.youtube.com/ https://connect.smallca.se/ ; 1
allow 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob https://tffl.wpengine.com https://action.dstillery.com/orbserv/nsjs https://www.facebook.com/plugins/customer_chat/SDK/ https://action.dstillery.com https://staticxx.facebook.com https://tffl.wpengine.com https://googleads.g.doubleclick.net https://www.youtube.com https://static.ads-twitter.com/uwt.js https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com  https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/signals/config/348076795561919?v=2.9.141&r=stable&domain=tobaccofreeflorida.com https://dashboard.chatfuel.com/integration/fb-entry-point.js https://connect.facebook.net/en_US/fbevents.js https://tag.simpli.fi/sifitag/36640690-0be4-0139-8190-06b4c2516bae https://i.simpli.fi https://bat.bing.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://emacs.ch; img-src 'self' data: blob: https://emacs.ch https://media.emacs.ch; style-src 'self' https://emacs.ch 'nonce-5oVyy5cm9bL4Cmx+MdUL2g=='; media-src 'self' data: https://emacs.ch https://media.emacs.ch; frame-src 'self' https:; manifest-src 'self' https://emacs.ch; form-action 'self'; child-src 'self' blob: https://emacs.ch; worker-src 'self' blob: https://emacs.ch; connect-src 'self' data: blob: https://emacs.ch https://media.emacs.ch wss://emacs.ch; script-src 'self' https://emacs.ch 'wasm-unsafe-eval' 1
default-src 'self' ;                         form-action 'self';                         base-uri 'self';                         block-all-mixed-content;                         frame-ancestors 'self';                         frame-src www.marches-publics.info www.youtube.com umap.openstreetmap.fr www.elegantthemes.com 'self' ;                         connect-src 'self' maps.googleapis.com matomo.constructys.fr ai.elegantthemes.com ;                         object-src 'none';                         script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com www.google-analytics.com                                matomo.constructys.fr blob: ;                         img-src 'self' secure.gravatar.com s.w.org ps.w.org www.elegantthemes.com data: ;                         style-src 'self' 'unsafe-inline' fonts.googleapis.com ;                         font-src 'self' fonts.gstatic.com data: ;                  1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
form-action 'self' https://*.pauldavis.com/ https://*.pdutah.com/; font-src 'self' data: https://*.wp.com https://*.cloudflare.com https://*.tawk.to https://*.podium.com https://*.apex.live https://*.googleusercontent.com https://*.gstatic.com; img-src 'self' data: https://cdn2.pauldavis.info https://pauldavis.com https://cdn2.pauldavis.com https://*.service.usercentrics.eu https://*.usercentrics.eu https://*.cleantalk.org https://*.googletagmanager.com https://bbb.org https://*.bamboohr.com https://*.z1.dca0.com https://*.adroll.com https://*.speetra.com https://*.speetra.components https://*.cloudinary.com https://*.angieslist.com https://*.angi.com https://*.merchantequip.com https://*.expertise.com https://*.blob.core.windows.net https://*.podium.com https://*.facebook.com https://*.gethearth.com https://*.apex.live https://*.ssl.cf2.rackcdn.com https://*.g.doubleclick.net https://*.bbb.org https://*.marchex.io https://*.ytimg.com https://*.google.com https://*.pauldavis.com https://pauldavis.com https://*.google-analytics.com; frame-src 'self' https://*.livechatinc.com https://*.zyratalk.com https://*.zyrachat.com https://*.g.doubleclick.net https://*.facebook.com https://*.careerplug.com https://*.volunteerhub.com https://*.pulsem.me https://*.careerplug.com https://*.hotjar.com https://*.youtube.com https://*.google.com; child-src https://*.pauldavis.com; frame-ancestors 'self'; 1
default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri https://36e39a507c71b18d6983ce67b6ecef83.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://www.google.com; 1
frame-ancestors 'self' www.cajasur.es; 1
base-uri 'self'; form-action 'self'; default-src 'self'; object-src 'none'; frame-src 'self' https://td.doubleclick.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src 'self' https://search-api.partnerportal.intoglobal.com https://catalog-api.partnerportal.intoglobal.com/api https://ddenrollmentapi.intoglobal.com https://collect-eu.attraqt.io https://maps.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://col.site24x7rum.eu https://col.site24x7rum.eu https://heapanalytics.com https://dc.services.visualstudio.com https://*.launchdarkly.com https://*.in.applicationinsights.azure.com https://*.in.applicationinsights.azure.cn https://*.live.dynatrace.com https://*.rudderstack.com https://*.rudderlabs.com https://client-api.auryc.com https://*.bf.dynatrace.com https://media.intostudy.com https://*.cookielaw.org https://*.browser-intake-datadoghq.com https://iup2-agent-staging.eu.auth0.com https://iup2-agent.eu.auth0.com http://*.intostudy.com https://*.intostudy.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://*.onetrust.com https://connect.facebook.net https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://analytics.google.com; style-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://connect.facebook.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://ssl.google-analytics.com http://static.site24x7rum.eu https://static.site24x7rum.eu http://cdn.heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.rudderstack.com https://*.rudderlabs.com https://js-cdn.dynatrace.com https://*.cookielaw.org https://www.datadoghq-browser-agent.com https://*.attraqt.io http://img04.en25.com/i/elqCfg.min.js https://connect.facebook.net https://intoglobal--iupsfuat.my.salesforce.com https://insta-uat.intoglobal.com; img-src 'self' http://media.intostudy.com https://media.intostudy.com https://ctfimages.intoglobal.com https://maps.googleapis.com https://maps.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://heapanalytics.com https://res.cloudinary.com https://*.cookielaw.org https://media.intoglobal.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://images.ctfassets.net http://track.intoglobal.com https://www.facebook.com https://www.google.co.uk https://www.google.com https://www.google.co.in data:; font-src 'self' https://fonts.gstatic.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://heapanalytics.com; worker-src blob:; media-src 'self' https://res.cloudinary.com https://media.intoglobal.com https://media.intostudy.com 1
default-src 'self' *.visla.us wss://*.visla.us *.s3.us-west-2.amazonaws.com *.google-analytics.com *.analytics.google.com *.intercom.io wss://*.intercom.io *.intercomcdn.com; style-src 'self' *.visla.us 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.visla.us apis.google.com accounts.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.g.doubleclick.net *.getreditus.com *.intercom.io *.intercomcdn.com; connect-src 'self' * *.visla.us *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.getreditus.com; frame-src 'self' accounts.google.com visla://record *.visla.us *.vislaus.cn *.youtube.com intercom-sheets.com; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com; img-src 'self' data: * *.s3.us-west-2.amazonaws.com *.vimeocdn.com pixabay.com *.pexels.com *.googleusercontent.com *.producthunt.com *.googletagmanager.com *.google-analytics.com *.getreditus.com; media-src 'self' *.visla.us blob: *.s3.us-west-2.amazonaws.com *.vimeo.com pixabay.com vod-progressive.akamaized.net *.intercomcdn.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; 1
frame-src 'self' *.cybersoulhost.ru *.gosuslugi.ru *.yandex.ru *.youtube.com *.culturaltracking.ru *.smart-bilet.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://keyote.blob.core.windows.net https://teskalabscom.azureedge.net www.google-analytics.com https://d3js.org https://unpkg.com https://www.googletagmanager.com https://tagmanager.google.com/ https://optimize.google.com https://apis.google.com https://ajax.googleapis.com https://*.google-analytics.com https://code.jquery.com https://*.cloudfront.net https://uploads-ssl.webflow.com https://cdn.cookie-script.com ; style-src 'self' 'unsafe-inline' https://teskalabscom.azureedge.net https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://uploads-ssl.webflow.com https://cdn.cookie-script.com; img-src 'self' data: https://teskalabscom.azureedge.net https://img.youtube.com http://img.youtube.com https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com https://optimize.google.com https://www.facebook.com https://*.google-analytics.com https://ssl.gstatic.com https://csi.gstatic.com https://uploads-ssl.webflow.com https://*.cloudfront.net https://www.google.cz https://cdn.cookie-script.com; font-src 'self' data: https://teskalabscom.azureedge.net https://fonts.gstatic.com; connect-src 'self' https://unpkg.com https://keyote.blob.core.windows.net https://*.log.optimizely.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookie-script.com; media-src 'self' https://teskalabscom.azureedge.net; frame-src 'self' https://www.youtube.com https://apis.google.com https://accounts.google.com https://optimize.google.com https://cdn.cookie-script.com ; worker-src 'self' blob: 1
default-src 'self' https://miro.com https://player.vimeo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.sgfleet.com https://apps.jobadder.com sgintau-gqlgateway-api.azurewebsites.net api-dev.sgfleet.com sgintauwwwstorage.blob.core.windows.net dc.services.visualstudio.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com tagmanager.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.proxy.sgfleet.com clients.yomdel.com accounts.google.com *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net https://miro.com 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://pages.sgfleet.com sgintauwwwstorage.blob.core.windows.net tagmanager.google.com *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.jato.com https://apps.jobadder.com *.google.com.au *.google.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.capnetwork.co.uk images.capnetwork.co.uk *.linkedin.com *.doubleclick.net *.vimeocdn.com 'self' *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-ancestors 'self' https://taxtools.motivagroup.co.uk/ https://miro.com  https://player.vimeo.com; connect-src accounts.google.com *.sgfleet.com https://dc.services.visualstudio.com https://content.hotjar.io wss://ws.hotjar.com/api/v2/client/ws *.hotjar.com *.marketo.com *.google.com *.mktoresp.com https://miro.com https://dc.services.visualstudio.com/v2/track' *.googlesyndication.com https://google.com *.google-analytics.com *.doubleclick.net https://maps.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://apply.jobadder.com/ https://pages.sgfleet.com/ https://servicebooking.fleetassist.co.uk/ https://atlas.fleetassist.co.uk/ https://www.google.com/ *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net https://taxtools.motivagroup.co.uk/ https://player.vimeo.com 'self' web-chat.nativechat.com; frame-src https://player.vimeo.com *.doubleclick.net https://www.google.com/ https://pages.sgfleet.com https://servicebooking.fleetassist.co.uk https://taxtools.motivagroup.co.uk 'self' web-chat.nativechat.com forms.hsforms.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; script-src 'self' http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; connect-src * 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; img-src data: 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; style-src 'self' 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; frame-src 'self' http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; font-src 'self' http://tagmanager.google.com https://tagmanager.google.com data: https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; 1
default-src 'self' *.zzzs.si; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zzzs.si; connect-src 'self' *.zzzs.si; img-src 'self' data: *.zzzs.si; style-src 'self' 'unsafe-inline' *.zzzs.si; base-uri 'self' *.zzzs.si; form-action 'self' javascript: *.zzzs.si; object-src 'none'; frame-src 'self' *.youtube-nocookie.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: ; frame-ancestors 'self' 1
default-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io; img-src *; script-src 'self' https://www.google.com *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io 'unsafe-inline'; style-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io 'unsafe-inline'; font-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io data:; object-src 'none'; frame-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io; connect-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io; media-src 'self' *.k-m.de *.fonts.net *.google-analytics.com *.google.de *.google.com *.googleapis.com *.hotjar.com *.hotjar.io wss://ws15.hotjar.com *.facebook.net *.facebook.com *.licdn.com *.linkedin.com *.flockler.com https://api.flockler.app https://stats-api.flockler.app *.doubleclick.net *.spotify.com www.youtube.com *.instagram.com *.cdninstagram.com www.youtube-nocookie.com *.linkedin.oribi.io; 1
frame-ancestors *.estrenarvivienda.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.marches-publics.info https://*.aws-achat.info https://code.jquery.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://*.marches-publics.info https://*.aws-achat.info; object-src 'none'; frame-ancestors 'self' https://*.awsolutions.fr https://*.achotsolutions.fr https://*.marcoweb.fr http://* https://*  ; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-aC8xWGRiZEZ3NWp0cGVYSndsdFBYZ3RKTFlvejcwRGJIQ3duMkpMN0NJWT06M3JsdkZ2VUtvYzIzOFlDSTgyc2xGME1RU2ZnTG0zU0pVa3BvdjllamY3ND0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self' data:;child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-K2B/eWgfGu9OZV0jAquwZw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.parcellab.com *.mypurecloud.de *.survicate.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net *.facebook.com *.facebook.net s.pinimg.com ct.pinterest.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bgme.bid; img-src 'self' https: data: blob: https://bgme.bid; style-src 'self' https://bgme.bid 'nonce-uK7mqa5d21gHhxGMLvUIQQ=='; media-src 'self' https: data: https://bgme.bid; frame-src 'self' https:; manifest-src 'self' https://bgme.bid; form-action 'self'; child-src 'self' blob: https://bgme.bid; worker-src 'self' blob: https://bgme.bid; connect-src 'self' data: blob: https://bgme.bid https://img.bgme.bid wss://bgme.bid; script-src 'self' https://bgme.bid 'wasm-unsafe-eval' 1
default-src 'none'; frame-src https://trocador.app/; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 1
deafult-src 'self'; 1
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 1
default-src https: wss:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src https:; connect-src https: wss:;font-src https: data:;frame-src https://*.doubleclick.net/ https://gist.github.com/ https://www.google.com/ https://notebooks.githubusercontent.com/ https://camo.githubusercontent.com/ https://www.youtube.com/;img-src https: data:;media-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net; img-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net data:; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://www.youtube.com; connect-src 'self' https: https://forms-eu1.hscollectedforms.net wss://ws.hotjar.com; 1
report-uri https://enercalc.com; report-to default 1
frame-src *; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-eval'; script-src-elem *.googleapis.com https://cdn.jsdelivr.net/npm/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ *.hotjar.com *.google.com https://plugins.flockler.com/ https://fl-1.cdn.flockler.com https://platform.twitter.com/ https://www.youtube.com/ https://player.ausha.co/ *.gstatic.com 'self' 'unsafe-inline'; worker-src blob: 1
connect-src www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://*; frame-src www.google.com/recaptcha/ www.googletagmanager.com https://player.vimeo.com/video/ https://*; script-src 'self' 'unsafe-inline' https://player.vimeo.com/video/ https://*; img-src data: 'self' www.google-analytics.com https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://secure.gravatar.com/ https://*; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://*;object-src 'none' 1
frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.uk *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.gr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ug *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ee *.doppelherz-lithuania.com *.doppelherz.lv *.doppelherz.ch *.doppelherz.tw *.queisser.de *.queisser.com *.doppelherz.ma *.doppelherz.ba 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://checkout.espaskincare.co.in https://www.espaskincare.co.in https://m.espaskincare.co.in https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.adroll.com *.referralcandy.com *.capterra.com *.facebook.net *.googletagmanager.com *.hs-scripts.com *.licdn.com *.woopra.com *.ads-twitter.com *.youtube.com *.hotjar.com *.hsforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.bing.com *.google-analytics.com *.g2crowd.com *.autopilothq.com *.mxpnl.com *.chilipiper.com *.googleadservices.com *.clickcease.com *.intercomcdn.com  *.intercom.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com; worker-src 'self' blob:; frame-src app.vwo.com *.doubleclick.net *.youtube.com *.facebook.com *.hsforms.com *.chilipiper.com *.visualwebsiteoptimizer.com; default-src https: wss: data: 'unsafe-inline' ; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' deinneueszuhause.de *.deinneueszuhause.de *.ohne-makler.net 1
default-src https: 'unsafe-inline'; img-src https: data: blob:; object-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.calwater.com 1
default-src 'self' ws: wss: data:;              script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' js.monitor.azure.com bugherd-attachments.s3.amazonaws.com https://www.gstatic.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://dl.episerver.net *.hotjar.com *.hotjar.io *.youtube.com *.ytimg.com *.google-analytics.com *.googleapis.com *.google.com *.sketchfab.com up.pixel.ad *.bugherd.com  *.cloudfront.net *.licdn.com *.adsymptotic.com *.googletagmanager.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' bugherd-attachments.s3.amazonaws.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://dl.episerver.net *.hotjar.com *.hotjar.io *.youtube.com *.ytimg.com *.google-analytics.com *.googleapis.com *.google.com *.sketchfab.com up.pixel.ad *.bugherd.com  *.cloudfront.net *.licdn.com *.adsymptotic.com *.googletagmanager.com;                            style-src-elem 'self' 'unsafe-inline' *.bugherd.com *.jsdelivr.net *.googleapis.com *.typekit.net *.cloudfront.net *.episerver.net;              style-src 'self' 'unsafe-inline' *.bugherd.com *.jsdelivr.net *.googleapis.com *.typekit.net *.cloudfront.net *.episerver.net;              font-src 'self' bugherd-attachments.s3.amazonaws.com *.gstatic.com *.typekit.net *.bugherd.com *.cloudfront.net;               connect-src 'self' ws: wss: px.ads.linkedin.com bugherd-attachments.s3.amazonaws.com https://dc.services.visualstudio.com *.linkedin.com *.linkedin.oribi.io *.hotjar.com *.hotjar.io wss://ws1.hotjar.com/api/v2/client/ws *.google-analytics.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net *.bugsnag.com *.bugherd.com *.episerver.net data:;               img-src 'self' data: bugherd-attachments.s3.amazonaws.com *.youtube.com *.hotjar.com https://sketchfab.com/ *.google.com pixel.sitescout.com *.cloudfront.net *.ytimg.com *.google-analytics.com *.sitescout.com *.episerver.net *.linkedin.com *.adsymptotic.com;               frame-src 'self' data: *.google.com *.youtube.com *.hotjar.com https://sketchfab.com *.sitescout.com *.googletagmanager.com;              child-src *.youtube.com *.hotjar.com;    frame-ancestors 'self' *.skillsoftcompliance.com *.skillport.com; 1
frame-ancestors https://vk.com https://*.vk.com https://ok.ru https://*.ok.ru https://my.mail.ru https://*.mail.ru https://yandex.ru https://*.yandex.ru 'self'; 1
img-src 'self' https://*;        child-src 'none';        worker-src 'self' https://connect.facebook.net https://snap.licdn.com;        object-src 'none';        frame-src 'self' https://*.bdunet.dk https://*.bdpdmz.dk https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://policy.app.cookieinformation.com        https://static.bankdata.dk/wco/release https://static.bankdata.dk https://static.bankdata.dk/ www1.spreadsheetweb.com        https://www.totalkredit.dk https://nordjyskebank.dk https://www.nordjyskebank.dk https://beta.nordjyskebank.dk https://landbobanken.dk https://www.landbobanken.dk https://beta.landbobanken.dk https://wcm1-landbobanken-dk-s.bdunet.dk https://www.facebook.com https://connect.facebook.net https://youtube.com https://www.youtube.com *.vimeo.com        https://track.adform.net https://cdn.conduze.com https://calendar.fxstreet.com http://www.ritzau.dk https://s3.amazonaws.com https://tools.eurolandir.com cs.globenewswire.com https://fliphtml5.com/embed/dist/html/embed-cover.html https://online.fliphtml5.com/kjyu/zwki/        https://pr.globenewswire.com/NewsArchive/View/h3AG8rQ0UryhBWRGuyKMMQ== https://tr.snapchat.com http://landbobanken.s3.cruit.io https://landbobanken.s3.cruit.io 1
font-src acsbapp.com *.acsbapp.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com cdn.flipsnack.com acsbapp.com accounts.accessibe.com magentosignup.dotdigital.com *.dotdigital.com *.demdex.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com.mx *.braintreegateway.com *.paypal.com *.paypalobjects.com upperdeckstore.com *.google.com *.google.ca *.gstatic.com *.magentocommerce.com *.acsbapp.com *.facebook.net *.facebook.com *.doubleclick.net *.twitter.com *.ads-twitter.com t.co *.klarna.com amasty.com *.demdex.net *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ acsbapp.com *.acsbapp.com *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.sandbox.braintreegateway.com *.google.com *.gstatic.com *.noibu.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.magento.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.braintreegateway.com *.google.com *.google.ca *.gstatic.com www.googletagmanager.com acsbapp.com *.acsbapp.com assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com payments.sandbox.braintree-api.com *.braintree-api.com *.kaptcha.com origin-analytics-sand.sandbox.braintree-api.com stats.g.doubleclick.net acsbapp.com *.acsbapp.com *.sandbox.braintreegateway.com *.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.google.ca *.gstatic.com *.noibu.com wss://input.noibu.com *.demdex.net *.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.noibu.com *.acsbapp.com *.facebook.net *.doubleclick.net *.twitter.com *.ads-twitter.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://www.edumed.org 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.nect.com *.nect.app; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com https://venlo.ucsnet.nl api.scribit.pro  *.siteimprove.com; font-src 'self' data: *.googleusercontent.com https://cdnjs.cloudflare.com/ *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://venlo.ucsnet.nl https://nedglobe.nedgraphicscs.nl https://nedglobe.cadac.com/ https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report *.readspeaker.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com https://venlo.ucsnet.nl 'unsafe-hashes' 'sha256-HGqJuMtIrKgrd8rjuehX3oCf1I+7iDnTtC81V/bl4Yo=' 'sha256-TGQ6jovB6hVs+veiJE1ACTYktWl7ykwDABjihj33WM8=' 'sha256-5fVGo212jpnVGWmXkBTf1Jsd1tX88tirZuM95SSA5as=' 'sha256-2AbKyC2U1ZN7BjeyC/Uo0YrsB/T1mTmYw1n5EYYHX/0=' *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js 'sha256-N0goNQpb+/Wq/glxeQaDAnmGodx+tXaDKzyfTIShDlE='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cdnjs.cloudflare.com/ 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' cdn-eu.readspeaker.com; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cdnjs.cloudflare.com/ 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' cdn-eu.readspeaker.com; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self' webforms.pipedrive.com pipedriveassets.com cdn.eu-central-1.pipedriveassets.com; block-all-mixed-content; connect-src 'self' use.typekit.net p.typekit.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.fr plausible.io webforms.pipedrive.com pipedriveassets.com cdn.eu-central-1.pipedriveassets.com; font-src 'self' data: cdn.scalingo.com use.typekit.net p.typekit.net; frame-ancestors 'none'; img-src 'self' data: www.datocms-assets.com cdn.scalingo.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.scalingo.com use.typekit.net p.typekit.net www.googletagmanager.com cdn.mxpnl.com connect.facebook.net www.google-analytics.com plausible.io webforms.pipedrive.com pipedriveassets.com cdn.eu-central-1.pipedriveassets.com; style-src 'self' 'unsafe-inline' cdn.scalingo.com use.typekit.net p.typekit.net; upgrade-insecure-requests 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-XpxWWBM3GJYZyJ6vRiSlDg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' nonce-3c3f5624-0410-4562-aaea-cbf8186db7d7 http://www.google-analytics.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://api.flickr.com https://rvid.imperium.com http://rvid.imperium.com https://www.google.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://analytics.tiktok.com https://static.ads-twitter.com https://js.go2sdk.com/v2/tune.js http://pixel.mathtag.com/event/js;style-src 'self' 'unsafe-inline' https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com;img-src 'self' data: https://images.pexels.com https://www.facebook.com https://www.google.co.in https://www.google.co.au https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://qnabot.com http://www.google-analytics.com https://farm9.static.flickr.com https://farm8.static.flickr.com https://stgadmin.panel-cube.com https://admin.panel-cube.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com.au http://sandbox.giftpay.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://pcqa.blob.core.windows.net https://pcstatic.blob.core.windows.net https://panel-cube.com https://www.virtualrewardcenter.com https://bgsurveys.go2cloud.org https://ssl.google-analytics.com https://pixel.mathtag.com https://designstoreage.blob.core.windows.net https://www.google.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.ionicframework.com;frame-src 'self' http://qnabot.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://portal.qnabot.com https://web.facebook.com https://www.facebook.com https://www.google.com https://magic.veriff.me https://pixel.mathtag.com https://tracking.gopsjump.com.au;frame-ancestors 'self' https://web.facebook.com; 1
default-src 'self' *.hsforms.com *.clarity.ms *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.com *.googleapis.com *.google.com *.onetrust.com *.google-analytics.com *.googletagmanager.com *.amazonaws.com api.mapbox.com *.jsdelivr.net *.gstatic.com *.gravatar.com *.postcodeanywhere.co.uk *.cloudflare.com *.youtube.com unpkg.com moneypennychat.appspot.com connect.facebook.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' * data: 'unsafe-inline'; font-src 'self' data: *.gstatic.com; frame-ancestors 'self' 1
script-src 'strict-dynamic' 'nonce-Gh2vupIyIg9rWHfe' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://lp.thinkproject.com http://lp.thinkproject.com https://snap.licdn.com https://munchkin.marketo.net https://js.storylane.io; img-src 'self' data: blob: https://*.google.com https://*.google.ch https://*.google.de https://*.google.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://assets.juicer.io https://imageproxy.juicer.io https://pbs.twimg.com https://*.doubleclick.net https://*.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://*.ytimg.com https://secure.adnxs.com https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://static.juicer.io https://*.ytimg.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://www.juicer.io https://lp.thinkproject.com https://*.mktoresp.com http://*.mktoresp.com https://*.mktoutil.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://cdn.linkedin.oribi.io https://*.cookielaw.org https://*.onetrust.com; frame-src https://www.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://*.juicer.io https://lp.thinkproject.com http://lp.thinkproject.com/ https://app.storylane.io https://play.goconsensus.com 1
default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.build.kaporal.net *.heyday.ai pay.google.com *.vimeo.com *.akamaized.net *.sc-static.net *.analytics.google.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.build.kaporal.net unpkg.com *.unpkg.com *.adobe.net *.adyen.com *.contentsquare.net www.google-analytics.com www.paypal.com *.googleapis.com https://commerce.adobedtm.com https://unpkg.com/@adobe/magento-storefront-event-collector@^1/dist/index https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js https://magento-recs-sdk.adobe.net/v2/index.js www.paypalobjects.com *.paypal.com *.google.com *.shipup.co *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com *.vimeo.com *.avads.net *.snapchat.com *.affilae.com *.analytics.google.com pay.google.com blob:;frame-src 'self' *;style-src 'self' 'unsafe-inline' *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.build.kaporal.net *.b.kaporal.net *.googleapis.com *.paypal.com *.adyen.com *.google.com *.shipup.co *.kaporal.com *.heyday.ai *.sc-static.net *.avads.net *.analytics.google.com pay.google.com;img-src 'self' data: *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.build.kaporal.net *.adyen.com *.pubmatic.com *.analytics.yahoo.com *.yahoo.com *.emxdgt.com *.ad.smaato.net *.mediavine.com *.stickyadstv.com *.ivitrack.com *.sharethrough.com *.omnitagjs.com *.adform.net *.media.net *.teads.tv *.360yield.com *.casalemedia.com *.3lift.com *.smartadserver.com *.taboola.com *.outbrain.com *.tremorhub.com *.ads.yieldmo.com *.rubiconproject.com *.liadm.com *.googleapis.com *.gstatic.com www.paypalobjects.com www.paypal.com *.paypal.com *.shipup.co *.onestock-retail.com *.bidswitch.net *.advertising.com *.rlcdn.com googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com *.vimeo.com *.google-analytics.com *.avads.net id5-sync.com *.yieldlab.net *.criteo.com *.demdex.net *.krxd.net *.thebrighttag.com *.affilae.com *.analytics.google.com pay.google.com;font-src 'self' data: *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com *.shipup.co *.heyday.ai *.sc-static.net *.amazonaws.com *.analytics.google.com pay.google.com;connect-src 'self' *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.vimeo.com https://analytics.tiktok.com *.build.kaporal.net *.adyen.com *.adobedc.net www.sandbox.paypal.com sslwidget.criteo.com https://commerce.adobedc.net/collector/tp2 https://commerce.adobe.io www.paypalobjects.com www.paypal.com *.paypal.com *.avads.net *.analytics.google.com pay.google.com google.com ;base-uri 'self';media-src 'self' data: *.build.kaporal.net *.b.kaporal.net *.p.kaporal.net *.kaporal.com;report-uri /csp/report 1
frame-ancestors 'self' idealspaces-roca-staging.2020-platform.net configurador-banos.qua.roca.es configurador-banos.roca.es b2b.portal.roca.com; 1
default-src 'self' blob:; 
                                                        style-src  'unsafe-inline' 'unsafe-eval' https:; 
                                                        img-src * data: blob: filesystem:; 
                                                        media-src https:; 
                                                        connect-src https: wss:; 
                                                        font-src https: data:; 
                                                        object-src https: blob:; 
                                                        script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://td.doubleclick.net/ *.liveperson.net https://kuula.co/ https://sy.msghist.liveperson.net/ https://tokenizer.liveperson.net/ https://player.flipsnack.com/ https://checkout.roller.app/ https://mcc.jotform.com/ https://safekey-3.americanexpress.com/ https://tsys.arcot.com https://checkoutshopper-live-au.adyen.com/ https://api.roller.app/ https://www.securesuite.co.uk/ https://checkoutshopper-live.adyen.com https://www.sevenrooms.com/ https://s7.addthis.com/ https://analytics-au.clickdimensions.com/ https://www.australiansportsmuseum.org.au https://mcc-asm-sitecore.azurewebsites.net https://www.rollerdigital.com/ https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ https://www.google.com/; connect-src 'self' *.liveperson.net https://stats.g.doubleclick.net https://maps.googleapis.com https://weather-ydn-yql.media.yahoo.com https://www.google-analytics.com/ wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: ; frame-src 'self' *.cloudflarestream.com *.vimeo.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.addthis.com:* *.addthisedge.com:* *.addtoany.com:* *.elafent.com:* *.facebook.com:* *.facebook.net:* *.google-analytics.com:* *.google.com:* *.googleanalytics.com:* *.googleapis.com:* *.googletagmanager.com:* *.gstatic.com:* *.hotjar.com:* *.instagram.com:* *.licdn.com:* *.melbournewater.com.au:* *.moatads.com:* *.newrelic.com:* *.stats.g.doubleclick.net:* *.twimg.com:* *.twitter.com:* *.vars.hotjar.com:* *.youtube.com:* *.ytimg.com:* bam.nr-data.net:* cdnjs.cloudflare.com:* static.cloudflareinsights.com:* unpkg.com:* js.arcgis.com:* az298774.vo.msecnd.net careers.pageuppeople.com www.recaptcha.net *.qualtrics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: fonts.gstatic.com:* fonts.google.com:* *.elafent.com:* *.melbournewater.com.au:* js.arcgis.com:*; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.addthis.com:* *.cloudflare.com:* *.elafent.com:* *.facebook.com:* *.googleapis.com:* *.hotjar.com:* *.hotjar.io:* *.icanhazip.com:* *.ipify.org:* *.melbournewater.com.au:* *.stats.g.doubleclick.net:* *.vars.hotjar.com:* bam.nr-data.net:* mw-api-catalogue-alpha.s3.ap-southeast-2.amazonaws.com:* mw-api-catalogue-beta.s3.ap-southeast-2.amazonaws.com:* mw-api-catalogue-dev.s3.ap-southeast-2.amazonaws.com:* mw-api-catalogue-prod.s3.ap-southeast-2.amazonaws.com:* mw-api-catalogue-uat.s3.ap-southeast-2.amazonaws.com:* wss://*.hotjar.com:* *.arcgisonline.com:* *.arcgis.com:* api.amplitude.com api-js.mixpanel.com www.google-analytics.com stats.g.doubleclick.net siteintercept.qualtrics.com; report-uri /report-csp-violation 1
default-src 'none'; frame-src 'self' data: https://inter-vpos.com.tr https://ilkcekilis.azurewebsites.net https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://recaptcha.google.com/recaptcha/ https://*.etiya.com https://*.togg.com.tr https://*.togg.cloud https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.googleapis.com https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445 https://omccstb.turkcell.com.tr https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445;connect-src 'self' data: blob: https://*.here.com https://*.hereapi.com https://consent.cookiebot.com https://ilkcekilis.azurewebsites.net https://consentcdn.cookiebot.com https://www.gstatic.com https://www.google.com https://www.google.com.tr https://www.google.com.ua https://analytics.twitter.com https://togg.count.ly https://t.co https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com https://*.togg.com.tr https://*.togg.cloud https://mobile-api.staging.togg.cloud:7445 https://mobile-api.togg.cloud:7443 https://toggid-api-gateway.togg.cloud:9443 https://toggprodcdn.blob.core.windows.net https://fonts.googleapis.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://trial-togg.count.ly https://www.googletagmanager.com https://*.etiya.com https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://omccstb.turkcell.com.tr https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://*.merlincdn.net https://*.bkm.com.tr https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445; font-src 'self' data: https://*.here.com https://*.hereapi.com https://*.azurestaticapps.net/* https://*.togg.com.tr https://*.togg.cloud https://fonts.googleapis.com https://fonts.gstatic.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.etiya.com https://etiya.com https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445 https://omccstb.turkcell.com.tr https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445; style-src 'self' 'unsafe-inline' https://*.here.com https://*.hereapi.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.togg.com.tr https://togg.com.tr https://*.togg.cloud https://fonts.googleapis.com https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445 ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.here.com https://*.hereapi.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.togg.com.tr https://togg.com.tr https://*.togg.cloud https://mobile-api.staging.togg.cloud:7445  https://mobile-api.togg.cloud:7443 https://toggprodcdn.blob.core.windows.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com https://www.googletagmanager.com https://www.google-analytics.com https://*.etiya.com https://etiya.com https://*.togg.com.tr https://*.togg.cloud https://etiyatoggstorage.blob.core.windows.net https://smart-ix.ai/privacy.html https://fonts.googleapis.com https://fonts.gstatic.com https://inter-vpos.com.tr/ https://static.site24x7rum.com https://www.google.com https://mobile-api.staging.togg.cloud:7445  https://omccstb.turkcell.com.tr https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://epayment.turkcell.com.tr https://*.vakifbank.com.tr https://*.yapikredi.com.tr https://*.garanti.com.tr https://*.denizbank.com https://*.qnbfinansbank.com https://*.sanalakpos.com https://*.halkbank.com.tr https://*.isbank.com.tr https://*.teb.com.tr https://*.ziraatbank.com.tr https://www.wirecard.com.tr https://entegrasyon.asseco-see.com.tr/ https://www.gstatic.com https://*.bkm.com.tr https://*.merlincdn.net https://toggprodcdn.blob.core.windows.net https://*.asseco-see.com.tr https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.fireflow.ai https://etiya-event-listener.fireflow.ai https://etiya-event-listener.fireflow.ai/event_listener/g/collect https://artgeneration.blob.core.windows.net wss://mobile-api.staging.togg.cloud:7445; img-src * data: * blob: * https://*.here.com https://*.hereapi.com; object-src 'self' https://ilkcekilis.azurewebsites.net; media-src 'self' data: blob: https://togg-prd-cdn-ebcuc9ayg8fgegc8.z01.azurefd.net https://*.merlincdn.net; manifest-src https://*.togg.cloud https://*.togg.com.tr 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'self' https://www.google.com https://www.googletagmanager.com; 1
default-src 'self' payward.okta.com id.payward.com *.oktacdn.com; connect-src 'self' payward.okta.com payward-admin.okta.com id.payward.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com payward.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' payward.okta.com id.payward.com *.oktacdn.com; style-src 'unsafe-inline' 'self' payward.okta.com id.payward.com *.oktacdn.com; frame-src 'self' payward.okta.com payward-admin.okta.com id.payward.com login.okta.com com-okta-authenticator:; img-src 'self' payward.okta.com id.payward.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' payward.okta.com id.payward.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
script-src         	'self'         	blob:         	https://www.google.com/recaptcha/         	https://www.gstatic.com/recaptcha/         	maps.googleapis.com         	www.googleadservices.com         	googleads.g.doubleclick.net         	srv2.wa.marketingsolutions.yahoo.com         	*.googletagmanager.com         	ssl.google-analytics.com         	www.google-analytics.com         	dash.unbeatable.com         	none 		; 		object-src 			'self' 		; 		child-src 			'self' 			blob: 			none 		; 		frame-src 			'self' 			blob: 			*.youtube.com 			*.youtube-nocookie.com 			*.vimeo.com 			https://www.google.com/recaptcha/ 			*.thegenealogist.co.uk 			none 		; 		connect-src 			'self' 			*.thegenealogist.co.uk 			*.thegenealogist.com 			*.google-analytics.com 			*.analytics.google.com 			*.googletagmanager.com 			https://stats.g.doubleclick.net 			https://sentry.io 			https://*.sentry.io 			https://api.maptiler.com/tiles/ 			https://atlas.microsoft.com/map/ 			https://maps.googleapis.com 			none 		; 		report-uri https://o135918.ingest.sentry.io/api/5557585/security/?sentry_key=1c86c6533f69492aa16f2221ff63b416 	 1
default-src 'self' about: *.esf.de  www.etracker.de api.flockler.com analytics-api.flockler.com; base-uri 'self'; connect-src 'self' 'unsafe-inline' *.etracker.de *.etracker.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.delivery.consentmanager.net *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de tagmanager.google.com *.delivery.consentmanager.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.pixelpark.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/headings.js code.highcharts.com about: ; object-src 'self'; font-src 'self' data: *.podigee.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' blob: *.youtube.com *.bmas.de *.esf.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.podigee.com *.bmbf.de cdn.jwplayer.com player.vimeo.com *.video-stream-hosting.de cdn.consentmanager.mgr.consensu.org; img-src 'self' blob: data:  fonts.googleapis.com ssl.gstatic.com *.google.com *.bmas.de *.esf.de esf.de *.gstatic.com *.youtube.com *.pixelpark.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org export.highcharts.com; frame-src 'self' *.consentmanager.net *.delivery.consentmanager.net; frame-ancestors 'self' 1
default-src 'self'; media-src https://*.amazonaws.com/stage.iap.static/ https://iappublicfilestoragelive.blob.core.windows.net/; img-src * data: https://magix.containers.piwik.pro https://magix.piwik.pro; script-src 'self' https://*.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro 'nonce-ulF51mxTL/guP5Sh6i3yT8K8m2A='; style-src 'self' 'unsafe-inline' https://magix.containers.piwik.pro https://magix.piwik.pro; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ https://vars.hotjar.com; connect-src 'self' https://www.google-analytics.com/ http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/ https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro; font-src 'self' http://script.hotjar.com https://script.hotjar.com https://magix.containers.piwik.pro https://magix.piwik.pro 1
frame-ancestors 'self' *.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com www.straitsfinancial.com http://straitsfinancial.com https://www.home.saxo https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com https://www.investing.com https://*.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://zingbot.bz https://m.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://www.infinityfutures.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com *.chicago.cme.com:7822 https://uatm.cqg.com https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com www.bluelinefutures.com www.bluelinefutures.live www.bluelinefutures.trade bluelinefutures.com https://login.chicago.cme.com https://loginnr.chicago.cme.com https://logincert.chicago.cme.com https://login-ny.chicago.cme.com https://ampfutures.com https://cme.ampfutures.com https://*.advantagefutures.com https://*.e-futures.com https://*.etrade.com https://*.gffbrokers.com https://infinityfutures-cn.com https://sweetfutures.com https://*.tradovate.com https://home.saxo https://*.tickmill.co.uk https://*.directa.it *.big.pt https://big.pt https://*.tradestation-international.com https://*.stonex.com http://tradinglessons.com https://tradinglessons.com *.ibroker.it *.ibroker.es *.cornertrader.ch *.whselfinvest.com *.banxbroker.de *.ameritrade.com *.sweetfutures.com *.danielstrading.com *.gainfutures.com gainfutures.com *.futuresonline.com *.tdainc.com *.lsvp.com *.schwab.com *.schwab.co.uk *.us.global.schwab.com *.dev.schwab.com *.cmegroupfoundation.org news.cqg.com https://www.banxbroker.de https://www.banxbroker.ch https://www.banxbroker.at https://www.banxbroker.com https://www.gulfcapitalmarket.org https://www.kqmarkets.co.uk https://dev.kqmarkets.co.uk https://www.kqmarkets.de https://dev.kqmarkets.de https://www.kqtrader.com https://dev.kqmarkets.com https://kqmarketportal.24livehost.com *.trendspider.com trendspider.com fxpronode12template.azurewebsites.net uat-fxpro-website.azurewebsites.net fxpro.com *.youfinance.it *.traderlink.it paradigmfutures.net www.e-mini.com www.e-futures.com www.foreigncurrencies.com www.cannontrading.com *.gcs-web.com www.rjobrien.com www.fxpro.com *.rjobrien.com acmfutures.com *.acmfutures.com www.directaccessusa.com *.topsteptrader.com *.progoldtrader.com https://progoldtrader.com *.thetradingpit.com adssgroup.sharepoint.com *.mandaracapital.com *.sidwellstrategies.com sidwellstrategies.com app.melver.com.br dev-phillipcapital-main.pantheonsite.io *.phillipcapital.com *.vvstradingroom.com *.livesquawk.com *.webull.com *.webull.hk *.webull.sg *.webull.co.jp *.webull.au *.webull.co.za *.webull-uk.com *.comdinheiro.com.br *.invest.academy invest.academy *.nelogica.com.br *.vectorcrypto.com blackarrowtrading.com *.theniba.com *.wpenginepowered.com *.apmcapital.ae *.finanzen.ch apm-capital.webflow.io *.gocharting.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
frame-ancestors 'self' nachc.docebosaas.com; 1
base-uri 'self'; child-src 'self' https://*.trunarrative.cloud https://api-work.eu.veri-das.com https://*.qualtrics.com blob: https://*.trunarrative.cloud gap:; frame-src 'self' https://*.trunarrative.cloud https://api-work.eu.veri-das.com https://*.qualtrics.com blob: https://*.trunarrative.cloud gap:; connect-src 'self' https://*.hellosoda.com https://*.trunarrative.cloud https://s3.eu-west-2.amazonaws.com https://trunarrative.dev https://*.qualtrics.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://cdn.hellosoda.com data:; img-src 'self' http://*.s3.amazonaws.com https://js.hsforms.com https://siteintercept.qualtrics.com https://d2rkvb14dx9stc.cloudfront.net https://rendergraphics.dnb.com https://direct.dnb.com https://gsrl.altares.com https://vinland.bisnode.com data: blob:; object-src 'self'; script-src 'self' https://*.hellosoda.com https://forms.hsforms.com https://www.google.com/recaptcha/ https://metabase.example.com https://*.trunarrative.cloud https://trunarrative.dev https://*.qualtrics.com https://d2rkvb14dx9stc.cloudfront.net https://rendergraphics.dnb.com data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.hellosoda.com https://d2rkvb14dx9stc.cloudfront.net https://rendergraphics.dnb.com https://vinland.bisnode.com https://gsrl.altares.com data: 'unsafe-inline'; frame-ancestors 'self' https://*.risknarrative.cloud http://s3.amazonaws.com http://s3.eu-west-2.amazonaws.com https://trunarrative.lon.netverify.com http://*.globalreachgroup.com https://*.globalreachgroup.com https://*.trunarrative.cloud https://*.hollandcasino.nl https://*.gbbank.co.uk https://*.thegbb.co.uk https://*.betparx.com https://*.playgunlake.com https://secure.gratogana.es https://secure.winomania.co.uk https://vbet.de https://portal.financenation.com https://*.paragonbank.co.uk https://pa.betparx.com https://oh.betparx.com https://md.betparx.com https://on.bet99.ca https://bet99.com https://connect.online.darlington.co.uk https://acquire.online.darlington.co.uk https://online.darlington.co.uk https://mysavings.hodgebank.co.uk https://*.opbets.com https://www.opbets.com https://d2q8z24w0zcase.cloudfront.net gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=+LWKzWXOZCj/sz7lkg7q+ZZ59HdCrNOj+6s7FOFqHmA+pMRIVcKHsXIYZH+lcCaxQ9N7336c9rCo63e4OPWrhA==; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.indreams.me https://*.google-analytics.com; font-src 'self' data: fonts.gstatic.com *.indreams.me; form-action 'self'; frame-src 'self' *.twitch.tv *.youtube.com *.sony.com *.sonyentertainmentnetwork.com looker.wwsga.me search-mmdreams-analytics-w4huthgvvrfbi4xoos6qxqys64.eu-west-1.es.amazonaws.com recaptcha.net; frame-ancestors 'self'; img-src 'self' data: indreams.me *.indreams.me assets.indreams.me www.google-analytics.com www.googletagmanager.com mediamoleculehelp.zendesk.com; media-src 'self' indreams.me *.indreams.me; object-src 'none'; manifest-src indreams.me *.indreams.me; script-src 'self' indreams.me *.indreams.me *.twitch.tv www.youtube.com s.ytimg.com www.googletagmanager.com recaptcha.net 'nonce-cb319fcd12b3baac107440ae98394b10' 'nonce-446fba054d6213e3461753e1fd96f958'  ; style-src 'self' indreams.me *.indreams.me fonts.googleapis.com 'unsafe-inline' 1
default-src https:; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; object-src 'none'; frame-src * data: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: s.w.org cdn-apac.onetrust.com privacyportal-apac.onetrust.com maxcdn.bootstrapcdn.com *.zepp.co.jp secure.gravatar.com placehold.jp www.youtube.com www.google.com i.ytimg.com stackpath.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com;img-src data: blob: * ; 1
default-src 'self' https://api-js.datadome.co/js/ https://www.google.com/ https://app.runcardigan.com https://www.youtube.com/ https://player.vimeo.com/ *.myshopify.com *.contentful.com *.algolianet.com *.algolia.net *.applicationinsights.azure.com *.klaviyo.com https://www.google-analytics.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.onetrust.com;   img-src * w3.org images.ctfassets.net c21stores.bynder.com c21-assets.legendscommerce.io data:;   script-src 'self' https://www.googletagmanager.com https://assets.adobedtm.com https://www.google-analytics.com  https://www.googleadservices.com https://*.doubleclick.net https://cdn.cookielaw.org *.azure.com *.klaviyo.com 'unsafe-eval' 'unsafe-inline';   style-src https://fonts.googleapis.com 'self' 'unsafe-inline' *.klaviyo.com;   font-src https://fonts.gstatic.com 'self' data:;   object-src 'none';   base-uri 'self';   form-action 'self'; 1
script-src https: 'unsafe-eval' 'unsafe-inline' blob: 1
connect-src 'self' so-dev.de *.deutsches-schulportal.de *.google.com *.google.de *.google.ch *.google.gr *.google.at *.google.fr *.google.co.uk *.google.it *.google.es *.google.pl *.google.com.py *.google.co.za *.google.dk *.google.se *.google.fi *.google.no *.google.is *.google.nl *.google.cz *.google.be *.google.lu *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.facebook.com *.threads.net *.bugsnag.com; default-src 'self' *.deutsches-schulportal.de; font-src 'self' data:; frame-src 'self' so-dev.de *.deutsches-schulportal.de *.google.com *.youtube.com *.doubleclick.net *.compareyourcountry.org *.threads.net *.bugsnag.com *.bugherd.com; img-src 'self' data: *.ddsp.so-dev.de *.deutsches-schulportal.de deutsches-schulportal.de *.google.com *.google.de *.google.ch *.google.gr *.google.at *.google.fr *.google.co.uk *.google.it *.google.es *.google.pl *.google.com.py *.google.co.za *.google.dk *.google.se *.google.fi *.google.no *.google.is *.google.nl *.google.cz *.google.be *.google.lu secure.gravatar.com *.facebook.com *.google-analytics.com *.vgwort.de *.ytimg.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' deutsches-schulportal.de *.deutsches-schulportal.de so-dev.de deutsches-schulportal.de *.deutsches-schulportal.de *.google.com *.gstatic.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.net *.youtube.com *.twitter.com *.threads.net *.bugsnag.com; style-src 'self' 'unsafe-inline' so-dev.de deutsches-schulportal.de *.deutsches-schulportal.de 1
default-src 'self' https://analytics.google.com/ https://maps.googleapis.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/ https://www.demotech.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.universalproperty.com/ data: 'unsafe-inline'; script-src 'self' https://cdnjs.cloudflare.com/ https://universalproperty.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://www.demotech.com/ https://demotech.com/ 'unsafe-inline'; img-src 'self' https://universalproperty.com/ https://sealserver.trustwave.com/ https://streetviewpixels-pa.googleapis.com/ https://sealserver.trustwave.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://maps.gstatic.com/ https://www.demotech.com/ https://www.google.com/ https://www.google.co.in/ https://maps.googleapis.com/ https://www.google-analytics.com/ data:; 1
default-src 'self'; script-src 'report-sample' 'self' data: 'unsafe-inline' https://beacon-v2.helpscout.net https://connect.facebook.net/en_US/fbevents.js https://go.essentialassessment.com.au/analytics https://pi.pardot.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/ https://player.vimeo.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://connect.facebook.net https://assets.calendly.com blob:; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net; object-src https://beacon-v2.helpscout.net; base-uri 'self' https://docs.helpscout.net; connect-src 'self' https://docs.helpscout.net https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com data: blob:; font-src 'self' https://beacon-v2.helpscout.net https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; frame-src 'self' https://beacon-v2.helpscout.net https://12237382.fls.doubleclick.net https://player.vimeo.com/video/ https://embed.video.com *.google.com https://calendly.com/; img-src 'self' https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://www.google.com.au https://www.google.com https://www.google-analytics.com www.google-analytics.com https://i.vimeocdn.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://www.facebook.com data:; manifest-src 'self'; media-src 'self' https://beacon-v2.helpscout.net https://player.vimeo.com; child-src 'self' https://player.vimeo.com/api/ https://player.vimeo.com blob:; worker-src 'self' blob:; 1
frame-ancestors 'self' https://www.meon.com.br https://www.metropolemagazine.com.br 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
upgrade-insecure-requests  ;           worker-src 'self' blob: feed.pghub.io pandg.tapad.com ;            style-src 'self' 'unsafe-inline' *.lytics.io cdn.pricespider.com api.tiles.mapbox.com *.jebbit.com blob: feed.pghub.io pandg.tapad.com ;           media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ;            manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ;           script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.pricespider.com cdn.cookielaw.org script.crazyegg.com *.jebbit.com pghub.io cdn.segment.com *.moatads.com *.lytics.io *.bazaarvoice.com cdnjs.cloudflare.com api.tiles.mapbox.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ;           font-src 'self' cdn.pricespider.com data: feed.pghub.io pandg.tapad.com ;           frame-ancestors 'none' feed.pghub.io pandg.tapad.com ;           frame-src 'self' feed.pghub.io consumersupport.pg.com jebbit.bouncefresh.com *.doubleclick.net pandg.tapad.com ;           img-src 'self' data: images.ctfassets.net pixel.tapad.com *.lytics.io *.moatads.com *.akamaihd.net *.pricespider.com cdn.cookielaw.org *.bazaarvoice.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net feed.pghub.io pandg.tapad.com ;           connect-src 'self' *.google-analytics.com cdn.cookielaw.org stats.g.doubleclick.net script.crazyegg.com external-api.jebbit.com match.adsrvr.org cdn.segment.com api.segment.io *.algolianet.com *.algolia.net *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com wss: feed.pghub.io pandg.tapad.com ;           base-uri 'none' feed.pghub.io pandg.tapad.com ;           default-src 'none' feed.pghub.io pandg.tapad.com ; 1
style-src 'self' 'unsafe-inline' https://onzoomfront3.zoom.us https://www.youtube.com fonts.googleapis.com source.zoom.us source.zoom.us *.zoom.us ; script-src 'self' blob: 'report-sample' 'nonce-NFcTG78HRHSrl9QXRbZnhA' 'sha256-ZvIVXR/X/GICftXQTjYtm9U1DZAYplXroSmFyTO2IaQ=' 'sha256-fXNufKxGoaQL7P7kMoKfRvZEwttJ+TBeztY9Y+CiraE=' 'sha256-dOnS4NZ7q/I5e8vj3GrApcGP/2COoRpp6/TA7UiT+Lk=' 'sha256-Djj0LfiqMY/UlApZ3C98zn0jP578lN95FTnB9Im5iio=' https://onzoomfront3.zoom.us source.zoom.us zoom.us https://*.pledge.to https://www.google-analytics.com https://www.youtube.com https://static.ada.support https://*.paypal.com https://*.paypalobjects.com https://*.trustarc.com https://*.hotjar.com https://www.googletagmanager.com https://*.stripe.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.adroll.com connect.facebook.net snap.licdn.com static.ads-twitter.com analytics.twitter.com source.zoom.us zoom.us d27xp8zu78jmsf.cloudfront.net *.zoom.us *.solvvy.com *.zopim.com zopim.com ; base-uri 'none'; frame-src 'self' blob: https://*.zoom.us https://onzoomfront3.zoom.us https://*.pledge.to https://cdn-fastly.obsproject.com https://www.youtube.com https://zoom.ada.support https://*.paypal.com https://*.paypalobjects.com https://*.trustarc.com https://*.hotjar.com https://*.pledge.to https://*.stripe.com 9513928.fls.doubleclick.net zoommtg://* zoommtg://* zoomus://* https://www.google.com https://www.gstatic.com https://www.recaptcha.net *.solvvy.com *.zopim.com zopim.com zoom.us ; img-src 'self' blob: data: https: ; connect-src 'self' wss://eventsws.zoom.us/ws/expo wss://*.zoom.us/xmpp-websocket wss://eu01eventsws.zoom.us/ws/expo wss://goeventsws.zoom.us/ws/expo https://zoom.us https://*.zoom.us https://onzoomfront3.zoom.us https://eventdirectory-events.s3.dualstack.us-east-1.amazonaws.com/ https://zoomeventinfo.zoom.us/ https://www.google-analytics.com https://zoom.ada.support https://rollout.ada.support https://static.ada.support https://*.paypal.com https://*.hotjar.com https://*.datadoghq.com https://*.hotjar.io https://*.live-video.net wss://*.hotjar.com https://go.pardot.com https://cdn.cookielaw.org https://*.stripe.com https://*.onetrust.com https://zoom-tos.s3.amazonaws.com  https://eventdirectory-events.s3.us-east-1.amazonaws.com wss://*.zoom.us https://*.zoom.com.cn wss://*.zoom.com.cn *.solvvy.com *.zopim.com zopim.com wss://*.zopim.com https://*.zoomonprem.com wss://*.zoomonprem.com ; child-src 'self' blob:; object-src 'none'; upgrade-insecure-requests; media-src 'self' blob: data: https://*.zoom.us https://eventdirectory-events.s3.dualstack.us-east-1.amazonaws.com/ https://onzoomcontent3.zoom.us/ https://d2v9kxxnwn8pfp.cloudfront.net https://onzoomcontent3.zoom.us https://eventdirectory-events.s3.us-east-1.amazonaws.com *.live-video.net ; default-src 'self' https://www.paypal.com; font-src 'self' https://onzoomfront3.zoom.us data: https://fonts.gstatic.com https://*.hotjar.com source.zoom.us scource.zoom.us *.zoom.us ; report-uri /api/v1/stats/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://ajax.googleapis.com https://optimize.google.com https://www.youtube.com https://s.ytimg.com https://siteimproveanalytics.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.typekit.net; img-src 'self' data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://img.youtube.com https://i.ytimg.com https://*.siteimproveanalytics.io https://*.analytics.google.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.youtube.com https://*.typekit.net https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://optimize.google.com https://www.google.com https://*.vimeo.com https://communications.kutakrock.info; frame-ancestors 'self' ; child-src 'self' blob: https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://*.analytics.google.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://www.vipunion.sk https://www.dovolenky.net https://www.eyca.cz https://www.tatry.cz http://www.ckkalla.cz; default-src 'self' 'unsafe-inline' localhost:* *.eucookie.eu *.gstatic.com *.googleapis.com *.google-analytics.com *.ipify.org *.doubleclick.net *.trustpilot.com www.union.sk www.google.com www.google.sk *.facebook.com *.wisepops.com app.getwisp.co wisepops.net data: ws://localhost:3523 http://localhost:3523 wss://dlauncher.ditec.sk:* wss://127.0.0.1:* code.jquery.com my.yoast.com *.hotjar.com *.hotjar.io wss://*.hotjar.com consentcdn.cookiebot.com consent.cookiebot.com cdn.cookielaw.org geolocation.onetrust.com pagead2.googlesyndication.com q.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com consent.cookiebot.com *.eucookie.eu *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.trustpilot.com *.ipify.org *.googleadservices.com *.facebook.net cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net *.googlesyndication.com track.adform.net *.hotjar.com *.doubleclick.net *.youtube.com yoast.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com cdn.cookielaw.org www.clarity.ms; font-src 'self' data: *.gstatic.com www.union.sk; frame-src 'self' consentcdn.cookiebot.com consent.cookiebot.com *.eucookie.eu www.google.com *.youtube.com *.trustpilot.com www.facebook.com form.123formbuilder.com ditec-dlauncher: *.hotjar.com *.soundcloud.com optimize.google.com; img-src * blob: data:; style-src * 'unsafe-inline' optimize.google.com fonts.googleapis.com; 1
frame-ancestors 'self' https://*.yahoo.com https://*.engadget.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.onesearch.com https://*.publishing.oath.com https://*.aol.com; sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; 1
script-src http: https: *.studentbeans.com *.newrelic.com *.nosto.com *.yotpo.com https://www.lafuma.com/ 'unsafe-eval' 'unsafe-inline'; connect-src http: https: *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' https://www.lafuma.com/; img-src data: http: https: *.nr-data.net; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.yotpo.com; frame-src *.captainwild.com *.studentbeans.com *.hotjar.com *.doubleclick.net assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.usercentrics.eu *.openstreetmap.fr; 1
base-uri 'none';object-src 'self' data:;script-src 'sha256-cn+m4pgNe3IRKICUaY3gG23Aofqr4BdxhBFi1A5Tg+Y=' 'sha256-ZNumia+5/9kqsTG18Bq9sp+4TDGre4ghlK5+/rgNZig=' 'sha256-TySAq9mfDJ7IPyttG9+RdOB+TGNDhey59XsGfFpw4vg=' 'sha256-Z2dLC8i/Z5SzG2LduMOBUlHHkTB1aQopojs5Dc1YwEA=' 'sha256-qBkywo7yasFP9P+ErkRH/VdHjUi3aNK7UdAAz1Ba674=' 'sha256-8vBHcrHltWkpbEVC4QKjHrFBgyZb+X32zKqeQ6l0qpo=' 'sha256-B7uwDAzv07fJBQ5Lrjd46hGfThZBHGY3KL3UGDKesA4=' 'sha256-btEfwm6PixrxsF3K/8pY/T+UZt6LkRdcbu5YRf2LJm0=' 'sha256-yRswpmov+AxTUvccky36ROK1GAliE/DVj3bVarRGS84=' 'sha256-oGbglMu4QQRoFeXBhCr2IZC3GZbvLqMD7Hn5z1nSqo0=' 'sha256-lWik/DTuzflALuwIdFoEa27YoO6Y3MkOtMVAwrTYdDU=' 'sha256-xkftsoET0xiFlHC4L/q7sdhNzuq8J6eTf7yjpinxIGw=' 'sha256-iovF5sV99VSTddV41IxK+2yeaUaTuft4hhMiFOaWvoA=' 'sha256-xnAQd9z3v53faS6N35LQru4VuYLDtInU9q9RCEQWLE8=' 'sha256-hUY9Z5K+ulj+moK1t1x0Nu/7rq0Bc3V9vcoElZvdeSk=' 'sha256-rG1ZiaWjXVtTxVly847cpV+Egnfaexpi2PH4o33yKbk=' 'sha256-JmOHOv6ifyNkf6A9XIvAo4+VC6+cLPQFhaG0C65KwC8=' 'sha256-Mfijc5ng1HSrdP0aV51ub1qul3u+ZbfdQDivCCTwaVQ=' 'sha256-2ACKbDhNAL28wjS7x6MmQJaCH4wvqFeL5ELgFzRVrN4=' 'sha256-n6vTNe/6PubA3aTuumlTB0MBB3tozgwz6+WptMm2h8w=' 'sha256-Sv7AYquCRjd3kM8iVFVsYJ8uZcMhOhfL3Xrf7al1kkQ=' 'sha256-F0c8w6FaizCiJOXVBPyYARX2vzPYnd8/e/z5pN5Aotg=' 'sha256-6RrYx2D6uzyYEZrjGxisfByNQVj5A9dnUOnfbQrcH2Y=' 'sha256-9d383ZP7Tg8tQVad/QXHU6HneRA+WBF+Vv41J/E1O08=' 'sha256-UgVdMIW7pAYdJ5YUqs1QVQ9YRFjHuu+aGUQVSSUhAnY=' 'sha256-kFggNugiMlQgV8PgG2kfw+T/rL/RehA9c+dmmzpWkiI=' 'sha256-pqlUlNTywujDA0M+2j5LuHLrM+4/Nxyom1mMfCNph9I=' 'sha256-n199oP83p72gzdQNIs6HAk2gSv0psuOcW1hZZ5RVcyM=' 'sha256-EDj7W9PPlDOnfrxwlZJboGk7wwu+J3wk8oTwWfffEBc=' 'sha256-v85YtynazVNzwFHrNo1gjzjnYnAxaCZPR1KMVQHFNdU=' 'sha256-u35GM1kxpA8/DCeeZy0G6Pl2pa1oXUebKf7VoPnTPsA=' 'sha256-E0z5qgk9mtw2Gim81djyDxPJ9GFPolS4P/T2yVJQbkY=' 'sha256-XB8/cQ54gItx6qZ4K1UBeWn+49o1h2TqGfoau1d16EA=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4=' 'sha256-NPOLFnhPFX/MPAmGqCOwC7ti3S/fjVLfZVbdVKo0qg4='  https://a.agoradesk.com 'sha256-kU270cRNgDiWGJyZygoB0f3LgtdWDmBQqyk4wxYOYq8=' 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A=' 'self' https://maps.googleapis.com 'unsafe-eval';worker-src 'self' blob:;default-src 'self' https://a.agoradesk.com;img-src 'self' blob: data:;connect-src 'self' https://api.mapbox.com https://a.agoradesk.com https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js https://blockchain.info https://mempool.space https://blockstream.info https://api.blockcypher.com https://api.coingecko.com https://api.coincap.io https://bitcoiner.live https://kowalski.fiatfaucet.com:443 https://dewitte.fiatfaucet.com:443 https://node.portemonero.com:443 https://node.sethforprivacy.com:443 https://monerod.slvit.us:443 https://xmr.yemekyedim.com:18081 https://xmr.yemekyedim.com:18089 https://node.sethforprivacy.com:18089 https://xmr.bunkerlab.net:443 https://chad.fiatfaucet.com:443 https://localhost:18081 wss://blockstream.info/electrum-websocket/api;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
base-uri 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/; script-src 'nonce-Jcatbf6v6QgfLDMFeZk2Gg==' 'strict-dynamic' 'unsafe-eval' https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tools.luckyorange.com https://*.smartlook.com https://*.smartlook.cloud; object-src 'none'; default-src 'none'; img-src 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/ https://images.wildernessdestinations.com https://www.facebook.com https://i.vimeocdn.com *.vimeo.com data: https://www.google.com/supported_domains https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.clarity.ms cdn.jsdelivr.net content-cdn.stackla.com *.cloudfront.net */ads/ga-audiences bat.bing.com *.facebook.com https://*.google-analytics.com maps.googleapis.com maps.gstatic.com *.googletagmanager.com undefined/_nuxt/ https://i.ytimg.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.inspectlet.com; style-src 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/ fonts.googleapis.com assetscdn.stackla.com vjs.zencdn.net onsass.designmynight.com http://assetscdn.stackla.com/media/js/widget/fluid-embed.js https://www.dineplan.com 'unsafe-inline' https://public-prod.dineplan.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com; connect-src 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/ https://vimeo.com https://*.analytics.google.com https://cdn-cookieyes.com https://directory.cookieyes.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://log.cookieyes.com https://csmetrics.hotjar.com https://consentlog.cookieyes.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://www.facebook.com https://ip2c.org https://*.googletagmanager.com https://ade.googlesyndication.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com https://*.inspectlet.com https://*.mouseflow.com wss://*.inspectlet.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://*.smartlook.cloud https://*.smartlook.com wss://*.luckyorange.com https://*.visitors.live; font-src 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/ data: fonts.googleapis.com fonts.gstatic.com assetscdn.stackla.com; frame-src 'self' https://www.wildernessdestinations.com/  https://api.wildernessdestinations.com/ www.recaptcha.net www.awltovhc.com player.vimeo.com widget.stackla.com www.google.com www.tamgrt.com www.facebook.com www.googletagmanager.com https://www.opentable.ie/ https://headbox.captur3d.io/ https://account.dineplan.com/ https://module.lafourchette.com/ https://www.youtube.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net; form-action 'self' www.googletagmanager.com www.facebook.com; frame-ancestors 'self' www.googletagmanager.com https://player.vimeo.com; media-src 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://iframe-mdm.malibudrinks.com *.sleeknote.com *.spotify.com; worker-src blob: 'self' 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob: https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.ry.com.au https://m.ry.com.au https://checkout.ry.com.au https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' ; script-src 'self' 'nonce-17e5a932-3496-4b21-a778-e72946f44048' https://www.googletagmanager.com/gtm.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.28.0/dist/feather.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js https://s.apac01.idio.episerver.net/ia.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/tiny-slider.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/dist/css/bootstrap.min.css; img-src 'self' data: https://83202.global.siteimproveanalytics.io https://www.google-analytics.com/collect https://i.vimeocdn.com/video/ https://a.apac01.idio.episerver.net https://www.googletagmanager.com https://www.google.com.au https://9146450.fls.doubleclick.net https://ad.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://js.monitor.azure.com/scripts/b/ai.2.min.js https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; object-src 'none'; ; frame-src 'self' https://www.youtube.com/ https://player.vimeo.com/ https://embed.podcasts.apple.com/ https://www.google.com/ https://iframes.perpetualequity.com.au/ https://events.miraqle.com https://www.podbean.com/ https://9146450.fls.doubleclick.net https://omny.fm/shows/the-point-professional-investing-in-australia-with/ https://omny.fm/shows/nights/playlists/financial-planning-with-brett-stene/; child-src 'self' https://www.google.com/; base-uri 'self' ; 1
default-src https: 'self'; script-src https: blob: *.crazyegg.com *.pushnami.com 'unsafe-inline' 'unsafe-eval'; style-src https: *.crazyegg.com 'unsafe-inline'; font-src https: data: 'self'; img-src data: https: *.crazyegg.com 'self'; connect-src https: wss: *.crazyegg.com; worker-src blob: 'self'; child-src blob:; frame-src https:  *.google.com *.crazyegg.com *.addtoany.com *.pushnami.com 'self'; media-src https: blob: 'self'; 1
script-src: 'self' 'unsafe-inline' https://sumbarprov.go.id 1
default-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com; connect-src * 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com; img-src * data: blob: 'unsafe-inline'https://www.google-analytics.com https://www.googletagmanager.com; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors 'self';frame-src 'self' https://play.mediaflowpro.com/ https://www.youtube.com/;form-action 'self';base-uri 'self';default-src 'self';script-src 'self' 'nonce-isaGnBhxlquhSGLgO12toi1uBnZUR5EaEe97kn3FbwE=' 'strict-dynamic' *.vo.msecnd.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com;img-src 'self' https://im16.inviewer.se/ https://assets.mediaflowpro.com/ *.gstatic.com;connect-src 'self' 'nonce-isaGnBhxlquhSGLgO12toi1uBnZUR5EaEe97kn3FbwE=' 'strict-dynamic' *.googleapis.com *.vizzit.se; 1
default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: data: snap.licdn.com https://siegenia.my.salesforce-scrt.com https://siegenia.my.site.com https://app.usercentrics.eu www.googletagmanager.com maps.googleapis.com www.google-analytics.com connect.facebook.net www.youtube.com *.salesforce.com service.force.com bat.bing.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://siegenia.my.salesforce-scrt.com https://siegenia.my.site.com https://app.usercentrics.eu www.googletagmanager.com maps.googleapis.com www.google-analytics.com connect.facebook.net www.youtube.com skk.erecruiter.pl *.salesforce.com service.force.com *.salesforceliveagent.com bat.bing.com;style-src 'report-sample' 'self' 'unsafe-inline'  https://siegenia.my.site.com https://cdnjs.cloudflare.com fonts.googleapis.com skk.erecruiter.pl *.salesforce.com service.force.com ;object-src 'none';base-uri 'self';connect-src 'self' https://siegenia.my.salesforce-scrt.com https://siegenia.my.site.com snap.licdn.com aggregator.service.usercentrics.eu *.usercentrics.eu analytics.google.com maps.googleapis.com stats.g.doubleclick.net *.google-analytics.com www.google.de *.salesforce.com service.force.com *.analytics.google.com bat.bing.com;font-src 'self'  *.amazonaws.com fonts.gstatic.com data: ;frame-src 'self'  siegenia.my.site.com https://app.usercentrics.eu scnem.com *.bimobject.com www.youtube.com *.facebook.com skk.erecruiter.pli *.salesforce.com service.force.com ;img-src 'self' data: *.usercentrics.eu https://app.usercentrics.eu *.siegenia.com *.ytimg.com maps.googleapis.com maps.gstatic.comi *.facebook.com https://www.google.de www.google.com *.google-analytics.com *.salesforce.com service.force.com bat.bing.com;manifest-src 'self';media-src 'self' data: https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net/ *.salesforce.com service.force.com ;worker-src 'none'; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-v_DRzYBgjUpzBlaWkYHQMQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
interest-cohort=() 1
default-src 'self' data: https://cccloudstorage.blob.core.windows.net https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://fonts.gstatic.com https://www.youtube.com https://platform.twitter.com https://aaa.bisnode.si 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://comm.cx; img-src 'self' data: blob: https://comm.cx https://media.comm.cx; style-src 'self' https://comm.cx 'nonce-7n/dtZTfaZUmQ4i3quOv/g=='; media-src 'self' data: https://comm.cx https://media.comm.cx; frame-src 'self' https:; manifest-src 'self' https://comm.cx; form-action 'self'; child-src 'self' blob: https://comm.cx; worker-src 'self' blob: https://comm.cx; connect-src 'self' data: blob: https://comm.cx https://media.comm.cx wss://comm.cx; script-src 'self' https://comm.cx 'wasm-unsafe-eval' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-M2UxMDM5Yzk2ZTg5OGExYQ==' 'nonce-NWNmYTc3MTJiYmRiZmY5ZA==' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://code.jquery.com/jquery-3.5.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' https://8p5hc7qtxsbb.statuspage.io https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com/ https://tagmanager.google.com https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://app.mavenoid.com https://www.google.com/ https://www.google-analytics.com/ https://8p5hc7qtxsbb.statuspage.io https://www.googletagmanager.com https://*.easee.cloud https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src * https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; font-src 'self' https://app.mavenoid.com https://fonts.gstatic.com/ https://*.easee.com data; connect-src 'self' https://payment-production-receipts-bundles.s3.eu-west-1.amazonaws.com https://o442183.ingest.sentry.io https://api.mavenoid.com *.easee.cloud wss://*.easee.cloud wss://*.easee.com https://*.beta.easee.cloud https://*.easee.com https://8p5hc7qtxsbb.statuspage.io/ https://www.google-analytics.com https://logs.browser-intake-datadoghq.eu/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://www.youtube.com https://8p5hc7qtxsbb.statuspage.io/ https://www.google.com/; frame-ancestors https://easee.zendesk.com/ https://*.apps.zdusercontent.com/ 1
object-src 'self'; base-uri 'self'; form-action 'self'; img-src 'self' data:; style-src fonts.googleapis.com gira.com.br www.gira.com.br; default-src 'self' gira.com.br www.gira.com.br; script-src 'self' gira.com.br www.gira.com.br; font-src 'self' https://fonts.gstatic.com gira.com.br www.gira.com.br 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.gstatic.com; connect-src 'self' *.poolstation.net *.idegis.net api.worldweatheronline.com maps.googleapis.com maps.gstatic.com; img-src 'self' maps.googleapis.com maps.gstatic.com data:; frame-src www.google.com 1
default-src 'self' idsecure.com.br:* www.idsecure.com.br:* main.idsecure.com.br:* wss://localhost:8181 www.google-analytics.com; font-src *; style-src * 'unsafe-inline'; script-src 'self' idsecure.com.br www.idsecure.com.br main.idsecure.com.br www.googletagmanager.com polyfill.io www.google-analytics.com 'unsafe-inline'; img-src 'self' idsecure.com.br www.idsecure.com.br main.idsecure.com.br www.google-analytics.com cdnjs.cloudflare.com data:; worker-src 'self' blob:; 1
default-src 'none'; frame-ancestors 'none'; form-action 'none'; sandbox 1
default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1
base-uri 'self';connect-src 'self' ws: www.google-analytics.com wurfl.io hosted.paysafe.com hosted.test.paysafe.com socialplugin.facebook.net www.facebook.com consentcdn.cookiebot.com;default-src 'self';form-action 'self';img-src 'self' data: blob: via.placeholder.com imgsct.cookiebot.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com stats.pusher.com js.stripe.com cdnjs.cloudflare.com hosted.paysafe.com hosted.test.paysafe.com consent.cookiebot.com consentcdn.cookiebot.com 'nonce-F9ylang7yDskvifL4hilXZZhGABQRWFg';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com;frame-src 'self' www.googletagmanager.com www.google.com connect.facebook.net fonts.gstatic.com www.facebook.com www.youtube.com player.vimeo.com js.stripe.com hosted.paysafe.com hosted.test.paysafe.com consent.cookiebot.com consentcdn.cookiebot.com;frame-ancestors 'self' 1
default-src 'self' *.relay.so assets.relay.so; img-src 'self' data: *.relay.so assets.relay.so *.google-analytics.com *.googletagmanager.com; script-src 'self' 'nonce-cdd1e5c1b3feef61e0b3c95a7abefbd9' *.relay.so assets.relay.so *.googletagmanager.com; connect-src 'self' *.relay.so  *.algolia.net *.algolianet.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; report-uri https://o482380.ingest.sentry.io/api/5532530/security/?sentry_key=4001bfc17aa44d0b836d93b8b7003cf2&sentry_environment=production&sentry_release=78bff03 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://statics.rivals.space; img-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; style-src 'self' https://statics.rivals.space 'nonce-ba/kEDatFZaTweT7muP23A=='; media-src 'self' data: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; frame-src 'self' https:; manifest-src 'self' https://statics.rivals.space; form-action 'self'; child-src 'self' blob: https://statics.rivals.space; worker-src 'self' blob: https://statics.rivals.space; connect-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com wss://rivals.space https://api.tenor.com; script-src 'self' https://statics.rivals.space 'wasm-unsafe-eval' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-TC5PXHiNUCTXV+AM8aVBTg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com youtube.com syndication.twitter.com s.ytimg.com publish.twitter.com platform.stumbleupon.com cdn.insight.sitefinity.com dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com *.cloudflare.com *.bootstrapcdn.com *.greenheck.com *.wistia.com https://www.googletagmanager.com fast.wistia.net https://az416426.vo.msecnd.net https://*.vo.msecnd.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com code.jquery.com cdn.insight.sitefinity.com dec.azureedge.net platform.twitter.com *.bootstrapcdn.com *.cloudflare.com fast.wistia.com 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com pbs.twimg.com *.twimg.com data: blob: *.google-analytics.com delicious.com syndication.twitter.com static.licdn.com dec.azureedge.net *.insight.sitefinity.com *.dec.sitefinity.com platform.twitter.com *.eloqua.com track.hubspot.com ghsitefinitytesting.blob.core.windows.net *.valentair.com *.wistia.com *.akamaihd.net greenheck-microsites-cms-prod.azureedge.net fast.wistia.net https://content.innoventair.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.bootstrapcdn.com *.cloudflare.com *.valentair.com; frame-src *.google.com *.wistia.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.insight.sitefinity.com *.dec.sitefinity.com *.mktoresp.com *.greenheck.com *.wistia.com *.litix.io *.akamaihd.net fast.wistia.net https://www.google-analytics.com/ https://dc.services.visualstudio.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.com *.akamaihd.net *.innoventair.com; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com platform.twitter.com syndication.twitter.com youtube.com player.vimeo.com w.soundcloud.com google.com *.wistia.com localhost:49286 *.akamaihd.net *.valentair.com *.innoventair.com 'self' web-chat.nativechat.com 1
default-src 'self' data: 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com www.google-analytics.com fonts.gstatic.com js.hcaptcha.com newassets.hcaptcha.com; frame-ancestors 'none'; form-action 'self' 1
default-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://api.lever.co; frame-src 'self' https://www.youtube.com https://www.google.com; img-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://www.googletagmanager.com https://www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com; report-uri http://www.tri.global/report-uri/enforce; block-all-mixed-content 1
default-src 'self' www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.buckaroo.nl *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline'; img-src data: *; object-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-684a52d125ea85aa6d77d95a13cd411b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
connect-src 'self' https: *.hypd.co wss://*.hotjar.com 1
frame-ancestors 'self' http://localhost:3002 https://cakes.com https://order.cakes.com https://order.nqa.decopac.com https://order.dqa.decopac.com 1
default-src 'self' *.bokf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.ipdata.co cdn.stape.io https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.clarity.ms https://bat.bing.com *.bokf.com *.mpeasylink.com https://i.tryinteract.com https://tr-rc.lfeeder.com https://tag.clearbitscripts.com ws.sessioncam.com https://bokf.wufoo.com https://sc.lfeeder.com https://www.googleanalytics.com https://www.googleoptimize.com  https://optimize.google.com cdn.timetrade.com *.googletagmanager.com *.calcxml.com http://cdnjs.cloudflare.com http://www.google.com http://ajax.googleapis.com *.google-analytics.com http://maxcdn.bootstrapcdn.com *.cloudfront.net *.googleadservices.com app.quotemedia.com http://qmod.quotemedia.com c1.rfihub.net http://connect.facebook.net img.en25.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com *.doubleclick.net *.convertlanguage.com s3.amazonaws.com/trk.cetrk.com/9/t.js s3.amazonaws.com/trk.cetrk.com/b/t.js *.facebook.com https://www.linkedin.com/ www.gstatic.com cdn.glassboxcdn.com snap.licdn.com tracking.bokfinancial.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.adsrvr.org https://insight.adsrvr.org https://extend.vimeocdn.com http://player.vimeo.com https://www.vimeo.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com vimeo.com/api/oembed.js www.bokfinancial.com www.bankofalbuquerque.com www.bankofoklahoma.com www.bankoftexas.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ fast.fonts.net https://optimize.google.com http://www.calcxml.com *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org/ https://bat.bing.com https://geolocation.onetrust.com/ *.kaltura.com i.ytimg.com https://www.google-analytics.com https://tr-rc.lfeeder.com https://www.googletagmanager.com/ https://www.google.com.mx/ads/ *.mpeasylink.com http://www.google-analytics.com *.google.com https://stats.g.doubleclick.net insight.adsrvr.org *.bokfinancial.com *.bankofoklahoma.com *.bankofalbuquerque.com *.bankoftexas.com https://www.facebook.com http://www.calcxml.com https://i.vimeocdn.com px.ads.linkedin.com p.adsymptotic.com https://cm.g.doubleclick.net https://analytics.convertlanguage.com https://dpm.demdex.net https://www.linkedin.com/ https://match.adsrvr.org https://idpix.media6degrees.com https://s.thebrighttag.com https://uipglob.semasio.net https://loadm.exelator.com https://ads.scorecardresearch.com https://cw.addthis.com https://e.nexac.com https://match.sync.ad.cpe.dotomi.com https://cs.adingo.jp https://usermatch.krxd.net https://x.dlx.addthis.com https://x.bidswitch.net https://match.sharethrough.com https://simage2.pubmatic.com https://eb2.3lift.com https://load77.exelator.com https://pixel.rubiconproject.com https://su.addthis.com https://ib.adnxs.com https://pixel.tapad.com https://mid.rkdms.com/ https://dmp.truoptik.com https://i.liadm.com https://io.narrative.io https://odr.mookie1.com https://ups.analytics.yahoo.com https://ml314.com/utsync.ashx https://beacon.krxd.net https://tags.rd.linksynergy.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://data.adxcel-ec2.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; font-src 'self' data: https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fast.fonts.net *.cloudflare.com fonts.gstatic.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://z.clarity.ms/collect chat.bok.com https://cdn.linkedin.oribi.io/ *.googleapis.com *.calcxml.com app.quotemedia.com https://cdn.linkedin.oribi.io api.addsearch.com report.bokf.glassboxdigital.io http://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; frame-src 'self' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.calcxml.com/ https://www.clarity.ms *.mpeasylink.com *.timetrade.com https://optimize.google.com https://quiz.tryinteract.com/ https://bokf.wufoo.com https://cdn.embedly.com/ http://player.vimeo.com http://www.surveygizmo.com *.doubleclick.net adservice.google.com *.youtube.com http://www.google.com *.kaltura.com http://videos.bokf.com tracking.bokfinancial.com https://insight.adsrvr.org https://quickquote-config.optimalblue.com https://quickquote-consumer.optimalblue.com/ https://match.adsrvr.org https://*.bokf.com; frame-ancestors 'self' *.bokf.com; 1
frame-ancestors 'self' *.bondinho.com.br; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.youtube.com www.dwin1.com acsbapp.com *.yotpo.com cdn.listrakbi.com www.googletagmanager.com www.google-analytics.com www.redditstatic.com *.listrakbi.com *.cloudfront.net checkout-sdk.sezzle.com static-na.payments-amazon.com www.google.com www.recaptcha.net www.gstatic.com admin.liberator.com connect.facebook.net s.adroll.com s.pinimg.com www.googleadservices.com widget.surveymonkey.com *.adroll.com *.pinimg.com googleads.g.doubleclick.net ajax.googleapis.com assets.adobedtm.com web-sdk.aptrinsic.com apis.google.com cdn.jsdelivr.net *.tryinteract.com *.braintree.com lex.33across.com *.google-analytics.com *.payments-amazon.com translate.google.com *.googleapis.com *.paypal.com *.payflow.com *.sezzle.com *.freshdesk.com *.googlesyndication.com chat.freshdesk.com static.fliphtml5.com *.hotjar.com *.listrak.com *.paypalobjects.com js.braintreegateway.com www.liberator.com blob: widget.sezzle.com pay.google.com static.elfsight.com js-agent.newrelic.com; report-uri /.webscale/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost;  1
default-src 'self' https://*.cloudfront.net https://*.heymarket.com https://*.occgi.com https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.pillartopost.com; object-src 'unsafe-eval'; connect-src 'self' https://px.ads.linkedin.com/wa/ https://cdn.linkedin.oribi.io/partner/2901874/domain/pillartopost.com/token https://*.analyticspodium.com https://*.podium.com https://*.usercentrics.eu https://*.bugherd.com wss://*.pusherapp.com https://*.pusher.com https://*.bugsnag.com https://*.cloudfront.net https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com https://*.ctctcdn.com https://*.textrequest.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.facebook.com https://*.heymarket.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' https://*.adtracks.com/ https://*.egumball.com https://kit.fontawesome.com/  https://widgets.hive.genesys.com/ https://*.podium.com https://*.usercentrics.eu https://*.cloudfront.net  https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com https://*.mypurecloud.com https://*.ctctcdn.com https://*.syndication.twimg.com https://*.twitter.com https://*.chambermaster.com https://*.yellowbook.com https://*.textrequest.com https://*.bbb.org https://*.openweathermap.org https://*.calendly.com https://*.app-us1.com https://*.app-us1.com https://trackcmp.net https://*.heymarket.com https://*.jsdelivr.net https://*.licdn.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://apps.mypurecloud.com/webfonts/roboto.css https://*.podium.com https://*.pillartopost.com https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com https://*.cloudfront.net https://*.ctctcdn.com https://*.twitter.com https://*.bbb.org https://*.jsdelivr.net https://*.apex.live https://*.googleapis.com https://*.cloudflare.com 'unsafe-inline'; font-src 'self' https://apps.mypurecloud.com/webfonts/fonts/roboto/roboto-v29-latin-regular.woff2 https://apps.mypurecloud.com/ https://*.podium.com https://*.pillartopost.com https://*.cloudfront.net https://*.bugherd.com https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com https://*.jsdelivr.net data: https://*.apex.live https://*.gstatic.com https://*.cloudflare.com https://*.googleapis.com; img-src 'self' https://pillartopost.my.salesforce-sites.com/ https://embrace-uploads-mms.s3.us-west-1.amazonaws.com/ https://*.homeadvisor.com https://*.analyticspodium.com https://*.usercentrics.eu https://*.linkedin.com https://*.cloudfront.net https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com data: https://pillartopost.com https://*.pillartopost.com https://pillartopost.online https://*.s3.amazonaws.com https://*.googletagmanager.com https://*.souqh.ca https://*.twimg.com https://*.twitter.com https://*.blob.core.windows.net https://*.google-analytics.com https://*.cloudinary.com https://*.bbb.org https://*.googleapis.com https://*.ytimg.com https://*.g.doubleclick.net https://*.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://*.facebook.com https://*.google.com https://*.google.ca; frame-src 'self' https://td.doubleclick.net/ https://*.egumball.com https://elocallink.tv/ https://*.cloudfront.net https://connect.occgi.com/api/cic4-01/icws/connection/features https://*.occgi.com https://*.twitter.com https://*.cdn.anvato.net https://*.google.com https://*.google.ca https://*.facebook.com https://*.franchisegator.com https://calendly.com https://*.g.doubleclick.net https://*.youtube.com; child-src 'self'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https: data: cdn.polyfill.io http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.systematic.com https://systematic.com; connect-src 'self' https: *.googleapis.com wss://*.hotjar.com https://api.systematic.com https://systematic.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https: cdn.polyfill.io www.googletagmanager.com googletagmanager.com https://api.systematic.com https://systematic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https: data: *.gstatic.com; font-src 'self' https: data: *.gstatic.com; form-action 'self'; frame-ancestors 'none'; object-src data: 'unsafe-inline'; report-uri https://systematic.com/report-csp-violations 1
frame-ancestors 'self' mycampus.pt universidadeeuropeia.instructure.com universidadeeuropeia.staging.instructure.com universidadeeuropeia.beta.instructure.com universidadeeuropeia.test.instructure.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.jsdelivr.net https://*.tawk.to wss://*.tawk.to https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.facebook.com https://fonts.googleapis.com https://www.google.pl https://fonts.gstatic.com https://widget.clutch.co https://snap.licdn.com http://46.29.19.34 wss://vsb119.tawk.to https://va.tawk.to https://*.google-analytics.com https://*.linkedin.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io wss://*.hotjar.com https://*.user.com wss://*.user.com https://*.spotify.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.awin1.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.sk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.sk https://m.myprotein.sk https://checkout.myprotein.sk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.rus-news.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self'; media-src 'self'; img-src 'self' data:; form-action 'self' https://app.redsift.io https://app.redsift.cloud; connect-src 'self' sentry.io https://plausible.io; frame-ancestors https://app.redsift.io https://app.redsift.cloud; frame-src https://www.google.com; object-src 'self'; font-src 'self' data:; script-src 'report-sample' 'self' 'nonce-ba850caed8c6aa0b8a389cd4780387d1' https://plausible.io; style-src 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1544333/csp-report/?sentry_key=49d512bfcf954f33a5b9c68f30d60783 1
default-src *;style-src 'self' 'unsafe-inline' api.map.baidu.com at.alicdn.com *.chinawutong.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' ynuf.aliapp.org  cf.aliyun.com  *.tdum.alibaba.com *.chinawutong.com wp.qiye.qq.com bqq.gtimg.com  hm.baidu.com hmcdn.baidu.com dlswbr.baidu.com  api.map.baidu.com map.baidu.com aeis.alicdn.com maponline1.bdimg.com g.alicdn.com admin.qidian.qq.com t.gdt.qq.com;img-src * data:;worker-src * blob:;font-src 'self' at.alicdn.com data:; 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com www.googletagservices.com tpc.googlesyndication.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com ddc.optimahub.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js; style-src 'unsafe-inline' p-airnz.com tagmanager.google.com static.hotjar.com script.hotjar.com; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com data:; media-src 'self' ; frame-src 'self' www.youtube.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ tpc.googlesyndication.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com xd.wayin.com display.engagesciences.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.grabaseat.co.nz *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.optimizely.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
default-src 'none'; object-src 'self'; media-src 'self' https://unblu.cloud; connect-src 'self' https://unblu.cloud wss://unblu.cloud https://hlg.tokbox.com https://anvil.opentok.com https://config.opentok.com https://api-enterprise.opentok.com wss://*.tokbox.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://api.aiaibot.com https://short.wuestappraisal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.googleanalytics.com https://www.google-analytics.com https://tagmanager.google.com https://*.googletagmanager.com https://optimize.google.com https://www.googleoptimize.com https://unblu.cloud https://static.opentok.com https://snap.licdn.com https://static.licdn.com https://static-exp1.licdn.com https://static-exp2.licdn.com https://static-exp3.licdn.com https://connect.facebook.net https://ssl.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://chat.aiaibot.com https://short.wuestappraisal.com https://www.newhome.ch/js/partner.loader.js https://www.youtube.com; frame-src 'self' https://swissquote-idcheck.peax.ch https://bid.g.doubleclick.net https://www.wuest.io https://nubes.simplex.tv https://mw.weaver.ch https://optimize.google.com https://ohws.prospective.ch https://*.fls.doubleclick.net https://*.lukb.ch https://consentcdn.cookiebot.com https://www.youtube-nocookie.com https://chat.aiaibot.com https://www.wuest.io; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://unblu.cloud https://short.wuestappraisal.com; img-src 'self' data: https://www.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://stats.g.doubleclick.net https://*.google-analytics.com https://www.yourmoney.ch https://tagmanager.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://optimize.google.com https://googleads.g.doubleclick.net https://unblu.cloud https://short.wuestappraisal.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://unblu.cloud https://short.wuestappraisal.com; 1
default-src 'self' *.infinity-tracking.net *.infinity-tracking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.infinity-tracking.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.hscta.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org; media-src 'self' data: blob: *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.doubleclick.net *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.infinity-tracking.com *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.infinity-tracking.net *.infinity-tracking.com google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org *.hscollectedforms.net; 1
default-src 'self' 'nonce-cf80e341-d687-4160-afd8-c2961557eb45' cdn.appdynamics.com col.eum-appdynamics.com;script-src 'unsafe-inline' 'nonce-cf80e341-d687-4160-afd8-c2961557eb45' 'strict-dynamic' 'self' www.google.com/recaptcha/ maps.googleapis.com/maps/api/js pay.google.com/gp/p/js/pay.js pay.google.com/ js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net https://web.pypestream.com;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.google-analytics.com www.gstatic.com;base-uri 'self';object-src 'none';upgrade-insecure-requests;frame-src 'self' 'nonce-cf80e341-d687-4160-afd8-c2961557eb45' www.google.com/recaptcha/ www.youtube.com/embed/ pay.google.com/ https://web.pypestream.com blob:;frame-ancestors;connect-src www.google-analytics.com maps.googleapis.com/maps/api/ maps.googleapis.com/maps-api-v3/api/ maps.googleapis.com/$rpc/ col.eum-appdynamics.com/eumcollector/ bam.nr-data.net bam-cell.nr-data.net 'self' *.launchdarkly.com *.pypestream.com *.pype.tech fontawesome.com google.com/pay pay.google.com/about pay.google.com/gp/p/;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css;font-src data: fonts.gstatic.com/ fontawesome.com;block-all-mixed-content;form-action 'self';script-src-attr 'none' 1
frame-ancestors 'self' *.fabtechexpo.com veloxityscreens.com *.veloxityscreens.com; 1
frame-src *.un4seen.com mailto:; 1
frame-src 'self' blob: https://*.migrosbank.ch https://io.fusedeck.net/ https://api.onloan.ch/ https://mb.api.onloan.ch/ https://docs.onloan.ch/ https://www.google-analytics.com/ https://doubleclick.net/ https://www.googletagmanager.com/ https://services.logismata.ch/ https://cdn.cookielaw.org/ https://cdn.migros.ch/ https://migros-gruppe.jobs/ https://payment.datatrans.biz/ https://www.youtube.com/ https://8050383.fls.doubleclick.net/ https://stats.g.doubleclick.net https://chat.viseca.ch https://online.serviceocean.com https://www.onlineberatung.ch https://www.coffeeb.com/ https://pv.offerten-rechner.ch/ https://hp.offerten-rechner.ch/ https://gowago.ch/ https://blog.migrosbank.ch/ https://mb.levo-app.ch; object-src 'none'; frame-ancestors 'self' https://enl.migrosbank.ch https://*.ti8m.ch; 1
script-src http: https: https://mcstaging.pricerite.com.hk/  api.map.baidu.com www.googletagmanager.com www.facebook.com 'unsafe-eval' 'self' 'unsafe-inline' https://js-agent.newrelic.com *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' https://mcstaging.pricerite.com.hk/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'  api.map.baidu.com blob:; font-src 'self' fonts.gstatic.com; frame-src *.google.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.pricerite.com.hk  www.googletagmanager.com www.facebook.com https://api002.pricerite.com.hk:8085/ connect-src: *.nr-data.net; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http:;  worker-src 'self' blob: https: http:;  style-src 'self' 'unsafe-inline' https: http:;  frame-src 'self' 'unsafe-eval' 'unsafe-inline' https: http:;  img-src * blob: data:;  font-src 'self' data: https: http:;  media-src 'none';  connect-src *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-kAk18MaPnpaepETDKJ0pGw=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://bitbang.social; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
frame-ancestors 'self' *.etniabarcelona.com *.intranet-etniabarcelona.com *.extranet-etniabarcelona.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; media-src https://*.mux.com blob: data:; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: https://secure.tpay.com https://tpay.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ https://secure.tpay.com https://tpay.com *.weltpixel.com facebook.com *.cookiebot.com creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: https://secure.tpay.com https://tpay.com https://maps.gstatic.com https://maps.googleapis.com *.facebook.com *.bing.com garett.com.pl google.pl facebook.com trustmate.io www.google.pl *.clarity.ms blob: *.credit-agricole.pl lantern.roeye.com *.googlesyndication.com awin1.com google.com s3-eu-west-1.amazonaws.com salesmanago.s3-eu-west-1.amazonaws.com conversionlabs.net.pl *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com https://secure.tpay.com https://tpay.com https://maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.cookiebot.com rum.uptime.com *.buybox.click *.cloudflare.com *.hotjar.com bat.bing.com *.callpage.io trustmate.io analytics.tiktok.com *.clickonometrics.pl *.clarity.ms *.dwin1.com callpage.io *.roeyecdn.com *.googlesyndication.com awin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.googleapis.com *.gstatic.com https://secure.tpay.com https://tpay.com tagmanager.google.com *.callpage.io *.cloudfront.net trustmate.io sandbox-easy-geowidget-sdk.easypack24.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.callpage.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com https://secure.tpay.com https://tpay.com https://maps.googleapis.com *.facebook.net stats.g.doubleclick.net *.cookiebot.com *.googlesyndication.com stream.cloud.witbee.com *.cloudflare.com rum.uptime.com *.callpage.io vc-service.saleago.com googleads.g.doubleclick.net analytics.tiktok.com *.clarity.ms wss://*.salesmanago.com wss://*.hotjar.com *.hotjar.io delivery.clickonometrics.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com *.google.com *.facebook.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' comment.bitstorm.org cdn.syndication.twimg.com cdn.jsdelivr.net www.gstatic.com www.google.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; img-src * data:; frame-src 'self' comment.bitstorm.org googleads.g.doubleclick.net www.google.com; object-src 'none'; report-uri https://sentry.io/api/1375377/security/?sentry_key=37a44af6812a48e58322a30492ab7025 1
default-src https:; font-src 'self' https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
img-src 'self' blob: data: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.zavvi.es https://m.zavvi.es https://checkout.zavvi.es https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-KQ93hH3Lw41mPw' 'unsafe-hashes' 'sha256-xPFQMZneoRxFljeMIHQ4vPKPyDPgoABR+GFcO5aEhCg=' 'sha256-vJtl2RfhRVeaVjHri3h9zh+irblwCgC8O+2KO5SwjUE=' 'sha256-0YvrqKbbMt2EskJYz2VCrMp2hLAw5SnvKXcZiZNADEs=' 'sha256-ZzU+qOmZERkwCUIxTe7nDzk1ThNaLGel+/J1iWx+nSU=' 'sha256-7PR+0/+ZmUwb4JADPqIYhsBV5VPhfdB2IYp2W4Nc8Xo='  https://sofire.baidu.com https://affim.baidu.com https://safe.cdn.bcebos.com https://sofire.bdstatic.com https://aifanfan.baidu.com https://dmpstatic.cdn.bcebos.com https://aiff.cdn.bcebos.com https://goutong.baidu.com https://hm.baidu.com https://aff-im.cdn.bcebos.com *.azureedge.net *.calltrk.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js tagmanager.google.com *.bdimg.com *.bookeo.com applus.media data cdn.usefathom.com  code.jquery.com  docs.google.com https://v.qq.com m.youtube.com *.baidu.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://aff-im.cdn.bcebos.com https://aff-im.bj.bcebos.com https://tracker.metricool.com *.ytimg.com www.google.es *.svc.dynamics.com https://tracker.metricool.com *.ytimg.com *.youtube.com  www.google-analytics.com secure.papelaweb.com aidback.applus.solutions www.applus.com https://api.map.baidu.com  *.bdimg.com *.baidu.com  *.googleusercontent.com cdn.usefathom.com code.jquery.com  maps.gstatic.com *.googleapis.com *.ggpht.com https://v.qq.com  ssl.gstatic.com www.gstatic.com https://www.googletagmanager.com stats.g.doubleclick.net adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' https://portal.r2docuo.com/ https://*.bookeo.com https://applus.media/ *.svc.dynamics.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com  player.vimeo.com  *.youtube.com  www.youtube-nocookie.com  docs.google.com https://v.qq.com accounts.google.com; child-src 'self' *.doubleclick.net www.youtube.com docs.google.com  https://v.qq.com *.bookeo.com; style-src 'unsafe-inline' 'self' https://aff-im.cdn.bcebos.com code.jquery.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data:  fonts.gstatic.com; manifest-src 'self'; frame-ancestors 'self' https://docs.google.com; connect-src 'self' https://aifanfan.baidu.com https://sofire.baidu.com https://sfp.safe.baidu.com https://fclog.baidu.com https://hm.baidu.com *.svc.dynamics.com https://www.google-analytics.com https://apps-cal.applus.com https://region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com httpbin.org maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net aidback-test.applus.solutions aidback.applus.solutions aid-public.applus.solutions apps.applus.com apps.applus.solutions api.ipify.org applus-test.applus.solutions analytics.google.com adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.baidu.com; form-action 'self' https://apps.applus.com; report-to default; 1
default-src 'self' https://stats.g.doubleclick.net *.google.com  *.nabilbank.com www.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com *.googleapis.com *.gstatic.com *.cloudflare.com *.jquery.com *.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io  *.google-analytics.com https://connect.facebook.net/ https://web.facebook.com *.facebook.com *.youtube.com *.google.com https://apac-in.app.koopid.ai 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.google.com *.facebook.com www.nabilbank.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com https://connect.facebook.net  https://www.google-analytics.com/ https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://gitcdn.github.io *.cloudflare.com *.jquery.com https://www.google.com https://apac-in.app.koopid.ai https://maps.googleapis.com *.gstatic.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' http://10.17.0.51 *.google.com www.nabilbank.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com https://www.youtube.com ; img-src 'self' data: *.google.com img.youtube.com maps.gstatic.com *.googleapis.com *.ggpht https://pictures.beesender.com wss://balance.beesender.com  https://widget.beesender.com maps.googleapis.com https://developers.google.com www.nabilbank.com https://www.google-analytics.com *.nabilbank.com siteapi.nabilbank.com siteadmin.nabilbank.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.doubleclick.net *.googleadservices.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.google.com *.google-analytics.com *.facebook.net *.yandex.ru  *.criteo.net *.criteo.com *.2mdn.net *.bootstrapcdn.com *.cloudflare.com *.bkmexpress.com.tr *.visilabs.net *.relateddigital.com *.adroll.com *.adroll.mgr.consensu.org 1
default-src 'self'; connect-src 'self' crownpeak.net *.crownpeak.net https://*.agentiq.co wss://*.agentiq.co https://api.cobrowse.io wss://*.cobrowse.io https://cobrowse.io *.google-analytics.com *.g.doubleclick.net *.gannettdigital.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.google.com *.doubleclick.net *.googleapis.com *.segmint.net *.banno.com https://banno.com https://s3.amazonaws.com *.sundaysky.com; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.sundaysky.com *.banno.com https://banno.com data:; frame-ancestors 'self' https://*.agentiq.co https://chat-service.imcu.agentiq.co *.banno.com https://banno.com; frame-src 'self' https://app.imcu.com https://*.imcu.com *.youtube.com *.google.com *.vimeo.com https://*.agentiq.co https://cobrowse.io *.fls.doubleclick.net *.baconpay.com *.optimalblue.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net  *.segmint.net birdeye.com *.birdeye.com *.sundaysky.com *.banno.com https://banno.com; img-src 'self' https://imcuonline-cloud.lending360.com https://agentiq-imcu-assets.s3.amazonaws.com *.google-analytics.com *.google.com *.googletagmanager.com *.banno.com https://banno.com *.googleapis.com *.gstatic.com *.facebook.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.segmint.net data: *.sundaysky.com *.banno.com; media-src 'self' *.banno.com https://banno.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://imcuonline-cloud.lending360.com https://app.imcu.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com banno.com *.banno.com crownpeak.com *.crownpeak.com https://*.agentiq.co *.cobrowse.io *.rlets.com *.adnxs.com *.facebook.net *.cloudfront.net *.callrail.com *.baconpay.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net https://www.google.com/recaptcha/api.js *.gstatic.com *.segmint.net birdeye.com *.birdeye.com *.sundaysky.com *.banno.com https://banno.com blob: *.banno.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://chat-service.imcu.agentiq.co *.sundaysky.com *.banno.com https://banno.com 1
frame-ancestors 'self' http://*.paedml-linux.lokal/ https://*.paedml-linux.lokal/ https://*.etracker.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.translate.naver.net https://ct.pinterest.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.co.kr https://ampcid.google.co.jp https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://horizon-api.www.myprotein.co.kr https://*.qubit.com https://*.qubitproducts.com https://analytics.tiktok.com https://*.abtasty.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://appdown.pstatic.net https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.co.kr https://m.myprotein.co.kr https://checkout.myprotein.co.kr https://connect.facebook.net https://ct.pinterest.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.translate.naver.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://analytics.tiktok.com https://sf16-muse-va.ibytedtos.com blob: https://*.abtasty.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.cz https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.cz https://m.myprotein.cz https://checkout.myprotein.cz https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://c.imedia.cz https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://app.canopytax.com https://*.clientportal.com; report-uri https://app.canopytax.com/_/csp-reports 1
script-src 'self' https://assets.cisofy.com https://js.stripe.com 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; connect-src https://assets.cisofy.com; manifest-src 'self' https://assets.cisofy.com; frame-src https://js.stripe.com; img-src 'self' https://assets.cisofy.com; font-src 'self' data:; default-src 'none'; style-src 'self' https://assets.cisofy.com 'unsafe-inline' 1
frame-ancestors 'self'; report-uri https://bakerdist.report-uri.com/r/t/csp/enforce 1
block-all-mixed-content; frame-ancestors https://tome.app;: always 1
frame-ancestors 'self' https://google.com https://googletagmanager.com https://b.yjtag.jp https://youtube.com 1
script-src 'self' 'unsafe-inline' *.taager.com *.fonts.gstatic.com *.googletagmanager.com connect.facebook.net online.tableau.com apis.google.com www.google-analytics.com analytics.tiktok.com googleads.g.doubleclick.net static.ads-twitter.com sc-static.net web-sdk.smartlook.com *.snapchat.com *.gstatic.com *.google.com *.fw-cdn.com *.assets.customer.io https://fw-cdn.com https://assets.customer.io https://taagersupport-8b51a9590d8f90116959836.freshchat.com https://code.gist.build; 1
default-src 'self' *.speedship.com https://speedship.com https://www.speedship.com ; frame-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://service.force.com https://auth.wwex.com https://whatfix.com https://*.whatfix.com https://transaction.hostedpayments.com *.quicksight.aws.amazon.com blob: ; img-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://wwex.com https://www.google-analytics.com https://*.gravatar.com data: ; script-src 'self' *.speedship.com https://speedship.com https://www.speedship.com 'unsafe-inline' *.force.com *.salesforceliveagent.com https://*.whatfix.com https://whatfix.com https://www.google-analytics.com https://code.jquery.com https://wwex.com *.quicksight.aws.a2z.com https://d758cqe2bs24d.cloudfront.net blob: ; style-src 'self' 'unsafe-inline' *.force.com *.typekit.net ; object-src 'none' ; font-src 'self' *.typekit.net https://fonts.gstatic.com data: ; connect-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://nextgen-document-store-prod2-us-east-1.s3.amazonaws.com https://*.launchdarkly.com https://*.datadoghq.com https://session-replay.browser-intake-datadoghq.com https://rum-http-intake.logs.datadoghq.com https://auth.wwex.com https://ka-f.fontawesome.com https://*.whatfix.com https://whatfix.com wss://localhost:* wss://localhost.qz.io:* *.quicksight.aws.amazon.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://s.yimg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;connect-src 'self' https://*.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io https://consent.trustarc.com https://consent-pref.trustarc.com https://stats.g.doubleclick.net https://s.yimg.com;img-src 'self' data: https://sp.analytics.yahoo.com https://www.google.co.uk https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.gstatic.com https://i.ytimg.com;object-src 'none';font-src 'self' https://fonts.gstatic.com https://consent.trustarc.com;frame-src 'self' https://td.doubleclick.net https://consent-pref.trustarc.com https://www.youtube-nocookie.com;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests 1
default-src 'self'; media-src 'self' https://*.zdassets.com/ https://app.posthog.com; frame-src 'self' https://hooks.stripe.com https://*.clickcease.com/ https://winegallery.netlify.com/ https://*.goodpairdays.com/ https://*.youtube.com/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://goodpairdays.zendesk.com/ https://winegallery.zendesk.com/ https://*.google.com/ https://*.googlesyndication.com/ https://bid.g.doubleclick.net/ https://js.stripe.com/ https://app.netlify.com/ https://netlify-cdp-loader.netlify.app/ https://td.doubleclick.net/; frame-ancestors 'self' https://js.stripe.com/ https://*.googlesyndication.com/ https://*.yotpo.com/ https://*.goodpairdays.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/ https://*.clickcease.com/ https://goodpairdays.zendesk.com/ https://winegallery.zendesk.com/ https://app.posthog.com https://cdn.jsdelivr.net/ https://api.ideal-postcodes.co.uk/ https://api.addressfinder.io/ https://widget-mediator.zopim.com/ https://googleads.g.doubleclick.net/ https://static.zdassets.com/ https://d33wubrfki0l68.cloudfront.net/ https://googletagmanager.com/ https://googletagmanager.com/*/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*/ https://*.googleadservices.com/ https://*.googleadservices.com/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.yotpo.com/ https://*.google.com/ https://*.google.com/*/ https://*.google.com.au/ https://*.google.com.au/*/ https://*.google.co.uk/ https://*.google.co.uk/*/ https://*.googleapis.com/ https://cdn.segment.com/ https://cdn.segment.com/v1/projects/SgIQJEuiurOd0tD827mZ0CF0Jcj7HNtE/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://app.netlify.com/ https://netlify-cdp-loader.netlify.app/; connect-src 'self' https://*.s3.amazonaws.com/ https://*.goodpairdays.com https://www.instagram.com https://app.posthog.com https://*.googleapis.com https://extreme-ip-lookup.com https://gpd-guides.ghost.io/ https://the-last-glass.ghost.io https://*.youtube.com/ https://goodpairdays.zendesk.com/ https://*.clickcease.com/ https://winegallery.zendesk.com/ https://api.ideal-postcodes.co.uk/ https://api.addressfinder.io/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.google.com/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://ekr.zdassets.com/ https://api.stripe.com https://*.sentry.io/ https://*.sentry.io/*/ https://sentry.io/api/ https://cdn.segment.com/v1/projects/SgIQJEuiurOd0tD827mZ0CF0Jcj7HNtE/settings https://cdn.segment.com/v1/projects/ALOhsRq1DN8KVkVJGHBy84aNJUidhI38/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://*.segment.io/ https://*.segment.io/*/ https://*.yotpo.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.com.ai/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gp/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.ms/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.nf/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tk/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.vg/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://api.iterable.com/ https://js.stripe.com/; img-src 'self' data: https://picsum.photos/ https://*.picsum.photos/ https://www.instagram.com https://*.ytimg.com/ https://gpd-guides.ghost.io/ https://the-last-glass.ghost.io https://*.clickcease.com/ https://cx.atdmt.com/ https://d7yj57tt7xfz4.cloudfront.net/ https://winegallery.zendesk.com/ https://*.googleadservices.com/ https://googletagmanager.com/ https://googletagmanager.com/*/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.goodpairdays.com/ https://*.yotpo.com/ https://ddcfq0gxiontw.cloudfront.net/ https://platform-lookaside.fbsbx.com/ https://*.gstatic.com/ https://*.googleapis.com/ https://*.google.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.com.ai/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gp/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.ms/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.nf/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tk/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.vg/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://*.unsplash.com https://hatscripts.github.io/ https://d15k2d11r6t6rl.cloudfront.net/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://*.yotpo.com/ https://d33wubrfki0l68.cloudfront.net/ https://*.posthog.com/ https://fonts.googleapis.com/ https://*.googleapis.com/; font-src 'self' data: https://*.yotpo.com/ https://d33wubrfki0l68.cloudfront.net/ https://fonts.gstatic.com/; object-src 'none'; report-uri https://o221921.ingest.sentry.io/api/1472073/security/?sentry_key=e20c90507248444cba0d534a66d096e7 https://o221921.ingest.sentry.io/api/5588764/security/?sentry_key=193a5affb6cd4864abe11d6c1f15ea80; 1
object-src 'self'; block-all-mixed-content; frame-ancestors 'self' secpoint.com *.secpoint.com; 1
frame-ancestors 'self' mypatriot.com *.mypatriot.com 1
script-src blob: 'unsafe-inline' 'unsafe-eval' 'self' stories.ups.com about.ups.com dev.upsers.ams1907.com stage.upserstwo.com upsers.com www.upsers.com upserstwo.com www.upserstwo.com qa.upsers.ams1907.com beta.upsers.com https://login.microsoftonline.com https://tags.tiqcdn.com https://www.youtube.com https://gallery.sprinklr.com https://smetrics.ups.com https://platform.twitter.com https://www.facebook.com  https://pbs.twimg.com  https://thumb.sprinklr.com https://scontent-iad3-1.xx.fbcdn.net https://visitor-service-us-east-1.tealiumiq.com https://visitor-service-ap-east1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://visitor-service-ap-east-1.tealiumiq.com my.tealiumiq.com https://players.brightcove.net https://vjs.zencdn.net https://www.google.com  https://www.gstatic.com mboxedge31.tt.omtrdc.net ups.demdex.net dpm.demdex.net https://fonts.gstatic.com ups.tt.omtrdc.net s.go-mpulse.net https://scripts.demandbase.com https://qmod.quotemedia.com https://www.googletagmanager.com https://snap.licdn.com https://js.adsrvr.org https://www.redditstatic.com https://s7d1.scene7.com https://s7d9.scene7.com https://ups.scene7.com https://upstwo.scene7.com https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://datacloud.tealiumiq.com https://www.recaptcha.net aap-d.parcelpro.com aap-p.parcelpro.com ups.blueconic.net ups-dev.blueconic.net aap-d.*.ams1907.com aap-p.*.ams1907.com; object-src 'none' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://feuniverse.us/logs/ https://feuniverse.us/sidekiq/ https://feuniverse.us/mini-profiler-resources/ https://feuniverse.us/assets/ https://feuniverse.us/brotli_asset/ https://feuniverse.us/extra-locales/ https://feuniverse.us/highlight-js/ https://feuniverse.us/javascripts/ https://feuniverse.us/plugins/ https://feuniverse.us/theme-javascripts/ https://feuniverse.us/svg-sprite/ 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY='; worker-src 'self' https://feuniverse.us/assets/ https://feuniverse.us/brotli_asset/ https://feuniverse.us/javascripts/ https://feuniverse.us/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.zaloapp.com 'unsafe-inline' 'unsafe-eval' *.addthis.com *.moatads.com *.addthisedge.com;style-src 'self' *.google.com 'unsafe-inline' *.googleapis.com;frame-src 'self' *.google.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.zalo.me *.addthis.com;base-uri 'self'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net www.google-analytics.com *.doubleclick.net pghub.io feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net feed.pghub.io pgamaphc.jebbit.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.facebook.com pixel.tapad.com cdn.cookielaw.org www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.googlesyndication.com cdn.cookielaw.org *.algolia.net *.algolianet.com *.contentful.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' static1.nautal.com; connect-src 'self' https://api.clickandboat.com static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io https://*.clarity.ms click-and-boat.pxf.io https://api.privacy-center.org; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net click-and-boat.pxf.io; img-src 'self' static1.nautal.com static2.nautal.com https://assets.nautal.com/frontend-assets/master/ https://blog.nautal.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org; script-src 'unsafe-eval' 'self' static2.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net sslwidget.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net 'unsafe-inline' 'nonce-UA7Kkx4y8G6DfUsrjZoGCw=='; style-src 'self' static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://sdk.privacy-center.org 1
frame-ancestors 'self' https://www.petbenefits.com/ https://www.dvmnetwork.com/ https://www.wishboneinsurance.com/ *.petassure.com 1
default-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://rogii-portal-prod.s3.amazonaws.com blob:; connect-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://*.s3.amazonaws.com https://login.microsoftonline.com https://www.google-analytics.com/ https://maps.googleapis.com https://auth.petroninja.com https://api.mapbox.com https://*.tgsnopec.com https://map.datalake.tgs.com https://global.oktacdn.com wss:; font-src 'self' https://*.rogii.com https://*.solo.cloud https://solo.cloud https:; img-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://s3.amazonaws.com https://*.s3.amazonaws.com https://maps.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://api.mapbox.com https://map.datalake.tgs.com *.ggpht *.khms0 blob: data:; style-src https://*.rogii.com https://*.solo.cloud https://solo.cloud https://*.googleapis.com 'unsafe-inline' https://rogii-portal-prod.s3.amazonaws.com; frame-src https://*.starsteer.solo.cloud https://starsteer.solo.cloud https://auth.petroninja.com https://app.powerbi.com https://*.tgsnopec.com; script-src 'unsafe-eval' https://*.rogii.com https://*.solo.cloud https://solo.cloud https://maps.googleapis.com; form-action https://*.rogii.com https://*.solo.cloud https://solo.cloud starlite: rtm: fcast:; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; worker-src https://*.rogii.com https://*.solo.cloud https://solo.cloud blob:; 1
upgrade-insecure-requests; default-src 'self' data: https://cdnjs.cloudflare.com wss://ws.pusherapp.com https://www.facebook.com/ *.facebook.com https://demos.calixtachat.com *.yggs.io wss://ws-mt1.pusher.com/ *.pusher.com https://api.refiner.io/ https://api-js.mixpanel.com/ *.hotjar.com *.hotjar.io wss://ws6.hotjar.com/api/v2/client/ws wss://ws43.hotjar.com/api/v2/client/ws https://api.amplitude.com/ https://api.auronix.com wss://api.auronix.com/frontend/aurochat/socket.io/; font-src data: 'self' https://cdnjs.cloudflare.com; img-src data: https: 'self' blob:; media-src *; object-src 'none'; script-src data: http: 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; frame-src * 1
report-uri https://company.softing.com; base-uri https://company.softing.com; object-src 'none'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' *.cookiehub.net cookiehub.net cookiehub.com *.cookiehub.com gfx.kirjastot.fi plausible.io *.reactandshare.com www.kirjastot.fi; frame-src 'self' gfx.kirjastot.fi; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://use.typekit.net https://us2.siteimprove.com https://siteimproveanalytics.com https://ajax.googleapis.com https://cdn.cookielaw.org https://www.amcharts.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' 'unsafe-inline' blob: data: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://p.typekit.net https://bradley.vuturevx.com https://cdn.cookielaw.org https://*.siteimproveanalytics.io https://www.buddingtrendsblog.com https://www.buildsmartbradley.com https://www.bradleybusinessdivorce.com https://www.classactiondeclassified.com https://www.eyeonenforcement.com https://www.familybusinessadvocates.com https://www.financialservicesperspectives.com https://www.ipiqblog.com https://www.itpaystobecovered.com https://www.employmentlawinsights.com https://www.onlineandonpoint.com https://www.underwrittenblog.com; frame-src 'self' *.podcasts.apple.com https://www.google.com https://www.youtube.com https://html5-player.libsyn.com https://player.vimeo.com https://communications.bradley.com https://www.podbean.com https://player.simplecast.com https://open.spotify.com https://www.cbsnews.com https://www.nbcdfw.com https://embed.radiopublic.com https://share.transistor.fm https://player.captivate.fm https://w3.mp.lura.live https://player.pippa.io https://w.soundcloud.com https://www.buzzsprout.com https://anchor.fm https://www.localmemphis.com https://w3.cdn.anvato.net https://www.slideshare.net https://www.insurancejournal.tv; connect-src 'self' https://geolocation.onetrust.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; upgrade-insecure-requests; block-all-mixed-content; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://embed.tawk.to *.gstatic.com https://acsbapp.com https://cdnjs.cloudflare.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.criteo.com https://static.criteo.net https://www.xtento.com *.divers-supply.com *.google.com https://cdn.routeapp.io/ *.tawk.to www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.affirm.com *.affirm.ca *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.targetbay.com *.criteo.com *.criteo.net www.xtento.com https://www.catchmarketingservices.com *.divers-supply.com https://targetbay.s3.amazonaws.com https://www.google.co.in *.routeapp.io *.yahoo.com https://criteo-sync.teads.tv https://cm.g.doubleclick.net https://s.ad.smaato.net https://ad.360yield.com https://r.casalemedia.com https://ups.analytics.yahoo.com https://eb2.3lift.com *.adnxs.com https://x.bidswitch.net https://sync-criteo.ads.yieldmo.com https://cdn.aralego.net https://ade.clmbtech.com https://simage2.pubmatic.com https://sync.outbrain.com https://c.bing.com https://exchange.mediavine.com https://idsync.rlcdn.com https://cs.adingo.jp https://adx.dable.io *.socdm.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://ads.stickyadstv.com https://sync.aralego.com https://bat.bing.com https://googleads.g.doubleclick.net *.emxdgt.com/ https://tawk.link https://img-msg.tb-list.com *.googleapis.com *.gstatic.com *.bayengage.com https://acsbapp.com https://cm.adgrx.com/ https://aa.agkn.com/ https://tags.bluekai.com/ https://trends.revcontent.com/ https://jadserve.postrelease.com/ https://i.liadm.com/ https://matching.ivitrack.com/ https://visitor.omnitagjs.com/ https://partner.mediawallahscript.com/ *.amazonaws.com *.tawk.to https://pixel.iceweb.io/ *.yahoo.net cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://polyfill.io/ *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com s7.addthis.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.routeapp.io fonts.googleapis.com *.divers-supply.com *.bayengage.com https://www.google-analytics.com https://embed.tawk.to https://acsbapp.com https://acsbap.com *.googleapis.com *.criteo.net *.criteo.com *.targetbay.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net *.bing.com https://route-cdn.s3.amazonaws.com/ https://pixel.iceweb.io/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline' https://www.divers-supply.com/ https://embed.tawk.to https://route-cdn.s3.amazonaws.com/ https://cdnjs.cloudflare.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.route.com https://www.divers-supply.com *.bayengage.com *.acsbapp.com *.targetbay.com *.tawk.to wss://*.tawk.to *.googleapis.com https://www.google-analytics.com *.criteo.com https://geolocation-db.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com ikea.loyalticgame.com teenplanner.ikea.nlcampaigns.nl https://storage.googleapis.com/wallspice-assets/ https://storage.googleapis.com/wallspice-cdn-prod/ *.parcellab.com acdn.adnxs.com api.crobox.com cdn.crobox.io *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com adservice.google.nl *.googlesyndication.com *.pinterest.com s.pinimg.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ d.lemonpi.io www.surveygizmo.eu widgixeu-beacon.s3.amazonaws.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 1
object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; script-src 'self' cc.cdn.civiccomputing.com www.googletagmanager.com www.youtube.com player.vimeo.com www.redditstatic.com connect.facebook.net static.ads-twitter.com analytics.tiktok.com 'unsafe-inline'; style-src 'unsafe-inline' https: 'self'; style-src-attr 'unsafe-inline' 1
default-src * 'unsafe-inline' blob: data: https: wss:; base-uri 'self' *.roadsync.app roadsync.app; form-action 'self' *.roadsync.app roadsync.app; frame-ancestors 'self' *.roadsync.app roadsync.app *.pendo.io pendo.io pendo-io-static.storage.googleapis.com pendo-static-5427702047571968.storage.googleapis.com; frame-src blob: s3.amazonaws.com/legal.roadsync.com/policy/roadsync_checkout_terms_of_service.pdf roadsync.com 'self' *.roadsync.app roadsync.app *.plaid.com plaid.com *.stripe.com stripe.com *.stripe.network js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.usemessages.com *.hubspot.com hubspot.com api.hubapi.com *.hsappstatic.net *.verygoodvault.com *.verygood.systems *.networkmerchants.com *.dwolla.com *.astra.finance *.pendo.io pendo.io pendo-io-static.storage.googleapis.com pendo-static-5427702047571968.storage.googleapis.com static.rainforestpay.com *.youtube.com; object-src s3.amazonaws.com/legal.roadsync.com/policy/roadsync_checkout_terms_of_service.pdf; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.roadsync.app roadsync.app www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com analytics.google.com fonts.gstatic.com *.plaid.com plaid.com *.stripe.com stripe.com *.stripe.network cdn.polyfill.io *.pendo.io pendo.io pendo-io-static.storage.googleapis.com pendo-static-5427702047571968.storage.googleapis.com *.browser-intake-datadoghq.com.io *.browser-intake-datadoghq.com/ browser-intake-datadoghq.com.io *.datadoghq-browser-agent.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.usemessages.com *.hubspot.com hubspot.com api.hubapi.com *.hsappstatic.net *.facebook.net *.facebook.com *.sentry.io *.verygoodvault.com *.verygood.systems *.networkmerchants.com *.dwolla.com split.io *.split.io *.astra.finance *.smartlook.com *.smartlook.cloud unpkg.com *.wootric.com static.rainforestpay.com; worker-src blob: 'self' *.roadsync.app roadsync.app; upgrade-insecure-requests 1
child-src blob:; default-src https:  wss://*.hotjar.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://app.yellowmessenger.com https://cdn.yellowmessenger.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://staging.yellowmessenger.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; frame-src 'self' https://www.google.com; img-src 'self' data: *; manifest-src 'self'; media-src 'self' *; connect-src 'self' https://app.yellowmessenger.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://app.yellowmessenger.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://www.google.com/recaptcha/api.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://64355e43f1e3671a291360c3.endpoint.csper.io/?v=1; worker-src 'none'; 1
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.vans.com.au/ *.adobetm.com *.afterpay.com *.demdex.net *.google-analytics.com *.usehero.com afterpay.com foursixty.com; style-src 'self' https: 'unsafe-inline' https://www.vans.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.usehero.com *.useinsider.com developers.google.com hero-prod-assets.s3-eu-west-1.amazonaws.com hero-service-media-upload-production.s3.eu-west-1.amazonaws.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com *.usehero.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.criteo.com *.demdex.net *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.usehero.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com api.usehero.com bcp.crwdcntrl.net facebook.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com; worker-src 'self' blob: *.accentgra.com *.vans.co.nz *.vans.com.au; 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://trafficscanner.pl https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com/pagead/; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr/ *.dkms.pl wss://trafficscanner.pl https://trafficscanner.pl; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com/tr/ https://trafficscanner.pl https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://www.facebook.com/ https://td.doubleclick.net/; object-src 'none'; form-action 'self' https://www.facebook.com/tr/; 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clearout.io https://www.clearout.io https://api.clearout.io https://embed.lpcontent.net https://www.googletagmanager.com https://ajax.googleapis.com https://tracking.g2crowd.com https://script.tapfiliate.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://linkedin.com/ https://snap.licdn.com/ https://www.google.com https://assets.calendly.com https://www.calendly.com https://wchat.freshchat.com https://www.gstatic.com https://dev.clearout.io https://clearout.io https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://chimpstatic.com https://connect.facebook.net  https://analytics.clearout.io  https://cdn.taboola.com/ https://sc.lfeeder.com/ https://cdnjs.cloudflare.com https://trc.taboola.com https://www.clarity.ms https://clarity.microsoft.com https://web-sdk.smartlook.com https://asset.b3mxnuvcer.com https://y.clarity.ms; style-src 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://wchat.freshchat.com https://dev.clearout.io https://clearout.io https://fonts.googleapis.com https://assets.calendly.com http://clearout.io/; frame-ancestors 'self'; base-uri 'self'; report-uri https://clearout.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: via.tt.se translate.googleapis.com translate.google.com fonts.googleapis.com m1.analytics.sitevision-cloud.se i.ytimg.com gstatic.com www.gstatic.com fonts.gstatic.com kemi.matomo.cloud www.browsealoud.com plus.browsealoud.com plusqa.browsealoud.com v1.mediaflow.com v2.mediaflow.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com stats.mediaflowpro.com m1.analytics.sitevision-cloud.se speech-eu.speechstream.net speech.speechstream.net siteimproveanalytics.com *.siteimproveanalytics.io; frame-ancestors 'none'; frame-src 'self' qna.kemi.se webapps.kemi.se youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com google.com www.google.com html5-player.libsyn.com; report-uri /rest-api/CSP-reports/report 1
frame-ancestors 'self' https://careerkarma.com/ 1
frame-ancestors https://*.salesforce.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.cardesignnews.com https://eme.abacusemedia.com; 1
default-src 'self'; child-src blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://region1.google-analytics.com https://data.caat.org.uk https://s.ytimg.com https://www.youtube.com https://cc.cdn.civiccomputing.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://cse.google.com https://ajax.googleapis.com https://cdn.jsdelivr.net; worker-src blob:; style-src 'self' 'unsafe-inline' https://data.caat.org.uk https://p.typekit.net https://www.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://use.typekit.net; object-src 'none'; frame-src https://cse.google.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://caat.eaction.org.uk; img-src https: data: blob:; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'none'; connect-src 'self' https://data.caat.org.uk https://api.mapbox.com https://events.mapbox.com/ https://apikeys.civiccomputing.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net 1
frame-ancestors https://register.enthuse.com; report-uri /report-csp-violation 1
font-src 'self'; frame-src 'self';frame-ancestors 'self';object-src 'none';base-uri 'self';form-action 'self'; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; connect-src 'self' https://piwik3.glamus.de;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://piwik3.glamus.de; media-src 'self';img-src 'self' data https://piwik3.glamus.de; upgrade-insecure-requests; 1
script-src *.fontawesome.com *.highdegree.io *.mapbox.com *.chablivoy.com *.pirolane.com api.ipify.org *.pricespider.com pghub.io ct.pinterest.com s.pinimg.com *.tiktok.com unpkg.com js.braintreegateway.com www.googleadservices.com lightboxapi.azurewebsites.net *.lightboxcdn.com *.adsrvr.org *.ubembed.com s.ytimg.com www.youtube.com platform-api.sharethis.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com optanon.blob.core.windows.net *.paypalobjects.com *.gstatic.com *.paypal.com *.bazaarvoice.com *.iesnare.com *.ajax.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.com *.bigcommerce.com *.facebook.net *.entrust.net *.getshogun.com *.agkn.com *.addthis.com *.addthisedge.com *.jquery.com *.ravenjs.com *.online-metrix.net *.amazonaws.com *.cloudflare.com *.growsumo.com *.newrelic.com *.nr-data.net *.crazyegg.com *.moatads.com *.cloudfront.net sc-static.net googleads.g.doubleclick.net *.googleapis.com *.tapad.app cdn.segment.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
frame-src 'self' https: *.youtube.com *.pinterest.com *.adsrvr.org *.instagram.com *.facebook.com destinilocators.com *.destinilocators.com *.irxcm.com *.jebbit.com; default-src 'self' https: wss://api.smooch.io/faye; connect-src 'self' https: wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' https: data: *.typography.com *.gstatic.com *.googleapis.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googletagmanager.com destinilocators.com *.destinilocators.com *.pinterest.com *.myfonts.net *.instagram.com *.facebook.net *.convertize.io *.ads-twitter.com *.destinilocators.com *.powerreviews.com *.textline.com; style-src 'self' https: 'unsafe-inline' *.googleapis.com 1
default-src 'none'; script-src 'unsafe-inline' https://plausible.smnz.de; style-src 'unsafe-inline'; base-uri 'self'; connect-src 'unsafe-inline' https://plausible.smnz.de; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; 1
object-src 'self'; frame-src *; font-src 'self' http://djnlel5w494kt.cloudfront.net/fonts/ fonts.gstatic.com; 1
frame-ancestors 'self' laplandhotels.com *.laplandhotels.com; 1
frame-ancestors 'self' https://www.ecophon.com https://www.byggebasen.dk https://admin.byggebasen.dk 1
default-src 'unsafe-inline' 'unsafe-eval' data: *; 1
default-src 'self' http: https: data: google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: code.jquery.com google-analytics.com google.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; img-src 'self' http: https: data: *.gravatar.com; font-src 'self' http: https: data: fonts.googleapis.com themes.googleusercontent.com; block-all-mixed-content 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.premierchristianity.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodontech.de; img-src 'self' https: data: blob: https://mastodontech.de; style-src 'self' https://mastodontech.de 'nonce-Y2VdikVrFjoq1sWwBtylDw=='; media-src 'self' https: data: https://mastodontech.de; frame-src 'self' https:; manifest-src 'self' https://mastodontech.de; form-action 'self'; child-src 'self' blob: https://mastodontech.de; worker-src 'self' blob: https://mastodontech.de; connect-src 'self' data: blob: https://mastodontech.de https://media.mastodontech.de wss://mastodontech.de; script-src 'self' https://mastodontech.de 'wasm-unsafe-eval' 1
frame-ancestors 'self'; upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-a4/r9lSSX2KG9W7dPyzlBA=='; 1
default-src 'self'; child-src bid.g.doubleclick.net www.youtube.com; connect-src 'self' bat.bing.com beacon.digitalwerksautomation.com stats.g.doubleclick.net *.stackadapt.com www.facebook.com *.google-analytics.com use.typekit.net doublethedonation.com *.google.com stats.g.doubleclick.net app.resonaterecordings.com *.clarity.ms fndrsp.net *.fundraiseup.com *.trumba.com *.charitable.one *.dmc.systems; font-src 'self' use.typekit.net data: doublethedonation.com fonts.gstatic.com; form-action 'self' www.facebook.com; frame-src bid.g.doubleclick.net www.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com jobs.jobvite.com indd.adobe.com *.guidedogs.com www.googletagmanager.com indd.adobe.com https://player.resonaterecordings.com open.spotify.com tgbwidget.com clarity.ms admin.charitableautoresources.com http://www.trumba.com http://eventactions.com https://embed-standalone.spotify.com https://embed.podcasts.apple.com; img-src * data:; manifest-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline' p.typekit.net tags.srv.stackadapt.com use.typekit.net doublethedonation.com www.dafdirect.org tags.srv.stackadapt.com; media-src 'self' s3-us-west-1.amazonaws.com; frame-ancestors 'self'; worker-src *; 1
block-all-mixed-content;frame-ancestors none;upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' zapier.com zapier-staging.com *.zapier-staging.com *.zapier.com cdn.zapier.com cdn.zapier-staging.com *.akamaihd.net *.litix.io *.wistia.com *.ingest.sentry.io app.getsentry.com rs.fullstory.com accounts.google.com stats.g.doubleclick.net www.google-analytics.com *.datadoghq.com *.browser-intake-datadoghq.com cdn.cookielaw.org *.onetrust.com *.k8s.zapier.com *.k8s.zapier-staging.com *.split.io zap-guesser-prod.vercel.zapier-deployment.com https://zapier.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: zapier-fonts-production.s3.amazonaws.com fonts.zapier.com; frame-src 'self' zapier.com zapier-staging.com fast.wistia.com fast.wistia.net smartlock.google.com accounts.google.com www.google.com/ www.youtube.com player.vimeo.com https://js.driftt.com dntcl.qualaroo.com; img-src 'self' data: https://* www.google-analytics.com; media-src 'self' blob: data: *.akamaihd.net cdn.zapier.com embed-fastly.wistia.com; script-src 'self' cdn.zapier.com accounts.google.com fast.wistia.com fullstory.com smartlock.google.com www.google-analytics.com tagmanager.google.com www.googletagmanager.com zapier.com blob: https://js.driftt.com 'nonce-YWU4N2YzZjEtY2ZhNS00MmMxLWIzZjYtNDFlMTE1MmQ5Nzdi'; style-src 'self' 'unsafe-inline' cdn.zapier.com fonts.googleapis.com accounts.google.com tagmanager.google.com 1
default-src 'self' 'unsafe-inline' data: nikon.magnet.fsu.edu *.algolia.net api.craftcms.com go.pardot.com maps.googleapis.com geolocation.onetrust.com  www.google-analytics.com googleads.g.doubleclick.net cdn.cookielaw.org downloads.microscope.healthcare.nikon.com *.healthcare.nikon.com d2yjaub2m73j9n.cloudfront.net; img-src 'self' data: cdn.cookielaw.org pluginicons.craft-cdn.com maps.googleapis.com maps.gstatic.com www.google.com downloads.microscope.healthcare.nikon.com www.google-analytics.com; font-src 'self' data: fast.fonts.net d2yjaub2m73j9n.cloudfront.net cdnjs.cloudflare.com cdnjs.cloudflare.net; script-src 'self' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com cdn.jsdelivr.net polyfill.io www.youtube.com ajax.googleapis.com www.gstatic.com www.google.com mktdplp102cdn.azureedge.net maps.googleapis.com b97.yahoo.co.jp go.healthcare.nikon.com use.typekit.net  pi.pardot.com www.googletagmanager.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline' blob: fast.fonts.net www.googleadservices.com cdn.cookielaw.org pages.nikoninst.com pi.pardot.com googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net optanon.blob.core.windows.net fast.fonts.net fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' player.vimeo.com nikon.magnet.fsu.edu js.stripe.com *.nikon.com pages.nikoninst.com bid.g.doubleclick.net; 1
default-src       'self';         frame-ancestors       'self';         style-src       'self'       *.cloudflare.com       *.googleapis.com       *.pinterest.com       'unsafe-inline'       ;         font-src       'self'       *.cloudflare.com       *.googleapis.com       *.gstatic.com       *.pinterest.com       ;         script-src       'self'       'unsafe-inline'       *.cloudflare.com       *.jsdelivr.net       *.smartlook.com       *.smartlook.cloud       static.cloudflareinsights.com       code.highcharts.com       *.createsend.com       *.googletagmanager.com       *.pinimg.com       *.facebook.net       *.google-analytics.com       *.google.com       *.gstatic.com       *.pinterest.com       js.stripe.com       ;         img-src       'self'       data:       *.unsplash.com       *.cloudflare.com       *.unsplash.com       *.goldencarers.com       *.pinterest.com       *.googletagmanager.com       *.pinimg.com       *.facebook.net       *.facebook.com       *.google-analytics.com       *.google.com.au       *.google.com       ;         connect-src       'self'       *.cloudflare.com       *.smartlook.com       *.smartlook.cloud       *.cloudflareinsights.com       *.googletagmanager.com       *.pinimg.com       *.facebook.net       *.facebook.com       *.google-analytics.com       *.pinterest.com 	    *.google.com       *.doubleclick.net       ;         frame-src       'self'       *.cloudflare.com       *.spotify.com       *.googletagmanager.com       *.google.com       *.pinimg.com       *.facebook.net       *.facebook.com       *.google-analytics.com       *.pinterest.com       *.youtube.com       *.goldencarers.com       js.stripe.com       ;         worker-src       'self'       blob: 1
default-src 'self' https://mc.yandex.ru https://ymetrica1.com https://pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' https:; img-src 'self' https://ssl.google-analytics.com https://mc.yandex.ru https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; object-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self' 1
frame-ancestors https://forestpreservewillcounty-cms.ae-admin.com/ https://forestpreservewillcounty.ae-admin.com/ https://www.reconnectwithnature.org/ 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
font-src 'self'; frame-src 'self' https://zaubar-cms-git-feature-mainauproject-zaubar.vercel.app/ https://mainau-anmeldung.newsletter2go.com/ https://79237.hc-apps.de https://79212.online-adventskalender.de; img-src 'self' data: https://icons.clearapis.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://tagmanager.google.com https://www.google.com https://www.google.de https://maps.google.de https://www.googletagmanager.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://tagmanager.google.com https://www.google.com https://www.google.de https://fonts.googleapis.com https://maps.google.de https://www.googletagmanager.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://polyfill.io; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1
frame-ancestors 'self' app.glia.com; 1
default-src 'self' *.netgiro.is; frame-src 'self' *.netgiro.is www.youtube.com www.google.com vercel.live www.google.is; style-src 'self' cookiehub.net *.cookiehub.com cdn.cookiehub.eu 'unsafe-inline'; script-src-elem 'self' apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ static.zdassets.com www.google.com cookiehub.net cdn.cookiehub.eu www.google-analytics.com www.googletagmanager.com www.youtube.com 'sha256-u70rfW+RZdFa6mHvAanA4lljHYAVQOthvP/gLR7ToS8=' 'sha256-fvQlyIP61Od+v5k5dEEdAf/hGh1jeuvRYqbNh1k87so=' https://events.eu1.segmentapis.com cdn.segment.com vercel.live connect.facebook.net 'sha256-ITM4eG32QRlY+0N8RkN/Jm4ccHslHRAf9g4OZDqJrLw=' 'sha256-ehBKGBBVVRSbNPK8P/44ZO06TX+lMH5lRRqs/BDMrvE=' 'sha256-k2Hn0iGmr4WDHLtTDDfc0CeYrcRnnuclfjPki8Ukzg8=' https://cdn.cookiehub.eu/c2/5095d4cf.js region1.google-analytics.com; script-src 'self' ; connect-src 'self' *.netgiro.is prod-232.westeurope.logic.azure.com www.google.com netgiro.zendesk.com kvikahelp.zendesk.com ekr.zdassets.com stats.g.doubleclick.net wss://widget-mediator.zopim.com googleads.g.doubleclick.net pagead2.googlesyndication.com consent.cookiehub.net www.google-analytics.com region1.analytics.google.com region1.google-analytics.com cdn.segment.com ds.cookiehub.net consent.cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net api.segment.io in.eu2.segmentapis.com vercel.live https://events.eu1.segmentapis.com *.prismic.io; img-src 'self' images.prismic.io www.google-analytics.com www.google.com www.google.is kvikahelp.zendesk.com www.googletagmanager.com www.facebook.com googletagmanager.com; media-src 'self' static.zdassets.com *.prismic.io; 1
default-src 'self' data: 'unsafe-inline' syndication.twitter.com www.google.com qualitysetu.qcin.org www.facebook.com; script-src 'self' 'unsafe-inline' stage.qcin.org www.google.com www.gstatic.com connect.facebook.net; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src * data: 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: 'self' https://cdn-cookieyes.com https://*.equally.ai/flags/ https://*.gstatic.com https://*.googleapis.com w3.org/svg/2000 1
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; form-action https://mailer.nautile.tech; child-src 'none'; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: i.ytimg.com; media-src 'self' blob:; connect-src 'self' https://mailer.nautile.tech https://nautile-anniversaire.lecode.workers.dev https://nautile-anniversaire-production.lecode.workers.dev; frame-src 'self' www.youtube-nocookie.com www.youtube.com; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
frame-ancestors 'self' http://sentryonlinetraining.com http://natlonlinetraining.com http://aironlinetraining.com http://assuredpartnersonlinetraining.com http://cfinsonlinetraining.com http://hatchagencyonlinetraining.com http://hubinternationalonlinetraining.com http://prlonlinetraining.com http://fniconlinetraining.com http://cottinghambutleronlinetraining.com http://nationwideonlinetraining.com https://portal.tenstreet.com https://www.portal.tenstreet.com https://allinsureonlinetraining.com https://funduwonlinetraining.com https://bflonlinetraining.com https://economicalonlinetraining.com https://cowanonlinetraining.com https://assets.partners.carriersedge.com https://pulse.tenstreet.com https://kunkelonlinetraining.com https://www.pulse.tenstreet.com https://dashboard.tenstreet.com  https://www.dashboard.tenstreet.com http://otalearningsolutions.com http://www.otalearningsolutions.com/ http://otalearningsolutions.ca http://www.otalearningsolutions.ca/ http://pmtcacademy.ca http://www.pmtcacademy.ca/ http://pmtcacademy.com http://www.pmtcacademy.com/ http://aptaonlinetraining.com http://www.aptaonlinetraining.com/ http://bctaonlinetraining.com http://www.bctaonlinetraining.com/ http://mtaonlinetraining.com http://www.mtaonlinetraining.com/ http://dotrgonlinetraining.com http://www.dotrgonlinetraining.com/ http://dotrgdrivertraining.com http://www.dotrgdrivertraining.com/ http://sentry.carriersedge.com http://www.sentry.carriersedge.com/ http://kunkel.carriersedge.com http://www.kunkel.carriersedge.com/ http://saskcompliancetraining.com http://www.saskcompliancetraining.com/ http://bfl.carriersedge.com http://www.bfl.carriersedge.com/ http://cb.carriersedge.com http://www.cb.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://www.cowan.carriersedge.com/ http://cowan.carriersedge.com http://economical.carriersedge.com http://www.economical.carriersedge.com/ http://www.bctaonlinetraining.com http://otaelearningsolutions.com http://www.otaelearningsolutions.com http://natl.carriersedge.com http://fnic.carriersedge.com http://nationwide.carriersedge.com http://allinsure.carriersedge.com  http://chubb.carriersedge.com http://chubb-us.carriersedge.com https://fleetowner.com http://www.fleetowner.com http://ccjdigital.com https://ccjdigital.com http://fleetowner.com https://fleetowner.com http://ttnews.com https://ttnews.com http://trucknews.com https://trucknews.com http://www.ccjdigital.com https://www.ccjdigital.com http://www.fleetowner.com https://www.fleetowner.com http://www.ttnews.com https://www.ttnews.com http://www.trucknews.com https://www.trucknews.comhttp://tam.carriersedge.com http://radionemo.com http://www.radionemo.com https://radionemo.com https://egr.carriersedge.com https://egr-fr.carriersedge.com https://www.radionemo.com https://intact.carriersedge.com http://funduw.carriersedge.com https://funduw.carriersedge.com https://intact-fr.carriersedge.com https://trucknews.com https://advisor.ca https://ap.carriersedge.com https://prl.carriersedge.com https://hub.carriersedge.com https://cfins.carriersedge.com https://hatchagency.carriersedge.com https://air.carriersedge.com 1
default-src 'self'; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://*.w.org https://www.nlr.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://eu2.snoobi.eu https://eu2.snoobi.eu https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://yoast.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:              https://*.hotjar.io              https://*.hotjar.com              wss://*.hotjar.com              https://*.youtube.com              https://*.youtube-nocookie.com              https://*.ytimg.com              https://*.facebook.net              https://*.facebook.com              https://*.google.com              https://*.google.nl              https://*.google-analytics.com              https://*.googleadservices.com              https://tagmanager.google.com              https://www.googletagmanager.com              https://i.vimeocdn.com              https://player.vimeo.com              https://*.vimeo.com              https://fonts.googleapis.com              https://maps.gstatic.com              https://fonts.gstatic.com              https://maps.googleapis.com              https://code.jquery.com              https://use.typekit.net https://unpkg.com https://cdnjs.cloudflare.com;              frame-src 'self'               https://*.local              https://*.botest.nl              https://*.basicorange.nl              https://*.netwerkdigitaalerfgoed.nl              https://vars.hotjar.com       https://*.soundcloud.com       https://*.youtube.com              https://*.youtube-nocookie.com              https://player.vimeo.com              https://*.vimeo.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-eluF4M8Oto/zxO82T0ngFEe3';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js; child-src https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com; media-src 'none'; style-src 'self' 'unsafe-inline' data: https://tagmanager.google.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' rainbow-web.com google.com google.de googleapis.com gstatic.com googletagmanager.com google-analytics.com doubleclick.net hosttest.de webwiki.de trustpilot.com shopauskunft.de digistore24.com digistore24-app.com checkout-ds24.com ds24.com cleverreach.com expeero.com *.rainbow-web.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hosttest.de *.webwiki.de *.trustpilot.com *.shopauskunft.de *.digistore24.com *.digistore24-app.com *.checkout-ds24.com *.ds24.com *.cleverreach.com *.expeero.com; img-src 'self' rainbow-web.com google.com google.de googleapis.com gstatic.com googletagmanager.com google-analytics.com doubleclick.net hosttest.de webwiki.de trustpilot.com shopauskunft.de digistore24.com digistore24-app.com checkout-ds24.com ds24.com cleverreach.com cloudfront.net expeero.com *.rainbow-web.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hosttest.de *.webwiki.de *.trustpilot.com *.shopauskunft.de *.digistore24.com *.digistore24-app.com *.checkout-ds24.com *.ds24.com *.cleverreach.com *.cloudfront.net *.expeero.com data:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com; connect-src https: 'self';object-src 'none'; report-uri /csp_report; 1
default-src * https:; frame-ancestors 'self'; img-src * data:; font-src * data:; style-src * 'unsafe-inline'; script-src 'self' https://*.jquery.com https://*.bootstrapcdn.com https://*.wp.com https://debugme.eu https://*.facebook.com *.fbcdn.net https://*.twitter.com https://*.youtube.com  *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://*.youtube.com *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; media-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data:; img-src https: data:; 1
frame-ancestors 'self' lulop.com *.lulop.com https://www.bosch-press.it https://media.jaguar.com https://media.landrover.com https://media.jaguarlandrover.com https://stg-media-jaguar.jlrms.com https://stg-media-landrover.jlrms.com https://stg-media-jaguarlandrover.jlrms.com https://stg-media-jaguarracing.jlrms.com; 1
default-src 'none'; font-src 'self' *.gstatic.com *.tiny.cloud; frame-src 'self' *.youtube.com *.google.com *.vimeo.com vimeo.com staticcdn.co.nz; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.tiny.cloud; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: google.com gstatic.com *.google-analytics.com *.googleapis.com ajax.googleapis.com *.googletagmanager.com cdn.tiny.cloud www.civildefence.govt.nz civildefence.govt.nz staticcdn.co.nz; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.tiny.cloud staticcdn.co.nz; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com placehold.it *.tiny.cloud *.tinymce.com *.googletagmanager.com *.placeholder.com shielded.co.nz *.google.com *.google.co.nz; 1
default-src 'none';
 connect-src 'self' https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com/ https://www.google-analytics.com https://mc.yandex.ru/ https://analytics.tiktok.com/ https://armrbk.kazincombank.kz:30500/ https://backend.bankrbk.kz/ https://mc.yandex.ru/clmap/62000707 https://mc.yandex.ru/watch/62000707 https://mc.yandex.ru/webvisor/62000707 https://sentry.ibecsystems.kz/api/41/store/ https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/j/collect;
 frame-src 'self' https://payment.processinggmbh.ch https://www.google.com https://www.youtube.com https://3ds.bankrbk.kz:8443/ https://3dsecure2.halykbank.kz/ https://3ds.kaspi.kz/;
 img-src 'self' data: https://www.google-analytics.com/ https://backend-test.bankrbk.kz https://api-maps.yandex.ru https://backend.bankrbk.kz https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru https://www.facebook.com https://www.google.com https://www.google.kz;
 media-src 'self' https://backend.bankrbk.kz;
 script-src 'self' 'unsafe-inline' https://analytics.tiktok.com https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru/ https://www.googletagmanager.com/ https://yastatic.net/;
 font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com;
 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
default-src u-he.com *.u-he.com *.google-analytics.com; base-uri 'self'; font-src 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.typekit.net *.webtype.com *.typenetwork.com; frame-src 'self' *.itunes.apple.com *.twitter.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.itunes.apple.com *.kvraudio.com *.twimg.com *.twitter.com *.typekit.net u-he.com *.u-he.com *.webtype.com *.youtube.com; media-src 'self' uhe-media.b-cdn.net https://*; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.doubleclick.net *.feedrapp.info *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.typekit.net *.twimg.com *.twitter.com *.yahooapis.com *.youtube.com https://sedoparking.com/frmpark/u-he.com/IONOSParkingDE/park.js; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.typekit.net *.twitter.com *.twimg.com *.webtype.com *.youtube.com *.typenetwork.com; form-action 'self' *.twitter.com; frame-ancestors * 1
default-src 'self' *.nmcdn.io; script-src 'unsafe-inline' 'self' *.nmcdn.io https://api.mapbox.com https://*.dwcdn.net https://widget-mediator.zopim.com https://*.zdassets.com https://*.zendesk.com https://www.youtube.com https://www.google.com 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com blob:; style-src 'unsafe-inline' 'self' *.nmcdn.io https://api.mapbox.com https://*.dwcdn.net https://www.youtube.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.nmcdn.io https://api.mapbox.com https://*.dwcdn.net https://*.zopim.io https://img.youtube.com https://www.youtube.com https://i.ytimg.com *.ggpht.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com data:; font-src 'self' *.nmcdn.io https://*.dwcdn.net https://fonts.gstatic.com data:; connect-src 'self' *.nmcdn.io https://api.mapbox.com https://events.mapbox.com https://*.zdassets.com https://*.my.sentry.io https://*.zendesk.com wss://widget-mediator.zopim.com *.googleapis.com https://www.youtube.com https://play.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' *.nmcdn.io https://static.zdassets.com; object-src 'none'; frame-src 'self' *.nmcdn.io https://*.dwcdn.net https://youtube.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' autostels.ru *.autostels.ru 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.yandex.ru *.yandex.net *.googletagmanager.com data: fonts.gstatic.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://pay.google.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.it https://m.zavvi.it https://checkout.zavvi.it https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';connect-src 'self' studiekeuze123nl.prismic.io *.google-analytics.com *.hotjar.io *.hotjar.com connect.facebook.net wm-backend-prod-dot-watermelonmessenger.appspot.com o970210.ingest.sentry.io/api/5930145/envelope/;default-src 'self';font-src data: fonts.gstatic.com use.fontawesome.com script.hotjar.com;form-action 'self' ymlp.com;img-src 'self' * data: https: *.google-analytics.com *.googletagmanager.com optimize.google.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' prismic.io static.cdn.prismic.io fonts.googleapis.com *.googleanalytics.com *.google-analytics.com *.googletagmanager.com googleoptimize.com optimize.google.com *.ytimg.com *.youtube.com *.hotjar.com *.adroll.com *.adroll.mgr.consensu.org connect.facebook.net public.tableau.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com player.tmrrw.nl o970210.ingest.sentry.io/api/5930145/envelope/;style-src 'self' 'unsafe-inline' fonts.googleapis.com optimize.google.com use.fontawesome.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com;worker-src 'self' blob:;frame-src studiekeuze123nl.prismic.io datastudio.google.com lookerstudio.google.com optimize.google.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com public.tableau.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com player.tmrrw.nl;report-uri o970210.ingest.sentry.io/api/5930145/envelope/ 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com cdn.jsdelivr.net www.googletagmanager.com fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://fonts.googleapis.com/; object-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; worker-src 'self' 'unsafe-inline' www.its.cz; frame-src 'self' www.youtube.com 1
default-src 'self' https://*.paypal.com https://*.paypalcorp.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.paypalobjects.com https://*.paypal.com https://*.doubleclick.net https://*.google-analytics.com https://*.qualtrics.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypalobjects.com; media-src 'self' https://*.paypalobjects.com https://*.paypal.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com https://*.qualtrics.com 1
default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads 1
frame-ancestors https://trscms.us.aegon.com/ https://trs-cms.us.aegon.com; 1
frame-ancestors 'self' http://*.vogue-eyewear.com https://*.vogue-eyewear.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.william-angel.com; 1
img-src 'self' *.azurewebsites.net *.wpengine.com *.peterpiperpizza.com *.azureedge.net *.typekit.net *.gstatic.com *.googleapis.com data: *.adnxs.com *.google-analytics.com *.google.co.in *.google.com *.facebook.com *.adroll.com *.ktxlytics.io *.windows.net *.juicer.io *.turn.com *.cecentertainment.net *.nextdoor.com *.googletagmanager.com *.w.org *.rdcdn.com 1
default-src https://www.schneider-electric.cn/-CmuHnms459_g5PpA4Yqi0g0/3Jw9f8SXVtuD/XltxfHBKBA/R0oBRjcd/DQw  http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 1
frame-ancestors 'self' https://*.stevensbikes.de; 1
script-src http: https: https://guardian.com.my  'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://v2assets.zopim.io wss://*.zopim.com *.emarsys.net *.scarabresearch.com; style-src 'self' blob: https: 'unsafe-inline' https://guardian.com.my; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src data: 'self' fonts.gstatic.com  dsf-cdn.loreal.io; frame-src *.emarsys.net *.scarabresearch.com *.facebook.com *.google.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.guardianmy.me play.guardian.com.my dsf-cdn-staging.loreal.io 6493187.fls.doubleclick.net; 1
frame-ancestors *.gigya.com; report-uri /report-csp-violation 1
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 1
default-src 'self' https://spring-api.interflora.com.au *.adyen.com *.paypal.com maps.googleapis.com https://www.google-analytics.com *.clarity.ms https://analytics.google.com https://stats.g.doubleclick.net *.klaviyo.com fonts.googleapis.com; script-src 'self' 'nonce-NTA0MjE2NTEtN2E3OC00ZWI3LTgyOTAtMzAwOTRjYTRlNzFm' 'strict-dynamic' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https://media.graphassets.com *.adyen.com https://cdnjs.cloudflare.com https://www.paypalobjects.com https://www.facebook.com *.clarity.ms *.bing.com blob: data:; font-src 'self' *.klaviyo.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com *.adyen.com *.klaviyo.com; frame-ancestors *.commercetools.com https://*.dbxp.app; block-all-mixed-content; upgrade-insecure-requests; media-src 'self' https://media.graphassets.com; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-sYT8Z8AtpREVhTakRB6Ivw=='; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com *.comm100.com unpkg.com *.form.io *.youtube.com *.recollect.net *.twitter.com *.niagararegion.ca maps.niagararegion.ca *.ytimg.com *.syndication.twimg.com *.surveygizmo.com *.googletagmanager.com *.createsend1.com *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.siteimprove.com translate.googleapis.com niagaraopendata.ca; object-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-72f064d3624db21c678027475c603b4b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src * 'self' 'unsafe-inline'; img-src * 'self' data: https: https://*.qualtrics.com; script-src 'self' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://developers.google.com https://www.googleadservices.com https://cdn.optimizely.com https://www.youtube.com https://platform.linkedin.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://js.adsrvr.org https://rum-static.pingdom.net https://googleads.g.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://jobadder.com https://apps.jobadder.com https://s.ytimg.com https://calculators.infochoice.com.au https://www.linkedin.com https://tagmanager.google.com https://*.addthis.com https://*.addthisedge.com https://use.typekit.net https://calculators.gbst.com https://*.trustpilot.com https://*.emudesign.com.au https://*.gobookings.com https://*.quantserve.com https://*.quantcount.com https://*.yimg.com https://www.googleoptimize.com https://optimize.google.com https://www.googleanalytics.com https://*.qualtrics.com data: 'unsafe-inline' 'unsafe-eval'; connect-src * https://*.qualtrics.com; upgrade-insecure-requests; 1
default-src 'self';connect-src 'self' *.acsbapp.com acsbapp.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.io hotjar.io *.onetrust.com onetrust.com *.oribi.io oribi.io *.trustindex.io trustindex.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn-cookieyes.com https://px.ads.linkedin.com/wa/ maps.googleapis.com;font-src 'self' *.trustindex.io trustindex.io data: fonts.gstatic.com;frame-src 'self' *.amazonaws.com amazonaws.com *.careerplug.com careerplug.com *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.vimeo.com vimeo.com *.youtube.com youtube.com www.google.com;img-src 'self' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.analytics.google.com analytics.google.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.googleusercontent.com googleusercontent.com *.gravatar.com gravatar.com *.gstatic.com gstatic.com *.linkedin.com linkedin.com *.thelearningexperience.com thelearningexperience.com *.trustindex.io trustindex.io *.ytimg.com ytimg.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: maps.googleapis.com pixel.wp.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.google.com google.com *.googleadservices.com googleadservices.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.com hotjar.com *.licdn.com licdn.com *.segment.com segment.com *.tctm.co tctm.co *.trustindex.io trustindex.io *.winnie.com winnie.com data: maps.googleapis.com static.smartrecruiters.com stats.wp.com www.gstatic.com www.smartrecruiters.com;style-src 'self' 'unsafe-inline' *.trustindex.io trustindex.io fonts.googleapis.com static.smartrecruiters.com tagmanager.google.com;media-src 'self' *.amazonaws.com amazonaws.com; report-to csp-endpoint 1
frame-ancestors https://*.envoituresimone.com http://localhost:* ionic://localhost *.kameleoon.com *.kameleoon.eu *.kameleoon.io 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' *.brasilseg.com.br content.hotjar.io *.hotjar.io wsp30.hotjar.com *.hotjar.com stats.g.doubleclick.net doubleclick.net *.doubleclick.net *.s3.amazonaws.com *.amazonaws.com brasilseg-prd-bbseg-portal-assets.s3.sa-east-1.amazonaws.com *.googleusercontent.com *.espressolw.com *.googletagmanager.com googletagmanager.com *.google.com.br google.com.br *.google.com google.com *.google-analytics.com google-analytics.com unpkg.com *.unpkg.com *.facebook.net connect.facebook.net facebook.com *.facebook.com *.cdn.plyr.io *.open.spotify.com *.googleoptimize.com noembed.com *.noembed.com youtube.com *.youtube.com cdn.plyr.io *.plyr.io *.open.spotifycdn.com *.spotifycdn.com *.spotify.com *.bbseg-hml.router4me.com *.bbseg.router4me.com *.bbseguros.com.br data: wss:; font-src *; 1
default-src 'self'; script-src 'self' siteimproveanalytics.com 'unsafe-inline'; img-src data: 'self' *.siteimproveanalytics.io; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' *;script-src 'unsafe-inline';script-src-elem 'unsafe-inline' *; 1
*.coupa.com *.ariba.com *.sciquest.com *.tradecentric.com *tradecentric.com *.punchout2go.com https://portal.tradecentric.com https://portal.tradecentric.com https://stage-portal.tradecentric.com https://dev-portal.tradecentric.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content:; media-src * blob: data:; worker-src 'self' blob:; img-src * blob: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://claims.eurowings-discover.com https://claims.discover-airlines.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; font-src 'self' data:; connect-src 'self' youtube.com www.youtube.com *.google-analytics.com; frame-src 'self' *.doubleclick.net youtube.com www.youtube.com claims.eurowings-discover.com claims.discover-airlines.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: content: https: *.googleapis.com; connect-src * data: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-is4nQmDWTbinHWvlo0aTqktMxDbXlMr/tUlGf0scDvWmDAUJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.hu https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://www.google.hu https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.hu https://m.myprotein.hu https://checkout.myprotein.hu https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://www.google.hu https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://de8of677fyt0b.cloudfront.net https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://plugins.help.com https://maxcdn.bootstrapcdn.com https://secure.comodo.net https://www.trustlogo.com https://secure.comodo.com https://cdn.optimizely.com https://www.google.com https://www.gstatic.com ; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://sectigo.com https://col.eum-appdynamics.com https://secure.comodo.com https://www.google-analytics.com https://www.trustlogo.com ; frame-src 'self' https://cert-manager.com https://plugins.help.com https://vars.hotjar.com https://www.trustlogo.com https://secure.comodo.net https://secure.comodo.com https://www.youtube.com https://www.google.com ; object-src 'self' https://secure.comodo.net https://secure.comodo.com https://www.youtube.com ; connect-src 'self' https://hard.cert-manager.com https://insights.hotjar.com ; report-uri https://cspreports.sectigo.com 1
default-src usim.beprod.us.kisqali.com 'self'; style-src usim.beprod.us.kisqali.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' *.doctor.com; script-src usim.beprod.us.kisqali.com unpkg.com kaltura.com *.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.facebook.net medtargetsystem.com *.medtargetsystem.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doctor.com *.healthgrades.com *.googleapis.com *.pmsrv.co cdn.evgnet.com maps.googleapis.com t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com; child-src blob:; worker-src blob:; object-src 'none'; font-src fonts.gstatic.com *.kaltura.com 'self' data: application: *.doctor.com; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com contextweb.com *.contextweb.com medtargetsystem.com *.medtargetsystem.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' *.doctor.com *.healthgrades.com maps.googleapis.com; connect-src usim.beprod.us.kisqali.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.consumerism.pressganey.com *.doctor.com *.healthgrades.com *.googleapis.com *.tealiumiq.com *.tiqcdn.com maps.googleapis.com cloudflareinsights.com; media-src usim.beprod.us.kisqali.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.us.kisqali.com 'self' 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://elasticpress.zendesk.com https://*.zopim.com https://res.cloudinary.com wss://elasticpress.zendesk.com wss://*.zopim.com data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com; connect-src 'self' data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://elasticpress.zendesk.com https://ekr.zdassets.com https://performance.typekit.net https://yoast.com https://p1.parsely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://static.zdassets.com https://ajax.googleapis.com/ https://js.stripe.com/ https://analytics.twitter.com https://static.ads-twitter.com https://cdnjs.cloudflare.com https://use.typekit.net https://www.youtube.com https://player.vimeo.com https://cdn.parsely.com https://*.googletagmanager.com https://*.google-analytics.com; img-src 'self' https://ps.w.org/ https://www.paypalobjects.com/ https://res.cloudinary.com/ https://v2assets.zopim.io https://static.zdassets.com data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://p.typekit.net https://lh3.googleusercontent.com/ https://t.co https://secure.gravatar.com https://platform.twitter.com https://analytics.twitter.com https://p1.parsely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://www.gstatic.com/ https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com/tfw/css/ https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://www.10up.com https://10up.com https://revenueaccelerator.10up.com https://elasticpress.io https://www.elasticpress.io https://tenup.teamwork.com https://use.typekit.net https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://js.stripe.com https://tenup.teamwork.com https://www.youtube.com https://youtube.com https://player.vimeo.com https://platform.twitter.com https://www.instagram.com https://fast.wistia.net https://ssl.google-analytics.com https://connect.facebook.net https://www.facebook.com https://s-static.ak.facebook.com; object-src 'self' 1
frame-ancestors 'self' library-tools.org meritpages.com 1
default-src 'self' 'unsafe-inline' blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.optimizely.com https://*.segment.com https://*.segment.io https://vimeo.com https://player.vimeo.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.amplitude.com https://sentry.io https://*.sentry.io https://*.mapbox.com https://*.inspectlet.com http://api.amplitude.com https://js.stripe.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://hipaa.jotform.com https://*.hotjar.com https://production-capsule-assets.s3.amazonaws.com https://*.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.logrocket.io/ https://*.logrocket.com/ https://*.lr-ingest.io/ https://*.lr-in.com/ https://*.lr-in-prod.com/ https://app.link https://www.googleadservices.com https://*.optimizely.com https://*.segment.com https://cdn.amplitude.com https://player.vimeo.com https://assets.customer.io https://www.google-analytics.com https://*.inspectlet.com https://*.ns8ds.com http://api.amplitude.com https://js.stripe.com https://*.google.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://*.cloudfront.net https://trc.lhmos.com https://*.adnxs.com https://*.hotjar.com https://*.gstatic.com; img-src 'self' data: blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.outbrain.com https://*.ns8ds.com https://hn.inspectlet.com https://*.google.com https://*.customer.io https://s3.amazonaws.com https://*.branch.io https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://lh3.googleusercontent.com https://trc.lhmos.com https://*.adnxs.com https://*.hotjar.com file-storage-service-production.s3.amazonaws.com consumer-apps-public-assets-production.s3.amazonaws.com; connect-src 'self' wss: ws: blob: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://*.logrocket.io/ https://*.logrocket.com/ https://*.lr-ingest.io/ https://*.lr-in.com/ https://*.lr-in-prod.com/ https://*.segment.io https://*.segment.com https://api.amplitude.com https://sentry.io https://*.sentry.io https://*.optimizely.com https://*.branch.io https://vimeo.com https://*.mapbox.com http://*.amplitude.com http://*.inspectlet.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com https://*.cloudfront.net https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.hotjar.com https://*.hotjar.io https://file-storage-service-insecure-production.s3.amazonaws.com; font-src 'self' data: https://*.vercel.com/ https://*.vercel.live/ https://*.vercel.app/ https://*.vercel-insights.com/ https://fonts.gstatic.com https://*.hotjar.com https://*.capsule.com https://*.capsulecares.com https://*.capsulerx.com; frame-ancestors 'none'; 1
sandbox, script-src 'none'; 1
connect-src * ws:; img-src 'self' 'unsafe-inline' data: cdn.shopify.com cdn2.shopify.com cdn-images-1.medium.com medium.com images.contentful.com images.ctfassets.net www.nova.is *.google-analytics.com www.google.com www.google.is www.facebook.com stats.g.doubleclick.net *.gstatic.com http://kort.samsyn.is https://www.sitewatch.is eu2.siteimprove.com *.global.siteimproveanalytics.io *.cloudfront.net bat.bing.com support.nova.is v2assets.zopim.io mpi.borgun.is novadesk.zendesk.com server.seadform.net; font-src 'self' fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self' blob: videos.contentful.com videos.ctfassets.net support.nova.is; manifest-src 'self'; script-src 'self' 'nonce-28d1aa26-3c7c-4cef-9385-8826731b860d' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.google-analytics.com www.googletagmanager.com connect.facebook.net tagmanager.google.com *.google.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://kort.samsyn.is api.autopilothq.com cdn.embedly.com static.zdassets.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com blob: kort.samsyn.is hello.myfonts.net cdn.embedly.com mpi.borgun.is 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: ws: blob: *.analytics.google.com *.azure.com *.facebook.com *.fontawesome.com *.freshworks.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hs-scripts.com *.hscollectedforms.net *.hubspot.com *.ingest.sentry.io *.liftshare.com *.mobilityways.co.uk *.mobilityways.com *.sentry.io *.testing12.com *.usemessages.com *.visualstudio.com cdn.jsdelivr.net connect.facebook.net google.com ip2c.org liftshare.blob.core.windows.net liftsharesupport.freshdesk.com platform.twitter.com polyfill.io sentry.io static.hsappstatic.net www.google.com/favicon.ico; frame-src www.facebook.com platform.twitter.com myptp.co *.hotjar.com *.hubspot.com www.youtube.com *.mobilityways.co.uk *.mobilityways.com; img-src * data: blob:; report-uri https://sentry.io/api/1496386/security/?sentry_key=d80d261dd79d42e8a1a559924da6e928 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' backend.skoda-scholaris.com d2p6e6u75xmxt8.cloudfront.net skoda-welovecycling.s3.amazonaws.com *.cdninstagram.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.cz *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlevideo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.mailchimp.com *.doubleclick.net *.gomexlive.com *.hotjar.com *.googleadservices.com *.googleapis.com cdnjs.cloudflare.com www.googletagmanager.com static.hotjar.com *.twitter.com twitter.com *.twimg.com www.instagram.com *.instagram.com *.ads-twitter.com *.spotify.com *.strava.com strava-embeds.com *.pohu.hu *.synerise.com *.snrcdn.net *.snrbox.com *.msecnd.net *.office.com *.office.net *.scdn.co *.skoda.pl *.skoda-auto.sk *.sentry.io *.ggpht.com *.cookies.skoda-auto.com geolocation.onetrust.com sdrive.skoda-auto.com slevove-kody-welovecycling.com *.soundcloud.com *.apple.com open.scdn.co embed.acast.com cross.skoda-auto.com europe-west3-skoda-gtm-sync-server.cloudfunctions.net *.onetrust.com *.ys-beta.cz *.skoda-scholaris.com pic2go.com *.pic2go.com *.surveymonkey.com watcher-main-qi2yta3k2a-ez.a.run.app redirection-server-qi2yta3k2a-ez.a.run.app cdn.cookielaw.org *.cookiehub.net cookiehub.net *.cookiehub.com cookiehub.com speedcurve.com *.speedcurve.com; img-src data: * blob: ; media-src *; font-src 'self' 'unsafe-inline' data: https://d2p6e6u75xmxt8.cloudfront.net https://skoda-welovecycling.s3.amazonaws.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend.skoda-scholaris.com http://www.welovecycling.com https://www.welovecycling.com https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net *.a.run.app *.skoda-auto.com cdn.cookielaw.org speedcurve.com *.speedcurve.com *.googlesyndication.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss:; img-src * data:; 1
default-src 'self' *.visualstudio.com *.msecnd.net *.sharethis.com *.google.com *.google.com.au *.gstatic.com *.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.soundcloud.com *.unisuper.com.au data: 'self' connect.facebook.net www.facebook.com secure.quantserve.com rules.quantcount.com pixel.quantserve.com col.eum-appdynamics.com syd-col.eum-appdynamics.com https://px.ads.linkedin.com https://px4.ads.linkedin.com ;connect-src 'self' *.unisuper.com.au *.visualstudio.com *.google-analytics.com *.doubleclick.net col.eum-appdynamics.com syd-col.eum-appdynamics.com https://api.mypurecloud.com.au https://apps.mypurecloud.com https://apps.mypurecloud.com.au https://dhqbrvplips7x.cloudfront.net/ https://cdn.linkedin.oribi.io analytics.google.com finder.com.au t.finder.com  wss:;frame-src *.vimeo.com *.vimeocdn.com *.soundcloud.com *.google.com *.google.com.au *.gstatic.com *.infochoice.com.au chat.unisuper.com.au *.doubleclick.net https://api.mypurecloud.com.au https://apps.mypurecloud.com https://apps.mypurecloud.com.au https://dhqbrvplips7x.cloudfront.net/ ;object-src data: 'unsafe-eval' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.msecnd.net *.sharethis.com *.google.com *.google.com.au *.gstatic.com *.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.soundcloud.com *.infochoice.com.au *.feedbackify.com data: 'self' data: 'self' *.unisuper.com.au connect.facebook.net www.facebook.com secure.quantserve.com rules.quantcount.com pixel.quantserve.com cdn.appdynamics.com https://api.mypurecloud.com.au https://apps.mypurecloud.com https://apps.mypurecloud.com.au https://dhqbrvplips7x.cloudfront.net/ https://snap.licdn.com finder.com.au t.finder.com  ;style-src 'self' 'unsafe-inline' *.visualstudio.com *.msecnd.net *.sharethis.com *.google.com *.google.com.au *.gstatic.com *.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.vimeo.com *.vimeocdn.com *.soundcloud.com *.unisuper.com.au fonts.gstatic.com fonts.googleapis.com https://api.mypurecloud.com.au https://apps.mypurecloud.com https://apps.mypurecloud.com.au https://dhqbrvplips7x.cloudfront.net/ ; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://babiel.jobbase.io https://babiel.onlyfy.jobs https://*.usercentrics.eu https://www.instagram.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' data: https://www.google-analytics.com https://*.usercentrics.eu; frame-src 'self' https://babiel.jobbase.io https://babiel.onlyfy.jobs https://www.youtube-nocookie.com https://www.instagram.com; connect-src 'self' https://www.google-analytics.com https://*.usercentrics.eu 1
img-src 'self' data: tracker.metricool.com *.gravatar.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; font-src * data: about:; worker-src * blob:; media-src * data: blob: 1
frame-ancestors https://myreid.mobile.reidhealth.org https://myreiddev.mobile.reidhealth.org https://mychart-np.et1220.epichosted.com https://google.com https://my.matterport.com 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.quora.com *.doubleclick.com *.woopra.com *.jsdelivr.net *.g2crowd.com *.subscribers.com script.tapfiliate.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.licdn.com *.zdassets.com *.zopim.com scripts.iconnode.com *.bing.com *.clarity.ms *.picreel.com *.pcrl.co infinity-public-js.500apps.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:// ap1-infinity-user-data.s3.amazonaws.com *.clarity.ms *.google.com *.google.co.in *.bing.com *.googletagmanager.com *.google-analytics.com *.quora.com *.g2crowd.com *.linkedin.com; font-src 'self'; connect-src 'self' *.scanova.io *.woopra.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.zdassets.com scanova.zendesk.com *.g2crowd.com *.subscribers.com *.zopim.com wss://widget-mediator.zopim.com *.iconnode.com frstre.com *.linkedin.oribi.io *.google.com *.google.co.in; frame-src *.google.com *.youtube.com; base-uri 'self'; frame-ancestors 'self'; 1
object-src 'none'; manifest-src 'self'; frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'sha256-xZT4QgHECLfE0jlh63xgqi9PCTdAN/80U4g0/Sy0uPY=' 'sha256-fynwwNeatXCacHQ6swcxEezVAL4vYjU1A7aWVSTlQ+Q=' 'sha256-3Ey30PJkNcf9LrK7CIqrujoq79a+uJqKgYsaBDj15Eo=' polyfill.io kit.fontawesome.com *.zdassets.com xumm.zendesk.com support.xumm.app remotejs.com plausible.io; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com use.fontawesome.com kit-pro.fontawesome.com kit-free.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net xumm.app; connect-src 'self' wss://xumm.app wss://custom-node.xrpl-labs.com xumm.app ka-f.fontawesome.com api.rss2json.com ka-p.fontawesome.com *.zdassets.com xumm.zendesk.com support.xumm.app remotejs.com plausible.io kit.fontawesome.com; img-src 'self' image-proxy.xrpl-labs.com xumm.app media.giphy.com cdn.xumm.pro cdn.xumm.app xumm-cdn.imgix.net xumm.nyc3.cdn.digitaloceanspaces.com badge.fury.io github.com *.cloudfront.net cdn-images-1.medium.com cdn-images-2.medium.com; font-src 'self' use.fontawesome.com kit.fontawesome.com kit-free.fontawesome.com kit-pro.fontawesome.com fonts.gstatic.com use.typekit.net ka-p.fontawesome.com ka-f.fontawesome.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-EDNfnf03nceIOffn39fn3e9h3sdfa' *.google-analytics.com google-analytics.com *.googletagmanager.com connect.facebook.net js.stripe.com blob: https://polyfill.io/v3/polyfill.min.js; connect-src 'self' stats.g.doubleclick.net heroheroco-media.b-cdn.net heroheroco-moox.global.ssl.fastly.net *.ezdrm.com *.gjirafa.net *.sentry.io *.stripe.com *.herohero.co herohero.co *.google-analytics.com *.google.cz *.google.sk *.google.com *.google.nl *.google.es cdn.vpplayer.tech *.wasabisys.com *.vpplayer.net *.gjirafa.tech storage.googleapis.com *.blob.gjirafa.tech; media-src 'self' heroheroco-moox.global.ssl.fastly.net *.herohero.co blob: cdn.vpplayer.tech *.vpplayer.net *.gjirafa.tech; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' heroheroco-assets.storage.googleapis.com b-cdn.net *.b-cdn.net heroheroco-clim.global.ssl.fastly.net heroheroco-clim-prod.b-cdn.net heroheroco-clim-devel.b-cdn.net heroheroco-clim-static.b-cdn.net heroheroco-clim.global.ssl.fastly.net heroheroco-clid.global.ssl.fastly.net *.google-analytics.com *.google.cz *.google.sk *.google.com *.google.nl *.google.es heroheroco-assets-prod.storage.googleapis.com *.herohero.co *.cloudimg.io *.vpplayer.tech *.vpplayer.net *.ytimg.com blob: data: www.facebook.com facebook.com; child-src blob: *.stripe.com *.facebook.com www.youtube-nocookie.com; object-src 'none' 1
default-src 'self' *.googleapis.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.jsdelivr.net; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com preproduat.bajajamc.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com;frame-src 'self' *.youtube.com; 1
frame-ancestors 'none' script-src 'self' discoveryeducation.com *.discoveryeducation.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *; 1
frame-ancestors 'self';base-uri 'none';object-src 'none' 1
default-src 'self' 'unsafe-inline' blob: *.abac.us:* *.emburse.it:* *.abacus.com:* *.emburse.com:* *.emburse.services:* https://www.google-analytics.com:* *.pingdom.net:* *.sentry.io:* https://sentry.io:* *.finicity.com:* *.bootstrapcdn.com:* *.googleapis.com:* *.clearbit.com:* *.licdn.com:* *.gstatic.com:* *.polyfill.io:* *.plaid.com:* *.maxmind.com:* *.googleapis.com:* *.zdassets.com:* *.pendo.io:* *.zopim.com:* *.zendesk.com:*  https://geoip-js.com:* *.chromeriver.com:* *.s3.amazonaws.com:* *.oribi.io:* wss://widget-mediator.zopim.com:*; img-src 'self' data: https:; 1
default-src 'none';  base-uri 'self';  child-src 'self';  connect-src 'self' geolocation.onetrust.com cdn.cookielaw.org *.hotjar.io *.hsforms.com wss://visitors.live wss://in.visitors.live *.visitors.live *.googleapis.com *.visitors.live *.doubleclick.net *.google-analytics.com *.addthis.com *.hotjar.com *.visualwebsiteoptimizer.com *.luckyorange.net https://cdn.linkedin.oribi.io/ *.googlesyndication.com localhost:* ws://localhost:* *.analytics.google.com;  report-uri 'self'  https://www.google-analytics.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com gitcdn.github.io *.hsforms.com *.hsforms.net *.baidu.com *.gstatic.com *.addthisedge.com *.moatads.com https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com *.cloudfront.net *.whoisvisiting.com *.hotjar.com https://snap.licdn.com *.addthis.com *.cloudflare.com *.fontawesome.com *.google.com *.maps.google.com https://maps.googleapis.com *.googletagmanager.com *.googleapis.com  *.google-analytics.com  www.googleadservices.com *.jquery.com cdn.cookielaw.org static.ads-twitter.com connect.facebook.net;  style-src 'self' gitcdn.github.io rileyrichter.github.io gitcdn.github.ie 'unsafe-inline' *.cloudfront.net *.fontawesome.com https://*.gstatic.com *.googleapis.com *.jsdelivr.net *.cloudflare.com;  font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com https://*.cloudflare.com use.typekit.net data:;  frame-src 'self' www.facebook.com mailchi.mp us3.campaign-archive.com e.issuu.com *.fls.doubleclick.net *.hsforms.com *.youtube.com *.google.com *.addthis.com *.hotjar.com *.doubleclick.net;  img-src 'self' *.addthis.com  *.google-analytics.com *.gstatic.com https://www.google.com https://www.google.ie ge https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com *.google.com https://seal.geotrust.com *.googleapis.com data: * ;  frame-ancestors 'self' admin.ida-v10.continuous.ie *.idaireland.com admin-ida-v10.continuous.ie *.continuous.ie https://ida-v10.continuous.ie localhost:* ;  media-src 'self' www.youtube.com *.cloudfront.net ; form-action 'self' *.hsforms.com *.list-manage.com www.facebook.com;  worker-src 'self' blob:; 1
default-src 'none'; script-src 'self' 'nonce-BTQt7A3SERB8qZcbh4HDxdOQHrDVmo68' 'sha256-0OICRA6kk1Bv6ZoxtbLXRR+hYonXnEbYCOCpkMlyr50=' https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/569030774445864 'sha256-ko7Nc2fpmcVPCjJjwzBjWSIROK6DqqIJdCrcxY0b0p8=' https://*.googletagmanager.com https://snap.licdn.com https://cdn-ukwest.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com; style-src 'self' 'nonce-BTQt7A3SERB8qZcbh4HDxdOQHrDVmo68' 'sha256-mf/UeN4J7RwvsimPJmmeFQFxedoyNr/nO9Q1L1vCL7k=' 'unsafe-hashes'; connect-src 'self' data: https://api.amplitude.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com https://cdn.linkedin.oribi.io https://cdn-ukwest.onetrust.com; img-src 'self' data: https://www.facebook.com/tr/ https://*.google-analytics.com https://*.googletagmanager.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://cdn-ukwest.onetrust.com; form-action 'self'; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.youtube.com/embed/; object-src 'none'; manifest-src 'self'; base-uri 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.lt https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.parcellab.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.lt https://m.myprotein.lt https://checkout.myprotein.lt https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; media-src 'self'; style-src 'none' 'unsafe-inline'; img-src 'self' https://img.shields.io 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: data: https://*.thelashlounge.com https://*.newrelic.com  https://*.google.com https://*.googleapis.com https://*.googleanalytics.com https://*.clickdimensions.com https://*.gstatic.com https://checkout.stripe.com; style-src 'unsafe-inline' http: https: data: https://*.thelashlounge.com https://*.googleapis.com https://*.newrelic.com https://*.gstatic.com; img-src http: https: data: https://*.thelashlounge.com; font-src http: https: data:; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; 1
font-src *.fontawesome.com 'self' data: www.bernieandphyls.com cdn.livehelpnow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webto.salesforce.com payflowlink.paypal.com www.bernieandphyls.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.affirm.com *.affirm.ca *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.addthis.com bernieandphyls.dispatchtrack.com payflowlink.paypal.com www.youtube.com forms.bernieandphyls.com tst.kaptcha.com ssl.kaptcha.com recruitingbypaycor.com cdn1-sandbox.affirm.com www.paycomonline.net www.bernieandphyls.com storage.googleapis.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.meetanshi.com https://meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com https://*.acsbapp.com https://arttrk.com https://pixel-a.basis.net https://pixel.sitescout.com *.addthis.com *.tile.openstreetmap.org *.bernieandphyls.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat maps.gstatic.com maps.google.com maps.googleapis.com ebizmarts-website.s3.amazonaws.com collector-12958.tvsquared.com track.sv.rkdms.com agkn.com aa.agkn.com lsdm.co *.google-analytics.com *.googletagmanager.com www.bernieandphyls.com www.livehelpnow.net developer.livehelpnow.net berniephylsfurniture.file.force.com https://*.securedvisit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.gstatic.com https://www.google.com/recaptcha/ *.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.kaptcha.com *.avada.io *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com https://acsbapp.com s7.addthis.com m.addthis.com z.moatads.com www.google.com/jsapi forms.bernieandphyls.com tst.kaptcha.com ssl.kaptcha.com cdn.polyfill.io recruitingbypaycor.com maps.google.com maps.googleapis.com maps.gstatic.com cdn1-sandbox.affirm.com www.paycomonline.net www.googleapis.com/youtube/v3/videos ajax.cloudflare.com js-agent.newrelic.com bam.nr-data.net collector-12958.tvsquared.com app.leadsrx.com lsdm.co track.sv.rkdms.com agkn.com aa.agkn.com www.bernieandphyls.com agkn.comsafevisit.online safevisit.online wss://*.noibu.com https://*.noibu.com https://474281.tctm.xyz resource.kenect.com storage.googleapis.com developer.livehelpnow.net service.force.com berniephylsfurniture.my.salesforce.com berniephylsfurniture.my.salesforce-sites.com *.salesforceliveagent.com static.lightning.force.com https://*.securedvisit.com *.westcreekfin.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com www.gstatic.com *.affirm.com www.bernieandphyls.com developer.livehelpnow.net service.force.com berniephylsfurniture.my.salesforce-sites.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.affirm.com *.affirm.ca *.kaptcha.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://acsbapp.com https://*.acsbapp.com addthis.com m.addthis.com stats.g.doubleclick.net www.bernieandphyls.com api.rollbar.com tst.kaptcha.com ssl.kaptcha.com maps.google.com maps.googleapis.com maps.gstatic.com bam.nr-data.net app.leadsrx.com agkn.com aa.agkn.com lsdm.co *.google-analytics.com *.analytics.google.com *.googletagmanager.com wss://*.noibu.com https://*.noibu.com developer.livehelpnow.net wss://app.livehelpnow.net berniephylsfurniture.my.salesforce-sites.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com https://servedby.ceramicartsnetwork.org www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://unpkg.com *.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data:; img-src 'self' https://static.ceramicartsnetwork.org https://servedby.ceramicartsnetwork.org *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com *.wistia.com embedwistia-a.akamaihd.net picsum.photos *.picsum.photos; media-src 'self' data: blob: *.wistia.com embedwistia-a.akamaihd.net; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.wistia.com embedwistia-a.akamaihd.net; connect-src 'self' accounts.google.com https://servedby.ceramicartsnetwork.org *.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net; 1
default-src 'self' data: *.generali.ro *.generali.test *.generali.ro *.codezilla.ro *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.google.co.uk *.googletagmanager.com *.yahoo.com *.hotjar.com *.googleadservices.com *.doubleclick.net *.facebook.com *.facebook.net *.cookiebot.com *.taboola.com *.yimg.com *.ytimg.com *.ipinfodb.com *.cursbnr.ro *.youtube.com *.tiktok.com *.gstatic.com *.googlesyndication.com; style-src 'self' http://* 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.youtube.com *.googletagmanager.com 1
default-src 'self' *.vercel.app ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.atkore.com/ *.googleapis.com/ *.google.com/ www.googletagmanager.com/ *.hotjar.com/ cdn-cookieyes.com/ *.cookieyes.com/ *.gstatic.com/ *.vercel.app frecompositesinc.com/ cdn.jsdelivr.net/ cdnjs.cloudflare.com product-initjs.prod.rfksrv.com/ atkore.disc.atkore.com/; child-src 'none' ; img-src 'self' *.vercel.app edge.sitecorecloud.io/ data: *.gstatic.com/ *.unistrut.us/ img.youtube.com/ *.googleapis.com/ images.salsify.com/ cdn-cookieyes.com/ www.googletagmanager.com/ aigi-p-001.sitecorecontenthub.cloud/ dam.atkore.com/ prod-east-alweb-mt.rfksrv.com/ atkorerevitplugtoolbar.blob.core.windows.net/ ; style-src 'self' 'unsafe-inline' *.vercel.app fonts.cdnfonts.com/ fonts.googleapis.com/ cdn.jsdelivr.net/; frame-src 'self' *.vercel.app youtube.com *.youtube.com/ atkore.vt-development.com/ *.google.com/ astageofatkore.wpengine.com/ *.atkore-hanger-configurator.com/; font-src 'self' *.vercel.app fonts.gstatic.com/ fonts.cdnfonts.com/ ; connect-src *.googleapis.com/ atkorerevitplugtoolbar.blob.core.windows.net/ images.salsify.com/ *.vercel.app cdn-cookieyes.com/ 'self' *.cookieyes.com/ useast-sandbox.ordercloud.io/ useast-production.ordercloud.io/ www.googletagmanager.com/ *.hotjar.com/ *.hotjar.io/ *.hotjar.i/ www.google-analytics.com/ googleads.g.doubleclick.net/ *.doubleclick.net/ api.rfksrv.com/ atkore.disc.atkore.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://merveilles.town; img-src 'self' https: data: blob: https://merveilles.town; style-src 'self' https://merveilles.town 'nonce-62b4BAoLiISVPoely4bh/g=='; media-src 'self' https: data: https://merveilles.town; frame-src 'self' https:; manifest-src 'self' https://merveilles.town; connect-src 'self' data: blob: https://merveilles.town https://assets.merveilles.town wss://merveilles.town; script-src 'self' https://merveilles.town 'wasm-unsafe-eval'; child-src 'self' blob: https://merveilles.town; worker-src 'self' blob: https://merveilles.town 1
frame-ancestors 'self' worx.internorm.com *.worx.internorm.com worx-test.internorm.com *.worx-test.internorm.com 1
frame-ancestors 'self' https://app.groupgift.yougotagift.com/; 1
default-src 'self' 'unsafe-eval' data: *.botakis.net *.botakis.com botakis.com; script-src-elem 'self' 'unsafe-hashes' 'sha256-NGFsIpB2KKKzkWIiytRIYUEzKD0yIXh/YGTMob97xUM=' 'sha256-PFU9ZIkcNdEpKSVzHn1dXZRQjJR8lQDmKjkmdndKb/w=' 'sha256-twRwjx5yYy22rB3XsTyZ/Dh7oVo0xPjhuf3NkCL/VUY=' 'sha256-vc3roQCs/nXxmtVoD9kByxmFk46sEgNcrM3pT/vnC7E=' 'sha256-mmK5OnZGZXq3o/UWlKodZAi0bpPYB1QWW4uzpJ/ipxU=' 'sha256-XHdFpZzFMesA3ZLvc9rrer99Dp+Q3SFxboWE5s7eYns=' 'sha256-t8cVyNYDkVC3GrgiIxiVHY57lx+q8hyq4jhdMOouWE0=' 'sha256-hzmQ1oXN288CaDnzJnhMGGu6onf6+kn3cmUvxKuNY2A=' 'sha256-aPhwFPTygTfEKI69O1R+CYCOghdRg4uF5WBUuqQ1hkQ=' 'sha256-wQAqCHUA0Frg/7vSjaLc9ZP3haRJZSBja/nsO31mhRc=' 'sha256-MM3HOVh2yh5Djbo7d7Glqi8QyWysc62T++9ejl6gHFE=' 'sha256-fWxkOyGEqOJjrbwvqjw0e9L2E6fl6qSG+J5U/GRr4JI=' 'sha256-idKsR8vBaWmkbSmsV+HOnKSVuxfjprWvz+8CqBeMKeI=' 'sha256-2TkkRV94cyuK6ht8eT5I4N7w2DXudNZ6kTOQb6EYzSI=' 'sha256-tSMQgk4YgI8Eet5slfoTBb1KyGAA/QZHA2uGAXEV85w=' 'sha256-YFIrPQM5ppWlH/kKhkc3xIa2e5uEE6KbP06s22hV3H8=' 'sha256-Q2E8uAZhFvfMDxkF3HOhllX5eqc6n8MNLGyw1GNs2Sw=' 'sha256-+IylE18sO29ICCx608M7Qdruvupg/rMpNVfSGNqYzvI=' 'sha256-ge4uOzJ4ZOy+YP64Ch26YQPrvYkybHaBsGL6tbB1ZUs=' 'sha256-ko0NyAkpdfon76RL0ACnPIdJ7to4M9+Rfn78RDnx3jY=' 'sha256-6Ba2wbE4ZcIL5aaEi2UJv+wibPsM0yq/t6wKjtfc5Y8=' 'sha256-8anq1lnL7o3b+C3hc0ZIcAHLbaDJK57AqHftnVBXX+I=' 'sha256-6IEIzGu+iGHU8yLFZgUP5It5dDeLiMZFdGu7MhDQQhg=' 'sha256-0X4Whg8bvANVndGprMtKMeOaPPS1/QETrj3JQS9X7tU=' 'sha256-md1xRH3dz4d3tkIjaaBDTo8ayu50JurmFjbM2OWmbMQ=' 'sha256-xvjSsHB1zHZgwPZydI7nvZYwZyqiLXZYQ0+KcuNZvuo=' 'sha256-Bzrmp1GrdnqtgdBwViQ0d19xesClLyoPHtXUAlfFoZM=' 'sha256-WeHVjd+aSuLt4/7HjEV9rkM1bIFENOpny56rWUVT4XM=' 'sha256-+ME5ZrZbIVTusRss6S+8WCX0OO563NvkoDGLtuOJwDE=' 'sha256-A9zt6LtjwsCWwxIi8UUrlt5oRIpThTDM9wRuuTS6KlM=' 'sha256-ch+gR3sWPCqw97O8IdJUYb/9Y/imZzu4dSYmuuwsXtM=' 'sha256-KJQdXvT8BePWeVVYU7gq8/0AjhD17Owq+VK1VsmxUHQ=' 'sha256-KqB4Cvnf1tSVxW87iwkwHnhJlTd8rUTVTahGjYXGnOY=' 'sha256-yY/nSSKYEx+ZPcewiiOWhmcLp23UR2APmBnVl8IaIr8=' 'sha256-ZgP9UOZhShTz94WSv9OF5B2Gi/PQglR0B0ksGIgeMxU=' 'sha256-L3bpCrU2nEa9COH+Ic3L+18ec1koEolJVVtaLFh6eQY=' 'sha256-cUwOzRTeU4MOMk6VM/wy8UfbfCdHOEHz7BfY9yEFvpo=' 'sha256-RixzH1v/LI+3ojVT51oXatJbEqVYV7wgK4HZaDInFZs=' 'sha256-UeUfPC7HheipChusa6cPhoyFRizSCPtNinki3G3Yz/g=' 'sha256-N0nq1VsUK+VuyXsjI+Li+8waGVPqDYxFdZxMpmKO/iw=' 'sha256-nZXhtIQocBR6Zo9aJpPZ++NFU3K3qdNAyoTcQx+3r2E=' 'sha256-XOx4JwqEVL35NdHhe3HzXr6MnDJiCn6FiU2ObnIAkiU=' 'sha256-Rz36Q/RmDzngTAfbDX+L4bftbS2TwFxcS+88BIrypGU=' 'sha256-6vwbNEpaC8HvUzbqU5JiRdyWJeySwiFR2EClLm29WjM=' 'sha256-tqsE+RYcBusXugX1loc0SeWSiuonxdZuaU4LwPDrLRo=' 'sha256-+HME/oSjz9vdfOUjxzq5iYQ0lGsW3hYK1ZYm4tOaT+I=' 'sha256-LpRCj27LhFFUG0u/DOcoZiXczMu5UMaUUwqTmOpwbK8=' 'sha256-ETF287ix4YFn3pJkiIEJPkB6qMb1PBkaw6WNa35sHag=' 'sha256-CjAHqjeeiidIaMyrnNUumIqZgjlDE5nupLYWXOf2XNg=' 'sha256-qrIaVBwuczFx2Pz9mFnvE1UGozpVhIJeJY9KWYDeZps=' 'sha256-H7XgB63Q7PpOYyYJhKNOT8RPPc0v55BTdoZIm9XxrqU=' 'sha256-6jhvTeK9TFszHaxL/aPWWeOXg5URIOOZxYotIhU6mDM=' 'sha256-BpIa0p6Hd1bzw1H5QAHuJA5XAVP+KVChb/OcuyzuN1w=' 'sha256-AkGAZj/2c2EI266UNwUDPL0vfoESURKLTb0FB48kX4o=' 'sha256-p9zQb3ch1T/e4auxgVRWxAR4SeYXpkae6PoFPWJ/Juo=' 'sha256-08xvSHqTbZbdjO8wr13GkRLuLS/SL2QYkf6hs0V5b9I=' 'sha256-wWaqpqn4hFCq0jpOZHrLcvc3f5GrxWyDNuonFurDn8Y=' 'sha256-gEiTNoto5lww0cdSITEWkP+HZxqMYPZzrmNL2uOg2cE=' 'sha256-xEpXjXw5kaK07shZcW+Y9FFRjx2Ny/c4X23BnE//IsM=' 'sha256-vgNXfWyol/4dTK3lqBVANn3newMY5RqW74Q8slXIdWI=' 'sha256-evyVgtlVWW/SwxcKGyAnGq5+DOP6kTM3pNJEOAqiPpI=' 'sha256-DHSQvea9ahGVsiqPn0r0OmxTFOF+PVBvKkgbEazrbJY=' 'sha256-OmO9t4Y+a+VU7qfuFFMV94dDXj49YN6T09i/BkR4rI0=' 'sha256-ZqPttUEiInIywNd3hZmU6m1PewA5b5UedSuE2duzsa0=' 'sha256-uFbh3+ev7GEj35zvV2+XnfYEAOO+SrNCYcEI15tiPXQ=' 'sha256-ccGsw1zQqixZXXv2ftZc0qq9yuRPiNvs//GxenoVhNM=' 'sha256-kdPsaHz+bOytPKG93H+9SQRuQ9TUX2Z7vVGCffw+r/M=' 'sha256-qwi/+wk2N9sLwNAZtXlR5bX13NbYDb+WPa/YXH7eaXA=' 'sha256-GkHhtam/9KS32a6MD7UW5vzOYRuctl6c5L2YfbC3/IQ=' 'sha256-7b3+Fqtqdf9uk1QaIv31zcB7aEfoOFzJ5sLo9hrlHcA=' 'sha256-YG6IvqmiuraAW3ODSmhsHOOp+y3ED3hW48Xke6MRkHc=' 'sha256-Fxd90/+Xu36RlAbeNTWpvFWL/YqzOHYlrriwq01gCZA=' 'sha256-RhdXxuW/WcWG0aYmL8gwZQxh5yQZXUVKO6UhYSM+U/s=' 'sha256-oRmmjzWkxlol1nmEgrea99IaywW+LuwkkxMmBkiptdE=' 'sha256-9CkSY4HBMSTVMw2z1JHxM0J8h3yzBcP8kpglgFDfLSc=' 'sha256-Cm0QNG45s3pJIrHGXEFnxRN7nSxZnheuINnShq3VVyA=' 'sha256-ztMGD36G+PNUGRLoddqwHDjgPfIfdYvL/Rt0CU7fXSo=' 'sha256-6ZI/6HyQI8WkuOqnyy5umSPlp1gn/Vnuea4YlfFJDE4=' 'sha256-cZraNx8H3VInf2X2Ae1Ed02IcNeYiqpfcDQAfXGgKQA=' 'sha256-GvKScpGNc759Lk1a8AuSsM9/icdnvMRR0B06Pbdocbc=' 'sha256-zjqnQ0AyihlBGHM9YyV0KAWIvvNyIezAk0BJcBKDkg4=' 'sha256-+7BioqlbGB+VqfXjRU96Oqz9R95ckN1dNAl7O4TPOXI=' 'sha256-ObTPaoaEJVNlVx7cCwjerl9kgJGUk1IATsopeqCNN9s=' 'sha256-6txQ8DGh1XDvZnWpxo+a+FznAo6+J2pQjJpBziHmGhg=' 'sha256-lYsBz2sz0GipJipb0VN08EaLwLKEIFP75l2HILnmHKY=' 'sha256-pXi2pSh74gzRcpBMxEqUC9ezy+ZYONpqaL3qu96Xy1w=' 'sha256-pysITv8gKTP4aumlj/zEonJ1ooHmoLiRGj5kfic9XoY=' 'sha256-Hx8zNicdI4fG3Qxy/kDr7sk9k4tk000AQUJwAHV8k3o=' 'sha256-Pjpt8mjKTN1VrBU8AYh7yyVkR9q6xmd/xJdgqAZu2/A=' 'sha256-obz7o/JDO59vhxm8nUFO+Ky6RjlHBgR9wi5fHl5z78U=' 'sha256-SbJLm9rQ5a8fErPJ6RBKMbmt7LDEr4cJVDlw9/hHnz8=' 'sha256-u3NPmJNW3C/POItvOakLtoD3ZFkgxRgW+Cu3LyAjWYY=' 'sha256-p3xd2HGgo+UYw4r2Ik1HYy8VJ1xfpq6iwoB+/Iw7rFE=' 'sha256-sq6lQ5xxzjzJ2ZUFaG4X3hbhKQKbyykI+yl3H/bZ0og=' 'sha256-/TCZDwRyKxUylUSUAcSSqm83N7hABrUHwn3/ZwrdIUA=' 'sha256-nG0FDDE7OSPlZhHQo1x/Y+7gGxWfcJFkjdEpJ8TcmWE=' 'sha256-0vkOicO/fFVPbYsbyJfO9LAHyjZUczwRjwSjcyFvpf0=' 'sha256-JK80LRB0j8YoS8SQXtpJO0wCw0Vndyq3Z9x852YYW8c=' 'sha256-nrjAoLyRzRMuq24qmMxMVug3w1Br8E4AQEw+2g7aI+A=' 'sha256-FN1UAz0iCpczkyMJDeDmEpzT9QRt8wJjlnAXERK1RFM=' 'sha256-ibXFiUPK8KaWXf0PlW9cgjz5ie949bViap/jZnPv1no=' 'sha256-4PBn7Se3xhTEn2d1RfmCNiyddStyNi/Rj9Gfg9gx2e4=' 'sha256-kYwVK30rrXwj5Ipy86G9LGc2BSLXHx5TSnwTXZ8z5Bg=' 'sha256-hLdIek7cUC+ujWSj3Tkiq++UgNp6vCMtAeHBklkvEE4=' 'sha256-9o6bueEcvtPUfhXkVH6PWQJ6y44WCEcTPsUFc2v9Y94=' 'sha256-3bnqZoPaSsvx4k1KtmhTfzZJHaV4Xv/s+DZoKijeeTk=' 'sha256-F9qwrERRSQ9uVWeK4wzLug5QWbRqlKlbvamnHJP6cu4=' 'sha256-KM6yYEJPq6iWwF47j2oZE0bxYyBX51mVytE7i1D/vYQ=' 'sha256-V8RFn3y7b+ify9V5kuWcIMYoPfKTbqWeeaIJDGyIxsk=' 'sha256-RyQMiFcCJjjMX/eyT7ynqd4AVzkytEi80LK0acmHWis=' 'sha256-uOpLH9uS6Uw2OW9pic/nGnJZlQf19SgCEsz+gZLtjaY=' 'sha256-ZtNTdoXwOSQUE4J+fqjk7HsliX2IDBk1F9soYPCR+7k=' 'sha256-Li6iYXX6eVk5+lmytMldsGnSfrij4LjMLPllcSg9m+U=' 'sha256-q07q0mD+/+o/i2oeWUcBGc2Q6086FuVGoPM4hhogSMU=' 'sha256-D72GehQm2ycgXjmCry4cgYVSEdXLQGf1iPWAQRaxm24=' 'sha256-H3aLtDFs+4kUCxvIeJ6ANFaU47gL1nLdTIKfha7HFNo=' 'sha256-HMkoy/MwavCeSfi+fHRF5ouaXLGkSKk1mjbFH/hr23s=' 'sha256-zcSIU+ahuVtrkZoqluFwfj2fOwR2TEVbXJcnmL/nvJM=' 'sha256-Qub1/cMp5k0woI1faMWhC3vg1sOKL/sPgp2QaAl+JF4=' 'sha256-uvmLVmJ1G14n9L6I88pFDFGQAnemzOakqeRlNOfTnyk=' 'sha256-VavgjXLIvIhcRaBsa5Zdg+jUg9Hiu9kPYoeEbKYEM54=' 'sha256-A3Bsd6M8azIIDmNz0Vqh8H9eCWL+YS6fSHBBHZVqAC8=' 'sha256-CUS/BjoCsrMl+SW43gYDreOpiG29CXVkNN+nhpULnLE=' 'sha256-hvE0eHcExUvRoJGd7cuQrvHnsicrYaW1lWdarMIXskk=' 'sha256-kwdNGW03p1gtBjOZEuYp6ndYAMa3rGyRGcZ9MzaWN98=' 'sha256-MQu2JzM+Q9GWpvSFA+ym9Vyl1YaFcGrS3Qqt/22TD3o=' 'sha256-grmfZXI8iEdF98QmE35bryhHUpjKaSods9ReRffrJh0=' 'sha256-JyIp0J/9g9+jo7XXecuaHN69gR//khsafgTqkScZ8tA=' 'sha256-FG4MIhRQcQ5TNgmcN0/acGPzF2mSL5debp62uY+sMG0=' 'sha256-CZ30b2ZC/DOInohyKbcCeTDV9Ls00LEJr9mAtlMjeEg=' 'sha256-EqNnOl5xT2w6kjYtF7RCaUJO7c9QLtKdquGKop/oiCI=' 'sha256-SvVnom67KJR52kexT2rDkFanK83zM1MmSIGib+Y3XqQ=' 'sha256-U0oOp/J+oiWj0ZvSOKMc+P9CVbtL5B6AU+1co6AMufQ=' 'sha256-VtAog9Ww6HhD32ROO7MZlaq3o8rR6tjG5JLOSZIzFfA=' 'sha256-Bd0OEPpTtlXUfN/THykxfhcsit8uKUW/d27AShNs0WY=' 'sha256-NZWeW/tgt6RqEzotxQHvLGcgjxTzlsJ3sOMkzwwY02U=' 'sha256-c8VplmkZu36AgS5E2YfDoQuf04v99BFmsiml0aQBBBc=' 'sha256-Vw0615/tsqGYF4bJm3IwWUnoq4Js6Hg4/l0LDLayr+0=' 'sha256-Vw0615/tsqGYF4bJm3IwWUnoq4Js6Hg4/l0LDLayr+0=' 'sha256-BKfvPbD0ZxUfcKTai83n2e/1w61SYzs6DorYQ2AbITs=' 'sha256-R8ZUCnFtOA4qDJFoWfv4s9iV4uVl5pTQp7OMXgO2Nnc=' 'sha256-q9UJ91eNI31R63nfQmR/KLtYqRxu6NWwzq+xtd7Seo8=' 'sha256-kolZA3y9IAfbbuegUcOPnMeSCGBxb1eDoN6yAz08JPA=' 'sha256-IgY3GUUWH4oh1N4VOoF1ZCe9bWOEZ+d/1+wPVSCY2aI=' data: *.clarity.ms https://botakis.com http://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net ; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'sha256-c8VplmkZu36AgS5E2YfDoQuf04v99BFmsiml0aQBBBc=' 'sha256-Vw0615/tsqGYF4bJm3IwWUnoq4Js6Hg4/l0LDLayr+0=' 'sha256-Vw0615/tsqGYF4bJm3IwWUnoq4Js6Hg4/l0LDLayr+0=' 'sha256-BKfvPbD0ZxUfcKTai83n2e/1w61SYzs6DorYQ2AbITs=' 'sha256-R8ZUCnFtOA4qDJFoWfv4s9iV4uVl5pTQp7OMXgO2Nnc=' 'sha256-q9UJ91eNI31R63nfQmR/KLtYqRxu6NWwzq+xtd7Seo8=' ; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'sha256-tLhJLdhP/19dgmpWYiz9xIF+DCqxjOgU8dXIGTdF3Wg=' 'sha256-Kr77kGAMx6x46CkSLNbCngC8xk1FT+kXN2QIBeMHBSc=' 'sha256-vb3+xv9R5jfO+inbLUuRf0az65DeOExDcZwWiPoa/7I=' 'sha256-yamMZTHujI9IoQTUJIysz/nijiTfnZ9tsrC6k5UfPrA=' 'sha256-tLhJLdhP/19dgmpWYiz9xIF+DCqxjOgU8dXIGTdF3Wg=' 'sha256-Kr77kGAMx6x46CkSLNbCngC8xk1FT+kXN2QIBeMHBSc=' 'sha256-vb3+xv9R5jfO+inbLUuRf0az65DeOExDcZwWiPoa/7I=' 'sha256-yamMZTHujI9IoQTUJIysz/nijiTfnZ9tsrC6k5UfPrA=' 'sha256-yamMZTHujI9IoQTUJIysz/nijiTfnZ9tsrC6k5UfPrA=' 'sha256-9ieazHMmP+99mDOeave9ALQe2O8uPGlsKcqlRN1xtOE=' 'sha256-jRbQugD39UGzrNH4QEvl5EfRbWBG84hPtTZOAl3E9pA=' 'sha256-57zNd6Px/F6ZD5bNl4N+5YsLPP+3bGQnI3cpJmb8Nww=' 'sha256-Snrx48imQ1Borf9kyCfZVyNDcgF/8tr0NvTOokJOdQk=' 'sha256-mXKZ3CmdUBeDVOeUdMZYmuI0itJhmLNN59GeQzRTo4k=' 'sha256-VJNIxGz526chyBwA49n+zeUihx6M0ULj+tjugWF74s8=' 'sha256-FwUpQWiVvAalpmsI74mPw3k8+S7sWddCZVTgSvx304g=' 'sha256-mjUy7dFc9gDb60NcMaH4/R0NQGqCh192/PlG/UkLyOI=' 'sha256-MLGyrVO1abcedVCaiFhet0x/PAHRj8U5yr9pQgV0u4Q=' 'sha256-z0gyZkL7inSWoU06ltmn1Gdlah6WVUwtJtdkxfy4VU0=' 'sha256-Nt3OnXseT9HneuSmQr8KS1vuJwvLWEcAbOrEMHp2B5c=' 'sha256-4WTsKJUvLWWV92vDd9wgWnRhTXeJIZTWS65IXHS8/cc=' 'sha256-KshjrEQMxsaxoU570YMb9JMgbc5rXVLAKhKsh+9U0aI=' 'sha256-IemHH23WlWo1fUOSCK2fb32JQYaSB11gg+whHReqhtc=' 'sha256-i+F17/eZuoYooDsrnNhXR7Nln56ef14hnDvmmWssQ6o=' 'sha256-KshjrEQMxsaxoU570YMb9JMgbc5rXVLAKhKsh+9U0aI=' 'sha256-IemHH23WlWo1fUOSCK2fb32JQYaSB11gg+whHReqhtc=' 'sha256-4WTsKJUvLWWV92vDd9wgWnRhTXeJIZTWS65IXHS8/cc=' 'sha256-i+F17/eZuoYooDsrnNhXR7Nln56ef14hnDvmmWssQ6o=' 'sha256-uScOumXMLAn7xTLg8rOLADDhQZSU4mEyJNDtCOmy0ZM=' 'sha256-Pg7ZwGkhxKgYdFyLfY1fVYVQUA2Mp2v/zRbkMdZ+73w=' 'sha256-meQy8e5Yiq23veqfbkeTdax2P6gI1gfSHSV1cbsIcyY=' 'sha256-Pg7ZwGkhxKgYdFyLfY1fVYVQUA2Mp2v/zRbkMdZ+73w=' 'sha256-meQy8e5Yiq23veqfbkeTdax2P6gI1gfSHSV1cbsIcyY=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-djG2HBEaOVzlAgTTs9v92G/LLIzWOLGRaZzXVFJV5Ic=' 'sha256-bdYZWH/rENPMO0j7fq8NtLhKDNUhd5jFV11ELqSLCmQ=' 'sha256-dJjkZRJeoY1TAmHok4Hn3BVPUhhiDUiG71Vs98n8480=' 'sha256-oGM//cML8EL+gXTWq+wCBl9s7mKk70H7YCmY7r5efpg=' 'sha256-IgJYNzvgGhZE4soFnx3xwZx21BtqQMo9ZjbamkN7JxQ=' 'sha256-MBVp6JYxbC/wICelYC6eULCRpgi9kGezXXSaq/TS2+I=' 'sha256-Snrx48imQ1Borf9kyCfZVyNDcgF/8tr0NvTOokJOdQk=' 'sha256-mXKZ3CmdUBeDVOeUdMZYmuI0itJhmLNN59GeQzRTo4k=' 'sha256-VJNIxGz526chyBwA49n+zeUihx6M0ULj+tjugWF74s8=' 'sha256-Sjf5ZSYBhjOyeLWIPtguKB0kaa3En+MEgNzLtgImqBo=' 'sha256-MFVj8/GUOWad9Is/iSNo8vjs41djOO7VlgEL6+KWsMk=' 'sha256-EMwmUb71CVDuY/njkP7rkmMDWC2FXesrccnpjyUOPUI=' 'sha256-n8gYqwTMc0d6gMrrz5npfXt4OM2oRZQ+4cj2UEVwu4c=' 'sha256-PGJ8tjuz2DXGgB1Sie9pW8BrxBGK6EQndbLEkXd44T8=' 'sha256-PGJ8tjuz2DXGgB1Sie9pW8BrxBGK6EQndbLEkXd44T8=' 'sha256-PGJ8tjuz2DXGgB1Sie9pW8BrxBGK6EQndbLEkXd44T8=' 'sha256-GwHZT535b07mYnmBNai2AVuOqmgTTF1A4EqzeDlIyl0=' 'sha256-XRIee9ZEiz4ckviuCDVuStkiSW6Ij9/ExbttGnzRsb8=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-ixaZi59dXdk6egDYzfwFRV/nyFCAbsCT0s4dYBbPjhc=' 'sha256-j2OD8hdtZwCIt6p/ACY3pyLMe1i1kECDM8kFtwNmGxI=' 'sha256-OTntSBgr6aUA8GjA+8GtlcSlC+eQpXKXqR5bMydekwc=' 'sha256-//DS00knu9S4khJ3hvfWNiR5Sx5WrLWCtG4jncmsoDs=' 'sha256-rK58JL2OQt4rdK4K49LEeoZqdoJ2IaggU8fMeF3IPug=' 'sha256-Rf3Lbh+kRfDn1oOwjr3L6hqoAhl8wQknO1D2JXZS934=' 'sha256-Yekz5tI2WZKHK6caIRdRUGmqzJh7IZLRJy9+uPZ94Xs=' 'sha256-8nydPb94/lH8Le3jDXJlvLs8vp8tHbsx241DZui1vtc=' 'sha256-PNsPul0zQFUiYu9XLVKzTdD5Cz5ghp1MT4H5/zAeI3Q=' 'sha256-6eQ0aI3+mGkOnhzZaMk/WDFq71p5hlB6NowiInrSgmA=' 'sha256-Ew+ac64tx/Fslcpkd+9dcL+TCbfjaI7sQvlMq2DO3IA=' 'sha256-Q9miDVY9EmQYHiYVqVW22B4ck3MVy1MYKucyPW6AqWk=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-EgNBKOia+YkwLJnqORGP1/kLf8CRKfIhJ6yuxB8AU5g=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-+PPTIp37dUuqn3Fcvw8HMBAjiYCTXiiWQw5cxMI0bOA=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-7eGpg5IcDUId8KoB0a498qojyRqpHSkXXaLGXDIWE4w=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-mwCqAoFCqprj1szOmiDKg7ZfrtUmDYQqyhMbyPy0CgI=' 'sha256-Q83ETaCVhrBB9N5rRQpoWaMBwfzpWMyYG8o8Cdqrv+8=' 'sha256-sS+tv1QD+iIFMrO71YNY497ZDK+o7L4aPcYdY7hXXh0=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-nYvw7U7817i4sMtNByAubW+U3UCcbHNXP+KgMOYwhQQ=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-TBHhT93eKsAWTdiM/wu7GzXkQg+R82NArJMkviGTFng=' 'sha256-nzIYCyS1yMtldIyU9o90sSHVHVR/8qACC+8v+r1thwM=' 'sha256-nKEuJtouBj9h8oo9sD47p/uY98CMvQvw2HDeq5YLS4s=' 'sha256-rwpnvWIXtC/ccDjfFnauT9lWgMXi2fv9kKExmSl3rDE=' 'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y=' 'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y=' 'sha256-kV/8jkFv/fK3YU2/lkJKrfqsxo0EWoACfKYB/H4fVU0=' 'sha256-z8KTzswc4v8taSUJ/JTguDMagJvum9ej3m3yXld36bE=' 'sha256-z8KTzswc4v8taSUJ/JTguDMagJvum9ej3m3yXld36bE=' 'sha256-z8KTzswc4v8taSUJ/JTguDMagJvum9ej3m3yXld36bE=' 'sha256-z8KTzswc4v8taSUJ/JTguDMagJvum9ej3m3yXld36bE=' 'sha256-heoV8/+TL9eT77j+CJZ/TJ5+lAIlX7cNF8ml/WU4upc=' 'sha256-1HAvLQjNntxZ/VLIUcUguWtBMSSBVsCCRDhqikFkKIo=' 'sha256-1HAvLQjNntxZ/VLIUcUguWtBMSSBVsCCRDhqikFkKIo=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-VdJLYZrBOhBJj2L4/+iZupDWpR1sppzSbgJzXdO/Oss=' 'sha256-XmkiOtRZxlM7jO+2kNywLjCpSe9Gn7JuxC7N59WxqgU=' 'sha256-4TgSPDrXeIw4qOSv0AsZ41X1wH0Qbu8GA7w/+ipPbTM=' 'sha256-jCMs+z9AxBHRLI9MV9GTOM3htc59BdgAG1qrbbXbWIQ=' 'sha256-jCMs+z9AxBHRLI9MV9GTOM3htc59BdgAG1qrbbXbWIQ=' 'sha256-Ldpc1e+8MfpMdsBFYOIen1Rn7qx0pmrnc9a010d8hSo=' 'sha256-J1sZAPPLEtw+DgEYfseyVq0uiDD4t2ZXQzv6gUxZ7xM=' 'sha256-N90MKmRow2DpYEVeqcc3uc8pOUsS4Rg4sNmkau1k0xQ=' 'sha256-bUWMiUQCnRAztgUZzEBl1k5icVRIDy4KYlxEpMHcY5Y=' 'sha256-EcowS3o2NvUmGQxZcqTiWnc4zKVglWpuvIG3k7S0Ets=' 'sha256-NnUZJasVrlxWDHXtEtV0fFOcxI+9Eq8ZR3YmAw52BZQ=' 'sha256-e6v1SBY0/nWORF0cSCN2iKUc90hYDPlQUe8okJKLZcY=' 'sha256-CNUiMz+82bLhz/7FO2UFI0JvLBCfayk/zoXQ2N7Py9s=' 'sha256-CNUiMz+82bLhz/7FO2UFI0JvLBCfayk/zoXQ2N7Py9s=' 'sha256-znYZgWMS+HX8RwSCllUh5pR9rZtu9oC73WaLtNEpU7c=' 'sha256-rfMzYBODMglSdASh6tqOTfn6DU7/Cg3hiIHPJs07Pkk=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Rilei2X8YIvp5aIpDmT37tsxcdGrjZEFgUGyS7TE4t0=' 'sha256-Rilei2X8YIvp5aIpDmT37tsxcdGrjZEFgUGyS7TE4t0=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-Hmgu+drKvAep/UPQhST79OBJXHZU4tlTlAud+xhhRvM=' 'sha256-Hmgu+drKvAep/UPQhST79OBJXHZU4tlTlAud+xhhRvM=' 'sha256-OnX2fj5BvhabmAeV4EYl2ZPvopxEbxE+cmHbs3PUdqM=' 'sha256-lMuNwjy4Fw1In/+Nadl5ZPm5gAa4t2jbLUL/ybM9rzU=' 'sha256-TP2zTUsnlS0KQk7BfO9o4AaN/L5QVWFHUtRtryJtJd0=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' data: https://botakis.com http://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com *.botakis.net *.botakis.com botakis.com; font-src 'self' https://botakis.com data: https://fonts.gstatic.com https://netdna.bootstrapcdn.com; img-src http: https: data: *.botakis.net *.botakis.com botakis.com; frame-ancestors 'self' https://*.facebook.com https://connect.facebook.net; frame-src 'self' data: https://www.youtube.com https://connect.facebook.net https://web.facebook.com https://www.facebook.com https://www.youtube-nocookie.com; connect-src 'self' data: *.clarity.ms *.botakis.net *.botakis.com botakis.com wss://*.botakis.net wss://*.botakis.com wss://botakis.com https://maps.googleapis.com https://web.facebook.com https://www.facebook.com https://socialplugin.facebook.net;  1
default-src 'self' *.vitaminstore.nl; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
base-uri 'self';connect-src 'self' *.analytics.google.com *.google-analytics.com *.tinypass.com bat.bing.com beagleider.tamedia.link c2.piano.io stats.g.doubleclick.net zuba.prod.tda.link;default-src 'none';font-src 'self' data:;frame-ancestors 'self';frame-src www.googletagmanager.com *.tinypass.com cdn.cxense.com;img-src 'self' data: blob: *.amazonaws.com *.google-analytics.com comcluster.cxense.com ib.adnxs.com www.google.ch www.google.com www.google.de www.google.it www.google.rs www.googletagmanager.com;script-src 'self' 'strict-dynamic' beagle.prod.tda.link www.googletagmanager.com 'unsafe-eval' 'nonce-c583ee2f067a32ca0ac9293dec5352a2';style-src 'self' 'unsafe-inline';worker-src 'self';report-uri /csp-report 1
frame-ancestors 'self' https://*.etracker.com; 1
default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antirobot.smit.ee https://antirobot-test.smit.ee https://matomo.ria.ee https://www.ria.ee https://static.cloudflareinsights.com ajax.cloudflare.com https://juturobot.id.ee; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://antirobot.smit.ee https://antirobot-test.smit.ee https://matomo.ria.ee https://www.ria.ee https://static.cloudflareinsights.com ajax.cloudflare.com https://juturobot.id.ee; worker-src blob: https://antirobot.smit.ee https://antirobot-test.smit.ee https://www.id.ee; img-src 'self' data: https://www.id.ee https://id.ee https://matomo.ria.ee https://juturobot.id.ee; font-src 'self' data:; connect-src https://antirobot.smit.ee https://antirobot-test.smit.ee 'self' https://matomo.ria.ee https://juturobot-ruuter.id.ee https://juturobot.id.ee; style-src 'self' 'unsafe-inline'; media-src 'self' https://player.vimeo.com https://juturobot.id.ee; frame-src 'self' https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
frame-ancestors https://*.studiomuseum.org/ 1
default-src 'self' data: https://www.google.com https://ka-f.fontawesome.com/ https://cariai.com/ https://fonts.gstatic.com/ https://www.youtube.com/; script-src 'self' 'unsafe-inline' https://widgets-api.embluemail.com/library/2.12.3 https://kit.fontawesome.com/a238bd4a6b.js https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js https://widgets-static.embluemail.com/accounts/4615F286C318E50F/scripts/sw_461.js https://www.gstatic.com/recaptcha/releases/ https://widgets-api.embluemail.com/library/2.12.2 https://cariai.com/ https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/; img-src 'self' data: https://cariai.com/webclient/img/loader.gif; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src * data:; media-src 'self' *.1099pro.com; object-src 'self'; frame-src 'self' *.1099pro.com *.doubleclick.net *.google.com *.youtube.com www.facebook.com *.wistia.net *.force.com sovos.getfeedback.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com *.sfdcstatic.com data: blob:; frame-ancestors 'self' *.1099pro.com; connect-src *; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://skk.erecruiter.pl https://*.userway.org; script-src 'nonce-2101e0c554e19f8e2bf28216787624ac' 'self' https://bat.bing.com https://*.clarity.ms https://pagead2.googlesyndication.com https://www.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.gstatic.com https://skk.erecruiter.pl https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.userway.org; img-src 'self' data: https://bat.bing.com https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://cdn.userway.org https://www.google.com https://www.google.pl https://www.gstatic.com https://www.google-analytics.com https://script.hotjar.com; font-src 'self' https://*.userway.org https://fonts.gstatic.com https://www.googletagmanager.com https://script.hotjar.com; connect-src 'self' https://region1.google-analytics.com https://*.clarity.ms wss://ws.przelewy24.pl https://secure.przelewy24.pl https://offers.erecruiter.pl https://*.userway.org https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://*.analytics.google.com; frame-src https://td.doubleclick.net https://optimize.google.com https://www.google.com https://cdn.userway.org https://vars.hotjar.com https://consentcdn.cookiebot.com; base-uri 'none'; form-action 'self' https://www.przelewy24.pl/zapytanie-o-dane https://secure.przelewy24.pl; frame-ancestors 'none'; object-src https://player.vimeo.com; 1
frame-src 'self' dailyhoro.ru vk.com *.vk.com *.youtube.com my.mail.ru rutube.ru *.doubleclick.net *.googlesyndication.com *.yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.net yastatic.net *.adfox.ru yastat.net cse.google.com *.criteo.com *.criteo.net *.adhigh.net *.betweendigital.com *.google.com uuidksinc.net *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru ; child-src 'self' dailyhoro.ru vk.com *.vk.com *.youtube.com my.mail.ru rutube.ru *.doubleclick.net *.googlesyndication.com *.yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.net yastatic.net *.adfox.ru yastat.net cse.google.com *.criteo.com *.criteo.net *.adhigh.net *.betweendigital.com *.google.com uuidksinc.net *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru ; object-src 'self' *.googlesyndication.com yandex.net *.yandex.net; font-src 'self' data: fonts.gstatic.com *.yandex.ru yastatic.net yastat.net; media-src 'self' data: *.yandex.ru *.yandex.net yandex.ru yandex.st yastatic.net *.adfox.ru yastat.net *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru; img-src 'self' data: android-webview-video-poster: android-webview: vk.com *.googleapis.com *.google.com *.googlesyndication.com *.doubleclick.net *.yandex.ru *.yandex.net *.adfox.ru yastat.net mc.admetrica.ru z.moatads.com *.weborama.fr yastatic.net *.tns-counter.ru tns-counter.ru *.gstatic.com http://chart.apis.google.com *.betweendigital.com *.adhigh.net dsp.retailrocket.net ads.adsinspidsp.com *.criteo.net bs.serving-sys.com *.cdnkimg.com *.viiyhn.com *.uuidksinc.net hdbcome.com s.viixty.com *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com yandex.st yastatic.net *.adfox.ru yastat.net; connect-src 'self' yandex.ru *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.uz yandex.st yastatic.net *.yandex.net *.adfox.ru yastat.net *.googleapis.com *.googlesyndication.com *.gstatic.com *.mail.ru *.betweendigital.com *.adhigh.net *.criteo.com *.criteo.net *.buzzoola.com *.otm-r.com *.doubleclick.net *.cdnkimg.com *.viiyhn.com *.uuidksinc.net hdbcome.com *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com *.google.com *.google.ru *.google.com.ua *.google.kz *.google.kg *.google.co.il *.google.co.uk *.google.de *.google.co.uz *.google.ee *.google.lv *.google.fr *.google.it *.google.tm *.google.md *.google.lt *.google.az *.google.ge *.google.es *.google.com.tr *.google.pl *.google.com.tj *.google.ae *.googleapis.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googleadservices.com cdn.ampproject.org yandex.ru *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.uz yastatic.net yandex.st *.adfox.ru yastat.net polyfill.io webvisor.com *.apester.com *.betweendigital.com *.criteo.com *.criteo.net *.creativecdn.com *.mail.ru *.instreamatic.com hdbcome.com *.wi-fi.ru *.afp.ai *.bumlam.com acint.net *.terratraf.com *.adriver.ru; default-src 'self' *.googlesyndication.com; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; font-src *;img-src * data:; script-src 'self' www.google-analytics.com ajax.googleapis.com 'unsafe-inline' https: http: 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: http:; object-src 'none';connect-src 'self' www.google-analytics.com ajax.googleapis.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com; frame-src 'self' jobs.jobvite.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.akamaihd.net https://www.awin1.com https://*.hotjar.com https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.ro https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.ro https://m.myprotein.ro https://checkout.myprotein.ro https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https: wss:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' https:; worker-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' *.google-analytics.com *.google.com  use.fontawesome.com 'unsafe-inline'; script-src 'self' use.fontawesome.com *.google-analytics.com *.google.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' online.eccmid.org *.eccmid.org *.escmid.org; 1
connect-src 'self' *.eu.ipqualityscore.com *.ipqualityscore.com *.aitudala.kz api.kassa24.kz sentry2.kassa24.kz login.vk.com dmp.dt.aitudala.kz aitudala.kz ecommerce.pult24.kz stats.g.doubleclick.net rtc-v2-ms1.bitrix24.com wss://rtc-v2-ru4.bitrix24.com *.bitrix24.com www.facebook.com mc.yandex.kz mc.yandex.ru push.esputnik.com spektr.bitrix24.kz top-fwz1.mail.ru www.google-analytics.com ajax.googleapis.com plugin.ucads.ucweb.com sovetnik.market.yandex.ru code.jquery.com datds.net rtc-v2-ms1.bitrix24.com yandex.ru mc.yandex.ua mc.yandex.kg mc.yandex.by mc.yandex.ee mc.yandex.lv mc.yandex.uz www.kassa24.kz; img-src data: *.maps.yandex.net games.szhuldyz.kz lh3.googleusercontent.com ssl.gstatic.com cdn-ru.bitrix24.kz www.google.com www.google.kz login.vk.com yastatic.net www.google.ru www.googletagmanager.com vec01.maps.yandex.net api-maps.yandex.ru cdn.bitrix24.kz kassa24.kz top-fwz1.mail.ru vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net www.google-analytics.com www.google.ae www.google.com.ua www.google.ie yandex.ru m.facebook.com www.facebook.com 'self' mc.yandex.ru pics.kassa24.kz spektr.bitrix24.kz vk.com www.google.co.uk www.google.lv auth2.bitrix24.net stats.g.doubleclick.net www.google.by www.google.it m.vk.com www.google.co.il www.google.de www.google.fr www.google.ge www.szhuldyz.kz www.google.com.tj www.google.lt core-sat.maps.yandex.net www.google.no file www.google.az www.google.com.eg www.google.es www.google.co.kr blob: connect.facebook.net translate.google.com www.google.am www.google.at www.google.be www.google.bg www.google.co.id www.google.co.uz www.google.com.do www.google.com.kw www.google.com.mt www.google.com.tr www.google.cz www.google.hu www.google.iq www.google.kg www.google.mn www.google.mv www.google.nl www.google.ro www.google.rs www.google.se www.google.tm www.gstatic.com; frame-src 'self' yandex.ua games.szhuldyz.kz aitubirge.kz yandex.ru api-maps.yandex.ru mc.yandex.md mc.yandex.ru www.googletagmanager.com www.youtube.com dl.metabar.ru saltcdn2.googleapis.com www.facebook.com www.google.com gsa://onpageload data:; script-src-elem *.ipqualityscore.com *.aitudala.kz dmp.dt.aitudala.kz aitudala.kz tagmanager.google.com aitubirge.kz yastatic.net yandex.st 'self' 'unsafe-inline' cdn-ru.bitrix24.kz api.instagram.com api.vk.com cdn.bitrix24.kz connect.facebook.net esputnik.com graph.facebook.com mc.yandex.ru spektr.bitrix24.kz top-fwz1.mail.ru api.ppyvzz8u.biz vk.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com api-maps.yandex.ru gc.kis.v2.scr.kaspersky-labs.com dl.metabar.ru vec01.maps.yandex.net vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net saltcdn2.googleapis.com code.jquery.com www.instagram.com data: gc.kis.scr.kaspersky-labs.com s3.amazonaws.com ajax.googleapis.com cdn-javascript.net cdnjs.cloudflare.com mc.yandex.kz vk-online.xyz; script-src *.eu.ipqualityscore.com *.ipqualityscore.com *.aitudala.kz aitudala.kz aitubirge.kz yastatic.net cdn-ru.bitrix24.kz yandex.st vec01.maps.yandex.net vec02.maps.yandex.net vec03.maps.yandex.net vec04.maps.yandex.net ucads-cdn.ucweb.com 'self' 'unsafe-eval' 'unsafe-inline' api.instagram.com api.vk.com cdn.bitrix24.kz cdn.visadd.com connect.facebook.net esputnik.com graph.facebook.com mc.yandex.ru spektr.bitrix24.kz top-fwz1.mail.ru vk.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com api-maps.yandex.ru code.jquery.com mc.yandex.kz ajax.googleapis.com blob: cdn-javascript.net clck.yandex.ru img.ucweb.com www.instagram.com; font-src data: 'self' fonts.gstatic.com chrome-extension themes.googleusercontent.com; child-src 'self'; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com spektr.bitrix24.kz 'self' translate.googleapis.com; style-src-elem tagmanager.google.com fonts.googleapis.com 'unsafe-inline' spektr.bitrix24.kz 'self' gc.kis.v2.scr.kaspersky-labs.com; style-src-attr 'unsafe-inline'; default-src fonts.googleapis.com spektr.bitrix24.kz 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline'; manifest-src 'self'; worker-src 'self' 1
frame-ancestors https://admin.goshenhealth.com; default-src 'unsafe-inline' 'self' data: blob: *.blackbaudhosting.com *.google.com *.google-analytics.com *.googletagmanager.com *.vimeo.com *.youtube.com *.googleapis.com *.gstatic.com *.addtoany.com *.cloudflare.com *.doubleclick.net *.acsbapp.com acsbapp.com *.mercuryhealthcare.com *.simpli.fi *.stackadapt.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.youtube.com www.tagassistant.google.com www.google-analytics.com cdnjs.cloudflare.com *.trumba.com unpkg.com/dept-cookie-management@latest/dist/index.js public.tableau.com platform.twitter.com js.createsend1.com; 1
frame-ancestors https://*.freethinkingdesign.co.uk 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.clarity.ms *.ytimg.com *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-tresemme.com https://shop-id-tresemme.com/; 1
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.google.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net 'self' *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'self' *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; 1
frame-ancestors 'self' https://*.bitmake.com 1
default-src 'self' 'unsafe-evel' cdn.linkedin.oribi.io cloudflareinsights.com analytics.google.com www.youtube.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.facebook.com stats.g.doubleclick.net www.digikey.com www.mouser.com www.arrow.com www.chip1stop.com www.techdesign.com www.macnica-mouser.jp www.avnet.com eshop.wpgam.com www.linkedin.com twitter.com vimeo.com docs.google.com electronica.de www.embedded-world.de www.semicontaiwan.org winbond-virtual.com www.renesas.com www.ambiq.com nuvoton.com flex-logix.com www.tsingmicro.com www.kneron.com www.secure-ic.com www.karambasecurity.com survey.winbond.com careers.winbond.com www.linkedin.com www.instagram.com wms.gridow.com wecbot1.azurewebsites.net; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' apis.google.com https://static.cloudflareinsights.com https://analytics.google.com https://connect.facebook.net https://winbond.componentsearchengine.com https://snap.licdn.com https://www.googletagmanager.com https://analytics.thesys.com.tw https://www.googleoptimize.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ;style-src 'self' https://optimize.google.com https://fonts.googleapis.com  'unsafe-inline';img-src https: data: ; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://winbond.componentsearchengine.com https://wecbot1.azurewebsites.net https://www.youtube.com https://optimize.google.com https://*.svc.dynamics.com https://px.ads.linkedin.com  1
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com self 1
default-src 'none'; font-src 'self' *.fontawesome.com https://fonts.gstatic.com *.smartberatung.com; connect-src *; img-src * 'self' data:; manifest-src 'self'; script-src 'self' 'sha256-4aaJydMc9UegI5a++jbF3kK7VnlYo2GDOUQnvgSBNro=' polyfill.io *.smartberatung.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.fontawesome.com https://fonts.googleapis.com *.core.windows.net; frame-ancestors 'none'; frame-src *.google.com *.trustyou.com *.youtube.com *.youtu.be review-service.holidaycheck.com; media-src 'self' static.gebeco.de *.studiosus.com; object-src 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net https://danskebank.dk *.danskebank.dk *.danskebank.no *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.no https://www.danskeinvest.fi https://code.highcharts.com; object-src 'self' video.qbrick.com; frame-src 'self' https://9861163.fls.doubleclick.net  https://shared-logon.danskebank.com https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://www.danskeinvest.dk https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.no *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com https://www.danskeinvest.no/ *.qualtrics.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' metrics.convertexperiments.com logs.convertexperiments.com https://static.zdassets.com https://ekr.zdassets.com https://vertexcrypto.zendesk.com https://nelogica.zendesk.com https://help.vectorcrypto.com https://*.zopim.com https://*.zopim.io https://*.zdusercontent.com wss://notifications.vectorcrypto.com wss://vertexcrypto.zendesk.com wss://nelogica.zendesk.com wss://*.zopim.com ;                           img-src https: 'self' data:;                           frame-ancestors 'self' https://web.vectorcrypto.com/ https://vertex-homolog.vertexcrypto.com/ https://multibroker-homolog.nelogica.com.br/ https://criptotraderonovoinvestidor.club.hotmart.com/ 1
default-src 'self' *.google.com *.google.com.co *.doubleclick.net *.google-analytics.com *.jquery.com *.youtube.com *.emtelco.co *.tuya.com.co *.bootstrapcdn.com *.datatables.net *.cloudfront.net *.fontawesome.com static2.creative-serving.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.maxymiser.net *.maxymiser.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io *.cloudflare.com *.qualtrics.com *.facebook.com *.facebook.net jsonip.com *.doubleclick.net 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.eltiempo.co *.ltroute.com *.logo.wine *.googleadservices.com *.bkrtx.com adserv.mobi *.loganmedia.mobi *.bluekai.com *.go2aluna.co ikiwi.co *.pure.cloud wss://streaming.cac1.pure.cloud data: blob: mediastream: https://www.tuya.com.co;; frame-ancestors *.exito.com *.carulla.com *.puntoscolombia.com *.maxymiser.com;; report-uri /report-csp-violation 1
object-src 'none'; form-action 'self' https://cl.s4.exct.net/subscribe.aspx https://www.facebook.com/tr/; frame-ancestors 'self' 1
form-action 'self'; upgrade-insecure-requests; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; base-uri 'self'; script-src: 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com; form-action 'self'; style-src: 'unsafe-inline' 1
frame-ancestors 'self' 'https://www.googletagmanager.com'; 1
connect-src 'self' https://*.clarity.ms https://*.pendo.io https://*.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com www.googletagmanager.com www.google-analytics.com wss://*.salemove.com wss://*.twilio.com https://*.twilio.com https://*.salemove.com https://*.everesttech.net https://assets.adobedtm.com https://*.omtrdc.net https://*.demdex.net https://*.powerreviews.com https://*.decibelinsight.net wss://*.decibelinsight.net *.mercuryinsurance.com https://service.maxymiser.net https://bs.serving-sys.com https://tags.bkrtx.com https://developers.google.com https://*.gomoxie.solutions https://maps.googleapis.com; frame-ancestors 'self' https://*.mercuryinsurance.com  https://*.mercuryfirst.com https://*.akstat.io https://*.go-mpulse.net https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com 1
frame-ancestors 'self' tangerangselatankota.go.id *.tangerangselatankota.go.id; 1
frame-ancestors 'self' shop.eriks.nl *.shop.eriks.nl; upgrade-insecure-requests; script-src eriks.nl *.eriks.nl *.shop.eriks.nl *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://analytics.google.com https://google-analytics.com *.kc-usercontent.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com m9mnfvx55c.execute-api.ap-southeast-2.amazonaws.com 675enu410d.execute-api.ap-southeast-2.amazonaws.com www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com www.gstatic.com www.youtube.com stats.g.doubleclick.net www.google.com.au *.i-med.com.au https://voc.i-med.com.au/jfe/form/SV_0DsfWnTJT7FmPJQ snap.licdn.com cdn.linkedin.oribi.io px.ads.linkedin.com 1
frame-ancestors 'self' https://*.office365.com https://*.office.com  https://*.outlook.com https://*.live.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline' 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
img-src *.mvcc.edu *.gstatic.com *.googleapis.com *.amazonaws.com *.451.io *.sparksites.io *.facebook.com data: ; object-src *.mvcc.edu *.amazonaws.com *.451.io *.sparksites.io 1
form-action 'self' https://cl.exct.net https://otip.ca1.qualtrics.com  https://siteintercept.qualtrics.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://otip.my.salesforce-sites.com https://www.google.com https://cdn.jsdelivr.net http://w.sharethis.com https://analytics.twitter.com http://www.gstatic.com https://static.ads-twitter.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net http://bat.bing.com http://siteimproveanalytics.com http://platform.twitter.com https://cdnjs.cloudflare.com https://player.vimeo.com http://graph.facebook.com https://graph.facebook.com https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com http://www.google-analytics.com https://www.google-analytics.com https://weatherwidget.io https://maxcdn.bootstrapcdn.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://websites.cdn.getfeedback.com https://ajax.googleapis.com https://googleads.g.doubleclick.net http://www.googleadservices.com http://*.addthis.com https://*.addthis.com https://*.addthisedge.com use.typekit.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://z.moatads.com http://www.twinsurance.ca https://play.vidyard.com;  style-src 'self' 'unsafe-inline' https://getbootstrap.com https://cdn.jsdelivr.net https://www.otipinsurance.com http://www.otipinsurance.com use.typekit.net https://optimize.google.com https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com;  img-src 'self' data: https://i.ytimg.com https://script.hotjar.com https://bat.bing.com https://analytics.twitter.com https://t.co https://6105564.global.siteimproveanalytics.io https://edvantage.ca p.typekit.net https://stats.g.doubleclick.net https://ssl.google-analytics.com https://siteintercept.qualtrics.com https://quote.otip.com https://otipinsurance.com https://www.google.ca https://www.google.com https://www.otipinsurance.com https://www.otip.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com;   font-src 'self' use.typekit.net https://script.hotjar.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; object-src 'self';     frame-src 'self' https://otip.com/ https://dev.raeoassurance.com/ https://optimize.google.com https://www.facebook.com https://vars.hotjar.com https://www.getfeedback.com https://otip.ca1.qualtrics.com/ https://*.addthis.com https://www.youtube.com https://www.otip.com https://share.transistor.fm https://bid.g.doubleclick.net https://weatherwidget.io https://player.vimeo.com https://play.vidyard.com; connect-src 'self' https://ask.hotjar.io https://surveystats.hotjar.io https://pagead2.googlesyndication.com https://metrics.hotjar.io https://static.hotjar.com https://otip.my.salesforce.com https://content.hotjar.io https://otip.my.salesforce-sites.com https://bat.bing.com https://otip.secure.force.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://www.google.ca https://www.googleadservices.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.addthis.com https://siteintercept.qualtrics.com; report-uri https://www.otip.com/otip/endpoint; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org connect.facebook.net *.iesnare.com *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' consumersupport.pg.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' https://cdnjs.cloudflare.com https://pixel.sitescout.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://adservice.google.com 'unsafe-inline'; connect-src 'self' https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://adservice.google.com https://maps.googleapis.com; frame-src https://form.asana.com  https://intranet.anbank.com https://app.acuityscheduling.com https://vimeo.com https://videos.sproutvideo.com https://td.doubleclick.net https://player.vimeo.com https://pixel.sitescout.com https://maps.googleapis.com https://www.googletagmanager.com https://filter.techloq.com https://tpc.googlesyndication.com https://www.google.com https://anbank.na2.echosign.com https://www.canva.com https://www.youtube.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * data: 'unsafe-inline'; img-src * data:; media-src * data:; font-src * data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1388a512063760fff04504543f514f27&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=CSP 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: google.com six-middelware-backend.s3.amazonaws.com *.linkedin.com *.relay-t.io *.licdn.com *.spotify.com anchor.fm *.bugsnag.com wss://*.pusher.com *.pusher.com *.hijiffy.com open.spotify.com *.triptease.io mbrfp.meetingbroker.com vod-progressive.akamaized.net api.segment.io *.simplecast.com core.spreedly.com cdn.jsdelivr.net extreme-ip-lookup.com cdn.segment.com *.selfbook.com player.simplecast.com *.cendyn.com *.cendynhub.com player.vimeo.com *.pcibooking.net booking.azds.com cdnjs.cloudflare.com *.sojern.com api.ipstack.com newbooking.azds.com *.youtube.com api.ipstack.com *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; font-src 'self' data: six-middelware-backend.s3.amazonaws.com *.hijiffy.com maxcdn.bootstrapcdn.com six-middelware-backend.s3.amazonaws.com *.selfbook.com cdnjs.cloudflare.com fonts.azds.com newbooking.azds.com *.gstatic.com *.typekit.net; img-src 'self' data: six-middelware-backend.s3.amazonaws.com *.google.es *.linkedin.com messenger-services.com s3.eu-west-1.amazonaws.com *.hijiffy.com cdnjs.cloudflare.com *.selfbook.com *.youtube.com *.w.org *.synxis.com newbooking.azds.com *.sojern.com match.adsrvr.org ib.adnxs.com px.marchex.io *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' six-middelware-backend.s3.amazonaws.com *.hijiffy.com *.triptease.io maxcdn.bootstrapcdn.com *.selfbook.com cdn.jsdelivr.net cdnjs.cloudflare.com *.thehotelsnetwork.com newbooking.azds.com *.typekit.net 'unsafe-inline' *.googleapis.com 1
frame-ancestors 'self' *.vanarama.com *.visualcapitalist.com visualcapitalist.com 1
upgrade-insecure-requests;default-src 'self' 'unsafe-inline' 'unsafe-eval' js: https: data: blob: ymeeting: ymeetingontest: wss:;media-src https: http: rtmp: blob: data: 'self';frame-src ymeeting: ymeetingontest: js: https: 'self';img-src data: blob: https://open.weixin.qq.com gm.mmstat.com *.ylyun.com *.yealinkmeeting.com *.onyealink.com *.ymcs.yealink.com *.onyealinkcloud.com *.aliyuncs.com *.azureedge.net *.blob.core.windows.net 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' hagen.de *.hagen.de stadt-hagen.de *.stadt-hagen.de; 1
default-src https: data: *.crisp.chat *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com wss://*.crisp.chat 'unsafe-inline' 'unsafe-eval' always; worker-src 'self' blob:; img-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; media-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; object-src 'self' https://* blob: data:; connect-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; 1
default-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://mktdplp102cdn.azureedge.net https://www.google-analytics.com https://yourir.info https://hcaptcha.com https://*.hcaptcha.com https://netwealth.us1.list-manage.com;object-src 'none';style-src 'self' 'unsafe-inline' https://yourir.info https://fast.fonts.net https://*.mailchimp.com https://hcaptcha.com https://*.hcaptcha.com;img-src 'self' https://www.netwealth.com.au https://www.google.com https://www.google.com.au https://*.dynamics.com data: https://theme.zdassets.com https://i.vimeocdn.com;frame-src https://*.dynamics.com https://player.vimeo.com https://html5-player.libsyn.com https://open.spotify.com https://*.vimeocdn.com/ https://*.akamaized.net https://player-telemetry.vimeo.com https://newassets.hcaptcha.com https://datawrapper.dwcdn.net https://hcaptcha.com https://*.hcaptcha.com;font-src 'self';connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://yourir.info https://*.dynamics.com https://analytics.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com;base-uri 'self' 1
frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1
frame-ancestors 'self'; default-src * data: *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: *  blob: *; media-src * data: *  blob: *; connect-src *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.coffee; img-src 'self' https: data: blob: https://mastodon.coffee; style-src 'self' https://mastodon.coffee 'nonce-1srBfpTMUu3iDUb9gteqkw=='; media-src 'self' https: data: https://mastodon.coffee; frame-src 'self' https:; manifest-src 'self' https://mastodon.coffee; form-action 'self'; child-src 'self' blob: https://mastodon.coffee; worker-src 'self' blob: https://mastodon.coffee; connect-src 'self' data: blob: https://mastodon.coffee https://cdn.mastodon.coffee wss://mastodon.coffee; script-src 'self' https://mastodon.coffee 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn-assets.rapidspike.com s3-eu-west-1.amazonaws.com tbs.tradedoubler.com www.google.de a.clarity.ms *.googleapis.com form.jotformeu.com/jsform/51723766068967 prd-cdn-talkdesk.talkdesk.com events.jotform.com rum-6c19510f-34c4-48b7-81c0-305a08ada6eb.rapidspike.com ib.adnxs.com cdn03.jotfor.ms/static/jotform.forms.js www.google.com api.zuko.io stats.addsearch.com secure.quantserve.com analytics.google.com fonts.gstatic.com pixel.sojern.com www.google.ie *.adsrvr.org www.neilson.co.uk www.awin1.com *.sojern.com www.youtube.com www.google.no c.plerdy.com feefo.com submit.jotformeu.com addsearch.com/searchui/rp/ *.criteo.com www.tripadvisor.com *.visualwebsiteoptimizer.com id5-sync.com *.bidswitch.net c.clarity.ms www.googletagmanager.com r1.trackedweb.net o2.mouseflow.com *.jotfor.ms www.google.ca livechat.sentimentmetrics.com api.curator.io js.jotform.com addsearch.com i.clarity.ms services.postcodeanywhere.co.uk beacon.sojern.com a.insiteful.co cdn01.jotfor.ms form.jotform.com k.clarity.ms *.clarity.ms ads.stickyadstv.com adservice.google.com jotfor.ms cdn.stickyadstv.com *.hotjar.com sync-criteo.ads.yieldmo.com wss://www.neilson.co.uk public-prod-dspcookiematching.dmxleo.com www.google.co.za content.hotjar.io h.clarity.ms www.google.com.au img.thedailybeast.com app.sentimentmetrics.com www.air-port-codes.com m.clarity.ms eb2.3lift.com form.jotform.com/jsform/231851742837058 www.dwin1.com i.liadm.com edge.cookiefirst.com secure.atcoretec.com cur.cursors-4u.net a.plerdy.com form.jotform.com/jsform/210484116064044 r1.dotmailer-surveys.com ad.360yield.com www.kitty-export-6mmcu4y-qzu3vdfcd6ql6.uk-1.platformsh.site www.google-analytics.com ad.sxp.smartclip.net api.jotform.com *.b-cdn.net widget.trustpilot.com *.taboola.com pixel.quantcount.com region1.google-analytics.com simage2.pubmatic.com www.google.es jadserve.postrelease.com contextual.media.net cdn.mouseflow.com f.plerdy.com api.feefo.com www.google.gr f.clarity.ms match.adsrvr.org pbs.twimg.com widgets.jotform.io api.cookiefirst.com vc.hotjar.io s.thebrighttag.com www.google.co.in www.google.com.ng cdn03.jotfor.ms t.co form.jotform.com/jsform/221854125892056 assets.zuko.io wss://livechat.sentimentmetrics.com www.google.nl i.vimeocdn.com exchange.mediavine.com cdn-be.curator.io vimeo.com *.doubleclick.net cdn.jsdelivr.net b.clarity.ms *.cloudfront.net collect.feefo.com cdn.linkedin.oribi.io staging-5em2ouy-gsijxcmam3ivi.uk-1.platformsh.site app.vwo.com tags.bluekai.com www.google.it eu-submit.jotform.com *.linkedin.com pxl.qccerttest.com cdn02.jotfor.ms ad.yieldlab.net visitor.omnitagjs.com *.cdninstagram.com www.zenaps.com *.casalemedia.com www.googletagmanager.com/gtm.js c.bing.com *.facebook.net d.clarity.ms try.abtasty.com sp.analytics.yahoo.com metrics.hotjar.io *.twitter.com sync.outbrain.com *.demdex.net www.instagram.com/ www.wepowerconnections.com prreqcroab.icu e1.emxdgt.com www.instagram.com/embed.js s.ad.smaato.net *.feefo.com fcmatch.youtube.com j.clarity.ms *.googleadservices.com talkdeskchatsdk.talkdeskapp.com wss://tsock.us1.twilio.com www.google.ch secure.adnxs.com adservice.google.co.uk rules.quantcount.com register.feefo.com region1.analytics.google.com static.trackedweb.net *.smartadserver.com match.sharethrough.com www.google.hr www.google.im ads.yahoo.com ssl.google-analytics.com sync.aralego.com fcmatch.google.com prod.neilson.co.uk ipapi.co *.rubiconproject.com form.jotformeu.com adgen.socdm.com n.clarity.ms api.addsearch.com bat.bing.com a.twiago.com consent.cookiefirst.com cdn.jotfor.ms editor-assets.abtasty.com *.akamaized.net *.vimeo.com *.ads-twitter.com static.cookiefirst.com cdnjs.cloudflare.com api.talkdeskapp.com *.criteo.net pixel.quantserve.com e.clarity.ms cdn.curator.io pixel.advertising.com ariane.abtasty.com criteo-partners.tremorhub.com matching.ivitrack.com c1.adform.net g.clarity.ms www.google.fr api.rollbar.com app.addsearch.com criteo-sync.teads.tv my.neilson.co.uk www.clarity.ms jobs.neilson.co.uk www.google.pl cdn.speedsize.com images.neilson.co.uk *.facebook.com flagcdn.com pixel.tapad.com dcinfos-cache.abtasty.com *.licdn.com l.clarity.ms www.google.co.uk ups.analytics.yahoo.com s6.searchcdn.com; frame-ancestors 'self' www.neilson.co.uk my.neilson.co.uk jobs.neilson.co.uk bnr.thedataclicks.com docs.neilson.co.uk staging.neilson.co.uk docstest.neilson.co.uk www.google.com ;  1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://static.ads-twitter.com https://connect.facebook.net https://analytics.twitter.com http://*.olark.com; connect-src 'self' https://api.mapbox.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net http://*.olark.com; img-src 'self' https://fourwalls.rentler.com https://www.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net www.googletagmanager.com https://www.facebook.com https://t.co data: http://*.olark.com; font-src 'self' fonts.gstatic.com http://*.olark.com; media-src 'self' http://*.olark.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' http://*.olark.com; base-uri 'self'; form-action 'self'; frame-src http://*.olark.com; frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:;font-src * data:; 1
frame-ancestors 'self' smartai.com.au *.smartai.com.au 1
default-src 'self' * 'unsafe-inline' blob:; img-src 'self' * data:; font-src 'self' * data:; script-src 'unsafe-eval' 'unsafe-inline' blob: https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://cdn.cookielaw.org/ https://merck.nextit.com/ https://www.google-analytics.com/ https://players.brightcove.net/ https://maps.googleapis.com/ https://t.contentsquare.net/ https://connect.facebook.net/ https://bat.bing.com/ https://cdn.di-capt.com/ https://cdn.voice-of-customers.com/ https://www.medtargetsystem.com/ https://vjs.zencdn.net/ https://static.ads-twitter.com/ https://trc.lhmos.com/ https://match.deepintent.com/ https://secure.adnxs.com/ https://merck-test.nextit.com/ https://tag.demandbase.com/ https://www.googleadservices.com/ https://cdnjs.cloudflare.com/ https://tags.tiqcdn.com/ https://scripts.demandbase.com/ https://documentcloud.adobe.com/ https://www.keytruda.com https://www.keytrudalenvima.com https://www.keytrudalenvimahcp.com https://www.keytrudahcp.com https://bh.contextweb.com https://aim-tag.hcn.health https://cdn.evgnet.com https://eq5trck.com https://b-code.liadm.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.civiccomputing.com https://*.youtube.com https://*.azure.com https://*.google.com https://*.gstatic.com https://*.hackerone.com https://hackerone.com 'unsafe-eval' blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.licdn.com https://*.hackerone.com https://hackerone.com; style-src 'self' 'unsafe-inline' https://*.typekit.net; frame-src 'self' https://*.youtube.com https://*.google.com https://*.hackerone.com https://hackerone.com; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.umbraco.com https://*.analytics.google.com https://*.doubleclick.net https://*.oribi.io https://*.google-analytics.com; font-src 'self' 'unsafe-inline' data: https://*.typekit.net; img-src 'self' https://*.gravatar.com https://*.umbraco.com data: https://*.vimeocdn.com https://*.google.co.uk https://*.linkedin.com https://*.google-analytics.com 1
require-trusted-types-for 'script';report-uri /_/MeetingsUi/cspreport 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.my.salesforce.com *.powerreviews.com cdn.userway.org *.efuturesworld.com *.airportappliance.com etail.mysynchrony.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.my.salesforce.com *.salesforceliveagent.com *.force.com *.google.com *.airportappliance.com *.syfpayments.com *.syfpos.com *.mysynchrony.com *.syf.com *.tiqcdn.com etail.mysynchrony.com https://seo.mageplaza.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.twitter.com *.google.com *.addthis.com *.my.salesforce.com *.salesforceliveagent.com *.force.com *.salesforce-sites.com cdn.userway.org *.efuturesworld.com *.airportappliance.com pdpone.syfpayments.com widgets.syfpayments.com etail.mysynchrony.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com *.authorize.net syf.demdex.net *.syfpos.com *.syf.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.webfronts.com airportcdn.efuturesworld.com *.my.salesforce.com *.powerreviews.com *.force.com *.efuturesworld.com *.airportappliance.com collector-6715.tvsquared.com cdn.userway.org pdpone.syfpayments.com etail.mysynchrony.com res.cloudinary.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.google.com *.googletagmanager.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.my.salesforce.com *.powerreviews.com *.force.com *.salesforceliveagent.com *.salesforce-sites.com *.efuturesworld.com *.airportappliance.com cdn.userway.org collector-6715.tvsquared.com cdn.evgnet.com bat.bing.com *.google.it *.searchspring.io beacon.searchspring.io *.syfpayments.com *.syfpos.com *.mysynchrony.com *.syf.com *.tiqcdn.com pdpone.syfpayments.com etail.mysynchrony.com mpsnare.iesnare.com *.avada.io www.facebook.com connect.facebook.net business.facebook.com *.googletagmanager.com *.googleadservices.com *.authorize.net sandbox-assets.secure.checkout.visa.com analytics.synchrony.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.my.salesforce.com *.powerreviews.com *.force.com *.efuturesworld.com cdn.userway.org *.airportappliance.com *.salesforce-sites.com pdpone.syfpayments.com etail.mysynchrony.com maxcdn.bootstrapcdn.com *.syfpos.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.cloudflare.com *.twitter.com *.paypal.com *.my.salesforce.com *.powerreviews.com *.salesforceliveagent.com *.force.com *.salesforce-sites.com *.google-analytics.com googletagmanager.com *.addthis.com api.userway.org cdn.userway.org airportappliance.us-4.evergage.com script.crazyegg.com *.efuturesworld.com *.airportappliance.com *.searchspring.io beacon.searchspring.io *.syfpayments.com *.syfpos.com *.mysynchrony.com *.syf.com *.tiqcdn.com pdpone.syfpayments.com etail.mysynchrony.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net *.d1.sc.omtrdc.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.bodykind.com; base-uri 'self' 1
default-src 'self' 'unsafe-inline' https://open.spotify.com https://region1.google-analytics.com icct.nl www.icct.nl https://unpkg.com https://embed-standalone.spotify.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://static.addtoany.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://fresnel.vimeocdn.com data: https://www.youtube.com 1
default-src 'self' ; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.systra.com *.google.com *.hotjar.com *.gstatic.com *.googletagmanager.com *.google-analytics.com js.hs-scripts.com js.hsforms.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net ; style-src 'self' 'unsafe-inline' *.youtube.com ; form-action 'self' places-dsn.algolia.net *.algolianet.com *.hsforms.com https://login.microsoftonline.com ; img-src 'self' track.hubspot.com *.hsforms.com maps.wikimedia.org *.systra.com *.google-analytics.com secure.gravatar.com s.w.org data: ; font-src 'self' data:;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.hsforms.com ; connect-src 'self' *.systra.com *.google-analytics.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com forms.hscollectedforms.net; 1
default-src 'self' https://my-estub.com https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/; script-src 'self' https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.snapengage.com/ https://storage.googleapis.com/code.snapengage.com/; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' data:; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cosocial.ca; img-src 'self' https: data: blob: https://cosocial.ca; style-src 'self' https://cosocial.ca 'nonce-AlIICm7kNnaeqRhsrFZtkw=='; media-src 'self' https: data: https://cosocial.ca; frame-src 'self' https:; manifest-src 'self' https://cosocial.ca; form-action 'self'; child-src 'self' blob: https://cosocial.ca; worker-src 'self' blob: https://cosocial.ca; connect-src 'self' data: blob: https://cosocial.ca https://media.cosocial.ca wss://cosocial.ca; script-src 'self' https://cosocial.ca 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.ridingwarehouse.com; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.convergepay.com/ *.elavonaws.com/ https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.elavonaws.com/ api.demo.convergepay.com api.convergepay.com td.doubleclick.net obs.segreencolumn.com www.paypalobjects.com *.google.com/ https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.mastercard.com/ https://www.magezon.com c.clarity.ms bat.bing.com static-na.payments-amazon.com www.shopperapproved.com track.linksynergy.com www.facebook.com csi.gstatic.com www.google.com www.google.ca www.google.co.in www.google.com.mx www.google.com.sg www.google.de www.google.nl www.googletagmanager.com googleads.g.doubleclick.net *.nr-data.net obs.segreencolumn.com *.bing.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.elavongateway.com/ *.convergepay.com/ *.mastercard.com/ ajax.cloudflare.com api.demo.convergepay.com demo.convergepay.com libs.fraud.elavongateway.com static-na.payments-amazon.com www.shopperapproved.com www.googlecommerce.com bat.bing.com www.clarity.ms tag.rmp.rakuten.com connect.facebook.net www.googletagmanager.com googleads.g.doubleclick.net *.newrelic.com *.nr-data.net obs.segreencolumn.com ob.segreencolumn.com cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com *.google.com/ ssl.google-analytics.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.convergepay.com/ *.elavonaws.com/ n.clarity.ms bat.bing.com stats.g.doubleclick.net www.facebook.com bid.g.doubleclick.net www.googletagmanager.com *.newrelic.com *.nr-data.net adservice.google.com www.google.com obs.segreencolumn.com *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /.webscale/csp-report; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.sessioncam.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sessioncam.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net cdn.adimo.co display.ugc.bazaarvoice.com *.bazaarvoice.com mpsnare.iesnare.com www.googleadservices.com static.hotjar.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.doubleclick.net script.hotjar.com *.nestle.co.uk google-analytics.com optimize.google.com https://www.googleoptimize.com https://player.vimeo.com/api/player.js *.gbqofs.io *.gbqofs.com *.usabilla.com https://d6tizftlrpuof.cloudfront.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; object-src 'none'; style-src *.bazaarvoice.com *.adimo.co 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com use.fontawesome.com *.nestle.co.uk optimize.google.com *.usabilla.com *.gbqofs.io *.gbqofs.com https://d6tizftlrpuof.cloudfront.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.sessioncam.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com *.starbucksathome.com *.adimo.co advantage.iriworldwide.com *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com www.google.co.in google-analytics.com optimize.google.com *.pantheonsite.io www.weproudlyservestarbucks.com *.usabilla.com *.gbqofs.io *.gbqofs.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com https://d6tizftlrpuof.cloudfront.net; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net l3.evidon.com *.adimo.co stg.api.bazaarvoice.com display.ugc.bazaarvoice.com https://forms.na2.netsuite.com *.hotjar.com bid.g.doubleclick.net acct123488.extforms.netsuite.com servedby.flashtalking.com optimize.google.com t.nordic.nestleprofessional.com *.vimeo.com https://player.vimeo.com/ https://9672146.fls.doubleclick.net/ https://nestle-pro-mkt-dev2.campaign.adobe.com https://t.uk.nestleprofessional.com/ https://t.online.nestleprofessional.com/ https://nestle-npro-uat.campaign.adobe.com/ *.usabilla.com *.gbqofs.io *.gbqofs.com https://d6tizftlrpuof.cloudfront.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; frame-ancestors 'self'; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com use.fontawesome.com *.usabilla.com *.gbqofs.io *.gbqofs.com https://d6tizftlrpuof.cloudfront.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com collect.analyze.ly secure-ds.serving-sys.com stats.g.doubleclick.net productlocator.iriworldwide.com stg.api.bazaarvoice.com api.bazaarvoice.com vc.hotjar.io in.hotjar.com bam.nr-data.net https://vimeo.com/api/ https://optoutapi.evidon.com/ *.weproudlyservestarbucks.com weproudlyservestarbucks.com *.gbqofs.io *.gbqofs.com *.usabilla.com https://d6tizftlrpuof.cloudfront.net cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.connectamericas.com *.google.com *.googletagmanager.com *.gstatic.com *.typeform.com *.hotjar.com *.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.messagebird.com; connect-src 'self' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *.connectamericas.com *.googleapis.com *.typeform.com *.cloudflare.com; font-src 'self' *.gstatic.com *.cloudflare.com data:; frame-src 'self' * 1
default-src 'self'; script-src 'self' https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com; img-src 'self' data: https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com https://api.hkmapservice.gov.hk https://img.youtube.com; font-src 'self' https://fonts.gstatic.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-cTECNtaGxy4Bh7RhxI23Qg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self'; frame-src *.googletagmanager.com *.typeform.com *.vimeo.com *.mktoweb.com 'self'; 1
connect-src *.google-analytics.com www.bolsasymercados.es wss://www.bolsasymercados.es api.bolsasymercados.es wss://api.bolsasymercados.es cdn.cookielaw.org *.onetrust.com;default-src 'self' data: *.typekit.net *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com tagmanager.google.com *.gstatic.com *.googleapis.com bmeintranet.bme.com www.bolsasymercados.es wss://www.bolsasymercados.es api.bolsasymercados.es wss://api.bolsasymercados.es cdn.cookielaw.org *.onetrust.com i1.ytimg.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com;script-src 'self' *.typekit.net *.google-analytics.com www.googletagmanager.com tagmanager.google.com cdn.cookielaw.org *.onetrust.com 'sha256-8kqcK8yXrT06YP8+2rdHYaZamV42+oNyHrxPsEp9dDw=';style-src 'self' *.typekit.net www.bolsasymercados.es api.bolsasymercados.es www.googletagmanager.com fonts.googleapis.com 'unsafe-inline';base-uri 'self';form-action 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' https://cmuh.org.tw https://*.cmuh.org.tw/ https://cmuh.cmu.edu.tw https://*.cmuh.cmu.edu.tw https://*.cmuh.cmu.edu.tw https://cmu-hch.cmu.edu.tw auh.org.tw https://www.google-analytics.com https://google.com.tw https://web.cmuh.cmu.edu.tw http://intranet.cmuh.org.tw/ http://59.120.5.184:8081/ http://114.32.27.40/ http://192.168.1.50/ http://61.66.117.27:8089/ http://10.66.17.136/ http://61.66.117.27:8089/ 1
default-src 'none';      script-src 'self' 'unsafe-eval' 'unsafe-inline'       https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com *.facebook.net       https://ai-prompt.com       https://apis.google.com       https://d31qbv1cthcecs.cloudfront.net       https://pagead2.googlesyndication.com       https://kdpic.pchome.com.tw       https://ad-specs.guoshipartners.com       https://cdnjs.cloudflare.com       https://stackpath.bootstrapcdn.com       https://kdcl.pchome.com.tw       https://www.googletagservices.com       https://etu.systex.com.tw       https://onead.onevision.com.tw       https://securepubads.g.doubleclick.net       https://player.svc.litv.tv       https://adservice.google.com.tw       https://adservice.google.com       https://t.ssp.hinet.net       https://tpc.googlesyndication.com       https://z.moatads.com       https://odd-onead.cdn.hinet.net       https://odm-onead.cdn.hinet.net       https://osd-onead.cdn.hinet.net       https://osm-onead.cdn.hinet.net       https://wdm-onead.cdn.hinet.net       https://wsm-onead.cdn.hinet.net       https://ndm-onead.cdn.hinet.net       https://nsm-onead.cdn.hinet.net       https://dsp-onead.cdn.hinet.net       https://cdncreative-onead.cdn.hinet.net       https://cdn.onead.com.tw       https://staging.onead.com.tw       https://cdnstaging-onead.cdn.hinet.net       https://partner.googleadservices.com       https://code.highcharts.com       https://sb.scorecardresearch.com       https://rec.scupio.com/recweb/js/rec.js       https://cdn.ampproject.org/rtv/       https://img.scupio.com       https://u.scupio.com/event       https://ajax.googleapis.com/ajax/libs/jquery/;      img-src 'self'       data: *.facebook.com *.youtube.com https://www.google-analytics.com        images.money-link.com.tw        https://analytics.google.com        https://certify.alexametrics.com        https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com        https://cms.analytics.yahoo.com        https://match.adsrvr.org        https://bcp.crwdcntrl.net        https://onead.onevision.com.tw        https://sync.search.spotxchange.com        https://*.t.ssp.hinet.net        https://tpc.googlesyndication.com        https://ps.eyeota.net/pixel        https://pagead2.googlesyndication.com        https://www.googletagmanager.com/        https://api.svc.taiwanmedia.org/taiwan-media/        https://googleads.g.doubleclick.net        https://www.google.com.tw/ads/ga-audiences        https://www.google.com/ads/measurement/        https://www.ford.com.tw/sales-promotion/2023/jan-campaign/        https://sync-tm.everesttech.net/upi/pid/        https://sb.scorecardresearch.com        https://cdnstaging-onead.cdn.hinet.net        https://staging.onead.com.tw        https://securepubads.g.doubleclick.net/pagead/adview        https://img.scupio.com;      frame-src 'self' 'unsafe-eval' 'unsafe-inline'       *.youtube.com *.facebook.com *.googlesyndication.com        https://ai-prompt.com       https://www.sfcwinner.com.tw       https://superez.megatime.com.tw       https://kdcl.pchome.com.tw       https://accounts.google.com       https://googleads.g.doubleclick.net       https://tpc.googlesyndication.com       https://www.google.com       https://www.yachik.com.tw       https://odd-onead.cdn.hinet.net       https://odm-onead.cdn.hinet.net       https://osd-onead.cdn.hinet.net       https://osm-onead.cdn.hinet.net       https://wdm-onead.cdn.hinet.net       https://wsm-onead.cdn.hinet.net       https://ndm-onead.cdn.hinet.net       https://nsm-onead.cdn.hinet.net       https://dsp-onead.cdn.hinet.net       https://cdncreative-onead.cdn.hinet.net       https://cdn.onead.com.tw       https://staging.onead.com.tw       https://cdnstaging-onead.cdn.hinet.net       https://img.scupio.com;      style-src 'self' 'unsafe-eval' 'unsafe-inline'       https://fonts.googleapis.com       https://use.fontawesome.com;      font-src 'self' 'unsafe-eval' 'unsafe-inline'       https://use.fontawesome.com       https://fonts.gstatic.com;      connect-src 'self'       https://analytics.google.com       https://www.google-analytics.com       https://stats.g.doubleclick.net       https://pagead2.googlesyndication.com       https://securepubads.g.doubleclick.net       https://pusti.svc.litv.tv       https://t.ssp.hinet.net       https://pagead2.googlesyndication.com       https://csi.gstatic.com/csi       https://cdnstaging-onead.cdn.hinet.net       https://prebid.scupio.com/recweb/prebid.aspx       https://rec.scupio.com/recweb/rec.aspx;      media-src 'self'; 1
default-src 'self' prod.services.carglass.de *.prod.services.carglass.de wss://api.prod.services.carglass.de 'unsafe-eval' 'unsafe-inline' data: blob: *.carglass.de *.clicktale.com *.clicktale.net *.cloudfront.net *.doubleclick.net *.gstatic.com *.optimizely.com optimizely-edge.com *.adition.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.qualaroo.com fonts.googleapis.com maps.googleapis.com optimizely.github.io optimizely.s3.amazonaws.com tagmanager.google.com *.analytics.google.com *.google-analytics.com www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.youtube.com sentry.io adservice.google.com *.usercentrics.eu *.mouseflow.com *.mouseflow.de connect.facebook.net www.facebook.com assets.sitescdn.net u360.d-bi.fr tpc.googlesyndication.com apps.mypurecloud.ie *.mypurecloud.de *.mypurecloud.com *.cleverreach.com wss://*.mypurecloud.de wss://*.mypurecloud.com *.clarity.ms *.bing.com *.contentsquare.net widget.trustpilot.com *.qualtrics.com *.woosmap.com *.okta.com id.mybelron.net edi5on.com *.spoteffects.net;frame-ancestors 'self' carglass.de www.carglass.de *.carglass.de 1
frame-ancestors 'self'; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.jotform.com https://*.jotform.io https://*.jotfor.ms https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js https://*.clarity.ms https://*.wistia.com https://*.wistia.net https://120481.tctm.co https://ajax.googleapis.com https://*.calendly.com https://bat.bing.com https://connect.facebook.net https://fast.wistia.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://maps.google.com https://maps.googleapis.com https://m.youtube.com https://r.bing.com https://ssl.google-analytics.com https://src.litix.io https://tagmanager.google.com https://use.typekit.net https://www.apex.live https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://apex.live;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.jotfor.ms *.typekit.net *.bing.com ajax.googleapis.com fonts.googleapis.com fast.wistia.com tagmanager.google.com www.googletagmanager.com;object-src embedwistia-a.akamaihd.net https://www.apex.live; child-src 'self' blob: https://*.jotform.com *.facebook.com connect.facebook.net https://anchor.fm https://podcasters.spotify.com/ https://*.wistia.com https://*.wistia.net www.googletagmanager.com www.youtube.com https://www.google.com; base-uri 'self'; form-action 'self' https://*.jotform.com *.facebook.com connect.facebook.net; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' newassets.hcaptcha.com hcaptcha.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com;object-src 'none';block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://queue.nemtilmeld.dk; frame-src 'none'; manifest-src 'none'; media-src 'self'; object-src 'none'; worker-src 'none'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 1
font-src fonts.gstatic.com use.typekit.net data: static.klaviyo.com *.klaviyo.com *.gstatic.com *.sagepay.com *.googleapis.com savile-row.co.uk maxcdn.bootstrapcdn.com *.fontawesome.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com * *.savile-row.whoson.com *.awin1.com *.zenaps.com *.facebook.com *.nosto.com *.nos.to *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.savile-row.whoson.com savile-row.whoson.com *.zenaps.com *.clear-reports.com *.awin1.com *.trust-provider.com *.doubleclick.com *.doubleclick.net *.criteo.net *.criteo.com *.hotjar.com *.trustpilot.com www.facebook.com savile-row.co.uk *.pdmntn.com *.google.com *.nosto.com *.nos.to *.sagepay.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klaviyo.com *.omappapi.com *.cookie-script.com *.instagram.com *.cdninstagram.com services.postcodeanywhere.co.uk *.whoson.com * *.zenaps.com *.catalink.com *.clear-reports.com *.awin1.com *.doubleclick.net pixel.tapad.com pixel-sync.sitescout.com ad.turn.com *.criteo.net *.omnitagjs.com *.smaato.net *.smartclip.net *.taboola.com *.outbrain.com *.criteo.com *.liadm.com *.ivitrack.com/ *.tremorhub.com/ *.yieldmo.com/ *.gstatic.com *.advertising.com *.yahoo.com *.openx.net *.adnxs.com *.mgid.com *.adform.net *.amazon.com *.payments-amazon.com *.adsymptotic.com *.linkedin.com www.facebook.com *.bing.com *.riskified.com savilerowco.com *.savilerowco.com *.nosto.com *.trust-provider.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.cloudfront.net savile-row.co.uk maxcdn.bootstrapcdn.com *.dwin1.com *.nos.to *.sagepay.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.klaviyo.com *.typekit.net *.omappapi.com google.com widget.manychat.com *.cookie-script.com *.newrelic.com *.nr-data.net services.postcodeanywhere.co.uk savile-row.whoson.com *.whoson.com *.zenaps.com *.catalink.com *.clear-reports.com *.bing.com *.hotjar.com *.pdmntn.com *.doubleclick.com *.doubleclick.net *.dwin1.com *.awin1.com *.trust-provider.com *.trustpilot.com *.nosto.com *.popupdomination.com *.criteo.net *.criteo.com *.licdn.com www.facebook.com *.riskified.com *.google-analytics.com *.gstatic.com *.google.com *.amazon.co.uk *.amazon.com smhttp-ssl-85991.nexcesscdn.net savile-row.co.uk *.paypalobjects.com cm.g.doubleclick.net ib.adnxs.co sync-criteo.ads.yieldmo.com sync.outbrain.com dpm.demdex.net widget.freshworks.com m2epro.freshdesk.com *.nos.to *.sagepay.com lantern.roeyecdn.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.klaviyo.com *.omappapi.com *.typekit.net *.cookie-script.com services.postcodeanywhere.co.uk *.googleapis.com *.whoson.com *.gstatic.com *.trustedshops.com *.usercentrics.eu savile-row.co.uk maxcdn.bootstrapcdn.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.sagepay.com *.trustpilot.com *.fontawesome.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com pagead2.googlesyndication.com *.klaviyo.com capig.stape.cloud *.omappapi.com gweu.stape.io *.cookie-script.com *.newrelic.com *.nr-data.net *.instagram.com *.belvgdev.com services.postcodeanywhere.co.uk *.hotjar.com savile-row.whoson.com *.savile-row.whoson.com *.catalink.com *.clear-reports.com *.awin1.com *.bing.com *.google-analytics.com *.doubleclick.com *.doubleclick.net *.googleapis.com *.riskified.com *.trustpilot.com *.nosto.com *.payments-amazon.com savile-row.co.uk *.dwin1.com *.google.com cm.g.doubleclick.net ib.adnxs.co sync-criteo.ads.yieldmo.com sync.outbrain.com *.criteo.com widget.freshworks.com m2epro.freshdesk.com *.nos.to *.sagepay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src savile-row.co.uk *.newrelic.com *.nr-data.net *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.earmilk.com https://earmilk.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cdn.expressional.social; img-src 'self' https: data: blob: https://cdn.expressional.social https://media.expressional.social; style-src 'self' https://cdn.expressional.social 'nonce-4iK9Fbp3LRGYw54fJKfYHA=='; media-src 'self' https: data: https://cdn.expressional.social; frame-src 'self' https:; manifest-src 'self' https://cdn.expressional.social; form-action 'self'; connect-src 'self' data: blob: https://cdn.expressional.social https://media.expressional.social wss://expressional.social https://*.expressional.social wss://*.expressional.social; script-src 'self' https://cdn.expressional.social https://*.expressional.social 'wasm-unsafe-eval'; child-src 'self' blob: https://cdn.expressional.social; worker-src 'self' blob: https://cdn.expressional.social 1
default-src 'self' *.redact.dev redact.dev testimonial.to *.testimonial.to; script-src 'self' *.redact.dev redact.dev 'unsafe-inline' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com static.ads-twitter.com testimonial.to *.testimonial.to testimonial.to *.testimonial.to www.paypalobjects.com paypal.com *.paypal.com; style-src 'self' *.redact.dev 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; font-src 'self' *.redact.dev redact.dev https://fonts.gstatic.com data:; connect-src 'self' *.redact.dev redact.dev https://*.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://adservice.google.com *.wdfl.co *.getrewardful.com *.twitter.com *.ads-twitter.com www.paypalobjects.com paypal.com *.paypal.com; img-src 'self' *.redact.dev redact.dev data: www.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.google.com *.t.co t.co *.ads-twitter.com *.twitter.com www.paypalobjects.com checkout.paypal.com *.paypal.com; object-src 'self'; frame-src https://*.doubleclick.net https://*.g.doubleclick.net https://embed-v2.testimonial.to *.cardinalcommerce.com paypal.com *.paypal.com; 1
frame-ancestors 'self' https://manage.microgridknowledge.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' ; script-src 'self' 'sha256-iWsvAf4EmEZEHwwJK/TWHx6oxr+9mEXRaiEgdeWhRmw='; object-src 'none'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm www.googletagmanager.com www.google-analytics.com code.jquery.com cdn.jsdelivr.net share.social9.com sharecdn.social9.com www.google.com www.gstatic.com maps.googleapis.com googleapis.com static.addtoany.com www.paypal.com connect.facebook.net analytics.google.com nd.transact.nab.com.au demo.transact.nab.com.au; frame-src 'self' www.youtube.com docs.google.com docs.google.com.au download.altronics.com.au www.google.com www.google.com.au my.matterport.com www.paypal.com www.facebook.com analytics.google.com acs-ap-southeast-2.ndsprod.nds-sandbox-issuer.com demo.transact.nab.com.au; connect-src 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm www.googletagmanager.com www.google-analytics.com analytics.google.com www.paypal.com demo.transact.nab.com.au maps.googleapis.com; img-src 'self' maps.gstatic.com www.google-analytics.com images.altronics.com.au sharecdn.social9.com maps.googleapis.com googleapis.com analytics.google.com www.paypal.com t.paypal.com www.facebook.com data:; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net cdnjs.cloudflare.com use.fontawesome.com sharecdn.social9.com fonts.googleapis.com www.paypal.com analytics.google.com; font-src 'self' use.fontawesome.com fonts.gstatic.com;frame-ancestors 'self'; 1
default-src 'none'; font-src https://fonts.gstatic.com; script-src 'self' https://plausible.io https://identity.netlify.com/v1/netlify-identity-widget.js https://unpkg.com/netlify-cms@^2.0.0/dist/netlify-cms.js 'unsafe-eval'; connect-src 'self' https://plausible.io https://medium.openaq.org https://api.github.com tps://www.githubstatus.com blob:; img-src 'self' https://widgets.guidestar.org/ data: blob: https://avatars.githubusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.youtube.com/; frame-ancestors 'none'; base-uri 'self'; form-action https://openaq.us10.list-manage.com/subscribe/; 1
default-src 'self' https://*.hotjar.io https://media.cez.cz data:;frame-ancestors https://*.setrim.cz https://*.cez.cz http://*.cez.cz *.cezdata.corp https://*.cezdistribuce.cz;style-src 'self' data:  'unsafe-eval' 'unsafe-inline' https://setrim.cz https://ceztipy.cz/ https://*.cez.cz http://*.cez.cz https://*.hotjar.com https://*.hotjar.io https://fonts.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://www.cezdistribuce.cz https://api.bezstavy.cz;frame-src https://consentcdn.cookiebot.com/ https://vars.hotjar.com https://www.cez.cz/ https://www.google.com https://www.youtube.com https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://dip.cezdistribuce.cz/ https://chatbot.cezdistribuce.cz/ https://api.bezstavy.cz;font-src 'self' data:  https://*.cez.cz https://fonts.gstatic.com;connect-src 'self' https://clc.cez.cz http://clc-test.cez.cz https://clc-test.cez.cz http://clc-test.cez.cz https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://consentcdn.cookiebot.com https://www.google.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.cezdistribuce.cz https://maps.googleapis.com wss://*.hotjar.com https://www.test.bezstavy.cz https://www.dev.cezdistribuce.cz https://www.devpublic1.cez.cz https://api.bezstavy.cz;img-src 'self' https://setrim.cz https://ceztipy.cz/ https://www.cezdistribuce.cz https://www.googletagmanager.com https://*.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://c.seznam.cz https://www.google.cz https://recaptcha.net https://*.cez.cz https://img.bankid.cz https://www.facebook.com https://cx.atdmt.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://imgsct.cookiebot.com https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://tile.openstreetmap.org data: ;script-src 'self' https://www.googletagmanager.com https://www.google.com https://*.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://recaptcha.net https://c.imedia.cz https://s2.adform.net https://track.adform.net https://clc.cez.cz https://www.googleadservices.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://clc-test.cez.cz https://*.persoo.cz https://*.persoo.ai https://*.hotjar.com https://*.seznam.cz https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://maps.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://chatbot.cezdistribuce.cz https://unpkg.com/ https://www.cezdistribuce.cz 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' *.baufragen.de *.bing.com *.clarity.ms *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.licdn.com cdn.plyr.io *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com; script-src-elem 'self' *.baufragen.de *.bing.com *.clarity.ms *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.licdn.com cdn.plyr.io *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' data: *.clarity.ms *.googleapis.com *.googletagmanager.com cdn.plyr.io *.vimeo.com *.vimeocdn.com *.youtube.com; img-src 'self' data: blob: *.bing.com *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com mtm.renol.it *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com; frame-src 'self' *.baufragen.de *.clarity.ms *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.terminland.de *.treedom.net *.vimeo.com *.youtube.com www.youtube-nocookie.com; connect-src 'self' *.bing.com *.clarity.ms *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.linkedin.com *.oribi.io cdn.plyr.io vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com; worker-src 'self' *.vimeo.com *.vimeocdn.com *.youtube.com; font-src 'self' data: *.gstatic.com; 1
script-src 'self' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com https://cdn.cookielaw.org https://widget.trustpilot.com https://assets.calendly.com https://calendly.com https://static.zdassets.com http://www.addthis.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://trfc.formstack.com https://ajax.googleapis.com https://static.formstack.com https://www.googleoptimize.com https://www.google-analytics.com https://www.googleanalytics.com https://snap.licdn.com https://bat.bing.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com  https://connect.facebook.net https://static-ssl.responsetap.com https://optimize.google.com https://cdn-4.convertexperiments.com *.convertexperiments.com;object-src 'none';style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://static.formstack.com;img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.cookielaw.org https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com data:;frame-src 'self' https://content.edenred.co.uk https://widget.trustpilot.com https://form.jotform.com https://calendly.com https://eu-submit.jo https://eu-submit.jotform.com https://optimize.google.com https://www.youtube.com https://go.edenred.co.uk;font-src 'self' https://fonts.gstatic.com https://join.edenred.co.uk https://static.formstack.com;connect-src 'self' https://maps.googleapis.com https://cdn.cookielaw.org https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.co.uk https://metrics.responsetap.com https://www.google-analytics.com https://cdn.linkedin.oribi.io https://bat.bing.com https://in.hotjar.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://optimize.google.com *.convertexperiments.com;form-action 'self' https://trfc.formstack.com 1
report-to default-group; default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-YhBMEW4iiV2iqdbHatpRxA==' https://*.googletagmanager.com https://*.google-analytics.com https://www.googletagmanager.com https://js-eu1.hsforms.net/forms/v2.js https://js-eu1.hs-scripts.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://static.nebius.com; style-src-elem 'self' 'nonce-YhBMEW4iiV2iqdbHatpRxA==' https://static.nebius.com; img-src 'self' data: https://static.nebius.com https://storage.il.nebius.cloud/www-community-images/ https://assets.nebius.com https://products.assets.nebius.com https://version-images.assets.nebius.com https://storage.il.nebius.cloud/products/ https://storage.il.nebius.cloud/version-images/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hsforms.com https://*.hubspot.com https://forms.hsforms.com https://forms-eu1.hsforms.com https://www.facebook.com/tr https://ade.googlesyndication.com/ddm/activity/ https://px.ads.linkedin.com/collect https://tr.outbrain.com/unifiedPixel https://alb.reddit.com/rp.gif; font-src 'self' https://static.nebius.com; frame-src 'self' https://tpc.googlesyndication.com https://td.doubleclick.net https://www.google.com/maps/embed/v1/place https://forms-eu1.hsforms.com www.youtube.com; frame-ancestors 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hs-banner.com https://*.hubspot.com https://*.hubapi.com https://forms-eu1.hsforms.com https://o4505906584485888.ingest.sentry.io wss://nebius.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://pagead2.googlesyndication.com/pagead/landing https://cdn.linkedin.oribi.io/partner/; base-uri 'self'; style-src-attr 'unsafe-inline'; media-src https://assets.nebius.com data:; worker-src blob:; report-uri https://csp.yandex.net/csp?from=www.nebius-israel.stable&project=cloud; 1
default-src 'self' https://partner.googleadservices.com/ https://afs.googlesyndication.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/ www.google-analytics.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://*.online-metrix.net/  https://metrics.myfrs.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://translate.google.com/ https://*.online-metrix.net/  https://metrics.myfrs.com/ http://translate.google.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://players.brightcove.net/ http://players.brightcove.net/ https://translate.google.com/; script-src 'self' 'unsafe-eval' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://use.fontawesome.com/ http://www.gstatic.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://ssl.bing.com/ http://www.bing.com  http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.myfrs.com/ https://www.myfrs.com/  http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ www.google-analytics.com/ https://ssl.google-analytics.com/  ajax.googleapis.com/ https://www.zazachat.com/ http://www.zazachat.com/ www.jquery.com/ json.org sizzlejs.com https://www.zazamagic.aspx https://translate.google.com/ 'unsafe-inline'; style-src 'self' https://partner.googleadservices.com/ https://kit.fontawesome.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://use.fontawesome.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ https://translate.google.com/ 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://translate.google.com/; img-src https://afs.googlesyndication.com/ https://www.gstatic.com/ https://*.gstatic.com/ https://clients1.google.com/ https://kit.fontawesome.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io http://myfrs.com/ https://myfrs.com/ wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://widget.intercom.io https://js.intercomcdn.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://ssl.google-analytics.com/ https://sadmin.brightcove.com/ https://secure.brightcove.com/ http://admin.brightcove.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://api.microsofttranslator.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ data: http://www.myfrs.com/ https://www.myfrs.com/ https://www.zazachat.zazasoftware.com/ www.google-analytics.com/ http://www.zazachat.com/ http://zazachat.zazasoftware.com/ https://www.google.com/ http://www.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' tosinso.com *.tosinso.com *.google.com *.yektanet.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.najva.com clarity.ms *.clarity.ms 1
frame-ancestors 'self' *.paypal.com *.mercadopago.com.mx *.tawk.to 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://assets.adobedtm.com https://s2.adform.net https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.co.uk *.danskebank.dk https://www.danskebank.co.uk https://danid.dk *.danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://danskebank.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com *.twitter.com https://syndication.twitter.com https://pegasyst-pega-systop-iqpg-syst.apps.az2-osn10.eva.danskenet.com https://prod1-pegaprod-iqpg.apps.az3-osp10.eva.danskenet.com https://pegadevred-pega-devred-iqpg-test.apps.az2-osn10.eva.danskenet.com https://preprod-pegapreprod-iqpg.apps.az2-osp10.eva.danskenet.com https://pegauat-pegasysuat-iqpg-syst.apps.az3-osn10.eva.danskenet.com https://pegasandbox-pegasandbox-iqpg-test.apps.az3-osn10.eva.danskenet.com; object-src 'self' video.qbrick.com; frame-src 'self' https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.co.uk *.danskebank.se *.danskebank.dk https://danid.dk *.danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net *.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com *.gstatic.com *.danskebank.e-boks.com https://danskebank.e-boks.com https://waystobankdemos.co.uk https://pegasyst-pega-systop-iqpg-syst.apps.az2-osn10.eva.danskenet.com https://prod1-pegaprod-iqpg.apps.az3-osp10.eva.danskenet.com https://pegadevred-pega-devred-iqpg-test.apps.az2-osn10.eva.danskenet.com https://preprod-pegapreprod-iqpg.apps.az2-osp10.eva.danskenet.com https://pegauat-pegasysuat-iqpg-syst.apps.az3-osn10.eva.danskenet.com https://pegasandbox-pegasandbox-iqpg-test.apps.az3-osn10.eva.danskenet.com; 1
img-src 'self' https: data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  www.blackhillsinfosec.com www.gstatic.com *.gstatic.com fonts.googleapis.com apex.cognitivesa.com ajax.googleapis.com www.google.com cdn.jsdelivr.net; frame-ancestors 'none';connect-src 'self' apex.cognitivesa.com wss://apex.cognitivesa.com botpress02.apps.cordoba.gob.ar integraciones.tributariomuni.gob.ar;frame-src 'self' botpress02.apps.cordoba.gob.ar;img-src 'self' botpress02.apps.cordoba.gob.ar apex.cognitivesa.com data:;font-src 'self' fonts.googleapis.com cdn.jsdelivr.net fonts.gstatic.com; 1
default-src 'self' cdn.aviva.com data:; img-src * data:; media-src 'self' data:; frame-src 'self' *.five9.com *.amazon-adsystem.com *.facebook.com *.pinterest.com *.doubleclick.net *.youtube.com *.moneris.com *.google.com *.demdex.net *.appliedsystems.com; script-src 'self' 'unsafe-inline' cdn.aviva.com *.adobedtm.com *.pinimg.com *.amazon-adsystem.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.bing.com *.redditstatic.com *.teads.tv *.googleadservices.com *.invocacdn.com *.marketo.net *.doubleclick.net *.google.com *.moneris.com *.gstatic.com *.five9.com *.clarity.ms *.clearbitjs.com *.acuityplatform.com *.stackadapt.com *.licdn.com *.youtube.com; style-src 'self' cdn.aviva.com 'unsafe-inline' *.five9.com *.stackadapt.com; connect-src 'self' cdn.aviva.com *.amazon-adsystem.com *.mktoresp.com *.google.com *.google-analytics.com *.pinterest.com *.bing.com *.doubleclick.net *.google.ca *.demdex.net avivacanada.tt.omtrdc.net *.stackadapt.com *.oribi.io *.teads.tv *.redditstatic.com 1
default-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://research.rhbtradesmart.com https://www.images-home.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net http://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://ssl.google-analytics.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com www.facebook.com data: ; frame-src 'self' https://bid.g.doubleclick.net youtube.com https://www.youtube.com https://knowledge.rhbtradesmart.com https://drive.google.com ; connect-src 'self' https://www.google-analytics.com; upgrade-insecure-requests; 1
frame-ancestors 'self' ;       object-src 'none' ;        base-uri 'self' ;       style-src 'self' 'unsafe-inline' ;       default-src 'self'; font-src 'self' data: https: ;       img-src https: http: data:; media-src https: data: ;       frame-src 'self'        https://www.youtube.com       https://www.gstatic.com/        https://forms-eu1.hsforms.com        https://www.google.com        https://consentcdn.cookiebot.com ;       connect-src 'self' https: ws: ;       script-src-attr 'self' 'unsafe-inline' ;       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'        https://snap.licdn.com/       https://static.zdassets.com/       https://connect.facebook.net/       https://www.googletagmanager.com/       https://consent.cookiebot.com/       https://consentcdn.cookiebot.com       https://stitchmoney.zendesk.com/       https://www.google.com       https://edge.marker.io/       https://www.gstatic.com/       https://js.hsforms.net/forms/v2.js        http://js-eu1.hs-scripts.com/26634095.js        https://js-eu1.hs-banner.com/v2/26634095/banner.js        https://js-eu1.hscollectedforms.net        https://js-eu1.hs-analytics.net ;       script-src 'self' 'unsafe-eval'       https://www.googletagmanager.com/gtm.js       https://js.hsforms.net/forms/v2.js        https://static.zdassets.com/ekr/snippet.js        https://stitchmoney.zendesk.com/embeddable/config; 1
default-src 'self' cdn2.hubspot.net consentcdn.cookiebot.com connect-srccdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net  *.hscollectedforms.net  *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com js.usemessages.com *.vidyard.com 'unsafe-hashes' 'unsafe-inline' *.hubspotusercontent-na1.net; font-src *.fontawesome.com *.hubspotusercontent-na1.net; connect-src 'self' js.hscta.net *.hubapi.com *.ads.linkedin.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.hscollectedforms.net *.fontawesome.com *.google-analytics.com *.hubspot.com consentcdn.cookiebot.com googleads.g.doubleclick.net https://www.google.com/pagead/ *.hsforms.com *.analytics.google.com; img-src 'self' no-cache.hubspot.com js.hscta.net data: *.hubspot.com *.ads.linkedin.com *.cookiebot.com *.hsforms.com *.hsappstatic.net *.hubspotusercontent-na1.net https://www.google-analytics.com https://www.facebook.com/tr/ https://alb.reddit.com https://analytics.twitter.com https://www.google.de/ads/ https://www.google.com/ads/ https://t.co/i/ googleads.g.doubleclick.net; frame-src 'self' *.hs-sites.com forms.hsforms.com td.doubleclick.net www.youtube.com consentcdn.cookiebot.com *.hubspot.com platform.twitter.com www.google.com www.facebook.com; object-src 'none'; base-uri 'none'; script-src 'self' feedback.hubapi.com *.usemessages.com js.hscta.net *.hs-analytics.net static.hsappstatic.net *.hsadspixel.net *.hubspot.com js.hsforms.net lookerstudio.google.com www.googletagmanager.com kit.fontawesome.com consent.cookiebot.com www.google-analytics.com 'unsafe-inline' app.hubspot.com js.hsleadflows.net js.hscollectedforms.net js.usemessages.com *.hs-analytics.net js.hs-banner.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net www.redditstatic.com snap.licdn.com static.ads-twitter.com platform.twitter.com platform.linkedin.com cdn2.hubspot.net 'strict-dynamic' 'nonce-kyRNH9azRJ7m/DDEIYutzA=='; frame-ancestors 'none'; upgrade-insecure-requests; 1
connect-src *; default-src 'self'; font-src 'self' data: fonts.gstatic.com pro.fontawesome.com *.typekit.net *.cloudflare.com; frame-src 'self' www.google.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google-analytics.com *.cloudflare.com *.gravatar.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com ajax.googleapis.com *.cloudflare.com *.jsdelivr.net *.cdn.civiccomputing.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com *.cloudflare.com *.jsdelivr.net *.typekit.net; 1
frame-ancestors 'self' https://zont-online.ru http://microline.ru 1
base-uri 'none'; default-src 'none'; connect-src 'self' https://ads.circuitsonline.net https://analytics.circuitsonline.net; font-src 'self' data:; form-action 'self' https://*.paypal.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com; img-src * data:; script-src 'self' https://analytics.circuitsonline.net https://polyfill.io; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.fortefoundation.org/site/XFrameViolation 1
default-src 'self' *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; font-src 'self' data: *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; img-src 'self' data: *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; frame-src 'self' *.tickcounter.com *.v2020.com *.cloudflare.com *.vidyard.com *.gravatar.com *.typekit.net *.google.com *.logic.azure.com *.googleapis.com *.google-analytics.com *.algolianet.com *.algolia.net *.pendo.io *.googletagmanager.com *.gstatic.com; frame-ancestors 'self' *.osaic.com osaic.com *.osaic-preview.netlify.app osaic-preview.netlify.app *.advisorgrouptech.com *.sagepointfinancial.com *.fscsecurities.com *.woodburyfinancial.com *.royalalliance.com *.advisorgroup.com ; 1
frame-ancestors 'self' https://*.slachtofferhulp.nl *.platformsh.site;base-uri 'self';object-src 'none'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.ordre-infirmiers.fr/report-uri/enforce 1
img-src 'self'; script-src 'self' blob:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net; font-src 'self'; worker-src blob:; connect-src 'self' https://*.zotero.org https://t0guvf0w17.execute-api.us-east-1.amazonaws.com https://v1snar4wu4.execute-api.us-east-1.amazonaws.com https://zbib-data.s3.amazonaws.com; object-src 'none' 1
frame-src https://www.google.com https://www.chasepaymentechhostedpay.com https://www.chasepaymentechhostedpay-var.com; frame-ancestors https://www.chasepaymentechhostedpay.com https://www.chasepaymentechhostedpay-var.com https://kiatechinfo.snapon.com https://kiatechinfotest.snapon.com https://kiatechinfobeta.snapon.com https://kiatechinford.snapon.com 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sleeknotestaticcontent.sleeknote.com/ https://cdn.polyfill.io/ https://avp.pravp.com/ https://assets-ctb.pernod-ricard.io/ https://www.googletagmanager.com/ https://sleeknotecustomerscripts.sleeknote.com/ https://c.evidon.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://webform-console.pernod-ricard.io/ https://www.google.com/ https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://matomojs.trackify.info/ https://matomo.pernod-ricard.io/ https://open.spotify.com/ https://open.spotifycdn.com/ https://cdnjs.cloudflare.com/; style-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval' https://assets-ctb.pernod-ricard.io/; worker-src blob:; 1
frame-ancestors 'self' *.excelsior.com.mx *.jediteam.mx *.imagendigital.com 1
font-src fonts.gstatic.com *.fontawesome.com *.earthboundtrading.com *.fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.fastly.com fonts.googleapis.com *.bootstrapcdn.com *.yotpo.com *.amazonaws.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.earthboundtrading.com *.facebook.com *.list-manage.com *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.klaviyo.com api-js.datadome.co 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.earthboundtrading.com *.google.com *.addthis.com *.pinterest.com *.facebook.com *.paypalobjects.com *.hotjar.com *.google.co.in *.doubleclick.net *.github.io *.networkmerchants.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.earthboundtrading.com *.fastly.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.google.com *.google.co.in *.doubleclick.net *.mapbox.com *.klaviyo.com *.cloudfront.net api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.earthboundtrading.com *.google.com *.google.co.in *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.pinimg.com https://www.googletagmanager.com tagmanager.google.com *.bootstrapcdn.com *.mapbox.com *.jsdelivr.net *.algolia.net *.algolianet.com *.hotjar.com *.networkmerchants.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.tiktok.com unpkg.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.earthboundtrading.com *.googleapis.com tagmanager.google.com *.mapbox.com *.klaviyo.com *.networkmerchants.com *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com cdn.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.earthboundtrading.com *.fastly.com *.googleapis.com *.addthis.com https://graph.instagram.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.jsdelivr.net *.algolia.net *.algolianet.com *.hotjar.com *.hotjar.io ws://*.hotjar.com *.networkmerchants.com *.mapbox.com *.klaviyo.com api-js.datadome.co *.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.pinterest.com *.tiktok.com *.facebook.net dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.yotpo.com staticw2.yotpo.com *.amazonaws.com *.kaltura.com *.iesnare.com *.hotjar.com *.hotjar.io ws://*.hotjar.com *.pinimg.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Fr0yShj5eDnEpScY02W1oQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://analytics.forum-media.com https://desk.forum-verlag.com https://www.desk.forum-verlag.com; 1
connect-src 'self' wss://*.gradally.com/ http://rum-collector-2.pingdom.net/ https://www.google-analytics.com/ https://*.gradally.com/ https://*.nr-data.net/ https://*.achievepoint.org/; font-src 'self' https://fonts.gstatic.com/ https://*.gradally.com/ https://*.achievepoint.org/; frame-src 'self' *.agilixbuzz.com/ pa.agilixapps.com/ https://*.gradally.com/ https://www.youtube.com/ https://*.achievepoint.org/; manifest-src 'self' https://*.gradally.com/ https://*.achievepoint.org/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://accounts.google.com/ https://*.gradally.com/ https://*.newrelic.com/ https://*.nr-data.net/ https://*.achievepoint.org/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com rum-static.pingdom.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.gradally.com/ https://*.achievepoint.org/; worker-src 'self' https://*.gradally.com/ https://*.achievepoint.org/; form-action 'self' https://accounts.google.com/ https://*.gradally.com/ https://*.achievepoint.org/ https://secure.na1.adobesign.com/; frame-ancestors 'self' https://*.gradally.com/ https://*.achievepoint.org/ 1
default-src 'none'; connect-src 'self' https://mas.bicyclerollingresistance.com; font-src 'self' data: https://cdn.bicyclerollingresistance.com; form-action 'self' https://www.mollie.com https://www.paypal.com; frame-src data: https://disqus.com https://www.youtube-nocookie.com; img-src https: data:; script-src 'self' https://cdn.bicyclerollingresistance.com https://mas.bicyclerollingresistance.com https://bicyclerollingresistance.disqus.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://c.disquscdn.com 'unsafe-inline'; frame-ancestors 'none'; report-uri https://www.bicyclerollingresistance.com/csp/report 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://unpkg.com/@google/ https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://*.userway.org *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com js.hs-scripts.com js.hs-analytics.net https://dec.azureedge.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com maxcdn.bootstrapcdn.com https://*.userway.org 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.googletagmanager.com https://stats.g.doubleclick.net https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.userway.org *.eloqua.com *.google-analytics.com 'self' https://delicious.com https://dec.azureedge.net track.hubspot.com https://cdn.insight.sitefinity.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: maxcdn.bootstrapcdn.com https://*.userway.org; frame-src 'self' *.google.com https://*.userway.org forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.googleapis.com https://api.hubapi.com https://forms.hubspot.com https://*.userway.org localhost:3000 ws://localhost:3000 *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' forms.hubspot.com *.hsforms.com; media-src 'self' https://*.userway.org data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com web.facebook.com badge.stumbleupon.com https://*.userway.org/ *.googleapis.com https://www.google.com platform.twitter.com 1
frame-src https: mailto:; 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-171e739d841a4deb9d90c584b176da8e' 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.optimizely.com/ https://www.grantthornton.global/ https://www.clarity.ms/ https://script.hotjar.com https://static.hotjar.com https://engage.grantthornton.global https://dl.episerver.net https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://c.evidon.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://ajax.googleapis.com/ https://*.evidon.com/ https://region1.google-analytics.com/ https://*.googletagmanager.com; img-src 'self' data: https://*.analytics.google.com/ https://*.google-analytics.com/ https://www.grantthornton.mx https://www.grantthornton.is/ https://px.ads.linkedin.com/ https://c.evidon.com/ https://px.ads.linkedin.com https://px4.ads.linkedin.com https://translate.google.com/ https://c.bing.com https://app.getsitecontrol.com/ https://c.clarity.ms/ https://www.gstatic.com/ https://www.clarity.ms/ https://l.evidon.com/ https://c.evidon.com https://l3.evidon.com https://p.adsymptotic.com https://ws.sessioncam.com https://px.ads.linkedin.com https://www.facebook.com https://b.ws.sessioncam.com https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://cdn.jotfor.ms/ https://integration-emea.gtil-dxc.com/ https://analytics.marera.net https://script.hotjar.com/ https://www.grantthornton.co.za/ https://www.grantthornton.ca/ https://www.grantthornton.com.vn/ https://www.grantthornton.kr/ https://www.google.com.vn https://www.grantthornton.mk/ https://www.linkedin.com/ https://www.grantthornton.com.pa/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://app-lon07.marketo.com/ https://engage.grantthornton.global/; font-src 'self' data: https://static3.avast.com https://use.typekit.net/ https://st.getsitecontrol.com/ https://fonts.gstatic.com https://script.hotjar.com/; frame-src https://www.googletagmanager.com https://l3.evidon.com https://www.paperturn-view.com https://vars.hotjar.com https://a10084069166.cdn.optimizely.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://player.cnbc.com/ https://onlinerecruitment.exelsyslive.com/ https://view.ceros.com/ https://flo.uri.sh/ https://app-lon07.marketo.com/ https://engage.grantthornton.global/ https://www.facebook.com/; connect-src 'self' https://analytics.google.com/ https://digitalwhiskey.matomo.cloud/ https://www.facebook.com/ https://www.facebook.com/tr/ https://surveystats.hotjar.io/ https://vc.hotjar.io/ https://l3.evidon.com https://optoutapi.evidon.com https://extreme-ip-lookup.com https://stats.g.doubleclick.net https://logx.optimizely.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://rum.optimizely.com/ https://www.clarity.ms/ https://b.ws.sessioncam.com https://vars.hotjar.com https://errors.client.optimizely.com https://642-sde-924.mktoresp.com https://in.hotjar.com https://ws.sessioncam.com https://surveystats.hotjar.io/ https://magicbeanlab.com https://l.evidon.com/ https://idx.liadm.com/ https://maps.googleapis.com/ https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.googletagmanager.com wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/; report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.pda.org *.flickr.com *.vimeo.com https://snap.licdn.com https://googleads.g.doubleclick.net *.hotjar.com *.hotjar.io https://pdaorg.adspeed.net *.adspeed.net donorbox.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.cdn.jsdelivr.net unpkg.com *.pda.org cdnjs.cloudflare.com *.flickr.com *.fontawesome.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: *.flickr.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com analytics.google.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com picsum.photos *.picsum.photos http://placeimg.com *.pda.org www.pda.org pda.org analytics.google.com *.adspeed.com *.staticflickr.com *.flickr.com *.google.com *.adspeed.net donorbox.org; media-src 'self' data: blob: https://www.youtube.com *.flickr.com; frame-src *.google.com td.doubleclick.net *.youtube.com *.pda.org *.soundcloud.com https://podcasters.spotify.com https://anchor.fm *.spotify.com *.fontawesome.com *.vimeo.com; frame-ancestors *.google.com *.pda.org *.fontawesome.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.flickr.com https://anchor.fm https://podcasters.spotify.com *.doubleclick.net *.fontawesome.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com apps.elfsight.com *.elfsight.com *.pda.org *.cdn.jsdelivr.net analytics.google.com *.flickr.com *.linkedin.oribi.io *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.doubleclick.net https://anchor.fm https://podcasters.spotify.com *.googlesyndication.com *.linkedin.com *.fontawesome.com *.facebook.com; 1
default-src 'self' https://s7.addthis.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-inline' https://s7.addthis.com https://m.addthis.com https://player.vimeo.com https://z.moatads.com https://v1.addthisedge.com https://code.jquery.com https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://maps.googleapis.com https://cdn.siteimprove.net https://www.gstatic.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io; connect-src 'self' https://*.blakes.com https://m.addthis.com https://s7.addthis.com https://blakesdevsearch.search.windows.net https://blakesstagingsearch.search.windows.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://www.google-analytics.com https://maps.googleapis.com https://my2.siteimprove.com https://blakesprodsearch.search.windows.net https://tpspdf.pixelshopdesign.net https://cdn.linkedin.oribi.io https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://*.ads.linkedin.com https://privacyportal-ca.onetrust.com; img-src data: 'self' https://*.blakes.com https://blakesdevmedialob.blob.core.windows.net http://www.w3.org https://www.w3.org https://via.placeholder.com https://www.toolkitforkentico.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://ad.doubleclick.net https://ade.googlesyndication.com https://px.ads.linkedin.com https://blakes.vuture.net https://maps.gstatic.com https://maps.googleapis.com https://blakes.com https://blakesnitro.com https://*.siteimproveanalytics.io https://61281071.global.siteimproveanalytics.io https://d21y75miwcfqoq.cloudfront.net https://www.linkedin.com https://p.adsymptotic.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.vimeocdn.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fast.wistia.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com; base-uri 'self'; form-action 'self';  frame-src 'self' https://*.blakes.com https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://my2.siteimprove.com https://w.soundcloud.com https://www.google.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net;  font-src data: 'self' https://fonts.gstatic.com https://*.wistia.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data: https:; font-src 'self' data: https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://med-mastodon.com; img-src 'self' https: data: blob: https://med-mastodon.com; style-src 'self' https://med-mastodon.com 'nonce-xYvlW5YNLdko8UwHiSH8uA=='; media-src 'self' https: data: https://med-mastodon.com; frame-src 'self' https:; manifest-src 'self' https://med-mastodon.com; form-action 'self'; child-src 'self' blob: https://med-mastodon.com; worker-src 'self' blob: https://med-mastodon.com; connect-src 'self' data: blob: https://med-mastodon.com https://cdn.masto.host wss://med-mastodon.com; script-src 'self' https://med-mastodon.com 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705978568; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
connect-src 'self' https://maps.googleapis.com https://api.hubapi.com;object-src 'self';default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://maps.googleapis.com https://use.fontawesome.com https://graph.facebook.com https://www.reddit.com https://www.linkedin.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://www.googletagmanager.com http://tagmanager.google.com/debug https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js http://tagmanager.google.com/debug/api/templates https://tagmanager.google.com/debug/debuguiApp-bundle.js https://sjs.bizographics.com/insight.min.js https://*.ads.linkedin.com/collect https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net;img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://www.gstatic.com/images/icons/material/system/1x/keyboard_arrow_up_white_48dp.png https://*.ads.linkedin.com/collect https://track.hubspot.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: https://tagmanager.google.com;frame-src 'self' https://s7.addthis.com https://snatchbot.me/; 1
connect-src 'self' https://www.google-analytics.com/g/collect; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com/; frame-src https://liberty-tech.speedtestcustom.com; img-src 'self' https://secure.gravatar.com/avatar/ https://favicons.githubusercontent.com/Other data: blob: https://api.mapbox.com/styles/v1/mapbox/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/gh/highlightjs/ https://www.googletagmanager.com/gtag/js http://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.5.0/build/highlight.min.js https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.5.0/build/highlight.min.js; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com/css2 https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://cdn.jsdelivr.net/gh/highlightjs http://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.5.0/build/styles/github.min.css https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.5.0/build/styles/github.min.css 1
default-src 'self' blob: data: https://*.onapsis.com https://*.wistia.com https://tagmanager.google.com https://embedwistia-a.akamaihd.net https://event.on24.com https://js.driftqa.com *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://pi.pardot.com https://s.ytimg.com https://sjs.bizographics.com https://static.zdassets.com https://trk.techtarget.com https://v2.zopim.com https://web-analytics.engagio.com https://www.google-analytics.com https://www.googletagmanager.com https://go.onapsis.com https://www.googleadservices.com https://dn1f1hmdujj40.cloudfront.net https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://www.youtube.com https://cdnjs.cloudflare.com https://cdn.rawgit.com https://boards.greenhouse.io https://api.instagram.com https://js.driftt.com https://www.influ2.com https://*.wistia.com https://snap.licdn.com https://tagmanager.google.com https://cdn.scratcher.io https://ajax.googleapis.com https://tag.demandbase.com https://scout-cdn.salesloft.com *.crazyegg.com https://optimize.google.com https://scout-cdn.salesloft.com https://polyfill.io https://pageimprove.io https://js-agent.newrelic.com https://bam.nr-data.net https://www.googleoptimize.com https://player.podigee-cdn.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://optimize.google.com https://googletagmanager.com https://www.googletagmanager.com https://player.podigee-cdn.net; img-src 'self' 'unsafe-inline' data: https://p.adsymptotic.com https://secure.adnxs.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.google.com https://www.linkedin.com https://www.googletagmanager.com https://cdn.rawgit.com https://raw.githubusercontent.com https://*.zopim.io https://v2.zopim.com https://scontent.cdninstagram.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://apt.techtarget.com https://news.c8.net.ua https://*.gstatic.com https://secure.adnxs.com https://t.influ2.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://optimize.google.com *.crazyegg.com https://*.onapsis.com https://www.google.com.co https://px4.ads.linkedin.com; frame-src 'self' 'unsafe-inline' https://www.youtube.com https://go.onapsis.com https://bid.g.doubleclick.net https://go.pardot.com https://boards.greenhouse.io https://js.driftt.com https://reg.sapinsideronline.com https://event.on24.com https://game.scratcher.io https://optimize.google.com https://s.company-target.com https://player.podigee-cdn.net; frame-ancestors 'self' https://*.on24.com; font-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://fonts.gstatic.com https://v2.zopim.com https://player.podigee-cdn.net; connect-src 'self' https://ekr.zdassets.com wss://widget-mediator.zopim.com https://news.c8.net.ua https://distillery.wistia.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://*.doubleclick.net https://t.influ2.com https://api.company-target.com https://scout.salesloft.com *.crazyegg.com https://scout.salesloft.com https://pageimprove.io https://analytics.google.com https://tag-logger.demandbase.com https://cdn.linkedin.oribi.io https://bam.nr-data.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' wss: *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp 1
frame-ancestors 'self' facebook.com *.facebook.com 1
frame-ancestors 'self' www.medecine.unige.ch; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss://umd.userlike.com; img-src 'self' https: data: blob: 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval';  frame-ancestors 'self' https://login.appeon.com;  1
frame-ancestors https://cc.kompanion.kg https://kompanion.kg https://www.kompanion.kg 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data:  *.truste.com *.trustarc.com *.modernizr.com *.vimeo.com *.hscollectedforms.net *.hsadspixel.net *.akamaihd.net cdnjs.cloudflare.com *.chromogenix.com code.jquery.com maps.googleapis.com *.jquery.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net cdn.datatables.net momentjs.com *.allibo.com js.hs-scripts.com consent.trustarc.com *.trustarc.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hs-banner.com *.hs-analytics.net track.hubspot.com *.izasamedical.es *.jsdelivr.net code.highcharts.com forms.hsforms.com *.licdn.com *.unpkg.com unpkg.com werfen.aistechnology.es js-eu1.hubspot.com *.hubspot.com *.hs-banner.com *.hsforms.com google.com *.hs-sites-eu1.com; worker-src 'self' 'unsafe-inline' blob: data:  *.werfen.com; style-src 'self' 'unsafe-inline' data:  *.truste.com *.trustarc.com *.jsdelivr.net cdn.datatables.net cdnjs.cloudflare.com *.akamaihd.net *.chromogenix.com code.jquery.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.izasascientific.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es *.aistechnology.es; img-src 'self' data: blob:  *.truste.com *.trustarc.com *.linkedin.com cdn.datatables.net *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.allibo.com *.trustarc.com track.hubspot.com cdnjs.cloudflare.com forms.hsforms.com *.aistechnology.es track-eu1.hubspot.com forms-eu1.hsforms.com *.hubspot.com  *.hs-banner.com  *.hsforms.com  *.google.com  *.hs-sites-eu1.com ; font-src 'self' data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.typekit.com *.googleapis.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com; object-src 'self' data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com; default-src 'self' data:  *.truste.com *.trustarc.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es; connect-src 'self' data:  api.hubapi.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es forms.hsforms.com forms.hubspot.com *.articulate.com wowza.aistechnology.es *.oribi.io forms-eu1.hscollectedforms.net *.hubspot.com *.hs-banner.com *.hsforms.com google.com *.hs-sites-eu1.com; child-src 'self' data:  *.vimeo.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.youtube.com forms.hsforms.com bcove.video werfen.aistechnology.es *.embedly.com *.hs-sites-eu1.com werfen.sharepoint.com; form-action 'self' data:  *.truste.com *.trustarc.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com ilservices.ilww.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es *.izasascientific.com forms.hsforms.com forms.hubspot.com; media-src 'self' blob: data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com wowza.aistechnology.es; report-to browser; 1
block-all-mixed-content; child-src 'self' https://checkout.stripe.com https://js.stripe.com; connect-src 'self' https://legalrobot.com wss://legalrobot.com https://*.stripe.com https://s3.amazonaws.com/files.legalrobot.com https://www.google-analytics.com https://s.legalrobot.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://s.legalrobot.com https://fonts.legalrobot.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.stripe.com; img-src 'self' https://*.stripe.com https://www.google-analytics.com data: blob: https://s.legalrobot.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://legalrobot.report-uri.com/r/d/csp/enforce; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox; script-src 'self' 'unsafe-eval' 'sha256-q/PvJ6Pb4ECcPRCo/TVSmUjsSnWCfHrBl/KGd1xaznM=' 'sha256-DFfzVdAzuBSrYaJl1CKaPV6+8Ok0JcpDZ9TXlqk/ND4=' 'sha256-lKeGPMX0eQn7XBcqkc/dWqqFU4RGbANEeBzk4gPH2Sc=' 'sha256-/2Nr0DURyeLk15Cv9t3jGbRmGbpee7DeSJAo87PJVTE=' 'sha256-32PU/Qm94hB544tyst+BjXCzYYcQK+OCgY4KeaqU9s8=' 'sha256-AAsmjL2rJpChx2IfaYPEM+cben4QTg4GLjB0qeYWvNU=' 'sha256-ttDcT9F8YnpWeNY0d1C0++IqjxDzhB6tAl+Z7UOKUQE=' https://www.google-analytics.com https://ajax.cloudflare.com https://*.stripe.com 'nonce-rdjx06gntBQZweylblIU' https://s.legalrobot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.legalrobot.com https://s.legalrobot.com; worker-src 'self' blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; media-src * 'self' https:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 1
connect-src 'self' https://unblocked-storefrontapi.nftco.com/graphql https://static.nftco.com api2.amplitude.com www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com analytics.tiktok.com api.ipify.org tr-shadow.snapchat.com tr.snapchat.com worldtimeapi.org; img-src 'self' data: asset-vfs.nftco.com general-vfs.nftco.com *.twimg.com ucpfarming-staging.nftco.com static.nftco.com static-staging.nftco.com www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com analytics.twitter.com t.co; media-src 'self' asset-vfs.nftco.com; script-src 'self' strict-dynamic 'sha256-JIpAeVpvRKWDV5Dtov8r2y/KzEdhyraCJzR9Kk9rQLg=' 'sha256-FiQ7rSiD//J6vlDADtpaciPGb8Q9IioZBwYHapsxYKo=' 'sha256-KLp99wml8BEyYSbT5q+qCgY8PPfA/8dgdcN/3R+Qf7w=' 'sha256-Hr7aLgUv7uLcCYF4DQoIIZPSoN/pT9cLp5fJbzsMVeE=' 'sha256-iUjKhtSwh0hJLZVU/jLX3I+hyJK4ZxpvClpteGRZAf8=' 'sha256-AiXrA00CSgO9yQ6mx59WGTZi58Pu6QlpYpiCDlF8u4M=' 'sha256-Eo4U05endpGU+fBQGoZEwd7G3S4QzCiWv6sgCtIBosA=' 'sha256-NIvDOGma9sIO7MqyhxBmdl587Wtj2WRu9ZSfj1rvxJo=' 'sha256-1yKdXKd7lQAir6B5rB6sdO5VpNY2fB5izYvqMlOYp6w=' 'sha256-K1IOfo2TX3hNr8pqZ1IQ7WH/j2SL0n4XF1vzbkXg+Wo=' 'sha256-06wjQVBybFE2DdYQD3fWQi4i6ur8vLPmtRqFTFbmX3g=' 'sha256-xKbceSJB/wNtQPv+CwAH+BZByjZx0UbNq0kRFhoItJk=' 'sha256-g62m4AK2K2v9VJU6madD6zv6wn+Ke7zAWLLf7EZrwN4=' 'sha256-AWzHfVLS/BmcK6UT6CijAL2uWZ1fBV0kQ7RAWYdiZ0A=' 'sha256-w3FMZsXj4fz6xmkwSZnrMIgvx38MdQ5rsk59G3Iv62Q=' 'sha256-SxZNeEeMux2cP7yCRWHln5fcvMTQbiPm4/w9l8XS09o=' 'sha256-pd0slDCxkLMH+ezhW5lNm5pcIqtpuvgN7zq2ZhKz9Oc=' 'sha256-noBM9MgAoDBwEXyQU4cfld57G/g/r1LvU1mXeUa4fa0=' 'sha256-L/LVFsoGJrx7ZVfQIkDarMrEBDYs1Ou8LeAxzc+UAFg=' 'sha256-3Iw4YiFAmdxI5tuxCC8UxItyEjpdkkbosfdiJXLy1G0=' 'sha256-1UyUvrKAVuyFIbo7QDsAqMaexKm/RpaGAEc0eTrBmiE=' 'sha256-CAZB5S7MIDCzGKmSDsPoJgneZKHelecefZV3eqnCtaY=' 'sha256-5oytNLJEM0eFl1e0nU5Tj2QZ1W6a2IMdO2MMb4IGG50=' 'sha256-4D0iLNY5nQz2o3EyFeOCFoG6ufhpIYrYH6O6eKjMCSg=' 'sha256-kmCMjqd3Qu5EQU2NrR8zeDC3MWHeWXelApTnJ9HhayA=' 'sha256-clccDDxevBtzsEoUzyHB9BRQ+r32JGfzfJ5vdjxdlM0=' 'sha256-FWS4Yt9VASXZSYTiBsTZ3wF63P76D+cpmXe0uLhh/9I=' 'sha256-YPw6IRKKfOLHDanloLIoUbXhAxECXv9E7mk1CiWPoo8=' 'sha256-bZ5yoRZ37L7iSbFw3TzG5KOtF+y59aUUmyFsX0GVGiI=' 'sha256-PPy7Q3ZWC4cmG6udnOb7olQwgHiwOXC+HJkO//HB3mQ=' 'sha256-P5/JL1/fcAXIPN3yFZ/J9poYLBG1NCHU8CRrNu4pwZY=' 'sha256-OiPpDsrZtttTXTL/Iib5sKR9Oj/As+TbiHoG8tuxfKk=' 'sha256-ErRceGf9harNDptiIhtXz7q41IamxjeJil6oOqabXng=' 'sha256-7u0yxX0HM4nLe6kwlcmCEg2gQOhOAsaOMA43zDn3ayQ=' 'sha256-3MsrZi9QCQNddbmU5u4fAENnA36ojYxi/jd5ekvzbs0=' 'sha256-X++WecWNBsoSSc95gVTfop1CHgCv8oxDtFh3U/es/fQ=' 'sha256-+Jin2AX/ZLZu66biP5YfmWFPQqFMTo/8jWSCKO4BTPg=' 'sha256-QJlHv7dYRzJ+UZPP7l7LZdE6bHxIXCxJUkSGgseMWu0=' 'sha256-FXWoqT63BuEfgbgZCUTFXDNBtrGlcBbd/daH4KOeYME=' 'sha256-rDud2t35+E5iOn0JRRbRVDi/6/8z405AKhZWdewuUXQ=' 'sha256-fPeyl0nHpm+bli8aTDeiU0a71hozojG9kAzfJ6F1D6Y=' 'sha256-gPODBzlefKH4fkh1eaLWWZv2VSGIsJznT7PwYMB5n4w=' 'sha256-5X75GG9dH3nbNsq7ukmQ7FCWHFJoHcp8YaSxicG1szQ=' 'sha256-k7AaMXffZHrbpgJGjeFfrZC8vzWHX/+RJhT4a5ettqc=' 'sha256-4LMmFn1RIM+udRixRrqyuFk5CGSQ46Ko7GjL006RhqE=' 'sha256-/Xh3UhukPpZa5rzDsXzOBPlIO55O4U9xWfev2mfAFWI=' 'sha256-Rv9snwCF0KfAM3JduFAanPipmCulVSoUeLo1BDvQYro=' 'sha256-MfnwKPMBy34r9XN9Q32uFrR6C/pCiuPqnKop0XnMwr4=' 'sha256-yNsZglPlA3mBw8pXV8l+xWaVv6vkdLwM9c4ldgVTR1I=' 'sha256-OxTnIZpaSD1cja5rWcS01MzfHakyfGUCXdWLch+ULx8=' 'sha256-/b2rIp6MP4O0VowjPfmRh/fEbbgo1t1dsdWgGYC3Ups=' 'sha256-R4oPoDAk9fvJFB+6xXLLNcWq2laExlGCjb7o4YoAsmI=' 'sha256-kF816SrBLbyNQa1MNfCMHEyzX5uOb8VIV4tO3m0NUas=' 'sha256-2RmJI2qVWcWc/BlrT9JIllRo1oN0HAY9WWXHWlRNhQ8=' 'sha256-/4anYuxI1O0dDtKD0ogVmWmk935E57RbP3j4OTxhazw=' 'sha256-DszziIyEKgur60i2Ap681atFJLPygAOLJP+1fPda/2g=' 'sha256-uGLCyYZk/+LGRmUVMN/PB0BOTDVHNrDpiHBNsEVSWWU=' 'sha256-+RC8G8dK5Ub5jEtg+KxGdQgXokTS3zHsSw3aH34u1cE=' 'sha256-b1tKoA0vjWrtmTW0cYBr96zvRk0MHTkCYOX+J/gAxn4=' https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://*.googletagmanager.com www.google-analytics.com analytics.tiktok.com static.ads-twitter.com sc-static.net tr-shadow.snapchat.com tr.snapchat.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://recaptcha.net/recaptcha/ www.facebook.com tr.snapchat.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; default-src 'none'; report-to main-endpoint 1
img-src *; form-action 'self' https://*.paypal.com; frame-ancestors *.gen.net.uk; block-all-mixed-content 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.beyable.com https://bam.eu01.nr-data.net https://cookiee1.veinteractive.com https://dtrc.veinteractive.com/FormMappings https://sessionapi.veinteractive.com https://static.stockmyfiles.com/script_parameters/p_ade675c31559efbc.json https://*.doubleclick.net https://s.ytimg.com https://www.youtube.com https://*.blob.core.windows.net https://cdn.jsdelivr.net https://*.onetrust.com https://qa.cwallet.couponnetwork.fr http://res.cloudinary.com https://www.googletagmanager.com www.google-analytics.com ajax.googleapis.com https://www.google.com https://www.google.fr https://track.effiliation.com https://x.bidswitch.net https://prod-cn-cdn1.azureedge.net https://www.googleadservices.com https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://cdn.cookielaw.org https://mastertag.effiliation.com https://bbd-tag.de https://adperform.fr https://track.adform.net https://catalina.imgix.net https://js-agent.newrelic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.beyable.com https://bam.eu01.nr-data.net/1/NRJS-778fc01e0c4d181247b https://js-agent.newrelic.com/nr-1208.min.js https:// https://config1.veinteractive.com https://time.time2perf.com/boot/request/ https://notifpush.com https://r.ad6media.fr https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://privacyportal-cdn.onetrust.com *.couponnetwork.fr https://apptracker.stream https://googleads.g.doubleclick.net https://www.gstatic.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.google.fr https://track.effiliation.com https://x.bidswitch.net https://prod-cn-cdn1.azureedge.net https://*.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.googleadservices.com https://code.jquery.com https://geolocation.onetrust.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://mastertag.effiliation.com https://bbd-tag.de https://adperform.fr https://track.adform.net https://bid.g.doubleclick.net; font-src 'self' https://privacyportal-cdn.onetrust.com https://fonts.gstatic.com https://catalina.imgix.net https://js-agent.newrelic.com data:; style-src 'unsafe-inline' 'self' https://privacyportal-cdn.onetrust.com https://www.google.com https://www.google.fr https://track.effiliation.com https://x.bidswitch.net https://prod-cn-cdn1.azureedge.net https://*.blob.core.windows.net https://fonts.googleapis.com https://geolocation.onetrust.com https://code.jquery.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://mastertag.effiliation.com https://bbd-tag.de https://adperform.fr; img-src 'self' https://img.youtube.com https://www.google.com https://www.google.fr https://track.effiliation.com https://x.bidswitch.net https://prod-cn-cdn1.azureedge.net https://www.google.com.ua https://*.blob.core.windows.net https://www.googletagmanager.com https://*.couponnetwork.fr https://www.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://connect.facebook.net http://res.cloudinary.com  https://catalina.imgix.net https://js-agent.newrelic.com data:; frame-src 'self' blob: https://gjigle.com config1.veinteractive.com https://*.id.amgdgt.com https://www.google.com https://www.google.fr https://track.effiliation.com https://x.bidswitch.net https://prod-cn-cdn1.azureedge.net https://*.facebook.com https://r.turn.com https://appanalytics.press https://www.youtube.com https://connect.facebook.net https://bid.g.doubleclick.net https://catalinamarketing.wufoo.com https://catalina.imgix.net https://js-agent.newrelic.com; 1
frame-ancestors http://dev.partner2022.banner.abm.at https://*.bannerbatterien.com ; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com/; connect-src 'self' https://app.obi4wan.ai https://chatapi.obi4wan.com https://cdn1.readspeaker.com https://www.google-analytics.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://region1.google-analytics.com https://cloudstatic.obi4wan.com https://obipubvideo.s3.eu-central-1.amazonaws.com wss://cloudstatic.obi4wan.com wss://ws-eu.pusher.com; frame-src 'self' https://www.youtube.com https://video-player.scribit.pro; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' https://deventer.parantion.nl; script-src 'self' https://www.google-analytics.com https://cloudstatic.obi4wan.com https://cdn1.readspeaker.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://video-player.scribit.pro 'nonce-1eP+165GiDtcFPn1nGtE7Q=='; media-src 'self' https://scribit-pro-hosting.storage.googleapis.com https://youtube.com; img-src 'self' data: https://img.youtube.com https://deventerstroomt.nl/ https://www.oranjekwartierdeventer.nl https://www.deventer.nl/ https://stroomt.deventer.nl/ https://oranjekwartier.deventer.nl/ https://cloudstatic.obi4wan.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com:* *.googletagmanager.com:* *.addtoany.com:* *.google-analytics.com:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com:* *.umanizales.edu.co:*; report-uri /report-csp-violation; upgrade-insecure-requests 1
img-src https://www.googletagmanager.com data: https://track-eu1.hubspot.com https://bravebison.com https://www.google.com.eg https://www.google.co.in https://www.google.co.uk https://forms-eu1.hsforms.com https://px.ads.linkedin.com https://images.ctfassets.net https://www.google.com https://downloads.ctfassets.net https://www.google-analytics.com https://pos.baidu.com https://imgsct.cookiebot.com 1
frame-ancestors 'self' https://*.eleiko.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com connect.facebook.net platform.twitter.com maps.googleapis.com insight.adsrvr.org js.adsrvr.org td.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net static.ads-twitter.com acdn.adnxs.com www.google.ca; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com tagmanager.google.com www.gstatic.com; font-src 'self' fonts.cdnfonts.com *.fonts.gstatic.com fonts.gstatic.com data:; connect-src 'self' res.cloudinary.com vitals.vercel-insights.com graph.facebook.com assets.metrolinx.com https://api.gotransit.com ae72qusyyn-dsn.algolia.net ae72qusyyn-3.algolianet.com ae72qusyyn-2.algolianet.com ae72qusyyn-1.algolianet.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com ets.upexpress.com; img-src 'self' res.cloudinary.com cloudinary.com assets.metrolinx.com i.ytimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleads.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com *.facebook.com data:; media-src 'self' blob: res.cloudinary.com assets.metrolinx.com; frame-src www.youtube.com www.google.com www.instagram.com www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com *.g.doubleclick.net maps.metrolinx.com ets.upexpress.com 1
default-src 'self' https://onoffmix.com https://*.onoffmix.com https://*.facebook.com https://*.google.com https://*.iamport.kr https://*.channel.io;  connect-src 'self' https://translate.googleapis.com wss://*.channel.io https://*.channel.io https://collector-api-general.zaikorea.org https://*.kakao.com https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://*.widerplanet.com https://*.amplitude.com https://*.doubleclick.net https://*.google.com https://bam.nr-data.net https://www.facebook.com https://*.clarity.ms https://*.google-analytics.com https://onesignal.com https://*.onesignal.com https://*.gstatic.com https://onoffmix.com https://*.onoffmix.com wss://onoffmix.com wss://*.onoffmix.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.channel.io https://js.sentry-cdn.com https://*.googleapis.com https://scripts.zaikorea.org https://*.daumcdn.net https://chai.finance https://unpkg.com https://momentjs.com https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://cdnjs.cloudflare.com https://*.kakao.com https://*.kakaocdn.net https://*.apple.com https://*.cdn-apple.com https://*.newrelic.com https://*.iamport.kr https://onoffmix.com https://*.onoffmix.com https://bam.nr-data.net https://*.newrelic.com https://pixel.mathtag.com https://*.widerplanet.com https://nrbe.pstatic.net https://*.amplitude.com https://connect.facebook.net https://*.widerplant.com https://*.clarity.ms https://*.googletagmanager.com https://*.google-analytics.com https://onesignal.com https://*.onesignal.com https://*.googlesyndication.com https://*.naver.com https://openapi.map.naver.com https://wcs.naver.net https://*.google.com https://*.google.co.kr https://*.doubleclick.net https://*.gstatic.com;  style-src 'self' 'unsafe-inline' https://onoffmix.com https://*.onoffmix.com https://www.gstatic.com https://*.googleapis.com https://fonts.googleapis.com https://onesignal.com;  font-src 'self' data: https://onoffmix.com https://*.onoffmix.com https://fonts.gstatic.com;  frame-src 'self' https://*.map.daum.net https://*.buttr.dev https://*.codenbutter.com https://buttr.dev https://*.naver.com https://*.kakao.com https://onoffmix.com https://*.onoffmix.com https://*.iamport.kr https://www.facebook.com https://pixel.mathtag.com https://astg.widerplanet.com https://*.doubleclick.net https://*.google.com https://*.iamport.kr https://*.youtube.com;  object-src 'none';  img-src * 'self' data: https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://carlsoncraft.com https://ssl.google-analytics.com https://www.google-analytics.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://www.googleadservices.com https://static.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://code.jquery.com https://maps.googleapis.com https://livechat.boldchat.com https://platform-api.sharethis.com https://*.sharethis.com https://connect.facebook.net https://ajax.googleapis.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://graph.facebook.com https://api-public.addthis.com https://widgets.pinterest.com https://widgets.pinterest.com https://assets.pinterest.com https://edge.addthis.com http://static.hotjar.com https://googleads.g.doubleclick.net https://bat.bing.com; img-src * 'self' data: https://carlsoncraft.com https://ssl.google-analytics.com https://www.google-analytics.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://www.googleadservices.com https://static.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://code.jquery.com https://maps.googleapis.com https://livechat.boldchat.com https://platform-api.sharethis.com https://*.sharethis.com https://connect.facebook.net https://ajax.googleapis.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://graph.facebook.com https://api-public.addthis.com https://widgets.pinterest.com https://widgets.pinterest.com https://assets.pinterest.com https://edge.addthis.com http://static.hotjar.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://carlsoncraft.com https://fonts.googleapis.com http://fonts.googleapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com; font-src 'self'  data: https://carlsoncraft.com https://netdna.bootstrapcdn.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com https://fonts.gstatic.com https://script.hotjar.com http://script.hotjar.com; frame-src 'self' https://carlsoncraft.com https://www.youtube.com https://*.fls.doubleclick.net https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://googleads.g.doubleclick.net https://vars.hotjar.com https://livechat.boldchat.com https://c.sharethis.mgr.consensu.org https://www.facebook.com https://s7.addthis.com https://assets.pinterest.com https://edge.addthis.com https://www.google.com; connect-src 'self' data: wss: https://carlsoncraft.com https://www.google-analytics.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://vms.boldchat.com http://blog.carlsoncraft.com https://in.hotjar.com https://vc.hotjar.io https://*.sharethis.com https://m.addthis.com https://www.facebook.com https://graph.facebook.com https://stats.g.doubleclick.net wss://*.hotjar.com https://vc.hotjar.io:* https://*.hotjar.com:* http://*.hotjar.com:* https://s7.addthis.com https://metrics.hotjar.io https://maps.googleapis.com https://visitor-services.boldchat.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self' https:; img-src 'self' data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; plugin-types application/pdf; frame-ancestors 'none'; object-src 'none'; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.quantcount.com *.bunny.net *.googleapis.com *.jsdelivr.net code.jquery.com *.gstatic.com *.google.com *.bootstrapcdn.com *.googletagmanager.com *.typekit.net *.bing.com *.clarity.ms *.doubleclick.net *.googleoptimize.com *.google-analytics.com *.callrail.com unpkg.com *.facebook.net *.googlesyndication.com *.spinutech.com *.sitescout.com addsearch.com *.addsearch.com *.cloudfront.net *.searchcdn.com *.browserstack.com wss://*.browserstack.com *.linkedin.oribi.io; img-src * 'self' data:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.spinutech.com accounts.google.com *.facebook.com; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' *.searchcdn.com addsearch.com *.activehosted.com *.quantcount.com *.perfectaudience.com *.clarity.ms *.convertexperiments.com *.gstatic.com *.google.com *.marketingautomation.services *.facebook.net *.bing.com *.hotjar.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.ads-twitter.com *.licdn.com *.googletagmanager.com *.nice-incontact.com *.jquery.com *.jsdelivr.net *.googleapis.com ; frame-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.marketingautomation.services *.youtube.com *.nice-incontact.com ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-7a530ab9abffd72e276bc61ee8fd1c28'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src-elem www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net cdn.userway.org/ *.google.com *.gstatic.com https://display.ugc.bazaarvoice.com https://apps.bazaarvoice.com cdn-cookieyes.com cdn.userway.org *.elfsight.com *.bazaarvoice.com js.braintreegateway.com static.klaviyo.com *.google-analytics.com s.pinimg.com static.ads-twitter.com connect.facebook.net *.securedvisit.com static-na.payments-amazon.com maps.googleapis.com static-tracking.klaviyo.com googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com *.paypal.com https://safevisit.online *.agkn.com track.sv.rkdms.com https://mpsnare.iesnare.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem https://display.ugc.bazaarvoice.com https://cdn.userway.org/ *.typekit.net https://apps.bazaarvoice.com *.googleapis.com *.klaviyo.com https://maxcdn.bootstrapcdn.com *.securedvisit.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.googletagmanager.com *.google.com *.fontawesome.com https://use.typekit.net *.securedvisit.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.googletagmanager.com *.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.securedvisit.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk bid.g.doubleclick.net tst.kaptcha.com *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com track.securedvisit.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://ssl.kaptcha.com *.securedvisit.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ dhccare.com www.dhccare.com cdn.userway.org scp2.elfsightcdn.com t.co analytics.twitter.com googleads.g.doubleclick.net bat.bing.com www.google.com www.google.by d3k81ch9hvuctc.cloudfront.net maps.gstatic.com static-na.payments-amazon.com *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com track.securedvisit.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.googletagmanager.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://a.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com cdn-cookieyes.com phosphor.utils.elfsightcdn.com *.securedvisit.com phosphor.ivanenko.workers.dev data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.plugins.emarsys.net *.scarabresearch.com cdn.userway.org apps.elfsight.com static.elfsight.com bat.bing.com s.pinimg.com api.bluecore.com cdn.bluecore.com googleads.g.doubleclick.net maps.googleapis.com apps.bazaarvoice.com js-agent.newrelic.com googleoptimize.com assets.sitescdn.net *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com track.securedvisit.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.nice-incontact.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.securedvisit.com *.agkn.com *.cdn-cookieyes.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com fonts.googleapis.com *.bazaarvoice.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com track.securedvisit.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.googletagmanager.com *.google.com *.fontawesome.com unsafe-inline display.ugc.bazaarvoice.com *.securedvisit.com 'self' 'unsafe-inline'; object-src *.securedvisit.com 'self' 'unsafe-inline'; media-src *.adobe.com *.securedvisit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.scarabresearch.com *.eservice.emarsys.net api.userway.org apps.elfsight.com api.instacloud.io googleads.g.doubleclick.net storage.googleapis.com www.google.com stats.g.doubleclick.net bat.bing.com onsitestats.bluecore.com api.bluecore.app maps.googleapis.com apps.bazaarvoice.com js-agent.newrelic.com googleoptimize.com assets.sitescdn.net *.bazaarvoice.com storage.elfsight.com *.nr-data.net *.iesnare.com *.userway.org *.pinterest.com track.sv.rkdms.com track.securedvisit.com *.ads-twitter.com *.facebook.com *.sky.shoretel.com *.klaviyo.com *.googletagmanager.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cookieyes.com cdn-cookieyes.com *.securedvisit.com core.service.elfsight.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://monitor.nationalresearch.com 1
default-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com  data:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce--3OWGC4e3NSE-QCKktTwpQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
connect-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' www.google-analytics.com; 1
style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kampyle.com https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://directus-p.prod.dfgnrk.aws.generali-cloud.it region1.google-analytics.com region1.analytics.google.com https://*.kampyle.com https://optanon.blob.core.windows.net www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com/ https://optimize.google.com https://*.google.com https://*.google.it https://*.doubleclick.net; connect-src 'self' https://*.kampyle.com region1.google-analytics.com region1.analytics.google.com https://*.onetrust.com https://*.google.com https://*.google.it https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://idcs-d2faa85e846c427eab40416f5fd0d09b.identity.oraclecloud.com https://api.genertel.com https://apigateway.generali.it https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.ampproject.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.kampyle.com https://gnrali-gbspeg-prod1.pegacloud.net https://amp.onetrust.mgr.consensu.org https://www.youtube.com https://player.vimeo.com/ https://www.google.com https://optimize.google.com https://*.doubleclick.net; script-src 'self' 'unsafe-eval' 'sha256-CIv65byxCO8mtfyoF2L6mF4g7LmTeHEDz92oW+X5/fY=' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' https://www.googleoptimize.com https://*.kampyle.com https://optimize.google.com www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.ampproject.org https://gnrali-gbspeg-prod1.pegacloud.net https://api.genertel.com https://cdn.cookielaw.org https://geolocation.onetrust.com; default-src 'self'; object-src 'none'; base-uri 'self' https://*.kampyle.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost: * https://stats.g.doubleclick.net https://www.google-analytics.com wss://localhost:44399 movinghelp.com movinghelpd.com cdnjs.cloudflare.com https://localhost pwctag.uhaul.com www.googletagmanager.com unpkg.com https://bing.com https://virtualearth.com pwc.uhaul.com maxcdn.bootstrapcdn.com data: media.uhaul.net  http://localhost:* beta.uhaul.com; 1
default-src 'self'; connect-src 'self' *.obos.no *.snapchat.com *.apicdn.sanity.io *.api.sanity.io *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org wss://*.hotjar.com https://*.amplitude.com https://*.googlesyndication.com https://*.clarity.ms https://*.sentry.io https://*.google.no https://*.bing.com https://youtube.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com https://surveystats.hotjar.io https://cookies-data.onetrust.io/bannersdk https://www.facebook.com/tr dc.services.visualstudio.com *.linkedin.com https://res.cloudinary.com *.itxuc.com *.gobistories.com; frame-src 'self' www.youtube.com https://vars.hotjar.com https://*.snapchat.com *.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://ff3ec978a09f495ab4ee8aa400e16e94.svc.dynamics.com/ *.itxuc.com; font-src 'self' script.hotjar.com https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: blob: *.obos.no *.doubleclick.net *.google-analytics.com *.hotjar.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org res.cloudinary.com www.googletagmanager.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.adnxs.com https://*.mookie1.com https://*.facebook.com https://*.linkedin.com https://*.snapchat.com https://*.episerver.net https://*.bing.com https://www.google.no https://optanon.blob.core.windows.net; media-src 'self' blob: res.cloudinary.com *.obos.no *.gobistories.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.obos.no *.doubleclick.net *.youtube.com *.googletagmanager.com *.gstatic.com static.hotjar.com *.analytics.google.com https://*.google-analytics.com https://*.clarity.ms https://*.episerver.net https://*.adnxs.com https://*.amplitude.com https://*.snapchat.com https://cdn.cookielaw.org https://script.hotjar.com https://cdn.mookie1.com https://connect.facebook.net https://siteimproveanalytics.com https://snap.licdn.com https://sc-static.net https://bat.bing.com https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.7.1/dist/index.js https://unpkg.com/@gobistories/gobi-web-integration *.itxuc.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.itxuc.com; worker-src 'self' blob:; 1
default-src https: data: 'self' *.rpsgroup.com; frame-src 'self' dashboards.webreality.co.uk https://*.doubleclick.net https://*.google.com *.vimeo.com *.hsforms.com https://*.livestorm.co *.hubspot.com *.alchemer.eu *.youtube.com *.bcast.fm *.rpsgroup.com rpspd.maps.arcgis.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google-analytics.com *.googletagmanager.com *.fonts.net *.createsend1.com google.com *.google.com *.googleapis.com gstatic.com *.gstatic.com cdn.3cx.com *.vimeo.com *.marker.io *.onetrust.com *.hotjar.com *.luckyorange.com *.licdn.com *.hubspot.com *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.usemessages.com *.doubleclick.net *.stackadapt.com *.juicer.io *.rpsgroup.com cdn-cookieyes.com px.ads.linkedin.com *.tidio.co *.tidiochat.com; img-src 'self' data: https: *.google-analytics.com google-analytics.com google-analytics.com *.umbraco.org gravatar.com *.gravatar.com gstatic.com *.gstatic.com i1.wp.com *.rpsgroup.com *.tidiochat.com; style-src 'self' 'unsafe-inline' *.fonts.net *.cloudfront.net *.typekit.net *.googleapis.com fonts.googleapis.com *.luckyorange.com *.juicer.io *.stackadapt.com *.rpsgroup.com *.tidiochat.com; frame-ancestors 'self' consultationspace.com www.rpsgroup.com rps.wrcdn.net toneofvoice.rpsgroup.com *.rpsgroup.com; connect-src 'self' *.analytics.google.com analytics.google.com *.doubleclick.net https://*.cookiescan.com https://*.google-analytics.com *.marker.io *.onetrust.com *.googlesyndication.com *.luckyorange.com *.hubapi.com *.hubspot.com *.hscollectedforms.net *.visitors.live/ajax *.linkedin.oribi.io *.googleapis.com *.stackadapt.com *.hsforms.com *.amazonaws.com *.juicer.io wss: *.hotjar.io *.rpsgroup.com px.ads.linkedin.com *.cookieyes.com cdn-cookieyes.com *.google.com *.tidiochat.com; font-src 'self' d3e85ikkjrhqme.cloudfront.net *.typekit.net *.gstatic.com *.googleapis.com *.juicer.io *.rpsgroup.com *.tidiochat.com; 1
default-src 'self' gap: blob: ws: content: data: *.bootstrapcdn.com *.cloudflare.com *.unpkg.com *.jsdelivr.net *.hotjar.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google.com.mx *.google.com *.googleusercontent.com *.facebook.net *.doubleclick.net *.licdn.com *.gstatic.com *.twitter.com *.facebook.com *.linkedin.com *.adsymptotic.com t.co *.finvero.com *.firebaseapp.com *.hs-scripts.com *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hs-analytics.net *.hubspot.com *.hsforms.com *.hs-sites.com *.hsforms.net; media-src 'self' https:; style-src * 'unsafe-inline'; connect-src 'self' https: ws:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-qAQ5x+MG4yoDykBAJTI+mQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://geekdom.social; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob: data: blob; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-UZr/5VQdOv77+qbWww2Bnw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://player.vimeo.com/ https://www.youtube.com/ https://web-sdk-eu.aptrinsic.com/ https://app-script.monsido.com/ https://heatmaps.monsido.com/ https://pagecorrect.monsido.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://web-sdk-eu.aptrinsic.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; img-src 'self' data: https://tracking.monsido.com/; font-src 'self' https://fonts.gstatic.com/ https://*.cloudfront.net/; frame-src 'self' https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://indd.adobe.com https://*.videomarketingplatform.co https://stream.hoyesterett.no/; connect-src 'self' https://vimeo.com/ https://esp-eu.aptrinsic.com/ https://heatmaps.monsido.com/ https://pagecorrect.monsido.com/ https://tracking.monsido.com/;  upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://moth.social; img-src 'self' https: data: blob: https://moth.social; style-src 'self' https://moth.social 'nonce-mJn/Sm82EKAq+CzYk1Jskg=='; media-src 'self' https: data: https://moth.social; frame-src 'self' https:; manifest-src 'self' https://moth.social; form-action 'self'; child-src 'self' blob: https://moth.social; worker-src 'self' blob: https://moth.social; connect-src 'self' data: blob: https://moth.social https://s3-us-west-2.amazonaws.com wss://moth.social; script-src 'self' https://moth.social 'wasm-unsafe-eval' 1
frame-ancestors https://bosbank.pl https://www.bosbank.pl https://wnioski.bosbank.pl/ords/f?p=FORMULARZE_WWW:KONTAKT_1::9 1
sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-storage-access-by-user-activation allow-top-navigation-by-user-activation allow-top-navigation-to-custom-protocols; 1
default-src https://* 'unsafe-inline' wss://vts.zohopublic.com data:; script-src 'self' 'unsafe-inline' bukuwarung.com *.bukuwarung.com *.appsflyer.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.google-analytics.com cdn.jsdelivr.net *.facebook.net *.tiktok.com *.youtube.com *.google.com maxcdn.bootstrapcdn.com *.gstatic.com cdnjs.cloudflare.com *.zoho.com *.zohostatic.com *.zohocdn.com; frame-ancestors 'self' https://staging.d22bg8i31pway2.amplifyapp.com https://main1.d1degc53co1v55.amplifyapp.com https://develop.d3co3nb2lpfoig.amplifyapp.com https://api-dev.bukuwarung.com/mx-mweb https://api-staging-v1.bukuwarung.com/mx-mweb https://api-v3.bukuwarung.com/mx-mweb; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.example.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.youtube.com *.ytimg.com; img-src 'self' *.solve360.com *.youtube.com *.ytimg.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.solve360.com; frame-src 'self' https://www.google.com/recaptcha/ *.youtube.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://*.solve360.com; media-src media.solve360.com; 1
default-src 'self'; connect-src *; font-src *; child-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
object-src 'none'; child-src https: data: blob:; script-src 'self' *.allcomponent.org cdnjs.cloudflare.com code.jquery.com *.google.com *.betgames.tv *.snippet.antillephone.com *.paygiga.com netent-static.casinomodule.com *.livechatinc.com cdn.livechatinc.com *.liveperson.net *.lpsnmedia.net *.googletagmanager.com *.google-analytics.com *.aitcloud.de *.betradar.com *.akamaized.net *.gstatic.com cdnstatic.thstatic.com  games.spigo.com google-analytics.com virtual.golden-race.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.hostplus.com.au; 1
default-src 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; img-src * data: https://script.hotjar.com http://script.hotjar.com; 1
default-src 'self' yandex.ru yastatic.net www.youtube.com www.instagram.com mc.yandex.ru mc.yandex.com api.pro.yandex beta.api.pro.taxi.yandex.net platform.twitter.com proyandex.api.taxi.tst.yandex.net www.instagram.com www.youtube.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com; frame-src yandex.ru frontend.vh.yandex.ru *.yandex.ru yastatic.net www.youtube.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru abt.s3.yandex.net yastatic.net www.youtube.com mc.yandex.ru mc.yandex.com www.instagram.com platform.twitter.com www.google-analytics.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com ssl.google-analytics.com; connect-src 'self' yandex.ru yastatic.net uaas.yandex.ru www.youtube.com api.pro.yandex googleads.g.doubleclick.net mc.yandex.ru mc.yandex.com pro.yandex.ru pro.yandex.com pro.yango.com; style-src 'self' 'unsafe-inline' yandex.ru yastatic.net www.youtube.com ajax.cloudflare.com fonts.googleapis.com; font-src 'self' yandex.ru yastatic.net www.youtube.com ajax.cloudflare.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' yandex.ru yastatic.net mc.yandex.ru mc.yandex.com www.youtube.com img.youtube.com storage.yandexcloud.net www.google.com.ua www.google.com www.google-analytics.com ajax.cloudflare.com www.w3.org avatars.mds.yandex.net blob: data:; object-src 'self' yandex.ru yastatic.net www.youtube.com api.pro.yandex; media-src 'self' yandex.ru yastatic.net www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fedica.com *.tweepsmap.com tweepsmap.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.giphy.com; img-src 'self' data: blob:  https://*; media-src 'self' data: blob: https://*;font-src 'self' data: *.fedica.com https://*.googleusercontent.com https://*.gstatic.com;frame-src 'self' https://www.youtube.com https://*.facebook.com https://*.google.com https://*.linkedin.com; report-uri https://fedica.com/health/csp; 1
default-src 'self'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' https: www.google-analytics.com https: *.googleapis.com https: www.googletagmanager.com https: *.google.com https: *.gstatic.com https: *.cloudfront.net https: *.youtube.com  https: *.ytimg.com https: *.usercentrics.eu; style-src https: 'self' 'unsafe-inline' https: *.cloudfront.net; img-src data: 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com https: *.youtube.com; frame-src 'self' http: *.grawe.hu *.grawe.bg https: *.google.com https: *.youtube.com; connect-src 'self' https: *.grawe.at; font-src 'self' data: *.cloudfront.net *.gstatic.com *.grawe.at *.usercentrics.eu; media-src 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com 1
connect-src 'self' *.pingdom.net forms.hsforms.com forms.hscollectedforms.net *.google-analytics.com stats.g.doubleclick.net cdn.linkedin.oribi.io *.paypal.com *.sandbox.paypal.com; default-src 'self' 'unsafe-inline'; font-src 'self' data: use.typekit.net fonts.gstatic.com; frame-src *.google.com *.youtube-nocookie.com forms.hsforms.com *.paypal.com *.sandbox.paypal.com; img-src 'self' data: *.pingdom.net p.typekit.net *.gravatar.com img.youtube.com *.ytimg.com *.doubleclick.net *.google.co.uk *.google.com *.google-analytics.com px.ads.linkedin.com linkedin.com www.linkedin.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com cdn.jsdelivr.net addevent.com *.addevent.com *.pingdom.net use.typekit.net cdnjs.cloudflare.com *.youtube.com *.ytimg.com js.hsforms.net forms.hsforms.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com snap.licdn.com *.paypal.com *.sandbox.paypal.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self'; base-uri 'self';frame-ancestors 'self';frame-src 'self' https://*.google.com https://isni.oclc.org;object-src 'none';form-action 'self';worker-src 'none';connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com;upgrade-insecure-requests;img-src 'self' data: https://www.bibdsl.co.uk https://*.foxycart.com https://www.google-analytics.com https://*.google.com https://*.ytimg.com;script-src 'self' https://*.foxycart.com https://books.google.co.uk https://books.google.com https://www.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdn.foxycart.com https://cdnjs.cloudflare.com https://fonts.googleapis.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com;report-uri violationReportForCSP.php;report-to violationReportForCSP.php; 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://*.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com wss://*.onlim.com https://*.onlim.com; media-src https://* 1
frame-ancestors 'self' *.interislander.co.nz 1
default-src  'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nrgenergy.com https://*.ads-twitter.com/ https://*.tiktok.com https://*.hotjar.com https://js.adsrvr.org/up_loader.1.1.0.js https://*.clarity.ms/s/0.6.34/clarity.js https://stg-wheelock.nrg.com https://wheelock.nrg.com https://cirro.egain.cloud https://cloud-us.analytics-egain.com https://analytics.analytics-egain.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://reliantenergy.sc.omtrdc.net *.bbb.org https://ajax.googleapis.com https://googleads.g.doubleclick.net https://rules.quantcount.com https://*.hotjar.io https://*.hotjar.com https://reliant.egain.cloud https://www.googleadservices.com https://beacon.krxd.net https://consumer.krxd.net https://*.cirroenergy.com https://reliantenergyretails.tt.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com https://analytics.analytics-egain.com https://assets.adobedtm.com https://www.googletagmanager.com https://bat.bing.com https://secure.quantserve.com https://*.contentsquare.net  https://app.leadsrx.com https://nrg.allegiancetech.com https://cdn.krxd.net https://connect.facebook.net https://siteintercept.allegiancetech.com https://*.cirroenergy.com *.contentsquare.net contentsquare.com https://www.google.com/pagead/conversion_async.js; style-src 'self' 'unsafe-inline' https://use.typekit.net https://*.hotjar.com *.bbb.org https://*.cirroenergy.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://use.fontawesome.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://dev.cirroenergy.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com  https://*.sfmc-content.com https://match.adsrvr.org/ https://insight.adsrvr.org https://reliant.egain.cloud https://analytics.analytics-egain.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://cdn.krxd.net csxd.cirroenergy.com; child-src blob:; img-src 'self' data: * *.contentsquare.net https://*.hotjar.com; font-src * https://*.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://bf94493cun.bf.dynatrace.com https://*.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  https://*.clarity.ms/collect wss://ws26.hotjar.com/api/v2/client/ws https://bat.bing.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.doubleclick.net https://dpm.demdex.net https://*.hotjar.io https://*.hotjar.com https://*.contentsquare.net https://api.ipify.org https://app.leadsrx.com https://*.cirroenergy.com https://www.google-analytics.com https://reliantenergyretails.tt.omtrdc.net https://reliantenergy.sc.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com *.contentsquare.net; worker-src blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://service.pdok.nl https://kadasterbv.containers.piwik.pro https://kadasterbv.piwik.pro; connect-src 'self' https://service.pdok.nl https://api.pdok.nl https://geodata.nationaalgeoregister.nl https://kadasterbv.piwik.pro https://api.kadaster.nl; img-src 'self' https://service.pdok.nl https://api.pdok.nl https://geodata.nationaalgeoregister.nl https://www.toegankelijkheidsverklaring.nl; frame-src 'self'; frame-ancestors 'none' 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.homesdirect365.co.uk; base-uri 'self' 1
report-uri https://tikweb.ir/portal; 1
img-src 'self' data: https://bat.bing.com/ https://tr-rc.lfeeder.com/ https://cdn.trustpilot.net/ https://auctim.com/ https://*.hubspot.com https://*.hsforms.com/ https://tr.lfeeder.com/ https://*.trustpilot.com https://www.auctim.com https://www.incimages.com https://ak.picdn.net https://media-exp3.licdn.com https://*.oracle.com https://connect.facebook.net https://c.bing.com https://c.clarity.ms https://www.googletagmanager.com https://www.google.si https://www.google.be  https://www.google.com https://www.linkedin.com https://www.facebook.com https://px.ads.linkedin.com  https://*.oraclecloud.com ;font-src 'self' data: https://static.oracle.com https://fonts.gstatic.com https://use.typekit.net https://fonts.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://wsdev.auctim.com wss://wsdev.auctim.com wss://websocket4.apexrnd.be/ https://websocket4.apexrnd.be/ https://secure.intuitive-intuition.com/ https://region1.google-analytics.com/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com https://bat.bing.com/ https://forms-eu1.hscollectedforms.net/ https://td.doubleclick.net/ https://googleads.g.doubleclick.net/ https://*.analytics.google.com https://*.google-analytics.com/ https://forms-eu1.hscollectedforms.net/ https://content.hotjar.io https://cdn.linkedin.oribi.io https://www.googleadservices.com/ https://pagead2.googlesyndication.com/ https://*.hubapi.com/ https://*.hs-analytics.net/ https://collector.leadinfo.net/com.snowplowanalytics.snowplow/tp2 https://*.hubspot.com/ https://api.leadinfo.com/ https://collector.leadinfo.net/ https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/fb.js https://sc.lfeeder.com/ https://sc.lfeeder.com/ https://cdn.leadinfo.net/ping.js https://js-eu1.hs-scripts.com/ https://widget.trustpilot.com/ https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://youtube.com https://www.gstatic.com https://privacyportal.cookiepro.com https://api.ipify.org https://geolocation.onetrust.com http://*.oraclecloud.com https://*.auctim.com https://www.google.si https://wsap.auctim.com wss://wsap.auctim.com wss://websocket.apexrnd.be https://websocket.apexrnd.be wss://*.hotjar.com https://www.google.com  https://*.bing.com https://*.typekit.net https://*.linkedin.com https://*.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://snap.licdn.com https://*.clarity.ms https://cookie-cdn.cookiepro.com https://www.facebook.com https://www.googletagmanager.com https://*.facebook.net https://objectstorage.eu-frankfurt-1.oraclecloud.com https://use.typekit.net https://fonts.gstatic.com https://static.oracle.com https://fonts.googleapis.com 1
frame-ancestors 'self' share.mackenzieinvestments.com mackenzie.seismic.com tiled-hub-prod-westus-az.seismic.com; 1
default-src 'self'; child-src *.adyen.com; connect-src 'self' https://api.tracklib.com *.sentry.io graph.facebook.com *.facebook.com https://vitals.vercel-insights.com/v1/vitals s3-eu-west-1.amazonaws.com/tlb.mp.static/s/ https://frontend-d7e9bh1v5-tracklib.vercel.app *.adyen.com *.storyblok.com *.paypal.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com d3nif59mryldix.cloudfront.net downloads.test.tracklib.com wss://downloads.test.tracklib.com downloads.tracklib.com wss://downloads.tracklib.com d16rld81n68o3g.cloudfront.net d1q68655ah1zmx.cloudfront.net *.cookiebot.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com analytics.pangle-ads.com static.ads-twitter.com analytics.twitter.com t.co bat.bing.com *.clarity.ms *.facebook.com *.customer.io accounts.google.com *.googleapis.com *.gist.build; font-src 'self' data: dk4zsyqx3njrp.cloudfront.net *.hotjar.com; frame-src 'self' https://api.tracklib.com www.youtube.com *.instagram.com open.spotify.com *.adyen.com *.paypal.com *.cookiebot.com *.hotjar.com a.storyblok.com plugins.storyblok.com *.google.com blob: data *.gist.build; img-src 'self' *.bing.com *.google.com *.google.se *.tracklib.com/static/images/ tlb-test-private.s3.amazonaws.com *.hotjar.com *.adyen.com d2umolmz9zcmr8.cloudfront.net *.paypal.com s3.eu-west-1.amazonaws.com/tlb.web.mediafiles/ *.storyblok.com *.cookiebot.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com analytics.pangle-ads.com static.ads-twitter.com analytics.twitter.com t.co bat.bing.com *.clarity.ms *.facebook.com *.customer.io data: blob:; media-src 'self' data: d3nif59mryldix.cloudfront.net d1n23ssx177y99.cloudfront.net d1crpx7nwhenps.cloudfront.net dzjiezq5aqmg2.cloudfront.net da9ovlny9o3pu.cloudfront.net s3-eu-west-1.amazonaws.com/tlb.mp.static/s/ s3.eu-west-1.amazonaws.com/tlb.web.mediafiles/ *.storyblok.com *.cdninstagram.com d16rld81n68o3g.cloudfront.net d1q68655ah1zmx.cloudfront.net; script-src-elem 'self' *.paypal.com *.instagram.com *.storyblok.com connect.facebook.net *.cookiebot.com *.hotjar.com browser-update.org *.google-analytics.com *.googletagmanager.com analytics.tiktok.com analytics.pangle-ads.com static.ads-twitter.com analytics.twitter.com t.co bat.bing.com *.clarity.ms *.facebook.com *.customer.io *.google.com *.gstatic.com *.customer.io *.gist.build 'unsafe-inline'; script-src 'self' *.paypal.com *.instagram.com *.storyblok.com connect.facebook.net *.cookiebot.com *.hotjar.com browser-update.org *.google-analytics.com *.googletagmanager.com analytics.tiktok.com analytics.pangle-ads.com static.ads-twitter.com analytics.twitter.com t.co bat.bing.com *.clarity.ms *.facebook.com *.customer.io *.google.com *.gstatic.com *.customer.io *.gist.build; style-src 'self' 'unsafe-inline' data: d16rld81n68o3g.cloudfront.net dk4zsyqx3njrp.cloudfront.net fonts.googleapis.com *.gist.build; worker-src 'self' s3-eu-west-1.amazonaws.com/tlb.mp.static/s/ blob:; 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' banesco.qualtrics.com; object-src 'none'; 1
default-src 'self' *.myunishippers.com https://myunishippers.com https://www.myunishippers.com; frame-src 'self' blob: *.myunishippers.com https://myunishippers.com https://service.force.com https://auth.unishippers.com https://whatfix.com https://*.whatfix.com https://transaction.hostedpayments.com *.quicksight.aws.amazon.com; img-src 'self' *.myunishippers.com https://myunishippers.com https://www.myunishippers.com https://wwex.com data: https://www.google-analytics.com https://*.gravatar.com ; script-src 'self' *.myunishippers.com https://myunishippers.com https://www.myunishippers.com 'unsafe-inline' *.force.com  *.salesforceliveagent.com https://*.whatfix.com https://whatfix.com https://www.google-analytics.com https://code.jquery.com https://wwex.com https://d758cqe2bs24d.cloudfront.net *.quicksight.aws.a2z.com blob: ; style-src 'self' 'unsafe-inline' *.force.com *.typekit.net; object-src 'none'; font-src 'self' *.typekit.net https://fonts.gstatic.com data: ; connect-src 'self' *.myunishippers.com https://www.myunishippers.com https://myunishippers.com https://nextgen-document-store-prod2-us-east-1.s3.amazonaws.com https://*.launchdarkly.com https://*.datadoghq.com https://auth.unishippers.com https://ka-f.fontawesome.com https://*.whatfix.com https://whatfix.com wss://localhost:* wss://localhost.qz.io:* *.quicksight.aws.amazon.com https://session-replay.browser-intake-datadoghq.com https://session-replay* 1
default-src https: 'self'; report-uri https://www.drlinux.no/csp-input.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hsappstatic.net cdn2.hubspot.net no-cache.hubspot.com js.hscollectedforms.net js.hscta.net api.hubapi.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hubspotfeedback.com feedback.hubapi.com js.hs-banner.com www.googletagmanager.com www.google.com app.hubspot.com www.google-analytics.com snap.licdn.com js.hs-scripts.com tribl.io j.6sc.co static.oktopost.com ssl.google-analytics.com trk.techtarget.com www.clarity.ms js.qualified.com js.zi-scripts.com okt.to googleads.g.doubleclick.net w.clarity.ms tracking.g2crowd.com js.hsforms.com js.hsforms.net www.gstatic.com 516015.fs1.hubspotusercontent-na1.net 19820949.fs1.hubspotusercontent-na1.net play.hubspotvideo.com play.vidyard.com platform.twitter.com connect.facebook.net platform.linkedin.com s3-us-west-2.amazonaws.com js.driftt.com edge.marker.io www.brighttalk.com www.recaptcha.net www.gstatic.cn embed.typeform.com code.jquery.com www.googleadservices.com;; upgrade-insecure-requests 1
frame-ancestors pms.a-premium.com pms.a-premium-test.com; 1
base-uri 'self';default-src 'none';script-src 'nonce-KGHaHw1IIe' 'unsafe-inline';style-src 'nonce-KGHaHw1IIe' *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com www.gstatic.com charts.mongodb.com *.microsoftonline.com;img-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com maps.gstatic.com *.googleapis.com maps.google.com *.ggpht.com charts.mongodb.com data: blob: *.microsoftonline.com s3.amazonaws.com *.s3.amazonaws.com;font-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com data: *.microsoftonline.com;connect-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com wss://*.assemblytoolbox.com wss://*.pusher.com wss://*.3ps.team maps.googleapis.com maps.google.com *.pusher.com expressentry.melissadata.net wss://*.chime.aws *.microsoftonline.com;worker-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com blob: *.microsoftonline.com;object-src *.3ps.app *.3ps.team *.assemblytoolbox.com assemblytoolbox.com *.microsoftonline.com;media-src *.3ps.team *.assemblytoolbox.com *.microsoftonline.com assemblytoolbox.com;frame-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com charts.mongodb.com *.microsoftonline.com;form-action 'self';frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.linkedin.oribi.io *.linkedin.com tag.clearbitscripts.com *.clearbitjs.com  js.qualified.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net *.hsforms.net *.calendly.com calendly.com static.ads-twitter.com go.gridgain.com  yastatic.net mc.yandex.ru mc.yandex.com polyfill.io widget.bugyard.io lltrck.com *.twitter.com *.bamboohr.com *.ampproject.org *.cloudflare.com agorbatchev.typepad.com  *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.google.com *.marketo.com *.marketo.net munchkin.marketo.net *.drift.com *.driftt.com *.addtoany.com *.googleadservices.com *.doubleclick.net *.webvisor.com *.sajari.com  ; frame-src 'self' *.calendly.com calendly.com *.youtube.com app.qualified.com *.hsforms.com www.googletagmanager.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.driftt.com *.addtoany.com *.marketo.com *.marketo.net *.doubleclick.net *.twitter.com www.youtube-nocookie.com *.google.com *.gridgain.com blob: https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org ; img-src 'self' 'unsafe-inline' *.bugyard.io https://mc.yandex.ru *.google-analytics.com *.google.com * data: ; connect-src 'self' https://gridgain.bamboohr.com *.sajari.net app.clearbit.com *.bugyard.io *.linkedin.oribi.io *.linkedin.com *.marketo.com wss://ws.qualified.com *.hscollectedforms.net *.hsforms.com api.hubapi.com https://mc.yandex.ru https://mc.yandex.com  *.mktoresp.com *.google-analytics.com *.google.com *.googlesyndication.com https://stats.g.doubleclick.net ; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org ;  object-src 'self'; report-uri /csp-report.php 1
default-src 'self';img-src 'self' https://cdn.dnsimple.com 1
default-src 'self' https://*.sfs.biz https://*.sfs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sapui5.hana.ondemand.com/resources/ https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.cookiebot.com https://snap.licdn.com https://analytics.tiktok.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://api.ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch; img-src 'self' data: https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://*.google-analytics.com https://www.google.com https://www.google.ch https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://*.doubleclick.net; frame-src 'self' https://api.ucalc.pro https://www.youtube.com https://irs.tools.investis.com https://www.google.com https://*.sfs.biz https://*.sfs.com https://*.cookiebot.com https://charts3.equitystory.com https://*.doubleclick.net; frame-ancestors 'self' https://*.sfsintec.biz https://sfsintec.biz https://*.sfsintec.fr https://sfsintec.fr https://*.sfsintec.co.uk https://sfsintec.co.uk https://*.sfs.biz https://*.sfs.com https://sfs.com http://sfs.com capacitor://sfs.com https://*.sfs.ch https://sfs.ch https://allchemet.ch https://*.allchemet.ch https://www.ostjob.ch http://staffbase.com capacitor://staffbase.com; font-src 'self' https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://newsletter.sfs.biz https://newsletter.dev.sfs.biz https://piwik.sfs.biz https://consentcdn.cookiebot.com https://*.ads.linkedin.com https://analytics.tiktok.com; 1
default-src 'self' data: *.coinsbee.com https://cdn.veriff.me https://*.veriff.com https://public.bnbstatic.com/ https://www.youtube-nocookie.com/ https://i.ytimg.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; child-src blob: https://mc.yandex.ru; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://mc.yandex.ru https://bitrix.info/bx_stat https://stats.g.doubleclick.net; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com https://fonts.bitrix24.ru; frame-src 'self' https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru blob: https://mc.yandex.ru https://cp.unisender.com; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://mc.yandex.ru https://cdn.bitrix24.site https://www.iqboard.su https://www.google.com; object-src ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://mc.yandex.ru https://api-maps.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.youtube.com https://cdn.bitrix24.ru https://cdn-ru.bitrix24.ru https://bitrix.info/ba.js https://*.gstatic.com https://www.google.com https://connect.facebook.net https://cp.unisender.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com https://fonts.bitrix24.ru; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dragonscave.space; img-src 'self' data: blob: https://dragonscave.space https://media.dragonscave.space; style-src 'self' https://dragonscave.space 'nonce-EXGwTBM7FUyJNkBpBQyFnQ=='; media-src 'self' data: https://dragonscave.space https://media.dragonscave.space; frame-src 'self' https:; manifest-src 'self' https://dragonscave.space; form-action 'self'; child-src 'self' blob: https://dragonscave.space; worker-src 'self' blob: https://dragonscave.space; connect-src 'self' data: blob: https://dragonscave.space https://media.dragonscave.space wss://dragonscave.space; script-src 'self' https://dragonscave.space 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://landing.weddingwire.com https://www.weddingwire.com 1
default-src 'self' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://fast.fonts.net/ https://eu5.bookingkit.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://6896ed1a7fe8514b9c830dc0f45dbf2e.widget.bookingkit.net https://eu5.bookingkit.de https://*.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https://eu5.bookingkit.de https://cdn.bookingkit.de http://webcam.wilhelma.de https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.de; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.onlineticket.wilhelma.de/ https://embed.cn.gt https://wilhelma.projekte.bauer-kirch.de/ https://www.google.com https://eu5.bookingkit.de https://www.ipg-online.com/ https://www.ipg-online.com/ https://pay.syrcon.com/*; font-src 'self' ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; manifest-src 'none' 1
default-src 'self' *.sulzer.com;                      img-src * data: blob: 'unsafe-inline' 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com http://sulzer.com *.google-analytics.com *.analytics.google.com;                      font-src 'self' data: https://fonts.gstatic.com;                      style-src 'unsafe-inline' 'self' https://fast.fonts.net;                      script-src 'unsafe-inline' 'unsafe-eval' 'self' https://go.sulzer.com/pd.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://pi.pardot.com/analytics https://go.sulzer.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnjBBxk/www-widgetapi.js https://s.ytimg.com https://cdn.cookielaw.org;                      connect-src 'self' https://www.google-analytics.com https://mybusiness.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://maps.googleapis.com *.google-analytics.com *.analytics.google.com https://geolocation.onetrust.com https://privacyportal-ch.onetrust.com https://www.google.ch;                      child-src 'self' https://www.platform-viewer.v-ex.com https://www.google.com https://sulzer.us6.list-manage.com http://www.sulzerpumpsmexico.com https://app.xtremelocator.com https://ir.tools.investis.com https://www.youtube.com http://8826991.fls.doubleclick.net/ https://sulzer-pump-types.v-ex.app/ https://app.xtremelocator.com/;                      media-src 'self' https://youtu.be https://www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'font-src' 1
object-src data: 'unsafe-eval'; 1
default-src 'self' cse.google.com; base-uri 'none'; img-src 'self' *.google.com *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com; style-src 'self' 'unsafe-inline' www.google.com; frame-src 'self' cse.google.com; font-src 'self'; frame-ancestors 'self' 1
frame-ancestors http://app.storyblok.com 1
frame-ancestors 'self' *.uob.co.th *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg https://ereport.uob.co.th https://docs.google.com https://www.youtube.com https://firebase.google.com https://www.facebook.com 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.lantmateriet.se http://*.lantmateriet.se https://wds.callguide.telia.com https://via.tt.se http://*.readspeaker.com blob: https://unpkg.com; img-src 'self' https://*.lantmateriet.se https://*.lm.se/ http://*.readspeaker.com https://js.arcgis.com/ https://via.tt.se/ https://recruit.visma.com https://matomo.lantmateriet.se https://*.episerver.net data: https://wds.ace.teliacompany.com https://www.gstatic.com https://translate.googleapis.com; frame-src 'self' mailto: http://*.lm.se https://via.tt.se https://*.lantmateriet.se https://wds.ace.teliacompany.com/ http://app-eu.readspeaker.com/ https://*.youtube.com https://*.quickchannel.com http://lantmateriverket.mynewsdesk.com/; child-src 'self' blob: http://*.lm.se https://*.lantmateriet.se blob: https://wds.ace.teliacompany.com/ https://*.youtube.com https://*.quickchannel.com; 1
script-src 'strict-dynamic' 'nonce-53ecf9036f7562ed182413356dc5d2c1' 'self'; script-src-elem 'self'; img-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'self'; default-src 'none'; object-src 'none'; frame-ancestors 'none'; form-action 'none' 1
font-src *.gstatic.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com staticw2.yotpo.com acsbapp.com cdn.acsbapp.com *.gorgias.chat *.klaviyo.com static.klaviyo.com use.fontawesome.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.googletagmanager.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com cdn.jst.ai cdn.justuno.com *.facebook.com *.facebook.net www.google.com lpcdn.lpsnmedia.net www.paypalobjects.com ssl.kaptcha.com tst.kaptcha.com va.idp.liveperson.net vars.hotjar.com va-s.c.liveperson.net *.userway.org *.gleamjs.io *.gleam.io gleam.io widget.spreaker.com www.speakpipe.com r.webeyez.com *.yotpo.com swellrewards.com *.swellrewards.com magento-cloudflare.jetrails.com www.youtube.com https://www.googletagmanager.com/ www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com a.klaviyo.com *.bing.com cdn.userway.org ct.pinterest.com *.facebook.com *.facebook.net www.google.com www.google.com.br img.youtube.com lpcdn.lpsnmedia.net services.postcodeanywhere.co.uk p.yotpo.com *.jst.ai *.ytimg.com yotpo-editor-production.s3.amazonaws.com *.gleamjs.io *.gleam.io collinstreet.com web1.acsbapp.com web.acsbapp.com *.gorgias.io images.collinstreet.com cdn.acsbapp.com *.clarity.ms *.cloudfront.net *.yotpo.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://img.youtube.com https://redchamps.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com accdn.lpsnmedia.net ajax.cloudflare.com *.jst.ai aly.justuno.com analytics.jst.ai bam.nr-data.net *.bing.com cdn.lr-ingest.io cdnjs.cloudflare.com cdn.jst.ai cdn.justuno.com cdn.userway.org ct.pinterest.com www.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.newrelic.com *.klaviyo.com lpcdn.lpsnmedia.net lptag.liveperson.net my.jst.ai my.justuno.com colli11143.pcapredict.com services.postcodeanywhere.co.uk script.hotjar.com s.pinimg.com static.hotjar.com *.yotpo.com tools.justuno.com va.v.liveperson.net *.facebook.com *.facebook.net *.gleamjs.io *.gleam.io collinstreet.com cdn.lr-in.com acsbapp.com *.gorgias.chat polyfill.io *.clarity.ms www.speakpipe.com widget.spreaker.com cdn.logrocket.io cdn.lr-in-prod.com images.collinstreet.com *.webeyez.com r.webeyez.com *.amplitude.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ ajax.googleapis.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.jst.ai *.klaviyo.com *.bootstrapcdn.com services.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com collinstreet.com www.speakpipe.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src assets.gorgias.chat http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com a.klaviyo.com aly.jst.ai analytics.jst.ai api.userway.org *.nr-data.net bat.bing.com ct.pinterest.com e.logrocket.com in.hotjar.com fast.a.klaviyo.com *.jst.ai origin-analytics-sand.sandbox.braintree-api.com payments.braintree-api.com payments.sandbox.braintree-api.com services.postcodeanywhere.co.uk r.lr-ingest.io static-forms.klaviyo.com staticw2.yotpo.com *.doubleclick.net telemetrics.klaviyo.com acsbapp.com *.acsbapp.com *.gorgias.chat api.segment.io wss://*.gorgias.chat *.googleapis.com magadmin.collinstreet.com *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com send.webeyez.com *.webeyez.com r.webeyez.com *.clarity.ms *.yotpo.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: data: http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com assets.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'            https://www.limburg.nl https://limburg.nl https://redactie-provincie-limburg.iprox.nl upgrade-insecure-requests 1
default-src 'none';script-src 'self' cdh.azureedge.net code-a.akamaihd.net b.jw-cdn.org 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com code-a.akamaihd.net b.jw-cdn.org cdh.azureedge.net www.gstatic.com;img-src 'self' cdh.azureedge.net data: hub.jw.org my.jw.org;frame-src 'self' login.ps3419.org https://www.mt2414.com https://hub.mt2414.com https://my.mt2414.com https://donate.jw.org www.google.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdh.azureedge.net code-a.akamaihd.net b.jw-cdn.org fonts.gstatic.com;connect-src 'self' fonts.googleapis.com fonts.gstatic.com cdh.azureedge.net code-a.akamaihd.net b.jw-cdn.org data: legal.jw-api.org legal-dev.jw-api.org www.google.com;base-uri 'self';form-action 'self' https://www.mt2414.com https://hub.mt2414.com https://my.mt2414.com https://donate.jw.org;frame-ancestors login.ps3419.org https://www.mt2414.com https://hub.mt2414.com https://my.mt2414.com https://donate.jw.org;manifest-src 'self';block-all-mixed-content 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b9660a8bcac260723dd44999d5cbc7af'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' http://cdwsam.com 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' blob: https://vercel.live https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://sc-static.net https://tr.snapchat.com https://www.googleadservices.com https://connect.facebook.net https://analytics.tiktok.com https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https://script.hotjar.com https://fonts.gstatic.com; connect-src 'self' *.sentry.io https://vitals.vercel-insights.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://tr.snapchat.com https://vercel.live; img-src 'self' data: https://img.youtube.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://www.google.com; frame-src 'self' https://www.youtube.com https://www.google.com https://td.doubleclick.net https://tr.snapchat.com https://vercel.live; media-src 'self' https://static.gust.edu.kw/; 1
frame-ancestors 'self'; report-uri http://www.westlake.com/report-uri/enforce 1
frame-ancestors 'self' https://urednideska.sfzp.cz 1
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleapis.com *.mapbox.com *.fontawesome.com *.googletagmanager.com *.gstatic.com *.w3.org *.amazonaws.com *.google-analytics.com *.google.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.youtube.com *.youtube-nocookie.com *.imgix.net *.ytimg.com *.doubleclick.net *.braintree-api.com *.facebook.com  *.facebook.net polyfill.io *.jsdelivr.net unpkg.com *.empirewine.com; 1
frame-ancestors 'self' https://www.databeatomni.net 1
connect-src wss://dmoj.ca wss://events.dmoj.ca 'self' https://events.dmoj.ca https://maps.googleapis.com https://sentry.io https://llandudno.algome.me https://static.dmoj.ca https://dmoj.algome.me; font-src https://cdnjs.cloudflare.com data: https://static.dmoj.ca https://dmoj.algome.me; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://en.m.wikipedia.org https://www.youtube.com https://www.google.com https://docs.google.com; img-src 'self' data: https://www.gravatar.com https://cdnjs.cloudflare.com https://llandudno.algome.me https://slack.dmoj.ca https://keybase.io https://static.dmoj.ca https://dmoj.algome.me https://camo.algome.me; object-src https://static.dmoj.ca https://dmoj.algome.me; script-src 'self' https://cdnjs.cloudflare.com https://llandudno.algome.me https://ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval' https://static.dmoj.ca https://dmoj.algome.me; style-src 'self' data: 'unsafe-inline' https://static.dmoj.ca https://dmoj.algome.me; report-uri https://sentry.io/api/189360/csp-report/?sentry_key=2d92d3bf72f34201a8fe8db99faf9364; upgrade-insecure-requests 1
"default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:" 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' inline 'unsafe-eval' https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://fimmoto.matomo.cloud/ https://public.flourish.studio/ https://cdn.picturemosaics.com/ https://www.picturemosaics.com/; script-src-attr 'self' 'unsafe-inline' inline https://maps.googleapis.com/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' inline https://fonts.googleapis.com/https://www.gstatic.com https://cdn.picturemosaics.com/; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' inline https://fonts.googleapis.com/ https://cdn.picturemosaics.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org/ https://fimmoto.matomo.cloud/ https://stats.g.doubleclick.net/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://region1.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.picturemosaics.com/ https://flo.uri.sh/ https://livemosaics.com/; img-src 'self' data: https://cdn.cookielaw.org/ https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com https://maps.googleapis.com/ https://public.flourish.studio/ https://fimmoto.matomo.cloud https://cdn.picturemosaics.com/; manifest-src 'self' ; media-src 'self'; worker-src 'self' https://www.fim-moto.com/ 1
default-src 'self'; font-src * self data:;img-src * self data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * self data:; connect-src *;  frame-src * 1
default-src 'self'; img-src 'self' data: https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms; frame-src https://www.youtube.com; connect-src https://www.google-analytics.com https://*.clarity.ms https://intouchreceipting-api.azurewebsites.net; 1
object-src 'none'; script-src 'self' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aes-ohio.com/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.plus; img-src 'self' https: data: blob: https://mstdn.plus; style-src 'self' https://mstdn.plus 'nonce-vImloL/P+IV42U9m5b3zaw=='; media-src 'self' https: data: https://mstdn.plus; frame-src 'self' https:; manifest-src 'self' https://mstdn.plus; form-action 'self'; child-src 'self' blob: https://mstdn.plus; worker-src 'self' blob: https://mstdn.plus; connect-src 'self' data: blob: https://mstdn.plus https://files.mstdn.plus wss://mstdn.plus; script-src 'self' https://mstdn.plus 'wasm-unsafe-eval' 1
frame-ancestors https://biz.teachme.jp 1
default-src 'self' *.disquscdn.com *.disqus.com disquscdn.com disqus.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data:; font-src https: data:; media-src https:; object-src https:; child-src *; 1
default-src 'self' 'unsafe-inline' data: *.1stcentralinsurance.com *.analytics-egain.com *.youtube-nocookie.com *.2o7.net *.adobedtm.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.egain.cloud *.facebook.com *.facebook.net *.feefo.com *.fontawesome.com *.frontify.com *.github.io *.google.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.instagram.com *.klick2contact.com *.omguk.com *.opendns.com *.optimizely.com *.sessioncam.com *.trustpilot.com *.twitter.com *.youtube.com *.cookielaw.org *.gbqofs.com *.gbss.io *.onetrust.com; frame-ancestors 'self' *.1stcentralinsurance.com; worker-src 'self' blob:; 1
default-src 'self' *.all-for-one.com *.e-spirit.hosting *.blue-zone.io *.all-for-one-test.monday.com *.all-for-one.monday.com embedder.app; frame-ancestors 'self' https://*.e-spirit.hosting https://all-for-one-test.monday.com https://all-for-one.monday.com https://embedder.app; media-src 'self' https://cdn.blue-zone.io https://media.blue-zone.io https://cdn.all-for-one.com https://media.all-for-one.com https://open.spotify.com https://itunes.apple.com https://allforonegroup.podcaster.de https://www.brn-ag.de; img-src 'self' data: https:; font-src *; frame-src *; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' https://www.gstatic.com *.enova.no *.enova.no/* api.enova.no localhost:* localhost:*/* www.youtube.com ssl.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net gstatic.com www.gstatic.com https://search.atom.no https://siteimproveanalytics.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.enova.no *.enova.no/* https://www.google-analytics.com localhost:* csi.gstatic.com https://www.gstatic.com gstatic.com www.gstatic.com https://*.adform.net:* https://connect.facebook.net http://www.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://code.highcharts.com http://siteimproveanalytics.com https://siteimproveanalytics.com https://track.adform.net http://track.adform.net http://www.google-analytics.com https://*.edialog24.com https://login.edialog24.com https://cdn.polyfill.io https://www.google.com www.youtube.com/ s.ytimg.com https://sjs.bizographics.com https://snap.licdn.com https://js.hs-scripts.com http://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsforms.net http://js.hsforms.net http://forms.hsforms.com https://js.hsadspixel.net https://js.hscta.net https://cta-service-cms2.hubspot.com http://cta-service-cms2.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://unpkg.com https://js.hsleadflows.net https://kommunikasjon.ntb.no http://kommunikasjon.ntb.no https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hsleadflows.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://share-eu1.hsforms.com https://js-eu1.hsforms.net/forms/ http://js-eu1.hsforms.net/forms/embed/v2.js https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net;object-src 'self' *;style-src 'self' 'unsafe-inline' https://www.gstatic.com fonts.googleapis.com https://*.adform.net:* https://tagmanager.google.com;img-src 'self' * data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com;media-src 'self' *;frame-src 'self' *.doubleclick.net https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://issuu.com https://code.highcharts.com https://js.hscollectedforms.net https://forms.hsforms.com https://consentcdn.cookiebot.com https://res.cloudinary.com https://kommunikasjon.ntb.no https://share-eu1.hsforms.com https://forms-eu1.hsforms.com;font-src * data:;connect-src 'self' https://www.google-analytics.com *.enova.no localhost:* http://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com https://api.ducky.eco https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://consentcdn.cookiebot.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net https://cdn.linkedin.oribi.io https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://forms-eu1.hubspot.com/lead-flows-config/ https://api-eu1.hubapi.com/hs-script-loader-public/ https://share-eu1.hsforms.com https://forms-eu1.hsforms.com/embed/v3/form/ https://forms-eu1.hsforms.com/emailcheck/ https://region1.google-analytics.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com/wa/;base-uri 'self';child-src 'self' *;form-action 'self' *.enova.no localhost:* www.facebook.com www.anpdm.com https://forms.hsforms.com https://forms-eu1.hsforms.com;frame-ancestors 'self' www.enova.no *.enova.no localhost:* *.doubleclick.net/;block-all-mixed-content;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com www.blacknet.co.il *.fontawesome.com maps.googleapis.com www.google.com cdn.jsdelivr.net *.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net www.blacknet.co.il *.gstatic.com;img-src 'self' data: www.blacknet.co.il *.gstatic.com *.googleapis.com; 1
img-src 'self' data: *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net https://www.googleapis.com https://*.appgrade34.it/ https://www.googletagmanager.com https://*.googleapis.com *.gstatic.com *.iubenda.com *.zopim.com *.zdassets.com *.linkedin.com *.bing.com *.clarity.ms *.facebook.com https://via.placeholder.com https://light.appgrade34.it/ https://www.enegan.it/ https://www.enegan.it/;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.iubenda.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com *.google.com *.google.it *.googleadservices.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com https://www.gstatic.com;script-src-elem 'self' 'unsafe-inline' *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.iubenda.com https://www.googletagmanager.com https://*.googleapis.com https://*.stripe.com *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://xcally.enegan.it https://www.gstatic.com;script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com *.iubenda.com;connect-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://light.appgrade34.it/ https://*.zendesk.com https://*.iubenda.com https://*.zdassets.com https://*.clarity.ms https://*.addthis.com https://xcally.enegan.it ws:;frame-src 'self' https://*.google.com https://*.google.it https://*.stripe.com https://*.facebook.com https://*.youtube.com https://*.youtube-nocookie.com/ https://*.addthis.com https://widgets.sociablekit.com https://xcally.enegan.it;frame-ancestors 'self' https://light.appgrade34.it/;media-src 'self' https://static.zdassets.com/ https://light.appgrade34.it/;form-action 'self' https://*.facebook.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankclubcasino.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankclubcasino.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankclubcasino.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-AIMS0Kwu0NCRnkSqx0z+UA==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankclubcasino.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.foodlog.nl https://agrifoodnetworks.org 1
frame-ancestors 'self' https://admin.vitrine.ynov.com; 1
default-src 'self'; frame-ancestors 'self' https://*.aon.bz https://aonverzekering.nl https://*.aonverzekeringen.nl https://iak.nl https://*.iak.nl https://*.meeus.com https://meeus.com https://*.nkc.nl https://nkc.nl; img-src 'self' https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.facebook.com/tr https://ad.doubleclick.net https://px.ads.linkedin.com storage.googleapis.com/storyteq-content-delivery-pqenr3o6/ prd.jwpltx.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; worker-src 'self' blob: https://www.aonverzekeringen.nl; style-src 'self' 'unsafe-inline' https://www.aonverzekeringen.nl fast.fonts.net https://fonts.googleapis.com https://storage.googleapis.com/storyteq-video-player/dist/video-js.min.css https://storage.googleapis.com/storyteq-video-player/dist/video-js-theme.min.css https://tagmanager.google.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; font-src 'self' https://www.aonverzekeringen.nl fast.fonts.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io data: https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.aonverzekeringen.nl https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://js-agent.newrelic.com https://bam.nr-data.net https://cloudstatic.obi4wan.com https://*.pusher.com https://connect.facebook.net https://fls.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://ad.doubleclick.net https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://storage.googleapis.com/storyteq-video-player/dist/storyteq-video-player.min.js https://content.jwplatform.com/libraries/oNX7JPx1.js https://ssl.p.jwpcdn.com/player/v/ https://bat.bing.com https://www.google.com/pagead/conversion_async.js https://*.adform.net https://*.cookielaw.org https://*.onetrust.com https://www.googleoptimize.com https://optimize.google.com https://cdn.linkedin.oribi.io https://*.aonverzekeringen.nl https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.live.wem.io; connect-src 'self' ws: https://www.aonverzekeringen.nl https://api.aonverzekeringen.nl *.hotjar.com *.hotjar.io https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://bam.nr-data.net https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://obipubvideo.s3.eu-central-1.amazonaws.com https://app.obi4wan.ai https://stats.g.doubleclick.net api.storyteq.com/ https://bat.bing.com https://*.cookielaw.org https://*.onetrust.com https://optimize.google.com https://cdn.linkedin.oribi.io https://*.aonverzekeringen.nl https://*.visualwebsiteoptimizer.com https://*.vwo.com; media-src storage.googleapis.com/storyteq-content-delivery-pqenr3o6/; frame-src 'self' https://*.aonverzekeringen.nl https://*.nkc.nl https://www.finly.nl https://*.nl.aon.bz *.aon.nl *.aondirect.nl https://*.hotjar.com https://*.hotjar.io https://*.youtube-nocookie.com https://meeus.webpower.eu https://players.brightcove.net https://*.fls.doubleclick.net https://mijnschademelding-accp.mendixcloud.com/SSO/ https://mijnschademelding.mendixcloud.com/ https://iam.aon.com/app/aon_cedmyconnectaccp_1/exk74j30d2Fu6sksU357/sso/saml https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.live.wem.io https://*.vwo.com; form-action 'self' https://mijnschademelding-test.mendixcloud.com/login/ https://mijnschademelding-accp.mendixcloud.com/login/ https://mijnschademelding.mendixcloud.com/login/ https://ced-schademelding-accp.aonverzekeringen.nl/login/ https://ced-schademelding.aonverzekeringen.nl/login/ https://ced-schademelding-test.nkc.nl/login/ https://ced-schademelding-accp.nkc.nl/login/ https://ced-schademelding.nkc.nl/login/ https://ced-schademelding-accp.aonverzekeringen.nl/preflight/ https://ced-schademelding.aonverzekeringen.nl/preflight/ https://ced-schademelding-test.nkc.nl/preflight/ https://ced-schademelding-accp.nkc.nl/preflight/ https://ced-schademelding.nkc.nl/preflight/; object-src 'none'; base-uri https://www.aonverzekeringen.nl 1
default-src 'self' *rokt.com *.rokt.com/wsdk/controller/index.html *.rokt.com/wsdk/plugin-runtime/index.html *.rokt.com/wsdk/plugins/widget/index.html *.rokt.com/wsdk/plugins/dcui/index.html *.paypalobjects.com *.monetate.net www.google.com *.paypal.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.addthis.com *.facebook.com *.twitter.com *.emarsys.net *.google.com *.onetrust.com *.onetrust.io *.criteo.net;  script-src 'self' *rokt.com *.rokt.com/integrations/launcher.js *.rokt.com/store/js/gtm_wrapper.min.js *.paypalobjects.com *.youtube.com *.googletagmanager.com *.paypal.com *.monetate.net *.cquotient.com *.cloudflare.com unpkg.com *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com int-ds-shared-1.monetate.org localhost:2323 *.webgains.com *.webgains.io polyfill.io www.instagram.com *.salon-services.com *.addthis.com *.addthisedge.com *.moatads.com *.twitter.com *.webgains.com *.webgains.io *.emarsys.net *.sallyexpress.com *.onetrust.com *.onetrust.io *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' *.rokt.com *.paypal.com *.monetate.net *.salesforce.com www.paypalobjects.com *.demandware.net *.bing.com www.google.com www.google.com.ua www.google-analytics.com maps.gstatic.com maps.googleapis.com *.salon-services.com *.feefo.com *.cloudfront.net *.trustedshops.com *.mondialrelay.com *.tapad.com *.criteo.com *.smaato.net *.yieldmo.com *.rubiconproject.com *.advertising.com *.mgid.com *.liadm.com *.yahoo.com *.openx.net *.addthis.com *.doubleclick.net *.outbrain.com *.yieldlab.net *.bidswitch.net *.smartadserver.com *.3lift.com *.taboola.com *.360yield.com *.teads.tv *.pubmatic.com *.casalemedia.com *.mgid.com *.media.net *.omnitagjs.com *.adform.net *.twiago.com *.adnxs.com *.adscale.de *.socdm.com *.sharethrough.com *.stickyadstv.com *.rlcdn.com *.ivitrack.com *.e-planning.net *.smartclip.net *.ad-stir.com *.clmbtech.com *.tremorhub.com *.demdex.net *.postrelease.com *.facebook.com *.google.com *.openstreetmap.org *.aralego.com *.bluekai.com *.adsrvr.org *.ants.vn *.krxd.net *.mediavine.com *.microad.jp *.agkn.com *.emarsys.net *.crazyegg.com *.bluekai.com *.gstatic.com *.clarity.ms id5-sync.com *.dmxleo.com *.thebrighttag.com *.crwdcntrl.net data:;  font-src 'self' *.rokt.com *.paypal.com *.monetate.net *.googleapis.com *.gstatic.com *.cdn-apple.com data:;  style-src 'self' *.rokt.com *.paypal.com 'unsafe-inline' *.feefo.com *.monetate.net *.googleapis.com unpkg.com *.mondialrelay.com *.worldpay.com;  connect-src 'self' *.google.com *.onetrust.io *.paypal.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.webgains.com *.webgains.io *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=14fg35hiqu8eq&partner=; 1
default-src 'self' www.gravatar.com *.flickr.com player.vimeo.com *.vimeocdn.com *.cloudfront.net login.windows.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.siteimproveanalytics.com siteimproveanalytics.com *.flickr.com *.geodataoverijssel.nl;style-src  'self' 'unsafe-inline';img-src 'self' blob: data: i.ytimg.com *.vimeocdn.com 6011273.global.siteimproveanalytics.io live.staticflickr.com *.flickr.com dashboard.umbraco.com;frame-src 'self' overijssel.maps.arcgis.com www.youtube-nocookie.com player.vimeo.com *.cloudfront.net *.geodataoverijssel.nl toegankelijkheidsverklaring.nl/files/verklaring experience.arcgis.com/experience/;font-src 'self' data:;report-uri https://e4044bdf33a4c10e6f7e8a355b831229.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' http://*.restockit.com https://*.restockit.com 1
default-src 'self' data: *.dfi.com;img-src 'self' data: *.dfi.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.com *.lfeeder.com *.google.com *.google.com.tw *.ytimg.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hubspotusercontent10.net *.googletagmanager.com *.zoominfo.com; frame-src 'self' *.dfi.com *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.linkedin.com *.hubspot.com *.doubleclick.net *.infogram.com js.driftt.com 8330016.hs-sites.com dfi-8330016.hs-sites.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.dfi.com *.googleapis.com *.gstatic.com *.doubleclick.net *.cloudflare.com; font-src 'self' *.dfi.com *.gstatic.com *.doubleclick.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dfi.com www.dfi-itox.com *.google.com *.google-analytics.com *.googleapis.com www.gstatic.com *.linkedin.com *.cloudflare.com onesignal.com *.onesignal.com *.infogram.com js.hs-scripts.com www.googletagmanager.com snap.licdn.com lftracker.leadfeeder.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.hsadspixel.net *.hubspot.com www.googleadservices.com www.youtube.com  *.doubleclick.net geolocation-db.com *.hs-scripts.com js.usemessages.com *.zoominfo.com js.driftt.com; connect-src 'self' *.dfi.com *.hubspot.com  *.hsforms.com *.hubapi.com *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.infogram.com ws.zoominfo.com cdn.linkedin.oribi.io forms.hscollectedforms.net; frame-ancestors 'self' www.dfi.com www.dfi.com.tw dfi.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; object-src 'none'; img-src 'self' https: data:; frame-ancestors 'none'; base-uri 'none'; form-action 'self' https://analyze.file.org/analyze/it; 1
default-src 'none'; script-src https://results-santiago2023.org https://back.results-santiago2023.org https://www.googletagmanager.com https://*.google-analytics.com; img-src https://results-santiago2023.org https://santiago2023.org https://back.results-santiago2023.org https://*.google-analytics.com https://*.googletagmanager.com https://wrs-panam2023-resources.s3.us-west-2.amazonaws.com data:; style-src https://results-santiago2023.org https://cdn.jsdelivr.net 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com ; font-src https://results-santiago2023.org https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src wss://results-santiago2023.org https://results-santiago2023.org https://back.results-santiago2023.org https://event3.tractrac.com https://wrs-panam2023-resources.s3.us-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; object-src https://results-santiago2023.org https://back.results-santiago2023.org; form-action 'none'; frame-ancestors; 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval' edge.api.brightcove.com viz.tools.investis.com bam.nr-data.net stats.g.doubleclick.net unpkg.com rtb.adgrx.com api.datatrac.net cdn.jsdelivr.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.luckyorange.com  *.azcentralcu.org ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com googleapis.com tag.simpli.fi google.com linkedin.com i.simpli.fi bam.nr-data.net www.google-analytics.com unpkg.com rtb.adgrx.com fs26.formsite.com www.luckyorange.com pubsub.googleapis.com tools.luckyorange.com *.azcentralcu.org in.visitors.live; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com azcentralcuv1.locatorsearch.com fs26.formsite.com www.facebook.com www.luckyorange.com; child-src blob: ; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.luckyorange.com pubsub.googleapis.com wss://realtime.luckyorange.com in.visitors.live wss://in.visitors.live stats.g.doubleclick.net edge.api.brightcove.com viz.tools.investis.com in.visitors.live edge.api.brightcove.com api.datatrac.net analytics.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' http://ravelin.lookbookhq.com https://ravelin.lookbookhq.com http://ravelin.pathfactory.com https://ravelin.pathfactory.com http://resources.ravelin.com https://resources.ravelin.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.cz https://www.myheritage.cz  'nonce-eec2f3acfa962846966980627322e117' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.cz;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors https://frosttreasuryconnect.com https://frostconnect.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.gstatic.com https://*.oracleinfinity.io https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://pixel.mathtag.com https://*.hotjar.com https://tags.bkrtx.com https://tags.tiqcdn.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google.com https://*.hotjar.io https://*.googlesyndication.com https://www.google.co.ve https://www.google.com.co https://api.ipify.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://cdnjs.cloudflare.com https://*.hotjar.com; frame-src 'self' data: '' atlassian-companion: https://*.doubleclick.net https://www.google.com https://*.fls.doubleclick.net https://pixel.mathtag.com https://pixel.sitescout.com https://stags.bluekai.com https://www.youtube.com; img-src 'self' data: https://*.doubleclick.net https://*.google.com https://*.oracleinfinity.io https://googleads.g.doubleclick.net https://pixel.mathtag.com https://pixel.sitescout.com https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.google.co.in https://www.google.co.ve https://www.google.com.co https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://64e7a95215b491ee72711e4f.endpoint.csper.io; worker-src 'none'; 1
default-src 'self' https://measure.microsoft.com/ https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://destinilocators.com/ https://www.google-analytics.com/analytics.js  https://www.facebook.com/ https://www.facebook.com/tr/  https://az416426.vo.msecnd.net/ https://vjs.zencdn.net/ https://www.googletagmanager.com/gtm.js  https://connect.facebook.net/ https://www.kerrygoldusa.com https://cdnjs.cloudflare.com/ajax/libs/ https://cdn.polyfill.io/ https://www.atmrum.net/ https://prodcdn2.kerrygoldusa.com/ https://ajax.googleapis.com/ https://prodcdn1.kerrygoldusa.com/ https://player.vimeo.com/api/player.js https://www.atmrum.net/rum.js https://api.dataships.io/ https://consentcdn.cookiebot.com/ https://app.dataships.io/ https://consent.cookiebot.com/ 'unsafe-inline' 'unsafe-eval' ; frame-src 'self' https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://app.dataships.io/ https://kerrygoldna.freshdesk.com/ http://destinilocators.com/ https://player.vimeo.com/ https://5303105.fls.doubleclick.net/ https://www.facebook.com/ https://www.youtube.com/ https://consentcdn.cookiebot.com/ ; font-src 'self' data: https://prodcdn1.kerrygoldusa.com/ https://prodcdn2.kerrygoldusa.com/ https://precdn2.kerrygoldusa.com/ https://precdn1.kerrygoldusa.com/ ; connect-src 'self' *.measure.microsoft.com *.azr.footprintdns.com https://us-central1-adaptive-growth.cloudfunctions.net/ https://www.facebook.com/tr/ https://googleads.g.doubleclick.net/ https://consentcdn.cookiebot.com/ https://dc.services.visualstudio.com/ https://www.google.com/ https://api.openweathermap.org/ https://stats.g.doubleclick.net/ http://www.atmrum.net/ http://www.google-analytics.com/ https://www.instagram.com/kerrygoldusa/; img-src 'self' * https://www.google.com.br/ads/ https://01e35b7a33c52bcc1d5d8a6d4d2fd4da.azr.footprintdns.com/ https://www.google-analytics.com/ https://www.google.com/ https://secure.gravatar.com/ https://7ea45cffe016e11864b587151990bf36.azr.footprintdns.com/ https://f510e691dad8cfb5d6f40fc60f48356e.azr.footprintdns.com https://www.facebook.com/ https://precdn1.kerrygoldusa.com/ https://precdn2.kerrygoldusa.com/ https://prodcdn1.kerrygoldusa.com/ https://prodcdn2.kerrygoldusa.com/ data: ; style-src-elem 'self' https://best4u.md/ https://prodcdn1.kerrygoldusa.com/ https://prodcdn2.kerrygoldusa.com/ https://precdn2.kerrygoldusa.com/ https://precdn1.kerrygoldusa.com/  https://assets.freshdesk.com/ http://vjs.zencdn.net/7.3.0/video-js.min.css 'unsafe-inline'; media-src 'self' https://prodcdn1.kerrygoldusa.com/ https://prodcdn2.kerrygoldusa.com/ https://precdn2.kerrygoldusa.com/ https://precdn1.kerrygoldusa.com/ ; script-src-elem 'self' https://cdn.pdst.fm/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://prodcdn1.kerrygoldusa.com/ https://prodcdn2.kerrygoldusa.com/ https://precdn2.kerrygoldusa.com/ https://precdn1.kerrygoldusa.com/ https://api.dataships.io/ https://assets.freshdesk.com/ http://destinilocators.com/kerrygold/ http://destinilocators.com/ https://ajax.googleapis.com/ajax/libs/ http://cdnjs.cloudflare.com/ajax/libs/ http://www.atmrum.net/client/ https://connect.facebook.net/ http://www.google-analytics.com/ https://az416426.vo.msecnd.net/scripts/ http://www.googletagmanager.com/ https://www.atmrum.net/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ https://cdn.polyfill.io/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; default-src 'self'; script-src 'self' https://matomo.stodlinjen.se; script-src-elem 'self' https://matomo.stodlinjen.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://*.stodlinjen.se; font-src 'self' data:; connect-src 'self' https://api.stodlinjen.se https://matomo.stodlinjen.se; frame-ancestors 'none'; form-action 'self' *.stodlinjen.se 1
frame-ancestors *.jogos123.net jogos123.net; 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src http: https: 'unsafe-inline'; img-src http: https: data:; object-src 'none'; 1
default-src *.aiaibot.com https://*.akb.ch http://domtracd.main.agkb.ch/; img-src data: https://*.google.ch https://px.ads.linkedin.com https://*.cloudfront.net https://www.facebook.com/tr/ https://*.akb.ch https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://cdn.cookielaw.org; script-src 'unsafe-inline' 'unsafe-eval' https://api.mailxpert.ch/ https://chat.aiaibot.com https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js https://bat.bing.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.googleadservices.com https://snap.licdn.com https://*.akb.ch https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://www.contovista.com https://www.newhome.ch https://www.facebook.com/tr/ https://connect.facebook.net https://nl.mailxpert.ch https://cdn.cookielaw.org https://irewind.com/vue/loaders/loader-general.js; frame-src https://live.brame-gamification.com/ *.aiaibot.com https://player.podigee-cdn.net/podcast-player/ https://player.vimeo.com/video/ https://www.facebook.com https://open.spotify.com https://*.akb.ch https://*.cashgate.ch https://www.newhome.ch https://www.companymarket.ch https://b2c-stage.extranet.netcetera.biz/ https://b2c-prod.netcetera.ch https://www.youtube.com https://www.youtube-nocookie.com/ https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://my.matterport.com/show/ https://static.matterport.com/showcase https://360.newhome.ch https://embed.podcasts.apple.com https://nl.mailxpert.ch https://sra.logismata.ch/ https://irewind.com/; style-src 'unsafe-inline' 'unsafe-eval' https://api.aiaibot.com/ https://*.akb.ch https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css; font-src https://*.akb.ch https://fonts.gstatic.com; connect-src https://*.googleapis.com https://api.aiaibot.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://anchor.fm https://*.akb.ch https://*.google.com https://www.contovista.com https://akb.abacuscity.ch https://cdn.cookielaw.org https://*.onetrust.com; child-src blob: https://*.akb.ch; media-src blob: https://*.cloudfront.net https://anchor.fm https://*.akb.ch; frame-ancestors https://www.jobs.ch https://*.akb.ch https://jobs.nzz.ch/; form-action https://*.akb.ch https://www.facebook.com/tr/ https://*.bankinghub.swisscom.ch; 1
frame-ancestors https://*.salaryfinance.com 1
default-src https: data: 'self'; script-src https: data: 'self' 'unsafe-inline'; style-src https: data: 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudflare.com www.googletagmanager.com *.cookielaw.org/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com ltassets.blob.core.windows.net cdn.loyaltr.ee http://cdn.loyaltr.ee/mobile track.hubspot.com *.gravatar.com *.amazonaws.com *.cookielaw.org/; media-src 'self' data: blob:; child-src 'self' td.doubleclick.net https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' geolocation.onetrust.com google-analytics.com analytics.google.com stats.g.doubleclick.net accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.facebook.com cors-anywhere.herokuapp.com *.cookielaw.org/; 1
default-src  'self' 'unsafe-inline'; font-src fonts.gstatic.com fonts.googleapis.com static.hotjar.com 'self'; child-src  'self'; connect-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://zorgverzekeraarzz--acc.sandbox.lightning.force.com/ wss://*.hotjar.com/ https://*.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://service.zorgenzekerheid.nl https://*.hotjar.com/ https://vc.hotjar.io/ 'self'; frame-src https://www.thuisarts.nl/ https://www.pingvp.com/ https://www.kraamzorg.nl/ https://zorg-en-zekerheid.nodum.io/ https://www.kraamzorgdewaarden.nl/ vars.hotjar.com https://optimize.google.com www.googletagmanager.com *.doubleclick.net 'self'; frame-ancestors  'self'; img-src https://www.independer.nl/ https://apps.zorgenzekerheid.nl/ stats.g.doubleclick.net https://*.googletagmanager.com maps.gstatic.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google-analytics.com https://www.pingvp.com/ *.hotjar.com https://www.google.com/ https://www.google.nl/ https://bat.bing.com/ 'self' data:; media-src https://zorgenzekerheid.pingvp.com/ 'self'; object-src  'self'; script-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://*.googletagmanager.com optimize.google.com fonts.googleapis.com www.google-analytics.com maps.googleapis.com *.hotjar.com stats.g.doubleclick.net bat.bing.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://www.pingvp.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 1
connect-src 'self' 'unsafe-inline' *.algolia.net *.algolianet.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://noembed.com https://payments.blackbaud.com/api/Checkout *.blackbaud.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com *.contentstack.io https://pagead2.googlesyndication.com *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://code.jquery.com s3.amazonaws.com https://payments.blackbaud.com *.blackbaud.com https://www.google.com https://maps.gstatic.com *.gstatic.com *.doubleclick.net *.facebook.net *.paypal.com https://chimpstatic.com/ https://js.adsrvr.org *.paypalobjects.com https://pagead2.googlesyndication.com *.googlesyndication.com https://netlify-cdp-loader.netlify.app; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://payments.blackbaud.com *.blackbaud.com https://stackpath.bootstrapcdn.com cdn-images.mailchimp.com; img-src 'self' https://images.contentstack.io *.contentstack.io https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://maps.gstatic.com https://img.youtube.com https://i.vimeocdn.com https://maps.googleapis.com *.google-analytics.com *.paypal.com *.google.com *.google.com.au *.facebook.com data:; base-uri 'self';, font-src https://fonts.gstatic.com https://fonts.googleapis.com data:;, sandbox allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox allow-downloads; 1
default-src 'self' *.etka.com *.etka.com.cn *.etkainfo.com *.etkainfo.com.cn; style-src 'self' 'unsafe-inline' *.etka.com *.etka.com.cn *.etkainfo.com *.etkainfo.com.cn; img-src 'self' *.etka.com *.etka.com.cn *.etkainfo.com *.etkainfo.com.cn data: 1
default-src 'self'; script-src d261gr3au1t5i0.cloudfront.net s3.amazonaws.com/scripts.static.steveweissmusic.com/ ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.paypal.com js-agent.newrelic.com 'unsafe-inline'; style-src 'unsafe-inline' s3.amazonaws.com/styles.static.steveweissmusic.com/ d261gr3au1t5i0.cloudfront.net; font-src d261gr3au1t5i0.cloudfront.net; img-src 'self' d261gr3au1t5i0.cloudfront.net s3.amazonaws.com/images.static.steveweissmusic.com/ s3.amazonaws.com/cdn.steveweissmusic.com/ s3.amazonaws.com/scripts.static.steveweissmusic.com/ i.ytimg.com www.google-analytics.com www.googletagmanager.com img.youtube.com www.gravatar.com; connect-src 'self' *.google-analytics.com analytics.google.com *.googletagmanager.com s3.amazonaws.com/scripts.static.steveweissmusic.com/ *.paypal.com bam.nr-data.net; frame-src www.youtube.com *.paypal.com 'self'; frame-ancestors 'none'; media-src s3.amazonaws.com/downloads.static.steveweissmusic.com/; report-uri https://steveweissmusic.report-uri.com/r/t/csp/enforce 1
default-src 'none'; img-src 'self' data: https://www.aquanet.pl https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://i.ytimg.com https://tile.openstreetmap.org https://cdn.cai.tools.sap; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://aquanetcai-mzl3k91n.sapcai.eu10.hana.ondemand.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://aquanetcai-mzl3k91n.sapcai.eu10.hana.ondemand.com; form-action 'self'; base-uri 'self'; frame-src https://www.youtube.com https://skk.erecruiter.pl; frame-ancestors 'self' 1
default-src 'self' 'nonce-1680580137' https://*.botguard.net https://*.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://calendly.com https://*.calendly.com; connect-src 'self' wss://botguard.net https://*.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.hotjar.io wss://*.hotjar.com https://*.calendly.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.tawk.to https://*.calendly.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://*.tawk.to https://*.calendly.com; img-src 'self' data: https://*.botguard.net https://*.google.com https://*.doubleclick.net https://*.tawk.to https://*.calendly.com; frame-src https://calendly.com https://*.doubleclick.net; frame-ancestors * 1
frame-ancestors https://utabcm.unitedtranzactions.com 1
default-src 'self' *.optimizely.com wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
default-src 'self' *.infogram.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com api.openweathermap.org worldtimeapi.org migs.mastercard.com.au data:; img-src 'self' chart.googleapis.com data:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 1
default-src 'self' *.jquery.com *.googleapis.com *.jquery.com *.vimeo.com; connect-src *; script-src * https://www.googletagmanager.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; img-src * 'self' blob: data: https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.sharethis.com *.jquery.com https://cs-cdn.realpage.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' app.hubspot.com *.sharethis.com *.google.com *.vimeo.com https://www.youtube.com/ https://player.vimeo.com/; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.tandarts.nl *.googleadservices.com *.jquery.com unpkg.com *.google.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.gstatic.com *.tandarts.nl; img-src 'self' *.gstatic.com *.mondzorgflexpool.nl *.googleapis.com *.google-analytics.com *.tandarts.nl *.doubleclick.net *.google.com *.google.nl *.google.ro *.google.be *.google.de *.googletagmanager.com *.vimeocdn.com data:; frame-src 'self' *.tandarts.nl *.vimeo.com *.youtube.com https://static.mailerlite.com/ *.googletagmanager.com *.google.com; child-src 'self' *.tandarts.nl *.vimeo.com *.youtube.com; font-src 'self' *.fontawesome.com *.gstatic.com *.tandarts.nl data:; connect-src 'self' *.google-analytics.com *.doubleclick.net *.googleapis.com *.tandarts.nl *.googletagmanager.com *.google.com; report-uri /report-csp-violation 1
font-src *.gstatic.com *.googleapis.com *.addthis.com *.typekit.net maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.google.co.in googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.experticity.com player.vimeo.com *.paypal.com maps.googleapis.com www.facebook.com *.zinrelo.com certcapture-sandbox-versioned.s3.amazonaws.com www.google-analytics.com cdnjs.cloudflare.com app.powerbi.com acs.capitalone.com pixel.bdex.com dpm.demdex.net *.attn.tv amcglobal.sc.omtrdc.net events.attentivemobile.com *.cardinalcommerce.com *.cybersource.com localhost:* www.cognitoforms.com cardinalcommerceprod.jfrog.io ics2ws.in.ic3.com acs.upc.ua wufoo.com *.wufoo.com *.arcot.com mycardsecure.com www.rsa3dsauth.com tsys.arcot.com secureshopping.usaa360.com dsec.visa3dsecure.com aacsw.3ds.verifiedbyvisa.com mcdirectory.securecode.com dsum-sec.casalemedia.com *.americanexpress.com apitest.cybersource.com bid.g.doubleclick.net us8.api.mailchimp.com mailchimp.com cm.everesttech.net cdn.klarna.com meetanshi.com insight.adsrvr.org *.tiqcdn.com cm.g.doubleclick.net pixel.rubiconproject.com ups.analytics.yahoo.com petal-vbv.mycardplace.com acs.sibs.pt 3ds.sia.eu acs.alfabank.ru esecure.sia.eu:443 3ds-n2.nbg.gr acs2.3ds.modirum.com match.adsrvr.org www.buzzsprout.com 3ds.borica.bg www.securesuite.co.uk ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com acs2-3dsecure.cm-cic.com belgium-3ds-bxl.wlp-acs.com acs.touch.tech secure-acs2ui-b1-indblr-blrtdc.wibmo.com acs.ababank.com:9669 mc.us8.list-manage.com 3dsecure.bnpparibas.pl ecom.eglobal.com.mx www.rsa3dsauth.co.uk bat.bing.com downloads.mailchimp.com clarity.microsoft.com www.mycardsecure.com www.intentiq.com *.intentiq.com *.3dlook.me ws.zoominfo.com 40urvooct7.execute-api.us-east-1.amazonaws.com adservice.google.com ansimclick.hyundaicard.com *.apac.citibank.com acs2.nedsecure.co.za *.aptrinsic.com creatives.attn.tv netsafe.hdfcbank.com 3dsec.postfinance.ch acs-jcn.dnp-cdms.jp *.mountain.com *.steelhousemedia.com *.adsrvr.org *.agkn.com *.rlcdn.com *.clickagy.com clickagy.com *.bluekai.com sync.crwdcntrl.net pixel-sync.sitescout.com acs2.gpesecure.com www.acs3d.fisc.com.tw usermatch.krxd.net ads.scorecardresearch.com amc.demdex.net acs1.3dsecure.no acs.americanexpress.com.sa ds.pkobp.pl 3ds.kredobank.com.ua 3ds2-idcheck.acdcproc.com 3ds.tapngo.com.hk obs3dsg2.uobgroup.com 3ds-challenge.n26.com shareasale.com shareasale-analytics.com apc01.safelinks.protection.outlook.com www.dwin1.com acsabsa.bankserv.co.za 3ds.oschadbank.ua acs4.privatbank.ua *.googletagmanager.com zapier.com 3dssg.ocbc.com *.redditinc.com *.redditstatic.com *.reddit.com acs.swisscard.ch *.exelator.com/ *.addthis.com *.govx.com bidagent.xad.com pippio.com cm.g.dobuleclick.net powebtraffic.crm.powerobjects.net *.cloudfront.net *.simpli.fi 34.215.155.61 100.20.58.101 44.228.85.26 35.85.84.151 *.captcha-delivery.com *.certcapture.com wearvertx.us8.list-manage.com vimeo.com td.doubleclick.net http://vertx.com */is www.upsellit.com api.bounce-commerce.de smct.co *.amazonaws.com *.googlesyndication.com *.avatax.com *.sharethrough.com *.locally.com 52.39.173.161 52.34.31.152 52.37.204.215 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com *.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com vertx.com www.google.co.in googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.experticity.com www.google.com *.paypal.com *.tiqcdn.com www.gstatic.com wufoo.com vimeo.com *.googleapis.com www.facebook.com *.zinrelo.com certcapture-sandbox-versioned.s3.amazonaws.com www.google-analytics.com cdnjs.cloudflare.com *.powerbi.com *.capitalone.com *.githubusercontent.com *.bdex.com *.demdex.net *.attn.tv amcglobal.sc.omtrdc.net *.attentivemobile.com *.cardinalcommerce.com *.cybersource.com localhost:* www.cognitoforms.com cardinalcommerceprod.jfrog.io ics2ws.in.ic3.com acs.upc.ua *.wufoo.com mycardsecure.com www.rsa3dsauth.com *.arcot.com secureshopping.usaa360.com *.visa3dsecure.com aacsw.3ds.verifiedbyvisa.com mcdirectory.securecode.com dsum-sec.casalemedia.com acs-safekey.americanexpress.com apitest.cybersource.com us8.api.mailchimp.com mailchimp.com cm.everesttech.net *.klarna.com meetanshi.com insight.adsrvr.org cm.g.doubleclick.net pixel.rubiconproject.com ups.analytics.yahoo.com petal-vbv.mycardplace.com *.americanexpress.com acs.sibs.pt 3ds.sia.eu acs.alfabank.ru esecure.sia.eu:443 3ds-n2.nbg.gr acs2.3ds.modirum.com match.adsrvr.org www.buzzsprout.com 3ds.borica.bg www.securesuite.co.uk ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com acs2-3dsecure.cm-cic.com belgium-3ds-bxl.wlp-acs.com acs.touch.tech secure-acs2ui-b1-indblr-blrtdc.wibmo.com acs.ababank.com:9669 mc.us8.list-manage.com 3dsecure.bnpparibas.pl ecom.eglobal.com.mx www.rsa3dsauth.co.uk bat.bing.com downloads.mailchimp.com *.microsoft.com www.mycardsecure.com www.intentiq.com *.intentiq.com *.3dlook.me ws.zoominfo.com 40urvooct7.execute-api.us-east-1.amazonaws.com adservice.google.com ansimclick.hyundaicard.com *.apac.citibank.com acs2.nedsecure.co.za esp.aptrinsic.com *.aptrinsic.com creatives.attn.tv netsafe.hdfcbank.com 3dsec.postfinance.ch acs-jcn.dnp-cdms.jp *.mountain.com *.steelhousemedia.com *.adsrvr.org *.agkn.com *.rlcdn.com *.clickagy.com clickagy.com *.bluekai.com sync.crwdcntrl.net pixel-sync.sitescout.com acs2.gpesecure.com www.acs3d.fisc.com.tw *.krxd.net ads.scorecardresearch.com amc.demdex.net acs1.3dsecure.no acs.americanexpress.com.sa ds.pkobp.pl 3ds.kredobank.com.ua 3ds2-idcheck.acdcproc.com 3ds.tapngo.com.hk obs3dsg2.uobgroup.com 3ds-challenge.n26.com shareasale.com shareasale-analytics.com apc01.safelinks.protection.outlook.com www.dwin1.com acsabsa.bankserv.co.za 3ds.oschadbank.ua acs4.privatbank.ua *.googletagmanager.com zapier.com 3dssg.ocbc.com *.redditinc.com *.redditstatic.com *.reddit.com acs.swisscard.ch *.exelator.com *.addthis.com *.govx.com bidagent.xad.com pippio.com cm.g.dobuleclick.net powebtraffic.crm.powerobjects.net *.cloudfront.net *.simpli.fi 34.215.155.61 100.20.58.101 44.228.85.26 35.85.84.151 *.captcha-delivery.com *.certcapture.com wearvertx.us8.list-manage.com td.doubleclick.net */is www.upsellit.com api.bounce-commerce.de smct.co s3.amazonaws.com *.amazonaws.com *.googlesyndication.com *.avatax.com *.sharethrough.com *.locally.com 52.39.173.161 52.34.31.152 52.37.204.215 *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.b0e8.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googleadservices.com *.openx.net www.facebook.com www.google.co.in www.magecomp.com *.xad.com *.crm.powerobjects.net *.inspectlet.com *.bdex.com vertx.com *.rawgit.com *.googleapis.com *.cloudflare.com *.powerbi.com raw.githubusercontent.com *.demdex.net *.attn.tv *.attentivemobile.com *.cloudfront.net *.paypal.com urldefense.com a5.behance.net localhost:* www.cognitoforms.com *.cardinalcommerce.com cardinalcommerceprod.jfrog.io *.cybersource.com ics2ws.in.ic3.com acs.upc.ua wufoo.com *.wufoo.com mycardsecure.com www.rsa3dsauth.com tsys.arcot.com secureshopping.usaa360.com *.visa3dsecure.com aacsw.3ds.verifiedbyvisa.com mcdirectory.securecode.com dsum-sec.casalemedia.com acs-safekey.americanexpress.com apitest.cybersource.com us8.api.mailchimp.com mailchimp.com cdn.klarna.com meetanshi.com insight.adsrvr.org *.tiqcdn.com cm.g.doubleclick.net pixel.rubiconproject.com ups.analytics.yahoo.com petal-vbv.mycardplace.com *.americanexpress.com acs.sibs.pt 3ds.sia.eu acs.alfabank.kiev.ua esecure.sia.eu:443 3ds-n2.nbg.gr acs2.3ds.modirum.com match.adsrvr.org www.buzzsprout.com 3ds.borica.bg www.securesuite.co.uk ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com acs2-3dsecure.cm-cic.com belgium-3ds-bxl.wlp-acs.com acs.touch.tech secure-acs2ui-b1-indblr-blrtdc.wibmo.com acs.ababank.com:9669 mc.us8.list-manage.com 3dsecure.bnpparibas.pl *.eglobal.com.mx www.rsa3dsauth.co.uk bat.bing.com *.mailchimp.com clarity.microsoft.com www.mycardsecure.com www.intentiq.com *.intentiq.com *.3dlook.me ws.zoominfo.com 40urvooct7.execute-api.us-east-1.amazonaws.com adservice.google.com ansimclick.hyundaicard.com paymentauthenticationchallenge.apac.citibank.com creatives.attn.tv netsafe.hdfcbank.com 3dsec.postfinance.ch acs-jcn.dnp-cdms.jp */is *.steelhousemedia.com *.adsrvr.org *.agkn.com *.rlcdn.com *.clickagy.com clickagy.com stags.bluekai.com sync.crwdcntrl.net pixel-sync.sitescout.com acs2.gpesecure.com www.acs3d.fisc.com.tw usermatch.krxd.net ads.scorecardresearch.com *.aptrinsic.com amc.demdex.net acs1.3dsecure.no acs.americanexpress.com.sa ds.pkobp.pl 3ds.kredobank.com.ua 3ds2-idcheck.acdcproc.com 3ds.tapngo.com.hk obs3dsg2.uobgroup.com 3ds-challenge.n26.com shareasale.com shareasale-analytics.com apc01.safelinks.protection.outlook.com www.dwin1.com acsabsa.bankserv.co.za 3ds.oschadbank.ua acs4.privatbank.ua *.googletagmanager.com zapier.com 3dssg.ocbc.com *.redditinc.com *.redditstatic.com *.reddit.com acs.swisscard.ch *.exelator.com *.addthis.com *.govx.com bidagent.xad.com pippio.com cm.g.dobuleclick.net powebtraffic.crm.powerobjects.net *.simpli.fi 34.215.155.61 100.20.58.101 44.228.85.26 35.160.46.251 35.85.84.151 *.jsdelivr.net *.captcha-delivery.com *.certcapture.com *.s3.amazonaws.com wearvertx.us8.list-manage.com player.vimeo.com td.doubleclick.net www.upsellit.com api.bounce-commerce.de smct.co s3.amazonaws.com *.amazonaws.com *.googlesyndication.com *.avatax.com *.sharethrough.com *.locally.com 52.39.173.161 52.34.31.152 52.37.204.215 *.narvar.com *.narvar.qa *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.b0e8.com *.bc0a.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com *.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal chimpstatic.com downloads.mailchimp.com *.list-manage.com www.google.co.in *.googleadservices.com *.experticity.com player.vimeo.com *.nr-data.net *.newrelic.com mc.us8.list-manage.com *.mailchimp.com *.facebook.net *.cloudflare.com www.gstatic.com *.zinrelo.com *.cloudfront.net vht.lycra.com powebtraffic.crm.powerobjects.net cdn.inspectlet.com www.clickcease.com *.tiqcdn.com urldefense.com *.bdex.com rum-static.pingdom.net *.cybersource.com wufoo.com www.facebook.com *.googleapis.com payflowlink.paypal.com *.s3.amazonaws.com *.googletagmanager.com *.instagram.com *.powerbi.com *.cardinalcommerce.com acs.capitalone.com dpm.demdex.net *.attn.tv amcglobal.sc.omtrdc.net *.attentivemobile.com localhost:* www.cognitoforms.com ics2ws.in.ic3.com acs.upc.ua *.wufoo.com *.arcot.com mycardsecure.com www.rsa3dsauth.co.uk secureshopping.usaa360.com *.visa3dsecure.com aacsw.3ds.verifiedbyvisa.com mcdirectory.securecode.com dsum-sec.casalemedia.com bid.g.doubleclick.net us8.api.mailchimp.com cm.everesttech.net *.klarna.com meetanshi.com insight.adsrvr.org cm.g.doubleclick.net pixel.rubiconproject.com ups.analytics.yahoo.com petal-vbv.mycardplace.com *.americanexpress.com acs.sibs.pt 3ds.sia.eu acs.alfabank.kiev.ua esecure.sia.eu:443 3ds-n2.nbg.gr acs2.3ds.modirum.com match.adsrvr.org www.buzzsprout.com 3ds.borica.bg www.securesuite.co.uk ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com acs2-3dsecure.cm-cic.com belgium-3ds-bxl.wlp-acs.com acs.touch.tech secure-acs2ui-b1-indblr-blrtdc.wibmo.com acs.ababank.com:9669 3dsecure.bnpparibas.pl *.eglobal.com.mx *.bing.com *.microsoft.com www.mycardsecure.com www.intentiq.com *.intentiq.com *.3dlook.me *.zoominfo.com 40urvooct7.execute-api.us-east-1.amazonaws.com ansimclick.hyundaicard.com *.apac.citibank.com acs2.nedsecure.co.za *.aptrinsic.com creatives.attn.tv netsafe.hdfcbank.com 3dsec.postfinance.ch acs-jcn.dnp-cdms.jp *.mountain.com *.steelhousemedia.com *.adsrvr.org *.agkn.com *.rlcdn.com *.clickagy.com clickagy.com stags.bluekai.com sync.crwdcntrl.net pixel-sync.sitescout.com acs2.gpesecure.com www.acs3d.fisc.com.tw usermatch.krxd.net ads.scorecardresearch.com 3ds.redsys.es amc.demdex.net acs1.3dsecure.no acs.americanexpress.com.sa ds.pkobp.pl 3ds.kredobank.com.ua 3ds2-idcheck.acdcproc.com obs3dsg2.uobgroup.com 3ds-challenge.n26.com shareasale.com shareasale-analytics.com apc01.safelinks.protection.outlook.com www.dwin1.com acsabsa.bankserv.co.za 3ds.oschadbank.ua acs4.privatbank.ua zapier.com 3dssg.ocbc.com *.redditinc.com *.redditstatic.com *.reddit.com acs.swisscard.ch *.exelator.com *.addthis.com *.govx.com bidagent.xad.com pippio.com cm.g.dobuleclick.net vertx.com *.simpli.fi 34.215.155.61 100.20.58.101 44.228.85.26 35.160.46.251 35.85.84.151 *.captcha-delivery.com *.certcapture.com wearvertx.us8.list-manage.com td.doubleclick.net */is www.upsellit.com api.bounce-commerce.de smct.co s3.amazonaws.com *.amazonaws.com *.googlesyndication.com *.avatax.com *.sharethrough.com *.locally.com 52.39.173.161 52.34.31.152 52.37.204.215 cdn.jsdelivr.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudfront.net *.mailchimp.com *.googleapis.com *.aptrinsic.com *.googletagmanager.com *.redditinc.com *.redditstatic.com *.reddit.com *.addthis.com *.certcapture.com *.s3.amazonaws.com s3.amazonaws.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com vimeo.com player.vimeo.com *.narvar.com *.narvar.qa *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.visa.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.co.in googleads.g.doubleclick.net *.googleadservices.com *.experticity.com player.vimeo.com *.nr-data.net stats.g.doubleclick.net *.google.com 40urvooct7.execute-api.us-east-1.amazonaws.com *.inspectlet.com wss://ws.inspectlet.com/ rum-collector-2.pingdom.net www.facebook.com *.facebook.net *.googleapis.com *.paypal.com *.zinrelo.com certcapture-sandbox-versioned.s3.amazonaws.com www.youtube.com *.cloudflare.com *.powerbi.com *.capitalone.com *.bdex.com *.demdex.net *.attn.tv events.attentivemobile.com *.cardinalcommerce.com urldefense.com localhost:* www.cognitoforms.com cardinalcommerceprod.jfrog.io *.cybersource.com ics2ws.in.ic3.com acs.upc.ua wufoo.com *.wufoo.com mycardsecure.com www.rsa3dsauth.com *.arcot.com *.usaa360.com *.visa3dsecure.com aacsw.3ds.verifiedbyvisa.com *.securecode.com *.casalemedia.com *.americanexpress.com bid.g.doubleclick.net us8.api.mailchimp.com *.mailchimp.com *.everesttech.net *.klarna.com meetanshi.com insight.adsrvr.org *.tiqcdn.com cm.g.doubleclick.net *.rubiconproject.com ups.analytics.yahoo.com *.mycardplace.com acs.sibs.pt 3ds.sia.eu acs.alfabank.kiev.ua esecure.sia.eu:443 3ds-n2.nbg.gr acs2.3ds.modirum.com match.adsrvr.org www.buzzsprout.com 3ds.borica.bg www.securesuite.co.uk ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com acs2-3dsecure.cm-cic.com belgium-3ds-bxl.wlp-acs.com acs.touch.tech secure-acs2ui-b1-indblr-blrtdc.wibmo.com acs.ababank.com:9669 mc.us8.list-manage.com 3dsecure.bnpparibas.pl *.eglobal.com.mx www.rsa3dsauth.co.uk bat.bing.com *.microsoft.com www.mycardsecure.com www.intentiq.com *.intentiq.com *.3dlook.me ws.zoominfo.com *.hyundaicard.com *.apac.citibank.com acs2.nedsecure.co.za *.aptrinsic.com creatives.attn.tv *.hdfcbank.com 3dsec.postfinance.ch acs-jcn.dnp-cdms.jp *.mountain.com *.steelhousemedia.com *.adsrvr.org *.agkn.com *.rlcdn.com *.clickagy.com clickagy.com *.bluekai.com sync.crwdcntrl.net pixel-sync.sitescout.com acs2.gpesecure.com www.acs3d.fisc.com.tw usermatch.krxd.net ads.scorecardresearch.com amc.demdex.net acs1.3dsecure.no acs.americanexpress.com.sa ds.pkobp.pl *.kredobank.com.ua *.acdcproc.com *.tapngo.com.hk *.uobgroup.com 3ds-challenge.n26.com shareasale.com shareasale-analytics.com apc01.safelinks.protection.outlook.com www.dwin1.com acsabsa.bankserv.co.za *.oschadbank.ua *.privatbank.ua zapier.com 3dssg.ocbc.com *.redditinc.com *.redditstatic.com *.reddit.com *.swisscard.ch *.exelator.com *.addthis.com *.govx.com bidagent.xad.com pippio.com cm.g.dobuleclick.net powebtraffic.crm.powerobjects.net vertx.com *.simpli.fi 34.215.155.61 100.20.58.101 44.228.85.26 35.160.46.251 35.85.84.151 *.captcha-delivery.com *.certcapture.com wearvertx.us8.list-manage.com td.doubleclick.net */is www.upsellit.com api.bounce-commerce.de smct.co s3.amazonaws.com *.amazonaws.com *.googlesyndication.com *.avatax.com *.sharethrough.com *.locally.com 52.39.173.161 52.34.31.152 52.37.204.215 https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' https://www.googletagmanager.com/ 'sha256-bG+QS/Ob2lFyxJ7r7PCtj/a8YofLHFx4t55RzjR1znI=' 'sha256-RzTTI/28QrruyqG1AYHiMuUgzLJnScrkQZ+k4vM54sc=' 'sha256-ZqU14A+v5z0SZfkGy3Obt+rnB8Ig87tDh14aelRZMrc=' 'sha256-fJIJ95LpFoQyT1NbKKMollEJmX39rFBBLc2I4uwVq70=' 'sha256-BAW4x/2+h0ercq8stI0TlHk5L5K98BzI6wDz13S3PHw=' 'sha256-cznkMQwfUz8uqZ22N85rDCEDvVZdjpKebS4BYgol+YQ=' 'sha256-3wzmlx/59IWPscesBhgdEzEOHaxqC1JOQ71cOPAfHEU=' 'sha256-+3Fl2/d1Z/W0QhmGXwC7i9nLSo34f2jNzXh07Wm3iic=' 'sha256-PxPg1sitx/VakJ3y4byvJIV5cTs2YnZFZJEqzqsSkmc=' 'sha256-IA2Y7wS4IxefFyUMBtt7aEwOjKYgPe+bQf0i62186Z8=' 'sha256-SIudMZ7i73OFCg1C1pyPsCfJBxAKQycJjRh7hBoeraE='; connect-src 'self' https://www.google-analytics.com/ https://*.algolia.net/ https://*.algolianet.com/ https://api.github.com/; frame-src https://playground.lit.dev/ https://www.youtube-nocookie.com/; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com/ https://www.googletagmanager.com/ https://avatars.githubusercontent.com/; object-src 'none'; default-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://csp.withgoogle.com/csp/lit-dev 1
frame-src 'self' streaming.hoshikare.jp vp1-hoshikare-prod.firebaseapp.com platform.twitter.com syndication.twitter.com www.youtube.com apps.paidy.com checkout-v2.paidy.com 1
frame-ancestors https://*.ilnotiziario.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.pt; img-src 'self' https: data: blob: https://masto.pt; style-src 'self' https://masto.pt 'nonce-z7mMbMO8tk8Zcsnezw3Ctw=='; media-src 'self' https: data: https://masto.pt; frame-src 'self' https:; manifest-src 'self' https://masto.pt; form-action 'self'; child-src 'self' blob: https://masto.pt; worker-src 'self' blob: https://masto.pt; connect-src 'self' data: blob: https://masto.pt https://cdn.masto.host wss://masto.pt; script-src 'self' https://masto.pt 'wasm-unsafe-eval' 1
default-src 'self' blob:; connect-src * 'unsafe-inline'; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gtm.com *.googletagmanager.com *.jsdelivr.net *.google.com *.google.co.in *.tvsmotorcompanyltd.australia-3.evergage.com *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.tvsemerald.com *.facbook.com *.facebook.net *.google-analytics.com *.googleapis.com *.evgnet.com *.visualwebsiteoptimizer.com *.clarity.ms *.kenyt.ai *.facebook.net *.taboola.com *.doubleclick.net *.outbrain.com *.zemanta.com *.jqueryscript.net *.googleadservices.com *.googlesyndication.com *.datatables.net *.go-mpulse.net *.visualwebsiteoptimizer.com app.vwo.com; style-src * 'unsafe-inline';script-src-elem * 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com;worker-src 'self' blob:; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://tradingqna.com/logs/ https://tradingqna.com/sidekiq/ https://tradingqna.com/mini-profiler-resources/ https://tradingqna.com/assets/ https://tradingqna.com/brotli_asset/ https://tradingqna.com/extra-locales/ https://tradingqna.com/highlight-js/ https://tradingqna.com/javascripts/ https://tradingqna.com/plugins/ https://tradingqna.com/theme-javascripts/ https://tradingqna.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY=' m.zerodha.com matomoadmin.zerodha.net/; worker-src 'self' https://tradingqna.com/assets/ https://tradingqna.com/brotli_asset/ https://tradingqna.com/javascripts/ https://tradingqna.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'self'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.jechange.fr/report-uri/enforce 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; font-src *;img-src * data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.redditstatic.com/ads/pixel.js https://googleads.g.doubleclick.net https://d6unz3nsyh8vw.cloudfront.net/3SFv8DuWrRsddehY9xMi45LjA.js https://*.googletagmanager.com https://www.google.com https://consent.cookiebot.com https://www.gstatic.com https://*.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://connect.facebook.net https://consentcdn.cookiebot.com https://www.youtube.com https://player.vimeo.com https://www.connexys.nl https://analytics.apg.nl https://www.googleadservices.com https://js.monitor.azure.com https://static.hotjar.com https://script.hotjar.com https://platform.instagram.com https://www.instagram.com;object-src 'self';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com;img-src 'self' data: https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://i.ytimg.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://static.hotjar.com https://script.hotjar.com;media-src 'self';frame-src 'self' https://*.google.com/ https://www.googletagmanager.com https://acceptatie.connexys.nl https://www.connexys.nl https://consentcdn.cookiebot.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.soundcloud.com https://localfocuswidgets.net https://*.hotjar.com https://*.hotjar.io https://www.instagram.com;font-src 'self' data: https://script.hotjar.com;connect-src 'self' https://cdn.linkedin.oribi.io https://com-vonq-main.collector.snplow.net https://*.google-analytics.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://analytics.apg.nl https://dc.services.visualstudio.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;base-uri 'self';frame-ancestors 'self';manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors 'self' https://dev.helmo.be https://connect.helmo.be https://test-connect.helmo.be https://connect2.helmo.be https://test-connect2.helmo.be 1
default-src 'self' https://flowcv.com;img-src 'self' https://flowcv.com https://prod.flowcvassets.com data: blob: https://images.unsplash.com https://images.flowcv.com www.gstatic.com https://assets.grammarly.com *.flowcvassets.com https://assets.flowcv.com;media-src 'self' https://flowcv.com https://prod.flowcvassets.com https://d201kpdrh73vuz.cloudfront.net *.flowcvassets.com https://assets.flowcv.com;script-src 'self' https://flowcv.com 'sha256-pD0qhGxrPHKZEOr3gZ+WrG4K7AiCWKio4su78ctzgrk=' https://www.google.com https://js.stripe.com https://www.gstatic.com 'nonce-9c4d35e23532e8da611fb1ee64e4c2d6' 'unsafe-eval' *.stripe.com https://challenges.cloudflare.com;connect-src 'self' https://flowcv.com https://u5hubgj2vb.execute-api.eu-central-1.amazonaws.com https://notify.bugsnag.com blob: https://prod.flowcvassets.com *.flowcvassets.com https://flowcv.com https://api.stripe.com https://js.stripe.com *.stripe.com;frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.youtube.com https://challenges.cloudflare.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' cdn.kleding.nl 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.kleding.nl; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.kleding.nl; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.kleding.nl images.kleding.nl cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
base-uri 'self';frame-ancestors 'self' https://www.katholisch.de https://www.youtube.com https://www.youtube-nocookie.com https://gis.bistum-muenster.de https://s3-eu-west-1.amazonaws.com/ https://eu2.cleverreach.com/;default-src 'self' https://api.instagram.com https://statistik.kampanile.de https://www.youtube.com https://maps.googleapis.com cloud.ccm19.de; script-src 'self' 'unsafe-inline' https://api.instagram.com https://statistik.kampanile.de/ https://maps.googleapis.com cloud.ccm19.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.ccm19.de; font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://s3-eu-west-1.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com cloud.ccm19.de; media-src 'self' https://www.youtube.com ; frame-src 'self' https://www.katholisch.de https://www.youtube.com https://www.youtube-nocookie.com https://gis.bistum-muenster.de cloud.ccm19.de https://www.google.com/recaptcha/api2/; form-action 'self' https://*.cleverreach.com; object-src 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-AHQZBJUjB3luhRZjCn3cJQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https://www.youtube.com https://*.doubleclick.net https://*.adform.net https://jedonnemonavis.numerique.gouv.fr data: 'unsafe-inline' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://ajax.googleapis.com http://fonts.googleapis.com http://fonts.gstatic.com 1
https://www.googletagmanager.com; 1
frame-ancestors https://noveltoon.mobi 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://tag.aticdn.net; img-src 'self' https://*.xiti.com https://www.mesdroitssociaux.gouv.fr https://voxusagers.numerique.gouv.fr/static/bouton-bleu.svg data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com; font-src 'self' data:; frame-src 'self' https://www.dailymotion.com; connect-src 'self' https://*.xiti.com https://*.dev-franceconnect.fr https://app.franceconnect.gouv.fr ; object-src 'none' 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.wspay.biz *.corvuspay.com *.fontawesome.com *.zopim.com *.klevu.com data: mi.hr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.wspay.biz *.corvuspay.com mi.hr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com mi.hr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io venkon.hr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com *.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz maps.gstatic.com *.gstatic.com blob: *.corvuspay.com *.google.hr mi.hr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sibautomation.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.pushpushgo.com *.adobedtm.com *.corvuspay.com *.googletagmanager.com *.doubleclick.com *.doubleclick.net *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.facebook.com *.facebook.net *.zopim.com *.zdassets.com mi.hr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.klevu.com mi.hr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://in-automate.brevo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.google-analytics.com *.googletagmanager.com *.doubleclick.com *.doubleclick.net *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.facebook.net *.zopim.com *.zdassets.com *.pagead2.googlesyndication.com *.googlesyndication.com mi.hr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.com.tw https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.tw https://m.myprotein.tw https://checkout.myprotein.tw https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'report-sample' 'self'; script-src 'report-sample' 'self' 'unsafe-eval' https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://noulcatalog.ro; script-src-attr 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; worker-src 'report-sample' 'self'; form-action 'report-sample' 'none'; frame-ancestors 'none'; img-src 'report-sample' 'self' data: https://code.jquery.com https://secure.gravatar.com https://noulcatalog.ro; connect-src 'report-sample' 'self' https://code.jquery.com https://api.pwnedpasswords.com https://extreme-ip-lookup.com https://secure.gravatar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://noulcatalog.ro; frame-src 'report-sample' https://www.google.com https://maps.google.com;child-src 'report-sample' https://www.google.com https://maps.google.com 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; style-src-attr 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; font-src 'report-sample' 'self' https://code.jquery.com  https://noulcatalog.ro; object-src 'report-sample' 'none'; report-uri /report.php; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.newrelic.com *.google.com *.doubleclick.net *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.google.com *.google.com.ar *.facebook.com *.newrelic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net https://formfacade.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.zdassets.com *.googletagmanager.com https://formfacade.com *.doubleclick.net *.cloudfront.net https://formfacade.firebaseio.com *.googleapis.com *.retailrocket.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.retailrocket.net *.newrelic.com https://formfacade.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.google.com *.doubleclick.net *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net https://formfacade.firebaseio.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.yapaytech.com   *.helorobo.com *.iyzipay.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.yapaytech.com   *.helorobo.com *.iyzipay.com ; frame-ancestors *; 1
default-src: https:; frame-ancestors 'self' store.acer.com X-Frame-Options: SAMEORIGIN 1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yapaytech.com https://*.nr-data.net https://*.newrelic.com https://*.thequin.ai https://*.hotjar.com https://*.yatsan.com https://*.facebook.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://cdnjs.cloudflare.com https://cdn.onesignal.com https://cookie-cdn.cookiepro.com https://connect.facebook.net https://cdn.personaclick.com https://*.personaclick.com https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://onesignal.com https://r.bing.com https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://stn-yatsan.mncdn.com https://*.adform.net https://tagmanager.google.com https://www.google-analytics.com https://www.clarity.ms https://www.googletagmanager.com https://yatsan.hellosmpl.com https://*.youtube.com https://*.googleoptimize.com https://*.googleapis.com https://*.yatsan.com;                      style-src 'self' 'unsafe-inline' *.yapaytech.com *.google.com *.bing.com cdnjs.cloudflare.com cdn.personaclick.com fonts.googleapis.com stn-yatsan.mncdn.com www.googletagmanager.com;                      child-src 'self' blob: *.facebook.com https://*.tani.com.tr *.google.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net connect.facebook.net www.googletagmanager.com yatsan.hellosmpl.com https://*.adform.net https://*.youtube.com;                      base-uri 'self';       frame-src *;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true 1
base-uri 'none' ; 1
default-src 'self'; base-uri 'self'; script-src 'self' https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://*.instana.io; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.eharmony.ca https://tms.eharmony.ca https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-FsJWLu50CEoT+Jt8UjmAhQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' * data: blob: https: *.fund.com fund.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com *.peacebanana.com *.tctm.co *.ostrichesica.com *.joshuarms.com *.cloudflareinsights.com *.cheqzone.com *.zenimpact.io *.awin1.com *.awinhosting.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org *.thefinancials.com blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: fund.com *.fund.com *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test mijn.stjansdal.nl epdmyc02 epdmyc11 epdmyc12 1
base-uri 'self' https://*.giving.sg; child-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; frame-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; connect-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://*.google-analytics.com https://*.googletagmanager.com https://*.giving.sg https://*.ckeditor.com https://stats.g.doubleclick.net https://*.google.com.sg https://*.facebook.com https://*.analytics.google.com https://analytics.pangle-ads.com https://google.com https://*.tiktok.com https://analytics.google.com 'self'; default-src 'self' https://*.giving.sg https://*.google-analytics.com https://googleads.g.doubleclick.net gap: 'unsafe-inline' 'unsafe-eval'; font-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.onemap.sg 'self' data:; img-src https://*.youtube.com https://img.youtube.com https://www.google.com https://www.onemap.gov.sg https://maps-c.onemap.sg https://maps-b.onemap.sg https://maps-a.onemap.sg https://*.s3.ap-southeast-1.amazonaws.com https://*.stripe.com 'self' data: blob: https://*.googletagmanager.com https://i.ytimg.com https://*.volunteer.gov.sg https://validator.swagger.io https://*.facebook.com https://*.google.com.sg https://analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net blob:; media-src 'self' https://*.giving.sg; object-src 'self'; script-src https://www.youtube.com https://www.google.com https://*.google.com https://*.google.com.sg https://*.onemap.sg https://*.googletagmanager.com https://*.google-analytics.com https://*.giving.sg https://www.gstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://js.stripe.com https://*.facebook.com https://tpc.googlesyndication.com https://*.tiktok.com https://*.googleadservices.com https://*.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.onemap.sg https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.giving.sg 'self' 'unsafe-inline'; frame-ancestors https://*.giving.sg https://giving.sg https://www.giving.sg https://js.stripe.com https://td.doubleclick.net outsystems://app.giving.sg 'self' gap:; 1
default-src 'self'; connect-src 'self' *.nr-data.net i.clarity.ms analytics.google.com stats.g.doubleclick.net translate.googleapis.com www.google-analytics.com *.clarity.ms bam.nr-data.net *.hotjar.com bat.bing.com *.hotjar.io https://adservice.google.com https://www.google.ca https://alectrautilities.com/ https://www.google.com https://connect.facebook.net ws.hotjar.com https://api64.ipify.org/ https://u2-alectra-svc.smartcmobile.net/ https://u-alectra-svc.smartcmobile.net/ ws: https://api.mypurecloud.com https://api-cdn.mypurecloud.com/ https://api-cdn.cac1.pure.cloud/webdeployments/v1/deployments/3d9431eb-fe72-430c-a622-5981378973d7/domains.json https://api-cdn.cac1.pure.cloud/webdeployments/v1/deployments/3d9431eb-fe72-430c-a622-5981378973d7/config.json https://api.cac1.pure.cloud; font-src 'self' https://use.fontawesome.com https://themes.googleusercontent.com; frame-src 'self' platform.twitter.com static.addtoany.com syndication.twitter.com www.gstatic.com www.google.com www.youtube.com www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://apps.mypurecloud.com/ https://apps.cac1.pure.cloud/ https://www.youtube.com/iframe_api; img-src 'self' *.alectra.com https://*.gstatic.com t.co analytics.twitter.com syndication.twitter.com www.facebook.com data: www.w3.org/svg/2000 www.google.ca www.google-analytics.com bat.bing.com tr.outbrain.com translate.google.com www.google.com translate.googleapis.com connect.facebook.net c.clarity.ms bing.com/c www.googletagmanager.com/a https://alectrautilities.com/ https://*.clarity.ms https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com *.nr-data.net platform.twitter.com static.addtoany.com static.ads-twitter.com connect.facebook.net analytics.twitter.com t.co www.googletagmanager.com translate.google.com www.clarity.ms translate.googleapis.com www.google-analytics.com amplify.outbrain.com bat.bing.com tr.outbrain.com translate-pa.googleapis.com www.google.com https://d.clarity.ms/ *.hotjar.com vc.hotjar.io *.cloudflare.com https://unpkg.com/ www.recaptcha.net https://www.gstatic.com/ https://apps.mypurecloud.com https://apps.cac1.pure.cloud/genesys-bootstrap/genesys.min.js https://apps.cac1.pure.cloud/journey/messenger-plugins/offersHelper.min.js https://apps.cac1.pure.cloud/genesys-bootstrap/plugins/genesysvendors.min.js *.youtube.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com www.gstatic.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdnjs.cloudflare.com; upgrade-insecure-requests 1
default-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com 'nonce-f0b6c99ad3afad2c67943dcab9c09056' www.googletagmanager disqus.com disquscdn.com *.disquscdn.com;script-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com 'nonce-f0b6c99ad3afad2c67943dcab9c09056' www.googletagmanager.com *.google.com www.google-analytics.com *.gstatic.com analytics.tiktok.com cdn.jsdelivr.net iframe.ly *.iframe.ly *.twitter.com *.twimg.com *.ads-twitter.com *.facebook.net disqus.com *.instagram.com sc-static.net *.disqus.com *.disquscdn.com *.curator.io https://fanpic.co https://vjs.zencdn.net https://unpkg.com https://cdn.rawgit.com cdnjs.cloudflare.com *.licdn.com;style-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com 'unsafe-inline' www.googletagmanager.com *.vimeo.com cdn.jsdelivr.net fast.fonts.net *.twitter.com *.disquscdn.com *.curator.io https://vjs.zencdn.net cdnjs.cloudflare.com;frame-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com data: *.iframe.ly *.vimeo.com *.youtube.com *.youtube-nocookie.com *.twitter.com *.facebook.com *.instagram.com *.snapchat.com disqus.com *.google.com www.recaptcha.net *.spotify.com https://z6z.co/race-to-rugby https://app.idagio.com https://www.podbean.com https://i.fanpic.co;connect-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com blob: *.curator.io www.google-analytics.com *.analytics.google.com analytics.tiktok.com stats.g.doubleclick.net *.linkedin.com;img-src * data: blob:;font-src * data:;media-src * blob:;frame-ancestors 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com https://mynetconnect.staffbase.com;child-src 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com blob:;base-uri 'self' inmotion.dhl *.inmotion.dhl imcdn.adrivo.com *.adrivo.com;object-src 'none' 1
frame-ancestors 'self' https://*.envoyglobal.com; frame-src https://*.envoyglobal.com/ https://player.vimeo.com/ https://*.youtube.com/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://www.google.com/ https://boards.greenhouse.io/ https://forms.hsforms.com/ https://envoyglobal.chilipiper.com/ https://*.hubspot.com https://*.hs-sites.com https://*.securityscorecard.com/ https://securityscorecard.com/; upgrade-insecure-requests; object-src 'self'; script-src 'self'  'unsafe-eval' 'unsafe-inline' https://cdn.amcharts.com https://cdn.cookielaw.org https://connect.facebook.net https://content.cdntwrk.com https://d.adroll.com https://googleads.g.doubleclick.net https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://player.vimeo.com https://resources.envoyglobal.com https://s.adroll.com https://s.swiftypecdn.com https://*.hotjar.com https://snap.licdn.com https://static.hotjar.com https://storage.googleapis.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com https://www.youtube.com https://cta-redirect.hubspot.com/ https://no-cache.hubspot.com/ https://cta-service-cms2.hubspot.com/ https://js.hscta.net/ https://info.visanow.com/ https://go.envoyglobal.com/ https://cdn1.hubspot.net/ https://*.hotjar.io https://*.chilipiper.com/ https://*.jquery.com/ https://js.chilipiper.com/ https://api.chilipiper.com/ https://js.hubspot.com/ https://*.hs-scripts.com https://*.adroll.com https://*.hubspot.com/ https://*.hs-sites.com https://*.usemessages.com; 1
font-src *.googleapis.com https://www.gstatic.com bam.nr-data.net *.google-analytics.com www.gstatic.com www.google.com *.fontawesome.com https://fonts.gstatic.com fonts.gstatic.com static.olark.com *.doubleclick.net *.google.com www.laborlawcenter.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.laborlawcenter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.laborlawcenter.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com tpc.googlesyndication.com sandbox.bluesnap.com tst.kaptcha.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com static.olark.com *.doubleclick.net *.wesupply.xyz https://wesupplylabs.com www.laborlawcenter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com validate.fishpig.co.uk *.certcapture.com *.s3.amazonaws.com *.laborlawcenter.com bam.nr-data.net *.linkedin.com www.facebook.com bat.bing.com *.clarity.ms www.gstatic.com store.paradoxlabs.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com log.olark.com *.posthog.com static.olark.com *.doubleclick.net *.google.com www.google.co.uk www.google.ae www.google.com.pr www.google.ca www.google.com.tr www.google.co.ke www.google.com.au www.google.com.ph www.google.co.nz www.google.co.th www.google.ie www.google.it www.google.co.za www.google.com.gh www.google.com.jm www.google.lt www.google.com.sa www.google.kz www.google.co.in www.google.ru www.google.co.id *.gstatic.com www.laborlawcenter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.gstatic.com www.google.com *.googleapis.com https://*.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com player.vimeo.com bam.nr-data.net js-agent.newrelic.com *.hotjar.com snap.licdn.com bat.bing.com *.clarity.com sandbox.bluesnap.com tpc.googlesyndication.com connect.facebook.net *.avada.io *.authorize.net https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.googleoptimize.com *.olark.com browser.sentry-cdn.com *.visualwebsiteoptimizer.com *.posthog.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.laborlawcenter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com www.gstatic.com www.google.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com static.olark.com tagmanager.google.com www.laborlawcenter.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com www.laborlawcenter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.certcapture.com bam.nr-data.net cdn.linkedin.oribi.io *.linkedin.com *.hotjar.com *.hotjar.io bat.bing.com *.clarity.com *.clarity.ms *.google-analytics.com https://get.geojs.io *.avada.io *.authorize.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com knrpc.olark.com *.posthog.com *.doubleclick.net *.google.com https://www.google-analytics.com www.laborlawcenter.com 'self' 'unsafe-inline'; child-src www.laborlawcenter.com http: https: blob: 'self' 'unsafe-inline'; default-src www.laborlawcenter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.laborlawcenter.com/csp-report/CspLog/; report-to report-endpoint; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-14865a7e-67f7-4c62-a3b2-9b5f69ba5849' https://www.google.com/recaptcha/api.js; 1
connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com px.ads.linkedin.com pagead2.googlesyndication.com cdn.linkedin.oribi.io c2.ktxlytics.io bat.bing.com wss://*.hotjar.com *.clarity.ms *.hotjar.com *.hotjar.io *.doubleclick.net *.googleadservices.com *.google.com *.qualtrics.com *.crazyegg.com naviwebapp.nyc3.digitaloceanspaces.com *.google-analytics.com *.googleapis.com *.gstatic.com;default-src 'self' *.googleapis.com *.gstatic.com *.google.com *.hotjar.com naviwebapp.nyc3.digitaloceanspaces.com;frame-src 'self' *.youtube.com *.ytimg.com *.hotjar.com *.doubleclick.net *.krxd.net *.googlesyndication.com *.internationaltrucks.com *.lpsnmedia.net *.liveperson.net  *.google.com *.digitaloceanspaces.com *.facebook.com ;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.youtube.com *.ytimg.com *.doubleclick.net *.google-analytics.com px.ads.linkedin.com mid.rkdms.com simage2.pubmatic.com secure.adnxs.com c2.ktxlytics.io ib.adnxs.com analytics.twitter.com *.clarity.ms navinventorynew.blob.core.windows.net *.azureedge.net *.heapanalytics.com parts-cdn.fleetrite.com *.google.com *.facebook.com *.bing.com *.adsrvr.org *.demdex.net t.co *.linkedin.com *.krxd.net *.adsymptotic.com *.mookie1.com *.googletagmanager.com *.internationaltrucks.com *.jivox.com *.rlcdn.com *.agkn.com *.hotjar.com *.crwdcntrl.net *.thebrighttag.com *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.youtube.com *.ytimg.com *.doubleclick.net *.google-analytics.com;media-src 'self' *.youtube.com *.ytimg.com *.lpsnmedia.net *.liveperson.net *.google.com;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com cdnjs.cloudflare.com *.google-analytics.com code.jquery.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.cloudfront.net trackit.ktxlytics.io *.clarity.ms unpkg.com *.crazyegg.com *.hotjar.com *.heapanalytics.com *.ytimg.com *.google.com *.doubleclick.net *.bing.com *.facebook.net *.googleadservices.com *.licdn.com *.krxd.net *.ads-twitter.com *.dstillery.com *.siteintercept.qualtrics.com *.pardot.com *.linkedin.com *.demdex.net *.media6degrees.com *.twitter.com *.googlesyndication.com *.jivox.com  cdn.siteimprove.net *.qualtrics.com *.addthis.com *.addthisedge.com *.moatads.com cdnjs.cloudflare.com *.google-analytics.com code.jquery.com *.youtube.com *.googleapis.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.google.com; 1
default-src 'self'; script-src * data: 'unsafe-inline'; manifest-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src * 1
child-src 'self' https: www.google.com www.gstatic.com forms.hsforms.com www.customerdataplatform.co.uk s7.addthis.com www.youtube.com vars.hotjar.com forms.hsforms.com hubspot.com app.hubspot.com *.cookiebot.com *.facebook.com *.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com api.usemessages.com js.usemessages.com static.hotjar.com script.hotjar.com js.hs-analytics.net js.hs-scripts.com hs-scripts.com m.addthisedge.com m.addthis.com forms.hsforms.com maps.googleapis.com maps.google.com js.hsforms.net s7.addthis.com fonts.googleapis.com apis.google.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com cdn.optimizely.com js.leadin.com js.hsleadflows.net snap.licdn.com px.ads.linkedin.com www.linkedin.com dc.ads.linkedin.com v1.addthisedge.com js.hsadspixel.net v1.addthis.com az416426.vo.msecnd.net connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net doubleclick.net js.hs-banner.com cookiebot.com consentcdn.cookiebot.com redeye.com tracking.g2crowd.com g2crowd.com maps.google.com facebook.com consent.cookiebot.com scout-cdn.salesloft.com https: data:; img-src 'self' http: https: data: maps.gstatic.com *.googleapis.com *.ggpht ; base-uri 'self'; 1
default-src 'self'; script-src 'self' data: 'sha256-xNX/dppjTDEBL+E0/GrZGmCbukvn0LadCVJh9JsD46I=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.cloudflareinsights.com https://www.youtube.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://sc-static.net https://static.ads-twitter.com 'sha256-po4n2fGDKRAzyqKWAwZRaDIgg2BRdEvY8iuJi/kP3Go=' https://snap.licdn.com https://connect.facebook.net https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://cdn.thinglink.me; connect-src 'self' https://d22g8xv6j3zp9r.cloudfront.net https://d1lz5ymsljbgdd.cloudfront.net https://cloudflareinsights.com https://static.cloudflareinsights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.gstatic.com https://*.g.doubleclick.net https://cdn.linkedin.oribi.io https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://*.ads.linkedin.com https://*.google.com https://*.google.ae https://*.google.az https://*.google.ca https://*.google.cn https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.co.za https://*.google.com.au https://*.google.com.bh https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.om https://*.google.com.qa https://*.google.com.sa https://*.google.de https://*.google.fr https://*.google.iq https://*.google.jo https://*.google.ru; child-src 'self' https://www.youtube.com https://www.vimeo.com; frame-src 'self' https://www.youtube.com https://www.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://fls.doubleclick.net https://12716691.fls.doubleclick.net https://13866393.fls.doubleclick.net https://tr-shadow.snapchat.com https://tr.snapchat.com https://cdn.thinglink.me https://www.thinglink.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.gstatic.com; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com; object-src 'none'; img-src 'self' 'unsafe-inline' data: https://d22g8xv6j3zp9r.cloudfront.net https://www.googletagmanager.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://ad.doubleclick.net https://12716691.fls.doubleclick.net https://13866393.fls.doubleclick.net https://t.co https://analytics.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://fonts.gstatic.com https://tr.snapchat.com https://i.ytimg.com https://*.google.com https://*.google.ae https://*.google.az https://*.google.ca https://*.google.cn https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.co.za https://*.google.com.au https://*.google.com.bh https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.om https://*.google.com.qa https://*.google.com.sa https://*.google.de https://*.google.fr https://*.google.iq https://*.google.jo https://*.google.ru; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zhengjie.com *.cnzz.com hm.baidu.com https://res.wx.qq.com *.google-analytics.com *.baidustatic.com https://pos.baidu.com cpu.baidu.com tudouui.com *.alicdn.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com adservice.google.com adservice.google.com.hk adservice.google.co.jp adservice.google.co.kr *.google.com.tw adservice.google.gr *.micro-bee.com *.cxfzw.cn *.gng5.cn *.126.net *.czxhpt.cn *.weikefanli.com:5526 cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' cdn1.zhengjie.com tudouui.com *.googleapis.com *.googlesyndication.com;img-src * data: hm.baidu.com;connect-src 'self' wss://www.zhengjie.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net adservice.google.com csi.gstatic.com hm.baidu.com;font-src *.gstatic.com;object-src 'self' img1.zhengjie.com;media-src 'self';frame-src 'self' *.qq.com *.tudou.com tudouui.com *.youku.com weixin: *.alicdn.com *.tanx.com *.baidu.com *.doubleclick.net *.gstatic.com *.googlesyndication.com *.cxfzw.cn *.gng5.cn *.yjst.cn; 1
default-src 'self' https://*.consumerratequotes.com https://*.vimeo.com https://*.youtube.com; frame-src 'self' https://*.google.com https://*.consumerratequotes.com https://www.facebook.com https://platform.twitter.com https://*.vimeo.com https://*.youtube.com https://*.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://platform.twitter.com https://*.googleapis.com https://*.licdn.com https://*.facebook.net https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.salemove.com https://*.glia.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' https://maps.googleapis.com https://*.doubleclick.net https://*.google-analytics.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com; media-src 'self' https://*.salemove.com https://*.glia.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.salemove.com https://*.glia.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://hello.myfonts.net https://*.googletagmanager.com https://*.ggpht.com https://*.googleapis.com https://*.twitter.com https://*.ytimg.com https://*.gstatic.com https://www.google.com https://*.google-analytics.com https://*.linkedin.com https://*.facebook.com https://content-cdn.com blob: data: https://*.salemove.com https://*.glia.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-o4jtYNI0axDPAAYFEO00KsK6N+b8rU' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.healthalliance.org healthalliance.org *.hally.com hally.com cdnjs.cloudflare.com *.sitesearch360.com *.googleapis.com *.typekit.net *.cloudfront.net cdn.icomoon.io *.gstatic.com healthalliance.knowledgeowl.com connect.facebook.net *.userback.io *.vo.msecnd.net www.googletagmanager.com *.google.com *.g.doubleclick.net *.doubleclick.net script.crazyegg.com www.google-analytics.com bat.bing.com snap.licdn.com static.ads-twitter.com dc.services.visualstudio.com t.co analytics.twitter.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.ads.linkedin.com askshirley.org *.formstack.com www.youtube.com s.yimg.com sp.analytics.yahoo.com player.vimeo.com f.vimeocdn.com web.powerva.microsoft.com; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeo.com *.dixonvalve.com dixonvalve.com; child-src 'self' *.youtube.com *.vimeo.com *.google.com vars.hotjar.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.comm100.io *.comm100.com forms.hubspot.com *.hotjar.io *.hotjar.com wss://*.hotjar.com https://www.product-config.net/catalog3/cad https://dpk3n3gg92jwt.cloudfront.net/cadviewer/images https://dpk3n3gg92jwt.cloudfront.net/domains/dixonvalve/ https://bam.nr-data.net/events/ https://bam.nr-data.net/ https://cdn.knightlab.com http://stats.addtoany.com max12.comm100.io www.google-analytics.com chatserver12.comm100.io *.issuu.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' data: *.typekit.net fonts.googleapis.com fonts.gstatic.com https://vue.comm100.com cdn.knightlab.com https://use.fontawesome.com/ script.hotjar.com cdnjs.cloudflare.com at.alicdn.com fonts.cdnfonts.com; frame-src 'self' *.youtube.com *.vimeo.com *.google.com vars.hotjar.com *.facebook.com https://static.addtoany.com https://assets.pinterest.com www.googletagmanager.com *.issuu.com; img-src 'self' *.google-analytics.com *.google.com https://cdn.jsdelivr.net/npm/ www.product-config.net *.comm100.io *.comm100.com track.hubspot.com data: blog.dixonvalve.com script.hotjar.com https://dpk3n3gg92jwt.cloudfront.net/cadviewer/images/ www.googletagmanager.com https://assets.pinterest.com https://log.pinterest.com https://i.ytimg.com www.google.ca www.google.com.ar www.google.com.co www.google.ch www.google.co.uk www.google.co.za www.gstatic.com www.google.co.in www.google.dk www.google.com.eg www.google.de www.google.com.sa www.google.es www.google.be www.google.com.pe www.google.fi www.google.pl www.google.no www.google.co.th www.google.cl www.google.com.pr www.google.nl www.google.com.ph www.google.it www.google.tt www.google.lt www.google.com.ng www.google.co.jp www.google.co.kr www.google.com.my www.google.az www.google.ae www.google.ru www.google.com.ua www.google.sk www.google.com.pk www.google.ie www.google.com.au www.google.se www.google.co.id no-cache.hubspot.com www.google.com.tw www.google.mn www.google.at www.google.sr www.google.com.qa www.google.ba www.google.co.uz www.google.co.bw www.google.com.tr www.google.com.sg www.google.com.vn www.google.iq www.google.cn www.google.com.om www.google.gr www.google.com.pg www.google.kz www.google.com.mm www.google.com.bn www.google.co.ao www.google.si www.google.ro www.google.com.et www.google.com.gt www.google.com.ec www.google.com.hk www.google.ps www.google.com.pa www.google.rs www.google.cd www.google.com.sv www.google.com.bo www.google.ge www.google.ee www.google.com.kw www.google.co.ug www.google.co.ke www.google.bg www.google.co.il www.google.dz www.google.hr www.google.com.na www.google.hu www.google.com.bh file12.comm100download.com www.google.lk dixonvalve.com https://cdn.cookielaw.org; manifest-src 'self'; media-src 'self' *.comm100.io data:; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.vimeo.com *.hotjar.com *.comm100.com www.googletagmanager.com *.comm100vue.com js.hs-banner.com js.hs-analytics.net js.hsleadflows.net https://bam.nr-data.net js-agent.newrelic.com https://assets.pinterest.com www.youtube.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://js.hs-scripts.com https://polyfill.io https://services.postcodeanywhere.co.uk https://static.addtoany.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com product-config.net stackpath.bootstrapcdn.com www.product-config.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.youtube.com *.google-analytics.com *.hotjar.com *.comm100.com www.googletagmanager.com *.comm100vue.com js.hs-banner.com js.hs-analytics.net js.hsleadflows.net/ https://bam.nr-data.net js-agent.newrelic.com https://assets.pinterest.com *.hs-scripts.com standby.comm100vue.com static.hotjar.com static.addtoany.com www.gstatic.com www.google-analytics.com *.issuu.com https://cdn.cookielaw.org https://www.google.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://js.hs-scripts.com https://polyfill.io https://services.postcodeanywhere.co.uk https://static.addtoany.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com product-config.net stackpath.bootstrapcdn.com www.product-config.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.typekit.net ajax.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://services.postcodeanywhere.co.uk https://unpkg.com mdbootstrap.com product-config.net stackpath.bootstrapcdn.com use.fontawesome.com www.product-config.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' *.typekit.net p.typekit.net cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://services.postcodeanywhere.co.uk https://unpkg.com mdbootstrap.com product-config.net stackpath.bootstrapcdn.com use.fontawesome.com www.product-config.net; worker-src 'self'; base-uri 'self'; form-action *; frame-ancestors 'self' *.youtube.com *.vimeo.com 1
frame-ancestors 'self' *.ftz.local *.ftzplus.dk localhost:*; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.christopherobin.com https://m.christopherobin.com https://checkout.christopherobin.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://apps.storystream.ai https://platform.twitter.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://ln-rules.rewardstyle.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self'  *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 1
default-src 'self'; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; font-src * data: 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ https://p.interacty.me/ https://cloud.ccm19.de https://matomo.volksoper.at https://connect.facebook.net https://www.facebook.com https://googleads.g.doubleclick.net https://td.doubleclick.net/ https://www.google.at https://www.google.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://socel.net; img-src 'self' https: data: blob: https://socel.net; style-src 'self' https://socel.net 'nonce-smobOtBcrWsvaETYzi0PIg=='; media-src 'self' https: data: https://socel.net; frame-src 'self' https:; manifest-src 'self' https://socel.net; form-action 'self'; child-src 'self' blob: https://socel.net; worker-src 'self' blob: https://socel.net; connect-src 'self' data: blob: https://socel.net https://cdn.masto.host wss://socel.net; script-src 'self' https://socel.net 'wasm-unsafe-eval' 1
base-uri 'self';default-src 'self';connect-src 'self' https://*.paypal.com https://*.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://checkout.stripe.com https://api.stripe.com https://matomo.ingenuitylite.com https://api.mews.com https://app.mews.com https://apps.mews.com https://www.facebook.com https://facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://app.launchdarkly.com https://events.launchdarkly.com https://*.sentry.io https://dc.services.visualstudio.com https://log-api.eu.newrelic.com https://mewsapps.blob.core.windows.net https://in.hotjar.com https://track.gaconnector.com https://bat.bing.com https://content.hotjar.io wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://scout.salesloft.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io;frame-ancestors https://emea.spatime.com;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://apps.mews.com https://mewsapps.blob.core.windows.net;frame-src 'self' https://assets.braintreegateway.com https://*.paypal.com https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vars.hotjar.com https://app.eventtemple.com https://pay.datatrans.com https://www.facebook.com;img-src 'self' data: https:;child-src 'self' https://assets.braintreegateway.com https://*.paypal.com blob:;script-src 'self' 'unsafe-eval' 'nonce-6d40849e47e201408204e4d943a73daa' 'strict-dynamic' https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com 'unsafe-inline' https://pay.google.com https://songbirdstag.cardinalcommerce.com https://checkout.stripe.com https://js.stripe.com https://matomo.ingenuitylite.com https://snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://api.mews.com https://app.mews.com https://apps.mews.com https://connect.facebook.net https://www.google-analytics.com https://cdn.heapanalytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://track.gaconnector.com https://maillist-manage.eu https://script.hotjar.com https://*.zoho.eu https://scout-cdn.salesloft.com https://pay.datatrans.com;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://mewsapps.blob.core.windows.net;style-src-attr 'self' 'unsafe-inline';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://www.paypal.com https://js.stripe.com https://matomo.ingenuitylite.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://api.mews.com https://app.mews.com https://apps.mews.com https://connect.facebook.net https://www.google-analytics.com https://cdn.heapanalytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://track.gaconnector.com https://maillist-manage.eu https://script.hotjar.com https://*.zoho.eu https://scout-cdn.salesloft.com https://pay.datatrans.com;worker-src 'self' blob:;media-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://blogscdn.thehut.net;report-uri https://csp.ingenuitylite.com/ajax/csp-report;report-to csp-endpoint 1
frame-ancestors 'self' v8.1c.ru; script-src 'self' 1c.ru *.1c.ru mc.yandex.ru www.google-analytics.com www.google.com www.gstatic.com api-maps.yandex.ru yastatic.net *.maps.yandex.net vk.com code.jquery.com yandex.st app.chaport.com app.chaport.ru call.chatra.io cdn-ru.bitrix24.ru 1csoft.bitrix24.ru www.googletagmanager.com www.youtube.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://analytics.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.express-med-service.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.express-med-service.ru wss://crm.express-med-service.ru https://yandex.ru/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.express-med-service.ru https://emlru.webim.ru wss://crm.express-med-service.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.express-med-service.ru wss://crm.express-med-service.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.express-med-service.ru wss://crm.express-med-service.ru https://marketplace.1c-bitrix.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:*; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://www.1c-bitrix.ru https://crm.express-med-service.ru wss://crm.express-med-service.ru https://bitrix.info; 1
default-src https: ws: blob: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.supervalu.com supervalu.com *.svharbor.com svharbor.com *.unfi.com unfi.com *.myunfi.com myunfi.com 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' https://f.invest.gov.tr https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self'; connect-src 'self' *.google-analytics.com https://cdn.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com *.analytics.google.com *.googletagmanager.com www.google-analytics.com https://*.addthis.com; frame-src 'self' *.eurolandir.com *.euroland.com www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googleadservices.com https://www.google.com snap.licdn.com https://*.facebook.net https://*.hotjar.com https://www.youtube.com *.googletagmanager.com use.fontawesome.com www.google-analytics.com https://www.youtube-nocookie.com https://addthisevent.com https://*.addthisevent.com https://*.addevent.com www.gstatic.com www.google.com graph.facebook.com www.linkedin.com https://*.addthis.com https://*.addthisedge.com; font-src 'self' https://fast.fonts.net https://use.fontawesome.com data:; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fast.fonts.net; img-src 'self' https://www.facebook.com https://px.ads.linkedin.com https://*.cloudfront.net *.google-analytics.com *.googletagmanager.com https://*.cdninstagram.com *.fbcdn.net external.xx.fbcdn.net http://pbs.twimg.com media.licdn.com i.ytimg.com scontent.xx.fbcdn.net image-store.slidesharecdn.com www.google-analytics.com https://addevent.com https://*.addevent.com data:; 1
default-src 'self'; connect-src 'self' www.google-analytics.com https://*.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com www.google-analytics.com ajax.googleapis.com https://ssl.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' fonts.gstatic.com; report-uri https://www.cst-group.com/csp-rep/; img-src 'self' https://*.google-analytics.com www.googletagmanager.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; 1
frame-ancestors 'self' http://my-account.healthlabs.local 1
font-src 'self' data: *.4flow.cloud  https://fonts.gstatic.com; frame-src 'self' data: *.4flow.cloud ; frame-ancestors 'self' *.4flow.cloud ; connect-src 'self' *.4flow.cloud *.4flow.net https://stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.4flow.cloud https://www.google-analytics.com; img-src 'self' data: *.4flow.cloud *.4flow.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.4flow.cloud https://fonts.googleapis.com; default-src 'self' blob: *.4flow.cloud https://www.google.com https://www.youtube.com;, 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.googletagmanager.com cdn.cookielaw.org feed.4wnet.com *.googleadservices.com googleads.g.doubleclick.net *.youtube.com code.jquery.com developers.google.com www.clarity.ms *.clarity.ms https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/js/bootstrap.bundle.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com/bat.js *.containers.piwik.pro https://sace.intervieweb.it https://bat.bing.com/p/action/25001665.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://foq.youreurope.europa.eu/widget/sdg-foq-widget.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.hotjar.com https://script.hotjar.com 'self' *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com feed.4wnet.com cdn.cookielaw.org/consent/ https://cdn.jsdelivr.net/npm/bootstrap@4.1.3/dist/css/bootstrap.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.dec.sitefinity.com feed.4wnet.com cdn.cookielaw.org *.google.com *.google.it *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it https://img.youtube.com/ googleads.g.doubleclick.net *.clarity.ms *.bing.com https://px.ads.linkedin.com/collect ad.doubleclick.net 'self' *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 9331851.fls.doubleclick.net https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it *.treedom.net https://8232243.fls.doubleclick.net/ https://td.doubleclick.net/ https://sace.intervieweb.it/ 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com stats.g.doubleclick.net *.clarity.ms https://cdn.linkedin.oribi.io/partner/1654324/domain/sacesimest.it/token *.piwik.pro https://bat.bing.com/actionp/0 https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://cdn.linkedin.oribi.io/partner/1654324/domain/sace.it/token ad.doubleclick.net https://px.ads.linkedin.com/wa/ wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io 'self' forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.googletagmanager.com https://feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 'self' web-chat.nativechat.com; form-action cdn.cookielaw.org code.jquery.com *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it *.twitter.com *.fls.doubleclick.net 'self'; frame-ancestors https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com *.sace.it *.sacesimest.it *.simest.it *.sacebt.it *.sacefct.it *.sacesrv.it *.isace.it SCRMIPSSS01.isace.it 'self'; object-src feed.4wnet.com https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' data: blob:; 1
frame-ancestors 'self' https://www.percentil.com; 1
default-src 'self' https://apps.sitecore.net *.verndale-local.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eloqua.com *.brightcove.com *.brightcove.net vjs.zencdn.net https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/normalize/2.1.0/normalize.css https://player.vimeo.com/api/  *.googletagmanager.com *.google-analytics.com *.google.com *.jquery.com *.jsdelivr.net *.bootstrapcdn.com *.brightcove.net *.adobedtm.com *.licdn.com *.hsleadflows.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.newrelic.com *.adobedtm.com *.haemonetics.com *.verndale-local.com *.loxi.io *.hsforms.net *.usemessages.com *.hubspot.com *.oribi.io *.matomo.cloud;     img-src 'self' blob: data:  *.boltdns.net *.akamaihd.net *.brightcove.com *.hubspot.com thomsonreuterscorporategroupweb *.adsymptotic.com *.avanan.click http: https:;      style-src 'self' 'unsafe-inline' players.brightcove.net https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/normalize/2.1.0/normalize.css;      font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.brightcove.com *.akamaihd.net *.boltdns.net;      connect-src 'self' *.akamaihd.net *.boltdns.net *.brightcove.com https://vimeo.com/api/ *.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.gcs-web.com *.demdex.net *.nr-data.net *.hubapi.com *.hsforms.com *.hsforms.net *.usemessages.com *.hubspot.com *.oribi.io *.matomo.cloud *.sitecorecloud.io *.ipify.org;     media-src 'self' blob: data: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.haemonetics.com *.verndale-local.com;     child-src 'self' 'unsafe-inline';      upgrade-insecure-requests;       block-all-mixed-content;      worker-src blob:;     frame-src blob: data: players.brightcove.net https://player.vimeo.com/video/ *;  1
default-src 'self' https://*.clarity.ms https://c.bing.com https://api2.branch.io https://*.bestshopping.com www.pointer.it https://*.ipqualityscore.com https://cdn.branch.io *.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://js.tncid.app https://px.tncid.app https://bd.tncid.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://js.tncid.app/tnc.min.js https://js.tncid.app/tnc.js https://js.tncid.app/01_adform.js https://js.tncid.app/06_pubmatic.js https://js.tncid.app/09_nielsen.js https://app.link https://cdn.branch.io https://optimize.google.com https://www.ipqualityscore.com https://www.dwin2.com https://tm.tradetracker.net/conversion https://*.hotjar.com https://*.hotjar.io https://ad.zanox.com/ppl/ https://action.metaffiliation.com https://*.bestshopping.com seal.godaddy.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://d1op479sbjfgkw.cloudfront.net https://d131uo10gdublu.cloudfront.net https://connect.facebook.net https://platform.twitter.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net; img-src * data:; style-src 'self' 'unsafe-inline' https://*.bestshopping.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://*.bestshopping.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.io  data:; frame-src *; object-src 'self' https://*.bestshopping.com; child-src https://*.bestshopping.com https://*.hotjar.com https://*.hotjar.io; 1
default-src *.gsa-online.de; img-src 'self' data:; script-src *.gsa-online.de polyfill.io 'unsafe-inline'; style-src *.gsa-online.de 'unsafe-inline'; frame-src *.gsa-online.de *.youtube.com *.youtube-nocookie.com *.2checkout.com *.avangate.com *.images.v-cdn.net *.ytimg.com; frame-ancestors *.gsa-online.de 'self' 1
default-src 'self'; script-src 'self' 'nonce-L17/w+rNMHC+fOZ9DptSpde24WSl5NNvbPnOuNe8Ai0=' 'unsafe-inline'  'strict-dynamic' https: http:; child-src 'self' https://www.google.com https://player.vimeo.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com;   img-src 'self' data: https://beacon-v2.helpscout.net/ https://api.adventistgiving.org; connect-src 'self' https://api.adventistgiving.org https://fonts.gstatic.com https://fonts.googleapis.com https://*.cloudfront.net https://www.gstatic.com https://vimeo.com https://beaconapi.helpscout.net https://beacon-v2.helpscout.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-ancestors 'none'; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.gaokao.cn *.eol.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
media-src 'self' https:; img-src 'self' https://script.hotjar.com http://script.hotjar.com data: https:; font-src 'self' data: *.googleapis.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https:; default-src 'none'; connect-src 'self' http://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https:; child-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com data: https:; object-src 'self' blob:; frame-ancestors https://*.tepapa.govt.nz https://nzbirdsonline.org.nz; frame-src 'self' www.google.com https://vars.hotjar.com 1
frame-ancestors 'self' https://*.adobecqms.net https://*.ceros.com https://*.vonageforhome.com 1
base-uri 'self' stat.spftech.net;media-src 'self';script-src 'nonce-HU8TfvA7408r5o48hLzwXbh6Vyjg8V3d' 'unsafe-eval' *.stephaneplazaimmobilier.com *.stephaneplazaimmobilier.local *.spipreprod.com maps.googleapis.com connect.facebook.net connect.facebook.com *.spftech.net cdn.jsdelivr.net www.clarity.ms platform.twitter.com www.cityscan.fr fonts.googleapis.com *.google-analytics.com *.googletagmanager.com;style-src *.stephaneplazaimmobilier.com *.spipreprod.com *.stephaneplazaimmobilier.local cdn.quilljs.com *.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com stat.spftech.net unpkg.com 'unsafe-inline' fonts.googleapis.com;form-action 'self' stephaneplazaimmobilier.com spipreprod.com stephaneplazaimmobilier.local www.facebook.com;img-src 'self' * data: https: blob: www.googletagmanager.com;font-src 'self' *.fontawesome.com cdn.jsdelivr.net stat.spftech.net data: unpkg.com fonts.gstatic.com;connect-src 'self' *.stephaneplazaimmobilier.com *.spipreprod.com maps.googleapis.com *.clarity.ms stat.spftech.net *.geoimmo.com www.facebook.com *.google-analytics.com *.doubleclick.net;object-src 'none';frame-ancestors 'none' 1
script-src 'nonce-hRgNQtcw0XSJIOmg/qAzGf8i7do=' 'strict-dynamic' 'self'; base-uri 'self'; object-src 'self'; 1
default-src 'self' *.i20webservices.saem.org *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com *.cloudflare.com *.googletagmanager.com *.issuu.com code.jquery.com *.doubleclick.net *.googlesyndication.com https://securepubads.g.doubleclick.net/tag/js/gpt.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.googlesyndication.com *.libsyn.com; media-src 'self' data: blob: https://www.youtube.com *.libsyn.com; frame-src 'self' https://i20webservices.saem.org/ *.youtube.com *.twitter.com *.issuu.com *.soundcloud.com *.vimeo.com *.google.com *.issuu.com https://jsfiddle.net *.googlesyndication.com *.libsyn.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.fontawesome.com; 1
frame-ancestors 'self' https://www.letsbuild.com; 1
frame-ancestors 'self' https://*.protocommunications.com; 1
default-src 'self' data: ;   connect-src 'self' data: https: wss: ;   font-src 'self' data: chrome-extension: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'inline' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' about: https: data: ;   style-src 'self' 'inline' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: data: ;   style-src-attr 'self' 'unsafe-inline' https: ;   media-src: 'self' data: https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https: ;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.stripe.com https://*.stripe.network https://m.stripe.network  https://*.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://www.mappila.com https://*.tutorhunt.com https://*.googleapis.com www.google-analytics.com https://maps.google.com  s3.amazonaws.com https://*.cardinalcommerce.com https://*.us-east-1.amazonaws.com; object-src 'self' s3.amazonaws.com; style-src 'unsafe-inline' 'self' s3.amazonaws.com https://*.googleapis.com https://www.mappila.com; img-src 'self' data: https://optimize.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com www.google-analytics.com maps.google.com openlayers.org https://openlayers.org https://www.mappila.com data: https://*.tile.openstreetmap.org https://*.google.com https://*.googleapis.com; media-src https://*.tutorhunt.com 'self'; frame-src 'self' https://*.stripe.com https://*.stripe.network https://www.youtube.com https://*.cardinalcommerce.com; font-src 'self' https://*.tutorhunt.com https://fonts.gstatic.com; connect-src 'self' https://*.cardinalcommerce.com https://*.stripe.com https://*.us-east-1.amazonaws.com; 1
frame-ancestors 'self' fiixsoftware.com *.fiixsoftware.com; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.db.de https://*.deutschebahn.com; img-src 'self'; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; default-src 'self' deutschebahn.com *.db.de; connect-src 'self' ws://localhost:* stations.db-app.de https://dbwas.service.deutschebahn.com; frame-src 'self' https://*.bahn.de https://*.deutschebahn.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' deutschebahn.com https://dbwas.service.deutschebahn.com 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: http://*.tempest.sk/  https:;  font-src 'self' https:; connect-src 'self' https:; frame-src https:; base-uri 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://www.tempest.sk https://fonts.googleapis.com; media-src 'self' https: http:; form-action 'self' tempest.sk 1
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 1
frame-ancestors 'self' resources.businessolver.com; 1
default-src 'none'; base-uri 'none'; form-action 'self'; connect-src https://*.freebsdbrasil.com.br https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-fbsdbr2018' 'unsafe-inline' http: https:; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; frame-ancestors 'none'; report-uri https://freebsdbrasil.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src 'self'; style-src *.dbankcdn.cn 'self' 'unsafe-inline' *.dbankcdn.com ; script-src *.dbankcloud.cn *.dbankcloud.com *.dbankcdn.cn 'self' 'sha256-Y6kphufA9QVqszieQPKViDMgy9L8lFm9m0fbQ8FA0v8=' *.cloud.huawei.com *.dbankcdn.com ; connect-src *.dbankcdn.cn *.dbankcloud.cn 'self' *.dbankcdn.com *.map.dbankcloud.com *.hicloud.com:*; img-src *.dbankcdn.cn 'self' data: blob: *.dbankcdn.com  *.myhuaweicloud.com; worker-src 'self' blob:; frame-src 'self' *.dbankcdn.com privacy.consumer.huawei.com privacy-cn.hwcloudtest.cn:40443; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' i0.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.smooch.io *.hotjar.com *.onetrust.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net *.contentsquare.net unpkg.com www.tag4arm.com connect.facebook.net logx.optimizely.com *.mention-me.com tag.mention-me.com cdn-pci.optimizely.com dxcdkie9wax5t.cloudfront.net analytics.freespee.com widget.trustpilot.com www.googletagmanager.com static.zdassets.com v2.zopim.com ajax.googleapis.com cdnjs.cloudflare.com cdn.datatables.net script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; font-src data: 'self' *.hotjar.com fonts.gstatic.com; img-src data: blob: 'self' ad.doubleclick.net *.hotjar.com s.w.org ps.w.org *.onetrust.com *.google.lk *.google.co.uk staysure.zendesk.com staysureavanti.zendesk.com *.contentsquare.net www.facebook.com bat.bing.com www.google.com  www.google-analytics.com www.googletagmanager.com www.google.ie d1iztds5glgmc8.cloudfront.net *.gravatar.com 0.gravatar.com www.w3.org *.wp.com c.bing.com script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; connect-src 'self' wss://api.smooch.io *.googlesyndication.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com bat.bing.com *.google.com *.onetrust.com *.optimizely.com bat.bing.com analytics.google.com staysureavanti.zendesk.com www.facebook.com *.contentsquare.net www.tag4arm.com tag.mention-me.com widget-mediator.zopim.com ekr.zdassets.com wss://widget-mediator.zopim.com logx.optimizely.com stats.g.doubleclick.net region1.analytics.google.com www.google.ie script.infinity-tracking.com *.infinity-tracking.com ict.infinity-tracking.net; worker-src 'self' blob: data: 1
default-src 'self' *.nsoit.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.nsoit.com nsoit.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com; 1
frame-ancestors https://www.buhl.de https://steuer-web.de https://www.steuer-web.de https://www.altbayerischer.de https://www.aktuell-verein.de 1
default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com/ https://cdn.quantummetric.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://bat.bing.com https://www.google.com https://www.gstatic.com https://*.azureedge.net/ https://*.dynamics.com; frame-ancestors 'none' 1
default-src 'self'; img-src 'self' * data:; media-src s3.eu-central-1.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' js.chargebee.com upag.chargebee.com fonts.googleapis.com unaparolaalgiorno.it; script-src 'self' 'self' cdn.unaparolaalgiorno.it *.upag.it 'unsafe-inline' 'unsafe-eval' unaparolaalgiorno.it polyfill.io sentry.io o411862.ingest.sentry.io *.sentry-cdn.com *.fontawesome.com unpkg.com cdn.jsdelivr.net static.cloudflareinsights.com *.cloudflare.com connect.facebook.net stats.g.doubleclick.net fonts.gstatic.com cdn.ampproject.org js.chargebee.com; connect-src unaparolaalgiorno.it v3.unaparolaalgiorno.it cdn.unaparolaalgiorno.it *.upag.it sentry.io *.fontawesome.com unpkg.com o411862.ingest.sentry.io stats.g.doubleclick.net s3.eu-central-1.amazonaws.com connect.facebook.net cdn.ampproject.org *.ampproject.net adservice.google.com pagead2.googlesyndication.com; form-action 'self'; frame-ancestors 'none'; font-src 'self' unaparolaalgiorno.it fonts.gstatic.com; frame-src js.chargebee.com upag.chargebee.com googleads.g.doubleclick.net open.spotify.com; object-src 'none'; base-uri unaparolaalgiorno.it 1
report-uri https://rcdow.org.uk 1
connect-src 'self' *.ingest.sentry.io cdn.usefathom.com;font-src 'self';media-src 'self' res.cloudinary.com data: blob:;img-src 'self' data: res.cloudinary.com cdn.usefathom.com;frame-src 'self' player.cloudinary.com www.riddle.com;script-src 'strict-dynamic' 'unsafe-eval' 'self' cdn.usefathom.com 'nonce-b958f36dfda6ec9ade5a76b4eeea2118';script-src-attr 'nonce-b958f36dfda6ec9ade5a76b4eeea2118';frame-ancestors 'self' app.contentful.com;default-src 'self';base-uri 'self';form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' http://www.iffas.org; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://*.gstatic.com/ 1
frame-ancestors 'self' *.planmanager.na.solera.world; 1
default-src 'self' *.lr.edu lr.edu youtu.be *.youtu.be www.youtu.be.com www.youtube.com youtube.com *.youtube.com ytimg.com *.ytimg.com cse.google.com csp.withgoogle.com www.google-analytics.com *.g.doubleclick.net apply-lr-edu.cdn.technolutions.net *.adsrvr.org *.adroll.com *.facebook.com *.jotform.com js.stripe.com www.facebook.com app.smartsheet.com d.adroll.com *.cloudtables.io *.cloudtables.com *.infogram.com *.cloudtables.io *.mktoutil.com widgets.jotform.io *.jotform.io; script-src 'self' *.lr.edu lr.edu 'unsafe-inline' 'unsafe-eval' *.technolutions.net googletagmanager.com google.com *.google-analytics.com *.googletagmanager.com *.google.com googleads.g.doubleclick.com googleads.g.doubleclick.net partner.googleadservices.com code.jquery.com cdn.jsdelivr.net script.hotjar.com static.hotjar.com connect.facebook.net *.adroll.com *.smtrk.net *.monsido.com  youtu.be *.youtu.be *.adsrvr.org *.adsrvr.com *.adsrvr.net cbe.capturehighered.net https://mx.technolutions.net bma.nr-data.net *.newrelic.com *.smtrk.net form.jotform.com *.jotfor.ms *.stripe.com cdnjs.cloudflare.com *.33.across.com *.googleadservices.com doublethedonation.com lex.33across.com cognitoforms.com script.hotjar.com bam.nr-data.net *.cognitoforms.com www.youtube.com youtube.com *.youtube.com *.ytimg.com ytimg.com unpkg.com app.smartsheet.com app-script.monsido.com *.facebook.net *.newrelic.com google.co.id google.ee *.cloudtables.io *.cloudtables.com *.infogram.com *.cloudtables.io *.marketo.net widgets.jotform.io *.jotform.; object-src 'self' *.lr.edu lr.edu; style-src 'self' *.lr.edu lr.edu www.google.com 'unsafe-inline' use.typekit.net p.typekit.net fw.cdn.technolutions.net slate-technolutions-net.cdn.technolutions.net *.jotfor.ms doublethedonation.com *.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com *.cloudtables.io *.cloudtables.com *.infogram.com app.smartsheet.com widgets.jotform.io *.jotform.io cdn.honey.io data:; img-src https://* data:; media-src 'self' *.lr.edu lr.edu; frame-src 'self' *.lr.edu lr.edu youtu.be *.youtu.be ytimg.com *.ytimg.com *.adsrvr.org jotform.com *.jotform.com submit.jotform.com js.stripe.com apply.lr.edu facebook.com youtube.com www.youtube.com *.youtube.com cse.google.com *.doubleclick.net app.smartsheet.com *.google.com submit.jotform.com *.cloudtables.io *.cloudtables.com *.infogram.com www.adsensecustomsearchads.com widgets.jotform.io *.jotform.io; child-src 'self' *.lr.edu lr.edu; font-src 'self' *.lr.edu lr.edu 'unsafe-inline' use.typekit.net *.jotfor.ms doublethedonation.com data: fonts.gstatic.com *.cloudtables.io *.cloudtables.com *.infogram.com; connect-src 'self' *.lr.edu lr.edu mx.technolutions.net youtu.be *.youtu.be www.google-analytics.com googleapis.com *.googleapis.com www.google.com stats.g.doubleclick.net content.hotjar.io *.hotjar.io *.adroll.com doublethedonation.com wsp33.hotjar.com *.jotform.com in.hotjar.com *.hotjar.com *.stripe.com stripe.com apply-lr-edu.cdn.technolutions.net cbe.capturehighered.net bam.nr-data.net *.cognitoforms.com csp.withgoogle.com www.facebook.com studio.afw.mdl.io adservice.google.com *.googlesyndication.com *.google-analytics.com *.monsido.com wss://ws.hotjar.com fw.cdn.technolutions.net facebook.com *.facebook.com instagram.com *.cloudtables.io *.cloudtables.com *.infogram.com *.instagram.com data:* *.mktoresp.com *.mktoutil.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.force.com 1
default-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' hello.myfonts.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; 1
default-src data: https: 'self' *.swiftmedical.com swiftmedical.com *.hubspot.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
style-src 'self' https://www.youraccessone.com https://youraccessone.com  https://js-agent.newrelic.com https://cdn.walkme.com https://pciapply.com 'unsafe-inline';script-src 'self' https://youraccessone.com https://www.youraccessone.com https://h.online-metrix.net https://cdn.walkme.com https://playerserver.walkme.com  https://js-agent.newrelic.com https://pciapply.com 'unsafe-eval' 'unsafe-inline';form-action 'self' https://pciapply.com; 1
frame-ancestors https://*.guide-piscine.fr; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com ajax.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.youtube.com *.ytimg.com bat.bing.com cdn.ywxi.net seal.websecurity.norton.com www.googletagmanager.com secure-ds.serving-sys.com bs.serving-sys.com use.fontawesome.com maxcdn.icons8.com cdnjs.cloudflare.com *.braintreegateway.com *.paypal.com *.paypalobjects.com connect.facebook.net *.g.doubleclick.net *.amazonaws.com *.mcafeesecure.com *.olark.com cc.cdn.civiccomputing.com *.trustedsite.com *.matomo.cloud *.app-us1.com trackcmp.net cdn-web.vtp-media.com web.vtp-media.com diffuser-cdn.app-us1.com prism.app-us1.com *.zohopublic.com *.zohostatic.com *.zohocdn.com salesiq.zoho.com;frame-ancestors 'self' https://leapfrogbabycare.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://plausible.io https://challenges.cloudflare.com; connect-src https://plausible.io; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self' https://*.kystverket.no https://challenges.cloudflare.com 1
script-src 'unsafe-inline' sc.lfeeder.com cdn.outfunnel.com *.awswaf.com 0057854aee0b.dd395619.eu-central-1.captcha.awswaf.com 0057854aee0b.dd395619.eu-central-1.token.awswaf.com googleads.g.doubleclick.net cdnjs.cloudflare.com snap.licdn.com connect.facebook.net www.clarity.ms www.google-analytics.com www.googleadservices.com script.crazyegg.com www.googletagmanager.com cdn-cookieyes.com particleslider.com www.gstatic.com bam.eu01.nr-data.net yalantis.com www.google.com/recaptcha/api.js js-agent.newrelic.com js.sentry-cdn.com browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com; frame-src td.doubleclick.net www.facebook.com www.google.com youtube.com www.youtube.com player.vimeo.com; worker-src blob: 1
default-src 'self' *.ib.de *.internationaler-bund.de ib-redaktion-staging.rmsdev.de;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.internationaler-bund.de *.ib.de ib-redaktion-staging.rmsdev.de *.cookiebot.com altruja.de *.altruja.de *.readspeaker.com *.freiwillig24.de *.emailsys1c.net *.unpkg.com unpkg.com flockler.com *.flockler.com *.fundraisingbox.com;  worker-src blob:;  img-src 'self' data: *.ytimg.com *.emailsys1c.net *.internationaler-bund.de *.ib.de ib-redaktion-staging.rmsdev.de *.cookiebot.com www.entwicklungsdienst.de *.altruja.de *.openstreetmap.org *.twimg.com flockler.com *.flockler.com *.cdninstagram.com *.fbcdn.net *.fundraisingbox.com;   style-src 'self' 'unsafe-inline' *.readspeaker.com *.freiwillig24.de *.emailsys1c.net;  font-src 'self' data:;  media-src 'self' *.flockler.com *.twimg.com;  object-src 'self';  connect-src 'self' *.internationaler-bund.de *.ib.de *.altruja.de *.cookiebot.com *.friendlycaptcha.eu *.readspeaker.com *.openstreetmap.org formbuilder.online *.flockler.com *.flockler.app;  frame-ancestors 'self' https://ibiks.ibrz.de ;  frame-src 'self' *.cookiebot.com *.youtube-nocookie.com fonts.gstatic.com googleapis.com www.google.com *.emailsys1c.net freiwillig24.de *.emailsys1a.net *.altruja.de flockler.com *.flockler.com *.cloudflarestream.com *.freiwillig24.de *.fundraisingbox.com;  1
font-src 'self' *.smartkarma.com smartkarma.com cdn.embedly.com fonts.gstatic.com js.intercomcdn.com assets.smartkarma.com data:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartkarma.com smartkarma.com *.youtube.com *.gstatic.com *.ytimg.com js.hs-scripts.com js.hs-analytics.net *.adroll.com *.pusher.com *.google-analytics.com cdn.jsdelivr.net  www.googletagmanager.com *.adobe.com widget.intercom.io js.intercomcdn.com documentcloud.adobe.com js.hsforms.net forms.hubspot.com *.hsforms.com cdn.embedly.com connect.facebook.net *.google.com *.symphony.com symphony.com *.stripe.com *.facebook.com *.pinterest.com *.hsadspixel.net *.hsleadflows.net *.googleadservices.com *.licdn.com *.doubleclick.net ajax.googleapis.com blob: source.zoom.us zoom.us cdn.firstpromoter.com static.ads-twitter.com analytics.twitter.com app.botsify.com *.amazonaws.com *.getsitecontrol.com s3.tradingview.com; style-src 'self' 'unsafe-inline' *.smartkarma.com smartkarma.com *.googleapis.com cdn.embedly.com *.stripe.com optimize.google.com www.googletagmanager.com accounts.google.com *.amazonaws.com; frame-ancestors 'self' *.symphony.com symphony.com https://*; 1
font-src *.globalpay.com https://fonts.gstatic.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com https://hps.github.io https://api2.heartlandportico.com self api2.heartlandportico.com *.google.com/ *.meetanshi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.globalpay.com https://hps.github.io https://api2.heartlandportico.com www.facebook.com www.google.co.in m.media-amazon.com api2.heartlandportico.com https://theme.co https://www.magezon.com *.meetanshi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://hps.github.io https://api2.heartlandportico.com *.github.io *.facebook.net acp-magento.appspot.com *.cloudflare.com cdn.jsdelivr.net s7.addthis.com *.avada.io *.google.com/ *.meetanshi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.cloudflare.com *.datatables.net cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.basc.org.uk; connect-src 'self' *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com https://my.yoast.com https://*.vimeo.com https://scd.blazefuture.wpengine.com https://members-api.parliament.uk https://nominatim.openstreetmap.org; font-src 'self' data: *.basc.org.uk *.bootstrapcdn.com *.google-analytics.com *.google.com *.gstatic.com *.paypalobjects.com *.twitter.com *.wpmudev.org *.youtube.com data https://use.fontawesome.com; form-action 'self' *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com https://basc.us13.list-manage.com  https://www.facebook.com https://www.paypal.com https://www.sional.co.uk; frame-ancestors 'self'; frame-src 'self' *.basc.org.uk *.mapbox.com https://www.facebook.com *.cloudfront.net *.google-analytics.com *.google.com https://basc.adventcalendaronline.com/ *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://staticxx.facebook.com https://w.soundcloud.com https://www.facebook.com https://www.media.volvocars.com https://www.sional.co.uk https://wp-themes.com/ https://www.buzzsprout.com/ https://library.elementor.com/ https://js.gleam.io https://gleam.io/; img-src 'self' blob: *.basc.org.uk https://ps.w.org https://yoast.com https://yoa.st *.facebook.com *.google-analytics.com *.google.com *.googleapis.com/ *.gstatic.com *.openstreetmap.org *.paypalobjects.com *.twimg.com *.twitter.com *.wpmudev.org *.youtube.com *.ytimg.com data: https://badges.instagram.com https://s.w.org https://stats.g.doubleclick.net https://basc.org.uk https://secure.gravatar.com https://ts.w.org/ https://library.elementor.com/ https://members-api.parliament.uk https://www.google.co.uk/ https://js.gleam.io/; media-src 'self'  *.basc.org.uk *.google-analytics.com *.google.com *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://www.sional.co.uk; object-src 'self'  *.basc.org.uk *.cloudfront.net *.google-analytics.com *.google.com *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://www.sional.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.angularjs.org/ *.basc.org.uk *.cloudfront.net *.facebook.net *.google-analytics.com *.google.com *.gstatic.com *.jquery.com *.twitter.com *.wpmudev.org *.youtube.com ajax.googleapis.com apis.google.com https://yoast.com maps.googleapis.com https://*.vimeo.com https://basc.us13.list-manage.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://onesignal.com https://s3.amazonaws.com https://scd.blazefuture.wpengine.com/ https://secure.comodo.com https://sucuri.net https://www.googleapis.com https://www.jqueryscript.net https://www.moonmodule.com https://www.paypal.com https://www.sional.co.uk https://cdn.jsdelivr.net https://www.googletagmanager.com https://basc.org.uk https://www.buzzsprout.com/ https://googleads.g.doubleclick.net/ https://nominatim.openstreetmap.org/ https://widget.gleamjs.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.basc.org.uk *.bootstrapcdn.com *.cloudfront.net *.google.com *.googleapis.com *.gunstar.co.uk *.paypalobjects.com *.twimg.com/ *.twitter.com *.wpmudev.org *.youtube.com https://*.vimeo.com https://cdn-images.mailchimp.com https://sucuri.net https://www.sional.co.uk https://use.fontawesome.com https://cdnjs.cloudflare.com/; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ursal.zone; img-src 'self' https: data: blob: https://ursal.zone; style-src 'self' https://ursal.zone 'nonce-GMjpvrGqnilVN1a6qHEFIw=='; media-src 'self' https: data: https://ursal.zone; frame-src 'self' https:; manifest-src 'self' https://ursal.zone; form-action 'self'; child-src 'self' blob: https://ursal.zone; worker-src 'self' blob: https://ursal.zone; connect-src 'self' data: blob: https://ursal.zone https://cdn.masto.host wss://ursal.zone; script-src 'self' https://ursal.zone 'wasm-unsafe-eval' 1
default-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; font-src 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; manifest-src 'self'; img-src 'self' data: https: blob:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css; script-src 'self' 'nonce-ZTZlMDM0NDYtODJiOS00ZGExLWE4NjQtZjRhZDZmMTgyZTU1' 'unsafe-eval' https://challenges.cloudflare.com/ https://cdn.onesignal.com/sdks/ https://onesignal.com/api/v1/; child-src 'self' https://auth.privy.io https://privy.friend.tech https://verify.walletconnect.com https://verify.walletconnect.org blob:; frame-src 'self' https://auth.privy.io https://privy.friend.tech https://verify.walletconnect.com https://verify.walletconnect.org https://challenges.cloudflare.com/; connect-src 'self' data: https://auth.privy.io https://privy.friend.tech wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css https://prod-api.kosetto.com wss://prod-api.kosetto.com https://friendtech-chat-media-prod.s3.us-east-1.amazonaws.com/ https://onesignal.com/api/v1/ https://mainnet.base.org https://cdn.onesignal.com/sdks/ https://challenges.cloudflare.com/ https://cloudflare-eth.com/ https://api.coingecko.com https://*.amplitude.com https://*.cloudfront.net/ https://*.twimg.com/ https://sentry.io/ *.infura.io *.blastapi.io https://translate.google.com/ https://explorer-api.walletconnect.com; report-uri https://o4506186031235072.ingest.sentry.io/api/4506186032939008/security/?sentry_key=189659da8df9c7aa64e94e03f134b058; 1
style-src 'self' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-fba24ba5-1071-4657-b871-48287e11f01f' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.finam.dev https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://mc.yandex.ru https://*.jquery.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.datatables.net https://www.google.com https://www.gstatic.com ; style-src 'self' 'unsafe-inline' https://*.finam.ru https://*.bootstrapcdn.com https://*.datatables.net https://*.whotrades.com https://whotrades.com https://*.googleapis.com; frame-src  'self' https://*.finam.dev https://*.finam.ru https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://coreapp.ai https://*.coreapp.ai https://mc.yandex.ru https://www.google.com https://www.youtube.com https://rutube.ru https://vk.com; connect-src 'self' ws: wss://whotrades.com https://*.finam.ru https://limex.com https://limex.me https://*.whotrades.net https://*.whotrades.com  https://whotrades.com https://*.j2t.com https://*.just2trade.com https://mc.yandex.ru https://mc.yandex.md https://mc.yandex.com https://coreapp.ai https://fin-masters.ru ; img-src 'self' data: https://*.yandex.net https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://*.ytimg.com https://mc.yandex.ru https://www.gstatic.com https://*.amazonaws.com; font-src 'self' https://*.finam.ru https://fonts.gstatic.com https://yastatic.net; object-src 'none'; report-uri https://str.finam.ru/api/23/security/?sentry_key=fe9f28263f094167b5cfa62b358185d3&sentry_environment=prod_finms 1
frame-ancestors gbaships.org *.gbaships.org bryan.nz 1
default-src 'self' https://use.fontawesome.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://payment.paydmeth.com/apple-pay https://pay.google.com https://google.com/pay 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-eval'; frame-src * 1
report-uri /tpicap/report-csp-violation; upgrade-insecure-requests 1
default-src https: mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' data: https://piwik.bzga.de 1
frame-ancestors https://www.generali.rs https://generali.rs https://kupipolisu.rs 1
default-src https://gbe-bund.de https://www.gbe-bund.de 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.ajax.googleapis.com netdna.bootstrapcdn.com *.netdna.bootstrapcdn.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com challenges.cloudflare.com *.challenges.cloudflare.com cookiefirst.com doctena.com *.doctena.com doctena.de *.doctena.de doubleclick.net *.doubleclick.net facebook.net *.facebook.net google.com *.google.com cdn.jsdelivr.net *.cdn.jsdelivr.net stripe.com *.stripe.com ajax.cloudflare.com *.cookiefirst.com matomo.cloud *.matomo.cloud gstatic.com *.gstatic.com jquery.com *.jquery.com zdassets.com *.zdassets.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=gQwaIYCWkOwItpz8LMdUBS2qytp25V8yjKz60tk.jwU-1705981254-1-AeCLsqxP5hZO1Mrk7CpP2-6XSf2dhl5M8ZEDlDS4G_Yj6E-lAn9YjhpmTVLcIlqOkbt3IcERssJvlL3-PBpIpxud_RNSZMBrkQGWOGMYAaEwSOLt29nBhciwWZvt8W-zRK3R6Tv2KnF685kxCOQP_CZLBisFh6_96M-1ngOTwO94bG-rYZz-Mwl4FFFfBkSSDt7qyXOAcYl_NQ4iqdCLnLE; report-to cf-mefcsweagfunyabb 1
default-src 'self' www.facebook.com player.vimeo.com gcs-vimeo.akamaized.net vod-progressive.akamaized.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' use.typekit.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com analytics.google.com maps.googleapis.com connect.facebook.net www.facebook.com cdn.cookielaw.org www.googleadservices.com https://*.crazyegg.com https://appds8093.blob.core.windows.net; connect-src 'self' cdn.cookielaw.org www.google-analytics.com analytics.google.com www.facebook.com https://*.onetrust.com https://*.mapbox.com https://*.tiles.mapbox.com https://*.bugsnag.com https://*.crazyegg.com https://*.g.doubleclick.net https://appds8093.blob.core.windows.net; img-src 'self' data: blob: p.typekit.net www.facebook.com connect.facebook.net www.google-analytics.com analytics.google.com www.googletagmanager.com nolocdnv.azureedge.net cdn.cookielaw.org https://*.mapbox.com https://*.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://*.mapbox.com https://*.typekit.net https://appds8093.blob.core.windows.net; font-src 'self' data: use.typekit.net fonts.gstatic.com https://appds8093.blob.core.windows.net; manifest-src 'self'; frame-src 'self' www.googletagmanager.com www.facebook.com; child-src blob:; worker-src blob:; report-uri https://bubbas33.report-uri.com/r/d/csp/enforce 1
default-src 'self'; form-action 'self' https: *.spelpaus.se; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://api.screen9.com https://spelinspektionen.screen9.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://www.youtube.com; img-src 'self' data: https://our.umbraco.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://i.ytimg.com https://dashboard.umbraco.com; font-src 'self'; connect-src 'self' https://our.umbraco.com https://www.youtube.com https://www.google-analytics.com https://*.googlevideo.com; 1
default-src 'none'; object-src 'none'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'wasm-unsafe-eval' 'self'; connect-src * data:; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data: image: https: blob:; font-src 'self' https:; frame-src https://verify.walletconnect.org/ https://verify.walletconnect.com/ https://connect.solflare.com/ https://www.youtube.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' *.uchooserewards.com *.gstatic.com images.affinitysolutions.com fonts.googleapis.com www.google.com cas-webapp.internal.ondotsystems.com:18226 *.afssn.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.google-analytics.com/; style-src 'self' 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src *; frame-src * 1
default-src https:;style-src 'self' 'unsafe-inline';img-src https: data:;media-src https: data: blob:;font-src https: data:;script-src https: 'nonce-noeEtracker'; 1
frame-ancestors 'self' grn-www.searay.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.charteroak.edu http://*.omniupdate.com; 1
default-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * blob:; font-src * data: blob:; object-src * blob:; frame-src * blob:; connect-src * blob:; child-src * blob:; worker-src * blob:; manifest-src * blob:; 1
frame-ancestors *.skad.ru skad.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com webvisor.com 1
default-src 'self';frame-src 'self' *.youtube.com *.onlinebanktours.com *.documatix.com cucalc.org assets.ctfassets.net westerracu.locatorsearch.com *.mycreditunion.gov *.timetrade.com *.stickleyonsecurity.com *.adp.com *.amazon-adsystem.com *.hotjar.com *.doubleclick.net *.facebook.com *.adsrvr.org *.trkn.us *.googletagmanager.com *.googlesyndication.com *.alchemer.com *.google.com *.vimeo.com *.signalintent.com vercel.live vercel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.youtube.com *.facebook.net *.twitter.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net js.locatorsearch.com *.stickleyonsecurity.com *.redditstatic.com *.hotjar.com *.callrail.com *.adsrvr.org *.googlesyndication.com *.trkn.us *.alchemer.com *.googleoptimize.com *.vimeo.com *.signalintent.com *.jsdelivr.net https://calc-backend-prod.herokuapp.com *.segment.com vercel.live vercel.com *.timetrade.com cdn.bc0a.com;child-src *.youtube.com *.google.com *.twitter.com *.signalintent.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google.com *.signalintent.com;img-src * blob: data:;media-src 'none';object-src 'self' data: assets.ctfassets.net;connect-src *;font-src 'self' data: *.hotjar.com fonts.gstatic.com *.signalintent.com;frame-ancestors 'self' *.alchemer.com *.signalintent.com;report-uri https://o1015742.ingest.sentry.io/api/5981387/security/?sentry_key=98b84fc148ff4eb1969f0b1e3be20d12; 1
default-src data: 'self' https://im-in.space https://*.im-in.space; img-src 'self' https: data: blob:; connect-src wss://im-in.space https://*.giphy.com https://*.tenor.com https://*.shields.io https://im-in.space https://*.im-in.space 'self' blob: data:; script-src 'self' 'unsafe-eval' https://hcaptcha.com 'sha256-ED4WAAOcRWKeM9/DFfGQvve8gTylUkyaTxB59gMHfro=' 'sha256-mcw81LUqGI6+qAB9k0iReT8re4cGtbD1m8KbOUSfG9s=' blob:; style-src https://*.im-in.space 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src https:; upgrade-insecure-requests 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data: 1
frame-ancestors 'self' https://sms.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl https://act.ziggo.nl https://act.vodafone.nl; 1
default-src 'self' 'unsafe-inline' https://cdn.matomo.cloud/ https://fivesgroup.matomo.cloud https://stats.g.doubleclick.net https://in.hotjar.com https://grinding.fivesgroup.com https://www.google-analytics.com https://webasset.fivesgroup.com; frame-src 'self' data: https://www.instagram.com/ https://forms.hsforms.com/ https://www.weezevent.com/ https://widget.weezevent.com/ https://docs.google.com/ https://webasset.fivesgroup.com/ https://www.youtube-nocookie.com https://vars.hotjar.com https://www.juicer.io https://www.youtube.com https://www.fivesgroup.com 'https://wwwp.fivesgroup.com/ https://umap.openstreetmap.fr; img-src 'self' https://forms-na1.hsforms.com/embed/ https://secure.rate2self.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://perf.hsforms.com https://no-cache.hubspot.com https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org data: https://awsfg-s3-webasset-dev.s3.amazonaws.com https://webasset.fivesgroup.com https://www.google-analytics.com https://www.google.com https://www.google.fr; script-src 'self' 'unsafe-inline' https://s3.amazonaws.com/ https://widget.weezevent.com/ https://fivesgroup.us9.list-manage.com/ https://js.hsforms.net/ https://secure.agilecompanyintelligence.com https://docs.google.com/ https://www.youtube.com/ https://cdn.matomo.cloud/ https://fivesgroup.matomo.cloud https://cta-service-cms2.hubspot.com https://js.hscta.net https://secure.rate2self.com https://js.hs-analytics.net https://js.hs-banner.com https://googleads.g.doubleclick.net https://script.hotjar.com https://js.hs-scripts.com https://www.google.com https://www.google-analytics.com https://static.hotjar.com https://www.googletagmanager.com https://assets.juicer.io https://webforms.pipedrive.com https://www.googleadservices.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hsleadflows.net https://connect.facebook.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://assets.juicer.io; connect-src https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://cdn.matomo.cloud/ https://fivesgroup.matomo.cloud https://cta-service-cms2.hubspot.com https://www.google-analytics.com https://in.hotjar.com https://stats.g.doubleclick.net https://www.fivesgroup.com https://wwwp.fivesgroup.com https://secure.rate2self.com https://idx.liadm.com/ https://api.hubapi.com https://forms.hubspot.com; 1
default-src http: https:;                       connect-src https:;                       font-src https: data:;                       frame-src https:;                       frame-ancestors https:;                       img-src http: https: data:;                       media-src https:;                       object-src https:;                       script-src 'unsafe-inline' 'unsafe-eval' https:;                       style-src 'unsafe-inline' http: https:; 1
frame-src 'self' *.vocalcom.com *.google.com *.marketo.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.mktoresp.com px.ads.linkedin.com *.google.fr *.linkedin.com *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net static.doubleclick.net *.noembed.com cdn.plyr.io *.facebook.com *.wpml.org 1
font-src fonts.gstatic.com use.typekit.net *.cloudfront.net *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.jascoproducts.com *.hsforms.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.stripe.com *.doubleclick.net *.facebook.com *.google.com www.paycomonline.net *.hsforms.net *.hsforms.com *.nice-incontact.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com c1.ugc.bazaarvoice.com *.hsforms.com *.cloudfront.net *.bing.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.adroll.com *.casalemedia.com *.rubiconproject.com *.advertising.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.bidswitch.net *.rlcdn.com *.adnxs.com *.openx.net *.mathtag.com *.pippio.com blog.byjasco.com *.hubspot.com *.clarity.ms *.ytimg.com/ byjasco.com *.bazaarvoice.com shareasale.com wheelofpopups-bucket.s3.amazonaws.com static-na.payments-amazon.com segments.company-target.com *.cordinateme.com cordinateme.com *.byjasco.com *.enbrightenme.com enbrightenme.com *.ezzwave.com ezzwave.com *.ezzigbee.com ezzigbee.com *.easyzigbee.com easyzigbee.com *.myselectsmart.com myselectsmart.com *.mytouchsmart.com mytouchsmart.com *.ecosurvivor.com ecosurvivor.com seg.sharethis.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.stripe.com *.hs-scripts.com *.hsadspixel.net *.hsleadflows.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.googletagmanager.com *.bing.com *.google.com *.facebook.net *.doubleclick.net *.gstatic.com *.adroll.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.clarity.ms *.hsforms.net *.hsforms.com *.nice-incontact.com d38xvr37kwwhcm.cloudfront.net www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com display.ugc.bazaarvoice.com *.cloudfront.net *.cloudflare.com *.lambda-url.us-west-2.on.aws *.popt.in unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.byjasco.com byjasco.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.hubspot.com *.hubapi.com *.doubleclick.net *.google-analytics.com *.facebook.com *.bing.com *.adroll.com *.nr-data.net bam-cell.nr-data.net *.clarity.ms *.hsforms.com *.cloudflare.com *.grin.co api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.kitbuilder.co.uk https://shoesize.me https://*.shoesize.me; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai https://shoesize.me https://plugin.shoesize.me https://analytics.shoesize.me; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.canterbury.com https://checkout.canterbury.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://apps.storystream.ai https://platform.twitter.com https://shoesize.me; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://plugin.shoesize.me; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.moda.gov.tw https://unpkg.com/topojson@3 https://cdn.jsdelivr.net/npm/d3@5.6.0/dist/d3.min.js https://ajax.cloudflare.com https://www.googletagmanager.com/gtag/js https://static.cloudflareinsights.com https://cse.google.com/cse.js https://www.google.com https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse/element/v1 https://partner.googleadservices.com/gampad/cookie.js; object-src 'none'; img-src *; frame-src 'self' https://www.youtube.com/embed https://www.google.com https://www.youtube.com https://cse.google.com; style-src 'unsafe-inline' 'unsafe-eval' * data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; connect-src 'self' https://*.moda.gov.tw https://www.google-analytics.com https://cse.google.com http://cse.google.com https://www.google.com http://cloudflareinsights.com https://csp.withgoogle.com; media-src 'self'; frame-ancestors 'none'; 1
frame-ancestors 'self' http://www.philips.be *.philips.com *.philips.be https://philipsigtdpv.com 1
default-src 'self' https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ https://use.fontawesome.com/releases/v5.3.1/css/ https://cdn-prod.securiti.ai/ https://fonts.googleapis.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://app.securiti.ai/ https://cdnjs.cloudflare.com/ajax/libs/ https://code.jquery.com/jquery-3.3.1.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ https://connect.facebook.net/ https://www.facebook.com/tr/;font-src 'self' https://use.fontawesome.com/releases/v5.3.1/webfonts/ https://fonts.gstatic.com/;connect-src 'self' https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://app.securiti.ai/; frame-src 'self' https://www.google.com/recaptcha/ https://calculadora.registrodeimoveis.org.br/ https://www.youtube.com/ https://docs.google.com/;frame-ancestors 'self' ; img-src 'self' https://www.registrodeimoveis.org.br/ https://registrodeimoveis.org.br/ http://www.testes.registrodeimoveis.org.br/ http://testes.registrodeimoveis.org.br/ https://www.facebook.com/tr/ https://connect.facebook.net/ https://*.googleapis.com/ https://www.google.com.br/ https://www.google-analytics.com/ https://i.ytimg.com blob: data: ; 1
style-src 'self' 'unsafe-inline' https://healow.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://healow.com https://*.healow.com; form-action 'self' https://*.eclinicalweb.com https://*.healow.com https://healow.com; frame-src 'self' 'unsafe-inline' https://*.eclinicalweb.com https://*.healow.com https://healow.com; img-src 'self' https://*.eclinicalweb.com https://healow.com data data: https://*.ecwcloud.in https://*.ecwcloud.com https://*.eclinicalweb.com https://*.ecwlab.com; connect-src 'self'; child-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'self' https://*.healow.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com data; report-uri ../cspReport/cspViolationReport.jsp; 1
default-src 'self' https://cdn.etrias.nl ; connect-src 'self' https://cdn.etrias.nl  https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.nl https://*.google.be https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://api01.shoppingminds.net https://trkr.shoppingminds.net https://script.shoppingminds.com https://squeezely.tech https://ct.beslist.nl; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://script.shoppingminds.com https://api01.shoppingminds.net https://squeezely.tech 'nonce-55c7B7FmfYGquJ0mlfT0LrQaSQkbG2O2'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com; report-uri /_csp/report 1
default-src 'self' vithas.es estarsano.vithas.es www.googletagmanager.com www.google-analytics.com www.google.com www.facebook.com www.youtube.com player.vimeo.com yoast.com maps.google.com dialogflow.cloud.google.com cdn.cookielaw.org privacyportal.onetrust.com maps.googleapis.com stats.g.doubleclick.net 10163964.fls.doubleclick.net tpc.googlesyndication.com region1.google-analytics.com https://mcsaatchi.solution.weborama.fr/ region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  vithas.es estarsano.vithas.es www.googletagmanager.com www.google-analytics.com www.google.com connect.facebook.net static.ads-twitter.com analytics.twitter.com www.gstatic.com maps.googleapis.com static.dialogflow.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com ads.sonataplatform.com cstatic.weborama.fr s2.adform.net; style-src 'self' 'unsafe-inline'  vithas.es estarsano.vithas.es fonts.googleapis.com code.jquery.com; img-src 'self'  vithas.es estarsano.vithas.es www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.es secure.gravatar.com maps.googleapis.com maps.gstatic.com  googleads.g.doubleclick.net data: analytics.twitter.com t.co ads.sonataplatform.com wwc.addoor.net https://mcsaatchi.solution.weborama.fr/ cdn.cookielaw.org ;font-src 'self'  vithas.es estarsano.vithas.es fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'self' http://*.vithas.es; form-action 'self' www.facebook.com; 1
frame-ancestors 'self' *.in-tend.co.uk 1
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sensehqchat.com *.sensehq.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com sp.analytics.yahoo.com *.tvsquared.com s.yimg.com tracker.gaconnector.com bat.bing.com cdn.mouseflow.com ict.infinity-tracking.net *.crazyegg.com api.carehome.co.uk www.cqc.org.uk cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org script.infinity-tracking.com *.vimeocdn.com *.gstatic.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com maps.googleapis.com *.twimg.com connect.facebook.net *.googleapis.com ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' *.careinspectorate.wales embedsocial.com *.livechatinc.com api.carehome.co.uk www.cqc.org.uk fonts.googleapis.com;connect-src 'self' *.sensehqchat.com *.sensehq.com region1.analytics.google.com *.careinspectorate.wales *.mouseflow.com embedsocial.com *.livechatinc.com bat.bing.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com s.yimg.com *.crazyegg.com ict.infinity-tracking.net nas.lon.infinity-tracking.com api.carehome.co.uk cdn.cookielaw.org web.lon.infinity-tracking.com vimeo.com maps.googleapis.com *.google-analytics.com *.doubleclick.net www.facebook.com;font-src 'self' cdn.livechatinc.com fonts.gstatic.com fonts.googleapis.com;frame-ancestors 'self' cms.careuk.com admin.cuk.local uat-cms.careuk.com uat2-cms.careuk.com;frame-src 'self' *.spotify.com maps.google.com maps.google.co.uk *.sensehqchat.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com www.google.com www.facebook.com;img-src 'self' *.googleapis.com *.careinspectorate.wales *.careinspectorate.com cdn.livechat-files.com cdn.livechatinc.com cdn.cookielaw.org dpm.demdex.net *.tvsquared.com sp.analytics.yahoo.com bat.bing.com api.carehome.co.uk www.cqc.org.uk *.googletagmanager.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.co.uk i.vimeocdn.com data:;worker-src 'self' blob: *.careuk.com;media-src 'self' *.careinspectorate.wales *.careinspectorate.com cdn.livechatinc.com;form-action 'self' payments *.worldpay.com; 1
frame-ancestors https://*.waiverfile.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google.com/ https://maps.googleapis.com https://fonts.googleapis.com https://browser-update.org https://www.gstatic.com https://www.google-analytics.com https://*.tupras.com.tr https://*.foreks.com; worker-src blob: 1
default-src 'self' https://*.wistia.com https://*.wistia.net ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net;frame-src https://fast.wistia.com https://fast.wistia.net *.google.com https://s3.us-west-1.amazonaws.com; script-src-elem 'unsafe-inline' https: *.gstatic.com; object-src 'none';frame-ancestors 'none';manifest-src 'self';base-uri 'none';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io www.gstatic.com *.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com *.google-analytics.com www.googletagmanager.com bat.bing.com polyfill.io *.googleapis.com *.google.com cdn.jsdelivr.net code.jquery.com;connect-src 'self' https://*.clarity.ms https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net *.google-analytics.com *.google.com www.googletagmanager.com *.googleapis.com bat.bing.com stats.g.doubleclick.net; img-src https: 'self' data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ;style-src https: 'unsafe-inline' 'self' blob https://fast.wistia.com ;font-src 'self' data: https://*.typekit.net https://*.wistia.com pro.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; worker-src 'self' blob: 1
frame-ancestors *.imu.nl *.phoenixsite.nl plugandpay.nl 1
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' 'self'; form-action 'self' https://survey.g.doubleclick.net/ https://www.facebook.com/tr/ https://forms.hsforms.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jst.ai/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://p.typekit.net/ https://use.typekit.net/ https://optimize.google.com https://connect.podium.com/ https://cdn.jsdelivr.net/ *.udev1a.net *.usablenet.com *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com p.typekit.net use.typekit.net 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://tools.justuno.com/ https://adservice.google.ca/ https://adservice.google.com/ https://adservices.brandcdn.com/ https://analytics.jst.ai/ https://api.braintreegateway.com/ https://bam.nr-data.net/ https://cdn.jsdelivr.net/ https://cdn.jst.ai/ https://cdn.livechatinc.com/ https://client-analytics.braintreegateway.com/ https://connect.facebook.net/ https://d.adroll.mgr.consensu.org/consent/iabcheck/KLHAGB4PQRDAZK2BRGDAY3 https://d10lpsik1i8c69.cloudfront.net/w.js https://forms.hsforms.com/ https://googleads.g.doubleclick.net/ https://js-agent.newrelic.com/ https://js.braintreegateway.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://maps.google.com/ https://maps.googleapis.com https://my.jst.ai/ https://s.adroll.com/ https://script.hotjar.com/ https://secure.livechatinc.com/ https://static.hotjar.com/ https://survey.g.doubleclick.net/ https://tag.brandcdn.com/autoscript/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google-analytics.com/plugins/ua/ec.js https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.paypalobjects.com/ https://apis.google.com/ https://www.google.com/ https://d.adroll.com/consent/check/ https://adservice.google.com.ua/ https://cdn.quantummetric.com/qscripts/quantum-watsons.js https://pippio.com/api/sync/ https://adservice.google.pl/ https://api.livechatinc.com/ *.purechat.com *.purechatcdn.com https://www.googleapis.com/youtube/ https://*.paypal.com https://optimize.google.com https://aly.jst.ai https://jslib.emotive.io https://loader.wisepops.com https://live.rezync.com/ https://*.rfihub.net/ cdn.wisepops.com https://s.pinimg.com/ https://call.chatra.io/chatra.js https://connect.podium.com/ https://www.clickcease.com/ https://aa.trkn.us/ https://js.hsadspixel.net/ https://www.youtube.com/ https://jslib.emotive.io/ https://tag.simpli.fi/ *.udev1a.net *.usablenet.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org tools.justuno.com cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://cdn.livechatinc.com *.adobe.com 'self' 'unsafe-inline'; img-src 'self' data: https://nextroll.com/ https://www.google.pl/ https://adservice.google.pl/ https://b.stats.paypal.com https://c.paypal.com https://checkout.paypal.com https://d.adroll.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://graphics.jst.ai https://insight-event.brandcdn.com https://insight.adsrvr.org https://track.hubspot.com https://watsons-cincinnati.s3.us-east-2.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.paypalobjects.com https://www.magentocommerce.com https://www.xtento.com https://chd.stats.paypal.com/counter2.cgi https://perf.hsforms.com/embed/v3/counters.gif https://pixel.advertising.com/ups/55980/sync https://dsum-sec.casalemedia.com/rum https://pixel.rubiconproject.com/tap.php https://sync.outbrain.com/cookie-sync https://simage2.pubmatic.com/AdServer/Pug https://d.adroll.com/cm/r/in https://sync.taboola.com/sg/adroll-network/1/rtb-h https://eb2.3lift.com/xuid https://ups.analytics.yahoo.com/ups/55980/sync https://www.google.com.ua/pagead/1p-user-list/984698218/ https://www.google.com.ua/ads/ga-audiences https://ads.yahoo.com/cms/v1 https://www.google.com.ua/pagead/ https://forms.hubspot.com/collected-forms/submit/form mage https://dpm.demdex.net the image https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com https://cbks0.googleapis.com/cbk https://lh3.ggpht.com/ https://geo0.ggpht.com/cbk https://geo1.ggpht.com/cbk https://geo2.ggpht.com/cbk https://geo3.ggpht.com/cbk https://match.sharethrough.com https://dub.stats.paypal.com https://optimize.google.com https://i.ytimg.com/ cdn.wisepops.com cdn.klarna.com https://khms0.googleapis.com/kh https://khms1.googleapis.com/kh https://cm.g.doubleclick.net https://secure.adnxs.com https://ct.pinterest.com/v3/ https://segment.prod.bidr.io/ https://assets.podium.com/ https://*.krxd.net/ https://www.gstatic.com/ https://ib.adnxs.com/ https://us-u.openx.net/ https://image2.pubmatic.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://forms-na1.hsforms.com/ https://podium-prod.s3.amazonaws.com/ https://odr.mookie1.com/ https://match.adsrvr.org/ https://*.addthis.com/ https://*.agkn.com/ https://*.doubleclick.net/ https://*.truoptik.com/ https://*.linksynergy.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d.adroll.com graphics.jst.ai paypal.com blob: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; frame-src 'self' https://survey.g.doubleclick.net/ https://forms.hsforms.com/ https://adservices.brandcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://c.paypal.com https://cdn.jst.ai https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://my.matterport.com https://secure.livechatinc.com https://vars.hotjar.com https://www.google.com https://www.xtento.com https://app.hubspot.com https://www.facebook.com/ https://cdn.flipsnack.com/ https://ssl.kaptcha.com/ https://optimize.google.com https://js.hsforms.net/ https://www.youtube.com/ https://*.rfihub.com/ https://www.pinterest.com https://chat.chatra.io/ https://ct.pinterest.com/ https://aa.trkn.us/ https://firebuilder.travisindustries.com/ https://player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://www.xtento.com https://connect.podium.com/ https://cdn.livechatinc.com/ fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://www.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; connect-src 'self' https://api.livechatinc.com/ wss://ws3.hotjar.com/api/ https://analytics.jst.ai/api/analytics/ https://analytics.jst.ai/api/session/ https://d.adroll.com/segment/KLHAGB4PQRDAZK2BRGDAY3/N6CLSWZXNVDYXMAGWZ7HLO https://forms.hubspot.com/collected-forms/v1/config/json https://my.jst.ai/ifm_4.1.html https://my.jst.ai/promocode/getcode_4.1.html https://settings.luckyorange.net https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/collect https://www.google-analytics.com/j/collect https://in.hotjar.com/api/v2/client/sites/1661351/visit-data https://watsons-app.quantummetric.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/5117171/968477ab-7ead-4482-a503-614d359cdde8.json.gz https://www.google.com/recaptcha/api.js https://forms.hsforms.com/emailcheck/ https://forms.hubspot.com/collected-forms/submit/form *.purechat.com https://*.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net/ https://aly.jst.ai/ *.emotiveapp.co https://popup.wisepops.com/my-wisepop tracking.wisepops.com https://maps.googleapis.com https://ct.pinterest.com/user/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://mind-flayer.podium.com/ https://activity.wisepops.com/ https://api.hubapi.com/ https://api.amplitude.com/ https://api.lab.amplitude.com/ https://lab.analyticspodium.com/sdk/vardata https://api2.analyticspodium.com/2/httpapi https://forms.hscollectedforms.net/ *.udev1a.net *.usablenet.com https://js.hs-banner.com/v2/cf-location https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com d.adroll.com s.adroll.com my.jst.ai 'self' 'unsafe-inline'; default-src none 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
frame-ancestors 'self' https://sgl-live01.mcon-group.com https://logon.sglcarbon.com; 1
default-src 'self' *.piwik.pro *.entryscape.com *.entryscape.net *.tele2.se *.sitevision.se *.sitevision-cloud.se *.eskilstuna.se eskilstuna.se tse-eskilstuna-ext.sitevision.se 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://*; frame-src 'self' https://*; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; font-src 'self' data:; script-src 'self' *.piwik.pro *.entryscape.com *.entryscape.net *.sitevision.se *.sitevision-cloud.se *.eskilstuna.se eskilstuna.se tse-eskilstuna-ext.sitevision.se *.tele2.se 'nonce-7db7e651-b98f-11ee-a4ac-81d22e1fffa7' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' https://*.hotjar.com https://*.segment.io https://*.google.com https://*.google.com.bh https://*.stc.com.bh https://www.googletagmanager.com https://*.segment.com https://*.sparkcentral.com http://*.twitter.com https://www.google-analytics.com http://*.doubleclick.net https://*.smooch.io https://*.facebook.net https://*.facebook.com https://*.appdynamics.com https://*.eum-appdynamics.com https://*.ads-twitter.com https://www.gstatic.com https://www.googleadservices.com https://sc-static.net https://*.tiktok.com https://*.getresponse.com https://creativecdn.com https://t.co https://*.snapchat.com https://*.adsrvr.org https://ups.analytics.yahoo.com https://us-an.gr-cdn.com https://m.gr-cdn-e.com https://*.omnitagjs.com https://*.gr-cdn.com https://*.gr-cdn-e.com https://*.hotjar.io https://*.gstatic.com wss://*.hotjar.com https://connect.facebook.net https://www.gravatar.com wss://*.smooch.io https://*.googleapis.com https://*.rubiconproject.com https://www.youtube.com https://*.googlesyndication.com https://polyfill.io https://*.cloudfront.net https://*.youtube.com https://*.doubleclick.net https://*.linkedin.com  http://*.youtube.com https://*.adsymptotic.com https://*.bidswitch.net https://service.moic.gov.bh https://*.amazonaws.com https://*.tribalfusion.com data: 'unsafe-inline' blob: 'unsafe-eval' 1
frame-ancestors 'self' https://dxpdev.cryosinternational.com https://dxptest.cryosinternational.com https://dxp.cryosinternational.com https://dxpcoredev.cryosinternational.com https://dxpcoretest.cryosinternational.com https://dxpcore.cryosinternational.com; media-src * data:; 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; img-src 'self' https://img.shields.io https://www.abuseipdb.com; style-src 'self' 'unsafe-inline'; object-src 'none' 1
default-src 'self' packages.umbraco.org our.umbraco.org; connect-src 'self' consentcdn.cookiebot.com wss://api-prod.geomant.cloud heatmaps.monsido.com pagecorrect.monsido.com region1.google-analytics.com api-prod.geomant.cloud directline.botframework.com wss://directline.botframework.com region1.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com consent.cookiebot.com app-script.monsido.com heatmaps.monsido.com pagecorrect.monsido.com widgets.moovit.com cdn.geomant.cloud wymetro.widget.custhelp.com wymetro.custhelp.com www.rnengage.com wymetroforms.firmstep.com www.google.com www.gstatic.com westyorks-ca.firmstep.com platform.twitter.com cdn.syndication.twimg.com ajax.aspnetcdn.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' www.rslcontent.co.uk rslcontent.co.uk journeokioskcontent.azurewebsites.net wymetro-uk.azurewebsites.net wymetro-uk-staging2.azurewebsites.net wymetro-auth.azurewebsites.net wymetro-auth-staging.azurewebsites.net wymetro-uat.azurewebsites.net wymetro-dev.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com heatmaps.monsido.com pagecorrect.monsido.com maxcdn.bootstrapcdn.com wymetro.widget.custhelp.com wymetroforms.firmstep.com westyorks-ca.firmstep.com platform.twitter.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src * data: blob:; frame-src 'self' consentcdn.cookiebot.com widgets.moovit.com r1.dotmailer-surveys.com yorkshire.acisconnect.com www.youtube.com wymetro.acisconnect.com www.youtube-nocookie.com www.communicatoremail.com planner.wymetro.com www.google.com testcheckout.sagepay.com checkout.sagepay.com; object-src 'self' www.youtube.com www.youtube-nocookie.com 1
default-src 'self' 'unsafe-inline'; connect-src https://spending.gov.ua ; font-src https: data:; frame-src https://spending.gov.ua https://www.google.com; frame-ancestors https://spending.gov.ua; img-src https://spending.gov.ua https://spending.gov.ua https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src https:; object-src https://spending.gov.ua; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://storage.googleapis.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https//spending.gov.ua https://fonts.googleapis.com 'unsafe-inline'; form-action 'self'; base-uri 'self'; 1
default-src 'self'; font-src 'self' blob: data: * cdnjs.cloudflare.com fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-ancestors 'self' https://*.koji-apps.com https://withkoji.com https://app.involve.me; img-src 'self' blob: data: *; connect-src 'self' https://pagead2.googlesyndication.com/ https://wisepops.net *.wisepops.net *.wisepops.com https://accounts.google.com/gsi/ https://analytics.google.com ws: wss: *.google-analytics.com *.g.doubleclick.net collabstr.s3.amazonaws.com cognito-identity.us-west-1.amazonaws.com collabstr.s3-us-west-1.amazonaws.com *.stripe.com *.ibytedtos.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io *.clarity.ms *.bing.com https://www.google.com/recaptcha/api.js www.gstatic.com https://www.facebook.com; frame-src 'self' https://collabstr.involve.me https://td.doubleclick.net/ https://accounts.google.com/gsi/ *.stripe.com bid.g.doubleclick.net https://www.youtube.com/ http://collabstr.com/ https://collabstr.com/ http://limbani.xyz/ https://limbani.xyz/ https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com https://vars.hotjar.com https://www.facebook.com/ https://www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css https://accounts.google.com/gsi/style cdnjs.cloudflare.com fonts.googleapis.com *.tiktokcdn.com https://cdn.tiny.cloud ajax.googleapis.com; script-src 'self' 'unsafe-inline' https://collabstr.involve.me *.wisepops.com https://wisepops.net/loader.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://accounts.google.com/gsi/client sdk.amazonaws.com cdnjs.cloudflare.com *.stripe.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.google.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ *.tiktokcdn.com *.ibytedtos.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com connect.facebook.net *.bing.com *.clarity.ms https://cdn.tiny.cloud https://www.google.com/recaptcha/api.js www.gstatic.com; media-src 'self' d5ik1gor6xydq.cloudfront.net blob: data: * 1
frame-ancestors 'self'; report-uri https://www.nicoletbank.com/report-uri/enforce 1
frame-ancestors 'self' https://*.thesmartlocal.com https://*.thesmartlocal.id https://*.thesmartlocal.my https://*.thesmartlocal.jp https://*.thesmartlocal.kr https://*.thesmartlocal.co.th https://*.thesmartlocal.ph https://eatbook.sg https://mustsharenews.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' https://code.jquery.com/jquery-3.6.0.min.js http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/ https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://siteimproveanalytics.com https://storage.googleapis.com https://funding.scot https://ajax.googleapis.com/ajax/libs/angularjs/;style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://p.typekit.net https://use.typekit.net;img-src 'self' https://scprodweb.blob.core.windows.net https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.siteimproveanalytics.io https://storage.googleapis.com https://funding.scot;media-src 'self';frame-src 'self' https://etrw-dev1-odcsvbcs-06072027-983-cacctetpr.builder.ocp.oraclecloud.com https://youtu.be https://m.youtube.com https://www.youtube.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://storage.googleapis.com https://funding.scot;connect-src 'self' https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://storage.googleapis.com https://funding.scot https://ajax.googleapis.com/ajax/libs/angularjs/;child-src 'self';worker-src 'self';upgrade-insecure-requests;block-all-mixed-content;report-uri https://www.stirling.gov.uk/Umbraco/Api/BrowserReporting/Csp 1
default-src https: data: blob: resource: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 1
default-src 'self' *.peacelink.it *.peacelink.org *.googleapis.com; img-src 'self' data: *.peacelink.it *.peacelink.org *.sociale.network *.paypalobjects.com public.flourish.studio *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.peacelink.org apis.google.com maps.googleapis.com www.youtube.com www.google.com www.gstatic.com public.flourish.studio; frame-src omniscope.me www.youtube.com *.google.com flo.uri.sh; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.peacelink.org use.fontawesome.com; font-src *.peacelink.it *.peacelink.org fonts.gstatic.com use.fontawesome.com 1
default-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.custard.com/ https://use.fontawesome.com/ https://fonts.gstatic.com/ https://analytics.google.com/ https://www.youtubec.com; script-src 'self' https://www.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.gstatic.com/ https://use.fontawesome.com/ https://www.youtube.com https://unpkg.com/axios/dist/ https://unpkg.com/qs/ https://cdnjs.cloudflare.com/ajax/libs/ https://analytics.google.com/ https://connect.facebook.net https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/  https://use.fontawesome.com/ 'unsafe-inline'; img-src 'self' https://www.custard.com/ https://dev.custard.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://secure.gravatar.com/avatar/ data:; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:; object-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.custard.com/ https://analytics.google.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com; form-action 'self' https://login.microsoftonline.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/g/ https://stats.g.doubleclick.net/ https://analytics.google.com/g/collect; frame-src 'self' https://www.custard.com https://www.google.com https://www.facebook.com https://www.youtube.com; worker-src blob:; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.airmap.com https://airmap.com; base-uri 'self'; form-action 'self'; object-src 'self'; 1
default-src 'self' *.quantummetric.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
report-uri https://services.madcapsoftware.com/api/CSPReport/Post;                                             default-src 'self' https://scripts.sirv.com https://*.sirv.com;                  manifest-src 'self' https://login.microsoftonline.com *.madcapsoftware.com;                  connect-src 'self' blob: https://google.com *.convertexperiments.com https://ws.zoominfo.com *.google-analytics.com *.analytics.google.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://settings.luckyorange.net https://in.visitors.live/ajax https://*.luckyorange.com https://madcap.sirv.com https://stats.sirv.com https://video.sirv.com https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://data.stbuttons.click/data https://api.hubapi.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://consent-pref.trustarc.com https://analytics.google.com https://api-preview.luckyorange.com/public-auth https://www.g2.com https://www.googletagmanager.com https://fonts.gstatic.com https://settings.luckyorange.net https://public-auth-dot-lucky-orange.appspot-preview.com wss://realtime.luckyorange.com https://settings.luckyorange.com wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://maps.googleapis.com https://www.google-analytics.com https://adservice.google.com/pagead/ https://dc.services.visualstudio.com https://f1.madcapsoftware.com https://madcap.sirv.com https://scripts.sirv.com https://in.requestmetrics.com https://jsonapi.sajari.net https://l.sharethis.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://www.google.com/pagead/ https://*.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com https://px.ads.linkedin.com/wa/;                  font-src 'self' data: https://use.fontawesome.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ https://consent.trustarc.com/ https://f1.madcapsoftware.com/websiteFonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com https://www.cognitoforms.com; form-action 'self' https://forms.hsforms.com/ *.google.com; frame-ancestors 'self' https://cdn.talentlms.com/madcappm/ https://madcappm.talentlms.com/ https://cdn.talentlms.com/engine/V2/ https://qasecurityheadersclickjacking1.mcoutputqa.com https://dssecurityheadersclickjacking.mcoutputdev.com https://dev.madcaprnd.com/client https://qa.madcaprnd.com https://app.storyblok.com;                  frame-src 'self' https://hemsync.clickagy.com https://f1.madcapsoftware.com https://madcap.sirv.com https://consent-pref.trustarc.com/ https://forms.hsforms.com https://www.youtube-nocookie.com https://www.g2.com https://optimize.google.com https://talk.hyvor.com *.google.com *.doubleclick.net *.googlesyndication.com https://c.sharethis.mgr.consensu.org https://js.driftt.com https://www.youtube.com https://calendly.com https://t.sharethis.com;                  img-src 'self' data: https://exceptions.hs-embed-reporting.com https://google.com/pagead/ https://stats.g.doubleclick.net https://pd.sharethis.com https://track.hubspot.com *.google-analytics.com *.analytics.google.com https://forms-na1.hsforms.com https://track.hubspot.com https://forms.hsforms.com https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://fonts.gstatic.com https://analytics.google.com https://www.g2.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net https://*.privacysandbox.googleadservices.com https://assets.madcapsoftware.com https://*.linkedin.com https://linkedin.com https://www.linkedin.com https://ads.linkedin.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/collect https://prd.jwpltx.com/v1/jwplayer6/ping.gif https://www.google.com.mx/ https://www.google.com.ec https://www.google.com.ua https://f1.madcapsoftware.com https://googleads.g.doubleclick.net https://madcap.sirv.com https://maps.googleapis.com https://maps.gstatic.com https://platform-cdn.sharethis.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://*.googleusercontent.com https://assets.madcapsoftware.com/branding/ https://l.sharethis.com https://www.googleadservices.com https://assets.madcapsoftware.com/websiteImages/ https://i.ytimg.com https://assets.calendly.com;                  media-src 'self' blob: data: https://webinararchive.madcapsoftware.com https://f1.madcapsoftware.com https://madcap.sirv.com https://video.sirv.com https://scripts.sirv.com https://js.driftt.com dai.google.com;                  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-4.convertexperiments.com https://no-cdn.convertexperiments.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://djtflbt20bdde.cloudfront.net/ https://use.fontawesome.com/ https://js.hsforms.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com/ https://js.hs-banner.com https://js.hsadspixel.net https://js-na1.hs-scripts.com/ https://consent.trustarc.com/ https://tracking.g2crowd.com/ https://static.cognitoforms.com/ https://d10lpsik1i8c69.cloudfront.net https://tools.luckyorange.com https://ssl.google-analytics.com https://optimize.google.com https://talk.hyvor.com https://connect.facebook.net/en_US/sdk.js https://platform-api.sharethis.com/js/sharethis.js https://t.sharethis.com https://www3.madcapsoftware.com/ https://tpc.googlesyndication.com/ https://www.google.com/pagead/ https://assets.madcapsoftware.com https://az416426.vo.msecnd.net https://buttons-config.sharethis.com https://cdn.requestmetrics.com https://googleads.g.doubleclick.net https://www.google.com https://js.driftt.com https://platform-api.sharethis.com https://scripts.sirv.com https://video.sirv.com https://madcap.sirv.com https://stats.sirv.com https://snap.licdn.com https://www.googleanalytics.com https://www.google-analytics.com https://google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com https://app.storyblok.com/f/storyblok-latest.js https://app.storyblok.com/f/storyblok-v2-latest.js https://www.googleadservices.com https://count-server.sharethis.com https://services.cognitoforms.com https://www.cognitoforms.com https://www.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.madcapsoftware.com https://f1.madcapsoftware.com https://assets.calendly.com https://ssl.p.jwpcdn.com/;                  style-src 'self' 'unsafe-inline' https://use.fontawesome.com/ https://scripts.sirv.com https://www.googletagmanager.com/ https://optimize.google.com https://www3.madcapsoftware.com/ https://scripts.sirv.com/sirvjs/ https://fonts.googleapis.com https://www.cognitoforms.com https://www.madcapsoftware.com https://app.storyblok.com https://assets.calendly.com;                  worker-src blob:;                  child-src blob:; 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.de *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: openbanksimuladores.afi.es unpkg.com; connect-src 'self' *.openbank.de *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.de px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: https://newassets.hcaptcha.com ;frame-ancestors 'self' api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.auroraplatform.work *.finderby.work *.unitedtraders.work *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.work ; 1
default-src 'self' blob: data: *.microsoft.com amp.azure.net *.vo.msecnd.net *.streaming.mediaservices.windows.net endpoint-vi-fe-svc-storage-glb-prod-cdn.azureedge.net https: 'unsafe-inline'; script-src 'self' blob: data: *.microsoft.com amp.azure.net *.vo.msecnd.net *.streaming.mediaservices.windows.net endpoint-vi-fe-svc-storage-glb-prod-cdn.azureedge.net https: 'unsafe-inline' 1
frame-ancestors https://content.amplience.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://wb.messengerpeople.com https://ct.pinterest.com https://*.recaptcha.net https://tr.snapchat.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com; form-action 'self' https://www.facebook.com https://checkout.mp.com https://connect.facebook.net https://m.mp.com https://www.mp.com https://ct.pinterest.com https://tr.snapchat.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://*.googletagservices.com https://*.google.co.uk https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://*.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.googlesyndication.com https://static.ads-twitter.com https://*.twitter.com https://s.pinimg.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://www.google.com https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
frame-src https:; report-uri /csp-violation-endpoint/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.taittinger.com *.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.facebook.net *.facebook.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net www.google.com www.gstatic.com unpkg.com fonts.gstatic.com snap.licdn.com *.pinimg.com *.googleadservices.com *.google.ca *.pinterest.com *.tiktok.com *.youtube-nocookie.com *.youtube.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com *.google-analytics.com *.google.com *.google.fr *.facebook.net *.facebook.com stats.g.doubleclick.net px.ads.linkedin.com *.pinimg.com sc-static.net *.google.ca *.pinterest.com *.ytimg.com googleads.g.doubleclick.net; 1
default-src 'none'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' app.fullstory.com app.fullstory.com *.appcues.com *.appcues.net cdn.cookielaw.org fonts.googleapis.com stackpath.bootstrapcdn.com; img-src * blob: data:; frame-src 'self' play.fullstory.com accounts.google.com *.appcues.com content.googleapis.com fast.wistia.net js.stripe.com hpdcfnlcgmgn.statuspage.io www.google.com/recaptcha/ *.osano.com; font-src 'self' fonts.gstatic.com github.com data: app.fullstory.com; connect-src 'self' rs.fullstory.com rs-2.fullstory.com analytics.staging.fsty.io rs.staging.fullstory.com rs-2.staging.fullstory.com api.fullstory.com edge.fullstory.com analytics.staging.fsty.io www.googleapis.com *.bugsnag.com *.sentry.io *.launchdarkly.com *.appcues.com *.appcues.net cdn.cookielaw.org js.stripe.com stats.g.doubleclick.net storage.googleapis.com *.google-analytics.com *.osano.com analytics.google.com *.analytics.google.com ws: wss:; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' app.fullstory.com app.fullstory.com edge.fullstory.com analytics.staging.fsty.io rs.fullstory.com rs-2.fullstory.com analytics.staging.fsty.io rs.staging.fullstory.com rs-2.staging.fullstory.com accounts.google.com *.appcues.com *.appcues.net cdn.cookielaw.org code.jquery.com d2wy8f7a9ursnm.cloudfront.net *.osano.com js.stripe.com stackpath.bootstrapcdn.com static.segment.com www.googletagmanager.com www.google-analytics.com app.launchdarkly.com hpdcfnlcgmgn.statuspage.io www.gstatic.com/recaptcha/ www.google.com/recaptcha/; script-src-elem 'unsafe-inline' 'self' app.fullstory.com app.fullstory.com edge.fullstory.com analytics.staging.fsty.io rs.fullstory.com rs-2.fullstory.com analytics.staging.fsty.io rs.staging.fullstory.com rs-2.staging.fullstory.com accounts.google.com *.appcues.com *.appcues.net cdn.cookielaw.org cdnjs.cloudflare.com code.jquery.com d2wy8f7a9ursnm.cloudfront.net *.osano.com js.stripe.com static.segment.com www.googletagmanager.com www.google-analytics.com app.launchdarkly.com hpdcfnlcgmgn.statuspage.io www.gstatic.com/recaptcha/ www.google.com/recaptcha/ data:; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://o4504480373276672.ingest.sentry.io/api/4504555302682624/security/?sentry_key=52c1b10041a04748a31afb5ca122837e 1
img-src * data:; object-src 'self' https://www.emurom.net; media-src https://www.emurom.net; connect-src 'self' *; report-uri https://www.emurom.net; script-src 'self' blob: www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' bulbofficial.com dotappendixrooms.com 1
form-action 'self' *.facebook.com; frame-ancestors 'self' app.contentful.com; frame-src 'self' *.workhuman.com *.workhumanpreprod.com app.netlify.com *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.facebook.com *.twitter.com 862-jiq-698.mktoweb.com cookie.havasedge.com fast.wistia.net youtube.com www.youtube.com bat.bing.com ; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; upgrade-insecure-requests; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.eyeko.com https://m.eyeko.com https://checkout.eyeko.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://ln-rules.rewardstyle.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none';  script-src 'self' 'unsafe-eval' https://ajax.googleapis.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://cdn.heapanalytics.com https://www.clarity.ms;  font-src 'self' https://fonts.gstatic.com;  connect-src 'self' ws: wss: https://testvets.eu.auth0.com https://claim.eu.policies.io https://manyvets.eu.auth0.com https://claim.eu-test.policies.io  https://bbm-user-data-stag.s3.amazonaws.com https://bbm-user-data-prod.s3.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://in.hotjar.com https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://csmetrics.hotjar.com  https://o23349.ingest.sentry.io https://ekr.zdassets.com  https://vetportal.zendesk.com https://zendesk-eu.my.sentry.io/ https://graphql.manyvets.com https://graphql.testvets.xyz https://*.launchdarkly.com https://*.clarity.ms https://*.appsync-api.eu-west-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://manyvetsupload185509-prod.s3.eu-west-1.amazonaws.com https://manyvetsupload151026-stag.s3.eu-west-1.amazonaws.com https://heapanalytics.com https://*.algolia.net https://*.algolianet.com;  img-src 'self' data: https://heapanalytics.com  https://secure.gravatar.com https://s.gravatar.com https://*.wp.com https://*.clarity.ms https://*.bing.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;  frame-src https://testvets.eu.auth0.com https://manyvets.eu.auth0.com https://vars.hotjar.com https://forms.office.com;  frame-ancestors 'self'; form-action 'self';  report-uri https://o23349.ingest.sentry.io/api/6235110/security/?sentry_key=55f6f4fcd87a4cbc9fbcc2ebea4b91e0&sentry_environment=production; 1
frame-ancestors 'self' https://twinkaboo.com https://chat.twinkaboo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.clarity.ms https://youtube.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://c.clarity.ms https://i.ytimg.com https://img.youtube.com; connect-src 'self' https://www.google-analytics.com https://q.clarity.ms https://www.googleapis.com; frame-src 'self' https://www.youtube.com; font-src 'self' data:; 1
frame-ancestors 'self' https://edit.sageimagine.com/ https://www.sage.com/ https://edit.qa-sageimagine.com/ https://edit-brand.pp-sageimagine.com/ https://web-brand.pp-sageimagine.com/ https://web.pp-sageimagine.com/ https://web.dev-sageimagine.com/ https://web.qa-sageimagine.com/ https://web.pp-sageimagine.com/; 1
default-src 'self' pl-proxy.uidotdev.workers.dev npm-trends-proxy.uidotdev.workers.dev; connect-src 'self' bytes.dev npm-trends-proxy.uidotdev.workers.dev npm-trends-gateway.onrender.com connect.facebook.net pl-proxy.uidotdev.workers.dev; script-src 'self' https://static.ads-twitter.com/uwt.js use.fortawesome.com connect.facebook.net npm-trends-proxy.uidotdev.workers.dev pl-proxy.uidotdev.workers.dev 'unsafe-eval' 'unsafe-inline'; style-src 'self' use.fortawesome.com 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' data:; 1
report-uri /tullettprebon/report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
default-src 'self' https://*.startupstack.tech; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.startupstack.tech https://js.chargebee.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://*.startupstack.tech https://*.chargebee.com; frame-src https://*.startupstack.tech https://*.chargebee.com; img-src 'self' data: https://*.startupstack.tech https://s3.amazonaws.com; report-uri https://startupstack.report-uri.io/r/default/csp/enforce; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; prefetch-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 1
default-src 'self'; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://*.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://mapiareus.infraplan.cat https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s7.addthis.com https://m.addthis.com https://www.scribd.com/javascripts/ https://www.termsfeed.com https://translate.google.com https://geoportal.reus.cat ; style-src 'self'   'unsafe-inline' https://ajax.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com https://mapiaserver.infraplan.cat https://geoportal.reus.cat ; img-src 'self'     data: https://*.google-analytics.com https://*.googletagmanager.com https://atilemaps.icgc.cat https://mapiareus.infraplan.cat https://*.googleapis.com https://*.gstatic.com https://s7.addthis.com https://m.addthis.com https://i.ytimg.com; connect-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://s7.addthis.com https://m.addthis.com ; font-src 'self'    https://fonts.gstatic.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self'   https://www.google.com/recaptcha/  https://recaptcha.google.com/recaptcha/ https://s7.addthis.com  https://www.youtube-nocookie.com https://www.youtube.com https://youtube.com https://geoportal.reus.cat https://mapiareus.infraplan.cat https://livestream.com ; report-to    csp-endpoint ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://webapi.charisma.ir https://charisma-website-api-stage-sec.charisma.digital https://www.clarity.ms https://c.bing.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.matomo.cloud https://websitecharisma.matomo.cloud https://analytics.charisma.ir http://analytics.charisma.ir/ https://ma-cdn.pegah.tech https://audience.yektanet.com https://ua.yektanet.com https://cdn.yektanet.com https://widget.formaloo.com https://api.formaloo.com https://googleads.g.doubleclick.net https://cdn.tavoos.net https://sniper.tavoos.net https://n1.sanjagh.com https://s1.mediaad.org https://api.mediaad.org https://van.najva.com https://mediacdn.mediaad.org https://cdn.goftino.com https://www.goftino.com wss://ws2.goftino.com; style-src 'self' 'unsafe-inline' https://cdn.goftino.com https://widget.formaloo.com https://van.najva.com; font-src 'self' 'unsafe-inline' https://cdn.goftino.com data:; img-src 'self' https://cdn.goftino.com https://ua.yektanet.com https://www.google.com *.afranet.net data: *.tile.openstreetmap.org https://widget.formaloo.com https://trustseal.enamad.ir; 1
frame-ancestors https://app.storyblok.com http://app.storyblok.com https://app.storyblok.org http://app.storyblok.org 1
style-src 'self' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-329f4a8e-96ce-45c9-8863-568cacd389bc' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https: https://matomo.lico.nl/matomo.js 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' ws: wss: https: http://localhost:3035 ws://localhost:3035 ws://dev.lico.nl:3035 ws://code.lico.nl:3035 1
object-src 'none'; frame-ancestors 'self' https://*.igamingserver.com 1
default-src 'self';connect-src https://* wss://* https://api.stripe.com https://content.cuvva.com;font-src data: 'self' https://js.intercomcdn.com/ https://fonts.intercomcdn.com/ https://fonts.gstatic.com/ https://*.typekit.net;img-src data: 'self' https://content.cuvva.com https://www.google-analytics.com/ https://maps.googleapis.com/ https://www.google.com https://www.google.co.uk https://*.gstatic.com/ https://twemoji.maxcdn.com/ https://js.intercomcdn.com https://static.intercomassets.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.stripe.com https://bat.bing.com https://static.cuvva.com https://downloads.intercomcdn.com https://messenger-apps.intercom.io;media-src https://js.intercomcdn.com;child-src 'self' https://*.g.doubleclick.net https://player.vimeo.com https://share.intercom.io https://www.youtube.com https://fast.wistia.net;frame-src 'self' https://*.g.doubleclick.net https://player.vimeo.com https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://intercom-sheets.com/;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cdnjs.cloudflare.com/ajax/libs/tether/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://code.jquery.com/ https://*.intercom.io https://js.intercomcdn.com https://js.stripe.com https://cdn.branch.io/branch-latest.min.js https://websdk.appsflyer.com/ https://app.link/ https://bat.bing.com https://p.teads.tv/teads-fellow.js;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com https://*.typekit.net;object-src 'none'; 1
frame-src *; frame-ancestors 'self' rocmn.test.hosted-temp.com rocmn-nl.acceptatie.synetic.nl rocmn.nl *.rocmn.test.hosted-temp.com *.rocmn-nl.acceptatie.synetic.nl *.rocmn.nl; report-uri https://www.rocmn.nl/report-uri/enforce 1
default-src https://infisical.com http://localhost:3003/; script-src api.infisical.com https://app.cal.com/embed/embed.js https://unpkg.com https://www.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com https://app.posthog.com https://app-static-prod.posthog.com https://googleads.g.doubleclick.net https://infisical.com http://localhost:3003/ https://assets.calendly.com/ https://js.stripe.com https://api.stripe.com https://infisical.us10.list-manage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://rsms.me https://app-static-prod.posthog.com 'unsafe-inline'; child-src https://infisical.com https://api.stripe.com; frame-src https://js.stripe.com/ https://app.cal.com/ https://api.stripe.com https://www.loom.com/ https://calendly.com/ https://www.youtube.com/; connect-src wss://nexus-websocket-a.intercom.io https://prod.spline.design https://api-iam.intercom.io https://api.github.com/repos/Infisical/infisical-cli http://localhost:4000 https://api.heroku.com/ https://gateway.apihero.run https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://infisical.com http://localhost:3003/ http://localhost:4000/ https://api.infisical.com https://api.stripe.com https://vitals.vercel-insights.com/v1/vitals ws://localhost:3003; img-src 'self' https://pbs.twimg.com https://www.google.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://api.producthunt.com https://*.stripe.com https://img.youtube.com https://i.ytimg.com/ data:; media-src https://js.intercomcdn.com; font-src 'self' https://fonts.intercomcdn.com/ https://maxcdn.bootstrapcdn.com https://rsms.me https://fonts.gstatic.com; 1
default-src https://www.google.de/ http://194.94.31.202/ https://stats.g.doubleclick.net https://www.google-analytics.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.google.com/ https://connect.facebook.net/ https://www.etermin.net/ https://studip.hs-schmalkalden.de/ https://www.hs-schmalkalden.de/ https://www.hs-schmalkalden.de:14682 https://typo3.hs-schmalkalden.de/ https://typo3.hs-schmalkalden.de:14682/ https://fonts.gstatic.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' https://www.google.com/ https://chat.blip.ai/ https://assets.braintreegateway.com/ https://ipiranga.chat.blip.ai/ https://kmv-partner-flow.abasteceai.net https://kmv-btree-checkout.abasteceai.net https://movida-mfe.kmdevantagens.com.br/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; 1
frame-ancestors 'self' https://everythingdisc-cms.prod.apl-kentico.private.wiley.host; 1
frame-ancestors 'self' *.commaful.com 1
default-src 'self' s3.amazonaws.com *.cloudfront.net;script-src 'self' 'sha256-MEqsWw4L5QzF380SC+pTw2wLRt42vH4kcCUppXN6Jj8=' 'sha256-nn7xyWt0iOoApHS6M3QGmlxng3dJl8RDhanTm4VQ2Gw=' 'sha256-QRG2yuLMzUepsusPMWCn6iHNlDjRMu4M584n3AgjehA=' 'sha256-FbwUPQrzMJ3N+PstLOrlt/b3Z7JBjbStJS+ZBXKSwvQ=' 'sha256-5kMb497w7ItxXRHeDONhgk1HOjOqzAVeP4/0KPiMW0Y=' 'sha256-CkcQF9E1VaUc8PmRLydCUXuX0A2ity3K7680rxe0bCw=' 'sha256-M0tacFDDmYwDqJ7WRMkBtaZR+w4d0LdOtWJa10xDeto=' 'sha256-T70FZ0UyEuoKs0UnGL2vBLTispK5neReN/jZI9d7tn4=' 'sha256-awNL0f/C2HgGtKj9gI2cAQQN4f/u4VaohngSi6Al32E=' 'sha256-f/Wxw0bvXBGjahCGDXAd51Ru25QmJHj4ThWrt1rT3ms=' 'sha256-eW/Rx3Qwt5F9QQfVe+IkPiPZP6bvWt0Nw3yraSkO7LE=' 'sha256-eW/Rx3Qwt5F9QQfVe+IkPiPZP6bvWt0Nw3yraSkO7LE=' 'sha256-0LO0kXmpQO72hOamvAnEicu68YkZE2I859Vs3zvz+ZY=' 'sha256-h2aMADaDlsTa8RGjoVpEsw0tCBZnz4IzXc8aJgv99dQ=' 'sha256-kYSEyOlTJDS9gqg2ZYmCdfYueO03Gc90G/NBiv0x0sc=' 'sha256-LxesHHuIwZnSokFMELntS7KrU9t14huAjLEDgcn8PCw=' 'sha256-ezfOFlruIClX6gfdXFg89InyxVChoN+iT6kYWZE/Sx8=' 'sha256-IWOToQcbJyvXc6dWgqD4+yaZiOHZmrMQiRBEXmlrNYw=' 'unsafe-eval' appleid.cdn-apple.com browser.sentry-cdn.com *.sentry.io sentry.io app.intercom.io widget.intercom.io js.intercomcdn.com cdn.pubnub.com checkout.stripe.com q.stripe.com js.stripe.com js-agent.newrelic.com bam.nr-data.net js.hs-banner.com js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hsforms.net forms.hsforms.com connect.facebook.net *.googletagmanager.com analytics.google.com www.google-analytics.com www.googleadservices.com www.google.com www.gstatic.com *.g.doubleclick.net apis.google.com use.typekit.net static.hotjar.com script.hotjar.com *.hscollectedforms.net analytics.tiktok.com *.licdn.com *.linkedin.oribi.io 'nonce-2tLgLi0t';style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com stackpath.bootstrapcdn.com static.hotjar.com script.hotjar.com;font-src 'self' data: fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com use.fontawesome.com stackpath.bootstrapcdn.com use.typekit.net script.hotjar.com;img-src 'self' blob: data: track.hubspot.com forms.hubspot.com cdn2.hubspot.net *.hsforms.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.cloudflare.com www.facebook.com *.googletagmanager.com www.google-analytics.com *.g.doubleclick.net www.google.com www.google.com.vn www.google.co.in *.s3.amazonaws.com s3.amazonaws.com *.cloudfront.net *.hotjar.com i.ytimg.com yt3.ggpht.com p.typekit.net *.linkedin.com;frame-src js.stripe.com q.stripe.com checkout.stripe.com *.instagram.com *.googletagmanager.com *.g.doubleclick.net www.facebook.com forms.hubspot.com forms.hsforms.com www.google.com accounts.google.com *.youtube.com https://youtu.be/ player.vimeo.com fast.wistia.net intercom-sheets.com intercom-reporting.com *.cloudfront.net drive.google.com vars.hotjar.com td.doubleclick.net;connect-src 'self' api.hubapi.com ipinfo.io *.s3.amazonaws.com bam.nr-data.net forms.hubspot.com *.hscollectedforms.net forms.hsforms.com *.pndsn.com *.sentry.io sentry.io *.googletagmanager.com www.google-analytics.com analytics.google.com *.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pagead2.googlesyndication.com analytics.tiktok.com licdn.com *.linkedin.oribi.io;media-src 'self' *.cloudfront.net *.s3.amazonaws.com s3.amazonaws.com js.intercomcdn.com *.youtube.com;worker-src blob: 1
base-uri 'self'; child-src blob:; connect-src 'self' * about:; default-src 'self'; font-src 'self' * data:; form-action 'self' *.list-manage.com; frame-ancestors 'self'; frame-src 'self' *; img-src 'self' * data: http://bouncetv.wpengine.com http://www.bouncetv.com; media-src * blob: data: http://bouncetv.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:bouncetv-prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-YzQxOTNlYzUtNmJlOC00NmQxLTgzNDYtNGI5MWIzMmRjOWI2'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' *.reciteme.com; connect-src 'self' *.googletagmanager.com *.google-analytics.com *.trac.jobs *.googleapis.com *.reciteme.com; frame-src 'self' *.youtube.com; frame-ancestors 'self'; style-src 'self' *.googleapis.com 'unsafe-inline' https:; script-src 'self' *.googletagmanager.com *.trac.jobs *.quietstorm.net *.googleapis.com http://tsy.yorkshiretravel.net *.yorkshiretravel.net *.cqc.org.uk *.google.com *.google-analytics.com *.gstatic.com *.reciteme.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.trac.jobs *.googleapis.com *.gstatic.com *.google-analytics.com *.cqc.org.uk *.reciteme.com *.googletagmanager.com data:; font-src 'self' *.googleapis.com *.gstatic.com *.reciteme.com; 1
font-src fonts.gstatic.com *.zmags.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors teamnemitoff.ngrok.io *.zmags.com *.nassaucandy.com nassaucandy.blog 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ content.news.nassaucandy.com *.cardconnect.com www.google.com *.drift.click js.driftt.com *.trustpilot.com *.doubleclick.com *.doubleclick.net *.zmags.com www.nassaucandy.com *.cloudinary.com *.gifyu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com res.cloudinary.com www.google.com analytics.google.com content.news.nassaucandy.com *.omappapi.com *.linkedin.com *.adsymptotic.com *.ziprecruiter.com *.zmags.com cas.zma.gs *.googletagmanager.com img.youtube.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.g.doubleclick.net nadleent.atlassian.net www.google.com www.gstatic.com www.googletagmanager.com a.omappapi.com js.driftt.com editor.ne16.com widget.trustpilot.com cdn.polyfill.io *.sentry-cdn.com *.licdn.com *.ziprecruiter.com *.zmags.com cas.zma.gs www.youtube.com *.hotjar.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.google.com *.ziprecruiter.com *.omappapi.com *.zmags.com cas.zma.gs *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com res.cloudinary.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.omappapi.com analytics.google.com adservice.google.com *.googlesyndication.com *.g.doubleclick.net editor.ne16.com *.ziprecruiter.com sentry.io *.zmags.com cas.zma.gs cdn.linkedin.oribi.io *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; upgrade-insecure-requests; style-src-elem 'unsafe-inline' https:; default-src https:; frame-ancestors 'self' https:; frame-src tel: mailto: https:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: 'unsafe-hashes'; script-src-elem 'unsafe-inline' https:; style-src 'unsafe-inline' 'report-sample' https: 'unsafe-hashes'; report-uri /.well-known/csp/afc50834-47a9-4f84-b965-04652c70215a 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://media.autobooks.co https://js.hs-scripts.com https://www.googletagmanager.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://siteimproveanalytics.com https://cdn.userway.org https://maps.googleapis.com/maps/api/js https://unpkg.com/@googlemaps/markerclusterer https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://platform-staging.pacwest.com/_Incapsula_Resource https://pacwest.com/_Incapsula_Resource https://js.hs-analytics.net http://js.hs-scripts.com https://js.hs-banner.com https://www.googleadservices.com/ https://js.hsforms.net 1
img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src * 'unsafe-eval' 'unsafe-inline' 'self' data: blob:; 1
default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self' wss://sotfx.com; img-src 'self' blob: data: data:; style-src 'self' 'unsafe-inline'; frame-src 'self' mcrouter:; media-src 'self'; form-action 'self'; manifest-src 'self' 1
frame-ancestors 'self' www.visually.io visually.io loomi.me vsly.local:8000; 1
default-src 'self' https://edocperso.fr https://app.edocperso.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stonly.com; connect-src 'self' https://edocperso.fr https://app.edocperso.fr https://stonly.com https://api.stonly.com ; img-src 'self' data:; style-src 'self' 'unsafe-inline' data: https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com; frame-src 'self' edocperso.fr app.edocperso.fr https://s.stonly.com https://edocperso.stonly.com https://stonly.com; 1
frame-ancestors 'none'; frame-src 'self' https://btcpay.sethforprivacy.com; default-src 'none'; media-src 'self'; img-src 'self' https://btcpay.sethforprivacy.com; script-src 'self' 'unsafe-inline' https://btcpay.sethforprivacy.com https://gist.github.com; style-src 'self' 'unsafe-inline' https://btcpay.sethforprivacy.com https://github.githubassets.com; form-action https://btcpay.sethforprivacy.com; base-uri 'none'; font-src 'self'; connect-src 'self' 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1
frame-ancestors 'self' https://*.smartersign.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.quttera.com  cdn.rawgit.com *.tildacdn.com tilda.ws *.googletagmanager.com *.googleapis.com;img-src 'self' *.tildacdn.com  *.quttera.com js.nicedit.com *.google.com *.facebook.com forms.hsforms.com track.hubspot.com https://*.hotjar.com *.googletagmanager.com  data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com 'unsafe-inline' *.googleadservices.com  js.hs-banner.com  js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net  *.tildacdn.com *.quttera.com *.google-analytics.com *.gstatic.com *.google.com cdn.rawgit.com cdn.jsdelivr.net *.doubleclick.net *.googletagmanager.com *.hotjar.com *.facebook.net *.hs-scripts.com tilda.ws *.youtube.com *.jquery.com;  font-src 'self' https://*.hotjar.com fonts.gstatic.com *.quttera.com *.tildacdn.com data:; connect-src 'self' wss://wsp24.hotjar.com *.google-analytics.com *.google.com  wsp24.hotjar.com *.doubleclick.net *.hubspot.com *.hotjar.com *.hubapi.com *.hotjar.io *.hotjar.com *.tildacdn.com forms.hscollectedforms.net; frame-src youtube.com *.youtube.com  *.threatsign.com  threatsign.com *.doubleclick.net *.facebook.com  *.hotjar.com;  upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-fxYH24QMSKknIiHyYdi1yA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://googletagmanager.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.radio; img-src 'self' https: data: blob: https://mastodon.radio; style-src 'self' https://mastodon.radio 'nonce-SD0bj6eBiFXfwNEpyPT/CA=='; media-src 'self' https: data: https://mastodon.radio; frame-src 'self' https:; manifest-src 'self' https://mastodon.radio; form-action 'self'; child-src 'self' blob: https://mastodon.radio; worker-src 'self' blob: https://mastodon.radio; connect-src 'self' data: blob: https://mastodon.radio https://mastodon.radio wss://mastodon.radio; script-src 'self' https://mastodon.radio 'wasm-unsafe-eval' 1
default-src 'self'  'unsafe-inline' 'unsafe-eval' *.qtsdatacenters.com;              child-src 'self'  *.adobe.com *.vimeo.com *.gtsdatacenters.com;     frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.youtube.com *.youtu.be *.qtsdatacenters.com *.vimeo.com *.company-target.com *.driftt.com td.doubleclick.net;             connect-src 'self' *.company-target.com *.google.com *.googleapis.com *.crazyegg.com *.doubleclick.net *.google-analytics.com tag-logger.demandbase.com px.ads.linkedin.com/wa/ www.facebook.com/tr ibc-flow.techtarget.com/;              font-src 'self' data: *.gstatic.com *.typekit.net;              img-src * data:;              manifest-src 'self';              media-src 'self' *.bc0a.com *.azure.com;              object-src 'self';              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.vimeocdn.com *.pardot.com *.qtsdatacenters.com *.polyfill.io *.google.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.marchex.io *.bc0a.com *.b0e8.com *.googletagmanager.com *.driftt.com *.doubleclick.net *.crazyegg.com *.google-analytics.com *.demandbase.com snap.licdn.com/li.lms-analytics/insight.min.js ws.zoominfo.com/pixel/ trk.techtarget.com connect.facebook.net/;              style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com *.typekit.net *.gstatic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' www.googletagmanager.com blob: ajax.googleapis.com ajax.aspnetcdn.com www.google-analytics.com www.google.com www.gstatic.com platform.twitter.com source.zoom.us zoom.us www.youtube.com;       style-src 'self' 'unsafe-inline' fonts.googleapis.com source.zoom.us www.gstatic.com;       img-src 'self' data: blob: img.youtube.com syndication.twitter.com i.ytimg.com www.worldgovernmentsummit.org;       font-src 'self' data: fonts.gstatic.com source.zoom.us;       connect-src 'self' wss:  www.google-analytics.com stats.g.doubleclick.net *.zoom.us;       media-src 'self' data: source.zoom.us;       object-src 'self';       child-src 'self';       frame-src 'self' www.youtube.com platform.twitter.com syndication.twitter.com www.google.com wgs--uat.sandbox.my.site.com docs.google.com;       worker-src 'self' blob:;       frame-ancestors 'self';       form-action 'self';       upgrade-insecure-requests;       block-all-mixed-content;       base-uri 'self';       manifest-src 'self' 1
default-src 'self'; base-uri 'self' holdemmanager.com; script-src 'self' https://cdn.holdemmanager.com https://affiliate.maxvaluesoftware.com https://cdnjs.cloudflare.com 'sha256-Ex177XxTzDxvnFfQ3vjCgh7rB5jPURepPErhXOOL2IY=' 'sha256-1JsKp7KkQC0HkPxNJYUOYVUwAmmrxeC8nalU75BtG7U=' holdemmanager.com *.holdemmanager.com 'unsafe-eval' https://player.vimeo.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.holdemmanager.com https://cdnjs.cloudflare.com; img-src 'self' holdemmanager.com *.holdemmanager.com; connect-src 'self'; font-src 'self' https://fonts.google.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com holdemmanager.com *.holdemmanager.com; object-src 'none'; media-src 'self' holdemmanager.com *.holdemmanager.com; frame-src  https://player.vimeo.com https://www.youtube.com; worker-src 'none'; form-action 'self' 'self' holdemmanager.com *.holdemmanager.com; frame-ancestors 'none', 1
frame-ancestors 'self' https://misaludapp.com https://www.lifesenssei.com https://www.quironsalud.es 1
frame-ancestors 'self' https://manage.plantservices.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; default-src 'self' blob: data: https://europa.eu/webtools/ https://*.openstreetmap.org https://analytics.enisa.europa.eu https://ec.europa.eu https://europa.eu/webtools/ https://ssl.google-analytics.com/ https://csi.gstatic.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://maps.gstatic.com https://fonts.gstatic.com https://scam-noscam-shakeel.netlify.app https://*.twitter.com https://cdn.syndication.twimg.com/ https://*.twimg.com/ https://www.youtube.com/embed/ https://webtools.ec.europa.eu/captcha/ https://ecsm.testing.eaudeweb.ro/ https://resilience.enisa.europa.eu/ https://cybersecuritymonth.eu/ https://www.cybersecuritymonth.eu/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.enisa.europa.eu/matomo.js https://ec.europa.eu https://europa.eu/webtools/ https://ssl.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://*.twitter.com/ https://cdn.syndication.twimg.com https://*.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://scam-noscam-shakeel.netlify.app/ https://*.list-manage.com/subscribe/post-json https://webtools.ec.europa.eu/captcha/ https://ecsm.testing.eaudeweb.ro/ https://resilience.enisa.europa.eu/ https://cybersecuritymonth.eu/ https://www.cybersecuritymonth.eu/ ; style-src 'self' 'unsafe-inline' https://ec.europa.eu https://europa.eu/webtools/ https://fonts.googleapis.com/ https://*.twitter.com/ https://*.twimg.com/ https://*.mailchimp.com https://webtools.ec.europa.eu/captcha/ https://ecsm.testing.eaudeweb.ro https://resilience.enisa.europa.eu/ https://cybersecuritymonth.eu/ https://www.cybersecuritymonth.eu/ ; frame-ancestors 'self' http://csirt.eaudeweb.ro/ https://csirtsnetwork.eu/ https://ecsm.testing.eaudeweb.ro/ https://resilience.enisa.europa.eu/ https://cybersecuritymonth.eu/ https://www.cybersecuritymonth.eu/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://govern.iota.org/logs/ https://govern.iota.org/sidekiq/ https://govern.iota.org/mini-profiler-resources/ https://govern.iota.org/assets/ https://govern.iota.org/extra-locales/ https://govern.iota.org/highlight-js/ https://govern.iota.org/javascripts/ https://govern.iota.org/plugins/ https://govern.iota.org/theme-javascripts/ https://govern.iota.org/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://govern.iota.org/assets/ https://govern.iota.org/javascripts/ https://govern.iota.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' www.mi6confidential.com mi6hq.substack.com newsletter.mi6-hq.com www.mi6confidential.com assets.mi6-hq.com; 1
frame-ancestors 'self' https://prdsales.int.n-ergie https://prdnetz.int.n-ergie https://prdnim.int.n-ergie https://prduews.int.n-ergie https://*.usercentrics.eu; 1
frame-ancestors 'self' https://www.suzukiauto.co.za; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.encorebostonharbor.com 1
img-src *; media-src 'self'; font-src *; frame-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors https://*.storyblok.com https://*.diva-e.com; 1
default-src 'self'; font-src 'self' data: *.cloudflare.com fonts.gstatic.com use.fontawesome.com ka-f.fontawesome.com; img-src 'self' data: www.compassionuk.org www.gstatic.com *.cloudflare.com media.ci.org *.facebook.net *.facebook.com bat.bing.com secure.gravatar.com services.ukpc.ci.org via.placeholder.com placehold.it play-lh.googleusercontent.com www.google.com www.google.co.in www.google.co.uk maps.googleapis.com maps.gstatic.com www.rnengage.com www.google-analytics.com vcc-eu5b.8x8.com img.youtube.com vcc-eu5.8x8.com sp.tinymce.com ct.pinterest.com www.googletagmanager.com res.cloudinary.com i.ytimg.com; connect-src 'self' *.google-analytics.com *.facebook.com yoast.com stats.g.doubleclick.net script.crazyegg.com rum-collector-2.pingdom.net tracking.crazyegg.com cdn.cookielaw.org privacyportal-eu.onetrust.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com maps.googleapis.com ct.pinterest.com ka-f.fontawesome.com n.clarity.ms cdn.ampproject.org analytics.tiktok.com analytics.google.com app.omniconvert.com; style-src 'self' 'unsafe-inline' www.compassionuk.org cdnjs.cloudflare.com fonts.googleapis.com compassionuk.widget.custhelp.com use.fontawesome.com cdn.tiny.cloud optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.compassionuk.org www.googletagmanager.com *.google-analytics.com optimize.google.com *.cloudflare.com connect.facebook.net bat.bing.com blueimp.github.io maps.googleapis.com ajax.aspnetcdn.com rum-static.pingdom.net script.crazyegg.com unpkg.com www.google.com vcc-eu5.8x8.com my.compassionuk.org www.gstatic.com www.rnengage.com compassionuk.widget.custhelp.com cdn.cookielaw.org vcc-eu5b.8x8.com cdn.tiny.cloud www.gstatic.com www.rnengage.com www.googleoptimize.com s.pinimg.com home-l32.niceincontact.com cdn.ampproject.org www.clarity.ms analytics.tiktok.com blob: cdn.omniconvert.com; frame-src 'self' data: *.youtube.com www.rnengage.com www.google.com vcc-eu5.8x8.com vcc-eu5b.8x8.com www.youtube-nocookie.com indd.adobe.com www.facebook.com optimize.google.com home-l32.niceincontact.com ct.pinterest.com 1
object-src 'self' www.google.com transac.telebec.com google-analytics.com api.google-analytics.com; frame-ancestors 'self'; 1
script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://assets-global.website-files.com https://*.cloudfront.net https://*.force.com https://*.typekit.net; img-src * 'self' data: about:; font-src 'self' data: https://assets.website-files.com https://use.typekit.net https://c1.sfdcstatic.com; connect-src * 'self'; media-src 'self' https://assets-global.website-files.com; object-src 'none'; prefetch-src 'self'; child-src 'none'; frame-src https://forms.hsforms.com https://bid.g.doubleclick.net https://cdn.embedly.com https://service.force.com https://www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.vimeo.com https://www.youtube.com https://t.sharethis.com https://a21365630547.cdn.optimizely.com https://a21365630547.cdn-pci.optimizely.com https://insight.adsrvr.org https://*.facebook.com https://match.adsrvr.org; worker-src blob:; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://nydig--emsservice.my.salesforce.com https://webto.salesforce.com https://*.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
frame-ancestors 'self' prognos.matomo.cloud; 1
default-src 'self'; img-src 'self' https://accurintcrimeanalysis.com https://*.watchsystems.com http://*.watchsystems.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: *.ggpht.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://*.gstatic.com https://*.googleapis.com edge.fullstory.com rs.fullstory.com https://*.risk.regn.net/cdn/a11ycat-1.0.0.min.js; frame-src *.google.com; connect-src 'self' http://localhost:8080 https://*.googleapis.com *.google.com *.ggpht.com https://*.gstatic.com data: blob: edge.fullstory.com rs.fullstory.com https://*.risk.regn.net/cdn/a11ycat-1.0.0.min.js https://wasp.risk.regn.net/scan https://*.applicationinsights.azure.us; 1
default-src 'self'; connect-src 'self' sds.steemworld.org sds1.steemworld.org steemd.steemworld.org api.steemwow.com api.steemit.com api.justyy.com api.steemitstage.com steemitimages.com api.steemdb.online api.steem.bts.tw cn.steems.top steem.61bts.com api.steem.fans api.steemzzang.com; font-src 'self'; frame-ancestors 'none'; frame-src 'self'; img-src * data:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.equinenow.com *.2mdn.net *.acexedge.com *.adbutter.net *.adrta.com *.adsafeprotected.com *.adnxs.com *.adnxtr.com *.adroll.com *.adsrvr.org *.adtechus.com *.atdmt.com ajax.googleapis.com *.amazonaws.com *.amazon-adsystem.com *.ampproject.org *.basis.net *.betrad.com *.bidsumulator.com *.bidswitch.net *.bluekai.com *.bidr.io *.contextweb.com *.clarium.io *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.dowlextff.com *.dvtps.com connect.facebook.net confiant-integrations.global.ssl.fastly.net *.confiant-integrations.net *.esm1.net *.exponential.com *.everesttech.net *.evidon.com *.fastclick.net *.flashtalking.com maps.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.jivox.com *.krxd.net *.mathtag.com *.mediamathtag.com *.minkatu.com *.moatads.com *.myvisualiq.net *.olark.com *.opendns.com *.revjet.com *.pinterest.com *.quantcount.com *.quantserve.com *.scorecardresearch.com *.serving-sys.com *.sharethis.com *.sitescount.com *.steelhousemedia.com *.stripe.com *.tubemogul.com *.trustarc.com *.truste.com *.turn.com *.voicefive.com *.ybp.yahoo.com *.yimg.com img.dogsnow.com; style-src img.equinenow.com 'self' 'unsafe-inline' *.googleapis.com *.cmptch.com *.evidon.com *.fastclick.net maxcdn.bootstrapcdn.com *.quantcount.com *.sharethis.com img.dogsnow.com; style-src-elem img.equinenow.com 'self' 'unsafe-inline' *.evidon.com fonts.googleapis.com maxcdn.bootstrapcdn.com content.quantcount.com secure.cdn.fastclick.net static.olark.com *.sharethis.com img.dogsnow.com; img-src * 'self' data: *.equinenow.com img.dogsnow.com; font-src 'self' data: img.equinenow.com maxcdn.bootstrapcdn.com fonts.googleapis.com tpc.googlesyndication.com cdnjs.cloudflare.com fonts.gstatic.com cdn.revjet.com c.steelhousemedia.com img.dogsnow.com; connect-src 'self' www.facebook.com *.acexedge.com *.adnxs.com *.adsrvr.org *.amazon-adsystem.com *.ampproject.org adserver-us.adtech.advertising.com *.bttrack.com *.contextweb.com *.casalemedia.com *.clearrtb.com *.clarium.io *.doubleclick.net *.doubleverify.com *.dotomi.com *.districtm.io *.flashtalking.com *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.gstatic.com metrics.nt.vc *.opendns.com *.serving-sys.com *.sharethis.com *.steelhousemedia.com *.yahoo.com; frame-ancestors 'self' *.allbreedpedigree.com *.pedigreequery.com; frame-src 'self' *.2mdn.net *.adform.net *.admission.net *.adnxs.com *.amazon-adsystem.com advertising.aol.com bttrack.com *.casalemedia.com *.cargurus.com connect.facebook.net *.consensu.org *.contobox.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.com *.flashtalking.com *.google.com *.googlesyndication.com *.linksynergy.com *.mathtag.com match.prod.bidr.io *.opendns.com *.placelocal.com *.serving-sys.com *.sharethis.com *.simpli.fi *.sitescout.com *.stripe.com *.turn.com *.vimeo.com *.w55c.net *.youtube.com; object-src 'none'; media-src *; form-action 'self' edge.sharethis.com m.facebook.com facebook.com www.google.com www.paypal.com www.uship.com; base-uri 'none'; report-to csp-services; report-uri https://equinenow.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1
frame-ancestors 'self' www.westin-dresden.de westin-dresden.de newsletter.hotel-bellevue-dresden.de nieuwsbrief.bilderberg.nl bilderberg.nl www.bilderberg-hotel-dresden.de bilderberg-hotel-dresden.de bilderberg-bellevue-dresden.de www.bilderberg-bellevue-dresden.de 1
font-src 'self' data: app.onlim.com *.hotjar.com *.global.commerce-connector.com fonts.gstatic.com *.cookiefirst.com use.typekit.net; style-src-elem app.onlim.com *.cdn.flockler.com *.typekit.net optimize.google.com *.global.commerce-connector.com cdn.wagner-group.com 'self' 'unsafe-inline' consent.cookiefirst.com fonts.googleapis.com translate.googleapis.com; style-src *.cdn.flockler.com *.typekit.net optimize.google.com *.global.commerce-connector.com cdn.wagner-group.com 'self' 'unsafe-eval' 'unsafe-inline' consent.cookiefirst.com fonts.googleapis.com translate.googleapis.com; worker-src 'self' blob:; style-src-attr 'unsafe-inline'; form-action *.hsforms.com forms.hubspot.com 'self' www.facebook.com; frame-ancestors 'self' one.wagner-group.com www.supersaas.de; object-src 'self' 1
default-src 'self';			script-src 'self' 'unsafe-inline' 'unsafe-eval' content.brightsign.biz pi.pardot.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleadservices.com *.g.doubleclick.net *.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com player.vimeo.com connect.facebook.net *.hotjar.com js.zi-scripts.com ws-assets.zoominfo.com schedule.zoominfo.com *.bugherd.com *.pusher.com *.calendly.com *.segment.io;			style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com fonts.googleapis.com *.hotjar.com *.calendly.com;			object-src 'none';			base-uri 'self';			connect-src 'self' *.analytics.google.com adservice.google.com *.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com js.zi-scripts.com ws.zoominfo.com api.schedule.zoominfo.com *.bugherd.com sessions.bugsnag.com *.pusher.com  wss://*.pusher.com *.brightsign.biz *.google.pl *.google.si;			font-src 'self' data: fonts.gstatic.com *.hotjar.com;			form-action 'self' connect.facebook.net www.facebook.com;			frame-ancestors 'self';			frame-src 'self' bid.g.doubleclick.net td.doubleclick.net *.googlesyndication.com *.google.com *.facebook.com player.vimeo.com *.youtube.com *.youtube-nocookie.com *.bugherd.com *.calendly.com calendly.com;			img-src 'self' *.pardot.com *.brightsign.biz data: *.vimeocdn.com *.google.com *.google-analytics.com  *.googletagmanager.com *.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.gstatic.com *.facebook.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com secure.gravatar.com *.cloudfront.net tools.applemediaservices.com apple-resources.s3.amazonaws.com *.hotjar.com *.bugherd.com bugherd-attachments.s3.amazonaws.com;			manifest-src 'self';			media-src 'self' brightsignbiz.s3.amazonaws.com;			worker-src 'none';			report-uri https://updates.synapseresults.com/csp-violation-report/;		 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://aethy.com 'wasm-unsafe-eval'; font-src 'self' https://aethy.com; img-src 'self' data: blob: https://aethy.com https://cdn.aethy.com media.tenor.com; style-src 'self' https://aethy.com 'nonce-L5f2I8R+HUf4qTtemxjLzA=='; media-src 'self' data: https://aethy.com https://cdn.aethy.com; frame-src 'self' https:; child-src 'self' blob: https://aethy.com; worker-src 'self' blob: https://aethy.com; connect-src 'self' blob: data: wss://aethy.com https://aethy.com https://cdn.aethy.com *.tenor.com; manifest-src 'self' https://aethy.com; form-action 'self' 1
default-src 'self' data: loading.expres *.loading.express 'unsafe-inline' *.webpagetest.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.yandex.net *.yandex.ru *.cdn77.org *.yandex.md *.yandex.com *.yandex.fr *.yandex.ua *.yandex.kz *.yandex.by *.yandex.uz *.ampproject.org *.google.co.cr *.google.gr *.google.dz *.google.fi *.google.tm *.google.com.tw *.google.com.my *.google.mv *.google.com.mm *.google.mk *.google.com.bd *.google.com.gi *.google.dk *.google.com.sa *.google.ad *.google.com.pa *.google.co.tz *.google.li *.google.hr *.google.com *.google.com.co *.google.sk *.google.cn *.google.si *.google.cl *.google.hu *.google.no *.google.it *.google.bg *.google.co.jp *.google.be *.google.com.vn *.google.me *.google.kg *.google.rs *.google.com.ph *.google.com.cy *.google.com.br *.google.ie *.google.pt *.google.co.in *.google.lu *.google.lk *.google.com.pk *.google.cz *.google.am *.google.se *.google.ca *.google.ro *.google.com.mx *.google.ge *.google.ch *.google.lv *.google.co.uk *.google.az *.google.co.id *.google.com.eg *.google.nl *.google.co.il *.google.pl *.google.com.au *.google.com.hk *.google.com.tr *.google.co.nz *.google.at *.google.ae *.google.lt *.google.co.kr *.google.com.sg *.google.sc *.google.com.ua *.google.ee *.google.fr *.google.co.th *.google.co.uz *.google.md *.google.by *.google.kz *.google.de *.google.es *.google.com.tj *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.ggpht.com *.ytimg.com *.google.ru *.youtube.com *.jsdelivr.net *.googleapis.com *.gstatic.com *.pusher.com wss://*.pusher.com *.gravatar.com *.youtube-nocookie.com *.w.org *.spreaker.com *.rating-widget.com *.fontawesome.com *.googleusercontent.com 'unsafe-eval' top-fwz1.mail.ru content.mql5.com *.licdn.com vk.com *.vk.com *.quora.com *.linkedin.com *.utmstat.com *.segment.com *.segment.io myiw.ru *.myiw.ru perfscan.ru *.perfscan.ru *.sendpulse.com carrotquest.app carrotquest.io *.carrottrack.io *.carrotquest.io *.carrotquest.app wss://*.carrotquest.app; report-uri https://sentry.myiw.ru/api/6/security/?sentry_key=29777cbd17e945eea3f35027ada00ba9; 1
worker-src 'self'; default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://design.freelance.de https://insights.freelance.de https://js-eu1.hsforms.net/forms/v2.js https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://js.stripe.com https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.2/dist/jquery.fancybox.min.js https://cdn.polyfill.io/v3/polyfill.min.js https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com https://unpkg.com/esri-leaflet-geocoder@2.2.6 https://unpkg.com/leaflet@1.2.0/dist/leaflet.js https://unpkg.com/esri-leaflet@2.1.1/dist/esri-leaflet.js https://rawgit.com/nguyenning/Leaflet.defaultextent/master/dist/leaflet.defaultextent.js https://unpkg.com/esri-leaflet-renderers@2.0.4/dist/esri-leaflet-renderers-debug.js https://rawgit.com/w8r/esri-leaflet-legend/master/dist/esri-leaflet-legend-compat.js https://tagmanager.google.com https://snap.licdn.com https://cdn.mouseflow.com/projects/0b6a218d-bb1b-445c-a6ab-73da76b248df.js https://app.storyblok.com/f/storyblok-v2-latest.js; img-src 'self' data: https://insights.freelance.de https://design.freelance.de https://*.freelance.de/ https://www.google-analytics.com https://www.gstatic.com/images/icons/material/system/1x/keyboard_arrow_up_white_48dp.png https://ssl.gstatic.com/analytics-suite/header/legacy/v1/ic_tag_manager.svg https://www.google-analytics.com/collect https://www.google.com/ads/ https://www.google.de/ads/ https://www.googletagmanager.com https://ssl.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/ https://pci.usd.de/compliance/ https://www.sandbox.paypal.com/ https://www.paypal.com/ https://www.paypalobjects.com https://marktanalystonline.de/ https://*.arcgisonline.com https://*.doubleclick.net https://*.ads.linkedin.com https://*.doubleclick.net/r/collect https://*.tile.openstreetmap.org https://img.youtube.com https://a.storyblok.com https://www.kununu.com https://imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' https://design.freelance.de https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://w8r.name/esri-leaflet-legend/example/css/style.css https://rawgit.com/nguyenning/Leaflet.defaultextent/master/dist/leaflet.defaultextent.css https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://unpkg.com/esri-leaflet-geocoder@2.2.6/dist/esri-leaflet-geocoder.css https://www.googletagmanager.com; font-src 'self' data: https://design.freelance.de https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self'; connect-src 'self' https://design.freelance.de https://insights.freelance.de https://www.google-analytics.com https://www.google.com https://www.google.de/ads/ https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://secure.geonames.org https://api.stripe.com https://consentcdn.cookiebot.com https://marktanalystonline.de https://geocode.arcgis.com https://*.doubleclick.net https://cdn.linkedin.oribi.io https://o2.mouseflow.com https://api.storyblok.com https://px.ads.linkedin.com/wa/; child-src 'self' https://design.freelance.de https://www.youtube.com https://www.google.com https://insights.freelance.de; frame-src 'self' https://forms-eu1.hsforms.com https://design.freelance.de https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.google.de https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self' https://app.storyblok.com; media-src 'self' https://a.storyblok.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://famichiki.jp; img-src 'self' https: data: blob: https://famichiki.jp; style-src 'self' https://famichiki.jp 'nonce-vcD2fUCX9xHP/JPQrgXuGA=='; media-src 'self' https: data: https://famichiki.jp; frame-src 'self' https:; manifest-src 'self' https://famichiki.jp; form-action 'self'; child-src 'self' blob: https://famichiki.jp; worker-src 'self' blob: https://famichiki.jp; connect-src 'self' data: blob: https://famichiki.jp https://cdn.famichiki.jp wss://famichiki.jp; script-src 'self' https://famichiki.jp 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://livellosegreto.it; img-src 'self' https: data: blob: https://livellosegreto.it; style-src 'self' https://livellosegreto.it 'nonce-anQj5Crxz4k8mNC6rWY5Fg=='; media-src 'self' https: data: https://livellosegreto.it; frame-src 'self' https:; manifest-src 'self' https://livellosegreto.it; form-action 'self'; child-src 'self' blob: https://livellosegreto.it; worker-src 'self' blob: https://livellosegreto.it; connect-src 'self' data: blob: https://livellosegreto.it https://cdn.masto.host wss://livellosegreto.it; script-src 'self' https://livellosegreto.it 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.meshcomputers.com https://*.googleapis.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com/ https://www.google.co.uk/ https://googleads.g.doubleclick.net/ https://*.gstatic.com/ https://*.clixtell.com/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://*.paypal.com/ https://*.tawk.to/ wss://*.tawk.to https://*.v12finance.com/ https://*.worldpay.com/ https://www.youtube.com/ https://www.nvidia.com/ https://widget.trustpilot.com/ https://stats.g.doubleclick.net/ https://cdn.jsdelivr.net/emojione/ https://siteseal.quovadisglobal.com/ https://code.jquery.com/ https://momentjs.com/downloads/moment-with-locales.js https://www.awin1.com/ https://meshcomputers.us1.list-manage.com/ https://cdn.tiny.cloud/ https://sp.tinymce.com/ https://images.nvidia.com/geforce/gsap/ https://wus-streaming-video-rt-microsoft-com.akamaized.net/ https://cdnjs.cloudflare.com/ajax/libs/is-in-viewport/3.0.0/isInViewport.min.js https://assets.dekopay.com/ https://pay.deko.finance/ https://o993891.ingest.sentry.io/ https://dekopay.preprod.k8s.dekopay.org/ https://api.dekopay.com/ https://api.deko-uat.com/ https://*.sharethis.com https://*.videoly.co/ https://*.youtube-nocookie.com/ https://*.ytimg.com/ https://*.wistia.com/ https://*.wistia.net/ http://front.meshcomputers.com https://sendy.meshcomputers.com https://js-eu1.hs-scripts.com/143150141.js https://js-eu1.usemessages.com/conversations-embed.js https://api-eu1.hubspot.com https://app-eu1.hubspot.com/ https://js-eu1.hscollectedforms.net/collectedforms.js https://forms-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com/v2/143150141/banner.js; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.meshcomputers.com; img-src 'self' data: * 1
img-src 'self'; script-src 'self';  frame-ancestors 'self' https://www.kymmis.com; 1
default-src 'self' https://www.google-analytics.com https://analytics.google.com https://l.sharethis.com;     font-src  'self'  https://use.fontawesome.com ;     img-src 'self' https://bat.bing.com/ https://www.google.com https://platform-cdn.sharethis.com https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com;     frame-ancestors 'self' https://cms.phhmortgage.com:9109;     frame-src 'self' https://cms.phhmortgage.com:9109 https://bid.g.doubleclick.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://www.google.com https://prod.northstar.ellielabs.com https://na3.docusign.net https://api.elliemae.com https://na.account.docusign.com https://widget.trustpilot.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com/bat.js https://bat.bing.com/p/action/331000377.js https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com https://buttons-config.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://t.sharethis.com https://www.gstatic.com https://widget.ellieservices.com https://protect-eu.mimecast.com https://security-eu.mimecast.com https://widget.trustpilot.com https://www.googleadservices.com;      style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com ;     object-src 'none';     base-uri 'self' https://cms.phhmortgage.com:9109;     form-action 'self' https://partnerapi.lending.mortgagesvcs.com https://widget.ellieservices.com;      report-uri https://www.phhmortgage.com/csp-report-endpoint; 1
frame-ancestors 'self' d125.instructure.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://miraclemethod.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; base-uri 'self'; media-src 'self' https://cdn.livechatinc.com/widget/ https://s3.amazonaws.com/dreamgiveaway/ https://youtu.be; img-src 'self' https://wellput.go2cloud.org https://fonts.googleapis.com https://ct.pinterest.com/v3/ https://*.clarity.ms https://c.bing.com data: *.google.com *.doubleclick.net *.googleadservices.net https://photos.smugmug.com/ https://system.picreel.com/img/ https://cm.g.doubleclick.net/pixel https://cs.adingo.jp/push/ https://odr.mookie1.com/t/v2 https://x.bidswitch.net/syncd https://usermatch.krxd.net/um/ https://eb2.3lift.com/xuid https://io.narrative.io/ https://tags.rd.linksynergy.com/rcs https://e.nexac.com/e/ttd_sync.xgi https://loadm.exelator.com/load/ https://dmp.truoptik.com/ https://match.sharethrough.com/sync/ https://uipglob.semasio.net/tradedesk/1/get https://match.sync.ad.cpe.dotomi.com/w/user.sync https://mid.rkdms.com/bct https://idsync.rlcdn.com/361776.gif https://aa.agkn.com/adscores/g.pixel https://ads.scorecardresearch.com/p https://i.liadm.com/s/ https://su.addthis.com/red/ https://secure.insightexpressai.com/adserver/ https://match.adsrvr.org/track/cmf/ https://simage2.pubmatic.com/AdServer/Pug  https://pixel.tapad.com/idsync/ex/ https://ups.analytics.yahoo.com/ups/ https://www.google-analytics.com/collect https://googleads.g.doubleclick.net/pagead/ https://www.googletagmanager.com/ https://bat.bing.com https://www.facebook.com https://connect.facebook.net/log/error https://via.placeholder.com/ https://s3.amazonaws.com/dreamgiveaway/images/ https://i.ytimg.com https://www.google.com https://insight.adsrvr.org/track/conv/ https://www.w3.org/2000/ https://cs.adingo.jp/push/ https://ib.adnxs.com/ https://www.shareasale.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://wellput.go2cloud.org https://js.go2sdk.com/v2/tune.js https://tr.outbrain.com/cachedClickId https://wave.outbrain.com/mtWavesBundler/handler/ https://s.pinimg.com/ct/lib/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://s.pinimg.com/ct/core.js https://amplify.outbrain.com/cp/ https://amplify.outbrain.com/cp/obtp.js https://cdn.livechatinc.com/tracking.js https://api.livechatinc.com/ https://secure.livechatinc.com/customer/ https://www.gstatic.com/charts/ https://connect.facebook.net/signals/config/ https://www.facebook.com https://connect.facebook.net/en_US/ https://www.facebook.com/tr/ https://bat.bing.com/ https://nexus.ensighten.com https://www.googletagmanager.com https://s3.amazonaws.com/dreamgiveaway https://assets.pcrl.co https://www.googleadservices.com https://www.youtube.com https://bat.bing.com/action/ https://www.google.com https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://system.picreel.com https://app.picreel.com https://static.doubleclick.net https://insight.adsrvr.org/track/conv/ https://match.adsrvr.org/track/ https://pixel.admedia.com/ https://www.dwin1.com https://*.clarity.ms https://trk.mdrtrck.com/aff_lsr https://cdn.rollbar.com/rollbarjs/refs/tags/v2.26.1/rollbar.min.js  https://pips.taboola.com/ https://cdn.taboola.com/libtrc/unip/1593681/tfa.js https://cdn.taboola.com/scripts/ https://trc.taboola.com/1593681/trc/; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://www.gstatic.com/charts/ https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/css https://www.w3.org; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com/s/ https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/; connect-src 'self'  https://wellput.go2cloud.org https://wellput.go2cloud.org/ping https://fonts.googleapis.com https://ct.pinterest.com/user/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://app.picreel.com/api/getUserTypeByUrl/ https://tr.outbrain.com https://s.pinimg.com https://ct.pinterest.com/stats/ https://metrics.dreamgiveaway.com/events https://*.analytics.google.com/g/collect https://analytics.google.com/g/collect https://pixel.admedia.com/convVisitLib.php https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net https://www.google-analytics.com/collect https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://facebook.com https://*.clarity.ms https://api.rollbar.com/api/1/item/ https://trc-events.taboola.com/1593681/log/ https://pips.taboola.com https://cds.taboola.com; child-src 'self' https://facebook.com https://www.youtube.com/ https://youtu.be; worker-src 'self' blob:; object-src 'self' https://www.sandbox.dreamgiveaway.com/donations/certificate/ frame-ancestors https://app.picreel.com/ https://ct.pinterest.com/ct.html https://www.tabsite.com/ https://www.facebook.com/dreamgiveaway/ https://www.youtube.com/; frame-src 'self' https://www.facebook.com/ https://ct.pinterest.com/ct.html https://secure.livechatinc.com/customer/ https://facebook.com/ https://www.youtube.com/ https://youtu.be https://bid.g.doubleclick.net/ https://app.picreel.com/; form-action 'self' https://www.facebook.com/tr/ https://testsecureacceptance.cybersource.com/silent/pay https://secureacceptance.cybersource.com/silent/pay 1
connect-src 'self' *.siteimprove.com *.fontawesome.com *.readspeaker.com fonts.googleapis.com cdn1.readspeaker.com *.elk01.yard.nl *.test01.yard.nl *.googleapis.com; default-src 'self' *.fontawesome.com *.readspeaker.com alkmaar-openpub.accept02.yard.nl alkmaar-openpdc.accept02.yard.nl; font-src 'self' data: https: fonts.gstatic.com *.fontawesome.com *.readspeaker.com; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com *.vimeo.com *.arcgis.com; img-src data: https: *.fontawesome.com *.google-analytics.com *.readspeaker.com alkmaar-openpub.accept02.yard.nl alkmaar-openpdc.accept02.yard.nl *.siteimproveanalytics.io; media-src 'self' *.fontawesome.com *.readspeaker.com; object-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.googleapis.com www.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.readspeaker.com *.siteimproveanalytics.com *.siteimprove.net *.siteimprove.com siteimproveanalytics.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.polyfill.io *.fontawesome.com *.googletagmanager.com *.readspeaker.com www.google.com *.siteimprove.net polyfill.io www.gstatic.com siteimproveanalytics.com connect.facebook.net *.googleapis.com www.google-analytics.com *.newrelic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.readspeaker.com; block-all-mixed-content; upgrade-insecure-requests; report-uri 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.lytics.io https://cdn.segment.com https://api.ipify.org https://api.lightboxcdn.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://widget-cdn.rpxnow.com https://z.moatads.com https://s3-us-west-2.amazonaws.com https://ss.click2cart.com https://analytics.tiktok.com https://tr.snapchat.com https://sc-static.net *.cloudfront.net *.agkn.org api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://s3.lightboxcdn.com https://display.ugc.bazaarvoice.com https://maxcdn.bootstrapcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://s3-us-west-2.amazonaws.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://downloads.ctfassets.net assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://click2cart.com https://c.lytics.io https://s3.lightboxcdn.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://www.google.com https://www.google.hr i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com https://maxcdn.bootstrapcdn.com fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com https://tr.snapchat.com www.youtube.com https://www.youtube-nocookie.com https://click2cart.co feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://chatbotslife.com https://*.chatbotslife.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self';  script-src 'self' 'unsafe-inline' *.google.com *.google.ru *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.yandex.net *.yandex.ru *.yandex.com yastatic.net *.cloudpayments.ru payga.me https://fpjscdn.net https://fpnpmcdn.net;  worker-src 'self' blob:;  frame-src 'self' *.cloudpayments.ru *.google.com captcha-api.yandex.ru mc.yandex.ru;  frame-ancestors 'self' *.cloudpayments.ru *.google.com captcha-api.yandex.ru;  child-src blob: *.youtube.com *.google.com *.cloudpayments.ru;  style-src 'self' 'unsafe-inline' fonts.googleapis.com;  img-src * blob: data:;  media-src 'none';  connect-src 'self' wss://*.paygame.ru *.paygame.ru *.yandex.ru *.yandex.com *.google-analytics.com *.g.doubleclick.net *.google.com *.google.ru *.googleapis.com s.payga.me *.payga.me https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://api.fpjs.io https://*.api.fpjs.io https://px.payga.me;  font-src 'self' fonts.gstatic.com yastatic.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://scholar.social; img-src 'self' https: data: blob: https://scholar.social; style-src 'self' https://scholar.social 'nonce-AU7Pz1NYZBNQa823F4p64Q=='; media-src 'self' https: data: https://scholar.social; frame-src 'self' https:; manifest-src 'self' https://scholar.social; form-action 'self'; child-src 'self' blob: https://scholar.social; worker-src 'self' blob: https://scholar.social; connect-src 'self' data: blob: https://scholar.social https://cdn.masto.host wss://scholar.social; script-src 'self' https://scholar.social 'wasm-unsafe-eval' 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self' https://*.polygongroup.com https://staffbase.com capacitor://polygongroup.com capacitor://staffbase.com 1
default-src  'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' api.marker.io ssr.marker.io api.datatables.net; frame-src  'self' app.marker.io www.google.com/recaptcha/ https://app.powerbi.com ; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://code.jquery.com https://code.iconify.design https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://edge.marker.io https://api.marker.io https://openfpcdn.io/fingerprintjs/ https://app.powerbi.com https://debug.datatables.net https://api.datatables.net ; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://debug.datatables.net https://api.datatables.net ; img-src  'self' data: blob https://media.marker.io https://app.marker.io https://edge.marker.io https://ajax.googleapis.com  ; 1
default-src 'self' 'unsafe-inline' data: https://*.clarity.ms https://c.bing.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com https://maps.google.com https://www.google.com https://www.gstatic.com https://cdn.simplesat.io/ https://api.simplesat.io https://fonts.googleapis.com/ https://www.youtube.com/ https://*.wp.com/; img-src 'self' https: data:; font-src 'self' https: data: fonts.gstatic.com; report-uri 'self'; frame-src https://maps.google.com https://www.google.com https://player.vimeo.com https://www.youtube.com/ 1
frame-ancestors 'self'; form-action 'self' *.domainregistration.com.sg *.paypal.com; upgrade-insecure-requests 1
default-src 'self'; media-src https://*.amazonaws.com/stage.iap.static/ https://iappublicfilestoragelive.blob.core.windows.net/; img-src * data: https://magix.containers.piwik.pro https://magix.piwik.pro; script-src 'self' https://*.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro 'nonce-xsPTM3WL/OyC9oggePo/GydP710='; style-src 'self' 'unsafe-inline' https://magix.containers.piwik.pro https://magix.piwik.pro; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ https://vars.hotjar.com; connect-src 'self' https://www.google-analytics.com/ http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/ https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro; font-src 'self' http://script.hotjar.com https://script.hotjar.com https://magix.containers.piwik.pro https://magix.piwik.pro 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yandex.ru https://cdn.jsdelivr.net https://yastatic.net https://iframe-toloka.com https://ymetrica1.com https://connect.ok.ru http://connect.ok.ru  *.google-analytics.com  *.gstatic.com *.google.com  http://reformal.ru  *.mail.ru *.youtube.com *.ytimg.com *.cackle.me http://cackle.me https://cackle.me http://my2.imgsmail.ru http://forumok.disqus.com *.disquscdn.com http://disgusting.ru https://telegram.org https://comments.app https://forumok.com; report-uri /collector.php 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
worker-src blob:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://nl.batchgeo.com https://geo.amstelveen.nl https://sdk.companywebcast.com/ https://rws.projectatlas.app/ https://denkmee.amstelveen.nl/ https://bereikbaarheid.andes.nl/ https://player.vimeo.com/ https://data.amstelveen.nl/ https://aa.kaartviewer.nl/;  script-src 'self' *.amstelveen.nl *.list-manage.com ssl.google-analytics.com maps.googleapis.com maps.google.com siteimproveanalytics.com https://amstelveen.us16.list-manage.com/ https://aa.kaartviewer.nl/geocomponent/js/geocomponent.js https://archive.email-provider.eu/ https://embed.email-provider.eu/ https://embed.email-provider.nl/ https://embed.email-provider.eu/e/re2jctksdg-my1b3mj08f.js; style-src 'self' 'unsafe-inline' *.amstelveen.nl fonts.googleapis.com https://aa.kaartviewer.nl/geocomponent/css/geocomponent.css https://aa.kaartviewer.nl/data/aa/templates/geocomponent/css/amstelveen_geocomponent.css https://bereikbaarheid.andes.nl/ https://embed.email-provider.eu/e/css/; default-src 'self' *.amstelveen.nl fonts.gstatic.com www.youtube.com https://nl.batchgeo.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://aa.kaartviewer.nl/ https://embed.email-provider.eu/;  img-src 'self' *.amstelveen.nl data: ssl.google-analytics.com pbs.twimg.com *.tile.openstreetmap.org *.global.siteimproveanalytics.io https://service.pdok.nl/ https://helpdesk.kaartviewer.nl/openiconen/ https://aa.kaartviewer.nl/geoserver/ https://aa.kaartviewer.nl/data/ https://res.email-provider.eu/; frame-ancestors 'self' *.amstelveen.nl sdk.companywebcast.com; form-action 'self'; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com fonts.googleapis.com s.w.org secure.gravatar.com matomo.org w3.org; font-src 'self' * data:;img-src 'self' data: maps.googleapis.com fonts.googleapis.com s.w.org secure.gravatar.com matomo.org w3.org ; 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-e8a9956d7d50454591036f0cf2e8e681' 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.optimizely.com/ https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://region1.google-analytics.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com; img-src 'self' data: https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://media.licdn.com/ https://thespinoff.co.nz/ https://apps.jobadder.com/widgets/V1/loading.gif https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://engage.grantthornton.global https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.megabonus.com/ https://fonts.gstatic.com; frame-src 'self' https://app.powerbi.com/ https://apply.jobadder.com/ https://engage.grantthornton.global https://a10084069166.cdn.optimizely.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://flo.uri.sh/; connect-src 'self' https://maps.googleapis.com/ https://*.analytics.google.com/ https://www.clarity.ms https://642-sde-924.mktoresp.com https://logx.optimizely.com/v1/events https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://www.clarity.ms/ https://analytics.google.com/ https://*.googletagmanager.com; 1
default-src 'self' https: data: 'unsafe-inline', img-src data: https: 1
frame-ancestors 'self' http://www.bango.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src 'self';script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com maps.googleapis.com checkout.culqi.com cdn.cookielaw.org www.googletagmanager.com www.clarity.ms static.olark.com api.olark.com nrpc.olark.com;style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com static.olark.com;img-src 'self' data: sodexoclub.com.pe store-locator.obs.la-south-2.myhuaweicloud.com pluxee-consumidores.obs.la-south-2.myhuaweicloud.com cdn.sodexovirtual.com maps.gstatic.com maps.googleapis.com cdn.cookielaw.org www.google-analytics.com log.olark.com;media-src 'self' static.olark.com;frame-src www.youtube.com www.google.com checkout.culqi.com static.olark.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com static.olark.com;connect-src 'self' maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com nrpc.olark.com 1
default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; connect-src 'self' https://*.google-analytics.com https://*.g.doubleclick.net https://www.gstatic.com https://yastatic.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://mc.yandex.md; frame-src 'self' https://yandex.ru www.google.com/recaptcha/ https://www.youtube.com https://www.googletagmanager.com; child-src 'self' https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; form-action 'self' https://www.kartoteka.ru https://secure.payler.com; manifest-src 'self' https://www.nalog.ru; report-uri https://csp.vestnik-gosreg.ru/; 1
frame-ancestors cms.nandos.com.au 1
report-uri https://o52514.ingest.sentry.io/api/5256715/security/?sentry_key=039cc5d9186849878c44ba5804f61696;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ampproject.org cdn.mouseflow.com *.googleapis.com ws1.postescanada-canadapost.ca *.opendns.com *.bing.com *.cloudfront.net *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.facebook.net connect.facebook.net *.facebook.com www.facebook.com *.google.com www.google.com *.google-analytics.com ssl.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net www.gstatic.com ssl.google-analytics.com/* cdn.segment.com googletagmanager.com pnapi.invoca.net *.invoca.net cdn.invoca.solutions solutions.invocacdn.com static.ada.support briana.ada.support 1
default-src 'self'; frame-src 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com www.google.ca *.doubleclick.net cdn.jsdelivr.net static.olark.com connect.facebook.net static.itrac.it *.itracmediav4.com snap.licdn.com *.clarity.ms *.tctm.co acuityplatform.com *.linkedin.com www.facebook.com x.clarity.ms pixel.tapad.com pixel.advertising.com x.bidswitch.net *.olark.com *.analytics.yahoo.com match.adsrvr.org match.sharethrough.com *.bing.com www.youtube.com *.itmems.com *.bambora.com *.addthis.com cdn.linkedin.oribi.io *.srv.stackadapt.com qvdt3feo.com; img-src * data:; object-src 'self'; font-src 'self' static.olark.com fonts.gstatic.com data:; frame-ancestors https://www.google.com https://static.olark.com https://www.bayshore.ca; base-uri 'self' 1
frame-ancestors https://cms.luks.ch; 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets.buzzsprout.com www.buzzsprout.com maps.googleapis.com maps.google.com www.google.com analytics.rubensteintech.com www.google-analytics.com use.typekit.net p.typekit.net www.googletagmanager.com maps.gstatic.com www.gstatic.com snap.licdn.com www.linkedin.com static.ads-twitter.com px.ads.linkedin.com analytics.twitter.com platform.twitter.com connect.facebook.net www.facebook.com www.youtube.com s.ytimg.com cdn.plyr.io cse.google.com player.vimeo.com; frame-src https://www.buzzsprout.com www.facebook.com platform.twitter.com www.youtube.com cdn.plyr.io t.co cdn.yoshki.com https://player.vimeo.com 'self' *.google.com; connect-src 'self' https://stats.g.doubleclick.net https://analytics.rubensteintech.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com analytics.twitter.com cdn.plyr.io cse.google.com https://vimeo.com www.facebook.com/tr/; style-src 'self' 'unsafe-inline' https://www.milbank.com maps.googleapis.com www.google.com cloud.typography.com use.typekit.net platform.twitter.com assets.buzzsprout.com; font-src 'self' fonts.googleapis.com maps.gstatic.com use.typekit.net p.typekit.net data:; img-src 'self' https://analytics.twitter.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com assets.buzzsprout.com www.buzzsprout.com www.google-analytics.com stats.g.doubleclick.net px.ads.linkedin.com p.adsymptotic.com www.facebook.com p.typekit.net t.co; form-action 'self' www.facebook.com; child-src www.facebook.com staticxx.facebook.com platform.twitter.com; object-src 'none'; 1
child-src 'self' https://*.google.com https://*.stripe.com https://*.facebook.com https://widget.trustpilot.com/ https://carcouk.autoserver.co.uk; frame-ancestors 'self'; 1
object-src: 'unsafe-eval' https://*.googlesyndication.com https://code.jquery.com/ https://forpcid13.aocdn.net/ https://www.flickr.com/ http://barnesjewishtest.bjc.org/ https://www.googletagmanager.com/; connect-src: 'self' http://barnesjewishhospital.sc.omtrdc.net/ https://*.google.com https://*.googlesyndication.com https://api.yourdiseaserisk.org/ https://iqapp.inquicker.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.googletagservices.com; frame-src: 'self' http://e.issuu.com/ http://email.barnesjewish.org/ http://maps.google.com/ http://www.barnesjewish.org/ http://www.google.com/ https://*.google.com https://*.googlesyndication.com https://app.sli.do/ https://barnesjewish.thehcn.net/ https://bjc.hrm.healthgrades.com/ https://clyp.it/ https://momento360.com/ https://slate.barnesjewishcollege.edu/ https://www.bjcmedicalgroup.org/ https://www.google.com/ https://www.youtube.com/; font-src: 'self' data: https://fonts.gstatic.com https://locator.hiv.gov/ https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/; img-src: 'self' data: resource: http://cbk0.googleapis.com http://clients1.google.com/ http://cm.everesttech.net/ http://khm0.googleapis.com http://khm1.googleapis.com http://www.barnesjewish.org/ http://www.bjc.org/ http://www.w3.org/ https://*.google.com https://*.googlesyndication.com https://aa.agkn.com/ https://assets.yourdiseaserisk.org/ https://barnesjewishhospital.sc.omtrdc.net/ https://bjsphtest.bjc.org/ https://cbks0.googleapis.com https://ce.lijit.com/ https://dmp.truoptik.com/ https://dnnapi.com/ https://doctors.bjc.org/ https://dsum-sec.casalemedia.com/ https://forpcid13.aocdn.net/ https://global.ib-ibi.com/ https://i.ytimg.com/ https://ib.mookie1.com/ https://idsync.reson8.com/ https://idsync.rlcdn.com/ https://khms0.googleapis.com https://khms1.googleapis.com/ https://locator.hiv.gov/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://match.prod.bidr.io/ https://sync.1rx.io/ https://sync.crwdcntrl.net/ https://sync.go.sonobi.com/ https://sync.navdmp.com/ https://sync.search.spotxchange.com/ https://tag.apxlv.com/ https://uipglob.semasio.net/ https://uipus.semasio.net/ https://www.barnesjewishwestcounty.org/ https://www.bjc.org/ https://www.foundationbarnesjewish.org/ https://www.google.com/ https://www.googleapis.com/ https://www.googletagmanager.com/ ; script-src: 'self' 'unsafe-eval' 'unsafe-inline' http://barnesjewishtest.bjc.org/ http://bjcqa.bjc.org/ http://cdn.livechatinc.com/ http://cse.google.com/ http://d31y97ze264gaa.cloudfront.net/ http://maps.google.com/ http://www.google.com/ http://www.googletagmanager.com/ https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://api.livechatinc.com/ https://apis.google.com/ https://assets.yourdiseaserisk.org/ https://barnesjewish.thehcn.net/ https://bjc.hrm.healthgrades.com/ https://bs.serving-sys.com/ https://catalog.dotnetnuke.com/ https://cdn-forpcid13.actonsoftware.com/ https://cse.google.com/ https://d31y97ze264gaa.cloudfront.net/ https://dmp.truoptik.com/ https://forpcid13.aocdn.net/ https://iqapp.inquicker.com/ https://locator.aids.gov/ https://maps.googleapis.com/ https://pnapi.invoca.net https://slate.barnesjewishcollege.edu/ https://solutions.invocacdn.com/ https://use.fontawesome.com/ https://vuejs.org/ https://www.barnesjewish.org/ https://www.bjcmedicalgroup.org/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ ; style-src: 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.google.com/ https://*.google.com https://assets.yourdiseaserisk.org/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://www.barnesjewish.org/ https://www.barnesjewishwestcounty.org/; child-src: blob: https://*.google.com/ https://*.googlesyndication.com; media-src: 'self' https://s3.amazonaws.com/ https://dai.google.com; prefetch-src: 'self' https://*.googlesyndication.com; worker-src: blob: https://www.google.com; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; child-src https: blob: 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com siteimproveanalytics.com cdn.userway.org platform.linkedin.com platform.twitter.com connect.facebook.net 03556locator.wave2.io app.textrecruit.com *.force.com www.googletagmanager.com *.bing.com sc-static.net www.googleadservices.com *.licdn.com *.google-analytics.com *.doubleclick.net www.redditstatic.com www.google.com www.gstatic.com *.msecnd.net www.calcxml.com api.glia.com libs.salemove.com capcomfcu.my.site.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.force.com www.calcxml.com fonts.googleapis.com libs.salemove.com capcomfcu.my.site.com; img-src data: https: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://webassistant.onconnect.app https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com maps.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://webassistant.onconnect.app https://www.google-analytics.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com maps.google.com; style-src 'self' 'unsafe-inline' https://webassistant.onconnect.app https://fonts.googleapis.com https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://webassistant.onconnect.app https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' insite; 1
default-src *.google-analytics.com *.google.com www.googletagmanager.com *.googleapis.com *.doubleclick.net *.linkedin.oribi.io www.youtube.com i.ytimg.com yt3.ggpht.com sprymedia.co.uk static.teamguru.com connect.facebook.net platform.twitter.com *.smartlook.cloud rec.smartlook.com snap.licdn.com px.ads.linkedin.com *.gstatic.com p.adsymptotic.com *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' blob: 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https: blob:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://graz.social; img-src 'self' https: data: blob: https://graz.social; style-src 'self' https://graz.social 'nonce-nJiko4anbAtd+h71Ukm6oQ=='; media-src 'self' https: data: https://graz.social; frame-src 'self' https:; manifest-src 'self' https://graz.social; form-action 'self'; child-src 'self' blob: https://graz.social; worker-src 'self' blob: https://graz.social; connect-src 'self' data: blob: https://graz.social https://graz.social wss://graz.social; script-src 'self' https://graz.social 'wasm-unsafe-eval' 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-DVHKky26sdssg6QtTZD7Yg=='; base-uri 'none'; report-uri https://sentry.io/api/785453/security/?sentry_key=a2dd90458f3c4ca2bb4118777178d99f&sentry_environment=production 1
default-src 'unsafe-inline' syntellis.localhost *.prod.acquia-sites.com *.syntellis.com *.gstatic.com *.googleusercontent.com *.marketo.com *.fontawesome.com *.googletagmanager.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.google-analytics.com *.analytics.google.com *.linkedin.com *.bing.com *.adsymptotic.com *.googleapis.com *.doubleclick.net *.wistia.com *.vimeo.com  *.cookielaw.org *.nr-data.net *.fullcircleinsights.com *.cloudfront.net  *.bizzabo.com *.clarity.ms *.windows.net *.onetrust.com *.salesloft.com *.calendly.com calendly.com syntellis.lndo.site *.reactful.com *.driftt.com *.jsdelivr.net; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.calendly.com calendly.com *.reactful.com; img-src 'self' *.6sc.co data: *.google-analytics.com  *.gstatic.com *.googleusercontent.com *.marketo.com *.fontawesome.com *.googletagmanager.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.google-analytics.com *.linkedin.com *.bing.com *.adsymptotic.com *.google.ca *.google.com *.cookielaw.org *.clarity.ms *.calendly.com calendly.com *.reactful.com *.googleapis.com; frame-src syntellis.localhost *.prod.acquia-sites.com syntellis.com  'self' *.wistia.com *.vimeo.com *.marketo.com *.driftt.com *.comparably.com *.google.com *.bizzabo.com *.calendly.com calendly.com *.addtoany.com addtoany.com *.reactful.com; frame-ancestors *.prod.acquia-sites.com https://ideas.kaufmanhall.com http://ideas.kaufmanhall.com *.syntellis.com syntellis.com syntellis.localhost syntellis.lndo.site; connect-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.syntellis.com *.fullcircleinsights.com *.cookielaw.org *.marketo.com *.fontawesome.com *.6sc.co *.crazyegg.com *.adnxs.com *.6sense.com *.mktoresp.com *.jsdelivr.net *.onetrust.com *.reactful.com *.salesloft.com *.ads.linkedin.com *.nr-data.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://www.tb-itf.de; frame-src 'self'; object-src 'none'; frame-ancestors 'self'; 1
upgrade-insecure-requests; object-src 'none'; base-uri 'none'; frame-ancestors https://height.app https://*.height.app https://www.figma.com https://figma.com https://zendesk.com https://*.zendesk.com https://www.notion.so https://workona.com; report-uri /csp-violation-report 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://krita-artists.org/logs/ https://krita-artists.org/sidekiq/ https://krita-artists.org/mini-profiler-resources/ https://krita-artists.org/assets/ https://krita-artists.org/extra-locales/ https://krita-artists.org/highlight-js/ https://krita-artists.org/javascripts/ https://krita-artists.org/plugins/ https://krita-artists.org/theme-javascripts/ https://krita-artists.org/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://unpkg.com; worker-src 'self' https://krita-artists.org/assets/ https://krita-artists.org/javascripts/ https://krita-artists.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=64dqbhdiqu43q&partner=; 1
frame-ancestors http://localhost:9999 https://maap-mmds.prismic.io https://maap.cc/ https://maap.cc https://*.maap.cc 1
frame-ancestors 'self' https://isdemos.com; 1
frame-ancestors www.pbclibrary.org *.www.pbclibrary.org pbclibrary.org *.pbclibrary.org palmbeach.bibliocms.com *.palmbeach.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.pbclibrary.org *.www.pbclibrary.org pbclibrary.org *.pbclibrary.org palmbeach.bibliocms.com *.palmbeach.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-src 'self' https://test.transafe.com https://post.live.transafe.com https://live.transafe.com https://www.facebook.com https://pixel.everesttech.net https://fleetcor.demdex.net https://11031149.fls.doubleclick.net https://www.everestjs.net https://www.youtube.com https://www.google.com https://usr58.dayforcehcm.com https://13264471.fls.doubleclick.net https://api.rlcdn.com https://cdn.plaid.com  https://td.doubleclick.net  https://www.google.com 1
default-src 'self' https://*.chatlio.com https://*.walkme.com https://*.cdn.symbility.net; script-src 'unsafe-inline' 'self' https://*.chatlio.com https://*.walkme.com https://*.symbility.net https://maps.googleapis.com https://maps.gstatic.com https://s3.amazonaws.com/s3.maketutorial.com/users/ffcd43e88a4b4e65b3057b3a726d77b3/ https://s3.amazonaws.com/s3.maketutorial.com/users/58e3b9aa908e46948df53b4180b38a3c/ https://d3b3ehuo35wzeh.cloudfront.net https://d2qhvajt3imc89.cloudfront.net https://d3sbxpiag177w8.cloudfront.net https://console.sightcall.com/sightcall_console.js https://console-ppr.sightcall.com/sightcall_console.js https://*.walkme.com; style-src 'self' 'unsafe-inline' https://*.symbility.net https://fonts.googleapis.com https://*.chatlio.com https://cdn.walkme.com; img-src 'self' https://maps.google.com/ https://*.symbility.net data: blob: https://*.googleapis.com https://*.gstatic.com https://*.chatlio.com https://avatars.slack-edge.com https://files.slack.com https://files-origin.slack.com https://secure.gravatar.com https://*.walkme.com https://*.ggpht.com http://www.google.com https://d2qhvajt3imc89.cloudfront.net https://*.hover.to https://hover.to https://s3.walkmeusercontent.com; child-src 'self' s3ebridge://queued; frame-src 'self' mailto: s3ebridge://queued https://*.symbility.net https://*.walkme.com https://*.zuora.com https://console.sightcall.com https://console-ppr.sightcall.com; font-src 'self' data: https://fonts.gstatic.com https://*.chatlio.com https://d1b6bucc9jhzue.cloudfront.net; connect-src 'self' https://*.chatlio.com wss://*.chatlio.com wss://ws.pusherapp.com https://*.walkme.com https://*.cdn.symbility.net https://maps.googleapis.com 1
base-uri 'self'; connect-src 'self' *.googleapis.com https://cdn.stat-track.com https://api.ats-platform.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://platform.hireserve.nl http://static.addtoany.com https://static.addtoany.com https://stats.addtoany.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://www.google-analytics.com https://consentcdn.cookiebot.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://arbounie-extern.topdesk.net https://consentcdn.cookiebot.com http://static.addtoany.com https://static.addtoany.com https://stats.addtoany.com https://vars.hotjar.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; img-src 'self' data: https://www.arbounie.nl https://arbounie.nl https://www.belife.nl https://belife.nl https://www.mkbasics.nl https://mkbasics.nl https://werkenbijmkbasics.nl https://www.werkenbijmkbasics.nl https://www.halowerkt.nl https://halowerkt.nl https://www.kr8werk-vitaliteit.nl https://kr8werk-vitaliteit.nl https://www.vooruitganginvitaliteit.nl https://vooruitganginvitaliteit.nl https://www.belive.nl https://belive.nl https://www.ects.nl https://ects.nl https://www.fysergozorg.nl https://fysergozorg.nl https://www.vitaalenfysiotherapie.nl https://vitaalenfysiotherapie.nl https://www.vitaalenpsychologie.nl https://vitaalenpsychologie.nl https://www.vitaalendietetiek.nl https://vitaalendietetiek.nl https://www.vitaalenergotherapie.nl https://vitaalenergotherapie.nl https://www.musclesound.nl https://musclesound.nl https://www.musclesound.eu https://musclesound.eu https://www.beweeg-coach.nl https://beweeg-coach.nl https://www.htds.nl https://htds.nl https://www.fysergo.nl https://fysergo.nl https://www.be-live.nl https://be-live.nl  https://platform.hireserve.nl https://www.facebook.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com *.google-analytics.com *.analytics.google.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://arbounie-extern.topdesk.net/solutions/forms/static/public-forms-api.js https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://conv.indeed.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://platform.hireserve.com https://platform.hireserve.nl http://static.addtoany.com https://static.addtoany.com https://stats.addtoany.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://z.moatads.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://platform.hireserve.nl https://fonts.googleapis.com; worker-src 'none'; 1
frame-ancestors 'self' https://my.axelos.com https://www.peoplecert.org https://login.peoplecert.org https://selt.languagecert.org 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com *.youtube.com *.youtube-nocookie.com; img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de *.youtube.com *.youtube-nocookie.com; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de dwl.dawconnect.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr 'unsafe-inline'; object-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; 1
frame-ancestors https://m-b0baa0a7fff0ce025514b85f7387bc22-sg360.skygolf.com/ https://m-qa2-8264ee52f589f4c0191aa94f87aa1aeb-sg360.skygolf.com/ https://m-mmelohn-sg360.skygolf.com/ https://m-hnguyen-sg360.skygolf.com/ https://m-aravi-sg360.skygolf.com/ https://pp-skygolf.eurekalabs.io/ https://smclubsg.skygolf.com https://pp.skygolf.com https://www.skygolf.com 1
font-src 'self' *.bootstrapcdn.com *.comparemymove.com *.gstatic.com *.tawk.to *.hotjar.com *.myfonts.net *.fontawesome.com use.typekit.net rsms.me cdnjs.cloudflare.com *.squareup.com *.squarecdn.com d1g145x70srn7h.cloudfront.net data: 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://spin.ede.nl https://fsad.ede.nl https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com 'unsafe-inline' data: 'report-sample'; object-src 'self' https://youtube.com https://www.youtube.com; report-to csp; child-src 'self' blob:; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' https://www.ede.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src 'self' https://3711cdn.r.worldssl.net/;     font-src 'self' data: https://fonts.gstatic.com/ https://3711cdn.r.worldssl.net;     style-src 'self' 'unsafe-inline' https://3711cdn.r.worldssl.net/ https://fonts.googleapis.com/ https://www.google.com/;     script-src 'unsafe-inline' 'unsafe-eval' https://3711cdn.r.worldssl.net/ https://snap.licdn.com/;	script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' https://3711cdn.r.worldssl.net/ https://clients1.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cse.google.com/ https://www.google.com/ https://www.youtube.com https://snap.licdn.com/;    img-src 'self' data: https: https://3711cdn.r.worldssl.net/ ;     connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/;     frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://cse.google.com/;	object-src 'none'; 1
frame-ancestors 'self' *.mailmeteor.com 1
worker-src 'self' cielo24.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google.com *.googleadservices.com *.moatads.com *.pinterest.com *.vandersanden.com *.ytimg.com *.youtube.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.vandersanden.com *.gstatic.com *.googleoptimize.com *.licdn.com *.g.doubleclick.net *.googleadservices.com *.pinimg.com *.facebook.net *.facebook.com *.hotjar.com *.hotjar.io *.wisepops.com *.fedjuh.com https://geoip-js.com *.cookiebot.com *.windows.net *.polyfill.io *.cloudfront.net *.piwikpro.com *.livechatinc.com *.bing.com *.pardot.com *.getwisp.co *.wisepops.net wisepops.net *.jsdelivr.net *.linkedin.oribi.io *.vandersanden.com data: *.demio.com cdn-eu.pagesense.io *.pagesense.io *.zohocdn.com *.zoho.eu *.unpkg.com *.vdstest.be https://unpkg.com *.addtoany.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; object-src 'self' *.livechatinc.com *.vandersanden.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.cloudflare.com *.vandersanden.com *.hotjar.com *.hotjar.io *.google.com *.livechatinc.com *.bing.com *.jsdelivr.net *.linkedin.oribi.io *.demio.com *.zohocdn.com *.zoho.eu; media-src 'self' *.pinimg.com *.livechatinc.com ; frame-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com *.google.com *.canto.com *.amazonaws.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.pinterest.de *.cookiebot.com *.spotify.com *.soundcloud.com *.livechatinc.com *.pinterest.fr *.pinterest.es *.bing.com *.vandersanden.com *.vdstest.be *.pardot.com *.pagesense.io *.addtoany.com *.zoho.eu blob:; font-src 'self' *.hotjar.com *.hotjar.io *.gstatic.com *.googleapis.com *.google.com *.bing.com *.linkedin.oribi.io *.livechatinc.com *.vandersanden.com *.zohocdn.com data: ; connect-src 'self' *.vandersanden.com *.vdstest.be *.addthis.com *.vdstest.be *.google-analytics.com *.pinterest.com *.pinterest.de *.facebook.com *.g.doubleclick.net *.google.com *.googleapis.com *.hotjar.com:* *.hotjar.io *.hotjar.com *.wisepops.com https://geoip-js.com *.google.de *.google.nl *.doubleclick.net *.canto.com *.cookiebot.com *.livechatinc.com *.bing.com *.getwisp.co wisepops.net *.linkedin.oribi.io *.hotjar.com *.google.be *.vandersanden.com *.hotjar.com *.hotjar.io *.demio.com wss://*.hotjar.com *.zoho.eu *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'unsafe-eval' 'self' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://extend.vimeocdn.com https://firebaseinstallations.googleapis.com 'sha256-BllS3V2Wr049ioMvJTmHHB1nME2cKHW2olt++dQNFeU=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='; style-src 'unsafe-inline' 'self' fonts.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css; frame-ancestors 'self' teams.microsoft.com; form-action 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' data: https://img.mymeq.com https://i.vimeocdn.com https://s3.amazonaws.com https://www.google-analytics.com; media-src 'self' https://img.mymeq.com; frame-src 'self' https://www.google.com https://player.vimeo.com; connect-src 'self' https://www.google-analytics.com https://vimeo.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com/ 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org  blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com; child-src blob:; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: indd.adobe.com *.braintreegateway.com *.braintree-api.com *.sandbox.braintree-api.com *.trackjs.com *.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.nflflag.com nflflag.com nflstatic.s3.amazonaws.com nfl-static.s3.amazonaws.com *.ytimg.com www.youtube.com player.vimeo.com connect.facebook.net facebook.com *.facebook.com *.twitter.com *.twimg.com *.fls.doubleclick.neti sc-static.net *.googleadservices.com *.doubleclick.net *.snapchat.com *.google.com *.g.doubleclick.net *.instagram.com *.adobedtm.com *.demdex.net *.nfltags.com *.nfl.com *.everesttech.net 1
connect-src 'self' *; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.typekit.net *.hotjar.com; frame-src 'self' vimeo.com *.vimeo.com *.vimeocdn.com *.sharethis.com *.sharethisedge.com *.doubleclick.net biffacdnendpoint.azureedge.net *.youtube.com *.facebook.com biffa.qualtrics.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.googleapis.com 'unsafe-inline' data: *.typekit.net *.postcodeanywhere.co.uk *.sharethis.com *.sharethisedge.com; 1
frame-ancestors *.prohosting24.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net/ https://cdn.usefathom.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://js-agent.newrelic.com/ https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com https://use.typekit.net/ https://craftpeak.site/ https://embed-menu-preloader.untappdapi.com/ https://business.untappd.com/ https://assets.untappd.com/ 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://ergo.slv.vic.gov.au http://alumni.slv.vic.gov.au http://burkeandwills.slv.vic.gov.au insideadog.com.au doubleclick.net; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:;            script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;            style-src data: 'unsafe-inline' https:;            img-src data: https: blob:;            font-src data: https:;            connect-src https: wss:;            media-src https: blob:;            object-src https:;            child-src https: data: blob:;            form-action https:;            frame-ancestors 'self' https://*.codingame.com https://*.codingame.eu https://*.coderpad.io https://*.coderpad-staging.io https://*.cp-mr-env.io https://*.coderpad.tech; 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca data: vue.comm100.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/;              style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.accesscu.ca entchatserver.comm100.com appmax1.comm100.com vue.comm100.com standby.comm100vue.com https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/;              img-src * data: https://www.glancecdn.net https://s3.amazonaws.com/glancecdn/;  worker-src 'self' blob:; 1
default-src https:;img-src 'self' https: data:;connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;font-src 'self' data: https:;worker-src 'self' https: blob: 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; media-src * blob:; object-src 'none'; base-uri 'self' 1
base-uri 'none'; frame-src 'self' 'unsafe-inline' *.youtube.com https://docs.bareos.org; connect-src 'self' https://matomo.bareos.com/matomo.php; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://matomo.bareos.com/matomo.js; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://stamen-tiles-a.a.ssl.fastly.net https://stamen-tiles-b.a.ssl.fastly.net https://stamen-tiles-c.a.ssl.fastly.net https://tiles.stadiamaps.com; object-src 'none'; form-action 'self' data:; frame-ancestors 'self'; default-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lor.sh; img-src 'self' https: data: blob: https://lor.sh; style-src 'self' https://lor.sh 'nonce-xFBJm7m3RvYiS1GTW1EMLw=='; media-src 'self' https: data: https://lor.sh; frame-src 'self' https:; manifest-src 'self' https://lor.sh; form-action 'self'; child-src 'self' blob: https://lor.sh; worker-src 'self' blob: https://lor.sh; connect-src 'self' data: blob: https://lor.sh https://s3.eu-central-1.wasabisys.com/lor-sh/lor-sh/ wss://lor.sh; script-src 'self' https://lor.sh 'wasm-unsafe-eval' 1
default-src 'self' *.leadforensics.com https://webeo-web-content.s3-eu-west-1.amazonaws.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm; style-src 'self'  https://cdn.jsdelivr.net/npm/ *.responseiq.com *.blob.core.windows.net *.googleapis.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://optimize.google.com 'unsafe-inline'; img-src * data:; font-src 'self' * data:; frame-src *.cookiebot.com *.doubleclick.net  *.dynamics.com *.vimeo.com *.googlesyndication.com *.facebook.com https://calendly.com/ *.hotjar.com https://optimize.google.com; media-src 'self' *.cloudinary.com *.appspot.com; script-src 'self' *.veracitytrustnetwork.com *.thisisbeacon.com *.cookiebot.com https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://static.cloudflareinsights.com/beacon.min.js *.jquery.com *.g.doubleclick.net *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googlesyndication.com *.nyltx.com *.leadforensics.com *.canddi.com *.googleadservices.com *.googleapis.com *.responseiq.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://moneypennychat.appspot.com *.googletagmanager.com *.onetrust.com *.cloudflareinsights.com *.zoominfo.com *.blob.core.windows.net *.azureedge.net *.licdn.com *.bing.com *.ads-twitter.com *.facebook.net *.clarity.ms https://cdn.jsdelivr.net/npm https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' analytics.google.com *.thisisbeacon.com *.veracitytrustnetwork.com *.cookiebot.com *.dynamics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.hotjar.io *.nyltx.com *.appspot.com *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.clarity.ms *.leadforensics.com *.responseiq.com https://vimeo.com *.zoominfo.com https://mpsitefunctions-test.azurewebsites.net https://mpsitefunctions.azurewebsites.net *.addressy.com *.facebook.com 1
frame-ancestors *.insideevs.de insideevs.de 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com *.sleeknote.com *.spotify.com; worker-src blob: 'self' 1
default-src * data: blob:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors https://pay.amazon.com 1
frame-ancestors 'self' https://*.stayglam.com https://stayglam.com; 1
frame-ancestors 'self' decisely.com *.decisely.com 1
img-src https://www.facebook.com https://abs.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com www.google-analytics.com https://www.googletagmanager.com https://www.google.cl https://www.google.com https://ton.twimg.com 'self' data:; frame-ancestors 'self'; 1
default-src 'self';  script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' divvydrive.com/DasWebAppMedyaShow 'unsafe-inline' data:;  font-src 'self' 'unsafe-inline' data:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://tagmanager.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; style-src 'self' 'unsafe-inline'  https: http: ;img-src 'self' 'unsafe-inline' data: https: http: ;font-src 'self' 'unsafe-inline' https: http: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; 1
frame-ancestors 'self' https://*.spyic.com https://spyic.com https://*.google.com 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net places.britishland.com *.investisdigital.com gateway.zscalertwo.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com stats.g.doubleclick.net/j/collect api.reciteme.com cdnjs.cloudflare.com *.usercentrics.eu https://cloud.typography.com/ *.google-analytics.com *.amazonaws.com maps.googleapis.com maps.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com ict.infinity-tracking.net *.gstatic.com viz.tools.investis.com maps.googleapis.com maps.google.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.twitter.com *.investisdigital.com player.vimeo.com tagmanager.google.com gateway.zscalertwo.net staticcontents.investisdigital.com  cdnjs.cloudflare.com app.usercentrics.eu  sc.lfeeder.com api.reciteme.com blob: https://cloud.typography.com/ *.analytics.google.com *.google.com *.google-analytics.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com api.reciteme.com cdnjs.cloudflare.com https://cloud.typography.com/ *.britishland.com videoengine.investisdigital.com/*; img-src 'self' 'unsafe-inline' * data: cdnjs.cloudflare.com; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com *.llnwd.net player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com api.reciteme.com *.investis.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com *.twitter.com places.britishland.com player.vimeo.com api.reciteme.com cdnjs.cloudflare.com app.usercentrics.eu; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com api.reciteme.com cdnjs.cloudflare.com 1
default-src 'self'; frame-src *; connect-src *; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline' 1
default-src 'self' data: https://openam-densirona-euw3.id.forgerock.io https://*.dscore.com https://*.edge.dscore.com:8443 wss://*.edge.dscore.com:8443 wss://*.dscore.com https://*.share.dentsplysirona.com wss://*.share.dentsplysirona.com https://*.gstatic.com https://*.googleapis.com https://unpkg.com https://www.google-analytics.com https://*.googletagmanager.com https://www.datadoghq-browser-agent.com https://*.datadoghq.eu https://i.ytimg.com https://www.youtube.com https://static.zuora.com https://na.zuora.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://localhost:52090/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com https://www.youtube-nocookie.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.aspnetcdn.com http://*.clarovideo.net http://*.claromusica.com http://*.planesclaro.cr http://planesclaro.cr http://*.claro.cr http://www.claro.com.co https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.cr/ https://*.medallia.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.aspnetcdn.com https://*.clarovideo.net https://digitasgt.com https://*.claromusica.com https://*.planesclaro.cr https://planesclaro.cr https://www.google.com https://api-prod-cr.prod.clarodigital.net https://*.claro.cr https://*.clarity.ms https://*.userway.org https://www.claro.com.co; media-src mediastream:; 1
report-uri "https://enflow.report-uri.com/r/d/csp/reportOnly" 1
frame-ancestors 'self' https://www.facebook.com/ https://staticxx.facebook.com/ 1
default-src 'self' https://* 'unsafe-inline' 'unsafe-eval' data: dbapi-7://*; media-src 'self' blob: https://paper.dropboxstatic.com https://www.dropbox.com https://aem.dropbox.com https://rebrand.dropboxstatic.com; connect-src https://* wss://* http://* blob: 'self'; object-src 'self'; img-src https: http: data:; frame-ancestors 'self'; child-src 'self' https://* 'unsafe-inline' 'unsafe-eval' data: dbapi-7://* dropbox-paper: dropbox-install: paperusercontent.com; script-src 'self' https://paper.dropboxstatic.com https://www.dropbox.com/pithos/ https://cfl.dropboxstatic.com/static/pithos/ https://cfl.dropboxstatic.com/static/metaserver/static/pithos/ 'unsafe-inline' 'nonce-c2997f21f7919f95d1da8bc92738e995013f61c5'; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.cailaw.org 1
default-src * 'unsafe-inline' 'unsafe-eval';img-src data: blob: * ;frame-ancestors 'self' www.moneynet.com.tw; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.salonsecret.ru salonsecret.ru *.mygento.net *.gstatic.com *.googleapis.com *.dadata.ru *.google-analytics.com *.googletagmanager.com *.yandex.ru *.leadplan.ru *.mindbox.ru *.vk.com vk.com *.setka.io *.wsf-e-loreal.com *.fbcdn.net *.e-academie.ru e-academie.ru *.doubleclick.net *.google.com *.google.ru *.yandex.net yastatic.net *.youtube.com *.embedly.com *.ytimg.com weborama.fr *.weborama.fr storage.cloud.croc.ru *.yclients.com 1
default-src 'self' *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; base-uri 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; child-src 2fas.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; style-src 'self' 'unsafe-inline' 2fas.com data:; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com 'self' data: blob:; font-src 'self'; 1
frame-ancestors http://*.evermine.com https://*.evermine.com http://10.0.0.144 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.cacher.io https://www.google-analytics.com https://cdn.mxpnl.com https://*.crisp.chat https://cdn.commento.io https://cdn.jsdelivr.net https://*.algolia.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://client.crisp.chat; media-src 'self' https://cdn.cacher.io; frame-src 'self' https://www.youtube.com; frame-ancestors 'self' https://app.cacher.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://client.crisp.chat https://cdn.commento.io https://cdn.jsdelivr.net; connect-src 'self' https://api-js.mixpanel.com https://s3.amazonaws.com https://client.crisp.chat https://www.google-analytics.com wss://client.relay.crisp.chat https://commento.io https://*.algolia.net; img-src https://* http://* data:; 1
frame-ancestors 'self' http://cms.metro.style; upgrade-insecure-requests 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edgardcooper.com  *.sentry.io *.contentful.com *.cookiebot.com vitals.vercel-insights.com *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.googletagmanager.com *.g.doubleclick.net tagmanager.google.com connect.facebook.net www.facebook.com *.myshopify.com *.segment.com *.segmentapis.com ipapi.co maps.googleapis.com cognito-idp.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com/ https://logs.eu-west-1.amazonaws.com/ https://store729833ce-729833ce-test.auth.eu-west-1.amazoncognito.com/oauth2/token *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.klaviyo.com manage.kmail-lists.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.edgardcooper.com *.googleapis.com optimize.google.com www.googleoptimize.com www.youtube.com *.bing.com wss://*.bing.com www.googleadservices.com www.google.com *.vercel.app polyfill.io https://www.clarity.ms *.clarity.ms *.builder.io *.azurewebsites.net *.survicate.com *.datadome.co *.typeform.com apim-b2c-edgardcooper-prd.azure-api.net *.googlesyndication.com analytics.tiktok.com; connect-src 'self' *.edgardcooper.com *.sentry.io *.contentful.com *.cookiebot.com vitals.vercel-insights.com *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.googletagmanager.com *.g.doubleclick.net tagmanager.google.com connect.facebook.net www.facebook.com *.myshopify.com *.segment.com *.segmentapis.com ipapi.co maps.googleapis.com cognito-idp.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com/ https://logs.eu-west-1.amazonaws.com/ https://store729833ce-729833ce-test.auth.eu-west-1.amazoncognito.com/oauth2/token *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.klaviyo.com manage.kmail-lists.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.edgardcooper.com *.googleapis.com optimize.google.com www.googleoptimize.com www.youtube.com *.bing.com wss://*.bing.com www.googleadservices.com www.google.com *.vercel.app polyfill.io https://www.clarity.ms *.clarity.ms *.builder.io *.azurewebsites.net *.survicate.com *.datadome.co *.typeform.com apim-b2c-edgardcooper-prd.azure-api.net *.googlesyndication.com analytics.tiktok.com; font-src 'self' data: fonts.gstatic.com *.intercomcdn.com cdn.edgardcooper.com *.builder.io *.survicate.com *.typeform.com; form-action 'self' intercom.help api-iam.intercom.io connect.facebook.net *.facebook.com *.builder.io *.typeform.com; frame-ancestors 'none'; frame-src 'self' https://*.cookiebot.com *.cookiebot.com https://*.trustpilot.com/ *.trustpilot.com optimize.google.com sdx.microsoft.com bid.g.doubleclick.net td.doubleclick.net *.facebook.com *.builder.io https://anchor.fm/ *.survicate.com *.typeform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com sdk.loyaltylion.net optimize.google.com *.bing.com *.builder.io *.klaviyo.com *.survicate.com *.typeform.com; img-src 'self' data: blob: *.edgardcooper.com *.ctfassets.net *.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net ade.googlesyndication.com www.google.com www.google.be www.facebook.com www.gstatic.com maps.gstatic.com maps.googleapis.com *.klaviyo.com *.intercomcdn.com *.intercomassets.com *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.ggpht.com optimize.google.com *.bing.com *.microsoft.com *.clarity.ms *.builder.io *.survicate.com *.cloudfront.net *.typeform.com; object-src 'none'; media-src 'self' *.edgardcooper.com js.intercomcdn.com *.ctfassets.net *.builder.io *.typeform.com; prefetch-src 'self'; 1
default-src 'self'; img-src 'self' blob: data: https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://vercel.fides-cdn.ethyca.com/ https://hebbkx1anhila5yf.public.blob.vercel-storage.com/; script-src 'self' 'unsafe-inline' https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://va.vercel-scripts.com/v1/ https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://vercel.live/ https://vercel.fides-cdn.ethyca.com/; connect-src 'self' https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/ https://fides-vercel.us.fides.ethyca.com/api/v1/ https://cdn-api.ethyca.com/location; frame-src 'self' https://generated.vusercontent.net/ https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://js.stripe.com/; frame-ancestors 'self'; report-uri /api/csp-report; 1
frame-ancestors 'self' cms.big-direkt.de; default-src data: 'self' 'unsafe-inline' http: https: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; connect-src * 'self' *.hotjar.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com *.g.doubleclick.net *.chatvisor.com www.googleadservices.com *.cookiebot.com sentry.operations.big-osp.de; worker-src * 'self' blob: 1
script-src 'unsafe-inline' 'self' *.redditstatic.com https://tagmanager.google.com https://*.googletagmanager.com data: 'unsafe-eval' blob: connect.facebook.net www.google.com www.gstatic.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com assets.adobedtm.com players.brightcove.net vjs.zencdn.net https://chat.tjxstyleplus.ca;frame-src 'self' www.google.com www.googletagmanager.com www.youtube.com players.brightcove.net https://chat.tjxstyleplus.ca https://4333818.fls.doubleclick.net 1
default-src 'self'; style-src 'self' https://piped.video; frame-src 'self' https://piped.video https://ghbtns.com; img-src 'self'; object-src 'none'; block-all-mixed-content 1
frame-ancestors 'self' http://lseg.com http://www.lseg.com http://www.mtsmarkets.com http://mtsmarkets.com https://www.unavista.com https://www.unavista.londonstockexchange.com https://lseg.com https://www.lseg.com https://www.mtsmarkets.com https://mtsmarkets.com http://refinitiv.lookbookhq.com https://refinitiv.lookbookhq.com http://resourcehub.refinitiv.com https://resourcehub.refinitiv.com http://www.refinitiv.com https://www.refinitiv.com http://refinitiv.pathfactory.com https://refinitiv.pathfactory.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com https://tagmanager.google.com/ www.googleadservices.com blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com; report-uri https://www.selgros.de/report-uri/enforce 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://*.calendly.com 'self' *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.net *.hsforms.com *.hsleadflows.net *.hscollectedforms.net *.hubspot.com https://cdn.calconic.com/static/js/calconic.min.js https://cdn.omniconvert.com/ https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.g.doubleclick.net https://js.usemessages.com https://sc.lfeeder.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://*.google-analytics.com https://www.googleoptimize.com/optimize.js https://*.googletagmanager.com https://www.vimeo.com; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://*.calendly.com https://*.googleapis.com https://growcreate.co.uk; object-src 'none'; base-uri 'self'; connect-src 'self' *.hubapi.com *.hubspot.com *.hsforms.com *.hscollectedforms.net https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://www.google.com https://app.omniconvert.com https://consentcdn.cookiebot.com https://growcreate.co.uk https://our.umbraco.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://vimeo.com https://api.company-target.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com https://www.google.com https://consentcdn.cookiebot.com https://player.vimeo.com https://s.company-target.com https://td.doubleclick.net; child-src *.hsforms.com;img-src 'self' data: *.hubspotusercontent-na1.net *.hsforms.com *.hsforms.net *.hubspot.com https://id.rlcdn.com https://imgsct.cookiebot.com https://our.umbraco.com https://px.ads.linkedin.com https://raw.githubusercontent.com https://tr.lfeeder.com https://www.google.co.uk https://www.google.pt https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.twitter.com https://t.co; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https: 'unsafe-inline' ; img-src 'self' data:; font-src 'self'; script-src 'self' https://*.cookiebot.com; script-src-elem 'self' https://*.cookiebot.com; frame-src 'self' youtube.com www.youtube.com https://consentcdn.cookiebot.com; object-src 'none'; frame-ancestors 'self'; form-action 'self'; connect-src 'self' *.cookiebot.com; report-uri https://sentry.cosmocode.de/api/43/security/?sentry_key=44b21573e944402eb25444a34bd9d918 1
default-src 'self' 'unsafe-inline' storage.mijnjamescadeau.nl fonts.googleapis.com player.vimeo.com vimeo.com cdn.plyr.io data:;font-src 'self' cdn.faceworks.nl fonts.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: https://gilmoreglobal.com https://cdn.jsdelivr.net/ https://analytics.google.com/; style-src 'self' 'unsafe-inline' http: https: data:; img-src 'self' http: https: data:; connect-src 'self' http: https: data: https://analytics.google.com https://google-analytics.com https://gilmoreglobal.com https://stats.g.doubleclick.net/ https://gilmoreglobal.com https://cdn.jsdelivr.net/; font-src 'self' http: https: data:; form-action 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; object-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; base-uri 'self' 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 1
default-src 'none' ;script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ;object-src 'none' ;style-src 'self' 'unsafe-inline' https://api.xs2a.com ;img-src 'self' https://api.xs2a.com data: ;media-src 'none' ;frame-src 'self' https://www.google.com/recaptcha/ ;font-src 'self' ;connect-src 'self' 1
default-src 'unsafe-inline' 'self';font-src https://player.podigee-cdn.net 'self'; img-src https://matomo.ploetzblog.de https://*.ytimg.com https://assets.steadyhq.com https://*.vgwort.de https://cnbdnbzxua.cloudimg.io https://webimages.we2p.de https://discussions.ploetzblog.de https://images.ploetzblog.de https://tiles.venus.bayern https://api.venus.bayern data: 'self'; style-src https://matomo.ploetzblog.de https://cdn.plyr.io https://discussions.ploetzblog.de https://player.podigee-cdn.net 'unsafe-inline' 'self'; script-src https://www.youtube.com https://cdn.plyr.io https://steadyhq.com https://matomo.ploetzblog.de https://player.podigee-cdn.net https://api.brotbacken.de https://gateway.ploetzblog.vns.services https://discussions.ploetzblog.de https://api.venus.bayern blob: 'self' 'unsafe-inline' 'unsafe-eval';worker-src blob:; connect-src https://noembed.com https://cdn.plyr.io https://matomo.ploetzblog.de https://sentry.venus.bayern https://discussions.ploetzblog.de https://api.brotbacken.de https://tiles.venus.bayern https://tiles-storage.venus.bayern https://gateway.ploetzblog.vns.services 'self'; frame-src https://news.ploetzblog.de https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://player.podigee-cdn.net 'self'; object-src 'none' 1
default-src *.ciranet.com ciranet.com 'unsafe-hashes' 'unsafe-inline'; script-src ciranet.com *.ciranet.com *.jquery.com *.googleapis.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net *.paypalobjects.com *.paypal.com 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'; connect-src *.ciranet.com ciranet.com *.googleapis.com *.nr-data.net *.paypal.com; img-src *.googleapis.com *.gstatic.com *.ciranet.com ciranet.com *.paypal.com data: blob:; style-src *.ciranet.com ciranet.com *.bootstrapcdn.com *.googleapis.com 'unsafe-hashes' 'unsafe-inline';base-uri *.ciranet.com ciranet.com;form-action *.ciranet.com ciranet.com *.hoabankservices.com;font-src *.bootstrapcdn.com *.gstatic.com *.ciranet.com ciranet.com data:;frame-src *.clickpay.com *.ciranet.com ciranet.com *.epay.cm *.cit.com *.allianceassociationbank.com aafspayments.com *.google.com *.paypalobjects.com *.paypal.com *.hoabankservices.com *.hostedpayments.com *.communityadvantagepay.com aptexxvault.com blob:; 1
default-src 'self' 'unsafe-inline' https: data: blob:; frame-src 'self' https: *.https://paywithfour.com; frame-ancestors 'self' *.https://paywithfour.com; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-M2VhYjFiNDAwZDkzM2VjOQ=='; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' https: http: blob: 'self' *.securionpay.com securionpay.com *.dev.shift4.com api.shift4.com content.jwplatform.com *.p.jwpcdn.com polyfill.io cdn.rawgit.com cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com *.gstatic.com *.appdynamics.com *.google-analytics.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbee8abfcdc61c11351e77198b719f98b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=vtc; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.e-gen.or.kr https://member.nemc.or.kr http://media.nemc.or.kr http://www.youtube.com http://*.daumcdn.net https://dapi.kakao.com https://api2.sktelecom.com; 1
default-src https://ru.shellsmart.shell.com/v1/form https://app1.rusol.wl:8444/v1/form 'self' *.shellsmart.com *.shellescape.com *.shelldriversclub.co.uk https://login.consumer.shell.com test.login.consumer.shell.com *.a4cpromo.com *.adobedtm.com *.betrad.com *.crm-business-solutions.de *.doubleclick.net *.evidon.com *.facebook.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com *.metrics-shell.com *.omtrdc.net *.shell.com *.shell.hu *.shell.de *.shell.pl *.sps-delivery.de *.trustarc.com *.truste.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io ajax.googleapis.com assets.zendesk.com cm.everesttech.net code.jquery.com connect.facebook.net data: dpm.demdex.net ecdn.novomind.com fonts.gstatic.com geome.shellsmart.com https://authorize.omniture.com http://shell-vp-backend-integration.sps-delivery.de:84/ https://dpm.demdex.net https://dpm.demdex.net/id https://hello.myfonts.net https://sc.metrics-shell.com https://shell.demdex.net https://shell.demdex.net/id https://support.shell.com https://www.facebook.com/tr/ https://www.google-analytics.com https://www.googletagmanager.com https://www.google.de/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://zendesk-eu.my.sentry.io i.ytimg.com locator.shellsmart.com s.ytimg.com sc.metrics-shell.com shell.demdex.net shellfleetlocator.geoapp.me scmetrics.shell.com nscmetrics.shell.com activitymap.adobe.com 'unsafe-eval' 'unsafe-inline' wss://*.zopim.com wss://*.zopim.io ; report-uri /smart/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://lp.constantcontactpages.com *.constantcontactpages.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org player.vimeo.com www.googletagmanager.com tagmanager.google.com https://www.bird.ca https://itsenergy.ca https://careers.bird.ca/ https://www.phenom.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com tagmanager.google.com https://www.bird.ca https://itsenergy.ca https://careers.bird.ca/ https://www.phenom.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://itsenergy.ca; media-src 'self' data: blob:; child-src 'self' https://www.itsenergy.ca/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com lp.constantcontactpages.com *.google.com cdn.embedly.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com vimeo.com https://www.google-analytics.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';                                         script-src * data: blob: 'unsafe-inline' 'unsafe-eval';                                         connect-src * data: blob: 'unsafe-inline';                                          img-src * data: blob: 'unsafe-inline';                                          frame-src * data: blob: ;                                          style-src * data: blob: 'unsafe-inline';                                         font-src * data: blob: 'unsafe-inline';                                         frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-hXTVdSGXtljYznzi5MFXav9M3PHF3FEvgLL6i4fc9fyVo90X' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src self; 1
frame-ancestors https://*.espocloud.eu https://*.espocloud.com 1
frame-ancestors https://*.piratestorm.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://spele.nl/ https://gryonline.onet.pl/ https://centralagier.wp.pl/ https://www.browsergames.de/ https://www.sat1spiele.de/ https://www.funnygames.nl/ https://www.prosiebengames.de/ https://www.oyunkolu.com/ https://www.speeleiland.nl/; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.zeltser.com https://*.twitter.com https://*.twimg.com https://*.typekit.net https://secure.gravatar.com https://www.google-analytics.com https://fonts.googleapis.com https://ssl.gstatic.com https://trends.google.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com data: ; media-src http://origin1.podcastwebsites.com https://*.zeltser.com https://zeltser.com 1
frame-ancestors 'self' *.wifi.teledata.de https://*.wifi.teledata.de *.gisserver.de https://*.gisserver.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.youtube.com https://s.ytimg.com https://chart.rsf.ru https://*.yandex.ru https://cdnjs.cloudflare.com https://s7.addthis.com https://*.yandex.net https://yastatic.net https://www.gravatar.com https://csi.gstatic.com/ http://maps.google.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://client-registry.mutinycdn.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://j.6sc.co https://www.redditstatic.com https://snap.licdn.com https://js.driftt.com https://widget.drift.com https://analytics.tiktok.com https://dx.mountain.com https://js.hs-scripts.com https://tag.clearbitscripts.com https://js.hubspot.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://x.clearbitjs.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn2.hubspot.net fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://cdn.cookielaw.org https://www.google.com https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://tracking.g2crowd.com https://alb.reddit.com https://px.ads.linkedin.com https://b.6sc.co https://px4.ads.linkedin.com https://images.mutinycdn.com https://perf-na1.hsforms.com https://track.hubspot.com https://www.facebook.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://*.hsforms.com https://www.linkedin.com https://blog.kobiton.com https://info.kobiton.com https://lh5.googleusercontent.com https://lh4.googleusercontent.com https://lh3.googleusercontent.com https://*.googleusercontent.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://geolocation.onetrust.com https://js.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://www.google.com https://cdn.linkedin.oribi.io https://secure.adnxs.com https://ipv6.6sc.co https://epsilon.6sense.com https://c.6sc.co https://epsilon-cloudfront.6sense.com https://px.ads.linkedin.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://app.clearbit.com https://googleads.g.doubleclick.net https://*.hubapi.com https://js.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://s.pointerpro.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: https://images.mutinycdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' ; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.visualize-roi.com https://www.youtube.com https://forms.hsforms.com https://js.driftt.com https://widget.drift.com https://static.hsappstatic.net https://app.hubspot.com https://td.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://s.pointerpro.com www.googletagmanager.com; child-src 'self' www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.toad.social; img-src 'self' https: data: blob: https://assets.toad.social; style-src 'self' https://assets.toad.social 'nonce-fPSwxowT0Uz0ReGn9IWWIg=='; media-src 'self' https: data: https://assets.toad.social; frame-src 'self' https:; manifest-src 'self' https://assets.toad.social; form-action 'self'; child-src 'self' blob: https://assets.toad.social; worker-src 'self' blob: https://assets.toad.social; connect-src 'self' data: blob: https://assets.toad.social https://files.toad.social wss://toad.social; script-src 'self' https://assets.toad.social 'wasm-unsafe-eval' 1
report-uri /api/csp/report-violations;default-src 'self';connect-src 'self' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com;script-src 'self' 'unsafe-inline' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.arsscribendi.nl arsscribendi.nl https://schoolsupport.nl https://www.schoolsupport.nl https://bestel.schoolsupport.online www.google-analytics.com maps.googleapis.com maps.gstatic.com;media-src 'self';font-src 'self' fonts.gstatic.com;object-src 'none';frame-src 'self' https://e.issuu.com/ www.youtube.com player.vimeo.com www.google.com readiant.app;frame-ancestors 'none';block-all-mixed-content; 1
frame-ancestors 'none';object-src 'none' 1
default-src 'self' salesforce.okta.com *.oktacdn.com; connect-src 'self' salesforce.okta.com salesforce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com salesforce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' salesforce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' salesforce.okta.com *.oktacdn.com; frame-src 'self' salesforce.okta.com salesforce-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' salesforce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' salesforce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://confluence.internal.salesforce.com https://foundation--pie.sandbox.my.salesforce.com https://integration360.lightning.force.com https://powerofus.force.com https://pie-powerofus.usa2s.sfdc-yfeipo.force.com https://org62--62stage2.sandbox.lightning.force.com https://threatcanvas.internal.salesforce.com https://foundation.lightning.force.com https://tc.tm-as-a-service.ast.aws-dev2-uswest2.aws.sfdc.cl https://tabstg.internal.salesforce.com https://foundation.my.site.com https://integration360--i360dev.sandbox.lightning.force.com https://tabdev.internal.salesforce.com https://gus--rakesh.sandbox.lightning.force.com https://spfdev01-supportforce.cs21.force.com https://tabse.internal.salesforce.com https://cichub--stage.sandbox.lightning.force.com https://tabtst.internal.salesforce.com https://mc-00tq6cdjppzlxr9vvx98rqyy1.pub.sfmc-content.com https://foundation--pie.builder.salesforce-communities.com https://supportforce.my.site.com https://supportforce--spfstage.sandbox.my.site.com https://foundation.builder.salesforce-communities.com https://tc.tm-as-a-service.ast-s.aws-esvc1-useast2.aws.sfdc.cl https://cichub.lightning.force.com https://sfdc-tab.internal.salesforce.com https://foundation--pie.my.salesforce.com https://supportforce.force.com https://gus.lightning.force.com https://org62.lightning.force.com https://foundation.my.salesforce.com https://foundation--pie.sandbox.my.site.com 1
frame-ancestors 'self' https://www.eliquisdataportal.com https://bmsdm--cms.na152.visual.force.com https://www.emplicitihcp.com https://origin-emplicitihcp-bms-aem-prod.adobecqms.net https://www.sprycel-hcp.com https://www.orenciahcp.com https://www.opdivocombotherapy.com https://www.nulojixhcp.bmscustomerconnect.com https://www.kenaloghcp.bmscustomerconnect.com https://www.hcp.yervoy.com https://www.evotazhcp.com https://www.eliquis.com/eliquis/hcp https://www.bmsdataportal.com https://www.azactamhcp.bmscustomerconnect.com https://www.opdivohcp.com https://origin-opdivo-hcp-bms-aem-prod.adobecqms.net https://www.opdivocombomnsclc-mpm.com https://origin-opdivocombomnsclc-mpm-bms-aem-prod.adobecqms.net https://www.opdivogastroeso.com https://origin-opdivogastroeso-bms-aem-prod.adobecqms.net https://www.empliciti.com https://origin-emplicitidtc-bms-aem-prod.adobecqms.net https://www.opdivorx.com https://origin-opdivomiuc-bms-aem-prod.adobecqms.net https://www.bmsehr.com https://origin-bmsehr-bms-aem-prod.adobecqms.net https://www.seeeliquisevidence.com https://origin-eliquis-payer-bms-aem-prod.adobecqms.net https://www.bmsmelanoma.com https://origin-bmsmelanoma-bms-aem-prod.adobecqms.net https://www.opdualaghcp.com https://origin-opdualaghcp-bms-aem-prod.adobecqms.net https://www.opdivoyervoymnsclc.com https://origin-onelung-bms-aem-prod.adobecqms.net https://www.eliquis.com https://camzyoshcp.bms-preview.com https://www.camzyoshcp.com https://opdivo-hcp.bms-preview.com https://www.revlimidhcp.com https://revlimidhcp.bms-preview.com https://www.zeposiahcp.com https://zeposiahcp.bms-preview.com https://www.sotyktuhcp.com https://deucravahcp.bms-preview.com https://www.pomalysthcp.com https://pomalysthcp.bms-preview.com https://www.reblozylpro.com https://reblozylpro.bms-preview.com https://www.bmsehr.com https://bmsehr.bms-preview.com https://www.abraxanepro.com https://abraxanepro.bms-preview.com https://inrebicpro.bms-preview.com https://www.inrebicpro.com https://inrebic.bms-preview.com https://www.inrebic.com https://www.eliquisoutcomes.com https://eliquisoutcomes.bms-preview.com https://www.camzyosfinder.com https://camzyosfinder.bms-preview.com; default-src wss: https: blob: wss: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;frame-src * data:; 1
default-src 'none'; base-uri 'none'; child-src 'self' app.netlify.com; form-action 'none'; frame-ancestors 'none'; img-src 'self' images.prismic.io assets.coingecko.com s2.coinmarketcap.com *.cloudfront.net data:; media-src 'self'; object-src 'none'; script-src 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com app.netlify.com netlify-cdp-loader.netlify.app *.googletagmanager.com; script-src-elem 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com *.googletagmanager.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' files.coinmarketcap.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; connect-src 'self' api.coingecko.com 3rdparty-apis.coinmarketcap.com wss://cable.coingecko.com ocean.defichain.com api.github.com; prefetch-src 'self'; 1
default-src 'self' https: data: blob: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://playground.wordpress.net; 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.dr-gamringer.de augenallianz-test.dc-test.de;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com www.dr-gamringer.de augenallianz-test.dc-test.de;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com www.dr-gamringer.de augenallianz-test.dc-test.de;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com www.dr-gamringer.de augenallianz-test.dc-test.de;  font-src 'self' data: use.typekit.net fonts.gstatic.com www.dr-gamringer.de augenallianz-test.dc-test.de;  object-src 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  media-src 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.dr-gamringer.de augenallianz-test.dc-test.de;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com www.dr-gamringer.de augenallianz-test.dc-test.de;  frame-ancestors 'self' www.dr-gamringer.de augenallianz-test.dc-test.de;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com www.dr-gamringer.de augenallianz-test.dc-test.de; 1
default-src 'self';frame-src 'none';frame-ancestors 'none';script-src 'self' statistiek.rijksoverheid.nl;frame-src 'none';frame-ancestors 'none';object-src 'self' 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/8572b630-f297-4ba8-a906-3df01a2cc5f6/state.js https://consentcdn.cookiebot.com/consentconfig/8572b630-f297-4ba8-a906-3df01a2cc5f6/ina.gematik.de/configuration.js https://consent.cookiebot.com/8572b630-f297-4ba8-a906-3df01a2cc5f6/cc.js https://ina-asset.gematik.de/1/javascripts/head.js https://ina-asset.gematik.de/1/javascripts/lazyloading.js https://ina-asset.gematik.de/1/javascripts/main.js https://platform.twitter.com https://platform.twitter.com/widgets.js https://ina-asset.gematik.de/1/network-graph/js/2.chunk.js https://ina-asset.gematik.de/1/network-graph/js/main.chunk.js https://consent.cookiebot.com player.vimeo.com *.vimeocdn.com img.youtube.com https://www.youtube.com www.youtube-nocookie.com 'sha256-1/mVODurd9OCItKG0EG2GDXXrAHLPYHqKS9+tImwu08=' 'sha256-so40D33gzzhWfKOTTX7xOTaV4j7KoW+ib37SwFAyjxA=' 'sha256-RbRnjdqp25WcmeJB94ykqsfVXEyUnZmyfs4RQoIlBmw=' 'sha256-Tl9CLvWFwpiz3GdOqBQ9gOBM8+xIJHzuBhQONPGoc5s=' 'sha256-lPRWL/60drumBGRwomvtEPS5XoglSyKnQqhyg9jHQeI=' 'sha256-Nsj8+TeMwQtVi5u/7WVAsCjCKRyHeuqB3pzQJz6e++U=' 'sha256-qvwM9709nOaFOYrca7XpicZsscGwyXv4qfVdI9Y7ILA=' 'sha256-Wvm/rBhdhlMgHBrVdHt9Gdllh4OZuyp/oFlepLALdM8=' 'sha256-pW4cPVvkO1dqm62JgyoCmGlW4SZe3jrX5R+820UMDsY=' 'sha256-+uZI49o8cPq+UQFtbaIYkQB/eu4rZ5ETPUetFS4VZ2o=' 'sha256-sENnDPeKHXqMcN4ItXFOj1qrXVXa2sSwH5AROu17vA0=' 'sha256-NbOwWa3bTr5hZKSzYsTr8G3kcdkzsaAWBZ5NRg1uylo=' 'sha256-MXk+wHM57iU4IxPyEMwDOnTsRI/aBClJfL4ePXXdoFc=' 'sha256-E2QLY/1zF/NX9gvqKmESjbpj0chl8gcjMjAvYd4mJ/g='; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://ina-asset.gematik.de/1/stylesheets/main.css https://ina-asset.gematik.de/1/stylesheets/print.css https://www.ina.gematik.de/typo3conf/ext/simplebookmarks/Resources/Public/Css/bookmark.css https://www.ina.gematik.de/typo3conf/ext/dpn_glossary/Resources/Public/css/styles.css https://www.ina.gematik.de/typo3conf/ext/solr/Resources/Public/StyleSheets/Frontend/suggest.css https://platform.twitter.com https://consentcdn.cookiebot.com https://syndication.twitter.com; img-src 'self' data: https://ina-asset.gematik.de https://ina-api.gematik.de/ https://syndication.twitter.com https://img.youtube.com http://i.vimeocdn.com/video https://i.vimeocdn.com/video https://i.vimeocdn.com/video img.youtube.com; font-src 'self' https://ina-asset.gematik.de https://ina-api.gematik.de/upload; connect-src 'self' https://*.google-analytics.com https://consentcdn.cookiebot.com https://ina-asset.gematik.de/1/icons/icons.svg https://ina-api.gematik.de; frame-src 'self' https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube-nocookie.com https://player.vimeo.com https://play.google.com https://www.youtube.com; frame-ancestors 'self' https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube-nocookie.com https://play.google.com https://www.youtube.com; form-action 'self'; base-uri 'self'; manifest-src https://www.ina.gematik.de/typo3conf/ext/rsmbasechild/Resources/Public/Favicons/site.webmanifest; report-uri /typo3conf/ext/csp/csp_report.php 1
frame-ancestors 'self'; object-src 'self' blob: ; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://airwaves.social; img-src 'self' https: data: blob: https://airwaves.social; style-src 'self' https://airwaves.social 'nonce-9gAlyV/6tqHTgZkzEQx80A=='; media-src 'self' https: data: https://airwaves.social; frame-src 'self' https:; manifest-src 'self' https://airwaves.social; form-action 'self'; child-src 'self' blob: https://airwaves.social; worker-src 'self' blob: https://airwaves.social; connect-src 'self' data: blob: https://airwaves.social https://files.airwaves.social wss://airwaves.social; script-src 'self' https://airwaves.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
default-src 'none'; connect-src https: https://*.tawk.to wss://*.tawk.to https://tawk.to; font-src 'self' https: https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to; frame-src 'self' https: https://va.tawk.to; img-src 'self' https: https://static-v.tawk.to; media-src 'self' https://static-v.tawk.to https://player.vimeo.com https://download-video.akamaized.net https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https: data: 'report-sample' 'unsafe-eval' 'unsafe-inline'  https://embed.tawk.to https://static-v.tawk.to; style-src 'self' https: https://embed.tawk.to 'unsafe-inline'; worker-src 'none'; 1
manifest-src 'self'; script-src 'self' 'unsafe-eval' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: blob: https://immortuos.life:8443/socket.io/ wss://immortuos.life:8443/socket.io/ https://immortuos.life/ https://hls.immortuos.live/; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https:; media-src 'self' https: blob: about: https://sound.immortuos.live:8878/ https://immortuos.life/; worker-src https: blob:; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/ https://radio.onlyencodes.cc; connect-src 'self' https://onlyencodes.cc:8443/socket.io/ wss://onlyencodes.cc:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self', frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self', frame-ancestors 'self' https://*.facebook.com 1
default-src 'self' data: hub09.matomo.cloud italdesign.matomo.cloud consent.cookiebot.com consentcdn.cookiebot.com fonts.gstatic.com www.facebook.com www.google.com www.gstatic.com inrecruiting.intervieweb.it www.youtube.com www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.matomo.cloud use.typekit.net consent.cookiebot.com consentcdn.cookiebot.com cdn.matomo.cloud use.typekit.net connect.facebook.net *.licdn.com *.linkedin.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com inrecruiting.intervieweb.it *.youtube.com; connect-src 'self' *.italdesign.it cdn.jsdelivr.net *.matomo.cloud cdn.linkedin.oribi.io stats.g.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com; img-src * data:; style-src 'self' 'unsafe-inline' hub09.matomo.cloud italdesign.matomo.cloud fonts.gstatic.com fonts.googleapis.com *.gstatic.com; media-src * data: 'self' 'unsafe-inline' www.italdesign.it 1
base-uri 'self';default-src 'self';connect-src 'self' https://matomo.ingenuitylite.com https://salesiq.zoho.eu wss://vts.zohopublic.eu https://salesiq.zohopublic.eu https://stats.g.doubleclick.net https://vts.zohopublic.eu https://www.facebook.com https://css.zohocdn.com https://www.google-analytics.com;frame-ancestors 'none';font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com https://cdn.jsdelivr.net https://css.zohostatic.eu;frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://ir.design-portfolio.co.uk https://js.stripe.com https://bugcrowd.com https://*.facebook.com https://ddlnk.net;img-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://www.googletagmanager.com https://*.thcdn.com data: https://salesiq.zohopublic.eu https://www.google-analytics.com https://www.facebook.com https://matomo.ingenuitylite.com;child-src 'self';script-src 'self' 'unsafe-eval' 'nonce-d0d0fdd741ce69e729423ffd6fe5e2a5' 'strict-dynamic' https://matomo.ingenuitylite.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://www.google-analytics.com https://connect.facebook.net https://js.zohocdn.com https://salesiq.zoho.eu;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com https://css.zohostatic.eu;style-src-attr 'self' 'unsafe-inline';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://matomo.ingenuitylite.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js.stripe.com https://www.google-analytics.com https://connect.facebook.net https://salesiq.zoho.eu https://js.zohostatic.eu https://js.zohocdn.com;worker-src 'none';media-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://blogscdn.thehut.net https://*.gstatic.com;report-uri https://csp.ingenuitylite.com/ajax/csp-report;report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.intercomcdn.com https://*.intercom.io https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * https: data: ; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' https://www.facebook.com/tr  https://adservice.google.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com https://api-iam.intercom.io/messenger/web/metrics https://api-iam.intercom.io/messenger/web/ping https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mkp8duh1ug.execute-api.ap-southeast-2.amazonaws.com/dev/send-mail; media-src 'self' https://js.intercomcdn.com; object-src 'self'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;   frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.facebook.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://*.intercom.io https://intercom.help https://www.facebook.com; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.sherweb.com https://*.cumulus.sherweb.com https://billing.rak4cloud.com https://cloud.itpartners.com https://cloudmanagerportal.com https://control.careservtech.com https://control.gocareserv.help https://control.intellam.com https://control.spekcloud.com https://cumulus.ats.avnet.com https://cumulus.checksum.biz https://cumulus.fusenetworks.com https://cumulus.ismgrid.com https://my.cloudportal365.com https://portal.cloudkama.com https://portal.gettechworkz.com https://portal.massiveit.com https://portal.xaas1.com https://productivity.cloudwyze.com https://store.wintellisys.com https://techdata.sherweb.com; 1
frame-ancestors 'self'; frame-src https://ims2.dpgmedia.be https://www.youtube.com https://www.tiktok.com https://www.instagram.com https://player.vimeo.com https://go.advertising.dpgmedia.be https://be.dpgmediagroup.com https://go.dpgmediagroup.com https://go.dpgmedia.nl https://anchor.fm https://vars.hotjar.com https://cmp.jezofficial.be https://ls.hit.gemius.pl http://ls.hit.gemius.pl https://advertising-module.api.dpgmedia.cloud https://www.google.com https://open.spotify.com; 1
default-src 'self'  data: blob:;          img-src 'self' 'unsafe-inline' data: blob:              https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/              https://i.vimeocdn.com/video/              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://*.dynamic.tiles.virtualearth.net/              https://*.bing.com               https://*.virtualearth.com             https://syndication.twitter.com/            https://platform.twitter.com/css/            https://abs.twimg.com/emoji/            https://pbs.twimg.com/profile_images/            https://pbs.twimg.com/media/            https://*.audioeye.com/            https://*.fitnessintl.com/            https://*.facebook.net/            https://www.facebook.com/tr/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            www.googletagmanager.com              https://analytics.xscreenattribution.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://cm.g.doubleclick.net/              https://ups.analytics.yahoo.com/ups/              https://pixel.rubiconproject.com/              https://match.adsrvr.org/track/cmf/                 https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/           ;             script-src 'self' 'unsafe-inline' 'unsafe-eval'             https://www.google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/api/              https://player.vimeo.com/video/                   https://signnow.com              https://api.signnow.com              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://platform.twitter.com/widgets.js            https://platform.twitter.com/js/            https://cdn.syndication.twimg.com/timeline/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://www.googletagmanager.com/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://js.adsrvr.org/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           child-src 'self' 'unsafe-inline'             https://www.google.com/recaptcha/             https://google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://gstatic.com/recaptcha/            https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/                https://signnow.com              https://api.signnow.com              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://www.facebook.com/            https://platform.twitter.com/            https://syndication.twitter.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://www.googletagmanager.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/                  https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              http://www.googletagmanager.com/gtag/              https://d1oym7eq8y3o6a.cloudfront.net              https://analytics.tiktok.com/i18n/pixel/              https://td.doubleclick.net/              https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           frame-src 'self' 'unsafe-inline'               https://staging.lafitness.com/              https://lafitness.com/              https://clubstudiofitness.com/              https://citysportsfitness.com/              https://esportafitness.com/            https://www.google.com/recaptcha/             https://google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://gstatic.com/recaptcha/             https://ssl.google-analytics.com/              http://www.google-analytics.com/             http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            http://google-analytics.com/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/                 https://signnow.com              https://api.signnow.com               https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://www.facebook.com/            https://platform.twitter.com/            https://syndication.twitter.com/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://www.googletagmanager.com/              https://my.matterport.com/              https://my.matterport.com/show/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://js.adsrvr.org/              https://insight.adsrvr.org/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://bid.g.doubleclick.net/                https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net              https://analytics.tiktok.com/i18n/pixel/              https://td.doubleclick.net/              https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           style-src 'self' 'unsafe-inline'             https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://platform.twitter.com/css/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/             https://signnow.com              https://api.signnow.com            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://fonts.googleapis.com/               https://*.googleadservices.com/pagead/               https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           connect-src 'self'              https://www.bing.com/maps/            https://www.bing.com/fd/ls/              https://*.audioeye.com/             https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://www.google-analytics.com/j/              https://www.googletagmanager.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://www.google-analytics.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/                  https://signnow.com              https://api.signnow.com               https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           font-src 'self' data: blob:            https://*.audioeye.com/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://fonts.gstatic.com/s/opensans/v18/            https://fonts.gstatic.com/s/roboto/               https://*.googleadservices.com/pagead/                  https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh50XSwaPGQ3q5d0N7w.woff2               https://fonts.gstatic.com/s/lato/v22/            ;           media-src 'self'             https://*.audioeye.com/            https://*.audioeye.com/scripts/              ;            frame-ancestors 'self'               https://staging.lafitness.com/               https://lafitness.com/               https://clubstudiofitness.com/               https://citysportsfitness.com/               https://esportafitness.com/               https://www.lafitness.com/               https://www.clubstudiofitness.com/               https://www.citysportsfitness.com/               https://www.esportafitness.com/               https://startlafitness.com/               https://startesportafitness.com/               https://startcitysportsclub.com/ 1
script-src * 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' https://*.fibt.com https://fibt.com https://app.loanspq.com https://apptest.loanspq.com; connect-src 'self' wss://*.salemove.com https://*.salemove.com wss://api.glia.com https://api.glia.com https://*.twilio.com wss://*.twilio.com https://api.segment.io/v1/t https://cdn.segment.com/v1/projects/ https://analytics.google.com/g/collect https://www.google-analytics.com https://www.googleadservices.com https://www.google.com/pagead/attribution/wcm https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://jira-tech.amobee.com https://amobee.cloudflareaccess.com https://maps.googleapis.com https://calc-backend-prod.herokuapp.com https://thefontzone.com/v4/w/fonts/; media-src 'self' https://*.salemove.com https://api.glia.com https://*.kc-usercontent.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://embed.signalintent.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/css https://*.salemove.com https://api.glia.com https://embed.signalintent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://ajax.googleapis.com https://cdn.segment.com/next-integrations/ https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://www.gstatic.com https://www.recaptcha.net/recaptcha/ https://www.youtube.com https://s.ytimg.com https://*.salemove.com https://api.glia.com https://connect.facebook.net https://embed.signalintent.com; object-src 'self'; img-src 'self' data: https://*.siteimproveanalytics.io https://*.salemove.com https://*.floify.com/ https://embed.signalintent.com https://s3.us-east-2.amazonaws.com https://api.glia.com https://maps.gstatic.com https://maps.googleapis.com/maps/vt https://www.google-analytics.com https://www.googleadservices.com https://www.google.com/pagead/ https://www.googletagmanager.com https://*.googleapis.com/kh https://*.googleapis.com/cbkhttps://*.ggpht.com/cbk https://*.doubleclick.net https://ads.yahoo.com/cms/ https://adservices.brandcdn.com/pixel/cv_img https://amobee.cloudflareaccess.com/cdn-cgi/ https://beacon.krxd.net/usermatch.gif https://dpm.demdex.net/ibs https://dsum-sec.casalemedia.com/rum https://ib.adnxs.com/getuid https://insight.adsrvr.org/track/pxl/ https://insight.adsrvr.org/track/ https://jira-tech.amobee.com https://match.adsrvr.org/track/ https://pixel.advertising.com https://pixel.rubiconproject.com/tap.php https://r.turn.com/r/beacon https://simage2.pubmatic.com/AdServer/Pug https://ups.analytics.yahoo.com/ups/ https://usermatch.krxd.net/um/v2 https://www.facebook.com/tr/ https://x.bidswitch.net/syncd https://*.kc-usercontent.com https://cdn.segment.com/next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.youtube.com https://www.google.com/maps/ https://www.facebook.com/tr/ https://e.issuu.com/ 1
frame-ancestors http://ne.snn-unit.de https://ne.snn-unit.de https://aub-cloud.htwsaar.de 'self' 1
default-src 'self' data: blob: https://*.google.com https://*.google.com.ph https://*.google.com.sg https://*.doubleclick.net https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.onesignal.com https://onesignal.com https://browser-update.org https://*.ampproject.org https://*.onepropertee.com https://bing-amp.com https://*.bing-amp.com https://api.dicebear.com https://api.xendit.co https://*.xendit.co https://*.openreplay.com https://onepropertee.com https://assets.onepropertee.com https://ilove-onepropertee-assets.s3-accelerate.amazonaws.com https://www.googletagmanager.com https://challenges.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://*.google.com.ph https://*.google.com.sg https://*.doubleclick.net https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.onesignal.com https://onesignal.com https://browser-update.org https://*.ampproject.org https://*.onepropertee.com https://bing-amp.com https://*.bing-amp.com https://api.dicebear.com https://api.xendit.co https://*.xendit.co https://*.openreplay.com https://onepropertee.com https://assets.onepropertee.com https://ilove-onepropertee-assets.s3-accelerate.amazonaws.com https://www.googletagmanager.com https://challenges.cloudflare.com; connect-src * 'self' data: blob: https://*.google.com https://*.google.com.ph https://*.google.com.sg https://*.doubleclick.net https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.onesignal.com https://onesignal.com https://browser-update.org https://*.ampproject.org https://*.onepropertee.com https://bing-amp.com https://*.bing-amp.com https://api.dicebear.com https://api.xendit.co https://*.xendit.co https://*.openreplay.com https://onepropertee.com https://assets.onepropertee.com https://ilove-onepropertee-assets.s3-accelerate.amazonaws.com https://www.googletagmanager.com https://challenges.cloudflare.com; img-src data: 'self' blob: https://*.google.com https://*.google.com.ph https://*.google.com.sg https://*.doubleclick.net https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.onesignal.com https://onesignal.com https://browser-update.org https://*.ampproject.org https://*.onepropertee.com https://bing-amp.com https://*.bing-amp.com https://api.dicebear.com https://api.xendit.co https://*.xendit.co https://*.openreplay.com https://onepropertee.com https://assets.onepropertee.com https://ilove-onepropertee-assets.s3-accelerate.amazonaws.com https://www.googletagmanager.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' data: blob: https://*.google.com https://*.google.com.ph https://*.google.com.sg https://*.doubleclick.net https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.onesignal.com https://onesignal.com https://browser-update.org https://*.ampproject.org https://*.onepropertee.com https://bing-amp.com https://*.bing-amp.com https://api.dicebear.com https://api.xendit.co https://*.xendit.co https://*.openreplay.com https://onepropertee.com https://assets.onepropertee.com https://ilove-onepropertee-assets.s3-accelerate.amazonaws.com https://www.googletagmanager.com https://challenges.cloudflare.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-NxA6O9BZHDl3u7HTQ4OfbQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MGZkNzhjYTZjYjI5NGQ5ZmJmOTNiYjUzMjUxNDIzNTU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.mensenrechten.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.mensenrechten.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.mensenrechten.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src https: 'unsafe-eval' 'unsafe-inline' wss://*.iot.eu-west-1.amazonaws.com wss://*.hotjar.com https://*.quantserve.com; font-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * data:; 1
frame-ancestors http://localhost:8943 http://localhost:8630 http://localhost:8635/ http://staging.ece.virtual-meeting.net https://vmx-dev.m-anage.com https://vmx.m-anage.com https://abstracts.eurospe.org  https://abstracts.bioscientifica.com http://abstracts.bioscientifica.com https://www.endocrine-abstracts.org/ http://www.eseondemand.org https://www.eseondemand.org https://programme.bioscientifica.com http://programme.bioscientifica.com https://www.bone-abstracts.org https://www.obesity-abstracts.org https://www.espeyearbook.org 1
default-src 'self' cdn.wcc.creation-l.de https://cdn.wcc.creation-l.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.creation-l.de fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net http://dq4irj27fs462.cloudfront.net;    img-src * data:;    connect-src 'self' https://cdn.wcc.creation-l.de/graphql cdn.wcc.creation-l.de cdn.witt.info/ images.ctfassets.net te.creation-l.de tp.creation-l.de wasp.creation-l.de wst.creation-l.de *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.creation-l.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com;    style-src 'self' cdn.wcc.creation-l.de www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.creation-l.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.creation-l.de *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.creation-l.de cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.creation-l.de;    worker-src 'self' cdn.wcc.creation-l.de blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src 'self'; script-src 'report-sample' 'self' 'nonce-BWF6jh8AFOr8NK62qmwMgOH8cAKx88np' 'sha256-ATReICQsd+smV/PvrA4eH+DuxsenS4SxbGcSjySJlBA=' 'sha256-dfdOeclK8W2bc3pLeBjmBZ43zzL2twD8uFtbf+HK8eE=' 'sha256-Zs9dg8fLFqe8K+TMLxmxfh9kDb7kBHV/0xh8wa00FZU=' 'sha256-OjrU+L7RDhz/aEKmd2vXk9Ceps178yu5EltXeLfc/+g=' 'sha256-SYOXwCHIEJhtJXiogYuy6vW8We7ejD+n84SseLc2zwc=' 'sha256-gqP8Er0fEHsOdlI7pPfO6wVvN0f4RJqYSVMuWiiC4M8=' 'sha256-ks1JgVmPiEITuCaKVdvTGZZBhh/DWwWqAc7Ya+aR4BA=' 'sha256-MQULx/SwxpgCJn/YKLCygcj0hlAS/XtQgOhyxtYLn64=' 'sha256-aoeB9tsbYS7XWzsan2Vj9ZSOQFNxxE/T69O2JrgXyiI=' 'unsafe-eval' https://*.fleurop.ch https://*.fleurop.at https://accounts.google.com https://api.livechatinc.com https://assets.emarsys.net https://cdn.onesignal.com https://bat.bing.com https://browser-update.org https://cdn.jsdelivr.net https://cdn.live.mycontentbird.io https://cdn.livechatinc.com https://cdn.scarabresearch.com https://recommender-eu.scarabresearch.com https://static.scarabresearch.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://s.pinimg.com https://www.google-analytics.com https://www.googletagmanager.com https://b2d.fleurop.ch https://b2d.fleurop.at https://track.adform.net https://s2.adform.net https://onesignal.com https://assets.pxlecdn.com https://assets.pixlee.com https://*.trustedshops.com http://*.trustedshops.com; style-src 'report-sample' 'self' 'unsafe-inline' https://accounts.google.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fast.fonts.net https://onesignal.com; object-src 'none'; base-uri 'none'; connect-src 'self' https://bat.bing.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://maps.googleapis.com https://recommender.scarabresearch.com https://region1.analytics.google.com https://tag-manager.live.mycontentbird.io https://webchannel-content.eservice.emarsys.net https://www.google.ch https://www.google-analytics.com https://api.livechatinc.com https://www.facebook.com https://graph.facebook.co https://graph.facebook.com https://b2d.fleurop.ch https://b2d.fleurop.at https://onesignal.com https://stats.g.doubleclick.net https://photos.pixlee.co https://photos.pixlee.com https://accounts.google.com https://pagead2.googlesyndication.com https://me-client.eservice.emarsys.net https://*.trustedshops.com http://*.trustedshops.com https://*.etrusted.com http://*.etrusted.com https://*.trustbadge.com http://*.trustbadge.com; font-src 'self' data: https://cdn.jsdelivr.net https://cdn.livechatinc.com https://fonts.gstatic.com https://*.trustedshops.com http://*.trustedshops.com; frame-src 'self' https://accounts.google.com https://consentcdn.cookiebot.com https://ct.pinterest.com https://secure.livechatinc.com https://tag-manager.live.mycontentbird.io https://www.facebook.com https://track.adform.net https://*.doubleclick.net https://photos.pixlee.co https://photos.pixlee.com https://www.youtube.com; img-src 'self' blob: data: https://*.fleurop.ch https://*.fleurop.at https://bat.bing.com https://ct.pinterest.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://res.cloudinary.com https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://www.google.com https://www.google.de https://www.google.at https://www.google.ro https://www.google.fr https://www.google.it https://www.google.li https://www.google.es https://www.google.co.uk https://www.fleurop.ch https://cdn.livechat-files.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://b2d.fleurop.ch https://b2d.fleurop.at https://*.onesignal.com https://assets.pixlee.com https://i.ytimg.com https://www.googleadservices.com https://*.trustedshops.com http://*.trustedshops.com https://imgsct.cookiebot.com https://*.fleuropnet.ch; manifest-src 'self'; media-src 'self'; worker-src 'self' https://assets.emarsys.net https://cdn.onesignal.com; frame-ancestors 'self' https://www.maennerpflanze.ch/; report-uri https://63dd480a1110c9e871bfd356.endpoint.csper.io/?v=2; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://siteimproveanalytics.com *.siteimproveanalytics.io https://dec.azureedge.net/ munchkin.marketo.net medchatapp.com transparency.nrchealth.com https://s3-us-west-1.amazonaws.com/clockwisepublic/clockwiseWaitTimes.min.js *.googletagmanager.com *.googleadservices.com *.simpli.fi *.doubleclick.net *.btstatic.com *.thebrighttag.com *.buzzsprout.com *.production.gyantts.com tags.tiqcdn.com js.adsrvr.org https://mychartdev.hshs.org 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com medchatapp.com transparency.nrchealth.com app-prevea-usncentral.azurewebsites.net *.amazonaws.com https://mychartdev.hshs.org 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com transparency.nrchealth.com *.google.com googleads.g.doubleclick.net jelly.mdhv.io um.simpli.fi *.googleadservices.com *.doubleclick.net *.3lift.com *.intentiq.com aa.agkn.com *.tremorhub.com fei.pro-market.net pixel.tapad.com image2.pubmatic.com ads.stickyadstv.com loadm.exelator.com ups.analytics.yahoo.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net d.agkn.com image8.pubmatic.com sync.1rx.io pippio.com sync.smartadserver.com dpm.demdex.net p.adsymptotic.com sync.intentiq.com *.googletagmanager.com login.dotomi.com p.alcmpn.com *.addthis.com *.liadm.com *.analytics.yahoo.com insight.adsrvr.org *.krxd.net match.adsrvr.org ssum-sec.casalemedia.com app-prevea-usncentral.azurewebsites.net *.amazonaws.com *.siteimproveanalytics.io jelly-v6.mdhv.io 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: www.prevea.com prevea.com *.amazonaws.com; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com medchatapp.com player.understand.com bid.g.doubleclick.net *.formstack.com *.practicematch.com content.understand.com *.buzzsprout.com insight.adsrvr.org https://mychartdev.hshs.org 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com app.launchdarkly.com maps.googleapis.com api.clockwisemd.com stats.g.doubleclick.net *.facebook.com *.production.gyantts.com wss://web2.production.gyantts.com collect.tealiumiq.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com medchatapp.com player.understand.com bid.g.doubleclick.net *.formstack.com 'self' web-chat.nativechat.com; frame-ancestors 'self' https://www.myhshs.org https://myprevea.com 1
child-src 'self' *.financescout24.ch *.hotjar.com *.hotjar.io www.facebook.com *.g.doubleclick.net blob:; connect-src 'self' *.financescout24.ch wss://*.financescout24.ch cloudflareinsights.com assets.ctfassets.net o478492.ingest.sentry.io fs24-int.eu.auth0.com fs24-test.eu.auth0.com *.split.io api.amplitude.com *.applicationinsights.azure.com *.google-analytics.com analytics.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.com *.facebook.net *.doubleclick.net *.informizely.com *.taboola.com bat.bing.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-ch.onetrust.com privacyportal-ch-cdn.onetrust.com analytics.tiktok.com *.tda.link beagleider.tamedia.link cdn.linkedin.oribi.io px.ads.linkedin.com *.contentsquare.net api.marketing.swissmarketplace.group swissmarketplace.bloomreach.co *.google.com; default-src 'self'; font-src 'self' data: *.financescout24.ch *.tsnonline.net *.hotjar.com *.hotjar.io privacyportal-ch-cdn.onetrust.com; frame-ancestors 'self' *.financescout24.ch app.contentful.com; frame-src 'self' *.financescout24.ch fs24-int.eu.auth0.com fs24-test.eu.auth0.com www.googletagmanager.com *.hotjar.com *.hotjar.io www.facebook.com *.g.doubleclick.net td.doubleclick.net *.fls.doubleclick.net tsdtocl.com www.youtube.com www.youtube-nocookie.com *.google.com; img-src 'self' data: *.financescout24.ch images.ctfassets.net www.googletagmanager.com *.google-analytics.com *.hotjar.com *.hotjar.io www.facebook.com *.doubleclick.net *.taboola.com bat.bing.com swissmarketplace.group cdn.cookielaw.org *.linkedin.com ib.adnxs.com *.admeira.ch *.contentsquare.net *.immoscout24.ch *.autoscout24.ch www.google.ch *.google.com *.yahoo.com; media-src 'self'; object-src 'self'; script-src 'self' data: *.financescout24.ch cdnjs.cloudflare.com static.cloudflareinsights.com cdn.split.io *.tsnonline.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.googleadservices.com tpc.googlesyndication.com ajax.googleapis.com insitez.blob.core.windows.net *.taboola.com bat.bing.com cdn.cookielaw.org privacyportal-ch-cdn.onetrust.com analytics.tiktok.com *.tda.link snap.licdn.com acdn.adnxs.com unsafe-inline t.contentsquare.net app.contentsquare.com api.exponea.com api.marketing.swissmarketplace.group 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.tsnonline.net *.financescout24.ch tagmanager.google.com privacyportal-ch-cdn.onetrust.com; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub453d3c043961103f013edeeff9b05d9c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod&service=www.financescout24.ch 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss://*.hotjar.com; frame-ancestors 'self'; object-src 'none'; worker-src blob:; 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 1
frame-ancestors *.coachesvoice.com http://localhost:3000 1
frame-ancestors 'self' https://app.emlen.io *.candis.io 1
default-src 'self'; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data:; media-src * data:; font-src * data:; frame-src *; object-src *; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; 1
default-src https:; base-uri 'self'; connect-src 'self' https: wss://*; script-src 'unsafe-eval' 'unsafe-inline' https: *.typekit.net cookies.praguebest.cz; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net cookies.praguebest.cz; font-src 'self' data:;object-src 'none'; report-uri https://praguebest.report-uri.com/r/d/csp/enforce 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com https://gum.criteo.com https://fledge.eu.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://analytics.tiktok.com https://ct.pinterest.com https://*.criteo.com https://*.criteo.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myvegan.ie https://checkout.myvegan.ie https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://cdn.trackjs.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://lantern.roeyecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' blob: www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' www.google.com fonts.googleapis.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ www.googletagmanager.com/; 1
frame-ancestors 'self' https://*.iframely.com 1
upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' mailto: *; font-src * ; img-src 'self' data: blob: * ; object-src 'none'; form-action 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hcommons.social; img-src 'self' https: data: blob: https://hcommons.social; style-src 'self' https://hcommons.social 'nonce-2iQ9lfAJqKCd942IfXLTxQ=='; media-src 'self' https: data: https://hcommons.social; frame-src 'self' https:; manifest-src 'self' https://hcommons.social; connect-src 'self' data: blob: https://hcommons.social https://spaces.hcommons.social wss://hcommons.social; script-src 'self' https://hcommons.social 'wasm-unsafe-eval'; child-src 'self' blob: https://hcommons.social; worker-src 'self' blob: https://hcommons.social 1
frame-ancestors 'none'; connect-src 'self' https://api.philanthropycloud.com https://api.elevate.salesforce.org/ https://*.amazonaws.com/ https://www.google-analytics.com/ https://api.cloudinary.com/ https://vimeo.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/; script-src-elem 'self' 'unsafe-inline' https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://player.vimeo.com/ https://maps.googleapis.com/ https://js.stripe.com/; img-src 'self' data: https://res.cloudinary.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://images.philanthropycloud.com/; object-src 'none'; report-uri https://api.philanthropycloud.com/cspreport?type=elevate; 1
default-src 'self' *.abtasty.com;script-src 'self' 'nonce-VjQsNM/SF57PZ3cmkbtv0e/s' localhost:* *.abtasty.com ajax.aspnetcdn.com bat.bing.com r.bing.com cdnjs.cloudflare.com connect.facebook.net kit.fontawesome.com *.fontawesome.com edge.fullstory.com rs.fullstory.com www.google.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.facebook.net 'sha256-tWRlmXXZkeEJ/TBArBnYrGyw6Sz758tMkwaTxlUPMNE=' *.cdn.moengage.com *.sdk-01.moengage.com *.moengage.com *.app-cdn.moengage.com;object-src 'none';style-src 'self' 'nonce-1NW2c9D3/mVChf12/i3M2h3W' *.abtasty.com *.bing.com cdnjs.cloudflare.com ka-p.fontawesome.com *.fontawesome.com *.gstatic.com *.googleapis.com www.googletagmanager.com unpkg.com 'sha256-yQtWWI1oJgAeod4NAC3ADTlp4knvffCLUBIV71GaPjY=' 'sha256-QkXsyipLUNf9mtyall7R+bTsJOmTXjTIDvr8D4VtVMY=' 'sha256-KzZaFIP2mx8iNKtsGK0YT4TS9YKgk4AbI2TEW9YoEk4=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-tWRlmXXZkeEJ/TBArBnYrGyw6Sz758tMkwaTxlUPMNE=' app-cdn.moengage.com 'sha256-nMxMqdZhkHxz5vAuW/PAoLvECzzsmeAxD/BNwG15HuA=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-1SfzHY/8tpEnLl6D1lUTpRfR+E3C2rBdlRw+Le+/faY=' 'sha256-i2FAGZwrZxIPzojQjHVnqx8Skm1mc2FPagOfIl7xaPI=' 'sha256-UPhFGlX5oTSuwRA1DuxGocS25yP9zwCo5t5c2KVPMUo=' 'sha256-sA0hymKbXmMTpnYi15KmDw4u6uRdLXqHyoYIaORFtjU=' 'sha256-9UwXAF6q1S1kgaPalNPYAp/xVxxrxDuQ13UALCCR/Qg=' 'sha256-CR4QcxyATSxS/qMurqkWnXvmuu1ijwSdL60hotbzrpM=' 'sha256-u1jUCixVIwMQqulVl+CM7BwB1XE2oSj0/VmPOHreoKY=' 'sha256-GYz6GPRNZnBpyQACq710eiEbEhy6uC2OAkNr178i2os=' 'sha256-F7mkvbJTwqc33GcL7mev+qfhVmJ9akZNlMnRdJTmvjI=' 'sha256-Dn0vMZLidJplZ4cSlBMg/F5aa7Vol9dBMHzBF4fGEtk=' 'sha256-AxnWzID8uWi0rsgOqyZFPsKH1mKx1m2EhkJyO836rjQ=' 'sha256-C2Qu+n7TIP1hRHrtTgDrAi7DQyKFTgnkmRgXGxE589A=' *.moengage.com fonts.bunny.net;img-src 'self' data: *.bing.com images.ctfassets.net www.facebook.com rs.fullstory.com www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com pixel.locker2.com moe-email-campaigns.s3.amazonaws.com image.moengage.com;frame-src 'self' *.abtasty.com www.facebook.com www.googletagmanager.com www.google.com sdx.microsoft.com vars.hotjar.com cdn.moengage.com;font-src 'self' *.abtasty.com *.googleapis.com ka-p.fontawesome.com *.fontawesome.com *.gstatic.com;connect-src 'self' localhost:* wss://localhost:* *.abtasty.com *.bing.com wss://*.bing.com www.facebook.com *.hotjar.com wss://*.hotjar.com vc.hotjar.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.googleapis.com rs.fullstory.com ka-p.fontawesome.com *.fontawesome.com *.sentry.io *.fullstory.com *.moengage.com *.sdk-01.moengage.com *.sdk-02.moengage.com *.sdk-03.moengage.com *.sdk-04.moengage.com;form-action 'self' portal.lendmarkfinancial.com www.facebook.com;frame-ancestors 'self';upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors https://staging.eternl.io/ https://beta.eternl.io/ https://eternl.io/ https://*.muesliswap.com https://muesliswap.com ionic: capacitor: chrome-extension: http://localhost:*/ https://localhost:*/ 1
frame-ancestors 'self' *.rcashasp1.com *.heatingandcooling.com *.yardimarketplace.com; report-uri https://gemaire.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' *.v12finance.com 1
default-src data: 'self' https://forms.office.com https://umap.openstreetmap.fr/ https://www.b2b-center.ru/ https://api.hh.ru/ https://*.doubleclick.net https://www.youtube.com https://bitrix.info https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com ;style-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com;img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://*.1c-bitrix-cdn.ru https://www.googletagmanager.com https://googleadservices.com  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com data: blob:;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://www.googleadservices.com https://yastatic.net https://*.doubleclick.net https://www.gstatic.com https://bitrix.info https://cdnjs.cloudflare.com https://mod.calltouch.ru https://connect.facebook.net https://www.googletagmanager.com https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; connect-src 'self' *.outbrain.com google.com *.google-analytics.com *.withgoogle.com *.google.com *.ampproject.org *.googlesyndication.com *.fontawesome.com *.googleadservices *.doubleclick.net;  default-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com data:; frame-src 'self' *.google-analytics.com *.google.com *.doubleclick.net *.youtube.com  *.actonsoftware.com; img-src 'self' *.gravatar.com *.googleapis.com *.google.com *.googletagmanager.com *.googleadservices pages.telemessage.com *.google.co.il *.actonsoftware.com *.google-analytics.com *.doubleclick.net *.fontawesome.com  *.outbrain.com *.googlesyndication.com  data:; object-src 'self'; script-src 'self' 'unsafe-hashes' 'nonce-2ee4119be8' 'nonce-9b839e8c2a' *.googletagmanager.com *.js.org *.googleadservices *.doubleclick.net *.google.com *.ampproject.org ampproject.org *.google-analytics.com *.gstatic.com  *.outbrain.com *.googleadservices.com *.ipinfo.io ipinfo.io  *.googlesyndication.com  *.fontawesome.com googlesyndication.com 'sha256-QZDyxPJfmjTLv9uS+RolNZVw13PvfP+XySTiJK2Hd1k=' 'sha256-+dBa3jmH/ruEpFmwkeATZJzehJlRqcnOtJeDA3F9hDU=' 'sha256-MmMwyXMzw2mUCigQVnhRteQ3aRmI0PvDqYEPnH3m7FM=' 'sha256-LnjL3ok5guroCGFFo0p303r6X6sb+q6ZYVsUnX3+J4Y=' 'sha256-evg3HP9VFmsKUe7b51vXW0k2k1jGKZxJD1nOQJvMiTE=' 'sha256-vAL59MStQLaZJKN98cIIx+JVbkVJyAGG4OzM2gtGZZs=' 'sha256-qj3i6cZNBg6SyJQ5JhF/+KdpeO0q5R/LZdpn9VcEtlU=' 'sha256-a8oa1GaoRpgWplJfcnVAjmMPa+4EzQ64zaAWpusoUZ0=' 'sha256-u8re1RegwAX3LSyVDLLFc8wvcFGqYAb8MvmVRpuJBzk=' 'sha256-Ik1ibqucIMh/+bQD6JJgqvVAUMjU+0xfINtvO4vcPUg=' 'sha256-ZlR10VGfeLIjS48iOggNbp4Jg85B9gwlG3aVa78v7/0=' 'sha256-zmcObtE+CIWoOGedSdoHEC8TRiE1diR8tyIOp7SSri0=' 'sha256-T3JqWnKKFucZLMCY6ZYI41/aU+b+Dg0rZvGmls5XUeA=' 'sha256-IuVKMKRlYv0zj5+8ssVWce0vswwwAl/BzDp83tznZPg=' 'sha256-CmESHaYzrYchZntg2/QpvoIw14L1BrxMXozFdBGi4d0=' 'sha256-80Mr5Xc2f6hVSJwvFRRcNjAI9RMcnuTVAIzr6pIQswI=' 'sha256-woyjFDKuNd8iATSGCA1eWGqk687lIY34IHgAFwiVKQE=' 'sha256-Mch0Vfb113SdxE0OlFnCgkbGW92PpeuyAQfSGsRgPus=' 'sha256-tpGWspYE1Xq8FJNv+Yn0oo5zt7LmbX1IUcr1mPYlHxQ=' 'sha256-UK3BAvbRUDUCJSeyYrmJgh+3oFgPBGEPqKZEXlo6j80=' 'sha256-YUeZxNmPQyIuu5jhf9Sp19ZIBKCZesVLy0sro1M/C0U=' 'sha256-8O1KeSTKNyGqVld5vwDx0eYtNcE7iILh9vIWHEym1xo=' 'sha256-m8e3awTE21THP15miFlbdVTlMOWafHLhgiKiEAgotrI=' 'sha256-duLzHBL74lbbSKQZWDKX7r50taezsYY14+NfY/QrlMA=' 'sha256-7S5xkp6RvTtL4bsHUYBCpkRHyo2Jm2IZG2I5avuvsdo=' 'sha256-2v+G7jrnSI7lRlBrdYtaHc6XOc5BDZsnd2/w8rCNLsU=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-EAcm2kMeppc9TBBKMxPdSyU8DpJj5NhoXKlIg9JdsqE=' 'sha256-ABrhY42pNp3SuJ409k660Qtar8nZFnJwBQcaSLLUjIU=' 'sha256-Zm2bXuM9G72jc4EIe9tHaUj3MFSCXYdzGjiNMo/I0Yo=' 'sha256-3YtSpQTMus5wzbSA6HPUj8WxILy1XAEg1yMgiPXa72g=' 'sha256-jHdHvVyqGamQdjadEJPfGm+X68b+7/YtJ2FGPYKqT7E=' 'sha256-x9MZ4vTFKwjQBDd6YLhywV4UYciQP6CBmIBGoifuH80=' 'sha256-+0w5Hh/vf5o5ipS8j8vc9H8z83yWjfnAajgfxf5JCOo=' 'sha256-jHdHvVyqGamQdjadEJPfGm+X68b+7/YtJ2FGPYKqT7E=' 'sha256-o1R1Fxuh5IC53jdniD+1SUpesXPo+fFJ7Yg2ufPyfGk=' 'sha256-hPnbct+H2uwUiwoh3kect6TJt4waDlLPfj47TO58lXc=' 'sha256-PrgSpdLYOlsmpqIQn9hbeEwIYDZLRwPPM8gdV90Y57E=' 'sha256-MHL1FQBnkzh+lewVOL++TCK6RQW3h8EWzAWMv7sOtps=' 'sha256-PpSnMXIsQaN63gVVHx/hjiH8rNBceP/uMmxd1VbEEP0=' 'sha256-PeTbhYFU9NjTEaLC/TODSu+ZrZ0v0L8nkMjIsr5bIvw=' 'sha256-PisNGOyJf/Ud9diozlCuqwUrF1InzLzdOzPqW4VjmgE=' 'sha256-khiqWRkepSUwR9/EEyxbJINc5N9SSgEb+pslOe532gU=' 'sha256-95GPmAHrhpj1F7v7yW+AnGU4gNw0HhSImlAHRteBSWk=' 'sha256-LmoK6cmCzyuOoImMFSQU/W8mo05x+jtpS9fejJ/OVIE=' 'sha256-FpAlG7Tg1cE2LaXoR/gEyWdURAF+OS7VofSa/1SzOGc=' 'sha256-mMstmTL5c9p2uF2pHTlWV0treRIQHPxeY1dr3C9MHos='  'sha256-1i1uhh9ckHLigkgULOuJlcO03oU8HGDiMTI5d/UgkyA=' 'sha256-SDsCsH5uzqmb/eSPVYp+8PzXeA1eJ6UMtdQ3WeS4En4=' 'sha256-ZwEXWWx3kT02j/tdLXR7FF1yPs7AQBeBv3/3Hv6Vt8c=' 'sha256-2pkG2VgIQzPTHcgWPODz24AIaTBQhKBcKR9NrlU0KnY=' 'sha256-hZYDu1ngVY34wgueX/2DhfeAfxL9DcMW3Rw2DOYOciY=' 'sha256-e896oGb3wz1SSB/ZSG3C86BEERgj5fNvzu7sgFX75qg=' 'sha256-e896oGb3wz1SSB/ZSG3C86BEERgj5fNvzu7sgFX75qg=' 'sha256-EmxhrcCxpBrRzU/ObonMhYaWnPxCRDsZ5TA3LIUvquI=' 'sha256-hCgcgNb09eMjQNKAcJoIeLrb1BDGMNuNbTIQ05awkb0=' 'sha256-3LNg4amexRta/EKRWluHHVR+cyjjPVamOucoYqtbdXE=' 'sha256-+PQHBbN2Tmr2SB9C7cnOHIz/bUxXayanX/kZEuFjYRM=' 'sha256-UMt72JUpbnKYTZGDRo17yjGh0ans1qwBTGaoFmd5R1w=' 'sha256-xz2Wvvo/5R2cVpxq9qRTFjE3PGBKnwc5SbZ2tiJuDAo=' 'sha256-RZt+mvasAqwnKPwhyqfCdnOP2ftzBk7p5UTgfELNHaI=' 'sha256-NuXGs/Qh+8Fzi50rn3l9thuawOXtUHi8/KDpE5zKdV8=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-6TmDIhKhpc4PBu03HsYy1YoXKzGY8f8ANMYWDXg/+k8=' 'sha256-Ns+OdDFcqcvZtcFyohBqjtG2E8Gdbg46K3hBq4cRGGY=' 'sha256-N3a55BpBubRS2+E7MRLurp83zIqomhEguiKSGeQI7hc=' 'sha256-S1fx4tKJGgOtISVNY0ClTCXKIprfI3RL7p77B4ZdZ/w=' 'sha256-v97TdFvAqcPMqSW1quCtSiCugLpf9t1mAoBM7ezGkLs=' 'sha256-egE2XtTxZlUvIorKRTsELMpmFtuF2cNb0B/gGQvqb9c=' 'sha256-xQv3tlqoQQjBfMKaS2RAAB6Jf/CcT2yVz0+jWr9BGlo=' 'sha256-QnbY4MiAhLWTzuLH10YYHH1kdgdnri9Qc01AADpEVF8=' 'sha256-rsCq4EH0wsbFEAeJ21SxeO6V4hya9rmHlehz7TGvxs4=' 'sha256-Om9vKtkxq4k5tfkiJr0x6wKOvWM2DOY9/nvndnpCP50=' 'sha256-C2Ia1lnVnZW+qcrn/88FR7g4M+UXCbGYjJWQ7OBxYiM=' 'sha256-ajWAp2rFja0NRLkVFAUMntNO/zo1ZfhX61GHDIm8OCo=' 'sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=' 'nonce-ff03276093' 'sha256-1y8ReeNeieBaF03XrNjmE4w5az8hWNPAMKj581lQtYk=' 'sha256-M3F89Xgwhlq8kSXJZj/ErOOex/P+BBJcY0V5YLM5LBY=' 'sha256-yDm9AAVsHW41IgZMO984+gKCLawEG2za2bnStPEckSk=' 'sha256-d4lRYpKd2aQN6GgHsQCtd86mupaNMqWZ/7RtyBq6jEk=' 'sha256-RmqMAFqWfrMVBMDaawAQ5qyHcuF+cXK1oeAC8XJwKhs=' 'sha256-VomQl3DBE3eZK1hR5SaYoDrna+cLv+mv336wZpxy9oI=' https://googleads.g.doubleclick.net/pagead/viewthroughconversion/957325111/ https://telemessage.actonsoftware.com/cdnr/forpci62/acton/bn/tracker/10509 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__en.js https://www.telemessage.com/_Incapsula_Resource 'sha256-z2YhiZdm+/yZ1V7fsm9pZSB6JoxM0aM9cqwxjlgtqjk=' 'sha256-PxbKNVfLahgT+MwBZNZs/95QUPy2nqs2BRTs4OybliA=' 'sha256-GfCCh8xjg3ntRecyie7CYf+WHbGJDNvJaU5i1iTtUFk=' 'sha256-DgYLqhZQCfThGFuxc0R8Z4mYpAWysv8FQor8Xj94yXA=' 'sha256-mC/P7DgP0aadEQoGdRLKhXkb+pt3S188wmFqc9dKFZI=' 'sha256-6oMHFFIGu15gYDVgPRbbCUGanNyCpJBERPX/04Bg90Y=' 'sha256-yhd6PwjoWYTBnndhpLUkTn5EsNHml/N9we///jSYsCE=' 'sha256-ywKwomYrnMw4E6nZj1XvDjle18oesJzJw3YZ+ABRJdI='  'sha256-Sxuvhto4KH1S1mt2tOz7P87dlGyMyz+D2Up8Oi6bjQQ=' 'sha256-Zj5ivhDjG2W3voLbHJAoEa8sOpsmS8qyU32Qq9EraBU=' 'sha256-mBZMh3t35uXx4OjdBt6s974JoOPb5jx06AgLVWQI66g=' 'sha256-Wm3Rgah8DxWbRYzDYtfMM1xL4+HCYYgv/V4yMDVQhSQ=' 'sha256-cMn47Hap8hP/A00OHA7rDzZSwcQVBODbK2F1ohxOzdc=' 'sha256-q71fS2X3LP7njWhhZkw+nIRDXO3+ovrxs35yMzP9gyg='  'sha256-ob+MAj6pkt7Gli4NPp8238RrAbrO8uoL2cZWkkFzFyc=' 'sha256-nAFPdsCfg40E03NcBu5M+FPRUIK94gIWMtsEg6dhmDc='  'sha256-B+bhvlr1ASOXLYa4dJ2p3wJYfS8KwPJ7oorcaDyjzpQ=' 'sha256-f/PA4MVOQPwQ1tAGEyidcRGUidtduIfLbF2kvGTbs7E=' 'sha256-IV9RcBCiDy9MVdNN08V0VovQ+4NmLwuRXdtlYfl8OQQ=' 'sha256-ryA9Er9o599GH9G/2MgrC4+g/YsWxZd84zbAk/K66Ck=' 'sha256-BNWUljaJUIdmgQEEsn8irg9PGkAc6d/ujyKGojUHznw=' 'sha256-lnVX3AlrLiMCpYLJd92TJkxthzsIrykjOYq/DQbnmjE=' 'sha256-Vs1i3vx62xP9AiFERIMNBW5rQxMMN9nFANsR2nQVplY=' 'sha256-JwZMgu3aZKM/AzQDV8bCnM9BfubhVi4kAVsr4Tjy0Q0=' 'sha256-mWx8fXDmmoFSK5x5Gd5lJwPHFgy9q10G4BxbVSVK2mY=' 'sha256-2KvAui3hWhFbQ/4PwrCOpaq+LNqK7VVeo4jieggKPQo=' 'sha256-XjIN4c9c8PNXPxilXrvolmNTKKYjLWP+b0PrZ+eiIwQ=' 'sha256-MHTQWlXpIMoGAHrhNP/+NGUXs0eSD1C/Dd1wVFuYQPM=' 'sha256-PJ5KbHvbEQAby4bU/QxKasV9bLNf4GQLIH7mn+s9pbU=' 'sha256-k7XVz53q1EW6YQk2tEV4WbzVcK5D126m0RrsNiCGZmY='  'sha256-OuaMHBYfN8O0ySHSqDV+mvt/oEfaep13Uw4eNCa3hU4=' 'sha256-zoGXjH1w2U/F9huFf47NraV6R1/u2vJJ+vv/RtNuquM=' 'sha256-3GJg0DgUaHM1UGwVRZ6hVriTltOt9e2Cn+YZyaX5fLQ='  'sha256-swyyDRvTBFuZOFqcgVmhOs9RiWun4UfWtdxa1lhtyIU=' 'sha256-1IeMm9S1o579OUE5Ox9krE/wN0rMt+N5MOygFszrjZE=' 'sha256-c7Du1S74OC3k9udFSI/o5v5pt7k4l12FQ8G0KI4yRa8=' 'sha256-MBJAc3OIXpAk9jB7S5/00MUTWtumnaXjybdHRtbvoHY=' 'sha256-n8gx59ObBj+pQslkUWQdMrv6rnGuiPIpqm5xzBaspWk=' 'sha256-MBJAc3OIXpAk9jB7S5/00MUTWtumnaXjybdHRtbvoHY=' 'sha256-daEdpEyAJIa8b2VkCqSKcw8PaExcB6Qro80XNes/sHA=' 'sha256-3wuSiTQzEqwhDhak/SlIf3W0hoihaKz5ntYdfrxfNKI=' 'sha256-lJFFtKTMCpiSCiK7+/Bdcxcg3ZwLu+1rRFrIVqROkik=' 'sha256-jFi+0ywU3r8mdE76TztrEBWJ39fiRARsT1IV8V6xgn0='  'sha256-ooXCEPaW3OTRnJLvjj9A3zDtTvRQjntApuXTiU9vC+s=' 'sha256-e94Xr/xz3yRyT/wo74CeVXG9Tq49516B45VIpxhsQNo=' 'sha256-nyJ6s4KrShsYuXPKzBHP3dKgRXisRABC27jbQyfdeX8=' 'sha256-5IM2quA3Dh82OdAhVZ/lRHXn7gitZzxgIYvkHOGd0d0=' 'sha256-BvBDYhNZ5Ask1MGI5F1hrw+Yc8iAS5YwWR1WzXw+CgU=' 'sha256-Gkuko0Cz8wWW0ywbJy3c/b88y46JwvqRfqYEaQF67uQ=' 'sha256-CrgQwtwi9JX2AbQ8KmPEK73c2NpDUcmwekdpsvybG/M=' 'sha256-1qmqPFDbdtPWoBvplPbmkDYUyT9PVur1BheI4+gZu2k=' 'sha256-LJ0wD5q59rhthuT87WXoucTOJDwnKB3aqGl7220USjk=' 'sha256-aBFochtKC4usYqMpHCTXWv1Hg8is0m7wEg4jIAZRbXA=' 'sha256-jPmjHVCSygBsumj6W2AUu1gkeuPT40webkw33YjnzyI=' 'sha256-vbNtrnD3dTau2NVCcjcW0O7kSMeXvWPruxPCuKWWky0=' 'sha256-Os4mo7+ZQoqZu9tgQ+6hs4S+uX4z3gBSlQw0of2KQ7Y=' 'sha256-nlqeVL6zzGLhl4pGxX6oAX0hT5XRWlzAlZXqAikkqIw=' 'sha256-vbNtrnD3dTau2NVCcjcW0O7kSMeXvWPruxPCuKWWky0=' 'sha256-S8+jrG6FlD5hiY0AUGm4PDWRfq1GzL2NDPN+yuDua8U=' 'sha256-uGz3JWai8ggAZ7Xcx4lVJ5nN0JGLudRtUZsrnrNoznI=' 'sha256-WS9QFFzR1i/+w0CwFv6dVCi83usGXLe9O+YXNPope1w=' 'sha256-ruIsCz/w/zcJL0GTc2O194Tjsr+Rw6TYbjG5BHEk6oU='  'sha256-RW0wbxbQcvKAtdwnlT2K8Rsmzi5zYZuW6OEuY/pMi/M='  'sha256-W/R3o8EHf3YOIrMsZuLCfb58XMugdoi19zAsreA1VEs='  'sha256-W/R3o8EHf3YOIrMsZuLCfb58XMugdoi19zAsreA1VEs='  'sha256-VomQl3DBE3eZK1hR5SaYoDrna+cLv+mv336wZpxy9oI='  'sha256-vj571x8RVGIi5/qRRb4MgwUsGNB9lPJry3uEuopoz1k='  'sha256-3jzU2Ym9qlMP/oeGvVosqCv4AHYYyJGX5Pgp5dmQrxI='  'sha256-3jzU2Ym9qlMP/oeGvVosqCv4AHYYyJGX5Pgp5dmQrxI='  'sha256-mwshNsFCzGA2C+TPowQKAQVAV6h29vJqb6sf8kxSlQQ='  ; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; worker-src 'self' blob:;report-to {"group":"default""max_age":31536000"endpoints":[{"url":"https://tmmarketing.report-uri.com/a/d/g"}]"include_subdomains":true}; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.org.uk; img-src 'self' https: data: blob: https://mastodon.org.uk; style-src 'self' https://mastodon.org.uk 'nonce-pXGLqazpcmGmCn4TAXwfoA=='; media-src 'self' https: data: https://mastodon.org.uk; frame-src 'self' https:; manifest-src 'self' https://mastodon.org.uk; form-action 'self'; connect-src 'self' data: blob: https://mastodon.org.uk https://cdn.mastodon.org.uk wss://mastodon.org.uk; script-src 'self' https://mastodon.org.uk 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodon.org.uk; worker-src 'self' blob: https://mastodon.org.uk 1
child-src 'self' blob:; connect-src * blob: data: *; img-src 'self' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdn.appsflyer.com; object-src 'self' data: * *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: *.dplayer.pro *.2mdn.net static.ads-twitter.com weathergroup.activehosted.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org *.app-us1.com *.appsflyer.com app.link *.beachfront.com *.branch.io *.cloudfront.net *.combotag.com *.cookielaw.org *.onetrust.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com *.freewheel.tv adservice.google.com tagmanager.google.com *.google.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gravatar.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.lkqd.net *.moatads.com *.rhythmone.com *.rubiconproject.com *.scorecardresearch.com *.segment.com *.serving-sys.com *.spotx.tv *.spotxcdn.com *.spotxchange.com *.springserve.com *.telaria.com trackcmp.net *.tremorhub.com analytics.twitter.com *.unrulymedia.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'unsafe-inline' blob: 'self' fonts.googleapis.com  *.gstatic.com tagmanager.google.com *.innovid.com *.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gumgum.com *.imrworldwide.com *.pubmatic.com *.serving-sys.com *.google.com 1
script-src https: https://lentesplus.com/ https://apis.google.com 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net/ https://bsdk.api.ditto.com/; style-src 'self' https: 'unsafe-inline' https://lentesplus.com/ 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://bsdk.api.ditto.com/; img-src data: http: https: www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://ssl.gstatic.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com/ https://bsdk.api.ditto.com/; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net *.google.com *.mercadopago.com *.mercadolibre.com *.zdassets.com *.hotjar.com *.hotjar.io *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com/ *.ip-api.com webtrafficsource.com *.afilio.com.br *.hubspot.com *.hubapi.com smct.co *.smct.io *.facebook.com *.amazonaws.com *.wompi.co *.nps.com.ar *.nr-data.net *.smooch.io *.ditto.com  *.addi.com *.clarity.ms *.googleapis.com *.avis-verifies.com *.netreviews.eu; object-src 'none'; base-uri 'none'; form-action https://connect.facebook.net; child-src 'self' https://www.facebook.com/ https://staticxx.facebook.com/; font-src 'self' fonts.gstatic.com *.lentesplus.com pwaresources.s3.us-east-2.amazonaws.com https://bsdk.api.ditto.com/ https://s3.amazonaws.com/statics.addi.com/fonts/mallory/Mallory_Book.ttf https://s3.amazonaws.com/statics.addi.com/fonts/mallory/Mallory_Bold.ttf https://s3.amazonaws.com/statics.addi.com/fonts/inter/Inter-Regular.ttf https://s3.amazonaws.com/statics.addi.com/fonts/Icons/AddiIcon.ttf; frame-src https://lentesplus.com/ assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.avis-verifies.com mercadopago.com *.mercadopago.com mercadopago.com.co *.mercadopago.com.co mercadopago.com.ar *.mercadopago.com.ar mercadopago.com.mx *.mercadopago.com.mx mercadopago.cl *.mercadopago.cl accounts.google.com apis.google.com *.google.com *.pickit.com *.pickit.com.co *.pickit.com.mx *.pickit.com.ar  *.pickit.net *.mercadolibre.com *.hotjar.com *.doubleclick.net *.facebook.com *.criteo.com *.criteo.net smct.co *.cloudfront.net *.amazonaws.com https://bsdk.api.ditto.com/ *.addi.com https://meetings.hubspot.com/ *.dlocal.com *.avis-verifies.com *.netreviews.eu; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'unsafe-inline' 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://cdn.perfdrive.com https://maps.googleapis.com/ static.hotjar.com script.hotjar.com www.gstatic.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com www.google.com connect.facebook.net www.google-analytics.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-hashes' code.jquery.com https://fonts.googleapis.com; object-src 'none'; frame-src *.google.com https://tpc.googlesyndication.com www.google.com www.youtube.com vars.hotjar.com; child-src 'none'; img-src 'self' https://servicios.bipdrive.com:8196 https://hopper.bipdrive.com:8196 https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com connect.facebook.net *.google-analytics.com data: www.google.it bat.bing.com www.google.com.py googleads.g.doubleclick.net maps.googleapis.com www.facebook.com www.google.es www.google.com maps.gstatic.com www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.io https://cas.avalon.perfdrive.com wss://*.hotjar.com https://googleads.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com wss://wsp39.hotjar.com https://adservice.google.com wss://wsp27.hotjar.com https://region1.analytics.google.com wss://wsp18.hotjar.com in.hotjar.com vc.hotjar.io www.google.com bat.bing.com www.bipdrive.com www.google-analytics.com stats.g.doubleclick.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https://www.bipdrive.com/; media-src 'self' www.bipdrive.com; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.bing.com https://*.liadm.com https://*.avmws.com https://*.jsdelivr.net https://*.cloudflare.com https://*.tawk.to https://*.soundestlink.com https://*.postaffiliatepro.com https://googleads.g.doubleclick.net https://omnisnippet1.com https://*.amazonaws.com https://*.google-analytics.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.tawk.to https://*.googleapis.com https://*.soundestlink.com/; img-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.pr https://*.google.ie https://*.google.co.il https://*.bing.com https://*.paypal.com https://tawk.link https://*.paypalobjects.com https://*.facebook.com https://*.cloudflare.com https://*.soundestlink.com/ https://*.alocdn.com https://*.youtube.com https://*.liadm.com; font-src 'self' https://*.cloudflare.com https://*.tawk.to https://*.gstatic.com https://*.soundestlink.com/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.bing.com https://*.tawk.to https://*.soundestlink.com https://*.googlesyndication.com https://*.liadm.com https://*.paypal.com https://*.execute-api.us-west-2.amazonaws.com/ wss://*.tawk.to; media-src 'self' https://*.tawk.to; object-src 'none'; frame-src 'self' https://bid.g.doubleclick.net https://*.doubleclick.net https://*.paypal.com https://*.paypalobjects.com https://*.youtube.com; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self'; report-uri https://bx3interactive.report-uri.com/r/d/csp/enforce; 1
font-src *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com *.zopim.io data: *.facebook.com https://cdn.shopify.com *.shopify.com *.cloudfront.net *.userway.org dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.yotpo.com swellrewards.com *.swellrewards.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.yotpo.com swellrewards.com *.swellrewards.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.braintreegateway.com https://c.paypal.com/ https://ssl.kaptcha.com/ *.facebook.com *.afterpay.com *.paypalobjects.com 'self' data: td.doubleclick.net *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com www.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.yotpo.com swellrewards.com *.swellrewards.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.hu *.google.co.in *.mastercard.com *.google.com.vn *.googletagmanager.com *.g.doubleclick.net *.magentocommerce.com *.feedbackify.com *.payments-amazon.com *.googleapis.com *.gstatic.com *.cloudfront.ne https://yotpo-stool.s3.amazonaws.com *.cloudfront.net *.cybersolutions-llc.com *.qat.cybersolutions-llc.com *.userway.org dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.googleapis.com *.google.com *.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.facebook.com *.pinterest.com *.braintreegateway.com https://c.paypal.com/ *.google.com.vn *.adobedtm.com *.authorize.net *.cardinalcommerce.com *.amplitude.com *.ccdc02.com *.googleadservices.com *.paypalobjects.com *.vimeo.com *.clearpay.co.uk *.apptrian.com *.connect.tiktok.net *.tiktok.com *.klaviyo.com *.g.doubleclick.net *.feedbackify.com https://s3.amazonaws.com/fby-form/ https://www.gstatic.com/instantbuy/ *.doubleclick.net *.cloudfront.net cybersolutionsllc.cloudflareaccess.com *.userway.org dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com unsafe-inline *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com downloads.mailchimp.com https://static.klaviyo.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.bing.com *.facebook.com *.cloudfront.net cybersolutionsllc.cloudflareaccess.com *.userway.org dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.googleapis.com *.cardinalcommerce.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://payments.braintree-api.com/ *.braintreegateway.com *.afterpay.com *.amplitude.com *.facebook.com *.google.com *.nakedwardrobe.com *.g.doubleclick.net https://pagead2.googlesyndication.com *.userway.org dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://www.it-radix.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=19cadf6219 1
default-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net; font-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net data:; img-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com http://www.googleadservices.com data:; object-src 'none'; script-src 'self' https: 'self' https: https://d3smn0u2zr7yfv.cloudfront.net https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com http://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://platform.twitter.com https://twitter.com https://www.linkedin.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net 'unsafe-inline'; base-uri 'self'; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://*.hotjar.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.youtube.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.thompsoncoburn.com *.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' data: blob:; frame-src 'self' https://www.npr.org https://www.youtube.com https://w.soundcloud.com https://player.vimeo.com https://www.google.com https://platform.twitter.com/ https://platform.twitter.com/widgets.js https://syndication.twitter.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://platform.twitter.com/ https://syndication.twitter.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.googletagmanager.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' data: 1
frame-ancestors 'self' docs.google.com/spreadsheets/d/e/ *.facebook.com connect.facebook.net www.instagram.com;                         frame-src 'self' docs.google.com/spreadsheets/d/e/ *.facebook.com connect.facebook.net anchor.fm mek.fnusa.cz www.google.com/maps/ www.instagram.com;                         child-src 'self' *.facebook.com connect.facebook.net;                         default-src 'self' 'unsafe-inline' www.google-analytics.com/j/collect;                         img-src 'self' data: www.google-analytics.com/collect *.facebook.com/ *.facebook.net *.fbcdn.net *.cdninstagram.com *.instagram.com;                         script-src 'self' webpack: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com/jsapi connect.facebook.net graph.facebook.net js.facebook.net cdn.datatables.net cloudfront.net platform.instagram.com www.instagram.com;                         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com www.facebook.com/rsrc.php cdn.datatables.net *.cdninstagram.com *.instagram.com;                         font-src 'self' data: fonts.gstatic.com;                         connect-src 'self' *.facebook.com connect.facebook.net www.google-analytics.com;                         form-action 'self' fnusa.cz *.facebook.com connect.facebook.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://stranger.social; img-src 'self' https: data: blob: https://stranger.social; style-src 'self' https://stranger.social 'nonce-GxaSPfBj8TgbGWWUYygHUg=='; media-src 'self' https: data: https://stranger.social; frame-src 'self' https:; manifest-src 'self' https://stranger.social; form-action 'self'; child-src 'self' blob: https://stranger.social; worker-src 'self' blob: https://stranger.social; connect-src 'self' data: blob: https://stranger.social https://us-southeast-1.linodeobjects.com wss://stranger.social; script-src 'self' https://stranger.social 'wasm-unsafe-eval' 1
frame-ancestors https://cpanel.next.exon.io https://cpanel.next01.exon.io https://nexthosting01.exon.io:2083 https://nexthosting01.exon.io https://clientzone.exon.io 1
default-src 'self'; object-src 'self'; img-src 'self' data: blob: singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.gravatar.com *.gravatar.com placehold.it i0.wp.com *.moatads.com *.addthisedge.com *.sharethis.com *.google.com.sg; media-src *; frame-src 'self' *.singaporegp.sg s7.addthis.com *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.youtube.com recaptcha.net *.recaptcha.net *.xdel.com; font-src 'self' data: singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.bootstrapcdn.com *.ionicframework.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com m.addthisedge.com s7.addthis.com m.addthis.com api-public.addthis.com platform-api.sharethis.com buttons-config.sharethis.com singaporegp.us3.list-manage.com s3.amazonaws.com cdn.damianoff.com blazecdn.com *.bootstrapcdn.com *.ionicframework.com *.datatables.net *.moatads.com *.addthisedge.com *.jquery.com *.googletagmanager.com polyfill.io cdn.jsdelivr.net *.googleadservices.com; style-src 'self' 'unsafe-inline' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com *.mailchimp.com *.bootstrapcdn.com *.ionicframework.com *.datatables.net *.moatads.com *.addthisedge.com *.jquery.com cdn.jsdelivr.net; connect-src 'self' singaporegp.sg *.singaporegp.sg recaptcha.net *.recaptcha.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.cloudflare.com *.cloudfront.net turn.com *.turn.com *.amgdgt.com s7.addthis.com m.addthis.com *.jquery.com *.addthis.com *.sharethis.com; frame-ancestors 'self' *.facebook.com *.youtube.com ; 1
frame-ancestors "self" https://*.belvo.com:*; 1
script-src: self 1
default-src 'self' https://gomo.kzoplatform.com/ https://demo-v5.kzoplatform.com/ https://training.kzoplatform.com/ https://go.gomolearning.com/ https://staging--gomo.netlify.app/blog/ http://gomo.netlify.app/ https://gomo-studio.netlify.app/ https://academy.gomolearning.com/ https://survey.alchemer.com/ https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com;script-src-elem 'self' 'unsafe-inline' https://microapps.pf-labs.net  https://snap.licdn.com https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube.com https://w.soundcloud.com https://go.gomolearning.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://jscloud.net https://*.du89buildings.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://snap.licdn.com https://s.ytimg.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.gomolearning.com https://go.ltgplc.com https://player.vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://*.du89buildings.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com ;img-src 'self' data: https://elearningindustry.go2cloud.org https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.twitter.com https://*.du89buildings.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self'  https://ltg.breezy.hr https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.gomolearning.com https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://*.google.com  https://cdn.linkedin.oribi.io https://jscloud.net https://*.du89buildings.com;prefetch-src 'self' https://go.gomolearning.com https://www.googletagmanager.com https://www.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.com.hk https://*.google.com.sg https://*.google.de https://*.google.com.my https://*.google.co.uk https://*.google.co.in https://*.google.cn https://*.google.com.tw https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.ctfassets.net https://sentry.io https://*.contentful.com https://*.youtube.com data:; 1
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com d3vqdsjiuv1717.cloudfront.net http://outlook.office365.com 1
font-src *.gstatic.com *.carrotquest.app *.flocktory.com streamerce.ru *.loreal.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.pharmacosmetica.ru *.rigla.ru rigla.ru https://webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com makeupstat.ru *.makeupstat.ru *.doubleclick.net *.flocktory.com *.modiface.com *.streamerce.ru *.1dmp.io *.facebook.com *.creativesoldiers.ru *.mail.ru *.adhigh.net *.weborama.fr www.youtube-nocookie.com *.ok.ru *.loreal.com.ru skinq-lamoda-landing.l2.oggettoweb.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com metrica.yandex.ru vk.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googletagmanager.com *.maps.yandex.net vk.com *.vk.me *.mail.ru *.mneniya.pro *.carrotquest.app *.carrotquest.io *.mobfox.com *.betweendigital.com *.onaudience.com *.adnxs.com *.digitaltarget.ru *.bestssp.com *.whiteboxdigital.ru *.rutarget.ru *.admixer.net *.1dmp.io *.aidata.io *.weborama.fr *.doubleclick.net *.adriver.ru *.bidswitch.net *.facebook.com flocktory.com *.flocktory.com *.hybrid.ai *.openx.net *.retailrocket.net *.scaletrk.com *.jivosite.com pafutos.com lenkmio.com *.admitad.com *.asbmit.com artfut.com advertising.com *.advertising.com *.adform.net adform.net *.adhigh.net *.mts.ru *.popmechanic.ru *.userapi.com *.360yield.com *.stevensegallery.com streamerce.ru *.analytics.yahoo.com *.rubiconproject.com vichy.ru *.pubmatic.com *.taboola.com *.loreal.io *.smartadserver.com *.gumgum.com blob: *.vichyconsult.ru *.mindbox.ru cstatic.weborama-tech.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.mindbox.ru *.yandex.ru *.maps.yandex.net yastatic.net *.yastatic.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.mail.ru vk.com *.facebook.net cdn.jsdelivr.net *.carrotquest.io *.retailrocket.ru *.tkrconnector.com *.artfut.com *.doubleclick.net *.jivosite.com *.youtube.com *.facebook.com *.fbcdn.net *.modiface.com *.cloudflare.com *.carrotquest.app *.carrottrack.io *.nr-data.net flocktory.com *.flocktory.com *.hybrid.ai *.jsdelivr.net *.lenmit.com *.newrelic.com *.retailrocket.net *.ttarget.ru *.unpkg.com *.jquery.com *.popmechanic.ru streamerce.ru dsf-cdn.loreal.io *.loreal.io *.tiktok.com *.weborama.fr *.ok.ru *.loreal.com.ru inside-our-products.wsf-e-loreal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.jivosite.com wss://*.jivosite.com *.retailrocket.net *.flocktory.com *.googletagmanager.com www.googletagmanager.com *.cloudflare.com *.popmechanic.ru streamerce.ru *.loreal.io *.mindbox.ru *.carrotquest.app 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.jivosite.com *.carrotquest.app *.flocktory.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mindbox.ru yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleapis.com *.googletagmanager.com *.dadata.ru *.carrotquest.app ws://*.carrotquest.app wss://*.carrotquest.app *.carrotquest.io *.carrottrack.io *.jivosite.com wss://*.jivosite.com *.modiface.com *.doubleclick.net *.retailrocket.net *.mail.ru vk.com *.adhigh.net *.nr-data.net *.hybrid.ai *.weborama.fr *.akamai.com *.facebook.com *.popmechanic.ru streamerce.ru *.loreal.io *.visualstudio.com *.mux.com/ inside-our-products.wsf-e-loreal.com *.carrottrack.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' *.google.com *.googleapis.com;default-src 'self';connect-src 'self' *.amazonaws.com *.moveaws.com accounts.google.com *.doorsteps.com *.demdex.net *.buttercms.com api.segment.io *.google-analytics.com *.googleapis.com *.hotjar.io *.hotjar.com *.doubleclick.net *.amplitude.com *.parsely.com *.nr-data.net *.facebook.net *.scorecardresearch.com *.segment.com;frame-src 'self' vars.hotjar.com moveinc.demdex.net *.google.com *.facebook.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com maps.googleapis.com *.segment.com *.hotjar.com *.cloudfront.net assets.adobedtm.com static.hotjar.com *.google-analytics.com *.parsely.com *.google.com *.gstatic.com *.newrelic.com *.googleapis.com *.nr-data.net *.facebook.net *.scorecardresearch.com;img-src 'self' *.cloudfront.net *.buttercms.com *.gstatic.com *.googleapis.com data: *.rdcpix.com *.everesttech.net *.google.com *.google-analytics.com *.google.ca *.parsely.com *.demdex.net static.media-assets.rdc.moveaws.com *.yelpcdn.com *.moveaws.com *.facebook.com *.scorecardresearch.com crime2021.s3-website-us-west-2.amazonaws.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' *.dmi.es:* 1
default-src *.ctfassets.net 'self'; style-src *.pricespider.com *.lytics.io *.fonts.net 'self' 'unsafe-inline'; img-src *.tapad.com *.ctfassets.net *.google-analytics.com *.lytics.io *.google.com *.google.co.in 'self' data: https: blob:; script-src *.youtube.com *.youtube-nocookie.com *.qualtrics.com *.moatads.com pghub.io *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.lytics.io *.pricespider.com *.segment.com *.facebook.net *.doubleclick.net js.adsrvr.org pghub.io *.google.com *.google.co.in data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src 'self' data: blob: 'unsafe-inline'; frame-src *.facebook.com *.pghub.io pgbrandsweb.esecurecare.net *.google.com *.doubleclick.net *.adsrvr.org *.ctfassets.net *.youtube.com *.youtube-nocookie.com *.tapad.com; frame-ancestors 'self' *.facebook.com *.pghub.io pgbrandsweb.esecurecare.net *.google.com *.doubleclick.net *.adsrvr.org *.ctfassets.net *.youtube.com *.youtube-nocookie.com *.tapad.com data: https: blob: 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.kelwatt.fr/report-uri/enforce 1
frame-ancestors 'self'     https://www.mafrenchbank.fr/     https://mineur.mafrenchbank.fr/;             img-src 'self'     https://*.xiti.com     data:     blob:     maps.gstatic.com     *.googleapis.com     *.ggpht     https://bat.bing.com/     https://mmtro.com/     https://ct.pinterest.com/     https://sync.adotmob.com/     https://c.contentsquare.net/     https://sslwidget.criteo.com/     http://seg.mmtro.com/     https://secure.adnxs.com/     https://tracker.adotmob.com/     https://gum.criteo.com/     https://cm.g.doubleclick.net/     https://loadm.exelator.com/     https://aimfar.solution.weborama.fr/     https://idsync.rlcdn.com/     https://px.ads.linkedin.com/     http://t.co/     https://www.google.com/     https://www.google.fr/     https://www.facebook.com/     https://analytics.twitter.com/     https://manager.tagcommander.com/     https://*.commander1.com/dc3/     https://tracker.adotmob.com/     https://dev.day.com/     https://widget.criteo.com/     https://*.tracker.adotmob.com/     https://creativecdn.com     https://ams.creativecdn.com     https://ash.creativecdn.com     https://phx.creativecdn.com     https://sync.outbrain.com/cookie-sync     https://teddytor.abtasty.com     https://app2.abtasty.com 1
frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com;  font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' 1
default-src none; base-uri 'self' nzbn.govt.nz www.nzbn.govt.nz; child-src 'self' nzbn.govt.nz www.nzbn.govt.nz *.googletagmanager.com 3f5l8ze0o4j2m.cloudfront.net *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.google.com www.google.com https://www.facebook.com https://staticxx.facebook.com https://stats.g.doubleclick.net https://8432189.fls.doubleclick.net; connect-src 'self' nzbn.govt.nz www.nzbn.govt.nz *.business.govt.nz https://www.facebook.com/tr/ *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net; frame-ancestors 'self' nzbn.govt.nz www.nzbn.govt.nz; font-src 'self' nzbn.govt.nz www.nzbn.govt.nz fonts.gstatic.com data: 'self'; form-action 'self' nzbn.govt.nz www.nzbn.govt.nz https://connect.facebook.com https://www.facebook.com/tr; img-src 'self' nzbn.govt.nz www.nzbn.govt.nz *.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com d3f5l8ze0o4j2m.cloudfront.net *.ytimg.com data: https://www.facebook.com; manifest-src 'self' nzbn.govt.nz www.nzbn.govt.nz; media-src 'none'; object-src 'none'; script-src 'self' nzbn.govt.nz www.nzbn.govt.nz 'unsafe-inline' *.jquery.com *.youtube.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com 'unsafe-eval' d3f5l8ze0o4j2m.cloudfront.net www.gstatic.com https://connect.facebook.net; style-src 'self' nzbn.govt.nz www.nzbn.govt.nz 'unsafe-inline' fonts.googleapis.com 'unsafe-inline'; 1
frame-ancestors 'self' *.myraidbox.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.googlesyndication.com *.magicline.com *.googleapis.com *.woosmap.com *.cookiebot.com *.radiosphere.io connect.getflowbox.com widgets.trustedshops.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net vercel.live connect.facebook.net cdn.vercel-insights.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com sc-static.net *.adform.net metrics.rsggroup.com tr.snapchat.com tr.snapchat.com/config facebook.com *.cloudflare.com analytics.tiktok.com hal9000.redintelligence.net *.zdassets.com; connect-src 'self' data: *.smooch.io *.bing.com https://facebook.com https://www.facebook.com *.typekit.net *.magicline.com *.googleapis.com *.woosmap.com *.radiosphere.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net vitals.vercel-insights.com vercel.live *.adyen.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com consentcdn.cookiebot.com *.snapchat.com tr.snapchat.com/config facebook.com sc-static.net *.adform.net metrics.rsggroup.com analytics.tiktok.com hal9000.redintelligence.net rsg-group.course-api.mysports.com facebook.com *.zdassets.com *.pinimg.com *.bing.com *.zendesk.com *.pangle-ads.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com *.typekit.net; font-src 'self' data: assets.vercel.com fonts.gstatic.com *.typekit.net; prefetch-src 'self'; img-src 'self' blob: data: *.zdassets.com *.zendesk.com *.gstatic.com *.googleapis.com *.woosmap.com *.radiosphere.io *.rsggroup.com ssl.gstatic.com www.gstatic.com *.adyen.com googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com assets.vercel.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com tr.snapchat.com analytics.tiktok.com hal9000.redintelligence.net assets.magicline.com googleadservices.com *.googleadservices.com *.pinterest.com *.bing.com *.cookiebot.com; media-src 'self' *.rsggroup.com *.radiosphere.io *.fluxfm.de *.streamabc.net *.typekit.net; manifest-src 'self' 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; connect-src * 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'none'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.dtnr.nl *.obi4wan.com *.pusher.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss: piwik.dtnr.nl *.obi4wan.com app.obi4wan.ai *.pusher.com service.pdok.nl;img-src 'self' www.tenderned.nl data: *.obi4wan.com;media-src 'self' www.rovid.nl 1
default-src 'self' 'unsafe-inline'       ssl.google-analytics.com       pagead2.googlesyndication.com       www.googletagmanager.com       www.google-analytics.com       www.googleadservices.com       snap.licdn.com       assets.pcrl.co       partner.googleadservices.com       adservice.google.com.ar       widget.intercom.io       tpc.googlesyndication.com       adservice.google.com       connect.facebook.net       googleads.g.doubleclick.net       system.picreel.com       js.intercomcdn.com       www.youtube.com       app.picreel.com       *.googleapis.com       *.facebook.com       *.google.com       *.google.com.ar       stats.g.doubleclick.net       *.hotjar.com       *.linkedin.com       *.gstatic.com       *.jquery.com       fonts.gstatic.com       p.adsymptotic.com       api-iam.intercom.io       wss://nexus-websocket-a.intercom.io       bid.g.doubleclick.net       static.intercomassets.com       downloads.intercomcdn.com       *.fontawesome.com       i.ytimg.com       vc.hotjar.io;                  frame-src       'self'      https://vars.hotjar.com/                  https://newsletter-link.nosis.com                  https://googleads.g.doubleclick.net                  https://www.facebook.com                  https://bid.g.doubleclick.net                  http://app.picreel.com                  https://tpc.googlesyndication.com                  https://www.google.com                  https://www.youtube.com 1
font-src 'self' data:; img-src * data:; default-src * 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' https://manage.controlglobal.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self';script-src 'self' *.schibsted.com *.schibsted.io platform.instagram.com www.instagram.com pp.lp4.io cdn.jsdelivr.net blob: static.vg.no *.vektklubb.no;style-src 'self' 'unsafe-inline' 'unsafe-hashes' unpkg.com fonts.googleapis.com use.fontawesome.com static.vg.no;font-src 'self' data: fonts.gstatic.com use.fontawesome.com cdn.vev.design vgc.no d3iwtia3ndepsv.cloudfront.net;frame-src 'self' www.instagram.com player.vimeo.com;connect-src 'self' pp.lp4.io *.schibsted.com *.schibsted.io secure.adnxs.com customer.api.appboy.eu *.vektklubb.no *.vgnett.no api.vg.no d3iwtia3ndepsv.cloudfront.net session-service.payment.schibsted.no vgtvlive-lh.akamaized.net amd-vgtv.akamaized.net dd-vgtv.akamaized.net;img-src 'self' data: blob: ship-pro-static-content.s3.eu-west-1.amazonaws.com/img/schibsted_logo.svg media.github.schibsted.io cdn.braze.eu sch-map.norstatsurveys.com cis.schibsted.com secure.adnxs.com shared.cdn.smp.schibsted.com cdn.ship.schibsted.io cdn.vev.design images.stream.schibsted.media static.vg.no imbo.vgtv.no *.vektklubb.no d3iwtia3ndepsv.cloudfront.net svp-images-vh.akamaized.net;media-src 'self' svpvodps-vh.akamaized.net blob: dd-vgtv.akamaized.net vgtvlive-lh.akamaized.net;object-src 'self';report-uri /webapi/csp/report;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://mimorelia.com;block-all-mixed-content; 1
default-src 'self' https://sidra.org https://www.sidra.org https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://z.moatads.com https://snap.licdn.com https://static.hotjar.com https://m.addthis.com https://maps.googleapis.com https://www.sidra.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com  http://www.scorpioncms.com http://www.google-analytics.com/analytics.js http://www.scorpioncms.com/common/js/m/masked.js http://cdnjs.cloudflare.com https://use.fontawesome.com http://www.googletagmanager.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.com.qa http://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com  https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://s0.wp.com https://secure.gravatar.com/ https://fonts.gstatic.com/ https://themes.googleusercontent.com; frame-src https://js.stripe.com https://s7.addthis.com https://www.google.com/ https://www.youtube.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
form-action 'self' forms.hsforms.com bdmm.interroll.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://app.flow.ai http://localhost:8002 http://0.0.0.0:8002 http://localhost:45032 *.sdxdemo.com *.response.lithium.com http://local.sdxdemo.com:9000 https://care-eu.flow.ai *.care.app.khoros.com 1
block-all-mixed-content; upgrade-insecure-requests; frame-src tel: mailto: https:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: 'unsafe-hashes'; script-src-elem 'unsafe-inline' https:; style-src 'unsafe-inline' 'report-sample' https: 'unsafe-hashes'; style-src-elem 'unsafe-inline' https:; default-src https:; frame-ancestors 'self' https:; report-uri /.well-known/csp/afc50834-47a9-4f84-b965-04652c70215a 1
default-src 'self';    script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.google.com connect.facebook.net      *.googleapis.com *.gstatic.com      c.shetland.org cdn.matomo.cloud nb.matomo.cloud nbstats.co.uk *.mailchimp.com starling.crowdriff.com post.crowdriff.com www.instagram.com      'sha256-sHv+cj+8063Z5N2nQUyU3/77rwHaSQQh1tPa2tiB7yM=' 'sha256-PjZvdKrx7kMLdO+DjnuV8YAv+r5urfiVgOo67in5uME='      'sha256-+kSKftS+p9NvfA2rHmfUhZJueU/suTtr9jHA60jK5CM=' cdnjs.cloudflare.com www.tiktok.com www.youtube.com platform.twitter.com;    style-src 'self' 'unsafe-inline' c.shetland.org *.mailchimp.com starling.crowdriff.com post.crowdriff.com      hello.myfonts.net *.googleapis.com *.gstatic.com cdnjs.cloudflare.com;    img-src 'self' data: https:;    connect-src 'self' nb.matomo.cloud https:;    font-src 'self' data: https:;    object-src 'self';    media-src 'self' data: blob: www.youtube.com vimeo.com c.shetland.org *.zetcast.net zetcast-gb.b-cdn.net *.amazonaws.com      *.cdninstagram.com *.cloudfront.net;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com www.youtube.com player.vimeo.com *.spotify.com *.facebook.com      w.soundcloud.com e.issuu.com www.instagram.com www.bbc.co.uk servedby.flashtalking.com platform.twitter.com;    form-action 'self' *.list-manage.com www.facebook.com;    base-uri 'self';    worker-src blob:;    frame-ancestors 'self' www.shetlandwebcams.com dev.shetland.org;    report-uri https://nbcom.report-uri.com/r/d/csp/enforce     1
frame-ancestors 'self' mykof.kof.com.mx mykofqa.kof.com.mx; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com https://givebutter.com https://www.google.com https://www.googletagmanager.com  https://maps.googleapis.com https://maps.google.com https://connect.facebook.net https://www.youtube.com https://*.cloudfront.net https://www.bugherd.com https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://releases.transloadit.com https://script.hotjar.com/ https://static.hotjar.com 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net https://static.rev-a-shelf.com *.rev-a-shelf.com https://static.trescolighting.com https://fonts.gstatic.com http://searchserverapi.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com http://searchserverapi.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com https://ct.pinterest.com https://s7.addthis.com https://www.chasepaymentechhostedpay-var.com *.facebook.com *.issuu.com mailto: https://www.google.com https://www.youtube.com https://youtube.com https://www.ytimg.com http://searchserverapi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://static.rev-a-shelf.com *.rev-a-shelf.com https://s3.amazonaws.com/ https://www.facebook.com https://ct.pinterest.com https://static.trescolighting.com https://cdn.klarna.com/ http://searchserverapi.com http://searchanise-ef84.kxcdn.com https://www.google.co.in/ *.adobedtm.com http://images.salsify.com/ https://tresco-lighting-layout-images.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://static.rev-a-shelf.com *.rev-a-shelf.com https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.facebook.com *.facebook.net https://s.pinimg.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com *.google-analytics.com https://static.trescolighting.com https://s7.addthis.com *.moatads.com https://v1.addthisedge.com https://m.addthis.com https://www.chasepaymentechhostedpay-var.com https://www.paypal.com https://www.paypalobjects.com http://searchserverapi.com https://cdn.amplitude.com *.googleapis.com *.google.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.addthisedge.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.rev-a-shelf.com *.rev-a-shelf.com https://static.trescolighting.com https://fonts.googleapis.com http://searchserverapi.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://ct.pinterest.com https://stats.g.doubleclick.net *.google-analytics.com https://m.addthis.com https://www.paypalobjects.com https://www.chasepaymentechhostedpay-var.com *.facebook.com https://bam.nr-data.net/ http://searchserverapi.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://colab.research.google.com https://*.googleusercontent.com https://console.paperspace.com https://deepnoteworkspace.com https://deepnote.com https://*.mybinder.org; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: use.typekit.net use.fontawesome.com code.jquery.com google-analytics.com https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' http: https: e.issuu.com use.typekit.net code.jquery.com use.fontawesome.com www.google-analytics.com www.wufoo.com google-analytics.com; style-src 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com https://*.hotjar.com; style-src-elem 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com; img-src 'self' data: https: p.typekit.net https://*.hotjar.com; font-src 'self' use.typekit.net *.fontawesome.com fonts.gstatic.com acsbapp.com https://*.hotjar.com; connect-src 'self' ws24.hotjar.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net cdn.acsbapp.com web1.acsbapp.com *.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src 'self' web1.acsbapp.com; frame-src 'self' vars.hotjar.com anchor.fm e.issuu.com www.google.com player.vimeo.com connect.bipc.com s3.amazonaws.com acsbapp.com accounts.accessibe.com https://*.hotjar.com; frame-ancestors 'self' https://app.socio.events/; form-action 'self'; base-uri 'self'; report-uri https://notarobot.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://medicalguardian--devsand.sandbox.my.salesforce.com/ https://medicalguardian--hypersand.sandbox.my.salesforce.com/ https://medicalguardian.my.salesforce.com/ https://medicalguardian--c.vf.force.com/ https://medicalguardian--hypersand--c.sandbox.vf.force.com/ https://medicalguardian--devsand--c.sandbox.vf.force.com/ https://medicalguardian.lightning.force.com/ https://medicalguardian--hypersand.sandbox.lightning.force.com/ https://medicalguardian--devsand.sandbox.lightning.force.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.arz.at; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arz.at maps.google.com www.googleadservices.com maps.googleapis.com www.econ-application.de; img-src 'self' *.accenture.com *.arz.at image.onoffice.de maps.google.com maps.googleapis.com maps.gstatic.com jobs.volksbankwien.at jobs.volksbank.tirol jobs.volksbanksalzburg.at jobs.volksbank-kaernten.at jobs.vbnoe.at jobs.vb-ooe.at jobs.volksbank-stmk.at lcdn.letscast.fm i.vimeocdn.com data:; connect-src 'self'  *.accenture.com *.arz.at maps.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.arz.at kurse.banking.co.at www.youtube.com bank-news.at news.volksbank.tirol news.volksbank.at news.volksbankwien.at *.volksbanksalzburg.at *.apobank.at *.aerztebank.at *.volksbanksalzburg.com news.volksbank-kaernten.at news.vbnoe.at news.sparda.at news.vb-ooe.at news.volksbank-stmk.at angebot.derfairecredit.at iframe.justimmo.at vbkaernten.immo-export.at vbsalzburg.immo-export.at letscast.fm my.matterport.com player.vimeo.com; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https:; worker-src 'self' https:; object-src 'none'; 1
default-src 'self'; script-src 'self' https://*.netlify.app 'unsafe-inline' 'sha512-RGGByJUOP98hE4wFZM78RM/3MijWJs0Tm0DbfrFhCDCXKXfDx60fii+syp5iMs3UcNX/1H4zJNgmqSejfhHrYw==' 'sha512-+T2H7TEv2U6umnIOWYijvTIrzdCZUYhm/FZo4YYQzKAHf8NWs+38cn3t9fdz2rCm2HqHDkthZZXnY4EWPdWnMA==' 'sha512-okYuGnNmmUuCX64AD7FVra0445z43U8riOY3jZue+WZ2KeVOWLo17hE/wZXGUIJh9WBiSHZ2epTd36MMP6R66w==' 'sha512-bv9WRsSROhTW5djDurORNUCGITVeRfjDXkhqg4Ez/4vTY6FcaVBPy4MXpn4EGC3J3oZNcxpfQIScElDKlmiLhw==' 'sha512-RBYr6Ld4w1yVqaACrgrBLQfPgGhj/1jyacA74WxJ1KM6KVcSWymwrdDwb3HDcdpwiNJ5yssot1He0U9vXoQVlg==' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-vOgyKS2vkH4n5TxBJpeh9SgzrE6LVGsAeOAvEST6oCc='; style-src 'self' https://*.netlify.app 'unsafe-inline'; img-src 'self' https://*.netlify.app https://github.com https://avatars.githubusercontent.com data:; connect-src 'self' https://*.netlify.app; font-src 'self' https://*.netlify.app; manifest-src 'self' https://*.netlify.app; object-src 'none'; frame-src https://app.netlify.com; frame-ancestors 'none'; base-uri 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; frame-ancestors 'self' http://weblink.northshore.org.nomzit.com http://weblink.northshore.org.apkpoko.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-src https://*.stafflinq.com https://*.rosnet.com; frame-ancestors https://*.stafflinq.com https://*.rosnet.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net *.licdn.com *.twitter.com *.twimg.com *.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.googletagmanager.com *.matomo.cloud *.upsales.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.etracker.com *.etracker.de *.g.doubleclick.net *.matomo.cloud; 1
frame-ancestors 'self'                    cbsplit.com       theikariajuice.com       theikariajuice-com.cbsplit.com ; 1
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com www.mobilevirtualtour.com samsung-tmo-stage.herokuapp.com 5g.samsungtmobile.com www.uscellular.com wesit11.we-nonprod.uscc.com wesitaem.we-nonprod.uscc.com www.walmart.com tempo.cxtools-stg.walmart.com www-stage.walmart.com virtualstore.att.com att.beta.obsessvr.com i5.walmartimages.com wesit7.we-nonprod.uscc.com/ wesit7.we-nonprod.uscc.com/samsung *.samsungsupport.com 1
default-src 'self';font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;img-src 'self' data: www.google-analytics.com www.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com i.ytimg.com www.google.co.in www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com apis.google.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src www.youtube.com tools.euroland.com www.google.com es-securitas.easycruit.com;media-src 'self' ;connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com ds-onetrust.securitas.com analytics.google.com region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ;frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com hcaptcha.com *.hcaptcha.com; img-src 'self' *.google-analytics.com *.nzbvortex.com *.xsnews.nl; style-src 'self' 'unsafe-inline' hcaptcha.com *.hcaptcha.com; font-src 'self'; frame-src 'self' *.google.com hcaptcha.com *.hcaptcha.com; object-src 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://dev2022.njsba.com https://njsba.com 1
frame-ancestors *.rentalia.com *.yaencontre.com; 1
default-src 'self' *.google.com *.blackbuck.com *.youtube.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.googletagmanager.com; script-src 'self' *.newrelic.com https://bam.nr-data.net *.googletagmanager.com *.ytimg.com *.youtube.com *.blackbuck.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.google.com 'unsafe-inline'; style-src 'self' *.googleapis.com  *.googleapis.com *.googletagmanager.com 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.blackbuck.com *.tryretool.com *.googleapis.com *.googletagmanager.com 'unsafe-inline';img-src 'self' *.ytimg.com *.googleapis.com  *.gstatic.com *.google-analytics.com *.googleapis.com *.amazonaws.com *.blackbuck.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' data:; connect-src 'self' https://bam.nr-data.net *.amazonaws.com *.blackbuck.com *.googleapis.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline'; font-src 'self' *.gstatic.com data:; object-src 'none'; media-src 'self' *.amazonaws.com; form-action 'self'; frame-ancestors 'self'; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://brsociety.club:8443/socket.io/ wss://brsociety.club:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors http://cubki.jp http://*.cubki.jp https://cubki.jp https://*.cubki.jp http://newrope.biz http://*.newrope.biz https://newrope.biz https://*.newrope.biz 1
default-src 'self' *.googleapis.com *.gstatic.com *.gravatar.com *.googletagmanager.com *.google-analytics.com *.zoom.us zoom.us *.cookiebot.com 'unsafe-inline' 'unsafe-eval' ws:; worker-src blob:; img-src *.gravatar.com *.zoom.us api.prestashop-project.org 'self' data:; font-src *.googleapis.com *.gstatic.com *.zoom.us 'self' data:; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://generation-free.org:8443/socket.io/ wss://generation-free.org:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' *.getdoc.com.br getdoc.com.br fonts.gstatic.com fonts.googleapis.com; script-src 'unsafe-inline' *.getdoc.com.br getdoc.com.br *.googleapis.com fonts.googleapis.com connect.facebook.net fonts.gstatic.com; style-src 'unsafe-inline' *.getdoc.com.br getdoc.com.br fonts.googleapis.com maps.googleapis.com connect.facebook.net fonts.gstatic.com; img-src 'self' http://getdoc.com.br https://getdoc.com.br http://www.getdoc.com.br https://www.getdoc.com.br https://fonts.googleapis.com http://maps.googleapis.com https://connect.facebook.net https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://*.instantscripts.com.au https://*.googleapis.com https://*.googletagmanager.com https://*.iscr.com.au https://*.legitscript.com https://*.productreview.com.au https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick.js; style-src 'report-sample' 'self' 'unsafe-inline' https://*.typekit.net https://*.googleapis.com https://*.instantscripts.com.au https://*.iscr.com.au https://*.google-analytics.com https://*.paypal.com https://*.intercom.io https://*.intercomcdn.com https://use.fontawesome.com/releases/v5.6.1/css/all.css https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick-theme.min.css https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://auth.onepass.com.au https://*.cybersource.com https://*.googleapis.com https://*.google.com https://api-iam.au.intercom.io https://*.instantscripts.com.au https://capture-api.ap3prod.com https://*.tokbox.com https://sentry.io https://stats.g.doubleclick.net https://*.cloudfunctions.net https://www.google-analytics.com https://*.google.com.au https://www.paypal.com https://www.sandbox.paypal.com wss://*.intercom.io wss://*.firebaseio.com wss://*.firebasedatabase.app https://*.facebook.com wss://pcn-dot-instant-med.ts.r.appspot.com https://api-cann-dot-instant-med.ts.r.appspot.com https://*.opentok.com wss://*.media.prod.tokbox.com https://*.analytics.google.com https://*.demdex.net https://smetrics.healthengine.com.au https://ad.doubleclick.net https://www.googletagmanager.com https://*.intercomcdn.com https://*.au.intercomcdn.com https://content.hotjar.io https://vc.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com; font-src 'self' data: https://use.typekit.net https://use.fontawesome.com https://*.intercomcdn.com https://*.gstatic.com https://*.googleusercontent.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/; frame-src 'self' *.instantscripts.com.au https://intercom-sheets.com https://www.sandbox.paypal.com https://www.paypal.com https://*.firebasedatabase.app https://*.google.com *.firebaseapp.com *.firebaseio.com https://*.facebook.com https://www.paypalobjects.com https://*.demdex.net https://td.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://ausscripts.erx.com.au https://www.googletagmanager.com https://*.googlesyndication.com https://*.facebook.net; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self' data: https://*.gstatic.com https://*.intercomcdn.com https://*.googleapis.com; report-uri https://api.instantscripts.com.au/csp/report; worker-src 'self'; frame-ancestors *.instantscripts.com.au brightonbaypharmacy.com.au prahranamcal.com.au; 1
default-src 'none';         connect-src 'self' data: *.linkedin.oribi.io *.doubleclick.net *.google-analytics.com *.withgoogle.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.goadopt.io *.google.com *.omni.com.br *.omniaws.io;          script-src  'self' 'unsafe-eval' 'unsafe-inline' *.omniaws.io *.proatecnologia.com.br *.googleapis.com *.googleadservices.com *.googleads.g.doubleclick.net *.hotjar.com  *.typekit.net *.goadopt.io *.googletagmanager.com *.facebook.com *.licdn.com *.facebook.net *.hotjar.com *.google-analytics.com *.google.com *.gstatic.com unpkg.com;         style-src   'self' 'unsafe-inline' *.omniaws.io *.googleapis.com *.google.com;         img-src     'self' data: *.omniaws.io *.gravatar.com *.google.com *.google.com.br *.googletagmanager.com *.gstatic.com *.facebook.com *.linkedin.com *.google-analytics.com *.ytimg.com kloe-proa.s3.amazonaws.com;         font-src    'self' data: *.omniaws.io *.gstatic.com *.typekit.net;         frame-src   'self' data: *.facebook.com *.facebook.net *.google.com *.youtube.com *.proatecnologia.com.br;         base-uri    'self';         form-action 'self' data: *.facebook.com *.facebook.net *.google.com; 1
default-src 'none';    block-all-mixed-content;    upgrade-insecure-requests;    script-src 'self' 'nonce-QFxZPUQJartkI1Da9UCYNIs5kawVpRKRs9jADv3X4WQ=' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    img-src 'self' data: https://pwstageassetstorage.blob.core.windows.net  https://raw.githubusercontent.com https://www.google-analytics.com;    font-src 'self' https://fonts.gstatic.com  https://static.paynow.pl data: ;    connect-src 'self' https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net;    media-src 'self' data: https://pwstageassetstorage.blob.core.windows.net;    object-src 'none';    child-src 'none';    frame-src https://www.youtube.com;    worker-src 'none';    frame-ancestors 'none';    form-action 'self';    base-uri 'none';    manifest-src 'self';    report-uri https://sentry.io/api/1442554/security/?sentry_key=98205a64726849b88d9f1e23d10066ed&sentry_environment=prod&sentry_release=prod-f9247039af5b; 1
script-src 'self' *.criteo.com *.criteo.net 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: https://prod-alawani.snaptec.co/; style-src 'self' blob: https: 'unsafe-inline' https://prod-alawani.snaptec.co/; img-src data: http: https: www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' https://prod-alawani.snaptec.co/ fonts.gstatic.com cdnjs.cloudflare.com; frame-src *.webengage.co *.snapchat.com facebook.com new.arabianoud.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com https://ppipe.net/ https://oppwa.com *.emcrey.com *.hotjar.com *.cardinalcommerce.com https://secure5.arcot.com/ *.arcot.com *.pubhtml5.com *.flixgvid.flix360.io *.flix360.io *.flixcar.com *.flixfacts.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com *.flixsyndication.net *.alahli.com *.criteo.com *.criteo.net *.doubleclick.net *.checkout.com 1
base-uri 'none'; object-src 'none'; script-src 'nonce-MVMlEJf6pi7dvctcGkggLww4nop2OLXAqNwh2ocWGI3GzXJAA_vg51nUOtBvDvW7' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://jorts.horse; img-src 'self' https: data: blob: https://jorts.horse; style-src 'self' https://jorts.horse 'nonce-ZZgzRJYL8AGk+pk+zVVuvQ=='; media-src 'self' https: data: https://jorts.horse; frame-src 'self' https:; manifest-src 'self' https://jorts.horse; connect-src 'self' data: blob: https://jorts.horse https://media.jorts.horse wss://jorts.horse; script-src 'self' https://jorts.horse; child-src 'self' blob: https://jorts.horse; worker-src 'self' blob: https://jorts.horse 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://thecanadian.social; img-src 'self' https: data: blob: https://thecanadian.social; style-src 'self' https://thecanadian.social 'nonce-/m8UGPlIv9hmZNz8m/EkrQ=='; media-src 'self' https: data: https://thecanadian.social; frame-src 'self' https:; manifest-src 'self' https://thecanadian.social; form-action 'self'; child-src 'self' blob: https://thecanadian.social; worker-src 'self' blob: https://thecanadian.social; connect-src 'self' data: blob: https://thecanadian.social https://thecanadian.social wss://thecanadian.social; script-src 'self' https://thecanadian.social 'wasm-unsafe-eval' 1
default-src 'self' *.rumett.ru rumett.ru www.youtube.com; object-src 'self' *;  connect-src 'self' https://*.fptls.com https://api.fpjs.io/ https://*.api.fpjs.io https://*.dadata.ru https://dadata.ru https://sovetnik-off.ru/block/510a357e66823a390ca7138d209af38c *.google.com www.google-analytics.com *.cloudflare.com noembed.com cdn.plyr.io stats.g.doubleclick.net taxi-routeinfo.taxi.yandex.net mc.webvisor.org rumett.ru *.rumett.ru mc.yandex.ru mc.yandex.md mc.yandex.by mc.yandex.kz mc.yandex.com; font-src 'self' 'unsafe-inline' *.gstatic.com rumett.ru *.rumett.ru; style-src 'self' 'unsafe-inline'  www.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.jquery.com *.twitter.com *.twimg.com cdn.plyr.io cdn.jsdelivr.net rumett.ru *.rumett.ru; child-src 'self' 'unsafe-inline' yandex.ru *.yandex.ru https://www.youtube-nocookie.com google.com *.google.com instagram.com *.instagram.com twitter.com *.twitter.com vk.com *.vk.com youtube.com *.youtube.com mc.yandex.md widgets.dellin.ru calc.pecom.ru *.nrg-tk.ru nrg-tk.ru api.jde.ru rumett.ru *.rumett.ru; img-src 'self' data: google.ru *.google.ru google.be *.google.be *.ggpht.com  google.com *.google.com www.google-analytics.com https://chart.googleapis.com *.googleapis.com maps.gstatic.com www.googletagmanager.com metrika-informer.com abs.twimg.com *.twitter.com vk.com *.ytimg.com stats.g.doubleclick.net *.maps.yandex.net mc.webvisor.org *.yandex.com *.yandex.be yandex.ru *.yandex.ru rumett.ru *.rumett.ru;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com  www.googletagmanager.com https://fpcdn.io/v3/pWOH1liMNDEpjk60ppc1 google.ru *.google.ru google.com *.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.googleapis.com *.cloudflare.com instagram.com *.instagram.com *.jquery.com *.jsdelivr.net metrika-informer.com *.syndication.twimg.com *.twitter.com vk.com youtube.com *.youtube.com cdn.plyr.io cdn.jsdelivr.net yandex.ru *.yandex.ru *.maps.yandex.net yastatic.net mc.webvisor.org mc.yandex.ru mc.yandex.md mc.yandex.by mc.yandex.kz mc.yandex.com rumett.ru *.rumett.ru; 1
default-src 'self'; frame-src 'self' https://td.doubleclick.net https://youtube.com www.youtube.com www.youtube-nocookie.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com snap.licdn.com ajax.googleapis.com www.googletagmanager.com www.youtube.com connect.facebook.net www.google-analytics.com googleads.g.doubleclick.net cdn.jsdelivr.net maps.google.com maps.googleapis.com www.googleadservices.com pagead2.googlesyndication.com; connect-src *; img-src 'self' px.ads.linkedin.com googleads.g.doubleclick.net *.aluprof.com aluprof.com *.google.com *.google.pl www.google-analytics.com www.gravatar.com maps.gstatic.com maps.googleapis.com blob: data:; style-src 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com;base-uri 'self';form-action 'self' 1
default-src 'self';  connect-src 'self' https://www.google-analytics.com/;  frame-src 'self' https://js.stripe.com/;  media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://js.stripe.com/;  style-src 'self' 'unsafe-inline';  img-src 'self' blob: data:;  font-src 'self';  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 1
img-src 'self' *.google-analytics.com *.googletagmanager.com *.enamad.ir *.map.ir *.mapbox.com data: blob: 1
default-src https: data:; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; font-src 'self' *.maine-et-loire.fr *.fontawesome.com; form-action http: 'self'; script-src 'self' *.maine-et-loire.fr www.instagram.com *.flickr.com platform.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.maine-et-loire.fr 'unsafe-inline' *.fontawesome.com; img-src http: data: 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.mkk.de https://piwik.mkk.de *.readspeaker.com api.service-digitale-verwaltung.de; frame-src 'self' *.mkk.de *.ekom21.de *.ehrenamtssuche-hessen.de *.krz.de *.unitylivestream.com www.google.com *.readspeaker.com *.youtube.com *.mitkindundkegel.de mitkindundkegel.de netappoint.de app1.edoobox.com freinet-online.de; frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/ https://ajax.cloudflare.com/ https://tag.goadopt.io https://app.cybba.solutions/user https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/en_US/fbevents.js https://consumidor.quod.com.br/ https://d2rp1k1dldbai6.cloudfront.net/ https://extend.vimeocdn.com/ https://files1.cybba.solutions/ https://script.hotjar.com/ https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com/ https://static.hotjar.com/ https://tag.rmp.rakuten.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.rtb123.com/ https://www.youtube.com/ https://storage.googleapis.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://optimize.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com/ https://cdn.linkedin.oribi.io https://analytics.google.com/ https://disclaimer-api.goadopt.io https://gy6d96.api.infobip.com https://vc.hotjar.io https://in.hotjar.com https://pro.ip-api.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://ws2.hotjar.com https://directline.botframework.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com https://optimize.google.com https://player.vimeo.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://vars.hotjar.com; img-src 'self' https://consent.linksynergy.com https://googleads.g.doubleclick.net https://i.vimeocdn.com https://images.quod.com.br https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://optimize.google.com https://www.gravatar.com data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri https://iamherbalifenutrition.com/; frame-ancestors https://iamherbalifenutrition.com/; upgrade-insecure-requests ; script-src 'unsafe-eval' 'unsafe-inline' iamherbalifenutrition.com use.typekit.net s.pinimg.com d2qrdklrsxowl2.cloudfront.net *.cloudfront.net www.youtube.com view.ceros.com herbalife.preview.ceros.com hnx.myherbalife.com herbalife-econnect.hrbl.com hlf.maps.arcgis.com www.herbalife.com www.herbalife.de www.herbalife.ca privacyportal-cdn.onetrust.com services.herbalifenutrition.com media.herbalifenutrition.com negocio.herbalife.com.mx privacyportal.onetrust.com privacyseals.bbbprograms.org da7xgjtj801h2.cloudfront.net cf-images.us-east-1.prod.boltdns.net translate.googleapis.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com dev.day.com rl.quantummetric.com geolocation.onetrust.com http-inputs-hrbl.splunkcloud.com herbalife-app.quantummetric.com herbalife-sync.quantummetric.com cdn.quantummetric.com cdn.cookielaw.org code.jquery.com optanon.blob.core.windows.net stats.g.doubleclick.net herbalife.112.2o7.net www.gstatic.com connect.facebook.net blob: data: user-aaimrzl.cld.bz www.google-analytics.com www.googletagmanager.com www.facebook.com twitter.com www.instagram.com www.linkedin.com www.dsa.org dsef.org www.bbb.org fonts.googleapis.com fonts.gstatic.com pixel.wp.com s0.wp.com stats.wp.com api.ceros.co ajax.googleapis.com media-s3-us-east-1.ceros.com namcerosdev.wpengine.com sdk.ceros.com assets.adobedtm.com metrics.brightcove.com players.brightcove.net cdn.flipsnack.com edge.api.brightcove.com cdnjs.cloudflare.com assets.herbalifenutrition.com smetrics.herbalife.com manifest.prod.boltdns.net httpsak-a.akamaihd.net bcbolt446c5271-a.akamaihd.net ds-aksb-a.akamaihd.net secure.brightcove.com vjs.zencdn.net f1.media.brightcove.com edge.myherbalife.com herbalife.demdex.net dpm.demdex.net herbalife.tt.omtrdc.net cm.everesttech.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat assets.pinterest.com seal-sanjose.bbb.org assetscdn.stackla.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://maps.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://maps.googleapis.com https://www.youtube.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://www.google.com https://www.gstatic.com https://secure.gravatar.com https://i.ytimg.com https://i.vimeocdn.com https://ps.w.org https://s.w.org https://ts.w.org https://www.google.co.in https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com; connect-src 'self' https://yoast.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://adservice.google.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://www.facebook.com https://6372289.fls.doubleclick.net https://www.youtube-nocookie.com/; 1
'self' https://ajax.googleapis.com https://www.googletagmanager.com 1
frame-ancestors 'self' *.icebox.com 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
report-uri 'self' 1
frame-ancestors localhost:3333 *.wedodata.dev *.globalcarbonatlas.org globalcarbonatlas.org *.github.io  *.cookiebot.com; frame-src *.wedodata.dev *.globalcarbonatlas.org globalcarbonatlas.org *.github.io  *.cookiebot.com; child-src *.wedodata.dev *.globalcarbonatlas.org globalcarbonatlas.org *.github.io localhost:3333 *.cookiebot.com connect.facebook.net staticxx.facebook.com facebook.com youtube.com player.vimeo.com www.google-analytics.com google.com apis.google.com tagmanager.google.com www.googletagmanager.com; 1
default-src 'self'; connect-src *; font-src *; frame-src * data:; img-src * data:; manifest-src https://vantora.azureedge.net/; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://apis.google.com https://accounts.google.com/gsi/client https://app.formsable.com/ue.js https://js.intercomcdn.com https://js.stripe.com https://widget.intercom.io https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://cdn.amplitude.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net/collectedforms.js https://js.hsadspixel.net/fb.js https://js.usemessages.com/conversations-embed.js https://static.cloudflareinsights.com; media-src https://js.intercomcdn.com; connect-src *; style-src 'unsafe-inline' *; font-src *; frame-src *; img-src blob: data: *; worker-src blob:; 1
default-src     'self'     https://bid.g.doubleclick.net/xbbe/pixel     ;      script-src     'self'     'report-sample'     'unsafe-inline'     https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js     https://code.iconify.design/1/1.0.7/iconify.min.js     https://googleads.g.doubleclick.net/pagead/viewthroughconversion/798837973/     https://js.hs-analytics.net/analytics/1654805700000/2063147.js     https://js.hs-banner.com/2063147.js     https://js.hs-scripts.com/2063147.js     https://js.hscollectedforms.net/collectedforms.js     https://js.intercomcdn.com/frame-modern.a7822daa.js     https://widget.intercom.io/widget/jvg80vqq     https://www.google-analytics.com/analytics.js     https://www.googleadservices.com/pagead/conversion_async.js     https://www.googletagmanager.com/gtag/js     https://js.hs-analytics.net/analytics/1655307000000/2063147.js     https://js.hs-analytics.net/analytics/     https://js.intercomcdn.com/frame-modern.53729a77.js     https://js.intercomcdn.com/vendor-modern.b8592417.js     https://app.intercom.io     https://widget.intercom.io     https://js.intercomcdn.com     https://www.google.com/pagead/conversion_async.js     https://api.iconify.design/eva.js     https://api.iconify.design/mdi.js     https://api.iconify.design/cil.js     https://api.iconify.design/bi.js     https://static.intercomassets.com/assets/help_center-d36cfac0eccacbe14d1a7ba68d9f0c90b39aba04a7f1d862292ab8a525bf4c8f.js     ;     style-src     'report-sample'      'self'     'unsafe-inline'     ;     object-src     'none'     ;     base-uri     'self'     ;     connect-src     'self'       https://api.intercom.io       https://api.au.intercom.io     https://api.eu.intercom.io       https://api-iam.intercom.io       https://api-iam.eu.intercom.io     https://api-iam.au.intercom.io      https://api-ping.intercom.io       https://nexus-websocket-a.intercom.io     wss://nexus-websocket-a.intercom.io     https://nexus-websocket-b.intercom.io     wss://nexus-websocket-b.intercom.io     https://nexus-europe-websocket.intercom.io      wss://nexus-europe-websocket.intercom.io      https://nexus-australia-websocket.intercom.io     wss://nexus-australia-websocket.intercom.io      https://uploads.intercomcdn.com     https://uploads.intercomcdn.eu      https://uploads.au.intercomcdn.com      https://uploads.intercomusercontent.com     https://forms.hubspot.com     https://www.google-analytics.com/j/collect     https://www.google-analytics.com/g/collect     https://js.hs-banner.com/cookie-banner-public/v1/activity/view     https://js.hs-banner.com/cookie-banner-public/v1/activity/click     https://forms.hscollectedforms.net/collected-forms/          ;     font-src     'self'     https://js.intercomcdn.com                   https://fonts.intercomcdn.com     ;     child-src       https://intercom-sheets.com       https://www.intercom-reporting.com        https://www.youtube.com       https://player.vimeo.com       https://fast.wistia.net     ;     frame-src     'self'      https://www.youtube.com/     https://bid.g.doubleclick.net/     https://intercom-sheets.com     ;     img-src      'self'     https://forms.hsforms.com     https://track.hubspot.com     https://www.google-analytics.com     https://www.google.com     https://static.intercomassets.com                 https://js.intercomcdn.com     https://static.intercomassets.com     https://downloads.intercomcdn.com     https://downloads.intercomcdn.eu     https://downloads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://gifs.intercomcdn.com      https://video-messages.intercomcdn.com     https://messenger-apps.intercom.io     https://messenger-apps.eu.intercom.io     https://messenger-apps.au.intercom.io     https://*.intercom-attachments-1.com     https://*.intercom-attachments.eu     https://*.au.intercom-attachments.com     https://*.intercom-attachments-2.com     https://*.intercom-attachments-3.com     https://*.intercom-attachments-4.com     https://*.intercom-attachments-5.com     https://*.intercom-attachments-6.com     https://*.intercom-attachments-7.com     https://*.intercom-attachments-8.com     https://*.intercom-attachments-9.com     https://static.intercomassets.eu     https://static.au.intercomassets.com     https://forms.hscollectedforms.net/collected-forms/     ;         manifest-src     https://js.intercomcdn.com     https://static.intercomassets.com     https://downloads.intercomcdn.com     https://downloads.intercomcdn.eu     https://downloads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://gifs.intercomcdn.com      https://video-messages.intercomcdn.com     https://messenger-apps.intercom.io     https://messenger-apps.eu.intercom.io     https://messenger-apps.au.intercom.io     https://*.intercom-attachments-1.com     https://*.intercom-attachments.eu     https://*.au.intercom-attachments.com     https://*.intercom-attachments-2.com     https://*.intercom-attachments-3.com     https://*.intercom-attachments-4.com     https://*.intercom-attachments-5.com     https://*.intercom-attachments-6.com     https://*.intercom-attachments-7.com     https://*.intercom-attachments-8.com     https://*.intercom-attachments-9.com     https://static.intercomassets.eu     https://static.au.intercomassets.com     ;         media-src      'self'     https://js.intercomcdn.com     ;     report-uri      https://62a2552a9bc141b6c536fb71.endpoint.csper.io/?v=0     ;     worker-src      'none'     ;     form-action     'self'     https://intercom.help     https://api-iam.intercom.io     https://api-iam.eu.intercom.io     https://api-iam.au.intercom.io     ;      1
default-src:'self' 1
base-uri 'none'; object-src 'none'; script-src 'nonce-3TYa_y1HfaXvAk1l1BjXvf8L7RPW5yM_9EEtVQE_e4Saqyzmi5waBKID8sKcVm-L' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
script-src 'nonce-S5pDWK9tEcJh+laxs0A0Qg==' 'strict-dynamic' 'report-sample' https: 'unsafe-inline'; report-uri /csp-report.php; object-src 'none'; base-uri 'none' 1
script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com *.doubleclick.net; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://flippingbook.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://apps.usw2.pure.cloud https://collector.fraudmap.net https://polyfill.io https://web.baconpay.com/embed.js https://translate.google.com https://www.googletagmanager.com https://gateway.zscalertwo.net https://api.glia.com *.glia.com https://client-logger.salemove.com client-logger.salemove.com salemove.com pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com pubsub.salemove.com *.salemove.com *.adobe.com https://js.poshdevelopment.com https://dhqbrvplips7x.cloudfront.net; style-src 'self' 'unsafe-inline' http://flippingbook.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://use.typekit.net https://p.typekit.net https://gateway.zscalertwo.net https://api.glia.com *.glia.com *.freshdesk.com https://client-logger.salemove.com client-logger.salemove.com pubsub.salemove.com *.salemove.com *.adobe.com https://dhqbrvplips7x.cloudfront.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.typekit.net client-logger.salemove.com *.salemove.com pubsub.salemove.com https://dhqbrvplips7x.cloudfront.net; img-src 'self' http://flippingbook.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://ornlfcu.bssdev.com https://www.google.com https://translate.googleapis.com https://gateway.zscalertwo.net https://ornlfcu.com https://www.ornlfcu.com https://api.glia.com client-logger.salemove.com *.salemove.com pubsub.salemove.com; media-src 'self' data: blob: https://app.viralsweep.com/ pubsub.salemove.com *.salemove.com; frame-src http://flippingbook.com https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://www.youtube.com/iframe_api https://ornlfcustaging.orb.alkamitech.com https://www.ornlfcu.com https://ornlfcu.com https://api.glia.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com pubsub.salemove.com *.salemove.com *.adobe.com; child-src 'self' http://flippingbook.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://web.baconpay.com/ https://www.google.com/ https://www.ornlfcu.com https://ornlfcu.com https://api.glia.com client-logger.salemove.com pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com pubsub.salemove.com *.salemove.com *.adobe.com; connect-src 'self' http://flippingbook.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://api.usw2.pure.cloud wss://carrier-pigeon.usw2.pure.cloud wss://streaming.usw2.pure.cloud https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ https://maps.googleapis.com https://api.glia.com client-logger.salemove.com https://pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com *.salemove.com *.adobe.com https://js.poshdevelopment.com wss://pubsub.salemove.com https://dhqbrvplips7x.cloudfront.net wss://cobrowse.usw2.pure.cloud; 1
frame-ancestors 'self' *.gosshosted.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ethereum-magicians.org/logs/ https://ethereum-magicians.org/sidekiq/ https://ethereum-magicians.org/mini-profiler-resources/ https://ethereum-magicians.org/assets/ https://ethereum-magicians.org/brotli_asset/ https://ethereum-magicians.org/extra-locales/ https://ethereum-magicians.org/highlight-js/ https://ethereum-magicians.org/javascripts/ https://ethereum-magicians.org/plugins/ https://ethereum-magicians.org/theme-javascripts/ https://ethereum-magicians.org/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://ethereum-magicians.org/assets/ https://ethereum-magicians.org/brotli_asset/ https://ethereum-magicians.org/javascripts/ https://ethereum-magicians.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; font-src 'self' data: https://*; frame-src 'self' https://*; connect-src 'self' blob: wss: https://*; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self' https://*.okadoc.dev https://*.okadoc.com https://emirateshospitals.ae https://whitelabel-bookings.bupa.com https://telemed.bupa.com.sa; 1
connect-src 'self' www.bugherd.com bugherd-attachments.s3.amazonaws.com *.omappapi.com *.grupotriples.com *.hotjar.com *.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jlr-dev.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com decibel.com landroverusa.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.jaguarlandroverclassic.com data: blob:; 1
-Report-Only '/some-report-uri'; 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;base-uri 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com bat.bing.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;img-src 'self' blob: data: https://*.amazonaws.com https://*.bitopro.com https://bat.bing.com https://www.google-analytics.com https://www.google.com.tw https://www.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://static.zdassets.com https://accounts.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://media.smooch.io https://*.zdusercontent.com;media-src 'self' data: https://*.bitopro.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;connect-src 'self' https://*.bitopro.com https://*.doubleclick.net https://*.hotjar.com https://*.sentry.io https://analytics.google.com https://www.google.com https://www.google.com.tw https://www.google-analytics.com wss://*.bitopro.com https://cdnjs.cloudflare.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;frame-src 'self' blob: https://*.doubleclick.net https://vars.hotjar.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://bitopro.zendesk.com https://pod-25.zendesk.com https://api.smooch.io https://media.smooch.io https://zendesk-eu.my.sentry.io https://sdk.twilio.com wss://pod-25.zendesk.com wss://bitopro.zendesk.com wss://api.smooch.io wss://voice-js.roaming.twilio.com;object-src 'none' 1
frame-ancestors 'self' https://*.facebook.com; https://pavlok.reamaze.com; 1
frame-ancestors https://www.constructionspecifier.com/ https://kenilworth.com/ https://www.csiresources.org 1
default-src https:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com https://imgsct.cookiebot.com https://s.w.org https://ps.w.org https://app-rsrc.getbee.io https://www.mailcamp.nl https://mailcamp.eu https://www.mailcamp.eu https://p.typekit.net https://secure.gravatar.com https://www.google.com https://www.google.nl https://a.omappapi.com https://c.clarity.ms https://www.facebook.com https://bat.bing.com https://c.bing.com; font-src 'self' data: https://use.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.getbee.io https://google.com https://googleapis.com https://gstatic.com https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://omappapi.com https://secure.easy7bear.com https://maxcdn.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://app-rsrc.getbee.io https://loader.getbee.io https://app.getbee.io https://assets.calendly.com https://use.typekit.net https://consent.cookiebot.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://cdn.oribi.io https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://google.com https://www.googletagmanager.com https://www.googleadservices.com https://secure.easy7bear.com https://connect.facebook.net https://www.clarity.ms https://a.omappapi.com https://cdn.leadinfo.net https://bat.bing.com; style-src-elem 'self' 'unsafe-inline' https://www.mailcamp.nl https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://a.omappapi.com; frame-ancestors 'self' https://calendly.com https://a.omappapi.com https://mailcamp.eu; 1
child-src 'self' https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.google.com https://stacc.ee https://public.tableau.com https://tableauapp.tehik.ee; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://maxcdn.bootstrapcdn.com https://embed.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://cdn.reactandshare.com https://data.reactandshare.com https://unpkg.com https://static-v.tawk.to https://public.tableau.com https://tableauapp.tehik.ee https://s3.eu-north-1.amazonaws.com https://ajax.googleapis.com https://www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io npmcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.reactandshare.com https://unpkg.com https://embed.tawk.to https://s3.eu-north-1.amazonaws.com https://translate.googleapis.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com npmcdn.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://www.digilugu.ee/login https://www.facebook.com; frame-ancestors 'self'; report-uri https://www.tervisekassa.ee/report-uri/enforce; block-all-mixed-content 1
default-src 'self'; img-src 'self' data: https: https://*.usercentrics.eu https://*.matomo.cloud; font-src https: 'self' data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' blob: https://edge.marker.io https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://plugins.flockler.com https://www.google.com/ https://www.gstatic.com/ https://js.hcaptcha.com https://*.usercentrics.eu/ https://*.matomo.cloud/ https://snap.licdn.com/ 'unsafe-eval'; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://plugins.flockler.com https://*.marker.io https://www.google.com/ https://*.hcaptcha.com/; connect-src 'self' https://*.marker.io https://*.google-analytics.com https://*.flockler.app https://*.usercentrics.eu/ https://*.hcaptcha.com https://*.matomo.cloud/ https://*.linkedin.com/;media-src 'self' https:; worker-src blob: https:; child-src 'none'; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://dges.edu.uy/report-uri/enforce 1
frame-ancestors self http://localhost/ https://mpower.pidilite.com https://pidilite-lms.herokuapp.com http://clientdata.colorjive.com/ https://www.youtube.com/ https://s7.addthis.com/ https://www.drfixit.co.in/ http://localhost:3000 http://localhost:3002 http://dduzkvnw6iy47.cloudfront.net https://www.facebook.com https://s3.amazonaws.com/widget.colorjive/ https://evt.paytm.com https://tracking.icubeswire.co https://dialstar.trackneo.net/ https://td.doubleclick.net/ https://www.google.com/ 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; 1
img-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.sucuri.net maxcdn.bootstrapcdn.com; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://www.wbtetsd.gov.in/ data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.facebook.com; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://wbkanyashree.gov.in; font-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval';object-src 'none'; 1
frame-ancestors https://*.sc.gov.br 1
frame-ancestors 'self' finance.sponser.co.il 1
default-src 'self' *.zdassests.com *.cloudinary.com;connect-src *.amplitude.com *.crazyegg.com *.yotpo.com https://*.prod.devacurlaws.com https://*.bing.com https://*.bounceexchange.com https://*.cdnbasket.net https://*.cdnwidget.com https://*.cookielaw.org https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.likeshop.me https://*.myshopify.com https://*.onetrust.com/ https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://analytics.google.com/g/collect https://analytics.tiktok.com https://api.astutebot.com https://app.glitchtip.com https://devacurl.2m8f.net https://dfp.bouncex.net https://events.bouncex.net https://perf-api.wknd.ai https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html https://sentry.io https://server.clearforme.com likeshop.me localhost:* wss://widget-mediator.zopim.com www.google-analytics.com;font-src 'self' *.gstatic.com *.yotpo.com data: fonts.gstatic.com https://assets.bounceexchange.com likeshop.me;frame-src *.afterpay.com *.crazyegg.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.hotjar.com *.meevo.com *.phorest.me *.youtube.com https://admin.rechargeapps.com/ https://assets.bounceexchange.com https://bot.emplifi.io/ https://calendly.com https://ct.pinterest.com https://dash.bounceexchange.com optimize.google.com phorest.com phorest.me;frame-ancestors https://*.dev.devacurlaws.com https://*.staging.devacurlaws.com https://*.prod.devacurlaws.com https://*.devacurl.com http://*.gitlab.io https://*.sephora.de http://localhost:*;img-src * blob: data: https://assets.bounceexchange.com https://events.bouncex.net optimize.google.com www.google-analytics.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.cookielaw.org *.crazyegg.com *.dashhudson.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.net *.google.com *.google.com *.hotjar.com *.yotpo.com *.zdassets.com blob: https://*.afterpay.com https://*.bounceexchange.com https://*.calendly.com https://*.impactradius-event.com https://*.onetrust.com https://*.pinimg.com https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/events.js https://bot.emplifi.io/ https://dash-staging.bounceexchange.com https://s.pinimg.com https://static.zdassets.com https://tag.bounceexchange.com https://tag.wknd.ai https://widget-mediator.zopim.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com;worker-src blob:;style-src 'self' 'unsafe-inline' *.crazyegg.com https://*.google.com https://*.googleapis.com https://*.mapbox.com https://*.yotpo.com https://assets.bounceexchange.com https://bot.emplifi.io/;report-uri https://app.glitchtip.com/api/441/security/?glitchtip_key=3dde4127c3534fe993e9bc77c36be5e5&sentry_environment=prod;media-src 'self' *.cloudinary.com *.crazyegg.com *.zdassets.com dashhudson-static.s3.amazonaws.com https://*.dashhudson.com 1
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.botframework.com *.destinationrx.com *.integritymarketinggroup.com *.integrityleadcenter.com *.medicarecenter.com *.cdn.mxpnl.com *.sentry.io *.google-analytics.com *.googletagmanager.com *.licdn.com *.facebook.net *.facebook.com *.linkedin.com *.adsymptotic.com *.amplitude.com *.azure-api.net *.azurewebsites.net https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://integrity-bot-service-dev.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com player.vimeo.com agentmanagement-dev.azure-api.net ae-agenthub-signalr-dev.service.signalr.net wss://ae-agenthub-signalr-dev.service.signalr.net wss://directline.botframework.com stats.g.doubleclick.net https://cphs.blob.core.windows.net/ask-integrity/arrow.png agentmanagement-qa.azure-api.net ae-agenthub-signalr-qa.service.signalr.net wss://ae-agenthub-signalr-qa.service.signalr.net agentmanagement-stag.azure-api.net ae-agenthub-signalr-stag.service.signalr.net wss://ae-agenthub-signalr-stag.service.signalr.net agentmanagement-uat.azure-api.net ae-agenthub-signalr-uat.service.signalr.net wss://ae-agenthub-signalr-uat.service.signalr.net agentmanagement-prod.azure-api.net ae-agenthub-signalr-prod.service.signalr.net wss://ae-agenthub-signalr-prod.service.signalr.net https://auth-dev.integritymarketinggroup.com/* *.mapbox.com data: https://cdn.mxpnl.com/libs/mixpanel-js-wrapper.js https://askintegrityasset.blob.core.windows.net/images/mc-arrow-button.png https://askintegrityasset.blob.core.windows.net/images/mc-arrow-list.png https://cdn.iconfinder.com/data/family/previews/preview/font-awesome-regular.png;object-src 'none'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src fonts.gstatic.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.brightcove.net *.zencdn.net *.walkme.com www.google-analytics.com *.omtrdc.net cdn.optimizely.com www.googletagmanager.com ssl.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.siteintercept.qualtrics.com www.google.com manifest.prod.boltdns.net *.brightcovecdn.com www.facebook.com *.hsbc.com.ph *.brightcove.com *.googleapis.com *.googletagmanager.com *.dbankcloud.com www.google-analytics.com *.doubleclick.net *.walkme.com *.jquery.com adtonus.com *.omtrdc.net *.demdex.net *.google.com.ph http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk adservice.google.com ad.doubleclick.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com sts-aad.auth.hsbc.com *.demdex.net *.facebook.net *.zscloud.net gateway.zscaler.net gateway.zscalertwo.net; frame-ancestors 'self' *.hsbc.com.ph; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.jsdelivr.net at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' *.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net *.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
frame-ancestors 'self' *.doubleclick.net *.mathtag.com *.paymentexpress.com *.facebook.com *.dataweavers.io staticcdn.co.nz *.youtube.com *.trustpower.co.nz *.windcave.com *.inside-graph.com; frame-src 'self' *.doubleclick.net *.mathtag.com *.paymentexpress.com *.facebook.com *.dataweavers.io staticcdn.co.nz *.youtube.com *.trustpower.co.nz *.windcave.com *.inside-graph.com; 1
frame-ancestors 'none';base-uri 'none';object-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'         use.fontawesome.com *.googlesyndication.com *.google-analytics.com  telfordhomes.london www.telfordhomes.london fonts.googleapis.com fonts.gstatic.com         consent.cookiebot.com consentcdn.cookiebot.com pbs.twimg.com www.googletagmanager.com         static-ssl.responsetap.com www.youtube.com youtube.com www.google-analytics.com static.hotjar.com         i.ctnsnet.com connect.facebook.net tags.crwdcntrl.net analytics.tiktok.com pixel.mathtag.com         service.giosg.com www.google.co.uk maps.gstatic.com *.hotjar.com *.hotjar.io www.gstatic.com         *.teads.tv *.typekit.net *.typekit.com *.homeviews.com *.adsrvr.org p.teads.tv www.facebook.com         telfordmaster.appealstaging.co.uk         *.youtube.com *.vimeo.com *.vimeocdn.com         maps.googleapis.com www.google.com google.com bcp.crwdcntrl.net *.doubleclick.net *.responsetap.com; 1
frame-ancestors 'self' https://reader.bookfusion.com 1
default-src 'self' *.googleapis.com *.lndgcp.com *.tealiumiq.com https://www.google-analytics.com https://analytics.google.com; script-src 'self' 'nonce-YmMzMzhiOGItMmIyYy00NWJkLTg3ZjQtYmUxOWE0OGQxOTU3' 'unsafe-inline' 'unsafe-eval' www.achieve.com embed.hifiona.com *.youtube.com *.disquscdn.com *.disqus.com *.bills.com  *.tealiumiq.com  https://tags.bills.com  https://www.googletagmanager.com *.tiqcdn.com frefi.sv.rkdms.com connect.facebook.net embed.evenfinancial.com embed.hifiona.com; frame-src 'self' disqus.com *.youtube.com *.google.com embed.hifiona.com www.hsh.com embed.evenfinancial.com embed.calculoid.com; connect-src 'self' api.hsh.com https://noembed.com *.disqus.com www.google-analytics.com *.tealiumiq.com analytics.google.com www.nextinsure.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://c.disquscdn.com; font-src 'self' https://fonts.gstatic.com; media-src 'self' *.youtube.com; object-src 'self' blob: data:; worker-src 'self' blob:; frame-ancestors 'self'; img-src * data:; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.youtube.com *.investisdigital.com google-analytics.com cookiemanager.investisdigital.com *.google-analytics.com *.doubleclick.net m.clarity.ms n.clarity.ms *.clarity.ms  analytics.google.com assets.investisdigital.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com fast.fonts.net cdn.rawgit.com *.investisdigital.com www.recaptcha.net otp.tools.investis.com cookiemanager.investisdigital.com m.clarity.ms www.clarity.ms assets.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net api2.fonts.com assets.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com fast.fonts.net api2.fonts.com cdnjs.cloudflare.com 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com *.haaglandenmc.nl *.readspeaker.com indiveo.services 1
frame-ancestors 'self' *.goodman.com 1
default-src 'self' https://cdn.queensboro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://z.moatads.com https://m.addthis.com https://qb-static-public.s3.amazonaws.com https://assets.calendly.com/ https://*.hotjar.com https://*.redditstatic.com https://calendly.com/ https://beacon-v2.helpscout.net https://*.bing.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net snap.licdn.com  https://static.ads-twitter.com https://widget.trustpilot.com https://www.googleadservices.com https://*.g.doubleclick.net https://analytics.twitter.com https://s7.addthis.com https://v1.addthisedge.com https://v1.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://tags.srv.stackadapt.com/events.js https://cdn.queensboro.com *.qbstores.com; style-src 'self' 'unsafe-inline' https://qb-static-public.s3.amazonaws.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://snap.licdn.com https://connect.facebook.net https://*.googletagmanager.com https://px.ads.linkedin.com https://p.adsymptotic.com https://tags.srv.stackadapt.com https://widget.trustpilot.com https://www.googleadservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.queensboro.com *.qbstores.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.slack-edge.com https://*.hotjar.com https://img.youtube.com https://placehold.it https://px.ads.linkedin.com https://p.adsymptotic.com https://srv.stackadapt.com *.cloudfront.net *.queensboro.com *.qbstores.com https://*.bing.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://qb-general-images.s3.amazonaws.com https://qb-static-public.s3.amazonaws.com https://qb-static-public.s3.us-east-2.amazonaws.com https://qb-web-images.s3.amazonaws.com https://cdn.queensboro.com https://qb-style.s3.amazonaws.com https://t.co https://*.google.com https://www.facebook.com https://alb.reddit.com https://csi.gstatic.com https://*.g.doubleclick.net blob: data:; media-src 'self' https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://qb-sitevideos.s3.amazonaws.com https://cdn.queensboro.com *.qbstores.com; frame-src 'self' *.youtube.com https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://www.google.com https://s7.addthis.com https://www.facebook.com https://accounts.google.com https://widget.trustpilot.com https://edge.addthis.com https://*.doubleclick.net https://bid.g.doubleclick.net; connect-src 'self' https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://m.addthis.com https://dev-io.queensboro.com https://io.queensboro.com https://px.ads.linkedin.com https://p.adsymptotic.com https://*.clarity.ms https://tags.srv.stackadapt.com *.queensboro2.com https://*.bing.com https://assets.calendly.com/ https://calendly.com/ https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com https://widget.trustpilot.com *.qbstores.com https://qx.queensboro.com https://v1.addthisedge.com https://v1.addthis.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://qb-general-images.s3.amazonaws.com fonts.gstatic.com https://*.hotjar.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://cdn.queensboro.com https://themes.googleusercontent.com *.qbstores.com data:; base-uri https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://docs.helpscout.net; object-src https://beacon-v2.helpscout.net; child-src https://www.youtube.com https://player.vimeo.com; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d1c1fyrod5p5bz.cloudfront.net https://www.google-analytics.com https://heatmaps.monsido.com https://www.googletagmanager.com https://app-script.monsido.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d2o7emhzwey5ns.cloudfront.net; object-src 'self' 1
frame-ancestors 'self' https://photo.riteaid.com/ https://chat.riteaid.com/ 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-29c60d65f04c4559893f37833ce3b80a' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'none'; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://s3.amazonaws.com/tfo-qa-schoolimages/ https://s3.amazonaws.com/tfo-schoolimages/ https://lh3.googleusercontent.com/ https://platform-lookaside.fbsbx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ p.typekit.net https://www.googletagmanager.com/ https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/; form-action 'self'; media-src 'self' https://beacon-v2.helpscout.net; font-src 'self' use.typekit.net data: https://fonts.gstatic.com https://beacon-v2.helpscout.net; connect-src 'self' https://www.google-analytics.com/ https://maps.googleapis.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com; frame-src 'self' fast.wistia.net www.google.com https://collegesource.typeform.com https://beacon-v2.helpscout.net form.typeform.com; manifest-src 'self'; base-uri null; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.typeform.com/ https://fast.wistia.net https://appleid.cdn-apple.com/ https://connect.facebook.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://maps.googleapis.com browser-update.org www.google.com www.googletagmanager.com www.gstatic.com use.typekit.net polyfill.io https://beacon-v2.helpscout.net; style-src 'self' 'unsafe-inline' https://embed.typeform.com/ https://fonts.googleapis.com https://beacon-v2.helpscout.net 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; worker-src blob: ; child-src * blob: ; img-src * data: blob: ; connect-src * https://*.netlify.app https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com;, upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.jquery.com/ https://stats.wp.com/ https://js.zi-scripts.com/; img-src 'self' data: blob: https://pixel.wp.com/; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1
default-src 'self' ws: wss: data:;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://adservices.brandcdn.com https://az416426.vo.msecnd.net https://collector-21407.us.tvsquared.com https://connect.facebook.net https://maps.googleapis.com https://portalone.processonepayments.com https://s.yimg.com/ https://snap.licdn.com/ https://tag.brandcdn.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://moigmotoristsin672tsprod.dxcloud.episerver.net https://ok1static.oktacdn.com https://global.oktacdn.com https://portalone.processonepayments.com;       style-src 'self' https://p.typekit.net https://use.typekit.net https://global.oktacdn.com https://fonts.googleapis.com https://moigmotoristsin672tsprod.dxcloud.episerver.net https://ok1static.oktacdn.com 'unsafe-inline';       object-src 'self';       base-uri 'self';       connect-src 'self' ws: wss: https://dc.services.visualstudio.com https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.linkedin.oribi.io https://secure.motoristsgroup.com https://encova-cs.okta.com;       font-src 'self' https://fonts.gstatic.com https://moigmotoristsin672tsprod.dxcloud.episerver.net https://ok1static.oktacdn.com https://global.oktacdn.com https://use.typekit.net;       frame-src 'self' https://adservices.brandcdn.com https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://pixel.sitescout.com https://portalone.processonepayments.com https://td.doubleclick.net https://login.okta.com https://portalone.processonepayments.com;       img-src 'self' data: https://clickserv.sitescout.com https://collector-21407.us.tvsquared.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com https://pixel.sitescout.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com https://moigmotoristsin672tsprod.dxcloud.episerver.net https://ok1static.oktacdn.com https://global.oktacdn.com https://www.google.com https://dpm.demdex.net https://usermatch.krxd.net https://beacon.krxd.net https://googletagmanager.com;       manifest-src 'self';       media-src 'self';       worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn-apac.onetrust.com www.googletagmanager.com www.google-analytics.com typesquare.com cdn.treasuredata.com *.treasuredata.com platform.twitter.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.google.com cdn-apac.onetrust.com *.typesquare.com stats.g.doubleclick.net www.google-analytics.com geolocation.onetrust.com; font-src 'self' fonts.gstatic.com *.typesquare.com; frame-src 'self' www.youtube.com platform.twitter.com; img-src 'self' data: cdn-apac.onetrust.com cocotame.jp www.google.co.jp www.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; img-src * data:; font-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api.github.com 1
script-src 'strict-dynamic' 'self' 'nonce-K+O9/Jd8B9BAjSiqh/1CZw==' 'unsafe-eval' https://media-cdn.pickfu.com/ https://*.pickfu.com https://*.intercom.io https://js.intercomcdn.com https://*.fullstory.com https://app.posthog.com https://kit.fontawesome.com https://*.stripe.com https://cdnjs.cloudflare.com https://*.cloudinary.com https://polyfill.io https://fast.wistia.com https://cdn.firstpromoter.com https://www.recaptcha.net https://js.hsforms.net unpkg.com/cloudinary-video-player@1.2.1/dist/cld-video-player.min.js unpkg.com/cloudinary-core@2.6.3/cloudinary-core-shrinkwrap.min.js code.jquery.com cdn.castle.io cdn.rudderlabs.com js-agent.newrelic.com platform.twitter.com connect.facebook.net 'unsafe-inline';object-src 'none';base-uri 'self';worker-src blob:;upgrade-insecure-requests; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://connect.facebook.net https://googleads.g.doubleclick.net; 1
default-src 'self' static.searchinform.ru searchinform.ru;
            font-src    'self' static.searchinform.ru fonts.gstatic.com maxcdn.bootstrapcdn.com;
            img-src     'self' https://* http://* data: blob:;
            style-src   'self' 'unsafe-inline' https://* http://*;
            script-src  'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com facecast.net googleads.g.doubleclick.net  maxcdn.bootstrapcdn.com static.searchinform.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com mc.yandex.ru connect.facebook.net snap.licdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.jivosite.com *.jivo.ru *.yandex.ru yandex.ru yandex.com searchinform.ru yastatic.net *.webvisor.com *.webvisor.org ;
            child-src   'self' facecast.net www.google.com www.gstatic.com anketa.searchinform.ru bid.g.doubleclick.net www.youtube-nocookie.com www.youtube.com *.doubleclick.net *.yandex.ru yandex.ru;
            connect-src 'self' wss: *.jivo.ru *.jivosite.com mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net static.searchinform.ru *.googlesyndication.com *.yandex.md *.google.com;
            media-src   'self' *.jivosite.com *.jivo.ru;
         1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kameleoon.com https://bat.bing.com *.crewmeister.com *.crewmeister-stage.com edge.cookiefirst.com app.cookiefirst.com consent.cookiefirst.com www.googleadservices.com www.googletagmanager.com www.google.com www.google.de region1.analytics.google.com www.google-analytics.com www.facebook.com connect.facebook.net salesiq.zoho.eu js.zohocdn.com js.zohostatic.eu static.zohocdn.com js.sentry-cdn.com browser.sentry-cdn.com o47143.ingest.sentry.io sentry.io cdnjs.cloudflare.com r41sa7un6f.kameleoon.eu cdn-eu.pagesense.io cdn.jsdelivr.net www.provenexpert.com; img-src 'self' *.kameleoon.com *.zoho.eu https://bat.bing.com salesiq.zohopublic.eu r41sa7un6f.kameleoon.eu *.zohopublic.eu googleads.g.doubleclick.net www.google.com www.google.de www.googletagmanager.com d33wubrfki0l68.cloudfront.net www.google-analytics.com www.facebook.com css.zohocdn.com www.provenexpert.com data: http://www.w3.org; style-src 'self' 'unsafe-inline' www.provenexpert.com consent.cookiefirst.com cdn.jsdelivr.net css.zohocdn.com css.zohostatic.eu; font-src 'self' css.zohocdn.com css.zohostatic.eu fonts.gstatic.com www.provenexpert.com data: www.provenexpert.com; frame-src 'self' *.youtube-nocookie.com/ https://crewmeister.github.io/ *.zohopublic.eu www.facebook.com www.youtube.com www.provenexpert.com; media-src https://crewmeister-stage.com/ https://crewmeister.com/ static.zohocdn.com d33wubrfki0l68.cloudfront.net; connect-src 'self' https://google.com *.kameleoon.com api.cookiefirst.com api.crewmeister-stage.com api.crewmeister.com sentry.io wss://vts.zohopublic.eu salesiq.zohopublic.eu vts.zohopublic.eu pagesense-collect.zoho.eu stats.g.doubleclick.net o47143.ingest.sentry.io edge.cookiefirst.com data.kameleoon.io salesiq.zoho.eu region1.analytics.google.com www.google-analytics.com consent.cookiefirst.com 1
frame-ancestors 'self' 'https://www.corianquartz.com' 'http://corian-uk.telkeadev.lu' 'http://corian-us.telkeadev.lu' 'https://www.corian.com' 'https://www.corian.uk' 'https://www.corian.it' 'https://www.corian.fr' 'https://www.corian.de' 'https://www.corian.es' 'https://dps-coriantools.azurewebsites.net' 'https://www.colors.corian.com' 'https://market.bimsmith.com' 'https://www.youtube.com' 'https://youtu.be' 'https://fr.zone-secure.net' 'https://content.zone-secure.net' 'http://en-gb-corian.azureedge.net' 'https//code.metalocator.com' 'http://dpscrm.force.com' 'http://player.youku.com' 'https://yuntu.amap.com' 'http://yingkebao.top'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	            https://www.google.com 	            https://ajax.googleapis.com 	            https://www.google-analytics.com 	            https://www.googletagmanager.com 	            https://use.fontawesome.com/ 	            https://cdnjs.cloudflare.com/ 	            https://maxcdn.bootstrapcdn.com 		    https://www.googleadservices.com/ 		    https://unpkg.com 		    https://code.jquery.com 		    https://developers.kakao.com 		    *.kakaocdn.net 		    https://cdn.jsdelivr.net 		    https://www.facebook.com 		    https://connect.facebook.net 		    https://svc6cdn.hectoinnovation.co.kr                     https://t1.daumcdn.net 		    https://ssp.igaw.io 		    https://analytics.tiktok.com 		    https://static.ads-twitter.com 		    https://trc.taboola.com 		    https://cdn.taboola.com 		    https://dnh523js9661q.cloudfront.net 	            https://googleads.g.doubleclick.net/ ; 	    frame-ancestors 'self' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles lemproducts.commercev3.com *.listrakbi.com *.listrak.com *.google-analytics.com  ui.powerreviews.com *.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google.com *.clarity.ms www.facebook.com *.klaviyo.com  *events.attentivemobile.com *.attn.tv *.rejoiner.com *.turnto.com *.google.com heapanalytics.com *.criteo.com *.mountain.com  .*attn.* *.storepoint.co; default-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' lemproducts.commercev3.com cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com optimize.google.com *.criteo.com photos.pixlee.co static.addtoany.com *.attn.tv* www.youtube.com *.criteo.net lemproducts.outgrow.us batchgeo.com ct.pinterest.com www.powr.io *creatives.attn.tv *.attn.tv .*attn.* marketer.monetate.net; frame-ancestors 'self' ; img-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com ssl.google-analytics.com *.google.com ct.pinterest.com/v3/ *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com hexagon-analytics.com heapanalytics.com wac.edgecastcdn.net *.youtube.com s3.amazonaws.com/cdn.lemproducts.com/ *.lemproducts.com  *.criteo.net i.yimg.com *.monetate.net cdn.commercev3.net/cdn.lemproducts.com *.criteo.com *.yahoo.com *.sharethrough.com *.outbrain.com *.casalemedia.com *.mediawallahscript.com *.smaato.net tg.socdm.com *.omnitagjs.com i.liadm.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com idsync.rlcdn.com x.bidswitch.net ib.adnxs.com ad.360yield.com contextual.media.net exchange.mediavine.com simage2.pubmatic.com pixel.rubiconproject.com criteo-sync.teads.tv trends.revcontent.com tags.bluekai.com aa.agkn.com dpm.demdex.net tapestry.tapad.com *.smartadserver.com *.taboola.com jadserve.postrelease.com ws.rqtrk.eu optimize.google.com *events.attentivemobile.com *.attn.tv .*attn.* *.storepoint.co; script-src 'self' 'report-sample' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *cdn.attn.tv *.attn.tv cdn.sift.com f.monetate.net www.res-x.com cdn.rejoiner.com *.monetate.net cdn.roirevolution.com cdn.heapanalytics.com *.turnto.com static.addtoany.com www.youtube.com *.criteo.com *.criteo.net se.monetate.net *.certona.net  powr.io www.powr.io cdnjs.cloudflare.com data: *.mountain.com  .*attn.* *.storepoint.co; script-src-elem 'self' 'report-sample' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *cdn.attn.tv *.attn.tv cdn.sift.com f.monetate.net www.res-x.com cdn.rejoiner.com *.monetate.net cdn.roirevolution.com cdn.heapanalytics.com *.turnto.com static.addtoany.com www.youtube.com *.criteo.com *.criteo.net se.monetate.net *.certona.net  powr.io www.powr.io cdnjs.cloudflare.com data: *.mountain.com  .*attn.* *.storepoint.co; style-src 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com optimize.google.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net widgets.turnto.com marketer.monetate.net *.storepoint.co api.mapbox.com; style-src-elem 'self' cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com optimize.google.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net widgets.turnto.com marketer.monetate.net *.storepoint.co api.mapbox.com; style-src-attr  'unsafe-inline'; media-src 'self' lemproducts.commercev3.com cdn.commercev3.net/cdn.lemproducts.com/ cdn.lemproducts.com www.bing.com; 1
default-src 'self' statistiken.digitale-sammlungen.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' statistiken.digitale-sammlungen.de; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: maps.gstatic.com maps.googleapis.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pol.social; img-src 'self' https: data: blob: https://pol.social; style-src 'self' https://pol.social 'nonce-kjP6vJPe+JaAst0bN2fgPA=='; media-src 'self' https: data: https://pol.social; frame-src 'self' https:; manifest-src 'self' https://pol.social; form-action 'self'; child-src 'self' blob: https://pol.social; worker-src 'self' blob: https://pol.social; connect-src 'self' data: blob: https://pol.social https://pol.social wss://pol.social; script-src 'self' https://pol.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://optimumlightpathvoice.com https://*.optimumlightpathvoice.com https://*.provserv.optimumlightpathvoice.com https://lightpathhostedvoice.com https://*.lightpathhostedvoice.com https://*.calllist.lightpathhostedvoice.com https://*.dialer.lightpathhostedvoice.com https://*.quickdial.lightpathhostedvoice.com https://*.voicemail.lightpathhostedvoice.com https://lightpathhostedvoice.com https://optimumlightpathvoice.com https://golightpath.com; 1
default-src 'self';connect-src 'self' https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://analytics.google.com https://z.omappapi.com https://a.omappapi.com https://api.omappapi.com https://pi.pdfjs.express https://auth.pdfjs.express https://mwmnianj8f.execute-api.us-east-1.amazonaws.com https://viewlicense.adobe.io https://api.icims.com https://tattle.api.osano.com https://consent.api.osano.com https://www.ibex.co https://wavezero.ibex.co https://www.google-analytics.com https://scout.salesloft.com https://stats.g.doubleclick.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.ibex.co https://cmp.osano.com https://munchkin.marketo.net https://266-qtu-342.marketo.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://scout-cdn.salesloft.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com blob:; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://a.omwpapi.com https://a.omappapi.com https://documentcloud.adobe.com https://ws.zoominfo.com https://cmp.osano.com https://go.ibex.co https://munchkin.marketo.net https://266-qtu-342.marketo.net https://266-qtu-342.mktoresp.com https://266-qtu-342.mktoutil.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://cdn.ampproject.org https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://mid.collect.igodigital.com https://www.gstatic.com; img-src 'self' https://*.omappapi.com https://px4.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.linkedin.com https://secure.gravatar.com https://www.google.com.qa https://na-sj29.marketo.com https://www.google-analytics.com https://wavezero.ibex.co https://www.google.com https://www.google.com.pk https://www.facebook.com https://px.ads.linkedin.com data:; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://fonts.googleapis.com https://go.ibex.co; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://themes.googleusercontent.com data:; frame-src 'self' https://td.doubleclick.net https://documentcloud.adobe.com https://w.soundcloud.com https://www.youtube.com https://go.ibex.co https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://bid.g.doubleclick.net; object-src 'none'; media-src 'self' 1
frame-ancestors 'self' gather.town http://*.meinephbern.ch https://nik.staffbase.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.gather.town *.google-analytics.com *.doubleclick.net *.google.com *.google.ch *.landbot.io *.firebaseio.com *.facebook.com *.googleapis.com *.newsroom.co wss://s-usc1c-nss-278.firebaseio.com *.hotjar.com wss://*.hotjar.com; report-uri /report-csp-violation 1
default-src 'self' https:; font-src 'self' https: data: assets.volquartsen.com; img-src 'self' https: data: assets.volquartsen.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' assets.volquartsen.com; style-src 'self' https: 'unsafe-inline' 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' *.verzenio.com; script-src 'nonce-riA/491mEy0xZmvYA7iK3A=='  'sha256-kAVGvMFWDkuqkyA4xnLi3h5jk8dWz0XiySrLWG+6PjU='  'sha256-pLZrvt1ArP58URSSSLjuhgeHw9AEuKDCJrL6Ur+kGjc='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.verzenio.com http://www.google-analytics.com https://d.turn.com *.id.amgdgt.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ di.rlcdn.com https://10057592.fls.doubleclick.net/ *.verzenio.com; frame-ancestors 'self' https://oncologynationsandbox.skipta.com/ https://oncologynation.com/ https://oncologynationsandbox.skipta.com/ https://oncologynation.com/ https://clinicaloncologyforumsandbox.skipta.com/ https://oncologynationsandbox.skipta.com/ https://clinicaloncologyforum.com/ 1
default-src 'self' designacademy.nl *.designacademy.nl 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://www.google.com/recaptcha/ https://www.gstatic.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://www.google-analytics.com https://c.clarity.ms/ https://c.bing.com/ https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com data:;font-src 'self' https://appsforoffice.microsoft.com https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://r.clarity.ms/ https://maps.googleapis.com;frame-src 'self' https://www.google.com/recaptcha/;object-src 'none';media-src 'self';child-src 'self';form-action 'self'; 1
default-src 'self' *.participantportal.com *.viabenefitsaccounts.com https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; form-action 'self' https://willistowerswatson.co1.qualtrics.com *.b2clogin.com/ *.participantportal.com *.viabenefitsaccounts.com *.payerexpress.com https://www.payerexpress.com *.payerexpress.net https://www.payerexpress.net; frame-ancestors *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; frame-src 'self' *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com willistowerswatson.co1.qualtrics.com/ *.fullstory.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/* https://use.fontawesome.com; script-src 'self' 'unsafe-eval'  https://willistowerswatson.co1.qualtrics.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; script-src-elem 'self' https://willistowerswatson.co1.qualtrics.com https://cdn.walkme.com/* https://*.siteintercept.qualtrics.com http://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; img-src 'self' data: https: ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.qualtrics.com *.fullstory.com *.acclariscorp.com *.participantportal.com *.viabenefitsaccounts.com https://www.viabenefitsaccounts.com https://viabenefitsaccounts.com https://my.viabenefits.com; object-src 'self'; child-src 'self'; base-uri 'self'; report-uri /benefits/servlets/CSPLogServlet; report-to /benefits/servlets/CSPLogServlet; 1
report-uri https://soloski.net 1
default-src https://www.sunloan.com 'self' blob: data: https://*.sunloan.com https://sunloan.com  ;  frame-src https://www.sunloan.com http://www.facebook.com/ https://googleads.g.doubleclick.net/ https://mozbar.moz.com/ https://player.vimeo.com/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/  ; child-src https://www.sunloan.com http://www.facebook.com/ https://googleads.g.doubleclick.net/ https://mozbar.moz.com/ https://player.vimeo.com/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/  ; font-src https://www.sunloan.com https://fonts.gstatic.com/ https://github.com/ https://maxcdn.bootstrapcdn.com/ https://script.hotjar.com/ https://static3.avast.com/ https://sunloandev.wpengine.com/ https://use.fontawesome.com/ https://use.typekit.net/ https://zip.co/  data: ; style-src 'unsafe-inline' https://fonts.googleapis.com/ https://www.googletagmanager.com/  https://www.sunloan.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://ajax.cloudflare.com/ https://bat.bing.com/ https://connect.facebook.net/ https://d.adroll.com/ https://maps.google.com/ https://maps.googleapis.com/ https://munchkin.marketo.net/ https://player.vimeo.com/ https://s.adroll.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.vimeo.com/  https://www.sunloan.com ; script-src-elem https://www.sunloan.com 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.clarity.ms/ https://*.google-analytics.com/ https://*.hotjar.com/ https://*.klaviyo.com/ https://ajax.cloudflare.com/ https://ajax.googleapis.com/ https://analytics.tiktok.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://connect.facebook.net/ https://d.adroll.com/ https://gc.kis.v2.scr.kaspersky-labs.com/ https://maps.google.com/ https://maps.googleapis.com/ https://munchkin.marketo.net/ https://s.adroll.com/ https://script.hotjar.com/ https://static.cloudflareinsights.com/ https://static.hotjar.com/ https://sunloandev.wpengine.com/ https://tpc.googlesyndication.com/ https://translate.google.com/ https://translate.googleapis.com/ https://vimeo.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.vimeo.com/  'unsafe-inline' ; style-src-elem https://www.sunloan.com https://ajax.googleapis.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://sunloandev.wpengine.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/  'unsafe-inline' ; img-src https://www.sunloan.com 'self' *.doubleclick.net/ https://*.bing.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://connect.facebook.net/ https://gjtrack.ucweb.com/ https://googleads.g.doubleclick.net/ https://my.sunloan.com/ https://pagead2.googlesyndication.com/ https://secure.gravatar.com/ https://sunloandev.wpengine.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.ae/ https://www.google.al/ https://www.google.am/ https://www.google.be/ https://www.google.bg/ https://www.google.bj/ https://www.google.bs/ https://www.google.by/ https://www.google.ca/ https://www.google.cg/ https://www.google.ch/ https://www.google.ci/ https://www.google.cl/ https://www.google.cm/ https://www.google.cn/ https://www.google.co.ao/ https://www.google.co.bw/ https://www.google.co.cr/ https://www.google.co.id/ https://www.google.co.il/ https://www.google.co.in/ https://www.google.co.jp/ https://www.google.co.ke/ https://www.google.co.kr/ https://www.google.co.nz/ https://www.google.co.th/ https://www.google.co.tz/ https://www.google.co.ug/ https://www.google.co.uk/ https://www.google.co.ve/ https://www.google.co.vi/ https://www.google.co.za/ https://www.google.co.zm/ https://www.google.co.zw/ https://www.google.com.ar/ https://www.google.com.au/ https://www.google.com.bd/ https://www.google.com.bh/ https://www.google.com.bo/ https://www.google.com.br/ https://www.google.com.bz/ https://www.google.com.co/ https://www.google.com.cu/ https://www.google.com.cy/ https://www.google.com.do/ https://www.google.com.ec/ https://www.google.com.eg/ https://www.google.com.et/ https://www.google.com.fj/ https://www.google.com.gh/ https://www.google.com.gt/ https://www.google.com.hk/ https://www.google.com.jm/ https://www.google.com.kh/ https://www.google.com.kw/ https://www.google.com.mm/ https://www.google.com.mt/ https://www.google.com.mx/ https://www.google.com.my/ https://www.google.com.na/ https://www.google.com.ng/ https://www.google.com.ni/ https://www.google.com.np/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.pg/ https://www.google.com.ph/ https://www.google.com.pk/ https://www.google.com.pr/ https://www.google.com.py/ https://www.google.com.qa/ https://www.google.com.sa/ https://www.google.com.sg/ https://www.google.com.sl/ https://www.google.com.sv/ https://www.google.com.tr/ https://www.google.com.tw/ https://www.google.com.ua/ https://www.google.com.uy/ https://www.google.com.vn/ https://www.google.com/ https://www.google.cz/ https://www.google.de/ https://www.google.dj/ https://www.google.dk/ https://www.google.dz/ https://www.google.ee/ https://www.google.es/ https://www.google.fr/ https://www.google.ge/ https://www.google.gr/ https://www.google.gy/ https://www.google.hn/ https://www.google.hu/ https://www.google.ie/ https://www.google.iq/ https://www.google.is/ https://www.google.it/ https://www.google.jo/ https://www.google.la/ https://www.google.lk/ https://www.google.lt/ https://www.google.lu/ https://www.google.lv/ https://www.google.md/ https://www.google.mk/ https://www.google.mn/ https://www.google.mu/ https://www.google.mw/ https://www.google.nl/ https://www.google.no/ https://www.google.pl/ https://www.google.pt/ https://www.google.ro/ https://www.google.rs/ https://www.google.ru/ https://www.google.rw/ https://www.google.sc/ https://www.google.se/ https://www.google.si/ https://www.google.sk/ https://www.google.sn/ https://www.google.sr/ https://www.google.tg/ https://www.google.tn/ https://www.google.tt/ https://www.google.vg/ https://www.googletagmanager.com/ https://www.sunloan.com/  data: ; connect-src https://www.sunloan.com https://*.bing.com/ https://*.hotjar.com/ https://*.mktoresp.com/ https://*.mktoutil.com/ https://adservice.google.com/ https://analytics.google.com/ https://bat.bing.com/ https://d.adroll.com/ https://in.hotjar.com/ https://info.sunloan.com/ https://maps.googleapis.com/ https://readaloud.googleapis.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ https://tags.sunloan.com/ https://vc.hotjar.io/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googletagmanager.com/ wss://*.hotjar.com/  ; object-src 'unsafe-inline' ; worker-src 'none' ; base-uri 'self' ; frame-ancestors 'self' ; form-action 'self' https://www.facebook.com/  ; report-uri https://www.sunloan.com/wp-json/amsivecsp/v1/policy-report 1
frame-ancestors 'self' *.myshopify.com *.pasilobus.com *.shopify.com 1
frame-ancestors 'self' https://pbr.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.google-analytics.com cdnjs.cloudflare.com stats.g.doubleclick.net www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.lmsal.com https://*.lmsal.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.purpleair.com; worker-src 'self' https://*.lmsal.com blob: ;style-src 'self' 'unsafe-inline' http://*.lmsal.com https://*.lmsal.com https://fonts.googleapis.com; img-src 'self' blob: data: http://*.lmsal.com https://*.lmsal.com http://sdc.uio.no https://sdc.uio.no http://solarb.mssl.ucl.ac.uk https://solarb.mssl.ucl.ac.uk https://epic.gsfc.nasa.gov; frame-src 'self' http://*.lmsal.com https://*.lmsal.com https://*.google.com  http://www.youtube.com https://www.youtube.com; connect-src https://*.lmsal.com  http://*.lmsal.com wss://www.lmsal.com http://localhost:8000 https://localhost:8443 https://api.cdnjs.com https://epic.gsfc.nasa.gov; media-src http://*.lmsal.com https://*.lmsal.com; frame-ancestors http://*.lmsal.com https://*.lmsal.com http://127.0.0.1:8888 https://*.cloudfront.net; font-src https://*.lmsal.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 1
default-src 'none'; script-src 'self'; connect-src 'self' https://*.us-east-1.amazonaws.com/ https://*.execute-api.us-east-1.amazonaws.com/test/rpas https://*.execute-api.us-east-1.amazonaws.com/test/provisionedrpas; img-src 'self' data:; style-src 'self' fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; base-uri 'self';form-action 'self'; font-src fonts.gstatic.com; manifest-src 'self'; 1
default-src 'none'; base-uri www.hahn-airport.de; block-all-mixed-content; connect-src www.hahn-airport.de matomo.hahn-airport.de; font-src www.hahn-airport.de; form-action www.hahn-airport.de parken.hahn-airport.de; frame-ancestors www.hahn-airport.de; frame-src www.hahn-airport.de; img-src www.hahn-airport.de data: *.openstreetmap.de; script-src www.hahn-airport.de matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https: 'self'; upgrade-insecure-requests; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com login.microsoftonline.com *.adform.net *.bing.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com adservice.google.dk *.googlesyndication.com *.pinterest.com s.pinimg.com api.pinpiaa.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' https://transurbanstaging.livepro.com.au https://transurban.livepro.com.au https://infotu.livepro.com.au; 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors zubersoft.com www.zubersoft.com; base-uri 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' zubersoft.com www.zubersoft.com zubersoft.com www.google.com www.gstatic.com www.youtube.com www.youtu.be www.dropbox.com drive.google.com www.paypal.com www.youtube-nocookie.com js.hcaptcha.com imgur.com i.imgur.com; frame-src zubersoft.com www.zubersoft.com www.google.com www.youtube.com www.youtu.be www.dropbox.com drive.google.com www.paypal.com www.youtube-nocookie.com js.hcaptcha.com newassets.hcaptcha.com imgur.com i.imgur.com 1
style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com; img-src 'self' data: *.google-analytics.com https://evocms.s3.amazonaws.com *.doubleclick.net *.adfenix.com *.sfnix.com *.sfnix.net *.googleapis.com *.google.com *.google.co.uk *.google.ie *.gstatic.com *.ggpht.com *.googletagmanager.com *.facebook.com *.ytimg.com  *.vimeocdn.com *.icims.com  *.postcodeanywhere.co.uk *.your-move.co.uk *.reedsrains.co.uk https://script.hotjar.com/ *.convertize.io https://www.reedsrains.co.uk/uploads; frame-src 'self' *.doubleclick.net *.adfenix.com *.hotjar.com *.facebook.com *.google.com *.audioagent.com https://watchvid.io premium.giraffe360.com tour.giraffe360.com *.youtube.com  https://youtu.be  *.vimeo.com  *.icims.com  *.matterport.com  *.vieweet.com *.livechatinc.com *.investis.com; script-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.adfenix.com *.hotjar.com *.googletagmanager.com https://core-aws.evocdn.co.uk *.youtube.com  https://akya.io *.convertize.io https://cs.commversion.com *.livechatinc.com https://cht-srvc.net 'nonce-640381'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://evocms.s3.amazonaws.com/ https://script.hotjar.com/ https://cdn.livechatinc.com/widget/; connect-src 'self' *.facebook.com *.adfenix.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.doubleclick.net *.convertize.io; 1
default-src 'self' data: 'unsafe-inline' https://assets-global.website-files.com https://uploads-ssl.webflow.com https://d3e54v103j8qbb.cloudfront.net https://*.list-manage.com https://*.vimeocdn.com https://*.vimeo.com https://*.stripe.com; report-uri https://glass.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' 'fsbank.sharepoint.com'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://xoxo.zone; img-src 'self' https: data: blob: https://xoxo.zone; style-src 'self' https://xoxo.zone 'nonce-QhYpsR8FSLmJerYqQJ8b8Q=='; media-src 'self' https: data: https://xoxo.zone; frame-src 'self' https:; manifest-src 'self' https://xoxo.zone; form-action 'self'; child-src 'self' blob: https://xoxo.zone; worker-src 'self' blob: https://xoxo.zone; connect-src 'self' data: blob: https://xoxo.zone https://xoxo-media.sfo2.cdn.digitaloceanspaces.com wss://xoxo.zone; script-src 'self' https://xoxo.zone 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: library.elementor.com connect.trezor.io s.tradingview.com *.facebook.net s3.tradingview.com/external-embedding/embed-widget-tickers.js www.youtube.com i.ytimg.com analytics.google.com fonts.gstatic.com static-tracking.klaviyo.com web1.acsbapp.com www.google-analytics.com dev.scottsdalemint.com www.angelleye.com static.klaviyo.com kit.fontawesome.com www.clickcease.com bam.nr-data.net ka-p.fontawesome.com acsbapp.com cdn.usefathom.com *.tradingview.com s3.tradingview.com a.klaviyo.com metrics.hotjar.io ssl.google-analytics.com cdnjs.cloudflare.com cdn.honey.io *.paypal.com cdn-yotpo-images-production.yotpo.com t.paypal.com translate.google.com *.doubleclick.net www.google.com js-agent.newrelic.com dealers.scottsdalemint.com fast.a.klaviyo.com www.pagespeed-mod.com *.googleusercontent.com *.sentry.io *.googlesyndication.com static-forms.klaviyo.com *.wpengine.com monitor.clickcease.com *.vimeo.com www.paypalobjects.com yoast.com ssl.kaptcha.com ignitewoo.com process.acsbapp.com s3.tradingview.com/tv.js m1.openfpcdn.io wpengine.com adservice.google.com *.googleadservices.com api.yotpo.com *.youtube-nocookie.com api-cdn.yotpo.com eydbvk6xrl-dsn.algolia.net scottsdalemint.com ws.hotjar.com *.hotjar.com cdn.acsbapp.com wss://ws.hotjar.com wss://www.scottsdalemint.com cdn.jsdelivr.net *.googleapis.com *.googlevideo.com api-js.datadome.co content.hotjar.io w2.yotpo.com *.cloudfront.net staticw2.yotpo.com tradingview.com cdn--prod-acsb-system.acsbapp.com cdn.plaid.com production.plaid.com *.facebook.com code.tidio.co s.w.org *.algolianet.com www.tradingview-widget.com undefined-dsn.algolia.net p.yotpo.com *.gstatic.com www.paypal.com secure.gravatar.com wp-rocket.me insights.algolia.io telemetrics.klaviyo.com www.scottsdalemint.com vc.hotjar.io www.googletagmanager.com; frame-ancestors 'self' jewelry.quickbase.com www.scottsdalemint.com ;  1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-2888d5416f0e46fb8e4d34244ef2a657' 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.optimizely.com/ https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://region1.google-analytics.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com; img-src 'self' data: https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://media.licdn.com/ https://thespinoff.co.nz/ https://apps.jobadder.com/widgets/V1/loading.gif https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://engage.grantthornton.global https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.megabonus.com/ https://fonts.gstatic.com; frame-src 'self' https://app.powerbi.com/ https://apply.jobadder.com/ https://engage.grantthornton.global https://a10084069166.cdn.optimizely.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://flo.uri.sh/; connect-src 'self' https://maps.googleapis.com/ https://*.analytics.google.com/ https://www.clarity.ms https://642-sde-924.mktoresp.com https://logx.optimizely.com/v1/events https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://www.clarity.ms/ https://analytics.google.com/ https://*.googletagmanager.com; 1
default-src eselff; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7o0v5v9iqu98b&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://emailoctopus.com https://js.braintreegateway.com https://platform.twitter.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://emailoctopus.com; img-src https: blob: data:; font-src 'self' data: https://fonts.gstatic.com *.google-analytics.com *.analytics.google.com; connect-src 'self' https://www.googleapis.com/youtube/ https://www.google-analytics.com https://stats.g.doubleclick.net https://yoast.com https://wpmudev.com https://in.hotjar.com https://vc.hotjar.io https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.youtube.com https://web.facebook.com https://www.facebook.com https://vars.hotjar.com/ https://platform.twitter.com/ https://syndication.twitter.com/; manifest-src 'self' data: 1
frame-ancestors 'self' https://manage.contractingbusiness.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.charlesclinkard.co.uk; base-uri 'self' 1
frame-ancestors 'self' https://feeed.360kora-live.com; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com *.fontawesome.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' *.jquery.com *.fontawesome.com fonts.googleapis.com *.google.com;img-src 'self' localhost:* localtest:* *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.ytimg.com *.doubleclick.com *.doubleclick.net *.google.com *.googletagmanager.com;media-src *.spindustry.com *.vimeo.com *.akamaized.net;frame-src *.spindustry.com *.youtube.com youtu.be *.google.com *.appone.com/;font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.spindustry.com *.appone.com *.google-analytics.com *.fontawesome.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com;frame-ancestors *.spindustry.com;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://campaign.interamerican.gr/ https://askme.interamerican.gr/; 1
default-src 'self'; block-all-mixed-content; form-action 'self'; style-src 'self'; connect-src 'self' https://*.twistedwave.com https://twistedwave.com https://checkout.stripe.com https://api.stripe.com; script-src 'self' https://*.twistedwave.com/ https://checkout.stripe.com https://js.stripe.com; worker-src 'self'; img-src data: 'self' https://*.stripe.com; font-src data: 'self'; media-src 'self' https://s3.amazonaws.com; object-src 'self'; frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com; report-uri https://twistedwave.com/report_uri 1
default-src 'none' ; prefetch-src 'self' *.favro.com favro.com  ; img-src 'self' data: *.favro.com favro.com https: ; font-src 'self' data: *.favro.com favro.com https://fonts.intercomcdn.com https://assets-global.website-files.com/ https://assets.website-files.com/ https://fonts.gstatic.com/ ; media-src 'self' *.favro.com favro.com js.intercomcdn.com ; script-src 'self' *.favro.com favro.com *.hotjar.com https://www.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/ https://www.googleadservices.com/pagead/conversion/ https://connect.facebook.net/ https://tracking.g2crowd.com/attribution_tracking/conversions/ https://widget.intercom.io https://js.intercomcdn.com https://snippet.growsumo.com/growsumo.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ https://sc.lfeeder.com/ https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://assets-global.website-files.com/5eb8d3f3c300199312debf24/js/ https://assets.website-files.com/5eb8d3f3c300199312debf24/js/ https://ajax.googleapis.com/ajax/libs/webfont/ 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-PUK4uAowAIILmmLF0yVB4qyKfF9UeStgCS45Nw28mmQ='; style-src 'self' *.favro.com favro.com 'unsafe-inline' https://assets-global.website-files.com https://assets.website-files.com https://fonts.googleapis.com ; frame-src 'self' *.favro.com favro.com *.hotjar.com *.youtube.com https://intercom-sheets.com https://favrotemplates.com ; connect-src 'self' *.favro.com favro.com wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.intercom.io *.intercom.io https://uploads.intercomcdn.com https://grsm.io https://secure.adnxs.com/getuidj https://cdn.linkedin.oribi.io/ https://assets-global.website-files.com/5eb8d3f3c300199312debf24/ https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ ; child-src 'self' *.favro.com favro.com  ; form-action 'self' *.favro.com favro.com intercom.help ; manifest-src 'self' *.favro.com favro.com  ; object-src 'none'  ; report-uri https://favro.com/csp-reports ; 1
base-uri 'self' https://optimize.google.com http://optimize.google.com optimize.google.com; default-src 'self'; child-src 'self' https://www.facebook.com http://www.facebook.com www.facebook.com https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://mczbf.com http://mczbf.com mczbf.com https://kdukvh.com http://kdukvh.com kdukvh.com https://emjcd.com http://emjcd.com emjcd.com https://cj.dotomi.com http://cj.dotomi.com cj.dotomi.com https://members.cj.com http://members.cj.com members.cj.com; connect-src 'self' https://eshop.martinus.sk http://eshop.martinus.sk eshop.martinus.sk https://cake4.martinus.sk http://cake4.martinus.sk cake4.martinus.sk https://rs3.martinus.sk http://rs3.martinus.sk rs3.martinus.sk https://rs4.martinus.sk http://rs4.martinus.sk rs4.martinus.sk https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.luigisbox.com http://*.luigisbox.com *.luigisbox.com https://api.infinario.com http://api.infinario.com api.infinario.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://bam-cell.nr-data.net http://bam-cell.nr-data.net bam-cell.nr-data.net https://mrecs.algopine.com http://mrecs.algopine.com mrecs.algopine.com https://optimize.google.com http://optimize.google.com optimize.google.com https://sentry.io http://sentry.io sentry.io https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://vc.hotjar.io http://vc.hotjar.io vc.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://measure.martinus.cz http://measure.martinus.cz measure.martinus.cz https://measure.martinus.sk http://measure.martinus.sk measure.martinus.sk https://content.hotjar.io http://content.hotjar.io content.hotjar.io; font-src https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://script.hotjar.com http://script.hotjar.com script.hotjar.com data:; form-action 'self' https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://connect.facebook.net http://connect.facebook.net connect.facebook.net; frame-src 'self' https://www.youtube.com http://www.youtube.com www.youtube.com https://www.facebook.com http://www.facebook.com www.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com staticxx.facebook.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://bid.g.doubleclick.net http://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com http://www.google.com www.google.com https://api.infinario.com http://api.infinario.com api.infinario.com https://creativecdn.com http://creativecdn.com creativecdn.com https://*.creativecdn.com http://*.creativecdn.com *.creativecdn.com https://helpdesk.martinus.sk http://helpdesk.martinus.sk helpdesk.martinus.sk https://*.ladesk.com http://*.ladesk.com *.ladesk.com https://docs.google.com http://docs.google.com docs.google.com https://inres.uspech.sk http://inres.uspech.sk inres.uspech.sk https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://martinus.us17.list-manage.com http://martinus.us17.list-manage.com martinus.us17.list-manage.com https://optimize.google.com http://optimize.google.com optimize.google.com https://consentcdn.cookiebot.com http://consentcdn.cookiebot.com consentcdn.cookiebot.com https://form.typeform.com http://form.typeform.com form.typeform.com; img-src * data:; media-src https://download.dibuk.eu http://download.dibuk.eu download.dibuk.eu; object-src 'none'; manifest-src 'self' https://www.martinus.sk/manifest.json http://www.martinus.sk/manifest.json www.martinus.sk/manifest.json https://www.martinus.cz/manifest.json http://www.martinus.cz/manifest.json www.martinus.cz/manifest.json; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://mrtns.eu http://mrtns.eu mrtns.eu https://mrtns.sk http://mrtns.sk mrtns.sk https://tagmanager.google.com http://tagmanager.google.com tagmanager.google.com https://cdn.luigisbox.com http://cdn.luigisbox.com cdn.luigisbox.com https://optimize.google.com http://optimize.google.com optimize.google.com https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://embed.typeform.com http://embed.typeform.com embed.typeform.com 'unsafe-inline'; worker-src 'self' https://api.infinario.com http://api.infinario.com api.infinario.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-xvlPSnaKFlfzAmXgXXLoXw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' blob: *.hellowork.com *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io *.dev-hellowork.com wss:;script-src 'self' *.hellowork.com 'wasm-unsafe-eval' *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io https://cdn.jsdelivr.net/npm/ 'nonce-ae1oaa5DlCP8iItFfYJzyA==' *.dev-hellowork.com;style-src 'self' 'unsafe-inline' blob: *.hellowork.com *.zdassets.com *.zendesk.com *.zopim.com https://zendesk-eu.my.sentry.io *.dev-hellowork.com;worker-src blob:;connect-src *;child-src blob:;object-src 'none';frame-ancestors 'self' https://compte.hellowork.com;upgrade-insecure-requests;block-all-mixed-content; base-uri 'self'; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';img-src 'self' data: blob:;style-src 'self' 'unsafe-inline';frame-src 'self';font-src 'self' data:;connect-src 'self' 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app *.hipay.com *.paypal.com 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app; connect-src 'self' *.run.app *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com *.hipaytech.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app *.paypalobjects.com; frame-ancestors 'none' 1
default-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; connect-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://*.algolia.net https://*.algolianet.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.tiktok.com https://cdn.linkedin.oribi.io https://dev.visualwebsiteoptimizer.com https://*.google.com https://cc.cdn.civiccomputing.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data: https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://r1.dotmailer-surveys.com/ https://www.google.co.uk/ https://9530286.fls.doubleclick.net https://player.vimeo.com https://facebook.com https://www.facebook.com https://web.facebook.com https://r1.dotdigital-pages.com https://open.spotify.com https://iframely.shorthand.com https://*.pinterest.com https://m.facebook.com https://tr.snapchat.com https://*.doubleclick.net https://cc.cdn.civiccomputing.com; img-src 'self' data: https:; media-src 'self' https://www.google-analytics.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.instagram.com https://r1.dotmailer-surveys.com/ https://www.google-analytics.com https://*.googletagmanager.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://www.googleadservices.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://s.pinimg.com https://sc-static.net https://amplify.outbrain.com https://tag.yieldoptimizer.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://analytics.twitter.com https://www.google.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://embed.shorthand.com https://news.files.bbci.co.uk https://r1.dotdigital-pages.com https://iframely.shorthand.com https://www.youtube.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://connect.facebook.net https://js-agent.newrelic.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://analytics.twitter.com https://bam.nr-data.net https://embed.shorthand.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://news.files.bbci.co.uk https://maps.googleapis.com https://iframely.shorthand.com https://platform.instagram.com https://www.youtube.com https://*.googletagmanager.com http://static.ads-twitter.com/ https://snap.licdn.com https://sc-static.net https://analytics.tiktok.com https://tr.snapchat.com https://dev.visualwebsiteoptimizer.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://platform.twitter.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' blob: https://platform.twitter.com https://ton.twimg.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com http://translate.googleapis.com/ https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' https://www.rslcontent.co.uk www.rslcontent.co.uk; report-uri https://www.wales.com/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uat-asicentral.com *.asicentral.com *.youtube.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.facebook.net *.vimeo.com *.vimeocdn.com *.bootstrapcdn.com *.googletagmanager.com https://assets-us1-cloud.deskpro.com https://kit.fontawesome.com https://ajax.googleapis.com https://api.filepicker.io https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://servedbyadbutler.com;object-src 'self' *.googlesyndication.com;style-src 'self' 'unsafe-inline' *.uat-asicentral.com *.asicentral.com *.bootstrapcdn.com *.googleapis.com *.googletagmanager.com https://assets-us1-cloud.deskpro.com https://kit-pro.fontawesome.com;img-src 'self' data: *.asicentral.com *.uat-asicentral.com *.facebook.com *.vimeocdn.com/ *.youtube.com/ *.google.com/ *.gravatar.com/ https://assets-us1-cloud.deskpro.com https://servedbyadbutler.com https://www.google-analytics.com;media-src 'self' *.asicentral.com *.uat-asicentral.com *.facebook.com *.vimeocdn.com/ *.vimeo.com/ *.youtube.com/;frame-src 'self' *.hotjar.com/ *.youtube.com/ *.uat-asicentral.com/ *.asicentral.com/ *.filepicker.io/ *.vimeo.com/ *.google.com/;font-src 'self' data: *.bootstrapcdn.com/ *.google.com/ https://fonts.gstatic.com *.fontawesome.com/;base-uri 'self';child-src 'self' blob: data: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.youtube.com;form-action 'self' *.google.com *.facebook.com *.facebook.net *.asicentral.com *.uat-asicentral.com;frame-ancestors 'self' *.asicentral.com *.uat-asicentral.com;worker-src blob: https://store.uat-asicentral.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self'  https: data:; base-uri 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' accept.authorize.net; base-uri 'self' 1
default-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/combine/gh/ryersondmp/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://*.hotjar.com/ https://unpkg.com/@google/ 'unsafe-inline' https://kit.fontawesome.com/; style-src 'self' https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' data: https://www.w3.org https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/ https://jadu-q-files.s3.eu-west-1.amazonaws.com/ https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com; child-src 'self' https://calendar.google.com/; font-src 'self' https://ka-p.fontawesome.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/ ; connect-src 'self' https://maps.googleapis.com/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://*.google-analytics.com/ https://tle5ea6myb.execute-api.eu-west-2.amazonaws.com/ https://uch9a5brqc.execute-api.eu-west-2.amazonaws.com/ https://93yf4nembc.execute-api.eu-west-2.amazonaws.com/ https://zbr7r13ke2.execute-api.eu-west-2.amazonaws.com/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://pony.social 'wasm-unsafe-eval'; font-src 'self' https://pony.social; img-src 'self' data: blob: https://pony.social https://cdn.pony.social; style-src 'self' https://pony.social 'nonce-n+8Bk5shmnyv8pbW6mC08A=='; media-src 'self' data: https://pony.social https://cdn.pony.social; frame-src 'self' https:; child-src 'self' blob: https://pony.social; worker-src 'self' blob: https://pony.social; connect-src 'self' blob: data: wss://pony.social https://pony.social https://cdn.pony.social; manifest-src 'self' https://pony.social; form-action 'self' 1
frame-ancestors https://accell.lightning.force.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.ro *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.ro; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.ro https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-YJGyWTJQhC3lUQqeCMoLeGzQ0ak6m2anITauRRaoYIM=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.ro/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
frame-ancestors 'self'; frame-src 'self' *.partslink24.com *.partslink24.com.cn; base-uri 'self'; default-src 'self' *.partslink24.com *.partslink24.com.cn; script-src 'self' *.partslink24.com *.partslink24.com.cn; style-src 'self' 'unsafe-inline' *.partslink24.com *.partslink24.com.cn; font-src 'self' *.partslink24.com *.partslink24.com.cn data:; img-src 'self' *.partslink24.com *.partslink24.com.cn *.update1.lex-com.net update1.lex-com.net data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.zingchart.com www.youtube.com cdn.ampproject.org *.datatables.net *.in.webengage.co cdnjs.cloudflare.com code.jquery.com *.googleapis.com  s3.ap-south-1.amazonaws.com *.moxveda.com *.in.webengage.com pnb.allincall.in *.lfr.cloud cdn.jsdelivr.net *.pnbhousing.com; style-src 'self' 'unsafe-inline' cdn.zingchart.com *.datatables.net *.in.webengage.com fonts.googleapis.com fonts.googleapis.com code.jquery.com *.moxveda.com cdnjs.cloudflare.com pnb.allincall.in *.lfr.cloud *.pnbhousing.com *.in.webengage.com; object-src 'none'; base-uri 'self'; connect-src 'self' stats.g.doubleclick.net analytics.google.com cdn.zingchart.com cdn.ampproject.org maps.googleapis.com *.in.webengage.com api.ipify.org pnb.allincall.in *.moxveda.com *.lfr.cloud *.pnbhousing.com; font-src 'self' data: cdn.zingchart.com fonts.gstatic.com *.moxveda.com cdnjs.cloudflare.com *.lfr.cloud *.pnbhousing.com *.in.webengage.com; frame-src 'self' cdn.zingchart.com pnb.allincall.in *.in.webengage.co www.youtube.com *.in.webengage.com *.moxveda.com *.lfr.cloud *.pnbhousing.com; img-src 'self' data: www.google.co.in *.in.webengage.com pnb.allincall.in maps.gstatic.com maps.googleapis.com *.moxveda.com *.lfr.cloud *.pnbhousing.com; manifest-src 'self'; media-src 'self'; report-uri *.lfr.cloud *.pnbhousing.com; frame-ancestors 'self' *.in.webengage.com *.moxveda.com *.lfr.cloud *.pnbhousing.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.com *.episerver.net/ *.webtraxs.com https://www.google-analytics.com/ *.mouseflow.com *.liveperson.net *.gstatic.com *.lpsnmedia.net *.googleapis.com *.visualstudio.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dl.episerver.net/ https://bat.bing.com/ https://www.googleadservices.com/pagead/ https://tcp.googlesyndication/ https://ajax.cloudflare.com/ *.idio.co/ https://az416426.vo.msecnd.net https://static.cloudflareinsights.com/ https://www.youtube.com/ http://d1igp3oop3iho5.cloudfront.net/ https://*.clarity.ms/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.ellsworth.com/ https://*.episerver.net/ https://dl.episerver.net/ https://lptag.liveperson.net/ https://lptag.liveperson.net/ *.googleapis.com https://www.googletagmanager.com/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ *.lpsnmedia.net *.webtraxs.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://i.ytimg.com/ https://n2.mouseflow.com/ https://stats.g.doubleclick.net/ https://strack.where-to-buy.co/ https://where-to-buy.co/ https://dl.episerver.net/ https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/ https://tcp.googlesyndication/ https://img.youtube.com/ *.idio.co/ *.ellsworth.com https://www.googletagmanager.com/ https://lpcdn.lpsnmedia.net/ https://www.commerce-connector.com/ *.googleapis.com https://fonts.gstatic.com/ https://jumbe.zaius.com/ https://*.clarity.ms/ https://*.bing.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/; media-src 'self' https://lpcdn.lpsnmedia.net/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/static/fonts/muli/ https://fonts.gstatic.com/s/muli/v6/ *.googleapis.com; child-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://editor.ne16.com/; frame-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://pay.sandbox.realexpayments.com/ https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://ellsworth-dev.adagetech.net/ https://editor.ne16.com/ https://certtransaction.hostedpayments.com/ https://transaction.hostedpayments.com/ https://app.ne16.com/; connect-src 'self' ws://*.ellsworth.com/ *.ellsworth.com *.visualstudio.com https://*.episerver.net/ wss://*.ellsworth.com/ http://*.episerver.com/ https://n2.mouseflow.com/ https://www.google-analytics.com/ *.liveperson.net https://bat.bing.com/actionp/ https://stats.g.doubleclick.net/ *.googleapis.com https://analytics.google.com/ https://*.clarity.ms/ https://adservice.google.com/ https://cdn.linkedin.oribi.io/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * data:; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *; object-src 'self' blob:; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5sh1futiqub3f&partner=; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self' optimize.google.com; 1
script-src 'self' plataformadev.bvc.com.co https://plataformatest.bvc.com.co https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://*.hotjar.com https://script.hotjar.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net 'unsafe-inline'; frame-ancestors https://www.kumo360.com https://youtube.com; 1
default-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com  *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; img-src 'self' data: *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com  *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; style-src 'unsafe-inline' 'self' data: *.googleapis.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; font-src 'unsafe-inline' 'self' data: *.googleapis.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com  *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; frame-src 'unsafe-inline' 'self' data: *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; connect-src 'self' 'unsafe-inline' data: *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; script-src-elem 'self' 'unsafe-inline' data: *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.google.com *.gstatic.com *.googleusercontent.com *.googleadservices.com *.facebook.net *.line-scdn.net *.doubleclick.net  *.line.me *.facebook.com *.fb.com *.google.co.th *.cookiebot.com *.tiktok.com *.ads-twitter.com *.twitter.com *.co https://twitter.com; 1
script-src * data: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.cloudflare.com *.bootstrapcdn.com 1
frame-ancestors *.travelallrussia.com *.firebirdtours.com *.force.com http://webvisor.com https://tourstoeurope.com 1
default-src 'self' data: http://* blob: https://* blob:; script-src 'self' 'unsafe-inline' data: http://* blob: https://* blob: 'unsafe-eval'; connect-src * 'self' data: http://* blob: https://* blob:; img-src data: 'self' http://* blob: https://* blob:; style-src 'self' 'unsafe-inline' data: http://* blob: https://* blob:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTExMzMyZGEyZDdkNDgxMTliY2NhNzY2MGIzNjdiMGQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nix18.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nix18.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nix18.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.around.team; 1
frame-ancestors 'self' https://app.speechlive.com https://ui.speakachu.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.yandex.net https://*.yandex.ru https://yastatic.net https://unpkg.com; img-src * data:; style-src blob: 'self' 'unsafe-inline' *; base-uri 'self'; connect-src 'self' ws: wss: https://*.marketx.pro https://*.metalx.shop https://www.google-analytics.com https://*.yandex.net https://*.yandex.ru https://*.sentry.io; form-action 'self'; frame-src 'self' https://*.metalx.shop https://*.marketx.pro https://*.yandex.ru https://*.yandexcloud.net; frame-ancestors 'self' https://*.marketx.pro https://mc.yandex.ru https://webvisor.com http://webvisor.com https://*.webvisor.com http://*.webvisor.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://aninjusticemag.com https://*.aninjusticemag.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-dFdhODN5Yyt2Tkg3MzJJZlV3dlVnc2V3Tzh6Mk8yQUQ4c1BaUXJhdzZpWT06MFE3T25XMUw5THZNckN4ckZtYXNyZWpSZDdXNWIxTkV3WmZoSVBIVG9FZz0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hessen.social; img-src 'self' https: data: blob: https://hessen.social; style-src 'self' https://hessen.social 'nonce-+C3yMpBkkEpr4DNSeifI8w=='; media-src 'self' https: data: https://hessen.social; frame-src 'self' https:; manifest-src 'self' https://hessen.social; form-action 'self'; child-src 'self' blob: https://hessen.social; worker-src 'self' blob: https://hessen.social; connect-src 'self' data: blob: https://hessen.social https://hessen.social wss://hessen.social; script-src 'self' https://hessen.social 'wasm-unsafe-eval' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-08b8c06be559433eb096c3cf132b68c7' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-5XTFxC2ZCFp5bb6Kyh+JP+TEdC0hf+p9mvi11eAIIJCZJFs6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-jyJjssEew1Hl1RSJOni0PysB3ANo38L50HoKOp5gZxAtJVWS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors http://dataroom.leem.org 1
object-src 'none'; child-src 'self' blob:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.labonline.nl; upgrade-insecure-requests; block-all-mixed-content 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org pghub.io *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org www.google-analytics.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com cdn.cookielaw.org *.algolia.net *.algolianet.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
child-src 'self' *.vimeo.com *.issuu.com *.youtube.com *.youtube-nocookie.com; connect-src 'self' *.pingdom.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.euronext.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self'; manifest-src 'self'; media-src 'self' youtu.be *.vimeo.com *.issuu.com *.youtube.com *.youtube-nocookie.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' *.google-analytics.com *.pingdom.net *.googletagmanager.com *.issuu.com *.youtube.com *.youtube-nocookie.com *.vimeo.com https://i.vimeocdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://polyfill.io https://unpkg.com js.createsend1.com *.googleapis.com *.euronext.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri https://deme-group.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.laduckconf.com *.lagrosseconf.com *.schoolofpo.com *.usievents.com *.octo.com *.googleapis.com *.gstatic.com *.amazonaws.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com data: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline'; img-src 'self' https://secure.gravatar.com; font-src 'self' data: https://fonts.gstatic.com; report-uri https://linss.report-uri.io/r/default/csp/enforce 1
frame-src *.bambuser.com *.pzebra.com *.krato.io *.vimeo.com *.facebook.com *.google.com *.youtube.com *.yudu.com *.cloudfront.net *.pinkzebrahome.com  'self' blob: 1
frame-ancestors 'self' *.hasselt.be *.visithasselt.be; report-uri /report-csp-violation 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://donorbox.org; script-src 'self' https://donorbox.org; img-src 'self' data:; frame-src 'self' https://outreach.abetterinternet.org https://donorbox.org https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com; font-src 'self' https://www.memorysafety.org https://fonts.gstatic.com https://donorbox.org data:; connect-src 'self' https://donorbox.org; object-src 'self'; 1
frame-ancestors http://www.anbtx.com/ http://anbtx-preview.imag-stage.com/ 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com *.cookielaw.org data:; 1
default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com http://maps.google.com https://maps.googleapis.com https://*.googletagmanager.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://*.googletagmanager.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.doctolib.de https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://maps.gstatic.com https://*.googletagmanager.com;frame-src https://www.youtube-nocookie.com;frame-ancestors 'self';form-action 'self';base-uri 'self'; 1
child-src https://adcdn.goo.ne.jp/ https://adobe.com/ https://b90.yahoo.co.jp/ https://b91.yahoo.co.jp/ https://b92.yahoo.co.jp/ https://doubleclick.net https://githubassets.com/ https://googleads.g.doubleclick.net/ https://googleapis.com/ https://i.yimg.jp/ https://jquery.com/ http://ogp.me/ https://s.yimg.jp/ https://typesquare.com/ https://www.cloudflare.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.yahoo.co.jp/ https://www.youtube.com/ https://www.kmew.co.jp https://wwwtest.kmew.co.jp 1
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/; connect-src 'self' https://*.minpension.se/ https://*.minpension.se/piwik.php https://lilum.lightsinline.se/; default-src 'none'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://w.soundcloud.com/ https://e.issuu.com/; img-src 'self' data: https://via.tt.se/ https://*.minpension.se/ https://d6tizftlrpuof.cloudfront.net/ https://ssl.webserviceaward.com/; object-src 'self' https://*.minpension.se/; report-to 'self'; report-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.minpension.se/ https://piwik.minpension.se/piwik.js https://e.issuu.com/ https://ssl.webserviceaward.com/; style-src 'self' 'unsafe-inline' https://*.minpension.se/ https://d6tizftlrpuof.cloudfront.net/ https://ssl.webserviceaward.com/; 1
default-src 'self' *.cwp-stg.sg *.cwp.sg *.dcube.cloud *.wogaa.sg *.demdex.net cm.everesttech.net wogadobeanalytics.sc.omtrdc.net; frame-src 'self' www.google.com fast.wogaa.demdex.net *.wogaa.sg s7.addthis.com wogaa.demdex.net *.onemap.sg forms.cwp.gov.sg *.cwp-stg.sg *.cwp.sg *.onemap.gov.sg *.instagram.com *.facebook.com *.youtube.com drive.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com ajax.googleapis.com www.gstatic.com m.addthisedge.com m.addthis.com api-public.addthis.com s7.addthis.com *.cwp-stg.sg *.cwp.sg *.wogaa.sg www.google-analytics.com *.dcube.cloud assets.adobedtm.com *.onemap.gov.sg; object-src 'self' *.cwp-stg.sg *.cwp.sg; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cwp-stg.sg *.cwp.sg assets.wogaa.sg/ assets.dcube.cloud/fonts/; img-src * data: wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net; connect-src 'self' *.wogaa.sg *.dcube.cloud dpm.demdex.net www.google-analytics.com;font-src * 'self' data: assets.wogaa.sg/fonts/; 1
default-src 'self';          script-src 'self' 'unsafe-inline' 'unsafe-eval'            https://*.crimsoncircle.com            https://www.googletagmanager.com            https://cdn.ywxi.net            https://cdnjs.cloudflare.com            https://s7.addthis.com            https://stats.sa-as.com            https://static.zdassets.com            https://crimsoncircle.com            https://livestream.com            https://code.jquery.com            https://ssl.p.jwpcdn.com            https://widget-mediator.zopim.com            https://content.jwplatform.com            https://ajax.cloudflare.com            https://rum-static.pingdom.net            https://www.trustedsite.com            https://www.gstatic.com            https://www.google-analytics.com;         connect-src 'self'             https://www.google-analytics.com            https://s3-us-west-2.amazonaws.com            https://ekr.zdassets.com            https://crimsoncircle.zendesk.com            https://zendesk-eu.my.sentry.io            wss://widget-mediator.zopim.com            https://*.crimsoncircle.com           https://rum-collector-2.pingdom.net;          style-src 'self' 'unsafe-inline'            https://fonts.googleapis.com            https://maxcdn.bootstrapcdn.com            https://*.crimsoncircle.com            https://crimsoncircle.com            https://cdn.trustedsite.com;          img-src * 'self' data: blob:            https://*.crimsoncircle.com;          font-src 'self' data:            https://fonts.gstatic.com            https://maxcdn.bootstrapcdn.com            https://crimsoncircle.com;          media-src 'self' blob:            https://static.zdassets.com            https://*.crimsoncircle.com            https://crimsoncircle.com            https://www.crimsoncircle.com/QuietRoom/            https://crimson-circle.s3-us-west-2.amazonaws.com           http://www.crimsoncircle.com;          object-src 'none';          frame-src 'self'            https://streamonline.ning.com            https://*.crimsoncircle.com            https://www.trustedsite.com            https://livestream.com;          worker-src 'self' blob:;          child-src 'self'            https://*.crimsoncircle.com            https://livestream.com;          form-action 'self';          frame-ancestors 'self'            https://streamonline.ning.com           https://*.crimsoncircle.com            https://livestream.com; 1
default-src 'self' *.pingdom.net https://*.mypurecloud.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pingdom.net https://*.mypurecloud.com https://xiecomm.paymetric.com/ https://flex.cybersource.com/cybersource/assets/microform/0.11/flex-microform.min.js https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.mypurecloud.com; connect-src 'self' https://*.myaccountinfo.com *.pingdom.net https://xiecomm.paymetric.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.mypurecloud.com/ wss://*.mypurecloud.com/; frame-src 'self' https://services.concordsoftwareleasing.com https://flex.cybersource.com https://*.mypurecloud.com/; frame-ancestors 'self' www.tristatefinancial.net  www.midatlanticcapital.net  ownerslounge.welkresorts.com  www.myaccountinquiry.com  test.myaccountinquiry.com  http://halo-borrower-portal.demoproject.info  *.joinhalo.com  raintreevacationclub.com  raintree-prod.contentactive.com  raintreeclub.app; img-src 'self' https://*.myaccountinfo.com https://*.google-analytics.com https://*.googletagmanager.com; data:; 1
default-src 'self' mbank.net.pl adserwer.mbank.net.pl www.mbank.net.pl www.google.com www.google.pl googleads.g.doubleclick.net www.googletagmanager.com google.com google-analytics.com ssl.google-analytics.com mbank.pl fonts.googleapis.com fonts.gstatic.com www.googleadservices.com;object-src 'none' 1
default-src 'self' *.kbb1.com *.kli.one kabbalahmedia.info *.kabbalahmedia.info archive *.archive *.usersnap.com *.twimg.com *.youtube.com *.youtube-nocookie.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.kab.info *.kab.sh;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com kabbalahmedia.info archive *.usersnap.com cdnjs.cloudflare.com cdn.jwplayer.com *.jwpcdn.com *.hlsjs.js blob:;style-src 'self' 'unsafe-inline' *.googleapis.com;font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com;img-src 'self' data: *.kbb1.com kabbalahmedia.info *.kabbalahmedia.info archive *.archive laitman.ru www.laitman.ru laitman.com laitman.es laitman.co.il *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.co.il *.google.com *.usersnap.com *.twimg.com *.jwpltx.com;media-src 'self' data: blob: *.kabbalahmedia.info *.kab.info *.kab.sh;worker-src blob: *.kabbalahmedia.info;frame-ancestors *;object-src *.youtube.com;base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.de https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.comi https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com; 1
default-src 'self';  upgrade-insecure-requests;  object-src 'none';  base-uri 'none';  connect-src 'self' https: ;  font-src 'self' data: https: ;  form-action 'self' https://hanayashiki.movabletype.io;  frame-ancestors 'self';  frame-src 'self' https: ;  img-src 'self' data: https: ;  media-src 'self'     www.youtube.com   ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ;  script-src-attr 'self' 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' https: ;  style-src 'self' 'unsafe-inline' https: ;  style-src-attr 'self' 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' https: ; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ubuntu-mate.community/logs/ https://ubuntu-mate.community/sidekiq/ https://ubuntu-mate.community/mini-profiler-resources/ https://ubuntu-mate.community/assets/ https://ubuntu-mate.community/brotli_asset/ https://ubuntu-mate.community/extra-locales/ https://ubuntu-mate.community/highlight-js/ https://ubuntu-mate.community/javascripts/ https://ubuntu-mate.community/plugins/ https://ubuntu-mate.community/theme-javascripts/ https://ubuntu-mate.community/svg-sprite/; worker-src 'self' https://ubuntu-mate.community/assets/ https://ubuntu-mate.community/brotli_asset/ https://ubuntu-mate.community/javascripts/ https://ubuntu-mate.community/plugins/; frame-ancestors 'self' https://ubuntu-mate.org; manifest-src 'self' 1
frame-ancestors https://catamaranguru.com 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
media-src 'self' https://stream.mux.com https: wss: blob:; worker-src 'self' https://stream.mux.com https: wss: blob:; img-src * https: data:; default-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.f9dev.com; style-src 'self' https://*.f9client.com https://*.chase.com https://*.typekit.net; script-src 'self' blob: https://*.chase.com https://*.f9client.com https://*.liquidhost2.com https://www.google-analytics.com https://www.googletagmanager.com https://*.chasecdn.com https://stats.g.doubleclick.net https://reviews.mychasecreditcards.com https://*.crazyegg.com https://apps.rokt.com; img-src 'self' data: blob: https://*.f9client.com https://*.chase.com https://*.demdex.net https://*.dotomi.com https://*.doubleclick.net https://*.google.com https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gravatar.com https://*.linkedin.com https://*.mbraco.com https://*.mbraco.org https://*.outbrain.com https://*.rfihub.com https://*.umbraco.tv https://*.yahoo.com https://a.amxdt.com https://analytics.twitter.com https://bat.bing.com https://ct.pinterest.com https://d.agkn.com https://googleads.g.doubleclick.net https://i.simpli.f https://p.adsymptotic.com https://ping.pdst.fm https://pixel.advertising.com https://pixel.tapad.com https://r.turn.com https://s3.amazonaws.com https://s-a.innovid.com https://secure.adnxs.com https://secure.leadback.advertising.com https://t.acxiom-online.com https://t.co https://tags.mediaforge.com https://tr.snapchat.com https://trkn.us https://ups.analytics.yahoo.com https://ut.rd.linksynergy.com https://www.facebook.com https://t.teads.tv https://events-azalea.outpace.com https://smetrics.marriott.com http://metrics.marriott.com https://s.amazon-adsystem.com https://www.googleadservices.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://insight.adsrvr.org https://chmarriottapx.apxprogrammatic.com https://tags.bluekai.com https://rc.rlcdn.com https://pixel.mathtag.com https://*.adentifi.com/ https://apxprogrammatic.netmng.com https://southwestairlines.tt.omtrdc.net https://smetrics.southwest.com https://servedby.flashtalking.com https://pippio.com https://ib.adnxs.com https://odr.mookie1.com https://www.knotch-cdn.com/ https://sync.mathtag.com https://*.southwest.com https://tag.apxlv.com https://usermatch.krxd.net https://*.demdex.com https://pixel.mediaiqdigital.com https://match.adsrvr.org https://deviceid.trueleadid.com https://pixel.pointmediatracker.com; font-src 'self' data: https://*.f9client.com https://*.typekit.net; connect-src 'self' https://*.chase.com https://*.chasecreditcards.com https://*.liquidhost2.com https://reviews.mychasecreditcards.com https://www.google-analytics.com https://stats.g.doubleclick.net https://chase-mp.zeronaught.com https://dpm.demdex.net https://*.crazyegg.com https://*.doubleclick.net https://*.crazyegg.com https://googleads.g.doubleclick.net https://www.facebook.com https://jpmcbankna.demdex.net https://t.co/i/adsct https://analytics.twitter.com https://t.teads.tv https://dc.ads.linkedin.com https://tr.snapchat.com https://insight.adsrvr.org https://ping.pdst.fm https://login.dotomi.com https://*.chasecreditcards.com https://*.chase.com https://*.liquidhost2.com https://www.google-analytics.com https://stats.g.doubleclick.net https://chase-mp.zeronaught.com https://dpm.demdex.net https://d.agkn.com https://px.ads.linkedin.com https://ct.pinterest.com https://rc.rlcdn.com/ https://*.chasecdn.com; media-src 'self' https://*.f9client.com; frame-src 'self' https://*.f9client.com https://*.chase.com https://www.knotch.it https://www.knotch-cdn.com https://apps.rokt.com/; default-src 'self' 1
default-src 'self' 'nonce-6644875564001557061' cdn.redwood.com *.runmyjobs.cloud; frame-ancestors *.runmyjobs.cloud; frame-src *.runmyjobs.cloud; script-src 'self' 'nonce-6644875564001557061'; style-src 'self' data:; font-src 'self' data:; img-src 'self' data:; form-action https:; base-uri 'self'; 1
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com 1
frame-ancestors 'self' *.kunzmann.de 1
connect-src 'self' https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.mktoresp.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.youtube.com https://box.kaspersky.com https://consentcdn.cookiebot.com https://e.infogram.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.ru https://tpc.googlesyndication.com https://www.googletagmanager.com; default-src 'self' https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://box.kaspersky.com https://kasperskycontenthub.com https://securelist.ru https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://box.kaspersky.com https://fonts.googleapis.com https://kasperskycontenthub.com https://securelist.ru https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googletagservices.com https://*.infogram.com https://*.instagram.com https://*.kasperskycontenthub.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.yandex.ru https://*.youtube.com https://box.kaspersky.com https://consentcdn.cookiebot.com https://dzen.ru https://go.kaspersky.com https://infogram.com https://kaspersky.demdex.net https://kasperskycontenthub.com https://player.vimeo.com https://securelist.ru https://tpc.googlesyndication.com https://vk.com https://www.brighttalk.com; img-src 'self' data: http://*.wordpress.com http://*.wp.com http://assets.kasperskydaily.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.kasperskydaily.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.staticflickr.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.vk.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://assets.kasperskydaily.com https://box.kaspersky.com https://cdn.securelist.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://kaspersky.d2.sc.omtrdc.net https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://maps.googleapis.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://securelist.com https://securelist.lat https://securelist.ru https://stats.g.doubleclick.net https://t.co https://threatpost.com https://tpc.googlesyndication.com https://vk.com https://www.googletagmanager.com; object-src 'self' https://*.kasperskycontenthub.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://box.kaspersky.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.ru https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.ca https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.co.za https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.com.br https://*.kaspersky.com.tr https://*.kaspersky.de https://*.kaspersky.es https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.nl https://*.kaspersky.pt https://*.kaspersky.ru https://*.kaspersky.se https://*.kasperskycontenthub.com https://*.marketo.com https://*.marketo.net https://*.polldaddy.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://assets.adobedtm.com https://box.kaspersky.com https://cdnjs.cloudflare.com https://connect.mail.ru https://consent.cookiebot.com https://consentcdn.cookiebot.com https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://s.ytimg.com https://securelist.ru https://share.yandex.ru/ https://tpc.googlesyndication.com https://vk.com https://www.brighttalk.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.kasperskycontenthub.com https://*.marketo.com https://*.securelist.com https://*.securelist.lat https://*.securelist.ru https://*.sharethis.com https://*.threatpost.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://box.kaspersky.com https://kasperskycontenthub.com https://securelist.ru https://tpc.googlesyndication.com https://www.googletagmanager.com 1
base-uri https://protoshost.com; script-src-attr 'self' 'unsafe-inline' *.protoshost.com; frame-ancestors 'none'; form-action 'self' 'unsafe-inline' *.protoshost.com; media-src 'self' 'unsafe-inline' *.protoshost.com; frame-src 'self' 'unsafe-inline' *.protoshost.com; report-uri https://protoshost.com 1
report-uri /api/csp/report-violations;default-src 'self';connect-src 'self' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.cookielaw.org *.doubleclick.net *.google-analytics.com *.onetrust.com *.mktoresp.com *.yandex.ru *.oribi.io *.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.cookielaw.org *.aalberts-hfc.com *.marketo.com *.marketo.net *.yandex.ru *.licdn.com *.facebook.net www.googleadservices.com *.hotjar.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.aalberts-hfc.com *.marketo.com www.googletagmanager.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com *.cookielaw.org www.googletagmanager.com *.gstatic.com *.yandex.ru *.linkedin.com www.facebook.com *.doubleclick.net;media-src 'self';font-src 'self' fonts.gstatic.com;object-src 'none';frame-src 'self' www.youtube.com player.vimeo.com www.google.com *.aalberts-hfc.com www.facebook.com *.matterport.com;frame-ancestors 'none';block-all-mixed-content; 1
frame-ancestors 'self' http://www.philips.com.hk *.philips.com *.philips.com.hk https://philipsigtdpv.com 1
default-src https: wws: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' script-src 'self' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.repower.com *.google.com *.google.de *.gstatic.com *.ci360.sas.com *.googletagmanager.com *.adform.net *.google-analytics.com *.clarity.ms *.doubleclick.net *.googlesyndication.com *.youtube.com youtube.com *.licdn.com *.facebook.net *.msauth.net *.msftauth.net *.s-microsoft.com *.microsoftonline.com *.linkedin.oribi.io *.cdn-cookieyes.com cdn-cookieyes.com *.cdnjs.cloudflare.com cdnjs.cloudflare.com *.maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.unpkg.com *.code.jquery.com *.fontawesome.com *.googleapis.com *.googleadservices.com *.bootstrapcdn.com *.google.it *.linkedin.com *.facebook.com *.involve.me *.eturnity.com *.heyflow.cloud static.heyflow.app *.curator.io *.investis.com *.go-mpulse.net mktdplp102cdn.azureedge.net *.cookieyes.com *.svc.dynamics.com *.akstat.io *.vimeo.com ohws.prospective.ch *.spreaker.com *.youtube-nocookie.com bat.bing.com cdn.scaleflex.it *.akamaihd.net api.friendlycaptcha.com *.eturnity.ch; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: ; 1
default-src 'self' ka-f.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com connect.facebook.net *.doubleclick.net *.linkedin.com *.licdn.com *.criteo.com *.criteo.net kit.fontawesome.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.google.com *.gwallet.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.it *.googletagmanager.com *.doubleclick.net hicmobile.go2cloud.org track.hicmobile.com www.facebook.com; frame-src 'self' *.google.com *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.elegantthemes.com *.yousign.com *.criteo.com www.facebook.com; font-src 'self' data: fonts.gstatic.com ka-f.fontawesome.com; connect-src 'self' *.googleapis.com *.google-analytics.com ka-f.fontawesome.com www.facebook.com *.doubleclick.net; 1
default-src https: wss: data: 'self' blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; worker-src blob: 1
frame-ancestors 'self' http://www.clearhaircare.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://forms-us.unileversolutions.com 1
img-src * 'self' blob: data:;default-src *; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: https://www.googletagmanager.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms  https://y.clarity.ms https://z.clarity.ms https://analytics.tiktok.com https://onesignal.com https://cdn.onesignal.com https://live.stc.com.kw https://business-soft.stc.com.kw  https://www.stc.com.kw  https://stc.com.kw https://www.solutions.com.kw https://solutions.com.kw https://maps.googleapis.com https://www.google-analytics.com https://analytics.tiktok.com https://p.teads.tv  https://connect.facebook.net https://static.ads-twitter.com https://sc-static.net  https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://static.hotjar.com https://ajax.googleapis.com https://www.semrush.com https://www.googletagmanager.com https://snap.licdn.co https://p.teads.tv https://static.ads-twitter.com https://sc-static.net https://www.googleadservices.com https://analytics.twitter.com https://live.viva.com.kw https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://platform.snapchat.com https://platform.twitter.com https://live.viva.com.kw https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 1
frame-ancestors 'self' https://*.shopify.com https://*.wix.com  https://*.ardalio.com; 1
default-src 'self' https: 'unsafe-inline';object-src 'none';base-uri https://localizestaging.com;frame-ancestors https://editor.localizejs.com;report-uri https://app.localizestaging.com/api/csp/violation-report 1
frame-ancestors 'none'; frame-src 'self' insight.adsrvr.org d1eoo1tco6rr5e.cloudfront.net www.youtube.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?<QUERY_STRING>; 1
frame-ancestors 'self' https://*.abp.io; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-ZThvQjZTY09kdEtDekxBRExmMlRVQ3Nic3lmRm5sb1BaVXVGV2RwMG50QT06VUtOTXBYQnRUb2pBZ1BaaVc3UDFObnBlMGtpRDFEVnNLUS9zSWE0dDJvbz0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src 'self';           report-uri https://www.southyorks.police.uk/report;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cc.cdn.civiccomputing.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://browser-update.org;           img-src 'self' data: www.googletagmanager.com https://scontent.cdninstagram.com https://graph.facebook.com https://pbs.twimg.com https://scontent.xx.fbcdn.net https://github.com/dawoe http://jumoo.co.uk *.gravatar.com *.umbraco.org https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com;           style-src 'self' 'unsafe-inline' www.gstatic.com https://*.googleapis.com ;           font-src 'self' https://fonts.gstatic.com;           child-src 'self' https://*.youtube.com https://*.google.com https://*.vimeo.com https://*.coveritlive.com https://*.fwebservices.be;           frame-src 'self' https://*.youtube.com https://*.google.com https://*.vimeo.com https://*.coveritlive.com https://*.fwebservices.be;           connect-src 'self' https://region1.google-analytics.com www.google-analytics.com https://apikeys.civiccomputing.com https://*.googleapis.com https://data.police.uk *.umbraco.org;           form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: ; report-uri /security-report.php 1
default-src 'self'; base-uri 'self'; script-src 'nonce-e5556df12896c560c0a86a0ccf1feae2' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.nl https://tms.parship.nl https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.fr https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-gtm-2d96c313-7aba-449c-8635-2ec181268f36' 'nonce-seed-6e3185c3-6f42-41a8-833c-4b1552848691' 'nonce-prefetech-e38419fb-fb65-4a57-8e5e-b782cb6abc25' 'nonce-tapfiliate-96d6a174-09dd-435f-89a5-eb1f03cd70f2' 'nonce-matomo-5a6aa700-958c-4aa9-b839-8adcb27ebb51' 'nonce-helpscout-8d86ebe8-c5df-4e9e-9b8e-c1624d09c148';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.fr https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 1
font-src image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.fontawesome.com googleapis.com fonts.gstatic.com *.twitter.com *.gstatic.com *.hotjar.com *.tiktok.com *.snapchat.com *.google.com *.nr-data.net *.google.co.in *.facebook.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.simplify.com *.snapchat.com *.twitter.com *.nr-data.net *.facebook.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.simplify.com *.ihorizons.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com *.google.com *.ihorizons.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.nr-data.net *.doubleclick.net *.google.co.in *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'unsafe-inline' data: *.simplify.com addevent.com *.google-analytics.com *.gstatic.com *.ihorizons.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.paypal.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com https://t.co *.ytimg.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://sync.taboola.com https://sync.outbrain.com https://t.teads.tv https://cm.teads.tv connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.chimpstatic.com downloads.mailchimp.com *.list-manage.com image2.pubmatic.com t.co www.facebook.com www.google.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com *.google-analytics.com addevent.com maps.googleapis.com *.gstatic.com *.ihorizons.com *.avada.io *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.ads-twitter.com *.google.com *.google.co.in *.doubleclick.net *.facebook.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.facebook.net chimpstatic.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org https://js-agent.newrelic.com https://sc-static.net https://p.teads.tv connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com image2.pubmatic.com t.co www.facebook.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.fontawesome.com getfirebug.com googleapis.com addevent.com *.googleapis.com *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.google.com *.google.co.in *.facebook.com *.youtube.com *.nr-data.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com image2.pubmatic.com t.co www.facebook.com google.com analytics.twitter.com 'self' data: 'unsafe-inline' data: *.simplify.com maps.googleapis.com/ *.ihorizons.com https://get.geojs.io *.avada.io *.twitter.com *.hotjar.com *.tiktok.com *.snapchat.com *.doubleclick.net *.adroll.com *.cardinalcommerce.com *.google-analytics.com *.teads.tv *.paypal.com *.google.com *.google.co.in *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.alifstores.com/; report-to report-endpoint; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://neovibe.app; img-src 'self' https: data: blob: https://neovibe.app; style-src 'self' https://neovibe.app 'nonce-iBPkLecWLjjtF2TmMCvrDg=='; media-src 'self' https: data: https://neovibe.app; frame-src 'self' https:; manifest-src 'self' https://neovibe.app; form-action 'self'; child-src 'self' blob: https://neovibe.app; worker-src 'self' blob: https://neovibe.app; connect-src 'self' data: blob: https://neovibe.app https://objects.neovibe.app https://streaming.neovibe.app; script-src 'self' https://neovibe.app 'wasm-unsafe-eval' 1
frame-ancestors 'self'  https://*.evergage.com https://www.yamaha-motor.ca; 1
default-src 'self' *.matomo.cloud; style-src 'self' 'unsafe-inline'; script-src 'self' *.jobbase.io *.onlyfy.jobs *.23degrees.io *.23degrees.eu *.matomo.cloud twitter.com *.twitter.com youtube.com *.youtube.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.apg.at *.placeholder.com twitter.com *.twitter.com data:; font-src 'self' data:; frame-src 'self' youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com linkedin.com *.linkedin.com twitter.com *.twitter.com 23degrees.io *.23degrees.io 23degrees.eu *.23degrees.eu prescreen.io *.prescreen.io apg.at *.apg.at *.jobbase.io *.onlyfy.jobs 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com maps.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' besposrednika.ru *.besposrednika.ru bsps.ru *.bsps.ru yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.st *.yandex.st yandex.md *.yandex.md yastatic.net *.yastatic.net adriver.ru *.adriver.ru google.com *.google.com google.ru *.google.ru googleapis.com *.googleapis.com gstatic.com *.gstatic.com googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com *.ggpht.com *.googletagservices.com *.googletagmanager.com *.ampproject.org *.googleoptimize.com vk.com *.vk.com vk.me *.vk.me userapi.com *.userapi.com top-fwz1.mail.ru telegram.org *.telegram.org ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru brn.s.bsps.ru brn.c.bsps.ru data:; 1
connect-src https: http: wss: ws: 'self'; img-src 'self' https://embed.tawk.to/ https://c.bing.com/ https://c.clarity.ms/ https://www.luminousindia.com/ https://assets.snapmint.com/ https://lumprodsta.blob.core.windows.net/ https://lumprodblobcdn.azureedge.net/ https://lum-prod-blog-app.azurewebsites.net https://www.google.co.in/ https://www.google.com/ https://www.facebook.com/ https://c.in.webengage.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/;     style-src-elem 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://accounts.google.com/ https://www.google-analytics.com/  https://embed.tawk.to/ 'unsafe-inline';  script-src https: 'self' 'unsafe-inline' ;  media-src https: 'self' ;style-src 'self' 'unsafe-inline';font-src 'self' https://fonts.gstatic.com/ https://embed.tawk.to/ ; report-to csp-endpoint;  report-uri https://soapi.luminousindia.com/api/LuminousSalesAPI/CspPostBody; object-src 'none' 1
default-src https: blob: data: wss://*.hotjar.com 'unsafe-inline' 1
frame-ancestors 'self' tece.matistik.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com https://js.stripe.com https://challenges.cloudflare.com storybook.dev.tropee.com player.vimeo.com cdn.segment.com *.sharethis.com *.hotjar.com fast.trychameleon.com cdn.jetboost.io https://assets-global.website-files.com d3e54v103j8qbb.cloudfront.net uploads-ssl.webflow.com inline www.googletagmanager.com; object-src 'none'; base-uri 'none'; script-src-elem *.hsforms.net 'self' telegram.org https://js.stripe.com https://www.googleadservices.com https://challenges.cloudflare.com cdn.tailwindcss.com https://www.youtube.com 'unsafe-inline' ajax.cloudflare.com https://googleads.g.doubleclick.net cdn.tokenproof.xyz *.hotjar.com segcdn.tropee.com code.jquery.com snap.licdn.com player.vimeo.com client.crisp.chat fast.trychameleon.com assets.calendly.com cdn.segment.com maps.googleapis.com static.cloudflareinsights.com www.googletagmanager.com js.hsforms.net js-eu1.hs-analytics.net js-eu1.hs-scripts.com js-eu1.hscollectedforms.net app.getbeamer.com js-eu1.hs-banner.com uploads-ssl.webflow.com https://assets-global.website-files.com *.sharethis.com ajax.googleapis.com cdn.jetboost.io d3e54v103j8qbb.cloudfront.net www.google-analytics.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com cdn.jsdelivr.net; style-src 'self' inline fonts.googleapis.com uploads-ssl.webflow.com https://assets-global.website-files.com; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com client.crisp.chat app.getbeamer.com uploads-ssl.webflow.com https://assets-global.website-files.com app.tor.us; style-src-attr  'unsafe-inline'; img-src 'self' data: blob: *; font-src 'self' data: rsms.me fonts.gstatic.com client.crisp.chat use.typekit.net uploads-ssl.webflow.com; connect-src 'self' data: https://tropee-demo-user-public-content.02cae71ebaedab0d6784208c256967d6.r2.cloudflarestorage.com https://tropee-user-public-content.02cae71ebaedab0d6784208c256967d6.r2.cloudflarestorage.com tropee-dev-core-service-private-content.s3.eu-west-1.amazonaws.com tropee-dev-core-service-public-content.s3.eu-west-1.amazonaws.com tropee-uat-core-service-private-content.s3.eu-west-1.amazonaws.com tropee-uat-core-service-public-content.s3.eu-west-1.amazonaws.com tropee-demo2-core-service-private-content.s3.eu-west-1.amazonaws.com tropee-demo2-core-service-public-content.s3.eu-west-1.amazonaws.com tropee-prod-core-service-private-content.s3.eu-west-1.amazonaws.com tropee-prod-core-service-public-content.s3.eu-west-1.amazonaws.com cdn.linkedin.oribi.io wss://relay.walletconnect.com https://px.ads.linkedin.com client.crisp.chat https://storage.crisp.chat https://google.com https://api-js.mixpanel.com explorer-api.walletconnect.com oauth.telegram.org https://pagead2.googlesyndication.com https://analytics.pangle-ads.com https://adservice.google.com storybook.dev.tropee.com wss://*.pusher.com *.pusher.com auth.tokenproof.xyz forms-eu1.hscollectedforms.net registry.walletconnect.com wss://*.bridge.walletconnect.org wss://www.walletlink.org *.tropee.com s3.eu-west-1.amazonaws.com browser-http-intake.logs.datadoghq.eu client.relay.crisp.chat api.tor.us *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://client.relay.crisp.chat api.segment.io app.launchdarkly.com events.launchdarkly.com fast.trychameleon.com mainnet-infura.wallet.coinbase.com cdn.segment.com eth-mainnet.alchemyapi.io o1045850.ingest.sentry.io *.google-analytics.com *.hubspot.com auth.unstoppabledomains.com polygon-mainnet.g.alchemy.com metadata.unstoppabledomains.com backend.getbeamer.com api.lens.dev *.preview.tropee.com api.demo.tropee.com api.uat.tropee.com api.dev.tropee.com *.sharethis.com www.facebook.com api.jetboost.io analytics.tiktok.com stats.g.doubleclick.net webflow.com; media-src 'self' blob: data: * lh3.googleusercontent.com api.tropee.com cdn.simplehash.com *.preview.tropee.com minio.localhost.tropee.com tropee-dev-core-service-private-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-dev-core-service-private-content tropee-dev-core-service-public-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-dev-core-service-public-content tropee-uat-core-service-private-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-uat-core-service-private-content tropee-uat-core-service-public-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-uat-core-service-public-content tropee-demo2-core-service-private-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-demo2-core-service-private-content tropee-demo2-core-service-public-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-demo2-core-service-public-content tropee-prod-core-service-private-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-prod-core-service-private-content tropee-prod-core-service-public-content.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com/tropee-prod-core-service-public-content; worker-src 'self'; frame-src *.preview.tropee.com *.tropee.com *.demo.tropee.com *.uat.tropee.com *.dev.tropee.com vars.hotjar.com verify.walletconnect.com *.embednotionpage.com storybook.dev.tropee.com calendly.com https://challenges.cloudflare.com www.crossmint.com form.typeform.com app.getbeamer.com td.doubleclick.net app.tor.us player.vimeo.com www.youtube.com auth.magic.link *.sharethis.com www.facebook.com https://js.stripe.com; frame-ancestors 'self' tropee-embed.pages.dev; report-uri https://tropee.report-uri.com/r/d/csp/enforce; 1
Content-Security-Policy-Report-Only: default-src * 'self' 'unsafe-inline'; report-uri https://sentry.verticalaxion.com/api/9/security/?sentry_key=ec0f5a73238643ff974202212042355d 1
default-src  'self' tkz.one *.tkz.one; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.tkz.one tkz.one;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.tkz.one tkz.one; cdn.jsdelivr.net;  style-src    'self' 'unsafe-inline' *.tkz.one tkz.one cdn.jsdelivr.net;  font-src     'self' data: *.tkz.one tkz.one;  frame-src    'self' tkz.one *.tkz.one;  object-src   'self' ; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://go.staplesadvantage.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.flippenterprise.net *.wishabi.com *.wishabi.net *.flipp.com *.flippback.com *.klaviyo.com www.googletagmanager.com www.google-analytics.com https://*.inside-graph.com https://*.kaptcha.com https://static.klaviyo.com https://static.klaviyo.com https://cdn.segment.com https://sjs.bizographics.com https://media.richrelevance.com/rrserver/js/1.2/p13n.js https://ui.staples-sparx.com https://ui-integration.staples-sparx.com https://*.marketo.net https://www.powr.io/ https://js-agent.newrelic.com https://s.go-mpulse.net https://cdns.brsrvr.com https://bam.nr-data.net https://widgets.turnto.com https://reseller.spexaccess.net https://content.etilize.com https://html5.dcatalog.com https://publications.eway.ca https://selectors.cnetcontentsolutions.com https://bam.nr-data.net https://cc.cnetcontent.com https://code.jquery.com https://cdn-cookieyes.com https://*.1worldsync.com https://cdn.cnetcontent.com https://cc.cnetcontent.com https://cc.cs.1worldsync.com https://ws.cnetcontent.com; connect-src 'self' https: data: blob: https://*.logs.datadoghq.com https://*.inside-graph.com wss://*.inside-graph.com; img-src 'self' blob: https://go.staplesadvantage.com/ https://cdn-cookieyes.com/ https://*.112.2o7.net https://i.ytimg.com https://cc.cnetcontent.com https://cdn.cnetcontent.com https://*.1worldsync.com https://storage.googleapis.com https://www.google.com https://www.google.ca https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.flippenterprise.net *.wishabi.com *.wishabi.net data: https://*.inside-graph.com https://api.staples-sparx.com https://www.eway.ca https://static.eway.ca https://stg-static.eway.ca https://www.staplesbusinessadvantage.ca https://staples.122.2o7.net https://p.brsrvr.com https://esbisbt.staples.com https://content.etilize.com; style-src 'self' 'unsafe-inline' https://cdn.cs.1worldsync.com https://go.staplesadvantage.com/ https://static.klaviyo.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.flippenterprise.net *.wishabi.com *.flipp.com *.flippback.com fonts.googleapis.com https://*.inside-graph.com https://assets.ctfassets.net https://widgets.turnto.com https://content.etilize.com https://selectors.cnetcontentsolutions.com https://cc.cnetcontent.com; font-src 'self' 'unsafe-inline' https://cdn.cs.1worldsync.com https://assets.ctfassets.net https://cdn.shopify.com fonts.gstatic.com stp2-cdn.inside-graph.com data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
connect-src 'self' *.fefundinfo.com *.fundinfo.com; font-src 'self' https://fonts.gstatic.com/ *.cloudflare.com; frame-src 'self' *.fundinfo.com *.fefundinfo.com edge-cdn.net *.google.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.gstatic.com *.fundinfo.com *.google.com *.jquery.com *.fefundinfo.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.fundinfo.com *.fefundinfo.com *.feprecisionplus.com https://fonts.googleapis.com/ 'unsafe-inline'; 1
default-src 'self' https:;script-src 'self' 'unsafe-inline'   https://www.googletagmanager.com  https://player.vimeo.com/api/player.js   https://policy.app.cookieinformation.com  https://www.youtube.com   https://mktdplp102cdn.azureedge.net  *.svc.dynamics.com/f  *.svc.dynamics.com/t  *.svc.dynamics.com/t/w    https://dhigroup.matomo.cloud  https://cdn.matomo.cloud/dhigroup.matomo.cloud/container_HH5X4G0y.js  https://cdn.matomo.cloud/dhigroup.matomo.cloud/matomo.js;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https:;font-src 'self' *.gstatic.com data: https:;img-src 'self' *.googletagmanager.com data: https:;object-src 'self' 'unsafe-inline' *;frame-ancestors 'none';base-uri 'self';form-action 'none'; 1
frame-ancestors 'self' https://www.around.video; 1
frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 1
frame-ancestors 'self' *.flexform.it; 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' blob: data: ; worker-src * ; frame-ancestors 'self' ; style-src-elem 'self' 'unsafe-inline' *.freshworks.com *.bootstrapcdn.com blob: *.cloudflare.com *.fonts.net  *.diageohorizon.com *.myfonts.net *.mapbox.com ; connect-src * *.google-analytics.com *.analytics.google.com; img-src * *.google-analytics.com *.analytics.google.com data:; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dlswbr.baidu.com *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.powereasy.net; object-src 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-2AlgHGbu9YJBxgftw6miWnMBCWXwxjIl+nBDq88NXsArqorF' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com pixel-static.spotify.com *.scdn.co cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.contentful.com *.scdn.co *.ctfassets.net www.google-analytics.com; font-src 'self' data:; connect-src 'self' *.spotify.com *.scdn.co *.contentful.com *.ctfassets.net www.google-analytics.com cdn.cookielaw.org *.onetrust.com; media-src 'self' *.contentful.com *.ctfassets.net; object-src 'self'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' *.scdn.co *.spotify.com *.youtube.com *.vimeo.com; 1
style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://s.fonzip.com 'unsafe-inline' https://www.gstatic.com; frame-src 'self' https://www.google.com data: https://fonzip.com https://s.fonzip.com https://yonetim.fonzip.com https://bid.g.doubleclick.net/ https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://h.online-metrix.net https://tpc.googlesyndication.com https://ode.iyzico.com; script-src 'self' https://www.google.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/jsapi https://www.gstatic.com https://s.fonzip.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://js.stripe.com https://h.online-metrix.net https://cdn.onesignal.com https://onesignal.com https://b.sf-syn.com https://snap.licdn.com https://ajax.cloudflare.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'nonce-/EOlk9f+ufcCrUE8s4onsQ=='; img-src blob: 'self' https://www.google.com https://www.google.com.tr https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://s.fonzip.com https://www.iyzico.com data: https://www.google.co.uk https://3d.payten.com.tr https://www.google.fr https://www.google.de https://www.google.az https://www.google.es https://www.google.nl https://www.google.kg https://www.gstatic.com https://*.googleusercontent.com https://www.google.iq https://www.google.com.ec https://www.google.be https://www.google.ci https://www.google.mk https://www.google.com.my https://www.google.com.np https://www.google.ch https://www.google.co.in https://www.google.tm https://www.google.com.pk https://www.google.ru https://www.google.com.sa https://googleads.g.doubleclick.net https://www.google.com.au https://www.google.com.bd https://www.google.it https://www.google.fi https://www.google.la https://www.google.ae https://www.google.ca https://www.google.ro https://www.google.com.sg https://www.google.co.th https://www.google.com.qa https://www.google.com.cy https://www.google.com.ph https://www.google.com.ly https://www.google.com.br https://www.google.com.pa https://www.google.com.py https://www.google.jo https://www.google.com.jm https://www.google.at https://www.google.co.id https://www.google.se https://platform-lookaside.fbsbx.com https://www.google.com.eg https://www.google.com.mm https://www.google.dz https://www.google.co.il https://www.google.lu https://www.google.gr https://www.google.ie https://www.google.bg https://www.google.cz https://www.google.af https://scontent.xx.fbcdn.net https://www.google.co.ma https://www.google.pt https://www.google.com.bo https://www.google.com.ar https://www.google.com.kh https://www.google.kz https://www.google.hr https://www.google.ge https://www.google.dk https://www.google.bh https://www.google.sk https://www.google.com.ua https://static.xx.fbcdn.net https://www.google.me https://www.google.pl https://www.google.com.hk https://www.google.ps https://www.google.co.tz https://www.google.tn https://www.google.com.kw https://www.google.co.uz https://www.google.gm https://www.google.ne https://www.google.co.mz https://www.google.com.af https://www.google.com.do https://www.google.com.sv https://www.google.hn https://www.google.lk https://www.google.com.gt https://www.google.com.pe https://www.google.com.vn https://www.google.co.cr https://www.google.com.mx https://www.google.com/ads/ga-audiences https://www.google.co.ke https://media.licdn.com https://www.google.co.ug https://www.google.com.lb https://bucket.mlcdn.com https://www.google.ml https://www.google.no https://www.google.ga https://favicon.yandex.net https://www.google.ba https://www.google.dj https://www.googleadservices.com https://www.google.co.ls https://www.google.mn https://www.google.co.ao https://www.google.cg https://www.google.com.et https://www.google.mv https://www.google.com.om https://www.google.mw https://www.google.com.tw https://www.google.al https://www.google.sn https://www.google.rs https://www.google.com.gh https://www.google.co.kr https://ct.capterra.com https://assets.capterra.com https://b.sf-syn.com https://lookaside.facebook.com https://img.posta.fonzip.com https://cdn.fonzip.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.linkedin.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' https://js.intercomcdn.com; object-src none; default-src 'self' https://s.fonzip.com; font-src 'self' https://s.fonzip.com data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-ancestors 'self' https://fonzip.com; connect-src 'self' https://s.fonzip.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://cdn.fonzip.com https://api.stripe.com https://www.google.com https://www.google-analytics.com https://web.facebook.com https://analytics.google.com https://www.google.com.tr https://cdn.linkedin.oribi.io https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://px.ads.linkedin.com 1
frame-ancestors 'self' *.synacor.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *; 1
frame-ancestors *; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com/cdn-cgi/ static.cloudflareinsights.com  challenges.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.studiolution.com/media/ https://*.google-analytics.com data: https://*.tile.openstreetmap.org; connect-src 'self' https://*.studiolution.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net cloudflareinsights.com; object-src 'none'; font-src 'self' data: ; worker-src 'self' blob: 1
frame-ancestors 'self' *.pure.cloud 1
upgrade-insecure-requests; object-src 'none'; worker-src 'none'; 1
default-src 'self' https://medieninhalte.edeka/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.friendlycaptcha.com/ *.awswaf.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src https://api.friendlycaptcha.com/ https://dev.login.edeka/ https://test.login.edeka/ https://login.edeka/ *.awswaf.com; 1
frame-ancestors 'self' https://api.c9guxrh1t0-osbornedi1-p1-public.model-t.cc.commerce.ondemand.com 1
frame-ancestors 'self' https://www.weberhaus.de; 1
script-src 'nonce-35cc9687d2f4e097ffc13d524c45afbc' 'unsafe-inline' 'self' https://developers.panopto.com https://embed-cdn.gettyimages.com https://s.imgur.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com/embed.js https://www.google.com; frame-ancestors 'self' 1
default-src * 'unsafe-inline' data: blob:; 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
default-src https://*.photofinish.live https://photofinish.live; script-src 'self' *.vibe.co *.jup.ag jup.ag *.coinflow.cash *.nsureapi.com *.amazoncognito.com *.googletagmanager.com *.google-analytics.com *.facebook.net 'sha256-xkTtltk8aK31GTLNVQMitj6opg85EkRC/Cn90r7oWjU=' 'sha256-mmm5D4GRubTmkFus1myOfGrm5tsqsxUZjhQIRipXTQk=' 'sha256-UE5ZG75uVs2fpUVY/h6/RmdJUCxpmUDZZeYHeFnNgx4=' 'sha256-ZRSWmrXFO68qeEWQq21FBU4sg6vv9QN9K+0ESLndy8I=' 'sha256-A/+PzIxlSCJwURrs4fryx4A488TPeXfoPZCDNV5QChI=';frame-src *.nsureapi.com *.youtube.com youtube.com coinflow.cash *.coinflow.cash *.sumsub.com connect.solflare.com; connect-src 'self' *.jup.ag jup.ag *.photofinish.live photofinish.live *.stylishstuds.io *.solana.com *.coinflow.cash *.nsureapi.com wss://*.amazonaws.com *.thirdtimegames.com thirdtimegames.com *.google-analytics.com googletagmanager.com *.amazonaws.com *.googleusercontent.com docs.google.com https://*.helius-rpc.com wss://*.helius-rpc.com;img-src 'self' data: jup.ag *.thirdtimegames.com thirdtimegames.com media.go2speed.org go.nordvpn.net *.photofinish.live photofinish.live www.facebook.com arweave.net *.arweave.net *.stylishstuds.io fonts.gstatic.com *.googletagmanager.com; style-src 'self' *.jup.ag jup.ag *.photofinish.live fonts.googleapis.com data: 'unsafe-inline'; media-src 'self'  *.thirdtimegames.com thirdtimegames.com media.go2speed.org *.photofinish.live; frame-ancestors 'self' *.photofinish.live photofinish.live; form-action 'self' *.photofinish.live photofinish.live docs.google.com facebook.com *.facebook.com; font-src 'self' fonts.gstatic.com fonts.google.com fonts.googleapi.com data:; 1
upgrade-insecure-requests;style-src 'self' 'nonce-BJ7dpy9DdyS7YXU';font-src 'self';script-src 'self' 'nonce-BJ7dpy9DdyS7YXU' ;connect-src 'self' https://blob.cat wss://blob.cat  https://s3.v5.yokai.cafe https://cache.blob.cat;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 1
child-src 'self'  https://cdn.plaid.com https://cdnjs.cloudflare.com https://iaccess.wpengine.com https://www.google.com https://ilogin.okta.com https://*.hotjar.com:* https://player.vimeo.com https://help.iaccessportal.com; font-src 'self' https://fonts.gstatic.com https://player.vimeo.com; 1
frame-ancestors 'www.careinspectorate.com' 1
frame-src 'self' *.queue-it.net *.hkpc.org *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com *.google.com *.youtube-nocookie.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.gstatic.com *.islash.io *.outlook.com *.hsforms.com *.jquery.com *.hubspot.com; script-src-elem 'self' 'unsafe-inline' *.queue-it.net *.hkpc.org *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com *.google.com *.gstatic.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.islash.io *.outlook.com *.jquery.com *.hubspot.com html5shiv.googlecode.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.hkpc.org/zh-HK/report-uri/enforce 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://nyulocal.com https://*.nyulocal.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' 'unsafe-inline' *.sapo.io *.ticketline.pt ticketline.sapo.pt *.google.com fonts.gstatic.com services.ticketline.pt *.sapo.io *.sapo.pt wa.sl.pt *.youtube.com *.vimeo.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net *.mailchimp.com ticketline.us14.list-manage.com pagamentosweb.reduniq.pt www.paypal.com www.wallet.pt wallet.pt idp.wallet.pt www.googletagmanager.com connect.facebook.net www.facebook.com data: blob: 'self'; 1
default-src 'self' wss://isaacphysics.org https://cdn.isaacphysics.org https://plausible.isaacphysics.org https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; object-src 'none'; frame-src 'self' https://anvil.works https://*.anvil.app https://www.youtube-nocookie.com; img-src 'self' data: https://cdn.isaacphysics.org https://www.google-analytics.com https://*.tile.openstreetmap.org https://developers.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://cdn.isaacphysics.org https://fonts.gstatic.com; 1
upgrade-insecure-requests; report-uri https://feldman.report-uri.com/r/d/csp/enforce 1
default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors https://bestantiviruspro.org https://fr.bestantiviruspro.org https://de.bestantiviruspro.org https://es.bestantiviruspro.org 1
frame-ancestors 'self' https://nnss.gov; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://llllllll.co/logs/ https://llllllll.co/sidekiq/ https://llllllll.co/mini-profiler-resources/ https://llllllll.co/assets/ https://llllllll.co/extra-locales/ https://llllllll.co/highlight-js/ https://llllllll.co/javascripts/ https://llllllll.co/plugins/ https://llllllll.co/theme-javascripts/ https://llllllll.co/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://llllllll.co/assets/ https://llllllll.co/javascripts/ https://llllllll.co/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https://content.ingbank.pl; font-src 'self' https://content.ingbank.pl; style-src 'self' 'unsafe-inline' www.ing.pl https://content.ingbank.pl; img-src 'self' data: https://content.ingbank.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-src 'self' https://www.google.com https://content.ingbank.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.ingbank.pl www.ing.pl https://content.ingbank.pl adocean-pl.hit.gemius.pl *.google-analytics.com *.googletagmanager.com; object-src 'self' https://content.ingbank.pl; connect-src 'self' https://content.ingbank.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-ancestors 'self' https://content.ingbank.pl; 1
frame-ancestors 'self' https://kronos-ma.com https://*.nihon-ma.co.jp https://ma-association.com https://dev.ma-association.com 1
frame-ancestors 'self' fundraiseup.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://troypointinsider.com/logs/ https://troypointinsider.com/sidekiq/ https://troypointinsider.com/mini-profiler-resources/ https://troypointinsider.com/assets/ https://troypointinsider.com/extra-locales/ https://troypointinsider.com/highlight-js/ https://troypointinsider.com/javascripts/ https://troypointinsider.com/plugins/ https://troypointinsider.com/theme-javascripts/ https://troypointinsider.com/svg-sprite/ 'report-sample' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://js.stripe.com/v3/ https://hooks.stripe.com stripe.com js.stripe.com troypoint-llc.ck.page; worker-src 'self' https://troypointinsider.com/assets/ https://troypointinsider.com/javascripts/ https://troypointinsider.com/plugins/; report-uri https://troypointinsider.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' *.fpcu.org fpcu.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cloudflare.com  *.cookielaw.org *.licdn.com  *.doubleclick.net  *.demandbase.com *.clickcease.com *.luckyorange.com *.pantheonsite.io *.soapfighters.com *.createjs.com *.hotjar.com *.clarity.ms *.greenhouse.io *.addthis.com *.6sc.co/6si.min.js *.redditstatic.com *.youtube.com *.vimeocdn.com *.purestorage.com *.techtarget.com *.ubembed.com *.segment.com *.heapanalytics.com heapanalytics.com *.gstatic.com *.google.com/recaptcha/api.js *.googleadservices.com *.marketo.net munchkin.marketo.net/munchkin.js j.6sc.co/j/a947bdcf831cbf1412b18d34c2bb8b14251ffd15.js j.6sc.co/j/f51233e4-fda6-4878-a32f-4bb2a9673c8b.js 1
frame-ancestors 'self' http://www.rslcontent.co.uk api.nowsignage.com media.nowsignage.com https://multizone.nowsignage.com; 1
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-lgbetPU_jwpUP7IYUCFqNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
font-src 'self' 'unsafe-inline' https://fonts.sayanogorsk.info https://fonts.gstatic.com https://yastatic.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self' https://cdn.cookielaw.org 'unsafe-inline'; img-src 'self' https://www.google.com https://www.google.co.in https://www.googletagmanager.com https://mediaslide-us.storage.googleapis.com https://cdn.cookielaw.org/;media-src https://mediaslide-us.storage.googleapis.com; script-src 'self' https://cdn.cookielaw.org https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.segment.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://stats.g.doubleclick.net https://privacyportal.onetrust.com https://analytics.google.com https://cdn.segment.com https://api.segment.io https://geolocation.onetrust.com https://cdn.cookielaw.org; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.projuris.com.br https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://cdn.neurologic.com.br https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' blob: data: https://cdn-s3.callpage.io https://*.omappapi.com https://i.ytimg.com https://wp.stories.google https://www.gstatic.com https://eye.rd.services https://*.ads.linkedin.com https://bat.bing.com https://www.google.com.br https://www.facebook.com https://lipis.github.io https://*.projuris.com.br https://secure.gravatar.com https://ps.w.org https://app.leadster.com.br https://cdn.neurologic.com.br https://storage.googleapis.com https://www.google.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://www.linkedin.com https://*.hsforms.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://analytics.twitter.com https://t.co https://blog.sajadv.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.positus.global/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/; style-src 'self' https://cdn.ampproject.org https://cdn-widget.callpage.io https://*.omappapi.com https://optimize.google.com https://stackpath.bootstrapcdn.com https://*.cloudflare.com https://*.projuris.com.br https://maxcdn.bootstrapcdn.com https://cdn.positus.global https://k3v2w4q6.stackpathcdn.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://cdnjs.cloudflare.com https://*.omappapi.com https://use.typekit.net https://*.projuris.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://js.hs-banner.com/; frame-src 'self' https://www.youtube-nocookie.com https://anchor.fm https://open.spotify.com https://vars.hotjar.com https://app.vooozer.com https://bid.g.doubleclick.net https://submit.jotform.com https://form.jotform.com https://go.vooozer.com https://*.soundcloud.com https://*.projuris.com.br https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://*.google.com https://forms.hsforms.com https://app.hubspot.com/ https://podcasters.spotify.com https://sajadv.chat.blip.ai/ https://td.doubleclick.net/ https://22474960.hs-sites.com/; frame-ancestors 'self' https://*.projuris.com.br; connect-src 'self' https://*.callpage.io https://*.omappapi.com https://cdnjs.cloudflare.com https://us-central1-amp-error-reporting.cloudfunctions.net https://cdn.ampproject.org https://gyruss.rdops.systems wss://*.hotjar.com https://demo.theme.co https://*.hotjar.io https://*.hotjar.com https://bat.bing.com https://monitor.clickcease.com https://www.facebook.com https://app.leadster.com.br https://app.neurologic.com.br https://stats.g.doubleclick.net https://*.google-analytics.com https://*.rdstation.com.br https://cdn.linkedin.oribi.io https://api.hubapi.com https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://*.clarity.ms https://*.hscollectedforms.net https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.com.br https://js.hs-banner.com https://api.hubspot.com https://my.yoast.com/ https://analytics.google.com/ https://cta-service-cms2.hubspot.com/ https://pagead2.googlesyndication.com/ https://qeryz.com/; object-src 'none'; media-src 'self' https://cdn-widget.callpage.io https://*.projuris.com.br; worker-src 'self' blob: https://*.projuris.com.br; script-src-elem 'self' 'unsafe-inline' data: https://www.gstatic.com https://cdn-widget.callpage.io https://*.omappapi.com https://cdn.ampproject.org https://www.youtube.com https://w.soundcloud.com https://panel.safetymails.com https://www.googleoptimize.com https://*.hotjar.com https://*.google.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googleadservices.com https://cdn.neurologic.com.br  https://connect.facebook.net https://*.cloudfront.net https://cdn.jsdelivr.net https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://fonts.googleapis.com https://*.projuris.com.br https://js.hs-scripts.com https://snap.licdn.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hubspot.com https://forms.hsforms.com https://api.hubapi.com https://js.hs-analytics.net https://js.hsforms.net https://*.clarity.ms https://js.usemessages.com https://unpkg.com/blip-chat-widget https://yoast.com/ https://js.hubspot.com/ https://js.hsleadflows.net/ https://assets.qeryz.net/ 1
default-src 'self' https://sketchfab.com https://communityregister.elekta.com https://play.vidyard.com https://static.elekta.com https://player.jaws-studio.online; font-src 'self'; img-src 'self' https://stats.elekta.com https://play.vidyard.com https://cdn.vidyard.com https://api.mapbox.com; script-src 'self' 'unsafe-eval' https://stats.elekta.com https://cdn.pardot.com https://pi.pardot.com https://success.elekta.com https://play.vidyard.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://api.mapbox.com https://vidyard-proxy.elekta.com https://success.elekta.com https://stats.elekta.com https://*.algolianet.com https://*.algolia.net https://play.vidyard.com https://ir.elekta.com/latest-news/ https://ko5zn8xqvb.execute-api.eu-central-1.amazonaws.com/Prod/ https://www.google-analytics.com 1
default-src 'self';img-src * data:;connect-src 'self' *.google-analytics.com;frame-src 'self' *.google.com *.wp.com;font-src 'self' fonts.gstatic.com *.bootstrapcdn.com data:;style-src 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';style-src-elem 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';script-src *.pic.cat pic.cat *.pic.es pic.es *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.wp.com *.wordpress.com *.google-analytics.com *.google.com *.datatables.net 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ https://www.asiabriefing.com/ 1
frame-ancestors 'self' tag-der-kinderseiten.de www.klick-tipps.net www.blinde-kuh.de; 1
connect-src 'self' *.facebook.com *.facebook.net  *.google-analytics.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; default-src 'self';  script-src 'self' connect.facebook.net graph.facebook.com *.google.com  maps.googleapis.com www.google-analytics.com/analytics.js *.twitter.com *.uservoice.com assets.uvcdn.com cdn.syndication.twimg.com www.gstatic.com cdn.jsdelivr.net  'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com platform.twitter.com 'unsafe-inline';img-src * data: blob:;font-src 'self' fonts.gstatic.com; frame-src 'self' https:; 1
img-src 'self' data: *.algolia.net images.ctfassets.net *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co click2cart.com *.click2cart.com 2cart.net haircodeassetsprod.azureedge.net *.adsrvr.org images-haircode-com-prod.azureedge.net cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.algolia.net *.cloudinary.com *.ctfassets.net *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.algolia.net *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.algolia.net *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co click2cart.com *.click2cart.com 2cart.net *.iesnare.com *.adsrvr.org api.ipify.org cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.algolia.net kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co click2cart.com *.click2cart.com 2cart.net *.haircode.com *.onetrust.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.algolia.net *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co click2cart.com *.click2cart.com 2cart.net pgconsumersupport.secure.force.com *.force.com *.youtube.com *.adsrvr.org pg-lex.my.salesforce-sites.com consumersupport.pg.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.salesforceliveagent.com feed.pghub.io ; 1
default-src 'self' mailto: tel: *.aia.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.aia.com *.azure-api.net *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.linkedin.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.akamaihd.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com;  connect-src 'self' *.aia.com *.azure-api.net *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.linkedin.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com;  img-src 'self' data: blob: *.aia.com *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.youtube.com https://youtu.be *.adsymptotic.com *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com; media-src 'self' data: blob: *.aia.com *.aia.com.au *.scene7.com; object-src 'self' *.aia.com *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com; frame-src 'self' mailto: tel: *.aia.com *.aia.com.au *.mcxplatform.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.aia.com *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com *.googlesyndication.com; font-src * data:; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-2e703b4ebeed98a1bb6df5135ff929ee' 'nonce-b739b124f88f602b4f88e1ad2023c918' 'nonce-0ce1cbea20c3920a215eed37e4f06fd9' 'nonce-c1312e6f06354a2adc633e8a83f7cf66' 'nonce-5a29691c1f80b4c660384c3718806ac4' 'nonce-2f9a4f34f18cec1f4b3b52762595dec1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-2e703b4ebeed98a1bb6df5135ff929ee' 'nonce-b739b124f88f602b4f88e1ad2023c918' 'nonce-0ce1cbea20c3920a215eed37e4f06fd9' 'nonce-c1312e6f06354a2adc633e8a83f7cf66' 'nonce-5a29691c1f80b4c660384c3718806ac4' 'nonce-2f9a4f34f18cec1f4b3b52762595dec1' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' data: a.omappapi.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com widget.intercom.io nexus-websocket-a.intercom.io js.intercomcdn.com fonts.gstatic.com fonts.googleapis.com api-iam.intercom.io secure.gravatar.com yt3.ggpht.com www.youtube.com www.gstatic.com www.google.com static.doubleclick.net *.googlevideo.com play.google.com jnn-pa.googleapis.com i.ytimg.com googleads.g.doubleclick.net; 1
default-src 'self'; img-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://*.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com https://pbs.twimg.com https://px.ads.linkedin.com/collect https://www.linkedin.com/px https://px4.ads.linkedin.com https://maps.googleapis.com/maps/ https://static.hotjar.com https://script.hotjar.com https://online.flippingbook.com/ https://d17lvj5xn8sco6.cloudfront.net; media-src 'self' https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com; font-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://script.hotjar.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'  'unsafe-inline' sentry.io *.sentry-cdn.com https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'self' 'unsafe-inline' https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js www.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com/ https://online.flippingbook.com/EmbedScriptUrl.aspx https://static.hotjar.com https://script.hotjar.com https://d33i2vgywgme2s.cloudfront.net; connect-src 'self' https://schubergphilis.com sentry.io *.sentry.io https://*.google-analytics.com/ https://region1.google-analytics.com/g/collect https://maps.googleapis.com/maps/api/ https://metrics.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://online.flippingbook.com/; form-action 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://vars.hotjar.com https://online.flippingbook.com; frame-ancestors 'self'; object-src 'none' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Fp09x4kFndax4A0JJKPxvQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' https://www.baylismediabookings.co.uk/ http://testbaba.virtualcms.it 1
default-src 'self' data: https://*.moneypak.com https://*.typekit.net https://*.typekit.com https://*.vimeo.com https://vimeo.com https://greendot.tt.omtrdc.net;     img-src 'self' data: https://*.google-analytics.com https://*.typekit.net https://*.moneypak.com https://ds.reson8.com;     child-src 'self' https://*.google.com https://*.cdn-gdc.com https://player.vimeo.com https://www.greendot.com;     style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.moneypak.com https://*.typekit.com https://*.typekit.net;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.moneypak.com https://*.typekit.com https://*.typekit.net       https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.tt.omtrdc.net https://*.vimeo.com;     font-src 'self' data: https://*.typekit.com https://*.typekit.net;      1
default-src 'self' data: www.toegankelijkheidsverklaring.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.openindex.io m3.mailplus.nl static.mailplus.nl www.google-analytics.com www.gstatic.com maps.googleapis.com www.googletagmanager.com www.google.com; style-src 'self' 'unsafe-inline' static.mailplus.nl cdnjs.cloudflare.com; object-src 'self'; font-src 'self' cdnjs.cloudflare.com; frame-src 'self' www.youtube.com www.google.com www.youtube-nocookie.com player.vimeo.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=290703hiqu7jt&partner=; 1
frame-ancestors 'self' https://manage.roadsbridges.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors self *.myshopify.com admin.shopify.com wiki.frameiteasy.com admin.frameiteasy.com upload.frameiteasy.com; 1
default-src 'self'; base-uri 'self'; img-src * data: https://*.zhzveilig.nl; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://open.spotify.com https://player.vimeo.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-NTk3NjBlZTctOGJlMy00ODA2LWI2ZTktMWY2N2VjYmU2N2Mx' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://use.typekit.net https://p.typekit.nt https://virtuele-gemeente-assistent.nl https://6006006.global.siteimproveanalytics.io https://webdiensten.drechtsteden.nl https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://www.youtube.com https://i.ytimg.com https://yt3.ggpht.com https://open.spotify.com https://i.scdn.co https://open.scdn.co https://demo-drechtsteden.dev.irma-bellen.nl https://*.zhzveilig.nl; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://speech-eu.speechstream.net/Generator/voice/Claire https://use.typekit.net https://p.typekit.nt https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl https://6006006.global.siteimproveanalytics.io https://webdiensten.drechtsteden.nl https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://www.youtube.com https://i.ytimg.com https://yt3.ggpht.com https://open.spotify.com https://i.scdn.co https://open.scdn.co https://output.zhzveilig.nl https://*.zhzveilig.nl; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-NTk3NjBlZTctOGJlMy00ODA2LWI2ZTktMWY2N2VjYmU2N2Mx' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://virtuele-gemeente-assistent.nl https://*.zhzveilig.nl; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ardor-gaming.com https://*.ardor-gaming.com https://dns-shop.ru/ https://*.dns-shop.ru/  https://www.google-analytics.com/ https://gstatic.com https://*.gstatic.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/  https://mc.yandex.ru/ https://*.doubleclick.net https://doubleclick.net; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https://*.dns-shop.ru https://*.retailrocket.net https://*.retailrocket.ru https://ohio8.vchecks.me https://hls-jp.jwpsrv.com/ https://content.jwplatform.com/  https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/ https://bam.nr-data.net https://api.retailrocket.net https://api.retailrocket.ru  https://content.syndigo.com/ https://google-analytics.bi.owox.com/ https://api-maps.yandex.ru/ https://stats.g.doubleclick.net/  https://www.google.com/ads/ https://m.addthis.com/live/red_lojson/ https://s7.addthis.com/l10n/ https://top-fwz1.mail.ru/  https://bot.aimylogic.com/restapi/ wss://chat.dns-shop.ru https://chat.dns-shop.ru https://e-shop.homecredit.ru https://media.pointandplace.com/ https://vk.com https://media.flixcar.com/ https://autocomplete.diginetica.net/ https://www.facebook.com/tr/  https://analytics.tiktok.com/ https://content.24ttl.stream/ https://itweb-asmsys.dns-shop.ru:17589/  https://*.flix360.io/ http://shops.dns-shop.ru/ https://www.youtube-nocookie.com/ https://pplan.ru/ https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com/; frame-src 'self' intent: https://club.dns-shop.ru https://ftp.dexp.club/ https://ftp.dns-shop.ru/  https://www.facebook.com/ https://www.youtube.com https://www.google.com https://optimize.google.com; worker-src blob: https://dns-shop.ru https://*.dns-shop.ru 1
default-src 'self' *.crazyegg.com; script-src *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src *.crazyegg.com * data:; style-src *.crazyegg.com 'self' 'unsafe-inline' *; font-src * data:; connect-src *.crazyegg.com *; frame-src *.crazyegg.com * data:; worker-src 'blob:' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google.com www.google.com.tw www.googletagmanager.com www.google-analytics.com analytics.google.com b.scorecardresearch.com sb.scorecardresearch.com stats.g.doubleclick.net; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://sm.ee/show_node_paragraph/2434/82ba387c-3181-488a-b2f7-180f9633e6b2 https://sm.ee/show_node_paragraph/221/31c7085f-c6b8-465f-949f-dd1379a40dfe https://kriis.prelive.vportal.ee/show_node_paragraph/879/9805f208-da39-4328-8f31-1bdc1fea7eaa https://kriis.ee/show_node_paragraph/879/9805f208-da39-4328-8f31-1bdc1fea7eaa https://sm.web.tehik.ee/show_node_paragraph/2618/9a314991-ebe6-4e3a-ad66-290aa1b2bee2 https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com 6168367.global.siteimproveanalytics.io *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org static.cloudflareinsights.com ajax.cloudflare.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://siteimproveanalytics.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://talendipank.ee static.cloudflareinsights.com ajax.cloudflare.com https://siteimproveanalytics.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://cdn.jsdelivr.net https://*.demandbase.com https://*.gstatic.com https://unpkg.com https://*.unpkg.com https://*.myvtex.com https://*.rlcdn.com https://*.vteximg.com.br  https://*.wistia.com https://*.pardot.com https://go.stanleyengineeredfastening.com https://*.coveo.com  https://*.addthisedge.com  https://*.moatads.com https://*.addthis.com https://*.d41.co https://*.my.salesforce.com https://*.como.com  https://*.vtexassets.com https://*.vtex.com.br https://*.vtex.com https://*.google.com https://*.google.fr https://*.google.be https://*.google.nl https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.bing.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://*.rpxnow.com https://rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.marketo.net https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.onetrust.com https://*.cookielaw.org https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.mapbox.com https://*.hotjar.com https://*.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net https://*.facebook.com resource://pdf.js  https://*.bazaarvoice.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://acsbapp.com; img-src 'self' data: blob: https://*.clarity.ms https://*.rlcdn.com https://*.company-target.com https://*.google.com https://*.cookielaw.org https://*.my.salesforce.com https://*.google.co.uk https://*.vtexassets.com  https://*.stanleyengineeredfastening.com https://*.vteximg.com.br https://*.google.nl https://*.google.be https://*.google.fr https://*.googleusercontent.com https://*.google.com.ua https://*.vtex.com.br https://*.vtex.com https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.doubleclick.net https://*.bing.com https://*.mapbox.com https://*.bazaarvoice.com https://*.acsbapp.com https://*.force.com https://*.site.com; style-src 'self' 'unsafe-inline' https://*.salesforce.com https://*.myvtex.com https://*.google.com https://*.google.nl https://*.google.fr https://*.google.be https://*.marketo.net https://*.marketo.com https://*.google-analytics.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com  https://*.hotjar.com https://*.mapbox.com https://*.typekit.net https://*.bazaarvoice.com https://*.force.com https://*.site.com https://*.vtexassets.com https://*.vtex.com.br https://*.vtex.com https://*.vteximg.com.br; font-src 'self' data: https://*.vtexassets.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net https://*.bazaarvoice.com https://*.force.com https://*.site.com https://*.sfdcstatic.com https://*.vtex.com.br https://*.vtex.com https://acsbapp.com; connect-src 'self' https://*.clarity.ms https://*.demandbase.com https://*.company-target.com https://*.salesforceliveagent.com https://acsbapp.com https://*.acsbapp.com https://optanon.blob.core.windows.net/logos/static/ot_guard_logo.svg https://*.newrelic.com https://*.sfdcstatic.com https://*.salesforceliveagent.com https://*.stanleyengineeredfastening.com https://*.salesforce.com https://*.techlab-cdn.com https://unpkg.com https://*.myvtex.com https://*.gstatic.com https://*.doubleclick.net https://*.akamaihd.net https://*.googletagmanager.com https://*.vtexassets.com https://*.d41.co https://*.biggylabs.com.br https://*.vteximg.com.br https://*.vtex.com:8088 https://*.vtex.com https://*.vtex.com.br https://*.google.com https://*.biggylabs.com.br https://*.google.nl https://*.google.fr https://*.google.be https://*.facebook.com https://*.facebook.net https://*.driftcdn.com https://*.googleapis.com https://*.google-analytics.com https://*.mktoresp.com https://*.bing.com https://*.googlevideo.com https://*.hotjar.com https://*.hotjar.io https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://*.bazaarvoice.com https://*.visibleconsumerinsight.com https://*.force.com https://*.site.com https://*.oribi.io; worker-src data: blob: 'self'; frame-src 'self' https://*.company-target.com https://*.salesforce.com https://*.google.com https://*.addthis.com  https://*.google.nl https://*.google.fr https://*.google.be https://*.marketo.net https://*.marketo.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.janraincapture.com https://*.youtube.com https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.stanleyengineeredfastening.com https://*.pricespider.com https://*.force.com https://*.site.com;frame-ancestors 'self' https://*.force.com https://*.site.com; media-src 'self' https://*.driftqa.com; upgrade-insecure-requests; report-uri /csp.cgi; 1
frame-src 'self' 'unsafe-eval' 'unsafe-inline' dokumfe7mps0i.cloudfront.net *.dig.corp.edp.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' snap.licdn.com *.googleadservices.com td.doubleclick.net dokumfe7mps0i.cloudfront.net *.dig.corp.edp.com *.bol.pt/* maat.pt/* *.gstatic.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.newrelic.com *.jquery.com *.doubleclick.net *.siteimprove.net *.siteimprove.com *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.facebook.net *.smrk.io unpkg.com *.jsdelivr.net *.cloudflare.com *.newrelic.com *.bol.pt *.rawgit.com *.onetrust.com *.nr-data.net *.highcharts.com *.recaptcha.net *.edp.com *.edpr.com *.e-redes.pt opendata.online.e-redes.pt *.appspot.com *.dig.corp.edp.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; frame-ancestors 'self' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.dig.corp.edp.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; report-uri /report-csp-violation; upgrade-insecure-requests; object-src 'none'; 1
base-uri 'none'; frame-src blob: data: 'self' https://app.helpcursor.com https://status.easyverein.com https://calendly.com https://ivov.sd-server.de; style-src 'self' 'unsafe-inline' blob:; form-action 'self' https://ivov.sd-server.de https://hexa.easyverein.com; connect-src 'self' https://app.helpcursor.com wss://app.helpcursor.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com wss://front-eu-realtime.ably.io  https://chat-webhook.frontapp.com; manifest-src 'self'; default-src 'none'; object-src blob: data: 'self'; img-src blob: data: 'self' https://*; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tools.sd-server.de https://assets.calendly.com/assets/external/widget.js https://ivov.sd-server.de/libs/external_api.min.js https://app.helpcursor.com https://www.google.com https://www.gstatic.com https://chat-assets.frontapp.com; font-src 'self' 1
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap: 'unsafe-eval' https://cdn-fnphg.nitrocdn.com/; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/ https://nitroscripts.com/; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/; connect-src self * 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/ https://to.getnitropack.com/; frame-src * self blob: data: gap:; worker-src * self blob: data: gap: https://cdn-fnphg.nitrocdn.com/; child-src * self blob: data: gap:; font-src * self blob: data: gap: https://cdn-fnphg.nitrocdn.com/ 1
frame-ancestors 'self' *.google.com *.amp.colgate.ro amp.colgate.ro; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com dnn506yrbagrg.cloudfront.net www.youtube.com www.tagassistant.google.com *.arcgis.com static.hotjar.com *.hotjar.com cl.qualaroo.com *.qualaroo.com siteimproveanalytics.com s3.amazonaws.com www.google-analytics.com api.ipify.org www.googletagmanager.com www.browsealoud.com plus.browsealoud.com *.browsealoud.com *.speechstream.net apis.google.com wikisum.texthelp.com browsealoud-webservices-8.texthelp.com browsealoud-webservices-eu.texthelp.com wiki-summarizer-eu.texthelp.com www.datadoghq-browser-agent.com *.meetami.ai elyx.fa.em2.oraclecloud.com *.oracleinfinity.io elocation.oracle.com; img-src 'self' www.browsealoud.com plus.browsealoud.com *.browsealoud.com browsealoud-webservices-8.texthelp.com *.siteimproveanalytics.io browsealoud-webservices-eu.texthelp.com rebrand.ly wtr.ie *.meetami.ai *.ytimg.com www.google-analytics.com data: maps.gstatic.com *.googleapis.com *.ggpht elyx.fa.em2.oraclecloud.com *.oracleinfinity.io; worker-src blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.dripos.com dripos.com *.enkempass.com enkempass.com *.miter.com miter.com *.eddy.com eddy.com *.housecallpro.com housecallpro.com *.monograph.com monograph.com *.joinwarp.com joinwarp.com *.central.inc central.inc *.7shifts.com 7shifts.com *.belfrysoftware.com belfrysoftware.com *.checkhq.com checkhq.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://cms.gera.de; 1
frame-ancestors 'self' http://webvisor.com https://metrika.yandex.ru/; 1
default-src 'self' sf-api-production.thebiggive.org.uk matchbot-production.thebiggive.org.uk identity-production.thebiggive.org.uk fonts.googleapis.com fonts.gstatic.com js.stripe.com player.vimeo.com recaptcha.net www.youtube.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https: https://biggive.matomo.cloud;object-src 'none';script-src donate.biggive.org donate.thebiggive.org.uk https://biggive.matomo.cloud 'unsafe-eval' 'unsafe-inline' 'nonce-OT22mYwcUVPp' *.facebook.net 'nonce-tgpRzQu1tQMPXlyDgt1hoRK2GKw=' 'sha256-wNvBKHC/AcXH+tcTOtnmNx/Ag5exRdBFD8iL9UUQ8es=' 'sha256-1HeZ3VD78Wf4oVzMyJ4Jy6YfsXzAPBFeS21Eh8JnOmk=' api.getAddress.io *.getsitecontrol.com js.stripe.com recaptcha.net www.gstatic.com https://www.youtube.com/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src wss: sf-api-production.thebiggive.org.uk matchbot-production.thebiggive.org.uk identity-production.thebiggive.org.uk https://biggive.matomo.cloud www.facebook.com api.getAddress.io *.getsitecontrol.com fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com siteimproveanalytics.com *.cookiefirst.com *.google.com *.gstatic.com unpkg.com *.zeeland.nl *.amcharts.com *.fontawesome.com *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cookiefirst.com cdnjs.cloudflare.com cdn.jsdelivr.net *.zeeland.nl *.bootstrapcdn.com; img-src 'self' data: cdn.jsdelivr.net *.siteimproveanalytics.io *.cookiefirst.com *.zeeland.nl *.map5.nl *.toegankelijkheidsverklaring.nl; media-src 'self'; frame-src 'self' *.google.com *.youtube-nocookie.com *.spotify.com *.youtube.com *.medialife.be; frame-ancestors 'self'; child-src 'self'; font-src 'self' maxcdn.bootstrapcdn.com *.fontawesome.com; connect-src 'self' *.youtube.com *.fontawesome.com *.zeeland.nl *.cookiefirst.com; report-uri /report-csp-violation 1
default-src 'none'; style-src 'unsafe-inline'; 1
default-src 'none';child-src 'self';script-src 'self' nonce-tezqPzTTs3f3uuuCBA5tATjlIHRzpxYa about: https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://browser.sentry-cdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sentry.io https://o103315.ingest.sentry.io;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://tile.openstreetmap.org;frame-ancestors 'none';frame-src 'self' https://www.google.com/recaptcha/ https://local-sapphire.arista.io:447/ https://develop-sapphire.arista.io/ https://sapphire.arista.io/ blob:;font-src 'self' https://fonts.gstatic.com data:;connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://sentry.io/api/ data: wss://www.arista.io o103315.ingest.sentry.io;manifest-src 'self';block-all-mixed-content; 1
default-src 'self'; img-src 'self' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles creedmoorsports.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.ksearchnet.com *.merchante-solutions.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com rj2.rejoiner.com widget.trustpilot.com eucs18.ksearchnet.com stats.ksearchnet.com *.google.com www.googletagmanager.com pro.ip-api.com widget.sezzle.com media.sezzle.com forms.rejoiner.com/api/v1/mv4Pwbv www.google.co.in; default-src 'self' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' creedmoorsports.commercev3.com cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com js.klevu.com cdn.livechatinc.com data: cdn.livechatinc.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com  sandbox.checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com widget.trustpilot.com www.youtube.com www.rewardbooth.com player.vimeo.com www.googletagmanager.com  creedmoorcustom.com docs.google.com secure.livechatinc.com widget.sezzle.com secure.livechatinc.com; frame-ancestors 'self' ; img-src 'self' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com js.klevu.com www.gstatic.com ssl.google-analytics.com *.google.com media.sezzle.com cdn.livechat-files.com www.creedmoorsports.com/images  cdn.creedmoorsports.com cdn.commercev3.net/cdn.creedmoorsports.com www.google.co.in/ads/ga-audienceswww.creedmoorsports.com/; script-src 'self' 'report-sample' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com *.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.merchante-solutions.com *.ksearchnet.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com cdnjs.cloudflare.com js.klevu.com widget.trustpilot.com cdn.jsdelivr.net cdn.rejoiner.com cdn.avmws.com www.avmws.com ssl.avmws.com www.googletagmanager.com widget.sezzle.com api.livechatinc.com cdn.livechatinc.com; script-src-elem 'self' 'report-sample' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com *.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.merchante-solutions.com *.ksearchnet.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com cdnjs.cloudflare.com js.klevu.com widget.trustpilot.com cdn.jsdelivr.net cdn.rejoiner.com cdn.avmws.com www.avmws.com ssl.avmws.com www.googletagmanager.com widget.sezzle.com api.livechatinc.com cdn.livechatinc.com; style-src 'self' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdnjs.cloudflare.com js.klevu.com code.jquery.com media.sezzle.com; style-src-elem 'self' cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdnjs.cloudflare.com js.klevu.com code.jquery.com media.sezzle.com; style-src-attr  'unsafe-inline'; media-src 'self' creedmoorsports.commercev3.com cdn.commercev3.net/cdn.creedmoorsports.com/ cdn.creedmoorsports.com www.bing.com; 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' 1
frame-ancestors 'self' *.surfboard.com; 1
default-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://dev.virtualearth.net;             style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;             img-src 'self' data: https:;             font-src 'self' https://fonts.gstatic.com;             connect-src 'self' https://maps.googleapis.com 1
report-uri https://www.globalp.com/wp-json/gardcomm_securityheaders/v1/incidents; script-src 'self' staging.globalp.com 'unsafe-inline' 'unsafe-eval' cdn.datatables.net www.google-analytics.com *.googleapis.com developers.google.com kit.fontawesome.com www.googletagmanager.com cdnjs.cloudflare.com stats.g.doubleclick.net *.facebook.net *.vimeo.com *.trustarc.com; style-src 'self' staging.globalp.com 'unsafe-inline' *.googleapis.com cdn.datatables.net; img-src 'self' staging.globalp.com data: *.gstatic.com *.googleapis.com *.ggpht.com www.google-analytics.com www.googletagmanager.com translate.google.com *.businesswire.com *.wixstatic.com s.w.org *.zoominfo.com i.vimeocdn.com cdn.datatables.net *.facebook.com *.trustarc.com; 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com  accounts.google.com https://www.google.com/recaptcha/  www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/; font-src * data:; object-src 'none'; 1
frame-ancestors 'self' http://*.sec6.net ; 1
frame-ancestors 'self' *.tohapi.fr *.homair.com *.marvilla-parks.com 1
default-src 'self' https:; img-src 'self' https: data:; font-src 'self' https: data:; object-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https:; frame-ancestors facebook.com opinary.com compass.pressekompass.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:  secure.comodo.com *.cqc.org.uk *.doctorfox.co.uk doctorfox.co.uk *.doubleclick.net *.etrusted.com *.gstatic.com *.google.co.uk *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.resellerratings.com *.newrelic.com *.nr-data.net *.securetrading.net *.trustedshops.com *.vimeo.com *.wufoo.eu *.youtube.com *.swiftypecdn.com *.swiftype.com *.postcodeanywhere.co.uk *.wufoo.eu *.wufoo.com *.noibu.com *.pcapredict.com wss://*.noibu.com mywebconect.com https://seal.digicert.com https://*.hotjar.com wss://*.hotjar.com; object-src 'none'; 1
default-src https: wss: data: about: asset: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: wss: data: javascript: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://herringshoes.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ajax.googleapis.com code.jquery.com connect.liblynx.com unpkg.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com static.ads-twitter.com connect.facebook.net cdnjs.cloudflare.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com fonts.googleapis.com; style-src 'self' 'unsafe-inline' data: *.google.com *.gstatic.com fonts.googleapis.com; img-src 'self' data: classiques-garnier.com *.classiques-garnier.com connect.liblynx.com *.gstatic.com *.google-analytics.com; object-src 'self' data: *.youtube.com; form-action *; frame-src 'self' data: *.google.com *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
object-src 'none';form-action 'self' *.facebook.com;frame-ancestors 'self' *.club.hotmart.com *.sindiconet.com.br 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js embed.typeform.com *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com *.prommt.com *.jsdelivr.net *.force24.co.uk *.cloudflare.com *.datatables.net googleads.g.doubleclick.net *.googleadservices.com *.googletagmanager.com connect.facebook.net static.ads-twitter.com analytics.twitter.com *.globalsign.com snap.licdn.com corgidirect.activehosted.com d3rxaij56vjege.cloudfront.net trackcmp.net static.addtoany.com *.hotjar.com *.parliament-hill.co.uk *.parliament-hill.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.google-analytics.com blob:; img-src 'self'  embed.typeform.com https://*.googleapis.com https://*.gstatic.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.ytimg.com *.clarity.ms *.bing.com *.huwsgray.co.uk t.co *.t.co *.data-crypt.com analytics.twitter.com *.google.com *.google.co.uk *.googleusercontent.com *.facebook.com *.linkedin.com data:; frame-src 'self' *; connect-src 'self' *.onetrust.com *.clarity.ms c.bing.com *.google-analytics.com *.oribi.io *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' embed.typeform.com *.clarity.ms c.bing.com *.prommt.com *.googletagmanager.com *.jsdelivr.net *.datatables.net *.jquery.com *.parliament-hill.co.uk https://fonts.googleapis.com; worker-src blob:; 1
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
frame-ancestors 'none', upgrade-insecure-requests, default-src * data: 'self' 'unsafe-inline' 'unsafe-eval' blob: *.avianca.com *.amadeus.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.adobedtm.com *.go-mpulse.net *.akstat.io *.demdex.net *.qualtrics.com *.doubleclick.net *.fullstory.com fullstory.com *.everesttech.net *.online-metrix.net *.viajala.com viajala.com connect.facebook.net acutsdev.112.2o7.net eba-amadeus.netdna-ssl.com www.facebook.com bat.bing.com acutsprod.112.2o7.net www.google.com www.google.com.co www.googleadservices.com aeroviasdelcontinent.tt.omtrdc.net www.securitytrfx.com *.jquery.com *.angularjs.org *.aspnetcdn.com *.bootstrapcdn.com *.dwin1.com *.sleeknote.com *.mathtag.com *.liveperson.net *.sddan.com *.lpsnmedia.net acsbapp.com *.acsbapp.com *.newshore.es data: *.entelgystats.com *.adnxs.com *.windows.net *.azure-api.net *.google adservice.google.com adservice.google.com.co *.telefonica.com *.avtest.ink *.googleusercontent.com *.fbcdn.net *.fbsbx.com *.youtube.com restcountries.eu *.restcountries.eu *.cloudfront.net cdnjs.cloudflare.com *.airtrfx.com *.jtdwjcwq6f4wp4ce.com *.everymundo.net *.sumologic.com *.everymundonet.work *.azurewebsites.net *.ipapi.co ipapi.co *.azureedge.net *.volantio.com unpkg.com *.criteo.com *.plusgrade.com fonts.cdnfonts.com *.akamaihd.net *.criteo.net *.onelinkbpo.com *.3dseatmapvr.com acsbapp.com *.acsbapp.com *.newshore.es feedbucket.app *.feedbucket.app *.cookielaw.org *.modirum.com *.onetrust.com *.jsdelivr.net *.creativecdn.com *.cookiepro.com analytics.tiktok.com *.smartvel.com us1.zonkasurvey.com us-js.zonka.co *.global.ssl.fastly.net cm.adform.net ih.adscale.de visitor.omnitagjs.com pixel.advertising.com ice.360yield.com dsum-sec.casalemedia.com pixel.rubiconproject.com hbx.media.net cm.mgid.com onetag-sys.com us-u.openx.net sync.outbrain.com simage2.pubmatic.com bh.contextweb.com s.seedtag.com match.sharethrough.com s.ad.smaato.net us.ck-ie.com ce.lijit.com sync.taboola.com eb2.3lift.com s-cs.rmp.rakuten.com dot.wp.pl ad.yieldlab.net ads.yieldmo.com t.visx.net ssc-cms.33across.com pixel.s3xified.com inv-nets.admixer.net sync.e-planning.net csync.loopme.me adn.caprofitx.com sync.addlv.smt.docomo.ne.jp sync.teads.tv rt.udmserve.net sync.console.adtarget.com.tr sync.1rx.io ssp-csync.smartadserver.com rtb.gumgum.com sync.connectad.io csync.smilewanted.com a.vidoomy.com sync.cenarius.orangeclickmedia.com sync.go.sonobi.com fast.nexx360.io cm-exchange.toast.com ad.as.amanad.adtdp.com sync.bidence.net cs.gssprt.jp sp.gmossp-sp.jp analytics.ad.daum.net s-cs.send.microad.jp mixer.mobon.net tg.socdm.com sync.ad-stir.com *.mczbf.com *.skyscanner.net rum.browser-intake-datadoghq.com; 1
frame-ancestors 'self' https://mysuperior.superiorpropane.com https://stgmysup.superiorpropane.com 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dancenter.dk/pubweb/csp-violation 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com data: d1v72txp4rf8db.cloudfront.net *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com http://t.lt02.net *.sarus.io *.tombowusa.com http://tombowusa.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.braintreegateway.com *.facebook.com *.google.com ssl.kaptcha.com lightwidget.com *.audioeye.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.acsbapp.com https://cdn.searchspring.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.amazonaws.com *.cloudfront.net *.edgecastcdn.net *.espssl.com *.google.com *.gstatic.com *.listrakbi.com *.pinterest.com shareasale.com *.ytimg.com static-na.payments-amazon.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com https://acsbapp.com https://cdn.acsbapp.com https://snapui.searchspring.io *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net/intellisuggest/is.min.js maps.googleapis.com *.crazyegg.com *.dwin1.com d1v72txp4rf8db.cloudfront.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.klevu.com *.lexity.com lightwidget.com cdn.lightwidget.com *.listrakbi.com mpsnare.iesnare.com *.pinimg.com *.pinterest.com *.turnto.com *.audioeye.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.bootstrapcdn.com d1v72txp4rf8db.cloudfront.net static.klaviyo.com *.listrakbi.com *.turnto.com *.audioeye.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.acsbapp.com 'self' 'unsafe-inline'; manifest-src d1v72txp4rf8db.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://acsbapp.com https://cdn.acsbapp.com https://tfnzxt.a.searchspring.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ telemetrics.klaviyo.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://beacon.searchspring.io/beacon *.braintreegateway.com d1v72txp4rf8db.cloudfront.net *.crazyegg.com *.doubleclick.net *.googleapis.com a.klaviyo.com *.pinterest.com *.ingest.sentry.io *.turnto.com *.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://eientei.org wss://eientei.org https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self' https:; worker-src blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' wss: https: ws: http: 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-SsJ2xifWk4/KcIF6i+s9BcRVg8LAT5oXX3WM5yDbSQ5e9drB' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.paperflite.com https://*.acrolinx.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://legalbetkz.push4site.com https://push4site.com https://us-an.gr-cdn.com/ https://check.ddos-guard.net/ https://*.ytimg.com https://static.cloudflareinsights.com http://awards.ratingruneta.ru cdn3.caltat.com https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://www.googleoptimize.com https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.ampproject.org https://*.ampproject.net https://*.getresponse360.pl; frame-src 'self' https://*.soundcloud.com https://static.cloudflareinsights.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://legalbetkz.push4site.com https://push4site.com https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/; 1
connect-src 'self' analytics.google.com www.google-analytics.com stats.g.doubleclick.net chatbotdev-cisive.cs13.force.com https://*.hubspot.com https://*.hubapi.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.linkedin.com https://*.adroll.com; default-src 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com chatbotdev-cisive.cs13.force.com; frame-src 'self' www2.cisive.com calendly.com content.precheck.com https://*.hubspot.com https://www.youtube.com https://forms.hsforms.com https://*.doubleclick.net; img-src 'self' stats.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com cdn.ckeditor.com shield.sitelock.com chatbotdev-cisive.cs13.force.com https://privacy-policy.truste.com https://*.hsforms.com https://*.hubspot.com tr.lfeeder.comhttps://*.linkedin.com https://*.adroll.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com pi.pardot.com cdn.pardot.com www.google-analytics.com www.googletagmanager.com www2.cisive.com cdn.ckeditor.com chatbotdev-cisive.cs13.force.com https://googleads.g.doubleclick.net calendly.com assets.calendly.com code.jquery.com ws.zoominfo.com sc.lfeeder.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://cdnjs.cloudflare.com https://www.bugherd.com https://cdn.jsdelivr.net https://js.hsforms.net https://snap.licdn.com https://*.adroll.com https://*.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.ckeditor.com hello.myfonts.net chatbotdev-cisive.cs13.force.com assets.calendly.com https://cdnjs.cloudflare.com; report-uri https://cisive.report-uri.com/r/d/csp/enforce; 1
default-src 'self' ; base-uri 'self' ; connect-src 'self' https://cta-service-cms2.hubspot.com https://app.clearbit.com https://px.ads.linkedin.com *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com  https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://kit.fontawesome.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io/ https://bam.nr-data.net https://cdn.segment.com https://api-iam.intercom.io https://forms.hubspot.com https://forms.hsforms.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://ka-p.fontawesome.com https://snowplow.crossbeam.com https://www.google-analytics.com https://analytics.google.com https://api.segment.io https://events.bizzabo.com https://*.algolia.net https://*.algolianet.com wss://nexus-websocket-a.intercom.io ; font-src 'self' data: https://webpack.mutinyhq.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com https://use.typekit.net ; frame-src 'self' 'unsafe-inline' https://www.eventbrite.com https://td.doubleclick.net https://capture.navattic.com https://c.navattic.com https://bzwidgets.crossbeam.com https://tpc.googlesyndication.com http://www.youtube.com https://platform.twitter.com https://anchor.fm https://w.soundcloud.com https://www.linkedin.com https://embed.spotify.com https://open.spotify.com https://optimize.google.com https://player.vimeo.com https://bid.g.doubleclick.net https://forms.hsforms.com https://js.hsforms.net https://portal.productboard.com https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://boards.greenhouse.io/ https://embed.typeform.com https://form.typeform.com https://events.bizzabo.com https://accounts.bizzabo.com ; img-src 'self' data: https://perf-na1.hsforms.com *.mutinycdn.com https://www.google.co.jp https://www.google.it https://www.google.co.uk https://cdn.cookielaw.org https://www.linkedin.com/ https://forms-na1.hsforms.com https://4716094.fs1.hubspotusercontent-na1.net https://4716094.fs2.hubspotusercontent-na1.net https://4716094.fs1.hubspotusercontent-eu1.net https://4716094.fs2.hubspotusercontent-eu1.net https://www.crossbeam.com https://grow.clearbitjs.com https://px4.ads.linkedin.com https://px4.ads.linkedin.co https://p.adsymptotic.com https://js.intercomcdn.com https://i.ytimg.com https://secure.gravatar.com https://static.intercomassets.com https://i.vimeocdn.com https://downloads.intercomcdn.com https://forms.hsforms.com https://track.hubspot.com https://f.hubspotusercontent40.net https://googleads.g.doubleclick.net  https://i.ytimg.com/vi_webp/Iv5V4d0sunM/mqdefault.webp https://perf.hsforms.com https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://optimize.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://qr-code.ithemes.com https://s.w.org/ ; manifest-src 'self' ; media-src 'self' https://js.intercomcdn.com/ ; object-src 'self' https://vimeo.com ; report-uri https://610027159dc1b52ae71f0ec5.endpoint.csper.io/ ; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://js.hubspot.com https://www.eventbrite.com https://x.clearbitjs.com https://tag.clearbitscripts.com *.mutinycdn.com https://cdn.madkudu.com https://client-registry.mutinycdn.com https://cdn.cookielaw.org https://ajax.googleapis.com https://unpkg.com/ https://grow.clearbitjs.com https://www.googleoptimize.com https://bam.nr-data.net https://js-agent.newrelic.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://d1fc8wv8zag5ca.cloudfront.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://forms.hscollectedforms.net https://fullstory.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://js.hsforms.net https://js.intercomcdn.com https://kit.fontawesome.com https://platform.twitter.com https://snap.licdn.com https://widget.intercom.io https://www.fullstory.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://cdn.segment.com https://optimize.google.com https://www.googleanalytics.com https://boards.greenhouse.io/ https://embed.typeform.com https://form.typeform.com https://organizer.bizzabo.com ; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://optimize.google.com https://p.typekit.net https://use.typekit.net https://embed.typeform.com https://form.typeform.com ; frame-ancestors 'self' https://app.mutinyhq.com ; worker-src 'none' 1
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-02e647750414497b8a687d994e267ad3' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' https://*.toyota.be https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.cloudfront.net *.facebook.com *.twitter.com oss.maxcdn.com cdn.jsdelivr.net *.facebook.net cd.ladsp.com *.st-hatena.com *.quant.jp *.ladsp.com *.outbrain.com *.luckyorange.net *.ytimg.com v-storage.bnarts.jp v-storage.bandaivisual.co.jp *.doubleclick.net *.line-scdn.net *.logly.co.jp *.im-apps.net *.hatena.ne.jp *.line.me buzzes.jp *.rubiconproject.com *.adsafeprotected.com *.cloudflare.com *.gstatic.com *.googletagmanager.com *.bnarts.jp visitors.live *.visitors.live *.luckyorange.com wss:; 1
frame-ancestors 'self';    upgrade-insecure-requests; 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' graphhopper.com *.graphhopper.com vimeo.com; frame-src 'self' graphhopper.com *.graphhopper.com player.vimeo.com; font-src 'self' data:; object-src 'none' 1
frame-ancestors https://public.tableau.com 1
frame-ancestors 'self' https://niebadzbotem.pl/; 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com https://*.atlassian.net/ dev.azure.com *.visualstudio.com wobo-mskrs-test.gallery.vsassets.io *.myworkboard.com *.myworkboard.eu *.zenryapp.com *.zenryapp.eu 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; child-src *; frame-src *; frame-ancestors *; form-action *; base-uri *; manifest-src *; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' *.qapa.fr https://app.hubspot.com; media-src https: blob:; font-src https: data:; 1
default-src 'self'; object-src 'none'; base-uri 'self'; script-src 'self' 'strict-dynamic' js.taplytics.com cdn.segment.com 'unsafe-inline' https://js-agent.newrelic.com https://bam.nr-data.net https://use.typekit.net https://js.stripe.com https://embed.cloudflarestream.com widget.intercom.io js.intercomcdn.com https://fullstory.com https://www.fullstory.com https://edge.fullstory.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com https://9ssm9lghx525.statuspage.io https://js.hs-analytics.net https://tags.srv.stackadapt.com https://bat.bing.com https://ct.pinterest.com 'nonce-66be545377cee861745ed3464e74c945a46be2bbb5cd6fa073e3d9dcb8095bd8'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://ct.pinterest.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; img-src 'self' founded.media ownr.media www.gravatar.com https://videodelivery.net https://stats.videodelivery.net *.intercomcdn.com static.intercomassets.com intercom.help www.google-analytics.com https://www.google.ca https://www.google.com https://bat.bing.com https://googleads.g.doubleclick.net stats.g.doubleclick.net https://www.facebook.com https://messenger-apps.intercom.io https://px.ads.linkedin.com track.hubspot.com https://tags.srv.stackadapt.com https://ct.pinterest.com data: blob:; font-src 'self' https://fonts.gstatic.com https://use.typekit.net js.intercomcdn.com data:; frame-src https://js.stripe.com https://bid.g.doubleclick.net https://intercom-sheets.com https://iframe.cloudflarestream.com https://9ssm9lghx525.statuspage.io https://www.loom.com https://www.youtube.com https://ownr.links.growsumo.com; media-src 'self' data: blob: https://js.intercomcdn.com https://videodelivery.net https://ownr.media; connect-src 'self' wss://www.ownr.co https://use.typekit.net api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net analytics.google.com https://api.stripe.com fonts.gstatic.com fonts.googleapis.com https://rs.fullstory.com sentry.io https://videodelivery.net https://stats.videodelivery.net https://licensing.bitmovin.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://js.intercomcdn.com https://tags.srv.stackadapt.com https://ct.pinterest.com https://api.taplytics.com https://ping.taplytics.com https://bam-cell.nr-data.net https://bam.nr-data.net https://s3nonprodworker.ownr.party/; worker-src blob: 1
default-src http:; style-src 'self' 'unsafe-inline' *.providesupport.com *.bootstrapcdn.com *.personalwerk.de *.homepagerecruiter.de data:; font-src 'self' fonts.googleapis.com apis.google.com data:; script-src 'self' *.providesupport.com *.metrifire.com *.google.com *.fontawesome.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.stahl.de:* platform.twitter.com *.gstatic.com *.homepagerecruiter.de *.personalwerk.de *.data-insight365.com *.liadm.com *.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; object-src 'self'; img-src http: data:; 1
default-src 'self' 'unsafe-inline' data: *.webnetism.com *.webnetism.net *.cms42.com *.trustpilot.com *.gstatic.com stats.g.doubleclick.net fonts.googleapis.com *.google.co.uk *.googletagmanager.com *.google.com *.google-analytics.com *.youtube.com *.youtu.be *.vimeo.com *.trustpilot.com api.addressy.com; object-src 'none'; 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-341d7e249fb56cd9553897dadfcfa101'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' *; object-src 'self' 'unsafe-inline' *;frame-ancestors 'none' https://player.vimeo.com https://attica-group.com 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.approveme.com 1
frame-ancestors 'self' *.teledyne.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-bxPTxUWMN3kWlnIYzEvDFQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' *.thethirdwave.co ajax.cloudflare.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' data: 1
frame-ancestors 'self' https://*.hapara.com/ https://teacherdashboard.com https://*.teacherdashboard.com 1
frame-ancestors *.bolt.com www.gstatic.com 'self'; report-uri https://www.e-conolight.com/fl32csp/report/; 1
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' data: img.sct.eu1.usercentrics.eu *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de *.h2lokal.de *.ytimg.com *.youtube-nocookie.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de; 1
frame-ancestors 'self' https://www.salesforce.com https://www.force.com https://recgroup.my.salesforce.com https://recgroup.zinfi.net https://zinfi.net; 1
frame-ancestors 'self' storyblok.com *.storyblok.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-93d76969c38287cef286484002ae5130'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.getinvolvednanaimo.ca/; 1
frame-src 'self' js.stripe.com www.google.com secure.livechatinc.com *.relatient.net *.everseat.com; worker-src 'self'; connect-src wss: schdl.com capture.trackjs.com *.schdl.com *.pndsn.com *.pubnub.com blob:; font-src 'self' data: fonts.gstatic.com *.schdl.com; form-action 'self'; frame-ancestors https: *.relatient.net; img-src 'self' data: secure.livechatinc.com www.google-analytics.com q.stripe.com v3-common.s3.amazonaws.com s3.amazonaws.com usage.trackjs.com *.everseat.com *.schdl.com *.aws.relatient.net blob:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.everseat.com *.schdl.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com www.googletagmanager.com mpscdnuks.azureedge.net widget.spreaker.com www.googleadservices.com *.doubleclick.net www.instagram.com www.vimeo.com vimeo.com code.jquery.com snap.licdn.com mail2.mps.org.uk https://secure.garm9yuma.com kendo.cdn.telerik.com https://ajax.microsoft.com http://aspnet-scripts.telerikstatic.com/ *.cloudfront.net https://mpswebsitecdn.blob.core.windows.net https://pagead2.googlesyndication.com *.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com mpscdnuks.azureedge.net https://mpswebsitecdn.blob.core.windows.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com mpscdnuks.azureedge.net data:; img-src 'self' https://cdn-ukwest.onetrust.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com *.doubleclick.net *.google.com *.google.it mpscdnuks.azureedge.net *.google.co.uk *.linkedin.com https://www.google.bg https://livemedical.sitefinity.cloud/ https://www.googleadservices.com/ https://www.dentalprotection.org https://www.medicalprotection.org https://intmps-aut.sitefinity.cloud https://intdentalmps-aut.sitefinity.cloud https://www.googletagmanager.com i.vimeocdn.com *.azureedge.net mps-aut.sitefinity.cloud intmps.sitefinity.cloud intdentalmps.sitefinity.cloud; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-src 'self' td.doubleclick.net player.vimeo.com widget.spreaker.com https://mail2.mps.org.uk https://www.facebook.com www.google.com https://survey.zohopublic.eu https://vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com www.instagram.com widget.spreaker.com mail2.mps.org.uk https://secure.garm9yuma.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com *.analytics.google.com *.doubleclick.net www.facebook.com *.googleapis.com cdn.linkedin.oribi.io https://idx.liadm.com https://adservice.google.com *.onetrust.com *.luckyorange.net https://pagead2.googlesyndication.com https://vimeo.com; 1
connect-src 'self' https://staging4.finalytics.ai https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.highcharts.com https://ajax.googleapis.com https//s.w.org https://unpkg.com https://cdn1.iconfinder.com https://cdn.jsdelivr.net/gh/fancyapps https://cdnjs.cloudflare.com; 1
default-src 'self' *.ayvens.com *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-EPOsbXvy2EBOpmq8eopl3g==' 'strict-dynamic'; connect-src 'self' cdn.cookielaw.org geolocation.onetrust.com *.browser-intake-datadoghq.eu collect-m.leaseplan.com t-log.sgmarkets.com cdn.imagin.studio; worker-src blob:; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org; img-src 'self' data: *.ayvens.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com cdn.cookielaw.org cdn.imagin.studio www.googletagmanager.com; media-src 'self' *.ayvens.com www.ayvensbrand.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com; font-src 'self' *.leaseplancdn.com; frame-src 'self' www.ayvensbrand.com player.vimeo.com www.youtube.com www.youtube-nocookie.com https://map.openchargemap.io; object-src 'none'; base-uri 'none'; 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'none'; report-uri https://dnet.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' mwae.brandenburg.de www.kreatives-brandenburg.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://*.google-analytics.com; img-src * data: blob:; font-src 'self' data:; frame-src 'self' https://www.google.com https://youtube.com https://audiovisual.ec.europa.eu https://iisda.government.bg; report-uri https://www.nhif.bg/csp-report; 1
default-src 'self'; child-src 'self'; connect-src 'self' https://*.bugsnag.com; font-src https://rsms.me https://fonts.gstatic.com; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' https://metrica.yandex.com.tr 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://photog.social; img-src 'self' https: data: blob: https://photog.social; style-src 'self' https://photog.social 'nonce-gPBbirrujkz7tPg4Q2+Zuw=='; media-src 'self' https: data: https://photog.social; frame-src 'self' https:; manifest-src 'self' https://photog.social; form-action 'self'; child-src 'self' blob: https://photog.social; worker-src 'self' blob: https://photog.social; connect-src 'self' data: blob: https://photog.social https://cdn.masto.host wss://photog.social; script-src 'self' https://photog.social 'wasm-unsafe-eval' 1
default-src 'self'; frame-ancestors 'self' https://www.myunidays.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.united-kiosk.de https://l.ecn-ldr.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://integrations.etrusted.com https://static.cleverpush.com https://helpcenter.united-kiosk.de https://assets.zendesk.com https://*.zendesk.com https://static.zdassets.com https://widget-mediator.zopim.com https://v2.zopim.com https://theme.zdassets.com https://www.paypal.com https://www.paypalobjects.com https://*.trustedshops.com https://assets.welocal.world https://hcaptcha.com https://*.hcaptcha.com https://*.dwin1.com https://*.awin1.com https://zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com; style-src 'self' 'unsafe-inline' *.zdassets.com https://www.united-kiosk.de https://assets.welocal.world https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; frame-src 'self' consentcdn.cookiebot.com unitedkiosknews.cleverpush.com www.paypalobjects.com *.paypal.com https://www.myunidays.com https://*.lamapoll.de https://web.inxmail.com/ https://hcaptcha.com https://*.hcaptcha.com https://www.awin1.com; child-src 'self' www.paypalobjects.com *.paypal.com; img-src 'self' data: https://*.united-kiosk.de https://*.welocal.world https://*.welocal.cloud *.zendesk.com *.zdassets.com *.zopim.io *.zopim.com *.zdusercontent.com *.paypal.com www.paypalobjects.com www.econda-monitor.de https://static.cleverpush.com https://*.trustedshops.com https://imgsct.cookiebot.com https://www.awin1.com https://lantern.roeye.com; font-src 'self' data: https://*.welocal.world *.zopim.com static.zdassets.com https://fonts.gstatic.com; connect-src 'self' https://*.welocal.world https://service01.united-kiosk.de consentcdn.cookiebot.com *.zendesk.com wss://*.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io www.econda-monitor.de *.paypal.com www.paypalobjects.com https://geoip-api.cleverpush.com https://api.cleverpush.com *.etrusted.com https://*.trustedshops.com https://logging.trustbadge.com https://hcaptcha.com https://*.hcaptcha.com https://*.dwin1.com https://*.awin1.com https://zenaps.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com; manifest-src 'self'; base-uri 'self'; form-action 'self' https://*.paypal.com; media-src 'self' data: https://*.welocal.world static.zdassets.com blob: https://*.united-kiosk.de; worker-src 'self' blob: https://*.united-kiosk.de 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ssl.google-analytics.com ee.hit.gemius.pl *.googletagmanager.com *.google-analytics.com *.youtube.com lt.morningstar.com nasdaqbaltic.com fonts.googleapis.com fonts.gstatic.com *.soundcloud.com *.news.eu.nasdaq.com *.vimeo.com *.analytics.google.com 1
default-src 'self' https://intercom-sheets.com https://*.intercomcdn.com http://postcode.map.daum.net https://service.iamport.kr; connect-src https://web-server.production.fruitsfamily.com/graphql https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercom.io wss://*.intercom.io https://service.iamport.kr https://firebase.googleapis.com https://firebaseinstallations.googleapis.com; img-src 'self' data: https://*.fruitsfamily.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercomcdn.com https://*.intercomassets.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.intercom.io https://*.intercomcdn.com https://t1.daumcdn.net https://cdn.iamport.kr; style-src 'self' 'unsafe-inline' 1
script-src 'self' *.tinymce.com *.tiny.cloud ajax.googleapis.com rpgwatch.com *.rpgwatch.com stats.rpgwqatch.com rpgwatchdev.com *.rpgwatchdev.com 'unsafe-inline';style-src 'self' *.tinymce.com *.tiny.cloud rpgwatch.com *.rpgwatch.com rpgwatchdev.com *.rpgwatchdev.com 'unsafe-inline'; connect-src 'self' *.tinymce.com www.googleapis.com noembed.com www.youtube.com *.tiny.cloud stats.rpgwatch.com blob:; img-src * data: blob:; font-src 'self' *.tinymce.com *.tiny.cloud; default-src 'self' stats.rpgwatch.com www.youtube.com; 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-9520bbdf73a49ece72141de7a905f93c' 'nonce-2b5b1480cbc04b7e16683003431d7e5b' 'nonce-44fde7c0c1ea4985bf446e1694bf374e' 'nonce-42784e340e228eda8821095314a16435' 'nonce-6a99bd29e4ebf6b448a2014ba2325189' 'nonce-88d3cd16f095f3df6f46077d95ed3bfd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9520bbdf73a49ece72141de7a905f93c' 'nonce-2b5b1480cbc04b7e16683003431d7e5b' 'nonce-44fde7c0c1ea4985bf446e1694bf374e' 'nonce-42784e340e228eda8821095314a16435' 'nonce-6a99bd29e4ebf6b448a2014ba2325189' 'nonce-88d3cd16f095f3df6f46077d95ed3bfd' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors chpl.org *.chpl.org cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src chpl.org *.chpl.org cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.vimeo.com *.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com *.gstatic.com player.vimeo.com; object-src 'none'; connect-src 'self' https://yoast.com; font-src 'self' data:; frame-src 'self' https://wykresy-pkpcargo2023.lkwadrat3.nazwa.pl https://www.google.com *.vimeo.com *.youtube.com; img-src 'self' data: https://mapa-lokomotyw.pkpcargo.com https://secure.gravatar.com; worker-src blob: 1
default-src 'self'; frame-src: 'self'; frame-ancestors: 'self'; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.licdn.com *.ucweb.com connect.facebook.net googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com cdn.appdynamics.com ssl.google-analytics.com *.omtrdc.net snap.licdn.com cdn-assets-prod.s3.amazonaws.com; img-src data: * android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk manifest.prod.boltdns.net *.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.brightcovecdn.com adservice.google.com www.facebook.com www.security.online-banking.hsbc.lk maps.googleapis.com ad.doubleclick.net www.google.com *.ucweb.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com *.dbankcloud.com www.google.lk *.omtrdc.net *.demdex.net logx.optimizely.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn.linkedin.oribi.io cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com *.zscloud.net m.youtube.com *.demdex.net *.zscalertwo.net sts-aad.auth.hsbc.com block.opendns.com gateway.zscaler.net connect.facebook.net; frame-ancestors 'self' www.hsbc.lk; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net *.alicdn.com fonts.googleapis.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com players.brightcove.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' remark42.radio-t.com *.google-analytics.com analytics.umputun.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' remark42.radio-t.com *.google-analytics.com analytics.umputun.com; font-src 'self' data:; frame-src https://remark42.radio-t.com; media-src *.radio-t.com *.rucast.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cognitoforms.com https://services.cognitoforms.com ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.facebook.com *.instagram.com *.podbean.com *.twitter.com *.youtube.com *.intercom.io *.doubleclick.net *.cognitoforms.com services.cognitoforms.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.addtoany.com *.quiz-maker.com *.feathr.co feathr.co wss://*.intercom.io https://cdn.linkedin.oribi.io; media-src https: ; object-src 'self' ; child-src 'self' *.linkedin.com *.facebook.com *.instagram.com *.podbean.com *.twitter.com *.googlesyndication.com *.addtoany.com *.google.com disqus.com *.disqus.com *.opinionstage.com *.youtube.com api.connectedcommunity.org www.votervoice.net *.doubleclick.net *.cognitoforms.com services.cognitoforms.com feathr.co *.feathr.co ficpa.atsondemand.com ; form-action 'self' accounts.ficpa.org ; upgrade-insecure-requests; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://blog.ivysociete.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' *.ivysociete.com data: https://images.unsplash.com https://www.google-analytics.com region1.google-analytics.com region1.analytics.google.com *.cdninstagram.com prezz.me *.prezz.me; media-src 'self' *.ivysociete.com https://images.unsplash.com https://www.google-analytics.com *.cdninstagram.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://blog.ivysociete.com; connect-src 'self' *.ivysociete.com https://www.google-analytics.com region1.google-analytics.com region1.analytics.google.com localhost:* *.prezz.me; frame-src *.google.com 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://acsbap.com https://cdn.acsbapp.com https://acsbapp.com; object-src 'none'; base-uri 'none'; 1
Content-Security-Policy: default-src  https://*.agero.com https://info.agero.com https://*.hubspot.com https://www.agero.com https://*.hubapi.com; frame-src https://info.agero.com https://driverspremier.com https://*.hubspot.com; 1
frame-ancestors 'self' www.scc-events.com; 1
default-src 'self';connect-src 'self' dpdbzcoatrn01.cloudfront.net *.stripe.com *.s3.amazonaws.com *.google.com *.google.com/* www.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com;frame-src 'self' *.stripe.com *.s3.amazonaws.com *.google.com *.google.com/* www.facebook.com *.hotjar.com *.soundcloud.com/ *.twitter.com www.youtube.com;script-src 'self' dpdbzcoatrn01.cloudfront.net blob: 'unsafe-inline' *.stripe.com *.s3.amazonaws.com *.google.com *.google.com/* *.facebook.net www.facebook.com *.cdn-apple.com Cross-Origin-Resource-Policy: cross-origin unpkg.com *.cloudflare.com *.hotjar.com cdn.buymeacoffee.com/* cdnjs.buymeacoffee.com googletagmanager.com *.googletagmanager.com googletagmanager.com/* *.googletagmanager.com/* *.google-analytics.com *.doubleclick.net *.soundcloud.com/* *.twitter.com;script-src-attr 'self' 'unsafe-inline';img-src 'self' dpdbzcoatrn01.cloudfront.net *.stripe.com *.s3.amazonaws.com www.facebook.com cdn.buymeacoffee.com *.twitter.com cdn.ko-fi.com;font-src 'self' Cross-Origin-Resource-Policy: cross-origin dpdbzcoatrn01.cloudfront.net dpdbzcoatrn01.cloudfront.net/sk_cdn/sk_frontend/libs/formantic-ui/themes/default/assets/fonts/* fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com data: digitaloceanspaces.com *.digitaloceanspaces.com *.nyc3.digitaloceanspaces.com *.digitaloceanspaces.com/* *.nyc3.digitaloceanspaces.com/* *.cloudflare.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.s3.amazonaws.com *.google.com *.google.com/* dpdbzcoatrn01.cloudfront.net *.cloudflare.com;media-src 'self' dpdbzcoatrn01.cloudfront.net blob: *.s3.amazonaws.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' ; img-src 'self' data: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' terviseamet.ee *.terviseamet.ee *.google.com *.tableau.com *.highcharts.com talendipank.ee www.googletagmanager.com siteimproveanalytics.com *.google-analytics.com lugeja.e-tervis.ee lugeja.e-tervis.ee *.addthisedge.com *.moatads.com *.gstatic.com *.addthis.com *.cloudflare.com tableauapp.tehik.ee 316eebot.boost.ai connect.facebook.net s7.addthis.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' terviseamet.ee *.terviseamet.ee *.bootstrapcdn.com *.googleapis.com; img-src 'self' data: terviseamet.ee *.terviseamet.ee lugeja.e-tervis.ee ta.web.tehik.ee *.google-analytics.com *.siteimproveanalytics.io *.google.ee *.doubleclick.net *.google.com public.tableau.com tableauapp.tehik.ee i.ytimg.com www.gstatic.com m.addthis.com 6168367.global.siteimproveanalytics.io; frame-src 'self' www.youtube.com public.tableau.com docs.google.com *.addthis.com www.google.com tableauapp.tehik.ee *.vimeo.com kodu.ut.ee reoveekoroona.ut.ee; font-src 'self' terviseamet.ee *.terviseamet.ee *.bootstrapcdn.com *.gstatic.com *.googleusercontent.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' terviseamet.ee *.terviseamet.ee www.google-analytics.com *.addthis.com *.doubleclick.net *.google-analytics.com; report-uri /et/report-csp-violation 1
frame-ancestors 'self' https://m.clubcodere.es https://m.apuestas.codere.es https://m.codere.pa https://m.codere.com.co file://* https://blog.codere.bet.ar https://m.caba.codere.bet.ar; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' ;  report-uri https://cspreports.realpage.com/api/reports/save/violation; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gam.com *.fontawesome.com www.google.com *.vo.msecnd.net *.sophus3.com https://tags.bkrtx.com *.clickdimensions.com *.highcharts.com *.googleapis.com https://hello.myfonts.net https://www.google-analytics.com http://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cdn.optimizely.com *.gstatic.com *.formsite.com *.zencdn.net hello.myfonts.net *.twitter.com *.twimg.com *.whoisvisiting.com *.buzzsprout.com *.licdn.com *.adobe.com *.hotjar.com *.cookie-script.com *.matomo.cloud https://cdn.dev.gamsctest.com https://cdn.gamsctest.com https://cdn.gam.com; style-src 'self' 'unsafe-inline' *.gam.com *.vo.msecnd.net *.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.zencdn.net *.twitter.com *.twimg.com https://cdn.dev.gamsctest.com https://cdn.gamsctest.com https://cdn.gam.com; img-src 'self' data: *.gam.com *.gamsctest.com *.dev.gamsctest.com *.sophus3.com https://ssl.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.twitter.com *.twimg.com *.highcharts.com *.prod.boltdns.net *.whoisvisiting.com *.apple.com https://az124611.vo.msecnd.net *.linkedin.com *.23video.com *.twentythree.com; font-src 'self' data: *.gam.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com *.zencdn.net *.fontawesome.com https://cdn.dev.gamsctest.com https://cdn.gamsctest.com https://cdn.gam.com; connect-src 'self' *.gam.com *.log.optimizely.com *.prod.boltdns.net *.instantflipbook.com *.google-analytics.com *.doubleclick.net *.sophus3.com *.fontawesome.com *.adobe.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookie-script.com *.matomo.cloud *.oribi.io; form-action 'self' *.gam.com *.azurewebsites.net *.clickdimensions.com *.twitter.com; media-src 'self' blob: *.gam.com https://manifest.prod.boltdns.net https://delivery.twentythree.com 1
frame-ancestors https://consort.clydetravel.com https://test-consort.clydetravel.com; 1
default-src 'self'; frame-src 'self' https://www.buymeacoffee.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://play.google.com https://cdn.buymeacoffee.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.yastatic.net *.paypalobjects.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.buymeacoffee.com *.googletagmanager.com *.google-analytics.com *.googleapis.com; font-src 'self' 'unsafe-inline' https://bmc-cdn.nyc3.digitaloceanspaces.com *.googletagmanager.com *.gstatic.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com data:; report-uri https://guitarsongs.club:8443/servlets2/security_policy_report; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://tagmanager.google.com https://www.gstatic.com *.googleapis.com https://maps.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cookie-cdn.cookiepro.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://cdn.bokeh.org *.facebook.net *.tiktok.com *.sc-static.net *.licdn.com *.facebook.net *.tiktok.com sc-static.net *.licdn.com *.snapchat.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tagmanager.google.com *.googleapis.com https://maps.google.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.bokeh.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://privacyportal.cookiepro.com *.google-analytics.com https://cookie-cdn.cookiepro.com https://cdn.bokeh.org *.doubleclick.net *.doubleclick.net *.linkedin.com *.tiktok.com *.snapchat.com *.linkedin.oribi.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://www.google.com https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.bokeh.org https://experience.arcgis.com *.snapchat.com; img-src 'self' data: https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://secure.gravatar.com https://maps.google.com *.googleapis.com https://maps.gstatic.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://cdn.bokeh.org *.linkedin.com facebook.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; 1
frame-ancestors 'self'; frame-src * data:; media-src * 'self' data: https:; img-src * 'self' data: https:; connect-src 'self' * 'unsafe-inline' data:; base-uri 'self' 'unsafe-inline' gap:; object-src 'none'; script-src-elem * 'unsafe-inline' cdn.evergage.com; style-src * 'unsafe-inline' cdn.evergage.com; script-src 'self' *.bing.com *.cloudfront.net *.cookielaw.org *.cquotient.com *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.fittingbox.com *.force.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.onetrust.com *.pagestrip.com *.paypal.com *.paypalobjects.com *.salesforce.com *.la1-c1cs-fra.salesforceliveagent.com *.shoeboxonline.com *.timify.com 'unsafe-eval' 'unsafe-inline'; default-src 'self' *.cloudfront.net service.force.com *.force.com cdn.evergage.com *.cquotient.com *.google-analytics.com *.evergage.com *.evgnet.com *.gstatic.com blob:; worker-src blob:; font-src * cdn.evergage.com data: 1
default-src 'self' https://*.hubspot.com https://*.hubspotusercontent-na1.net; font-src https: data:; img-src https: data:; script-src 'self' https://www.bentallgreenoak.com https://www.bgoreit.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.hsappstatic.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hubspot.com https://*.hs-banner.com 'unsafe-eval' 'unsafe-inline'; style-src https: https://www.bentallgreenoak.com https://www.bgoreit.com https://cloud.typography.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://*.hubspot.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hscollectedforms.net; object-src 'none';frame-src https://*.youtube.com https://*.hubspotvideo.com;; upgrade-insecure-requests 1
frame-src *; script-src * 'unsafe-inline' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob: glitch.com button.glitch.me team-projects-button.glitch.me *.glitch.com *.githubusercontent.com 'unsafe-eval'; 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self'; frame-src 'self' https:; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.rdts.de/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src 'self' *.google.com *.youtube-nocookie.com *.youtube.com *.steep.de; connect-src 'self' https://matomo.rdts.de/ https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' https://fonts.gstatic.com; media-src 'self' *.youtube.com *.youtube-nocookie.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1
child-src 'self'  blob: https://embed.windy.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.youtube.com/ https://youtube.com/ https://www.google.com/ https://hostadmin.dev.bushelsites.com/  https://www.nass.usda.gov/ https://www.facebook.com/ https://bigriverresources.applicantpro.com/ https://weatherwidget.io/ https://bqci.us11.list-manage.com/ https://inetsgi.com/ https://www.typeform.com/ https://form.typeform.com/ https://use.fontawesome.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/ https://calendar.google.com/ https://forms.office.com/  https://recruiting.paylocity.com/ https://platform.twitter.com https://syndication.twitter.com/ https://mesonet.org/ https://player.vimeo.com/ https://enterprisegrain.com/ https://www.buzzsprout.com/ http://m.mesonet.org/ https://weather.wsu.edu/ https://www.uswheat.org/ https://bushelstaging7.o.bushelsites.com/ https://twitter.com/ https://www.youtube-nocookie.com/ https://www.bruglermarketing.com/ https://www.ers.usda.gov/ https://droughtmonitor.unl.edu/ https://www.usgs.gov/ https://www.thedailyscoop.com/CustSite_5_20_2022 http://scoularview.com/ http://scoularview.com:443/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com http://scoularview.com  https://www.scoularview.com/  http://www.scoularview.com/ https://forecast.weather.gov/ https://www.windy.com/ https://bushel.wistia.com https://widget.taggbox.com https://riceland.us15.list-manage.com/ https://app2.simpletexting.com/ https://mailchi.mp/ https://securepubads.g.doubleclick.net https://01a11ef3c27694652b46dcdcef7412f2.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com https://www.cmegroup.com/ https://widget.tagembed.com/ https://embed.twitch.tv/ https://online.fliphtml5.com/ https://bushelstaging5.o.bushelsites.com/ ;              font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://use.typekit.net/ https://use.fontawesome.com/ ;                 img-src * data: blob: https://hostadmin.dev.bushelsites.com/ ;              object-src 'self' https://hostadmin.dev.bushelsites.com/;                                           script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/  https://code.jquery.com/ https://beefmarketcentral.com/ https://www.googletagmanager.com/ https://www.amcharts.com/ https://maps.google.com/ https://www.google.com/ https://platform.twitter.com/ https://maxcdn.bootstrapcdn.com/ http://portal.farmcentric.com/ https://pagead2.googlesyndication.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://fccontent.wirelessag.com/ https://localhost:* http://localhost:* https://www.googletagservices.com/ https://weatherwidget.io/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://app.jazz.co/ https://embed.typeform.com/ https://bqci.us11.list-manage.com/ https://content-services.dtn.com/ https://emagrain.agricharts.com/ https://www.buzzsprout.com/ https://securepubads.g.doubleclick.net/ https://scoularview.com/ https://static.ctctcdn.com https://www.christianity.com https://fast.wistia.com https://chimpstatic.com https://player.vimeo.com https://www.convergepay.com/ https://tpc.googlesyndication.com/ https://embed.twitch.tv/ ;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://embed.typeform.com/ https://localhost:* http://localhost:* https://use.fontawesome.com/ https://content-services.dtn.com/ https://hostAdmin.farmcentric.com ;                frame-ancestors 'self'  https://www.agp.com http://www.agp.com https://opnutritionfeed.com https://hostadmin.farmcentric.com/ https://www.facebook.com/ https://hostadmin.dev.bushelsites.com/ https://inetsgi.com/ https://scoulariowa.com/ https://enterprisegrain.com/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://weskangrain.com/ https://weskangrain.com/ https://scoularview.com/ http://scoularview.com/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com https://www.scoularview.com/  http://www.scoularview.com/ https://profitpartner.unitedgrain.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://kitsunet.net 'wasm-unsafe-eval'; font-src 'self' https://kitsunet.net; img-src 'self' data: blob: https://kitsunet.net; style-src 'self' https://kitsunet.net 'nonce-DVl7NQA0xCCxuK1C8bCSUw=='; media-src 'self' data: https://kitsunet.net; frame-src 'self' https:; child-src 'self' blob: https://kitsunet.net; worker-src 'self' blob: https://kitsunet.net; connect-src 'self' blob: data: wss://api.kitsunet.net https://kitsunet.net; manifest-src 'self' https://kitsunet.net; form-action 'self' 1
default-src 'self'; frame-src 'self' *.google.com; script-src 'self' ajax.googleapis.com; script-src-elem 'self' *.clarity.ms *.googletagmanager.com *.googleapis.com; connect-src 'self' *.clarity.ms *.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inchcape.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://js.stripe.com https://cdn-assets-prod.s3.amazonaws.com/ https://iframe.app.autoconvert.co.uk https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://cdn.autopress.cl https://unpkg.com https://cdn.jsdelivr.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://api-public.addthis.com https://*.cloudfront.net https://graph.facebook.com https://*.addthis.com https://*.addthisedge.com https://static.hotjar.com https://www.dynamicnumbers.mediahawk.co.uk https://static.analytics.netdirector.auto https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.worldpay.com https://emac-direct.service-plan.co.uk https://maps.googleapis.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://t.astutemetrics.com https://vcc-eu11.8x8.com/CHAT/common/js/chat.js https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_31691278463ce9b3ff0f092.73115630/button.js https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_31691278463ce9b3ff0f092.73115630/img/logo https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_179846823363ce7ebc98f9e3.48906312/button.js https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com/ https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.googleapis.com https://tagmanager.google.com  https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com; img-src 'self' data: https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_31691278463ce9b3ff0f092.73115630/img/logo https://imgsct.cookiebot.com https://vcc-eu11.8x8.com/shared/CHAT/aW5jaGNhcGVtYW5hZ2VtZW4wMQ/button_179846823363ce7ebc98f9e3.48906312/img/logo https://componentsprodstorage.blob.core.windows.net/ https://prodsc-mediacdn.azureedge.net https://lh3.ggpht.com https://azsbrglocdnepdnbvoa.azureedge.net https://ad.doubleclick.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-qa.azureedge.net https://oc-prod.inchcape.com https://inchcape-oc-prod.azureedge.net https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://js.stripe.com https://cdnjs.cloudflare.com https://azeauglocdnedevbvoa.azureedge.net https://azsbrglocdnedevbvoa.azureedge.net https://azeauglocdnepdnbvoa.azureedge.net https://*.google-analytics.com https://*.analytics.google.com https://media.reputation.com https://widgets.reputation.com https://s3-us-west-1.amazonaws.com https://pixelg.adswizz.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://match.adsrvr.org https://track.admaxim.com https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.google.ie https://www.google.co.uk https://*.g.doubleclick.net https://inchcapecdn.azureedge.net https://inchcapeukcdn.azureedge.net https://images-static.trustpilot.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.placeholder.com https://maps.googleapis.com https://maps.gstatic.com https://www.caranddriving.com https://*.googleapis.com https://ssl.gstatic.com https://5490816.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://static.hotjar.com https://script.hotjar.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://fonts.gstatic.com; connect-src 'self' http://inchcapeapi.local https://inchcapecarsearchapi.local/ https://prod.inchcape.co.uk https://dev.inchcape.co.uk prod.inchcape.co.uk https://oc-prod.inchcape.com https://sa-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://emac-direct-api.gforceslivelink.co.uk https://api.autopress.cl https://b2b.autopress.cl https://dn.mediahawk.co.uk https://*.logrocket.io https://*.lr-ingest.io https://analytics.netdirector.co.uk https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://googleads4.g.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://api.oneweb.inchcape.co.uk https://inchcapeuatapi.azurewebsites.net/ https://inchcapeprodapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://inchcapeproductionsearchapi.azurewebsites.net https://inchcapeuatapi.azurewebsites.net https://inchcapeuatimporterapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://m.addthis.com https://www.dynamicnumbers.mediahawk.co.uk http://*.hotjar.io:* https://*.hotjar.io:* http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://*.googleapis.com https://*.optimizely.com https://stats.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com; media-src 'self'; object-src 'self'; child-src 'self' blob:; frame-src 'self' https://js.stripe.com https://iframe.app.autoconvert.co.uk/ https://widgets.reputation.com https://www.bumper.co.uk/ https://www.bumper.co/ https://vcc-eu11.8x8.com/ https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.optimizely.com https://pixel.mathtag.com https://s7.addthis.com https://sdn.sitecore.net https://inchcape.mua.hrdepartment.com https://player.vimeo.com https://vars.hotjar.com https://*.citnow.com https://www.caranddriving.com https://www.youtube.com https://danclarksoninchcape.wufoo.eu https://danclarksoninchcape.wufoo.com https://5490816.fls.doubleclick.net https://emac-direct.service-plan.co.uk https://www.facebook.com/ https://www.google.com https://consentcdn.cookiebot.com; worker-src 'self' blob:; frame-ancestors 'self' https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/; form-action 'self' https://inchcape.mua.hrdepartment.com www.facebook.com; upgrade-insecure-requests; 1
base-uri 'self'; default-src 'self'; child-src https://embed.spotify.com https://embed-standalone.spotify.com https://open.spotify.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.facebook.net https://fb.watch https://player.vimeo.com https://app.covevent.be https://giphy.com https://www.instagram.com https://www.googletagmanager.com https://docs.google.com https://*.slinger.to; connect-src https://www.google-analytics.com https://ssl.google-analytics.com https://region1.google-analytics.com https://www.googleadservices.com https://2019.pukkelpop.be https://cdn.plyr.io https://noembed.com https://*.doubleclick.net https://*.slinger.to https://www.pukkelpop.be/en/; font-src 'self' https://fonts.gstatic.com data:; frame-src https://embed.spotify.com https://embed-standalone.spotify.com https://open.spotify.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.facebook.net https://fb.watch https://player.vimeo.com https://app.covevent.be https://giphy.com https://www.instagram.com https://www.googletagmanager.com https://docs.google.com https://*.slinger.to; img-src 'self' https://www.facebook.com https://* https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://stats.g.doubleclick.net https://cdn.plyr.io https://giphy.com https://*.slinger.to data:; media-src 'self' https://*; object-src; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://connect.facebook.net https://www.googleadservices.com https://stats.g.doubleclick.net https://s.ytimg.com https://cdn.plyr.io https://www.instagram.com https://*.slinger.to 'nonce-i2Jv6ZnXGkpz+8h5EKV69sg1' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdn.plyr.io https://*.slinger.to 'unsafe-inline'; 1
default-src 'self';    child-src 'self' www.youtube.com www.youtube-nocookie.com blob:;    connect-src 'self' apps.hagaziekenhuis.nl nominatim.openstreetmap.org/search;    font-src 'self' data:;    img-src 'self' data: blob: i.ytimg.com img.youtube.com *.tile.openstreetmap.org;    media-src 'self';    object-src 'none';    script-src 'self' 'unsafe-inline' 'unsafe-eval';    style-src 'self' 'unsafe-inline' data:;    base-uri 'self';    form-action 'self';    frame-ancestors 'self' file://*;    report-uri /csp-report;    upgrade-insecure-requests; 1
default-src 'self' https://*.eprocessingnetwork.com https://www.cocardgateway.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.eprocessingnetwork.com https://www.cocardgateway.net; frame-src https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://*.eprocessingnetwork.com https://www.cocardgateway.net https://seal-houston.bbb.org https://sealserver.trustwave.com; connect-src 'self' https://*.eprocessingnetwork.com https://www.cocardgateway.net ws://localhost:13000/; font-src 'self' data: https://*.eprocessingnetwork.com https://www.cocardgateway.net; object-src https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.youtube.com; frame-ancestors https://*.eprocessingnetwork.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ead8883232a26b16df1870a7af5a2e3a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
default-src * data: blob:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' snowheads.com *.snowheads.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.cloudflare.com; style-src 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://portal.tufin.com https://explore.tufin.com 1
connect-src 'self' wss://www.genisysonlinebanking.org wss://*.twilio.com https://maps.geo.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://api.botcopy.com https://*.velaro.com https://*.orpheusdev.net https://*.mfmnow.com https://*.financialhost.org https://*.livetest-financialhost.org https://*.test-financialhost.org https://*.dev-financialhost.org wss://*.orpheusdev.net wss://*.test-financialhost.org wss://*.financialhost.org wss://*.livetest-financialhost.org wss://*.dev-financialhost.org wss://demows.financialtown.com https://demomain.financialtown.com https://demowebrtclb.financialtown.com wss://ws.financialtown.com https://main.financialtown.com https://webrtclb.financialtown.com https://*.purechat.com wss://*.purechat.com 1
default-src 'self' https:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss:; form-action 'self' login.agrar.bayer.de; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /api/Logging/Log 1
default-src *; style-src * 'unsafe-inline'; img-src 'self' https://*.optimole.com https://*.facebook.com https://*.google.com https://*.gravatar.com https://*.linkedin.com https://*.bing.com https://cdn-cookieyes.com https://*.google.co.uk/ https://*.hubspot.com https://*.hs-scripts.com data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://*.tangoanalytics.com https://*.tangodev.wpengine.com https://*.tangostg.wpengine.com https://*.tangoprd.wpengine.com 1
frame-ancestors opay.ng 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.bpindex.co.uk 1
default-src https://storage.googleapis.com 'self' data: blob:; img-src * data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com *.hotjar.com *.hotjar.io https://apis.google.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://www.google.hu https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://api.goaffpro.com *.firebaseio.com *.paypal.com paypal.com *.paypalobjects.com *.datadoghq.com *.goaffpro.com; frame-ancestors none; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://sessionbox-directory-dev.herokuapp.com https://directory.sessionbox.io https://sb-api-gateway-staging.herokuapp.com https://backend-services.sessionbox.io https://sessionbox-one-downloads.sfo3.digitaloceanspaces.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.ingest.sentry.io https://*.google.com https://*.goaffpro.com https://pagead2.googlesyndication.com *.g.doubleclick.net *.google.hu *.firebaseio.com *.datadoghq.com wss://*.firebaseio.com *.hotjar.com *.hotjar.io *.paypal.com paypal.com *.paypalobjects.com wss://ws.hotjar.com https://content.sessionbox.dev *.goaffpro.com; frame-src https://sessionbox.firebaseapp.com/ https://js.stripe.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com *.firebaseio.com *.paypal.com paypal.com paypalobjects.com *.paypalobjects.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:;  font-src https: data:; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; img-src * 'self' data: 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.ibsf.org https://ip-172-26-6-198 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de https://i.ytimg.com https://*.facebook.com https://*.flickr.com https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://ip-172-26-6-198 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.facebook.net https://*.addthis.com https://*.moatads.com https://stats.g.doubleclick.net https://*.cloudflare.com;  script-src-elem 'self' 'unsafe-inline'  https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://polyfill.io https://maps.googleapis.com https://*.facebook.net https://*.addthis.com https://*.moatads.com https://stats.g.doubleclick.net https://v1.addthisedge.com https://*.cloudflare.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com;  font-src        'self' data: https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com;  frame-src       'self' https://*.cookiebot.com https://*.google.com https://*.youtube-nocookie.com https://*.youtube.com https://youtube.com https://i.ytimg.com https://*.facebook.com https://*.addthis.com https://*.sportresult.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.addthis.com;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self'; frame-ancestors 'none'; 1
default-src 'self';base-uri 'self';block-all-mixed-content;child-src 'self';connect-src 'self';font-src 'self';frame-ancestors 'self';frame-src 'self';img-src 'self' data:;manifest-src 'self';media-src 'none';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'; 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline'; img-src 'self' https://api.iconnectdaily.net data: blob: https://www.google-analytics.com/collect; media-src https://api.iconnectdaily.net blob:; connect-src https://api.iconnectdaily.net wss://api.iconnectdaily.net https://*.google-analytics.com/g/collect https://google-analytics.com/g/collect 'self'; font-src 'self'; prefetch-src 'self'; frame-ancestors 'none' 1
default-src 'self' https://polarisxchange.com;base-uri 'self' https://md-scp.kampyle.com;connect-src 'self' https://polarisxchange.com wss://polarisxchange.com wss://*.polarisxchange.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://www.google.com https://adservice.google.com auth.polaris.com auth.polaris.com/.well-known/jwks.json https://joydrive-otel-collector.herokuapp.com/v1/traces https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.bing.com https://*.clarity.ms https://us.js.logs.insight.rapid7.com https://www.facebook.com;frame-src 'self' https://polarisxchange.com https://*.octane.co https://octane.co https://vars.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu auth.polaris.com https://d8pvvu29xif4d.cloudfront.net https://*.auth0.com https://www.youtube.com https://www.youtube-nocookie.com https://js.stripe.com https://www.googletagmanager.com https://www.facebook.com https://datastudio.google.com https://lookerstudio.google.com;font-src 'self' https://polarisxchange.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://*.trustarc.com https://fonts.gstatic.com;img-src 'self' https://polarisxchange.com https://prdpolvehicleinspecstg.blob.core.windows.net https://cdn-qa.polarisxchangecms.com https://cdn-qa.goreveocms.com https://polarisxchange.polarisapi.com https://cdn.polarisxchange.com https://cdn1.polaris.com https://static.hotjar.com https://script.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://di.rlcdn.com https://secure.gravatar.com https://s3.amazonaws.com/reveo-prod-secure-uploads/ https://s3.amazonaws.com/reveo-prod/ https://cdn1.polarisxchange.com https://*.auth0.com data: blob: https://i.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://api.twilio.com https://media.twiliocdn.com https://s3-external-1.amazonaws.com/media.twiliocdn.com;media-src 'self' https://polarisxchange.com ;object-src 'none';report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c083ead0672479e64a82fef3f5b31dd&dd-evp-origin=content-security-policy&ddsource=csp-report&env=production&heroku.app=reveo-prod&heroku.dyno=web.5&host=reveo-prod&platform=reveo&service=joydrive&version=946921d;report-to csp-endpoint;script-src 'report-sample' 'self' https://polarisxchange.com 'nonce-mvUhJ309RhtnZFPbSZANkWV/MoMxLHufl4LBTSMm5aU=' 'unsafe-eval' https://ride-octane-api-sandbox.s3.us-west-2.amazonaws.com https://*.hotjar.com https://*.octane.co https://octane.co https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://js.adsrvr.org https://secure.gravatar.com auth.polaris.com https://*.auth0.com https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://bat.bing.com https://*.clarity.ms https://connect.facebook.net;style-src 'report-sample' 'self' https://polarisxchange.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://fonts.googleapis.com https://www.googletagmanager.com; 1
default-src 'self' ; frame-src  'self' https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi2.mtbank.by:8046/ https://ucas.npc.by:8443/ https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io  https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com  https://halva.mtbank.by https://www.googletagmanager.com   https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/  https://chat.mtbank.by/ https://blinger.io  https://app.blinger.io  https://static.mybank.by data: blob:  https://www.google-analytics.com  https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/  wss://app.blinger.io; media-src 'self' 1
base-uri 'self'; child-src 'self' blob: *.arcgisonline.com data: *.google.com *.googlesyndication.com googleads.g.doubleclick.net mw1.googleapis.com *.facebook.com *.twitter.com; connect-src 'self' data: *.windows.net *.arcgis.com *.arcgisonline.com *.googleapis.com edis-webapi.azurewebsites.net edis-webapi-test.azurewebsites.net *.fbcdn.net staging-website-api.airvisual.net *.google-analytics.com overpass-api.de wwf-sight-maps.org *.rsoe-edis.org *.columbia.edu *.unesco.org *.nasa.gov *.googlesyndication.com; default-src 'self'; font-src 'self' *.arcgis.com; form-action 'self'; frame-ancestors 'self' data: localhost ; img-src 'self' blob: localhost edis-web-test.azurewebsites.net edis-web.azurewebsites.net rsoe-edis.org test.rsoe-edis.org  data: localhost *.arcgisonline.com *.google.com *.arcgis.com *.twitter.com gtranslate.net *.gstatic.com localhost *.openweathermap.org *.githubusercontent.com wwf-sight-maps.org *.opentopomap.org *.columbia.edu *.unesco.org *.nasa.gov *.googlesyndication.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.arcgis.com resource://devtools *.googleapis.com translate.google.com cdn.jsdelivr.net connect.facebook.net *.twitter.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com adservice.google.hu adservice.google.com; style-src 'self' 'unsafe-inline' *.arcgis.com *.googleapis.com; 1
frame-ancestors 'self' *.veertly.com app.eu.veertly.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://plush.city; img-src 'self' https: data: blob: https://plush.city; style-src 'self' https://plush.city 'nonce-zcY1cxdq1iRtYLG0bEU1RQ=='; media-src 'self' https: data: https://plush.city; frame-src 'self' https:; manifest-src 'self' https://plush.city; form-action 'self'; child-src 'self' blob: https://plush.city; worker-src 'self' blob: https://plush.city; connect-src 'self' data: blob: https://plush.city https://cdn.masto.host wss://plush.city; script-src 'self' https://plush.city 'wasm-unsafe-eval' 1
default-src 'self' *.montecito.bank; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.connect.facebook.net *.googleapis.com *.widget.ellieservices.com *.onlinebanktours.com *.videodelivery.net; connect-src 'self' https: *.montecito.bank *.google-analytics.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com https://fonts.googleapis.com *.onlinebanktours.com; img-src 'self' data: content: https: *.montecito.bank *.google-analytics.com *.google.com *.stats.g.doubleclick.net *.maps.gstatic.com *.googleapis.com; media-src 'self' https: embed.videodelivery.net blob:; font-src 'self' https: *.hello.myfonts.net *.fonts.googleapis.com fonts.gstatic.com data:; form-action 'self' https: *.montecito.bank; child-src 'self' https: *.montecito.bank *.prod.northstar.ellielabs.com *.staticxx.facebook.com *.facebook.com *.doubleclick.net *.videodelivery.net; frame-src 'self' https: *.docusign.net; worker-src 'self' https: *.montecito.bank *.videodelivery.net blob: 1
default-src 'self' blob: https://www.youtube-nocookie.com https://www.googletagmanager.com https://identity.netlify.com/ https://*.wistia.net https://*.wistia.com https://*.litix.io https://*.unicomengineering.com;connect-src 'self' blob: 'unsafe-inline' https://www.youtube-nocookie.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.gstatic.com https://www.googletagmanager.com https://consent.cookie-script.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com *.google-analytics.com *.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io *.linkedin.com https://munchkin.marketo.net https://stats.sa-as.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://rtp-static.marketo.com https://221-vvo-216.mktoresp.com https://sjrtp3.marketo.com https://maps.googleapis.com https://maps.gstatic.com https://script.google.com  https://script.googleusercontent.com https://platform-cdn.sharethis.com https://l.sharethis.com https://identity.netlify.com https://stellar-tarsier-ae2b48.netlify.app *.cloudfront.net https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.unicomengineering.com;font-src 'self' data: https://www.youtube-nocookie.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.cloudfront.net https://*.wistia.net https://*.wistia.com https://*.unicomengineering.com;frame-src 'self' https://c.sharethis.mgr.consensu.org www.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.facebook.com https://fast.wistia.net https://fast.wistia.com https://*.unicomengineering.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com *.google.com https://www.facebook.com https://connect.facebook.net https://stats.sa-as.com https://www.linkedin.com https://*.linkedin.com https://www.facebook.com https://i.ytimg.com https://maps.gstatic.com https://l.sharethis.com *.cloudfront.net images.ctfassets.net *.googleapis.com *.ggpht https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net *.unicomengineering.com;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com assets.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com *.google.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://script.google.com  https://script.googleusercontent.com https://sjrtp3-cdn.marketo.com https://munchkin.marketo.net *.marketo.com https://stats.sa-as.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://platform-api.sharethis.com https://*.wistia.net https://*.wistia.com https://src.litix.io https://maxcdn.bootstrapcdn.com https://identity.netlify.com https://*.unicomengineering.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://rtp-static.marketo.com https://stellar-tarsier-ae2b48.netlify.app *.fontawesome.com *.cloudfront.net https://fast.wistia.net https://fast.wistia.com https://maxcdn.bootstrapcdn.com https://*.unicomengineering.com;manifest-src 'self'  https://stellar-tarsier-ae2b48.netlify.app  https://*.unicomengineering.com 1
img-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://staging.benefitsconnect.net;                              style-src 'unsafe-inline' 'self' https://staging.benefitsconnect.net; img-src 'unsafe-inline' 'self' https://www.benefitsconnect.net https://staging.benefitsconnect.net;                             font-src 'self'; upgrade-insecure-requests; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=39lucnhiqufla&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://www.google.com https://www.gstatic.com https://cdn.polyfill.io/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.googleapis.com; font-src 'self' https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com data:; connect-src 'self' 'unsafe-inline' https://assets3.lottiefiles.com https://assets8.lottiefiles.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src * 'self' data: https:; object-src 'self' https://docs.google.com; frame-src 'self' https://www.google.com https://docs.google.com https://form.jotform.com   https://*.servify.in https://*.servify.tech; frame-ancestors 'self' https://*.servify.in https://*.servify.tech 1
default-src 'self' *.cookielaw.org *.joomunited.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cookielaw.org *.joomunited.com *.onetrust.com; style-src 'unsafe-inline' https: *.cookielaw.org *.joomunited.com *onetrust.com; img-src 'unsafe-inline' https: data: *.cookielaw.org *.joomunited.com *.onetrust.com; connect-src https: *.cookielaw.org *.joomunited.com *.onetrust.com; font-src 'unsafe-inline' https: data:; media-src 'self'; report-uri 'self'; child-src 'self' blob: *.vimeo.com; form-action 'self'; object-src 'self' https:; base-uri 'self'; upgrade-insecure-requests 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://www.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.ae https://*.parcellab.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.ae https://m.lookfantastic.ae https://checkout.lookfantastic.ae https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' http://localhost:3333 https://www.sanity.io https://*.sanity.studio https://*.vercel.app 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.fatgranny.com/csp-reports; report-to csp-endpoint 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com fimnet.fi *.fimnet.fi laakariliitto.fi *.laakariliitto.fi laakarilehti.fi *.laakarilehti.fi; style-src 'self' 'unsafe-inline' fonts.googleapis.com auth.fimnet.fi; img-src 'self' * *.google-analytics.com data:; connect-src 'self' fimnet.fi *.fimnet.fi laakarilehti.fi *.laakarilehti.fi laakariliitto.fi *.laakariliitto.fi *.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; media-src 'self' aristo.fimnet.fi; frame-src 'self' *.fimnet.fi www.youtube-nocookie.com www.youtube.com player.vimeo.com w.soundcloud.com; form-action 'self'; frame-ancestors 'self' laakariliitto.fi *.laakariliitto.fi *.fimnet.fi laakarilehti.fi *.laakarilehti.fi login.helsinki.fi 1
default-src https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com smartsupp-widget-161959.c.cdn77.org *.yottlyscript.com fonts.googleapis.com *.google.com *.gstatic.com media.flixcar.com d10lpsik1i8c69.cloudfront.net app.foxentry.cz cdn.foxentry.cz cdn.luigisbox.com *.rajce.idnes.cz; 1
upgrade-insecure-requests; default-src https: 'self'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-7a14e2ebd0da67d21c5328650b729480' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1
frame-ancestors 'self' https://nclive.libwizard.com 1
default-src 'self'; font-src * 'unsafe-inline' 'unsafe-eval';img-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://stg-wheelock.nrg.com https://wheelock.nrg.com; style-src * 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://stg-wheelock.nrg.com https://wheelock.nrg.com;frame-src 'self' https://www.facebook.com https://analytics.analytics-egain.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.hotjar.com https://reliantenergyretailservicesllc.demdex.net https://*.paymentus.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mystream.com https://www.google-analytics.com https://www.facebook.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://bam.nr-data.net  https://reliantenergyretails.tt.omtrdc.net https://*.hotjar.com  https://streamenergy.cardconnect.com:6443 https://streamenergy.cardconnect.com:8443 https://dpm.demdex.net https://stats.g.doubleclick.net; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.cultfurniture.com; base-uri 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://is-a.cat 'wasm-unsafe-eval'; font-src 'self' https://is-a.cat; img-src 'self' data: blob: https://is-a.cat; style-src 'self' https://is-a.cat 'nonce-sncKkXVFmE9W6A1cEwtmOg=='; media-src 'self' data: https://is-a.cat; frame-src 'self' https:; child-src 'self' blob: https://is-a.cat; worker-src 'self' blob: https://is-a.cat; connect-src 'self' blob: data: wss://is-a.cat https://is-a.cat; manifest-src 'self' https://is-a.cat; form-action 'self' 1
base-uri 'self';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0cv3miliqu6e8&partner=; 1
object-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com https://bi-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner-wtfcprod.d3hosted.com https://banner.wintrustdigitalbanking.com; base-uri 'self'; default-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://piwik.d3vcloud.com https://d3dev-fileshare.d3vcloud.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://ipv4.icanhazip.com https://api.ipify.org https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; img-src 'self' 'unsafe-inline' data: blob: https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://d3dev-fileshare.d3vcloud.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; style-src 'self' 'unsafe-inline' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://fonts.googleapis.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; font-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://fonts.googleapis.com https://fonts.gstatic.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; connect-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://d3dev-fileshare.d3vcloud.com https://piwik.d3vcloud.com https://ipv4.icanhazip.com https://api.ipify.org https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; frame-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://*.moneydesktop.com  https://*.money-movement.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://coconino.edu https://www.coconino.edu https://myccc.coconino.edu https://learn.coconino.edu https://coconino.jotform.com https://www.jotform.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://pardot.com https://www.youtube.com https://monsido.com https://tracking.monsido.com https://app-script.monsido.com https://cdnjs.cloudflare.com https://www.googleapis.com https://cse.google.com https://www.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://pi.pardot.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://www.google-analytics.com https://www.clarity.ms https://clarity.ms https://catalog.coconino.edu https://maxcdn.bootstrapcdn.com  https://static.ctctcdn.com; style-src 'self' 'unsafe-inline' https://kit.fontawesome.com https://www.google.com https://www.coconino.edu https://learn.coconino.edu https://cdnjs.cloudflare.com https://fonts.googleapis.com https://catalog.coconino.edu https://static.ctctcdn.com; img-src 'self' https://www.coconino.edu https://coconino.edu https://learn.coconino.edu https://catalog.coconino.edu https://coconino.jotform.com https://*.gstatic.com https://www.googleapis.com https://www.google.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tracking.monsido.com https://monsido.com https://c.clarity.ms https://clarity.ms data: https://static.ctctcdn.com  https://c.bing.com; font-src 'self' data: https://kit.fontawesome.com https://ka-p.fontawesome.com https://www.fontawesome.com https://www.coconino.edu https://learn.coconino.edu https://catalog.coconino.edu https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; child-src 'self' https://www.coconino.edu https://coconino.edu https://learn.coconino.edu https://catalog.coconino.edu https://calendar.google.com https://www.youtube.com https://cdn.yoshki.com; frame-src 'self' https://www.coconino.edu https://coconino.edu https://learn.coconino.edu https://catalog.coconino.edu https://cse.google.com https://www.google.com https://maps.googleapis.com https://go.pardot.com https://go2.coconino.edu https://myccc.coconino.edu https://login.microsoftonline.com https://outlook.office.com https://outlook.com https://www.outlook.com https://www.youtube.com https://schooljobs.com https://ed2go.com https://cdn.yoshki.com  https://coconino.jotform.com  https://jotform.com https://view.officeapps.live.com https://docs.google.com https://drive.google.com https://app.mobilecause.com https://fundraise.givesmart.com; connect-src 'self' https://www.coconino.edu https://coconino.edu https://learn.coconino.edu https://catalog.coconino.edu https://ka-p.fontawesome.com https://kit.fontawesome.com https://cse.google.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://z.clarity.ms https://listgrowth.ctctcdn.com https://s.clarity.ms https://o.clarity.ms https://visitor2.constantcontact.com https://constantcontact.com; frame-ancestors 'self' 1
font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; default-src 'self' https:; script-src 'self' https: 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self' https://testserver.khio.no *.loopsign.eu loopsign.eu 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data: 1
https: data: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none'; img-src 'self' data: ps.w.org support.brainstormforce.com perf-na1.hsforms.com forms.hsforms.com track.hubspot.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' bpb.opendns.com googletagmanager.com www.googletagmanager.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hubspot.com google.com www.google.com gstatic.com www.gstatic.com js-na1.hs-scripts.com player.vimeo.com youtube.com www.youtube.com platform.twitter.com 1
default-src 'self' fiix.software *.fiix.software *.macmms.com macmms.com heapanalytics.com; script-src 'self' fiix.software *.fiix.software *.macmms.com macmms.com *.segment.com *.aptrinsic.com heapanalytics.com *.heapanalytics.com *.amplitude.com *.auth0.com *.flatfile.io *.intercomcdn.com *.intercom.io *.vidyard.com ; connect-src 'self' fiix.software *.fiix.software *.macmms.com macmms.com *.segment.com *.segment.io *.aptrinsic.com *.logs.datadoghq.com *.amplitude.com *.auth0.com *.flatfile.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://*.intercom.io *.vidyard.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.aptrinsic.com; font-src 'self' fonts.gstatic.com; frame-src 'self' fiix.software *.fiix.software *.macmms.com macmms.com *.auth0.com *.flatfile.io fiixsoftware.com *.fiixsoftware.com *.vidyard.com; frame-ancestors 'self' fiix.software *.fiix.software *.macmms.com macmms.com; 1
base-uri 'self'; connect-src 'self' *.clarity.ms *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.sentry.io *.tave.app *.tave.com wss://*.intercom.io/; default-src 'self' *.tave.app; font-src 'self' *.fontawesome.com *.intercomcdn.com *.tave.app fonts.gstatic.com data:; form-action 'self' *.intercom.io intercom.help; frame-ancestors 'self'; frame-src 'self' *.intercom-reporting.com *.vimeo.com *.youtube.com https://www.google.com/recaptcha/ intercom-sheets.com recaptcha.google.com; img-src blob: data: https:; media-src 'self' *.tave.app js.intercomcdn.com blob:; object-src 'none'; script-src 'nonce-4665d8ab18baf953' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' *.fontawesome.com *.tave.app cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'sha256-dK06Ziaa0EW7eznMaLyuarFhVcusz+7eBUuwXo3gWD8=' https://js.stripe.com/v3 https://js.stripe.com/v3/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/gtag/js *.cloudflareinsights.com; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.pushshift.io https://elastic.pushshift.io https://oauth.reddit.com https://ored.reveddit.com https://cred2.reveddit.com https://api.reveddit.com https://www.reddit.com https://removeddit.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com cloudflareinsights.com; font-src 'self'; frame-src 'self' https://js.stripe.com https://www.youtube-nocookie.com/; img-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://pbs.twimg.com data: https:; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=578m86liqu8l8&partner=; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=sports&region=US&lang=en-US&device=desktop&yrid=02t4ghtiqu8nk&partner=; 1
default-src 'none';script-src 'self' 'nonce-Evelyn' *.evelyn.com *.calendly.com *.cloudfront.net *.withcubed.com *.smartrecruiters.com script.infinity-tracking.com embed.typeform.com *.bing.com cdn.cookielaw.org *.trustpilot.com connect.facebook.net js.monitor.azure.com *.googletagmanager.com *.fullstory.com *.doubleclick.net *.hotjar.com *.licdn.com *.tiqcdn.com tracker.marinsm.com *.abtasty.com *.tealiumiq.com www.google-analytics.com *.ceros.com *.google.com *.google.co.uk *.google.com.tr *.google.com.pl *.getsitecontrol.com *.getsitectrl.com *.vimeo.com *.linkedin.com;style-src 'self' embed.typeform.com *.calendly.com static.smartrecruiters.com *.googleapis.com *.abtasty.com 'unsafe-inline';connect-src 'self' *.bing.com i.emlfiles.com *.infinity-tracking.com *.infinity-tracking.net app-uks-prod-bestinvest-website-forms.azurewebsites.net app-uks-test-bestinvest-website-forms.azurewebsites.net wss: cdn.cookielaw.org *.googletagmanager.com geolocation.onetrust.com *.fullstory.com collect.tealiumiq.com cdn.linkedin.oribi.io *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.co.uk *.google.com.tr *.google.com.pl *.doubleclick.net vimeo.com *.getsitecontrol.com *.getsitectrl.com *.linkedin.com *.abtasty.com;font-src 'self' fonts.gstatic.com script.hotjar.com *.abtasty.com;img-src 'self' data: i.emlfiles.com *.vimeocdn.com cdn.cookielaw.org *.bing.com *.ytimg.com *.google.co.uk *.google.com.tr *.google.com.pl *.google.com *.googletagmanager.com *.google-analytics.com www.facebook.com *.cloudfront.net *.typeform.com *.linkedin.com *.abtasty.com;media-src 'self' youtube.com vimeo.com;object-src 'none';frame-ancestors 'self';frame-src 'self' *.evelyn.com calendly.com www.youtube.com *.calconic.com maps.google.com datawrapper.dwcdn.net form.typeform.com *.vimeo.com *.google.com *.ceros.com *.podbean.com *.hylandcloud.com *.trustpilot.com *.abtasty.com 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' cookiebot.com *.cookiebot.com cgtech.com *.cgtech.com webto.salesforce.com stats.g.doubleclick.net www.google-analytics.com www.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net ucalc.pro *.ucalc.pro youtube.com *.youtube.com jquery.com *.jquery.com; object-src 'unsafe-inline' cgtech.com *.cgtech.com; base-uri 'unsafe-inline' cgtech.com *.cgtech.com; script-src 'unsafe-inline' 'unsafe-eval' cookiebot.com *.cookiebot.com  cgtech.com *.cgtech.com fonts.googleapis.com *.pardot.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com ucalc.pro *.ucalc.pro jquery.com *.jquery.com cdn.jsdelivr.net; style-src 'unsafe-inline' cgtech.com *.cgtech.com fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net ucalc.pro *.ucalc.pro jquery.com *.jquery.com; img-src 'self' data: cookiebot.com *.cookiebot.com www.google.com www.google-analytics.com; frame-ancestors 'self' https://go.cgtech.com https://cgtech.com https://www.cgtech.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; img-src 'self' data: https://www.facebook.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://bat.bing.com/ https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' data: https://use.typekit.net; style-src 'self' 'unsafe-inline' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.deltablue.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.clarity.ms https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://*.ddev.site https://*.deltablue.io https://*.soenen-verzekeringen.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com unpkg.com consent.cookiebot.com consentcdn.cookiebot.com cdn.polyfill.io; frame-src 'self' https://www.recaptcha.net/ consentcdn.cookiebot.com *.youtube-nocookie.com *.youtube.com; connect-src 'self' https://w.clarity.ms https://bat.bing.com/ https://px.ads.linkedin.com/ consentcdn.cookiebot.com https://*.craftcms.com https://craftcms.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://embed.tawk.to https://upload.tawk.to https://va.tawk.to wss://*.tawk.to; font-src 'self' data: https://embed.tawk.to; frame-ancestors 'self'; img-src 'self' data: https://embed.tawk.to https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://embed.tawk.to 1
font-src 'self' data: filesystem: www.4en5mei.nl; media-src * 1
default-src 'self' https://googleads.g.doubleclick.net wss://*.tawk.to https://*.clarity.ms https://c.bing.com  https://va.tawk.to https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://vc.hotjar.io https://in.hotjar.com https://inetchat.zoner.com https://www.facebook.com https://www.sandbox.paypal.com  https://www.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.clarity.ms https://pay.google.com https://unpkg.com https://wchat.eu.freshchat.com https://cdn.jsdelivr.net https://embed.tawk.to https://e.infogr.am/ https://c.imedia.cz https://seal.digicert.com https://script.hotjar.com  https://static.hotjar.com https://inetchat.zoner.com https://tagmanager.google.com https://www.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data:  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cz https://*.clarity.ms https://c.bing.com https://www.sslmarket.it/ https://www.sslmarket.cz/ https://www.sslmarket.sk/ https://www.sslmarket.hu/ https://www.sslmarket.de/ https://www.sslmarket.at/ https://www.sslmarket.ch/ https://www.sslmarket.co.uk/ https://www.sslmarket.com/ https://www.sslmarket.fr/ https://www.sslmarket.es/ https://embed.tawk.to https://c.seznam.cz https://c.imedia.cz https://seal.digicert.com  https://inetchat.zoner.com/ https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.cz https://www.google.com https://stats.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://wchat.eu.freshchat.com https://embed.tawk.to https://tagmanager.google.com https://www.gstatic.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://embed.tawk.to https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src https://ndm.monetplus.cz https://iplatebnibrana.csob.cz https://platebnibrana.csob.cz https://pay.google.com/ https://*.freshchat.com https://pastebin.com/ https://player.vimeo.com/ https://seal.digicert.com https://e.infogram.com/ https://e.infogr.am/ https://controlcenter.sslmarket.sk https://controlcenter.sslmarket.hu https://controlcenter.sslmarket.de https://controlcenter.sslmarket.at  https://controlcenter.sslmarket.co.uk https://controlcenter.sslmarket.ru https://controlcenter.sslmarket.jp https://controlcenter.sslmarket.ch https://controlcenter.sslmarket.com https://controlcenter.sslmarket.fr https://controlcenter.sslmarket.es https://controlcenter.sslmarket.ae  https://vars.hotjar.com https://inetchat.zoner.com/ https://www.sandbox.paypal.com https://www.paypal.com https://livehelp.zonercloud.cz https://www.youtube.com https://controlcenter.sslmarket.cz https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.Dcom; object-src https://seal.digicert.com/; frame-ancestors 'self'; 1
default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com 1
default-src https:  wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' analytics.tiktok.com https://fonts.googleapis.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://a.quora.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://px.ads.linkedin.com https://tagmanager.google.com https://static.hotjar.com https://www.google-analytics.com https://analytics.twitter.com https://script.hotjar.com https://sc-static.net https://www.linkedin.com https://platform.twitter.com https://secure-ds.serving-sys.com https://optimize.google.com https://cdn.segment.com https://tags.srv.stackadapt.com https://js.driftt.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-banner.com https://s.swiftypecdn.com https://boards.greenhouse.io https://boards-cdn.greenhouse.io https://s3-cdn.greenhouse.io https://boards-api.greenhouse.io https://tag.simpli.fi https://i.simpli.fi https://munchkin.marketo.net https://go.yourbind.com https://loader.wisepops.com https://cdn.wisepops.com https://*.marketo.com https://www.yourbind.com https://staging-yourbind.netlify.app https://www.surest.com https://staging-surest.netlify.app https://acdn.adnxs.com https://*.on24.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*.typekit.net *.adobe.io wss://*.adobe.io https://assets.adoberesources.net https://lh3.googleusercontent.com https://documentcloud.adobe.com js.zi-scripts.com tags.clickagy.com *.pixel.ad *.basis.net *.sitescout.com https://rum.hlx.page/; frame-ancestors 'self' https://britehr.app; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://www.958888.ru/at/_csp_reports/; 1
frame-ancestors 'self' https://*.atomlms.co.uk; 1
script-src * 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.sirv.com https://*.cloudflare.com https://*.usersnap.com https://*.localmedia.cloud https://*.doubleclick.net; font-src https://fonts.gstatic.com data: *; connect-src 'self' https://*.joomunited.com https://*.wpml.org https://*.localmedia.cloud https://*.google-analytics.com https://*.usersnap.com https://*.doubleclick.net https://*.cookiebot.com; frame-src 'self' https://*.google.com https://consentcdn.cookiebot.com https://google-analytics.com; img-src 'self' https://*.localmedia.cloud data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; frame-ancestors 'self' https://groundcontrol.wscmdu.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-MuYR5CtvlTdIkhy5aEccLQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' https://*.ladym.com https://ct.pinterest.com https://*.doubleclick.net ; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://cdn.heapanalytics.com https://static.klaviyo.com https://lady-m.chat.getzowie.com https://live-chat.chatbotize.com https://waw.chat.getzowie.com https://us1.chat.getzowie.com https://core-chat.chatbotize.com https://static.zdassets.com https://*.klaviyo.com https://connect.facebook.net https://s.pinimg.com https://acsbap.com https://acsbapp.com https://*.forter.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://google.com https://*.google.com ; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://google.com https://*.google.com https://*.doubleclick.net https://pixel.quantcount.com https://www.facebook.com https://lady-m.chat.getzowie.com https://live-chat.chatbotize.com https://waw.chat.getzowie.com https://us1.chat.getzowie.com https://core-chat.chatbotize.com https://ct.pinterest.com https://*.chatbotize.com https://*.klaviyo.com https://*.acsbapp.com https://*.acsbap.com https://acsbapp.com https://acsbap.com https://*.forter.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://*.ladym.com ; img-src 'self' 'unsafe-inline' https://*.doubleclick.net https://*.openstreetmap.org https://www.facebook.com https://www.google.com https://d19yrbotj838oi.cloudfront.net https://ct.pinterest.com https://pixel.quantserve.com https://www.google-analytics.com https://analytics.google.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://www.gstatic.com https://cdn.acsbapp.com https://*.ladym.com https://s3.amazonaws.com/assets.ladym.com/ data: ; media-src 'self' https://s3.amazonaws.com/assets.ladym.com/ https://*.ladym.com data: ; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.typekit.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://fast.fonts.net https://fonts.googleapis.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://*.ladym.com https://google.com https://*.google.com ; frame-src 'self' https://www.youtube.com https://*.ladym.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://pay.google.com https://ct.pinterest.com https://*.doubleclick.net https://live-chat.chatbotize.com https://lady-m.chat.getzowie.com https://waw.chat.getzowie.com https://us1.chat.getzowie.com https://core-chat.chatbotize.com ; frame-ancestors 'self' https://*.ladym.com ; form-action 'self' https://*.ladym.com https://www.facebook.com https://accounts.google.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com ; worker-src 'self' https://*.ladym.com ; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.typekit.net https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://*.acsbapp.com https://*.klaviyo.com https://s3.amazonaws.com data: ; 1
default-src 'none'; font-src 'self' *.omq.de userlike-cdn-umm.b-cdn.net data:; frame-src 'self' *.verimi.de *.omq.de data:; img-src 'self' *.verimi.de *.omq.de *.userlike.com data:; manifest-src 'self'; media-src 'self' *.verimi.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de *.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de data:; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.verimi.de *.omq.de data:; connect-src 'self' *.omq.de *.matomo.cloud userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.userlike.com wss://umd.userlike.com; form-action 'self' *.salesforce.com; base-uri 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.shipwire.com https://www.shipwire.com; 1
form-action https: www.przelewy24.pl; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 1
default-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com liberapay.com data: 1
frame-ancestors 'self' https://als.my.salesforce.com https://als.lightning.force.com https://*.force.com 1
frame-ancestors 'self' *.testdome.com examroom.ai; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://cdn.raygun.io/raygun4js/raygun.min.js https://www.floridahousing.org/ https://cdn.userway.org/widget.js elmahio.min.js https://www.floridahousing.org/Scripts/elmahio.min.js api.elmah.io *.userway.org https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.userway.org/widget.js *.userway.org https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.userway.org; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://translate.google.com https://www.google.com https://cdn.userway.org/widget.js *.userway.org; media-src 'self' data: blob:; frame-src 'self' https://apps.floridahousing.org/ https://floridahousing.sharefile.com/ https://www.youtube.com/embed/QVXAam3CHi8 https://www.youtube.com/embed/lI6PG4UCm6I https://player.vimeo.com/video/389876939 https://www.youtube.com/embed/70sD1sJXHnM https://cdn.userway.org/widget.js api.elmah.io *.userway.org https://floridahousing.org/demo3.html https://www.youtube.com/embed/4vsmv-0AK8Y  https://www.youtube.com/embed/Gb4b9gwNl8g https://www.youtube.com/embed/rolim_U_-J8 https://www.youtube.com/embed/Sj_3UTzBYbU https://www.youtube.com/embed/u0XFzHNcF6Y https://www.youtube.com/embed/59yHsKUQBf0 https://www.youtube.com/embed/111W_B9GiM8 https://www.youtube.com/embed/_4n68faqZS0 https://www.youtube.com/embed/_Ng1nHd_rBE https://www.youtube.com/embed/1s9RPndjEOg https://www.youtube.com//embed/2vhz6vbG8js ; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdn.userway.org/widget.js *.userway.org; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com  https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com *.google-analytics.com apis.google.com https://translate.googleapis.com https://stats.g.doubleclick.net https://cdn.userway.org/widget.js api.elmah.io *.userway.org; 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://krannich-solar.com https://ip-172-26-12-168 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de https://*.facebook.com https://*.linkedin.com https://*.googletagmanager.com https://*.doubleclick.net https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval'  https://*.bootstrapcdn.com https://*.pxia.de https://ip-172-26-12-168 https://*.cookiebot.com https://*.google.com https://*.googleapis.com https://*.gstatic.com *.google-analytics.com https://*.googletagmanager.com;  script-src-elem 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.licdn.com https://*.mouseflow.com https://*.googleadservices.com https://*.googletagmanager.com https://*.youtube.com https://*.google.de;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.googletagmanager.com;  font-src        'self' data: https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com;  frame-src       'self' https://*.cookiebot.com https://*.google.com https://www.youtube-nocookie.com https://indd.adobe.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com https://*.doubleclick.net https://*.google.com https://*.linkedin.oribi.io https://*.linkedin.com;  1
frame-ancestors 'self' my.bonify.de www.bonify.de pages.bonify.de 1
script-src 'self' https: 'nonce-7wWFbROX46RsN3Q0lpsSBQ==' 1
default-src 'self';      style-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net ;      script-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net ;      img-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net data:;      media-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net;     connect-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net;     font-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net;     object-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net;     frame-src 'self' https://www.crisis.nl https://crisis.nl https://crisis-static.azurewebsites.net;         form-action 'none';         base-uri 'self';         frame-ancestors 'self'; 1
default-src https://www.affinitycu.ca; base-uri https://www.affinitycu.ca https://acu-pubweb-staging.azurewebsites.net/; form-action 'self' https://webto.salesforce.com https://salesforce.com; connect-src 'self' https://webto.salesforce.com https://salesforce.com https://www.affinitycu.ca/_layouts/15/RatesService.aspx https://chatserver13.comm100.io https://max13.comm100.io https://www.bankofcanada.ca https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://max3.comm100.io https://chatserver3.comm100.io https://www.google-analytics.com https://www.affinitycu.ca https://maps.googleapis.com  https://api.insight.sitefinity.com; font-src 'self' https://fonts.gstatic.com https://vue.comm100.io https://chatserver.comm100.io https://vue.comm100.com https://chatserver.comm100.com/visitorside/fonts/sourcesanspro-regular.woff data:; frame-src 'self' https://affinitycu-my.sharepoint.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.office.com/ https://www.google.com/ https://player.vimeo.com/ https://acu-pubwebforms-staging.azurewebsites.net/ https://www.affinitycu.ca https://www.youtube.com https://acu-pubwebforms.azurewebsites.net/ https://e.issuu.com/; media-src https://chatserver3.comm100.io; frame-ancestors 'self' https://www.affinitycu.ca; img-src 'self' https://acu1.azureedge.net blob: https://ads.stickyadstv.com https://chatserver13.comm100.io https://pixel.rubiconproject.com https://simage2.pubmatic.com https://image6.pubmatic.com https://us-u.openx.net https://dsum-sec.casalemedia.com https://cm.g.doubleclick.net https://ups.analytics.yahoo.com https://pixel.advertising.com https://ib.adnxs.com https://i.ytimg.com https://ads.yahoo.com https://chatserver3.comm100.io https://public-prod-dspcookiematching.dmxleo.com https://www.google-analytics.com https://a.tribalfusion.com https://77763.global.siteimproveanalytics.io https://bs.serving-sys.com https://s.tribalfusion.com https://tags.bluekai.com/ https://pixel.tapad.com/ https://dpm.demdex.net https://aa.agkn.com/adscores/ https://sync.search.spotxchange.com https://loadus.exelator.com https://odr.mookie1.com https://ads.scorecardresearch.com https://id5-sync.com https://analytics.twitter.com https://t.mookie1.com data: https://maps.googleapis.com https://maps.gstatic.com https://o2.eyereturn.com https://tags.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.gstatic.com/ https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/Chart.js/3.7.0/chart.min.js https://www.youtube.com https://standby.comm100vue.com https://vue.comm100.com https://siteimproveanalytics.com https://www.google-analytics.com https://hostedmax.comm100.com https://chatserver.comm100.com https://code.jquery.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://cdn.insight.sitefinity.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/vyz5nal.css https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css fonts.googleapis.com fonts.googleapis.com3.comm100.io https://www.bankofcanada.ca https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://max3.comm100.io https://chatserver3.comm100.io https://www.google-analytics.com https://acu-pubweb-test.azurewebsites.net https://maps.googleapis.com https://api.insight.sitefinity.com; manifest-src 'self'; 1
font-src data: blob: *.americanframe.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.filestackapi.com https://acsbapp.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com data: blob: *.americanframe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.braintree-api.com *.braintreegateway.com *.hubspot.com *.hsforms.net *.hsforms.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ data: blob: *.americanframe.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.cybersource.com *.braintree-api.com *.braintreegateway.com *.googleapis.com *.gstatic.com *.google.com *.googlesyndication.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.trustpilot.com *.hubspot.com *.kaptcha.com *.accessibe.com *.hsforms.com *.hsforms.net outlook.office365.com *.dotdigital-pages.com *.dotdigital.com https://acsbapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: *.americanframe.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.s3.amazonaws.com s3.amazonaws.com *.paypal.com *.paypalobjects.com *.braintree-api.com *.braintreegateway.com *.magentocommerce.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.ie *.google.it *.google.jo *.google.ik *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.sk *.google.com.ar *.google.com.au *.google.com.br *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.my *.google.com.ng *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.sg *.google.com.tw *.google.com.ua *.google.com.vn *.google.ae *.google.ca *.google.cn *.google.co.in *.google.co.il *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.co.za *.google.co.ma *.googleusercontent.com *.doubleclick.net *.hsforms.com *.hsforms.net *.hubspot.com *.adelixir.com *.bing.com *.acsbapp.com *.facebook.com *.certcapture.com *.nr-data.net *.clarity.ms *.omtrdc.net meetanshi.com *.hubspotusercontent-na1.net *.trackedlink.net https://fonts.googleapis.com https://*.filestackapi.com https://cdn.filestackcontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ data: blob: *.americanframe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.paypal.com *.paypalobjects.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.hotjar.io *.hotjar.com *.doubleclick.net *.cybersource.com *.hs-scripts.com *.trustpilot.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.bing.com *.adelixir.com *.braintree-api.com *.braintreegateway.com *.usemessages.com *.facebook.net *.certcapture.com *.hsleadflows.net *.polyfill.io *.clarity.ms *.hubspot.com *.aptrinsic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://*.filestackapi.com https://acsbapp.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com data: blob: *.americanframe.com *.getfirebug.com *.myfonts.net *.googleapis.com *.certcapture.com *.hubspot.com https://*.filestackapi.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.americanframe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com data: blob: *.americanframe.com *.magento.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.s3.amazonaws.com *.google-analytics.com *.googleadservices.com *.google.com *.doubleclick.net *.hubspot.com *.acsbapp.com *.braintree-api.com *.braintreegateway.com *.bing.com *.paypal.com *.trustpilot.com *.certcapture.com *.facebook.net *.hsforms.com *.clarity.ms *.demdex.net *.hscollectedforms.net *.hotjar.io *.hotjar.com *.ws.hotjar.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://fonts.googleapis.com https://filestack-uploads-persist-production.s3.amazonaws.com https://cdn.filestackcontent.com https://*.filestackapi.com https://cdn.acsbapp.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src data: blob: *.americanframe.com *.cybersource.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
connect-src 'self' *.adnxs.com *.articulate.com *.authorize.net *.cdnma.com *.clarity.ms *.datawrkz.com *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleapis.com *.googlesyndication.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net *.mktoresp.com *.nr-data.net *.optimizely.com *.vimeo.com *.wisepops.com *.wisepops.net wisepops.net wisepops.com180-lsv-672.mktoutil.com adservice.google.com app.getwisp.co my.yoast.com pages.academicimpressions.com stats.g.doubleclick.net vimeo.com wss://*.visitors.live wss://visitors.live; frame-src 'self' *.facebook.com *.google.com *.mindstamp.io *.vimeo.com northeastern.academicimpressions.com public.tableau.com td.doubleclick.net www.socialintents.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: http: https:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cdnma.com *.clarity.ms *.academicimpressions.com *.authorize.net *.cloudflare.com *.cloudfront.net *.datawrkz.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.luckyorange.com *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.optimizely.com *.pagely.com *.pcdn.co *.pressdns.com *.socialintents.com *.vimeo.com *.wisepops.com *.wisepops.net app.getwisp.co bid.g.doubleclick.net blob: c.bing.com code.jquery.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com newrelic.com nr-data.net public.tableau.com secure.adnxs.com snap.licdn.com stackpath.bootstrapcdn.com static.ads-twitter.com stats.wp.com yoast.com wisepops.com wisepops.net; worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net *.s44265.p1497.sites.pressdns.com blob: public.tableau.com; report-uri https://academimpressions.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: wss://ws23.hotjar.com/ https://*.azureedge.net https://*.azure-api.net https://*.blob.core.windows.net https://*.azurewebsites.net https://portal.sjofartsdir.no blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.google-analytics.com https://static.hotjar.com https://*.azureedge.net https://*.cloudflare.com https://widget.usersnap.com https://*.vimeo.com blob:; style-src 'self' 'unsafe-inline' https: https://*.azureedge.net https://*.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: blob:; frame-src 'self' https: https://*.vimeo.com https://*.azure-api.net; upgrade-insecure-requests 1
connect-src 'self' ;default-src 'self' fonts.googleapis.com ;font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com ;frame-ancestors 'self' ;frame-src 'self' www.youtube-nocookie.com platform.twitter.com ;img-src 'self' data: www.lelystad.nl www.toegankelijkheidsverklaring.nl  6005055.global.siteimproveanalytics.io ;script-src 'self' 'nonce-c9b12ba3-d1b2-4f43-80ed-7419f004ea27' platform.twitter.com  cdn.jsdelivr.net siteimproveanalytics.com ;style-src 'self' 'nonce-c9b12ba3-d1b2-4f43-80ed-7419f004ea27' fonts.googleapis.com maxcdn.bootstrapcdn.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodontti.fi; img-src 'self' https: data: blob: https://mastodontti.fi; style-src 'self' https://mastodontti.fi 'nonce-c6pBQIbst+8OgiVDN/5ieA=='; media-src 'self' https: data: https://mastodontti.fi; frame-src 'self' https:; manifest-src 'self' https://mastodontti.fi; form-action 'self'; child-src 'self' blob: https://mastodontti.fi; worker-src 'self' blob: https://mastodontti.fi; connect-src 'self' data: blob: https://mastodontti.fi https://cdn.masto.host wss://mastodontti.fi; script-src 'self' https://mastodontti.fi 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.freo.local *.freo.nl *.rabobank.nl feedback.usabilla.com; 1
frame-ancestors 'self' admin.madrex.com eg2.eltex.co.jp 1
frame-ancestors 'self' http://www.engdahlassuranse.no 1
default-src 'self' 'unsafe-inline' https://*;img-src 'self' data: 'unsafe-inline' https://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*;style-src 'self' 'unsafe-inline' https://*;font-src 'self';object-src 'none'; 1
default-src https: data: blob: wss:; script-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src https: data: blob: wss: 'unsafe-inline'; 1
object-src 'none'; child-src 'self' https://*.stripe.com https://*.olark.com https://*.google.com https://*.facebook.com https://*.doubleclick.net https://embed.wirewax.com https://www.youtube.com https://*.marketo.com https://*.marketo.net https://*.formstack.com https://*.linkedin.com https://*.adsymptotic.com https://www.recaptcha.net https://*.adsrvr.org https://alive5.com https://*.snapchat.com https://*.research-mlb.com https://*.googletagmanager.com https://*.gwapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.stripe.com https://*.olark.com https://www.google-analytics.com https://*.googleadservices.com https://ssl.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://script.crazyegg.com https://*.optimizely.com https://*.cloudflareinsights.com https://ajax.googleapis.com https://*.marketo.net https://*.marketo.com https://*.mktoweb.com https://*.mpio.io https://*.agkn.com https://secure.quantserve.com https://rules.quantcount.com https://www.youtube.com https://*.linkedin.com https://*.licdn.com https://*.formstack.com https://*.adsrvr.org https://www.recaptcha.net https://www.gstatic.com https://alive5.com https://*.zoominfo.com https://js.zi-scripts.com https://*.tvsquared.com https://*.bing.com https://*.facebook.com https://*.sc-static.net https://sc-static.net https://*.tiktok.com https://*.ads-twitter.com https://*.snapchat.com https://cdn.jsdelivr.net https://code.jquery.com https://*.salesloft.com https://tags.srv.stackadapt.com https://cdn.evgnet.com https://*.hsforms.net; frame-ancestors 'self' https://js.stripe.com; block-all-mixed-content; report-uri https://segcsp.report-uri.com/r/d/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://raru.re; img-src 'self' https: data: blob: https://raru.re; style-src 'self' https://raru.re 'nonce-K8dbb9fIgtxIiDorEhahpQ=='; media-src 'self' https: data: https://raru.re; frame-src 'self' https:; manifest-src 'self' https://raru.re; form-action 'self'; child-src 'self' blob: https://raru.re; worker-src 'self' blob: https://raru.re; connect-src 'self' data: blob: https://raru.re https://cdn.raru.re wss://raru.re; script-src 'self' https://raru.re 'wasm-unsafe-eval' 1
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-J/z0+goRXWUMzRJnWtSqtA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.spareroom.co.uk *.spareroom.com *.spareroom.fr *.spareroom.net *.cookiepro.com *.apple.com *.apple-mapkit.com *.google-analytics.com *.trustpilot.com *.google.com *.google.co.uk *.googleapis.com *.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net *.facebook.net *.facebook.com *.rollbar.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.gstatic.com *.polyfill.io *.ytimg.com *.stripe.com *.paypal.com *.paypalobjects.com *.zendesk.com *.zdassets.com *.ideal-postcodes.co.uk *.postcodeanywhere.co.uk *.googleadservices.com *.zopim.com *.bing.com *.web.emea-1.jumio.ai *.netverify.com *.spareroom.id *.abercrombiekent.co.uk *.fontawesome.com *.honey.io *.erm-assets.com *.appartager.com *.onfido.com *.cloudfunctions.net 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://auth.dis.gov.au; base-uri 'self'; img-src 'self' data:; font-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://staging.microban24.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.com *.youtube.com *.bazaarvoice.com https://js.adsrvr.org https://pghub.io https://connect.facebook.net https://script.crazyegg.com https://www.googletagmanager.com https://www.google-analytics.com *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.cookielaw.org *.doubleclick.net *.bazaarvoice.com *.google-analytics.com https://i.ytimg.com https://www.facebook.com https://match.adsrvr.org *.google.com https://images.ctfassets.net https://pixel.tapad.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.segment.com *.segment.io *.adsrvr.org *.bazaarvoice.com https://az-apigateway-cs-prod-20180702.azure-api.net *.algolia.net https://stats.g.doubleclick.net https://script.crazyegg.com https://region1.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; frame-src 'self' https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://consumersupport.pg.com https://insight.adsrvr.org https://pandg.tapad.com *.doubleclick.net feed.pghub.io pandg.tapad.com ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.mioskincare.fr https://m.mioskincare.fr https://checkout.mioskincare.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors https://aktiespararna.sanity.studio/ 1
default-src blob: 'self'; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.accessionmeeting.com http://*.mymeet.me http://*.accessionmeeting.com https://*.mymeet.me https://accessionmeeting.com http://mymeet.me http://accessionmeeting.com https://mymeet.me http://ajax.aspnetcdn.com http://apps.bdimg.com http://cdn.mplxtms.com http://cdn.pardot.com http://connect.facebook.net http://intljs.rmtag.com http://js.ywsem.com http://m.baidu.com http://pi.pardot.com http://rum-static.pingdom.net http://static.hotjar.com http://static.tieba.baidu.com http://tagmanager.google.com http://www.comeet.co http://www.google-analytics.com http://www.google.com http://www.googleadservices.com http://www.googletagmanager.com https://*.cmptch.com https://*.50million.club https://*.cloudfront.net https://ajax.aspnetcdn.com https://apis.google.com https://apiurl.org https://appsforoffice.microsoft.com https://assets.zendesk.com https://cdn.5bong.com https://cdn.jsdelivr.net https://cdncache-a.akamaihd.net https://code.jquery.com https://connect.facebook.net https://consent.trustarc.com https://extnetcool.com https://fp166.digitaloptout.com https://higedev.cool https://intljs.rmtag.com https://localhost:1337 https://pi.pardot.com https://rum-static.pingdom.net https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://script.hotjar.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://secure.myshopcouponmac.com https://srvvtrk.com https://static.hotjar.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tagmanager.google.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.recaptcha.net https://www.gstatic.cn https://*.meetzoom.us; img-src https: http: blob: data: 'self'; style-src blob: https: 'unsafe-inline' 'self'; font-src https: data: chrome-extension: 'self'; connect-src * blob: data: 'self'; media-src * blob: 'self'; frame-src 'self' https://*.accessionmeeting.com https://*.mymeet.me http://www.googletagmanager.com https: ms-appx-web: accessionmeeting: com.accessionmeeting zoom zoomamdev zoomamdev: com.callone.meeting: zoomserveurcom: zoomnhc: com.accessionmeeting.aspenuc.meeting: zoomamdevtgs: com.accessionmeeting.sonic: me.mymeet.h3a: me.mymeet.h3asit: com.accessionmeeting.allstream-ca: com.accessionmeeting.allstream-us: com.accessionmeeting.aspenuc.meeting: com.accessionmeeting.broadvoice: com.accessionmeeting.cablebahamas: com.accessionmeeting.calltower: com.accessionmeeting.chief070.meeting: com.accessionmeeting.cloudx: com.accessionmeeting.docomopacific: com.accessionmeeting.docomopacificspn: com.accessionmeeting.fetnet.meeting: com.accessionmeeting.frontier: com.accessionmeeting.getgds: com.accessionmeeting.gtdconectados: com.accessionmeeting.liquid: com.accessionmeeting.liquidpoc.meeting: com.accessionmeeting.mcmtelecom.meeting: com.accessionmeeting.myaccessplus: com.accessionmeeting.myaccessplus-lab: com.accessionmeeting.nt.meeting: com.accessionmeeting.officesmart.meeting: com.accessionmeeting.pod: com.accessionmeeting.testfly-aces.meeting: com.accessionmeeting.vtrnegocios: com.accessionmeeting.xchangetele.centraloffice: com.accessionmeeting.zwelamais: com.earthlinkmeetingroom.meeting: em.teemym.dnuotsa: me.mymeet.cablenet: me.mymeet.dhiraagu: me.mymeet.ena: me.mymeet.maxcom.meeting: me.mymeet.vivo.meeting: me.mymeet.enove: me.mymeeting.east: me.mymeeting.west: mymeet.me.gtd: zoomamdev: zoomcareconnect: zoomcw: zoomelnklab: zoomsotel: zoomyiptel: me.mymeet.sparklight: me.mymeet.uat-sparklight: itms-apps://itunes.apple.com; report-uri https://www.accessionmeeting.com/csp/report 1
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; default-src 'self'; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://facebook.com https://*.facebook.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.google.com/ads https://a.quora.com/ https://q.quora.com/ https://quora.com/ https://www.facebook.com; script-src 'self' https://*.googletagmanager.com https://apis.google.com https://a.quora.com/ https://q.quora.com/ https://quora.com/ https://ct.capterra.com/ http://ct.capterra.com/ https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src 'self'  https://www.google.com  https://www.googletagmanager.com https://www.gstatic.com https://i.ytimg.com https://www.youtube.com https://www.google-analytics.com https://www.el-mouradia.dz https://*.el-mouradia.dz https://el-mouradia.dz https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com  https://www.gstatic.com  https://*.el-mouradia.dz https://el-mouradia.dz https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://fonts.googleapis.com https://*.el-mouradia.dz https://el-mouradia.dz https://fonts.gstatic.com 1
frame-ancestors 'self' https://*.olympus-ims.com https://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 1
default-src 'self';style-src 'self' 'unsafe-inline' assets.wogaa.sg unpkg.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.dcube.cloud assets.wogaa.sg assets.adobedtm.com unpkg.com code.jquery.com;font-src 'self' assets.wogaa.sg fonts.gstatic.com;img-src data: 'self' d33wubrfki0l68.cloudfront.net www.lta.gov.sg ncspteltd.sc.omtrdc.net docs.onemap.sg maps-b.onemap.sg maps-c.onemap.sg maps-a.onemap.sg wogadobeanalytics.sc.omtrdc.net www.onemap.gov.sg i.imgur.com ncsptemytransport.112.2o7.net ncsptemytransport.112.2o7.net;child-src blob: *;connect-src 'self' *;worker-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * 1
font-src https://widgets.trustedshops.com data: *.gstatic.com *.trustedshops.com *.weareeves.com v2.zopim.com https://fonts.gstatic.com cdn.mailcampaigns.nl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.sendcloud.sc *.jsdelivr.net *.google.com https://optimize.google.com *.cookiebot.com *.facebook.com *.doubleclick.net *.addthis.com *.criteo.com *.robinhq.com *.api.useinsider.com squeezely.tech *.squeezely.tech bam.eu01.nr-data.net s.kk-resources.com *.pushbird.com pushbird.com surfly.com static.criteo.net consentcdn.cookiebot.eu *.sovendus.com *.sovendus-connect.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://widgets.trustedshops.com https://static.buckaroo.nl *.amazonaws.com *.klaviyo.com johnbeerens.com johnbeerens.be *.johnbeerens.com *.johnbeerens.bluebirdday.io *.bluebirdday.io maps.gstatic.com *.googleapis.com *.ggpht *.google.com *.google.nl *.googletagmanager.com *.trustedshops.com *.facebook.com *.pinterest.com *.gravatar.com fr135.net *.fr135.net *.percolate-3.hipex.cloud *.bing.com *.weareeves.com *.cloudfront.net *.googlesyndication.com googlesyndication.com v2assets.zopim.com v2assets.zopim.io v2.zopim.com v2.zopim.io *.api.useinsider.com squeezely.tech *.squeezely.tech bam.eu01.nr-data.net s.kk-resources.com *.pushbird.com pushbird.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.media.net *.360yield.com *.casalemedia.com *.3lift.com *.adform.net *.bidswitch.net *.sharethrough.com *.stickyadstv.com *.mediavine.com *.taboola.com *.yieldmo.com *.emxdgt.com *.smaato.net *.liadm.com *.yahoo.com *.analytics.yahoo.com *.adnxs.com *.criteo.com c.clarity.ms robincontentdesktop.blob.core.windows.net https://optimize.google.com media.flixcar.com rt.flix360.com t-beta.flix360.io portal.payconiq.com cdn.mailcampaigns.nl *.speedcurve.com www.magmodules.eu *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://widgets.trustedshops.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.buckaroo.nl *.sendcloud.sc *.jsdelivr.net https://static.klaviyo.com https://fast.a.klaviyo.com maps.googleapis.com *.google.com *.gstatic.com *.googleoptimize.com *.trustedshops.com *.johnbeerens.com *.pushbird.com pushbird.com chimpstatic.com *.cookiebot.com *.tweakwise.com *.facebook.net *.pinimg.com *.addthisedge.com *.addthis.com *.newrelic.com *.criteo.net *.criteo.com *.bing.com *.robinhq.com robincontentdesktop.blob.core.windows.net surfly.com *.surfly.com az416426.vo.msecnd.net *.weareeves.com *.klaviyo.com unpkg.com www.dwin1.com v2.zopim.com static.zdassets.com ekr.zdassets.com www.facebook.com *.api.useinsider.com squeezely.tech *.squeezely.tech bam.eu01.nr-data.net s.kk-resources.com *.googlesyndication.com googlesyndication.com secure.authorize.net test.authorize.net js.braintreegateway.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/  widgets.trustedshops.com static.klaviyo.com fast.a.klaviyo.com *.avada.io www.squeezely.tech tagmanager.google.com *.clarity.ms *.flixfacts.com *.google.nl *.flixgvid.flix360.io media.flixcar.com consent.cookiebot.eu consentcdn.cookiebot.eu *.sovendus.com *.sovendus-connect.com *.netlify.app *.speedcurve.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://widgets.trustedshops.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.sendcloud.sc *.jsdelivr.net *.googleapis.com https://optimize.google.com https://fonts.googleapis.com *.klaviyo.com *.trustedshops.com *.buckaroo.nl *.weareeves.com *.api.useinsider.com squeezely.tech *.squeezely.tech bam.eu01.nr-data.net s.kk-resources.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.trustedshops.com *.etrusted.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.klaviyo.com https://fast.a.klaviyo.com *.johnbeerens.com *.tweakwise.com *.doubleclick.net *.dhlparcel.nl *.googleapis.com *.pinterest.com *.bing.com surfly.com *.surfly.com *.visualstudio.com *.nr-data.net *.weareeves.com *.googlesyndication.com googlesyndication.com *.api.useinsider.com squeezely.tech *.squeezely.tech bam.eu01.nr-data.net s.kk-resources.com *.facebook.com facebook.com google-analytics.com *.google-analytics.com google.com *.google.com *.cardinalcommerce.com *.paypal.com fast.a.klaviyo.com get.geojs.io *.avada.io *.cookiebot.com *.clarity.ms sentry.io *.flixgvid.flix360.io media.flixcar.com consent.cookiebot.eu checkout.buckaroo.nl wss://websockets.buckaroo.io consentcdn.cookiebot.eu *.sovendus.com *.sovendus-connect.com *.supabase.co api.ipify.org https://get.geojs.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com www.missingpeople.org.uk ws.hotjar.com content.hotjar.io analytics.audioeye.com wss://ws.hotjar.com vc.hotjar.io metrics.hotjar.io  fonts.googleapis.com stats.g.doubleclick.net queue.simpleanalyticscdn.com www.facebook.com google.co.uk checkout.stripe.com api.stripe.com maps.googleapis.com connect-js.stripe.com js.stripe.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src  data: missingpeople.org.uk *.gstatic.com wsv3cdn.audioeye.com  www.missingpeople.org.uk; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com facebook.com js.stripe.com www.facebook.com wsv3cdn.audioeye.com missingpeople.livevacancies.co.uk *.doubleclick.net v4in1-si.click4assistance.co.uk v4in1-ti.click4assistance.co.uk checkout.stripe.com js.stripe.com hooks.stripe.com connect-js.stripe.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com www.facebook.com  queue.simpleanalyticscdn.com v4in1-si.click4assistance.co.uk *.stripe.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net checkout.stripe.com js.stripe.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net js.stripe.com cloud.hopewiser.com static.hotjar.com wsmcdn.audioeye.com script.hotjar.com wsv3cdn.audioeye.com  *.audioeye.com scripts.simpleanalyticscdn.com *.google.com v4in1-si.click4assistance.co.uk  *.googleapis.com; style-src 'self' 'unsafe-inline' blob: ajax.googleapis.com fonts.googleapis.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com scripts.simpleanalyticscdn.com gstatic.com translate.googleapis.com *.gstatic.com; 1
upgrade-insecure-requests; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'  blob: data: https://www.googletagmanager.com; style-src https: 'unsafe-inline' ;  report-uri https://rakez.com 1
frame-ancestors  https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-tasks.yandex&project=tasks; 1
frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com  *.golfpass.com *.golfgenius.com golfgenius.com  ggstest.com ggstest2.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' at.alicdn.com *.alicdn.com *.googleapis.com *.gstatic.com *.baidu.com *.bdimg.com *.xinhongru.com *.highcharts.com *.youku.com *.liantu.com *.highcharts.com *.qq.com data: 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws; report-to csp-report; report-uri https://services.webjet.co.nz/api/logger/log/platform/policy-csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.gstatic.com www.googleadservices.com maps.googleapis.com static.olark.com api.olark.com knrpc.olark.com servedbyadbutler.com pagead2.googlesyndication.com www.googletagmanager.com click.appcast.io connect.facebook.net optimize-pixel.jobadx.com js.hsforms.net static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com static.olark.com; font-src 'self' fonts.gstatic.com static.olark.com 1
frame-ancestors 'self' *.efilli.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.adimo.co; script-src 'self' 'nonce-g0xSKYavcIb27yqdmyxaQRzvYlY=' *.google-analytics.com *.googleapis.com acsbapp.com www.googletagmanager.com connect.facebook.net assets.pinterest.com *.youtube.com *.pinimg.com *.adimo.co; img-src 'self' data: www.googletagmanager.com www.google-analytics.com www.google.com maps.gstatic.com *.googleapis.com *.ggpht.com www.facebook.com *.pinterest.com *.pinimg.com *.adimo.co *.wp.com *.acsbapp.com; media-src 'self' cdn.sandersonfarms.com; frame-src 'self' *.youtube.com *.facebook.com *.pinterest.com *.adimo.co; connect-src 'self' www.google-analytics.com analytics.google.com stats.g.doubleclick.net ct.pinterest.com cdn.acsbapp.com acsbapp.com 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.adimo.co *.wordpress.com; font-src 'self' data: *.gstatic.com acsbapp.com 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.berlei.com.au; 1
frame-ancestors 'self' bidprime.com *.bidprime.com; 1
frame-ancestors https://v3.squads.so https://hub.sentre.io/ https://788652e9.snowflake-safe.pages.dev/ https://safe.snowflake.so/ 1
default-src 'self' *.golfvantage.com *.letsgo.golf *.azurewebsites.net *.windows.net *.supremegolf.com *.amazonaws.com *.google.com bid.g.doubleclick.net www.facebook.com app.trustlock.co *.spreedly.com *.barstoolgolftime.com; script-src * 'unsafe-inline'; connect-src *; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com https://customer.cludo.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://m.youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com customer.cludo.com fonts.googleapis.com privacyportal-cdn.onetrust.com;object-src 'none';frame-src 'self' *.media-server.com *.mktoweb.com *.youtube.com solutions.vwdservices.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.cludo.com *.mktoweb.com *.ytimg.com *.youtube.com *.core.windows.net *.globenewswire.com cdn.cookielaw.org fonts.gstatic.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com privacyportal-cdn.onetrust.com customer.cludo.com;connect-src 'self' *.mktoweb.com *.cludo.com *.onetrust.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self'; 1
default-src 'self';script-src 'self' 'nonce-qOUWiNYZJAPKOBH+2SHWqHQ4++sGMurVQTbUNmQcf1g=' ajax.cloudflare.com cdnjs.cloudflare.com www.google.com www.gstatic.com secure.wufoo.com static.wufoo.com cc.cdn.civiccomputing.com maps.googleapis.com player.vimeo.com *.googletagmanager.com googletagmanager.com www.google-analytics.com tools.eurolandir.com 3xscreen.videosync.fi s3.amazonaws.com laingorourke.us1.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'none';connect-src 'self' maps.googleapis.com our.umbraco.com *.google-analytics.com google-analytics.com apikeys.civiccomputing.com clapi.civiccomputing.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com region1.google-analytics.com region1.analytics.google.com printreleaf.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.wufoo.com www.google.com printreleaf.com marketplace.umbraco.com youtube.com www.youtube.com player.vimeo.com forms.zohopublic.eu tools.eurolandir.com my.matterport.com;img-src 'self' data: *.googleusercontent.com i.vimeocdn.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google.co www.google.co.uk i.ytimg.com www.google-analytics.com accounts.google.co.uk;frame-ancestors 'self';upgrade-insecure-requests ;block-all-mixed-content 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tenforward.social; img-src 'self' https: data: blob: https://tenforward.social; style-src 'self' https://tenforward.social 'nonce-ri9Cs0D8XMbST2SQjC3JRw=='; media-src 'self' https: data: https://tenforward.social; frame-src 'self' https:; manifest-src 'self' https://tenforward.social; form-action 'self'; child-src 'self' blob: https://tenforward.social; worker-src 'self' blob: https://tenforward.social; connect-src 'self' data: blob: https://tenforward.social https://cdn.tenforward.social wss://tenforward.social; script-src 'self' https://tenforward.social 'wasm-unsafe-eval' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' steun.greenpeace.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vis.social; img-src 'self' https: data: blob: https://vis.social; style-src 'self' https://vis.social 'nonce-dJKw/O358KS9vrySgVXeog=='; media-src 'self' https: data: https://vis.social; frame-src 'self' https:; manifest-src 'self' https://vis.social; form-action 'self'; child-src 'self' blob: https://vis.social; worker-src 'self' blob: https://vis.social; connect-src 'self' data: blob: https://vis.social https://cdn.masto.host wss://vis.social; script-src 'self' https://vis.social 'wasm-unsafe-eval' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.gonzo-movies.com/csp-reports; report-to csp-endpoint 1
report-to 'self' ; child-src 'self' blob: ; connect-src 'self' *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' blob: ;  upgrade-insecure-requests; 1
default-src 'self' *.vimeo.com *.doubleclick.net https://burgess.theatro360.com *.digitalimages.gr https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com;  script-src *.jsdelivr.net qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.googleapis.com *.livechatinc.com *.quantcount.com *.quantserve.com *.doubleclick.net *.teads.tv www.googletagmanager.com r1.dotdigital-pages.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net view.ceros.com *.wirewax.com tour.theatro360.com https://download-video.akamaized.net/;  style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.dnky.co *.googleapis.com *.google.com *.typekit.net https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com *.stackadapt.com *.google.com;  img-src *.google.com doubleclick.net *.doubleclick.net *.teads.tv *.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster	www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net	www.google.az	www.google.bg www.google.ch	www.google.com.eg	www.google.com.mx www.google.com.ua	www.google.es	www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr 	www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net 	www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com;  connect-src *.hotjar.com commversion-public-functions.vercel.app *.teads.tv wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com 	wss://ws11.hotjar.com 	wss://ws3.hotjar.com 	wss://ws8.hotjar.com wss://ws9.hotjar.com 	www.google.com stats.addtoany.com wss://ws5.hotjar.com	www.google-analytics.com	wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com *.akamaized.net *.stackadapt.com *.google-analytics.com wss://*.hotjar.com *.analytics.google.com;  font-src 'self' *.typekit.net data: https://script.hotjar.com https://fonts.gstatic.com https://cdn.livechatinc.com;  worker-src 'self' blob:;  media-src 'self' https://vod-progressive.akamaized.net *.akamaized.net *.vimeocdn.com https://video-dev.github.io *.vimeo.com  blob:;  frame-src *.livechatinc.com player.adventr.io r1.dotdigital-pages.com dotdigital-pages.com https://kuula.co kuula.co digitalimages.gr www.digitalimages.gr docs.google.com theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.digitalimages.gr digitalimages.gr *.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com view.ceros.com *.wirewax.com *.theatro360.com;  child-src blob: ; script-src-elem  *.jsdelivr.net optimize.google.com qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.livechatinc.com *.googleapis.com r1.dotdigital-pages.com dotdigital-pages.com *.doubleclick.net www.googleadservices.com googleadservices.com rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: *.trackedweb.net view.ceros.com *.wirewax.com *.stackadapt.com *.google.com; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://slate-nichols-edu.cdn.technolutions.net  https://mx.technolutions.net https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://slate.nichols.edu https://25livepub.collegenet.com https://www.shoppingsheet.com https://www.google.com https://www.gstatic.com https://*.fontawesome.com https://googleads.g.doubleclick.net https://www.clickcease.com; style-src 'self' 'unsafe-inline' https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.shoppingsheet.com https://*.fontawesome.com; img-src 'self' data: https://nichols.instructuremedia.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://www.facebook.com https://25livepub.collegenet.com https://i.ytimg.com https://*.cdninstagram.com https://*.fbcdn.net https://*.wpmudev.org https://wpmudev.com https://*.vimeocdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://analytics.google.com https://www/facebook.com https://slate.nichols.edu https://slate-nichols-edu.cdn.technolutions.net https://mx.technolutions.net https://stats.g.doubleclick.net https://www.google-analytics.com https://25livepub.collegenet.com https://graph.facebook.com https://wpmudev.com https://*.yoast.com https://*.fontawesome.com; frame-src 'self' https://slate.nichols.edu https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://www.paycomonline.net https://player.vimeo.com https://vimeo.com/ https://www.google.com https://www.shoppingsheet.com https://*.fls.doubleclick.net https://*.doubleclick.net; frame-ancestors 'self'; media-src 'self'; 1
default-src 'self' *.s3dtvm.com.br fonts.googleapis.com *.google.com *.gstatic.com sentry.io; style-src 'self' 'unsafe-inline' *.s3dtvm.com.br *.google.com fonts.googleapis.com *.gstatic.com; connect-src 'self' 'unsafe-inline' *.s3dtvm.com.br fonts.googleapis.com *.google.com *.gstatic.com sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.s3dtvm.com.br fonts.googleapis.com *.google.com *.gstatic.com sentry.io 1
default-src 'self' https://crxcavator.io https://accounts.google.com; connect-src https://*.crxcavator.io https://crxcavator.io https://cognito-identity.us-east-2.amazonaws.com https://cognito-idp.us-east-2.amazonaws.com https://graph.facebook.com; style-src 'unsafe-inline' https://*.crxcavator.io https://crxcavator.io https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src https://www.google-analytics.com https://crxcavator.io https://*.crxcavator.io https://accounts.google.com https://accounts.youtube.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src https://fonts.gstatic.com https://crxcavator.io https://*.crxcavator.io https://cdn.jsdelivr.net data:; worker-src blob: 'self'; img-src data: 'self' https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.google-analytics.com https://accounts.google.com https://accounts.youtube.com https://addons.cdn.mozilla.net https://store-images.s-microsoft.com https://addons.mozilla.org; frame-src 'self' https://*.crxcavator.io https://*.duosecurity.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com; font-src 'self' https://use.fontawesome.com; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://vars.hotjar.com/; connect-src 'self' https://in.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-eval' www.youtube.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.js; connect-src 'self' *.ingest.sentry.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.be-salt.com *.ngrok.io; child-src 'self'; frame-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https:; 1
frame-ancestors 'self' https://*.toyota.ua https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88 https://toyota-test.crm4.dynamics.com https://toyota.crm4.dynamics.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.onetrust.com *.cookiepro.com https://firstflorida.locatorsearch.net https://analytics.google.com https://*.alpixtrack.com https://alpixtrack.com https://*.referlive.com/ https://recruitingbypaycor.com https://firstflorida.lkcsproof.com/ https://*.cloudflare.com https://*.formstack.com https://*.newtonsoftware.com https://vimeo.com https://*.polyfill.io https://integration.delivra.com/ https://*.hsforms.net/ https://forms.hsforms.com/ https://linkprotect.cudasvc.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://*.us.tvsquared.com/ https://www.googleadservices.com https://*.doubleclick.net https://*.locatorsearch.com https://*.firstflorida.org https://connect.facebook.net https://*.facebook.com https://app.termly.io https://www.googletagmanager.com https://netdna.bootstrapcdn.com https://*.twitter.com https://*.ytimg.com https://*.twimg.com https://*.typekit.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://clients.lk-cs.com https://lkcsunix.com https://maps.googleapis.com https://secure.adnxs.com https://maps.gstatic.com https://stats.g.doubleclick.net https://*.vimeo.com https://*.youtube.com; frame-ancestors 'self' https://my.firstflorida.org https://www.youtube.com https://vimeo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.santanderconsumer.no *.santander.no *.scbbf.local *.scb.nu *.redink.digital santandernorge.boost.ai adminpanel-santandernorge.boost.ai placehold.it *.facebook.com *.facebook.net *.google.com *.google.no *.google.dk *.google.se *.google.fi fonts.googleapis.com lh3.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com  *.giosg.com *.giosgusercontent.com giosg-chat-public-eu.s3.amazonaws.com *.hotjar.com *.doubleclick.net *.youtube.com data.brreg.no *.adnxs.com *.finncdn.no cdn.innocode.digital *.googleadservices.com *.googlesyndication.com *.mouseflow.com 1
default-src 'self';script-src 'self' 'nonce-Hfzgl+/z9BcEhX/0Mv7V6dQI' 'unsafe-eval' *.googletagmanager.com n1.m.tt ws.sharethis.com *.fouanalytics.com *.sharethis.com *.gtm.js bat.bing.com *.compactpowerrents.com compactpowerrents.com compactpower-admin.azurewebsites.net compactpower-live-staging.azurewebsites.net *.doubleclick.net *.googleadservices.com *.gstatic.com *.google.com *.googleapis.com maps.googleapis.com *.hubspot.com *.facebook.com *.facebook.net *.tiktok.com *.tiktok.net *.bing.com *.hotjar.com *.pinimg.com *.msecnd.net *.cloudfront.net *.typekit.net *.google-analytics.com compactpowerrents.brunnerstage.com 'sha256-1rQA/TnEli0HuRT6g+cQiFGMpmrWsIbDiQl9HeYFbUc=' 'sha256-2AWkXgEZaIgeXvzVUI5NmWPv2j5KBR72k/xBAcV3mx4=' 'sha256-2wKFmaISIva9TpzsE4iDrRLYk2HAh2R+vp+NEVdLyDY=' 'sha256-46k2D6uKlh6Axx6mB+IKfI5ctFB7OwLy5z1XmLFkL7E=' 'sha256-4gygOMnqMM60KrFZ7a/Hx5R6ndV9WNMUC6vanC9Orvk=' 'sha256-8bo83ChL0Ep5a3ZNE7W2RUGSB2uDNbXaokTX1OY5QxA=' 'sha256-9vj9r4bJezc/lchF3NwLTDFK1BR3RrLKd5kegimtuKM=' 'sha256-AdF7JwJAxlu8yoQVdPKa3xXGdWR/5k/1DL4G2zeAh1k=' 'sha256-dD4NrvdGoeIWkUG9LVaCnPFxXsaW1V86wkCCExWa6Hw=' 'sha256-DhHMKwgFMh2/ORYVLS253/h7Ieg9devakjhOQoCk4PU=' 'sha256-FhDBA+wXe0pcqNkEuOCY0upgKb+l1CfNfutauobroec=' 'sha256-fqZh1oAC7w1TsYPySYHzI4I9XmWWrTdvlw4ndgu3hwk=' 'sha256-FrITtPnXHYsXXk4/Ry2qI3RJqWWg/03lK5eORVFyPM4=' 'sha256-GdsL8ZnExev45ssAH8tXslPYc0yJCQJojbb9Vwciavw=' 'sha256-h3L6aPTtKXzAoKHDyN7TbdTJn5Y2CFJGM2c6giQDswo=' 'sha256-IC0NmLAS7amT4CgLZqaoQn8YTxDEq7CjH7nqUCQJzbo=' 'sha256-ilVebaSRazkbhqsaf9J4EqOMqaHnLol2yDtE/wlLO0w=' 'sha256-jUhGMnyowWE5Darj5kkACGExLPZtfI2yrE7rNAxmGRA=' 'sha256-KgaxTXLiN75X75g3e/ojPNXRCBiK9+T59yI0fSyTNfM=' 'sha256-kwxYJpi1aZPT3/fyM/WZ0qip4hNbny7fjOhLpSBYZEQ=' 'sha256-l1+5mrwWi4nojv97/DAxWBjW2UjP6O40b9a7L222OtY=' 'sha256-MLqAxz8TKPiJCYnOLbmkTKxIFYIvHXstzVl4UNXfs8c=' 'sha256-NeLjrAr62GhSAkSaNZ/d7qXAeGWg83Gik+3i8Jrr/9Q=' 'sha256-NKMhOtDv64MUwZvg30fABLETW5U/I4MJCSmzwDcGCN4=' 'sha256-NNnn9DWSX2QX6yWY+ZHRsBbiEd9fhx4M3lhqg/+Q+y8=' 'sha256-pTLl8V8sEXg2MHPjPXwl3ke986FxM0Luc4ubTm/2ryE=' 'sha256-q5QV6RgIyxgCzYrriPZNCO5XVIr++AeXwmi0K9/P6PY=' 'sha256-QdJ+fqYxuc4ODLIio3LMTyN5959K4311+lU/kdXavHw=' 'sha256-Qr4sNm5paZT26rX1Tb9KPjaWVfB7wggPzdkm5vt2npc=' 'sha256-QyJUboKI+HxDeratJ9sFKXDV8IWtIUVICS9q46FJu0Q=' 'sha256-RoDuotRklWaOVG715oxUKTdqZU53q55bbEqntrRYHwI=' 'sha256-S6rDsDrUs08PFpuDr+45RISei/BdKA49m5nDX0Aad7M=' 'sha256-SF+RbUv1MKclI29cnUCSYqIf7dMI2PpgKyjneBOh4Aw=' 'sha256-sK+FcHKIQN8GMZ7CDzvttMCpO3FLfNA4RSy2XhKTnL0=' 'sha256-U0VLtZI6fJISbFtXVvLD2MdVz7rWZOjIpm9cFeoTQ0Y=' 'sha256-VL12JvBx7QYt3/t1D8PWiIokHr0uZvQ1QOnUFIVWCOY=' 'sha256-vvoU/VW9yBBEQ7WL0YANhije1EErvFTcvtB2TGCQCtI=' 'sha256-vXrHG9KZSf/jx0itlP12mTMw5UAO1LYHiqiNnbTn6sQ=' 'sha256-wnWjkLtOqx1elVU4lMtbsCnhgndGRqkfj/7V4/doS5s=' 'sha256-x8gP4vTj6Txd1zi/eeF8XV6oWGFeQNTouSzKhfa0uFo=' 'sha256-xCodMvvWbe39bxmlPK5ntQjTUiiwAJjJa0015IueEVA=' 'sha256-yEXL0AKnt9NEuGthqMOTnZnF2tST1I3bSdVBL6idrdQ=' 'sha256-yQWaPL9BYwHKDmQmorMnRSP0ryJXNrRaRD1NzpN6fv4=' 'sha256-zNAz+R3qQu5FOEeEAufeujIE6r3RI8k2NS4XwbS5T10=' 'sha256-RgPp3vev1m2NCAsoEjSeeMG8421/suzcyCgRXa+0LvU=' 'sha256-GOSdYxEcMZp0fL8XRqCvM/jxyBAl0gomO6SK+pSfKcE=' 'sha256-J1uCbYkBbRY8Erp1Q2+/BLFPMimnS0czwmuf7yQqK6g=' 'sha256-V1JRzy/rk1TukCWP6vHw9H16um1Mj6ZlPAK5GQqy2KA=' 'sha256-QNZepBp2sFHapu/mZlZx9qzx2uVkSgN5NkyJhrAa8XM=' 'sha256-0m/kIClItTQjAs5euEEqgrhHcxiGOx63bJYIM8BEQtY=' 'sha256-wViL6C0+swHGJojTwCLRGBOZqIllhAJmwb9DiCdxi7o=' 'sha256-rz+9sgJJI5FgdKBLfi+Ux+gNPUuVLqB/C3S/PYu/Oxc=' 'sha256-d9yTpVEmL1oXnyI3sDXbgT5c+7T0kYx6MrEPejeXw3Q=' 'sha256-GVA/8asE84+jA+xPBR2gAQdCAuLaMHqOc1PVSgzZlxY=' 'sha256-Ig4hTiZcjbLYaVbmkUIPTCIDLXscJ7rjr/XBF8DAkKo=' 'sha256-XWDQnSU8uqRGXBU8hnzdtk7xTyQZH0IVZ2U/mO6bcY0=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-RgdsHj4vxjPajir1JsL6V8FPj1c2gBvXaUGqlF4LvXw=' 'sha256-SkDWAzmoTROjNth2P8ob555s0TnAOg2oRUMyFOfVvWQ=';style-src 'self' compactpowerrents.brunnerstage.com *.compactpowerrents.com compactpowerrents.com compactpower-live-staging.azurewebsites.net compactpower-admin.azurewebsites.net *.sharethis.com *.googleapis.com maps.googleapis.com *.bing.com fonts.googleapis.com *.hotjar.com 'sha256-/89VXeQIA5Q0hw3N12ouJtrW+Oez7cMNJfGkgxEln5o=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-Q9miDVY9EmQYHiYVqVW22B4ck3MVy1MYKucyPW6AqWk=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-EgNBKOia+YkwLJnqORGP1/kLf8CRKfIhJ6yuxB8AU5g=' 'sha256-Q2SnX/r62v6ZKRE0LDy4rr7h0Am5SvjmKmIcnvt5IDY=' 'sha256-VuqcW0soeqvhf6IvNQ/ON9W30r2/sWrVyPeylDtJTE4=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' 'sha256-+cHBYCm7m18szWvCsXBN2DpeVStBGKqKMcE6ABBlX+0=' 'sha256-7L3QqAwjd1IHbJQW1wPxS8OaFzG3IYHSAae/OEAYqyQ=' 'sha256-q2Ota8lM0IpspHPaQ/qA2XlXnzgnd+QA5S5Dcz673B0=' 'sha256-FAqAbxrEDDJCGvJ4Gl5mxeJDcstOgkZyI0DYnxBAqxc=' 'sha256-NxSiB0gow8t7fdIOIpuuHiQBsMUDJZ1DkSah4apBDxY=' 'sha256-jUhGMnyowWE5Darj5kkACGExLPZtfI2yrE7rNAxmGRA=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-kPvxGF+BhQSxr2aDCNXiJvveeq+LmfZqtH7AZx62UOk=' 'sha256-CYjFW1++spPanZLdwc+LdQaKc1XOjHZUoaI1Vc5T7VE=' 'sha256-wu3gJluHsPexcM0L2bTmsflJi5LPQF4LPQ/Cs+bwQDE=' 'sha256-v6W7drTuTxgEizxhUECDfDhV3qTHNsIZ/dXGoS2g2NU=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-hGfK5gahOBj6kuUTycpPC9xEvwIeSQUt+tdsTiscX6k=' 'sha256-ACHSEhmxKWLpd+d5Rd3UlTnV7wbG8unE0SwzWZS+ifE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-WZ567ntT3BKIFaeoTtOOEdkkOJR5UidQJ809ufOE0zk=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-Dd/cX5n6TYOEY3Ly2eGfV38NpXlV2a3so8BAL/odEGY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Ew+ac64tx/Fslcpkd+9dcL+TCbfjaI7sQvlMq2DO3IA=' 'sha256-KIlXIKFGZ/dBp86g+V9El5vjkiS2xYO7pAtmB5gtuL8=' 'sha256-Bi8T5IOX88VG7I808mL3YJ3TH9lPMQ35eK8wwVGeyB0=' 'sha256-yQWaPL9BYwHKDmQmorMnRSP0ryJXNrRaRD1NzpN6fv4=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-V1JRzy/rk1TukCWP6vHw9H16um1Mj6ZlPAK5GQqy2KA=' 'sha256-12CBregf9uH39U/2f2nTzo5qwGBc6Xz2i/qghyMg+AU=' 'sha256-QNZepBp2sFHapu/mZlZx9qzx2uVkSgN5NkyJhrAa8XM=' 'sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=' 'sha256-w7l1Afi0STbbri/625i3W2rPOsJA6YmqTuQJSKgj7zo=' 'sha256-TGlEi8oSNBlY3pBlAV+/ri4XUErUyilKVnmt+RQYLJI=' 'sha256-T6AAKdWxO6p6GZVyzGAJDSLhOoPuuoZ6LlqMX153CvM=' 'sha256-4y6R3c8q8xosatWMKmI9+VoG2vGMTENXcPd+Ieohev0=' 'sha256-iGOBlJOMrHBr5j/NTfNowR3/hCg3tRxoB6H+Jr2hpKU=' 'sha256-qBfwcC3tihIOpA6kZyzZDAUGqM4GtZ7w4IxdhqTqK+g=' 'sha256-ZqKyOPEo0RmXqhWwy131Ns62OMQh+DpdHufAXOVA00w=' 'sha256-6OpjuLvmuQBhO3uH72EVJw/fxgN2bG3GEuDN6479hlY=' 'sha256-Cennxi/OT9NGk/n3vAbxqSO+RplSkJ7/j6W0eeYE6Ak=' 'sha256-aTlA09MffLYtPieSY8rI8CKv7kSAhvUQ9uc+feqeJlM=' 'sha256-RgdsHj4vxjPajir1JsL6V8FPj1c2gBvXaUGqlF4LvXw=';img-src 'self' data: * *.hotjar.com;frame-src 'self' *.pinterest.com *.doubleclick.net *.google.com *.sharethis.com *.facebook.com compactpowerrents.brunnerstage.com compactpowerrents.com *.compactpowerrents.com;font-src 'self' * fonts.gstatic.com *.googleapis.com fonts.googleapis.com *.hotjar.com;connect-src 'self' https://pagead2.googlesyndication.com l.sharethis.com *.tiktok.com capi.brunnerworks.com https://bat.bing.com analytics.google.com *.googleapis.com connect.facebok.net *.facebook.com *.pinterest.com *.google.com *.doubleclick.net *.visualstudio.com *.google-analytics.com *.hotjar.io *.hotjar.com ws.hotjar.com wss://*.hotjar.com api.fouanalytics.com *.fouanalytics.com;form-action 'self' *.facebook.com 1
frame-ancestors https://vodopad.ru/ 1
frame-ancestors 'self' https://*.showheroes.com; 1
frame-ancestors  https://*.cellarpass.com/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.cindymovies.com/csp-reports; report-to csp-endpoint 1
default-src 'self' http: https: data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; base-uri 'self' *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; font-src 'self' data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; frame-ancestors 'self' *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; media-src 'self' data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; object-src 'self' blob: data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de; style-src 'self' 'unsafe-inline' http: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 *.agriwork-germany.de *.etracker.com *.etracker.de 1
script-src 'self' https://view.officeapps.live.com/ 'nonce-o1oAkWt2HH494Z8Fi9sbKQ==' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' 'unsafe-hashes' 'unsafe-eval' 'strict-dynamic'; img-src 'self' data:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com www.google-analytics.com www.youtube.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com maps.googleapis.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' http: fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src http: docusign.net; media-src mediastream: 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com *.cookielaw.org browser-update.org *.addthis.com *.moatads.com *.addthisedge.com *.cookiepro.com *.onetrust.com static.addtoany.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.cookiepro.com *.onetrust.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com *.youtube.com *.cookiepro.com *.onetrust.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://tourismireland.microsoftcrmportals.com *.youtube-nocookie.com *.candidatemanager.net *.youtube.com/ *.soundcloud.com 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.cookielaw.org *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com *.addthis.com *.cookiepro.com *.onetrust.com https://stats.addtoany.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://tourismireland.microsoftcrmportals.com *.frontify.com cloudinary.com *.cloudinary.com *.addthis.com https://r-graph-gallery.com/ https://www.candidatemanager.net https://static.addtoany.com/ *.powerappsportals.com 'self' web-chat.nativechat.com 1
default-src 'self' ; font-src 'self' data: https://www.ing.pl https://cdn.livechatinc.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.ing.pl *.googleapis.com; img-src 'self' data: https://www.google.com https://www.facebook.com https://www.google.pl https://cdn.livechatinc.com https://secure.livechatinc.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.doubleclick.net; frame-src 'self' https://ent.activeforms.com https://www.google.com https://api.livechatinc.com https://secure.livechatinc.com *.doubleclick.net *.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.ingbank.pl http://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://www.ing.pl https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.youtube-nocookie.com; object-src 'self' ; connect-src 'self' https://rs.fullstory.com https://adsearch.adkontekst.pl https://www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.doubleclick.net; frame-ancestors 'self' https://ent.activeforms.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.es/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; 1
default-src 'self' player.vimeo.com *.casinofreak.com *.youtube.com *.firebaseio.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com;font-src 'self' *.googleapis.com 'unsafe-inline' 'unsafe-eval' https://* data:;connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com *.firebaseio.com;img-src 'self' i.vimeocdn.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self' *.googleapis.com;base-uri 'self';form-action 'self' 1
frame-ancestors 'self' https://account.sourceaudio.com https://www.sourceaudio.com 1
frame-ancestors 'self' http://*.www.emucasino.com.com https://*.www.emucasino.com.com ; 1
frame-ancestors 'self' *.quickrewards.net 1
default-src: https:; frame-ancestors 'self' https://support.pcssoft.com https://testsupport.pcssoft.com 1
connect-src 'self' https://www.google-analytics.com https://s3-us-west-2.amazonaws.com;script-src 'self' https://www.trustedsite.com/ https://ajax.cloudflare.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ywxi.net https://platform.twitter.com https://optimize.google.com https://images.dmca.com https://connect.facebook.net https://cdn.iubenda.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdn.shopify.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';img-src 'self' https://maps.googleapis.com https://www.google.bs https://www.google.com https://w.chatlio.com https://stats.g.doubleclick.net data: https://cdn.ywxi.net https://syndication.twitter.com https://www.google-analytics.com images.dmca.com https://optimize.google.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://www.trustedsite.com/ https://platform.twitter.com https://staticxx.facebook.com https://web.facebook.com https://www.facebook.com https://www.youtube.com https://optimize.google.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-T+/vj3g8zU9CvkJU9InbpuixUIYK0RJqDdiN/svxJm6PdF00' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://*.estratraining.it 1
default-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.googlesyndication.com;child-src 'self';connect-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.akamaihd.net https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.imrworldwide.com https://*.optimizely.com https://*.wearehearken.eu https://cdn.privacy-mgmt.com https://cognito-identity.eu-west-1.amazonaws.com https://dataplane.rum.eu-west-1.amazonaws.com https://sts.eu-west-1.amazonaws.com https://ws.bbc-reporting-api.app;font-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com;frame-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.chartbeat.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.twitter.com https://bbc-maps.carto.com https://bbc.com https://cdn.privacy-mgmt.com https://chartbeat.com https://edigitalsurvey.com https://flo.uri.sh https://public.flourish.studio https://www.instagram.com https://www.riddle.com https://www.tiktok.com https://www.youtube-nocookie.com https://www.youtube.com;img-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: 'self' https://*.adsafeprotected.com https://*.cdninstagram.com https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.gstatic.com https://*.imrworldwide.com https://*.tiktokcdn.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://i.ytimg.com https://ping.chartbeat.net https://sb.scorecardresearch.com;script-src 'self' 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.adsafeprotected.com https://*.chartbeat.com https://*.effectivemeasure.net https://*.facebook.com https://*.g.doubleclick.net https://*.google.ae https://*.google.at https://*.google.az https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.tz https://*.google.co.ve https://*.google.com https://*.google.com.af https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.co https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.kh https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.pe https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.ro https://*.google.com.sa https://*.google.com.sg https://*.google.com.sv https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.hn https://*.google.ie https://*.google.iq https://*.google.it https://*.google.jo https://*.google.kz https://*.google.lk https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.so https://*.googlesyndication.com https://*.imrworldwide.com https://*.permutive.com https://*.twimg.com https://*.twitter.com https://*.wearehearken.eu https://*.webcontentassessor.com https://*.xx.fbcdn.net https://adservice.google.co.uk https://bbc.gscontxt.net https://cdn.ampproject.org https://cdn.privacy-mgmt.com https://connect.facebook.net https://lf16-tiktok-web.ttwstatic.com https://public.flourish.studio https://sb.scorecardresearch.com https://www.googletagservices.com https://www.instagram.com https://www.riddle.com https://www.tiktok.com;style-src 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://fonts.googleapis.com https://lf16-tiktok-web.ttwstatic.com;media-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com;worker-src blob: 'self' *.bbc.co.uk *.bbc.com;report-to worldsvc;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https:; connect-src 'self' http: https:; font-src 'self' data: http: https:; frame-src 'self' http: https:; img-src 'self' data: http: https:; manifest-src 'self' http: https:; media-src 'self' http: https:; object-src 'self' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'  1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ba5366450be4cf11c1774fa5d635e885'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://static.koin.works 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.co.uk/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.net/ https://code.jquery.com/ maps.googleapis.com ajax.googleapis.com www.google.com https://cdn.datatables.net https://code.jquery.com *.google-analytics.com apis.google.com connect.facebook.net go.pardot.com go.momentive.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://d10lpsik1i8c69.cloudfront.net https://fg8vvsvnieiv3ej16jby.litix.io https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://www.googletagmanager.com/gtm.js https://fast.wistia.com/assets/external/E-v1.js fast.wistia.com embed-fastly.wistia.com https://siteintercept.qualtrics.com https://gateway.zscalerthree.net stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js https://www.gstatic.com https://cdnjs.cloudflare.com/ https://zndhrozt3joojg1rd-singusera0e7106b.siteintercept.qualtrics.com https://pi.pardot.com https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://service.force.com https://mpm.my.salesforce.com https://d.la1-c2-ia4.salesforceliveagent.com https://static.lightning.force.com https://mpmlicensenolongerneeded.secure.force.com app.wistia.com mpm.my.salesforce-sites.com d.la1-c2-ia5.salesforceliveagent.com d.la1-core2.sfdc-lywfpd.salesforceliveagent.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com https://code.jquery.com/ https://cdn.datatables.net kendo.cdn.telerik.com www.google.com https://d10lpsik1i8c69.cloudfront.net https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net/cssapi/4f9f837d-7aff-4ca2-baad-329b614db55e.css https://fast.fonts.net/t/1.css https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css https://cdnjs.cloudflare.com/ https://gateway.zscalerthree.net https://maxcdn.bootstrapcdn.com/ use.fontawesome.com https://service.force.com https://mpmlicensenolongerneeded.secure.force.com https://mpm.my.salesforce.com mpm.my.salesforce-sites.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: fast.fonts.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com/ use.fontawesome.com fast.wistia.com; img-src 'self' www.momentive.com https://siteintercept.qualtrics.com/ https://co1.qualtrics.com/ https://code.jquery.com/ maps.gstatic.com maps.googleapis.com www.google.com www.google.co.in https://cdn.datatables.net *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com co1.qualtrics.com siteintercept.qualtrics.com https://www.googletagmanager.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com embedwistia-a.akamaihd.net embed-fastly.wistia.com fast.wistia.com i.ytimg.com https://track.hubspot.com gateway.zscalerthree.net https://d10lpsik1i8c69.cloudfront.net https://zpnve0y.media.bublupcdn.com embed-ssl.wistia.com; media-src 'self' data: blob: https://embed-fastly.wistia.com https://d10lpsik1i8c69.cloudfront.net https://embedwistia-a.akamaihd.net/ fast.wistia.com; form-action 'self' www.momentive.com https://survey.co1.qualtrics.com/ distillery.wistia.com https://go.momentive.com/l/711113/2019-10-29/29d2d; frame-src 'self' www.google.com https://fast.wistia.net/ www.youtube.com https://gateway.zscalerthree.net https://service.force.com https://mpm.my.salesforce.com; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com https://settings.luckyorange.net stats.g.doubleclick.net wss://in.visitors.live wss://visitors.live https://pubsub.googleapis.com https://zndhrozt3joojg1rd-singusera0e7106b.siteintercept.qualtrics.com *.mktoresp.com https://fg8vvsvnieiv3ej16jby.litix.io siteintercept.qualtrics.com distillery.wistia.com pipedream.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com embed-fastly.wistia.com https://mpmlicensenolongerneeded.secure.force.com fast.wistia.com embed-cloudfront.wistia.com; 1
default-src 'self' https://search.gov.sg https://*.wogaa.sg https://*.dcube.cloud/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.googletagmanager.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com cdn.jsdelivr.net *.pagespeed-mod.com www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg https://api.search.gov.sg https://www.search.gov.sg https://search.gov.sg *.doubleclick.net *.licdn.com https://*.wogaa.sg https://*.dcube.cloud https://walls.io/ https://pixel.mathtag.com/ https://*.adform.net/ https://cdn.evgnet.com/ https://public.tableau.com/ https://skillsfuturesingapore.us-7.evergage.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net *.fontawesome.com https://www.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdn.jsdelivr.net *.fontawesome.com data: https://*.wogaa.sg/fonts/ https://*.dcube.cloud https://www.searchsg.wogaa.sg; img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg https://assets.search.gov.sg adserver.adtech.de secure.adnxs.com *.doubleclick.net *.google.com *.google.com.sg https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://public.tableau.com/ https://px4.ads.linkedin.com/; media-src 'self' data: blob: www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg; frame-src 'self' *.cwp.sg *.cwp-stg.sg https://padlet.com/ https://*.walls.io/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com *.google.com *.onemap.gov.sg *.onemap.sg https://search.gov.sg https://www.search.gov.sg/ *.facebook.com *.twitter.com *.doubleclick.net https://pixel.mathtag.com/ https://public.tableau.com/; frame-ancestors 'self' https://search.gov.sg https://www.search.gov.sg/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.onemap.gov.sg *.onemap.sg https://search.gov.sg https://www.search.gov.sg/ *.facebook.com *.doubleclick.net; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.google.com *.fontawesome.com https://api.search.gov.sg https://assets.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://skillsfuturesingapore.us-7.evergage.com/ https://px.ads.linkedin.com/; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-mO5UDHsTJa' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;style-src 'self' 'unsafe-inline' https://*.stripe.com https://*.paypal.com;img-src 'self' s.w.org data: https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com;media-src 'self';frame-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;font-src 'self' data: https://*.stripe.com;connect-src 'self' https://*.geonames.org https://*.geonames.net https://*.paypal.com https://*.stripe.com;frame-ancestors 'self' 1
default-src 'self'; img-src * data:; frame-src 'self' *.doubleclick.net view.ceros.com my.visme.co *.youtube.com *.youtube-nocookie.com *.dynamics.com play.libsyn.com interactive-img.com; connect-src 'self' www.google-analytics.com analytics.google.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.dynamics.com cdn.cookielaw.org *.onetrust.com *.googlesyndication.com *.linkedin.com; upgrade-insecure-requests;  block-all-mixed-content; font-src 'self' cdnjs.cloudflare.com hello.myfonts.net fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com static.cloud.coveo.com www.googletagmanager.com us2.siteimprove.com mktdplp102cdn.azureedge.net s7.addthis.com www.google-analytics.com www.clickcease.com siteimproveanalytics.com 248604.tctm.co googleads.g.doubleclick.net *.bing.com snap.licdn.com m.addthis.com v1.addthisedge.com z.moatads.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com static.cloud.coveo.com hello.myfonts.net fonts.googleapis.com; media-src 'self' blgaccprdwebmedhot01.blob.core.windows.net 1
frame-src 'self'; frame-ancestors 'self' https://hq.thesoul.io https://apicurio-registry-ui.tsp.li/ https://thesoul.atlassian.net https://cer.tsp.li/ https://cass.tsp.li/ https://project-portfolio-app.tsp.li/ https://diffusion.tsp.li/ https://creator-management.tsp.li/ https://thesoul.io/; object-src 'none'; report-uri https://csp.tsp.la/report; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.mcfarlandclinic.com https://*.mgmc.org https://*.mychartiowa.com https://beta---online-checkin-ae65ecrdlq-uc.a.run.app/ https://demosched.mcfarlandclinic.com https://mcfarlandclinic.com https://mychartiowa.com https://prd-mychart01.hv.local https://prd-mychart02.hv.local;frame-src https://* 'self' epichttp:;script-src 'nonce-ed8b92f4009d467f85ff72a310d428e9' https://www.mychartiowa.com 'self';img-src https://* 'self' blob: data:;style-src https://www.mychartiowa.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
base-uri 'none'; script-src 'self' 'nonce-MTg0NjY4OTM2Niw0NzQzNzc1NjI=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'none'; report-uri https://o235122.ingest.sentry.io/api/5591463/security/?sentry_key=e6f32840c1644dc491c8ec93b132b6c3 1
default-src 'self' *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-inline' *.clarity.ms *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com px.ads.linkedin.com *.hotjar.io wss://*.hotjar.com ssl.gstatic.com *.google-analytics.com analytics.google.com *.googletagmanager.com js.hsforms.net forms.hscollectedforms.net forms.hsforms.com forms.hubspot.com api.hubapi.com stats.g.doubleclick.net js.hs-banner.com cdn.linkedin.oribi.io; font-src 'self' data: fonts.gstatic.com googleapis.com *.hotjar.com; frame-src 'self' www.youtube.com *.googletagmanager.com js.hsforms.net forms.hsforms.com; img-src 'self' blog.netlex.io *.clarity.ms px4.ads.linkedin.com exceptions.hs-embed-reporting.com 7986429.fs1.hubspotusercontent-na1.net *.hotjar.com google-analytics.com *.googletagmanager.com www.google.com www.google.com.br stats.g.doubleclick.net googleads.g.doubleclick.net px.ads.linkedin.com forms.hsforms.com track.hubspot.com forms-na1.hsforms.com *.ytimg.com; object-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.hotjar.com *.google-analytics.com *.googletagmanager.com snap.licdn.com cdn.linkedin.oribi.io *.vidyard.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com googleadservices.com *.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googleoptimize.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.hotjar.com; 1
script-src ziosuite.com *.ziosuite.com ziosuite.co.uk *.ziosuite.co.uk 'unsafe-inline' 'unsafe-eval' app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5418963889815552.storage.googleapis.com data.pendo.io www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net player.vimeo.com cdn.cookielaw.org onetrust.com *.onetrust.com onetrust.io *.onetrust.io; style-src ziosuite.com *.ziosuite.com ziosuite.co.uk *.ziosuite.co.uk 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5418963889815552.storage.googleapis.com cdn.cookielaw.org onetrust.com *.onetrust.com onetrust.io *.onetrust.io; img-src ziosuite.com *.ziosuite.com ziosuite.co.uk *.ziosuite.co.uk cdn.pendo.io app.pendo.io pendo-static-5418963889815552.storage.googleapis.com data.pendo.io www.googletagmanager.com www.google-analytics.com data: cdn.cookielaw.org onetrust.com *.onetrust.com onetrust.io *.onetrust.io; connect-src *.ziosuite.com *.ziosuite.co.uk app.pendo.io data.pendo.io pendo-static-5418963889815552.storage.googleapis.com www.googletagmanager.com www.google-analytics.com bam.nr-data.net bam-cell.nr-data.net cdn.cookielaw.org onetrust.com *.onetrust.com onetrust.io *.onetrust.io; frame-ancestors app.pendo.io; frame-src *.ziosuite.com *.ziosuite.co.uk app.pendo.io player.vimeo.com; child-src app.pendo.io; 1
default-src 'self' blob: https://*.akamaihd.net; img-src 'self' data: https://images.ctfassets.net/ https://*.azure.net https://americanspecialtyhealth.nanorep.co https://*.hubspot.com https://*.hsforms.com https://*.fod247.io https://*.amazonaws.com http://*.boldchat.com https://*.boldchat.com http://via.placeholder.com/ https://seal.websecurity.norton.com https://*.internal.ashfitness.net/ https://*.ashconnect.com http://*.gstatic.com http://*.googleapis.com https://app.validic.com https://*.typekit.net https://*.ashcompanies.com https://*.api.ashcompanies.com https://*.googleapis.com  https://csi.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://dev.api.healthyroads.com https://stg.api.healthyroads.com/ https://preprod.api.healthyroads.com https://api.healthyroads.com/ https://www.googletagmanager.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://cdn.fod247.com https://*.ooyala.com https://*.brightcove.com https://*.boltdns.net https://*.choosehealthy.com https://*.akamaihd.net https://*.googleadservices.com https://*.doubleclick.net https://assets.prod.validic.com; media-src 'self' blob: https://*.silverandfit.com/ http://*.boldchat.com https://*.boldchat.com https://*.internal.ashfitness.net https://dev.api.healthyroads.com  https://preprod.api.healthyroads.com  https://api.healthyroads.com/ https://stg.api.healthyroads.com/ https://*.api.ashcompanies.com https://*.ooyala.com https://*.akamaized.net https://*.choosehealthy.com https://*.boltdns.net https://*.akamaihd.net https://*.azure.net https://*.ptrx.org https://*.amazonaws.com; frame-src 'self' data: application/pdf 'unsafe-inline' https://*.api.ashcompanies.com https://vimeo.com/ http://*.boldchat.com https://*.boldchat.com https://www.youtube.com/  https://www.facebook.com/ https://connect.facebook.net/ https://*.vimeo.com https://api.recurly.com/ https://*.networksearch.api.ashcompanies.com https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.choosehealthy.com https://youtu.be/ https://*.usw2.pure.cloud; font-src 'self' 'unsafe-inline' data: http://*.boldchat.com https://*.boldchat.com https://*.api.ashcompanies.com/ https://*.ashconnect.com http://*.gstatic.com https://*.typekit.net https://*.ui.api.ashcompanies.com https://fonts.gstatic.com http://fonts.gstatic.com https://*.ooyala.com https://*.choosehealthy.com; connect-src 'self' blob: wss://*.bold360.com https://*.applicationinsights.azure.com https://www.google-analytics.com https://ak-use.akamaized.net/ https://metrics-api.librato.com http://americanspecialtyhealth.nanorep.co https://visitor-services.nanorep.com http://*.boldchat.com https://*.boldchat.com https://*.silverandfit.com https://silverandfit.com http://dc.services.visualstudio.com/v2/track https://dc.services.visualstudio.com/v2/track https://api.healthyroads.com/ https://*.api.healthyroads.com https://*.ashconnect.com https://*.exerciserewards.com https://*.typekit.net/ https://*.api.ashcompanies.com https://api.recurly.com https://connect.facebook.net https://dc.services.visualstudio.com/ https://*.choosehealthynext.com https://*.ooyala.com https://*.bitmovin.com https://*.brightcove.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.akamaihd.net https://*.choosehealthy.com https://*.azure.net https://*.ashcompanies.com https://*.azurefd.net https://*.azure-api.net https://*.hubspot.com https://*.ashcompanies.com https://*.googleapis.com https://*.facebook.com https://syncmydevice.com https://www.google.com https://googleads.g.doubleclick.net https://*.amazonaws.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud; worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ssqt.io https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://www.googleoptimize.com http://americanspecialtyhealth.nanorep.co http://*.boldchat.com https://*.boldchat.com https://seal.verisign.com/ https://*.typekit.net http://noembed.com/ https://noembed.com/ https://api.healthyroads.com https://*.ui.api.ashcompanies.com/ https://*.api.ashcompanies.com https://*.api.healthyroads.com https://*.exerciserewards.com http://tagmanager.google.com https://tagmanager.google.com http://*.googleapis.com https://js.recurly.com/v4/recurly.js  https://www.googletagmanager.com http://www.google-analytics.com/ https://www.google-analytics.com/ https://analytics.clickdimensions.com https://az416426.vo.msecnd.net/ https://connect.facebook.net/ http://analytics.clickdimensions.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.brightcove.net https://*.gstatic.com https://*.choosehealthy.com https://*.ashcompanies.com https://*.googleadservices.com https://*.hsadspixel.net https://js.monitor.azure.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://googleads.g.doubleclick.net https://apps.usw2.pure.cloud; style-src 'self' http://*.boldchat.com https://*.boldchat.com https://js.recurly.com/ http://tagmanager.google.com https://tagmanager.google.com https://*.googleapis.com http://*.googleapis.com https://api.healthyroads.com/ https://*.api.ashcompanies.com/ https://*.api.healthyroads.com https://*.choosehealthynext.com 'unsafe-inline' https://optimize.google.com https://seal.websecurity.norton.com http://optimize.google.com https://*.ooyala.com https://*.googletagmanager.com https://*.typekit.net; child-src 'self' 'unsafe-inline' blob: data:; frame-ancestors 'self' https://vimeo.com/ https://*.choosehealthy.com; object-src 'self' data: application/pdf  blob: filesystem:; 1
default-src 'self'; script-src 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://mc.yandex.ru 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com https://code.ionicframework.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com 'self'; connect-src https://mc.yandex.ru 'self'; img-src https://www.google-analytics.com https://mc.yandex.ru 'self' blob: data: 1
default-src 'self' https://*.pocketpills.com https://pocketpills.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pocketpills.com https://cdn.mxpnl.com https://api.mixpanel.com https://accounts.google.com https://www.googletagmanager.com https://www.google-analytics.com https://birdeye.com https://www.clarity.ms www.youtube.com/ https://*.googleapis.com https://bing.com https://*.bing.com https://api-js.mixpanel.com https://sentry.io https://www.googleadservices.com https://gatewayt.moneris.com https://gateway.moneris.com;script-src-attr 'self' 'unsafe-inline' https://*.pocketpills.com;style-src 'self' https://*.pocketpills.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://gatewayt.moneris.com https://gateway.moneris.com;img-src 'self' blob: data: https://*.pocketpills.com https://www.facebook.com https://api.mixpanel.com https://www.google-analytics.com https://static.legitscript.com https://graph.facebook.com https://*.clarity.ms/ https://www.google.com https://www.google.co.in https://www.google.ca https://*.amazonaws.com https://www.googletagmanager.com https://ytimg.com https://*.ytimg.com https://bing.com https://*.bing.com;font-src 'self' https://*.pocketpills.com data: https://fonts.gstatic.com;media-src 'self' https://*.pocketpills.com https://graph.facebook.com;child-src 'self' https://*.pocketpills.com https://www.googletagmanager.com https://accounts.google.com https://birdeye.com/ https://www.youtube.com https://esqa.moneris.com https://www3.moneris.com https://gatewayt.moneris.com https://gateway.moneris.com;connect-src 'self' https://*.pocketpills.com https://sentry.io https://www.google-analytics.com https://api-js.mixpanel.com https://graph.facebook.com https://*.clarity.ms/ https://www.youtube.com https://stats.g.doubleclick.net/ https://*.googleapis.com https://accounts.google.com https://bing.com https://*.bing.com https://www.googleadservices.com https://analytics.google.com https://watermarking-object-lambda-access-point-655063138667.s3-object-lambda.ap-south-1.amazonaws.com https://prod-watermarking-object-lambda-access-point-655063138667.s3-object-lambda.ca-central-1.amazonaws.com https://stgpocketpillsimages.s3.ap-south-1.amazonaws.com https://prodpocketpillsimages.s3.ca-central-1.amazonaws.com;upgrade-insecure-requests;frame-ancestors self https://care.pocketpills.com https://care1.pocketpills.com;base-uri 'self';form-action 'self';object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://yiff.life 'wasm-unsafe-eval'; font-src 'self' https://yiff.life; img-src 'self' data: blob: https://yiff.life https://cdn.yiff.life; style-src 'self' https://yiff.life 'nonce-aksvdIadPfDDMcb8/RiREw=='; media-src 'self' data: https://yiff.life https://cdn.yiff.life; frame-src 'self' https:; child-src 'self' blob: https://yiff.life; worker-src 'self' blob: https://yiff.life; connect-src 'self' blob: data: wss://yiff.life https://yiff.life https://cdn.yiff.life; manifest-src 'self' https://yiff.life; form-action 'self' 1
connect-src 'self' analytics.trackofthewolf.com; default-src 'self'; img-src data: 'self' cdn.trackofthewolf.com www.adobe.com/images/shared/download_buttons/get_adobe_reader.png data: analytics.trackofthewolf.com; script-src 'self' cdn.trackofthewolf.com 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com analytics.trackofthewolf.com; style-src 'self' cdn.trackofthewolf.com 'unsafe-inline'; upgrade-insecure-requests; 1
img-src 'self' data: blob: api.media.atlassian.com secure.gravatar.com hcrstorage.s3.ca-central-1.amazonaws.com hcr-filestorage-public.s3.ca-central-1.amazonaws.com d1yykh3c16sa22.cloudfront.net d2d5hr84rpeu09.cloudfront.net spordle-frontend-assets.s3.ca-central-1.amazonaws.com spordle-frontend-myaccount-public.s3.ca-central-1.amazonaws.com spordle.atlassian.net maps.gstatic.com sp.tinymce.com cdn.dribbble.com www.google-analytics.com soccer-canada-filestorage-private.s3.ca-central-1.amazonaws.com soccer-canada-filestorage-public.s3.ca-central-1.amazonaws.com d1gu3ywbrgjg6b.cloudfront.net baseball-canada-filestorage-private.s3.ca-central-1.amazonaws.com baseball-canada-filestorage-public.s3.ca-central-1.amazonaws.com d1omh11ncsvj0s.cloudfront.net dragonboat-canada-filestorage-private.s3.ca-central-1.amazonaws.com dragonboat-canada-filestorage-public.s3.ca-central-1.amazonaws.com d2093fqxd1k34u.cloudfront.net dev-filestorage-private.s3.ca-central-1.amazonaws.com c2-canada-filestorage-public.s3.ca-central-1.amazonaws.com c2-canada-filestorage-private.s3.ca-central-1.amazonaws.com d18jgflhfl6pmn.cloudfront.net spordle-frontend-myaccount-private.s3.ca-central-1.amazonaws.com page.spordle.com myaccount.spordle.com account.int.spordle.dev via.placeholder.com vercel.live assets.vercel.com vercel.com solve-widget.forethought.ai account.spordle.com spordle-filestorage-public.s3.ca-central-1.amazonaws.com hisports-profiles.s3-ca-central-1.amazonaws.com hisports-profiles-staging.s3-ca-central-1.amazonaws.com hisports-logos.s3-ca-central-1.amazonaws.com hisports-logos-staging.s3-ca-central-1.amazonaws.com files.hisports.app files-staging.hisports.app images.unsplash.com account-next.int.spordle.dev account-next.stage.spordle.dev dev-filestorage-public.s3.ca-central-1.amazonaws.com d1qdz25y1hjlku.cloudfront.net dnse0hr2o5uek.cloudfront.net hcr-filestorage-private.s3.ca-central-1.amazonaws.com cdn.hockeycanada.ca www.googletagmanager.com app.eventnroll.com volleyball-canada-filestorage-public.s3.ca-central-1.amazonaws.com volleyball-canada-filestorage-private.s3.ca-central-1.amazonaws.com registration-filestorage-public.s3.ca-central-1.amazonaws.com registration-filestorage-private.s3.ca-central-1.amazonaws.com cbha-filestorage-public.s3.ca-central-1.amazonaws.com cbha-filestorage-private.s3.ca-central-1.amazonaws.com d1rw2meq2ucsoz.cloudfront.net d2dhqxn2saszsv.cloudfront.net d2yaud1z2lrq1w.cloudfront.net *; font-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net/npm/@mdi/font@3.9.97/fonts/ cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/webfonts/; frame-src 'self' *.google.com www.youtube.com www.youtube-nocookie.com publicationsports.dev *.publicationsports.dev publicationsports.com *.publicationsports.com paysafe.com *.paysafe.com vercel.live solve-widget.forethought.ai *; media-src 'self' blob:; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com https://cdn.jsdelivr.net/npm/@mdi/font@3.9.97/css/materialdesignicons.min.css https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css https://storage.googleapis.com/fuel_modules/; script-src 'self' 'unsafe-inline' blob: www.googletagmanager.com www.google-analytics.com cdn.tiny.cloud *.googleapis.com polyfill.io cdnjs.cloudflare.com sentry.io *.sentry.io cdn.vercel-insights.com vercel.live tagmanager.smartadserver.com ced.sascdn.com api.account.spordle.dev api.myaccount.spordle.dev api.myaccount.spordle.com *.paysafe.com solve-widget.forethought.ai *; connect-src 'self' blob: spordle.dev *.spordle.dev spordle.com *.spordle.com sentry.io *.sentry.io paysafe.com *.paysafe.com vitals.vercel-insights.com polyfill.io *.googleapis.com www.google-analytics.com www.googletagmanager.com hcrstorage.s3.ca-central-1.amazonaws.com hcr-filestorage-public.s3.ca-central-1.amazonaws.com dev-filestorage-public.s3.ca-central-1.amazonaws.com hcr-filestorage-private.s3.ca-central-1.amazonaws.com dev-filestorage-private.s3.ca-central-1.amazonaws.com spordle-frontend-myaccount-public.s3.ca-central-1.amazonaws.com d1yykh3c16sa22.cloudfront.net d2d5hr84rpeu09.cloudfront.net fonts.googleapis.com fonts.gstatic.com soccer-canada-filestorage-private.s3.ca-central-1.amazonaws.com soccer-canada-filestorage-public.s3.ca-central-1.amazonaws.com d1gu3ywbrgjg6b.cloudfront.net baseball-canada-filestorage-private.s3.ca-central-1.amazonaws.com baseball-canada-filestorage-public.s3.ca-central-1.amazonaws.com d1omh11ncsvj0s.cloudfront.net dragonboat-canada-filestorage-private.s3.ca-central-1.amazonaws.com dragonboat-canada-filestorage-public.s3.ca-central-1.amazonaws.com d2093fqxd1k34u.cloudfront.net c2-canada-filestorage-public.s3.ca-central-1.amazonaws.com c2-canada-filestorage-private.s3.ca-central-1.amazonaws.com d18jgflhfl6pmn.cloudfront.net hisports.app *.hisports.app spordle-frontend-myaccount-private.s3.ca-central-1.amazonaws.com hisports-profiles.s3-ca-central-1.amazonaws.com hisports-profiles-staging.s3-ca-central-1.amazonaws.com hisports-logos.s3-ca-central-1.amazonaws.com hisports-logos-staging.s3-ca-central-1.amazonaws.com files.hisports.app files-staging.hisports.app cdn.tiny.cloud https://cdn.jsdelivr.net/npm/@mdi/font@3.9.97/css/materialdesignicons.min.css https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css vercel.live cdn.jsdelivr.net/gh/prebid/ tagmanager.smartadserver.com ced.sascdn.com via.placeholder.com images.unsplash.com jsonplaceholder.typicode.com spordle-filestorage-public.s3.ca-central-1.amazonaws.com my-account-git-int-spordle.vercel.app my-account-git-stage-spordle.vercel.app myaccount.spordle.com account-next.int.spordle.dev account-next.stage.spordle.dev app.eventnroll.com d2yaud1z2lrq1w.cloudfront.net d2dhqxn2saszsv.cloudfront.net d1rw2meq2ucsoz.cloudfront.net volleyball-canada-filestorage-private.s3.ca-central-1.amazonaws.com volleyball-canada-filestorage-public.s3.ca-central-1.amazonaws.com cbha-filestorage-private.s3.ca-central-1.amazonaws.com cbha-filestorage-public.s3.ca-central-1.amazonaws.com registration-filestorage-private.s3.ca-central-1.amazonaws.com registration-filestorage-public.s3.ca-central-1.amazonaws.com *; default-src 'self' spordle.dev *.spordle.dev spordle.com *.spordle.com 1
frame-ancestors 'self' https://*.toyota.cz https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' *.ford-koegler.de *.ddev.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ford-koegler.de *.ddev.site *.youtube.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.igodigital.com *.tvsquared.com *.facebook.net *.vercel-insights.com sleeknotecustomerscripts.sleeknote.com *.doubleclick.net *.googleoptimize.com *.google.com *.gstatic.com *.leadinfo.net *.vercel-scripts.com; style-src 'self' 'unsafe-inline' *.ford-koegler.de *.ddev.site; font-src 'self' *.ford-koegler.de *.ddev.site; img-src 'self' 'unsafe-eval' data: *; media-src 'self' *.ford-koegler.de *.ddev.site *.youtube.com *.googlevideo.com d1rinvh86ghtl4.cloudfront.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.ford-koegler.de *.ddev.site *.youtube.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.igodigital.com *.tvsquared.com *.facebook.net *.vercel-insights.com *.youtube.com *.googlevideo.com d1rinvh86ghtl4.cloudfront.net d1o0h11u4diybn.cloudfront.net *.usercentrics.eu *.igodigital.com data:; frame-src *.facebook.com *.youtube-nocookie.com *.google.com; 1
default-src 'self'; connect-src 'self' *.facebook.com *.linkedin.oribi.io  stats.g.doubleclick.net  *.bc0a.com maps.googleapis.com *.analytics.google.com analytics.google.com google-analytics.com *.google-analytics.com; font-src 'self' * data:; script-src 'self' readymag.com cdn.b0e8.com 'unsafe-inline' *.vimeo.com *.youtube.com  *.apcoworldwide.com www.gstatic.com *.doubleclick.net  *.google.com *.google-analytics.com snap.licdn.com *.ads-twitter.com facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.bc0a.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net s7.addthis.com cdn.polyfill.io *.disqus.com *.privacymanager.io  twitter.com *.twitter.com; style-src * 'unsafe-inline'; img-src * 'self' data:; frame-src *.vimeo.com *.youtube.com www.google.com *.facebook.com disqus.com *.apcoworldwide.com *.google.com *.readymag.com *.slideshare.net 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * mailto: tel:; 1
frame-ancestors 'self' localhost *.telekurier.at *.callisto.telekurier.at *.k-listo.at k-listo.at; 1
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.js-eu1.usemessages.com *.js-eu1.hubspot.com *.clarity.ms *.hsadspixel.net js-eu1.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net s.go-mpulse.net *.snapchat.com *.adnxs.com *.adroll.com *.ads-twitter.com *.akamaihd.net *.appier.net *.bizographics.com *.disqus.com *.disquscdn.com *.doubleclick.net *.facebook.com *.fbcdn.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.instagram.com *.linkedin.com *.mathtag.com *.openx.net *.optimizely.com *.qualaroo.com *.salesforceliveagent.com *.scupio.com *.semasio.net *.sharethis.com *.socdm.com *.streamamg.com *.twimg.com *.twitter.com *.vimeocdn.com *.webtrends.com *.yahoo.com *.youtube-nocookie.com *.ytimg.com aa.agkn.com analytics.tiktok.com apps-cdn.britishcouncil.org b92.yahoo.co.jp bam.nr-data.net bat.bing.com bigsea.frontend.weborama.fr bookeo.com britishcouncil-email.createsend.com britishcouncil.github.io britishcouncil.wufoo.com cdn.cookielaw.org cdn.polyfill.io code.jquery.com connect.facebook.net cookies.onetrust.com cs.gssprt.jp cx.atdmt.com d17m68fovwmgxj.cloudfront.net dev.visualwebsiteoptimizer.com disqus.com dx.bigsea.weborama.com embed.scribblelive.com idsync.rlcdn.com js-agent.newrelic.com js.content-hci.com js.createsend1.com loadus.exelator.com match.adsrvr.org ml314.com mtestaus.hotcoursesabroad.com mtestbc.hotcoursesabroad.com olc.live.solas.britishcouncil.digital optanon.core.blob pixel.rubiconproject.com vimeo.com ps.eyeota.net public.tableau.com s.yimg.com s3.amazonaws.com sc-static.net sjs.bizographics.com snap.licdn.com ssp.adskom.com stags.bluekai.com statse.webtrendslive.com sui.britishcouncil.org sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com sync.crwdcntrl.net tags.clickintext.net tapestry.tapad.com ucarecdn.com vimeo.com vk.com www-2903b.bookeo.com www.google.de www.google.es www.googletagmanager.com www.youtube.com x.bidswitch.net www.redditstatic.com/ads/pixel.js js.adsrvr.org/up_loader.1.1.0.js js-eu1.hsforms.net/forms/embed/v2.js cdnapisec.kaltura.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mtcaptcha.com https://www.gstatic.com https://www.googletagmanager.com https://rec.smartlook.com https://snap.licdn.com https://*.criteo.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://*.facebook.net https://img.metaffiliation.com https://*.taboola.com https://*.yimg.com https://*.btg360.com.br https://*.hotjar.com https://*.dynatrace.com https://bat.bing.com https://*.zscalertwo.net https://*.clarity.ms https://*.googleoptimize.com https://*.rtgpix.com https://*.fulllab.com.br https://*.rd.afftrack.pro https://*.rtb123.com https://d3u0jcwe5p7qrc.cloudfront.net https://d2rp1k1dldbai6.cloudfront.net https://cybba-bucket.s3.amazonaws.com https://*.cybba.solutions https://*.cybba.us https://*.googleapis.com https://c.amazon-adsystem.com https://*.adnxs.com https://*.stackadapt.com https://*.adsrvr.org https://*.facebook.net https://*.linximpulse.net https://*.linkedin.com https://*.dataunion.com.br https://*.huggy.chat https://*.shoptarget.com.br https://*.shopback.net https://*.maze.co https://*.hsadspixel.net https://*.hs-analytics.net https://*.hubapi.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://play.hubspotvideo.com https://cdn2.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com; frame-src https://*.mtcaptcha.com https://*.google.com https://*.criteo.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.youtube.com https://igoal.go2cloud.org https://pln.brtrk2.com https://*.hotjar.com https://*.dynatrace.com https://*.zscalertwo.net https://www.facebook.com/ https://*.googleoptimize.com https://*.adsrvr.org https://*.cybbaview.com https://*.rtb123.com https://*.linximpulse.net https://*.linkedin.com https://*.dataunion.com.br https://*.huggy.chat https://*.shoptarget.com.br https://*.shopback.net https://*.btg360.com.br https://*.maze.co https://*.hsadspixel.net https://*.hs-analytics.net https://*.hubapi.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://play.hubspotvideo.com https://cdn2.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://api.kitbuilder.co.uk https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.ellesse.com https://www.ellesse.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
default-src 'none'; media-src 'self'; frame-src 'self' https://*.autopay.io https://stonly.com https://*.stonly.com https://player.vimeo.com; script-src 'self' cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0='; connect-src 'self' *.autopay.io *.googleapis.com *.google-analytics.com sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com *.stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://*.autopay.io/ *.tile.osm.org www.google-analytics.com https://*.vimeocdn.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self' 1
style-src 'self' blob: https: 'unsafe-inline' https://www.suryadental.com.br/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.tolvnow.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.sunset.systems *.hotjar.com *.criteo.com *.tolvnow.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.uc.r.appspot.com *.google.com.br *.facebook.net *.facebook.com *.rdstation.com.br *.trustvox.com.br *.smarthint.co *.criteo.net *.solucx.com.br  *.btg360.com.br *.voxus.com.br; 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com  https:; script-src 'self' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.adyen.com 'unsafe-inline' https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com *.smooch.io wss:  https:; frame-ancestors 'self' dmp.truoptik.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://connect.facebook.net/en_US/fbevents.js https://static.cloudflareinsights.com https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: htts://accounts.google.com https://*.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.facebook.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://*.coinmarketcap.com/static/img/coins/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' wss://btc-alpha.com https://report.btc-alpha.com https://sentry.btc-alpha.io https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; frame-src 'self' blob: https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://report.btc-alpha.com/api/8/security/?sentry_key=2f92208cf42e4137940a2db21eeb63be 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.champion.com.au; 1
frame-ancestors 'self' https://*.mica.rent 1
base-uri 'none';  default-src 'self'   https://*.gstatic.com https://rahbal.com https://bornsecret.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;      child-src 'self' https://www.aparat.com   https://rahbalcom.landin.ir/ https://*.gstatic.com https://*.pegah.tech https://*.mediaad.org https://ua.yektanet.com https://rahbal.com https://bornsecret.com https://*.raychat.io    https://www.google.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;   connect-src 'self'   https://*.gstatic.com https://*.pegah.tech https://*.mediaad.org https://ua.yektanet.com https://api.sanjagh.com    https://audience.yektanet.com https://stats.g.doubleclick.net https://www.google-analytics.com https://se3.raychat.io wss://*.raychat.io;    font-src 'self'   https://rahbal.com https://bornsecret.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.i https://trustseal.enamad.ir    https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;   form-action 'self'   https://*.shaparak.ir https://rahbal.com https://bornsecret.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;    img-src 'self'   https://acdn.fl2.org https://www.google.com https://cdn.grschannel.com http://cdn.fastreserve.net https://*.fastreserve.net http://*.fastreserve.net https://*.grschannel.com    https://www.google-analytics.com https://cp.rahbal.com https://HotelImage.Partocrs.com https://rahbal.com https://bornsecret.com https://*.raychat.io   data:   https://rahbal.ir https://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;   media-src 'self'   https://rahbal.com https://bornsecret.com https://*.raychat.io    https://www.google.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir;    object-src 'none';  script-src 'self'   https://*.najva.com/ https://cdn.landin.ir https://cdn.yektanet.com https://cdn.sanjagh.com https://s1.mediaad.org    https://*.googleapis.com https://www.google-analytics.com   https://www.googletagmanager.com https://unpkg.com https://rahbal.com https://bornsecret.com https://*.raychat.io https://www.google.com https://rahbal.ir https://*.rahbal.ir http://rahbal.ir http://*.rahbal.ir https://*.jsdelivr.net https://*.faranegar.com https://rahbal.ir https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir     'unsafe-inline' 'unsafe-eval';  style-src 'self' https://*.najva.com/ https://v1.fontapi.ir/ https://cdn.jsdelivr.net https://unpkg.com https://rahbal.com    https://bornsecret.com http://rahbal.ir http://*.rahbal.ir https://rahbal.ir https://*.rahbal.ir   https://*.faranegar.com https://rahbal.ir  https://trustseal.enamad.ir https://*.samandehi.ir https://*.gstatic.com https://*.fontcdn.ir https://*.raychat.io   'unsafe-inline' ; 1
default-src 'self' blob: *.eotica.com.br *.eotica.net *.cloudflare.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.akamaihd.net luxdeepblue.github.io *.luxottica.com *.virtooal.com *.g.doubleclick.net *.google-analytics.com *.creativecdn.com *.criteo.com *.criteo.net *.voxus.com.br api.octadesk.services hits-banner-cloud-function.azurewebsites.net *.konduto.com *.getblue.io *.voxus.tv *.zenaps.com *.google.com *.ipify.org *.loggly.com *.adyen.com *.youtube.com *.sciencebehindecommerce.com *.surveymonkey.com *.facebook.com *.facebook.net *.reclameaqui.com.br onesignal.com *.omtrdc.net *.cloudfront.net *.etagdigital.com.br *.amazonaws.com; img-src 'self' blob: *.eotica.com.br *.eotica.net *.omtrdc.net *.cloudflare.com *.akamaihd.net *.amazonaws.com *.postrelease.com *.tapad.com ad.tpmn.co.kr *.mediawallahscript.com *.agkn.com *.rlcdn.com *.stickyadstv.com *.narrative.io *.placeholder.com *.google-analytics.com *.doubleclick.net *.google.com.br *.cloudfunctions.net smartbmc.com.br t.co *.twitter.com *.bing.com *.google.com *.facebook.com *.facebook.net e1.emxdgt.com ws.rqtrk.eu match.adsrvr.org 1f2e7.v.fwmrm.net px.ads.linkedin.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.yieldlab.net *.socdm.com *.omnitagjs.com *.criteo.com *.ivitrack.com *.liadm.com *.revcontent.com *.ad.smaato.net *.tremorhub.com *.clmbtech.com *.ads.yieldmo.com *.facebook.com *.bing.com redirect.allin.com.br tags.bluekai.com dpm.demdex.net *.ebitempresa.com.br *.adyen.com *.ebit.com.br *.awin1.com *.googletagmanager.com *.e-lens.com.br *.zenaps.com *.criteo.net *.onesignal.com *.virtooal.com data: ; style-src 'unsafe-inline' *.eotica.com.br *.eotica.net *.cloudflare.com *.googleapis.com onesignal.com *.akamaihd.net *.adyen.com *.virtooal.com smartbmc.com.br t.co *.twitter.com *.bing.com *.google.com *.facebook.com *.ebit.com.br *.amazonaws.com; script-src 'unsafe-eval' *.eotica.com.br *.eotica.net *.cloudflare.com *.hotjar.com *.akamaihd.net *.googletagmanager.com *.jsdelivr.net *.virtooal.com *.github.io *.luxottica.com *.adyen.com *.ebit.com.br *.google-analytics.com nxtck.com *.googleadservices.com *.ads-twitter.com *.dwin1.com *.mouseflow.com *.bing.com *.google.com *.criteo.net *.k-analytix.com *.voxus.com.br *.app-us1.com *.facebook.net proxydata.com.br *.onesignal.com *.getblue.io *.g.doubleclick.net *.criteo.com *.voxus.com.br onesignal.com trackcmp.net; font-src 'self' *.googleapis.com *.gstatic.com *.virtooal.com *.cloudflare.com *.zenaps.com; script-src-elem  'unsafe-inline' *.eotica.com.br *.eotica.net *.etagdigital.com.br api.etagdigital.com.br *.cloudflare.com *.hotjar.com *.akamaihd.net *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.virtooal.com *.github.io *.luxottica.com *.adyen.com *.ebit.com.br *.google-analytics.com nxtck.com *.googleadservices.com *.ads-twitter.com *.dwin1.com *.mouseflow.com *.bing.com *.google.com *.criteo.net *.k-analytix.com *.voxus.com.br *.app-us1.com *.facebook.net proxydata.com.br *.onesignal.com *.getblue.io *.g.doubleclick.net *.criteo.com *.voxus.com.br onesignal.com *.cloudfront.net *.sciencebehindecommerce.com *.zenaps.com *.googlesyndication.com *.surveymonkey.com *.amazonaws.com trackcmp.net 1
object-src '*'; base-uri 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://audientstaging.wpengine.com https://*.analytics.google.com https://maps.googleapis.com https://*.googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://docs.google.com https://analytics.google.com https://region1.analytics.google.com https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://hits-i.iubenda.com/ https://www.iubenda.com  https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://ajax.googleapis.com https://p.typekit.net https://r1.trackedweb.net/ https://facebook.com https://www.facebook.com https://cdnjs.cloudflare.com https://use.typekit.net https://consent.cookiebot.com https://www.google-analytics.com/ https://code.jquery.com https://static.trackedweb.net https://www.googletagmanager.com https://www.googletagmanager.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://connect.facebook.net https://fonts.gstatic.com https://evo.audio/ https://evositestaging.wpengine.com https://www.youtube.com; img-src 'self' data:  'unsafe-inline' https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://ade.googlesyndication.com https://googlesyndication.com https://analytics.google.com https://www.google.com https://www.google.co.uk/ https://www.facebook.com https://www.googletagmanager.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://connect.facebook.net https://fonts.gstatic.com https://www.google-analytics.com https://evo.audio https://evositestaging.wpengine.com; object-src 'self' 'unsafe-inline' https://www.youtube.com https://maps.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://fonts.gstatic.com https://docs.google.com/ https://gstatic.com https://evo.audio https://evositestaging.wpengine.com; 1
frame-ancestors 'self'; base-uri 'self'; object-src 'self'; script-src https: http: 'unsafe-inline' 'unsafe-eval' 1
style-src  *.edentiti.com *.optimizely.com cloud.typography.com smetrics.mastercard.com fonts.googleapis.com ajax.aspnetcdn.com hello.myfonts.net fast.fonts.net use.typekit.net 'unsafe-inline' 'self'; script-src *.cookielaw.org *.demdex.net smetrics.mastercard.com *.edentiti.com ipac.ctnsnet.com *.optimizely.com *.auspost.com.au *.omtrdc.net *.demdex.net *.effectivemeasure.net assets.adobedtm.com d3b3ehuo35wzeh.cloudfront.net *.fullstory.com www.google.com www.gstatic.com www.googleadservices.com connect.facebook.net app.rejoiner.com pixel.mathtag.com *.taboola.com benchtag.co www.googletagmanager.com *.rfihub.net *.serving-sys.com s3.amazonaws.com tinymce.cachefly.net ajax.googleapis.com www.google-analytics.com ajax.aspnetcdn.com use.typekit.net  api-mastercard-mpms.nd.nudatasecurity.com ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src * 'self'; img-src *.mastercard.com *.mastercard.us *.cookielaw.org *.optimizely.com s.effectivemeasure.net *.auspost.com.au *.facebook.com load.s3.amazonaws.com *.openx.net *.bluekai.com *.adnxs.com *.exelator.com smetrics.mastercard.com *.casalemedia.com *.pubmatic.com *.360yield.com *.btrll.com *.twitter.com *.mathtag.com *.taboola.com *.g.doubleclick.net app.rejoiner.com www.google.com www.google.com.au www.googleadservices.com www.gravatar.com www.google-analytics.com p.typekit.net  ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' data:; font-src  fonts.gstatic.com use.typekit.net 'unsafe-inline' data: * 'self'; default-src *.cookielaw.org  smetrics.mastercard.com *.onetrust.com *.demdex.net *.optimizely.com 'self' data:; media-src * ndapi-us-east-1.ndsprod.nudatasecurity.com 'self' data:; 1
default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; report-uri https://hogskulenpaavestlandet.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ https://noname-drink.appspot.com/stats; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/; img-src 'self' data: https://*.tile.openstreetmap.org http://*.tile.openstreetmap.de; frame-src 'self' https://pizza.noname-ev.de 1
default-src https: 'self'; style-src https: 'nonce-st1'; img-src https: data:; 1
default-src https://www.zgf.com; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' data: https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; font-src 'self'; frame-src https://player.vimeo.com http://player.vimeo.com https://www.youtube.com https://consentcdn.cookiebot.com/ 1
default-src 'self'; child-src 'self' www.youtube-nocookie.com w.soundcloud.com *.vimeocdn.com player.vimeo.com vimeo.com;  connect-src 'self'; font-src 'self' data:; img-src 'self' www.zorgkaartnederland.nl data: blob: 6005217.global.siteimproveanalytics.io;  media-src 'self'; object-src 'none'; script-src 'self' 'nonce-c31eb73a-cd2c-46af-beb9-6e57f85034a1' www.zorgkaartnederland.nl siteimproveanalytics.com; style-src 'self' 'nonce-c31eb73a-cd2c-46af-beb9-6e57f85034a1' www.zorgkaartnederland.nl data:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self';  report-uri /csp-report; upgrade-insecure-requests; 1
default-src 'self' www.recaptcha.net maps.google.com www.google.com wav-digital-6.saas.amadeus.com book.aircalin.com static.addtoany.com *.destygo.com *.mindsay.com *.laiye.com wss://*.mindsay.com wss://*.laiye.com fonts.googleapis.com fonts.gstatic.com player.vimeo.com www.booking.com www.youtube-nocookie.com fo-syd.ttinteractive.com; connect-src 'self' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com bom.destygo.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com fonts.googleapis.com wss://widget-socket.mindsay.com *.lottiefiles.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://wsp17.hotjar.com stats.addtoany.com region1.google-analytics.com wss://ws.hotjar.com analytics.google.com region1.analytics.google.com pixel.quantcount.com ct.pinterest.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com data:; frame-src *; img-src 'self' www.google.com www.google.com.ua adservice.google.com adservice.google.com.ua pixel.sojern.com tracking.monsido.com cm.g.doubleclick.net cdn.jsdelivr.net ib.adnxs.com match.adsrvr.org ad.doubleclick.net images.mindsay.com data: ssl.gstatic.com www.gstatic.com static.hotjar.com script.hotjar.com fcmatch.google.com www.google.fr fcmatch.youtube.com www.facebook.com www.googletagmanager.com www.google-analytics.com pixel.quantserve.com ct.pinterest.com c1.adform.net; script-src 'self' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com  cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com unpkg.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com s.pinimg.com secure.quantserve.com rules.quantcount.com  cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com unpkg.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self'; frame-ancestors 'self' *.elektrilevi.ee; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' *.mypurecloud.de *.nr-data.net *.newrelic.com *.euc1.pure.cloud www.googleapis.com cat.elektrilevi.ee static.cloudflareinsights.com *.interactions.giosgusercontent.com consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com googletagmanager.com m.youtube.com service.giosg.com tagmanager.google.com use.typekit.net www.youtube.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net/npm/import-map-overrides@2.2.0/dist/import-map-overrides.js; style-src 'self' 'unsafe-inline' s3.amazonaws.com *.typekit.net service.giosg.com unpkg.com tagmanager.google.com www.googletagmanager.com; object-src *.mypurecloud.de *.euc1.pure.cloud; frame-src 'self' *.mypurecloud.de apps.mypurecloud.de/genesys-bootstrap/genesys.min.js wss://webmessaging.mypurecloud.de/ *.clients.giosgusercontent.com *.youtube.com sso.elektrilevi.ee vabadvoimsused.elektrilevi.ee consentcdn.cookiebot.com dev.visualwebsiteoptimizer.com rikkekaart.elektrilevi.ee www.google.com www.youtube-nocookie.com www.googletagmanager.com; child-src 'self' *.mypurecloud.de *.euc1.pure.cloud www.youtube.com www.googletagmanager.com; img-src 'self' data: imgsct.cookiebot.com *.mypurecloud.de *.euc1.pure.cloud cat.elektrilevi.ee *.typekit.net *.ytimg.com *.youtube.com cdn.giosgusercontent.com unpkg.com dev.visualwebsiteoptimizer.com giosg-chat-public-eu.s3.amazonaws.com kaart.maaamet.ee res.cloudinary.com www.googletagmanager.com; font-src 'self' data: res.cloudinary.com use.typekit.net; connect-src 'self' *.google.com stats.g.doubleclick.net *.mypurecloud.de *.nr-data.net shyrka-prod-euc1.s3.eu-central-1.amazonaws.com *.newrelic.com *.euc1.pure.cloud wss://*.mypurecloud.de wss://*.euc1.pure.cloud cat.elektrilevi.ee sso.elektrilevi.ee *.typekit.net *.giosg.com consentcdn.cookiebot.com dev.visualwebsiteoptimizer.com res.cloudinary.com www.googletagmanager.com; media-src 'self' *.mypurecloud.de *.euc1.pure.cloud res.cloudinary.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ https://drive.google.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ https://drive.google.com/; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com/ 'self' http://iitjammu.ac.in https://www.iitjammu.ac.in https://www.facebook.com https://drive.google.com/ http://www.youtube.com/ https://beta.iitjammu.ac.in; connect-src alpha.iitjammu.ac.in 10.10.10.100 http://10.10.10.100 iitjammu.ac.in http://iitjammu.ac.in https://iitjammu.ac.in https://www.iitjammu.ac.in https://beta.iitjammu.ac.in; img-src http://cdn.ckeditor.com https://www.hitwebcounter.com/ http://www.hitwebcounter.com/ http://iitjammu.ac.in https://iitjammu.ac.in https://www.iitjammu.ac.in https://hitwebcounter.com/counter/counter.php?page=7840813&style=0006&nbdigits=6&type=ip&initCount=898 https://drive.google.com/ https://beta.iitjammu.ac.in 1
default-src 'self';frame-ancestors 'self' http://m-website.com https://m-website.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com *.googlesyndication.com www.google.com www.google.hu translate.googleapis.com;script-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com www.google.com www.google.hu www.gstatic.com translate.googleapis.com;img-src 'self' * data: android-webview-video-poster:;media-src 'self' * data:;frame-src 'self' * 1
default-src 'self'; script-src 'self' https://js.stripe.com/v3 https://accounts.google.com/gsi/client https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://client.crisp.chat https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://client.crisp.chat https://accounts.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://accounts.google.com https://api-js.mixpanel.com https://o4504691895369728.ingest.sentry.io https://sb.blackink.ai https://www.google-analytics.com wss://client.relay.crisp.chat https://client.crisp.chat wss://sb.blackink.ai https://prfhgijk30.execute-api.us-east-2.amazonaws.com; font-src 'self' https://client.crisp.chat; frame-src 'self' https://js.stripe.com https://accounts.google.com; img-src 'self' blob: data: https://sb.blackink.ai https://uploads.divjoy.com https://www.googletagmanager.com https://image.crisp.chat; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-gszbPStYj2s6A6-5HwYvmw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https: http: data: blob: https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https: http: wss: ws: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://*.googletagmanager.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1cae8ab8f1e61333f9c88f48caabe53a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self';script-src 'self' 'nonce-I0de7+8uaHkDhnx5kYwcvmFj' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.twitter.com *.ytimg.com *.jquery.com *.bootstrapcdn.com *.timexpo.net;object-src 'self';style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.google.com *.gstatic.com *.peki.io;img-src 'self' data: *.google.com *.googleapis.com *.googletagmanager.com *.google.com.tr *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com peki.io *.peki.io *.timexpo.net;media-src 'self' *.googleapis.com;frame-src 'self' *.tim.org.tr:* *.timexpo.net *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com peki.io *.peki.io *.qualtrics.com *.twitter.com;font-src 'self' data: *.gstatic.com *.bootstrapcdn.com;connect-src 'self' localhost:5001 localhost:* *.timexpo.net *.performans.com *.google-analytics.com *.doubleclick.net *.peki.io *.tim.rest;base-uri 'self';frame-ancestors 'self' * 1
default-src *.gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com website-search.ent.us-east-1.aws.found.io browser-update.org *.googletagmanager.com snap.licdn.com js.adsrvr.org *.doubleclick.net px.ads.linkedin.com  ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com website-search.ent.us-east-1.aws.found.io browser-update.org *.googletagmanager.com snap.licdn.com js.adsrvr.org *.doubleclick.net px.ads.linkedin.com  ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; img-src api.mapbox.com data: *.prnewswire.com prnewswire2-a.akamaihd.net *.globenewswire.com *.businesswire.com www.google.com *.linkedin.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; frame-src *.google.com youtube.com youtube-nocookie.com vimeo.com insight.adsrvr.org td.doubleclick.net ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; object-src *.gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; 1
frame-ancestors 'self' https://printio.ru/ http://webvisor.com ; 1
frame-ancestors 'self' overwolf-extension://ddocbmmcpcflbfjjgfilkpeejmlchakpkfnkmkca 1
default-src *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' https://www.berlin-partner.de/ https://piwik.shc.eu/ https://platform.twitter.com/ https://consent.comply-app.com/;worker-src blob: *; style-src  'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data: 1
report-uri https://polkpa.report-uri.com/r/d/csp/enforce; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser-update.org serverapi.polkpa.org www.gstatic.com www.google.com ajax.googleapis.com seal.digicert.com exresources.polkpa.org; style-src 'self' 'unsafe-inline' www.polkpa.org serverapi.polkpa.org www.gstatic.com ajax.googleapis.com exresources.polkpa.org; img-src 'self' data: serverapi.polkpa.org seal.digicert.com exresources.polkpa.org; font-src 'self' data: serverapi.polkpa.org fonts.gstatic.com; connect-src 'self' exresources.polkpa.org serverapi.polkpa.org gissrvr https://api.pwnedpasswords.com/range/; media-src 'none'; object-src 'self'; child-src 'none'; frame-src www.youtube.com www.google.com; worker-src blob:; frame-ancestors 'none'; form-action 'self' exresources.polkpa.org translate.google.com 1
frame-ancestors 'self' https://*.veryfi.com https://veryfi.com 1
frame-ancestors https://freight.lightning.force.com https://tableau-sandbox.uberinternal.com https://wok.uberinternal.com; 1
default-src 'none';frame-src 'self' https://live.lifesizecloud.com https://www2.sogei.it https://www.youtube.com;connect-src 'self';style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self';script-src https://aaws-aanalytics.sogei.it  https://cdn.jsdelivr.net 'self' 'unsafe-eval' 'unsafe-inline';img-src https://aaws-aanalytics.sogei.it https://cdn.jsdelivr.net 'self' data: ;script-src-elem  https://aaws-aanalytics.sogei.it  https://cdn.jsdelivr.net 'self' 'unsafe-inline';object-src 'self' https://www2.sogei.it; 1
default-src 'self' https: data: ;        script-src 'self' https://www.layahealthcare.ie https://*.lo.cobrowse.liveperson.net https://lpcdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lptag.liveperson.net https://lo.v.liveperson.net https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.googlesyndication.com https://www.google.com https://www.google.ie https://*.clickdimensions.com https://twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://ad.doubleclick.net https://i.ctnsnet.com https://www.gstatic.com https://*.quantserve.com https://*.quantcount.com https://*.hotjar.com https://*.hotjar.io https://dhqbrvplips7x.cloudfront.net https://apps.mypurecloud.ie https://snap.licdn.com https://www.youtube.com https://*.speedcurve.com https://src.laya.webpu.sh 'unsafe-eval';        style-src 'self' https: data: 'unsafe-inline';        frame-ancestors 'self';        form-action 'self';        object-src 'self';        connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads4.g.doubleclick.net https://www.google.com https://www.google.ie https://www.googleadservices.com https://adservice.google.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.mypurecloud.ie https://api.mypurecloud.ie https://*.cxindex.cloud https://sdk.laya.xtremepush.com;        upgrade-insecure-requests; block-all-mixed-content;        report-uri https://www.layahealthcare.ie/api/csp/report/csp-report.json; 1
frame-ancestors 'self' *.vembu.com *.connexxanetworks.com 1
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' data: yandex.ru *.yandex.ru 1
frame-ancestors 'self' https://api.scrivito.com https://punchoutcommerce.com https://www.trox.de https://trox-extern.com https://psp40.onventis.com https://psp22.onventis.com https://trox4u.troxgroup.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d2bvjr1tusdgm6.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://www.visitorjs.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://www.google.com https://d2bvjr1tusdgm6.cloudfront.net https://cdn.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net https://e.delivery.consentmanager.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; font-src 'self' https://d2bvjr1tusdgm6.cloudfront.net; manifest-src 'self'; connect-src 'self' https://dt-es-proxy.dt-srv.de https://solr.diesel-technic.dt-srv.de https://www.google-analytics.com https://stats.g.doubleclick.net https://d2bvjr1tusdgm6.cloudfront.net https://cdn.consentmanager.net https://a.delivery.consentmanager.net https://b.delivery.consentmanager.net https://c.delivery.consentmanager.net https://d.delivery.consentmanager.net https://e.delivery.consentmanager.net 1
default-src 'self'; connect-src 'self' https://cdn-eu.readspeaker.com https://app-eu.readspeaker.com https://vttts-eu.readspeaker.com https://in.hotjar.com https://sentry.ciz.nl/api/4/store/ https://sentry.ciz.nl/api/4/envelope/; font-src 'self' data:; frame-src 'self' https://www.recaptcha.net https://www.google.com https://www.youtube.com https://app-eu.readspeaker.com; img-src 'self' data: https://piwik.ciz.nl https://i.ytimg.com; object-src 'none'; script-src 'self' https://piwik.ciz.nl https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://cdn-eu.readspeaker.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com; report-uri https://sentry.ciz.nl/api/4/security/?sentry_key=cce08756585846fb8797d96cc025354d 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net broschuerenservice.mkw.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net broschuerenservice.mkw.nrw;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de broschuerenservice.mkw.nrw;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de broschuerenservice.mkw.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
frame-ancestors https://omgshop.gl https://omgomg.cat https://omgomg.click 1
style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.google.com fonts.googleapis.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.usemessages.com connect.facebook.net; frame-ancestors 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.greenpeace.org.au https://greenpeace.org.au 1
default-src 'self' localhost:3000 cm-stg.formdev.io callminer.com px.ads.linkedin.com js.chilipiper.com epsilon-globalaccelerator.6sense.com chilipiper.com cdn.jsdelivr.net adservice.google.com consent-reporting.trustarc.com consent-pref.trustarc.com consent.trustarc.com px.ads.linkedin.com region1.google-analytics.com callminer.chilipiper.com api.chilipiper.com cdn-app.pathfactory.com https://analytics.google.com/ pagead2.googlesyndication.com tracking.crazyegg.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com pages.callminer.com 347-xfv-966.mktoutil.com tracking.chilipiper.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io embed-cloudfront.wistia.com pipedream.wistia.com fast.wistia.com distillery.wistia.com pipedream.wistia.com callminer-requests.my.onetrust.com ws.zoominfo.com people.api.boomtrain.com search-api.swiftype.com cdn.linkedin.oribi.io 347-xfv-966.mktoresp.com abrtp1.marketo.com events.api.boomtrain.com geolocation.onetrust.com stats.g.doubleclick.net s.swiftypecdn.com c.6sc.co script.crazyegg.com epsilon.6sense.com ipv6.6sc.co ib.adnxs.com www.google-analytics.com js.driftt.com secure.adnxs.com cdn.cookielaw.org;script-src 'self' 'strict-dynamic' 'nonce-L/7/7x4MH0zlejU2+zARNQ==' localhost:3000 cm-stg.formdev.io callminer.com consent.trustarc.com chilipiper.com js.chilipiper.com js.chilipiper.com/marketing.js pages.callminer.com cdn.jsdelivr.net callminer.chilipiper.com cdn-app.pathfactory.com pagead2.googlesyndication.com apply.workable.com www.workable.com www.googleadservices.com 347-xfv-966.mktoutil.com fast.wistia.net fast.wistia.com js.chilipiper.com pages.callminer.com tracking.g2crowd.com snap.licdn.com munchkin.marketo.net abrtp1-cdn.marketo.com js.driftt.com c1.rfihub.net cdn.boomtrain.com secure.adnxs.com rtp-static.marketo.com abrtp1.marketo.com live.rezync.com ws.zoominfo.com swiftypecdn.com swiftypecdn.com s.swiftypecdn.com cdn.cookielaw.org fast.wistia.net bat.bing.com www.google-analytics.com j.6sc.co cdn.cookielaw.org/s googleads.g.doubleclick.net p.cdn.lookbookhq.com www.googletagmanager.com ajax.googleapis.com app.cdn.lookbookhq.com script.crazyegg.com cdn.jsdelivr.net cdn.jsdelivr.net s3-us-west-2.amazonaws.com cdnjs.cloudflare.com script.crazyegg.com;script-src-attr 'self' 'unsafe-inline';img-src 'self' localhost:3000 js.chilipiper.com googleads.g.doubleclick.net consent.trustarc.com consent.truste.com consent-pref.trustarc.com cdn.jsdelivr.net 347-xfv-966.mktoutil.com www.google.co.uk swiftype-ss.imgix.net i6.liadm.com live.rezync.com bat.bing.com js.chilipiper.com blob: data: embed-ssl.wistia.com fast.wistia.com fast.wistia.net downloads.ctfassets.net cdn.cookielaw.org b.6sc.co www.google.com live.rezync.com cc.swiftype.com b.6sc.co www.google-analytics.com i.liadm.com px.ads.linkedin.com www.googletagmanager.com www.linkedin.com cm-stg.formdev.io callminer.com images.ctfassets.net data:;style-src 'self' 'unsafe-inline' localhost:3000 cm-stg.formdev.io callminer.com pages.callminer.com cdn-app.pathfactory.com cdn-app.pathfactory.com/libraries/overlay/overlay.css fonts.googleapis.com fast.wistia.com rtp-static.marketo.com s.swiftypecdn.com stackpath.bootstrapcdn.com app.cdn.lookbookhq.com hello.myfonts.net data:;media-src 'self' blob: data: localhost:3000 cm-stg.formdev.io callminer.com fast.wistia.com embed-cloudfront.wistia.com js.driftt.com embed-ssl.wistia.com 347-xfv-966.mktoutil.com;child-src 'self' js.driftt.com 20843973p.rfihub.com td.doubleclick.net pages.callminer.com 20843974p.rfihub.com callminer.chilipiper.com callminer.com callminer.com/a1ab713b-076e-4a1b-9f24-ed6a2af0d33d cdn-app.pathfactory.com;worker-src 'self' localhost:3000 blob: data: cm-stg.formdev.io callminer.com callminer.com/a1ab713b-076e-4a1b-9f24-ed6a2af0d33d;object-src 'self' localhost:3000 blob: data: cm-stg.formdev.io callminer.com script.crazyegg.com;frame-src 'self' td.doubleclick.net js.driftt.com pages.callminer.com callminer.chilipiper.com consent-pref.trustarc.com;form-action 'none';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';upgrade-insecure-requests 1
frame-ancestors 'self' creativespirits.info 1
frame-ancestors 'self'; default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' https://www.kayak.com  https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk; 1
script-src 'self' www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' data: http: https: *.instagram.com; connect-src 'self' data: http: https: *.getclicky.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-ancestors 'self' 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.stripe.com https://static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; img-src https://i.creativecommons.org https://licensebuttons.net 'self' data: https://legacy.suttacentral.net https://suttacentral.net; connect-src 'self' https://api.stripe.com https://js.stripe.com https://cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://raw.githubusercontent.com/suttacentral/editions/main/last_run_date https://*.algolia.net https://*.algolianet.com https://*.algolia.io; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self'; frame-src about: https://www.google.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; media-src 'self' https://ia601508.us.archive.org; 1
upgrade-insecure-requests; report-uri https://rswebsols.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' https://stats.joomla.de 'unsafe-inline' https://maps.googleapis.com https://www.googleapis.com https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://stats.joomla.de; frame-src 'self' https://stats.joomla.de https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://stats.joomla.de https://www.joomla.org https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://img.youtube.com https://www.joomladay.de/ https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://jandbeyond.org; frame-ancestors 'self'; report-uri /plugins/system/httpheader/csp-reporter.php?source=joomla.de 1
default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data: 1
frame-ancestors 'none';  default-src 'self'   http://*.skyvia.com:*   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://static.zohocdn.com   https://disqus.com   https://*.disquscdn.com;  child-src 'self' 'unsafe-inline' 'unsafe-eval'   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://www.youtube.com   https://px.ads.linkedin.com   https://www.facebook.com   https://www.facebook.com   https://salesiq.zohopublic.eu   https://*.hotjar.com   https://www.clarity.ms   https://forms.zohopublic.eu   https://disqus.com;  object-src 'none';  img-src 'self' data:   https://blog.skyvia.com   https://www.google.com   https://www.google.com.ua   https://www.google.es   https://www.google-analytics.com   https://*.lfeeder.com   https://www.facebook.com   https://px.ads.linkedin.com   https://css.zohocdn.com   https://salesiq.zohopublic.eu   https://p.adsymptotic.com   https://*.disqus.com   https://*.disquscdn.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://www.google-analytics.com   https://www.googletagmanager.com   https://www.googleadservices.com   https://*.disqus.com   https://googleads.g.doubleclick.net   https://code.jquery.com   https://cdnjs.cloudflare.com   https://salesiq.zoho.eu   https://js.zohostatic.eu   https://js.zohocdn.com   https://stackpath.bootstrapcdn.com   https://snap.licdn.com   https://connect.facebook.net   https://d3js.org   https://cdn.jsdelivr.net   https://*.hotjar.com   https://www.clarity.ms   https://*.lfeeder.com   https://www.google.com   https://www.gstatic.com;     connect-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *;  style-src 'self' 'unsafe-inline'   https://css.zohostatic.eu   https://css.zohocdn.com;  font-src 'self'    http://*.skyvia.com:*   https://www.google-analytics.com   https://www.google.com   https://www.google.com.ua   https://css.zohocdn.com   https://fonts.gstatic.com; 1
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com 'self' 'unsafe-eval' 'nonce-648b9edb471b4731a701fcadc85aed01'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://help.bimtrack.co data: https://bt03storage.blob.core.windows.net/; 1
default-src 'self' ; script-src 'self' 'nonce-abe589be-ed51-45c2-b617-fff083cef4d5' 'unsafe-eval' bm-projects-public.s3.amazonaws.com www.youtube.com www.google.com www.gstatic.com/recaptcha www.googletagmanager.com www.google-analytics.com google-analytics.com cdn.datatables.net https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/spin-wheel@4.1.0/dist/spin-wheel-iife.js https://code.jquery.com/jquery-3.7.0.min.js https://www.gstatic.com https://www.gstatic.com https://code.jquery.com/jquery-3.6.3.min.js https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js ; style-src 'self' fonts.googleapis.com bm-projects-public.s3.amazonaws.com cdn.jsdelivr.net https://www.gstatic.com 'nonce-abe589be-ed51-45c2-b617-fff083cef4d5' https://use.fontawesome.com/releases/v5.8.1/css/all.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css ; font-src 'self' fonts.googleapis.com fonts.gstatic.com cloud.typography.com maxcdn.bootstrapcdn.com bm-projects-public.s3.amazonaws.com cdn.jsdelivr.net cdnjs.cloudflare.com data: https://use.fontawesome.com ; img-src 'self' * data: ; frame-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.youtube.com https://www.googletagmanager.com https://www.google.com ; connect-src 'self' https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com ; worker-src 'self' blob: 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors 'self' 1
frame-ancestors 'self' *.thefreshgrocer.com *.brands.wakefern.com 1
default-src 'self' 'unsafe-inline' data: *.memberonefcu.com *.addtoany.com *.ximasoftware.com *.adsrvr.org *.amazonaws.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net isgpoweredbydata.blob.core.windows.net jobs.localjobnetwork.com *.timevaluecalculators.com; frame-ancestors 'self' https: *.memberonefcu.com; frame-src 'self' https: *.memberonefcu.com *.adsrvr.org *.addtoany.com *.google.com; 1
default-src 'self' https://www.sagepayrollservices.co.uk https://sagepayrollservices.co.uk; img-src https://www.google-analytics.com https://www.sagepayrollservices.co.uk https://sagepayrollservices.co.uk data:; script-src https://www.sagepayrollservices.co.uk https://sagepayrollservices.co.uk https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://login.microsoftonline.com 'sha256-GRDSeZ5EybDI0HgtFFs6DNqTucrWVTuMyIlnF506LZ4=' 'sha256-dTKl3yo2Wvr02aq3w2s092NVCVxUUEpl+X4W4tC2bcg=' 'sha256-ouqEHSfzsuF2gRqbj4HuvQtM2KYQ5PUf9wT/KCd0TE8=' 'sha256-/yh+pFuroktsqX3yvn1tyNtlHAhO1tb2GOaqvlly7KE=' 'sha256-HxP0ZRK8O4Olu1jN9MQ4KevqT72KJeqYef6JjY5YuyQ=' 'sha256-FdvpFF9I5m4amEXNC17TllTmNppgPcN7kYqCP7N8rsg=' 'sha256-2fCVBjS4miMZ+jz0FgvfcS6jmiwj+ztBUK5W839T9uM=' 'sha256-MCNAW0Y+21cC2mbHL8mw/oBuayanepigsPq/rYRXZtc=' 'sha256-gaVmEcA/BC9T4JmA2lIOkR9kVt+3C5zp+s+W9kt5eF4=' 'sha256-ZzoZrI86sEB+vENkMMFqQj/b9CRtJIJD53PCYXId/ZQ=' 'sha256-UW6vPN+KWo6XuKcF7Fdx9UpcamTPBCx4Xccr5HyVb2Y=' 'sha256-cWf8IA0CgU9/VqbRWN1IbXIbbX5/Kc9N9QPHqoIv2TA=' 'sha256-d/bP1eHfaCELevhR86c3M73wSg6bjQ5HRVrRSX1j2so=' 'sha256-KQnSh9L3FT2XQTXiXmlPLPkH/d0F9l6b+yqwBNyJ1Bc=' 'sha256-GRDSeZ5EybDI0HgtFFs6DNqTucrWVTuMyIlnF506LZ4=' 'sha256-P61WRuC3U3AdeHcUEjj2Mz5lh9PwpzJvIcAaAIBD0+s='; style-src https://www.sagepayrollservices.co.uk https://sagepayrollservices.co.uk https://fonts.googleapis.com 'unsafe-inline'; font-src data: 'self' https://fonts.gstatic.com https://fonts.sage.com; connect-src 'self' https://www.sagepayrollservices.co.uk https://sagepayrollservices.co.uk https://www.google-analytics.com https://id.sage.com https://employer-uk-prod-api.sagepayrollservices.co.uk https://employee-uk-prod-api.sagepayrollservices.co.uk https://sos-uk-prod-doc-gen-bucket.s3.eu-west-1.amazonaws.com https://bam.nr-data.net https://onlinedocs-prd-bucket-prd-dynamo-final.s3.eu-west-1.amazonaws.com https://fonts.sage.com/ https://login.microsoftonline.com https://admin-uk-prod-api.sagepayrollservices.co.uk; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://media.bsd.network; font-src 'self' https://media.bsd.network; img-src 'self' data: blob: https://media.bsd.network; style-src 'self' https://media.bsd.network 'nonce-u5fijkAHCpVD5H2BHW9tzg=='; media-src 'self' data: https://media.bsd.network; frame-src 'self' https:; child-src 'self' blob: https://media.bsd.network; worker-src 'self' blob: https://media.bsd.network; connect-src 'self' blob: data: wss://bsd.network https://media.bsd.network; manifest-src 'self' https://media.bsd.network; form-action 'self' 1
report-uri https://ats.net 1
frame-ancestors self https://www.libertymedia.com; default-src *.gstatic.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org cdn.sajari.com cdn.sajari.net jsonapi.sajari.net *.hcaptcha.com hcaptcha.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org cdn.sajari.com cdn.sajari.net jsonapi.sajari.net *.hcaptcha.com hcaptcha.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com *.quotemedia.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src d32z8e2q3dzvu4.cloudfront.net ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com youtube-nocookie.com vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.libertymedia.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
frame-ancestors 'self' 50all.com 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.jivosite.com https://*.tt.omtrdc.net https://a.omappapi.com https://a.omappapi.com https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.omappapi.com https://api.omappapi.com https://api.omappapi.com https://app2.fromdoppler.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cognito-identity.eu-west-1.amazonaws.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://firehose.eu-west-1.amazonaws.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://in-automate.brevo.com https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com https://z.omappapi.com wss://*.hotjar.com wss://*.jivosite.com wss://*.jivosite.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://d2d7do8qaecbru.cloudfront.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://hub.tienda.eset-la.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://secure.eset-la.com https://sibautomation.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.eset-la.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://assets.capterra.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://code.jivosite.com https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://files.jivosite.com https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self' https://*.jivosite.com; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.jivosite.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.fromdoppler.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://renovacion.tienda.eset-la.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://sibautomation.com https://sibautomation.com https://sibautomation.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.mx https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.jivosite.com https://a.omappapi.com https://a.omappapi.com https://cdn.fromdoppler.com https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' https://www.casamentos.pt https://comunidade.casamentos.pt https://landing.casamentos.pt 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.mapbox.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.cookielaw.org *.onetrust.com *.moatads.com www.youtube.com pghub.io *.bazaarvoice.com *.pricespider.com js.jebbit.com cdn.segment.com *.lytics.io connect.facebook.net cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: cdn.pricespider.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com www.facebook.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.akamaihd.net *.moatads.com www.google-analytics.com *.cookielaw.org *.onetrust.com *.bazaarvoice.com *.lytics.io www.facebook.com *.pricespider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.bazaarvoice.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net *.algolia.net match.adsrvr.org *.segment.com *.segment.io *.jebbit.com *.pricespider.com *.mapbox.com geolocation-db.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://support.famoussoftware.com https://famoussoftware.com 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.admiralstrand.dk/pubweb/csp-violation 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://dk98ddgl0znzm.cloudfront.net https://emma-content-aggregates-prd.s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://dk98ddgl0znzm.cloudfront.net https://emma-content-aggregates-prd.s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://dk98ddgl0znzm.cloudfront.net; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://dk98ddgl0znzm.cloudfront.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://usstore.biohorizons.com/ https://www.google.com https://player.vimeo.com https://www.youtube.com https://workforcenow.adp.com https://app.e2ma.net https://signup.e2ma.net; img-src 'self' https://usstore.biohorizons.com https://vsr.biohorizons.com data:; manifest-src 'self'; media-src 'self'; report-uri https://622f9b36dcb28d3f13566708.endpoint.csper.io/?v=0; worker-src 'none'; 1
frame-ancestors 'self' insights.hotjar.com 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' wss://umd.userlike.com wss://ws.hotjar.com; img-src 'self' data: *; connect-src 'self' data: *; media-src *; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.onapply.de *.mgr.consensu.org widgets.trustedshops.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.mouseflow.com googleads.g.doubleclick.net *.adcell.com *.bing.com snap.licdn.com *.onapply.de *.clarity.ms *.doubleclick.net trackcmp.net *.cloudfront.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.klarnacdn.net connect.facebook.net ergotopia.activehosted.com talk.hyvor.com *.consentmanager.net *.mgr.consensu.org widgets.trustedshops.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net js.stripe.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.ad-srv.net *.adsrvr.org *.adform.net *.adition.com *.df-srv.de *.mathtag.com *.bidswitch.net *.adnxs.com *.redintelligence.net *.hotjar.com *.outbrain.com *.googletagmanager.com *.app-us1.com *.criteo.com *.ergotopia.de *.tracify.ai *.usefathom.com *.albacross.com *.matomo.cloud; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: https://*.pittohio.com https://*.balancetrak.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-hashes' 'self' 'unsafe-inline'; child-src blob: https:; worker-src blob: 1
connect-src 'self'; img-src 'self'; base-uri 'self'; upgrade-insecure-requests; 1
default-src 'self' data: http://placehold.it/ *.zdassets.com *.zendesk.com *.zopim.com *.zmags.com *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pdefault-srca *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googleapis.com *.google-analytics.com *.adyen.com *.google.com *.gbqofs.com *.gbqofs.io; child-src 'none'; style-src 'self' 'unsafe-inline' *.zmags.com *.adyen.com *.googleapis.com fonts.googleapis.com *.postcodeanywhere.co.uk  *.googletagmanager.com *.tagmanager.google.com  https://tagmanager.google.com *.demandware.net https://fonts.googleapis.com *.abtasty.com *.sentry.io; img-src 'self' data: cookiesuksouth.blob.core.windows.net *.zopim.io *.zdassets.com *.onetrust.com *.zmags.com *.adyen.com http://placehold.it https://placehold.it *.paypal.com *.feefo.com cm.g.doubleclick.net  *.pinterest.com *.doubleclick.net *.googletagmanager.com ct.pinterest.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.the.sciencebehindecommerce.com bat.bing.com d.adroll.com *.3lift.com *.rubiconproject.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.bidswitch.net *.adnxs.com *.openx.net *.advertising.com *.casalemedia.com *.adroll.com *.bing.com *.facebook.net *.demandware.net *.cloudfront.net *.facebook.com *.ordergroove.com *.rackcdn.com *.google-analytics.com *.salesforce.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pdefault-srca *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw smct.co *.smct.co smct.io *.smct.io *.amazonaws.com analytics.tiktok.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com *.abtasty.com *.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.zdassets.com *.zendesk.com *.zopim.com *.onetrust.com *.zmags.com *.googlesyndication.com *.trustpilot.com *.paypal.com *.paypalobjects.com *.gstatic.com d.adroll.mgr.consensu.org *.consensu.org *.adroll.com *.bing.com *.pinimg.com *.google.com *.googlesyndication.com *.trustpilot.com *.adyen.com *.postcodeanywhere.co.uk *.pcapredict.com *.feefo.com *.cloudfront.net *.adsrvr.org *.hotjar.com www.googleadservices.com *.optimizely.com *.facebook.net *.ordergroove.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.the.sciencebehindecommerce.com *.cquotient.com https://tagmanager.google.com/ https://www.googletagmanager.com/ *.tryzens-analytics.com:12443 *.optimizely.com cdnjs.cloudflare.com cdn.cquotient.com www.googletagmanager.com googleads.g.doubleclick.net *.google-analytics.com cdn-ukwest.onetrust.com invitejs.trustpilot.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com analytics.tiktok.com *.googleapis.com maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: *.gbqofs.com *.gbqofs.io *.abtasty.com *.sentry.io; font-src 'self' data: https://fonts.gstatic.com *.ordergroove.com *.zmags.com fonts.gstatic.com *.vacancy-filler.co.uk *.gstatic.com googleads.g.doubleclick.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.abtasty.com *.sentry.io; frame-src 'self' *.pinterest.com *.zmags.com *.googlesyndication.com *.trustpilot.com *.paypal.com *.google.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.the.sciencebehindecommerce.com *.facebook.com *.youtube.com *.adyen.com *.hotjar.com *.adsrvr.org *.doubleclick.net *.optimizely.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com d2d7do8qaecbru.cloudfront.net *.gbqofs.com *.gbqofs.io *.abtasty.com staging-store-lilyskitchen.demandware.net *.lilyskitchen.co.uk; connect-src 'self' *.google.com https://google.com/pay api.addressy.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.zopim.com *.onetrust.com *.zmags.com *.adyen.com *.googlesyndication.com *.trustpilot.com *.paypal.com *.pinterest.com *.facebook.com www.facebook.com connect.facebook.net *.facebook.net facebook.net *.bing.com bat.bing.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.the.sciencebehindecommerce.com ct.pinterest.com *.hotjar.io *.postcodeanywhere.co.uk *.ordergroove.com *.feefo.com *.hotjar.com *.doubleclick.net *.optimizely.com *.google-analytics.com *.tryzens-analytics.com:12280 smct.co *.smct.co smct.io *.smct.io *.amazonaws.com analytics.tiktok.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: *.gbqofs.com *.gbqofs.io *.abtasty.com *.sentry.io api-js.mixpanel.com; media-src 'self' www.facebook.com *.zdassets.com *.paypal.com *.zmags.com *.adyen.com; worker-src blob:; ; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/lk-cspdata; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsms.com *.myaccessblue.com; 1
style-src 'self' 'unsafe-inline' cdn.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com pghub.io connect.facebook.net *.pricespider.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: use.typekit.net feed.pghub.io pandg.tapad.com ; frame-src 'self' pandg.tapad.com www.facebook.com consumersupport.pg.com feed.pghub.io ; img-src 'self' data: images.ctfassets.net pixel.tapad.com embeddedcloud.pricespider.com www.google-analytics.com www.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.doubleclick.net api.bazaarvoice.com feed.pghub.io pandg.tapad.com ; default-src 'self' feed.pghub.io pandg.tapad.com ; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru https://www.googleapis.com/ https://event.centraluniversity.ru cfg.tinkoff.ru acdn.tinkoff.ru www.tinkoff.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.cdn-tinkoff.ru meetup.tinkoff.ru api.tinkoff.ru imgproxy.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com https://youtu.be https://event.centraluniversity.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru rtb-eu.b.otm-r.com sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com 'self' data: *.tcsbank.ru https://tinkoff.ru https://www.tinkoff.ru https://i.ytimg.com/ http://img.youtube.com https://*.cdn-tinkoff.ru/ https://imgproxy.cdn-tinkoff.ru/ https://youtu.be px.ads.linkedin.com https://imgproxy.cdn-tinkoff.ru https://event.centraluniversity.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org 'self' blob: data: *.tinkoff.ru *.tcsbank.ru https://www.youtube.com/ https://youtu.be https://event.centraluniversity.ru; font-src *.cdn-tinkoff.ru 'self' *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/log/csp-error; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 1
frame-ancestors cms.vistry.co.uk devcms.vistry.co.uk uatcms.vistry.co.uk 1
default-src 'self' *.weglot.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; media-src 'self' data:; script-src 'nonce-d8559338-1ef3-4628-832f-7b83485714e7' 'strict-dynamic'  'unsafe-hashes' cdn.weglot.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; script-src-elem 'unsafe-inline' https://www.ilevia.fr sdk.privacy-center.org cdn.weglot.com cdn.matomo.cloud *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; style-src 'self' *.weglot.com sdk.privacy-center.org *.ilevia.fr 'unsafe-inline' *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; connect-src 'self' data: *.ilevia.fr *.weglot.com cdn-api-weglot.com *.insitaction.org sdk.privacy-center.org google.com api.privacy-center.org api.navitia.io api-cus.navitia.io ilevia.matomo.cloud *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net   ; font-src 'self' data: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; img-src 'self' data: *.weglot.com www.gstatic.com media.ilevia.fr int-media.ilevia.fr pprod-media.ilevia.fr sdk.privacy-center.org upload.wikimedia.org ilost.co www.ilevia.fr purecatamphetamine.github.io *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; worker-src 'self' blob: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; form-action 'self' ilost.co *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; child-src https://nws-lille.hove.io pnp-ihm-lille-cus.canaltp.fr *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net 1
default-src 'self'; connect-src 'self' https://www.profound.net/analytics/; frame-src 'self' https://www.google.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://cdn.datatables.net/ https://www.google.com/ https://www.gstatic.com/ https://www.profound.net/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://cdn.datatables.net/; font-src 'self' https://cdnjs.cloudflare.com; object-src 'self'; img-src 'self' data: https://cdn.datatables.net/ https://www.profound.net/analytics/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data: blob: 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src * 'unsafe-inline' data: blob: 'unsafe-inline'; frame-ancestors 'self' https://test.sagepay.com/*; child-src * 'unsafe-inline' data: blob: 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
default-src 'none'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.cahoot.com https://santander.demdex.net;  script-src 'self' 'unsafe-inline' https://google.com https://www.google.com https://md-scp.kampyle.com https://pagead2.googlesyndication.com https://sc-static.net https://track.omguk.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.cahoot.com; connect-src 'self' 'unsafe-inline' https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net https://smetrics.santander.co.uk https://dpm.demdex.net https://*.cahoot.com; img-src 'self' 'unsafe-inline' https://*.cahoot.com data: https:; style-src 'self' 'unsafe-inline' https://md-scp.kampyle.com; font-src 'self'; frame-src 'self' 'unsafe-inline' https://td.doubleclick.net https://activitymap.adobe.com https://www.youtube-nocookie.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; 1
default-src 'self'; frame-ancestors *.welovefrugi.com *.dotomi.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' https://records.vetcoclinics.com https://cdn.cookielaw.org https://google.com https://youtube.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://s.imgur.com https://imgur.com https://i.imgur.com https://500px.com https://drscdn.500px.org https://www.reddit.com https://www.flickr.com https://c1.staticflickr.com https://maxcdn.bootstrapcdn.com http://code.ionicframework.com https://cdn.fontawesome.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com https://api.ipinfodb.com https://maps.googleapis.com https://maps.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tags.tiqcdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.cookielaw.org https://maps.gstatic.com https://cdn.atlargeinc.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://google.com https://www.google.com data:; connect-src 'self' https://privacyportal.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org ; font-src 'self'; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' *.dynamics.com *.centier.com *.luckyorange.com *.myfonts.net *.googleapis.com *.vimeocdn.com *.delivera.com play.vidyard.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://www.bugherd.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cludo.com cdn.cookielaw.org *.signalintent.com cdn.jsdelivr.net integration.delivra.com mktdplp102cdn.azureedge.net js.adsrvr.org wsmcdn.audioeye.com tag.simpli.fi cdn.segment.com *.typeform.com *.google.com *.googletagmanager.com *.jquery.com *.ellieservices.com *.doubleclick.net *.vimeocdn.com *.ensighten.com *.audioeye.com *.simpli.fi *.clarity.ms *.luckyorange.com s4desktop.com bat.bing.com insight.adsrvr.org *.googleadservices.com *.optimalblue.com https://refer.centier.com/core.js https://origin.xtlo.net googlesyndication.com *.google-analytics.com *.hotjar.com *.mouseflow.com *.pagesense.io *.plerdy.com *.zohocdn.com *.hotjar.io test.plerdy.com a.plerdy.com *.ssl.cf5.rackcdn.com *.gonorth.io *.callrail.com *.fontawesome.com *.cloudfront.net play.vidyard.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net embed.signalintent.com *.cludo.com *.google.com *.typeform.com *.audioeye.com s4desktop.com platform.twitter.com *.luckyorange.com *.myfonts.net *.googletagmanager.com https://origin.xtlo.net use.fontawesome.com *.play.vidyard.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cludo.com *.centier.com insight-event.brandcdn.com *.simpli.fi *.google.com *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com fei.pro-market.net *.agkn.com *.intentig.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.facebook.net *.intentiq.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net pippio.com *.luckyorange.com *.dynamics.com bat.bing.com insight.adsrvr.org https://origin.xtlo.net *.google-analytics.com *.plerdy.com test.plerdy.com play.vidyard.com cdn.vidyard.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: embed.signalintent.com *.gstatic.com *.audioeye.com *.googleapis.com https://origin.xtlo.net use.fontawesome.com *.amazonaws.com; frame-src 'self' *.matterport.com *.google.com *.vimeo.com *.youtube.com *.typeform.com *.office365.com s4desktop.com youtu.be *.coconutcalendar.com *.audioeye.com *.adsrvr.org *.dynamics.com *.centier.com td.doubleclick.net https://www.facebook.com forms.office.com centier-aut.sitefinity.cloud *.optimalblue.com *.plerdy.com play.vidyard.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.mktoresp.com *.visualstudio.com *.cludo.com cdn.cookielaw.org *.onetrust.com calc-backend-prod.herokuapp.com api.segment.io cdn.segment.com *.articulate.com *.clarity.ms *.audioeye.com *.delivra.com *.doubleclick.net *.visitors.live wss://in.visitors.live/socket.io ws: *.luckyorange.com *.googleapis.com *.centier.com https://www.facebook.com *.dynamics.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com analytics.google.com *.hotjar.com *.mouseflow.com *.pagesense.io *.plerdy.com *.zoho.com *.hotjar.io *.zohocdn.com *.bing.com *.ssl.cf5.rackcdn.com *.gonorth.io *.callrail.com *.fontawesome.com *.cloudfront.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net play.vidyard.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com centier-stg.sitefinity.cloud centier-aut.sitefinity.cloud centier.sitefinity.cloud *.centier.com *.googleapis.com https://www.google.com blob: 1
default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' ws: wss: blob: *.practicalfishkeeping.co.uk *.wgp-cdn.co.uk *.cloudflare.com https://api.raygun.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.pbstck.com quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org audit-tcfv2.quantcast.mgr.consensu.org https://powerad.ai *.powerad.ai *.teads.tv *.skimresources.com https://*.fontawesome.com *.trackedlink.net *.connatix.com *.openx.net hb-api.omnitagjs.com automatad.technoratimedia.com *.33across.com ap.lijit.com be.durationmedia.net htlb.casalemedia.com hbopenbid.pubmatic.com *.adxpremium.services fastlane.rubiconproject.com adx.adform.net prebid-eu.creativecdn.com mp.4dex.io script.4dex.io *.googletagmanager.com *.clickiocdn.com *.criteo.com *.sharedid.org *.adsrvr.org *.id5-sync.com *.rlcdn.com *.crwdcntrl.net *.insurads.com *.trackedweb.net *.smartadserver.com *.servenobid.com c2shb.pubgw.yahoo.com *.sharethrough.com *.liadm.com *.amazon-adsystem.com *.atmtd.com *.yellowblue.io *.e-planning.net *.primis.tech *.ad.gt id5-sync.com pbjs.e-planning.net *.analytics.google.com *.googlesyndication.com *.analytics.google.com *.google.com *.g.doubleclick.net *.gstatic.com *.cmp.quantcast.com *.quantcast.com *.tagdeliver.com *.inmobi.com; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' http://www.stereo.de/markt/admin/ *.heise.de *.guenstiger.de *.stereo.de *.nitschkeverlag.de *.youtube.com *.paypal.com www.paypalobjects.com *.plenigo.com api.plenigo.com *.plenigo-stage.com api.snaque.com *.julephosting.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heise.de *.guenstiger.de *.stereo.de *.nitschkeverlag.de *.youtube.com *.paypal.com www.paypalobjects.com unpkg.com *.plenigo.com api.plenigo.com *.plenigo-stage.com api.snaque.com *.julephosting.de; style-src * 'unsafe-inline'; img-src * data:; font-src *; object-src 'none'; frame-src *; 1
frame-ancestors 'self'  https://beta.beautifulhomes.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.privacytools.com.br *.googleapis.com *.gstatic.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.ampproject.org *.taboola.com *.criteo.com *.criteo.net https://measurement-api.criteo.com *.bing.com *.clarity.ms *.clarity.net *.facebook.net *.facebook.com *.google.com *.google.com.br *.vercel.com vercel.live *.force.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.documentforce.com *.doubleclick.net *.zoho.com *.zohocdn.com *.zohostatic.com *.embracon.online *.embracon.com.br ws://vts.zohopublic.com wss://ws-us3.pusher.com *.zohopublic.com *.socdm.com *.yahoo.com *.outbrain.com *.emxdgt.com *.salesforce-sites.com *.pusher.com *.handtalk.me api.embraconnet.com.br *.useinsider.com *.tiktok.com *.youtube.com embra-assets.nyc3.digitaloceanspaces.com http://tgtag.io *.trafficguard.ai https://tsdtocl.com https://e1.emxdgt.com api.intentiq.com data:; img-src * data: blob:; 1
base-uri 'self';default-src 'self';block-all-mixed-content;frame-ancestors 'self';form-action 'self' https://connect.facebook.net https://www.facebook.com;connect-src 'self' https://maps.googleapis.com https://core.helloretail.com https://api.dixa.io https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://bat.bing.com https://cykelpartner.matomo.cloud https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://adservice.google.com wss://sockets.dixa.io https://sentry.io https://messenger-edge.dixa.io https://o.clarity.ms/collect https://analytics.tiktok.com https://api.retargeted.co https://api.bannercrowd.net/fetch https://gtm.cykelpartner.dk https://pixel.cykelpartner.dk https://api.bannercrowd.net https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://a.klaviyo.com https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://graph.facebook.com;font-src 'self' https://www.cykelpartner.dk https://fonts.googleapis.com https://www.google-analytics.com https://widget.trustpilot.com https://widget.dixa.io https://static.klaviyo.com https://fonts.gstatic.com https://my.anyday.io;img-src 'self' data: https://resources.chainbox.io https://www.pricerunner.dk https://d1pna5l3xsntoj.cloudfront.net https://bat.bing.com https://www.google.dk https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google-analytics.com https://dixa-uploads.s3.eu-west-1.amazonaws.com https://helloretailcdn.com https://c.clarity.ms/c.gif https://c.bing.com https://gtm.cykelpartner.dk https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.facebook.com https://my.anyday.io;media-src https://resources.chainbox.io https://widget.dixa.io;object-src 'none' ;script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-hyLwMKzfY/PWvQdi3d7QfAgyVEQdFlflXmdi1uGs69s=' https://www.googletagmanager.com https://helloretailcdn.com https://ajax.googleapis.com https://widget.dixa.io/ https://messenger.dixa.io https://cdn.polyfill.io https://optimize.google.com https://www.googleoptimize.com https://www.clarity.ms https://gtm.cykelpartner.dk https://consentcdn.cookiebot.com https://consent.cookiebot.com https://maps.googleapis.com https://*.google-analytics.com https://www.facebook.com https://connect.facebook.net https://my.anyday.io https://event.getblue.io https://widget.trustpilot.com;style-src 'self' 'unsafe-inline' https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://optimize.google.com https://static.klaviyo.com https://fonts.googleapis.com;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://form.apsis.one https://consentcdn.cookiebot.com http://www.facebook.com https://messenger.dixa.io https://optimize.google.com http://event.getblue.io https://widget.trustpilot.com; 1
default-src 'self' https://* s3.us-west-1.amazonaws.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com anchor.fm www.googletagmanager.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;frame-ancestors 'self' https://*.mybigcommerce.com https://*.shopify.com https://*.myshopify.com;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
script-src 'self' https: 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dec.azureedge.net/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com kendo.cdn.telerik.com https://fonts.googleapis.com s7.addthis.com maps.googleapis.com z.moatads.com v1.addthisedge.com m.addthis.com api.dec.sitefinity.com nsman.sinoper.cloud  tapestry.tapad.com su.addthis.com maps.gstatic.com https://fonts.gstatic.com i3.ytimg.com cms.safra.sg www.jobstreet.com.sg siva-sg.jsstatic.com job-search.jsstatic.com ssl.google-analytics.com job-search.jobstreet.com scontent.xx.fbcdn.net maps.google.com.my https://www.google.com khms1.googleapis.com www.youtube.com googleads.g.doubleclick.net static.doubleclick.net yt3.ggpht.com i.ytimg.com https://www.youtube-nocookie.com/ https://safra-resources.azureedge.net https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://bid.g.doubleclick.net https://www.facebook.com https://www.google.com.sg https://stats.g.doubleclick.net https://www.jobstreet.com/ https://nsman.safra.sg https://s3-ap-southeast-1.amazonaws.com https://191-dev.s3.ap-southeast-1.amazonaws.com https://m.facebook.com/ https://www.google.com.my https://streetviewpixels-pa.googleapis.com analytics.google.com *.clarity.ms *.bing.com https://www.gstatic.com; 1
frame-ancestors 'self' *.sovremennik.ru 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bitfufu.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://client.crisp.chat https://settings.crisp.chat https://www.datadoghq-browser-agent.com https://cf.aliyun.com https://aeis.alicdn.com https://g.alicdn.com https://*.tdum.alibaba.com https://ynuf.aliapp.org https://*.hotjar.com https://cdn.onesignal.com https://onesignal.com; style-src 'self' 'unsafe-inline' https://*.bitfufu.com https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://client.crisp.chat https://*.hotjar.com https://onesignal.com; img-src 'self' data: blob: android-webview-video-poster: android-webview: https://*.bitfufu.com https://bitfufu-apse1-corp.s3.ap-southeast-1.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.co.in https://www.google.com https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat https://acjs.aliyun.com https://*.hotjar.com; font-src 'self' https://fonts.googleapis.com https://*.alicdn.com data: https://*.bitfufu.com https://fonts.gstatic.com https://client.crisp.chat https://*.hotjar.com; connect-src 'self' https://*.bitfufu.com https://cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://adservice.google.com https://stats.g.doubleclick.net https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://*.browser-intake-datadoghq.com https://cf.aliyun.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://onesignal.com https://distributions.crowdin.net; media-src https://*.bitfufu.com https://client.crisp.chat https://storage.crisp.chat; worker-src 'self' blob:; object-src 'none'; frame-src 'self' https://help.bitfufu.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://game.crisp.chat; report-uri https://o1101648.ingest.sentry.io/api/6248155/security/?sentry_key=43271cbfc2be48129c8cfc9fd57adc98 1
frame-ancestors 'self' https://*.evercore.com 1
frame-ancestors www.thehourglass.com reports.thehourglass.com ovr.thehourglass.com 1
default-src 'none'; base-uri 'none'; object-src 'none'; script-src 'nonce-11223e7b7706cc639c41cc139abecfe0' 'strict-dynamic' plausible.io www.googletagmanager.com *.google-analytics.com https: 'self' 'report-sample' 'unsafe-inline'; style-src 'self' tagmanager.google.com *.googleapis.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com www.googletagmanager.com plausible.io; img-src 'self' *.google-analytics.com www.googletagmanager.com *.gstatic.com data:; media-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none'; manifest-src 'self'; frame-src 'none'; form-action 'self' ibuildings.nl api.ibuildings.nl ibuildings.com; report-to default 1
default-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com https://*.matomo.cloud https://*.vev.design https://bouvet.matomo.cloud;script-src 'self' 'unsafe-inline' data: static.cloudflareinsights.com *.facebook.com snap.licdn.com s.ytimg.com *.youtube.com/iframe_api  *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.googleapis.com tagmanager.google.com *.googletagmanager.com web106.reachmee.com *.jquery.com *.instagram.com *.albacross.com *.facebook.net optimize.google.com *.vev.design cdn.matomo.cloud/bouvet.matomo.cloud/  connect.facebook.net *.connect.facebook.net *.cdn.matomo.cloud/bouvet.matomo.cloud/ https://www.anpdm.com https://www.youtube.com https://connect.facebook.net https://bouvet.matomo.cloud/js/ https://bouvet.matomo.cloud/;frame-src 'self' pub.dialogapi.no ir.oms.no indd.adobe.com *.facebook.com *.simplecast.com *.manamind.com https://ir.oms.no https://www.youtube.com *.vimeo.com *.youtube.com *.youtube-nocookie.com https://connect.facebook.net/ *.google.com www.google.com *.google-analytics.com site103.reachmee.com site106.reachmee.com *.reachmee.com web106.reachmee.com *.jquery.com connect.facebook.net *.soundcloud.com *.slideshare.net https://bouvet.matomo.cloud/ cdn.matomo.cloud/bouvet.matomo.cloud/;img-src 'self' data: *.linkedin.com *.bouvet.no *.bouvet.se *.en.bouvet.no *.gstatic.com/images/ *.smugmug.com *.googletagmanager.com *.google.no *.google.com *.google-analytics.com *.doubleclick.net *.albacross.com *.facebook.com optimize.google.com site103.reachmee.com site106.reachmee.com *.reachmee.com *.vev.design *.bouvet.fotoware.cloud/fotoweb/archives/5003-Rekruttering/ https://bouvet.fotoware.cloud/ https://bouvet-xp7prod.enonic.cloud https://connect.facebook.net https://www.facebook.com https://www.facebook.com/tr https://bouvet.matomo.cloud/;style-src 'self' 'unsafe-inline' *.facebook.com static.cloudflareinsights.com tagmanager.google.com fonts.googleapis.com *.jquery.com cdn.rawgit.com optimize.google.com *.vev.design cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css bouvet.matomo.cloud/ https://cdn.jsdelivr.net https://bouvet.matomo.cloud;media-src *.bouvet.no *.vev.design;font-src 'self' data: fonts.gstatic.com *.vev.design bouvet.matomo.cloud https://bouvet.matomo.cloud/;connect-src 'self' *.facebook.com cloudflareinsights.com *.doubleclick.net *.google-analytics.com *.albacross.com *.jquery.com *.vev.design *.licdn.com bouvet.matomo.cloud/matomo.php https://www.anpdm.com https://cdn.linkedin.oribi.io https://fonts.googleapis.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-8fb4c0e28792195db7bfa038d83f62a8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' *.netopia-payments.com 1
frame-ancestors 'self' https://*.blkbx.com/ https://nrcha.com/ 1
script-src 'strict-dynamic' 'nonce-FONm/cng7Y9FG52mHg8PAw==' 'self' 'unsafe-inline' https://temp.pozary.cz https://storage.pozary.cz https://www.google-analytics.com https://ssl.google-analytics.com https://platform.twitter.com https://widget.packeta.com https://sta.lachym.cz; object-src 'none'; base-uri https://*.pozary.cz; frame-src 'self' https://storage.pozary.cz https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://rentalpro.livebox.cz https://platform.twitter.com https://twitter.com https://widget.packeta.com https://test.pozary.cz; 1
default-src 'self'; script-src  'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com  https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com; img-src data: 'self' images.pexels.com; object-src 'none'  1
default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';object-src 'none';base-uri 'self';connect-src 'self' https://app.tryroll.com https://nftx.ethereumdb.com https://raw.githubusercontent.com https://umaproject.org https://unpkg.com https://www.gemini.com https://yearn.science https://rpc-mainnet.lachain.io https://api.thegraph.com;font-src 'self';frame-src 'self';img-src 'self' data: https://lachain.io https://etherscan.io https://s2.coinmarketcap.com https://upload.wikimedia.org https://cryptologos.cc https://raw.githubusercontent.com https://offchainlabs.com https://st3.latoken.com;manifest-src 'self';media-src 'self';worker-src 'none'; 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; 1
base-uri 'self'; default-src 'none'; connect-src 'self' https://app.getsentry.com https://o28170.ingest.sentry.io https://sentry.keldoc.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://*.keldoc.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' blob:; script-src 'self' https://assets.keldoc.com/plsble/js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net/recaptcha/ https://js.stripe.com http://localhost:* localhost; object-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com; img-src * blob: data:; child-src 'self'; manifest-src 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://disabled.social; img-src 'self' https: data: blob: https://disabled.social; style-src 'self' https://disabled.social 'nonce-VWneGgtf00WgYc+Wi6JHMw=='; media-src 'self' https: data: https://disabled.social; frame-src 'self' https:; manifest-src 'self' https://disabled.social; form-action 'self'; child-src 'self' blob: https://disabled.social; worker-src 'self' blob: https://disabled.social; connect-src 'self' data: blob: https://disabled.social https://assets.disabled.social wss://disabled.social; script-src 'self' https://disabled.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' webvisor.com metrika.yandex.ru mc.yandex.ru *.yandex.tld *.yandex.net webvisor.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' http://use.typekit.net https://use.typekit.net https://js-eu1.hsforms.net https://googletagmanager.com https://js-eu1.hs-banner.com https://js-eu1.hs-scripts.com https://js-eu1.hsadspixel.net https://js-eu1.hs-analytics.net https://www.google-analytics.com https://www.googletagmanager.com https://js-eu1.hscollectedforms.net https://edge.marker.io https://platform.twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://platform.twitter.com https://www.gstatic.com https://www.buzzsprout.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ssr.marker.io https://forms-eu1.hsforms.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://api-eu1.hubapi.com https://forms-eu1.hscollectedforms.net https://info.infosupport.com https://px.ads.linkedin.com https://api.marker.io https://adservice.google.com; font-src data: 'self' https://fonts.gstatic.com; frame-src 'self' https://app.marker.io https://forms-eu1.hsforms.com https://www.youtube.com youtube.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://www.buzzsprout.com; img-src data: 'self' https://forms.hsforms.com https://forms-eu1.hsforms.com https://www.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://track-eu1.hubspot.com https://www.google.com https://*.ads.linkedin.com https://www.google.nl https://syndication.twitter.com https://www.facebook.com https://adservice.google.com; manifest-src 'self'; media-src 'self'; report-uri https://6358f53f1b097796c21f88c0.endpoint.csper.io; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com www.google-analytics.com consent.cookiebot.com ajax.aspnetcdn.com snap.licdn.com static.ads-twitter.com analytics.twitter.com tagmanager.google.com *.facebook.net *.cookiebot.com *.googleadservices.com googleads.g.doubleclick.net static.newsletter2go.com cdnjs.cloudflare.com cdn.rawgit.com *.youtube.com *.ytimg.com *.staticfiles.io static.activedemand.com collection.activedemand.com plausible.io *.app-us1.com trackcmp.net localhost localhost:8080 unpkg.com trk.techtarget.com 8a2aj4.zuehlke.com *.azureedge.net *.dynamics.com *.hotjar.com *.redditstatic.com *.cookiepro.com *.mathtag.com *.cookielaw.org *.adsrvr.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com localhost:8080 cdn.plyr.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'about:blank' data: www.google-analytics.com *.linkedin.com t.co www.linkedin.com *.adsymptotic.com *.gstatic.com *.googleusercontent.com *.facebook.com maps.googleapis.com zuehlke-careers-com.s3.amazonaws.com *.google.com *.google.ch *.googletagmanager.com stats.g.doubleclick.net files.newsletter2go.com *.ytimg.com cdn.rawgit.com raw.githubusercontent.com apt.techtarget.com *.azureedge.net *.dynamics.com *.reddit.com *.glassdoor.co.uk *.cookiepro.com *.unsplash.com *.doubleclick.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: youtube.com www.youtube.com consent.cookiebot.com consentcdn.cookiebot.com *.facebook.com *.youtube-nocookie.com *.lamapoll.de *.doubleclick.net embed.eventfrog.ch *.matterport.com mama-jobs.ch papa-jobs.ch lgbti-jobs.ch 50plus-jobs.ch *.azureedge.net *.dynamics.com *.hotjar.com share.transistor.fm *.adsrvr.org; frame-ancestors 'self' https://*.jobcloud.ch https://*.jobs.ch https://jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.survey.lamapoll.de *.matterport.com mama-jobs.ch papa-jobs.ch lgbti-jobs.ch 50plus-jobs.ch *.azureedge.net *.dynamics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: themes.googleusercontent.com fonts.gstatic.com localhost:8080; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com salesviewer.org api.newsletter2go.com *.doubleclick.net plausible.io consentcdn.cookiebot.com maps.googleapis.com localhost:8080 *.azureedge.net *.dynamics.com cdn.plyr.io noembed.com 8a2aj4.zuehlke.com *.techtarget.com *.cookiepro.com *.onetrust.com *.analytics.google.com *.linkedin.oribi.io *.cookielaw.org 1
frame-ancestors https://admin.alkermes.com https://www.alkermes.com 1
default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1
object-src 'none';default-src 'self';frame-src 'self' www.google.com www.youtube.com youtu.be www.googletagmanager.com defensie.matomo.cloud cdn.matomo.cloud ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem.com *.doubleclick.net *.facebook.com www.google.nl;connect-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com www.google.com www.google.be www.youtube.com s.ytimg.com defensie.matomo.cloud cdn.matomo.cloud ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net pagead2.googlesyndication.com *.facebook.com www.google.nl;script-src 'nonce-qKZUBVYsFvyQhmhAPIiPZHrzMqlAiChF80eVo0Upm30=' 'strict-dynamic' 'sha256-+QMpjeHPr7lWx1WU2+tmpySZbCXQBSUAbWdUcFY2xmM=' 'sha256-5msWZ5lvLPTzxHF1iYV3kIBAeW30TrGtwY9qaK/dIms=' 'sha256-yMaY29uPlynCXe25rjtjhHxYSyFi7HzjjReas8TcKk8=' 'sha256-WiHRxQNs1YkWgTsRMFVlLl7uaUDSgjSnYoH71xuB33M=' 'sha256-NZ4GOneZgBsRPejXjXvmAaIhZAoNtMnVCSut7/KJSoA=' 'sha256-KFB0gd1NztgpO22RExKjW9PmRP86JAOxmYlz50GecK0=' 'sha256-a2O9uaiiVkb2AyKnweSonu38xRDfF33JmK4NrEQbGmo=' 'sha256-o0cVnFnbHpxbtqnX6h1rSWzKR4Sd+WXOKsHo+cM3ECs=' 'sha256-3WsBXjvgTNvt1YITF5DViCv4GJlByX85uQBiDRRW578=' 'self' 'unsafe-eval' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com s.ytimg.com/ www.google-analytics.com youtu.be tagmanager.google.com defensie.matomo.cloud cdn.matomo.cloud stats.g.doubleclick.net ad.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net *.facebook.com www.google.nl www.google.be www.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/;img-src 'self' *.ytimg.com www.google.co.uk/ads/ www.google.be/ads/ www.google.com/ads/ www.google-analytics.com/ *.gstatic.com/ www.googletagmanager.com *.googleusercontent.com/ *.indeed.com data: ad.doubleclick.net stats.g.doubleclick.net td.doubleclick.net aax-eu.amazon-adsystem *.doubleclick.net www.facebook.com *.facebook.com www.google.nl www.google.com www.google.be;font-src 'self' fonts.gstatic.com fonts.googleapis.com;base-uri 'self'; 1
frame-ancestors https://*.careercross.com; default-src https: data: 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; object-src 'none'; worker-src blob:; 1
img-src 'self' data:  default-src 'self' 'unsafe-inline' *.googleapis.com  *.gstatic.com *.bootstrapcdn.com mc.yandex.ru *.youtube.com *.doubleclick.net frame-src 'self' youtube.com 1
default-src 'self' 'nonce-WmE4MHcxVkdhbENsYUZpZnRhYWJaZ0FBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms 'nonce-WmE4MHcxVkdhbENsYUZpZnRhYWJaZ0FBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com; style-src 'self' fonts.googleapis.com 'nonce-WmE4MHcxVkdhbENsYUZpZnRhYWJaZ0FBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com; base-uri 'self'; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report; 1
frame-ancestors uitgekookt.nl 1
default-src 'self' 'unsafe-inline' player.vimeo.com www.youtube.com *.tile.openstreetmap.org; script-src 'self' 'unsafe-inline' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; img-src data: 'self' 'unsafe-eval' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com api.mapbox.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.tile.openstreetmap.org 1
default-src 'self';child-src 'self' *.youtube.com *.google.com *.vimeo.com vimeo.com *.dailymotion.com *.soundcloud.com static.addtoany.com *.twitter.com *.issuu.com *.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.eurelectric.org chat.dante-ai.com;connect-src 'self' *.google-analytics.com *.analytics.google.com maps.googleapis.com stats.g.doubleclick.net chat.dante-ai.com;font-src 'self' fonts.gstatic.com cdn.eurelectric.org;form-action 'self' login.windows.net login.microsoftonline.com syndication.twitter.com;frame-ancestors *.eurelectric.org;img-src 'self' data: csi.gstatic.com maps.googleapis.com fonts.googleapis.com docshare.eurelectric.org maps.gstatic.com www.google.com www.google.be www.google.fr cdn.eurelectric.org *.google-analytics.com *.analytics.google.com cbks0.googleapis.com *.ggpht.com *.linkedin.com *.twitter.com *.twimg.com dante-chatbot-pictures.s3.amazonaws.com chat.dante-ai.com;media-src 'self' *.eurelectric.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.google.com *.gstatic.com cdn.eurelectric.org *.google-analytics.com *.analytics.google.com snap.licdn.com px.ads.linkedin.com *.googletagmanager.com static.addtoany.com platform.twitter.com *.twimg.com *.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.amcharts.com chat.dante-ai.com;style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com cdn.eurelectric.org platform.twitter.com chat.dante-ai.com; 1
child-src 'self' https://*.easyeda.com https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com; frame-ancestors 'self' https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com 1
default-src 'self'; 
		    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anacom-consumidor.pt www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com f1.eu.readspeaker.com *.readspeaker.com *.doubleclick.net;
		    img-src  'self' 'unsafe-inline' *.anacom-consumidor.pt lh3.googleusercontent.com *.googletagmanager.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com *.doubleclick.net i.ytimg.com;
		    style-src 	'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com;
		    font-src 	'self' 'unsafe-inline' data: *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com;
		    connect-src 'self' *.anacom-consumidor.pt *.google-analytics.com stats.g.doubleclick.net *.analytics.google.com; 
		    frame-src 	'self' *.inbenta.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com goo.gl *.youtube.com app.powerbi.com *.spotify.com *.twitter.com; 
		    media-src 	'self' http://* https://* i.ytimg.com *.youtube.com *.twitter.com; 
		    object-src 	'self' *.anacom-consumidor.pt;
		    frame-ancestors 'self' *.inbenta.com; 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-b48a2c05d03373583ce7ba376cadcb4f' 'nonce-3f5200aea4a8562c3c172c9f217d5bd9' 'nonce-7ece676590691c4ba0c8e6bccab46d56' 'nonce-cb8e08c1d2b626b5f5e11ff1d1f0cc48' 'nonce-6b06d6433232e2b9fd83e16cde223910' 'nonce-a922270502866bc7212620be0e256ca7' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-b48a2c05d03373583ce7ba376cadcb4f' 'nonce-3f5200aea4a8562c3c172c9f217d5bd9' 'nonce-7ece676590691c4ba0c8e6bccab46d56' 'nonce-cb8e08c1d2b626b5f5e11ff1d1f0cc48' 'nonce-6b06d6433232e2b9fd83e16cde223910' 'nonce-a922270502866bc7212620be0e256ca7' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' https://stats.kde.org 1
default-src 'self' 'unsafe-inline' *.doubleclick.net *.cpmstar.com *.doubleverify.com https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.cloudflare.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src 'self' 'unsafe-inline' *.doubleclick.net *.cpmstar.com *.doubleverify.com https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.cloudflare.com 1
frame-ancestors *.ccrw.edu.cn; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:; worker-src * blob: 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' optimize.google.com service.force.com snap.licdn.com assets.calendly.com static.lightning.force.com mydentist.secure.force.com mydentist.my.salesforce.com c.la1-c1-lo2.salesforceliveagent.com d.la1-c1-lo3.salesforceliveagent.com d.la1-c1-lo2.salesforceliveagent.com geolocation.onetrust.com www.googleoptimize.com www.clarity.ms analytics.tiktok.com ssl.google-analytics.com bam.nr-data.net translate.googleapis.com gateway.zscloud.net sslwidget.criteo.com stats.g.doubleclick.net ict.infinity-tracking.net cdn.cookielaw.org translate.google.com googleads.g.doubleclick.net js-agent.newrelic.com www.facebook.com www.googletagmanager.com www.googleadservices.com script.hotjar.com static.hotjar.com www.google-analytics.com www.patientcomms.co.uk www.gstatic.com static.criteo.net maps.googleapis.com cdn.fluidads.com mydentist.my.salesforce-sites.com d.la1-c2-lo2.salesforceliveagent.com mydentist-portal-test.azurewebsites.net mydentist-portal-production.azurewebsites.net script.infinity-tracking.com widget.trustpilot.com googleapis.com www.cqc.org.uk d.la1-core1.sfdc-5pakla.salesforceliveagent.com web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' optimize.google.com service.force.com mydentist.secure.force.com mydentist.my.salesforce.com fonts.googleapis.com translate.googleapis.com gateway.zscloud.net hello.myfonts.net www.googletagmanager.com mydentist.my.salesforce-sites.com unpkg.com www.cqc.org.uk web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com px.ads.linkedin.com p.adsymptotic.com px4.ads.linkedin.com gateway.zscloud.net i.ytimg.co onlinebooking.mydentist.co.uk www.gstatic.com translate.googleapis.com c.clarity.ms stats.g.doubleclick.net maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk www.googletagmanager.com c.bing.com *.tile.openstreetmap.org tiles.mapc.org ad.doubleclick.net www.mydentist.co.uk www.cqc.org.uk web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: service.force.com; frame-src 'self' optimize.google.com service.force.com mydentist.my.salesforce.com calendly.com gateway.zscloud.net vars.hotjar.com onlinebooking.mydentist.co.uk www.facebook.com outlook.office365.com apply.v12finance.com www.youtube.com gum.criteo.com youtu.be vimeo.com www.youtube-nocookie.com 3dshowcases.co.uk my.matterport.com mydentist.my.salesforce-sites.com player.vimeo.com widget.trustpilot.com td.doubleclick.net mycare.patientcomms.co.uk web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com cdn.linkedin.oribi.io region1.google-analytics.com nas.lon.infinity-tracking.net maps.googleapis.com www.google-analytics.com mydentist.secure.force.com api.opencagedata.com bam.nr-data.net analytics.tiktok.com www.clarity.ms cdn.cookielaw.org https://www.google-analytics.com ict.infinity-tracking.net stats.g.doubleclick.net in.hotjar.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location mydentist.my.salesforce-sites.com mydentist-portal-test.azurewebsites.net mydentist-portal-production.azurewebsites.net *.infinity-tracking.com *.clarity.ms region1.analytics.google.com pagead2.googlesyndication.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com search.wiser.nl onlinegamecarddiensten.casengo.com cdn.trackjs.com onlinegamecarddiensten.getgrasp.com d1e9x0wcqr7os0.cloudfront.net cdn.sift.com consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net static.hotjar.com sc-static.net googleads.g.doubleclick.net api.ipify.org tr-shadow.snapchat.com tr.snapchat.com script.hotjar.com www.googleadservices.com;         style-src 'self' 'unsafe-inline' search.wiser.nl onlinegamecarddiensten.casengo.com onlinegamecarddiensten.getgrasp.com;         connect-src 'self' www.google-analytics.com onlinegamecarddiensten.getgrasp.com search.wiser.nl d1e9x0wcqr7os0.cloudfront.net region1.google-analytics.com capture.trackjs.com exch.gamecardsdirect.com tr-shadow.snapchat.com metrics.hotjar.io www.google.com googleads.g.doubleclick.net tr.snapchat.com pagead2.googlesyndication.com consentcdn.cookiebot.com script.hotjar.com stats.g.doubleclick.net;         img-src 'self' gamecardsdirect.com www.gamecardsdirect.com www.googletagmanager.com www.google-analytics.com search.wiser.nl login.casengo.com hexagon-analytics.com usage.trackjs.com app.getgrasp.com www.facebook.com www.google.com www.google.nl exch.gamecardsdirect.com tr.snapchat.com;         frame-src 'self' www.google.com www.facebook.com consentcdn.cookiebot.com tr-shadow.snapchat.com www.kiyoh.com td.doubleclick.net tr.snapchat.com www.youtube.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=GB&lang=en-GB&device=desktop&yrid=7coss5liqu6dc&partner=; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com *.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.googleapis.com tagmanager.google.com embed.typeform.com *.addthis.com *.zalo.me *.addthisedge.com *.moatads.com https://javascript.browser.wasscan.tenable/dom_monitor.js *.jsdelivr.net *.zdn.vn *.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com/; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com *.we-ui.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net api01-platform.stream.co.jp form.typeform.com s7.addthis.com *.typeform.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com; connect-src 'self' browser.pipe.aria.microsoft.com *.zalo.me www.google-analytics.com www.google.com www.google.co.in *.addthis.com *.doubleclick.net *.nr-data.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://*.google.com https://www.gstatic.com https://www.youtube.com https://stats.g.doubleclick.net https://platform.twitter.com https://graph.facebook.com https://cdn.syndication.twimg.com https://api.twitter.com https://code.jquery.com https://content.jwplatform.com https://ssl.p.jwpcdn.com https://cdnjs.cloudflare.com; connect-src 'self' *.db101.org *.hb101.org https://www.google-analytics.com https://www.googleapis.com https://*.amazonaws.com https://content.jwplatform.com https://*.jwpsrv.com https://mastodon.social; style-src 'self' 'unsafe-inline' https://code.jquery.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com; img-src * data:; media-src 'self' *.google.com *.youtube.com *.doubleclick.net; font-src fonts.gstatic.com; frame-src 'self' blob: https://*.db101.org https://*.hb101.org https://disabilityhubmn.org https://*.disabilityhubmn.org https://*.google.com https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com; 1
default-src 'self' data: wss://kohlchan.net:8443/; img-src https://*.tile.openstreetmap.org data: 'self'; style-src 'unsafe-inline' 'self'; script-src 'self'; frame-src dietchan.org freespeechextremist.com 'self' 1
font-src *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.facebook.com *.bizibly.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.livechatinc.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com landofcoder.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://a.klaviyo.com *.cloudflare.com *.juniorlibraryguild.com *.facebook.com *.google.com *.google.com.mx *.gstatic.com *.googleusercontent.com *.paypal.com *.icons8.com *.bizible.com *.bing.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.livechatinc.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://fast.a.klaviyo.com s7.addthis.com *.avada.io *.cloudflare.com *.twitter.com *.fontawesome.com *.newrelic.com *.nr-data.net *.facebook.net *.doubleclick.net *.gstatic.com *.bizible.com *.bing.com *.marketo.net *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com landofcoder.com *.authorize.net sandbox-assets.secure.checkout.visa.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.juniorlibraryguild.com landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.facebook.com *.gstatic.com *.mktoresp.com *.bizibly.com *.livechatinc.com landofcoder.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-ANJOO3a+qiBgDDbwVjfLGQ=='; 1
default-src https: 'self' www.facebook.com www.defensivedriving.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: support.defensivedriving.com www.facebook.com www.google.com bat.bing.com www.googleadservices.com www.google-analytics.com script.hotjar.com static.hotjar.com connect.facebook.net support.defensivedriving.com cdn.optimizely.com code.jquery.com mr-a.akamaihd.net www.googletagmanager.com stats.g.doubleclick.net www.shopperapproved.com googleads.g.doubleclick.net optimize.google.com; style-src 'unsafe-eval' 'unsafe-inline' https: 'self' www.facebook.com connect.facebook.com optimize.google.com fonts.googleapis.com; frame-src 'self' www.facebook.com www.youtube.com bid.g.doubleclick.net player.mobilerider.com vars.hotjar.com optimize.google.com; object-src 'self'; img-src 'self' data: www.googletagmanager.com cfactory-img.s3.amazonaws.com connect.facebook.com i.ytimg.com www.facebook.com www.shopperapproved.com www.google.com bat.bing.com www.google-analytics.com s.w.org ps.w.org optimize.google.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data: optimize.google.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data: 'unsafe-eval' 'unsafe-inline' 1
default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'sha256-XzTveO0B6IM8YRqAkdroV+PrFE4zaHt0A4z5uQ9CwzI='; style-src 'self' 'unsafe-inline'; font-src 'self'; worker-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' * 1
default-src 'self'; connect-src 'self' *.tawasal.ae *.twl.ae https://www.google.com https://api.ipify.org https://formspree.io https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; frame-src 'self' *.tawasal.ae *.twl.ae https://www.google.com; 1
frame-ancestors 'self' https://sportland.lv/ https://sportland.ee/ https://sportland.lt/ https://sportland.fi/ https://pl.sportland.com/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lv/ https://ru.sportland.lt/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
img-src data: https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://*.inviewer.se/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://webanalytics.inera.se/ https://inera.workbuster.com/ 'report-sample' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-FrRhV+9kzHdN7Rd0y7DZgfXWVPqT5/Tu/3mnWuRrfGE=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/ https://app.powerbi.com/ https://inera.workbuster.com/; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; style-src-elem 'report-sample' 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; manifest-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; report-uri https://www.inera.se/api/v1/csp/report; font-src data: 'self'; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-942e21231c070c3b57117fc995c4170a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://weirder.earth; img-src 'self' https: data: blob: https://weirder.earth; style-src 'self' https://weirder.earth 'nonce-rHkMhoCdW+uzBZNMWvE8AQ=='; media-src 'self' https: data: https://weirder.earth; frame-src 'self' https:; manifest-src 'self' https://weirder.earth; form-action 'self'; connect-src 'self' data: blob: https://weirder.earth https://s3.amazonaws.com wss://weirder.earth; script-src 'self' https://weirder.earth; child-src 'self' blob: https://weirder.earth; worker-src 'self' blob: https://weirder.earth 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src *; media-src * data:; child-src * 1
frame-ancestors *.hudongba.com *.hdb.com *.qq.com 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googleoptimize.com https://www.googleanalytics.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com/bat.js https://googleads.g.doubleclick.net http://static.ads-twitter.com https://snap.licdn.com https://www.clarity.ms https://diffuser-cdn.app-us1.com https://analytics-au.clickdimensions.com https://bat.bing.com https://*.forter.com https://dalv4le16pzj2.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://www.savethechildren.org.au.local https://stcweb-uat.azurewebsites.net https://stcweb-stage.azurewebsites.net https://stcweb-prod.azurewebsites.net https://www.savethechildren.org.au https://optimize.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;      style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.clickdimensions.com https://optimize.google.com https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com;      connect-src 'self' https://analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://d.clarity.ms https://stats.g.doubleclick.net  https://cdn.linkedin.oribi.io https://k.clarity.ms/  https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://d11bdev7tcn7wh.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://m.addthis.com https://www.google.com.au https://bat.bing.com https://www.facebook.com https://api-public.addthis.com https://j.clarity.ms https://dc.services.visualstudio.com https://*.clarity.ms https://*.visualwebsiteoptimizer.com https://app.vwo.com https://pagead2.googlesyndication.com/ https://www.google.com;      frame-src 'self' https://player.vimeo.com https://*.youtube.com https://*.facebook.com https://*.doubleclick.net https://ct.pinterest.com https://www.google.com https://c.paypal.com https://www.paypal.com https://*.hotjar.com https://platform.twitter.com https://forms.office.com https://s7.addthis.com https://optimize.google.com https://indd.adobe.com/ https://moreimpact.h5p.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://analytics-au.clickdimensions.com/;      font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://*.hotjar.com;      img-src 'self' data: http://via.placeholder.com https://via.placeholder.com https://*.clickdimensions.com http://www.w3.org https://www.google.com https://optimize.google.com https://t.co https://analytics.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google.com https://www.facebook.com https://bat.bing.com https://www.google.com.au https://c.clarity.ms https://c.bing.com https://*.vo.msecnd.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.gstatic.com https://d3nocrch4qti4v.cloudfront.net  https://*.cloudfront.net https://www.linkedin.com http://stcweb-uat.azurewebsites.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com  https://pixel.mediapulse.com.au;      script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://bat.bing.com https://googleads.g.doubleclick.net http://static.ads-twitter.com https://www.clarity.ms https://diffuser-cdn.app-us1.com https://analytics-au.clickdimensions.com https://googleads.g.doubleclick.net https://www.gstatic.com http://analytics-au.clickdimensions.com https://www.google-analytics.com https://prism.app-us1.com https://*.cdn4.forter.com https://*.vo.msecnd.net https://www.googleadservices.com https://*.clickdimensions.com https://maps.googleapis.com https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://*.addthis.com https://www.youtube.com https://trackcmp.net https://optimize.google.com https://moreimpact.h5p.com https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://app.vwo.com;      worker-src 'self' blob:  1
default-src 'self' https://track.uslugi.io; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://track.uslugi.io https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' 'unsafe-inline' data: https://track.uslugi.io; connect-src 'self' https://track.uslugi.io; child-src 'self' https://www.youtube.com https://track.uslugi.io; 1
default-src 'none'; script-src https://bartervg.com; img-src https://bartervg.com https://steamcdn-a.akamaihd.net https://*.steamstatic.com; media-src https://steamcdn-a.akamaihd.net; style-src 'unsafe-inline'; font-src https://fonts.gstatic.com/ data:; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: fonts.googleapis.com netdna.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.youtube.com *.doubleclick.net *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.addtoany.com *.quiz-maker.com sentry.utdev.com use.fontawesome.com api.curator.io ; media-src https: ; object-src 'self' ; child-src 'self' *.googlesyndication.com *.addtoany.com *.google.com disqus.com *.disqus.com *.opinionstage.com *.youtube.com api.connectedcommunity.org www.votervoice.net *.doubleclick.net ; form-action 'self'; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.la; img-src 'self' https: data: blob: https://mastodon.la; style-src 'self' https://mastodon.la 'nonce-1gyYHt76UjeZ5SCA18OMsw=='; media-src 'self' https: data: https://mastodon.la; frame-src 'self' https:; manifest-src 'self' https://mastodon.la; form-action 'self'; child-src 'self' blob: https://mastodon.la; worker-src 'self' blob: https://mastodon.la; connect-src 'self' data: blob: https://mastodon.la https://cdn.mastodon.la wss://mastodon.la; script-src 'self' https://mastodon.la 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.zolostays.com https://ameyo.zolostays.in:8443 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com use.typekit.net https://fonts.gstatic.com data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.gstatic.com *.bakermckenzie-podcastlibrary-wordpress.onenorth.com bakermckenzie-podcastlibrary-wordpress.onenorth.com blob: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com translate.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org *.mktoresp.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' gateway.zscalertwo.net bakermckenzie-wordpress.admin.onenorth.com *.googletagmanager.com *.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com *.typekit.net translate.google.com *.google-analytics.com *.twitter.com static.ads-twitter.com munchkin.marketo.net cdn.cookielaw.org snap.licdn.com *.ceros.com connect.facebook.net *.cloudfront.net *.onistaged.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: filesystem: *.bakermckenzie.com bakermckenzie.com *.googletagmanager.com gstatic.com *.gstatic.com *.typekit.net *.gravatar.com *.twitter.com translate.google.com *.google-analytics.com *.siteimproveanalytics.io px.ads.linkedin.com p.adsymptotic.com  cdn.cookielaw.org *.sbmckenziems.wpengine.com; frame-src 'self' gateway.zscalertwo.net *.spotify.com *.youtube.com *.vbrick.com *.bryter.io *.bakermckenzie.com *.bakerxchange.com bakerxchange.com *.twitter.com *.youtube-nocookie.com *.vimeo.com *.google.com *.googletagmanager.com app-static.turtl.co view.ceros.com 1
default-src 'self' https://fbcdn.net adsymptotic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' youtu.be youtube.com ytimg.com *.pinimg.com gtm.js https://*.licdn.com https://snap.licdn.com https://www.linkedin.com *.pinterest.com https://connect.facebook.net https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://googletagmanager.com https://ajax.googleapis.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://googleadservices.com https://www.googleadservices.com https://geoloaction.onetrust.com https://google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com;             style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://*.crazyegg.com https://*.googletagmanager.com;             font-src 'self' data: https://fonts.googleapis.com https://*.hotjar.com https://fonts.gstatic.com;             connect-src 'self' *.licdn.com *.pinimg.com *.pinterest.com https://*.google.com https://*.google.ch https://region1.google-analytics.com https://*.google-analytics.com https://google-analytics.com https://cdn.cookielaw.org https://*.analytics.google.com https://geolocation.onetrust.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com;             img-src 'self' data: https://www.facebook.com https://ct.pinterest.com/v3 *.pinterest.com *.linkedin.com *.licdn.com *.pinimg.com https://*.google-analytics.com https://*.analytics.google.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.google.com https://*.google.ch https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://google-analytics.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com https://cdn.cookielaw.org;             frame-src 'self' https://bid.g.doubleclick.net https://optimize.google.com https://*.hotjar.com https://*.pinterest.com https://*.issuu.com https://e.issuu.com;    media-src 'self' youtube.com ytimg.com youtu.be;             upgrade-insecure-requests;              block-all-mixed-content; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-EQ2jSs5EPAH6VKH635fCb+Ppklg1PC' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
font-src *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.amazonaws.com *.cdn-apple.com data: *.glopal.com *.glopalservice.com *.gocertify.me *.googleapis.com *.google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.gstatic.com *.hotjar.com *.hotjar.io *.icomoon.io *.klarna.com *.klarnacdn.net *.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com smct.co *.smct.co smct.io *.smct.io *.worldpay.com *.postrelease.com *.salesfire.co.uk fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.reviews.io *.reviews.co.uk https://secure-test.worldpay.com/shopper/3ds/ddc.html *.facebook.com *.google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.glopal.com *.glopalservice.com *.klarnacdn.net *.list-manage.com *.pure360.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.worldpay.com *.postrelease.com *.salesfire.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.reviews.io *.reviews.co.uk https://pay.google.com https://secure-test.worldpay.com *.amazonaws.com scripts.affiliatefuture.com *.arcot.com *.bsmartdata.com *.cloudfront.net *.doubleclick.net *.facebook.com *.glopal.com *.glopalservice.com *.gocertify.me *.google.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.hotjar.com *.hotjar.io *.icomoon.io *.klarna.com *.klarnacdn.net *.klarnaservices.com *.list-manage.com *.official-coupons.com *.paypal.com *.paypalobjects.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.soreto.com connect.studentbeans.com *.studentbeans.com *.tradedoubler.com *.veinteractive.com *.vimeo.com *.worldpay.com *.youthdiscount.com *.youtube.com *.youtube-nocookie.com *.postrelease.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com *.gstatic.com www.google-analytics.com *.t-pass.co.uk *.adnxs.com *.adroll.com *.amazonaws.com *.bidswitch.net *.bing.com *.clarity.ms *.criteo.net *.criteo.com *.doubleclick.net eep.io *.eep.io *.facebook.com *.glopal.com *.glopalservice.com *.gocertify.me *.google.com *.google.co.uk *.googleadservices.com googletagmanager.com *.googlesyndication.com *.google.at *.g.doubleclick.net *.hotjar.com *.hotjar.io *.icomoon.io img-statics.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.official-coupons.com *.official-deals.co.uk *.onetrust.com *.openx.net *.payments-amazon.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.salesfire.co.uk smct.co *.smct.co smct.io *.smct.io *.soreto.com www.uploadlibrary.com *.volvelle.tech *.yahoo.com *.ytimg.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.krxd.net *.thebrighttag.com *.postrelease.com *.revcontent.com www.googletagmanager.com googleads.g.doubleclick.net ssl.gstatic.com www.gstatic.com maps.gstatic.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ *.google.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.reviews.io *.reviews.co.uk https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.adroll.com *.amazonaws.com tags.affiliatefuture.com scripts.affiliatefuture.com *.atdmt.com *.bing.com chimpstatic.com *.chimpstatic.com *.clarity.ms *.cloudfront.net *.criteo.net *.criteo.com *.consensu.org data: *.doubleclick.net *.ethn.io *.facebook.com *.facebook.net *.freshrelevance.com *.glopal.com *.glopalservice.com *.gocertify.me google-analytics.com *.googleoptimize.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.google.at *.g.doubleclick.net *.hotjar.com *.hotjar.io *.icomoon.io *.klarnacdn.net *.klarnaservices.com *.newrelic.com *.nr-data.net *.onetrust.com *.oribi.io *.playground.klarnaservices.com *.referralcandy.com *.revlifter.io reporting.trespass.com reporting.nevisport.com *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.soreto.com cdn.studentbeans.com *.tradedoubler.com *.veinteractive.com *.worldpay.com wss://*.freshrelevance.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.krxd.net *.thebrighttag.com *.postrelease.com googletagmanager.com ssl.google-analytics.com tagmanager.google.com maps.googleapis.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com data: *.glopal.com *.glopalservice.com *.gocertify.me *.google.com fonts.googleapis.com *.google.at *.g.doubleclick.net *.googlesyndication.com *.googleadservices.com *.google-analytics.com *.criteo.net *.criteo.com *.icomoon.io *.klarna.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com smct.co *.smct.co smct.io *.smct.io *.worldpay.com *.postrelease.com *.salesfire.co.uk tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.amazonaws.com *.appspot.com *.atdmt.com *.bing.com *.clarity.ms *.criteo.net *.criteo.com *.doubleclick.net *.dycdn.net *.freshrelevance.com *.glopal.com *.glopalservice.com *.gocertify.me *.hotjar.com:* *.hotjar.io:* *.icomoon.io *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.googleapis.com *.google.com *.google.at *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googlesyndication.com *.googleadservices.com *.nr-data.net *.onetrust.com *.paypal.com *.playground.klarnaservices.com *.playground.klarnauserservices.com *.pure360.com *.pvnsolutions.com *.referralcandy.com reporting.trespass.com reporting.nevisport.com *.revlifter.com *.salesfire.co.uk senior.discount smct.co *.smct.co smct.io *.smct.io *.smartmetrics.co.uk https://*.soreto.com *.veinteractive.com wss://*.freshrelevance.com wss://*.hotjar.com *.postrelease.com google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://trespass.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'none' https://*.vidyard.com; base-uri 'self'; form-action 'self' https://*.salesforce.com https://*.salesforceliveagent.com; frame-ancestors 'self'; frame-src 'self' https://*.salesforce.com https://www.google.com https://html5-player.libsyn.com https://www.youtube.com https://*.vidyard.com https://*.doubleclick.net; connect-src 'self' https://*.salesforce.com https://*.salesforceliveagent.com https://*.licdn.com https://*.crazyegg.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://*.googleapis.com https://*.gstatic.com https://cdn.linkedin.oribi.io https://www.youtube.com https://*.vidyard.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://extreme-ip-lookup.com https://*.extreme-ip-lookup.com https://ipmeta.io https://*.ipmeta.io https://s3.us-east-1.amazonaws.com/benefitmall2.prod/; script-src 'self' https://*.salesforceliveagent.com https://*.licdn.com https://*.crazyegg.com https://*.googleapis.com https://*.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdn.jsdelivr.net/npm/tsparticles-confetti@2.12.0/ https://unpkg.com/swiper/ https://*.vidyard.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com http://www.youtube.com https://*.ytimg.com https://www.googleadservices.com https://www.google.com https://*.doubleclick.net 'unsafe-eval' https://tagmanager.google.com; style-src 'self' https://fonts.googleapis.com https://unpkg.com/swiper/ https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com data: 'nonce-cae7935389f845a0ac58479771ad625a'; img-src 'self' https://*.force.com https://*.documentforce.com https://*.crazyegg.com https://*.linkedin.com https://*.adsymptotic.com https://*.googleapis.com https://*.gstatic.com data: https://*.vidyard.com https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://*.doubleclick.net https://www.google.com https://*.googleusercontent.com https://ssl.gstatic.com https://s3.us-east-1.amazonaws.com/benefitmall2.prod/; prefetch-src 'self' https://*.vidyard.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' *; img-src data: *; 1
default-src 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-c49d0496-1a3f-4bda-827a-fd69f57c9d9c'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com heapanalytics.com; object-src 'none'; frame-src 'self' *.svc.dynamics.com app.hellosign.com player.vimeo.com www.google.com; frame-ancestors 'self'; child-src 'self' blob:; img-src 'self' data: *.svc.dynamics.com api.swiftype.com cdnjs.cloudflare.com cdn.jsdelivr.net gallery.mailchimp.com i.vimeocdn.com heapanalytics.com; font-src 'self' data:  cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com heapanalytics.com; connect-src 'self' *.bf.dynatrace.com *.centralstatesfunds.org *.pdfjs.express *.svc.dynamics.com cdnjs.cloudflare.com cdn.jsdelivr.net heapanalytics.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self' blob:; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * 'unsafe-inline' 'unsafe-eval';  connect-src * 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src *;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.etracker.com https://*.etracker.de https://wb.whatsbroadcast.com https://*.gstatic.com https://*.googleapis.com https://www.lotto.de https://uberall.com https://*.uberall.com https://*.lotto-brandenburg.de https://*.amazonaws.com https://secure.pay1.de https://*.pay1.de https://yt3.ggpht.com https://scontent-ham3-1.xx.fbcdn.net https://pbs.twimg.com https://*.workplace.com https://*.facebook.com https://*.fbcdn.net https://*.fb.me https://*.fbsbx.com https://widget.msgp.pl https://www.youtube.com https://lotto-brandenburg.app-specials.com https://*.youtube-nocookie.com https://api.signalize.com https://66578.online-adventskalender.de https://youtu.be https://connect.facebook.net https://app.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://uct.service.usercentrics.eu https://aggregator.service.usercentrics.eu https://twemoji.maxcdn.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://images.sleeknote.com https://analytics.sleeknote.com;worker-src 'self' blob: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: www.google-analytics.com browser-update.org 'nonce-VMKGY1OUxz3C1mmL73Ko8g=='; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: youtube.com *.youtube.com; connect-src 'self' https: blob: 1
frame-ancestors 'self' https://www.encompassloconnect.com https://encompassloconnect.com https://*.ellieservices.com https://encompass.ice.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.treasuredata.com js.adsrvr.org   where-to-buy.co *.mapbox.com anyroad-staging.herokuapp.com staging.anyroad.com app.anyroad.com connect.facebook.net vimeo.com cdn.jsdelivr.net *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com www.youtube.com *.tagmanager.google.com *.googleapis.com *.doubleclick.net www.google.com *.cloudflare.com *.onetrust.io *.onetrust.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.s3.amazonaws.com cdnjs.cloudflare.com   where-to-buy.co *.mapbox.com *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.vimeo.com; img-src 'self' data: https: 'unsafe-inline' *.aviationgin.com   where-to-buy.co *.mapbox.com *.vimeo.com www.w3.org *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com netdna.bootstrapcdn.com *.onetrust.io *.onetrust.com cdn-ukwest.onetrust.com www.diageo.com *.cloudfunctions.net; font-src 'self' 'unsafe-inline' *.s3.amazonaws.com   where-to-buy.co *.mapbox.com *.aviationgin.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com netdna.bootstrapcdn.com *.onetrust.io *.onetrust.com; connect-src 'self' *.diageohorizon.com   where-to-buy.co *.mapbox.com *.googlesyndication.com stats.g.doubleclick.net *.onetrust.io *.onetrust.com *.google-analytics.com *.google.com *.googletagmanager.com;object-src 'none'; frame-src 'self' insight.adsrvr.org *.anyroad.com   where-to-buy.co *.mapbox.com *.herokuapp.com integrations.anyroad.com www.youtube.com www.facebook.com finder.vtinfo.com *.s3.amazonaws.com aax-eu.amazon-adsystem.com *.fls.doubleclick.net 10027330.fls.doubleclick.net www.google.com *.vimeo.com; 1
frame-ancestors 'self' http://www.royco.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://macaw.social; img-src 'self' https: data: blob: https://macaw.social; style-src 'self' https://macaw.social 'nonce-mftX0XVPBpY4B5q5vqZ/Ow=='; media-src 'self' https: data: https://macaw.social; frame-src 'self' https:; manifest-src 'self' https://macaw.social; form-action 'self'; child-src 'self' blob: https://macaw.social; worker-src 'self' blob: https://macaw.social; connect-src 'self' data: blob: https://macaw.social https://macawsocial.sfo3.cdn.digitaloceanspaces.com wss://macaw.social; script-src 'self' https://macaw.social 'wasm-unsafe-eval' 1
default-src *; base-uri *.google.com; child-src 'self'; connect-src 'self' *.jivosite.com *.ringostat.com *.ringostat.net wss://*.jivosite.com http://aprtx.com *.google-analytics.com https://www.google.com https://www.google.com.ua https://www.googleadservices.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net *.softcube.com https://mc.webvisor.org https://mc.yandex.ru *.facebook.com https://cdn.plyr.io *.esputnik.com *.multisearch.io *.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.popmechanic.ru *.plerdy.com https://noembed.com https://analytics.tiktok.com https://esputnik.com; font-src 'self' https://fonts.gstatic.com *.webcollage.net *.hotjar.com *.plerdy.com; form-action 'self' *.facebook.com https://connect.facebook.net *.plerdy.com *.kastapay.ua; frame-ancestors 'self' http://*.pampik.com *.plerdy.com *.kastapay.ua; media-src *.jivosite.com *.ringostat.com *.plerdy.com; object-src 'self'; manifest-src 'self' https://esputnik.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com *.cloudflare.com *.facebook.net http://aprtx.com *.jivosite.com *.ringostat.com https://www.artfut.com *.dmpcloud.net *.criteo.net *.criteo.com *.softcube.com http://video.softcube.com *.youtube.com https://esputnik.com https://s.ytimg.com https://apypp.com https://cts-secure.channelintelligence.com https://cdn.yottos.com https://cdn.jsdelivr.net https://connect.facebook.net https://statics.esputnik.com https://statics.cloudflareinsights.com https://mc.webvisor.org https://mc.yandex.ru *.asbmit.com *.lenmit.com *.webcollage.net https://optimize.google.com *.hotjar.com *.popmechanic.ru *.plerdy.com *.kastapay.ua *.jivosite.com *.ringostat.com ws://*.jivosite.com https://tracker.multisearch.io https://analytics.tiktok.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.webcollage.net https://tagmanager.google.com https://optimize.google.com *.google.com *.popmechanic.ru *.google-analytics.com *.googleadservices.com *.cloudflare.com *.facebook.net *.facebook.com *.lenmit.com *.esputnik.com *.plerdy.com *.kastapay.ua *.jivosite.com *.ringostat.com *.ringostat.net; img-src 'self' *.pampik.com *.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.com.ua https://google-analytics.bi.owox.com https://www.googletagmanager.com *.googleapis.com *.g.doubleclick.net *.softcube.com https://aprtx.com data: *.criteo.com https://sellaction.net *.ytimg.com https://artfut.com https://alphamrkt.com https://linkappdev.com *.youtube.com https://mc.webvisor.org https://mc.yandex.ru *.asbmit.com *.lenmit.com  https://ssl.gstatic.com https://lenkmio.com https://pafutos.com https://artfut.com *.admitad.com *.webcollage.net https://optimize.google.com *.google.com *.popmechanic.ru *.yandexcloud.net *.esputnik.com *.plerdy.com *.kastapay.ua *.jivosite.com *.ringostat.com *.ringostat.net; frame-src 'self' data: *.jivosite.com *.ringostat.com *.youtube.com *.facebook.com *.google.com https://connect.facebook.net *.criteo.com https://static.criteo.net https://bid.g.doubleclick.net http://creativecdn.com https://creativecdn.com https://ams.creativecdn.com https://optimize.google.com *.hotjar.com *.plerdy.com *.kastapay.ua https://www.youtube-nocookie.com; 1
default-src 'self' about: ; base-uri 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.openlayers.org openlayers.org *.openstreetmap.org *.podigee.com player.podigee-cdn.net fonts.googleapis.com googletagmanager.com tagmanager.google.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.delivery.consentmanager.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.etracker.com *.etracker.com *.etracker.de *.googletagmanager.com tagmanager.google.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.inqa.de *.google-analytics.com *.podigee.com player.podigee-cdn.net consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org *.consentmanager.net *.consentmanager.net *.delivery.consentmanager.net about: ; object-src 'self'; font-src 'self' data: *.podigee.com player.podigee-cdn.net fonts.gstatic.com; media-src 'self' *.inqa.de streaming.bmas.de; img-src 'self' data: test-web01-inqa-de-info.pixelpark.net *.inqa.de ssl.gstatic.com *.google.com *.googletagmanager.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.inqa.de *.google-analytics.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org api.maptiler.com *.consentmanager.net about: ; frame-ancestors 'self' *.etracker.com; frame-src cdn.consentmanager.mgr.consensu.org *.streamlock.net *.google.com *.gstatic.com *.pixelpark.com player.podigee-cdn.net *.podigee.com *.youtube-nocookie.com *.youtube.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org *.consentmanager.net *.delivery.consentmanager.net; form-action 'self'; connect-src 'self' test-web01-inqa-de-info.pixelpark.net *.inqa.de https://api.maptiler.com static.etracker.com *.etracker.com *.etracker.de *.google-analytics.com *.googletagmanager.com; report-uri /site/servlet/csp-report; upgrade-insecure-requests; 1
default-src 'self' http://*.apps.alpha.kalbe.co.id/api-content/ http://*.apps.alpha.kalbe.co.id/api-cms/ http://*.apps.alpha.kalbe.co.id https://*.kalbe.co.id/ https://kalbe.listedcompany.com https://www.google-analytics.com http://cdnjs.cloudflare.com/ajax/libs/pdf.js/2.12.313/pdf.worker.js https://m-one.kalbe.co.id:8243/t/ https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' blob: data: https:; font-src 'self' fonts.gstatic.com https://*.kalbe.co.id/ http://*.apps.alpha.kalbe.co.id; frame-src 'self' https://kalbe.listedcompany.com https://www.youtube.com; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://data.eu.pendo.io; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.site24x7rum.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.uservoice.com *.tableau.com *.tableauusercontent.com *.stripe.com *.datatables.net *.ecovadis-survey.com *.hotjar.com *.storage.googleapis.com *.pendo.io;style-src 'report-sample' 'self' 'unsafe-inline' blob: fonts.googleapis.com *.datatables.net *.jsdelivr.net  *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com; connect-src 'self' col.site24x7rum.com *.ecovadis-survey.com *.google-analytics.com com sentry.io *.visualstudio.com https://data.eu.pendo.io/ *.blob.core.windows.net *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.pendo.io *.storage.googleapis.com; frame-src 'self' *.googletagmanager.com *.online.tableau.com *.stripe.com https://pendo-eu-extensions.storage.googleapis.com/ *.hotjar.com/ *.pendo.io https://portal.productboard.com/;img-src 'self' blob: data: *.google-analytics.com *.stripe.com https://data.eu.pendo.io *.storage.googleapis.com *.slgnt.eu https://ecovadis.slgnt.eu *.google.com *.google.pl *.storage.googleapis.com *.pendo.io *.ecovadis-survey.com * ; manifest-src 'self' *.ecovadis-survey.com; media-src 'self'; worker-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors *.pendo.io; child-src *.pendo.io; font-src 'self' data: fonts.gstatic.com; 1
'self' https://www.paratytech.com https://paratytech-dot-paratysl.appspot.com 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.omappapi.com https://*.crazyegg.com; script-src 'self' 'unsafe-inline' https://www.youtube.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://go.wilmingtonplc.com https://www.googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://munchkin.marketo.net https://a.omappapi.com/app/ https://api.livechatinc.com https://cdn.livechatinc.com https://app.termly.io https://cdn.shareaholic.net https://m9m6e2w5.stackpathcdn.com https://partner.shareaholic.com https://app.termly.io https://z.omappapi.com/ https://widget.manychat.com https://www.google.com https://script.crazyegg.com/ https://www.shareaholic.com https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__en_gb.js https://www.gstatic.com https://www.coursecheck.com/ https://www.google-analytics.com/; worker-src 'self' blob:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com https://m9m6e2w5.stackpathcdn.com data:; connect-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://936-frz-719.mktoresp.com https://cdn.linkedin.oribi.io/partner/1212497 https://api.omappapi.com https://app.termly.io https://cdn.linkedin.oribi.io/partner/1212497/domain/int-comp.org/token https://a.omappapi.com https://analytics.shareaholic.com https://www.shareaholic.net https://www.shareaholic.com https://www.google.co.uk https://*.crazyegg.com; img-src https: data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; style-src https://www.youtube.com https://go.wilmingtonplc.com https://tagmanager.google.com https://fonts.googleapis.com https://a.omappapi.com/app/ 'unsafe-inline' 'self'; media-src https:; frame-ancestors 'self'; base-uri 'self'; frame-src https://www.youtube.com https://widget.trustpilot.com https://www.google.com https://go.wilmingtonplc.com https://secure.livechatinc.com https://cdnapisec.kaltura.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
default-src 'self';  script-src 'self' 'unsafe-inline' *.ctfassets.net *.youtube.com *.twitter.com;  child-src 'self' *.ctfassets.net *.youtube.com player.vimeo.com *.twitter.com;  style-src 'self' 'unsafe-inline' *.googleapis.com;  img-src 'self' blob: data: *.ctfassets.net *.youtube.com *.twitter.com;  media-src 'self' *.youtube.com;  connect-src *;  font-src 'self' blob: data: fonts.gstatic.com maxcdn.bootstrapcdn.com;  worker-src 'self' blob:; 1
form-action 'self'; object-src 'self' media.securedrop.org; base-uri 'self'; style-src-attr 'self' 'unsafe-hashes' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='; connect-src 'self' analytics.freedom.press media.securedrop.org; img-src 'self' analytics.freedom.press media.securedrop.org; script-src 'self' 'unsafe-eval' analytics.freedom.press; frame-ancestors 'self'; media-src 'self' media.securedrop.org; style-src 'self' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='; frame-src 'self' media.securedrop.org; default-src 'self'; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com dc.services.visualstudio.com; style-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google.com *.googleapis.com dc.services.visualstudio.com; img-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.gstatic.com *.google-analytics.com *.google.com dc.services.visualstudio.com; font-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.gstatic.com dc.services.visualstudio.com; connect-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google-analytics.com performance-api-service-dot-caixa-vida-previdencia.rj.r.appspot.com dc.services.visualstudio.com; frame-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com 1
default-src 'self' *.google.com https://twitter.com *.twitter.com *.twimg.com *.youtube.com *.facebook.com *.redditmedia.com *.reddit.com *.embedly.com *.embed.ly *.vimeo.com *.instagram.com *.soundcloud.com https://gfycat.com *.dailymotion.com https://coub.com *.deviantart.com *.twitch.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://mtgjson.com *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com *.redditmedia.com *.embedly.com *.embed.ly *.instagram.com *.facebook.com *.facebook.net *.ttvnw.net *.twitch.tv *.krxd.net *.quantserve.com; style-src 'self' 'unsafe-inline' *.google.com https://fonts.google.com *.googleapis.com *.twitter.com *.embedly.com *.embed.ly; img-src * data:; connect-src 'self' *.reddit.com; font-src 'self' https://fonts.gstatic.com https://fonts.google.com *.googleapis.com; object-src 'none'; media-src 'self'; form-action 'self' *.twitter.com *.google.com *.vk.com *.facebook.com *.yandex.ru; frame-ancestors 'self'; 1
frame-ancestors http://myota.tradingacademy.com https://myota.tradingacademy.com; child-src https://www.google.com/ https://www.youtube.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.news-id.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; object-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com; frame-src https:; img-src 'self' data: https:; connect-src 'self' https:; default-src 'none'; frame-ancestors 'self' 1
child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net www.google-analytics.com https: play.google.com www.youtube-nocookie.com *.vimeocdn.com whatmatters.us12.list-manage.com *.googleapis.com; default-src 'self' https:; font-src data: 'self' https: *.typekit.com fonts.gstatic.com *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https:; img-src data: 'self' https: *.ctfassets.net i.ytimg.com yt3.ggpht.com www.youtube-nocookie.com t.co analytics.twitter.com c.clarity.ms px.ads.linkedin.com www.facebook.com tags.srv.stackadapt.com c.bing.com *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https: www.googletagmanager.com www.google.com www.youtube.com www.youtube-nocookie.com consent.cookiebot.com consentcdn.cookiebot.com snap.licdn.com www.clarity.ms static.ads-twitter.com connect.facebook.net tags.srv.stackadapt.com px.ads.linkedin.com qvdt3feo.com vimeo.com *.vimeocdn.com player.vimeo.com; style-src data: 'unsafe-inline' 'self' https: *.typekit.com www.youtube-nocookie.com tags.srv.stackadapt.com *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https: whatmatters.us12.list-manage.com; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; media-src * data: blob:; 1
report-uri /some-report-uri; 1
frame-ancestors 'self' garaga.com *.garaga.com 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.equinenow.com *.2mdn.net *.acexedge.com *.adbutter.net *.adrta.com *.adsafeprotected.com *.adnxs.com *.adnxtr.com *.adroll.com *.adsrvr.org *.adtechus.com *.atdmt.com ajax.googleapis.com *.amazonaws.com *.amazon-adsystem.com *.ampproject.org *.basis.net *.betrad.com *.bidsumulator.com *.bidswitch.net *.bluekai.com *.bidr.io *.contextweb.com *.clarium.io *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.dowlextff.com *.dvtps.com connect.facebook.net confiant-integrations.global.ssl.fastly.net *.confiant-integrations.net *.esm1.net *.exponential.com *.everesttech.net *.evidon.com *.fastclick.net *.flashtalking.com maps.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.jivox.com *.krxd.net *.mathtag.com *.mediamathtag.com *.minkatu.com *.moatads.com *.myvisualiq.net *.olark.com *.opendns.com *.revjet.com *.pinterest.com *.quantcount.com *.quantserve.com *.scorecardresearch.com *.serving-sys.com *.sharethis.com *.sitescount.com *.steelhousemedia.com *.stripe.com *.tubemogul.com *.trustarc.com *.truste.com *.turn.com *.voicefive.com *.ybp.yahoo.com *.yimg.com img.birdsnow.com; style-src img.equinenow.com 'self' 'unsafe-inline' *.googleapis.com *.cmptch.com *.evidon.com *.fastclick.net maxcdn.bootstrapcdn.com *.quantcount.com *.sharethis.com img.birdsnow.com; style-src-elem img.equinenow.com 'self' 'unsafe-inline' *.evidon.com fonts.googleapis.com maxcdn.bootstrapcdn.com content.quantcount.com secure.cdn.fastclick.net static.olark.com *.sharethis.com img.birdsnow.com; img-src * 'self' data: *.equinenow.com img.birdsnow.com; font-src 'self' data: img.equinenow.com maxcdn.bootstrapcdn.com fonts.googleapis.com tpc.googlesyndication.com cdnjs.cloudflare.com fonts.gstatic.com cdn.revjet.com c.steelhousemedia.com img.birdsnow.com; connect-src 'self' www.facebook.com *.acexedge.com *.adnxs.com *.adsrvr.org *.amazon-adsystem.com *.ampproject.org adserver-us.adtech.advertising.com *.bttrack.com *.contextweb.com *.casalemedia.com *.clearrtb.com *.clarium.io *.doubleclick.net *.doubleverify.com *.dotomi.com *.districtm.io *.flashtalking.com *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.gstatic.com metrics.nt.vc *.opendns.com *.serving-sys.com *.sharethis.com *.steelhousemedia.com *.yahoo.com; frame-ancestors 'self' *.allbreedpedigree.com *.pedigreequery.com; frame-src 'self' *.2mdn.net *.adform.net *.admission.net *.adnxs.com *.amazon-adsystem.com advertising.aol.com bttrack.com *.casalemedia.com *.cargurus.com connect.facebook.net *.consensu.org *.contobox.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.com *.flashtalking.com *.google.com *.googlesyndication.com *.linksynergy.com *.mathtag.com match.prod.bidr.io *.opendns.com *.placelocal.com *.serving-sys.com *.sharethis.com *.simpli.fi *.sitescout.com *.stripe.com *.turn.com *.vimeo.com *.w55c.net *.youtube.com; object-src 'none'; media-src *; form-action 'self' edge.sharethis.com m.facebook.com facebook.com www.google.com www.paypal.com www.uship.com; base-uri 'none'; report-to csp-services; report-uri https://equinenow.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com rpxnow.com cdn.segment.com *.janraincapture.com *.doubleclick.net *.googleadservices.com s.pinimg.com *.cloudfront.net pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://cdn.pricespider.com quilt-cdn.janrain.com *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com pixel.tapad.com https://www.google.com *.doubleclick.net ct.pinterest.com *.cloudfront.net images.ctfassets.net *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com *.bazaarvoice.com *.janraincapture.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src 'self' 'unsafe-inline' data: *.withgoogle.com *.fontawesome.com *.googleapis.com *.google-analytics.com *.colorzilla.com *.jquery.com *.googleapis.com *.bootstrapcdn.com *.forecast7.com *.linearicons.com *.googletagmanager.com *.processwire.com *.proxypay.co.ao *.stripe.network *.stripe.com *.snipcart.com *.google.com *.gmail.com *.tradingview.com *.weatherwidget.io *.youtube.com; 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.google.com google-analytics.com *.google-analytics.com *.gstatic.com platform-api.sharethis.com *.sharethis.com tcr-manager.net cdnjs.cloudflare.com cdn.jsdelivr.net *.cloudfront.net *.fontawesome.com unpkg.com; 1
default-src *; style-src * self 'unsafe-inline' blob: data:; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; object-src * 'self' blob: data:; img-src * self 'unsafe-inline' blob: data:; connect-src self * 'unsafe-inline' blob: data:; frame-src * self blob: data:; 1
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap: 1
default-src 'self' https://www.google-analytics.com/ https://m.addthis.com/ https://api-public.addthis.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.google.com/ https://m.addthis.com/ https://v1.addthisedge.com/ https://siteimproveanalytics.com/ https://z.moatads.com/ https://www.google-analytics.com/ https://s7.addthis.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.googletagmanager.com/; font-src 'self' https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; img-src * data:; media-src *; object-src 'self'; frame-src 'self' https://w.soundcloud.com/ https://s7.addthis.com/ https://www.youtube.com/ https://share.transistor.fm/ https://embed.podcasts.apple.com/ https://www.google.com/ https://vimeo.com/ https://player.vimeo.com/ https://www.facebook.com/plugins/ https://www.youtube.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/; 1
default-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.vo.msecnd.net https://ajax.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://r.bing.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.pinimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.civiccomputing.com https://www.youtube.com https://script.crazyegg.com https://cdn.jsdelivr.net https://code.jquery.com https://maps.googleapis.com *.sharethis.com dl.episerver.net; connect-src 'self' *; style-src 'self' 'unsafe-inline' *.licdn.com *.google.com *.bing.com ajax.googleapis.com www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com; object-src *.googlesyndication.com; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org https://ssl.google-analytics.com https://www.google-analytics.com https://*.linkedin.com https://bat.bing.com https://*.google.com https://www.google.pl https://ct.pinterest.com https://shoplogos.commerce-connector.de https://*.doubleclick.net https://*.googletagmanager.com https://i.ytimg.com https://*.gstatic.com https://*.googleapis.com https://platform-cdn.sharethis.com *.facebook.com https://aax-eu.amazon-adsystem.com *.spotify.com *.tiktok.com; frame-src 'self' https://td.doubleclick.net https://ct.pinterest.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; worker-src 'self' blob: www.google.com 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dcvxs6ggqztsa.cloudfront.net *.slideshare.net game.flarie.com calsandbox.wpengine.com optimize.google.com *.youtube.com cdnjs.cloudflare.com *.tryinteract.com my.wpengine.com *.litix.io *.akamaihd.net *.wistia.net *.workable.com *.calculoid.com *.wistia.com  *.calabrio.com www.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.facebook.com *.facebook.net secure.text6film.com secure.cold5road.com j.6sc.co c.6sc.co *.demandbase.com *.googleadservices.com *.hotjar.com *.licdn.com *.outbrain.com *.force.com calabrio.my.salesforce.com *.g2crowd.com *.pardot.com googleads.g.doubleclick.net www.google-analytics.com match.prod.bidr.io id.rlcdn.com api.company-target.com px.ads.linkedin.com d.la1-c2-ia5.salesforceliveagent.com stats.g.doubleclick.net *.leadforensics.com *.doubleclick.net *.podcasts.apple.com *.adnxs.com *.hotjar.io webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net use.typekit.net a.omwpapi.com *.omwpapi.com g2.com share.transistor.fm *.omappapi.com *.driftt.com s.company-target.com; img-src 'self' bat.bing.com *.googleapis.com complianz.io yoast.com yoa.st dify.wpengine.com calsandbox.wpengine.com b.6sc.co www.gstatic.com www.google-analytics.com www.googletagmanager.com optimize.google.com *.svgator.com *.linkedin.com *.tryinteract.com *.cloudfront.net update.creoworx.com *.googletagmanager.com *.w.org *.oktacdn.com *.netdna-ssl.com *.akamaihd.net *.amazonaws.com *.gravatar.com *.wistia.com *.wistia.net www.google-analytics.com segments.company-target.com p.adsymptotic.com *.omwpapi.com *.omappapi.com s38924.pcdn.co optinmonster.com *.typekit.net *.google.com match.prod.bidr.io id.rlcdn.com px.ads.linkedin.com *.outbrain.com g2.com *.6sc.co *.facebook.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com dcvxs6ggqztsa.cloudfront.net yoast.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.svgator.com cdnjs.cloudflare.com my.wpengine.com *.litix.io *.akamaihd.net *.webeo.com *.wistia.net *.workable.com *.calculoid.com *.wistia.com  *.calabrio.com www.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.facebook.com *.facebook.net secure.text6film.com *.tryinteract.com secure.cold5road.com j.6sc.co c.6sc.co *.demandbase.com *.googleadservices.com *.hotjar.com *.licdn.com *.outbrain.com *.force.com calabrio.my.salesforce.com  *.g2crowd.com *.pardot.com googleads.g.doubleclick.net www.google-analytics.com match.prod.bidr.io id.rlcdn.com api.company-target.com px.ads.linkedin.com  d.la1-c2-ia5.salesforceliveagent.com d.la5-c1-ia4.salesforceliveagent.com d.la5-c1-ia5.salesforceliveagent.com stats.g.doubleclick.net *.leadforensics.com *.doubleclick.net *.podcasts.apple.com *.adnxs.com *.hotjar.io  webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net use.typekit.net a.omwpapi.com *.omwpapi.com g2.com share.transistor.fm *.omappapi.com *.driftt.com blob:;connect-src 'self' wss://*.hotjar.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.google.com epsilon-globalaccelerator.6sense.com epsilon.6sense.com cdn.linkedin.oribi.io my.yoast.com *.hotjar.io my.wpengine.com *.calculoid.com *.6sc.co *.adnxs.com *.facebook.com *.facebook.net *.wistia.com *.wistia.net *.litix.io *.google-analytics.com tr.outbrain.com stats.g.doubleclick.net *.calabrio.com *.company-target.com *.hotjar.com *.leadforensics.com *.omappapi.com *.omwpapi.com *.akamaihd.net;font-src 'self' *.calabrio.com *.calculoid.com use.typekit.net a.omappapi.com *.gstatic.com *.wistia.net *.wistia.com data: ;report-uri https://www.calabrio.com 1
frame-ancestors 'self' grn-www.loweboats.com; 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodont.cat; img-src 'self' https: data: blob: https://mastodont.cat; style-src 'self' https://mastodont.cat 'nonce-9AkA6N6TmxqxrQQTSbsiig=='; media-src 'self' https: data: https://mastodont.cat; frame-src 'self' https:; manifest-src 'self' https://mastodont.cat; form-action 'self'; child-src 'self' blob: https://mastodont.cat; worker-src 'self' blob: https://mastodont.cat; connect-src 'self' data: blob: https://mastodont.cat https://mastodont.cat wss://mastodont.cat; script-src 'self' https://mastodont.cat 'wasm-unsafe-eval' 1
default-src 'self' av.tib.eu tib.flowcenter.de support.tib.eu ; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: *.baw.de av.tib.eu *.google.com *.gstatic.com *.youtube.com; media-src 'self' *.baw.de av.tib.eu multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.baw.de av.tib.eu *.google.com *.gstatic.com *.youtube.com *.vimeo.com; 1
default-src 'self' data: *; style-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://cdn.syndication.twimg.com https://code.jquery.com https://js.intercomcdn.com https://kit.fontawesome.com/4f31121362.js https://cdn.jsdelivr.net/npm/algoliasearch@4.5.1/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.8.3/dist/instantsearch.production.min.js https://platform.twitter.com https://stackpath.bootstrapcdn.com https://static.cloudflareinsights.com https://widget.intercom.io https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; 1
frame-ancestors 'self' https://*.better.org.uk 1
default-src 'self' https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://wc.eprinsa.es https://cdn.syndication.twimg.com https://platform.twitter.com https://ajax.googleapis.com moz-extension://* https://googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://googleapis.com https://www.googletagmanager.com  https://www.eltiempo.es https://www.google-analytics.com/ https://connect.facebook.net https://www.tiempo.com https://www.google.com https://www.tutiempo.net https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.pinterest.com https://assets.pinterest.com https://widgets.pinterest.com https://www.instagram.com https://widgets.waqi.info https://www.gstatic.com https://static.dialogflow.com https://ajax.googleapis.com; connect-src 'self' https://apis.dipucordoba.es https://apis2.dipucordoba.es https://*.google-analytics.com https://maps.googleapis.com https://cloud.elegantthemes.com https://googleapis.com https://yoast.com https://dialogflow.cloud.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://toolset.com https://wp.eprinsa.es https://*.w.org https://www.dipucordoba.es https://via.placeholder.com http://dipucordoba.es https://dipucordoba.es https://googleapis.com https://www.elegantthemes.com https://wp.eprinsa.es https://maps.googleapis.com https://maps.gstatic.com https://www.hitwebcounter.com https://www.google-analytics.com https://secure.gravatar.com https://www.facebook.com https://i.ytimg.com https://w.bookcdn.com https://hitwebcounter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://log.pinterest.com https://i.pinimg.com https://www.googletagmanager.com https://apis.dipucordoba.es https://apis2.dipucordoba.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://stackpath.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://centrovirtual.educacion.es https://i.vimeocdn.com https://player.vimeo.com https://mapserver.eprinsa.es https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.google.com https://maps.google.com https://www.facebook.com https://www.youtube.com https://www.elegantthemes.com https://www.andalucialive.com https://platform.twitter.com https://syndication.twitter.com https://mapserver.eprinsa.es https://www.instagram.com; 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'nonce-0R1BYDG9UA' *.bajabound.com *.googleusercontent.com api.mapbox.com api.tiles.mapbox.com cdn.bajabound.com maps.google.com maps.googleapis.com pro.fontawesome.com kit.fontawesome.com *.googletagmanager.com *.paypalobjects.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.paypal.com *.facebook.net bam.nr-data.net 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' cdn.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; media-src 'self' data: *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com *.cookielaw.org *.onetrust.com connect.facebook.net *.pricespider.com pghub.io *.adsrvr.org apps.bazaarvoice.com cdnjs.cloudflare.com api.tiles.mapbox.com *.bazaarvoice.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io *.adsrvr.org www.facebook.com consumersupport.pg.com www.youtube.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com *.pricespider.com *.ytimg.com *.bazaarvoice.com www.googletagmanager.com www.google-analytics.com *.cookielaw.org *.onetrust.com www.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.tide.com www.facebook.com *.algolianet.com *.algolia.net *.pricespider.com graphql.contentful.com api.tide.com *.mapbox.com www.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net wss: *.iesnare.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:  www.googletagmanager.com i.ytimg.com rarewebcdn.azureedge.net; script-src 'self' 'unsafe-eval' fonts.googleapis.com wcpstatic.microsoft.com wcpstatic-int.microsoft.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.gstatic.com www.google.com rarewebcdn.azureedge.net; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://polyfill.io https://*.msecnd.net ttps://*.visualstudio.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.episerver.net https://tagmanager.google.com https://snap.licdn.com https://consent.cookiebot.com https://www.youtube.com/iframe_api https://s.ytimg.com https://*.cookiebot.com https://addevent.com https://*.fullstory.com https://optimize.google.com https://cdn.addevent.com https://www.googleoptimize.com https://*.hotjar.com https://www.addevent.com/libs/atc/1.6.1/atc.min.js;  connect-src 'self' https://dc.services.visualstudio.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com/api/oembed.json  https://*.fullstory.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.hotjar.com wss://ws.hotjar.com/;  media-src 'self' data:;  img-src 'self' data: https: https://*.gstatic.com https://maps.googleapis.co https://googleads.g.doubleclick.net https://www.google.com http://img.youtube.com https://*.google-analytics.com https://*.googletagmanager.com;  style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://inject.js https://optimize.google.com;  frame-ancestors 'self';  child-src 'self' https://www.google.com;  frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://consentcdn.cookiebot.com http://www.youtube.com https://player.vimeo.com https://optimize.google.com;  font-src 'self' https://fonts.gstatic.com data:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.eurolandir.com; style-src 'unsafe-inline' 'self' 'report-sample'; font-src *; report-uri https://www.veon.com/@http-reporting?csp=report&requestTime=1705981447856611 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=SG&lang=en-SG&device=desktop&yrid=4uba5shiqudlu&partner=; 1
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 1
default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.google-analytics.com *.analytics.google.com; style-src 'self' 'unsafe-inline' https:; media-src https://playout.3qsdn.com blob: 'self'; frame-src * 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://nicecrew.digital wss://nicecrew.digital https://benis.nicecrew.tv https://poast.tv https://nicecrew.tv https://media.nicecrew.digital https://cdn.nicecrew.digital https://nicecrew.digital https://media.nicecrew.digital https://media.nicecrew.digital;media-src 'self' https://benis.nicecrew.tv https://poast.tv https://nicecrew.tv https://media.nicecrew.digital https://cdn.nicecrew.digital https://nicecrew.digital https://media.nicecrew.digital https://media.nicecrew.digital;img-src 'self' data: blob: https://benis.nicecrew.tv https://poast.tv https://nicecrew.tv https://media.nicecrew.digital https://cdn.nicecrew.digital https://nicecrew.digital https://media.nicecrew.digital https://media.nicecrew.digital;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
default-src 'self' data: https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://apps.sae1.pure.cloud/ https://dbqzcs4dvlgzz.cloudfront.net/ https://apps.mypurecloud.com/ https://fonts.gstatic.com/ https://api.sae1.pure.cloud/ wss://streaming.sae1.pure.cloud/ 'unsafe-inline' 'unsafe-eval'; 1
Content-Security-Policy script-src 'self' ecn.dev.vrtualearth.net; img-src *; Content-Security-Policy script-src 'self' www.facebook.com;; frame-ancestors 'self' 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://lacordee.com/; style-src 'self' blob: https: 'unsafe-inline' https://lacordee.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://brighteon.social; img-src 'self' https: data: blob: https://brighteon.social; style-src 'self' https://brighteon.social 'nonce-au4+gCZ9nqFDDN0DuXTzcQ=='; media-src 'self' https: data: https://brighteon.social; frame-src 'self' https:; manifest-src 'self' https://brighteon.social; connect-src 'self' data: blob: https://brighteon.social https://s3.us-west-002.backblazeb2.com wss://brighteon.social https://www.brighteon.com https://censored.news; script-src 'self' https://brighteon.social https://support.brighteon.com https://www.brighteon.tv https://hcaptcha.com https://static.cloudflareinsights.com; child-src 'self' blob: https://brighteon.social; worker-src 'self' blob: https://brighteon.social 1
frame-ancestors http://*.kitzski.at https://customer-kitzbuehel.loop21.net https://bbkitzbuehl.traumgutscheine.com 1
manifest-src 'none' 1
default-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn1.readspeaker.com/ data:;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn1.readspeaker.com/ https://ilost.co/ https://ajax.aspnetcdn.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn1.readspeaker.com/; img-src 'self' data: https://www.alrijne.nl https://alrijne.4cloud.nl https://stats.g.doubleclick.net https://www.google-analytics.com/ https://maps.google.com/ https://maps.gstatic.com https://ilost.co/ https://i.vimeocdn.com/; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; frame-src https://www.youtube-nocookie.com/ https://www.google.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://ilost.co/ https://player.vimeo.com/; manifest-src 'self'; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://app-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://*.readspeaker.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/; media-src https://app-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/; object-src 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://vjs.zencdn.net https://maps.googleapis.com https://maps.gstatic.com https://*.fls.doubleclick.net https://bounce.exacttarget.com https://exacttarget.com https://*.marketingcloudapps.com https://*.readspeaker.com; font-src 'self' data: https://vjs.zencdn.net; img-src 'self' data: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://maps.googleapis.com https://maps.gstatic.com https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.fls.doubleclick.net; media-src 'self' blob: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net; worker-src 'self' blob:; object-src 'self' blob:; child-src 'self'; frame-src 'self' https://vds.issgovernance.com https://*.dws.de https://*.dws.com https://*.mateti.net https://*.equitystory.com https://www.google.com https://*.fls.doubleclick.net; frame-ancestors 'self'; form-action 'self' 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;connect-src 'self' www.google.com stats.g.doubleclick.net uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io auth.zonda.exchange www.google-analytics.com wss://api.zondacrypto.exchange api.zondacrypto.exchange https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com/ *.google-analytics.com *.analytics.google.com auth.zondacrypto.exchange;script-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com widget.intercom.io *.adform.net *.youtube.com www.google-analytics.com www.googletagmanager.com *.google.com google.com ssl.google-analytics.com *.gstatic.com connect.facebook.net https://googleads.g.doubleclick.net;frame-src *.adform.net *.fls.doubleclick.net 'self' *.zondaglobal.com  *.zondacrypto.com *.google.com *.youtube.com;frame-ancestors 'self';font-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com fonts.gstatic.com fonts.gstatic.com https://fonts.intercomcdn.com 1
default-src 'self' https://www.coachesclipboard.net https://cccdn-fe9e.kxcdn.com *.baqend.com https://nameless-forest-11.app.baqend.com www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.12/vue.min.js https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.coachesclipboard.net https://cccdn-fe9e.kxcdn.com *.baqend.com https://nameless-forest-11.app.baqend.com https://challenges.cloudflare.com pagead2.googlesyndication.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.12/vue.min.js googleads.g.doubleclick.net https://www.google-analytics.com https://tagmanager.google.com https://pagead2.googlesyndication.com; script-src-elem 'self' https://cccdn-fe9e.kxcdn.com https://nameless-forest-11.app.baqend.com https://challenges.cloudflare.com https://fundingchoicesmessages.google.com https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.12/vue.min.js https://www.gstatic.com/swiffy/v5.4/runtime.js 'sha256-SSWnvdOpvjtcOvGpnfotkaN1OlprEBEboD3Wnvbch4E=' 'sha256-5vF3xrjFIaLsFp1erEKvU1mQjV3KyibO5ZOoe11ZPis=' 'sha256-kwiWHrik9FPm1kXcV0fbGcwgLbaURMQbHf69jLsWxCQ=' 'sha256-ztBmI8oc8eV2XvmMDVSJo1nr3LVoz88CnVCQULg6kHE=' 'sha256-6CGhAZEuY28iMXQWweTHR9Bem2x1TmHGFNDvXRvABv8=' 'sha256-VGBLxXHjUi7PaQ7KKVm2vBWqQ9tgV7eoYQRN9nHTMzs=' 'sha256-J4tjrjpGtup1gJL/iOxX17gp6XN/3Mg7ySGerz/gCiI=' 'sha256-wMifgpJvmZf1mUuYgW0ksAv86TGbAzocM6ObNyhi1W8=' 'sha256-r4cP7Tmnj7YWKFxZRn8javTTJ9lJSvx5Xgn+lSWs5Yw=' 'sha256-gP1NkU3c7YUpV3RUAH9aXzzhb/kRFGqy3OeXNj688Ic=' 'sha256-ui7ck+7LvhCVGiziIhJeWdzZK7bz8q8Xiggsk4VlNUE=' 'sha256-ixMTtUwqAJ9i+q62+4jfhxo5sfQV5hcIetyJG79gtxo=' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://partner.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://adservice.google.com https://www.google-analytics.com 'sha256-xxk94lqt4sDR8Ey5hzVFKM7PhEaOkGRRSVmWIfvUSgM=' 'sha256-iTrjJCsqPjUDlbjqFVubVeo9BLQHzfxDno+O9WT9NPE='; img-src * data:; connect-src *; frame-src 'self' https://cccdn-fe9e.kxcdn.com https://player.vimeo.com/ https://www.google.com/ https://www.youtube.com https://youtu.be/ https://m.youtube.com/ https://www.youtube-nocookie.com/ https://www.linkedin.com/ https://challenges.cloudflare.com https://search.freefind.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; object-src 'none'; font-src 'self' https://cccdn-fe9e.kxcdn.com https://nameless-forest-11.app.baqend.com https://use.fontawesome.com/ https://fonts.gstatic.com data:; base-uri 'self' https://www.coachesclipboard.net https://cccdn-fe9e.kxcdn.com; frame-ancestors 'self' https://www.coachesclipboard.net https://cccdn-fe9e.kxcdn.com *.baqend.com https://nameless-forest-11.app.baqend.com *.www.linkedin.com:* https://www.linkedin.com/ www.google.com www.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagmanager.com https://partner.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://adservice.google.com https://www.gstatic.com  https://audible.sp1.convertro.com; 1
frame-ancestors 'self' https://marketplace.marsh.com/; 1
frame-ancestors 'self' https://multiverse.sanity.studio https://multiverse-staging.sanity.studio 1
default-src 'self'; img-src 'self' https://outlook.office365.com *.gstatic.com *.g.doubleclick.net https://bat.bing.com https://cdn.jjkeller.com https://*.livechatinc.com https://www.google.com https://www.google-analytics.com https://app.jjkellerlibrary.com *.cookielaw.org data:; script-src 'self' 'unsafe-inline' https://www.clarity.ms https://pureconnect.jjkeller.com *.gstatic.com *.simplemaps.com *.jjkeller.com *.mypureconnect.com *.cloudfront.net *.mypurecloud.com tagmanager.google.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googleapis.com https://*.livechatinc.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://s.ytimg.com https://i.ytimg.com https://www.youtube.com https://static.doubleclick.net https://bat.bing.com *.cookielaw.org; style-src 'self' 'unsafe-inline' tagmanager.google.com *.mypurecloud.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com *.mypurecloud.com www.clarity.ms https://db.onlinewebfonts.com https://*.googleusercontent.com https://*.livechatinc.com https://fonts.gstatic.com data:; frame-src 'self' *.office365.com https://www.google.com https://www.pages04.net https://www.youtube.com https://*.livechatinc.com https://bid.g.doubleclick.net https://www.youtube-nocookie.com; connect-src 'self' *.google-analytics.com https://www.google-analytics.com *.jjkeller.com us-street.api.smartystreets.com iw-145-den.us.cscp.hosted-inin.com *.mypurecloud.com wss://streaming.mypurecloud.com analytics.google.com *.g.doubleclick.net *.cookielaw.org *.onetrust.com; 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; frame-src * 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src https: wss: blob:; img-src http: https: data: blob: about:; font-src http: https: data:; frame-src https: blob:; report-uri /api/csp/report 1
default-src 'self' wct-2.com fonts.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com assets.pinterest.com *.addthis.com www.facebook.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' wct-2.com code.jquery.com www.googletagmanager.com www.google-analytics.com assets.pinterest.com *.addthisedge.com connect.facebook.net *.onetrust.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.promocodesforyou.com *.addthis.com z.moatads.com cdnjs.cloudflare.com; connect-src 'self' wct-2.com cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net *.onetrust.com; img-src * data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com stackpath.bootstrapcdn.com code.jquery.com maxcdn.bootstrapcdn.com;base-uri 'self';form-action 'self' wct-2.com www.facebook.com; 1
font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cache.goodsamapp.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cache.goodsamapp.org; 1
script-src 'self' blob: googleads.g.doubleclick.net *.forter.com *.googleapis.com bat.bing.com *.cloudflare.com connect.facebook.net *.salesforceliveagent.com *.truckpro.com *.cccparts.com d81mfvml8p5ml.cloudfront.net dkpklk99llpj0.cloudfront.net dn1i8v75r669j.cloudfront.net *.fontawesome.com *.bootstrapcdn.com nexus.ensighten.com *.force.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.sumologic.com api.ipdata.co truckpro.my.salesforce.com truckpro.my.salesforce-sites.com am.freshrelevance.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: truckpro-asset-store.s3.us-east-2.amazonaws.com *.truckpro.com *.cccparts.com *.gstatic.com *.cloudfront.net cs.choozle.com dpm.demdex.net insight.adsrvr.org solveda-cc-asset-store.s3.amazonaws.com; object-src 'none'; frame-ancestors *.truckpro.com *.cccparts.com; 1
default-src 'self' cso52.ru soc52.ru uszn52.ru *.minsocium.ru *.cso52.ru *.soc52.ru *.uszn52.ru gosuslugi.ru *.gosuslugi.ru достижения.рф xn--d1acchc3adyj9k.xn--p1ai *.gov.ru 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://search.service.vportal.ee/v1/search/uusagri https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/uusagri https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://www.google.com/maps/d/embed https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6le61gtiqubo3&partner=; 1
default-src https://d27urz3c38hyx4.cloudfront.net; img-src https://d27urz3c38hyx4.cloudfront.net data:; style-src https://d27urz3c38hyx4.cloudfront.net 'unsafe-inline'; script-src https://d27urz3c38hyx4.cloudfront.net; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none' 1
default-src https: ; script-src 'report-sample' 'unsafe-inline' 'strict-dynamic' https://62400-260a0f8-dot-monorail-prod.appspot.com/static/dist/ 'self' 'nonce-1AZNRPjkQsu6rpmYKJa8Xj4l9qu7iuHu'; child-src 'none'; frame-src accounts.google.com content-issuetracker.corp.googleapis.com login.corp.google.com up.corp.googleapis.com feedback.googleusercontent.com www.google.com; img-src https: data: blob: ; style-src https: 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri /csp.do 1
default-src 'self' https:;base-uri 'self';img-src 'self' https: data: www.googletagmanager.com;font-src 'self' https: data:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';frame-src 'self' https:;media-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';object-src 'none';connect-src 'self' https: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-aoji2fWY4fDLWVfT08Vf8xQRCIXgqIoPhTCTT0LP+9gqP6fl' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self' sandbox.flo2cash.com secure.flo2cash.co.nz flo2cash.ng.grv.nz; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' maps.googleapis.com googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.nz developers.google.com data: *.crazyegg.com www.facebook.com; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-6aDBzFsJ3XcAnuDH6Ec80JVuadvHAZPL9tSNDdigJgY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com www.google.com sandbox.flo2cash.com secure.flo2cash.co.nz connect.facebook.net www.facebook.com; connect-src 'self' wt.engage.ubiquity.co.nz wt-production.servicebus.windows.net www.google-analytics.com ajax.googleapis.com sandbox.flo2cash.com secure.flo2cash.co.nz *.crazyegg.com stats.g.doubleclick.net connect.facebook.net www.facebook.com maps.googleapis.com graph.facebook.com api.raygun.io; worker-src 'self' blob:; child-src 'self' blob:; upgrade-insecure-requests ; report-uri https://gravitatenz.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' http://edit.kyfb.com 1
default-src 'self';  style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com platform.twitter.com ton.twimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://code.jquery.com/ https://ajax.googleapis.com/ www.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com pixel.mathtag.com c212.net connect.facebook.net cdn.c212.net platform.twitter.com cdn.syndication.twimg.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' www.gravatar.com data: syndication.twitter.com pixel.mathtag.com abs.twimg.com pbs.twimg.com via.placeholder.com platform.twitter.com ton.twimg.com; frame-src 'self' www.google.com pixel.mathtag.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com 1
connect-src 'self' wss:             *.maxict.nl            *.maxshop.test            *.doubleclick.net            *.google-analytics.com            *.google.com            *.hotjar.com            *.hotjar.io            *.pro6pp.nl            *.tawk.to            *.dwin1.com            unpkg.com            *.clarity.ms            *.oribi.io            *.visualwebsiteoptimizer.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.zenaps.com;        default-src 'self' blob:;        font-src 'self' data:            *.maxict.nl            *.maxshop.test             *.gstatic.com            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com            *.clarity.ms            *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.hotjar.com;        frame-src 'self' 'unsafe-inline' about:             *.maxict.nl            *.maxshop.test            *.criteo.com            *.google.com            *.dpd.de            *.eetgroup.com            *.facebook.com            *.hotjar.com            *.hotjar.io            *.kingston.com            *.newstar.eu            *.newstar.nl            *.startech.com            *.tawk.to            *.twindis.com            *.youtube.com            *.psaparts.co.uk            *.gls-info.nl            *.gls-netherlands.com            *.dwin1.com            unpkg.com            *.zenaps.com            *.icecat.biz            *.clarity.ms            app.vwo.com *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            inishop.com            *.inishop.com;        img-src 'self' data: https:             *.maxict.nl            *.maxshop.test            *.clarity.ms            *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.google.com;        worker-src 'self' blob:;        manifest-src 'self' *.maxict.nl;        object-src 'self' *.maxict.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' about:             *.maxict.nl            *.maxshop.test            *.bing.com            *.bizographics.com            *.cloudfront.net            *.criteo.com            *.criteo.net            *.doubleclick.net            *.facebook.net            *.flix360.com            *.flixcar.com            *.flixfacts.com            *.google-analytics.com            *.googleadservices.com            *.googletagmanager.com            *.google.com            *.hotjar.com            *.hotjar.io            *.iceleads.com            *.jsdelivr.net            *.licdn.com            *.linkedin.com            *.list-manage.com            *.mailchimp.com            *.tawk.to            *.vane3alga.com            *.dwin1.com            unpkg.com            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.zenaps.com;        style-src 'self' 'unsafe-inline'             *.maxict.nl            *.maxshop.test            *.cloudfront.net            *.googleapis.com            *.google.com            *.jsdelivr.net            *.mailchimp.com            *.dwin1.com            unpkg.com            *.tawk.to            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.zenaps.com;        upgrade-insecure-requests; 1
default-src 'self' *.dcube.cloud *.demdex.net cm.everesttech.net wogadobeanalytics.sc.omtrdc.net *.wogaa.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.sharethis.com www.googletagmanager.com *.hotjar.com blob: *.dcube.cloud assets.adobedtm.com *.wogaa.sg maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net isotope.metafizzy.co *.google.com partner.googleadservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com assets.dcube.cloud/fonts maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.wogaa.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com assets.dcube.cloud/fonts maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.wogaa.sg cdn.jsdelivr.net ka-f.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.sharethis.com *.hotjar.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net i.ytimg.com img.youtube.com *.google.com; media-src 'self' data: blob:; frame-src 'self' https://c.sharethis.mgr.consensu.org/ *.sharethis.com *.hotjar.com www.youtube.com *.elitigation.sg *.onemap.gov.sg wogaa.demdex.net fast.wogaa.demdex.net viewer.diagrams.net *.google.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.sharethis.com www.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.dcube.cloud dpm.demdex.net *.wogaa.sg ka-f.fontawesome.com *.google.com csp.withgoogle.com; object-src 'none'; 1
default-src wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu *.datatables.net *.piwik.pro; script-src 'unsafe-inline' 'unsafe-eval' wss://*.zopim.com *.webinargeek.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu *.piwik.pro; style-src 'unsafe-inline' wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; img-src data: wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; font-src data: wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; media-src wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; frame-src *.webinargeek.com wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; object-src *.youtube.com *.youtube-nocookie.com *.postcodeapi.nu  1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-m62/KjNVetN0JZL5ccGhuA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self' https://accesswidget-log-receiver.acsbapp.com https://cdn.acsbapp.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com https://syndication.teleborsa.it https://ka-f.fontawesome.com/ https://*.animasgr.it https://funds.previnet.it https://www.epheso.com/ https://funds.previnet.it https://www.google.com/ https://www.iubenda.com/ https://cdn.iubenda.com/ data:; connect-src 'self' https://cdn.acsbapp.com/ https://cdn.linkedin.oribi.io https://eu.acsbapp.com https://eu-process.acsbapp.com https://eu-cdn.acsbapp.com https://process.acsbapp.com https://cdn.acsbapp.com https://www.google-analytics.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://ka-f.fontawesome.com/ https://stats.g.doubleclick.net https://plausible.io; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://eu.acsbapp.com https://acsbapp.com https://kit.fontawesome.com https://www.epheso.com/ https://funds.previnet.it https://www.gstatic.com/ https://www.iubenda.com https://*.iubenda.com/ https://www.google.com/ https://assets.contactlab.it https://chatbot-prod.animasgr.it https://www.googletagmanager.com https://www.google-analytics.com https://ssl.p.jwpcdn.com/ https://*.animasgr.it https://plausible.io; img-src 'self' data: https://px.ads.linkedin.com https://eu-cdn.acsbapp.com https://cdn.acsbapp.com https://www.google.com/ https://www.google.it/ https://www.google-analytics.com/ https://prd.jwpltx.com/ https://www.googletagmanager.com/ ;media-src 'self' data: blob: https://eu-web1.acsbapp.com https://web1.acsbapp.com https://*.animasgr.it; 1
default-src 'self' wss://localhost:44399 https://localhost:44399 www.google-analytics.com www.youtube.com https://stats.g.doubleclick.net cdn1.readspeaker.com app-eu.readspeaker.com vttts-eu.readspeaker.com maps.google.com; child-src 'self' www.youtube.com player.vimeo.com www.google.com platform.twitter.com https://*.twitter.com connect.facebook.net www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:44399 s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl player.vimeo.com www.googletagmanager.com cdn1.readspeaker.com platform.twitter.com connect.facebook.net cdn.syndication.twimg.com unpkg.com; style-src 'self' 'unsafe-inline' *.typekit.net cdn1.readspeaker.com cdn.syndication.twimg.com platform.twitter.com fonts.googleapis.com; img-src 'self' data: services.perplex.eu www.google-analytics.com www.perplex.nl https://www.gravatar.com https://dashboard.umbraco.org https://dashboard.umbraco.com syndication.twitter.com *.twimg.com platform.twitter.com http://maps.google.com http://www.zgt.nl *.zgt.nl https://zgtnl-acc.perplex.eu; font-src 'self' data: *.typekit.net fonts.gstatic.com; form-action 'self' zgt.nl betazgtnl.perplex.eu zgtnl.dev.perplex.eu; report-uri https://perplex.report-uri.com/r/default/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://apis.google.com https://maps.gstatic.com https://plus.browsealoud.com  https://www.google-analytics.com https://www.googletagmanager.com/gtm.js  https://*.speechstream.net https://www.browsealoud.com  https://maps.googleapis.com  https://wikisum.texthelp.com/  https://cc.cdn.civiccomputing.com https://plausible.io/js/script.js https://plausible.io/js/script.tagged-events.outbound-links.js https://plausible.io/js/plausible.outbound-links.file-downloads.js; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://plus.browsealoud.com https://assets.nhs.uk https://www.browsealoud.com ; img-src 'self' data: https://maps.gstatic.com https://browsealoud.com  https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://secure.gravatar.com https://www.browsealoud.com https://www.google-analytics.com https://assets.nhs.uk; connect-src 'self' data: blob: https://plus.browsealoud.com https://speech.speechstream.net https://stats.g.doubleclick.net https://www.browsealoud.com https://www.google-analytics.com   https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://apikeys.civiccomputing.com https://plausible.io/api/event https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/  https://babm.texthelp.com https://*.speechstream.net; font-src 'self' data: https://fonts.gstatic.com https://assets.nhs.uk; media-src blob: https://*.speechstream.net;; child-src 'self'  https://content.googleapis.com https://www.googletagmanager.com/ns.html; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://content.googleapis.com https://maps.google.com https://platform.twitter.com https://www.facebook.com https://www.google.com https://www.youtube.com https://maps.googleapis.com https://www.facebook.com; worker-src 'none'; manifest-src 'self'; base-uri 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.gigantits.com/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self' https://coco.coyocloud.com https://cdn.vangraaf.de; 1
frame-ancestors 'self' nationaalarchief.sr *.nationaalarchief.sr; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com  *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.userway.org autoexecs.ebeyonds.com *.edb.gov.lk cdn.userway.org *.srilankabusiness.com usrwy.com v1.addthisedge.com z.moatads.com i.pinimg.com *.googleusercontent.com *.cdninstagram.com *.fbcdn.net yt3.ggpht.com data: *.twimg.com stackpath.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net www.clarity.ms createsend.com snap.licdn.com s.pinimg.com static.ads-twitter.com c.clarity.ms ct.pinterest.com px.ads.linkedin.com t.co analytics.twitter.com c.bing.com ; frame-ancestors 'self' https://devicetester.smart360web.com; 1
frame-ancestors *.prod.acquia-sites.com *.japanhousesp.com.br *.japanhouse.dpdm.jp; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sunny.garden; img-src 'self' https: data: blob: https://sunny.garden; style-src 'self' https://sunny.garden 'nonce-Nkejzw+V+xGn/KPpBrW8fg=='; media-src 'self' https: data: https://sunny.garden; frame-src 'self' https:; manifest-src 'self' https://sunny.garden; form-action 'self'; child-src 'self' blob: https://sunny.garden; worker-src 'self' blob: https://sunny.garden; connect-src 'self' data: blob: https://sunny.garden https://media.mastodon.sunny.garden wss://sunny.garden; script-src 'self' https://sunny.garden 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://historians.social; img-src 'self' https: data: blob: https://historians.social; style-src 'self' https://historians.social 'nonce-nmA5czUMvjLK3Q2D8FYLdA=='; media-src 'self' https: data: https://historians.social; frame-src 'self' https:; manifest-src 'self' https://historians.social; form-action 'self'; child-src 'self' blob: https://historians.social; worker-src 'self' blob: https://historians.social; connect-src 'self' data: blob: https://historians.social https://media.historians.social wss://historians.social; script-src 'self' https://historians.social 'wasm-unsafe-eval' 1
object-src 'none'; font-src 'self' fonts.gstatic.com; base-uri 'none'; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; default-src 'self'; media-src 'self' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://ssl.gstatic.com/brand-architecture/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://*.youtube.com https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client https://www.googleoptimize.com https://www.gstatic.com https://ajax.googleapis.com *.thinkwithgoogle.com *.thinkwithgoogle.goog 'strict-dynamic' 'sha256-vi9h3P9VjInsPsB9kwZuXKMHKiagz9KnOkuXOVX7O1g=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-niUgG4ChWvW/z2qZLGjXATgbPm7xEiQOwFelweUfAuI=' 'sha256-6MAtiH3nKhs3pPODS8FGHaYy+lVAsIOG7qtjsDXoiGI=' 'sha256-5ZYQZbSDXHiq7Ah2brCxM88kr3r4esTrsuuZ29F0p4U=' 'sha256-Q6WEaEVeLip353B+a9OqeJkwUHRDfZIxaBlJpp2O4ns=' https://www.thinkwithgoogle.com 'nonce-oaowQyX9kuPIrtnQGFX9Tg==' *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://optimize.google.com https://www.gstatic.com https://gstatic.com *.googletagmanager.com https://www.thinkwithgoogle.com; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com https://www.google.com.co/ads/ga-audiences https://csi.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://www.thinkwithgoogle.com *.google.com; connect-src *.google.com 'self' https://analytics.google.com https://www.google-analytics.com https://releases.wagtail.io https://stats.g.doubleclick.net https://adservice.google.com/pagead/regclk *.google-analytics.com *.analytics.google.com *.googlesyndication.com https://accounts.google.com/gsi/ https://www.gstatic.com https://googleads.g.doubleclick.net/ 1
report-to 'self' ; child-src 'self' ; connect-src 'self' *.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self'  data: cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  *.fra1.cdn.digitaloceanspaces.com cdnjs.cloudflare.com *.googleapis.com cdn.jsdelivr.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval'  cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval'  cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline' cdn.jsdelivr.net *.googleapis.com *.gstatic.com fonts.googleapis.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:; 1
default-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; img-src 'self' wjd.nu; script-src-elem 'self' 'unsafe-inline' code.jquery.com; style-src-elem 'self' fonts.googleapis.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.blackmonsterterror.com/csp-reports; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src https://*.tempurpedic.com; 1
default-src 'self' *.usercentrics.eu; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' *.googleapis.com *.pluspol-networks.de *.omniplus.com *.usercentrics.eu; font-src 'self' data: *.gstatic.com; object-src 'self'; img-src 'self' data: *.googleapis.com *.gstatic.com *.usercentrics.eu; frame-src 'self' *.omniplus.com *.pluspol-networks.de *.vimeo.com *.vimeocdn.com scnem2.com youtube.com youtube-nocookie.com busdoc.i.daimler.com; connect-src 'self' *.googleapis.com *.pluspol-networks.de *.omniplus.com *.usercentrics.eu; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src * data: https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; media-src *; font-src https://* data:; worker-src * data: blob:; frame-src *; connect-src *; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com; script-src  'self' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com *.googleoptimize.com *.consentmanager.net 291santanderdk.boost.ai widget.emaerket.dk campaigns.santanderconsumer.dk *.mouseflow.com assets.emaerket.dk dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com https://*.santanderconsumer.dk https://*.santanderconsumer.se https://*.santanderconsumer.no https://*.santanderconsumer.fi https://*.santander.dk https://*.santander.se https://*.santander.no https://*.santander.fi storage.googleapis.com https://bat.bing.com 'sha256-R3r1BBbUqajF92ZtvNhcoXaO1DyvCB5n6RlHZMJNN4Q=' 'sha256-NFxIY6K6p6boBUexkD2Fewzls+ysfBKzT1Uw87WR9EE=' 'sha256-yY7dACVeTmgNlehzAIBaxHBjDZ9tt4NCv7eMOk/K8YE=' 'sha256-mlCGm7PREq2+1xmgKobe8HlHDksYeFvjLXzqJ7ch0W8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-UdJ+lpDXQ1K2l3IHFMOnOz0cQZrvwu5BnEidbG5duAE=' 'sha256-hXVdLQcTSCXiD00gcOmBE0tlQXLvbAezHOdRGBPk4J0=' 'sha256-D18dB5h+lIUALun6cCt1R5/meMNLfcgxoIStf/TxWJk=' 'sha256-Qw+HAMwGExvf5jteDnfSGB3a7I8sdEpDA9sy3He4Ec0=' 'sha256-oDKOo3rbAjbKsoPlQXdS02l8HD9uILOyCEIH9JkEJLk=' 'sha256-otYqoRb2okK/ZBSILbUcNEJfnhhVUVTPUJ7DBz27AM8=' 'sha256-7dgkdi2TaseYSUQA2Rx+3cBu46jZZaXunypv+zwttNI=' 'unsafe-eval' 'sha256-9ngx4AKPGPfCBv7IFyBhyO0FqTStM+xd174Utt9VgzY=' 'sha256-b+mFhP6UaZWKNbsRQkJmp17yQL6EKJuGGnzGe9fnvMw=' 'sha256-r6fJN2yWlAzaOivviBP7AgKqdrOH3Y689ai2O/MVmLA=' 'sha256-rSHzb51IUxYm+c4JeuNjfbL9vXOo2F4suymawL9ZxwI=' 'sha256-ePdg/J6xQAqLwL9kt0BtHl0dFVN1GUQaCLoqCKZzgfI=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-VFh8XIB0THnT1RtOBgDPFPyhef4Lp5K5LVncKPb4MWA=' 'sha256-qHZE++vSX3dtpCSymjwY9K2s8R0mVIuTXFchSyNepoE=' 'sha256-bvivUkzKIPnOpV1CuuVFFp7kxbUuNHr04HaC9je0uwc=' 'sha256-zXTjEy2XnVVCyefHKHxOo4uWIsqu26ReDpoZypD8uk8=' 'sha256-CcRXR3t4TEC3pk0YAd9b1xtAbr4actwtEOv4adbPrpk=' 'sha256-9R4ihFru6YlQCXP/b494k54trR3x20OJvIdsEJ/bceU=' 'sha256-pmYmn2PoyMXO7rnjRxFLueFUFe8RzDykM+6QkPVokR8=' 'sha256-SRV/v+pQ9RxTl2HFEBmxEBuPDDohvnEVnwTyexaksEE=' 'sha256-zwhEW0zkgt6bCjI9Cq6U2ROYcg6O5IV6Hyi7KqlGlwE=' 'sha256-02+lO58ob+MJ5DEu89xWHGUlmToahVQfC/St5y3HorU=' 'sha256-TEJx/Yz8oqyBTboycB4fc+QfQLp8dLTE2lSmRozoGR8=' 'sha256-UqmalAp5JXIkJPvKTog2GNcajG5t+BOsykXh9/9bB1M=' 'sha256-Tk10pKvH3mL42RHGMNGrE4upsUQ8xUhLemCmn4yW5s8=' 'sha256-xnbUeAA7MN1ty+abRNrCJoTrKaI0FpPYp/uUnr2eLGI=' 'sha256-MAbYb1zJbmJ07wThvOubmF9VVX7HPkGstt/XYqYSVAk=' 'sha256-jhTesEsFR/jSN4b7CYkga70E167gIatxGtc9AOLhC8E=' 'sha256-ff0IxJHEND9PjVpHe/vt39jZqjS1K4zqsu3qNlLQXhA=' 'sha256-BSLLKjGJs4w3nHuHfeni8yAVxJleDbNdv7+6nunIUDE=' 'sha256-jSK4O5xkuasLI3uEVqSTzR6dI2z5cH1q4LUAx2Cz3QU=' 'sha256-C7d4NpWqC7cIoi5InCReWBoTIAxkfIOrUzyzSYDEUI0=' 'sha256-0PvdEtSGip2GQzuqA4st7PlKdZqea57pLBvWoCKuzsg=' 'sha256-GTwWDxuzhV6u86tp9wCi2scsjfuJ1TXqUcJeJqvPx1o=' 'sha256-wYEaWpL3MHgkuRU2WZ6PFqkmXd5wIrad+aADDkGilx4=' 'sha256-IwpdR77xpuKpo+ti3ARFpvOt/6zoikUd0Jh1S3g9rdM=' 'sha256-Kwia2zL2q+DUBjjuTDMBC+ioAs4KbwA/Sv6AV52INks=' 'sha256-FNKwSY5vfwF0sry3B4+a761IBPaUitY5Q762bcUh93k=' 'sha256-0OicVYX9TZ6hUjP+CXEtSqQaLOPNYkqYfwFBsIo0eb8=' 'sha256-0svcGT4/z4oqOlg/B1oJkcCULxq8BkLDe+2YkxxUQdU=' 'sha256-CBluTyNOa+UhfGfl6OKY+dWh3wpGT2W6uSwyvqn0ynk=' 'sha256-L5ifxNVUMbgS5r5mVcRN3/j0UG3bLyIo6JR5Xs0DdbY=' 'sha256-dHiinuxwhkBIsnVTtPLW64rtynITKqNjShPknedIyKo=' 'sha256-/drh+gMS4WEMYFWrSbhuCapkjweZDdWaMbDSMIpkt8g=' 'sha256-3rnIAm0KYRMrXc4zoV7sql1xCsAkvIAeBSCWiTgf0DE=' 'sha256-sfVgMDXBJ3bRI3KxIQHTkXrvj2cZtWUSXBLpaPlQHN0=' 'sha256-UE9bL4PL1T4sHz5ODTBHKINMLTc+zhePlzEFbULIvsc=' 'sha256-snyukPlOHIUWBXTISz2uaxgZZW/5E6iNIIMlRfMFVac=' 'sha256-S22yz9j0ozPyoNuXKOh7ylvUnDWfdBwpTveoIU3kgoM=' 'sha256-q8IGHP7MrQt0eCAzcTtn1eBYZKXDj4R7LobAn1O/q4Y=' 'sha256-WY6+uz6IdDPzynkud2acH8Xb6YZgIzwX4UQsba13ZoU=' 'sha256-wkVGtODVZAY0GHLzahJLFaKbnwQ/JYlWZB8oYjjssRw=' 'sha256-C6+DuFqfXtlP0DL1jvAjvXqn3guvgTXaRmriIcTsg6g=' 'sha256-+gL6ISzo6Zb4C2L0YH6NM8td4r/YLdFoysq/oIzNVIE=' 'sha256-v/dzkzHqRIa9T5wnSXznEM8Z6PpNa8x99b2YUig4DvA=' 'sha256-b7uABITVftx8L0DO6puuyLJhAXiHy8NzhvjULpanhFQ=' 'sha256-BUCY09SNqI5c9v8mKGEwn5BjO2c2pJ0Rde2oYWzmx+c=' 'sha256-lrn24N2jm6osa/hhQcL9yrZHphCbXF++HX+FHmBY8qo=' 'sha256-kpuRo4/Ck7ot2d7T3+XgoQ+2gWsJYEbBL4OFma6BHn8=' 'sha256-Z5kcsbMRBlrp6h6h20538ImPyI5X/yeoh6UrMMVTCmg=' 'sha256-oPePPxLz5gHB/s7ZuePlYKFhbD3zvW9Vdn3Gw/hQ91M=' 'sha256-BwZYgNiDFLANwqe8fvzpzM+bY1YCL86BbKSbOxUJrKU=' 'sha256-DSiG0SMepzlWc0B6SZpGECB0568/aL7LTW9rQ2ceG4Q=' 'sha256-5WjifVRkwIl4x/qxL7c8nSQ7rrTCSvPVYXZgh5s3MD0=' 'sha256-inbBMZiFi126hoTY3iW2Z+/jFBzyoDAsK+SSmeVFKFs=' 'sha256-K2DuZWe8np0hHJTc3v2VDE9eLpM2Vzy7tS83gPyI7HA=' 'sha256-bw5gs5bIeTI7278wrWAEiyNu2RE5qKa/eDIjlvJzZJ0=' 'sha256-80iOO2OmyJQLz0jhOidjgDeTExyJVLlnBVTTq6dLvS8=' 'sha256-n1pflqO0So6O2KLTSpquyRqKorhQDkIXA+n06HRSpeA=' 'sha256-7zqF8EHYh95j0lZqeqxJ6Emb64+q7jmTo2rkF65MwdE=' 'sha256-tGY7pwAQOV0iSHmLwoaCFmej6cicRYIpJY1vUKCcuw4=' 'sha256-JVl837fjPtlccl84RzfKCWy12lyP29TScEw2qohlPS0=' 'sha256-IOCcZ7Be/A7RF6FkQcG0TCuocrIwkGxaIIpydyudBsg=' 'sha256-9ADe7KfERRoLzVtzZoZU3pyolEMJFW+Odva5zElOZ4Y=' 'sha256-tl2DfWluBF16TYCMG10dlqaRKLuSxizdBFlGZp1mjyo=' 'sha256-YdfdBE1PaNnb/TJ2WLqjkHsa7jBcEk1krx+J770uMqM=' 'sha256-XZ/chm1krByQYHsGXeEuvPhhqWNv+XYV72tdweoyVoQ=' 'sha256-/sN2sYm4Z/WDIEJkyFrjwzoFjciYoqC+Za6zGWlDtxM=' 'sha256-W1UXlIygp23032H63L3SgbQi8MLVtfG03IFkiFPoh1E=' 'sha256-ndTmjF6sIxz4YqGWV/D9DHWoXK9ydvTkAJNuhvNOtHk=' 'sha256-KcZq+hwwYNqSsygYrGb8fKRKhGxJhMmFsR7uwV8vBUY=' 'sha256-wJbIq/7iv1alrwVIWWySz0kxb8hIDP3RuosJQTAw2g4=' 'sha256-0OFHZWse8JKMN1f1pc0ffvF5PRHBVBg7u5jTIwHfooA=' 'sha256-Rh41vNZ3xdyRZejmBP/o9ZomTAWB2HVcwoNCSonA7/c=' 'sha256-12X7BFMxgUxMqLHUo7p5WyQ5Ng8Zwn6lh0Eul7R3Hlc=' 'sha256-8U+56I7EjWNYL5x0DxCD4cwC0bm/9PzgXKqS0AMkASc=' 'sha256-EmXV8KWpAY0299hnlvlks+qgPhO0qHLwbXdFBk4MvyQ=' 'sha256-9cfKUW4H6JZM7AKNiMr2t9mCBaokk+5sAIpGKWCHxuQ=' 'sha256-I0RkQmEWBwMxQH3v1FN2Ks9Qai3UgLfKDQP9td6emB4=' 'sha256-E5lBI/iqiAyH+dqOtogSsAZtBGv9CF0tqHDpi81D+mM=' 'sha256-h3tgbm6GyPU09yLUGOb35TcznJiW6SNsL6MqfO5DIcU=' 'sha256-jFff0C97jM92RqfQlRqjSCrWrFQCadqw8+ZVddsiY8M=' 'sha256-iZXkdoNs88W1OlPlhA+FoJIzneAe9MQCFUjIA51dv+o=' 'sha256-boYLrerUk8jRyTtMKWtym+64Ie/146iyDbobU/UiSX0=' 'sha256-3zIhRds8SHzF96MzwcpL+sTLEBxbLsVLyXv0Qe92F1A=' 'sha256-uP6ZXsbf2KWq6hVZ2NMY+x1lt7qUbMKNlPK5QMgZOkE=' 'sha256-A/kvdyGqioj5ftyGndr/nZLgqMeuqkzVCrGgc8N4ZCo=' 'sha256-7IknrrvBtOTE22+Z11bCUEgqXDqdcVvNxcsMa9UWjrc=' 'sha256-ZxCLuPYM+QQbtQeYHMppgMO0QeQ5z5F6InZldBiQ0r4=' 'sha256-N0anMnD8khaw2IZs0lFEGyf0Dc4xViPtZtScozTFabw=' 'sha256-O6WV7L3GdVEHmK7unNhwgZX7m6lkaBBWY/Z1LE9hzBA=' 'sha256-ehvfU9zGpBHvy3uhhQLWaaESpsOvsGDgMhjXytJi/Ic=' 'sha256-wHSDXNWY4JvoA5OpViGIfIJrPOUVSpZUPycKfG63Agw=' 'sha256-/y64eoxJd//6jtkKQn79YaDWiKjfMWQ147vy173JwSg=' 'sha256-tgxmjzYohrXkFpMmrCmmK8x6a2ZxTK8KCwbF2a9tqKs=' 'sha256-jFi5TuHd6FVA9WDKLrmdW5QnsjrVxla5scjBG38C1Jg=' 'sha256-C/r19Nx0TpepqwMYHCH6DUQCHk9gGSWddkLgjEgisxI=' 'sha256-nIeq4cQ4y82c7JPQhwLAguOugya/k7RMH3JSYiCzk10=' 'sha256-6pGy2Z81+8PdFdwfXJW/TbqNIaDgsjenPZddJOVZGNU=' 'sha256-GhzmUpyKpJ1ZZpoLQxFD2Fq9PbhDYqX9MbrdS6G2WhQ=' 'sha256-7zHz6XHWyiV5BLDjyHJ5t9BUJEFx9jn0U+dYD8luMis=' 'sha256-GRAx2iD//A6irUvPGvFxDjGkxu0Lq59Q0F7oW3gnIlM=' 'sha256-ew9wswUxSluzbYdj6f6IwJvZV3uyexGpWIO8XpfApg4=' 'sha256-lH/XsLCW8mwmV49b0+dSpn9J6cF2tJXiGH5fb0bTs90=' 'sha256-1aKByHo0k5dFzMN3taljd8FOFbI4SmNTOGxKFP077+c=' 'sha256-/+EhnUhrNmANNGs8NlV4ee9uUPVHKfYIPIqPbSUxBXk=' 'sha256-2q4kQ+rdB2OqW+PDve9w6NoDhjDD2DnEgy02gk/rt0Q=' 'sha256-bpGDFHsmxs6hrDdrzpp7b985iU7kTjFBXOHnIYPUOiY=' 'sha256-H17ptJasg1iciNfN2bzVe8vh+BgRjCBkoFLllLaEVA8=' 'sha256-mfGBMgl+3r3/n0T5IyR8PJTeDBsSgO4bg8SJ2XwwH6Y=' 'sha256-XkZVmoMdtX7ebsz+RntKpvJ3l90bh0+20jQPctQm0ag=' 'sha256-FRrU0Wi/AIfsO1SoRJY5b9FHlI8Nu9FKUR0KsSyl9CU=' 'sha256-dyrO36SKwnkCwaK9fKgMvmF/EGv2GDK0JEz+M06FgiI=' 'sha256-VqJH0FwL5qa0w47Ou/2VXmBTOAahygTHyOunGnMi3ZY=' 'sha256-f6EmueWbs0IWWzQSvMFKuUyxfBJdpZZ6CyQ9WYZgZuY=' 'sha256-kv+l4YGYQZL/48U9SDO9RfxT0M63P3WprZDWhBQOJB4=' 'sha256-CpmE1q8CxqPrwLvVGYZOXmRFRoXnFf+UsjPn0ek6gOw=' 'sha256-0f5qDeg5d2iD3jRiWqIdbkgn5CVFEQzxt11ktc+FgVI=' 'sha256-C3d0rvU9cC5sMchZnGp82sYmTCL0+d767FiXoKuHoJY=' 'sha256-ElM0Ncbg7nQo4zV991JvGCmOjkdrPSRR0dFjQjRgsvM=' 'sha256-PW1N03ylK3wX7FU71abCXBQfpjxwgU4FM2qzZo1a9ZU=' 'sha256-Sn7OtIZHNPOFWilgzw0UArW4M98NLYIt3jsw721ReKY=' 'sha256-eA4c97eGUCFrmILfxnk1PsxJkrg4zu0d9vf59tqnHrY=' 'sha256-Dux9uRa8M3t5U1l88xj7uxNq3gLLs8ZZipgqMGgPOto=' 'sha256-S10/z5Vq4oyVSY2Yfbr53umqSq1rVzEKNyUZjaF8EPM=' 'sha256-naTTXC9dwgLdPtHewUFLrqvHQcdUvAX3Y43UxqLuet8=' 'sha256-MIl1OEiHoJUiPm1JelsOsPdl9x5KqXRqxyE6isyJIdc=' 'sha256-x1pk8xmRPxcbI4WuBTVs2wSt8Q+Ff2ht6rTpSgj6z74=' 'sha256-p4gD/hXte09XDyH9dj97FeaWj5K/Kexh5sGrKiAoXrs=' 'sha256-vKX42idkrBkekpROyWmAjTLwVAYtYMHRgGd3j1OISXk=' 'sha256-BnCI3lVEodagWsYSqNkdzI6SuIr0mLIsL/BdFQTi1A8=' 'sha256-VX22EwCSRge22rEHFEAjMOL0mPh/tkdcuxTu53zGokc=' 'sha256-wn9w4k+pdNWh4WVAVBR5pszrUqrM5Dyr8gFaLnF6n38=' 'sha256-ZToFMkf5H4J2SiSd8ptkPhhhmv0e+uxjMDPnpQDSULM=' 'sha256-sciPiePRVvy4tJ2l5q5+u5Fum7xV8mJAcK8uMVxcZBs=' 'sha256-tiMyT2kJWk9gX9jwPW/wO7L5DcHNUh6Sao3AzBx/UWc=' 'sha256-gTNKBW/M/zNBjiqPQwS0ECum+JfiMgJjZmkYVx5OPcw=' 'sha256-reLLWDjxidKAt2zNDRsl+bXkcsCVPX0iKhw4haYBjd0=' 'sha256-cQLxZGpnDbda/6FTEA2mqBA6cbGf3RyDWtodgkrGUwY=' 'sha256-pdwVfY4tvmgrtgDssGR+60TAQIQ2srhDZIb652ri8fs=' 'sha256-lcTx3iFVD7mYp6dVv3qG57diET2+Jx3svPkP8e3tG3Q=' 'sha256-TGg73Jjef3su0lLJf5aeCQhE3BZHqU0Pkeev6VVnHS0=' 'sha256-NA6JekcsRH4MXKKWK8T0fxbhx67iytbQiKUjwphXYZA=' 'sha256-8X9Tmnu7Cm6gEq+/cLhLaTyH/+9S1zfgxXmzEMfDFBc=' 'sha256-rl/Og5sT3562pxn1XvCC8GEFVbiE3QARMjS5OmuOYMk=' 'sha256-rYL1oK2MdVeozKoMK45k1OMcJ9uBeDA4zv5QCyrstbA=' 'sha256-xmLM77SEHEI9B5uZzKfaErfEFk5OocUuej6ITyBmItY=' 'sha256-+Vky7BYRGHruDQzJfQqBTDbuOFmxBGYHmXhbvdmpdCE=' 'sha256-89/0fk1wLiuTVo5U6RbzVYR54EZKTaxBxuv5B8AYx4w=' 'sha256-G9PmJ9lH5czXghV+e2o21oUwYhdFkNNThIALu+kW2No=' 'sha256-Z4n/gJ5EC38lYAI4e/+VWL4Sb5ZjoXymkgPw5ncvoqU=' 'sha256-Ase7fAQ+xgXY1NjG/3qUUeDj4BKh2GPj1U9vcRXd4fY=' 'sha256-M3OI1qX1U3xK0papA5Jmp5dAGsy1x+/wmq+SrkruICs=' 'sha256-WZGEGKe9kMVDKO1IeZtGJrer9D2x2cxq0yBc7phEtMs=' 'sha256-oivKmu/e8xkyxlYZ11c2A+3VypGSPJiApJwIfoGXdW0=' 'sha256-uJsxhHh+CBQQSADuOneF8ld05h0G39igWSOHTD+yElw=' 'sha256-BevxqnWgv+iBKXNpTL2PUL2iYsxPVg7mHT55YoRPpCs=' 'sha256-9gB5s2V9g8bmfvUppQ4yCD4jC1wcdDv4Sp7/zmjGNi4=' 'sha256-6IvDhb1UIS5ovJbVSB76ehDb5mkro3gcaoV0GQtvsRM=' 'sha256-WMrmz7wxPHAwUC3CiiCcWBfvwTxSkMn21kMqvQ4Mmdw=' 'sha256-OrFhJZ4GnF0qoFlTGQqk5r6LHC9PNtYiKQdrnp1l5SM=' 'sha256-cYjMo89fKPIdRVbNdTjrhdsXmU248Z7Cexa4hVNmSyY=' 'nonce-sfIIoQloQ2ReMe4tetOWSalWUpm2QgkAQKLFtCQdNmY='; frame-src   'self' https://apim.scb.nu *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com www.googletagmanager.com cdn.consentmanager.net https://*.giosg.com https://*.giosgusercontent.com; child-src   'self' blob: *.hotjar.com blob:; img-src     * 'self' data: blob: *.hotjar.com google-analytics.com optimize.google.com  region1.google-analytics.com region1.analytics.google.com ; style-src   'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com; connect-src https://apim.scb.nu wss://*.santanderconsumer.se wss://*.santander.se *.santanderconsumer.se *.santander.se *.santanderconsumer.dk *.santander.dk *.santanderconsumer.fi *.santander.fi *.santanderconsumer.no *.santander.no https://santanderconsumer.dk https://santander.dk *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.google-analytics.com https://analytics.google.com *.doubleclick.net *.consentmanager.net 291santanderdk.boost.ai *.google.com region1.google-analytics.com region1.analytics.google.com *.mouseflow.com https://*.googlesyndication.com 'self' https://*.giosg.com https://*.giosgusercontent.com data: blob: *.tt.omtrdc.net https://ggsa--sant-dk--pro--87.ew.r.appspot.com ; font-src    'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com cdn.mouseflow.com https://*.giosg.com https://*.giosgusercontent.com; worker-src  'self' blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-Ue+bdvK6cZX0a/lDWpcLNg=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://chitter.xyz; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js; script-src 'self' https://sdk.privacy-center.org https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * 'self' blob: data: 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
script-src 'self' www.google-analytics.com *.googleapis.com www.googletagmanager.com api.nasdaqomx.wallst.com *.vimeo.com *.vimeocdn.com www.gstatic.com 'unsafe-inline' ssl.google-analytics.com *.doubleclick.net *.google.com *.google.com.au www.youtube.com *.dynonobel.com code.jquery.com assets.adobedtm.com 'unsafe-eval' *.cloudfront.net *.multiview.com *.kickfire.com *.rumiview.com *.dialogtech.com; 1
frame-ancestors 'self' *.google.com *.amp.colgate.it amp.colgate.it; 1
default-src 'self' data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.tinymce.com cdn.tiny.cloud cdn.jsdelivr.net js.nicedit.com www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com apis.google.com www.google-analytics.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com;style-src 'self' 'unsafe-inline' cloud.tinymce.com cdn.tiny.cloud cdn.jsdelivr.net js.nicedit.com www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com maxcdn.bootstrapcdn.com 1
default-src 'none' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; font-src * data: 'unsafe-eval'; frame-src *; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' *.itrsgroup.com; script-src 'unsafe-inline' 'unsafe-eval' *.itrsgroup.com *.onetrust.com *.uptrendsdata.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google-analytics.com *.zendesk.com *.zdassets.com *.pardot.com *.googletagmanager.com *.zopim.com *.google.com *.googleadservices.com *.doubleclick.net *.wistia.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.gstatic.com *.rawgit.com ws.zoominfo.com tags.clickagy.com *.6sc.co *.licdn.com *.storylane.io *.salesloft.com; style-src 'unsafe-inline' *.itrsgroup.com *.onetrust.com *.cloudflare.com *.jsdelivr.net *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com *.rawgit.com *.myfonts.net; img-src data: https:; frame-src *.itrsgroup.com *.google.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com cezanneondemand.intervieweb.it observablehq.com hemsync.clickagy.com *.workable.com *.storylane.io; frame-ancestors *.itrsgroup.com; font-src data: *.itrsgroup.com *.jsdelivr.net *.gstatic.com *.zopim.com; connect-src *.itrsgroup.com *.onetrust.com *.uptrendsdata.com *.zendesk.com *.algolia.net *.algolianet.com noembed.com *.zdassets.com wss://*.zopim.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com data: *.6sc.co *.6sense.com cdn.linkedin.oribi.io *.salesloft.com px.ads.linkedin.com; base-uri 'self' 1
default-src 'self' *.discus.com/ *.discuscdn.com/ www.ncbar.gov/;             connect-src 'self' stats.g.doubleclick.net/j/ www.google-analytics.com/ *.addthis.com/ *.disquscdn.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ wss://ws3.hotjar.com/api/ www.clarity.ms/ www.ncbar.gov/;             prefetch-src 'self' *.discus.com/ *.discuscdn.com/ www.ncbar.gov/;             font-src 'self' data: fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ fonts.gstatic.com/ *.disquscdn.com/;             frame-src 'self'  www.ncbar.gov/ www.googletagmanager.com/ www.google.com/recaptcha/ www.facebook.com/tr/ *.addthis.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ *.youtube.com/ *.doculicious.com/;             child-src www.youtube.com/ www.ncbar.gov/;             img-src 'self' data: blob: www.facebook.com/ www.google-analytics.com/ stats.g.doubleclick.net/r/ www.google.com/ads/ maps.gstatic.com/mapfiles/ maps.googleapis.com/ dashboard.umbraco.org/ umbraco.tv/ cdn.viglink.com/ *.disqus.com/ *.addthis.com/ sync.crwdcntrl.net/map/ tags.rd.linksynergy.com/ ps.eyeota.net/ *.ads.linkedin.com/ p.adsymptotic.com/ www.ncbar.gov/;             media-src 'self';             object-src 'self' c.brightcove.com/ www.ncbar.gov/;             script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com/ marathonconsulting.atlassian.net/ www.googletagmanager.com/ www.google-analytics.com/ *.addthis.com/ *.addthisedge.com/ snap.licdn.com/ connect.facebook.net/ *.ads.linkedin.com/ disqus.com/ *.disqus.com/ *.disquscdn.com/ www.linkedin.com/ *.hotjar.com/ www.clarity.ms/ code.jquery.com/ *.aspnetcdn.com/ *.googleapis.com/ *.moatads.com/ www.ncbar.gov/ ;             style-src 'self' 'unsafe-inline' fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ *.disquscdn.com/ code.jquery.com/ *.googleapis.com/ www.ncbar.gov/ ; 1
script-src 'self' bookwyrm-social.sfo3.digitaloceanspaces.com 'nonce-fTKuytQcGCONm1E3tFpiCw=='; default-src 'self' bookwyrm-social.sfo3.digitaloceanspaces.com 1
child-src insurance.carcogroup.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com analytics.google.com; default-src 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com; form-action 'self' https://sitelocator.carcogroup.com; frame-ancestors 'self'; frame-src 'self' insurance.carcogroup.com agent.carcogroup.com player.vimeo.com engage.newmode.net; img-src 'self' https://www.facebook.com shield.sitelock.com stats.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com cdn.ckeditor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://connect.facebook.net  https://player.vimeo.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com analytics.google.com cdn.ckeditor.com engage.newmode.net blog.apps.npr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.ckeditor.com hello.myfonts.net; report-uri https://cisive.report-uri.com/r/d/csp/enforce; 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';    script-src 'self' http://www.googletagmanager.com    https://maps.google.com    https://platform-api.sharethis.com    https://widget.trustpilot.com    https://maps.googleapis.com    http://www.google-analytics.com    https://www.googleadservices.com    https://googleads.g.doubleclick.net    https://*.klaviyo.com    https://buttons-config.sharethis.com    https://static.hotjar.com    https://script.hotjar.com    https://*.hotjar.io    https://*.hotjar.com    https://*.stripe.com    https://connect.facebook.net    https://analytics.tiktok.com    https://*.clarity.ms    https://sc-static.net    https://config1.veinteractive.com    https://loader.wisepops.com    https://js.hs-analytics.net    https://js.hs-banner.com    https://js.hsadspixel.net    https://js.hsleadflows.net    https://a.volvelle.tech    https://analytics.webgains.io    https://px.veinteractive.com    https://js.hs-scripts.com    https://cookie-cdn.cookiepro.com    https://geolocation.onetrust.com    https://cc-cdn.com    https://bat.bing.com    https://cdn.wisepops.com    https://loader.wisepops.com    https://activity.wisepops.com    https://popup.wisepops.com    https://tracking.wisepops.com    https://app.getwisp.co     https://wisepops.net     https://cdn.wisepops.net    https://dx4nr741tfc02.cloudfront.net     https://wisp-production-storage.s3.amazonaws.com    https://cdn.attn.tv/shoesforcrews-gb/dtag.js    https://*.attn.tv    https://*.attentive.com    https://www.paypalobjects.com    https://www.paypal.com 'unsafe-inline' 'unsafe-eval';    base-uri 'self'; frame-ancestors 'self'; 1
Content-Security-Policy: default-src 'self' ideal-postcodes.co.uk *.ideal-postcodes.co.uk 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; object-src 'none'; frame-ancestors 'self'; base-uri *; 1
default-src rosneft-lubricants.ru *.rosneft-lubricants.ru 'self' 'unsafe-inline'; img-src rosneft-lubricants.ru *.rosneft-lubricants.ru 'self' data: https://mc.yandex.ru/watch/26812653 https://vk.com/rtrg https://api-maps.yandex.ru/ https://yandex.ru/clck/counter/ https://core-renderer-tiles.maps.yandex.net/tiles https://mc.yandex.ru/clmap/ https://cp.i-actions.ru/utils/ https://www.google-analytics.com/collect https://promo-kit.ru/api/v1/participants https://www.googletagmanager.com/gtag/js; media-src rosneft-lubricants.ru *.rosneft-lubricants.ru; script-src inline 'unsafe-inline' 'unsafe-eval' rosneft-lubricants.ru *.rosneft-lubricants.ru https://code.jquery.com/jquery-3.5.1.min.js https://vk.com/js/api/openapi.js https://api-maps.yandex.ru/ https://mc.yandex.ru/metrika/tag.js https://yastatic.net/s3/front-maps-static/ https://core-renderer-tiles.maps.yandex.net/tiles https://mc.yandex.ru/watch/38427 https://mc.yandex.ru/clmap/ https://www.googletagmanager.com/gtm.js https://yastatic.net/es5-shims/0.0.2/es5-shims.min.js https://yastatic.net/share2/share.js https://polyfill.io/v3/polyfill.min.js https://platform.bafsy.com/cdp/actions.js https://349426.selcdn.ru/cbf-storage/ZXing.js https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/ https://openfpcdn.io/fingerprintjs/v3 https://mc.yandex.ru/watch/26812653 https://mc.yandex.ru/metrika/ https://platform.bafsy.com/api/v1/cdp/profiles https://www.google-analytics.com/j/ https://promo-kit.ru/api/v1/ https://www.googletagmanager.com/gtag/js; connect-src rosneft-lubricants.ru *.rosneft-lubricants.ru https://mc.yandex.ru/watch/38427575 https://mc.yandex.ru/clmap/ https://netcat.ru/announces/info.php https://promo-kit.ru/api/v1/participants https://mc.yandex.ru/watch/26812653 https://www.google-analytics.com/j/ https://promo-kit.ru/api/v1/ https://platform.bafsy.com/api/v1/cdp/profiles; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-ap-southeast-1.amazonaws.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://assets.wogaa.sg https://assets.adobedtm.com https://www.onemap.gov.sg https://snap.licdn.com/ https://www.onemap.gov.sg/c52fc279-8768-4eb0-a068-e3d11c1da8ed data: application/javascript https://www.instagram.com https://player.twitch.tv https://api.search.gov.sg https://www.search.gov.sg/js/searchbar.js https://www.search.gov.sg/js/searchresult.js  blob: https://api.search.gov.sg; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://assets.wogaa.sg/fonts https://assets.wogaa.sg https://www.search.gov.sg/fonts-open-sans.css; font-src 'self' fonts.gstatic.com https://assets.wogaa.sg/fonts https://assets.wogaa.sg assets.wogaa.sg kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://www.search.gov.sg; img-src 'self' www.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com https://wogadobeanalytics.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://px.ads.linkedin.com https://p.adsymptotic.com http://region1.google-analytics.com http://region1.analytics.google.com; media-src 'self' data: blob:; frame-src https://www.instagram.com/ https://player.twitch.tv/ https://www-ipos-gov-sg-admin.cwp.sg/ https://www.onemap.gov.sg/ https://forms.cwp.gov.sg/ https://www.youtube.com/ https://form.gov.sg/ https://www.form.gov.sg/ https://ask.gov.sg/ https://www.ask.gov.sg/ https://search.gov.sg https://www.search.gov.sg/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://wogaa.demdex.net https://tools.onemap.sg https://www.onemap.sg https://tools.onemap.gov.sg https://www.onemap.gov.sg https://forms.cwp.gov.sg https://www.google.com/ https://www.instagram.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://api.sentiments.wogaa.sg/ https://*.dec.sitefinity.com *.mktoresp.com https://stg-api.sgsmil.es https://dpm.demdex.net https://snowplow-web.wogaa.sg https://www.google-analytics.com http://region1.google-analytics.com http://region1.analytics.google.com https://cdn.linkedin.oribi.io/partner/ https://api.search.gov.sg/v1/suggest; 1
default-src https: 'unsafe-inline' data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; frame-ancestors 'self'; connect-src wss://cloud2.chatbeacon.io wss://global.vss.twilio.com/signaling wss://*.twilio.com https://cloud2.chatbeacon.io https://www.google-analytics.com https://analytics.google.com https://*.userway.org https://stats.g.doubleclick.net https://*.googleapis.com 'self'; 1
frame-ancestors 'self' https://loopup.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://polyfill.io https://www.google.com https://trk.techtarget.com https://ws.zoominfo.com https://www.gstatic.com https://use.typekit.net https://ajax.googleapis.com https://go.loopup.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-usa.mkt.dynamics.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=HK&lang=zh-Hant-HK&device=desktop&yrid=3bcom2liqubsu&partner=; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.popinabox.it https://m.popinabox.it https://checkout.popinabox.it https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://queer.party; img-src 'self' https: data: blob: https://queer.party; style-src 'self' https://queer.party 'nonce-/z+fhXHZtuQCTPri9vxlBg=='; media-src 'self' https: data: https://queer.party; frame-src 'self' https:; manifest-src 'self' https://queer.party; form-action 'self'; connect-src 'self' data: blob: https://queer.party https://content.queer.party wss://queer.party; script-src 'self' https://queer.party 'wasm-unsafe-eval'; child-src 'self' blob: https://queer.party; worker-src 'self' blob: https://queer.party 1
default-src 'self' https://*.hs-coburg.de https://*.coburg-university.de https://www.google.com/ https://spenden.twingle.de https://e.issuu.com https://www.youtube.com https://www.google-analytics.com https://ssl.google-analytics.com https://embed.eventfrog.de https://www.youtube-nocookie.com https://www.xing-events.com https://jelicnr.xing-events.com https://*.xing-events.com https://www.googletagmanager.com https://region1.google-analytics.com data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.cookiebot.com *.ads-twitter.com *.facebook.net *.gstatic.com; frame-src 'self' *.cookiebot.com *.google.com; object-src 'self' 1
default-src 'self' *.youtube.com *.google.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.bzcompany.cz; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google-analytics.com *.upv.cz cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.bzcompany.cz cdn.jsdelivr.net *.upv.cz cdnjs.cloudflare.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.jsdelivr.net cdnjs.cloudflare.com; connect-src 'self' *.google-analytics.com *.upv.cz 1
default-src 'self';frame-ancestors 'self';frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ;img-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com reltio.com *.reltio.com *.driftqa.com *.driftt.com *.quora.com *.adsymptotic.com *.neverbounce.com *.ssl.cf1.rackcdn.com pbs.twimg.com *.truste.com *.6sc.co secure.adnxs.com match.adsrvr.org *.linkedin.com match.prod.bidr.io id.rlcdn.com *.netdna-ssl.com *.googleusercontent.com *.zoominfo.com marketo.clearbit.com boards.greenhouse.io *.6sense.com *.acuityplatform.com to.getnitropack.com consent.trustarc.com consent-pref.trustarc.com tracker-detail-page.trustarc.com 885-xap-742.mktoutil.com cdn.bizible.com cdn.bizibly.com static.ads-twitter.com analytics.twitter.com t.co *.brighttalk.com playlist.megaphone.fm *.bc0a.com cdn.linkedin.oribi.io *.googlesyndication.com www.clarity.ms *.clarity.ms *.b0e8.com share.transistor.fm ; 1
frame-ancestors 'self' hhla.de *.hhla.de ; 1
frame-ancestors 'self' *.bunq.com *.bunq.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.archives.gov www.googletagmanager.com www.google-analytics.com dap.digitalgov.gov script.crazyegg.com cdn.jsdelivr.net mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.archives.gov  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self'; report-uri https://www.clintonlibrary.gov/report-uri/enforce 1
default-src 'self' data: gap: ws: 'unsafe-inline' 'unsafe-eval' api.paymentwall.com account.customersbilling.net whmcs.com.ua hostadvice.com *.twimg.com *.gstatic.com www.facebook.com connect.facebook.com www.facebook.net connect.facebook.net  *.googleapis.com *.google.com platform.twitter.com syndication.twitter.com mc.yandex.ru www.google-analytics.com google-analytics.com *.gravatar.com *.jivosite.com jivosite.com chart.apis.google.com 1
script-src 'self' developers.google.com *.facebook.com * maps.google.com maps.googleapis.com layerslider.kreaturamedia.jquery.js 'unsafe-eval' 'unsafe-inline' *.online.habibmetro.com *.habibmetro.com *.code.jquery.com/jquery-1.8.2.js *.maps.gstatic.com *.habibmetro.com *.connect.facebook.net/en_US/fbevents.js *.googletagmanager.com/gtag/js?id=UA-129502961-1 *.google.com/recaptcha/api.js?hl=en *.cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/additional-meth * ; img-src 'self' *.online.habibmetro.com *.code.jquery.com/jquery-1.8.2.js *.habibmetro.com *.maps.google.com *.maps.gstatic.com *.maps.googleapis.com *.connect.facebook.net/en_US/fbevents.js *.googletagmanager.com/gtag/js?id=UA-129502961-1 *.google.com/recaptcha/api.js?hl=en *.facebook.com *.cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/additional-method * data: ; object-src 'none' 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com partners.designmynight.com atlas.microsoft.com *.cdn-cookieyes.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css; font-src 'self' data: *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com tkmenus.com atlas.microsoft.com *.liveres.co.uk *.braintreegateway.com *.sevenrooms.com *.googleads; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.hotjar.com cdn-cookieyes.com *.tiktok.com *.licdn.com *.ads-twitter.com *.twitter.com *.bing.com *.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.exponea.com *.tenkites.com tkmenus.com *.braintreegateway.com menus.tenkites.com partners.designmynight.com code.jquery.com secure.livebookings.com bda.bookatable.com atlas.microsoft.com connect.facebook.net *.liveres.co.uk https://songbird.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/intlTelInput.min.js https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/js/utils.min.js *.recaptcha.net *.sevenrooms.com *.googleads; worker-src 'self' blob: atlas.microsoft.com; frame-ancestors 'self' *.googleapis.com *.google.com *.google.com *.gstatic.com menus.tenkites.com *.sevenrooms.com; object-src 'none' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7tf2pgliqu4dm&partner=; 1
default-src 'self' 'unsafe-inline' *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *cookielaw.org *.googlesyndication.com gaes.es www.gaes.es https://fonts.googleapis.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teads.tv *.adnxs.com *.arkeero.net *.outbrain.com *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com *.youtube.com *.omtrdc.net gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net *.fontawesome.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' *.youtube-nocookie.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; img-src 'self' data: *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com lh3.googleusercontent.com *.youtube-nocookie.com *.youtube.com *.efike.co *.kleup.com *.trksis.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; connect-src 'self' *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.hotjar.com *.google.com *.adgoaffiliation-int.com *.adgoaffiliation.com *.onetrust.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com *.youtube.com *.adobedc.net *.demdex.net *.hotjar.io *.amplifoninternal.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com wss://*.twilio.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net *.fontawesome.com; font-src 'self' data: *.youtube-nocookie.com *.alt120.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; frame-src 'self' *.teads.tv *.adnxs.com *.arkeero.net *.google-analytics.com *.doubleclick.net *.adgoaffiliation-int.com *.adgoaffiliation.com *.entregarapida.es *.hotjar.com *.cookielaw.org *.googlesyndication.com *.youtube-nocookie.com youtube.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; worker-src 'self' *.youtube-nocookie.com *.youtube.com gaes.es www.gaes.es https://*.iadvize.com wss://*.iadvize.com https://fonts.googleapis.com fonts.googleapis.com assets.adobedtm.com fonts.gstatic.com dpm.demdex.net www.googletagmanager.com www.google-analytics.com halc.iadvize.com maps.googleapis.com www.everestjs.net amplifon.demdex.net cm.everesttech.net amplifongroup.tt.omtrdc.net lasteventf-tm.everesttech.net connect.facebook.net 8076233.fls.doubleclick.net stats.g.doubleclick.net aa.agkn.com idsync.rlcdn.com dp2.33across.com cm.g.doubleclick.net ps.eyeota.net fei.pro-market.net smetrics.gaes.es www.google.com www.google.it ads.scorecardresearch.com aorta.clickagy.com adservice.google.com www.facebook.com sync.crwdcntrl.net api.iadvize.com sync-tm.everesttech.net i.ibb.co pixel.rubiconproject.com p1.zemanta.com px.sunmedia.tv cdn.taboola.com secure.quantserve.com s.yimg.com dsum-sec.casalemedia.com ib.adnxs.com us-u.openx.net image2.pubmatic.com sync.search.spotxchange.com data.audiens.com pixel.onaudience.com spl.zeotap.com rules.quantcount.com secure.adnxs.com amplify.outbrain.com www.googleadservices.com ad.doubleclick.net tr.outbrain.com googleads.g.doubleclick.net pixel.quantserve.com trc.taboola.com sp.analytics.yahoo.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com maps.gstatic.com emea.api.amplifoninternal.com mobileb2c.amplifon.com trc-events.taboola.com www.gstatic.com ajax.googleapis.com consent.cookiebot.com bat.bing.com consentcdn.cookiebot.com 8805222.fls.doubleclick.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.hs-scripts.com https://*.pinimg.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.fr https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.youtube.com https://*.google-analytics.com https://*.admo.tv https://*.bing.com https://*.doubleclick.net https://*.hermesmc.fr https://hermesmc.fr https://*.metaffiliation.com https://*.ytimg.com https://*.weborama.fr https://*.gwallet.com https://*.bootstrapcdn.com https://mc35.fr https://*.vocalcom.com https://*.cookielaw.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.amicio.eu 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-05845aed-27b1-449c-8b00-5f5ab3eec6d4' https://www.google.com/recaptcha/api.js; 1
frame-ancestors 'self' http://www.philips.at *.philips.com *.philips.at https://philipsigtdpv.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://apps.mypurecloud.com/webchat/jsapi-v1.js https://dhqbrvplips7x.cloudfront.net/ 1
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com; 1
default-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bhuntr.com *.bhuntr.com *.bountyhunter.co *.cloudfront.net *.doubleclick.net *.google.com *.google.com.tw *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googleapis.com *.googlevideo.com *.twitter.com *.amplitude.com *.fullstory.com *.gstatic.com *.facebook.net *.facebook.com *.youtube.com s.ytimg.com *.googlesyndication.com *.google-analytics.com *.intercom.io *.intercomcdn.com *.sentry-cdn.com *.ecpay.com.tw *.api.infobip.com *.amazonaws.com *.typeform.com *.line-website.com *.line.me cdnjs.cloudflare.com mozilla.github.io securepubads.g.doubleclick.net googleads.g.doubleclick.net scdn.line-app.com cdn.ampproject.org fullstory.com d.line-scdn.net data.gcis.nat.gov.tw code.jquery.com cdn.jsdelivr.net *.tiktok.com *.ttwstatic.com *.instagram.com unpkg.com openfpcdn.io;img-src * data: blob: 'self';font-src * data: 'self';connect-src * data: 'self' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipstack.com https://covid-19-data.p.rapidapi.com https://region1.google-analytics.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://cdn.yoshki.com/ ; img-src 'self' https://www.google-analytics.com/ https://img.youtube.com https://i.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self';connect-src 'self' www.google-analytics.com *.linkedin.com *.licdn.com www.googleadservices.com www.google.com *.facebook.com connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;font-src 'self' fonts.gstatic.com data:;frame-src 'self' www.linkedin.com bid.g.doubleclick.net *.facebook.com connect.facebook.net;img-src 'self' blob: data: www.google.ch www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com *.linkedin.com *.licdn.com p.adsymptotic.com googleads.g.doubleclick.net www.google.com *.facebook.com *.facebook.net *.fbcdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';script-src 'self' 'nonce-Z9Uh3dFHEVr37rBM' 'strict-dynamic' tagmanager.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com www.googleadservices.com www.google.com googleads.g.doubleclick.net https://connect.facebook.net https://graph.facebook.com https://js.facebook.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.licdn.com;worker-src 'self';media-src 'self' media.licdn.com;child-src 'self' *.facebook.com connect.facebook.net;object-src 'none';base-uri 'none';form-action 'self' *.facebook.com connect.facebook.net;frame-ancestors 'self' https://*.tkb.ch;sandbox allow-same-origin allow-scripts allow-forms allow-downloads allow-popups allow-modals allow-popups-to-escape-sandbox; 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net *.getsitecontrol.com connect.facebook.net maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com https://cdnjs.cloudflare.com https://www.googleadservices.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://mim07.dyndevice.com/ 1
img-src 'self' asmr.com www.asmr.com secure.gravatar.com www.google-analytics.com data:; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__en.js js-agent.newrelic.com www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js; style-src 'self' 'unsafe-inline' asmr.com www.asmr.com/wp-content/uploads/2018/08/ASM_logo_WHT-1.png fonts.googleapis.com; 1
default-src 'self'; font-src https:;img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https:; frame-src https:; connect-src https: 1
frame-ancestors 'self' *.bluecatnetworks.com bluecat.pathfactory.com bluecat.lookbookhq.com; 1
default-src 'self' https://nominatim.openstreetmap.org/; img-src 'self' data: https: *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com  https://*.hcaptcha.com  https://unpkg.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: https: fonts.googleapis.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com  *.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: widgets.outbrain.com z.moatads.com adservice.google.ae adservice.google.al adservice.google.dz adservice.google.be adservice.google.bg adservice.google.ca adservice.google.co.id adservice.google.co.in adservice.google.co.jp adservice.google.com adservice.google.com.ag adservice.google.com.ar adservice.google.com.au adservice.google.com.bn adservice.google.com.br adservice.google.com.co adservice.google.com.ng adservice.google.com.ph adservice.google.com.tr adservice.google.com.ua adservice.google.co.nz adservice.google.co.th adservice.google.co.uk adservice.google.co.za adservice.google.de adservice.google.fr adservice.google.hr adservice.google.ie adservice.google.it adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.ru adservice.google.se adservice.google.si ajax.googleapis.com *.addthis.com *.nr-data.net cdn.ampproject.org cdnjs.cloudflare.com cdn.syndication.twimg.com connect.facebook.net *.doubleclick.net js-agent.newrelic.com *.lagrangesystems.net ob.cheqzone.com obs.cheqzone.com *.outbrain.com platform.twitter.com *.longtailvideo.com ssl.google-analytics.com tpc.googlesyndication.com v1.addthisedge.com www.google-analytics.com www.googletagservices.com www.priceplow.com adservice.google.fi adservice.google.dk adservice.google.ch libs.sphere.com adservice.google.no *.instagram.com; report-uri /.webscale/csp-report 1
frame-ancestors 'self' wien-ticket.at *.wien-ticket.at; 1
default-src 'self' statistiek.rijksoverheid.nl cdn.mouseflow.com; frame-src www.youtube.com; img-src 'self' cdn.sanity.io statistiek.rijksoverheid.nl cdn.mouseflow.com api.mapbox.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' statistiek.rijksoverheid.nl cdn.mouseflow.com 'wasm-unsafe-eval' 'unsafe-inline'; child-src 'self' blob:; connect-src 'self' http://localhost:4321 https://* wss://*; worker-src 'self' blob:; 1
default-src 'self' plugout2.halcom.rs data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self' plugout2.halcom.rs com.nexusgroup.plugout: 'unsafe-eval' 'unsafe-inline' data: blob: ; style-src 'self' data: blob: 'unsafe-inline'; font-src 'self' data: blob: 'unsafe-inline'; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com code.jquery.com maps.googleapis.com google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.google.com *.googleapis.com *.use.fontawesome.com *.jsdelivr.net; font-src 'self' 'unsafe-inline' *.fontawesome.com gstatic.com; 1
default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io; img-src 'self' data: blob: www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io; worker-src 'self' blob:; 1
default-src https://*.hotjar.com https://*.hotjar.io https://proofed.com https://proofed.co.uk https://getproofed.com.au wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://bancintranets.com https://*.bancintranets.com https://ncontracts.com https://*.ncontracts.com https://*.my100bank.com https://*.greatercb.com https://csbintranetnews.com https://*.csbintranetnews.com https://*.cambridgesavings.com https://libby-intranet.com https://*.firstbank.com https://quonticportal.com https://*.quonticportal.com https://bankatcity.com https://*.bankatcity.com https://wsbemployee.com https://wvbkthevault.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://try.abtasty.com/7386a07c3fccb6c60391c3101b717a03/*.json teddytor.abtasty.com dwc2uwp2r4ivz.cloudfront.net djoqld7mxzop2.cloudfront.net d1z5v3b18m1ft1.cloudfront.net  staging.assets.web4u.valeoservice.systems static.valeoservice.systems d1lx47257n5xt.cloudfront.net dzl2wsuulz4wd.cloudfront.net pages.cld.bz hm.baidu.com connect.facebook.net www.google.com www.gstatic.com www.youtube.com maps.googleapis.com static.addtoany.com gateway.on24.com orion.akamaized.net www.googletagmanager.com www.google-analytics.com cld.bz i1.ytimg.com assets-valeo.keepeek.com www.valeoservice.com www.catmag.co.uk www.valeo.com lh6.googleusercontent.com techassist.valeoservice.systems fonts.gstatic.com js-cdn.music.apple.com apps.apple.com static.doubleclick.net cdn.cookielaw.org *.pardot.com d3o8bbhci2lzxj.cloudfront.net ckf.web4u.valeoservice.systems abtasty.web4u.valeoservice.systems cdnjs.cloudflare.com assets.web4u.valeoservice.com cdn.jsdelivr.net vk.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js *.google.com; 1
default-src 'self' blob: storage.net-fs.com *.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com *.doubleclick.net region1.analytics.google.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at *.eloqua.com cdn.linkedin.oribi.io *.linkedin.com; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at player.vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.googletagmanager.com *.gstatic.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: region1.analytics.google.com www.google.de www.google.at storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.eloqua.com px.ads.linkedin.com *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net test.frequentis.com.xserv21032.hybridserver.at *.en25.com snap.licdn.com blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1
default-src 'self' *.blob.core.windows.net; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com kit.fontawesome.com *.wistia.com cdn.insight.sitefinity.com www.googleadservices.com stats.sa-as.com snap.licdn.com blog.trinityconsultants.com static.hotjar.com www.google-analytics.com googleads.g.doubleclick.net script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com trinityprod.trinityconsultants.com *.blob.core.windows.net trinityconsultants.com *.wistia.com stats.sa-as.com px.ads.linkedin.com blog.trinityconsultants.com www.google.com www.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: ka-p.fontawesome.com *.wistia.com; frame-src 'self' td.doubleclick.net; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com kit.fontawesome.com ka-p.fontawesome.com *.wistia.com analytics.google.com www.googleadservices.com www.google-analytics.com px.ads.linkedin.com www.google.com stats.g.doubleclick.net ws.hotjar.com content.hotjar.io wss://ws.hotjar.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 1
frame-ancestors *.swaven.com 1
frame-ancestors 'self' https://ideas.syntellis.com http://ideas.syntellis.com http://ideas.kaufmanhall.com https://ideas.kaufmanhall.com; report-uri https://www.kaufmanhall.com/report-uri/enforce 1
report-uri dans.knaw.nl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net https://www.clarity.ms; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.thinkofliving.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.silvercloudinc.com googletagmanager.com www.googletagmanager.com www.googleadservices googleadservices.com https://www.googleadservices.com https://static.ads-twitter.com https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.silvercloudinc.com https://tags.srv.stackadapt.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.silvercloudinc.com https://t.co https://analytics.twitter.com https://www.google.com *.doubleclick.net *.stackadapt.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://www.youtube.com/ 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.silvercloudinc.com litho.silvercloudinc.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://maps.googleapis.com https://analytics.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' winkworth-dev-admin.azurewebsites.net winkworth-mvc.azurewebsites.net *.winkworth.co.uk winkworth-uat-admin-13.azurewebsites.net winkworth-uat-admin.azurewebsites.net winkworthadmin.deletedev.com digital.winkworth.co.uk winkworth-admin.azurewebsites.net winkworthadmin.deletestaging.com winkworth-preprod-admin.azurewebsites.net; 1
default-src 'self' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com www.youtube.com go.sudoplatform.com https://go.sudoplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com anonyome.us2.list-manage.com js.zi-scripts.com ws.zoominfo.com go.sudoplatform.com https://go.sudoplatform.com; style-src 'self' 'unsafe-inline' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com i.ytimg.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: cognito-identity.us-east-1.amazonaws.com pinpoint.us-east-1.amazonaws.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: fonts.gstatic.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com; object-src cognito-identity.us-east-1.amazonaws.com; frame-src go.sudoplatform.com https://go.sudoplatform.com 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' data: blob: https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; 1
frame-src *; frame-ancestors *; child-src 'self' 'unsafe-inline' blob:; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/v/bs-3.3.6/jqc-1.12.3/dt-1.10.12/af-2.1.2/r-2.1.0/datatables.min.css; font-src 'self' https://cdn.datatables.net/Bootstrap-3.3.6/fonts/; object-src 'none'; base-uri 'none'; 1
default-src 'self'  *.grdp.co blob:; img-src 'self' blob: data: https://releases/traefik/02-csp-middleware.yamlgrdp.co https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com https://ventes40.gotrackier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com eu1.clevertap-prod.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com  s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com  www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' https://bep-public.s3.ap-south-1.amazonaws.com/ https://ebooksecurepdf.s3.ap-south-1.amazonaws.com/ https://google.com https://mpkgr-streaming.tllms.com https://byju.pc.cdn.bitgravity.com *.gradestack.co *.byjusexamprep.com https://gradeup-streaming.tllms.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in https://s3.ap-south-1.amazonaws.com/byjus-media-delivery/videos/ *.razorpay.com ; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com https://api.razorpay.com https://www.menti.com; style-src 'self' blob: data: *.grdp.co  'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data:  https://byjusexamprep.com gradestack.com; media-src 'self' blob: data:  *.grdp.co https://gradeup-streaming.tllms.com https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://d2r1yp2w7bby2u.cloudfront.net/js/clevertap.min.js https://eu1.clevertap-prod.com https://connect.facebook.net https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com  https://builder-assets.unbounce.com/published-js/ https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com  https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com https://www.youtube.com https://checkout.razorpay.com/v1/checkout.js; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://image.slidesharecdn.com/ ; img-src 'self' https://www.uc.se/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.com/pagead/ https://www.google.se/ads/ https://www.google.se/pagead/ https://www.facebook.com/tr/ https://t.co/i/ https://bat.bing.com/action/ https://c.bing.com/ https://image.slidesharecdn.com/ https://c.clarity.ms/ ; frame-src 'self' https://www2.westermo.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com/embed/ https://image.slidesharecdn.com/ https://www.slideshare.net/ https://td.doubleclick.net/ ; script-src 'self' 'unsafe-inline' https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.gstatic.com/recaptcha/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://snap.licdn.com/li.lms-analytics/ https://static.ads-twitter.com/ https://connect.facebook.net/ https://px.ads.linkedin.com/collect/ https://analytics.twitter.com/i/ https://bat.bing.com/ https://image.slidesharecdn.com/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://pi.pardot.com/ https://www.clarity.ms/ https://www2.westermo.com/ ; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://public.slidesharecdn.com/fonts/ ; connect-src 'self' https://cdn.linkedin.oribi.io/partner/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://u.clarity.ms/collect https://o.clarity.ms/collect https://x.clarity.ms/collect https://stats.g.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com/action/ ; 1
default-src * 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src * 'unsafe-inline'; script-src * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; object-src 'none'; connect-src * 'unsafe-inline'; frame-ancestors 'self'; base-uri 'none' 1
default-src 'self';  object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; frame-src https://*; connect-src *; font-src 'self' data: *; form-action 'self' * 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.svn.nl https://*.umbraco.org https://*.umbraco.com https://www.youtube-nocookie.com https://www.youtube.com https://*.blueconic.net https://*.mypurecloud.de https://www.googletagmanager.com https://*.googleapis.com https://www.google.com https://www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://*.clickdesk.com https://*.cloudfront.net https://*.appspot.com https://*.hotjar.com wss://*.hotjar.com https://*.cookiebot.eu https://*.amazonaws.com https://*.gstatic.com wss://*.pusherapp.com https://*.pusher.com https://*.doubleclick.net https://*.ytimg.com; object-src 'none'; frame-src 'self' https://*.svn.nl https://*.mypurecloud.de https://*.hotjar.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://*.vimeo.com/ https://*.cookiebot.eu; frame-ancestors 'self' https://*.svn.nl; media-src data: 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' gruntwork.us13.list-manage.com/subscribe/post forms.hsforms.com app.gruntwork.io; frame-src www.google.com vars.hotjar.com www.youtube.com forms.hsforms.com *.hubspot.com; img-src 'self' data: track.hubspot.com forms.hubspot.com *.hsforms.net *.hsforms.com *.linkedin.com p.adsymptotic.com/d/px/ www.googletagmanager.com www.google-analytics.com www.google.com/ads/ga-audiences; connect-src www.google-analytics.com *.hubspot.com vc.hotjar.io *.hotjar.com stats.g.doubleclick.net api.formbucket.com forms.hscollectedforms.net forms.hsforms.com huspot-forms-static-embed.s3.amazonaws.com analytics.google.com *.hs-scripts.com; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js js.hs-scripts.com js.hsforms.net 'sha256-OvSvY6RfMU26m2e8aPcK6xkV0liNkZpBbDD6PhYg7rA=' 'sha256-oCQs1zZgYess2UZEvjyc9bLKGPM07dW6vhL5X6pe+x0=' 'sha256-Q4HcjoKK4+4SnC0rX3kRruxSmCsQIBFD2NDR6Wo2G9Y=' 'sha256-U6ysEFpVuLiObII5Rw+Gzrr5+4g10aJxy2payUpMGoA=' 'sha256-R64q3+WbVjGlQTG4ZAFoWRYRt62fHq2cbrWzWfr1fPI=' 'sha256-TF25hl9fXjDRWCNi0CP6smklz0gDbAY9g5rQ7vWyY+g=' 'sha256-80QVrdu2tHRrSHKJOAChPCgR0gDnWy2Q0165YM3PuC4=' 'sha256-pTVk3NeCBcro8AItIHbYL73Oynxa9lxiIb2bPtaIigE=' *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.usemessages.com *.hscollectedforms.net metrics.hotjar.io 'sha256-b+4LwzDDO7ZFxBeMI/GXBuhz5nWNK9O5RkO+5/zGhso=' 'sha256-SEF/jKOL02BdGiKOD+MtdfAvs7en79Z3zv4rKVAueIs='; manifest-src 'self' 1
frame-ancestors 'self' https://*.ayaconnect.com https://*.lotusconnect.com 1
default-src 'none'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' survey.akhtaboot.com s3.amazonaws.com www.facebook.com googleads.g.doubleclick.net t.effectivemeasure.net docs.google.com view.officeapps.live.com www.google.com optimize.google.com www.youtube.com akhtaboot.s3.amazonaws.com akhtaboot-staging.s3.amazonaws.com www.recaptcha.net *.googlesyndication.com *.oraclecloud.com; img-src * data: blob: 'unsafe-inline'; media-src s3.amazonaws.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline' 1
img-src *; object-src 'self'; media-src; frame-src *; connect-src 'self' *; report-uri https://pids-front.ssi-test.link/ 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-79/btCTQVZW3Of9XETjDxA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.zendesk.com *.zopim.com *.zdassets.com cdn.agentbot.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com connect.facebook.net *.hotjar.com *.sitejabber.com www.gstatic.com *.wistia.com fast.wistia.net analytics.tiktok.com sc-static.net maps.googleapis.com www.google.com *.nmna.app *.snapchat.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.sitejabber.com cdn.jsdelivr.net fonts.googleapis.com *.typekit.net *.googletagmanager.com; img-src * data:; media-src * blob:; frame-ancestors 'self'; child-src 'self' blob: *.stripe.com fast.wistia.net www.google.com *.hotjar.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.trustpilot.com zd.agentbot.net *.snapchat.com; font-src 'self' data: fonts.gstatic.com use.typekit.net *.sitejabber.com; connect-src 'self' *.stackry.com api.stackry.com content.stackry.com *.stripe.com maps.googleapis.com *.zendesk.com *.zopim.com *.zdassets.com wss://*.zopim.com adapter.aivo.co apibot.agentbot.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sitejabber.com *.wistia.com embedwistia-a.akamaihd.net *.litix.io analytics.tiktok.com *.snapchat.com conversation-user.aivo.co analytics.google.com jqtmdiy716.execute-api.us-east-1.amazonaws.com *.clarity.ms; 1
default-src 'self' 'strict-dynamic';   script-src 'self' 'unsafe-eval' 'nonce-P7SvZpZu7e9CJfUAhQEGSPKtNiRDEy/UNhxuwg6NYOc=' 'strict-dynamic' https: 'unsafe-inline';   base-uri 'self';   frame-src *.homelectrical.com *.userway.org *.cloudfront.net *.google.com *.clarity.ms *.pepperjam.com *.pepperjamnetwork.com *.braintree-api.com *.braintreegateway.com www.sandbox.paypal.com *.paypal.com c.paypal.com assets.braintreegateway.com www.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com accounts.google.com td.doubleclick.net 'self';   connect-src *.homelectrical.com *.userway.org *.cloudfront.net *.google-analytics.com *.google.com *.googleapis.com *.clarity.ms *.bing.com bat.bing.com *.braintree-api.com *.braintreegateway.com www.sandbox.paypal.com *.paypal.com *.ksearchnet.com *.pepperjam.com *.pepperjamnetwork.com analytics.google.com www.google-analytics.com www.googleadservices.com www.google.co.in stats.g.doubleclick.net  js.callrail.com  pagead2.googlesyndication.com 'self' 'strict-dynamic';   block-all-mixed-content;   font-src 'self' https: data:;   img-src * 'self' data: https;   object-src 'none';   script-src-attr 'none';   style-src 'self' https: 'unsafe-inline';   upgrade-insecure-requests; 1
frame-ancestors 'self' *.handytick.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: https: http: data: 1
frame-src 'self' 'unsafe-inline' https://xd.adobe.com https://www.youtube.com https://widgets.golomtbank.   /messenger https://www.google.com/ blob: data: filesystem:; object-src 'self' blob: filesystem: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; default-src *; img-src 'self' data: *; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.youtube.com https://widgets.golomtbank.com https://xd.adobe.com; report-uri https://glmt.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' data: blob: https:; style-src 'self' 'unsafe-inline' data: blob: https: cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com e.issuu.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com; frame-src e.issuu.com www.google.com *.kaptcha.com; object-src 'none' 1
frame-src 'self' https://www.youtube.com https://www.grupopromerica.com/ https://www.vidayexito.net 1
frame-ancestors 'self' http://www.philips.ch *.philips.com *.philips.ch https://philipsigtdpv.com 1
frame-ancestors 'self' https://help.bikester.nl https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors https://*.selfapy.com 1
base-uri 'self'; default-src 'none'; frame-ancestors 'self'; frame-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ https://info.kubota.ca *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com www.youtube.com www.vimeo.com app.viralsweep.com vars.hotjar.com insight.adsrvr.org; style-src 'self' 'unsafe-inline' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com fonts.googleapis.com fast.fonts.net *.sirv.com static.hotjar.com assets.juicer.io app.viralsweep.com cdn.addsearch.com cdn.jsdelivr.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com fast.fonts.net *.juicer.io; img-src 'self' data: blob: 'unsafe-hashes' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google.ca www.google.com maps.gstatic.com maps.googleapis.com *.cloudfront.net www.google-analytics.com *.sirv.com www.facebook.com cdn.intelligencebank.com pxl.jivox.com insight.adsrvr.org *.hotjar.com assets.juicer.io app.viralsweep.com *.juicer.io *.cdninstagram.com pixel.tapad.com cm.g.doubleclick.net googleads.g.doubleclick.net match.adsrvr.org *.adnxs.com cdn.addsearch.com *.acuityplatform.com *.bidswitch.net ca-gmtdmp.mookie1.com cdn.matomo.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com *.raygun.io fast.fonts.net code.createjs.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.acuityplatform.com *.sirv.com img.en25.com www.youtube.com *.hotjar.com assets.juicer.io app.viralsweep.com script.hotjar.com cdn.addsearch.com cdn.jsdelivr.net js.adsrvr.org insight.adsrvr.org cdn.matomo.cloud www.googleadservices.com; connect-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google-analytics.com www.googletagmanager.com maps.googleapis.com analytics.google.com api.raygun.io *.g.doubleclick.net *.fls.doubleclick.net scripts.sirv.com secure.p01.eloqua.com e.acuityplatform.com *.sirv.com *.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io *.addsearch.com; media-src 'self' cdn.intelligencebank.com; object-src 'self'; manifest-src 'self'; form-action 'self' www.facebook.com 1
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' 1
frame-ancestors 'self' https://www.rcashasp1.com https://www.yardimarketplace.com; report-uri /error/csp-violation 1
frame-src 'self' https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.recaptcha.net/; connect-src 'self' https://rebound.postmarkapp.com/ https://checkout.stripe.com https://maps.googleapis.com https://api.stripe.com https://plausible.io; object-src 'none'; base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubaecea441e0023d57d47362beee53ee00&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=website 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.co.uk/report-uri/enforce 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.oni.nl; img-src 'self' data: https://*.oni.nl; connect-src 'self' https://*.oni.nl 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://www.gstatic.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.recaptcha.net https://*.hotjar.com https://www.youtube.com https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.queue-it.net https://*.tbdine.com; frame-src 'self' https://*.recaptcha.net https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.afterdigital.io https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://transaction.hostedpayments.com https://certtransaction.hostedpayments.com https://*.afterdigital.io https://*.afterdigital.uk https://skyway.honolulumuseum.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tbdine.com; connect-src 'self' https://api.ipify.org https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.sentry.io https://stats.g.doubleclick.net https://*.google-analytics.com https://services.postcodeanywhere.co.uk https://api.addressy.com https://skyway.honolulumuseum.org https://*.afterdigital.uk https://*.afterdigital.io https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com; img-src 'self' https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.cdninstagram.com https://*.afterdigital.uk https://*.afterdigital.io https://t-bridge.s3.eu-west-1.amazonaws.com https://skyway-us-cms-assets.s3.us-east-2.amazonaws.com https://us-skyway-cms-assets.s3.us-east-2.amazonaws.com https://www.google-analytics.com https://www.instagram.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk; font-src 'self' 'unsafe-inline' data: 1
img-src https: data:; frame-ancestors 'self' https://*.infortrend.com 1
manifest-src 'self' https://assets.goldavenue.com; connect-src 'self' https://www.goldavenue.com https://static.axept.io/ https://client.axept.io/ https://api.axept.io/ https://www.saferpay.com vitals.vercel-insights.com wss://api.goldavenue.com https://maps.googleapis.com https://api.goldavenue.com https://o126614.ingest.sentry.io/api/6599585/envelope/ https://o126614.ingest.sentry.io/api/6599585/security/ https://*.google-analytics.com https://sockjs-us3.pusher.com wss://ws-us3.pusher.com https://*.googlesyndication.com https://bat.bing.com https://*.facebook.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.co.uk https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://*.ads.linkedin.com https://metrics.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://*.taboola.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://storage.crisp.chat https://client.crisp.chat https://api.onfido.com wss://sync.onfido.com/ https://api-js.mixpanel.com; frame-src *; img-src 'self' https://assets.goldavenue.com https://axeptio.imgix.net maps.gstatic.com https://assets.goldavenue.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.taboola.com https://*.analytics.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.co.uk https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.ads.linkedin.com https://bat.bing.com https://image.crisp.chat wss://stream.relay.crisp.chat https://storage.crisp.chat https://client.crisp.chat https://widget.trustpilot.com https://assets.onfido.com/ 'self' blob: 'nonce-OLmcBG0knnwSYwU4pjlj6Gu1NlK5DogdhTTfO7YP08U=' data:; style-src 'self' https://assets.goldavenue.com 'unsafe-inline' https://www.goldavenue.com https://client.crisp.chat https://googletagmanager.com https://*.facebook.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://assets.goldavenue.com https://client.crisp.chat https://fonts.googleapis.com https://*.taboola.com data:; frame-ancestors 'self' https://www.goldavenue.com; object-src 'self' ; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.gstatic.com https://static.axept.io/ vitals.vercel-insights.com https://platform.twitter.com https://*.googletagmanager.com https://static.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.facebook.com https://googletagmanager.com https://tagmanager.google.com https://*.taboola.com https://script.hotjar.com https://bat.bing.com https://snap.licdn.com https://www.googleadservices.com https://*.google.com https://assets.goldavenue.com https://widget.trustpilot.com https://client.crisp.chat 1
default-src 'self' https://files.docoh.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ ;style-src 'self' https://files.docoh.com 'unsafe-inline';img-src 'self' https://files.docoh.com https://api.finsight.com https://www.google-analytics.com/ https://assets.coingecko.com https://cdn.benzinga.com blob: data: 1
script-src 'self' 'unsafe-inline' https: ; frame-src 'self' https: 1
default-src https:;              report-uri https://pkwcspreports.report-uri.com/r/d/csp/enforce;               style-src https: 'unsafe-inline';               script-src https: 'unsafe-inline' 'unsafe-eval' data: 'report-sample';              font-src https: http: 'unsafe-inline' data: ;               img-src https: http: data: blob: ;              media-src https: http: data: blob:  1
frame-ancestors 'none'; report-uri https://us.browser.tcell.insight.rapid7.com/csp/a8ba80b0551a8dba5d06bd45016f62bef3856fce80d9c5a5f5f9054a954038bc?rid=381678237 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://bat.bing.com/ https://stats.g.doubleclick.net/ https://connect.facebook.net https://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maxcdn.bootstrapcdn.com/ https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.googleapis.com https://localhost:4300 wss://localhost:4300; frame-src 'self' https://www.youtube.com https://vars.hotjar.com/ https://player.vimeo.com/ https://consentcdn.cookiebot.com https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com data:; worker-src 'self' blob:; img-src 'self' https://bat.bing.com/ https://www.google.com/ https://www.google.se https://www.facebook.com/ https://dev.visualwebsiteoptimizer.com/ https://www.google-analytics.com/ data:;  1
default-src 'self'; font-src 'self'; img-src 'self' data: https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com; script-src 'sha256-Y8czHLdOTVyMaw1cykQwqm6toNg2HRBjaMCTAJQscRM=' 'sha256-l6XDslsw9JSbKKQIGTfS0g9y9EjrKOepFWVN3wnlL44=' 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ampiwik.alphamosa.net; style-src 'self' 'unsafe-inline' https://www.google-analytics.com; child-src https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://ampiwik.alphamosa.net; object-src 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self' data: https://*.google-analytics.com https://matchcentre.mfa.com.mt;upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com https://*.speedcurve.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com;script-src-attr 'unsafe-inline';connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com https://cms.mfa.com.mt https://matchcentre.mfa.com.mt;frame-src 'self' https://*.googletagmanager.com https://*.youtube.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com https://matchcentre.mfa.com.mt;img-src 'self' data: https://cms.mfa.com.mt https://matchcentre.mfa.com.mt 1
default-src blob: 'self' 'unsafe-inline' https://*.s3.amazonaws.com https://www.businesslicenses.com/ https://www.businesslicenses.com/:62626 https://webto.salesforce.com https://fonts.googleapis.com https://maps.googleapis.com https://code.jquery.com https://www.cloudflare.com https://www.cloudfront.net https://www.bootstrapcdn.com https://cdn.ckeditor.com https://www.googletagmanager.com https://cdn.datatables.net https://s3.amazonaws.com https://player.vimeo.com https://kit.fontawesome.com https://kit-free.fontawesome.com ws://127.0.0.1:18622/ 127.0.0.1:18622/ 127.0.0.1:18623/ wss://127.0.0.1:18623/ ws://127.0.0.1:18623/ https://cdn.walkme.com https://ec.walkme.com https://www.facebook.com https://match.adsrvr.org https://cdnjs.cloudflare.com https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://bam.nr-data.net https://dpm.demdex.net https://avalara.demdex.net https://metrics.avalara.com https://smetrics.avalara.com https://payflowlink.paypal.com/ https://js.driftt.com https://www.youtube.com https://cdn.jsdelivr.net http://prd-business-licenses-web-files.s3.amazonaws.com https://prd-business-licenses-web-files.s3.amazonaws.com https://prd-business-licenses-main-license-repository.s3.amazonaws.com https://prd-business-licenses-web-files.s3.us-east-1.amazonaws.com https://*.s3-us-east-1.amazonaws.com https://mlrv2.businesslicenses.com/odata/ https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.businesslicenses.com/:62626 https://fonts.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://server.iad.liveperson.net https://code.jquery.com https://www.cloudflare.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://js-agent.newrelic.com https://connect.facebook.net https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://kit.fontawesome.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.gstatic.com https://cdn.walkme.com https://ec.walkme.com https://playerserver.walkme.com https://www.rapidscansecure.com https://assets.adobedtm.com https://js.driftt.com https://metrics.api.drift.com https://event.api.drift.com https://cdn.jsdelivr.net blob: https://mlrv2.businesslicenses.com/odata/ https://www.google-analytics.com https://www.google.com https://connect.facebook.net https://www.googleadservices.com https://www.businesslicenses.com/; img-src 'self' data: https://www.businesslicenses.com/ https://blllc-public.s3.amazonaws.com https://blllc-public.s3.us-east-1.amazonaws.com https://www.bbb.org https://seal-newyork.bbb.org https://code.jquery.com https://ups.analytics.yahoo.com https://www.rapidscansecure.com https://s3.amazonaws.com https://www.google.com https://www.googletagmanager.com https://ads.yahoo.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://sync.outbrain.com https://eb2.3lift.com https://simage2.pubmatic.com https://ib.adnxs.com https://pixel.advertising.com https://x.bidswitch.net https://www.facebook.com https://sync.taboola.com https://us-u.openx.net https://idsync.rlcdn.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://cdn.shopify.com https://token.rubiconproject.com https://metrics.avalara.com https://smetrics.avalara.com https://driftt.imgix.net https://image.ibb.co https://blllc-public.s3.us-east-1.amazonaws.com https://ec.walkme.com https://127.0.0.1:18623 https://prd-business-licenses-web-files.s3.amazonaws.com https://prd-business-licenses-main-license-repository.s3.amazonaws.com https://prd-business-licenses-main-license-repository.s3.us-east-1.amazonaws.com https://files.businesslicenses.com https://prd-business-licenses-web-files.s3-us-east-1.amazonaws.com https://prd-business-licenses-main-license-repository.s3-us-east-1.amazonaws.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' 1
default-src 'none'; script-src 'self' https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://js.stripe.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://player.vimeo.com 'nonce-GfNOY8acGz5hfjcZgqOxuw==' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: blob: https://optimuscloud.blob.core.windows.net https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://chart.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com https://www.google.com https://player.vimeo.com; worker-src 'self' blob:; form-action 'self'; connect-src 'self' https://*.mycirrus.cloud wss://*.mycirrus.cloud https://optimuscloud2.azurewebsites.net https://optimuscloud2-test.azurewebsites.net https://optimuscloud2-dev.azurewebsites.net https://optimuscloud3.azurewebsites.net https://optimuscloud3-test.azurewebsites.net https://optimuscloud3-dev.azurewebsites.net https://optimuscloud.blob.core.windows.net https://fcm.googleapis.com https://maps.googleapis.com https://api.stripe.com; manifest-src 'self'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; report-uri https://cirrusresearch.report-uri.com/r/d/csp/enforce; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-c9ef015482fd448ef2bd002338340caa' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; frame-ancestors 'none'; 1
frame-ancestors 'self' https://example.com https://anotherdomain.com https://pgatour.com https://pgatour-uat.dev.pgatourstaging.com https://www.pgatour.com https://www.pgatour.com/article/news/latest/2024/01/02/opening-grid-1-play-our-new-game-to-celebrate-the-start-of-2024-crossovergrid; 1
default-src 'none';         report-uri https://bradleycorp.report-uri.com/r/d/csp/wizard;         base-uri 'self';         child-src 'self' https://forms.hsforms.com https://www.bradleycorp.com/ https://maps.gstatic.com https://maps.googleapis.com/;         connect-src 'self' https://*.a.searchspring.io/api/ https://epsilon.6sense.com/ https://ipv6.6sc.co/ https://c.6sc.co/ https://bradleycorpb2c.b2clogin.com/ https://api.hubspot.com/ https://edge.fullstory.com https://*.bradleycorp.com https://api.hubapi.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://rs.fullstory.com https://www.clarity.ms https://bradleycorp-ext.okta.com/ https://forms.hsforms.com/ https://bradleycorp-ext.okta.com/api/v1 https://bradleycorp-ext.okta.com/oauth2/ https://podio.com/;         font-src data: https://*.bradleycorp.com/ https://bradleycorp.com/ https://fonts.gstatic.com https://global.oktacdn.com https://use.fontawesome.com;         form-action 'self' https://forms.hsforms.com https://*.bradleycorp.com https://forms.hubspot.com/;         frame-ancestors 'self' https://sketchfab.com/ https://maps.google.com https://www.bradleycorp.com/ https://bradleycorp.com/ https://platform.twitter.com https://syndication.twitter.com https://podio.com;         frame-src 'self' https://www.facebook.com https://bradleycorpb2c.b2clogin.com/ https://login.microsoftonline.com https://sketchfab.com/ https://view.ceros.com https://maps.google.com https://www.google.com/ https://*.bradleycorp.com https://bradleycorp.com/ https://www.tiki-toki.com https://www.youtube.com https://platform.twitter.com https://forms.hsforms.com https://forms.hubspot.com https://www.houzz.com/ https://bradleycorp-ext.okta.com https://podio.com;         img-src 'self' data: https://b.6sc.co/ https://lltrck.com/ https://*.bradleycorp.com https://bradleycorp.com https://cdn.nextopia.net/img/ https://nxtuploads.s3.amazonaws.com https://js.hs-scripts.com https://track.hubspot.com https://c.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://s3.amazonaws.com/thegoodjobs/badge-content/Bradley+Corp/ https://thegoodjobs.com/ https://www.thegoodjobs.com/ https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://pbs.twimg.com https://abs.twimg.com https://platform.twitter.com https://i.ytimg.com/ c.bing.com/ https://global.oktacdn.com https://secure.gravatar.com;         manifest-src 'self';         media-src 'self' https://www.bradleycorp.com/ ;         object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bradleycorpb2c.b2clogin.com  https://view.ceros.com https://cdn.nextopia.net https://bradleycorp-com.ecomm-nav.com https://bradleycorp-dev-com.ecomm-nav.com https://ac.nextopiasoftware.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hsleadflows.net https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.googleapis.com https://www.youtube.com/ https://www.thegoodjobs.com  https://thegoodjobs.com https://connect.facebook.net https://edge.fullstory.com https://platform.twitter.com/ https://cdn.syndication.twimg.com https://vector.nextopiasoftware.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.mxpnl.com https://s7.addthis.com https://platform.houzz.com/js/ https://global.oktacdn.com/okta-signin-widget/4.1.3/js/okta-sign-in.min.js https://use.fontawesome.com/a4c255239f.js https://podio.com;         script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://bradleycorpb2c.b2clogin.com https://j.6sc.co/ https://js.usemessages.com/ https://lltrck.com https://rs.fullstory.com https://view.ceros.com https://cdn.nextopia.net https://bradleycorp-com.ecomm-nav.com https://bradleycorp-dev-com.ecomm-nav.com https://ac.nextopiasoftware.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hsleadflows.net https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.googleapis.com https://www.youtube.com/ https://www.thegoodjobs.com  https://thegoodjobs.com https://connect.facebook.net https://edge.fullstory.com https://platform.twitter.com/ https://cdn.syndication.twimg.com https://vector.nextopiasoftware.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.mxpnl.com https://s7.addthis.com https://platform.houzz.com/js/ https://global.oktacdn.com/ https://use.fontawesome.com https://podio.com;         style-src 'self' 'unsafe-inline' https://cdn.nextopia.net https://*.bradleycorp.com https://www.thegoodjobs.com https://connect.facebook.net https://fonts.googleapis.com https://platform.twitter.com/css/ https://global.oktacdn.com/okta-signin-widget/4.1.3/css/ https://use.fontawesome.com/;         style-src-attr 'self' 'unsafe-inline' https://js.hsforms.net;         style-src-elem 'self' 'unsafe-inline' https://cdn.nextopia.net https://*.bradleycorp.com https://www.thegoodjobs.com https://connect.facebook.net https://fonts.googleapis.com https://platform.twitter.com/css/ https://global.oktacdn.com/ https://use.fontawesome.com;         upgrade-insecure-requests;         worker-src 'self' blob: https://cdn.mxpnl.com; 1
default-src 'self' https://static.hsappstatic.net https://*.hsappstatic.net https://hsappstatic.net https://ws.sharethis.com https://*.sharethis.com https://*.wave2.io https://*.youtube.com https://*.google.com https://*.calcxml.com https://*.hsforms.com https://googlesyndication.com https://*.googlesyndication.com https://*.insegment.com https://*.huecu.org https://huecu2020.insegment.com https://*.google-analytics.com https://*.doubleclick.net https://google-analytics.com https://doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://gstatic.com https://*.google.com https://google.com https://*.wave2.io https://*.hsforms.net https://*.hsleadflows.net https://hsleadflows.net https://*.hs-banner.com https://hs-banner.com https://*.hs-analytics.net https://hs-analytics.net https://*.yimg.com https://yimg.com https://*.simpli.fi https://simpli.fi https://tags.srv.stackadapt.com https://*.ensighten.com https://ensighten.com https://*.licdn.com https://snap.licdn.com/ https://*.licdn.com https://licdn.com https://*.facebook.net https://facebook.net https://*.hs-scripts.com https://hs-scripts.com https://*.google-analytics.com https://*.doubleclick.net https://google-analytics.com https://doubleclick.net https://*.salemove.com https://*.glia.com https://*.googleapis.com/ https://*.cloudflare.com https://*.siteimproveanalytics.com https://siteimproveanalytics.com https://*.poshdevelopment.com https://*.bootstrapcdn.com https://*.googletagmanager.com https://*.sharethis.com https://ajax.googleapis.com/ https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://js.poshdevelopment.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://ws.sharethis.com; connect-src 'self' https://px.ads.linkedin.com https://*.linkedin.com https://region1.analytics.google.com https://*.analytics.google.com https://l.sharethis.com https://*.sharethis.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.twilio.com wss://*.twilio.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://cdn.linkedin.oribi.io https://tags.srv.stackadapt.com https://*.yimg.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google-analytics.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com; media-src 'self' https://*.ytimg.com https://*.linkedin.com https://linkedin.com https://cm.g.doubleclick.net https://googleadservices.com https://*.googleadservices.com https://*.simpli.fi https://*.salemove.com https://*.glia.com; style-src 'self' 'unsafe-inline' https://ws.sharethis.com https://*.sharethis.com https://tags.srv.stackadapt.com https://*.salemove.com https://*.glia.com https://*.cloudflare.com https://*.fontawesome.com https://*.bootstrapcdn.com https://*.cdnjs.cloudflare.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://*.fontawesome.com https://*.cloudflare.com https://*.gstatic.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: https://*.smushcdn.com https://um.simpli.fi https://*.simpli.fi https://l.sharethis.com https://*.sharethis.com https://*.ytimg.com https://*.liveplatform.com https://*.hsforms.com https://*.hubspot.com https://*.facebook.com https://sp.analytics.yahoo.com https://px.ads.linkedin.com https://*.google.com https://*.google.co.in https://*.google.co.uk https://*.google.com.br https://*.google.de https://*.google.fr  https://*.google.co.jp https://*.google.es https://*.google.it https://*.google.ro https://ad.ipredictive.com https://*.siteimproveanalytics.io https://*.salemove.com https://*.glia.com https://*.insegment.com https://*.huecu.org https://huecu.org https://*.gravatar.com https://*.cloudflare.com https://huecu2020.insegment.com https://secure.gravatar.com https://blog.huecu.org https://cdnjs.cloudflare.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://www.googletagmanager.com; img-src 'self' data: www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.gstatic.com https://maps.googleapis.com blob:; script-src 'self' https://*.googletagmanager.com https://www.gstatic.com https://*.google.com/ https://*.google.co.uk/ https://maps.googleapis.com https://www.googleadservices.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://maps.googleapis.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self' 1
report-uri www.rcslt.org 1
default-src https: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.patrickabt.ch https://pagead2.googlesyndication.com https://www.google.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://adservice.google.ch https://googleads.g.doubleclick.net; frame-src https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com 1
base-uri 'none'; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox; upgrade-insecure-requests ; child-src 'none' ; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://analytics.google.com https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://foureyes.adpearance.com/; default-src 'self' https://alta-wp.s3.us-west-2.amazonaws.com; font-src 'self' https://fonts.gstatic.com https://alta-wp.s3.us-west-2.amazonaws.com; frame-src 'self' https://careers-altaequipment.icims.com/ https://snapwidget.com https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net/ https://www.facebook.com https://www.youtube-nocookie.com/ https://careers-altg.icims.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://www.youtube.com/; img-src 'self' data: w3.org/svg/2000 https://www.facebook.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://maps.gstatic.com/mapfiles/openhand_8_8.cur https://maps.gstatic.com/mapfiles/transparent.png https://alta-wp.s3.us-west-2.amazonaws.com https://construction.altg.com/; manifest-src 'none' ; media-src 'self' https://alta-wp.s3.us-west-2.amazonaws.com; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://foureyes.adpearance.com https://www.googletagmanager.com https://alta-wp.s3.us-west-2.amazonaws.com https://pi.pardot.com/pd.js https://pi.pardot.com/ https://scripts.foureyes.io/fe-init.js https://scripts.foureyes.io/iframe-loader.js https://js.adsrvr.org/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://alta-wp.s3.us-west-2.amazonaws.com; worker-src 'none'; 1
frame-ancestors app.contentful.com preview.contentful.com; 1
default-src 'self' https://cpsideas.aha.io https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://edge.fullstory.com https://rs.fullstory.com data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://login.mycarecorner.net/ https://cpsideas.aha.io; 1
frame-ancestors https://gamersmeetup.com 1
default-src https: wss:; object-src 'none'; script-src 'self' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' 'sha256-jurkMhxvcAAwFxjIjfR12lUpYT7opw/vFikj4x8bjdI=' 'sha256-jeiHD0Dprtjm5hhdGMFRwCA0Dj6efCfMLhYKIcCFf+o=' https://widget.freshworks.com/ https://sentry.razortheory.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ wss://relay.walletconnect.org/ https://static.moonpay.com/web-sdk/v1/moonpay-web-sdk.min.js *.googletagmanager.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://widget.freshworks.com/; img-src https: data: blob:; frame-ancestors 'self'; report-uri https://sentry.razortheory.com/api/91/security/?sentry_key=f3b78c6e49024631b6c5f239ec52c6b9 1
default-src 'self' 'unsafe-inline' https://app-static-prod.posthog.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://app.posthog.com/static/array.js https://app.posthog.com/ https://bat.bing.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://tpc.googlesyndication.com https://www.googleadservices.com https://www.google.com https://ssl.google-analytics.com https://js.usemessages.com https://js.hs-analytics.net https://connect.facebook.net/ https://www.googletagmanager.com/ https://connect.facebook.net/signals/config/139016240286793 https://www.google-analytics.com/ https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js https://www.googleapis.com/oauth2/v4/token https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://cdn.checkout.com/js/framesv2.min.js https://ajax.cloudflare.com/cdn-cgi/scripts/ https://js.hs-scripts.com/2026270.js https://js.usemessages.com/conversations-embed.js https://js.hs-banner.com/v2/2026270/banner.js https://js.hs-analytics.net/analytics/ https://connect.facebook.net/en_US/sdk.js; img-src data: 'self' https://api.mapbox.com https://sitter-maps.meowtel.com/ https://bat.bing.com https://www.google.com.eg https://www.google.com.sg https://www.google.com.do https://adservice.google.com https://www.google.co.th https://googleads.g.doubleclick.net https://google.com https://www.google.ie https://www.google.co.in https://www.google.es https://www.google.nl https://i.vimeocdn.com/ https://*.api.tomtom.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com https://www.google.com/ads/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.ca/ https://www.google.co.uk/ https://www.google.com.ph/ https://www.google.com.mx/ https://www.google.com.ar/ https://www.google.de https://www.google.com.sa https://www.google.com.sv https://www.gstatic.com https://www.google.co.id/ https://www.google.com.au/ https://stats.g.doubleclick.net https://ct.pinterest.com w3.org/svg/2000 https://i.vimeocdn.com/video https://user-images.meowtel.com https://sitter-images.meowtel.com https://cat-images.meowtel.com https://chat-images.meowtel.com https://track.hubspot.com/__ptq.gif https://www.facebook.com/tr/; media-src data: 'self' https://chat-videos.meowtel.com; connect-src 'self' https://app.posthog.com/ https://exceptions.hubspot.com/api/1/store/ https://exceptions.hubspot.com https://bat.bing.com https://www.google.com.eg https://www.google.co.th https://google.com google.com https://www.google.co.uk https://google.com/pagead/form-data/ meowtel.com https://meowtel.com/socket.io/ wss://meowtel.com wss://meowtel.com/ https://www.google.com https://www.google.com.ph/ https://www.google.com.mx/ https://www.google.co.in/ https://connect.facebook.net/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net/ https://adservice.google.com/ https://region1.analytics.google.com https://analytics.google.com https://www.google-analytics.com/ https://vimeo.com/api/oembed.json https://api.hubspot.com/livechat-public/v1/message/public https://o4504816287350784.ingest.sentry.io https://js.checkout.com/framesv2/log https://www.googleapis.com/oauth2/v4/token https://www.googleapis.com/oauth2/v3/userinfo; frame-src https://challenges.cloudflare.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://td.doubleclick.net https://www.facebook.com https://player.vimeo.com https://js.checkout.com https://www.recaptcha.net https://app.hubspot.com https://meetings.hubspot.com data:; report-uri https://cfhfayfw.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au  *.officemax.co.nz punchoutcommerce.com *.seismic.com omxnz.lightning.force.com */punchout.aspx *.ariba.com *.pacifictechsol.com *.contact-energy.co.nz *.workplace.wananga.ac.nz *.hubwoo.com *.perfect.com *.hnz.co.nz *.kaingaora.govt.nz omxnz--nzsandbox.lightningforce.com *.chorus.co.nz omxnz.my.salesforce.com omxnz--nzsandbox.my.salesforce.com officemax.my.salesforce.com officemax--uat.my.salesforce.com https://portal.uat.hubwoo.com/ fiori-test-sc.contactenergy.co.nz fiori-uat-sc.contactenergy.co.nz *.proactiscloud.com https://wd-sidecar.sap-test.contact-energy.co.nz:8604/ *.contactenergy.co.nz https://fiori.contactenergy.co.nz/ 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com *.hsforms.net *.hsforms.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net js.hs-banner.com collectie.averoachmea.nl https://www.googletagmanager.com https://surfly.com js.usemessages.com https://js.hscollectedforms.net *.collectie.centraalbeheer.nl https://cdn.harvest.graindata.com https://collectie.centraalbeheer.nl https://www.youtube.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net *.ads.linkedin.com https://i.ytimg.com *.google-analytics.com *.analytics-google.com https://www.advieskeuze.nl https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.ave01.pre.connectis.io https://www.google-analytics.com https://surfly.com https://sentry.io *.hsforms.com *.averoachmea.nl *.collectie.centraalbeheer.nl https://controle.achmea.consentmonitor.nl https://collectie.centraalbeheer.nl dc.services.visualstudio.com *.google-analytics.com *.analytics-google.com https://api.advieskeuze.nl https://px.ads.linkedin.com https://td.doubleclick.net;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com d6tizftlrpuof.cloudfront.net *.surfly.com surfly.com app.hubspot.com forms.hsforms.com https://td.doubleclick.net https://formulier.averoachmea.nl https://formulier.centraalbeheer.nl;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl *.hsforms.com;block-all-mixed-content;report-uri https://avero.ams.report-uri.com/r/t/csp/enforce; 1
default-src * data: blob: https:; script-src *.terme-olimia.com *.gooya.io *.phobs.net *.sos-sw.si *.googletagmanager.com *.cloudflare.com *.googlesyndication.com *.bootstrapcdn.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.google.com *.facebook.net *.intelliad.de *.doubleclick.net *.sentry-cdn.com *.hotjar.com *.iprom.net *.iprom.si *.google.si 'unsafe-inline' 'unsafe-eval'; style-src *.gooya.io *.terme-olimia.com *.phobs.net *.googleapis.com *.google.com  *.sos-sw.si *.googletagmanager.com 'unsafe-inline' 1
frame-ancestors https://*.caremc.com https://*.corvel.com https://caremc.com 1
font-src 'self' data: *.gstatic.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.assets.adobedtm.com *.googleapis.com *.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://www.google.com https://www.gstatic.com https://cdn.polyfill.io/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.googleapis.com; font-src 'self' https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com data:; connect-src 'self' 'unsafe-inline' https://assets3.lottiefiles.com https://assets8.lottiefiles.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src * 'self' data: https:; object-src 'self' https://docs.google.com; frame-src 'self' https://www.google.com https://docs.google.com https://form.jotform.com   https://*.servify.in https://*.servify.tech https://*.servify.com; frame-ancestors 'self' https://*.servify.in https://*.servify.tech https://*.servify.com 1
default-src * 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com; font-src * data:; frame-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com recaptcha.google.com/recaptcha/; img-src * data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com; report-uri https://5fd7afb447ef7c02ddc12039.endpoint.csper.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net *.googleadservices.com ajax.googleapis.com *.googletagmanager.com *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 1
script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 https://edge.fullstory.com/s/fs.js https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 https://static.cloudflareinsights.com/beacon.min.js https://snap.licdn.com https://www.visableleads.com https://cdn.cookielaw.org https://www.youtube.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://connect.facebook.net https://googleads.g.doubleclick.net 'unsafe-inline'; frame-src 'self' https://www.google.com https://outlook.office365.com https://maps.google.com https://www.youtube-nocookie.com https://www.google.com/maps https://www.visableleads.com https://www.youtube.com https://www.facebook.com https://googleads.g.doubleclick.net; object-src 'self'; sandbox allow-forms allow-scripts  allow-same-origin allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net npmcdn.com unpkg.com;img-src * data:;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-wP8Zoh2Jl5ohfBcXgaPSuCNaVxM=' 'nonce-Rv2JLc3NfTxXo9oly4NMFUV8rRE=' 1
frame-ancestors 'self' umziehen.de *.umziehen.de newapp.etracker.com *.etracker.com 1
frame-ancestors https://app.kontent.ai/ 1
script-src 'unsafe-inline'; 1
default-src 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self' *.stripe.com *.getrewardful.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com wss://*.intercom.io *.googleapis.com *.google.com *.gstatic.com data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net; child-src *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; form-action 'self' intercom.help *.intercom.io; font-src d1dfgjtvrwaror.cloudfront.net fonts.gstatic.com *.intercomcdn.com; img-src https: blob: data: ; manifest-src d1dfgjtvrwaror.cloudfront.net; media-src *.intercomcdn.com; frame-src *.stripe.com app.getbee.io *.doubleclick.net *.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com d1dfgjtvrwaror.cloudfront.net; script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-3789581d5cbf497faf8f1abc58c43516' 'strict-dynamic'; upgrade-insecure-requests; report-uri /console/report/csp 1
frame-ancestors 'self' https://manage.watertechonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net login.microsoftonline.com yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru data: forms-eu1.hscollectedforms.net api-eu1.hubapi.com https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io toloka.dev sandbox.toloka.dev;script-src 'self' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com googleads.g.doubleclick.net mc.yandex.ru js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz https://tlkfrontprod.azureedge.net o4504211537854464.ingest.sentry.io 'nonce-ca3a248f90597d61d54b17e1ee57db0d';style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net 'unsafe-inline';img-src https: 'self' googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru;frame-src td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com yandex.ru yandex.com forms.yandex.ru forms.yandex.com https://tlkfrontprod.azureedge.net blob: mc.yandex.ru mc.yandex.md;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors *.toloka.ai toloka.ai *.toloka-test.ai webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net data:;media-src 'self' https://tlkfrontprod.azureedge.net;base-uri 'none';default-src 'none';child-src blob: mc.yandex.ru;style-src-attr 'unsafe-inline';report-uri https://csp.yandex.net/csp?yandexuid=820067161670525391&from=toloka-portal&project=toloka-portal 1
frame-ancestors 'self' https://bolalob.com; 1
frame-ancestors https://*.fnol.cz/ 1
script-src 'self' https://cloud.tinymce.com/stable/cdn-init https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js https://www.google-analytics.com/analytics.js https://piwik.mindeservices.com/piwik.js https://piwik.mindeservices.com/matomo.js https://www.googletagmanager.com/gtag/js https://www.google.com/ads/ga-audiences https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://maxcdn.bootstrapcdn.com https://*.jquery.com https://cdn.tiny.cloud https://*.tinymce.com sha384-LzEnReQQed5ol5AFwl71PUw/lqyIcw22944Y6TAegcKGwBmgeJYXjB2CbgaSwp8z https://www.gstatic.com https://www.google.com/recaptcha/api.js https://player.vimeo.com https://maps.googleapis.com https://i.vimeocdn.com https://secure.gravatar.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://cloud.tinymce.com/stable/cdn-init https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js https://maxcdn.bootstrapcdn.com https://*.jquery.com https://cdn.tiny.cloud https://*.tinymce.com https://*.google.com https://player.vimeo.com data:; child-src filesystem: data: gap:; img-src 'self' https://*.tinymce.com https://i.vimeocdn.com https://secure.gravatar.com https://www.gravatar.com blob: data: https://maps.googleapis.com https://maps.gstatic.com; frame-ancestors 'self' https://motherson.workvivo.com https: data:; object-src 'self' data: 1
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com cse.google.com js.stripe.com cdn.syndication.twimg.com platform.twitter.com cdn1.developermedia.com cdn2.developermedia.com apis.google.com www.google-analytics.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com cdn.polyfill.io az416426.vo.msecnd.net app.podscribe.ai;style-src 'self' 'unsafe-inline' www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com 1
frame-ancestors www.hautehorlogerie.org; 1
img-src * data:; default-src * 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://www.masimopersonalhealth.com/ https://masimopersonalhealth.co.uk https://getshogun.com/ https://*.masimo.com/ https://*.masimo.co.uk/ https://*.masimo.it/ https://*.masimo.es/ https://*.masimo.de/ https://*.masimo.it/ https://*.masimo.ca/; 1
default-src 'self' *.disquscdn.com *.disqus.com disqus.com *.safeframe.googlesyndication.com *.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' embed.smartframe.net embed-cdn.gettyimages.com static.smartframe.net *.disquscdn.com *.disqus.com rec.smartlook.com *.trustpilot.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com www.dwin1.com *.adnxs.com *.2mdn.net *.dwin1.com cdn.ampproject.org *.googlesyndication.com *.googletagservices.com *.google.it *.privacymanager.io *.pubwise.io *.g.doubleclick.net *.doubleclick.net *.facebook.net connect.facebook.net *.ibytedtos.com *.upviral.com *.googleoptimize.com tagmanager.google.com *.google.com *.ipstatp.com analytics.tiktok.com *.tiktok.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com connect.facebook.net apis.google.com static.hotjar.com  script.hotjar.com cdn.onesignal.com maps.googleapis.com www.google-analytics.com www.google.com js.stripe.com onesignal.com *.freshchat.com *.iubenda.com; style-src 'self' 'unsafe-inline' *.disquscdn.com *.disqus.com optimize.google.com tagmanager.google.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com fonts.googleapis.com *.freshchat.com *.iubenda.com; img-src 'self' data: cdn.viglink.com *.disquscdn.com *.disqus.com www.google-analytics.com images.ctfassets.net *.googletagmanager.com *.hotjar.com *.adnxs.com *.adform.net *.g.doubleclick.net *.googlesyndication.com pagead2.googlesyndication.com upviral.s3.amazonaws.com  tagmanager.google.com *.google.com *.gstatic.com tp-images-compressed.s3-eu-west-1.amazonaws.com go.nordvpn.net get.surfshark.net media.go2speed.org *.yceml.net *.emjcd.com *.dotomi.com *.tradedoubler.com vht.tradedoubler.com www.fr135.net www.lduhtrp.net www.tqlkg.com impit.tradedoubler.com mproxy.banner.linksynergy.com static-dscn.net www.lduhtrp.net impit.tradedoubler.com mail.dt51.net www.tqlkg.com ad.linksynergy.com disneyplus.bn5x.net imp.pxf.io a.impactradius-go.com www.google.com www.google.it www.google.en www.google.es googleads.g.doubleclick.net csi.gstatic.com mediamob.g2afse.com cors-anywhere.herokuapp.com graph.facebook.com *.googleusercontent.com platform-lookaside.fbsbx.com tp-images-compressed.s3.amazonaws.com cx.atdmt.com images.s3.amazonaws.com images.unsplash.com images.pexels.com covers.s3-eu-west-1.amazonaws.com d1ug1wtffjdh7z.cloudfront.net www.google-analytics.com www.facebook.com stats.g.doubleclick.net tp-network-images.s3.amazonaws.com tp-network-covers.s3-eu-west-1.amazonaws.com *.iubenda.com; child-src 'self' embed.smartframe.net *.disquscdn.com www.facebook.com disqus.com *.disqus.com www.youtube.com images.ctfassets.net *.2mdn.net optimize.google.com *.doubleclick.net *.trustpilot.com *.googletagservices.com  *.privacymanager.io *.googlesyndication.com  acdn.adnxs.com *.g.doubleclick.net g.doubleclick.net *.google.com https://optimize.google.com mail: fb-messenger:  messenger:  whatsapp: blob: data: *.upviral.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com vars.hotjar.com accounts.google.com staticxx.facebook.com js.stripe.com www.google.com onesignal.com *.freshchat.com *.iubenda.com; font-src 'self' data: *.disquscdn.com *.disqus.com fonts.gstatic.com cdnjs.cloudflare.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src 'self' data: d54hsn8ou0.execute-api.eu-central-1.amazonaws.com static.smartframe.net *.googletagmanager.com *.disquscdn.com *.disqus.com ipinfo.io *.facebook.net connect.facebook.net mediamob.g2afse.com *.google.com *.gstatic.com api.rlcdn.com  api.pubwise.io id5-sync.com *.adnxs.com *.launch.liveramp.com *.privacymanager.io  *.googlesyndication.com  *.facebook.com *.doubleclick.net  *.upviral.com dashboard.togetherprice.com:13001 tp-app-config.s3.eu-west-1.amazonaws.com  *.togetherprice.com api.amplitude.com cors-anywhere.herokuapp.com d1ug1wtffjdh7z.cloudfront.net togetherprice.freshdesk.com graph.facebook.com people.googleapis.com in.hotjar.com www.google-analytics.com api.togetherprice.com apiv2.togetherprice.com wss://apiv2.staging.togetherprice.com  wss://apiv2.togetherprice.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com fonts.googleapis.com onesignal.com *.algolianet.com *.iubenda.com; manifest-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' optimize.google.com 1
frame-ancestors 'self' https://manage.americanmachinist.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.scheduleproweb.com; object-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.c.evidon.com cdnjs.cloudflare.com *.cloudfront.net axaelevendx.nanorep.co translate.google.com fonts.googleapis.com motor.axa.ie www.google.com *.axa.gbqofs.io cdn2.gbqofs.com *.googlesyndication.com www.googletagmanager.com pay.realexpayments.com *.s3.amazonaws.com nr1.s3.amazonaws.com data.stbuttons.click webmail.axa.ie *.googleadservices.com www.google.ae www.google.nl stc08.u5e.com images.contentful.com images.ctfassets.net *.bat.bing.com www.facebook.com *.doubleclick.net cdn.gbqofs.com axa.gbqofs.io d6tizftlrpuof.cloudfront.net secureweb.axa.ie *.voc.uk.glassboxrnd.com www.youtube.com w.usabilla.com optimize.google.com voc.uk.glassboxrnd.com *.facebook.net www.google.de *.googleapis.com www.google.co.za region1.google-analytics.com report.axa.gbqofs.io www.google-analytics.com *.usabilla.com *.optimize.google.com *.d6tizftlrpuof.cloudfront.net l.sharethis.com connect.facebook.net usabilla.com www.googleoptimize.com optoutapi.evidon.com www.google.co.uk *.www.facebook.com *.azureedge.net *.analytics.google.com ws.sharethis.com www.google.com.au *.report.axa.gbqofs.io c.evidon.com www.google.es *.axaelevendx.nanorep.co www.google.ro collection.axa.ie *.www.google.ie bcp.crwdcntrl.net l.evidon.com abtasty.com try.abtasty.com *.facebook.com api.feefo.com cdn.knightlab.com maps.google.com www.google.fr fonts.gstatic.com *.abtasty.com s3.amazonaws.com www.google.ie www.google.it www.gstatic.com *.visitor-services.nanorep.com pay.google.com visitor-services.nanorep.com adservice.google.com analytics.google.com bat.bing.com; frame-ancestors 'self' www.axa.ie ;  1
default-src 'self'; script-src 'self' 'unsafe-inline' https://browser-update.org https://archive.org https://analytics.archive.org https://orders.value.net https://feed2js.widomaker.com https://html5shiv.googlecode.com; style-src 'self' 'unsafe-inline' https://www.w3schools.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://widomaker.com/HSTS.png https://pr.prchecker.info https://browser-update.org https://canarytokens.com; base-uri 'self'; frame-ancestors 'none'; media-src 'self' https://upload.wikimedia.org; upgrade-insecure-requests; report-uri https://widomaker.report-uri.com/r/d/csp/enforce https://widomaker.uriports.com/reports/report 1
default-src 'none';img-src 'self';style-src 'sha256-o4rHkPeyjUYZ9Ma8k+FSNj6DmfBv7lLhX5LFEQ1dWTQ=';frame-ancestors https://kagi.com/smallweb;base-uri 'none';form-action https://collector.seirdy.one/webmentions/receive;manifest-src 'self';upgrade-insecure-requests;sandbox allow-same-origin allow-forms allow-downloads 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-UZyQpjcv/o4Zcw1qFOFb2rjWW2rQrk2zNnG25aN5Z9NAsFYL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https: data:; connect-src 'self' ws: https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://audi-admin.porsche-holding.com; 1
'self'; frame-ancestors *; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com e-payment.postfinance.ch *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.panini.fr/shp_fra_fr/webformat_csptools/report/; 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://blog.mozilla.org/addons/feed/ https://www.mozilla.org/en-US/newsletter/ https://*.google-analytics.com; font-src 'self'; form-action 'self' https://www.mozilla.org/en-US/newsletter/; frame-ancestors 'none'; frame-src https://www.youtube.com/embed/ https://calendar.google.com/calendar/appointments/; img-src 'self' data:; object-src 'none'; script-src 'self' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'sha256-vqFvYKh0rwFP9fSa0PuzUff2ElHQ+rkjGfycqUNqufQ=' https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://strangeobject.space 'wasm-unsafe-eval'; font-src 'self' https://strangeobject.space; img-src 'self' data: blob: https://strangeobject.space https://files.strangeobject.space; style-src 'self' https://strangeobject.space 'nonce-efmaY67jCSQUcwOQcBI0dg=='; media-src 'self' data: https://strangeobject.space https://files.strangeobject.space; frame-src 'self' https:; child-src 'self' blob: https://strangeobject.space; worker-src 'self' blob: https://strangeobject.space; connect-src 'self' blob: data: wss://strangeobject.space https://strangeobject.space https://files.strangeobject.space; manifest-src 'self' https://strangeobject.space; form-action 'self' 1
default-src 'self'; script-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://audience-sites.din.developpement-durable.gouv.fr https://polyfill.io https://msvcdsiqzkcom.matomo.cloud 'unsafe-eval' 'unsafe-inline'; style-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.piste.gouv.fr 'unsafe-inline'; object-src 'none'; connect-src 'self' https://api-gateway.app.smart-tribune.com; font-src 'self' data: https://assets.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://www.bison-fute.gouv.fr https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://audience-sites.din.developpement-durable.gouv.fr https://static.piste.gouv.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://uploads.app.smart-tribune.com; 1
form-action 'self'; object-src 'self'; worker-src 'self' blob:; img-src *.doubleclick.net doubleclick.net *.pagetiger.com pagetiger.com *.cookielaw.org cookielaw.org www.google-analytics.com ssl.google-analytics.com dashboard.umbraco.org data: our.umbraco.com our.umbraco.org 'self' i.ytimg.com insights.slaughterandmay.com px.ads.linkedin.com; script-src-elem *.pagetiger.com pagetiger.com ssl.google-analytics.com siteimproveanalytics.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com pagespeed-mod.com ssl.googletagmanager.com www.google.com www.gstatic.com cdn.cookielaw.org code.jquery.com insights.slaughterandmay.com analytics.shorthand.com iframely.shorthand.com snap.licdn.com 'unsafe-inline' 'self'; style-src-attr 'unsafe-inline'; style-src-elem insights.slaughterandmay.com fonts.googleapis.com 'unsafe-inline' 'self'; frame-src 'self' *.qumucloud.com *.slaughterandmay.com www.google.com cdn.yoshki.com www.youtube.com player.vimeo.com *.podbean.com podbean.com embed.podcasts.apple.com px.ads.linkedin.com/wa *.pagetiger.com pagetiger.com; connect-src *.google-analytics.com google-analytics.com *.onetrust.io onetrust.io *.pagetiger.com pagetiger.com our.umbraco.com *.passle.net cdn.cookielaw.org cdn.linkedin.oribi.io stats.g.doubleclick.net gateway.shorthand.com 'self'; script-src ssl.google-analytics.com www.google.com www.google-analytics.com www.gstatic.com www.googletagmanager.com cdn.cookielaw.org code.jquery.com 'unsafe-eval' 'unsafe-inline' 'self'; report-uri https://367bc1309b9121b00de27c5dbdfe8aa8.report-uri.com/r/d/csp/enforce 1
default-src 'unsafe-inline' 'self' *.meucarronovo.com.br *.gstatic.com *.googleapis.com *.artfut.com; img-src 'unsafe-inline' 'self' data: https:; script-src 'self' *.meucarronovo.com.br 'unsafe-inline' 'unsafe-eval' *.facebook.net *.google.com *.googlesyndication.com *.google.com.br *.googletagmanager.com *.gstatic.com *.googleapis.com *.googletagservices.com *.google-analytics.com *.googleadservices.com citydsp.com cityadspix.com *.citydsp.com *.criteo.net *.criteo.com *.trovit.com *.artfut.com *.getblue.io *.enviou.com.br *.clarity.ms *.doubleclick.net *.hotjar.com *.adobedtm.com *.evergage.com *.evgnet.com action.metaffiliation.com cdn.cookielaw.org *.ampproject.org x.cnt.my retagro.com anilima.com; font-src 'self' *.meucarronovo.com.br *.gstatic.com *.googleapis.com *.hotjar.com; connect-src 'self' *.meucarronovo.com.br *.facebook.net *.facebook.com *.googlesyndication.com *.google.com.br *.google.com *.googletagservices.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.gstatic.com *.go2cloud.org citydsp.com cityadspix.com *.citydsp.com *.criteo.com *.criteo.net *.trovit.com *.admitad.com *.artfut.com *.getblue.io *.enviou.com.br *.clarity.ms *.doubleclick.net *.hotjar.com *.hotjar.io *.adobedtm.com *.demdex.net limaaudit.azurewebsites.net *.evergage.com *.evgnet.com action.metaffiliation.com cdn.cookielaw.org *.onetrust.com votorantim.sc.omtrdc.net retagro.com anilima.com; frame-src 'self' *.meucarronovo.com.br *.google.com *.googlesyndication.com *.googletagmanager.com *.criteo.com *.criteo.net *.getblue.io *.doubleclick.net *.hotjar.com *.demdex.net 1
frame-ancestors 'self' www.ranzijn.nl ranzijn.nl magento.ranzijn.nl; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com e-payment.postfinance.ch *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.panini.co.uk/shp_gbr_en/webformat_csptools/report/; 1
frame-ancestors *.psc.ac.uk 'self'; 1
default-src 'self' https: *.junehomes.com; style-src 'self' blob: 'unsafe-inline' https: fonts.googleapis.com *.hotjar.com; style-src-elem 'self' blob: 'unsafe-inline' https: fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleapis.com *.gstatic.com *.hotjar.com *.klaviyo.com *.segment.io *.segment.com *.cdn-apple.com *.facebook.net *.google.com *.cloudfront.net *.doubleclick.net www.googleadservices.com www.google-analytics.com cdn.ravenjs.com use.typekit.net assets.website-files.com cdn.jsdelivr.net cdnjs.cloudflare.com chat-assets.frontapp.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: *.pusher.com *.googleapis.com *.gstatic.com *.facebook.net *.google.com *.doubleclick.net *.hotjar.com *.klaviyo.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com; img-src 'self' data: blob: https: *.junehomes.net junehomes.s3.amazonaws.com junehomes-dev.s3.amazonaws.com storage.googleapis.com maps.googleapis.com maps.googleapis.com maps.gstatic.com www.google-analytics.com *.hotjar.com; font-src 'self' data: https: fonts.gstatic.com *.hotjar.com; connect-src 'self' https: wss://junehomes.com wss://*.junehomes.net wss://*.hotjar.com wss://*.pusherapp.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.klaviyo.com *.segment.io *.segment.com *.cdn-apple.com *.facebook.net *.google.com *.cloudfront.net *.doubleclick.net s3.amazonaws.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.facebook.com sentry.io chat-assets.frontapp.com; frame-src 'self' blob: https: *.stripe.com *.hotjar.com *.doubleclick.net calendly.com accounts.google.com www.shipilov.design www.facebook.com app.hellosign.com my.matterport.com; child-src 'self' blob: https:; manifest-src 'self'; frame-ancestors 'self' https: coliving.com offcampus.american.edu; report-uri https://o222467.ingest.sentry.io/api/5779778/security/?sentry_key=b27c0934d076459b8d076fc80a5b79e8 1
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 1
default-src 'self' *.adopted.com *.clarity.ms *.cookiebot.com fonts.googleapis.com fonts.gstatic.com static.cloudflareinsights.com *.cloudflare.com *.vimeo.com *.vimeocdn.com *.vumbnail.com *.paypal.com *.na.bambora.com  *.plandisc.com *.bambora.com *.googleapis.com api.shareasale.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com v6.exchangerate-api.com cdn.linkedin.oribi.io *.ziggeo.com *.youtube.com *.google.com *.google.co.in *.googleadservices.com *.bing.com *.g.doubleclick.net *.facebook.com *.facebook.net *.outbrain.com *.licdn.com *.google-analytics.com ws.interfax.net *.paypalobjects.com 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.jquery.com *.trustpilot.com *.trustpilot.net seal-mbc.bbb.org data: 'unsafe-inline' 'unsafe-eval';  img-src 'self' blob: data: *.adopted.com *.vimeocdn.com *.vumbnail.com *.clarity.ms *.na.bambora.com *.shareasale.com *.shareasale-analytics.com secure.trust-guard.com *.googleapis.com *.googleadservices.com *.bing.com *.facebook.com *.facebook.net *.g.doubleclick.net *.outbrain.com *.paypal.com *.licdn.com p.adsymptotic.com *.google.com *.linkedin.com *.googletagmanager.com *.google.co.in  px.ads.linkedin.com *.amazonaws.com *.ziggeo.com *.youtube.com *.google-analytics.com maps.gstatic.com seal-mbc.bbb.org; object-src data: 'unsafe-eval'; 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data: *.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests; 1
upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://yewtu.be https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com 1
default-src 'self' ; script-src 'self' 'strict-dynamic' 'nonce-c76e4a7c-beb2-41e6-856e-3d340654fa45' https://script.hotjar.com https://cdn.matomo.cloud https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data: https://*.gstatic.com/ data: https://script.hotjar.com https://*.vimeocdn.com; connect-src 'self' data: https://*.siteimproveanalytics.io https://script.hotjar.com https://finanstilsynet.matomo.cloud https://player.vimeo.com; font-src 'self' ; child-src 'self' https://player.vimeo.com https://www.google.com https://app.powerbi.com; form-action 'self' ; frame-ancestors 'self' ; base-uri 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://foursixty.com https://*.cloudfront.net https://*.bazaarvoice.com http://*.bazaarvoice.com https://mpsnare.iesnare.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com http://connect.nosto.com https://www.paypal.com/ https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://*.smooch.io https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.visualwebsiteoptimizer.com https://*.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://zendesk-eu.my.sentry.io https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://*.pinimg.com https://*.sportscraft.nz http://*.sportscraft.nz http://*.criteo.com http://*.criteo.net https://*.criteo.net https://*.criteo.com https://*.pinterest.com http://*.pinterest.com https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://cdn.jsdelivr.net https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com/ https://*.cardinalcommerce.com/; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://foursixty.com http://foursixty.com https://*.bazaarvoice.com http://*.bazaarvoice.com https://*.googleapis.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com http://connect.nosto.com https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://*.facebook.net https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://cdn.jsdelivr.net https://*.visualwebsiteoptimizer.com https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/; font-src 'self' https://themes.googleusercontent.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com https://*.webeyez.com https://*.cardinalcommerce.com/ data:; frame-src 'self' https://*.saba.com.au https://apps.bazaarvoice.com http://apps.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://stg.api.bazaarvoice.com http://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com http://analytics-static.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com http://display.ugc.bazaarvoice.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com http://network-stg.bazaarvoice.com http://network.bazaarvoice.com https://themes.googleusercontent.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://maps.google.com https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://www.sandbox.paypal.com https://brauz-book-a-stylist.netlify.app https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.criteo.net http://*.criteo.net http://*.criteo.com https://*.pinterest.com http://*.pinterest.com https://cdn.jsdelivr.net https://*.contentful.com https://form.typeform.com https://www.google.com/ https://*.webeyez.com https://*.cardinalcommerce.com/; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local https://*.contentful.com https://*.webeyez.com https://*.cardinalcommerce.com/; object-src 'self'; connect-src 'self' ws: wss: https://foursixty.com http://foursixty.com https://metrics.foursixty.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.algolia.net https://*.algolianet.com http://*.nosto.com https://*.getomneo.com https://*.omneoapp.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://apgandcocom.datatoolscloud.net.au https://kleber.datatoolscloud.net.au https://api.brauz.ai https://brauz-api-netlify.netlify.app https://www.paypal.com https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com https://*.zendesk.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://*.smooch.io https://zendesk-eu.my.sentry.io https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net http://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.sportscraft.com.au https://sgtm.sportscraft.nz https://*.pinterest.com http://*.pinterest.com http://*.criteo.com https://*.criteo.com http://*.criteo.net https://*.criteo.net http://*.sportscraft.nz https://*.sportscraft.nz https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://cdn.jsdelivr.net https://*.algolianet.io https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/; media-src 'self' https://*.saba.com.au https://media.sportscraft.com.au https://*.cloudinary.com https://static.zdassets.com https://sgtm.sportscraft.com.au https://*.sportscraft.com.au https://*.ctfassets.net http://*.cloudinary.com https://*.webeyez.com https://*.cardinalcommerce.com/ 1
frame-ancestors 'self' premieramerica.com *.premieramerica.com *.premieramerica.wakeflywebsites.com; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.trade.com 1
default-src 'self'; script-src 'self' 'unsafe-inline'  'unsafe-eval'  https://bam.nr-data.net/ https://alive5.com/ https://www.google-analytics.com/ https://static.addtoany.com/  https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://cdn.jsdelivr.net/ https://embed.vev.page/ https://cdn.vev.design/ https://js.vev.design/ https://ivr.mobilus.me/ https://use.typekit.net https://s.yimg.jp/ https://guest-agent.mobilus.me/ https://cdn.agent.mobilus.me/ https://agent.mobilus.me/ https://munchkin.marketo.net https://ob.herbgreencolumn.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://bat.bing.com/ https://sp-trk.com/ https://am.yahoo.co.jp/ https://b99.yahoo.co.jp/ https://obs.herbgreencolumn.com/ https://obs.herbgreencolumn.com/ https://vivr.i-pro.com/; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ https://alive5.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://ivr.mobilus.me/ https://cdn.jsdelivr.net/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://cdn.agent.mobilus.me/ https://guest-agent.mobilus.me/ https://vivr.i-pro.com/; img-src 'self' blob: https://staging.i-pro.com https://placehold.jp  https://www.google-analytics.com/ https://bam.nr-data.net/ https://www.googletagmanager.com/ data: w3.org/svg/2000 https://alive5cdn.s3.amazonaws.com/images/ https://cdn.redoc.ly/redoc/ https://cdn.vev.design/ https://film.vev.design/ https://fonts.gstatic.com/ https://vivr.i-pro.com/ https://cdn.agent.mobilus.me/ https://www.google.co.jp/ https://ipropass.prod.acquia-sites.com/ https://ipropassstg.prod.acquia-sites.com/ https://www.google.com/ https://bat.bing.com/ https://b99.yahoo.co.jp/ https://www.facebook.com/ https://obs.herbgreencolumn.com/; media-src 'self' https://film.vev.design/; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com/ https://static.addtoany.com https://alive5.com/ https://td.doubleclick.net/ https://lp.i-pro.com/; child-src 'self' blob:; font-src 'self' https://use.typekit.net/ data: application/font-woff https://fonts.gstatic.com https://use.fontawesome.com/ https://cdn.agent.mobilus.me/; connect-src 'self' https://api-v2.alive5.com/ https://alive5.com/ https://stats.g.doubleclick.net https://static.addtoany.com/ https://bam.nr-data.net/ https://www.google-analytics.com/ https://cdn.vev.design/ https://p.typekit.net/ https://use.typekit.net https://guest-agent.mobilus.me/ https://analytics.google.com/ wss://guest-agent.mobilus.me/ https://348-tbp-560.mktoresp.com/ https://pagead2.googlesyndication.com/ https://sp-trk.com/ https://obs.herbgreencolumn.com/; report-uri /products_and_solutions/report-csp-violation 1
default-src 'self' https://player.vimeo.com https://*.twitter.com https://zetetic.zendesk.com https://c.disquscdn.com https://disqus.com https://*.google-analytics.com https://*.zdassets.com https://createsend.com https://*.createsend.com https://zetetic.test.onfastspring.com https://zetetic.onfastspring.com; img-src 'self' 'unsafe-inline' data: https://*.google-analytics.com https://*.twitter.com https://*.twimg.com https://ajax.googleapis.com https://*.zendesk.com https://*.disqus.com https://*.disquscdn.com https://maven-badges.herokuapp.com https://d1f8f9xcsvx3ha.cloudfront.net; script-src 'self' 'unsafe-inline' https://*.disqus.com https://disqus.com https://*.disquscdn.com https://*.github.com https://*.zendesk.com https://www.wufoo.com https://*.google-analytics.com https://*.twimg.com https://*.createsend1.com https://player.vimeo.com https://*.twitter.com https://*.twimg.com https://*.wufoo.com https://ajax.googleapis.com  https://static.zdassets.com https://d1f8f9xcsvx3ha.cloudfront.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://ajax.googleapis.com https://*.zendesk.com https://*.github.com https://*.disquscdn.com; frame-src 'self' https://player.vimeo.com https://*.createsend1.com https://*.twitter.com https://*.wufoo.com https://disqus.com https://duckduckgo.com https://zetetic.test.onfastspring.com https://zetetic.onfastspring.com; object-src 'self' https://*.disquscdn.com https://*.disqus.com 1
base-uri 'none'; default-src https:; form-action 'none'; frame-ancestors 'none'; img-src 'self'; media-src 'self' www.namecoin.org; object-src 'none'; script-src 'self'; style-src 'self' 1
report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 1
default-src 'self' https://www.molalla.com https://beta.molalla.com https://molalla.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.molalla.com https://beta.molalla.com https://molalla.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://speedtest.molalla.net; frame-src 'self' https://speedtest.molalla.net; font-src 'self' data: 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://theatl.social; img-src 'self' https: data: blob: https://theatl.social; style-src 'self' https://theatl.social 'nonce-s3OAitCqPw24IynfFWRmjw=='; media-src 'self' https: data: https://theatl.social; frame-src 'self' https:; manifest-src 'self' https://theatl.social; form-action 'self'; child-src 'self' blob: https://theatl.social; worker-src 'self' blob: https://theatl.social; connect-src 'self' data: blob: https://theatl.social https://o1.theatl.social wss://theatl.social; script-src 'self' https://theatl.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://woodland.cafe; img-src 'self' data: blob: https://woodland.cafe; style-src 'self' https://woodland.cafe 'nonce-wOOFN7DTD/4JQ7GHn8F1+Q=='; media-src 'self' data: https://woodland.cafe; frame-src 'self' https:; manifest-src 'self' https://woodland.cafe; form-action 'self'; child-src 'self' blob: https://woodland.cafe; worker-src 'self' blob: https://woodland.cafe; connect-src 'self' data: blob: https://woodland.cafe wss://woodland.cafe; script-src 'self' https://woodland.cafe 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://a.cms.omniupdate.com default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: 1
your-content-security-policy-here 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e613fae0ecde1705d351140a762ae05c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://www.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.gstatic.com https://www.awin1.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.googleadservices.com https://www.facebook.com https://*.pinterest.com https://trck.linkster.co https://*.billiger.de https://*.cloudfront.net https://brxcdn.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://www.sovendus-benefits.com https://www.sovendus-connect.com https://ct.pinterest.com https://*.bambuser.com https://tbs.tradedoubler.com https://ams.creativecdn.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.bambuser.com https://*.abtasty.com https://connect.getflowbox.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://x.klarnacdn.net https://sentry.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://www.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://www.google.com https://googleads.g.doubleclick.net https://services.vhwmcs.net https://qa-services.vhwmcs.net https://*.sovendus.com https://ct.pinterest.com https://*.bambuser.com https://*.abtasty.com https://*.getflowbox.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de https://cdn.flbx.io; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
upgrade-insecure-requests;  default-src data: 'unsafe-inline' 'unsafe-eval' https:;  script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;  style-src data: 'unsafe-inline' https:;  img-src data: https: blob: android-webview-video-poster:;  font-src data: https:; connect-src https: wss: blob:;  media-src data: https: blob:; object-src https:;  child-src https: data: blob:; form-action https:;  report-uri https://642d86e5f1e3671a291357d5.endpoint.csper.io?v=1; 1
frame-ancestors 'self' http://webvisor.com https://webvisor.com http://*.webvisor.com https://*.webvisor.com https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://*.diamonds-are-forever.ru https://diamonds-are-forever.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com rlforms.referlive.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com *.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://apps.usw2.pure.cloud http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com cdn.datatables.net kit.fontawesome.com www.youtube.com *.vo.msecnd.net *.us.tvsquared.com *.monsido.com up.pixel.ad *.doubleclick.net *.hotjar.com *.digindemo.com; style-src 'self' 'unsafe-inline' *.googleapis.com rlforms.referlive.com/css/ReferLive_bankplus.css *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: ka-f.fontawesome.com; img-src bap.bankplus.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.tvsquared.com *.monsido.com *.sitescout.com; media-src 'self' data: blob:; frame-src player.vimeo.com 'self' *.doubleclick.net *.hotjar.com *.facebook.com *.sitescout.com *.bankplus.net https://apps.usw2.pure.cloud https://www.digindemo.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src bpwebsvc.bankplus.net 'self' accounts.google.com https://*.insight.sitefinity.com *.hotjar.com *.hotjar.io https://*.dec.sitefinity.com *.mktoresp.com maps.googleapis.com https://api.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud https://api-cdn.usw2.pure.cloud ka-f.fontawesome.com *.google-analytics.com dc.services.visualstudio.com *.visualstudio.com *.monsido.com wss://ws22.hotjar.com rlforms.referlive.com https://ecmacore.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://player.vimeo.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.probikekit.jp https://m.probikekit.jp https://checkout.probikekit.jp https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-7r0EZS4NFzFH2-3KAIJgBw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; 1
form-action 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval'; object-src 'none'; 1
child-src blob:; worker-src blob:; img-src * 'self' data: https://*.local https://*.botest.nl https://*.basicorange.nl https://nietzonderjullie.nl https://*.nietzonderjullie.nl https://werkenbijavl.nl https://*.werkenbijavl.nl https://avlacademie.nl https://*.avlacademie.nl https://www.avl.nl https://*.avl.nl; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.digitalcx.com https://*.elitechnology.com https://*.hotjar.io https://*.foleon.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.nl https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.adform.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cx.atdmt.com https://www.googletagmanager.com https://www.googleoptimize.com https://api.ipify.org https://*.clarity.ms https://i.vimeocdn.com https://www.gravatar.com https://virtuele.tours https://code.jquery.com https://www.mkyong.com https://instant.page/1.2.2 https://use.typekit.net https://widget.freshworks.com https://basicorange.freshdesk.com; frame-src 'self'   https://*.google.com/ https://*.elitechnology.com https://*.local https://*.botest.nl https://*.basicorange.nl https://nietzonderjullie.nl https://*.nietzonderjullie.nl https://werkenbijavl.nl https://*.werkenbijavl.nl https://avlacademie.nl https://*.avlacademie.nl https://avl.nl https://*.avl.nl https://virtuele.tours/ https://vars.hotjar.com/ https://*.youtube.com https://*.youtube-nocookie.com https://*.adform.net    https://*.spotify.com    https://bid.g.doubleclick.net https://*.foleon.com https://*.flippingbook.com http://instant.page; 1
frame-ancestors 'self' https://*.windcreekcasino.com https://windcreekcasino.com; 1
frame-ancestors 'self' youtube.com home.co.th id.home.co.th market.home.co.th www.home.co.th dev.home.co.th dev-market.home.co.th; 1
default-src 'self'; media-src * img.nuzlocke.app; img-src * cdn.statically.io img.nuzlocke.app data:; frame-src nuzlocke.vercel.app; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.ingest.sentry.io *.googletagmanager.com *.google-analytics.com *.nuzlocke.app cdn.statically.io c.bin.com fonts.gstatic.com raw.githubusercontent.com; worker-src 'self' blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'self'  *.googletagmanager.com *.google-analytics.com; 1
font-src 'self' https://*.googleapis.com https://*.gstatic.com; img-src 'self' data: https://*.hubspot.com https://*.hsforms.com https://offstreet.s3.us-west-2.amazonaws.com https://offstreet-file-upload.s3.ca-central-1.amazonaws.com https://media.offstreet.io https://guest-registration-uploads.s3.amazonaws.com https://guest-registration-uploads.s3.us-west-2.amazonaws.com; media-src 'self' data: https://offstreet.s3.us-west-2.amazonaws.com https://offstreet-file-upload.s3.ca-central-1.amazonaws.com https://media.offstreet.io https://guest-registration-uploads.s3.amazonaws.com https://guest-registration-uploads.s3.us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://widget.freshworks.com; report-uri https://sentry.io/api/undefined/security/?sentry_key=undefined; report-to 'csp-endpoint' 1
connect-src 'self' *.icordis.be *.lcp.be burgerprofiel.vlaanderen.be wss://authenticatie.vlaanderen.be wss://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgets.burgerprofiel.vlaanderen.be wss://prod.contactapi.uat-vlaanderen.be https://prod.contactapi.uat-vlaanderen.be https://contactapi.vlaanderen.be *.burgerprofiel.be *.vrijwilligerswerk.be *.algolianet.com *.algolia.net vrijwilligerswerk.be *.facebook.com *.facebook.net *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com *.readspeaker.com *.giveaday.be https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.hcaptcha.com *.driftt.com; font-src 'self' *.icordis.be *.lcp.be https://ui.vlaanderen.be https://dij151upo6vad.cloudfront.net *.gstatic.com *.curator.io *.vrijwilligerswerk.be vrijwilligerswerk.be *.widget.enviso.io *.enviso.io *.timeblockr.com *.readspeaker.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://kit-pro.fontawesome.com https://apps.ticketmatic.com *.typekit.net *.googleapis.com *.driftt.com; frame-src 'self' *.icordis.be *.lcp.be notfound-static.fwebservices.be stratenplan.oostende.be *.iamfas.belgium.be https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.frontend.burgerprofiel.vlaanderen.be https://authenticatie.vlaanderen.be https://idp.iamfas.belgium.be *.youtube.com youtu.be  www.youtube.com *.soundcloud.com *.curator.io *.vimeo.com *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.gift2give.be *.issuu.com maps.geopunt.be *.maps.geopunt.be *.api.vlaanderen.be *.vlaanderen.be *.geopunt.be *.spotify.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com app.eaglebe.com *.google.com https://calendar.google.com plugin.routeyou.com www3.sport.vlaanderen forms.office.com *.nodemapp.com https://www.recycleapp.be https://360-tour.be https://www.360-tour.be https://audiomack.com player.cdn01.rambla.be *.rambla.be https://player.clevercast.com *.hcaptcha.com *.driftt.com *.waze.com; img-src 'self' *.icordis.be *.lcp.be data: *.amazonaws.com https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgetconfigservice.burgerprofiel.vlaanderen.be data: *.osm.be *.informatievlaanderen.be *.geopunt.be *.tile.openstreetmap.org https://geo.api.vlaanderen.be *.ytimg.com *.google.com *.soundcloud.com *.curator.io *.vimeo.com *.vimeocdn.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net https://scontent-iad3-1.xx.fbcdn.net  *.fbsbx.com *.facebook.com *.facebook.net *.gift2give.be *.issuu.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com *.google.be *.uitdatabank.be  udb-media.imgix.net udb2-media.imgix.net  images-prod-uitdatabank.imgix.net *.westtoer.be *.west-vlaanderen.be *.tile.openstreetmap.fr *.cloudfront.net *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.googleapis.com https://squizlabs.github.io *.driftt.com *.waze.com; script-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be 'unsafe-eval' https://prod.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.geopunt.be *.youtube.com *.curator.io *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.vlaanderen.be *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com *.readspeaker.com https://geo.api.vlaanderen.be app.eaglebe.com maps.googleapis.com *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.googleapis.com *.hcaptcha.com https://squizlabs.github.io *.driftt.com *.waze.com; worker-src 'self' www.oostende.be *.icordis.be *.lcp.be https://prod.widgets.burgerprofiel.vlaanderen.be *.soundcloud.com *.curator.io *.enviso.io *.adyen.com https://apps.ticketmatic.com *.driftt.com; frame-ancestors 'self' https://stats.lcp.be *.enviso.io *.adyen.com https://stats.lcp.be *.driftt.com; style-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be www.oostende.be fonts.googleapis.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net *.widget.enviso.io *.enviso.io *.timeblockr.com *.readspeaker.com app.eaglebe.com *.giveaday.be *.googleapis.com https://kit-pro.fontawesome.com fonts.googleapis.com openfed.github.io toegankelijk.vlaanderen.be *.typekit.net *.googleapis.com https://squizlabs.github.io *.driftt.com; object-src  *.driftt.com; ; report-uri /report-csp-violation 1
frame-ancestors https://qatest.forms.cwtsatotravel.com https://forms.cwtsatotravel.com https://prod.cwtsatotravel.com https://qa.cwtsatotravel.com https://www.cwtsatotravel.com https://www.satotravel.com https://www.cwtsato.com https://content.mycwt.com https://content-d.mycwt.com; script-src 'self' https://www.googletagmanager.com https://qatest.forms.cwtsatotravel.com https://forms.cwtsatotravel.com https://prod.cwtsatotravel.com https://qa.cwtsatotravel.com https://www.cwtsatotravel.com https://www.satotravel.com https://www.cwtsato.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.joinsherpa.io 'unsafe-inline' https://cdnjs.cloudflare.com https://www.youtube.com *.custhelp.com https://www.rnengage.com; object-src 'self'; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'strict-dynamic' 'nonce-3cfa2e05bf2e75cb018603bfe00dff66' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.brightcove.com *.brightcove.net *.vimeo.com *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com *.cincopa.com *.google.com *.gstatic.com *.ceros.com *.qualtrics.com *.moatads.com;img-src 'self' data: about: t.co *.twitter.com *.vimeocdn.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com *.cincopa.com *.linkedin.com *.google.com *.doubleclick.net *.qualtrics.com *.adsymptotic.com *.guggenheiminvestments.com;style-src 'self' 'unsafe-inline' *.twitter.com *.cincopa.com *.twimg.com;media-src 'self' blob: *.boltdns.net;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.cincopa.com *.visualstudio.com *.google-analytics.com *.qualtrics.com *.akamaihd.net;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.ceros.com *.guggenheimpartners.com *.knightlab.com *.vimeo.com https://vimeo.com *.captivate.fm; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com; report-uri https://www.guggenheiminvestments.com/cspreport 1
script-src 'self' *.cookiebot.com *.googletagmanager.com *.googleapis.com *.licdn.com *.i.cz *.doubleclick.net *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.slcschools.org schools.slcschools.org slcschools-ut.safeschools.com; 1
default-src 'self' blob: https://latium.org https://*.latium.org wss://*.latium.org http://storage.latium.org https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://translate.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.unsplash.com https://*.zdassets.com:* https://latiumsupport.zendesk.com:* https://widget-mediator.zopim.com:* wss://widget-mediator.zopim.com:* https://*.sentry.io https://*.squareup.com https://*.squareupsandbox.com; img-src 'self' data: https: http://storage.latium.org http://www.google.com http://translate.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.cloudfront.net https://*.squarecdn.com; style-src 'self' 'unsafe-inline' https://prod.latium.org https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.squarecdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://translate-pa.googleapis.com https://translate.googleapis.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://js.stripe.com https://*.twitter.com https://*.twimg.com https://static.zdassets.com https://connect.facebook.net https://*.sentry-cdn.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com; frame-src 'self' https:; media-src 'self' data: https://latium.org https://static.zdassets.com; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.doubleclick.net *.geotrust.com *.bing.com *.google.com *.gstatic.com *.powerreviews.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com *.msn.com *.yimg.com *.yahoo.com *.iesnare.com *.digicert.com *.ywxi.net *.amazonaws.com *.trustedsite.com *.akamai.net *.go-mpulse.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.rackcdn.com *.trackedlink.net *.trackedweb.net *.youtube.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.powerreviews.com; img-src 'self' data: *.typekit.net *.doubleclick.net *.geotrust.com *.bing.com *.google.com *.google-analytics.com *.doubleclick.net *.ywxi.net *.powerreviews.com *.cloudinary.com *.paypal.com *.paypalobjects.com *.digicert.com *.yahoo.com; font-src 'self' *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.kaptcha.com *.youtube.com; connect-src 'self' *.doubleclick.net *.powerreviews.com *.braintree-api.com *.braintreegateway.com *.bing.com *.paypal.com *.amazonaws.com *.akamai.net *.go-mpulse.net *.akamaistat.io *.google.com *.google-analytics.com *.trackedweb.net; form-action 'self'; frame-ancestors 'self'; 1
base-uri 'self';default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-d6ef02597680441abe8ca4bf8b45123d' *.readspeaker.com *.google.com *.gstatic.com *.siteimprove.com https://siteimproveanalytics.com/js/siteanalyze_6006062.js https://cloudstatic.obi4wan.com/chat/obi-launcher.js *.obi4wan.com *.pusher.com  https://stats.pusher.com/timeline/ https://js.pusher.com/4.1/ https://cloudstatic.obi4wan.com/ https://chatapi.obi4wan.com/api/v1.0/;frame-src 'self' *.youtube-nocookie.com *.youtu-nocookie.be *.google.com *.readspeaker.com cloudstatic.obi4wan.com;connect-src 'self' https://6006243.global.siteimproveanalytics.io https://cloudstatic.obi4wan.com/ https://sockjs-eu.pusher.com/pusher/ https://*.pusher.com/ https://chatapi.obi4wan.com/api/v1.0/ wss://ws-eu.pusher.com/app/ https://chatapi.obi4wan.com/api/v1.0/token;style-src 'self' 'unsafe-inline' *.readspeaker.com cloudstatic.obi4wan.com;img-src * data:;font-src 'self' data:;object-src 'self';media-src 'self' *.readspeaker.com cloudstatic.obi4wan.com 1
default-src 'self'; script-src 'self' ads.dragonfru.it js-agent.newrelic.com bam.nr-data.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ 'nonce-yukRDDiApJmGUvi0cjHTTw=='; style-src 'self' 'unsafe-inline'; connect-src 'self' ads.dragonfru.it bam.nr-data.net plausible.dragonfru.it; object-src 'self' static1.e621.net static1.e926.net; media-src 'self' static1.e621.net static1.e926.net; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/; font-src 'self'; img-src 'self' data: static1.e621.net static1.e926.net ads.dragonfru.it; child-src 'none'; form-action 'self' discord.e621.net discord.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://trades.sevenreflections.com https://atr.sevenreflections.com https://vip.sevenreflections.com https://m.sevenreflections.com http://m.sevenreflections.com https://amp.sevenreflections.com https://a.sevenreflections.com https://www.sevenreflections.com https://www.sevenreflections.com https://www.google.com https://cdn.ampproject.org https://khms.googleapis.com https://platform.twitter.com  https://connect.facebook.net https://use.typekit.net   https://maps.googleapis.com https://khms1.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://khms0.googleapis.com https://ajax.googleapis.com https://www.gstatic.com; base-uri 'self'; 1
connect-src 'self' *.tawk.to *.fontawesome.com *.google-analytics.com *.hcaptcha.com wss://*.tawk.to analytics.tiktok.com *.doubleclick.net *.analytics.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com *.google.com *.google.cz *.google.pl www.gstatic.com static-eu.payments-amazon.com cdn.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net player.podigee-cdn.net *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.taboola.com glamipixel.com *.b-cdn.net *.dognet.sk *.s24.com *.imedia.cz *.seznam.cz *.doubleclick.net *.app.baqend.com *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io tracking.s24.com; img-src 'self' data: * userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com *.app.baqend.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.parcellab.com *.googletagmanager.com *.fitanalytics.com player.podigee-cdn.net *.hcaptcha.com *.behamics.com *.app.baqend.com; font-src 'self' https://themes.googleusercontent.com data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net *.fitanalytics.com *.b-cdn.net player.podigee-cdn.net *.app.baqend.com; frame-src 'self' www.google.com *.google.com *.google.cz *.google.pl book.timify.com/services cdn.lightwidget.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com player.podigee-cdn.net *.usercentrics.eu *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.dwin1.com *.awin1.com *.hcaptcha.com *.fatmedia.io *.behamics.com *.adform.net *.b-cdn.net *.taboola.com *.imedia.cz *.seznam.cz *.doubleclick.net *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io tracking.s24.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *.hirmercdn.de hirmercdn.de *.hirmerservice.de *.algolianet.com *.algolia.net *.algolia.io algolia.net maps.googleapis.com www.google.com *.google.com *.google.cz *.google.pl www.gstatic.com static-eu.payments-amazon.com payments-eu.amazon.com api.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com *.userlike.com d3upe020n1uosc.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.b-cdn.net *.taboola.com *.imedia.cz *.seznam.cz *.doubleclick.net *.app.baqend.com *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io tracking.s24.com; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; media-src 'self' *.hirmercdn.de hirmercdn.de hirmer-muenchen.de www.hirmer-muenchen.de d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 1
frame-ancestors 'self' https://*.atrapalo.cl; report-uri /csp/report; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.razorpay.com/v1/checkout.js;script-src-elem 'self' 'unsafe-inline' https://checkout.razorpay.com/v1/checkout.js;style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline';font-src 'self' 'unsafe-inline';object-src 'none';img-src 'self' 'unsafe-inline' blob: data:;frame-src 'self' 'unsafe-inline' https://api.razorpay.com/;connect-src 'self' 'unsafe-inline' https://lumberjack-metrics.razorpay.com/ https://lumberjack.razorpay.com/v1/track https://lumberjack-cx.razorpay.com/; 1
default-src 'self';         style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com www.svvv.edu.in svvv.edu.in cdnjs.cloudflare.com use.fontawesome.com cdn.plyr.io player.vimeo.com ;        font-src 'self' data: fonts.gstatic.com www.svvv.edu.in svvv.edu.in unpkg.com use.fontawesome.com cdnjs.cloudflare.com;        script-src * 'unsafe-inline' 'unsafe-eval';        img-src 'self' i.ytimg.com data: www.google.com www.google.co.in encrypted-tbn0.gstatic.com;        frame-src www.svvv.edu.in svvv.edu.in accounts.google.com app.powerbi.com www.youtube.com bid.g.doubleclick.net td.doubleclick.net clickeffect.co.in;        connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;        media-src 'self' www.youtube.com ; 1
default-src *;img-src * 'self' data: https:; script-src 'self' * 'nonce-bb836447989eb11222dbe2836d64e4889607e6e32c4f611f2ee4b7770d1b9f68' 'nonce-7bf608bfb371a945e52dc40f04c505ca3708d76e5801cabc1fadf61336700725' 'nonce-d68868c8c80c4e7a0baa18ef87cd087c8145ea3ca735d12531b5cb132029a942' 'nonce-5afa01873ba691c103d874b65b31f06daec23281f323a3742bbf31aca3fa5719' 'nonce-7194f7af8b4250bd15dbf253261b0ba311718b0267fa04bdff573d3f67ec9f79' 'nonce-8733dc0df53920fa4e50b810b939ddf4d7e615e3619e6cb11e780b54d67ab3cf' 'nonce-5379243c0fe42f15839db38735bcfd3aa033a45a69ff007fbec9a2bf8c7c0500' 'nonce-b4c0b61387c9377040b57981f207180f8dc6e9a7581968c18d7d832214d3c698' 'nonce-8967b4e021fa1875883437a98fc9040f629272d937a8bb3e11b2d14b56c5eaae' 'nonce-f32a8a8cffe9abe4762586d2aaba228c22e0f82914a1962f282764321c7c1e2f' 'nonce-9273a80b19bed1fb425fb95439747d36ba333e8a2523d0b138000587e8e62cb9' 'nonce-980b399cfe127611cee52b460e64416c8d91426bb97dcb4213831a888d33313e' 'nonce-050b884f66cf8bccf5940534ba557d96638fc5dffd3a95ed5a1c30c41e11b13a' 'nonce-2f7b6c1909744d460481e33683d29eef1fbe565dd2ad7d7ced8a2d17a388de77' 'nonce-54f2c33e44d8ae02c4cef8c9802dd1e9e425fd1c5f879e42057f620b85d4fe8a' 'nonce-b661cf14bae4ce407560b2020cde86d726e049d8b738587421cf32f5487b679c' 'nonce-a89570a03a3ef1e504d0215945d3b6dd6576af73d8c7bd0a41c74578c67f4bfe' 'nonce-e1111667454357153a53510948e657916c205778c8dfbc22bf658300ac4c0698' 'nonce-16e04e6792b9d42d6a3eba894b26e24783fc87d000c89ace944c52cd6fbafe8d' 'nonce-7b53570cd14016f7af3e4c78c29a8cb5326c664393b7ae238ff7f4893e8d0416'; style-src  'self' *;font-src * 'self' data: https 1
frame-ancestors *.amazingco.me 1
base-uri 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'sha256-Uc/E01ZlN6csk0SnxBsbB6EGuuGrR8VY7FstcClnRwg=' 'sha256-SZTpxuWq8jv3R2ImsRBUFXOumLjsSL418z1pa+KwAEQ=' 'sha256-acUkQd8lajWCH0fMhQfDJzuDugsopTnls4vIwvIQcd4='; style-src 'report-sample' 'self' 'unsafe-inline' ; object-src 'self'; img-src 'self' *.regenwald.org data: ; connect-src 'self' ; block-all-mixed-content 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-uFe8Z3mA7uBHchqGXLlRM7SptBhBcgjWapCW4X0CDbC/U6rR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
connect-src 'self' *.wienerstadtwerke.at api.friendlycaptcha.com; style-src 'self' 'unsafe-inline'; base-uri 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com api.friendlycaptcha.com; frame-src 'self' www.google.com einreichportal.waca.at; media-src 'self'; img-src 'self' data:; default-src 'self'; font-src 'self'; worker-src 'self' blob:;  1
frame-ancestors 'self' *.coburg.de *.translate.goog 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.avdelphi.com *.googleapis.com *.openweathermap.org *.gstatic.com *.paypal.com; object-src 'none' ; img-src https: data: blob:; 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com use.fontawesome.com unpkg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: code.jquery.com cdnjs.cloudflare.com static.cloudflareinsights.com stackpath.bootstrapcdn.com;font-src 'self' fonts.gstatic.com use.fontawesome.com;img-src * data:;connect-src * 1
frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.reduniq.pt *.paypal.com *.klarna.com *.bol.pt/* maat.pt/* *.gstatic.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.newrelic.com *.jquery.com *.doubleclick.net *.siteimprove.net *.siteimprove.com *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.facebook.net *.smrk.io unpkg.com *.jsdelivr.net *.cloudflare.com *.newrelic.com *.bol.pt *.rawgit.com *.onetrust.com *.nr-data.net *.highcharts.com *.recaptcha.net *.edp.com *.edpr.com *.e-redes.pt opendata.online.e-redes.pt *.appspot.com *.dig.corp.edp.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; frame-ancestors 'self' *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.reduniq.pt *.paypal.com *.klarna.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.izvrata-net.com https://yandex.ru https://ya.ru https://yandexwebcache.net https://yastatic.net http://webvisor.com https://webcache.googleusercontent.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://*.trustpilot.com/ http://*.userzoom.com/ https://*.reevoo.com/; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.userzoom.com https://connect.facebook.net https://www.googletagmanager.com https://*.trustpilot.com https://*.reevoo.com https://*.doubleclick.net; img-src 'self' data: https://fonts.gstatic.com/ https://www.google.com/ https://www.google.pl/ https://www.google.co.uk/ https://www.google-analytics.com https://www.facebook.com https://*.reevoo.com https://s.userzoom.com https://cx.atdmt.com/ https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://*.reevoo.com http://*.userzoom.com; frame-src https://*.userzoom.com https://www.youtube.com https://*.trustpilot.com https://*.reevoo.com/ https://www.communicatoremail.com/ https://mail.atombank.co.uk/ https://www.youtube.com/ https://player.vimeo.com/; prefetch-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.trustpilot.com/ http://*.userzoom.com http://*.reevoo.com; font-src 'self' data:; object-src 'self'; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.grandvision.it https://*.luxottica.com https://*.essilorluxottica.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://retro.pizza; img-src 'self' https: data: blob: https://retro.pizza; style-src 'self' https://retro.pizza 'nonce-Rw27TgIoPFARd7Su9HWHXA=='; media-src 'self' https: data: https://retro.pizza; frame-src 'self' https:; manifest-src 'self' https://retro.pizza; form-action 'self'; child-src 'self' blob: https://retro.pizza; worker-src 'self' blob: https://retro.pizza; connect-src 'self' data: blob: https://retro.pizza https://cdn.masto.host wss://retro.pizza; script-src 'self' https://retro.pizza 'wasm-unsafe-eval' 1
default-src 'self' *.googletagmanager.com *.google-analytics.com errors.connectholland.nl *.cookiebot.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.clarity.ms; font-src 'self' data: 'unsafe-inline' *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src data: 'self' *.google.nl *.facebook.com *.linkedin.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com https://c.bing.com https://c.clarity.ms;; worker-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googlesyndication.com *.google.com *.googleadservices.com *.gstatic.com *.licdn.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.clarity.ms *.amazonaws.com *.list-manage.com; connect-src 'self' *.doubleclick.net *.googlesyndication.com *.google.nl *.googletagmanager.com *.google.com *.googleadservices.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.clarity.ms *.vicompany.harborn.dev https://vicompany.recruitee.com https://gateway.beursspel.nl/api/underlyings; frame-src 'self' *.cookiebot.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com; 1
frame-ancestors 'self' *.smartschool.co.il; 1
default-src 'self'; child-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self';  frame-src 'self' https://www.google.com  https://maps.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com ;  1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https:; font-src 'self' https: https://cdn.basisonline.nl https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'self'; script-src 'self' https://cdn.basisonline.nl https: blob: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdn.basisonline.nl https: 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' https://netdna.bootstrapcdn.com; connect-src 'self' wss://dashboard.secondego.com https://dashboard.secondego.com https://www.promet.si https://gis.dars.si https://*.realis.si https://*.dars.si https://www.google-analytics.com https://region1.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com https://dashboard.secondego.com https://*.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://netdna.bootstrapcdn.com; img-src 'self' data: blob: https://meteo.arso.gov.si https://www.promet.si https://promet-dars.geoprostor.net https://dashboard.secondego.com https://vreme.arso.gov.si https://kamere.dars.si https://www.drsc.si https://www.ktn.gv.at https://smartview3.at https://webcams2.asfinag.at https://webcamsservice.asfinag.at https://api.hak.hr https://*.sledenje.com https://gis.dars.si https://secure.gravatar.com https://i2.wp.com https://cdn.whatsupcams.com https://www.hak.hr; worker-src 'self' blob:; frame-src 'self' https://www.youtube.com; object-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tooting.ch; img-src 'self' https: data: blob: https://tooting.ch; style-src 'self' https://tooting.ch 'nonce-J2YOgNII1tIGWIGlyEvFpw=='; media-src 'self' https: data: https://tooting.ch; frame-src 'self' https:; manifest-src 'self' https://tooting.ch; form-action 'self'; child-src 'self' blob: https://tooting.ch; worker-src 'self' blob: https://tooting.ch; connect-src 'self' data: blob: https://tooting.ch https://tooting.ch wss://tooting.ch; script-src 'self' https://tooting.ch 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.youtube.com dk91kmsnfr6kg.cloudfront.net *.fugle.tw:* call.chatra.io apis.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net d.line-scdn.net www.google-analytics.com graph.facebook.com connect.facebook.net cdn.polyfill.io/v2/polyfill.min.js https://hcaptcha.com https://*.hcaptcha.com js.tappaysdk.com/tpdirect/v5.7.0 https://challenges.cloudflare.com; font-src 'self' data: dk91kmsnfr6kg.cloudfront.net fonts.gstatic.com; connect-src 'self' dk91kmsnfr6kg.cloudfront.net wss://*.fugle.tw:* *.fugle.tw:* https://analytics.google.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: blob: yt3.ggpht.com dk91kmsnfr6kg.cloudfront.net fugle-web.s3.ap-northeast-1.amazonaws.com *.fugle.tw:* www.facebook.com platform-lookaside.fbsbx.com lookaside.facebook.com profile.line-scdn.net scontent.xx.fbcdn.net www.google.com/ads/ www.google.com/pagead/ www.google.com.tw/pagead/ www.google.com.tw/ads/ www.google-analytics.com googleads.g.doubleclick.net graph.facebook.com fbcdn-profile-a.akamaihd.net *.googleusercontent.com csi.gstatic.com s3-ap-northeast-1.amazonaws.com i.imgur.com www.wearn.com *.medium.com i.ytimg.com; style-src 'self' 'unsafe-inline' dk91kmsnfr6kg.cloudfront.net fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; child-src chat.chatra.io content.googleapis.com social-plugins.line.me s-static.ak.facebook.com staticxx.facebook.com www.youtube.com accounts.google.com static.ak.facebook.com www.facebook.com *.fugle.tw *.esunsec.com.tw https://hcaptcha.com https://*.hcaptcha.com https://js.tappaysdk.com/ https://fraud.tappaysdk.com/ https://td.doubleclick.net/ https://challenges.cloudflare.com; media-src 'self'; frame-ancestors 'self' *.fugle.tw *.esunsec.com.tw; base-uri 'none'; object-src 'none'; form-action 'self' www.facebook.com/tr/; manifest-src 'self'; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-A4d+YbjSU8hBGb9OKP2Xtg=='  'sha256-5yLEE/jUF5eoOefsINotD+tXeklSYMKlhm5Zl+biNrg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com 1
img-src 'self' *.foodwatch.org googleads.g.doubleclick.net www.google.com www.google.de *.fundraisingbox.com *.ytimg.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.foodwatch.org *.foodwatch.nl www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.procurios.site *.youtube.com https://www.youtube.com blob:; frame-src 'self' *.foodwatch.org *.foodwatch.nl *.google.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.procurios.site *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' *.foodwatch.org *.foodwatch.nl *.fundraisingbox.com *.eventjet.at *.klantsite.net *.procurios.site data: blob:; font-src 'self'; style-src 'self' 'unsafe-inline'; worker-src blob:; form-action 'self'; object-src 'none'; frame-ancestors 'self' localhost *.foodwatch.org; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kde.social; img-src 'self' https: data: blob: https://kde.social; style-src 'self' https://kde.social 'nonce-Jhd/gDHQNPXvCM5z60zr9A=='; media-src 'self' https: data: https://kde.social; frame-src 'self' https:; manifest-src 'self' https://kde.social; form-action 'self'; child-src 'self' blob: https://kde.social; worker-src 'self' blob: https://kde.social; connect-src 'self' data: blob: https://kde.social https://cdn.masto.host wss://kde.social; script-src 'self' https://kde.social 'wasm-unsafe-eval' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-8f197e842ab722daa06060f58f0d37cb'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src  * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' clubactie.nl *.clubactie.nl; 1
frame-ancestors https://hub.chord.co https://*.hub-frontend.pages.dev 1
upgrade-insecure-requests; block-all-mixed-content; default-src https://disqus.com/next/config.js https://c.disquscdn.com; connect-src 'self' https://www.swearnet.com/rum https://graph.facebook.com https://www.paypal.com https://m.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://ga2.getresponse.com https://licensing.bitmovin.com https://cdn.vidyard.com https://analytics-ingress-global.bitmovin.com; font-src 'self' data: https://bubbles.swearnet.com https://facets.swearnet.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://js.stripe.com https://play.vidyard.com https://disqus.com https://checkout.stripe.com https://www.paypal.com https://www.recaptcha.net https://www.paypalobjects.com https://www.youtube.com; img-src 'self' data: https://bubbles.swearnet.com https://facets.swearnet.com https://video.swearnet.com https://dz9aqlfbnvif7.cloudfront.net https://d1sihevztxsnme.cloudfront.net https://d1s7ms3jh28zet.cloudfront.net https://uploads.disquscdn.com https://referrer.disqus.com https://c.disquscdn.com https://secure.gravatar.com https://q.stripe.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://*.paypal.com; manifest-src 'self' https://bubbles.swearnet.com https://facets.swearnet.com; media-src 'self' blob: https://cdn.vidyard.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bubbles.swearnet.com https://facets.swearnet.com https://js.stripe.com/v3/* https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://play.vidyard.com https://swearnet.disqus.com https://c.disquscdn.com https://disqus.com https://checkout.stripe.com https://js.stripe.com https://static.cloudflareinsights.com https://www.recaptcha.net https://www.gstatic.com https://www.paypal.com https://ga.getresponse.com https://us-an.gr-cdn.com https://cdn.bitmovin.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://bubbles.swearnet.com https://facets.swearnet.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.bitmovin.com; worker-src 'self' blob:; base-uri 'none'; form-action 'self' https://checkout.stripe.com https://billing.stripe.com https://www.facebook.com https://www.paypal.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_x9O8GXziFmnEgRgaibE74qh6AAIzgb2ixczG&report_only=true&env=sworn&context[user_id]= 1
X-Content-Type-Options: nosniff 1
script-src partner.googleadservices.com adservice.google.com data: pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com connect.facebook.net translate.googleapis.com  translate.google.com static.elfsight.com apps.elfsight.com js.hs-banner.com cdn.tiny.cloud js.hs-analytics.net js.hscollectedforms.net  js.usemessages.com js.hs-scripts.com www.janglo.net  adservice.google.co.il cdn.ampproject.org www.googletagservices.com securepubads.g.doubleclick.net *.doubleclick.net www.googletagmanager.com  www.googletagmanager.co.il  www.google-analytics.com ajax.cloudflare.com *.fontawesome.com 'nonce-gcrMjKn4LkVUOuPI' 'self'; default-src  googleads.g.doubleclick.net cdn.tiny.cloud adservice.google.co.il www.janglo.net tpc.googlesyndication.com 'self'; style-src translate.googleapis.com cdn.tiny.cloud  'self' fonts.googleapis.com *.fontawesome.com 'unsafe-inline' www.janglo.net; img-src storage.googleapis.com pagead2.googlesyndication.com www.facebook.com files.elfsight.com www.google.co.il www.google.com i.ytimg.com www.google.co.il/ads www.google.com/ads forms.hsforms.com track.hubspot.com  stats.g.doubleclick.net www.google.com/ads* www.googletagmanager.com  www.googletagmanager.co.il www.google-analytics.com cdn.tiny.cloud  images.janglo.net youtu.be *.youtube.com mdbootstrap.com 'self' www.janglo.net *.janglo.net janglo.net data:; media-src www.facebook.com 'self' archive.org *.youtube.com *.youtube-nocookie.com dailymotion.com; object-src  cdn.tiny.cloud  'self' archive.org *.googlevideo.com *.ytimg.com *.youtube.com  *.janglo.net *.youtube-nocookie.com  dailymotion.com; worker-src 'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com; font-src  cdn.tiny.cloud  *.fontawesome.com fonts.gstatic.com 'self' data: www.janglo.net fonts.googleapis.com;  frame-src * tpc.googlesyndication.com 'self' www.googletagmanager.com www.googletagmanager.co.il *.doubleclick.net archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com www.google-analytics.com  drive.google.com; connect-src apps.elfsight.com storage.elfsight.com www.google-analytics.com www.google-analytics.co.il stats.g.doubleclick.net api.github.com api.hubspot.com forms.hubspot.com csi.gstatic.com securepubads.g.doubleclick.net *.googlesyndication.com 'self'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hsforms.net translate.googleapis.com frcostaging.wpengine.com www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-ODU4ZDU0YWMyNjA4MzRhNw==' 'nonce-MTM4NTRkNjllNDkwMGY3Ng==' 'nonce-OWYwMzhiYmFjMjg4OWFmMQ==' 'nonce-ODk1N2RmYzA4NDBmZGY5OA==' 'nonce-MTk4OWJhZTZmZTI3MGQzYw==' 'nonce-ZTRjNjU4Y2JlNjFmZDZiNQ==' 'nonce-NjgwNjdkMGUwMjFhMzU4OQ==' 'nonce-Yjc2ZDJkNGY0YTkzMTVmNg==' 'nonce-MzgxY2Q4NjQ3ZjkxZTFkYw==' 1
default-src 'self' 'nonce-+G0aA1DdtVMFITsSfyiqJ2VF' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; img-src 'self' data: blob: *; font-src 'self' data:; base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-+G0aA1DdtVMFITsSfyiqJ2VF' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; style-src 'self' 'unsafe-inline' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-+G0aA1DdtVMFITsSfyiqJ2VF' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-DQkto1YLMojQMpngbn54aQkn4NeSKZVG732Kkk0EDrM=' 'sha256-idFLoxeUxvvEelYRkHv+ecCM1NFDFNjInf1IVOZVrQE=' 'sha256-sA0hymKbXmMTpnYi15KmDw4u6uRdLXqHyoYIaORFtjU=' 'sha256-JxGePvcXojgw6oyM7DjecYGHHYJ+cjx44JPnL40VRP8=' 'sha256-NZLQvdTTZtrktFDkzPeufcUBlW9EwQVrDp/YV7nMphM=' https://*.joesecurity.org wss://*.joesecurity.org:* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ wss://www.joesandbox.com:* https://*.getresponse.com https://*.gr-cdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com wss://*.google-analytics.com wss://*.analytics.google.com; frame-ancestors 'self'; report-uri /reports 1
frame-ancestors 'self' https://my.ultra-rouge.com/ 1
img-src 'self' https://ssl.google-analytics.com https://www.google.com https://www.google.com.tr https://i.ytimg.com; 1
default-src 'self' https://api-engage-ap.sitecorecloud.io https://www.google-analytics.com https://maps.googleapis.com ; frame-src https://www.google.com https://youtube.com https://www.youtube.com https://www.facebook.com https://video.vietcombank.com.vn; font-src 'self' data: https://fonts.gstatic.com ; img-src * data:; media-src * data:;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://api-engage-ap.sitecorecloud.io https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com  https://fburl.com https://static.xx.fbcdn.net https://socialplugin.facebook.net ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://api-engage-ap.sitecorecloud.io https://www.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com https://fburl.com https://static.xx.fbcdn.net https://socialplugin.facebook.net 1
default-src 'self' data: gap: content: blob: ws: wss: xuntong: v9bridge: cloudhub: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: blob: *; frame-ancestors 'self' *.ik3cloud.com *.kdcloud.com *.kingdee.com *.yunzhijia.com *.piaozone.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com 'self' data: *.userway.org maxcdn.bootstrapcdn.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.ebay.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.paypalobjects.com secure.livechatinc.com *.facebook.com *.duosecurity.com *.echosign.com *.paycomonline.net *.userway.org magento-cloudflare.jetrails.com *.tawk.to www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com *.paypalobjects.com *.cloudflare.com *.adsymptotic.com *.cloudfront.net *.facebook.com *.google-analytics.com *.doubleclick.net *.demdex.net *.omtrdc.net *.userway.org *.ccdc02.com *.ytimg.com *.google.com *.vimeo.com *.bootstrapcdn.com *.livechatinc.com *.facebook.net *.googleadservices.com *.amazonaws.com *.lr-ingest.io *.googleapis.com *.gstatic.com *.p65warnings.ca.gov *.bolt.com *.cdn.imgeng.in *.franksgreatoutdoors.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.searchspring.net *.searchspring.io *.tawk.to cdn.jsdelivr.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.searchspring.net *.adsymptotic.com *.cloudflareinsights.com *.googletagmanager.com *.demdex.net *.omtrdc.net *.userway.org *.google-analytics.com *.ccdc02.com *.ytimg.com *.google.com *.vimeo.com *.bootstrapcdn.com *.livechatinc.com *.cloudflare.com *.facebook.net *.facebook.com *.googleadservices.com *.cloudfront.net *.amazonaws.com *.lr-ingest.io *.googleapis.com *.gstatic.com chimpstatic.com *.doubleclick.net *.shopgate.com 'self' data: widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.searchspring.io https://cdn.searchspring.net/intellisuggest/is.min.js *.tawk.to cdn.jsdelivr.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.bootstrapcdn.com *.facebook.net *.searchspring.net *.adsymptotic.com *.userway.org widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.searchspring.io *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.paypalobjects.com *.searchspring.io *.adsymptotic.com *.google-analytics.com *.doubleclick.net *.demdex.net *.omtrdc.net *.userway.org *.ccdc02.com *.ytimg.com *.vimeo.com *.youtube.com *.bootstrapcdn.com *.livechatinc.com *.cloudflare.com *.facebook.net *.facebook.com *.googleadservices.com *.cloudfront.net *.amazonaws.com *.lr-ingest.io *.googleapis.com *.gstatic.com api.openreplay.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.searchspring.net https://beacon.searchspring.io/beacon *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com static.moliri.dk *.azure.com *.google-analytics.com *.doubleclick.net data: www.gstatic.com statservicefunctions.azurewebsites.net hearingportalfilestorage.blob.core.windows.net cookiecontrol.bleau.dk *.devtunnels.ms api-eu1.cludo.com *.aalborg.dk *.aalborgkommune.dk *.presscloud.com Apps.aalborgkommune.dk *.chatbot.dendigitalehotline.dk *.thermit.dk services.datafordeler.dk *.cludo.com api.dataforsyningen.dk *.monsido.com dawa.aws.dk ;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdhsign.dk cdnjs.cloudflare.com unpkg.com static.moliri.dk customer.cludo.com *.gstatic.com npmcdn.com *.aalborg.dk *.aalborgkommune.dk *.presscloud.com Apps.aalborgkommune.dk chatbot.dendigitalehotline.dk *.thermit.dk services.datafordeler.dk *.monsido.com;script-src 'self' 'unsafe-inline' *.moliri.dk *.bleau.dk *.cludo.com *.gstatic.com *.monsido.com moliricdn.azurewebsites.net *.azure.com cdn.jsdelivr.net cookiecontrol.bleau.dk *.devtunnels.ms  *.aalborg.dk *.aalborgkommune.dk *.presscloud.com Apps.aalborgkommune.dk *.thermit.dk services.datafordeler.dk *.cludo.com api.dataforsyningen.dk 'unsafe-eval' *.monsido.com cdhsign.dk;frame-ancestors https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com https://dreambroker.com https://presscloud.com https://aalborgkommunenews.presscloud.com https://live.video-stream.dk https://js.kortinfo.net/ https://www.synchronicer.dk https://www.cpsms.dk/ https://chatbot.dendigitalehotline.dk *.monsido.com 'self' www.aalborg.dk https://app.powerbi.com https://my.matterport.com;frame-src https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com https://dreambroker.com https://presscloud.com https://aalborgkommunenews.presscloud.com https://live.video-stream.dk https://js.kortinfo.net/ https://www.synchronicer.dk https://www.cpsms.dk/ https://chatbot.dendigitalehotline.dk *.monsido.com 'self' www.aalborg.dk https://app.powerbi.com https://my.matterport.com;img-src 'self'  data: hearingportalfilestorage.blob.core.windows.net cdhsign.dk *.cludo.com static.moliri.dk *.monsido.com *.devtunnels.ms moliri.dk aalborg.emply.com *.aalborg.dk *.aalborgkommune.dk *.presscloud.com Apps.aalborgkommune.dk chatbot.dendigitalehotline.dk *.thermit.dk services.datafordeler.dk app-moliripublic-aalborgkommune-prod-002.azurewebsites.net *.monsido.com;media-src 'self' dreambroker.com youtube.com vimeo.com molirivideostorage.blob.core.windows.net cdhsign.dk delivery.twentythree.com cdn.skyfish.com *.cloudfront.net *.devtunnels.ms aalborg.emply.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ajax.cloudflare.com https://www.googleadservices.com/pagead/conversion_async.js maps.google.com maps.googleapis.com https://www.gstatic.com/recaptcha/ https://key-cdn.printfriendly.com/api/v3/ https://s.yimg.com/wi/ytc.js https://cdn.printfriendly.com/printfriendly.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://bs.serving-sys.com/Serving https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://npmcdn.com/tether@1.2.4/dist/js/tether.min.js https://sp.analytics.yahoo.com/sp.pl https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://www.facebook.com https://maps.gstatic.com https://maps.google.com https://www.google.com https://www.google.com.pk https://www.google-analytics.com/collect https://i.ytimg.com https://www.googletagmanager.com https://cdn.printfriendly.com https://secure.gravatar.com https://maps.googleapis.com data:; media-src 'self'; frame-src 'self' https://www.facebook.com https://www.google.com http://www.youtube.com https://*.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://s.yimg.com https://secure-ds.serving-sys.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://maps.googleapis.com 1
default-src 'self'; frame-ancestors 'self' lpexchange.org ceclution.org *.lpexchange.org *.ceclution.org lpmarketplacedev.b2clogin.com uatb2ccatalystcorp.b2clogin.com b2ccatalystcorp.b2clogin.com *.salesforce-experience.com catalystcorp--dev.sandbox.my.site.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com cdn.bootstrapcdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com uh.nakanohito.jp seal.websecurity.norton.com yubinbango.github.io en-gage.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src *; connect-src 'self' www.google-analytics.com uh0.nakanohito.jp; frame-src en-gage.net 1
frame-ancestors 'self' https://*.sv.loc; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; media-src *; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com http://translate.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.userway.org/ https://cdn.jsdelivr.net https://accessibilityserver.org https://*.customerpulse.gov.ae *.algolia.net *.algolianet.com; img-src * data:; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://*.emiratespost.ae https://*.epservices.ae https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.userway.org https://*.customerpulse.gov.ae *.algolia.net *.algolianet.com www.emiratespost.ae www-new.emiratespost.ae masters.epservices.ae; frame-src https://*.vimeo.com https://*.youtube.com https://*.userway.org/ https://*.google.com; 1
child-src  www.paypalobjects.com blob: data:; connect-src  kvbwholesale.cv3admin.com *.listrakbi.com *.listrak.com *.google.com *.google-analytics.com *.powerreviews.com *.doubleclick.net *.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ src.apis.discover.com *.searchspring.io *.pingdom.net events.attentivemobile.com *.acsbapp.com *.clarity.ms inbound-analytics.pixlee.com dutchbulbs.attn.tv *.criteo.com geoip-js.com bcp.crwdcntrl.net *.sharethis.com *.crazyegg.com s.yimg.com gardensalive.force.com www.dutchbulbs.com www.facebook.com content.discovercard.com maps.googleapis.com *.hotjar.com *.clarity.ms *.hotjar.io  photos.pixlee.co api.cloudinary.com gaorder.gardensalive.com gardensalive.my.site.com *.bizrate.com *.omnichannelengagementhub.com online.flippingbook.com fbo-b.flippingbook.com; default-src  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  kvbwholesale.cv3admin.com h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.dutchbulbs.com kvbwholesale.cv3admin.com *.salesforce.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com src.mastercard.com srcdcf.americanexpress.com *.pinterest.com secure.checkout.visa.com *.sharethis.com photos.pixlee.co *.criteo.com *.criteo.net creatives.attn.tv service.force.com content.discovercard.com h.online-metrix.net vars.hotjar.com tpc.googlesyndication.com catalog.dutchbulbs.com thm.visa.com www.googletagmanager.com web.powerva.microsoft.com optimize.google.com *.azureedge.net online.flippingbook.com; frame-ancestors  ; img-src  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com *.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net *.bing.com *.paypal.com *.facebook.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ kvbwholesale.cv3admin.com *.criteo.com h2.commercev3.net s3.amazonaws.com *.powerreviews.com assets.pixlee.com *.searchspring.io ups.analytics.yahoo.com ads.stickyadstv.com medals.bizrate.com seal-cincinnati.bbb.org d3cgm8py10hi0z.cloudfront.net c.clarity.ms gum.criteo.com partner.mediawallahscript.com contextual.media.net sync.outbrain.com exchange.mediavine.com sync.sharethis.com pixel.rubiconproject.com simage2.pubmatic.com ad.360yield.com r.casalemedia.com jadserve.postrelease.com ib.adnxs.com x.bidswitch.net idsync.rlcdn.com trends.revcontent.com s.ad.smaato.net sync-criteo.ads.yieldmo.com ad.tpmn.co.kr ade.clmbtech.com tapestry.tapad.com i.liadm.com tg.socdm.com visitor.omnitagjs.com matching.ivitrack.com criteo-sync.teads.tv match.sharethrough.com eb2.3lift.com sync-t1.taboola.com rtb-csync.smartadserver.com criteo-partners.tremorhub.com *.acsbapp.com *.criteo.com res.cloudinary.com www.dutchbulbs.com sp.analytics.yahoo.com *.gstatic.com *.sharethis.com content.discovercard.com cm.adform.net id5-sync.com ad.yieldlab.net *.online-metrix.net events.attentivemobile.com www.google.co.in www.facebook.com www.pages08.net *.bizrate.com *.searchspring.net online.flippingbook.com *.cloudfront.net; script-src  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.powerreviews.com *.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com *.googleapis.com *.doubleclick.net *.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ *.google.com webapp.src.discover.com www.aexp-static.com src.mastercard.com secure.checkout.visa.com *.searchspring.net *.criteo.com cdn.attn.tv acsbapp.com kvbwholesale.cv3admin.com api.universalcookie.com ajax.aspnetcdn.com medals.bizrate.com js.maxmind.com seal-cincinnati.bbb.org assets.secure.checkout.visa.com *.pingdom.net *.clarity.ms assets.pixlee.com assets.pxlecdn.com *.sharethis.com www.googleoptimize.com dnn506yrbagrg.cloudfront.net service.force.com *.crazyegg.com *.salesforceliveagent.com s.yimg.com www.dutchbulbs.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com content.discovercard.com *.online-metrix.net garecommend.gardensalive.com *.hotjar.com *.crazyegg.com tpc.googlesyndication.com view.publitas.com mpsnare.iesnare.com *.salesforceliveagent.com www.sc.pages08.net gardensalive.my.site.com optimize.google.com google-analytics.com *.bizrate.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net online.flippingbook.com *.cloudfront.net; script-src-elem  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.powerreviews.com *.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com *.googleapis.com *.doubleclick.net *.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ *.google.com webapp.src.discover.com www.aexp-static.com src.mastercard.com secure.checkout.visa.com *.searchspring.net *.criteo.com cdn.attn.tv acsbapp.com kvbwholesale.cv3admin.com api.universalcookie.com ajax.aspnetcdn.com medals.bizrate.com js.maxmind.com seal-cincinnati.bbb.org assets.secure.checkout.visa.com *.pingdom.net *.clarity.ms assets.pixlee.com assets.pxlecdn.com *.sharethis.com www.googleoptimize.com dnn506yrbagrg.cloudfront.net service.force.com *.crazyegg.com *.salesforceliveagent.com s.yimg.com www.dutchbulbs.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com content.discovercard.com *.online-metrix.net garecommend.gardensalive.com *.hotjar.com *.crazyegg.com tpc.googlesyndication.com view.publitas.com mpsnare.iesnare.com *.salesforceliveagent.com www.sc.pages08.net gardensalive.my.site.com optimize.google.com google-analytics.com *.bizrate.com cdnjs.cloudflare.com *.searchspring.io s3.amazonaws.com *.cnnx.link *.azureedge.net online.flippingbook.com *.cloudfront.net; style-src  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.searchspring.net kvbwholesale.cv3admin.com ws.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com optimize.google.com *.bizrate.com s3.amazonaws.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.searchspring.net kvbwholesale.cv3admin.com ws.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com optimize.google.com *.bizrate.com s3.amazonaws.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  kvbwholesale.cv3admin.com h2.commercev3.net/cdn0.dutchbulbs.com/ cdn0.dutchbulbs.com www.bing.com *.acsbapp.com data:; 1
frame-ancestors 'self' https://www.chasepaymentechhostedpay.com/ https://www.chasepaymentechhostedpay-var.com; 1
default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; 1
default-src 'unsafe-eval' 'unsafe-inline'; connect-src 'self' www.bullshooterlive.com; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com google.com 1
frame-ancestors https://gx-corner.opera.com https://gxcorner.games https://m.gxcorner.games https://m.gx-corner.opera.com https://v.gx.games; 1
frame-ancestors 'self' https://beta.coinigy.com https://app.coinigy.com 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livebazoocam.com:9080 www.livebazoocam.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livebazoocam.com wss://www.livebazoocam.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705976337 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZmE3YTc4YjFjMGJkNDA1YWEwMDVmYjkzNTJmZWUwYWM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.wodc.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.wodc.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.wodc.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
connect-src 'self' blob: *.webenv.pl *.google-analytics.com api.hubapi.com api.hubspot.com vc.hotjar.io in.hotjar.com *.hotjar.com js.hsforms.net *.googleapis.com wss://*.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com stats.g.doubleclick.net *.facebook.com analytics.google.com api.ipgeolocation.io *.hsforms.com *.hsforms.net monitor.clickcease.com *.bugsnag.com forms.hubspot.com static.hsappstatic.net www.googleadservices.com *.piwik.pro *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.google.com *.google.pl *.doubleclick.net *.clickagy.com *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com *.oribi.io *.hotjar.com content.hotjar.io metrics.hotjar.io pagead2.googlesyndication.com px.ads.linkedin.com in.requestmetrics.com/; default-src 'self' https://www.future-processing.pl/o-nas/; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.piwik.pro *.webenv.pl *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.google.com *.google.pl *.doubleclick.net *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; frame-src 'self' *.webenv.pl vars.hotjar.com *.facebook.com cdn.jsdelivr.net *.youtube.com *.hsform www.googletagmanager.coms.com app.hubspot.com *.piwik.pro forms.hubspot.com *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.google.com *.google.pl *.doubleclick.net *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.hotjar.com forms.hsforms.com www.googletagmanager.com; img-src 'self' data: *.webenv.pl *.gravatar.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com px.ads.linkedin.com t.co track.hubspot.com *.google.com *.google.pl *.linkedin.com *.gstatic.com *.hubspot.com match.prod.bidr.io i.ytimg.com forms.hsforms.com www.googletagmanager.com *.piwik.pro *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.doubleclick.net analytics.twitter.com *.clickagy.com *.rlcdn.com *.bluekai.com pixel-sync.sitescout.com *.agkn.com dpm.demdex.net sync.crwdcntrl.net us-u.openx.net *.hsforms.com *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.innocraft.cloud/matomo.php *.future-processing.com/blog/wp-content/ www.future-processing.com/case-studies/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.webenv.pl *.googletagmanager.com sjs.bizographics.com *.clickcease.com static.ads-twitter.com js.hs-scripts.com *.youtube.com connect.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.googleadservices.com cdnjs.cloudflare.com js.hsadspixel.net js.hs-analytics.net s.ytimg.com analytics.twitter.com static.hotjar.com script.hotjar.com snap.licdn.com *.future-processing.com *.google.com *.cdn.jsdelivr.net cdn.jsdelivr.net api.ipgeolocation.io *.hsforms.com *.hubapi.com *.hsforms.net *.googleapis.com js.hs-banner.com https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js js.hscollectedforms.net js.usemessages.com static.hsappstatic.net *.googleadservices.com *.piwik.pro *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.google.pl *.doubleclick.net tags.clickagy.com *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.hotjar.com cdn.requestmetrics.com; style-src 'self' 'unsafe-inline' *.webenv.pl tagmanager.google.com fonts.googleapis.com *.piwik.pro nonce-MVVRSyUEuEWTipFy *.googletagmanager.com *.hsleadflows.net *.googleadservices.com *.google.com *.google.pl *.doubleclick.net *.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com www.future-processing.com/; worker-src 'self' blob: *.webenv.pl *.youtube.com *.visualwebsiteoptimizer.com *.hotjar.com; frame-ancestors 'self' app.hubspot.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com https://mc.yandex.ru https://mc.yandex.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://mc.yandex.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://mpi.gov.tm; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri /csp-report; worker-src 'none'; prefetch-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.honeybadger.io *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com cdn.exceedlms.com *.s.pinimg.com *.pinimg.com *.ct.pinterest.com *.pinterest.com *.connect.facebook.net *.pinterestacademy.com; img-src * data: blob:; media-src * blob: mediastream:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googleusercontent.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com *.s.pinimg.com *.pinimg.com *.ct.pinterest.com *.pinterest.com *.connect.facebook.net *.pinterestacademy.com; 1
default-src 'none' ; frame-ancestors 'self'; frame-src 'self' https: 'unsafe-inline'; connect-src https: data: 'self'; font-src 'self' d3e85ikkjrhqme.cloudfront.net *.typekit.net fonts.gstatic.com *.juicer.io; object-src 'self'; img-src 'self' data: *.facebook.com *.google.com *.google.ie *.google.je *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.cookiescan.com *.juicer.io juicer.io; media-src 'self' data: *.juicer.io juicer.io; style-src 'unsafe-inline' https: *.typekit.net d3e85ikkjrhqme.cloudfront.net 'self' ;form-action 'self' https: ; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.juicer.io googleads.g.doubleclick.net *.google.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.vimeo.com *.youtube.com *.googleapis.com connect.facebook.net *.cookiescan.com cookiescan.azureedge.net 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to https://fonts.googleapis.com; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-mLXJH3JPWszQUc9yfmV8dQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1
frame-ancestors 'self' demoapi.edplace.com *.wistia.com wistia.com *.teachingpersonnel.com *.protocol-education.com *.fleet-tutors.co.uk *.agilecollab.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' ibanking-services.com *.ibanking-services.com ondemand.eoriginal.com; 1
frame-ancestors 'self' https://help.bikester.fr https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: adidas.kz:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'none'; media-src blob: 'self' *.streamlock.net:44; img-src 'self' https: www.googleadservices.com https://ssl.gstatic.com https://cm.g.doubleclick.net https://um.simpli.fi https://www.grayson.edu https://grayson.edu *.siteimproveanalytics.io https://www.facebook.com google.com https://www.google.com https://www.googleapis.com *.google.com googletagmanager.com; font-src 'self' https://grayson.edu https://www.grayson.edu data: *.fontawesome.com fontawesome.com https://fonts.gstatic.com https://use.typekit.net;   script-src 'self' *.grayson.edu 'unsafe-eval' https://www.gstatic.com 'sha256-Q0SgfFrYvrGK5sYZgVIUth9k+1imwxp9mAO07vkkV6A=' 'sha256-5G4MDpvIlL2NdEmc2gYtjSwAjmYC27Qt9NNe01IiCCQ=' 'sha256-QyHZdNFKfbz9dbpRjiVnpHUnv2dU5cjEamPjzv8+hEY=' 'sha256-rdmoUvW5MVZD7lRfUGe+vl1rwuOalZAVz3nUZGR/OIU=' 'sha256-zBEJ/6eM8Paq5I6YfqbXFfeoV8INndBDOQpnQ1RsXqs=' *.brownrice.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.googleadservices.com 'sha256-O/zTpuSWUZpm1ZhWJI6B4W7oPlxJoXutOZHa7kHH2Sk=' https://www.google-analytics.com https://www.googletagmanager.com code.jquery.com *.fontawesome.com fontawesome.com google.com https://www.google.com termly.io *.termly.io https://fonts.googleapis.com https://i.simpli.fi https://cdnjs.cloudflare.com 'sha256-ZEJtZqIWhnX9HCm0KdRanhRU+bHvkufzXiZ44/BKeyQ=' 'sha256-zspvqygd5VLWe3gdeb4w3dHUuJbyK5+iTeeuoA9rxXM=' 'sha256-LXFgKPK11Crz266O19Njl0UzQNIKHzfJ13bj8LucUQ0=' 'sha256-nP0EI9B9ad8IoFUti2q7EQBabcE5MS5v0nkvRfUbYnM=' 'sha256-R2ShFopcwY8MLrIvZArev8n18Gk2thhMCQuJyb0y2L8=' 'sha256-8/EYqXC5wZfo67qWNfi58RJ0zLYFQRIXWOJdbcagteA=' 'sha256-sJ2fqzJ2OTVE0jwCO/r6sju+8E4qzZzyBUwoibr8sKI=' 'sha256-MQO+yOdo97VgeOugkrGJtydmGzhPPyOaMDrOFmJhvYY=' 'sha256-AHjIJAH3a3uqxaIPQaG6037autc6hnmaKvfqD9BAxak=' 'sha256-XJf6hvhxCavkb0EOlyAgPEtx4Rfh9IpKKzo9fwPWmxU=' 'sha256-6iCPrVwfLrY9UtcwFNi17m+f210JhSrFr+phwHJ/0FU=' https://siteimproveanalytics.com https://cse.google.com *.facebook.net https://ssl.spectate.com https://*.spectate.com; connect-src 'self' https://5ddd47d64e730.streamlock.net:444 https://www.google-analytics.com *.fontawesome.com fontawesome.com https://app.termly.io *.withgoogle.com *.doubleclick.net; style-src 'self' googletagmanager.com *.brownrice.com https://www.grayson.edu 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com https://fonts.googleapis.com https://use.typekit.net *.typekit.net https://www.google.com https://www.facebook.com https://stats.g.doubleclick.net;   worker-src 'self' blob:; frame-ancestors 'none';  frame-src *.concept3d.com https://app.termly.io/ https://e.issuu.com https://my.spectate.com https://cse.google.com https://www.facebook.com https://www.youtube.com *.office.com *.microsoftstream.com gc.com *.brownrice.com *.smartsheet.com *.google.com; base-uri 'none'; form-action 'self' https://www.facebook.com 1
default-src 'self'; connect-src 'self' bat.bing.com *.google-analytics.com *.doubleclick.net *.g.doubleclick.net public.pandosearch.com *.mouseflow.com *.analytics.google.com adservice.google.com www.google.com www.googletagmanager.com www.facebook.com *.googlesyndication.com; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com cdn.mouseflow.com; frame-src 'self' bat.bing.com www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.g.doubleclick.net www.youtube-nocookie.com player.vimeo.com optimize.google.com mozbar.moz.com facebook.com tpc.googlesyndication.com www.google.nl www.google.co.uk www.google.be www.google.de www.google.fr www.google.com www.google.es www.google.com.tr www.google.it www.google.se www.google.ch www.google.ae www.google.no www.google.at www.google.lu www.facebook.com; img-src 'self' data: bat.bing.com www.googletagmanager.com *.googletagmanager.com www.gstatic.com *.gstatic.com www.google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.googlesyndication.com *.vimeocdn.com *.ytimg.com www.google.nl www.google.co.uk www.google.be www.google.de www.google.fr www.google.com www.google.es www.google.com.tr www.google.it www.google.se www.google.ch www.google.ae www.google.no www.google.at www.google.lu www.google.com.ua fonts.gstatic.com www.facebook.com facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.g.doubleclick.net public.pandosearch.com optimize.google.com connect.facebook.net cdn.mouseflow.com tpc.googlesyndication.com bat.bing.com www.google.nl www.google.co.uk www.google.be www.google.de www.google.fr www.google.com www.google.es www.google.com.tr www.google.it www.google.se www.google.ch www.google.ae www.google.no www.google.at www.google.com.ua www.google.lu https://www.google.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.g.doubleclick.net public.pandosearch.com optimize.google.com connect.facebook.net cdn.mouseflow.com tpc.googlesyndication.com bat.bing.com www.google.nl www.google.co.uk www.google.be www.google.de www.google.fr www.google.com www.google.es www.google.com.tr www.google.it www.google.se www.google.ch www.google.ae www.google.no www.google.at www.google.com.ua www.google.lu www.promovendum.nl https://www.google.com; style-src 'self' 'unsafe-inline' bat.bing.com www.googletagmanager.com googletagmanager.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' www.googletagmanager.com googletagmanager.com google.com fonts.googleapis.com cdn.mouseflow.com; frame-ancestors 'self'; report-uri https://www.promovendum.nl/report-uri/enforce 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' data: blob: *.usercentrics.eu *.amazonaws.com *.slidesync.com slidesync.com *.highcharts.com *.prosiebensat1.com *.euroland.com *.eurolandir.com *.online-report.eu walls.io *.walls.io google.com *.google.com *.promeas.com *.p7s1video.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.slidesync.com walls.io *.walls.io *.usercentrics.eu *.tiqcdn.com *.googletagmanager.com *.tealiumiq.com *.google-analytics.com *.promeas.com *.euroland.com *.p7s1video.net *.prosiebensat1.com; connect-src 'self' prosiebensat1.com *.prosiebensat1.com *.prosiebensat1.de *.tealiumiq.com *.usercentrics.eu *.google-analytics.com *.promeas.com *.p7s1video.net *.amazonaws.com snap.licdn.com; img-src 'self' data: 'unsafe-inline' *.google-analytics.com *.usercentrics.eu *.promeas.com *.p7s1video.net *.prosiebensat1.com 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'none';img-src 'self' data: *; 1
default-src 'self'; connect-src *; frame-src *; font-src *;img-src about: * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://secure.helpscout.net 1
frame-ancestors 'self' https://manage.moderntiredealer.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://convo.casa; img-src 'self' https: data: blob: https://convo.casa; style-src 'self' https://convo.casa 'nonce-rf2HM9ycGl+3cVUVbWHb9A=='; media-src 'self' https: data: https://convo.casa; frame-src 'self' https:; manifest-src 'self' https://convo.casa; form-action 'self'; child-src 'self' blob: https://convo.casa; worker-src 'self' blob: https://convo.casa; connect-src 'self' data: blob: https://convo.casa https://b.convo.casa wss://s.convo.casa; script-src 'self' https://convo.casa 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fairy.id; img-src 'self' https: data: blob: https://fairy.id; style-src 'self' https://fairy.id 'nonce-nnW9Jjp1tLoJO1qweak+hg=='; media-src 'self' https: data: https://fairy.id; frame-src 'self' https:; manifest-src 'self' https://fairy.id; form-action 'self'; child-src 'self' blob: https://fairy.id; worker-src 'self' blob: https://fairy.id; connect-src 'self' data: blob: https://fairy.id https://fairy.id wss://fairy.id; script-src 'self' https://fairy.id 'wasm-unsafe-eval' 1
frame-ancestors https://www.bloomreach.com https://www.bloomreach.com/ https://stage.br-new.bloomreach.cloud http://localhost:8080 https://br-cms.bloomreach.com https://test.br-new.bloomreach.cloud https://green.br-new.bloomreach.cloud https://blue.br-new.bloomreach.cloud http://bloomreach.lookbookhq.com https://bloomreach.lookbookhq.com http://bloomreach.pathfactory.com https://bloomreach.pathfactory.com http://library.bloomreach.com https://library.bloomreach.com 1
default-src 'self'; script-src 'self' 'nonce-b3JQZzkxc1BlbjVhbDBLck5GUk1pZEh5T3laWnE1NkQ2a1JlSzdEWWI4cz06N0lHWHpnRWtLaWxpM0FQOEFXUU96b3UyVTE0T21kaTFveTBuZmNhQUs1cz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://www.youtube.com https://fonts.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://mc.yandex.ru https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google.ru; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' *.idigitalcontents.com ajax.googleapis.com fonts.googleapis.com *.akamaihd.net use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' https://open.spotify.com players.brightcove.net https://e.infogram.com irpages2.eqs.com vars.hotjar.com staticcontents.investisdigital.com www.google.com www.connectidfeed.com idigitalcontents.com bid.g.doubleclick.net viz.tools.investis.com player.vimeo.com www.youtube.com insight.adsrvr.org d1eoo1tco6rr5e.cloudfront.net irs.tools.investis.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets.investisdigital.com p.typekit.net use.typekit.net multitude.cm.invdcloud-is.co.uk multitude.cd.invdcloud-is.co.uk www.multitude.com *.idigitalcontents.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com; font-src 'self' 'unsafe-inline' data: viz.tools.investis.com fonts.idigitalcontents.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.investisdigital.com ssl.google-analytics.com otp.tools.investis.com connect.facebook.net script.hotjar.com https://e.infogram.com static.hotjar.com www.gstatic.com arg.investis.com arg.tools.investis.com multitude.cm.invdcloud-is.co.uk multitude.cd.invdcloud-is.co.uk www.multitude.com www.google.com googleads.g.doubleclick.net www.googleadservices.com static.ads-twitter.com snap.licdn.com acdn.adnxs.com *.idigitalcontents.com ajax.googleapis.com vjs.zencdn.net players.brightcove.net www.googletagmanager.com use.typekit.net google-analytics.com www.google-analytics.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com; connect-src 'self' region1.google-analytics.com assets.investisdigital.com *.idigitalcontents.com geoid.investisdigital.com cookiemanager.investisdigital.com stats.g.doubleclick.net edge.api.brightcove.com viz.tools.investis.com cdn.linkedin.oribi.io google-analytics.com www.google-analytics.com multitude.cm.invdcloud-is.co.uk connect.facebook.net multitude.cd.invdcloud-is.co.uk www.multitude.com in.hotjar.com vc.hotjar.io; base-uri 'none'; form-action 'self'; 1
script-src 'strict-dynamic' https: 'self' https://policy.app.cookieinformation.com/* *.google-analytics.com/* 'nonce-tsGYsPSjzcPiPEF00Obj4bTFRyShreprnlPlrnW6isI='; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com data:;              style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com  koi-3QNNM3JSYA.marketingautomation.services tag.perfectaudience.com pixel-geo.prfct.co;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com koi-3qnnm3jsya.marketingautomation.services tag.perfectaudience.com pixel-geo.prfct.co d1mxil5lo6vg2v.cloudfront.net *.sentis.ca sc-static.net snap.licdn.com;              img-src * data:;  worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'nonce-VXJhczRkNFYwWDNCVDNhZW50ZlJJbmVXcjBZWWtnNURkNlRPSGlyZmhKOD06Qk83RnRhMWhud3FMQndPdDNhMlRWdzNYelhOVHFtd3VQY0daYUdMcTc5ST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' http://*.previ.com.br https://*.previ.com.br 1
frame-ancestors 'self' echosign.com youtube.com facebook.com theapplicantmanager.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=786ksn1iqu63s&partner=; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src *; media-src * data:; object-src none; frame-src none; child-src none; 1
script-src 'unsafe-eval' 'self' blob: *.convertlanguage.com *.bcbsnm.com *.walkme.com *.jquery.com  *.brightcove.com *.tvsquared.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-fa6IhOXuT1sFDBEux0qFqpXFUwCzHXKUpMweVwvDBK0=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.bcbsnm.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net 1
upgrade-insecure-requests;script-src 'self' https://analytics.varis.social;connect-src 'self' blob: https://varishangout.net wss://varishangout.net https://analytics.varis.social;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'none' 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; object-src https:; font-src *; 1
frame-ancestors 'self' https://*.lexus.fr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https: data: blob:; connect-src 'self' https: wss: data: blob:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' blob:; style-src 'self' https: 'unsafe-inline'; worker-src blob: 1
default-src 'self' www.zxsecurity.co.nz; script-src 'self' 'unsafe-inline' www.zxsecurity.co.nz www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' www.zxsecurity.co.nz fonts.googleapis.com; font-src 'self' data: www.zxsecurity.co.nz fonts.googleapis.com fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com; object-src 'self'; img-src 'self' www.googletagmanager.com www.google-analytics.com; connect-src 'self' www.google-analytics.com; 1
base-uri 'self' rebusfarm.net 1
frame-ancestors builder.io 1
img-src 'self' computerpoint.net; 1
default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net  https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://feed.yellow.camera https://ct.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com, frame-ancestors 'self' https://*.okadoc.com; 1
frame-ancestors 'self' https://*.manuelnumerique.com; 1
default-src 'self'; child-src cargobase.com; style-src 'self' 'unsafe-inline' cargobase.com *.cognitoforms.com fonts.googleapis.com; font-src 'self' js.intercomcdn.com www.cognitoforms.com fonts.gstatic.com; img-src 'self' data: https://*; connect-src 'self' *.cargobase.com cargobasecms.herokuapp.com cargobase1.recruitee.com www.google-analytics.com api.hsforms.com www.google-analytics.com www.googletagmanager.com *.doubleclick.net *.hsappstatic.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.com js.hsleadflows.net js.hs-analytics.net *.adroll.com *.lfeeder.com *.intercom.io *.intercomcdn.com *.hubspot.com api.hubapi.com track.hubspot.com wss://nexus-websocket-a.intercom.io *.visitorqueue.com *.cognitoforms.com analytics.google.com *.analytics.google.com cargobase.bamboohr.com tracking.g2crowd.com forms.hsforms.com forms.hubspot.com cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net snap.licdn.com connect.facebook.net *.hsappstatic.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.com js.hsleadflows.net js.hs-analytics.net *.adroll.com *.lfeeder.com *.intercom.io *.intercomcdn.com *.hubspot.com api.hubapi.com track.hubspot.com *.visitorqueue.com *.cognitoforms.com www.google.com www.gstatic.com cargobase.bamboohr.com tracking.g2crowd.com *.licdn.com; script-src-elem 'self' 'unsafe-inline' www.youtube.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net snap.licdn.com connect.facebook.net *.hsappstatic.net js.hs-scripts.com js.hsadspixel.net js.hs-banner.com js.hsleadflows.net js.hs-analytics.net *.adroll.com *.lfeeder.com *.intercom.io *.intercomcdn.com *.hubspot.com api.hubapi.com track.hubspot.com *.visitorqueue.com *.cognitoforms.com www.google.com www.gstatic.com cargobase.bamboohr.com tracking.g2crowd.com *.licdn.com https://js.hsforms.net/forms/shell.js https://js.hsforms.net/forms/v2.js https://js.usemessages.com/conversations-embed.js; frame-src 'self' www.youtube.com meetings.hubspot.com *.cognitoforms.com forms.hsforms.com *.doubleclick.net forms.hubspot.com https://app.hubspot.com/; media-src 'self' js.intercomcdn.com https://assets.cargobase.com 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googleadservices.com js.hs-banner.com js.hs-analytics.net js.hsadspixel.net googleads.g.doubleclick.net www.googletagmanager.com connect.facebook.net snap.licdn.com www.google-analytics.com bat.bing.com js.hs-scripts.com jam.dev static.zdassets.com prismic.io cdn.segment.com js.appboycdn.com shopopop.containers.piwik.pro static.cdn.prismic.io js.hsforms.net www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:  blob: www.facebook.com bat.bing.com px.ads.linkedin.com www.googletagmanager.com i.ytimg.com www.gstatic.com tpc.googlesyndication.com shopopop.piwik.pro px4.ads.linkedin.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com track.hubspot.com images.prismic.io prismic-io.s3.amazonaws.com shopopop.cdn.prismic.io *.hsforms.com img.youtube.com www.google.com.hk www.google.fr www.google.nl www.google.it www.google.co.il www.google.es www.google.be www.google.bg www.google.com www.google.ad www.google.ae www.google.com.af www.google.it www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.google.ro www.google.de www.google.lu www.google.se www.google.mu www.google.co.ma www.google.pt www.google.ci www.google.com.pe www.google.com.mx www.google.com.ph www.google.ch www.google.mg www.linkedin.com adservice.google.com region1.google-analytics.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' www.google.com bat.bing.com adservice.google.com www.google-analytics.com  api.hubspot.com stats.g.doubleclick.net api.hubapi.com region1.google-analytics.com www.facebook.com www.googleadservices.com px.ads.linkedin.com ekr.zdassets.com sentry.io sdk.fra-01.braze.eu events.eu1.segmentapis.com api.segment.io shopopop.containers.piwik.pro shopopop.piwik.pro cdn.segment.com shopopop.cdn.prismic.io *.hsforms.com prismic.io; media-src 'self' shopopop.cdn.prismic.io; object-src 'none'; frame-src www.youtube.com www.facebook.com www.google.com forms.hsforms.com shopopop.prismic.io td.doubleclick.net; worker-src 'none'; base-uri 'self'; report-uri https://o398789.ingest.sentry.io/api/5493624/security/?sentry_key=d75e7a229d1e4c64aaa356113ecb2bbf 1
default-src https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.femscat.com; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com https://static.femscat.com https://www.juicycash.net https://yezzclips.r.worldssl.net; media-src 'self' https://static.femscat.com https://yezzclips.r.worldssl.net; script-src https://*.googletagmanager.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.inet-cash.com https://ajax.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://static.femscat.com https://yezzclips.r.worldssl.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://static.femscat.com https://yezzclips.r.worldssl.net https://use.fontawesome.com; frame-ancestors 'none'; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; img-src * data:;font-src * data:; 1
default-src 'self' cloud.ccm19.de www.facebook.com bat.bing.com *.google-analytics.com *.analytics.google.com www.google.com www.google.de stats.g.doubleclick.net i.ytimg.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' cloud.ccm19.de 'unsafe-inline'; object-src 'none';frame-src 'self' cloud.ccm19.de www.google.com spende-dein-pfand.de spendedeinpfand.de spende-dein-pfand.com 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' *.hotjar.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com maps.googleapis.com connect.facebook.net; style-src 'unsafe-inline' 'report-sample' 'self' fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' cdn-cookieyes.com *.cookieyes.com yoast.com www.google-analytics.com maps.googleapis.com; font-src 'self' data: fonts.gstatic.com use.typekit.net; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com  https://player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.facebook.com business.facebook.com; img-src 'self' cdn-cookieyes.com  *.google-analytics.com *.gravatar.com data: maps.gstatic.com *.googleapis.com *.ggpht www.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://5f5f4be97d2e04922acab86c.endpoint.csper.io/; worker-src menziesaviation.com; 1
script-src 'self' 'unsafe-eval' https://a1.adform.net https://auto.widgets.tryg.dk https://cdn-sitegainer.com https://connect.facebook.net https://fonts.googleapis.com https://googleads.g.doubleclick.net https://ipapi.co https://insight.bellmetric.net https://policy.app.cookieinformation.com https://siteintercept.qualtrics.com https://s2.adform.net https://snap.licdn.com https://static.queue-it.net https://tags.tiqcdn.com https://talenthub.io https://track.adform.net https://trygdk.ankiro.dk https://visitor-service-eu-west-1.tealiumiq.com https://web.telemetric.dk https://widget.trustpilot.com https://www.googleadservices.com https://www.googletagmanager.com https://zn77is93qqxazsupp-tryg.siteintercept.qualtrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.tealiumiq.com https://delivery.twentythree.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://activitymap.adobe.com cdn.appdynamics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io static.queue-it.net tags.tryg.dk talenthub.io widget.trustpilot.com 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://a1.adform.net https://auto.widgets.tryg.dk https://cdn-sitegainer.com https://connect.facebook.net https://fonts.googleapis.com https://googleads.g.doubleclick.net https://ipapi.co https://insight.bellmetric.net https://policy.app.cookieinformation.com https://siteintercept.qualtrics.com https://s2.adform.net https://snap.licdn.com https://static.queue-it.net https://tags.tiqcdn.com https://talenthub.io https://track.adform.net https://trygdk.ankiro.dk https://visitor-service-eu-west-1.tealiumiq.com https://web.telemetric.dk https://widget.trustpilot.com https://www.googleadservices.com https://www.googletagmanager.com https://zn77is93qqxazsupp-tryg.siteintercept.qualtrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.tealiumiq.com https://delivery.twentythree.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://activitymap.adobe.com cdn.appdynamics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io static.queue-it.net tags.tryg.dk talenthub.io widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://delivery.twentythree.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
upgrade-insecure-requests;style-src 'self' 'nonce-8glXw27SheRzCpe';font-src 'self';script-src 'self' 'nonce-8glXw27SheRzCpe' ;connect-src 'self' https://0w0.is wss://0w0.is  gts.itzzen.net tired.umbreon.online https://catgirl.center https://media.0w0.is https://media.0w0.is;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src: 'self'; object-src ‘none’; script-src: https://apis.google.com; https://clearout.io; https://www.googletagmanager.com; 1
default-src 'self' *.ocuco.com cdn.builder.io;script-src 'self' 'unsafe-eval' 'unsafe-inline' payments.worldpay.com *.googletagmanager.com maps.googleapis.com *.googleadservices.com *.facebook.com *.facebook.net *.bing.com *.jdt8.net *.doubleclick.net *.clarity.ms *.hotjar.com c.amazon-adsystem.com *.quantserve.com rules.quantcount.com *.ccm19.de *.teads.tv;font-src 'self' fonts.gstatic.com fonts.googleapis.com *.ocuco.com ohdevstorage.blob.core.windows.net;img-src 'self' cdn.builder.io *.ocuco.com *.gstatic.com maps.googleapis.com *.googleadservices.com *.google.com *.google.nl *.facebook.com *.facebook.net *.bing.com *.jdt8.net jdt8.net *.doubleclick.net *.googletagmanager.com *.clarity.ms c.amazon-adsystem.com *.quantserve.com rules.quantcount.com *.ccm19.de *.teads.tv data:;connect-src 'self' *.ocuco.com cdn.builder.io *.bing.com *.google-analytics.com *.googletagmanager.com maps.googleapis.com *.hotjar.io hotjar.io *.hotjar.com cloud.ccm19.de *.teads.tv;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com cloud.ccm19.de;object-src data: 'unsafe-eval' cdn.builder.io;frame-src payments.worldpay.com *.doubleclick.net *.ocuco.com *.youtube.com s.amazon-adsystem.com *.teads.tv;frame-ancestors 'self' *.ocuco.com builder.io *.builder.io; 1
worker-src blob:; default-src 'unsafe-inline' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.net *.googlecommerce.com *.google.com *.facebook.com t.co *.twitter.com *.analytics-twitter.com *.ads-twitter.com *.moatads.com *.pinterest.com *.cenpos.net *.cenpos.com *.constantcontact.com *.fbcdn.net *.fontawesome.com *.cloudflare.com *.cookiepro.com recruitingbypaycor.com *.office.com *.youtube.com *.googletagmanager.com cdn.tiny.cloud 'unsafe-eval' www.southernhobby.com 1
default-src 'self' data: https: 'unsafe-inline'; script-src 'self' 'self' data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: https:; frame-ancestors 'none' 1
frame-ancestors https://www.cupraofficial.fr https://author-seat-stage63.adobecqms.net https://seat-stage63.adobecqms.net https://author-seat-prod63.adobecqms.net https://seat-prod63.adobecqms.net 'self' 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-LbrLf28Rz6RK7bsNn95GEkFgWMzQpW' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' https://*.heavychips.com https://*.decta.com; 1
script-src 'self' https://n1ed.com https://cloud.n1ed.com code.jquery.com https://cdn.public.n1ed.com stackpath.bootstrapcdn.com cloud.n1ed.com n1ed.com https://fonts.gstatic.com cloud.flmngr.com cdn.jsdelivr.net https://unpkg.com mdbootstrap.com; script-src-elem 'self' cdn.public.n1ed.com cloud.n1ed.com cdn.jsdelivr.net https://unpkg.com mdbootstrap.com; frame-ancestors 'self' http://koens-nb.oma.be https://cloud.n1ed.com https://cdn.public.n1ed.com; report-uri https://www.sidc.be/report-uri/enforce 1
frame-src 'self' https: https://optimize.google.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; media-src 'self' https: blob:; font-src 'self' data: https: https://fonts.gstatic.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; upgrade-insecure-requests 1
default-src 'self' https://api.twitch.tv https://player.twitch.tv; font-src 'self' data: https://api.twitch.tv https://player.twitch.tv; img-src 'self' data: https://api.twitch.tv https://player.twitch.tv; object-src https://api.twitch.tv https://player.twitch.tv; script-src 'self' https://api.twitch.tv https://player.twitch.tv 'nonce-196e1eb223b0ba6a83b8fa7343adc1c2'; style-src 'self' 'unsafe-inline' https://api.twitch.tv https://player.twitch.tv 1
base-uri 'none'; child-src 'none'; connect-src 'self'; default-src 'self'; font-src 'none'; form-action 'self'; frame-ancestors 'none'; frame-src https://platform.twitter.com https://www.youtube.com; img-src 'self' data: https://201904.blogspot.com https://assets.gaysexpositions.guide https://www.gstatic.com https://*.imgbox.com https://i.pinimg.com https://c1.staticflickr.com https://*.media.tumblr.com https://pbs.twimg.com https://upload.wikimedia.org https://imgs.xkcd.com; manifest-src 'none'; media-src 'none'; object-src 'none'; report-to endpoint; report-uri https://gaysexpositions.guide/csp-report; script-src 'nonce-B3RRPQo4Vz0jC53abuoMR1V3xdpMCITm' 'report-sample' 'strict-dynamic' https: 'unsafe-inline'; style-src 'nonce-B3RRPQo4Vz0jC53abuoMR1V3xdpMCITm' 'report-sample' https: 'unsafe-inline'; worker-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://equestria.social; img-src 'self' https: data: blob: https://equestria.social; style-src 'self' https://equestria.social 'nonce-ruCwtv++wP2VvSdrbfOfFQ=='; media-src 'self' https: data: https://equestria.social; frame-src 'self' https:; manifest-src 'self' https://equestria.social; form-action 'self'; child-src 'self' blob: https://equestria.social; worker-src 'self' blob: https://equestria.social; connect-src 'self' data: blob: https://equestria.social https://equestria.social wss://equestria.social; script-src 'self' https://equestria.social 'wasm-unsafe-eval' 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' http: data: maps.gstatic.com maps.googleapis.com secure.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' maps.googleapis.com yoast.com *.google-analytics.com; frame-src 'self' www.google.com 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.jp/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.marcolin.com *.fbcdn.net *.cdninstagram.com *.gstatic.com *.google.com *.doubleclick.net *.youtube.com secure.gravatar.com *.googleapis.com *.iubenda.com *.ytimg.com *.windows.net noembed.com *.plyr.io *.googletagmanager.com data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://mastodon.de 'wasm-unsafe-eval'; font-src 'self' https://mastodon.de; img-src 'self' data: blob: https://mastodon.de https://media.mastodon.de; style-src 'self' https://mastodon.de 'nonce-qWl8x1IUsPzHimYPGBxJHg=='; media-src 'self' data: https://mastodon.de https://media.mastodon.de; frame-src 'self' https:; child-src 'self' blob: https://mastodon.de; worker-src 'self' blob: https://mastodon.de; connect-src 'self' blob: data: wss://mastodon.de https://mastodon.de https://media.mastodon.de; manifest-src 'self' https://mastodon.de; form-action 'self' 1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' 1
default-src 'self' localhost:* *.ndbh.com http://media.ndbh.net;                        script-src 'self' localhost:* *.ndbh.com 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com/urchin.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js  https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://cdn.pardot.com https://pi.pardot.com https://unpkg.com/aos@2.3.0/dist/aos.js https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://stackpath.bootstrapcdn.com/bootstrap/ http://cdnjs.cloudflare.com/ajax/libs/jquery/ pi.pardot.com;                           style-src 'self' localhost:* *.ndbh.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://use.fontawesome.com https://fonts.googleapis.com https://unpkg.com/aos@2.3.0/ https://stackpath.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/normalize/ https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/ https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/;                          img-src 'self' localhost:* *.ndbh.com data: http://www.google-analytics.com/collect  https://www.google-analytics.com/collect http://www.google-analytics.com/r/collect  https://www.google-analytics.com/r/collect http://stampoutstigma.com/external/ https://stampoutstigma.com/external/ http://www.adobe.com/images/ https://www.adobe.com/images/ https://cdn.psychologytoday.com/ https://cdn1.sussexdirectories.com/;              connect-src 'self' localhost:* *.ndbh.com https://www.google-analytics.com ws:*;              object-src 'self' localhost:* *.ndbh.com;              media-src 'self' localhost:* *.ndbh.com http://media.ndbh.net https://vimeo.com ;              font-src 'self' localhost:* *.ndbh.com data: https://use.fontawesome.com http://fonts.googleapis.com http://fonts.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;              child-src 'self' localhost:* *.ndbh.com https://www.google.com/ https://maps.google.com  https://maps.gstatic.com  https://maps.googleapis.com https://player.vimeo.com/; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/china-infra-prod 1
script-src 'unsafe-eval' blob: 'self' 'nonce-a56XNopwFauzoakk2rA6' https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline'; default-src * data: blob:; style-src * data: blob: 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
font-src 'self' static.zohocdn.com webfonts.zohowebstatic.com css.zohocdn.com; img-src 'self' maps.gstatic.com maps.googleapis.com data:; script-src-elem 'self' 'unsafe-inline' connect.facebook.net desk.zoho.eu js.zohocdn.com js.zohostatic.eu salesiq.zoho.eu d17nz991552y2g.cloudfront.net maps.googleapis.com platform.twitter.com static.zohocdn.com www.google-analytics.com www.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' css.zohocdn.com css.zohostatic.eu files.zohopublic.eu static.zohocdn.com d3el7j01zd7apf.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.google-analytics.com https://www.google-analytics.com *.googleapis.com https://www.google.com/js https://www.google.com/ads https://www.googletagmanager.com https://cloud.typography.com *.gstatic.com https://stats.g.doubleclick.net *.cloudfront.net https://www.youtube.com *.youtube.com https://app.termly.io https://i.ytimg.com https://yt3.ggpht.com https://static.doubleclick.net https://secure.quantserve.com https://snap.licdn.com https://rules.quantcount.com https://pixel.quantserve.com https://px.ads.linkedin.com http://www.google.com https://p.adsymptotic.com https://lbm.doitbestonline.com https://media.mydoitbest.com ; frame-src 'self' https://app.termly.io https://www.youtube.com https://www.google.com ; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-qYRYoJnihib+zENFYvBInA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
frame-ancestors https://engage.talkative.uk https://ignite.mitel.com https://srv-contactcent.theimi.org.uk https://eu.engage.app/ *.theimi.org.uk  https://www.youtube.com/ https://imiacp.ddev.site:8443/; report-uri /report-csp-violation 1
default-src 'self' data: https://cdn.pixabay.com/ https://pixabay.com/ https://cdn.upsihologa.com.ua/ https://*.tenor.com/  https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.google.com/ https://*.googleapis.com;style-src 'self' 'unsafe-inline' https://*.googletagmanager.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.upsihologa.com.ua/;child-src 'self' https://*.ted.com https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.youtube.com/ https://*.youtube-nocookie.com https://*.google.com/ https://*.twitter.com/ https://*.googlesyndication.com/; img-src 'self' https://*.gstatic.com/  https://*.googletagmanager.com/  https://cdn.pixabay.com/ https://*.google.com/ https://www.paypalobjects.com/ https://*.tenor.com/ https://*.googleapis.com https://*.googleusercontent.com/ https://*.ted.com/ https://*.youtube.com/ https://*.ytimg.com/ https://*.googleapis.com/ https://*.google-analytics.com/ https://*.twitter.com/ https://s0.2mdn.net/ https://cdn.upsihologa.com.ua/ https://*.googlesyndication.com/ data:;media-src 'self'; font-src 'self' https://cdn.upsihologa.com.ua/ https://fonts.gstatic.com/ data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com/ https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.googlesyndication.com/  https://cdn.upsihologa.com.ua/ https://cdnjs.cloudflare.com/ https://*.pinterest.com/ https://*.google.com/ https://*.google-analytics.com  https://*.googleapis.com https://*.twitter.com/ https://cdn.upsihologa.com.ua/ https://*.googlesyndication.com/ https://*.googleapis.com/ https://assets.pinterest.com; 1
default-src 'self' https://a104733541.cdn.optimizely.com https://www.google.com https://deluxeforms.scene7.com https://raptor.scene7.com https://www.youtube.com https://maps.google.com  https://s7d4.scene7.com *.qualtrics.com https://www.safeguardexperience.com; font-src *;img-src * data: *.contentsquare.net; script-src blob: * 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com; style-src * 'unsafe-inline'; connect-src 'self' https://cdn.cookielaw.org https://www.google.com https://logx.optimizely.com https://rum.optimizely.com https://siteintercept.qualtrics.com https://uberall.com https://*.quantummetric.com https://www.safeguardexperience.com https://*.contentsquare.net https://*.onetrust.com;  1
frame-ancestors 'self' https://help.campz.nl https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.okadamanila.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com unpkg.com *.googletagmanager.com *.youtube.com *.gravatar.com *.ytimg.com *.google.com *.affilired.com *.facebook.com *.opentable.com.au *.usabilla.com *.cloudfront.net *.twitter.com *.facebook.net *.ggpht.com *.jsdelivr.net *.instagram.com *.google.co.in *.clarity.ms *.bing.com blob: 'unsafe-eval' 1
default-src 'self' https://www.myutility.us https://connect.myutility.us https://connect.myutility.us/SSOLoginAPI/UserLogin/ValidateUserLoginWidget https://account.myutility.us https://account.myutility.us/SSOLoginAPI/UserLogin/ValidateUserLoginWidget *.surveymonkey.com www.google.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.jquery.com widget.surveymonkey.com analytics.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' www.myutility.us *.myutility.us fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.myutility.us myutility-upgrade.idevdesign.net uiwater-upgrade.idevdesign.net www.uiwater.com www.myutility.us *.google-analytics.com *.analytics.google.com *.googletagmanager.com; media-src 'self' data: blob:; frame-src 'self' https://www.nhc.noaa.gov https://www.youtube.com https://player.vimeo.com https://www3.epa.gov https://www.surveymonkey.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com stats.g.doubleckick.net connect.myutility.us account.myutility.us analytics.google.com; 1
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' ; object-src 'none'; base-uri 'self' https: 'unsafe-inline' ; connect-src 'self' https: ; font-src 'self' https: data: https: ; frame-src 'self' https:  ; img-src 'self' https: data:; manifest-src 'self' https: ; media-src 'self'; worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com; object-src 'none'; img-src: 'self' www.googletagmanager.com data:; frame-ancestors https://youtube.com https://facebook.com https://api.mfa.go.th always; 1
frame-ancestors https://www.kuaifan.co/ https://en.kuaifan.co/ https://tc.kuaifan.co/ 1
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://widget.trustpilot.com https://vars.hotjar.com/ https://*.hs-sites.com https://fast.wistia.net https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com https://script.hotjar.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.wickedreports.com https://*.callrail.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://api.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://ws18.hotjar.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://widget.trustpilot.com https://*.wickedreports.com https://*.callrail.com https://beacon-v2.helpscout.net/ https://js.hs-banner.com https://js.hsadspixel.net https://*.hotjar.com https://js.hubspot.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 1
default-src 'unsafe-inline' 'self' *.safe-route.ru safe-route.ru; img-src 'self' data: *.safe-route.ru safe-route.ru; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.safe-route.ru safe-route.ru; worker-src 'self' blob: *.safe-route.ru safe-route.ru; style-src 'self' 'unsafe-inline' data: *.safe-route.ru safe-route.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dfg-viewer.de matomo.slub-dresden.de; style-src 'self' 'unsafe-inline'; img-src * data:; connect-src *; frame-ancestors 'self' *.hab.de http://*.hab.de dietrich.uni-trier.de parlamente.hessen.de http://recherche.landesarchiv.sachsen-anhalt.de; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-d6ec597ad9e746d48e9e13e005fab05a' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' *.friendlycaptcha.eu *.friendlycaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' *; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *; child-src blob:; worker-src 'self' blob: 1
frame-ancestors *.hedonism.co.uk 1
report-uri /csp-report; default-src 'self' https://shop.stpancras.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' *.kpcu.com *.zagclients.net 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://webto.salesforce.com; frame-ancestors 'self' https://www.youtube.com https://www.youtube-nocookie.com youtube.com youtube-nocookie.com; img-src 'self' http: https: data:; object-src 'none'; script-src-attr 'none'; script-src 'self' 'unsafe-inline' https://www.drop-point.store https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://bat.bing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net youtube.com youtube-nocookie.com;style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src https://www.youtube.com https://www.youtube-nocookie.com youtube.com youtube-nocookie.com https://www.google.com; child-src https://www.youtube.com https://www.youtube-nocookie.com youtube.com youtube-nocookie.com 1
frame-ancestors 'self' https://dentego.remo.jobs 1
object-src 'none';base-uri 'self';report-uri /cspreport;; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com https://philipsigtdpv.com 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-U0QwdHQzN081YTlDSXpCU1lDSmdsTTRsYW5Wd2wxL0FuMGY0V1dHa3I2VT06T0ZRRzRqdjNyK0lUYzBJTElYWTYzWnBISUJZU3J5NlQzaFhQYlJIcjY4QT0=';script-src-elem 'strict-dynamic' 'nonce-U0QwdHQzN081YTlDSXpCU1lDSmdsTTRsYW5Wd2wxL0FuMGY0V1dHa3I2VT06T0ZRRzRqdjNyK0lUYzBJTElYWTYzWnBISUJZU3J5NlQzaFhQYlJIcjY4QT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;  style-src 'self' 'unsafe-inline';  img-src * blob: data:;  media-src 'none';  connect-src *;  font-src 'self';  frame-src giscus.app 1
default-src 'self' https://kotapay.com https://*.kotapay.com https://*.intercepteft.com https://*.interceptcorporation.com;       connect-src 'self' wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://www.google-analytics.com https://thefontzone.com/v4/w/fonts/;       media-src 'self' https://*.salemove.com https://*.glia.com;       font-src 'self' 'unsafe-inline' data:;       style-src 'self' 'unsafe-inline' https://*.salemove.com https://*.glia.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.salemove.com https://*.glia.com https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js;       object-src 'self';       img-src 'self' https://*.kc-usercontent.com blob: data: data: https://*.siteimproveanalytics.io https://www.googletagmanager.com https://www.google-analytics.com https://*.salemove.com https://*.glia.com;       frame-src 'self' https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.youtube.com 1
default-src 'self' data: https://console.googletagservices.com https://unification.useinsider.com https://mobilet.api.useinsider.com  https://*.mobilet.com  https://*.hasura.io https://fonts.gstatic.com https://*.googleapis.com https://www.facebook.com https://newassets.hcaptcha.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com https://*.googlesyndication.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.hasura.io https://*.googleapis.com; script-src 'self' 'unsafe-eval' https://www.googletagservices.com https://backofficepoz.azurewebsites.net https://console.googletagservices.com https://adservice.google.com tps://securepubads.g.doubleclick.net https://*.googlesyndication.com https://cdn.ampproject.org https://*.google.com.tr  https://www.google.com https://unification.useinsider.com https://mobilet.api.useinsider.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://*.hasura.io https://js.hcaptcha.com 'unsafe-inline' https://www.youtube.com https://*.g.doubleclick.net; img-src 'self' data:  https://backstage-feo.doracdn.com https://*.googlesyndication.com https://*.mobilet.com https://*.blob.core.windows.net https://www.google.com https://www.google.com.tr https://www.google-analytics.com https://www.google.de https://*.g.doubleclick.net https://adservice.google.com https://*.hasura.io https://*.facebook.com https://*.airtable.com; connect-src 'self' https://analytics.google.com https://*.masterpassturkiye.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googlesyndication.com https://*.mobilet.com https://api.github.com https://analytics.strapi.io https://*.g.doubleclick.net wss://*.hasura.io https://*.hasura.io https://market-api.strapi.io https://newassets.hcaptcha.com https://www.facebook.com https://unification.useinsider.com https://*.api.useinsider.com/; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://umap.openstreetmap.fr ; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.criptext.com cdn.criptext.com https://oc8k71nhga.execute-api.us-west-2.amazonaws.com/production/submit; 1
default-src https: 'unsafe-inline'; img-src https: data: https://*.hotjar.com; script-src https: 'unsafe-inline' https://*.hotjar.com; connect-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src https: https://*.hotjar.com; style-src https: 'unsafe-inline' https://*.hotjar.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://hilfe.bikester.ch https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.sowaswillichauch.de https://m.sowaswillichauch.de https://checkout.sowaswillichauch.de https://connet.facebook.net https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://corteximplant.com 'wasm-unsafe-eval'; font-src 'self' https://corteximplant.com; img-src 'self' data: blob: https://corteximplant.com; style-src 'self' https://corteximplant.com 'nonce-ggQUSfnGeRAg5ieTwi5UwA=='; media-src 'self' data: https://corteximplant.com; frame-src 'self' https:; child-src 'self' blob: https://corteximplant.com; worker-src 'self' blob: https://corteximplant.com; connect-src 'self' blob: data: wss://corteximplant.com https://corteximplant.com; manifest-src 'self' https://corteximplant.com; form-action 'self' 1
frame-ancestors 'self' https://help.bikester.es https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self';style-src-elem * 'unsafe-inline';script-src-elem * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';img-src * 'self' blob: data: https:;font-src * 'self' data: application:;connect-src * 'unsafe-inline';frame-src *.sc.com *.standardchartered.com *.standardchartered.com.tw *.demdex.net *.fls.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://optimize.google.com https://maps.googleapis.com https://maps.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.hotjar.com https://script.hotjar.com https://*.optimizely.com https://player.vimeo.com https://*.vimeocdn.com https://cdnjs.cloudflare.com https://*.getclicky.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.usemessages.com https://*.logrocket.io https://*.trustpilot.com https://*.varsitytutors.com; style-src 'self' 'unsafe-inline' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://optimize.google.com https://fonts.googleapis.com https://*.hs-scripts.com https://pro.fontawesome.com https://*.varsitytutors.com; img-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://s3-eu-west-1.amazonaws.com https://www.adobe.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://www.google.com https://www.google.co.uk https://optimize.google.com https://www.googletagmanager.com https://www.googleadservices.com https://insights.hotjar.com http://static.hotjar.com https://i.ytimg.com https://*.vimeocdn.com https://*.ssl-images-amazon.com data: blob: https://*.hs-scripts.com https://*.hubspot.com; font-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://fonts.gstatic.com https://static.hotjar.com https://*.hs-scripts.com https://pro.fontawesome.com; connect-src 'self' https://*.varsitytutors.com https://bam.nr-data.net https://*.hotjar.com:* wss://*.hotjar.com https://*.hs-scripts.com https://*.hubspot.com https://*.logrocket.io https://*.googleapis.com; media-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.youtube.com https://*.youtube-nocookie.com https://*.hs-scripts.com; object-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com; child-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://vars.hotjar.com https://optimize.google.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.hs-scripts.com; frame-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.google.com https://vars.hotjar.com https://optimize.google.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.hs-scripts.com https://*.hubspot.com https://*.trustpilot.com; frame-ancestors 'self'; worker-src blob: data: https://*.firsttutors.com; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.calendly.com calendly.com *.w3schools.com lottie.host unpkg.com *.hubspot.com td.doubleclick.net *.hsforms.com *.spotify.com *.carerix.com *app.livestorm.com *.livestorm.com *.app.livestorm.com 1
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com https://*.mybigcommerce.com 1
default-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;connect-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com api.hubspot.com forms.hubspot.com performance.typekit.net www.facebook.com www.google-analytics.com stats.g.doubleclick.net s3.amazonaws.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com api.hubapi.com analytics.google.com ct.pinterest.com k.p-n.io cta-service-cms2.hubspot.com;font-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com use.typekit.net vjs.zencdn.net;img-src 'self' data: woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com s3.amazonaws.com www.aimmedia.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net track.hubspot.com forms.hubspot.com p.typekit.net www.facebook.com ws-na.amazon-adsystem.com ir-na.amazon-adsystem.com upload.wikimedia.org images-na.ssl-images-amazon.com d36ai2hkxl16us.cloudfront.net images.ahpc.us img.youtube.com cx.atdmt.com www.google.com email.woodsmith.com cdn.woodsmith.com www.woodsmithplans.com www.cuisinelibrary.com www.gardengatelibrary.com m.media-amazon.com www.woodsmith.com connect.facebook.net bat.bing.com analytics.google.com ct.pinterest.com media.pushlycdn.com perf-na1.hsforms.com forms.hsforms.com forms-na1.hsforms.com woodsmith.com dev.woodsmith.com gardengatemagazine.com www.gardengatemagazine.com dev.gardengatemagazine.com;manifest-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;media-src 'self' s3.amazonaws.com woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;object-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;script-src 'self' 'unsafe-inline' blob: woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com js.hs-scripts.com cdn.foxycart.com ajax.googleapis.com use.typekit.net vjs.zencdn.net www.woodsmithplans.com secure.augusthome.com images.ahpc.us js.usemessages.com js.hsleadflows.net js.hs-analytics.net connect.facebook.net code.jquery.com js.hs-banner.com browser-update.org js.hsforms.net forms.hsforms.com js.hsadspixel.net ndn.statistinamics.com js-na1.hs-scripts.com bat.bing.com googleads.g.doubleclick.net s.pinimg.com cdn.p-n.io www.aimmedia.com js.hubspot.com;style-src 'self' 'unsafe-inline' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com use.fontawesome.com fonts.googleapis.com vjs.zencdn.net cdn.foxycart.co cdn.foxycart.com;base-uri 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;form-action 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com *;frame-ancestors 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com;child-src 'self' woodsmithplans.foxycart.com dbuydhz9ymzzu.cloudfront.net cloudfront.woodsmithplans.com www.google.com www.youtube.com forms.hsforms.com www.googletagmanager.com bid.g.doubleclick.net ct.pinterest.com; 1
default-src 'self' 'unsafe-eval' data: blob: https://hot.com https://adultsearch.com https://www.mintboys.com https://cdn.mintboys.net https://cdn.mintboys.com https://assets.mintboys.com https://cdn.ampproject.org https://amp-error-reporting.appspot.com https://ampcid.google.com https://ampcid.google.com.mx https://ampcid.google.co.uk https://ampcid.google.com.au https://ampcid.google.ca https://ampcid.google.ae https://www.googletagmanager.com https://www.google-analytics.com https://*.ptawe.com/ https://*.awempire.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://unpkg.com https://www.mintboys.com https://hot.com https://cdn.mintboys.net https://cdn.mintboys.com https://assets.mintboys.com https://www.google-analytics.com https://adultsearch.com https://www.googletagmanager.com https://cdn.ampproject.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.ptawe.com/ https://*.awestatic.com/ https://adname.xyz/; img-src 'self' data: https://www.mintboys.com https://imagecdn.mintboys.net https://imagecdn.mintboys.com https://cdn.mintboys.net https://cdn.mintboys.com https://assets.mintboys.com https://www.google-analytics.com https://www.googletagmanager.com https://*.awemwh.com https://*.nsimg.net; style-src 'self' 'unsafe-inline' https://www.mintboys.com https://cdn.mintboys.net https://cdn.mintboys.com https://assets.mintboys.com; form-action 'self' https://www.mintboys.com; frame-src 'self' https://www.google.com/recaptcha/ https://secure.vs3.com/ https://hot.com https://*.ptawe.com/; 1
object-src 'none'; script-src 'self' 'nonce-5ebf68e0a0f14462a205125de6a14323' https://hitachi-rail-global.mynewsdesk.com/ https://*.hotjar.com/ *.youtube.com/ http://www.youtube.com/ https://pi.pardot.com/ https://www.glassdoor.co.uk/ http://https//pi.pardot.com/ http://cdn.pardot.com/ https://player.vimeo.com/ https://ajax.aspnetcdn.com/ http://hitachi-rail-global-uk.mynewsdesk.com/ http://hitachi-rail-global.mynewsdesk.com/hosted_newsroom.js/ https://cc.cdn.civiccomputing.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tools.eurolandir.com/ https://cdn.videosync.fi/ https://www.googleadservices.com/ https://snap.licdn.com/ https://komito.net/ https://googleads.g.doubleclick.net/ https://3xscreen.videosync.fi/ https://www.youtube.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://s.ytimg.com/ http://cdnjs.cloudflare.com/ ; style-src 'self' 'nonce-5ebf68e0a0f14462a205125de6a14323' https://hitachirailpenweb1-prelive.azurewebsites.net/ *.youtube.com/ http://www.youtube.com/ https://cc.cdn.civiccomputing.com/ https://fonts.googleapis.com/ https://tools.eurolandir.com/ https://*.hotjar.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; img-src 'self' data: https://hitachirailpenweb1-prelive.azurewebsites.net/ http://www.youtube.com/ https://www.googletagmanager.com/  https://www.google.rs/ https://*.hotjar.com https://*.linkedin.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.glassdoor.co.uk/ https://www.glassdoor.com/ https://www.linkedin.com/ https://i.vimeocdn.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://accounts.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://p.adsymptotic.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://resources.mynewsdesk.com/ https://i.ytimg.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ ; frame-src 'self' https://hitachirailpenweb1-prelive.azurewebsites.net/ *.hitachirail.com/ *.youtube.com/ https://*.hotjar.com/ http://www.youtube.com/ https://td.doubleclick.net/ http://go.pardot.com/ https://www.glassdoor.co.uk/ https://vimeo.com/ https://www.google.com/ http://hitachi-rail-global-uk.mynewsdesk.com/ http://hitachi-rail-global.mynewsdesk.com/ https://www.mynewsdesk.com/ https://hitachirailsts.mua.hrdepartment.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/ https://player.vimeo.com/ https://www.youtube.com/ https://3xscreen.videosync.fi/ https://bid.g.doubleclick.net/ https://youtu.be/ 1
default-src 'self' 'unsafe-eval';                                         connect-src 'self' *.doubleclick.net *.google-analytics.com *.google-analytics.com *.juicer.io *.googleapis.com *.facebook.com;                                         frame-src 'self' *.youtube.com *.google.com;                                         img-src 'self' *.googletagmanager.com *.google-analytics.com *.clatity.ms *.picsum.photos picsum.photos marketing.acerbis.it *.juicer.io juicer.io *.gstatic.com *.google.com *.googleapis.com *.facebook.com data: blob:;                                         font-src 'self' *.juicer.io *.gstatic.com;                                         script-src-elem 'self' 'unsafe-inline' cookiehub.net *.google-analytics.com *.clarity.ms *.googletagmanager.com *.juicer.io *.google.com *.googleapis.com *.google.com *.facebook.net;                                         style-src-elem 'self' 'unsafe-inline' cookiehub.net *.juicer.io *.googleapis.com *.google.com;                                         style-src 'self' 'unsafe-inline' cookiehub.net *.juicer.io *.googleapis.com; 1
upgrade-insecure-requests; frame-ancestors 'self' *.royalchallengers.com; 1
base-uri 'none' 1
img-src * 'self' data:;script-src 'self'       https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com       https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com      https://code.jquery.com http://code.jquery.com 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-1ba71e502b0a019c'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
base-uri 'self';default-src 'none';font-src 'self' https://*.hotjar.com;script-src 'self' https://cdn.mxpnl.com 'nonce-4d75968d-03c7-4ef3-b6e1-e36a5c0fac1c' https://connect.facebook.net https://staticxx.facebook.com https://static.ads-twitter.com https://apis.google.com https://accounts.google.com https://analytics.twitter.com https://*.hotjar.com;style-src 'self' 'unsafe-inline';img-src 'self' https://*.makeorg.tech https://*.make.org https://*.placebymake.org https://*.webflow.com data: https://t.co https://*.facebook.com https://*.facebook.net https://analytics.twitter.com https://*.hotjar.com;connect-src 'self' https://make.org/backend https://make.org https://*.makeorg.tech https://*.make.org https://*.placebymake.org https://api-eu.mixpanel.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' https://*.facebook.com https://*.google.com https://*.hotjar.com;object-src 'none';media-src 'none';manifest-src 'self';frame-ancestors 'none' 1
frame-ancestors 'self' *.audi.cn *.audibrand.cn *.audichina.cn alidt.alicdn.com  *.baidu.com 1
frame-ancestors 'self' *.fiavest.com fiavest.com *.fiavest.com:8443 *.mplusonline.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data: 'self'; frame-ancestors 'self' http: https:; base-uri 'self'; form-action 'self' https://*.actu-environnement.com https://*.paybox.com 1
default-src 'none';base-uri 'self';style-src 'self' 'unsafe-inline' https: fonts.googleapis.com;font-src 'self' https: data:;img-src 'self' https: data:;media-src 'self' https:;script-src blob: icepanel.io www.youtube.com/iframe_api www.youtube.com/s/player/;form-action 'none';connect-src https: wss: api-js.mixpanel.com;manifest-src 'self' https:;frame-src https: youtube.com www.youtube.com;frame-ancestors 'none';upgrade-insecure-requests; 1
frame-src 'self' api.stream24.net stream24.net l.ecn-ldr.de ecn-ldr.de; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https: * *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com adservice.google.ca adservice.google.co.in adservice.google.co.kr adservice.google.co.uk adservice.google.co.za adservice.google.com.ar adservice.google.com.au adservice.google.com.br adservice.google.com.co adservice.google.com.gt adservice.google.com.mx adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.tr adservice.google.com.tw adservice.google.com.vn adservice.google.de adservice.google.dk adservice.google.es adservice.google.fr adservice.google.nl adservice.google.no adservice.google.ru adservice.google.vg adservice.google.ru adservice.google.eu adservice.google.kz *.hotjar.com *.yandex.ru; media-src 'self' *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com  *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com connect.facebook.net adservice.google.ca adservice.google.co.in adservice.google.co.kr adservice.google.co.uk adservice.google.co.za adservice.google.com.ar adservice.google.com.au adservice.google.com.br adservice.google.com.co adservice.google.com.gt adservice.google.com.mx adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.tr adservice.google.com.tw adservice.google.com.vn adservice.google.de adservice.google.dk adservice.google.es adservice.google.fr adservice.google.nl adservice.google.no adservice.google.ru adservice.google.vg adservice.google.ru adservice.google.eu adservice.google.kz *.hotjar.com *.jsdelivr.net *.yandex.ru *.ywxi.net; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.youtube.com *.trustedsite.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.google.com *.googlesyndication.com *.hotjar.com *.yandex.ru *.amazonaws.com *.facebook.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-YmMzNzI3ZGUtMmVkZS00YjNjLTk0Y2EtMTE2MzYwNTcwMDEx'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src data: *; media-src *; object-src *; report-uri https://csp-reports.firmseek.com/burr; 1
script-src 'self' https://*.votewa.gov/ https://*.votewa.gov/portal2023/ https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.omniballot.us https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline' 'unsafe-eval'; default-src 'self' https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.omniballot.us https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline'; style-src 'self' https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline'; frame-src http://*.votewa.gov/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.youtube.com/ https://youtu.be/; base-uri 'self'; form-action 'self'; frame-ancestors https://*.votewa.gov/; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.virtualearth.net *.google-analytics.com; font-src 'self' data:; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.ampproject.org connect.facebook.net graph.facebook.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com m.addthis.com play.vidyard.com platform.twitter.com s7.addthis.com script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net v1.addthisedge.com widgets.pinterest.com www.google-analytics.com www.googletagmanager.com z.moatads.com cdn2.hubspot.net 'strict-dynamic' 'nonce-9OvUyRYC+qkTe96Uy7jvkw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net https://video.st.dl.eccdnx.com https://vd.queniujq.cn https://*.storage.googleapis.com https://sketchfab.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; frame-ancestors 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.thecakedecoratingcompany.co.uk; base-uri 'self' 1
base-uri 'self';connect-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.api.video *.consentmanager.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com;default-src 'self';form-action 'self';img-src 'self' data: *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.google.de *.googleapis.com maps.gstatic.com *.consentmanager.net *.facebook.com *.wetu.com wetu.com images.unsplash.com *.api.video;media-src 'self' blob: *.api.video;object-src 'none';script-src 'self' 'nonce-q5zmSXqnDlGEtxrBYsziG7jw8uMHDmMnX9YifkTk' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net *.hotjar.com *.facebook.net vjs.zencdn.net;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net;font-src 'self' data: fonts.gstatic.com;worker-src 'self' blob:;frame-src *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.google.com *.googletagmanager.com *.camper24.de *.issuu.com *.doubleclick.net *.sunnycars.de *.instagram.com *.thankyounature.org *.spotify.com *.msgp.pl *.api.video 1
default-src 'self'; connect-src * 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https:;  img-src * 'self' data: https: blob:; script-src 'self' 'nonce-1R+ZmL97sDyzPSc0gtOgPiPKVwDGJHXVE7CnikMh/yY=' 'strict-dynamic' ; style-src 'self' 'unsafe-inline' *; form-action 'self' data: https:; media-src 'self' data: https: blob: 1
frame-ancestors 'self' https://*.melissa.com.br https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.conexaomelissa.com.br https://*.grendene.com.br 1
default-src 'none'; connect-src 'self' https://fahrplan.salzburg-verkehr.at/webapp/; font-src 'self' data: https://fahrplan.salzburg-verkehr.at/webapp/; form-action 'self'; frame-src 'self'; img-src 'self' data: https://fahrplan.salzburg-verkehr.at/webapp/; media-src 'self'; script-src 'self' 'unsafe-inline' https://fahrplan.salzburg-verkehr.at/bin/ https://fahrplan.salzburg-verkehr.at/webapp/; style-src 'self' 'unsafe-inline' https://fahrplan.salzburg-verkehr.at/webapp/; base-uri 'none'; object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://3ff6097d7f5d6e89a9eed049b3aed13c.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: 'self'; frame-ancestors 'none' 1
frame-ancestors 'none' ; report-uri https://netresec.report-uri.com/r/d/csp/enforce; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.leatherworkinggroup.com/?eID=error 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://yastatic.net https://yastatic.net *.yandex.ru *.webvisor.org https://metrika-informer.com https://cdn.jsdelivr.net https://www.google-analytics.com 1
default-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net carstickers.activehosted.com; script-src 'nonce-97e36fb6535543fda7d87ad82134e04f' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net data: wss://www.carstickers.com o116203.ingest.sentry.io *.google-analytics.com *.doubleclick.net *.braintree-api.com *.braintreegateway.com *.paypal.com *.google.com *.google-analytics.com google.com t.vibe.co *.clarity.ms c.bing.com; img-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net data: *.doubleclick.net *.ytimg.com *.google-analytics.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.shutterstock.com ak.picdn.net assets.braintreegateway.com *.paypal.com www.gstatic.com d226aj4ao1t61q.cloudfront.net fonts.googleapis.com www.paypalobjects.com t.vibe.co *.clarity.ms c.bing.com; frame-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net www.youtube.com assets.braintreegateway.com *.paypal.com pay.google.com *.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net fonts.googleapis.com fonts.gstatic.com assets.braintreegateway.com *.googletagmanager.com; font-src 'self' dejpknyizje2n.cloudfront.net d1ij5seu2h8qgc.cloudfront.net dyjt5tacz9t2j.cloudfront.net fonts.googleapis.com fonts.gstatic.com; object-src 'none'; base-uri 'self'; 1
default-src 'self' www.gravatar.com checkerdist.com *.checkerdist.com *.zdassets.com  ;script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.zopim.com static.zdassets.com connect.facebook.net assets.pinterest.com checkerdist.com *.checkerdist.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com checkerdist.com *.checkerdist.com; font-src 'self'   checkerdist.com *.checkerdist.com *.gstatic.com *.zopim.com; style-src 'self' 'unsafe-inline' checkerdist.com *.checkerdist.com; img-src 'self' data: checkerdist.com www.gravatar.com *.zendesk.com *.zdassets.com *.checkerdist.com www.google-analytics.com *.googletagmanager.com *.pinterest.com; script-src 'self' checkerdist.com *.checkerdist.com 'unsafe-eval' 'unsafe-inline'; connect-src checkerdist.com  *.checkerdist.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net ekr.zdassets.com wss://*.zopim.com wss://*.zendesk.com *.zendesk.com; frame-src 'self' checkerdist.com *.google.com *.checkerdist.com www.facebook.com *.vimeo.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' www.youtube-nocookie.com www.google.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com validate.theoplayer.com license.theoplayer.com exzillamedia-aaea.streaming.media.azure.net texttospeech.googleapis.com www.nteservice.com maps.googleapis.com www.ntplc.co.th forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
block-all-mixed-content;default-src 'self' https: *.addtoany.com *.adform.net *.ads-twitter.com *.bing.com maxcdn.bootstrapcdn.com browser-update.org cdnjs.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.salesforce.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.fi *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io app.interactiveads.ai *.klarna.com *.klarnacdn.net *.klarnaevt.com *.leadoo.com *.licdn.com *.onfido.com wss://*.onfido.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.thehotelsnetwork.com embed.trustmary.com embed.trustmary.io *.twitter.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.hotjar.com youtu.be wss://*.amazonaws.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addtoany.com *.adform.net *.ads-twitter.com *.bing.com maxcdn.bootstrapcdn.com browser-update.org cdnjs.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.salesforce.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.fi *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io app.interactiveads.ai *.klarna.com *.klarnacdn.net *.klarnaevt.com *.leadoo.com *.licdn.com *.onfido.com wss://*.onfido.com *.pardot.com *.polyfill.io *.ravenjs.com *.sentry-cdn.com *.thehotelsnetwork.com embed.trustmary.com embed.trustmary.io *.twitter.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.hotjar.com youtu.be wss://*.amazonaws.com ;style-src self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;font-src  self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;img-src self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;frame-ancestors 'self'; 1
Default-src 'self' wss: ws: data: https://localhost:*/ https://www.google.com/ https://www.gstatic.com/ https://www.michigan.gov/ https://digitalguidelines.michigan.gov/ https://*.googleapis.com/ https://*.gstatic.com/ 'unsafe-inline' 'unsafe-eval';Connect-src 'self' http://localhost:*/ https://localhost:*/ wss://localhost:*/ ws://localhost:*/ https://*.googleapis.com/ ;Frame-src 'self' https://www.google.com/ ; Object-src 'none';Frame-ancestors 'none';Base-uri 'self';Form-action 'self'; 1
frame-ancestors media.tech-latest.com tech-latest.com 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://bptk-api.andreasfaust.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
frame-ancestors bybio.co byfans.co bybio.me app2.bybio.co 1
object-src 'none'; base-uri 'self'; script-src 'sha256-tSuRSYHqMKYJyd+O+gfjjXHIiVq6jqmutq8WqoJeaRU=' 'nonce-ph4fsZNclImhZSLjFmnoMlnhATgIu1h5pdyQmMgV2Dxzgpsoa4US4Fy6y3xM9PgG' 'strict-dynamic' 'self' 1
default-src 'self' 'unsafe-inline' data: dweb: ipfs: ipns: https://*.dweb.link https://ipfs.io https://*.infura.io https://cgi.ninetailed.ninja; 1
base-uri 'self'; object-src 'none'; default-src 'self' *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; img-src data: 'self' alb.reddit.com www.googletagmanager.com googleads.g.doubleclick.net images.typeform.com/images/ www.facebook.com www.google.com www.google.pl www.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.talent.com *.gpcdn.pl *.gstatic.com *.googleapis.com *.linkedin.com *.facebook.net *.talent.com https://www.gstatic.com *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; frame-src 'self' widget.eu.criteo.com gum.criteo.com vimeo.com player.vimeo.com www.facebook.com www.youtube.com www.google.com creativecdn.com tpc.googlesyndication.com form.typeform.com vars.hotjar.com www.adzuna.pl *.fls.doubleclick.net *.creativecdn.com *.gemius.pl *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; connect-src 'self' *.googlesyndication.com in.hotjar.com wss://*.hotjar.com *.hotjar.com *.hotjar.io analytics.tiktok.com sslwidget.criteo.com www.facebook.com tracker.pracuj.pl apus-api.theprotocol.it www.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.ingest.sentry.io cdn.linkedin.oribi.io *.creativecdn.com *.gemius.pl *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; script-src 'self' maps.gstatic.com gstatic.com/recaptcha/ static.criteo.net sslwidget.criteo.com dynamic.criteo.com connect.facebook.net www.google.com/recaptcha/ www.google.com/maps/ fonts.googleapis.com maps.googleapis.com/maps* khms0.googleapis.com khms1.googleapis.com analytics.tiktok.com embed.typeform.com/next/ snap.licdn.com/li.lms-analytics/ googleads.g.doubleclick.net script.hotjar.com 'unsafe-eval' *.sentry-cdn.com *.gpcdn.pl *.adform.net *.creativecdn.com https://tagmanager.google.com *.gemius.pl 'nonce-YjdkMTkwNzktYzIwNy00OTk1LWIxOWUtZmY4NTgxZDMxMzRl' *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; style-src 'self' 'unsafe-inline' *.googleapis.com www.googletagmanager.com embed.typeform.com/next/ *.theprotocol.it/statics/ https://tagmanager.google.com *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; font-src 'self' fonts.gstatic.com *.theprotocol.it/statics/ data: *.mouseflow.com tahirihhira.gpcdn.pl static.theprotocol.it; block-all-mixed-content; frame-ancestors 'self'; script-src-attr 'none'; upgrade-insecure-requests; 1
default-src https:; style-src https: 'unsafe-inline'; 1
default-src  'self' 'unsafe-inline'; font-src https://fonts.gstatic.com https://*.typekit.net 'self'; child-src  'self'; connect-src https://y062.nec-nijmegen.nl/ https://collector.leadinfo.net/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://*.convio.us wss://*.convio.us https://nec.blueconic.net 'self'; frame-src https://form.typeform.com/ https://www.sporcle.com/ https://www.googletagmanager.com https://www.instagram.com/ https://content.streamone.net/ https://twitter.com https://*.twitter.com/ https://*.facebook.com/ https://www.youtube.com/ https://stanza.co/ https://*.gxcloud.local https://*.gxcloud.net https://*.convio.us https://*.typekit.net https://*.amazonaws.com https://player.streampunt.nl/ 'self'; frame-ancestors  'self'; img-src https://y062.nec-nijmegen.nl/ https://*.gxcloud.net/ http://*.gxcloud.net/ https://*.nec-nijmegen.nl/ https://*.doubleclick.net/ https://nec.blueconic.net https://*.convio.us https://*.typekit.net https://*.amazonaws.com https://*.twimg.com/ https://www.google-analytics.com https://*.twitter.com/ https://www.google.com/ https://plugins.blueconic.net https://www.google.nl/ 'self' data:; media-src  'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://y062.nec-nijmegen.nl/ https://*.google.com/ https://*.twitter.com/ https://ton.twimg.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' https://*.home-design.schmidt https://www.google.com https://*.googlesyndication.com https://*.ma.cuisinella http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://client.get-potions.com; media-src 'self' https://*.ma.cuisinella https://*.home-design.schmidt https://www.youtube.com https://*.hotjar.com https://*.ma.cuisinella https://client.get-potions.com; font-src 'self' data: https://*.ma.cuisinella https://*.home-design.schmidt https://use.fontawesome.com https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://client.get-potions.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.ma.cuisinella https://*.home-design.schmidt https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://*.googlesyndication.com https://cse.google.com https://maps.googleapis.com https://apis.google.com https://adservice.google.fr https://adservice.google.com https://www.youtube.com https://connect.facebook.net https://*.criteo.com https://*.criteo.net https://*.apviz.io https://hapticmedia.fr https://static.axept.io https://s.pinimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.ma.cuisinella https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://client.get-potions.com https://cdn.matomo.cloud https://homedesignschmidt.matomo.cloud https://tag.imagino.com https://analytics.tiktok.com https://lescoulisses.wufoo.com https://accounts.google.com https://s.kmtx.io https://t.kmtx.io https://*.clarity.ms https://clarity.ms https://*.elfsightcdn.com https://elfsight.com https://*.abtasty.com https://*.r66net.com; style-src 'self' 'unsafe-inline' https://*.ma.cuisinella https://*.home-design.schmidt https://www.google.com https://fonts.googleapis.com https://www.youtube.com https://*.apviz.io https://*.hotjar.com https://client.get-potions.com https://accounts.google.com https://*.abtasty.com; child-src 'self' https://www.google.com https://*.googlesyndication.com https://www.google-analytics.com http://www.google-analytics.com https://recaptcha.google.com https://accounts.google.com https://www.youtube.com https://*.criteo.com https://*.hotjar.com https://*.ma.cuisinella https://*.home-design.schmidt https://*.fls.doubleclick.net https://cse.google.com https://*.pinterest.com https://www.pinterest.fr/ https://s.pinimg.com/ https://nodalview.com/ https://www.facebook.com/ https://www.klapty.com https://tour.klapty.com https://client.get-potions.com https://homedesignschmidt.matomo.cloud https://tag.imagino.com https://lescoulisses.wufoo.com https://app.nodalview.com; img-src 'self' data: blob: https://*.ma.cuisinella https://*.home-design.schmidt https://www.google.com https://www.google.fr https://clients1.google.com https://*.googlesyndication.com https://ssl.google-analytics.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.youtube.com https://www.facebook.com https://*.doubleclick.net https://*.apviz.io https://hapticmedia.fr https://axeptio.imgix.net https://*.ma.cuisinella https://s.pinimg.com https://tr.cloud-media.fr https://ct.pinterest.com https://*.pinterest.com https://www.googleapis.com http://*.hotjar.com  https://*.hotjar.com  http://*.hotjar.io  https://*.hotjar.io https://lh3.googleusercontent.com https://client.get-potions.com https://t.kmtx.io https://segment.prod.bidr.io https://d2csxpduxe849s.cloudfront.net https://adservice.google.com https://*.abtasty.com; connect-src 'self' https://www.google-analytics.com https://*.googlesyndication.com https://*.facebook.com https://*.doubleclick.net https://*.apviz.io https://client.axept.io https://api.axept.io https://static.axept.io https://*.ma.cuisinella https://*.home-design.schmidt https://ct.pinterest.com https://*.hapticmedia.io/ http://*.hotjar.com  https://*.hotjar.com  http://*.hotjar.io  https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://apps.elfsight.com https://service-reviews-ultimate.elfsight.com https://region1.google-analytics.com https://client.get-potions.com https://tag.imagino.com/ https://homedesignschmidt.matomo.cloud https://www.google.com https://analytics.tiktok.com https://t.kmtx.io https://static.elfsight.com https://core.service.elfsight.com/* https://*.clarity.ms https://clarity.ms https://*.elfsightcdn.com https://elfsight.com https://*.abtasty.com; frame-ancestors 'self' http://*.hotjar.com  https://*.hotjar.com  http://*.hotjar.io  https://*.hotjar.io https://nodalview.com/ https://*.ma.cuisinella; 1
default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bugherd.com sidebar.bugherd.com ws.zoominfo.com cdn.cookielaw.org www.googletagmanager.com cdnjs.cloudflare.com ajax.googleapis.com tags.clickagy.com www.google-analytics.com snap.licdn.com https://*.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net www.googletagmanager.com; img-src * 'self' blob: data: secure.gravatar.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com use.typekit.net p.typekit.net ; media-src * 'self' ; form-action * 'self' ; frame-ancestors 'self' ; base-uri 'self' ; connect-src * 'self' https://*.pusher.com; frame-src *.vimeo.com *.bugherd.com *.divido.com; 1
default-src 'self' *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.sheridanoutlet.com.au; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-88021bad20397ed4bd3c9289c6c7cc26'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://formation.coprosvertes.fr/ https://jevaluemonlogement.org/ 1
object-src 'none';default-src data: blob: https: 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests; report-uri https://gamingph.report-uri.com/r/d/csp/enforce 1
Nonces 1
img-src 'self' https://*;        child-src 'none';        worker-src 'self' https://connect.facebook.net https://snap.licdn.com;        object-src 'none';        frame-src 'self' https://*.bdunet.dk https://*.bdpdmz.dk https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://policy.app.cookieinformation.com        https://kort-spks.dk https://tools.eurolandir.com  https://beta.spks.dk https://static.bankdata.dk/wco/release https://*.globenewswire.com        https://leasingfyn.dk/ https://static.bankdata.dk/ https://www.totalkredit.dk https://app.viamap.net https://api.puzzel.com https://cdnjs.cloudflare.com        https://www.buzzsprout.com https://www.vpfonde.dk https://www.facebook.com https://connect.facebook.net https://youtube.com https://www.youtube.com dk.trustpilot.com https://widget.trustpilot.com https://analytics-eu.clickdimensions.com *.vimeo.com https://www.spreaker.com https://widget.spreaker.com https://view.officeapps.live.com https://dlr.dk https://widgets.klimaapi.io 1
default-src 'none' ; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src * data:; object-src 'none'; base-uri 'none'; frame-ancestors *.comedia.it 'self'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; font-src * data:; connect-src * https:; manifest-src 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://cdn.jsdelivr.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://www.pari.com/typo3conf/ext/pari_cms/Resources/Public/JavaScript/Vendor/analytics.js https://pari.com/typo3conf/ext/pari_cms/Resources/Public/JavaScript/Vendor/analytics.js https://matomo.pari.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.youtube-nocookie.com https://snap.licdn.com/; frame-src www.youtube.com www.youtube-nocookie.com login.doccheck.com www.login.doccheck.com www.player.youku.com player.youku.com https://scnem.com/ scnem.com; img-src * www.googletagmanager.com; form-action 'self'; object-src 'self'; font-src 'self' https://userlike-cdn-umm.b-cdn.net/fonts/; connect-src *; 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://growingfruit.org/logs/ https://growingfruit.org/sidekiq/ https://growingfruit.org/mini-profiler-resources/ https://growingfruit.org/assets/ https://growingfruit.org/brotli_asset/ https://growingfruit.org/extra-locales/ https://growingfruit.org/highlight-js/ https://growingfruit.org/javascripts/ https://growingfruit.org/plugins/ https://growingfruit.org/theme-javascripts/ https://growingfruit.org/svg-sprite/ 'nonce-7c1eecc7c8fac958c3f640b51b919efd'; worker-src 'self' https://growingfruit.org/assets/ https://growingfruit.org/brotli_asset/ https://growingfruit.org/javascripts/ https://growingfruit.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: data: 'unsafe-inline'; frame-ancestors 'none'; report-uri https://sentry.42he.com/api/3/security/?sentry_key=c45a7c14fe8e4379af9e88c5aa179d47 1
frame-src self https://bjs.myhomeprojectcenter.com https://bjsold.myhomeprojectcenter.com  https://* 1
frame-ancestors 'self' wabco-solutioncentre.com 1
frame-ancestors https://*.bthhotels.com 1
default "self" 1
frame-ancestors 'self'; report-uri https://columbiaasia.report-uri.com/r/d/csp/enforce 1
default-src 'self'; font-src 'self' * data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://mtgify.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://mtgify.org; connect-src 'self' https://mtgify.org https://www.googletagmanager.com https://www.google-analytics.com https://17lands.cdn.prismic.io 1
frame-ancestors 'self' tr.plds.fun dropshipping.endorphone.com.ua 1
frame-ancestors 'self' https://manage.lightwaveonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com;report-uri /_/GeoMerchantPrestoSiteUi/cspreport/allowlist 1
default-src 'self' 'unsafe-eval' blob: data: *.gstatic.com *.visualwebsiteoptimizer.com *.google-analytics.com *.hotjar.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.marker.io https://app.marker.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https: http://www.googleadservices.com http://*.googletagmanager.com http://*.doubleclick.net http://*.visualwebsiteoptimizer.com http://www.gstatic.com http://bat.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.adsrvr.org *.mouseflow.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https: http://hello.myfonts.net; img-src 'self' data:  blob: https:  https://media.marker.io  https://edge.marker.io https://app.marker.io *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.gravatar.com http://*.visualwebsiteoptimizer.com http://bat.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.mouseflow.com; font-src 'self' data: https://edge.marker.io https://app.marker.io https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.mouseflow.com; connect-src 'self' https://maps.googleapis.com https://pagead2.googlesyndication.com https://ssr.marker.io/render https://api.marker.io/widget/ping *.visualwebsiteoptimizer.com app.vwo.com https://www.google.ca/ https://googleoptimize.com https://cdn.linkedin.oribi.io https://*.qualtrics.com https://*.libro.ca https://analytics.google.com https://www.google-analytics.com https://yoast.com https://s.swiftypecdn.com/ https://search-api.swiftype.com/ https://*.sentry.io/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.eventbriteapi.com/ https://stats.g.doubleclick.net https://cdnjs.cloudflare.com http://*.visualwebsiteoptimizer.com *.hotjar.com *.mouseflow.com; media-src 'self' https: https://media.marker.io https://app.marker.io  https://edge.marker.io; object-src 'self'; frame-src 'self' https://td.doubleclick.net https://app.marker.io/ app.vwo.com *.visualwebsiteoptimizer.com https://embed.podcasts.apple.com https://podcasters.apple.com https://*.inter-val.ai https://app-qa.inter-val.ai https://app.inter-val.ai https://optimize.google.com https://*.adsrvr.org https://www.youtube.com https://e.issuu.com https://www.figma.com/ https://*.libro.ca  http://contentz.mkt81.net/lp/19644/87861/Libro.ca https://www.financialcalculators.net/ https://xd.adobe.com/ https://www.google.com https://www.eventbrite.ca https://www.eventbrite.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://bid.g.doubleclick.net https://*.visualwebsiteoptimizer.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.mouseflow.com; form-action 'self' https://app.marker.io https://api.marker.io https://survey.libro.ca http://www.pages08.net/librocreditunion/; report-uri https://df20e771691f9b03eab387e2cb951226.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:; child-src 'self' https://app.marker.io *.mouseflow.com;  1
script-src 'self' 'nonce-26beb5573077b052725c7cc85d347e50e49ee6f3daf5c66dd21ca37ee3e4079a' 'unsafe-eval' https://boards.greenhouse.io https://bugcrowd.com https://assets.bugcrowdusercontent.com https://cdn.cookielaw.org https://connect.facebook.net https://fe.sitedataprocessing.com https://go.tempus.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/810122250/ https://js.stripe.com/v3/ https://munchkin.marketo.net https://platform.twitter.com/widgets.js https://player.vimeo.com/api/player.js https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com https://static.zdassets.com https://*.simpli.fi https://tempus.jotform.com https://tpc.googlesyndication.com https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/ https://widgets.jotform.io/ https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion/810122250/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/images/branding/ https://www.gstatic.com/recaptcha/releases/ https://www.pagespeed-mod.com/v1/taas https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'sha256-ofbjRZ+bO/76CXsSusb9b2Jf1v5ladYNWaAqoHnOZIs=' 'sha256-ofbjRZ+bO/76CXsSusb9b2Jf1v5ladYNWaAqoHnOZIs=' 'sha256-nZMdZ0/5Gm9EqzlE4bJntTfAYXF/ECCY7QPEUqNGOQI=' 'sha256-UWaPjlVMAdHmsoBvFXPCU6Xt1NuJhB54PNaW1hI+pEU=' 'sha256-G57Os0cwWTgSUE2QM2NDBUKgTGVFbfa0hR1gK7Q8dAY=' 'sha256-dOcywLdOlJgbflV25Ndql4nPuEKQBJiVe0fehOdxOQY=' 'sha256-qvsgs4pQbIPmMowxeVZrRRFahu+e2o2Ld2Zeu1WWaDo=' 'sha256-vAVXPSm5owelkcYGnCSkJv6eWXy3AF5QjD2JRJMpWds=' 'sha256-A360NV+lJCre0EvvAe4P5vmRs/B8rGNu9dwsb/iaArk=' 'sha256-O8AL2VAS9TyKe4fBvIPsyybIRtwyl5RQV4OTcTHppJ0=' 'sha256-ACs5+KOw75v3urFQEsB5e7tzTSIP51LOzupNLQWm2b8=' 'sha256-LgToB2yMrE8BspIZ6p3N9nUPIzDbTM97aY17oqrIR9U=' 'sha256-e2ORV445UIRb6uywhEZ4WmOdk4Ffc8Mpw6fG+GaiMIM=' 'sha256-sBlYQ3yqAkIDP9NjKwV/GiCUXyFeCmhZvwGo+v10qfk=' 'sha256-L/Dlrrtr7Y6Kl/jz50D8u7IBixsXjVDd4dlbR3PFBQA=' 'sha256-Fw5/q/HhKqXZqKjD76iItfGJdF5A689w/3m1U2DdJWk=' 'sha256-Dyx2eBs7bqnY939LmseOFVIP11PDSK47JXjpyeaTUY0=' 'sha256-Bv6WGcJchsfQNRU/mp7SeAHlrZ/FAw1zrmBQqYnJH0M=' 'sha256-Lx8ZJy3z7PLlZwxq17pB0+dz881xCdicsfzpSojyH0E=' 'sha256-2CRYhVJh0TFAbeHzA/NmZziUTgnhFcu4nWI8aCjbT9U=' 'sha256-ttqWZqw8fOZM73AnYfHKjcLileJjFe4MDvHuWpZJ7vw=' 'sha256-PMxvF5ZxMuZ72xe4gM6kP0ihnWvFlVV4/UaBzl97uuo=' 'sha256-FxSERVnet0EwJ/Wya8l6mznkNuyEbrMIninSAwlOfxQ=' 'sha256-KgM3AHUilziXHIFrHuuWOp6LWHoWJmL1qqnBCPfACMc=' 'sha256-mq1YuRg8/j6FeBagJkNK7ONMmUpchLAt9OAnSaoEOwM='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://go.tempus.com https://tempus.jotform.com https://www.gstatic.com; connect-src 'self' https://ad.doubleclick.net https://833-qrc-346.mktoresp.com https://833-qrc-346.mktoutil.com https://adservice.google.com https://www.google.com/pagead/ https://analytics.google.com https://api.greenhouse.io https://api.ipify.org https://api64.ipify.org https://cdn.cookielaw.org https://cs.hae123.cn https://ekr.zdassets.com https://fonts.googleapis.com https://geolocation.onetrust.com https://get663.com https://go.tempus.com https://region1.analytics.google.com https://scout.salesloft.com https://stats.g.doubleclick.net https://tempus.jotform.com https://tempuslens.zendesk.com https://translate.googleapis.com https://www.cloudflare.com https://www.google-analytics.com https://yoast.com https://px.ads.linkedin.com https://*.googletagmanager.com; font-src 'self' data: https://at.alicdn.com https://cdn.jotfor.ms https://cdn.scite.ai https://fonts.gstatic.com https://github.com https://go.tempus.com https://na-abm.marketo.com https://sc-static.net https://www.slant.co; frame-src 'self' https://app-widgets.jotform.io https://boards.greenhouse.io https://bugcrowd.com https://cn-1793901926-23-7vnsr30362.ibosscloud.com https://div.show https://gateway.zscalertwo.net https://gateway.zscalerthree.net https://gateway.zscloud.net https://go.tempus.com https://js.stripe.com https://*.ep-mimecast.youtube.com https://mozbar.moz.com https://platform.twitter.com https://player.vimeo.com https://security-us.mimecast.com https://td.doubleclick.net https://tempus.jotform.com https://tempus.okta.com https://tpc.googlesyndication.com https://www.google.com https://*.googletagmanager.com https://www.securly.com https://www.youtube.com https://tempus.transtream.com; img-src 'self' data: https://ad.doubleclick.net https://adservice.google.com https://www.google.com https://analytics.google.com https://cdn.cookielaw.org https://cdn.jotfor.ms https://cm.g.doubleclick.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pagead2.googlesyndication.com https://pos.baidu.com https://prismic-io.s3.amazonaws.com https://ps.w.org https://*.ads.linkedin.com https://s.w.org https://secure.gravatar.com https://stats.g.doubleclick.net https://syndication.twitter.com https://*.leandigital.rocks https://tempus.jotform.com https://translate.google.com https://translate.googleapis.com https://*.simpli.fi https://uploads-ssl.webflow.com https://www.google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://yastatic.net https://www.reprintsdesk.com https://*.securetempus.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self' data:; worker-src 'self' blob:; default-src 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' d1f0wicopk9vc5.cloudfront.net fast.fonts.net www.google.com www.gstatic.com; style-src 'unsafe-inline' *; img-src 'self' admin.aisreporting.com; font-src fast.fonts.net use.typekit.net; frame-src 'self' www.google.com 1
upgrade-insecure-requests;style-src 'self' 'nonce-VIpfZKSz1El11xK';font-src 'self';script-src 'self' 'nonce-VIpfZKSz1El11xK' ;connect-src 'self' https://detroitriotcity.com wss://detroitriotcity.com;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://atlas.microsoft.com/ data:; img-src 'self' *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://github.com/ https://avatars.githubusercontent.com/ https://www.github.com/ https://github.keboo.dev.png/; media-src 'self' *.azureedge.net data: blob:; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://www.google-analytics.com/ https://atlas.microsoft.com/; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.jacquieetmichellive.com:9080 www.jacquieetmichellive.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.jacquieetmichellive.com wss://www.jacquieetmichellive.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705973540 1
base-uri 'none'; object-src 'none'; script-src 'nonce-Z/kBJVAK+Plfw6qoDkNUeaWeR3WiwmZflXl5YAABo+Bd' 'sha256-UCtjgL+bMnYcivkEyLlrTV+pM5/l9fJpHUKmxPhWKw4=' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' 'sha256-/UcDLdGNUm+crAE3V+XLjKeSvJaGOunU7a92dom+OUE=' 'sha256-Dj/jSfcJg3w1GJ03FCt0ySU3jpYdG6N2gYZLZIrVzf4=' 'strict-dynamic' http: https: 'self'; 1
child-src 'self' blob: https://*.convertiv.com https://*.cynosure.com https://*.hotjar.com https://*.sitescout.com https://www.cynosure.com; connect-src 'self' *.crazyegg.com https://*.akamaihd.net https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.cynosure.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.wistia.com https://*.youtube.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io/partner/1096401/domain/cynosure.com/token https://maps.googleapis.com https://s.yimg.com/wi/config/10185552.json https://tagmanager.google.com https://www.cynosure.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' *.crazyegg.com blob: https://*.convertiv.com https://*.cynosure.com https://www.cynosure.com; font-src 'self' data: https://*.convertiv.com https://*.cynosure.com https://*.gstatic.com https://*.wistia.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.cynosure.com; frame-src 'self' *.crazyegg.com https://*.convertiv.com https://*.cookiebot.com https://*.cynosure.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.cynosure.com; img-src 'self' *.crazyegg.com data: http://amps-production.imgix.net http://amps-staging.imgix.net https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.cardlytics.com https://*.cdninstagram.com https://*.company-target.com https://*.convertiv.com https://*.cynosure.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://amps-staging.imgix.net https://cdninstagram.com https://cynosure.imgix.net https://googleads.g.doubleclick.net https://img.youtube.com https://info.cynosure.com https://maps.googleapis.com https://s.w.org https://staging.cdn.cynosure.media https://storage.pardot.com https://www.cynosure.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.cynosure.com https://*.wistia.com/ https://www.cynosure.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com blob: https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.cynosure.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.optmnstr.com https://*.pardot.com https://*.pixel.ad https://*.predictiveresponse.net https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://analytics.tiktok.com https://connect.facebook.net https://s.yimg.com/wi/ytc.js https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.cynosure.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.crazyegg.com https://*.convertiv.com https://*.cynosure.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.omappapi.com https://tagmanager.google.com https://www.cynosure.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.cynosure.com https://www.cynosure.com unsafe-eval unsafe-inline 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com; frame-src 'self' https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com google-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ubembed.com *.cointree.com *.cointree.com.au https://app.netlify.com https://netlify-cdp-loader.netlify.app *.mxpnl.com *.segment.com *.adroll.com *.plerdy.com https://d.adroll.mgr.consensu.org *.zopim.com *.zdassets.com *.hotjar.com https://cointree.formstack.com https://static.formstack.com https://cointreehelp.zendesk.com https://connect.facebook.net *.bing.com https://www.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.youtube-nocookie.com *.youtube.com survey.zohopublic.com js5.zohostatic.com https://www.redditstatic.com https://static.ads-twitter.com https://www.googleadservices.com *.doubleclick.net https://qjam.maillist-manage.com data:; connect-src 'self' blob: *.cointree.com *.cointree.com.au *.mixpanel.com *.segment.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.plerdy.com *.youtube.com *.youtube-nocookie.com survey.zohopublic.com css5.zohostatic.com js5.zohostatic.com *.github.com *.zopim.com wss://widget-mediator.zopim.com https://www.netlifystatus.com https://cointree.formstack.com https://static.formstack.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://cointreehelp.zendesk.com https://cdn.segment.com *.zdassets.com https://nf-git-lfs-jfk-production.s3.amazonaws.com data:; font-src 'self' *.gstatic.com *.fontawesome.com *.zopim.com https://static.formstack.com data:; style-src 'self' 'unsafe-inline' *.cointree.com *.cointree.com.au *.zopim.com https://cointree.formstack.com https://static.formstack.com https://static.zdassets.com https://cointreehelp.zendesk.com *.youtube.com *.youtube-nocookie.com *.google.com *.fontawesome.com *.googleapis.com; frame-src 'self' *.cointree.com.au *.hotjar.com *.ubembed.com *.plerdy.com *.youtube.com *.youtube-nocookie.com https://app.netlify.com https://netlify-cdp-loader.netlify.app survey.zohopublic.com css5.zohostatic.com js5.zohostatic.com https://cointree.formstack.com https://static.formstack.com https://optimize.google.com; child-src 'self' *.cointree.com.au *.youtube.com *.youtube-nocookie.com https://app.netlify.com https://netlify-cdp-loader.netlify.app https://cointree.formstack.com https://static.formstack.com; img-src 'self' blob: * data:; media-src 'self' 1
default-src 'self' https://gdpr-api.sharethis.com/v2/cmp-list.json; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/player.js https://snap.licdn.com js.stripe.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.idevdesign.net s3-us-west-2.amazonaws.com crm.bloomerang.co *.addthis.com z.moatads.com v1.addthisedge.com widgets.pinterest.com seniorliving.lcsnet.com https://www.googletagmanager.com/ https://purchasing.cpslcs.com/ https://mkt.carepurchasing.com/ *.hotjar.com wss://wsp7.hotjar.com/api/v2/client/ws https://wsp7.hotjar.com/api/v2/sites/2937019/recordings/content https://pi.pardot.com/analytics http://mkt.carepurchasing.com/pd.js http://mkt.carepurchasing.com/analytics http://pi.pardot.com/analytics *.sharethis.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.idevdesign.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.idevdesign.net; img-src 'self' https://p.adsymptotic.com https://px.ads.linkedin.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.idevdesign.net crm.bloomerang.co *.ae-admin.com https://www.google.com/ads/ga-audiences *.sharethis.com; media-src 'self' data: blob:; frame-src 'self' js.stripe.com www.google.com s7.addthis.com player.vimeo.com https://vars.hotjar.com/ seniorliving.lcsnet.com *.sharethis.com *.carepurchasing.com *.lcsnet.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.carepurchasing.com *.lcsnet.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com api.bloomerang.co maps.googleapis.com api-public.addthis.com *.addthis.com https://in.hotjar.com/ wss://ws23.hotjar.com/ https://ws23.hotjar.com/ https://stats.g.doubleclick.net/j/collect https://csmetrics.hotjar.com/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect wss://wsp35.hotjar.com/api/v2/client/ws https://wsp35.hotjar.com/api/v2/sites/2937019/recordings/content https://vc.hotjar.io/sessions/2937019 wss://wsp39.hotjar.com/api/v2/client/ws https://wsp39.hotjar.com/api/v2/sites/2937019/recordings/content https://l.sharethis.com/pview https://datasphere-sbsvc.sharethis.com/ https://gdpr-api.sharethis.com/v2/cmp-list.json https://gdpr-api.sharethis.com/v2/vendor-list.json https://gdpr-api.sharethis.com/is_eu *.carepurchasing.com *.lcsnet.com; 1
default-src 'self' localhost https://alfa-website-2022.cdn.prismic.io https://*.alfasystems.com https://secure.leadforensics.com https://ldynamicspublicapi.leadforensics.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm; font-src 'self' data: https://*.alfasystems.com localhost; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://vercel.live *.analytics.google.com *.google-analytics.com https://*.hotjar.com https://prismic.io http://*.cdn.prismic.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://ldynamicspublicapi.leadforensics.com https://*.alfasystems.com https://www.gstatic.com https://ldynamicspublicapi.leadforensics.com https://secure.perk0mean.com https://cta-service-cms2.hubspot.com https://js.hscta.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://js.hscollectedforms.net https://www.googleadservices.com http://js.hs-scripts.com https://snap.licdn.com https://www.googletagmanager.com https://*.cookiebot.com https://js.createsend1.com https://www.createsend.com https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://www.youtube.com https://www.google.com https://www.google-analytics.com https://wurfl.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://secure.leadforensics.com https://*.google.co.uk; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.plyr.io https://*.alfasystems.com https://js.createsend1.com https://www.createsend.com https://fonts.googleapis.com https://fonts.gstaic.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://fonts.googleapis.com/; img-src 'self' *.google.co.uk *.google.ca *.google.co.in *.google.ie *.google.es *.google.fr *.google.de *.google.com.au *.google.co.za *.googletagmanager.com *.linkedin.com *.google.com.ph *.vercel.com *.google.com *.google-analytics.com *.vimeocdn.com https://prismic-io.s3.amazonaws.com *.prismic.io https://webeo-web-content.s3-eu-west-1.amazonaws.com https://*.privacysandbox.googleadservices.com http://*.alfasystems.com https://perf.hsforms.com https://i.ytimg.com https://*.hubspotusercontent40.net https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images data: https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images https://no-cache.hubspot.com https://webeo-web-content.s3-eu-west-1-amazonaws.com/webcontent/images https://track.hubspot.com https://forms.hsforms.com https://*.alfasystems.com https://*.createsend1.com https://*.createsend.com https://*.facebook.com https://*.cloudflare.com https://*.ytimg.com/vi_webp https://*.ssl.cf1.rackcdn.com https://*.doubleclick.net; connect-src 'self' https://www.google.co.uk https://analytics.google.com wss://ws-us3.pusher.com *.pusher.com *.analytics.google.com *.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://alfa-website-2022.prismic.io https://cdn.linkedin.oribi.io https://vimeo.com https://ldynamicspublicapi.leadforensics.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://consentcdn.cookiebot.com https://noembed.com https://ldynamicspublicapi.leadforensics.com https://googleads.g.doubleclick.net https://www.google.com https://api.hubapi.com https://stats.g.doubleclick.net https://forms.hubspot.com https://www.google-analytics.com localhost https://createsend.com; frame-src https://vercel.live *.hotjar.com *.prismic.io *.alfasystems.com *.google.com *.cookiebot.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.facebook.com *.brighterir.com *.hsforms.com *.hubspot.com; frame-ancestors 'self'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://freopp.org https://*.freopp.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self' https://mymedcards.dk;img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 1
default-src 'self' *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.santanderconsumer.at *.autonline.at *.scb.at *.teilzahlung.at *.opendns.com *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.facebook.net *.criteo.net *.criteo.com *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.googlesyndication.com *.go-mpulse.net *.windows.net *.jquery.com *.cookielaw.org *.mouseflow.com *.gstatic.com *.xs2a.com cdn.cookielaw.org data:; object-src *; style-src 'self' 'unsafe-inline' *.opendns.com *.yahoo.com *.criteo.net *.criteo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.windows.net *.jquery.com *.mouseflow.com *.xs2a.com *.scb.at *.gstatic.com; img-src * data:; media-src *; frame-src *; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
object-src 'none'; script-src 'nonce-HF/lK4EGRCqy3UuQYGiH9g==' 'unsafe-inline' 'strict-dynamic' https: http:; base-uri 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com https://*.airbrake.io https://*.usabilla.com https://www.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.googleadservices.com; object-src 'self' https://maps.googleapis.com;  img-src 'self' data: http://en.netplans.internal http://netplans.ch https://maps.googleapis.com https://maps.gstatic.com https://www.google.de https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net;  media-src 'self' http://en.netplans.internal http://netplans.ch;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;  child-src 'self' https:;  font-src 'self' data: https://fonts.gstatic.com;  connect-src 'self' https://*.calendly.com https://*.airbrake.io https://*.usabilla.com https://www.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com https://google.com https://googleads.g.doubleclick.net; 1
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com *.kumospace.com 1
script-src 'self' 'self' 'unsafe-inline' https://*.google-analytics.com https://*.plabable.com https://plabable.com https://phase-one.plabable.com https://plabable-api-staging.plabable.com https://*.googletagmanager.com https:; connect-src 'self' https: http:; img-src 'self' data: https: blob:; media-src 'self' data: https:; frame-ancestors 'none' 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' widget.intercom.io js.intercomcdn.com d27j601g4x0gd5.cloudfront.net consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com; report-uri https://elmahio.report-uri.com/r/d/csp/enforce 1
script-src uni-svishtov.bg *.uni-svishtov.bg *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.net 'unsafe-inline';style-src uni-svishtov.bg *.uni-svishtov.bg 'unsafe-inline' 1
default-src 'self' www.google.com www.google-analytics.com dialogflow.cloud.google.com api.botcopy.com cognito-identity.us-east-1.amazonaws.com stats.g.doubleclick.net www.instamaps.cat youtube.com www.youtube.com packages.umbraco.org our.umbraco.org *.insuit.local *.insuit.eu *.insuit.net insuit.local insuit.eu insuit.net *.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com widget.botcopy.com static.dialogflow.com googletagmanager.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.insuit.local *.insuit.eu *.insuit.net insuit.local insuit.eu insuit.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com widget.botcopy.com *.insuit.local *.insuit.eu *.insuit.net insuit.local insuit.eu insuit.net;img-src 'self' www.google.com dl.dropboxusercontent.com dl.dropbox.com i.ibb.co dl.dropbox.com botcopy-bot-assets.s3.amazonaws.com data: umbraco.tv;font-src 'self' fonts.gstatic.com *.insuit.local *.insuit.eu *.insuit.net insuit.local insuit.eu insuit.net; 1
default-src 'self' data: *.google-analytics.com analytics.google.com crm.assist.ru *.googletagmanager.com mc.yandex.ru bitrix.info www.google.com/maps; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com analytics.google.com mc.yandex.ru bitrix.info; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' crm.assist.ru; frame-src 'self' www.google.com/maps *.belassist.by; base-uri 'self'; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: data: mc.yandex.ru; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' mc.yandex.ru bitrix.info *.google-analytics.com analytics.google.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com analytics.google.com bitrix.info mc.yandex.ru; 1
default-src 'self' 'unsafe-inline' wss://*.zopim.com http://*.singleinterface.com *.zopim.com *.netcoresmartech.com https:; connect-src 'self' 'https://business.google.com'; img-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'self' data: http://*.singleinterface.com http://*.google-analytics.com http://gaadicdn.com https: *.gstatic.com *.google-analytics.com *.ytimg.com *.googleapis.com blob:; object-src 'self' http://*.singleinterface.com https:; script-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'self' 'unsafe-eval' *.mapmyindia.com *.google.com http://*.singleinterface.com *.jquery.com *.google-analytics.com assets.adobedtm.com fbexternal-a.akamaihd.net *.netcore.co.in *.crazyegg.com *.netcoresmartech.com 'unsafe-inline' *.googleapis.com *.gstatic.com https: blob:;style-src http://www.skodalive.in/ http://www.skodalive.co.in/ 'unsafe-inline' 'self' http://*.singleinterface.com maxcdn.bootstrapcdn.com https: *.googleapis.com *.gstatic.com; font-src http://www.skodalive.in/ http://www.skodalive.co.in/ data: http://*.singleinterface.com 'self' maxcdn.bootstrapcdn.com https: *.googleapis.com *.gstatic.com  1
default-src 'self' https://d1e8vjamx1ssze.cloudfront.net; connect-src https://*.mixam.com 'self' ws: wss://hub.prod.mixam.co.uk wss://hub.staging.mixam.co.uk https://uploads.prod.mixam.co.uk https://uploads.staging.mixam.co.uk https://reporter.prod.mixam.co.uk https://reporter.staging.mixam.co.uk https://d1e8vjamx1ssze.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://maps.googleapis.com https://api.amplitude.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://apay-us.amazon.com https://services.postcodeanywhere.co.uk https://apis.google.com https://pay.google.com https://stats.g.doubleclick.net https://*.paypal.com https://www.facebook.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://static.afterpay.com https://*.afterpay.com https://www.googleadservices.com https://cdn.jsdelivr.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://cdn.linkedin.oribi.io https://bam.eu01.nr-data.net https://js.volt.io https://api.addressy.com https://chat-assets.frontapp.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://api.countrystatecity.in https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.ads.linkedin.com https://*.trustpilot.com; font-src 'self' data: https://fonts.gstatic.com https://editor.printess.com https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src https://c.paypal.com https://b.stats.paypal.com 'self' data: *; media-src 'self' *; object-src 'none'; script-src 'self' https://js.afterpay.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://*.clarity.ms https://maps.googleapis.com https://js.stripe.com https://*.paypal.com https://m.stripe.network https://www.dropbox.com https://*.payments-amazon.com https://www.gstatic.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://*.afterpay.com https://apis.google.com https://d1e8vjamx1ssze.cloudfront.net https://www.google.com https://www.workable.com https://apply.workable.com https://pay.google.com https://cdnjs.cloudflare.com https://beacon-v2.helpscout.net https://static.hotjar.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://js.volt.io https://chat-assets.frontapp.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com 'unsafe-eval' 'unsafe-inline' https://unpkg.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.trustpilot.com https://accounts.google.com https://apis.google.com; style-src 'self' blob: data: https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.plaid.com 'unsafe-inline'; frame-src 'self' https://interactive.edocbuilder.com https://editor.printess.com https://www.youtube.com https://www.facebook.com https://js.stripe.com https://www.google.com https://accounts.google.com https://content-sheets.googleapis.com https://vars.hotjar.com https://payments.amazon.co.uk https://payments.amazon.com https://*.payments-amazon.com https://*.paypal.com https://checkout.sandbox.volt.io/ https://checkout.volt.io/ https://*.creditkey.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://*.trustpilot.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-dUfpfBPo3CsVCiAex/5LBPbo8KfjRK7LRk4njdE+GIzwruh5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-OTQzYTE5ODMtYzZjMy00MTE0LWEyZWEtMTZhNGJkM2Q1NWVk' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://app-script.monsido.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://app-script.monsido.com; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-OTQzYTE5ODMtYzZjMy00MTE0LWEyZWEtMTZhNGJkM2Q1NWVk' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' https: wss: data: blob:; img-src https: data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; object-src 'none'; frame-ancestors 'self' https://*.emarsys.net https://*.scarabresearch.com 1
frame-src https://*.cathay-ins.com.tw https://dmp.eland-tech.com https://bid.g.doubleclick.net https://www.youtube.com https://pay.google.com https://fraud.tappaysdk.com https://js.tappaysdk.com https://optimize.google.com https://www.google.com https://stun.l.google.com http://stun.l.google.com 1
frame-ancestors 'self' http://*.sprxcms.com https://*.sprxcms.com http://*.tiarccms.co.uk https://*.tiarccms.co.uk; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; 1
base-uri 'self'; connect-src 'self' *.api.signableapi.com api.qa.signableapi.com *.analytics.google.com *.clarity.ms *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com wss://*.hotjar.com wss://*.hotjar.io adservice.google.com analytics.google.com api.amplitude.com api.hubapi.com api.segment.io api.signableapi.com app.launchdarkly.com bat.bing.com beaconapi.helpscout.net beacon-v2.helpscout.net cdn.segment.com chatapi.helpscout.net clientstream.launchdarkly.com d3hb14vkzrxvla.cloudfront.net events.launchdarkly.com fast.trychameleon.com forms.hubspot.com sentry.io signable.help stats.g.doubleclick.net www.google.com www.google.co.uk www.google-analytics.com www2.profitwell.com *.productfruits.com wss://*.productfruits.com https://productfruits.help; default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; frame-src 'self' accounts.google.com bid.g.doubleclick.net fast.trychameleon.com googleads.g.doubleclick.net js.stripe.com vars.hotjar.com docs.google.com *.productfruits.com; img-src * data:; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com bat.bing.com beacon-v2.helpscout.net cdn.amplitude.com cdn.firstpromoter.com cdn.segment.com connect.facebook.net fast.trychameleon.com googleads.g.doubleclick.net h.clarity.ms js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com script.hotjar.com static.hotjar.com www.clarity.ms www.dropbox.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com accounts.google.com public.profitwell.com *.productfruits.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.productfruits.com data:; worker-src 'none'; 1
default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'unsafe-inline' https://cdn.cookielaw.org/ https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://www.google-analytics.com/; script-src-elem * 'unsafe-inline'; style-src 'unsafe-inline'; img-src https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://cdn.cookielaw.org/ https://cdn.cookielaw.org/ https://www.socialpoint.es/ https://www.google-analytics.com/; connect-src https://cdn.cookielaw.org/ https://www.socialpoint.es/ https://geolocation.onetrust.com/ https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://cdn.plyr.io/ https://www.google-analytics.com/ https://privacyportal.onetrust.com/; frame-src https://player.vimeo.com/ 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.hotjar.com *.webhare.com *.guestplan.com etender-connect.com *.facebook.net *.facebook.com *.googleadservices.com sc-static.net static.stadsschouwburg-utrecht.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com  *.gstatic.com *.googletagmanager.com *.google.nl *.google.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com sc-static.net static.stadsschouwburg-utrecht.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.google.nl *.googletagmanager.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net stipproducties.nl static.stadsschouwburg-utrecht.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.doubleclick.net *.webhare.com etender-connect.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.nl *.google.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.stadsschouwburg-utrecht.nl; form-action 'self' *.facebook.net *.facebook.com; worker-src 'self' static.stadsschouwburg-utrecht.nl; manifest-src 'self' static.stadsschouwburg-utrecht.nl; prefetch-src 'self' static.stadsschouwburg-utrecht.nl; frame-ancestors 'none' *.doubleclick.net;  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.googleoptimize.com *.polyfill.io js.createsend1.com *.google.com *.googleapis.com *.google-analytics.com *.facebook.net *.gstatic.com *.hotjar.com *.muchloved.com cdnjs.cloudflare.com *.googletagmanager.com *.audioboom.com *.kiprotect.com *.recaptcha.net *.reciteme.com *.spotify.com *.maze.co; style-src 'self' 'unsafe-inline' *.googleapis.com *.audioboom.com *.reciteme.com *.spotify.com; font-src 'self' fonts.gstatic.com *.hotjar.com *.reciteme.com *.spotify.com; img-src 'self' data: *.gstatic.com *.imgix.net *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com s3.eu-west-2.amazonaws.com *.facebook.com *.muchloved.com *.hotjar.com *.googletagmanager.com *.reciteme.com *.spotify.com; connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.googleapis.com *.getaddress.io *.hotjar.com *.hotjar.io *.facebook.com wss://*.hotjar.com *.createsend.com *.createsend1.com https://createsend.com//t/getsecuresubscribelink *.reciteme.com *.google.com *.google.co.uk *.maze.co; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.hotjar.com *.muchloved.com *.audioboom.com *.recaptcha.net *.reciteme.com *.spotify.com; media-src 'self' *.reciteme.com *.spotify.com; 1
default-src 'self' *.crazyegg.com;    script-src 'self' data: 'unsafe-inline' 'unsafe-eval' c.orkney.com code.jquery.com cdnjs.cloudflare.com *.google.com      *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net googleapis.com cdn.matomo.cloud      *.googleapis.com *.gstatic.com connect.facebook.net acdn.adnxs.com static.ads-twitter.com *.twitter.com chimpstatic.com      *.mailchimp.com *.list-manage.com *.crazyegg.com www.jscache.com www.tripadvisor.com www.tripadvisor.co.uk      cdn.ckeditor.com static.tacdn.com *.issuu.com readymag.com cnv.metadsp.co.uk *.rapidapi.com *.transportapi.com *.skyscanner.net      www.youtube.com nbcommunication.matomo.cloud *.googlesyndication.com;    style-src 'self' 'unsafe-inline' c.orkney.com cdnjs.cloudflare.com *.google.com *.googleapis.com *.gstatic.com googleapis.com      use.fontawesome.com *.mailchimp.com cdn.ckeditor.com static.tacdn.com *.crazyegg.com;    img-src 'self' data: https: www.facebook.com t.co http://c.orkney.com;    connect-src 'self' https: www.google.com ad.doubleclick.net;    font-src 'self' data: https: http://c.orkney.com http://use.fontawesome.com *.mailchimp.com static.tacdn.com *.gstatic.com;    object-src 'self';    media-src 'self' data: www.youtube.com vimeo.com;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com *.youtube.com player.vimeo.com *.google.com *.doubleclick.net *.crazyegg.com      *.facebook.com *.issuu.com p.travelsmarter.net embed.readymag.com orkney.us11.list-manage.com www.googletagmanager.com      tpc.googlesyndication.com;    form-action 'self' *.facebook.com www.paypal.com orkney.us11.list-manage.com;    base-uri 'self';    worker-src 'self' blob:;    child-src 'self' blob:;    frame-ancestors 'self';    report-uri https://nbcom.report-uri.com/r/d/csp/enforce     1
default-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' * data: ; font-src 'self' *; frame-src 'self' *; connect-src *; media-src * 1
frame-ancestors 'self' https://www.playatcentercourt.com https://centercourtpickleball.com https://www.centercourtpickleball.com 1
font-src *.gstatic.com 'self' data: *.fontawesome.com *.typekit.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.wistia.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.benchmarkeducation.com/ *.newmarklearning.com/ *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com forms.hscollectedforms.net *.hsforms.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.braintreegateway.com *.demdex.net *.nr-data.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.paypal.com *.kaptcha.com *.hotjar.com *.addthis.com *.podbean.com forms.hscollectedforms.net *.hsforms.com app.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * 'self' data: *.omtrdc.net *.everesttech.net *.gstatic.com *.google.com *.akamaihd.net *.wistia.com *.demdex.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.linkedin.com *.adsymptotic.com t.co *.nr-data.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.google.com *.gstatic.com *.googleapis.com goto.benchmarkeducation.com goto.newmarklearning.com *.wistia.com *.cloudflare.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.kit.fontawesome.com *.googletagmanager.com *.licdn.com *.twitter.com/ *.ads-twitter.com/ *.newrelic.com *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com kit-free.fontawesome.com *.fontawesome.com goto.benchmarkeducation.com goto.newmarklearning.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.typekit.net *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.site-marketing-sites.s3.amazonaws.com *.cloudflare.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.net 'self' blob: *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com goto.benchmarkeducation.com goto.newmarklearning.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.akamaihd.net *.litix.io *.wistia.io *.wistia.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.nr-data.net *.paypal.com *.kaptcha.com *.doubleclick.net *.hotjar.com wss://*.hotjar.com/api/v2/client/ws forms.hscollectedforms.net *.hsforms.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
frame-src www.elho.com platform.arizetech.com www.youtube.com open.spotify.com ct.pinterest.com consentcdn.cookiebot.com aax-eu.amazon-adsystem.com *.robinhq.com *.windows.net *.issuu.com *.google.com;frame-ancestors www.elho.com platform.arizetech.com www.youtube.com open.spotify.com ct.pinterest.com consentcdn.cookiebot.com aax-eu.amazon-adsystem.com *.robinhq.com *.windows.net *.issuu.com *.google.com; 1
script-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://unpkg.com https://www.googletagservices.com https://app.launchdarkly.com https://maps.googleapis.com http://www.google-analytics.com http://pagead2.googlesyndication.com 1
report-uri /csp; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: *.pegaplantao.com.br tawk.link *.youtube.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.tawk.to analytics.google.com ajax.aspnetcdn.com blog.pegaplantao.com.br cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com pegaplantaoimages.blob.core.windows.net unpkg.com *.googletagmanager.com stats.g.doubleclick.net malsup.github.io/jquery.form.js secure.trust-provider.com *.trustlogo.com; connect-src 'self' https: wss: *.pegaplantao.com.br analytics.google.com *.analytics.google.com  *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com; 1
default-src data: blob: 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://*.fontawesome.com;script-src 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://code.jquery.com https://cdn.jsdelivr.net https://*.fontawesome.com https://unpkg.com https://*.in.applicationinsights.azure.com https://js.monitor.azure.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://www.google-analytics.com https://js.stripe.com https://*.clarity.ms https://*.googlesyndication.com https://*.googleadservices.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://use.typekit.net https://*.fontawesome.com  https://p.typekit.net https://code.jquery.com https://cdn.jsdelivr.net 'unsafe-inline';img-src data: blob: *;font-src 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://use.typekit.net https://*.fontawesome.com https://p.typekit.net;frame-src 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://*.youtube.com http://youtu.be https://googleads.g.doubleclick.net https://js.stripe.com https://www.google.com https://*.googlesyndication.com https://www.facebook.com https://*.inspectrealestate.com.au;connect-src 'self' https://*.tenantapp.com.au https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://*.inspectrealestate.com.au  https://*.fontawesome.com https://www.google-analytics.com https://*.in.applicationinsights.azure.com https://js.stripe.com https://*.googleapis.com https://*.clarity.ms https://stats.g.doubleclick.net https://www.google.com.au https://pagead2.googlesyndication.com https://www.facebook.com https://analytics.google.com ; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' *.googletagmanager.com *.google.com *.microsoft.com https://www.google-analytics.com https://logo.samandehi.ir https://www.clarity.ms/tag/itw3801bdk https://www.clarity.ms/s/0.7.20/clarity.js https://www.clarity.ms/s/0.7.20/clarity.js 'unsafe-inline' https://www.googletagmanager.com ; object-src 'none'; 1
frame-ancestors www.ii8818.com dz.chint.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.hotjar.com https://palig.planfamiliaprotegida.com https://acsbapp.com https://tagmanager.google.com https://*.googletagmanager.com https://analytics.twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net static.ads-twitter.com app.icontact.com www.google.com www.gstatic.com maps.google.com widget.surveymonkey.com *.googleapis.com youtube.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com fonts.googleapis.com app.icontact.com tagmanager.google.com; img-src 'self' data: https://analytics.twitter.com *.smassets.net *.mzstatic.com https://*.acsbapp.com https://pbs.twimg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com/tr/ maps.gstatic.com *.googleapis.com t.co https://i.ytimg.com *.fbcdn.net stats.g.doubleclick.net www.google.com app.icontact.com maps.google.com *.gstatic.com secure.surveymonkey.com; font-src 'self' https://acsbapp.com fonts.gstatic.com; media-src 'self' *.fbcdn.net https://video.twimg.com; frame-src 'self' itmss: https://*.salesforce-sites.com https://*.hotjar.com https://www.youtube-nocookie.com https://accounts.accessibe.com https://acsbapp.com www.youtube.com www.google.com https://connect.facebook.net https://www5.recruitingcenter.net https://www.facebook.com *.surveymonkey.com castbox.fm embed.podcasts.apple.com; form-action 'self' https://*.salesforce.com https://app.icontact.com https://connect.facebook.net https://www.facebook.com/tr/; connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://maps.googleapis.com https://cdn.acsbapp.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com stats.g.doubleclick.net; 1
frame-ancestors 'self' storyblok.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://staticw2.yotpo.com; frame-ancestors 'self'; 1
block-all-mixed-content; frame-ancestors 'self' root.bg cdn.root.bg s.root.bg go.root.bg fonts.gstatic.com fonts.googleapis.com; 1
script-src http: https: 'unsafe-inline' https://backend.riddlesjewelry.com/; style-src 'self' blob: https: 'unsafe-inline' https://backend.riddlesjewelry.com/ *.paypal.com/ *.sandbox.paypal.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.podium.com *.connect.podium.com *.dyoring.com acsbapp.com; frame-src www.google.com *.google.com *.wellsfargo.com *.paypalobjects.com *.dyoring.com *.clientbook.com *.paypal.com *.sandbox.paypal.com/ assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.gemfind.net eloquencejewelry.com *.viralsweep.com *.hotjar.com *.riddlesjewelry.com *.geolocation-db.com/json 1
frame-ancestors 'self' http://www.heladosholanda.com.mx unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors 'self' https://upngo.com https://*.upngo.com https://b.upngo.menu; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zeroes.ca; img-src 'self' https: data: blob: https://zeroes.ca; style-src 'self' https://zeroes.ca 'nonce-TXZYp38HRAh8IvOiYDNDgQ=='; media-src 'self' https: data: https://zeroes.ca; frame-src 'self' https:; manifest-src 'self' https://zeroes.ca; form-action 'self'; connect-src 'self' data: blob: https://zeroes.ca https://media.zeroes.ca wss://zeroes.ca; script-src 'self' https://zeroes.ca 'wasm-unsafe-eval'; child-src 'self' blob: https://zeroes.ca; worker-src 'self' blob: https://zeroes.ca 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' https: data: blob: 1
child-src 'self' https://js.stripe.com/v3/; connect-src 'self' wss://anycast.io/; default-src 'none'; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com data; frame-src data: 'self' https://js.stripe.com/v3/; img-src 'self' 'unsafe-inline' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; 1
default-src * *.axaim-cx2020-dpl.sa:8100; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com sc-static.net *.kaltura.com *.google-analytics.com *.edgekey.net *.cloudflare.com  *.jsdelivr.net *.en25.com *.facebook.net *.licdn.com *.axaim-cx2020-dpl.sa:8100 *.bing.com *.brighttalk.com platform.massrelevance.com polyfill.io *.polyfill.io *.siteimprove.net *.siteimprove.com *.fml-x.com *.ausha.co *.facebook.com *.ads-twitter.com *.axa-im.com *.linkedin.com  static.ads-twitter.com *.aticdn.net *.ceros.com fml-x.com; object-src self *.axaim-cx2020-dpl.sa:8100; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.axaim-cx2020-dpl.sa:8100; img-src https: data: *.axaim-cx2020-dpl.sa:8100; media-src https: data: blob: *.axaim-cx2020-dpl.sa:8100; frame-src self *.youtube-nocookie.com *.doubleclick.net *.axaim-cx2020-dpl.sa:8100 *.massrel.io *.siteimprove.net *.siteimprove.com *.ausha.co *.ceros.com *.fml-x.com; frame-ancestors self; child-src self blob:; font-src data: fonts.gstatic.com *.googleusercontent.com *.axa-im.com *.axaim-cx2020-dpl.sa:8100 *.kaltura.com; connect-src *.axa-im.com *.axa-im.co.uk *.axaim-phoenix-vsr.preprod.agence-modedemploi.fr *.kaltura.com *.edgekey.net *.google-analytics.com *.axaim-cx2020-dpl.sa:8100 *.siteimprove.net *.siteimprove.com *.axa-im.com cdn.linkedin.oribi.io *.xiti.com fml-x.com *.linkedin.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://manage.cablinginstall.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https://*.tv-media.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
default-src * 'unsafe-inline' 'unsafe-eval';                                          worker-src 'self' blob:; 1
default-src 'self' data: *.eu-west-1.amazonaws.com maps.googleapis.com cdnjs.cloudflare.com *.veeva.io www.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: * 1
frame-ancestors 'self' https://*.titledesktop.com https://*.accuair.io https://*.mytitlevault.com; 1
base-uri 'self'; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' thredbo.com.au *.thredbo.com.au *.addthis.com *.adnxs.com *.akamaized.net *.amazonaws.com *.americanexpress.com *.android.com *.appboycdn.com *.aturahotels.com *.azure.com *.azureedge.net *.bing.com *.bootstrapcdn.com *.braintree-api.com *.braintreegateway.com *.braze.com *.browser-update.org *.cardinalcommerce.com *.cdninstagram.com *.cendynhub.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.convertexperiments.com *.criteo.com *.criteo.net *.d-edgeconnect.media *.datatrans.com *.demdex.net *.doubleclick.net *.duosecurity.com *.elev.io *.event-restaurants-venues.com *.eventcinemas.com.au *.everestjs.net *.everesttech.net *.facebook.com *.fontawesome.com *.gleam.io *.gleamjs.io *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gravatar.com *.gstatic.com *.hotjar.com *.hotjar.io *.independentcollection.com.au *.instagram.com *.ip2c.org *.ivvy.com *.ivvy.com.au *.jquery.com *.jsdelivr.net *.kaptcha.com *.lafourchette.com *.mews-demo.com *.mews.com *.mews.li *.mintdesign.co.nz *.msecnd.net *.mycardsecure.com *.myma.ai *.ovalhotel.com.au *.pages03.net *.paypal.com *.paypalobjects.com *.planpay.com *.priorityguestrewards.com *.pushcrew.com *.qtathome.com *.qthotels.com *.quantcount.com *.quantserve.com *.queue-it.net *.raceresult.com *.resdiary.com *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.sentry-cdn.com *.sg-form.com *.sharepointonline.com *.sojern.com *.stripe.com *.tamgrt.com *.thehotelsnetwork.com *.thredbo.com.au *.tiktok.com *.typekit.net *.vimeo.com *.visualstudio.com *.weatherwidget.io *.wistia.com *.wordpress.org *.wpo365.com *.wufoo.com *.wufoo.eu *.yoast.com *.youtube.com addthis.com adnxs.com adservice.google.de adservice.google.fr akamaized.net amazonaws.com americanexpress.com analytics.tiktok.com android.com attestation.android.com azure.com azureedge.net bam.nr-data.net beacon-v2.helpscout.net bing.com bootstrapcdn.com braintree-api.com braintreegateway.com braze.com browser-update.org cardinalcommerce.com cdn.forms-content.sg-form.com cdn.honey.io cdn.jsdelivr.net cdn.lr-ingest.io cdninstagram.com cendynhub.com clarity.ms cloud.typography.com cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net convertexperiments.com criteo.com criteo.net d-edgeconnect.media datatrans.com demdex.net duosecurity.com elev.io event-restaurants-venues.com eventcinemas.com.au everestjs.net everesttech.net extreme-ip-lookup.com fontawesome.com gibas.ngrok.io gleam.io gleamjs.io google.com googletagmanager.com hotjar.com hotjar.io i.ytimg.com independentcollection.com.au instagram.com ip2c.org ivvy.com ivvy.com.au jquery.com js-agent.newrelic.com js.appboycdn.com kaptcha.com kg668dbov0.execute-api.us-east-1.amazonaws.com lafourchette.com maxcdn.bootstrapcdn.com mews-demo.com mews.com mews.li mintdesign.co.nz mpsnare.iesnare.com msecnd.net mycardsecure.com myma.ai pages03.net participant.connect.ap-southeast-2.amazonaws.com paypal.com planpay.com polyfill.io pushcrew.com qtathome.com queue-it.net raceresult.com resdiary.com rsa3dsauth.co.uk s.w.org secure7.arcot.com securepubads.g.doubleclick.net sentry-cdn.com sharepointonline.com sojern.com spay.samsung.com spoprod-a.akamaihd.net static.tacdn.com stripe.com tamgrt.com thredbo-services-prod-s3-sftp-server-public.s3.ap-southeast-2.amazonaws.com tiktok.com tnaquic5o3.execute-api.ap-southeast-2.amazonaws.com tufsuyburufn.transport.connect.ap-southeast-2.amazonaws.com typekit.net unpkg.com use.typekit.net vimeo.com visualstudio.com weatherwidget.io wistia.com wordpress.org wpo365.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.surveymonkey.com yoast.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://en.osm.town; img-src 'self' https: data: blob: https://en.osm.town; style-src 'self' https://en.osm.town 'nonce-RnYbQ3XDbxTig6nErsfN5w=='; media-src 'self' https: data: https://en.osm.town; frame-src 'self' https:; manifest-src 'self' https://en.osm.town; form-action 'self'; child-src 'self' blob: https://en.osm.town; worker-src 'self' blob: https://en.osm.town; connect-src 'self' data: blob: https://en.osm.town https://cdn.masto.host wss://en.osm.town; script-src 'self' https://en.osm.town 'wasm-unsafe-eval' 1
default-src 'none';base-uri 'self';object-src 'none';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net pdx-col.eum-appdynamics.com *.wellsfargomedia.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com;connect-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com google-analytics.com pdx-col.eum-appdynamics.com;frame-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com awusw-wfr.advanced-web-analytics.com *.doubleclick.net *.wellsfargo.wallst.com *.fccaccessonline.com wellsfargo-p2.markitdigital.com iframe.arkoselabs.com;media-src 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargomedia.com;form-action 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.wellsfargo.com:*;worker-src 'self' blob:;script-src 'nonce-1adb438ab2874fc59ce0bb1c9b15ef59' 'self' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com;frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com wellsfargo.markitdigital.com 1
default-src 'self';script-src 'self' https://ajax.aspnetcdn.com/ https://i.simpli.fi/ https://rules.quantcount.com/ https://secure.quantserve.com/ https://acdn.adnxs.com/ https://tag.simpli.fi/ https://unpkg.com/ https://connect.facebook.net/ https://use.typekit.net/ https://www.google-analytics.com/ https://tracking-v3.websitealive.com/ https://alive5.com/ https://js.braintreegateway.com/ https://assets.braintreegateway.com/ https://c.paypal.com/ https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://collector-22197.us.tvsquared.com/ https://omnisnippet1.com/ https://forms.soundestlink.com/ https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline';style-src 'self' https://use.typekit.net/ https://p.typekit.net/ https://tracking-v3.websitealive.com/ https://assets.braintreegateway.com/ https://alive5.com/ https://fonts.googleapis.com/ 'unsafe-inline';connect-src 'self' https://www.facebook.com/ https://capig.stape.biz/ https://alive5.com/ https://api-v2.alive5.com/ https://performance.typekit.net/ https://www.google-analytics.com/ https://api.sandbox.braintreegateway.com/ https://client-analytics.sandbox.braintreegateway.com/ *.braintree-api.com https://stats.g.doubleclick.net/ https://forms.soundestlink.com/ https://api.braintreegateway.com/ https://client-analytics.braintreegateway.com/;font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/;img-src 'self' data: https: https://p.typekit.net/ https://assets.braintreegateway.com/;frame-src 'self' *.websitealive.com https://alive5.com/ https://assets.braintreegateway.com/ *.paypal.com *.kaptcha.com https://www.facebook.com/;report-uri https://myplates.report-uri.com/r/d/csp/enforce 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' www.googletagmanager.com *.googleapis.com *.google-analytics.com 'unsafe-inline'; child-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src 'self' player.vimeo.com *.youtube.com; connect-src 'self' *.google-analytics.com *.googleapis.com *.analytics.google.com *.g.doubleclick.net; img-src 'self' data: knmt.nl platform *.immer.cloud *.google-analytics.com www.googletagmanager.com *.google.nl *.gstatic.com *.googleapis.com; frame-ancestors 'self'; form-action 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 1
default-src 'unsafe-inline' 'unsafe-eval' *; img-src *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.lv; img-src 'self' https: data: blob: https://toot.lv; style-src 'self' https://toot.lv 'nonce-X5JWPnRF+Ut911uATmzpkQ=='; media-src 'self' https: data: https://toot.lv; frame-src 'self' https:; manifest-src 'self' https://toot.lv; form-action 'self'; child-src 'self' blob: https://toot.lv; worker-src 'self' blob: https://toot.lv; connect-src 'self' data: blob: https://toot.lv https://files.toot.lv wss://streaming.toot.lv; script-src 'self' https://toot.lv 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.toyota.ie https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
object-src 'none'; default-src 'self' cdn.plyr.io data: *.vine.co blob: *.pvt.sexy *.skyprivate.com *.skyprivate.local:*  *.adultwork.com *.billing.creditcard *.sentry-cdn.com *.hubspot.com *.hsforms.com js.hs-scripts.com *.hostly.app *.skyprivate.local:1080 s3.amazonaws.com wss://*.intercom.io *.payperminute.live *.gstatic.com *.intercomassets.com connect.facebook.net *.doubleclick.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.hotjar.com *.intercomcdn.com *.intercom.io *.twitter.com *.twimg.com *.facebook.com videodelivery.net cloudflarestream.com *.cloudflarestream.com *.videodelivery.net 'unsafe-eval' 'unsafe-inline' s.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net brad.static.gdn js.hsleadflows.net js.usemessages.com js.hubspotfeedback.com cammodeldirectory.ladesk.com cdn.livesession.io rs.livesession.io *.adform.net 2-vbus-de.ladesk.com *.googleadservices.com *.cloudfront.net *.helpscout.net *.pusher.com wss://ws-helpscout.pusher.com omnisnippet1.com *.soundestlink.com *.chatbase.co *.adultworkeurope.com player-widget.mixcloud.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https: http: mediastream: track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: http: blob: mediastream:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: http: blob: mediastream: forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https: http: mediastream:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: mediastream: web-chat.nativechat.com; form-action 'unsafe-inline' 'unsafe-eval' https: http: 'self' data: blob: mediastream:; object-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' data: blob: mediastream: 1
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-ah/9hGn3WnyPqwTQ7Ei1cQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
media-src 'none'; 1
frame-ancestors self *.healthchannels.com *.scribeamerica.com *.carethrough.com *.soundlines.com *.scribeaustralia.com *.scribecanadahealthcare.ca *.forethebravegolf.com *.scribecorner.com; 1
frame-ancestors 'self' lotc.co lordofthecraft.net *.lotc.co *.lordofthecraft.net 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://sponsoring-dk.de  https://lokalekammerater-dk.de  https://lidl-danmark-ks.campaign.playable.com  https://lidl-danmark-ks.leadfamly.com  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://ws.fk.dk  https://*.adyen.com  https://sponsoring-dk.de  https://lokalekammerater-dk.de  https://lidl-danmark-ks.campaign.playable.com  https://lidl-danmark-ks.leadfamly.com; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self' 'unsafe-inline' *.supabase.co *.ekoo.co danone.my.salesforce-sites.com *.secure.force.com *.force.com service.force.com *.danone.gbqofs.io mydanonelivechat.force.com danone.my.salesforce-sites.com mydanonelivechat.secure.force.com bledina-pp.agencer2.com bledina.com *.trustcommander.net *.commander1.com  *.facebook.com *.facebook.net *.pinterest.com *.google-analytics.com *.doubleclick.net lpcdn.lpsnmedia.net; img-src 'self' data: log.pinterest.com *.ekoo.co *.supabase.co *.force.com http://mydanonelivechat.force.com bledina.com *.bledina.com bledina.commander1.com *.google.com *.google.fr *.pinterest.com *.facebook.com *.doubleclick.net *.google-analytics.com *.pixibox.com lpcdn.lpsnmedia.net *.tagcommander.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.gbqofs.com player.ausha.co *.ekoo.co *.salesforceliveagent.com static.lightning.force.com danone.my.salesforce-sites.com *.secure.force.com *.force.com *.la2-c1-cdg.salesforceliveagent.com *.la2-c1-fra.salesforceliveagent.com service.force.com *.my.salesforce.com ajax.googleapis.com *.google.com *.gstatic.com cdn.jsdelivr.net lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net static.doubleclick.net lpcdn.lpsnmedia.net cdn.rawgit.com *.pinterest.com cdn.trustcommander.net *.tagcommander.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.pinimg.com *.doubleclick.net cdnjs.cloudflare.com; frame-src 'self' 'unsafe-inline' aax-eu.amazon-adsystem.com player.ausha.co service.force.com *.facebook.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com player.vimeo.com *.doubleclick.net *.pinterest.com *.pinterest.fr *.bledina.com cdn.trustcommander.net; 1
frame-ancestors self https://www.rodenstock.com/ https://rodenstock.ro/ https://www.rodenstock.ro/ https://mgnl-staging.rodenstock.com/ https://mgnl.rodenstock.com/ https://www.rodenstock.fr/ https://rodenstock.fr/ https://www.rodenstock.de/ https://rodenstock.de/ https://www.rodenstock.fr:8443/ https://www.rodenstock.fr:8444/ 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-tn/CIUUxaYvrI5ju5Ynnkroi';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://i.ytimg.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.ca/ https://www.google.com/ https://www.googletagmanger.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://p.adsymptotic.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://camso.co/ https://stage.camso.co/ https://preprod.camso.co/ https://partstreamstg.arinet.com/ https://partstreams.arinet.com/ http://partstreamstg.arinet.com/ https://partstream.arinet.com/ https://cdn.datamanager.arinet.com/ https://c.clarity.ms/ https://segment.prod.bidr.io/ https://c.bing.com/ https://beyond-road.selector.michelingroup.com/ data:; frame-ancestors https://camso.co/ https://preprod.camso.co/ https://stage.camso.co/ http://localhost:4200 https://stage.beyond-road.selector.michelingroup.com/ https://beyond-road.selector.michelingroup.com/ https://www.rubbertracksolutions.com/ 1
default-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com/ https://www.google.com/recaptcha/; img-src 'unsafe-inline' 'self' *.google-analytics.com data:; object-src 'none'; script-src https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'self' https://www.googletagmanager.com/ https://www.google.com/recaptcha/ 'unsafe-eval'; style-src 'unsafe-inline' 'self'; form-action *; 1
frame-ancestors 'self' multimaps360.de; 1
frame-ancestors 'self' pi.pardot.com; upgrade-insecure-requests; default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://imacorp.com https://*.zendesk.com https://assets.zendesk.com https://code.jquery.com https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://go.imacorp.com https://js.facebook.com https://nexus.ensighten.com https://platform.linkedin.com https://pi.pardot.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://theme.zdassets.com https://use.typekit.net https://v2.zopim.com https://www.google-analytics.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.wufoo.com https://*.wpenginepowered.com; style-src 'self' 'report-sample' 'unsafe-inline' *.imacorp.com imacorp.com *.licdn.com *.typekit.net *.zdassets.com *.wufoo.com code.jquery.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com https://cdnjs.cloudflare.com *.wpenginepowered.com; object-src 'none'; frame-src 'self' *.youtube.com *.facebook.com *.imacorp.com imacorp.com *.wufoo.com go.pardot.com www.googletagmanager.com www.linkedin.com *.google.com *.wpenginepowered.com; child-src 'self' *.imacorp.com imacorp.com *.facebook.com *.wufoo.com connect.facebook.net www.googletagmanager.com *.wpenginepowered.com; img-src 'self' data: blob: *.gstatic.com *.facebook.com *.imacorp.com http://imacorp.com imacorp.com imacorp.com/towerstonecorp imacorp.com/cornerstonerisksolutions *.zopim.io *.zopim.com *.zendesk.com *.zdusercontent.com *.zdassets.com *.typekit.net *.linkedin.com *.licdn.com *.google.com *.google-analytics.com *.wufoo.com code.jquery.com fonts.gstatic.com p.adsymptotic.com www.googletagmanager.com *.gravatar.com *.wpengine.com *.wpenginepowered.com; font-src 'self' data: *.imacorp.com imacorp.com *.zopim.com *.wufoo.com fonts.googleapis.com fonts.gstatic.com use.typekit.net static.zdassets.com cdnjs.cloudflare.com *.cloudflare.com *.wpenginepowered.com; connect-src 'self' wss://widget-mediator *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.typekit.net *.linkedin.com *.licdn.com *.google.com *.wufoo.com code.jquery.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.facebook.com *.wpenginepowered.com; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com *.wufoo.com connect.facebook.net *.yoast.com; media-src 'self' *.wpengine.com *.wpenginepowered.com *.sliderrevolution.com *.wufoo.com *.imacorp.com imacorp.com imacorp.com/towerstonecorp media.licdn.com static.zdassets.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net tags.tiqcdn.com lpcdn.lpsnmedia.net cdn.optimizely.com cdn.appdynamics.com www.google-analytics.com maps.googleapis.com ssl.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com manifest.prod.boltdns.net *.siteintercept.qualtrics.com *.brightcovecdn.com brightcove.hs.llnwd.net maps.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.hsbc.bm rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000 http://127.0.0.1:5000/* cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net www.youtube.com; frame-ancestors 'self' www.hsbc.bm; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net brightcove.hs.llnwd.net manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.bm; upgrade-insecure-requests ; report-uri /csp/report; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles hardware2018.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.wisepops.com listgrowth.ctctcdn.com beacon.searchspring.io m.addthis.com 4e6f94f0-c23e-4752-a599-adf4d69df3be.rlets.com staticw2.yotpo.com iokhmf.a.searchspring.io appliance-rebates.firebaseio.com capture-api.reachlocalservices.com liqadprdct-capture-prod-east.gannettdigital.com hrm-web-event-details.firebaseio.com res.cloudinary.com www.google.com adservice.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com api.parcellab.com configs.parcellab.com tst.kaptcha.com pagead2.googlesyndication.com kount.com ssl.kaptcha.com; default-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' hardware2018.commercev3.com s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net staticw2.yotpo.com data: hartvillehardware-assets.nyc3.digitaloceanspaces.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com 4e6f94f0-c23e-4752-a599-adf4d69df3be.rlets.com s7.addthis.com www.youtube.com tpc.googlesyndication.com forms.hartvillejobs.com cdn.flipsnack.com player.flipsnack.com player.vimeo.com insight.adsrvr.org match.adsrvr.org https://bam.nr-data.net t.sharethis.com tst.kaptcha.com ssl.kaptcha.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net *.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com cm.g.doubleclick.net www.googleadservices.com d3cgm8py10hi0z.cloudfront.net res.cloudinary.com pubads.g.doubleclick.net googleads.g.doubleclick.net p.yotpo.com cdn-yotpo-images-production.yotpo.com yotpo-editor-production.s3.amazonaws.com fault.rlets.com iokhmf.a.searchspring.io cdn.wisepops.com *.simpli.fi cdn.searchspring.net cdn.flipsnack.com media.mydoitbest.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com icons.parcellab.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.simpli.fi loader.wisepops.com cdn.searchspring.net cdnjs.cloudflare.com static.ctctcdn.com cdn.jsdelivr.net cdn.rlets.com staticw2.yotpo.com v1.addthisedge.com z.moatads.com *.addthis.com cdn.wisepops.com use.fontawesome.com tpc.googlesyndication.com forms.hartvillejobs.com js-agent.newrelic.com secure.comodo.com s3.amazonaws.com/a.cdn.searchspring.net/ nyc3.digitaloceanspaces.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net js.adsrvr.org hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.simpli.fi loader.wisepops.com cdn.searchspring.net cdnjs.cloudflare.com static.ctctcdn.com cdn.jsdelivr.net cdn.rlets.com staticw2.yotpo.com v1.addthisedge.com z.moatads.com *.addthis.com cdn.wisepops.com use.fontawesome.com tpc.googlesyndication.com forms.hartvillejobs.com js-agent.newrelic.com secure.comodo.com s3.amazonaws.com/a.cdn.searchspring.net/ nyc3.digitaloceanspaces.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net js.adsrvr.org hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com; style-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net static.ctctcdn.com cdn.searchspring.net staticw2.yotpo.com cdnjs.cloudflare.com/ajax/libs/fancybox/ nyc3.digitaloceanspaces.com hartvillehardware-assets.nyc3.digitaloceanspaces.com cdn.parcellab.com; style-src-elem 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net static.ctctcdn.com cdn.searchspring.net staticw2.yotpo.com cdnjs.cloudflare.com/ajax/libs/fancybox/ nyc3.digitaloceanspaces.com hartvillehardware-assets.nyc3.digitaloceanspaces.com cdn.parcellab.com; style-src-attr  'unsafe-inline'; media-src 'self' hardware2018.commercev3.com s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com www.bing.com res.cloudinary.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: syndication.twitter.com www.facebook.com *.tile.openstreetmap.org www.gravatar.com www.googletagmanager.com *.google-analytics.com www.google.com www.google.pl cdn.livechat-files.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com static.addtoany.com z.moatads.com www.googletagmanager.com maps.googleapis.com platform.twitter.com connect.facebook.net www.google-analytics.com *.livechatinc.com *.livechat.com www.google.com www.gstatic.com *.hotjar.com googleads.g.doubleclick.net cdn.jsdelivr.net; font-src 'self' *.livechatinc.com; connect-src 'self' *.addthis.com stats.addtoany.com nominatim.openstreetmap.org www.google-analytics.com www.facebook.com maps.googleapis.com *.google-analytics.com; frame-src 'self' s7.addthis.com static.addtoany.com www.youtube.com platform.twitter.com www.facebook.com web.facebook.com www.google.com ankiety.org *.livechatinc.com *.livechat.com player.liveaffect.pl 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://comparaiso.es/report-uri/enforce 1
frame-ancestors 'self' *.isubscribe.com.au *.isubscribe.co.nz; 1
default-src https: 'self'; connect-src https: 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://axon-ems-fe-api.arx.com.ua wss://axon-ems-fe-api.arx.com.ua; font-src https: 'self' data: http://script.hotjar.com https://script.hotjar.com; frame-src https: 'self' https://vars.hotjar.com; frame-ancestors https: 'self'; img-src https: data: 'self' https://script.hotjar.com http://script.hotjar.com; media-src https: 'self'; object-src https: 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; style-src 'unsafe-inline' https: 'self'; 1
default-src 'none'; base-uri 'none'; object-src 'none'; script-src 'nonce-8adcca91640e1901e04688a48372d45b' 'strict-dynamic' plausible.io www.googletagmanager.com *.google-analytics.com https: 'self' 'report-sample' 'unsafe-inline'; style-src 'self' tagmanager.google.com *.googleapis.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com www.googletagmanager.com plausible.io; img-src 'self' *.google-analytics.com www.googletagmanager.com *.gstatic.com data:; media-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none'; manifest-src 'self'; frame-src 'none'; form-action 'self' ibuildings.nl api.ibuildings.nl ibuildings.com; report-to default 1
script-src 'self' *.dlgal.com dlgal.com tsaristcanapes.com addictedwonder.com renomeeguze.com *.bebi.com run-syndicate.com *.run-syndicate.com runative-syndicate.com *.runative-syndicate.com blastcahs.com *.o333o.com *.histats.com *.cloudfront.net edfsqfaeenij.com *.adsco.re *.cdn4ads.com cdn4ads.com *.dkypsidljq.com *.edfsqfaeenij.com ptewarin.net ulukaris.com clerrrep.com mailwithcash.com *.ggbases.com *.realsrv.com *.exosrv.com *.jads.co *.juicyads.com *.patreon.com data: blob: 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self' data: *.po.edu.pl wss://fulltextsearch.org/flare *.google-analytics.com wu.po.opole.pl socialplugin.facebook.net www.facebook.com/plugins/customer_chat/ maps.googleapis.com; default-src 'self' data: *.po.edu.pl ; font-src 'self' data: *.po.edu.pl fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net; frame-src 'self' data: *.po.edu.pl www.facebook.com maps.google.com www.google.com web.facebook.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: graph.facebook.com *.xx.fbcdn.net wu.po.opole.pl s.w.org *.ytimg.com *.po.edu.pl *.fna.fbcdn.net www.googletagmanager.com; script-src 'self' *.po.edu.pl cdn.jsdelivr.net  www.googletagmanager.com 'unsafe-eval' maps.googleapis.com; script-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com; style-src 'self' *.po.edu.pl fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline'; style-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com fonts.googleapis.com; 1
default-src 'self'  'unsafe-inline' https://px.ads.linkedin.com/ https://vimeo.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://dl.episerver.net https://player.vimeo.com https://*.cookielaw.org/ https://alleima.matomo.cloud/ https://dc.services.visualstudio.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://*.hotjar.com/ https://connect.facebook.net/ https://*.outbrain.com/ https://tr.outbrain.com/ https://*.onetrust.com/ https://cdn.linkedin.oribi.io/ wss://ws.hotjar.com https://*.hotjar.io/ https://*.datablocks.se https://*.zdassets.com/ https://*.zendesk.com/ https://*.zopim.com/ wss://*.zopim.com/ https://pui.episerver.net/ https://www.facebook.com/;img-src 'self' https://*.baidu.com/ https://*.zopim.io/ https://static.zdassets.com/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.se/ https://t.co/ https://analytics.twitter.com/ https://*.outbrain.com/ https://www.facebook.com/ https://px4.ads.linkedin.com/ https://*.vimeocdn.com/ https://*.hotjar.com/ https://cdn.matomo.cloud/ https://maps.googleapis.com/ data:;script-src 'self'  'unsafe-inline'   'unsafe-eval';script-src-elem  'self'  'unsafe-inline'  https://assets.alleima.com/ https://webassets.azurewebsites.net/ https://*.baidu.com/ https://*.monitor.azure.com/ https://*.vimeo.com/ https://code.highcharts.com/ https://dl.episerver.net/ https://*.cookielaw.org/ https://cdn.matomo.cloud/ https://alleima.matomo.cloud/ https://az416426.vo.msecnd.net/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://*.hotjar.com/ https://connect.facebook.net/ https://*.outbrain.com/ https://*.onetrust.com/ https://cdn.linkedin.oribi.io/ wss://ws.hotjar.com https://*.hotjar.io/ https://*.datablocks.se https://*.zdassets.com/ https://*.zendesk.com/ wss://*.zopim.com https://*.zopim.com https://code.jquery.com/jquery-3.7.1.min.js;style-src 'self'  'unsafe-inline' https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://alleima.matomo.cloud/ https://*.datablocks.se/;media-src  'self' https://static.zdassets.com/ https://player.vimeo.com https://download-video.akamaized.net/; 1
default-src 'self' http://127.0.0.1:* https://bam.nr-data.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://maps.google.com/ https://maps.googleapis.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/; img-src 'self' data: https://www.gstatic.com/ https://api.qrserver.com/v1/create-qr-code/ https://maps.gstatic.com/ https://maps.google.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com/ https://sandbox-api.openpay.mx/ https://api.openpay.mx/ https://www.google.com/ https://eu.gcsip.nl/ blob: https://testsecureacceptance.cybersource.com/ https://ipe-pmt.cert.sabre.com/; object-src 'self' 1
frame-ancestors 'self' http://www.philips.co.id *.philips.com *.philips.co.id https://philipsigtdpv.com 1
frame-ancestors 'self' *.nafin.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'sha256-iIf+c/EMxKD/FXoUDy0YsZ3mE+JhzPsmR+aVbrjkdwM=' 'sha256-mC5lwOEBZZZXJoN3sDvzxnxAdNIEKujq9NSXgmhc4HM=' 'sha256-eHA/c1eEwnVIP0JdQf5OoHlH0twlYKVdCPpF0Uxun4U=' 'sha256-HEXSlCvj5t1knUX5S9reED7mj347MrX5NNWmhVKV3AY=' 'sha256-LJv39KYSfXELQ23XLwGsxKqh55fWlLAveXNhE4GJztE=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-IfbgmjMKKAFfhR1EW5CeLOLA6QyZyVAEeldA3Hbac90=' 'sha256-iIf+c/EMxKD/FXoUDy0YsZ3mE+JhzPsmR+aVbrjkdwM=' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com pan.dev https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https://cdn-images-1.medium.com https://medium.com https://www.datocms-assets.com https://www.google-analytics.com https://pan.dev https://raw.githubusercontent.com https://googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://avatars.githubusercontent.com https://github.com https://cdn.twistlock.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.2o7.net https://ssl.gstatic.com https://www.gstatic.com; worker-src 'none'; connect-src https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.paloaltonetworks.com https://cors.pan.dev https://*.algolia.net https://*.googleapis.com https://analytics.google.com https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://panwprod.*.net https://pan.dev; frame-src 'self' https://www.google.com https://*.demdex.net https://td.doubleclick.net; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.com.ua https://www.myheritage.com.ua  'nonce-a3bffeeb1490203e39461c9d9fa60e6f' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.ua;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-vwP3YrvrXjk7WprLPdaQARs1PABU1A9a' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
connect-src 'self' cdn.linkedin.oribi.io *.nexmoproxy.cn api.leadpages.io *.opentok.com *.tokbox.com *.marketgate.com heapanalytics.com *.fullstory.com speedyrhino.co api.autopilothq.com analytics.google.com adservice.google.com ad.doubleclick.net *.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net www.google.com www.facebook.com *.service.signalr.net wss://*.service.signalr.net googleads.g.doubleclick.net wss://*.tokbox.com wss://*.nexmoproxy.cn connect.transactiongateway.com secure.nmi.com px.ads.linkedin.com; font-src *.marketgate.com 'self' data: fonts.gstatic.com; form-action 'self' www.facebook.com; frame-src 'self' *.marketgate.com *.ecrm-online.com *.adsrvr.org speedyrhino.co ecrmlp.lpages.co bid.g.doubleclick.net www.facebook.com www.youtube.com docs.paymentjs.firstdata.com www.google.com *.googlesyndication.com anchor.fm googleads.g.doubleclick.net connect.transactiongateway.com secure.nmi.com ; img-src 'self' cid *.marketgate.com *.ecrm-online.com *.rangeme.com stripoemailstorage.blob.core.windows.net rs.fullstory.com heapanalytics.com *.gstatic.com *.googlesyndication.com ad.doubleclick.net *.linkedin.com data: www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com rangeme.imgix.net www.rapidscansecure.com p.adsymptotic.com https://*.g.doubleclick.net https://*.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src *.marketgate.com 'self' blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' js.adsrvr.org embed.lpcontent.net fonts.googleapis.com heapanalytics.com cdn.heapanalytics.com connect.facebook.net edge.fullstory.com googleads.g.doubleclick.net *.marketgate.com snap.licdn.com speedyrhino.co static.opentok.com *.google-analytics.com www.googleadservices.com https://*.googletagmanager.com www.google.com docs.paymentjs.firstdata.com www.rapidscansecure.com fullstory.com *.googlesyndication.com connect.transactiongateway.com secure.nmi.com; worker-src blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.marketgate.com fonts.googleapis.com cdn.heapanalytics.com www.googletagmanager.com connect.transactiongateway.com secure.nmi.com; default-src 'self' 'unsafe-inline' *.doubleclick.net connect.facebook.net edge.fullstory.com *.marketgate.com px.ads.linkedin.com rs.fullstory.com snap.licdn.com speedyrhino.co static.opentok.com www.facebook.com *.google-analytics.com www.google.com *.googletagmanager.com; frame-ancestors 'self' *.rangeme.com; object-src 'none'; report-uri https://a676292ad05078bd4ae200f3acaff477.report-uri.com/r/d/csp/wizard 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.btc.com btc.com chain.api.btc.com *.cryptoid.info chainz.cryptoid.info widgets.coingecko.com *.google-analytics.com *.api.btc.com  *.btc.com *.xenophyte.com *.segurachain.com *.coingecko.com *.googletagmanager.com *.segurachain.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-anal; frame-src 'self' chain.api.btc.com *.cryptoid.info *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com chainz.cryptoid.info chain.api.btc.com *.cryptoid.info api.btc.com btc.com chain.api.btc.com; object-src 'self' 1
frame-ancestors 'self' https://*.lexusauto.es https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-src 'self' data: https://fagforbundet.piwik.pro/ https://zissoninteract.com/ https://fagbladet2.com/ https://fagbladet.no/ https://motion.easymeet.se/ https://cdn.jwplayer.com/ https://oppgavedeling.pleiar.no/ https://howspace.pleiar.no/ https://www1.fagforbundet.no/ https://www2.fagforbundet.no/ https://datawrapper.dwcdn.net/ https://secure.compendia.no/ https://compendia.boost.ai/ https://secure.compendia.no/ https://medlemsmorten.boost.ai/ https://e.infogram.com/ https://nettkurs.fagforbundet.no/ https://client.imageshop.no/ https://w.soundcloud.com https://www.facebook.com https://public.tableau.com https://vars.hotjar.com https://consentcdn.cookiebot.com https://ep-static.fagforbundet.no https://wtools.fagforbundet.no https://fsrv-int03 https://player.vimeo.com/ https://www.youtube.com/ https://youtube.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://zissoninteract.com/; 1
default-src 'self' ws: wss: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pages05.net *.publitas.com *.publitastest.nl *.googletagmanager.com https://www.google-analytics.com https://kit.fontawesome.com https://use.fontawesome.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net *.facebook.com  *.facebook.net *.episerver.net *.bing.com *.virtualearth.net www.usaepay.com sandbox.usaepay.com *.fluidpay.com https://cdn.jsdelivr.net http://api.getcandid.com https://content-getcandid.netdna-ssl.com https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://acsbapp.com https://cdn.mouseflow.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net *.publitas.com *.fontawesome.com *.typekit.net *.episerver.net *.bing.com http://api.getcandid.com https://optimize.google.com ; font-src 'self' https://fonts.gstatic.com *.fontawesome.com *.typekit.net https://acsbapp.com/ data:; connect-src 'self' *.publitas.com *.publitastest.nl *.fontawesome.com https://analytics.google.com https://www.google-analytics.com https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net https://cdn.acsbapp.com/ https://*.mouseflow.com/ https://stats.g.doubleclick.net/; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com  data: http: https:; child-src 'self' *.powerbi.com *.vimeo.com *.youtube.com *.facebook.com; frame-src 'self' *.publitas.com *.local *.creativecoop.com *.bloomingville.us *.illumecandles.com *.youtube.com sandbox.usaepay.com www.usaepay.com http://api.getcandid.com https://www.google.com/  https://www.pages05.net/ https://*.acsbapp.com/ https://stats.g.doubleclick.net *.fluidpay.com https://optimize.google.com; 1
frame-ancestors 'self' postindustria.com; 1
default-src 'self' ;     script-src 'self' 'unsafe-inline' 'unsafe-eval'       *.yadro.ru yadro.ru       *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net clarity.ms *.clarity.ms bing.com *.bing.com       *.google-analytics.com google-analytics.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com;     style-src 'self' 'unsafe-inline'       *.yadro.ru yadro.ru *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net        *.google-analytics.com google-analytics.com clarity.ms *.clarity.ms bing.com *.bing.com       cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com;     img-src 'self' data:       *.yadro.ru yadro.ru clarity.ms *.clarity.ms bing.com *.bing.com       *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com google-analytics.com       cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com youtube.com *.youtube.com;     frame-src 'self'       *.yadro.ru yadro.ru clarity.ms *.clarity.ms bing.com *.bing.com       *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com google-analytics.com       cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com youtube.com *.youtube.com;     connect-src 'self'       *.yadro.ru yadro.ru clarity.ms *.clarity.ms bing.com *.bing.com       *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com google-analytics.com       cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com;     font-src 'self'       *.yadro.ru yadro.ru clarity.ms *.clarity.ms bing.com *.bing.com       *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com google-analytics.com       cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com *.facebook.com *.addtoany.com addtoany.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' api-public.addthis.com m.addthis.com s7.addthis.com v1.addthisedge.com px.ads.linkedin.com p.adsymptotic.com api.amplitude.com cdn.amplitude.com region1.analytics.google.com bat.bing.com c.bing.com assets.calendly.com *.clarity.ms monitor.clickcease.com www.clickcease.com calendly.com feedvisor.com tracking.crazyegg.com js.driftt.com www.facebook.com connect.facebook.net tracking.g2crowd.com bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com www.google.al www.google-analytics.com www.google.ca www.google.co.id www.google.co.in www.google.co.jp adservice.google.com analytics.google.com www.google.com www.google.com.bd www.google.com.br www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.pk www.google.com.tr www.google.co.uk www.google.co.za www.google.de www.google.ie www.google.pl www.googletagmanager.com secure.gravatar.com fonts.gstatic.com polyfill.io snap.licdn.com www.linkedin.com app-lon04.marketo.com munchkin.marketo.net z.moatads.com *.netdna-ssl.com a.omappapi.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-eval *.addthis.com v1.addthisedge.com static.ads-twitter.com cdn.amplitude.com bat.bing.com assets.calendly.com www.clarity.ms www.clickcease.com www.comeet.co script.crazyegg.com js.driftt.com connect.facebook.net tracking.g2crowd.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.google.com www.googleoptimize.com tpc.googlesyndication.com www.googletagmanager.com script.hotjar.com static.hotjar.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hs-scripts.com polyfill.io snap.licdn.com app-lon04.marketo.com munchkin.marketo.net z.moatads.com *.netdna-ssl.com a.omappapi.com s.pinimg.com www.redditstatic.com scout-cdn.salesloft.com 3001.scriptcdn.net script.tapfiliate.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' mstat.acestream.net *.addthis.com v1.addthisedge.com static.ads-twitter.com g.alicdn.com cdn.amplitude.com bat.bing.com assets.calendly.com www.clarity.ms www.clickcease.com conoret.com fidoapi.com unpkg.com yoast.com www.comeet.co cdn.cqxcbb.cn script.crazyegg.com js.driftt.com connect.facebook.net tracking.g2crowd.com googleads.g.doubleclick.net www.googleadservices.com ssl.google-analytics.com www.google-analytics.com translate.googleapis.com apis.google.com translate.google.com www.google.com www.googleoptimize.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.gstatic.com script.hotjar.com static.hotjar.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hs-scripts.com gc.kes.v2.scr.kaspersky-labs.com me.kes.v2.scr.kaspersky-labs.com snap.licdn.com app-lon04.marketo.com munchkin.marketo.net z.moatads.com cookiehub.net *.netdna-ssl.com a.omappapi.com www.pagespeed-mod.com s.pinimg.com cdn.randomhow.com www.redditstatic.com 1.safecdn01.com scout-cdn.salesloft.com foodin.site script.tapfiliate.com images.uc.cn unpkg.zhimg.com; script-src-attr 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com script.hotjar.com static.hotjar.com app-lon04.marketo.com cookiehub.net *.netdna-ssl.com a.omappapi.com; style-src-elem 'self' 'unsafe-inline' 'report-sample' ajax.googleapis.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com www.gstatic.com app-lon04.marketo.com cookiehub.net *.netdna-ssl.com a.omappapi.com adblockers.opera-mini.net; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://* px.ads.linkedin.com bat.bing.com feedvisor.com feedvisor.darwinapps.com ad.doubleclick.net www.facebook.com www.google.at www.google.com script.hotjar.com static.hotjar.com *.netdna-ssl.com; font-src 'self' data: at.alicdn.com maxcdn.bootstrapcdn.com fonts.cdnfonts.com zip.co cdn.faceworks.nl admin.fbamultitool.com use.fontawesome.com fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net cdn.megabonus.com *.netdna-ssl.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com www.slant.co svcs.tql.com use.typekit.net; connect-src 'self' api-public.addthis.com m.addthis.com s7.addthis.com px.ads.linkedin.com api.amplitude.com region1.analytics.google.com hm.baidu.com bat.bing.com cdnma.cdnservice.space *.clarity.ms monitor.clickcease.com frstre.com ds.cookiehub.net *.crazyegg.com ad.doubleclick.net px.effirst.com www.facebook.com fv.feedvisor.com stats.g.doubleclick.net cdnmd.global-cache.online www.google.ae www.google.al www.google.am region1.google-analytics.com www.google-analytics.com translate.googleapis.com www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr adservice.google.com analytics.google.com www.google.com www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fr www.google.ge www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.it www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lv www.google.md www.google.mg www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.se www.google.si www.google.sk pagead2.googlesyndication.com www.googletagmanager.com www.google.tn www.google.tt uc.gre *.hotjar.com wss://*.hotjar.com *.hotjar.io js-eu1.hs-banner.com forms-eu1.hsforms.com api-eu1.hubapi.com forms-eu1.hubspot.com cdn.linkedin.oribi.io 656-bmz-780.mktoresp.com 656-bmz-780.mktoutil.com *.netdna-ssl.com a.omappapi.com api.omappapi.com z.omappapi.com m1.openfpcdn.io ct.pinterest.com tapi.tapfiliate.com sun.tronex.io api.trongrid.io njs.wigoal.co; media-src 'self' data: feedvisor.com js.driftt.com *.netdna-ssl.com; object-src 'none'; child-src s7.addthis.com s.amazon-adsystem.com calendly.com www.comeet.co js.driftt.com www.facebook.com bid.g.doubleclick.net www.google.com tpc.googlesyndication.com app-lon04.marketo.com www.youtube.com; frame-src edge.addthis.com s7.addthis.com s.amazon-adsystem.com portal.bitglass.com player.blubrry.com cx.chacizus.com calendly.com feedvisor.com google.com www.comeet.co blr1fw.corp.capgemini.com static.deledao.com td.doubleclick.net js.driftt.com www.facebook.com bid.g.doubleclick.net googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com vars.hotjar.com www.loom.com app-lon04.marketo.com mozbar.moz.com ct.pinterest.com www.slideshare.net filter.techloq.com web.vstat.info www.youtube.com; worker-src blob:; frame-ancestors 'self'; form-action 'self' www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' bat.bing.com; manifest-src 'self'; report-uri https://darwinapps.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-9GIXV/7v4n1diP0pqV+fc6/P7+0z1W35dHeg4Ibl/OmYq0xH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-53838a69446b494a848d21ff9308f79e' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors https://omilia.com; 1
default-src 'self' *.googletagmanager.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.twitter.com;script-src 'self' *.googletagmanager.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.twitter.com *.youtube.com 'nonce-iyBBecy4rNC+8AgK0vwkgsb5WllDVPItx4ilcoesQyA=';style-src 'self' *.googleapis.com 'unsafe-inline';font-src 'self' *.gstatic.com;img-src 'self' *.cartocdn.com *.amazonaws.com *.twitter.com *.gstatic.com *.google.com chart.apis.google.com *.googleapis.com *.paypalobjects.com *.arcgisonline.com *.openstreetmap.org *.openrailwaymap.org *.noaa.gov data:;frame-src 'self' *.google.com *.youtube.com 1
frame-ancestors 'self' https://help.bikester.co.uk https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self' https://api-adresse.data.gouv.fr; block-all-mixed-content; font-src 'self' data:; frame-src 'self' blob:; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' data: ;connect-src 'self' https://queue.simpleanalyticscdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.giosg.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha https://stats.g.doubleclick.net https://service.giosg.com https://*.uefa.com https://*.umbraco.com https://*.umbraco.org https://www.facebook.com https://execution-ci360.santander.nl https://*.ci360.sas.com https://cdn.cookielaw.org https://*.tt.omtrdc.net;child-src 'self' https://www.facebook.com;font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://script.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self' https://www.facebook.com;frame-ancestors 'self' https://www.facebook.com https://*.ci360.sas.com;frame-src 'self' https://*.santander.nl https://*.santander.be https://*.clients.giosgusercontent.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com https://players.brightcove.net https://*.trustpilot.com https://static.addtoany.com https://www.facebook.com https://www.santandermarketingoverlay.nl https://optimize.google.com https://*.uefa.com https://*.chooose.today;img-src 'self' data: https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com https://*.google-analytics.com https://*.analytics.google.com https://*.umbraco.com https://*.umbraco.org https://*.uefa.iom https://giosg-chat-public-eu.s3.amazonaws.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gravatar.com https://secure.gravatar.com https://stats.g.doubleclick.net https://www.google.com https://www.google.nl https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://static.addtoany.com https://www.facebook.com https://delivery-ci360.santander.com https://content-ci360.santander.nl https://*.ci360.sas.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com;manifest-src 'self';media-src 'self' data: https://www.gravatar.com https://secure.gravatar.com https://player.vimeo.com https://www.youtube.com https://*.ytimg.com https://*.uefa.com https://*.umbraco.com https://*.umbraco.org https://www.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://scripts.simpleanalyticscdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com  https://service.giosg.com https://*.trustpilot.com https://www.dwin1.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/pagead/ https://www.google.nl/pagead/ https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.googleoptimize.com https://*.uefa.com https://static.addtoany.com https://connect.facebook.net https://execution-ci360.santander.nl https://stackpath.bootstrapcdn.com https://*.ci360.sas.com https://optimize.google.com https://www.googleadservices.com https://*.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.financeads.net;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://service.giosg.com https://fonts.gstatic.com https://*.uefa.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://optimize.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;report-uri /CspReport/Report; 1
frame-ancestors 'self' *.ahorn-hotels.de *.ahorn-busangebote.de fideliosuite8webconnect.com 1
default-src 'self' data: analytics.google.com *.googleadservices.com https://onlia.zendesk.com https://static.zdassets.com/ekr/snippet.js https://ekr.zdassets.com/compose/ https://static.zdassets.com/ https://v2assets.zopim.io wss://widget-mediator.zopim.com/s/W/ws/ https://widget-mediator.zopim.com https://p27.zdusercontent.com/ https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js *.trustpilot.com optimize.google.com d6tizftlrpuof.cloudfront.net *.digitalcx.com *.elitechnology.com *.usabilla.com *.eqads.com *.onliasense.ca *.gstatic.com *.doubleclick.net fonts.googleapis.com tagmanager.google.com maps.google.com maps.google.ca *.googleapis.com *.googleapis.ca *.ggpht.com www.youtube.com https://onlia-ca-pixel-cynolytics.outshared.services/ https://connect.facebook.net https://s-static.ak.facebook.com https://www.facebook.com https://www.google.com www.google.ca *.google-analytics.com https://*.analytics.google.com wss://*.smooch.io https://*.smooch.io https://*.googletagmanager.com https://www.googleoptimize.com https://surfly.com/  https://*.tvsquared.com https://player.vimeo.com/ https://ucc.oc365s.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io content.hotjar.io https://*.trustev.com https://*.iesnare.com wss://mpsnare.iesnare.com/ https://static.ads-twitter.com/ *.twitter.com *.stackadapt.com https://t.co/ https://bat.bing.com/ https://bat.bing.com/action/0* https://www.instagram.com/ 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; script-src 'sha256-tAfgWUb98p1875lWwnkTgmzVSDEYqMsRid0pgf75dq4='; style-src 'self' 'unsafe-hashes' 'sha256-BQR5vviFGpgU+dpKzXPBXCyPq8jI80aW7zy2mN8dvd8=' 'sha256-x6pJ/oSZAo0umswM1vlMKkx8adS9MdHLy5Tjw+mF688=' 'sha256-pgTvU/0XeeR6ObdQjACeVNp/9F+EM4EuhnGs1VovqKI=';img-src 'self'; 1
frame-ancestors 'self' kirkland.granicus.com kirkland.admin.opencities.com; child-src https://kirkland.granicus.com/ https://arcgis.com/; frame-src 'self' insight.adsrvr.org match.adsrvr.org www.youtube.com us.openforms.com kirklandwa.maps.arcgis.com www.arcgis.com www.volgistics.com www.facebook.com www.instagram.com syndication.twitter.com platform.twitter.com m.facebook.com kirkland.granicus.com inter.kirklandwa.gov e.issuu.com www.eventbrite.com.au docs.cityofkirkland.net media.avcaptureall.cloud maps.kirklandwa.gov app.powerbigov.us public.tableau.com public.govdelivery.com kuula.co archive-video.granicus.com kirklandwa.primegov.com buzzsprout.com www.buzzsprout.com pgwest.blob.core.windows.n docs.kirklandwa.gov;  1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: data:; connect-src wss://www.florius.nl/ https://www.florius.nl/ https://www.surve.nl/ https://insights.hotjar.com/ https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ https://digitalassistant-signalr-productie.service.signalr.net/ wss://digitalassistant-signalr-productie.service.signalr.net/ https://*.clarity.ms https://c.bing.com https://cobrowse.aah.nl/ wss://cobrowse.aah.nl/; worker-src blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.abtasty.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.reaal.nl https://*.reaal.local https://az416426.vo.msecnd.net https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dl.episerver.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://web.telemetric.dk https://widget.euw1.chat.pega.digital;object-src 'none';style-src 'self' 'unsafe-inline' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.pega.com https://*.reaal.nl https://*.reaal.local https://p.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://use.typekit.net;img-src 'self' data: blob: https://*.abtasty.com https://*.amazonaws.com https://*.cloudfront.net https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.onfido.com https://*.pega.com https://*.reaal.nl https://*.reaal.local https://5321909.fls.doubleclick.net https://bat.bing.com https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://maps.gstatic.com https://p.typekit.net https://region1.analytics.google.com https://region1.google-analytics.com https://ssl.gstatic.com https://www.facebook.com/tr/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com;media-src 'self' blob: https://storage.googleapis.com https://*.reaal.nl;frame-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://5321909.fls.doubleclick.net https://bid.g.doubleclick.net https://clone-chatbot.reaal.local https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://qa-assistant.abtasty.com https://www.youtube.com https://*.reaal.nl;font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://use.typekit.net *.chat.pega.digital https://*.reaal.nl;connect-src 'self' https://*.abtasty.com https://*.hotjar.com:* https://*.hotjar.io https://*.pega.com https://*.reaal.nl https://*.reaal.local https://az416426.vo.msecnd.net https://bat.bing.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://region1.google-analytics.com https://www.facebook.com/tr/ https://www.google.com https://www.google-analytics.com https://eu.cobrowse.pega.com wss://*.hotjar.com wss://eu.cobrowse.pega.com wss://euuat.chat.pega.com wss://eu.chat.pega.com wss://euuat.cobrowse.pega.com https://*.onfido.com https://widget.euw1.chat.pega.digital wss://engine.euw1.chat.pega.digital api.onfido.com wss://sync.onfido.com;frame-ancestors 'self';manifest-src 'self' https://*.reaal.nl https://*.reaal.local;worker-src 'self' blob: https://*.reaal.nl 1
frame-ancestors 'self' https://*.poupex.com.br 1
frame-src 'self' https://challenges.cloudflare.com; worker-src 'self' blob:; connect-src 'self' http://localhost:27389 https://plausible.heliosphere.app https://data.heliosphere.app https://sentry.heliosphere.app; object-src 'none'; script-src 'self' https://challenges.cloudflare.com 'unsafe-eval' 'sha384-xk1kSI9+xjB2PUxoavMdJxzV9Gx4qy/9xvMdn/NbpBng7wffej8LQocWpfW4H+v3' 'nonce-DH1A4Llrd3IB1ZqZ9ykgKA=='; base-uri 'self' 1
object-src 'none'; form-action 'self' https://*.activehosted.com https://*.eloqua.com https://nrgi.custhelp.com https://hooks.zapier.com https://elcon.dk https://totalkreditform.ebas.dk https://*.nrgi.dk; frame-ancestors 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.widget.custhelp.com 1
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
report-to default ;connect-src 'self' *.rosa.be *.rosa.be:9000 cognito-idp.eu-central-1.amazonaws.com builder.io cdn.builder.io maps.googleapis.com bam.eu01.nr-data.net qwik-insights.builder.io ;script-src 'self' 'unsafe-eval' 'unsafe-inline' js-agent.newrelic.com bam.eu01.nr-data.net maps.googleapis.com cdn.builder.io ;font-src 'unsafe-inline' 'self' fonts.gstatic.com ;style-src 'self' 'unsafe-inline' fonts.googleapis.com  ;frame-src 'self' ;img-src 'self' data: *.rosa.be mt0.google.com mt1.google.com mt2.google.com mt3.google.com maps.googleapis.com maps.gstatic.com cdn.builder.io ;default-src 'self' ;base-uri 'self' ;form-action 'self' ;frame-ancestors 'none' ;object-src 'none' ;script-src-attr 'unsafe-inline' ;upgrade-insecure-requests 1
default-src 'self'; script-src 'self' ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri api/Common/CspReport; frame-src 'self' *.eveseliba.gov.lv; img-src 'self' blob: ; 1
default-src 'self' club-rf.ru *.club-rf.ru;
                                            script-src 'self' 'unsafe-inline' 'unsafe-eval' club-rf.ru *.club-rf.ru *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru st.top100.ru vk.com *.vk.com connect.ok.ru connect.mail.ru;
                                            frame-src 'self' blob: club-rf.ru *.club-rf.ru *.youtube.com *.facebook.com s-static.ak.facebook.com https://mc.yandex.ru https://top-fwz1.mail.ru vk.com *.vk.com connect.ok.ru connect.mail.ru;
                                            object-src 'self' club-rf.ru *.club-rf.ru;
                                            style-src 'self' 'unsafe-inline' club-rf.ru *.club-rf.ru;
                                            img-src 'self' 'unsafe-inline' club-rf.ru *.club-rf.ru *.yandex.ru https://top-fwz1.mail.ru https://kraken.rambler.ru https://counter.rambler.ru vk.com *.vk.com;
                                            connect-src 'self' club-rf.ru *.club-rf.ru https://mc.yandex.ru https://top-fwz1.mail.ru https://kraken.rambler.ru;
                                            font-src 'self' club-rf.ru *.club-rf.ru https://fonts.googleapis.com;
                                            child-src 'self' blob: club-rf.ru *.club-rf.ru https://mc.yandex.ru; 1
default-src 'self'; connect-src 'self' *.siteimprove.com inaadress.maaamet.ee https://s3-web-1a.tehik.ee https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://tableauapp.tehik.ee https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com 6168367.global.siteimproveanalytics.io *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com siteimproveanalytics.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://tableau.test.tehik.ee https://tableauapp.tehik.ee https://talendipank.ee static.cloudflareinsights.com https://siteimproveanalytics.com ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self' dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com indd.adobe.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com *.googletagmanager.com *.adobe.com https://www.youtube.com/iframe_api https://dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com az416426.vo.msecnd.net https://cdn.curator.io web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com use.typekit.net p.typekit.net https://cdn.curator.io *.autodesk.com *.autodesk360.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com https://cdn.curator.io https://curator-assets.b-cdn.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.fbcdn.net *.autodesk.com *.autodesk360.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com use.typekit.net https://cdn.curator.io *.autodesk.com *.autodesk360.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com www.google.com stats.g.doubleclick.net www.google-analytics.com api.curator.io *.mktoresp.com *.visualstudio.com https://*.instagram.com https://api.curator.io *.adobe.com *.adobe.io https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com video.twimg.com https://curatorio.s3.amazonaws.com https://curator-assets.b-cdn.net *.adobe.com *.autodesk.com *.autodesk360.com; child-src 'self' dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com *.twimg.com *.autodesk.com *.autodesk360.com *.adobe.com web-chat.nativechat.com 1
frame-ancestors 'self' https://manage.vendingmarketwatch.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https://web.j-osler-jrs.jp/ https://web.dev.j-osler-jrs.jp/ https://mt7-4q7t7u8.jrs.or.jp/ 1
default-src 'self' blob: https://*.mapbox.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.pagespeed-mod.com *.clearbitjs.com vitals.vercel-insights.com vercel.live *.sentry.io js.driftt.com static.truckmap.com widget.drift.com *.google-analytics.com; script-src-elem 'self' 'unsafe-inline' js.driftt.com static.truckmap.com api.mapbox.com vitals.vercel-insights.com vercel.live *.googletagmanager.com *.pagespeed-mod.com *.clearbitjs.com *.sentry.io *.google-analytics.com; font-src 'self' blob: data: 'unsafe-inline' https:; connect-src 'self' blob: *.tiles.mapbox.com api.mapbox.com *.sentry.io events.mapbox.com static.truckmap.com vitals.vercel-insights.com *.google-analytics.com *.clearbitjs.com vercel.live *.pusher.com; frame-src 'self' js.driftt.com widget.drift.com vercel.live; style-src 'self' blob: 'unsafe-inline' static.truckmap.com fonts.gstatic.com fonts.googleapis.com data: blob:; img-src 'self' assets.vercel.com truckmap.s3.amazonaws.com apple-resources.s3.amazonaws.com *.google-analytics.com vercel.com static.truckmap.com *.clearbitjs.com data: blob:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; child-src 'self' blob: api.mapbox.com *.tiles.mapbox.com; base-uri 'self' 1
default-src 'self' ;connect-src 'self' self 0.0.0.0:3000 ws: wss: elethor.com:* *.bugsnag.com *.fontawesome.com *.google-analytics.com *.pbbglite.com;script-src 'self' self 0.0.0.0:3000 *.fontawesome.com 'unsafe-inline' 'unsafe-eval' *.google.com/recaptcha/api.js *.gstatic.com/recaptcha/ challenges.cloudflare.com *.googletagmanager.com *:3000;style-src 'self' self 0.0.0.0:3000 'unsafe-inline' *.bunny.net *.elethor.com;font-src 'self' self 0.0.0.0:3000 *.bunny.net *.fontawesome.com;frame-src 'self' self 0.0.0.0:3000 *.google.com challenges.cloudflare.com; 1
style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com   maps.google.com; frame-ancestors 'self' *.typekit.net *.googleapis.com   maps.google.com; object-src 'self' *.typekit.net *.googleapis.com   maps.google.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ilgmforum.com/logs/ https://ilgmforum.com/sidekiq/ https://ilgmforum.com/mini-profiler-resources/ https://global.discourse-cdn.com/growingmarijuana/assets/ https://ilgmforum.com/extra-locales/ https://sea2.discourse-cdn.com/growingmarijuana/highlight-js/ https://sea2.discourse-cdn.com/growingmarijuana/javascripts/ https://sea2.discourse-cdn.com/growingmarijuana/plugins/ https://sea2.discourse-cdn.com/growingmarijuana/theme-javascripts/ https://sea2.discourse-cdn.com/growingmarijuana/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://static.klaviyo.com/onsite/js/klaviyo.js https://epnt.ebay.com/static/epn-smart-tools.js https://www.google-analytics.com/analytics.js *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com *.klaviyo.com; worker-src 'self' https://global.discourse-cdn.com/growingmarijuana/assets/ https://sea2.discourse-cdn.com/growingmarijuana/javascripts/ https://sea2.discourse-cdn.com/growingmarijuana/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
connect-src 'self' wss://ws.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://content.hotjar.io https://cdn.linkedin.oribi.io; default-src 'self' https:; font-src 'self' data: https://fonts.gstatic.com; img-src 'unsafe-inline' https: data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://cdn.jsdelivr.net https://cdn.jsdelivr.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https:; worker-src 'self' blob:; 1
default-src https: 'self'; base-uri 'self' *.superfeedr.com; connect-src *.superfeedr.com *.google-analytics.com; font-src 'self' fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' secure.gravatar.com data: *.superfeedr.com www.google-analytics.com *.doubleclick.net; media-src 'self'; object-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.superfeedr.com www.google-analytics.com js.stripe.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.superfeedr.com 1
frame-ancestors 'self' https://*.ampproject.org https://*.astonhotelsinternational.com https://*.archipelagointernational.com; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://www.youtube.com https://static.sojern.com/utils/sjrn_autocx.js https://*.backhotelite.com https://app.termly.io https://*.denomatic.com https://*.glopss.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://code.jquery.com https://cdn.jsdelivr.net https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ *.triptease.io https://*.onesignal.com https://cdn.ampproject.org https://translate.googleapis.com https://translate.google.com https://*.astonhotelsinternational.com https://use.fontawesome.com https://kit.fontawesome.com https://*.archipelagointernational.com https://translate-pa.googleapis.com https://customs.affilired.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cognito-identity.ap-southeast-1.amazonaws.com https://client.rum.us-east-1.amazonaws.com; style-src 'self' 'report-sample' 'unsafe-inline' https://*.backhotelite.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.google.com https://code.jquery.com https://cdn.jsdelivr.net https://embed.tawk.to https://*.astonhotelsinternational.com https://cdn.ampproject.org https://translate.googleapis.com https://*.fontawesome.com https://*.archipelagointernational.com https://www.googletagmanager.com https://tagmanager.google.com; object-src 'none'; frame-src 'self' https://www.youtube.com https://static.sojern.com https://app.termly.io https://ovs-gadget.tour-list.com https://connect.facebook.net https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://va.tawk.to https://*.triptease.io https://*.ampproject.net https://*.astonhotelsinternational.com https://vrtour360.net https://www.facebook.com https://*.windows.net www.googletagmanager.com; child-src 'self' blob: https://*.facebook.com https://connect.facebook.net https://*.google.com https://*.doubleclick.net *.googlesyndication.com www.googletagmanager.com; img-src 'self' data: blob: https://*.backhotelite.com/ https://membershipprofileimage.s3.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://fonts.gstatic.com *.google.com.br *.google.co.in www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com cdnjs.cloudflare.com *.google.com *.google.com.mx *.google.co.uk *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.doubleclick.net *.googlesyndication.com www.googleadservices.com code.jquery.com cdn.jsdelivr.net embed.tawk.to tawk.link cdn.jsdelivr.net/emojione imageresizer.arch.software *.gstatic.com *.ampproject.org translate.google.com translate.googleapis.com www.gstatic.com *.openstreetmap.org https://*.google.com.qa https://www.google.com.cu/ads/ https://www.google.bs/ads/ *.favehotels.com *.astonhotelsinternational.com *.google.tn https://*.archipelagointernational.com www.google.com.kh https://*.googleusercontent.com https://www.google.com.mm https://chart.googleapis.com www.google.com.gt www.google.ht www.google.la www.google.bt www.google.com.cu www.googletagmanager.com; font-src 'self' data: *.bootstrapcdn.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net embed.tawk.to https://*.tawk.to *.fontawesome.com; connect-src 'self' data: https://cdn.denomatic.com https://app.termly.io https://sentec.report-uri.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com code.jquery.com cdn.jsdelivr.net *.tawk.to wss://*.tawk.to *.triptease.io www.google.se imageresizer.arch.software *.archipelagointernational.com *.google.pl *.googleadservices.com cdn.ampproject.org *.ampproject.net translate.googleapis.com translate.google.com www.google.com.co www.google.com.pk *.openstreetmap.org *.favehotels.com https://*.google.co.id https://*.google.ca https://*.google.fr www.google.com.sg www.google.ie www.google.co.za www.google.com.cu www.google.com.ph www.google.ro www.google.ru *.astonhotelsinternational.com https://www.gstatic.com/images/ https://www.facebook.com connect.facebook.net www.google.co.kr www.google.es www.google.co.in www.google.cz www.google.pt www.google.no https://maxcdn.bootstrapcdn.com www.google.com.au https://www.google.lk https://www.google.it https://*.googleusercontent.com https://www.google.de https://www.google.ae https://www.google.co.uk https://www.google.nl https://bmbuichatprod.z13.web.core.windows.net https://www.google.com.hk https://www.google.com.qa https://gate.rapidsec.net https://www.google.co.jp *.google.com.my www.google.lt www.google.co.mz www.google.co.ma www.google.fi www.google.tn https://*.google.bg *.fontawesome.com www.google.sk www.google.la www.google.com.tj www.google.am ssl.google-analytics.com www.google.com.ly www.google.kz www.google.cn https://*.affilired.com https://onesignal.com https://chart.googleapis.com https://www.googletagmanager.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com https://*.rum.ap-southeast-1.amazonaws.com https://client.rum.us-east-1.amazonaws.com; manifest-src 'self' https://*.astonhotelsinternational.com; base-uri 'self'; form-action 'self' https://*.backhotelite.com https://*.facebook.com https://connect.facebook.net https://*.google.com https://*.astonhotelsinternational.com https://www.simplebooking.it; media-src 'self' data: https://dai.google.com https://embed.tawk.to https://tawk.link; worker-src 'self' blob: https://www.google.com; report-to default; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.klarna.com https://skroutza.skroutz.gr https://test.cleverpoint.gr https://cleverpoint.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://static.addtoany.com *.pinterest.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr *.cloudflare.com *.nbg.gr *.e-satisfaction.com *.amazonaws.com *.godaddy.com *.adman.gr *.livehelperchat.com *.zopim.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr https://ajax.cloudflare.com *.zdassets.com/ *.hotjar.com; style-src 'self' 'unsafe-inline' https://x.klarnacdn.net https://fonts.googleapis.com *.e-satisfaction.com *.livehelperchat.com https://cdn.jsdelivr.net https://www.googletagmanager.com ; object-src 'self'; img-src 'self' data: https://www.nakas.com.cy https://www.nakas.gr *.cdninstagram.com https://nakascy.staginglh.com https://nakas.staginglh.com https://local.nakas.cy https://local.nakas.gr https://nakascy.test.devlh.com https://nakas.test.devlh.com https://nakas.com.cy https://nakas.gr https://static.nakas.gr https://static.nakas.com.cy https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr *.pinterest.com https://trustmark.gr *.skroutz.gr *.google.co.uk *.facebook.net *.youtube.com *.e-satisfaction.com  *.doubleclick.net *.godaddy.com *.cdninstagram.com.com https://fonts.gstatic.com/ https://www.googletagmanager https://eu-assets.playground.klarnaservices.com https://eu-assets.klarnaservices.com; font-src 'self' data: https://x.klarnacdn.net https://fonts.gstatic.com https://taxshop.livehelperchat.com; connect-src 'self' https://js.klarna.com https://js.playground.klarna.com https://na.playground.klarnaevt.com https://na.klarnaevt.com https://www.youtube.com https://www.bestprice.gr https://static.addtoany.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app *.facebook.com *.e-satisfaction.com https://googleads.g.doubleclick.net https://adservice.google.com https://www.google.com https://region1.analytics.google.com https://conversionsapi.nakas.gr https://taxshop.livehelperchat.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com; frame-src *; media-src 'self' 1
default-src 'self';script-src 'self' i.php.watch;style-src 'self' i.php.watch;img-src 'self' i.php.watch;media-src 'self' i.php.watch;font-src 'self' i.php.watch;worker-src 'none';form-action 'self' watch.us19.list-manage.com;frame-src 'self' i.php.watch;object-src 'self' i.php.watch 1
frame-ancestors 'self' *.sciquest.com *.ariba.com *.nova.edu *.coupahost.com *.covestro.com *.intellecat.com *.bmc.com *.vinimaya.com *.oraclecloud.com *.equallevel.com *.terracon.com *.eplus.com *.pacificorp.us *.punchout2go.com *.STATE.PA.US equallevel.com *.macewan.ca p2p.caci.com *.verian.com *.aquiire.net *.nvenergy.com *.sherwin.com *.fwisd.org *.cchmc.org *.esmsolutions.com *.ocps.* *.pacificorp.us *.oracleoutsourcing.com *.ocps.k12.fl.us *.ivalua.us *.vroozi.com *.varstreet.com *.ocps.net *.edmonton.ca *.cgieva.com *.punchoutcommerce.com punchoutcommerce.com *.shawinc.com *.tradecentric.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9d95458326ea561e3656153322e43c95'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' ; font-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.gstatic.com use.typekit.net styles.assets-landingi.com domnowoczesny.com www.grupapsb.com.pl; style-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net amazonaws.com domnowoczesny.com www.grupapsb.com.pl; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.googletagmanager.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net maps.google.com maps.googleapis.com s.ytimg.com domnowoczesny.com ajax.googleapis.com www.grupapsb.com.pl; connect-src 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.google.pl www.facebook.com maps.googleapis.com domnowoczesny.com ajax.googleapis.com www.grupapsb.com.pl; frame-src 'unsafe-eval' 'unsafe-inline' 'self' www.facebook.com www.youtube.com domnowczesny.com; img-src * 'self' data: https:; object-src 'unsafe-eval' 'unsafe-inline' 'self' data: 1
frame-ancestors https://en.uhomes.com/ 1
child-src 'self' lh-content.s3.amazonaws.com *.experts-promotion.com *.vimeo.com vimeo.com *.youtube.com csp.screen9.com *.video-cdn.net *.cloudfront.net ecentry.pixieset.com lufthansa.pixieset.com maya-production-backend.eu-de.mybluemix.net *.brusselsairlines.com; 1
default-src https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.yezzclips.com; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com  https://static.yezzclips.com https://www.juicycash.net https://yezzclips.r.worldssl.net; media-src 'self' https://static.yezzclips.com https://yezzclips.r.worldssl.net; script-src https://*.googletagmanager.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.inet-cash.com https://ajax.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://static.yezzclips.com https://yezzclips.r.worldssl.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://static.yezzclips.com https://yezzclips.r.worldssl.net https://use.fontawesome.com; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.gstatic.com *.amazonaws.com *.googleapis.com pym.nprapps.org *.marketo.com *.cloudflare.com www.google-analytics.com cdn.optimizely.com www.bugherd.com sjrtp4-cdn.marketo.com www.googletagmanager.com cdn.callrail.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.marketo.com app.callrail.com p.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com maps.googleapis.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu video.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.bootstrapcdn.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.google.com; object-src 'self' assets.delvenetworks.com *.delvenetworks.com video.limelight.com assets.delvenetworks.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.ajax.googleapis.com ajax.googleapis.com *.marketo.com rtp-static.marketo.com *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.google.com; img-src 'self' media.npr.org data: *.vimeocdn.com *.adsymptotic.com *.linkedin.com *.google-analytics.com *.g.doubleclick.net *.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com; frame-src 'self' vimeo.com *.marketo.com cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com googleads.g.doubleclick.net *.google.com; frame-ancestors 'self'; font-src 'self' data: *.fontawesome.com *.joinhoney.com themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' *.doubleclick.net *.google-analytics.com *.serving-sys.com 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kind.social; img-src 'self' https: data: blob: https://kind.social; style-src 'self' https://kind.social 'nonce-bl4bS+MKSSAUHYg2qHqhEA=='; media-src 'self' https: data: https://kind.social; frame-src 'self' https:; manifest-src 'self' https://kind.social; form-action 'self'; child-src 'self' blob: https://kind.social; worker-src 'self' blob: https://kind.social; connect-src 'self' data: blob: https://kind.social https://cdn.masto.host wss://kind.social; script-src 'self' https://kind.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://js.hs-scripts.com https://player.vimeo.com https://www.google-analytics.com https://static.ads-twitter.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.usemessages.com https://js-na1.hs-scripts.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.google.com https://forms.hsforms.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://perf.hsforms.com https://t.co https://analytics.twitter.com https://forms.hsforms.com https://www.google-analytics.com; connect-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://fn6g1hhu2h.execute-api.us-east-1.amazonaws.com https://vimeo.com https://*.algolianet.com https://www.google-analytics.com https://api.hubspot.com https://forms.hubspot.com https://stats.g.doubleclick.net 1
base-uri 'self'; form-action 'self' www.facebook.com forms.hsforms.com; upgrade-insecure-requests ; connect-src 'self' cdn.linkedin.oribi.io forms.hscollectedforms.net forms.hubspot.com analytics.google.com www.google-analytics.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com forms.hubspot.com stats.g.doubleclick.net script.crazyegg.com endpoint-direct-travel.cognigy.cloud api.hubapi.com api.sekandocdn.net tracking.crazyegg.com *.facebook.com wss://endpoint-direct-travel.cognigy.cloud analytics.google.com scout.salesloft.com *.googlesyndication.com; default-src 'self'; font-src data: 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com; frame-src 'self' platform.twitter.com *.hubspot.com hubspot.com www.google.com forms.hsforms.com www.facebook.com www.dt.com bid.g.doubleclick.net *.incontact.com *.joinsherpa.io td.doubleclick.net; img-src data: 'self' forms.hsforms.com *.ads.linkedin.com www.google-analytics.com www.google.com track.hubspot.com  maps.gstatic.com www.google.ca maps.googleapis.com no-cache.hubspot.com px.ads.linkedin.com perf.hsforms.com forms.hubspot.com www.facebook.com googleads.g.doubleclick.net *.dt.com glenwebapp.azurewebsites.net cms.mantic-services.com; manifest-src 'self'; media-src data: 'self'; object-src 'none'; prefetch-src 'self'; script-src 'unsafe-eval' 'report-sample' 'self' 'unsafe-inline' snap.licdn.com www.googletagmanager.com www.google-analytics.com www.google.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net www.gstatic.com maps.googleapis.com js.hsforms.net js.hscta.net forms.hsforms.com *.hubspot.com script.crazyegg.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net *.incontact.com sdk.joinsherpa.io snap.licdn.com px.ads.linkedin.com js.hsadspixel.net js.hsleadflows.net scout-cdn.salesloft.com js.hscollectedforms.net js.hsleadflows.net; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com hello.myfonts.net www.gstatic.com; worker-src 'none'; report-uri https://www.dt.com/wp-json/reporting-api/v1/reporting; report-to https://www.dt.com/wp-json/reporting-api/v1/reporting; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com http://*.webvisor.com https://webvisor.com http://webvisor.com 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' https: https://marker.io https://edge.marker.io; object-src 'none'; style-src 'unsafe-eval' 'unsafe-inline' https:; img-src blob: https: data: https://marker.io https://edge.marker.io https://media.marker.io; font-src https: data: https://marker.io https://edge.marker.io; child-src https://marker.io https://www.porto.pt https://porto-ponto-develop.now.sh; base-uri 'none'; frame-src https://marker.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.porto.pt https://porto-ponto-develop.now.sh https://dev.porto.pt; frame-ancestors 'self' https://cms.porto.pt; connect-src 'self' https://api.marker.io https://ssr.marker.io https://*.sentry.io https://cookie-cdn.cookiepro.com https://*.readspeaker.com https://www.google-analytics.com https://tagmanager.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://onesignal.com https://*.cm-porto.pt https://*.arcgisonline.com https://dev.porto.pt; form-action https://marker.io https://api.marker.io; media-src https://marker.io https://edge.marker.io https://media.marker.io 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' ;upgrade-insecure-requests;, default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
script-src 'unsafe-inline' 'unsafe-eval' https://* http://*; default-src 'unsafe-inline' https://* http://* data: 1
default-src *; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; style-src * 'self' 'unsafe-inline' blob:; img-src 'self' * data:; connect-src *; font-src * 'self'; frame-src *; object-src * 'self'; media-src *; child-src * 'self' 1
default-src 'self' https://api.pcivault.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vk.com https://widget.bank131.ru https://api.pcivault.io; img-src 'self' https://vk.com https://pp.vk.me *.userapi.com; style-src 'self' 'unsafe-inline' https://widget.bank131.ru; font-src 'self'; frame-src 'self' https://vk.com https://widget.bank131.ru; object-src 'self' 1
connect-src https://7gogo.jp https://contents.7gogo.jp https://stat.7gogo.jp https://moviestat.7gogo.jp https://api.7gogo.jp https://movie.7gogo.jp https://ogcdn.7gogo.jp wss://sck.7gogo.jp 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://outages.otpco.com https://www.google.com https://www.gstatic.com/ https://e.issuu.com www.youtube.com otpgis.maps.arcgis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/ https://*.fontawesome.com https://cdn.weglot.com connect.facebook.net cdnjs.cloudflare.com https://*.cloudfront.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.weglot.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://web.delighted.com https://www.google-analytics.com https://www.googletagmanager.com https://*.fontawesome.com https://cdn.weglot.com https://cdn-api-weglot.com https://connect.facebook.net; img-src 'self' data: https://e.issuu.com https://www.google-analytics.com https://www.facebook.com https://www.glassdoor.com https://*.googletagmanager.com https://i.ytimg.com; 1
default-src 'self' http://*.kanhan.com http://*.addthis.com;style-src 'self' 'unsafe-inline' http://*.kanhan.com http://*.google.com https://*.google.com http://*.googleapis.com; img-src * 'self' http://www.w3.org http://*.google.com https://*.google.com https://www.google.com.hk https://stats.g.doubleclick.net http://*.gstatic.com http://*.googleapis.com http://www.google-analytics.com https://www.facebook.com https://googleads.g.doubleclick.net http://1.gravatar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ http://pagead2.googlesyndication.com https://adservice.google.com.hk https://googleads.g.doubleclick.net http://www.googleadservices.com https://connect.facebook.net http://*.google.com https://*.google.com http://*.kanhan.com https://h5p.org http://*.addthis.com http://*.google.com http://*.googleapis.com http://www.googletagmanager.com http://crypto-js.googlecode.com https://crypto-js.googlecode.com  https://*.googleapis.com http://*.google-analytics.com https://*.facebook.com http://*.youtube.com https://*.youtube.com http://www.virtuozzo.com http://www.parallels.com https://*.google.com/ http://p.jwpcdn.com https://ssl.p.jqpcdn.com;  connect-src 'self' https://googleads.g.doubleclick.net http://*.youtube.com https://*.youtube.com http://*.googleapis.com; object-src http://*.youtube.com https://*.youtube.com http://*.googleapis.com http://www.starferry.com.hk 'self'; child-src 'self' https://www.google.com https://docs.google.com http://*.youtube.com https://*.youtube.com https://h5p.org; frame-src 'self' https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://docs.google.com http://*.youtube.com https://*.youtube.com https://h5p.org; font-src 'self' http://fonts.gstatic.com 1
script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
frame-ancestors 'self' https://www.miracomosehace.com https://comosehace.com https://www.comosehace.com; 1
default-src 'self' www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://accounts.flatiron.com data:; script-src 'self' 'unsafe-inline' www.datadoghq-browser-agent.com rum.browser-intake-datadoghq.com; frame-ancestors https://*.oncoemr.com; report-uri https://csp.flatiron.com/csp-report 1
base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com www.clarity.ms cloudflareinsights.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com rebound.postmarkapp.com *.cookieyes.com cdn-cookieyes.com img.niagarafalls.ca arcweb2019.niagarafalls.ca cdn.monsido.com *.arcgisonline.com *.arcgis.com portal.niagarafalls.ca https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null cdnjs.cloudflare.com fonts.gstatic.com niagarafalls.ca  *.arcgis.com;form-action 'self' *.paypal.com *.readspeaker.com *.paymentus.com niagarafalls.ca;frame-ancestors 'self' open.niagarafalls.ca niagarafalls.hub.arcgis.com map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca niagarafalls.maps.arcgis.com mapme.com viewer.mapme.com www.facebook.com maps.googleapis.com *.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com console.cloudinary.com cloudinary.com niagarafalls.ca ;img-src data: 'self' blob: img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.googletagmanager.com www.youtube.com *.monsido.com *.googleapis.com *.arcgisonline.com *.arcgis.com cdn-cookieyes.com portal.niagarafalls.ca https://*.google.com c.clarity.ms c.bing.com https://*.google.ca;media-src 'self' *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: google.com www.google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com www.clarity.ms *.cloudflareinsights.com connect.facebook.net *.readspeaker.com rebound.postmarkapp.com cdn.monsido.com www.youtube.com cse.google.com clients1.google.com https://*.smartlook.com cdn-cookieyes.com https://*.smartlook.cloud *.arcgisonline.com *.arcgis.com 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com *.arcgis.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1
img-src 'self' https: data: blob:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.cookielaw.org https://js.intercomcdn.com https://maps.googleapis.com https://widget.intercom.io https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://static.hotjar.com https://cdn.taboola.com https://www.google-analytics.com https://*.analytics.google.com https://script.hotjar.com https://trc.taboola.com; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://cdn.cookielaw.org https://maps.googleapis.com https://privacyportal-eu.onetrust.com wss://nexus-websocket-a.intercom.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://trc-events.taboola.com https://www.facebook.com https://geolocation.onetrust.com; font-src 'self' https://fonts.intercomcdn.com; frame-src 'self' https://www.facebook.com; img-src 'self' data: https://*.kinstacdn.com https://cdn.cookielaw.org https://downloads.intercomcdn.com https://static.intercomassets.com https://*.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.de https://maps.googleapis.com https://*.analytics.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-swBJyFfwCH5iA14ukIBIx/J5wP06z0' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' http://pudtoday http://prointnet 1
frame-ancestors 'self' https://www.rafi.com/ 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-EwRFIgV+WG1MMkD8XNjVZA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
frame-ancestors 'self' flexilivre.com *.flexilivre.com 1
frame-ancestors 'self' https://www.gluecksspiel-behoerde.de/ 1
script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' data: https://static.scooter-system.fr https://fonts.gstatic.com https://scooter-system-fr.social-3w.com; upgrade-insecure-requests; base-uri 'self'; 1
default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; frame-src 'self' *.google.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  fonts.googleapis.com *.gstatic.com *.bing.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.fontawesome.com; connect-src 'self' *.bing.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com; img-src 'self' data: *.passportcorporate.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.bing.com *.fontawesome.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.passportcorporate.com *.bing.com *.virtualearth.net *.fontawesome.com; base-uri 'self'; form-action 'self' *.passportcorporate.com *.pasportdining.com www.microsoftprime.com oracleperks.com *.microsoftonline.com; 1
frame-ancestors 'self' https://*.microsoft.com https://*.microsoft.us https://*.frameable.com; 1
img-src * data:; media-src * blob:, default-src * data: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://*.ylyun.com; 1
default-src 'self'; connect-src 'self' maps.googleapis.com *.woosmap.com *.wpforms.com *.xiti.com *.linkedin.oribi.io *.ingest.sentry.io *.privacy-center.org *.googlesyndication.com; font-src 'self' data: *.wp.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.woosmap.com; img-src 'self' data: *.gravatar.com *.linkedin.com *.facebook.com *.kiloutou.com *.google.fr *.google.com *.woosmap.com *.privacy-center.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kiloutou.com *.kiloutou.fr *.googletagmanager.com/gtm.js *.wp.com *.typekit.net *.gstatic.com *.ggpht.com maps.googleapis.com *.google.com *.parsely.com www.googletagmanager.com *.cloudflare.com polyfill.io *.polyfill.io *.woosmap.com connect.facebook.net sdk.privacy-center.org snap.licdn.com tag.aticdn.net googleads.g.doubleclick.net *.youtube.com *.googleadservices.com *.ingest.sentry.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.woosmap.com; frame-src 'self' www.googletagmanager.com *.google.com *.youtube.com *.facebook.com kiloutou.youcanbook.me *.doubleclick.net; manifest-src 'self'; worker-src 'self' blob:; form-action 'self' *.facebook.com; object-src 'none'; 1
default-src 'self'; font-src 'self' https://use.typekit.net; media-src 'self' https://videos.ctfassets.net/ https://assets.ctfassets.net/; style-src 'self' https://use.typekit.net https://p.typekit.net/ https://tags.srv.stackadapt.com/ 'unsafe-inline'; img-src 'self' data: https://www.google.com/ https://www.google.us/ https://www.google.ca/ https://www.google.se/ https://www.google.co.uk/ https://www.google.in/ https://www.google.de/ https://www.google-analytics.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://images.ctfassets.net/ https://track.hubspot.com/ https://px4.ads.linkedin.com/ https://lltrck.com/ https://www.googletagmanager.com https://bat.bing.com/ https://www.facebook.com/ https://c.clarity.ms/ https://c.bing.com/ https://p.adsymptotic.com/ https://*.analytics.google.com https://*.google-analytics.com https://cds.taboola.com https://forms.hsforms.com https://forms-na1.hsforms.com; script-src 'self' 'sha256-x2caRkAvzUicG/HXAv3JS2nKl9p6sPMq3s5Pa60GwYA=' 'sha256-LO0CSiUB4hEuJRRVPU2mIqzvwA4nzHoQjdEgQLQ0dpo=' 'sha256-vvcKGX/UCUXT+RHAj9KvTr7MP7l5fPxQGVVI1JAN4jI=' 'sha256-RMTTgq4FKNTzCjmITLbRgy347NrfzPUNCcypg8/pXIo=' 'sha256-ab+zw8C2rlqx2OaEDu77wU/bY/7MI4+PnJfVypOC/68=' 'sha256-aQzxV2CypqCIUn+V/a/tEAnx1ohVUx6btRwrRFuM9Sw=' 'sha256-f59mGotTj5wyQjyeIXDdrv7Cnzc7DHLketg900+/Q8E=' 'sha256-GEjl0C+mAm6fjVEfzFNT6GYmBdEFqCLsppstg5wOiwU=' 'sha256-3XEKoO6cliWYlG84Za50lkKgGh05dGQJwmRSCHINUBE=' 'sha256-KnfNcrbiJKjgUZZ7UAwUwkr3bWl+gKJSzUZG+kQoa0c=' 'sha256-3r/tXUcKpQeF8oLk8x2erGglcWlx8nriJHFr+N8pSH0=' 'sha256-Jmw6YP9HEDF7id9LcmBXRaiPL+1A+bm/zyj90uyPr58=' 'sha256-GBuTE51K3YbYdlMBh2Rb8q4P85Sgi94wPiwkjh1UyQs=' 'sha256-3/xPb5LCQoPik+OdmYqQ+89c1Uy/iOouufJgCmYi5o8=' 'sha256-lqqhQRqs/MJ9BMa6ERBOVydQFRGWQMPtsd0LH+lg/zE=' 'sha256-OEI6EAEmfSq1fJ3ZfFhT6mtMyruCMt1Zb7RBtULMxaU=' 'sha256-JkgKuRKS8JZWW6kcVVVWxi/hDjAj/0JyXtsgG7DaPNc=' 'sha256-+0n1BTlZsSZ9om/M08LYTj5GAl53TLWILTHCg+JRujI=' 'sha256-rAF7jjSxCaygUGwIncfpV8ZhVb7tM9cf3xGrg1hJEzI=' 'sha256-1H4tKBDc7o6HbiUd6Zyv/mI49GZ39+WvFVFD3lDGF8g=' https://www.google.com/ https://www.google.us/ https://www.google.ca/ https://www.google.se/ https://www.google.co.uk/ https://www.google.in/ https://www.google.de/  https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://snap.licdn.com/ http://js.hsforms.net/ http://js.hs-scripts.com/ https://js.usemessages.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://js.hsleadflows.net/ https://www.googletagmanager.com/ https://lltrck.com/ https://static.hotjar.com/ https://bat.bing.com/ https://www.clarity.ms/ https://connect.facebook.net/ http://cdn.taboola.com/ https://tags.srv.stackadapt.com/ https://trc.taboola.com/ https://script.hotjar.com/ https://cds.taboola.com/ https://app.posthog.com/; connect-src 'self' https://assets.ctfassets.net/ https://www.google-analytics.com/ https://boards-api.greenhouse.io/ https://forms.hsforms.com/ https://api.hubspot.com/ https://forms.hubspot.com/ https://forms.hubspot.com/ https://js.hs-banner.com/ https://track.hubspot.com/ https://api.hubapi.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://l.clarity.ms/ https://tags.srv.stackadapt.com/ https://trc-events.taboola.com/ https://in.hotjar.com/ wss://ws6.hotjar.com/ https://ws6.hotjar.com/ https://vc.hotjar.io/ https://e.clarity.ms/ https://*.analytics.google.com https://*.google-analytics.com https://fast.wistia.com/oembed https://cdn.linkedin.oribi.io/partner https://csmetrics.hotjar.com/ https://app.posthog.com/; frame-src 'self' https://forms.hsforms.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net/ https://fast.wistia.net/embed/ https://www.youtube.com/embed/; 1
default-src 'self'; worker-src * blob:; connect-src * 'unsafe-eval' 'unsafe-inline'; font-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; frame-ancestors *.malarenergi.se *.psplugin.com; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com css.zohocdn.com css.zohostatic.com https://fonts.gstatic.com *.vapewholesaleusa.com data: 'self' 'unsafe-inline'; form-action *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.authorize.net *.weltpixel.com *.google.com *.vapewholesaleusa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com flagpedia.net https://omnisnippet1.com https://wt.soundestlink.com store.paradoxlabs.com www.google.nl www.google.us stats.g.doubleclick.net http://www.google-analytics.com www.qstatic.com salesiq.zohopublic.com css.zohocdn.com *.vapewholesaleusa.com forms.soundestlink.com formsv2.soundestlink.com track.hubspot.com forms.hsforms.com www.google.com.ua shareasale.com forms.hscollectedforms.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io maps.googleapis.com https://omnisnippet1.com https://forms.soundestlink.com *.authorize.net sandbox-assets.secure.checkout.visa.com salesiq.zoho.com js.zohocdn.com js.zohostatic.com http://www.google-analytics.com *.google.com www.google.us https://maps.googleapis.com static.zohocdn.com *.vapewholesaleusa.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com www.dwin1.com https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com css.zohocdn.com css.zohostatic.com *.googleapis.com https://www.gstatic.com *.vapewholesaleusa.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com cdn.ampproject.org *.googleapis.com www.gstatic.com maps.googleapis.com *.authorize.net forms.soundestlink.com salesiq.zohopublic.com vts.zohopublic.com wss://vts.zohopublic.com stats.g.doubleclick.net *.analytics.google.com www.google.nl www.google.us *.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net *.vapewholesaleusa.com forms.hscollectedforms.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com maxcdn.bootstrapcdn.com/bootstrap/;script-src 'self' 'unsafe-inline' 'sha256-VdTQZOOA6p1QIhBQM+axlBd0ikS+W/fho1WFPEVTcdA=' 'sha256-hTgPDWH3bFiktidL8cMsfkXM6Ogilz4b6Lpu1LFfuVY=' 'sha256-IVTX1bzPNltIPLdsFeZk+nKFINl7asA6bu4R5omBVYg=' 'sha256-xvuzM/z0/wzFPrP3fuxSSgBe2DWSn2DZlvjQ73RWI0w=' *.e-space.se *.google-analytics.com *.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.twitter.com *.instagram.com *.twimg.com https://cloud.highcharts.com https://code.highcharts.com https://cloud-api.highcharts.com/chart/* https://api.everviz.com/chart/* https://app.everviz.com https://arkivverket.topdesk.net 'nonce-2CJ4vQ3Uv9SciBni9oB7wTgq36ye4UonJJoBaDT6X7Q';img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.facebook.com *.twitter.com *.instagram.com *.twimg.com *.doubleclick.net fonts.gstatic.com;font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com/bootstrap/;frame-src 'self' *.facebook.com  *.vimeo.com *.youtube.com  *.issuu.com dreambroker.com livestream.com *.tvvest.no *.nrk.no *.soundcloud.com *.twitter.com *.instagram.com https://arkivverket.topdesk.net *.youtube-nocookie.com;connect-src 'self' *.google-analytics.com https://api.everviz.com; 1
default-src 'self' *.poc-vynetrellis.com poc-vynetrellis.com *.poc-rpractice.com poc-rpractice.com; child-src 'self' blob: *.pendo.io poc-vynetrellis.com *.poc-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.poc-vynetrellis.com wss://poc-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.poc-vynetrellis.com poc-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.poc-vynetrellis.com poc-vynetrellis.com *.poc-rpractice.com poc-rpractice.com *.pendo.io; frame-src 'self' *.poc-vynetrellis.com poc-vynetrellis.com previewapp.poc-vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.poc-vynetrellis.com poc-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.poc-vynetrellis.com poc-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self' *.cloudinary.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.osvhub.com *.osvmosaicservices.com *.pendo.io *.telerik.com; img-src 'self' *.cloudinary.com *.google.com *.googleapis.com *.osvhub.com *.pendo.io *.telerik.com osv.zendesk.com static.zdassets.com v2assets.zopim.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com d2uinmo2bcbdsn.cloudfront.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com js.datadome.co *.omeda.com osvchat.osv.com *.osvmosaicservices.com *.pendo.io *.telerik.com widgets.hive.genesys.com ekr.zdassets.com ekr.zendesk.com zendesk-eu.my.sentry.io osv.zendesk.com static.zdassets.com wss://osv.zendesk.com wss://*.zopim.com *.zopim.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com api-js.datadome.co *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagservices.com *.launchdarkly.com *.omeda.com osvchat.osv.com *.osvhub.com pagead2.googlesyndication.com data.pendo.io *.pendo.io *.visualstudio.com widgets.hive.genesys.com ekr.zdassets.com ekr.zendesk.com zendesk-eu.my.sentry.io osv.zendesk.com static.zdassets.com wss://osv.zendesk.com wss://*.zopim.com *.zopim.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinary.com *.fontawesome.com *.googleapis.com *.osvhub.com *.pendo.io *.telerik.com; media-src 'self' content.osvhubstaticcontent.com static.zdassets.com; frame-src *.osvmosaicservices.com app.pendo.io geo.captcha-delivery.com status.osvhub.com suggestions.osvhub.com upload-widget.cloudinary.com www.google.com/recaptcha/; worker-src blob:; 1
font-src 'self' fonts.cdnfonts.com storage.googleapis.com fonts.gstatic.com data: static.zipmoney.com.au use.typekit.net zip-co-media.imgix.net cdn.honey.io zip-co-media.s3.ap-southeast-2.amazonaws.com shopping.qantas.com; img-src 'self' blob: https://tags.srv.stackadapt.com *.revolveassets.com site-assets.afterpay.com analytics.pangle-ads.com static.zip.co *.media-amazon.com afends.com api.fillr.com static.afterpay.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net *.adyen.com www.magentocommerce.com www.wildfireshoes.com.au streetviewpixels-pa.googleapis.com media.littlebirdie.com.au *.bing.com www.google.com.ua www.google.com.pk www.google.ie www.google.com.br www.google.se www.google.com.np www.google.co.ve www.google.to www.google.fi www.google.rs www.google.mu www.google.com.hk www.google.co.th www.google.it www.google.no www.google.com.tw www.google.sc www.google.com.lb www.google.com.do www.google.com.gh www.google.es www.google.fr www.google.vu www.google.cn www.google.gr www.google.com.eg www.google.ba www.google.so www.google.com.vn www.google.tl www.google.com.bd www.google.com.fj www.google.de accounts.google.com https://apse-www.securly.com/ region1.analytics.google.com data: mcstaging.spendless.com.au static.zipmoney.com.au www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com www.gstatic.com zip.co ct.pinterest.com www.pinterest.com foursixty.com pubads.g.doubleclick.net spendless-media.global.ssl.fastly.net static.secure-afterpay.com.au www.google.co.kr www.google.com.kh *.nr-data.net connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.google.co.nz www.google.com.pg analytics.google.com stats.g.doubleclick.net spendlessshoes.zendesk.com translate.google.com www.google.co.uk www.ohhi.com.au www.olympusshoes.com.au www.spendless.co.nz www.vybeshoes.com.au adservice.google.com www.google.at prf.hn r1-t.trackedlink.net s3-ap-southeast-2.amazonaws.com scontent.cdninstagram.com v2assets.zopim.io www.google.com.ph prod.smassets.net www.google.ca www.google.com.bz www.google.co.in www.google.com.my www.spendless.com.au cdn.honey.io d2f9o9wxwalx4m.cloudfront.net d2si65qo4je8x4.cloudfront.net fonts.gstatic.com integration-assets.laybuy.com www.google.co.jp www.google.com.mx www.google.nl www.google.co.id www.google.lk analytics.tiktok.com www.google.ae www.google.co.za www.google.com.sa www.google.com.sg r1.trackedweb.net cloud.shopback.com i.ytimg.com khms0.googleapis.com khms1.googleapis.com; script-src-elem 'self' 'unsafe-inline' data: https://ct.pinterest.com/static/ct/token_create.js https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com *.squarecdn.com cdn.ingest-lr.com www.paypal.com wisepops.net cdn.statstrk01.com cdnjs.cloudflare.com cdn.logrocket.com *.logrocket.io connect.facebook.net pay.google.com portal-sandbox.afterpay.com r1-t.trackedlink.net static.trackedweb.net static.zipmoney.com.au trx-cdn.zip.co static.zip.co www.google-analytics.com www.google.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.gstatic.com analytics.tiktok.com *.nr-data.net bat.bing.com *.lr-ingest.io cdn.pinpayments.com developers.expr3ss.com foursixty.com googleads.g.doubleclick.net *.newrelic.com loader.wisepops.com online.spendless.com.au online.wildfireshoes.com.au online.olympusshoes.com.au online.vybeshoes.com.au portal.afterpay.com maps.googleapis.com online.everflex.com.au online.ohhi.com.au stats.ryzeo.com geoip-js.com d3exa1vrf7fywl.cloudfront.net static.zdassets.com bs.serving-sys.com widget-mediator.zopim.com webinsight.s3.amazonaws.com ajax.googleapis.com tpc.googlesyndication.com widget.surveymonkey.com s.pinimg.com apis.google.com r1.dotmailer-surveys.com; connect-src 'self' https://tags.srv.stackadapt.com r.ingest-lr.com analytics.pangle-ads.com spay.samsung.com translate.googleapis.com www.google.co.uk www.google.ca d3exa1vrf7fywl.cloudfront.net *.zip.co www.bing.com properties *.googlesyndication.com pay.google.com google.com static.zipmoney.com.au analytics.google.com api.sandbox.zipmoney.com.au *.adyen.com r1.trackedweb.net www.facebook.com www.google-analytics.com www.google.com.au analytics.tiktok.com api.amplitude.com *.nr-data.net *.newrelic.com bat.bing.com ct.pinterest.com foursixty.com r.logrocket.io *.lr-ingest.io reporting.ap2.fredhopperservices.com stats.g.doubleclick.net trx.sandbox.zip.co www.google.co.kr www.google.com.kh adservice.google.com api.zipmoney.com.au spendlessshoes.zendesk.com maps.googleapis.com olympusshoes.zendesk.com trx.zip.co wildfireshoes.zendesk.com www.google.com spendlessshoes-nz.zendesk.com everflex.zendesk.com zip.co geoip-js.com image-complainer.foursixty.com ohhi.zendesk.com www.google.com.pg ekr.zdassets.com www.google.co.nz region1.analytics.google.com metrics.foursixty.com wss://widget-mediator.zopim.com m1.openfpcdn.io zendesk-eu.my.sentry.io www.google.com.ph t.zip.co s3.ap-southeast-2.amazonaws.com www.google.com.my www.googletagmanager.com www.google.co.jp www.google.com.mx www.google.nl www.google.co.id www.google.ae www.google.co.in www.google.co.za www.google.lk; form-action 'self' *.adyen.com www.rsa3dsauth.co.uk www.facebook.com ct.pinterest.com www.securesuite.co.uk geoissuer.cardinalcommerce.com authentication.cardinalcommerce.com secure7.arcot.com connect.facebook.net secure5.arcot.com mycardsecure.com; frame-ancestors 'self'; frame-src * 'self'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'self' data: 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com cdn.ingest-lr.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net secure.shoptimizelymac.com wisepops.net accounts.google.com https://apse-www.securly.com/ r1.dotmailer-surveys.com pay.google.com cdn.statstrk01.com analytics.tiktok.com *.nr-data.net bat.bing.com connect.facebook.net *.newrelic.com maps.googleapis.com online.spendless.com.au online.vybeshoes.com.au online.wildfireshoes.com.au trx-cdn.zip.co static.zip.co www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com cdn.pinpayments.com googleads.g.doubleclick.net portal.afterpay.com static.zipmoney.com.au cdn.logrocket.com *.logrocket.io *.lr-ingest.io stats.ryzeo.com foursixty.com geoip-js.com online.ohhi.com.au d3exa1vrf7fywl.cloudfront.net static.zdassets.com online.everflex.com.au widget-mediator.zopim.com cdnjs.cloudflare.com online.olympusshoes.com.au r1-t.trackedlink.net static.trackedweb.net webinsight.s3.amazonaws.com wasm-eval loader.wisepops.com s.pinimg.com bs.serving-sys.com developers.expr3ss.com ajax.googleapis.com tpc.googlesyndication.com widget.surveymonkey.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://tags.srv.stackadapt.com www.gstatic.com static.zipmoney.com.au use.typekit.net fonts.googleapis.com foursixty.com p.typekit.net pwm-image.trendmicro.com cdn.honey.io www.googletagmanager.com; worker-src blob:; style-src 'self' https://tags.srv.stackadapt.com gateway.zscalerone.net gateway.zscalerthree.net fonts.googleapis.com p.typekit.net use.typekit.net foursixty.com 'unsafe-inline' static.zipmoney.com.au; child-src ct.pinterest.com online.vybeshoes.com.au online.wildfireshoes.com.au www.facebook.com www.google.com online.spendless.com.au 513439.stats.ryzeo.com *.adyen.com bid.g.doubleclick.net d3exa1vrf7fywl.cloudfront.net blob: www.securesuite.co.uk www.youtube.com googleads.g.doubleclick.net online.everflex.com.au online.olympusshoes.com.au www.google.co.nz; manifest-src 'self'; media-src www.bing.com static.zdassets.com data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net edgeshoppingstatic.azureedge.net 513439.stats.ryzeo.com translate.googleapis.com adservice.google.com analytics.google.com analytics.tiktok.com api.zipmoney.com.au bat.bing.com cdnjs.cloudflare.com connect.facebook.net ct.pinterest.com data: ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com foursixty.com geoip-js.com googleads.g.doubleclick.net *.newrelic.com loader.wisepops.com online.spendless.com.au pubads.g.doubleclick.net r1-t.trackedlink.net r1.trackedweb.net reporting.ap2.fredhopperservices.com s.pinimg.com spendless-media.global.ssl.fastly.net spendlessshoes.zendesk.com static.secure-afterpay.com.au static.trackedweb.net static.zdassets.com static.zipmoney.com.au stats.g.doubleclick.net stats.ryzeo.com trx-cdn.zip.co trx.zip.co www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.gstatic.com zip.co d3exa1vrf7fywl.cloudfront.net webinsight.s3.amazonaws.com everflex.zendesk.com online.everflex.com.au region1.analytics.google.com s3-ap-southeast-2.amazonaws.com self wss wss://widget-mediator.zopim.com www.facebook.com www.google.nl api.amplitude.com *.nr-data.net bid.g.doubleclick.net blob: bs.serving-sys.com cdn.logrocket.com *.logrocket.io *.lr-ingest.io cdn.pinpayments.com *.adyen.com image-complainer.foursixty.com maps.googleapis.com maps.gstatic.com olympusshoes.zendesk.com online.olympusshoes.com.au online.vybeshoes.com.au online.wildfireshoes.com.au portal.afterpay.com *.lr-ingest.io scontent.cdninstagram.com spendlessshoes-nz.zendesk.com; report-uri https://d452b6435829d1ea8af4e8dca7c71fa8.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' http://zpe20virtual.expo-ip.com/ https://app.swapcard.com https://zpeventapp.app.swapcard.com https://spring-live.fairverify.com https://studio.swapcard.com 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-cj+wiaDAYhm4QiKWvfxVLg=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com 'unsafe-inline' 'nonce-cj+wiaDAYhm4QiKWvfxVLg=='; report-uri /csp/report 1
frame-ancestors 'self' https://*.csaware.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src 'self' * data:; frame-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://israelgives.org https://www.israelgives.org * *.israelgives.org * *.israelgives.org *.israeltoremet.org https://giving.technology/ https://*.giving.technology/  *.giving.technology *.israelgives.info *.secureddonation.com https://*.paypal.com/ https://www1.matchinggifts.com/ https://*.wufoo.com/ https://cdn.equalweb.com/ https://geo-targetly.com/ https://secureddonation.com/ https://*.taboola.com/ https://*.cloudfront.net/ https://*.crwdcntrl.net/ https://*.outbrain.com/ https://cdn.taboola.com/  https://secure.meshulam.co.il/ https://ajax.cloudflare.com/ https://secure7.arcot.com/ https://*.stripe.com/   https://secure.meshulam.co.il/ https://z.moatads.com/ https://my.israelgives.org/ https://v1.addthisedge.com/ https://*.addthis.com https://addthis.com https://use.fontawesome.com/ https://israelgives.org/ https://smarticon.geotrust.com/ https://javamatch.matchinggifts.com/ https://tt1.zedo.com/ https://ww2.matchinggifts.com/ https://s7.addthis.com/ https://www.matchinggifts.com/ https://secure.comodo.com/ wss://nexus-websocket-a.intercom.io/ https://js.intercomcdn.com/ https://api-iam.intercom.io/ https://widget.intercom.io/ https://maxcdn.bootstrapcdn.com/ https://p.typekit.net/ https://israelgives.piwikpro.com/ https://code.jquery.com/ https://www.google.co.il/ https://googleads.g.doubleclick.net/ https://*.gstatic.com/ https://cdnjs.cloudflare.com/   https://www.googletagmanager.com/ https://kit.fontawesome.com/  https://*.googleapis.com/ https://ka-p.fontawesome.com/ https://bid.g.doubleclick.net/ https://fonts.gstatic.com https://www.facebook.com  https://stats.g.doubleclick.net https://use.typekit.net/ https://connect.facebook.net https://*.google-analytics.com https://maps.gstatic.com  https://www.google.com https://www.googleadservices.com https://www.youtube.com https://www.leket.org https://cdn.jsdelivr.net/;                  style-src 'self' 'unsafe-inline' https://*.israelgives.org/ https://*.israeltoremet.org/ https://giving.technology/ https://*.giving.technology/  https://*.cloudfront.net/ https://ka-p.fontawesome.com/ https://p.typekit.net/ https://*.googleapis.com/  https://maxcdn.bootstrapcdn.com/ https://use.typekit.net/ https://fonts.gstatic.com https://israelgives.piwikpro.com/ https://p.typekit.net/ https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/;                  img-src 'self' * data: https: image/png *.israelgives.org *.israeltoremet.org *.giving.technology *.secureddonation.com https://*.stripe.com/ https://*.gstatic.com/ https://*.taboola.com/ https://*.google.com/ https://*.google.co.il/ https://*.outbrain.com/ https://*.google-analytics.com https://*.facebook.com 1
default-src https: 'unsafe-inline' data:; style-src 'self' static.64bitswebhosting.eu code.jquery.com 'unsafe-inline' 1
default-src * data: blob: 'self';script-src *.konzerthaus-dortmund.de *.googletagmanager.com *.sharethis.com portal.safe-port.cloud *.bing.com *.typekit.net *.facebook.net *.gstatic.com *.issuu.com *.enuerto.net *.google-analytics.com *.google.com *.jquery.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;form-action 'self' https://konzerthaus-dortmund.com https://*.konzerthaus-dortmund.com https://*.inxmail.com https://www.facebook.com/tr/ https://*.ipg-online.com https://www.paypal.com/; connect-src *.konzerthaus-dortmund.com *.konzerthaus-dortmund.de portal.safe-port.cloud *.facebook.net *.google-analytics.com *.google.com *.doubleclick.net *.sharethis.com *.bing.com updates.expressionengine.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com www.googletagmanager.com www.google-analytics.com https://static.hotjar.com https://script.hotjar.com ajax.googleapis.com www.gstatic.com www.google.com cdn.cookielaw.org *.onetrust.com onetrust.com cookie-cdn.cookiepro.com https://www.vimeo.com https://vimeo.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com fonts.gstatic.com https://static.hotjar.com https://script.hotjar.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://script.hotjar.com; media-src 'self'; img-src 'self' www.google-analytics.com r1-scaler.ddglib.com i.emlfiles.com https://static.hotjar.com data: https://script.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com onetrust.com *.google-analytics.com *.analytics.google.com https://i.vimeocdn.com https://siteintercept.qualtrics.com; frame-src 'self' https://vars.hotjar.com www.youtube.com www.google.com player.vimeo.com www.ussbenefitillustrator.co.uk www.ussbenefitmodeller.co.uk www.modellers.usshq.co.uk uss.minerva.info w.soundcloud.com https://*.qualtrics.com; frame-ancestors 'self'; connect-src 'self' www.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com onetrust.com *.google-analytics.com *.analytics.google.com https://*.qualtrics.com 1
frame-ancestors http://localhost:* capacitor://localhost 1
frame-ancestors 'self' https://manage.mwrf.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'none'; img-src 'self' data: https://*.jivosite.com https://*.jivo.ru https://www.gstatic.com https://*.giphy.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://*.jivosite.com https://*.jivo.ru; script-src 'self' 'unsafe-inline' https://*.jivosite.com https://*.jivo.ru; font-src 'self'; connect-src 'self' https://*.jivosite.com wss://*.jivosite.com https://*.jivo.ru wss://*.jivo.ru; frame-src https://*.niks.by https://*.jivosite.com https://*.jivo.ru https://niks-by.speedtestcustom.com; frame-ancestors 'none'; media-src https://*.jivosite.com https://*.jivo.ru; base-uri 'self'; form-action 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.lussostone.com; base-uri 'self' 1
default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com;connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://akamai.tiqcdn.com https://*.google-analytics.com https://*.cloudinary.com https://*.akamaihd.net https://*.hotjar.io https://*.hotjar.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.criteo.com https://*.doubleclick.net https://www.gstatic.com;script-src 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://optimize.google.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://*.realytics.io https://klear.com https://px.adentifi.com https://*.realytics.io https://cdn-eu.realytics.net https://secure.adnxs.com https://p.teads.tv https://js.adsrvr.org https://klear.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com;img-src https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://secure.adnxs.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://px.adentifi.com https://www.facebook.com https://secure.adnxs.com https://*.teads.tv https://pixel.mediaiqdigital.com https://*.yahoo.com https://sync.outbrain.com https://res.cloudinary.com https://res.garmin.com;frame-src https://*.doubleclick.net https://*.criteo.com *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://www.youtube-nocookie.com https://gum.criteo.com https://insight.adsrvr.org;object-src 'none';base-uri 'self';upgrade-insecure-requests;form-action 'self';frame-ancestors 'self';script-src-attr 'none' 1
script-src 'strict-dynamic' https: 'nonce-913bf150-b522-4bfd-a583-bcb68333920f'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.line-scdn.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com *.fontawesome.com jpostal-1006.appspot.com msta.j-server.com;frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.twitter.com *.line.me *.facebook.com;media-src 'self' *.youtube.com *.youtube-nocookie.com;object-src 'self' *.youtube.com *.youtube-nocookie.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com;img-src 'self' data: blob: *.twitter.com *.google-analytics.com *.google.com placehold.jp *.google.co.jp;font-src 'self' data: fonts.gstatic.com *.fontawesome.com;connect-src 'self' api.iconify.design *.google-analytics.com *.googleanalytics.com *.google.com stats.g.doubleclick.net msta-orig.j-server.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com maps.googleapis.com *.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.google-analytics.com data: maps.gstatic.com *.googleapis.com *.ggpht.com maps.google.com *.doubleclick.net; font-src themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' *.google-analytics.com maps.google.com maps.googleapis.com *.doubleclick.net; report-uri /report-csp-violation 1
frame-ancestors 'self' http://www.sunsilk.it unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none' 1
default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self'; style-src-elem 'self'; img-src 'self'; 1
default-src  *.responsetap.com; base-uri  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; report-uri  https://not-available-yet.wesleyan.co.uk; report-to  https://not-available-yet.wesleyan.co.uk; upgrade-insecure-requests; manifest-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; connect-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://wesleyan.matomo.cloud *.google-analytics.com *.analytics.google.com https://www.google.co.uk https://app.responseiq.com *.responsetap.com https://bat.bing.com https://cscript-cdn-irl.cassiecloud.com https://cscript-irl.cassiecloud.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://metrics.responsetap.com https://api.wesleyan.co.uk https://dc.services.visualstudio.com/v2/track https://pagead2.googlesyndication.com *.clarity.ms; font-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://storage.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com; form-action  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://b2cwesleyanenv01prod.b2clogin.com https://sc92-wes-prod-si.azurewebsites.net; child-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://snapwidget.com https://www.podbean.com/ https://widget.trustpilot.com https://video.wesleyan.co.uk https://8931421.fls.doubleclick.net https://outlook.office365.com https://cscript-cdn-irl.cassiecloud.com https://optimize.google.com www.youtube-nocookie.com https://td.doubleclick.net; frame-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://snapwidget.com https://www.podbean.com/ https://widget.trustpilot.com https://video.wesleyan.co.uk https://8931421.fls.doubleclick.net https://outlook.office365.com https://cscript-cdn-irl.cassiecloud.com https://optimize.google.com www.youtube-nocookie.com https://td.doubleclick.net; frame-ancestors  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; img-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk data:  https://app.responseiq.com https://static.responseiq.com https://api.responseiq.com https://storage.responseiq.com https://www.google.fr https://www.facebook.com https://connect.facebook.net https://px.ads.linkedin.com https://www.linkedin.com https://www.dianomi.com https://content.cookieconfidence.com https://cdn.syrenis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://optimize.google.com https://static.hotjar.com https://script.hotjar.com *.clarity.ms *.bing.com; media-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; object-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  ; script-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://cc.cdn.civiccomputing.com https://cdn.matomo.cloud https://app.responseiq.com https://static.responseiq.com https://bat.bing.com https://connect.facebook.net https://js.buto.tv https://butoembed.twentythree.net https://snap.licdn.com https://widget.trustpilot.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cscript-cdn-irl.cassiecloud.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://secure.adnxs.com *.responsetap.com https://z.moatads.com www.youtube.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' 'unsafe-inline'; script-src-elem  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://cc.cdn.civiccomputing.com https://cdn.matomo.cloud https://app.responseiq.com https://static.responseiq.com https://bat.bing.com https://connect.facebook.net https://js.buto.tv https://butoembed.twentythree.net https://snap.licdn.com https://widget.trustpilot.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cscript-cdn-irl.cassiecloud.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://secure.adnxs.com *.responsetap.com https://z.moatads.com www.youtube.com https://www.clarity.ms 'unsafe-inline' 'unsafe-inline'; style-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk  https://static.responseiq.com https://cscript-cdn-irl.cassiecloud.com https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-inline'; worker-src  https://sc92-wes-prod-cm.azurewebsites.net https://sc92-wes-prod-cd.azurewebsites.net https://www.wesleyan.co.uk https://www2.wesleyan.co.uk https://my.wesleyan.co.uk https://b2c.wesleyan.co.uk https://myadmin.wesleyan.co.uk; 1
script-src 'nonce-ZGE1MWZkY2Q3OTExM2JkYzE2ZWIyNDBjODMwM2FkZDU=' 'strict-dynamic'; object-src 'none'; base-uri 'none'; frame-ancestors 'none' 1
frame-ancestors https://dnb-web-cms.azurewebsites.net; object-src 'none'; 1
default-src 'self' data: *.google-analytics.com *.googletagmanager.com *.analytics.google.com https://*.g.doubleclick.net https://*.google.com *.hotjar.io *.hotjar.com *.youtube-nocookie.com consentcdn.cookiebot.com *.youtube.com *.issuu.com *.office.com;script-src 'nonce-gxk7s/BPXi99uaCjYFHPime53t7wOeoXGPnftuP6yOQ=' 'strict-dynamic';style-src 'self' 'unsafe-inline'; 1
font-src use.fontawesome.com affect3dstore.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com maps.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com wnu.com https://plumrocket.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ cdn-pub.affect3d.com cdn-pub-ovh.affect3d.com stage.api.centrobill.com stage.pay.centrobill.com api.centrobill.com pay.centrobill.com https://plumrocket.com *.twitter.com *.google.com maps.googleapis.com api.shift4.com js.dev.shift4.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io affect3dstore.com affect3d.com cdn-pub.affect3d.com pay.wnu.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com t.dev.shift4.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.noibu.com affect3dstore.com pay.wnu.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.google.com maps.googleapis.com js.dev.shift4.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src use.fontawesome.com affect3dstore.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn-pub.affect3d.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.doubleclick.net wss://input.noibu.com https://input.noibu.com affect3dstore.com api.centrobill.com stage.api.centrobill.com https://api.userinfo.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk 1
default-src 'self' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-inline'  https://code.jquery.com/jquery-3.4.1.min.js https://code.jquery.com/jquery-3.6.1.min.js  https://code.jquery.com/jquery-migrate-3.4.0.min.js https://www.google-analytics.com/analytics.js; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://alwayscare.go2dental.com https://feeslookup.go2dental.com https://www.google.com; img-src 'self' data: https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://636ac1371587582478908709.endpoint.csper.io/?v=5; worker-src 'none'; 1
default-src * 'unsafe-inline' script-src *.subaru.pl google-analytics.com www.google-analytics.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-VbHsaAfeoC7WAOY911UoCA=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors 'self' http://intra.ifint.biz http://www.point-auto.dk http://point-auto.dk https://ekstrabladet.dk 1
base-uri 'self'; default-src 'none'; script-src 'strict-dynamic' 'nonce-e6ocJ7vswWzcT3Pr7LMbesJtfUR7Mn9L'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org i.ytimg.com maps.googleapis.com maps.gstatic.com s3.eu-west-1.amazonaws.com twemoji.maxcdn.com widget.kominfo.go.id www.googletagmanager.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com widget-v4.tidiochat.com; connect-src 'self' analytics.google.com maps.googleapis.com stats.addtoany.com stats.g.doubleclick.net widget.kominfo.go.id www.google-analytics.com wss://socket.tidio.co; media-src 'self' widget-v4.tidiochat.com; object-src 'none'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' docs.google.com newassets.hcaptcha.com public.tableau.com static.addtoany.com view.officeapps.live.com www.google.com www.youtube.com; manifest-src 'self'; worker-src 'self'; upgrade-insecure-requests; 1
frame-ancestors "self" https://*.cobee.io:*; 1
frame-ancestors 'self' *.poltio.com *.taboola.com https://creativecdn.com *.creativecdn.com;                      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.poltio.com https://creativecdn.com *.creativecdn.com https://*.jquery.com https://*.hotjar.com https://*.loyalsys.io https://*.newrelic.com https://*.thequin.ai https://*.emarsys.net https://*.nr-data.net https://hopi.io https://*.criteo.com https://*.googletagservices.com https://*.scarabresearch.com *.scarabresearch.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.setrowid.com https://*.google.com *.taboola.com https://analytics.tiktok.com https://bam.eu01.nr-data.net https://cdn-ukwest.onetrust.com https://content.linkedin.com https://connect.facebook.net https://cdn.taboola.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://maps.googleapis.com https://m.youtube.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://st-troy.mncdn.com https://trc.taboola.com https://www.youtube.com https://www.gstatic.com https://www.clarity.ms https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.useinsider.com;                      style-src 'self' 'unsafe-inline' *.poltio.com https://creativecdn.com *.creativecdn.com https://*.emarsys.net https://*.jquery.com *.google.com *.taboola.com *.licdn.com fonts.googleapis.com privacyportal-cdn.onetrust.com stock.setrow.com st-troy.mncdn.com www.googletagmanager.com https://*.useinsider.com https://*.emarsys.net;                      child-src 'self' blob: *.poltio.com https://creativecdn.com https://*.loyalsys.io *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net *.creativecdn.com connect.facebook.net www.youtube.com www.googletagmanager.com https://*.useinsider.com;                      base-uri 'self' *.taboola.com;                      worker-src 'self' blob: www.google.com;                      report-uri /WebResource.axd?cspReport=true; 1
frame-ancestors https://gooble.app https://windoge98.com  https://signalsicp.com https://kjfeq-waaaa-aaaan-qedva-cai.icp0.io https://spyzr-gqaaa-aaaan-qd66q-cai.icp0.io https://221bravo.app https://ht7v7-iaaaa-aaaak-qakga-cai.icp0.io https://mdocx-gyaaa-aaaak-qcbsq-cai.icp0.io https://calm-pasca-49d7be.netlify.app http://localhost:5173 https://zexzi-jyaaa-aaaam-abj3q-cai.icp0.io https://xw4dq-4yaaa-aaaam-abeuq-cai.ic0.app; 1
img-src 'self' data: d2x7nmti04c7jb.cloudfront.net d12rb2sujc56ip.cloudfront.net *.youtube.com *.clarity.ms *.doubleclick.net *.linkedin.com *.google.com *.facebook.com *.bing.com *.google.com.au image.useinsider.com sentinel.api.useinsider.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' service.force.com js.stripe.com unpkg.com *.google.com *.gstatic.com *.bytesroute.com bytesroute-backend.herokuapp.com cdn.jsdelivr.net cdnjs.cloudflare.com *.salesforceliveagent.com cdn.sheetjs.com modernteachingaidsau.api.useinsider.com *.teaching.com.au *.pardot.com *.bing.com *.google-analytics.com *.facebook.net *.doubleclick.net *.licdn.com *.googletagmanager.com *.modernstar.com *.clarity.ms *.facebook.com *.linkedin.com modernstar.my.salesforce.com modernstar.my.site.com static.lightning.force.com *.googleadservices.com skeleton-design-bundle.useinsider.com inone.useinsider.com/;script-src-attr 'self' 'unsafe-inline';frame-src 'self' *.stripe.com *.google.com service.force.com modernteachingaidsau.api.useinsider.com *.youtube.com go.modernstar.com webto.salesforce.com *.doubleclick.net *.facebook.com;connect-src 'self' bytesroute-backend.herokuapp.com *.typesense.net modernteachingaidsau.api.useinsider.com js.stripe.com *.useinsider.com *.teaching.com.au *.pardot.com *.bing.com *.google-analytics.com *.facebook.net *.doubleclick.net *.licdn.com *.googletagmanager.com *.linkedin.com *.clarity.ms *.facebook.com *.google.com *.linkedin.com modernstar.my.site.com;media-src 'self' https://www.w3schools.com *.youtube.com *.clarity.ms *.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net service.force.com cdn.jsdelivr.net modernstar.my.site.com skeleton-design-bundle.useinsider.com;object-src 'self';font-src 'self' data: *.typekit.net fonts.gstatic.com;form-action 'self' go.modernstar.com webto.salesforce.com go.pardot.com *.facebook.com;default-src 'self';base-uri 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src https: http: 'unsafe-inline' 'unsafe-eval'; connect-src *; font-src * data:;img-src * data: blob:; worker-src 'self' blob: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' youtube.com *.youtube.com youku.com *.niccolohotels.com niccolohotels.com *.niccolohotels.cn niccolohotels.cn *.dclook.com niccolobymarcopolo.asia *.niccolobymarcopolo.asia wharfhotels.com *.wharfhotels.com wharfhotels.cn *.wharfhotels.cn maqohotels.com *.maqohotels.com maqohotels.cn *.maqohotels.cn https://mhkmph2022hk-pro.dclook.com https://mhkmph2022hk-pro-admin.dclook.com marcopolohotels.com *.marcopolohotels.com marcopolohotels.cn *.marcopolohotels.cn 1
default-src 'none'; script-src 'self' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com *.lfeeder.com *.licdn.com *.facebook.net *.google-analytics.com *.googleadservices.com *.doubleclick.net 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net; img-src 'self' data: *.lfeeder.com *.facebook.com *.linkedin.com *.google.com *.google.mk *.adsymptotic.com *.google-analytics.com; style-src 'self' *.googleapis.com 'unsafe-inline';base-uri 'self';form-action 'self';font-src 'self' fonts.gstatic.com; media-src 'self'; frame-src 'self' https://www.google.com/ https://bid.g.doubleclick.net/ 1
frame-ancestors 'self' https://manage.mlo-online.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; connect-src 'self' https://analytics.openalt.org https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.google.com https://player.vimeo.com; img-src 'self' https: data: https://secure.gravatar.com; manifest-src 'none'; media-src https://videos.mozilla.org https://videos.cdn.mozilla.net; object-src https://www.youtube.com; prefetch-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com https://analytics.openalt.org https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://apis.google.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-src 'self' *.google.de google.de *.google.com google.com bi-demo.mip.co.za *.youtube.com; 1
default-src ws28.hotjar.com *.g.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com region1.analytics.google.com https://graylog.hotjar.com https://insights.hotjar.com https://region1.analytics.google.com https://app2.salesmanago.pl https://syndication.twitter.com salesmanago.pl app2.salesmanago.pl *.hotjar.com 'self'; font-src 'self'; style-src https://bitly.com www.google.com https://cse.google.com https://tagmanager.google.com platform.twitter.com https://ton.twimg.com 'self' 'unsafe-inline'; img-src clients1.google.com *.analytics.google.com https://static.hotjar.com https://abs.twimg.com https://www.facebook.com www.googleapis.com https://rpm.mennica.com.pl https://facebook.com https://pbs.twimg.com *.google-analytics.com syndication.twitter.com http://user-mrp-ow.ext.e-point.pl stats.g.doubleclick.net https://www.google.pl https://app2.salesmanago.pl https://user-mrp-ow.ext.e-point.pl https://o.twimg.com facebook.com www.google.com platform.twitter.com http://rpm.mennica.com.pl www.google-analytics.com https://ton.twimg.com 'self' data:; frame-src https://bitly.com https://*.google.com https://vars.hotjar.com https://www.googletagmanager.com www.google.com https://www.facebook.com www.youtube.com platform.twitter.com https://facebook.com https://www.youtube.com syndication.twitter.com www.yumpu.com 'self'; script-src http://*.google.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com www.googleapis.com https://facebook.com connect.facebook.net *.twitter.com https://bitly.com app2.emlgrid.com https://*.google.com http://www.google.com https://app2.salesmanago.pl static.hotjar.com www.googletagmanager.com https://www.gstatic.com https://www.googletagmanager.com facebook.com https://www.google-analytics.com https://app2.emlgrid.com app2.salesmanago.pl https://cdn.syndication.twimg.com https://cdn.jsdelivr.net www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src *.analytics.google.com https://app2.salesmanago.pl https://in.hotjar.com http://app2.salesmango.pl https://www.facebook.com *.hotjar.com *.google-analytics.com 'self' 1
frame-ancestors 'self' http://www.philips.se *.philips.com *.philips.se https://philipsigtdpv.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://ajax.googleapis.com https://platform.twitter.com https://embed-cdn.gettyimages.com https://static.smartframe.net https://embed.smartframe.net https://cdn.plyr.io https://cdn.jsdelivr.net https://feministcurrent2015.disqus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://c.disquscdn.com; img-src 'self' https: data:; media-src 'self' https://media.feministcurrent.com; frame-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://static.smartframe.net 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-k2gzDiZgby0xlKxUbakB0A==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://shoesize.me https://advisor.shoesize.me https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://*.shoesize.me; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://shoesize.me https://plugin.shoesize.me https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai https://analytics.shoesize.me; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.kickers.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://shoesize.me https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://tpc.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://www.googletagservices.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://*.shoesize.me https://storyboard.storystream.ai https://content.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://plugin.shoesize.me https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' https://script.crazyegg.com https://*.acsbapp.com https://*.youtube.com https://*.google-analytics.com https://*.google.com https://*.pusher.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://acsbapp.com https://*.youtube.com https://fonts.googleapis.com; script-src-elem 'self' data: 'unsafe-inline' https://*.googletagmanager.com https://acsbapp.com https://*.youtube.com https://www.google-analytics.com https://fonts.googleapis.com https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https: https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https: https://fonts.googleapis.com; object-src 'none'; form-action 'self'; report-to cf-nel 1
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' http://connect.facebook.net 1
frame-ancestors *.utalk.com utalk.com; 1
default-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com blob: data:; base-uri 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; form-action 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; frame-ancestors 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; object-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; img-src * 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; font-src 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; style-src 'self' 'unsafe-inline' https://kleio-public.spgroup-prod.magnolia-platform.com; connect-src 'self' data: *.google-analytics.com *.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://rum.browser-intake-datadoghq.com https://caspersky-api.tkg-qa.spdigital.io https://caspersky-api.tkg.spdigital.io https://ifaqs.flexanswer.com https://analytics.google.com https://cdn.linkedin.oribi.io https://public.api.sandbox.spdigital.sg https://crapi-proxy.tkg.spdigital.io/k2 https://kleio-public.spgroup-prod.magnolia-platform.com; media-src 'self' https://www.spgroup.com.sg https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://www.youtube.com https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; script-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://snap.licdn.com https://kleio-public.spgroup-prod.magnolia-platform.com; 1
default-src 'self' blob: www.google-analytics.com https://services.postcodeanywhere.co.uk stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' https://universe-static.elfsightcdn.com https://*.clarity.ms https://www.freeprivacypolicy.com https://*.giosgusercontent.com service.giosg.com dexte11120.pcapredict.com maxcdn.bootstrapcdn.com https://optimize.google.com https://www.youtube.com https://graph.instagram.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.locrating.com https://*.elfsight.com vimeo.com metrics.responsetap.com  https://www.vimeo.com https://*.olark.com https://code.jquery.com  https://e.issuu.com https://www.googleadservices.com https://static.olark.com https://extend.vimeocdn.com static-ssl.responsetap.com api.instagram.com *.facebook.net https://s1536.t.eloqua.com play.vidyard.com https://img.en25.com https://play.vidyard.com tagmanager.google.com www.google.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com www.gstatic.com www.googletagmanager.com developers.google.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net https://indiv25765.pcapredict.com https://static.olark.com https://knrpc.olark.com https://googleads.g.doubleclick.net https://services.postcodeanywhere.co.uk 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://c.bing.com https://*.google-analytics.com https://*.analytics.google.com  https://c.clarity.ms https://cdn.giosgusercontent.com https://a19c53f45b440f049d21-3f2703e71e5f5fed646a243f2d21abcb.ssl.cf3.rackcdn.com blob: data: https://optimize.google.com https://www.google-analytics.com  *.amazonaws.com https://lh3.googleusercontent.com https://www.googletagmanager.com https://www.vimeo.com https://*.olark.com *.facebook.com https://services.postcodeanywhere.co.uk https://*.ggpht.com https://s1536.t.eloqua.com https://play.vidyard.com https://cdn.vidyard.com https://public.flourish.studio https://maps.google.com https://*.googleapis.com https://scontent.cdninstagram.com/ https://www.google.co.in https://*.xx.fbcdn.net https://pbs.twimg.com media.licdn.com image-store.slidesharecdn.com http://graph.facebook.com https://*.rackcdn.com http://*.cdn.starberry.com www.google.com https://*.gstatic.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://service.giosg.com https://consent.cookiebot.com https://optimize.google.com https://fonts.googleapis.com  https://www.vimeo.com https://*.olark.com https://*.bambooauctions.com maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk d2iiunr5ws5ch1.cloudfront.net tagmanager.google.com; font-src 'self' https://dexters.co.uk https://optimize.google.com maxcdn.bootstrapcdn.com  https://*.olark.com fonts.gstatic.com www.bugherd.com data: tagmanager.google.com; frame-src 'self' 'unsafe-inline' https://*.giosg.com www.google-analytics.com https://*.locrating.com https://3982.clients.giosgusercontent.com https://*.google.com bid.g.doubleclick.net https://tinyurl.com https://bit.ly https://*.youtube.com https://www.vimeo.com https://*.olark.com www.facebook.com https://*.amazonaws.com https://e.issuu.com https://play.vidyard.com https://flo.uri.sh https://my.matterport.com https://player.vimeo.com https://issuu.com https://consent.cookiebot.com ; object-src 'self' blob: https://flo.uri.sh *.amazonaws.com https://services.postcodeanywhere.co.uk; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com  https://*.clarity.ms https://*.giosg.com sentry.issuu.com stats.g.doubleclick.net https://graph.instagram.com https://maps.googleapis.com  https://*.elfsight.com www.google-analytics.com https://*.olark.com https://services.postcodeanywhere.co.uk; media-src  'self' https://bit.ly https://nichecom.s3.eu-west-1.amazonaws.com https://*.olark.com https://graph.instagram.com 1
child-src www.google.com; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.krystal.uk *.adroll.com *.facebook.net *.redditstatic.com *.googletagmanager.com; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' data: https: ct.capterra.com; 1
script-src 'self' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.guj.com.br/logs/ https://www.guj.com.br/sidekiq/ https://www.guj.com.br/mini-profiler-resources/ https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/extra-locales/ https://www.guj.com.br/highlight-js/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/ https://www.guj.com.br/theme-javascripts/ https://www.guj.com.br/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-rwfDVOTzygQmkOwFNAeX564B66beHoel4+gRLgQUgHg='; worker-src 'self' https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-fa0d2b5bb526467b84815fc8b1e91014' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
child-src 'self' https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://www.stay22.com https://*.facebook.com https://ct.pinterest.com https://*.events.com https://tr.snapchat.com https://www.eventbrite.com https://weatherwidget.io https://weatherwidget.io/*; font-src 'self' data: https://*.events.com https://fonts.gstatic.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com/*; img-src data: * https://*.events.com https://storage.googleapis.com/* https://storage.googleapis.com/dev-evensi-calendar/img/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net  https://www.eventbrite.com https://www.google.com https://js.intercomcdn.com  https://s.pinimg.com https://widget.intercom.io https://*.events.com  https://www.googletagmanager.com https://www.google-analytics.com  https://*.googleadservices.com https://*.facebook.net https://*.googlesyndication.com  https://*.googleapis.com https://pagead2.googlesyndication.com  https://adservice.google.it https://tr.snapchat.com https://tr.snapchat.com  https://adservice.google.com https://snap.licdn.com https://sc-static.net  https://www.redditstatic.com https://static.ads-twitter.com https://www.eventbrite.com  https://unpkg.com/vue@2.6.12/dist/vue.min.js https://weatherwidget.io https://weatherwidget.io/*  https://storage.googleapis.com/* https://storage.googleapis.com/dev-evensi-calendar/img/*  https://cdn.ampproject.org https://*.gstatic.com https://www.gstatic.com; 1
frame-ancestors 'self' *.ieiworld.com.cn *.ieiworld.com *.qnap.com *.qnap.com.tw 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.groupe-igs.fr/report-uri/enforce 1
object-src 'none'; base-uri 'self'; default-src 'none'; form-action https://www.facebook.com/tr/ https://*.pinterest.com/; font-src 'self' data: https://site.appchoose.io/ https://public.choose.app/ https://site.appchoose.io/new/font/ https://fonts.gstatic.com; style-src 'self' https://site.appchoose.io/ https://public.choose.app/ https://fonts.googleapis.com/ 'unsafe-inline'; media-src *; img-src 'self' data: https://cx.atdmt.com/ https://cdn.choose.app https://appchoose.io/static/ https://public.choose.app/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://dt7yl6baij8oi.cloudfront.net/ https://*.appchoose.io https://*.appchoose.co https://images.choose.app https://*.pinterest.com/ https://*.pinterest.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.fr/ https://www.google-analytics.com/ https://*.googleusercontent.com/  https://www.googletagmanager.com/ https://www.gstatic.com/; connect-src 'self' https://*.hotjar.com https://*.hotjar.io https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://*.pinterest.com/ wss://*.hotjar.com/ wss://*.hotjar.io/ https://*.amplitude.com/ https://d16ahjtmf9d1au.cloudfront.net/ https://s3-us-west-2.amazonaws.com/onboarding-service-instrumentation-specs-production/ 'unsafe-inline' https://api.appchoose.io https://site.appchoose.io/ https://public.choose.app/ https://notify.bugsnag.com/ https://sessions.bugsnag.com/ https://cdn.amplitude.com/libs/ https://api.amplitude.com/ https://api.segment.io/ https://cdn.segment.com/ https://*.pinterest.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://firebasestorage.googleapis.com/ https://optimize.google.com/; script-src 'self'  https://www.fullstory.com/s/ 'unsafe-inline' https://*.pinimg.com/ https://*.pinterest.com/ https://sc-static.net/scevent.min.js https://www.googleadservices.com/ https://d16ahjtmf9d1au.cloudfront.net/ https://includestest.ccdc02.com/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io http://connect.facebook.net/ https://connect.facebook.net/ https://site.appchoose.io/ https://public.choose.app/ https://cdnjs.cloudflare.com/ajax/libs/bodymovin/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://cdn.amplitude.com/libs/ https://api.segment.io/ https://cdn.segment.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/plugins/ https://optimize.google.com/ https://www.google-analytics.com/gtm/ https://apis.google.com/ https://www.googletagmanager.com/; frame-src 'self' https://vars.hotjar.com/ https://www.facebook.com/ https://*.pinterest.com/ https://optimize.google.com/ 1
frame-ancestors 'self' *.facebook.com *.fbcdn.net 1
frame-ancestors 'self'; object-src 'self' www.youtube.com *.pardot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.clearbitjs.com *.clearbitscripts.com *.facebook.net *.center.io *.lpcontent.net ajax.cloudflare.com www.youtube.com rawgit.com/davidjbradshaw/iframe-resizer *.pardot.com *.doubleclick.net www.googletagmanager.com js.hsforms.net www.google-analytics.com www.googleadservices.com snap.licdn.com stats.sa-as.com *.sleeknote.com komito.net *.hotjar.com serve.albacross.com certify-js.alexametrics.com s.ytimg.com tagmanager.google.com *.googleapis.com info.mercatus.com *.wistia.com *.cookiebot.com *.jsdelivr.net 1
default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline'; connect-src 'none'; img-src 'self' ; media-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline'; child-src *.youtube.com *.youtube-nocookie.com *.vimeo.com; frame-ancestors 'none'; upgrade-insecure-requests; base-uri vuldb.com 1
script-src 'unsafe-inline' 'unsafe-eval' *.ilcasco.com ilcasco.com *.googletagmanager.com *.google-analytics.com *.google.com acsbapp.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.facebook.net *.facebook.com *.twitter.com *.twimg.com  1
default-src 'self' *.google.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com code.highcharts.com; connect-src 'self' *.sitesage.net *.googleapis.com *.amazonaws.com; img-src data: blob: 'self' *.gstatic.com *.google-analytics.com *.google.com s3.amazonaws.com sitesage.net *.sitesage.net emonitor.us *.emonitor.us *.googleapis.com icons.wxug.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.google.com; font-src 'self' data: *.gstatic.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' *.jokersupdates.com bmx-tv.net 1
font-src * data: blob: 'unsafe-inline' js.stripe.com fonts.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'self' blob:;connect-src 'self' https://*.google-analytics.com maps.tilehosting.com api.maptiler.com fonts.gstatic.com *.bugsnag.com stats.g.doubleclick.net events.mapbox.com;font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com;frame-src 'self'  https://www.google.com;img-src 'self' data: blob: https://*.googletagmanager.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/;media-src 'self';script-src 'self' 'sha256-QMWsL3yIuwtSutSI5tcyrIcb76vj6bKJArEiy97QN/c=' 'sha256-B9NqncyYmKO3RrPosNb3uHWT9JJtMoxYr1Wnuwtnat8=' 'sha256-7Wi0zLCuLy3lK1Ddvzg7pSwJIvdLh2FyjEie8JxdnEA=' 'sha256-i/3UdTt+z2+NN/Wbdl/aSJmiSG2d2iKmxzGYRYyhkbI=' 'sha256-8G5A2+iNMRSyZQMMOeyXb9gbmRp/yp8pVk2zM/+I+6w=' 'sha256-aXCOOgQrqJYtOcDbxwvrKsY248kXKefmIbtgRFowdHA=' 'sha256-QMWsL3yIuwtSutSI5tcyrIcb76vj6bKJArEiy97QN/c=' 'sha256-B9NqncyYmKO3RrPosNb3uHWT9JJtMoxYr1Wnuwtnat8=' 'sha256-7Wi0zLCuLy3lK1Ddvzg7pSwJIvdLh2FyjEie8JxdnEA=' 'sha256-i/3UdTt+z2+NN/Wbdl/aSJmiSG2d2iKmxzGYRYyhkbI=' 'sha256-8G5A2+iNMRSyZQMMOeyXb9gbmRp/yp8pVk2zM/+I+6w=' 'sha256-aXCOOgQrqJYtOcDbxwvrKsY248kXKefmIbtgRFowdHA=' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d2wy8f7a9ursnm.cloudfront.net https://www.google.com https://www.gstatic.com  https://ajax.googleapis.com  https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/ https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl-leaflet/ https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl/ https://cdn.klokantech.com/mapbox-gl-js/;style-src 'self' 'sha256-Xo8mTPLZCM4MBT6EKIiqQd9WXSc5xqzcGZI4wQtfGU8=' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/  https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl/; 1
default-src *;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self';frame-ancestors http://mackeeper.lcl/blog https://sz.mackeeper.com/blog https://mackeeper.com/blog;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.salesforce.com *.criteo.com *.pinterest.com *.trustpilot.com;child-src 'self';form-action 'self' *.facebook.com *.salesforce.com;img-src 'self' data: *.kromtech.net *.mackeeper.com *.mackeeper.lcl *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.outbrain.com *.taboola.com *.googletagmanager.com *.pinterest.com *.gstatic.com https://esputnik.com https://push.esputnik.com https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.outbrain.com *.taboola.com *.criteo.com *.criteo.net *.clarity.ms https://esputnik.com https://polyfill.io/v3/polyfill.min.js *.sentry-cdn.com *.pinimg.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.trustpilot.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.googletagmanager.com https://optimize.google.com https://esputnik.com https://push.esputnik.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com https://zchat.account.sz.clario.co https://zchat.account.clario.co;object-src 'none';connect-src 'self' *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com *.google.com *.taboola.com wss://*.hotjar.com *.mackeeper.com *.clarity.ms *.pinterest.com *.outbrain.com https://push.esputnik.com/v1/subscribe/ https://sentry.cloudmccloud.com 1
default-src 'self';                     base-uri 'self';                     frame-src 'none';                     frame-ancestors 'none';                     form-action 'self';                     connect-src 'self' https://api.centeron.net https://auth.centeron.net  https://maps.googleapis.com;                     script-src 'self' https://maps.googleapis.com;                     font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;                     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;                         img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com;                     object-src 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.rubiconproject.com https://wordpress.com https://*.wp.com https://*.adform.net https://cdn.polyfill.io https://*.hit.gemius.pl https://*.orcinus.ai https://*.pingdom.net https://shop.wolterskluwer.hu https://wolterskluwer.hu https://*.googlesyndication.com https://*.googleadservices.com https://adservice.google.co.in https://www.googletagservices.com https://static.addtoany.com https://*.optimonk.com https://*.linkedin.com https://*.facebook.com https://connect.facebook.net https://*.twitter.com https://*.gstatic.com https://ad.adverticum.net https://cdnjs.cloudflare.com https://*.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://*.google.com https://*.google.ie https://*.google.hu https://www.googletagmanager.com https://service.maxymiser.net https://*.mookie1.com https://*.googleapis.com https://*.adnxs.com https://*.adroll.com https://sjs.bizographics.com https://bs.serving-sys.com https://ams.creativecdn.com https://secure.gravatar.com https://img.en25.com https://hugde.adocean.pl https://eu-static.sociomantic.com https://ads.eu.criteo.com https://*.t.eloqua.com https://*.2mdn.net https://rdi.eu.criteo.com https://calculators.rsm.hu https://*.doubleverify.com https://www.youtube.com https://lh3.googleusercontent.com https://code.createjs.com https://static.hotjar.com https://vars.hotjar.com https://script.hotjar.com https://in.hotjar.com https://vc.hotjar.com https://ipmeta.io https://snap.licdn.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://endpoint1.collection.us2.sumologic.com https://my.yoast.com https://ugyfelszolgalat.wolterskluwer.hu https://assets.contenthub.wolterskluwer.com https://*.issuu.com https://open.spotify.com https://e.infogram.com https://vimeo.com https://player.vimeo.com https://*.adocean.pl https://admwhu.hit.gemius.pl https://cdn.nwmgroups.hu https://my.elementor.com https://a.omappapi.com https://api.omappapi.com https://z.omappapi.com; report-uri /report_csp.php 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com fonts.gstatic.com *.fontawesome.com *.aspnetcdn.com *.jsdelivr.net *.googletagmanager.com *.doubleclick.net *.google-analytics.com  www.gstatic.com www.google.com *.addsearch.com *.doubleclick.net https://www.spinutech.com/spinternet-feed.aspx; img-src * data: blob:; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.spinutech.com *.fhlbi.com; base-uri 'self'; media-src data: s3.amazonaws.com; report-uri /csp/; 1
font-src fonts.gstatic.com *.global-e.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.addthis.com *.instagram.com *.google.com/ www2.bglobale.com *.global-e.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.feefo.com *.global-e.com *.klevu.com *.cdninstagram.com *.facebook.com *.golfposer.com *.google.com *.google.co.uk *.globale-prod.s3-eu-west-1.amazonaws.com globale-prod.s3-eu-west-1.amazonaws.com *.bing.com *.google.co.in *.clarity.ms ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ksearchnet.com https://www.magezon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.addthis.com *.instagram.com *.facebook.net porjs.com www2.bglobale.com *.klevu.com *.google.com/ *.gstatic.com chimpstatic.com *.newrelic.com *.nr-data.net *.global-e.com *.feefo.com *.doubleclick.net *.bing.com *.clarity.ms s7.addthis.com downloads.mailchimp.com *.list-manage.com js.klevu.com *.ksearchnet.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.feefo.com downloads.mailchimp.com cc-cdn.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.feefo.com *.clarity.ms *.bing.com ekr.zdassets.com/ api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval';         style-src 'self' 'unsafe-inline'; 1
object-src 'self' *.vietcap.com.vn www.googletagmanager.com www.gstatic.com www.google-analytics.com sp.zalo.me za.zdn.vn connect.facebook.net www.google.com static.hotjar.com script.hotjar.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com deqik.com static.amcdn.vn media1.admicro.vn static.contineljs.com www.googleadservices.com g.doubleclick.net googleads.g.doubleclick.net cdn.jsdelivr.net; frame-ancestors 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; 1
font-src 'self' api.mapbox.com fonts.gstatic.com use.typekit.net; 1
frame-ancestors 'self' https://pub49.bravenet.com https://bravenet.com; 1
upgrade-insecure-requests;frame-ancestors 'self';base-uri 'self';form-action 'self' https://www.tce.pi.gov.br https://www.tcepi.tc.br 1
base-uri 'none'; default-src 'self' https: wss:; font-src 'self' cdn.shopify.com data: fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' blob: data: *.shopify.com *.myshopify.io *.fbcdn.net *.cdninstagram.com *.giphy.com *.shopifycloud.com *.shopifyapps.com *.shopify.io shopifyinbox.com ping-api-production.s3.us-west-2.amazonaws.com ping-api-staging.s3.us-west-2.amazonaws.com apple-business-chat-commerce-production.s3.us-west-2.amazonaws.com apple-business-chat-commerce-staging.s3.us-west-2.amazonaws.com www.gravatar.com storage.googleapis.com platform-lookaside.fbsbx.com cdn.fbsbx.com graph.facebook.com lookaside.fbsbx.com placekitten.com is3-ssl.mzstatic.com; media-src 'self' blob: data: *.shopify.com *.myshopify.io *.fbcdn.net *.cdninstagram.com *.giphy.com *.shopifycloud.com *.shopifyapps.com *.shopify.io shopifyinbox.com ping-api-production.s3.us-west-2.amazonaws.com ping-api-staging.s3.us-west-2.amazonaws.com apple-business-chat-commerce-production.s3.us-west-2.amazonaws.com apple-business-chat-commerce-staging.s3.us-west-2.amazonaws.com www.gravatar.com storage.googleapis.com platform-lookaside.fbsbx.com cdn.fbsbx.com graph.facebook.com lookaside.fbsbx.com placekitten.com is3-ssl.mzstatic.com; object-src 'none'; script-src 'self' cdn.shopify.com argus.shopifycloud.com https://www.googletagmanager.com/ https://accounts.shopify.com/ d2wy8f7a9ursnm.cloudfront.net/; style-src 'self' 'unsafe-inline' cdn.shopify.com fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' btlrmedia.b-cdn.net adbutler.com servedbyadbutler.com static.ads-twitter.com *.adbutler.com *.sparklit.com *.activeboard.com *.bootstrapcdn.com *.cloudfront.net *.crisp.chat *.doubleclick.net *.fullstory.com *.g2crowd.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.jsdelivr.net *.servedbyadbutler.com *.webflow.com; style-src 'self' 'unsafe-inline' adbutler.com btlrmedia.b-cdn.net *.adbutler.com *.bootstrapcdn.com *.crisp.chat *.fullstory.com *.jsdelivr.net *.webflow.com; img-src 'self' data: adbutler.com btlrmedia.b-cdn.net butlerblogmedia.b-cdn.net butlerkbmedia.b-cdn.net servedbyadbutler.com t.co analytics.twitter.com *.adbutler.com *.amazonaws.com *.cloudfront.net *.crisp.chat *.google.com *.google.ca *.google-analytics.com *.googletagmanager.com target.scene7.com *.servedbyadbutler.com *.webflow.com *.ytimg.com *.hubspot.com; connect-src 'self' wss: adbutler.com adbutler-fermion.com adglobal.tech pagead2.googlesyndication.com servedbyadbutler.com servedby.adfyre.co *.adbutler.com *.crisp.chat *.doubleclick.net *.fullstory.com *.google-analytics.com; font-src 'self' data: adbutler.com btlrmedia.b-cdn.net *.adbutler.com *.crisp.chat *.bootstrapcdn.com; media-src *.amazonaws.com btlrmedia.b-cdn.net; frame-src 'self' servedbyadbutler.com *.doubleclick.net *.google.com *.servedbyadbutler.com *.spotify.com *.youtube.com; child-src 'self' blob:; frame-ancestors 'self' *.doubleclick.net; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com gstatic.com *.cloudfront.net *.us-west-2.on.aws.com *.google-analytics.com google-analytics.com *.google.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat google.com *.googletagmanager.com googletagmanager.com *.crazyegg.com *.app-us1.com *.googlesyndication.com *.doubleclick.net cdnjs.cloudflare.com newrelic.com *.newrelic.com bam.eu01.nr-data.net onetrust.com *.onetrust.com popt.in *.popt.in googletagservices.com *.googletagservices.com trackcmp.net cdn.builder.io *.activehosted.com *.contentful.com fonts.gstatic.com *.us-west-2.on.aws *.googleapis.com *.ctfassets.net *.twitter.com *.serving-sys.com *.flippingbook.com *.ceros.com; frame-src 'self' *.vimeo.com vimeo.com youtube.com *.youtube.com *.googlesyndication.com *.activehosted.com *.google.com *.googletagservices.com google.com *.twitter.com *.flippingbook.com *.ceros.com; media-src 'self' cdn.builder.io *.ctfassets.net *.activehosted.com *.contentful.com *.twitter.com *.ceros.com; report-to csp-endpoint; report-uri /api/csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com *.g.doubleclick.net;        object-src 'self' blob:;        style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com cdnjs.cloudflare.com;        img-src 'self' data: blob: *.googlesyndication.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.it *.g.doubleclick.net *.jquery.com *.iubenda.com;        frame-src 'self' *.google.com *.iubenda.com *.youtube-nocookie.com;        font-src 'self' data: *.gstatic.com *.fontawesome.com *.bootstrapcdn.com;        connect-src 'self' blob: *.google.com *.googlesyndication.com *.google-analytics.com *.g.doubleclick.net *.iubenda.com 1
report-uri /_csp;default-src 'self';style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.soundestlink.com https://tagmanager.google.com https://fonts.googleapis.com https://*.mailerlite.com https://*.typekit.net/ https://getsnap.eu/ https://getsnap.tech https://storage.tellq.io https://*.cookiehub.net https://*.cookiehub.com https://cookiehub.net;font-src 'self' https://*.gstatic.com https://*.typekit.net/ data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://getsnap.eu/ https://fonts.soundestlink.com;img-src 'self' data: http: https: blob:;script-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.soundestlink.com https://*.cookiebot.com https://polyfill.io https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.soundestlink.com https://*.cookiebot.com https://polyfill.io https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';frame-src 'self' https://*.cookiebot.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.doubleclick.net https://*.livechatinc.com https://www.facebook.com www.youtube.com https://*.google.com http://*.vimeo.com https://*.mailerlite.com https://subscribepage.com https://omniform1.com https://lemona.reeco.info/;frame-ancestors 'none';connect-src 'self' https://*.lupasearch.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.facebook.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://multi-api-v3.tellq.io https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.soundestlink.com https://*.cookiebot.com https://polyfill.io https://*.nr-data.net https://o332115.ingest.sentry.io/ https://getsnap.eu/ https://*.getsnap.me/ https://*.cookiehub.net https://getsnap.tech https://live.tellq.io:* wss://live.tellq.io:* wss://chat.tellq.io:* https://skaiciuokles.inbank.lt https://*.eskimi.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://*.ads.linkedin.com 1
frame-ancestors 'self' *.openrice.com 1
frame-ancestors 'self' *.lyric.co.uk; 1
frame-ancestors 'self' grn-www.lundboats.com; 1
upgrade-insecure-requests; default-src 'self' https:; frame-ancestors 'none'; object-src 'none'; script-src 'self' https: 'unsafe-eval' www.google.com maps.googleapis.com connect.facebook.com connect.facebook.net platform.twitter.com www.googleadservices.com www.google-analytics.com 'nonce-fiD8Ba1ho1huLHYlZJhMAYgXfBbW8HPt'; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com; font-src 'self' https: data: fonts.googleapis.com; img-src 'self' https: data: s3.amazonaws.com www.googleadservices.com gravatar.com; media-src 'self' https: data: youtube.com; report-uri /csp_reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.dlsite.com; 1
default-src 'self' ; script-src 'self' http://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight.adsrvr.org data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ; connect-src 'self' https://dc.services.visualstudio.com https://analytics.google.com 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://chat.nmgco.com; 1
default-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; script-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; frame-ancestors www.hostingschmiede.de; base-uri 'self'; form-action 'self'; 1
default-src *.netzkern.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.googletagmanager.com tpc.googlesyndication.com www.google.com www.googleadservices.com *.cookiebot.com ajax.googleapis.com cdn.jsdelivr.net www.google-analytics.com snap.licdn.com connect.facebook.net; img-src 'self' googleads.g.doubleclick.net www.google.com www.google.de i.ytimg.com www.google-analytics.com px.ads.linkedin.com www.facebook.com data:; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; connect-src 'self' www.google-analytics.com consentcdn.cookiebot.com www.google.com *.g.doubleclick.net www.facebook.com; font-src *.netzkern.de fonts.gstatic.com; frame-src www.google.com tpc.googlesyndication.com www.youtube.com consentcdn.cookiebot.com www.facebook.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.steelguru.com;block-all-mixed-content; 1
img-src  * 'self' data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.polartec.com *.assets-servd.host *.avantlink.com *.facebook.com *.trustarc.com *.doubleclick.net instant.page *.typekit.net *.linkedin.com *.hotjar.com *.licdn.com *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.facebook.net *.linkedin.oribi.io *.ads.linkedin.com https://snap.licdn.com/* https://*.linkedin.com/* https://player.vimeo.com/ https://classic.avantlink.com wss://ws.hotjar.com *.hotjar.io *.cloudinary.com *.craftcms.com *.gstatic.com/ https://servd-polartec-polartec.b-cdn.net https://view.ceros.com/ *.googlesyndication.com/ *.youtube.com/ polartec.us1.list-manage.com/; 1
frame-src *.bridgestonegolf.com *.doubleclick.net *.programmatictrader.com *.sitescout.com *.facebook.com *.youtube.com *.buzzsprout.com *.recaptcha.net *.amazon-adsystem.com 1
base-uri 'self'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://secure.gravatar.com; media-src 'self'; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api *.eloqua.com *.en25.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://www.youtube.com/ 'self' https://www.google.com/maps/d/u/0/embed?mid=1eUWoGfND_k_F3iSn1oweMrhC8JrFozsg https://jobpostings.mysemtribe.com/joblistings/index/0?ReservationName= https://jobpostings.mysemtribe.com/JobListings/Job/ web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://discuss.systems; img-src 'self' https: data: blob: https://discuss.systems; style-src 'self' https://discuss.systems 'nonce-4w4ZbpZUqcCXVqpnT6p3nw=='; media-src 'self' https: data: https://discuss.systems; frame-src 'self' https:; manifest-src 'self' https://discuss.systems; form-action 'self'; child-src 'self' blob: https://discuss.systems; worker-src 'self' blob: https://discuss.systems; connect-src 'self' data: blob: https://discuss.systems https://fd.discuss.systems wss://discuss.systems; script-src 'self' https://discuss.systems 'wasm-unsafe-eval' 1
default-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; script-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://* 'unsafe-eval'; connect-src * 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; img-src data: 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; style-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; font-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com data: http://* https://*; 1
default-src 'self' https: blob: data:  www.google.com *.googleapis.com *.fontawesome.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.g.doubleclick.net *.gravatar.com *.vimeo.com *.youtube.com *.duosecurity.com *.timevaluecalculators.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.vimeo.com https://*.duosecurity.com https://*.youtube.com https://*.timevaluecalculators.com 1
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com; script-src  'self' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com *.googleoptimize.com *.consentmanager.net 291santanderdk.boost.ai widget.emaerket.dk campaigns.santanderconsumer.dk *.mouseflow.com assets.emaerket.dk dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com https://*.santanderconsumer.dk https://*.santanderconsumer.se https://*.santanderconsumer.no https://*.santanderconsumer.fi https://*.santander.dk https://*.santander.se https://*.santander.no https://*.santander.fi storage.googleapis.com https://bat.bing.com 'sha256-UxfYFdSe9YnJ+4m5SjmQfepKCAvRYrEK0URzp9eGxLE=' 'sha256-9rGOjoFrPiXweTrDbYNTTVq1Od02CjGuWGyJEb711QY=' 'sha256-2v9G2FvGJOb3csDboXRCf15nz0ljSNXrIUFNiJNWBGM=' 'sha256-mZpEZLb1msrwyQhh47MZnIcDMvT+lLh1ShfsiCYHjmE=' 'sha256-yY7dACVeTmgNlehzAIBaxHBjDZ9tt4NCv7eMOk/K8YE=' 'sha256-1pMQV3Ib7VHhnZDKdsAjDvk6m/uLqTFWp6J5nSOIgSY=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-AFdmSjYThukafnEA/4cfsq2RAW0GTH0qBbD+tzOTCug=' 'sha256-aYJR9Jt9geRAY3z/03o7iA2RTyUGCPsjE3XOgLFP+Lg=' 'sha256-n9bY3Qg+aMpSEmHQ8RVj6SekweHR6a5Re6z7jB4NJrI=' 'sha256-8SZfi/nSNggbSyGVsCCoo/N71WwGVHT5G+DUfOODNJc=' 'unsafe-eval' 'sha256-hf5AS9+FCx3qoUCQtiQhlV2E1DlMQPKZulK/o3aZMxA=' 'sha256-lOQz7O8dqCDiv5smUwfjnJ7UxbYuyg0aaaPRU7KF/R0=' 'sha256-3jxqcJFG2MhEKTw2DVfn0c+01esUpNVB+Y2TwnqeI9I=' 'sha256-e6Ths8PbkPqAR2Ot7WixKFhHuOsfMlMCwD/i9aw1cY0=' 'sha256-j0h9rRxUEgK7Mm6OIr6qkJubJJsqcrne3IKPVK70TSg=' 'sha256-R3r1BBbUqajF92ZtvNhcoXaO1DyvCB5n6RlHZMJNN4Q=' 'sha256-1bK48OpK3jPfNEfTFFX6qoT9UHwJHD90S+D3A6hUe+Y=' 'sha256-vrvMRtX+qV+9yUkpWeeT065+3yrauijxUTfkCOMeZEQ=' 'sha256-Jru+++RfJ+k7TBw6MK8HnKX/xUFn6P8Oi2RgJ994rL0=' 'sha256-4gM2AKGpR7gCVv/qGiXvJZ5IaXgMe7Knu+Bxrj7eM5w=' 'sha256-i/b8xubcsd+oFilRHHylZDo4S66lWiclnTJauAEiF/s=' 'sha256-KDwkuYRKL0PxzV96+0GvlP0ccJWG512+DLx1Oac09ho=' 'sha256-lJdOJburvWWsyphfZF3/AbUX8My+0iycotawQFL5l80=' 'sha256-aQ3a2HLFLD1ZhHAD9MbdU0V1rfwTrW72WUHWLHBS8Ts=' 'sha256-wJbIq/7iv1alrwVIWWySz0kxb8hIDP3RuosJQTAw2g4=' 'sha256-7zHz6XHWyiV5BLDjyHJ5t9BUJEFx9jn0U+dYD8luMis=' 'sha256-7n0/aeyK24BAgNt3EMmhwpeGI4/SWkakK8a3vwZh3z8=' 'sha256-Im5J/f8QZIQFNApsUi83pMcc6SQHxd4V4mabrXddn+A=' 'sha256-XkZVmoMdtX7ebsz+RntKpvJ3l90bh0+20jQPctQm0ag=' 'sha256-ElM0Ncbg7nQo4zV991JvGCmOjkdrPSRR0dFjQjRgsvM=' 'sha256-mfGBMgl+3r3/n0T5IyR8PJTeDBsSgO4bg8SJ2XwwH6Y=' 'sha256-p4gD/hXte09XDyH9dj97FeaWj5K/Kexh5sGrKiAoXrs=' 'sha256-vKX42idkrBkekpROyWmAjTLwVAYtYMHRgGd3j1OISXk=' 'sha256-BnCI3lVEodagWsYSqNkdzI6SuIr0mLIsL/BdFQTi1A8=' 'sha256-VX22EwCSRge22rEHFEAjMOL0mPh/tkdcuxTu53zGokc=' 'sha256-wn9w4k+pdNWh4WVAVBR5pszrUqrM5Dyr8gFaLnF6n38=' 'sha256-ZToFMkf5H4J2SiSd8ptkPhhhmv0e+uxjMDPnpQDSULM=' 'sha256-sciPiePRVvy4tJ2l5q5+u5Fum7xV8mJAcK8uMVxcZBs=' 'sha256-tiMyT2kJWk9gX9jwPW/wO7L5DcHNUh6Sao3AzBx/UWc=' 'sha256-gTNKBW/M/zNBjiqPQwS0ECum+JfiMgJjZmkYVx5OPcw=' 'sha256-reLLWDjxidKAt2zNDRsl+bXkcsCVPX0iKhw4haYBjd0=' 'sha256-cQLxZGpnDbda/6FTEA2mqBA6cbGf3RyDWtodgkrGUwY=' 'sha256-pdwVfY4tvmgrtgDssGR+60TAQIQ2srhDZIb652ri8fs=' 'sha256-lcTx3iFVD7mYp6dVv3qG57diET2+Jx3svPkP8e3tG3Q=' 'sha256-TGg73Jjef3su0lLJf5aeCQhE3BZHqU0Pkeev6VVnHS0=' 'sha256-NA6JekcsRH4MXKKWK8T0fxbhx67iytbQiKUjwphXYZA=' 'sha256-8X9Tmnu7Cm6gEq+/cLhLaTyH/+9S1zfgxXmzEMfDFBc=' 'sha256-rl/Og5sT3562pxn1XvCC8GEFVbiE3QARMjS5OmuOYMk=' 'sha256-rYL1oK2MdVeozKoMK45k1OMcJ9uBeDA4zv5QCyrstbA=' 'sha256-xmLM77SEHEI9B5uZzKfaErfEFk5OocUuej6ITyBmItY=' 'sha256-+Vky7BYRGHruDQzJfQqBTDbuOFmxBGYHmXhbvdmpdCE=' 'sha256-89/0fk1wLiuTVo5U6RbzVYR54EZKTaxBxuv5B8AYx4w=' 'sha256-G9PmJ9lH5czXghV+e2o21oUwYhdFkNNThIALu+kW2No=' 'sha256-Z4n/gJ5EC38lYAI4e/+VWL4Sb5ZjoXymkgPw5ncvoqU=' 'sha256-Ase7fAQ+xgXY1NjG/3qUUeDj4BKh2GPj1U9vcRXd4fY=' 'sha256-M3OI1qX1U3xK0papA5Jmp5dAGsy1x+/wmq+SrkruICs=' 'sha256-WZGEGKe9kMVDKO1IeZtGJrer9D2x2cxq0yBc7phEtMs=' 'sha256-oivKmu/e8xkyxlYZ11c2A+3VypGSPJiApJwIfoGXdW0=' 'sha256-uJsxhHh+CBQQSADuOneF8ld05h0G39igWSOHTD+yElw=' 'sha256-BevxqnWgv+iBKXNpTL2PUL2iYsxPVg7mHT55YoRPpCs=' 'sha256-9gB5s2V9g8bmfvUppQ4yCD4jC1wcdDv4Sp7/zmjGNi4=' 'sha256-6IvDhb1UIS5ovJbVSB76ehDb5mkro3gcaoV0GQtvsRM=' 'sha256-WMrmz7wxPHAwUC3CiiCcWBfvwTxSkMn21kMqvQ4Mmdw=' 'sha256-OrFhJZ4GnF0qoFlTGQqk5r6LHC9PNtYiKQdrnp1l5SM=' 'sha256-cYjMo89fKPIdRVbNdTjrhdsXmU248Z7Cexa4hVNmSyY=' 'nonce-zhFNQCpz4iBGM5pJ8eLb5ijPx/f3/ndCCYiuo2maqfE='; frame-src   'self' https://apim.scb.nu *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com www.googletagmanager.com cdn.consentmanager.net https://*.giosg.com https://*.giosgusercontent.com; child-src   'self' blob: *.hotjar.com blob:; img-src     * 'self' data: blob: *.hotjar.com google-analytics.com optimize.google.com  region1.google-analytics.com region1.analytics.google.com ; style-src   'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com; connect-src https://apim.scb.nu wss://*.santanderconsumer.se wss://*.santander.se *.santanderconsumer.se *.santander.se *.santanderconsumer.dk *.santander.dk *.santanderconsumer.fi *.santander.fi *.santanderconsumer.no *.santander.no https://santanderconsumer.dk https://santander.dk *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.google-analytics.com https://analytics.google.com *.doubleclick.net *.consentmanager.net 291santanderdk.boost.ai *.google.com region1.google-analytics.com region1.analytics.google.com *.mouseflow.com https://*.googlesyndication.com 'self' https://*.giosg.com https://*.giosgusercontent.com data: blob: *.tt.omtrdc.net https://ggsa--sant-dk--pro--87.ew.r.appspot.com ; font-src    'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com cdn.mouseflow.com https://*.giosg.com https://*.giosgusercontent.com; worker-src  'self' blob:; 1
frame-ancestors https://www.warnerpacific.com https://admin.warnerpacific.com 1
connect-src 'self' vudoo.com * vudoo.io *.vudoo.io *.keen.io *.typekit.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io player.ooyala.com * brightcove.com * brightcovecdn.com * boltdns.net blob: * vudoo.io;default-src 'self' vudoo.com * vudoo.io *.vudoo.io *.keen.io fonts.gstatic.com d26b395fwzu5fz.cloudfront.net *.intercom.io *.intercomcdn.com player.ooyala.com *.brightcove.com * blob:;;frame-src vudoo.com * vudoo.io *.vudoo.io *.facebook.com *.facebook.net player.ooyala.com *.brightcove.com *.myshopify.com;media-src 'self' vudoo.com * vudoo.io *.vudoo.io *.intercomcdn.com player.ooyala.com *.ooyala.com https://* http://* * * blob:;;object-src 'none' ; script-src 'unsafe-inline' 'unsafe-eval' vudoo.com * vudoo.io *.vudoo.io *.keen.io cdnjs.cloudflare.com/ajax/ unpkg.com/leaflet@0.7.3/ d26b395fwzu5fz.cloudfront.net ajax.googleapis.com *.googletagmanager.com *.google-analytics.com *.createjs.com code.jquery.com *.typekit.net vjs.zencdn.net *.facebook.com *.facebook.net *.mapbox.com *.intercom.io *.intercomcdn.com player.ooyala.com *.brightcove.net * brightcove.net players.brightcove.net *.brightcove.com *.bugherd.com d2iiunr5ws5ch1.cloudfront.net * blob:;;style-src 'unsafe-inline' vudoo.com * vudoo.io *.vudoo.io vjs.zencdn.net fonts.googleapis.com d26b395fwzu5fz.cloudfront.net *.mapbox.com *.intercom.io player.ooyala.com *.brightcove.com cloud.tinymce.com;img-src vudoo.com * vudoo.io *.vudoo.io *.typekit.net http: https: data: * viostream.com;font-src http: https: data: blob:; 1
default-src * 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' gap://ready file://* 'self'; frame-ancestors http://localhost:* https://localhost:* gap://ready file://* https://*.alarm.com 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cafdonate.cafonline.org assets.calendly.com *.googletagmanager.com *.google-analytics.com https://unpkg.com/htmx.org@1.7.0/dist/htmx.js https://unpkg.com/htmx.org@1.7.0/dist/htmx.min.js cdnjs.cloudflare.com/ajax/libs/gsap/3.10.2/gsap.min.js https://cdnjs.cloudflare.com/ https://www.eventbrite.co.uk/static/widgets/eb_widgets.js cdn.datatables.net; style-src 'self' 'unsafe-inline'; frame-src 'nonce-dHBobml6a3RnZWxxeHhvbnlnd2NsYnl0cmp4bWVic2Zhcnlw' *.youtube.com *.calendly.com *.cafonline.org *.eventbrite.co.uk; 1
frame-ancestors 'self' gvh.hu *.gvh.hu 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com;img-src 'self' * data: blob:;frame-src 'self' *;font-src 'self';connect-src 'self' *;form-action 'self' *;manifest-src 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-be1e39ab6d790c0fd334380958b14cd7'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://joydrive.com;base-uri 'self' ;connect-src 'self' https://joydrive.com wss://joydrive.com wss://*.joydrive.com https://joydrive.zendesk.com https://*.zdassets.com https://joydrive.com:22269 https://dpm.demdex.net joydrive.us.auth0.com https://s1.subaru.com https://sd-tagging.azurefd.net joydrive.us.auth0.com/.well-known/jwks.json https://joydrive-otel-collector.herokuapp.com/v1/traces https://www.google-analytics.com https://stats.g.doubleclick.net https://*.bing.com https://*.clarity.ms https://appsignal-endpoint.net https://us.js.logs.insight.rapid7.com https://www.facebook.com;frame-src 'self' https://joydrive.com https://www.toyota.com https://toyota.demdex.net https://subaruofamerica.demdex.net joydrive.us.auth0.com https://www.youtube.com https://www.youtube-nocookie.com https://js.stripe.com https://www.googletagmanager.com https://www.facebook.com https://datastudio.google.com https://lookerstudio.google.com;font-src 'self' https://joydrive.com https://fonts.gstatic.com;img-src 'self' https://joydrive.com https://media.chromedata.com https://sd-tagging.azurefd.net https://subaru-inventory-accessoryassets-prod.azureedge.net https://nexus.toyota.com https://cm.everesttech.net https://dpm.demdex.net https://secure.gravatar.com https://s3.amazonaws.com/joydrive-prod-secure-uploads/ https://s3.amazonaws.com/nwmsdelivers.com/ data: blob: https://i.ytimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://api.twilio.com https://media.twiliocdn.com https://s3-external-1.amazonaws.com/media.twiliocdn.com;media-src 'self' https://joydrive.com ;object-src 'none';report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c083ead0672479e64a82fef3f5b31dd&dd-evp-origin=content-security-policy&ddsource=csp-report&env=production&heroku.app=joydrive-prod&heroku.dyno=web.2&host=joydrive-prod&platform=joydrive&service=joydrive&version=cfee625;report-to csp-endpoint;script-src 'report-sample' 'self' https://joydrive.com 'nonce-f1ckLKDgr/iOsrqdheXws7hW3CbJnIkEL1ADqWHYGyI=' 'unsafe-eval' https://static.zdassets.com https://subaru-tagging-prod.azureedge.net/scripts/sd.js https://toyota-tagging-prod.azureedge.net/scripts/sd.js https://sd-tagging.azurefd.net https://nexus.toyota.com https://secure.gravatar.com https://assets.adobedtm.com joydrive.us.auth0.com https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.clarity.ms https://connect.facebook.net;style-src 'report-sample' 'self' https://joydrive.com 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; 1
default-src 'self'; connect-src 'self' http://127.0.0.1:24727/; style-src 'self'; img-src 'self' data: w3.org/svg/2000; script-src 'self'; media-src 'self' https://multimedia.gsb.bund.de/NPA/Video/pin-ruecksetzdienst_inhalt_gs.mp4 https://multimedia.gsb.bund.de/NPA/Video/bmi_pin_navigation_gsf_2021.mp4; object-src 'none'; frame-src 'self' https://www.youtube-nocookie.com/embed/q0PutVAEE8c https://www.youtube-nocookie.com/embed/vP3e346obTI; font-src 'self' 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net s3.amazonaws.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com *.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com amc.demdex.net *.paypalobjects.com *.payflowlink.paypal.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com tarpsnow.attn.tv creatives.attn.tv *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com *.amazonaws.com *.webtraxs.com *.bing.com *.adelixir.com *.cloudfront.net *.targetbay.com facebook.com *.linkedin.com google-analytics.com www.google.co.in *.adroll.com adroll.com *.tb-list.com *.advertising.com *.casalemedia.com *.rubiconproject.com *.pubmatic.com eb2.3lift.com *.taboola.com *.rlcdn.com *.yahoo.com *.outbrain.com x.bidswitch.net us-u.openx.net cm.g.doubleclick.net ib.adnxs.com *.google.com pippio.com google.mg google.fr *.google.ca *.exelator.com *.google.co.uk *.nr-data.net *.convertcart.com *.clarity.ms www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net quickchart.io img.youtube.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com events.attentivemobile.com region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com *.bayengage.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net widget.freshworks.com m2epro.freshdesk.com mc.us15.list-manage.com *.targetbay.com *.bing.com *.adelixir.com *.cloudfront.net *.noibu.com *.webtraxs.com apis.google.com *.adroll.com adroll.com *.consensu.org renokonnect.com *.cloudflare.com *.dca0.com *.convertcart.com *.pippio.com *.clarity.ms google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://www.googletagmanager.com tagmanager.google.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com analytics.google.com unpkg.com cdn.yottaa.com cdn.attn.tv *.luckyorange.com *.bayengage.com *.searchspring.io *.doubleclick.net googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.cloudfront.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com maxcdn.bootstrapcdn.com fonts.gstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net widget.freshworks.com m2epro.freshdesk.com *.targetbay.com *.noibu.com *.luckyorange.net wss://*.noibu.com wss://visitors.live wss://*.visitors.live *.bing.com *.google.com *.dca0.com bat.bing.com *.convertcart.com *.luckyorange.com api-js.mixpanel.com *.clarity.ms commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com https://www.google-analytics.com ekr.zdassets.com/ www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://beacon.searchspring.io/beacon *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.facebook.net *.yottaa.net tarpsnow.attn.tv events.attentivemobile.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com realtime.luckyorange.com wss://realtime.luckyorange.com/mqtt https://in.visitors.live/ajax *.bayengage.com *.searchspring.io 82zw19.a.searchspring.io *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ifdb.org www.google.com 'nonce-BeieKtlq'; script-src 'self' ifdb.org www.google.com 'nonce-BeieKtlq'; style-src 'self' ifdb.org 'nonce-BeieKtlq'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-HLlg+t1kzR0FOjtQkS5qrw=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://sociale.network; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com https://code.jquery.com 'unsafe-inline'; script-src-elem 'self' www.reformcph.com *.reformcph.com https://cdn.stape.io https://bat.bing.com *.clarity.ms https://cdn.usefathom.com https://assets.calendly.com https://forms.hscollectedforms.net https://js.hscollectedforms.net http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://js.hs-banner.com https://forms.hsforms.com https://s.pinimg.com https://js.hsforms.net https://googleads.g.doubleclick.net *.googlesyndication.com https://www.googletagservices.com https://www.googleadservices.com https://ad.doubleclick.net *.hs-scripts.com https://connect.facebook.net https://js.hs-banner.com https://js.hsadspixel.net *.cookieyes.com cdn-cookieyes.com https://code.jquery.com https://maps.googleapis.com 'unsafe-inline' https://sdks.shopifycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://player.vimeo.com *.hotjar.com *.hotjar.io; script-src 'self' https://cdn.usefathom.com https://forms.hscollectedforms.net https://js.hscollectedforms.net https://assets.calendly.com https://api.pinpiaa.com https://player.vimeo.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://maps.googleapis.com https://vimeo.com https://forms.hsforms.com https://www.google-analytics.com https://ad.doubleclick.net https://js.hsadspixel.net https://js.hs-banner.com https://pagead2.googlesyndication.com https://www.googletagservices.com https://sdks.shopifycdn.com https://js.hsforms.net https://s.pinimg.com *.hs-scripts.com https://js.hs-analytics.net *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com https://code.jquery.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.reformcph.com 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.pinterest.ca https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.co.uk https://www.pinterest.dk https://calendly.com *.pinterest.com https://forms.hsforms.com *.fls.doubleclick.net https://vimeo.com https://email.reformcph.com https://bid.g.doubleclick.net *.reformcph.com player.vimeo.com https://my.matterport.com https://meetings.hubspot.com https://www.facebook.com *.hotjar.io *.hotjar.com; img-src 'self' * https://www.google.bg https://www.google.com https://cx.atdmt.com *.fls.doubleclick.net https://www.facebook.com track.hubspot.com *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com data: https://maps.gstatic.com https://maps.googleapis.com https://cdn.shopify.com; connect-src *.hubspot.com *.clarity.ms *.analytics.google.com https://forms.hscollectedforms.net https://ipgeolocation.abstractapi.com https://pagead2.googlesyndication.com *.cookieyes.com https://cdn-cookieyes.com 'self' www.reformcph.com https://www.google.co.uk https://www.google.fi https://maps.googleapis.com https://www.google.ch https://www.google.com.ar https://www.google.pl https://www.google.ca https://www.google.ee https://www.google.is https://www.google.lu https://www.google.de https://www.google.be https://www.google.com.au https://www.google.it https://www.google.pt https://www.google.fr https://www.google.nl https://www.google.at https://www.google.no https://www.google.se https://www.google.dk https://www.google.cz https://www.google.gr https://www.google.hu https://www.google.ie https://www.google.es https://gtm-m6dfgs5-odm1z.uc.r.appspot.com *.cookieyes.com https://adservice.google.com https://www.google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com *.pinterest.com https://www.facebook.com https://www.google-analytics.com *.doubleclick.net https://analytics.google.com *.reformcph.com https://api.hubapi.com *.cookieyes.com https://active.cookieyes.com *.shopifysvc.com *.myshopify.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com; style-src-elem 'self' *.reformcph.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.reformcph.com https://fonts.gstatic.com data: ; report-uri https://csp.lab08.com; report-to default; 1
script-src 'unsafe-eval' 'report-sample' 'nonce-af40054877e5918de13249d91da72c7d-argus' 'strict-dynamic' *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.byted-static.com; report-to slardar-endpoint; frame-ancestors 'self' *.bytedance.net; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com api.feelgood.cn *.bytetcc.com *.edge-byted.com *.huoshanstatic.com *.feishu.cn *.bytedapm.com *.bytedanceapi.com *.bytemastatic.com *.bytemaimg.com *.byteimg.com *.open-douyin.com *.douyin.com firebaseinstallations.googleapis.com www.google-analytics.com *.ibytedtos.com *.oceanengine.com analytics.google.com hm.baidu.com blob: huatuo.cn.goofy.app *.byteoversea.com *.ctobsnssdk.com; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' base-uri noticias24carabobo.com www.noticias24carabobo.com; 1
frame-ancestors 'self' *.stadtwerke-wittenberg.de *.wittenberg-net.de *.kommunalservice-wittenberg.de *.abwasser-wittenberg.de *.baden-in-wittenberg.de; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.pap.pl https://datajournalism.pap.pl https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://bbcdn.go.pl.bbelements.com https://bbcdn-bbnaut.ibillboard.com https://bbnaut.ibillboard.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://*.dcs.redcdn.pl https://pbs.twimg.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com; frame-src 'self' https://*.dcs.redcdn.pl https://www.youtube.com https://www.google.com https://ih.adscale.de https://bbnaut.ibillboard.com https://bbnaut.bbelements.com; object-src 'self'; base-uri 'self'; manifest-src 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bol.pt/* maat.pt/* *.gstatic.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.newrelic.com *.jquery.com *.doubleclick.net *.siteimprove.net *.siteimprove.com *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.facebook.net *.smark.io unpkg.com *.jsdelivr.net *.cloudflare.com *.newrelic.com *.bol.pt *.rawgit.com *.onetrust.com *.nr-data.net *.highcharts.com *.recaptcha.net *.edp.com *.edpr.com *.e-redes.pt opendata.online.e-redes.pt *.appspot.com *.dig.corp.edp.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es *.smrk.io; frame-src 'self' 'unsafe-eval' 'unsafe-inline' e-redes.opendatasoft.com -redes-dadosenergia.wntech.com e-redes-rede.wntech.com e-redes-continuidade.wntech.com e-redes-qualidade.wntech.com *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es *.smark.io *.smrk.io; frame-ancestors 'self' *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.ivextend.cloud *.powerbi.com *.suratica.es *.smark.io *.smark.io; child-src 'self' 'unsafe-eval' 'unsafe-inline' e-redes.opendatasoft.com e-redes-dadosenergia.wntech.com e-redes-rede.wntech.com e-redes-continuidade.wntech.com e-redes-qualidade.wntech.com *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.com anywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es *.smark.io *.smrk.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
child-src 'self' *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.landginvestments.com embeds.audioboom.com 11594483.fls.doubleclick.net yournews-legalandgeneral.com www.google.com aax-eu.amazon-adsystem.com 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: block.opendns.com bot.ebilobster.ai butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com zswpmanager.wip.mmc.com www.everestjs.net; connect-src 'self' *.report.gbss.io *.console.glassboxsaas.com *.huguenots.co.uk brochure-tool.huguenots.co.uk messenger.ebiai.app api.ebiai.app wss://api.ebiai.app/ *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.lgim.com; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.gbqofs.com *.lgim.netlify.huguenots.co.uk www2.landginvestments.com *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net; report-uri https://legalandgeneral.report-uri.com/r/t/csp/enforce 1
img-src 'self'; style-src 'self' 'unsafe-inline'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com ajax.googleapis.com cdn.jsdelivr.net code.jquery.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net googleads.g.doubleclick.net google.com www.googleadservices.com maps.googleapis.com www.google.com www.gstatic.com; 1
frame-ancestors https://www.relax-guide.com 'self' *.kognitiv.com https://s002908.officialbookings.com/ 1
frame-ancestors 'self' https://www.youtube.com/ https://indegene123-my.sharepoint.com/ https://resource.indegene.com https://resources.indegene.com 1
frame-ancestors 'self' *.pprbd.org; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
base-uri 'self'; connect-src 'self' docsink.com *.docsink.com *.googleapis.com *.hsforms.com *.google-analytics.com https://api.hubapi.com https://api.hubspot.com https://cta-service-cms2.hubspot.com; default-src 'self'; font-src 'self' data: docsink.com *.docsink.com https://fonts.gstatic.com https://pro.fontawesome.com https://use.fontawesome.com; frame-src 'self' *.hsforms.com docsink.com *.docsink.com *.google.com https://app.hubspot.com; img-src 'self' *.googleapis.com docsink.com *.gstatic.com *.docsink.com *.hsforms.com *.hubsopt.com *.google-analytics.com *.hubspot.com data: https://perf-na1.hsforms.com https://secure.gravatar.com https://staging.docsink.com; manifest-src 'self' docsink.com *.docsink.com; media-src 'self' docsink.com *.docsink.com; object-src 'none'; report-uri https://64f9d18ca068cd9821c1d697.endpoint.csper.io/; script-src 'unsafe-eval' docsink.com *.docsink.com 'report-sample' 'self' 'unsafe-inline' https://js.hs-analytics.net https://253145.tctm.co/t.js https://cdnjs.cloudflare.com/ajax/libs/fullPage.js/3.0.7/fullpage.js https://connect.facebook.net/en_US/sdk.js https://js.hs-analytics.net/analytics/1694093400000/20137853.js https://js.hs-banner.com/v2/20137853/banner.js https://js.hs-scripts.com/20137853.js https://js.hsadspixel.net/fb.js https://js.hubspot.com/web-interactives-embed.js https://js.hubspotfeedback.com/feedbackweb-new.js https://js.usemessages.com/conversations-embed.js https://static.hotjar.com/c/hotjar-1892616.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com *.hotjar.com *.facebook.net *.hsforms.net *.googleapis.com *.google.com *.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' docsink.com *.docsink.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://pro.fontawesome.com https://use.fontawesome.com; worker-src 'none'; 1
default-src https: blob: data: 'unsafe-inline'; worker-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data:;frame-ancestors 'self' *.psplugin.com *.vergic.com https://*.psplugin.com https://*.vergic.com https://*.cudl.com https://*.studentchoice.org https://internetloanapplication.cudl.com https://olb.firstfinancial.org 1
form-action https: 'self'; default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src data: https: 1
default-src 'self';script-src 'self' https://maps.googleapis.com *.googletagmanager.com *.google-analytics.com https://consent.cookiebot.com https://consent.azureedge.net https://consentcdn.cookiebot.com https://tagmanager.google.com https://www.googleadservices.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.cobrowser.com https://connect.facebook.net https://optimize.google.com https://*.mopinion.com https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://scripts.viduate.com/iv.copy.params.embed.js 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://tagmanager.google.com https://*.cobrowser.com https://optimize.google.com https://*.mopinion.com 'unsafe-inline';connect-src *;font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://app.cobrowser.com https://app.conversation24.com https://*.mopinion.com;img-src 'self' data: http://dev.vesteda-v10.com http://dev.vesteda-v9.com https://content.presspage.com/ https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.ggpht.com https://raw.githubusercontent.com/googlemaps/ *.google-analytics.com *.analytics.google.com https://www.facebook.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://app.cobrowser.com https://app.conversation24.com https://vst-web-test-cdn-media-endpoint.azureedge.net https://vst-web-acc-cdn-media-endpoint.azureedge.net https://vst-web-prod-cdn-media-endpoint.azureedge.net https://vst-web-test-cdn-remote-media-endpoint.azureedge.net https://vst-web-acc-cdn-remote-media-endpoint.azureedge.net https://vst-web-prod-cdn-remote-media-endpoint.azureedge.net https://*.doubleclick.net;media-src 'self' http://dev.vesteda-v10.com http://dev.vesteda-v9.com https://vst-web-test-cdn-media-endpoint.azureedge.net https://vst-web-acc-cdn-media-endpoint.azureedge.net https://vst-web-prod-cdn-media-endpoint.azureedge.net;frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.youtube-nocookie.com/ https://consent.azureedge.net https://consentcdn.cookiebot.com https://*.hotjar.com https://*.hotjar.io https://optimize.google.com https://projects.ivorystudio.net/ 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss://tsock.us1.twilio.com/v3/wsconnect https://api.talkdeskapp.com https://talkdeskchatsdk.talkdeskapp.com https://qa-cdn-talkdesk.talkdeskdev.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://iris.epremiuminsurance.com https://www.paycomonline.net; 1
default-src 'self' cdn.flooringstores.com; connect-src 'self' o1144996.ingest.sentry.io *.broadlu.me *.tatami.broadlu.me *.floorforcecomplete.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net gtm-pwp75m5-ztyym.uc.r.appspot.com *.mouseflow.com maps.googleapis.com storage.googleapis.com/www-upload-cache/ api.cloudinary.com/v1_1/flooringstores/image/upload respondent.survicate.com/workspaces/; font-src 'self' data: use.typekit.net fonts.typekit.net fonts.gstatic.com surveys-static.survicate.com/; form-action 'self' www.facebook.com/tr; frame-src 'self' www.googletagmanager.com/ns.html www.facebook.com bid.g.doubleclick.net/ beta.viz.broadlu.me viz.broadlu.me; img-src 'self' data: https: blob: www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com; media-src 'self' storage.googleapis.com/www-store/ res.cloudinary.com/flooringstores/ cdn.flooringstores.com/cloudinary/ cdn.flooringstores.com/demo/; object-src 'none'; script-src 'self' o1144996.ingest.sentry.io www.gstatic.com 'unsafe-inline' googleads.g.doubleclick.net www.google.com/ads/user-list www.google.XYX/ads/user-list bid.g.doubleclick.net www.googleadservices.com www.googletagmanager.com unpkg.com/web-vitals/dist tagmanager.google.com www.floorlytics.broadlu.me connect.facebook.net www.google-analytics.com www.google.com *.mouseflow.com maps.googleapis.com cdn.jsdelivr.net survey.survicate.com/workspaces/ surveys-static.survicate.com/ cdn.dhq.technology beta.viz.broadlu.me viz.broadlu.me dev.visualwebsiteoptimizer.com; style-src 'self' p.typekit.net use.typekit.net fonts.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.jsdelivr.net 'unsafe-inline' surveys-static.survicate.com/; report-uri https://o1144996.ingest.sentry.io/api/6308980/security/?sentry_key=7a9963eee2c742dda5cf1e686304bf3f&sentry_environment=production&sentry_release=68d3918f57d83a2f58174739c76520ae3e2fc662 1
frame-ancestors 'self' https://www.outagesio.com/ 1
default-src 'none'; media-src 'self' blob: https://cdn.getwhelp.com https://widget.whelp.co https://widget-api.whelp.co wss://socket.whelp.co https://app.getbeamer.com https://widget.whelp.co; script-src 'self' https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com www.google-analytics.com resource://* http://static.hotjar.com http://static.hotjar.io https://static.hotjar.com https://static.hotjar.io https://script.hotjar.com https://script.hotjar.io 'unsafe-eval' 'unsafe-inline' https://*.getbeamer.com https://*.instana.io https://*.getwhelp.com https://widget.whelp.co https://widget-api.whelp.co https://*.pashabank.az wss://socket.whelp.co; connect-src 'self' http://*.hotjar.com:* http://*.hotjar.io:* https://*.hotjar.com:* https://*.hotjar.io:* https://vc.hotjar.io:* wss://pashabank.digital wss://*.hotjar.com wss://*.hotjar.io https://*.twilio.com wss://*.twilio.com www.google-analytics.com https://*.getbeamer.com https://*.instana.io https://*.getwhelp.com/ wss://*.getwhelp.com wss://widget-server.whelp.co https://widget-api.whelp.co https://*.pashabank.az wss://socket.whelp.co https://analytics.google.com wss://ib.pashabank.az; img-src 'self' blob: data: https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google.com https://www.google.az https://www.facebook.com https://stats.g.doubleclick.net www.google-analytics.com data: 'self' https://script.hotjar.com https://script.hotjar.io http://script.hotjar.com http://script.hotjar.io https://twemoji.maxcdn.com https://*.getbeamer.com https://*.getwhelp.com https://widget.whelp.co https://analytics.google.com https://www.googletagmanager.com https://cdn.whelp.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.getbeamer.com https://*.getwhelp.com; font-src 'self' https://widget.whelp.co http://script.hotjar.com http://script.hotjar.io https://script.hotjar.com https://script.hotjar.io https://app.getbeamer.com https://fonts.gstatic.com data:; frame-src 'self' https://www.facebook.com https://vars.hotjar.com https://vars.hotjar.io https://*.pashabank.az https://*.getbeamer.com https://*.getwhelp.com https://www.youtube-nocookie.com https://ecomm.pashabank.az:8463 https://3dsecure.pashabank.az https://3ds2.kapitalbank.az https://acs.3dsecure.az https://internal-albprod.pashabank.digital https://*.pashabank.az; child-src https://vars.hotjar.com https://vars.hotjar.io; manifest-src 'self'; object-src 'self' blob: 'self'; report-uri https://sentry.pashabank.az/api/3/security/?sentry_key=b622d105a8df4df1aa75e40cb5686a5c; 1
default-src 'none';               script-src 'self' 'unsafe-eval' https://clarity.microsoft.com https://*.clarity.ms d2wy8f7a9ursnm.cloudfront.net *.addthis.com *.addthisedge.com *.google.com *.google-analytics.com code.jquery.com 'unsafe-inline' https://www.googletagmanager.com;               connect-src 'self' https://clarity.microsoft.com https://*.clarity.ms *.addthis.com *.bugsnag.com *.google-analytics.com;               img-src * data:; style-src 'self' 'unsafe-inline' *.google.com https://www.googletagmanager.com;               font-src 'self' data:; frame-src 'self' *.libsyn.com *.youtube.com *.vimeo.com *.addthis.com *.google.com;               object-src * 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.thewhiskyworld.com; base-uri 'self' 1
frame-ancestors 'self' https://*.ariba.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://babka.social 'wasm-unsafe-eval'; font-src 'self' https://babka.social; img-src 'self' data: blob: https://babka.social https://babka-mastodon.nyc3.cdn.digitaloceanspaces.com; style-src 'self' https://babka.social 'nonce-jfNxx4pY2myKoquu7rwWVA=='; media-src 'self' data: https://babka.social https://babka-mastodon.nyc3.cdn.digitaloceanspaces.com; frame-src 'self' https:; child-src 'self' blob: https://babka.social; worker-src 'self' blob: https://babka.social; connect-src 'self' blob: data: wss://babka.social https://babka.social https://babka-mastodon.nyc3.cdn.digitaloceanspaces.com; manifest-src 'self' https://babka.social; form-action 'self' https://me.babka.net/realms/babka/protocol/openid-connect/auth 1
script-src 'self' 'self' 'unsafe-inline' *.braintreegateway.com *.cloudflare.com *.cloudfront.net *.dotdigital-pages.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.orbitvu.co *.paypal.com *.paypalobjects.com *.storyblok.com *.hotjar.com *.trackedlink.net *.trackedweb.net *.youtube.com orbitvu.co; frame-ancestors 'self' *.storyblok.com 1
frame-ancestors 'none'; default-src 'self' https://*.caracal.club:* wss://*.caracal.club:* https://www.ipqualityscore.com js.stripe.com https://r2.caracal.club; script-src 'self' js.stripe.com twemoji.maxcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com https://www.google-analytics.com https://r2.caracal.club 'nonce-x5Yxpnm/GGGo4sySUJawDpIcgPw=';img-src * data:; style-src 'self' 'unsafe-inline' https://r2.caracal.club; 1
font-src fonts.gstatic.com fonts.googleapis.com pro.fontawesome.com; frame-src platform.twitter.com syndication.twitter.com forms.office.com/; connect-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com eguide.s3.amazonaws.com/ stackpath.bootstrapcdn.com unpkg.com cdn.datatables.net fonts.googleapis.com cdn.jsdelivr.net www.google.com pro.fontawesome.com; script-src 'self' eguide.s3.amazonaws.com/ stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com code.jquery.com cdn.amcharts.com 'unsafe-inline' www.google.com platform.twitter.com google-analytics.com abs.twimg.com cse.google.com www.google-analytics.com www.googletagmanager.com syndication.twitter.com https://cdn.datatables.net; form-action 'self'; img-src 'self' www.w3.org eguide.s3.amazonaws.com/ pbs.twimg.com syndicaton.twitter.com abs-0.twimg.com clients1.google.com www.google.com www.google-analytics.com; default-src 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://analytics.google.com https://googleads.g.doubleclick.net https://*.oribi.io https://*.tyndall.org https://*.livechatinc.com https://*.onetrust.com https://*.cookiepro.com *.locatorsearch.com wss://*.hotjar.com https://*.youtube-nocookie.com https://webapi.gosite.com https://dufzo4epsnvlh.cloudfront.net https://www.local-marketing-reports.com https://*.addthisedge.com https://s3.amazonaws.com https://*.addthis.com https://*.formstack.com https://recruiting.paylocity.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com https://*.licdn.com https://*.linkedin.com https://p.adsymptotic.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://forms.hscollectedforms.net https://forms.hsforms.com https://track.hubspot.com; frame-ancestors 'self' https://www.youtube.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8090 https://cdn.polyfill.io https://seal.verisign.com https://polyfill.io https://cdn.ravenjs.com; object-src 'self'; 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'; object-src 'self'; font-src 'self'; frame-src 'self'; manifest-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; block-all-mixed-content 1
default-src 'self';script-src https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' 'self' https://maps.googleapis.com https://maps.gstatic.com https://remote.captcha.com;          style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com;        font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;    connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net;        object-src 'self';   frame-src https://www.google.com/;        img-src 'self' data: 1
frame-ancestors 'self' https://www.sirius.nl; 1
frame-ancestors 'none'; font-src 'self'; form-action 'self'; img-src 'self' data: https://imgsct.cookiebot.com https://px.ads.linkedin.com *.basemaps.cartocdn.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; 1
frame-ancestors 'self' https://sportland.ee/ https://sportland.lv/ https://sportland.lt/ https://sportland.fi/ https://pl.sportland.com/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lv/ https://ru.sportland.lt/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.bancochile.cl https://*.travel.cl https://*.hotjar.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.travel.cl https://onesignal.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src-elem 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.travel.cl https://*.googleapis.com https://onesignal.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.travel.cl https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.apitravel.cl https://onesignal.com https://www.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://cdn.onesignal.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.cloudfront.net https://*.travel.cl https://code.jquery.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.apitravel.cl https://*.hotjar.com wss://*.hotjar.com  https://onesignal.com https://www.google-analytics.com https://cdn.onesignal.com https://www.googletagmanager.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: https://*.travel.cl https://*.hotjar.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.cloudinary.com https://www.googletagmanager.com https://www.google-analytics.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://*.travel.cl  https://*.travel.cl https://*.hotjar.io https://www.google-analytics.com https://*.apitravel.cl https://*.hotjar.com https://onesignal.com https://stats.g.doubleclick.net 1
frame-ancestors https://www.belgradewaterfront.com https://belgradewaterfront.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data:; upgrade-insecure-requests; 1
default-src 'self' *.facebook.com ; img-src * data: 'self' ; style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com qscdn.azureedge.net cdnjs.cloudflare.com cdn.jsdelivr.net partstream.arinet.com *.fontawesome.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.google.no *.klarna.com *.klarnaevt.com services.arinet.com partstream.arinet.com *.fontawesome.com *.dibspayment.eu ; connect-src 'self' adressesok.posten.no cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.klarna.com *.klarnaevt.com services.arinet.com ; font-src data: 'self' fonts.googleapis.com fonts.gstatic.com qscdn.azureedge.net cdnjs.cloudflare.com *.fontawesome.com ; frame-src * data: 'self'; child-src * data: 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 1
frame-ancestors tgs.aero 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-ZWMxYjZjODEtMjI5MC00MTcxLTgyNzAtNTk2ZTYxYTU0ZWQ4'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketingsuite.info *.mailworx.info js.hcaptcha.com cdn.mlwrx.com blob:;object-src 'none';style-src 'self' 'unsafe-inline';connect-src 'self' *.marketingsuite.info *.mailworx.info wss://*.marketingsuite.info ws://*.marketingsuite.info wss://*.mailworx.info ws://*.mailworx.info eu-api.friendlycaptcha.eu 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self'; form-action 'self' https://www.mnhn.fr; frame-ancestors 'self'; report-uri https://www.museedelhomme.fr/fr/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-hashes' *.google.com *.googleapis.com *.cloudflare.com *.evidon.com *.gstatic.com *.jotfor.ms *.googletagmanager.com 'sha256-/RzwTZwOtdWS/hqQ8GmgCaXjJMcVYR1sukpuORy1z2M=' 'sha256-+6mXqE+chfd5DeS8lIpDbwahhCkU5/xFaz6iiGYpHMY=' 'sha256-kSsEduD+OeZC+jypwgDvg9AI16CywRDMeHxO9fFrjvY=' 'sha256-E5Ss8vKK62h5FNzrvtgStmRa5OsBOSlLL1HV8MIK1yA=' 'sha256-oWOdWoCxYs4g4buNcFeTncf9cUWocJad/8zzFgoTU1I=' 'sha256-l5Wjy9IvTAlgb5YXSh/k1ltxfCX6pRlvKIQ2+QpysGw=' 'sha256-9faQzaVL8MWMgPb9hKyApOCm3UoI42lw+KsO/A7VxUU=' 'sha256-gDI5s0fejEuT4cGpRNbVm3NOebsSkDz5Vzep40//Pzs=' 'sha256-WxMcE+rsrxkUcjFA/XO+S9jrPU+1RSZmq0WxmiS5aF0=' 'sha256-3eqaIVegQBy5TNA8VXR3jZMMuXP/HTeedmAXT8RUN7g=' 'sha256-2WNPM3z6bCYhdHIpTjIxRfkve2yV97sY6Lf/+44QfsM=' 'sha256-TqkI7/KNnd3PpAdtyAsIVjXgE1YG+9ynaVuONGw+0P8=' 'sha256-6dqMVruOrYQBdRjkQo2vn1zG96OW09wflwtbOIlb0jQ=' 'sha256-Mm7F7O6nx1ESmkEZU17F2bmmoZweNQ16qJdRwFJe3Dw=' 'sha256-LMJv8ESlfiCF+9pWKUez+VXyvZdYrT+fcQ3Eps4XPyQ=' 'sha256-CcsBw8InLyMpq6wJEf40EDf1vDf3+bWM9YJnZl3Egio=' 'sha256-hxeFzMcN8jpguWvEY6ZUESH7VZ1SKDtGeDvM+l8VnL8=' 'sha256-hayXNK5rL06JKo5FlJqnZE/YyxLMOZIqtKzQfWdr9jY=' 'sha256-2dKiaceoGaMLv7kYYDejsLkWOfcEVdPJMJBmzLGw9Jw=' 'sha256-AHkbwxS89ZyxiynXfnVZ+kv9vGi70jqMKN+MiKgSMQI=' 'sha256-SvIy9rScUH4khG0/qCA9ITwhhx1Z02kTNihSwKg4KVM=' 'sha256-+jocJ6VLWb8kytrPDB5wWrjfSYGISleQAh9dWIAFsB8=' 'sha256-Pi5BoifUUTgajFqGitnXp9txHOVGHMIx1aP7DI5Oe9E=' 'sha256-zaCtROoS1f2jTTYDDIdCQo20z5yNIy+QEKgGXJkLP1s='; script-src-elem https: 'unsafe-inline'; style-src 'unsafe-inline' https:; img-src data: https:; connect-src https:; frame-src https:; font-src data: https:; object-src *.google.com; 1
base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'self'; worker-src 'none' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=61ll545iqu8fn&partner=; 1
default-src 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://z2a5d5m7.stackpathcdn.com https://*.klaviyo.com https://tigerchef.b-cdn.net; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://*.intellimize.co https://*.google.com https://ajax.googleapis.com https://*.cloudfront.net https://*.tawk.to https://*.hotjar.com https://*.shopperapproved.com https://*.google-analytics.com https://*.facebook.net https://secure.trust-provider.com https://iprecon.iglobalstores.com https://bat.bing.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.sessioncam.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://*.googlesyndication.com https://cdn.cardknox.com https://apis.google.com https://*.klaviyo.com https://*.clarity.ms https://www.googleanalytics.com https://www.googleoptimize.com https://z2a5d5m7.stackpathcdn.com https://optimize.google.com https://static-na.payments-amazon.com https://tigerchef.b-cdn.net; script-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://connect.facebook.net https://secure.trust-provider.com https://bat.bing.com https://*.google-analytics.com https://www.googletagmanager.com https://*.shopperapproved.com https://*.google.com https://iprecon.iglobalstores.com https://*.hotjar.com https://*.tawk.to https://*.cloudfront.net https://ajax.googleapis.com https://maps.googleapis.com https://*.intellimize.co https://www.googleadservices.com https://*.sessioncam.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://platform.twitter.com https://cdn.cardknox.com https://tpc.googlesyndication.com https://cdn.equalweb.com https://access.equalweb.com https://*.klaviyo.com https://*.clarity.ms https://www.googleoptimize.com https://optimize.google.com https://static-na.payments-amazon.com https://cdnjs.cloudflare.com https://go.referralcandy.com https://z2a5d5m7.stackpathcdn.com https://tools.luckyorange.com https://portal.referralcandy.com https://unpkg.com/@credit-key/creditkey-js@latest/umd/ https://www.shopperapproved.com https://ob.jollyoutdoorjogger.com https://obs.jollyoutdoorjogger.com https://tigerchef.b-cdn.net; style-src 'unsafe-inline' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.google.com https://*.typekit.net https://z2a5d5m7.stackpathcdn.com https://tigerchef.b-cdn.net; style-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.typekit.css https://*.typekit.net https://optimize.google.com https://cdnjs.cloudflare.com https://z2a5d5m7.stackpathcdn.com https://www.shopperapproved.com https://tigerchef.b-cdn.net https://access.equalweb.com; connect-src 'self' https://*.tigerchef.com https://bat.bing.com https://*.tawk.to wss://*.tawk.to https://*.intellimize.co https://*.hotjar.com https://*.hotjar.io https://*.sessioncam.com https://*.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.google.com https://ajax.googleapis.com https://*.klaviyo.com https://*.clarity.ms https://maps.googleapis.com https://apay-us.amazon.com https://*.luckyorange.com https://pubsub.googleapis.com/v1/projects/lucky-orange/ wss://realtime.luckyorange.com wss://in.visitors.live https://in.visitors.live https://obs.jollyoutdoorjogger.com https://*.equalweb.com/; img-src 'self' data: blob: https:; font-src 'self' data: https:; frame-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://accessibe.com https://portal.referralcandy.com/ https://tigerchefcom.referralcandy.com/ https://staging-marketing.creditkey.com/  https://fts-uat.cardconnect.com https://fts.cardconnect.com; media-src https://*.tawk.to; child-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://accessibe.com;  report-uri /csp_reporting.php?type=enforce 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob:; default-src 'none'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.fls.doubleclick.net http://*.fls.doubleclick.net http://gleam.io https://gleam.io https://privacy-central.securiti.ai https://spellingbee.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' * about: blob: data:; manifest-src 'self'; media-src * blob: data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:iontv-staging; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' cdn.networkteam.com  matomo.networkteam.com; style-src 'self' 'unsafe-inline' cdn.networkteam.com; frame-src 'none'; report-uri https://sentry.networkteam.com/api/190/security/?sentry_key=7cddae9b338a43a7b9cda9c2b50d15ca 1
frame-ancestors khh.travel 'self' 1
default-src 'self' https://www.google-analytics.com https://account-d.docusign.com/ https://pos.lendingpoint.com https://*.lendingpoint.com https://us-autocomplete-pro.api.smartystreets.com https://account.docusign.com/ https://*.account.docusign.com/ https://demo.docusign.net https://www.docusign.net https://a.docusign.net https://na3.docusign.net https://*.docusign.net https://docusign.net https://www.google.com/ https://o4504736320389120.ingest.sentry.io https://zfrmz.com https://forms.zohopublic.com https://dvnfo.com; media-src 'self' https://storage.googleapis.com; script-src 'self' 'unsafe-inline' https://connect.facebook.net/ https://js.dvnfo.com https://dvnfo.com https://www.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.google.com http://ie7-js.googlecode.com; object-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://www.googletagmanager.com https://www.facebook.com; report-to csp-endpoint; 1
frame-ancestors 'self' https://*.delaware.pro https://*.delaware.cn; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.motivates.co.uk *.thelifestylevoucher.co.uk *.lifestylegiftcards.co.uk *.fontawesome.com *.google.com www.googletagmanager.com www.google.com *.gstatic.com *.google-analytics.com *.analytics.google.com www.youtube.com drive.google.com *.googleapis.com *.checkout.com 3ds2-sandbox.ckotech.co api.sandbox.checkout.com placehold.jp *.typekit.net *.kommunicate.io wss://socket2.kommunicate.io/ws *.owox.com *.amazonaws.com lifestyled2cstorage.blob.core.windows.net *.klaviyo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com google.com https://*.jsdelivr.net https://connect.facebook.net https://www.facebook.com https://www.trustpilot.com https://*.clarity.ms https://*.bing.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.getsitecontrol.com https://*.getsitectrl.com https://cdn.adt348.net https://pay.google.com https://*.apple.com https://applepay.cdn-apple.com https://apple-pay-gateway.apple.com https://gtm.adt313.net https://log.adtraction.fail https://cnv.adt623.net https://valuesportal.com https://api.adtraction.net; 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://tr.snapchat.com/ https://td.doubleclick.net/ https://secure-fra.livechatinc.com https://8834597.fls.doubleclick.net/ https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://e.infogram.com/ 1
frame-ancestors 'self' production-cms.ravensburger.bloomreach.cloud; 1
script-src 'self' https://login.master-builders-solutions.com 'unsafe-eval' 'unsafe-inline' https:; object-src 'self'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com https://tile.geofabrik.de; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-EF5idrWezruABC5RFC8pl/Pt8J+TgDnqcdlEXxQJwqUfVCgu' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://icosahedron.website; img-src 'self' https: data: blob: https://icosahedron.website; style-src 'self' https://icosahedron.website 'nonce-IYKmK9NjyK5xQXEbIpzktw=='; media-src 'self' https: data: https://icosahedron.website; frame-src 'self' https:; manifest-src 'self' https://icosahedron.website; form-action 'self'; child-src 'self' blob: https://icosahedron.website; worker-src 'self' blob: https://icosahedron.website; connect-src 'self' data: blob: https://icosahedron.website https://icosahedron.website wss://icosahedron.website; script-src 'self' https://icosahedron.website 'wasm-unsafe-eval' 1
frame-ancestors default-src 'self' *.jivosite.com ws://*.jivosite.com/ https://pay.deko.finance 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=22bu52tiqudmj&partner=; 1
default-src 'self' https://region1.analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://ticketco.events https://virtualtourcompany.co.uk https://www.myridinglife.com https://marketplace.umbraco.com/ https://td.doubleclick.net https://www.google.com https://tr.snapchat.com https://app.geckoform.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://sc-static.net https://connect.facebook.net https://cdn.akro.io https://static.hotjar.com https://analytics.tiktok.com https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://app.geckoform.com https://script.hotjar.com https://tr.snapchat.com https://www.clarity.ms https://discoveruni.gov.uk https://widget.discoveruni.gov.uk 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://sessions.bugsnag.com https://notify.bugsnag.com https://tr.snapchat.com https://analytics.tiktok.com https://e.clarity.ms https://w.clarity.ms https://x.clarity.ms https://prod-discoveruni.azure-api.net https://tr6.snapchat.com https://analytics.pangle-ads.com https://www.google.com https://content.hotjar.io https://googleads.g.doubleclick.net wss://ws.hotjar.com; font-src 'self' fonts.gstatic.com data:; img-src https: data:; media-src https: data:; 1
report-uri https://o1063754.ingest.sentry.io/api/4504435241582592/security/?sentry_key=e7acfc0461444968ac7c58f1785b1711;connect-src 'self' earnably.com *.google-analytics.com *.analytics.google.com analytics.google.com accounts.google.com *.mmapiws.com beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com;script-src 'self' www.googletagmanager.com www.google-analytics.com apis.google.com device.maxmind.com performance.radar.cloudflare.com beacon-v2.helpscout.net 'nonce-LeE8gUAQ9TPRuPdyR7TzqL53B3AkCU03w6Ea9r1m';style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net;font-src 'self' fonts.gstatic.com beacon-v2.helpscout.net use.typekit.net data: 1
default-src 'self' 'unsafe-inline' https://next.lewa.com; style-src 'unsafe-inline' 'self' https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://analytics.lewa.com https://cdn.consentmanager.mgr.consensu.org https://fonts.googleapis.com/; img-src 'self' data: https://cdn.consentmanager.net/ https://b.delivery.consentmanager.net/ https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://analytics.lewa.com https://www.lewa.com/favicon.ico https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org/delivery/recall_shield.svg https://consentmanager.mgr.consensu.org https://*.googleapis.com https://www.google.com https://www.google.de/ads/ga-audiences https://stats.g.doubleclick.net https://www.google-analytics.com https://*.leadlab.click https://wm.wiredminds.de https://t2.leadlab.click; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.delivery.consentmanager.net/  https://cdn.consentmanager.net/delivery/js/cmp_de.min.js https://next.lewa.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net/ https://api.userlike.com/ https://www.gstatic.com/recaptcha/releases/ https://analytics.lewa.com https://consentmanager.mgr.consensu.org https://www.consentmanager.net/ https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net/delivery/customdata/ https://*.leadlab.click https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://wm.wiredminds.de; font-src 'self' https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net/ https://fonts.gstatic.com/ https://www.lewa.com/; frame-src https://cdn.consentmanager.net/ https://next.lewa.com https://cdn.consentmanager.mgr.consensu.org https://analytics.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ 'self'; connect-src 'self' https://next.lewa.com https://www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com/ wss://umd.userlike.com/umd/ https://*.leadlab.click https://cdn.consentmanager.mgr.consensu.org/ https://consentmanager.mgr.consensu.org/delivery/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.lewa.com; 1
frame-ancestors dashboard.litige.fr litige.fr cdn.litige.fr www.litige.fr 1
frame-ancestors 'self' *.payubiz.in *.payu.in *.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com *.payumoney.com www.premiermiles.co.in www.goibibo.com secure.skype.com *.facebook.com 1
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com; manifest-src 'self'; media-src 'self'; object-src 'self'; report-to /csp-violation-report/; worker-src 'self' blob:; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-S4QooI8FEp0JT1jmZfUlqNjAvCc='; style-src 'nonce-S4QooI8FEp0JT1jmZfUlqNjAvCc=' 1
default-src 'self' tergooi.nl www.tergooi.nl https://yoast.com https://msd.bbvms.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://*.readspeaker.com; img-src * data:; media-src * data:; script-src 'self' tergooi.nl www.tergooi.nl 'unsafe-inline' 'unsafe-eval' https://use.typekit.com https://f.vimeocdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.googleapis.com https://www.google.com https://maps.google.com https://apis.google.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.polyfill.io https://djtflbt20bdde.cloudfront.net https://www.zorgkaartnederland.nl https://msd.bbvms.com https://cdn.bluebillywig.com https://m15.mailplus.nl https://static.mailplus.nl https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn-eu.readspeaker.com https://f1-eu.readspeaker.com; font-src 'self' tergooi.nl www.tergooi.nl https://use.typekit.com https://fonts.gstatic.com data: https://use.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; style-src 'self' data: tergooi.nl www.tergooi.nl 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://djtflbt20bdde.cloudfront.net https://www.zorgkaartnederland.nl https://static.mailplus.nl https://platform.twitter.com https://ton.twimg.com https://cdn-eu.readspeaker.com https://f1-eu.readspeaker.com; frame-src https://www.youtube.com https://app.readspeaker.com https://rstts.readspeaker.com https://www.google.com https://player.vimeo.com https://www.tergooi.nl https://w.soundcloud.com/ https://live.bobkoetsier.nl https://eenvandaag.avrotros.nl https://www.hoedrukisdeseh.nl https://live.bakerymedia.nl https://*.guidingtube.com https://platform.twitter.com https://syndication.twitter.com https://vt.plushglobalmedia.com https://embed.bouw.live www.tergooi.nl https://takeda.bbvms.com https://indd.adobe.com https://open.spotify.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; base-uri 'self'; frame-ancestors 'self' https://www.amcny.org; object-src 'none'; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' pixel.byspotify.com js.hsadspixel.net www.redditstatic.com googleads.g.doubleclick.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net cdn.linkedin.oribi.io *.hs-scripts.com sidebar.bugherd.com cdn.jsdelivr.net blob: cdn.segment.io connect.facebook.net boards.greenhouse.io snap.licdn.com www.google-analytics.com *.list-manage.com cmp.osano.com www.googletagmanager.com www.googleadservices.com static.ads-twitter.com calendly.com *.calendly.com player.vimeo.com;  connect-src 'self' api.hubapi.com api.ionq.co api-staging.ionq.co assets.ctfassets.net assets.ctfassets.net api.segment.io evnt.byspotify.com pagead2.googlesyndication.com stats.g.doubleclick.net www.google-analytics.com boards.greenhouse.io www.facebook.com hooks.zapier.com cdn.segment.io *.osano.com www.googletagmanager.com graphql.contentful.com *.oribi.io forms.hscollectedforms.net *.analytics.google.com analytics.google.com;  style-src 'self' fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline';  img-src 'self' alb.reddit.com bugherd-attachments.s3.amazonaws.com www.bugherd.com sidebar.bugherd.com images.ctfassets.net data: *.linkedin.com www.facebook.com p.adsymptotic.com www.google-analytics.com um.simpli.fi cm.g.doubleclick.net www.googleadservices.com cmp.osano.com www.google.com static.ads-twitter.com t.co forms.hsforms.com track.hubspot.com analytics.twitter.com i.vimeocdn.com;  media-src 'self' videos.ctfassets.net;  frame-src 'self' assets.ctfassets.net www.bugherd.com sidebar.bugherd.com www.facebook.com www.youtube.com boards.greenhouse.io cmp.osano.com td.doubleclick.net calendly.com *.calendly.com vimeo.com *.vimeo.com;  font-src 'self' fonts.gstatic.com data: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.google.com;object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
child-src 'self' blob:; connect-src 'self' https://api.lab.amplitude.com/ https://api2.amplitude.com/ https://api.paygreen.fr/ https://m.stripe.com/ https://r.stripe.com/ https://api.checkout.com/tokens https://webhooks.sundayapp.io/b2c-analytics/ingest https://*.logs.datadoghq.eu/  https://*.browser-intake-datadoghq.eu/  https://browser-intake-datadoghq.eu https://api.sundayapp.io  https://api.vpos.sundayapp.io  https://api.refresh-bill.sundayapp.io  https://grpc.vpos.sundayapp.io  https://api.payment.sundayapp.io  https://api.voucher.sundayapp.io  https://api.billing.sundayapp.io  https://api.receipt.sundayapp.io  https://api.user-account.sundayapp.io  https://api.venue-feedback.sundayapp.io  https://api.loyalty-dispatcher.sundayapp.io  https://api.consent-manager.sundayapp.io  https://firestore.googleapis.com/  https://firebasestorage.googleapis.com/v0/b/sunday-production.appspot.com/  https://firebase.googleapis.com/v1alpha/projects/  https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log https://firebaseinstallations.googleapis.com/v1/projects/sunday-production/  https://firebaseremoteconfig.googleapis.com/v1/projects/sunday-production/  https://securetoken.googleapis.com/v1/token  https://www.googleapis.com/identitytoolkit/v3/relyingparty/  https://identitytoolkit.googleapis.com/v1/  https://*.smartlook.com  https://*.smartlook.cloud  https://www.google-analytics.com/  https://auth.alpha.sundayapp.xyz/  https://sunday-eu-alpha.eu.auth0.com/  https://auth.sundayapp.io/  https://sunday-eu-production.eu.auth0.com/  https://edge.api.flagsmith.com/ https://play.google.com/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://fp.sundayapp.io https://js.checkout.com/framesv2/log https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://api.menu-back-end.sunday.cloud https://api.payment-terminal.sunday.cloud ; default-src 'self' ; frame-src * https://payment.paygreen.fr/ ; img-src 'self' data: https://www.google.com/images/cleardot.gif https://firebasestorage.googleapis.com/v0/b/sunday-production.appspot.com/ https://storage.googleapis.com/menu-pictures-sunday-production/ https://storage.googleapis.com/public-sunday-production/ blob: https://s.gravatar.com/ https://cdn.auth0.com/avatars/ https://*.googleusercontent.com/ https://*.wp.com/cdn.auth0.com/avatars/ https://www.gstatic.com/ https://api.menu-back-end.sunday.cloud https://media.zelty.fr https://s3.amazonaws.com ; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pgjs.paygreen.fr/ https://*.smartlook.com https://*.smartlook.cloud https://cdn.polyfill.io/v2/ https://js.stripe.com/ https://www.googletagmanager.com/gtag/ https://apis.google.com/ https://pay.google.com/gp/p/js/pay.js https://core.spreedly.com/iframe/iframe-v1.min.js https://cdn.checkout.com/js/framesv2.min.js https://www.google.com/maps/api/js/ https://www.gstatic.com/ https://fpnpmcdn.net ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com ; worker-src 'self' blob: 1
style-src 'self' https://*.empreintedigitale.fr 'unsafe-inline' *.jquery.com *.js 1
default-src 'self' https://merit.soliditet.se https://www.google-analytics.com; frame-src 'self' https://www.google.com; img-src 'self' https://fdab.se https://www.fdab.se https://www.google-analytics.com https://merit.soliditet.se 1
frame-ancestors 'self' *.vccuonline.net 1
frame-src 'self' *.google.com *.paypal.com *.braintreegateway.com; child-src unsafe-inline 'self' *.dnc.io *.livechatinc.com *.paypal.com *.google.com *.braintreegateway.com 1
frame-ancestors https://admin.shopify.com 1
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; script-src 'unsafe-inline' 'unsafe-eval' https: filesystem:; style-src 'unsafe-inline' 'unsafe-eval' https: filesystem:; img-src https: data: blob: filesystem:; connect-src https: filesystem:; font-src 'unsafe-inline' 'unsafe-eval' http: https: data: blob: filesystem:; media-src https: data: mediastream: blob: filesystem:; child-src https: filesystem:; form-action 'self' https: filesystem:; frame-ancestors 'self'; object-src https: data: blob: filesystem:; frame-src *; worker-src 'self' https: filesystem:; manifest-src https: filesystem:; navigate-to https:; prefetch-src 'self' https: data: filesystem:; base-uri https: 1
frame-ancestors 'self' 51.120.76.97; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' www.youtube-nocookie.com maps.google.nl;	script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.nl;	img-src 'self' data: blob: pbs.twimg.com i.ytimg.com www.google-analytics.com img.youtube.com;	font-src 'self' data:;	object-src 'none';	 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://sdk.companywebcast.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-ZDc1YjM0M2QtZWNjMy00OTViLWE2ODYtNGNkMDM3ZjMzOWZk' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://meldingen.hollandsmiddenveilig.nl; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://meldingen.hollandsmiddenveilig.nl; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-ZDc1YjM0M2QtZWNjMy00OTViLWE2ODYtNGNkMDM3ZjMzOWZk' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://fonts.googleapis.com;  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tracking.g2crowd.com *.googlesyndication.com cdn.cookielaw.org googleads.g.doubleclick.net snap.licdn.com vue.comm100.com standby.comm100vue.com cdn.subscribers.com www.youtube.com sqm.bamboohr.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.googleadservices.com chimpstatic.com downloads.mailchimp.com *.hotjar.com *.list-manage.com widget.trustpilot.com; media-src 'self' *.sqmgroup.com; connect-src 'self' googleads.g.doubleclick.net www.google.com analytics.google.com privacyportal-eu.onetrust.com *.googlesyndication.com geolocation.onetrust.com cdn.cookielaw.org *.comm100.io sqm.bamboohr.com www.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com snap.licdn.com/li.lms-analytics/insight.min.js; img-src 'self' data: cdn.cookielaw.org ct.capterra.com googleads.g.doubleclick.net *.comm100.io vue.comm100.com resources.bamboohr.com i.ytimg.com img.youtube.com www.google.com www.google.ca www.google-analytics.com mcusercontent.com seal-mbc.bbb.org; font-src 'self' themes.googleusercontent.com vue.comm100.com; style-src 'self' 'unsafe-inline' sqm.bamboohr.com cdn-images.mailchimp.com downloads.mailchimp.com; base-uri 'self'; child-src 'self' td.doubleclick.net *.sqmgroup.com www.g2.com www.google.com vars.hotjar.com www.youtube.com workforcenow.adp.com; frame-ancestors 'self'; form-action 'self' sqmgroup.us9.list-manage.com 1
default-src 'self'  https://sdk.privacy-center.org https://www.google.com/pagead/conversion_async.js https://popups.landingi.com https://scripts.assets-landingi.com  https://connect.facebook.net https://googleads.g.doubleclick.net https://tag.oniad.com/ https://tag.oniad.com/4039/ https://tag.oniad.com/6674fdf296 https://googleads.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com/ https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://region1.google-analytics.com/ https://grupoanaya.es/; script-src 'self' 'sha256-wZ533+xTHuB5Roz9gD5XJEFuxh8cgVYkdvmgWt+SBXI=' https://www.googletagmanager.com https://www.googleadservices.com https://track.adform.net  https://sdk.privacy-center.org https://www.google.com/pagead/conversion_async.js https://popups.landingi.com https://scripts.assets-landingi.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net  https://connect.facebook.net https://tag.oniad.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://tag.oniad.com/6674fdf296 https://tag.oniad.com/4039/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * ; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://www.queroviajarmais.com https://*.affilimatejs.com; upgrade-insecure-requests. 1
frame-ancestors *.homedistiller.ru 1
default-src *.getsitecontrol.com *.getsitectrl.com *.gamblerslab.com *.youtube.com *.datamother.com *.firebaseio.com stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.getsitecontrol.com *.getsitectrl.com *.google-analytics.com;font-src 'self' data: 'unsafe-inline' 'unsafe-eval';img-src 'self' data: *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com; connect-src 'self' *.getsitecontrol.com *.getsitectrl.com *.google-analytics.com *.firebaseio.com  wss: datamother.com;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self' 1
default-src https://www.google.com/ https://fast.wistia.net/embed/iframe/dpr50ery8n;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://static.zdassets.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css;font-src 'self' https://fonts.gstatic.com/s/ data:;form-action 'self';img-src 'self' https://www.google-analytics.com https://parentpaygroup.zendesk.com data:;connect-src 'self' https://www.google-analytics.com https://ekr.zdassets.com/ https://esscontract.zendesk.com/ https://ess-gateway.zendesk.com wss://widget-mediator.zopim.com;media-src 'self' https://static.zdassets.com;base-uri 'none';object-src 'none'; 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-zgd17GyK0y2eYJwFUTspDA==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
frame-ancestors 'self' https://hireupsupport.zendesk.com https://hireup.design 1
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de https://*.ionos.com; 1
frame-ancestors *.insideevs.it insideevs.it 1
default-src *;  img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.addsearch.com *.cloudfront.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.bootstrapcdn.com use.fontawesome.com *.googletagmanager.com *.facebook.net  *.searchcdn.com addsearch.com cdn.addsearch.com; font-src * data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://googleads.g.doubleclick.net/pagead/id http://maps.google.com; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
frame-ancestors 'self' https://cube.nl 1
script-src 'self' https://vercel.live https://www.googletagmanager.com 'unsafe-eval'; object-src https://*.ssv2.io https://ssv2.io; worker-src blob: 1
default-src 'self';connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;frame-src 'self' https:;frame-ancestors 'self';worker-src 'self';manifest-src 'self';media-src 'self';object-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' data: https: http: ady.az corp.ady.az ticket.ady.az freight.ady.az mobile.ady.az google.com www.google.com/recaptcha 'sha256-KUhHsdFojnRmHzAkpsFB7aG0I2v8xfX0ize9r3CdbFc=' 'sha256-IHr75x81mfAlOXd2s/UHrZHWgAM3cwwclapfkN0D0DE=' 'sha256-H2UKx5Xp9waAngosqsBcw792uRk03JwHZXczf3qWC0c=' 'sha256-0f+sobpe7fuSkJ0beHosp8hCECf5n1UmLziJ9jRq2Rk=' 'sha256-Gf77bRO4Oovy603Xc1ub7R7XE1ybcjSpAn8SApjId6w=' 'sha256-f85/fsp7QkgifmmGF6VpffEwHImpN7pePNjFh0ujMKE=' 'sha256-8JpAK4Kk3FMhNqHn0dmaeV32Qa0DWL87jiYAnhaf1YQ=' 'sha256-QFT/yuZY46hSK7FAfIw9nxnSK5+XEu2tyHQv1ik7X2M=' 'sha256-VRXVp6y25i+DRA78b9aYVOW3zUy61VQnqEfXyYZW/9Q=' 'sha256-sHbeKN9u/Eub4TNQ7Ls7eY5e2kRNBFtkzRLQRxYll3U=' 'sha256-f1aKO2sBTKWczRugXsdq62sVuoKiIkEDD/aXqBp7dro=' 'sha256-cbvtuFl/nAgM1Y71y5Uw47d34jwTrBxvSXdPHq4BI7s=' 'sha256-SwiOqQXd2ZjIiBPYXcGoZ/KQMBE2rXkrCp6643X+seY=' 'sha256-bYmLCyRBa6xmqDaV2NC3mYD3fDRGWy7g2onta7V8XxI=' 'sha256-X7KuniDl6klSvJukcpPNZc+JE6mgU2GazdIw0YJ5kL4=' 'sha256-wfAdsdO7cGhKr/6oa+aKKSqioxfrWZiocDrmPXFSC2Y=' 'sha256-y8DInSr2zF7PN5eoUJaOub06SWAs7LS0I9qvOBzB24w=' 'sha256-oA+gUg4Vs+rdUkZGcYQrjcN9gUmpLWFkHPWZCIaXiEY=' 'sha256-29r3dUvRcrQcGqmwz5lc0twvDh2erCHT3YZ+kSOmypo=' 'sha256-4ohluAYK83PH1Z/p/HJRJAxvdI85rD+eCCJxYifa99w=' 'sha256-vf10kbH/q2h1xWDbOU6vqGl+/RIOKBuE9v6Hu8KSzH4=' 'sha256-7P4UiwFCj32HyxRi0QQFOtt4vuyg0kHC16mCPIV6d0M=' 'sha256-w5LAiTlp8fP8Jow/wWBNFl+C5Fo45JyTZhUQfyMBP7w=' 'sha256-pDfF+FGh6TbaMpXnzE8njN7Mv/ddBXEWrMtM5r4Hjq8=' 'sha256-BZRIp6ei1MAOzI5hTLXpcDFRf1zW1b236WNjqzTyvCg=' 'sha256-kbTKrVuQTAhLmoZzLoGFpJBqOXT8B8K2/s51jAVg0mk=' 'sha256-gnajgY1YclCmNWyRwbqpuZnZsBg4nisTrIYY/6ik4G8=' 'sha256-oC+ees5EeL9MTCJERo3YLZcL7QF8xGrVZctK73Z9UdY=' 'sha256-SAL7gaERbbYxtAU51ZHgFm1PkY1WhigTqMG/iyRvNhM=' 'sha256-kzS2eF7EGrRan01E0547Y28JvXf7kKe+Slz21AzB2y8=' 'sha256-+kdv/es/9kIs/UR11SlM9J+F4Sfw+3uZnCnfJstmxCo=' 'sha256-J9+uEL7GOAUNew8sJ4pecQsH1vY6QOs3g6EzZoFfyCg=' 'nonce-6d295ef63835f65667885ba634f2932b362ea133705e0b50c5b65ec13f4bd9f4' 'sha256-pYiqYYUG8Qg7vmobx0vvkCoNNMFTk/r6gk+JMv9tMn4=' 'sha256-YTsZZyn5ZBKmkxSm7rty/5uhrKHfs/beR0gMB0fY0m4=' 'sha256-C8TGPOV/6xo2YwFhOyxawgfOQKqT6T/Omt6JUAmf3Q8=' 'sha256-Doy7nvZUoHXWK3+j9oEHL/cgyJXVDEoocjdt0VKXqaU=' 'sha256-tSQwOQad2NcjdrxNiu6+OtRphnSGD2kQM8P4iekFrKw=' 'sha256-+kdv/es/9kIs/UR11SlM9J+F4Sfw+3uZnCnfJstmxCo=' 'sha256-x9Rn/Uoaacibxc+0aBKjEh8xQBi+C9UxKLywLhcppdg=' 'sha256-h9Lr5SRcr7UI9u+O++dKuxMpt3sbUphabZTGRPXq12c=' 'sha256-8spdV9lhgKkqGpvlYv/s5rW6XVoekB2I2KmX6DkVphw=' 'sha256-SbyaSDIiV/ZQ7uAsQ3b0e1yOHYQTNAsSdCpNAwSvolg=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-SobDUs4XKonCd9GMJKAW0w9FRHdKCX0HtMeIuM8xc7U=' 'sha256-chi++sJMBzRov4UNkqq5FVxt5SMzmIGA2EU6jyBWvxo=' 'sha256-w6kogb1UXPmN2dt1aC6tzMEwoujHCM9jWaM7ZYSudGY=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; style-src 'self' 'unsafe-inline' ady.az corp.ady.az ticket.ady.az freight.ady.az mobile.ady.az https://fonts.googleapis.com http://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css; img-src 'self' data: https: http:; font-src 'self' ady.az corp.ady.az ticket.ady.az freight.ady.az mobile.ady.az https://fonts.googleapis.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://cdn.userway.org; manifest-src 'self' ady.az corp.ady.az ticket.ady.az freight.ady.az mobile.ady.az https://fonts.googleapis.com https://fonts.gstatic.com https://ka-f.fontawesome.com; connect-src 'self' https://ka-f.fontawesome.com https://api.userway.org/ https://cdn.userway.org/ http://192.168.6.35:8081/be_services.php https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/plugins/customer_chat/facade_gating/ https://www.facebook.com/plugins/customer_chat/SDK/ https://www.facebook.com/plugins/customer_chat/facade/ https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://mc.yandex.ru/ https://web.facebook.com; media-src 'self'; frame-src https://api.userway.org/ https://cdn.userway.org/ https://www.google.com/ https://www.youtube.com/ http://www.youtube.com/ https://www.facebook.com/ https://www.google.com/recaptcha https://web.facebook.com https://e.issuu.com/ https://ticket.ady.az/video_360.php 1
base-uri 'self'; connect-src 'self' https://yoast.com/ *.lottiefiles.com/ https://lottie.host/ https://pagead2.googlesyndication.com/ *.hsforms.com *.hs-scripts.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://www.google-analytics.com https://stats.g.doubleclick.net *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/; default-src 'self' https://*.brq.com https://www.brq.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://td.doubleclick.net/ https://www.facebook.com https://bid.g.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hsforms.com https://optimize.google.com https://www.vimeo.com https://youtube.com https://www.youtube.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://*.brq.com https://www.brq.com https://brq.sharepoint.com/ https://www.youtube-nocookie.com/; img-src 'self' data: https://*.brq.com https://www.brq.com https://www.google.com.br https://px.ads.linkedin.com https://fonts.gstatic.com/ https://stats.g.doubleclick.net https://www.facebook.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://ssl.gstatic.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com www.googletagmanager.com https://optimize.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://themenectar.com https://*.hotjar.com https://*.w.org/ https://*.linkedin.com https://cdn.cookielaw.org/; manifest-src 'self'; media-src 'self' https://*.imgur.com https://*.brq.com https://brq.com/ https://www.brq.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.brq.com https://www.brq.com data: https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com https://ajax.googleapis.com/ https://connect.facebook.net *.hsadspixel.net *.hs.analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com https://js.hs-analytics.net/ *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback.hubapi.com *.hs-scripts.com https://snap.licdn.com https://*.hotjar.com https://www.youtube.com https://www.vimeo.com https://cdn.cookielaw.org/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com cdn2.hubspot.net https://www.googletagmanager.com/ https://optimize.google.com https://*.hotjar.com; child-src 'self' *.hsforms.com https://*.brq.com https://www.brq.com blob:; 1
frame-ancestors https://preludeservices.com https://www.preludeservices.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YWY2ZWNlMDUyMTg3NDQyZDk3NDljMWYwNDkxZWE1ZTI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors *.absglobal.com  localhost:44361 1
base-uri 'none'; default-src 'self' https://*.bing.com/ https://*.clarity.ms/ https://analytics.google.com/ https://*.analytics.google.com/ https://*.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.inspectlet.com/ wss://*.inspectlet.com/ https://*.riskified.com/; frame-src 'self' https://www.google.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com/; font-src https://fonts.gstatic.com/; img-src 'self' data: https:; object-src 'none'; report-uri /csp-report-ep; script-src 'nonce-GAcBgFCI/FHv1ASBLvH30A==' 'strict-dynamic' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.shopperapproved.com/ 1
default-src 'self' blob:; connect-src 'self' flixtor.st wss://www.blockonomics.co www.blockonomics.co; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com challenges.cloudflare.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' img.xcdn.to image.tmdb.org flixtor.st images.weserv.nl wsrv.nl cdnjs.cloudflare.com www.blockonomics.co data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com cdn.jsdelivr.net ssl.p.jwpcdn.com *.cloudflare.com *.gstatic.com flixtor.st blob:; 1
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self' *.com.ergon03.nine.ch *.hotjar.com *.mouseflow.com *.webspellchecker.net *.dynamics.com *.google-analytics.com *.analytics.google.com https://cdn.linkedin.oribi.io/partner/1485444/domain/airlock.com/token; style-src 'self' 'unsafe-inline'   *.webspellchecker.net *.typekit.net *.googleapis.com *.google.com *.ytimg.com *.aculo.us; img-src 'self' *.com.ergon03.nine.ch *.microsoft.com data: *.live.com *.webspellchecker.net *.dynamics.com *.google.de *.google.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.typekit.net *.gstatic.com yt3.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.com.ergon03.nine.ch *.mouseflow.com *.hotjar.com *.live.com *.webspellchecker.net *.azureedge.net *.dynamics.com *.microsoft.com *.google.de *.gstatic.com *.google-analytics.com *.youtube.com *.ytimg.com *.google.com snap.licdn.com optimize.google.com *.googletagmanager.com *.aculo.us; font-src 'self' *.com.ergon03.nine.ch *.webspellchecker.net tagmanager.google.com *.typekit.net *.gstatic.com; frame-src 'self' *.com.ergon03.nine.ch *.hotjar.com *.dynamics.com *.youtube-nocookie.com *.vimeo.com *.google.com; frame-ancestors 'self'; 1
frame-ancestors https://app.clonable.net 'self'; 1
font-src * data: cdncf.esignatures.io;       script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdncf.esignatures.io embed.tawk.to www.google-analytics.com ajax.googleapis.com https://zapier.com https://www.gstatic.com checkout.stripe.com www.googleadservices.com www.googletagmanager.com cdn.jsdelivr.net bat.bing.com http://ajax.googleapis.com platform.twitter.com snap.licdn.com cdn.zapier.com d2wy8f7a9ursnm.cloudfront.net;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com fonts.googleapis.com embed.tawk.to netdna.bootstrapcdn.com d1l4caeyiolul.cloudfront.net cdncf.esignatures.io https://www.gstatic.com checkout.stripe.com cdn.jsdelivr.net cdn.zapier.com;       report-uri /csp/report 1
frame-ancestors 'self' *.alibri.cat *.alibri.es 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org www.tickcounter.com adservice.google.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com cdnjs.cloudflare.com g.adspeed.net syndication.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.jsdelivr.net https://acsbapp.com *.vimeo.com https://go.constantcontact.com https://www.ncra.org/tryconstantcontact-ncra https://ncra-shop.myspreadshop.com https://shop.spreadshirt.com https://shop.myspreadshop.com https://www.votervoice.net *.ncra.org *.mobilecause.com *.typeform.com *.outgrow.us *.outgrow.co dyv6f9ner1ir9.cloudfront.net *.rdmobile.com *.fundraise.givesmart.com/ https://form.jotform.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com cdn.jsdelivr.net *.fontawesome.com https://ncra-shop.myspreadshop.com https://ncraprolink.com https://portal.ncra.org *.mobilecause.com *.typeform.com *.outgrow.us *.outgrow.co *.fundraise.givesmart.com; font-src 'self' *.fontawesome.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.cloudfront.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net *.sitefinity.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.adspeed.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.ncra.org *.adspeed.net *.mobilecause.com *.fundraise.givesmart.com; media-src 'self' data: blob:; form-action 'self' *.outgrow.us *.outgrow.co *.fundraise.givesmart.com *.mobilecause.com; frame-src 'self' *.addthis.com *.youtube.com *.cognitoforms.com/ *.doubleclick.net *.tickcounter.com *.googlesyndication.com *.google.com *.vimeo.com *.jotform.com *.votervoice.net *.zohopublic.com *.zoho.com *.wwltv.com *.typeform.com *.outgrow.co *.outgrow.us *.formstack.com *.rdmobile.com *.fundraise.givesmart.com *.mobilecause.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://app.mobilecause.com/ https://fundraise.givesmart.com/; connect-src 'self' accounts.google.com *.insight.sitefinity.com *.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.addthis.com *.doubleclick.net *.googlesyndication.com *.acsbapp.com *.googleapis.com https://ncra-shop.myspreadshop.com *.ncra.org *.mobilecause.com *.typeform.com *.outgrow.co *.outgrow.us *.rdmobile.com *.fundraise.givesmart.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' neagent.info *.neagent.info 137608.selcdn.ru *.jsdelivr.net *.chatwoot.com cleversite.ru *.cleversite.ru wss://*.cleversite.ru cdnjs.cloudflare.com *.yadro.ru rambler.ru *.rambler.ru yandex.ru *.yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.st *.yandex.st yandex.md *.yandex.md yastatic.net *.yastatic.net google.com *.google.com google.ru *.google.ru googleapis.com *.googleapis.com gstatic.com *.gstatic.com googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com *.ggpht.com youtube.com *.youtube.com *.ytimg.com *.googletagservices.com *.googletagmanager.com *.ampproject.org *.googleoptimize.com vk.com *.vk.com vk.me *.vk.me userapi.com *.userapi.com telegram.org *.telegram.org ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru data:; 1
frame-ancestors 'self' https://a34.nice-incontact.com; 1
script-src 'strict-dynamic' https: 'self' 'nonce-DEeZeuTHBVL1QpYXl1+yK126BasA2XbiSN2QQuNw0+M='; object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; style-src 'unsafe-inline' https: 'self'; style-src-attr 'unsafe-inline' 1
frame-ancestors 'self' *.gcumedia.com *.gcu.edu *.gce.media https://*.gcu.edu https://*.qa.gcu.edu https://*.dev.gcu.edu http://localhost:*; 1
base-uri  'none'; default-src  'none'; script-src  'self'  https://cdn.fanflix.co  https://connect.facebook.net  https://www.googletagmanager.com  https://static.klaviyo.com/onsite/  https://static-tracking.klaviyo.com/onsite/  'unsafe-inline'  'nonce-92d+fWuJwFatuT+U'  'strict-dynamic'; style-src  'self'  'unsafe-inline'  https://cdn.fanflix.co  https://fonts.googleapis.com  https://accounts.google.com/gsi/style; frame-src  https://accounts.google.com; frame-ancestors  'self'; manifest-src  'self'  https://cdn.fanflix.co; img-src  'self'  https://cdn.fanflix.co  https://mdeo.imgix.net  https://fanflix.imgix.net  https://www.facebook.com/tr/  https://www.google-analytics.com  https://www.google.com/pagead/; font-src  data:  https://fonts.gstatic.com; connect-src  'self'  https://fonts.googleapis.com/css  https://www.facebook.com/platform/  https://*.google-analytics.com  https://*.klaviyo.com; 1
frame-ancestors 'self' https://gameloader.marsbet.com 1
frame-src 'self' https://werbung.transgourmet.de https://www.youtube.com https://www.google.com www.recaptcha.net *.b2clogin.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl www.xing-events.com https://www.xing-events.com www.google.com content.syndigo.com www.recaptcha.net cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://werbung.transgourmet.de; report-uri https://www.transgourmet.de/report-uri/enforce 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-P3FbHXOFkFfNW_Z8xsU8fg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://intranat.jarfalla.se/; 1
base-uri 'self'; default-src 'none'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://sp.tinymce.com https://c.seznam.cz/ https://www.google.com/ https://www.google.cz https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.google.com/ https://*.gstatic.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://*.addthis.com https://www.google.com https://www.gstatic.com/recaptcha/ https://*.tiny.cloud/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net http://*.addthis.com https://*.moatads.com https://*.addthisedge.com http://*.pinterest.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://c.imedia.cz https://c.seznam.cz https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.seznam.cz https://*.seznam.cz https://*.google.com https://*.googleadservices.com/; frame-src https://www.youtube.com https://*.facebook.com https://*.addthis.com https://www.google.com/recaptcha/ https://consentcdn.cookiebot.com https://dvorak:8890 https://*.google.com https://dvorak.pavelszabo.cz https://www.antonin-dvorak.cz; connect-src https://cdn.tiny.cloud https://www.google-analytics.com https://*.addthis.com https://region1.analytics.google.com https://consentcdn.cookiebot.com/ https://*.withgoogle.com https://dvorak:8890 https://www.dvorak:8890 https://dvorak.pavelszabo.cz https://www.antonin-dvorak.cz https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://cdn.jsdelivr.net http://fonts.googleapis.com https://www.google.com/; font-src 'self' data: https://fonts.gstatic.com; 1
base-uri 'self'; connect-src 'self' https://vimeo.com; default-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src 'self' blob: data: https://i.vimeocdn.com; media-src 'self' blob: data:; report-uri https://9wrj4y01.uriports.com/reports/enforce; script-src 'self' 'unsafe-inline' https://player.vimeo.com; style-src 'self' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' http://10.1.0.241 1
script-src 'self'  'unsafe-inline'  blob:  https://unpkg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.dlt.com  https://platform.twitter.com  https://www.google-analytics.com  https://bat.bing.com  https://tag.demandbase.com  https://www.googletagmanager.com  https://fast.wistia.com  https://*.fontawesome.com  https://tribl.io  https://*.boldchat.com  https://*.driftt.com  https://*.addtoany.com  https://*.marketo.net  https://script.crazyegg.com  https://ws.zoominfo.com  https://www.clarity.ms  https://*.clickagy.com  https://*.addtoany.com  https://hcaptcha.com  https://*.marketo.com  https://*.newrelic.com  https://*.nr-data.net  https://view.ceros.com  https://*.company-target.com; object-src https://govitpodcast.buzzsprout.com; connect-src 'self' https://*.google.com https://s.company-target.com https://*.zoominfo.com https://*.demandbase.com https://*.litix.io https://*.wistia.com https://api.company-target.com https://www.google-analytics.com https://script.crazyegg.com https://*.mktoresp.com https://*.clarity.ms https://*.doubleclick.net https://*.clickagy.com https://segments.company-target.com https://*.nr-data.net https://*.bing.com https://*.dlt.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://*.mktoutil.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; img-src 'self' data: https://matomo.localethereum.com https://matomo.localcryptos.com https://blog.localcryptos.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.localethereum.com https://matomo.localcryptos.com; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' data: https://matomo.localcryptos.com https://api.localethereum.com https://api.localethereumapi.com https://localcryptosapi.com https://api.localcryptosapi.com https://proxy.api.localethereumapi.com https://api.localethereum.dev.michael.pub https://localethereum-user-blobs.s3.amazonaws.com https://mainnet.infura.io wss://bridge.walletconnect.org; font-src 'self' data: https://fonts.gstatic.com; media-src 'self'; frame-src https://localethereum.com https://localcryptos.com https://cn.localcryptos.com https://www.youtube.com https://www.youtube-nocookie.com https://widget.portis.io https://x2.fortmatic.com; frame-ancestors https://myethvault.com https://localcryptos.com https://cn.localcryptos.com; manifest-src 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self' *.jamef.com.br ; script-src 'self' https://www.googletagmanager.com  https://netdna.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' *.jamef.com.br *.bhz.jamef *.dtc.jamef apis.google.com www.google.com ssl.google-analytics.com tagmanager.google.com www.google-analytics.com www.gstatic.com gstatic.com maps.googleapis.com cdnjs.cloudflare.com ajax.googleapis.com storage.googleapis.com code.jquery.com cdn.cookielaw.org https://cdn.datatables.net https://cdn.rawgit.com https://geolocation.onetrust.com ; img-src 'self' * blob: data:; style-src 'self' https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline' www.gstatic.com gstatic.com maps.googleapis.com fonts.googleapis.com code.jquery.com *.cookielaw.org *.onetrust.com ; font-src 'self' https://netdna.bootstrapcdn.com  https://cdn.jsdelivr.net  fonts.gstatic.com  themes.googleusercontent.com ; frame-src 'self' *.vscode-cdn.net https://embed.diagrams.net  https://www.bnet.bradesco.com.br https://www.facebook.com; object-src 'self' * blob: data:; connect-src 'self' www.google-analytics.com http://gitlab.jamef.com.br https://cdn.jsdelivr.net *.jamef.com.br http://jobserver1.dtc.jamef:8123 https://jobserver1.dtc.jamef:3030 *.amazonaws.com https://cdn.cookielaw.org https://cdn.jsdelivr.net data:; child-src 'self' * blob: data:; frame-ancestors *.jamef.com.br 1
frame-ancestors 'self' https://*.lexus.de https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-5djBAhgU6lT6/IvDqBYV1J+3001Gap43QwbVwQ0EoTQ=' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-2e55ba11329edd79b5c2c3cb34308fc7'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.fr https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.fr https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.fr;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.fr  https://smetrics.vwfs.fr https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.fr;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.fr https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.fr https://smetrics.vwfs.fr https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://jobs.careerpage.fr;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors 'self' https://*.straitstimes.com https://*.businesstimes.com.sg https://*.zaobao.com.sg https://*.zaobao.com https://*.shinmin.sg https://*.wanbao.com.sg https://*.beritaharian.sg https://*.beritaharian.sg https://*.tamilmurasu.com.sg https://*.stproperty.sg https://newslink.sg https://*.sgsme.sg https://*.sphdigital.com; 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'nonce-QFvGiAs+B5bFa8O/0TYL6zWL' 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.freshworks.com https://*.freshdesk.com https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://*.exponea.com https://*.meteonomiqs.com https://*.aservice.cloud https://api-mcj.wkda.de; default-src 'self' 'unsafe-inline'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.friday-prod.de data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.freshworks.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kaskocloud.com https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday-prod.de https://*.friday.de https://*.google.com https://partner.wirkaufendeinauto.de https://autohero-widgets.prod.retail.auto1.cloud; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.friday-prod.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.at https://*.google.ba https://*.google.be https://*.google.bg https://*.google.ca https://*.google.ch https://*.google.co.in https://*.google.co.jp https://*.google.co.ma https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.bd https://*.google.com.eg https://*.google.com.mx https://*.google.com.ph https://*.google.com.pk https://*.google.com.tr https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.es https://*.google.fr https://*.google.hr https://*.google.it https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.se https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; manifest-src 'self'; media-src 'self' https://*.gstatic.com data:; report-uri https://sentry.forfriday.de/api/61/security/?sentry_key=7d02d74a455b48749b29f3c7b7820fee&sentry_environment=production; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.freshworks.com https://*.freshdesk.com https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.googleadservices.com https://*.googleapis.com https://prismic.io/prismic-toolbar/4.0.9/toolbar.js https://*.google-analytics.com https://*.googlesyndication.com https://*.youtube.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.friday-empfehlen.de https://*.kaskojs.com/v2 https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com https://*.aservice.cloud https://static.wirkaufendeinauto.de https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.freshworks.com https://autohero-widgets.prod.retail.auto1.cloud; worker-src blob:; ; 1
frame-ancestors 'self' *.sparkboxqa.com sparkboxqa.com *.tirediscounters.com tirediscounters.com *.dev.tirediscountersdirect.com *.tirediscountersdirect.com tirediscountersdirect.com localhost:8080 localhost:8081 1
default-src 'self' https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; style-src 'self' 'unsafe-inline' https://cdn.flowplayer.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.flowplayer.com https://unpkg.com https://www.googletagmanager.com https://www.google-analytics.com https://gapl.hit.gemius.pl https://www.googletagservices.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://securepubads.g.doubleclick.net https://ssl.google-analytics.com https://adservice.google.com https://adservice.google.pl https://pagead2.googlesyndication.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://connect.facebook.net; img-src 'self' data: https://akademiakomunikacji.pap.pl https://pap-mediaroom.pl https://www.google.com https://www.google.pl https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.gstatic.com https://unpkg.com https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://iframe.dacast.com https://*.dcs.redcdn.pl https://*.vimeo.com https://multimedia.europarl.europa.eu https://ljsp.lwcdn.com https://images.dacast.com https://ls.hit.gemius.pl https://www.youtube.com https://www.google.com https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; frame-ancestors 'self'; connect-src 'self' https://*.analytics.google.com https://play.lwcdn.com https://*.g.doubleclick.net https://www.google-analytics.com https://adservice.google.com https://pagead2.googlesyndication.com; child-src 'none'; object-src 'none'; base-uri 'self'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com; frame-ancestors 'self' *.masternautconnect.com:* *.connectedfleet.michelin.com:*; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; 1
default-src 'self' *.cloudfront.net *.maple.finance *.contentful.com 127.0.0.1:* localhost:*; connect-src 'self' *.cloudfront.net *.ctfassets.net *.hsforms.com *.hsforms.net js-eu1.hscollectedforms.net js-eu1.hs-banner.com js-eu1.hs-analytics.net *.hscollectedforms.net *.hubspot.com *.maple.finance *.contentful.com hubspot-forms-static-embed-eu1.s3.amazonaws.com www.google-analytics.com www.google.com 127.0.0.1:* localhost:*; child-src *.cloudfront.net *.maple.finance 127.0.0.1:* localhost:*; font-src 'self' data: fonts.gstatic.com use.typekit.net 127.0.0.1:* localhost:*; form-action *.cloudfront.net *.hsforms.com *.hubspot.com *.maple.finance; media-src 'self' *.cloudfront.net *.ctfassets.net *.maple.finance; img-src 'self' *.cloudfront.net *.ctfassets.net *.hsforms.com *.hsforms.net *.hubspot.com *.maple.finance t.co *.twitter.com www.google-analytics.com www.gstatic.com blob: data: 127.0.0.1:* localhost:*; script-src 'self' *.cloudfront.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.static.ads-twitter.com *.maple.finance *.twitter.com *.usemessages.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-eval' 127.0.0.1:* localhost:*; style-src 'self' *.cloudfront.net *.maple.finance fonts.googleapis.com 127.0.0.1:* localhost:* 'unsafe-inline'; frame-src *.hsforms.com *.hsforms.net *.hubspot.com *.twitter.com www.google.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1c246bliqu3um&partner=; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https: 'unsafe-inline' * blob:; 1
script-src 'self' static.omegazero.org x-0008.p.u9sv.com x-001a.p.u9sv.com 'sha256-Deekn20h+++EarpL0nFQLX7JSJv7s/2W9f988ZFAh14=' 'report-sample'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; report-to sec-endpoint; report-uri https://api.omegazero.org/v2/meta/report?t=sec 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fadada.com *.fabigbig.com fabigbigstatic.oss-cn-hangzhou.aliyuncs.com static.sensorsdata.cn api.growingio.com dn-growing.qbox.me hm.baidu.com hmcdn.baidu.com dlswbr.baidu.com szcert.ebs.org.cn api.map.baidu.com maponline0.bdimg.com maponline2.bdimg.com maponline1.bdimg.com *.geetest.com *.geevisit.com *.gsensebot.com dn-staticdown.qbox.me; font-src 'self' data: *.fadada.com *.alicdn.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YzQ3MDI4M2JiYmEyNDQ3YjlmYzVkYjUyMGZmZTlkODA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.wrr.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.wrr.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.wrr.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' * data: 'unsafe-eval' 'unsafe-inline' blob: https://www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__en.js https://www.googletagmanager.com https://sdki.truepush.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com http://cdn.taboola.com/libtrc/unip/1231668/tfa.js  https://www.google.com/ https://www.google-analytics.com  data: gap: https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://raw.githubusercontent.com https://www.googletagmanager.com https://sdki.truepush.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' https://cdn.taboola.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.canararobeco.com *.youtube.com *.cdnjs.cloudflare.com https://websdk.appsflyer.com  https://www.clarity.ms/s/0.7.16/clarity.js https://www.clarity.ms/s/0.7.20/clarity.js https://websdk.appsflyer.com https://gd.geobytes.com https://raw.githubusercontent.com https://ajax.googleapis.com https://unpkg.com https://www.googleoptimize.com https://tags.crwdcntrl.net/lt/c/16011/sync.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://www.gstatic.com https://www.google-analytics.com https://www.clarity.ms/tag/fulujs2qqd http://cdn.taboola.com https://www.googletagmanager.com https://sdki.truepush.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com http://www.googletagmanager.com http://sdki.truepush.com http://trc.taboola.com http://www.google.com https://pagecdn.io/lib/jquery-cookie/v1.4.1/jquery.cookie.js http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.googleadservices.com/pagead/conversion/10938056947 https://www.googleadservices.com/pagead/conversion/10938056947/ https://www.clarity.ms/s/0.7.10/clarity.js https://www.clarity.ms/tag/fugqhb4t6j http://cdnjs.cloudflare.com data: blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.googletagmanager.com *.gstatic.com; worker-src 'self' * data: blob: gap: 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://cds.taboola.com https://www.google.co.in/pagead/1p-conversion https://www.canararobeco.com/images/default-source/nfo/multicap-fund-benchmarkrisk-o-meter.png https://www.mutualfundindia.com/Images/CanaraRobeco/img/logo.png https://www.canararobeco.com/images/default-source/default-album/debt-market.png https://www.canararobeco.com/images/default-source/default-album/equity-market.png https://www.canararobeco.com/images/default-source/default-album/nfo-launch.png https://www.canararobeco.com/images/default-source/default-album/ajay.png https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10938056947/ https://www.canararobeco.com/assets/images/grey-calendar.png https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://uat.canararobeco.com/assets/images/grey-calendar.png  https://tpcs.payu.in/pixelwithcookie.gif https://tags.crwdcntrl.net https://www.googletagmanager.com  https://sdki.truepush.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com https://apis.google.com https://www.google.co.in https://www.google-analytics.com data:; media-src 'self' data:; connect-src * 1
default-src 'self'; connect-src *; frame-src *; font-src * data:; media-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://view.ceros.com https://ceros.macfarlanes.com/ https://macfarlanes.preview.ceros.com/; 1
frame-ancestors self mybroadbandaccount.com *.mybroadbandaccount.com dd9.com *.dd9.com lovelandpulse.com *.lovelandpulse.com lovelandpulse:8888 1
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors www.greenvaluechains.com 1
script-src 'strict-dynamic' 'self' 'nonce-RM5MQNRP/qDs6mJJbNueDw==' 'report-sample'; report-uri /uwmciamprod.onmicrosoft.com/B2C_1A_SignUpOrSignIn/client/cspreport?p=B2C_1A_SignUpOrSignIn 1
object-src 'self' *.reseau-canope.fr *.canoprof.fr *.canotech.fr *.mathador.fr *.viaeduc.fr *.quiziniere.com *.education-securite-routiere.fr 1
base-uri 'self'; connect-src 'self' https://collector.leadinfo.net https://api.leadinfo.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://z.clarity.ms/collect https://forms-eu1.hsforms.com/ https://forms-eu1.hubspot.com/ https://forms-eu1.hscollectedforms.net/ https://api-eu1.hubapi.com/ https://t.clarity.ms/collect https://analytics.google.com/  https://ws.zoominfo.com/pixel/collect https://www.clarity.ms/ https://s.clarity.ms/collect https://u.clarity.ms/collect https://cdn.linkedin.oribi.io/ https://q.clarity.ms/collect https://stats.g.doubleclick.net/ https://www.qoetient.tataelxsi.com/ https://translate-pa.googleapis.com https://translate.googleapis.com https://www.google-analytics.com; default-src 'self' https://cdnjs.cloudflare.com https://www.qoetient.tataelxsi.com/; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net/ https://forms-eu1.hsforms.com/ https://www.google.com/ https://www.youtube.com https://www.youtube.com/iframe_api https://www.brighttalk.com/ https://streamyard.com/; img-src 'self' https://www.tataelxsi.com/ https://beta.tataelxsi.com/ https://lltrck.com https://imagedelivery.net https://forms-eu1.hsforms.com/ https://forms.hsforms.com/ https://tr.line.me/ https://forms-eu1.hsforms.com/ https://track-eu1.hubspot.com/ https://c.clarity.ms/c.gif https://c.bing.com/ https://googleads.g.doubleclick.net/ https://www.google.co.in/ https://tataelxsi.com https://px4.ads.linkedin.com/ https://px.ads.linkedin.com/ https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; manifest-src 'self'; media-src 'self' https://tataelxsi.com/; object-src 'none'; report-uri https://606ff12c9b5a165b64806a97.endpoint.csper.io/; script-src 'unsafe-inline' 'self' https://js-eu1.hubspot.com https://lltrck.com/scripts/ https://cdn.leadinfo.net/ https://www.google.com/  https://js-eu1.hsforms.net/forms/embed/v2.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js https://d.line-scdn.net/ https://googleads.g.doubleclick.net/ https://js-eu1.hsadspixel.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hsleadflows.net/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hs-analytics.net/ https://www.googleadservices.com/ https://ws.zoominfo.com/ https://snap.licdn.com/ https://js-eu1.hs-scripts.com/ https://www.clarity.ms/ https://s.clarity.ms/collect https://u.clarity.ms/collect https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ec0ced91/www-widgetapi.vflset/www-widgetapi.js https://translate.google.com/translate_a/element.js https://translate-pa.googleapis.com https://translate.googleapis.com https://translate.googleapis.com/translate_static/js/element/main.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.brighttalk.com/clients/js/player-embed/player-embed.js https://streamyard.com/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://translate.googleapis.com; worker-src 'none'; 1
default-src 'self'; form-action 'self'; frame-src 'self'; img-src 'self' 1
frame-ancestors 'self' *.bahrainbourse.com bahrainbourse.com *.directfn.com/* https://ir.directfn.com/ 1
base-uri 'self';object-src 'none' 1
default-src 'self';     frame-ancestors 'self';     img-src 'self' *.giphy.com oaidalleapiprodscus.blob.core.windows.net data: ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.google.com *.gstatic.com *.stripe.com ipinfo.io ;     font-src 'self' fonts.gstatic.com data: ;     style-src 'self' 'unsafe-inline' fonts.googleapis.com *.getmdl.io;     media-src 'self' *.youtube.com *.youtube-nocookie.com;     object-src 'self' *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com;     connect-src 'self' *.giphy.com;     frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.stripe.com; 1
base-uri 'self'; default-src 'none'; script-src 'strict-dynamic' 'nonce-dzjIQ63BPJkLU1mdtisILAevbsbaK0N5'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: blob: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org i.ytimg.com maps.googleapis.com maps.gstatic.com s3.eu-west-1.amazonaws.com twemoji.maxcdn.com widget.kominfo.go.id www.googletagmanager.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com widget-v4.tidiochat.com; connect-src 'self' maps.googleapis.com stats.addtoany.com stats.g.doubleclick.net widget.kominfo.go.id www.google-analytics.com wss://socket.tidio.co; media-src 'self' widget-v4.tidiochat.com; object-src 'none'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' docs.google.com newassets.hcaptcha.com static.addtoany.com view.officeapps.live.com www.google.com www.youtube.com; manifest-src 'self'; worker-src 'self'; upgrade-insecure-requests; 1
frame-ancestors https://*.etracker.com 1
default-src 'self' data: *.nit.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://member.nit.ac.ir https://ext.nit.ac.ir http://www.nit.ac.ir https://www.nit.ac.ir https://member.nit.ac.ir/phonebook/index.php https://www.openstreetmap.org https://map.ir/ https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://member.nit.ac.ir https://ext.nit.ac.ir http://www.nit.ac.ir https://www.nit.ac.ir https://member.nit.ac.ir/phonebook/index.php https://www.openstreetmap.org https://map.ir/; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' https://www.toyotaalbania.al https://www.toyota.hr https://www.toyota.ie https://www.toyota.ge https://www.toyota.gr https://www.toyota.it https://www.toyota.lt https://www.toyota.md https://www.toyota.no https://www.toyota.ru https://www.toyota.es https://www.toyota.ua https://www.toyota.am https://www.toyota.ba https://*.toyota.be https://www.toyota.com.cy https://www.toyota.ee https://www.toyota.de https://www.toyota.hu https://www.toyota.kz https://www.toyota.lu https://www.toyota.fr https://www.toyota.pl https://www.toyota.rs https://www.toyota.se https://www.toyota.at https://www.toyota.bg https://www.toyota.cz https://www.toyota.fi https://www.toyota-gib.com https://www.toyota.is https://www.toyota-kosovo.com http://www.toyota.com.mk https://www.toyotacg.me https://www.toyota.pt https://www.toyota.sk https://*.toyota.ch https://www.toyota.az https://www.toyota-canarias.es https://www.toyota.dk https://www.toyota.fr https://www.toyota.co.uk https://www.toyota.co.il https://www.toyota.lv http://toyota.com.mt https://www.toyota.nl https://www.toyota.ro https://www.toyota.si https://www.toyota.com.tr https://www.toyota-europe.com https://*.toyota.eu 1
frame-ancestors 'self' https://learn.accesscorp.com https://virgoapi.accesscorp.com https://unify.accesscorp.com https://app-sj22.marketo.com; 1
frame-ancestors 'self' https://matomo.sharpnecdisplays.eu 1
default-src 'self'; script-src 'self' data: https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://js.hsadspixel.net https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com; script-src-elem 'self' data: 'unsafe-inline' https://player.vimeo.com https://js.hsforms.net https://s3.amazonaws.com https://js.hsadspixel.net https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com https://s3.amazonaws.com; script-src-attr 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js.hscollectedforms.net https://bat.bing.com https://up.pixel.ad https://code.jquery.com; style-src 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com https://s3.amazonaws.com ; style-src-elem 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com https://s3.amazonaws.com;  style-src-attr 'self' data: 'unsafe-inline' https://*.fontawesome.com https://*.googleapis.com https://*.westfax.com https://*.freshworks.com; img-src 'self' data: http://www.w3.org/2000/svg; font-src 'self' data: https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://westfax.freshdesk.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://*.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.freshworks.com https://*.google-analytics.com https://*.hubspot.com https://google-analytics.com https://*.clarity.ms https://*.googleadservices.com https://pixel.sitescout.com https://*.doubleclick.net https://*.google.com; media-src 'self' https://*.youtube.com; object-src 'self'; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.google.com https://forms.hsforms.com https://westfax.freshdesk.com https://*.westfax.com https://*.sitescout.com https://*.doubleclick.net https://*.youtube.com; worker-src 'self'; form-action 'self' https://forms.hsforms.com https://*.westfax.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-jmm5RTklQw6bjXVBk31Riw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://www.googletagmanager.com https://*.gstatic.com https://*.cloudfront.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://res.cloudinary.com https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.doubleclick.net https://www.google-analytics.com https://*.sharethis.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://forms.hormelstaging.com https://hormel.my.salesforce-sites.com https://*.salesforceliveagent.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://mpsnare.iesnare.com https://*.jsdelivr.net https://www.googleadservices.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://ws.sharethis.com https://*.salesforce.com https://hormel.my.salesforce-sites.com https://*.salesforceliveagent.com ;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://*.googletagmanager.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.jsdelivr.net https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://*.salesforce-sites.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://hormelchat.secure.force.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://*.iriworldwide.com wss://ws.pusherapp.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://service.force.com https://*.sharethis.com https://widgets.wp.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es desarrollos.cesvicolombia.com *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://stat.envir.ee/ https://search.service.vportal.ee/v1/search/kataster https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/kataster https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://xgis.maaamet.ee; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee https://opendata-ui.envir.ee/; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://xgis.maaamet.ee *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://stat.envir.ee/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://stat.envir.ee/matomo.js cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://xgis.maaamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://xgis.maaamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.toyota.at https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.orgma.ru https://ajax.googleapis.com https://mc.yandex.ru https://www.google-analytics.com; connect-src 'self' https://*.orgma.ru; img-src 'self' https://*.orgma.ru; media-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self'; font-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.gstatic.com https://www.google.com https://ajax.googleapis.com https://*.sharethis.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.6.2/modernizr.min.js https://connect.facebook.net https://maps.googleapis.com https://use.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://ws.sharethis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://bcp.crwdcntrl.net/6/map https://analytics.google.com https://l.sharethis.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.ca; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://app.cyberimpact.com https://view.genial.ly https://forms.office.com https://chuq.cvmanager.com https://www.youtube.com https://t.sharethis.com https://ws.sharethis.com https://www.facebook.com https://www.google.com; img-src 'self' data: https://l.sharethis.com https://maps.googleapis.com https://maps.gstatic.com https://sync.sharethis.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self';        block-all-mixed-content;        default-src 'self';        script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://ajax.googleapis.com https://cdn.datatables.net https://cdn.iubenda.com https://d3e54v103j8qbb.cloudfront.net https://google-analytics.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://synlab.milklab.it https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.youtube.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.iubenda.com https://www.googletagmanager.com *.iubenda.com 'unsafe-eval';        style-src 'self' 'report-sample' 'unsafe-inline' use.fontawesome.com *.bootstrapcdn.com ajax.googleapis.com cdn.iubenda.com cdn.datatables.net fonts.googleapis.com unpkg.com *.iubenda.com;        object-src 'none';        frame-src 'self' *.youtube.com www.youtube-nocookie.com www.google.com *.iubenda.com;        child-src 'self' www.youtube.com;        img-src 'self' data: blob: *.google-analytics.com *.google.com *.ytimg.com *.youtube.com ajax.googleapis.com fonts.gstatic.com unpkg.com cdn.datatables.net *.iubenda.com;        font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com unpkg.com;        connect-src 'self' use.fontawesome.com *.google.com *.iubenda.com ajax.googleapis.com fonts.gstatic.com fonts.googleapis.com stats.g.doubleclick.net www.google-analytics.com;        manifest-src 'self';        base-uri 'self';        form-action 'self';        media-src 'self';        prefetch-src 'self';        worker-src 'self'; 1
default-src 'self' wss: https://www.google-analytics.com https://*.inbenta.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://project.woonmodule.nl https://*.pinimg.com https://*.pinrterest.com https://player.vimeo.com https://extend.vimeocdn.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.go-mpulse.net https://optimize.google.com *.livechatinc.com *.cookiebot.com *.googletagmanager.com *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.ytimg.com https://*.cookiebot.com https://*.pardot.com https://*.hotjar.com https://eu2.snoobi.eu https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://www.google.com/pagead/ https://analytics.twitter.com https://sdk.inbenta.io https://tagmanager.google.com/; worker-src blob:; frame-src 'self' https://www.facebook.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://*.livechatinc.com https://*.cookiebot.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.hotjar.com; img-src 'self' data: blob: mediastream: https://project.woonmodule.nl https://*.pinterest.com https://p.adsymptotic.com https://pi.pardot.com https://*.akstat.io https://www.linkedin.com https://optimize.google.com https://www.google.nl/pagead/ https://www.google.com/pagead/ https://cdn.livechatinc.com/ https://*.inbenta.io https://*.inbenta.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.gstatic.com https://t.co https://px.ads.linkedin.com https://www.facebook.com https://i.ytimg.com https://*.snoobi.eu https://*.blob.core.windows.net https://www.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://project.woonmodule.nl https://www.googletagmanager.com https://optimize.google.com https://sdk.inbenta.io https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://cdn.inbenta.io https://script.hotjar.com https://fonts.gstatic.com https://cdn.inbenta.io; connect-src 'self' 'unsafe-inline' https://*.pinterest.com https://www.gstatic.com https://vimeo.com https://googleads.g.doubleclick.net/ https://consentcdn.cookiebot.com https://www.google.com https://*.googlesyndication.com https://*.akstat.io https://*.go-mpulse.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.inbenta.io https://*.google-analytics.com https://*.googleapis.com; 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob: https: 1
default-src 'self'; script-src 'self' https://ingress.crowdpurr.com https://www.google.com https://www.googletagmanager.com 'sha256-W+XeZiIHtLq7Y2KSmr6DqjMcCn8jAXz/4SYpVaV/qE0=' https://www.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://player.twitch.tv https://d1dzpm7ky4geqi.cloudfront.net 'unsafe-eval'; connect-src * 'self'; img-src data: 'self' http://* https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://d1dzpm7ky4geqi.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://d1dzpm7ky4geqi.cloudfront.net; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://player.twitch.tv https://www.facebook.com https://viewer.millicast.com; media-src 'self' https://viewer.millicast.com https://d1dzpm7ky4geqi.cloudfront.net; 1
base-uri 'self' https://*.headbox.com; connect-src 'self' https://*.headbox.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://*.iubenda.com https://schema.org https://*.sentry.io https://*.hubspot.com https://*.hotjar.io https://*.hotjar.com https://*.linkedin.oribi.io https://forms.hscollectedforms.net; default-src 'self' https://*.headbox.com; font-src https://*.gstatic.com https://script.hotjar.com; frame-ancestors https://*.headbox.com; frame-src https://www.facebook.com; img-src https://*.headbox.com 'self' https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.gstatic.com https://www.facebook.com https://*.headbox.com https://cdnjs.cloudflare.com https://script.hotjar.com https://*.hotjar.com https://*.hsforms.com/ https://www.google.com https://www.google.co.uk https://*.imgix.net https://*.linkedin.com https://*.linkedin.oribi.io https://track.hubspot.com/ https://hb-strapi-media.s3.eu-west-1.amazonaws.com data:; script-src https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.headbox.com https://*.iubenda.com https://schema.org https://*.sentry.io https://js.hubspot.com https://script.hotjar.com https://*.hotjar.com 'nonce-A2rNirICcuCDa5L3ECX1sg==' 'nonce-fmjtMh868v8Zx59qbXomkg==' 'nonce-XprD/b5rqxVSdq6AEyqP6Q==' 'nonce-pU4ekkGNGUhx+Ofid7v7FA==' 'nonce-7W3+aUtCnks7WOmRtrH0IQ==' https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://platform.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://*.sentry-cdn.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hscollectedforms.net https://js.usemessages.com; style-src https://*.googleapis.com https://*.headbox.com 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lile.cl; img-src 'self' https: data: blob: https://lile.cl; style-src 'self' https://lile.cl 'nonce-e8MTYJxmkZWVUwrv0FtlJA=='; media-src 'self' https: data: https://lile.cl; frame-src 'self' https:; manifest-src 'self' https://lile.cl; form-action 'self'; child-src 'self' blob: https://lile.cl; worker-src 'self' blob: https://lile.cl; connect-src 'self' data: blob: https://lile.cl https://lile.cl wss://lile.cl; script-src 'self' https://lile.cl 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com *.pathmotion.io 1
frame-ancestors 'self' https://www.companionlink.com; 1
frame-ancestors https://facebook.com https://www.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' crypto.com *.kryll.io *.google-analytics.com player.vimeo.com td.doubleclick.net *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com/; connect-src 'self' stats.g.doubleclick.net analytics.google.com *.analytics.google.com *.kryll.io api.coingecko.com *.zdassets.com *.zendesk.com *.google-analytics.com ; img-src 'self' data: *.kryll.io *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.gravatar.com *.wp.comi cdnjs.cloudflare.com https://animaproject.s3.amazonaws.com https://px.animaapp.com; style-src 'self' *.kryll.io cdn.jsdelivr.net https://animaproject.s3.amazonaws.com https://px.animaapp.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net *.kryll.io *.googleapis.com fonts.gstatic.com;  object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://www.googletagmanager.com/ www.googletagmanager.com *.kryll.io https://www.google-analytics.com *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com crypto.com 1
frame-ancestors 'self' https://*.wolseleyexpress.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addtoany.com *.cookiebot.com *.googletagmanager.com *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com; media-src 'self' blob:; base-uri 'self'; 1
script-src 'self' 'unsafe-eval' localhost:8080 cdn1.readspeaker.com use.typekit.net p.typekit.net www.googletagmanager.com *.google-analytics.com 'unsafe-inline'; connect-src 'self' stats.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com vttts-eu.readspeaker.com media-eu.readspeaker.com cdn1.readspeaker.com ws://localhost:8080/ http://localhost:8080/ https://*.google-analytics.com/; font-src 'self' data: use.typekit.net; frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be app-eu.readspeaker.com 1
default-src 'self' ;style-src 'self' https://fonts.googleapis.com/ https://*.bing.com/ ;connect-src 'self' https://*.bing.com/ ;frame-src 'self' https://www.google.com/ ;plugin-types application-pdf ;script-src 'self' *.uhaul.com/ https://unpkg.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://*.bing.com/ https://*.virtualearth.net ;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: ;img-src 'self' *.uhaul.com/ data: ;object-src 'self' blob: ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c5afe7bfc057df7a7ed9011821c4cf01'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn1.adoberesources.net https://cdn.co-buying.com https://pagead2.googlesyndication.com  https://googleads.g.doubleclick.net https://www.googleadservices.com  *.cloudflare.com https://wpgmaps.us-3.evennode.com/ *.youtube.com *.google.com https://rules.quantcount.com https://secure.quantserve.com https://tagmanager.apigruporsa.com  https://www.gstatic.com https://www.googletagmanager.com/ https://contenidoseniplenitude.es/ *.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://cdn.jsdelivr.net/ https://t.contentsquare.net app.contentsquare.com *.facebook.com *.facebook.net/ https://eniplenitude.es *.eniplenitude.es *.google.es https://service.maxymiser.net/ https://ads-engagement.presage.io *.adform.net https://www.googleoptimize.com https://eniplenitude-es.pro.nurtigo.cloud/mtc.js https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com/ https://fonts.googleapis.com/ https://contenidoseniplenitude.es https://www.googletagmanager.com; img-src 'self' data: https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://maps.googleapis.com/ https://maps.google.com/ https://maps.gstatic.com *.eniplenitude.es *.ytimg.com https://pixel.quantserve.com https://ads-engagement.presage.io https://ps.w.org/ https://s.w.org/ https://secure.gravatar.com/ *.google-analytics.com https://google.com https://google.es https://www.google.com *.contentsquare.net https://aldroenergia.com/ *.facebook.com https://www.googletagmanager.com/ *.google.es https://fonts.gstatic.com/ *.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' data:  https://edge.adobedc.net https://wpgmaps.us-3.evennode.com/ https://maps.googleapis.com *.eniplenitude.es https://pixel.quantcount.com *.contentsquare.net *.cookiebot.com *.facebook.com/ *.facebook.net/ https://contenidoseniplenitude.es/ *.google-analytics.com *.google.com *.doubleclick.net https://www.googletagmanager.com/ *.google.es *.googlesyndication.com *.apigruporsa.com https://eniplenitude-es.pro.nurtigo.cloud/; child-src blob: https://consentcdn.cookiebot.com/; worker-src blob:;  frame-src 'self' https://bp.eniplenitude.es/ https://csxd.contentsquare.net/ https://www.epdata.es/ *.youtube.com https://tagmanager.apigruporsa.com *.doubleclick.net https://consentcdn.cookiebot.com/ *.facebook.com/ *.facebook.net/ https://contenidoseniplenitude.es https://service.maxymiser.net/ https://aax-eu.amazon-adsystem.com/ *.google.com; 1
frame-ancestors gkk-ng-ibe-test.mein-reiseportal.de gkk-ng-ibe-stage.mein-reiseportal.de buchen.galeria-reisen.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tigcdn.com https://tags.tiqcdn.com https://*.hotjar.com https://*.discountpowertx.com https://cloud-us.analytics-egain.com https://*.clarity.ms/s/0.6.34/clarity.js https://s.yimg.com/wi/ytc.js https://*.analytics.google.com https://analytics.google.com *.google-analytics.com https://chat.discountpowertx.com https://*.doubleclick.net https://*.ipredictive.com https://*.google.com https://*.twitter.com https://Api.ipify.org https://Bh.contextweb.com https://t.contentsquare.net https://contentsquare.com https://Ce.lijit.com https://Eb2.3lift.com https://*.hotjar.com https://*.allegiancetech.com https://Pixel.sitecout.com https://r.casalemedia.com https://r.turn.com https://rtb-csync.smartadserver.com https://*.allegiancetech.com https://*.ads-twitter.com https://t.co https://*.googleoptimize.com https://optimize.google.com https://*.googleoptimize.com https://*.krxd.net https://*.adnxs.com https://*.omtrdc.net https://*.demdex.net https://*.adsrvr.org https://*.googleapis.com https://*.amazonaws.com https://*.googletagmanager.com https://*.adobedtm.com https://connect.facebook.net https://bat.bing.com https://ssl.google-analytics.com https://analytics.analytics-egain.com https://www.googleadservices.com https://up.pixel.ad https://reliant.egain.cloud https://www.google-analytics.com https://reliantenergy.sc.omtrdc.net https://*.nrg.com https://ipv4.icanhazip.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.discountpowertx.com https://*.doubleclick.net https://*.google.com https://*.twitter.com https://Api.ipify.org https://Bh.contextweb.com https://Ce.lijit.com https://Eb2.3lift.com https://*.hotjar.com https://*.allegiancetech.com https://Pixel.sitecout.com https://r.casalemedia.com https://r.turn.com https://rtb-csync.smartadserver.com https://*.allegiancetech.com https://*.ads-twitter.com https://t.co https://*.googleoptimize.com https://optimize.google.com https://*.googleoptimize.com https://*.krxd.net https://*.adnxs.com https://*.omtrdc.net https://*.demdex.net https://*.adsrvr.org https://*.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.amazonaws.com https://reliantenergy.sc.omtrdc.net https://*.nrg.com https://ipv4.icanhazip.com https://cdn.jsdelivr.net https://use.fontawesome.com; frame-src 'self' https://www.youtube.com https://*.sfmc-content.com  https://*.discountpowertx.com https://*.doubleclick.net https://reliant.egain.cloud https://vars.hotjar.com https://csxd.greenmountainergy.com https://csxd.nrg.com https://csxd.discountpowertx.com https://csxd.cirroenergy.com https://optimize.google.com https://*.googleoptimize.com https://*.krxd.net https://*.adnxs.com https://*.omtrdc.net https://*.demdex.net https://*.adsrvr.org https://*.googleapis.com https://*.amazonaws.com https://pixel.sitescout.com https://analytics.analytics-egain.com https://*.nrg.com https://ipv4.icanhazip.com; child-src 'self' blob:; img-src 'self' https://*.hotjar.com https://*.discountpowertx.com https://c.bing.com https://sp.analytics.yahoo.com https://c.clarity.ms/c.gif https://*.doubleclick.net https://*.ipredictive.com https://*.google.com https://*.twitter.com https://Api.ipify.org https://Bh.contextweb.com https://Ce.lijit.com https://*.contentsquare.net https://Eb2.3lift.com https://*.hotjar.com https://*.allegiancetech.com https://Pixel.sitecout.com https://r.casalemedia.com https://r.turn.com https://rtb-csync.smartadserver.com https://*.allegiancetech.com https://*.ads-twitter.com https://t.co https://*.googleoptimize.com https://optimize.google.com https://*.googleoptimize.com https://*.krxd.net https://*.adnxs.com https://*.omtrdc.net https://*.demdex.net https://*.adsrvr.org https://*.googleapis.com https://*.amazonaws.com https://*.googletagmanager.com https://seal-houston.bbb.org https://connect.facebook.net https://bat.bing.com https://ssl.google-analytics.com https://analytics.analytics-egain.com https://www.googleadservices.com https://up.pixel.ad https://reliant.egain.cloud https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://reliantenergy.sc.omtrdc.net https://*.nrg.com https://ipv4.icanhazip.com data:; font-src 'self' https://*.hotjar.com https://*.discountpowertx.com https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://collect.tealiumiq.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.discountpowertx.com https://*.clarity.ms/collect https://www.clarity.ms/eus2-b/collect https://s.yimg.com/wi/config/10179008.json https://analytics.google.com https://bat.bing.com/actionp/* wss://ws35.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net *.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://api.ipify.org https://*.contentsquare.net https://*.hotjar.com https://optimize.google.com https://*.googleoptimize.com https://*.krxd.net https://*.adnxs.com https://*.omtrdc.net https://*.demdex.net https://*.adsrvr.org https://www.google-analytics.com https://*.googleapis.com https://*.amazonaws.com https://reliantenergy.sc.omtrdc.net https://*.nrg.com https://ipv4.icanhazip.com; worker-src 'self' blob:; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://cdn.subscribers.com https://a.opmnstr.com https://buttons-config.sharethis.com https://www.youtube.com https://www.muchloved.com https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://embed.tawk.to https://bat.bing.com https://*.adroll.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform-api.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://cdn.subscribers.com https://a.opmnstr.com https://buttons-config.sharethis.com https://www.youtube.com https://www.muchloved.com https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://embed.tawk.to https://bat.bing.com https://*.adroll.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform-api.sharethis.com; style-src * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.freedomfromtorture.org/report-uri/enforce 1
default-src 'self' data: wss: ws: https:;base-uri 'self';style-src 'self' 'unsafe-inline' 'unsafe-eval' *.armatic.com cdn.jsdelivr.net fonts.googleapis.com *.appcues.com *.appcues.net appcenter.intuit.com static.hsappstatic.net data: blob: *;script-src 'self' 'unsafe-eval' 'nonce-c1b24583-0db5-4d2f-b755-f039ad0c8e11' *.livechatinc.com *.bluesnap.com *.google.com *.twilio.com widget.intercom.io *.armatic.com onesignal.com cdn.onesignal.com code.jquery.com appcenter.intuit.com js.stripe.com cdn.ravenjs.com *.hs-scripts.com ajax.googleapis.com cdn.segment.com cdn.polyfill.io cdn.mxpnl.com *.appcues.com *.appcues.net www.googletagmanager.com js.hs-analytics.net s.adroll.com *.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net media.twiliocdn.com cdn.logrocket.io js.hscollectedforms.net js.usemessages.com js.hsadspixel.net cdn2.hubspotqa.net js.hs-banner.com static.hsappstatic.net snap.licdn.com js-agent.newrelic.com js.intercomcdn.com bam.nr-data.net cdn.logrocket.io cdn.lr-ingest.io;frame-src 'self' *.armatic.com *.livechatinc.com *.google.com bluesnap.com *.bluesnap.com pscore-production.s3-us-west-2.amazonaws.com pscore-production.s3.amazonaws.com js.stripe.com bid.g.doubleclick.net *.appcues.com onesignal.com app.hubspot.com;object-src 'self';font-src 'self' fonts.gstatic.com pscore-production.s3.amazonaws.com pscore-production.s3-us-west-2.amazonaws.com js.intercomcdn.com m.stripe.network fonts.googleapis.com fonts.google.com data:;media-src 'self' *.armatic.com data: blob:;img-src 'self' *.armatic.com res.cloudinary.com twemoji.maxcdn.com track.hubspot.com px.ads.linkedin.com www.google.com p.adsymptotic.com forms.hsforms.com www.google.com.ua www.google-analytics.com stats.g.doubleclick.net *.bluesnap.com *.amazonaws.com *.salesforce.com data: blob:;connect-src 'self' wss: blob: *.armatic.com *.logrocket.io *.hubspot.com armatic-dev.s3.amazonaws.com pscore-production.s3-us-west-2.amazonaws.com pscore-production.s3.amazonaws.com api.mixpanel.com *.appcues.com *.appcues.net wss://*.appcues.net wss://*.appcues.com notify.bugsnag.com js.hs-banner.com *.segment.com api.segment.io api.hubapi.com sentry.io *.lr-ingest.io sentry.io onesignal.com;child-src 'self' blob:;frame-ancestors 'none';worker-src 'self' blob:; 1
default-src 'self' data: https://files.radiomd.com https://radiomd.com https://support.doctorpodcasting.com https://*.facebook.com  https://fonts.googleapis.com https://*.gstatic.com https://173.193.205.96:2199 https://www.google-analytics.com https://pixel.quantserve.com/ https://stats.g.doubleclick.net https://fonts.gstatic.com https://ajax.googleapis.com https://*.addthis.com http://media.blubrry.com https://media.blubrry.com 'unsafe-inline';frame-ancestors 'self' *.facebook.com;script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://*.radiomd.com http://mootools.net https://ajax.googleapis.com  http: https: 1
base-uri 'self' https://*.mailstrom.co; block-all-mixed-content; report-uri /api/csp_reports; default-src 'self' https:; object-src 'none'; child-src 'self' https://*.mailstrom.co https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https://*.mailstrom.co https://www.facebook.com https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://platform.twitter.com; frame-ancestors 'self'; img-src 'self' https: data: blob: https://*.stripe.com; connect-src 'self' https: https://www.google-analytics.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://bam.nr-data.net https://api.stripe.com https://checkout.stripe.com https://syndication.twitter.com; style-src 'self' https://fonts.googleapis.com 'report-sample' https: 'unsafe-inline'; script-src 'report-sample' 'strict-dynamic' 'nonce-HiQgU6G07AgifI92dhZkUg==' 1
default-src 'self'  https://www.google-analytics.com/j/collect https://www.facebook.com/tr/ https://stats.g.doubleclick.net/j/collect; script-src 'self'  https://*.rietumu.lv  https://*.rietumu.com https://*.rietumu.ru https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net  https://www.google.com/ads/ https://www.google.lv/ads/ data:; frame-src https://*.rietumu.lv https://*.rietumu.com https://*.rietumu.ru https://www.google.com  https://www.facebook.com https://www.youtube.com; object-src 'none'; 1
default-src 'self' https://fortress.maptive.com/ https://cdn.cookielaw.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.hotjar.com script.hotjar.com analytics.tiktok.com snap.licdn.com https://polyfill.io https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.cookielaw.org/scripttemplates/6.19.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js https://cdn.cookielaw.org/consent/4ae6a2de-7f99-47f8-bde0-03b6fac94b85/OtAutoBlock.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' ad.doubleclick.net px.ads.linkedin.com https://10720677.fls.doubleclick.net cdn.cookielaw.org https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg https://i.ytimg.com https://cdn.cookielaw.org/logos/d1e899ee-f1c8-4d74-a555-22970b351acf/053e5c42-be5d-4b92-b97c-d799ef307147/62e7ab5e-e431-41c3-96f3-4544e74888fc/esb-logo.png *.gstatic.com *.googleapis.com *.google-analytics.com img.youtube.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' data: blob:; child-src 'self' https://td.doubleclick.net/ https://pay.elavonpaymentgateway.com/ http://ps3sc-wcg.cld1.tld.int:8080 https://10720677.fls.doubleclick.net http://10720677.fls.doubleclick.net https://www.google.com/ https://platform.twitter.com/ https://hpp.sandbox.elavonpaymentgateway.com/ https://fortress.maptive.com/ https://fortress.maptive.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' analytics.tiktok.com px.ads.linkedin.com wss://ws.hotjar.com/api/v2/client/ws *.hotjar.io in.hotjar.com *.google-analytics.com *.analytics.google.com https://*.insight.sitefinity.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.19.0/assets/otFlat.json https://cdn.cookielaw.org/scripttemplates/6.19.0/assets/v2/otPcTab.json https://www.google-analytics.com https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://cdn.cookielaw.org/scripttemplates/6.7.0/assets/otFlat.json https://cdn.cookielaw.org/scripttemplates/6.7.0/assets/v2/otPcTab.json https://cdn.cookielaw.org/consent/4ae6a2de-7f99-47f8-bde0-03b6fac94b85/4ae6a2de-7f99-47f8-bde0-03b6fac94b85.json https://cdn.cookielaw.org/consent/4ae6a2de-7f99-47f8-bde0-03b6fac94b85/7391d33b-5a52-445b-81ad-710175fea8e9/en.json https://*.dec.sitefinity.com *.mktoresp.com; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://supergarant-api-flexfunnel.azurewebsites.net https://supergarant-api-test-flexfunnel.azurewebsites.net https://dc.services.visualstudio.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com https://*.doubleclick.net https://cdn.linkedin.oribi.io https://connect.facebook.net https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://supergarant-api-flexfunnel.azurewebsites.net https://supergarant-api-test-flexfunnel.azurewebsites.net data:; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://directdoorgaan.nl https://webmodules.voogd.com https://www.mp4all.nl https://www.google.com https://app.webinargeek.com https://vars.hotjar.com https://*.crazyegg.com https://movir-aov-exon-staging.smartplatforms.io https://movir-aov-exon.smartplatforms.io https://formulieren.supergarant.nl https://www.lease-a-bike.nl; img-src 'self' https://www.google-analytics.com https://*.ytimg.com https://*.vimeocdn.com https://www.googletagmanager.com https://www.google.com https://www.google.nl https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com https://*.crazyegg.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://supergarant-api-flexfunnel.azurewebsites.net https://supergarant-api-test-flexfunnel.azurewebsites.net https://formulieren.supergarant.nl https://code.jquery.com https://*.msecnd.net https://www.google.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.crazyegg.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://connect.facebook.net https://cdn.jsdelivr.net https://script.crazyegg.com https://unpkg.com snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://supergarant-api-flexfunnel.azurewebsites.net https://supergarant-api-test-flexfunnel.azurewebsites.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.typekit.net; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://www.zzp-nederland.nl/report-uri/enforce; block-all-mixed-content 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com apps.ticketmatic.com cdn.guestplan.com etender-connect.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net *.amazonaws.com verkadefabriek.us8.list-manage.com *.medialoc.eu *.firebasedatabase.app *.ticketengine.nl *.jsdelivr.net *.mailplus.nl  static.verkadefabriek.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com  *.mailchimp.com *.medialoc.eu *.ticketengine.nl static.verkadefabriek.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.verkadefabriek.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com gstpln-cdn-img-prod.azureedge.net googleads.g.doubleclick.net www.facebook.com www.google.nl *.verkadefabriek.nl www.googletagmanager.com *.ytimg.com static.verkadefabriek.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com youtu.be www.youtube.com *.podcastfeed.nl *.firebasedatabase.app *.b-cdn.net *.podcastfeed.eu static.verkadefabriek.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com youtu.be www.youtube.com *.podcastfeed.nl *.firebasedatabase.app *.b-cdn.net *.podcastfeed.eu static.verkadefabriek.nl; media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net blob: 'self' static.verkadefabriek.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com apps.ticketmatic.com etender-connect.com stats.g.doubleclick.net *.medialoc.eu *.run.app wss://*.europe-west1.firebasedatabase.app *.b-cdn.net *.bitmovin.com blob: data: static.verkadefabriek.nl; object-src 'self' *.youtube.com *.vimeo.com  static.verkadefabriek.nl; form-action 'self' *.mailplus.nl; worker-src 'self' static.verkadefabriek.nl; manifest-src 'self' static.verkadefabriek.nl; prefetch-src 'self' static.verkadefabriek.nl; frame-ancestors localhost:*;  1
default-src 'self'; frame-ancestors *.kettlewellcolours.co.uk; connect-src * blob:; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' http://www.sunsilk.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors eu-market.ru www.eu-market.ru webvisor.com metrika.yandex.ru metrica.yandex.com metrica.yandex.com.tr 1
child-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com https://film.atp.dk https://vds.issgovernance.com https://app.fleximap.dk/ https://api.cludo.com/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' consent.cookiebot.com consentcdn.cookiebot.com dk1.siteimprove.com siteimproveanalytics.com dmcqaqmkk1tj3.cloudfront.net customer.cludo.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' consent.cookiebot.com consentcdn.cookiebot.com dk1.siteimprove.com siteimproveanalytics.com dmcqaqmkk1tj3.cloudfront.net customer.cludo.com; style-src 'self' 'unsafe-inline' customer.cludo.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.atp.dk/report-uri/enforce 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://s.ytimg.com *.twimg.com platform.linkedin.com *.google.com *.google-analytics.com *.googletagmanager.com https://www.youtube.com/iframe_api syndication.twitter.com/ publish.twitter.com platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com acsbapp.com cdn.acsbapp.com *.antigena.com https://www.youtube.com/ 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com platform.twitter.com/css/ *.twimg.com *.google.com https://dec.azureedge.net 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google.com *.google-analytics.com *.facebook.com syndication.twitter.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com acsbapp.com cdn.acsbapp.com *.cleco.com https://i.ytimg.com/ https://www.googletagmanager.com/ 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: acsbapp.com cdn.acsbapp.com; frame-src https://www.google.com/ https://www.youtube.com 'self' web-chat.nativechat.com; connect-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net https://*.dec.sitefinity.com *.mktoresp.com acsbapp.com cdn.acsbapp.com *.antigena.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com *.facebook.com *.google.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' http://www.philips.com.my *.philips.com *.philips.com.my https://philipsigtdpv.com 1
frame-ancestors www.sjpl.org *.www.sjpl.org sjpl.org *.sjpl.org sjpl.bibliocms.com *.sjpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.sjpl.org *.www.sjpl.org sjpl.org *.sjpl.org sjpl.bibliocms.com *.sjpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-src https://tdameritradenetwork.com www.google.com s7.addthis.com *.tdameritrade.com https://www.tdameritrade.com tdameritrade.demdex.net *.tdameritrade.demdex.net 'self'; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://webstatic.tazz.ro https://tapi.tazz.ro https://geo-coding.tazz.ro https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com *.google-analytics.com analytics.google.com *.analytics.google.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.googleapis.com https://*.force.com https://*.salesforce-sites.com https://analytics.tiktok.com https://adservice.google.com https://www.google.ro https://event.2performant.com https://*.emag.ro https://genius-emagst.akamaized.net https://s13emagst.akamaized.net https://*.creativecdn.com; font-src https://webstatic.tazz.ro https://script.hotjar.com https://c1.sfdcstatic.com https://*.gstatic.com data:; form-action 'self' https://*.emag.ro https://*.salesforce.com https://auth.emag.ro https://www.facebook.com https://accounts.google.com https://appleid.apple.com; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://tpc.googlesyndication.com https://vars.hotjar.com https://service.force.com https://*.salesforce.com bytedance: sslocal: https://event.2performant.com https://www.google.com; img-src 'self' https: data:; manifest-src 'self'; media-src https:; script-src 'self' https://webstatic.tazz.ro https://connect.facebook.net 'unsafe-eval' https://script.hotjar.com https://static.hotjar.com https://www.gstatic.com https://gstatic.com https://*.googleapis.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://analytics.tiktok.com https://www.googleadservices.com https://attr-2p.com https://www.google.com https://*.emag.ro https://genius-emagst.akamaized.net https://s13emagst.akamaized.net https://*.creativecdn.com 'unsafe-inline' 'nonce-KnTqS9bf49dJgDw3O/IfNg=='; style-src https://webstatic.tazz.ro 'unsafe-inline' https://*.force.com https://*.salesforce-sites.com https://*.emag.ro https://genius-emagst.akamaized.net https://s13emagst.akamaized.net https://*.googleapis.com; report-uri /report/csp 1
default-src 'self' https://themes.googleusercontent.com https://cdn.cookielaw.org https://cl.avis-verifies.com https://bat.bing.com https://www.google.fr https://www.google.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.linkedin.com https://static.addtoany.com https://stats.g.doubleclick.net https://antargaz.sirap.fr https://iframe.primesenergie.fr https://emea-antargaz.netmng.com https://api-gateway.app.smart-tribune.com https://www.facebook.com https://www.youtube.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://cdnjs.cloudflare.com https://assets.app.smart-tribune.com https://www.clarity.ms https://*.clarity.ms https://apilayer.net https://www.antargaz.fr https://w.soundcloud.com https://fonts.gstatic.com https://tpc.googlesyndication.com https://static3.avast.com https://adservice.google.com https://player.vimeo.com https://public.tableau.com https://live.visarity.com/campaigns/v3ad-3218-ab04-bd36-cbd57/index.html https://live.primoadserver.com/; img-src 'self' data: https://cl.avis-verifies.com https://www.google.fr https://www.google.com https://bat.bing.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.linkedin.com https://cdn.cookielaw.org https://www.facebook.com https://logs1412.xiti.com https://cf.ignitionone.com https://www.googletagmanager.com https://assets.app.smart-tribune.com https://i.ytimg.com https://c.clarity.ms https://c.bing.com https://www.google.ci https://googleads.g.doubleclick.net https://www.google.co.uk https://www.gstatic.com https://uploads.app.smart-tribune.com https://public.tableau.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://emea-antargaz.netmng.com https://tag.aticdn.net https://www.googletagmanager.com https://www.linkedin.com https://cdn.cookielaw.org https://cl.avis-verifies.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.smart-tribune.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com https://www.gstatic.com https://cf.ignitionone.com https://assets.app.smart-tribune.com https://www.googleadservices.com https://www.youtube.com https://geolocation.onetrust.com https://tpc.googlesyndication.com https://*.clarity.ms https://public.tableau.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://localhost:9000 https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://assets.app.smart-tribune.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://localhost:9000; frame-ancestors 'self'; report-uri https://www.antargaz.fr/report-uri/enforce 1
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://cdn.ponybooru.org https://camocdn.ponybooru.org; media-src 'self' data: https://cdn.ponybooru.org https://camocdn.ponybooru.org; block-all-mixed-content 1
default-src 'self' https://plausible.io; script-src 'self' https://plausible.io; img-src 'self' https://plausible.io; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.studyclix.ie *.hsforms.net *.hsforms.com https://www.facebook.com https://connect.facebook.net https://*.oppwa.com https://*.redditstatic.com https://testimonial.to https://*.testimonial.to https://www.tiktok.com https://www.instagram.com https://*.tiktok.com https://*.instagram.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://js.stripe.com https://www.paypal.com https://js.intercomcdn.com https://widget.trustpilot.com https://*.intercom.io https://*.intercomcdn.com https://player.vimeo.com https://youtube.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.studyclix.ie https://*.oppwa.com unsafe-inline https://*.hotjar.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com ; font-src 'self' data: https://*.oppwa.com https://*.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.intercomcdn.com ; img-src 'self' data: blob: 'unsafe-inline' https://*.studyclix.ie data: *.hsforms.net *.hsforms.com https://*.oppwa.com https://*.reddit.com https: https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://blob-static.studyclix.ie/ ; media-src 'self' blob: https://blob-static.studyclix.ie/ https://*.intercomcdn.com https://quizadmin.studyclix.ie ; connect-src 'self' https://*.studyclix.ie https://evnt.byspotify.com *.hsforms.com https://*.oppwa.com https://*.reddit.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.paypal.com https://cms-static.studyclix.ie https://cms.studyclix.ie https://blob-static.studyclix.ie/ https://sr-messaging-ie-live.service.signalr.net wss://sr-messaging-ie-live.service.signalr.net https://bff.studyclix.ie https://uploads.intercomusercontent.com https://*.intercom.io https://*.intercomcdn.eu https://*.intercomcdn.com wss://*.intercom.io https://www.google-analytics.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net ; frame-src https://*.studyclix.ie *.hsforms.net *.hsforms.com https://www.facebook.com https://*.oppwa.com https://testimonial.to https://*.testimonial.to https://*.spotify.com https://www.tiktok.com https://www.instagram.com https://js.stripe.com https://www.paypal.com https://widget.trustpilot.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://blob-static.studyclix.ie/ ; frame-ancestors 'self' https://*.studyclix.ie 1
default-src 'self';script-src 'self' 'nonce-CU0WdsCgjbvh59EomF2bW+yD' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.msecnd.net https://*.cloudflareinsights.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.bing.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://*.dacast.com https://www.facebook.com https://connect.facebook.net https://*.clarity.ms;object-src 'self' https://*.livechatinc.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.livechatinc.com https://*.googletagmanager.com;img-src 'self' https://blog.ukrainebridesagency.com https://img.simplydating.com https://*.vzaar.com https://*.dacast.com https://*.gstatic.com https://*.ytimg.com data: https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://simplydating.blob.core.windows.net https://*.clarity.ms https://www.facebook.com https://*.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;media-src 'self' blob: data: https://*.vzaar.com https://*.dacast.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://simplydating.blob.core.windows.net;frame-src 'self' https://*.youtube.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://*.vzaar.com https://*.dacast.com https://www.facebook https://*.livechatinc.com;font-src 'self' https://*.gstatic.com https://*.livechatinc.com;connect-src 'self' https://chat.ukrainebridesagency.com https://*.signalr.net wss://*.signalr.net https://*.visualstudio.com https://*.bing.com https://google.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://*.clarity.ms https://*.sentry.io https://img.simplydating.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;child-src 'self' https://*.livechatinc.com;frame-ancestors 'self' 1
default-src * data: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: 'unsafe-inline'; frame-src * data: ; style-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com *.google.com *.gstatic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com; style-src 'self' blob: 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.carfaxforpolice.com *.carfax.io *.crashdocs.org https://bam.nr-data.net https://bam-cell.nr-data.net *.s3.amazonaws.com; frame-src 'self' *.carfaxforpolice.com carfaxforpolice.com *.google.com *.crashdocs.org *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com chasepaymentechhostedpay-var.com chasepaymentechhostedpay.com; img-src 'self' data: *.carfax.com *.s3.amazonaws.com blob:; object-src 'self' blob: *.carfaxforpolice.com; frame-ancestors 'self' *.carfaxforpolice.com carfaxforpolice.com *.crashdocs.org *.carfax.com *.carfax.io 1
img-src 'self' data: https://bau.edu.bd https://*.bau.edu.bd; 1
default-src 'self' *.cbg.outsite.app; style-src 'self' 'unsafe-inline' *.cbg.nl fonts.googleapis.com; connect-src 'self' releases.wagtail.org *.wiewaswie.nl stamboomnederland.nl *.stamboomnederland.nl webservices.picturae.com *.google-analytics.com *.googletagmanager.com; font-src 'self' data: *.cbg.nl; frame-src 'self' *.cbg.nl *.cbg.outsite.app; script-src 'self' 'unsafe-inline' *.cbg.nl webservices.picturae.com *.wiewaswie.nl stamboomnederland.nl *.stamboomnederland.nl *.google-analytics.com *.googletagmanager.com; frame-ancestors 'self' *.cbg.nl *.cbg.outsite.app; img-src 'self' data: *.cbg.nl *.cbg.outsite.app images.memorix.nl www.gravatar.com *.googletagmanager.com 1
default-src 'self';  img-src 'self' data: https:; frame-src https://*.five9.com https://*.youtube.com/ https://*.doubleclick.net data:; script-src 'self' 'nonce-yHmEIfGQZKGzt3C0qTDZXZdx0AFgRZ3zVW1fk7AiHSA=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://web-sdk-eu.aptrinsic.com https://*.googleapis.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://js.monitor.azure.com; connect-src 'self' https: https://*.googleapis.com https://*.gstatic.com https://*.five9.com data:; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://web-sdk-eu.aptrinsic.com https://app.five9.com https://fonts.googleapis.com 'unsafe-inline'; 1
upgrade-insecure-requests; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.flipaio.de *.seniorenportal.de; object-src 'none'; frame-ancestors 'self' *.abtasty.com *.flipaio.de *.seniorenportal.de 1
default-src 'self' https://l.sharethis.com *.corenetglobal.org *.crazyegg.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://*.googletagmanager.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://www.instagram.com https://assets.adobedtm.com https://www.googletagservices.com https://s.zkcdn.net https://www.snapengage.com http://platform.stumbleupon.com https://*.adroll.com https://securepubads.g.doubleclick.net https://www.rumiview.com https://tags.crwdcntrl.net/ https://engine.multiview.com/ *.wistia.net *.wistia.com *.vimeo.com https://acsbapp.com *.adzerk.net *.crazyegg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.icons8.com https://maxcdn.bootstrapcdn.com *.typekit.net *.crazyegg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.corenetglobal.org http://cloudfront.higherlogic.com https://fast.wistia.com https://www.snapengage.com https://bcp.crwdcntrl.net https://*.adroll.com https://www.rumiview.com https://*.g.doubleclick.net https://x.bidswitch.net https://dsum-sec.casalemedia.com *.wistia.net *.wistia.com *.google.com *.amazonaws.com *.vimeo.com *.acsbapp.com *.cbre.com * web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.icons8.com https://maxcdn.bootstrapcdn.com *.typekit.net *.wistia.net *.wistia.com *.vimeo.com; frame-src 'self' https://widget.tagembed.com https://www.linkedin.com https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://www.youtube.com https://fast.wistia.com https://*.fls.doubleclick.net https://bcp.crwdcntrl.net https://www.facebook.com *.wistia.net *.wistia.com *.vimeo.com https://w.soundcloud.com https://soundcloud.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://l.sharethis.com https://*.g.doubleclick.net https://*.adroll.com *.wistia.net *.wistia.com *.litix.io *.vimeo.com *.acsbapp.com acsbapp.com *.snapengage.com *.crazyegg.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com *.amazonaws.com *.vimeo.com *.snapengage.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
font-src https://fonts.gstatic.com data: https://ws.colissimo.fr *.fontawesome.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://maxcdn.bootstrapcdn.com https://*.iadvize.com https://*.hotjar.com https://*.cloudflare.com https://*.photoslurp.com https://*.doubleclick.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://secure.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost http://appliweb-pp.iglr http://appliweb.iglr punchout-test.wesco.fr https://cegidxrp.croix-rouge.fr https://cegidxrp-eproc.croix-rouge.fr https://cegidxrp-recetteeproc.croix-rouge.fr https://nl.wesco-eshop.be https://vip.wesco.fr https://fr.wesco-eshop.be https://www.wesco-eshop.co.uk https://www.wesco-eshop.ie https://www.wesco-eshop.pt https://www.wesco-eshop.de https://www.wesco-eshop.at https://www.wesco-eshop.nl https://www.wesco-eshop.lu https://www.wesco.fr https://fr.wesco-eshop.ch https://de.wesco-eshop.ch https://punchout.wesco.fr https://www.wesco-eshop.it https://marche.wesco.fr https://preprod-nl.wesco-eshop.be https://preprod-vip.wesco.fr https://preprod-fr.wesco-eshop.be https://preprod.wesco-eshop.co.uk https://preprod.wesco-eshop.ie https://preprod.wesco-eshop.pt https://preprod.wesco-eshop.de https://preprod.wesco-eshop.at https://preprod.wesco-eshop.nl https://preprod.wesco-eshop.lu https://preprod.wesco.fr https://preprod-fr.wesco-eshop.ch https://preprod-de.wesco-eshop.ch https://preprod-punchout.wesco.fr https://preprod.wesco-eshop.it https://preprod-marche.wesco.fr https://*.facebook.com https://*.mouseflow.com https://*.hotjar.com https://babilou.ivalua.app 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://*.facebook.net https://*.iadvize.com 'self'; frame-src bid.g.doubleclick.net https://*.youtube.com/ *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://www.youtube.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost cl.avis-verifies.com https://*.iadvize.com https://*.kazaplan.com https://*.facebook.com https://*.criteo.com https://*.pinterest.com https://*.pinterest.fr https://asset.easydmp.net https://momento360.com/ https://*.mouseflow.com https://*.hotjar.com https://*.doubleclick.net https://*.tradedoubler.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com cdn.doofinder.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://t1-maps.onyourmap.com https://t2-maps.onyourmap.com https://t3-maps.onyourmap.com https://t4-maps.onyourmap.com https://api.mapbox.com https://*.googletagmanager.com https://*.google.com.ua https://*.google.com https://*.google.fr https://*.iadvize.com https://*.kazaplan.com https://*.facebook.com https://bat.bing.com https://*.pinterest.com https://*.hotjar.com https://*.mydialoginsight.com https://*.photoslurp.com https://www.img-static.com https://r.phywi.org https://*.tiktok.com https://*.doubleclick.net https://*.criteo.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://static.target2sell.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost *.google.com www.gstatic.com https://*.googletagmanager.com https://*.doofinder.com https://*.iadvize.com https://*.facebook.net https://*.facebook.com https://*.kazaplan.com https://bat.bing.com https://s.pinimg.com https://cdn.powerspace.com https://*.criteo.net https://*.criteo.com https://*.easydmp.net https://atout.email-match.com https://*.doubleclick.net https://*.taboola.com https://*.pwspace.com https://js-agent.newrelic.com/ https://*.mouseflow.com https://*.hotjar.com https://*.mydialoginsight.com https://*.photoslurp.com https://*.tiktok.com https://*.tradedoubler.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://maxcdn.bootstrapcdn.com https://*.iadvize.com https://*.doofinder.com https://*.googletagmanager.com https://*.hotjar.com https://*.cloudflare.com https://*.photoslurp.com https://*.doubleclick.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost 'self' 'unsafe-inline'; media-src https://*.photoslurp.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.algolia.net https://*.algolia.io *.algolianet.com *.insights.algolia.io *.doofinder.com wss://*.doofinder.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://nominatim.openstreetmap.org t.elasticsuite.io https://reco.target2sell.com https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://ws.colissimo.fr https://serv-api.target2sell.com https://api.target2sell.com https://*.doofinder.com https://*.iadvize.com wss://*.iadvize.com https://*.doubleclick.net https://*.pinterest.com https://*.google.com https://*.mouseflow.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://bat.bing.com https://*.mydialoginsight.com https://*.photoslurp.com https://*.taboola.com https://*.onyourmap.com https://*.mapbox.com https://*.tiktok.com https://*.easydmp.net https://*.tradedoubler.com https://*.criteo.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://static.wesco.fr https://production-static.wesco.fr https://preprod-static.wesco.fr https://wesco-static.docker.localhost https://*.iadvize.com https://*.mouseflow.com https://*.hotjar.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://www.ap-ncr.com www.bfcu.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com google-analytics.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net; font-src 'self' cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.google.com; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
script-src 'self' blob: https://googleads.g.doubleclick.net https://s.pinimg.com/ https://static.ads-twitter.com https://bat.bing.com https://www.redditstatic.com https://www.google-analytics.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://www.google.com https://ajax.googleapis.com https://apply.app.jobvite.com https://bidagent.xad.com https://cdn.jsdelivr.net https://code.jquery.com https://hb.secure.force.com https://hopebridge.my.salesforce-sites.com https://jobs.hopebridge.com https://maps.googleapis.com https://maps.google.com https://my.hellobar.com https://sitestats.ttcportals.com https://tenor.com https://www.googletagmanager.com https://www.instagram.com https://www.tiktok.com; style-src 'self' 'unsafe-inline' https://dhbhdrzi4tiry.cloudfront.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://hopebridge.my.salesforce-sites.com https://hopebridge.com https://p.typekit.net; img-src data: *; 1
frame-ancestors *; upgrade-insecure-requests; default-src *; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' *; style-src 'report-sample' 'unsafe-inline' *; object-src *; frame-src *; child-src blob: *; img-src data: blob: *; font-src data: *; connect-src * about:; manifest-src *; base-uri *; form-action *; media-src *; prefetch-src *; worker-src blob: *; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://functional.cafe; img-src 'self' data: blob: https://functional.cafe; style-src 'self' https://functional.cafe 'nonce-U0WeOEblUKt2uunjEy+wNQ=='; media-src 'self' data: https://functional.cafe; frame-src 'self' https:; manifest-src 'self' https://functional.cafe; form-action 'self'; child-src 'self' blob: https://functional.cafe; worker-src 'self' blob: https://functional.cafe; connect-src 'self' data: blob: https://functional.cafe wss://functional.cafe; script-src 'self' https://functional.cafe 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' static.cloudflareinsights.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: blob: https://media.trace.moe; font-src 'self'; media-src blob: 'self' https://media.trace.moe; worker-src 'self'; form-action 'self'; base-uri 'none'; frame-ancestors 'none'; manifest-src 'self'; block-all-mixed-content; connect-src blob: 'self' https://cloudflareinsights.com https://api.trace.moe https://media.trace.moe https://graphql.anilist.co 1
default-src 'self' *.armatura-paz.ru armatura-paz.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.armatura-paz.ru armatura-paz.ru *.marquiz.ru marquiz.ru https://*.marquiz.ru  *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st https://*.yandex.ru *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com vk.com *.vk.com https://vk.com https://*.vk.com userapi.com ok.ru *.ok.ru akismet.com *.akismet.com; frame-src 'self' *.marquiz.ru marquiz.ru *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st https://*.yandex.ru *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com vk.com *.vk.com https://vk.com https://*.vk.com ok.ru *.ok.ru akismet.com *.akismet.com; object-src 'self' *; img-src 'self' * data:; font-src 'self' * data:; connect-src 'self' *; style-src 'unsafe-inline' 'unsafe-eval' 'self' *;frame-ancestors 'self' *; 1
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' blob: https://api.scrivito.com https://assets.scrivito.com https://evergabe-proxy.bundesimmo.de https://static.bundesimmo.de https://static.bundesimmobilien.de https://analytics.bundesimmobilien.de *.arcgis.com; connect-src 'self' https://api.scrivito.com https://assets.scrivito.com https://api.vimeo.com https://analytics.bundesimmobilien.de https://apis.bundesimmobilien.de https://api.bundesimmobilien.de https://login.bundesimmobilien.de https://apis-staging.bundesimmo.de https://api-staging.bundesimmo.de https://login-staging.bundesimmo.de https://apis-integration.bundesimmo.de https://api-integration.bundesimmo.de https://login-integration.bundesimmo.de https://evergabe-proxy.bundesimmo.de *.arcgis.com; img-src data: 'self' *.scrvt.com *.bundesimmo.de *.bundesimmobilien.de gravatar.com maps.gstatic.com *.googleapis.com *.ggpht.com *.vimeocdn.com *.arcgis.com i0.wp.com i1.wp.com i2.wp.com; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com; object-src 'self' *.arcgis.com 1
img-src * blob: 'self' data: https:; 1
frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none';  1
frame-ancestors 'none'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com *.youtube-nocookie.com dailymotion.com; img-src http: https: data: blob:; worker-src blob:; child-src blob:; connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://translate.yandex.net https://analytics.parisladefense.com https://www.google-analytics.com https://stats.g.doubleclick.net; base-uri 'self'; frame-src * data: blob:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YTA1OWI2YTQ1ODE4NGViMmFhOTA1ZGIwZDBlNDg4Mzg=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' mailto: tel: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.philamlife.com *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' https://*.azurewebsites.net https://payin.payserv.net https://payin.paynamics.net https://*.appserviceenvironment.net *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: *.google.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data:; media-src 'self' data: blob: *.google.com *.aia.com *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://*.aia.com.ph; 1
'self' https://apis.google.com  https://fonts.googleapis.com/; base-uri 'self'; 1
font-src https://cdn.checkout.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com cdn.honey.io data: *.amazonaws.com *.avast.com *.cloudfront.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.247blinds.co.uk *.247curtains.co.uk *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com https://js.checkout.com *.klarna.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.criteo.com 247blinds-gb.attn.tv creatives.attn.tv *.afterpay.com *.clearpay.co.uk *.pinterest.com *.smooch.io tpc.googlesyndication.com widget.trustpilot.com www.youtube.com www.facebook.com *.typeform.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net events.attentivemobile.com *.roeye.com *.webtrends-optimize.com *.zdusercontent.com *.smooch.io *.zdassets.com *.zendesk.com *.google-analytics.com *.analytics.google.com widget.trustpilot.com *.clarity.ms *.pinterest.com *.twitter.com *.gstatic.com *.googlesyndication.com *.google.co.ls *.google.co.nz *.google.co.za *.google.co.in *.google.com.et *.google.com.cy *.google.com.my *.google.com.ec *.google.com.au *.google.com.mt *.google.com.gi *.google.com.ua *.google.com.pk *.google.com.ph *.google.com.ng *.google.bg *.google.cf *.google.be *.google.it *.google.is *.google.lk *.google.ch *.google.ca *.google.rs *.google.kz *.google.no *.google.hu *.google.ms *.google.ae *.google.at *.google.bj *.google.ro *.google.gr *.google.nl *.google.pl *.google.fr *.google.za *.google.es *.google.de *.google.im *.google.ie *.google.pt *.google.je *.google.gg *.googletagmanager.com *.247blinds.co.uk *.247curtains.co.uk 123456.privacysandbox.googleadservices.com *.googleadservices.com *.awin1.com googleads.g.doubleclick.net www.google.com www.google.co.uk px.ads.linkedin.com *.atdmt.com *.bing.com connect.facebook.net www.facebook.com t.co *.adalyser.com *.cloudflare.com *.klarna.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com polyfill.io *.attn.tv events.attentivemobile.com https://cdn.checkout.com *.klarnacdn.net https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.criteo.com cdn.attn.tv *.roeyecdn.com *.webtrends-optimize.com *.pinimg.com *.smooch.io *.zdassets.com *.noibu.com *.adalyser.com *.jsdelivr.net *.jquery.com *.bootstrapcdn.com *.clarity.ms *.algolia.net *.algolianet.com *.google.co.uk *.google.com data: tpc.googlesyndication.com *.dwin1.com *.awin1.com *.msn.com api.craftyclicks.co.uk *.googleoptimize.com *.oribi.io tgtag.io cdn.salesfire.co.uk live.smartmetrics.co.uk *.amazonaws.com *.twitter.com *.cloudfront.net *.ads-twitter.com *.facebook.net bat.bing.com *.trustpilot.com api.userlike.com *.typeform.com *.youtube.com *.cloudflare.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com https://cdn.checkout.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://*.googleapis.com *.typekit.net *.webtrends-optimize.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.typeform.com cdn.checkout.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.attn.tv events.attentivemobile.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://js.checkout.com *.klarnaevt.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.criteo.com *.google.co.uk 247blinds-gb.attn.tv *.googlesyndication.com *.webtrends-optimize.com www.wepowerconnections.com *.clearpay.co.uk *.pinterest.com *.salesfire.co.uk *.azure.com wss://api.smooch.io *.smooch.io *.zendesk.com *.zdassets.com *.google-analytics.com *.analytics.google.com https://input.noibu.com wss://input.noibu.com *.clarity.ms adservice.google.com www.google.com www.bing.com bat.bing.com www.facebook.com widget.trustpilot.com live.smartmetrics.co.uk stats.g.doubleclick.net api.trafficguard.ai *.hotjar.io *.uksouth.logic.azure.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp.php; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self' http://tr.outbrain.com https://tr.outbrain.com https://payments-web-sandbox.paymaya.com https://analytics.tiktok.com https://platform-lookaside.fbsbx.com https://adservice.google.com https://mynimo.com https://lxdev.mynimo.com https://analytics.google.com https://tr.outbrain.com https://lxstg.mynimo.com  https://www.google.com/ https://www.facebook.com https://www.youtube-nocookie.com http://www.youtube.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://laracraft-e3ni.mynimo.com https://www.google-analytics.com https://stats.g.doubleclick.net/ *.gstatic.com https://api.hubapi.com https://secure.2checkout.com https://rsms.me; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://challenges.cloudflare.com https://www.recaptcha.net https://analytics.tiktok.com/ https://ajax.cloudflare.com https://platform.linkedin.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://secure.2checkout.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.com.ph https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://connect.facebook.net http://js.hs-scripts.com http://*.outbrain.com lxdev.mynimo.com https://rsms.me https://www.google-analytics.com *.googletagmanager.com *.googletagservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com lxdev.mynimo.com https://rsms.me; font-src 'self' *.gstatic.com https://rsms.me; frame-src http://console.googletagservices.com/ https://console.googletagservices.com https://www.googleadservices.com https://securepubads.g.doubleclick.net https://challenges.cloudflare.com https://www.recaptcha.net https://mozbar.moz.com/ https://*.moz.com/ https://drive.google.com https://*.safeframe.googlesyndication.com http://www.oculu.com/ https://player.vimeo.com http://www.youtube.com/ https://www.youtube.com/ https://www.google.com/ https://www.facebook.com/ https://secure.2checkout.com https://www.youtube-nocookie.com https://tpc.googlesyndication.com http://docs.google.com; img-src 'self' http://tr.outbrain.com https://tr.outbrain.com http://pagead2.googlesyndication.com https://secure.avangate.com https://securepubads.g.doubleclick.net https://laracraft-e3ni.mynimo.com https://*.mynimo.com/ https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.google.com.ph http://www.google.com https://*.googlesyndication.com https://track.hubspot.com https://*.facebook.com http://*.googletagmanager.com data: blob:; 1
frame-ancestors 'self' https://www.minterellison.com ; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *.wpengine.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://*.socialintents.com https://*.marketo.com; frame-ancestors 'self' https://*.cleanpower.com https://*.solaranywhere.com https://*.wpengine.com; 1
font-src *.klarnacdn.net *.fontawesome.com *.mut.de *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net *.twimg.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.mut.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://www.googletagmanager.com/ *.cloudflare.com *.mut.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sovendus-benefits.com/ *.sovendus-connect.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.mut.de *.cloudflare.net *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googleadservices.com *.twimg.com *.ytimg.com *.usercentrics.eu *.bing.com *.google.com *.google.com.vn *.google.com.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.mut.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com *.usercentrics.eu *.fontawesome.com *.bing.com *.googlesyndication.com *.sovendus.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.mut.de cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.twimg.com *.typekit.net *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.mut.de *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.twimg.com *.usercentrics.eu www.google.com googleads.g.doubleclick.net *.googlesyndication.com *.sovendus.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mut.de/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.adform.net *.fbcdn.net oc-cdn-public-eur.azureedge.net *.addthis.com *.twitter.com *.presspage.com *.timify.com *.brocacef.nl *.jquery.com *.facebook.net *.cookiebot.com *.mopinion.com developers.google.com *.liveperson.net *.lpsnmedia.net *.liveperson.net *.googleapis.com *.hotjar.com *.google-analytics.com *.hotjar.com *.googleoptimize.com *.googletagmanager.com brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net snap.licdn.com www.youtube.com; style-src 'self' 'unsafe-inline' *.mopinion.com oc-cdn-public-eur.azureedge.net *.presspage.com *.brocacef.nl *.googleapis.com brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net hello.myfonts.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.cookiebot.com ws.hotjar.com *.benu.nl *.omnichannelengagementhub.com *.timify.com *.addthis.com *.presspage.com *.brocacef.nl *.mopinion.com *.hotjar.com *.hotjar.io *.googleapis.com *.google-analytics.com *.doubleclick.net *.google-analytics.com *.liveperson.net; font-src 'self' *.mopinion.com *.presspage.com *.azureedge.net data: *.brocacef.nl https://fonts.gstatic.com; frame-src 'self' *.cookiebot.com *.doubleclick.net 13130251.fls.doubleclick.net oc-cdn-public-eur.azureedge.net *.liveperson.net *.twitter.com *.addthis.com *.lpsnmedia.net *.hotjar.com https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com *.presspage.com *.timify.com; img-src 'self' data: brocacef-acc-cdn.azureedge.net *.benushop.nl *.doubleclick.net www.benu-test-b.web44.shoptrader.com *.ytimg.com *.presspage.com *.mopinion.com brocacef-test-cdn.azureedge.net *.brocacef.nl *.lpsnmedia.net *.googleapis.com *.gstatic.com *.facebook.com *.google-analytics.com brocacef.emply.net content.presspage.com presspage-production-content.s3.amazonaws.com px.ads.linkedin.com; manifest-src 'self'; media-src 'self' *.lpsnmedia.net brocacef-acc-cdn.azureedge.net brocacef-test-cdn.azureedge.net *.brocacef.nl https://www.youtube.com *.presspage.com; worker-src 'none'; 1
default-src 'self'; script-src 'self' *.youtube.com *.googleapis.com *.googletagmanager.com 'nonce-UOMUQjC5M7oKToqiUTk4YamLd346cBUX'; media-src 'self' *.googleapis.com; connect-src 'self' *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com; frame-src *.google.com *.youtube.com *.culturalspot.org *.appspot.com; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; script-src-elem 'self' *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.googleapis.com *.googletagmanager.com 'nonce-UOMUQjC5M7oKToqiUTk4YamLd346cBUX'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: *.googleapis.com *.ytimg.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://my.yoast.com/ http://2.gravatar.com/ https://secure.gravatar.com/ https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ http://player.podigee-cdn.net/ https://images.podigee-cdn.net/ https://www.youtube.com http://htgfzukunftsready.podigee.io/ https://doo.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://cdn-images.mailchimp.com/ https://s3.amazonaws.com/ https://ps.w.org/ https://ninjaforms.com/ https://polylang.pro https://www.joomunited.com/ https://s.w.org/  https://www.google-analytics.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net https://high-tech-gruenderfonds.us15.list-manage.com https://mktdplp102cdn.azureedge.net/ https://www.htgf.de/; frame-src data: https://023d7d2e18c445ce9f2da52644fb67b0.svc.dynamics.com/ https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ http://player.podigee-cdn.net/ https://images.podigee-cdn.net/ https://www.youtube.com http://htgfzukunftsready.podigee.io/ https://doo.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://cdn-images.mailchimp.com/ https://www.htgf.de/; 1
frame-ancestors 'self' https://infoboard.rsue.ru 1
frame-ancestors self http://localhost https://op.homepartners.com 1
script-src 'self' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.onesignal.com https://maps.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://static.dialogflow.com https://onesignal.com https://www.clarity.ms https://www.google-analytics.com https://connect.facebook.net 1
frame-ancestors 'self' https://www.google.com https://code-ya.jivosite.com https://bid.g.doubleclick.net https://yandex.ru; 1
default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals 1
script-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https:; manifest-src 'self' https:; font-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https:; img-src 'self' https: data: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https:; object-src 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https:; worker-src 'self' https:; base-uri 'self' https:; 1
frame-ancestors https://cors-test.codehappy.dev http://cms.y12fcu.org https://staging-cms.y12fcu.org https://psa.digitalinsight.com https://digital.y12fcu.org https://staging.y12fcu.org https://www.cusgcms.com http://y12fcu.org https://uat-internetloanapplication.cudl.com https://internetloanapplication.cudl.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://literatur.social; img-src 'self' https: data: blob: https://literatur.social; style-src 'self' https://literatur.social 'nonce-xhfyBRdIhov6EihsA/kw+A=='; media-src 'self' https: data: https://literatur.social; frame-src 'self' https:; manifest-src 'self' https://literatur.social; form-action 'self'; child-src 'self' blob: https://literatur.social; worker-src 'self' blob: https://literatur.social; connect-src 'self' data: blob: https://literatur.social https://literatur.social wss://literatur.social; script-src 'self' https://literatur.social 'wasm-unsafe-eval' 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.hempine.co.uk 1
default-src 'self'; object-src 'self' data: https://evul.ee; connect-src 'self' data: https://scorestorybook.ee *.ssb.ee *.unsplash.com *.pexels.com *.google-analytics.com https://vc.hotjar.io:* wss://internal.ssb.ee:8074 https://in.hotjar.com/api/v2/client/sites/1684639/visit-data https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/j/collect wss://ssb.ee:8076 wss://ssb.ee:8077 wss://scorestorybook.ee:8076 wss://scorestorybook.ee:8077 https://maps.googleapis.com; font-src 'self' data: https://scorestorybook.ee https://ssb.ee https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://web.facebook.com https://evul.ee https://www.facebook.com https://www.instagram.com https://www.tiktok.com https://www.youtube.com https://static.addtoany.com https://vars.hotjar.com https://www.google.com; img-src 'self' * *.ee blob: data: https://secure.gravatar.com/avatar/ https://i.ytimg.com https://scorestorybook.ee https://img.youtube.com https://images.unsplash.com https://googleads.g.doubleclick.net https://static.ssb.ee https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.ee *.accountex.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pistik.ssb.ee https://scorestorybook.ee https://ssb.ee https://static.addtoany.com https://www.gstatic.com *.ttwstatic.com *.tiktok.com *.facebook.net *.googleapis.com *.googleadservices.com *.google.ee *.lfeeder.com https://*.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://*.gstatic.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://cdnjs.cloudflare.com/ajax/libs/jqcloud/1.0.4/jqcloud-1.0.4.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/749588238881287 https://static.addtoany.com/menu/page.js https://static.hotjar.com/c/hotjar-1684639.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/1p-conversion/692627918/ https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/6pQzWaE1NP-gB4FrqRViKjM-/recaptcha__en.js https://www.youtube.com/player_api https://*.youtube.com; style-src 'self' 'unsafe-inline' https://scorestorybook.ee *.scorestorybook.ee *.ssb.ee *.gstatic.com *.ttwstatic.com *.twitter.com https://fonts.googleapis.com/ https://use.fontawesome.com/releases/v5.7.2/css/; frame-ancestors 'self' *.ee http://suureparasedsuupisted.ee/ https://suureparasedsuupisted.ee/ *.com *.eu *.net *.org; base-uri 'self'; form-action 'self' https://*.maksekeskus.ee https://kreedix.ee https://group.kreedix.ee https://facebook.com https://www.facebook.com/tr/; report-uri https://62557e0a851a6e55b76236d0.endpoint.csper.io/?v=3; 1
default-src * blob: data:; object-src 'none'; base-uri 'self'; script-src 'nonce-82d2ee21-6721-4c10-ac6e-08ccc7c53e5a' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https: http:; style-src https: http: 'unsafe-inline'; report-uri https://analytics.quizizz.com/csp-violations?render_time=1705978242166&render_path=/join 1
script-src 'self' 'unsafe-eval' 'nonce-uk2Cdc3F1Hhg9ANpO+IbUg==' http: https: https://magento.loverte.com/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' https: 'unsafe-inline' https://magento.loverte.com/; img-src data: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com widget.dixa.io; frame-src *.facebook.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com app.certainly.io 1
default-src 'none'; media-src *; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com https://eu.cookie-script.com https://*.fontawesome.com; img-src * data:; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://onesignal.com https://www.solodev.com/core/fileparse.php/131/urlt/infinite-slider.css ; script-src 'self' 'unsafe-eval' 'nonce-bd4a81d92f026f3569d5022f59175e63bf9c5cbd5815cd15b0621d772a52d610' 'unsafe-hashes' 'sha256-vEbFguXPuduhuEg0nH1ioMjRS2VfvnciquaA5LRVwk8=' 'sha256-FOxJ98ytn8FsH7Zj5qeCmmVZ7ZM8VNk05kUiNZYKjQU=' 'sha256-Z0iPuOEoAvH/Jlv4hbF1954Mf6KiQB7KkbqfduObf9E=' 'sha256-DxjnIH7qGpybYH/yFY1JEzoiQD2Yu+8xuKhEOaL56KY=' https://www.googletagmanager.com https://accounts.google.com https://cdn.onesignal.com https://onesignal.com https://eu.cookie-script.com https://connect.facebook.net https://ajax.googleapis.com https://*.cookie-script.com; frame-src *; connect-src 'self' https://*.pushfar.com https://consent.cookie-script.com https://*.fontawesome.com https://maps.googleapis.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://onesignal.com; object-src 'self' 1
default-src 'self' https://evvomedia.pc-s.cdn.bitgravity.com/ https://*.wogaa.sg https://eservice.nlb.gov.sg https://eresources.nlb.gov.sg/ https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://app.vouch.sg/ https://app.vouchconcierge.com/ https://widget.nlb-prod.ubisend.io/ ; script-src 'unsafe-inline' blob: https://cdn.jsdelivr.net/ https://*.wogaa.sg http://mplayer.nlb.gov.sg/ https://code.jquery.com/ https://eservice.nlb.gov.sg https://www.google-analytics.com https://ssl.p.jwpcdn.com https://stackpath.bootstrapcdn.com https://*.nlb.gov.sg/ https://mplayer.nlb.gov.sg/ https://widget.vouch.sg/ https://*.dcube.cloud https://app.vouch.sg https://app.vouchconcierge.com https://assets.adobedtm.com/ https://www.library.gov.sg/ https://*.nas.gov.sg/ https://widget.nlb-prod.ubisend.io/ https://www.googletagmanager.com ; img-src 'self' blob: data: https://www.nlb.gov.sg/ https://s3-ap-southeast-1.amazonaws.com https://eservice.nlb.gov.sg/ https://eresources.nlb.gov.sg/ https://www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://prd.jwpltx.com/ https://ping-meta-prd.jwpltx.com/ https://nlb-prod-pulse-assets.s3.ap-southeast-1.amazonaws.com/ https://s3.eu-west-2.amazonaws.com/ ; connect-src 'self' https://eservice-gcc.nlb.gov.sg/ https://www.nlb.gov.sg/ https://www.library.gov.sg/ https://www.nas.gov.sg/ https://evvomedia.pc-s.cdn.bitgravity.com/ https://*.wogaa.sg https://s3-ap-southeast-1.amazonaws.com https://eresources.nlb.gov.sg/ https://eservice.nlb.gov.sg https://*.dcube.cloud https://dpm.demdex.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://bpr.vouch.sg/ https://bpr.vouchconcierge.com/ https://www.google-analytics.com/ https://o356983.ingest.sentry.io/ https://api.nlb-prod.ubisend.io/ https://bot-server.nlb-prod.ubisend.io/ wss://bot-server.nlb-prod.ubisend.io/ https://www.googletagmanager.com; style-src 'unsafe-inline' https://cdn.jsdelivr.net/ https://assets.wogaa.sg/fonts/ https://widget.vouchconcierge.com https://widget.vouch.sg https://stackpath.bootstrapcdn.com https://eresources.nlb.gov.sg/ https://eservice.nlb.gov.sg https://*.nas.gov.sg/  https://fonts.googleapis.com/ https://assets.dcube.cloud/fonts/ https://app.vouch.sg https://app.vouchconcierge.com https://widget.nlb-prod.ubisend.io/ ; font-src 'self' data: https://assets.wogaa.sg/fonts/ https://widget.vouch.sg https://widget.vouchconcierge.com https://fonts.gstatic.com https://eresources.nlb.gov.sg/ https://eservice.nlb.gov.sg/ https://assets.dcube.cloud/fonts/; media-src 'self' blob: https://eservice-gcc.nlb.gov.sg/ https://www.library.gov.sg/ https://evvomedia.pc-s.cdn.bitgravity.com/ https://eservice.nlb.gov.sg/ https://o356983.ingest.sentry.io/ https://bot-server.nlb-prod.ubisend.io/ https://api.nlb-prod.ubisend.io/ https://bot-server.nlb-prod.ubisend.io/ wss://bot-server.nlb-prod.ubisend.io/;object-src 'none';base-uri 'self'; 1
default-src 'self' www.google.com www.google-analytics.com *.doubleclick.net *.typekit.net *.addthis.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.polyfill.io polyfill.io *.jquery.com *.google.com *.googletagmanager.com www.google-analytics.com *.gstatic.com *.typekit.net *.addthis.com *.moatads.com *.addthisedge.com cdnjs.cloudflare.com *.google.com cdn.jsdelivr.net *.newrelic.com *.nr-data.net; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net www.googletagmanager.com fonts.googleapis.com; img-src 'self' data: *.google.com www.google.co.uk www.google-analytics.com *.gstatic.com *.doubleclick.net our.umbraco.com dashboard.umbraco.com cdn.elsevier.com ars.els-cdn.com *.documentforce.com; media-src 'self'; font-src 'self' *.gstatic.com data: *.typekit.net; frame-src 'self' www.google.com www.youtube.com *.addthis.com; form-action 'self' accounts.google.com; block-all-mixed-content 1
default-src 'self'; base-uri 'self'; script-src 'nonce-0443198edcff92f9472ab212b081dd68' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.at https://tms.parship.at https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'none'; script-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com; frame-src https://checkout.stripe.com; connect-src https://checkout.stripe.com; img-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://www.paypalobjects.com https://q.stripe.com; style-src 'unsafe-inline' 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com 1
default-src  'self'  data:;font-src  'self' data: cdn-vsh.runczech.com api.mapy.cz *.gstatic.com;connect-src  'self' *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.instagram.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com *.google.com *.google.cz *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.adform.net *.seznam.cz *.facebook.net api.instagram.com downloads.mailchimp.com *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com *.cloudfront.net *.activehosted.com *.app-us1.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.runczech.com *.google.com *.google.cz *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.adform.net *.seznam.cz *.facebook.net api.instagram.com downloads.mailchimp.com *.list-manage.com *.highcharts.com api.mapy.cz s3.amazonaws.com *.cloudfront.net *.activehosted.com *.app-us1.com;form-action  'self' *.facebook.com *.facebook.net *.3dsecure.gpwebpay.com 3dsecure.gpwebpay.com *.list-manage.com;frame-src  'self' blob: *.runczech.com *.youtube.com *.google.com www.cognitoforms.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu *.runczechresults.com api.mapy.cz;worker-src  'self' blob: *.runczech.com *.youtube.com *.google.com www.cognitoforms.com www.youtube-nocookie.com *.iplatba.cz *.facebook.com *.facebook.net public.pim.cz e.issuu.com *.gpsguard.eu *.tds-live.com runczech.golibe.com player.vimeo.com *.activetimes.eu activetimes.eu *.runczechresults.com api.mapy.cz;frame-ancestors  'self' *.aktualne.cz aktualne.cz;img-src  'self' data: blob: *.runczech.com *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net cdn-vsh.runczech.com *.facebook.com scontent.cdninstagram.com cdn-images.mailchimp.com *.atdmt.com http://*.staticflickr.com edee.runczech.com http://*.vimeocdn.com *.mapy.cz *.cdninstagram.com *.fbcdn.net  *.google.am *.google.ae *.google.at *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.ch *.google.cl *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hr *.google.hu *.google.ie *.google.ies *.google.iq *.google.it *.google.li *.google.lt *.google.lu *.google.md *.google.mk *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.tn *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.uk *.google.co.uz *.google.co.za *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kw *.google.com.mx *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com cdn-vsh.runczech.com translate.googleapis.com downloads.mailchimp.com public.pim.cz api.mapy.cz;object-src  'self' 1
frame-ancestors 'self' www.woodworkerexpress.com catalog.woodworkerexpress.com www.baersupply.com bt1.baersupply.com; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://www.googletagmanager.com; img-src 'self' data: www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.gstatic.com https://maps.googleapis.com; script-src 'self' https://*.googletagmanager.com https://www.gstatic.com https://*.google.com/ https://*.google.co.uk/ https://maps.googleapis.com https://www.googleadservices.com 'nonce-Op22c67ynqaHKhJR'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://maps.googleapis.com https://www.youtube.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://prezi.com https://w.soundcloud.com https://www.google.com https://drive.google.com https://player.captivate.fm https://www.classmarker.com; form-action 'self' https://www.phoenixs.co.uk/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; manifest-src 'self'; 1
frame-ancestors 'self' https://*.mycarcheck.com https://*.allcardata.com 1
default-src 'self' ;    script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com www.gstatic.com www.googleoptimize.com *.rdstation.com.br *.rdstation.com *.rd.services code.jquery.com cdn.jsdelivr.net cdn.pn.vg polyfill.io cdnjs.cloudflare.com reservas.rioquente.com.br googleads.g.doubleclick.net static.hotjar.com script.hotjar.com cdn.pmweb.com.br www.dataunion.com.br bat.bing.com onboard.triptease.io cdn.asksuite.com platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com secure.lomadee.com mc.yandex.ru event.getblue.io widget.getblue.io targeted-messages.triptease.io static-meta.triptease.io *.costadosauipe.com.br p.relay-t.io script.crazyegg.com *.clarity.ms *.navdmp.com assets.streamshop.com.br;    style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com;    object-src 'none'; base-uri 'self';    connect-src 'self'                                *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com cdn.cookielaw.org stats.g.doubleclick.net in.hotjar.com osp-assets.pn.vg mc.yandex.ru onboard.triptease.io static-meta.triptease.io messages.guest-experience.triptease.io df.pmweb.com.br companies.asksuite.com l.sharethis.com control.asksuite.com *.aviva.com.br www.dataunion.com.br api.triptease.io wss://ws.hotjar.com beapi.omnibees.com p.relay-t.io *.smrk.io *.hotjar.com *.hotjar.io bcp.crwdcntrl.net pagead2.googlesyndication.com script.crazyegg.com *.clarity.ms api.pn.vg;    font-src 'self'                                   fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com script.hotjar.com;    frame-src 'self'                                  *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net onboard.triptease.io event.getblue.io mc.yandex.ru targeted-messages.triptease.io s3.amazonaws.com t.sharethis.com www.youtube.com *.liveshop.com.br *.streamshop.com.br;;    img-src 'self'                                    *.facebook.com *.facebook.net *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net bat.bing.com mc.yandex.ru sync.sharethis.com images.asksuite.com chart.googleapis.com doc-0k-34-docs.googleusercontent.com platform-cdn.sharethis.com drive.google.com widgets.omnibees.com infotravel-media.s3-sa-east-1.amazonaws.com *.clarity.ms *.bing.com files.streamshop.com.br icons.pn.vg *.streamshop.com.br data:;    manifest-src 'self';    media-src 'self';    worker-src 'none'; 1
script-src 'self' https://cdn.segment.com/v1/projects/PiKDtYk0DbBsqt4zmWvRFZcv7JyKYqgQ/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* *.powerbi.com *.powerapps.com blob: consent.cookiebot.com fast.appcues.com js.hs-scripts.com snap.licdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.satismeter.com cdn.segment.com track.segment.com api.segment.io api.segment.com widget.reviews.io widget.trustpilot.com widget.intercom.io cdn.plaid.com js.intercomcdn.com connect.facebook.net *.payrix.com *.doubleclick.net *.kinsta.cloud *.hellosign.com *.withpersona.com consentcdn.cookiebot.com fullstory.com www.fullstory.com rs.fullstory.com edge.fullstory.com 'unsafe-inline' *.cloudfront.net *.youtube.com *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.shipit-climbcredit.com *.cdn.apollographql.com *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.climbcredit.com app.intercom.io;script-src-attr 'unsafe-inline' *.climbcredit.com;style-src 'self' data: https: 'unsafe-inline' *.climbcredit.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src 'self' data: q.quora.com assets.reviews.io *.intercomcdn.com *.intercomassets.com *.visualwebsiteoptimizer.com *.climbcredit.com www.facebook.com www.google.com www.googletagmanager.com www.google-analytics.com *.googleusercontent.com developers.google.com maps.gstatic.com *.linkedin.com *.adsymptotic.com *.kinsta.cloud *.imgur.com *.hellosign.com imgur.com *.gravatar.com *.squarespace-cdn.com *.boxcdn.net *.cdn.apollographql.com https://rs.fullstory.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com blob: uploads.intercomusercontent.com messenger-apps.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com;prefetch-src 'self' cdn.plaid.com *.climbcredit.com cdn.segment.com *.vwo.com;connect-src 'self' cdn.segment.com track.segment.com api.segment.io api.segment.com *.vwo.com https://cdn.segment.com/v1/projects/PiKDtYk0DbBsqt4zmWvRFZcv7JyKYqgQ/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* *.powerbi.com *.powerapps.com *.visualwebsiteoptimizer.com app.vwo.com *.climbcredit.com api.segment.io api.segment.com www.google-analytics.com rs.fullstory.com https://edge.fullstory.com app.satismeter.com api.reviews.co.uk stats.g.doubleclick.net api.reviews.io *.intercom.io *.cloudfront.net *.hellosign.com *.kinsta.cloud *.plaid.com wss://*.intercom.io wss://api.appcues.net *.shipit-climbcredit.com uploads.intercomcdn.com uploads.intercomusercontent.com;frame-src 'self' blob: *.powerbi.com *.powerapps.com consentcdn.cookiebot.com www.youtube.com www.google.com www.facebook.com *.hellosign.com *.withpersona.com *.plaid.com *.payrix.com *.doubleclick.net *.outgrow.us *.google.com *.trustpilot.com *.typeform.com *.climbcredit.com app.vwo.com *.visualwebsiteoptimizer.com https://sandbox.embed.apollographql.com/ https://withpersona.com/ https://intercom-sheets.com https://www.intercom-reporting.com;object-src 'self' *.climbcredit.com;manifest-src *.cdn.apollographql.com *.climbcredit.com *.vwo.com;worker-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';upgrade-insecure-requests 1
frame-ancestors *.reveal11.cloud *.revealdata.com *.nexlp.com *.relativity.one reveal.biaprotect.com; script-src d2yyd1h5u9mauk.cloudfront.net 'unsafe-eval' 'unsafe-inline' 'self' *.reveal11.cloud *.revealdata.com reveal.biaprotect.com ajax.googleapis.com; img-src *.reveal11.cloud *.revealdata.com reveal.biaprotect.com *.s3.amazonaws.com *.s3.us-east-1.amazonaws.com data: 'self'; 1
base-uri 'self';child-src 'self';connect-src 'self' *.azure.com ws://localhost:44336 *.bing.com *.centraalbeheer.nl *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com firebase.googleapis.com *.hotjar.com *.hotjar.io;default-src 'self' *.centraalbeheer.nl *.googleapis.com *.hotjar.io *.hotjar.com  *.google-analytics.com *.googlesyndication.com *.finnik.nl;font-src 'self' *.hotjar.com *.hotjar.io cdnjs.cloudflare.com;form-action 'self' https://www.mollie.com https://t.svtrd.com;frame-ancestors 'self' centraalbeheerkentekencheck.azurewebsites.net;frame-src 'self' *.hotjar.com *.hotjar.io *.svtrd.com *.doubleclick.net *.google.com *.googlesyndication.com;img-src 'self' data: *.r42tag.com *.amazonaws.com *.autozine.nl *.autoscout24.net *.bing.com *.centraalbeheer.nl *.doubleclick.net *.facebook.com *.blob.core.windows.net *.google.nl *.google.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com pictures.vwe.nl *.hotjar.io *.hotjar.com  *.svtrd.com;manifest-src 'self';media-src 'self';object-src 'none';script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.azure.com *.bing.com *.r42tag.com *.centraalbeheer.nl *.contentsquare.net *.finnik.nl *.graindata.com cdnjs.cloudflare.com *.google.nl *.google-analytics.com *.googletagservices.com *.googlesyndication.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.hotjar.io *.hotjar.com *.msecnd.net *.hotjar.com *.doubleclick.net *.facebook.com *.relay42.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://ecosio.com; 1
upgrade-insecure-requests; default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://cdn.cookielaw.org https://*.hannoversche.de https://*.hannoversche.at https://www.google-analytics.com https://bat.bing.com https://cdn.mouseflow.com https://connect.facebook.net https://www.googleadservices.com https://sip1.massresponse.com https://scripts.psyma.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://cdn.exactag.com https://m.exactag.com https://www.google.com https://www.gstatic.com https://t13.intelliad.de https://acdn.adnxs.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://amplify.outbrain.com https://tr.outbrain.com https://*.app.baqend.com https://wave.outbrain.com https://v62mawkckb.kameleoon.eu https://static.kameleoon.com; style-src 'self' 'unsafe-inline' https://*.app.baqend.com; img-src 'self' https://www.google.com https://www.google.de https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://bat.bing.com https://www.facebook.com https://www.hannoversche.de https://*.hannoversche.de https://ib.adnxs.com https://tr.outbrain.com https://*.app.baqend.com https://v62mawkckb.kameleoon.eu https://storage.kameleoon.eu https://static.kameleoon.com data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.app.baqend.com; connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://o2.mouseflow.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cookies-data.onetrust.io https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://*.hannoversche.de https://*.hannoversche.at https://adservice.google.com https://www.google.com https://bat.bing.com https://www.google.de https://www.google-analytics.com https://trc-events.taboola.com https://trc-events.taboola.com https://*.app.baqend.com https://tr.outbrain.com https://v62mawkckb.kameleoon.eu https://data.kameleoon.io  https://na-data.kameleoon.io  https://editor.kameleoon.com https://api.kameleoon.com https://customers.kameleoon.com  https://logger.kameleoon.eu https://static.kameleoon.com; media-src 'self'; frame-src 'self' https://open.spotify.com https://*.hannoversche.de https://tarifrechner-phv.hannoversche.de https://tarifrechner-puv.hannoversche.de https://tarifrechner-hrv.hannoversche.de https://www.facebook.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube.com; frame-ancestors 'none'; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.wistia.com *.onetrust.com *.co *.youtube-nocookie.com *.clarity.ms *.bing.com *.swiftype.com adobedtm.com *.kickfire.com *.rumiview.com *.adobedtm.com *.anchor.fm *.g792337341.co g792337341.co *.typekit.net *.typekit.com *.cloudflare.com *.reedmackay.com *.tone.co.uk *.facebook.net *.facebook.com *.fonts.net a.b0e8.com swiftype-ss.imgix.net embedwistia-a.akamaihd.net *.leadforensics.com s3-eu-west-1.amazonaws.com webeo-web-content.s3-eu-west-1.amazonaws.com secure.gravatar.com embed.typeform.com tone.typeform.com *.moorepay.co.uk cdn.b0e8.com *.bootstrapcdn.com *.okt.to *.swiftypecdn.com *.hotjar.com *.licdn.com *.oktopost.com *.dobleclick.net *.trustpilot.com *.clickcease.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com okt.to *.googleadservices.com googleadservices.com *.google.co.uk google.co.uk *.google.com google.com google.ac google.ad google.ae google.com.af google.com.ag google.com.ai google.al google.am google.co.ao google.com.ar google.as google.at google.com.au google.az google.ba google.com.bd google.be google.bf google.bg google.com.bh google.bi google.bj google.com.bn google.com.bo google.com.br google.bs google.bt google.co.bw google.by google.com.bz google.ca google.com.kh google.cc google.cd google.cf google.cat google.cg google.ch google.ci google.co.ck google.cl google.cm google.cn g.cn google.com.co google.co.cr google.com.cuf google.cv google.com.cy google.cz google.de google.dj google.dk google.dm google.com.do google.dz google.com.ec google.ee google.com.eg google.es google.com.et google.fi google.com.fj google.fm google.fr google.ga google.ge google.gf google.gg google.com.gh google.com.gi google.gl google.gm google.gp google.gr google.com.gt google.gy google.com.hk google.hn google.hr google.ht google.hu google.co.id google.iq google.ie google.co.il google.im google.co.in google.io google.is google.it google.je google.com.jm google.jo google.co.jp google.co.ke google.ki google.kg google.co.kr google.com.kw google.kz google.la google.com.lb google.com.lc google.li google.lk google.co.ls google.lt google.lu google.lv google.com.ly google.co.ma google.md google.me google.mg google.mk google.ml google.com.mm google.mn google.ms google.com.mt google.mu google.mv google.mw google.com.mx google.com.my google.co.mz google.com.na google.ne google.com.nf google.com.ng google.com.ni google.nl google.no google.com.np google.nr google.nu google.co.nz google.com.om google.com.pk google.com.pa google.com.pe google.com.ph google.pl google.com.pg google.pn google.co.pn google.com.pr google.ps google.pt google.com.py google.com.qa google.ro google.rs google.ru google.rw google.com.sa google.com.sb google.sc google.se google.com.sg google.sh google.si google.sk google.com.sl google.sn google.sm google.so google.st google.sr google.com.sv google.td google.tg google.co.th google.com.tj google.tk google.tl google.tm google.to google.tn google.com.tr google.tt google.com.tw google.co.tz google.com.ua google.co.ug google.co.uk google.com google.com.uy google.co.uz google.com.vc google.co.ve google.vg google.co.vi google.com.vn google.vu google.ws google.co.za google.co.zm google.co.zw admob.com adsense.com adwords.com android.com doubleclick.com doubleclick.net *.doubleclick.net igoogle.com foofle.com froogle.com googleanalytics.com google-analytics.com googlecode.com googlearth.com googleearth.com googlemaps.com youtube.com youtu.be yt.be ytimg.com youtube-nocookie.com *.youtube.com *.youtu.be like.com google.org google.net youtubegaming.com *.hotjar.io *.botframework.com botframework.com code.jquery.com use.fontawesome.com *.tawk.to *.jsdelivr.net *.pardot.com anchor.fm *.googleapis.com fast.wistia.com fast.wistia.net *.whizeo.com; connect-src *; style-src 'unsafe-inline' *; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; default-src 'self' *.ninerealms.com *.coingecko.com api.flipsidecrypto.com 1
font-src  'self' data: fonts.gstatic.com d6nzdboxj6q7k.cloudfront.net cdn.inscribe.education fonts.googleapis.com assets-cdn.ziggeo.com cdnjs.cloudflare.com cdn.embedly.com https://inscribe.education ; frame-src  'self' drive.google.com docs.google.com sites.google.com *.typeform.com *.slideshare.net *.slidesharecdn.com *.kaltura.com *.kaltura.com:8443 cdnapi.kaltura.com www.kaltura.com youtu.be www.youtube.com www.viddler.com *.aleks.com *.aleks.com:8443 learn.wileyplus.com *.blackboard.com *.asu.edu *.asu.edu:8443 *.edx.org *.edx.org:8443 gfacompass.com *.gfacompass.com *.gfacompass.com:8443 minnstate.edu *.minnstate.edu *.minnstate.edu:8443 moodle-elb-1149710790.us-west-2.elb.amazonaws.com moodle.davidson.edu *.moodle.davidson.edu *.moodle.davidson.edu:8443 *.foliotek.com *.foliotek.com:8443 *.smumn.edu *.smumn.edu:8443 *.learntoday.info es-purdue.h5p.com www.youtube-nocookie.com *.rice.edu *.rice.edu:8443 *.instructure.com *.instructure.com:8443 *.wiley.com *.wiley.com:8443 http://players.brightcove.net players.brightcove.net xpro.mit.edu courses.xpro.mit.edu studio.xpro.mit.edu preview.xpro.mit.edu embed.ted.com domains.davidson.edu ollusa.edu courses.missouri.edu *.umsystem.edu lms.academyatwgu.org blackboard.fhsu.edu cdn.embedly.com essential.2u.edu *.essential.2u.com essential.2u.com demo.essential.2u.com sandbox.moodledemo.net www.riolearn.org *.riolearn.org 2u.coconutcalendar.com brightspace.ccc.edu morehouse.dc.2u.com my.kenzie.academy player.vimeo.com calendar.google.com *.zybooks.com *.panopto.com *.straighterline.com  *.straighterline.net  academy.wgu.edu *.academy.wgu.edu www.facebook.com replit.com morehouse.stg.dc.2u.com www.loom.com miami.dc.2u.com canvas.jmu.edu simmons.dc.2u.com rise.articulate.com 360.articulate.com *.2u.com https://onedrive.live.com https://westerngovernorsuniversity.sharepoint.com *.cogbooks.com *.bu.edu www.canva.com canvas.pdx.edu knowledge-onlinecampus.api.2u.com www.knowledgecenter-digitalcampus.com blackboard.vsu.edu *.dc.2u.com digitalskills.instructure.com *.wguacademy.org *.wgu.edu lumen.instructure.com ludev.team *.mindedgeuniversity.com digitalskills.instructure.com home.one.lumenlearning.com lumen.brightspacedemo.com *.mindedgeonline.com *.desire2learn.com *.usg.edu *.charteroak.edu *.utrgv.edu sway.office.com *.brightspace.com devcanvas.oregonstate.edu bb.tulsacc.edu mycourses.unh.edu mycourses.usnh.edu *.mindedgecollege.com *.louisville.edu mylearning.suny.edu https://fast.wistia.com https://fast.wistia.net https://asuonline.wistia.com https://asuonline.wistia.net *.umgc.edu flip.com app.vidgrid.com https://inscribe.education cdn.inscribe.education ; img-src  'self' data: blob: *.typeform.com learn.wileyplus.com canvas.asu.edu *.canvas-user-content.com canvas.rice.edu inscribe-avatar-files.s3-us-west-2.amazonaws.com inscribe-importer-resource-previewimages.s3-us-west-2.amazonaws.com *.instructure.com instructure-uploads.s3.amazonaws.com secure.gravatar.com i1.wp.com i2.wp.com i3.wp.com youtu.be www.youtube.com img.youtube.com thumbs.cdn-ec.viddler.com www.google-analytics.com *.googleusercontent.com http://gravatar.com https://gravatar.com cdnjs.cloudflare.com inst-fs-iad-prod.inscloudgate.net players.brightcove.net players.brightcove.net:8443 *.froala.com *.missouri.edu cdn.inst-fs-iad-prod.inscloudgate.net i-cdn.embed.ly www.riolearn.org *.riolearn.org morehouse.dc.2u.com my.kenzie.academy player.vimeo.com *.zybooks.com *.panopto.com *.straighterline.com  *.straighterline.net  morehouse.stg.dc.2u.com *.wistia.com *.wistia.net https://inscribe.education cdn.inscribe.education https://metrics.inscribe.education:4443 ; script-src  'self' *.typeform.com http://squizlabs.github.io *.slideshare.net *.slidesharecdn.com stats.kaltura.com analytics.kaltura.com cdnapi.kaltura.com cdnbakmi.kaltura.com ajax.googleapis.com d6nzdboxj6q7k.cloudfront.net cdn.inscribe.education www.google-analytics.com assets-cdn.ziggeo.com cdnjs.cloudflare.com youtu.be www.youtube.com s.ytimg.com 'unsafe-inline' players.brightcove.net players.brightcove.net:8443 cdn.embedly.com player.vimeo.com calendar.google.com *.panopto.com *.googletagmanager.com https://inscribe.education cdn.inscribe.education ; frame-ancestors  'self' *.typeform.com *.typeform.com learn.wileyplus.com myasucourses.asu.edu *.blackboard.com *.asu.edu *.asu.edu:8443 edge.edx.org *.edx.org:8443 https://*.edx.org gfacompass.com *.gfacompass.com *.gfacompass.com:8443 https://*.gfacompass.com youtu.be www.youtube.com *.aleks.com *.aleks.com:8443 https://*.aleks.com courses.edx.org *.instructure.com https://*.instructure.com *.brightspace.com minnstate.edu *.minnstate.edu *.minnstate.edu:8443 https://*.minnstate.edu *.moodle-elb-1149710790.us-west-2.elb.amazonaws.com moodle-elb-1149710790.us-west-2.elb.amazonaws.com http://moodle-elb-1149710790.us-west-2.elb.amazonaws.com moodle-elb-1149710790.us-west-2.elb.amazonaws.com:8443 moodle.davidson.edu *.moodle.davidson.edu *.moodle.davidson.edu:8443 https://moodle.davidson.edu *.foliotek.com *.foliotek.com:8443 *.smumn.edu *.smumn.edu:8443 *.rice.edu *.rice.edu:8443 *.wiley.com *.wiley.com:8443 players.brightcove.net players.brightcove.net:8443 xpro.mit.edu courses.xpro.mit.edu studio.xpro.mit.edu preview.xpro.mit.edu domains.davidson.edu http://public-embedded-views-test.s3-website-us-west-2.amazonaws.com ec2-35-166-207-132.us-west-2.compute.amazonaws.com ollusa.edu courses.missouri.edu *.umsystem.edu lms.academyatwgu.org blackboard.fhsu.edu *.essential.2u.com essential.2u.com demo.essential.2u.com sandbox.moodledemo.net www.riolearn.org *.riolearn.org brightspace.ccc.edu morehouse.dc.2u.com my.kenzie.academy gcvs.schoology.com *.zybooks.com *.panopto.com *.straighterline.com  *.straighterline.net  *.academy.wgu.edu academy.wgu.edu sites.google.com *.googleusercontent.com www.gstatic.com replit.com morehouse.stg.dc.2u.com 2u.coconutcalendar.com miami.dc.2u.com canvas.jmu.edu simmons.dc.2u.com https://rise.articulate.com https://360.articulate.com *.2u.com https://onedrive.live.com https://westerngovernorsuniversity.sharepoint.com *.cogbooks.com *.bu.edu www.canva.com canvas.pdx.edu knowledge-onlinecampus.api.2u.com www.knowledgecenter-digitalcampus.com blackboard.vsu.edu *.dc.2u.com digitalskills.instructure.com *.wguacademy.org *.wgu.edu lumen.instructure.com ludev.team *.mindedgeuniversity.com digitalskills.instructure.com home.one.lumenlearning.com lumen.brightspacedemo.com *.mindedgeonline.com *.desire2learn.com *.usg.edu *.charteroak.edu *.utrgv.edu *.ccsnh.edu elearn.chattanoogastate.edu canvas.fau.edu *.openedx.org *.noodle.com sway.office.com devcanvas.oregonstate.edu bb.tulsacc.edu mycourses.unh.edu mycourses.usnh.edu *.mindedgecollege.com *.louisville.edu mylearning.suny.edu d2ltest.lonestar.edu osuit.canvas.okstate.edu canvas.ku.edu *.umgc.edu kuconnect.ku.edu d2l.lonestar.edu d2l.oru.edu canvas.illinois.edu canvas.oregonstate.edu canvas.gonzaga.edu elearning.kctcs.edu lms-devl.bu.edu newlearn.govst.edu elearn.chemeketa.edu https://inscribe.education cdn.inscribe.education ; style-src  'self' fonts.googleapis.com assets-cdn.ziggeo.com cdnjs.cloudflare.com d6nzdboxj6q7k.cloudfront.net cdn.inscribe.education 'unsafe-inline' https://localhost:8081 cdn.embedly.com https://inscribe.education cdn.inscribe.education ; media-src  *.wistia.com *.wistia.net ; default-src  'self' cdn.inscribe.education https://inscribe.education cdn.inscribe.education ; connect-src  'self' https://www.google-analytics.com youtu.be www.youtube.com api-cdn.embed.ly *.panopto.com ws://127.0.0.1:8700 ws://localhost:8700 wss://*.inscribe.education https://*.wistia.com https://inscribe.education cdn.inscribe.education https://metrics.inscribe.education:4443 ws://cdn.inscribe.education ; 1
default-src 'self'; style-src-elem 'unsafe-inline' 'self' https://*.fontawesome.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/ https://cdn.jsdelivr.net/npm/; frame-src 'self' https://player.vimeo.com/ https://consentcdn.cookiebot.com/; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://*.fontawesome.com/ data:; img-src 'self' https://s.w.org/images/ https://secure.gravatar.com/ http://0.gravatar.com/ https://cdn.jsdelivr.net/npm/ https://track-eu1.hubspot.com/ data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/ https://unpkg.com/ https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hs-banner.com/ https://consentcdn.cookiebot.com/ https://*.fontawesome.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ http://js-eu1.hs-scripts.com/ https://f.vimeocdn.com/ http://t.gatorleads.co.uk https://www.google-analytics.com/ https://ws.zoominfo.com/ ; style-src 'unsafe-inline' https://fonts.googleapis.com/ https://davies-group.com/ https://cdn.jsdelivr.net https://*.fontawesome.com/; object-src 'none'; connect-src 'self' https://consentcdn.cookiebot.com/ https://daviesgroup.current-vacancies.com/ https://ws.zoominfo.com/ https://stats.g.doubleclick.net/ http://*.google-analytics.com/ https://*.fontawesome.com/; 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-/k9hWwBWwZLXmPnVg3oacrRoznmiHoGUshJiDYr2sylIlaKP' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
frame-ancestors oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.klarna.com *.demdex.net *.hotjar.com *.stripe.com *.doubleclick.net *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.googletagmanager.com https://widgets.trustedshops.com *.klarnacdn.net *.omtrdc.net *.everesttech.net *.placeholder.com *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.com.tr *.google.ch *.hotjar.com *.amasty.com *.arebosnl.local *.arebosch.local *.stripe.com *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.windows.net https://arebos.sjv.io *.loggly.com *.ojrq.net https://integrations.etrusted.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.trackedlink.net *.googletagmanager.com *.cloudflareinsights.com *.klarnacdn.net *.klarna.com *.cookiepro.com *.cookielaw.org *.onetrust.com *.hotjar.com *.googleapis.com *.stripe.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.online-metrix.net *.newrelic.com *.nr-data.net *.doubleclick.net *.google.com.tr *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.impactcdn.com https://arebos.sjv.io *.etrusted.com klarna.com *.klarnaevt.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io *.googletagmanager.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google-analytics.com *.trustedshops.com *.etrusted.com *.klarnaevt.com *.googleapis.com *.demdex.net *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.ch wss://*.hotjar.com *.hotjar.io *.hotjar.com *.stripe.com https://*.ingest.sentry.io *.nr-data.net *.bing.com *.cloudfront.net *.amazonaws.com wss://*.amazonaws.com wss://tufsuyburufn.transport.connect.eu-central-1.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.onetrust.com *.klaviyo.com https://arebos.sjv.io *.loggly.com klarna.com *.klarna.com *.klarnacdn.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.klarna.com *.stripe.com *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com *.google.com.tr *.klaviyo.com https://arebos.sjv.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marker.io su478.infusionsoft.app *.gstatic.com *.amazonaws.com *.doubleclick.net *.freshworks.com livestream.com *.googleadservices.com *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' su478.infusionsoft.app *.google.com *.doubleclick.net *.freshdesk.com http://www.buddhismuskunde.uni-hamburg.de/ livestream.com wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 1
base-uri 'self'; connect-src 'self' https://themify.me https://www.google-analytics.com https://stats.g.doubleclick.net yoast.com cloudflareinsights.com; default-src 'self'; font-src 'self' fonts.gstatic.com data: ; frame-src blob: 'self' https://www.activecountermeasures.com www.blackhillsinfosec.com www.youtube.com youtu.be player.blubrry.com www.google.com; img-src  'self' blackhillsinfosec.com https://img.youtube.com https://raw.githubusercontent.com https://ps.w.org https://upload.wikimedia.org https://i.ebayimg.com https://blogs.reuters.com https://upload.wikimedia.org https://plugins.svn.wordpress.org https://ajax.googleapis.com https://s.w.org https://via.placeholder.com/ https://www.gstatic.com https://www.googletagmanager.com www.youtube.com youtu.be *.ytimg.com ytimg.com https://static.wixstatic.com themify.me player.blubrry.com blubrry.com static.wixstatic.com data: *.googleusercontent.com https://www.google-analytics.com player.blubrry.com; manifest-src 'self'; media-src 'self' media.blubrry.com player.blubrry.com; object-src 'none'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com player.blubrry.com; script-src-elem cdnjs.cloudflare.com https://www.googletagmanager.com https://static.cloudflare.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' data: https://ajax.googleapis.com ; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com player.blubrry.com www.gstatic.com; worker-src 'self'; frame-ancestors 'self'; report-to default 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://consentcdn.cookiebot.com https://www.google.com https://vimeo.com https://player.vimeo.com https://*.amazonaws.com https://*.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com https://*.google.com https://stats.wp.com https://www.googletagmanager.com https://unpkg.com https://*.vimeo.com https://www.google.com https://www.gstatic.com https://*.stripe.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: https://*.cookiebot.com https://pixel.wp.com https://*.eu-west-2.amazonaws.com https://*.google.co.uk; connect-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net *.google.com *.google.co.uk *.analytics.google.com https://*.amazonaws.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://pro.fontawesome.com 1
base-uri 'self';connect-src 'self' https://*.criteo.com https://*.livechatinc.com https://*.doubleclick.net https://*.google-analytics.com https://*.mixpanel.com https://*.optimonk.com https://*.linkedin.com data:;default-src 'self' https://*.googleoptimize.com https://*.google-analytics.com http://*.criteo.com https://*.optimonk.com http://*.mxpnl.com https://*.googletagmanager.com https://*.cloudflare.com https://*.facebook.com https://*.facebook.net https://*.jsdelivr.net https://*.google.com https://*.googleapis.com https://*.livechatinc.com https://*.topfx.com.sc;form-action 'self';img-src 'self' https://*.livechat-files.com https://*.googleapis.com https://*.topfx.com.sc https://*.topfx.com https://admin.topfx.com https://*.linkedin.com https://*.doubleclick.net https://*.adnxs.com https://*.media.net https://*.rubiconproject.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.yahoo.net https://*.omnitagjs.com https://*.360yield.com https://*.criteo.com https://*.sharethrough.com https://*.tremorhub.com https://*.yieldlab.net https://*.emxdgt.com https://*.bidswitch.net https://*.adform.net https://*.casalemedia.com https://id5-sync.com https://*.ivitrack.com https://*.mediavine.com https://*.postrelease.com https://*.outbrain.com https://*.yieldmo.com https://*.demdex.net https://*.krxd.net https://*.googletagmanager.com https://*.google.com https://*.pubmatic.com https://*.facebook.com https://*.lijit.com https://*.google.com.pk https://cdnjs.cloudflare.com https://public-prod-dspcookiematching.dmxleo.com data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-ZNNImqerGXuvBHYbpWY5h28A6CqrlfDo' 'strict-dynamic' https://ajax.cloudflare.com https://topfx.com.sc/cdn-cgi/scripts/;style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.googleapis.com https://*.jsdelivr.net https://*.facebook.net;frame-src 'self' https://*.criteo.com https://*.criteo.net https://*.livechatinc.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.youtube.com https://*.topfx.com.sc https://*.doubleclick.net;font-src 'self' https://*.cloudflare.com https://*.gstatic.com data: 1
img-src 'self' https://code.jquery.com https://*.annexbusinessmedia.com blob: data:;default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://pawb.fun 'wasm-unsafe-eval'; font-src 'self' https://pawb.fun; img-src 'self' data: blob: https://pawb.fun https://cdn.pawb.social; style-src 'self' https://pawb.fun 'nonce-VkET3B7HMD3ro2GE4JWdtw=='; media-src 'self' data: https://pawb.fun https://cdn.pawb.social; frame-src 'self' https:; child-src 'self' blob: https://pawb.fun; worker-src 'self' blob: https://pawb.fun; connect-src 'self' blob: data: wss://pawb.fun https://pawb.fun https://cdn.pawb.social; manifest-src 'self' https://pawb.fun; form-action 'self' 1
script-src 'self' 'unsafe-eval' blob: https://*.dcube.cloud https://assets.adobedtm.com/ https://*.wogaa.sg https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://www.youtube.com https://connect.facebook.net https://webchat.vica.gov.sg https://api.search.gov.sg https://www.search.gov.sg https://cdn.jsdelivr.net/npm/@govtechsg/sgds-web-component/Masthead/index.js;child-src 'self' blob: https://www.google.com https://www.youtube.com https://www.search.gov.sg;object-src 'none';base-uri 'none'; 1
frame-ancestors 'self' https://webbfiler.kommunal.se/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jotfor.ms *.cloudflare.com *.surveymonkey.com *.jotform.com *.certcapture.com *.typeform.com *.popupsmart.com *.googletagmanager.com *.hotjar.com *.akamaihd.net *.amazonaws.com https://js.hs-banner.com https://js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net *.wistia.com *.wistia.net *.clarity.ms *.hsforms.net *.hsforms.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.azureedge.net *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.calendly.com *.cookielaw.org; style-src 'self' 'unsafe-inline' *.certcapture.com *.jotfor.ms *.calendly.com *.azureedge.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typeform.com; font-src 'self' *.jotfor.ms *.hotjar.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src *.amazonaws.com *.smassets.net *.certcapture.com *.jotfor.ms *.jotform.com *.bing.com *.cookielaw.org 'self' *.hotjar.com *.akamaihd.net https://js.hsleadflows.net *.hubspot.com *.wistia.net *.wistia.com *.clarity.ms *.hubspotusercontent30.net *.hsforms.com https://i.ytimg.com/ *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com www.google.com data: blob: https://8153681.fs1.hubspotusercontent-na1.net; media-src 'self' http://*.wistia.com http://*.wistia.net http://embedwistia-a.akamaihd.net *.azureedge.net data: blob:; frame-src 'self' *.surveymonkey.com mailto: *.hotjar.com *.azureedge.net *.microsoft.com *.hubspot.com *.hsforms.net *.hsforms.com *.wistia.net *.wistia.com *.google.com *.cardconnect.com *.akamaihd.net https://calendly.com *.typeform.com; frame-ancestors 'self' https://app.hubspot.com; child-src 'self' blob: *.hsforms.net *.hotjar.com *.akamaihd.net *.google.com/ *.hubspot.com/ *.hsforms.com/ https://fast.wistia.com/ *.wistia.com https://platform.twitter.com/ *.wistia.net https://fast.wistia.net https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com; connect-src *.google.com wss://*.hotjar.com *.hotjar.com *.certcapture.com *.onetrust.com 'self' *.hotjar.io *.hotjar.com *.google-analytics.com *.akamaihd.net *.amazonaws.com *.hsforms.com *.clarity.ms https://forms.hubspot.com *.litix.io/ *.wistia.com *.wistia.net accounts.google.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.hs-banner.com *.cookielaw.org; 1
default-src 'self' data: ; script-src 'self' googlemaps.github.io cdn.jsdelivr.net cdn.cookie-script.com static.addtoany.com ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: cdn.jsdelivr.net cdn.cookie-script.com static.addtoany.com fonts.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: cdn.jsdelivr.net cdn.cookie-script.com static.addtoany.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com data: blob: www.googletagmanager.com; connect-src 'self' maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: cdn.jsdelivr.net cdn.cookie-script.com static.addtoany.com fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' cdn.jsdelivr.net cdn.cookie-script.com static.addtoany.com; frame-src 'self' static.addtoany.com maps.googleapis.com maps.google.com www.googletagmanager.com; manifest-src 'self' ; child-src 'self' www.googletagmanager.com; worker-src 'self' ; base-uri 'self' ; 1
frame-ancestors 'self' https://www.greenice.com https://cdn.greenice.com https://app.reskyt.com http://app.reskyt.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.de https://www.google.de https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat *.google-analytics.com *.analytics.google.com https://app.usercentrics.eu/browser-ui/latest/loader.js https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://region1.google-analytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.de https://www.google.de https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat *.google-analytics.com *.analytics.google.com https://app.usercentrics.eu/browser-ui/latest/loader.js https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://region1.google-analytics.com https://cdn.jsdelivr.net pagecdn.io; frame-ancestors 'self'; report-uri https://bionorica.de/report-uri/enforce 1
child-src 'self'; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; default-src 'self'; font-src 'self' fonts.gstatic.com 'unsafe-inline'; frame-src 'self' *.google.com youtube.com *.youtube.com *.rapidpaycard.com; img-src 'self' i.ytimg.com *.google-analytics.com www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' go.rapidpaycard.com *.google.com *.gstatic.com code.jquery.com *.google-analytics.com diffuser-cdn.app-us1.com *.googletagmanager.com *.facebook.com *.facebook.net t.sf14g.com formalyzer.com prism.app-us1.com *.google.com *.pardot.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn-kiesmbo-prod.azureedge.net https://cdn-kiesmbo-acc.azureedge.net https://www.kiesmbo.nl https://*.d-tt.nl wss://*.d-tt.nl https://*.d-tt.dev wss://*.d-tt.dev https://ontdekmboacc-api.azurewebsites.net wss://ontdekmboacc-api.azurewebsites.net wss://ontdekmboacc-server.azurewebsites.net https://img.icons8.com https://www.flaticon.com https://*.vimeocdn.com https://*.gravatar.com https://*.umbraco.com https://*.umbraco.org https://umbraco.tv https://*.cookiebot.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.ytimg.com https://img.youtube.com https://www.youtube.com https://*.youtube-nocookie.com https://*.unity3d.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://player.vimeo.com https://*.s-bb.nl https://fvuc.nl https://*.vfuc.nl https://*.swagger.io https://www.ditismbo.nl https://connect.facebook.net https://*.cookieconsent.io https://*.mopinion.com https://fonts.googleapis.com; object-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-0a2cc86dc3553e678a8baac57151c14b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.matrimonio.com.pe https://comunidad.matrimonio.com.pe https://landing.matrimonio.com.pe 1
frame-ancestors   https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com; 1
default-src 'self' https:;connect-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; style-src-elem 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; 1
default-src 'self' data: *.sumsub.com *.geetest.com *.bitkan.net *.szsing.com *.google.com https://datasink-sensors.bitcan.io https://static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sumsub.com *.jumio.com *.jumio.ai *.geetest.com *.bitkan.net *.google.com https://gcaptcha4.geevisit.com https://static.geevisit.com https://dn-staticdown.qbox.me https://api.geevisit.com https://api.smooch.io https://static.zdassets.com https://img.szsing.com https://www.google-analytics.com https://www.googletagmanager.com;img-src 'self' data: blob: *.sumsub.com *.geetest.com *.bitkan.net *.szsing.com https://static.zdassets.com https://accounts.zendesk.com https://static.bitkan.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.sumsub.com *.bitkan.net *.szsing.com *.geetest.com *.google.com https://static.zdassets.com https://bitkan.core-sgp.jumio.com;font-src 'self' data: https://static.zdassets.com *.jumio.com *.jumio.ai *.bitkan.net *.szsing.com;frame-src 'self' *.sumsub.com *.jumio.com *.jumio.ai *.bitkan.net *.szsing.com *.google.com *.geetest.com;connect-src 'self' *.sumsub.com *.bitkan.net *.jumio.com *.jumio.ai *.szsing.com *.google.com *.geetest.com https://datasink-sensors.bitcan.io wss://api.smooch.io https://api.smooch.io https://bitkan.zendesk.com https://ekr.zdassets.com wss://s1.btcwatch.com:8080 https://upload.qiniup.com https://api.qiniu.com wss://s.btckan.com:8080 https://www.google-analytics.com https://stats.g.doubleclick.net;object-src 'none' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Q2ew203IGzPZBmsZeuViEA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; form-action 'none'; prefetch-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com ; script-src 'self'  'sha256-0Qda1lael8ZvXOJn9VL2xrQjrDECWIPQ+AaXolRBXeE=' ; font-src 'self' data: https://*.gstatic.com; frame-ancestors 'none'; base-uri 'none'; connect-src https://*.api-mail-v1.webmail.ee https://api-mail-v1.webmail.ee https://mail-attachment.zoneusercontent.eu; img-src data: blob: attachment: https://* http://*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://slides.growth.design https://ajax.googleapis.com fast.wistia.com https://growth.design https://va.vercel-scripts.com; child-src blob:; style-src 'self' 'unsafe-inline' https://growth.design https://fonts.googleapis.com; font-src 'self' data: https://*.wistia.com https://growth.design https://fonts.gstatic.com; img-src 'self' data: blob: https://growth.design https://embed-ssl.wistia.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s3.amazonaws.com; form-action *; frame-ancestors 'self' https://slides.growth.design ; frame-src 'self' https://slides.growth.design https://www.google.com https://growthdesign.slides.com https://cloud.protopie.io; connect-src 'self' https://api.growth.design https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://api.glitch.com https://vitals.vercel-insights.com https://in.logtail.com; media-src 'self' blob: https://s3.amazonaws.com; object-src 'self' data:; 1
default-src 'self' data: unsafe-inline'       https://maps.googleapis.com       https://polyfill.io       http://webhelp.grassfish.tv       https://*.bmwgroup-posdigital.com       https://bmwgroup-posdigital.com       https://*.grassfish.com       https://bmwgroup-posdigital-integration.com      https://*.grassfish.tv;         script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://maps.googleapis.com       https://polyfill.io       error.angularjs.org;         style-src 'self' 'unsafe-inline';    font-src 'self';         frame-ancestors 'self'       https://maps.googleapis.com       https://polyfill.io       https://*.bmwgroup-posdigital.com       https://bmwgroup-posdigital.com       https://bmwgroup-posdigital-integration.com      https://*.grassfish.com       https://*.grassfish.tv;         report-uri https://gfts.report-uri.com/r/d/csp/reportOnly; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://mitsweb.iitech.dk https://www.googletagmanager.com 1
default-src 'none'; media-src 'self' https://www.facebook.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cloud.elegantthemes.com trk.go.fhlbny.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com https://www.google.com/ https://tag.manager.google.com/ https://www.googletagmanager.com https://www.gstatic.com/ https://ajax.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com/ http://www.google-analytics.com/ https://www.youtube.com/ https://d3js.org/d3.v5.min.js https://approval.fhlbny.com https://fhlbny.wpengine.com https://www.buzzsprout.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com/ https://cloud.elegantthemes.com trk.go.fhlbny.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com; img-src 'self' 'unsafe-inline' https://approval.fhlbny.com https://fhlbny.wpengine.com https://www.googletagmanager.com data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.gstatic.com/; base-uri 'self'; form-action 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://themes.googleusercontent.com https://fhlbny.wpengine.com https://fonts.gstatic.com https://use.typekit.net; object-src 'none'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://fhlbny.maps.arcgis.com/ http://fhlbny.maps.arcgis.com/ https://www.buzzsprout.com/ https://cloud.elegantthemes.com trk.go.fhlbny.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com; child-src 'self' https://www.google.com/ https://www.facebook.com/ https://www.youtube.com/ blob:; frame-ancestors 'self'; manifest-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://girlcock.club; img-src 'self' https: data: blob: https://girlcock.club; style-src 'self' https://girlcock.club 'nonce-hetbTcmzEqacLBewHgPUDw=='; media-src 'self' https: data: https://girlcock.club; frame-src 'self' https:; manifest-src 'self' https://girlcock.club; form-action 'self'; child-src 'self' blob: https://girlcock.club; worker-src 'self' blob: https://girlcock.club; connect-src 'self' data: blob: https://girlcock.club https://media.girlcock.club wss://girlcock.club; script-src 'self' https://girlcock.club 'wasm-unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.zenaps.com https://www.youtube.com https://player.vimeo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.probikekit.co.uk https://m.probikekit.co.uk https://checkout.probikekit.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
report-uri https://kvika.report-uri.com/r/d/csp/reportOnly; default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' cookiehub.net dash.cookiehub.com; img-src 'self' https://prismic-io.s3.amazonaws.com/lykill/ bilasolur.is images.prismic.io data: lykill.cdn.prismic.io https://www.facebook.com; font-src 'self'; manifest-src 'self'; connect-src 'self' o394619.ingest.sentry.io https://vitals.vercel-insights.com/v1/vitals ds.cookiehub.net consent.cookiehub.net/log cdn.segment.com api.segment.io *.algolianet.com c34hbzuoby-dsn.algolia.net *.segmentapis.com *.google-analytics.com https://region1.google-analytics.com; script-src 'self' prismic.io static.cdn.prismic.io cdn.segment.com cookiehub.net; frame-src 'self' lykill.prismic.io; object-src 'none'; frame-ancestors 'self'; media-src 'self'; worker-src 'none'; child-src 'self'; form-action 'self'; script-src-elem 'self' prismic.io static.cdn.prismic.io cdn.segment.com cookiehub.net cookiehub.net/ dash.cookiehub.com/ https://dash.cookiehub.com/ http://dash.cookiehub.com/ vercel.live/_next-live/feed https://www.gstatic.com/recaptcha/ 'sha256-kRsEQ1q5NmUkRoUgKgoZvJOw7Bj1kp0cKRlavbghSTc=' 'sha256-b0md2PO9PIc+lNHwqEYXLnCSi/oPZxnM8U5ZGaBTnFs=' 'sha256-uVGO+5sAg4GWEM9RzAuTwmUxUDvGg6BGgH6iSvO3n3Y=' 'sha256-rqWxsQ/DLTVLBH1RstVJoot3MCWWY+kAmjzauqL+Urg=' *.google-analytics.com region1.google-analytics.com connect.facebook.net/ https://www.googletagmanager.com 'sha256-vezeWwILSac4lg4Yy+CSy/Cry8YoS2sNhhmVLJHqfOM=' 'sha256-NZOT7kPTjrflrALanptHp0x8BHCQ/2aar4PGKf6GRBo='; 1
default-src 'self' https://www.webatvantage.be *.google-analytics.com *.analytics.google.com *.piwik.pro 'nonce-NDA2NjMwNzQzMzQ4NjY2Mg==';script-src 'self' https://www.webatvantage.be https://www.google.com https://www.clarity.ms *.piwik.pro 'unsafe-eval' 'nonce-NDA2NjMwNzQzMzQ4NjY2Mg==';font-src 'self' https://www.webatvantage.be https://use.typekit.net;img-src 'self' https://www.webatvantage.be *.cdninstagram.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.gstatic.com data:;style-src 'self' https://www.webatvantage.be *.typekit.net https://use.typekit.net/vgj5jns.css 'unsafe-inline';frame-src 'self' https://www.webatvantage.be https://www.google.com;object-src 'self' data:; 1
frame-ancestors 'self' https://console.caps.co.uk https://uat-console.caps.co.uk 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'none'; worker-src 'none'; prefetch-src 'none' 1
frame-ancestors 'self' https://manage.vision-systems.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' api.commerce7.com apigateway.commerce7.com use.typekit.net cdn.cookielaw.org *.stripe.com *.acuityplatform.com *.googleapis.com *.dotomi.com *.jst.ai *.visualwebsiteoptimizer.com *.googlesyndication.com *.typeform.com *.adsrvr.org *.recaptcha.net *.gstatic.com *.onetrust.com api.userback.io *.doubleclick.net *.google-analytics.com analytics.google.com bam.nr-data.net *.pinterest.com *.mailchimp.com *.bing.com *.cloudfront.net *.helpscout.net downloads.mailchimp.com *.hotjar.com *.hotjar.io *.hotjar.com:* wss://*.hotjar.com *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.commerce7.com apigateway.commerce7.com cdn.cookielaw.org *.stripe.com *.dotomi.com *.newrelic.com *.vwo.com *.visualwebsiteoptimizer.com *.jst.ai *.googlesyndication.com *.doubleclick.net *.acuityplatform.com secure.adnxs.com *.typeform.com *.googleapis.com *.pinimg.com cdnjs.cloudflare.com *.fontawesome.com use.typekit.net *.recaptcha.net chimpstatic.com *.g.doubleclick.net *.mailchimp.com downloads.mailchimp.com *.gstatic.com *.youtube.com *.adsrvr.org *.bing.com *.helpscout.net static.userback.io *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.list-manage.com *.hotjar.com *.grappos.com *.exactdn.com connect.facebook.net apis.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net cdn.commerce7.com *.google.com cdnjs.cloudflare.com downloads.mailchimp.com *.jst.ai *.googlesyndication.com *.typeform.com *.helpscout.net static.userback.io *.recaptcha.net *.gstatic.com *.exactdn.com *.typekit.net;img-src 'self' *.commerce7.com *.joshcellars.com p.typekit.net *.pinimg.com *.gravatar.com data: *.googletagmanager.com *.vimeocdn.com *.helpscout.net *.jst.ai *.googlesyndication.com *.doubleclick.net *.visualwebsiteoptimizer.com *.acuityplatform.com secure.adnxs.com *.typeform.com *.googleapis.com *.google-analytics.com *.googleads.g.doubleclick.net *.doubleclick.net *.recaptcha.net *.pinterest.com *.gstatic.com *.bing.com *.mailchimp.com downloads.mailchimp.com *.google.com apigateway.commerce7.com *.adsrvr.org *.fls.doubleclick.net *.ad.doubleclick.net *.ytimg.com cdn.cookielaw.org *.cdninstagram.com *.exactdn.com *.facebook.com;frame-src 'self' vars.hotjar.com *.fls.doubleclick.net *.youtube-nocookie.com *.youtube.com *.stripe.com *.pinterest.com *.facebook.com *.jst.ai *.googlesyndication.com *.doubleclick.net secure.adnxs.com *.typeform.com downloads.mailchimp.com *.recaptcha.net *.vimeo.com *.grappos.com accounts.google.com *.g.doubleclick.net;font-src 'self' fonts.gstatic.com *.joshcellars.com downloads.mailchimp.com static.userback.io use.typekit.net *.jst.ai *.googlesyndication.com *.typeform.com data: *.exactdn.com; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-b2lVb2lkZlBlTGVSRm1qNmFLMTdSYlVGNVR5QXRYQmFUZEdpTXRBRm9pVT06OUVoTTNyK0xDNXpHWnhpb0dNUXZOWjVpM0hYcytRY01HS1hrWGFNMDcyMD0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'unsafe-eval' 'self' data: https://www.google-analytics.com/ *.cookiescan.com tennants.blob.core.windows.net https://www.google.com; frame-ancestors 'self'  https://auctions.tennants.co.uk/ 1
default-src 'self' https://*.plaid.com;img-src 'self' data: http: https:;style-src 'self' 'unsafe-inline' https://calendly.com https://*.googleapis.com https://fast.fonts.net;script-src 'self' 'unsafe-inline' https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.paypalobjects.com https://*.plaid.com https://*.stripe.com https://calendly.com;connect-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.plaid.com https://*.stripe.com;font-src 'self' data: http: https:;frame-src https://*.braintreegateway.com https://*.google.com https://*.plaid.com https://*.stripe.com https://*.youtube.com https://calendly.com;object-src 'none';base-uri 'self';frame-ancestors 'self';report-uri /errors/csp 1
default-src 'none';  script-src 'report-sample' 'self' 'unsafe-inline' https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hubspot.com https://js.hsleadflows.net https://snap.licdn.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com;  style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com;  object-src 'none';  base-uri 'self';  connect-src 'self' https://www.facebook.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net *.googlesyndication.com https://www.googletagmanager.com https://api.hubapi.com https://forms.hsforms.com https://*.hubspot.com https://cdn.linkedin.oribi.io;  font-src 'self' data: https://fonts.gstatic.com;  worker-src 'none';  manifest-src 'self';  report-uri 'none';  report-to 'none';  frame-ancestors 'self' https://app.pageproof.com;  frame-src 'self' https://www.facebook.com https://td.doubleclick.net https://forms.hsforms.com https://player.vimeo.com;  img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.hsforms.com https://forms.hsforms.com https://*.hubspot.com https://linkedin.com https://px.ads.linkedin.com https://i.vimeocdn.com https://i.ytimg.com;  media-src 'self'; form-action 'self' https://www.hubspot.com 1
frame-ancestors 'self' *.k9ti.net https://k9ti.net; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.beauty24.de https://*.gstatic.com https://*.googleapis.com https://*.googleadservices.com https://*.google.com https://*.google.de https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://www.googletagmanager.com https://*.bing.com https://*.clarity.ms https://*.vr-pay-ecommerce.de https://vr-pay-ecommerce.de https://oppwa.com https://cdn.ampproject.org https://*.trustedshops.com https://*.payments-amazon.com https://*.amazon.com https://*.amazon.de https://*.wirecard.com https://*.criteo.net https://*.criteo.com https://connect.facebook.net https://*.webmasterplan.com https://*.rqtrk.eu https://connect.facebook.net https://www.dwin1.com https://www.awin1.com https://ad4m.at https://the.sciencebehindecommerce.com https://t.adcell.com; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: https://*.beauty24.de  1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com http://www.youtube.com geoid.investisdigital.com cookiemanager.investisdigital.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com http://www.youtube.com  geoid.investisdigital.com www.recaptcha.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com geoid.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://www.youtube.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com tools.euroland.com tools.eurolandir.com http://www.youtube.com http://tools.eurolandir.com; frame-ancestors www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.the3day.org/site/XFrameViolation 1
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self'; frame-ancestors 'self' *.centravet.net; connect-src 'self' blob: https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://google-analytics.com https://*.google-analytics.com https://*.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.com https://google.com https://doubleclick.net https://*.doubleclick.net https://rcdfcdn.mars.com https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.google-analytics.com https://*.mars.com;img-src blob: data: 'self' https://cdn.cookielaw.org https://analytics.google.com https://stats.g.doubleclick.net https://www.google.fr https://*.google.fr https://*.blob.core.windows.net https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.google.fr https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://google.com https://*.royalcanin.fr/ https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://google.com https://*.google.com https://googleapis.com https://*.googleapi.com https://google.com https://*.google.com https://googleapis.com https://*.googleapi.com https://optanon.blob.core.windows.net https://fonts.googleapis.com https://use.fontawesome.com https://*.mars.com; font-src 'self' data: https://gstatic.com https://*.gstatic.com https://fonts.gstatic.com https://*.mars.com https://use.fontawesome.com; frame-src 'self' https://doubleclick.net https://*.doubleclick.net https://*.vimeo.com; object-src 'self' 1
base-uri 'self'; connect-src 'self' https://cdn.ampproject.org; default-src 'self' https://www.igenea.com; script-src 'self' 'unsafe-inline' blob: https://challenges.cloudflare.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdn.ampproject.org; worker-src 'self' blob:; img-src 'self' data: https://cdn.ampproject.org https://www.igenea.com; style-src 'self' 'unsafe-inline'  https://paygate.novalnet.de; font-src data:; frame-src 'self' https://challenges.cloudflare.com https://www.google.com https://paygate.novalnet.de *.videodelivery.net *.cloudflarestream.com 1
object-src 'self' https://player-pwa.paranormalium.pl; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.radnet.com *.gravatar.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.ytimg.com *.vimeo.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.typekit.net *.wpengine.com *.tctm.co *.myradarconnect.com *.audioeye.com deep.health stats.g.doubleclick.net ml314.com *.ml314.com lfeeder.com *.lfeeder.com aidence.com *.w.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.altium.com altium.com *.bizible.com *.circuitmaker.com *.googletagmanager.com *.marketo.net *.mktoresp.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.adroll.com *.facebook.net *.doubleclick.net *.consensu.org *.cloudfront.net *.google.com *.marketo.com *.gstatic.com snap.licdn.com *.bing.com *.redditstatic.com *.ads-twitter.com *.twitter.com *.youtube.com *.vidyard.com; img-src * blob: data:;  media-src * 1
object-src 'self'; style-src 'unsafe-inline' 'self' *.tieto.com cdn.jsdelivr.net *.fonts.net *.talentadore.com *.omasp.fi fonts.googleapis.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com polyfill.io cdn.jsdelivr.net *.vismasignforms.com *.googleapis.com *.cloudflare.com *.investis.com *.addthis.com *.addthisedge.com *.moatads.com widget-telwin.getjenny.com *.cookiebot.com *.google-analytics.com *.omasp.fi apps.mypurecloud.ie *.talentadore.com connect.facebook.net ccaas.service.tieto.com; frame-src 'self' *.vimeo.com vimeo.com *.vismasignforms.com *.youtube.com *.cookiebot.com *.omasp.fi s7.addthis.com *.investis.com; img-src * data: 'self'; font-src 'self' *.omasp.fi *.tieto.com fonts.gstatic.com; connect-src 'self' *.cdn.omasp.fi  *.google-analytics.com fast.fonts.net rum.browser-intake-datadoghq.eu ats.talentadore.com wss://ccaas.service.tieto.com/ospcb/cobrowse/cometd *.tieto.com *.googleapis.com *.cookiebot.com widget-telwin.getjenny.com www.google-analytics.com *.addthis.com stats.g.doubleclick.net; 1
script-src http: https: https://m2.adendorff.co.za/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' https://m2.adendorff.co.za/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com staticw2.yotpo.com; frame-src *.cognitoforms.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com 1
frame-ancestors https://*.wheebox.com https://wheebox.com https://dsatexam.dsu.edu.in https://*.dsatexam.dsu.edu.in https://*.bsrassessment.in https://bsrassessment.in https://kuatexam.com https://*.kuatexam.com/ https://exams.tnjfu.ac.in/ https://*.exams.tnjfu.ac.in/ https://srmhcat.com/ https://*.srmhcat.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2bay.club 2bay.club *.mail.ru *.hotlog.ru js.hotlog.ru *.yandex.ru *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.ru *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.mc.webvisor.com *.mc.webvisor.org *.yastatic.net mc.yandex.ru *.google-analytics.com adservice.google.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.ampproject.org *.google.com *.googleapis.com *.google.co.uk *.google.co.il *.google.ru *.google.at *.google.fr *.google.ch *.google.nl *.google.sc *.google.ae *.google.de *.google.ca *.google.se *.google.hu *.google.no *.google.es *.google.md *.google.fi *.google.ro *.google.sk *.google.is *.google.com.ua *.google.com.bd *.google.com.sg *.google.pl *.google.cz *.google.lv *.google.bg *.google.co.in *.google.lt *.google.dj *.google.gr *.google.co.jp *.google.rs *.google.com.tr *.google.ie *.google.pt *.google.com.pe *.google.com.mx *.google.kz *.google.dz *.google.co.th *.google.com.mx *.google.com.hk *.google.com.sa *.google.com.tj *.google.co.uz *.google.com.vn *.google.com.tw *.google.ee *.google.kg *.google.co.za *.google.hr *.google.it *.google.tn *.google.mk *.google.com.bo *.google.co.kr *.google.com.mm *.google.co.id *.google.az *.google.com.br *.google.tm *.google.ge *.google.dk *.google.com.my *.google.co.ve *.google.co.ve *.google.iq *.google.cl *.google.com.au *.google.tt *.google.com.ar *.google.be *.google.com.cy *.google.co.nz *.google.mn *.google.com.pk *.google.lu *.google.com.ng *.google.com.ph *.google.mu *.google.co.tz *.google.com.uy *.google.com.co *.google.com.eg *.google.me *.google.com.np *.google.com.pg *.google.com.mt *.google.com.sv *.google.com.pr *.google.si *.google.com.gt *.google.co.ke *.google.com.bz *.google.cd *.google.ps *.google.la *.google.com.bn *.google.gg *.google.com.py *.google.com.et *.google.com.lb *.google.com.cu *.google.com.ec *.google.co.cr *.google.co.zw *.google.co.ug *.google.com.pa *.google.ci *.google.co.ao *.google.al *.google.com.om *.google.com.ly *.google.com.gh *.google.bj *.google.lk *.google.cg *.google.jo *.google.com.bh *.google.cm *.google.com.kh *.google.sm *.google.ad *.google.co.bw *.google.ne *.google.gy *.google.mv *.google.bf *.google.com.qa *.google.com.na *.google.com.kw *.google.com.ni *.google.hn *.google.vu *.google.co.mz *.google.com.jm *.google.im *.google.com.ag *.google.sn *.google.mg *.google.com.fj *.google.bs *.google.co.zm *.google.so *.google.com.gi *.sckxppzdm.com catcut.net cache.betweendigital.com pixel.yabidos.com yandex.ru iwe.ktvgv.com yastatic.net; img-src * data: ; font-src * data: ; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.google.cm; frame-src *; connect-src *; media-src * data: ; object-src *; 1
default-src 'none'; object-src 'none'; script-src 'self' 'sha256-0cMJQiSTWyrp/ttaqiAhqT1HP0tV12dJmQvaL06B4iE='; connect-src 'self'; font-src 'self'; manifest-src 'self'; style-src 'self'; img-src data: https://fileshare.brr.fyi 'self'; media-src https://fileshare.brr.fyi 'self'; frame-ancestors 'none' 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com www.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com www.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.menschen-im-sinn.justiz.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src data: *; upgrade-insecure-requests; 1
img-src https: *.obol.tech; font-src *; connect-src https: *.obol.tech; media-src https: *.obol.tech; object-src https: *.obol.tech; child-src https: *.obol.tech; frame-src https: *.obol.tech; worker-src https: *.obol.tech; frame-ancestors https: *.obol.tech; form-action https: *.obol.tech; base-uri https: *.obol.tech; script-src https: *.obol.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: *.obol.tech 'self' 'unsafe-inline'; 1
frame-ancestors https://fiolbdomain.com https://www.csbwebonline.com https://psa.stg1.digitalinsight.com 1
default-src https: ; base-uri https://sgp.nl  ; object-src 'none' ; form-action 'self' ; img-src https: data: http://www.webkey14.nl ; script-src https: 'unsafe-eval' 'unsafe-inline' ; style-src https: 'unsafe-eval' 'unsafe-inline' ; frame-ancestors 'self' 1
upgrade-insecure-requests;connect-src 'self' https://our.umbraco.com https://www.google-analytics.com https://ka-f.fontawesome.com https://api.userway.org https://cdn.userway.org https://static.zdassets.com https://*.klaviyo.com https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://a.klaviyo.com https://api-js.datadome.co/js/ https://*.zendesk.com https://*.zdassets.com https://*.doubleclick.net https://*.vimeo.com https://vimeo.com https://*.seated.com;default-src 'self';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://ka-f.fontawesome.com https://*.telerik.com https://*.klaviyo.com https://cdn.userway.org https://*.seated.com data:;frame-ancestors 'self';frame-src 'self' https://marketplace.umbraco.com https://www.google.com https://*.stripe.com https://www.youtube.com https://*.vimeo.com https://cdn.userway.org;img-src 'self' https://cdn.jsdelivr.net https://www.gravatar.com https://*.stripe.com https://www.googletagmanager.com https://i.ytimg.com https://cdn.userway.org https://www.google.com https://www.bing.com https://our.umbraco.com https://www.github.com https://*.cloudfront.net https://*.vimeocdn.com https://github.com/ https://*.seated.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdn.jsdelivr.net https://*.stripe.com https://*.telerik.com https://*.klaviyo.com https://cdnjs.cloudflare.com https://cdn.userway.org https://kit.fontawesome.com https://static.zdassets.com https://*.kimbia.com https://*.seated.com data:;style-src 'self' 'unsafe-inline' https://*.telerik.com https://*.klaviyo.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdn.userway.org https://*.kimbia.com https://*.seated.com data: 1
default-src 'none'; script-src 'unsafe-inline' https: 'nonce-eDY1YWYxNTJiNDhiNjQ2LjUwNDE0ODU1' 'strict-dynamic'; form-action 'self'; frame-ancestors 'none'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'none'; img-src *; font-src *; connect-src 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; base-uri 'self'; frame-src *; 1
frame-ancestors 'self' id-logistics.my.salesforce.com; 1
block-all-mixed-content; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cookielaw.org www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.com https://*.vivocha.com/ https://convy.unyco.net https://www.youtube.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://www.google-analytics.com;   script-src 'self' https://*.cookielaw.org https://*.onetrust.com/ https://cdn.polyfill.io/ https://s.ytimg.com/ https://soma.smaato.net/ https://www.youtube.com https://connect.facebook.net/ www.googleoptimize.com https://optimize.google.com www.sc.pages06.net www.antevenio.com *.triboo.com www.algorithmedia.com https://nebula-cdn.kampyle.com https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.generali.it *.alleanza.it https://analytics.newscred.com *.cloudfront.net https://*.analytics.edgekey.net https://convy.unyco.net https://*.vivocha.com/ *.google.com *.gstatic.com *.googleapis.com https://www.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com  https://www.googletagmanager.com https://tags.bluekai.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.google.com *.googleapis.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.gstatic.com;  img-src 'self' *.analytics.google.com https://*.cookielaw.org https://*.googlesyndication.com https://i.ytimg.com https://optimize.google.com *.generali.it *.alleanza.it www.pages06.net www.antevenio.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://via.placeholder.com https://maps.googleapis.com data: *.google.com *.google.it *.gstatic.com *.googleapis.com *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com https://convy.unyco.net https://*.vivocha.com/ https://panoramasearch.com/ *.newscred.com; media-src 'self' blob: pixel.quantserve.com www.antevenio.com *.triboo.com https://*.amazonaws.com  www.algorithmedia.com www.awin.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.it https://*.alleanza.it https://*.generali.com https://*.vivocha.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://convy.unyco.net; font-src 'self' https://fonts.gstatic.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.gstatic.com data: *.kaltura.com https://convy.unyco.net https://*.vivocha.com/;   connect-src 'self' *.analytics.google.com https://*.cookielaw.org https://*.onetrust.com/ https://*.googlesyndication.com https://maps.googleapis.com/ https://*.google.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.zetaglobal.com bat.bing.com *.generali.it *.alleanza.it https://*.analytics.edgekey.net *.kaltura.com https://*.generali.com https://convy.unyco.net https://*.vivocha.com/ *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.stats.kaltura.com; child-src 'self' blob: pixel.quantserve.com https://*.alleanza.it https://optimize.google.com www.tradedoubler.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://convy.unyco.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org https://match.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://*.vivocha.com/ https://accounts.generali.it *.generali.it https://stags.bluekai.com https://www.youtube.com/ https://www.google.com/; object-src 'self'; form-action 'self' https://idpintranet.generali.it https://accounts.generali.it *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ go.ketchupadv.it s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ generali.it alleanza.it https://*.generali.it https://*.alleanza.it; frame-ancestors 'self' https://accounts.generali.it https://www.youtube.com/ *.generali.it *.alleanza.it 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.rosnews.biz https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
frame-ancestors 'self' *.super1foods.com *.retail.brookshires.com 1
default-src 'self' irmciam.okta.com *.oktacdn.com; connect-src 'self' irmciam.okta.com irmciam-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com irmciam.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' irmciam.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' irmciam.okta.com *.oktacdn.com; frame-src 'self' irmciam.okta.com irmciam-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' irmciam.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' irmciam.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://prod-digipath-l2mojauqlq-uk.a.run.app https://irm-backend.pathpresenterdx.com https://ironmountain-digital-pathology.irm60-insight-us.com 1
default-src 'self'  https://www.google.com/recaptcha/api2/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://www.gstatic.com https://www.gstatic.com http://fonts.gstatic.com/ https://www.dafontfree.net/ https://fonts.gstatic.com/ http://www.googleapis.com https://www.googleapis.com http://mojoactiveerrorreporting.firebaseio.com https://mojoactiveerrorreporting.firebaseio.com https://use.typekit.net https://stats.g.doubleclick.net http://s7.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://api-public.addthis.com https://insight.adsrvr.org https://m.addthis.com https://api.userway.org https://cdn.userway.org https://maps.google.com https://maps.googleapis.com https://content.adacado.com https://bid.g.doubleclick.net https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com https://vimeo.com https://player.vimeo.com https://api.mojoactive.dev wss://api.mojoactive.dev/ https://site-report.mojoactive.dev/ https://www.datadoghq-browser-agent.com https://rum.browser-intake-us5-datadoghq.com https://session-replay.browser-intake-us5-datadoghq.com https://www.bugherd.com/ https://*.cloudfront.net/ https://sessions.bugsnag.com/ wss://ws.pusherapp.com https://purgecss.mojoactive.dev/api/scss https://cdn77.api.userway.org/ https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/; script-src 'self'  https://www.google.com/recaptcha/ http://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://s.ytimg.com https://s.ytimg.com http://resources.mojoactive.com https://resources.mojoactive.com https://use.typekit.net https://api-public.addthis.com http://s7.addthis.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com http://www.googletagmanager.com https://www.googletagmanager.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.userway.org http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://content.adacado.com https://cdn01.basis.net https://ad.adacado.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com https://ajax.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googleapis.com https://player.vimeo.com https://www.vimeo.com https://vimeo.com https://www.datadoghq-browser-agent.com https://www.bugherd.com/ https://*.cloudfront.net/ https://sessions.bugsnag.com/ wss://ws.pusherapp.com https://www.gstatic.com/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ 'unsafe-eval' 'unsafe-inline'; style-src 'self'  http://fonts.googleapis.com/ https://fonts.googleapis.com/ https://www.dafontfree.net/ https://www.google.com/ http://www.google.com/ http://www.gstatic.com/ https://www.gstatic.com/ https://bbox.blackbaudhosting.com https://resources.mojoactive.com https://www.datadoghq-browser-agent.com https://cdn.userway.org https://cdn.jsdelivr.net/ https://*.cloudfront.net/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ 'unsafe-inline'; object-src 'self';img-src 'self'  http://www.google-analytics.com https://www.google-analytics.com https://www.google.com/ http://www.google.com/ https://p.typekit.net https://www.googletagmanager.com https://cdn.userway.org https://maps.gstatic.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://insight.adsrvr.org https://ups.analytics.yahoo.com https://*.doubleclick.net https://x.bidswitch.net https://segment.prod.bidr.io https://resources.mojoactive.com https://i.vimeocdn.com https://www.datadoghq-browser-agent.com https://cdn.userway.org https://*.cloudfront.net/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/  https://www.phhealthcare.org https://purgecss.mojoactive.dev/ https://cdn.jsdelivr.net/ blob: data:; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ibiznes24.pl; frame-ancestors 'none'; report-uri https://ibiznes24.pl/2.0/csp-report 1
default-src 'self' https:; style-src 'self' 'unsafe-inline' data: https:; font-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'sha256-CFWxk59hmWWhsVWNXy+t1albqTRppvlCMXFTDkd+1YA=' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'nonce-bf521911-d761-4991-bda1-e9c124caaace' asciinema.org  static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' godbolt.org https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self' https: http: ws: wss: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: http: data: blob:; font-src 'self' https: http: data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com https://*.purechat.com https://*.purechatcdn.com https://www.google-analytics.com https://sentry.catalyst.net.nz; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src * data:; font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com; connect-src 'self' https://*.purechat.com https://*.purechatcdn.com wss://*.purechat.com wss://*.purechatcdn.com https://*.google-analytics.com https://sentry.catalyst.net.nz https://sentry.catalyst.net.nz/api/222/store/ https://sentry.catalyst.net.nz/api/222/envelope/; report-uri /report-csp-violation 1
frame-ancestors 'self' www.google-analytics.com ajax.googleapis.com vimeo.com js.nagich.co.il 1
frame-src 'self' *.google.com *.oneassist.in https://oneassist.in https://ws.oneassist.in https://youtube.com https://www.youtube.com https://*.webengage.co https://webengage.co https://*.webengage.com https://webengage.com; frame-ancestors 'self' http://*.cloudagent.in https://*.cloudagent.in *.oneassist.in https://oneassist.in https://ws.oneassist.in https://in-ccaas.ozonetel.com; 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.clickagy.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: themes.googleusercontent.com wrss.b-cdn.net; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.bbb.org *.clickagy.com *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io data: extended-validation-ssl.thawte.com media.sumome.com seal.thawte.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com wrss.b-cdn.net; manifest-src wrss.b-cdn.net www.wideners.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.clickagy.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 seal.thawte.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com wrss.b-cdn.net; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org sload.sumo.com sumo.b-cdn.net wrss.b-cdn.net 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; object-src 'none' 1
frame-ancestors 'self' dev.lowendspirit.com lowendspirit.com www.lowendspirit.com ana.lowendspirit.com 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
default-src 'self' fcmregistrations.googleapis.com t.clarity.ms pagead2.googlesyndication.com td.doubleclick.net firebaseinstallations.googleapis.com www.facebook.com lumberjack-metrics.razorpay.com lumberjack.razorpay.com lumberjack-cx.razorpay.com cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net osjs.netcoresmartech.com analytics.google.com api.razorpay.com ; script-src 'self' 'unsafe-inline' cdpanalytics.novactech.in www.clarity.ms t.clarity.ms www.googleadservices.com cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com code.jquery.com checkout.razorpay.com googleads.g.doubleclick.net bat.bing.com cdn.datatables.net www.gstatic.com www.google.com assets.shriramgi.com maps.googleapis.com use.fontawesome.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com  connect.facebook.net www.google-analytics.com osjs.netcoresmartech.com analytics.google.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com weloveiconfonts.com assets.shriramgi.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net code.jquery.com cdn.datatables.net; font-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com cdnjs.cloudflare.com assets.shriramgi.com data: fonts.gstatic.com weloveiconfonts.com; worker-src 'self' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com ckeditor.com; img-src 'self'  data: googleads.g.doubleclick.net cdpanalytics.novactech.in cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.gstatic.com maps.googleapis.com app.shriramgi.com googletagmanager.com bat.bing.com assets.shriramgi.com maps.google.com www.google.co.in www.facebook.com www.google-analytics.com www.google.com; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.trailappliances.com/ *.hulla-cdn.com blob: *.flippenterprise.net *.flexiti.fi; style-src 'self' blob: https: 'unsafe-inline' https://www.trailappliances.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' https://www.trailappliances.com/ https://static.klaviyo.com *.trailappliances.com data: fonts.gstatic.com media.flixcar.com assetscdn.loadbee.com; frame-src  *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com * *.hulla-cdn.com; 1
script-src 'strict-dynamic' 'self' 'nonce-AeeL9z40zatd3CC3HtGyrw==' 'report-sample'; report-uri /rushmoreprod.onmicrosoft.com/B2C_1A_SignUpOrSignIn/client/cspreport?p=B2C_1A_SignUpOrSignIn 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.edeandravenscroft.com/?eID=error 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self' *.macgamestore.com *.wingamestore.com; form-action 'self' https://*.paypal.com https://*.apple.com https://*.zendesk.com; frame-src 'self' cdn1.macgamestore.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.google.com *.paypal.com *.braintreegateway.com *.apple.com *.ubisoft.com; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.trustpilot.com *.facebook.com *.braintreegateway.com *.braintree-api.com http://127.0.0.1:11155; script-src 'self' 'nonce-4608046689db028cf5e6ca78bd8eb957b2e1' appleid.cdn-apple.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.paypal.com *.paypalobjects.com *.braintreegateway.com ubistatic2-a.akamaihd.net; style-src 'self' 'unsafe-inline' accounts.google.com; img-src 'self' data: blob: *.macgamestore.com *.wingamestore.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.googletagmanager.com *.trustpilot.com *.facebook.com *.fbsbx.com *.fbcdn.net *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.akamaized.net *.paypal.com *.braintreegateway.com www.gravatar.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com fontlibrary.org github.com use.typekit.net cdn.honey.io; 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' https://jquery.com https://ssl.google-analytics.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://ajax.microsoft.com https://player.vimeo.com https://appsforoffice.microsoft.com https://telemetryservice.firstpartyapps.oaspapps.com https://ajax.aspnetcdn.com https://supplysystem.supplypro.com data: ; 1
frame-ancestors 'self' bosys.eu *.bosys.eu *.touristikerfotos.net touristikerfotos.net bigreisen.com reisecentercityblick.de *.bestfortravel.com 1
default-src 'self';script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://duno2s3rzus16.cloudfront.net https://cdn.cookielaw.org https://code.jquery.com https://use.typekit.net https://connect.facebook.net https://cdn.sajari.com https://cdn.logiforms.com https://cdn.jsdelivr.net/npm/@fancyapps/ https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js 'sha256-orgjVl5E88xKDnTlzeZIQp0nqrG/9Kf/l7x+FSrYx7o=' 'sha256-bVpYvdZhp/msedj2fLgl6wscOoE4/uWRe5IDykj8Yps=' 'sha256-8wGzx7HdhrSjexnDnqMd65jaoHcVKb7dRR5f6YBPie4=' 'sha256-LpcSG80g6h2xvje2HUz70yT89VrEqZWHWTY7Zqs1lm0=' 'sha256-MK595NdCiijJOMjhp9x2OTBCq9J0UoRVyUySnWv7FY8=' 'sha256-c+9aiFetoJC/w8iunqn4HO7zyHTidZopqGNyKvHx2d4=' 'sha256-JhT/5B/QVU9mBDN8jcmTKBP9w4oJ8PzRUnsIxL6mrk8=' 'sha256-5Icp+d5KVKlH8LxjZDr9ldrCDEJ3SyBc7+HD9iSHf30=' 'sha256-sK3Zm7rxnjmbqPBc//CzDeDxIVxbOAjF/lNodZZj4CI=' 'sha256-+P0peLS+Zo2maBMu3pHfJuKo6r1n/0TMdD9wLlRwPKc=' 'sha256-Oh6rsXg5xrXcPATLs9nd/eIHAWz58+3Xu7zlPMrDuNk=' 'sha256-QdA0Pu48HdBYxydA3gsDo2fbay+kZfu5c0YEwubeNCM=' 'sha256-6PfkhvaJg8PwmKg4WIA4o3eQfAfBWEKbAMzWc2f/ZyE=' 'sha256-E1QoWiVx9QlntQ3/+e05uDVWPar+0VVNWhif0uNk79Y=' 'sha256-1SKi+m+tRXcvZ6F5h7ePydbVMQvkVXAFABEwOvCsmOY=' 'sha256-eS1Rgh0N9pBKu7ZYyNIy6Nkn6GXWDpbaqe3l3+8brJc=' 'sha256-F3DTXiRxkJ5l6vXdIGLv541malXaDJONKadre64NrGg=' 'sha256-2DHVyTw+89oEmC57JhdIbdqUiZ52ro9hc4vZ7c+A1tk=' 'sha256-L3WRFqQ3S1LILwQvy9XLQGK+zo85j/jsF2Qy0LoQG8c=' 'sha256-qT5NusfFxWBoBqpBBPnyEAh0fxeDFmLoquTr0aZaWzY=' 'sha256-CQ2STEEnv6fn7kjxLynxeluMH80eWh7ozqYQ2osSb3c=' 'sha256-3uREjnofj2x6DofuuBs+YQlARXWvuUeMmz1rTutWUPM=' 'sha256-88cxDe9CUv80IKB2WZogvJ3/495GAXlsDZYAvwcNOac=' 'sha256-f9jymI/8Ja5Oo5z9QPU4xl3VyYEq+1qeu/rEhh5XTLg=';style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net;img-src 'self' https://p.typekit.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://c.kz-rv.com https://duno2s3rzus16.cloudfront.net https://www.facebook.com https://i.ytimg.com https://re.sajari.com https://www.googletagmanager.com;form-action 'self' https://www.venture-rv.com https://kz-rv.net https://www.googletagmanager.com https://www.facebook.com;font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://www.google-analytics.com https://duno2s3rzus16.cloudfront.net;connect-src 'self' https://c.kz-rv.com https://duno2s3rzus16.cloudfront.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://performance.typekit.net https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://jsonapi-us-valkyrie.sajari.net https://www.facebook.com/tr/ https://pagead2.googlesyndication.com/pagead/;frame-src 'self' https://kz-rv.net https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.logiforms.com https://www.facebook.com https://td.doubleclick.net;object-src 'self';report-uri https://www.kz-rv.com/csp-violation-report/csp-violation-report.php 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.iyp.com.tw https://cdnjs.cloudflare.com/ajax/libs/ https://www.google.com/recaptcha/api.js https://apis.google.com/js/platform.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://connect.facebook.net https://download.skype.com https://d.line-scdn.net https://www.gstatic.com https://unpkg.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://static.iyp.tw https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://ka-f.fontawesome.com/releases; font-src 'self' https://static.iyp.tw https://fonts.gstatic.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com/releases/; img-src 'self' data: blob: http://iyp.tw https://iyp.tw https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://s3-ap-northeast-1.amazonaws.com https://www.line-website.com https://devstatic.iyp.tw; media-src 'self' https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://youtube.com; frame-src 'self' https://www.iyp.com.tw https://youtube.com https://www.gstatic.com https://www.google.com https://social-plugins.line.me https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-f.fontawesome.com/releases/ https://s3-ap-northeast-1.amazonaws.com https://analytics.google.com; frame-ancestors 'self' https://www.iyp.tw https://www.iyp.com.tw https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://social-plugins.line.me https://www.facebook.com; form-action 'self'; object-src 'none' 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org  www.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com px.ads.linkedin.com p.adsymptotic.com  www.connect.facebook.net  www.facebook.com www.google.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com   connect.facebook.net   az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com  www.googleadservices.com googleads.g.doubleclick.net https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com  app.smartrecruitonline.com analytics-eu.clickdimensions.com  www.facebook.com;media-src  'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com privacyportal-eu.onetrust.com www.googleadservices.com www.google.co.in www.google.com googleads.g.doubleclick.net analytics.google.com www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ;frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' *.cookiehub.net cookiehub.net cookiehub.com *.cookiehub.com gfx.kirjastot.fi www.google-analytics.com *.reactandshare.com www.kirjastot.fi; frame-src 'self' gfx.kirjastot.fi; 1
default-src 'self'; frame-src 'self'; frame-ancestors 'self';  1
frame-ancestors 'self' data: https://www.facebook.com https://fo-emea.ttinteractive.com; default-src 'self' data: https://*.analytics.google.com https://*.google-analytics.com https://td.doubleclick.net https://14003771.fls.doubleclick.net https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.alphamailing.fr https://www.google.fr https://adservice.google.com https://adservice.google.fr https://player.vimeo.com https://stats.g.doubleclick.net https://fast.wistia.net https://ps.w.org https://secure.gravatar.com https://yoast.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://ad.doubleclick.net https://fo-emea.ttinteractive.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net https://www.google.com https://fonts.googleapis.com http://www.facebook.com 'unsafe-inline'; 1
default-src 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://*.yahoo.net https://*.yahoodns.net https://us.y.atwola.com https://*.scorecardresearch.com https://dishdigital.sp1.convertro.com https://servedby.flashtalking.com https://d.agkn.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com https://tps30.doubleverify.com https://secure.insightexpressai.com https://secure-gl.imrworldwide.com/cgi-bin/ https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://*.adaptv.advertising.com/ https://trk.vidible.tv/ https://media-mbst-pub-ue1.s3.amazonaws.com https://*.cloudfront.net https://vop-yahoo.secure.footprint.net https://vop-yahoo.akamaized.net https://yahoovod.hs.llnwd.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://polyfills.yahooapis.com https://*.oath.com https://s.yimg.com https://fc.yahoo.com/sdarla/ https://www.gstatic.com https://*.yahoo.com https://cdn.syndication.twimg.com https://search.cashay.com https://platform.twitter.com https://instagram.com https://www.instagram.com https://s.yimg.com/rx/ https://assets.video.yahoo.net/; object-src https://cashay.com https://s.yimg.com; style-src 'self' 'unsafe-inline' https://cashay.com https://s.yimg.com https://platform.twitter.com https://assets.video.yahoo.net; media-src 'self' blob: https://*.2mdn.net https://cashay.com https://s.yimg.com https://video-api.yql.yahoo.com https://*.yahoo.net/; frame-src 'self' https://sp.analytics.yahoo.com https://smartasset.com https://s.yimg.com https://fc.yahoo.com https://cashay.com https://guce.oath.com https://guce.yahoo.com https://guce.cashay.com https://delivery.vidible.tv https://platform.twitter.com https://syndication.twitter.com https://*.advertising.com https://www.surveymonkey.com https://www.instagram.com https://www.googletagmanager.com https://www.youtube.com https://embed.acast.com https://assets.video.yahoo.net/ https://cdn-ssl.vidible.tv/prod/; worker-src 'self' blob: https://cashay.com; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://cashay.com https://s.yimg.com https://fonts.gstatic.com; child-src blob:; connect-src 'self' https://guce.cashay.com https://s.yimg.com https://rtr.innovid.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.advertising.com https://ima3vpaid.appspot.com https://ad.doubleclick.net https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://*.uplynk.com https://cloudflare-dns.com; report-uri https://csp.yahoo.com/beacon/csp?src=cashay; report-to csp-endpoint; upgrade-insecure-requests; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.livechatinc.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.doubleclick.net *.livechatinc.com *.facebook.com popup.laybuy.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.paymentexpress.com *.windcave.com app.redpepperdigital.net www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.google.com *.google.com.ua *.google.com.nz *.google.co.nz *.shielded.co.nz shielded.co.nz *.gstatic.com *.facebook.com www.google.by c.clarity.ms c.bing.com pixel.quantserve.com *.googleapis.com *.cdninstagram.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com app.redpepperdigital.net *.animates.co.nz *.bazaarvoice.com *.ad.doubleclick.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.animates.co.nz *.googleapis.com api.livechatinc.com cdn.livechatinc.com *.nr-data.net cdn.lr-ingest.io cdn.pricespider.com cdnjs.cloudflare.com connect.facebook.net foursixty.com geoip-db.com js-agent.newrelic.com rules.quantcount.com script.crazyegg.com secure.quantserve.com static.zdassets.com staticcdn.co.nz www.clarity.ms apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io player.vimeo.com www.xtento.com cdn.xtento.com app.redpepperdigital.net analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com foursixty.com *.fontawesome.com display.ugc.bazaarvoice.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com animatesnz.zendesk.com *.nr-data.net *.zdassets.com *.googleapis.com *.lr-ingest.io script.crazyegg.com *.doubleclick.net *.clarity.ms *.google.co.nz *.zopim.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://get.geojs.io *.avada.io assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com tracking.crazyegg.com adservice.google.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.animates.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; frame-src 'self' www.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google.com www.gstatic.com; img-src * data:; upgrade-insecure-requests; 1
default-src * 'unsafe-inline'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://help.campz.fr https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; frame-ancestors 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; object-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: chrome-extension: https://*.hotjar.com https://*.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://*.hotjar.com https://*.hotjar.io 'self' blob: payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: * https://*.facebook.com https://*.windows.net https://*.quanta.io https://*.bing.com https://*.linkedin.com https://*.twitter.com https://*.clarity.ms https://t.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com *.gstatic.com https://www.googleoptimize.com/optimize.js https://*.cookielaw.org https://*.perfdrive.com https://*.go-mpulse.net https://*.newrelic.com https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.licdn.com https://*.netdna-ssl.com https://*.facebook.net https://*.twitter.com https://*.ads-twitter.com https://*.quanta.io https://*.clarity.ms https://*.voicepublisher.net https://*.nr-data.net https://*.demoup.com https://*.facebook.com https://*.google-analytics.com https://*.akamaihd.net https://*.windows.net https://*.dexem.net https://*.polyfill.io https://*.slgnt.eu payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com t.elasticsuite.io *.google-analytics.com https://*.google-analytics.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://*.perfdrive.com https://*.go-mpulse.net https://*.doubleclick.net https://*.nr-data.net https://*.clarity.ms https://*.facebook.com https://*.hotjar.com https://*.akstat.io https://*.voicepublisher.net https://*.akamaihd.net https://*.oribi.io https://*.polyfill.io https://*.hotjar.io https://*.slgnt.eu payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://berserker.town 'wasm-unsafe-eval'; font-src 'self' https://berserker.town; img-src 'self' data: blob: https://berserker.town https://media.berserker.town; style-src 'self' https://berserker.town 'nonce-u1iYKbxbZ/K84dVpei8pVw=='; media-src 'self' data: https://berserker.town https://media.berserker.town; frame-src 'self' https:; child-src 'self' blob: https://berserker.town; worker-src 'self' blob: https://berserker.town; connect-src 'self' blob: data: wss://berserker.town https://berserker.town https://media.berserker.town; manifest-src 'self' https://berserker.town; form-action 'self' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' data: *.googletagmanager.com *.typekit.net *.fmsiportal.com *.doubleclick.net *.google-analytics.com s.ad.smaato.net *.adsrvr.org *.doubleclick.net *.hotjar.com *.facebook.net *.simpli.fi *.yextpages.net *.mimecast.com *.sitescdn.net *.krxd.net *.google.com *.facebook.com *.yext.com *.adnxs.com *.3lift.com *.stickyadstv.com *.pro-market.net *.exelator.com *.analytics.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.spotxchange.com *.demdex.net *.googleadservices.com *.tremorhub.com *.tapad.com *.agkn.com *.intentiq.com *.pubmatic.com *.rubiconproject.com *.openx.net *.primis.tech *.omnitagjs.com *.1rx.io *.mathtag.com *.bidswitch.net *.yieldmo.com *.smartadserver.com *.360yield.com *.media.net *.youtube.com *.tvsquared.com *.amazon-adsystem.com *.gstatic.com *.timevaluecalculators.com *.youtube-nocookie.com *.bootstrapcdn.com *.jquery.com *.tsbc.com *.googleapis.com *.fontawesome.com *.polyfill.io *.vimeo.com *.yextevents.com *.sitescout.com *.aspnetcdn.com ccchat.harborone.com players.brightcove.net harborone.locatorsearch.net staging.harborone.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net wss: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9ce13e037b7afce9c763683781fee5be'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com/ga.js ; connect-src 'self' https://ssl.google-analytics.com/__utm.gif ; img-src 'self'; style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.youtube.com *.etracker.com www.etracker.de; connect-src 'self' www.etracker.de; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'self'; form-action 'self'; media-src 'self' www.youtube.com; child-src www.youtube.com www.google.com; 1
urbanohio.com 1
font-src 'self' https://cdnjs.cloudflare.com https://*.cloudfront.net https://fonts.gstatic.com https://cdn.popt.in; 1
default-src https: 'unsafe-inline' 'unsafe-eval' https://*.feefo.com https://*.vzaar.com data: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://cdn.jsdelivr.net https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com https://redas.services.siag.it https://dati.retecivica.bz.it https://civis.bz.it https://sabes.onboard.org https://cdn1.onboard.org https://prod.b-optimist.com wss://prod.b-optimist.com https://*.sibforms.com https://sibforms.com https://*.sendinblue.com https://*.gstatic.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://sis.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api.integrations.services.siag.it https://www.iubenda.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://cs.iubenda.com/; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; font-src https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://fonts.gstatic.com https://prod.b-optimist.com; object-src 'none'; 1
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 1
script-src 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https: 'nonce-fza9wVPgzXXIB5id15yC2b2rrohUy3TyRRF4u8Pv' gradguard.matomo.cloud cdn.matomo.cloud cdn.levelaccess.net app.termly.io;base-uri 'self' gradguard.matomo.cloud;connect-src 'self' googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com widget-mediator.zopim.com https://api.gradguard.com/ kit.fontawesome.com ka-p.fontawesome.com notify.bugsnag.com otlp.bugsnag.com gradguard.matomo.cloud cdn.matomo.cloud cdnjs.cloudflare.com fonts.googleapis.com api.levelaccess.net;default-src 'self';form-action 'self' https://enroll.mylifeprotected.com/quote https://api.gradguard.com/;img-src 'self' data: media.gradguard.com www.facebook.com www.google-analytics.com www.google.com t.co analytics.twitter.com maps.googleapis.com gradguard.matomo.cloud help.gradguard.com;media-src 'self';object-src 'none';style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com kit.fontawesome.com gradguard.matomo.cloud;font-src cdnjs.cloudflare.com fonts.gstatic.com ka-p.fontawesome.com gradguard.matomo.cloud;frame-src www.youtube.com www.youtube-nocookie.com www.allianzworldwidepartners.com app.termly.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.news-press24.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
frame-ancestors 'self' https://*.toyota.pt https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://static.fsf.org; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; plugin-types application/pdf application/x-shockwave-flash; cookie-scope none; frame-ancestors 'none' 1
frame-ancestors 'self' *.zagclients.net *.middlesexbank.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dadata.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://*.dadata.ru; font-src 'self' https://fonts.gstatic.com https://*.dadata.ru; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://*.dadata.ru; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://mc.yandex.md https://*.dadata.ru; child-src 'self' https://mc.yandex.md 1
font-src * 'self' data:; script-src * 'self' 'unsafe-inline' https://apis.google.com https://*.googleapis.com https://www.googletagmanager.com *.gstatic.com 'unsafe-eval' https://maps.google.com https://docs.google.com https://accounts.google.com; style-src * 'self' 'unsafe-inline' https://docs.google.com https://accounts.google.com; manifest-src * 'self'; connect-src * 'self' data: https://accounts.google.com https://docs.google.com metabase.us10.list-manage.com   ; worker-src * blob:; img-src * blob: 'self' data: docs.google.com www.googletagmanager.com; frame-src 'self' www.footprint.network preview.footprint.network accounts.google.com docs.google.com www.youtube.com *; default-src 'none'; child-src * blob: 'self' https://docs.google.com https://accounts.google.com;  frame-ancestors 'none'; 1
frame-ancestors 'self' *.easyzic.com 1
object-src 'none'; script-src 'self' 'nonce-4d95d61791554f5a919109def444113e' 'sha256-bYH6V1Wby/yQdY+2mNHLWDwG3e3AUGv1/pm0vhS1/2Q=' https://snap.licdn.com/ https://f.vimeocdn.com/ https://acdn.adnxs.com/ https://maps.googleapis.com/ https://otp.tools.investis.com/ https://cc.cdn.civiccomputing.com/ http://s7.addthis.com/ https://www.googletagmanager.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com ; style-src 'self' 'unsafe-inline' https://sse-prelive.emperordev.com https://cc.cdn.civiccomputing.com/ https://fonts.googleapis.com/ https://tools.eurolandir.com/ ; img-src 'self' data: https://sse-prelive.emperordev.com https://ib.adnxs.com/ https://analytics.twitter.com/ https://t.co/ https://i.vimeocdn.com/ https://www.sserenewables.com/ https://tiscreport.org/ https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px https://tr.lfeeder.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; frame-src 'self' https://sse-prelive.emperordev.com  https://td.doubleclick.net/ https://indd.adobe.com/ https://otp.tools.investis.com/ https://irs.tools.investis.com/ https://tools.eurolandir.com/ https://www.youtube.com https://www.ustream.tv https://www.facebook.com https://player.vimeo.com https://www.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://polyfill.io/ https://tools.euroland.com/ https://widget.surveymonkey.com/ https://www.youtube.com https://cdn1.readspeaker.com/ https://cdnjs.cloudflare.com/ platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://www.googletagmanager.com/ https://www.research.net/ http://10.33.9.131:15871/ https://cdn.jsdelivr.net https://connectsecappp.com/SIBChatbot/js/HerbieBotSIB.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn1.readspeaker.com/ https://cdn.jsdelivr.net https://fonts.cdnfonts.com https://cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.jsdelivr.net https://fonts.cdnfonts.com; img-src 'self' https://sib.ae/ *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://connectsecappp.com/; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-ancestors 'self' https://connectsecappp.com/ app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com; child-src 'self' https://maps.googleapis.com/ https://tools.euroland.com/ https://tools.eurolandir.com/ https://www.surveymonkey.com/ https://cdn1.readspeaker.com/ https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://www.research.net/ https://connectsecappp.com/ app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com; connect-src 'self' data: accounts.google.com https://cdn1.readspeaker.com https://maps.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com; 1
default-src 'self' blob: https://www.gstatic.com engasjert.sbm.no *.sbm.no *.sbm.no/* www.sbm.no localhost:* localhost.test:* localhost:*/* web103.reachmee.com sbm.asp.manamind.com www.youtube.com sbm-demo.manamind.com nettbank-pilot.edb.com nettbank.edb.com nettbank.sbm.no ebankdemo.evry.com *.google-analytics.com *.analytics.google.com competella.sbm.no https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net gstatic.com www.gstatic.com https://www.google.com/recaptcha/ https://search.atom.no nettbedriften-pilot.evry.com nettbedriften.evry.com https://*.cust.avento.no https://browser-update.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sbm.no *.sbm.no/* https://*.google-analytics.com https://*.analytics.google.com localhost:* localhost.test:* maps.googleapis.com csi.gstatic.com browser-update.org web103.reachmee.com *.google-analytics.com *.analytics.google.com script.crazyegg.com competella.sbm.no www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/r20171212152908/recaptcha__no.js https://www.gstatic.com gstatic.com www.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://www.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.adform.net:* https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.bugherd.com/sidebarv2.js https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://*.vo.msecnd.net https://cdnjs.cloudflare.com https://mwc-cdn.morningstar.com https://ajax.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.polyfill.io https://atom-cc.avento.no https://services.cicero.no https://services-test.cicero.no https://euwa.puzzel.com;object-src 'self' *;style-src 'self' 'unsafe-inline' https://www.gstatic.com fonts.googleapis.com https://*.adform.net:* https://tagmanager.google.com https://localhost:* https://localhost.test:* https://d2iiunr5ws5ch1.cloudfront.net https://mwc-cdn.morningstar.com https://services.cicero.no https://services-test.cicero.no;img-src 'self' * data: https://*.google-analytics.com https://*.analytics.google.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net https://www.google.com https://bugherd-attachments.s3.amazonaws.com https://screenshots.bugherd.com;media-src 'self' *;frame-src 'self' https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com www.google.com https://sbm.asp.manamind.com https://*.evry.com https://bid.g.doubleclick.net https://*.sbm.no https://www.youtube.com https://*.reachmee.com https://*.youtube-nocookie.com https://*.morningstar.com https://www.anpdm.com https://www.facebook.com https://*.cust.avento.no https://services.cicero.no https://services-test.cicero.no https://vimeo.com open.spotify.com;font-src 'self' * data: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://fonts.gstatic.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net *.sbm.no localhost:* localhost.test:* https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com ws://localhost:* http://localhost:* https://dc.services.visualstudio.com https://*.cust.avento.no https://sessions.bugsnag.com https://www.bugherd.com wss://*.pusherapp.com https://*.pusher.com https://bugherd-attachments.s3.amazonaws.com https://screenshots.bugherd.com https://bam.nr-data.net https://www.us-api.morningstar.com https://mwc-cdn.morningstar.com https://lt.morningstar.com https://services.cicero.no https://services-test.cicero.no https://atom-cc.avento.no https://api.puzzel.com/contactcentre/cow.aspx data.brreg.no https://api.puzzel.com https://euwa.puzzel.com;base-uri 'self';child-src 'self' * https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com;form-action 'self' *.sbm.no localhost:* localhost.test:* https://*.cust.avento.no https://api.puzzel.com/contactcentre/cow.aspx;frame-ancestors 'self' www.sbm.no *.sbm.no localhost:* localhost.test:* facebook.com web103.reachmee.com forvaltning.sbm.no enkeltpersonforetak.no starte-as.no;block-all-mixed-content;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com gwm-set1.ml.wallst.com gwm-set2.ml.wallst.com 1359940.fls.doubleclick.net adservice.google.com advtools.morningstar.com akamai.tiqcdn.com api.amplitude.com api.markitdigital.com us-api.morningstar.com mwc-cdn.morningstar.com awrd.morningstar.com awsws.morningstar.com bam.nr-data.net beta.glancecdn.net cct.google cdn.mplxtms.com cdn.myglance.net cdn.tt.omtrdc.net brightcove04pmdo-a.akamaihd.net cf-images.us-east-1.prod.boltdns.net classroom.morningstar.com convertro.com d.agkn.com data.cmcore.com data.coremetrics.com dpm.demdex.net cdn.amplitude.com edge.api.brightcove.com fsa.merrilledge.com google-analytics.com hlsak-a.akamaihd.net cj.dotomi.com http://flagscape.bankofamerica.com fonts.gstatic.com bcsecure01-a.akamaihd.net awrduat.morningstar.com gwm-ml.wsodqa.com awsstgmain.morningstar.com awswsstg.morningstar.com http://research1.ml.com idsync.rlcdn.com insight.adsrvr.org cdn.polyfill.io iocdn.coremetrics.com libs.coremetrics.com hosttest.visualcalc.com login-prod.morningstar.com www.us-uat-api.morningstar.com login-uat.morningstar.com www.us-api.morningstar.com classroom-uat.morningstar.com manifest.prod.boltdns.net mc.coremetrics.com mcdata.coremetrics.com metrics.brightcove.com mktgcdn.coremetrics.com players.brightcove.net cdnapisec.kaltura.com public.cobrowse.oraclecloud.com recs.coremetrics.com resources.digital-cloud.medallia.com s3.amazonaws.com secure.brightcove.com secure-cdn.mplxtms.com stage.convertro.com tags.tiqcdn.com target.mboxedge35.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com udc-neb.kampyle.com webapi-bofatts-us.nods.nuance.com static-cert.getbills.com www.emjcd.com www.glancecdn.net qa-api.markitdigital.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com www.international.ml.com www.merrilledge.com www.sepsemails.com cdn.cookielaw.org js-agent.newrelic.com geolocation.onetrust.com webapi-bofatts-us.nods.nuance.com six.cdn-net.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com bam.nr-data.net cdn.amplitude.com cdn.cookielaw.org code.jquery.com gwm-ml.wsodqa.com d.agkn.com data.flurry.com js-agent.newrelic.com maxcdn.bootstrapcdn.com myfinancialpicturestagepfm.ml.com nebula-cdn.kampyle.com players.brightcove.net cdnapisec.kaltura.com resources.digital-cloud.medallia.com six.cdn-net.com testdata.coremetrics.com tags.tiqcdn.com udc-neb.kampyle.com use.fontawesome.com vjs.zencdn.net www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com js-agent.newrelic.com webapi-bofatts-us.nods.nuance.com webapi-us-preprod2.nods.nuance.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com awrd.morningstar.com awrduat.morningstar.com cj.dotomi.com d.agkn.com dpm.demdex.net fonts.googleapis.com gwm-ml-a2.wsodqa.com gwm-ml.wsodqa.com hosttest.visualcalc.com maxcdn.bootstrapcdn.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.com udc-neb.kampyle.com www.emjcd.com www.googletagmanager.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com www.merrilledge.com www.streamer.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com *.managerewardsonline.com awrduat.morningstar.com awrd.morningstar.com classroom-uat.morningstar.com awsstgmain.morningstar.com awsws.morningstar.com awswsstg.morningstar.com www.merrilledge.com; worker-src 'self' blob:; 1
script-src http: https: https://www.petit-fernand.it/ 'unsafe-eval' *.adyen.com *.hipay.com 'unsafe-inline' mpsnare.iesnare.com *.adyen.com *.hipay.com; style-src 'self' blob: https: 'unsafe-inline' https://www.petit-fernand.it/; img-src data: http: https: blob:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src data: 'self' fonts.gstatic.com; frame-src *; 1
default-src self; script-src 'unsafe-eval' 'unsafe-inline' blob: *; object-src *; style-src 'unsafe-inline' *; img-src 'unsafe-inline' data: *; media-src 'unsafe-inline' *; frame-src *; font-src 'unsafe-inline' data: *; connect-src 'unsafe-inline' *; report-uri /report-csp-violation 1
frame-ancestors 'self' *.guard.me ; 1
frame-ancestors 'self' https://preprod-cmq.netlify.app https://develop--preprod-cmq.netlify.app https://phpstack-932685-3238413.cloudwaysapps.com https://phpstack-932685-3238296.cloudwaysapps.com 1
default-src 'self'; script-src 'self' https://www.hit-counts.com https://www.googletagmanager.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com 'nonce-sha256-d180774bf525da413bcc042a79e8e116'; style-src 'self' https://cdnjs.cloudflare.com/ 'unsafe-inline'; img-src 'self' https://counter2.stat.ovh/ data:; font-src 'self'; connect-src 'self' ; frame-src 'self' 1
style-src 'self' 'unsafe-inline' *.shiva.fr use.typekit.net p.typekit.net *.cookiebot.com fonts.googleapis.com maps.google.com cdn.jsdelivr.net *.zapwp.com 1
script-src 'self' *.dlgal.com dlgal.com *.galpic.xyz tsaristcanapes.com addictedwonder.com renomeeguze.com bocoyoutage.com *.histats.com *.cloudfront.net edfsqfaeenij.com *.adsco.re *.cdn4ads.com cdn4ads.com *.dkypsidljq.com *.edfsqfaeenij.com ptewarin.net ulukaris.com clerrrep.com mailwithcash.com *.ggbases.com *.realsrv.com *.exosrv.com *.jads.co *.juicyads.com *.patreon.com http://*:2082 data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com platform.twitter.com qvdt3feo.com cdn.mxpnl.com storage.googleapis.com kit.fontawesome.com ka-f.fontawesome.com static.addtoany.com maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com fast.wistia.com www.youtube.com beacon-v2.helpscout.net use.fontawesome.com www.google-analytics.com google.com www.google.com www.gstatic.com snap.licdn.com tags.srv.stackadapt.com c1.rfihub.net login-ds.dotomi.com login.dotomi.com live.rezync.com googleads.g.doubleclick.net cdn.jsdelivr.net use.typekit.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net cdn.iubenda.com www.iubenda.com; font-src 'self' 'unsafe-inline' ka-f.fontawesome.com use.fontawesome.com fast.wistia.com fonts.gstatic.com use.typekit.net ka-p.fontawesome.com data:  www.exelixis.com s0.wp.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com code.jquery.com rgsharedweb.s3.amazonaws.com fonts.googleapis.com ka-p.fontawesome.com use.fontawesome.com p.typekit.net use.typekit.net www.iubenda.com cdn.jsdelivr.net; frame-src td.doubleclick.net static.addtoany.com wp-rocket.me tools.akismet.com careers.peopleclick.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com youtube.com www.youtube.com 20839650p.rfihub.com 20824683p.rfihub.com a.rfihub.com rfihub.com live.rezync.com google.com www.google.com; img-src * data:; connect-src 'self' 'unsafe-inline' px.ads.linkedin.com static.addtoany.com region1.analytics.google.com analytics.google.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com pagead2.googlesyndication.com storage.googleapis.com www.googletagmanager.com  googletagmanager.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net ka-f.fontawesome.com pipedream.wistia.com fast.wistia.com distillery.wistia.com stats.g.doubleclick.net maps.googleapis.com ka-p.fontawesome.com cdn.linkedin.oribi.io tags.srv.stackadapt.com www.google-analytics.com yoast.com my.wpengine.com forms.hscollectedforms.net; frame-ancestors 'self'; object-src exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com; media-src 'self' data: blob: *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.rubensteintech.com *.rubensteintech.com *.google-analytics.com *.siteimprove.com *.longtailvideo.com *.typekit.net *.googletagmanager.com *.facebook.net *.hubspot.com *.hscta.net *.ads-twitter.com *.twitter.com *.hscollectedforms.net *.googleadservices.com *.bizographics.com *.adroll.com *.hs-scripts.com d.adroll.mgr.consensu.org *.licdn.com *.hs-banner.com *.jwpcdn.com *.usemessages.com *.doubleclick.net *.linkedin.com *.hsleadflows.net *.hs-analytics.net *.youtube.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.rubensteintech.com; font-src 'self' *.googleapis.com *.gstatic.com *.rubensteintech.com *.typekit.net  *.youtube.com *.vimeo.com; frame-src 'self' blob: *.doubleclick.net *.youtube.com *.vimeo.com www.facebook.com forms.hubspot.com; 1
default-src 'self'; img-src 'self' blob: data:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.moneyconvert.net; 1
frame-ancestors 'self' '\*.embraco.com' 1
child-src 'self' 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://d38knilzwtuys1.cloudfront.net blob: https://gum.criteo.com https://cdn-akamai.mookie1.com/ blob: https://*.abtasty.com; connect-src 'self' 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://d38knilzwtuys1.cloudfront.net https://partner-test.revieve.com https://partner.revieve.com https://plugins.makeupar.com https://plugins-media.makeupar.com https://*.parcellab.com https://*.contentsquare.net https://*.abtasty.com https://o86764.ingest.sentry.io https://sst.revieve.com https://partner.revieve.com https://partner-test.revieve.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://plugins-media.makeupar.com blob: data: https://*.abtasty.com https://*.gstatic.com https://d38knilzwtuys1.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.no7beauty.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'unsafe-inline' 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://geolocation.onetrust.com https://d38knilzwtuys1.cloudfront.net https://partner-test.revieve.com https://plugins-media.makeupar.com https://static.criteo.net https://*.criteo.com https://*.pinimg.com https://*.googleadservices.com https://*.pinterest.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://dev--revieve-web-plugin-4.netlify.app; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://d38knilzwtuys1.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' https://cdn.cookielaw.org https://apis.google.com https://www.google.com https://www.gstatic.com https://translate.google.com https://www.googletagmanager.com https://translate.googleapis.com https://www.google-analytics.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://www.abrtelecom.com.br https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://homolog-front.abrtelecom.com.br https://sgpd.abrtserv.com.br https://code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hubspot.com static.addtoany.com cdn.socket.io cdn.datatables.net *.cloudfront.net www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org *.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com app.hubspot.com js.usemessages.com *.linkedin.com static.hsappstatic.net www.googletagmanager.com www.gupy.io sibforms.com; style-src 'self' 'unsafe-inline' *.hubspot.com *.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com cdn.datatable.net cdn.datatables.net stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com www.gupy.io sibforms.com; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io assets.sendinblue.com; connect-src 'self' blob: fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *; media-src 'self' *.hubspot.com *.hubspotusercontent-na1.net; frame-src gupy.com.br gupy.io *.hubspot.com static.addtoany.com www.youtube.com app.hubspot.com *.hubspotvideo.com td.doubleclick.net *.facebook.com forms.hsforms.com *.spotify.com gupy.chat.blip.ai gupy673.outgrow.us *.google.com anchor.fm; frame-ancestors 'self' gupy.com.br gupy.io;; upgrade-insecure-requests 1
frame-ancestors 'self' https://finsight.com https://users.finsight.com https://dealroadshow.finsight.com https://condor.finsight.com https://manager.finsight.com https://dealvdr.com https://17g5.com https://investorset.com https://verisend.com https://evercall.co https://api.finsight.com https://socket.finsight.com https://assets.finsight.com; default-src 'self' 'unsafe-inline' blob: data: ws: wss: finsight.com *.finsight.com *.finsight.com www.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com unpkg.com *.amazonaws.com *.twilio.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io *.frontapp.com sessions.bugsnag.com *.turbobridge.com *.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: finsight.com *.finsight.com *.finsight.com www.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com unpkg.com *.amazonaws.com *.twilio.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io *.frontapp.com sessions.bugsnag.com *.turbobridge.com *.sentry.io; style-src 'self' 'unsafe-inline' blob: finsight.com *.finsight.com *.finsight.com www.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.googleapis.com unpkg.com *.amazonaws.com *.twilio.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io *.frontapp.com sessions.bugsnag.com *.turbobridge.com *.sentry.io; img-src * data: blob: 'unsafe-inline'; 1
default-src 'self';script-src 'self' blob: www.googletagmanager.com www.google-analytics.com www.google.com *.youtube.com www.gstatic.com *.wistia.com *.egbc.ca libs.na.bambora.com 'unsafe-inline';style-src 'self' *.egbc.ca 'unsafe-inline';connect-src 'self' embedwistia-a.akamaihd.net *.litix.io *.wistia.com *.google-analytics.com *.egbc.ca;font-src 'self' data: *.wistia.com fonts.gstatic.com *.egbc.ca;img-src 'self' data: blob: *.wistia.com www.google-analytics.com www.googletagmanager.com *.egbc.ca;media-src 'self' blob: *.wistia.com;object-src 'none';frame-ancestors *.egbc.ca;frame-src 'self' *.egbc.ca *.wistia.com *.google.com *.youtube.com libs.na.bambora.com;report-uri https://egbc.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; font-src * data:; frame-src *;style-src * 'unsafe-inline'; 1
default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline';  connect-src analytics.google.com  https://*.clarity.ms https://c.bing.com s.swiftypecdn.com search-api.swiftype.com/api/v1/public/ www.google-analytics.com stats.g.doubleclick.net 'self' modxcms.github.io code.jquery.com search-api.swiftype.com adservice.google.com www.facebook.com www.google.com; font-src https://cdnjs.cloudflare.com/ajax/libs/tinymce/ 'self' cdn.jsdelivr.net fonts.cdnfonts.com fonts.gstatic.com data:; frame-src 'self' https://static.addtoany.com 10378883.fls.doubleclick.net td.doubleclick.net www.facebook.com www.googletagmanager.com 10378883.fls.doubleclick.net.x.294da0220c17104a4609e860c9a0f852f657.d04 10378883.fls.doubleclick.net.x.b23dd7090fc580479e0b8f50f13a35df0aab.ccc2 10378883.fls.doubleclick.net.x.ba0507c302e7b04c5d0a3a10667551f2d789.ccc 10378883.fls.doubleclick.net.x.bb9751b408c8804b790b9680525a0334ff41.d04 10378883.fls.doubleclick.net.x.dcc9d7770f6da041d50808d0f7bde0a40425.ccc; img-src 'self' www.google.com.pr https://*.clarity.ms https://c.bing.com cc.swiftype.com www.facebook.com www.google-analytics.com www.google.com www.gravatar.com blob: data: via.placeholder.com cdn.exchmapdata.com fonts.gstatic.com www.google.co.vi www.google.co.pri www.googletagmanager.com www.google.at www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.th www.google.co.uk www.google.com.bd www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gy www.google.hn www.google.it www.google.lk www.google.nl www.google.pl www.google.se www.google.vg; script-src-elem 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com me.kis.v2.scr.kaspersky-labs.com cdn.jsdelivr.net cdnjs.cloudflare.com https://code.jquery.com connect.facebook.net s.swiftypecdn.com t.popular.com www.google-analytics.com www.googletagmanager.com d3js.org static.addtoany.com gc.kis.v2.scr.kaspersky-labs.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d3js.org https://*.clarity.ms https://www.google-analytics.com https://connect.facebook.net https://t.popular.com https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com s.swiftypecdn.com data: blob: cdnjs.cloudflare.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; report-uri https://populardirect.report-uri.com/r/d/csp/enforce; report-to enforce 1
default-src 'self' data: https://celsagroup.com https://www.celsagroup.com https://youtube.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/j/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://maps.google.com/ https://maps.googleapis.com/  https://maps.gstatic.com/ https://fonts.gstatic.com/ https://region1.analytics-google.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/ https://fonts.googleapis.com/ https://www.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.celsagroup.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://static.ads-twitter.com/uwt.js https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://maps.google.com/ https://maps.googleapis.com/ https://www.gstatic.com/; img-src 'self' data: https://t.co/i/ https://analytics.twitter.com/i/ https://www.facebook.com/ https://www.google.com/ads/ https://www.google.es/ads/ https://www.google-analytics.com https://maps.google.com/ https://maps.gstatic.com/ https://celsagroup.com https://secure.gravatar.com/ https://ps.w.org https://lh3.googleusercontent.com/ 1
font-src *.googleapis.com *.gstatic.com *.getbutton.io *.baidu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com maxcdn.bootstrapcdn.com www.searchanise.com *.youtube.com *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com recon-uat.cityline.com recon.cityline.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.getbutton.io *.baidu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com www.searchanise.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.facebook.com platform.twitter.com www.searchanise.com *.searchserverapi.com *.twitter.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.getbutton.io *.google.com *.baidu.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com s3.amazonaws.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com *.avada.io connect.facebook.net twitter.com platform.twitter.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchanise.com api.amplitude.com *.twimg.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com maxcdn.bootstrapcdn.com www.searchanise.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.youtube.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com thm.visa.com *.getbutton.io *.baidu.com *.google.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.ionicframework.com *.google-analytics.com *.doubleclick.net *.lightwidget.com *.respond.io *.facebook.com *.fburl.com *.vvipquan.com *.searchserverapi.com searchserverapi.com *.amplitude.com https://get.geojs.io *.avada.io api.amplitude.com stats.g.doubleclick.net *.youtube.com *.addthis.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src recon-uat.cityline.com recon.cityline.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'sha256-rwtr0ht6qV/IrmC4v1eJEgxPCqwO2CK19cdEs33KgkQ=' 'strict-dynamic'; report-uri https://csp.ping-security.com/csp-reports 1
default-src 'self'; img-src blob: data: https:; style-src 'unsafe-inline' https:; script-src 'self' *.googletagmanager.com *.intercom.io *.intercomcdn.com; connect-src 'self' *.google-analytics.com  *.intercom.io *.intercomcdn.com *.sentry.io wss://*.intercom.io user-image-assets-prod-us-west-2.s3.us-west-2.amazonaws.com user-image-assets-prod-us-east-2.s3.us-east-2.amazonaws.com user-image-assets-dev-us-west-2.s3.us-west-2.amazonaws.com user-image-assets-dev-us-east-2.s3.us-east-2.amazonaws.com; font-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com ssl.p.jwpcdn.com maps.googleapis.com maps.google.com maps.gstatic.com www.google.com analytics.rubensteintech.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com; frame-src 'self' player.vimeo.com www.youtube.com cdn.yoshki.com; connect-src 'self' ssl.p.jwpcdn.com maps.gstatic.com maps.googleapis.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' maps.googleapis.com www.google.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' jwpltx.com analytics.rubensteintech.com maps.gstatic.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net data:; object-src 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 1
frame-ancestors 'self' pi.pardot.com twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://j.6sc.co/ https://cdn.calconic.com/ https://yoast.com/ https://securityscorecard.com https://*.buzzsprout.com https://*.issuu.com/ https://www.123formbuilder.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.ep-mimecast.ads-twitter.com https://*.google.com https://*.googleapis.com https://analytics.twitter.com https://app.intercom.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://connect.facebook.net https://content.linkedin.com https://d.adroll.com https://en.twitter.com https://go.epsilontel.io https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.intercomcdn.com https://m.youtube.com https://platform.twitter.com https://platform.linkedin.com https://pi.pardot.com https://s.adroll.com https://sc.lfeeder.com https://static.ads-twitter.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://trk.techtarget.com https://t.co https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://widget.intercom.io https://www.google.com https://www.googletagmanager.com https://static.addtoany.com;style-src 'self' 'report-sample' 'unsafe-inline' blob: securityscorecard.com *.buzzsprout.com *.google.com *.licdn.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.calconic.com www.paypalobjects.com securityscorecard.com *.buzzsprout.com *.issuu.com *.123formbuilder.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net fast.wistia.net go.epsilontel.io intercom-sheets.com platform.twitter.com player.vimeo.com vars.hotjar.com www.youtube.com www.youtube-nocookie.com www.intercom-reporting.com www.googletagmanager.com static.addtoany.com;base-uri 'self';form-action 'self' *.123formbuilder.com *.twitter.com *.facebook.com *.google.com api-iam.intercom.io connect.facebook.net intercom.help;worker-src 'self' blob: www.google.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.automotivelogistics.media https://eme.abacusemedia.com; 1
frame-ancestors 'self' https://dashboard.mindler.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://anywise.net; img-src 'self' https: data: blob: https://anywise.net; style-src 'self' https://anywise.net 'nonce-egW07twKLVINR9YTpsBVuA=='; media-src 'self' https: data: https://anywise.net; frame-src 'self' https:; manifest-src 'self' https://anywise.net; form-action 'self'; connect-src 'self' data: blob: https://anywise.net https://anywise.net wss://anywise.net; script-src 'self' https://anywise.net 'wasm-unsafe-eval'; child-src 'self' blob: https://anywise.net; worker-src 'self' blob: https://anywise.net 1
default-src 'self'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src 'none';  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pullopen.xyz; img-src 'self' https: data: blob: https://pullopen.xyz; style-src 'self' https://pullopen.xyz 'nonce-sIyU6OjXDpTULuF2hNqU6g=='; media-src 'self' https: data: https://pullopen.xyz; frame-src 'self' https:; manifest-src 'self' https://pullopen.xyz; form-action 'self'; child-src 'self' blob: https://pullopen.xyz; worker-src 'self' blob: https://pullopen.xyz; connect-src 'self' data: blob: https://pullopen.xyz https://media.pullopen.xyz wss://pullopen.xyz; script-src 'self' https://pullopen.xyz 'wasm-unsafe-eval' 1
default-src 'self' *.continuum.ie *.gamma.ie https://ecn.t2.tiles.virtualearth.net/ *.autoaddress.com *.maze.co gateway.zscalertwo.net privacyportal-de.onetrust.com/request/v1/consentreceipts cdn.cookielaw.org staging.cdn-net.com staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com ajax.aspnetcdn.com searchservices.tescomobile.ie static.ads-twitter.com lptag.liveperson.net lpcdn.lpsnmedia.net *.googletagmanager.com platform.twitter.com analytics.twitter.com accdn.lpsnmedia.net lo.v.liveperson.net privacyportal-de.onetrust.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com servedby.flashtalking.com accreditation.datacash.com *.googleadservices.com 2866153.fls.doubleclick.net googleads.g.doubleclick.net use.typekit.net static.addtoany.com ib.adnxs.com *.google.com *.google.ie *.google-analytics.com code.jquery.com service.gamma.ie *.t.co d1j07uq9klr1j0.cloudfront.net service.autoaddress.ie api.autoaddress.ie dev.virtualearth.net edge.quantserve.com connect.facebook.net rules.quantcount.com *.youtube.com s.ytimg.com r.turn.com secure.quantserve.com  *.hotjar.com *.googlesyndication.com *.doubleclick.net *.hotjar.io ds-aksb-a.akamaihd.net payments.worldpay.com wss://lo2.msg.liveperson.net wss://ws.hotjar.com/api/v2/client/ws analytics.tiktok.com cdn.jsdelivr.net three.gamma.ie service.gamma.ie analytics.pangle-ads.com cdn.co-buying.com data: https://bp.tescomobile.ie/ https://www.facebook.com/ 'unsafe-eval' 'unsafe-inline'; media-src *;img-src * data:; frame-src * d1j07uq9klr1j0.cloudfront.net *.youtube.com secure.quantserve.com; worker-src 'self' blob: 1
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline' ; script-src-elem * 'unsafe-inline' data:; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; font-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' 'unsafe-eval' data:  1
default-src 'self'; img-src 'self' *; script-src 'self' https://google.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; font-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com https://google.com; object-src 'none'; frame-ancestors 'none'; 1
frame-src greencommuteinitiative.uk *.greencommuteinitiative.uk *.bing.com *.cyclescheme.co.uk *.smartlook.com *.youtube.com *.instagram.com *.facebook.com *.google.co.uk *.google.com *.youtube-nocookie.com *.strava.com *.paymentsense.cloud *.dojo.tech *.googletagmanager.com; connect-src 'self' *.smartlook.com *.bing.com *.visitors.live *.nr-data.net *.appspot-preview.com *.luckyorange.net *.luckyorange.com maps.googleapis.com api.getaddress.io stats.g.doubleclick.net www.google-analytics.com l.sharethis.com *.paymentsense.cloud *.dojo.tech *.googleapis.com *.googletagmanager.com *.google-analytics.com www.cyclescheme.co.uk *.greencommuteinitiative.uk www.google.com *.google.com; default-src 'self' *.bing.com *.googleapis.com *.trustpilot.com; script-src 'self' 'unsafe-inline' *.clarity.ms *.smartlook.com *.bing.com *.googleapis.com *.cloudflare.com *.addthis.com *.instagram.com *.facebook.net *.cloudfront.net *.luckyorange.com *.googleadservices.com *.doubleclick.net *.newrelic.com *.nr-data.net  maps.googleapis.com cdnjs.cloudflare.com *.getaddress.io getaddress.io *.sharethis.com www.gstatic.com www.google.com *.paymentsense.cloud *.dojo.tech *.google.com *.googletagmanager.com *.online-metrix.net code.jquery.com *.google-analytics.com;  img-src 'self' 'unsafe-inline' data: https: 0.gravatar.com l.sharethis.com www.googletagmanager.com www.google-analytics.com; font-src 'self' *.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self' *.facebook.com *.paypal.com mdepayments.epdq.co.uk gateway.cardstream.com test.sagepay.com live.sagepay.com secure.worldpay.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com tagmanager.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com static.hotjar.com script.hotjar.com ajax.googleapis.com services.postcodeanywhere.co.uk dl.episerver.net maps.google.com maps.googleapis.com www.google.com www.gstatic.com api.reciteme.com vo.msecnd.net *.vo.msecnd.net cdn.botframework.com cdn-ukwest.onetrust.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fast.fonts.net services.postcodeanywhere.co.uk fonts.googleapis.com fonts.gstatic.com api.reciteme.com; frame-src 'self' vars.hotjar.com www.youtube.com www.google.com api.reciteme.com; connect-src 'self' *.google-analytics.com *.analytics.google.com maps.googleapis.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io stats.g.doubleclick.net in.hotjar.com vc.hotjar.io services.postcodeanywhere.co.uk api.reciteme.com https://enw-geo.mandogroup.com:8443 https://geoserver.enwl.co.uk:8443 directline.botframework.com wss://directline.botframework.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/ wss://ws1.hotjar.com/api/v1/client/ws cdn-ukwest.onetrust.com geolocation.onetrust.com cookiesuksouth.blob.core.windows.net; img-src 'self' data: *.google-analytics.com *.analytics.google.com maps.gstatic.com maps.google.com maps.googleapis.com api.reciteme.com pbs.twimg.com script.hotjar.com https://enw-geo.mandogroup.com:8443 https://geoserver.enwl.co.uk:8443 bot-azd-chatdev01-uks.azurewebsites.net bot-azd-chatci01-uks.azurewebsites.net bot-azd-chatqa01-uks.azurewebsites.net bot-azr-chatuat01-uks.azurewebsites.net bot-azp-chatprod01-uks.azurewebsites.net http://t0.ads.astuntechnology.com cdn-ukwest.onetrust.com; font-src 'self' fonts.gstatic.com api.reciteme.com script.hotjar.com; media-src 'self' api.reciteme.com 1
default-src 'self' https://api.mahmee.com; style-src 'self' 'unsafe-inline' https://api.mahmee.com fonts.googleapis.com use.fontawesome.com https://fonts.googleapis.com; font-src 'self' https://api.mahmee.com fonts.gstatic.com use.fontawesome.com https://fonts.googleapis.com https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' https://api.mahmee.com https://api.stripe.com https://checkout.stripe.com https://ecs.us1.twilio.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com api.amplitude.com *.sentry.io *.amazonaws.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://www.google-analytics.com https://api2.amplitude.com blob:; frame-src 'self' https://api.mahmee.com https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://www.youtube.com www.intercom-reporting.com https://intercom-sheets.com https://td.doubleclick.net; script-src 'self' 'unsafe-inline' https://api.mahmee.com https://js.stripe.com https://checkout.stripe.com ajax.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://static.cloudflareinsights.com https://cdn.amplitude.com; img-src 'self' https://api.mahmee.com https://*.google.com https://*.google.com.ua https://googleads.g.doubleclick.net *.amazonaws.com https://*.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments.eu https://*.au.intercom-attachments.com data: blob:; media-src 'self' https://api.mahmee.com *.amazonaws.com https://js.intercomcdn.com data: mediastream: blob:; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io 1
frame-ancestors 'self' *.gaoding.com http://tongji.baidu.com 1
default-src 'self' cdn.speedcurve.com lux.speedcurve.com; script-src 'self' 'unsafe-inline' cpqa.catchpoint.com unpkg.com; style-src 'unsafe-inline'; img-src 'self' data: res.cloudinary.com; connect-src 'self' rqa.3genlabs.net unpkg.com api.github.com cpqa.catchpoint.com; upgrade-insecure-requests; report-uri https://600e2d5b.intrepid.pages.dev/api/report 1
form-action 'none'; img-src 'self'; default-src 'none'; base-uri 'self'; frame-ancestors 'self'; object-src https://www.buruniv.ac.in/; font-src 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' https://maps.googleapis.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/; style-src 'self' https://cdn.jsdelivr.net/ https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com 1
frame-ancestors 'self' https://*.editions-bordas.fr; 1
default-src 'self' https://moncompte.skilleos.com https://www.skilleos.com *.skilleos.com https://f.hellowork.com https://static.affilae.com https://www.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://js.appboycdn.com https://cdn.segment.com *.algolia.net *.braze.eu *.ubembed.com *.pardot.com *.segment.io *.axept.io sentry.io *.sentry-cdn.com *.facebook.com *.facebook.net *.googleadservices.com *.google.com *.google.de *.affilae.com https://connect.facebook.net *.doubleclick.net *.societegenerale.fr *.sg.fr *.jobplus.io *.services.bnpparibas *.googleapis.com *.bugsnag.com *.wizbii.com *.refiner.io *.buddypop.fr https://cdnjs.cloudflare.com https://fonts.cdnfonts.com https://www.recaptcha.net https://www.gstatic.com *.typeform.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://moncompte.skilleos.com https://www.skilleos.com *.skilleos.com https://f.hellowork.com https://static.affilae.com https://www.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://js.appboycdn.com https://cdn.segment.com *.algolia.net *.braze.eu *.ubembed.com *.pardot.com *.segment.io *.axept.io sentry.io *.sentry-cdn.com *.facebook.com *.facebook.net *.googleadservices.com *.google.com *.google.de *.affilae.com https://connect.facebook.net *.doubleclick.net *.societegenerale.fr *.sg.fr *.jobplus.io *.services.bnpparibas *.googleapis.com *.bugsnag.com *.wizbii.com *.refiner.io *.buddypop.fr https://cdnjs.cloudflare.com https://fonts.cdnfonts.com https://www.recaptcha.net https://www.gstatic.com *.typeform.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: *.skilleos.com https://www.skilleos.com *.google-analytics.com *.facebook.com *.google.com *.google.fr *.google.mg *.google.de *.picsum.photos https://picsum.photos https://axeptio.imgix.net *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.fontawesome.com https://moncompte.skilleos.com https://www.skilleos.com *.skilleos.com https://f.hellowork.com https://static.affilae.com https://www.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://js.appboycdn.com https://cdn.segment.com *.algolia.net *.braze.eu *.ubembed.com *.pardot.com *.segment.io *.axept.io sentry.io *.sentry-cdn.com *.facebook.com *.facebook.net *.googleadservices.com *.google.com *.google.de *.affilae.com https://connect.facebook.net *.doubleclick.net *.societegenerale.fr *.sg.fr *.jobplus.io *.services.bnpparibas *.googleapis.com *.bugsnag.com *.wizbii.com *.refiner.io *.buddypop.fr https://cdnjs.cloudflare.com https://fonts.cdnfonts.com https://www.recaptcha.net https://www.gstatic.com *.typeform.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; object-src 'none'; frame-ancestors 'none'; base-uri https://www.skilleos.com; font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com unsafe-eval data: blob: https://moncompte.skilleos.com https://www.skilleos.com *.skilleos.com https://f.hellowork.com https://static.affilae.com https://www.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://js.appboycdn.com https://cdn.segment.com *.algolia.net *.braze.eu *.ubembed.com *.pardot.com *.segment.io *.axept.io sentry.io *.sentry-cdn.com *.facebook.com *.facebook.net *.googleadservices.com *.google.com *.google.de *.affilae.com https://connect.facebook.net *.doubleclick.net *.societegenerale.fr *.sg.fr *.jobplus.io *.services.bnpparibas *.googleapis.com *.bugsnag.com *.wizbii.com *.refiner.io *.buddypop.fr https://cdnjs.cloudflare.com https://fonts.cdnfonts.com https://www.recaptcha.net https://www.gstatic.com *.typeform.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
frame-ancestors 'self' *.shetland.gov.uk; 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b290187cbac740851a2cc126c2b491d6'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://www.ketogenicforums.com/logs/ https://www.ketogenicforums.com/sidekiq/ https://www.ketogenicforums.com/mini-profiler-resources/ https://www.ketogenicforums.com/assets/ https://www.ketogenicforums.com/brotli_asset/ https://www.ketogenicforums.com/extra-locales/ https://www.ketogenicforums.com/highlight-js/ https://www.ketogenicforums.com/javascripts/ https://www.ketogenicforums.com/plugins/ https://www.ketogenicforums.com/theme-javascripts/ https://www.ketogenicforums.com/svg-sprite/ https://www.googletagmanager.com/gtm.js 'unsafe-inline' https: http:; worker-src 'self' blob: 1
default-src 'self' http://* https://* ws://* wss://* data://* blob://* 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://help.bikester.be https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self' cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com blob:; img-src * https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com  data: * blob: https://amourlee.com ; style-src 'self' 'unsafe-inline' https://imgsourcechain.com  maxcdn.bootstrapcdn.com unpkg.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' https://imgsourcechain.com  https://script.hotjar.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:;connect-src * blob:;media-src * blob: data:;script-src 'self' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://imgsourcechain.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://a.mgid.com https://tr.snapchat.com https://pay.google.com https://cdn.seondf.com https://accounts.google.com https://*.clarity.ms https://analytics.tiktok.com https://sc-static.net cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com https://optimize.google.com 'unsafe-inline' https://www.googletagmanager.com https://bat.bing.com https://www.googleoptimize.com https://s.yimg.com;frame-src https://pay.google.com https://content-people.googleapis.com https://content.googleapis.com https://accounts.google.com https://tr.snapchat.com https://www.google.com/ https://optimize.google.com https://vars.hotjar.com; 1
frame-ancestors 'self' newlynamed.com 1
script-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' *.kalshi.com *.kalshi.co 1
default-src 'none'; script-src 'self' www.googletagmanager.com platform.twitter.com syndication.twitter.com static.ads-twitter.com 'sha256-ewTm8QMx/IkmbIFAIapvCHoCrGgIIHhn8qKC7/5Y2Ro=' 'unsafe-hashes' 'sha256-mplq9U9bn5xLaFQjbIOde0Eu7cXsI2xaTPex2jLztp0='; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com 'sha256-akbuxUDobAg86+TiT5p8TENoFqlhtGWtEqHedhVNujw='; font-src fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' syndication.twitter.com t.co analytics.twitter.com; frame-src platform.twitter.com; connect-src www.google-analytics.com 1
upgrade-insecure-requests; X-Frame-Options:SAMEORIGIN; 1
frame-ancestors kdl.org *.kdl.org kdl.bibliocms.com *.kdl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src kdl.org *.kdl.org kdl.bibliocms.com *.kdl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'top.gg'; 1
frame-ancestors 'self' https://*.teamdoor.io 1
frame-src https://www.googletagmanager.com http://app.nbrm.mk/ https://app.nbrm.mk/ https://platform.twitter.com/ https://www.youtube.com/ https://e-nabavki.gov.mk/ https://www.google.com/ http://www.nbrm.mk/ https://www.nbrm.mk/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.me.uk; img-src 'self' https: data: blob: https://mastodon.me.uk; style-src 'self' https://mastodon.me.uk 'nonce-2574nOkyfZtt9AUyYRJROw=='; media-src 'self' https: data: https://mastodon.me.uk; frame-src 'self' https:; manifest-src 'self' https://mastodon.me.uk; form-action 'self'; child-src 'self' blob: https://mastodon.me.uk; worker-src 'self' blob: https://mastodon.me.uk; connect-src 'self' data: blob: https://mastodon.me.uk https://mastodon.me.uk wss://mastodon.me.uk; script-src 'self' https://mastodon.me.uk 'wasm-unsafe-eval' 1
frame-ancestors 'self' mashibing.com bafangwy.com *.mashibing.com *.bafangwy.com 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js https://code.jquery.com/jquery-3.2.1.min.js https://animeworld.cx/js/alpine.min.js https://animeworld.cx/js/jquery-3.2.1.min.js https://animeworld.cx/js/popper.min.js https://animeworld.cx/js/popper.js https://animeworld.cx/js/bootstrap.min.js https://animeworld.cx/js/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: analytics.iitsp.com secure.gravatar.com updates.theme-fusion.com http://www.allworld.it; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.iitsp.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'   https://*.uptolike.com/ http://aj1616.online/ fapabelno.com  *.fapabelno.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fapabelno.com  https://*.yandex.com/ https://*.bngprm.com/ https://grown-t-code.com/ https://*.uptolike.com/ http://*.realsrv.com/ https://goryachie-foto.net/ https://bongacams10.com/ https://*.bcprm.com/ https://bcprm.com/  https://aj1616.online/  *.fapabelno.com https://syndication.exosrv.com  https://dugwap.com http://funbuy.pp.ua      connect.facebook.net http://connect.facebook.net https://www.facebook.com http://facebook.net *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com top-fwz1.mail.ru counter.yadro.ru www.google.com advapi.ru   cse.google.com http://10.20.2.42:15871 *.akamaihd.net *.amazonaws.com *.ytimg.com http://*.whisla.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com cse.google.com http://*.uptolike.com https://*.uptolike.com https://*.google.com http://*.google.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.googleapis.com *.doubleclick.net ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://srv224.com/ https://*.trustlink.ru/ https://*.magsrv.com https://*.pemsrv.com/ https://envious-low.com/ https://www.tallfriend.pro/ https://adcck.ru/ https://pddata.ru/ https://creepy-reception.com/ https://*.click.ru/ https://*.bngprm.com/ https://bcprm.com/ https://goryachie-foto.net/ https://aj1616.online/ https://*.uptolike.com/ https://*.yandex.ru/ https://*.realsrv.com/ https://*.yandex.com/ ;object-src 'self' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com   *.googleapis.com *.vk.com https://*.vk.com vk.com https://vk.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;style-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com fapabelno.com *.fapabelno.com http://*.uptolike.com https://*.uptolike.com https://* cse.google.com www.google.com http://netdna.bootstrapcdn.com fonts.googleapis.com *.googleapis.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;img-src * data: fapabelno.com *.fapabelno.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net top-fwz1.mail.ru counter.yadro.ru *.vk.com https://*.vk.com vk.com https://vk.com http://*.uptolike.com https://*.uptolike.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com http://*.gravatar.com/; media-src 'self' * mediastream: *;frame-src 'self' 'unsafe-eval' https://*.xlivrdr.com https://*.mnaspm.com/ https://*.bongacams22.com/ https://*.bongacams10.com/ https://bongacams10.com/ https://*.bongacams.com/ https://bongacams.com/ http://staticxx.facebook.com/ https://promo-bc.com http://www.facebook.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net fapabelno.com *.fapabelno.com  blocking.stat *.yahoo.com *.uptolike.com vk.com *.hubrus.com www.google.com cse.google.com  http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com top-fwz1.mail.ru counter.yadro.ru http://*.uptolike.com https://*.uptolike.com *.googleapis.com   *.vk.com https://*.vk.com vk.com https://vk.com;font-src 'self' data: fapabelno.com *.fapabelno.com *.googleapis.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com http://fonts.gstatic.com:*;connect-src 'self' https://*.magsrv.com https://*.pemsrv.com/ https://www.tallfriend.pro/ https://*.realsrv.com/ https://mc.yandex.com/ *.yandex.ru yandex.ru http://aj1616.online/ https://aj1616.online/  http://w.uptolike.com/       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net https://www.youtube.com *.googlevideo.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.google-analytics.com;report-uri //fapabelno.com/csp.php 1
default-src 'self'; connect-src 'self' wss://*.streami.co wss://*.streami.io wss://*.gopax.co.kr https://*.gopax.co.kr https://*.gopax.co.kr:* https://*.amazonaws.com https://*.streami.io https://adservice.google.com https://aem-kakao-collector.onkakao.net/api https://bc.ad.daum.net https://browser-intake-datadoghq.com https://pagead2.googlesyndication.com https://sentry.io https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://www.google.iq https://stats.g.doubleclick.net/g/collect https://stats.g.doubleclick.net/j/collect https://analytics.google.com/g/collect https://api.xangle.io/external/disclosure-project https://api.intotheblock.com https://nice.qa.streami.io:8081 https://nice.staging.streami.io:8081 https://www.tradingview.com https://ads.tnkad.net https://kn.acrosspf.com https://www.tdmcom.co.kr https://*.adpopcorn.com https://bizmessage.kakao.com; frame-src 'self' https://www.google.com https://*.gopax.co.kr https://*.gopax.co.kr:* https://*.daumcdn.net https://*.daum.net https://safe.ok-name.co.kr https://connect.facebook.net https://*.doubleclick.net https://s3.ap-northeast-2.amazonaws.com/service.xangle.io https://nice.checkplus.co.kr https://s.tradingview.com https://www.tradingview-widget.com https://www.youtube.com https://kn.acrosspf.com https://*.twitter.com; img-src 'self' data: blob: https://adlc-exchange.toast.com https://analytics.google.com/g/collect https://bid.g.doubleclick.net/xbbe/pixel https://googleads.g.doubleclick.net/pagead/ https://idm.skplanet.com/pixel https://kiup.ibk.co.kr https://log.mediacategory.com/servlet/rd https://*.gopax.co.kr https://*.gopax.qa.streami.io https://*.gopax.staging.streami.io https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/ticker/images/ https://s3.ap-northeast-2.amazonaws.com/upload.xangle.io/images/ https://stats.g.doubleclick.net https://track.buzzvil.com/ https://www.google-analytics.com https://www.google.co.kr https://www.google.com https://www.googleadservices.com/pagead/conversion/ https://www.googletagmanager.com/ https://bc.ad.daum.net https://wcs.naver.com/ https://t1.daumcdn.net https://*.twimg.com https://resource.gopax.co.kr https://resource.gopax.staging.streami.io; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.gopax.co.kr https://cdn.megadata.co.kr/js/en_script/3.5/enliple_min3.5.js https://cdnet.nasmob.com/adpacker/js/ap_pv_v1.0.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10944913108/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com https://cdn.megadata.co.kr https://cdnet.nasmob.com https://stats.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://www.google.co.kr https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.daumcdn.net https://www.googleadservices.com https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/xi-ticker.min.js https://app.intotheblock.com https://api3.tnkfactory.com https://scr.nsmartad.com https://inter-nswitch.nasmob.com https://s3.tradingview.com https://fin.rainbownine.net/js/adn_tags_2.1.3.js https://www.tdmcom.co.kr https://*.adpopcorn.com https://kn.acrosspf.com https://bizmessage.kakao.com https://www.youtube.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3.ap-northeast-2.amazonaws.com/service.xangle.io/xi-ticker.min.css https://*.twitter.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; base-uri 'self'; frame-ancestors https://gopax.co.kr https://*.gopax.co.kr https://streami.io https://*.gopax.qa.streami.io https://*.gopax.staging.streami.io https://*.gopax.prod.streami.io 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.dk https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.comi https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://inforegister.ee *.maksekeskus.ee *.inforegister.ee *.facebook.net https://reklaamivahendus.eu www.google.com www.google.ee; frame-ancestors 'self'; form-action 'self' *.inforegister.ee https://inforegister.ee *.maksekeskus.ee; object-src 'self' https://evul.ee; base-uri 'self' 1
default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://neurodifferent.me; img-src 'self' https: data: blob: https://neurodifferent.me; style-src 'self' https://neurodifferent.me 'nonce-nQz5IZC7XUWoWeSD859wCQ=='; media-src 'self' https: data: https://neurodifferent.me; frame-src 'self' https:; manifest-src 'self' https://neurodifferent.me; form-action 'self'; child-src 'self' blob: https://neurodifferent.me; worker-src 'self' blob: https://neurodifferent.me; connect-src 'self' data: blob: https://neurodifferent.me https://media.neurodifferent.me wss://neurodifferent.me; script-src 'self' https://neurodifferent.me 'wasm-unsafe-eval' 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-bfd2a2d8bd78c1a91b52afa5ae26255e'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
frame-ancestors 'self' https://help.bikester.se https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.toggle.ai https://jpm.tgl.ai; 1
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com https://cloud.typography.com/ https://analytics.clickdimensions.com/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com https://cloud.typography.com/ https://www.firstnational.ca/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com  https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.pagestrip.com https://www.google.ca/ *.firstnational.ca; media-src 'self' *.ssl.cf1.rackcdn.com data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io *.dayforcehcm.com dayforcehcm.com https://prepayment.firstnational.ca/ https://player.blubrry.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com https://stats.g.doubleclick.net/; 1
default-src 'none'; frame-ancestors https://*.edadeal.ru https://edadeal.ru https://yandex.ru https://yandex.com https://yandex.by https://*.yandex.ru https://*.yandex.com https://*.yandex.by; connect-src 'self'; script-src 'nonce-82eaf13d4c3a4d3234ae3731fa2a79d4' 'self'; img-src 'self' 1
frame-ancestors 'self' brita360.fairflexx.de http://93.90.201.51:8090 https://vendtra.expo-ip.com https://brita-dach.ff360.de 1
frame-ancestors 'self' pocketnavigation.de; 1
frame-ancestors 'self';object-src 1
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval'; frame-src * blob: 1
connect-src 'self' *.googleapis.com bat.bing.com stats.g.doubleclick.net *.clarity.ms tracker.affirm.com www.affirm.com www.facebook.com *.google.com www.google-analytics.com api-cf.affirm.com smhttp-ssl-18667.nexcesscdn.net; font-src 'self' data: fonts.gstatic.com www.affirm.com smhttp-ssl-18667.nexcesscdn.net assets.quadpay.com cdn.honey.io moz-extension use.typekit.net www.clearplay.com; form-action 'self' www.facebook.com *.paypal.com; frame-src widget.trustpilot.com *.youtube.com www.facebook.com www.affirm.com www.google.com; img-src 'self' *.bing.com data: www.facebook.com *.google.com c.clarity.ms www.shopperapproved.com maps.gstatic.com smhttp-ssl-18667.nexcesscdn.net www.google-analytics.com log.pinterest.com *.googleapis.com translate.google.com www.furniturepick.com www.gstatic.com cdn.honey.io cdn.ivaws.com images.wikibuy.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com bat.bing.com *.clarity.ms cdn1.affirm.com connect.facebook.net widget.trustpilot.com www.google-analytics.com www.shopperapproved.com smhttp-ssl-18667.nexcesscdn.net www.google.com www.gstatic.com *.googleapis.com; script-src 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn1.affirm.com *.clarity.ms connect.facebook.net *.googleapis.com smhttp-ssl-18667.nexcesscdn.net widget.trustpilot.com www.google-analytics.com www.google.com www.gstatic.com data: www.shopperapproved.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdn1.affirm.com smhttp-ssl-18667.nexcesscdn.net; child-src widget.trustpilot.com www.affirm.com www.google.com www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn1.affirm.com connect.facebook.net data: smhttp-ssl-18667.nexcesscdn.net stats.g.doubleclick.net tracker.affirm.com www.affirm.com www.facebook.com www.google-analytics.com www.google.com api-cf.affirm.com *.googleapis.com fonts.gstatic.com  maps.gstatic.com 'self' widget.trustpilot.com www.gstatic.com www.shopperapproved.com cdn.ivaws.com; style-src 'unsafe-eval' 'unsafe-inline' *.furniturepick.com smhttp-ssl-18667.nexcesscdn.net cdn1.affirm.com *.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self' ; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com ; style-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com ; font-src 'self' https://use.fontawesome.com ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com ; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.cexplorer.io https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self';script-src 'self' https://js.stripe.com https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline';img-src * 'self' data:;font-src 'self' data:;connect-src 'self' *.slack.com sentry.io https://api.stripe.com https://cloudflareinsights.com;frame-src https://js.stripe.com https://hooks.stripe.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
base-uri 'self' *.etiya.com;connect-src 'self' *.etiya.com 'strict-dynamic' 'unsafe-inline' https: 'nonce-hhHfhNloyFYTJEzoltzMeU3E6Eb4jAHk';default-src 'self' *.etiya.com;form-action 'self' *.etiya.com;img-src 'self' *.etiya.com *.google.com *.google.com.tr *.google-analytics.com mc.yandex.com cdnjs.cloudflare.com *.openstreetmap.org *.amazonaws.com *.gstatic.com recaptcha.google.com data:;media-src 'self' *.etiya.com;object-src 'none';script-src 'nonce-hhHfhNloyFYTJEzoltzMeU3E6Eb4jAHk' 'strict-dynamic' 'unsafe-inline' https:;style-src 'self' *.etiya.com fonts.googleapis.com cdnjs.cloudflare.com 'strict-dynamic' 'unsafe-inline' https:;font-src 'nonce-hhHfhNloyFYTJEzoltzMeU3E6Eb4jAHk' 'self' *.etiya.com 'strict-dynamic' 'unsafe-inline' https:;frame-src 'self' *.etiya.com *.google.com *.yandex.com *.youtube.com *.gstatic.com recaptcha.google.com *.doubleclick.net *.googletagmanager.com 1
frame-ancestors 'self' https://*.toyota.ro https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Yy7tmuLlBeMMogqDNCZoPA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
font-src 'self' *.gstatic.com data:;  1
default-src 'self' blob: *.senado.gov.br:* *.senado.leg.br:* wss://*.senado.gov.br:* wss://*.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net www.recaptcha.net use.typekit.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com grafana.com cdn.jsdelivr.net www.facebook.com connect.facebook.net cdn.datatables.net *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br graph.facebook.com www.facebook.com connect.facebook.net apis.google.com *.googleapis.com apex.oracle.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com maps.google.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net www.googletagmanager.com code.getmdl.io code.highcharts.com unpkg.com cdn.jsdelivr.net *.addthis.com v1.addthisedge.com z.moatads.com; style-src 'self' 'unsafe-inline' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net use.typekit.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net code.getmdl.io cdn.quilljs.com ajax.aspnetcdn.com unpkg.com cdn.jsdelivr.net; img-src 'self' data: blob: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.interlegis.leg.br *.googleapis.com *.ggpht.com maps.google.com translate.google.com maps.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gravatar.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com stats.g.doubleclick.net ampcid.google.com p.typekit.net recaptcha.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net www.facebook.com web.facebook.com img.youtube.com validator.swagger.io online.swagger.io grafana.com *.tile.openstreetmap.org tiles.maps.opensearch.org maps.opensearch.org www.googletagmanager.com unpkg.com cdn.jsdelivr.net www.addthis.com; font-src 'self' data: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com fonts.gstatic.com *.fontawesome.com use.typekit.net *.bootstrapcdn.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net; object-src 'self' *.senado.gov.br:* *.senado.leg.br:*; frame-src 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com *.youtube.com www.youtube-nocookie.com www.youtube.com accounts.google.com www.facebook.com web.facebook.com m.facebook.com *.addthis.com; worker-src 'self' blob: *.senado.gov.br:* *.senado.leg.br:*; frame-ancestors 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br; form-action 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br senado.zoom.us; block-all-mixed-content; base-uri 'self' *.senado.gov.br:* *.senado.leg.br:*; manifest-src 'self' data: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br normas.leg.br *.normas.leg.br *.camara.leg.br; upgrade-insecure-requests; report-uri https://adm.senado.gov.br/csp-report-collector/collect 1
default-src 'self' data: *.zdassets.com ppq.zendesk.com ws: *.zopim.com *.ppq.com.au *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.fullstory.com *.clarity.ms *.doubleclick.net *.google.com.au *.youtube.com *.cloudfront.net *.adsrvr.org *.quantcast.com *.quantcount.com *.quantserve.com *.quantserve.net *.adswizz.com *.tiqcdn.com deploytealium.com *.tealiumiq.com *.linkedin.com *.licdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ppq.com.au personalisedplatesqld.atlassian.net *.cloudfront.net *.zdassets.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.fullstory.com *.clarity.ms *.doubleclick.net ppq.zendesk.com *.zopim.com connect.facebook.net *.youtube.com *.adsrvr.org *.quantcast.com *.quantcount.com *.quantserve.com *.quantserve.net *.adswizz.com *.tiqcdn.com deploytealium.com *.tealiumiq.com *.linkedin.com *.licdn.com; child-src *.cloudfront.net *.ppq.com.au *.google.com personalisedplatesqld.atlassian.net *.youtube.com *.doubleclick.net *.adsrvr.org; style-src 'self' 'unsafe-inline' *.ppq.com.au *.cloudfront.net; font-src 'self' *.ppq.com.au; 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.lenovo.com https://360.articulate.com https://articulateusercontent.com https://learningmanagereu.adobe.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://yoast.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net/npm/webfontloader@1.6.28/webfontloader.min.js https://oss.maxcdn.com/webfontloader/1.5.21/webfontloader.js https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://developers.google.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://prod-druid-apc.azureedge.net/druid_webchat.js https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://optimize.google.com https://s.yimg.com/wi/ytc.js https://sp.analytics.yahoo.com https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat_modules.js *.qualtrics.com https://cdn.jsdelivr.net:* https://unpkg.com:* https://p.teads.tv/teads-fellow.js *.adform.net:* *.hicloud.com:*; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://cdn.rawgit.com https://cdnjs.cloudflare.com/ajax/libs/ https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat.css https://tagmanager.google.com https://optimize.google.com https://otpdev.druidplatform.com https://cdn.jsdelivr.net:*; img-src 'self' data: https://s.w.org https://stats.g.doubleclick.net https://www.google-analytics.com https://media.licdn.com https://secure.gravatar.com https://fonts.gstatic.com https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://ssl.gstatic.com https://www.gstatic.com https://cdn.rawgit.com https://raw.githubusercontent.com https://druiddemo18533.blob.core.windows.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ro https://www.facebook.com/tr/ https://optimize.google.com https://www.otpbank.ro/sites/default/files/assets/images/octavian-avatar-2.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-24-2x.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-Octavian2.png https://*.hotjar.com https://*.doubleclick.net https://fra1.qualtrics.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com *.teads.tv:*; media-src 'self' data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.facebook.com https://s-static.ak.facebook.com https://media.licdn.com https://bid.g.doubleclick.net https://4884242.fls.doubleclick.net/ https://optimize.google.com https://vars.hotjar.com/ https://web.facebook.com/ *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com  https://themes.googleusercontent.com https://themes.googleusercontent.com https://*.hotjar.com; connect-src 'self' https://yoast.com https://otp.druidplatform.com/api/ https://directline.botframework.com https://directline.botframework.com/ https://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://www.google.com/pagead/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://prod-druid-api.azurewebsites.net/api/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com https://maps.googleapis.com:* https://cm.teads.tv:* *.teads.tv:*; upgrade-insecure-requests 1
font-src *.gstatic.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.zopim.io *.zopim.com data: *.getblue.io event.getblue.io fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.google.com *.kelkoogroup.net *.getblue.io event.getblue.io *.nexigroup.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.bauzaar.it 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.iubenda.com *.nexi.it *.tradedoubler.com *.facebook.com/ *.zenaps.com *.google.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.americanexpress.com calendly.com *.calendly.com *.sia.eu *.mercurypaymentservices.it *.netsgroup.com *.arcot.com *.rsa3dsauth.co.uk *.touch.tech *.asseco-see.hr *.zopim.io *.getblue.io event.getblue.io *.cloudfront.net *.dwin1.com *.awin1.com *.sciencebehindecommerce.com *.wepowerconnections.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://images.unsplash.com *.nexi.it *.feedaty.com *.artful.com artful.com *.artfut.com artfut.com *.zoorate.com *.facebook.com *.facebook.net *.digital-metric.com *.digital-metric.net *.pushcrew.com *.google.com *.google.it *.adnxs.com *.tradetracker.net *.asbmit.com *.admitad.com https://lenkmio.com https://pafutos.com *.awin1.com *.idealo-partner.com *.zenaps.com *.bizrate.com *.doubleclick.net *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.signifyd.com *.e.aa.online-metrix.net *.gstatic.com *.googleapis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.ytimg.com *.lenkmio.com *.pafutos.com *.atdmt.com *.acana.com *.googletagmanager.com *.bing.com *.sia.eu *.mercurypaymentservices.it *.netsgroup.com *.arcot.com *.rsa3dsauth.co.uk *.touch.tech *.asseco-see.hr *.sendtric.com 'self' *.datnova.com *.zopim.io *.zopim.com *.zdassets.com *.googleusercontent.com *.kelkoogroup.net *.getblue.io event.getblue.io *.clarity.ms *.dwin1.com *.sciencebehindecommerce.com *.wepowerconnections.com *.blueknow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.tradedoubler.com *.iubenda.com *.sail-horizon.com *.jsdelivr.net *.zoorate.com *.scalapay.com *.nexi.it *.dwin1.com *.facebook.net *.digital-metric.com *.digital-metric.net *.cnnx.link *.pushcrew.com *.transactionale.com smct.co smct.io *.cookieless-data.com *.sail-personalize.com *.doubleclick.net *.cloudfront.net *.cloudflare.com *.sddan.com *.trovaprezzi.it *.bing.com *.doofinder.com *.sciencebehindecommerce.com *.zenaps.com *.googletagmanager.com *.chimpstatic.com chimpstatic.com *.gstatic.com *.google.com *.google.it *.signifyd.com *.livechatinc.com *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.moatads.com *.addthisedge.com widget.pinterest.com *.bauzaar.it *.smct.co *.smct.io *.calendly.com *.consensu.org sddan.mgr.consensu.org *.sia.eu *.mercurypaymentservices.it *.netsgroup.com *.arcot.com *.rsa3dsauth.co.uk *.touch.tech *.asseco-see.hr *.adform.net *.feedaty.com v2.zopim.com *.zopim.com *.zdassets.com unpkg.com *.lenmit.com *.artfut.com *.zendesk.com *.kk-resources.com *.getblue.io event.getblue.io *.kelkoogroup.net *.clarity.ms *.awin1.com *.wepowerconnections.com *.sovendus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.jsdelivr.net *.zoorate.com *.pushcrew.com *.cloudflare.com *.gstatic.com *.feedaty.com *.iubenda.com unpkg.com *.lenmit.com *.artfut.com *.zendesk.com *.kk-resources.com *.kelkoogroup.net *.getblue.io event.getblue.io fonts.smct.io unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zopim.com *.getblue.io event.getblue.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com int-ecommerce.nexi.it ecommerce.nexi.it *.bing.com *.iubenda.com *.nexi.it *.sail-personalize.com *.sail-track.com *.google-analytics.com *.doubleclick.net *.transactionale.com *.doofinder.com *.sciencebehindecommerce.com *.livechatinc.com *.addthis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.google.com *.google.it *.g.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.sia.eu *.mercurypaymentservices.it *.netsgroup.com *.arcot.com *.rsa3dsauth.co.uk *.touch.tech *.asseco-see.hr *.googlesyndication.com pagead2.googlesyndication.com v2.zopim.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.digital-metric.net *.digital-metric.com *.feedaty.com *.kelkoogroup.net *.kk-resources.com *.getblue.io event.getblue.io *.clarity.ms *.dwin1.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.google.it *.googletagmanager.com *.googlesyndication.com *.kelkoogroup.net *.kelkoogroup.com *.getblue.io event.getblue.io *.kk-resources.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://skeeller.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.mpi.ziraatbank.com.tr https://mernis.yesilay.org.tr:8086 https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://unpkg.com https://cdnjs.cloudflare.com https://cdn.userway.org/widget.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_base_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_lazy_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/widget_app_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/remediation_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/nav_menu_helper1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/scan/scan_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-06/remediation/slick_slider_1680789796996.js https://cdn.userway.org/widgetapp/2023-04-18/widget_app_1681832080775.js https://cdn.userway.org/widgetapp/2023-04-18/remediation/remediation_1681832080775.js https://cdn.userway.org/widgetapp/ https://cdn.userway.org/ 1
default-src 'self'; connect-src 'self' https://srvtemsm.extracobanks.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.google-analytics.com https://sentry.utdev.com https://stats.addtoany.com http://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://stats.g.doubleclick.net https://maps.googleapis.com https://api.cobrowse.io wss://*.cobrowse.io https://cobrowse.io https://*.callrail.com https://cdn.linkedin.oribi.io https://www.facebook.com https://adservice.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://*.treasuredata.com https://*.mouseflow.com https://forms.hscollectedforms.net https://api.hubapi.com https://px.ads.linkedin.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com https://*.mouseflow.com; frame-src 'self' https://static.addtoany.com https://www.youtube.com https://srvtemsm.extracobanks.com https://extracobanks.locatorsearch.com https://extracobanks.locatorsearch.net https://maps.google.com https://youtube.com https://extraco.rediverifi.com https://bid.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://*.vimeo.com https://vars.hotjar.com https://answers-extracobanks.com.pagescdn.com https://*.agentiq.co https://webchat.qae.agentiq.co https://cobrowse.io https://content.tsbc.com https://centsai.com https://*.adsrvr.org https://www.facebook.com https://td.doubleclick.net https://link.edgepilot.com https://unite.3esoftware.com https://a.surefirecontent.com; img-src 'self' data: https: http://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.locatorsearch.com https://*.newrelic.com https://*.nr-data.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.cloudflare.com https://static.cloudflareinsights.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://answers-extracobanks.com.pagescdn.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://*.onlineaccess1.com https://*.agentiq.co https://webchat.qae.agentiq.co *.jsdelivr.net https://js.cobrowse.io/CobrowseIO.js https://content.tsbc.com https://centsai.com https://*.adsrvr.org https://*.licdn.com https://*.callrail.com https://*.cloudfront.net https://static.ads-twitter.com https://secure.adnxs.com https://js-agent.newrelic.com https://*.treasuredata.com https://*.mouseflow.com https://a.surefirecontent.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chat.agentiq.co https://maxcdn.bootstrapcdn.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.agentiq.co https://webchat.qae.agentiq.co https://*.extracobanks.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.agentiq.co https://webchat.qae.agentiq.co https://*.q2developer.com https://extraco.docksal.site; report-uri https://www.extracobanks.com/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://stats.g.doubleclick.net https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/transpordiamet https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/transpordiamet https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://www.transpordiamet.ee/ www.transpordiamet.ee https://digiajakiri.transpordiamet.ee/ www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://transpordiamet.ee https://v.postimees.ee/ https://public.tableau.com/app/profile/transpordiamet/viz/Ktused/Ktusekulukoond https://public.tableau.com/ https://public.tableau.com/views/Ktused/Ktusekulukoond https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com www.fbcdn.net www.cdninstagram.com www.facebook.com https://pixabay.com/ https://www.pexels.com/ http://www.w3.org/ http://www.bohemiancoding.com/sketch/* www.transpordiamet.ee https://stats.g.doubleclick.net/* https://www.transpordiamet.ee/ https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org www.facebook.com https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee/ www.transpordiamet.ee https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org www.facebook.com https://search.google.com/search-console https://transpordiamet.ee www.transpordiamet.ee https://www.facebook.com https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none 1
report-uri https://e1e2b8e74afb23cf57a0fce370833b01.report-uri.com/r/d/csp/enforce;base-uri 'none';default-src 'self' 'unsafe-inline' *.googleapis.com;form-action 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content;connect-src 'self' *.google-analytics.com choices.trustarc.com *.googleapis.com *.analytics.tiktok.com analytics.tiktok.com;frame-src 'self' *.trustarc.com *.google.com/recaptcha/ *.recaptcha.google.com/recaptcha/ *.youtube.com/embed/ *.youtube.com/iframe_api;child-src 'none';script-src 'self' 'unsafe-inline' 'report-sample' 'strict-dynamic' *.googletagmanager.com *.google-analytics.com *.truste.com consent.trustarc.com choices.trustarc.com code.jquery.com connect.facebook.net *.tiktok.com *.consent.truste.com *.analytics.tiktok.com analytics.tiktok.com *.youtube.com/iframe_api 'nonce-f7vDNWLdan2UoxnYPo9b05btysT5kV6y';style-src 'self' 'unsafe-inline' 'report-sample' *.googleapis.com code.jquery.com stackpath.bootstrapcdn.com maps.gstatic.com;worker-src 'none';img-src 'self' data: *.truste.com *.trustarc.com *.googletagmanager.com *.googleapis.com maps.gstatic.com *.facebook.com starbucks-web-prod.oss-ap-southeast-5.aliyuncs.com *.starbucks.co.id *.starbucks-web-prod.oss-ap-southeast-5.aliyuncs.com;font-src 'self' *.googleapis.com fonts.gstatic.com;object-src 'none' 1
frame-ancestors 'self' coursio.com 1
default-src 'self' data: https://*.filmtheaterbetriebe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.filmtheaterbetriebe.de https://*.kinoheld.de https://secure.kps-payment.de https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://*.vimeocdn.com https://*.akamaized.net https://*.payments-amazon.com; worker-src 'self' blob: https://*.filmtheaterbetriebe.de; img-src 'self' https: data: android-webview-video-poster:; style-src 'self' 'unsafe-inline' https://*.filmtheaterbetriebe.de https://fonts.googleapis.com; font-src 'self' data: https://*.filmtheaterbetriebe.de https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' https://*.filmtheaterbetriebe.de; frame-src *; frame-ancestors 'self' https://*.filmtheaterbetriebe.de; connect-src 'self' https://*.filmtheaterbetriebe.de https://*.kinoheld.de https://secure.kps-payment.de https://payments-eu.amazon.com https://vimeo.com; base-uri 'self'; 1
script-src 'self' https://www.googletagmanager.com 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.paypal.com https://cdnjs.cloudflare.com https://js.braintreegateway.com ssapi.shipstation.com https://hankeystoys.ositracker.com https://js.stripe.com https://ads.trafficjunky.net 'unsafe-eval'; object-src 'none'; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://vnbusiness.vn https://*.vnbusiness.vn 1
script-src https://az416426.vo.msecnd.net  https://www.google.com https://www.gstatic.com  'self' 'nonce-2c7c926cb71f47dbb993c07248ec7348'; frame-ancestors https://app.lexipoort.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fnordon.de; img-src 'self' https: data: blob: https://fnordon.de; style-src 'self' https://fnordon.de 'nonce-Sf5/BsoiNwzfqQ0MzN/a3g=='; media-src 'self' https: data: https://fnordon.de; frame-src 'self' https:; manifest-src 'self' https://fnordon.de; form-action 'self'; child-src 'self' blob: https://fnordon.de; worker-src 'self' blob: https://fnordon.de; connect-src 'self' data: blob: https://fnordon.de https://media.fnordon.de wss://fnordon.de; script-src 'self' https://fnordon.de 'wasm-unsafe-eval' 1
frame-ancestors aclibrary.org *.aclibrary.org aclibrary.bibliocms.com *.aclibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src aclibrary.org *.aclibrary.org aclibrary.bibliocms.com *.aclibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.schuff.com/meet-dbm-global/:3 *.hotjar.com/api/ https://www.youtube.com https://www.youtube.com/iframe_api https://m.youtube.com https://googleads.g.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.list-manage.com https://*.google.com https://a.omappapi.com https://content.linkedin.com https://connect.facebook.net https://chimpstatic.com https://downloads.mailchimp.com https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://maps.googleapis.com https://platform.linkedin.com https://ssl.google-analytics.com https://static-exp1.licdn.com https://snap.licdn.com https://script.crazyegg.com https://script.hotjar.com https://static.hotjar.com https://use.typekit.net https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.typekit.net *.google.com *.licdn.com a.omappapi.com downloads.mailchimp.com fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;frame-src 'self' *.youtube.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net maps.googleapis.com my.atlist.com my.atlistmaps.com vars.hotjar.com www.linkedin.com www.googletagmanager.com;child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;img-src 'self' data: blob: *.typekit.net *.gstatic.com *.mailchimp.com *.list-manage.com *.facebook.com *.facebook.net *.fbcdn.net *.googleapis.com *.google.com *.ggpht.com *.crazyegg.com *.linkedin.com *.licdn.com *.doubleclick.net *.googlesyndication.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.google-analytics.com p.adsymptotic.com script.hotjar.com www.googleadservices.com www.googletagmanager.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com script.hotjar.com use.typekit.net;connect-src 'self' *.typekit.net *.hotjar.com *.hotjar.io *.facebook.com *.google.com *.crazyegg.com *.linkedin.com *.licdn.com *.doubleclick.net *.googlesyndication.com api.omappapi.com connect.facebook.net fonts.gstatic.com fonts.googleapis.com maps.googleapis.com www.google-analytics.com www.googletagservices.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self' *.facebook.com *.google.com connect.facebook.net;media-src 'self' dai.google.com media.licdn.com videos.files.wordpress.com;prefetch-src 'self' *.googlesyndication.com;worker-src 'self' blob: www.google.com; 1
frame-ancestors 'self' 9ine.uk.com; 1
frame-ancestors 'self' alis-enc.iii.com alis-encore.iii.com encore.alisweb.org; 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com customlocation.here.com; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
default-src 'none'; frame-ancestors 'self'; form-action 'self' https://*.e-paycapita.com https://hooks.stripe.com https://mms.cardsaveonlinepayments.com https://secure.worldpay.com https://*.paypal.com https://*.opayo.eu.elavon.com/ https://*.sagepay.com; base-uri 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.googletagmanager.com https://www.google.co.uk https://*.clarity.ms/collect https://*.muscula.com https://*.paypal.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://api.reviews.co.uk https://*.addthis.com; font-src 'self' data: https://*.tinymce.com https://*.breakerlink.com https://reviewscouk.s3.amazonaws.com https://fonts.gstatic.com; frame-src 'self' https://*.cookiebot.com https://wp-rocket.me https://confusedmedia.azureedge.net https://*.confused.com https://*.paypal.com https://*.trackingmore.com https://*.googlesyndication.com https://drive.google.com/ https://*.sagepay.com https://*.stripe.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.youtube.com https://widget.reviews.co.uk https://widget.trustpilot.com https://www.google.com https://www.google.co.uk https://*.addthis.com; img-src 'self' data: https://cdn-cookieyes.com https://*.gstatic.com https://*.imagin.studio https://*.w.org https://*.imagin.studio https://*.bing.com https://*.clarity.ms https://www.pay360.com https://s.w.org https://www.carimagery.com https://www.paypalobjects.com https://www.sainsburysbank.co.uk https://secure.gravatar.com https://wp-rocket.me https://*.media.net https://*.awin.com https://*.awin1.com https://*.paypal.com https://api.ecologi.com https://media.reviews.co.uk https://*.googletagmanager.com https://*.tinymce.com https://pagead2.googlesyndication.com https://cdn.breakerlink.com https://s3-eu-west-1.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-cookieyes.com https://*.cookiebot.com https://*.clarity.ms https://*.muscula.com https://*.wistia.com https://*.media.net https://www.paypal.com https://*.trackingmore.com https://polyfill.io https://*.tiny.cloud https://*.tinymce.com https://*.postcodeanywhere.co.uk https://cdn.jsdelivr.net https://secure.worldpay.com https://*.stripe.com https://*.cloudflare.com https://www.googletagservices.com https://*.googlesyndication.com https://graph.facebook.com https://widgets.pinterest.com https://ajax.googleapis.com https://code.jquery.com https://www.gstatic.com https://cdn.breakerlink.com https://*.google.com https://*.google.co.uk https://widget.reviews.co.uk https://widget.trustpilot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.addthis.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.trackingmore.com https://*.tiny.cloud https://*.tinymce.com https://fonts.googleapis.com https://reviewscouk.s3.amazonaws.com https://cdn.breakerlink.com; media-src 'self' https://*.googleusercontent.com https://docs.google.com https://drive.google.com https://www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-AXI-SCRIPT-1716914' 'strict-dynamic'; style-src 'self' 'unsafe-inline' 1
default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
default-src 'self' https://www.youtube.com https://region1.google-analytics.com  https://www.googletagmanager.com https://www.welcomekit.co https://share.transistor.fm https://play.hubspotvideo.com *.drivequant.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com fonts.googleapis.com www.google-analytics.com fonts.gstatic.com platform.linkedin.com secure.page1monk.com connect.facebook.net platform.twitter.com data: 'unsafe-inline'; img-src 'self' data: *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net 4377671.fs1.hubspotusercontent-na1.net *.hsforms.com https://static.hsappstatic.net https://api-na1.hubapi.com https://play.hubspotvideo.com https://share.transistor.fm https://lh5.googleusercontent.com;; upgrade-insecure-requests 1
default-src 'none'; media-src 'self' https://site.danestreet.com; img-src 'self' data: https://*.usefathom.com; script-src 'nonce-3FJkUGX9znCjol' 'unsafe-inline' 'strict-dynamic' https://cdn.usefathom.com/script.js; font-src 'self' data: ; style-src 'self' 'nonce-3FJkUGX9znCjol'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; connect-src https://1s2hmt47uj.execute-api.us-west-2.amazonaws.com https://*.usefathom.com; 1
default-src 'self' fonts.gstatic.com; script-src 'self' fonts.gstatic.com ajax.cloudflare.com 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline' data:; 1
default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://embed.podcasts.apple.com https://w.soundcloud.com https://playlist.megaphone.fm; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'nonce-3eP8Y1Dx1oX3IwLTFY0q4Q=='; style-src 'self' 'unsafe-inline' 1
default-src 'self' https://www.marrtool.com https://www.google.com https://www.recaptcha.net https://newassets.hcaptcha.com https://js.hcaptcha.com/1/api.js https://www.gstatic.com;img-src 'self' data: https://www.marrtool.com;media-src 'self' https://www.marrtool.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.marrtool.com https://www.google.com https://www.recaptcha.net https://newassets.hcaptcha.com https://js.hcaptcha.com/1/api.js https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.marrtool.com https://code.jquery.com; object-src 'self' https://www.marrtool.com; child-src 'self' https://www.google.com https://www.recaptcha.net https://newassets.hcaptcha.com https://js.hcaptcha.com/1/api.js https://www.gstatic.com;form-action 'self' https://www.marrtool.com;frame-ancestors 'self' https://www.marrtool.com; upgrade-insecure-requests 1
worker-src 'self' blob:; default-src 'self' *.linkhouse.co *.google.com test.rejestrcovid.pl cvhost.eu speed.hetzner.de ipv4.download.thinkbroadband.com download.thinkbroadband.com thinkbroadband.com flashart.home.pl www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net  stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com; font-src * data:;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline' https://www.google.com https://nety.pl; frame-src * 'self' https://www.google.com;style-src * 'unsafe-inline'; 1
default-src=self; www.blackhillsinfosec.com; fonts.googleapis.com 1
script-src 'self' 'unsafe-inline' https://js.hs-scripts.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdn.mxpnl.com https://unpkg.com https://www.googletagmanager.com https://snap.licdn.com https://code.jquery.com https://us.floatbot.ai https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://cdn.datatables.net https://static.hsappstatic.net https://www.googleadservices.com https://js.hsforms.net wss: blob: https://floatbot.ai;  1
default-src 'self' *.nthrive.com *.codecorrect.com *.nthriveeducation.com 'unsafe-eval' 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ZEhIObRBiBSwUmsRIppl-w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
connect-src 'self' *.google-analytics.com; 1
script-src 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://webchat-backend.pronto.com.uy/ *.pronto.com.uy fonts.gstatic.com maps.gstatic.com  *.googleapis.com www.googletagmanager.com www.google-analytics.com secure.gravatar.com use.fontawesome.com cdn.jsdelivr.net code.jquery.com stats.g.doubleclick.net stackpath.bootstrapcdn.com unpkg.com www.google.com www.google.com.uy www.gstatic.com *.fonts.googleapis.com konecta-widget.net widget-webchat.pronto.com.uy webchat-backend.pronto.com.uy connect.facebook.net; img-src * 'self' data:; frame-ancestors none; 1
frame-ancestors doradobet.com www.doradobet.com sb1client-altenar.biahosted.com *.virtualsoft.tech https://hondubet.com 1
default-src *; img-src * 'self' data: https://*; font-src 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' www.tranquil.it yoast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.tranquil.it *.hcaptcha.com ; img-src 'self' data: matomo.tranquil.it www.tranquil.it secure.gravatar.com s3.amazonaws.com rgsharedweb.s3.amazonaws.com gravityforms.s3.amazonaws.com s38924.pcdn.co; style-src 'self' 'unsafe-inline' *.hcaptcha.com rgsharedweb.s3.amazonaws.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.tranquil.it; frame-src 'self' wapt.tranquil.it *.livestorm.co *.hcaptcha.com www.youtube.com; object-src 'self' ; connect-src 'self' matomo.tranquil.it *.hcaptcha.com 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-071b47c50aa008c1d396e679e8f740c4' 'nonce-248fdcc224bdd66f9e5efb823091fba3' 'nonce-1a781666f6f2b92315937c1ffb9505a1' 'nonce-1f7d3dbb50bbfb19415a157b6610f170' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-071b47c50aa008c1d396e679e8f740c4' 'nonce-248fdcc224bdd66f9e5efb823091fba3' 'nonce-1a781666f6f2b92315937c1ffb9505a1' 'nonce-1f7d3dbb50bbfb19415a157b6610f170' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-wHf1raqE1KvUYY9AZQzFXA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https://*.mxconnect.com wss://*.mxconnect.com https://*.mxmerchant.com https://*.duosecurity.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://www.youtube.com https://*.ytimg.com https://*.cloudfront.net https://web.delighted.com https://delighted.com wss://ws.pusherapp.com 'unsafe-inline' 'unsafe-eval' data: https://*.mxconnect.com https://*.mxmerchant.com https://*.duosecurity.com; object-src 'none' 1
frame-ancestors 'self'; font-src 'self' data: montepio.org *.montepio.org mymontepio.org *.mymontepio.org 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
default-src 'self' https://www.imoje.pl https://imoje.pl; font-src 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; style-src 'self' 'unsafe-inline' *.ing.pl www.google.com https://www.imoje.pl https://imoje.pl *.ingbank.pl; img-src 'self' data: https://www.facebook.com *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ingbank.pl; frame-src 'self' *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.ingbank.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.facebook.com *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.google-analytics.com *.googletagmanager.com *.ingbank.pl; object-src 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; connect-src 'self' *.ing.pl *.doubleclick.net https://www.imoje.pl https://imoje.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ingbank.pl; frame-ancestors 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; 1
frame-ancestors 'self' https://*.comsenso.com 1
base-uri 'none'; 		form-action 'self'; 		frame-ancestors 'none'; 		object-src 'none'; 		upgrade-insecure-requests 		 1
frame-ancestors 'self' https://badanie.serwersms.pl/; 1
frame-ancestors self https://www.pharmapets.be  1
default-src 'self' https://municipiodequeretaro.gob.mx; connect-src 'self' https://cdn.datatables.net https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://municipiodequeretaro.gob.mx; font-src 'self' data: fonts.gstatic.com https://municipiodequeretaro.gob.mx; frame-src 'self' https://m.facebook.com https://platform.twitter.com https://syndication.twitter.com https://vimeo.com https://web.facebook.com https://www.facebook.com https://www.google.com https://www.instagram.com https://www.youtube.com https://municipiodequeretaro.gob.mx; child-src 'self' https://m.facebook.com https://platform.twitter.com https://syndication.twitter.com https://vimeo.com https://web.facebook.com https://www.facebook.com https://www.google.com https://www.instagram.com https://www.youtube.com https://municipiodequeretaro.gob.mx; img-src 'self' data: https://ajax.googleapis.com https://cdn.datatables.net https://i.ytimg.com https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://municipiodequeretaro.gob.mx; script-src 'self' 'sha256-6BCyWOuJO6/EwPeeKHr3VCGku2RMfLQvF14hkxOmzxM=' 'sha256-l5Wjy9IvTAlgb5YXSh/k1ltxfCX6pRlvKIQ2+QpysGw=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://municipiodequeretaro.gob.mx 'nonce-cdUlfuj3CrWb17Yh'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.datatables.net https://municipiodequeretaro.gob.mx; style-src-attr 'unsafe-inline'; worker-src 'self' https://municipiodequeretaro.gob.mx; upgrade-insecure-requests 1
font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com/recaptcha/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google-analytics.com *.googleapis.com *.gstatic.com 'self' data: www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com/recaptcha/ connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.homoactive.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com 'self' ws: 'self' wss: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google-analytics.com https://www.juso.go.kr;  1
frame-ancestors https://www.rockvalleycollege.edu http://dev.rockvalleycollege.edu http://author.rockvalleycollege.edu https://a.cms.omniupdate.com/11/ https://beta.rockvalleycollege.edu admin.emsicc-qa.com admin.emsicc.com admin.lightcastcc-qa.com admin.lightcastcc.com admin.lightcastcc-qa.io admin.lightcastcc.io https://widget.lightcastcc.com/ 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com rum-static.pingdom.net connect.facebook.net fonts.gstatic.com www.googleadservices.com www.facebook.com doubleclick.net www.google-analytics.com resources.xg4ken.com cdn.krxd.net up.pixel.ad bcp.crwdcntrl.net adservice.google.com s.pinimg.com pixel-a.basis.net pixel.sitescout.com www.google.com ct.pinterest.com consumer.krxd.net 8788596.fls.doubleclick.net googleads.g.doubleclick.net beacon.krxd.net rum-collector-2.pingdom.net beacon.krxd.net stats.g.doubleclick.net bid.g.doubleclick.net public.tableau.com accounts.google.com calendar.google.com stackpath.bootstrapcdn.com; 1
frame-ancestors 'self'; frame-src atps.nl *.atps.nl *.facebook.com facebook.com *.google.com google.com *.cookiebot.com cookiebot.com *.hotjar.com hotjar.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.googletagmanager.com googletagmanager.com *.stuurlui.dev stuurlui.dev 1
frame-ancestors 'self' https://quotes.choicemutual.com/; 1
default-src 'none'; connect-src 'self' blob: yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com *.yandex.com; frame-src 'self' youtube.com www.youtube.com youtube.ru www.youtube.ru vk.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru; img-src 'self' yastatic.net *.yastatic.net yandex.net *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com *.yandex.com data:; media-src 'self' yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com *.yandex.com blob: data:; script-src 'nonce-43526724' 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com *.yandex.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net *.adfox.ru; font-src 'self' yastatic.net data:; child-src blob: yandex.ru *.yandex.ru; base-uri 'self'; 1
worker-src blob:; font-src maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.yieldify-production.com fonts.gstatic.com *.serving-sys.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com *.serving-sys.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.authorize.net *.sharethis.mgr.consensu.org *.sharethis.com *.doubleclick.net *.gateway.mastercard.com data: 'self' *.yieldify.com *.facebook.com *.google.com *.googletagmanager.com *.pinterest.com *.serving-sys.com https://player.vimeo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.cheesecake.com.au *.doubleclick.net *.pinterest.com *.topbuzz.com *.facebook.com *.cloudfront.net *.google.com *.google.com.au *.adroll.com *.yieldify.com *.yieldify-production.com *.serving-sys.com https://a.klaviyo.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.assets.adobedtm.com *.sharethis.com *.googleadservices.com *.google.com *.gstatic.com *.bronto.com *.googleapis.com *.googletagmanager.com *.brontops.com *.cardinalcommerce.com *.signifyd.com *.adform.net *.pinimg.com *.tiktok.com *.yieldify.com *.ibytedtos.com *.ipstatp.com *.facebook.com *.facebook.net googleads.g.doubleclick.net *.adroll.com *.google-analytics.com *.adroll.mgr.consensu.org *.mastercard.com *.klaviyo.com *.serving-sys.com https://static.klaviyo.com https://fast.a.klaviyo.com https://player.vimeo.com https://www.youtube.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.sharethis.com *.klaviyo.com *.serving-sys.com https://fonts.googleapis.com http://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.cardinalcommerce.com *.bronto.com *.brontops.com *.doubleclick.net *.pinterest.com *.tiktok.com *.google-analytics.com *.adform.net *.facebook.net *.klaviyo.com *.yieldify.com *.yieldify-production.com *.google.com *.connectorengine.com wss://stranger.yieldify-production.com/ *.serving-sys.com https://static.klaviyo.com https://fast.a.klaviyo.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cheesecake.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
frame-ancestors 'self'; script-src https://ajax.googleapis.com/ https://eu.yextstatic.com/ https://www.yext.com/ https://tileproxy.cloud.mapquest.com/ https://cmp.osano.com/ https://www.yextstatic.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ https://www.yext-static.com/ https://maps.googleapis.com/ 'nonce-QQJq7aDcmGyzynkFuiUcbw==' https://www.mapquestapi.com/ 'self' https://assets.sitescdn.net/ https://apis.google.com/ https://www.google-analytics.com/ 'report-sample'; style-src https://cdn.jsdelivr.net/ https://ajax.googleapis.com/ https://eu.yextstatic.com/ https://stackpath.bootstrapcdn.com/ 'nonce-em9LIpsZngIKU0bAnwOQ6A==' https://fonts.googleapis.com/ https://meyerweb.com/ https://www.yextstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://www.yext-static.com/ 'self' https://hitchhikers.yext.com/ https://assets.sitescdn.net/ 'report-sample' https://www.gstatic.com/; font-src https://fonts.gstatic.com/ https://www.yext-static.com/ 'self' https://d33wubrfki0l68.cloudfront.net/ https://www.yextstatic.com/; connect-src https://answersstatus.pagescdn.com/ https://schema.yext.com/ https://liveapi-cached.yext.com/ https://sentry.yext.use4a.devops-o2cwhite.net/ https://us.yextevents.com/ https://cdn.yextapis.com/ https://edge.fullstory.com/ https://tattle.api.osano.com/ https://api.smartling.com/ https://rs.fullstory.com/ 'self' https://prod-cdn.us.yextapis.com/ https://a.mktgcdn.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://realtimeanalytics.yext.com/ https://liveapi.yext.com/; img-src http://i.ytimg.com/ http://www.yext.com/ https://i.ytimg.com/ https://www.yext.com/ data: http://ssl.gstatic.com/ https://ssl.gstatic.com/ https://www.yextstatic.com/ http://www.yextstatic.com/ blob: https://www.yext-static.com/ https://maps.googleapis.com/ http://help.yext.com/ http://a.mktgcdn.com/ https://help.yext.com/ http://www.yext-static.com/ http://maps.googleapis.com/ 'self' https://a.mktgcdn.com/ https://realtimeanalytics.yext.com/ http://dynl.mktgcdn.com/ https://dynl.mktgcdn.com/ http://realtimeanalytics.yext.com/; frame-src https://accounts.google.com/ https://*.landingpagespreview.com/ https://www.yext.com/ https://socialplugin.facebook.net/ https://*.starters.yext.com/ 'self' https://www.zuora.com/ https://mozbar.moz.com/ https://sites.yext.com/; default-src 'self'; media-src 'self'; report-uri /cspreports/error?slug=users 1
frame-ancestors 'self' *.testn3.com *.accuform.com *.cybersource.com *.paymentech.net *.chasepaymentechhostedpay.com 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self';                    frame-ancestors 'self';                    script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' https://secure.worldpay.com;                    connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;                    img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://secure.worldpay.com;                    style-src 'self' 'unsafe-inline';                    base-uri 'self';                    form-action 'self' https://secure-test.worldpay.com https://secure.worldpay.com;                    object-src 'none'; 1
default-src charlesstanley.sjv.io utt.impactcdn.com *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; script-src utt.impactcdn.com *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org https://bat.bing.com/; connect-src 'self' charlesstanley.sjv.io *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com https://bat.bing.com/; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com https://bat.bing.com/ * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1
worker-src 'self'; manifest-src 'self'; object-src 'none'; 1
frame-ancestors https://sell.totaram.com https://www.totaram.com 1
default-src 'self' *.multiline.lu; script-src 'self' 'unsafe-inline' *.multiline.lu; style-src 'self' 'unsafe-inline' *.multiline.lu; object-src 'self' *.multiline.lu; img-src 'self' *.multiline.lu data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' c.go-mpulse.net *.google.com *.youtube.com *.googletagmanager.com *.gstatic.com *.ytimg.com fonts.googleapis.com code.jquery.com addevent.com *.tribalfusion.com *.hotjar.com *.facebook.net *.facebook.com stats.g.doubleclick.net *.google.co.in ajax.googleapis.com appdyn.dp-r.com googleads.g.doubleclick.net platform.twitter.com mc.yandex.md mc.yandex.ru static.ads-twitter.com cdnjs.cloudflare.com motiongatedubai.api.useinsider.com bid.g.doubleclick.net  6017350.fls.doubleclick.net analytics.twitter.com maps.googleapis.com *.googleadservices.com *.google-analytics.com t.co *.googleusercontent.com *.mouseflow.com vc.hotjar.io form.123formbuilder.com *.typeform.com policy.cookiereports.com *.google.ae db.onlinewebfonts.com 1
frame-ancestors blueconic.com lumex.com www.lumex.com www.ferroxcube.com www.amphenol-industrial.com 1
frame-ancestors https://www.smi.today https://smi.media https://xn--c1abvl.xn--p1ai 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google-analytics.com/ https://cdn.jsdelivr.net/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/; frame-ancestors 'self'; 1
frame-ancestors kink.com kinkmen.com mrman-kink.com mrskin-kink.com twistedfactory.com 1
default-src 'self' www.banktestov.ru banktestov.ru securepubads.g.doubleclick.net googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.banktestov.ru banktestov.ru cdnjs.cloudflare.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com an.yandex.ru cdn.ampproject.org partner.googleadservices.com adservice.google.am adservice.google.nl adservice.google.com.eg adservice.google.de adservice.google.cz adservice.google.gr adservice.google.ca adservice.google.lv adservice.google.pt adservice.google.me www.googletagservices.com adservice.google.us adservice.google.ge adservice.google.fi adservice.google.sk adservice.google.at adservice.google.com.tr adservice.google.com.tj adservice.google.co.nz adservice.google.ee adservice.google.lt adservice.google.es adservice.google.se adservice.google.it adservice.google.tm adservice.google.co.th adservice.google.be adservice.google.bg adservice.google.no adservice.google.fr adservice.google.co.il adservice.google.kg adservice.google.pl adservice.google.co.uz adservice.google.az adservice.google.co.uk yastatic.net www.googletagmanager.com adservice.google.com.ua adservice.google.com adservice.google.mn adservice.google.md adservice.google.ru adservice.google.kz adservice.google.by googleads.g.doubleclick.net www.googleapis.com clients1.google.com cse.google.com login.vk.com img.yandex.net clck.yandex.ru www.google.com www.google.ru www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com userapi.com cdn.jsdelivr.net mc.webvisor.org mc.yandex.com mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.fr banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com tpc.googlesyndication.com ajax.googleapis.com; object-src 'self' *.googlesyndication.com www.gstatic.com; style-src 'self' 'unsafe-inline' www.banktestov.ru banktestov.ru www.google.com www.gstatic.com stackpath.bootstrapcdn.com cse.google.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; img-src 'self' data: banktestov.ru ad.adriver.ru amc.yandex.ru cse.google.com ssl.gstatic.com favicon.yandex.net an.yandex.ru im2-tub-com.yandex.net *.verify.yandex.ru verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.mds.yandex.net ad.doubleclick.net encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.google.co.nz www.google.by www.google.kz www.google.com.ua www.google.am www.google.fr www.google.ge www.google.sk www.google.fi www.google.com.tr www.google.es www.google.kg www.google.at www.google.az www.google.co.uz www.google.md www.google.lt www.google.de www.google.ca www.google.cz www.google.co.il www.google.nl www.google.us www.google.com.tj www.google.lv www.google.co.uk csi.gstatic.com www.google.ru stats.g.doubleclick.net www.googleapis.com clients1.google.com *.2mdn.net pagead2.googlesyndication.com www.google.pl www.google.ee www.google.com vk.com yastatic.net counter.yadro.ru mc.webvisor.org *.mc.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.fr www.google-analytics.com; media-src 'self' www.banktestov.ru banktestov.ru *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data: blob:; frame-src 'self' id.vk.com awaps.yandex.net www.youtube.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net cse.google.com cse.google.ru awaps.yandex.ru *.doubleclick.net *.googleadservices.com https://*.googleadservices.com *.googlesyndication.com login.vk.com m.vk.com vk.com www.google.com www.google.ru; font-src 'self' data: an.yandex.ru yastatic.net yastat.net stackpath.bootstrapcdn.com fonts.gstatic.com static3.avast.com; connect-src 'self' blob: data: banktestov.ru https://banktestov.ru http://127.0.0.1:29009 http://127.0.0.1:30102 www.cloudflare.com http://amc.yandex.ru yandexmetrica.com:30103 yandexmetrica.com:29010 *.verify.yandex.ru verify.yandex.ru log.strm.yandex.ru an.yandex.ru strm.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net mc.webvisor.org mc.yandex.com ymetrica1.com *.mc.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.uz mc.yandex.md mc.yandex.fr *.gstatic.com; report-uri https://csp.banktestov.ru/ 1
default-src 'self' https://app.vectary.com https://my.spline.design https://fluentconveyors.s3.us-west-1.amazonaws.com https://fluentconveyors.*.*.amazonaws.com https://nocookie.fluentconveyors.com https://www.balingwiredirect.com https://assets.calendly.com https://*.calendly.com https://calendly.com https://maps.google.com https://s.ytimg.com https://www.youtube.com https://fluentconveyors.s3.amazonaws.com https://manager.eu.smartlook.cloud https://web-sdk.smartlook.com https://connect.facebook.net https://balingwiredirect.s3-us-west-2.amazonaws.com https://*.klaviyo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io ws://ws5.hotjar.com wss://*.hotjar.com www.google.ca www.google.com www.clarity.ms tr.lfeeder.com *.linkedin.com static.hotjar.com play.google.com vars.hotjar.com script.hotjar.com bid.g.doubleclick.net *.adsymptotic.com *.hotjar.com www.youtube-nocookie.com maps.googleapis.com www.google-analytics.com  www.googleadservices.com webhooks.remarkety.com www.facebook.com analytics.google.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com h.clarity.ms a.clarity.ms googleads.g.doubleclick.net api.livechatinc.com bat.bing.com connect.faceboo k.net d3ryumxhbd2uw7.cloudfront.net static-tracking.klaviyo.com www.googleadservices.com www.google-analytics.com snap.licdn.com www.gstatic.com sc.lfeeder.com d.clarity.ms webhooks.remarkety.com cdn.livechatinc.com static.klaviyo.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com webhooks.remarkety.com stats.g.doubleclick.net secure.livechatinc.com f.clarity.ms www.shopperapproved.com j.clarity.ms 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://digipres.club; img-src 'self' https: data: blob: https://digipres.club; style-src 'self' https://digipres.club 'nonce-yBAqgzhHKgHdZKjA7hQEZw=='; media-src 'self' https: data: https://digipres.club; frame-src 'self' https:; manifest-src 'self' https://digipres.club; connect-src 'self' data: blob: https://digipres.club https://digipres.club wss://digipres.club; script-src 'self' https://digipres.club 'wasm-unsafe-eval'; child-src 'self' blob: https://digipres.club; worker-src 'self' blob: https://digipres.club 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://translate.google.com/ https://www.google-analytics.com/ https://translate.googleapis.com https://translate-pa.googleapis.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://translate.google.com/ https://www.google-analytics.com/ https://translate.googleapis.com https://translate-pa.googleapis.com/ https://static.addtoany.com/ http://static.addtoany.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com/ http://maxcdn.bootstrapcdn.com/ https://www.gstatic.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
default-src 'self' http: https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.io *.com *.postcodeanywhere.co.uk *.paysafe.com *.pcapredict.com *.googletagmanager.com http *.google-analytics.com *.doubleclick.net *.cloudfront.net *.googleapis.com *.google.com *.googlesyndication.com *.facebook.net *.salesfire.co.uk;connect-src *;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.js http: https: data: *.typekit.net;img-src 'self' *.cloudfront.net http: https: data:;style-src-elem 'self' 'unsafe-inline' *.co.uk *.com *.typekit.net;form-action 'self' *.com;frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests 1
script-src http: https: https://amaroso.com.au/ 'unsafe-inline' 'unsafe-eval' *.flowpaper.com flowpaper.com; style-src 'self' blob: https: 'unsafe-inline' https://amaroso.com.au/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.static.zipmoney.com.au; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.flowpaper.com flowpaper.com *.facebook.com *.hotjar.com *.checkoutv2.instant.one *.checkout.instant.one *.static.zipmoney.com.au *.instant.one *.loudcrowd.com *.dotdigital-pages.com *.foursixty.com; 1
script-src 'self' https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' blob: data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com *.clarivate.com.cn https://*.clarivate.com.cn https://clarivate.com https://*.nr-data.net https://*.zoominfo.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://tag.demandbase.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 1
base-uri 'self';  default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' https://www.termsfeed.com https://code.jquery.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://platform.twitter.com https://www.googletagmanager.com https://*.googlesyndication.com https://adservice.google.com https://donorbox.org https://accounts.google.com https://www.google-analytics.com https://*.googleadservices.com https://c6.patreon.com https://static.cloudflareinsights.com https://pageref.inventive.workers.dev fundingchoicesmessages.google.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat;  style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://accounts.google.com;  font-src 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com;  img-src 'self' blob: data: https://mineskin.org https://api.mineskin.org https://render.mineskin.org https://brand.inventivetalent.dev https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.twitter.com https://*.microsoft.com https://*.cloudinary.com https://*.googleusercontent.com https://*.google.com https://storage.googleapis.com https://c5.patreon.com https://www.paypalobjects.com pagead2.googlesyndication.com;  connect-src 'self' https://mineskin.org https://api.mineskin.org https://*.api.mineskin.org https://accounts.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://abb.inventivetalent.org;  frame-src 'self' https://challenges.cloudflare.com https://accounts.google.com https://platform.twitter.com https://www.patreon.com https://minerender.org https://*.doubleclick.net https://*.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com;  media-src 'self';  worker-src 'none';  report-uri https://inventivetalent.report-uri.com/r/d/csp/enforce;  report-to report-uri 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://planet.moe; img-src 'self' https: data: blob: https://planet.moe; style-src 'self' https://planet.moe 'nonce-QHlDyg3t5eEfv3rzNyi8yg=='; media-src 'self' https: data: https://planet.moe; frame-src 'self' https:; manifest-src 'self' https://planet.moe; form-action 'self'; child-src 'self' blob: https://planet.moe; worker-src 'self' blob: https://planet.moe; connect-src 'self' data: blob: https://planet.moe https://media.planet.moe wss://planet.moe; script-src 'self' https://planet.moe 'wasm-unsafe-eval' 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://shareisland.org:8443/socket.io/ wss://shareisland.org:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self' https://www.paypal.com/donate; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' codesandbox.io *.ingest.sentry.io www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.tibiablackjack.com *.tibiablackjack1.com *.tibiapoker.com *.veno.bet wss://*.tibiablackjack.com wss://*.tibiablackjack1.com wss://*.tibiapoker.com wss://*.veno.bet;img-src 'self' data: tibiablackjack.com res.cloudinary.com;script-src 'self' www.google.com www.gstatic.com www.googletagmanager.com *.cloudflareinsights.com codesandbox.io 'unsafe-inline';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-RDBPM3lkeW5XR2d6eWhsY3IyVWQxc2pET3hHWGhBRDRaV3REVzN4VjF5Zz06WUNiK3Y3dm1Md0JaKzJrcndDY3FrNnlsY1NLZzRVR2NQeVVrQ0FndzVWMD0=' 'self' cloud.wifiinetsys.com.br blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://collabora.wifiinetsys.com.br https://*.tile.openstreetmap.org https://source.unsplash.com https://images.unsplash.com;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443 wss://cloud.wifiinetsys.com.br;media-src 'self' blob:;frame-src 'self' nc: https://collabora.wifiinetsys.com.br;child-src 'self' cloud.wifiinetsys.com.br blob: 'self';frame-ancestors 'self' https://collabora.wifiinetsys.com.br;worker-src blob: 'self';form-action 'self' https://collabora.wifiinetsys.com.br 1
default-src 'self' *.ymea.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.onetrust.com *.facebook.net https://fonts.googleapis.com data: https://fonts.gstatic.com static.addtoany.com www.googleadservices.com privacyportalde-cdn.onetrust.com googleadservices.com ajax.googleapis.com www.google.com/recaptcha/api.js connect.facebook.net cdnjs.cloudflare.com cscoreproweustor.blob.core.windows.net www.google.co.in cdn.cookielaw.org cdn.channelsight.com js.monitor.azure.com browser-update.org www.google.com stats.wp.com translate.google.com www.gstatic.com/recaptcha/ translate.googleapis.com maps.google.com maps.googleapis.com code.jquery.com delivr.net unpkg.com www.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net; img-src * data:; style-src 'self' 'unsafe-inline' privacyportalde-cdn.onetrust.com cdnjs.cloudflare.com cdn.channelsight.com fonts.googleapis.com translate.googleapis.com/translate_static/ cdn.jsdelivr.net maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; font-src 'self' privacyportalde-cdn.onetrust.com https://www.ymea.it data: https://cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.channelsight.com; child-src 'self' static.addtoany.com player.vimeo.com blob: www.google.com *.doubleclick.net www.googletagmanager.com www.youtube.com *.fls.doubleclick.net; connect-src 'self' *.cookielaw.org *.onetrust.com *.facebook.net https://www.google.com https://googleads.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googlesyndication.com analytics.google.com maps.googleapis.com privacyportal-de.onetrust.com privacyportalde-cdn.onetrust.com graph.facebook.com translate.googleapis.com cdn.cookielaw.org geolocation.onetrust.com api.channelsight.com *.analytics.google.com *.google-analytics.com dc.services.visualstudio.com perrigo-privacy.my.onetrust.com stats.g.doubleclick.net; 1
default-src *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.hoodriver.coop *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv billing.hoodriver.coop adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
frame-ancestors https://playwithbrio.com https://*.playwithbrio.com https://minterpop.com https://interpopcomics.com https://*.interpopcomics.com https://human-machine.io https://*.ubisoft.com https://*.gap.com https://ldai.lexusdesign.in https://block-space.app https://nft.evian.com https://happy85.marieclaire.fr https://claim.renaissance.land https://souvie.dev https://tzstaging.com https://*.tzstaging.com https://tezos.com https://studioexception.eu https://cleantree.artshelp.net https://*.vitality.gg https://*.tzconnect.berlin https://metavert.sowvital.com https://proofofperformance.xyz https://pop-six.vercel.app https://play.emergentstcg.com https://www.thegoodsociety.org https://circa.art https://nft.circa.art https://mooncakes.fun https://*.mooncakes.fun https://df97ay9gblnsi.cloudfront.net https://truename.me https://minterpop.com https://*.minterpop.com https://verticalcrypto.art https://*.verticalcrypto.art https://claim.playrecordmint.xyz https://*.manutd.com https://*.trili.tech https://*.mclaren.com https://freetez.tezos.com https://nftshop.hek.ch https://collectibles.flosports.tv https://digital.serpentinegalleries.org https://*.prod.gke.papers.tech https://collectibles.sowvital.com https://bargainer.ai https://www.bargainer.ai https://aigam.es https://www.aigam.es https://convincethebouncer.com https://quests.tezos.com https://tzcollectibles.battletabs.com https://trackmind.tech https://*.starsymphony.io https://kanvas-poa.vercel.app; 1
frame-ancestors 'self' https://adult.activatelearning.ac.uk 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca syf.demdex.net *.syfpos.com *.syf.com landofcoder.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://snapwidget.com https://scontent.cdninstagram.com https://scontent.xx.fbcdn.net *.crazyegg.com https://pdpone.syfpayments.com https://cm.everesttech.net *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://snapwidget.com https://h30-deploy.hiconversion.com https://widgets.syfpayments.com https://js-agent.newrelic.com *.crazyegg.com https://tags.syf.com https://tags.tiqcdn.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.avada.io landofcoder.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://snapwidget.com *.crazyegg.com https://pdpone.syfpayments.com *.syfpos.com https://static.klaviyo.com *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca https://stats.g.doubleclick.net https://api.obviyo.net https://h30-deploy.obviyo.net https://bam.nr-data.net *.crazyegg.com https://pdpone.syfpayments.com https://widgets.syfpayments.com https://dpm.demdex.net *.syfpos.com *.syf.com *.d1.sc.omtrdc.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com https://get.geojs.io *.avada.io landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://digitalpigeon.com  https://*.digitalpigeon.com https://*.digitalpigeon.com.au https://*.digitalpigeon.co.nz https://digitalpigeon-staging.com https://localhost.com:8889 https://digitalpigeon-dev.com:8889; 1
default-src 'self'; connect-src 'self' formulieren.elkerliek.nl *.hotjar.com region1.google-analytics.com *.readspeaker.com; font-src 'self' fonts.gstatic.com script.hotjar.com *.readspeaker.com data:;; frame-src 'self' *.youtube.com *.youtu.be *.readspeaker.com vars.hotjar.com www.youtube-nocookie.com www.google.com; img-src 'self' data: ssl.google-analytics.com *.readspeaker.com *.zorgkaartnederland.nl *.pollennieuws.nl; media-src 'self' *.readspeaker.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com *.google-analytics.com www.googletagmanager.com *.hotjar.com formulieren.elkerliek.nl; style-src 'self' 'unsafe-inline' *.readspeaker.com fonts.googleapis.com formulieren.elkerliek.nl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; form-action http: https: data:; object-src http: https: data:; frame-src http: https: data: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senategop.local https://*.pasenategop.com https://*.addtoany.com https://*.bootstrapcdn.com *.cloudflare.com *.facebook.com *.facebook.net https://*.fbcdn.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.infogram.com https://*.livestream.com https://livestream.com https://*.newrelic.com https://*.bam.nr-data.net https://*.soundcloud.com https://*.teleforumonline.com https://*.typekit.net *.twitter.com https://*.videolinq.net https://*.vimeo.com *.wistia.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; font-src * 'self' data:;; media-src https://*.pasenategop.com https://*.infogram.com https://*.videolinq.net https://*.vimeo.com *.wistia.com; frame-src 'self' *.senategop.local https://*.pasenategop.com https://*.addtoany.com *.facebook.com *.facebook.net https://*.fbcdn.net https://*.google.com https://*.infogram.com https://*.livestream.com https://livestream.com https://*.soundcloud.com https://*.teleforumonline.com https://*.typekit.net *.twitter.com https://vekeo.com https://*.vekeo.com https://*.videolinq.net https://*.vimeo.com https://*.youtube.com https://youtu.be *.wistia.com; frame-ancestors * 'self'; child-src * blob:; connect-src * 1
script-src 'nonce-QK-aIfLQWZ7AsSwFXxnQpw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/adsense_google_com; base-uri 'none' 1
upgrade-insecure-requests;                 default-src 'none';                base-uri 'self';                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://cdn.ampproject.org/ https://ajax.googleapis.com/ https://webapi.affluences.com https://static.affluences.media/ https://www.google-analytics.com https://static.doubleclick.net/ https://*.doubleclick.net/ https://api.bitly.com https://cdn.jsdelivr.net;   img-src 'self' https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://*.tile.openstreetmap.org/ https://www.google-analytics.com https://img.youtube.com https://webapi.affluences.com https://static.affluences.media/ data:;   media-src 'self';   frame-src 'self' https://www.youtube.com https://docs.google.com https://www.google.com;   font-src 'self' https://fonts.gstatic.com/ https://ajax.googleapis.com https://webapi.affluences.com https://static.affluences.media/;   style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://webapi.affluences.com https://static.affluences.media/ https://fonts.googleapis.com/;   form-action 'self' https://haut-koenigsbourg.us7.list-manage.com;   connect-src  'self' https://stats.alsace.eu https://cdn.ampproject.org/ https://freegeoip.app/json/ https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.jsdelivr.net;   manifest-src 'self';   object-src 'none';   frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OGExMjQwYmI2ZmU3NGVjZWE2YWIzZTQ0NDMwOWU2ZGU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nlarbeidsinspectie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nlarbeidsinspectie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nlarbeidsinspectie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src blob: *; frame-ancestors 'self' https://webs.amigoenergy.com https://account.justenergy.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' at.alicdn.com *.alicdn.com *.googleapis.com *.gstatic.com *.baidu.com *.bdimg.com *.xinhongru.com *.highcharts.com *.yutiebing.com *.youku.com *.liantu.com *.highcharts.com *.qq.com *.cnzz.com *.xiaodinghuo.com *.myqcloud.com *.cccme.org.cn *.mmstat.com *.npsmeter.cn *.bilibili.com data: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src https://www.google.com; object-src 'none' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.net/report-uri/enforce 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-aY938_SnyGD-NjCEHSRpfg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors *.yaozh.com 1
default-src 'self';connect-src 'self' https: https://*.stripe.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://cdn.lr-in-prod.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://*.cloudfront.net/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io/ wss://nexus-websocket-a.intercom.io/ https://uploads.intercomcdn.com https://www.google.com/pagead/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://region1.google-analytics.com/ https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ wss://*.hotjar.com https://api.privacy-center.org/v1/events;form-action 'self' https://www.facebook.com https://*.helpdocs.io/;frame-src 'self' https://*.stripe.com https://gum.criteo.com/ https://vars.hotjar.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://fast.wistia.net https://player.ausha.co https://*.dailymotion.com https://www.youtube.com https://www.facebook.com https://airtable.com/ https://*.cloudfront.net/;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: https://*.cloudfront.net/ https://*.stripe.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://cdn.lr-in-prod.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ https://static.criteo.net/ https://sslwidget.criteo.net/ https://sslwidget.criteo.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com wss://ws18.hotjar.com https://sdk.privacy-center.org https://cdn.ravenjs.com https://widget.trustpilot.com https://u.logbor.com/ https://snap.licdn.com/ https://bat.bing.com/ https://www.clarity.ms/;media-src https://*.cloudfront.net/ https://ilek.s3.eu-central-1.amazonaws.com/ https://js.intercomcdn.com/;img-src 'self' data: https: https://*.cloudfront.net/ https://*.stripe.com https://purecatamphetamine.github.io https://ilek.s3.eu-central-1.amazonaws.com/ https://pubads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://www.facebook.com https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://r.casalemedia.com https://dis.criteo.com/ https://ups.analytics.yahoo.com https://ad.360yield.com https://ib.adnxs.com https://x.bidswitch.net https://cm.g.doubleclick.net https://ad.yieldlab.net https://sync-t1.taboola.com https://match.sharethrough.com https://pixel.rubiconproject.com https://sync.outbrain.com https://exchange.mediavine.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://visitor.omnitagjs.com https://eb2.3lift.com https://criteo-sync.teads.tv https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://contextual.media.net https://matching.ivitrack.com https://cm.adform.net;font-src 'self' https://*.ilek.fr data: https://*.cloudfront.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.intercomcdn.com/ https://*.helpdocs.io/;style-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';manifest-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';script-src-attr 'unsafe-inline';base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to * smartlook.cloud e.infogram.com *.smartlook.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net api.mapbox.com e.infogram.com www.facebook.com www.google.com va.tawk.to optimize.google.com www.googleoptimize.com; font-src 'self' data: fonts.gstatic.com; 1
frame-ancestors vdv.onpublix.net crm3.vdv.de www.vdv.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3001 https://www.pxl.to https://app.pxl.to https://demo.pxl.to http://localhost:3000 https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.testimonial.to https://cdn.firstpromoter.com https://t.firstpromoter.com https://api.giphy.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.twitch.tv https://*.spotify.com https://unpkg.com https://nominatim.openstreetmap.org https://*.cdnfonts.com https://*.youtube-nocookie.com https://studio.pxl.to; img-src * data: 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.yumi.co.uk; base-uri 'self' 1
script-src 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; 1
script-src 'self' *.stripe.com *.google-analytics.com stats.g.doubleclick.net *.google.com maps.googleapis.com maps.gstatic.com *.googletagmanager.com 'sha256-8+8Dn59WDtELv2wmvOnT1BcJvjRr/R1kMhFhhBgKRWY=' 'sha256-J3yxS7r9mzXaUXRqEyB9ZeSLRQfTgbKgWbvmaxM03Ic=' 'sha256-aaJJGee8iPgCZcYn4Oye87yU9JUhAt5g/90aYjTZZr4=' locationexplorer.de 'sha256-oYkqZptMeWFv1Y67uMDetk/gLRiEZD4jlb0YbbmNMVU='; default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; img-src 'self' data: *.stripe.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google.de; connect-src 'self' *.stripe.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net; frame-src recruitingapp-5377.de.umantis.com *.stripe.com *.gotowebinar.com *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com locationexplorer.de; 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-ancestors *.colewood.net www.asdamotoring.co.uk staging.uatgocompare.com www.gocompare.com *.preprod-gocompare.com www.czokbrand.com motokiki.com app.easycontactnow.com *.halfords.com hpivaluations.com *.onewomanowner.com *.baalliance.co.uk 'self'; form-action *.colewood.net carwow-uk.pxf.io carwow.co.uk *.carwow.co.uk motoreasy.quotezone.co.uk storage-motoreasy.s3.amazonaws.com www.warrantyassist.co.uk motorway.co.uk www.whocanfixmycar.com *.paypal.com www.facebook.com *.motoreasy.com 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.olark.com https://assurance.sysnetgs.com https://hm.baidu.com; style-src 'self' 'unsafe-inline' https://static.olark.com; font-src 'self' data: https://fonts.gstatic.com https://static.olark.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://knrpc.olark.com; frame-src 'self' https://api.teapplix.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net https://static.olark.com frame-ancestors 'none'; media-src 'self' https://static.olark.com; img-src 'self' data: * 1
frame-ancestors 'self' https://www.spenderfeedback.com 1
default-src 'self' *.spinmybonus.com *.getsitecontrol.com *.getsitectrl.com *.youtube.com *.datamother.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.getsitecontrol.com *.getsitectrl.com;connect-src 'self' *.getsitecontrol.com *.getsitectrl.com *.googletagmanager.com *.google-analytics.com *.firebaseio.com *.doubleclick.net wss: datamother.com;img-src 'self' *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self';font-src data: 'self' *.getsitecontrol.com *.getsitectrl.com 1
script-src 'self' https://statistiek.rijksoverheid.nl http: https: data: blob: 'unsafe-inline' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.sandcastlefs.com/ https://sandcastlefs.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/j/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sandcastlefs.blob.core.windows.net/ http://tile.openstreetmap.org/ https://sandcastlefsmedia.blob.core.windows.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com ajax.googleapis.com data: connect.facebook.net *.facebook.com *.hotjar.com *.hotjar.io www.google-analytics.com static.cloudflareinsights.com *.squarespace.com *.squarespace-cdn.com *.googleapis.com maps.gstatic.com fonts.gstatic.com *.youtube.com player.vimeo.com *.ytimg.com tagmanager.google.com api.quickstream.westpac.com.au www.google.com www.gstatic.com cdn.callrail.com *.intercom.io *.intercomcdn.com ws: *.amazonaws.com *.mailchimp.com *.list-manage.com stats.g.doubleclick.net embedsocial.com app.powerbi.com js-agent.newrelic.com *.nr-data.net * open.spotify.com; 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
form-action  	'self'   https://forum.ravendawn.online   https://www.sandbox.paypal.com   https://www.paypal.com 	https://www.reidoscoins.com.br 	https://www.moedaz.com   https://ravendawn.online 	https://commerce.coinbase.com   https://playground.gateway.paylivre.com   https://gateway.paylivre.com   https://*.stripe.com 	; 			script-src  	'self' 'nonce-8AGrK6Zb9LJGDz4HZAltuA'    https://static.ads-twitter.com   https://static.cloudflareinsights.com 	https://www.googletagmanager.com  	https://*.cloudflare.com  	https://cdn.datatables.net  	https://www.google.com 	https://ajax.googleapis.com 	https://www.gstatic.com 	https://ckeditor.ravendawn.online   https://*.ravendawn.online   https://connect.facebook.net 	; 			frame-ancestors 'none'; 			frame-src  	'self' 	https://www.google.com 	https://www.youtube.com 	https://*.ravendawn.online 	https://www.youtube.com 	; 			object-src 'none'; 			base-uri 'self'; 			report-uri /report-csp-uri; 1
report-uri https://ulcm.report-uri.com/r/d/csp/enforce;base-uri 'none';object-src 'none';frame-ancestors 'self';form-action 'self' https://www.facebook.com;upgrade-insecure-requests;script-src 'self' https://www.googletagmanager.com/ https://bat.bing.com/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://api.swiftype.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://platform.twitter.com/ https://script.crazyegg.com/ 'unsafe-inline' 'strict-dynamic' 'nonce-zHUYRQ0hTE8zZ22TB0OqfFYjsezCtvVS' 1
frame-ancestors 'self' https://vivrelle.com https://*.vivrelle.com 1
frame-ancestors 'self' 'reborns.com' 'musicstack.com'; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *;base-uri 'self';form-action 'self' *;font-src 'self' * 1
default-src 'self' www.youtube-nocookie.com; script-src 'self' 'unsafe-inline'; connect-src 'self' strapi.carrentalgateway.com; img-src 'self' data: d32u13qk2xv01g.cloudfront.net i.ytimg.com; style-src 'self' 'unsafe-inline' data:; font-src 'self' data:; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://stevenberlinjohnson.com https://*.stevenberlinjohnson.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
img-src 'self' data: blob: https://storage.googleapis.com https://mediaslide-us.storage.googleapis.com https://mediaslide-europe.storage.googleapis.com https://node-image-upload.websites.mediaslide.com https://node-email.websites.mediaslide.com; script-src 'self' blob: www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' 'unsafe-inline'; media-src 'self' https://mediaslide-us.storage.googleapis.com; frame-src www.google.com/recaptcha/; style-src 'self' https://cdnjs.cloudflare.com https://www.google.com/recaptcha 'unsafe-inline'; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.ddev.site:35729 https://static.hotjar.com https://script.hotjar.com https://c.leadlab.click *.google-analytics.com *.google.com *.googletagmanager.com https://app.usercentrics.eu; style-src 'self' 'report-sample' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; object-src 'none'; frame-src 'self' *.hotjar.com https://servedby.flashtalking.com https://acame.de app.usercentrics.eu ; child-src 'self';img-src 'self' data: *.googletagmanager.com *.fbcdn.net media-api.flockler.com *.google-analytics.com *.google.com *.google.de app.usercentrics.eu https://static.hotjar.com https://script.hotjar.com;font-src 'self' data:; connect-src 'self' wss://*.ddev.site:35729  api.flockler.com *.leadlab.click *.doubleclick.net *.usercentrics.eu *.google-analytics.com *.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; manifest-src 'self';base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; 1
script-src 'nonce-fIzQ18-LlHcsG8SAUzw4Kg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-homepage; base-uri 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-fda8802c4d91b7f88ea4573279276e1a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; report-to /csp-violation/; form-action 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://code.jquery.com https://snap.licdn.com https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://inventx.jobbase.io https://prescreen.io https://cdn.jsdelivr.net/npm/promise-polyfill@8/ https://js.braintreegateway.com/web/ https://inventx.onlyfy.jobs https://*.dynamics.com https://*.azureedge.net ;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.icomoon.io https://www.gstatic.com https://hello.myfonts.net https://d1azc1qln24ryf.cloudfront.net/26008/inventxch/ https://inventx.jobbase.io https://inventx.onlyfy.jobs https://*.dynamics.com https://*.azureedge.net;  frame-src 'self' https://*.youtube.com https://inventx.jobbase.io https://prescreen.io https://inventx.onlyfy.jobs https://*.dynamics.com https://*.azureedge.net;  object-src 'none';  img-src 'self' data: https://*.w.org *.gravatar.com https://www.google-analytics.com https://*.linkedin.com https://*.google.ch https://*.google.com https://*.ytimg.com https://*.youtube.com https://cns2-53eb.kxcdn.com https://*.dynamics.com https://*.azureedge.net;  font-src 'self' data: https://hello.myfonts.net https://d1azc1qln24ryf.cloudfront.net/26008/inventxch/ https://*.dynamics.com https://*.azureedge.net  https://cdn.icomoon.io;  connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.dynamics.com https://*.azureedge.net https://*.linkedin.com/; 1
default-src 'self' www.youtube.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com twitter.com static.queue-it.net p.typekit.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googleadservices.com connect.facebook.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com www.google-analytics.com stats.g.doubleclick.net optimize.google.com widgets.instantencore.com services.instantencore.com code.jquery.com *.fontawesome.com paylocity.com *.paylocity.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com www.youtube.com twitter.com s.pinimg.com www.googleadservices.com use.typekit.net s.yimg.com static.queue-it.net queue-it.net assets.queue-it.net omahaperformingarts.queue-it.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net static.ads-twitter.com sp.analytics.yahoo.com analytics.twitter.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net googleads.g.doubleclick.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io cdn.siteimprove.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com widgets.instantencore.com services.instantencore.com code.jquery.com recruitingbypaycor.com *.fontawesome.com o-pa.cervistech.com cdn.cervistech.com paylocity.com *.paylocity.com *.rtb123.com *.adsrvr.org cloudfront.net ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca optimize.google.com code.jquery.com paylocity.com *.paylocity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.typekit.net data: tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.youtube.com p.typekit.net pixel-a.basis.net pixel.sitescout.com stats.g.doubleclick.net bat.bing.com t.co www.google.com ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com ssl.gstatic.com lh3.googleusercontent.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.youtube.com widgets.instantencore.com services.instantencore.com s3.amazonaws.com *.fls.doubleclick.net *.analytics.yahoo.com tags.w55c.net pubads.g.doubleclick.net ad.doubleclick.net; media-src 'self' data: blob: www.youtube.com o-pa.org www.o-pa.org ticketomaha.com www.ticketomaha.com vimeo.com player.vimeo.com; frame-src 'self' www.youtube.com twitter.com pixel-a.basis.net pixel.sitescout.com fls.doubleclick.net 6899690.fls.doubleclick.net bid.g.doubleclick.net 8071554.fls.doubleclick.net www.google.com 8093096.fls.doubleclick.net omahapa-preprod.azurewebsites.net ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com www.pinterest.com recruitingbypaycor.com vimeo.com player.vimeo.com *.issuu.com ct.pinterest.com o-pa.cervistech.com paylocity.com *.paylocity.com *.doubleclick.net *.adsrvr.org; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com code.jquery.com *.siteimprove.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net s.yimg.com ct.pinterest.com performance.typekit.net omahapa-preprod.azurewebsites.net bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com stats.g.doubleclick.net www.google-analytics.com optimize.google.com code.jquery.com *.siteimprove.com *.googleadservices.com *.google.com *.facebook.net *.fontawesome.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.business; img-src 'self' https: data: blob: https://mstdn.business; style-src 'self' https://mstdn.business 'nonce-Mkw1vzwEsTnNwl642Y/jiA=='; media-src 'self' https: data: https://mstdn.business; frame-src 'self' https:; manifest-src 'self' https://mstdn.business; form-action 'self'; child-src 'self' blob: https://mstdn.business; worker-src 'self' blob: https://mstdn.business; connect-src 'self' data: blob: https://mstdn.business https://files.mstdn.business wss://mstdn.business; script-src 'self' https://mstdn.business 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.intel.com 1
connect-src www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://search.opendental.com;frame-src https://twitter.com platform.twitter.com syndication.twitter.com https://www.youtube.com;img-src data: 'self' www.google-analytics.com https://www.google.com/ads/ga-audiences abs.twimg.com https://pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net/r/collect;script-src 'self' 'unsafe-inline' google-analytics.com https://ssl.google-analytics.com www.google-analytics.com code.jquery.com https://cdn.syndication.twimg.com api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' code.jquery.com https://ton.twimg.com platform.twitter.com https://fonts.googleapis.com/; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODE2ZjcyN2JhYTg1NGVmNWFiNGViZjY5NzgwMzQxYWY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.domeinenrz.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.domeinenrz.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.domeinenrz.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-/vdFC+M8nsoD6N7vjmxdkg==' 1
default-src 'self'; media-src http://videos.ctfassets.net/ images.sparhandy.de; script-src bat.bing.com/ eu.b2c.com/ http://fonts.gstatic.com/ http://tr.outbrain.com/ http://www.adcell.de https://*.abtasty.com/ https://*.adform.net/ https://ad.doubleclick.net https://aggregator.service.usercentrics.eu/ https://amplify.outbrain.com/ https://analytics.tiktok.com/ https://api.aklamio.com https://api.fraud0.com/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://bt.fraud0.com/api/ https://cdn.parcellab.com/ https://cdn.taboola.com https://connect.facebook.net https://*.criteo.com/ https://*.criteo.net/ https://googleads.g.doubleclick.net/ https://iframe.duverkaufst.de https://jsctool.com https://middleware.sparhandy.de/ https://p.teads.tv/ https://pagead2.googlesyndication.com/ https://script.hotjar.com https://secure.pay1.de https://static.hotjar.com https://t.adcell.com/ https://trc.taboola.com/ https://wave.outbrain.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.dwin1.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.high-mobile.de/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'self' 'unsafe-eval' 'unsafe-inline' ws: wss: www.googleadservices.com/pagead/; img-src 'self' data: * editor-assets.abtasty.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ws: * wss: * https://jsctool.com; font-src https://common-fonts.abtasty.com https://script.hotjar.com https://secure.pay1.de https://themes.googleusercontent.com 'self'; frame-src 'self' ws: * wss: * https://app.usercentrics.eu/ https://cdn.parcellab.com/; frame-ancestors 'self' https://app.contentful.com; object-src 'self'; connect-src *.abtasty.com https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.googletagmanager.com/ 'self' ws: * wss: *; 1
script-src 'self' https://www.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobiletransaction.org/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://ajax.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/;    img-src 'self' data: https://*.mobiletransaction.org/ https://google-analytics.com/ https://*.google-analytics.com/ https://secure.gravatar.com/ https://*.ytimg.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/;    object-src 'self' data: https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/;    frame-src 'self' data: https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/; 1
connect-src 'self' api2.amplitude.com analytics.google.com analytics.tiktok.com api.reviews.co.uk api.reviews.io bam.nr-data.net config.gorgias.chat recommender.scarabresearch.com stats.g.doubleclick.net widget.reviews.io www.google-analytics.com r.lr-ingest.io www.facebook.com o10734.ingest.sentry.io collect-ap2.attraqt.io www.google.com.au api.brauz.ai www.google.com adservice.google.com properties us-east1-898b.gorgias.chat wss://us-east1-898b.gorgias.chat pagead2.googlesyndication.com region1.analytics.google.com maps.googleapis.com www.google.co.nz www.bing.com www.google.co.uk www.google.com.ph www.google.it www.googletagmanager.com www.google.com.fj www.google.com.sg static.afterpay.com www.swimweargalore.com.au www.google.be www.google.ca www.google.co.id www.google.co.in www.google.co.kr www.google.co.th www.google.com.bh www.google.com.hk www.google.com.tr www.google.de www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.nl www.google.se translate.googleapis.com www.google.ae www.google.com.vn www.google.ie www.google.nr ad.doubleclick.net api-cache.reviews.co.uk www.google.com.my www.google.me brauz-api-netlify.netlify.app; font-src 'self' assets.reviews.io cdn.icomoon.io d19ayerf5ehaab.cloudfront.net fonts.gstatic.com d1azc1qln24ryf.cloudfront.net data: swimweargalore-maintenance.s3.ap-southeast-2.amazonaws.com www.swimweargalore.com.au at.alicdn.com; frame-src business.facebook.com www.google.com payments-stest.npe.auspost.zone www.facebook.com td.doubleclick.net payments.auspost.net.au widget.reviews.io player.vimeo.com tpc.googlesyndication.com 'self' www.googletagmanager.com accounts.google.com connect.facebook.net brauz-book-a-stylist.netlify.app; img-src 'self' i.ytimg.com analytics.tiktok.com media.reviews.co.uk assets.reviews.io connect.facebook.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au data: *.cdninstagram.com googleads.g.doubleclick.net site-assets.afterpay.com media.reviews.co.uk reviews-client-content.s3.eu-west-1.amazonaws.com www.googletagmanager.com www.google.ca www.google.co.nz bam.nr-data.net csi.gstatic.com www.google.com.ph www.google.de maps.googleapis.com maps.gstatic.com blob: cdn.honey.io i.vimeocdn.com stats.g.doubleclick.net www.google.co.uk www.google.com.hk www.google.it www.google.co.in www.google.com.sg www.google.co.il adservice.google.com khms0.googleapis.com khms1.googleapis.com www.google.com.cy www.google.com.fj www.google.com.sa www.google.pl analytics.google.com fonts.gstatic.com swimweargalore-maintenance.s3.ap-southeast-2.amazonaws.com uploads.gorgias.io www.couponscdn.com www.swimweargalore.com.au www.google.ae www.google.at www.google.be www.google.cn www.google.co.id www.google.co.kr www.google.co.th www.google.co.vi www.google.co.za www.google.com.bh www.google.com.lb www.google.com.mt www.google.com.mx www.google.com.my www.google.com.pk www.google.com.tr www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.jo www.google.nl www.google.no www.google.nr www.google.rs www.google.se www.paypalobjects.com www.bing.com translate.google.com www.google.com.ng ad.doubleclick.net www.google.com.br www.google.com.np www.google.me; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static.klaviyo.com vimeo.com www.youtube.com/iframe_api www.googleapis.com www.instagram.com apis.google.com cdn.attraqt.io cdn.lr-ingest.io cdnjs.cloudflare.com config.gorgias.chat connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.sandbox.afterpay.com polyfill.io widget.reviews.co.uk widget.reviews.io www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com cdn.scarabresearch.com payments-stest.npe.auspost.zone portal.sandbox.afterpay.com assets.gorgias.chat www.googleadservices.com d3aq2u4yw77ivo.cloudfront.net s7.addthis.com analytics.tiktok.com js.afterpay.com payments.auspost.net.au portal.afterpay.com maps.googleapis.com tpc.googlesyndication.com www.paypal.com www.swimweargalore.com.au cdn.amplitude.com; script-src 'unsafe-eval' 'self' static.klaviyo.com www.instagram.com analytics.tiktok.com apis.google.com assets.gorgias.chat cdn.attraqt.io cdn.lr-ingest.io cdn.scarabresearch.com cdnjs.cloudflare.com config.gorgias.chat googleads.g.doubleclick.net js-agent.newrelic.com polyfill.io widget.reviews.co.uk www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com js.afterpay.com widget.reviews.io maps.googleapis.com payments.auspost.net.au portal.afterpay.com www.googleadservices.com 'unsafe-inline' tpc.googlesyndication.com self; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' assets.reviews.io d19ayerf5ehaab.cloudfront.net d1azc1qln24ryf.cloudfront.net data: fonts.googleapis.com widget.reviews.io cdn.icomoon.io www.swimweargalore.com.au; worker-src blob:; default-src assets.gorgias.chat edgeshoppingstatic.azureedge.net; child-src blob:; style-src fonts.googleapis.com assets.reviews.io data: widget.reviews.io d19ayerf5ehaab.cloudfront.net d1azc1qln24ryf.cloudfront.net 'unsafe-inline' cdn.icomoon.io 'self'; media-src www.bing.com data: ; report-uri https://e5284f7d7dd438ca5f9634fcc1648781.report-uri.com/r/t/csp/enforce 1
frame-ancestors: 'self' https://boboboxservice.com https://bobobox.com; 1
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.amhosting.com https://*.amhosting.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-e8a721b2be57420da7b7e50eb6c571f4' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://vt.social 'wasm-unsafe-eval'; font-src 'self' https://vt.social; img-src 'self' data: blob: https://vt.social; style-src 'self' https://vt.social 'nonce-HMkU3inJxOtJTDQSkaXoUw=='; media-src 'self' data: https://vt.social; frame-src 'self' https:; child-src 'self' blob: https://vt.social; worker-src 'self' blob: https://vt.social; connect-src 'self' blob: data: wss://vt.social https://vt.social; manifest-src 'self' https://vt.social; form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.amivedi.nl.local https://amivedi.nl.local https://*.botest.nl https://*.staging001.cloud.basicorange.nl https://*.basicorange.nl https://amivedi.nl https://*.amivedi.nl https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.jquery.com https://*.mailplus.nl https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.nl https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.adform.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://*.googletagmanager.com/gtm.js* https://fonts.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://maps.googleapis.com https://ajax.aspnetcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://widget.freshworks.com https://basicorange.freshdesk.com https://cdn.amivedi.nl.staging001.cloud.basicorange.nl https://cdn.amivedi.nl https://cdn.datatables.net https://*.sharethis.com https://z.moatads.com https://widgets.pinterest.com; frame-src 'self' https://*.local https://*.botest.nl https://*.basicorange.nl https://vars.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com https://*.adform.net https://*.google.com/recaptcha/api2/ https://www.facebook.com/ https://bid.g.doubleclick.net https://cdn.datatables.net https://maps.googleapis.com/ https://*.sharethis.com; 1
default-src 'self' 'unsafe-inline' data: *.voxbeam.com *.voxbeam.co.uk *; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' webchat.esper.net; 1
default-src 'self' https://akkadia.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plenti-cms.herokuapp.com/v3 ws://localhost:3000 https://api.plenti.com.au https://cdn-assets-prod.s3.amazonaws.com https://*.browser-intake-datadoghq.com https://io.clickguard.com https://*.doubleclick.net https://stats.g.doubleclick.net https://rs.fullstory.com https://analytics.google.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://cdn.heapanalytics.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://hello.myfonts.net https://*.pinterest.com https://*.tgtag.io https://api.trafficguard.ai https://vitals.vercel-insights.com/v1/vitals https://vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com ws://vts.zohopublic.com wss://vts.zohopublic.com; font-src 'self' data: https://fonts.gstatic.com https://css.zohocdn.com; frame-src 'self' https://www.bankstatements.com.au https://io.clickguard.com https://*.doubleclick.net https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://*.pinterest.com https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://forms.zohopublic.com; img-src 'self' data: localhost https://p.adsymptotic.com https://bat.bing.com https://res.cloudinary.com https://cdn-assets-prod.s3.amazonaws.com https://io.clickguard.com https://*.doubleclick.net https://www.facebook.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.google.com https://www.google.com.au https://www.google.pl https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://*.ads.linkedin.com https://*.pinterest.com https://trc.taboola.com https://*.tgtag.io https://assets.vercel.com https://i.ytimg.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; media-src 'self' https://res.cloudinary.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://bat.bing.com https://io.clickguard.com https://www.datadoghq-browser-agent.com https://connect.facebook.net https://edge.fullstory.com https://rs.fullstory.com https://optimize.google.com https://tagmanager.google.com https://www.google.com https://www.google.com.au https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://snap.licdn.com https://s.pinimg.com https://tgtag.io https://*.tgtag.io https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; worker-src blob:; 1
frame-ancestors 'self' outlook.office.com outlook.office365.com *.microsoft.com; 1
default-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 1
script-src 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://adservice.google.co.id https://insight.adsrvr.org/ https://js.adsrvr.org/ https://svc.webspellchecker.net/ https://www.google-analytics.com https://www.washingtonpolicy.org https://*.googleapis.com/ https://*.google-analytics.com/ https://www.gstatic.com/ https://*.google.com/ https://connect.facebook.net https://www.youtube.com https://login.mailchimp.com https://stats.g.doubleclick.net https://www.facebook.com https://bbox.blackbaudhosting.com/ https://payments.blackbaud.com/ https://*.blackbaud.com/ https://washingtonpolicy.bamboohr.com/js/embed.js https://*.disqus.com/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://adservice.google.co.id https://insight.adsrvr.org/ https://js.adsrvr.org/ https://svc.webspellchecker.net/ https://www.google-analytics.com https://www.washingtonpolicy.org https://*.googleapis.com/ https://*.google-analytics.com/ https://www.gstatic.com/ https://*.google.com/ https://connect.facebook.net https://www.youtube.com https://login.mailchimp.com https://stats.g.doubleclick.net https://www.facebook.com https://bbox.blackbaudhosting.com/ https://*.disqus.com/; object-src 'self'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; child-src *; img-src * data:; media-src *; object-src 'none'; 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:;base-uri 'none'; report-uri https://cprmaster.consultprdevsites-18.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; manifest-src 'self'; media-src 'self'; img-src 'self' https://imgsct.cookiebot.com/ https://tile.openstreetmap.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/leaflet@1.9.3/dist/leaflet.js https://unpkg.com/leaflet.markercluster@1.4.1/dist/leaflet.markercluster.js https://unpkg.com/leaflet-gesture-handling@1.2.2/dist/leaflet-gesture-handling.min.js https://unpkg.com/friendly-challenge@0.9.8/widget.module.min.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.matomo.cloud https://juwi.matomo.cloud; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com; object-src 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://juwi.matomo.cloud https://api.friendlycaptcha.com https://api.friendlycaptcha.com/api/v1/puzzle https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/tiny-slider.css; font-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube-nocookie.com; worker-src blob:; 1
default-src 'self' scwstorageprd.blob.core.windows.net scw-cdn-sm-prd-sea.azureedge.net sdi.sats.com.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.googleapis.com *.gstatic.com api.worldtradingdata.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/markerclusterer.js s7.addthis.com z.moatads.com v1.addthisedge.com/live/boost m.addthis.com/live/red_lojson/300lo.json emea3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com ir.listedcompany.com sats.listedcompany.com sdi.sats.com.sg; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com apidojo-yahoo-finance-v1.p.rapidapi.com sdi.sats.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: scw-cdn-sm-prd-sea.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com scw-cdn-sm-prd-sea.azureedge.net sats.listedcompany.com; media-src 'self' data: blob: https://scw-cdn-sm-prd-sea.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com s7.addthis.com www.google.com sats.listedcompany.com sdi.sats.com.sg; connect-src 'self' *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.alphavantage.co api.worldtradingdata.com emea3.recruitmentplatform.com global3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com yh-finance.p.rapidapi.com maps.googleapis.com sdi.sats.com.sg; 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src 'self' *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.clarity.ms *.googleadservices.com *.taboola.com *.trustwave.com *.amplitude.com *.mxpnl.com *.mixpanel.com *.googleapis.com *.google.com *.gstatic.com *.yodlee.com *.decisionlogic.com *.decisions.com *.flinks.com *.fin.ag *.google.af *.google.ax *.google.al *.google.dz *.google.as *.google.ad *.google.ao *.google.ai *.google.aq *.google.ag *.google.ar *.google.am *.google.aw *.google.ac *.google.au *.google.at *.google.az *.google.bs *.google.bh *.google.bd *.google.bb *.google.eus *.google.by *.google.be *.google.bz *.google.bj *.google.bm *.google.bt *.google.bo *.google.bq *.google.an *.google.nl *.google.ba *.google.bw *.google.bv *.google.br *.google.io *.google.vg *.google.bn *.google.bg *.google.bf *.google.mm *.google.bi *.google.kh *.google.cm *.google.ca *.google.cv *.google.cat *.google.ky *.google.cf *.google.td *.google.cl *.google.cn *.google.cx *.google.cc *.google.co *.google.km *.google.cd *.google.cg *.google.ck *.google.cr *.google.ci *.google.hr *.google.cu *.google.cw *.google.cy *.google.cz *.google.dk *.google.dj *.google.dm *.google.do *.google.tl *.google.tp *.google.ec *.google.eg *.google.sv *.google.gq *.google.er *.google.ee *.google.et *.google.eu *.google.fk *.google.fo *.google.fm *.google.fj *.google.fi *.google.fr *.google.gf *.google.pf *.google.tf *.google.ga *.google.gal *.google.gm *.google.ps *.google.ge *.google.de *.google.gh *.google.gi *.google.gr *.google.gl *.google.gd *.google.gp *.google.gu *.google.gt *.google.gg *.google.gn *.google.gw *.google.gy *.google.ht *.google.hm *.google.hn *.google.hk *.google.hu *.google.is *.google.in *.google.id *.google.ir *.google.iq *.google.ie *.google.im *.google.il *.google.it *.google.jm *.google.jp *.google.je *.google.jo *.google.kz *.google.ke *.google.ki *.google.kw *.google.kg *.google.la *.google.lv *.google.lb *.google.ls *.google.lr *.google.ly *.google.li *.google.lt *.google.lu *.google.mo *.google.mk *.google.mg *.google.mw *.google.my *.google.mv *.google.ml *.google.mt *.google.mh *.google.mq *.google.mr *.google.mu *.google.yt *.google.mx *.google.md *.google.mc *.google.mn *.google.me *.google.ms *.google.ma *.google.mz *.google.mm *.google.na *.google.nr *.google.np *.google.nl *.google.nc *.google.nz *.google.ni *.google.ne *.google.ng *.google.nu *.google.nf *.google.nc *.google.tr *.google.kp *.google.mp *.google.no *.google.om *.google.pk *.google.pw *.google.ps *.google.pa *.google.pg *.google.py *.google.pe *.google.ph *.google.pn *.google.pl *.google.pt *.google.pr *.google.qa *.google.ro *.google.ru *.google.rw *.google.re *.google.bq *.google.an *.google.bl *.google.gp *.google.fr *.google.sh *.google.kn *.google.lc *.google.mf *.google.gp *.google.fr *.google.pm *.google.vc *.google.ws *.google.sm *.google.st *.google.sa *.google.sn *.google.rs *.google.sc *.google.sl *.google.sg *.google.bq *.google.an *.google.nl *.google.sx *.google.an *.google.sk *.google.si *.google.sb *.google.so *.google.so *.google.za *.google.gs *.google.kr *.google.ss *.google.es *.google.lk *.google.sd *.google.sr *.google.sj *.google.sz *.google.se *.google.ch *.google.sy *.google.tw *.google.tj *.google.tz *.google.th *.google.tg *.google.tk *.google.to *.google.tt *.google.tn *.google.tr *.google.tm *.google.tc *.google.tv *.google.ug *.google.ua *.google.ae *.google.uk *.google.us *.google.vi *.google.uy *.google.uz *.google.vu *.google.va *.google.ve *.google.vn *.google.wf *.google.eh *.google.ma *.google.ye *.google.zm *.google.zw *.google.net *.google.org *.google.biz *.google.info *.google.name 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src *;style-src * 'unsafe-inline'; 1
frame-ancestors *.netlify.app admin.shopify.com *.myshopify.com online-store-web.shopifyapps.com; 1
base-uri 'none'; object-src 'none'; form-action 'self' *.facebook.com; frame-ancestors 'self'; script-src 'report-sample' 'nonce-Qd6AfTAFIG4L04xFs8gb0g==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; report-to main-endpoint 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://analytics.optimalpeople.fr https://secure.adnxs.com public.joomeo.com *.jotform.com *.jotformeu.com data: wss: http://i.ytimg.com gouiran-beaute.com http://doofindermedia.s3.amazonaws.com https://doofindermedia.s3.amazonaws.com https://www.survio.com/ https://inrecruitingfr.intervieweb.it https://eu1-doofinderuser.s3.amazonaws.com/ http://eu1-doofinderuser.s3.amazonaws.com/ *.youtube.com *.gstatic.com *.cdninstagram.com *.gravatar.com cdn.jsdelivr.net *.doubleclick.net *.gouiran-beaute.com netdna.bootstrapcdn.com *.avis-verifies.com *.nosto.com *.affilae.com *.elfsight.com *.elfsightcdn.com *.googletagmanager.com cdnjs.cloudflare.com static-sb.com static.sb.com *.google.com www.google.fr social-sb.com *.doofinder.com *.be2bill.com *.paypal.com *.google-analytics.com *.googleadservices.com *.hotjar.io *.hotjar.com fonts.gstatic.com maps.gstatic.com ssl.gstatic.com s.w.org sb-img.s3.amazonaws.com t.co *.linkedin.com sb-widget.s3.amazonaws.com bat.bing.com scontent.cdninstagram.com spread-public.s3.eu-west-3.amazonaws.com *.zopim.com *.zopim.io static.ads-twitter.com sjs.bizographics.com *.criteo.com img.youtube.com *.pinterest.com i.pinimg.com apis.google.com maps.googleapis.com www.netreviews.eu *.leguide.com s.kk-resources.com s.kelkoogroup.net *.facebook.net *.facebook.com *.twitter.com *.criteo.net *.zdassets.com *.twimg.com api.socloz.com api.testing.sandbox.socloz.com *.tradedoubler.com https://*.pinimg.com https://*.pinterest.com https://*.google.ie ;  style-src 'unsafe-inline' 'unsafe-eval' 'self' *; font-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: * https://svht.tradedoubler.com/tr_sdk.js 1
frame-ancestors 'self' https://secure.quantumgateway.com; 1
frame-ancestors 'self' https://*.toyota.no https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https://ads.yahoo.com/ https://trc-events.taboola.com https://vimeo.com/ blob:; connect-src 'self' https://s.yimg.com/ https://cdn.linkedin.oribi.io/ https://www.google-analytics.com/ https://www.googleadservices.com/pagead/conversion/ https://pips.taboola.com/ https://www.google.co.in/pagead/attribution/wcm https://cds.taboola.com/ https://google.com/pay https://payments.sandbox.braintree-api.com/graphql https://api.sandbox.braintreegateway.com/merchants/ https://pay.google.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ddr5ccc9pq74ry85 https://www.sandbox.paypal.com/xoplatform/logger/api/logger https://www.sandbox.paypal.com/credit-presentment/log https://in.hotjar.com/api/v2/client/sites/1899954/visit-data https://trc-events.taboola.com/1458254/log/3/unip https://api.mypurecloud.com.au/ wss://streaming.mypurecloud.com.au/chat/jwt/ https://vc.hotjar.io/sessions/1899954 https://ad.doubleclick.net/ https://www.google.com.au/ https://b.sbox.stats.paypal.com https://assets5.lottiefiles.com/packages/ https://bat.bing.com/ *.visualwebsiteoptimizer.com app.vwo.com https://lm.serving-sys.com/ https://stats.g.doubleclick.net/ https://secure-ds.serving-sys.com/ https://bam.nr-data.net https://payments.braintree-api.com/graphql https://api.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://www.paypal.com/ https://analytics.google.com/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://analytics.google.com/g/collect https://px.ads.linkedin.com/wa/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://apps.mypurecloud.com/ https://fonts.gstatic.com/s/opensans/v34/ https://applepay.cdn-apple.com/jsapi/v1/assets/1.0.0/fonts/ data:; frame-src 'self' https://9917932.fls.doubleclick.net/ https://4808515.fls.doubleclick.net/ https://www.google.com/ https://www.facebook.com/ https://pay.google.com/ https://assets.braintreegateway.com/ https://c.sandbox.paypal.com/ https://dev.visualwebsiteoptimizer.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://tsdtocl.com/ https://td.doubleclick.net/ https://www.recaptcha.net/ https://player.vimeo.com/ app.vwo.com https://9366126.fls.doubleclick.net/ https://c.paypal.com/ https://www.paypal.com/ https://www.paypalobjects.com/; img-src 'self' https://ads.yahoo.com/cms/v1 https://dev.visualwebsiteoptimizer.com/ https://pixel.quantserve.com/ https://t.myvisualiq.net/ https://sp.analytics.yahoo.com/sp.pl https://s.tribalfusion.com/visitor https://www.facebook.com/tr/ https://px.ads.linkedin.com/collect https://alb.reddit.com/rp.gif https://cm.g.doubleclick.net/pixel https://bat.bing.com/action/0 https://vxml4.plavxml.com/sited/ref/integration.jsp https://secure.adnxs.com/px https://www.google-analytics.com/collect https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/ https://b.stats.paypal.com/counter.cgi https://hnd.stats.paypal.com/counter2.cgi https://i.imgur.com/4ywwgvB.png https://www.paypalobjects.com/js-sdk-logos/ https://c.sandbox.paypal.com/v1/r/d/b/w data: https://ups.analytics.yahoo.com/ups/57628/sync https://a.tribalfusion.com/i.match https://ads.stickyadstv.com/user-registering https://www.linkedin.com/px/li_sync https://public-prod-dspcookiematching.dmxleo.com/dspreply https://ib.adnxs.com/ https://trc.taboola.com/sg/tfa-eid/1/um/ https://www.gstatic.com/ https://us-u.openx.net/ https://i.vimeocdn.com/video/ https://assets5.lottiefiles.com/packages/ cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ https://www.google.co.in/pagead/1p-user-list/ https://www.google.co.in/ads/ga-audiences https://useruploads.visualwebsiteoptimizer.com/ https://www.google.com.au/ https://dsum-sec.casalemedia.com/rr https://image6.pubmatic.com/ https://pixel.rubiconproject.com/ https://c.paypal.com/ https://t.paypal.com/ https://ad.doubleclick.net/ https://simage2.pubmatic.com/AdServer/Pug https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self' https://pay.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'strict-dynamic' 'nonce-rAnd0m123' 'report-sample'; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com/pagead/conversion/ https://bs.serving-sys.com/Serving https://www.recaptcha.net/recaptcha/api.js https://player.vimeo.com/api/player.js https://stats.g.doubleclick.net/j/collect https://www.paypal.com/checkoutnow/error https://www.paypal.com/smart/buttons/preload https://www.sandbox.paypal.com/smart/buttons/preload https://www.paypal.com/sdk/js https://bam.nr-data.net/events/1/NRJS-d8c45026f403048202f https://bam.nr-data.net/1/NRJS-d8c45026f403048202f https://cdn.taboola.com/libtrc/unip/1458254/tfa.js https://www.paypalobjects.com/muse/muse.js https://hello.myfonts.net/count/3b2f3c https://bat.bing.com/bat.js https://bat.bing.com/action/0 https://dev.visualwebsiteoptimizer.com/ https://static.hotjar.com/c/hotjar-1899954.js https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html https://secure.quantserve.com/quant.js https://bat.bing.com/p/action/23007079.js https://pixel.quantserve.com/pixel/p-DqjwyNPDmH5zE.gif https://trc.taboola.com/1458254/trc/3/json https://cdn.taboola.com/scripts/ https://c.paypal.com/da/r/fb.js https://a.tribalfusion.com/pixel/tags/Simply%20Energy/792833/pixel.js https://www.gstatic.com/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/ https://vxml4.plavxml.com/sited/ref/ https://vt.myvisualiq.net/2/uNcuvNOEiN4QQyR43MfVWA%3D%3D/vt-365.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://t.myvisualiq.net/impression_pixel https://t.myvisualiq.net/sync https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://script.hotjar.com/ https://s.yimg.com/wi/ytc.js https://s.tribalfusion.com/displayAd.js https://rules.quantcount.com/rules-p-DqjwyNPDmH5zE.js https://apps.mypurecloud.com.au/widgets/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://connect.facebook.net/signals/config/160161931353827 https://connect.facebook.net/en_US/fbevents.js https://www.redditstatic.com/ads/pixel.js https://pay.google.com/ https://js.braintreegateway.com/web/ https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://connect.facebook.net/signals/config/1819284704803383 https://js-agent.newrelic.com https://www.google.com/ https://www.paypal.com/; style-src 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample' https://hello.myfonts.net/count/3b2f3c https://apps.mypurecloud.com/webfonts/roboto.css https://fonts.googleapis.com/css2 *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; worker-src 'self' blob:; base-uri 'none'; form-action 'self' https://www.facebook.com/tr/ https://dev.visualwebsiteoptimizer.com/; frame-ancestors 'self' https://simplyenergy.my.salesforce.com https://hansencis-dr.se.hsntech.com https://hansencis.se.hsntech.com https://myaccount.simplyenergy.com.au cpq.se.hsntech.com cpq-dr.se.hsntech.com simplyenergy.lightning.force.com https://hansencis.se.hsntech.com/EnergyPortal hpg-prod.se.hsntech.com https://se10.smartcmobile.com https://hpg-dr.se.hsntech.com; upgrade-insecure-requests 1
default-src 'self' *;script-src 'self' 'unsafe-inline' 'nonce-Kj3Z/bmvdaduPcFqd3sN0eqW' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' data: maps.gstatic.com maps.googleapis.com media.pressburst.app syndication.twitter.com www.google-analytics.com 1
frame-ancestors self https://*.laxmisunrise.com https://*.laxmibank.com 1
frame-ancestors 'self' https://liebermannkiepereddemann.de 1
reflected-xss 'filter' 1
default-src 'self' https://localhost:* wss: blob: https: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; connect-src 'self' https://localhost:* http://127.0.0.1:* wss: blob: https: data:; script-src 'self' https://localhost:* wss: uipath-web: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: blob: data: 'unsafe-inline' 1
default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.ytimg.com dotcms.com *.dotcms.com agilecrm.s3.amazonaws.com *.amazonaws.com *.social9.com *.g.doubleclick.net *.googlesyndication.com *.google.co.cr *.google-analytics.com *.gstatic.com *.google.com *.google.ca;  script-src   'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com *.jquery.com *.googletagservices.com *.googleadservices.com *.googlesyndication.com *.trustpilot.com *.jsdelivr.net *.bitrix24.com *.cloudflare.com *.social9.com *.facebook.net *.calq.io *.amazonaws.com *.agilecrm.com *.google.com *.google.ca costarica.agilecrm.com *.google.co.cr *.googleapis.com *.google-analytics.com *.googlesyndication.com *.gstatic.com;  style-src    'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.amazonaws.com *.cloudfront.net *.google.com *.googleapis.com *.social9.com *.gstatic.com *.maxcdn.com;  font-src     'self' data: *.fontawesome.com *.youtube.com *.googleapis.com *.google.com *.s3.amazonaws.com *.maxcdn.com *.gstatic.com;  frame-src    'self' *.hotelplanner.com costarica.travelsherlock.com *.googleapis.com youtu.be *.googlesyndication.com *.trustpilot.com *.youtube.com *.bitrix24.com *.amazonaws.com *.facebook.com *.g.doubleclick.net *.youtube.com *.maxcdn.com *.google.com *.google.ca;  child-src    'self' *.amazonaws.com *.facebook.com *.g.doubleclick.net *.youtube.com *.maxcdn.com *.google.com *.google.ca;  connect-src  'self' *.costarica.com *.google.com *.fontawesome.com *.googlesyndication.com costarica.agilecrm.com *.gstatic.com *.calq.io *.google-analytics.com *.g.doubleclick.net *.youtube.com;  object-src   'self' ;  report-uri https://costarica.report-uri.com/r/d/csp/enforce;  1
default-src'self';img-src'self';object-src'none';script-src'self';style-src'self';frame-ancestors'self';base-uri'self';form-action'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://egweb.servidor.gal https://*.w.org https://p.typekit.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://*.gstatic.com https://use.fontawesome.com https://*.gigya.com https://*.sap.com https://frontal.estrellagalicia.es https://static.addtoany.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google.com https://cdn.plyr.io https://cdn.onesignal.com *.onesignal.com https://*.youtube.com https://*.youtube.com/embed http://*.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://*.cookiebot.com https://onesignal.com https://images.hdriv.es https://www.google.es *.typekit.net *.amazonaws.com *.ondemand.com *.gravatar.com *.doubleclick.net *.google-analytics.com *.analytics.google.com https://googletagmanager.com https://*.googleapis.com https://*.google.com https://*.sharethis.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://cdn.rawgit.com https://ajax.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.twitter.com https://*.twimg.com/ https://rum.monitis.com https://*.ondemand.com https://targetemsecure.blob.core.windows.net https://cdn.polyfill.io https://*.slgnt.eu https://*.adform.net https://*.landbot.io https://*.giphy.com wss://*.firebaseio.com https://*.firebaseio.com https://*.ads-twitter.com https://t.co https://*.twitter.com https://view.genial.ly https://*.tile.openstreetmap.org https://*.openstreetmap.org https://p.teads.tv/ https://s.pinimg.com/ct/ https://ct.pinterest.com/user/ https://ct.pinterest.com/v3/ https://ct.pinterest.com/ https://l.teads.tv/* https://cm.teads.tv/v2/advertiser https://t.teads.tv/track https://fabrica.os.tc/; 1
base-uri 'self'; upgrade-insecure-requests; default-src 'self'; frame-ancestors 'self'; manifest-src https://www.iteracy.com/; media-src 'self'; form-action 'self' https://*.google.co.uk/; connect-src 'self' https://*.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net/j https://www.googletagmanager.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; img-src 'self' https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com/ https://translate.google.com https://i.ytimg.com data: ; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-cD5eMMeIhij+t5qqMHspgqfl0knbrnqj+04uuwqwm7s=' https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha/ https://*.google-analytics.com https://translate.google.com https://www.googletagmanager.com https://js.stripe.com 'report-sample'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/ https://embed.ted.com/ https://www.googletagmanager.com https://js.stripe.com; font-src https://fonts.gstatic.com data:; report-uri https://www.iteracy.com/csp_report.php; 1
default-src 'self' https://*.roshd.ir https://*.yektanet.com https://www.aparat.com https://*.google.com https://maps.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.roshd.ir https://*.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.roshd.ir https://*.gstatic.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://ua.yektanet.com https://www.google-analytics.com data:; script-src-elem 'self' https://*.roshd.ir https://*.getclicky.com https://*.google.com https://maps.googleapis.com https://cdn.yektanet.com https://native-scripts.yektanet.com https://partner.googleadservices.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; frame-src 'self' https://*.roshd.ir https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://*.roshd.ir https://www.aparat.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru st.top100.ru counter.rambler.ru openstat.net yandex.st yastatic.net top-fwz1.mail.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.recaptcha.net; 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' *.start-pagesearch.com; script-src 'self' 'report-sample' *.start-pagesearch.com 'sha256-GGBo8gBY885xYvY7bjeWuInjeYICMEc0lMmxkN3Uh2M=' 'sha256-w8Zb8pbFFyfmRVOZrgiCCcIhHaEBKhjW8uNc9iWFIIM=' https://static.cloudflareinsights.com https://api.bing.com https://www.google.com; img-src 'self' data:; style-src 'self' 'report-sample' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.start-pagesearch.com 1
frame-ancestors 'self' https://*.fitnesstime.com.sa; 1
default-src 'self'; connect-src 'self' https://*.islandsbanki.is https://*.isbank.is https://*.firebaseio.com https://cdn.firebase.com https://*.isb.is https://www.audkenni.is https://firestore.googleapis.com/ https://adobedc.demdex.net https://*.adobedc.net ; script-src 'self' 'unsafe-inline' https://assets.adobedtm.com ; img-src 'self' https://cdn.islandsbanki.is https://www.cdn.islandsbanki.is https://*.islandsbanki.is https://www.google.com/images data: ; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'; frame-ancestors 'none'; media-src 'none' 1
frame-ancestors 'self' www.dennis-carpenter.com 1
default-src 'self' data: blob: wss: *.youtube.com youtube.com developer.livehelpnow.net *.membee.com *.amazon-adsystem.com *.tableau.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.monitor.azure.com https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.visualstudio.com https://*.services.visualstudio.com https://cdn.jsdelivr.net https://insight.adsrvr.org https://*.tableau.com https://*.vimeo.com https://*.youtube.com https://cdn.polyfill.io https://developer.livehelpnow.net https://f.vimeocdn.com https://player.vimeo.com https://www.vimeo.com https://c.amazon-adsystem.com https://www.google.com https://www.gstatic.com https://memberservices.membee.com https://*.membee.com/ https://s.amazon-adsystem.com https://*.googleapis.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com www.googletagmanager.com insight.adsrvr.org developer.livehelpnow.net membee.com *.googleapis.com;img-src 'self' data: blob: *.google.com *.google-analytics.com fonts.gstatic.com insight.adsrvr.org *.bidswitch.net trkn.us www.googletagmanager.com *.tableau.com *.vimeocdn.com *.vimeo.com developer.livehelpnow.net membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.yahoo.net *.adsrvr.org *.rubiconproject.com;media-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com developer.livehelpnow.net *.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com;frame-src 'self' https://*.bluemod.us https://*.bluemod.me https://*.azurewebsites.net https://*.chfainfo.com https://insight.adsrvr.org www.googletagmanager.com https://player.vimeo.com https://*.google.com https://vimeo.com *.vimeo.com https://*.youtube.com https://www.youtube.com/embed/ https://*.tableau.com *.livehelpnow.net s-static.ak.facebook.com static.ak.facebook.com www.facebook.com twitter.com linkedin.com https://*.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com dn.livehelpnow.net cdn.livehelpnow.net membee.com;connect-src 'self' *.livehelpnow.net fonts.gstatic.com fonts.googleapis.com *.google.com *.applicationinsights.azure.com fonts.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com insight.adsrvr.org *.tableau.com dc.services.visualstudio.com vimeo.com app.livehelpnow.net wss: membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com;base-uri 'self';child-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com www.googletagmanager.com *.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com *.googleapis.com;form-action 'self';frame-ancestors 'self' https://*.bluemod.us https://*.bluemod.me https://*.azurewebsites.net https://*.chfainfo.com https://insight.adsrvr.org https://*.tableau.com https://*.vimeo.com https://*.youtube.com https://*.membee.com *.amazon-adsystem.com *.adnxs.com *.doubleclick.net *.yahoo.com;manifest-src 'self';worker-src 'self' https://*.youtube.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self'; connect-src https://*.logitech.io 'self'; img-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
frame-ancestors https://gitcode.com https://www.gitcode.com 1
default-src 'unsafe-inline' *; img-src 'unsafe-inline' *; media-src 'self'; script-src 'self' www.forums.gardengatemagazine.com www.forums.woodnet.net forums.woodnet.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net cdn.ampproject.org tpc.googlesyndication.com secure.augusthome.com images.ahpc.us adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.typekit.net *; font-src 'self' data: *; form-action 'self' *; frame-ancestors 'self'; reflected-xss block; 1
default-src 'none'; img-src * data:; script-src 'nonce-searchG2NEI638415775765738177' 'nonce-datadogNEIScript_70001638415775765738184' 'nonce-gtmNEIScript_70001638415775765738187' 'nonce-LoadScriptJS_STATIC_NONCE_KEY638415775765738188' 'nonce-LoadScript_STATIC_NONCE_KEY638415775765738190' 'self' 'unsafe-eval' 'nonce-LoadFlowbiteScript_STATIC_NONCE_KEY638394109598672226' 'nonce-gtmNEIScript_70001638332442437105913' https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.web-2-tel.com https://*.mrelectric.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com; object-src 'none'; connect-src auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.natpal.com https://*.linkedin.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com; manifest-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.nblyprod.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com 1
frame-ancestors *.sa-canada.int.ally.com *.smartauctionlogin.ca *.smartauctionhome.com sa.int.ally.com smartauctionlogin.int.ally.com *.smartauctionlogin.com *.enterpriseremarketing.int.ally.com *.sa-avis.int.ally.com *.enterprisecanada.int.ally.com *.enterpriseremarketing.ca *.enterpriseremarketing.com *.acmeremarketing.int.ally.com *.acmeremarketing.com *.vauto.com; object-src 'none'; form-action 'self'; 1
frame-ancestors 'self' https://mt.telummedia.com 1
default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' vdlp.containers.piwik.pro www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com cdnjs.cloudflare.com www.googleadservices.com www.google.com www.google.nl snap.licdn.com connect.facebook.net *.gstatic.com gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com *.gstatic.com gstatic.com; object-src 'self'; img-src 'self' vdlp.piwik.pro maps.googleapis.com data: www.gravatar.com googleads.g.doubleclick.net www.google.com www.google.nl www.google-analytics.com px.ads.linkedin.com www.facebook.com *.gstatic.com gstatic.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' vdlp.containers.piwik.pro www.google-analytics.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com www.google.nl google.nl connect.facebook.net px.ads.linkedin.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' www.google.com www.google.nl player.vimeo.com; upgrade-insecure-requests; 1
default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.de *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-yUfQ0d9Y01kKqG8jUueR4C76tTHmkPZOHK4iccdFZm0=' 'strict-dynamic' 'self' tif.ionos.de frontend-services.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-yUfQ0d9Y01kKqG8jUueR4C76tTHmkPZOHK4iccdFZm0='; frame-src data: 'self' *.ionos.de *.ionos.com; child-src data: 'self' *.ionos.de; connect-src 'self' ahab.ionos.com sherlock.de.ac1.server.lan sherlock.ionos.de sentry.ionos.com hed.ionos.de navigation.ionos.de frontend-services.ionos.com t.ionos.de 4tdc8ll7wtnf.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-havBsBdhtt1j/WaztdALGdPY0nWd7hnLg+WrJtmFk9WHS4TA' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.tools.investis.com *.google-analytics.com stats.g.doubleclick.net staticcontents.investisdigital.com ipapi.connectid.cloud geoid.investisdigital.com cookiemanager.investisdigital.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://cdn.linkedin.oribi.io/ assets.investisdigital.com *.amazonaws.com *.linkedin.com *.analytics.google.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.highcharts.com *.tools.investis.com www.google-analytics.com staticcontents.investisdigital.com ipapi.connectid.cloud https://sc.lfeeder.com https://snap.licdn.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net https://use.typekit.net/ https://p.typekit.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com brightcove.hs.llnwd.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com f12.cf.brightcove.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com maps.google.com player.vimeo.com https://www.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com https://use.typekit.net/; report-uri /report-csp-violation 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com https://www.facebook.com/tr https://s.yimg.com/wi/ https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://www.google.com https://8052564.fls.doubleclick.net; frame-ancestors 'self'; font-src 'self' ; form-action 'self'; img-src 'self' *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://i.ytimg.com data: https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.nz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com https://www.youtube-no-cookie.com https://s.ytimg.com https://connect.facebook.net https://s.yimg.com/wi/ https://sp.analytics.yahoo.com https://code.jquery.com/; style-src 'self' 'unsafe-inline'; 1
frame-ancestors https://stratolaunch.frb.io https://www.stratolaunch.com 1
script-src 'nonce-NRNx89dU+iqo52NjjKCTKvK2OY1epHir/1w2UagF89I=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; object-src 'none'; base-uri 'none'; 1
connect-src 'self' https://consentcdn.cookiebot.com  https://www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com  youtube.com www.youtube.com https://www.facebook.com https://destinilocators.com https://player.vimeo.com/ https://d2c2pc4938x49p.cloudfront.net/ https://d3oe0yoemy00cg.cloudfront.net/; img-src *; script-src 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js  'unsafe-inline'; script-src-elem 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net 'sha256-t/nwnYa7CkMOiVkh2Bp3iW7JLICRxPsGkN0O0OonnW0=' 'sha256-CF1J8IwfSw2kT/tIoH1iFqIe0uHe0G+WGrB3BL16Bco=' 'sha256-+hZyosobhUriFr+VybdepsNA5z3yB8a4szXMZOj+030=' 'sha256-3EAKSgo1aFAMv86iit3lZDIclGW8iQhpBj+6ZG+Zu3s=' 'sha256-c0+CseKyBLY+S5BTdE0UHs5mBWL8UTl1dd7NLDFlIq4=' https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js 'sha256-VyR/+TC4HI+6r6SEq5lfv7Xbzc+yhbJZtp00/egP0pM=' 'sha256-P9MnoWaMwcEMOEPeWnorxhSQ2Fb0lofchey4YsOYeu4=' 'sha256-Gp70VQyXtfY9dEFKEiJwOY1H1SuwVcnnopbUg2QcnXw=' https://destinilocators.com/bolthousefarms/pdpwidget/install/ 'sha256-p9ehbm2jeUJA9MPUO+l/xAReN+wscpsOmTxy4KXIZ8w=' ; 1
frame-ancestors https://www.unitedtractors.com/; 1
default-src 'self' *.elfsight.com *.google.com *.klaviyo.com *.paypal.com *.stripe.com *.trustpilot.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.elfsight.com *.google.com *.google.ie *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.jsdelivr.net *.klaviyo.com *.paypal.com *.paypalobjects.com *.stripe.com *.trustpilot.com;         style-src 'self' 'unsafe-inline' *.elfsight.com *.googleapis.com *.klaviyo.com *.paypal.com *.stripe.com *.trustpilot.com;         img-src 'self' data: *.elfsight.com *.elfsightcdn.com *.google.ie *.google.com *.google-analytics.com *.googletagmanager.com *.klaviyo.com *.stripe.com *.trustpilot.com;         font-src 'self' data: *.googleapis.com *.gstatic.com *.klaviyo.com;         connect-src 'self' *.doubleclick.net *.elfsight.com *.google.com *.google-analytics.com *.klaviyo.com *.paypal.com *.stripe.com;         frame-ancestors 'none';         form-action 'self' *.google.com *.doubleclick.net *.google-analytics.com *.paypal.com *.stripe.com;         base-uri 'self';         object-src 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src 'self' https://hm.baidu.com/hm.js?eeb9ca8dcf2e21fca921de5881285b17 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kinky.business; img-src 'self' https: data: blob: https://kinky.business; style-src 'self' https://kinky.business 'nonce-JVjLTNOId09vvMOhUV+l/Q=='; media-src 'self' https: data: https://kinky.business; frame-src 'self' https:; manifest-src 'self' https://kinky.business; form-action 'self'; child-src 'self' blob: https://kinky.business; worker-src 'self' blob: https://kinky.business; connect-src 'self' data: blob: https://kinky.business https://assets.kinky.business wss://kinky.business; script-src 'self' https://kinky.business 'wasm-unsafe-eval' 1
font-src www.rockford.edu fonts.gstatic.com use.typekit.net; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rockford.edu https://bbox.blackbaudhosting.com/webforms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uchat.co/ ajax.googleapis.com/ajax/libs/jquery/1.10.2/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ 1
script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data: blob: https:; font-src 'self'; connect-src 'self' https://clubcyberia.co wss://clubcyberia.co; media-src 'self' https:; frame-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self'; default-src 'none'; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-227049b3-38d9-48c3-885e-9ff96f2d3589' https://www.google.com/recaptcha/api.js; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' admin.hamiltonlane.com 1
frame-ancestors 'self' https://teams.microsoft.com *.office.com *.office365.com https://teamsproxy.service-now.com/ *.microsoft365.com 1
frame-ancestors wiki.nenaprasno.ru vse.nenaprasno.ru screen.nenaprasno.ru ask.nenaprasno.ru http://localhost:3000 nenaprasno.ru wiki.klbrtest.ru media.nenaprasno.ru hso.nenaprasno.ru 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.youtube.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.s3.amazonaws.com https://p.alocdn.com/ region1.google-analytics.com store.paradoxlabs.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com/ https://www.gstatic.com/ d2z0bn1jv8xwtk.cloudfront.net/ assets.springbot.com/ www.googletagmanager.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.authorize.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de region1.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.authorize.net *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.philips.ae *.philips.com *.philips.ae https://philipsigtdpv.com 1
frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aviva.co.uk https://2o7.net https://omtrdc.net https://tt.omtrdc.net https://omniture.com https://*.demdex.net https://cookielaw.org https://qualtrics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://cm.everesttech.net https://assets.adobedtm.com https://edge.adobedc.net https://cdn.decibelinsight.net https://cdn-ukwest.onetrust.com https://collection.decibelinsight.net https://smetrics.aviva.co.uk; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://aviva.co.uk https://cookielaw.org https://cdn-ukwest.onetrust.com; connect-src 'self' https://smetrics.aviva.co.uk https://*.demdex.net https://cookielaw.org https://qualtrics.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net; font-src 'self'; child-src 'self' https://*.google.com/ https://*.demdex.net; object-src 'self'; media-src 'self'; frame-ancestors 'self'; 1
child-src 'self' www.youtube.com *.dynamics.com blob:;  1
font-src 'self' https://fonts.gstatic.com script.hotjar.com; img-src 'self' https://imgsct.cookiebot.com https://our.umbraco.com https://dashboard.umbraco.com *.xx.fbcdn.net https://scontent.cdninstagram.com https://media-api.flockler.com *.licdn.com https://fl-1.cdn.flockler.com https://files.elfsight.com https://elfsight.com *.elfsightcdn.com *.privacysandbox.googleadservices.com *.lfeeder.com https://www.duravermeer.nl *.vimeocdn.com www.linkedin.com px.ads.linkedin.com dc.ads.linkedin.com www.facebook.com script.hotjar.com https://googleapis.com maps.googleapis.com maps.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl *.ytimg.com *.indeed.com https://*.hubspot.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://plugins.flockler.com https://fl-1.cdn.flockler.com *.elfsight.com *.lfeeder.com snap.licdn.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net static.hotjar.com script.hotjar.com resourcemanager-14b2c04f2d9-14c46413f6d.secure.force.com duravermeer.my.salesforce-sites.com *.cookiebot.com https://googleapis.com maps.googleapis.com tagmanager.google.com https://*.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.youtube.com *.ytimg.com https://player.vimeo.com https://corpsite-analytics.duravermeer.nl https://*.hs-scripts.com/ https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com; style-src 'self' 'unsafe-inline' https://fl-1.cdn.flockler.com https://fonts.googleapis.com tagmanager.google.com; connect-src 'self' https://our.umbraco.com https://plugins.flockler.com https://api.flockler.app https://stats-api.flockler.app *.elfsight.com https://googleapis.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://corpsite-analytics.duravermeer.nl https://consentcdn.cookiebot.com https://vimeo.com wss://*.hotjar.com *.hotjar.com:* vc.hotjar.io:* https://noembed.com cdn.plyr.io resourcemanager-14b2c04f2d9-14c46413f6d.secure.force.com duravermeer.my.salesforce-sites.com https://*.hs-banner.com https://*.hubspot.com https://*.hubapi.com https://px.ads.linkedin.com/; frame-src 'self' https://www.duravermeer.nl  vars.hotjar.com resourcemanager-14b2c04f2d9-14c46413f6d.secure.force.com duravermeer.my.salesforce-sites.com *.cookiebot.com *.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://*.hubspot.com 1
default-src 'self';img-src * 'self' data: https:;font-src 'self' data: https://fonts.googleapis.com;style-src 'self' 'unsafe-inline' https://unpkg.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://vk.com https://connect.facebook.net https://mc.yandex.ru https://code.jquery.com/ https://google.com/ https://www.google.com/ https://www.gstatic.com/ https://web3tech.ru;object-src 'none';connect-src 'self' https://mc.yandex.ru https://www.facebook.com https://vk.com https://www.google-analytics.com https://google.com/ https://www.googletagmanager.com https://www.gstatic.com/;frame-src 'self' https://www.youtube.com https://youtube.com https://www.google.com/ 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.omise.co *.treasuredata.com *.truck2hand.com *.cloudflare.com *.cloudflareinsights.com *.facebook.com *.facebook.net *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.co.th *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.googletagservices.com *.omise.co *.firebaseio.com *.googleapis.com *.anymind360.com anymind360.com adservice.google.com.vn *.adlooxtracking.com *.sentry.io *.hs-scripts.com *.hsforms.net *.hsforms.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.firebaseapp.com *.adbro.me *.thetradedesk.com; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; block-all-mixed-content ; font-src 'self' https: data:; frame-src 'self' cdn.omise.co *.google.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.omise.co *.anymind360.com anymind360.com adservice.google.com.vn *.googletagservices.com *.adlooxtracking.com *.youtube.com *.hs-scripts.com *.hubspot.com *.hsforms.net *.hsforms.com *.firebaseapp.com *.adbro.me; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' data: blob: ws: 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.treasuredata.com *.facebook.com *.facebook.net *.truck2hand.com *.cloudflare.com *.cloudflareinsights.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.co.th *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.googletagservices.com *.omise.co *.firebaseio.com *.googleapis.com *.anymind360.com anymind360.com adservice.google.com.vn *.adlooxtracking.com *.sentry.io *.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.firebaseapp.com *.hsforms.net *.hsforms.com *.adbro.me *.thetradedesk.com; upgrade-insecure-requests ; form-action 'self' *.hsforms.net *.hsforms.com *.facebook.com 1
default-src http: https: 'unsafe-inline' 'unsafe-eval' data:;frame-ancestors 'self' *.gov.cn 1
frame-ancestors 'self' https://app.aireye.tech 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/ https://irc.reelflix.xyz; connect-src 'self' https://reelflix.xyz:8443/socket.io/ wss://reelflix.xyz:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-src 'self' https://gafg.widencollective.com https://vars.hotjar.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://static.addtoany.com/ https://www.google.com/ https://pro.globalatlantic.com/; img-src 'self' data: blob: https://www.google-analytics.com/ https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google.com https://www.facebook.com https://match.prod.bidr.io https://id.rlcdn.com https://fast.wistia.net https://www.google.co.in https://px4.ads.linkedin.com https://segments.company-target.com https://embed-ssl.wistia.com https://p.adsymptotic.com https://embedwistia-a.akamaihd.net https://www.globalatlantic.com https://www.dropbox.com https://fast.wistia.com https://embed-fastly.wistia.com https://www.linkedin.com https://www.w3.org https://gafg.widencollective.com https://gafg.widen.net https://www.encompasstools.com/ https://www.google.ca/ https://connect.facebook.net/ https://www.google.co.ma/ https://www.google.com.br/ https://cdn.cookielaw.org/ *.bizible.com *.bizibly.com https://www.google-analytics.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://fast.wistia.net https://connect.facebook.net https://scripts.demandbase.com https://script.hotjar.com https://googleads.g.doubleclick.net https://fast.wistia.com https://player.vimeo.com https://www.google.com/pagead/conversion_async.js https://js-agent.newrelic.com https://munchkin.marketo.net/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ cdn.jsdelivr.net https://static.addtoany.com https://use.fontawesome.com https://www.dropbox.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://fast.wistia.net https://connect.facebook.net https://scripts.demandbase.com https://script.hotjar.com https://googleads.g.doubleclick.net https://fast.wistia.com https://player.vimeo.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net/ https://bam.nr-data.net https://www.gstatic.com/ https://munchkin.marketo.net/ https://www.encompasstools.com/ https://pro.globalatlantic.com/ https://cdn.cookielaw.org/ *.bizible.com cdn.jsdelivr.net https://static.addtoany.com https://use.fontawesome.com https://www.dropbox.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fast.wistia.com https://tagmanager.google.com/ https://fonts.googleapis.com/ cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fast.wistia.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com/ https://www.encompasstools.com/ https://pro.globalatlantic.com/ cdn.jsdelivr.net; worker-src 'self' blob:; frame-ancestors 'self' https://www.linkedin.com/ https://platform.linkedin.com https://www.google.com/ https://www.linkedin.com; report-uri https://www.globalatlantic.com/report-uri/enforce 1
default-src 'self' http: https: edgewoodpartnersins.us-7.evergage.com api7802.d41.co *.google-analytics.com fonts.googleapis.com themes.googleusercontent.com googletagmanager.com boards.greenhouse.io google.com *.addthis.com;img-src 'self' data: http: https: *.gravatar.com google-analytics.com fonts.googleapis.com themes.googleusercontent.com googletagmanager.com boards.greenhouse.io google.com *.addthis.com epicbrokers.com *.epicbrokers.com;frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: google-analytics.com fonts.googleapis.com themes.googleusercontent.com googletagmanager.com boards.greenhouse.io google.com *.addthis.com hemsync.clickagy.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: fonts.googleapis.com themes.googleusercontent.com googletagmanager.com boards.greenhouse.io google.com *.addthis.com epicbrokers.com *.epicbrokers.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com;connect-src 'self' http: https: edgewoodpartnersins.us-7.evergage.com api7802.d41.co *.google-analytics.com cdn.acsbapp.com cdn.linkedin.oribi.io *.crazyegg.com aorta.clickagy.com hemsync.clickagy.com;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com themes.googleusercontent.com googletagmanager.com boards.greenhouse.io google.com addthis.com;font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com;worker-src http: https: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://vector.im; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' https: blob: data: *.able-group.de                                         *.ferchau.com *.mapbox.com *.pubmatic.com *.criteo.net *.criteo.com                                         *.doubleclick.net www.google-analytics.com www.googletagmanager.com                                         *.youtube.com *.facebook.com *.fbcdn.net *.googleusercontent.com *.twitter.com                                         *.twimg.com wss://www.ferchau.com wss://ferchau-test.able-plattform.de;                                         frame-ancestors *.facebook.com hnitbjoerg.able-group.de                                         hnitbjoerg-live.able-plattform.de hnitbjoerg-test.able-plattform.de; 1
default-src 'self';connect-src 'self' https://www.sgkb.ch/analytics https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;font-src 'self' data:;frame-src 'self';img-src 'self' blob: data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';script-src 'self' 'nonce-ItMsM3xxE7pP99G0' https://www.sgkb.ch/analytics *.googletagmanager.com;style-src 'self' 'unsafe-inline';worker-src 'self';media-src 'self';child-src 'self';object-src 'none';base-uri 'none';form-action 'self';frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://typo.social; img-src 'self' https: data: blob: https://typo.social; style-src 'self' https://typo.social 'nonce-6YLRJqifV+GvbXLwbiG6dA=='; media-src 'self' https: data: https://typo.social; frame-src 'self' https:; manifest-src 'self' https://typo.social; form-action 'self'; child-src 'self' blob: https://typo.social; worker-src 'self' blob: https://typo.social; connect-src 'self' data: blob: https://typo.social https://typo.social wss://typo.social; script-src 'self' https://typo.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.brico-phone.com 1
default-src 'self' *.newrelic.com *.acsitefactory.com *.usercentrics.eu *.kairion.de *.doubleclick.net *.googletagmanager.com www.facebook.com *.analytics.google.com www.google-analytics.com js-agent.newrelic.com region1.google-analytics.com www.google.de *.youtube.com *.dhu.de *.sgtm.dhu.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com  polyfill.io *.googletagmanager.com *.google-analytics.com cdn.kiprotect.com *.usercentrics.eu *.kairion.de *.kctag.net *.facebook.net *.googleadservices.com googleads.g.doubleclick.net *.youtube.com *.dhu.de *.sgtm.dhu.de; object-src 'self'  *.usercentrics.eu; style-src 'self' 'unsafe-inline'  *.kairion.de *.usercentrics.eu; img-src 'self' data: * *.dhu.de *.sgtm.dhu.de ; frame-src *; child-src *; font-src 'self' data: *; connect-src 'self' *.facebook.com *.google-analytics.com *.usercentrics.eu *.kairion.de *.dhu.de *.sgtm.dhu.de *.doubleclick.net *.analytics.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://ops.rightprospectus.com 1
default-src 'self' ; connect-src 'self' https://m.stripe.com http://i.vimeocdn.com http://i.ytimg.com https://www.google-analytics.com https://www.spectable.com https://www.spectable.be https://www.spectable.ch https://ca.spectable.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://m.stripe.com ; img-src 'self' http://i.vimeocdn.com http://i.ytimg.com https://www.google-analytics.com https://www.spectable.com https://www.spectable.be https://www.spectable.ch https://ca.spectable.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; child-src www.youtube.com i.vimeocdn.com *.vimeo.com *.vimeocdn.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://polyfill.io https://maps.googleapis.com https://www.youtube.com https://kit.fontawesome.com https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.google.com https://www.googletagmanager.com; img-src 'self' https://www.google-analytics.com https://uct.service.usercentrics.eu data: https://maps.gstatic.com https://app.usercentrics.eu https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://ka-p.fontawesome.com; object-src 'none'; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; worker-src 'self'; connect-src 'self' https://ka-p.fontawesome.com https://privacy-proxy.usercentrics.eu https://api.usercentrics.eu https://maps.googleapis.com  https://aggregator.service.usercentrics.eu https://uct.service.usercentrics.eu https://uct.service.usercentrics.eu https://graphql.usercentrics.eu/graphql https://consent-api.service.consent.usercentrics.eu https://region1.google-analytics.com https://www.google-analytics.com;frame-ancestors 'self' https://www.youtube-nocookie.com 1
default-src 'self' https://fonts.googleapis.com; connect-src *; font-src * data: https://fonts.gstatic.com; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://static.cdn.prismic.io https://*.google-analytics.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://www.youtube.com/ https://connect.facebook.net/; frame-src https://energymadeeasy.prismic.io https://www.youtube.com/; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://www.energymadeeasy.gov.au https://images.prismic.io/energymadeeasy/ https://prismic-io.s3.amazonaws.com/energymadeeasy/ https://www.hotjar.com/images/ https://static.hotjar.com https://script.hotjar.com https://s3-eu-west-1.amazonaws.com/hj-insights/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://api.energymadeeasy.gov.au https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; style-src 'self' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://script.hotjar.com https://www.slant.co/fonts/ https://fonts.gstatic.com; object-src 'none'; media-src data:; report-uri https://api.energymadeeasy.gov.au/siteops/csp/consumer; report-to web-csp-endpoint 1
default-src 'self' flasharch.com *.flasharch.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https: accounts.google.com;  style-src 'self' 'unsafe-inline' accounts.google.com fonts.googleapis.com flasharch.com *.flasharch.com;  img-src 'self' https: data:;  worker-src 'self' blob:;  connect-src *;  font-src 'self' 'unsafe-inline' fonts.gstatic.com;  object-src 'self' blob:;  form-action 'self';  frame-src *.google.com *.youtube.com *.googlesyndication.com googleads.g.doubleclick.net *.doubleclick.net;  frame-ancestors 'self';  base-uri 'self'; 1
default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; 1
default-src 'self' https://*.eracore.net https://*.google-analytics.com https://*.tawk.to wss://*.tawk.to; frame-src 'self' https://*.google.com  https://*.eracore.net; img-src 'self' https://*.google-analytics.com  https://*.tawk.to https://*.eracore.net data:; script-src 'self' 'unsafe-inline' https://*.eracore.net https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.tawk.to; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tawk.to; font-src 'self' https://*.tawk.to https://fonts.gstatic.com 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.googletagservices.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info analytics.twitter.com static.ads-twitter.com secure.quantserve.com rules.quantcount.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk ssl.google-analytics.com cdnjs.cloudflare.com res.levexis.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com tpc.googlesyndication.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.co.uk identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.doubleclick.net *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 1
upgrade-insecure-requests;default-src https://ticker.co.uk https://*.ticker.co.uk; script-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://polyfill.io https://js.stripe.com https://www.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com httpps://www.google.com https://*.intercom.io https://js.intercomcdn.com https://api.feefo.com https://register.feefo.com https://widget.trustpilot.com https://chronicle.comparethemarket.com 'sha256-1BgCGzlNUPPuNJgdNrBUfDwBKkzJ3tp9vg/GrMmEdNQ='; style-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; media-src https://ticker.co.uk https://*.ticker.co.uk https://player.vimeo.com https://*.vimeocdn.com https://*.akamaized.net https://js.intercomcdn.com https://video.vzaar.com https://view.vzaar.com; img-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://gifs.intercomcdn.com https://uploads.intercomusercontent.com https://follow.confused.com https://api.feefo.com https://www.feefo.com https://view.vzaar.com https://resources.vzaar.com data:; font-src https://ticker.co.uk https://*.ticker.co.uk https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com data:; form-action https://ticker.co.uk https://*.ticker.co.uk https://intercom.help; frame-src https://ticker.co.uk https://*.ticker.co.uk https://js.stripe.com https://hooks.stripe.com https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net https://widget.trustpilot.com https://anchor.fm; connect-src https://ticker.co.uk https://*.ticker.co.uk https://sentry.io https://api.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com wss://*.intercom.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://api.feefo.com; child-src https://ticker.co.uk https://*.ticker.co.uk https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net; worker-src https://ticker.co.uk https://*.ticker.co.uk https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com; report-uri https://ticker.report-uri.com/r/d/csp/enforce; 1
default-src 'none'; img-src 'self' carauktion.marketing.campaignpro.io cdn.carauktion.ch www.google.by www.google.com www.google.com.ua www.google.ch https://plausible.io/js/script.js cau-vid.carit.ch stats.g.doubleclick.net cdn.cookielaw.org blob: data:; object-src 'self'; connect-src 'self' o408348.ingest.sentry.io ca3-af1-mvp.carit.ch auth.carauktion.ch https://plausible.io/js/script.js https://plausible.io/api/event fonts.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com ws: wss:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self' www.google.com; frame-src 'self' www.google.com; media-src 'self' cau-vid.carit.ch; script-src 'self' carauktion.marketing.campaignpro.io/focus/1.js carauktion.marketing.campaignpro.io/focus/2.js carauktion.marketing.campaignpro.io/focus/3.js carauktion.marketing.campaignpro.io/focus/4.js browser.sentry-cdn.com o408348.ingest.sentry.io https://plausible.io/js/script.js www.google.com www.googletagmanager.com www.gstatic.com browser.sentry-cdn.com stats.g.doubleclick.net/ cdn.cookielaw.org https://europe-west6-ca3-logging.cloudfunctions.net/logPerformance 'nonce-N2FjNjc1OTktYzg0Ni00NTJlLTliNWItYzFjMjI4YjY1YmE4' 1
...' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.popinabox.fr https://m.popinabox.fr https://checkout.popinabox.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' aswpsdkus.com s3.amazonaws.com factal.breezy.hr cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.ketchcdn.com cdn.ketchjs.com snap.licdn.com connect.facebook.net platform.twitter.com static.ads-twitter.com play.vidyard.com player.vimeo.com extend.vimeocdn.com ws.zoominfo.com d1y8lkztemn7an.cloudfront.net factal-prod.herokuapp.com js-agent.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' aswpsdkus.com s3.amazonaws.com factal.breezy.hr cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.ketchcdn.com cdn.ketchjs.com snap.licdn.com connect.facebook.net platform.twitter.com static.ads-twitter.com play.vidyard.com player.vimeo.com extend.vimeocdn.com ws.zoominfo.com d1y8lkztemn7an.cloudfront.net factal-prod.herokuapp.com js-agent.newrelic.com *.nr-data.net *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com; font-src 'self' fonts.gstatic.com d1y8lkztemn7an.cloudfront.net; frame-src factal.breezy.hr www.google.com platform.twitter.com play.vidyard.com player.vimeo.com vimeo.com factal.breezy.hr www.google.com platform.twitter.com play.vidyard.com player.vimeo.com vimeo.com *.hubspot.com *.hs-sites.com *.hubspot.net *.hsforms.net *.hsforms.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.mailchimp.com d1y8lkztemn7an.cloudfront.net; upgrade-insecure-requests; img-src 'self' data: * d1y8lkztemn7an.cloudfront.net; default-src 'self'; manifest-src d1y8lkztemn7an.cloudfront.net; connect-src 'self' aswpapius.com *.arcgis.com stats.g.doubleclick.net analytics.google.com maps.googleapis.com translation.googleapis.com www.google-analytics.com cdn.jsdelivr.net *.ketchcdn.com wss://stream.pushbullet.com api.weather.com *.nr-data.net 'self' aswpapius.com *.arcgis.com stats.g.doubleclick.net analytics.google.com maps.googleapis.com translation.googleapis.com www.google-analytics.com cdn.jsdelivr.net *.ketchcdn.com wss://stream.pushbullet.com api.weather.com *.nr-data.net *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com 1
style-src 'self' 'unsafe-inline' http://fast.fonts.net http://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css  https://go.mimsoftware.com https://fonts.googleapis.com/icon https://fonts.googleapis.com/css https://static.hsappstatic.net/ https://kit-free.fontawesome.com/releases/latest/css/ https://s3.amazonaws.com/mimweb-portal/ https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css  http://cdn2.hubspot.net https://mimsoftware.bamboohr.com/css/jobs-embed.css; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://www.googletagmanager.com http://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com/ d3rxaij56vjege.cloudfront.net https://tagmanager.google.com/debug https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://js.hs-scripts.com/5300642.js https://extend.vimeocdn.com/ga/30453521.js https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js https://js.hs-analytics.net/ https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://tagmanager.google.com/debug/api/vtinfo https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/943181837/ https://kit.fontawesome.com/ https://js.hsforms.net/forms/ https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/ https://tagmanager.google.com/debug/debuguiApp-bundle.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://s3.amazonaws.com/mimweb-portal/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.hs-banner.com/ https://js.hsleadflows.net/leadflows.js https://www.googleadservices.com/pagead/conversion_async.js https://analytics.twitter.com/i/adsct https://andreasmb.github.io/lever-jobs-embed/index.js https://js.hscta.net/cta/current.js https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js https://bat.bing.com/p/action/26029591.js https://js.hsforms.net/forms/v2.js https://static.hsappstatic.net/ https://www.googleadservices.com/pagead/conversion_async.js http://cdn2.hubspot.net https://go.mimsoftware.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://app.hubspot.com/ https://js.hsadspixel.net http://js.hs-scripts.com https://*.clarity.ms https://www.vimeo.com http://www.googletagmanager.com https://mimsoftware.bamboohr.com/js/jobs2.php https://www.google.com/recaptcha/enterprise.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js; media-src 'self' https://vod-progressive.akamaized.net/; 1
default-src 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' *.gravatar.com data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src https: data: 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com indd.adobe.com *.indd.adobe.com *.s7.addthis.com *.youtu.be pixel.mathtag.com ct.pinterest.com *.canva.com 1
default-src 'self' https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ *.juno.finance *.onjuno.com https://juno.finance https://onjuno.com https://app.fintelconnect.com/assets/scripts/fcanalytics.js https://assets.onfido.com *.crazyegg.com https://cdn.plaid.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ *.juno.finance *.onjuno.com https://juno.finance https://onjuno.com https://cdn.heapanalytics.com https://heapanalytics.com https://qvdt3feo.com/events.js https://tr.snapchat.com/ https://utt.impactcdn.com/A3616483-3c96-4bcc-8f84-a65bf71b01f61.js https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js *.ubembed.com/ https://www.tp88trk.com/scripts/sdk/everflow.js https://widget.frill.co/v2/widget.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com/events.js https://fpnpmcdn.net/ https://sc-static.net/scevent.min.js https://www.redditstatic.com/ads/pixel.js *.atomicfi.com/transact.js https://www.recaptcha.net/recaptcha/api.js *.firebaseio.com/ https://argyle-link.firebaseio.com/ https://plugin.argyle.com/argyle.web.v3.js https://accounts.google.com/gsi/client https://appleid.cdn-apple.com *.sardine.ai *.clevertap.com *.twitter.com http://static.ads-twitter.com/ https://browser.sentry-cdn.com/ https://analytics.tiktok.com/ https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://websdk.appsflyer.com https://app.fintelconnect.com/assets/scripts/fcanalytics.js https://cdn.plaid.com *.crazyegg.com https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.intercom.io https://wzrkt.com *.wzrkt.com *.cloudfront.net *.onfido.com *.sentry.io https://maps.googleapis.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://optimize.google.com *.googleoptimize.com *.verygoodvault.com https://connect.facebook.net *.woopra.com *.typeform.com https://platform.twitter.com/widgets.js https://apis.google.com https://cdn.jsdelivr.net https://www.google.com https://apis.google.com/js/platform.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://code.jquery.com/jquery-3.5.1.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/687573008/ https://js.intercomcdn.com https://widget.intercom.io/widget/czz0xv26 https://widget.intercom.io/widget/hn61kmv8 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com *.googletagmanager.com/; object-src 'self' blob: https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ https://dwwvg90koz96l.cloudfront.net/ https://nuo-public.s3.ap-south-1.amazonaws.com https://juno-public.s3-us-west-1.amazonaws.com/ https://nuo-cms.s3.ap-southeast-1.amazonaws.com https://juno-fi-cdn.s3.us-west-1.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ https://heapanalytics.com https://widget.frill.co/ https://tags.srv.stackadapt.com/sa.css https://p.typekit.net/ https://use.typekit.net/bfe8kbl.css fonts.googleapis.com https://accounts.google.com/gsi/style https://assets.onfido.com https://optimize.google.com https://fonts.googleapis.com *.googleapis.com *.cloudfront.com *.googletagmanager.com/; img-src 'self' data: blob: https: http: *; media-src 'self' blob: https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ https://nuo-cms.s3.ap-southeast-1.amazonaws.com https://assets.onfido.com https://juno-public.s3-us-west-1.amazonaws.com https://js.intercomcdn.com; frame-src 'self' data: blob: https://cdn.juno.finance https://cdn.juno.finance/ https://juno-fi-cdn.s3.us-west-1.amazonaws.com/ *.juno.finance *.onjuno.com https://juno.finance https://onjuno.com https://buy-sell-live-app.vercel.app/ https://buy-sell.apps.ledger.com/ *.ubembed.com/ https://player.vimeo.com/ https://widget.frill.co/ https://tr.snapchat.com/ *.atomicfi.com/ https://www.recaptcha.net/ *.sardine.ai *.firebaseio.com/ https://widget.trustpilot.com https://www.youtube.com https://optimize.google.com *.verygoodvault.com *.typeform.com https://onjuno.typeform.com https://intercom-sheets.com https://platform.twitter.com https://bid.g.doubleclick.net https://nuo-public.s3.ap-south-1.amazonaws.com https://juno-public.s3-us-west-1.amazonaws.com/ https://nuo-cms.s3.ap-southeast-1.amazonaws.com https://cdn.plaid.com https://www.google.com https://accounts.google.com https://juno-fi-cdn.s3.us-west-1.amazonaws.com/; font-src 'self' data: *; frame-ancestors 'self' *.typeform.com https://buy-sell-live-app.vercel.app/ https://buy-sell.apps.ledger.com/; connect-src 'self' 'unsafe-inline' blob: *; worker-src data: blob: *.juno.finance *.onjuno.com https://juno.finance https://onjuno.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.googletagmanager.com *.twitter.com  *.lemnisk.co *.mygreatlearning.com https://optimize.google.com:* https://pay.billdesk.com:* https://services.billdesk.com:* https://pgi.billdesk.com:* *.googleadservices.com *.facebook.net *.doubleclick.net https://js.boxx.ai:* https://cdn.syndication.twimg.com:* https://snap.licdn.com:* https://js-cdn.dynatrace.com:* https://cdn.ampproject.org:* ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://optimize.google.com:* https://fonts.googleapis.com:* ; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' wss: ; frame-ancestors 'self'; 1
frame-ancestors 'self' https://fingov-prod.softco.com:8443 https://fingov-prod.softco.com; 1
frame-ancestors 'self' https://*.1clickwin.com https://*.decta.com; 1
frame-ancestors 'self' https://hilfe.bikester.at https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors www.iluma.ai 1
frame-ancestors 'self' https://*.politieacademie.nl  https://*.mediasite.com https://*.itslearning.com https://*.politie.local 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 1
default-src self; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com; frame-ancestors * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://src.plumb5.com https://www.google.co.in https://www.google.com https://google.com; img-src 'self' data: https://www.googleadservices.com https://www.intellectadz.com https://www.google.com https://google.com https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://cx.unfyd.com https://www.facebook.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://analytics.google.com https://img.youtube.com https://src.plumb5.com https://code.jquery.com https://www.avanse.com https://connect.facebook.net; script-src 'self' blob 'unsafe-inline' https://www.googleadservices.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://code.jquery.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cx.unfyd.com https://analytics.google.com https://src.plumb5.com; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://www.googleadservices.com https://www.google.com https://www.google.co.in https://google.com https://bat.bing.com https://cx.unfyd.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://*.g.doubleclick.net https://code.jquery.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cx.unfyd.com https://analytics.google.com https://www.google.com https://chat.plumb5.com https://src.plumb5.com https://p5email-email-template-images.s3.ap-south-1.amazonaws.com https://pgchat.plumb5.com; frame-src 'self' https://geoads74.gotrackier.com https://adzfactorial.gotrackier.com https://td.doubleclick.net https://www.google.com https://www.facebook.com https://cx.unfyd.com; connect-src 'self' https://*.g.doubleclick.net https://www.google-analytics.com https://facebook.com https://www.facebook.com/tr/ https://track.plumb5.com https://pgtrack.plumb5.com https://analytics.google.com https://www.google.com https://google.com https://www.google.co.in; font-src 'self' https://pro.fontawesome.com https://src.plumb5.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://pro.fontawesome.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://code.jquery.com https://src.plumb5.com; object-src 'none'; 1
style-src 'self'  'unsafe-inline' https://service.mtcaptcha.com https://service2.mtcaptcha.com; object-src 'none'; script-src 'self' 'nonce-2726c7f26a' 'nonce-2726c7f26b' 'nonce-2726c7f26c' 'nonce-2726c7f26d' 'nonce-2726c7f26e' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; frame-src https://service.mtcaptcha.com https://service2.mtcaptcha.com https://player.vimeo.com 1
default-src 'self' *.zhaosw.com *.baidu.com *.amap.com *.qiyukf.com https://zz.bdstatic.com https://jspassport.ssl.qhimg.com https://cdn.jsdelivr.net https://plt.zoosnet.net https://www.sinomeasure.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
media-src 'self' storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; default-src 'self' *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com *.googletagmanager.com apis.google.com *.googleadservices.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.googleapis.com *.google.com *.yourprimer.com *.ytimg.com *.gstatic.com https://www.googleoptimize.com/ https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.google.com gstatic.com/support/content/resources/prod/js/survey/survey_light_ltr.css *.googletagmanager.com tagmanager.google.com gstatic.com/uservoice/surveys/resources/prod/js/survey/survey_light_ltr.css https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css; connect-src 'self' www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com *.services.google.com *.gstatic.com gstatic.com *.doubleclick.net region1.google-analytics.com https://gweb-gwg-events.appspot.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://pagead2.googlesyndication.com/; frame-ancestors 'self'; base-uri 'none'; frame-src 'self' scone-pa.clients6.google.com www.google.com www.youtube.com *.yourprimer.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.yourprimer.com webapp-dot-gweb-learn10x.appspot.com services.google.com; img-src * data: blob: 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'  ; frame-src * data: blob:  ; frame-ancestors * data: blob: 'unsafe-inline'  ; base-uri * data: blob: 'unsafe-inline'  ; form-action * data: blob: 'unsafe-inline'  ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'  ; object-src * 'self' data: blob:  ; img-src * data: blob: 'unsafe-inline'  ; style-src * data: blob: 'unsafe-inline'  ; font-src * data: blob: 'unsafe-inline'  ; connect-src * data: blob: 'unsafe-inline' 1
default-src http://*.intpark.com https://*.intpark.com https: 'unsafe-eval' 'unsafe-inline' data: 'unsafe-eval' wss: 'unsafe-eval'; script-src 'self' http://*.intpark.com https://*.intpark.com https://maps.googleapis.com https: 'unsafe-inline' 'unsafe-eval'; img-src http://* https://* data: 'unsafe-eval'; media-src http://* https://* http://rmcs.intpark.com:* data: 'unsafe-eval'; worker-src http://* https://* data: 'unsafe-eval' blob: 1
default-src 'self' https:; style-src 'self' 'unsafe-inline' https: https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.hotjar.com; img-src 'self' data: https: www.googletagmanager.com https://*.hotjar.com; frame-src 'self' https://challenges.cloudflare.com https://mc.yandex.com https://www.youtube-nocookie.com https://my.walls.io *.containex.com https://momento360.com; frame-ancestors 'none'; font-src 'self' https://*.hotjar.com 1
upgrade-insecure-requests; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; report-uri /cgi-bin/report-uri 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://intfiction.org/logs/ https://intfiction.org/sidekiq/ https://intfiction.org/mini-profiler-resources/ https://intfiction.org/assets/ https://intfiction.org/extra-locales/ https://intfiction.org/highlight-js/ https://intfiction.org/javascripts/ https://intfiction.org/plugins/ https://intfiction.org/theme-javascripts/ https://intfiction.org/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://intfiction.org/assets/ https://intfiction.org/javascripts/ https://intfiction.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
script-src *.gstatic.com *.pricespider.com cdn.jsdelivr.net cdn.pricespider.com cdn.rawgit.com cdnjs.cloudflare.com connect.facebook.net go.rubbermaidcommercial.com https://www.rubbermaidcommercial.com modspot.app pi.pardot.com platform.twitter.com rcp-production.ent.eastus2.azure.elastic-cloud.com 'self' storage.pardot.com unpkg.com 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com www.rubbermaidcommercial.com;font-src *.gstatic.com https://www.rubbermaidcommercial.com 'self' www.rubbermaidcommercial.com;img-src *.pricespider.com *.youtube.com assets.rcp.structpim.com cdn.pricespider.com https://www.rubbermaidcommercial.com modspot.app rcp.structpim.com 'self' www.google.com www.google-analytics.com www.googletagmanager.com www.rubbermaidcommercial.com;style-src *.pricespider.com fonts.googleapis.com https://www.rubbermaidcommercial.com modspot.app 'self' 'unsafe-inline' www.rubbermaidcommercial.com;default-src *.pricespider.com analytics.google.com api.app.channeliq.com https://www.rubbermaidcommercial.com rcp-production.ent.eastus2.azure.elastic-cloud.com 'self' stats.g.doubleclick.net www.google.com www.google-analytics.com www.rubbermaidcommercial.com;frame-src *.youtube.com go.pardot.com go.rubbermaidcommercial.com https://www.rubbermaidcommercial.com platform.twitter.com rcp.structpim.com 'self' view.officeapps.live.com www.facebook.com www.google.com www.rubbermaidcommercial.com;media-src https://www.rubbermaidcommercial.com rcp.structpim.com 'self' www.rubbermaidcommercial.com;object-src https://www.rubbermaidcommercial.com modspot.app rcp.structpim.com 'self' www.rubbermaidcommercial.com;frame-ancestors 'self' 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://widget.surveymonkey.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://ajax.googleapis.com/ https://www.googleadservices.com https://js.adsrvr.org https://cdnjs.cloudflare.com https://sdk.passle.net https://s.ytimg.com https://tagmanager.google.com https://www.google.com https://www.youtube.com https://st.getsitecontrol.com https://script.hotjar.com https://widgets.getsitecontrol.com https://static.hotjar.com https://connect.facebook.net https://www.googletagmanager.com https://dl.episerver.net https://maps.googleapis.com/ https://analytics.clickdimensions.com https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://az124611.vo.msecnd.net/ https://docs.grantthornton.ca/ https://www.gstatic.com https://cdn-us.clickdimensions.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://www.clarity.ms/ https://mktdplp102cdn.azureedge.net/ https://secure.thaw6lily.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://region1.google-analytics.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://gateway.zscalerthree.net/ https://*.googletagmanager.com; img-src 'self' data: https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://*.analytics.google.com/ https://*.google-analytics.com/ https://pixel.quantserve.com/ https://match.adsrvr.org/ https://ups.analytics.yahoo.com/ https://analytics.clickdimensions.com https://r.turn.com/ https://www.linkedin.com https://www.gstatic.com https://connect.facebook.net https://px4.ads.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com/ https://googleads.g.doubleclick.net https://pixel.mediaiqdigital.com https://secure.adnxs.com https://insight.adsrvr.org https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://ssl.gstatic.com https://syndication.twitter.com https://optimize.google.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://pbs.twimg.com https://images.passle.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://stats.g.doubleclick.net https://docs.grantthornton.ca/ https://cm.g.doubleclick.net/ https://px.ads.linkedin.com https://t.co/ https://pixel.rubiconproject.com/ https://pixel.advertising.com/ https://c.clarity.ms/ https://c.bing.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://sp.analytics.yahoo.com/ https://analytics.twitter.com/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://optimize.google.com https://code.jquery.com https://docs.grantthornton.ca https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://cdnjs.cloudflare.com https://sdk.passle.net https://fonts.googleapis.com https://clientapi.passle.net https://az124611.vo.msecnd.net/ https://cdn-us.clickdimensions.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdnjs.cloudflare.com https://docs.grantthornton.ca https://maxcdn.bootstrapcdn.com http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/; frame-src https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://www.surveymonkey.com/ https://az416426.vo.msecnd.net https://www.googletagmanager.com https://www.facebook.com/ https://insight.adsrvr.org https://platform.twitter.com https://vars.hotjar.com https://www.passle.net https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://www.google.com https://match.adsrvr.org/ https://flo.uri.sh/ https://fb415af4912b4c02bbda1fc53b1dd897.svc.dynamics.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/; connect-src 'self' https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://px.ads.linkedin.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://www.passle.net https://clientapi.passle.net https://az416426.vo.msecnd.net https://docs.grantthornton.ca https://*.google-analytics.com/ https://*.analytics.google.com/ https://extreme-ip-lookup.com https://www.facebook.com https://stats.g.doubleclick.net https://pixel.quantcount.com/ https://in.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com/ wss://ws2.hotjar.com wss://ws5.hotjar.com wss://ws1.hotjar.com wss://ws14.hotjar.com/ https://www.clarity.ms/ https://fb415af4912b4c02bbda1fc53b1dd897.svc.dynamics.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://s.yimg.com/ https://idx.liadm.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://*.googletagmanager.com https://maps.googleapis.com/ https://w.clarity.ms/; report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
default-src 'self' blob:; script-src 'self' *.bing.com cdn.gbqofs.com *.report.gbss.io *.amazonaws.com *.onetrust.com *.mention-me.com *.liveperson.net *.jquery.com *.cookielaw.org leadintel.io *.facebook.net *.google.co.uk *.gstatic.com *.cooladata.com *.sessioncam.com *.doubleclick.net d2oh4tlt9mrke9.cloudfront.net d39ion77s0ucuz.cloudfront.net *.wp.com *.ytimg.com *.youtube.com *.instagram.com *.trustpilot.com *.vwo.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.omguk.com *.lpsnmedia.net *.dwin1.com *.awin1.com *.zenaps.com *.twiliocdn.com *.adalyser.com *.blob.core.windows.net *.outbrain.com 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com 'unsafe-eval'; style-src 'self' *.cookielaw.org cdn.gbqofs.com *.report.gbss.io *.google.com *.googleapis.com *.vwo.com *.blob.core.windows.net *.googletagmanager.com 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' *.bing.com  *.googletagmanager.com cdn.gbqofs.com *.report.gbss.io *.cookielaw.org https://d3pylvgu45of8j.cloudfront.net *.bgllife.co.uk *.visualwebsiteoptimizer.com *.cooladata.com *.beaglestreet.com *.virginmoney.com *.liveperson.net *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.gstatic.com *.omguk.com *.lpsnmedia.net *.awin1.com *.zenaps.com *.sessioncam.com *.sendingads.com *.sabio.co.uk *.facebook.com *.blob.core.windows.net leadintel.io *.adalyser.com data: chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.outbrain.com ; font-src 'self' cdn.gbqofs.com *.report.gbss.io *.gstatic.com data:; frame-src 'self' *.doubleclick.net cdn.gbqofs.com *.report.gbss.io *.lpsnmedia.net *.google.com *.liveperson.net *.awin1.com *.zenaps.com *.vwo.com *.youtube.com *.mention-me.com mention-me.com app.vwo.com *.visualwebsiteoptimizer.com; connect-src 'self' *.bing.com *.visualwebsiteoptimizer.com app.vwo.com cdn.gbqofs.com *.report.gbss.io *.amazonaws.com *.onetrust.com *.mention-me.com *.gov.uk *.google-analytics.com *.cooladata.com *.trustpilot.com *.beaglestreet.com *.sessioncam.com *.cookielaw.org *.doubleclick.net *.adalyser.com *.bgllife.co.uk *.blob.core.windows.net *.outbrain.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self' *.mention-me.com mention-me.com cdn.gbqofs.com *.report.gbss.io; worker-src 'self' blob: 1
default-src 'self'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' herbalife.ru https://ad.adriver.ru/ https://antifraud.acstat.com/ assets.adobedtm.com https://cdn.cookielaw.org/scripttemplates/ https://code.acstat.com/ https://connect.facebook.net/en_US/fbevents.js https://dmp.vihub.ru/pixeljs herbalife.ramfy.ru https://pix.sniperlog.ru/js/pix_o_7b525d0183dd9dc4a103be4413704c25.js https://pixel.betweenx.com/s/_herbalife/dist/smartPixel.min.js https://tags.soloway.ru/DSPCounter.js https://top-fwz1.mail.ru/js/code.js https://vk.com/js/api/openapi.js https://www.clarity.ms/s/0.7.10/clarity.js https://www.clarity.ms/tag/emvxvwmmrl https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/ https://maps.googleapis.com https://mc.yandex.ru/metrika/watch.js https://matchid.adfox.yandex.ru https://core-renderer-tiles.maps.yandex.net/tiles https://yastatic.net https://api-maps.yandex.ru bitrix.info/ba.js https://leads.herbalife.ru 'strict-dynamic' 'nonce-67ip10w2bqy288kf6v1o'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com www.google.com herbalife.ramfy.ru https://leads.herbalife.ru ; connect-src 'self' cdn.cookielaw.org mc.yandex.ru privacyportal.onetrust.com geolocation.onetrust.com top-fwz1.mail.ru stats.g.doubleclick.net www.google-analytics.com www.google.ru www.google.com https://stats.g.doubleclick.net maps.googleapis.com https://fonts.googleapis.com/ analytics.google.com y.clarity.ms c.clarity.ms r.clarity.ms https://c.bing.com/c.gif https://herbalife.tt.omtrdc.net/ herbalife.ramfy.ru bitrix.info https://leads.herbalife.ru; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://leads.herbalife.ru; frame-src 'self' www.google.com www.youtube.com content.adriver.ru td.doubleclick.net partners.cpaex.ru mc.yandex.ru https://leads.herbalife.ru; child-src 'self' www.google.com www.youtube.com content.adriver.ru td.doubleclick.net partners.cpaex.ru mc.yandex.ru https://leads.herbalife.ru; img-src 'self' https://c.clarity.ms/c.gif https://hit.acstat.com https://x01.aidata.io https://px.adhigh.net https://sync.1dmp.io https://sync.bumlam.com/ https://sync.videonow.ru tms.dmp.wi-fi.ru https://trc.taboola.com https://vk.com https://c.bing.com/c.gif maps.gstatic.com https://www.google-analytics.com https://www.google.ru www.google.com https://www.googletagmanager.com https://i.ytimg.com googleads.g.doubleclick.net https://yandex.ru https://mc.yandex.ru https://an.yandex.ru/mapuid/adsniperis/ https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://ads.adfox.ru/ https://herbalife-breakfast.com/ https://smetrics.herbalife.com/ https://herbalife-breakfast.com/ https://leads.herbalife.ru; object-src 'none'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' c.lytics.io quilt-cdn.janrain.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org connect.facebook.net cdn.segment.com pghub.io c.lytics.io pge.segmanta.com *.cloudfront.net rpxnow.com procter-gamble.eu.janraincapture.com procter-gamble.eu.janrainsso.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com s.mujsvet-pg.cz procter-gamble.eu.janrainsso.com procter-gamble.eu.janraincapture.com www.facebook.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io www.googletagmanager.com *.cloudfront.net *.amazon-adsystem.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org match.adsrvr.org *.google-analytics.com cdn.segment.com www.facebook.com api.segment.io graphql.contentful.com *.algolia.net *.algolianet.com api-pge.segmanta.com api.pgsvc.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'none'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none' 1
default-src 'self'; script-src 'self' 'nonce-6dea333d365a65fbcd6e6c90' https://optimize.google.com https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'nonce-6dea333d365a65fbcd6e6c90' https://fonts.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://cdn.jsdelivr.net https://i.vimeocdn.com; frame-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://chat.tkppensioen.nl https://code.jquery.com https://*.tkppensioen.nl; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.witron.de/ https://www.youtube.com/ https://statistics.witron.de/ https://www.google.com/ https://creator.hosted-pageflow.com/ https://player.podigee-cdn.net/ https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.witron.de/; img-src https://*.witron.de/ 'self' data:; 1
frame-ancestors 'self' postale.io 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.arrowvideo.com https://connect.facebook.net https://tr.snapchat.com https://www.arrowvideo.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://cdn.parcellab.com/ https://s1.thcdn.com/ https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://s1.thcdn.com/ https://cdn.parcellab.com/; upgrade-insecure-requests; report-to report-endpoint 1
scriptt-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.alliancebank.com.my ajax.googleapis.com kit.fontawesome.com ka-f.fontawesome.com *.youtube.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.google.com snap.licdn.com jscdn.appier.net googleads.g.doubleclick.net *.facebook.com cdn.id5-sync.com tags.crwdcntrl.net *.google.com.my px.ads.linkedin.com stats.g.doubleclick.net anylist.c.appier.net id5-sync.com s.c.appier.net www.googleadservices.com bid.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com www.google.co.id bcp.crwdcntrl.net qrcode.chooyee.co z.moatads.com v1.addthisedge.com m.addthis.com www.linkedin.com p.adsymptotic.com insage.com.my code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net www.insage.com.my t0.c.appier.net px4.ads.linkedin.com js.adsrvr.org insight.adsrvr.org cost.affcost.com ad.doubleclick.net secure.adnxs.com trk.ultraind.in *.criteo.com *.criteo.net i.l-dsp.inmobicdn.net advertiser.inmobiapis.com bat.bing.com analytics.tiktok.com insight.adsrvr.org js.adsrvr.org abmbstgadm.corp.alliancebg.com.my abmbstgadmv.corp.alliancebg.com.my 172.15.101.250; 1
default-src 'self' blob: data: *.wistia.com fonts.googleapis.com fonts.gstatic.com fonts.bunny.net; 	connect-src 'self' wss: westlandinsurance.force.com *.googlesyndication.com *.helpscout.net *.cloudfront.net *.wistia.com wpmudev.com *.googleapis.com yoast.com *.visualwebsiteoptimizer.com app.vwo.com www.google-analytics.com api.hubapi.com *.hotjar.com *.hotjar.io analytics.google.com stats.g.doubleclick.net; 	style-src 'self' 'unsafe-inline' service.force.com westlandinsurance.my.site.com westlandinsurance.force.com fonts.bunny.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: blob: westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com cdn.jsdelivr.net *.visualwebsiteoptimizer.com app.vwo.com *.googletagmanager.com code.jquery.com js.hs-analytics.net www.googleoptimize.com googleads.g.doubleclick.net www.google-analytics.com static.hotjar.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net script.hotjar.com; 	img-src 'self' data: westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com *.doubleclick.net *.wistia.com wp-rocket.me *.paypalobjects.com *.paypal.com *.twitter.com *.wpmudev.org servmask.com gravityflow.io *.w.org *.google-analytics.com *.gstatic.com wpmudev.com s.w.org *.visualwebsiteoptimizer.com *.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.google.com www.google.ca track.hubspot.com *.googletagmanager.com secure.gravatar.com; 	worker-src 'self' blob:; 	frame-src 'self'  service.force.com *.doubleclick.net *.moneris.com wp-rocket.me *.facebook.com *.twitter.com *.youtube.com *.google.com app.vwo.com *.visualwebsiteoptimizer.com *.fls.doubleclick.net; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.com *.maps.google.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com ghbtns.com cdnjs.cloudflare.com *.facebook.net *.facebook.com sitest.jp *.hubspot.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-analytics.net;  1
frame-ancestors 'self' calibresys.com 1
default-src 'self';style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;img-src 'self' https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' data: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com *.spotify.com *.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com *.spotify.com *.podigee-cdn.net; frame-ancestors 'self' https://www.jobs.ch 1
default-src 'self'; object-src 'self' https://images.ctfassets.net https://videos.ctfassets.net; connect-src 'self' https://images.ctfassets.net https://videos.ctfassets.net https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://api.account.flowable.io https://api.cloud.flowable.io https://api.test.account.flowable.io https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://google.com/pagead/form-data https://google.com/ccm/form-data wss://ws.hotjar.com/api/v2/client/ws; img-src 'self' data: https://images.ctfassets.net https://d33wubrfki0l68.cloudfront.net https://i.ytimg.com https://www.kununu.com https://www.glassdoor.de https://*.linkedin.com https://www.google.com https://www.google.it https://www.googletagmanager.com/*; media-src 'self' data: https://videos.ctfassets.net; child-src 'none'; script-src 'self' 'unsafe-inline' https://go.flowable.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.hotjar.com https://pi.pardot.com https://snap.licdn.com https://netlify-cdp-loader.netlify.app; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com data:; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/releases/v5.10.0/css/all.css; frame-src https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://td.doubleclick.net https://app.netlify.com https://go.flowable.com https://ghbtns.com/; 1
frame-ancestors 'self' bafus.ru yandex.ru; 1
base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://guce.yahoo.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js https://search.yahoo.com https://*.search.yahoo.com 'nonce-Dty7n9HURI4MtxB/Bh2hL6BetP0Xa84vX9TenZX4gIXzVMnQ' ;style-src * 'unsafe-inline' 1
frame-ancestors 'self' https://manage.chemicalprocessing.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
report-uri https://git.cremadesignstudio.com/csp-reports.php; 	default-src 'self' 'report-sample'; 	script-src 'self' 'unsafe-inline' 'report-sample' https://googleads.g.doubleclick.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.clickdimensions.com https://cdnjs.cloudflare.com https://player.vimeo.com https://polyfill.io https://acsbapp.com; 	style-src 'self' 'unsafe-inline' 'report-sample' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; 	font-src 'self' https://cdn.cremadesignstudio.com https://use.typekit.net https://fonts.gstatic.com https://cdn.acsbapp.com https://acsbapp.com; 	img-src 'self' https://morganwhite.com https://cdn.mwadmin.com https://mwgbrokerservices.com https://*.mwgbrokerservices.com https://insuranceleadershippodcast.com https://cdn.cremadesignstudio.com https://i.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com stats.g.doubleclick.net https://cdn.acsbapp.com https://acsbapp.com data:; 	connect-src 'self' https://cdn.cremadesignstudio.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com stats.g.doubleclick.net https://acsbapp.com https://*.acsbapp.com; 	media-src 'self' https://cdn.acsbapp.com data:; 	frame-src 'self' https://morganwhite.isolvedhire.com https://player.vimeo.com mailto:; 	object-src 'none'; 	base-uri 'none'; 	upgrade-insecure-requests; 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-G/dEM+C9ukhC4W/eT2FAMmRhpufVJymXiMI4r3lTPxCFi7nX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://www.freecam.ro 1
default-src 'self' https://*.vanguard.ca https://*.vanguard.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';frame-src 'self' 'unsafe-inline' https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://www.youtube.com https://*.doubleclick.net https://*.omniture.com https://activitymap.adobe.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://sc5.omniture.com https://insight.adsrvr.org https://*.kampyle.com https://*.doubleclick.net https://cdnapisec.kaltura.com https://*.medallia.com https://*.vanguard.com https://*.vanguard.ca;connect-src 'self' https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://*.api.company-target.com https://*.tt.omtrdc.net https://*.doubleclick.net https://*.kampyle.com https://*.medallia.com https://*.vanguard.com https://*.vanguard.ca https://privacyportal-de.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org;img-src 'self' data: https://*.vgdynamic.info https://vanguard.d2.sc.omtrdc.net https://sjs.bizographics.com https://*.vanguard.ca https://*.vanguard.ca:54443 https://dc.ads.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://P.adsymptotic.com https://www.google.com https://assets.adobedtm.com https://*.kampyle.com https://*.linkedin.com http://localhost:8080 https://*.doubleclick.net https://*.medallia.com https://*.vanguard.com https://analytics.twitter.com https://t.co https://*.facebook.com https://sjs.bizographics.com https://adservice.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vgcontent.info https://*.vanguard.ca https://*.vanguard.ca:54443 https://*.doubleclick.net https://*.demdex.net https://*.vgdynamic.info https://*.omniture.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://assets.adobedtm.com https://*.kampyle.com https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com http://localhost:8080 https://*.medallia.com https://*.vanguard.com https://connect.facebook.net;style-src 'self' https: 'unsafe-inline' https://*.vanguard.ca https://*.vanguard.ca:54443 https://*.kampyle.com https://*.medallia.com https://*.vanguard.com;upgrade-insecure-requests 1
frame-ancestors 'self' moovicite.com test.dbm-local.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.facebook.net *.klaviyo.com *.yotpo.com *.google.com *.gstatic.com js.adsrvr.org cdnjs.cloudflare.com *.resonate.com js.monitor.azure.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.klaviyo.com *.yotpo.com *.fonts.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.run.app *.liquidcheckout.com *.klaviyo.com *.yotpo.com *.googlesyndication.com *.mrblack.co *.myshopify.com *.diageohorizon.com dc.services.visualstudio.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self' *.klaviyo.com *.yotpo.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com; frame-src 'self' *.facebook.com *.klaviyo.com *.google.com *.youtube.com *.vimeo.com vimeo.com *.adsrvr.org *.anyroad.com where-to-buy.co *.doubleclick.net *.vtinfo.com; img-src 'self' *.liquidcheckout.com *.salsify.com *.facebook.com *.google.com *.klaviyo.com *.yotpo.com *.vtimg.com *.vimeocdn.com *.shopify.com *.googlesyndication.com *.diageoagegate.com *.diageoplatform.com *.drinkiq.com *.onetrust.com *.googletagmanager.com *.doubleclick.net *.juicer.io *.mapbox.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
default-src https://* http://vir-www-jc1-pro.csf.asso.fr http://vir-www-jc2-pro.csf.asso.fr gap-iab://* wss://* data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' app.storyblok.com *.sitegainer.com sitegainer.com *.cdn-sitegainer.com cdn-sitegainer.com *.symplify.com symplify.com *.pro.ip-api.com pro.ip-api.com *.myunidays.com app.vwo.com *.visualwebsiteoptimizer.com; worker-src 'self' blob: sitegainer.com *.sitegainer.com *.cdn-sitegainer.com cdn-sitegainer.com *.symplify.com symplify.com *.pro.ip-api.com pro.ip-api.com; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.myunidays.com *.visualwebsiteoptimizer.com app.vwo.com 1
object-src 'none'; frame-ancestors 'self' https://xtraffic.xyz https://*.xtraffic.xyz https://*.facebook.com https://facebook.com 1
default-src: *.hellodd.com; 1
frame-ancestors 'self' www.kitchenaid.at www.kitchenaid.be www.kitchenaid.ch www.kitchenaid.de www.kitchenaid.dk www.kitchenaid.es www.kitchenaid.fi www.kitchenaid.fr www.kitchenaid.hr www.kitchenaid.hu www.kitchenaid.ie www.kitchenaid.it www.kitchenaid.lu www.kitchenaid-mea.com www.kitchenaid.nl www.kitchenaid.no www.kitchenaid.pl www.kitchenaid.ro www.kitchenaid.ru www.kitchenaid.se www.kitchenaid.si www.kitchenaid.com.tr www.kitchenaid.co.uk; 1
frame-ancestors https://admin.beatmakers.tv https://admin.beatmaker.tv https://superadmin-btv.herokuapp.com 1
default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com  1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://*.nr-data.net https://js-agent.newrelic.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-pMg0vfjVF66mXRqZ+9x/2sx0FAnLvtwDTSugyTzyZBc=' 'sha256-T9HwDbdW6CNKBwUTTSeILwu7F7nqykIp8VYOSLckZUM=' 'sha256-LFSC27orAawC8Nqz0qRkL5muJInIH8DkbZaHtNnG07U=' 'sha256-Q/GibDT3wRd8PpDXBF1VVoJX6XYTOjCcao4gWUyXGno='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com; connect-src * data:; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' js.braintreegateway.com assets.braintreegateway.com *.commerce-payment-services.com ajax.cloudflare.com static.cloudflareinsights.com converter.dynamicconverter.com detect.dynamicconverter.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net device.maxmind.com polyfill.io assets.shipperhq.com *.paypal.com *.stats.paypal.com www.paypalobjects.com pay.google.com google.com www.gstatic.com www.google.com apis.google.com www.googleapis.com www.youtube.com s.ytimg.com player.vimeo.com vimeo.com; style-src * 'self' 'unsafe-inline' 'report-sample'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src 'self' api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.pusher.com wss://*.pusher.com *.mmapiws.com *.paypal.com *.stats.paypal.com google.com api.venmo.com; media-src * 'self' data: blob:; object-src 'self'; child-src 'self' orders.divegearexpress.com assets.braintreegateway.com ssl.kaptcha.com tst.kaptcha.com www.weltpixel.com beacon-v2.helpscout.net *.paypal.com *.stats.paypal.com www.dhl.com wesupplylabs.com www.youtube.com player.vimeo.com vimeo.com; frame-src 'self' orders.divegearexpress.com assets.braintreegateway.com ssl.kaptcha.com tst.kaptcha.com www.weltpixel.com beacon-v2.helpscout.net pay.google.com www.google.com recaptcha.google.com google.com *.paypal.com *.stats.paypal.com www.paypalobjects.com www.dhl.com wesupplylabs.com www.youtube.com player.vimeo.com vimeo.com; worker-src 'none'; frame-ancestors 'self'; form-action 'self' youtube.com; upgrade-insecure-requests; base-uri 'self'; report-uri https://divegearexpress.report-uri.com/r/d/csp/enforce; report-to csprpt 1
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' wwwdev.aov.de *.aov.de cdn.aov.de *.b-ite.com; connect-src 'self' jobs.b-ite.com *.aov.de; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' cdn.aov.de *.aov.de; 1
frame-ancestors 'self' *.scoutapp.ai 1
frame-ancestors 'self' https://home.apia.com.au *.home.apia.com.au https://online1.test.apia.com.au https://online.apia.com.au https://pvt-online.apia.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://mpsnare.iesnare.com https://assets1.apia.com.au/ https://chat.test.suncorp.com.au https://chat.suncorp.com.au https://nexus.ensighten.com/ *.bazaarvoice.com https://www.gstatic.com/ https://intercept-client.inmoment.com.au/ https://intercept.inmoment.com.au/ https://www.googletagmanager.com/ https://s.yimg.com/ https://cdn.gbqofs.com/ https://atag.adgile.media/ https://vxml4.plavxml.com/ https://connect.facebook.net/ https://smetrics.apia.com.au/ https://www.google-analytics.com/ https://s7.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://insurancepromotions.com.au/ https://www.google.com/ https://ajax.googleapis.com/; object-src 'none'; worker-src blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://insurancepromotions.com.au/ https://www.gstatic.com/ *.bazaarvoice.com; 1
default-src 'self'; connect-src 'self' https://*.delvenetworks.com https://*.llnw.net https://*.limelight.com https://bitrix.info https://www.1c-bitrix.ru https://www.google-analytics.com https://mc.yandex.ru; font-src 'self' data: fonts.gstatic.com; img-src * data:; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.delvenetworks.com *.llnw.net *.limelight.com https://bitrix.info https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' https://directed.api.servicetarget.com https://cdn.servicetarget.com http://www.google-analytics.com https://analytics.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://stats.g.doubleclick.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com  http://www.googleadservices.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ http://stage.directed.com http://www.directed.com https://ajax.googleapis.com https://fonts.googleapis.com http://www.google-analytics.com https://analytics.google.com/ https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://tagmanager.google.com/ https://fonts.googleapis.com/ http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; img-src 'self' 'unsafe-inline' data: https://www.viper.com https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; font-src 'self' 'unsafe-inline' data: https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; frame-src 'self' 'unsafe-inline' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com *.doubleclick.net  http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://accounts.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.jsdelivr.net *.youtube.com *.gstatic.com https://translate.googleapis.com/ *.moatads.com *.pinterest.com *.vimeo.com *.facebook.net *.hotjar.com *.marker.io *.newrelic.com *.nr-data.net *.googleapis.com *.sharethis.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com *.jsdelivr.net *.marker.io www.gstatic.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.google.com i.ytimg.com *.pinterest.com *.vimeocdn.com *.ggpht.com *.youtube.com *.marker.io *.doubleclick.net *.facebook.com *.sharethis.com *.googletagmanager.com *.nsw.gov.au *.facebook.net; media-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com vimeo.com *.google.com *.pinterest.com *.marker.io *.doubleclick.net *.hotjar.com *.facebook.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com vimeo.com *.marker.io *.nr-data.net *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.sharethis.com *.hotjar.io *.google.com data.stbuttons.click; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.financialcontent.com *.licdn.com googleads.g.doubleclick.net https://cdn.lr-in-prod.com ui.upcp.wirewheel.io s.upcp.wirewheel.io *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.financialcontent.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.linkedin.com *.google.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://retirementtool.massmutualascend.com/ https://www.youtube.com/ https://ui.uat.upcp.wirewheel.io/ https://ui.upcp.wirewheel.io/; connect-src 'self' accounts.google.com *.mktoresp.com *.visualstudio.com *.financialcontent.com *.linkedin.oribi.io *.lr-in-prod.com api.upcp.wirewheel.io api.uat.upcp.wirewheel.io *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.lr-in-prod.com blob: 1
frame-ancestors nedapflux.com www.nedapflux.com login.nedapflux.com *.login.nedapflux.com 1
default-src 'self';connect-src *;font-src * data:;frame-src *;img-src * data:;media-src *;object-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';frame-ancestors * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wien.rocks; img-src 'self' https: data: blob: https://wien.rocks; style-src 'self' https://wien.rocks 'nonce-Zdc0DXgYxIHiNj8EfX3rGA=='; media-src 'self' https: data: https://wien.rocks; frame-src 'self' https:; manifest-src 'self' https://wien.rocks; form-action 'self'; child-src 'self' blob: https://wien.rocks; worker-src 'self' blob: https://wien.rocks; connect-src 'self' data: blob: https://wien.rocks https://wien.rocks wss://wien.rocks; script-src 'self' https://wien.rocks 'wasm-unsafe-eval' 1
default-src 'self'; img-src * data: ; connect-src 'self' analytics.google.com *.google.com *.google.com.my ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com cdnjs.cloudflare.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com ; frame-src 'self' *.google.com ; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' 1
connect-src 'self' https://sentry.io appscdn.joomla.org www.google-analytics.com fonts.googleapis.com ajax.googleapis.com; object-src 'none'; 1
frame-src 'self' *.screeningeagle.com media.screeningeagle.com td.doubleclick.net *.cloudfront.net https://xd.adobe.com https://js.hsforms.net https://*.calendly.com *.hotjar.com https://www.google.com https://bid.g.doubleclick.net *.hubspot.com *.hsforms.com *.facebook.com *.cookiebot.com https://screeningeagle.jobs.personio.de https://vars.hotjar.com https://www.youtube.com https://id.screeningeagle.com https://www.youtube-nocookie.com  https://screeningeagle-3.hubspotpagebuilder.com *.hubspotpagebuilder.com https://recaptcha.net; frame-ancestors 'self' *.proceq.com *.hubspotpagebuilder.com *.cookiebot.com *.hubspot.com *.hsforms.com *.pollunit.com *.personio.de https://screeningeagle.jobs.personio.de; 1
default-src 'self' https:; font-src 'self' https: data: https://fonts.gstatic.com; img-src 'self' https: data: https://www.googletagmanager.com https://www.google-analytics.com https://optimize.google.com; object-src 'none'; frame-src 'self' https: https://optimize.google.com https://www.google.com/recaptcha/; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-DoXqh3vysU13YEWpThnMNg=='; style-src 'self' https: 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com; base-uri 'self'; connect-src 'self' https: https://www.google-analytics.com; report-uri https://o993003.ingest.sentry.io/api/5950854/security/?sentry_key=d203ea14d5c2444aac86d98b17ac1413&sentry_environment=production&sentry_release=6a5c8d98a793444703a417d24acc956bd3108d78 1
default-src 'self'; frame-src 'self' https://*.youtube.com https://*.google.com https://*.hsforms.com https://*.twitter.com https://*.doubleclick.net; img-src 'self' https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://*.hsappstatic.net https://*.google.co.in https://*.ytimg.com https://*.clarity.ms https://*.bing.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.hubspot.net https://*.hsappstatic.net; connect-src 'self' https://*.hubspot.com https://*.hubapi.com https://*.hscollectedforms.net https://*.clarity.ms https://*.hsforms.com https://*.google.com https://*.linkedin.com https://*.google-analytics.com https://*.google.co.in https://*.doubleclick.net; font-src 'self' https://*.gstatic.com https://*.hubspotusercontent-na1.net; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-OLS8zr1ywFrLbl8o89wAHg=='; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.clearly.com.au https://*.luxottica.com https://*.essilorluxottica.com; 1
default-src 'self' https://i.ytimg.com/ data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://vimeo.com/ http://player.vimeo.com/ 1
upgrade-insecure-requests; default-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-forms allow-downloads allow-popups-to-escape-sandbox allow-presentation ; frame-ancestors 'self' https://www.youtube.com/; form-action https://www.facebook.com/tr/; base-uri 'self';img-src 'self' https://www.google.co.in/ads/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ data: https://storage.googleapis.com/branddesignmanager/ https://storage.googleapis.com/answerconnect-website/ https://assets.answerconnect.com/  https://www.google.co.in/pagead/ https://www.google.com/ads/ga-audiences https://www.googletagmanager.com/ https://www.google.com/pagead/ https://bat.bing.com/action/ https://app.chatsupport.co/api/ https://sync.outbrain.com/ https://simage2.pubmatic.com/AdServer/ https://sync.taboola.com/ https://googleads.g.doubleclick.net/pagead/ https://px.ads.linkedin.com/ https://d.adroll.com/ https://p.adsymptotic.com/ https://dsum-sec.casalemedia.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://a.tribalfusion.com/ https://eb2.3lift.com/ https://ads.yahoo.com/cms/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://www.facebook.com/tr/ https://u.fg8dgt.com/ https://www.linkedin.com/px/ https://ups.analytics.yahoo.com/ups/ https://segments.company-target.com/ https://blip.bizrate.com/ https://analytics.twitter.com/i/ https://testgvbgjbhjb.com/ https://nxtck.com/ https://cm.g.doubleclick.net/ https://token.rubiconproject.com/ https://d.adroll.com/cm/ https://storage.googleapis.com/livesupport/chat/images/ https://google.com/ https://px.ads.linkedin.com/collect/ https://storage.googleapis.com/full-assets/ https://lh3.googleusercontent.com/ https://dp-sync.dotomi.com/ https://pix.impdesk.com/csync/ https://su.addthis.com/ https://aorta.clickagy.com/ https://sync.placelocal.com/ https://pixel.jumptap.com/e/v1/pixel/ https://www.storygize.net/ https://mmtro.com/cse/ https://rp.gwallet.com/r1/ https://cm.ctnsnet.com/int/ https://avatar.anywhere.app/files/ https://ds.reson8.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://t.myvisualiq.net/ https://ps.eyeota.net/ https://tag.clrstm.com/ https://sync.mediawallahscript.com/ https://pxl.connexity.net/ https://dmpsync.3lift.com/ https://ssp.videostat.com/ssp/ https://px.gumgum.com/liveramp/ https: https://*.chatsupport.co;script-src 'self' 'nonce-4862fccf35994a56bafc09aab6f04011' 'unsafe-eval' https://utt.impactcdn.com/ https://*.tiktok.com/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/ https://www.googletagmanager.com/ https://storage.googleapis.com/clientaccess/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://storage.googleapis.com/answerconnect-website/us/js/ https://www.googleoptimize.com/ https://static.hotjar.com/c/ https://*.chatsupport.co https://assets.answerconnect.com/common/js/ https://bat.bing.com/ https://cdn.callrail.com/companies/ https://www.clickcease.com/monitor/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud https://js.callrail.com/group/ https://widget.trustpilot.com/bootstrap/ https://s.adroll.com/ https://d.adroll.mgr.consensu.org/consent/ https://d.adroll.com/ https://script.hotjar.com/ https://app.chatsupport.co/api/ https://snap.licdn.com/li.lms-analytics/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://script.tapfiliate.com/ https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://g.microsoft.com/clarity/ https://signup-dot-live-cwa.appspot.com/ https://assets.answerconnect.com/answerconnect/us/setmore_iframe.js https://storage.googleapis.com/answerconnect-website/ https://*.clarity.ms/ https://*.taboola.com/ blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ ;style-src 'self' 'unsafe-inline' https: ;font-src 'self' data: https://use.typekit.net https://storage.googleapis.com/livesupport/chat/fonts/ ;connect-src 'self' https://answerconnect.pxf.io/ https://*.tiktok.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://livesupport-app.appspot.com/api/ https://in.hotjar.com/ https://script.googleusercontent.com/macros/ https://signup-dot-live-cwa.appspot.com/ https://signup-dot-stagingclientwebaccess-hrd.appspot.com/ wss://rtmserver.anywhereworks.com/ https://vc.hotjar.io/ wss://vc.hotjar.io/ https://*.hotjar.com/ https://*.chatsupport.co https://o151188.ingest.sentry.io https://analytics.google.com/ https://pagead2.googlesyndication.com/ wss://*.hotjar.com/ https://script.google.com/a/anywhere.co/macros/ https://optimize.google.com/ https://signup.staging.answerconnect.com/services/ https://js.callrail.com/ https://bat.bing.com/actionp/ https://monitor.clickcease.com/conversions/api/ https://www.facebook.com/tr/ https://frstre.com/ https://signup.answerconnect.com/ https://manager.eu.smartlook.cloud/rec/ https://assets-proxy.smartlook.cloud/ https://events-writer.smartlook.com/rec/ https://web-writer.sg.smartlook.cloud/rec/ https://*.smartlook.com https://*.smartlook.cloud https://hooks.zapier.com/ https://www.youtube.com/ https://cdn.linkedin.oribi.io/partner/1935674/domain/ https://*.clarity.ms/ https://api-dot-stag-fullstorage.appspot.com https://api-dot-live-fullstorage.appspot.com https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.taboola.com/ https://analytics.google.com/ https://region1.google-analytics.com/ ;media-src 'self' https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/answerconnect-website/  https://assets.answerconnect.com/anywhereworks/videos/ https://*.chatsupport.co;frame-src 'self' https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://optimize.google.com/ https://bid.g.doubleclick.net/ https://widget.trustpilot.com/ https://my.setmore.com/ https://booking.setmore.com/ https://td.doubleclick.net/ https://www.youtube.com/ ;object-src 'self' https://storage.googleapis.com/ https://assets.answerconnect.com/ ; 1
frame-ancestors 'self' https://cliente.skandia.com.mx; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com a.twiago.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.facebook.net *.dynatrace.com *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net  *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com *.clarity.ms clarity.ms snap.licdn.com  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' *.thebrighttag.com *.krxd.net id5-sync.com *.demdex.net *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.facebook.net *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.linkedin.com *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; media-src 'self' *.tawk.to ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com *.google.it google.it *.clarity.ms clarity.ms *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.addtoany.com *.pagead2.googlesyndication.com *.googlesyndication.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.syc.com.co www.google.com www.gstatic.com; connect-src 'self' www.colpensionestransaccional.gov.co *.syc.com.co www.google.com www.gstatic.com wss://www.syc.com.co; img-src 'self' data: *.syc.com.co; object-src 'self' data: *.syc.com.co; frame-src 'self' www.google.com data:; frame-ancestors 'none'; 1
base-uri https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io https://*.golinks.com https://*.golinks.dev; connect-src 'self' https://*.6sc.co/ https://*.chilipiper.com/ https://*.clearbit.com/ https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://api.company-target.com/ https://secure.adnxs.com/ https://www.g2.com https://golinks.io https://golinks.com https://golinks.dev https://*.factors.ai/ https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://accounts.google.com/ https://analytics.google.com/ wss://*.intercom.io/ https://*.intercomcdn.com/ https://*.intercom.io/ https://www.facebook.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.google.com/ https://*.doubleclick.net/ https://*.hubspot.com/ https://api.hubapi.com/ https://js.hs-scripts.com/ https://cdn2.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.com https://*.hsforms.net https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://cdn.linkedin.oribi.io/ https://js.usemessages.com https://*.vidyard.com https://*.hsforms.com/ https://*.uptime.com/ https://*.fullstory.com; default-src 'self' ;font-src 'self' data: https://js.intercomcdn.com/ https://fonts.gstatic.com/ https://pro.fontawesome.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/;frame-src 'self' https://*.chilipiper.com/ https://boards.greenhouse.io/ https://www.facebook.com/ https://optimize.google.com https://app.hubspot.com/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.google.com/ https://*.googletagmanager.com https://accounts.google.com/ https://js.stripe.com/ https://www.youtube.com/ https://*.loom.com/ https://bid.g.doubleclick.net/ https://www.g2.com/products/;img-src 'self' data: https: blob: https://rs.fullstory.com https://www.g2.com/products/golinks/ https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://favicon-cdn.golinks.io https://www.g2.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ws.zoominfo.com/ ;media-src 'self' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.dev/ https://*.golinks.com/ ; object-src 'none'; report-uri https://www.golinks.io/csp-violation-report.php; script-src 'self' 'strict-dynamic' 'nonce-NmJiMmRlYjFmZDU2MWFiYTE2NjAzNmM3OTk1YTQ0ZGY0NjM0MTEzN2IyNGQyZGMwYjg5MGM3Nzc2YmYxODM3OQ==' https: https://boards.greenhouse.io/ https://connect.facebook.net/ https://api.hubapi.com/ https://code.jquery.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://cdn.polyfill.io/ https://d3js.org/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://cdnjs.cloudflare.com/ajax/libs/ https://cdnjs.com/libraries/bodymovin/ https://*.google-analytics.com/ https://analytics.google.com/ https://*.googletagmanager.com https://bid.g.doubleclick.net/ https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://www.g2.com/ https://ws.zoominfo.com/ https://js.hs-scripts.com/ https://www.g2.com/products/ https://*.uptime.com/ https://*.fullstory.com; style-src 'self' 'unsafe-inline' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://fonts.googleapis.com/ https://accounts.google.com/ https://*.googletagmanager.com https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://pro.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/c3/ https://optimize.google.com/optimize/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tour/; 1
default-src 'self' https://epjmj2023blob-dbg3a9bra3dhdpe6.z01.azurefd.net https://epjmj2023qablob-gmehapawbmdqb2cb.z01.azurefd.net 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; img-src 'self' data: https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com https://www.google-analytics.com https://epjmj2023blob-dbg3a9bra3dhdpe6.z01.azurefd.net https://epjmj2023qablob-gmehapawbmdqb2cb.z01.azurefd.net https://tile.openstreetmap.org/ https://rd3.videos.sapo.pt https://cache09.stormap.sapo.pt https://i.vimeocdn.com 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.googletagmanager.com https://player.vimeo.com 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; script-src-elem 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.googletagmanager.com https://*.google-analytics.com https://player.vimeo.com 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; style-src 'self' 'unsafe-inline' data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://player.vimeo.com https://rd3.videos.sapo.pt https://players.brightcove.net 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; font-src 'self' data: 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://qa-jmj-dotnet-api.jollysea-557f070c.westeurope.azurecontainerapps.io https://jmj2023.meoempresas.pt 'nonce-A1ON/qK6bFGa+zYpb7oDByBlvqxkJib9WHuXikzLv7c='; upgrade-insecure-requests; 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.w3.org https://www.youtube.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' http://www.w3.org/2000/svg data:;img-src 'self' http://www.w3.org/2000/svg data:; frame-src https://www.youtube.com https://www.gstatic.com https://www.google.com; frame-ancestors 'self' 1
default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com/api/player.js https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://i0.wp.com https://blog.recipero.com https://d2pr8nqihcsukr.cloudfront.net https://i.vimeocdn.com https://syndication.twitter.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk; media-src 'self'; object-src 'none'; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://www.google.com; worker-src 'none'; base-uri 'self'; manifest-src 'self' 1
default-src 'self' cht.timerbank.ru translate.yandex.net api.hh.ru *.googletagmanager.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com bitrix.info www.google-analytics.com mc.yandex.ru api-maps.yandex.ru *.maps.yandex.net yastatic.net ssl.google-analytics.com stats.g.doubleclick.net top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline'; img-src 'self' i-api.hh.ru mc.yandex.ru *.doubleclick.net *.google-analytics.com blob: data: api-maps.yandex.ru *.maps.yandex.net; 1
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.hosted-pageflow.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' https://api.reciteme.com/ https://ystweb.cantarusdev.co.uk/ https://ajax.cloudflare.com/ blob: https://tools.luckyorange.com/ https://platform.twitter.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://cc.cdn.civiccomputing.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://api.reciteme.com/ https://tools.luckyorange.com/ 'unsafe-inline'; img-src * data:; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://anchor.fm/ https://podcasters.spotify.com/; font-src 'self' https://api.reciteme.com/ https://storage.googleapis.com/ https://fonts.gstatic.com/ data: ;connect-src 'self' https://tools.luckyorange.com/  https://settings.luckyorange.com/ https://apikeys.civiccomputing.com/ https://region1.google-analytics.com/ https://pubsub.googleapis.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com/ https://stats.reciteme.com/ https://api.reciteme.com/ https://api-preview.luckyorange.com/ https://in.visitors.live/ https://our.umbraco.com/ 1
default-src data: blob: https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:* https://emea3.recruitmentplatform.com https://journey-service.tb.lumesse.com https://message-broker.shared.lumessetalentlink.com https://idx.liadm.com https://core.service.elfsight.com https://storage.elfsight.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.fonts.net; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://platform.twitter.com https://tools.eurolandir.com https://www.connectidfeed.com https://www.linkedin.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com https://static.lumessetalentlink.com https://pbs.twimg.com https://phosphor.utils.elfsightcdn.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net https://download-video.akamaized.net.mcas.ms; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://emea3.recruitmentplatform.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://secure.leadforensics.com https://static.elfsight.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com https://*.typekit.net https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.fonts.net;worker-src blob: 1
frame-ancestors staging.firebrand.training firebrand.training cms.firebrandtraining.com 1
base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com cdn.segment.com *.pipedrive.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.cmh-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-to csp-endpoint; report-uri https://www.pipedrive.com/api/csp-reports 1
default-src 'self' 'unsafe-inline' *.fls.doubleclick.net https://lptag.liveperson.net https://dpm.demdex.net https://www.googletagmanager.com https://www.google-analytics.com https://hello.myfonts.net https://tags.tiqcdn.com https://lloydsbanking.kuluvalley.com *.webtrends.com *.webtrendslive.com *.google.com *.youtube.com *.gstatic.com https://www.baseratecalculator.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com https://www.googletagmanager.com *.liveperson.net https://www.google-analytics.com https://tags.tiqcdn.com https://lptag.liveperson.net; img-src 'self' data: https://app.reapit.net/ https://lloydsbankinggroup.d3.sc.omtrdc.net/ https://alto-live.s3.amazonaws.com https://www.uklandandfarms.co.uk/ https://www.google-analytics.com/ https://content.knightfrank.com/ https://app.jetsoftware.co.uk/ https://assets.reapit.net/ https://images.portalimages.com/ https://alto2-live.s3.amazonaws.com/ https://med05.expertagent.co.uk/ https://dataexport.co.uk/ https://www.woodlands.co.uk/images/uklandandfarms-1.png https://alto3-alto-media.s3.amazonaws.com/ https://alto4-alto-media.s3.amazonaws.com/ https://app.reapit.net; font-src 'self' data: ;  report-uri /Pulse/CSP/csp-report.ashx 1
default-src 'self'; font-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; script-src https://bi.bvonesource.com/ 'self' https://* 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' https://* data:; style-src 'self' https://* 'unsafe-inline'; frame-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self' 'unsafe-inline' 'unsafe-eval' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles serrv.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com manage.kmail-lists.com api.livechatinc.com *.google.com www.googletagmanager.com *.acsbapp.com cdn.commercev3.net/cdn.serrv.org; default-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com fonts.gstatic.com   use.fontawesome.com; font-src 'self' serrv.commercev3.com s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com use.typekit.net cdn.rawgit.com cdn.jsdelivr.net acsbapp.com cdn.livechatinc.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com secure.livechatinc.com www.youtube.com platform.twitter.com www.googletagmanager.com ct.pinterest.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com servedby.ipromote.com/ad/ log.pinterest.com www.serrv.org  *.adnxs.com *.twitter.com *.gstatic.com *.acsbapp.com cdn.commercev3.net/cdn.serrv.org cdnjs.cloudflare.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.acsbapp.com assets.pinterest.com acsbapp.com secure.trust-provider.com api.livechatinc.com *.twimg.com *.twitter.com tpc.googlesyndication.com cdn.jsdelivr.net/npm/popper.js@1.16.1/ cdn.jsdelivr.net/npm/intersection-observer@0.7.0/ cdn.jsdelivr.net/npm/vanilla-lazyload@12.5.0/; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.acsbapp.com assets.pinterest.com acsbapp.com secure.trust-provider.com api.livechatinc.com *.twimg.com *.twitter.com tpc.googlesyndication.com cdn.jsdelivr.net/npm/popper.js@1.16.1/ cdn.jsdelivr.net/npm/intersection-observer@0.7.0/ cdn.jsdelivr.net/npm/vanilla-lazyload@12.5.0/; style-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net use.typekit.net p.typekit.net cdn.rawgit.com cdn.jsdelivr.net cdn.jsdelivr.net/npm/bootstrap@4.5.3/ *.klaviyo.com; style-src-elem 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net use.typekit.net p.typekit.net cdn.rawgit.com cdn.jsdelivr.net cdn.jsdelivr.net/npm/bootstrap@4.5.3/ *.klaviyo.com; style-src-attr  'unsafe-inline'; media-src 'self' serrv.commercev3.com s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org www.bing.com; 1
script-src 'strict-dynamic' 'self' 'nonce-b623OKuShzJ9J0NlbQptGA==' 'report-sample'; report-uri /leercmb2cprod.onmicrosoft.com/B2C_1_SignIn_MFA/client/cspreport?p=B2C_1_SignIn_MFA 1
base-uri 'self' *.crazyegg.com;connect-src 'self' https://ip2c.org https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net *.crazyegg.com *.sentry.io https://*.com https://com https://*.elfsight.com https://core.service.elfsight.com *.elfsight.com;default-src 'self' *.crazyegg.com blob:;form-action 'self' *.crazyegg.com;media-src 'self' *.crazyegg.com;object-src 'none';font-src 'self' data: https://fonts.gstatic.com;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://www.gravatar.com https://*.s3.amazonaws.com https://*.com https://com https://cdn.worldweatheronline.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com *.crazyegg.com *.prfct.co *.adnxs.com https://www.glassdoor.com https://seal-dc-easternpa.bbb.org;frame-src 'self' https://widget.trustpilot.com https://www.google.com https://www.youtube.com https://cse.google.com *.crazyegg.com *.youtube-nocookie.com *.marketingautomation.services;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.com https://com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://widget.trustpilot.com https://www.youtube.com https://cse.google.com https://partner.googleadservices.com *.crazyegg.com blob: *.marketingautomation.services *.perfectaudience.com *.prfct.co https://static.elfsight.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google.com *.crazyegg.com 1
frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com/ https://c1.adform.net/ https://paleisamsterdam.globalticket.nl/; default-src 'self'; object-src 'none'; font-src 'self'; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://i.ytimg.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png https://www.facebook.com/tr/ https://www.gravatar.com/; script-src 'self' https://www.youtube.com/ https://youtube.com/iframe_api https://www.youtube.com/iframe_api https://www.youtube.com/s/player/5dd3f3b2/www-widgetapi.vflset https://www.googletagmanager.com/debug/bootstrap https://s.ytimg.com 'unsafe-inline' https://www.google-analytics.com/analytics.js http://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/hotjar-2186599.js https://script.hotjar.com/modules.aa4c7aaa5da61b98a766.js https://script.hotjar.com/modules.9a7681f2864b86bb700a.js https://script.hotjar.com/modules.1eae5f578812029ee612.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/189162992320605 https://connect.facebook.net/signals/plugins/identity.js https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://track.adform.net/Serving/TrackPoint/ 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'none'; connect-src 'self' https://stats.g.doubleclick.net/j/collect https://in.hotjar.com/api/v2/client/sites/2186599/visit-data https://vc.hotjar.io/sessions/2186599 wss://ws6.hotjar.com/api/v2/client/ws https://ws6.hotjar.com/api/v2/sites/2186599/recordings/content www.google-analytics.com 1
default-src 'self' 'unsafe-eval' https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://www.gstatic.com https://*.snippet.antillephone.com/apg-seal.js https://d2afn796dyftlg.cloudfront.net https://cdn.onesignal.com https://onesignal.com/api/ https://*.regily.com https://*.ingest.sentry.io https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com https://*.regily.com; font-src https://omnislots.com https://*.operator.network https://fonts.googleapis.com https://fonts.gstatic.com https://*.regily.com; img-src data: *; media-src https://omnislots.com https://*.operator.network https://*.regily.com; connect-src 'self' https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://stats.g.doubleclick.net https://api.solitics.com wss://wss.solitics.com:8082 https://onesignal.com/api/ https://*.ingest.sentry.io https://*.regily.com https://api64.ipify.org; script-src-elem 'unsafe-inline' data: https://omnislots.com https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://www.gstatic.com https://www.googletagmanager.com https://*.snippet.antillephone.com/apg-seal.js https://d2afn796dyftlg.cloudfront.net https://cdn.onesignal.com https://onesignal.com/api/ https://*.regily.com https://cdn.jsdelivr.net https://cdn.mouseflow.com; frame-src https://omnislots.com https://*.regily.com https://*.operator.network https://*.google.com https://*.google.hu https://*.paymentiq.io https://survey.alchemer.com https://www.youtube.com https://gist.github.com https://iframe-test-mg2q.onrender.com https://forms.office.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ipex-insights.com *.adform.net *.bing.com *.doubleclick.net *.facebook.com *.facebook.net *.pinterest.com s.pinimg.com 108ikea.boost.ai www.googleadservices.com *.googlesyndication.com *.google.no *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au *.ariba.com *.hydrotasmania.com.au 1
script-src 'unsafe-eval' 'self' 'nonce-KZA3JciZBYOANUfg6N4i' cdn-app.staging-peakon.com static.zdassets.com ekr.zdassets.com peakon.zendesk.com peakon1606916913.zendesk.com; style-src 'unsafe-inline' 'self' cdn-app.staging-peakon.com static.peakon.com; connect-src api.staging-peakon.com 'self' cdn-app.staging-peakon.com nw.megaleo.com activity.staging-peakon.com realtime.staging-peakon.com wss://realtime.staging-peakon.com api.rollbar.com peakon-temporary-staging.s3.amazonaws.com peakon-uploads-staging.s3.amazonaws.com slack.staging-peakon.com status.peakon.com sync.staging-peakon.com static.zdassets.com ekr.zdassets.com *.zopim.com peakon.zendesk.com peakon1606916913.zendesk.com wss://peakon.zendesk.com wss://peakon1606916913.zendesk.com wss://*.zopim.com ekr.zendesk.com; default-src 'none'; base-uri 'self'; img-src * cdn-app.staging-peakon.com data: v2assets.zopim.io static.zdassets.com data:; form-action 'self'; font-src 'self' cdn-app.staging-peakon.com static.peakon.com data:; media-src * static.zdassets.com; frame-src training.staging-peakon.com player.vimeo.com; report-uri https://peakon.report-uri.com/r/d/csp/enforce 1
img-src 'self' ttrecms.com *.ttrecms.com siteintercept.qualtrics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ttrecms.com *.ttrecms.com *.google.com *.gstatic.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com; frame-src 'self' ttrecms.com *.ttrecms.com *.google.com *.qualtrics.com siteintercept.qualtrics.com; font-src 'self' 'unsafe-inline' ttrecms.com *.ttrecms.com *.google.com *.googleapis.com *.gstatic.com siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' ttrecms.com *.ttrecms.com *.ttrus.com *.google.com *.googleapis.com siteintercept.qualtrics.com; default-src 'self' ttrecms.com *.ttrecms.com siteintercept.qualtrics.com; 1
default-src *; font-src * data:; img-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; media-src * data:; connect-src *;  frame-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai/ https://preview-deliver.kontent.ai https://preview-assets-eu-01.kc-usercontent.com:443 https://www.siag.it/ https://www.googletagmanager.com https://www.google-analytics.com/ https://maps.googleapis.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.googleapis.com/ https://*.google.com/ https://*.facebook.net/ https://siteimproveanalytics.com/ https://*.siteimproveanalytics.io/ https://ingestion.webanalytics.italia.it/ https://assets-eu-01.kc-usercontent.com/ https://fonts.gstatic.com/ https://redas.services.siag.it/ https://api.integrations.services.siag.it/ https://civis.bz.it/; block-all-mixed-content; base-uri 'self'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; frame-src 'self' *.trustpilot.com  *.eshapay.net *.ephapay.net *.dwin1.com *.awin1.com; connect-src 'self' *.google-analytics.com *.services.visualstudio.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com api.experianaperture.io; object-src 'none'; img-src 'self' *.google-analytics.com *.googletagmanager.com *.digicert.com *.theidol.com *.g.doubleclick.net www.google.com/pagead www.google.co.uk/pagead aequotechbeaconapi-uat.azurewebsites.net/api/ aequotechbeaconapi.azurewebsites.net/api/ www.moneysupermarket.com travelinsurance.quidco.com travelmedical-uk-cyti.cytiuat.tech travelmedical-uk-forbes.cytiuat.tech travelmedical-uk-msm.cytiuat.tech travelmedical-uk-kayak.cytiuat.tech travelmedical-uk-tsm.cytiuat.tech www.awin1.com *.dwin1.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.trustpilot.com *.aspnetcdn.com *.googletagmanager.com *.hotjar.com *.vo.msecnd.net *.digicert.com *.googleapis.com *.googleoptimize.com *.googleadservices.com *.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/ cdnjs.cloudflare.com/ajax/libs/jquery-validate/ cdnjs.cloudflare.com/ajax/libs/modernizr/2.6.2/ cdn.jsdelivr.net/npm/popper.js@1.16.1/ www.dwin1.com *.awin1.com; frame-ancestors 'self'; 1
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval' intent: fb-messenger:; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 1
report-uri https://chalet.report-uri.com/r/d/csp/reportOnly; default-src 'self' data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://*.gstatic.com https://*.googleapis.com https://*.ingest.sentry.io https://sentry.io https://t.chalet.nl https://t.chalet.be https://t.chaletonline.de https://t.chaletonline.com https://t.zomerhuisje.nl https://pagead2.googlesyndication.com https://squeezely.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.livechatinc.com https://google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chalet.nl https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://squeezely.tech https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net http://connect.facebook.net https://*.livechatinc.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://player.vimeo.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.chalet.nl https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://squeezely.tech https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net http://connect.facebook.net https://*.livechatinc.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.googleapis.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.livechatinc.com; img-src 'self' data: https://www.chalet.nl https://*.matterport.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.ggpht.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.googleadservices.com https://*.squeezely.tech https://static.hotjar.com https://script.hotjar.com https://www.facebook.com https://connect.facebook.net https://*.livechatinc.com https://livechat.s3.amazonaws.com https://*.livechat-files.com https://*.livechat-static.com https://cdnjs.cloudflare.com https://*.tradetracker.net https://uicdn.toast.com https://i.vimeocdn.com https://cdn.tourploeg.nl https://my.matterport.com https://google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; media-src 'self' data: https://cdn.livechatinc.com; frame-src 'self' https://*.google.com https://td.doubleclick.net https://www.googletagmanager.com https://tpc.googlesyndication.com https://www.youtube.com https://vars.hotjar.com https://www.facebook.com https://*.livechatinc.com https://player.vimeo.com https://my.matterport.com https://verzekeringskaarten.nl; base-uri 'none' 1
frame-ancestors 'self' https://buy.adesa.com https://ots.drivindealer.com https://*.iasmarketplace.com https://*.velocicast.io 1
default-src 'self' 'unsafe-inline'; media-src 'self' data: blob: 1
frame-ancestors 'self' http://127.0.0.1:8000 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com secure.payzen.eu maps.googleapis.com *.paypal.com *.algolia.net *.algolianet.com *.bing.com *.facebook.net www.googletagmanager.com *.mgtmod01.com *.magnetis.io *.modulecall.fr www.gstatic.com googleads.g.doubleclick.net www.google.fr *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr trk.adbutter.net pixel.mathtag.com mathid.mathtag.com static.criteo.net *.criteo.com t.eu1.dyntrk.com *.taboola.com *.outbrain.com *.r66net.com *.videostep.com *.invibes.com *.y-track.com *.chainethermale.fr *.pinimg.com;frame-src 'self' secure.payzen.eu www.youtube.com maps.googleapis.com *.paypal.com secure.ogone.com ogone.test.v-psp.com *.openstreetmap.org *.facebook.com *.youtube-nocookie.com pixel.mathtag.com dis.eu.criteo.com *.criteo.net *.criteo.com gum.criteo.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr widget.eu.criteo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com *.gstatic.com placehold.it https://picsum.photos *.chainethermale.fr admin.chainethermale.fr *.bing.com *.facebook.com www.magazinethermal.fr stats.g.doubleclick.net *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net secure.adnxs.com pixel.mathtag.com t.eu1.dyntrk.com cdn.n.dynstc.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.criteo.com e1.emxdgt.com cm.g.doubleclick.net rtb-csync.smartadserver.com *.yahoo.fr *.yahoo.com eb2.3lift.com ad.360yield.com ib.adnxs.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net x.bidswitch.net visitor.omnitag.com match.sharethrough.com i.liadm.com e1.emxdgt.com criteo-partners.tremorhub.com *.mediavine.com *.pubmatic.com *.yieldlab.net *.smartclip.net *.thebrighttag.com beacon.krxd.net *.demdex.net *.yieldmo.net *.yieldmo.com pixel.rubiconproject.com id5-sync.com *.invibes.com *.ivitrack.com *.videostep.com *.omnitagjs.com ks.b26net.com *.y-track.com www.googletagmanager.com *.yahoo.net *.postrelease.com *.pinterest.com;font-src 'self' fonts.gstatic.com data: cdn.linearicons.com;connect-src 'self' *.paypal.com *.algolia.net *.algolianet.com www.google-analytics.com *.mgtmod01.com *.magnetis.io *.modulecall.fr noembed.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net *.criteo.com *.taboola.com *.outbrain.com *.googletagmanager.com *.googleadservices.com *.google.com *.google.fr *.invibes.com *.r66net.com *.y-track.com *.chainethermale.fr *.analytics.google.com *.google-analytics.com *.googlesyndication.com;base-uri 'self' 1
frame-ancestors self *.fanpla.jp; 1
frame-ancestors 'self' https://www.totenart.com https://en.totenart.com https://totenart.pt; 1
script-src 'self' *.rankedgaming.com *.stripe.com *.googleapis.com *.google.com *.gstatic.com *.jquery.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.rankedgaming.com 1
default-src 'none' ; object-src 'none' ; frame-ancestors 'none' ; frame-src https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com/ https://player.vimeo.com/ https://widget.trustpilot.com; connect-src 'self' https://amon.tech https://wallet.amon.tech https://api.amon.tech amon://app https://app https://d.clarity.ms https://g.clarity.ms https://f.clarity.ms https://www.clarity.ms https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://static.ads-twitter.com https://analytics.tiktok.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://api.exchangeratesapi.io https://sentry.io https://o112442.ingest.sentry.io https://api.coingecko.com https://api.celsius.network; script-src 'self' https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com https://analytics.twitter.com https://www.redditstatic.com https://js.hs-scripts.com https://bat.bing.com https://snap.licdn.com https://widget.trustpilot.com https://js.hs-banner.com https://js.hs-analytics.net https://www.youtube.com/ https://ajax.googleapis.com https://www.clarity.ms https://d.clarity.ms https://g.clarity.ms https://f.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline'; style-src 'self' data: https://fonts.googleapis.com 'unsafe-inline' ; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com ; img-src 'self' https: blob: data: https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; media-src 'self' ; form-action 'self' https://www.facebook.com; base-uri 'self' ; manifest-src 'self' ; worker-src 'self' ; upgrade-insecure-requests ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net cdn.syndication.twimg.com *.google.com *.twitter.com *.gstatic.com *.googleapis.com cdn.rawgit.com *.google-analytics.com *.googleadservices.com *.licdn.com https://cdn.jsdelivr.net/npm/froala-editor@4.0.5/ *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hs-analytics.net *.googletagmanager.com *.doubleclick.net *.app-us1.com *.cloudfront.net trackcmp.net *.activehosted.com *.trackcmp.net *.roadmap.space *.hsappstatic.net *.xero.com *.redditstatic.com *.hotjar.com *.clarity.ms; 1
font-src 'self' https://fonts.googleapis.com https://*.agencewebcom.com https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net https://use.typekit.net ; base-uri 'self'; 1
frame-ancestors *.nocrm.io 1
0 1
frame-ancestors 'self' https://*.fh-krems.ac.at https://*.fhkrems-events.expo-ip.com https://fhkrems-events.expo-ip.com; default-src 'self' data: https://*.fh-krems.ac.at https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.fhkrems-events.expo-ip.com https://fhkrems-events.expo-ip.com https://*.issuu.com https://*.cookiebot.com https://*.soundcloud.com https://*.doubleclick.net https://*.podigee.com https://*.podigee-cdn.net https://*.lightwidget.com https://lightwidget.com https://*.xing-events.com https://*.timelapsesystems.at https://*.svc.dynamics.com https://einreichportal.waca.at https://eepurl.com https://fh-krems.us2.list-manage.com/; script-src 'self' 'unsafe-inline' https://*.google.com https://*.youtube.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://*.googleoptimize.com/ https://*.googletagmanager.com https://*.gstatic.com https://*.cookiebot.com https://*.google-analytics.com https://*.issuu.com https://*.podigee.com https://*.podigee-cdn.net https://*.lightwidget.com https://lightwidget.com https://*.googleapis.com https://*.xing-events.com https://mktdplp102cdn.azureedge.net https://connect.facebook.net https://fh-krems.us2.list-manage.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.podigee.com https://*.podigee-cdn.net; img-src 'self' 'unsafe-inline' data: http://www.w3.org/2000/svg https://*.google.com https://*.google.at https://*.googleapis.com https://*.google-analytics.com https://*.youtube.com https://*.rawgit.com https://raw.githubusercontent.com/googlemaps/js-marker-clusterer/gh-pages/images/ https://*.gstatic.com https://*.googletagmanager.com https://*.timelapsesystems.at https://*.facebook.com https://cdn.jsdelivr.net/gh/googlemaps/js-marker-clusterer https://cdnx.truecrt.com https://fh-krems.us2.list-manage.com/ 1
img-src 'self' https://tags.srv.stackadapt.com data: https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://i.vimeocdn.com https://fonts.gstatic.com https://www.facebook.com https://www.groupexpro.com https://groupexpro.com https://img.youtube.com https://tvscientfic.com https://tvspix.com https://igodigital.com http://tvsquared.com https://tvsquared.com tv2track.js https://www.redditstatic.com/ads/pixel.js; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com *.google.com www.google-analytics.com cdnjs.cloudflare.com static.hotjar.com connect.facebook.net *.tvsquared.com *.hotjar.com www.gstatic.com *.groupexpro.com groupexpro.com blob: *.googleadservices.com pixel.mathtag.com *.addthis.com z.moatads.com v1.addthisedge.com *.jquery.com *.doublethedonation.com doublethedonation.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.cloudfront.net https://maps.gstatic.com https://static.hotjar.com *.cloudfront.net https://tvscientfic.com https://tvspix.com https://igodigital.com https://js.adsrvr.org http://tvsquared.com https://tvsquared.com tv2track.js https://www.redditstatic.com/ads/pixel.js addtocalendar.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.polyfill.io https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://ymaryland.org/report-uri/enforce 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://future4200.com/logs/ https://future4200.com/sidekiq/ https://future4200.com/mini-profiler-resources/ https://future4200.com/assets/ https://future4200.com/brotli_asset/ https://future4200.com/extra-locales/ https://future4200.com/highlight-js/ https://future4200.com/javascripts/ https://future4200.com/plugins/ https://future4200.com/theme-javascripts/ https://future4200.com/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://future4200.com/assets/ https://future4200.com/brotli_asset/ https://future4200.com/javascripts/ https://future4200.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/; script-src 'self' https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src *; 1
frame-ancestors 'self' https://www.mobile-industrial-robots.com/; 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-Yt38E-L-TYmZYo7ZfyXvyg' 'unsafe-inline' blob: https:; 1
default-src 'self' https://www.streamsoft.pl; report-uri /csp_parser.php;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://kit.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net https://www.streamsoft.pl/ https://player.vimeo.com data: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com/; script-src-elem 'unsafe-inline' https://www.googletagmanager.com https://www.informatykawprodukcji.pl https://kit.fontawesome.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://maps.googleapis.com/ https://fast.wistia.com/ https://www.google.com/pagead/1p-conversion/994606131/ https://beacon-v2.helpscout.net/ https://www.streamsoft.pl/ https://platform.twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com https://player.vimeo.com/ https://www.googletagmanager.com https://www.gstatic.com https://www.streamsoft.pl https://www.googletagmanager.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com https://kit.fontawesome.com/ data: ; font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://www.googletagmanager.com https://www.streamsoft.pl https://fast.wistia.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com data:; frame-src https://w.soundcloud.com https://www.facebook.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com/ https://www.facebook.com/ https://td.doubleclick.net https://wp-rocket.me https://www.informatykawprodukcji.pl https://cdnjs.cloudflare.com https://www.youtube.com https://platform.twitter.com https://tpc.googlesyndication.com https://www.streamsoft.pl; img-src 'self' data: https://www.paypal.com/ https://www.paypal.com https://www.google.ie/ https://www.google.com.lb/ https://www.google.es/ https://www.google.ie/ https://www.google.com.ph/ https://www.google.cz https://googleads.g.doubleclick.net/ https://www.google.com/pagead/ https://www.streamsoft.pl https://www.facebook.com https://www.facebook.com/ https://www.google.pl/ads/ https://i.vimeocdn.com/ https://secure.gravatar.com/avatar/ https://ps.w.org https://embed-ssl.wistia.com https://www.facebook.com https://fast.wistia.com https://s.w.org/ https://maps.googleapis.com https://s3-us-west-2.amazonaws.com https://syndication.twitter.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://i.ytimg.com https://www.google.hr https://www.google.be https://www.google.de https://googleads.g.doubleclick.net https://www.google.co.uk https://www.google.com.br https://www.google.nl https://www.google.fr https://portalwiedzy.streamsoft.pl https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ https://www.google.com.ua/ https://www.google.de/ https://www.google.hu/; connect-src https://www.google.com.lb/ https://www.google.co.uk/ https://www.google-analytics.com/ https://beaconapi.helpscout.net https://region1.google-analytics.com/ https://www.google.de https://ka-p.fontawesome.com https://kit.fontawesome.com https://region1.analytics.google.com https://www.informatykawprodukcji.pl https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://td.doubleclick.net https://www.google.pl/ads/ https://yoast.com/ https://fast.wistia.com https://d3hb14vkzrxvla.cloudfront.net https://pipedream.wistia.com https://distillery.wistia.com https://maps.googleapis.com https://www.streamsoft.pl https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead https://adservice.google.com/ https://www.google.hr https://analytics.google.com https://www.googletagmanager.com https://www.google.com.br https://pagead2.googlesyndication.com https://region1.google-analytics.com https://beacon-v2.helpscout.net https://analytics.google.com; style-src-elem 'unsafe-inline' https://www.streamsoft.pl https://www.informatykawprodukcji.pl https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com; worker-src https://www.informatykawprodukcji.pl https://www.streamsoft.pl blob:; media-src https://www.googletagmanager.com/ blob: data:; object-src https://www.googletagmanager.com/; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data:; style-src * 'unsafe-inline'; font-src * data:; frame-ancestors 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-6uSkPU4HSDaOoOmGOBPuEQ=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors 'self' https://cms.festwochen.at 1
frame-ancestors 'self' https://*.lexus-polska.pl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://*.tiktokcdn-us.com https://*.recruiterbox.com 'unsafe-inline'; connect-src 'self' https://*.callrail.com https://hubspot-forms-static-embed.s3.amazonaws.com https://settings.luckyorange.net https://*.hsforms.com https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://api.hubapi.com https://*.googlesyndication.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net data:; img-src 'self' https://*.hsforms.com https://*.hubspot.com https://*.facebook.com https://*.bing.com https://*.linkedin.com https://*.ads.linkedin.com https://www.googletagmanager.com https://www.google.com https://*.mytech.com https://*.wpengine.com https://secure.gravatar.com https://*.recruiterbox.com data:; frame-src 'self' https://maps.google.com https://forms.hsforms.com https://www.google.com https://td.doubleclick.net https://www.youtube.com https://leap13.github.io https://app.hubspot.com https://*.hubspot.com https://www.youtube-nocookie.com https://*.recruiterbox.com; 1
1 1
default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' *.cdn.ampproject.org; 1
default-src: 'self' 'unsafe-inline' 'unsafe-eval' https://*.inductiveautomation.com https://*.inductiveuniversity.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.wistia.com http://*.embedwistia-a.akamaihd.net https://*.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.facebook.net https://*.linkedin.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net  https://*.vimeocdn.com https://*.vimeo.com https://*.getsitecontrol.com data: 'report-sample'; block-all-mixed-content; 1
script-src 'report-sample' 'nonce-5szXsCETV4_Jyj3ab4a1aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://www.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.gstatic.com https://www.awin1.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.googleadservices.com https://www.facebook.com https://*.pinterest.com https://trck.linkster.co https://*.billiger.de https://*.cloudfront.net https://brxcdn.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://www.sovendus-benefits.com https://www.sovendus-connect.com https://ct.pinterest.com https://*.bambuser.com https://tbs.tradedoubler.com https://ams.creativecdn.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.bambuser.com https://*.abtasty.com https://connect.getflowbox.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://www.paypalobjects.com https://x.klarnacdn.net https://sentry.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://www.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://www.google.com https://googleads.g.doubleclick.net https://services.vhwmcs.net https://qa-services.vhwmcs.net https://*.sovendus.com https://ct.pinterest.com https://*.bambuser.com https://*.abtasty.com https://*.getflowbox.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de https://cdn.flbx.io; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com *.opstechnology.com *.googleapis.com *.google.com *.alive5.com alive5.com *.doubleclick.net; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://market.realpage.com https://*.realpage.com https://*.opstechnology.com https://www.yardimarketplace.com; report-uri /error/csp-violation 1
script-src 'nonce-G+tNyJIWYC9WdlfdnPHdeLSUkXg=' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self'; script-src 'self' https://www.schwab.com https://tags.tiqcdn.com https://dpm.demdex.net https://smetric.schwab.com https://snap.licdn.com https://www.byallaccounts.net https://cdn.walkme.com https://playerserver.walkme.com  https://ec.walkme.com https://rapi.walkme.com https://papi.walkme.com 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.walkme.com;connect-src 'self' https://www.schwab.com https://tags.tiqcdn.com https://dpm.demdex.net https://smetric.schwab.com https://snap.licdn.com https://www.byallaccounts.net https://ec.walkme.com https://cdn.walkme.com https://papi.walkme.com;img-src 'self' https://d3sbxpiag177w8.cloudfront.net https://s3.walkmeusercontent.com https://d2qhvajt3imc89.cloudfront.net https://px.ads.linkedin.com https://cm.everesttech.net;frame-src 'self' https://www.byallaccounts.net https://cdn.walkme.com https://schwab.demdex.net 1
default-src 'self'; base-uri 'self'; object-src 'none'; connect-src 'self'  data.pendo.io pendo-static-4855106659811328.storage.googleapis.com; frame-ancestors app.pendo.io; frame-src 'self' ; child-src ; sandbox allow-forms allow-same-origin allow-scripts allow-popups; style-src 'self'  'sha256-3ITP0qhJJYBulKb1omgiT3qOK6k0iB3rMDhGfpM8b7c=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' app.pendo.io cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com; script-src 'self'   app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; img-src 'self' cdn.pendo.io app.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; 1
default-src 'unsafe-inline'; script-src 'self' https://baseendpoint.eltern.de https://baseendpoint.11freunde.de https://baseendpoint.art-magazin.de https://baseendpoint.barbara.de https://baseendpoint.b-eat-mag.de https://baseendpoint.beef.de https://baseendpoint.brigitte.de https://baseendpoint.business-punk.de https://baseendpoint.capital.de https://baseendpoint.chefkoch.de https://baseendpoint.couch-mag.de https://baseendpoint.dpv.de https://baseendpoint.eltern.de https://baseendpoint.eltern-family.de https://baseendpoint.gala.de https://baseendpoint.geo.de https://baseendpoint.guido-magazin.de https://baseendpoint.haeuser.de https://baseendpoint.ideat-magazin.de https://baseendpoint.nido.de https://baseendpoint.pm-magazin.de https://baseendpoint.salon-mag.de https://baseendpoint.schoener-wohnen.de https://baseendpoint.stern.de https://baseendpoint.view-magazin.de https://baseendpoint.walden-magazin.de https://baseendpoint.grunerundjahr.de https://baseendpoint.verschenk-ein-abo.de https://aktion.guj-direct.de/ https://www.guj.de/ https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/ https://players.brightcove.net https://gewinnspiele.geo.de https://mafo.adalliance.io/ https://gum.criteo.com/ https://td.doubleclick.net/ https://ad.yieldlab.net/ https://static.criteo.net/ https://c.amazon-adsystem.com/ https://securepubads.g.doubleclick.net/ https://static.emsservice.de/ https://baseendpoint.guj-direct.de https://baseendpoint.guj.de https://adctrl.emsmobile.de https://www1.mpnrs.com https://ad.yieldlab.net https://data-2d86fd41e0.stern-crime.de https://cdn.adnxs-simple.com https://fra1-ib.adnxs-simple.com https://acdn.adnxs-simple.com https://cdn.privacy-mgmt.com https://www.art-magazin.de https://weblications.guj.de https://cdnjs.cloudflare.com/ https://www.bic-media.com/ https://cdn.jsdelivr.net/ https://aktion.dpv.de https://aktion.grunerundjahr.de https://ad.cdngeo401.com https://500008385.collect.igodigital.com/collect.js https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.google-analytics.com/ https://ajax.googleapis.com/ https://connect.facebook.net/ https://analytics.tiktok.com/ https://script.hotjar.com https://static.hotjar.com https://cdn-images.dpv.de https://cdn.evgnet.com https://bilder-a.akamaihd.net/ 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; frame-ancestors 'none'; frame-src *.fls.doubleclick.net https://ups.xplosion.de/ https://gewinnspiele.geo.de https://td.doubleclick.net/ https://mafo.adalliance.io/ https://gum.criteo.com/ https://ad.yieldlab.net/ https://addefend-platform.com https://static.criteo.net/ https://c.amazon-adsystem.com/ https://script.ioam.de/  https://ups.xplosion.de/ https://players.brightcove.net https://securepubads.g.doubleclick.net/ https://static.emsservice.de/ https://weblications.guj.de https://optimize.google.com https://vars.hotjar.com https://ups.xplosion.de/ https://cdn-images.dpv.de https://www.bic-media.com/ https://aktion.guj-direct.de/ https://baseendpoint.eltern.de https://baseendpoint.11freunde.de https://baseendpoint.art-magazin.de https://baseendpoint.barbara.de https://baseendpoint.b-eat-mag.de https://baseendpoint.beef.de https://baseendpoint.brigitte.de https://baseendpoint.business-punk.de https://baseendpoint.capital.de https://baseendpoint.chefkoch.de https://baseendpoint.couch-mag.de https://baseendpoint.dpv.de https://baseendpoint.eltern.de https://baseendpoint.eltern-family.de https://baseendpoint.gala.de https://baseendpoint.geo.de https://baseendpoint.guido-magazin.de https://baseendpoint.haeuser.de https://baseendpoint.ideat-magazin.de https://baseendpoint.nido.de https://baseendpoint.pm-magazin.de https://baseendpoint.salon-mag.de https://baseendpoint.schoener-wohnen.de https://baseendpoint.stern.de https://baseendpoint.view-magazin.de https://baseendpoint.walden-magazin.de https://baseendpoint.grunerundjahr.de https://baseendpoint.verschenk-ein-abo.de  1
frame-ancestors 'self' https://pages.et4.de; 1
base-uri 'self'; connect-src 'self' https://iridiumbrowser.de; default-src 'none'; font-src 'self'; img-src 'self' data: https://iridiumbrowser.de; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; 1
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://i.ytimg.com https://*.ggpht.com; media-src 'self' data: about:;  script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' *.webstart-page.com; script-src 'self' 'report-sample' *.webstart-page.com 'sha256-GGBo8gBY885xYvY7bjeWuInjeYICMEc0lMmxkN3Uh2M=' 'sha256-w8Zb8pbFFyfmRVOZrgiCCcIhHaEBKhjW8uNc9iWFIIM=' https://static.cloudflareinsights.com https://api.bing.com https://www.google.com; img-src 'self' data:; style-src 'self' 'report-sample' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.webstart-page.com 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.youtube.com https://fonts.gstatic.com https://cdn.matomo.cloud https://opcoatlas.matomo.cloud https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://i.ytimg.com https://events.wisembly.com https://e.infogram.com https://infogram.com https://www.google.com https://matcha.apprentissage.beta.gouv.fr https://qualifio.letudiant.fr https://app.livestorm.co https://console.vodalys.studio https://salesforce-eu.123formbuilder.com https://labonnealternance.apprentissage.beta.gouv.fr https://one.wisembly.com https://vimeo.com https://175c5faa.sibforms.com data: 'unsafe-eval' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' *.sc-pa.com; object-src 'self'; 1
img-src 'self' maps.googleapis.com maps.gstatic.com data:; script-src 'unsafe-eval' 'sha256-VUF8uwjnO8Kpo3kvs6UA6UEAThNOLjcsORs1kvqaT+U=' 'self' maps.googleapis.com www.google.com www.gstatic.com; frame-src 'self' www.google.com www.gstatic.com; 1
frame-ancestors 'self' http://www.philips.com.ar *.philips.com *.philips.com.ar https://philipsigtdpv.com 1
default-src 'self' 'unsafe-inline' *.cdslasp.com cdslasp.com cdn.amplitude.com data: api.amplitude.com; 1
img-src https: data: blob: 1
block-all-mixed-content; upgrade-insecure-requests; child-src app.hubspot.com bid.g.doubleclick.net s.tradingview.com widget.trustpilot.com www.google.com www.googletagmanager.com www.youtube.com; connect-src 'self' adservice.google.com api.axept.io api.hubapi.com api.hubspot.com *.contentsquare.net cdn.cookielaw.org client.axept.io cta-service-cms2.hubspot.com forms.hubspot.com forms.hsforms.com googleads.g.doubleclick.net graph.facebook.com hubspot-forms-static-embed.s3.amazonaws.com js.checkout.com k-eu1.az.contentsquare.net pagead2.googlesyndication.com privacyportal-de.onetrust.com region1.google-analytics.com region1.analytics.google.com s.yimg.com settings.luckyorange.net stats.g.doubleclick.net support.jegtheme.com www.facebook.com www.google-analytics.com www.google.com cdn.jsdelivr.net auth.photo.gallery; default-src 'self' 'unsafe-eval' 'unsafe-inline' adservice.google.com api.hubapi.com api.hubspot.com app.hubspot.com bat.bing.com brigstoneapp.com cdn.cookielaw.org champy.xtz.ch chrome-extension connect.facebook.net data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com googleads.g.doubleclick.net hublosk.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net js.hubspotfeedback.com js.usemessages.com jullyambery.net pagead2.googlesyndication.com privacyportal-de.onetrust.com s.tradingview.com s.yimg.com s3.tradingview.com settings.luckyorange.net sp.analytics.yahoo.com ssl.google-analytics.com ssl.luckyorange.com static.aucoffre.com stats.g.doubleclick.net track.hubspot.com widget.trustpilot.com www.facebook.com www.google-analytics.com www.google.com www.google.fr www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com www.youtube.com; font-src 'self' data: fonts.gstatic.com github.com static3.avast.com; frame-src 'self' accounts.google.com app.hubspot.com app.livestorm.co bid.g.doubleclick.net content-people.googleapis.com csxd.aucoffre.com csxd.contentsquare.net csxd.loretlargent.info csxd.veravalor.com docs.google.com embed.acast.com forms.hsforms.com js.checkout.com s.tradingview.com td.doubleclick.net widget.trustpilot.com www.facebook.com www.google.com www.youtube.com; img-src 'self' axeptio.imgix.net bat.bing.com *.contentsquare.net cdn.cookielaw.org data: blob: favicons.axept.io forms.hsforms.com forms-na1.hsforms.com *.gstatic.com googleads.g.doubleclick.net i.ytimg.com pagead2.googlesyndication.com perf-na1.hsforms.com secure.gravatar.com sp.analytics.yahoo.com static.aucoffre.com stats.g.doubleclick.net track.hubspot.com translate.google.com www.aucoffre.com www.facebook.com www.google-analytics.com www.google.be www.google.ca www.google.ch www.google.ci www.google.co.ma www.google.co.uk www.google.com www.google.com.pe www.google.cz www.google.es www.google.fr www.google.hu www.google.nl www.google.no www.google.pt www.googleadservices.com www.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' static.aucoffre.com; object-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' blob: apis.google.com app.contentsquare.com appleid.cdn-apple.com bat.bing.com cdn.checkout.com cdn.cookielaw.org code.jquery.com connect.facebook.net data1.acomyl.com data: data1.jenemar.com data1.krouche.com fevoki.wejekihota.com fidoapi.com forms.hsforms.com geolocation.onetrust.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.hubspotfeedback.com js.usemessages.com s.yimg.com s3.tradingview.com ssl.google-analytics.com ssl.luckyorange.com static.axept.io stats.g.doubleclick.net t.contentsquare.net widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' apis.google.com app.contentsquare.com appleid.cdn-apple.com bat.bing.com cdn.checkout.com cdn.cookielaw.org connect.facebook.net data: forms.hsforms.com geolocation.onetrust.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net js.hubspotfeedback.com js.usemessages.com s.yimg.com s3.tradingview.com ssl.google-analytics.com ssl.luckyorange.com stats.g.doubleclick.net t.contentsquare.net widget.trustpilot.com www.aucoffre.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com; worker-src 'self' blob: 1
default-src 'self'; connect-src 'self' *.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net accounts.google.com *.nakanohito.jp *.typesquare.com;style-src 'self' 'unsafe-inline' platform.twitter.com typesquare.com *.twimg.com *.ttwstatic.com;script-src 'self' 'unsafe-inline' cdn.ampproject.org www.googletagmanager.com www.google-analytics.com platform.twitter.com syndication.twitter.com *.syndication.twimg.com connect.facebook.net apis.google.com accounts.google.com b.st-hatena.com cdn-ak.b.st-hatena.com social-plugins.line.me d.line-scdn.net uh.nakanohito.jp webfont.fontplus.jp *.amazonaws.com *.instagram.com typesquare.com www.tiktok.com *.ttwstatic.com jpostal-1006.appspot.com;img-src 'self' data: cdn.cdp-japan.jp www.google.com www.google.co.jp www.google-analytics.com b.st-hatena.com https://cdn-ak.b.st-hatena.com www.facebook.com i.ytimg.com *.twitter.com csi.gstatic.com *.twimg.com *.youtube.com;media-src 'self' cdn.cdp-japan.jp;font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com *.amazonaws.com webfont.fontplus.jp *.typesquare.com;child-src 'self' *.youtube.com *.google.com *.facebook.com *.twitter.com https://b.hatena.ne.jp cdn.api.b.hatena.ne.jp social-plugins.line.me *.st-hatena.com webfont.fontplus.jp *.instagram.com www.tiktok.com *.ttwstatic.com;object-src 'self';frame-ancestors 'none';form-action 'self' syndication.twitter.com platform.twitter.com accounts.google.com webfont.fontplus.jp;report-uri /csp/report 1
default-src 'self' * ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src data: *; object-src 'self' 1
default-src 'none'; connect-src 'self' https:; font-src 'self'; frame-ancestors https:; img-src 'self'; manifest-src 'self'; script-src 'self' 'nonce-script/AmND+pFii3NJd2k1SA5HOcLX' 'nonce-script/frkVWk96/F6U1oDOimYIGByb' 'nonce-script/msqJ1qMP1qEmkn/MruE5LExw' 'nonce-script/CEG6oEj3+yPCsGjiLEBsrX07' 'nonce-script/R39ndqKKNTBND3t4h6Ow9+6n' 'nonce-script/EUtRjIf0TKwdfXcnU1YdbgLB' 'nonce-script/mcExAPpBQGapQpG2KebmZ943' cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'nonce-style/lj6g/pZKrfssBT95PzmGv7pg' 'nonce-stylesheet/ECnr2iPnb14d4T4871CUMGOO' 'nonce-stylesheet/BZnmS5shKF9iAN+7vxtEjveo' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' cdnjs.cloudflare.com; media-src 'self'; report-uri https://eric.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src 'self';child-src https://filevine-app-images.s3.amazonaws.com https://filevine-app-docs.s3.amazonaws.com https://app.vinesign.com https://prod-us-report-export.s3.us-west-2.amazonaws.com *.amazonaws.com https://app.pendo.io https://feedback.us.pendo.io docs.google.com https://feedback.filevine.com *.newrelic.com *.filev.io *.flvn.io filev.io flvn.io 'self';connect-src *.filevinedev.com *.filevineapp.com *.filevine.ca *.filevine.com *.filevinegov.com *.fvauth.com https://app.vinesign.com https://filevine-app-docs.s3.amazonaws.com https://prod-us-report-export.s3.us-west-2.amazonaws.com *.amazonaws.com *.nr-data.net *.pendo.io *.pdftron.com *.newrelic.com https://app.pendo.io https://data.pendo.io https://pendo-static-5683967597215744.storage.googleapis.com https://pendo-io-static.storage.googleapis.com http://localhost:8080 *.filev.io *.flvn.io filev.io flvn.io 'self' blob: wss:;font-src *.bootstrapcdn.com fonts.gstatic.com *.typekit.net 'self' data:;frame-src *;frame-ancestors https://*.filevine.com https://app.pendo.io 'self';img-src *.typekit.net https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-static-5683967597215744.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://filevine-app-images.s3.amazonaws.com https://filevine-app-images.s3.us-west-2.amazonaws.com https://filevine-app-docs.s3.amazonaws.com https://filevine-app-docs.s3.us-east-1.amazonaws.com *.filev.io *.flvn.io filev.io flvn.io *.kaywa.com www.googletagmanager.com 'self' data: blob: cid:;manifest-src 'self';media-src https://filevine-app-images.s3.amazonaws.com https://filevine-app-images.s3.us-west-2.amazonaws.com https://filevine-app-docs.s3.amazonaws.com https://filevine-app-docs.s3.us-east-1.amazonaws.com https://prod-us-report-export.s3.us-west-2.amazonaws.com https://app-discussions.filevine.com *.filev.io *.flvn.io filev.io flvn.io 'self';object-src https://filevine-app-images.s3.amazonaws.com https://filevine-app-images.s3.us-west-2.amazonaws.com https://filevine-app-docs.s3.amazonaws.com https://filevine-app-docs.s3.us-east-1.amazonaws.com https://prod-us-report-export.s3.us-west-2.amazonaws.com *.filev.io *.flvn.io filev.io flvn.io 'self';script-src *.bootstrapcdn.com *.typekit.net *.newrelic.com *.nr-data.net https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-static-5683967597215744.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://duuxdetkhlwyv.cloudfront.net https://code.jquery.com http://localhost:8080 https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 'self' blob:;style-src *.bootstrapcdn.com fonts.googleapis.com *.typekit.net https://app.pendo.io https://pendo-static-5683967597215744.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://duuxdetkhlwyv.cloudfront.net https://cdn.pendo.io https://data.pendo.io 'unsafe-inline' 'self' 1
frame-ancestors 'self' *.plentymarkets-cloud-de.com https://www.youtube-nocookie.com 1
frame-ancestors learnworlds.com 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data:; object-src 'none'; 1
frame-ancestors https://dwpx1.glds.com https://www.glds.com https://glds.com https://mybroadbandaccount.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-ancestors 'self' forums.flyfisherman.com; 1
base-uri 'self';form-action 'self' *.opayo.eu.elavon.com *.scrapcarformoney.co.uk;media-src 'self';object-src 'none';connect-src 'self' www.raw2k.co.uk wss://www.raw2k.co.uk www.google-analytics.com *.google-analytics.com *.analytics.google.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net api.craftyclicks.co.uk *.hotjar.com *.addthis.com;img-src 'self' images.unsplash.com data: maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com cc-cdn.com *.carweb.com d9xkyfpjfebx7.cloudfront.net https://cdn.raw2k.co.uk;script-src-elem 'self' www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com maps.googleapis.com www.google.com cdn.mouseflow.com *.hotjar.com *.addthis.com *.addthisedge.com cc-cdn.com 'nonce-X61FFRxUq6O0X6Hf17QQHWpn51Q6SRxU';style-src 'self' 'unsafe-inline' fonts.googleapis.com cc-cdn.com;font-src 'self' fonts.gstatic.com data: 1
frame-ancestors 'self' https://*.kassiesa.net; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st yastatic.net *.yastatic.net *.yandex.net *.yandex.ru yandex.ru yandex.kz *.yandex.kz yandex.st yandexadexchange.net *.yandexadexchange.net www.google-analytics.com *.google.com vk.com *.vk.com *.adfox.ru yastat.net matchid.adfox.yandex.ru *.strm.yandex.ru promo-money.ru yoomoney.ru *.admetrica.ru; img-src 'self' data: oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st *.yandex.ru yandex.ru yandex.kz *.yandex.kz *.yandex.net yastatic.net *.yastatic.net www.google-analytics.com *.google.com www.googleapis.com *.gstatic.com *.doubleclick.net vk.com *.vk.com *.adfox.ru yastat.net promo-money.ru yoomoney.ru *.admetrica.ru; font-src 'self' data: oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st an.yandex.ru yastatic.net yastat.net; report-uri http://oltest.ru/csp_log.php?from=http://oltest.ru; 1
frame-ancestors 'self' https://my.mpskin.com app.storyblok.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.mx; img-src 'self' https: data: blob: https://mstdn.mx; style-src 'self' https://mstdn.mx 'nonce-WrwsJD3x72rPaJxox7bF4w=='; media-src 'self' https: data: https://mstdn.mx; frame-src 'self' https:; manifest-src 'self' https://mstdn.mx; form-action 'self'; connect-src 'self' data: blob: https://mstdn.mx https://mstdn.mx wss://mstdn.mx; script-src 'self' https://mstdn.mx 'wasm-unsafe-eval'; child-src 'self' blob: https://mstdn.mx; worker-src 'self' blob: https://mstdn.mx 1
script-src 'self'  'unsafe-inline' *.omtrdc.net assets.adobedtm.com *.demdex.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ *.demdex.net;connect-src 'self' ws: *.demdex.net *.omtrdc.net;child-src 'self' *.demdex.net www.google.com;worker-src 'self' blob:;img-src 'self' data: *.omtrdc.net https://op-developer-cms.op-content.fi https://opcms.op-content.fi;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://rw1.marchex.io https://scripts.mymarketingreports.com https://nexus.ensighten.com https://googleads.g.doubleclick.net https://cse.google.com https://www.google.com https://25livepub.collegenet.com https://bbox.blackbaudhosting.com https://sky.blackbaudcdn.net https://www.gstatic.com https://www.youtube.com https://www.clarity.ms https://trkn.us/pixel/conv; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com https://bbox.blackbaudhosting.com; frame-ancestors 'self'; report-uri https://spscc.edu/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.youtube.com *.desmos.com; img-src * blob: data:; media-src * blob: data:; font-src 'self' data:; base-uri 'self'; object-src 'self'; 1
base-uri 'none'; default-src 'self' *.youtube.com *.google.com *.googleapis.com *.fontawesome.com *.doubleclick.net *.moneris.com; script-src 'self' *.googletagmanager.com *.google.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.fontawesome.com *.google-analytics.com *.craftcms.com *.joomla.org js.stripe.com 'nonce-871b3aec039fbe98237559ff2c600026b603920fb1e8' 'nonce-ffe32926cb98601a994d00539881617cd99adb73ab6f'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.gstatic.com 'nonce-4e541e83ef064a7cee5cebf20b1deaf320827c2bede8'; img-src 'self' data: *.cablevision.ca *.cablevision.qc.ca *.google-analytics.com *.googleapis.com *.craft-cdn.com *.joomla.org; connect-src 'self' *.craftcms.com *.google-analytics.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com; object-src 'none'; frame-src 'self' *.cablevision.qc.ca *.cablevision.ca *.moneris.com *.google.com js.stripe.com; frame-ancestors 'self' *.cablevision.qc.ca *.cablevision.ca; 1
base-uri 'none'; connect-src 'self' https:; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https: 1
default-src 'self' 				 yastatic.net				  *.yastatic.net				  admetrica.ru				  *.admetrica.ru				  yandex.ru				  *.yandex.ru				  yandex.net				  *.yandex.net			 ;			 frame-src 'self' 			 	 data:			 	 blob:			 	 	*.google.com			 	 	 https://yandex.ru				 	 *.zarbo.tech				 	 zarbo.tech				 	 ergostol.ru				 	 *.arguv.com				 	 arguv.com				 	 vkontakte.ru				 	 vk.com				 	 licdn.com				 	 *.licdn.com				 	 *.tinkoff.ru				 	 tinkoff.ru				 	 *.ergostol.ru				 	 *.ergostol.com				 	 *.yandex.ru				 	 *.yandex.net				 	 *.youtube.com				 	 *.facebook.com				 	 https://connect.facebook.net				 	 *.doubleclick.net				 	 *.arguv.com				 	 arguv.com				 	 rutube.ru				 	 roistat.com				 	 *.roistat.com				 	 webvisor.com				 	 *.webvisor.com			 	 	 https://mc.yandex.ru			 	 	 https://mc.yandex.az			 	 	 https://mc.yandex.by			 	 	 https://mc.yandex.co.il			 	 	 https://mc.yandex.com			 	 	 https://mc.yandex.com.am			 	 	 https://mc.yandex.com.ge			 	 	 https://mc.yandex.com.tr			 	 	 https://mc.yandex.ee			 	 	 https://mc.yandex.fr			 	 	 https://mc.yandex.kg			 	 	 https://mc.yandex.kz			 	 	 https://mc.yandex.lt			 	 	 https://mc.yandex.lv			 	 	 https://mc.yandex.md			 	 	 https://mc.yandex.tj			 	 	 https://mc.yandex.tm			 	 	 https://mc.yandex.ua			 	 	 https://mc.yandex.uz			 	 	 https://mc.webvisor.com			 	 	 https://mc.webvisor.org			 	 	 https://yastatic.net			 	 	 clicker.one			 	 	 *.clicker.one			 ;			 frame-ancestors 'self'			 	yandex.ru			 	*.yandex.ru			 	*.ergostol.ru			 	https://*.ergostol.com			 	*.youtube.com			 	*.facebook.com			 	https://connect.facebook.net			 	*.doubleclick.net			 	*.arguv.com arguv.com			 	rutube.ru			 	vk.com			 	zarbo.tech			 	*.zarbo.tech			 	vkontakte.ru			 	roistat.com			 	*.roistat.com			 	webvisor.com			 	*.webvisor.com			 	clicker.one			 	*.clicker.one			 ;			 script-src 'self' 'unsafe-inline' 'unsafe-eval'			 	*.gstatic.com			 	*.bitrix24.com			 	*.pluso.ru			 	*.yandex.ru			 	*.yandex.net			 	front.facetz.net			 	kitbit.net			 	*.jsdelivr.net			 	*.criteo.net			 	criteo.net			 	*.criteo.com			 	criteo.com			 	*.doubleclick.net			 	*.arguv.com			 	arguv.com			 	https://*.roistat.com			 	https://*.mail.ru			 	https://*.ergostol.ru			 	https://*.ergostol.com			 	https://bitrix.info			 	https://connect.facebook.net			 	licdn.com			 	*.licdn.com			 	*.mts.ru mts.ru			 	*.tinkoff.ru			 	*.google.com			 	tinkoff.ru			 	vk.com			 	*.vk.com			 	zarbo.tech			 	*.zarbo.tech			 	vkontakte.ru			 	*.vkontakte.ru			 	googleadservices.com			 	*.googleadservices.com			 	https://www.google-analytics.com/			 	https://www.googletagmanager.com			 	https://mc.yandex.ru			 	https://mc.yandex.az			 	https://mc.yandex.by			 	https://mc.yandex.co.il			 	https://mc.yandex.com			 	https://mc.yandex.com.am			 	https://mc.yandex.com.ge			 	https://mc.yandex.com.tr			 	https://mc.yandex.ee			 	https://mc.yandex.fr			 	https://mc.yandex.kg			 	https://mc.yandex.kz			 	https://mc.yandex.lt			 	https://mc.yandex.lv			 	https://mc.yandex.md			 	https://mc.yandex.tj			 	https://mc.yandex.tm			 	https://mc.yandex.ua			 	https://mc.yandex.uz			 	https://mc.webvisor.com			 	https://mc.webvisor.org			 	https://yastatic.net			 	webvisor.com			 	*.webvisor.com			 	youtube.com			 	*.youtube.com			 	clicker.one			 	*.clicker.one			 	*.b242ya.ru			 	*.chatapp.online			 	*.novofon.com			 	*.zadarma.com			 ;			 img-src 'self'			 	data:			 	blob:			 		'unsafe-inline'			 		yastatic.net					*.yastatic.net					admetrica.ru					*.admetrica.ru					yandex.ru					*.yandex.ru					yandex.net					*.yandex.net					avatars.mds.yandex.net			 		youtube.com			 		*.youtube.com			 		*.yahoo.com			 		*.adscale.de			 		*.pubmatic.com			 		*.openx.net			 		*.3lift.com			 		*.yandex.ru			 		*.yandex.net			 		*.pluso.ru			 		*.yadro.ru			 		http://softeffect.ru			 		*.softeffect.ru			 		*.ytimg.com			 		google.com			 		*.google.com			 		google.ru			 		*.google.ru			 		*.adnxs.com			 		*.taboola.com			 		*.bidswitch.net			 		*.doubleclick.net			 		*.arguv.com arguv.com			 		facebook.com			 		*.facebook.com			 		https://stats.g.doubleclick.net			 		https://*.mail.ru			 		https://*.ergostol.ru			 		https://*.ergostol.com			 		https://bitrix.info			 		https://connect.facebook.net			 		https://vk.com			 		https://www.google-analytics.com/			 		https://www.googletagmanager.com			 		https://mc.yandex.ru			 		https://mc.yandex.az			 		https://mc.yandex.by			 		https://mc.yandex.co.il			 		https://mc.yandex.com			 		https://mc.yandex.com.am			 		https://mc.yandex.com.ge			 		https://mc.yandex.com.tr			 		https://mc.yandex.ee			 		https://mc.yandex.fr			 		https://mc.yandex.kg			 		https://mc.yandex.kz			 		https://mc.yandex.lt			 		https://mc.yandex.lv			 		https://mc.yandex.md			 		https://mc.yandex.tj			 		https://mc.yandex.tm			 		https://mc.yandex.ua			 		https://mc.yandex.uz			 		https://passport.yandex.ru			 		https://mc.webvisor.com			 		https://mc.webvisor.org			 		https://yastatic.net			 		*.chatapp.online			 ;			 connect-src 'self'			 	*.doubleclick.net			 	*.arguv.com			 	*.yandex.ru			 	arguv.com			 	*.google-analytics.com			 	wss://corp.ergostol.ru			 	wss://corp.ergostol.com			 	licdn.com			 	*.licdn.com			 	*.mts.ru			 	mts.ru			 	*.tinkoff.ru			 	tinkoff.ru			 	*.dadata.ru			 	vk.com			 	*.zarbo.tech			 	zarbo.tech			 	*.ergostol.ru			 	*.ergostol.com			 	*.plyr.io			 	bitrix.info			 	*.facebook.ru			 	facebook.ru			 	https://mc.yandex.ru			 	https://mc.yandex.az			 	https://mc.yandex.by			 	https://mc.yandex.co.il			 	https://mc.yandex.com			 	https://mc.yandex.com.am			 	https://mc.yandex.com.ge			 	https://mc.yandex.com.tr			 	https://mc.yandex.ee			 	https://mc.yandex.fr			 	https://mc.yandex.kg			 	https://mc.yandex.kz			 	https://mc.yandex.lt			 	https://mc.yandex.lv			 	https://mc.yandex.md			 	https://mc.yandex.tj			 	https://mc.yandex.tm			 	https://mc.yandex.ua			 	https://mc.yandex.uz			 	https://mc.webvisor.com			 	https://mc.webvisor.org			 	https://yastatic.net			 	clicker.one			 	*.clicker.one			 	*.b242ya.ru			 	*.novofon.com			 	*.zadarma.com			 	*.google.com			 ;			 child-src 'self'			 	blob:			 		*.webvisor.com			 		webvisor.com			 		*.ergostol.ru			 		*.ergostol.com			 		licdn.com			 		*.licdn.com			 		*.mts.ru			 		mts.ru			 		*.tinkoff.ru			 		tinkoff.ru			 		vk.com			 		zarbo.tech			 		*.zarbo.tech			 		https://mc.yandex.ru			 		https://mc.yandex.az			 		https://mc.yandex.by			 		https://mc.yandex.co.il			 		https://mc.yandex.com			 		https://mc.yandex.com.am			 		https://mc.yandex.com.ge			 		https://mc.yandex.com.tr			 		https://mc.yandex.ee			 		https://mc.yandex.fr			 		https://mc.yandex.kg			 		https://mc.yandex.kz			 		https://mc.yandex.lt			 		https://mc.yandex.lv			 		https://mc.yandex.md			 		https://mc.yandex.tj			 		https://mc.yandex.tm			 		https://mc.yandex.ua			 		https://mc.yandex.uz			 		https://mc.webvisor.com			 		https://mc.webvisor.org			 		https://yastatic.net			 ;			 style-src 'self' 'unsafe-inline'			 	*.ergostol.ru			 	*.ergostol.com			 	*.roistat.com			 	*.googleapis.com			 	*.clicker.one			 ;			 object-src 'self'			 	data:			 		'unsafe-eval'			 		*.ergostol.ru			 		*.ergostol.com			 ;			 1
default-src 'self' cdn.cookielaw.org; script-src 'self' 'nonce-7584fbc5fa40d3f56d27718052d95b6e' https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'nonce-7584fbc5fa40d3f56d27718052d95b6e' https://fonts.googleapis.com; img-src 'self' https://*.novonor.com https://www.google-analytics.com  https://i.ytimg.com data: cdn.cookielaw.org https://optanon.blob.core.windows.net; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com https://www.youtube.com; connect-src 'self' https://www.youtube.com https://*.novonor.com https://www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-br.onetrust.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://press.coop; img-src 'self' https: data: blob: https://press.coop; style-src 'self' https://press.coop 'nonce-V7mg5OwbS10/AM8Zk608hQ=='; media-src 'self' https: data: https://press.coop; frame-src 'self' https:; manifest-src 'self' https://press.coop; connect-src 'self' data: blob: https://press.coop https://s3.us-west-2.amazonaws.com wss://press.coop; script-src 'self' https://press.coop 'wasm-unsafe-eval'; child-src 'self' blob: https://press.coop; worker-src 'self' blob: https://press.coop 1
default-src 'self' *.mamabonus.com *.getsitecontrol.com *.getsitectrl.com *.youtube.com *.datamother.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.getsitecontrol.com *.getsitectrl.com;connect-src 'self' *.getsitecontrol.com *.getsitectrl.com *.googletagmanager.com *.google-analytics.com *.firebaseio.com *.doubleclick.net  wss: datamother.com;img-src 'self' *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self';font-src data: 'self' *.getsitecontrol.com *.getsitectrl.com 1
frame-ancestors hcpl.net *.hcpl.net hcpl.bibliocms.com *.hcpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src hcpl.net *.hcpl.net hcpl.bibliocms.com *.hcpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://hilfe.campz.ch https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
connect-src 'self' https://*.zendesk.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://*.zdassets.com https://*.typekit.net https://kundeservice.lyse.no *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.com https://optimize.google.com https://www.google.no https://cdn.sanity.io https://*.app.cookieinformation.com https://coi-prod.azureedge.net https://www.facebook.com https://connect.facebook.net https://*.taskanalytics.com https://*.doubleclick.net https://sc-static.net https://tr.snapchat.com https://ta-survey-v2.herokuapp.com https://dc.services.visualstudio.com https://player.vimeo.com https://*.akamaized.net wss: https://api.smooch.io https://marketingplatform.google.com https://c.tile.openstreetmap.org https://api.lyse.no https://lykf-apim-prod.azure-api.net https://za6ku0ko.apicdn.sanity.io https://za6ku0ko.api.sanity.io https://api.lyse.no https://lykf-cognitive-search-prod.search.windows.net https://kundeservice.lyse.no https://api.lyse.no; default-src 'self' https://*.app.cookieinformation.com https://cdn.sanity.io; font-src 'self' https://*.typekit.net https://*.hotjar.com data:; frame-src 'self' https://*.app.cookieinformation.com https://vars.hotjar.com https://www.google.com https://*.doubleclick.net https://tr.snapchat.com https://optimize.google.com; img-src 'self' https://*.hotjar.com https://*.zendesk.com https://cdn.sanity.io https://static.zdassets.com https://*.lyse.no https://*.googleapis.com https://maps.gstatic.com *.google-analytics.com *.googletagmanager.com https://coi-prod.azureedge.net https://www.facebook.com https://www.google.com https://optimize.google.com https://www.google.no https://tr.snapchat.com https://ssl.gstatic.com https://gstatic.com data: https://api.lyse.no; media-src 'self' https://static.zdassets.com https://player.vimeo.com https://*.akamaized.net; script-src 'self' https://*.app.cookieinformation.com https://maps.googleapis.com *.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.google.com https://optimize.google.com https://www.google.no https://www.gstatic.com https://*.hotjar.com https://static.zdassets.com https://widget-mediator.zopim.com https://connect.facebook.net https://*.taskanalytics.com https://*.doubleclick.net https://sc-static.net https://tr.snapchat.com https://api.smooch.io 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https://*.typekit.net https://optimize.google.com https://tagmanager.google.com https://*.hotjar.com 'unsafe-inline'; 1
connect-src 'self' ws: wss: https://survey.feedbackly.com https://api.flockler.com https://*.giosg.com https://*.giosgusercontent.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://*.lfeeder.com https://cdn.linkedin.oribi.io *.bing.com wss://*.bing.com https://*.clarity.ms; default-src 'none'; font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com; frame-src 'self' blob: data: mailto: tel: https://www.facebook.com/ https://survey.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://*.doubleclick.net *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://*.lfeeder.com sdx.microsoft.com https://*.clarity.ms https://w.soundcloud.com secredirect.wheelq.com surveys.wheelq.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: https://www.facebook.com https://*.fbcdn.net flockler.com media-api.flockler.com giosg-chat-public-eu.s3.amazonaws.com cdn.giosgusercontent.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fi https://*.doubleclick.net *.google-analytics.com *.analytics.google.com  js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://*.cdninstagram.com https://*.lfeeder.com https://*.ads.linkedin.com *.bing.com *.microsoft.com https://*.clarity.ms https://*.twimg.com img.youtube.com https://i.ytimg.com; object-src 'self'; script-src 'self' 'unsafe-eval' https://connect.facebook.net https://survey.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://*.lfeeder.com https://snap.licdn.com https://bat.bing.com https://r.bing.com https://c.bing.com https://*.clarity.ms https://www.youtube.com/ https://www.youtube.com/iframe_api 'unsafe-inline'; style-src 'self' use.fontawesome.com https://*.giosg.com https://*.giosgusercontent.com https://fonts.googleapis.com https://tagmanager.google.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.bing.com https://*.clarity.ms 'unsafe-inline'; 1
frame-ancestors 'self' https://engage-ab.marketo.com/ 1
frame-ancestors 'self' *.bnymellonwealth.com; 1
default-src 'self' www.sidecarhealth.com sidecarhealth.com dev-sidecar-health.pantheonsite.io https://td.doubleclick.net/ test-sidecar-health.pantheonsite.io sidecarhealth.localhost boards.greenhouse.io greenhouse.io cdn.linkedin.oribi.io web1.acsbapp.com cdn.jsdelivr.net api.lever.co andreasmb.github.io player.vimeo.com vimeo.com bam.nr-data.net js-agent.newrelic.com px.ads.linkedin.com www.linkedin.com linkedin.com www.snapengage.com snapengage.com widget.trustpilot.com dev.visualwebsiteoptimizer.com utt.impactcdn.com cdn.heapanalytics.com acsbapp.com storage.googleapis.com bat.bing.com connect.facebook.net facebook.com www.facebook.com snap.licdn.com cdn.callrail.com pix.pub script.hotjar.com in.hotjar.com heapanalytics.com cdn.acsbapp.com logs-01.loggly.com snapengage.com vars.hotjar.com use.fontawesome.com static.hotjar.com 1.gravatar.com id.rlcdn.com js.hsleadflows.net stats.g.doubleclick.net track.hubspot.com perf.hsforms.com forms-na1.hsforms.com gstatic.com www.gstatic.com api.hubapi.com forms.hubspot.com hubspot.com js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net api.livechatinc.com secure.livechatinc.com google.com www.google.com google.ro www.google.ro www.google-analytics.com google-analytics.com *.google.com googletagmanager.com  *.ipify.org www.googletagmanager.com googleads.g.doubleclick.net js.hs-scripts.com cdn.livechatinc.com boards.greenhouse.io boards-api.greenhouse.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hsforms.net cdnjs.cloudflare.com unpkg.com secure.gravatar.com fonts.googleapis.com fonts.gstatic.com browser.sentry-cdn.com app.hubspot.com static.hsappstatic.net client-api.auryc.com apps.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud api.usw2.pure.cloud api-cdn.usw2.pure.cloud 'unsafe-inline' 'unsafe-eval' data: blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.wp.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com extend.vimeocdn.com kit.fontawesome.com www.realtimestatistics.net s0.wp.com *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net *.hscollectedforms.net; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com kit.fontawesome.com s0.wp.com; base-uri 'self';form-action 'self' wpengine.blogvault.net;frame-ancestors 'self'; frame-src 'self' www.google.com player.vimeo.com correlation.edgate.com widgets.wp.com 1
frame-ancestors https://geo.greenheart.org 'self' https://greenheart.org https://greenheartclub.org https://*.greenheart.org https://*.greenheartclub.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.google.com https://unpkg.com https://www.googletagmanager.com https://widget.instabot.io https://widgetapi.instabot.io https://www.gstatic.com https://greenheart.org https://*.greenheart.org https://www.google-analytics.com https://greenheartclub.org https://*.greenheartclub.org; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self'; base-uri 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://www.gstatic.com/instantbuy/ https://gstatic.com/instantbuy/; connect-src 'self' https://google.com/pay https://www.google.com/pay https://pay.google.com/; font-src 'self'; object-src 'none'; child-src 'none'; form-action 'self'; frame-src 'self'; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.salesforce.com/ https://*.force.com/ *.zuora.com *.onlyoffice.com *.teamlab.info onlyoffice.com teamlab.info *.dynamics.com *.openrainbow.io teams.microsoft.com *.teams.microsoft.com *.skype.com *.onlyoffice.github.io *.hubspot.com *.pipedrive.com *.myfreshworks.com chrome-extension://hglclkmkgclgjfdnkodkmnkjoigibkge chrome-extension://empnokmbbkhefagacpkcklmhboijnbco chrome-extension://ajiljihpkihieilmgbnbmijbeikcalgc chrome-extension://jmficoohbcmpodnlbnapelnpabicgnii chrome-extension://ljnapipnbmlpjhldooifpfkbhhdlgkfc ; default-src 'self' 'unsafe-inline' 'unsafe-eval' mailto: zuora.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com app.mailjet.com *.youtube.com *.giphy.com *.zuora.com *.openrainbow.io *.onlyoffice.com *.teamlab.info https://apis.google.com https://accounts.google.com https://*.google-analytics.com https://fonts.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://pixabay.com https://login.microsoftonline.com https://graph.microsoft.com https://appsforoffice.microsoft.com https://res-1.cdn.office.net https://statics.teams.microsoft.com https://storage.waw.cloud.ovh.net/ https://static2.sharepointonline.com https://ajax.googleapis.com wss://127.0.0.1:9001 wss://127.0.0.1:9002 https://openrainbow.com https://files-sbg.openrainbow.com https://helpcenter.openrainbow.com  *.openrainbow.com wss://openrainbow.com wss://*.openrainbow.com ws://openrainbow.com ws://*.openrainbow.com openrainbow.com  *.openrainbow.health wss://openrainbow.health wss://*.openrainbow.health ws://openrainbow.health ws://*.openrainbow.health openrainbow.health  *.myopenrainbow.com.cn wss://myopenrainbow.com.cn wss://*.myopenrainbow.com.cn ws://myopenrainbow.com.cn ws://*.myopenrainbow.com.cn myopenrainbow.com.cn  *.rainbow-one.monacodatacenter.com wss://rainbow-one.monacodatacenter.com wss://*.rainbow-one.monacodatacenter.com ws://rainbow-one.monacodatacenter.com ws://*.rainbow-one.monacodatacenter.com rainbow-one.monacodatacenter.com  *.openrainbow.ae wss://openrainbow.ae wss://*.openrainbow.ae ws://openrainbow.ae ws://*.openrainbow.ae openrainbow.ae  *.r.poly.com.cn wss://r.poly.com.cn wss://*.r.poly.com.cn ws://r.poly.com.cn ws://*.r.poly.com.cn r.poly.com.cn  *.openrainbow.red wss://openrainbow.red wss://*.openrainbow.red ws://openrainbow.red ws://*.openrainbow.red openrainbow.red  file: qrc: blob: ; img-src * data: blob: file: ; media-src * blob:   1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-911e4c82805cf32c0ab74eb7faf490f2'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-_CA6zHICjzmnDQ-s7fbqJA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-xNazSlSTOO0Rimh8qROk_A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.lecteurs.com *.orange.com; base-uri 'self' 1
frame-ancestors 'self' https://backcountry-research.jp 1
frame-ancestors 'self' *.byk.com *.etracker.com; object-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pdx.social; img-src 'self' https: data: blob: https://pdx.social; style-src 'self' https://pdx.social 'nonce-i+iDYAizsBKVwtAl74LBZA=='; media-src 'self' https: data: https://pdx.social; frame-src 'self' https:; manifest-src 'self' https://pdx.social; form-action 'self'; child-src 'self' blob: https://pdx.social; worker-src 'self' blob: https://pdx.social; connect-src 'self' data: blob: https://pdx.social https://cdn.masto.host wss://pdx.social; script-src 'self' https://pdx.social 'wasm-unsafe-eval' 1
default-src 'self' https: ; img-src 'self' 'unsafe-inline' data: https: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' 'unsafe-inline' https: ; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://callmepower.be/report-uri/enforce 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.ads-twitter.com *.twitter.com *.instagram.com *.ctfassets.net *.fullstory.com *.zdassets.com *.segment.com *.facebook.net *.nextdoor.com *.tvsquared.com *.doubleclick.net *.adsrvr.org *.bing.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.vercel-insights.com *.vercel.app *.vercel-scripts.com embedsocial.com *.smooch.io *.mypurecloud.com *.cloudfront.net *.cobrowse.io *.redditstatic.com *.clarity.ms aa.trkn.us *.hotjar.com *.adnxs.com *.shop.pe shop.pe addshoppers.s3.amazonaws.com cdn.id5-sync.com action.dstillery.com action.media6degrees.com analytics.tiktok.com static.hsappstatic.net vercel.live js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com www.datadoghq-browser-agent.com *.gstatic.com d2mjzob2nc713b.cloudfront.net gotrhythm.cdn1.safeopt.com *.dwin1.com *.gotrhythm.com;  child-src *.youtube.com *.google.com *.twitter.com *.facebook.com *.adsrvr.org *.doubleclick.net embedsocial.com vercel.live;  style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com embedsocial.com *.typekit.net;  img-src * blob: data: *.ctfassets.net *.fbsbx.com *.googleusercontent.com smart-pixl.com *.fullstory.com;  object-src * blob: data:;  media-src 'self' *.zdassets.com *.ctfassets.net;  connect-src * *.browser-intake-datadoghq.com;  frame-src * 'self' blob: data: *.ctfassets.net;  font-src 'self' data: fonts.gstatic.com *.cloudflare.com *.typekit.net;  worker-src * 'self' blob: *.vercel.app;  manifest-src 'self' *.vercel.app; 1
default-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;style-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;script-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;img-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-060d6bd2-c46c-4bff-a01e-a746ba094419' https://www.google.com/recaptcha/api.js; 1
default-src 'self';                         script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' go.stepan.com code.jquery.com *.salesforceliveagent.com cdn.cookielaw.org assets.adobedtm.com service.force.com pi.pardot.com stepan.my.salesforce.com static.lightning.force.com stepancompany.secure.force.com stepan.my.salesforce-sites.com;                         style-src 'self' 'unsafe-inline' *.force.com *.salesforce-sites.com; img-src 'self' data: cdn.cookielaw.org *.omtrdc.net;                         connect-src 'self' cdn.cookielaw.org *.omtrdc.net *.force.com *.salesforceliveagent.com dpm.demdex.net; font-src 'self' data:;                         object-src 'self'; media-src 'self'; navigate-to *; frame-src 'self' service.force.com; 1
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self' 'unsafe-eval' data: https://*.wistia.com https://*.wistia.net https://event.api.drift.com https://metrics.api.drift.com https://cta-service-cms2.hubspot.com https://pipedream.wistia.com https://distillery.wistia.com; script-src 'self' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://api.hubapi.com https://js.hsforms.net https://hire.myavionte.com https://www.google.com https://snap.licdn.com https://connect.facebook.net https://js.driftt.com https://event.api.drift.com https://metrics.api.drift.com https://js.hsleadflows.net https://tracking.g2crowd.com https://sc.lfeeder.com https://js.hubspot.com https://cta-service-cms2.hubspot.com https://open.spotify.com https://embed.podcasts.apple.com https://www.iheart.com https://app.fusebox.fm/ https://js.hubspotfeedback.com https://googleads.g.doubleclick.net https://google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net 'nonce-nHdADyJu8RSJy8+9zZ7qsNFxX4E=' nonce-kM/fGJixmgW1JEjwNp6LxsVYbnU= ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' data: blob: https://fast.wistia.com https://button.glitch.me 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://track.hubspot.com https://forms.hsforms.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://www.linkedin.com https://px4.ads.linkedin.com https://tr.lfeeder.com https://perf-na1.hsforms.com https://tr-rc.lfeeder.com https://www.google.com blob: https://www.google-analytics.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hs-banner.com https://event.api.drift.com https://metrics.api.drift.com https://cdn.linkedin.oribi.io https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://pipedream.wistia.com https://distillery.wistia.com https://js.hubspot.com https://js.hsleadflows.net https://my.wpengine.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ampcid.google.com about: https://px.ads.linkedin.com https://google.com https://www.analytics.google.com www.googletagmanager.com; font-src 'self' data: data: https://*.wistia.com fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://metrics.api.drift.com https://event.api.drift.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://js.driftt.com; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://bid.g.doubleclick.net https://www.youtube-nocookie.com data: blob: https://hire.myavionte.com https://app.hubspot.com https://static.hsappstatic.net https://forms.hsforms.com https://js.driftt.com https://event.api.drift.com https://metrics.api.drift.com https://www.facebook.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://open.spotify.com https://embed.podcasts.apple.com https://www.iheart.com https://pipedream.wistia.com https://distillery.wistia.com https://js.hubspot.com https://js.hsleadflows.net https://www.instagram.com https://*.vimeo.com https://*.vimeocdn.com https://*.googlesyndication.com https://app.fusebox.fm https://www.google.com https://td.doubleclick.net www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; 1
default-src 'self'; script-src 'self'; form-action 'self'; style-src 'self'  ; img-src 'self'; 1
default-src 'none'; manifest-src 'self'; object-src 'self'; base-uri 'self'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; form-action 'self' www.youtube.com; frame-src www.google.com www.youtube.com; connect-src 'self' api.amplitude.com www.facebook.com *.analytics.google.com *.clarity.ms; img-src 'self' data: www.facebook.com www.googletagmanager.com www.google-analytics.com www.google.com www.google.bg px.ads.linkedin.com www.linkedin.com stats.g.doubleclick.net c.clarity.ms c.bing.com; script-src 'self' 'unsafe-inline' cdn.amplitude.com www.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.gstatic.com googleads.g.doubleclick.net connect.facebook.net snap.licdn.com *.clarity.ms; frame-ancestors 'self'; report-uri https://sirma.com/_csp 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: blob: www.minecraftiplist.com cdn.usefathom.com; object-src 'none'; script-src-attr 'self' 'nonce-376PHo55qB7L9K8dT8s1aQ==' www.minecraftiplist.com www.googletagmanager.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'nonce-376PHo55qB7L9K8dT8s1aQ==' www.minecraftiplist.com www.googletagmanager.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; upgrade-insecure-requests; script-src-elem 'self' 'nonce-376PHo55qB7L9K8dT8s1aQ==' www.minecraftiplist.com www.googletagmanager.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; 1
default-src 'self' iotmanager.com *.iotmanager.com *.d2epn5wohs8gly.amplifyapp.com cognito-idp.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com vuro-rtmp.us wss://a8lkbtl9l2eem-ats.iot.us-east-1.amazonaws.com ; media-src 'self' blob:  https:  ers-transcodervideo-destnation.s3.amazonaws.com ; img-src 'self' data: iotmanager.com *.iotmanager.com ; style-src 'self' 'unsafe-inline'  iotmanager.com *.iotmanager.com ; font-src 'self' data: *.d2epn5wohs8gly.amplifyapp.com ; object-src 'none' ; 1
script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' https://www.googletagmanager.com 'unsafe-inline' https://cdn.moengage.com/ https://www.gstatic.com https://static.hotjar.com https://www.google-analytics.com https://script.hotjar.com https://js.monitor.azure.com 'unsafe-eval' https://www.google.com/ ; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ ; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: https://www.google.com.my; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' https://analytics.google.com https://sdk-01.moengage.com wss://localhost:44355/IHHHealthcare https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://vc.hotjar.io/; default-src 'self'; font-src  data: 'self' https://cdnjs.cloudflare.com/ ; frame-src  https://td.doubleclick.net https://hms.gleneagles.hk https://www.google.com/ https://www.facebook.com/ https://m.facebook.com/ https://ghk-pilot.hms.local/ https://testserver-2364b.web.app/ https://pantaiproject-db504.web.app/ https://pantai-3d---orthopaedic.web.app/ https://pantai-3d---paediatrics.web.app/ 1
base-uri www.otogo.ca; default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com unsafe-inline; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.hs-scripts.com *.livechatinc.com bat.bing.com connect.facebook.net d.impactradius-event.com https://*.hotjar.com js.hs-analytics.net js.hs-banner.com m.otogo.ca maps.googleapis.com sb.scorecardresearch.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com; connect-src api.livechatinc.com bat.bing.com cdn.jsdelivr.net fb.otogo.ca https://*.hotjar.com https://*.hotjar.io maps.googleapis.com stats.g.doubleclick.net storage.googleapis.com wss://*.hotjar.com www.facebook.com www.google-analytics.com www.google.com www.otogo.ca; font-src cdn.livechatinc.com data: fonts.gstatic.com https://*.hotjar.com m.otogo.ca www.otogo.ca; style-src 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com m.otogo.ca www.otogo.ca; img-src * data: https://*.hotjar.com www.otogo.ca; object-src m.otogo.ca; frame-src 'unsafe-eval' 'unsafe-inline' https: https://*.hotjar.com www.otogo.ca; manifest-src www.otogo.ca m.otogo.ca; frame-ancestors www.guideautoweb.com www.allirish-quebec.com 1
frame-ancestors 'self' https://resources.johncrane.com; 1
script-src * 'unsafe-inline'; style-src * 'unsafe-inline';img-src *;font-src *;frame-src *; 1
default-src 'self'; connect-src 'self' https://*.siteimprove.com https://*.readspeaker.com https://*.google-analytics.com https://*.analytics.google.com https://*.gemeentemaastricht.eu https://matomo.spzl.nl; font-src 'self' https://fonts.gstatic.com https://*.readspeaker.com data:; frame-src https://my2.siteimprove.com https://*.readspeaker.com https://www.google.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.global.siteimproveanalytics.io https://*.tile.openstreetmap.org; manifest-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://fonts.googleapis.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'none'; base-uri 'self'; report-uri https://www.gemeentemaastricht.nl/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet https://chat.smartcall.cc https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudflare.com *.jquery.com kendo.cdn.telerik.com *.hotjar.com ws://*.hotjar.com surfly.com *.googletagmanager.com https://*.talkjs.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.smartcall.cc; font-src 'self' data: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.swagger.io *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl; media-src 'self' data: blob: https://*.talkjs.com; frame-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be https://acv-flash.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com *.2tt.be *.youtube.com *.youtube-nocookie.com *.soundcloud.com https://*.talkjs.com https://pc201.be https://pc311.be; frame-ancestors  'self' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.hotjar.com ws://*.hotjar.com *.googleapis.com *.google-analytics.com *.analytics.google.com accounts.google.com *.gstatic.com *.facebook.net *.doubleclick.net surfly.com *.hotjar.io ws://*.hotjar.io *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.smartcall.cc *.trackjs.com https://*.talkjs.com wss://*.talkjs.com https://directline.botframework.com wss://directline.botframework.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl; object-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet 1
frame-ancestors 'self'  https://*.withfaye.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: useargo.com oss.maxcdn.com www.googletagmanager.com use.typekit.net www.google-analytics.com kit.fontawesome.com consensu.io snap.licdn.com connect.facebook.net *.doubleclick.net d335luupugsy2.cloudfront.net *.rdstation.com.br nitropack.io static.zdassets.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' useargo.com fonts.googleapis.com use.typekit.net fontawesome.com consensu.io *.rdstation.com.br www.googletagmanager.com; img-src 'self' 'unsafe-inline' data: *.useargo.com p.typekit.net www.google-analytics.com stats.g.doubleclick.net secure.gravatar.com www.google.com www.google.com.br *.ads.linkedin.com www.facebook.com d335luupugsy2.cloudfront.net nitropack.io; connect-src 'self' useargo.com performance.typekit.net www.google-analytics.com stats.g.doubleclick.net *.fontawesome.com *.consensu.io analytics.google.com *.googlesyndication.com cdn.linkedin.oribi.io *.rdstation.com.br to.getnitropack.com nitropack.io *.zdassets.com nitropack.zendesk.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net *.fontawesome.com s0.wp.com; media-src 'self' *.youtube.com; worker-src 'self' useargo.com 1
base-uri 'self';block-all-mixed-content;frame-ancestors 'none';img-src data: https:;object-src 'none';upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1o2nhcpiqucva&partner=; 1
default-src     'self' 'unsafe-inline'; connect-src     'self' 'unsafe-inline' *.optibelt.com *.googletagmanager.com *.google-analytics.com *.b-ite.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.optibelt.com  *.googletagmanager.com *.google-analytics.com *.b-ite.com; style-src       'self' 'unsafe-inline' *.optibelt.com; font-src        'self' 'unsafe-inline' data: *.optibelt.com; img-src         'self' *.optibelt.com  data: *.google-analytics.com *.ytimg.com; media-src       'self' *.optibelt.com; frame-ancestors 'self' *.optibelt.com; frame-src       'self' *.optibelt.com  www.youtube.com www.youtube-nocookie.com *.youtu.be *.facebook.com *.partcommunity.com media.video.taxi; object-src     'none' 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170596891387300' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
default-src 'self';script-src 'self' https://*.hotjar.com *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com track.freecallinc.com cnt.tyxo.bg *.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.hotjar.com track.freecallinc.com *.government.bg *.nksoftware.net *.youtube.com tagmanager.google.com *.googleapis.com 'unsafe-inline';style-src-elem 'self' *.gstatic.com  *.googletagmanager.com *.government.bg *.nksoftware.net *.googleapis.com 'unsafe-inline';img-src 'self' *.googletagmanager.com https://*.hotjar.com *.nksoftware.net *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com gotoburgas.com *.gotoburgas.com burgas.bg *.burgas.bg cnt.tyxo.bg track.freecallinc.com *.imgur.com data:;font-src 'self' https://*.hotjar.com *.googleapis.com track.freecallinc.com *.gstatic.com data:; base-uri 'self'; form-action 'self'; frame-src 'self' *.google.com *.gstatic.com *.government.bg *.youtube.com *.youtube-nocookie.com *.facebook.com;manifest-src 'self';frame-ancestors 'self';connect-src 'self' translate.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.freecallinc.com *.doubleclick.net *.smartburgas.eu; media-src 'self' * blob: *.smartburgas.eu; worker-src 'self' blob: ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0f5es1liquf6a&partner=; 1
default-src 'self' https: blob:; style-src 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' https: data: blob:; frame-src 'self' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; form-action 'self' https://forms.zohopublic.com/ https://opac.hus.ac.jp/; base-uri 'self'; frame-ancestors 'self' https://f6neniwkjv-dsn.algolia.net/ https://forms.zohopublic.com/ https://opac.hus.ac.jp/; worker-src blob:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZmU4NTVjZmUwMzFmNGU0Njk0ZTE4MDM1MTA2NmQzODI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nctv.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nctv.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nctv.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src *  data: blob: mediastream: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
object-src 'self'; base-uri 'none'; 1
; worker-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.imp.stackadapt.com *.srv.stackadapt.com *.hotjar.com *.hotjar.io bat.bing.com cdn.sub2tech.com connect.facebook.net dataservices.sub2tech.com equifax-cdn.sub2tech.com wchat.freshchat.com www.google-analytics.com www.googletagmanager.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com kit.fontawesome.com stackpath.bootstrapcdn.com unpkg.com www.youtube.com cdn.jsdelivr.net maps.googleapis.com widget.trustpilot.com; script-src-elem 'self' 'unsafe-inline' livechat-choosemycar.connexone.co.uk optimize.google.com www.googleoptimize.com *.sub2tech.com cdn-cookieyes.com *.stackadapt.com *.hotjar.io *.hotjar.com bat.bing.com cdn.sub2tech.com connect.facebook.net dataservices.sub2tech.com equifax-cdn.sub2tech.com wchat.freshchat.com www.google-analytics.com www.googletagmanager.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com gc.kis.v2.scr.kaspersky-labs.com kit.fontawesome.com maps.googleapis.com stackpath.bootstrapcdn.com unpkg.com www.youtube.com widget.trustpilot.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.srv.stackadapt.com fonts.googleapis.com wchat.freshchat.com cdnjs.cloudflare.com p.typekit.net stackpath.bootstrapcdn.com unpkg.com use.typekit.net cdn.datatables.net translate.googleapis.com; style-src-elem 'self' 'unsafe-inline' optimize.google.com *.stackadapt.com fonts.googleapis.com wchat.eu.freshchat.com cdn.datatables.net cdnjs.cloudflare.com gc.kis.v2.scr.kaspersky-labs.com p.typekit.net stackpath.bootstrapcdn.com unpkg.com use.typekit.net; style-src-attr 'unsafe-inline'; img-src 'self' data: cdn.imagin.studio cdn-cookieyes.com secure.gravatar.com *.stackadapt.com *.hotjar.com *.hotjar.io assets.choosemycar.com carcliq.ams3.cdn.digitaloceanspaces.com bat.bing.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.google.lt www.googletagmanager.com www.google.ie www.google.es connect.facebook.net digitaloftcdn.com www.google.ae www.google.be www.google.bg www.google.co.nz www.google.co.za www.google.co.zw www.google.com.au www.google.com.gh www.google.com.kw www.google.com.ph www.google.com.tr www.google.fr www.google.gr www.gstatic.com i.ytimg.com maps.googleapis.com maps.gstatic.com www.google.ca www.google.co.il www.google.co.in www.google.com.lb www.google.com.pk www.google.com.sg www.google.de www.google.fi www.google.it www.google.no www.google.pt translate.google.com www.google.jo www.google.pl www.google.rs www.google.al www.google.ba www.google.co.id www.google.co.kr www.google.co.ma www.google.com.bh www.google.com.br www.google.com.do www.google.com.eg www.google.com.jm www.google.com.ng www.google.com.om www.google.com.sa www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.hr www.google.hu www.google.im www.google.iq www.google.je www.google.ps www.google.ro www.google.se www.google.si www.google.tn; font-src 'self' data: *.hotjar.com *.hotjar.io fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com static3.avast.com use.typekit.net; connect-src 'self' doc-0k-a8-sheets.googleusercontent.com pagead2.googlesyndication.com googlesyndication.com googleads.g.doubleclick.net www.google.com cdn-cookieyes.com *.cookieyes.com *.google-analytics.com region1.analytics.google.com *.yoast.com *.stackadapt.com wss://*.hotjar.com *.hotjar.com *.hotjar.io bat.bing.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com digitaloftcdn.com ka-p.fontawesome.com assets.choosemycar.com docs.google.com www.googletagmanager.com gjtrack.ucweb.com doc-0c-44-sheets.googleusercontent.com maps.googleapis.com; frame-src 'self' data: td.doubleclick.net livechat-choosemycar.connexone.co.uk optimize.google.com viewer.mapme.com https://docs.google.com https://vars.hotjar.com https://widget.trustpilot.com *.hotjar.io 394466662429530.eu.webpush.freshchat.com wchat.eu.freshchat.com www.facebook.com www.youtube.com mozbar.moz.com widget.trustpilot.com www.googletagmanager.com; child-src wchat.eu.freshchat.com www.youtube.com; form-action 'self' www.facebook.com; base-uri 'self' *.stackadapt.com; report-uri https://choosemycar.report-uri.com/r/d/csp/wizard 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: https://fonts.googleapis.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com www.googletagmanager.com *.google.com https://td.doubleclick.net/ td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net 'self' data: https://www.google.co.in/ google.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://polyfill.io connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com *.google.com https://static.cloudflareinsights.com/* static.cloudflareinsights.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com https://www.google.co.in/ads/* *.google.co.in 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.isi.net 1
default-src   0027.apiweb.bevestor.de security.bevestor.de 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.consentmanager.net *.tt.omtrdc.net dpm.demdex.net; style-src 'self' 'unsafe-inline' *.consentmanager.net; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com *.consentmanager.net assets.adobedtm.com bevestor.de stats.deka.de dpm.demdex.net deka.demdex.net cm.everesttech.net fast.deka.demdex.net *.facebook.net *.adobe.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net; frame-src  'self' www.youtube-nocookie.com *.youtube.com deka.demdex.net *.doubleclick.net *.adobe.com; object-src 'none'; img-src images.ctfassets.net *.consentmanager.net dpm.demdex.net smetrics.bevestor.de *.facebook.com *.doubleclick.net cm.everesttech.net pixel.rubiconproject.com adservice.google.com adservice.google.de data: 'self' blob: https:; 1
default-src 				'self' 'unsafe-eval' 'unsafe-inline' data: https:			;img-src 				* data:				https://tcm-map.childrennow.org 				www.googletagmanager.com 			;media-src 				'self' blob: data: 		 	;script-src 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://www.googletagmanager.com 			 	https://www.google-analytics.com 			 	https://app.giveforms.com 				https://www.google.com/recaptcha/api.js 				https://www.gstatic.com 				https://fast.wistia.com 				https://*.googleapis.com 				https://player.vimeo.com 				https://www.youtube.com 				https://platform.twitter.com 				https://s.ytimg.com/yts/jsbin/www-widgetapi-vfle7xYY2/www-widgetapi.js 				https://cdn.syndication.twimg.com/timeline/profile 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/addon/mode/loadmode.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/htmlmixed/htmlmixed.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/xml/xml.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/javascript/javascript.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/css/css.min.js 			;script-src-elem 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://www.googletagmanager.com 			 	https://www.google-analytics.com 			 	https://app.giveforms.com 				https://www.google.com/recaptcha/api.js 				https://www.gstatic.com 				https://fast.wistia.com 				https://*.googleapis.com 				https://player.vimeo.com 				https://www.youtube.com 				https://platform.twitter.com 				https://s.ytimg.com/yts/jsbin/www-widgetapi-vfle7xYY2/www-widgetapi.js 				https://cdn.syndication.twimg.com/timeline/profile 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/addon/mode/loadmode.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/htmlmixed/htmlmixed.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/xml/xml.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/javascript/javascript.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/css/css.min.js 			;style-src 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://*.googleapis.com 				https://platform.twitter.com 				https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 			;style-src-elem 				'self' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://*.googleapis.com 				https://platform.twitter.com 				https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 			;style-src-attr 				'self' 'unsafe-inline'			; 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu https://shop.pe/widget/widget_async.js https://shop.pe/widget/main/init/params; report-uri /.webscale/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jsdelivr.net/ https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.paypal.com/ https://stats.wp.com/ https://stackpath.bootstrapcdn.com/ https://*.filco.es/ https://es.bookshop.org/ https://*.wp.com/ https://ajax.googleapis.com/ https://cdn.herdereditorial.com/ https://cdn.dev.herder.cat/; img-src 'self' data: https://www.paypalobjects.com/ https://*.paypal.com/ https://pixel.wp.com/ https://secure.gravatar.com/ https://*.ytimg.com/ https://cdn.herdereditorial.com/ https://cdn.dev.herder.cat/; object-src 'self' data: https://*.paypal.com/ https://*.paypalobjects.com/ https://*.stripe.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.filco.es/ https://es.bookshop.org/ https://cdn.herdereditorial.com/ https://cdn.dev.herder.cat/; frame-src 'self' data: https://*.paypal.com/ https://*.paypalobjects.com/ https://*.stripe.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.filco.es/ https://es.bookshop.org/ https://cdn.herdereditorial.com/ https://cdn.dev.herder.cat/; form-action 'self' data: https://*.filco.es/ https://cdn.herdereditorial.com/; 1
default-src 'self';script-src 'self' 'nonce-Z1LxdlQ0qVCAP/APxVvnqXhjcVbvxPyRfE/9e0dkbSYOP6auWzp68wv4bkEBnr8fK7QjYk4QVy6u0phYadKZjQ==';style-src 'self' 'nonce-Z1LxdlQ0qVCAP/APxVvnqXhjcVbvxPyRfE/9e0dkbSYOP6auWzp68wv4bkEBnr8fK7QjYk4QVy6u0phYadKZjQ==';connect-src 'self';font-src 'self' data: https://fonts.gstatic.com;img-src 'self';sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-top-navigation 1
default-src *.martinbros.com; connect-src *.martinbros.com *.google-analytics.com forms.hsforms.com *.fontawesome.com; img-src *.martinbros.com www.facebook.com *.google-analytics.com track.hubspot.com assets.pinterest.com log.pinterest.com *.googleadservices.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com *.fontawesome.com *.hsforms.com 'self' data:; script-src 'unsafe-inline' *.martinbros.com code.jquery.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com connect.facebook.net *.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsforms.net forms.hsforms.com cdn.jsdelivr.net stackpath.bootstrapcdn.com assets.pinterest.com seekbeak.com www.youtube.com unpkg.com *.fontawesome.com; style-src 'unsafe-inline' *.martinbros.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com cdn.jsdelivr.net fonts.googleapis.com; font-src *.martinbros.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data:; frame-src www.google.com www.youtube.com www.facebook.com seekbeak.com forms.hsforms.com 1
frame-ancestors 'self' lastminutes.wijzijnvalkenburg.nl thermae2000.nl; 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:; frame-ancestors https://mc.yandex.ru https://yastatic.net https://metrika.yandex.ru  https://*.webvisor.com 1
default-src 'self'; script-src 'self' qrc: 'nonce-YjU0NjU4YTYtZDdkMi00OTU4LTkzN2YtNWMyZGVmODVhYWZj' 'strict-dynamic' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com googletagmanager.com tagmanager.google.com; img-src 'self' blob: data: https:; font-src 'self' data: fonts.gstatic.com fonts.gstatic.googlefonts.cn; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https:; frame-src www.youtube.com www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/_csp_report; 1
referrer 1
default-src 'self' files.hollmann.international data:;base-uri https://hollmann.international;block-all-mixed-content;style-src 'self' files.hollmann.international 'unsafe-inline';script-src 'self' files.hollmann.international 'unsafe-inline';frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline'   https://*.tpsportal.co.nz https://www.tenancy.co.nz https://*.vimeocdn.com  https://*.googleapis.com https://*.vimeo.com https://*.youtube.com https://*.sndcdn.com https://www.google-analytics.com https://tps-dev-tenancy-attachments.s3.amazonaws.com https://tps-dev-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://tps-testing-tenancy-attachments.s3.amazonaws.com https://tps-testing-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://tps-prod-tenancy-attachments.s3.amazonaws.com https://tps-prod-tenancy-attachments.s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net https://tps-dev-tenancy-attachments.s3.ap-southeast-2.amazonaws.com https://tps-file-storage-dev.s3.ap-southeast-2.amazonaws.com https://tps-file-storage.s3.ap-southeast-2.amazonaws.com https://tps-testing-public-images.s3.ap-southeast-2.amazonaws.com https://tps-prod-public-images.s3.ap-southeast-2.amazonaws.com https://tps-testing-tenancy-attachments.s3.ap-southeast-2.amazonaws.com https://tps-prod-tenancy-attachments.s3.ap-southeast-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'   https://*.tpsportal.co.nz https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://*.googletagmanager.com https://*.googleapis.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://*.sndcdn.com https://www.googleadservices.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; img-src * data: blob:; font-src * 'unsafe-inline' data:; media-src *; object-src *; frame-src *; child-src *; frame-ancestors 'self'  https://*.sndcdn.com https://*.vimeo.com https://*.youtube.com https://*.vimeocdn.com https://www.googleadservices.com https://*.doubleclick.net;form-action https://*.tpsportal.co.nz https://*.tpsportal.docksal https://*.tpsportal.docksal.site https://*.tpsportal.lndo.site 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.de *.consentmanager.net *.etracker.com cdn.consentmanager.net/delivery/ *.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org etracker.de tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.openstreetmap.org pixelpark.elaine-asp.de www.bmbf.de www.youtube.com maps.googleapis.com *.mgr.consensu.org; font-src 'self'; style-src 'self' 'unsafe-inline' *.mgr.consensu.org; img-src 'unsafe-inline' 'self' *.consentmanager.net *.ytimg.com data: www.google-analytics.com *.mgr.consensu.org *.openstreetmap.org cdn.consentmanager.net fonts.googleapis.com; frame-ancestors www.bmbf.de ; media-src 'self' 'unsafe-inline' 'unsafe-eval' pixelpark.elaine-asp.de www.youtube.com www.bmbf.de www.vimeo.com play.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' streaming-out.bmbfcluster.de streaming.sendewerk.berlin pixelpark.elaine-asp.de www.youtube.com www.bmbf.de www.vimeo.com play.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.de *.etracker.com *.mgr.consensu.org www.google-analytics.com maps.googleapis.com pixelpark.elaine-asp.de; object-src 'none'; manifest-src 'self' 1
frame-ancestors 'self' https://manage.asumag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; connect-src 'self' https://api.ready.mobi; font-src 'self'; frame-src https://api.ready.mobi; img-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com https://www.gstatic.com/ https://cdn.cookielaw.org https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.cookielaw.org; frame-src 'self' https://www.google.com https://html5-player.libsyn.com https://player.vimeo.com https://cdn.yoshki.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src 'self'; img-src https://www.google-analytics.com 'self' data: blob:; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-inline' https://www.elektronicznypodpis.pl https://chrome.google.com  https://addons.opera.com 'unsafe-eval' */pdf.js */viewer.js blob:; connect-src 'self' blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; child-src 'self' blob: https: http:; object-src 'none'; 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-QOzWrX0PHuLIOMlEuT1zwZfH' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'self'; script-src 'nonce-fBe5FDrMVg1wn4aJBL6Jw/uUknoRlh30wBkvaOlkLZM=' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.apn2.com *.apnpr.com *.google-analytics.com; frame-src *; img-src * data:; media-src *; font-src * 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.swinnertoncycles.co.uk; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://www.datadoghq-browser-agent.com/ https://maps.google.com/ https://maps.googleapis.com/ https://youtu.be/ https://*.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://widget.itek.de/; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://wconfigure.com/ https://widget.itek.de/ https://plattform.baudocs.de; img-src 'self' https://static.hotjar.com https://script.hotjar.com https://*.onlineplus.store https://*.grosshaendlernetzwerk.de/ https://ablexprod.blob.core.windows.net/ https://maps.google.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.googleapis.com https://i1.ytimg.com/ https://*.datpool.net/ https://shk-tv.de/ https://www.gc-gruppe.de/ https://*.obs.eu-de.otc.t-systems.com/ https://*.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://produktdatenportal.gc-gruppe.de/ https://widget.itek.de/ https://*.gconlineplus.de data:; connect-src 'self' blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com/ https://*.onlineplus.store https://*.datpool.net/ https://rum-http-intake.logs.datadoghq.eu/ https://browser-http-intake.logs.datadoghq.eu/ https://lbinappgui.gc-gruppe.net/ https://localhost:14144 https://*.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://*.omtrdc.net/ https://*.tt.omtrdc.net/ https://*.demdex.net/ https://cm.everesttech.net https://assets.adobedtm.com/ https://wconfigure.com/ https://produktdatenportal.gc-gruppe.de/ https://widget.itek.de/ https://widgets.itek.de/ https://*.gconlineplus.de gap:; frame-src 'self' blob: https://ecode.datpool.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://ecopl.datpool.net/ https://*.usercentrics.eu/ https://*.tt.omtrdc.net/ https://*.demdex.net/ gap:; child-src 'self' https://ecode.datpool.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://ecopl.datpool.net/ https://*.usercentrics.eu/ https://*.tt.omtrdc.net/ https://*.demdex.net/ gap:; font-src 'self' https://script.hotjar.com https://wconfigure.com/ https://widget.itek.de/ data:; media-src 'self' https://produktdatenportal.gc-gruppe.de/ data:; object-src 'none';  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://astrodon.social; img-src 'self' https: data: blob: https://astrodon.social; style-src 'self' https://astrodon.social 'nonce-nEihkDN8645Ah28wND3RBQ=='; media-src 'self' https: data: https://astrodon.social; frame-src 'self' https:; manifest-src 'self' https://astrodon.social; form-action 'self'; child-src 'self' blob: https://astrodon.social; worker-src 'self' blob: https://astrodon.social; connect-src 'self' data: blob: https://astrodon.social https://cdn.masto.host wss://astrodon.social; script-src 'self' https://astrodon.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com static-eu.payments-amazon.com cdn.parcellab.com player.podigee-cdn.net *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.hcaptcha.com *.emarsys.net *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.taboola.com glamipixel.com *.b-cdn.net *.dognet.sk *.app.baqend.com *.recova.ai *.hirmer.de *.google.de google.de hirmercesky.sjv.io go.vchfy.com; img-src 'self' data: * *.app.baqend.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.parcellab.com player.podigee-cdn.net *.googletagmanager.com *.fitanalytics.com *.hcaptcha.com *.behamics.com *.app.baqend.com; font-src 'self' https://themes.googleusercontent.com data: *.gstatic.com *.fitanalytics.com player.podigee-cdn.net *.app.baqend.com; frame-src 'self' www.google.com book.timify.com/services cdn.lightwidget.com player.podigee-cdn.net *.usercentrics.eu *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.hcaptcha.com *.emarsys.net *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.adform.net *.b-cdn.net *.recova.ai *.hirmer.de *.google.de google.de hirmercesky.sjv.io; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *.hirmercdn.de hirmercdn.de *.hirmerservice.de *.algolianet.com *.algolia.net *.algolia.io algolia.net maps.googleapis.com www.google.com www.gstatic.com static-eu.payments-amazon.com payments-eu.amazon.com api.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com https://stats.g.doubleclick.net/j/collect *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.hcaptcha.com *.emarsys.net *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.taboola.com *.b-cdn.net *.app.baqend.com *.recova.ai *.hirmer.de *.google.de google.de hirmercesky.sjv.io go.vchfy.com; media-src 'self' *.hirmercdn.de hirmercdn.de hirmer-muenchen.de www.hirmer-muenchen.de 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; child-src https:; frame-ancestors 'self' *.resumecat.com; 1
default-src 'self' mim-cloud.appspot.com ajax.googleapis.com *.radnetpacs.com 10.10.0.93 10.10.0.48 10.10.0.75 10.10.0.163 10.10.0.156 10.10.0.54 10.10.0.121 10.10.1.214 10.10.0.48 10.10.0.49 10.10.0.50 10.10.0.57 10.10.0.90 10.10.0.91 10.10.0.92 10.10.0.75 10.10.0.76 10.10.0.77 10.10.0.130 10.10.0.131 10.10.0.132 10.10.0.133 10.10.0.134 10.10.0.135 10.10.0.138 10.10.0.139 10.10.0.143 10.10.0.144 10.10.0.145 10.10.0.146 10.10.0.163 10.10.0.159 10.10.0.160 10.10.0.161 10.10.0.162 10.10.0.192 10.10.0.221 10.10.0.9 10.10.0.17 10.10.0.18 10.10.1.16 10.10.0.156 10.10.0.151 10.10.0.152 10.10.0.153 10.10.0.154 10.10.0.155 10.10.0.54 10.10.0.51 10.10.0.52 10.10.0.53 10.10.0.55 10.10.0.121 10.10.0.116 10.10.0.117 10.10.0.118 10.10.0.119 10.10.0.126 10.10.0.127 10.10.0.10 10.10.1.214 10.10.1.60 10.10.1.218 10.10.0.79 'unsafe-inline'; img-src 'self' data: *.radnetpacs.com 10.10.0.93 10.10.0.48 10.10.0.75 10.10.0.163 10.10.0.156 10.10.0.54 10.10.0.121 10.10.1.214 10.10.0.48 10.10.0.49 10.10.0.50 10.10.0.57 10.10.0.90 10.10.0.91 10.10.0.92 10.10.0.75 10.10.0.76 10.10.0.77 10.10.0.130 10.10.0.131 10.10.0.132 10.10.0.133 10.10.0.134 10.10.0.135 10.10.0.138 10.10.0.139 10.10.0.143 10.10.0.144 10.10.0.145 10.10.0.146 10.10.0.163 10.10.0.159 10.10.0.160 10.10.0.161 10.10.0.162 10.10.0.192 10.10.0.221 10.10.0.9 10.10.0.17 10.10.0.18 10.10.1.16 10.10.0.156 10.10.0.151 10.10.0.152 10.10.0.153 10.10.0.154 10.10.0.155 10.10.0.54 10.10.0.51 10.10.0.52 10.10.0.53 10.10.0.55 10.10.0.121 10.10.0.116 10.10.0.117 10.10.0.118 10.10.0.119 10.10.0.126 10.10.0.127 10.10.0.10 10.10.1.214 10.10.1.60 10.10.1.218 10.10.0.79; 1
upgrade-insecure-requests; frame-ancestors 'self' 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-AM5ti1a6bZr5364h7SNLSigHNh0vmu7B2CgyVlj0XUgQgVVS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';block-all-mixed-content;frame-ancestors 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://www.google-analytics.com https://googleads.g.doubleclick.net https://script.crazyegg.com https://td.doubleclick.net https://www.gstatic.com https://secure.gravatar.com https://translate-pa.googleapis.com https://*.js.ubembed.com https://assets.ubembed.com https://googletagmanager.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com js.hs-scripts.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net connect.facebook.net;style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com translate.googleapis.com www.googletagmanager.com;object-src 'none';frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ www.googletagmanager.com https://webtracker.donlen.com/ https://webtracker.donlen.com *.ubembed.com *.doubleclick.net;child-src 'self' www.googletagmanager.com;img-src 'self' data: *.gstatic.com *.google.com translate.google.com translate.googleapis.com www.googletagmanager.com *.google-analytics.com *.hubspot.com *.facebook.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.gstatic.com analytics.google.com fonts.googleapis.com translate.google.com translate.googleapis.com www.googletagmanager.com *.crazyegg.com *.google-analytics.com *.doubleclick.net *.ubembed.com *.hubapi.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self'; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://api.marcelle.com/ https://www.googletagmanager.com https://api.yotpo.com https://staticw2.yotpo.com https://chimpstatic.com https://downloads.mailchimp.com; style-src 'self' blob: https: 'unsafe-inline' https://api.marcelle.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com staticw2.yotpo.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com * 1
script-src 'unsafe-inline' 'unsafe-eval' https://vpx.contura.eu https://www.contura.eu https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://static.addtoany.com https://ads.creative-serving.com https://cdn.cookielaw.org https://fast.fonts.net https://fonts.gstatic.com https://www.gstatic.com https://ajax.googleapis.com https://optanon.blob.core.windows.net https://track.adform.net https://cm.g.doubleclick.net https://www.google.com https://www.google.se https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://static2.creative-serving.com https://maps.googleapis.com https://maps.gstatic.com https://secure.viewer.zmags.com https://secure.stats.zmags.com https://i.ytimg.com https://yt3.ggpht.com https://www.googleadservices.com https://web103.reachmee.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://portal.adway.ai https://secure.api.viewer.zmags.com https://tagmanager.google.com https://contura-oy.mynewsdesk.com https://code.jquery.com https://s.ytimg.com https://cdn.jsdelivr.net https://s2.adform.net https://cdn.mouseflow.com https://connect.getflowbox.com https://optimize.google.com https://geolocation.onetrust.com https://static.hotjar.com https://static.cloudflareinsights.com https://script.hotjar.com https://www.googleoptimize.com https://www.clickcease.com https://cdn.id5-sync.com https://www.clarity.ms https://s.pinimg.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: 1
frame-ancestors 'self' https://manage.powermotiontech.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'none';child-src *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;connect-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;default-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;font-src 'self' *.googleapis.com *.hotjar.com;form-action 'self';frame-ancestors 'none';frame-src *.hotjar.com;img-src * blob: data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com *.hotjar.com;style-src 'self' *.hotjar.com 'unsafe-inline' *.googleapis.com;worker-src 'self'; 1
default-src * blob: data:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.wesupply.xyz *.typeform.com *.facebook.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.klaviyo.com v2assets.zopim.io *.zopim.io weltpixel.com www.weltpixel.com *.magento.com *.facebook.com *.googletagmanager.com *.doubleclick.net *.filestackapi.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw hn.inspectlet.com *.twitter.com t.co maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com load.stracking.weltpixel.com stracking.weltpixel.com *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.zdassets.com *.usefomo.com *.fomo.com *.google.com *.gstatic.com *.facebook.net *.vimeo.com *.googleoptimize.com *.inspectlet.com https://tracking.weltpixel.com static-tracking.klaviyo.com *.ads-twitter.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com weltpixel.com www.weltpixel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com capig.weltpixel.com load.stracking.weltpixel.com stracking.weltpixel.com *.klaviyo.com *.a.klaviyo.com *.facebook.com *.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.zdassets.com *.zendesk.com *.usefomo.com *.fomo.com https://tracking.weltpixel.com *.google-analytics.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.inspectlet.com wss://ws.inspectlet.com/ *.ads-twitter.com *.twitter.com t.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' testnet.api.cropbytes.com www.google-analytics.com; script-src 'self' 'unsafe-inline' code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com inorganik.github.io cdn.in-freshbots.ai static.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com fonts.googleapis.com kit-free.fontawesome.com cdn.in-freshbots.ai; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kit-free.fontawesome.com maxcdn.bootstrapcdn.com data:; frame-src 'self' www.youtube.com youtube-nocookie.com; media-src 'self' youtube.com youtube-nocookie.com ik.imagekit.io; img-src 'self' * data:; connect-src 'self' testnet.api.cropbytes.com api.cropbytes.com cbx-stats.cropbytes.com www.in-freshbots.ai in-freshbots.ai googleads.g.doubleclick.net api.ipify.org ipapi.co cdp.cloud.unity3d.com config.uca.cloud.unity3d.com perf-events.cloud.unity3d.com ik.imagekit.io pls.prd.mz.internal.unity3d.com collect.analytics.unity3d.com analytics.google.com *.analytics.google.com www.google-analytics.com cdn.in-freshbots.ai stats.g.doubleclick.net www.google.com google.co.in firebasedynamiclinks.googleapis.com api.shasta.trongrid.io 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.hungryonion.org/logs/ https://www.hungryonion.org/sidekiq/ https://www.hungryonion.org/mini-profiler-resources/ https://cdn2.hungryonion.org/assets/ https://cdn2.hungryonion.org/brotli_asset/ https://www.hungryonion.org/extra-locales/ https://cdn2.hungryonion.org/highlight-js/ https://cdn2.hungryonion.org/javascripts/ https://cdn2.hungryonion.org/plugins/ https://cdn2.hungryonion.org/theme-javascripts/ https://cdn2.hungryonion.org/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY='; worker-src 'self' https://cdn2.hungryonion.org/assets/ https://cdn2.hungryonion.org/brotli_asset/ https://cdn2.hungryonion.org/javascripts/ https://cdn2.hungryonion.org/plugins/; frame-ancestors 'self' https://foodandwine.com https://www.chowhound.com https://www.nytimes.com https://luckypeach.com; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' *.rrbchennai.gov.in 1
default-src 'self' data: script-src: 'unsafe-inline' *.servicemycar.com servicemycar.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com googletagmanager.com fonts.googleapis.com analytics.tiktok.com fonts.gstatic.com kit.fontawesome.com *.google.com *.googletagmanager.com diffuser-cdn.app-us1.com *.gstatic.com www.google-analytics.com *.googleadservices.com prism.app-us1.com googleads.g.doubleclick.net *.google.ae stats.g.doubleclick.net servicemycar.com *.freshchat.com ka-p.fontawesome.com maps.googleapis.com maps.gstatic.com *.ideal-postcodes.co.uk *.firebaseio.com *.youtube.com *.facebook.net *.facebook.com secure.telr.com *.stripe.com polyfill.io; 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
frame-ancestors 'self' https://booking.croatiaairlines.com 1
frame-ancestors 'self' https://cottagerentalagency.com https://www.cottagerentalagency.com 1
default-src 'self' https: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.jsdelivr.net https://maps.googleapis.com https://cdn.jsdelivr.net https://cdn.lordicon.com https://js.monitor.azure.com https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://snap.licdn.com https://connect.facebook.net https://sc-static.net https://www.youtube.com https://cdn.mouseflow.com https://*.hotjar.com https://region1.analytics.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://*.linkedin.com https://www.facebook.com https://tr.snapchat.com https://www.google.nl/ads/; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; ; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://consentcdn.cookiebot.com https://vars.hotjar.com/ https://tr.snapchat.com; child-src 'self' https://*.vimeo.com https://*.youtube.com; frame-ancestors 'self' ; base-uri 'self' ; 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.feefo.com *.googletagmanager.com *.bing.com *.youtube.com *.onetrust.com *.cloudflare.com *.typekit.net *.googleoptimize.com *.gstatic.com *.rapidspike.com chimpstatic.com *.google.com *.pinimg.com *.doubleclick.net *.ggpht.com *.pinterest.com *.google-analytics.com *.facebook.net *.googleapis.com *.pcapredict.com *.sagepay.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.postcodeanywhere.co.uk *.fetchify.com cc-cdn.com *.hotjar.com *.hotjar.io *.cloudfront.net *.ladesk.com *.trustpilot.com *.hexa3d.io *.h3dstaging.com *.h3dqa.com *.unbxd.io *.unbxdapi.com *.hotjar.com *.cloudfront.net *.ladesk.com *.trustpilot.com *.hexa3d.io *.freshrelevance.com *.dycdn.net *.unpkg.com *.klaviyo.com 1
default-src 'self' *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com; media-src 'self' blob: *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com; frame-src 'self' blob: *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com; frame-ancestors 'self' *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com; img-src 'self' data: blob: *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com *.mapquestapi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com *.mapquestapi.com; style-src 'self' 'unsafe-inline' *.office365.com *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.ziprecruiter.com; 1
default-src 'self' *.jagapemilu.com; script-src 'self' *.googletagmanager.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com; connect-src 'self' *.jagapemilu.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'self' 'unsafe-inline'; img-src 'self' *.myhuaweicloud.com blob: data:; font-src *.gstatic.com; 1
default-src 'self';script-src 'self';connect-src 'self' https://api.amplitude.com/ https://nghc-www.s3.eu-central-1.amazonaws.com/hyperdesign/;img-src 'self' https://nghc-aws-marketing.s3.eu-central-1.amazonaws.com/public/ data:;font-src 'self' https://fonts.gstatic.com/s/;media-src 'self' https://nghc-aws-marketing.s3.eu-central-1.amazonaws.com/public/;style-src 'self' https://fonts.googleapis.com/icon https://fonts.googleapis.com/css 'unsafe-inline' 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net cdn.optimizely.com tags.tiqcdn.com www.google-analytics.com ssl.google-analytics.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org cliveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.amazon-adsystem.com cdn.appdynamics.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.siteintercept.qualtrics.com *.brightcovecdn.com *.api.brightcove.com maps.googleapis.com *.analytics.google.com *.g.doubleclick.net www.google-analytics.com dpm.demdex.net collect.tealiumiq.com http://127.0.0.1:5000 http://127.0.0.1:5000/* tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.qualtrics.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.youtube.com *.demdex.net *.walkme.com liveperson.com *.qualtrics.com m.youtube.com; frame-ancestors 'self'  *.hsbc.com.mt; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com www.slant.co; worker-src 'self' blob: *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com ssl.gstatic.com manifest.prod.boltdns.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: data: *.stamped.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.authorize.net *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com 'self' data: maps.googleapis.com www.gstatic.com *.cloudfront.net www.google.pl *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.ruskniga.com *.stpgoods.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.authorize.net sandbox-assets.secure.checkout.visa.com maps.googleapis.com www.google.com *.gstatic.com maps.gstatic.com http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io https://bam.nr-data.net https://js-agent.newrelic.com  https://maps.googleapis.com https://www.stpgoods.com *.ruskniga.com https://www.facebook.com *.adscale.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com downloads.mailchimp.com unsafe-inline *.gstatic.com *.stamped.io www.klarnapayments.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.authorize.net t.elasticsuite.io *.google-analytics.com ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com https://bam.nr-data.net https://maps.googleapis.com https://www.facebook.com *.googlesyndication.com stats.g.doubleclick.net *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-4f1694d9ac2834c4e2f22b074016a56d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' www.google-analytics.com www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org https://ssl.gstatic.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.farnborough.com *.googletagmanager.com https://cdn.chatbot.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com https://*.hotjar.com https://*.hotjar.io static.ads-twitter.com track.adform.net https://*.adform.net https://diffuser-cdn.app-us1.com http://tracker.marinsm.com/ https://cdn.chatbot.com https://prism.app-us1.com/ https://trackcmp.net  https://snap.licdn.com ;  style-src 'self' 'unsafe-inline' *.google.com *.farnborough.com https://fonts.googleapis.com cdnjs.cloudflare.com;  img-src 'self' *.farnborough.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://www.google.co.in https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data: https://www.google.com https://*.hotjar.com https://*.hotjar.io https://*.adform.net http://tracker.marinsm.com ;  font-src 'self' *.farnborough.com https://*.hotjar.com https://*.hotjar.io;  media-src 'self' *.farnborough.com;  connect-src 'self' *.farnborough.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com cloudflareinsights.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.adform.net https://*.tiles.mapbox.com  https://api.mapbox.com  https://events.mapbox.com  https://cdn.linkedin.oribi.io/ ;   frame-src 'self' *.farnborough.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: https://*.hotjar.com https://*.hotjar.io app.groupize.com youtube.com www.youtube.com https://*.adform.net https://eventopedia.navstream.com https://app.groupize.com  https://publish.smartsheet.com ; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-33eaad592e6f2f2b68a2929f79a67a96' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.ch https://tms.parship.ch https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors xn--myhomembler-mgb.dk *.xn--myhomembler-mgb.dk; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.ctfassets.net t.co analytics.twitter.com *.linkedin.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com public.flourish.studio; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-rQUxvcX97xYSynX5XJRjdw=='; upgrade-insecure-requests; 1
frame-src 'self' *.google.com *.youtube.com data: *.facebook.com *.sagepay.com *.woobox.com woobox.com; connect-src 'self' *.convertexperiments.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.feefo.com *.nr-data.net *.doubleclick.net *.clarity.ms *.googleapis.com tagmanager.google.com *.facebook.com *.sagepay.com *.onetrust.com; font-src 'self' data: *.fontawesome.com *.typekit.net *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.feefo.com *.convertexperiments.com *.analytics.google.com *.nr-data.net cdn.cookie *.googleoptimize.com law.org *.newrelic.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com polyfill.io unpkg.com api.w3-edge.com *.3xsoftware.co.uk *.clarity.ms cdn.cookielaw.org script.crazyegg.com *.facebook.net tagmanager.google.com *.sagepay.com *.woobox.com *.convertexperiments.com; style-src 'self' 'unsafe-inline' *.feefo.com *.convertexperiments.com fonts.googleapis.com p.typekit.net use.fontawesome.com www.gstatic.com www.googletagmanager.com www.google-analytics.com; img-src 'self' data: *.tagserve.com *.convertexperiments.com *.feefo.com *.google.co.uk maps.googleapis.com *.cookielaw.org *.googletagmanager.com *.gstatic.com *.google-analytics.com api.feefo.com secure.gravatar.com s.w.org c.clarity.ms *.bing.com *.google.com *.facebook.com; default-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-696fd809c7fd4c89bac78e0a3761eff5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; base-uri 'self';connect-src 'self' fonts.googleapis.com ssl.google-analytics.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' blob: data: ssl.google-analytics.com ssl.microsofttranslator.com www.google-analytics.com www.gstatic.com; form-action 'self'; frame-src www.youtube.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: api.microsofttranslator.com ssl.bing.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com ssl.microsofttranslator.com; upgrade-insecure-requests; report-uri https://fusionapps.report-uri.com/r/d/csp/enforce 1
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' http: https: ; 1
default-src 'self'; script-src https://www.youtube.com  'unsafe-inline' 'unsafe-eval' https://www.six-dochub.com https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; style-src 'unsafe-inline' https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; img-src  https://i.ytimg.com https://piwikext.prd.apps.bdl https://sebpcdn.com  'self' data:; media-src  https://sebpcdn.com 'self'; connect-src https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self' ;font-src https://sebpcdn.com https://piwikext.prd.apps.bdl 'self' data: ; frame-src https://www.six-dochub.com https://six-dochub.com https://piwikext.prd.apps.bdl https://www.fundinfo.com https://www.youtube.com https://player.ausha.co https://wl.fundsquare.net https://www.conventum.lu https://www.youtube-nocookie.com 'self' ; frame-ancestors https://piwikext.prd.apps.bdl/ 'self'; 1
frame-ancestors 'self' https://trace.mediago.io 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wetshaving.social; img-src 'self' https: data: blob: https://wetshaving.social; style-src 'self' https://wetshaving.social 'nonce-I9cE/BTR3nvpAOivianTAQ=='; media-src 'self' https: data: https://wetshaving.social; frame-src 'self' https:; manifest-src 'self' https://wetshaving.social; form-action 'self'; child-src 'self' blob: https://wetshaving.social; worker-src 'self' blob: https://wetshaving.social; connect-src 'self' data: blob: https://wetshaving.social https://wetshaving.social/system/ wss://wetshaving.social; script-src 'self' https://wetshaving.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.signalize.com/ https://code.etracker.com/ https://dmndfrcstng.com/ https://www.etracker.de/; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.etracker.de https://dmndfrcstng.com/ https://eu-api.friendlycaptcha.eu/api/ https://api.friendlycaptcha.com/api/; font-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com https://irs.tools.investis.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src blob:; frame-ancestors 'self' https://newapp.etracker.com 1
frame-ancestors 'self' https://*.ticombo.com; 1
default-src 'self';script-src 'self' 'nonce-YA+rIA3ycVUpQ7uZElcVU91y' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'unsafe-inline' 'unsafe-eval' *; frame-ancestors * 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src *; img-src 'self' https://*.prismacloud.com blob: data:; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://*.prismacloud.cc 1
default-src 'self' static.mycity.travel static.www.valdanniviers.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 1
img-src 'self' https://* data:;        child-src 'none';        worker-src 'self' https://connect.facebook.net https://snap.licdn.com;        object-src 'none';        frame-src 'self' https://beta.djurslandsbank.dk https://djurslandsbank.dk https://www.djurslandsbank.dk https://*.bdunet.dk https://*.bdpdmz.dk https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://policy.app.cookieinformation.com        https://static.bankdata.dk/wco/release https://static.bankdata.dk https://static.bankdata.dk/ https://www.totalkredit.dk https://www.facebook.com        https://connect.facebook.net https://youtube.com https://www.youtube.com https://widget.trustpilot.com *.vimeo.com https://bankinvest.dk/ 1
default-src 'self'; child-src 'self' ommelanderziekenhuis.consultassistent.nl www.youtube.com www.youtube-nocookie.com maps.google.com maps.google.nl www.google.com *.vimeocdn.com player.vimeo.com vimeo.com; connect-src 'self'; font-src 'self' data:; img-src 'self' i.ytimg.com www.zorgkaartnederland.nl *.readspeaker.com data: blob:; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-91b55b8d-a898-4d0b-975f-2c85b2fc9971' www.zorgkaartnederland.nl *.readspeaker.com;  style-src 'self' 'nonce-91b55b8d-a898-4d0b-975f-2c85b2fc9971' www.zorgkaartnederland.nl *.readspeaker.com data:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self';  report-uri /csp-report; upgrade-insecure-requests; 1
default-src 'self' *.arexchange.com *.aspnetcdn.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.google-analytics.com; img-src 'self' *.arexchange.com *.aspnetcdn.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.google-analytics.com data:; script-src 'self' *.arexchange.com *.aspnetcdn.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.google-analytics.com 'unsafe-inline'; style-src 'self' *.arexchange.com *.aspnetcdn.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.google-analytics.com 'unsafe-inline'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.de 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.de; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.de; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.de images.fashiola.de cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-KF5+8PXP+eI6IBx2dlKo7A==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; connect-src *.tt.omtrdc.net  dpm.demdex.net metrics.nationwide.co.uk smetrics.nationwide.co.uk *.contentsquare.net wss://lo.msg.liveperson.net *.onetrust.com 'self' *.swiftype.com; font-src data: privacyportal-cdn.onetrust.com 'self'; frame-src fast.nationwide.demdex.net nationwide.demdex.net servedby.flashtalking.com lo.tokenizer.liveperson.net lo.idp.liveperson.net lpcdn.lpsnmedia.net lo.msg.liveperson.net lo.msghist.liveperson.net 'self' r1.surveysandforms.com *.youtube.com; frame-ancestors www.nfionline.co.uk 'self'; img-src dpm.demdex.net cm.everesttech.net metrics.nationwide.co.uk smetrics.nationwide.co.uk ads.avocet.io *.contentsquare.net data: lpcdn.lpsnmedia.net https://www.nationwide-intermediary.co.uk cdn-ukwest.onetrust.com 'self'; media-src lpcdn.lpsnmedia.net; object-src lo.tokenizer.liveperson.net 'self'; script-src *.adobedtm.com *.contentsquare.com *.contentsquare.net data: lo.tokenizer.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net   https://cdn-ukwest.onetrust.com geolocation.onetrust.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src privacyportal-cdn.onetrust.com 'self' 'unsafe-inline'; worker-src 'self' blob:;; 1
default-src 'self' *.effia.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com *.google.fr *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net hcaptcha.com *.hcaptcha.com *.abtasty.com data: https://alize-map.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; script-src-elem 'self' 'unsafe-inline' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; style-src 'self' 'unsafe-inline' *.effia.com https://fonts.googleapis.com https://homologation-payment.cdn.payline.com *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://homologation-payment.payline.com https://payment.payline.com https://webpayment.dev.payline.com; frame-ancestors 'self'; report-uri https://www.effia.com/report-uri/enforce 1
frame-ancestors 'self'; object-src https://*.ediblearrangements.ca/; media-src https://*.ediblearrangements.ca/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.rapamycin.news/logs/ https://www.rapamycin.news/sidekiq/ https://www.rapamycin.news/mini-profiler-resources/ https://www.rapamycin.news/assets/ https://www.rapamycin.news/brotli_asset/ https://www.rapamycin.news/extra-locales/ https://www.rapamycin.news/highlight-js/ https://www.rapamycin.news/javascripts/ https://www.rapamycin.news/plugins/ https://www.rapamycin.news/theme-javascripts/ https://www.rapamycin.news/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'nonce-d03ab29f691b4eff385e070222611454'; worker-src 'self' https://www.rapamycin.news/assets/ https://www.rapamycin.news/brotli_asset/ https://www.rapamycin.news/javascripts/ https://www.rapamycin.news/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.spinpug.com https://*.decta.com https://*evoucher*.com *.cashtocode.com app.evoucher.cashtocode.com 1
report-uri /api/csp/report-violations;default-src 'self';connect-src 'self' https://in.hotjar.com https://va.tawk.to www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.hotjar.io wss://*.tawk.to *.doubleclick.net *.veldar.nl *.salesfeed.com *.google-analytics.com *.activehosted.com *.facebook.com *.analytics.google.com *.lfeeder.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com https://embed.tawk.to https://static.hotjar.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.app-us1.com *.jsdelivr.net *.facebook.net *.veldar.nl *.salesfeed.com *.activehosted.com *.youtube.com *.lfeeder.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.veldar.nl *.salesfeed.com *.lfeeder.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com *.tawk.to https://tawk.link www.google.com www.google.nl *.facebook.com *.veldar.nl *.salesfeed.com *.googletagmanager.com *.youtube.com *.hotjar.com *.lfeeder.com *.jsdelivr.net;media-src 'self';font-src 'self' fonts.gstatic.com *.tawk.to *.veldar.nl *.salesfeed.com *.hotjar.com *.lfeeder.com;object-src 'none';frame-src 'self' https://vars.hotjar.com www.youtube.com player.vimeo.com www.google.com *.sgm-online.de *.facebook.com *.veldar.nl *.salesfeed.com *.lfeeder.com;frame-ancestors 'none';block-all-mixed-content; 1
frame-ancestors 'self' http://local.wastebits.io:* https://*.wastebits.io https://*.wastebits.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.sjchs.org https://m.addthis.com http://graph.facebook.com http://api-public.addthis.com www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js s7.addthis.com v1.addthisedge.com v1.addthis.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org bbox.blackbaudhosting.com www.googletagmanager.com cdn.rlets.com urldefense.com *.simpli.fi js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.sjchs.org https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap-theme.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css sjcdevadmin.aviddesign.com cmsadmin.sjchs.org www.docscores.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com bbox.blackbaudhosting.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.docscores.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org https://www.googletagmanager.com/ bbox.blackbaudhosting.com *.simpli.fi *.google.com www.googleadservices.com *.doubleclick.net js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://s7.addthis.com/ www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com; frame-src 'self' *.youtube.com http://www.google.com s7.addthis.com v1.addthisedge.com v1.addthis.com bbox.blackbaudhosting.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' *.youtube.com http://sjcdevadmin.aviddesign.com https://www.sjchs.org *.mktoresp.com cmsadmin.sjchs.org www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com www.docscores.com *.google.com *.doubleclick.net www.sjcphysiciannetwork.com *.googleapis.com *.gannettdigital.com forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.docscores.com https://www.google.com/ www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com web-chat.nativechat.com 1
frame-ancestors 'self' https://*.lightning.force.com https://*.my.salesforce.com https://*.quadientdirect.com https://*.secure.force.com https://*.visual.force.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; media-src * blob: data: 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net *.mczbf.com; frame-ancestors *.ariba.com *.qa.merchandisecollection.com *.coupahost.com *.oracleoutsourcing.com *.contentsquare.net *.contentsquare.com *.azureedge.net  ; child-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  worker-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  frame-src https://*.kaptcha.com https://*.staplespay.com https://*.trustarc.com https://*.staplespromo.com https://eu-prod.oppwa.com https://secure.viewer.zmags.com https://e.issuu.com https://secure.api.viewer.zmags.com/ https://designer.artifi.net/; 1
default-src 'self' *.mrftyres.com *.tribalfusion.com advertising.com *.google.com *.google.co.in ads.yahoo.com *.googletagmanager.com *.doubleclick.net *.adnxs.com *.gstatic.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mrftyres.com *.tribalfusion.com advertising.com *.google.com *.google.co.in ads.yahoo.com *.googletagmanager.com *.doubleclick.net *.adnxs.com *.gstatic.com  analytics.google.com  *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     style-src 'self' 'unsafe-inline' *.mrftyres.com *.tribalfusion.com advertising.com *.google.com *.google.co.in ads.yahoo.com *.googletagmanager.com *.doubleclick.net *.adnxs.com *.gstatic.com analytics.google.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     img-src 'self' data *.mrftyres.com *.tribalfusion.com advertising.com *.google.com *.google.co.in ads.yahoo.com *.googletagmanager.com *.doubleclick.net *.adnxs.com *.gstatic.com analytics.google.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     font-src 'self' *.mrftyres.com *.tribalfusion.com advertising.com *.google.com *.google.co.in ads.yahoo.com *.googletagmanager.com *.doubleclick.net *.adnxs.com *.googleapis.com  analytics.google.com  *.gstatic.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net;     frame-src *.youtube.com *.gstatic.com *.google.com *.google.co.in  analytics.google.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net;     connect-src 'self' *.googletagmanager.com *.doubleclick.net analytics.google.com  *.adnxs.com *.gstatic.com *.mrftyres.com *.clarity.ms *.googleapis.com *.bootstrapcdn.com d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     media-src 'self' d16a3b5dtaf7xb.cloudfront.net *.cloudfront.net;     object-src 'none' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' greenwire.greenpeace.ch webapp.moribono.ch 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com *.simonjersey.com; base-uri 'self' 1
default-src  'self' *.google-analytics.com *.googleapis.com yoast.com *.upt.pt; img-src      'self' *.elemailer.com elemailer.com *.wpmet.com *.uportu.pt *.w.org *.ytimg.com *.gravatar.com *.gstatic.com *.googleapis.com *.upt.pt data: http://*.upt.pt blob: *.upt.pt;  img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.elemailer.com elemailer.com *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com *.gstatic.com *.google.com *.googleapis.com *.upt.pt *.uportu.pt;  script-src   'self' *.googletagmanager.com *.jquery.com 'unsafe-inline' 'unsafe-eval' *.twitter.com *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com *.cloudflare.com developers.google.com recaptcha.google.com *.google.com *.gstatic.com *.youtube.com *.upt.pt;  style-src    'self' *.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.jquery.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  font-src     'self' 'unsafe-inline' 'unsafe-eval' data: *.sharepointonline.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  frame-src    'self' wordpress.org *.hubspot.com *.hsappstatic.net *.doubleclick.com *.facebook.com *.vimeocdn.com *.vimeo.com *.youtube.com leap13.github.io *.google.com *.gstatic.com *.upt.pt; object-src   'self' ;  1
frame-ancestors 'self' https://headlights.com 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1
default-src 'self' www.w3.org; script-src 'self' ajax.googleapis.com; style-src 'self' 'unsafe-inline'; connect-src 'none'; object-src 'none'; font-src 'self'; frame-src 'none'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://u.scupio.com https://www.gstatic.com https://s.go-mpulse.net/ https://i.imgur.com/ https://britishcouncil.z https://js-eu1.hubspot.com/ https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net/ https://js-eu1.usemessages.com/ https://js-eu1.hs-banner.com/ https://js-eu1.hsleadflows.net/ https://js-eu1.hs-scripts.com/ https://www.googleoptimize.com/ https://ups.analytics.yahoo.com/ https://cm.g.doubleclick.net/ https://ajax.googleapis.com/ https://rec.scupio.com/ https://bw.scupio.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://secure.adnxs.com/ https://www.clarity.ms/ https://s.yimg.com/ https://img.scupio.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://analytics.google.com https://www.google.com  https://www.youtube.com https://googleads.g.doubleclick.net/ https://www.googletagmanager.com https://pagead2.googlesyndication.com/ https://analytics.google.com/ https://www.google-analytics.com/ https://www.google.com https://ad.doubleclick.net/ https://www.google.com.ph/ads/; img-src 'self' https://lh3.googleusercontent.com https://britishcouncil.zoom.us https://imgur.com https://static-images.vnncdn.net https://scontent-hkt1-2.xx.fbcdn.net/ https://britishcouncil.z https://i.imgur.com/ https://britishcouncil.z https://ph.live.solas.britishcouncil.digital/ https://ad.doubleclick.net/ https://adservice.google.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.com.ph/ https://bat.bing.com/ https://sp.analytics.yahoo.com/ https://www.facebook.com/ https://rec.scupio.com/ https://sync.aralego.com/ https://track-eu1.hubspot.com/ https://perf-eu1.hsforms.com/ https://www.googletagmanager.com/ https://www.ieltsasia.org/ https://c.clarity.ms/ https://c.bing.com/ https://youtu.be/ https://connect.facebook.net https://www.youtube.com data: images.example.com; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com; 1
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; form-action *; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self'; child-src 'self' akismet.com apis.google.com jetpack.wordpress.com widgets.wp.com www.abuseipdb.com www.google.com www.youtube.com; connect-src 'self' api.redirect.li ekr.zdassets.com www.abuseipdb.com secure.gravatar.com translate.googleapis.com *.wp.com; font-src 'self' data: fonts.bunny.net fonts.gstatic.com localhost themes.googleusercontent.com use.typekit.net *.wp.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' jetpack.wordpress.com widgets.wp.com www.w3-edge.org www.youtube.com; img-src 'self' data: cloud.sebi.org i.ytimg.com linkmaker.itunes.apple.com play.google.com translate.google.com www.abuseipdb.com www.facebook.com www.gstatic.com *.gravatar.com *.w.org *.w3.org *.wordpress.com *.wp.com; media-src 'self' data: s.w.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.w3-edge.com archive.org connect.facebook.net public-api.wordpress.com secure.gravatar.com static.zdassets.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.pagespeed-mod.com *.eu-central-1.amazonaws.com *.google.com *.wp.com; style-src 'self' 'unsafe-inline' data: code.jquery.com fonts.bunny.net fonts.googleapis.com www.gstatic.com *.gravatar.com *.wp.com; worker-src 'self' blob:; report-uri https://sebi.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self' immoscoop.be *.immoscoop.be *.www1.immoscoop.be kbc.be *.kbc.be *.sentry.io *.colibry.cloud production-co-libry.appspot.com googletagmanager.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.cookiepro.com *.cloudflare.com *.gstatic.com *.cloudfront.net *.googlesyndication.com googleoptimize.com *.googleoptimize.com  *.googleapis.com google.com *.google.com *.google-analytics.com *.licdn.com *.facebook.net facebook.com *.facebook.com *.linkedin.com *.bing.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleadservices.com *.onetrust.io *.onetrust.com *.mapbox.com *.storyblok.com *.oribi.io *.adobedtm.com *.outbrain.com blob: wss: ; img-src * 'self' data: https: blob: ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.google.com www.gstatic.com cdn.jsdelivr.net cdn.mouseflow.com unpkg.com *.covermanager.com region1.analytics.google.com player.vimeo.com connect.facebook.net *.clarity.ms uat.cms.api.pacha.tk region1.google-analytics.com googleads.g.doubleclick.net *.bing.com images.xceed.me pacha-val-api.demohiberus.com analytics.tiktok.com; object-src 'none'; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.google.com uat.cms.api.pacha.tk www.google.es *.facebook.com *.clarity.ms *.bing.com images.xceed.me  pacha-val-api.demohiberus.com; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.hotjar.com https://vars.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.gstatic.com http://ajax.googleapis.com https://connect.facebook.net https://snap.licdn.com 1
default-src 'self' 'unsafe-inline' *.vimeo.com *.hotjar.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://unieksporten.blob.core.windows.net *.youtube.com ; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.kommunicate.io *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://if-cdn.com *.botcopy.com *.vimeo.com *.unieksporten.nl *.leadfamly.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js  https://cdn.applozic.com https://cdnjs.cloudflare.com *.kommunicate.io http://*.hotjar.com https://*.hotjar.com *.bbvms.com *.ip-studio.nl https://connect.facebook.net *.typekit.net *.twimg.com *.instagram.com *.twitter.com *.addthis.com *.linkedin.com *.facebook.com *.addthisedge.com *.googleadservices.com https://www.google-analytics.com *.youtube.com  https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.google.com https://www.googletagmanager.com https://maps.googleapis.com *.gstatic.com https://media.readspeaker.com *.blueconic.net *.readspeaker.com ; frame-src 'self' 'unsafe-inline' data: https://if-cdn.com https://unieksporten.blob.core.windows.net *.twitch.tv *.vimeo.com *.bnnvara.nl *.linkedin.com *.leadfamly.com *.spotify.com *.hotjar.com *.bbvms.com *.readspeaker.com *.google.com *.facebook.com *.instagram.com https://twitter.com *.twitter.com *.addthis.com *.youtube.com; img-src 'self' 'unsafe-inline' data: blob: *.ytimg.com *.botcopy.com *.facebook.com *.vimeo.com https://kommunicate.s3.ap-south-1.amazonaws.com *.amazonaws.com https://s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com *.typekit.net *.i-pulse.nl https://www.sportstad-utrecht.nl https://www.rotterdamsport.nl http://rotterdamsport.nl *.ip-studio.nl https://unieksportenwebapi.azurewebsites.net https://unieksportenwebapi-test.azurewebsites.net *.readspeaker.com *.blueconic.net *.twitter.com *.twimg.com *.google.nl *.googleapis.com *.google.com https://stats.g.doubleclick.net https://www.google-analytics.com *.facebook.com *.youtube.com https://i.ytimg.com https://cdn.i-pulse.nl *.unieksporten.nl https://www.readspeaker.com https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' 'unsafe-inline' data: *.vimeo.com *.typekit.net https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.botcopy.com *.unieksporten.nl *.kommunicate.io *.ip-studio.nl *.blueconic.net https://platform.twitter.com https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.ip-studio.nl *.googleapis.com *.readspeaker.com ; connect-src 'self' ws: cognito-identity.us-east-1.amazonaws.com *.botcopy.com *.vimeo.com *.unieksporten.nl https://stats.g.doubleclick.net https://sentry.io wss://socket4.applozic.com *.applozic.com wss://socket.applozic.com/ws *.twitter.com *.readspeaker.com *.applozic.com *.kommunicate.io *.googleapis.com *.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.ip-studio.nl https://fondsgehandicaptensport.blueconic.net *.facebook.com *.addthis.com https://www.google.com https://www.google-analytics.com *.google-analytics.com *.google.com 1
img-src 'self' www.google.com.br www.googletagmanager.com via.placeholder.com *.clarity.ms c.bing.com live.staticflickr.com; frame-src 'self' www.youtube.com www.google.com; style-src 'self'  'nonce-z/lBzp1gHsCjyaSmHjOQ4A=='; font-src 'self' data:; connect-src 'self' analytics.google.com stats.g.doubleclick.net www.google-analytics.com *.clarity.ms cloudflareinsights.com *.flickr.com; default-src 'self'; script-src 'self' www.googletagmanager.com www.google.com *.clarity.ms *.flickr.com  'nonce-z/lBzp1gHsCjyaSmHjOQ4A==' 1
base-uri 'self'; object-src 'none'; script-src https: 'nonce-223591a804' 'nonce-2527123b7e' 'nonce-ae5ebf09bb' 'nonce-baacd1ca98' 'nonce-2d4c88b690' 'nonce-f8fa1942de' 'nonce-b75302cc72' 'nonce-51a4eb2a60' 'nonce-e38ce2fe94' 'nonce-6a568fb47b' 'nonce-fb32a46020' 'nonce-b9b0378864' 'nonce-c1e3b46b5e' 'nonce-4af27664e5' 'nonce-03b1fa77e7' 'nonce-80895c97d8' 'nonce-901a852204' 'nonce-c9489b171d' 'nonce-281cc410ed' 'nonce-9f0cb7bca6' 'nonce-a5e5e02002' 'nonce-fa6fcb88e7' 'nonce-fb35443a86' 'nonce-5b19bddb13' 'nonce-c4045986b5' 'nonce-f2f27a7823' 'nonce-4e194c954d' 'strict-dynamic' blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: players.brightcove.net ajax.googleapis.com cdnjs.cloudflare.com *.gwpdev.seic.com *.myplatform.tsudev.seic.com *.api.seic.com api.seic.com *.walkme.com *.pay3000web.com *.corp.seic.com cpservices.seic.com *.wealthgateway.seic.com; 1
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: ws: wss: 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.zopim.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.vimeocdn.com *.ytimg.com *.adyen.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.demoup.com *.cookiebot.com sw-assets.ekomiapps.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cetelem.es *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.youtube.com *.vimeo.com *.oct8ne.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com *.google.com *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.clickelectrodomesticos.com *.zopim.com *.eficads.net *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com *.rawgit.com *.jsdelivr.net smart-widget-assets.ekomiapps.de sw-assets.ekomiapps.de connect.ekomi.de rrstatic.retailrocket.net google.nl s.kelkoogroup.net *.facebook.com cdn.doofinder.com https://images.unsplash.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com chimpstatic.com *.zopim.com *.doofinder.com *.zdassets.com *.aplazame.com *.tradedoubler.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.ytimg.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.cetelem.es *.demoup.com youtube.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de connect.facebook.net s.kk-resources.com *.newrelic.com bam.eu01.nr-data.net cdn.doofinder.com *.retailrocket.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com sw-assets.ekomiapps.de rrstatic.retailrocket.net smart-widget-assets.ekomiapps.de *.doofinder.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com wss://widget-mediator.zopim.com *.doofinder.com *.zdassets.com *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com smart-widget-assets.ekomiapps.de s.kelkoogroup.net google.com bam.eu01.nr-data.net wss://*.doofinder.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.toyota.co.il https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'none';      script-src 'self' https://stats.epic.com https://stats-test.epic.com;      connect-src 'self' https://epicresearch.org https://blob.epicresearch.org https://epicresearchblob.blob.core.windows.net https://stats.epic.com https://stats-test.epic.com;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;      base-uri 'self';      form-action 'self';      img-src 'self' https://blob.epicresearch.org https://epicresearchblob.blob.core.windows.net https://stats.epic.com https://stats-test.epic.com;      object-src 'self' https://blob.epicresearch.org https://epicresearchblob.blob.core.windows.net;      frame-src 'self' https://blob.epicresearch.org https://epicresearchblob.blob.core.windows.net;      manifest-src 'self'; font-src https://fonts.gstatic.com; 1
default-src 'none'; manifest-src *.rejail.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com translate.google.com static.cloudflareinsights.com static.rejail.ru; connect-src rejail.ru translate.googleapis.com; img-src 'self' data: translate.googleapis.com *.gstatic.com *.google.com static.rejail.ru discordapp.com; style-src 'self' 'unsafe-inline' *.googleapis.com static.rejail.ru; font-src 'self' fonts.gstatic.com static.rejail.ru; child-src *.youtube.com ads.rejail.ru 1
frame-ancestors 'self' www.scalatelecom.nl; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.addevent.com addevent.com *.puzzel.com *.siteimproveanalytics.io siteimproveanalytics.com *.siteimprove.net *.siteimprove.com *.tiny.cloud *.matomo.cloud *.cookieinformation.com *.cloudflare.com *.tinymce.com *.jquery.com connect.facebook.net eidenytt.files.wordpress.com *.gstatic.com *.udf.no *.hotjar.com *.hotjar.io livestream.com stats.g.doubleclick.net *.googleapis.com google.com google.no www.youtube.com youtube.com; child-src *.hotjar.com *.matomo.cloud; connect-src 'self' wss: *.googleapis.com *.matomo.cloud *.utdanningsforbundet.no *.hotjar.io *.hotjar.com *.puzzel.com *.siteimprove.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.facebook.com https://www.googletagmanager.com/ *.cookieinformation.com/; font-src 'self' *.hotjar.com *.matomo.cloud *.tiny.cloud *.puzzel.com *.gstatic.com data:; frame-src 'self' *.spotify.com *.soundcloud.com onedrive.live.com *.libsyn.com *.regjeringen.no *.vimeo.com *.nrk.no *.udf.no *.pippa.io *.acast.com *.microsoftstream.com livestream.com *.utdanningsforbundet.no *.hotjar.com www.youtube.com youtube.com www.google.com google.com www.facebook.com; img-src 'self' blob: https: data: *.google-analytics.com *.analytics.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.matomo.cloud code.jquery.com *.siteimprove.net *.piktochart.com addevent.com *.puzzel.com connect.facebook.net *.tiny.cloud *.cloudflare.com *.tinymce.com *.hotjar.com siteimproveanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com *.cookieinformation.com livestream.com *.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.puzzel.com  *.matomo.cloud *.tiny.cloud; report-uri https://00bc2ec247e445861ae623fb2557c894.report-uri.com/r/d/csp/enforce; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.myscience.at *.myscience.ca *.myscience.es *.myscience.fr *.myscience.de *.myscience.co.nl *.myscience.uk *.myscience.org *.bing.com *.bingj.com *.clarity.ms *.doubleclick.net *.dailymotion.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.switch.ch *.youtube.com *.ytimg.com  *.backlinks.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-src 'self' *.dailymotion.com *.paypal.com *.switch.ch *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' *.paypal.com *.paypalobjects.com; base-uri 'self'; object-src 'none' ; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-XcCgX8SKZaUx-CJ6pYXfeg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*; object-src 'self' 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'self';form-action 'self' https:;img-src 'self' https: data: blob:;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.feedbackcompany.com cdnjs.cloudflare.com code.jquery.com cdn.datatables.net onesignal.com *.onesignal.com connect.facebook.net *.licdn.com *.clarity.ms *.doubleclick.net *.bing.com *.ads-twitter.com cdn.jsdelivr.net *.paypal.com *.paypalobjects.com *.dwin1.com *.beslist.nl *.hs-scripts.com *.hs-banner.com *.hs-analytics.net lantern.roeyecdn.net lantern.roeyecdn.com;style-src 'self' 'unsafe-inline' https:;font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com;frame-src *.youtube.com *.redintelligence.net *.google.com *.paypal.com *.doubleclick.net;frame-ancestors 'self';report-uri https://www.inktweb.nl/api/csp/log 1
frame-ancestors 'self' https://*.sharepoint.com; 1
default-src 'self' *.lpsnmedia.net; frame-src 'self' data: *.lpsnmedia.net *.liveperson.net https: lpcdn.lpsnmedia.net; img-src  'self' data: *.lpsnmedia.net https: *.google-analytics.com *.googletagmanager.com; media-src 'self' blob: *.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.lpsnmedia.net *.liveperson.net http: https: googletagmanager.com google-analytics.com pi.pardot.com; style-src 'self' 'unsafe-inline' http: https: use.fontawesome.com; font-src 'self' data: http: https: use.typekit.net; connect-src 'self' data: http: https: google-analytics.com analytics.google.com googletagmanager.com ws: va.msg.liveperson.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://floobits.com wss://floobits.com https://*.floobits.com wss://*.floobits.com https://www.google-analytics.com https://*.olark.com https://*.stripe.com; img-src * data: blob:; media-src * blob:; 1
default-src 'self' blob: https://api2.amplitude.com https://*.zopim.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com wss://*.smooch.com https://js.intercomcdn.com; connect-src 'self' *.smooch.io wss://*.smooch.io https://api2.amplitude.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com *.gentu.com.au https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com wss://ws-api.production.genie-platform-production.com/websocket https://support.geniesolutions.com.au https://api.production.genie-platform-production.com https://production-template-public-images.s3.ap-southeast-2.amazonaws.com https://*.browser-intake-datadoghq.com https://*.geniesolutions.cloud; font-src 'self' data: https://fonts.gstatic.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://app.powerbi.com/ *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://www.youtube.com blob: https://*.geniesolutions.cloud; img-src 'self' https://support.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com data: blob: https://v2assets.zopim.io http://production-template-public-images.s3.amazonaws.com https://*.gentu.com.au https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' blob: *.smooch.io https://app.powerbi.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'sha256-4ahLko5vU/CyrnVEylFrEST+snqnQGVDj3Bn7HsRCMw=' 'nonce-d1TT+36vMcinf1I1P7+7l/3dUy0RW+Mcs4WPTP6TQzQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://geniesolutions.my.salesforce.com https://help.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com blob: 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; media-src * 'self' blob: data:; frame-src * 1
default-src 'self' *.amazonaws.com *.bazaarvoice.com *.addtoany.com *.adimo.co *.experianmarketingservices.com *.sessioncam.com *.facebook.com *.analyze.ly *.google-analytics.com *.doubleclick.net *.pinterest.com *.gigya.com *.nr-data.net *.gbqofs.io *.smababy.co.uk *.nescafe.com *.cerelac.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bazaarvoice.com *.googletagmanager.com *.nestle.com *.addtoany.com *.pinterest.com *.evidon.com *.gigya.com *.nescafe.com *.iesnare.com *.adimo.co *.twitter.com *.cloudfront.net *.krxd.net *.facebook.net *.google-analytics.com *.google.com *.ads-twitter.com *.doubleclick.net pagecdn.io *.pinimg.com *.newrelic.com *.nr-data.com *.nr-data.net *.googleadservices.com *.usabilla.com *.gbqofs.com *.gstatic.com *.youtube.com *.hypemarks.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.adimo.co *.fontawesome.com *.googleapis.com *.gigya.com *.bazaarvoice.com *.nestle.com *.cloudfront.net *.hypemarks.com *.cookielaw.org *.onetrust.com *.cookiepro.com; img-src 'self' data: *.pinterest.com *.bazaarvoice.com *.gigya.com *.adimo.co *.carnation.co.uk *.evidon.com *.betrad.com *.rlcdn.com *.krxd.net *.google-analytics.com *.facebook.com *.facebook.net t.co *.google.com *.google.es *.sessioncam.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.usabilla.com *.twitter.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.gstatic.com *.google.co.uk; media-src 'self'; frame-src 'self' *.gigya.com *.addtoany.com *.adimo.co adimo.co *.pinterest.com *.bazaarvoice.com *.nescafe.com *.doubleclick.net *.facebook.com *.youtube.com *.google.com *.hypemarks.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.fontawesome.com *.gstatic.com *.cloudfront.net; connect-src  'self' *.gbqofs.io *.amazonaws.com *.bazaarvoice.com *.sessioncam.com *.pinterest.com *.analyze.ly *.google-analytics.com *.nr-data.net *.doubleclick.net *.gigya.com *.smababy.co.uk *.smababy.ie *.nescafe.com *.maggi.co.uk *.cerelac.co.uk *.adimo.co *.facebook.com *.usabilla.com *.experianmarketingservices.com *.evidon.com *.google.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.googlesyndication.com; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' *.linkedin.com *.chilipiper.com *.googleapis.com *.googlesyndication.com *.hscollectedforms.net vimeo.com *.adnxs.com *.6sc.co *.vimeo.com *.clickagy.com *.zoominfo.com *.oribi.io *.onetrust.com *.hsforms.com *.hubapi.com *.cookielaw.org *.hubspot.com *.sentry.io *.doubleclick.net *.facebook.com *.google-analytics.com; font-src 'self' data: *.gstatic.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; media-src 'self' op3.dev; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.chilipiper.com blob: data: *.hubspot.com *.hs-sites-eu1.com *.changelog.com *.6sc.co *.vimeo.com *.googleapis.com *.clickagy.com *.zoominfo.com *.amcharts.com unpkg.com *.comeet.co *.hsforms.net *.googleadservices.com *.sentry-cdn.com *.cookielaw.org *.facebook.net *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.licdn.com *.ads-twitter.com *.google-analytics.com *.google.com *.googletagmanager.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.comeet.com *.jsdelivr.net unpkg.com *.googleapis.com/; frame-src 'self' *.chilipiper.com *.hs-sites-eu1.com changelog.com *.youtube.com *.clickagy.com *.vimeo.com *.facebook.com *.doubleclick.net *.hsforms.com *.comeet.co; form-action 'self' *.facebook.com *.hsforms.com; worker-src 'self' blob: 1
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com  http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 1
frame-ancestors 'self' *.myaerotel.com 1
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 1
default-src 'self' *.decimalchain.com http: https: wss: ws: data:; connect-src *.decimalchain.com 'self' http: https: wss: ws:; script-src *.decimalchain.com 'unsafe-inline' 'unsafe-eval' http: https: wss: ws:; img-src *.decimalchain.com 'self' http: https: wss: data: ws:; style-src *.decimalchain.com *.googleapis.com 'unsafe-inline' http: https: wss: ws:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://shelter.moe; img-src 'self' https: data: blob: https://shelter.moe; style-src 'self' https://shelter.moe 'nonce-oRscH802NEJX+ATrXSYqdw=='; media-src 'self' https: data: https://shelter.moe; frame-src 'self' https:; manifest-src 'self' https://shelter.moe; form-action 'self'; child-src 'self' blob: https://shelter.moe; worker-src 'self' blob: https://shelter.moe; connect-src 'self' data: blob: https://shelter.moe https://shelter.moe wss://shelter.moe; script-src 'self' https://shelter.moe 'wasm-unsafe-eval' 1
default-src 'self' *.cookiebot.com *.usersnap.com maps.googleapis.com wss:; img-src 'self' *.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: *.ytimg.com *.talkdeskdev.com *.talkdeskapp.com *.gravatar.com; script-src 'self' *.cookiebot.com *.usersnap.com *.cloudflare.com *.pingdom.net https://*.google-analytics.com https://maps.googleapis.com https://*.talkdeskapp.com *.googletagmanager.com blob:  https://maps.googleapis.com/maps/api/js 'sha256-An9OckZKYfev2e9RGhWW0qyVx/Tu+fi9Lgpwtaz/avQ=' https://maps.googleapis.com/maps-api-v3/api/js/ 'sha256-Hyj3Wh3VpX7DF/56So9bvKj4aX7nlE5SO5TqfV2CO3s=' 'sha256-D8oYkPupgY66I8/W/aUZmbOnkrudIYeJV5QMey1X4rk=' 'sha256-cKSz6laXQ3MUpXLmdYaMac+4Jq2+sh0en97BkGcVIE4=' 'sha256-ppMJxw/0WlvWVY0vl56KLz8RlaGNrWhKR0SE0FN12wY=' 'sha256-++hPl9zdRD3J5Sqn1CjgRjs3uPFWOn/1F+CG9og36Vo=' 'sha256-j1svnuLzA3bopnR1VxgluK86MI+0VPKxcZMbV+eU2ro=' 'sha256-7LzfajFKm76rLsF3ogj9Lf5tCszECE313TqkCieAduI=' 'sha256-JNxFzoVwDjjw5WMCzz++J0U6snRLvb3GgBH3UbeHffY=' 'sha256-hqefpvFjTzpAv68QMK3Dpy7KNfW+9nA4wQTYI6NatOo=' 'sha256-4kQREEOmUv5TSuiC/TVAHDGEyEEx1pu3+6iGFZbmfEU='; base-uri 'self'; object-src 'none'; style-src 'self' fonts.googleapis.com *.gstatic.com 'unsafe-inline' https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com *.talkdeskapp.com; frame-ancestors 'self'; frame-src 'self' *.google.com *.cookiebot.com https://*.youtube.com; connect-src 'self' https://*.googleapis.com https://*.g.doubleclick.net https://*.google-analytics.com *.google.com https://*.gstatic.com https://*.cookiebot.com https://*.pingdom.net data: blob: *.talkdeskapp.com *.talkdeskapp.eu wss:; worker-src 'self' blob:; 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cms.stauff.com; manifest-src 'none'; object-src 'none'; upgrade-insecure-requests; report-uri https://lukadgroup.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; 1
frame-ancestors https://*.greatergiving.com https://*.ggo.bid https://marchofdimeslive.org 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
upgrade-insecure-requests; report-uri https://bbcsp.report-uri.com/r/d/csp/enforce 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https: https://script.hotjar.com http://script.hotjar.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' https: http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.googletagmanager.com *.google-analytics.com https://use.fontawesome.com https://bat.bing.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://a.omappapi.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://recaptcha.net *.recaptcha.net *.gstatic.com https://maps.googleapis.com https://enquete.agconsult.com https://connect.facebook.net https://js-cdn.dynatrace.com https://app.segmanta.com; connect-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: https: http://script.hotjar.com https://script.hotjar.com; frame-src 'self' https: https://vars.hotjar.com app.vwo.com *.visualwebsiteoptimizer.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https://a.omappapi.com https://use.fontawesome.com; worker-src 'self' blob:; 1
default-src 'unsafe-inline' 'self' data:; img-src 'self' https://static.faceworks.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com data:; font-src 'self' https://cdn.faceworks.nl https://use.typekit.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://*.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com data:; frame-src 'self' https://consentcdn.cookiebot.com; connect-src https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com 'self'; 1
upgrade-insecure-requests; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://*.smithsdetection.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://www.youtube.com/ https://forms.hsforms.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://*.hubspot.com https://img.youtube.com https://forms-na1.hsforms.com https://forms.hsforms.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://cdn.polyfill.io https://www.youtube.com https://cdnjs.cloudflare.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://player.vimeo.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://*.google.com https://*.typekit.net; 1
object-src 'none'; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://exclusiveview.eu https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.itcloud.ca https://*.googleapis.com:* https://*.google-analytics.com:* https://*.google.com:* https://*.gstatic.com:* https://*.bootstrapcdn.com:* https://*.tawk.to:*; style-src 'self' 'unsafe-inline' https://*.itcloud.ca https://*.googleapis.com:* https://*.google-analytics.com:* https://*.google.com:* https://*.gstatic.com:* https://*.bootstrapcdn.com:* https://*.tawk.to:*; script-src-elem 'self' 'unsafe-inline' https://*.itcloud.ca https://*.googleapis.com:* https://*.google-analytics.com:* https://*.google.com:* https://*.gstatic.com:* https://*.bootstrapcdn.com:* https://www.youtube.com:*; object-src 'none'; frame-ancestors 'self' 1
frame-src https:; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'sha256-ZoLPmUE984t1ctLy65xUnzPSpSzqqcao/3I8AjOTgNw=' 'sha256-aGhXbf5JBWkDSkgKE2g2nBuBRwZRynC1/x6C3lB/9uo=' 'sha256-Uz0yn00PqpvyPuK+MptaAirzRCPwuCU4Vhj/iAbfJxk=' 'sha256-UdVhZKbq1fJ5VnOfpc07a4jd46hwr58B11Z4mRT62RY=' 'sha256-3833GmJ0CVh1Yb+wwFAYxRwvSyVYCmSz/fub3I5Xquk=' 'sha256-DQUY+ltLxs49TgrM2ZbOqgvmX2VnmEkUi7Ny9To1VUo=' 'sha256-a32ir+Bh3s5eeJNiMo9q+SacS8/aLX6M6rZFINN9KDg=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'nonce-1b4e058b89' https://*.facebook.net/  https://*.addtoany.com/ https://*.licdn.com/ https://*.googletagmanager.com/  https://*.linkedin.com/  https://*.google.co.in/  https://*.google.com/ https://*.twitter.com/  https://t.co/  https://*.facebook.com/  https://*.google-analytics.com/  px.ads.linkedin.com www.google.com https://*.analytics.google.com/  https://*.doubleclick.net/  https://*.oribi.io/  https://*.greenhouse.io/ https://*.googleadservices.com/ https://*.list-manage.com/;img-src 'self' https://*.facebook.net/  https://*.addtoany.com/ https://*.licdn.com/ https://*.googletagmanager.com/  https://*.linkedin.com/  https://*.google.co.in/  https://*.google.com/ https://*.twitter.com/  https://t.co/  https://*.facebook.com/  https://*.google-analytics.com/  px.ads.linkedin.com www.google.com https://*.analytics.google.com/  https://*.doubleclick.net/  https://*.oribi.io/  https://*.greenhouse.io/ https://*.googleadservices.com/ https://*.list-manage.com/ data: 'self' https://*.facebook.net/  https://*.addtoany.com/ https://*.licdn.com/ https://*.googletagmanager.com/  https://*.linkedin.com/  https://*.google.co.in/  https://*.google.com/ https://*.twitter.com/  https://t.co/  https://*.facebook.com/  https://*.google-analytics.com/  px.ads.linkedin.com www.google.com https://*.analytics.google.com/  https://*.doubleclick.net/  https://*.oribi.io/  https://*.greenhouse.io/ https://*.googleadservices.com/ https://*.list-manage.com/; connect-src 'self' https://*.facebook.net/  https://*.addtoany.com/ https://*.licdn.com/ https://*.googletagmanager.com/  https://*.linkedin.com/  https://*.google.co.in/  https://*.google.com/ https://*.twitter.com/  https://t.co/  https://*.facebook.com/  https://*.google-analytics.com/  px.ads.linkedin.com www.google.com https://*.analytics.google.com/  https://*.doubleclick.net/  https://*.oribi.io/  https://*.greenhouse.io/ https://*.googleadservices.com/ https://*.list-manage.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialog.com https://*.onetrust.com https://code.jquery.com/ui/1.13.1/jquery-ui.min.js https://cdnjs.cloudflare.com https://www.tripadvisor.com/wejs https://www.googletagmanager.com https://cdns.eu1.gigya.com https://www.jscache.com https://snap.licdn.com https://cdn.hypemarks.com https://service.force.com https://www.tripadvisor.com https://js-agent.newrelic.com https://files.qualifio.com https://connect.facebook.net https://www.googleadservices.com https://www.google-analytics.com https://maps.googleapis.com https://brand-ecommerce-assets.fusepump.com https://static.tacdn.com https://d.la1-c1-par.salesforceliveagent.com https://d.la2-c1-cdg.salesforceliveagent.com https://bam.nr-data.net https://googleads.g.doubleclick.net https://c.betrad.com https://maxcdn.bootstrapcdn.com https://scripts.qualifioapp.com https://www.salesforce.com/ https://d22xmn10vbouk4.cloudfront.net/; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialogflow.com https://*.onetrust.com https://static.tacdn.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.0/css/font-awesome.min.css https://service.force.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialogflow.com https://*.onetrust.com https://px.ads.linkedin.com https://images.aws.nestle.recipes https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com data: https://static.tacdn.com https://www.google.com https://www.facebook.com https://www.google.co.in https://l.betrad.com; frame-src 'self' https://www.google.com/ https://cdns.eu1.gigya.com https://service.force.com https://brand-ecommerce-assets.fusepump.com https://cdn.hypemarks.com https://bid.g.doubleclick.net https://9796171.fls.doubleclick.net/ https://www.googletagmanager.com/ https://www.facebook.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://www.onetrust.com/ https://td.doubleclick.net/ https://files.qualifio.com https://www.nestlepromo.ch/ https://scripts.qualifioapp.com https://www.salesforce.com/; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialog.com https://*.onetrust.com https://cdns.eu1.gigya.com https://www.google-analytics.com https://service.force.com https://maps.googleapis.com https://stats.g.doubleclick.net https://brand-ecommerce-api.fusepump.com https://api.tintup.com https://cognito-identity.us-east-1.amazonaws.com https://kinesis.us-east-1.amazonaws.com https://bam.nr-data.net https://digital-commerce-api-cdn.fusepump.com https://accounts.eu1.gigya.com https://www.googletagmanager.com https://scripts.qualifioapp.com https://www.salesforce.com/ 1
child-src 'self' *.hoteleffectiveness.com app.pendo.io; connect-src 'self' *.hoteleffectiveness.com https://www.google-analytics.com *.pndsn.com https://ping.chartbeat.net *.s3.amazonaws.com https://static.chartbeat.com https://fonts.gstatic.com https://fonts.googleapis.com apis.google.com app.pendo.io data.pendo.io pendo-static-6599635893616640.storage.googleapis.com https://pendo-io-static.storage.googleapis.com; font-src 'self' *.hoteleffectiveness.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-ancestors 'self' app.pendo.io; frame-src 'self' *.hoteleffectiveness.com *.firebaseapp.com app.pendo.io; img-src 'self' *.hoteleffectiveness.com data: cdn.pendo.io app.pendo.io pendo-static-6599635893616640.storage.googleapis.com data.pendo.io; script-src 'self' *.hoteleffectiveness.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://fast.wistia.net https://static.chartbeat.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-6599635893616640.storage.googleapis.com data.pendo.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.hoteleffectiveness.com https://fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-6599635893616640.storage.googleapis.com 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ www.googletagmanager.com/ maps.googleapis.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ stats.g.doubleclick.net/ *.vo.msecnd.net/ marathonconsulting.atlassian.net/; style-src 'self' 'unsafe-inline' fonts.googleapis.com/; connect-src 'self' maps.googleapis.com/ www.google-analytics.com/ stats.g.doubleclick.net/ dc.services.visualstudio.com/; img-src 'self' data: i.ytimg.com/ maps.gstatic.com/ maps.googleapis.com/ img.youtube.com/ www.google-analytics.com/; font-src 'self' fonts.gstatic.com/; frame-src 'self' www.google.com/ www.youtube.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; img-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://www.google.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; object-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; frame-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://app.tuotempo.com/ https://ajax.googleapis.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; 1
script-src 'report-sample' 'nonce-Oq9LNf7pCkG0Bd4gbWuM-w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'self' https://*.toyota.fi https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
child-src shippingwatch.dk *.shippingwatch.dk; frame-src https://*; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://ssl.bescript.de/csp/; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: http:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri /csp-report-endpoint/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://urusai.social; img-src 'self' data: blob: https://urusai.social https://files.urusai.social; style-src 'self' https://urusai.social 'nonce-j3pQkf3k9+ucfIyWP759Qw=='; media-src 'self' data: https://urusai.social https://files.urusai.social; frame-src 'self' https:; manifest-src 'self' https://urusai.social; form-action 'self'; child-src 'self' blob: https://urusai.social; worker-src 'self' blob: https://urusai.social; connect-src 'self' data: blob: https://urusai.social https://files.urusai.social wss://urusai.social; script-src 'self' https://urusai.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' viewsonic.com viewsonic.com.tw viewsonic.com.au viewsonic.com.sg viewsoniceurope.com viewsonic.com.cn ap.viewsonic.com hk.viewsonic.com ifppartners.viewsonic.com youtube.com dev-viewsonic.mojostratus.io customercare.viewsonic.com.tw dev.ap.viewsonic.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.gstatic.com; frame-ancestors 'none'; font-src 'self' 'unsafe-eval' data: *.googleapis.com *.gstatic.com; connect-src 'self' 1
default-src  'self' 'unsafe-inline' https://rtp-static.marketo.com/ https://fonts.googleapis.com https://tagmanager.google.com https://pages.planonsoftware.com/ https://info.planonsoftware.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: wss: https://documentcloud.adobe.com https://assets.adoberesources.net https://*.cloud.adobe.io/ https://*.marketo.com/ https://munchkin.marketo.net/; connect-src 'self' https://cdn.linkedin.oribi.io/ *.adobe.io wss://*.adobe.io https://*.visualwebsiteoptimizer.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://portal.pushpro.io/ wss://hummingbirdwebsocket-va7.cloud.adobe.io/ https://storage.googleapis.com/ https://*.clarity.ms/ https://*.cloud.adobe.io/ https://*.mktoresp.com/ https://*.marketo.com/ https://bat.bing.com/ https://stats.g.doubleclick.net/ https://rtp-static.marketo.com/ https://consentcdn.cookiebot.com/ https://www.google-analytics.com/ https://117-har-928.mktoresp.com https://441-ITY-232.mktoresp.com https://pages.planonsoftware.com/ https://info.planonsoftware.com/ https://117-har-928.mktoutil.com/ https://441-ITY-232.mktoutil.com/ https://nld1rtp1.marketo.com/ https://sjrtp2.marketo.com/ https://*.googlesyndication.com https://*.mktoutil.com https://t.comparesoft.com/ https://px.ads.linkedin.com/; font-src 'self' data: https://*.typekit.net/ https://fonts.gstatic.com/; frame-src 'self' https://login.windows.net https://*.planonsoftware.com https://outlook.office365.com https://documentcloud.adobe.com https://ionfiles.scribblecdn.net https://www.facebook.com/ https://*.marketo.com/ https://consent.cookiebot.com https://privacyportal-eu.onetrust.com https://training.planonsoftware.com/ https://*.planoncloud.com/ https://fr-authprod.planoncloud.com https://consentcdn.cookiebot.com https://www.youtube.com https://pcis-prod.planoncloud.com https://customer.planonsoftware.com https://trust.planoncloud.com https://pages.planonsoftware.com/ https://info.planonsoftware.com/ https://td.doubleclick.net/ https://w.soundcloud.com; img-src 'self' data: https://img.youtube.com https://*.ytimg.com/ https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.pushcrew.com/ https://pushcrew.com/ http://planonsoftware.com/ https://storage.googleapis.com/ https://assets.adoberesources.net https://www.googletagmanager.com/ https://pages.planonsoftware.com/ https://c.bing.com https://c.clarity.ms/ https://planonsoftware.com/ https://*.gxcloud.net/ https://www.google.de/ https://p.adsymptotic.com/ https://www.google.nl https://www.google.com/ https://www.linkedin.com/ https://www.facebook.com/ https://stats.g.doubleclick.net/ https://bat.bing.com https://*.ads.linkedin.com/ https://lh3.googleusercontent.com https://www.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://*.visualwebsiteoptimizer.com https://cdn.planonsoftware.com https://info.planonsoftware.com/ https://fonts.gstatic.com https://imgsct.cookiebot.com/ https://t.co/ https://analytics.twitter.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.pushcrew.com/ https://fonts.googleapis.com/ https://p.typekit.net/ https://use.typekit.net/ https://*.marketo.com/ https://*.marketo.net/ https://pages.planonsoftware.com/ https://info.planonsoftware.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://www.samfm.net/ https://samfm.airfrance.fr/; report-uri /web/reportreceiver; 1
frame-ancestors 'self' *.instructure.com moodle.do.gsldev.com moodle.gsl.local 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mast.lat; img-src 'self' https: data: blob: https://mast.lat; style-src 'self' https://mast.lat 'nonce-Aj2gDEuCZdI0T+RwgaFi4A=='; media-src 'self' https: data: https://mast.lat; frame-src 'self' https:; manifest-src 'self' https://mast.lat; form-action 'self'; child-src 'self' blob: https://mast.lat; worker-src 'self' blob: https://mast.lat; connect-src 'self' data: blob: https://mast.lat https://media.mast.lat wss://mast.lat; script-src 'self' https://mast.lat 'wasm-unsafe-eval' 1
frame-ancestors https://hostilla.pl http://crm.etop.pl:81 http://80.72.47.107:81/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://button.kcmsurvey.com https://chart.googleapis.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; img-src 'self' data: blob: https://www.kcmsurvey.com https://chart.googleapis.com https://translate.google.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; style-src 'self' 'unsafe-inline' https://www.kcmsurvey.com https://button.kcmsurvey.com https://fonts.googleapis.com https://translate.googleapis.com https://www.google.com *.gstatic.com ; font-src 'self' data: ; object-src 'none' ; report-uri https://www.kcmsurvey.com/callbacks/csp_violation/report.php 1
font-src 'self' data:; media-src 'self' https://cdn.pfh.de; object-src 'none'; frame-ancestors 'self'; report-uri https://www.pfh.de/report-uri/enforce 1
frame-ancestors 'self' www.ttecdigital.com ttecdigital.com; 1
default-src https: wss: data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' https://*.lesgrappes.com https://js.stripe.com https://hooks.stripe.com; 1
frame-ancestors 'self' *.bigrigchromeshop.com *.authorize.net 1
default-src 'self' blob: data: https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net https://*.replain.cc https://use.fontawesome.com https://api-maps.yandex.ru https://yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://www.youtube.com http://via.placeholder.com https://www.google.com https://*.tu.market; style-src 'self' 'unsafe-inline' https://*.tinkoff.ru  https://*.replain.cc https://use.fontawesome.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net https://www.youtube.com https://*.replain.cc https://mc.yandex.ru https://yandex.ru https://informer.yandex.ru https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://api-maps.yandex.ru https://ajax.googleapis.com https://*.maps.yandex.net https://yastatic.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://yandex.ru https://maps.vk.com https://*.maps.vk.com https://maps.mail.ru https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net wss://*.replain.cc https://*.replain.cc https://mc.yandex.ru https://mc.yandex.md https://geocode-maps.yandex.ru https://www.google-analytics.com https://yandex.ru/clck//counter https://*.tu.market; img-src 'self' data: https://*.tinkoff.ru https://img.youtube.com https://*.livetex.ru https://*.livetex.me https://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru https://informer.yandex.ru https://*.maps.yandex.net http://via.placeholder.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://yandex.ru https://counter.yadro.ru https://*.tu.market 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tapbots.social; img-src 'self' https: data: blob: https://tapbots.social; style-src 'self' https://tapbots.social 'nonce-aQBwaxXA7TYiWjeWWOIoAg=='; media-src 'self' https: data: https://tapbots.social; frame-src 'self' https:; manifest-src 'self' https://tapbots.social; form-action 'self'; child-src 'self' blob: https://tapbots.social; worker-src 'self' blob: https://tapbots.social; connect-src 'self' data: blob: https://tapbots.social https://tapbots.social wss://tapbots.social; script-src 'self' https://tapbots.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://qccu.sharepoint.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ws: data: blob: https://*.facebook.net https://*.gstatic.com https://*.googletagmanager.com https://*.hotjar.com https://*.jotfor.ms/ https://*.jotform.com https://*.licdn.com https://*.plasmic.app https://*.userway.org https://*.sanity.io https://*.algolia.com https://*.algolianet.com https://*.algolia.net https://*.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://*.linkedin.io https://*.oribi.io https://*.bing.com https://*.tiktok.com https://*.facebook.com https://equipcms.wpengine.com https://*.youtube.com; 1
default-src 'self' https://survey.alchemer.com/ https://watershedlrs.com/ https://experience.instilled.com https://watershedlrs.instilled.com https://www.facebook.com https://watershed-studio.netlify.app https://watershedlrs.kzoplatform.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.watershedlrs.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://www.canva.com https://td.doubleclick.net https://ob.buzzfighter.com https://obs.buzzfighter.com https://www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://widget.aggregage.com/ https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube.com https://w.soundcloud.com https://go.watershedlrs.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com/ https://www.clickcease.com https://*.buzzfighter.com https://ob.buzzfighter.com https://obs.buzzfighter.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.watershedlrs.com https://go.ltgplc.com https://go.watershedlrs.com https://player.vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://*.buzzfighter.com https://ob.buzzfighter.com https://obs.buzzfighter.com https://www.watershedlrs.com;font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.buzzfighter.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.watershedlrs.com https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.buzzfighter.com https://ob.buzzfighter.com https://obs.buzzfighter.com;prefetch-src 'self' https://go.watershedlrs.com https://www.googletagmanager.com https://www.google-analytics.com;frame-ancestors 'self' https://watershed-studio.netlify.app https://watershedlrs.com  https://watershedlrs.com https://staging.watershedlrs.com/ https://studio.watershedlrs.com/ https://ob.buzzfighter.com https://obs.buzzfighter.com 1
frame-ancestors 'self' https://www.banbif.com.pe https://*.banbif.com.pe https://*.extranetbanbif.com.pe/; upgrade-insecure-requests 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ https://js.stripe.com/ https://www.hubspot.com/ https://www.youtube-nocookie.com/ https://meetings.hubspot.com/ https://www.googletagmanager.com 1
default-src 'self'; font-src * data:; frame-ancestors 'self'; connect-src *; frame-src 'self' https://*.doubleclick.net https://insight.adsrvr.org https://widget.stackla.com https://hosted.where2getit.com; img-src * data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://contentz.mkt932.com https://app.everviz.com https://code.highcharts.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://*.pages03.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://*.pages03.net;  style-src-elem 'self' 'unsafe-inline' *;  style-src 'self' 'unsafe-inline' *; 1
child-src 'self' blob:; connect-src * blob:; img-src 'self' data: * *.facebook.com *.xumo.tv *.xumo.com; font-src 'self' data: *.cimcontent.net fonts.googleapis.com fonts.gstatic.com *.xumo.tv *.xumo.com; object-src 'self' data: *; media-src 'self' blob: *; manifest-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: *.2mdn.net *.ads-twitter.com *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com adservice.google.com *.adsrvtracker.com app.link *.branch.io connect.facebook.net *.doubleclick.net *.doubleverify.com *.facebook.com *.fwmrm.net *.google.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com imasdk.googleapis.com *.innovid.com *.ipredictive.com *.jwplayer.com *.jwpcdn.com *.moatads.com sb.scorecardresearch.com *.securiti.ai *.getpublica.com *.xumo.tv *.xumo.com; style-src 'unsafe-inline' blob: 'self' *.comcast.com fonts.googleapis.com *.googletagmanager.com *.innovid.com *.xumo.tv *.xumo.com; frame-src *.adnxs.com *.adnxs-simple.com imasdk.googleapis.com *.facebook.com *.getpublica.com 1
font-src 'self' https://fonts.gstatic.com/; object-src 'self'; connect-src 'self' https://hn.inspectlet.com/ wss://ws.inspectlet.com/ https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://www.google-analytics.com/ https://stats.g.doubleclick.net https://adservice.google.com/tt/r https://pagead2.googlesyndication.com/ https://api.github.com/emojis; frame-src https://www.youtube.com/ 'self' https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/; manifest-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com/charts/ https://cdn.inspectlet.com/ https://cdn.ywxi.net/js/1.js https://maps.googleapis.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://connect.facebook.net/ https://pagead2.googlesyndication.com/ https://partner.googleadservices.com/ https://adservice.google.ca/ https://www.googletagservices.com/ https://tpc.googlesyndication.com/ https://adservice.google.com/ 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-pepsodent.com https://shop-id-pepsodent.com/; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://woerden.maps.arcgis.com https://geoportaal.woerden.nl https://snelbalie.woerden.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MDJhMjExOGQtYjBjNy00YmFlLTkxNzYtZGE2MzU5ZTA2NWMx' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://include.timeblockr.com https://shared.api.timeblockr.com https://app-script.monsido.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://include.timeblockr.com https://shared.api.timeblockr.com https://*.google-analytics.com https://app-script.monsido.com; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-MDJhMjExOGQtYjBjNy00YmFlLTkxNzYtZGE2MzU5ZTA2NWMx' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://include.timeblockr.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://include.timeblockr.com;  1
default-src data: https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.linkedin.com *.licdn.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.cdn.net *.facebook.net *.facebook.com *.umbraco.org *.umbraco.com *.googletagmanager.com *.pardot.com *.reachmee.com *.e-space.se *.clarity.ms *.google.se *.b-cdn.net *.ibinder.com *.akamaihd.net *.wistia.com *.hotjar.com *.pingdom.net *.doubleclick.net *.ytimg.com *.mynewsdesk.com *.leadoo.com *.bing.com *.segment.com *.github.com *.teamwalnut.com about: blob:; connect-src 'self' ws://*.com ws://*.se *.akamaihd.net *.wistia.com *.litix.io *.google-analytics.com *.visualstudio.com *.pingdom.net *.umbraco.org *.umbraco.com *.doubleclick.net *.leadoo.com *.oribi.io *.bing.com *.google.com *.clarity.ms *.hotjar.io *.hotjar.com *.googlesyndication.com *.linkedin.com;media-src 'self' blob: *.ibinder.com *.akamaihd.net *.wistia.com *.b-cdn.net *.leadoo.com;worker-src https: blob:; 1
frame-ancestors 'self' grn-www.bayliner.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.youtube.com https://player.vimeo.com https://static.axept.io https://t.novius.net https://cdn.novius.net; object-src 'self'; worker-src blob: 1
style-src 'self' 'unsafe-inline' https://*.clutch.co https://heapanalytics.com https://fonts.googleapis.com https://*.maze.co; form-action 'self'; worker-src blob: https://*.clutch.co; font-src 'self' *.hotjar.com https://heapanalytics.com https://fonts.gstatic.com https://*.maze.co; img-src 'self' data: blob: *.googleapis.com *.shgstatic.com *.analytics.google.com *.google-analytics.com https://*.clutch.co https://static5.clutch.co https://www.google.com https://googleads.g.doubleclick.net https://api.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://heapanalytics.com https://px.ads.linkedin.com https://*.maze.co https://www.clarity.ms https://www.facebook.com https://imgsct.cookiebot.com https://c.clarity.ms https://www.linkedin.com https://c.bing.com; script-src 'self' 'nonce-qGpegkJexEuacrDZ' *.clutch.co *.google-analytics.com https://*.hsforms.com https://*.hubspot.com https://*.clutch.co https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com https://www.clarity.ms https://ajax.cloudflare.com https://js.hs-banner.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.googleoptimize.com https://www.gstatic.com https://snap.licdn.com https://*.maze.co https://connect.facebook.net; connect-src 'self' *.google-analytics.com *.google.com *.clutch.co *.hotjar.io *.hotjar.com *.doubleclick.net wss://*.hotjar.com wss://*.hotjar.io https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.cookiebot.com https://cdn.linkedin.oribi.io https://*.maze.co https://www.clarity.ms *.linkedin.com; frame-ancestors 'self' *.clutch.co; object-src 'none'; base-uri 'self'; 1
default-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.google-analytics.com https://datatables.net https://cloudflare.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://picahelpeu.freshchat.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.pica.gov.jm https://eu.fw-cdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net https://query.yahooapis.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com https://s-static.ak.facebook.com; style-src 'self' 'unsafe-inline' https://picahelpeu.freshchat.com https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net http://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com http://fonts.googleapis.com; frame-src 'self' https://674803454001280.eu.webpush.freshchat.com https://picahelpeu.freshchat.com https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://cdnjs.cloudflare.com https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net; object-src https://eu.fw-cdn.com https://picafreshsaleseu.myfreshworks.com https://abhilashmadhavan-508354047129717916-70e095023c9f1e616675586.freshchat.com https://src.freshmarketer.eu https://www.pica.gov.jm https://cloudflare.com https://cdnjs.cloudflare.com https://datatables.net https://cdn.datatables.net https://cdnjs.cloudflare.com 1
script-src 'unsafe-inline' 'self' https://millerind.com https://*.millerind.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; worker-src 'self' https://millerind.com https://*.millerind.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; frame-src 'self' https://millerind.com https://*.millerind.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; 1
default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors https://www.mit.gov.tr https://mit.gov.tr 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-40kqH25aCSdy3JBCakhne8O/gdHcvedq8YYOM926YhjOKfQm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://tn.fromoldbooks.org https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com https://tpc.googlesyndication.com https://cdnjs.buymeacoffee.com https://stats.g.doubleclick.net; img-src 'self' data: https://tn.fromoldbooks.org https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.paypalobjects.com; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.buymeacoffee.com https://www.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com *.doubleclick.net https://www.googletagervices.com https://ssl.google-analytics.com https://cdn.ampproject.org https://cdn.taboola.com https://adservice.google.com https://adservice.google.ca https://partner.googleadservices.com  https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://cdnjs.buymeacoffee.com https://www.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com *.doubleclick.net https://www.googletagervices.com https://ssl.google-analytics.com https://cdn.ampproject.org https://cdn.taboola.com https://adservice.google.com https://adservice.google.ca https://partner.googleadservices.com  https://www.googletagservices.com https://tpc.googlesyndication.com; base-uri 'self'; object-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d4897d6e339498e1d962a89b7469e31e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' *.youtube-nocookie.com; img-src 'self' *.paypalobjects.com data:; frame-ancestors 'self' *.example.net; 1
form-action 'self' *.paypal.com; 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com gcontent.robertsonmarketing.com https:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; img-src 'self' data: optimize.google.com recommendationengine.googleapis.com www.googletagmanager.com storage.googleapis.com www.google-analytics.com rmcontent.avetti.ca ssl.google-analytics.com *.doubleclick.net www.google.com www.google.ca gcontent.robertsonmarketing.com csi.gstatic.com www.gstatic.com; style-src  'unsafe-inline' 'unsafe-eval' gcontent.robertsonmarketing.com https:; 1
report-uri https://legapass.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net https://api-maps.yandex.ru https://*.yandex.ru https://*.google.ru https://*.google.com https://*.disquscdn.com https://*.disqus.com https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://yandex.ru https://*.yandex.ru; child-src https://*.yandex.ru https://yastatic.net https://cse.google.com https://api-maps.yandex.ru https://yoomoney.ru https://disqus.com https://funding.webmoney.ru https://www.youtube.com https://st.yandexadexchange.net; form-action 'self' subscribe.ru;  1
default-src https: 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; frame-src https:; img-src 'self' data: https:; report-uri /web-api/report-to/csp-enforce; font-src 'self' data:; 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
frame-ancestors 'self' banco.bradesco financiamentos.bradesco wspf.bradesco.com.br wspf.banco.bradesco wspj.bradescopessoajuridica.com.br institucional.bradesco.com.br bradescoseguranca.com.br; 1
font-src *.googleapis.com https://fonts.gstatic.com data: *.fontawesome.com 'self' data: https://use.typekit.net https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' https://www.google.com https://*.addthis.com https://www.youtube-nocookie.com https://en.wikipedia.org https://en.m.wikipedia.org https://assets.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://*.addthis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://app.certcapture.com https://s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net https://log.pinterest.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://app.certcapture.com https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://bugherd-attachments.s3.amazonaws.com ws.pusherapp.com https://screenshots.bugherd.com https://assets.pinterest.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://d2iiunr5ws5ch1.cloudfront.net https://app.certcapture.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://*.ingest.sentry.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://stats.g.doubleclick.net https://app.certcapture.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com ws.pusherapp.com https://*.pusher.com https://screenshots.bugherd.com https://sessions.bugsnag.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
default-src https:                    'unsafe-inline'                    'unsafe-eval'; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.mkjfgfi.nrw *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com *.taggbox.com *.flockler.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.mkjfgfi.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.taggbox.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.mkjfgfi.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be *.taggbox.com ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net wss://mkffi-chatbot.it.nrw.de *.flockler.app;    media-src *; upgrade-insecure-requests; 1
frame-ancestors 'self' https://five9--university.lightning.force.com https://*.my.salesforce.com https://*.force.com https://*.visualforce.com https://anubi.docebo.cloud https://*.lightning.force.com https://five9--university.my.salesforce.com https://five9--uat.my.salesforce.com https://ive9--uat.my.salesforce.com https://five9.my.salesforce.com five9.docebosaas.com www.five9university.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hear-me.social; img-src 'self' https: data: blob: https://hear-me.social; style-src 'self' https://hear-me.social 'nonce-ENwNMv6q6T1BXaAv+Yeh9Q=='; media-src 'self' https: data: https://hear-me.social; frame-src 'self' https:; manifest-src 'self' https://hear-me.social; form-action 'self'; child-src 'self' blob: https://hear-me.social; worker-src 'self' blob: https://hear-me.social; connect-src 'self' data: blob: https://hear-me.social https://files.hear-me.social wss://hear-me.social; script-src 'self' https://hear-me.social 'wasm-unsafe-eval' 1
default-src 'self'; style-src 'self'; script-src 'self' https://www.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.expedrion.biz https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com; img-src * https://googleads.g.doubleclick.net https://www.google.com data: 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; connect-src * 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src * 1
default-src * data:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://dev-new.healthinsurance.org https://www.healthinsurance.org; 1
default-src https: 'self' *.adur-worthing.gov.uk; img-src 'self' www.google-analytics.com customer.cludo.com www.gstatic.com maps.gstatic.com maps.googleapis.com translate.google.com data: *.adur-worthing.gov.uk; script-src 'self' *.adur-worthing.gov.uk *.cludo.com www.google-analytics.com www.googletagmanager.com www.google.com ajax.googleapis.com maps.googleapis.com maps.google.co.uk www.gstatic.com api-bridge.azurewebsites.net www.smartsurvey.co.uk static.hotjar.com script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.adur-worthing.gov.uk fonts.googleapis.com translate.googleapis.com 'unsafe-inline'; font-src 'self' *.adur-worthing.gov.uk fonts.gstatic.com assets.nhs.uk; connect-src 'self' *.adur-worthing.gov.uk www.google-analytics.com region1.google-analytics.com maps.googleapis.com api.cludo.com api.nhs.uk content.hotjar.io in.hotjar.com metrics.hotjar.io vc.hotjar.io ws: ws.hotjar.com; object-src 'self'; frame-src 'self' *.adur-worthing.gov.uk www.google.com calendar.google.com www.google.co.uk www.youtube.com www.smartsurvey.co.uk player.vimeo.com www.podbean.com embed.stepchange.org; 1
default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://product-gallery.cloudinary.com;connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://akamai.tiqcdn.com https://*.google-analytics.com https://*.klarnaservices.com https://*.klarna.com https://*.cloudinary.com https://*.akamaihd.net https://*.hotjar.io https://*.hotjar.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.criteo.com https://*.doubleclick.net https://www.gstatic.com;script-src 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://optimize.google.com http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://*.google-analytics.com 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://intljs.rmtag.com https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://*.klarnaservices.com https://*.klarnacdn.net;img-src https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://secure.adnxs.com https://www.facebook.com 'self' data: https:;frame-src *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://*.doubleclick.net https://*.criteo.com https://*.facebook.com https://*.criteo.net https://*.criteo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.linksynergy.com https://*.adform.net https://*.doubleclick.net https://*.pinterest.com https://*.googlesyndication.com;object-src 'none';base-uri 'self';script-src-attr 'unsafe-inline';media-src https://res.garmin.com https://res.cloudinary.com blob:;worker-src blob:;upgrade-insecure-requests;form-action 'self';frame-ancestors 'self' 1
default-src 'self' *.google.com *.googletagmanager.com *.youtube.com *.addthis.com *.typekit.net *.fonticons.com *.fortawesome.com *.victorreinz.us https://victorreinz.us *.crazyegg.com *.twimg.com https://addevent.com *.addevent.com connect.facebook.net www2.dana.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://googleads.g.doubleclick.net https://www.google.com https://ade.googlesyndication.com *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.google-analytics.com www.googletagservices.com about: https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://facebook.com/tr https://www.facebook.com/tr https://www.googletagmanager.com/gtm.js https://js.adsrvr.org/up_loader.1.1.0.js; connect-src 'self' https://addevent.com *.addevent.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://stats.g.doubleclick.net/j/collect *.googlesyndication.com https://ade.googlesyndication.com ad.doubleclick.net http://ad.doubleclick.net https://ad.doubleclick.net https://region1.google-analytics.com https://region1.google-analytics.com/g/collect *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://r.clarity.ms/collect https://*.clarity.ms https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://facebook.com/tr https://www.facebook.com/tr https://digitalthrottle.ss-gtm.com https://cdn.linkedin.oribi.io https://bat.bing.com https://js.adsrvr.org/up_loader.1.1.0.js; font-src 'self' data: *.typekit.net *.fonticons.com *.fortawesome.com *.spicerparts.com *.victorreinz.us https://spicerparts.com https://victorreinz.us fonts.gstatic.com https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net; frame-src 'self' *.youtube.com *.google.com *.victorreinz.us https://victorreinz.us *.crazyegg.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com tpc.googlesyndication.com *.googlesyndication.com www2.dana.com dana.newsletter.mg-l.com https://stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net/j/collect https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://insight.adsrvr.org/ https://match.adsrvr.org/; img-src * about: data:; object-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://addevent.com *.addevent.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://stats.g.doubleclick.net/j/collect *.googletagmanager.com https://r.clarity.ms/collect https://*.clarity.ms https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://bat.bing.com https://www.googletagmanager.com/gtm.js https://js.adsrvr.org/up_loader.1.1.0.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.adsrvr.org https://maps.googleapis.com https://polyfill.io https://unpkg.com https://use.fonticons.com https://use.typekit.net https://www.googletagmanager.com platform.twitter.com 'nonce-TlsObmTDx4O2vCv-aXWaSw'; style-src 'self' 'unsafe-inline' *.typekit.net *.fonticons.com *.fortawesome.com *.spicerparts.com *.victorreinz.us https://spicerparts.com https://victorreinz.us *.crazyegg.com fonts.googleapis.com *.google.com https://r.clarity.ms/collect https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal.onetrust.com/request/v1/consentreceipts https://connect.facebook.net https://cdn-images.mailchimp.com/embedcode/classic-061523.css https://cdn-images.mailchimp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; report-uri https://spicerparts.com/report-uri/enforce 1
child-src 'self' blob: www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org ws://*.hotjar.com *.hotjar.com *.hotjar.io *.mtrcs.samba.tv *.nr-data.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com lifescan.us-4.evergage.com *.appsflyer.com *.bing.com www.google.com.br about: http://us.onetouch.docksal/cohesionapi/blocks adservice.google.com https://analytics.google.com https://ad.doubleclick.net https://qoe-1.yottaa.net https://gtm-wlv586z7-mge3y.uc.r.appspot.com; font-src 'self' data: https://fonts.gstatic.com privacyportal-cdn.onetrust.com https://fonts.googleapis.com https://cdn.appsflyer.com; frame-src 'self' www.googletagmanager.com *.youtube.com https://www.google.com https://vars.hotjar.com/ *.doubleclick.net www.facebook.com static.addtoany.com https://home-e34.niceincontact.com https://lifescan.chatbot.aisera.cloud/; img-src 'self' data: blob: https://cdn.cookielaw.org *.onetouch.com *.onelink.me *.tapad.com *.mtrcs.samba.tv www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com https://analytics.twitter.com https://t.co https://bat.bing.com https://di.rlcdn.com https://www.facebook.com https://www.google.com.br img.youtube.com https://i.ytimg.com google.com google.ad google.ae google.com.af google.com.ag google.com.ai google.al google.am google.co.ao google.com.ar google.as google.at google.com.au google.az google.ba google.com.bd google.be google.bf google.bg google.com.bh google.bi google.bj google.com.bn google.com.bo google.com.br google.bs google.bt google.co.bw google.by google.com.bz google.ca google.cd google.cf google.cg google.ch google.ci google.co.ck google.cl google.cm google.cn google.com.co google.co.cr google.com.cu google.cv google.com.cy google.cz google.de google.dj google.dk google.dm google.com.do google.dz google.com.ec google.ee google.com.eg google.es google.com.et google.fi google.com.fj google.fm google.fr google.ga google.ge google.gg google.com.gh google.com.gi google.gl google.gm google.gr google.com.gt google.gy google.com.hk google.hn google.hr google.ht google.hu google.co.id google.ie google.co.il google.im google.co.in google.iq google.is google.it google.je google.com.jm google.jo google.co.jp google.co.ke google.com.kh google.ki google.kg google.co.kr google.com.kw google.kz google.la google.com.lb google.li google.lk google.co.ls google.lt google.lu google.lv google.com.ly google.co.ma google.md google.me google.mg google.mk google.ml google.com.mm google.mn google.ms google.com.mt google.mu google.mv google.mw google.com.mx google.com.my google.co.mz google.com.na google.com.ng google.com.ni google.ne google.nl google.no google.com.np google.nr google.nu google.co.nz google.com.om google.com.pa google.com.pe google.com.pg google.com.ph google.com.pk google.pl google.pn google.com.pr google.ps google.pt google.com.py google.com.qa google.ro google.ru google.rw google.com.sa google.com.sb google.sc google.se google.com.sg google.sh google.si google.sk google.com.sl google.sn google.so google.sm google.sr google.st google.com.sv google.td google.tg google.co.th google.com.tj google.tl google.tm google.tn google.to google.com.tr google.tt google.com.tw google.co.tz google.com.ua google.co.ug google.co.uk google.com.uy google.co.uz google.com.vc google.co.ve google.vg google.co.vi google.com.vn google.vu google.ws google.rs google.co.za google.co.zm google.co.zw google.cat b.videoamp.com googleads.g.doubleclick.net https://ad.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://static.hotjar.com/ https://script.hotjar.com/ *.newrelic.com *.nr-data.net *.mtrcs.samba.tv *.appsflyer.com https://home-e34.niceincontact.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://service.force.com https://static.addtoany.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://maps.googleapis.com *.youtube.com www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://service.force.com https://www.google.com maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://www.google-analytics.com https://cdn.di-capt.com https://static.ads-twitter.com https://bat.bing.com *.appsflyer.com https://cdn.evgnet.com/ https://www.googleadservices.com https://www.gstatic.com https://static.hotjar.com/ https://script.hotjar.com/ *.newrelic.com *.nr-data.net *.mtrcs.samba.tv https://rapid-cdn.yottaa.com/ https://lifescan.chatbot.aisera.cloud/  https://home-e34.niceincontact.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com  https://www.onetouch.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'  https://www.onetouch.com; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.helpscout.net *.twitter.com *.pardot.com *.finvi.com *.jazz.co *.facebook.net *.yoast.com *.cloudflare.com www.googletagmanager.com *.gstatic.com *.snap.licdn.com ct.capterra.com perf.hsforms.com js.hsforms.net forms.hsforms.com snap.licdn.com js.hs-scripts.com cdn.jsdelivr.net www.googleoptimize.com a.omappapi.com www.google.com www.gstatic.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com api.omappapi.com px.ads.linkedin.com forms.hubspot.com api.hubapi.com track.hubspot.com www.google.ca p.adsymptotic.com yoast.com youtube.com www.youtube.com optimize.google.com use.fontawesome.com *.seedprod.com *gstatic.com cdn.linkedin.oribi.io *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: www.googletagmanager.com cdnjs.cloudflare.com *gstatic.com ct.capterra.com perf.hsforms.com js.hsforms.net forms.hsforms.com snap.licdn.com js.hs-scripts.com cdn.jsdelivr.net www.googleoptimize.com a.omappapi.com www.google.com www.gstatic.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com api.omappapi.com px.ads.linkedin.com forms.hubspot.com api.hubapi.com track.hubspot.com www.google.ca p.adsymptotic.com yoast.com youtube.com www.youtube.com optimize.google.com use.fontawesome.com *.seedprod.com *.helpscout.net *.pardot.com cdn.linkedin.oribi.io *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com; img-src 'self' data: *.google.* googleads.g.doubleclick.net *.helpscout.net *.cloudfront.net *.pardot.com *.jazz.co *.linkedin.com *.facebook.net *.yoast.com *.google.com.jm *.placeholder.com *.facebook.com *.google.co.in fonts.gstatic.com *.google.com.pk *gstatic.com ct.capterra.com perf.hsforms.com js.hsforms.net forms.hsforms.com snap.licdn.com js.hs-scripts.com cdn.jsdelivr.net www.googleoptimize.com a.omappapi.com www.google.com www.gstatic.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com api.omappapi.com px.ads.linkedin.com forms.hubspot.com api.hubapi.com track.hubspot.com www.google.ca p.adsymptotic.com yoast.com youtube.com www.youtube.com optimize.google.com use.fontawesome.com *.seedprod.com www.googletagmanager.com cdn.linkedin.oribi.io s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com maps.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com; connect-src 'self' *.omappapi.com forms.hubspot.com api.hubapi.com yoast.com youtube.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com api.seedprod.com *.cloudfront.net *.helpscout.net *.pardot.com *.google.com *.yoast.com cdn.linkedin.oribi.io *.google-analytics.com gjtrack.ucweb.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com at.alicdn.com ct.capterra.com perf.hsforms.com js.hsforms.net forms.hsforms.com snap.licdn.com js.hs-scripts.com cdn.jsdelivr.net www.googleoptimize.com a.omappapi.com www.google.com www.gstatic.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com api.omappapi.com px.ads.linkedin.com forms.hubspot.com api.hubapi.com track.hubspot.com www.google.ca p.adsymptotic.com yoast.com youtube.com www.youtube.com optimize.google.com use.fontawesome.com *.seedprod.com *.helpscout.net *.pardot.com www.googletagmanager.com *gstatic.com cdn.linkedin.oribi.io data: fonts.googleapis.com; object-src * ; media-src 'self' ct.capterra.com perf.hsforms.com js.hsforms.net forms.hsforms.com snap.licdn.com js.hs-scripts.com cdn.jsdelivr.net www.googleoptimize.com a.omappapi.com www.google.com www.gstatic.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com api.omappapi.com px.ads.linkedin.com forms.hubspot.com api.hubapi.com track.hubspot.com www.google.ca p.adsymptotic.com yoast.com youtube.com www.youtube.com optimize.google.com use.fontawesome.com *.seedprod.com *.helpscout.net *.pardot.com www.googletagmanager.com *gstatic.com cdn.linkedin.oribi.io; frame-src 'self' bid.g.doubleclick.net *.google.com forms.hsforms.com *.twitter.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; report-uri https://katabat.com?gdsih-csp-report; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://i.picsum.photos https://picsum.photos https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.vimeocdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://*.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu *.google.com https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: 1
script-src 'unsafe-inline' 'self' *.googleapis.com *.fontawesome.com *.smotreshka.tv *.vk.com cdnjs.cloudflare.com *.yandex.ru oss.maxcdn.com; 1
frame-ancestors 'self' https://microapps.google.com/ https://pwa.zomato.com; default-src *; font-src * data:; child-src 'self' * blob:; img-src * 'self' data: blob: ; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.jwpcdn.com *.licdn.com *.cloudflare.com *.twitter.com *.recruiterbox.com *.zdev.net *.zdev.net:8080 *.zomato.com *.tinymce.com *.gstatic.com *.googleapis.com *.google.com *.google.co.in *.facebook.com sdk.accountkit.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.nr-data.net *.newrelic.com *.google-analytics.com *.zmtcdn.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.cdninstagram.com *.googlesyndication.com *.spreedly.com *.instagram.com *.twimg.com d1m0gkspj3l6or.cloudfront.net d3mvnvhjmkxpjz.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d2weczhvl823v0.cloudfront.net d2z9qv80fklwtv.cloudfront.net d32l4mqe5xk032.cloudfront.net *.serving-sys.com *.pubnub.com *.branch.io app.link cdn.poll-maker.com *.ampproject.org rec.smartlook.com static.hotjar.com script.hotjar.com zba.se *.googletagmanager.com eff.org cdn.plot.ly 3717.tm.zedo.com *.bing.com static.criteo.net sslwidget.criteo.com gum.criteo.com mddigital.in static.zdassets.com zomato.zendesk.com cdn.taboola.com trc.taboola.com ds-aksb-a.akamaihd.net service.force.com zomato.my.salesforce.com zomato.secure.force.com d.la1-c1-hnd.salesforceliveagent.com; style-src * 'unsafe-inline'; worker-src 'self' https: blob:; 1
script-src 'nonce-36ff6201d65e501defe6548d5fedc148' 'report-sample' 'strict-dynamic' 'unsafe-inline' http: https: 'sha384-XYenUSTqiv+nam4OYXS7f8jE1g0w48N39aClx7VtDJSBbhHon48vwUQzU9lAlu+c' 'sha384-Qkti7soZgFU9T8qfnQy+GB/xybE5wbDDF+MUb5be479yklDnPVt5CrEkzw4kSDQY'; base-uri 'self'; object-src 'none'; report-uri https://o64941.ingest.sentry.io/api/137923/security/?sentry_key=e63e4b408c9d4d1cb6a399ff24fc9a5f; 1
frame-ancestors 'self' https://prd-04176-iknl-admin.azurewebsites.net 1
default-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.gravatar.com *.smushcdn.com *.wpmucdn.com wpmudev.com *.typekit.net cdn.linkedin.oribi.io getaddress.io *.getaddress.io *.ipify.org coleg-gwent-blaenaugwent.s3.eu-west-2.amazonaws.com coleg-gwent-usk.s3.eu-west-2.amazonaws.com coleg-gwent-newport.s3.eu-west-2.amazonaws.com coleg-gwent-crosskeys.s3.eu-west-2.amazonaws.com coleg-gwent-pontypool.s3.eu-west-2.amazonaws.com *.cookielaw.org *.w.org *.windows.net *.coleggwent.org *.unistats.ac.uk *.discoveruni.gov.uk prod-discoveruni.azure-api.net *.career-pathways.co.uk *.click4assistance.co.uk discoveruni.gov.uk icould.com *.bing.com *.bidswitch.net  *.adnxs.com *.coleggwent.ac.uk qvdt3feo.com *.stackadapt.com *.snapchat.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com snap.licdn.com *.linkedin.com *.fejobs.com *.twitter.com *.twimg.com *.ytimg.com *.google-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.youtube.com youtu.be *.microsoftstream.com *.facebook.com *.facebook.net secure.adnxs.com *.doubleclick.net data: getaddress.io *.getaddress.io *.ipify.org coleg-gwent-blaenaugwent.s3.eu-west-2.amazonaws.com coleg-gwent-usk.s3.eu-west-2.amazonaws.com coleg-gwent-newport.s3.eu-west-2.amazonaws.com coleg-gwent-crosskeys.s3.eu-west-2.amazonaws.com coleg-gwent-pontypool.s3.eu-west-2.amazonaws.com *.google.co.uk *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com *.google.com t.co; script-src 'self' 'unsafe-inline' *.api.getaddress.io *.coleggwent.org getaddress.io *.getaddress.io *.ipify.org *.googleapis.com *.wpmucdn.com wpmudev.com *.google.com qvdt3feo.com *.stackadapt.com *.static.doubleclick.net static.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.google.com *.gstatic.com *.youtube.com youtu.be *.microsoftstream.com secure.adnxs.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.twimg.com *.ytimg.com  googleapis.com *.twitter.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com snap.licdn.com *.snapchat.com *.linkedin.com sc-static.net connect.facebook.net static.ads-twitter.com s7.addthis.com *.unistats.ac.uk *.discoveruni.gov.uk prod-discoveruni.azure-api.net *.career-pathways.co.uk *.click4assistance.co.uk discoveruni.gov.uk icould.com *.bing.com *.gravatar.com *.cookielaw.org *.w.org *.windows.net 1
frame-ancestors 'self' https://www.imsm.es https://www.mostoles.es https://www.mostolesjoven.es 1
report-uri https://archiipedia.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.com *.hsforms.net iconoclast-mb.com *.clickagy.com js.zohocdn.com js.zohostatic.com *.hubspot.com www.clarity.ms bat.bing.com widget.trustpilot.com js.hscta.net salesiq.zoho.com salesiq.zohopublic.com snap.licdn.com tags.clickagy.com *.googleanalytics.com *.google.com g9706132415.co *.googleoptimize.com *.doubleclick.net *.googleadservices.com *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.zoominfo.com *.hs-scripts.com *.googletagmanager.com *.hotjar.com *.github.io vimkit.io *.cloudfront.net *.webflow.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' widget.trustpilot.com *.google.com *.doubleclick.net app.hubspot.com *.hotjar.com *.youtube.com salesiq.zohopublic.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.hsforms.com *.hsforms.net; object-src 'self'; frame-ancestors 'self' *.gofax.com.au; 1
style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com *.googleusercontent.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://www.google-analytics.com https://api.mapbox.com; default-src 'self'; report-uri /api/csp-report 1
upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com/font-awesome/ https://ka-p.fontawesome.com https://c.disquscdn.com https://disqus.com data:; style-src 'self' 'unsafe-inline' https://www.doble.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com ; style-src-elem 'self' 'unsafe-inline' https://www.doble.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.facebook.com https://platform.twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net https://player.vimeo.com https://www.google.com/ https://go.pardot.com/ https://view.publitas.com/ https://www2.doble.com/ https://disqus.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.doble.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://pi.pardot.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://www2.doble.com https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.publitas.com https://maps.googleapis.com https://dobleblog.disqus.com https://cdn-cookieyes.com https://*.cookieyes.com https://player.vimeo.com blob: data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.doble.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://pi.pardot.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://www2.doble.com https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.publitas.com https://maps.googleapis.com https://dobleblog.disqus.com https://cdn-cookieyes.com https://*.cookieyes.com https://player.vimeo.com blob: data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://googleads.g.doubleclick.net https://ka-p.fontawesome.com https://maps.googleapis.com https://*.wpe.clients.hosted-elasticpress.io https://cdn.linkedin.oribi.io https://cdn-cookieyes.com https://*.cookieyes.com https://pagead2.googlesyndication.com https://*.linkedin.com/; img-src 'self' https://www.doble.com https://s.w.org https://www.google-analytics.com https://www.facebook.com http://www.w3.org https://secure.gravatar.com https://syndication.twitter.com https://px.ads.linkedin.com https://www.google.com https://p.adsymptotic.com https://www.linkedin.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://referrer.disqus.com https://c.disquscdn.com https://px4.ads.linkedin.com/ https://cdn-cookieyes.com https://*.cookieyes.com data:; 1
base-uri 'none'; object-src 'none'; script-src 'report-sample' https://daynhauhoc.com/logs/ https://daynhauhoc.com/sidekiq/ https://daynhauhoc.com/mini-profiler-resources/ https://daynhauhoc.com/assets/ https://daynhauhoc.com/brotli_asset/ https://daynhauhoc.com/extra-locales/ https://daynhauhoc.com/highlight-js/ https://daynhauhoc.com/javascripts/ https://daynhauhoc.com/plugins/ https://daynhauhoc.com/theme-javascripts/ https://daynhauhoc.com/svg-sprite/ https://www.google-analytics.com/analytics.js https: 'unsafe-inline'; worker-src 'self' blob:; report-uri https://daynhauhoc.com/csp_reports 1
default-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' https://api.flooz.trade https://flooz-follow-vg25lineqa-uc.a.run.app https://*.cloudfunctions.net https://*.googleapis.com https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://sockjs-us3.pusher.com wss://ws-mt1.pusher.com/ wss://ws-us3.pusher.com wss://*.bridge.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org https://registry.walletconnect.com wss://www.walletlink.org/rpc https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://adservice.google.com https://googleads.g.doubleclick.net https://*.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://gen-f-minting-rbgg3hvdfq-uc.a.run.app https://*.getblock.io https://*.binance.org https://*.nariox.org https://*.infura.io https://polygon-rpc.com https://*.tronex.io https://*.trongrid.io https://infragrid.v.network https://*.wallet.coinbase.com https://*.walletconnect.com https://*.walletconnect.org https://cloudflare-eth.com https://*.moralis.io https://*.ankr.com https://*.twnodes.com https://*.dcentwallet.com https://*.ninicoin.io https://*.defibit.io https://arb1.arbitrum.io https://mainnet.optimism.io https://api.avax.network https://mainnet.base.org https://mainnet.era.zksync.io https://*.moonpay.com https://cdn.contentful.com preview.contentful.com https://webanalytics.cookie3.co https://app.dynamicauth.com https://dynamic-static-assets.com https://auth.magic.link https://api.turnkey.com https://www.google.com track.customer.io customerioforms.com *.api.gist.build *.cloud.gist.build; font-src 'self' https://cdn.jsdelivr.net/npm/@fontsource/dm-sans/ https://script.hotjar.com https://*.gstatic.com data:; form-action 'self' https://*.facebook.com; frame-src https://*.moonpay.com https://*.ramp.network https://ri-widget-staging.firebaseapp.com https://*.transak.com https://*.paychant.com https://*.mercuryo.io/ https://www.google.com https://www.facebook.com https://td.doubleclick.net https://vars.hotjar.com 'self' https://flooz-profiles-prod.firebaseapp.com https://flooz-profiles-staging.firebaseapp.com https://verify.walletconnect.com https://verify.walletconnect.org https://auth.magic.link https://export.turnkey.com http://recovery.turnkey.io http://export.turnkey.io https://recovery.turnkey.com/ https://vercel.live/ https://vercel.co renderer.gist.build code.gist.build https://www.youtube.com https://www.vimeo.com https://platform.twitter.com; img-src * https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ track.customer.io data: blob:; manifest-src 'self'; media-src *; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://vercel.live/ https://vercel.com assets.customer.io code.gist.build customerioforms.com; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.scr.kaspersky-labs.com https://connect.facebook.net https://*.hotjar.com https://vercel.live/ https://vercel.com https://assets.customer.io https://code.gist.build https://platform.twitter.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com code.gist.build; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; worker-src 'self'; report-uri https://o1246260.ingest.sentry.io/api/6405829/security/?sentry_key=8d278bec6b2c424a9435aef35ed6ded9&sentry_environment=production; frame-ancestors 'none' 1
frame-ancestors 'self' http://localhost:* https://localhost:* http://app.storyblok.com website-git-develop-oev.vercel.app oeu-fleets-staging.vercel.app *.electricjuice.com *.octopus.energy *.smarthomecharge.co.uk *.octopusev.com *.actionnetzero.org *.theelectroverse.com https://author-psa-65-prod.adobecqms.net https://author-fca-italy-brands-prod-65.adobecqms.net *.vauxhall.co.uk *.citroen.co.uk *.dsautomobiles.co.uk *.peugeot.co.uk *.alfaromeo.co.uk *.abarthcars.co.uk *.jeep.co.uk *.fiat.co.uk https://oeu-fleets-staging.vercel.app https://oeu-fleets.vercel.app https://electric-universe-fleets.vercel.app *.leasys.com 1
frame-src 'self' https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://csp.ademamedia.nl/reporter_mettnl.php; report-to https://csp.ademamedia.nl/reporter_mettnl.php; 1
default-src https://*.infinbank.com:* https://*.recaptcha.net https://*.googleapis.com https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://*.yandex.ru https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://googleadservices.com https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.ggpht.com https://stats.g.doubleclick.net https://*.jivosite.com wss://*.jivosite.com; style-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.infinbank.com:* https://cdn.jsdelivr.net https://*.recaptcha.net https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://*.yandex.ru https://cdnjs.cloudflare.com https://unpkg.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com https://googleadservices.com https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.ggpht.com https://*.jivosite.com; img-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.googleapis.com https://*.googletagmanager.com https://*.recaptcha.net https://*.gstatic.com https://*.ggpht.com; media-src https://*.infinbank.com:* https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.jivosite.com; font-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com; frame-src https://*.infinbank.com:* https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.jivosite.com https://*.recaptcha.net; manifest-src 'self' https://*.infinbank.com:*; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://woof.group; img-src 'self' https: data: blob: https://woof.group; style-src 'self' https://woof.group 'nonce-fnzDo7A5LQzkSyGKrkHcag=='; media-src 'self' https: data: https://woof.group; frame-src 'self' https:; manifest-src 'self' https://woof.group; form-action 'self'; child-src 'self' blob: https://woof.group; worker-src 'self' blob: https://woof.group; connect-src 'self' data: blob: https://woof.group https://files.woof.group wss://woof.group; script-src 'self' https://woof.group 'wasm-unsafe-eval' 1
default-src https: http://history.oa-bsa.org data: 'unsafe-inline' 'unsafe-eval' placehold.it;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.oa-bsa.org www.google-analytics.com www.googletagmanager.com *.hotjar.com *.hotjar.io *.vimeo.com *.vimeocdn.com use.typekit.com www.google.com use.typekit.net code.jquery.com stackpath.bootstrapcdn.com www.gstatic.com cdn.knightlab.com cdnjs.cloudflare.com static.addtoany.com api.instagram.com ajax.googleapis.com maps.googleapis.com connect.facebook.net platform.twitter.com cdn.jsdelivr.net *.createsend1.com;     style-src 'self' 'unsafe-inline' *.oa-bsa.org fonts.googleapis.com cdn.knightlab.com stackpath.bootstrapcdn.com use.typekit.net p.typekit.net cdnjs.cloudflare.com;     connect-src 'self' http://api.oa-bsa.org api.oa-bsa.org www.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com use.typekit.com www.google.com use.typekit.net performance.typekit.net www.gstatic.com cdnjs.cloudflare.com static.addtoany.com www.instagram.com api.instagram.com ajax.googleapis.com maps.googleapis.com createsend.com *.doubleclick.net;     frame-ancestors 'self' *.oa-bsa.org; 1
default-src https: blob:; font-src https: data:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://stats.slik.nl https://slik.containers.piwik.pro/ https://cdn.heapanalytics.com/ https://cdn.matomo.cloud/ https://*.hotjar.com https://*.cookiebot.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://cdn.leadinfo.net/ https://collector.leadinfo.net/ https://script.adcalls.nl/ https://www.google.com/ https://www.gstatic.com/; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com/ data:; img-src 'self' data: https://heapanalytics.com/ https://*.hotjar.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://*.googleapis.com/ https://*.ggpht.com/ https://www.google-analytics.com/ https://www.google.nl/ https://www.google.com/ https://*.doubleclick.net/ https://collector.leadinfo.net/; connect-src https://*.googlesyndication.com/ https://stats.slik.nl/ https://slik.containers.piwik.pro/ https://slik.piwik.pro/ https://*.auryc.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/ https://api.slik.eu/ https://consentcdn.cookiebot.com/ https://api.adcalls.nl/ https://collector.leadinfo.net/ https://api.leadinfo.com/ https://*.google-analytics.com/; frame-src 'self' https://*.hotjar.com https://www.youtube-nocookie.com https://*.cookiebot.com/ https://www.google.com/ 1
frame-ancestors 'self'; report-uri https://www.cptc.edu/report-uri/enforce 1
frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud 1
report-uri https://api.web1on1.chat/report-violation;default-src 'self';connect-src 'self' wss://*.web1on1.chat wss://*.chatshipper.com wss://*.smooch.io *.web1on1.chat *.chatshipper.com *.run.app *.cloudfunctions.net *.facebook.com *.google.com *.smooch.io *.postmarkapp.com fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.googleapis.com *.userguiding.com eventgw.twilio.com wss://*.twilio.com media.twiliocdn.com sdk.twilio.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.googleapis.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.statuspage.io *.postmarkapp.com blob: connect.facebook.net apis.google.com *.cloudflare.com *.userguiding.com *.chatshipper.com *.web1on1.chat *.google.com *.gstatic.com media.twiliocdn.com sdk.twilio.com;style-src 'self' 'unsafe-inline' *.chatshipper.com *.web1on1.chat *.smooch.io fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com viabovag.nl *.userguiding.com *.viabovag.nl blob:;img-src * data: blob:;font-src 'self' data: *.googleusercontent.com *.bootstrapcdn.com *.cloudfront.net fonts.googleapis.com fonts.gstatic.com viabovag.nl *.userguiding.com *.viabovag.nl *.smooch.io;media-src 'self' data: *.smooch.io cht.onl meet.cht.onl 8X8.vc js.stripe.com *.userguiding.com stripe.com mediastream media.twiliocdn.com sdk.twilio.com;object-src 'none';child-src * blob:; frame-src *; frame-ancestors *.citnow.com *.rtcauto.co.uk; 1
default-src usim.beprod.leqvio.com 'self'; style-src usim.beprod.leqvio.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' *.doctor.com; script-src usim.beprod.leqvio.com unpkg.com kaltura.com *.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.facebook.net medtargetsystem.com *.medtargetsystem.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doctor.com *.healthgrades.com *.googleapis.com *.pmsrv.co cdn.evgnet.com maps.googleapis.com t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com; child-src blob:; worker-src blob:; object-src 'none'; font-src fonts.gstatic.com *.kaltura.com 'self' data: application: *.doctor.com; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com contextweb.com *.contextweb.com medtargetsystem.com *.medtargetsystem.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' *.doctor.com *.healthgrades.com maps.googleapis.com; connect-src usim.beprod.leqvio.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.consumerism.pressganey.com *.doctor.com *.healthgrades.com *.googleapis.com *.tealiumiq.com *.tiqcdn.com maps.googleapis.com cloudflareinsights.com; media-src usim.beprod.leqvio.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.leqvio.com 'self' 1
default-src 'none'; connect-src *; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://twemoji.maxcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://platform.twitter.com; img-src 'self' data: https:; worker-src 'self'; frame-src https://platform.twitter.com; manifest-src 'self'; report-uri https://fapcoholic.com/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net wss://*.tidio.co:* *.tidio.co *.tidiochat.com static.getbutton.io/   wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 1
frame-ancestors 'self' http://localhost:6090 1
default-src 'self' *.markem-imaje.com blob: *.google.com *.google.ch *.google.fr *.google.de *.google.it *.google.es googleads.g.doubleclick.net it4v7.interactiv-doc.fr http://wpwsc.egoncloud.com:1292 px.ads.linkedin.com cdn.linkedin.oribi.io websites.cdn.getfeedback.com; script-src 'self' *.markem-imaje.com 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://mc.yandex.ru https://info.markem-imaje.com https://pi.pardot.com https://websites.cdn.getfeedback.com *.mavenoid.com cdn.segment.com edge.fullstory.com fullstory.com *.twilio.com polyfill.io edge.fullstory.com www.fullstory.com cdn.segment.com *.googleapis.com www.googletagmanager.com tagmanager.google.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com www.youtube.com platform.twitter.com syndication.twitter.com s.ytimg.com publish.twitter.com *.twimg.com platform.linkedin.com platform.stumbleupon.com dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org www.geoplugin.net ads.google.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.googleads.com *.google.com *.google.ch *.google.fr *.google.de *.google.co.uk *.google.it *.google.es snap.licdn.com/li.lms-analytics/insight.min.js tracker.metricool.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com; style-src 'self' *.markem-imaje.com 'unsafe-inline' use.fontawesome.com *.mavenoid.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com *.twimg.com; font-src 'self' *.markem-imaje.com *.mavenoid.com use.fontawesome.com markem-imaje.mavenoid.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.markem-imaje.com *.basemaps.cartocdn.com https://mc.yandex.ru https://markempro.azurewebsites.net *.gstatic.com *.googleapis.com *.mavenoid.com mavenoidfiles.com markem-imaje.com www.markem-imaje.com new.markem-imaje.com www.google-analytics.com platform.tumblr.com api-markem-imaje.mavenoid.com web.facebook.com www.facebook.com media.mavenoid.com delicious.com www.redditstatic.com www.linkedin.com syndication.twitter.com static.licdn.com dec.azureedge.net *.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.com *.google.ch *.google.fr *.google.de *.google.it *.google.es *.googletagmanager.com googleads.g.doubleclick.net px.ads.linkedin.com tracker.metricool.com; media-src 'self' *.markem-imaje.com data: blob: mediastream:; frame-src 'self' *.markem-imaje.com https://www.getfeedback.com *.doubleclick.net *.google.com *.youtube.com it4v7.interactiv-doc.fr hemsync.clickagy.com; child-src 'self' *.markem-imaje.com blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/; connect-src 'self' *.markem-imaje.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://www.facebook.com *.google-analytics.com *.mavenoid.com *.twilio.com *.twilio.com rs.fullstory.com api.segment.io api.segment.io api-markem-imaje.mavenoid.com accounts.google.com info.markem-imaje.com api.ipify.org *.dec.sitefinity.com *.mktoresp.com api-markem-imaje.mavenoid.com markem-imaje.mavenoid.com api-markem-imaje.mavenoid.com *.doubleclick.net *.google.com *.google.ch *.google.fr *.google.de *.google.it *.google.es wss://* *.sentry.io wpwsc.egoncloud.com *.egoncloud.com:1252 *.googlesyndication.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://syke.maps.arcgis.com; base-uri 'self'; object-src 'self'; connect-src wss: https: 1
frame-ancestors app.1.30sec.fr 30sec.fr https://www.avekapeti.com http://bctraiteur.com https://www.boboresto.fr/ https://basil.fr https://www.dejbox.fr https://www.dood.company https://api.dood.company https://www.dood.com https://api.dood.com https://dood-feeds.dood.company https://www.eatlf.fr https://www.foodcheri.com http://www.foodcheri.com https://www.junglecook.com https://www.lf.fr https://lafringalerie.fr https://www.lebonbocal.fr https://lebonbocal.fr http://www.lebonbocal.fr http://lebonbocal.fr https://www.plateaux-repas-orleans.com https://www.le-chemin-des-saveurs.com https://www.diyas-salads.com http://www.melchior.pro https://melchior.xcard.me http://localhost:3000 https://monpaniervert.fr https://nestorparis.com https://c.obypay.com https://*.c.obypay.com https://pidelice.com https://commande.popotes.fr https://manager.my-resto.net https://blacksheep-api.herokuapp.com https://blacksheep-api-testprod.herokuapp.com https://sauvetoncommerce.fr https://*.sioupla.it https://siouplait.com https://*.eatoffice.com https://*.edenred.io 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; img-src * data: blob:; font-src * data: blob:; connect-src * data: blob:; media-src * data: blob:; object-src * data: blob:; frame-src * data: blob:; child-src * data: blob:; form-action * data: blob:; base-uri * data: blob:; report-uri /csp-report-endpoint/; 1
default-src 'self'; frame-src 'none'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' https://*.wistia.com https://*.wistia.net weightmanslivecdn.azureedge.net; frame-src *.weightmans.com weightmans.email *.google.com static.addtoany.com cdn.yoshki.com *.youtube.com *.youtube-nocookie.com *.libsyn.com *.soundcloud.com chatbot.wearegabba.com *.addthis.com *.googletagmanager.com *.slideshare.net dev-weightmans.neotalogic.com weightmans.neotalogic.com weightmans.outgrow.us; script-src 'self' 'unsafe-inline' *.azure.com *.visualstudio.com blob: 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.wistia.com *.wistia.net dyv6f9ner1ir9.cloudfront.net https://src.litix.io static.addtoany.com *.juicer.io cookiehub.net *.cookiehub.net cookiehub.com *.cookiehub.com stats.g.doubleclick.net *.gstatic.com *.cloudflare.com app.everviz.com d2hywq2hljgss4.cloudfront.net widget.ubisend.io clarity.microsoft.com clarity.ms plausible.io cdn.yoshki.com www.clarity.ms *.addthis.com *.addtoany.com *.cdnjs.cloudflare.com/ajax/libs/hammer.js/ weightmanslivecdn.azureedge.net jsdelivr.net cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' *.azure.com *.visualstudio.com cookiehub.com *.cookiehub.com cookiehub.net *.cookiehub.net analytics.nyltx.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io fg8vvsvnieiv3ej16jby.litix.io *.juicer.io wss://localhost:* analytics.google.com *.google-analytics.com *.analytics.google.com *.doubleclick.net plausible.io *.clarity.ms weightmanslivecdn.azureedge.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.yoshki.com *.googletagmanager.com static.addtoany.com *.googleapis.com o356983.ingest.sentry.io we-are-gabba-bot-server.ubisendaws.com wss://we-are-gabba-bot-server.ubisendaws.com we-are-gabba-api.ubisend.io; style-src 'self' 'unsafe-inline' blob: cookiehub.net *.cookiehub.net cookiehub.com *.cookiehub.com fonts.googleapis.com *.juicer.io *.cloudflare.com https://fast.wistia.com widget.ubisend.io weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.juicer.io https://*.wistia.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; img-src 'self' 'unsafe-inline' data: *.juicer.io media.licdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net pbs.twimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com uniform.azureedge.net *.doubleclick.net *.google.com *.google.co.uk *.cdninstagram.com *.instagram.com *.fbcdn.net cdn.yoshki.com we-are-gabba-pulse-assets.s3.eu-west-2.amazonaws.com *.clarity.ms c.bing.com *.umbraco.com weightmansstagingcdn.azureedge.net weightmanslivecdn.azureedge.net WeightmansStagingMediaCDN.azureedge.net; media-src 'self' blob: https://*.wistia.com 1
frame-ancestors 'self' https://didongthongminh.vn; 1
script-src 'self' https://chart.googleapis.com http://cdn.sematext.com/ https://cdn.sematext.com/ https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' 'unsafe-eval'; report-uri https://login.xtm.cloud:443/saas-manager/cspReport.serv; img-src 'self' https://chart.googleapis.com http://cdn.sematext.com/ https://cdn.sematext.com/ https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' content.pendo.xtm-intl.com data.pendo.xtm-intl.com 'unsafe-inline' 1
default-src 'self'; font-src *;img-src * data:; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.beautybase.com; base-uri 'self' 1
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; font-src data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://atag.adgile.media/ https://pagead2.googlesyndication.com/ wss://realtime.mypurecloud.com.au/ wss://webmessaging.mypurecloud.com.au/ https://*.mypurecloud.com.au/ https://*.goodstart.org.au/ https://d38o6ero4cmsrz.cloudfront.net/ https://cdn.linkedin.oribi.io/ https://ct.pinterest.com/ https://f.clarity.ms/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.facebook.com/ https://*.clarity.ms/ https://maps.googleapis.com/ https://analytics.google.com/ https://analytics.tiktok.com/ https://*.linkedin.com/ https://jlihhjqe.goodstart.org.au/; 1
frame-ancestors *.3ds.com *.solidworks.com *.itvpc.3ds.com *.itvpc.solidworks.com *.edrawingsviewer.com 1
default-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' *.atlabank.com atlabank.com www.atlabank.com www.youtube.com https://www.youtube.com 1
frame-src 'self' blob: https://www.connexys.nl https://*.mappibyswis.nl https://*.geostart.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://bijmijindebuurt.gemeentewestland.nl; connect-src https://geodata.nationaalgeoregister.nl https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com 'self'; img-src 'self' https://piwik.swis.nl https://service.pdok.nl https://geodata.nationaalgeoregister.nl https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com data:; script-src 'self' https://piwik.swis.nl https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; media-src 'self' https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; object-src 'self' https://youtube.com https://www.youtube.com; style-src 'self' https://youtube.com https://www.youtube.com 'unsafe-inline' data: 'report-sample'; form-action 'self' https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; report-to csp; child-src 'self' blob:; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' https://www.gemeentewestland.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
frame-ancestors 'self'; connect-src 'self' cdn.ampproject.org www.google.com www.googletagmanager.com www.googletagmanager.com analytics.google.com www.google-analytics.com amp.analytics-debugger.com stats.g.doubleclick.net analytics.tiktok.com onesignal.com cdn.cookielaw.org www.facebook.com www.tiktok.com *.dynamicyield.com; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: go.harborfreight.com fonts.gstatic.com fonts.googleapis.com use.fontawesome.com; frame-src 'self' go.harborfreight.com www.google.com cdn.ampproject.org 10563850.fls.doubleclick.net www.facebook.com cdn.cookielaw.org www.tiktok.com www.instagram.com newsroom.harborfreight.com; img-src 'self' data: go.harborfreight.com pixel.wp.com www.google.com www.google-analytics.com ssl.google-analytics.com maps.gstatic.com *.googleapis.com *.ggpht.com stats.g.doubleclick.net www.facebook.com img.onesignal.com pippio.com www.tiktok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' go.harborfreight.com cdn.ampproject.org www.google.com www.googletagmanager.com amp.analytics-debugger.com ssl.google-analytics.com www.gstatic.com onesignal.com cdn.onesignal.com stats.wp.com ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com use.fontawesome.com analytics.tiktok.com connect.facebook.net cdn.cookielaw.org *.cookieyes.com cdn-cookieyes.com www.tiktok.com *.dynamicyield.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' go.harborfreight.com cdn.ampproject.org use.fontawesome.com www.google.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com onesignal.com cdn.onesignal.com stats.wp.com analytics.tiktok.com connect.facebook.net cdn.cookielaw.org *.cookieyes.com cdn-cookieyes.com www.tiktok.com lf16-tiktok-web.ttwstatic.com js-agent.newrelic.com ajax.googleapis.com *.dynamicyield.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' go.harborfreight.com fonts.googleapis.com use.fontawesome.com onesignal.com cdn.cookielaw.org *.cookieyes.com cdn-cookieyes.com www.tiktok.com; worker-src go.harborfreight.com www.gstatic.com; 1
object-src 'none'; script-src 'self'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.intercomcdn.com; img-src 'self' data: https://i.ibb.co https://ssl.google-analytics.com https://storage.googleapis.com/dexma/images https://storage.googleapis.com/dexma/images/; manifest-src 'self'; media-src 'self'; 1
frame-ancestors 'self' www.washburn.edu www.washburntech.edu; 1
default-src         'self';             script-src         'self'         'unsafe-inline'         'unsafe-eval' 		blob:         http://www.google-analytics.com/         http://connect.facebook.net         https://fonts.googleapis.com/         https://www.googletagmanager.com/gtag/         https://www.google.com/recaptcha/         https://www.gstatic.com/recaptcha/         https://www.googletagmanager.com         https://www.googleadservices.com/         https://googleads.g.doubleclick.net         https://www.gstatic.com 		https://pi.pardot.com         http://cdn.pardot.com         https://info.acin.pt         https://info.acingov.pt         https://www.google.com/jsapi;            img-src         'self'         data:         blob:         https://www.facebook.com/         http://www.google-analytics.com/         https://stats.g.doubleclick.net/         https://www.google.com/         https://www.google.pt/ 		https://www.googletagmanager.com         https://apps.acingov.pt;             style-src         'self'         'unsafe-inline' 		https://www.gstatic.com/         https://fonts.googleapis.com/;             font-src         'self'         https://fonts.googleapis.com/         https://fonts.gstatic.com/         https://themes.googleusercontent.com/;             frame-src         'self'         https://www.googletagmanager.com 		https://www.youtube.com/         https://www.google.com/;             frame-ancestors         'self'         https://www.google.com/;             object-src         'self'        data:         blob:;             media-src         'self';             connect-src         'self' 		https://stats.g.doubleclick.net/         https://www.google-analytics.com/ 		https://region1.google-analytics.com/ ;        	form-action         'self'         https://preprod.autenticacao.gov.pt/fa/Default.aspx         https://autenticacao.gov.pt/fa/Default.aspx ;      1
frame-ancestors 'self' *.mncsekuritas.id *.okezone.com 1
default-src 'self' https://*.googlesyndication.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://adservice.google.co.jp https://www.googleadservices.com https://www.googletagservices.com https://platform.twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://*.g.doubleclick.net https://*.yahoo.co.jp https://*.yimg.jp https://sitest.jp https://*.i-mobile.co.jp https://cdn.ampproject.org https://*.brightcove.com https://*.brightcove.co.jp https://*.outbrain.com https://connect.facebook.net https://www.dreammail.jp https://cdn.smartnews-ads.com https://*.ladsp.com;                     style-src 'unsafe-inline' https:;                     img-src https: data:;                     font-src https: data:;                     connect-src 'self' https://*.google-analytics.com https://csi.gstatic.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.i-mobile.co.jp https://pixel.tapad.com https://*.gmossp-sp.jp https://analytics.google.com;                     child-src 'self' https://www.youtube.com https://*.googlesyndication.com https://*.g.doubleclick.net https://*.twitter.com https://*.i-mobile.co.jp https://players.brightcove.net https://player.vimeo.com https://www.facebook.com https://www.google.com https://*.ladsp.com; 1
img-src 'self' data: https://maps.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.com.au/ https://www.google.com.ph/ https://www.google.com.fr/ https://www.google.co.nz/ https://www.google.co.vn/ https://www.google.co.hk/ https://documents.medebridge.com.au/media/ https://maps.google.com/ https://maps.googleapis.com/ https://cdn.acsbapp.com/ https://cdn.accessibly.app/; font-src 'self' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://cdn.acsbapp.com/ https://cdn.accessibly.app/; object-src 'self'; frame-src 'self' https://js.stripe.com/ https://unifier.atlassian.net/; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://fonts.googleapis.com/css https://maps.googleapis.com/ https://maps.gstatic.com/ https://unifier.atlassian.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://uhgreports.medebridgeforms.com/ https://uhgreports.medebridge2.com/ https://cdn.form.io/ckeditor/19.0.0/ckeditor.js https://cdn.form.io/flatpickr/flatpickr.min.css https://cdn.form.io/flatpickr/flatpickr.min.js https://cdn.form.io/flatpickr-formio/4.6.13-formio.1/flatpickr.min.css https://cdn.form.io/flatpickr-formio/4.6.13-formio.1/flatpickr.min.js https://acsbapp.com/ https://cdn.acsbapp.com/ https://process.acsbapp.com/ https://dash.accessibly.app/ https://cdn.accessibly.app/ https://fonts.googleapis.com/ https://browser.ihtsdotools.org https://cdn.form.io/flatpickr-formio/4.6.13-formio.3/flatpickr.min.css https://cdn.form.io/flatpickr-formio/4.6.13-formio.3/flatpickr.min.js https://alt-tags.accessiblyapp.com/v1/alt-tags; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-dXrLL2JQZV0eL+v5j7LPNw=='  'sha256-5yLEE/jUF5eoOefsINotD+tXeklSYMKlhm5Zl+biNrg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com 1
frame-ancestors 'self' localhost falconinsgroup.com *.falconinsgroup.com 1
default-src 'none' ;  script-src  'self' ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com commerce.coinbase.com pagead2.googlesyndication.com adservice.google.com adservice.google.fr www.googletagservices.com www.googleadservices.com ;  style-src   'self' maxcdn.bootstrapcdn.com commerce.coinbase.com ;  frame-src   'self' commerce.coinbase.com www.youtube.com googleads.g.doubleclick.net www.google.com www.google.fr ;  object-src  'self' commerce.coinbase.com www.youtube.com ;  connect-src 'self' pagead2.googlesyndication.com ;  img-src     'self' s3.us-west-2.amazonaws.com static.scarf.sh sup.lamiral.info lstu.fr  www.paypalobjects.com imapsync.lamiral.info ;  font-src    'self' maxcdn.bootstrapcdn.com ;  form-action 'self' www.paypal.com ;  1
frame-ancestors 'self'                    cbsplit.com       pelvicfloorstrong.com       pelvicfloorstrong-com.cbsplit.com ; 1
style-src 'self' 'unsafe-inline' cdn.pricespider.com api.tiles.mapbox.com *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io *.pricespider.com www.googletagmanager.com *.google-analytics.com cdn.cookielaw.org *.doubleclick.net cdnjs.cloudflare.com *.mapbox.com www.youtube.com *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net feed.pghub.io consumersupport.pg.com *.jebbit.com pandg.tapad.com ; img-src 'self' blob: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org *.pricespider.com *.bazaarvoice.com *.google-analytics.com www.googletagmanager.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: api.tiles.mapbox.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org *.pricespider.com *.analytics.google.com *.google-analytics.com *.algolia.net *.algolianet.com *.mapbox.com mw-ar-recom-prod.pgapi.io mw-ar-recom-dev.pgapi.io *.bazaarvoice.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';frame-src 'self' *.bnpparibasfortis.be *.bnpparibasfortis.com *.facebook.com *.vimeo.com *.youtube.com *.brightcove.net; 1
base-uri 'self'; form-action 'self' www.facebook.com forms-eu1.hsforms.com pyithubawa.net; frame-ancestors 'self' www.currencycloud.com; upgrade-insecure-requests ; child-src blob: go.currencycloud.com bid.g.doubleclick.net www.google.com forms-eu1.hsforms.com embed.podcasts.apple.com embed.sounder.fm player.vimeo.com www.youtube.com; connect-src 'self' data: region1.analytics.google.com api.clearout.io api.cognitive.microsofttranslator.com google.com ds.cookiehub.net policy.cookiereports.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com www.currencycloud.com metrics2.data.hicloud.com ad.doubleclick.net www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com region1.google-analytics.com www.google-analytics.com translate.googleapis.com www.google.co.cr adservice.google.com analytics.google.com www.google.com www.google.com.sg www.google.co.uk www.google.de pagead2.googlesyndication.com www.googletagmanager.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com forms-eu1.hscollectedforms.net js-eu1.hscollectedforms.net forms-eu1.hsforms.com js-eu1.hs-scripts.com api-eu1.hubapi.com forms-eu1.hubspot.com mainnet.infura.io cdn.linkedin.oribi.io edge.microsoft.com cookiehub.net hubspot-forms-static-embed-eu1.s3.amazonaws.com scout.salesloft.com analytics.twitter.com plugin.ucads.ucweb.com gjtrack.ucweb.com infragrid.v.network njs.wigoal.com; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: px.ads.linkedin.com static.ads-twitter.com p.adsymptotic.com js.chilipiper.com t.co ds.cookiehub.net assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com www.facebook.com connect.facebook.net bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com region1.google-analytics.com www.google-analytics.com fonts.googleapis.com www.google.co.il adservice.google.com www.google.com www.google.com.au www.google.com.br www.google.co.uk www.google.de www.google.ee www.google.fr www.google.hu www.google.nl www.googleoptimize.com www.google.pl pagead2.googlesyndication.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net forms-eu1.hsforms.com perf-eu1.hsforms.com js-eu1.hsforms.net js-eu1.hs-scripts.com api-eu1.hubapi.com forms-eu1.hubspot.com track-eu1.hubspot.com snap.licdn.com www.linkedin.com cookiehub.net hubspot-forms-static-embed-eu1.s3.amazonaws.com scout-cdn.salesloft.com scout.salesloft.com analytics.twitter.com player.vimeo.com www.youtube.com; font-src 'self' data: at.alicdn.com zip.co fonts.gstatic.com www.slant.co use.typekit.net; frame-src embed.acast.com vimeo.com wwatchvideos.com blog.currencycloud.com go.currencycloud.com www.currencycloud.com td.doubleclick.net https://*.duosecurity.com www.facebook.com sounder.fm bid.g.doubleclick.net googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com www.googletagmanager.com forms-eu1.hsforms.com app-eu1.hubspot.com www.linkedin.com mozbar.moz.com developer.mozilla.org pitc.nube.53.com embed.podcasts.apple.com www.recaptcha.net cf-media.sndcdn.com w.soundcloud.com embed.sounder.fm filter.techloq.com player.vimeo.com api.xiaoduis.com www.youtube.com; img-src 'self' data: p.adsymptotic.com region1.analytics.google.com t.co policy.cookiereports.com assets.currencycloud.com www.currencycloud.com ad.doubleclick.net www.facebook.com googleads.g.doubleclick.net www.google.ad www.googleadservices.com www.google.ae www.google.am region1.google-analytics.com www.google-analytics.com translate.googleapis.com www.google.at www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr adservice.google.com translate.google.com www.google.com www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.ml www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn pagead2.googlesyndication.com www.googletagmanager.com www.google.tn secure.gravatar.com fonts.gstatic.com www.gstatic.com forms-eu1.hsforms.com forms.hsforms.com perf-eu1.hsforms.com forms.hubspot.com track-eu1.hubspot.com track.hubspot.com *.linkedin.com www.linkedin.com is3-ssl.mzstatic.com co-asset.s3.ap-south-1.amazonaws.com embed.sounder.fm analytics.twitter.com scout.us1.salesloft.com i.vimeocdn.com i.ytimg.com; manifest-src 'self'; media-src data:; object-src 'none'; script-src 'nonce-S30IF3U5VznkpuTwu32r6mFxUB4uDl0E' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'  'self'   inline self wasm-eval static.ads-twitter.com js.chilipiper.com script.crazyegg.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.google.com www.google.com.my www.googleoptimize.com pagead2.googlesyndication.com www.googletagmanager.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hs-scripts.com snap.licdn.com cookiehub.net scout-cdn.salesloft.com embed.sounder.fm; script-src-attr 'nonce-S30IF3U5VznkpuTwu32r6mFxUB4uDl0E' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'   'report-sample'; script-src-elem 'nonce-S30IF3U5VznkpuTwu32r6mFxUB4uDl0E' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'  'self'  'report-sample' static.ads-twitter.com js.chilipiper.com policy.cookiereports.com script.crazyegg.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com www.google.com www.googleoptimize.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.gstatic.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hs-scripts.com gc.kes.v2.scr.kaspersky-labs.com me.kes.v2.scr.kaspersky-labs.com snap.licdn.com cookiehub.net cdn.randomhow.com scout-cdn.salesloft.com embed.sounder.fm; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com www.gstatic.com cookiehub.net; style-src-attr 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' www.currencycloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com www.gstatic.com cookiehub.net adblockers.opera-mini.net; worker-src blob:; report-uri https://darwinapps.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' https://beacon.aisdevio.com/ https://digital.ais.th/ https://gourmetmarketthailand.com/ 1
default-src 'self' https://*.quantumreverse.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.googleapis.com; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
frame-ancestors 'self' https://accept.authorize.net; form-action 'self' https://accept.authorize.net; connect-src 'self' https://pagead2.googlesyndication.com https://jssi-universal-dashboard-prod.azurewebsites.net https://analytics.google.com https://maps.googleapis.com https://bam.nr-data.net https://www.google-analytics.com; img-src 'self' https://jssicddreport.azureedge.net https://jssicddreport.blob.core.windows.net https://maps.gstatic.com https://maps.googleapis.com https://analytics.google.com https://pagead2.googlesyndication.com data: 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu https://anchor.fm https://drive.google.com https://oplaadpalen.nl/ https://www.google.com/maps/ https://player.vimeo.com/; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MGMyZDIyYzAtNDBhMC00OGRkLWI3OTktYmVkNDhiYmVhYWM1' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://virtuele-gemeente-assistent.nl https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl https://embed.email-provider.eu https://anchor.fm; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-MGMyZDIyYzAtNDBhMC00OGRkLWI3OTktYmVkNDhiYmVhYWM1' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://embed.email-provider.eu; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3cc2tv1iqu8fj&partner=; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Ee42TEXOU5kOE-y8pb0Liw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://www.facebook.com X-Frame-Options: ALLOW-FROM https://www.facebook.com; 1
frame-ancestors 'self' https://www.itmagazine.ch 1
frame-ancestors *.ariba.com 1
connect-src 'self' *.bkb.ch *.mybkb.ch s.yimg.com chatbot.bkb.ch geolocation.onetrust.com cdn.cookielaw.org; default-src 'self'; form-action 'self'; frame-ancestors 'self' *.bkb.ch; frame-src 'self' *.doubleclick.net www.youtube.com www.youtube-nocookie.com *.aiaibot.com; font-src 'self' data: *.bkb.ch erbrecht.events.bkb.ch; img-src 'self' data: *.bkb.ch ad.doubleclick.net www.google.com www.google.ch maps.googleapis.com www.google-analytics.com *.fls.doubleclick.net www.googletagmanager.com cdn.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bkb.ch www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com sp.analytics.yahoo.com irpages2.eqs.com *.google-analytics.com *.google.com *.adobedtm.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.bkb.ch 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com display.popt.in api.hubapi.com forms.hubspot.com region1.google-analytics.com www.google-analytics.com maps.googlepais.com www.google.com vars.hotjar.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: maps.googleapis.com www.googleoptimize.com www.googletagmanager.com js.hs-scripts.com cdn.popt.in www.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com https://script.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: display.popt.in api.hubapi.com forms.hubspot.com region1.google-analytics.com maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: www.google.com vars.hotjar.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-fWN7Mr84NU25p4aLulGR_g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-c6ccZYIAGb8NVQoIfbzc2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cackl.io; img-src 'self' https: data: blob: https://cackl.io; style-src 'self' https://cackl.io 'nonce-h0oUlKO7PSAPrOvTvWJTPQ=='; media-src 'self' https: data: https://cackl.io; frame-src 'self' https:; manifest-src 'self' https://cackl.io; form-action 'self'; child-src 'self' blob: https://cackl.io; worker-src 'self' blob: https://cackl.io; connect-src 'self' data: blob: https://cackl.io https://m.cackl.io wss://cackl.io; script-src 'self' https://cackl.io 'wasm-unsafe-eval' 1
connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.crazyegg.com *.hotjar.io wss://ws.hotjar.com *.hotjar.com *.googleapis.com *.hscollectedforms.net https://forms.hsforms.com wss://wsp36.hotjar.com wss://wsp13.hotjar.com *.google.com *.fontawesome.com *.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com *.acsbapp.com *.bugherd.com *.oribi.io *.hubapi.com *.clarity.ms *.bugsnag.com wss://ws.pusherapp.com *.doubleclick.net *.pusher.com pagead2.googlesyndication.com *.googlesyndication.com 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
default-src 'self' burlingtonstores.jobs player.vimeo.com d12wqovxet6953.cloudfront.net www.youtube.com analytics.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.dejobs.org *.jobsyn.org *.recruitrooster.com *.burlingtonstores.jobs dn9tckvz2rpxv.cloudfront.net d2e48ltfsb5exy.cloudfront.net src.nlx.org prod-static.dejobs.org data: *.google-analytics.com 'unsafe-inline' 1
frame-ancestors 'self' https://*.stripe.com 1
frame-ancestors 'self' *.primecredit.com *.primecredit.biz online.munroads.com 1
frame-ancestors https://tutorsapp.englishscore.com https://*.yesinglese.com https://*.fluentify.com https://*.voxy.com; 1
frame-ancestors http://www.nationalfisherman.com https://divcomplatform.s3.amazonaws.com 1
img-src data: *; base-uri 'self'; frame-ancestors 'self'; style-src 'self' https: 'unsafe-inline'; font-src data: *; media-src *; worker-src 'self' *.googletagmanager.com *.google-analytics.com google-analytics.com *.google.com *.googleapis.com *.thehotelsnetwork.com thehotelsnetwork.com *.trivago.com trivago.com *.tripadvisor.com tripadvisor.com *.sojern.com sojern.com *.doubleclick.net icm.aexp-static.com *.quantummetric.com *.triptease.io triptease.io pdx-col.eum-appdynamics.com https://www.google.com https://www.unicohotelrivieramaya.com https://*.gtsgapps.com https://*.livechatinc.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://vars.hotjar.com https://pro.ip-api.com https://ib.adnxs.com *.laasie.ai *.gtsgig.com https://zbf3t54l4l.execute-api.us-west-2.amazonaws.com https://*.flip.to https://*.ft-clarity.com  https://*.cloudfront.net https://*.d38xvr37kwwhcm.cloudfront.net *.d38xvr37kwwhcm.cloudfront.net *.trail.grin.co https://trail.grin.co https://*.trail.grin.co https://*.cloudflare.com *.cloudflare.com https://*.unicohotelrivieramaya.stories.travel *.unicohotelrivieramaya.stories.travel *.v4lley.gtsgapps.com https://*.v4lley.gtsgapps.com https://sst.rcd-hotels.com *.sst.rcd-hotels.com https://*.sst.rcd-hotels.com *.relay-t.io https://*.relay-t.io https://relay-t.io *.secure-relay.com https://*.secure-relay.com https://secure-relay.com *.secure-hotel-tracker.com https://*.secure-hotel-tracker.com https://secure-hotel-tracker.com blob:; child-src 'self' *.googletagmanager.com *.google-analytics.com google-analytics.com *.google.com *.googleapis.com *.thehotelsnetwork.com thehotelsnetwork.com *.trivago.com trivago.com *.tripadvisor.com tripadvisor.com *.sojern.com sojern.com *.doubleclick.net icm.aexp-static.com *.quantummetric.com *.triptease.io triptease.io pdx-col.eum-appdynamics.com https://www.google.com https://www.unicohotelrivieramaya.com https://*.gtsgapps.com https://*.livechatinc.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://vars.hotjar.com https://pro.ip-api.com https://ib.adnxs.com *.laasie.ai *.gtsgig.com https://zbf3t54l4l.execute-api.us-west-2.amazonaws.com https://*.flip.to https://*.ft-clarity.com  https://*.cloudfront.net https://*.d38xvr37kwwhcm.cloudfront.net *.d38xvr37kwwhcm.cloudfront.net *.trail.grin.co https://trail.grin.co https://*.trail.grin.co https://*.cloudflare.com *.cloudflare.com https://*.unicohotelrivieramaya.stories.travel *.unicohotelrivieramaya.stories.travel *.v4lley.gtsgapps.com https://*.v4lley.gtsgapps.com https://sst.rcd-hotels.com *.sst.rcd-hotels.com https://*.sst.rcd-hotels.com *.relay-t.io https://*.relay-t.io https://relay-t.io *.secure-relay.com https://*.secure-relay.com https://secure-relay.com *.secure-hotel-tracker.com https://*.secure-hotel-tracker.com https://secure-hotel-tracker.com blob:; script-src 'strict-dynamic' 'nonce-3h+m3u13bRaWwnz3TeN3Pg==' 'unsafe-inline' 'unsafe-eval' 'self' *.synxis.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.google.com *.googleapis.com *.gatag.it gatag.it *.doubleclick.net icm.aexp-static.com *.sabrehospitality.com *.asc.sabre.com *.thehotelsnetwork.com thehotelsnetwork.com *.trivago.com trivago.com *.tripadvisor.com tripadvisor.com *.sojern.com sojern.com *.triptease.io triptease.io https://*.sabre-gcp.com https://*.sabre-gcp.com:3000 https://*.sabre-gcp.com:3001 https://*.sabre-gcp.com:3002 https://*.sabrecirrus.com pdx-col.eum-appdynamics.com *.quantummetric.com https://www.google.com https://www.unicohotelrivieramaya.com https://*.gtsgapps.com https://*.livechatinc.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://vars.hotjar.com https://pro.ip-api.com https://ib.adnxs.com *.laasie.ai *.gtsgig.com https://zbf3t54l4l.execute-api.us-west-2.amazonaws.com https://*.flip.to https://*.ft-clarity.com  https://*.cloudfront.net https://*.d38xvr37kwwhcm.cloudfront.net *.d38xvr37kwwhcm.cloudfront.net *.trail.grin.co https://trail.grin.co https://*.trail.grin.co https://*.cloudflare.com *.cloudflare.com https://*.unicohotelrivieramaya.stories.travel *.unicohotelrivieramaya.stories.travel *.v4lley.gtsgapps.com https://*.v4lley.gtsgapps.com https://sst.rcd-hotels.com *.sst.rcd-hotels.com https://*.sst.rcd-hotels.com *.relay-t.io https://*.relay-t.io https://relay-t.io *.secure-relay.com https://*.secure-relay.com https://secure-relay.com *.secure-hotel-tracker.com https://*.secure-hotel-tracker.com https://secure-hotel-tracker.com; default-src 'self' *.synxis.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.google.com *.googleapis.com *.gatag.it gatag.it *.doubleclick.net icm.aexp-static.com *.sabrehospitality.com *.asc.sabre.com *.thehotelsnetwork.com thehotelsnetwork.com *.trivago.com trivago.com *.tripadvisor.com tripadvisor.com *.sojern.com sojern.com *.triptease.io triptease.io https://*.sabre-gcp.com https://*.sabre-gcp.com:3000 https://*.sabre-gcp.com:3001 https://*.sabre-gcp.com:3002 https://*.sabrecirrus.com pdx-col.eum-appdynamics.com *.quantummetric.com https://www.google.com https://www.unicohotelrivieramaya.com https://*.gtsgapps.com https://*.livechatinc.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://vars.hotjar.com https://pro.ip-api.com https://ib.adnxs.com *.laasie.ai *.gtsgig.com https://zbf3t54l4l.execute-api.us-west-2.amazonaws.com https://*.flip.to https://*.ft-clarity.com  https://*.cloudfront.net https://*.d38xvr37kwwhcm.cloudfront.net *.d38xvr37kwwhcm.cloudfront.net *.trail.grin.co https://trail.grin.co https://*.trail.grin.co https://*.cloudflare.com *.cloudflare.com https://*.unicohotelrivieramaya.stories.travel *.unicohotelrivieramaya.stories.travel *.v4lley.gtsgapps.com https://*.v4lley.gtsgapps.com https://sst.rcd-hotels.com *.sst.rcd-hotels.com https://*.sst.rcd-hotels.com *.relay-t.io https://*.relay-t.io https://relay-t.io *.secure-relay.com https://*.secure-relay.com https://secure-relay.com *.secure-hotel-tracker.com https://*.secure-hotel-tracker.com https://secure-hotel-tracker.com; report-uri /reports?hid=71266&cid=20034&sid=DdrtBK4C00vtl2RhbXGwOI7B 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' on-shore.mschoa-dev.org at-sea.mschoa-dev.org 1
default-src 'self' blob:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.evivanlanschot.nl https://tags.tiqcdn.com *.visualwebsiteoptimizer.com app.vwo.com https://*.relay42.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.vimeo.com https://vimeo.com https://unpkg.com https://static.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net  http://tdn.r42tag.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com http://a.svtrd.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://www.googleadservices.com https://*.googletagmanager.com https://*.hostedbypoort80.nl; font-src 'self' data: https://*.hotjar.com; img-src 'self' data: https://img.youtube.com/ *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://apple-resources.s3.amazonaws.com https://tools.applemediaservices.com https://play.google.com https://*.umbraco.com https://*.umbraco.org http://www.gravatar.com https://*.evivanlanschot.nl http://*.evivanlanschot.nl https://*.vanlanschot.nl http://*.vanlanschot.nl https://www.google.nl https://www.google-analytics.com http://www.googletagmanager.com/ http://evi-nl-www.local.poort80.nl https://*.poort80.nl https://googleads.g.doubleclick.net https://www.google.com/pagead https://i.vimeocdn.com http://*.svtrd.com https://www.google.com https://*.r42tag.com https://cm.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com http://code.jquery.com; connect-src 'self' wss://localhost:* tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com collect-ap-east-1.tealiumiq.com collect-ap-northeast-1.tealiumiq.com collect-ap-northeast-2.tealiumiq.com collect-ap-northeast-3.tealiumiq.com collect-ap-southeast-1.tealiumiq.com collect-ap-southeast-2.tealiumiq.com collect-ap-south-1.tealiumiq.com collect-ca-central-1.tealiumiq.com collect-eu-central-1.tealiumiq.com collect-eu-west-1.tealiumiq.com collect-eu-west-2.tealiumiq.com collect-eu-west-3.tealiumiq.com collect-sa-east-1.tealiumiq.com collect-us-east-1.tealiumiq.com collect-us-east-2.tealiumiq.com collect-us-west-1.tealiumiq.com collect-us-west-2.tealiumiq.com collect.tealiumiq.com visitor-service-ap-northeast-1.tealiumiq.com visitor-service-ap-northeast-2.tealiumiq.com visitor-service-ap-northeast-3.tealiumiq.com visitor-service-ap-southeast-1.tealiumiq.com visitor-service-ap-southeast-2.tealiumiq.com visitor-service-ap-south-1.tealiumiq.com visitor-service-ca-central-1.tealiumiq.com visitor-service-eu-central-1.tealiumiq.com visitor-service-eu-west-1.tealiumiq.com visitor-service-eu-west-2.tealiumiq.com visitor-service-eu-west-3.tealiumiq.com visitor-service-sa-east-1.tealiumiq.com visitor-service-us-east-1.tealiumiq.com visitor-service-us-east-2.tealiumiq.com visitor-service-us-west-1.tealiumiq.com visitor-service-us-west-2.tealiumiq.com visitor-service.tealiumiq.com api.tealiumiq.com *.visualwebsiteoptimizer.com app.vwo.com https://evi-test.hostedbypoort80.nl/* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.analytics.google.com https://*.umbraco.com https://*.umbraco.org https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha https://stats.g.doubleclick.net https://analytics.google.com https://*.facebook.com https://*.analytics.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com/ app.vwo.com *.visualwebsiteoptimizer.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://player.vimeo.com https://www.google.com/ http://t.svtrd.com https://consentcdn.cookiebot.com http://*.fls.doubleclick.net https://*.hostedbypoort80.nl; worker-src 'self' blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-qIuL/p+qO//wW8qGzH2MYNKa3dRv1VXGDV4IhlFoiIqtM524' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; img-src https: data: 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline' data:; object-src 'self' 1
form-action 'self' *.facebook.com p.monetico-services.com *.librinova.com; base-uri 'none' 'self'; frame-ancestors 'self'; default-src 'self'; connect-src 'self' ws: *.google-analytics.com *.facebook.com *.zopim.com *.doubleclick.net *.hubspot.com *.hubapi.com *.hscollectedforms.net *.linkedin.oribi.io *.ads.linkedin.com *.google.com; media-src 'self' *.zdassets.com; img-src 'self' blob: data: *.cloudinary.com blog.librinova.com www.facebook.com *.youtube.com *.vimeo.com www.googletagmanager.com www.google-analytics.com www.google.com www.google.fr v2assets.zopim.io *.hsforms.com *.hubspot.com *.froala.com *.linkedin.com *.doubleclick.net; font-src 'self' blob: *.librinova.com fonts.gstatic.com; style-src 'self' blob: *.cloudflare.com *.googleapis.com 'unsafe-inline'; script-src 'self' *.google.com *.google.fr *.youtube.com *.googleapis.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com www.googletagmanager.com connect.facebook.net code.jquery.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com 'unsafe-inline' 'unsafe-eval' *.hsadspixel.net *.licdn.com *.doubleclick.net *.vimeo.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com www.googletagmanager.com *.hubspot.com; object-src 'self' 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.sautershop.de https://maps.googleapis.com https://www.paypal.com https://www.google.com https://bat.bing.com https://www.google.de/ads https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://ct.pinterest.com https://googleads.g.doubleclick.net https://*.clarity.ms https://pagead2.googlesyndication.com https://cookiehub.net https://ds.cookiehub.net https://*.paypal.com https://assets.braintreegateway.com https://region1.analytics.google.com https://region1.google-analytics.com; font-src 'self' https://cdn.sautershop.de https://maxcdn.bootstrapcdn.com; frame-src 'self' https://69552.online-adventskalender.de https://app.mailjet.com https://news.sautershop.de https://www.google.com https://www.sautershop.de https://www.paypal.com https://www.paypalobjects.com https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://bid.g.doubleclick.net https://td.doubleclick.net https://b.stats.paypal.com https://*.paypal.com https://assets.braintreegateway.com https://ct.pinterest.com; img-src https://cdn.sautershop.de 'self' data: https://cdn.klarna.com https://sautershop.com https://t.paypal.com https://www.sautershop.de https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://ct.pinterest.com https://img.youtube.com https://www.google.de https://www.paypalobjects.com https://b.stats.paypal.com https://*.paypal.com https://assets.braintreegateway.com https://i.ytimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sautershop.de https://cookiehub.net https://www.paypalobjects.com https://app.mailjet.com https://www.gstatic.com https://clarity.ms https://*.clarity.ms https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com/pagead/ https://s.pinimg.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://popups.landingi.com https://bat.bing.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.sautershop.de https://maxcdn.bootstrapcdn.com https://cookiehub.net https://cookiehub.eu https://cdn.cookiehub.eu https://ct.pinterest.com; 1
base-uri 'self'; object-src 'none'; form-action 'self' https:; frame-ancestors 'self'; default-src 'self'  https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; connect-src 'self'  https://analytics.google.com https://at.puhti.fi https://*.getsitectrl.com/ https://*.getsitecontrol.com https://*.wistia.com  https://geo.wpforms.com https://*.g.doubleclick.net https://*.clarity.ms https://*.facebook.com https://*.google-analytics.com https://fg8vvsvnieiv3ej16jby.litix.io/ https://api.mypurecloud.de wss://*.mypurecloud.de/ https://*.mypurecloud.com/ https://*.adroll.com https://www.puhti.fi https://service.giosg.com https://glitchtip.jco.fi/ https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ https://adservice.google.com https://services.paytrail.com https://*.paytrail.com https://*.googlesyndication.com https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; font-src 'self' data:  https://fonts.gstatic.com https://use.fontawesome.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; frame-src 'self'  https://www.youtube.com https://*.facebook.com https://www.google.com/maps/ https://*.livechatinc.com/ https://*.openstreetmap.fr/ https://optimize.google.com https://service.giosg.com https://*.giosgusercontent.com https://*.g.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; img-src 'self' data:  https://*.wistia.com https://*.getsitecontrol.com https://*.wistia.net https://secure.gravatar.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.fi https://*.googletagmanager.com https://*.trackmytarget.com https://i.ytimg.com https://optimize.google.com https://*.clarity.ms/ https://*.bing.com/ https://*.adroll.com https://ads.yahoo.com https://*.bidswitch.net https://*.adnxs.com https://*.openx.net https://*.g.doubleclick.net https://*.paytrail.com/ https://*.taboola.com/ https://*.readpeak.com/ https://cdn.giosgusercontent.com/ https://px.ads.linkedin.com/ https://www.puhti.fi/ https://s.w.org/ https://www.puhti.fi https://maps.gstatic.com/ https://*.linkedin.com https://*.googlesyndication.com https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; media-src 'self'  blob: https://*.wistia.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdn.adt328.com https://*.facebook.net https://diffuser-cdn.app-us1.com https://*.wistia.net https://*.wistia.com https://googleads.g.doubleclick.net https://*.getsitecontrol.com https://prism.app-us1.com https://trackcmp.net https://*.clarity.ms https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.livechatinc.com https://*.trackmytarget.com https://www.youtube.com https://*.googleadservices.com https://puhti.activehosted.com https://*.cloudfront.net https://optimize.google.com https://*.mypurecloud.de https://*.adroll.com https://*.adroll.mgr.consensu.org https://service.giosg.com https://glitchtip.jco.fi/ https://app.readpeak.com/js/rpa.js https://snap.licdn.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://optimize.google.com https://*.adroll.com https://service.giosg.com https://use.fontawesome.com/ https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; worker-src 'self'  blob: https://*.giosg.com https://*.giosgusercontent.com https://*.interactions.giosgusercontent.com https://*.clients.giosgusercontent.com https://*.googleoptimize.com/ https://*.googleapis.com; report-uri https://glitchtip.jco.fi/api/12/security/?glitchtip_key=f82ca5cefcc748238cd6d10284a92342; report-to glitchtip 1
base-uri 'none';child-src 'none';connect-src 'self' https://formspree.io https://*.sentry.io https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.walletconnect.com wss://*.walletconnect.com https://*.avo.app https://*.amplitude.com wss://*.zendesk.com wss://*.zopim.com https://ekr.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com https://moonspin.us wss://moonspin.us https://*.moonspin.us wss://*.moonspin.us https://blog.moonspin.us;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src * https://api.sumsub.com/ https://*.mochalabs.com https://*.whenmoonbro.com https://*.avo.app https://*.walletconnect.com;img-src 'self' data: blob: https://verification.curacao-egaming.com https://v2assets.zopim.io https://static.zdassets.com https://*.zendesk.com https://*.google-analytics.com https://www.facebook.com https://*.googletagmanager.com https://*.walletconnect.com https://*.game-program.com https://blog.moonspin.us https://*.strapiapp.com https://*.amazonaws.com d1b82hscw3e9o2.cloudfront.net 'strict-dynamic';manifest-src 'self';media-src 'self' https://static.zdassets.com https://blog.moonspin.us;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'nonce-Tqpt6oLpUHFVkKoxa4xt0A==' 'strict-dynamic';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
frame-ancestors https://belapengadaan.lkpp.go.id https://metranetoperations.freshchat.com https://698324145007913.webpush.freshchat.com https://fc-use1-00-files-bkt-00.s3.amazonaws.com https://etoko.apsupports.com https://www.google.com https://tally.so/; frame-src https://belapengadaan.lkpp.go.id https://metranetoperations.freshchat.com https://698324145007913.webpush.freshchat.com https://fc-use1-00-files-bkt-00.s3.amazonaws.com https://etoko.apsupports.com https://www.google.com https://tally.so/ 1
default-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' *.openstreetmap.org https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ https://cdn.jsdelivr.net/gh/lipis/flag-icons/flags/ data:;font-src 'self';worker-src blob:; script-src 'self' 'unsafe-eval' pro6pp.nl *.pro6pp.nl sentry.io *.sentry.io https://*.appspot.com plausible.d-centralize.nl 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='; connect-src 'self' sentry.io *.sentry.io pro6pp.nl *.pro6pp.nl https://*.appspot.com plausible.d-centralize.nl mail.d-centralize.nl; 1
default-src 'self' https://www.freshbots.ai https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; img-src 'self' https://cdn.cookielaw.org https://*.bing.com https://*.clarity.ms https://www.google.com https://tr.snapchat.com https://www.academyadmissions.com https://*.google-analytics.com https://*.doubleclick.net https://ps.w.org https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://www.facebook.com https://secure.gravatar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://connect.facebook.net https://sc-static.net https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.freshbots.ai https://cdn.announcekit.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://cdnjs.cloudflare.com https://cloud.typography.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com data:; frame-src 'self' https://tr.snapchat.com https://www.youtube.com https://*.doubleclick.net https://www.facebook.com; object-src 'self'; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.clarity.ms https://tr.snapchat.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://sc-static.net https://d3hb14vkzrxvla.cloudfront.net; 1
default-src 'self' *.umbraco.org *.hotjar.com *.hotjar.io *.googleapis.com *.gstatic.com *.vo.msecnd.net *.services.visualstudio.com local.ecom.com local.saa.co.uk *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;connect-src 'self' *.ksearchnet.com *.klevu.com *.noibu.com *.googleadservices.com *.google.com *.googlesyndication.com *.doubleclick.net *.hotjar.io *.search.windows.net *.google-analytics.com *.vo.msecnd.net *.services.visualstudio.com *.hotjar.com *.hotjar.io *.paypal.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk *.trustpilot.com *.nosto.com cdn.flipsnack.com wss://*.hotjar.com wss://*.noibu.com maps.googleapis.com;style-src 'self' 'unsafe-inline' login.windows.net *.google.com *.googleapis.com hello.myfonts.net local.ecom.com *.worldpay.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;script-src 'self' 'unsafe-eval' login.windows.net js.klevu.com js.monitor.azure.com *.doubleclick.net *.noibu.com *.googleadservices.com *.googletagmanager.com *.google.com 'unsafe-inline' *.hotjar.com *.hotjar.io *.google-analytics.com *.gstatic.com *.google.com *.googletagmanager.com *.vo.msecnd.net *.services.visualstudio.com local.ecom.com *.worldpay.com *.paypal.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com cc-cdn.com cdn.jsdelivr.net *.nosto.com *.craftyclicks.co.uk *.saa.co.uk maps.googleapis.com *.e78.co.uk *.allaboutart.co.uk *.trustpilot.com connect.facebook.net cdn.flipsnack.com lantern.roeyecdn.com;img-src * data: 'unsafe-inline' *.gstatic.com local.ecom.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk cdn.flipsnack.com;frame-src 'self' td.doubleclick.net player.flipsnack.com *.amazon-adsystem.com *.google.com *.youtube.com *.hotjar.com *.hotjar.io *.3dsecure.net *.arcot.com local.ecom.com *.paypal.com *.worldpay.com *.saa.co.uk *.e78.co.uk *.allaboutart.co.uk vimeo.com *.vimeo.com *.trustpilot.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com cdn.flipsnack.com www.facebook.com *.v21artspace.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://insight.adsrvr.org https://match.adsrvr.org https://www.pinterest.com https://pandg.tapad.com https://www.pinterest.co.uk blob: https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://lime.cdncontentdelivery.com https://tr.snapchat.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://*.contentsquare.net https://*.sjv.io https://*.odicci.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://campaign.odicci.com; form-action 'self' https://www.facebook.com https://www.braunshop.co.uk https://checkout.braunshop.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://*.thcdn.com https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.braunshop.co.uk; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://js.adsrvr.org https://s.pinimg.com https://static.ads-twitter.com https://analytics.twitter.com https://d.impactradius-event.com https://pghub.io https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri https://mercermasante.fr/; connect-src  'self' *.optis.xyz *.optisantis.io *.optis.online https://maps.googleapis.com https://secure.geonames.org; default-src 'self' blob: *.optis.xyz *.optisantis.io *.optis.online https://unpkg.com/pdfjs-dist@2.9.359/build/pdf.worker.min.js; img-src 'self' data: https: *.optis.xyz *.optisantis.io *.optis.online; manifest-src 'self'; script-src 'self' blob: *.optis.xyz *.optisantis.io *.optis.online https://maps.googleapis.com https://unpkg.com/pdfjs-dist@2.9.359/build/pdf.worker.min.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; form-action 'self' *.perquisite.net *.cnp.fr; report-uri https://sentry.optis.xyz/api/2/security/?sentry_key=f3f566b700024cb1b55170f6abf7cd4d; frame-src 'self' https://player.vidata.io/; 1
default-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://s.ytimg.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cloudisland.nz; img-src 'self' https: data: blob: https://cloudisland.nz; style-src 'self' https://cloudisland.nz 'nonce-8YKFyUKu0L9FG4Pe8M5anA=='; media-src 'self' https: data: https://cloudisland.nz; frame-src 'self' https:; manifest-src 'self' https://cloudisland.nz; form-action 'self'; child-src 'self' blob: https://cloudisland.nz; worker-src 'self' blob: https://cloudisland.nz; connect-src 'self' data: blob: https://cloudisland.nz https://files.cloudisland.nz wss://cloudisland.nz; script-src 'self' https://cloudisland.nz 'wasm-unsafe-eval' 1
default-src 'none'; connect-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com consentcdn.cookiebot.com googleads.g.doubleclick.net www.google.com jobspreader.com; font-src 'self' data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de fonts.gstatic.com; frame-src consentcdn.cookiebot.com mobil-krankenkasse-wpn.eportrait.de mobiloil-wpn.eportrait.de hilfsmittel.gwq-serviceplus.de www.kununu.com pushing-limits.de www.terminland.de www.youtube-nocookie.com; img-src 'self' blob: data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.gstatic.com img.youtube.com i.ytimg.com; object-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de www.arztauskunftservice3.de bat.bing.com consent.cookiebot.com consentcdn.cookiebot.com www.dtvp.de www.google.com www.googleadservices.com www.googletagmanager.com bkk-mobil-oil.novomind.com mkk.novomind.com ecdn.novomind.com; style-src 'self' 'unsafe-inline' www.bkk-mobil-oil.de; report-uri https://www2.bkk-mobil-oil.de/report/; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.elektro-material.ch https://*.hotjar.com https://*.contentsquare.net https://www.googletagmanager.com https://*.pingdom.net https://www.google-analytics.com https://cdn.soft8soft.com https://fast.fonts.net https://*.doubleclick.net https://www.google.com https://start.unblu.com https://www.google.ch https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://e-m.info/ https://www.youtube-nocookie.com https://visuals.se.com https://www.rexel.de https://js-agent.newrelic.com https://bam.nr-data.net https://shore01.nine.ch https://analytics.google.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.com https://datawrapper.dwcdn.net https://www.googleadservices.com https://region1.analytics.google.com https://mktdplp102cdn.azureedge.net https://0983555290d14aadaf74e5f590a5bd4d.svc.dynamics.com https://assets-eur.mkt.dynamics.com https://service.ariba.com https://client.prod.repmap.microsoft.com https://critizr.com https://static.critizr.com https://emagpim-1d1da.kxcdn.com https://cdn.goodays.co https://app.goodays.co https://map.geo.admin.ch https://elektro-material.solarprotool.com; base-uri 'self'; 1
default-src * data: blob: filesystem: about: 'unsafe-inline' 'unsafe-eval'; 1
default-src *; style-src * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com  1
frame-ancestors 'self'; report-uri https://linnrecords.com/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src 'self';     frame-ancestors 'self';     form-action 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval';     style-src 'self' 'unsafe-inline'      https://p.typekit.net/;     object-src 'none';     frame-src 'self'      https://www.google.com/;     media-src 'self'      https://cdn.shopify.com/;     img-src 'self'      https://www.googletagmanager.com/      https://koni.group.thebrinkagency.com/      https://www.facebook.com/      data:;     script-src-elem 'self' 'unsafe-inline'      https://www.googletagmanager.com/      https://www.google.com/      https://www.gstatic.com/      https://connect.facebook.net/      https://cdnjs.cloudflare.com/;     connect-src 'self'      https://region1.google-analytics.com/      https://www.facebook.com/;     font-src 'self'      https://use.typekit.net/;     1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' stg.janabank.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' https: http: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; script-src-elem * 'unsafe-inline' data:; frame-src 'self' https://platform.twitter.com https://static.addtoany.com https://syndication.twitter.com https://www.facebook.com https://www.youtube.com; img-src * data:; connect-src 'self' data: https://maps.googleapis.com https://www.google-analytics.com; object-src 'none' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://form.asana.com https://bidagent.xad.com https://jelly.mdhv.io https://jelly-v6.mdhv.io https://cdn.insight.sitefinity.com https://api.insight.sitefinity.com https://*.spotify.com https://*.spotifycdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com wss://*.salemove.com https://*.4frontcu.com https://*.salemove.com https://cds-sdkcfg.onlineaccess1.com https://info.autobooks.co https://link.edgepilot.com wss://*.hotjar.com https://*.youtube-nocookie.com https://*.formstack.com https://api.glia.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com; frame-ancestors 'self' https://www.youtube.com; 1
frame-ancestors 'self' cdn.unibuddy.co unibuddy.co popcard.unibuddy.co; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OWYxMjg0YmNhMTMzNGNhZmJlYWZkNTdlZmRmZGIzOGQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.dji.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.dji.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.dji.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' api.iconify.design *.google-analytics.com *.gerc.ua *.gerc *.google.com *.samsung.com *.visa.com *.googleapis.com *.googletagmanager.com *.kmda.gov.ua *.gstatic.com *.facebook.net; style-src 'self' data: 'unsafe-inline' *.gerc.ua *.googleapis.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' *.gerc http://localhost:* file://* ionic://* *.gerc.ua gioc.kiev.ua *.gioc.kiev.ua *.kyivcity.gov.ua oschadbank.ua *.oschadbank.ua cks.com.ua *.kmda.gov.ua *.vodokanal.kiev.ua vodokanal.kiev.ua *.ssbs.com.ua ssbs.com.ua komunalka.ua www.komunalka.ua; font-src 'self' data: *.gerc.ua fonts.googleapis.com fonts.gstatic.com 1
frame-ancestors https://connext.conti.de/; 1
default-src 'self'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.yimg.jp *.yahoo.co.jp *.googletagmanager.com *.adnxs.com *.google-analytics.com *.treasuredata.com *.yjtag.jp *.googleadservices.com *.doubleclick.net; connect-src 'self' *.yahooapis.jp *.yahoo.co.jp *.adnxs.com *.google-analytics.com *.storematch.jp; form-action 'self' *.yahoo.co.jp; style-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; img-src * 'unsafe-inline' data: blob:; media-src * 'unsafe-inline' data: blob:; frame-src *.googletagmanager.com *.yahoo.co.jp *.yjtag.jp *.doubleclick.net *.yimg.jp *.adnxs.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.lafayettela.gov https://lafayettela.gov 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://apps.lafayettela.gov https://www.youtube.com/ https://iframe.adopets.com 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://apps.lafayettela.gov 'self' web-chat.nativechat.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.perriconemd.co.uk https://checkout.perriconemd.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self';font-src 'self' data: ;img-src 'self';style-src 'self' ;script-src 'self';frame-ancestors 'none';base-uri 'self';frame-src 'self' 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-3ed0ae7fc451bb7d1a3c250094985620' 'nonce-6db0d93a5ef7c7451143c00c72ab8ff2' 'nonce-81d411cc0e6a66c8446c8bce9b2c2ec8' 'nonce-88cfc333d6d0f89dda1162f8191cf3c8' 'nonce-52cc2655ac0015a4d98cc0c530e3adc9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3ed0ae7fc451bb7d1a3c250094985620' 'nonce-6db0d93a5ef7c7451143c00c72ab8ff2' 'nonce-81d411cc0e6a66c8446c8bce9b2c2ec8' 'nonce-88cfc333d6d0f89dda1162f8191cf3c8' 'nonce-52cc2655ac0015a4d98cc0c530e3adc9' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1
DEFAULT-SRC 'self' blob: rikorda.it *.rikorda.it; SCRIPT-SRC 'self' 'unsafe-inline' 'unsafe-eval' blob: rikorda.it *.rikorda.it *.sentry-cdn.com *.iubenda.com *.criteo.net *.criteo.com *.zoorate.com *.feedaty.com *.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io *.addtoany.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com www.googleadservices.com *.doubleclick.net *.clerk.io connect.facebook.net js.braintreegateway.com assets.braintreegateway.com rikorda.b-cdn.net s.pinimg.com www.youtube.com; STYLE-SRC 'self' 'unsafe-inline' rikorda.it *.rikorda.it *.zoorate.com *.googleapis.com *.feedaty.com assets.braintreegateway.com rikorda.b-cdn.net; CONNECT-SRC 'self' blob: rikorda.it *.rikorda.it *.rikordadev.it rikorda.zendesk.com wss://*.zopim.com wss://*.zendesk.com ekr.zdassets.com *.iubenda.com *.criteo.com *.doubleclick.net *.pinterest.com *.facebook.com *.google-analytics.com *.googleapis.com *.googlesyndication.com sentry.io api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.feedaty.com rikorda.b-cdn.net; FONT-SRC 'self' data: rikorda.it *.rikorda.it *.zopim.com *.gstatic.com rikorda.b-cdn.net; FRAME-SRC 'self' rikorda.it *.rikorda.it *.pinterest.com *.iubenda.com www.facebook.com www.youtube.com *.youtube-nocookie.com *.criteo.net *.criteo.com *.addtoany.com assets.braintreegateway.com *.doubleclick.net; IMG-SRC 'self' data: blob: *; MEDIA-SRC 'self' 'unsafe-inline' www.googleadservices.com www.google-analytics.com static.zdassets.com; CHILD-SRC 'self' data: blob: * assets.braintreegateway.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: wss: 'unsafe-inline'; connect-src 'self' https: wss: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://*.lexus.it https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com cdn.buyhttp.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.hotjar.com:* *.hotjar.com:* *.hotjar.io *.hotjar.io www.google.com www.google-analytics.com *.doubleclick.net www.googletagmanager.com maps.googleapis.com ajax.googleapis.com support.buyhttp.com www.gstatic.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' *.hotjar.com www.google.com www.youtube.com *.facebook.com; connect-src 'self' *.hotjar.com *.hotjar.io *.facebook.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com maps.googleapis.com wss: *.hotjar.com; child-src 'self' *.facebook.com; form-action 'self' *.facebook.net *.facebook.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss: *.bdimg.com *.mouseflow.com *.hotjar.com roundpic.io http://roundpic.io/ *.cinema.com.hk *.googleadservices.com placehold.it remote.captcha.com https://www.transported.co/ *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.twitch.tv *.youtube.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.map.baidu.com api.stathat.com  blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk https://sitecore-xp-cms-cd.azurewebsites.net *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com media.swireproperties.com  apps.elfsight.com *.elfsight.com api.instacloud.io *.instacloud.io *.elfsightcdn.com *.geo0.ggpht.com https://geo0.ggpht.com *.ggpht.com *.taikooplace.com *.cityplaza.com; 1
default-src data: 'self' https://widgetbot.io https://e.widgetbot.io ws://localhost:35729/ https://www.paypal.com https://*.paddle.com https://sandbox-create-checkout.paddle.com https://create-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com https://*.profitwell.com; img-src 'self' https://*.lawlietbot.xyz/ https://cdn.discordapp.com/ https://*.donmai.us/ https://*.rule34.xxx/ https://*.paheal.net/ https://realbooru.com/ https://*.e621.net/ https://safebooru.org/ https://www.paypal.com https://cdn.paddle.com https://*.profitwell.com https://dna8twue3dlxq.cloudfront.net; media-src 'self' https://*.lawlietbot.xyz/ https://*.donmai.us/ https://*.rule34.xxx/ https://*.paheal.net/ https://realbooru.com/ https://*.e621.net/ https://safebooru.org/; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com https://cdn.jsdelivr.net https://www.paypal.com https://*.paddle.com https://*.profitwell.com https://polyfill.io https://*.googleapis.com https://*.sentry-cdn.com; style-src https://*.paddle.com https://*.profitwell.com 'unsafe-inline' 'self'; frame-src https://*.paddle.com; frame-ancestors https://top.gg https://discords.com; base-uri 'self' 1
default-src 'self' https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://region1.google-analytics.com https://www.facebook.com https://www.teamviewer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://oss.maxcdn.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; img-src 'self' data: https://www.teamviewer.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://stackpath.bootstrapcdn.com 1
img-src https://*; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.casino; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.slotv.casino; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.casino https://i.checkru.net; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.slotv.casino 'nonce-6mEIaSR/V62tkpapdb2T8WBWWe+GmdEFMmsPKYrmr7g=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com https://*.slotv.casino; worker-src 'self' blob:; report-uri https://slotv.casino/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com; font-src https://use.fontawesome.com https://projects.theo546.fr https://angeldust.ovh https://theo546.ovh data:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://hcaptcha.com https://newassets.hcaptcha.com https://www.google.com https://www.gstatic.com https://platform.twitter.com blob:; frame-src https://newassets.hcaptcha.com https://www.google.com https://www.youtube.com https://platform.twitter.com; img-src https://theo546.fr https://projects.theo546.fr https://i.ytimg.com https://angeldust.ovh https://theo546.ovh data: blob:; upgrade-insecure-requests 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.sagepay.com verify.monzo.com secure4.arcot.com secure5.arcot.com *.rsa3dsauth.co.uk authentication.cardinalcommerce.com danskebank-3ds-vdm.wlp-acs.com tsys.arcot.com secure7.arcot.com acs2.edb.com acs1.edb.com 3ds.nexigroup.com safekey-3.americanexpress.com sicher-bezahlen.sparkasse.at op-bxl.wlp-acs.com 3dsecure.psa.at *.mpts.modirum.com acs.swisscard.ch authentication-acs.marqeta.com 3ds.redsys.es acs2.swedbank.se acs-trides2.asseco-see.hr 3d-secure1.sbanken.no acs1.3dsecure.no mastercardidentitycheck.sparkassen-kreditkarten.de *.3ds.cornercard.ch belgium-3ds-bxl.wlp-acs.com *.3ds.modirum.com acs2.3dsecure.no acs4.privatbank.ua betalen.rabobank.nl online.citadele.lv acs.touch.tech 3dsecure.sumup.com acs1.swedbank.se 3ds2-idcheck.acdcproc.com poseidon.revolut.com 3ds-challenge.n26.com acs-jcn.dnp-cdms.jp acs.netsgroup.com danskebank-3ds-bxl.wlp-acs.com acssv.otpbank.hu acs.mercurypaymentservices.it safekey-2.americanexpress.com 3ds2-visasecure.acdcproc.com visasecure2.comdirect.de esecure.sia.eu *.hu.bpcbt.com foriseu-vbv.mycardplace.com acs.sibs.pt ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com *.vampirevape.co.uk *.nccc.com.tw 3d-secure.pluscard.de 3ds.consorsfinanz.de bnpp-3ds-bxl.wlp-acs.com *.pl.ing.com 3ds.pkobp.pl *.bkm.com.tr pay.eewosecure.com acs2.rba.hr secure2.arcot.com op-vdm.wlp-acs.com biztonsagikod.raiffeisen.hu acs.3ds-hanseaticbank.de labanquepostale-3ds-vdm.wlp-acs.com 3dsecureb.sparda.de secure.dkb.de luxembourg-3ds-bxl.wlp-acs.com acs3.luottokunta.fi emvacs.2c2p.com acs.capitalone.com 3dsecure-vrp.de *.cld.asseco-see.hr geschuetztkaufen2.commerzbank.de 3dsecure.mbank.pl acs1.luottokunta.fi threedomainsecure.pekao24.pl *.centrum24.pl 4606e363-3ds.sibs.ro acs.apata.io postbank-3ds-bxl.wlp-acs.com 3dsecure.nexi.it *.hanacard.co.kr *.3ds.bonuscard.ch 3dsecure.ing.ro *.acs.touchtechpayments.com *.citibank.co.in acs3.swedbank.se acs3.edb.com natixispaymentsolutions-3ds-bxl.wlp-acs.com 3dsecure.tatrabanka.sk acs.revolut.com acs.luminorgroup.com acs1-3dsecure.cic.fr acs2-3dsecure.cic.fr *.maybank.com.my secure-acs2ui-b1-indmum-mumrdc.wibmo.com 3d-secure2.sbanken.no 3ds.egcp.com 3dsec.postfinance.ch *.stcpay.com.sa *.secure.lcl.fr mcconsumerv2.alahli.com *.live.ext.prod.enfuce.com acs3ds2.hyundaicard.com acsv2.m2pfintech.com ecclients.btrl.ro *.zaba.hr mycardsecure.com acs1-3dsecure.targobank.de 3ds.bov.com 3dsec.cardcenter.ch *.rsa3dsauth.com visa-secure-bxl.ing.de *.secure22gw.ro *.emea.citibank.com acs.up-ng.com *.elfbar.co.uk 3debspay.boc.cn 3ds.emlpayments.com authentication2.six-group.com acs1.viseca.ch *.apac.citibank.com acs.moneta.cz *.cgbchina.com.cn 3ds.sebkort.com 3ds.soldo.com acs2.luottokunta.fi *.fssnet.co.in visa-secure-vdm.ing.de secure-acs2ui-b1-indblr-blrtdc.wibmo.com *.ccb.com.cn emvacssp.thecardservicesonline.com 3ds.optimuscards.com acs2.ufc.ge ims.euronet3dsecure.com *.3d2.icbc.com.cn *.spdb.com.cn acs2.ipakyulibank.uz *.gps.com.bh *.garanti.com.tr acs2p.gpesecure.com acs2.kasikornbank.com acs.shinhancard.com *.smartsecure.tsys.co.uk *.3ds.acssecure.com acs.gc.ge *.securepay.aeon.com.hk securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com 3ds.banquemisr.com emv3dsauth1.secureacs.com acs.samsungcard.com acs.stripeauthentications.com secure-acs2ui-bk2-indmum-mumrdc.wibmo.com *.lostmary.co.uk secure-acs2ui-bk2-indblr-blrtdc.wibmo.com *.eglobal.com.mx acs.redbanc.cl *.standardbank.co.za *.nedsecure.co.za 3ds.rpc-raiffeisen.com *.acs.cmbchina.com acs.inecoecom.am api.ometria.com acs.mashreq.com acsus1.netsgroup.com safekey-sl.americanexpress.com *.recycleyourelectricals.org.uk www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com account.fetchify.com *.sagepay.com *.wesupply.xyz *.weltpixel.com t.sharethis.com elfbar.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com api.agechecked.com *.cookiebot.com *.dycdn.net *.elfbar.com *.lost-mary.com *.odysee.com odysee.com *.calconic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net ts.tradetracker.net www.magmodules.eu maps.googleapis.com l.sharethis.com d1f0tbk1v3e25u.cloudfront.net *.google.co.uk *.hsbc.co.uk www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com *.sharethis.com google.co.uk *.google-analytics.com trk.ometria.com *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.agechecked.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.sagepay.com tm.tradetracker.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.ometria.com https://chimpstatic.com platform-api.sharethis.com dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d81mfvml8p5ml.cloudfront.net buttons-config.sharethis.com t.sharethis.com assets.zendesk.com static.zdassets.com agechecked.com pi-live.sagepay.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com *.cloudfront.net *.sharethis.com googleoptimize.com *.zendesk.com r1-t.trackedlink.net google-analytics.com widget.trustpilot.com *.cookiebot.com/ cookiebot.com/* *.dycdn.net unpkg.com/* https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.umd.js' *.ometria.com/* *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agechecked.com downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cc-cdn.com tagmanager.google.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com totalvapour.co.uk/static/* www.totalvapour.co.uk/* https://www.totalvapour.co.uk/* recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk 'self' 'unsafe-inline'; object-src www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com flavourwarehouse.co.uk www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com *.zdassets.com dbh4s5ja0maaw.cloudfront.net/security_video.mp4 youtube.com https://dbh4s5ja0maaw.cloudfront.net/verify/verify_product.mp4 'self' 'unsafe-inline'; manifest-src www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.sagepay.com https://www.google-analytics.com *.ometria.com l.sharethis.com am.freshrelevance.com *.g.doubleclick.net dn1i8v75r669j.cloudfront.net ekr.zdassets.com *.craftyclicks.co.uk *.kattel.com invitejs.trustpilot.com oversight.stwaw.com www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com wss://am.freshrelevance.com kattel.com/* *.dycdn.net *.elfbar.com *.cookiebot.com cookiebot.com/* *.lost-mary.com *.stbuttons.click *.crwdcntrl.net *.odysee.com odysee.com 'self' 'unsafe-inline'; child-src www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com http: https: blob: 'self' 'unsafe-inline'; default-src www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.elfbar.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
base-uri 'self';connect-src 'self' *.pubguru.net   *.pubguru.com *.googlesyndication.com maps.googleapis.com *.analytics.google.com  *.onetrust.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com doubleclick.net *.addthis.com ;form-action 'self';img-src 'self' *.onetrust.com  *.googlesyndication.com *.googletagmanager.com *.google.com *.google.co.uk  maps.gstatic.com maps.googleapis.com  d17rr0vfm50abk.cloudfront.net de8as167a043l.cloudfront.net  *.google-analytics.com data: blob: ;media-src 'self' data: ;script-src 'self' blob: data: *.doubleclick.net m2d.m2.ai *.pubguru.com *.onetrust.com *.google-analytics.com  *.googlesyndication.com  fundingchoicesmessages.google.com *.googlesyndication.com partner.googleadservices.com adservice.google.co.uk  adservice.google.com *.googletagservices.com  ajax.googleapis.com *.google.com *.gstatic.com maps.googleapis.com cdnjs.cloudflare.com qr.northernrailway.co.uk gc.qrurl.uk *.googletagmanager.com *.google-analytics.com *.addthis.com *.addthisedge.com *.moatads.com *.reddit.com 'unsafe-inline' 'unsafe-eval';object-src 'none' 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.toutapprendre.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src 'self' *.google.com youtube.com www.youtube.com www.youtube-nocookie.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://maps.google.com https://fonts.googleapis.com; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://kendo.cdn.telerik.com https://connect.facebook.net https://www.clickcease.com https://www.google.com https://googleads.g.doubleclick.net https://scripts.mymarketingreports.com;style-src-elem 'self' 'unsafe-inline' https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://smartboxmovingandstorage.com;font-src 'self' 'unsafe-inline' https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://smartboxmovingandstorage.com https://use.typekit.net;script-src-elem 'self' 'unsafe-inline' https://smartboxmovingandstorage.com https://use.typekit.net https://*.googletagmanager.com https://cdn.optimizely.com https://www.google-analytics.com https://www.googleadservices.com https://scripts.mymarketingreports.com https://connect.facebook.net https://www.clickcease.com https://googleads.g.doubleclick.net;connect-src 'self' 'unsafe-inline' https://api.ipify.org https://api64.ipify.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' https://smartboxmovingandstorage.com https://p.typekit.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://*.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data:  *.blueconic.net *.googleadservices.com *.azurewebsites.net *.bugherd.com *.phantomranchlottery.com https://xanterracdn.com;, style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data:  *.blueconic.net *.googleadservices.com *.azurewebsites.net *.bugherd.com *.phantomranchlottery.com https://xanterracdn.com;, script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data:  *.blueconic.net *.googleadservices.com *.azurewebsites.net *.bugherd.com *.phantomranchlottery.com https://xanterracdn.com; 1
default-src 'self' ws://127.0.0.1:35729 *.facebook.com *.juicer.io;  script-src 'self' 'unsafe-eval' 'unsafe-inline' api.instagram.com use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.vimeo.com *.vimeocdn.com *.litix.io *.juicer.io https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://bat.bing.com https://www.googleadservices.com  https://googleads.g.doubleclick.net https://eu-library.klarnaservices.com *.clarity.ms *.youtube.com *.google.de *.google.com *.google.at *.google.de *.google.li *.google.lu *.google.co.in *.google.co.id *.google.co.kr *.google.com.tw *.google.co.jp *.google.cn *.google.com.tr *.google.gr *.google.hr *.google.si *.google.bg *.google.ro *.google.pt *.google.es *.google.hu *.google.cz *.google.sk *.google.pl *.google.lt *.google.lv *.google.ee *.google.se *.google.no *.google.fi *.google.dk *.google.it *.google.be *.google.nl *.google.com.ua *.google.ru *.google.com.au *.google.ie *.google.ca *.google.co.uk *.google.fr *.google.ch;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com *.typekit.net *.juicer.io *.klarnacdn.net;  img-src 'self' data: https://*.cdninstagram.com *.cdninstagram.com p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com *.vimeo.com *.vimeocdn.com *.facebook.com https://stats.g.doubleclick.net *.google.com *.google.de *.juicer.io heise.cloudimg.io *.heise.de https://bat.bing.com *.google-analytics.com *.clarity.ms *.youtube.com *.bing.com bat.bing.com *.google.at *.google.de *.google.com *.googletagmanager.com *.doubleclick.net *.google.de *.google.li *.google.lu *.google.co.in *.google.co.id *.google.co.kr *.google.com.tw *.google.co.jp *.google.cn *.google.com.tr *.google.gr *.google.hr *.google.si *.google.bg *.google.ro *.google.pt *.google.es *.google.hu *.google.cz *.google.sk *.google.pl *.google.lt *.google.lv *.google.ee *.google.se *.google.no *.google.fi *.google.dk *.google.it *.google.be *.google.nl *.google.com.ua *.google.ru *.google.com.au *.google.ie *.google.ca *.google.co.uk *.google.fr *.google.ch;  font-src 'self' data: use.typekit.net fonts.gstatic.com *.juicer.io *.klarnacdn.net;  object-src 'self';  media-src 'self';  child-src 'self' www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com player.vimeo.com *.google.com *.juicer.io *.doubleclick.net;  form-action 'self' *.facebook.com;  frame-ancestors 'self';  plugin-types application/pdf;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net *.googleapis.com https://stats.g.doubleclick.net *.klarnaservices.com *.google-analytics.com *.clarity.ms performance.typekit.net *.googleapis.com region1.analytics.google.com analytics.google.com *.bing.com *.google.at *.google.ch *.google.fr *.google.co.uk *.google.ca *.google.ie *.google.com.au *.google.ru *.google.com.ua *.google.nl *.google.be *.google.it *.google.dk *.google.fi *.google.no *.google.se *.google.ee *.google.lv *.google.lt *.google.pl *.google.sk *.google.cz *.google.hu *.google.es *.google.pt *.google.ro *.google.bg *.google.si *.google.hr *.google.gr *.google.com.tr *.google.cn *.google.co.jp *.google.com.tw *.google.co.kr *.google.co.id *.google.co.in *.google.lu *.google.li *.google.de *.klarna.com *.googlesyndication.com *.g.doubleclick.net  *.google.com *.facebook.com; 1
font-src https://fonts.gstatic.com *.fontawesome.com css.zohocdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.refersion.com syf.demdex.net *.syfpos.com *.syf.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://helloextend-static-assets.s3.amazonaws.com telescopes.net verify.authorize.net sync-criteo.ads.yieldmo.com gum.criteo.com criteo-sync.teads.tv criteo-partners.tremorhub.com dis.criteo.com cm.g.doubleclick.net www.facebook.com www.synchronybusiness.com extendcoreoffersprod-offersthemelogobucketeb21afa-1lr7le13dvgtp.s3.amazonaws.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.helloextend.com *.avada.io cdn.pricespider.com ubiqcookie.pricespider.com pathinsights.pricespider.com salesiq.zoho.com salesiq.zohopublic.com api.videoly.co dapi.videoly.co embedsocial.com dynamic.criteo.com sslwidget.criteo.com sidebar.bugherd.com snapui.searchspring.io cdn.searchspring.net widgets.syfpayments.com js-agent.newrelic.com js.zohocdn.com static.zohocdn.com js.zohostatic.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.refersion.com https://cdn.searchspring.net/intellisuggest/is.min.js *.syfpos.com analytics.synchrony.com *.mysynchrony.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com *.fontawesome.com embedsocial.com css.zohocdn.com css.zohostatic.com unsafe-inline assets.braintreegateway.com *.syfpos.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.helloextend.com https://get.geojs.io *.avada.io pathinsights.pricespider.com 7ch6tw.a.searchspring.io vn5y70.a.searchspring.io c79pfs.a.searchspring.io salesiq.zohopublic.com wss://vts.zohopublic.com sslwidget.criteo.com bam.nr-data.net stats.g.doubleclick.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.refersion.com https://beacon.searchspring.io/beacon *.syfpos.com *.syf.com *.d1.sc.omtrdc.net https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.ci360.sas.com 1
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net www.google.com accounts.google.com localhost apis.google.com cdn.branch.io app.link tpc.googlesyndication.com; frame-ancestors 'self' *.gaoding.com localhost apis.google.com 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; base-uri 'none'; default-src 'self'; object-src 'none'; img-src 'self' data: https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://i.ytimg.com https://i.vimeocdn.com https://*.pleio.nl https://account.pleio.nl https://images.unsplash.com https://vimeo.com; script-src 'unsafe-inline' 'strict-dynamic' https: http: 'nonce-qk8ZLqag7EExjl11W23poA=='; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://api.eu.kaltura.com https://*.pleio.nl https://feed.mikle.com https://images.unsplash.com https://vimeo.com; connect-src 'self' https://stats.pleio.nl https://statistiek.rijksoverheid.nl https://www.google-analytics.com https://vimeo.com 1
frame-ancestors 'self' https://efps.bir.gov.ph 1
default-src 'self' https: 'unsafe-inline';script-src 'nonce-VFkL162gvgKSJmt8iUds4yy38Gav6WDp' 'self' 'unsafe-eval' https:;img-src 'self' data: https: 1
img-src 'self' data: trust.profiles.eco test-trust.profiles.eco cdn.profiles.eco js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com cdn.usefathom.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' widget.intercom.io js.intercomcdn.com cdn.usefathom.com backspace.eco browser.sentry-cdn.com js.sentry-cdn.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://doteco.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.christ-swiss.ch *.christ.ch *.coop.ch *.amazonaws.com *.bing.com cdnjs.cloudflare.com *.cloudfront.net *.cloudfunctions.net *.connects.ch *.criteo.com *.criteo.net *.datatrans.biz *.datatrans.com *.doubleclick.net *.facebook.com *.facebook.net *.flbx.io *.flixcar.com *.flixcar.tv *.google-analytics.com *.google.ch *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jsdelivr.net *.lacmp.net *.mirasense.com *.modiface.com *.profity.ch *.scandit.com *.scarabresearch.com *.supercard.ch *.tiqcdn.com youtu.be *.youtu.be *.youtube.com *.zdassets.com *.zendesk.com crawler.sistrix.net *.zopim.com *.clarity.ms *.ytimg.com www.surveygizmo.eu www.surveygizmo.com survey.alchemer.eu *.bambuser.com desirio.com *.getflowbox.com *.tradedoubler.com *.countingdownto.com cdn.adt348.net gtm.adt313.net log.adtraction.fail cnv.adt623.net dmp.theadex.com *.pinterest.com *.pinimg.com *.tealiumiq.com eoptimize.com blob: data: wss: 1
default-src 'unsafe-inline' https://script.tolk.ai https://cdn.cookielaw.org https://www.vanbreda-health.be https://vanbreda-health.be https://consentcdn.cookiebot.com https://google.com https://www.youtube.com/ https://youtube.com https://www.youtube-nocookie.com/ https://youtube-nocookie.com/ https://facebook.com https://kit.fontawesome.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://www.google.com/ https://cdn.fontawesome.com/ https://www.googletagmanager.com https://player.vimeo.com https://cdnjs.cloudflare.com https://www.gstatic.com/; frame-src 'self' https://script.tolk.ai https://tolk.ai/ https://www.youtube-nocookie.com https://youtube-nocookie.com https://www.youtube.com https://youtube.com  https://app.test.vanbreda.be https://app.vanbreda.be https://app.dev.vanbreda.be https://app.acceptatie.vanbreda.be https://app.test.vanbreda.be   ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.tolk.ai script.tolk.ai unbounce.com *.unbounce.com builder-assets.unbounce.com *.cloudfront.net cdn.cookielaw.org https://d34qb8suadcc4g.cloudfront.net https://cloudfront.net https://go.marketing.vanbreda.be https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cmp.osano.com https://secureprivacy.mgr.consensu.org https://cookie-cdn.cookiepro.com https://app.secureprivacy.ai https://test.secureprivacy.ai https://s.ytimg.com/ https://www.youtube.com/ https://google.com https://youtube.com https://www.youtube-nocookie.com/ https://youtube-nocookie.com/ https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://www.google.com/ https://cdn.fontawesome.com/ https://www.googletagmanager.com https://player.vimeo.com https://cdnjs.cloudflare.com https://www.gstatic.com/ https://maps.googleapis.com/ https://kit.fontawesome.com https://fonts.gstatic.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' cdn.cookielaw.org https://www.vanbreda.be unbounce.com builder-assets.unbounce.com https://app.secureprivacy.ai https://test.secureprivacy.ai https://ka-p.fontawesome.com https://fonts.googleapis.com/ https://kit-pro.fontawesome.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://fonts.gstatic.com; img-src 'self' cdn.cookielaw.org *.ub-analytics.com events.ub-analytics.com unsplash.com *.unsplash.com https://views.unsplash.com *.cloudfront.net https://d34qb8suadcc4g.cloudfront.net https://cloudfront.net https://www.vanbreda.be https://go.marketing.vanbreda.be https://cookie-cdn.cookiepro.com https://app.secureprivacy.ai https://test.secureprivacy.ai https://i.ytimg.com https://secure.gravatar.com/ https://www.google-analytics.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://img.youtube.com/ https://www.googletagmanager.com https://kit.fontawesome.com https://fonts.gstatic.com https://kit.fontawesome.com  data:; connect-src 'self' https://featuregates.org/ https://bot-management-api.tolk.ai  *.tolk.ai https://cdn.cookielaw.org https://go.marketing.vanbreda.be https://consent.api.osano.com https://disclosure.api.osano.com https://tattle.api.osano.com https://app.secureprivacy.ai https://test.secureprivacy.ai https://cookie-cdn.cookiepro.com https://app.secureprivacy.ai https://test.secureprivacy.ai https://www.google-analytics.com *.google-analytics.com ; font-src 'self' https://cdn.cookielaw.org https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://fonts.gstatic.com https://kit.fontawesome.com data: ; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self' *.vanbreda.be; 1
upgrade-insecure-requests; base-uri *; frame-ancestors *; form-action *; object-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src https: data:; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; img-src 'self' data: https://assets-prod.arkeaultimchallengebrest.com *.ytimg.com *.youtube.com *.cdninstagram.com; media-src 'self' https://assets-prod.arkeaultimchallengebrest.com *.ytimg.com *.youtube.com *.cdninstagram.com; connect-src 'self' https://kjmqsbp.pa-cd.com https://assets-prod.arkeaultimchallengebrest.com https://noembed.com https://backend-prod.arkeaultimchallengebrest.com; prefetch-src 'self'; font-src fonts.gstatic.com 'self'; form-action 'self'; frame-ancestors *; upgrade-insecure-requests; report-uri /api/report-csp; object-src 'none'; worker-src 'none'; frame-src 'self' *.youtube.com www.youtube-nocookie.com carto-prod.arkeaultimchallengebrest.com *.facebook.com impactco2.fr livemap.getwemap.com https://arkeaultimchallengebrest.geovoile.com/2024/tracker/ 'self'; child-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' 'report-sample'; script-src 'self' https://impactco2.fr https://connect.facebook.net https://tag.aticdn.net https://www.youtube.com https://m.youtube.com https://tag.aticdn.net; script-src-elem 'self' https://impactco2.fr https://connect.facebook.net https://tag.aticdn.net https://www.youtube.com https://m.youtube.com https://tag.aticdn.net 'report-sample'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn *.cnslh.cn *.govwza.cn dcs.conac.cn webservice.coolwei.com zfwzgl.www.gov.cn v1.cnzz.com c.cnzz.com www.gov.cn; object-src 'self' 1
default-src 'none'; script-src-elem https://*.bing.com https://*.doubleclick.net https://*.olark.com https://apis.google.com https://bat.bing.com https://click.google-analytics.com https://googleads.g.doubleclick.net https://google-analytics.com https://js.stripe.com https://knrpc.olark.com https://script.crazyegg.com https://ssl.google-analytics.com https://ssl.google-analytics.com/ga.js https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com https://www-alv.google-analytics.com 'report-sample' 'self' 'unsafe-eval'; script-src https://*.bing.com https://*.doubleclick.net https://*.olark.com https://apis.google.com https://bat.bing.com https://click.google-analytics.com https://googleads.g.doubleclick.net https://google-analytics.com https://js.stripe.com https://knrpc.olark.com https://script.crazyegg.com https://ssl.google-analytics.com https://ssl.google-analytics.com/ga.js https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com https://www.youtube.com https://www-alv.google-analytics.com 'report-sample' 'self' 'unsafe-eval'; style-src https://static.olark.com 'self' 'unsafe-inline'; img-src data: https://*.analytics.google.com https://*.bing.com https://*.googlesyndication.com https://adservice.google.com https://analytics.google.com https://assets.capterra.com https://googleads.g.doubleclick.net https://i.ytimg.com https://log.olark.com https://q.stripe.com https://region1.google-analytics.com https://ssl.google-analytics.com https://ssl.google-analytics.com/r/__utm.gif https://static.olark.com https://stats.g.doubleclick.net https://www.google.ae https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.lb https://www.google.com.ly https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hn https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.jo https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.md https://www.google.mk https://www.google.mw https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.si https://www.google.sk https://www.google.so https://www.google.tn https://www.google-analytics.com https://www.googletagmanager.com 'self'; font-src chrome-extension data: https://fonts.gstatic.com/s/opensans/ https://fonts.gstatic.com/s/roboto/ https://github.com/google/fonts/blob/master/apache/opensans/ https://github.com/google/fonts/blob/master/apache/roboto/ https://static.olark.com 'self'; frame-src https://*.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://js.stripe.com/ https://static.olark.com/ https://td.doubleclick.net https://tpc.googlesyndication.com/ https://www.google.ae https://www.google.at https://www.google.bg https://www.google.ca https://www.google.co.id https://www.google.co.in https://www.google.co.ke https://www.google.co.ma https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.bn https://www.google.com.br https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pr https://www.google.com.sg https://www.google.com.tr https://www.google.dk https://www.google.nl https://www.google.ru https://www.youtube.com 'self'; connect-src https://*.analytics.google.com https://*.doubleclick.net https://*.googlesyndication.com https://adservice.google.com https://analytics.google.com https://api.olark.com https://bat.bing.com https://knrpc.olark.com https://map.mapbusinessonline.com https://region1.google-analytics.com https://renderer.mapbusinessonline.com https://script.crazyegg.com https://services.arcgisonline.com https://ssl.google-analytics.com/ https://stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com 'self'; media-src https://static.olark.com 'self'; report-uri /Tracking.aspx/Csp-Report; frame-ancestors 'self'; 1
base-uri 'none'; script-src 'self' 'nonce-4d075eae85954150829ce48e6de25369' https://www.google-analytics.com/ https://maps.googleapis.com/ https://static.getclicky.com/ https://in.getclicky.com/ https://cdn.carbonads.com/ http://srv.carbonads.net/ https://adn.fusionads.net/ https://m.servedby-buysellads.com/ https://srv.buysellads.com/ https://platform.twitter.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://codepen.io/ https://assets.codepen.io/ https://cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/ https://ton.twimg.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube.com/ https://speakerdeck.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://codepen.io/ https://glitch.com/embed/; connect-src 'self' https://www.gravatar.com/ https://i.imgur.com/ https://api.github.com/ https://maps.googleapis.com/ https://www.google-analytics.com/; img-src 'self' http://assets.servedby-buysellads.com/ http://abs.twimg.com/ http://platform.twitter.com/ http://t.co/i/ https: data:; upgrade-insecure-requests; report-uri /api/csp/report; report-to /api/csp/report 1
default-src 'self' 'unsafe-inline' sc-static.net 'unsafe-eval' data: *.smartlook.com *.smartlook.cloud *.stackadapt.com *.absolu.ca unpkg.com *.jsdelivr.net *.sentry-cdn.com *.sentry.io *.ravenjs.com *.realexpayments.com *.arcot.com *.adnxs.com *.w3.org *.snapchat.com *.spotify.com *.jobillico.com *.tecnic.ca *.youtube.com *.youtu.be *.vimeo.com *.google.ca *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.facebook.com *.facebook.net *.hpjcc.com *.bootstrapcdn.com 1
default-src 'self' *.yandexadexchange.net *.yandex.ru *.yandex.net *.admitad.com ad.admitad.com http://*.youtube.com https://*.youtube.com youtu.be http://*.rutube.ru https://*.rutube.ru http://*.mail.ru https://yastatic.net http://www.google.com; style-src 'unsafe-inline' yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.admitad.com *; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru; frame-src 'self' awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net yastatic.net https://an.yandex.ru http://ulogin.ru http://yandexadexchange.net http://an.yandex.ru https://ulogin.ru http://*.ulogix.ru https://api-maps.yandex.ru *.vk.com vk.com *.yandex.ru yandex.ru *.yandexadexchange.net ad.admitad.com http://*.youtube.com https://*.youtube.com youtu.be http://*.rutube.ru  https://www.google.com https://*.rutube.ru;img-src 'self' data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.ru *.yandex.net https://yastatic.net http://www.google.com yandex.st *.yandexadexchange.net *.admitad.com *; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data; font-src 'self' data: an.yandex.ru yastatic.net yastat.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru https://an.yandex.ru http://an.yandex.ru https://mc.yandex.ru http://ulogin.ru https://ulogin.ru http://www.acint.net http://ajax.googleapis.com vk.com *.vk.com *.yandex.ru yandex.st *.yandex.net *.admitad.com ad.admitad.com *.yandexadexchange.net https://yastatic.net http://www.google.com https://www.gstatic.com https://www.google.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://toot.site 'wasm-unsafe-eval'; font-src 'self' https://toot.site; img-src 'self' data: blob: https://toot.site; style-src 'self' https://toot.site 'nonce-IGS+ZlXEbbdAKrWPGiSb4Q=='; media-src 'self' data: https://toot.site; frame-src 'self' https:; child-src 'self' blob: https://toot.site; worker-src 'self' blob: https://toot.site; connect-src 'self' blob: data: wss://toot.site https://toot.site; manifest-src 'self' https://toot.site; form-action 'self' 1
connect-src 'self' region1.analytics.google.com *.google-analytics.com *.cookiecode.nl *.googleapis.com stats.g.doubleclick.net *.clarity.ms *.sentry.io *.facebook.com *.googletagmanager.com *.hotjar.io *.hotjar.com *.salesfeed.com *.facebook.com *.googletagmanager.com connect.facebook.net f4c378bb19cc42e0bf0001bfa4d41f41.events.ubembed.com ;default-src 'self'  ;frame-ancestors 'self'  ;frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.hotjar.com f4c378bb19cc42e0bf0001bfa4d41f41.pages.ubembed.com wdgt.slinger.to ;media-src 'self'  ;object-src 'none' ; report-uri https://www.nac.nl/.csp-violation; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.clarity.ms *.google-analytics.com https://cdn.praivacy.eu *.google.com *.gstatic.com *.googleapis.com *.cookiecode.nl *.sentry-cdn.com *.conoret.com *.facebook.net *.js.ubembed.com *.ubembed.com widget.slinger.to ;style-src 'report-sample' 'self' 'unsafe-inline' *.cookiecode.nl *.googleapis.com *.typekit.net widget.slinger.to ;img-src 'self' *.facebook.com cdn.leadinfo.net cdn.praivacy.eu *.vimeocdn.com *.google-analytics.com data: *.gstatic.com *.googleapis.com *.googletagmanager.com *.clarity.ms *.linkedin.com https://px.ads.linkedin.com i.ytimg.com img.youtube.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat c.bing.com i.ytimg.com *.linkedin.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ;font-src 'self' *.gstatic.com *.typekit.net  ; 1
frame-ancestors 'self' https://player.prezentor.com/ https://editor.prezentor.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://cookie-cdn.cookiepro.com https://ws.zoominfo.com https://script.crazyegg.com https://scout-cdn.salesloft.com https://acsbapp.com https://js.adsrvr.org https://info.intelepeer.com https://www.googleadservices.com https://munchkin.marketo.net https://tag.demandbase.com https://googleads.g.doubleclick.net https://snap.licdn.com https://intelepeer.ai https://acsbapp.com/ google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://info.intelepeer.com https://intelepeer.ai fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://cookie-cdn.cookiepro.com https://insight.adsrvr.org https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://usermatch.krxd.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://beacon.krxd.net https://dpm.demdex.net https://dify.wpengine.com https://info.intelepeer.com https://intelepeer.ai https://wpengine.com https://accessibe.com https://acsbapp.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://scout.salesloft.com https://cdn.acsbapp.com https://privacyportal.cookiepro.com https://104-nze-984.mktoresp.com https://tag-logger.demandbase.com https://api.company-target.com https://ws.zoominfo.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io https://my.wpengine.com https://yoast.com https://acsbapp.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://acsbapp.com https://intelepeer.ai data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://id.rlcdn.com; frame-src 'self' https://insight.adsrvr.org https://td.doubleclick.net https://s.company-target.com https://www.youtube-nocookie.com https://api-e3225bcf.duosecurity.com https://match.adsrvr.org/ https://www.facebook.com https://sidebar.bugherd.com https://info.intelepeer.com https://privacyportal.cookiepro.com https://open.spotify.com https://acsbapp.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; img-src 'self' data: matomo.cinetic21.de matomo-clone.cinetic21.de; style-src 'self' 'unsafe-inline'; script-src 'self' matomo.cinetic21.de matomo-clone.cinetic21.de cinetic21.de www.cinetic21.de 'unsafe-inline' 'unsafe-eval';connect-src cinetic21.de www.cinetic21.de matomo.cinetic21.de matomo-clone.cinetic21.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://js.zi-scripts.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://cdn-cookieyes.com https://unpkg.com https://static.semrush.com https://cdn.semrush.com https://www.semrush.com https://js.hsforms.net https://pageimprove.io https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.partnerstack.com https://www.clarity.ms https://api.social9.com https://cdn.social9.com https://maps.googleapis.com https://ajax.googleapis.com https://snap.licdn.com https://cdnjs.cloudflare.com https://api.braintreegateway.com https://js.braintreegateway.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://analytics.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.linkedin.com https://www.gstatic.com https://a.quora.com https://api.amplitude.com https://cdn.amplitude.com https://api-iam.intercom.io https://widget.intercom.io https://secure.hims1nice.com https://seal.godaddy.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleoptimize.com https://certify-js.alexametrics.com https://www.google.com https://apis.google.com https://optimize.google.com https://www.googleanalytics.com https://graph.facebook.com https://connect.facebook.net https://js.intercomcdn.com  https://z.moatads.com https://sjs.bizographics.com https://www.googletagmanager.com https://cdn.wpcc.io; frame-src 'self' *.g2.com https://*.semrush.com https://forms.hsforms.com https://wp-rocket.me https://apis.google.com https://ssl.google-analytics.com https://optimize.google.com *.facebook.com s-static.ak.facebook.com https://api-iam.intercom.io  https://s.adroll.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.social9.com https://www.youtube.com; connect-src 'self' https://ws.zoominfo.com https://js.zi-scripts.com https://px.ads.linkedin.com https://region1.analytics.google.com https://developers.google.com https://analytics.google.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://www.g2.com https://cdn-cookieyes.com https://consentlog.cookieyes.com https://log.cookieyes.com https://cdn.linkedin.oribi.io https://forms.hscollectedforms.net  wss://www.semrush.com https://www.semrush.com https://cdn.jsdelivr.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://grsm.io https://partnerlinks.io https://pageimprove.io https://api.hubapi.com https://forms.hubspot.com https://v.clarity.ms https://r.clarity.ms https://b.clarity.ms https://m.clarity.ms https://o.clarity.ms wss://nexus-websocket-a.intercom.io https://apis.google.com https://www.google.com https://google.com https://www.chromestatus.com https://api.amplitude.com https://api-iam.intercom.io https://maps.googleapis.com https://snap.licdn.com https://api.social9.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com; object-src 'self'; frame-ancestors 'self' *.spinbackup.com *.spin.ai 1
frame-ancestors 'self' https://manage.newequipment.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; script-src 'self' https://www.biohort.com 'unsafe-inline' 'unsafe-eval' https://*.online-metrix.net https://www.biohort.com https://*.skadtec.com https://*.gsitrix.com https://*.payments-amazon.com https://*.googlesyndication.com https://*.hotjar.com https://*.youtube.com https://*.g.doubleclick.net https://*.clarity.ms https://*.adform.net https://*.pinimg.com https://*.bing.com https://*.googleadservices.com http://*.googleapis.com http://*.google-analytics.com https://*.elfsight.com https://*.google-analytics.com https://connect.facebook.net https://*.googletagmanager.com https://live.luigisbox.com https://cdn.luigisbox.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.6/pwacompat.min.js https://maps.googleapis.com/ https://static.unzer.com/v1/unzer.js https://widgets.trustedshops.com http://widgets.trustedshops.com https://*.api.trustedshops.com http://*.api.trustedshops.com https://www.google-analytics.com/ga.js https://maps.googleapis.com/maps-api-v3/api/js/48/4/intl/de_ALL/common.js https://maps.googleapis.com/maps-api-v3/api/js/48/4/intl/de_ALL/util.js https://*.luigisbox.com https://cdn.luigisbox.com/biohort.js; style-src 'self' https://www.biohort.com 'unsafe-inline' https://widgets.trustedshops.com http://widgets.trustedshops.com https://live.luigisbox.com https://cdn.luigisbox.com https://fonts.googleapis.com https://static.unzer.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.biohort.com https://www.biohort.com https://*.online-metrix.net https://*.googlesyndication.com https://*.amazon.com https://*.gsitrix.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.pinterest.com https://*.clarity.ms https://*.trustbadge.etrusted.com https://*.trustbadge.com https://*.api.etrusted.com https://*.trustedshops.com http://*.googleapis.com http://*.google-analytics.com https://*.elfsight.com https://stats.g.doubleclick.net http://cdn1.api.trustedshops.com https://cdn1.api.trustedshops.com https://*.heidelpay.com https://payments.amazon.de https://live.luigisbox.com https://payments-de.amazon.com https://payments-de-sandbox.amazon.com/ https://maps.googleapis.com https://api.luigisbox.com https://app.luigisbox.com https://linter.luigisbox.com https://www.roomle.com/api/v2/configurators/biohort https://*.facebook.com; font-src 'self' https://www.biohort.com data: https://widgets.trustedshops.com http://widgets.trustedshops.com https://live.luigisbox.com https://cdn.luigisbox.com https://fonts.gstatic.com https://static.unzer.com; frame-src 'self' https://www.biohort.com data: tel: 'unsafe-inline' https://*.online-metrix.net https://roomle-uploads.storage.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.hotjar.com https://*.pinterest.com https://*.heidelpay.com https://www.youtube.com https://www.youtube-nocookie.com https://static-eu.payments-amazon.com https://payments.amazon.de https://hvtool.biohort.com https://www.roomle.com blob: https://biohortgmbh.dev-vm blob: http://biohortgmbh.dev-vm blob: https://biohortgmbh.livecluster.siwa.at blob: https://biohortgmbh.com https://*.facebook.com;img-src 'self' https://www.biohort.com data: 'unsafe-inline' https://www.biohort.com https://*.online-metrix.net https://fastly.picsum.photos https://picsum.photos https://*.doubleclick.net https://*.payments-amazon.com https://*.skadtec.com https://*.googleadservices.com https://hvtool.biohort.com  https://*.facebook.net https://*.clarity.ms https://*.g.doubleclick.net https://*.pinterest.com https://*.bing.com https://*.google.com https://*.google.at https://*.google.de https://*.googletagmanager.com http://*.google-analytics.com https://*.elfsight.com https://*.elfsightcdn.com https://*.trustedshops.com https://*.ytimg.com https://www.facebook.com https://static.unzer.com https://uploads.roomle.com https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://d23yuld0pofhhw.cloudfront.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.biohort.com https://app.luigisbox.com https://live.luigisbox.com; manifest-src 'self' https://*.amazoncognito.com; media-src 'self' https://www.biohort.com; worker-src 'self'; 1
frame-ancestors 'self' https://edicola.tarantobuonasera.it 1
"upgrade-insecure-requests" 1
object-src 'none';base-uri 'self';script-src 'nonce-MmI0MmY1MDgyMQ/ZjNkZGExMmJhZGQ0NGY=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' fonts.gstatic.com c90dc8aab2ee480299cd2874464ac2c2.svc.dynamics.com mktdplp102cdn.azureedge.net; child-src 'self' c90dc8aab2ee480299cd2874464ac2c2.svc.dynamics.com a1f33a287a0a492f9dc3869869e921e4.svc.dynamics.com www.youtube-nocookie.com accounts.google.com apis.google.com greenhouse.zendesk.com/embeddable/config platform.linkedin.com www.google.com www.linkedin.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com www.facebook.com; connect-src 'self' https://*.clarity.ms/collect https://c90dc8aab2ee480299cd2874464ac2c2.svc.dynamics.com stats.g.doubleclick.net *.infopulse.com tracking.crazyegg.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com t.influ2.com script.crazyegg.com docs.google.com/feeds/download/documents/export/Export www.google-analytics.com ssl.google-analytics.com *.googleapis.com *.googleusercontent.com fonts.gstatic.com sxt.cdn.skype.com https://mktdplp102cdn.azureedge.net settings.luckyorange.com cdn.linkedin.oribi.io ibc-flow.techtarget.com in.hotjar.com r.lr-ingest.com wss://wsp3.hotjar.com content.hotjar.io wss://wsp21.hotjar.com wss://in.visitors.live wss://realtime.luckyorange.com https://api-preview.luckyorange.com wss://ws.hotjar.com/api/v2/client/ws https://infopulse.piwik.pro/ppms.php vc.hotjar.io; img-src * data: blob:; media-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com trk.techtarget.com sc.lfeeder.com www.clarity.ms c90dc8aab2ee480299cd2874464ac2c2.svc.dynamics.com mktdplp102cdn.azureedge.net bat.bing.com www.googleadservices.com static.ads-twitter.com script.crazyegg.com snap.licdn.com connect.facebook.net go.infopulse.com *.influ2.com apis.google.com platform.linkedin.com tagmanager.google.com www.googletagmanager.com ssl.google-analytics.com www.dropbox.com/static/api/2/dropins.js www.google.com/js/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.linkedin.com safari-extension://* *.googleapis.com www.google-analytics.com www.googletagmanager.com/gtm.js tools.luckyorange.com cdn.lr-ingest.com static.hotjar.com script.hotjar.com settings.luckyorange.com googleads.g.doubleclick.net infopulse.containers.piwik.pro; style-src 'self' 'unsafe-inline' tagmanager.google.com/ *.googleapis.com; frame-ancestors 'self' youtube.com *.infopulse.com; worker-src 'self' *.infopulse.com blob:; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.stockmanbank.com https://www.onlinebanktours.com https://www.googletagmanager.com *.doubleclick.net https://up.pixel.ad https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ https://www.onlinebanktours.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://up.pixel.ad/ https://pixel.sitescout.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.stockmanbank.com *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com/ https://picsum.photos/ https://cdn.oectours.com *.google.com https://www.googletagmanager.com https://a.mktgcdn.com https://images.printable.com https://www.onlinebanktours.com/ https://googleads.g.doubleclick.net/ https://www.google.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.gstatic.com *.googleapis.com https://cdnjs.cloudflare.com/; frame-src https://www.fintactix.com/ *.bugherd.com https://up.pixel.ad/ *.doubleclick.net bugherd-attachments.s3.amazonaws.com ws.pusherapp.com *.cloudfront.net screenshots.bugherd.com https://pixel.sitescout.com https://www.youtube.com/ https://www.onlinebanktours.com/ https://bid.g.doubleclick.net 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com https://ebank.secure.stockmanbank.com/EBC_EBC1151/js/RemoteLogon *.stockmanbank.com *.yext.com *.googleapis.com https://onlinebanktours.com *.doubleclick.net https://adservice.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.stockmanbank.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
upgrade-insecure-requests; frame-src 'self' https://www.googletagmanager.org https://www.youtube.com https://www.googleapis.com; frame-ancestors 'self'; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-Kgtr5y1mnwjVqacJ9HdKwg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' prep2021.elimparcial.com prepsonora2021.elimparcial.com prep2021bc.mx iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com *.avantisvideo.com *.aniview.com graphics.reuters.com embed.windy.com www.sunmedia.tv www.relappro.com *.flo.uri.sh flo.uri.sh premiomeritodeportivo.elimparcial.com df.elimparcial.com *.teads.tv *.bidswitch.net; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; media-src * blob: 'unsafe-inline' ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://storage.googleapis.com https://bat.bing.com https://connect.facebook.net https://*.facebook.com https://sibforms.com https://atout.email-match.com https://app.katchup.fr https://s.adroll.com https://i.realytics.io https://dcniko1cv0rz.cloudfront.net https://asset.easydmp.net https://idsync.rlcdn.com https://spl.zeotap.com https://d.adroll.mgr.consensu.org https://d.adroll.com https://sibautomation.com https://*.hotjar.com https://s.pinimg.com https://svht.tradedoubler.com https://cdn.powerspace.com https://*.pwspace.com https://*.clarity.ms https://k.d56net.com https://static.r66net.com https://u.videostep.com https://static.axept.io https://*.matomo.cloud https://conversations-widget.sendinblue.com https://tag.beyable.com https://front.activation.beyable.com https://*.sentry-cdn.com https://*.cuisines-aviva.com https://*.zemanta.com https://cdn.novius.net; object-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://idealspaces-cuisines-aviva-prod.2020-platform.com 1
default-src 'none'; connect-src 'self'; base-uri 'self'; font-src 'self'; manifest-src 'self' https://img.goabase.net/; frame-src https:; frame-ancestors 'self' https://img.goabase.net/; img-src 'self' blob: data: https:; script-src 'self' 'report-sample'; style-src 'self' 'nonce-443effd9512d7bcfc5b992f794ec81cf937b3ec40902cd7be360ef29417b349f' 'unsafe-inline' 'report-sample'; form-action 'self' https://www.paypal.com/cgi-bin/webscr; report-uri /include/csp.php 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.net  https://www.youtube.com https://platform.twitter.com https://digitalfeedback.us.confirmit.com https://snap.licdn.com ajax.googleapis.com https://www.googletagmanager.com ajax.googleapis.com https://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js https://digitalfeedback.us.confirmit.com/api/digitalfeedback/static/v32/intercept-survey.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/s/player/c153b631/www-widgetapi.vflset/www-widgetapi.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://www.google-analytics.com https://digitalfeedback.us.confirmit.com; font-src 'self' data: https://fonts.gstatic.com fonts.gstatic.com; frame-src 'self' https://fast.wistia.net/ https://survey.us.confirmit.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com; img-src 'self' data: blob: http://www.sammonsfinancialgroup.com https://sammonsfinancialgroup-updates.idevdesign.net https://www.googletagmanager.com https://www.linkedin.com https://px.ads.linkedin.com https://syndication.twitter.com https://www.google-analytics.com https://www.sammonsfinancialgroup.com; manifest-src 'self'; media-src 'self'; report-uri https://64edf3b015b491ee7271246e.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self'; connect-src 'self' maps.googleapis.com www.google-analytics.com www.paypal.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' docs.google.com e.issuu.com indd.adobe.com libanswers.greenvillelibrary.org my.nicheacademy.com  player.vimeo.com www.google.com www.paypal.com www.youtube.com; img-src 'self' data: aspen.greenvillelibrary.org http://contentcafe2.btol.com csi.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com t.paypal.com www.google-analytics.com www.gstatic.com www.paypalobjects.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com libanswers.greenvillelibrary.org maps.googleapis.com www.google.com www.google-analytics.com www.gstatic.com www.googletagmanager.com www.paypal.com www.paypalobjects.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; 1
default-src *;img-src https: data:;script-src 'unsafe-inline' 'unsafe-eval'  https:;style-src 'unsafe-inline' * 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.dynamicyield.com *.cloudmaestro.com *.searchspring.net *.googletagmanager.com *.cookiebot.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.bronto.com *.silver.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com cdnjs.cloudflare.com az690879.vo.msecnd.net api-cache.searchspring.io tpc.googlesyndication.com www.gstatic.com ey66qs.a.searchspring.io p11.techlab-cdn.com cdncy.silver.com *.womp.me wompme.blob.core.windows.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com *.fpapi.io cdn.jsdelivr.net *.fpcdn.io fpcdn.io womp.me *.fptls.com fptls.com a.klaviyo.com app.contentsquare.com *.contentsquare.net js.braintreegateway.com *.braintree-api.com; report-uri /.webscale/csp-report 1
frame-ancestors 'self' simuladores.afi.es bbvasimuladores.afi.es www.jubilaciondefuturo.es www.aminhapensao.pt exoma.in ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aminhapensao.pt *.jubilaciondefuturo.es *.youtube.com *.googlemanager.com *.googletagmanager.com *.googleapis.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.es bbva.112.2o7.net graph.facebook.com tags.tiqcdn.com apis.google.com simuladores.afi.es cdn.ampproject.org; 1
frame-src 'self' https://app.smartplanenterprise.com https://www.google.com/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.google.com *.google-analytics.com *.googletagmanager.com https://use.fontawesome.com https://cdn.fontawesome.com http://statse.webtrendslive.com;  connect-src 'self' https://www.google-analytics.com *.googletagmanager.com; img-src 'self' http://www.amcharts.com https://savemoney.co.za/ *.google-analytics.com https://*.doubleclick.net http://statse.webtrendslive.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com https://use.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; style-src-elem 'self' 'unsafe-inline' use.fontawesome.com https://code.jquery.com cdnjs.cloudflare.com eworkorders.com app.provely.io common.eworkorders.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com releases.flowplayer.org connect.facebook.net maxcdn.bootstrapcdn.com pro.fontawesome.com; style-src 'self' 'unsafe-inline' eworkorders.com  releases.flowplayer.org me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com data.processwebsitedata.com fonts.googleapis.com connect.facebook.net maxcdn.bootstrapcdn.com pro.fontawesome.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ code.jquery.com cdnjs.cloudflare.com https://common.eworkorders.com seal.alphassl.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com releases.flowplayer.org s3.amazonaws.com secure.leadforensics.com www.youtube.com ajax.googleapis.com eworkorders.com b.sf-syn.com data.processwebsitedata.com prod.purechatcdn.com snap.licdn.com app.purechat.com ct.capterra.com www.googletagmanager.com www.google-analytics.com data.processwebsitedata.com connect.facebook.net maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' eworkorders.com ws.zoominfo.com js.zi-scripts.com tags.clickagy.com seal.alphassl.com me.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com releases.flowplayer.org secure.leadforensics.com www.youtube.com eworkorders.com b.sf-syn.com prod.purechatcdn.com snap.licdn.com app.purechat.com ct.capterra.com www.googletagmanager.com www.google-analytics.com data.processwebsitedata.com connect.facebook.net maxcdn.bootstrapcdn.com; connect-src 'self' aorta.clickagy.com hemsync.clickagy.com yoast.com *.purechat.com app.provely.io idx.liadm.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com; frame-src 'self' hemsync.clickagy.com www.googletagmanager.com *.rackcdn.com www.facebook.com https://www.google.com/ www.youtube.com youtu.be https://securityscorecard.com; font-src 'self' data: securityscorecard.com use.fontawesome.com static3.avast.com cdnjs.cloudflare.com releases.flowplayer.org fonts.gstatic.com eworkorders.com maxcdn.bootstrapcdn.com pro.fontawesome.com;  img-src 'self' data: blob: code.jquery.com cdnjs.cloudflare.com www.eworkorders.com *.amazonaws.com s3.amazonaws.com app.provely.io secure.leadforensics.com releases.flowplayer.org p.adsymptotic.com www.gstatic.com www.facebook.com connect.facebook.net ps.w.org www.googletagmanager.com img.youtube.com px.ads.linkedin.com s.w.org i.ytimg.com secure.gravatar.com www.getapp.com images.eworkorders.com eworkorders.com google-analytics.com www.google-analytics.com www.facebook.com www.linkedin.com cdn.linkedin.oribi.io seal.alphassl.com; script-src-attr 'self' 'unsafe-inline'; media-src 'self' eworkorders.com app.provely.io *.rackcdn.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.eworkorders.com; report-uri https://infopros.eworkorders.com/cspreportwebsite.php 1
default-src 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io 'nonce-/ghelyj6GdMS+Vih4R4UWPiKq8JxT3PA6PJ0V5DrsrM='; frame-src 'self' 'strict-dynamic' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io 'nonce-/ghelyj6GdMS+Vih4R4UWPiKq8JxT3PA6PJ0V5DrsrM='; style-src 'self' 'unsafe-inline' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; font-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; img-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; media-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; script-src 'self' 'unsafe-inline' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; frame-ancestors 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; form-action 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; upgrade-insecure-requests; object-src 'none'; base-uri 'self' 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-c7a34f94f5c1e5b9015d3f7b0f1f18ea'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' *.psplugin 1
frame-ancestors 'self' https://sto.e-spirit.hosting 1
default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://static.imascono.com https://space.metrovacesa.com; 1
default-src 'self'; img-src https://* data:; child-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://acsbapp.com/apps/ https://acsbapp.com/apps/app/dist/js/loader.js https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://ipinfo.io/json https://acsbapp.com/apps/app/dist/js/app.js;  worker-src 'self' blob:; object-src 'none'; frame-src 'self' https://www.googletagmanager.com/ns.html; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.acsbapp.com/apps/app/dist/fonts/;  media-src 'self'; connect-src 'self' https://cdn.acsbapp.com/config/drakeintl.com/config.json https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect https://www.google-analytics.com/j/collect https://www.google.com.ph/ads/ https://www.google-analytics.com/ https://www.google.com.ph/ads/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/ https://acsbapp.com/apps/ 1
frame-ancestors 'self' https://www.marcaentradas.com https://metropolientradas.es https://www.metropolientradas.es https://www.eventsentradas.com https://eventsentradas.com 1
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; upgrade-insecure-requests; report-uri https://meta.shaunc.com/report-uri/csp 1
default-src 'self' https:; font-src 'self' https:; img-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' app.evita.ch https:; style-src 'self' https: 1
frame-ancestors https://*.facebook.com https://www.google.com https://integrations.ampifyme.com https://api.shopsheriff.com https://*.shopifypreview.com https://*.superchargify.com https://admin.shopify.com https://trustapps.co https://reviews.trustapps.co https://*.trustapps.co  https://*.myshopify.com https://*.shopifyapps.com *; 1
script-src 'self' 'unsafe-inline' *.olark.com olark.com *.bootstrapcdn.com *.jquery.com unpkg.com *.unpkg.com *.jsdelivr.net *.medichub.ro *.googletagmanager.com *.doubleclick.net *.bootstrapcdn.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.dev.webstyler.ro *.adocean.pl *.twitter.com *.google.com *.facebook.net *.facebook.com *.ytimg.com *.youtube.com *.unv.fyi *.googlesyndication.com *.google.ro *.googletagservices.com *.googleapis.com; object-src 'none' 1
frame-ancestors 'self' https://*.sekolah.mu https://*.karier.mu 1
frame-ancestors https://*.renderer.cse.canva-dev.com https://storybook.cse.canva-dev.com https://canvateam1639724441.zendesk.com https://canvateam1696641530.zendesk.com https://ui.canva.tech https://phoenix.canva-dev.com; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.easysignsfast.com *.esigns.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rubber.social; img-src 'self' https: data: blob: https://rubber.social; style-src 'self' https://rubber.social 'nonce-jugtKJPXKab9eJxUYhTeAQ=='; media-src 'self' https: data: https://rubber.social; frame-src 'self' https:; manifest-src 'self' https://rubber.social; form-action 'self'; child-src 'self' blob: https://rubber.social; worker-src 'self' blob: https://rubber.social; connect-src 'self' data: blob: https://rubber.social https://media.rubber.social wss://rubber.social; script-src 'self' https://rubber.social 'wasm-unsafe-eval' 1
script-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; connect-src *; default-src *  data: gap: content: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/; font-src * 'unsafe-eval' 'self' data: https://cdn.pficdn.com/fonts/1.0.3/; img-src *  blob: data: 'unsafe-inline' 'unsafe-eval' 'self' https://isd2.algar.tech/public/imagens/uploads/chat/ https://nexus.ensighten.com/error/; frame-ancestors 'self' https://lponlinet.prudentialdobrasil.com.br; style-src 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self'; media-src blob: 'self' https://*.speechstream.net; connect-src * ws: wss:; worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ecoevo.social; img-src 'self' https: data: blob: https://ecoevo.social; style-src 'self' https://ecoevo.social 'nonce-gCDhlMmpA//yoCGVaPLScg=='; media-src 'self' https: data: https://ecoevo.social; frame-src 'self' https:; manifest-src 'self' https://ecoevo.social; form-action 'self'; child-src 'self' blob: https://ecoevo.social; worker-src 'self' blob: https://ecoevo.social; connect-src 'self' data: blob: https://ecoevo.social https://cdn.masto.host wss://ecoevo.social; script-src 'self' https://ecoevo.social 'wasm-unsafe-eval' 1
frame-src https://d.adroll.com https://players.brightcove.net https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://6519012.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://fsastore.com https://cdn.fsastore.com https://host.fsastore.com https://tpa.fsastore.com https://tpa.hsastore.com https://hsastore.com https://fonts.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hs-banner.com https://forms.hsforms.com https://perf.hsforms.com https://track.hubspot.com https://rules.quantcount.com https://secure.quantserve.com https://pixel.quantserve.com https://ads.yahoo.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-7850d7f4b27544bd8e4699a49b801537' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self';                             font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://static.olark.com:* https://cdnjs.cloudflare.com:* https://cdn.tiny.cloud:* https://acsbapp.com:* https://stackpath.bootstrapcdn.com:* https://cdn.acsbapp.com:*;               script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ywxi.net:* https://static.olark.com:* https://code.jquery.com:* https://acsbapp.com:* https://knrpc.olark.com:* https://assets.olark.com:* https://www.googletagmanager.com:* https://www.gstatic.com:* https://unpkg.com:* https://cloud.tinymce.com:* https://cdn.tiny.cloud:* https://s3-us-west-2.amazonaws.com:* https://maps-api-ssl.google.com:* https://maps.googleapis.com:* https://www.youtube.com/iframe_api https://www.youtube.com:* https://gdata.youtube.com:* https://api.olark.com:* https://cdnjs.cloudflare.com:* https://cdn.datatables.net:* https://ajax.googleapis.com:* https://cdn.cookielaw.org:*;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:* https://static.olark.com:* https://cdnjs.cloudflare.com:* https://www.gstatic.com:* https://cdn.tiny.cloud:* https://www.tinymce.com:* https://stackpath.bootstrapcdn.com:* https://unpkg.com:* https://cdn.datatables.net:* https://maxcdn.bootstrapcdn.com:*;              connect-src 'self' https://*.amazonaws.com:* https://cdn.acsbapp.com:* https://knrpc.olark.com:* https://www.google-analytics.com:* https://maps.googleapis.com:* https://acsbapp.com:* https://process.acsbapp.com:* https://en.wikipedia.org:*;              frame-src 'self' https://static.olark.com:* https://cdndev.wellworksforyoulogin.com:* https://cdnbeta.wellworksforyoulogin.com:* https://cdnbeta2.wellworksforyoulogin.com:* https://cdnstaging.wellworksforyoulogin.com:* https://cdnuat.wellworksforyoulogin.com:* https://cdnpreprod.wellworksforyoulogin.com:* https://cdn.wellworksforyoulogin.com:* https://player.vimeo.com:* https://www.youtube.com/iframe_api https://www.youtube.com:* https://wellworks.healthstatus.com:*  https://share.vidyard.com:* https://booknow.appointment-plus.com:* https://orthushealth.looker.com:* https://nam12.safelinks.protection.outlook.com:* https://outlook.office365.com:* https://youtube.com:*;              img-src 'self' data: https://log.olark.com:* https://sp.tinymce.com:* https://web1.acsbapp.com:* https://img.youtube.com:* https://maps.gstatic.com:* https://maps-api-ssl.google.com:* https://khms0.googleapis.com:* https://khms1.googleapis.com:* https://www.googletagmanager.com:* https://mts.googleapis.com:* https://lh3.ggpht.com:* https://cdn.ywxi.net:* https://i.vimeocdn.com:* https://cdndev.wellworksforyoulogin.com:* https://cdnbeta.wellworksforyoulogin.com:* https://cdnbeta2.wellworksforyoulogin.com:* https://cdnstaging.wellworksforyoulogin.com:* https://cdnuat.wellworksforyoulogin.com:* https://cdnpreprod.wellworksforyoulogin.com:* https://cdn.wellworksforyoulogin.com:* https://cdn.acsbapp.com:* https://acsbapp.com:* https://i.ytimg.com:*;              media-src 'self' data: https://static.olark.com:*;              object-src 'none'; 1
script-src 'self' 'unsafe-inline' https://js.stripe.com https://cdn.jsdelivr.net; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://customer-hd8iekwac5bq4boe.cloudflarestream.com/ https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 1
base-uri 'self';connect-src 'self' *.googletagmanager.com *.google-analytics.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;default-src 'self' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;form-action 'self' http://testing.mydirtyhobby.de https://testing.mydirtyhobby.de https://www.mydirtyhobby.de;frame-src 'self' www.google.com;img-src 'self' data: *.allpasstrust.com *.mg.services *.googletagmanager.com *.google-analytics.com apt-cucaaxacf9ghehaw.z01.azurefd.net;media-src 'self';style-src 'self' 'unsafe-inline' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net www.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net www.gstatic.com 1
img-src 'self' data: *.net.pekao.com.pl; default-src 'self' *.net.pekao.com.pl; connect-src 'self' https://localhost:* *.net.pekao.com.pl https://chatvideo.pekao.com.pl/wchat; frame-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.net.pekao.com.pl; style-src 'self' 'unsafe-inline'; 1
frame-src 'self' https://idp.buildee.jp https://helpfeel.com;frame-ancestors 'self' https://idp.buildee.jp 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.agricover.com googleads.g.doubleclick.net www.google-analytics.com www.google.com stats.g.doubleclick.net bid.g.doubleclick.net *.adroll.com d.adroll.mgr.consensu.org connect.facebook.net www.facebook.com bat.bing.com sealserver.trustwave.com verify.authorize.net www.paypal.com www.googletagmanager.com cdn.ywxi.net s3-us-west-2.amazonaws.com www.paypalobjects.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com www.w3.org *.authorize.net seal.godaddy.com www.googleadservices.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com sync.taboola.com ads.yahoo.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net www.gstatic.com cm.g.doubleclick.net www.trustedsite.com ups.analytics.yahoo.com www.youtube.com ajax.googleapis.com app.hireology.com careers.hireology.com apply.indeed.com platform.twitter.com syndication.twitter.com www.accesscover.com maps.googleapis.com analytics.google.com *.clarity.ms c.bing.com www.socialintents.com 1
default-src 'self' *.xx.fbcdn.net localhost:44398 localhost:57708 video-cdg2-1.xx.fbcdn.net video-cdt1-1.xx.fbcdn.net campaign.leadfamly.co.uk dif.leadfamly.com stats.g.doubleclick.net report.23video.com *.google-analytics.com *.jotformeu.com difdkv2.oxygen.local difv2.oxygenservice.dk dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net *.dif.dk dif.dk www.gstatic.com www.google.com curator-assets.b-cdn.net curatorio.s3.amazonaws.com search-api.swiftype.com api.curator.io public.tableau.com candidate.hr-manager.net e.issuu.com video.dif.dk www.gravatar.com player.vimeo.com www.youtube.com www.youtube-nocookie.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.app.cookieinformation.com *.jotform.com *.arena.im *.firebaseio.com *.facebook.com *.googleapis.com *.jwplatform.com content.jwplatform.com firebaseio.com blog-rt-proxy.arena.im arena.im realtime.arena.im s-usc1f-nss-2528.firebaseio.com wss://realtime.arena.im wss://s-usc1f-nss-2528.firebaseio.com wss://blog-rt-proxy.arena.im static.cdninstagram.com videos-cloudfront-usp.jwpsrv.com assets-jpcust.jwpsrv.com prd.jwpltx.com scontent.cdninstagram.com firestore.googleapis.com cdn.getarena.im static.xx.fbcdn.net stationfy.imgix.net scontent.xx.fbcdn.net player.castr.com; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' files.cdn.leadfamly.com *.google-analytics.com report.23video.com *.googletagmanager.com *.monsido.com e.issuu.com public.tableau.com www.gstatic.com www.google.com cdn.curator.io cdn-recruiter.hr-manager.net *.app.cookieinformation.com *.jotform.com cdnjs.cloudflare.com localhost:8085 *.arena.im; script-src-elem 'self' data: https: 'unsafe-inline' 'unsafe-eval' files.cdn.leadfamly.com *.google-analytics.com report.23video.com *.googletagmanager.com *.monsido.com e.issuu.com public.tableau.com www.gstatic.com www.google.com cdn.curator.io cdn-recruiter.hr-manager.net *.app.cookieinformation.com *.jotform.com cdnjs.cloudflare.com localhost:8085 *.arena.im; style-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' cdn.curator.io cdn.jotfor.ms *.arena.im; style-src-elem 'self' data: https: 'unsafe-inline' 'unsafe-eval' cdn.curator.io cdn.jotfor.ms *.arena.im; font-src 'self' data: https: cdn.curator.io dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net cdn.jotfor.ms *.arena.im; img-src 'self' data: https: difumb.blob.core.windows.net *.monsido.com placekitten.com/300/300 dif-difv10-production.azurewebsites.net dif-v10-stage.azurewebsites.net *.google-analytics.com delivery.twentythree.com *.picsum.photos picsum.photos curator-assets.b-cdn.net video.dif.dk *.ytimg.com *.vimeocdn.com *.fbcdn.net cdn.curator.io curatorio.s3.amazonaws.com public.tableau.com www.gravatar.com umbraco.tv *.googleapis.com *.umbraco.org dif.azureedge.net cdn.jotfor.ms *.jotform.com *.arena.im; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/apps/app/dist/js/loader.js https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 https://yoast.com/shared-assets/scripts/wp-seo-premium-draft-js-plugins-source-2.0.0.min.js https://beacon-v2.helpscout.net/ https://forms.hsforms.com/ https://js.hsforms.net/forms/embed/v2.js https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 https://www.googletagmanager.com/gtm.js https://acsbapp.com/apps/app/dist/js/app.js https://j.6sc.co/6si.min.js https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039 https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js blob: ; object-src 'self'; base-uri 'self'; frame-src 'self' https://player.vimeo.com/ https://forms.hsforms.com/ https://player.vimeo.com/video/738742186 https://player.vimeo.com/video/769181738 https://player.vimeo.com/video/769182310 https://player.vimeo.com/video/694088742 https://player.vimeo.com/video/694080522; media-src 'self' https://player.vimeo.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://ads.adjust-net.jp https://apis.google.com https://b92.yahoo.co.jp https://connect.facebook.net https://cre.adjust-net.jp https://custom.search.yahoo.co.jp https://d.line-scdn.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.yimg.jp https://i.ytimg.com https://img.macromill.com https://ot.ca-mpr.jp https://platform.twitter.com https://s.yjtag.jp https://scontent-nrt1-1.xx.fbcdn.net https://sitest.jp https://social-plugins.line.me https://ssl.google-analytics.com https://ssl.gstatic.com https://static.doubleclick.net https://static.xx.fbcdn.net https://staticxx.facebook.com https://stats.g.doubleclick.net https://syndication.twitter.com https://torimochi.line-apps.com https://www.facebook.com https://www.google.co.jp https://www.google.com https://www.google-analytics.com https://www.googleapis.com https://www.youtube.com https://yjtag.yahoo.co.jp www.googletagmanager.com code.jquery.com ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com vjs.zencdn.net api.socialplus.jp production-widget.socialplus.jp e4a5a31c-921a-4d46-84ac-4cade28b6d69.cloudapp.net staging.movieplus.jp cse.google.com cdn.gaie.jp securepubads.g.doubleclick.net static.ads-twitter.com adservice.google.co.jp adservice.google.com *.googletagservices.com analytics.twitter.com *.googlesyndication.com www.movieplus.jp; img-src 'self' syndication.twitter.com custom.search.yahoo.co.jp i.yimg.jp i.ytimg.com s.yimg.jp http://www.movieplus.jp www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.jp dummyimage.com www.banger.jp 76be9462a992510f6f207ce26b54e101.cdnext.stream.ne.jp www.googleapis.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com ssl.gstatic.com cdn.gaie.jp pbs.twimg.com t.co *.googlesyndication.com analytics.twitter.com data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com api.socialplus.jp production-widget.socialplus.jp http://fonts.googleapis.com www.google.com cdn.gaie.jp www.movieplus.jp; frame-src 'self' platform.twitter.com social-plugins.line.me staticxx.facebook.com syndication.twitter.com www.facebook.com bid.g.doubleclick.net custom.search.yahoo.co.jp www.youtube.com cse.google.com *.googlesyndication.com www.google.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' www.google-analytics.com www.googleapis.com 104092656e9f45eb2bf5e2962e5778f2.cdnext.stream.ne.jp api.movieplus.jp api.gaie.jp stats.g.doubleclick.net securepubads.g.doubleclick.net *.googlesyndication.com; prefetch-src 'self' *.googlesyndication.com data:; worker-src blob:; media-src blob: 1
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com www.google.com www.gstatic.com *.googlesyndication.com www.googletagmanager.com connect.facebook.net js-agent.newrelic.com accounts.google.com *.googleadservices.com adservice.google.com adservice.google.com.pk googleads.g.doubleclick.net bam.nr-data.net onesignal.com *.onesignal.com; connect-src 'self' *.peekaboo.guru www.google-analytics.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net accounts.google.com bam.nr-data.net; img-src 'self' data: d2liqplnt17rh6.cloudfront.net www.google-analytics.com *.googleapis.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.facebook.com www.google.com www.google.com.pk googleads.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com peekaboo-guru.s3-ap-southeast-1.amazonaws.com sp-ao.shortpixel.ai secure.gravatar.com https://peekaboo.guru https://*.peekaboo.guru; media-src 'self' d2liqplnt17rh6.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com accounts.google.com onesignal.com *.onesignal.com; font-src 'self' d2liqplnt17rh6.cloudfront.net *.gstatic.com cdn.rawgit.com cdn.jsdelivr.net; frame-src 'self' https://peekaboo.guru https://*.peekaboo.guru www.facebook.com *.doubleclick.net tpc.googlesyndication.com www.google.com accounts.google.com; frame-ancestors https://peekaboo.guru https://*.peekaboo.guru https://zsajjad-93.firebaseapp.com; 1
script-src 'self' https://www.indifi.com/ https://api.ipify.org/ http://cdn.mxpnl.com/ https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://connect.facebook.net https://cdnt.netcoresmartech.com http://cdnt.netcoresmartech.com https://cdndc.netcoresmartech.com http://cdndc.netcoresmartech.com https://osjs.netcoresmartech.com 'sha256-PaCb/2+1OogLmLIX0gToFSkfnAF2v8XqHrrylZ1o8hk=' 'sha256-GITCnekPotbydlCk8ZuwVwxF1FNQVU7m3o5B/1WW2iw=' 'sha256-CLKXl4pRUUQUe2Q/Pmam0Vy7yhecsB9WRm0HbxNjGZg=' 'sha256-WsKhWras6c47iuImxEcguoNaC9XRlXucIliUwXTbA0k=' 'sha256-JTqmv64z3OQYaKcfn2Z5Pvh4vp+OBJ8dJ460mMHgt2w=' 'sha256-S1cEj6tJeZVk6MOqP8iOrYEq+4+IlHR25U5gXg04ZeI=' 'sha256-vE5psnnakVwSntlKqYQzKCgk8Lw5sHDpwci0OxpcG48=' 'sha256-w8jsNXm+WiUGxUe17VSCoxycicIB5E6MKkf0S+rsWto=' 'sha256-cN6QBGHctCrRmr6K2ObHUyCM3XJv3bn4gjTe4Bttkmg=' 'sha256-oNebb6LNS26cVtNl/rUVIs4PklJDJtkV+xcPJn6LPuM=' 'sha256-0w6w+2dcWgJRCrh50ZP4Nzf1sp+CE+LrC4OWIz1387c=' 'sha256-aC8jRr61Cra4Um/kFnL5k7qru5jdMgfEFJN40ny9rM0=' 'sha256-eCarPZ32+VaEGNW+6JVwfU+OIUOHryPP/ejFLdo68vI=' 'nonce-4529132023' https://unpkg.com https://www.youtube.com https://maps.googleapis.com/maps/api/ https://www.google.com/maps/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/ScrollMagic.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.6.0/ScrollToPlugin.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/plugins/debug.addIndicators.min.js https://www.intellectadz.com/ https://ttrk.ringocount.com/ https://postback.woost.io/ https://tracking.geoadmedia.com/ https://tracking.icubeswire.co/ https://cdn.moengage.com/ https://app-cdn.moengage.com/ https://trk.ultraind.in/ https://trk.hexawebony.com/;style-src 'self' 'unsafe-inline' https://d1lfs7vzgvps2q.cloudfront.net/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://app-cdn.moengage.com/ https://fonts.bunny.net/;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;img-src 'self' https://s3-ap-southeast-1.amazonaws.com/ https://d1lfs7vzgvps2q.cloudfront.net/ https://d2gw5c0rgmobuj.cloudfront.net/ https://www.google.com/maps/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://ttrk.ringocount.com/ https://postback.woost.io/ https://www.intellectadz.com/ https://tracking.geoadmedia.com/ https://trk.ultraind.in/ https://moe-email-campaigns.s3.amazonaws.com/ https://image.moengage.com/ https://trk.hexawebony.com/;object-src 'none';upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.gogulfwinds.com api.glia.com *.glia.com cdn.jsdelivr.net cdnjs.cloudflare.com cds-sdkcfg.onlineaccess1.com connect.facebook.net facebook.com *.facebook.com googleads.g.doubleclick.net *.doubleclick.net *.hotjar.com script.hotjar.com static.hotjar.com vc.hotjar.io wss://*.hotjar.com tags.srv.stackadapt.com google-analytics.com *.google-analytics.com google.com *.google.com googletagmanager.com gtm.com *.googletagmanager.com googleadservices.com *.googleadservices.com *.fontawesome.com  *.salemove.com *.googleapis.com *.gstatic.com wss://pubsub.salemove.com gulfwindscu.everfi-next.net *.everfi-next.net everfi-next.net *.cloudfront.net dn72ykomo3jiz.cloudfront.net *.paypalobjects.com *.paypal.com s2.adform.net *.adform.net updates.expressionengine.com *.expressionengine.com *.bat.bing.com bat.bing.com *.vimeo.com *.adsrvr.org ajax.cloudflare.com *.documatix.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net; 1
frame-ancestors 'none';object-src 'none';base-uri 'self';script-src 'nonce-weFZR6Px_ezWpYCodVY2MXAzkkNRWH3rc9tqv0VcRbQ' 'strict-dynamic' https: http: 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bolha.us; img-src 'self' https: data: blob: https://bolha.us; style-src 'self' https://bolha.us 'nonce-lNWx3K4tCZ4Kd4He7XbteA=='; media-src 'self' https: data: https://bolha.us; frame-src 'self' https:; manifest-src 'self' https://bolha.us; form-action 'self'; child-src 'self' blob: https://bolha.us; worker-src 'self' blob: https://bolha.us; connect-src 'self' data: blob: https://bolha.us https://media.bolha.us wss://bolha.us; script-src 'self' https://bolha.us 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com *.moatads.com *.qualtrics.com *.createjs.com *.ceros.com *.mobular.com js.hsforms.net; style-src 'self' 'unsafe-inline' *.twitter.com *.datatables.net *.twimg.com *.mobular.com *.googleapis.com; img-src 'self' *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com *.adsymptotic.com *.qualtrics.com *.mobular.com; media-src 'self' blob: *.boltdns.net *.akamaihd.net; font-src 'self' data: *.zencdn.net fonts.gstatic.com; object-src 'self'; connect-src 'self' *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.qualtrics.com *.mobular.com *.mobular.net cdn.linkedin.oribi.io fonts.googleapis.com; frame-src 'self' *.twitter.com *.google.com *.addthis.com *.brightcove.net *.issuu.com *.qualtrics.com *.pardot.com *.ceros.com *.captivate.fm embed.mobular.com; report-uri /cspreport 1
default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1
default-src 'self' www.youtube.com wms.nic.in player.mycast.in pmindiawebcast.nic.in rathjatra.nic.in independenceday.nic.in republicday.nic.in budgetlive.nic.in pmonradio.nic.in yogaday.nic.in *.media.nic.in; script-src-elem 'self' 'unsafe-inline' *.analytics.edgekey.net wms.nic.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' wms.nic.in; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.akamaihd.net akamaized.net *.akamaized.net *.media.nic.in api.ipify.org ipapi.co wms.nic.in; media-src *.akamaihd.net akamaized.net *.akamaized.net *.media.nic.in wms.nic.in 'self' blob:; worker-src wms.nic.in 'self' blob:; img-src wms.nic.in 'self' pmindiawebcast.nic.in rathjatra.nic.in independenceday.nic.in republicday.nic.in budgetlive.nic.in pmonradio.nic.in yogaday.nic.in i.ytimg.com *.media.nic.in; frame-src wms.nic.in 'self' *.media.nic.in player.mycast.in www.youtube.com; font-src 'self' data:; 1
default-src 'self' www.yongjinbao.com.cn finder.yongjinbao.com.cn 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
object-src 'self'; script-src https://www.unclaimedproperty.com https://unclaimedproperty.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com  https://translate.google.com https://translate.googleapis.com https://cse.google.com https://ssl.google-analytics.com https://connect.facebook.net https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.sandbox.be2bill.com https://js.be2bill.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.microsoft.com https://connect.facebook.net https://www.paypalobjects.com https://bat.bing.com https://assets.pinterest.com https://platform.twitter.com https://log.pinterest.com https://www.google.com/recaptcha/ https://www.shopping-compare.com https://easylounge.com https://kx1.co https://*.kx1.co/ https://*.payments-amazon.com/ https://*.payments-amazon.fr/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.fr/ https://easylounge.ladesk.com https://*.google.com/ https://*.googleadservices.com/ https://*.googlecommerce.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.doubleclick.net/ https://*.google.fr/ https://*.googlesyndication.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://*.matomo.cloud/;object-src 'none';style-src 'self' 'unsafe-inline' https://easylounge.com https://kx1.co https://*.kx1.co/ https://*.gstatic.com/ https://*.googleapis.com/ https://*.google.com/ https://*.googletagmanager.com/;img-src 'self' data: https://www.easylounge.com https://img.idealo.com https://static.fia-net.com https://www.facebook.com https://bat.bing.com https://img.youtube.com https://assets.pinterest.com https://www.shopping-compare.com https://easylounge.com https://tracking.lengow.com https://cl.avis-verifies.com https://marketing.net.idealo-partner.com https://tracker.beezup.com https://*.cloudfront.net/ https://*.ssl-images-amazon.com/ https://*.media-amazon.com/ https://easylounge.ladesk.com https://kx1.co https://*.kx1.co/ https://*.google.fr/ https://*.google.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.googletagmanager.com/;media-src 'none';frame-src https://*.be2bill.com/ https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://syndication.twitter.com https://easylounge.com https://tbs.tradedoubler.com https://kx1.co https://*.kx1.co/ https://cl.avis-verifies.com https://web.facebook.com https://www.avis-verifies.com https://*.payments-amazon.com/ https://*.payments-amazon.fr/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.fr/ https://easylounge.ladesk.com https://1-vbus-de.ladesk.com https://*.google.com/ https://*.doubleclick.net/ https://*.dalenys.com/;font-src 'self' data: https://*.gstatic.com/ https://*.googleapis.com/ https://easylounge.com;connect-src 'self' https://js.sandbox.be2bill.com https://js.be2bill.com https://cl.avis-verifies.com https://syndication.twitter.com https://easylounge.com https://www.facebook.com/tr/ https://*.amazon.com/ https://*.amazon.fr/ https://*.amazon.de/ https://bat.bing.com https://kx1.co https://*.kx1.co/ https://*.google-analytics.com/ https://*.google.fr/ https://*.google.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.matomo.cloud/ https://*.googleapis.com/;frame-ancestors 'none' 1
frame-ancestors http://npwebqaca.nfpower.nf.ca/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.foodaciously.com; 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; font-src 'self'; connect-src 'self' https://*.tertulia.com https://*.cloudfront.net https://*.segment.com https://*.segment.io https://*.myshopify.com https://*.google-analytics.com https://api.aer.io/api/Viewer/ViewerLink; media-src 'self'; object-src 'none'; frame-src 'self' https://lithub.com https://viewer.aer.io/vTrAeggjEwQJQrFZ/ https://www.facebook.com/; form-action 'self' https://www.facebook.com/tr/; 1
default-src 'self' data: *.leitner-reisen.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leitner-reisen.de embedsocial.com www.google-analytics.com *.intelliad.de www.googleadservices.com connect.facebook.net bat.bing.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.clarity.ms www.googletagmanager.com *.doubleclick.net *.cloudfront.net apps.mypurecloud.de; connect-src 'self' *.leitner-reisen.de www.google-analytics.com stats.g.doubleclick.net *.clarity.ms www.googletagmanager.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com *.mypurecloud.de wss://webmessaging.mypurecloud.de adservice.google.com www.google.com; style-src 'self' 'unsafe-inline' *.leitner-reisen.de embedsocial.com; font-src 'self' 'unsafe-inline' *.leitner-reisen.de data:; img-src 'self' blob: data: *.leitner-reisen.de i.ytimg.com www.facebook.com bat.bing.com *.intelliad.de *.clarity.ms www.google.com www.google.de c.bing.com www.google-analytics.com; frame-src 'self' data: *.leitner-reisen.de www.youtube-nocookie.com www.openstreetmap.org embedsocial.com www.facebook.com apps.mypurecloud.de; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net *.facebook.net *.facebook.com *.taboola.com *.youtube.com *.googletagmanager.com *.amazonaws.com *.gstatic.com tenor.com *.paypal.com *.maxcdn.com *.googlesyndication.com *.viralhog.com *.outbrain.com *.google-analytics.com *.googleadservices.com *.2mdn.net *.google.ca *.google.nl *.google.co.uk *.google.be *.google.de *.google.fr *.google.pt *.google.es *.google.ch; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-dd749eb57970433497d0f86add229484' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; sandbox allow-forms allow-scripts 1
default-src 'self';style-src 'self' 'unsafe-inline' chat.intele.com use.fontawesome.com fonts.googleapis.com popin.survey-xact.dk maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro;script-src 'self' 'unsafe-eval' 'unsafe-inline' euwa.puzzel.com www.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com *.siteimprove.com siteimproveanalytics.com cdn.siteimprove.net popin.survey-xact.dk maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro;font-src 'self' data: euwa.puzzel.com fonts.gstatic.com chat.intele.com use.fontawesome.com dhm5hy2vn8l0l.cloudfront.net *.hotjar.com pensjonskassa.containers.piwik.pro;frame-src 'self' www.survey-xact.no *.hotjar.com pensjonskassa.piwik.pro;img-src 'self' www.googletagmanager.com data: *.siteimproveanalytics.io *.siteimprove.com www.google-analytics.com ssl.gstatic.com www.gstatic.com www.survey-xact.no popin.survey-xact.dk *.hotjar.com pensjonskassa.containers.piwik.pro;connect-src 'self' *.puzzel.com *.siteimprove.com www.google-analytics.com *.doubleclick.net region1.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com pensjonskassa.piwik.pro pensjonskassa.containers.piwik.pro; 1
base-uri 'self'; frame-src * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://chaosfem.tw 'wasm-unsafe-eval'; font-src 'self' https://chaosfem.tw; img-src 'self' data: blob: https://chaosfem.tw https://chaosfemtw.files.fedi.monster; style-src 'self' https://chaosfem.tw 'nonce-Cr8j+ZwZDHymA5zme49KrA=='; media-src 'self' data: https://chaosfem.tw https://chaosfemtw.files.fedi.monster; frame-src 'self' https:; child-src 'self' blob: https://chaosfem.tw; worker-src 'self' blob: https://chaosfem.tw; connect-src 'self' blob: data: wss://chaosfem.tw https://chaosfem.tw https://chaosfemtw.files.fedi.monster; manifest-src 'self' https://chaosfem.tw; form-action 'self' 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
default-src 'none'; script-src 'self' https://js.stripe.com https://pay.google.com https://www.gstatic.com https://www.google-analytics.com/analytics.js https://internal-api.monzo.com  ; style-src 'self' https://cdnjs.cloudflare.com 'nonce-326fcf432081a9c1e0c7edee9c53bc5138ed' 'sha256-k4v9Dzltf6e0ixp3XOsEC0RIv7U+WgJRjVjWtS/Dmsw=' 'sha256-c1fU6tgmJwKNtGBW8IqZ4OBBM+HV3zpaLEy6DKxWXY0='; img-src 'self' https://q.stripe.com https://stats.g.doubleclick.net https://www.google-analytics.com https://monzo-prod-user-images.imgix.net https://monzo-nonprod-user-images.imgix.net https://internal-api.monzo.com https://api.s101.nonprod-ffs.io https://www.gstatic.com data: ;font-src 'self';frame-src * https://js.stripe.com https://pay.google.com; frame-ancestors 'none';connect-src 'self' https://internal-api.monzo.com https://api.s101.nonprod-ffs.io https://www.google-analytics.com https://m.stripe.com https://pay.google.com https://play.google.com https://api.stripe.com https://o23827.ingest.sentry.io https://stats.g.doubleclick.net; object-src 'none'; manifest-src 'self'; worker-src 'none'; base-uri 'none';prefetch-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: *.placehold.it https: data: *.youtube.com *.cloudflare.com *.google.com *.google-analytics.com *.jquery.com wss://*.tawk.to 1
default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src *; font-src * data:; frame-src *; frame-ancestors 'self'; img-src * data:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
frame-ancestors 'self' https://staging-app.wowfamily.de https://app.wowfamily.de; script-src 'nonce-jvx+N1L6q3qGoaWRPzPHHGXNC3XAjSjE6Uo+VM2dUOY=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https: http: 'report-sample' https://tagmanager.google.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.sentry-cdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com; form-action 'self' https://*.adyen.com https://*.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; connect-src 'self' localhost:* data: sentry.io *.sentry.io https://*.adyen.com https://*.clarity.ms https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.bing.com plausible.io https://*.myhello.cloud https://myhello.cloud https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu wss://*.intercom.io https://cdn.tiny.cloud; object-src 'self'; base-uri none; report-uri https://o34395.ingest.sentry.io/api/76085/security/?sentry_key=fa5d344f3deb43d4987dfa2c56000ffe&sentry_environment=production&sentry_release=5.0.114 1
default-src *.gosemofiber.com *.cloudflare.com *.crowdfiber.com *.powerfulreveal.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.co.in https://m.lookfantastic.co.in https://checkout.lookfantastic.co.in https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://ns.10be.de https://m.stripe.network https://m.stripe.com https://*.paypal.com https://www.paypal.com https://js.stripe.com https://api.stripe.com https://nightscout-reporter.zreptil.de http://nightscout-reporter.zreptil.de *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://m.stripe.network fonts.gstatic.com *.gstatic.com https://*.paypal.com https://*.stripe.com https://api.stripe.com https://js.stripe.com https://m.stripe.com https://t.paypal.com  https://nightscout-reporter.zreptil.de http://nightscout-reporter.zreptil.de https://stripe.com https://www.paypal.com https://fonts.gstatic.com https://www.googletagservices.com *.google.com https://connect.facebook.net https://cdnjs.cloudflare.com storage.googleapis.com ajax.googleapis.com; img-src 'self' https://m.stripe.network https://m.stripe.com https://t.paypal.com https://*.paypal.com https://*.stripe.com https://js.stripe.com https://www.paypalobjects.com/ https://www.paypal.com *.google.com https://www.googletagservices.com https://s-static.ak.facebook.com https://cdnjs.cloudflare.com data: storage.googleapis.com; style-src 'self' 'unsafe-inline' https://m.stripe.network https://fonts.googleapis.com https://t.paypal.com https://*.paypal.com https://*.stripe.com https://js.stripe.com https://www.paypalobjects.com/ https://www.paypal.com https://cdnjs.cloudflare.com; font-src 'self' https://m.stripe.network https://themes.googleusercontent.com https://fonts.gstatic.com *.gstatic.com; frame-src *.10be.de *.ns.10be.de https://m.stripe.network https://t.paypal.com https://*.paypal.com https://*.stripe.com https://js.stripe.com https://m.stripe.com https://paypal.com https://www.paypalobjects.com/ https://www.paypal.com https://nightscout-reporter.zreptil.de http://nightscout-reporter.zreptil.de https://www.facebook.com https://s-static.ak.facebook.com https://www.googletagservices.com *.google.com https://cdnjs.cloudflare.com storage.googleapis.com ajax.googleapis.com; object-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9c8127650c5152c04f15af052612be21'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://maps.googleapis.com https://danbsitefinitydevassets.azureedge.net https://danbsfstagingassets.azureedge.net https://danbsfprodassets.azureedge.net *.popupsmart.com/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://widget.surveymonkey.com/ https://www.surveymonkey.com/ *.hawksearch.net *.hawksearch.com tracking-dev.americaneagle.com https://cdnjs.cloudflare.com/ *.vo.msecnd.net/ https://www.googletagmanager.com/ *.googletagmanager.com/ *.crazyegg.com/ *.popupsmart.com/ *.tiktok.com/ *.tiktokcdn-us.com/ 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.hawksearch.net *.crazyegg.com *.popupsmart.com/ *.tiktokcdn-us.com/ 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.popupsmart.com/ *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://prod.smassets.net/ https://danbsitefinitydevassets.azureedge.net https://danbsfstagingassets.azureedge.net https://danbsfprodassets.azureedge.net *.crazyegg.com *.google.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://youtu.be/ https://www.youtube.com/ https://www.surveymonkey.com/ https://www.tiktok.com/ https://web.powerva.microsoft.com/ 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.insight.sitefinity.com *.popupsmart.com/ *.crazyegg.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.hawksearch.net *.hawksearch.com tracking-dev.americaneagle.com searchapi-dev.americaneagle.com https://maps.googleapis.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net/ connect.facebook.net https://analytics.google.com/g/collect https://*.analytics.google.com/g/collect; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com connect.facebook.net blob: 'self' web-chat.nativechat.com; frame-ancestors 'self' https://youtu.be/ https://www.youtube.com/ https://www.surveymonkey.com/ 1
frame-ancestors 'self' https://*.grandwild.com https://*.decta.com; 1
default-src 'self' employer.sharphealthplan.com provider.sharphealthplan.com https://epiccarelink-np.et1297.epichosted.com https://sharphealthplan.tfaforms.net https://siteintercept.qualtrics.com https://www.youtube-nocookie.com https://api-us1.cludo.com https://sharphealthplan.tfaforms.net https://www.googletagmanager.com https://sharphealthplan.siteintercept.qualtrics.com https://my2.siteimprove.com *.siteimproveanalytics.io *.siteintercept.qualtrics.com *.sharphealthplan.tfaforms.net *.siteimproveanalytics.io *.siteintercept.qualtrics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sharphealthplan.tfaforms.net https://epiccarelink-np.et1297.epichosted.com https://api-us1.cludo.com *.qualtrics.com https://www.youtube-nocookie.com https://code.angularjs.org https://angular-ui.github.io https://cdnjs.cloudflare.com  *.siteimproveanalytics.io *.siteintercept.qualtrics.com https://siteimproveanalytics.com https://siteintercept.qualtrics.com *.siteimproveanalytics.io *.jsdelivr.net *.siteimproveanalytics.com *.googletagmanager.com *.hotjar.com *.cludo.com  *.googleapis.com  *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com *.siteimproveanalytics.io *.siteintercept.qualtrics.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js  *.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://sharphealthplan.tfaforms.net https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com  https://epiccarelink-np.et1297.epichosted.com *.jsdelivr.net *.cludo.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com ; font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://sharphealthplan.tfaforms.net data: https://js.intercomcdn.com/ https://birdeye.com/ https://d1p5cqqchvbqmy.cloudfront.net; img-src 'self' https://az1.qualtrics.com https://images.ctfassets.net https://www.sharp.com https://epiccarelink-np.et1297.epichosted.com https://sharphealthplan.tfaforms.net https://www.youtube-nocookie.com *.siteimproveanalytics.io *.siteintercept.qualtrics.com  *.gstatic.com *.googleapis.com *.google-analytics.com  https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com phmc.myloancare.com https://static.intercomassets.com https://birdeye.com/ https://cdn.mappedin.com; media-src 'self' data: blob:; child-src 'self' https://sharphealthplan.az1.qualtrics.com https://epiccarelink.et1297.epichosted.com https://es.sharphealthplan.com https://es.sharpmedicareadvantage.com https://mychart-np.et1297.epichosted.com/ https://mychart.et1297.epichosted.com/ https://member.sharphealthplan.com https://stage.member.aws-nonprod.sharphealthplan.com https://epiccarelink-np.et1297.epichosted.com https://sharphealthplan.tfaforms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com  https://sharphealthplan.tfaforms.net *.siteintercept.qualtrics.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com phmc.myloancare.com; connect-src 'self' https://siteintercept.qualtrics.com https://api-us1.cludo.com https://sharphealthplan.tfaforms.net  https://www.googletagmanager.com https://sharphealthplan.siteintercept.qualtrics.com https://my2.siteimprove.com https://epiccarelink-np.et1297.epichosted.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.youtube-nocookie.com *.google-analytics.com *.gstatic.com *.blob.core.windows.net *.sharphealthplan.tfaforms.net *.siteimproveanalytics.io *.siteintercept.qualtrics.com;frame-ancestors 'self' employer.sharphealthplan.com provider.sharphealthplan.com https://sharphealthplan-dev.idevdesign.net/ https://epiccarelink.et1297.epichosted.com https://es.sharphealthplan.com https://es.sharpmedicareadvantage.com https://mychart-np.et1297.epichosted.com/ https://mychart.et1297.epichosted.com/ https://member.sharphealthplan.com https://stage.member.aws-nonprod.sharphealthplan.com  https://epiccarelink-np.et1297.epichosted.com https://www.youtube-nocookie.com; 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' *.web-start-page.com; script-src 'self' 'report-sample' *.web-start-page.com 'sha256-GGBo8gBY885xYvY7bjeWuInjeYICMEc0lMmxkN3Uh2M=' 'sha256-w8Zb8pbFFyfmRVOZrgiCCcIhHaEBKhjW8uNc9iWFIIM=' https://static.cloudflareinsights.com https://api.bing.com https://www.google.com; img-src 'self' data:; style-src 'self' 'report-sample' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.web-start-page.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://ampcid.google.com.sg https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com data: https://*.prod.mplat-ppcprotect.com https://*.lunio.ai; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.sg https://m.lookfantastic.com.sg https://checkout.lookfantastic.com.sg https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://*.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' blob: gap:; connect-src 'self' blob: https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://data.xrplf.org https://data.xahau.network https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.blockcypher.com https://api.etherscan.io https://api.blockchair.com https://blockscout.com https://songbird-explorer.flare.network wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://xrpl.ws wss://testnet.xrpl-labs.com wss://s.altnet.rippletest.net https://sentry.io https://*.ingest.sentry.io https://*.paywiser.eu https://iplist.cc/api wss://*.electronicid.eu https://*.electronicid.eu https://api.stripe.com https://xumm.app https://*.google-analytics.com wss://s.altnet.rippletest.net:51233/ wss://xahau.network/ wss://xahau-test.net/ https://xrplcluster.com wss://xrplcluster.com; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.gatehub.net; frame-src 'self' blob: data: https://gatehub.net https://*.gatehub.net https://www.google.com https://www.saltedge.com https://js.stripe.com https://hooks.stripe.com; img-src 'self' blob: data: https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://*.electronicid.eu blob: data: https://*.stripe.com; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com https://*.electronicid.eu blob: data:; object-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://*.paywiser.eu https://*.electronicid.eu https://static.sumsub.com https://js.stripe.com/ https://xumm.app/assets/cdn/xumm-xapp-sdk.min.js https://unpkg.com/xrpl@2.11.0/build/xrpl-latest-min.js; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com https://*.paywiser.eu https://*.electronicid.eu; report-uri https://gatehub.report-uri.com/r/d/csp/wizard; 1
frame-ancestors 'self' https://www.homebiogas.com https://homebiogas.com https://landing.homebiogas.com; 1
frame-ancestors manualsnet.com dev.manualsnet.com 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://tarifasgasluz.com/report-uri/enforce 1
frame-ancestors 'self' http://www.weathertechwholesale.com http://www.cabelas.com https://www.cabelas.com http://www.calcarcover.com https://www.calcarcover.com http://cabuat01.cabelas.com https://cabuat01.cabelas.com http://cabuat02.cabelas.com https://cabuat02.cabelas.com http://cabuat03.cabelas.com https://cabuat03.cabelas.com https://sandbox-assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://secure.checkout.visa.com *.intranet.dow.com *.paypal.com *.paypalobjects.com pinterest.adsymptotic.com ct.pinterest.com *.ppipe.net https://svra.com 1
object-src bdl-india.in https://cbpssubscriber.mygov.in; img-src bdl-india.in https://www.google-analytics.com/ https://cbpssubscriber.mygov.in; media-src bdl-india.in https://cbpssubscriber.mygov.in; frame-src *.tradingview.com *.google.com bdl-india.in; frame-ancestors *.gstatic.com fonts.googleapis.com bdl-india.in; font-src bdl-india.in *.gstatic.com fonts.googleapis.com https://cbpssubscriber.mygov.in; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' *.landbank.com *.globalsign.com *.google.com; img-src 'self' *.landbank.com *.globalsign.com *.google.com data: 1
default-src 'self' 'nonce-vnKMdppXLGG0Dr1t' https://*.usebeacon.app; frame-src 'self' https://player.vimeo.com; style-src 'self' 'nonce-vnKMdppXLGG0Dr1t'; script-src 'self' 'nonce-vnKMdppXLGG0Dr1t'; font-src 'self'; object-src 'none'; connect-src 'self' https://*.usebeacon.app https://api.nitrado.net; base-uri 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-downloads allow-popups; upgrade-insecure-requests; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src slack-github.com/assets-cdn/worker/ gist.slack-github.com/assets-cdn/worker/; connect-src 'self' uploads.slack-github.com media.slack-github.com www.githubstatus.com raw.slack-github.com slack-github.com *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://slack-github.com; font-src assets.slack-github.com; form-action 'self' slack-github.com gist.slack-github.com pages.slack-github.com; frame-ancestors 'none'; frame-src viewscreen.slack-github.com notebooks.slack-github.com; img-src * data:; manifest-src 'self'; media-src media.slack-github.com; script-src assets.slack-github.com; style-src 'unsafe-inline' assets.slack-github.com; worker-src slack-github.com/assets-cdn/worker/ gist.slack-github.com/assets-cdn/worker/ 1
object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
script-src 'strict-dynamic' 'nonce-T048pMbL9VXcNkysCvseZGIBzA0NEelG' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'none'; base-uri 'none'; report-uri /report/csp; report-to csp-endpoint 1
frame-ancestors https://www.channelsmanager.com https://channelsmanager.com https://portal.solidcommerce.com https://*.solidcommerce.com; 1
script-src 'self' https://*.clarity.ms https://c.bing.com https://msadsscale.azureedge.net https://*.google-analytics.com https://*.googletagmanager.com https://js.stripe.com https://*.google.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-Y0sWYIvedIIgD2ARn+GFONvyEtPAXt/FhrMm8bfhBeA=' 'sha256-N4Vmo8tb6pSc+ImxfQvM1NhFwKWUGlZd+RPuS6cXym8='; connect-src 'self' https://*.clarity.ms https://c.bing.com https://browser.pipe.aria.microsoft.com https://www.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://msadsscale.azureedge.net https://unpkg.com/vue-multiselect/dist/vue-multiselect.min.css https://cdn.jsdelivr.net/npm/famfamfam-flags/dist/sprite/famfamfam-flags.min.css https://*.google.com; frame-src https://js.stripe.com; img-src 'self' data: https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.gstatic.com https://*.media-amazon.com https://*.kelkoo.com https://icon.horse; font-src 'self' https://msadsscale.azureedge.net https://fonts.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'self'; upgrade-insecure-requests 1
script-src 'self' 'nonce-3770ccb9-92bc-4e0d-a5b2-b6b9c232b018' 'strict-dynamic' 'unsafe-eval' ; object-src none; 1
default-src 'self' data: https://*.eloqua.com https://*.amazonaws.com https://choosemylo.com https://*.choosemylo.com https://*.gstatic.com https://*.googleapis.com https://*.doubleclick.net https://*.google.com https://*.clarity.ms https://www.facebook.com https://www.google-analytics.com https://*.bing.com https://gainbridge.ada.support https://www.googletagmanager.com https://gitlab.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://bat.bing.com https://*.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.choosemylo.com https://choosemylo.com https://cloud.typography.com https://gainbridge.ada.support https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.choosemylo.com https://choosemylo.com https://cloud.typography.com https://*.googleapis.com http://localhost:*; script-src-elem 'self' 'unsafe-inline' https://*.zdassets.com https://img.en25.com https://choosemylo.com https://*.choosemylo.com https://www.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.clarity.ms https://edge.fullstory.com https://gainbridge.ada.support https://www.googletagmanager.com https://static.ada.support https://www.google-analytics.com/analytics.js https://bat.bing.com https://*.facebook.net https://googleads.g.doubleclick.net; connect-src 'self' https://*.zdassets.com https://api.emailjs.com https://*.googlesyndication.com https://api-js.mixpanel.com https://choosemylo.com https://*.choosemylo.com https://www.facebook.com ws://localhost:* wss://localhost:* https://maps.googleapis.com https://*.clarity.ms https://*.fullstory.com https://*.launchdarkly.com https://*.google.com https://www.google-analytics.com https://static.ada.support/embed-manifest.json https://gitlab.com https://browser-http-intake.logs.datadoghq.com https://*.ada.support https://stats.g.doubleclick.net; 1
default-src 'self'; script-src 'self' 'sha256-RBtVy5eOaXHKtZo7LWadGvmnmEtPnSORSp1T7EVRheE=' 'sha256-s6gvSzTOyvwm5l1U6Et37Mghbk86YZ6jC7r9v9/aUJc=' 'sha256-vYulROZsyYnas0MKX3AOT0Cs3alfs8+lu8W7fXWiMpI=' 'sha256-HNo6otakIpayRKmOJaQOLYGmjfInqUeveM6iQxifeNs=' 'sha256-HNo6otakIpayRKmOJaQOLYGmjfInqUeveM6iQxifeNs=' 'sha256-CNIsYovrjisr3GioKKn7BM4aYmd73xSrmqjKvtBUcUw=' 'sha256-WIi3ejpNYFm69bcXrSs13i1gpwhTohdBc3D2/PFuiiE='; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-src 'self' 1
img-src * data:; style-src 'self' 'unsafe-inline' *.readspeaker.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.readspeaker.com connect.facebook.net https://*.etracker.com https://*.etracker.de; 1
frame-ancestors 'none'; base-uri 'self'; object-src 'none'; 1
frame-ancestors 'self' https://meinkonto-vkw.apps.test.egv.at https://meinkonto-vkw.qa.illwerkevkw.at https://meinkonto.vkw.at 1
default-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ abancaportugal.abanca.io abancaptwt.infobolsa.es abancaptwt.bmeinntech.es privacyportal-de.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com www.googletagmanager.com cdn.cookielaw.org code.jquery.com cstatic.weborama.fr www.google-analytics.com www.googleadservices.com static.ads-twitter.com bat.bing.com connect.facebook.net analytics.twitter.com googleads.g.doubleclick.net optimize.google.com platform.twitter.com cdn.syndication.twimg.com tagmanager.google.com ssl.google-analytics.com www.google.com www.gstatic.com geolocation.onetrust.com www.recaptcha.net;style-src 'self' 'unsafe-inline' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com cdn.cookielaw.org optimize.google.com cdn.abanca.io platform.twitter.com *.twimg.com tagmanager.google.com;img-src 'self'  *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net insight.adsrvr.org cdn.abanca.io data: t.co bat.bing.com www.google.com www.google.es www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com i.ytimg.com optimize.google.com *.staticflickr.com *.staticflickr.com syndication.twitter.com *.twimg.com platform.twitter.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net tbl.tradedoubler.com cdn.cookielaw.org *.doubleclick.net;font-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.gstatic.com abanca.inbenta.com cdn.abanca.io;frame-src 'self' www.youtube-nocookie.com llamamegratis.es mediadiamondes.solution.weborama.fr optimize.google.com www.facebook.com maps.google.com www.google.com www.youtube.com platform.twitter.com syndication.twitter.com w.soundcloud.com bid.g.doubleclick.net *.fls.doubleclick.net www.recaptcha.net;connect-src 'self' *.abanca.io www.google-analytics.com *.infobolsa.es *.bmeinntech.es suite.conver.fit privacyportal-de.onetrust.com cdn.cookielaw.org stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com cdp.abanca.com cdpdev.abanca.com cdp.abanca.pt maps.googleapis.com;base-uri 'self';object-src 'none' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://connect.facebook.net https://seal.websecurity.norton.com https://www.google-analytics.com https://s-usc1c-nss-221.firebaseio.com https://reactify-61b82.firebaseio.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://blueimp.github.io https://www.googletagmanager.com; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src *; object-src *; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-7fe4912476c74887aaaac96ede6e98fc' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-lQMtKFKvZgz/GR8bNBi7Vh1irX6see' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' cdn.divineshop.vn www.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.doubleclick.net www.facebook.com connect.facebook.net analytics.tiktok.com onesignal.com cdn.onesignal.com; style-src 'self' 'unsafe-inline' cdn.divineshop.vn onesignal.com; connect-src 'self' cdn.divineshop.vn www.google-analytics.com *.doubleclick.net www.facebook.com *.googleapis.com onesignal.com; img-src 'self' https: data:; object-src 'none'; form-action 'none'; base-uri 'none'; block-all-mixed-content 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:;; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.segment.com https://unpkg.com https://*.onfido.com https://sentry.io https://*.livechatinc.com https://*.safecharge.com https://*.betty.ca https://*.facebook.net https://*.hotjar.com https://*.adform.net;connect-src * 'self' data: blob: https://*.onfido.com wss://*.onfido.com https://sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.bg https://*.analytics.google.bg https://*.google-analytics.ca https://*.analytics.google.ca;img-src 'self' data: blob: *.betty.ca https://*.cloudfront.net https://*.amazonaws.com https://flagcdn.com/ https://*.onfido.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.bg https://*.analytics.google.bg https://*.google-analytics.ca https://*.analytics.google.ca https://*.safecharge.com https://*.facebook.com https://*.seadform.net;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.onfido.com https://*.safecharge.com;base-uri 'self';form-action 'self';font-src 'self' data: 'unsafe-inline' https://*.gstatic.com https://*.livechatinc.com;frame-src * 'self' data: blob:;frame-ancestors 'self' *.betty.ca betty.ca;media-src * blob: https://*.onfido.com;manifest-src *;worker-src * blob:;object-src * 'self' blob:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Q4YGlt32MOfTpPdNUmQ+Pg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0g8bkp1iqu4ju&partner=; 1
script-src 'report-sample' 'nonce-G2VQre1fdIU-N1G9ZA0aIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' wss://bitwarden.32879.xyz https://api.pwnedpasswords.com https://api.2fa.directory; object-src 'self' blob:; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://app.mailjet.com https://kit.fontawesome.com https://unpkg.com https://maps.googleapis.com; img-src 'self' data: https://app.mailjet.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://kit-free.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://kit-free.fontawesome.com https://ka-f.fontawesome.com; frame-src 'self'; object-src 'none' 1
frame-ancestors 'self' powerapps.com *.powerapps.com *.azureedge.net *.windows.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.pt https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.pt https://m.lookfantastic.pt https://checkout.lookfantastic.pt https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-15c4e78178aaa2afc6f7664a8ff128e6'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://*.msn.com https://*.msn.cn https://*.bing.com https://staging-bing-int.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js import: blob: https://uip.canary.lwc.dev https://www.google.com/recaptcha/api.js https://www.gstatic.com https://mdccs--sit.my.salesforce.com https://www.ssa.gov/accessibility/andi/help/install.html; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob: https://www.gstatic.com https://www.google.com; img-src 'self' data: blob: https://mdccs.my.salesforce.com https://mdccs.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://www.sandbox.paypal.com https://www.paypal.com https://na215.salesforce.com/icons/ https://www.gstatic.com https://childcareportals.my.site.com https://www.google.com; media-src 'self' blob: https://www.gstatic.com https://www.google.com; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://na215.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://js.stripe.com/ https://www.paypal.com https://www.sandbox.paypal.com https://*.c.forceusercontent.com/lightningmaps/ https://*.c.forceusercontent.com https://location.force.com https://mdccs.file.force.com https://www.gstatic.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com/ https://www.gstatic.com https://www.google.com; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://mdccs.my.salesforce-scrt.com https://www.gstatic.com https://www.google.com 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval'  t.contentsquare.net   app.contentsquare.com   t.clicktale.net  contentsquare.com *.contentsquare.net *.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com *.jquery.com datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com scotiabank.tt.omtrdc.net  *.scotiabank.com  snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com  52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com www.profuturo.com.pe;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com.pe  *.google.ca  *.google.com  *.adobedtm.com  https://www.google-analytics.com   *.facebook.com   *.scotiabank.com   *.winperu.pe   *.googleapis.com   datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com   snap.licdn.com   px.ads.linkedin.com   p.adsymptotic.com   52.18.162.157   52.17.161.123   activitymap.adobe.com   googleads.g.doubleclick.net   *.contentsquare.net  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com ;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval' *.clicktale.net contentsquare.com *.contentsquare.net www.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net *.winperu.pe  *.googleapis.com  *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com scotiabank.tt.omtrdc.net datatrustcatalogobucket.s3.us-east-2.amazonaws.com   datatrustperu.com  *.scotiabank.com snap.licdn.com  px.ads.linkedin.com  p.adsymptotic.com 52.18.162.157  52.17.161.123  activitymap.adobe.com  www.tiktok.com/es  ads.tiktok.com/i18n/login  displayvideo.google.com  analytics.tiktok.com ; 1
default-src 'self' js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
default-src 'self'; object-src 'self'; media-src 'self'; style-src 'unsafe-inline' *; img-src * data: blob: *.vimeocdn.com; font-src * data:; connect-src * data: wss://*.zopim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.moatads.com wurfl.io *.booxi.com booxi.com *.online.flexiti.fi online.flexiti.fi *.onlineapi.flexiti.fi onlineapi.flexiti.fi *.codylindley.com http://codylindley.com *.gridserver.com gridserver.com *.cdnjs.cloudflare.com cdnjs.cloudflare.com *.a.omappapi.com a.omappapi.com *.paysafe.com *.hotjar.com *.justuno.com *.jst.ai *.srv.stackadapt.com *.heyday.ai *.octapi.net *.recettes.net tagmanager.google.com captcha.gecirtnotification.com api.comprigo.com static.zdassets.com gateway.zscaler.net *.dcbap.com *.mydomastudio.com assets.shoptagr.com *.paypal.com *.signifyd.com *.addthis.com *.akamaihd.net *.addthisedge.com gateway.zscloud.net *.itineraire.info www.google.com www.google-analytics.com *.googleadservices.com *.googlesyndication.com www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.facebook.com connect.facebook.net t.trackedlink.net secure.adnxs.com tags.tiqcdn.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io chimpstatic.com ib.adnxs.com cdn.districtm.ca pixel.adacado.com assets.pinterest.com *.googleapis.com *.instagram.com *.bing.com *.pinimg.com online-training.flexiti.fi *.hullabalook.com https://*.hullabalook.com webchat.heyday.ai wurfl.io *.vimeo.com vimeo.com *.vimeocdn.com; frame-src 'self' gsa://onpageload h.online-metrix.net *.flexiti.fi online-training.flexiti.fi *.online-training.flexiti.fi https://player.vimeo.com wurfl.io *.booxi.com booxi.com *.online.flexiti.fi online.flexiti.fi *.onlineapi.flexiti.fi onlineapi.flexiti.fi *.codylindley.com codylindley.com *.gridserver.com gridserver.com *.cdnjs.cloudflare.com cdnjs.cloudflare.com *.a.omappapi.com a.omappapi.com *.paysafe.com *.hotjar.com *.justuno.com *.jst.ai *.srv.stackadapt.com *.heyday.ai *.facebook.net *.google.com *.signifyd.com *.mydomastudio.com www.facebook.com store.plumrocket.com mozbar.moz.com *.cloudfront.net *.paypal.com *.addthis.com *.addthisedge.com cdncache-a.akamaihd.net www.polyvore.com  acdn.adnxs.com client.comprigo.com *.amazonaws.com tpc.googlesyndication.com www.ciuvo.com *.kamaihd.net *.soundcloud.com tags.tiqcdn.com www.googletagmanager.com www.youtube.com s7.addthis.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io bid.g.doubleclick.net *.fls.doubleclick.net assets.pinterest.com *.googleapis.com *.instagram.com *.hullabalook.com https://*.hullabalook.com *.hulla-cdn.com player.vimeo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https://*.maps.yandex.net enterprise.api-maps.yandex.ru https://mc.yandex.ru https://marketplace.1c-bitrix.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://enterprise.api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://bitrix.info; child-src 'self' blob: https://mc.yandex.ru; frame-src 'self' blob: https://mc.yandex.ru https://www.ispmanager.ru; connect-src 'self' https://mc.yandex.ru https://bitrix.info https://www.1c-bitrix.ru 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adsrvr.org *.analytics.yahoo.com *.ctctcdn.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googleapis.com *.googleservices.com *.googletagmanager.com *.gstatic.com *.monsido.com *.simpli.fi *.soundcloud.com *.youtube.com bat.bing.com cdn-cookieyes.com cdnjs.cloudflare.com flcancer.com ib.adnxs.com publuu.com static.addtoany.com www.glassdoor.com *.cdc.gov *.hhs.gov *.nih.gov *.genome.gov *.cancer.gov secure.gravatar.com *.clarity.ms *.pageproofer.com *.srcspot.com *.rlets.com *.gannettdigital.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' statistiek.rijksoverheid.nl *.mailplus.nl piwik.dtnr.nl https://cdnjs.cloudflare.com www.google.com; style-src 'self' 'unsafe-inline' static.mailplus.nl https://cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://silpion.de 1
report-to 'none' 1
frame-src 'self' *.b2clogin.com https://www.youtube.com https://www.google.com https://services.gastronovi.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com www.gastronavi.de www.googleadservices.com googleads.g.doubleclick.net blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.gastronavi.de www.googleadservices.com googleads.g.doubleclick.net www.google.com www.recaptcha.net content.syndigo.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.frischeparadies.de/report-uri/enforce 1
base-uri 'self'; font-src 'self' *.german-pavilion.com; form-action 'self' *.german-pavilion.com; frame-ancestors 'self'; img-src * 'self' *.german-pavilion.com data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' *.german-pavilion.com localhost ws://localhost:24678/_nuxt/; script-src 'self' localhost https://*.german-pavilion.com 'unsafe-inline' 'unsafe-eval' 1
font-src fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action livechat.boldchat.com www.facebook.com *.salesforce.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.vee24.com *.authorize.net 'self'; frame-src livechat.boldchat.com www.google.com www.pinterest.com *.sharethis.com *.vee24.com *.doubleclick.net www.facebook.com www.paypalobjects.com www.eventbrite.com www.youtube.com *.gemfind.net *.cookielaw.org *.salesforce.com *.youtube-nocookie.com *.jotform.com *.submit.jotform.com *.adsrvr.org *.pinterest.com optimize.google.com *.attn.tv fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net 'self' 'unsafe-inline'; img-src *.placeholder.com bat.bing.com *.boldchat.com cdnjs.cloudflare.com www.facebook.com *.getsitecontrol.com www.google.com www.googletagmanager.com *.igodigital.com *.pinterest.com *.scene7.com *.doubleclick.net *.robbinsbrothers.com maps.gstatic.com *.googleapis.com *.googleusercontent.com *.ggpht.com *.sharethis.com *.ytimg.com *.googleadservices.com *.clarity.ms *.bing.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com *.gstatic.com *.cookielaw.org assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src *.getsitecontrol.com *.bing.com *.boldchat.com *.doubleclick.net *.vee24.com cdnjs.cloudflare.com cdn.cookielaw.org *.facebook.net *.sharethis.com *.igodigital.com *.pinimg.com *.pardot.com www.google.com www.gstatic.com maps.googleapis.com js-agent.newrelic.com bam-cell.nr-data.net g1584674682.co *.authorize.net *.ccdc02.com www.eventbrite.com *.gemfind.net www.youtube.com *.cookielaw.org *.salesforce.com *.onetrust.com *.newrelic.com *.clarity.ms *.tiktok.com https://g1584674684.co/ *.nr-data.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.adsrvr.org optimize.google.com *.googleapis.com *.attn.tv assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com optimize.google.com *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src *.googleapis.com 'self' 'unsafe-inline'; media-src *.scene7.com download-video.akamaized.net *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src bat.bing.com *.boldchat.com www.facebook.com *.getsitecontrol.com www.google-analytics.com *.pinterest.com *.robbinsbrothers.com *.sharethis.com *.vee24.com *.doubleclick.net cdn.cookielaw.org bam-cell.nr-data.net www.paypal.com *.authorize.net *.salesforce.com *.getsitectrl.com 	*.clarity.ms *.onetrust.com *.tiktok.com *.nr-data.net *.analytics.google.com *.googletagmanager.com *.google-analytics.com bcp.crwdcntrl.net *.googleapis.com *.attn.tv *.attentivemobile.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com; report-uri /report-csp-violation 1
report-uri /jss/csp_report.phtml;base-uri 'self';default-src 'self' pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com blob:;script-src 'self' 'nonce-827a78d8-fb94-49ae-aa28-ccf35bbd8e76' 'unsafe-eval' pd1ql.stereocdn.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' pd1ql.stereocdn.com;font-src 'self' data: pd1ql.stereocdn.com;frame-src 'self' pd1ql.stereocdn.com www.youtube.com;connect-src 'self' blob: pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io;img-src 'self' data: blob: *;media-src 'self' data: blob: pd1ql.stereocdn.com d13058ycfhe2cj.cloudfront.net am-us.stereocdn.com d1uys5gv2539gd.cloudfront.net am-eu.stereocdn.com stereocdn.com static.stereo.com storage.stereo.com stereo-images.stereocdn.com media.stereocdn.com *.amazonaws.com records.stereocdn.com;manifest-src 'self' pd1ql.stereocdn.com;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self';form-action 'self';script-src-attr 'none' 1
frame-ancestors 'self' *.bankofmissouri.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' https://*.flickr.com; style-src https: 'unsafe-inline' https://*.flickr.com; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.googleapis.com *.google.com assets.wogaa.sg assets.dcube.cloud *.doubleclick.net ws.sharethis.com *.readspeaker.com; script-src 'self' 'unsafe-eval' assets.adobedtm.com *.sms2.gpc.gov.sg s.ytimg.com *.youtube.com *.gov.sg appsms.sgmail.sgnet.gov.sg *.www-stg.sgpc.gov.sg api.data.gov.sg *.readspeaker.com 'unsafe-inline' assets.wogaa.sg assets.dcube.cloud js.ptengine.com js.ptengine.jp connect.facebook.net ws.sharethis.com *.cloudfront.net *.googletagmanager.com t.sharethis.com *.google-analytics.com *.googleadservices.com static.ads-twitter.com analytics.twitter.com *.doubleclick.net; connect-src 'self' *.onemap.sg dpm.demdex.net snowplow-sentiments.wogaa.sg snowplow-web.wogaa.sg *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.assets.wogaa.sg *.assets.dcube.cloud *.doubleclick.net l.sharethis.com *.readspeaker.com data:; font-src 'self' assets.wogaa.sg assets.dcube.cloud *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.assets.wogaa.sg *.assets.dcube.cloud *.fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' * data:; frame-src 'self' wogaa.demdex.net *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg *.facebook.com *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com ws.sharethis.com c.sharethis.mgr.consensu.org t.sharethis.com *.readspeaker.com; media-src 'self' *;object-src 'none'; 1
default-src 'nonce-68fb92895e495e67c5dba3411e80b77d' 'self'; form-action 'self';connect-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https:; frame-src 'self' https://www.google.com/recaptcha/ https://www.buyatab.com https://na.account.amazon.com; 1
default-src 'self' *.go.com * data:; script-src 'self' *.go.com *.wdpromedia.com 'unsafe-inline' 'unsafe-eval' *.demdex.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.scorecardresearch.com *.licdn.com *.google-analytics.com *.yimg.com *.bing.com *.linkedin.com *.yahoo.com *.disney.com *.akamaihd.net *.omtrdc.net *.twitter.com *.ads-twitter.com *.googleadservices.com *.instagram.com *.tiktok.com *.ttwstatic.com cdn.resonate.com *.doubleclick.net *.cookielaw.org *.onetrust.com *.adsrvr.org js.adsrvr.org; style-src 'self' 'unsafe-inline' *.wdpromedia.com *.go.com *.disney.com *.tiktok.com *.ttwstatic.com; img-src 'self' *.go.com *.wdpromedia.com * data: *.disney.com; connect-src 'self' *.go.com * data: *.google-analytics.com *.disney.com; font-src 'self' *.go.com * data:; frame-src 'self' *.go.com *.adsrvr.org *.disney.com * data:; 1
frame-ancestors https://www-chevrolet-ca.prd2.wpx.gm.com https://www-chevrolet-ca.proj.wpx.gm.com https://www-chevrolet-ca.prd1a.wpx.gm.com https://www-chevrolet-ca.prd1.wpx.gm.com https://auth-seg9.gm.com 'self'; 1
upgrade-insecure-requests;style-src 'self' 'nonce-vShvPjsDS9dkxce';font-src 'self';script-src 'self' 'nonce-vShvPjsDS9dkxce' ;connect-src 'self' https://outerheaven.club wss://outerheaven.club;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
child-src blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ https://www.googletagmanager.com *.cookiebot.com www.recaptcha.net hiberworld.com *.hiberworld.com;connect-src http://hiberworld.com *.hiberworld.com ws://*.hiberworld.com *.hiberworld.com wss://*.hiberworld.com *.hiberworld.com blob: rum.browser-intake-datadoghq.eu readyplayerme.github.io *.cookiebot.com *.dive.games cdn.hibervr.com *.digitaloceanspaces.com *.readyplayer.me www.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.google.com stats.g.doubleclick.net *.google.com readyplayerme-assets.s3.amazonaws.com unpkg.com *.alchemyapi.io *.alchemy.com cloudflare-eth.com wss://www.walletlink.org/rpc wss://*.walletconnect.org wss://*.walletconnect.com https://hiber-cdn.s3.eu-west-1.amazonaws.com;font-src hiberworld.com *.hiberworld.com;img-src data: blob: cdn.hibervr.com *.amazonaws.com *.readyplayer.me files.stripe.com https://rpm-model-viewer-proto.vercel.app consent.cookiebot.com hiberworld.com *.hiberworld.com www.google-analytics.com imgsct.cookiebot.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat img.youtube.com images.ctfassets.net cdn.jsdelivr.net;media-src data: cdn.hibervr.com;manifest-src hiberworld.com *.hiberworld.com;object-src ;worker-src blob: hiberworld.com *.hiberworld.com;script-src 'strict-dynamic' 'nonce-0826c2c2-7c7e-4fc5-b068-d54b4526491b' https: http: 'wasm-unsafe-eval';style-src cdn.hibervr.com 'unsafe-inline' hiberworld.com *.hiberworld.com;frame-src js.stripe.com codesandbox.io vars.hotjar.com blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ *.cookiebot.com https://hiber.hiberworld.com http://dao.dev.hiberdev.net https://dao-pr.hiberworld.com https://dao-pr.dev.hiberdev.net https://dao.dev.hiberdev.net https://dao-pr.stage.hiberdev.net https://dao.stage.hiberdev.net www.recaptcha.net hiberworld.com *.hiberworld.com *.doubleclick.net https://*.walletconnect.com;base-uri 'self' 1
default-src 'self' https://accounts.google.com 'unsafe-inline'; child-src 'none'; frame-src https://accounts.google.com 1
connect-src https://www.emiratesline.com; 1
default-src 'self' api.github.com framerusercontent.com framer.com events.framer.com app.framerstatic.com fonts.gstatic.com *.google-analytics.com analytics.google.com leather.us21.list-manage.com; style-src 'unsafe-inline'; script-src 'unsafe-inline' framer.com *.googletagmanager.com framerusercontent.com events.framer.com; img-src 'self' data: https://*; child-src 'none'; frame-ancestors 'none'; 1
frame-ancestors https://*.nexxchange.com https://*.golf.at https://node05.oegvcloud.at http://golflignano.it https://www.gcfrauenthal.at http://www.reggioemiliagolf.com https://teetime.golfamattersee.at https://www2.golfstvigilseis.it http://www.golfstvigilseis.it https://golfasocijacijasrbije.rs https://www.gc-oberneuland.de https://golfcentar.rs https://www.golfcentar.rs https://golfclub.co.rs https://*.golf-absolute.de; 1
frame-ancestors 'self' http://www.philips.fi *.philips.com *.philips.fi https://philipsigtdpv.com 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
connect-src 'self' https://www.googleapis.com/customsearch/v1 https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://maps.googleapis.com ;  frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://scv.bankstatements.com.au/ ;  default-src 'self' ;  img-src 'self' data: https://*.tmcdn.co.nz https://*.google.co.nz https://*.google.com https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googletagmanager.com https://maps.googleapis.com https://*.fls.doubleclick.net https://ade.googlesyndication.com ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://*.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://adservice.google.com https://googleadservices.com https://az416426.vo.msecnd.net https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com ;  style-src 'self' 'unsafe-inline' https://www.co-operativebank.co.nz https://my.co-operativebank.co.nz https://apply.co-operativebank.co.nz https://tagmanager.google.com https://fonts.googleapis.com ;  media-src blob: ;  font-src 'self' data: https://fonts.gstatic.com 1
script-src 'unsafe-inline' https: 'nonce-9E9cAYx74yxeUSOeYSfN7DXLkWo=' 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'nonce-9E9cAYx74yxeUSOeYSfN7DXLkWo=' api.extranet.pl; font-src data: 'self'; manifest-src 'self'; frame-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'none';  form-action 'self'; base-uri https://www.extranet.pl/ 1
base-uri 'self' *.vimeo.com *.youtube.com *.twitter.com *.google-analytics.com *.googleads.g.doubleclick.net *.googleapis.com www.wp-hosting.no; default-src 'self' *.vimeo.com *.youtube.com *.twitter.com *.google-analytics.com *.googleads.g.doubleclick.net *.googleapis.com; style-src 'self' 'unsafe-inline' www.vimeo.com www.youtube.com fonts.googleapis.com; script-src 'self' 'nonce-906f59dc8b' 'unsafe-eval' 'unsafe-hashes' 'sha256-PipDBblHIwl4UCSJGxOe2HimW3eqO/S9t5GiXoJDHMM=' 'sha256-tGHJwE8Jm0oOUj1EIhG1KiCCQpXq1kJZSkF+uMvCVBE=' *.googletagmanager.com cdn.jsdelivr.net *.googleapis.com cdnjs.cloudflare.com platform.twitter.com *.google-analytics.com *.youtube.com *.doubleclick.net www.google.com www.gstatic.com www.wp-hosting.no; img-src 'self' data: *.ggpht.com *.vimeo.com *.youtube.com *.ytimg.com *.gravatar.com *.google-analytics.com *.gstatic.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' *.googleapis.com *.google-analytics.com *.wp-hosting.no; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ckeditor.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.onetrust.io nova.collect.igodigital.com 534005068.collect.igodigital.com *.recaptcha.net *.theachievery.com *.doubleclick.net *.amazoncognito.com *.amazonaws.com *.amplitude.com *.prismic.io prismic.io *.takeoffmedia.com *.bitmovin.com *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net *.googleadservices.com *.facebook.com *.googleapis.com *.google.com *.gstatic.com *.google.ca blob:; img-src 'self' i.ytimg.com i.vimeocdn.com cdn.ckeditor.com www.googletagmanager.com fonts.gstatic.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.onetrust.io nova.collect.igodigital.com *.theachievery.com *.takeoffmedia.com *.recaptcha.net *.doubleclick.net *.bing.com *.google.com *.google-analytics.com *.facebook.com *.amazonaws.com data:; frame-src 'self' *.google.com *.doubleclick.net *.youtube.com *.vimeo.com *.prismic.io 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://shop.pzu.com.ua https://optimize.google.com https://*.doubleclick.net https://www.facebook.com  https://www.ssl.gstatic.com https://*.googleapis.com *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com *.gstatic.com https://www.googleapis.com *.googleoptimize.com https://*.googletagservices.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://tagmanager.google.com https://*.googlesyndication.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.apis.google.com https://apis.google.com; object-src 'self' https://*.doubleclick.net https://maps.googleapis.com *.googleadservices.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wikis.world; img-src 'self' https: data: blob: https://wikis.world; style-src 'self' https://wikis.world 'nonce-ynBCG+BwTwbM5wJxiZhNYw=='; media-src 'self' https: data: https://wikis.world; frame-src 'self' https:; manifest-src 'self' https://wikis.world; form-action 'self'; child-src 'self' blob: https://wikis.world; worker-src 'self' blob: https://wikis.world; connect-src 'self' data: blob: https://wikis.world https://cdn.masto.host wss://wikis.world; script-src 'self' https://wikis.world 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.org www.googletagmanager.com d33t3vvu2t2yu5.cloudfront.net google-analytics.com  v1.addthis.com apis.google.com s7.addthis.com v1.addthisedge.com  www.google-analytics.com ajax.googleapis.com apps.googleusercontent.com play.google.com videojs.com; 1
connect-src 'self' https://*.ats-platform.com https://*.hireserve.nl https://*.bugsnag.com https://consentcdn.cookiebot.com https://*.cloudfront.net https://*.algolia.net https://*.hotjar.com https://*.algolia.io https://my.yoast.com https://yoast.com https://*.sudwestfryslan.nl https://*.readspeaker.com; default-src 'self' https://*.sudwestfryslan.nl; font-src 'self' data: https://*.ats-platform.com https://*.hireserve.nl https://cdn.jsdelivr.net https://*.hotjar.com https://*.typekit.net; form-action 'self' https://*.ats-platform.com https://*.hireserve.nl https://*.ogone.com; frame-src https://*.vimeo.com https://*.ats-platform.com https://*.hireserve.nl https://*.savviihq.com https://*.sudwestfryslan.nl https://consentcdn.cookiebot.com https://sudwestfryslan.nl https://*.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com; img-src 'self' data: https://*.ats-platform.com https://*.hireserve.nl https://*.savviihq.com https://*.sudwestfryslan.nl https://*.openstreetmap.org https://*.siteimproveanalytics.io https://ajax.googleapis.com https://*.w.org https://secure.gravatar.com https://translate.yoast.com https://www.paypalobjects.com https://qr-code.ithemes.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hireserve.nl https://*.facebook.net https://beacon-v2.helpscout.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.hotjar.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://polyfill.io https://*.readspeaker.com https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://*.hireserve.nl https://ajax.googleapis.com https://cdn.jsdelivr.net https://*.typekit.net https://*.readspeaker.com https://*.google.com https://*.gstatic.com; worker-src 'self' 1
default-src 'self' *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.cloudfront.net *.trustarc.com *.amazonaws.com *.qualtrics.com *.googletagmanager.com data:;               style-src 'self' *.aspnetcdn.com *.googleapis.com  *.hotjar.com *.trustarc.com 'unsafe-hashes' 'unsafe-inline';              script-src 'self' *.trustarc.com *.aspnetcdn.com *.jquery.com *.recaptcha.net *.gstatic.com *.gstatic.cn *.hotjar.com *.googletagmanager.com *.google-analytics.com *.clicktale.net 'unsafe-hashes' *.cdngc.net *.qualtrics.com g9904216750.co 'unsafe-inline' 'unsafe-eval';                frame-src 'self'  *.hotjar.com *.recaptcha.net *.live.com *.qualtrics.com *.trustarc.com;              font-src 'self' *.gstatic.com *.gstatic.cn *.trustarc.com;              frame-ancestors 'self'  *.hotjar.com *.recaptcha.net *.live.com; 1
frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr *.purevpn.com.tw purevpn.com.tw *.purevpn.de purevpn.de 1
default-src 'self' https://bsc.com.do https://www.bsc.com.do;font-src 'self' https://bsc.com.do https://fonts.gstatic.com ; script-src-elem  'self' https://cdn.evgnet.com https://bs.serving-sys.com  https://*.hotjar.com https://www.google-analytics.com https://snap.licdn.com https://wjs.fgptgp.com  https://www.google-analytics.com https://secure-ds.serving-sys.com https://connect.facebook.net https://maps.googleapis.com https://www.googletagmanager.com https://tags.crwdcntrl.net https://bsc.com.do https://www.bsc.com.do 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com https://certificaciones.uaf.gob.do https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com  https://bcp.crwdcntrl.net https://px.ads.linkedin.com http://bsc.com.do https://www.bsc.com.do https://p.adsymptotic.com ; script-src 'self' https://*.hotjar.com https://tags.crwdcntrl.net https://bs.serving-sys.com https://wjs.fgptgp.com https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://bsc.com.do https://www.bsc.com.do https://maps.googleapis.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://bsc.com.do https://fonts.googleapis.com https://www.bsc.com.do; frame-src 'self' https://www.youtube.com https://vars.hotjar.com https://stats.g.doubleclick.net https://bcp.crwdcntrl.net https://8354945.fls.doubleclick.net https://www.googletagmanager.com; connect-src 'self' https://in.hotjar.com https://bancosantacruz.us-7.evergage.com  https://wjs.fgptgp.com https://cdn.linkedin.oribi.io https://bsc.com.do https://www.bsc.com.do https://stats.g.doubleclick.net https://secure-ds.serving-sys.com https://lm.serving-sys.com https://www.google-analytics.com https://maps.googleapis.com;  1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com https://sc.lfeeder.com player.vimeo.com www.redditstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com staticxx.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com atsginc.wufoo.com myabx.com indd.adobe.com www.facebook.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net  ipapi.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com www.facebook.com *.analytics.google.com *.google.com *.amazonaws.com; report-uri /report-csp-violation 1
frame-ancestors 'self' ispch.gob.cl *.ispch.gob.cl *ispch.cl 1
frame-ancestors self https://rocketjobs.pl https://*.rocketjobs.pl 1
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * doubleclick.net https://www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.player.vimeo.com *.authorize.net secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.newrelic.com *.nr-data.net bam.nr-data.net www.clarity.ms https://www.google.com https://www.gstatic.com *.ddlnk.net debug-tracking.dotdigital.internal cdn.dnky.co webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co webchat.staging.dotdigital.com https://static.klaviyo.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com player.vimeo.com doubleclick.net *.trackedlink.net *.trackedweb.net *.yotpo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net www.google.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.dynamicyield.com *.cloudmaestro.com *.searchspring.net *.googletagmanager.com *.cookiebot.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.bronto.com *.providentmetals.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.bootstrapcdn.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com cdnjs.cloudflare.com az690879.vo.msecnd.net api-cache.searchspring.io tpc.googlesyndication.com p11.techlab-cdn.com cdncy.providentmetals.com *.womp.me wompme.blob.core.windows.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com *.fpapi.io cdn.jsdelivr.net *.fpcdn.io fpcdn.io womp.me *.fptls.com fptls.com buygoldandsilvercoinschild.azureedge.net widget.trustpilot.com www.dwin1.com cdncy.jmbullion.com js.braintreegateway.com js-agent.newrelic.com app.contentsquare.com *.contentsquare.net *.braintree-api.com; report-uri /.webscale/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com https://static.cloudflareinsights.com https://documentservices.adobe.com *.cookielaw.org player.vimeo.com https://bh.contextweb.com https://connect.facebook.net *.brandcdn.com https://tracking1.labcorp.com https://img.en25.com https://cdn.jsdelivr.net https://ok1static.oktacdn.com https://view.ceros.com https://analytics.convertlanguage.com https://fortrea.com *.fortrea.com https://vjs.zencdn.net https://map.brightcove.com https://assets.map.brightcove.com https://cdn5.userzoom.com https://kit-pro.fontawesome.com https://assets.adobedtm.com https://fortrea.mpeasylink.com https://www.google-analytics.com https://urldefense.com https://www.googletagmanager.com https://tag.simpli.fi https://static.hotjar.com *.iperceptions.com https://snap.licdn.com https://js.adsrvr.org https://static.ads-twitter.com https://www.googleadservices.com https://dpm.demdex.net https://analytics.twitter.com https://script.hotjar.com https://i.simpli.fi https://googleads.g.doubleclick.net https://maps.googleapis.com https://storage.googleapis.com https://www.google.com https://www.snapengage.com https://www.gstatic.com https://documentcloud.adobe.com https://www.youtube.com https://l2.io https://ssl.google-analytics.com https://players.brightcove.net https://img03.en25.com https://fortreasales.tronedev.com blob:; style-src 'self' 'unsafe-inline' adobe-marketing-cloud.github.io https://cdn.jsdelivr.net https://ok1static.oktacdn.com *.fortrea.com https://fortrea.mpeasylink.com https://fonts.googleapis.com; img-src 'self' data: *.day.com *.fortrea.com *.cookielaw.org *.iperceptions.com labcorp.sc.omtrdc.net https://analytics.twitter.com https://www.facebook.com *.brandcdn.com https://insight.adsrvr.org https://tracking1.labcorp.com https://www.googletagmanager.com https://ok1static.oktacdn.com https://analytics.convertlanguage.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://googleads.g.doubleclick.net *.linkedin.com *.linkedin.oribi.io https://t.co https://p.adsymptotic.com https://www.google.com https://www.google.com.gt https://www.google-analytics.com https://drugdevelopment.labcorp.com https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://cm.everesttech.net https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://s409256115.t.eloqua.com https://um.simpli.fi https://www.googleadservices.com https://cm.g.doubleclick.net https://covance.sc.omtrdc.net; font-src 'self' data: https://ok1static.oktacdn.com https://fonts.gstatic.com; connect-src 'self' *.labcorp.com *.onetrust.com *.cookielaw.org vimeo.com labcorp-qa.oktapreview.com labcorp.oktapreview.com sc.omtrdc.net data.adobedc.net assets.adobedtm.com *.linkedin.oribi.io *.algolianet.com https://6pskq0iljc-dsn.algolia.net https://labcorp-holdings.okta.com https://labcorp-holdings-stage.oktapreview.com https://bcbolt446c5271-a.akamaihd.net https://manifest.prod.boltdns.net https://edge.api.brightcove.com https://www.snapengage.com https://s722592.t.eloqua.com *.adobecqms.net https://kit-pro.fontawesome.com https://www.google-analytics.com *.iperceptions.com https://in.hotjar.com https://covance.sc.omtrdc.net https://covanceinc.tt.omtrdc.net https://stats.g.doubleclick.net https://dpm.demdex.net https://viewlicense.adobe.io https://maps.googleapis.com https://amcglobal.sc.omtrdc.net https://fortrea.mpeasylink.com https://analytics.google.com; media-src https://www.snapengage.com blob:; frame-src 'self' https://documentservices.adobe.com player.vimeo.com *.brandcdn.com https://view.ceros.com https://10644661.fls.doubleclick.net https://players.brightcove.net *.iperceptions.com https://insight.adsrvr.org https://vars.hotjar.com https://fortrea.mpeasylink.com https://covanceinc.demdex.net https://bid.g.doubleclick.net https://documentcloud.adobe.com https://www.google.com https://match.adsrvr.org https://www.youtube.com https://fortreasales.tronedev.com *.fortrea.com; frame-ancestors 'self' https://match.adsrvr.org 1
upgrade-insecure-requests; default-src 'self' equisoft.com *.equisoft.com uctcorp.com https://*.wistia.com https://*.wistia.net https://consent.cookiebot.com; child-src blob: *.hsforms.com; connect-src 'self' *.craftcms.com *.outbrain.com *.clarity.ms *.facebook.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.algolia.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://hubspot-forms-static-embed.s3.amazonaws.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com api.ipstack.com; font-src data: https://fonts.gstatic.com https://*.wistia.com http://equisoft.localhost equisoft.com *.equisoft.com uctcorp.com *.uctcorp.com; frame-src 'self' play.libsyn.com www.facebook.com e.infogram.com *.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://consentcdn.cookiebot.com https://consent.cookiebot.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com; img-src 'self' * alb.reddit.com *.cookiebot.com *.clarity.ms *.bing.com *.facebook.com https://static.hsappstatic.net https://px.ads.linkedin.com https://www.glassdoor.ca https://equisoft.imgix.net https://equisoft-staging.imgix.net https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com data: https://*.wistia.com https://*.wistia.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.outbrain.com https://www.redditstatic.com https://amplify.outbrain.com snap.licdn.com ajax.googleapis.com e.infogram.com code.jquery.com api.ipstack.com cdnjs.cloudflare.com www.facebook.com connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.cookiebot.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com blob: https://fast.wistia.com cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; worker-src 'self' blob; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.google.com *.moneris.com www.linkedin.com s7.addthis.com *.hotjar.com *.hotjar.io www.youtube.com ssl.kaptcha.com tst.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com https://img.youtube.com www.google.ca maps.googleapis.com maps.gstatic.com *.linkedin.com *.licdn.com p.adsymptotic.com *.clarity.ms *.emlfiles.com secure.adnxs.com bat.bing.com dmx.districtm.ca www.facebook.com *.hotjar.com *.hotjar.io srv.stackadapt.com 'self' data: ssl.kaptcha.com tst.kaptcha.com *.zendesk.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com bam.nr-data.net www.google.com developers.google.com www.gstatic.com maps.googleapis.com js-agent.newrelic.com snap.licdn.com static-exp1.licdn.com content.linkedin.com platform.linkedin.com *.clarity.ms m.addthis.com v1.addthisedge.com secure.adnxs.com bat.bing.com cdn.districtm.ca connect.facebook.net *.hotjar.com *.hotjar.io z.moatads.com tags.srv.stackadapt.com r2-t.trackedlink.net t.trackedlink.net static.trackedweb.net ssl.kaptcha.com tst.kaptcha.com static.zdassets.com assets.zendesk.com *.smooch.io widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com tags.srv.stackadapt.com *.licdn.com *.dotdigital-pages.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com media.licdn.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ bam.nr-data.net *.linkedin.com *.licdn.com *.clarity.ms m.addthis.com s7.addthis.com bat.bing.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io tags.srv.stackadapt.com r2.trackedweb.net t.elasticsuite.io *.google-analytics.com ssl.kaptcha.com tst.kaptcha.com *.smooch.io wss://api.smooch.io ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' https://www.google.com/; frame-ancestors 'self'; object-src 'none'; 1
default-src dock.ui.bosch.tech *.hotjar.io *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' *.hotjar.io *.hotjar.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com wss://*.hotjar.com  wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.hotjar.com 1
default-src 'self'; 		connect-src 'self' https://*.cookiebot.com/ https://*.doubleclick.net https://*.google-analytics.com/ https://*.hcaptcha.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://api.userlike.com/ wss://umd.userlike.com/umd/; 		font-src 'self' https://fonts.gstatic.com/ https://userlike-cdn-umm.b-cdn.net/; 		frame-src 'self' https://*.cookiebot.com/ https://*.hcaptcha.com/ https://saparena.de/ https://*.youtube.com/; 		img-src 'self' data: https://*.google.com/ https://*.google.de/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://saparena.de/ https://i.ytimg.com/ https://userlike-cdn-operators.userlike.com/; 		script-src 'self' 'unsafe-eval' 'unsafe-inline' https://s3.amazonaws.com/downloads.mailchimp.com/ https://*.cookiebot.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.hcaptcha.com/ https://*.list-manage.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-umm.b-cdn.net/; 		style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
script-src 'nonce-b6577db6-c9ce-4c54-9b67-7b6e00edf93f' 'strict-dynamic';base-uri 'none';form-action 'self' hmwk.ru disser.me accounts.google.com oauth.vk.com id.vk.com login.vk.com oauth.yandex.ru passport.yandex.ru;object-src 'none';default-src 'self';report-uri /shared/csp-report;img-src 'self' data: vk.com m.vk.com login.vk.com *.livetex.ru www.facebook.com connect.facebook.com yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com analytics.google.com ssl.google-analytics.com www.google.com www.google.kz www.google.ru *.livetex.me www.googletagmanager.com core-renderer-tiles.maps.yandex.net api-maps.yandex.ru cdn.nanotech42.com/images/ i.ibb.co dmp.one pxl.hot-wifi.ru whitesaas.com/api/phone/check counter.yadro.ru/id/finmed.gif dmg.digitaltarget.ru/1/ *.dmg.digitaltarget.ru/1/ statik-us.info/loadfp acint.net/rmatch get4click.ru/api/get-cookie/ profilepxl.ru/c/sape_match;font-src 'self' data: *.livetex.me fonts.gstatic.com www.googletagmanager.com cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ fonts.googleapis.com;style-src 'self' 'unsafe-inline' www.gstatic.com hcaptcha.com *.hcaptcha.com fonts.googleapis.com;child-src 'self' blob: mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net;frame-src 'self' blob: *.livetex.me www.youtube.com www.facebook.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net hcaptcha.com *.hcaptcha.com rupertino.ru sonar.semantiqo.com https://www.homework.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com https://webvisor.com http://*.webvisor.com https://*.webvisor.com https://www.homework.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;connect-src 'self' www.facebook.com connect.facebook.com www.google-analytics.com analytics.google.com ssl.google-analytics.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net stats.g.doubleclick.net statusnpd.nalog.ru hcaptcha.com *.hcaptcha.com *.livetex.ru *.livetex.me uaas.yandex.ru eun1.fptls.com eun1.fptls3.com dmp.one c.dmp.one profilepxl.ru/t/ green.concilio.ru/app/app.php profilepxl.ru/invoke ws://hmwk.ru wss://hmwk.ru; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org http://translate.google.com/ http://s7.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://doublethedonation.com/ https://app.dafwidget.com/ http://p2a.co/ http://pulmonary-fibrosis4.mybigcommerce.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.ads.google.com/ https://www.facebook.com/ https://js.adsrvr.org/ http://www.googleadservices.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com/ https://vars.hotjar.com/ https://vars.hotjar.com https://googleads.g.doubleclick.net *.hawksearch.net *.hawksearch.com https://www.googletagmanager.com/* maps.googleapis.com https://bat.bing.com web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://doublethedonation.com/ https://app.dafwidget.com/ http://pulmonary-fibrosis4.mybigcommerce.com/ *.hawksearch.net *.hawksearch.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://img.youtube.com/ https://www.google.com/ http://translate.google.com/ https://doublethedonation.com/ https://m.addthis.com/ http://pulmonary-fibrosis4.mybigcommerce.com/ https://bat.bing.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://doublethedonation.com/; frame-src https://www.youtube.com/ https://secure.qgiv.com/ https://www.google.com/  https://e.issuu.com/ https://pff.p2a.co/ 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com https://analytics.google.com/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://translate.googleapis.com/ https://doublethedonation.com/ https://app.dafwidget.com/ https://searchapi-dev.hawksearch.net/ http://pulmonary-fibrosis4.mybigcommerce.com/ https://www.google-analytics.com https://in.hotjar.com/ https://stats.g.doubleclick.net https://m.addthis.com/ *.hawksearch.net *.hawksearch.com https://searchapi.hawksearch.com/ *.americaneagle.com *.qgiv.com *.google.com maps.googleapis.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://s7.addthis.com/ http://pff.p2a.co/ https://vars.hotjar.com/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/ http://p2a.co/ https://e.issuu.com *.qgiv.com *.google.com web-chat.nativechat.com 1
frame-src 'self' https://*.rightviewweb.com 1
frame-ancestors 'self' *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://polyfill.io https://static.dashlane.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://training.novasystems.com https://novasystems.secure.force.com https://snap.licdn.com https://static.hotjar.com https://sc.lfeeder.com https://script.hotjar.com https://cdn.live.novagroup.svelteteam.com https://cdn.staging.novagroup.svelteteam.com; frame-ancestors 'none' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://smct.co https://*.smct.co https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://*.contentsquare.net https://smct.io https://*.smct.io; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.fr https://m.glossybox.fr https://checkout.glossybox.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.twitter.com https://static.ads-twitter.com https://*.criteo.com https://static.criteo.net https://hm.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.tribalfusion.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://stackpath.bootstrapcdn.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.youtube.com/ https://*.vimeo.com/ https://*.tempo-team.com https://*.tempo-team.de https://*.algolianet.com https://*.algolia.net https://*.github.io https://*.packagist.org https://*.contao.org https://*.composer-resolver.cloud https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.my.salesforce-sites.com https://*.randstad-easydrive.de data: blob: 1
frame-ancestors 'self' https://*.cert-in.org.in 1
base-uri 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; img-src http: https: data:; object-src 'none'; worker-src blob:; font-src https: data:; media-src https: blob: 1
default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.19match.com:9080 www.19match.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.19match.com wss://www.19match.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705979458 1
frame-ancestors https://modelcentro.com/ 1
frame-ancestors 'self' http://selfservice.onpremise.therme.local https://feedback.mytherme.app 1
upgrade-insecure-requests; script-src 'unsafe-inline' blob: data: https://cdn.ampproject.org https://www.recaptcha.net https://newassets.hcaptcha.com https://hcaptcha.com https://code.createjs.com https://cse.google.com https://cse.google.de https://www.googletagmanager.com https://pagespeed.web.dev https://www.google-analytics.com https://schema.org https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.doubleclickbygoogle.com https://googleads.g.doubleclick.net/pagead https://googleads.g.doubleclick.net https://partner.googleadservices.com https://*.googleadservices.com https://*.googleapis.com https://*.elo-forum.org https://*.erwerbslosenforum.de https://*.google.de https://*.google.com https://translate.google.com https://translate.google.de https://*.stopforumspam.com https://*.stopforumspam.org https://*.googletagservices.com https://*.ampproject.net https://*.ampproject.org https://www.gstatic.com https://fonts.googleapis.com https://securepubads.g.doubleclick.net  https://cm.g.doubleclick.net https://accounts.google.com https://www.buzer.de https://www.googletagservices.com; 1
default-src 'self' https://tpc.googlesyndication.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.brighttalk.com https://cdn.wisepops.com https://cdn.inspectlet.com https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://secure.cave9tape.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.adroll.mgr.consensu.org https://*.adroll.com https://munchkin.marketo.net https://www.google.com https://optimize.google.com https://cdn.ampproject.org https://www.googletagmanager.com https://tagmanager.google.com https://securepubads.g.doubleclick.net https://cdn.euromoneyapi.com https://js.revsci.net https://www.gstatic.com https://adservice.google.com https://adservice.google.rs https://www.google-analytics.com https://loader.wisepops.com https://sjs.bizographics.com https://cdn.subscribers.com https://www.googletagservices.com https://cdn.mouseflow.com https://*.ubembed.com https://z.moatads.com https://tpc.googlesyndication.com https://*.serving-sys.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com;                font-src 'self' data: https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com;                style-src 'self' 'unsafe-inline' https://ton.twimg.com https://code.jquery.com https://optimize.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com https://tagmanager.google.com https://platform.twitter.com;                style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.twimg.com https://*.jquery.com https://*.twitter.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com;               connect-src 'self' https://cdn.cookielaw.org https://*.inspectlet.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.google-analytics.com https://popup.wisepops.com https://cdn.subscribers.com https://googleads4.g.doubleclick.net https://csi.gstatic.com/ https://*.mktoresp.com https://*.serving-sys.com;                img-src * data: https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;                frame-src 'self' 'unsafe-inline' https://*.net https://*.com https://*.twitter.com https://*.googlesyndication.com;               object-src 'self';                prefetch-src 'self' https://*.googlesyndication.com 1
frame-ancestors https://*.calpads.org http://localhost:5011 http://localhost:5012 http://localhost:5013 http://localhost:5014 http://localhost:5015 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2jmgpb5ique9g&partner=; 1
default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.vica.gov.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wogaa.sg https://assets.adobedtm.com/ https://faq.vica.gov.sg/ https://webchat.vica.gov.sg/ https://www.google.com/ https://www.gstatic.com/recaptcha/; img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://va.ecitizen.gov.sg/ https://*.vica.gov.sg; connect-src 'self' https://*.wogaa.sg https://dpm.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ wss://chat.vica.gov.sg https://*.vica.gov.sg/; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/ https://fonts.googleapis.com/ https://*.vica.gov.sg/; font-src 'self' data: https://assets.wogaa.sg/fonts/ https://fonts.gstatic.com/ https://s3-us-west-2.amazonaws.com/ https://va.ecitizen.gov.sg/; frame-src 'self' https://www.youtube.com/ https://www.onemap.sg/ https://forms.cwp.gov.sg/ https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/; 1
frame-ancestors 'self' https://faulhaber.com.cn https://www.faulhaber.com; script-src 'self'  http://api.userlike.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com d3dc1lgancj6l0.cloudfront.net https://*.ytimg.com https://*.youtube.com https://*.baidu.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://tracking.faulhaber.com https://app.usercentrics.eu https://*.licdn.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org d3s1gm5djwyp3q.cloudfront.net data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io d3s1gm5djwyp3q.cloudfront.net data: media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com; manifest-src d3s1gm5djwyp3q.cloudfront.net www.ammoforsale.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com d3s1gm5djwyp3q.cloudfront.net https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org d3s1gm5djwyp3q.cloudfront.net sload.sumo.com sumo.b-cdn.net 1
default-src 'self'; object-src 'self' https://pts.blacksim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.blacksim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.blacksim.de https://umfrage.blacksim.de https://pts.blacksim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.blacksim.de https://stats.blacksim.de https://imagepool.blacksim.de https://pts.blacksim.de https://analytics.tiktok.com https://umfrage.blacksim.de; script-src 'strict-dynamic' 'nonce-95fcd5f975144d873831e6356f9e2abc' 'nonce-d3285ab29170d707dd3df6b2c16d1508' 'nonce-0f030d7fee05ef7d0a9ab236f92f5392' 'nonce-39f3f6f21e5445c7388e0866121ccd2d' 'nonce-c5ed1ebc7bfdc273d186a39ab151978c' 'nonce-214623f9c8fc4fecff40dce1994fff40' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.blacksim.de https://umfrage.blacksim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-95fcd5f975144d873831e6356f9e2abc' 'nonce-d3285ab29170d707dd3df6b2c16d1508' 'nonce-0f030d7fee05ef7d0a9ab236f92f5392' 'nonce-39f3f6f21e5445c7388e0866121ccd2d' 'nonce-c5ed1ebc7bfdc273d186a39ab151978c' 'nonce-214623f9c8fc4fecff40dce1994fff40' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https:; form-action * data: blob: 'unsafe-inline';  font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' android-webview-video-poster: android-webview:; manifest-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; object-src 'none'; worker-src * data: blob: 'unsafe-inline'; connect-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://zqwqz.org/cspreport 1
default-src 'self' blob: *.beza.net *.cloudfront.net; connect-src 'self' *.beza.net static.cloudflareinsights.com *.purechat.com *.purechatcdn.com ajax.googleapis.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net calendly.com *.calendly.com *.elegantthemes.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: *.beza.net d1rmvzksspccvv.cloudfront.net static.cloudflareinsights.com *.purechat.com *.purechatcdn.com ajax.googleapis.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net calendly.com *.calendly.com; base-uri 'self' *.beza.net d1rmvzksspccvv.cloudfront.net; object-src 'self' 'unsafe-eval' 'unsafe-inline' *.beza.net d1rmvzksspccvv.cloudfront.net; worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.beza.net d1rmvzksspccvv.cloudfront.net; frame-src *.beza.net calendly.com assets.calendly.com www.google.com; frame-ancestors *.beza.net d1rmvzksspccvv.cloudfront.net; form-action 'self' *.beza.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.beza.net fonts.googleapis.com d1rmvzksspccvv.cloudfront.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.beza.net fonts.gstatic.com fonts.googleapis.com d1rmvzksspccvv.cloudfront.net; img-src 'self' data: *.beza.net *.cloudfront.net upload.wikimedia.org maps.googleapis.com maps.gstatic.com www.google-analytics.com *.elegantthemes.com www.googletagmanager.com secure.gravatar.com ps.w.org; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn07.icims.com/a/images.icims.com/content/platform_130.2.1.220405-2bcea11-0/script/lib/domreplacement/domReplacement.js https://cdn07.icims.com/a/images.icims.com/content/platform_130.2.1.220405-2bcea11-0/script/common/icims.js https://cdn07.icims.com/a/images.icims.com/content/platform_130.2.1.220405-2bcea11-0/script/portal/utils.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net https://maps.googleapis.com http://code.jquery.com https://d3e54v103j8qbb.cloudfront.net https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://code.jquery.com/jquery-1.12.4.js http://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/jquery-3.6.0.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://dev.homewarrantynew.com https://staging.homewarranty.com; style-src 'self' 'unsafe-inline' http://code.jquery.com https://code.jquery.com https://fonts.googleapis.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' 'unsafe-inline' data: https://themes.googleusercontent.com/static/fonts/sourcesanspro/v5/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff https://fonts.gstatic.com http://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://external-homewarranty.icims.com https://www.youtube.com/embed/YRcn-ed4Hwg; img-src 'self' data: https://ecs.qa2.homewarranty-qa2.com https://bugs2-prod.s3.us-west-2.amazonaws.com https://bugs2-qa2.s3.amazonaws.com https://bugs2-qa.s3.us-west-2.amazonaws.com https://bugs2-dev.s3.us-west-2.amazonaws.com https://code.jquery.com https://s3.us-west-2.amazonaws.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self';  worker-src 'none'; 1
frame-ancestors 'self' https://*.toyota.se https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors https://*.smeet.com https://*.smeet-fixes.com https://smeet.draugas.lt https://smeet.mynet.com https://fotka.com https://www.plinga.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net ;frame-ancestors 'self' https://builder.io/ *.builder.io;font-src 'self' data:  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net ;script-src 'unsafe-eval' 'unsafe-inline'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net;connect-src 'self'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net ;worker-src 'self' blob: data:  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net;img-src 'self' data:  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net;style-src 'unsafe-inline'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net;form-action 'self'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net;script-src-elem 'self' 'unsafe-inline'  *.matomo.cloud *.doubleclick.net *.facebook.com container.pepperjam.com *.container.pepperjam.com connect.facebook.net *.connect.facebook.net bat.bing.com *.bat.bing.com tag.rmp.rakuten.com *.tag.rmp.rakuten.com static.zdassets.com *.static.zdassets.com use.typekit.net *.use.typekit.net olivela.com *.olivela.com builder.io *.builder.io segment.com *.segment.com segment.io *.segment.io google.co.in *.google.co.in google.com *.google.com trk.ometria *.trk.ometria newrelic.com *.newrelic.com equalweb.com *.equalweb.com nosto.com *.nosto.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io ws.hotjar.com *.ws.hotjar.com wss://ws.hotjar.com *.yotpo.com yotpo.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com googleoptimize.com *.googleoptimize.com jsdelivr.net *.jsdelivr.net cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com googletagmanager.com *.googletagmanager.com myshopify.com *.myshopify.com algolianet.com *.algolianet.com algolia.net *.algolia.net algolia.com *.algolia.com algolia.io *.algolia.io cdn.shopify.com *.cdn.shopify.com google-analytics.com *.google-analytics.com littledata.io *.littledata.io klaviyo.com *.klaviyo.com attn.tv *.attn.tv attentivemobile.com *.attentivemobile.com nr-data.net *.nr-data.net *.forter.com forter.com widget-mediator.zopim.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com olivela.zendesk.com *.olivela.zendesk.com ekr.zdassets.com *.ekr.zdassets.com stats.g.doubleclick.net *.stats.g.doubleclick.net p.typekit.net *.p.typekit.net fonts.googleapis.com *.fonts.googleapis.com use.fontawesome.com *.use.fontawesome.com maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com pingdom.net *.pingdom.net 1
frame-ancestors 'self';default-src * blob:;base-uri *;img-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.dogorama.app 1
default-src 'self' beta.frende.no cdn.frende.no; worker-src 'self' blob:; img-src 'self' data: https://streetviewpixels-pa.googleapis.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.facebook.com/ https://beta.frende.no https://images.finncdn.no/ https://cdn.frende.no https://www.gstatic.com/images/branding/product/2x/translate_24dp.png https://i.ytimg.com https://i.vimeocdn.com https://maps.gstatic.com https://maps.googleapis.com https://*.ggpht.com https://openwms.statkart.no/ https://*.psplugin.com https://*.vergic.com; style-src 'self' 'unsafe-inline' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://www.gstatic.com/ https://fonts.googleapis.com/ https://*.psplugin.com https://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://*.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.facebook.com/tr/ https://*.psplugin.com https://*.vergic.com; frame-ancestors 'self' https://login.frende.no https://*.psplugin.com; font-src 'self' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://fonts.gstatic.com http://*.psplugin.com http://*.vergic.com; connect-src 'self' https://api.frende.no https://nettbutikk.frende.no https://cdn.frende.no https://www.facebook.com/tr/ https://reflex.frende.no https://stats.g.doubleclick.net https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://login.frende.no/identityserver/.well-known/openid-configuration https://login.frende.no/identityserver/.well-known/openid-configuration/jwks https://login.frende.no/identityserver/connect/userinfo https://login.frende.no/identityserver/connect/token https://login.frende.no/identityserver/connect/revocation https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com; frame-src 'self' https://frende.no https://wwww.frende.no https://as.frende.no https://sts.frende.no https://login.frende.no https://cdn.frende.no/mypage/callback.html https://sikker.frende.no https://login.frende.no/identityserver/connect https://openwms.statkart.no/ https://www.sign.nets.eu https://www.facebook.com/tr/ https://www.youtube.com https://vimeo.com https://content.vergic.com; report-uri https://sentry.frende.no/api/4/security/?sentry_key=a8f0108442274bb4abc943116523a7f8&sentry_environment=prod 1
upgrade-insecure-requests; frame-ancestors *.vumatel.co.za 1
default-src 'self' https://consentcdn.cookiebot.com https://cn.mane.com https://www.mane.com data: https://fonts.gstatic.com https://assets.juicer.io https://consent.cookiebot.com https://www.youtube.com https://static.juicer.io https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.juicer.io https://api.mapbox.com https://events.mapbox.com https://view.vzaar.com https://dacastdd.s.llnwi.net https://www.google.com; img-src 'self' https://cn.mane.com https://www.mane.com https://i.ytimg.com https://www.googletagmanager.com https://assets.juicer.io https://www.google.com https://www.google.fr https://www.juicer.io data: https://view.vzaar.com https://universe-files.vzaar.com https://universe-files.dacast.com https://api.mapbox.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://cn.mane.com https://www.mane.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://consent.cookiebot.com https://www.google-analytics.com https://assets.juicer.io https://consentcdn.cookiebot.com https://api.mapbox.com https://ajax.googleapis.com blob: https://vjs.zencdn.net https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.mane.com https://cn.mane.com https://fonts.googleapis.com https://api.mapbox.com https://assets.juicer.io https://vjs.zencdn.net; form-action 'self' https://cn.mane.com https://www.mane.com; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.elma.nl/ *.jquery.com/ *.cookiebot.com *.notaris.nl *.knb.nl *.livits.net *.livits.eu https://www.google.com/recaptcha/api.js; object-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.elma.nl/ *.jquery.com/ *.cookiebot.com/ *.notaris.nl/ *.knb.nl/ *.livits.net/ *.livits.eu/; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.elma.nl/ *.jquery.com/ *.cookiebot.com/ *.notaris.nl/ *.knb.nl/ *.livits.net/ *.livits.eu/; frame-ancestors backoffice.knb.nl knb.livits.eu; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.elma.nl/ *.jquery.com/ *.cookiebot.com/ *.notaris.nl/ *.knb.nl/ *.livits.net/ *.livits.eu/ https://www.google.com/recaptcha/api.js; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.google-analytics.com/ *.elma.nl/ *.jquery.com/ *.cookiebot.com/ *.notaris.nl/ *.knb.nl/ *.livits.net/ *.livits.eu/ 1
object-src 'none'; script-src 'self' *.mziq.com s3.amazonaws.com  www.googletagmanager.com www.google-analytics.com  cdn.cookielaw.org snap.licdn.com  'nonce-e92069f70a' 'nonce-682b39468a' 'nonce-bed1c76407' 'nonce-2b576338fa' 'nonce-2a24746173' 'nonce-7e13e0c02f' 'nonce-682b39468a' 'nonce-b38e1cd951' 'nonce-613a3cc43e' 'nonce-f10cc42d7f' 'nonce-0d7e059d40' 'nonce-278f3e0846' 'nonce-8429790ee6' 'nonce-745bc214bf' 'nonce-4178395f90' 'nonce-48d5fb601b' 'nonce-55217c272c' 'nonce-663ecf7d20' 'nonce-9ee09125f9' 'nonce-9678371617' 'nonce-b1013e7b52' 'nonce-08d9aca8df' 'nonce-5d27170234' 'nonce-f2e9ba1bcc' 'nonce-bed1c76407' 'nonce-efa8c5d1c2' 'nonce-bed1c76407' 'nonce-bed1c76407' 'nonce-bed1c76407' 'nonce-bed1c76407' 'nonce-bed1c76407' 'nonce-682b39468a' 'nonce-bed1c76407' 'nonce-682b39468a' 'nonce-2ce5b4bbb1' 'nonce-1e200aa465' 'sha256-uP0Y9ut3V633UTOGZ0l4Yqyu3DZWCP9LzcTG6Zsu/yY=' 'sha256-AKjyRvWqV68utYwRIohF4p8wgvOZ+2qq3/X5DpjCagU=' 'sha256-BLtGoCOhN/5hIMoKMhdnSYeFQ6krk+/XmLWFGC8PqNE=' 'sha256-//O1b28tvOkOn7BoMTu/PmmriviP+Qn5hMOWJXjG1SE=' ; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://media.flixcar.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://dev-kpaymentgateway-services.kasikornbank.com/* https://kpaymentgateway.kasikornbank.com/* www.thaiepay.com *.paysolutions.asia *.ktc.co.th https://servicekrungsrigroup.com/epp/payment https://servicekrungsrigroup.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.thaiepay.com/epaylink/payment.aspx https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com https://dev-kpaymentgateway.kasikornbank.com/ https://kpaymentgateway.kasikornbank.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com * https://rt.flix360.co https://rt.flix360.com https://media.flixcar.co https://media.flixcar.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.fontawesome.com * https://media.flixfacts.com https://prod.flixgvid.flix360.io https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://dev-kpaymentgateway.kasikornbank.com/* https://kpaymentgateway.kasikornbank.com/* *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://media.flixcar.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://dji-official-fe.djicdn.com https://stag-dji-official-fe.djicdn.com https://stormsend1.djicdn.com https://us-cms-videos.dji.net https://cdn.shopify.com https://cdn.shopifycdn.net https://media.insta360.com https://zhiyun-website-shenzhen.oss-cn-shenzhen.aliyuncs.com https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://static.gopro.com https://videos.ctfassets.net https://omsystem.com https://cdn.rode.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://stats.g.doubleclick.net https://media.flixcar.com https://www.facebook.com https://web.facebook.com https://dev-kpaymentgateway.kasikornbank.com/ui/v2/index.html https://kpaymentgateway.kasikornbank.com/ui/v2/index.html *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://accounts.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://delmonte.com.mx https://www.delmonte.com.mx; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.3/picturefill.min.js https://loader.webspellchecker.net/ https://www.googletagmanager.com/gtm.js https://sc-static.net/scevent.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://www.googletagmanager.com/gtag/js https://tr.snapchat.com/config/com/ https://analytics.tiktok.com/i18n/pixel/static/ https://tr.snapchat.com/config/ie/ https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.permutive.com/ https://cdn.permutive.com/ https://secure.quantserve.com/ https://secure-ds.serving-sys.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://bs.serving-sys.com/ https://rules.quantcount.com/; style-src 'unsafe-inline' 'self' https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://updates.expressionengine.com/check https://tr.snapchat.com/p https://region1.google-analytics.com/g/collect https://analytics.tiktok.com/api/v2/pixel https://pagead2.googlesyndication.com/pagead/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://permutive.com/ https://www.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://secure-ds.serving-sys.com/ https://lm.serving-sys.com/ https://cdn.permutive.com/ https://api.permutive.com/; font-src 'self' data: https://use.typekit.net; frame-src 'self' https://tr.snapchat.com/ https://cookies.onetrust.mgr.consensu.org/ https://td.doubleclick.net/ https://www.youtube.com/; img-src 'self' https://ping.eeharbor.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://api.permutive.com/ https://cdn.permutive.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.ie/ https://dsum-sec.casalemedia.com/ https://www.facebook.com/ https://pixel.quantserve.com/ https://stags.bluekai.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://sync.search.spotxchange.com/ https://aa.agkn.com/ https://s2s.t13.io/ https://e1.emxdgt.com/ https://sync.crwdcntrl.net/ https://ups.analytics.yahoo.com/ https://sync.1rx.io/ https://sync.taboola.com/ https://sync.teads.tv/; manifest-src 'self'; media-src 'self'; worker-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src https://*.consolewars.de *.youtube.com *.twitter.com *.twitch.tv; style-src 'unsafe-inline' https://*.consolewars.de; script-src 'unsafe-inline' https://*.consolewars.de *.twitter.com *.twitch.tv 1
default-src 'self';script-src 'self' https://cdn.jsdelivr.net https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 'unsafe-eval';style-src 'self' https://cdn.jsdelivr.net https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 'unsafe-inline';connect-src * https:;font-src 'self' https://cdn.jsdelivr.net https://js.stripe.com data: http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com;frame-ancestors 'self' http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com;frame-src 'self' https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' macquariecloudservices.com macquariedatacentres.com *.macquariedatacentres.com *.macquarietelecom.com https://yoast.com https://pi.pardot.com https://bat.bing.com https://connect.facebook.net https://www.gstatic.com/ https://opt-au.spatialbuzz.net https://platform.twitter.com https://beacon-v2.helpscout.net https://*.sharethis.com https://bam.nr-data.net https://js-agent.newrelic.com https://*.hotjar.com https://snap.licdn.com https://storage.googleapis.com https://www.clickcease.com https://www.google-analytics.com https://www.googletagmanager.com https://www.snapengage.com https://sok.soapfighters.com https://player.vimeo.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google.com https://api.w3-edge.com https://cdn.jsdelivr.net;  style-src * 'unsafe-inline' data:;  img-src * data:;  font-src * data:;  connect-src 'self' https://*.cloudfront.net https://api.ipgeolocation.io https://yoast.com https://*.yoast.com https://bam.nr-data.net https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://*.hotjar.com *.hotjar.io;  frame-src 'self' https://opt-au.spatialbuzz.net/ https://www.youtube-nocookie.com https://td.doubleclick.net https://player.vimeo.com https://*.twitter.com/ https://www.youtube.com https://www.facebook.com/ https://syf.tbe.taleo.net/ macquarietechnologygroup.com *.macquarietechnologygroup.com macquarietelecomgroup.com *.macquarietelecomgroup.com macquarietelecom.com *.macquarietelecom.com macquariecloudservices.com *.macquariecloudservices.com macquariegovernment.com *.macquariegovernment.com macquariedatacentres.com *.macquariedatacentres.com; media-src 'self' https://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools; base-uri 'self' 1
script-src http: https: https://www.soch.com/ 'unsafe-inline' *.flowpaper.com flowpaper.com *.hotjar.com *.gsecondscreen.com *.hotjar.io *.lightwidget.com lightwidget.com; style-src 'self' blob: https: 'unsafe-inline' https://www.soch.com/ *.gsecondscreen.com *.lightwidget.com lightwidget.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.hotjar.com *.gozayaan.com *.hotjar.io *.kapturecrm.com *.gsecondscreen.com *.lightwidget.com lightwidget.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.flowpaper.com flowpaper.com *.facebook.com *.hotjar.com *.gsecondscreen.com *.hotjar.io *.razorpay.com *.lightwidget.com lightwidget.com; 1
media-src 'self' www.youtube.com; 1
default-src 'none';                 img-src blob: 'self' 			https://*.linkedin.com 			https://*.karriere-suedwestfalen.de 			https://*.karriere-bergisches-land.de 			https://*.karriere-mittelhessen.de 			https://*.karriere-hamburg.de 			https://*.karriere-bremen.de 			https://*.karriere-metropole-ruhr.de 			https://*.karriere-in-nordhessen.de 			https://*.karriere-suedniedersachsen.de 			https://*.ontavio.de 			https://*.hashtag-ausbildung.de 			https://www.facebook.com 			https://*.google-analytics.com 			https://*.googleapis.com 			https://stats.g.doubleclick.net 			https://googleads.g.doubleclick.net 			https://*.google.com 			https://*.google.de 			https://maps.gstatic.com 			https://www.doku.works 			https://www.salesviewer.com 			https://salesviewer.org 			https://*.openstreetmap.org 			data:;                 media-src blob: 'self' 			https://*.karriere-suedwestfalen.de                         https://*.karriere-bergisches-land.de                         https://*.karriere-mittelhessen.de                         https://*.karriere-hamburg.de                         https://*.karriere-bremen.de                         https://*.karriere-metropole-ruhr.de                         https://*.karriere-in-nordhessen.de                         https://*.karriere-suedniedersachsen.de 			https://*.ontavio.de 			https://*.youtube.com;                 frame-src 'self' 			https://www.facebook.com 			https://*.youtube.com;                 script-src 'self' 			'unsafe-inline' 			'unsafe-eval' 			https://*.licdn.com 			https://connect.facebook.net 			https://*.facebook.com 			https://*.ontavio.de 			https://www.googletagmanager.com 			https://googletagmanager.com 			https://*.google.com 			https://www.googleadservices.com 			https://*.googleapis.com 			https://*.google-analytics.com                         https://maps.google.de                         https://www.salesviewer.com                         https://salesviewer.org 			https://cdn.elbwalker.com;                 style-src 'self' 			'unsafe-inline' 			https://*.ontavio.de 			https://*.googleapis.com;                 font-src 'self' 			https://*.ontavio.de 			https://*.googleapis.com 			https://fonts.gstatic.com;                 connect-src 'self' 			https://*.linkedin.oribi.io 			https://*.karriere-suedwestfalen.de 			https://www.facebook.com 			https://stats.g.doubleclick.net 			https://*.google.com 			https://*.google-analytics.com 			https://*.googleapis.com                         https://www.googletagmanager.com                         https://googletagmanager.com                         https://connect.facebook.net 			https://salesviewer.org 			https://*.salesviewer.com 			blob:;                 base-uri 'self';                 object-src 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https://*.ewnova.live/ https://*.mindtools.com/ https://www.ewnova.live/ blob:; connect-src https://yoast.com/ https://my.wpengine.com/ https://s.w.org/ https://wpengine.com/ https://*.ewnova.live/ https://*.mindtools.com/ https://ewnova.live/ https://*.www.ewnova.live/ https://www.ewnova.live/ https://r1.trackedweb.net/ https://*.amazonaws.com/ https://cdn-cookieyes.com/ https://*.cookieyes.com/ https://*.browser-intake-datadoghq.com/ https://*.browser-intake-datadoghq.eu/ https://www.google-analytics.com/ https://*.hotjar.com/ https://*.logs.datadoghq.eu/ wss://*.hotjar.com/ wss://*.mindtools.com/ wss://wss-live-nova-api.mindtools.com/ wss://*.ewnova.live/ wss://ewnova.live/ wss://*.www.ewnova.live/ wss://www.ewnova.live/ https://*.hotjar.io/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://nova-live-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-s3.imgix.net/ https://nova-live.imgix.net/ https://*.execute-api.eu-west-2.amazonaws.com/ https://*.execute-api.us-west-1.amazonaws.com/ https://*.execute-api.ap-southeast-1.amazonaws.com/ wss://*.execute-api.eu-west-2.amazonaws.com/ wss://*.execute-api.us-west-1.amazonaws.com/ wss://*.execute-api.ap-southeast-1.amazonaws.com/; img-src https://via.placeholder.com/ https://secure.gravatar.com/ https://mindtoolsdev.wpengine.com/ https://mindtoolsstg.wpengine.com/ https://mindtoolslive.wpengine.com/ https://my.wpengine.com/ https://s.w.org/ https://wpengine.com/ https://*.wpengine.com/ https://p.typekit.net/ https://elements.oxy.host/ w3.org/svg/2000 https://www.ewnova.live https://*.ewnova.live https://goodpractice.imgix.net/ https://nova-live-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-content.s3.eu-west-2.amazonaws.com/ https://nova-dev-s3.imgix.net/ https://nova-live.imgix.net/ https://d2iiunr5ws5ch1.cloudfront.net/ https://content.jwplatform.com/ https://cdn-cookieyes.com/ https://prd.jwpltx.com/ https://assets-jpcust.jwpsrv.com/ https://script.hotjar.com/ https://*.googlesyndication.com/ data:; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://script.hotjar.com/ data:; media-src blob:; 1
default-src 'self' *.sliven.net;frame-src 'self' data: *.youtube.com *.youtube-nocookie.com poly.google.com *.facebook.com platform.twitter.com;frame-ancestors 'self';style-src 'self' 'unsafe-inline' gstatic.com *.gstatic.com cdn.jsdelivr.net fonts.google.com *.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com tinymce.com *.tinymce.com tiny.cloud *.tiny.cloud;script-src 'self' 'unsafe-inline' poly.google.com gstatic.com *.gstatic.com cdn.jsdelivr.net tinymce.com *.tinymce.com code.jquery.com oss.maxcdn.com connect.facebook.net platform.twitter.com;img-src 'self' sliven.net *.sliven.net data: old.bg-patriarshia.bg syndication.twitter.com;font-src 'self' use.fontawesome.com *.gstatic.com *.bootstrapcdn.com tiny.cloud *.tiny.cloud 1
default-src 'self' 'unsafe-inline' servedby.revive-adserver.net banner.isn.nl fonts.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com code.jquery.com maxcdn.bootstrapcdn.com kampeerencaravanjaarbeurs.nl stats.g.doubleclick.net; img-src * data:; 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagservices.com *.googletagmanager.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com *.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com *.facebook.com https://*.facebook.com  bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 1
default-src 'self' data: 'inline-script' 'unsafe-inline' 'unsafe-eval' /static http://data.планетажелезяка.рф http://data.xn--80aaaawdltkvth1aig1f.xn--p1ai http://data.* http://yandex.st http://*.yandex.ru https://*.yandex.ru http://yastatic.net http://*.maps.yandex.net http://*.mail.ru http://*.list.ru http://*.rambler.ru http://www.google-analytics.com http://www.skypeassets.com http://79.135.240.42:8008 https://www.youtube.com; 1
frame-ancestors m.zap.co.il www.21.tv www.facebook.com sandbox.meshulam.co.il meshulam.co.il ppsuat.creditguard.co.il https://www.21.tv/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.newsgram.com;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.paynimo.com https://*.razorpay.com/ https://www.googletagmanager.com/  https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.botframework.com/  *.doubleclick.net *.ads-twitter.com *.pingdom.net *.facebook.net;font-src *  data: blob: 'unsafe-inline';img-src 'self' https: data:;style-src 'self' 'unsafe-inline' https: data:;connect-src 'self' wss://broking.fundzbazar.com:26004/ https://*.paynimo.com/ https://www.google-analytics.com/ https://*.razorpay.com/ *.pingdom.net/ *.doubleclick.net/ https://directline.botframework.com/ wss://directline.botframework.com ;frame-ancestors 'self';frame-src 'self' data: blob: https://www.youtube.com/ https://api.razorpay.com/ https://www.googletagmanager.com/ https://www.prudentcorporate.com/ https://fundzbazar.com/ https://www.fundzbazar.com/ https://pcasuat.com/ https://www.pcasuat.com/ 1
default-src 'self' 'unsafe-inline' analytics.google.com www.google.com use.typekit.net stats.g.doubleclick.net www.google.com.pr www.google-analytics.com maps.googleapis.com www.facebook.com fonts.googleapis.com fonts.gstatic.com pixel.sitescout.com bid.g.doubleclick.net 10266195.fls.doubleclick.net images.supermaxonline.com www.supermaxonline.com data: ; script-src 'self' cdnjs.cloudflare.com fonts.gstatic.com www.facebook.com www.googletagmanager.com fonts.googleapis.com oss.maxcdn.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com *.supermaxonline.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google-analytics.com 127.0.0.1 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' statsng.knobelbecher.net 'unsafe-inline'; img-src 'self' https:; script-src 'self' statsng.knobelbecher.net 'unsafe-inline' 'unsafe-eval' 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
upgrade-insecure-requests; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://cdnjs.cloudflare.com https://*.ctctcdn.com https://ecdev.org https://api.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://connect.facebook.net https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://*.googlecode.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://assets.ca.recollect.net https://*.recollect.net https://recollect.net https://*.typekit.net https://widget.twnmm.com https://*.zoomprospector.com; style-src 'self' 'unsafe-inline' https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://*.ctctcdn.com https://api.ecdev.org https://stalbert.ecdev.org https://*.google.com https://*.googleapis.com https://cdn-images.mailchimp.com https://assets.ca.recollect.net https://recollect.a.ssl.fastly.net https://recollect.net https://widget.twnmm.com https://*.typekit.net; img-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://s3.ca-central-1.amazonaws.com https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://static.ctctcdn.com https://www.facebook.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://www.sumac.com https://widget.twnmm.com https://*.typekit.net https://*.ytimg.com; font-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.gstatic.com https://recollect.a.ssl.fastly.net https://assets.ca.recollect.net https://recollect.net https://*.typekit.net; frame-src 'self' https://*.stalbert.ca https://stalbert.ca https://anchor.fm https://arcg.is https://arcgis.com https://*.arcgis.com https://environment.alberta.ca https://embed.clearpointstrategy.com https://*.doubleclick.net https://maps.ecdev.org https://stalbert.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://*.google.ca https://*.google.com https://googletagmanager.com https://*.granicus.com https://*.legistar.com https://stalbert.ca.legistar.com/ https://pbtech.org https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://seeclickfix.com https://e605.spacelist.ca https://monitoringpublic.solaredge.com https://live.tourdash.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://properties.zoomprospector.com; object-src 'none'; report-uri https://stalbert.report-uri.io/r/default/csp/enforce 1
block-all-mixed-content; frame-ancestors *.madeinbrazil.com.br 1
default-src 'self' blob:; img-src 'self' data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' pay.apiorders.com connect.upsellmarketplace.com *.opensend.com *.klaviyo.com *.convertexperiments.com *.criteo.com wave.outbrain.com cdn.weglot.com bat.bing.com trak.dozemax.com *.clarity.microsoft.com *.clarity.ms cdn.lordicon.com mcc.dozemax.com widget.clym-sdk.net api.konnektive.com *.instagram.com cdn.jsdelivr.net sachinchoolur.github.io *.wistia.net maxcdn.bootstrapcdn.com *.tidio.co *.elfsight.com *.tidiochat.com stackpath.bootstrapcdn.com www.googletagmanager.com b-code.liadm.com bestgadgetstorenow.com *.buygoods.com *.digistore24.com ajax.googleapis.com ajax.aspnetcdn.com cdn.attn.tv www.statcounter.com www.google-analytics.com run.crtx.info player.vimeo.com connect.facebook.net cdnjs.cloudflare.com quick.vidalytics.com www.youtube.com s.ytimg.com trends.revcontent.com sdks.shopifycdn.com  secure.statcounter.com static.hotjar.com script.hotjar.com a.mgid.com maps.googleapis.com googleads.g.doubleclick.net tagmanager.google.com  googleadservices.com *.googleadservices.com widget.intercom.io js.intercomcdn.com cdn.mouseflow.com optassets.ontraport.com mediacommunications.ontraport.com cdn.sendpulse.com cdn2.noipfraud.com apis.google.com *.wp.com stats.wp.com www.paypalobjects.com www.paypal.com code.jquery.com js.stripe.com *.braintreegateway.com paypalobjects.com fareharbor.com www.fareharbor.com *.cloudfront.net *.ringcaptcha.com widget.manychat.com *.google.com *.google.com.ph *.app-us1.com manychat.com facebook.com www.facebook.com trackcmp.net media.go2app.org  edlwss.com www.edlwss.com jump.trakmylink.com mcc.go2cloud.org ssl.kaptcha.com fast.wistia.com cdn.taboola.com amplify.outbrain.com  s.yimg.com sp.analytics.yahoo.com www.googleoptimize.com *.googleoptimize.com trc.taboola.com assets.revcontent.com *.livechatinc.com analytics.tiktok.com dev.visualwebsiteoptimizer.com *.ipstatp.com *.vo.msecnd.net activehosted.com *.activehosted.com *.godaddy.com mccdn.me cloudflare.com *.cloudflare.com translate.googleapis.com tr.outbrain.com *.fastly.net dwin1.com *.dwin1.co rgfj1trk.com *.rgfj1trk.com *.adroll.com cdn.oribi.io *.akamaihd.net dapidata.com *.dapidata.com cdn.reamaze.com *.reamaze.com *.backoffc.com api.myuser.com newrelic.com *.newrelic.com klaviyo.com *.klaviyo.com aggle.net *.aggle.net data: blob: 1
script-src 'report-sample' 'nonce-euN-3r8zjgWALZeOxcQlPw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'self' 'unsafe-inline' wss://ws.hotjar.com *.hotjar.io https://lottie.host *.infinity-tracking.net *.infinity-tracking.com *.lottiefiles.com *.lottie.host *.shoosmiths.com *.shoosmiths.co.uk *.mimecast.com https://unpkg.com *.youtube-nocookie.com *.perfectportal.co.uk *.podbean.com *.cloudflare.com *.gstatic.com *.cloudflareinsights.com *.onetrust.com *.juicer.io *.cookielaw.org *.googletagmanager.com *.google.com *.polyfill.io *.unpkg.com *.passle.net *.typekit.net *.yoshki.com *.vuture.net *.twimg.com *.youtube.com *.google-analytics.com *.hotjar.com *.trustpilot.com *.responsetap.com *.googleapis.com *.appspot.com *.doubleclick.net *.facebook.net *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.infinity-tracking.net *.infinity-tracking.com *.lottiefiles.com *.lottie.host *.youtube.com *.mimecast.com https://unpkg.com *.youtube-nocookie.com *.perfectportal.co.uk *.podbean.com *.cloudflare.com *.juicer.io *.cloudflareinsights.com *.facebook.com *.facebook.net *.doubleclick.net *.appspot.com *.googleapis.com *.responsetap.com *.trustpilot.com *.hotjar.com *.google-analytics.com *.google.com *.cookielaw.org *.googletagmanager.com *.polyfill.io; img-src * 'self' data: blob:; frame-ancestors 'self' *.shoosmiths.com *.shoosmiths.co.uk *.ratiopartners.co.uk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com:*; style-src-elem 'self' 'unsafe-inline' http://fonts.googleapis.com:*; img-src 'self' data: www.facebook.com https://i.ytimg.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://www.youtube.com; upgrade-insecure-requests 1
base-uri 'self'; child-src https://location.westernunion.com/de outsystems://location.westernunion.com/de~ https://geo.cardinalcommerce.com/ https://1merchantacs.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://*.quantummetric.com blob: 'self' gap:; frame-src https://location.westernunion.com/de outsystems://location.westernunion.com/de~ https://geo.cardinalcommerce.com/ https://1merchantacs.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://*.quantummetric.com blob: 'self' gap:; connect-src https://location.westernunion.com/de outsystems://location.westernunion.com/de kg668dbov0.execute-api.us-east-1.amazonaws.com includes.ccdc02.com https://*.cardinalcommerce.com https://*.quantummetric.com 'self'; default-src https://*.quantummetric.com 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; object-src https://*.quantummetric.com; script-src kg668dbov0.execute-api.us-east-1.amazonaws.com writer.cardinalcommerce.com includes.ccdc02.com https://*.cardinalcommerce.com https://*.quantummetric.com https://assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors https://*.quantummetric.com 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=eAU1amXZ3zoGR0Rh3KMRpu8sAAgSdHlX846hkCWEvSooDFNQra2XrPn0qTiKIpI0B%2BNppSPfXRBXT4PCj4otsw%3D%3D; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-du4EkwgfqLIgCDEleqX6CgSNmE+LlYM0Ph+3hEBc8Q8x2W0g' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.chris-videncia-gratuita.com; 1
frame-ancestors 'self' https://www.indeedhuddle.com https://tableau.indeed.tech https://bmo.sandbox.qa.indeed.net https://indeed.lightning.force.com https://indeed--qa--c.sandbox.vf.force.com https://wiki.indeed.com https://indeed--qa.sandbox.lightning.force.com https://idash.sandbox.indeed.net https://tableau-stage.indeed.tech https://bmo.sandbox.indeed.net 1
default-src 'self' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://use.fontawesome.com https://maps.gstatic.com https://maps.googleapis.com https://fonts.gstatic.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.analytics.google.com/; script-src 'nonce-34d5645ae44434f' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://maps.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://fonts.googleapis.com; frame-src https://*.vimeo.com; img-src data: https://*.gstatic.com https://*.googleapis.com/ https://*.ggpht.com/ https://*.synlab-marketing.com https://*.synlab.fr/ https://synlab.fr.ddev.ddev.site/ https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/ https://*.analytics.google.com/; frame-ancestors 'self' https://*.synlab.fr/ https://*.synlab.com/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.criteo.com https://*.gstatic.com https://t-log.sgmarkets.com https://*.googletagmanager.com https://*.cookiebot.com https://*.googleapis.com https://*.tiny.cloud; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.tiny.cloud; img-src 'self' https: data:; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.cookiebot.com https://*.googleapis.com; frame-src 'self' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com https://gum.criteo.com 1
frame-ancestors 'self' https://*.toyota.hu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
script-src https://*.googleapis.com 'unsafe-eval' 'unsafe-inline' https: blob: 'self'; script-src-elem https://*.googleapis.com 'unsafe-eval' 'unsafe-inline' https: blob: 'self'; object-src 'none'; base-uri 'self'; report-uri https://sentry.luminate.one/api/27/security/?sentry_key=646f65150e0f4008bcd6d01c85b33d84&sentry_environment=production; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://ssl.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com data:; 1
frame-ancestors 'self' somtoday.nl *.somtoday.nl; frame-src *.som.today som.today *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.somtoday.nl somtoday.nl *.webinargeek.com 1
img-src https: data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' pxcdn.uk www.preventx.com pro.fontawesome.com code.jquery.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com unpkg.com *.openstreetmap.org player.vimeo.com cc.cdn.civiccomputing.com apikeys.civiccomputing.com connect.facebook.net cdn.jsdelivr.net region1.google-analytics.com *.cloudflare.com; 1
frame-ancestors 'self' *.cellarbrations.com.au *.almonline.com.au 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-6acabf90c0a19535f761d96e903756fb'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.getsitecontrol.com *.getsitectrl.com phonetrack-static.s3.sa-east-1.amazonaws.com s3-sa-east-1.amazonaws.com *.criteo.net *.criteo.com *.clarity.ms  chat.octadesk.services *.google.com *.googlesyndication.com cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js *.gstatic.com *.facebook.net *.cookiebot.com *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.googletagmanager.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.getsitecontrol.com *.getsitectrl.com nominatim.openstreetmap.org *.appspot.com *.criteo.net *.criteo.com *.cookiebot.com *.clarity.ms *.facebook.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.google.com *.doubleclick.net *.google-analytics.com; font-src 'self' *.gstatic.com *.hotjar.com; frame-src 'self' *.criteo.net *.criteo.com chat.octadesk.services *.facebook.com *.youtube.com *.google.com *.doubleclick.net *.cookiebot.com *.hotjar.com *.hotjar.io; img-src 'self' *.cookiebot.com imgsct.cookiebot.com *.getsitecontrol.com *.getsitectrl.com *.criteo.net *.criteo.com c.clarity.ms dsae.s3.amazonaws.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.carrera.com.br *.facebook.com *.google-analytics.com *.google.com *.google.com.br data:; manifest-src 'self'; media-src 'self'; report-uri https://606ef4cf6ece01d9672c2ea8.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://*.paypal.com https://*.doofinder.com ; font-src 'self' data: blob: https://fonts.gstatic.com https://static3.avast.com ;img-src 'self' 'unsafe-inline' data: https://www.boesner.fr https://fonts.gstatic.com https://axeptio.imgix.net https://t0.gstatic.com https://t1.gstatic.com https://t2.gstatic.com https://t3.gstatic.com https://t4.gstatic.com https://*.clarity.ms https://cl.avis-verifies.com http://cl.avis-verifies.com https://www.netreviews.eu http://www.netreviews.eu https://www.avis-verifies.com http://www.avis-verifies.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com http://www.google.com https://www.google.fr http://www.google.fr http://www.google.tn https://www.google.tn https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://www.facebook.net http://www.paypal.com http://t.paypal.com http://bat.bing.com https://www.paypalobjects.com https://cdn.doofinder.com https://eu1-layer.doofinder.com https://eu1-doofinderuser.s3.amazonaws.com https://*.bing.com https://*.my-probance.one https://*.pinterest.com ;frame-src 'self' https://www.avis-verifies.com http://www.avis-verifies.com https://www.send-up.net https://*.doubleclick.net https://www.youtube.com https://www.youtu.be https://www.google.com https://www.facebook.com https://www.facebook.net https://vars.hotjar.com http://www.paypal.com http://t.paypal.com https://*.pinterest.com ;connect-src 'self' https://client.axept.io https://static.axept.io https://api.axept.io https://*.clarity.ms https://*.google-analytics.com https://*.analytics-google.com https://*.analytics.google.com https://*.googlesyndication.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.facebook.com https://in.hotjar.com https://*.pinterest.com https://cdn.doofinder.com https://eu1-layer.doofinder.com ws://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://eu1-widget.doofinder.com/ ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cl.avis-verifies.com http://cl.avis-verifies.com https://www.avis-verifies.com http://www.avis-verifies.com https://www.netreviews.eu http://www.netreviews.eu https://www.avis-verifies.com http://www.avis-verifies.com https://www.googletagmanager.com https://www.paypalobjects.com http://www.paypalobjects.com https://www.paypal.com/sdk/jshttps://www.paypal.com http://www.paypal.com https://www.google-analytics.com http://www.google-analytics.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://www.google.fr https://www.youtu.be https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://developers.google.com https://bat.bing.com https://www.facebook.net https://connect.facebook.net https://cdn.doofinder.com https://eu1-layer.doofinder.com https://cdn.doofinder.com/livelayer/1/js/loader.min.js https://bat.bing.com/bat.js https://static.hotjar.com/c/hotjar-1500323.js https://script.hotjar.com/modules.6d6d0fb9462e12691e7f.js https://*.hotjar.com http://www.paypal.com http://t.paypal.com http://static.axept.io/sdk.js https://*.clarity.ms https://*.pinimg.com ; 1
frame-ancestors 'self' newcockpit.eqs.com 1
script-src 'unsafe-inline' http: https:;object-src 'none';base-uri 'none';report-uri 'https://prixa.net'; 1
report-uri ; default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://cdn.cookiehub.eu/c2/css/2858c2e7.css; img-src 'self' https://straumur.cdn.prismic.io images.prismic.io https://straumur.zendesk.com https://kvikahelp.zendesk.com https://images.unsplash.com https://www.facebook.com; font-src 'self'; manifest-src 'self'; script-src 'self' https://cdn.cookiehub.eu/c2/2858c2e7.js 'sha256-gWCqfvMz6gFY4H/Mp7RV+XjLH7rk7PPLATCuGeG+iXI=' 'sha256-eJk4k3o/xMXL7Ax97+iKnn7l3CMqV4m6AqeIbUrEMhI=' https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://static.zdassets.com/ekr/sentry-browser.min.js https://zendesk-eu.my.sentry.io/ https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://straumur.zendesk.com https://kvikahelp.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://straumur.zendesk.com https://pod13.zendesk.com wss://pod13.zendesk.com wss://*.zopim.com pod-13.zendesk.com https://static.cdn.prismic.io https://prismic.io https://www.google.com/recaptcha/api/siteverify https://cookiehub.net 'sha256-MK+LIK7EaQ7nrkAtLCGK+UKzfaYp4Frsy9PmkBHCBMI=' 'sha256-+9+hYkFI5sm4saaRq/OXheik07DG/xufqJwdJbea9xE=' 'sha256-NZOT7kPTjrflrALanptHp0x8BHCQ/2aar4PGKf6GRBo=' cdn.segment.com connect.facebook.com googletagmanager.com http://connect.facebook.net http://connect.facebook.com http://www.googletagmanager.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; connect-src 'self' https://straumur.cdn.prismic.io o394619.ingest.sentry.io https://vitals.vercel-insights.com https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://straumur.zendesk.com https://kvikahelp.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://straumur.zendesk.com https://pod13.zendesk.com wss://pod13.zendesk.com wss://*.zopim.com https://region-eu.cookiehub.net https://consent.cookiehub.net/log https://consent-eu.cookiehub.net/ https://pod-13.zendesk.com wss://pod-13.zendesk.com cdn.segment.com api.segment.io *.segmentapis.com https://region1.google-analytics.com; frame-src www.google.com https://straumur-web.cdn.prismic.io https://www.facebook.com; object-src 'none'; frame-ancestors 'none'; media-src 'self' https://straumur.cdn.prismic.io https://static.zdassets.com; worker-src 'none'; child-src 'none'; form-action https://www.facebook.com/tr/; 1
default-src 'self' *.tuono.org *.peoplelinkonline.com https://wiki.peoplelink.it; connect-src 'self' *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com/gsi/ *.hereapi.com *.here.com blob:; script-src 'self' *.tuono.org *.peoplelinkonline.com *.googleapis.com *.google-analytics.com https://apis.google.com https://accounts.google.com *.googletagmanager.com *.hereapi.com *.here.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' *.tuono.org *.googleapis.com *.api.here.com 'unsafe-inline'; img-src 'self' https://* http://* data: blob: *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com *.api.here.com; object-src 'self'; frame-src 'self' *.tuono.org *.peoplelinkonline.com https://accounts.google.com; report-uri /csp/logit 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' moki.app *.moki.app *.google.com *.googleapis.com *.googletagmanager.com *.getbeamer.com js.hs-scripts.com js.usemessages.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.google-analytics.com snap.licdn.com *.hsappstatic.net googleads.g.doubleclick.net connect.facebook.net *.jquery.com js.hsleadflows.net; style-src 'self' 'unsafe-inline' moki.app *.moki.app use.fontawesome.com *.googleapis.com *.hsappstatic.net *.getbeamer.com *.jquery.com; img-src 'self' moki.app *.moki.app data: *.linkedin.com *.google.com *.google.com.br *.gstatic.com *.googleapis.com *.google-analytics.com *.hubspot.com *.facebook.com *.jquery.com *.hsforms.com *.getbeamer.com; child-src 'self' moki.app *.moki.app *.google.com *.hubspot.com *.facebook.com *.getbeamer.com *.youtube.com *.doubleclick.net; connect-src 'self' https://video.moki.app:8443 wss://video.moki.app:8443 wss://realtime.getbeamer.com https://*.hubspot.com https://*.google-analytics.com https://*.googleapis.com/ https://*.hubapi.com https://*.hscollectedforms.net https://*.getbeamer.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://google.com https://px.ads.linkedin.com; 1
frame-ancestors 'self' *.mainemorsels.com *.freshiesdeli.com *.rhfoster.com *.tricitypizza.com *.tricitypizzabangor.com *.minitstop.com minitstop.com http://*.gowesco.com http://gowesco.com kelleysmarket.com *.kelleysmarket.com http://kelleysmarket.com http://*.kelleysmarket.com *.valleyliquorsky.com valleyliquorsky.com *.vaultliquorsky.com vaultliquorsky.com *.lucillesroadhouse.com lucillesroadhouse.com *.command-center.com command-center.com rebelorder.wpengine.com neonmkts.com *.neonmkts.com orderrebel.store *.rebelstores.com *.gasngostores.com gasngostores.com *.tootntotum.com tootntotum.com tootntotum.preview.octanesites.com *.hucks.com hucks.com millbrook.squarespace.com d2drali5pfunp5.amplifyapp.com *.d2drali5pfunp5.amplifyapp.com *.holidayoil.com holidayoil.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' blob: cdn.jsdelivr.net www.gstatic.com fonts.googleapis.com cdn.bitmovin.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors enkoping.se piwik.enkoping.se vaxer.enkoping.se; 1
frame-ancestors 'self' https://sportland.com/ https://sportland.ee/ https://sportland.lv/ https://sportland.lt/ https://sportland.fi/ https://pl.sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lv/ https://ru.sportland.lt/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.ld.lt/report-uri/enforce 1
img-src https: data:; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; font-src https: data: 1
default-src 'self' ; connect-src *; font-src 'self'  data:; frame-src *; img-src * data: blob:; media-src * data:; script-src 'self' 'unsafe-eval' 'sha256-jqxtvDkBbRAl9Hpqv68WdNOieepg8tJSYu1xIy7zT34='  ; style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.pl https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.pl https://tags.tiqcdn.com https://www.dm.pl; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.pl https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.pl https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.pl https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.pl https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.pl https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.pl https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.pl https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.pl https://signin.dm.pl; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.polyfill.io *.jquery.com *.slgnt.eu *.morabanc.ad *.inbenta.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.googleadservices.com *.taboola.com *.adform.net *.facebook.net *.licdn.com *.doubleclick.net *.gstatic.com *.cookielaw.org *.windows.net morabanc.test *.inbenta.io *.hotjar.com unpkg.com;connect-src  *;frame-src *;img-src data: * 1
default-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline'; 1
connect-src https://*.calltouch.ru https://calltouch.ru https://*.mail.ru  https://www.google-analytics.com https://itclinic.ru 'self' https://*.yandex.ru https://*.itclinic.ru https://*.yandex.net https://*.google.com; child-src 'self' ; font-src https://static.lc-group.ru 'self' https://*.itclinic.ru ; form-action https://*.google.com https://*.calltouch.ru https://calltouch.ru https://itclinic.ru 'self' https://*.itclinic.ru ; frame-ancestors https://webvisor.com https://*.webvisor.com https://itclinic.ru 'self' ;  frame-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://api-maps.yandex.ru 'self' https://*.youtube.com ; img-src https://*.google.com  https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://vk.com https://static.lc-group.ru https://www.google-analytics.com https://itclinic.ru https://merlion.com  'self' https://*.yandex.ru https://*.merlion.com https://*.merlion.ru https://*.yandex.net https://*.itclinic.ru https://www.ippon.ru    https://www.jetbalance.ru https://www.google-analytics.com data: ;  media-src https://*.itclinic.ru 'self' ;     object-src https://static.lc-group.ru https://*.itclinic.ru 'self' https://*.macromedia.com ; script-src https://*.google.com     https://*.mail.ru https://static.lc-group.ru https://itclinic.ru https://*.yandex.ru  https://yastatic.net 'self' https://*.yandex.ru https://*.google-analytics.com      https://*.itclinic.ru https://*.yandex.net 'unsafe-eval'  https://*.calltouch.ru https://calltouch.ru; style-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://static.lc-group.ru https://itclinic.ru 'self' https://*.yandex.ru 'unsafe-inline' https://*.itclinic.ru https://*.yandex.net ; default-src 'none' ; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://vmeste.eu https://wmeste.net https://*.vmeste.org https://www.paypal.com/ https://yookassa.ru/checkout-widget/v1/checkout-widget.js https://static.yoomoney.ru/checkout-client/checkout-widget.js https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://mc.yandex.com/ https://js.stripe.com/ 1
frame-src www.taxi4me.net taxi4me.net; frame-ancestors www.taxi4me.net taxi4me.net; 1
default-src 'none'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajaxorg.github.io https://www.google.com https://www.gstatic.com https://www.youtube.com; connect-src 'self'; worker-src 'self' blob: https://www.google.com; frame-src https://www.google.com https://www.youtube.com; media-src 'self'; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vo.msecnd.net https://*.fontawesome.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com; font-src 'self' data: https://*.fontawesome.com; img-src 'self' data: blob:;worker-src 'self' blob:; connect-src 'self' https://*.mapbox.com https://dc.services.visualstudio.com  https://cdn.datatables.net data: wss:; frame-src 'self' blob: data: 1
script-src 'unsafe-inline' 'self' https://www.youtube.com https://*.addtoany.com https://www.dailymotion.com https://cdn.jsdelivr.net  https://*.hotjar.com https://connect.facebook.net https://platform.twitter.com https://tag.aticdn.net https://cbassets.botnation.ai https://pebed.dm-event.net https://imasdk.googleapis.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src   'report-sample'   'self' https://t.co/1/ https://static.ads-twitter.com/uwt.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net/signals/config/ https://connect.facebook.net/en_US/ https://s.go-mpulse.net/boomerang https://tagmanager.google.com https://*.go-mpulse.net https://jssdkcdns.mparticle.com/js/v2 https://wzrkt.com https://webapp-stg.lulobank.com https://webapp.lulobank.com https://webapp.lulobank.com/scriptdealer/* https://assets.lulobank.com/* https://www.lulobank.com/features/* https://jssdkcdns.mparticle.com/js/v2/us1-1543e831613f5f4d9682283494861385/mparticle.js https://us1.wzrkt.com https://www.google-analytics.com/analytics.js 'unsafe-eval' ; object-src   'none'; img-src   'self' https://t.co/1/ https://analytics.twitter.com/ https://www.google.com/pagead/1p-user-list/597546627/ https://leadgenios.net/pixel.track?CID=442598&p=img&MerchantReferenceID= https://www.google.com.co/pagead/1p-user-list/597546627/ https://www.facebook.com/tr/ https://www.googletagmanager.com https://www.google.com.co/ads/ https://www.google-analytics.com https://www.facebook.com/tr/* https://assets.lulobank.com/* https://assets.lulobank.com https://lulo-cms-assets-wpprod.s3.amazonaws.com https://webapp-stg.lulobank.com https://webapp.lulobank.com https://www.lulobank.com/features/* https://webapp.lulobank.com/scriptdealer/* https://ssl.gstatic.com https://www.gstatic.com https://leadgenios.net/* https://leadgenios.com/* data: blob:; base-uri   'none'; media-src   'self'   https://lulo-cms-assets-wpprod.s3.amazonaws.com https://assets.lulobank.com/* https://assets.lulobank.com; frame-ancestors      'none'; report-uri /csp.lulobank.com/; upgrade-insecure-requests; form-action 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; form-action https:; img-src 'self' data:; connect-src https: wss:; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data:; object-src 'self' *.youtube.com; frame-ancestors 'self' *.touslesprix.com js.stripe.com hooks.stripe.com 1
default-src 'self' acestream.me pps.creditguard.co.il www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' maxcdn.bootstrapcdn.com bam.nr-data.net access.nagich.co.il ajax.googleapis.com amplify.outbrain.com cdn.glassix.com cdn.taboola.com connect.facebook.net c onoret.com googleads.g.doubleclick.net hublosk.com js-agent.newrelic.com js.nagich.co.il jullyambery.net live.sekindo.com loungesrc.net platform-api.sharethis.com static.rtbaxs.io t.sharethis.co m tr.outbrain.com trc.taboola.com ws.sharethis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tpc.googlesyndication.com mstat.acestream.net netfree.link ssl.google-analytics.com www.pagespeed-mod.com cdn.stape.io translate.googleapis.com translate.google.com translate-pa.googleapis.com code.jquery.com www.google.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com translate.googleapis.com ws.sharethis.com www.googletagmanager.com; img-src 'self' data: notify.rtbaxs.io access.nagich.co.il cds.taboola.com fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com l.sharethis.com live.sekindo.com loungesrc.net m.safepage.neto.net.il  mc.yandex.ru mobile.netsparkmobile.com mstat.acestream.net region1.google-analytics.com tr.outbrain.com ws.sharethis.com www.facebook.com www.google-analytics.com www.google.co.il www.google.com.ua www.google.com www.googletagmanager.com www.gstatic.com yastatic.net cdn.css-tricks.com images.profileengine.com ssl.google-analytics.com sync.sharethis.com translate.google.com translate.googleapis.com; media-src 'self' data:; frame-src 'self' acestream.me filter.techloq.com pps.creditguard.co.il ppsuat.creditguard.co.il static.glassix.com static.rtbaxs.io t.sharethis.com td.doubleclick.net ws.sharethis.com www.facebook.com www.googletagmanager.com www.youtube.com qncdn.aoscdn.com mobile.netsparkmobile.com netfree.link  tpc.googlesyndication.com tsdtocl.com div.show; child-src 'self' t.sharethis.com ws.sharethis.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.megabonus.com data: maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' bam.nr-data.net  access.nagich.co.il bcp.crwdcntrl.net cdn.glassix.com code.jquery.com js.nagich.co.il l.sharethis.com ocr.nagich.co.il rdtds.net region1.google-analytics.com serverless.glassix.com stats.g.doubleclick.net trc-events.taboola.com trc.taboola.com www.facebook.com www.google-analytics.com www.googletagmanager.com analytics.google.com translate.googleapis.com www.google.co.il cds.taboola.com pips.taboola.com; report-uri https://2ff108e99bac2bae8014a612de49e57d.report-uri.com/r/d/csp/wizard 1
default-src 'self' *.ogma.pt *.google.com *.analytics.google.com *.gstatic.com www.google-analytics.com ajax.googleapis.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.ogma.pt https://feverstorage.blob.core.windows.net *.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com; font-src 'self' *.ogma.pt data: *.gstatic.com www.google-analytics.com ajax.googleapis.com; img-src 'self' data: *.ogma.pt *.gstatic.com *.gravatar.com *.umbraco.com *.windows.net www.google-analytics.com ajax.googleapis.com cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ogma.pt https://feverstorage.blob.core.windows.net *.google.com https://*.googletagmanager.com www.google-analytics.com ajax.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.ogma.pt https://feverstorage.blob.core.windows.net *.google.com cdn.cookielaw.org *.gstatic.com https://*.googletagmanager.com www.google-analytics.com *.googleapis.com; frame-src 'self' *.ogma.pt *.google.com www.google-analytics.com ajax.googleapis.com *.youtube.com; connect-src 'self' https://feverstorage.blob.core.windows.net *.ogma.pt cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com 1
frame-ancestors 'self' https://cms-website.shinhanfinance.com.vn 1
default-src * data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src https: http: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self'  'unsafe-eval' 'unsafe-inline' www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com s.ytimg.com www.youtube.com www.google-analytics.com; connect-src 'self' blob: *.indiaratings.com  www.google-analytics.com analytics.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: *.indiaratings.co.in trk.funnelenvy.com images.ctfassets.net *.boltdns.net www.google-analytics.com stats.g.doubleclick.net;  font-src 'self' data: *.indiaratings.co.in *.indiaratings.com fonts.gstatic.com script.hotjar.com  cdnjs.cloudflare.com;  frame-src 'self' https://www.youtube.com/ *.indiaratings.com *.indiaratings.co.in www.google-analytics.com www.google.com;media-src 'self' https://www.google.com/ blob: *.indiaratings.co.in *.indiaratings.com *.brightcove.com videos.ctfassets.net;worker-src 'self' blob:;child-src 'self' blob:;object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net ajax.aspnetcdn.com momentjs.com www.googletagmanager.com www.google-analytics.com rawcdn.githack.com cdnjs.cloudflare.com ssl.google-analytics.com pagead2.googlesyndication.com maps.googleapis.com ajax.googleapis.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/ https://www.facebook.com/; style-src 'self' 'unsafe-inline' www.jqueryscript.net cdnjs.cloudflare.com jquery.app fonts.googleapis.com; img-src 'self' data: ssl.google-analytics.com www.google-analytics.com www.stb.com.mk maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net https://www.gstatic.com/ https://www.facebook.com/ https://www.google.com/pagead/ https://www.google.mk/pagead/ https://www.youtube.com/; connect-src 'self' pagead2.googlesyndication.com maps.googleapis.com; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://www.youtube.com/; 1
media-src 'self' blob: https://d1j2gmvz4lzti5.cloudfront.net; manifest-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.youtube.com https://maps.googleapis.com https://csp.withgoogle.com https://analytics.google.com https://www.afmadmin.qburst.com https://adservice.google.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://static-cdn.qburst.com https://fonts.googleapis.com https://www.google.com; object-src 'self'; font-src 'self' 'unsafe-inline' https://static-cdn.qburst.com https://fonts.gstatic.com data:; img-src 'self' data: https://static-cdn.qburst.com www.google-analytics.com googleads.g.doubleclick.net https://certify.alexametrics.com https://p.adsymptotic.com https://www.google.com https://www.google.co.in https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://marketingplatform.google.com https://d32wqyuo10o653.cloudfront.net https://www.googletagmanager.com https://i.ytimg.com http://clients1.google.com https://ssl.gstatic.com https://encrypted *; frame-ancestors 'self'; prefetch-src https://static-cdn.qburst.com; script-src 'self' 'unsafe-eval' https://static-cdn.qburst.com https://cdn-affiliate.qburst.com https://certify-js.alexametrics.com/atrk.js https://snap.licdn.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.linkedin.oribi.io https://www.youtube.com https://www.google.com https://www.gstatic.com http://www.gstatic.com https://maps.googleapis.com https://static.addtoany.com http://www.google.com https://cse.google.com http://cse.google.com https://partner.googleadservices.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://www.google.co.in https://ct.capterra.com https://js.zi-scripts.com https://tags.clickagy.com https://js.adsrvr.org 'sha256-/ITGJvuxgnMQXHjVR83cHg2yoP5Jx5SKdiunye98OwE=' 'sha256-i5/9P2L0hDUu6r9wRztk7FiLkT2AAoPbTSlrL1sp6O8=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-8Lv10+9kieliYluA+S5z1+KwnqLTX4J0FiDyx8FWM2s=' 'sha256-zFiAYZngjHC8cpBF+I5B678kZX+kY5VBHUBe8MhmYJM=' 'nonce-NfGWQVTvbN1lAMCcQF+LsQ=='; worker-src 'self'; base-uri 'self'; default-src 'self' https://static-cdn.qburst.com; frame-src 'self' https://www.youtube.com https://www.google.com https://static.addtoany.com https://cse.google.com https://td.doubleclick.net https://insight.adsrvr.org https://www.adsensecustomsearchads.com https://match.adsrvr.org; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://www.klick-tipp.com; img-src 'self' https://www.google-analytics.com https://s-static.ak.facebook.com http://i.lyrix.at https://klicktipp.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://www.facebook.com https://s-static.ak.facebook.com; object-src 'none' 1
default-src 'self' *.landshypotek.se *.cloudimg.io *.google-analytics.com *.cookiebot.com ebbot-v2.storage.googleapis.com wss://v2.ebbot.app v2.ebbot.app landshypotek.piwik.pro landshypotek.containers.piwik.pro *.mediaflow.com mfstatic.com *.inviewer.se *.kreditz.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.landshypotek.se *.cloudimg.io *.kundchatten.com *.kundchatten.se *.googletagmanager.com code.jquery.com *.mediaflowpro.com mfstatic.com *.inviewer.se *.google-analytics.com *.googleadservices.com *.doubleclick.net *.cookiebot.com connect.facebook.net ebbot-v2.storage.googleapis.com landshypotek.containers.piwik.pro; style-src 'self' 'unsafe-inline' *.landshypotek.se *.cloudimg.io *.mediaflowpro.com mfstatic.com ebbot-v2.storage.googleapis.com fonts.googleapis.com landshypotek.containers.piwik.pro; img-src 'self' data: *.landshypotek.se *.cloudimg.io *.mediaflowpro.com *.inviewer.se *.google-analytics.com *.google.com *.google.se *.facebook.com *.cision.com *.gravatar.com ebbot-v2.storage.googleapis.com storage.googleapis.com landshypotek.containers.piwik.pro; font-src 'self' data: *.landshypotek.se *.cloudimg.io *.mediaflowpro.com mfstatic.com fonts.gstatic.com ebbot-v2.storage.googleapis.com landshypotek.containers.piwik.pro; frame-src 'self' data: *.cookiebot.com *.kundchatten.com *.kundchatten.se *.googletagmanager.com *.facebook.com *.google.com *.mediaflowpro.com *.kreditz.com; manifest-src 'self' data: *.landshypotek.se; 1
default-src 'self';                  style-src 'self' 'unsafe-inline' https://optimize.google.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://app-lon09.marketo.com https://pages.healthassured.org https://tags.srv.stackadapt.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://optimize.google.com https://ajax.googleapis.com https://www.google.com https://secure.cave9tape.com https://munchkin.marketo.net https://www.gstatic.com https://app-lon09.marketo.com https://dev.visualwebsiteoptimizer.com https://polyfill.io https://maxcdn.bootstrapcdn.com https://ruler.nyltx.com https://static.hotjar.com https://script.hotjar.com https://analytics.nyltx.com https://maps.googleapis.com https://js.driftt.com https://widget.drift.com https://bat.bing.com https://www.youtube.com https://pages.healthassured.org https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://d.turn.com https://snap.licdn.com https://connect.facebook.net https://www.googleadservices.com https://www.facebook.com https://googleads.g.doubleclick.net https://m.facebook.com https://*.quantserve.com https://*.quantcount.com https://amplify.outbrain.com https://tr.outbrain.com https://tags.srv.stackadapt.com;      object-src 'self';      img-src 'self' data: https:;      media-src 'self';      frame-src 'self' https://optimize.google.com https://vars.hotjar.com https://app-lon09.marketo.com https://js.driftt.com https://widget.drift.com https://www.youtube.com https://pages.healthassured.org https://bid.g.doubleclick.net;      font-src 'self' https://stackpath.bootstrapcdn.com https://fonts.gstatic.com;      connect-src 'self' https://*.googleapis.com https://047-rgt-212.mktoresp.com https://analytics.nyltx.com https://in.hotjar.com https://www.google-analytics.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.googletagmanager.com https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://tags.srv.stackadapt.com https://tags.srv.stackadapt.com; 1
frame-src delamar-u12.guiltypeople.nl beta.delamar.nl delamar.nl tickets.delamar.nl www.youtube.com consentcdn.cookiebot.com td.doubleclick.net;frame-ancestors delamar-u12.guiltypeople.nl beta.delamar.nl delamar.nl tickets.delamar.nl www.youtube.com consentcdn.cookiebot.com td.doubleclick.net; 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data: https://dr5mk4ppf3xok.cloudfront.net; img-src 'self' https: https://insular-v23.s3.amazonaws.com https://dr5mk4ppf3xok.cloudfront.net data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://insular-v23.s3.amazonaws.com https://dr5mk4ppf3xok.cloudfront.net https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/swiper@9.1.1/swiper-bundle.min.js https://ga.jspm.io/npm:flatpickr@4.6.13/dist/esm/index.js https://ga.jspm.io/npm:flatpickr@4.6.13/dist/plugins/monthSelect/index.js https://ga.jspm.io/npm:debounce@1.2.1/index.js https://cdnjs.cloudflare.com/ajax/libs/cleave.js/1.6.0/cleave-esm.min.js https://cdnjs.cloudflare.com/ajax/libs/tom-select/2.2.2/js/tom-select.complete.js https://cdn.jsdelivr.net/npm/imask@6.6.0/dist/imask.min.js https://cdn.jsdelivr.net/npm/nouislider@15.7.0/dist/nouislider.min.js https://cdn.jsdelivr.net/npm/fastclick@1.0.6/lib/fastclick.min.js https://www.recaptcha.net https://touchpoint-sdk.alida.com/ https://touchpoint-sdk.visioncritical.com/ https://api-touchpoint.ap2.visioncritical.com https://dist-touchpoint.ap2.alida.com/ https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://analytics.google.com/ https://googleads.g.doubleclick.net https://connect.facebook.net 'nonce-'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://insular-v23.s3.amazonaws.com https://dr5mk4ppf3xok.cloudfront.net; connect-src 'self' https://dr5mk4ppf3xok.cloudfront.net https://insular-v23.s3.amazonaws.com https://d1h36vgosc7o6x.cloudfront.net https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/swiper@9.1.1/swiper-bundle.min.js https://ga.jspm.io/npm:flatpickr@4.6.13/dist/esm/index.js https://ga.jspm.io/npm:flatpickr@4.6.13/dist/plugins/monthSelect/index.js https://ga.jspm.io/npm:debounce@1.2.1/index.js https://cdnjs.cloudflare.com/ajax/libs/cleave.js/1.6.0/cleave-esm.min.js https://cdnjs.cloudflare.com/ajax/libs/tom-select/2.2.2/js/tom-select.complete.js https://cdn.jsdelivr.net/npm/imask@6.6.0/dist/imask.min.js https://cdn.jsdelivr.net/npm/nouislider@15.7.0/dist/nouislider.min.js https://cdn.jsdelivr.net/npm/fastclick@1.0.6/lib/fastclick.min.js https://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/tr https://analytics.google.com https://app.freshmarketer.com/ab/api/visitor/pingback https://insularlife-team.myfreshworks.com/ https://src.freshmarketer.com/mas https://api-touchpoint.alida.com https://api-touchpoint.ap2.visioncritical.com https://dist-touchpoint.ap2.alida.com/ https://api-touchpoint.ap2.alida.com/; frame-src https://www.recaptcha.net/ https://dr5mk4ppf3xok.cloudfront.net https://d1h36vgosc7o6x.cloudfront.net https://www.googletagmanager.com https://www.youtube.com/ https://player.vimeo.com/ https://dist-touchpoint.ap2.alida.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://bat.bing.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://*.clarity.ms https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/prism/ https://cdn.ampproject.org https://*.youtube.com/ https://000-pixelplex.pixelplexlabs.com https://widget.clutch.co/static/js/widget.js https://www.gstatic.com/call-tracking/call-tracking_7.js https://www.gstatic.com/wcm/loader.js https://a.quora.com/qevents.js; style-src 'self' 'unsafe-inline'; object-src 'self'; font-src 'self' data:; frame-ancestors 'self' 1
default-src https://* 'unsafe-inline' data:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; 1
frame-ancestors www.sno-isle.org *.www.sno-isle.org sno-isle.org *.sno-isle.org sno-isle.bibliocms.com *.sno-isle.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.sno-isle.org *.www.sno-isle.org sno-isle.org *.sno-isle.org sno-isle.bibliocms.com *.sno-isle.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' ; img-src 'self' data: matchbox.hepdata.com *.google-analytics.com *.adsymptotic.com *.linkedin.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.instructure.com *.instructuremedia.com *.canvas-user-content.com;  script-src 'self' data:  blob: 'unsafe-eval' 'unsafe-inline' *.yourgamecam.com *.wowza.com matchbox.hepdata.com *.google-analytics.com *.oribi.io *.googletagmanager.com *.licdn.com *.linkedin.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com;  worker-src 'self' data:  blob: 'unsafe-eval' 'unsafe-inline' *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com;  style-src 'self' data: 'unsafe-inline' *.wowza.com matchbox.hepdata.com *.googleapis.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com;  font-src 'self' data: matchbox.hepdata.com *.gstatic.com *.azure.net *.windows.net;  frame-src 'self' *.bcp.org *.yourgamecam.com *.sharepoint.com *.issuu.com matchbox.hepdata.com massinteract.com *.azure.net *.windows.net *.facebook.net *.facebook.com *.twimg.com *.twitter.com *.youtube.com *.google.com *.gstatic.com *.microsoftstream.com;  object-src 'none';  frame-ancestors 'self' bcp.org *.bcp.org *.azure.net *.windows.net teams.microsoft.com *.teams.microsoft.com *.skype.com *.instructure.com *.vimeocdn.com *.vimeo.com; connect-src 'self' *.wowza.com matchbox.hepdata.com *.oribi.io *.azure.net *.windows.net;  form-action 'self' https://*.bcp.org https://*.ravenna-hub.com;  media-src 'self' blob: *.wowza.com  *.azure.net *.windows.net *.instructure.com *.instructuremedia.com *.canvas-user-content.com; 1
default-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk www.youtube-nocookie.com; script-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk st.cbc.cuttlefish.com *.sentry-cdn.com *.google-analytics.com static.addtoany.com cdnjs.cloudflare.com dfsrovckda8bt.cloudfront.net connect.facebook.net hitcounter.servmetric.com www.google.com maps.googleapis.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com translate.googleapis.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ *.servmetric.com *.govmetric.com content.govdelivery.com *.8x8.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.charnwood.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.googleapis.com maps.google.com maps.google.co.uk *.googleapis.com *.govmetric.com cdn.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com *.servmetric.com 'unsafe-inline'; img-src 'self' data: www.charnwood.gov.uk st.cbc.cuttlefish.com *.cuttlefish.com *.google-analytics.com dfsrovckda8bt.cloudfront.net cdnjs.cloudflare.com www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com translate.google.com maps-api-ssl.google.com *.twitter.com *.ytimg.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com cdn.syndication.twimg.com *.twimg.com https://*.ggpht.com *.govmetric.com *.servmetric.com content.govdelivery.com www.facebook.com *.8x8.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.charnwood.gov.uk st.cbc.cuttlefish.com *.google-analytics.com maps.googleapis.com translate.googleapis.com *.ingest.sentry.io hitcounter.govmetric.com https://stats.g.doubleclick.net; frame-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk st.cbc.cuttlefish.com static.addtoany.com *.twitter.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ websurveys2.govmetric.com *.8x8.com; media-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk; frame-ancestors 'self' www.charnwood.gov.uk my.charnwood.gov.uk; child-src 'self' www.charnwood.gov.uk; manifest-src 'self' www.charnwood.gov.uk; form-action 'self' www.charnwood.gov.uk my.charnwood.gov.uk pa.charnwood.gov.uk https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify https://vof.charnwood.gov.uk; report-uri https://o249831.ingest.sentry.io/api/4505674423992320/security/?sentry_key=9a4b97d4ddfb14d0ca8ed7ac4ed74c12; 1
img-src 'self' *.thecheat.co.kr;media-src https://*;connect-src 'self' *.thecheat.co.kr *.naver.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecheat.co.kr  *.naver.net *.naver.com *.jquery.com *.google-analytics.com *.google.com *.youtube.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; 1
frame-ancestors 'self' https://www.vg.no; 1
frame-ancestors 'self' https://*.donorlead.net https://donorlead.net https://donorsearch.us1app.churnzero.net; frame-src 'self' https://donorlead.net https://*.donorlead.net https://www.youtube.com https://www.google.com/recaptcha/enterprise/bframe https://www.google.com/recaptcha/enterprise/anchor https://www.facebook.com https://forms.hsforms.com/; script-src-attr http://www.google.com https://staging-wp.donorsearch.net https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://googleads.g.doubleclick.net; 1
frame-ancestors 'self' https://*.sfox.com; 1
default-src 'none';img-src 'self';style-src 'self'; 1
default-src 'self' *.acato.nl; style-src 'self' 'unsafe-inline' *.acato.nl *.vimeocdn.com cdnjs.cloudflare.com *.gstatic.com fonts.bunny.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.acato.nl *.cloudflare.com *.vimeo.com data: *.google.com *.gstatic.com *.googletagmanager.com *.salesfeed.com *.licdn.com *.doubleclick.net; font-src 'self' data: fonts.bunny.net; img-src 'self' *.acato.nl data: px.ads.linkedin.com px4.ads.linkedin.com i.vimeocdn.com *.google.com *.google.nl; connect-src 'self' *.acato.nl *.linkedin.com *.akamaized.net *.google.com *.googlesyndication.com *.doubleclick.net; frame-ancestors 'self'; frame-src 'self' *.acato.nl *.vimeo.com *.vimeocdn.com *.google.com *.doubleclick.net; child-src self *.acato.nl; block-all-mixed-content; upgrade-insecure-requests; form-action 'self' 1
upgrade-insecure-requests;style-src 'self' 'nonce-qGc1u6xqTmg7Npq';font-src 'self';script-src 'self' 'nonce-qGc1u6xqTmg7Npq' ;connect-src 'self' https://nixnet.social wss://nixnet.social ;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' data: 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.networkhealth.com networkhealth.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net networkhealth.adaptiverx.com networkhealthfdb.adaptiverx.com *.cloudflare.com *.googleapis.com *.gstatic.com *.bing.com *.hotjar.com *.tvsquared.com *.shippingapis.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.cloudflareinsights.com; frame-ancestors 'self' *.adaptiverx.com; 1
frame-ancestors 'self'; img-src 'self' data: https: http: *.w3.org *.trustedshops.com cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com track.adform.net *.google.com *.gstatic.com *.googleapis.com *.gstatic.com;font-src 'self' data: https: http: *.w3.org fonts.evn.at netdna.bootstrapcdn.com *.trustedshops.com *.google.com *.gstatic.com *.googleapis.com *.gstatic.com 1
frame-ancestors 'self' https://gms.affinalways.com; 1
base-uri 'none';child-src 'none';connect-src 'self' *.apowiser.com *.google-analytics.com *.fullstory.com https://extreme-ip-lookup.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://recaptcha.net/recaptcha;img-src 'self' data: https: www.googletagmanager.com https://www.google-analytics.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' *.apowiser.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.fullstory.com https://recaptcha.net/recaptcha https://extreme-ip-lookup.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1
upgrade-insecure-requests; frame-ancestors https://burgan.com https://*.burgan.com https://*.burganbank.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com;base-uri 'self';media-src 'self' data: *.tawk.to;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' *.search-startpage.com; script-src 'self' 'report-sample' *.search-startpage.com 'sha256-GGBo8gBY885xYvY7bjeWuInjeYICMEc0lMmxkN3Uh2M=' 'sha256-w8Zb8pbFFyfmRVOZrgiCCcIhHaEBKhjW8uNc9iWFIIM=' https://static.cloudflareinsights.com https://api.bing.com https://www.google.com; img-src 'self' data:; style-src 'self' 'report-sample' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.search-startpage.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-tyZVfMk+wThRs0SwHh9t3MmAACg='; style-src 'nonce-tyZVfMk+wThRs0SwHh9t3MmAACg=' 1
frame-ancestors 'self' http://salesfra.me https://salesfra.me *.salesfra.me 1
default-src 'self' blob: https://widget.presupuestos.saltala.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://widget.presupuestos.saltala.com *.convertcalculator.com www.convertcalculator.com *.fontawesome.com kit.fontawesome.com scripts.convertcalculator.com *.google.com optimize.google.com googleoptimize.com www.googleoptimize.com www.clinicauandes.cl snap.licdn.com www.googleadservices.com embedsocial.com https://cdn.jsdelivr.net https://embed.tawk.to https://googleads.g.doubleclick.net https://app.convertcalculator.co https://www.googleadservices.com https://i.tryinteract.com *.hotjar.com https://assets.calendly.com/assets/external/widget.js https://tagmanager.google.com www.googletagmanager.com *.googletagmanager.com bam.nr-data.net js-agent.newrelic.com viewmedica.com *.viewmedica.com swarminteractive.com *.swarminteractive.com *.virtualspirits.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.livechatinc.com www.youtube.com:*; style-src 'self' 'unsafe-inline' *.unpkg.com unpkg.com *.google.com optimize.google.com www.clinicauandes.cl www.googletagmanager.com embedsocial.com https://widget.presupuestos.saltala.com https://embed.tawk.to https://tagmanager.google.com *.cloudflare.com 172.16.2.69:91 *.virtualspirits.com *.fontawesome.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.livechatinc.com; font-src 'self' https://embed.tawk.to fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com *.livechatinc.com data:; img-src * 'self' *.lfi.cl *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.lfi.cl *.eloqua.com track.hubspot.com *.livechatinc.com; media-src 'self' *.lfi.cl *.livechatinc.com data: blob:; child-src 'self' blob: * https://www.clinicauandes.cl https://clinicauandes.cl www.clinicauandes.cl www.bancoestado.cl bancoestado.cl webpay3g.transbank.cl *.transbank.cl *.hotjar.com https://6c03d479ec55ad2eb218a2aba471ee8cfc457a3e.agenda.softwaredentalink.com 6c03d479ec55ad2eb218a2aba471ee8cfc457a3e.agenda.softwaredentalink.com agendamiento.softwaredentalink.com viewmedica.com *.google.com *.clinicauandes.cl *.lfi.cl lfi.lfi.cl http://172.16.2.69:91/ swarminteractive.com 172.16.2.69:91 *.swarminteractive.com *.virtualspirits.com https://platform.twitter.com/ *.livechatinc.com https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' *.lfi.cl https://meta.clinicauandes.cl https://analytics.tiktok.com https://cdn.linkedin.oribi.io/partner/2992836/domain/clinicauandes.cl/token https://presupuestos.apisaltala.com mercadopagocua.lfi.cl *.fontawesome.com ka-f.fontawesome.com maps.googleapis.com wss://ws21.hotjar.com wss://*.tawk.to *.tawk.to https://app.convertcalculator.co stats.g.doubleclick.net www.google-analytics.com *.hotjar.io wss://ws6.hotjar.com *.hotjar.com www.facebook.com bam.nr-data.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.livechatinc.com adservice.google.com:* pagead2.googlesyndication.com:* wss://ws.hotjar.com:* analytics.google.com:* api.cmfchile.cl:*; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.com.tr https://www.myheritage.com.tr  'nonce-3ed3513aabdb8be315e2603d5c121619' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.tr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
'self' https://ajax.googleapis.com; frame-ancestors 'self'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; connect-src https: wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://*.hotjar.com *.doubleclick.net; img-src https: data:; manifest-src 'self'; media-src https:; worker-src 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' https://use.fontawesome.com/releases/v5.12.0/js/all.js https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://tag.aticdn.net/621891/smarttag.js https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js https://use.fontawesome.com/releases/v5.12.0/js/v4-shims.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://logs1412.xiti.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://careers.flatchr.io https://www.youtube.com https://widget.trustpilot.com https://santiane.flatchr.io; img-src 'self' data: https://logs1412.xiti.com https://santiane-newsletters.s3.amazonaws.com; manifest-src 'self'; media-src 'self'; report-uri https://65082038a068cd9821c1e7aa.endpoint.csper.io/?v=0; worker-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://ssl.google-analytics.com https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://w.usabilla.com https://www.workable.com/ https://script.crazyegg.com/ https://tagmanager.google.com https://apply.workable.com/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net www.google.com https://api.usabilla.com/ https://cookie-cdn.cookiepro.com/ https://cdn.matomo.cloud/davy.matomo.cloud/matomo.js https://davy.matomo.cloud 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://packmates.org; img-src 'self' https: data: blob: https://packmates.org; style-src 'self' https://packmates.org 'nonce-eyFV2utGqkjgsjdl8SH/3Q=='; media-src 'self' https: data: https://packmates.org; frame-src 'self' https:; manifest-src 'self' https://packmates.org; form-action 'self'; child-src 'self' blob: https://packmates.org; worker-src 'self' blob: https://packmates.org; connect-src 'self' data: blob: https://packmates.org https://fedimedia.packmates.org wss://packmates.org; script-src 'self' https://packmates.org 'wasm-unsafe-eval' 1
default-src 'self';     script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline'     https://comparesoft.com     https://staging.comparesoft.com     https://widget.intercom.io     https://app.intercom.io     https://js.intercomcdn.com     https://yoast.com     https://dev.visualwebsiteoptimizer.com     https://app.vwo.com     *.google.com     *.google.co.uk     *.google.ro     *.google.nl     *.google.fr     *.google.de     *.google.ie     *.google.pt     https://www.gstatic.com     *.pendo.io     pendo-io-static.storage.googleapis.com     pendo-eu-static.storage.googleapis.com     pendo-static-6566075734818816.storage.googleapis.com     pendo-eu-static-6566075734818816.storage.googleapis.com     https://www.googletagmanager.com     https://googleads.g.doubleclick.net     *.googlesyndication.com     https://googletagmanager.com     https://www.googleoptimize.com     *.google-analytics.com     https://maps.googleapis.com     https://cdn.mouseflow.com     https://s.comparesoft.com     https://form.jotformeu.com     *.jotfor.ms     https://cdnjs.cloudflare.com     https://fast.wistia.net     https://fast.wistia.com     https://optimize.google.com     https://www.googleadservices.com     https://google-analytics.com;     style-src 'report-sample' 'self' 'unsafe-inline'     app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-6566075734818816.storage.googleapis.com     app.pendo.io cdn.pendo.io pendo-static-6566075734818816.storage.googleapis.com     https://fonts.googleapis.com     *.jotfor.ms     https://optimize.google.com     https://www.googletagmanager.com     https://css.comparesoft.com;     frame-src 'report-sample' 'self'     *.google.com     *.google.co.uk     *.google.ro     *.google.nl     *.google.fr     *.google.de     *.google.ie     *.google.pt     *.doubleclick.net     app.pendo.io app.eu.pendo.io     https://www.youtube.com     https://img.comparesoft.com     https://www.youtube-nocookie.com     https://fast.wistia.net     https://player.vimeo.com     https://html5-player.libsyn.com     https://optimize.google.com     https://submit.jotformeu.com/     https://submit.jotform.com/     https://www.googletagmanager.com;     img-src 'report-sample' 'self' data: blob:     https://comparesoft.com     https://staging.comparesoft.com     https://dev.visualwebsiteoptimizer.com     http://cms.jotform.com     https://cms.jotform.com     https://js.intercomcdn.com     https://static.intercomassets.com     https://downloads.intercomcdn.com     https://downloads.intercomcdn.eu     https://downloads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://gifs.intercomcdn.com      https://video-messages.intercomcdn.com     https://messenger-apps.intercom.io     https://messenger-apps.eu.intercom.io     https://messenger-apps.au.intercom.io     https://*.intercom-attachments-1.com     https://*.intercom-attachments.eu     https://*.au.intercom-attachments.com     https://*.intercom-attachments-2.com     https://*.intercom-attachments-3.com     https://*.intercom-attachments-4.com     https://*.intercom-attachments-5.com     https://*.intercom-attachments-6.com     https://*.intercom-attachments-7.com     https://*.intercom-attachments-8.com     https://*.intercom-attachments-9.com     https://static.intercomassets.eu     https://static.au.intercomassets.com     *.w.org     *.google.com     *.google.co.uk     *.google.ro     *.google.nl     *.google.fr     *.google.de     *.google.ie     *.google.pt     cdn.eu.pendo.io     app.eu.pendo.io pendo-eu-static-6566075734818816.storage.googleapis.com data.eu.pendo.io     cdn.pendo.io app.pendo.io pendo-static-6566075734818816.storage.googleapis.com data.pendo.io     https://pendo-static-5668600916475904.storage.googleapis.com     https://www.googletagmanager.com     https://www.google-analytics.com     *.doubleclick.net     https://ssl.google-analytics.com     https://analytics.google.com     https://cdn.comparesoft.com     https://i.ytimg.com     https://maps.gstatic.com     https://maps.googleapis.com     https://i.vimeocdn.com     *.jotform.com     https://cdn.jotfor.ms     https://events.jotform.com     https://embed-ssl.wistia.com     https://www.gstatic.com     https://fonts.gstatic.com     https://css.comparesoft.com     https://img.comparesoft.com;     font-src 'report-sample' 'self' data:     https://fonts.gstatic.com     https://js.intercomcdn.com     https://fonts.intercomcdn.com     https://fonts.comparesoft.com;     child-src 'report-sample' 'self' blob:     https://intercom-sheets.com     https://www.intercom-reporting.com     https://www.youtube.com     https://player.vimeo.com     https://fast.wistia.net;     connect-src 'report-sample' 'self'     https://api.jotform.com     https://via.intercom.io     https://api.intercom.io     https://api.au.intercom.io     https://api.eu.intercom.io     https://api-iam.intercom.io     https://api-iam.eu.intercom.io     https://api-iam.au.intercom.io     https://api-ping.intercom.io      https://dev.visualwebsiteoptimizer.com     *.googlesyndication.com     https://nexus-websocket-a.intercom.io     wss://nexus-websocket-a.intercom.io     https://nexus-websocket-b.intercom.io     wss://nexus-websocket-b.intercom.io     https://nexus-europe-websocket.intercom.io     wss://nexus-europe-websocket.intercom.io     https://nexus-australia-websocket.intercom.io     wss://nexus-australia-websocket.intercom.io     https://uploads.intercomcdn.com     https://uploads.intercomcdn.eu     https://uploads.au.intercomcdn.com     https://uploads.intercomusercontent.com     https://adservice.google.com     https://www.google.com     https://region1.google-analytics.com     app.eu.pendo.io data.eu.pendo.io pendo-eu-static-6566075734818816.storage.googleapis.com     app.pendo.io data.pendo.io pendo-static-6566075734818816.storage.googleapis.com     https://www.googletagmanager.com     https://www.google-analytics.com     https://stats.g.doubleclick.net     https://ampcid.google.com     https://my.yoast.com     https://yoast.com     https://sentry.io     https://o2.mouseflow.com     https://t.comparesoft.com     https://maps.googleapis.com     https://www.googleapis.com     https://api.vimeo.com     https://fast.wistia.com     https://cdn.comparesoft.com     https://analytics.google.com;     form-action 'report-sample' 'self'     https://submit.jotformeu.com     https://submit.jotform.com;     manifest-src 'self';     base-uri 'self';     frame-ancestors app.pendo.io app.eu.pendo.io comparesoft.com *.comparesoft.com;     media-src 'self' *.w.org https://js.intercomcdn.com; 1
frame-ancestors 'self' https://web2pay.3cint.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' *.convertkit.com kit.fontawesome.com cdnjs.cloudflare.com www.google.com www.gstatic.com;img-src 'self' *.twitter.com *.twimg.com data:;style-src 'self' 'unsafe-inline' *.fontawesome.com cdnjs.cloudflare.com;font-src 'self' *.fontawesome.com;connect-src 'self' *.fontawesome.com api.convertkit.com app.convertkit.com;upgrade-insecure-requests;form-action 'self' app.convertkit.com;frame-src www.google.com;report-uri https://uyl.report-uri.com/r/d/csp/enforce 1
frame-ancestors http://aestethics.cutvert.de http://dmn1.root1292.premium-rootserver.net http://admin-muecke.business-rootserver.net https://admin-muecke.business-rootserver.net https://static.newsletter2go.com; 1
default-src 'self' *.larmoiredebebe.com;style-src 'self' 'unsafe-inline' media.larmoiredebebe.com;style-src-elem 'self' 'unsafe-inline' *.larmoiredebebe.com fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' media.larmoiredebebe.com browser.sentry-cdn.com *.cloudfront.net *.sips-services.com payment-web.ha2.sips-services.com affiliation.groupe-ldlc.com ajax.googleapis.com ajax.googleapis.com cdn.doofinder.com connect.facebook.net libs.hipay.com m.addthis.com mpsnare.iesnare.com pub.groupe-ldlc.com s7.addthis.com script.hotjar.com static.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com v1.addthisedge.com www.google.com www.googletagmanager.com www.gstatic.com z.moatads.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com tracking.groupe-ldlc.com assets.pinterest.com browser.sentry-cdn.com googleads.g.doubleclick.net www.googleadservices.com tag.shopping-feed.com userlike-cdn-umm.b-cdn.net static.affilae.com s.kk-resources.com s.kelkoogroup.net;script-src-elem 'self' 'unsafe-inline' *.cloudfront.net *.sips-services.com payment-web.ha2.sips-services.com affiliation.groupe-ldlc.com ajax.googleapis.com ajax.googleapis.com cdn.doofinder.com connect.facebook.net libs.hipay.com m.addthis.com mpsnare.iesnare.com pub.groupe-ldlc.com s7.addthis.com script.hotjar.com static.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com v1.addthisedge.com www.google.com www.googletagmanager.com www.gstatic.com z.moatads.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com tracking.groupe-ldlc.com assets.pinterest.com browser.sentry-cdn.com googleads.g.doubleclick.net www.googleadservices.com tag.shopping-feed.com userlike-cdn-umm.b-cdn.net static.affilae.com s.kk-resources.com s.kelkoogroup.net;img-src 'self' data: *.larmoiredebebe.com media.ldlc.com www.facebook.com secure.gravatar.com chloe.codesupply.co images.join-stories.com larmoire-de-bebe.my.join-stories.com maps.googleapis.com maps.gstatic.com *.cdninstagram.com s.w.org log.pinterest.com tag.shopping-feed.com googleads.g.doubleclick.net www.google.com www.google.fr lb.affilae.com s.kelkoogroup.net;connect-src 'self' *.larmoiredebebe.com api.userlike.com eu1-search.doofinder.com s7.addthis.com m.addthis.com lb.affilae.com static.affilae.com stage-data.hipay.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://mpsnare.iesnare.com www.facebook.com api.stories.studio *.hotjar.com vc.hotjar.io wss://*.hotjar.com maps.googleapis.com pagead2.googlesyndication.com tracking.groupe-ldlc.com sentry.groupe-ldlc.com content.hotjar.io s.kelkoogroup.net;frame-src 'self' *.larmoiredebebe.com libs.hipay.com s7.addthis.com vars.hotjar.com www.facebook.com www.youtube-nocookie.com payment-web.ha2.sips-services.com office-web.sips-services.com larmoire-de-bebe.my.join-stories.com www.google.com www.youtube.com assets.pinterest.com googleads.g.doubleclick.net td.doubleclick.net www.google.fr;media-src 'self' *.larmoiredebebe.com data: mpsnare.iesnare.com videos.join-stories.com;font-src 'self' *.larmoiredebebe.com fonts.gstatic.com;frame-ancestors 'self'; 1
default-src 'self';  connect-src 'self' https://*.snapchat.com https://www.google-analytics.com https://stats.g.doubleclick.net https://translate.googleapis.com https://pagead2.googlesyndication.com/ https://yoast.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sc-static.net https://admissions.cumberland.edu https://mx.technolutions.net https://tag.brandcdn.com https://adservices.brandcdn.com https://translate.google.com https://translate.googleapis.com https://*.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://translate-pa.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com/;  frame-src 'self' https://*.snapchat.com https://d1eoo1tco6rr5e.cloudfront.net https://www.youtube.com https://adservices.brandcdn.com https://www.facebook.com https://insight.adsrvr.org https://td.doubleclick.net/;  style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com;  font-src 'self' data: https://fonts.gstatic.com/ https://use.fontawesome.com/;  img-src 'self' data: https://insight.adsrvr.org https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://dpm.demdex.net https://match.adsrvr.org https://cm.g.doubleclick.net https://ib.adnxs.com https://pixel.tapad.com https://secure-gl.imrworldwide.com https://secure.adnxs.com https://idpix.media6degrees.com https://www.facebook.com https://su.addthis.com https://cw.addthis.com https://s.thebrighttag.com https://i.liadm.com https://x.bidswitch.net https://i6.liadm.com https://ml314.com https://match.sync.ad.cpe.dotomi.com https://tags.rd.linksynergy.com https://eb2.3lift.com https://match.sharethrough.com https://dmp.truoptik.com https://odr.mookie1.com https://io.narrative.io https://mid.rkdms.com https://simage2.pubmatic.com https://secure.gravatar.com/ https://track2.securedvisit.com/ https://uipglob.semasio.net/ https://www.googletagmanager.com/ https://usermatch.krxd.net/ https://secure.insightexpressai.com/;  worker-src 'self' blob:; 1
manifest-src 'self' data:; default-src https: wss:; img-src https: data:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; frame-ancestors self https://*.dentr.net https://*.dentr.io; 1
default-src 'self' 'unsafe-inline' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
default-src * 'unsafe-inline' 'unsafe-eval';        img-src * data:; 1
default-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://static.cloudflareinsights.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://use.fontawesome.com https://www.googletagmanager.com https://platform.linkedin.com https://platform.twitter.com https://graph.facebook.com https://connect.facebook.net https://cdn.leadinfo.net https://*.cookiebot.com https://*.app-us1.com https://tesorion.activehosted.com https://*.cloudfront.net https://trackcmp.net blob: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdn.leadinfo.net ; img-src 'self' https://i.ytimg.com https://www.facebook.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.google-analytics.com https://fonts.gstatic.com https://cdn.leadinfo.net https://c.bing.com https://c.clarity.ms https://*.getclicky.com/ www.google.com www.google.nl www.linkedin.com data: ; frame-src 'self' https://platform.twitter.com https://consentcdn.cookiebot.com https://www.facebook.com www.google.com data: ; media-src 'self' ; script-src-elem 'self' 'unsafe-inline' https://s.ytimg.com https://static.cloudflareinsights.com https://www.google-analytics.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://platform.twitter.com https://platform.linkedin.com https://use.fontawesome.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net https://*.cookiebot.com https://cdn.leadinfo.net https://*.app-us1.com https://tesorion.activehosted.com https://*.cloudfront.net https://*.clarity.ms https://*.getclicky.com/ ; connect-src 'self' https://www.google-analytics.com https://api.leadinfo.com https://collector.leadinfo.net https://www.facebook.com https://consentcdn.cookiebot.com https://*.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://region1.analytics.google.com stats.g.doubleclick.net data: ; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.sa 1
base-uri localhost; default-src 'self' wss://*.hotjar.com https://*.hotjar.io privacyportal-uat-cdn.onetrust.com privacyportaluat.onetrust.com pageview-notify.rdstat pageview-notify.rdstation.com.br *.clarity.ms s.clarity.ms td.doubleclick.net popups.rdstation.com.br event-api.rdstation.com.br fonts.gstatic.com *.googlesyndication.com googleads.g.doubleclick.net analytics.tiktok.com www.facebook.com www.youtube.com youtube.com youtu.be googleads.g.doubleclick.net plugin.handtalk.me translation-v3.handtalk.me stackpath.bootstrapcdn.com via.placeholder.com gravatar.com localhost:8000 privacyportal-br-cdn.onetrust.com https://*.hotjar.com images.piracanjuba.com.br res.cloudinary.com wss://bot.leanbot.com.br www.google.com.br api.leanbot.com.br www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net privacyportal-br.onetrust.com www.google.com geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.cookielaw.org ajax.googleapis.com optanon.blob.core.windows.net www.gstatic.com gstatic.com gstatic.com piracanjuba-institucional-prd.s3.amazonaws.com piracanjuba-institucional-hml.s3.amazonaws.com piracanjuba-institucional-prd.s3.sa-east-1.amazonaws.com dvfreowpsau6f.cloudfront.net localhost localhost data:; font-src 'self' use.typekit.net data: privacyportal-br-cdn.onetrust.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-ancestors 'self' localhost localhost; object-src 'self' localhost localhost; script-src 'self' privacyportal-uat-cdn.onetrust.com clarity.ms www.clarity.ms d335luupugsy2.cloudfront.net analytics.tiktok.com googleads.g.doubleclick.net stackpath.bootstrapcdn.com *.googlesyndication.com www.googleadservices.com code.jquery.com plugin.handtalk.me cdn.datatables.net cdn.jsdelivr.net privacyportal-br-cdn.onetrust.com webchat.leanbot.com.br cdnjs.cloudflare.com cdn.cookielaw.org googletagmanager.com script.hotjar.com static.hotjar.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com www.google-analytics.com/analytics.js www.google.com/recaptcha/api.js ajax.googleapis.com connect.facebook.net www.gstatic.com gstatic.com gstatic.com cdn.polyfill.io localhost localhost 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: blob:; style-src 'self' privacyportal-uat-cdn.onetrust.com www.googletagmanager.com cdn.datatables.net privacyportal-br-cdn.onetrust.com webchat.leanbot.com.br stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com www.google.com/recaptcha cdn.jsdelivr.net 'unsafe-inline'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName;  upgrade-insecure-requests; 1
object-src 'self' blob: ; frame-ancestors 'self' *.internacional.cl *.interconecta2.cl *.indexa.cl; 1
frame-ancestors 'self' https://anhqv.es https://lqsa.es https://*.lqsa.es https://comunidadmontepinar.es https://*.jonilar.com 1
frame-ancestors *.play123.com play123.com; 1
block-all-mixed-content; frame-ancestors *.lojaslivia.com.br 1
default-src 'self' *.binomoidr.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomoidr.com *.binomo.com wss://as.binomoidr.com:* wss://as.binomo.com:* wss://ws.binomoidr.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomoidr.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomoidr.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomoidr.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomoidr.com *.binomo.com 1
frame-ancestors 'self' https://nowserving.ph 1
frame-ancestors none; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.inverite.com *.fontawesome.com *.bootstrapcdn.com *.ravenjs.com *.amazonaws.com *.cloudflare.com *.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net 1
object-src 'self'; worker-src 'self'; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com 'unsafe-inline' img.icons8.com maps.gstatic.com; form-action 'self'; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com; style-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com; default-src 'self' unsafe-inline; img-src 'self' 'unsafe-inline' data: img.icons8.com maps.gstatic.com maps.googleapis.com; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com www.googletagmanager.com; frame-ancestors 'self'; base-uri 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://wchat.freshchat.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://rum-static.pingdom.net 1
frame-ancestors 'self' *.promoplace.com 1
frame-ancestors 'self' linguisticainternational.com; 1
default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:; 1
default-src 'self'  blob: data: *.mayoclinic.org *.gstatic.com *.googleapis.com maps.google.com translate.google.com kaltura.com *.kaltura.com *.vimeocdn.com vimeocdn.com vimeo.com *.vimeo.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' blob:; script-src 'self' blob: d2pzklc15kok91.cloudfront.net; style-src 'self' 'unsafe-inline' data: d2pzklc15kok91.cloudfront.net; font-src 'self' d2pzklc15kok91.cloudfront.net; object-src 'self' d2pzklc15kok91.cloudfront.net media.bernat.ch; img-src 'self' data: d2pzklc15kok91.cloudfront.net; frame-src d2pzklc15kok91.cloudfront.net media.bernat.ch; worker-src blob:; media-src 'self' blob: about: media.bernat.ch d2pzklc15kok91.cloudfront.net; connect-src 'self' media.bernat.ch comments.luffy.cx; base-uri 'none'; frame-ancestors 'none'; form-action duckduckgo.com; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://arvr.social; img-src 'self' https: data: blob: https://arvr.social; style-src 'self' https://arvr.social 'nonce-dGOXJJdFAi2sPH8FZMLosw=='; media-src 'self' https: data: https://arvr.social; frame-src 'self' https:; manifest-src 'self' https://arvr.social; form-action 'self'; child-src 'self' blob: https://arvr.social; worker-src 'self' blob: https://arvr.social; connect-src 'self' data: blob: https://arvr.social https://cache.arvr.social wss://arvr.social; script-src 'self' https://arvr.social 'wasm-unsafe-eval' 1
default-src   'self'; script-src   'self'  'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM='   'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE='   'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig='   'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA='   'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M='   'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU='   'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8='   'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0='   'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4='   'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE='   'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k='   'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po='   'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   maps.googleapis.com   px.ads.linkedin.com   p.adsymptotic.com   snap.licdn.com   www.google-analytics.com   player.vimeo.com   extend.vimeocdn.com   *.archgroup.com   www.googletagmanager.com; script-src-elem  'self'  'unsafe-inline'  maps.googleapis.com  px.ads.linkedin.com  p.adsymptotic.com  snap.licdn.com  www.google-analytics.com  player.vimeo.com  extend.vimeocdn.com  www.archgroup.com  www.googletagmanager.com  platform.twitter.com; style-src   'self'   'unsafe-inline'   use.fontawesome.com   fonts.googleapis.com   *.googletagmanager.com   fonts.gstatic.com; frame-src   *.archgroup.com   www.podbean.com   www.youtube.com   www.google.com   *.icims.com   player.vimeo.com  *.twitter.com; img-src   'self'   data:   www.archgroup.com   archgroup.com   ps.w.org   p.adsymptotic.com   wpengine.com   dify.wpengine.com   maps.gstatic.com   *.googleapis.com   *.ggpht.com   secure.gravatar.com   *.linkedin.com   *.google-analytics.com   *.analytics.google.com   *.twitter.com; font-src   'self'   data:   *.fontawesome.com   fonts.googleapis.com   fonts.gstatic.com; connect-src   'self'   www.archgroup.com   insurance.archgroup.com   mortgage.archgroup.com   reinsurance.archgroup.com   *.google-analytics.com   analytics.google.com   *.analytics.google.com   archcapital2020tf.q4web.com   *.licdn.com   stats.g.doubleclick.net   my.wpengine.com   yoast.com   api.redirect.li   cdn.linkedin.oribi.io; media-src   *.archgroup.com   extend.vimeocdn.com; form-action   'self'; base-uri   'self'; frame-ancestors   'self' www.slipcase.com  marketplace.marsh.com; upgrade-insecure-requests ; object-src   'self'; child-src   'self';  worker-src   'self'   blob; 1
default-src *.incontact.com c.speedtestcustom.com southcentralconnect.speedtestcustom.com *.speedtestcustom.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed-cdn.gettyimages.com https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https://www.google.com https://maps.google.com; font-src 'self' data: https:; connect-src 'self' https://maps.googleapis.com; worker-src 'self'; 1
default-src https: data: wss: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com irxcm.com accounts.google.com where-to-buy.co; 1
default-src 'self'; connect-src 'self' https://dc.services.visualstudio.com/v2/track https://clarity.microsoft.com/ https://*.clarity.ms/ https://www.clarity.ms/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://admanager.netadclick.com/ https://cfusionsys.com/; font-src https://fonts.gstatic.com; frame-src 'self' https://www.facebook.com/plugins/ https://m.facebook.com/plugins/ https://www.youtube.com/embed/ https://www.coub.com/embed/ https://www.instagram.com/p/ https://www.instagram.com/reel/ https://www.google.com/maps/embed https://www.google.com/maps/d/embed https://platform.twitter.com/embed/ https://syndication.twitter.com/ https://open.spotify.com/embed/ https://api.indidata.com/; img-src data: 'self' https://blobs.alfahir.hu https://*.clarity.ms/ https://c.bing.com/ https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com/tr/ https://stat.indidata.com/ https://cfusionsys.com/; manifest-src 'self'; prefetch-src 'self'; script-src 'self' https://*.clarity.ms/ https://*.googletagmanager.com https://www.google.com https://www.googleadservices.com https://connect.facebook.net/ https://stat.indidata.com/ https://admanager.netadclick.com/ https://cfusionsys.com/; style-src 'self' https://fonts.googleapis.com; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.press8.com https://press8.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.msecnd.net; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.visualstudio.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com kit.fontawesome.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net www.google.com www.gstatic.com js.createsend1.com developers.google.com cdn.jsdelivr.net cdn.rawgit.com https://cdn.jsdelivr.net https://unpkg.com maps.googleapis.com mdbootstrap.com; frame-ancestors 'self'; report-uri https://www.downtoearth.org/report-uri/enforce 1
default-src https: wss://*.hotjar.com; connect-src 'self' blob: data: *.google.com https://*.googleapis.com https://*.gstatic.com https://bam.nr-data.net https://www.google-analytics.com stats.g.doubleclick.net https://global.ketchcdn.com; font-src 'unsafe-inline' data: https: https://fonts.gstatic.com; frame-ancestors 'self' gfs.phenompeople.com cdn-bot.phenompeople.com; frame-src 'self' *.google.com https://*.gordonnow.gfs.com gfs.phenompeople.com cdn-bot.phenompeople.com youtube.com www.youtube.com https://*.cookiebot.com https://td.doubleclick.net; img-src 'self' 'unsafe-inline' data: https: *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: https://*.ggpht.com *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com gfs.phenompeople.com cdn-bot.phenompeople.com https://*.gordonnow.gfs.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src 'self' https://higherlevel.pingvp.com:* https://translate-pa.googleapis.com:* https://translate.google.com:* https://translate.googleapis.com:* https://www.higherlevel.nl:* https://www.twitter.com https://statistiek.rijksoverheid.nl https://fonts.googleapis.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://pingvp.com:* https://translate.google.com:* https://translate.googleapis.com:* https://www.twitter.com https://fonts.googleapis.com https://gstatic.com https://www.gstatic.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pingvp.com:*  https://www.pingvp.com:* https://translate-pa.googleapis.com:* https://translate.google.com:* https://translate.googleapis.com:* https://www.twitter.com:* https://platform.twitter.com:* https://statistiek.rijksoverheid.nl:* https://www.google-analytics.com:* https://www.google.com/:* ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net https://www.googletagmanager.com; connect-src 'self' https://translate-pa.googleapis.com:* https://translate.google.com:* https://translate.googleapis.com:* https://www.higherlevel.nl:* https://www.twitter.com:* https://platform.twitter.com:* https://statistiek.rijksoverheid.nl:* https://www.google-analytics.com:* https://stats.g.doubleclick.net https://www.google.com/:* doubleclick.net:* ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net https://www.googletagmanager.com/gtag:* https://region1.google-analytics.com https://region1.analytics.google.com; font-src 'self' https://pingvp.com:* https://fonts.gstatic.com:*; img-src 'self' https: data:; frame-src 'self' https://www.twitter.com:* https://platform.twitter.com:* https://www.youtube.com:* https://m.youtube.com:* https://www.youtube-nocookie.com:* https://youtu.be:* https://player.vimeo.com:* https://vimeo.com:* https://www.google.com:* https://mychannels.video; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://seal.websecurity.norton.com; 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-ZDrxqUOB4m/L0JWL/+gS52g1CRH0l/qwMhjTw5Z/Fsc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk='; img-src 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors https://*.licklibrary.com 1
block-all-mixed-content; frame-ancestors *.crisecia.com.br 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://yoast.com:443 https://m.addthis.com:443; connect-src 'self' https://*.execute-api.eu-west-1.amazonaws.com:443 https://stats.g.doubleclick.net:443 https://cookie-cdn.cookiepro.com:443 https://cognito-identity.eu-west-1.amazonaws.com:443 *.google-analytics.com:443 https://*.appsync-api.eu-west-1.amazonaws.com:443; frame-src 'self' https://staticxx.facebook.com:443 https://platform.twitter.com:443  https://player.vimeo.com:443 https://www.facebook.com:443 https://platform.twitter.com:443 https://syndication.twitter.com:443 https://lt.morningstar.com:443 https://s7.addthis.com:443 https://www.google.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fundcentre.reassure.co.uk:443 https://geolocation.onetrust.com:443 https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://www.googletagmanager.com:443 https://cookie-cdn.cookiepro.com:443 https://platform.twitter.com:443 https://connect.facebook.net:443 https://yoast.com:443 https://bam.nr-data.net:443 https://js-agent.newrelic.com:443 https://www.google.com:443 https://www.gstatic.com:443 https://www.google-analytics.com:443 https://maps.googleapis.com:443 https://s7.addthis.com:443 https://m.addthis.com:443 https://m.addthisedge.com:443; font-src 'self' data: https://fonts.gstatic.com:443; img-src 'self' data: https://s3-eu-west-1.amazonaws.com:443 https://cookie-cdn.cookiepro.com:443 https://s.w.org:443 https://www.solwininfotech.com:443 https://secure.gravatar.com:443 https://ps.w.org:443 https://maps.gstatic.com:443 https://maps.gstatic.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://ajax.googleapis.com:443 https://fundcentre.reassure.co.uk:443; object-src 'self' blob: ; frame-ancestors 'self' *.reassure.co.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/g/collect http://www.google-analytics.com/g/collect https://www.search.gov.hk http://www.search.gov.hk data: https://fonts.gstatic.com http://fonts.gstatic.com https://www.google.com http://www.google.com http://fonts.gstatic.com/s/opensans/v17/ https://fonts.gstatic.com/s/opensans/v17/ http://www.google.com/cse/static/ https://www.google.com/cse/static/ http://gov-dev.suntek.com.hk/jsresult https://gov-dev.suntek.com.hk/jsresult https://www.archsd.gov.hk http://www.archsd.gov.hk; connect-src 'self' https://api.qrserver.com https://prod-archsd-2023.urbanairdesign.dev/ http://www.google.com https://www.search.gov.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/gtag/js http://www.googletagmanager.com/gtag/js https://www.google.com http://www.google.com https://www.gstatic.com http://www.gstatic.com https://cse.google.com http://cse.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com http://www.google.com https://cse.google.com http://cse.google.com; font-src 'self' http://fonts.gstatic.com/s/opensans/v17/ https://fonts.gstatic.com/s/opensans/v17/ https://fonts.gstatic.com http://fonts.gstatic.com data: https://use.typekit.net; style-src 'self' 'unsafe-inline' http://www.google.com/cse/static/ https://www.google.com/cse/static/ https://fonts.googleapis.com http://fonts.googleapis.com data: https://use.typekit.net https://p.typekit.net; img-src 'self' blob: data: https://www.googletagmanager.com/gtag/js http://www.googletagmanager.com/gtag/js https://www.googleapis.com http://www.googleapis.com https://www.google.com http://www.google.com https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com http://ssl.gstatic.com/ui/ https://ssl.gstatic.com/ui/; worker-src 'self' blob:; 1
default-src 'none'; style-src fonts.googleapis.com https://app.termageddon.com 'self' 'unsafe-inline'; img-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://app.termageddon.com https://s3.amazonaws.com https://api.mapbox.com https://*.capterra.com https://assets.goodfirms.co https://img.youtube.com https://www.google-analytics.com https://gdpr-rep.eu https://prighter.com; media-src 'self'; font-src https://fonts.gstatic.com 'self'; script-src 'self' https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://app.termageddon.com https://dashboard.reftab.com https://*.clarity.ms/ https://www.googleoptimize.com https://js.stripe.com; frame-src 'self' blob: https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://td.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' https://app.termageddon.com https://s3.amazonaws.com https://*.s3.amazonaws.com https://api.stripe.com https://*.reftab.com https://*.clarity.ms https://google.com;object-src 'none' 1
default-src 'self' https://analytics.google.com www.isca.org.sg ebook.isca.org.sg https://forms.office.com *.youtube.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://p.interacty.me 'unsafe-inline' https://www.tickcounter.com; script-src 'self' 'unsafe-eval'  https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.juicer.io *.addthis.com *.addthisedge.com *.moatads.com snap.licdn.com code.jquery.com *.youtube.com https://www.vimeo.com https://vimeo.com *.instagram.com https://cdn.jsdelivr.net/ https://*.hotjar.com https://p.interacty.me 'unsafe-inline' https://code.createjs.com https://unpkg.com https://www.tickcounter.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.juicer.io https://cdn.jsdelivr.net/ https://*.hotjar.com 'unsafe-inline' https://www.tickcounter.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.juicer.io *.mycareersfuture.gov.sg https://*.hotjar.com; img-src 'self' https://analytics.google.com isca.org.sg www.isca.org.sg www.google.com www.google.com.sg px.ads.linkedin.com www.google-analytics.com media-exp1.licdn.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com www.instagram.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.juicer.io *.cloudfront.net *.fbcdn.net *.ggpht.com *.ytimg.com *.mycareersfuture.sg *.cdninstagram.com *.adsymptotic.com https://i.vimeocdn.com static.mycareersfuture.gov.sg https://*.hotjar.com https://p.interacty.me https://eservices.isca.org.sg; media-src 'self' data: blob:; frame-src 'self' *.doubleclick.net *.addthis.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.twitter.com *.vimeo.com *.linkedin.com *.instagram.com https://*.hotjar.com https://p.interacty.me https://isca.org.sg/ https://www.tickcounter.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.addthis.com; connect-src 'self' https://analytics.google.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.juicer.io *.facebook.com *.google-analytics.com *.doubleclick.net *.addthis.com *.linkedin.com *.instagram.com *.isca.org.sg https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://unpkg.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content 1
frame-ancestors https://*.taxaudit.com 1
default-src 'self' www.aamserver.com *.yandex.ru *.yandex.com *.analytics.google.com *.sabiotrade.com api.affstore.com *.jivosite.com code.jivosite.com www.facebook.com www.youtube.com region1.google-analytics.com mc.yandex.ru www.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.jivosite.com *.checkout.com; script-src 'self' 'unsafe-inline' *.jivosite.com code.jivosite.com www.youtube.com connect.facebook.net *.hotjar.io *.hotjar.com cdnjs.cloudflare.com mc.yandex.ru *.googletagmanager.com www.google.com www.gstatic.com *.yandex.com *.checkout.com 'unsafe-eval'; style-src 'self' code.jivosite.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' *.yandex.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.facebook.com www.googletagmanager.com i.ytimg.com mc.yandex.ru code.jivosite.com data:; connect-src 'self' *.hotjar.com *.hotjar.io *.checkout.com *.affstore.com *.trade.sabiotrade.com *.yandex.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
default-src https: 'unsafe-inline'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'none'; script-src https://www.jabber-germany.de:*; 1
frame-ancestors  https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-yang.yandex&project=tasks; 1
frame-ancestors http://bindy.com/ http://*.bindy.com/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.be/ads/ga-audiences uykeraqt.eu.stape.io; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.alfam.nl *.defam.nl *.credivance.nl *.alphacredit.nl *.acato.nl *.google-analytics.com yoast.com *.yoast.com *.doubleclick.net *.analytics.google.com uykeraqt.eu.stape.io; font-src 'self' data: *.cloudfront.net *.gstatic.com; frame-src 'self' *.youtube-nocookie.com *.vimeo.com uykeraqt.eu.stape.io; img-src 'self' *.google.nl *.cloudfront.net *.alfam.nl *.defam.nl *.credivance.nl *.alphacredit.nl *.acato.nl *.google-analytics.com *.googletagmanager.com *.gravatar.com *.analytics.google.com uykeraqt.eu.stape.io data:; manifest-src 'self'; media-src 'self'; worker-src 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDkzMjBhODk3OTk4NDIwN2E1ZTY0NzMzNWQ0OTJmY2I=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'report-sample' 'nonce-FziciyMfy_eC549Buu99Sg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.gelita.com *.g.doubleclick.net *.doubleclick.net *.google.com *.gstatic.com *.ggpht.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googlevideo.com *.lfeeder.com *.myfonts.net *.usercentrics.eu *.umantis.com *.service.usercentrics.eu *.youtube.com *.ytimg.com; 1
frame-ancestors 'self' https://*.infor.com https://*.bnl.gov https://*.psu.edu https://*.stanford.edu https://*.jlab.org https://134.79.157.11 https://134.79.157.16 https://134.79.157.15 https://134.79.157.23 https://134.79.157.12 https://134.79.157.76 https://134.79.157.141 https://134.79.157.8 https://134.79.157.72 https://134.79.157.136 https://97.123.171.136 https://216.14.94.3 https://75.161.194.246 https://fmsprd.psft.lbl.gov/ https://*.vinimaya.com/ https://*.inforcloudsuite.com https://iprocure.eu1.inforcloudsuite.com https://iprocure.inforclousuite.com https://qatest1.ipro.dev.inforcloudsuite.com https://*.xfel.eu https://esson.esss.lu.se/ https://essondev.esss.lu.se/ https://*.jaggaer.com/ https://app11.jaggaer.com/ https://*.ariba.com/ https://s1.ariba.com/ https://sbportal.sap.mpg.de https://mpg-connection-test.subseq.net/ http://ohm.npl.co.uk:8005 https://apps.inside.anl.gov/ https://bnl.vinimaya.com/ https://cg.hzdr.de/ https://erp.gentex.com/ https://idp.mit.edu:446/ https://lbl.vinimaya.com/ https://lincs.llnl.gov/ https://lincs-pre.llnl.gov/ https://marketplacedev.vinimaya.com/ https://*.coupahost.com/ https://mit.coupahost.com/ https://*.dig.at/ https://procure.dig.at/ https://quantumscape.coupahost.com/ https://*.sciquest.com/ https://solutions.sciquest.com/ https://staging.govsci.com/ https://*.govsci.com/ https://www.govsci.com/ https://ebp.sap.mpg.de/ https://ornl.vinimaya.com/ https://*.cornell.edu https://*.aquiire.net 1
default-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.cludo.com icreate7.esolutionsgroup.ca js.esolutionsgroup.ca *.doubleclick.net *.google.com *.google-analytics.com code.jquery.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cludo.com icreate7.esolutionsgroup.ca js.esolutionsgroup.ca *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com code.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.cludo.com *.googleapis.com *.gstatic.com code.jquery.com *.esolutionsgroup.ca *.google.com; img-src *; media-src *; frame-src *; font-src * 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/*  https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=da16c8f3-30f6-48f9-9160-a6da3d36fdec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4kz7&type=javascript&version=2.3.29 https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=registration https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=landing; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=67ea32aa-c34c-4715-8d52-c5d49aa88428&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&txn_id=o2n0b&type=javascript&version=2.3.29; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com  https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/partner/1874697/domain/oldmutualalternatives.com/token; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3  https://js.zohocdn.com https://js.zohostatic.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://mitsweb.iitech.dk https://mitsweb.iitech.dk/*; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.be2bill.com *.1000lentilles.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.addthis.com *.doubleclick.net 'self' 'unsafe-inline'; img-src *.adobe.com  amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.1000lentilles.fr *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.doubleclick.net *.smartsuppchat.com *.smartsuppcdn.com *.demdex.net *.google.fr *.be2bill.com data: 'self' 'unsafe-inline'; script-src *.adobe.com  *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.demdex.net *.be2bill.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.adobe.com  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.adobe.com  *.doubleclick.net *.smartsuppchat.com *.smartsuppcdn.com *.demdex.net *.smartsupp.com wss://*.smartsupp.com/ *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-239a8dbd-9e7d-4081-8536-659f58873ffe' https://www.google.com/recaptcha/api.js; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.rs https://netverify.com https://*.netverify.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://ethn.io https://s.yimg.jp https://api.geetest.com https://monitor.geetest.com https://api.geevisit.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn https://airbnb-api.arkoselabs.com https://h.online-metrix.net 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-96k+AOKIYoML3O+lb2L6QMfXHg/Ddn4WVb9vVVu6NMc=' 'sha256-x9qrZuocTEr1tOGphIwP5Mv7KhBpl6RF2jsvp2TcWoE=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com https://*.klarnacdn.net blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://client-api.arkoselabs.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://js.stripe.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=e12c698e-7be9-42b6-91ba-915054ef9922&version=sha%3D2499276e8815&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=e12c698e-7be9-42b6-91ba-915054ef9922&version=sha%3D2499276e8815&report_only=false 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com ajax.cloudflare.com static.cloudflareinsights.com cloudflareinsights.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net partner.googleadservices.com adservice.google.com tpc.googlesyndication.com google.com www.google.com www.googletagmanager.com; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' data: blob: 'unsafe-inline'; font-src 'self' fonts.gstatic.com; connect-src * 'self' 'unsafe-inline'; frame-src * 1
default-src * data: blob: filesystem: about: ws: wss: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline';frame-src * 1
upgrade-insecure-requests; default-src 'self' data: https://cdn.assinebem.com.br https://www.google-analytics.com; font-src 'self' data: https://cdn.assinebem.com.br https://fonts.gstatic.com; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://gadasource.storage.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.google.com; media-src 'self' data: https://player.vimeo.com; img-src 'self' blob: data: https://cdn.assinebem.com.br https://www.google-analytics.com https://ivccf.ivcbrasil.org.br https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://*.google-analytics.com https://analytics.google.com; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.atrapalo.pe; report-uri /csp/report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.babathe.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.facebook.com https://*.cloudflare.com https://*.daumcdn.net https://*.kakao.com https://*.channel.io https://*.sentry-cdn.com https://*.groobee.io https://*.omnicommerce.ai https://opm.kr.omnicommerce.ai https://*.cre.ma https://*.naver.net https://*.naver.com https://*.criteo.com https://*.facebook.net https://*.rainbownine.net https://*.beusable.net https://*.pinterest.com https://*.acrosspf.com https://aem-kakao-collector.onkakao.net https://stats.g.doubleclick.net https://*.mediacategory.com https://*.doubleclick.net https://*.googlesyndication.com https://*.socdm.com https://*.dable.io https://*.adingo.jp https://*.stickyadstv.com https://*.rlcdn.com https://*.mediavine.com https://s.ad.smaato.net https://*.clmbtech.com https://*.tpmn.co.kr https://*.yahoo.net https://googleads.g.doubleclick.net https://*.megadata.co.kr https://*.kakaocdn.net https://*.google-analytics.com https://*.hotjar.com https://*.kcp.co.kr https://channel.babathe.com:8090 https://bc.ad.daum.net https://unpkg.com https://*.vimeo.com https://*.googleadservices.com https://*.cnspay.co.kr https://nsp.pay.naver.com https://*.payco.com https://*.toss.im https://*.google.co.kr https://*.jsdelivr.net; style-src 'self' 'unsafe-inline' https://*.babathe.com https://*.jquery.com https://*.googleapis.com https://*.jquery.com https://*.groobee.io https://*.cre.ma https://channel.babathe.com:8090 https://unpkg.com https://*.kcp.co.kr https://fonts.cdnfonts.com  https://*.google.co.kr; img-src * data:; media-src *; connect-src 'self' https://*.babathe.com https://*.naver.com https://*.google.com https://*.groobee.io https://opm.kr.omnicommerce.ai https://*.criteo.com https://*.channel.io wss://1.front-ws.channel.io https://*.acrosspf.com https://aem-kakao-collector.onkakao.net https://*.megadata.co.kr https://*.mediacategory.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://channel.babathe.com:8090 https://*.cre.ma https://*.kcp.co.kr https://union.uni1id.com https://bc.ad.daum.net https://*.payco.com https://*.naver.com https://*.kakao.com https://*.cnspay.co.kr https://*.toss.im https://*.google.co.kr https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'self' https://*.babathe.com; object-src 'self'; 1
default-src * 'unsafe-inline'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; manifest-src 'self' 1
frame-ancestors 'self' https://help.bikester.dk https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'self' https://help.bikester.no https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-src blablive.com *.blablive.com *.laquotavincente.it *.googlesyndication.com *.adform.net *.rubiconproject.com *.twitter.com *.facebook.com *.addthis.com *.casalemedia.com *.google.com  *.youtube.com *.jwpsrv.com *.serving-sys.com *.appspot.com *.doubleclick.net *.gssprt.jp *.flashtalking.com *.criteo.com *.2mdn.net *.mathtag.com *.a3cloud.net *.spongecell.com *.lottomatica.it *.lotto-italia.it *.azurewebsites.net *.doubleclick.net *.atdmt.com *.cdn.wowza.com *.wowza.com *.akamaihd.net cdn.jwplayer.com *.vimeo.com *.spreaker.com *.amazon-adsystem.com *.atdmt.com 1
child-src 'self' https://www.flightradar24.com https://www.radarbox.com https://forms.freshmail.io https://www.google.com https://google.com https://www.facebook.com https://facebook.com https://w3.signal-iduna.pl 1
default-src 'self' blob: data: gap: https://ssl.gstatic.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com/ 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ 'unsafe-inline'; img-src 'self' data: content: 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.boafoda.webcam:9080 www.boafoda.webcam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.boafoda.webcam wss://www.boafoda.webcam *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705983248 1
default-src 'self' blob: data:; style-src 'self' 'unsafe-inline' api.mapbox.com fonts.googleapis.com www.gstatic.com accounts.google.com app-static-prod.posthog.com ; font-src * 'unsafe-inline' data:; media-src 'self' 'unsafe-inline' booz-media-uploads.s3.sa-east-1.amazonaws.com booz-media-uploads-dev.s3.sa-east-1.amazonaws.com data: blob:; img-src 'self' 'unsafe-inline' booz-test-images-do-not-use-in-production.s3.sa-east-1.amazonaws.com booz-media-uploads-dev.s3.sa-east-1.amazonaws.com booz-cms.s3-sa-east-1.amazonaws.com booz-media-uploads-dev.s3.sa-east-1.amazonaws.com www.google.es www.google.cl *.hotjar.com www.google.co.ve www.google.co.cl www.google.com www.google-analytics.com www.facebook.com test-data-143.s3.sa-east-1.amazonaws.com club.booz.cl booz-media-uploads.s3.sa-east-1.amazonaws.com booz-chat-bucket.s3.sa-east-1.amazonaws.com s3-sa-east-1.amazonaws.com *.s3-sa-east-1.amazonaws.com d3t730q4rgg3jr.cloudfront.net d2yqjgglbvl2dm.cloudfront.net d3w3u0f6pasxxu.cloudfront.net d1ks0wbvjr3pux.cloudfront.net *.apple-mapkit.com booz-cms.s3.sa-east-1.amazonaws.com buze-frontend-images.s3.sa-east-1.amazonaws.com booz-media-uploads-dev.s3.sa-east-1.amazonaws.com data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' googleads.g.doubleclick.net play.google.com *.hotjar.com www.googleadservices.com www.google-analytics.com vitals.vercel-insights.com gstatic.com www.googletagmanager.com google.com www.google.com www.gstatic.com api.mapbox.com cdn.apple-mapkit.com accounts.google.com cdn.tailwindcss.com apis.google.com appleid.apple.com appleid.cdn-apple.com www.facebook.com facebook.com connect.facebook.net gtm-kk4h4ps-zdfmn.uc.r.appspot.com cdnjs.cloudflare.com vercel.live chimpstatic.com apps.apple.com app.posthog.com app.intercom.io widget.intercom.io js.intercomcdn.com blob:; frame-src 'self' www.googletagmanager.com www.facebook.com accounts.google.com *.hotjar.com www.google.com www.gstatic.com; connect-src connect.facebook.net www.facebook.com api.booz.dev gtm-kk4h4ps-zdfmn.uc.r.appspot.com apps.apple.com play.google.com app.posthog.com blob: * 1
default-src 'self'; script-src 'report-sample' 'self' https://connect.facebook.net/signals/config https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://browser-update.org/update.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.caixaconsorcio.com.br/performance/performance.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://static.caixaconsorcio.com.br/performance/disclaimer.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://api.caixaseguradora.com.br https://performance.caixaconsorcio.com.br https://static.caixaconsorcio.com.br https://stats.g.doubleclick.net https://www.google-analytics.com https://youse.demdex.net; font-src 'self'; frame-src 'self' https://www.googletagmanager.com/ https://youse.demdex.net/; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com/collect https://www.facebook.com https://www.google-analytics.com https://www.google.com.br https://www.google.com; manifest-src 'self'; media-src 'self'; form-action 'none'; report-to endpoint; worker-src 'none'; 1
font-src *.googleapis.com *.gstatic.com *.publitas.com *.hotjar.com https://*.trustedshops.com http://*.trustedshops.com *.dhlparcel.nl https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.dhlparcel.nl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.robinhq.com *.typeform.com *.pinterest.com *.vimeocdn.com *.vimeo.com *.paypal.com *.gstatic.com *.googleapis.com *.google.com *.ggpht.com *.ytimg.com *.adyen.com *.authorize.net *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.publitas.com *.doubleclick.net *.facebook.com *.criteo.com surfly.com *.powr.io *.dhlparcel.nl *.eventix.io *.cavallaronapoli.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://static.buckaroo.nl ct.pinterest.com ts.tradetracker.net tm.tradetracker.net *.cloudfunctions.net *.squeezely.tech squeezely.tech *.cloudflare.com *.paypal.com *.magentocommerce.com *.google.com *.google.nl *.bing.com *.ggpht.com *.ytimg.com *.bluebirdday.io *.adyen.com *.cookiebot.com *.zdassets.com *.vimeo.com *.mailplus.nl *.hotjar.com *.dwin1.com *.facebook.net *.facebook.com *.licdn.com *.doubleclick.net *.cavallaronapoli.com *.linkedin.com *.publitas.com *.awin1.com robincontentdesktop.blob.core.windows.net *.stickyadstv.com https://*.trustedshops.com http://*.trustedshops.com *.openticket.tech *.clarity.ms *.convertexperiments.com *.convert.com *.faslet.net https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.buckaroo.nl ts.tradetracker.net tm.tradetracker.net *.typeform.com bam.eu01.nr-data.net *.cloudflare.com bam.nr-data.net js-agent.newrelic.com t.squeezely.tech squeezely.tech s.pinimg.com navigator-analytics.tweakwise.com *.adyen.com *.google.com *.cookiebot.com *.zdassets.com *.zendesk.com *.vimeo.com *.mailplus.nl *.hotjar.com *.bing.com *.dwin1.com *.facebook.net *.licdn.com *.doubleclick.net *.cavallaronapoli.com *.publitas.com *.criteo.net *.criteo.com *.robinhq.com robincontentdesktop.blob.core.windows.net *.pixibo.com *.pixibo.dev surfly.com *.msecnd.net *.googletagmanager.com *.googleoptimize.com api.trustedshops.com https://*.trustedshops.com http://*.trustedshops.com http://*.powr.io *.dhlparcel.nl *.clarity.ms *.fullstory.com *.oribi.io shop.eventix.io *.convertexperiments.com *.convert.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.postcode-checkout.nl/api/v2/ *.faslet.net *.avada.io https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.gstatic.com *.google.com *.googleapis.com *.publitas.com *.buckaroo.nl *.dhlparcel.nl *.openticket.tech https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.criteo.com *.hotjar.com ws3.hotjar.com wss://*.hotjar.com navigator-analytics.tweakwise.com isst.cavallaronapoli.com *.google.com *.google.nl ct.pinterest.com squeezely.tech *.robinhq.com *.surfly.com bam.eu01.nr-data.net bam.nr-data.net *.vimeocdn.com *.cardinalcommerce.com *.ggpht.com *.cookiebot.com *.google-analytics.com *.doubleclick.net *.zdassets.com *.publitas.com tdep.cavallaronapoli.com cavallaro.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.hotjar.io *.pixibo.dev *.visualstudio.com surfly.com api.trustedshops.com *.googlesyndication.com https://*.trustedshops.com http://*.trustedshops.com http://*.etrusted.com http://*.trustbadge.com https://maps.googleapis.com *.postcode-checkout.nl *.dhlparcel.nl *.clarity.ms *.fullstory.com *.oribi.io *.openticket.tech *.powr.io *.linkedin.io *.trustedshops.com *.etrusted.com https://www.postcode-checkout.nl/api/v2/ *.faslet.net https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.clarividencia-gratuita.com; 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://github.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://consentcdn.cookiebot.com/ *.trustpilot.com *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com http://comptoirdespros.groupe-mb.net https://cdn1.comptoirdespros.com *.google.fr https://criteo-sync.teads.tv/ https://match.sharethrough.com/ https://ads.stickyadstv.com/ https://s.ad.smaato.net/ *.omnitagjs.com https://criteo-partners.tremorhub.com/ https://i.liadm.com/ https://sync-criteo.ads.yieldmo.com/ https://secure.adnxs.com/ https://jadserve.postrelease.com/ *.criteo.com *.trustpilot.com https://amcglobal.sc.omtrdc.net/ * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.trustpilot.com *.cookiebot.com https://static.criteo.net/ https://s.kk-resources.com/ https://googleads.g.doubleclick.net *.criteo.com *.criteo.net *.productsup.io https://notifpush.com/ https://tag.imagino.com/ *.nr-ext.net *.nr-assets.net https://analytics.tiktok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com https://googleads.g.doubleclick.net *.google-analytics.com *.trustpilot.com https://s.kelkoogroup.net https://consentcdn.cookiebot.com/ https://notifpush.com/ https://tag.imagino.com/ https://analytics.tiktok.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.conexaoclarobrasil.com.br https://www.netcombo.com.br https://www.net.com.br; 1
default-src 'self' facebook.com *.facebook.com youtube.com www.youtube.com; script-src 'self' 'unsafe-inline' consent.cookiefirst.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.newrelic.com *.doubleclick.net connect.facebook.net consent.cookiefirst.com *.cookiefirst.com; style-src 'self' 'unsafe-inline' cookiefirst.com *.cookiefirst.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' *; connect-src 'self' consent.cookiefirst.com cookiefirst.com *.cookiefirst.com cloudfront.net www.google-analytics.com www.googletagmanager.com rdstation.com.br *.rdstation.com.br doubleclick.net *.doubleclick.net google.com *.google.com *.nr-data.net; 1
img-src 'self' data: https://img.overtake.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.za https://digitalstorage.s3.af-south-1.amazonaws.com; 1
default-src 'self'; font-src 'self'; img-src 'self' *.deedmedia.ir *.google-analytics.com *.doubleclick.net data: *.samandehi.ir *.google.de *.google.com *.google.co.*; media-src 'self' *.deedmedia.ir data:; worker-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'self' 'unsafe-inline' *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.google.co.* *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org; connect-src 'self' *.deed.ir *.deedmedia.ir *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org *.google-analytics.com *.doubleclick.net *.google.de *.google.com *.google.co.* *.adtrace.io; frame-src 'self' *.deed.ir *.tavoos.net *.sabavision.com *.yektanet.com ma-cdn.pegah.tech *.mediaad.org; frame-ancestors 'self' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob:; 1
frame-ancestors 'self' diaka.ua w.diaka.ua l.diaka.ua 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.it https://tags.tiqcdn.com https://www.dm-drogeriemarkt.it; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.it https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm-drogeriemarkt.it https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.it https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.it https://signin.dm-drogeriemarkt.it; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
default-src 'self' ; script-src 'self' 'unsafe-inline' *.fontawesome.com pagead2.googlesyndication.com *.kampyle.com *.medallia.eu www.googleadservices.com googleads.g.doubleclick.net *.snapchat.com *.hotjar.com *.mouseflow.com *.facebook.net sc-static.net *.adform.net *.licdn.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com/plugins/ www.google-analytics.com/analytics.js *.blueconic.net l.getsitecontrol.com s2.getsitecontrol.com/widgets/ cdn.cookielaw.org api.livechatinc.com cdn.livechatinc.com *.smartrefill.se s646.ezys.lt 'unsafe-eval' www.googletagmanager.com; img-src 'self' *.smartrefill.se austeja.omnitel.net ade.googlesyndication.com *.doubleclick.net *.google.com *.google.lt *.kampyle.com *.medallia.eu cdn.cookielaw.org www.facebook.com checkoutshopper-live.adyen.com *.linkedin.com *.adform.net *.google-analytics.com images.ezys.lt images.ctfassets.net data: w3.org/svg/2000 www.googletagmanager.com cdn.livechat-files.com/api/ www.google-analytics.com www.google.lv/ads/ www.google.lt/ads/ www.google.sk/ads/ www.google.ee/ads/ www.google.de/ads/ www.google.dk/ads/ www.google.com.se/ads/ www.google.com/ads/ www.google.pl/ads/; object-src 'none'; style-src 'self' 'unsafe-inline' *.smartrefill.se *.kampyle.com *.medallia.eu ; base-uri 'self'; media-src cdn.livechatinc.com videos.ctfassets.net; frame-src 'self' *.kampyle.com *.medallia.eu *.doubleclick.net *.snapchat.com *.hotjar.com *.fls.doubleclick.net checkoutshopper-live.adyen.com secure.livechatinc.com; frame-ancestors 'self' https://app.contentful.com; font-src 'self' *.smartrefill.se *.kampyle.com *.medallia.eu data: cdn.livechatinc.com; form-action 'self' checkoutshopper-live.adyen.com; connect-src 'self' *.smartrefill.se austeja.omnitel.net pagead2.googlesyndication.com *.kampyle.com *.medallia.eu checkoutshopper-live.adyen.com *.google.com *.doubleclick.net *.hotjar.com *.mouseflow.com *.snapchat.com *.oribi.io *.linkedin.com *.google-analytics.com api.livechatinc.com cdn.cookielaw.org l.getsitecontrol.com s2.getsitecontrol.com/widgets/ events.getsitectrl.com stats.g.doubleclick.net www.google-analytics.com *.ezys.lt www.onetrust.com geolocation.onetrust.com/cookieconsentpub/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googleadservices.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com code.cdn.mozilla.net platform.twitter.com *.twimg.com; font-src 'self' data: ms-appx-web: fonts.gstatic.com code.cdn.mozilla.net; img-src * data:; frame-src 'self' data:; form-action 'self' www.mollie.com *.twitter.com; connect-src 'self' *.twitter.com; block-all-mixed-content; report-uri https://leemankuiper.uriports.com/reports/enforce; report-to default 1
connect-src  wss://client.relay.crisp.chat  projects.gemonline.tv stream-live.gemonline.tv  gemonline.tv assets.gemonline.tv client.crisp.chat api.cloudflare.com ; font-src projects.gemonline.tv client.crisp.chat maxcdn.bootstrapcdn.com data: rc1.gemonline.tv assets.gemonline.tv gemonline.tv fonts.gstatic.com cdn.jsdelivr.net; img-src 'self' assets.gemonline.tv  via.placeholder.com s3-us-west-2.amazonaws.com client.crisp.chat image.crisp.chat ; media-src data: * blob: stream-live.gemonline.tv gemonline.tv; script-src-elem 'self' 'unsafe-inline' bam.eu01.nr-data.net assets.gemonline.tv vjs.zencdn.net api.qrserver.com  chart.apis.google.com  client.crisp.chat assets.gemonline.tv  gemonline.tv www.gstatic.com gstatic.com cdn.jsdelivr.net unpkg.com js-agent.newrelic.com cdnjs.cloudflare.com stream-live.gemonline.tv ajax.cloudflare.com www.google.com google.com ; style-src-attr 'unsafe-inline' ; style-src-elem 'self' assets.gemonline.tv fonts.googleapis.com vjs.zencdn.net 'unsafe-inline' maxcdn.bootstrapcdn.com ; worker-src blob: assets.gemonline.tv gemonline.tv www.google.com 1
base-uri 'none';child-src 'none';connect-src 'self' *.segmentapis.com *.doubleclick.net cdn.growthbook.io cdn.segment.com api.segment.io maps.googleapis.com www.google-analytics.com *.google.com sapi.getmosh.com.au *.visualwebsiteoptimizer.com app.vwo.com *.quantcount.com *.linkedin.com *.cloudfunctions.net atag.adgile.media *.outbrain.com *.snapchat.com *.tiktok.com *.taboola.com *.yimg.com *.hubspot.com https://www.getmosh.com.au;default-src 'self' blob:;font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src app.vwo.com *.visualwebsiteoptimizer.com *.google.com *.adsrvr.org *.doubleclick.net *.snapchat.com tsdtocl.com;img-src 'self' blob: data: static.legitscript.com mosh-portal.s3.ap-southeast-2.amazonaws.com images.prismic.io images.unsplash.com getmosh.cdn.prismic.io stg-mosh-portal20230131052523464300000009.s3.ap-southeast-2.amazonaws.com prod-mosh-portal20230319191307829100000006.s3.ap-southeast-2.amazonaws.com www.google-analytics.com www.google.com.au www.google.com www.googletagmanager.com *.google.com *.gstatic.com *.facebook.com *.vercel.app *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.tvsquared.com *.snapchat.com *.tiktok.com *.linkedin.com *.hubspot.com *.bing.com *.quantserve.com *.yahoo.com *.reddit.com *.adroll.com *.doubleclick.net *.bidswitch.net *.taboola.com *.openx.net;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com *.cloudflare.com *.cloudflareinsights.com connect.facebook.net app.vwo.com maps.googleapis.com cdn.growthbook.io cdn.segment.com www.google-analytics.com www.google.com.au www.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.facebook.net *.hotjar.com ltm.linkby.com amplify.outbrain.com *.taboola.com www.redditstatic.com sc-static.net www.upsellit.com s.yimg.com js.adsrvr.org analytics.tiktok.com cdn.pdst.fm atag.adgile.media snap.licdn.com *.quantserve.com *.quantcount.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net bat.bing.com *.tvsquared.com *.hs-scripts.com *.adroll.com *.snapchat.com *.outbrain.com;style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.googleapis.com *.google.com;worker-src 'self' blob:;script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com *.cloudflare.com *.cloudflareinsights.com connect.facebook.net app.vwo.com maps.googleapis.com cdn.growthbook.io cdn.segment.com www.google-analytics.com www.google.com.au www.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net *.facebook.net *.hotjar.com ltm.linkby.com amplify.outbrain.com *.taboola.com www.redditstatic.com sc-static.net www.upsellit.com s.yimg.com js.adsrvr.org analytics.tiktok.com cdn.pdst.fm atag.adgile.media snap.licdn.com *.quantserve.com *.quantcount.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net bat.bing.com *.tvsquared.com *.hs-scripts.com *.adroll.com *.snapchat.com *.outbrain.com; 1
default-src 'self'; img-src * data:; media-src media1.com media2.com; script-src 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://static.pay.expedia.com https://www.grnconnect.com https://ajax.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net;style-src 'unsafe-inline'  https://www.grnconnect.com https://fonts.googleapis.com https://www.gstatic.com;font-src https://www.grnconnect.com https://fonts.gstatic.com; frame-src https://www.tripadvisor.com https://www.grnconnect.com https://static.pay.expedia.com;connect-src https://www.google-analytics.com https://www.grnconnect.com  https://maps.googleapis.com; 1
default-src *; base-uri 'self'; img-src data: *; style-src 'self' fonts.googleapis.com www.gstatic.com www.youtube.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com cdn.matomo.cloud https://groupe-uneo.fr https://groupeuneo.matomo.cloud https://script.tolk.ai https://tarteaucitron.io https://cdn.tarteaucitron.io https://www.youtube.com; frame-ancestors 'self' https://groupe-uneo.fr https://script.tolk.ai https://www.youtube.com 1
default-src https: wss:; img-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
script-src https: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; 1
frame-ancestors 'self', base-uri 'self'; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.youtube.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com; style-src 'unsafe-inline' https: cdnjs.cloudflare.com/ajax/libs/foundicons/3.0.0/foundation-icons.css https://optimize.google.com https://fonts.googleapis.com; img-src 'self' https: data: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src 'unsafe-eval' https: data: filesystem: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://optimize.google.com; object-src 'none'; frame-src 'self' https://www.facebook.com/ https://widget.installchatbot.com/ https://www.google.com/ https://www.youtube.com/ https://optimize.google.com https://youtu.be/; base-uri 'self' 1
frame-ancestors alunos.institutoprominas.com.br 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net *.crisp.chat wss://*.crisp.chat:* wss://*.tidio.co:* *.tidio.co *.tidiochat.com *.getbutton.io wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: https://apis.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; connect-src *; font-src 'self' https: data:; report-uri *; child-src *; form-action *; frame-ancestors * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.iranantiq.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.yektanet.com *.najva.com; style-src 'self' 'unsafe-inline' iranantiq.com *.iranantiq.com *.najva.com; img-src * data: 'unsafe-eval'; font-src 'self' *.iranantiq.com data: *.iranantiq.com; 1
frame-ancestors 'self' www.juttu.be preview.juttu.be juttu.be product001.juttu.be product002.juttu.be product003.juttu.be product004.juttu.be ; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://kenyatalk.com/logs/ https://kenyatalk.com/sidekiq/ https://kenyatalk.com/mini-profiler-resources/ https://kenyatalk.com/assets/ https://kenyatalk.com/extra-locales/ https://kenyatalk.com/highlight-js/ https://kenyatalk.com/javascripts/ https://kenyatalk.com/plugins/ https://kenyatalk.com/theme-javascripts/ https://kenyatalk.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://platform.twitter.com/ https://chosensoccerwriter.com/ https://highwaycpmrevenue.com/ https://www.profitabledisplaynetwork.com/ https://servedbyadbutler.com https://jsc.mgid.com https://servicer.mgid.com https://*.mgid.com; worker-src 'self' https://kenyatalk.com/assets/ https://kenyatalk.com/javascripts/ https://kenyatalk.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self';  style-src 'self' *.adobeaemcloud.com/ *.salesforce-sites.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ 'unsafe-inline';  script-src 'self' *.adobeaemcloud.com/ *.salesforce-sites.com/ *.youtube.com/ https://www.youtube.com/iframe_api https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js *.gbqofs.com/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ *.paypal.com *.nxtck.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ https://*.google.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.trustcommander.net/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ *.digital4danone.com/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ https://squarelovin.com/ blob: 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: *.salesforce-sites.com/ *.digital4danone.com/ *.serving-sys.com/ *.leboncoin.fr/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.hotjar.com/ *.assetsadobe.com/ *.squarelovin.com/ https://squarelovin.com/ https://tools.applemediaservices.com/ https://apple-resources.s3.amazonaws.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.fr/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ *.trustcommander.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ https://play.google.com/ *.adotmob.com/ *.goldenbees.fr;  frame-src 'self' *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ https://player.simplecast.com/ *.simplecast.com/ *.paypal.com *.adyen.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/  *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.flockler.com/;  connect-src 'self' blob: *.salesforce-sites.com/ *.google.com/ *.digital4danone.com/ *.gbqofs.io/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.hotjar.io/ wss://*.hotjar.com *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/;  font-src 'self' data: *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/;  media-src 'self' *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.squarelovin.com/ https://squarelovin.com/ *.lpsnmedia.net/ 1
frame-ancestors 'self' *.lipigas.cl; 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://use.fontawesome.com *.karte.io; font-src 'self' data: https: https://fonts.gstatic.com *.karte.io; img-src 'self' data: https: https://*.s3.ap-northeast-1.amazonaws.com https://cdn.flowplayer.org https://cdn.flowplayer.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' data: https: blob: https://cdn.flowplayer.org https://cdn.flowplayer.com; connect-src 'self' https://sentry.io https://cdn.flowplayer.com https://pmi.flowplayer.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://unifa-photo-uploaded.s3-ap-northeast-1.amazonaws.com https://unifa-fr-photo-uploaded.s3.ap-northeast-1.amazonaws.com https://lookmee.kpn1.asp.lgwan.jp https://yubinbango.github.io *.karte.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Na1qyRUeYysAQurezDU1/A=='; frame-src 'none'; object-src 'none'; worker-src blob:; base-uri 'none' 1
font-src fonts.gstatic.com *.fontawesome.com assets.made-in-meubles.com *.twic.pics *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com https://www.googletagmanager.com/ *.consentmanager.net *.pinterest.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ assets.made-in-meubles.com *.twic.pics www.made-in-meubles.com *.consentmanager.net *.facebook.com *.bing.com *.pinterest.com *.quanta.io *.google.fr maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com polyfill.io cdn.jsdelivr.net *.hipay-tpp.com *.hipay.com *.iesnare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://maps.googleapis.com assets.made-in-meubles.com *.twic.pics *.consentmanager.net *.facebook.net *.pinimg.com *.bing.com *.clarity.ms *.smartlook.com *.quanta.io *.criteo.com *.criteo.net *.meubles.fr tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.hipay.com *.fontawesome.com assets.made-in-meubles.com *.twic.pics tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io data: *.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.getalma.eu *.hipay.com *.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io https://maps.googleapis.com assets.made-in-meubles.com *.twic.pics *.pinterest.com *.google.com *.google-analytics.com *.clarity.ms *.googlesyndication.com *.smartlook.cloud *.smartlook.com *.doubleclick.net *.meubles.fr *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' https://a.omappapi.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.53.2/codemirror.css https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.61.1/codemirror.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://fonts.googleapis.com https://www.maxxia.com.au https://target.maxxia.com.au/rest/v1/delivery?client=mcmillanshakespeare&sessionId=d3b88b02f3814dab8f8ee00a09cac2bf&version=2.10.1; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.productreview.com.au; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none' ; connect-src https://*.mesanalyses.fr ; manifest-src https://*.mesanalyses.fr ; media-src https://*.mesanalyses.fr ; script-src blob: https://*.mesanalyses.fr 'unsafe-inline' 'unsafe-eval'; font-src data: https://*.mesanalyses.fr ; img-src data: https://*.mesanalyses.fr ; style-src https://*.mesanalyses.fr 'unsafe-inline'; object-src 'none' ; worker-src blob: ; child-src blob: https://*.mesanalyses.fr ; frame-src blob: https://*.mesanalyses.fr ; form-action https://*.mesanalyses.fr ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 1
default-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addtoany.com https://ajax.cloudflare.com https://euc-widget.freshworks.com *.boxnow.gr https://skroutza.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr;  style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://euc-widget.freshworks.com https://fonts.googleapis.com;  object-src 'self';  img-src 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com https://googleads.g.doubleclick.net/ *.skroutz.gr https://static.mgmanager.gr https://venddeshop.test.devlh.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr;  font-src 'self' data: https://fonts.gstatic.com;   connect-src 'self' https://region1.analytics.google.com https://mgmanager.freshdesk.com https://euc-widget.freshworks.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app;  frame-src *;  media-src 'self' 1
default-src https://*.ctfassets.net 'self' blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://pghub.io https://*.cookielaw.org https://*.bazaarvoice.com https://*.smartcommerce.co https://*.click2cart.com https://*.algolianet.com https://*.rpxnow.com https://rpxnow.com https://*.segment.com https://*.janrain.com https://*.cloudfront.net https://script.crazyegg.com https://*.facebook.net https://www.facebook.com https://z.moatads.com https://*.adsrvr.org https://pixel.tapad.com https://c.lytics.io https://s.amazon-adsystem.com https://*.pricespider.com https://*.segment.io https://*.click2cart.co https://*.lightboxcdn.com https://*.janraincapture.com https://*.iesnare.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.tiktok.com https://www.google-analytics.com https://js-cdn.dynatrace.com https://*.naturella.com.mx feed.pghub.io pandg.tapad.com ; worker-src blob: https://*.dynatrace.com https://*.onetrust.com feed.pghub.io pandg.tapad.com ; connect-src 'self' * https: 'unsafe-inline' https://*.click2cart.com https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.click2cart.com https://c.lytics.io https://*.janrain.com https://*.lightboxcdn.com https://display.ugc.bazaarvoice.com https://*.bazaarvoice.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net data: feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://www.facebook.com https://c.lytics.io https://s.amazon-adsystem.com https://*.lightboxcdn.com https://click2cart.co https://click2cart.com https://ssl.gstatic.com https://*.amazonaws.com https://*.bazaarvoice.com https://images.ctfassets.net data: https://pixel.tapad.com https://*.naturella.com.mx https://*.cloudfront.net https://www.google-analytics.com https://www.google.co.in https://www.google.com https://googleads.g.doubleclick.net https://downloads.ctfassets.net https://*.cookielaw.org https://*.onetrust.com feed.pghub.io pandg.tapad.com ; font-src https://fonts.gstatic.com data: http://fast.fonts.net https://assets.ctfassets.net https://*.click2cart.com https://*.bootstrapcdn.com https://fonts.googleapis.com https://*.naturella.com.mx feed.pghub.io pandg.tapad.com ; frame-src 'self' https://consumersupport.pg.com https://*.adsrvr.org https://www.facebook.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://*.api.bazaarvoice.com https://*.bazaarvoice.com https://*.janraincapture.com feed.pghub.io pandg.tapad.com ; 1
block-all-mixed-content; frame-ancestors *.newlentes.com.br 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.es 1
script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' *.google.fr cdn.jsdelivr.net ray.st *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com www.gstatic.com www.google.com www.google.com.pk www.googleadservices.com api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com *.orange.cd orange-rdc.ws.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com s.ytimg.com www.youtube.com tagmanager.google.com w.usabilla.com orange-ci.dimelochat.com appstatic.quanta.io completion.ke.orange.fr img.ke.woopic.com  www.googletagmanager.com www.google-analytics.com  graph.facebook.com urls.api.twitter.com api.pinterest.com www.linkedin.com *.crazyegg.com; style-src 'self' 'unsafe-inline' *.orange.cd ray.st *.crazyegg.com *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com mastermedia.orange-business.com img.ke.woopic.com orange-rdc.dimelochat.com; img-src blob: data: 'self' 'unsafe-inline' sport365.fr *.sport365.fr *.google.fr *.orange.cd ray.st *.crazyegg.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com www.googletagmanager.com googleads.g.doubleclick.net api.orangefootballclub.com www.surveygizmo.com www.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com i.ytimg.com fr.orangefootballclub.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.pk www.google.fr rum-metrics.quanta.io d212beldn0wvcm.cloudfront.net dimelo.s3.amazonaws.com; form-action 'self' http://testinstantbillspay.com.ng payment.instantbillspay.com cd.instantbillspay.com mpayment.orange-money.com webpayment-ow-sb.orange-money.com; object-src 'self' *.crazyegg.com  ; frame-src 'self' 'unsafe-inline' *.orange.cd *.crazyegg.com live-homescreen.orange.com *.orange.com *.readspeaker.com maps.gstatic.com orange-rdv.right-q.com *.googleapis.com 0-dsn.algolia.net 0-1.algolianet.com 0-2.algolianet.com 0-3.algolianet.com api.orangefootballclub.com wwww.surveygizmo.com ww.surveygizmo.eu help.dimelo.com cobrowsing.eu2.digital.ringcentral.com orange-rdc.engagement.dimelo.com cobrowsing.eu2.digital.ringcentral.com dimelo-chat.s3.amazonaws.com orange-rdc.wc.dimelo.com orange-rdc.dimelochat.com orange-rdc.messaging.dimelo.com sfdc.dimelo.com engagement-connect.herokuapp.com optimize.google.com mastermedia.orange-business.com www.orange-business.com www.youtube.com datastudio.google.com otapoci.gos.orange.com; frame-ancestors 'self'; 1
default-src 'self' 'nonce-fkM1YiTtaLhKl4MPt4M9C69KWbranRBpLsF0W2Q4L3kog8Iik2' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.gstatic.com use.typekit.net; script-src 'self' 'nonce-fkM1YiTtaLhKl4MPt4M9C69KWbranRBpLsF0W2Q4L3kog8Iik2' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.gstatic.com use.typekit.net; 1
frame-ancestors 'self'; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' pandorashop.co.za m2.pandorashop.co.za www.pandorashop.co.za 1
frame-ancestors https://payhub.com.ua https://standalone.fuib.com https://viber.payhub.com.ua 1
block-all-mixed-content; frame-ancestors *.polipet.com.br 1
frame-ancestors 'self';frame-src 'self' https://www.facebook.com https://www.googletagmanager.com/ https://player.vimeo.com https://tpc.googlesyndication.com https://optimize.google.com; 1
worker-src *; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com images.latitudepayapps.com imageapi.magebinary.co.nz data: * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.auspost.zone *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com/ *.doubleclick.net *.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.auspost.zone * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cdninstagram.com * https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.auspost.zone * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ * unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.auspost.zone * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.2pontos.net; 1
default-src 'self' *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.chime.aws *.pingdom.net *.google.com *.googleusercontent.com unpkg.com *.datafree.co *.amazonaws.com *.doubleclick.net *.vimeo.com *.facebook.net *.clarity.ms *.intercom.io *.intercomcdn.com data: ws:; img-src * data:; style-src 'self' 'unsafe-inline' api.mapbox.com *.googleapis.com unpkg.com *.cloudfront.net *.googletagmanager.com *.googleadservices.com *.datafree.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.google-analytics.com *.clarity.ms *.jquery.com *.googletagmanager.com *.googleapis.com unpkg.com *.google.com *.gstatic.com *.datafree.co *.googleadservices.com *.facebook.com *.facebook.net *.intercom.io *.intercomcdn.com *.pingdom.net blob: 1
child-src blob: 'self';connect-src https: 'self' https://mtm.reelax-tickets.com;default-src 'self';font-src https: 'unsafe-inline' 'self';frame-ancestors 'self';frame-src 'self' https://mtm.reelax-tickets.com;img-src https: 'unsafe-inline' 'self' data: blob: https://mtm.reelax-tickets.com;object-src https: 'unsafe-inline' 'self';script-src https: 'unsafe-inline' 'self' 'unsafe-eval';script-src-attr https: 'unsafe-inline' 'self';style-src https: 'unsafe-inline' 'self';worker-src blob: 'self';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
frame-ancestors 'self'  https://fonts.googleapis.com/ 1
default-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ http://localhost:50000 ;font-src data: *;frame-src https://www.aparat.com/ https://samanpl.ir https://najm.samanpl.ir https://develop.samanpl.ir/ https://*.samanpl.ir http://najm.samanpl.ir/ http://*.samanpl.ir  https://www.google.com/ ; img-src 'self' https://trustseal.enamad.ir/ https://wxs.ign.fr https://www.google.com/ https://*.samanpl.ir https://samanpl.ir https://reg.samanpl.ir https://cdn.samanpl.ir https://najm.samanpl.ir https://develop.samanpl.ir https://image.samanpl.ir http://*.samanpl.ir http://samanpl.ir http://reg.samanpl.ir http://cdn.samanpl.ir http://najm.samanpl.ir http://image.samanpl.ir https://*.tile.openstreetmap.org data: https://image.samanpl.ir http://image.samanpl.ir https://*.samanpl.ir http://*.samanpl.ir ;object-src 'self'; worker-src 'self'  blob: ;script-src-elem 'self' http://*.samanpl.ir https://*.samanpl.ir https://www.google-analytics.com/analytics.js http://www.google-analytics.com/analytics.js https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com 'unsafe-inline';style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://fonts.googleapis.com ;script-src 'self' https://*.samanpl.ir  http://*.samanpl.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com http://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-ancestors 'self' *.conad.it *.nscdev.it *.nsctst.it *.nscpre.it  *.nscstg.it; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.tiny.cloud/ https://blueimp.github.io/ https://uicdn.toast.com/ https://code.jquery.com/ https://maps.googleapis.com https://maps.googleapis.com/maps/api/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/1h-hbVSJRMOQsmO_2qL9cO0z/recaptcha__nl.js https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.tiny.cloud https://blueimp.github.io/ https://uicdn.toast.com/ https://code.jquery.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://uicdn.toast.com/ https://maps.googleapis.com https://region1.google-analytics.com https://www.google-analytics.com https://www.mollie.com/ https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://uicdn.toast.com/ https://www.mollie.com/ https://www.google.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.linkedin.com/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://sp.tinymce.com https://maps.gstatic.com/  https://uicdn.toast.com/ https://maps.googleapis.com https://cdn-staging.smartsd.com https://cdn.smartsd.com https://www.mollie.com; manifest-src 'self'; media-src 'self' https://uicdn.toast.com/  https://cdn-staging.smartsd.com; report-uri https://6458b9a20c2db5717a7f925e.endpoint.csper.io/?v=4; child-src 'report-sample' https://www.mollie.com/ https://www.google.com/ https://www.youtube.com/ https://www.linkedin.com/; frame-ancestors https://www.linkedin.com/ 'self'; form-action 'report-sample' https://pay.mollie.nl/ https://www.mollie.com/ https://bancontact.girogate.be 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://sportland.lt/ https://sportland.ee/ https://sportland.lv/ https://sportland.fi/ https://pl.sportland.com/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lv/ https://ru.sportland.lt/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
default-src 'none';script-src 'self' 'unsafe-inline' *.stall-frei.de *.maptiler.com *.fontawesome.com unpkg.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/ https://pagead2.googlesyndication.com/ https://*.googlesyndication.com/;img-src 'self' data: *.stall-frei.de *.maptiler.com *.fontawesome.com img.youtube.com *.ytimg.com *.gstatic.com translate.google.com https://appleid.cdn-apple.com/ https://*.googlesyndication.com/;style-src 'self' 'unsafe-inline' unpkg.com *.maptiler.com https://accounts.google.com/gsi/style https://appleid.cdn-apple.com/;child-src 'self' blob: mat.stall-frei.de s-static.ak.facebook.com www.facebook.com *.gstatic.com player.vimeo.com *.youtube.com;connect-src 'self' *.stall-frei.de api.maptiler.com *.fontawesome.com https://accounts.google.com/gsi/ https://appleid.cdn-apple.com/ https://pagead2.googlesyndication.com/;form-action 'self';frame-ancestors 'self';frame-src https://accounts.google.com/gsi/ https://appleid.cdn-apple.com/ https://www.facebook.com/plugins/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://googleads.g.doubleclick.net https://*.googlesyndication.com/ https://*.google.com/;base-uri 'self';manifest-src 'self';object-src 'self';font-src 'self' data: https://appleid.cdn-apple.com/ 1
default-src 'self' www.googletagmanager.com www.google.com www.youtube.com 'unsafe-eval';               script-src 'self' code.iconify.design/ api.iconify.design/ www.googletagmanager.com/gtag/ www.google-analytics.com/ www.google-analytics.com/j/ www.gstatic.com/ www.google.com/ 'unsafe-inline' 'unsafe-eval';              style-src 'self' cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/ fonts.googleapis.com/ 'unsafe-inline';               font-src 'self' fonts.gstatic.com/s/materialicons/v21/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/ fonts.gstatic.com/;               connect-src 'self' www.google-analytics.com/j/collect stats.g.doubleclick.net/j/collect viacep.com.br;              img-src 'self' data: www.google-analytics.com/collect www.google.com/ads/ www.google.com.br/ads/ 'unsafe-eval';              media-src 'self' www.youtube.com 'unsafe-eval' ;               1
frame-ancestors 'self' thirtymall.com *.thirtymall.com 1
default-src 'self' https://api1.trendyaab.com ; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' cdn1.trendyaab.com  vt.parsimap.com https://logo.samandehi.ir https://*.google-analytics.com review-rating.mncdn.com blob: https://api1.trendyaab.com data: https://api1.trendyaab.com https://cdn.dsmcdn.com https://video-content-img.dsmcdn.com  http://www.w3.org; media-src https://d12rjhfbnrelgt.cloudfront.net; connect-src 'self' https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://hpadmin.post.ir https://api1.trendyaab.com https://api.trendyaab.com https://translate.googleapis.com https://*.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self'; img-src https://*.openstreetmap.org 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; frame-ancestors 'none' ; report-uri /admin/tools/CspReport.php 1
frame-ancestors 'self'  http://*.ceca.es https://*.ceca.es; 1
frame-src 'self' https://www.google.com https://content.googleapis.com https://accounts.google.com https://staticxx.facebook.com https://www.youtube.com https://www.facebook.com https://cid.center https://cid.center/sme/ https://cid.center/sme/profile https://tascombank.ua https://24b.tascombank.ua https://tas24b.ua https://ovsb.ics.gov.ua https://ovsb.ics.gov.ua http://www.vkursi.com.ua https://vars.hotjar.com https://a.plerdy.com https://bid.g.doubleclick.net https://code-ya.jivosite.com https://td.doubleclick.net https://o.clarity.ms;frame-ancestors 'self' https://www.google.com https://content.googleapis.com https://accounts.google.com https://staticxx.facebook.com https://www.youtube.com https://www.facebook.com https://cid.center https://cid.center/sme/ https://cid.center/sme/profile https://tascombank.ua https://24b.tascombank.ua https://tas24b.ua https://ovsb.ics.gov.ua https://ovsb.ics.gov.ua http://www.vkursi.com.ua https://vars.hotjar.com https://a.plerdy.com https://bid.g.doubleclick.net https://code-ya.jivosite.com https://td.doubleclick.net https://o.clarity.ms 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.voyancegratuites.fr; 1
default-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost; script-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost www.google.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net hm.baidu.com *.sentry.io ynuf.aliapp.org *.tdum.alibaba.com cf.aliyun.com g.alicdn.com www.recaptcha.net www.google.com www.gstatic.com www.gstatic.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost ynuf.aliapp.org *.tdum.alibaba.com cf.aliyun.com g.alicdn.com www.recaptcha.net www.google.com www.gstatic.com www.gstatic.cn *.bilibili.com; connect-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost www.google.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net hm.baidu.com *.sentry.io upload.qiniup.com uplog.qbox.me hooks.slack.com blob: data:; child-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost blob:; worker-src 'self' cdn.yopu.co scdn.yopu.co cdn.yoopu.me yopu.co yoopu.me localhost blob:; block-all-mixed-content; report-uri /csp-report; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 'self' https:; frame-ancestors *; 1
default-src *; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; script-src www.google-analytics.com  www.googletagmanager.com  www.google.com  www.gstatic.com  'self' 'unsafe-inline' 'unsafe-eval' *; report-uri  https://report-service-url.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
default-src 'self' https://www.webatvantage.be *.google-analytics.com *.analytics.google.com *.piwik.pro 'nonce-MTczMTM3NTIwNDY5MjE3Mg==';script-src 'self' https://www.webatvantage.be https://www.google.com https://www.clarity.ms *.piwik.pro 'unsafe-eval' 'nonce-MTczMTM3NTIwNDY5MjE3Mg==';font-src 'self' https://www.webatvantage.be https://use.typekit.net;img-src 'self' https://www.webatvantage.be *.cdninstagram.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.gstatic.com data:;style-src 'self' https://www.webatvantage.be *.typekit.net https://use.typekit.net/vgj5jns.css 'unsafe-inline';frame-src 'self' https://www.webatvantage.be https://www.google.com;object-src 'self' data:; 1
base-uri 'none'; frame-ancestors 'self' https:; script-src 'nonce-e1d49635-9e3b-44a3-88ac-5b93175275f1' 'strict-dynamic' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://o191354.ingest.sentry.io/api/1804128/security/?sentry_key=c70af02fd39547c19e9c93a469bd1584 1
frame-ancestors 'self' https://*.ethnicraft.com 1
frame-ancestors 'self' https://kparkfr.sharepoint.com 1
frame-ancestors https://www.suitable.de https://www.suitableshop.nl 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' data:; object-src 'none'; 1
script-src 'self' 'sha256-M3RnqnOXmbaP1xe4gXW/vwUIP0LIn4NcoGs2r16XJg4=' 'sha256-m1NODV2QOZtx4L/at7JeWCD0BPuAUH33rbyd3hhFz28=' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://pi.pardot.com https://form.typeform.com/ https://pagecdn.io https://cdn.jsdelivr.net/ cdn.auth0.com https://tagmanager.google.com https://heapanalytics.com https://cdn.heapanalytics.com https://*.hotjar.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io rightshipstorage.blob.core.windows.net https://dc.services.visualstudio.com https://kcauchi.eu.auth0.com/ https://stats.g.doubleclick.net wss://*.hotjar.com https://*.hotjar.io https://uploads.intercomusercontent.com https://uploads.au.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomcdn.com wss://nexus-australiawebsocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexuseurope-websocket.intercom.io https://nexus-europe-websocket.intercom.io wss://nexuswebsocket-b.intercom.io https://nexus-websocket-b.intercom.io https://nexus-websocket-a.intercom.io https://api-ping.intercom.io https://apiiam.intercom.io https://events.mapbox.com https://api.mapbox.com https://*.tiles.mapbox.com rightship.auth0.com/style-src https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.i ntercomcdn.com https://www.gstatic.com https://ssl.gstatic.com https://static.au.intercomassets.com https://static.intercomassets.eu https://*.intercom-attachments-9.com https://*.intercom-attachments-8.com https://*.intercom-attachments-7.com https://*.intercom-attachments-6.com https://*.intercom-attachments-5.com https://*.intercom-attachments-4.com https://*.intercom-attachments-3.com https://*.intercom-attachments-2.com https://*.au.intercom-attachments.com https://*.intercom-attachments.eu https://*.intercom-attachments-1.com https://messenger-apps.au.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.intercom.io https://video-messages.intercomcdn.com https://gifs.intercomcdn.com https://downloads.au.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.intercomcdn.com https://static.intercomassets.com https://form.typeform.com https://www.youtube.com/ https://fast.wistia.net https://player.vimeo.com https://www.youtube.com https://www.intercom-reporting.com https://app.powerbi.com/ https://cdn.cookielaw.org/ https://tracker.metricool.com/resources/be.js https://tag.clearbitscripts.com/v1/pk_30bbf5ebcf696cc45e066d56ba709604/tags.js https://snap.licdn.com/* https://x.clearbitjs.com/v2/pk_30bbf5ebcf696cc45e066d56ba709604/destinations.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.jsdelivr.net https://static.addtoany.com https://use.fontawesome.com; script-src-attr 'self'; script-src-elem 'self' 'sha256-M3RnqnOXmbaP1xe4gXW/vwUIP0LIn4NcoGs2r16XJg4=' 'sha256-m1NODV2QOZtx4L/at7JeWCD0BPuAUH33rbyd3hhFz28=' 'sha256-e3OsTH0KIUdK3veWO2CJ9QDxFNgZ4fTPuRsN5mkj7yU=' 'sha256-mNEtXRiEHBP3SUZamJMFjxmFIT2BcMHRjs8d/n3oRwE=' 'sha256-wy5KasZY6I/igoHzecXHWsGJ9eTrQl3PXLylql9jiw0=' 'sha256-g2ZWjLGcOhuqYxSepgrIZ2000MsUDt4fakbIHIl+ojo=' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://static.hotjar.com https://snap.licdn.com https://tag.clearbitscripts.com https://script.hotjar.com https://tracker.metricool.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://static.addtoany.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com https://cdn.cookielaw.org https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; report-uri https://rightship.com/report-uri/enforce 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://agropur.ddev.site https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://js.zi-scripts.com https://dokumfe7mps0i.cloudfront.net https://builder.lift.acquia.com https://players.brightcove.net https://vjs.zencdn.net https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' https://agropur.ddev.site blob:; frame-ancestors 'self'; report-uri https://www.agropur.com/fr/report-uri/enforce 1
default-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://tagmanager.google.com https://rovr2u.ximnet.com.my/ https://www.instagram.com/ https://platform.instagram.com/ https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://salesiq.zoho.com https://crm.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com; script-src-elem 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://rovr2u.ximnet.com.my https://www.instagram.com https://platform.instagram.com https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com https://salesiq.zoho.com https://crm.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com; script-src-attr 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.youtube.com https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://www.googletagmanager.com https://static.hotjar.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.curator.io https://www.google-analytics.com https://script.hotjar.com https://www.googleadservices.com https://fonts.googleapis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://apis.google.com https://content.googleapis.com https://dynamicdiesel.my https://www.instagram.com https://platform.instagram.com https://mc.yandex.ru https://yastatic.net https://analytics.tiktok.com https://apps.elfsight.com https://static.elfsight.com https://kit.fontawesome.com https://universe-static.elfsightcdn.com https://cdn-apac.onetrust.com; style-src * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://www.gstatic.com https://rovr2u.ximnet.com.my https://*.zohocdn.com https://*.zohostatic.com; style-src-elem * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://www.gstatic.com https://rovr2u.ximnet.com.my/ https://*.zohocdn.com https://*.zohostatic.com; style-src-attr * 'self' data: 'unsafe-inline' https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my https://fonts.googleapis.com https://cdn.curator.io https://dynamicdiesel.my https://*.zohocdn.com https://*.zohostatic.com; img-src * data:; font-src *; connect-src *; media-src * https://www.primax.my https://www.rovr2u.com https://www.mymesra.com.my http://dynamicdiesel.my/; frame-src *; frame-ancestors 'self' http://webvisor.com; base-uri *; manifest-src https://www.mymesra.com.my/ 1
script-src 'nonce-Hy5DhpUgkwODxv/ZtZIlxY3giqkEelAqgo0lcKKfHCU=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; object-src 'none'; base-uri 'none'; 1
default-src 'self' https://*.iskultur.com.tr https://*.doubleclick.net https://*.sendpulse.com https://*.datatables.net; font-src 'self' data: https://*.sendpulse.com https://yeni.iskultur.com.tr https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://unpkg.com  https://www.googleadservices.com https://*.googletagmanager.com https://*.alexametrics.com https://connect.facebook.net https://*.datatables.net https://www.youtube.com https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.iskultur.com.tr  https://*.datatables.net https://*.cloudflare.com https://*.sendpulse.com  https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com  https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://track.gaug.es/ https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com  https://*.doubleclick.net https://*.placeholder.com https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self'  'unsafe-inline' 'unsafe-eval'  https://td.doubleclick.net/ https://online.flippingbook.com/ https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://www.youtube.com https://tpc.googlesyndication.com https://www.facebook.com https://sanalpos.isbank.com.tr/ https://*.facebook.com https://www.youtube-nocookie.com  https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr  https://*.yandex.ru https://www.google-analytics.com  https://*.sendpulse.com  https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://mc.yandex.com https://analytics.google.com https://*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://www.google-analytics.com https://*.googleapis.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com https://manager.eu.smartlook.com https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1
block-all-mixed-content; script-src 'nonce-Awb1KOf2xrEHObmfUwmIOQ==' 'strict-dynamic'; style-src 'nonce-Awb1KOf2xrEHObmfUwmIOQ==' 1
object-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://static.hotjar.com https://www.clarity.ms https://script.hotjar.com https://pidpa.containers.piwik.pro/ https://www.youtube.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com https://www.jobsolutions.be momentjs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://pidpa.containers.piwik.pro/ https://www.youtube.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self' http: https: data: blob: style-src: script-src: 'unsafe-inline' 'unsafe-eval' 1
default-src  visavid.proto-type.de visavid.de https://visavid.de/org.dreamox.cmsmox.divlayout/org/dreamox/cmsmox/divlayout/view/jsp/images/socialshare/svg/sprite.svg ;base-uri 'none';object-src 'none';form-action 'self' ;frame-ancestors 'none';connect-src 'self' www.google-analytics.com *.google-analytics.com *.analytics.google.com    cdn.plyr.io https://stats.g.doubleclick.net www.facebook.com facebook.com;img-src 'self' visavid.de   *.google-analytics.com *.analytics.google.com   www.google-analytics.com *.google-analytics.com *.analytics.google.com    www.google-analytics.com google-analytics.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com www.google.de google.de www.google.com google.com https://googleads.g.doubleclick.net  i.ytimg.com;media-src 'self' ;script-src 'self' 'strict-dynamic' 'nonce-a6hi81et03jj4fhohobim8lsjil'  www.google-analytics.com *.google-analytics.com *.analytics.google.com;style-src 'self' 'unsafe-inline' ;font-src 'self' ;manifest-src 'self';upgrade-insecure-requests;report-uri https://csp-report.auctores.de/resources/index;frame-src  www.youtube-nocookie.com; 1
default-src 'none'; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://pbs.twimg.com https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com https://static.yoogirls.com https://yoogirls.r.worldssl.net https://www.juicycash.net; media-src https://static.yoogirls.com https://yoogirls.r.worldssl.net; script-src 'unsafe-inline' https://www.inet-cash.com https://*.googletagmanager.com https://www.google-analytics.com https://static.yoogirls.com/js/cookienotice.min.js https://static.yoogirls.com/ https://yoogirls.r.worldssl.net; style-src 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ https://yoogirls.r.worldssl.net https://static.yoogirls.com/; font-src https://static.yoogirls.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'none'; 1
frame-ancestors 'self' www.tealearn.com tealearn.instructure.com tealearn.staging.instructure.com tealearn.beta.instructure.com tealearn.test.instructure.com; 1
default-src 'self' challenges.cloudflare.com  *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com  *.microsoftonline.com *.powerbi.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' challenges.cloudflare.com  *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' challenges.cloudflare.com  data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' challenges.cloudflare.com  *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com  *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net unpkg.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.bugherd.com analytics.imirwin.com www.google-analytics.com www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com  https://googleads.g.doubleclick.net  snap.licdn.com static.ads-twitter.com www.google.com https://googletagmanager.com https://tagmanager.google.com;  style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net unpkg.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;  object-src 'none';  base-uri 'self';  connect-src 'self' *.fontawesome.com https://analytics.google.com/* https://analytics.google.com/g/collect https://sidebar.bugherd.com/binoculars https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.imirwin.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com analytics.google.com google.com/pagead/*  px.ads.linkedin.com;  font-src 'self' *.fontawesome.com *.typekit.net *.gstatic.com data:;  frame-src 'self' blob: www.slideshare.net https://api.stockdio.com/ https://sidebar.bugherd.com consentcdn.cookiebot.com td.doubleclick.net https://www.google.com https://www.youtube.com/ https://www.creativereturn.ca/ https://player.vimeo.com/ https://www.kitco.com/consentcdn.cookiebot.com;  img-src 'self' https://s.w.org https://www.google.nl google.com www.google.com www.google.ca px4.ads.linkedin.com https://www.google.ca/ads/ga-audiences https://imgsct.cookiebot.com t.co analytics.twitter.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://d2iiunr5ws5ch1.cloudfront.net  px.ads.linkedin.com data:;  manifest-src 'self';  media-src 'self';  report-uri https://63fcef7d3e361dd413cfe988.endpoint.csper.io;  worker-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; base-uri 'self' 1
frame-ancestors 'self' amnestymoves.at go.webmozarts.com localhost ionic: 1
default-src 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https: data:; img-src 'self' https: data: p.typekit.net https://www.google.com/ads/ga-audiences; object-src 'none'; script-src 'self' https: 'strict-dynamic' 'nonce-FWKTJ9XgST7pDWS+1730pQ=='; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css use.typekit.net p.typekit.net https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css d1napmdp9lzbyy.cloudfront.net d1030xxn62fyyb.cloudfront.net; connect-src 'self' https: https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com wss://*.hotjar.com https://adservice.google.com https://stats.g.doubleclick.net; report-uri https://o8095.ingest.sentry.io/api/15415/security/?sentry_key=7f5f5d4c4104451d8b56b1a148a65915&sentry_environment=production&sentry_release=dd82ae29d093650fb36a5637299907c886e109f3 1
default-src 'none'; style-src 'self'; img-src 'self'; script-src 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg='; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; manifest-src 'none'; 1
frame-ancestors https://*.tinkoff.ru; report-uri https://sme.tinkoff.ru/common/sentry/api/56/security/?sentry_key=25374a8bcb434c9494e2bbe1d024b9aa 1
report-uri /csp/log.php;    connect-src  'self' *.opendns.com ad.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.cat https://*.google.co.jp https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://1637314617.rsc.cdn77.org https://am.yahoo.co.jp https://analytics.google.com https://api.trongrid.io https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://i.clarity.ms https://meetlookup.com https://p.typekit.net https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://use.typekit.net https://wave-data.jp https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws www.wave-inc.co.jp;    default-src  'self' https://*.clarity.ms https://am.yahoo.co.jp https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com;    font-src  'self' chrome-extension: data: fonts.gstatic.com https://*.clarity.ms https://am.yahoo.co.jp https://at.alicdn.com https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://cdn.scite.ai https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://storage.aahub.org https://use.fontawesome.com moz-extension: themes.googleusercontent.com;    frame-ancestors  'self';    frame-src  'self' *.opendns.com bid.g.doubleclick.net https://*.clarity.ms https://*.facebook.com https://*.fls.doubleclick.net https://am.yahoo.co.jp https://assets.pinterest.com https://b.hatena.ne.jp https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://bid.g.doubleclick.net https://c.bing.com https://cn2083010554-7vnsr30170.ibosscloud.com https://gateway.zscaler.net https://gateway.zscalerthree.net https://mozbar.moz.com https://platform.twitter.com https://pwm-image.trendmicro.jp https://safe.menlosecurity.com https://social-plugins.line.me https://td.doubleclick.net https://tpc.googlesyndication.com https://widgets.getpocket.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com www.googletagmanager.com;    img-src  'self' *.gravatar.com *.opendns.com ad.doubleclick.net blob: data: googleads.g.doubleclick.net https://*.analytics.google.com https://*.clarity.ms https://*.facebook.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.cat https://*.google.co.jp https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://ade.googlesyndication.com https://am.yahoo.co.jp https://b.st-hatena.com https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://crepu.net https://custom.search.yahoo.co.jp https://download.jword.jp https://googleads.g.doubleclick.net https://i.pinimg.com https://i.ytimg.com https://log.pinterest.com https://pagead2.googlesyndication.com https://portal.auone.jp https://pos.baidu.com https://ps.w.org https://robo.wave-inc.co.jp https://s.w.org https://ssl.gstatic.com https://syndication.twitter.com https://wordpress.org https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googletagmanager.com https://www.gstatic.com placehold.jp seal.globalsign.com ssif1.globalsign.com wave-data.jp www.google.com www.googletagmanager.com www.wave-inc.co.jp;    media-src  'self' chrome-extension: data: https://*.clarity.ms https://am.yahoo.co.jp https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://v.pinimg.com moz-extension:;    script-src  'self' 'unsafe-eval' 'unsafe-inline' data: googleads.g.doubleclick.net http://code.jquery.com http://s.yimg.jp https://*.clarity.ms https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.kaspersky-labs.com https://am.yahoo.co.jp https://apis.google.com https://assets.pinterest.com https://b.st-hatena.com https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://cdn.ampproject.org https://cdn.amproject.org https://cdn.jsdelivr.net https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d.line-scdn.net https://googleads.g.doubleclick.net https://greasyfork.org https://jumplink.up.seesaa.net https://p01.smbc-gp.co.jp https://platform.twitter.com https://pt01.smbc-gp.co.jp https://pwm-image.trendmicro.jp https://s.yimg.jp https://static.smbc-go.co.jp https://static.smbc-gp.co.jp https://stg-static.smbc-gp.co.jp https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://use.typekit.net https://widgets.getpocket.com https://widgets.pinterest.com https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.pagespeed.com https://www.youtube.com seal.globalsign.com ssif1.globalsign.com www.google.com www.googleadservices.com www.pagespeed-mod.com www.wave-inc.co.jp www.wave-inc.co.jp:8082;    style-src  'self' 'unsafe-inline' https://*.clarity.ms https://*.googleapis.com https://*.gstatic.com https://*.kaspersky-labs.com https://adblockers.opera-mini.net https://am.yahoo.co.jp https://b90.yahoo.co.jp https://b91.yahoo.co.jp https://b92.yahoo.co.jp https://b97.yahoo.co.jp https://b98.yahoo.co.jp https://b99.yahoo.co.jp https://c.bing.com https://cdnjs.cloudflare.com https://ff.kis.v2.scr.kaspersky-labs.com https://netdna.bootstrapcdn.com https://pwm-image.trendmicro.jp https://tagmanager.google.com https://use.fontawesome.com;    worker-src  blob:;       1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.4dstudio.com.au 1
default-src                 'none'                 ;         script-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr 		winsearch.fr                 *.myproman.com                 'unsafe-inline'                 *.googletagmanager.com                 *.googleapis.com                 *.g.doubleclick.net                 *.google-analytics.com                 *.mouseflow.com                 *.facebook.net                 *.google.com                 *.google.fr                 *.googleadservices.com                 *.gstatic.com                 ;         connect-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 *.analytics.google.com                 *.googleapis.com                 *.google-analytics.com                 *.g.doubleclick.net 		*.doubleclick.net 		*.googlesyndication.com 		blob: 		noembed.com                 ;         img-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 data:                 blob:                 *.google.com                 *.google.fr                 *.gstatic.com                 *.facebook.com                 *.googleapis.com                 *.ytimg.com                 *.googletagmanager.com                 *.google-analytics.com                 *.g.doubleclick.net 		*.doubleclick.net 		*.ggpht.com 		*.giphy.com                 ;         style-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 'unsafe-inline'                 *.googleapis.com                 ;         base-uri                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 ;         form-action                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 *.facebook.com                 ;         manifest-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 ;         font-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 fonts.gstatic.com                 ;         frame-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 *.facebook.com                 *.google.com                 *.google.fr                 *.youtube.com 		*.doubleclick.net                 ; 	frame-ancestors 		'self' 		https://proman.group 		https://www.proman.group 		https://www-proman-group.filesusr.com 		;         media-src                 'self'                 *.proman-emploi.fr 		*.winsearch.fr                 winsearch.fr                 *.myproman.com                 ; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com  *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com geoid.investisdigital.com cookiemanager.investisdigital.com plugins.flockler.com google-analytics.com/* *.zoho.eu vts.zohopublic.eu youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' salesiq.zoho.eu cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com www.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com cookiemanager.investisdigital.com  plugins.flockler.com fl-1.cdn.flockler.com *.cdn.flockler.com *.flockler.com web103.reachmee.com snap.licdn.com js.zohocdn.com  bat.bing.com *.clarity.ms youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.flockler.com fast.fonts.net css.zohocdn.com *.typekit.net  ; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com *.investisdigital.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com forms.zohopublic.eu recaptcha.net www.recaptcha.net web103.reachmee.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com api2.fonts.com css.zohocdn.com *.typekit.net plugins.flockler.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net salesiq.zoho.eu geoid.investisdigital.com wss://vts.zohopublic.eu vts.zohopublic.eu cookiemanager.investisdigital.com cdn.linkedin.oribi.io *.google-analytics.com o.clarity.ms/collect *.clarity.ms assets.investisdigital.com 1
default-src 'self'  http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' https://*.wogaa.sg https://*.dcube.cloud https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://va.ecitizen.gov.sg; script-src 'self' https://*.wogaa.sg 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.onemap.gov.sg/  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www-ecda-gov-sg.cwp.sg/ https://cse.google.com https://clients1.google.com https://*.dcube.cloud https://assets.adobedtm.com/ https://va.ecitizen.gov.sg https://www.ecda.gov.sg https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://cdn.jsdelivr.net/ https://webchat.vica.gov.sg/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://assets.dcube.cloud/fonts/ https://va.ecitizen.gov.sg https://*.wogaa.sg https://webchat.vica.gov.sg/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://assets.dcube.cloud/fonts/ https://va.ecitizen.gov.sg https://s3-us-west-2.amazonaws.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.google.com https://clients1.google.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://va.ecitizen.gov.sg *.onemap.gov.sg/ https://www.google.com.sg/pagead/ https://bucket-common.vica.gov.sg/; media-src 'self' data: blob:; frame-src 'self' https://wogaa.demdex.net https://www.facebook.com/ https://www.youtube.com/ *.onemap.gov.sg/ https://www.gstatic.com/recaptcha https://google.com/recaptcha https://www.google.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://*.dcube.cloud https://dpm.demdex.net/ https://va.ecitizen.gov.sg/ https://wogaa.demdex.net https://stats.g.doubleclick.net https://*.wogaa.sg wss://chat.vica.gov.sg/ https://chat.vica.gov.sg/ https://bucket-vica.vica.gov.sg/ https://autocomplete.vica.gov.sg/; 1
default-src 'self' *.livechatinc.com *.facebook.com *.doubleclick.net *.kontomatik.com *.salesmanago.pl *.salesmanago.com; connect-src 'self' *; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.doubleclick.net *.livechatinc.com *.mouseflow.com *.cloudfront.net *.nethone.io *.rollbar.com *.kontomatik.com *.salesmanago.pl *.salesmanago.com *.cux.io *.cookiebot.com *.google.com *.transactionlink.io static.hotjar.com *.aasapolska.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googletagmanager.com cdn-uicons.flaticon.com https://unpkg.com/; img-src 'self' data: https: *.salesmanago.pl *.salesmanago.com; font-src https://fonts.gstatic.com data:; worker-src 'self' blob: *.logrocket.io; frame-src *.cookiebot.com *.facebook.com *.doubleclick.net *.kontomatik.com 'self' https://secure.livechatinc.com *.googletagmanager.com *.salesmanago.pl *.salesmanago.com; frame-ancestors 'self' 1
frame-ancestors *.adit.com; 1
default-src 'self'; connect-src 'self'; script-src 'self' ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self'; frame-src 'self'; form-action 'self'; worker-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-l90qP+diCy5ucMtoRo2yHeiAWkg=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: android-webview-video-poster:; connect-src * blob:; object-src 'none'; base-uri 'none'; report-uri https://10f7b74fdb3510bfc538c7e770088edb.report-uri.com/r/d/csp/enforce; 1
frame-ancestors https://*.skyrama.com/ https://spiele.rtl.de/ https://skyrama.rtl.de/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://centralagier.wp.pl/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://spele.nl/ https://www.kidsmmorpg.com/ https://www.xn--mmoparanios-9db.com/; 1
frame-ancestors tzero.com *.tzero.com *.primaryissuancetzerotest.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ldlc.pro *.groupe-ldlc.com *.fontawesome.com via.placeholder.com *.intercomassets.com *.s-microsoft.com *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com *.cloudfront.net *.intercomcdn.com *.intercom.io *.hotjar.com *.hotjar.io *.doofinder.com *.youtube.com *.quadro-selector.com *.google.com *.google.fr *.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com www.googletagmanager.com www.youtube-nocookie.com tracking.groupe-ldlc.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com syndication.inc.hp.com *.1worldsync.com *.cnetcontent.com *.groupe-ldlc.com *.ldlc.com tracking.channelsight.com ws: wss: data:;frame-ancestors 'self'; 1
script-src 'self' matomo2.jart.at 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-bcf325a20725403dad04bc5ce0fea34e' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org js.hsforms.net *.vimeocdn.com *.googleapis.com static.hotjar.com snap.licdn.com scout-cdn.salesoft.com js.hs-scripts.com tag.demandbase.com js.zi-scripts.com js.usemessages.com js.hs-banner.com js.hs-analytics.com js.hs-analytics.net script.hotjar.com js.hs-analytics.com cdnjs.cloudflare.com scout-cdn.salesloft.com api.company-target.com data: 1
frame-ancestors 'self' https://www.draexlmaier.group 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6m3h80tiqubhb&partner=; 1
frame-ancestors 'self' exportal.k11.com saportal-uat.k11.com saportal-uat2.k11.com saportal-uat3.k11.com saportal-preprod-cp.k11.com; 1
default-src 'self' https://*.pileje.fr matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud; script-src 'self' 'unsafe-inline' *.pileje.fr *.facebook.com *.facebook.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.googletagmanager.com *.google-analytics.com www.google-analytics.com *.gstatic.com *.google.com maps.googleapis.com *.ytimg.com *.youtube.com connect.facebook.net maps.googleapis.com maps.google.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.eloquant.cloud *.linkedin.com *.oribi.io googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com paas.elsatis.fr pro.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src 'self' *.pileje.fr *.google.fr *.google.com data: *.google.fr *.google.com *.google-analytics.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com *.doubleclick.net *.gstatic.com maps.googleapis.com *.ytimg.com *.googletagmanager.com paas.elsatis.fr translate.google.com blob: *.google.fr *.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.eloquant.cloud *.linkedin.com *.oribi.io oogleads.g.doubleclick.net px.ads.linkedin.com; frame-src 'self' *.facebook.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.google.com *.elsatis.fr *.youtube.com www.googletagmanager.com maps.google.com maps.googleapis.com www.youtube-nocookie.com s.elq.fr *.eloquant.cloud *.linkedin.com *.oribi.io bid.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com paas.elsatis.fr pro.fontawesome.com github.com; connect-src 'self' *.google-analytics.com *.doubleclick.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud maps.googleapis.com maps.google.com *.linkedin.com *.oribi.io cdn.linkedin.oribi.io *.webspellchecker.net; report-uri /report-csp-violation 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline' 1
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.youtube.com; img-src 'self' data: https://testtwo.energoatom.com.ua; frame-src https://www.youtube.com; object-src 'none'; style-src 'self' https://cdn.jsdelivr.net 'unsafe-inline'; form-action 'self'; base-uri 'self'; 1
default-src 'self' support.yare.hk; script-src 'self' 'unsafe-inline' support.yare.hk ajax.cloudflare.com ; img-src 'self'  support.yare.hk; style-src 'self' 'unsafe-inline'  support.yare.hk; font-src 'self'  support.yare.hk; frame-src 'self'  same-origin www.paypal.com payment.ecpay.com.tw  support.yare.hk ;  report-uri /plugins/csp-report.php ; 1
connect-src 'self' *.cfbenchmarks.com; 1
default-src 'none'; frame-src 'self' *.doubleclick.net *.bluekai.com fortcdn.com *.google.com *.facebook.com *.sahbak.co.il *.azrieli.com *.creditguard.co.il *.prpl.co.il *.mini-sites.net cplay.net ssl-vp.com *.smoove.io lbi.co.il *.leumi-card.co.il https://www.max.co.il/ https://mini-sites.net/ azrieli.com kontent.ai https://online.max.co.il/ buyme.co.il https://slash.co.il/ *.cloudfront.net *.azrieli.xyz https://adsil1.com/ *.azrielimalls.co.il *.inmanage.com; font-src 'self' data: https://fortcdn.com/Campaigns/fonts/ https://fonts.gstatic.com/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrielimalls.co.il *.inmanage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrielimalls.co.il *.inmanage.com; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tags.bkrtx.com/ https://www.google.com/recaptcha/ https://js.nagich.co.il/ https://fortcdn.com/staticfiles/fb-web/js/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://connect.facebook.net/ https://amplify.outbrain.com/ https://tr.outbrain.com/ https://wave.outbrain.com/ https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://edge.fullstory.com/ https://maps.googleapis.com/maps/api/ *.azrieli.xyz https://bringthemhomenow.net https://comp.staging.ecom.azrieli.com *.azrielimalls.co.il *.inmanage.com; connect-src 'self' https://www.google-analytics.com/ https://js.nagich.co.il/ https://googleads.g.doubleclick.net/ https://fb.fortvision.com/fb/ https://3khkl7i2z4.execute-api.eu-west-1.amazonaws.com/ https://stats.g.doubleclick.net/ https://kinesis.eu-west-1.amazonaws.com/ https://www.facebook.com/x/ https://www.facebook.com/platform/ https://graph.facebook.com/ https://ieaccess.nagich.co.il/ https://analytics.google.com/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ https://api.stg.azrieli.xyz/ https://kd.stg.azrieli.xyz/ https://kd.ecom.azrieli.com/ https://api.ecom.azrieli.com/ https://tr.outbrain.com/ https://maps.googleapis.com/maps/api/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://n2.nixale.com/se https://pagead2.googlesyndication.com/ *.azrielimalls.co.il *.inmanage.com; img-src 'self' https://www.google.com/ https://googleads.g.doubleclick.net/ *.googleadservices.com data: https://www.facebook.com/ https://tr.outbrain.com/ https://www.google.co.il/ https://www.google-analytics.com/ https://graph.facebook.com/ https://platform-lookaside.fbsbx.com/platform/ https://www.googletagmanager.com https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://assets-us-01.kc-usercontent.com/ https://images.stg.azrieli.xyz/ https://ka.stg.azrieli.xyz/ https://images.ecom.azrieli.com/ https://ka.ecom.azrieli.com/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrieli.xyz *.azrielimalls.co.il *.inmanage.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fortcdn.com/ https://s3.eu-central-1.amazonaws.com/ https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrieli.xyz *.azrielimalls.co.il *.inmanage.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; 1
frame-ancestors 'self' https://fintualist.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leadsclinic.com *.salus.group *.financeservice.io cdnjs.cloudflare.com *.us-east-1.amazonaws.com *.eu-central-1.amazonaws.com *.facebook.net *.hotjar.com *.googletagmanager.com *.google.com *.tiktok.com; child-src 'self' forms.financeservice.io; style-src 'self' 'unsafe-inline'; img-src *; connect-src *; frame-ancestors 'self' https://myloan.co.za 1
base-uri 'none'; object-src 'none'; script-src 'nonce-lyEE-FX0_VHZt3ujCXgc-YIYd-5sLgvJpkWCqR1QaxtfcKbpRqlfiJ1cnwxS58V7' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src 'self' edge.curalate.com *.typeform.com *.zipmoney.com.au *.gstatic.com *.zdassets.com *.bazaarvoice.com *.vimeo.com *.akamaized.net load.sumo.com *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss: *.force.com; font-src 'self' data: https:; frame-ancestors 'self' https://*.brasnthings.com; 1
frame-ancestors 'self' https://cucute.com; 1
frame-ancestors 				www.adultexpo.com.tw 				www.jkforum.net 				www.shotexpo.com.tw 				shotexpo.com.tw 				makawesome2.com 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.magasinet.no/ *.googletagmanager.com *.google-analytics.com data: https://*.clarity.ms; style-src 'self' https: 'unsafe-inline' blob: https://www.magasinet.no/; img-src data: http: https: blob: https://c.bing.com https://*.clarity.ms; object-src 'none'; base-uri 'none'; default-src blob: 'self' https://*.clarity.ms https://katalog.magasinet.no https://commerce.adobedc.net https://commerce.adobe.io https://*.tiktok.com/ https://*.photoslurp.com https://*.doubleclick.net https://webstats.twoday.no/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.lt https://*.google.no https://*.google.com https://*.googleapis.com https://*.lipscore.com https://*.bing.com https://*.cookieinformation.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnaservices.com https://*.kelkoogroup.net https://*.zdassets.com https://*.zendesk.com wss://*.zopim.com https://*.nr-data.net; font-src data: 'self' fonts.gstatic.com static.lipscore.com v2.zopim.com x.klarnacdn.net *.cloudfront.net *.photoslurp.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.klarna.com *.sleeknote.com *.googlesyndication.com *.klarnaservices.com *.photoslurp.com *.facebook.com https://*.cookieinformation.com/; frame-ancestors 'self' https://katalog.magasinet.no/; report-uri https://925015dff672673dc181e65d1429ee9c.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' https://maniet-wap-web-prod-backend.azurewebsites.net/; 1
frame-ancestors 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.googleadservices.com *.googleapis.com *.fontawesome.com *.clarity.ms *.adsrvr.org *.hipeely.com *.productreview.com.au *.sharethis.com *.smct.co *.admatch.io *.googletagmanager.com *.amazonaws.com *.google.com *.google.com.au *.kaspersky-labs.com *.comm100vue.com *.gstatic.com *.comm100.com *.facebook.com *.tillpayments.com *.facebook.net *.cfjump.com *.doubleclick.net *.luckyorange.com  *.smct.io smct.co *.tangerinetelecom.com.au *.tiktok.com *.typekit.net *.google-analytics.com chrome-extension:; object-src 'none'; style-src 'self' 'unsafe-inline' *.gstatic.com cdnjs.cloudflare.com cdnjs.cloudflare.com fonts.googleapis.com ajax.googleapis.com *.typekit.net; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' *.gstatic.com fonts.gstatic.com cdnjs.cloudflare.com cdnjs.cloudflare.com fonts.googleapis.com ajax.googleapis.com *.typekit.net; 1
frame-ancestors 'self'; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cwdlatest.botoffice.net/cwdlatest/js/WCWSocket2.js http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://acdn.adnxs.com https://connect.facebook.net https://www.googletagmanager.com https://static.fittingbox.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.arukereso.com/; frame-src 'self' https://www.facebook.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://static.fittingbox.com/ https://vars.hotjar.com  https://www.youtube-nocookie.com/;  1
frame-ancestors https://*.liveswitch.io; upgrade-insecure-requests 1
font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' https://*.moonpay.com https://*.visualwebsiteoptimizer.com https://*.hotjar.com https://*.freshchat.com https://fw-cdn.com https://yastatic.net https://widget.mercuryo.io https://www.google.com https://www.gstatic.com *.googletagmanager.com *.google-analytics.com https://static.zdassets.com https://s3.tradingview.com https://mc.yandex.ru https://connect.trezor.io https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.freshchat.com https://storage.swapspace.co https://api.mapbox.com; img-src 'self' data: https://unpkg.com https://*.visualwebsiteoptimizer.com https://*.walletconnect.com https://registry.walletconnect.com https://www.googletagmanager.com https://storage.swapspace.co https://www.google-analytics.com https://mc.yandex.ru https://i.ytimg.com https://google.com https://www.google.com; font-src 'self' data: https://storage.swapspace.co; connect-src 'self' https://*.google.com https://*.visualwebsiteoptimizer.com wss://*.hotjar.com https://*.hotjar.io https://*.walletconnect.com wss://*.walletconnect.com wss://*.walletconnect.org https://*.google-analytics.com https://*.alchemy.com/v2/ https://*.infura.io https://*.getblock.io https://*.ingest.sentry.io wss://*.bridge.walletconnect.org/ https://registry.walletconnect.com wss://mainnet.infura.io https://api.swapspace.co https://storage.swapspace.co https://stats.g.doubleclick.net *.zdassets.com *.zendesk.com https://www.google-analytics.com wss://widget-mediator.zopim.com *.mapbox.com https://mc.yandex.ru https://connect.trezor.io; media-src 'self' *.zdassets.com; frame-src 'self' data: https://*.moonpay.com https://*.tradingview-widget.com https://*.walletconnect.com https://*.freshchat.com https://widget.mercuryo.io https://exchange.mercuryo.io https://s.tradingview.com https://www.google.com https://www.youtube.com https://connect.trezor.io https://www.youtube-nocookie.com https://miro.medium.com; object-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' 1
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.airfranceklm.com https://*.accorhotels.com https://*.accor.com https://*.decibelinsight.net https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.google.com https://*.google-analytics.com https://*.hotjar.com https://*.klm.com https://*.optimizely.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com/ https://*.usabilla.com 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://connect.facebook.net 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; frame-ancestors 'self' https://cncdh-prod-renew.ext.ssl-gouv.fr; 1
form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; default-src https://api.fiveoak.com 'self'; script-src 'report-sample' 'nonce-WmE4MDRSZXVPMEFXSkhWUkdxRjlUd0FBakJR' 'unsafe-inline' 'strict-dynamic' 'unsafe-eval' https: http:; style-src 'report-sample' 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com https://static.ctctcdn.com https://cdn.jsdelivr.net https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://listgrowth.ctctcdn.com https://stats.g.doubleclick.net https://helmethouse.attn.tv https://events.attentivemobile.com https://maps.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://visitor2.constantcontact.com https://digitalthrottle.ss-gtm.com *.googlesyndication.com https://cdn.livechatinc.com https://api.livechatinc.com *.algolia.net *.algolianet.com *.fontawesome.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com https://use.fontawesome.com; child-src 'self'; frame-src 'self' https://spinzam.com/shot/embed/ https://www.youtube-nocookie.com/embed/ https://bid.g.doubleclick.net https://js.stripe.com https://creatives.attn.tv https://chatwidget.fiveoak.com https://player.vimeo.com https://secure.livechatinc.com https://td.doubleclick.net *.facebook.com https://www.youtube.com https://www.google.com; img-src 'self' data: https://d1o0i0v5q5lp8h.cloudfront.net https://static.ctctcdn.com https://ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://analytics.google.com https://cdn.livechat-static.com https://cdn.livechat-files.com https://helmethouse.com https://secure.adnxs.com https://stats.g.doubleclick.net https://www.clickcease.com *.facebook.net *.facebook.com https://digitalthrottle.ss-gtm.com; manifest-src 'self'; media-src 'self'; report-to https://support.stage.cascadewebdev.com/cust/csp_reports/public/add/index.php; report-uri https://support.stage.cascadewebdev.com/cust/csp_reports/public/add/index.php; worker-src 'none'; 1
script-src 'self' 'unsafe-inline' http: https: https://polette.com/; style-src 'self' blob: https: 'unsafe-inline' https://polette.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com cdn.livechatinc.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adyen.com *.livechatinc.com *.cdn.livechatinc.com *.cdn.adyen.com *.doubleclick.net 1
block-all-mixed-content; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' *.larrainvial.com; img-src 'self' data: * https://cdn.larrainvial.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.com.pt https://www.myheritage.com.pt  'nonce-5375d7bbe527f468b8e4171b8580ef1e' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.pt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
base-uri 'none'; connect-src 'self'  *.cetizen.com *.channel.io wss://2.front-ws.channel.io wss://ws.channel.io  *.tosspayments.com dapi.gspostbox.com api.cvsnet.co.kr cdn.channel.io browser.sentry-cdn.com www.google-analytics.com cetizen01.cache.cdn.cloudn.co.kr image.cdn.ntruss.com img.cdn.ntruss.com uaiagwhcaioz572651.cdn.ntruss.com; script-src 'self' 'unsafe-inline'  *.cetizen.com appleid.cdn-apple.com dapi.gspostbox.com api.cvsnet.co.kr  *.fingple.com *.tosspayments.com *.inicis.com *.google.com *.googletagservices.com  *.googlesyndication.com  *.googleapis.com *.gstatic.com www.google-analytics.com *.g.doubleclick.net *.googletagmanager.com www.juso.go.kr *.daumcdn.net  spi.maps.daum.net *.channel.io browser.sentry-cdn.com image.cdn.ntruss.com img.cdn.ntruss.com uaiagwhcaioz572651.cdn.ntruss.com; style-src 'self' 'unsafe-inline' *.cetizen.com dapi.gspostbox.com api.cvsnet.co.kr  *.fingple.com  *.inicis.com  *.google.com *.googletagservices.com  *.googleapis.com *.gstatic.com t1.daumcdn.net image.cdn.ntruss.com img.cdn.ntruss.com uaiagwhcaioz572651.cdn.ntruss.com cetizen01.cache.cdn.cloudn.co.kr; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com *.civiccomputing.com *.googleapis.com www.googletagmanager.com siteimproveanalytics.com *.deep4jibe.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.buzzsprout.com *.googleapis.com; font-src 'self' *.gstatic.com; img-src 'self' blob: data: *.buzzsprout.com shlegal.vuture.net 10543.global.siteimproveanalytics.io; media-src 'self' blob: data:; child-src 'self' *.buzzsprout.com *.yoshki.com www.google.com www.youtube-nocookie.com; connect-src 'self' www.google-analytics.com *.civiccomputing.com *.civiccomputing.com www.google-analytics.com; worker-src blob:; 1
default-src 'self' https:; connect-src 'self' https://api.mapbox.com/ https://a.tiles.mapbox.com/ http://a.tiles.mapbox.com/ https://b.tiles.mapbox.com/ https://events.mapbox.com/ https://api.mazemap.com/ https://tiles.mazemap.com/ https://search.mazemap.com/ https://api.gobistories.com/ https://res.cloudinary.com/gobi-technologies-as/image/upload/ https://res.cloudinary.com/gobi-technologies-as/video/upload/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ wss://*.hotjar.com/ https://tr.snapchat.com/ https://www.facebook.com/; font-src 'self' data: https://fonts.gstatic.com/ https://api.mapbox.com/ https://api.mazemap.com/ https://script.hotjar.com/; frame-src 'self' https://iframe.hivolda.no/ https://hivolda.instructuremedia.com/embed/ https://www.youtube.com/ http://www.youtube.com/ https://www.youtube-nocookie.com/embed/ https://studietesten.no/ https://use.mazemap.com/ https://embed.acast.com/ https://player.vimeo.com/ https://docs.google.com/presentation/ https://vars.hotjar.com/ https://tr.snapchat.com/ https://www.instagram.com/ https://hivolda.cloud.panopto.eu/ https://issuu.com/sivolda/docs/ https://create.plandisc.com/ https://www.tiktok.com/embed/ https://if-cdn.com/ https://outlook.office365.com/owa/calendar/; img-src 'self' https: data: blob: http://api.mapbox.com/ http://a.tiles.mapbox.com/; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://hivolda.devz.no/ http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.js https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api/ https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://tagmanager.google.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://siteimproveanalytics.com/ https://track.adform.net/ https://s2.adform.net/ https://sc-static.net/ https://connect.facebook.net/ https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://script.hotjar.com/ https://static.hotjar.com/ http://siteimproveanalytics.com/js/siteanalyze_6000491.js https://track.adform.net/serving/scripts/trackpoint/async/ https://track.adform.net/Serving/TrackPoint/ https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://sc-static.net/ https://connect.facebook.net/ https://www.instagram.com/ https://tr.snapchat.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/ https://if-cdn.com/ https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.css https://fonts.googleapis.com/ https://tagmanager.google.com/ https://api.mapbox.com https://api.mazemap.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://lf16-tiktok-web.ttwstatic.com/ https://api.mapbox.com https://api.mazemap.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-155f36f656ac01c10ccfbe080334fc63'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.znamylekar.cz doctoraliaone-cz2-candidate.azurewebsites.net 1
default-src https://cdn.plaid.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: https://static.flourish.com/ https://assets.flourish.com https://static.flourish.com https://www.google-analytics.com https://www.google.com https://track.hubspot.com https://d.adroll.com *.hubspot.com;object-src 'none';script-src 'sha256-8ZgGo/nOlaDknQkDUYiedLuFRSGJwIz6LAzsOrNxhmU=' *.hubspot.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://static.flourish.com/ https://assets.flourish.com https://resources.flourish.com https://api.segment.io https://api-js.mixpanel.com https://www.google-analytics.com https://stats.g.doubleclick.net https://flourish-document-upload.s3.amazonaws.com https://flourish-user-service-csv-upload.s3.amazonaws.com https://flourish-eng-apps-prod-ue1-platform-upload.s3.amazonaws.com https://forms.hubspot.com https://cdn.segment.com https://development.plaid.com https://production.plaid.com *.hubspot.com wss://localhost:*/;frame-src https://cdn.plaid.com https://bid.g.doubleclick.net/ *.hubspot.com *.hs-sites.com;manifest-src 'self' https://static.flourish.com/;script-src-elem 'nonce-df67c1708d015d691364127532060cc8' https://static.flourish.com/ https://cdn.plaid.com https://development.plaid.com https://production.plaid.com https://cdn.segment.com https://cdn.mxpnl.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.adobedtm.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.adroll.com *.hs-scripts.com 'sha256-8ZgGo/nOlaDknQkDUYiedLuFRSGJwIz6LAzsOrNxhmU=' https://localhost:* 1
frame-ancestors 'self' https://www.roedl.de/ https://www.roedl.com/ https://karriere.roedl.de/ https://karriere.roedl.de/; form-action 'self'; connect-src https://matomo.roedlcloud.com  'self' https://orca.roedlcloud.com/ https://DEFFMSPFWEBD01.roedl.org:86 https://www.wetter.com/  https://letscast.fm/; img-src 'self' matomo.roedlcloud.com https://chart.googleapis.com https://cs3.wettercomassets.com/ https://intlobt.fusionsolar.huawei.com/ https://lcdn.letscast.fm/; 1
default-src 'self' https://login.windows.net https://gateway.zscaler.net/ https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://videos.ctfassets.net https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.ca/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.terracycle.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com/ data: feed.pghub.io pandg.tapad.com ; img-src * 'self' https://cdn.incentives.gcp.pgcloud.com https://np-cdn.incentives.gcp.pgcloud.com https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://videos.ctfassets.net blob: data: https: https://www.google.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://res.cloudinary.com/ https://images.ctfassets.net/ https://videos.ctfassets.net https://cdn.cpnscdn.com/ ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://get.free.ca https://analytics.tiktok.com https://s.pinimg.com https://gateway.zscaler.net/ https://procter-gamble.us.janraincapture.com/ https://procter-gamble.us-dev.janraincapture.com/ https://z.moatads.com/ https://www.terracycle.com/ https://pghub.io/ https://www.tp88trk.com/ https://cdn.cookielaw.org/ https://script.crazyegg.com/ https://container.pepperjam.com/ https://connect.facebook.net/ https://www.gstatic.com https://www.google.com https://c.lytics.io https://www.youtube.com https://www.youtube-nocookie.com https://procter-gamble-qa.us-dev.janraincapture.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://cdn.segment.com/ https://www.googleadservices.com/ https://pge.segmanta.com/ https://js.adsrvr.org/ https://googleads.g.doubleclick.net/ blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://quilt-cdn.janrain.com/ https://fonts.googleapis.com/ feed.pghub.io pandg.tapad.com ; frame-src 'self' https://ct.pinterest.com https://preferencecenter.pg.com https://*.doubleclick.net/ https://youtu.be/ https://consumersupport.pg.com/ mailto: https://gateway.zscaler.net/ https://pg-lex.my.salesforce-sites.com/ https://procter-gamble.us.janraincapture.com/ https://procter-gamble.us-dev.janraincapture.com/ https://feed.pghub.io/ https://pandg.tapad.com/ https://*.pepperjamnetwork.com/ https://www.terracycle.com/ https://sg.pggoodeveryday.com/ https://*.pg.promosvcs.com/ https://www.facebook.com/ https://*.fls.doubleclick.net/ https://www.coupons.com/ https://pgconsumersupport.secure.force.com/ https://consumeraccessapi.smartsource.com https://gears.websaver.ca/ https://pgsurveys.segmanta.com/ https://9942807.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com https://www.youtube-nocookie.com/ https://coupons.websaver.ca https://stagegears.websaver.ca/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/ https://match.adsrvr.org/ https://procter-gamble-qa.us-dev.janraincapture.com/ feed.pghub.io pandg.tapad.com ; object-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' https://cdn.incentives.gcp.pgcloud.com https://np-cdn.incentives.gcp.pgcloud.com https://get.free.ca https://s.pinimg.com https://ct.pinterest.com https://analytics.tiktok.com https://cdn-uat.pg-campaigns.com https://stage-eapi.pggoodeveryday.com https://dev-eapi.pggoodeveryday.com https://gateway.zscaler.net/ https://api.pggoodeveryday.ca/ https://dev-api.pggoodeveryday.ca/ https://i.ytimg.com/ https://px.moatads.com/ https://www.terracycle.com/ https://gateway.zscaler.net/ https://cdn.cpnscdn.com/ https://images.ctfassets.net/ https://videos.ctfassets.net https://ups.analytics.yahoo.com/ https://trk.shophermedia.net/ https://pghub.io/ https://www.tp88trk.com/ https://*.pepperjam.com/ https://www.facebook.com/ https://connect.facebook.net/ https://*.algolianet.com/ https://*.onetrust.io/ https://*.algolia.net/ https://*.crazyegg.com https://cdn.cookielaw.org/ https://dc.services.visualstudio.com/ https://www.youtube.com https://www.youtube-nocookie.com/ https://pixel.rubiconproject.com https://mediaid.pg.com/ https://insight.adsrvr.org https://www.gstatic.com https://s.amazon-adsystem.com https://c.lytics.io https://api.segment.io https://www.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.ca/ https://*.pgsvc.com/ https://match.adsrvr.org/ https://js.adsrvr.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://search-api.swiftype.com/ https://api-pge.segmanta.com/ https://res.cloudinary.com/ https://fonts.googleapis.com/ https://d29usylhdk1xyu.cloudfront.net/ https://d1lqe9temigv1p.cloudfront.net/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://quilt-cdn.janrain.com/ https://cdn.segment.com/ https://feed.pghub.io/ https://pixel.tapad.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/ https://*.janraincapture.com/ feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://acsbapp.com https://content.linkedin.com https://connect.facebook.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://f.vimeocdn.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://m.youtube.com https://maps.googleapis.com https://platform.linkedin.com https://player.vimeo.com https://static.addtoany.com https://static-exp1.licdn.com https://snap.licdn.com https://www.youtube.com https://www.linkedin.com https://www.vimeo.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com;object-src 'none';frame-src 'self' *.google.com *.vimeo.com *.facebook.com *.youtube.com connect.facebook.net consentcdn.cookiebot.com maps.googleapis.com syndication.teleborsa.it static.addtoany.com vimeo.com www.youtube-nocookie.com www.linkedin.com www.googletagmanager.com;child-src 'self' *.vimeo.com *.facebook.com connect.facebook.net vimeo.com www.youtube.com www.googletagmanager.com;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.ggpht.com *.vimeocdn.com *.vimeo.com *.facebook.com *.facebook.net *.fbcdn.net *.linkedin.com *.licdn.com *.ytimg.com *.youtube.com imgsct.cookiebot.com maps.google.com p.adsymptotic.com www.googletagmanager.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.facebook.com *.linkedin.com *.licdn.com acsbapp.com cdn.acsbapp.com connect.facebook.net consentcdn.cookiebot.com fonts.gstatic.com fonts.googleapis.com maps.google.com maps.googleapis.com region1.google-analytics.com vimeo.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self' *.facebook.com connect.facebook.net;media-src 'self' *.vimeo.com media.licdn.com vimeo.com;worker-src 'self'; 1
default-src 'self' swana.org *.swana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org polyfill.io swana.org *.swana.org www.googletagmanager.com *.feathr.co www.googleadservices.com swana.informz.net js.hsadspixel.net js.hsleadflows.net googleads.g.doubleclick.net cdn.callrail.com snap.licdn.com one.progmxs.com tag.marinsm.com secure.adnxs.com pixel-geo.prfct.co js.hs-scripts.com js.hs-banner.com js.usemessages.com js.hsforms.net *.vimeo.com adserver.theassociationpartner.net *.salespanel.io *.visitorqueue.com  https://salespanel.io https://visitorqueue.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com swana.org *.swana.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: swana.org *.swana.org; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com swana.org *.swana.org stats.g.doubleclick.net swana.informz.net *.feathr.co *.google.com *.linkedin.com match.adsrvr.org p.adsymptotic.com pixel-geo.prfct.co secure.adnxs.com ads.yahoo.com us-u.openx.net *.vimeo.com adserver.theassociationpartner.net https://www.googletagmanager.com; media-src 'self' data: blob: swana.org *.swana.org *.dvidshub.net *.youtube.com *.vimeo.com; frame-src 'self' *.dvidshub.net *.youtube.com *.wbur.org app.hubspot.com platform.twitter.com www.google.com *.doubleclick.net adserver.theassociationpartner.net https://video.theassociationpartner.com/ *.vimeo.com https://www.facebook.com/ https://*.mimecast.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ *.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.wbur.org swana.org *.swana.org *.doubleclick.net *.vimeo.com; connect-src 'self' analytics.google.com/ accounts.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com swanasearch301.aws.mtxgp.net swana.org *.swana.org *.hub.swana.org api.hubapi.com api.hubspot.com forms.hubspot.com *.feathr.co https://www.youtube.com/player_api swana.informz.net *.google-analytics.com *.doubleclick.net *.routesmart.com *.swana.swoogo.com cdn.linkedin.oribi.io adserver.theassociationpartner.net *.salespanel.io *.visitorqueue.com  https://salespanel.io https://visitorqueue.com https://*.googlesyndication.com; 1
form-action 'self' https://*.facebook.com https://*.glimp.co.nz https://track.roeye.co.nz; img-src 'self' https: data:; frame-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.salesforce.com/ https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://website.prod.ap1.cloud.nownz.co.nz/ https://nownz.my.salesforce.com/ https://webto.salesforce.com/ https://salesforce.com/ https://d1acq29e7jo33e.cloudfront.net; default-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.salesforce.com/ https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net; base-uri 'self'; frame-ancestors 'self'; style-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.salesforce.com/ https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; script-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.salesforce.com/ https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; report-uri https://sentry.io/api/1296255/security/?sentry_key=c1a37a356e7b417a9b592b66a2ad29d2 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://static.hotjar.com https://cdn.moengage.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://script.hotjar.com https://www.googleadservices.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.youtube-nocookie.com https://cdn-apac.onetrust.com https://pagead2.googlesyndication.com https://d3e54v103j8qbb.cloudfront.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.google.com https://www.google.com.my https://www.google.com.sg https://cdn-apac.onetrust.com https://www.google-analytics.com https://placekitten.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://cdnjs.cloudflare.com; frame-src https://www.google.com https://www.youtube.com https://td.doubleclick.net https://www.youtube-nocookie.com https://gleneagles-3d---orthopaedic.web.app https://pantaiproject-db504.web.app https://simulate-volcano.web.app https://gleneagles-3d---obgyn.web.app https://gleneagles-3d---paediatrics.web.app/ https://heartsimulation.web.app/ 'self' web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com https://analytics.google.com wss://ws.hotjar.com https://content.hotjar.io https://stats.g.doubleclick.net https://metrics.hotjar.io https://adservice.google.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://jupiter.junoverse.io https://vc.hotjar.io https://sdk-01.moengage.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://jupiter.junoverse.io; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src 'self'           https://www.youtube.com                   https://fonts.googleapis.com                   https://fonts.gstatic.com/                   https://ldynamicspublicapi.leadforensics.com                   https://m.addthis.com/                   https://z.moatads.com/                   https://player.vimeo.com/                   https://clapi.civiccomputing.com/                   https://api-public-oci-origin.addthis.com/                   https://apikeys.civiccomputing.com/                   https://webeo-web-content.s3-eu-west-1.amazonaws.com/                   https://secure.leadforensics.com/                   https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images       https://m.addthis.com/                  https://cdn.jsdelivr.net/npm;                  script-src 'self' 'unsafe-inline' 'unsafe-eval' data:                   https://ldynamicspublicapi.leadforensics.com/dynamics/                   https://secure.care5alea.com/                   https://www.googletagmanager.com                   https://www.google-analytics.com                   https://www.google.com                   https://secure.care5alea.com/js/149047.js                   https://secure.care5alea.com/Track/Capture.aspx                   https://ldynamicspublicapi.leadforensics.com/dynamics/script/get/2/149047/                   https://ldynamicspublicapi.leadforensics.com/dynamics/event/capture/scripttimer/176/                  https://z.moatads.com/addthismoatframe568911941483/moatframe.js                   https://v1.addthisedge.com                   https://m.addthis.com/                   http://graph.facebook.com/                   http://api-public.addthis.com/                   https://api-public-oci-origin.addthis.com/                   https://ldynamicspublicapi.leadforensics.com/dynamics/                   https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/                  https://cc.cdn.civiccomputing.com/8/cookieControl-8.2.min.js      https://cc.cdn.civiccomputing.com/                  https://webeo-web-content.s3-eu-west-1.amazonaws.com/                  https://cdn.jsdelivr.net/npm/                  https://secure.leadforensics.com                  https://ldynamicspublicapi.leadforensics.com                  https://www.vimeo.com                  https://vimeo.com/api;                  style-src 'self' 'unsafe-inline' data:                   https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/                      https://fonts.googleapis.com                       https://webeo-web-content.s3-eu-west-1.amazonaws.com/;                  img-src 'self' data:           https://*.google-analytics.com/          https://*.analytics.google.com/                  https://i.vimeocdn.com/                  https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/                      https://fonts.googleapis.com                  https://www.google.co.in                  https://www.google-analytics.com                  https://www.googletagmanager.com                  https://www.google.com                  https://dashboard.umbraco.org/                  https://webeo-web-content.s3-eu-west-1.amazonaws.com/                  https://s3-eu-west-1.amazonaws.com/ldproduct/editor/images/                  https://stats.g.doubleclick.net/;                  font-src 'self'; base-uri 'self' https://fonts.gstatic.com/;                  connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net/ https://m.addthis.com/ https://clapi.civiccomputing.com/ https://www.google-analytics.com/ https://apikeys.civiccomputing.com/ https://ldynamicspublicapi.leadforensics.com; 1
frame-ancestors https://www.co.yamhill.or.us 1
frame-ancestors 'self' meritpages.com; 1
default-src 'self'; connect-src 'self' https://wlm87rcpwh.execute-api.us-west-2.amazonaws.com/Production/contactus; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' cdn.ekivita.eu cdn.cookielaw.org google-analytics.com data:; font-src ka-p.fontawesome.com fonts.gstatic.com cdn.ekivita.eu 'self' data:; 1
default-src https: http: 'unsafe-inline' 'unsafe-eval'; connect-src *; font-src * data:;img-src * data: blob:; worker-src 'self' blob: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' sogo.com.hk https://code.jquery.com soestore.azurewebsites.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://wb.messengerpeople.com https://tpc.googlesyndication.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.co.in https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.co.in https://m.myprotein.co.in https://checkout.myprotein.co.in https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4ckd8vtiqu47l&partner=; 1
frame-ancestors 'self' https://*.toyotakz.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src disqus.com *.disqus.com *.disquscdn.com; font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; frame-src calendly.com disqus.com *.disqus.com *.disquscdn.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.instagram.com *.linkedin.com *.loom.com *.stripe.com *.tiktok.com *.typeform.com *.urssaf.fr *.youtube.com zapier.com *.zapier.com; img-src 'self' https: data: *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com sumo.com *.sumo.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.axept.io ckeditor.com disqus.com *.disqus.com *.disquscdn.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.hs-scripts.com *.instagram.com *.jquery.com *.pinterest.com reddit.com *.stripe.com sumo.com *.sumo.com *.tiktok.com *.typeform.com zapier.com *.zapier.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com tagmanager.google.com zapier.com *.zapier.com; connect-src 'self' https: *.google-analytics.com *.stripe.com sumo.com *.sumo.com wss://*.tawk.to 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self' data:; 1
default-src 'self';  img-src 'self' data: blob: https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://matomo-proxy.cargox.cc https://*.zdusercontent.com https://i.ytimg.com https://v2assets.zopim.io https://static.zdassets.com https://cargoxhelp.zendesk.com https://*.adyen.com; style-src 'report-sample' 'self' https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://fonts.googleapis.com https://static.zdassets.com https://*.adyen.com 'unsafe-inline'; style-src-elem 'report-sample' 'self' https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://static.zdassets.com 'unsafe-inline'; font-src 'self' data: https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://cargox.digital wss://cargox.digital https://www.cargox.digital wss://www.cargox.digital https://app.live.cargox.cc wss://app.live.cargox.cc https://sentry-proxy.cargox.cc https://sentry.cargox.cc https://ekr.zdassets.com https://cargoxhelp.zendesk.com wss://cargoxhelp.zendesk.com https://widget-mediator.zopim.com wss://*.zopim.com https://api.stripe.com https://matomo-proxy.cargox.cc https://*.adyen.com wss://api.smooch.io/faye; script-src 'report-sample' 'self' https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://matomo-proxy.cargox.cc https://www.youtube.com https://static.zdassets.com https://widget-mediator.zopim.com 'nonce-4eOkNaWM7kJCTsd6wbpf9AYfoRV8pFhA' 'sha256-s2aKb+suI1rPO1c7kBmQ2T0H71R3SOQNeu8RMXqshbM=' https://matomo-proxy.cargox.cc https://js.stripe.com https://*.adyen.com https://api.smooch.io 'sha256-4qKCU4ASjcZQABOq+luXDsjYeOYhMdWDu2p4BHE6WYc=' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM='; frame-ancestors 'self' https://www.pellets.supply https://www.timber.exchange; frame-src 'self' https://cargox.digital https://www.cargox.digital https://app.live.cargox.cc https://www.youtube.com https://connect.trezor.io https://js.stripe.com https://hooks.stripe.com; media-src 'self' https://static.zdassets.com; report-uri https://sentry.cargox.cc/api/3/security/?sentry_key=ad95a12b37e44244a2b3551c7b997d13&sentry_release=e4feb69517ad3aa2c2bad30862e323042ec799d7&sentry_environment=prod; report-to sentry 1
frame-ancestors 'self' apps.elfsight.com elfsight.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;frame-src https://giphy.com https://platform.twitter.com https://*.youtube.com https://*.youtube-nocookie.com https://*.clickagy.com https://embed.testimonial.to;connect-src 'self' https:;img-src 'self' data: https:;form-action 'self' https://dvc.us10.list-manage.com https://dvc.org;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src *.rostatus.ru *.google.com https://yastatic.net *.jsdelivr.net *.jquery.com https://bitrix.info *.googleapis.com *.doubleclick.net *.bootstrapcdn.com *.yandex.ru *.yandex.net *.googletagmanager.com *.google-analytics.com *.jivosite.com *.chatra.io *.cloudflare.com *.gstatic.com *.comagic.ru *.youtube.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' 'self'; img-src data: blob: *.yandex.net *.yastatic.net  *.google.ru *.google.com https://bitrix.info *.doubleclick.net *.yandex.ru *.googletagmanager.com  *.jivosite.com *.jsdelivr.net *.chatra.io *.cloudflare.com *.gstatic.com *.comagic.ru *.youtube.com *.ytimg.com *.google-analytics.com 'self' 1
default-src 'self' * data: blob: https: *.mysticmag.com mysticmag.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tctm.co *.cheqzone.com *.peacebanana.com *.ostrichesica.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.facebook.com *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: mysticmag.com *.mysticmag.com *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
default-src 'self'; upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self' https://www.facebook.com/tr/; script-src 'self' https://www.wolfcraft.test:3000 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js *.google-analytics.com/g/ https://connect.facebook.net/signals/config/557984799388703 https://s.pinimg.com/ct/lib/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/plugins/identity.js https://connect.facebook.net/signals/config/715171169509034 https://s.pinimg.com/ct/lib/main.c99cd143.js https://googleads.g.doubleclick.net https://cdn.cookielaw.org/consent/ https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com/pagead/managed/js/adsense/ https://www.google-analytics.com/analytics.js https://s.pinimg.com/ct/core.js https://www.youtube.com/iframe_api https://pagead2.googlesyndication.com/pagead/js/ https://partner.googleadservices.com/gampad/cookie.js https://adservice.google.de/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://tpc.googlesyndication.com/sodar/sodar2.js https://www.youtube.com/s/player/ https://s.pinimg.com/ct/lib/main.32155010.js https://maps.googleapis.com https://cdn.cookielaw.org/scripttemplates/ https://squarelovin.com/api/ https://squarelovin.com/squarelovin.js https://cdnjs.cloudflare.com/ajax/libs/mark.js/; style-src 'self' https://www.wolfcraft.test:3000 'unsafe-inline' https://fonts.googleapis.com https://squarelovin.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.wolfcraft.test:3000 https://www.wolfcraft.test:3001 wss://www.wolfcraft.test:3001 *.google-analytics.com/g/  https://ct.pinterest.com/user/ https://stats.g.doubleclick.net/j/collect https://pagead2.googlesyndication.com  https://maps.googleapis.com https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://csi.gstatic.com/csi; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com/ https://www.facebook.com/ https://ct.pinterest.com/ https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://tpc.googlesyndication.com/sodar/ https://www.youtube-nocookie.com; img-src 'self' https://www.wolfcraft.com https://img.youtube.com https://www.wolfcraft.test:3000 https://www.facebook.com/tr/ https://i.ytimg.com https://scontent-ssn1-1.cdninstagram.com https://med-cf-1.squarelovin.com https://ik.imagekit.io https://www.google-analytics.com/collect https://pagead2.googlesyndication.com/pagead/gen_204 https://pagead2.googlesyndication.com/pagead/sodar https://ct.pinterest.com/v3/ https://googleads.g.doubleclick.net data: https://maps.googleapis.com https://maps.gstatic.com https://med-euw3c.squarelovin.com https://squarelovin.com https://cdn.cookielaw.org; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-ZVaPtFSSEniAbZG80x4ZpXa7ai4='; style-src 'nonce-ZVaPtFSSEniAbZG80x4ZpXa7ai4=' 1
frame-src youtube.com www.youtube.com www.youtube.com/ www.youtube-nocookie.com; frame-ancestors none; child-src none; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.verintcloudservices.com; report-uri csp-reports; report-to csp-endpoint; 1
frame-ancestors 'self' http://pardot.com https://pardot.com http://*.pardot.com https://*.pardot.com http://preview.pardot.com https://preview.pardot.com http://*.preview.pardot.com https://*.preview.pardot.com http://pi.pardot.com https://pi.pardot.com http://*.pi.pardot.com https://*.pi.pardot.com http://embedded.pardot.com https://embedded.pardot.com http://*.embedded.pardot.com https://*.embedded.pardot.com http://pi.demo.pardot.com https://pi.demo.pardot.com http://*.pi.demo.pardot.com https://*.pi.demo.pardot.com http://embedded.demo.pardot.com https://embedded.demo.pardot.com http://*.embedded.demo.pardot.com https://*.embedded.demo.pardot.com http://preview.demo.pardot.com https://preview.demo.pardot.com http://*.preview.demo.pardot.com https://*.preview.demo.pardot.com http://debug.pardot.com https://debug.pardot.com http://*.debug.pardot.com https://*.debug.pardot.com http://debug-preview.pardot.com https://debug-preview.pardot.com http://*.debug-preview.pardot.com https://*.debug-preview.pardot.com http://salesforce.com https://salesforce.com http://*.salesforce.com https://*.salesforce.com http://t.salesforce.com https://t.salesforce.com http://*.t.salesforce.com https://*.t.salesforce.com http://gs0.salesforce.com https://gs0.salesforce.com http://*.gs0.salesforce.com https://*.gs0.salesforce.com http://my.salesforce.com https://my.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://visual.force.com https://visual.force.com http://*.visual.force.com https://*.visual.force.com http://*.visual.force.com https://*.visual.force.com http://*.visualforce.com https://*.visualforce.com http://*.force.com https://*.force.com http://b2bmktg.com https://b2bmktg.com http://*.b2bmktg.com https://*.b2bmktg.com http://*.cloudforce.com https://*.cloudforce.com http://pardot.force.com https://pardot.force.com http://*.pardot.force.com https://*.pardot.force.com http://demo.pardot.force.com https://demo.pardot.force.com http://*.demo.pardot.force.com https://*.demo.pardot.force.com http://embedded.pardot.force.com https://embedded.pardot.force.com http://*.embedded.pardot.force.com https://*.embedded.pardot.force.com http://embedded.demo.pardot.force.com https://embedded.demo.pardot.force.com http://*.embedded.demo.pardot.force.com https://*.embedded.demo.pardot.force.com http://*.lightning.force.com https://*.lightning.force.com http://*.sandbox.lightning.force.com https://*.sandbox.lightning.force.com http://*.vf.force.com https://*.vf.force.com; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=pardotUnauth 1
default-src 'self' *.vimeo.com *.ctfassets.net share.hsforms.com *.denkwerk.com *.hubspotpagebuilder.com *.cdn-eu.pagesense.io ma.zoho.eu *.google.com *.cleverreach.com *.gstatic.com *.facebook.com calendly.com; img-src https: *.ctfassets.net *.vimeo.com https://www.denkwerk.com *.icons8.com www.facebook.com px.ads.linkedin.com data:; style-src 'self' 'unsafe-inline' https://www.denkwerk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.denkwerk.com polyfill.io *.googletagmanager.com *.google-analytics.com analytics.denkwerk.com google-analytics.com static.etracker.com code.etracker.com *.etracker.de *.mopinion.com *.personio.de *.ctfassets.net *.denkwerk.com *.hubspotpagebuilder.com *.cdn-eu.pagesense.io ma.zoho.eu *.google.com *.cleverreach.com *.gstatic.com connect.facebook.net snap.licdn.com; connect-src https://www.denkwerk.com vimeo.com *.vimeo.com data: *.contentful.com *.etracker.de *.denkwerk.com *.mopinion.com *.google-analytics.com *.personio.de *.denkwerk.com *.hubspotpagebuilder.com *.cdn-eu.pagesense.io ma.zoho.eu *.google.com *.cleverreach.com *.gstatic.com connect.facebook.net cdn.linkedin.oribi.io; form-action 'self' *.cleverreach.com *.google.com *.gstatic.com *.facebook.com; frame-ancestors 'none'; object-src 'none'; base-uri https://www.denkwerk.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://thinkgrowth.org https://*.thinkgrowth.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' *.mrsfields.com 1
default-src 'self' https://*.korkortonline.se https://*.readspeaker.com; script-src 'self' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.korkortonline.se https://*.readspeaker.com https://*.vimeo.com https://*.googleadservices.com https://*.googlesyndication.com; style-src 'self' https://*.korkortonline.se 'unsafe-inline' https://*.readspeaker.com; img-src 'self' data: https://*.korkortonline.se https://*.readspeaker.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.se; media-src 'self' https://*.korkortonline.se https://*.vimeo.com https://*.vimeocdn.com/ https://*.akamaized.net/; frame-ancestors 'self'; frame-src 'self' https://*.vimeo.com https://*.google.com https://*.korkortonline.se; font-src 'self' data: https://*.readspeaker.com; object-src https://*.korkortonline.se; form-action 'self' https://*.payex.com https://*.readspeaker.com; block-all-mixed-content 1
frame-ancestors 'self' https://www.youtube.com/* https://vimeo.com/*; 1
frame-ancestors 'self' https://help.bikester.pl https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self' https://www.googletagmanager.com resource: 'unsafe-inline' 'unsafe-eval' https://idptest.spid.gov.it https://www.puntobanca.eu https://www.bdmbanca.it https://www.popolarebari.it https://www.agenziabpb.it https://unpkg.com https://www.youtube.com www.googleadservices.com https://*.g.doubleclick.net www.google-analytics.com *.googleapis.com wurfl.io *.gstatic.com *.google.com *.google.it www.compass.it *.opentok.com ws: wss://*.tokbox.com https://*.tokbox.com; connect-src 'self' https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.tokbox.com https://*.opentok.com https://*.tokbox.com https://*.openstreetmap.org; img-src 'self' https://www.google.it https://www.google.com https://unpkg.com https://*.tile.openstreetmap.org https://www.agid.gov.it https://www.spid.gov.it https://googleads.g.doubleclick.net https://*.segugio.it https://maps.gstatic.com https://maps.googleapis.com www.google-analytics.com data:; frame-ancestors 'self' https://www.puntobanca.eu https://www.bdmbanca.it https://www.popolarebari.it https://www.agenziabpb.it; frame-src 'self' blob: 'unsafe-inline' https://www.compass.it https://www.youtube.com data: https://www.bdmbanca.it https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it; object-src 'self' 'unsafe-inline' data: https://www.bdmbanca.it https://www.puntobanca.eu https://www.popolarebari.it https://www.agenziabpb.it; 1
frame-ancestors 'self' terminal.dietfurt.de  terminal.naturpark-altmuehltal.de; 1
frame-ancestors 'self' matomo.audiotec-fischer.com mtmo.audiotec-fischer.de; 1
default-src 'self' misc.poalim-site.co.il fonts.googleapis.com; img-src 'self' data: connect.facebook.net https://*.googletagmanager.com www.googletagmanager.com www.facebook.com www.google.co.il www.google.com googleads.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com https://*.gstatic.com maps.gstatic.com misc.poalim-site.co.il; script-src 'self' 'unsafe-inline' 'unsafe-eval' misc.poalim-site.co.il *.bcodes.co.il https://*.googletagmanager.com www.googletagmanager.com  www.googleadservices.com www.google-analytics.com analytics.google.com googleads.g.doubleclick.net maps.googleapis.com www.youtube.com tagmanager.google.com connect.facebook.net; connect-src 'self' misc.poalim-site.co.il stats.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com www.youtube.com youtu.be https://*.analytics.google.com https://*.googletagmanager.com www.facebook.com analytics.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; frame-src 'self' open.spotify.com tools.bizportal.co.il bid.g.doubleclick.net td.doubleclick.net *.bcodes.co.il www.youtube.com poalimcalculator.kavmanche.co.il www.facebook.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; report-to default 1
child-src https://plusone.google.com https://facebook.com https://platform.twitter.com https://franfinance.fr/ https://www.partners-finances.fr/ https://www.assurpeople.com/ https://www.youtube.com/ https://asset.easydmp.net/ https://optimize.google.com http://pffr-gv.dev.viaevista.fr/ https://pffr.preprod.viaevista.fr https://www.franfinance.fr/ https://docs.google.com/ https://www.youtube-nocookie.com/ https://www.carreprive.fr https://tag.aticdn.net/ https://td.doubleclick.net/ https://carrev4.euroback.fr https://www.carreprive.fr/Partners/TopSeller ; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://smart-widget-assets.ekomiapps.de/ https://www.franfinance.fr/ https://bat.bing.com/ https://asset.easydmp.net/ https://api.privacy-center.org wss://api.algoan.com/ https://api.algoan.com/ https://dcinfos-cache.abtasty.com/ https://ariane.abtasty.com/ https://www.facebook.com/ https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://b.clarity.ms/ https://pagead2.googlesyndication.com/ https://w.clarity.ms/ https://tag.aticdn.net/ https://region1.google-analytics.com/ https://www.google.com/ https://rmjnvmk.pa-cd.com/ https://googleads.g.doubleclick.net/; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://sw-assets.ekomiapps.de/ https://github.com/ data: https://asset.easydmp.net/ https://optimize.google.com https://solution-selfhelp.easyvista.com; script-src https://apis.google.com https://platform.twitter.com https://ajax.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://sw-assets.ekomiapps.de/ https://smart-widget-assets.ekomiapps.de/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://www.dwin1.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ 'unsafe-eval' https://www.franfinance.fr/ 'self' https://atout.email-match.com/ https://asset.easydmp.net/ https://asset.easydmp.net https://apis.google.com/ https://plus.google.com/ www.easydmp.net https://maps.google.com/ https://franfinance.fr/landing_page 'unsafe-inline' data: https://optimize.google.com https://sdk.privacy-center.org/ https://api.privacy-center.org https://franfinance-sav.algoan.com/ https://ajax.aspnetcdn.com/ https://try.abtasty.com/ https://connect.facebook.net/ https://www.google.com/pagead/conversion_async.js https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://pagead2.googlesyndication.com/ https://tag.aticdn.net/piano-analytics.js https://lantern.roeyecdn.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' https://sw-assets.ekomiapps.de/ https://asset.easydmp.net/ https://optimize.google.com https://solution-selfhelp.easyvista.com; img-src 'self' 'unsafe-inline' data: https://ssl.google-analytics.com/ https://sw-assets.ekomiapps.de/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.franfinance.fr/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.fr/ https://bat.bing.com/ https://asset.easydmp.net/ https://optimize.google.com https://franfinance-sav.algoan.com/ https://solution-selfhelp.easyvista.com https://www.clarity.ms/ https://c.clarity.ms/ https://c.bing.com/ https://lantern.roeye.com/; object-src 'none'; frame-ancestors https://franfinance.fr/ https://www.partners-finances.fr/ https://www.franfinance.fr/ https://www.piscines-ibiza.com/ https://piscines-ibiza.com/ http://e-solutions.franfinance.com https://solution-selfhelp.easyvista.com https://languedoc-pools-group.com/ https://www.languedoc-pools-group.com/; default-src https://franfinance.fr/ 'self' https://www.partners-finances.fr/; 1
default-src 'self' https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://www.recaptcha.net https://fonts.gstatic.com https://www.google-analytics.com https://info.marshmsp.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://10050468.fls.doubleclick.net https/td.doubleclick.net https/googleads.g.doubleclick.net https://consent.trustarc.com https://platform.twitter.com https://cdn.linkedin.oribi.io https://vimeo.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://forms.office.com https://use.fontawesome.com https://undefined.fls.doubleclick.net https://analytics.google.com https://player.vimeo.com https://dpm.demdex.net https://settings.luckyorange.com https://siteintercept.qualtrics.com https://pagead2.googlesyndication.com https://consent-pref.trustarc.com https://www.youtube-nocookie.com https://uat.oneval.victorinsurance.com https://oneval.victorinsurance.com https://mmc.oktapreview.com https://marsh-mmc.oktapreview.com https://mmc.kerberos.oktapreview.com https://engage.us.victorinsurance.com https://ajax.googleapis.com mailto: tel: *.victorinsurance.com https://marsh.okta.com https://www.youtube.com https://mmcglobal.okta.com https://player.vimeo.com/api/player.js https://mmcglobal.kerberos.okta.com https://www.facebook.com https://px.ads.linkedin.com 'unsafe-inline'; script-src 'self' https://www.google.com https://cdnjs.cloudflare.com https://cdn.polyfill.io https://www.googletagmanager.com 'unsafe-eval' https://consent.trustarc.com https://www.google-analytics.com https://www.recaptcha.net https://www.gstatic.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://assets.adobedtm.com https://info.marshmsp.com https://static.tagboard.com https://tags.tiqcdn.com https://zn0b4batq5brjpdx0-marsh.siteintercept.qualtrics.com https://cdn.jsdelivr.net https://tools.luckyorange.com https://zn2i2bbuxai3xv9dz-marsh.siteintercept.qualtrics.com https://info.marsh.com https://scripts.demandbase.com https://siteintercept.qualtrics.com http://info.marshmsp.com https://www.youtube.com https://uat.oneval.victorinsurance.com https://mmc.oktapreview.com https://marsh-mmc.oktapreview.com https/mmc.kerberos.oktapreview.com https://engage.us.victorinsurance.com https://ajax.googleapis.com https://marsh.okta.com https://oneval.victorinsurance.com https://player.vimeo.com/api/player.js https://mmcglobal.kerberos.okta.com https://engage.ca.victorinsurance.com/acton/content/form_embed.js https://engage.ca.victorinsurance.com https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js 'unsafe-inline'; img-src 'self' data: * https://consent.trustarc.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://consent.trustarc.com https://stackpath.bootstrapcdn.com 'unsafe-inline' 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://chungta.vn https://*.chungta.vn https://fpt.vn https://*.fpt.vn https://wikifpt.com.vn https://*.wikifpt.com.vn 1
frame-ancestors 'self' *.union.hu *.unionbiztosito.hu *.viennalife.hu; 1
object-src 'self'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.realtylink.org https://*.centris.ca; default-src 'self' https://*.centris.ca https://*.realtylink.org/ https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self' https://static.meblobranie.pl https://analityka.meblobranie.pl https://*.bing.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com https://fonts.googleapis.com *.google.com https://www.google.pl https://www.google-analytics.com https://www.facebook.com *.doubleclick.net https://www.youtube.com https://cdn.ampproject.org *.hotjar.com *.hotjar.io wss://ws5.hotjar.com wss://*.hotjar.com *.opineo.pl https://consent.cookie-script.com https://cz.im9.cz https://*.trustedshops.com  https://*.freshchat.com https://src.fwusercontent.com https://*.livechatinc.com https://*.user.com wss://*.user.com; style-src 'self' https://fonts.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com  https://*.freshchat.com 'unsafe-inline'; img-src data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analityka.meblobranie.pl https://*.bing.com https://*.clarity.ms https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.optimize.google.com https://www.googleoptimize.com https://apis.google.com *.doubleclick.net https://www.google-analytics.com https://www.google.pl https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com *.hotjar.com https://pixel.wp.pl https://cdn.ampproject.org https://ssl.ceneo.pl https://www.wiarygodneopinie.pl https://www.google.com https://c.imedia.cz https://c.seznam.cz https://cdn.cookie-script.com https://cz.im9.cz https://*.trustedshops.com https://fw-cdn.com https://*.freshchat.com https://*.livechatinc.com https://*.user.com wss://*.user.com 1
frame-ancestors 'self' https://horizon.nora.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.youtube.com blog.playstaxel.com www.humblebundle.com store.steampowered.com data:;frame-ancestors 'self' 1
frame-ancestors 'self' http://www.philips.pt *.philips.com *.philips.pt https://philipsigtdpv.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://instagram-engineering.com https://*.instagram-engineering.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' mailto: tel: 'self' *.localhost 1
frame-ancestors 'self' https://www.spedition-overnight.de; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://cdn2.hubspot.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.de https://www.google.at.com https://www.google.ch.com https://www.google.nl.com https://www.google.fr.com https://www.google.se.com https://www.google.co.in.com https://www.google.co.uk.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsleadflows.net https://*.hsforms.net https://*.googletagmanager.com https://*.google-analytics.com https://snap.licdn.com https://*.hs-scripts.com https://ws.zoominfo.com https://*.hubspot.com https://js.usemessages.com https://www.googleadservices.com https://*.hsadspixel.net https://static.hsappstatic.net https://*.hubspot.net https://*.hsforms.com https://js.hscta.net https://*.usemessages.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hscollectedforms.net https://*.hubspotfeedback.com https://feedback.hubapi.com; frame-src 'self' https://*.hsforms.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://*.hsforms.net https://play.hubspotvideo.com youtube.com www.youtube.com; img-src 'self' data: https://googleads.g.doubleclick.net https://*.hubspot.com https://maps.googleapis.com https://maps.gstatic.com https://*.hsforms.com https://www.google.com https://www.google.de https://www.google.at.com https://www.google.ch.com https://www.google.nl.com https://www.google.fr.com https://www.google.se.com https://www.google.co.in.com https://www.google.co.uk.com https://www.google-analytics.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://ct.capterra.com https://*.hubspot.net https://*.hsforms.net https://static.hsappstatic.net https://*.google-analytics.com https://*.googletagmanager.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://cdn2.hubspot.net; trusted-types angular#unsafe-bypass angular#bundler goog#html google-maps-api#html; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-1VJhuwwBglLTVF5937ARxIlte74fQY1eI2c9fSlkfzjkmbwV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
connect-src 'self' region1.analytics.google.com *.google-analytics.com *.cookiecode.nl *.googleapis.com stats.g.doubleclick.net *.clarity.ms *.sentry.io *.facebook.com *.googletagmanager.com *.hotjar.io *.hotjar.com *.salesfeed.com *.publitas.com *.onlineafspraken.nl *.jquery.com *.jsdelivr.net region1.analytics.google.com *.google.nl www.google.co.uk *.google.co.uk *.google.com cdn.chatapi.net *.analytics.google.com adservice.google.com facebook.com ;default-src 'self'  ;frame-ancestors 'self'  ;frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.hotjar.com *.publitas.com *.onlineafspraken.nl *.woonsquare.nl *.hotjar.com ;media-src 'self'  ;object-src 'none' ; report-uri https://www.woonsquare.nl/.csp-violation; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.clarity.ms *.google-analytics.com https://cdn.praivacy.eu *.google.com *.gstatic.com *.googleapis.com *.cookiecode.nl *.sentry-cdn.com *.publitas.com *.onlineafspraken.nl *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.adscience.nl *.optinadserving.com conoret.com cdn.respond.io ;style-src 'report-sample' 'self' 'unsafe-inline' *.cookiecode.nl *.googleapis.com *.typekit.net *.publitas.com *.onlineafspraken.nl ;img-src 'self' *.facebook.com cdn.leadinfo.net cdn.praivacy.eu *.vimeocdn.com *.google-analytics.com data: *.gstatic.com *.googleapis.com *.googletagmanager.com *.clarity.ms *.linkedin.com https://px.ads.linkedin.com i.ytimg.com img.youtube.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat c.bing.com *.facebook.com *.adnxs.com *.optinadserving.com ;font-src 'self' *.gstatic.com *.typekit.net *.onlineafspraken.nl *.faceworks.nl *.megabonus.com ; 1
default-src *; img-src * data:; media-src *; script-src * 'unsafe-eval' 'unsafe-inline' data:; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://actii.com.mx https://www.actii.com.mx; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gap.myeg.ph https://payment.meg.ph https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net t.2c2p.com;font-src data: https://fonts.gstatic.com/;object-src none 1
default-src 'self' *.optica.org *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.talkjs.com *.titanembeds.com *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.optica.org *.osa.org *.googletagservices.com *.3playmedia.com s3.amazonaws.com https://unpkg.com *.talkjs.com *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.licdn.com *.simpli.fi blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' *.optica.org cdn.opticsinfobase.org *.3playmedia.com *.google.com wss://*.talkjs.com *.talkjs.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us *.zoom.com.cn wss://*.zoom.us wss://*.optica.org *.gstatic.com *.cvent.com blob:; media-src 'self' *.optica.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net *.brightcove.com blob:; object-src 'self' cdn.opticsinfobase.org *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.optica.org *.googletagservices.com vimeo.com *.vimeo.com *.twitter.com *.cloudfront.net *.talkjs.com *.osa.org *.googlesyndication.com *.google.com cdn.opticsinfobase.org *.frontiersinoptics.com *.youtube.com https://titanembeds.com *.brightcove.net *.doubleclick.net; frame-ancestors 'self' *.optica.org *.osa.org *.frontiersinoptics.com 1
script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://js.hs-scripts.com https://www.google-analytics.com https://www.google.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' recruitingbypaycor.com www.youtube.com www.youtube.com/iframe_api js.hsforms.net www.googletagmanager.com consent.cookiebot.com www.google-analytics.com *.youku.com valipl.cp31.ott.cibntv.net;                     style-src 'self' 'unsafe-inline' fonts.googleapis.com player.youku.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' recruitingbypaycor.com www.youtube.com www.youtube.com/iframe_api *.google.com *.google.de maps.google.com *.bdimg.com api.map.baidu.com dlswbr.baidu.com www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com maps.googleapis.com *.hip.live.com js.hsforms.net forms.hsforms.com *.azureedge.net *.googleadservices.com *.privacysandbox.googleadservices.com browser-update.org *.youku.com *.alicdn.com *.mmstat.com fourier.taobao.com snap.licdn.com googleads.g.doubleclick.net *.youku.com www.googleads.g.doubleclick.net www.snap.licdn.com;                     img-src 'self' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com *.client.hip.live.com *.bdimg.com *.baidu.com *.dynamics.com *.doubleclick.net *.google.de *.google.com *.youku.com *.mmstat.com *.ykimg.com fourier.taobao.com *.linkedin.com;                     frame-src 'self' recruitingbypaycor.com www.youtube-nocookie.com consentcdn.cookiebot.com forms.hsforms.com *.dynamics.com player.youku.com outlook.office365.com;                     font-src 'self' data: fonts.gstatic.com;                     connect-src 'self' maps.googleapis.com hubspot-forms-static-embed.s3.amazonaws.com consentcdn.cookiebot.com forms.hsforms.com *.google-analytics.com miao.baidu.com *.dynamics.com *.doubleclick.net *.bugsnag.com *.linkedin.oribi.io *.friendlycaptcha.com;                     worker-src 'self' blob: 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3p4afgliqudo3&partner=; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-RvYGXjxZS9qjkfhVimtIJ5kVvhfQHU' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
style-src * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com www.mrdc.com http://www.google-analytics.com https://use.typekit.net https://script.hotjar.com/ ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net https://static.hotjar.com/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.venatorcorp.com https://venator.stage-use1.investis.com/ *.investis.com https://static.site24x7rum.eu https://stats.sa-as.com https://nexus.ensighten.com https://img04.en25.com https://connect.facebook.net https://www.google-analytics.com/ https://secure.leadforensics.com https://snap.licdn.com https://munchkin.marketo.net https://d.adroll.com/ https://s.adroll.com/; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 1
default-src 'self' *.yumpu.com *.baqend.com *.criteo.com *.adyen.com https://cdn.jsdelivr.net *.consentmanager.net *.consentmanager.mgr.consensu.org *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.webgains.io *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.apple.com *.happymo.re *.webgains.link *.bing.com *.youtube-nocookie.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yumpu.com *.baqend.com *.criteo.com https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://apis.google.com https://app.mailjet.com https://tagmanager.google.com https://player.vimeo.com/api/ https://service.excentos.com *.webgains.io *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' data: * *.sport2000.de *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com data: *.facebook.com *.facebook.net *.fbcdn.net *.paypal.com www.paypalobjects.com *.youtube-nocookie.com *.vimeo.com i.ytimg.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.baqend.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.yumpu.com *.criteo.com https://tagmanager.google.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.webgains.io *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.baqend.com *.youtube-nocookie.com *.vimeo.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net data: https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.baqend.com *.youtube-nocookie.com *.vimeo.com; frame-src 'self' * *.yumpu.com *.criteo.com *.adyen.com www.paypalobjects.com *.paypal.com *.youtube.com www.youtube-nocookie.com https://player.vimeo.com/video/ *.facebook.com connect.facebook.net https://accounts.google.com https://app.mailjet.com *.sport2000.de https://service.excentos.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.happymo.re *.webgains.link *.apple.com *.bing.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *.yumpu.com *.criteo.com *.adyen.com *.paypal.com www.paypalobjects.com *.facebook.com connect.facebook.net https://*.algolia.net https://*.algolianet.com https://*.algolia.io www.googletagservices.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.webgains.io *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.happymo.re *.webgains.link *.apple.com *.bing.com *.baqend.com *.youtube-nocookie.com *.vimeo.com; worker-src *.yumpu.com *.baqend.com *.criteo.com *.frontastic.io *.frontastic.io.local *.frontastic.live *.sport2000.de *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.youtube-nocookie.com *.vimeo.com; child-src *.yumpu.com *.criteo.com *.facebook.com connect.facebook.net www.paypalobjects.com *.paypal.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://cdn.jsdelivr.net https://kaerntenwerbung.traumgutscheine.com https://myincert.com *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.webgains.io *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com *.baqend.com *.youtube-nocookie.com *.vimeo.com; form-action * *.facebook.com connect.facebook.net https://cdn.jsdelivr.net *.consentmanager.net *.consentmanager.mgr.consensu.org *.touchtechpayments.com *.trustedshops.com *.etrusted.com *.trustbadge.com *.googletagmanager.com *.graphcms.com *.graphassets.com *.office.com *.loadbee.com *.googleapis.com *.google-analytics.com *.emailmeform.com *.google.com *.googleadservices.com *.g.doubleclick.net *.adyen.com *.happymo.re *.webgains.link *.apple.com *.bing.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lgbtqia.space; img-src 'self' https: data: blob: https://lgbtqia.space; style-src 'self' https://lgbtqia.space 'nonce-ZYg7gz+buEzu6wD+owzfSQ=='; media-src 'self' https: data: https://lgbtqia.space; frame-src 'self' https:; manifest-src 'self' https://lgbtqia.space; form-action 'self'; child-src 'self' blob: https://lgbtqia.space; worker-src 'self' blob: https://lgbtqia.space; connect-src 'self' data: blob: https://lgbtqia.space https://cdn2.miau.pub wss://lgbtqia.space; script-src 'self' https://lgbtqia.space 'wasm-unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; frame-ancestors 'self' https://nouveauccne-prod-renew.ext.ssl-gouv.fr; 1
default-src * data: blob: https:; script-src *.terme-tuhelj.hr *.terme-olimia.com *.gooya.io *.phobs.net *.sos-sw.si *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.facebook.net *.intelliad.de *.doubleclick.net *.google.com *.sentry-cdn.com *.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src *.terme-tuhelj.hr *.gooya.io *.phobs.net *.googleapis.com *.google.com *.sos-sw.si 'unsafe-inline' 1
default-src 'self' https://cdn.queensboro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://z.moatads.com https://m.addthis.com https://qb-static-public.s3.amazonaws.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://bat.bing.com https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.googletagmanager.com https://apis.google.com https://connect.facebook.net snap.licdn.com  https://static.ads-twitter.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://s7.addthis.com https://v1.addthisedge.com https://v1.addthis.com https://www.google-analytics.com https://tags.srv.stackadapt.com/events.js https://cdn.queensboro.com *.qbstores.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://snap.licdn.com https://connect.facebook.net https://px.ads.linkedin.com https://p.adsymptotic.com https://tags.srv.stackadapt.com https://widget.trustpilot.com https://www.googleadservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.queensboro.com *.qbstores.com; img-src 'self' https://www.google-analytics.com https://*.hotjar.com https://img.youtube.com https://placehold.it https://px.ads.linkedin.com https://p.adsymptotic.com https://srv.stackadapt.com *.cloudfront.net *.queensboro.com *.qbstores.com https://bat.bing.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://qb-general-images.s3.amazonaws.com https://qb-static-public.s3.amazonaws.com https://qb-web-images.s3.amazonaws.com https://cdn.queensboro.com https://qb-style.s3.amazonaws.com https://t.co https://www.google.com https://www.facebook.com https://alb.reddit.com https://csi.gstatic.com https://googleads.g.doubleclick.net blob: data:; media-src 'self' https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://qb-sitevideos.s3.amazonaws.com https://cdn.queensboro.com *.qbstores.com; frame-src 'self' *.youtube.com https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://assets.calendly.com/ https://*.hotjar.com https://calendly.com/ https://beacon-v2.helpscout.net https://www.google.com https://s7.addthis.com https://www.facebook.com https://accounts.google.com https://widget.trustpilot.com https://edge.addthis.com https://bid.g.doubleclick.net; connect-src 'self' https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://m.addthis.com https://dev-io.queensboro.com https://io.queensboro.com https://px.ads.linkedin.com https://p.adsymptotic.com https://tags.srv.stackadapt.com *.queensboro2.com https://bat.bing.com https://assets.calendly.com/ https://calendly.com/ https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com https://widget.trustpilot.com *.qbstores.com https://qx.queensboro.com https://v1.addthisedge.com https://v1.addthis.com https://www.google-analytics.com; font-src 'self' https://qb-general-images.s3.amazonaws.com fonts.gstatic.com https://*.hotjar.com https://assets.calendly.com/ https://calendly.com/ https://beacon-v2.helpscout.net https://cdn.queensboro.com https://themes.googleusercontent.com *.qbstores.com data:; base-uri https://dev-io.queensboro.com https://io.queensboro.com *.queensboro2.com https://docs.helpscout.net; object-src https://beacon-v2.helpscout.net; child-src https://www.youtube.com https://player.vimeo.com; 1
default-src 'self'  https://in2.taskanalytics.com/ https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.tripadvisor.co.uk https://www.tripadvisor.de https://www.tripadvisor.dk https://www.tripadvisor.se http://localhost:* https://ehelse.piwik.pro https://ehelse.containers.piwik.pro/ ; frame-src * 'self'  *.vimeo.com *.youtube.com data: blob: ; frame-ancestors 'self' blob: ; ; base-uri 'self' ; ; form-action 'self'  https://pub.dialogapi.no/ ; script-src * 'unsafe-eval' 'unsafe-inline'  https://in2.taskanalytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.js https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.0.0/polyfill.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://cdn.jsdelivr.net/npm/fuse.js@6.6.2/dist/fuse.esm.js https://unpkg.com/ ; object-src * 'self' data: blob: ; img-src * 'unsafe-inline'  https://ssl.gstatic.com/ data: ; style-src * 'unsafe-inline'  https://tagmanager.google.com/ https://fonts.googleapis.com/ ; font-src * data: 1
default-src *; img-src * 'self' data: https:; font-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.taboola.com https://fe.sitedataprocessing.com https://app.termly.io https://www.googletagmanager.com https://js.hs-banner.com https://js.hsadspixel.net https://trc.taboola.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://cdnjs.cloudflare.com https://ws.zoominfo.com https://www.google-analytics.com https://meetings.hubspot.com https://static.hsappstatic.net https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://cdn.datatables.net 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-97c9191252094cb4a60ae245d0c8981b' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/vue@2.6.12 https://connect.facebook.net/ https://www3.objective.com/ https://form.jotform.com/jsform/ https://extend.vimeocdn.com/ga/3682823.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me https://grow.clearbitjs.com/api/pixel.js https://iptrack.io/api/v1/wiv.js https://pi.pardot.com/  https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com *.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www3.objective.com/analytics 'nonce-Za8lcd7q7H6wSPNSadtHSwAAEyA' https://ipinfo.io https://www.google.com/ https://www.gstatic.com/ https://secure.leadforensics.com/; style-src 'report-sample' 'unsafe-inline' 'self' https://fast.fonts.net https://fast.wistia.com https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipify.org https://fast.wistia.net https://*.wistia.com https://ipapi.co https://s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net *.google-analytics.com wss://*.wistia.com *.litix.io *.analytics.google.com https://analytics.google.com *.akamaihd.net https://api.lever.co https://s3.ap-southeast-2.amazonaws.com/trapezedownload.objective.com https://cdn.linkedin.oribi.io/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://s3.ap-southeast-2.amazonaws.com/trapezedownload.objective.com/; font-src 'self' data: https://fast.wistia.net https://fast.wistia.com https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' *.youtube.com https://calendly.com/ https://www.objective.com https://vars.hotjar.com https://www.facebook.com https://www3.objective.com https://objectiveredact.com https://www.googletagmanager.com https://www.google.com/ https://player.vimeo.com/ https://*.jotform.com/  https://app.livestorm.co/; img-src 'self' data: https://dashboard.whoisvisiting.com https://fast.wistia.net https://grow.clearbitjs.com https://px.ads.linkedin.com https://www.facebook.com *.facebook.net *.google-analytics.com https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.my *.wistia.com *.youtube.com https://www.objective.com.au https://www.objective.co.uk *.objective.com https://secure.leadforensics.com https://www.linkedin.com/ https://*.hotjar.com; manifest-src 'self'; media-src 'self' data: blob: *; worker-src blob:; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.myfonts.net; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://vimeo.com https://*.googleapis.com https://*.google-analytics.com; frame-src 'self' https://*.vimeo.com; img-src 'self' data: https://*.googletagmanager.com https://*.gravatar.com https://*.googleapis.com https://*.gstatic.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=37nu7uliqub2p&partner=; 1
default-src * 'self' data: blob:; style-src * 'self' 'unsafe-inline' data: *.fonts.net *.mapbox.com *.diageohorizon.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.treasuredata.com *.facebook.net *.cloudflare.com *.mapbox.com *.diageoagegate.com *.google-analytics.com *.onetrust.com *.cloudflare.com *.googletagmanager.com *.diageoplatform.com *.diageohorizon.com polyfill.io/v3/polyfill.min.js *.cloudflare.com *.jquery.com *.onetrust.com *.cdn-ukwest.onetrust.com *.youtube.com *.vimeo.com vimeo.com www.google.com www.gstatic.com; font-src * *.fonts.com; connect-src * 'self' *.mapbox.com *.google-analytics.com *.analytics.google.com; img-src * 'self' data: *.mapbox.com https://scontent-iad3-1.cdninstagram.com *.google-analytics.com *.analytics.google.com; frame-ancestors 'self' 1
frame-ancestors 'self' gea.at *.gea.at gea-waldviertler.at *.gea-waldviertler.at  stat.jmx.at; 1
frame-ancestors *.zeekrlife-test.com *.zeekr.eu; 1
frame-ancestors 'self' https://gnosis-safe.io https://app.safe.global https://wallet.ambire.com; 1
script-src 'self';object-src 'self';block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.jsdelivr.net https://justins.hormelstaging.com https://www.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://*.hormel.com https://aep.mxptint.net https://scripts.hormel.com https://secure.gravatar.com https://*.salsify.com https://*.justins.com https://justins.com https://*.hormel.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.bugherd.com https://dpm.demdex.net https://*.doubleclick.net https://aa.agkn.com https://fonts.gstatic.com https://ups.analytics.yahoo.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://beacon.krxd.net https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://r.turn.com https://mpp.mxptint.net https://www.google-analytics.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://static.lightning.force.com https://hormelchat.secure.force.com https://*.salesforceliveagent.com https://hormel.my.salesforce.com https://code.jquery.com https://service.force.com https://*.bugherd.com https://*.googletagmanager.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://s.pinimg.com https://*.crazyegg.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://*.mapbox.com 'unsafe-inline' 'unsafe-eval' blob: ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://www.justins.com https://*.jsdelivr.net https://cloud.typography.com https://*.salesforce-sites.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://hormelchat.secure.force.com https://*.bugherd.com https://*.googletagmanager.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://*.googleapis.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://hormelchat.secure.force.com https://*.salesforce-sites.com https://*.force.com https://*.pusher.com wss://*.pusherapp.com https://www.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://*.mapbox.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://*.crazyegg.com https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://*.vimeo.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://service.force.com https://*.force.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
default-src 'self';    script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com      connect.facebook.net www.locrating.com clients.yomdel.com *.livechatinc.com cdn.jsdelivr.net cdnjs.cloudflare.com      *.matomo.cloud www.youtube.com *.vimeocdn.com;    style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net;    img-src 'self' data: https: blob: rettiecdn.co.uk;    connect-src 'self' https:;    font-src 'self' data: https:;    object-src 'self';    media-src 'self' data: www.youtube.com vimeo.com *.cloudflarestream.com;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com *.youtube.com player.vimeo.com *.google.com infogram.com *.infogram.com      www.facebook.com *.soundcloud.com *.cloudflarestream.com my.matterport.com schools.locrating.com *.livechatinc.com      td.doubleclick.net www.googletagmanager.com;    form-action 'self' www.facebook.com;    base-uri 'self';    worker-src blob:;    child-src blob:;    frame-ancestors 'self';    report-to default;    report-uri https://nbcom.report-uri.com/r/d/csp/enforce 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com 'strict-dynamic' 'nonce-np6/ZZg03OQ/eaLfhOhB6g=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://www.google.com https://www.facebook.com/ *.g.doubleclick.net https://cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net fonts.googleapis.com cdn2.hubspot.net https://ajax.googleapis.com; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google.com https://www.google.be https://www.google-analytics.com https://www.googletagmanager.com/; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://www.youtube.com/ https://www.facebook.com/ https://platform.twitter.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
frame-ancestors 'self' http://www.philips.dk *.philips.com *.philips.dk https://philipsigtdpv.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://www.youtube.com https://cdnjs.cloudflare.com https://static.axept.io https://cdn.novius.net; object-src 'self'; frame-src 'self' https://www.youtube.com 1
default-src 'self' www.google-analytics.com app.readspeaker.com rstts.readspeaker.com www.gstatic.com media-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com stats.g.doubleclick.net https://api.analytics.foleon.com www.googletagmanager.com; child-src 'self' app.readspeaker.com rstts.readspeaker.com app-eu.readspeaker.com www.google.com stats.g.doubleclick.net media-eu.readspeaker.com rstts-eu.readspeaker.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.perplex.nl www.gstatic.com maps.googleapis.com www.google.com https://cdn.analytics.foleon.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com; img-src 'self' data: region1.google-analytics.com region1.analytics.google.com services.perplex.eu www.google-analytics.com www.perplex.nl www.gstatic.com mt.googleapis.com maps.gstatic.com ssl.gstatic.com maps.googleapis.com lh3.googleusercontent.com lh4.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com khms0.googleapis.com khms1.googleapis.com stats.g.doubleclick.net www.viecuri.nl; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' app.readspeaker.com; 1
default-src https: data: self: 'unsafe-inline'; form-action https:; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.qbo.intuit.com https://qbo.intuit.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.youtube.com www.tagassistant.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.browsealoud.com *.soundcloud.com cashierui-api.intelligent-payments.com rezoomo.com rum.browser-intake-datadoghq.eu; 1
font-src 'self' data: *.hinrichfoundation.com; img-src 'self' data: *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.linkedin.com *.googleadservices.com *.licdn.com *.ads-twitter.com *.twitter.com *.hubapi.com *.hubspot.com *.hotjar.io *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.addthisedge.com *.moatads.com *.addthis.com *.hs-scripts.com *.hotjar.com *.hinrichfoundation.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.cloudflare.com *.doubleclick.net *.windows.net *.piktochart.com https://static.addtoany.com; 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefactory.com 'self' 1
sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin allow-presentation; default-src 'self' http://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com/ *.youtube-nocookie.com/embed/ https://fonts.gstatic.com hal9000.redintelligence.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com/ https://maps.googleapis.com https://connect.facebook.net/ https://hal9000.redintelligence.net https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ *.loopdialog.com; connect-src 'self' *.google-analytics.com *.analytics.google.com/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://cdn.cookielaw.org/ https://privacyportal-de.onetrust.com/ https://eu-api.friendlycaptcha.eu/api/v1/puzzle maps.googleapis.com https://geolocation.onetrust.com/ *.loopdialog.com https://ss-gtm.itzehoer.de/; img-src 'self' data: *.itzehoer.de https://www.kununu.com/ *.google-analytics.com *.analytics.google.com/ https://www.google.com/ads/ *.google.com *.google.de https://www.google.de/ads/ https://www.googletagmanager.com https://tagmanager.google.com/ https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://www.facebook.com/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.gstatic.com https://tagmanager.google.com/; font-src 'self' https://fonts.gstatic.com https://www.google.com/ads/ https://www.google.de/ads/ https://widgets.trustedshops.com https://static3.avast.com https://maxcdn.bootstrapcdn.com ; child-src 'self' blob: https://www.itzehoer.de/ https://www.youtube-nocookie.com https://hal9000.redintelligence.net https://www.googletagmanager.com/; worker-src blob: https://www.itzehoer.de/; base-uri 'self'; media-src 'self'; object-src 'self'; form-action 'self' https://www.itzehoer.de/ https://maps.google.de/ https://www.google.de/ http://www.atriga.com/ http://www.atriga.de/ https://itzehoer.de/; frame-ancestors 'self'; block-all-mixed-content; report-uri https://prod.itzehoer.iv.local/intern/csp/CSPReporting 1
default-src 'self' cdn.wcc.witt-international.cz https://cdn.wcc.witt-international.cz/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-international.cz fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-international.cz/graphql cdn.wcc.witt-international.cz cdn.witt.info/ images.ctfassets.net te.witt-international.cz tp.witt-international.cz wasp.witt-international.cz wst.witt-international.cz *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-international.cz https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-international.cz www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-international.cz checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-international.cz *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-international.cz cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-international.cz *.dixa.io;    worker-src 'self' cdn.wcc.witt-international.cz blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self'; script-src 'self' *.wistia.com *.wistia.net https://*.hcaptcha.com/ https://hcaptcha.com/ https://connect.facebook.net/ https://apis.google.com/ https://accounts.google.com/ https://www.kialo-edu.com/ 'nonce-d739bcdd65ed336b66bb1faa1230e75e77606da373908e6ad6c8638f6f2b2228'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com/ https://hcaptcha.com/ https://www.kialo-edu.com/; connect-src 'self' https://app.getsentry.com/ *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net/ https://*.hcaptcha.com/ https://hcaptcha.com/ wss://www.kialo-edu.com/; img-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://www.kialo-edu.com https://web.facebook.com/ https://www.facebook.com/ https://www.kialo-edu.com/; font-src data: 'self' https://fonts.gstatic.com *.wistia.com; child-src 'self' blob: https://*.hcaptcha.com/ https://hcaptcha.com/ *.wistia.com *.wistia.net https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://content-classroom.googleapis.com/; frame-src 'self' blob: https://*.hcaptcha.com/ https://hcaptcha.com/ *.wistia.com *.wistia.net https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://content-classroom.googleapis.com/; media-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net; object-src https://embedwistia-a.akamaihd.net; manifest-src 'self' https://www.kialo-edu.com/; report-uri https://www.kialo-edu.com/api/v1/cspreport; report-to default 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.algolia.net *.algolianet.com www.google-analytics.com *.googleapis.com fonts.gstatic.com maps.gstatic.com *.gstatic.com www.gstatic.com *.googletagmanager.com *.vimeo.com *.youtube.com *.hsforms.com *.hsforms.net *.hrmdirect.com youtu.be maps.googleapis.com unpkg.com *.craftcms.com *.craft-cdn.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net track.hubspot.com forms.hubspot.com *.addtoany.com static.addtoany.com cdn2.hubspot.net stackpath.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.algolia.net *.algolianet.com www.google-analytics.com *.googleapis.com fonts.gstatic.com maps.gstatic.com *.gstatic.com www.gstatic.com *.googletagmanager.com *.vimeo.com *.youtube.com *.hsforms.com *.hsforms.net *.hrmdirect.com youtu.be maps.googleapis.com unpkg.com *.craftcms.com *.craft-cdn.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net track.hubspot.com forms.hubspot.com *.addtoany.com static.addtoany.com cdn2.hubspot.net stackpath.bootstrapcdn.com ; object-src 'self' blob: 1
style-src-elem https://fonts.googleapis.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://*.gstatic.com 'unsafe-inline' 'self' https://*.feefo.com; script-src-elem https://tpc.googlesyndication.com https://www.googletagmanager.com https://appwh11112.pcapredict.com https://bat.bing.com https://*.algolianet.com https://*.algolia.net https://*.mrcentralheating.co.uk https://*.columnrads.co.uk https://*.flushking.co.uk https://*.plumbingstocks.co.uk https://*.appheatingdistribution.co.uk https://*.rfihub.net https://live.rezync.com https://*.pinimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.boomtrain.com https://services.postcodeanywhere.co.uk https://*.paypal.com https://*.feefo.com https://*.google.com https://*.google.co.uk https://*.addthis.com https://*.moatads.com https://connect.facebook.net https://*.facebook.com https://*.addthisedge.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.gstatic.com https://maps.googleapis.com https://*.rfihub.com https://*.trackedlink.net https://*.monzo.com https://polyfill.io https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'unsafe-inline' 'self'; font-src *.gstatic.com data: https://fonts.gstatic.com https://cdn.honey.io https://*.columnrads.co.uk 'self' https://*.amazonaws.com https://*.paypalobjects.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk *.arcot.com *.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.pinterest.com https://*.modirum.com https://mycardsecure.com https://acs.touch.tech 'self' https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://acs.touch.tech https://mycardsecure.com https://*.rfihub.com https://*.doubleclick.net https://www.facebook.com https://tst.kaptcha.com https://www.google.com https://www.gstatic.com/ https://*.cld.bz https://*.pinterest.com https://*.dnky.co https://*.youtube.com https://acs.revolut.com https://tpc.googlesyndication.com https://www.rsa3dsauth.co.uk https://*.arcot.com https://*.lloydsbankinggroup.com https://*.addthis.com/ https://*.securesuite.co.uk https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://register.feefo.com/ https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com * 'self' www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.facebook.com https://*.rfihub.net https://*.rfihub.com https://bat.bing.com https://www.googletagmanager.com https://appwh11112.pcapredict.com https://maps.googleapis.com https://*.doubleclick.net https://*.feefo.com https://r1-t.trackedlink.net https://*.google.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://*.columnrads.co.uk https://*.addthis.com https://*.addthisedge.com https://z.moatads.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.pinimg.com https://*.rezync.com/ https://*.boomtrain.com https://*.algolia.net https://*.algolianet.com https://tpc.googlesyndication.com https://*.google-analytics.com https://*.monzo.com https://polyfill.io https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'unsafe-inline' 'self' *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://register.feefo.com https://*.gstatic.com 'unsafe-inline' 'self' *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.feefo.com https://services.postcodeanywhere.co.uk https://bat.bing.com *.paypal.com https://*.addthis.com https://www.facebook.com https://*.elfsight.com https://*.cld.bz google.com https://*.google-analytics.com  https://*.doubleclick.net https://*.pinterest.com https://*.comapi.com https://*.boomtrain.com https://*.googleapis.com https://*.google.com https://www.googletagmanager.com https://*.columnrads.co.uk https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'self' *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /ateam_csp/CSP/Index; report-to report-endpoint; 1
frame-src 'self' https://filmdb-showbiz.theboxofficecompany.net/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://utils.mvtx.us/ insight.adsrvr.org; frame-ancestors 'self'  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://rsvo.ru; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://informer.yandex.ru; script-src-elem 'self' 'unsafe-inline' https://mc.yandex.ru https://top-fwz1.mail.ru/; connect-src 'self' https://mc.yandex.ru https://top-fwz1.mail.ru/; frame-src 'self' https://yandex.ru;  1
frame-src https://hcaptcha.com https://*.hcaptcha.com https://*.twitter.com https://*.google.com https://*.youtube.com 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'none'; frame-ancestors 'none'; script-src 'self' 'nonce-somethingrandom' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com; connect-src 'self' wss://rustchance.com/feed; img-src 'self' https://rcases.b-cdn.net/ *.akamaihd.net https://static-cdn.jtvnw.net/emoticons/ https://cdn.frankerfacez.com/emoticon/ https://*.steamstatic.com/ data:; media-src 'self' https://rcases.b-cdn.net/; style-src 'self' 'unsafe-hashes' 'sha256-Hvl1IVaaiGDCWfXN/NYs7XJk9w0KIdrZ3SuF/ZyziH4=' 'sha256-yUOnKCENzSdKikR9gEEAu8IogIBNlifamnNNH1E31SE=' fonts.googleapis.com;base-uri 'self';form-action 'self';font-src fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 1
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' 1
frame-ancestors 'self' http://*.tradecentric.com https://*.tradecentric.com http://*.punchout2go.com https://*.punchout2go.com http://*.ariba.com https://*.ariba.com http://*.esmsolutions.com https://*.esmsolutions.com http://*.oraclecloud.com https://*.oraclecloud.com http://*.jaggaer.com https://*.jaggaer.com 1
object-src 'none' ; 1
script-src 'self' cdn.iubenda.com cdn.jsdelivr.net cdnjs.cloudflare.com cs.iubenda.com 'sha256-ATZfDmilBykL2VXrnLjouRFKFYlj2utaTup6si9heHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-87S8dmLi1YfT6tW7cfXQyixeKGstWn2N79Zo5APic8Q=' 'sha256-bfFxqVg/c9LA8HPqq+//frSGvXbYU2geKUn7x+8C2W4=' 'sha256-tgO1B6hG3Dfv2j0IEzJ1FhDIihleExz+Lj20p9zynv8=' 'sha256-cMn47Hap8hP/A00OHA7rDzZSwcQVBODbK2F1ohxOzdc=' 'sha256-mnsQs+PgbNocQR9xbhSIOLez4apyPDpdELPrQbHaHHo=' 'sha256-nsjTthT0UO8jYaoBqBkfu88NxO+xjMJ5mkuYl0z+F2E=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-1A3HIDVifVCdtS1VCgtsvML0vKjPiOwciN+zhOQXUzk=' sha256-ixJDNStnXvLXXzYjOtGLVgPM/ByVlTtcYDKrD44Pg8Y=' 'sha256-rXhCaBu9zZVy7fxCWzWPx7lQJId7BQqAzg095Hx4BIs=' 'sha256-BdUXoRWr767ARIMzjCXpNedtgds9KcjXM+x35M/ulc4=' 'sha256-g6rEtRC0g++Vn23L67NnedJ8YqcgyFCnbc43hVx9SEs=' 'sha256-YiwVYdg07ZB1GhA75nJPlmV+KrebyMhqx34aMN+m2dk=' 'sha256-lUEIMiuJJ62kWo84nx6noq7t8iB7nevMOUVDOLKMVR0=' 'sha256-xDAmEkLwtryjFp35OU9vnbEWIbmZBO6elnpckj+CDUk=' 'sha256-ZJutffdnOie+xpIJg4Yd7Mz/5AChUHPwBh/z4bvWR30=' 'sha256-yIYRfLP0A6sRo9nmz7St5MrMAefuobhOuBmGLry6lK8=' 'sha256-pGoUmwUGQ56T6Sd6xl+8WEnI4YMUEQULq7DoTL/KsXQ=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-+1XnFHGvqrDLB8WFsDOf5CFAVw1JhkNcBOsLI+Pxd68=' 'sha256-L5rK3zEEBvNa/XCYXRl9eHB3SCQReObphd67zoKvrgQ=' 'sha256-bOHm3jJRjBtOybGrbc7HXXV57Qp8VFC65nGoNACf2EY=' 'sha256-fZIx1ukK+dEJq5T+5M6mayzaPFubN/b85dpdRL7Xwq4=' 'sha256-7+Cai1EhQOt360NzDf0sNdEZ0o2ysQRr6D47MqFd3Mg=' 'sha256-wmfaBqSxzll67wJkuGvjTCzE9/XeCUHbK3+YYfyaMbk=' 'sha256-H1cnTFxEK60Kc20EANw8SIq0E3/l7ARgYlwiF3RRfMg=' 'sha256-oyK1MSOjdr/KWAl+x/1jqOjnQqEBBBsK4QVE0BTiRrM=' 'sha256-oyK1MSOjdr/KWAl+x/1jqOjnQqEBBBsK4QVE0BTiRrM=' 'sha256-dvwNqY9+adgXCNjFduZ4L5fwoBshho0+phMc/SMtauE=' 'sha256-EIBZImpiES+kMwfasDtqDp4E7PhsHAyIX0PE8IweGzU=' 'sha256-TbnXeQGUFHLUSsJJilh13WZaQjKaJA2xaG5B1/Ob+WI=' 'sha256-RyQhhh7viWX7BYh8BxiczBf8UactZ6rlVcecOy589+U=' 'sha256-GS906xBU7fNbJ+XnOmetmU7oK9VyA3ieBv7hUeftRRs=' 'sha256-KJ9rJRyi9WwAtKJBS0P7Jp33iDFTavWdrI42p11R8hc=' 'sha256-o9J03zH1l1mDxJ+tMH+ifrtuy+pFRS8QlZ2SsMroTkg=' 'sha256-5CYpV2QyLAtNiBtdoowlken/ZR/AdjbaHil5piovNJw=' 'sha256-RSQX3nOIRmi90WnfXHoNj3e7ntwf9hgOXxqefCJFx1Q=' 'sha256-FrNSf0ZbzKQBeWMXYwA16LBO5Pe/qH5/L+qQvRLRH1Q=' 'sha256-QZDyxPJfmjTLv9uS+RolNZVw13PvfP+XySTiJK2Hd1k=' 'sha256-N8GNFWYLimSZWnO15ATdBIgXg6zvYMZXzm+7simletg=' 'sha256-sGcYqFH8/FuWCvGMmJ4nvt945uhZxkzVD1TPLe2KCX8=' 'sha256-9p+RPpkBs1d9zNqIR9iXgLqSHwsMCYNFxqmBQ/uXEkQ=' 'sha256-W9dIuzbVbwaJIiABY8k7bK5J44dHn4cttRE9H/KU6mk=' 'sha256-vlsrZ4jZoCix/b7nJKAYw/wfBw4HIin3hhJpQ3sQxnY=' 'sha256-myiJ/FIr9ZOBbVVoDaCywSd5BCOoCnIh2rPYUqyjFA8=' 'sha256-KD4xcCvTHtsGG5AtVhwLUIe17izVln1otAIPkxg6rmA=' 'sha256-qY+HnM+W7BByR/jM0TCvBfbpmK8KNj7CVjxtwYqcNjY=' 'sha256-ABrhY42pNp3SuJ409k660Qtar8nZFnJwBQcaSLLUjIU=' 'sha256-5pJJdqP+xtcHWaoCVGqnWGjTmalnuNOBa/ARxxdbXlY=' 'sha256-rZIkxoqfbkAUDXdR+XLLRc+6KHlmObDbIx1bBUBH5CA=' 'sha256-MHVxGPmAdQx0XbWz9eiltEe3lmFeI8sQqjoa5CY3rYI=' 'sha256-PjJ2jRJZu/X6S/4gAt8RQJiOYG7/EXoyF2k8xYxru6M=' 'sha256-SRL2dzudkFKperUFCEA8mkIVT0upQHx1XNdAgFMKKrQ=' 'sha256-VjbwA1fcq38GVAKDHfI4Px141aILED/YF1jutfiuxDQ=' 'sha256-4HI0gXMPzVZCOfq8y5ds7cCvnTLcjdaRMBGIz0hepyQ=' 'sha256-wiNjp1+2HX4VjKTGh4rOQNpvLKFChmgrlR4JMI5zmm0=' 'sha256-iunGMBr+dGp7aue0TbFN91OgvripGA0ID/rmYkiIWXA=' 'sha256-qoVTf4u46Qn650jIbGX84qGETYjLtLRIJLsNE0j2VrY=' 'sha256-n8hcS8ivfD7ZAyCNyHj/c3Ka/CQwmdwGXES+39Cqc8c=' 'sha256-jcBgmjg6jicvkyQtdPyW7L78Ca+aNgbBH6pJFlzpKsg=' 'sha256-p13JBHFCwcMwZRtwJJ+PGG0Xq6xlYkVDS3zZPAHx1iY=' 'sha256-60Y5SZryMP/67Q/k36LVBXH6SBee31fcbdC5y8D7RYw=' 'nonce-color_code' 'nonce-ontouch' 'nonce-iubenda' 'nonce-vid_block'; 1
frame-ancestors 'self' https://*.oxalys.fr/ https://*.groupe-atlantic.com/ https://*.leon-grosse.fr/ https://*.birchstreetsystems.com/ https://*.coupahost.com/ https://*.dynamics.com/ https://*.workday.com/ https://*.determine.com/ https://*.ivalua.com/ https://*.fluxym.com/ https://*.xeeva.com/ https://*.corcentric.com/ https://*.aquiire.net/ https://*.info.ratp:8443/ https://*.compass-group.digital/ https://srv0068a.apave.grp:12515/ https://slx0046x.cld.apave.grp/ https://*.mipih.fr/ https://*.jaggaer.com/ https://www.fiducial-office-solutions.fr/ https://www.fiducial-office-solutions.be/ https://www.fiducial-office-solutions.lu/ 1
default-src 'self'; img-src 'self' data: https://img.youtube.com https://produksconverseassets.blob.core.windows.net https://produkwconverseassets.blob.core.windows.net https://produkswebassistassets.blob.core.windows.net https://*.onconnect.app https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://maps.gstatic.com https://geo0.ggpht.com https://*.googleapis.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://www.linkedin.com https://px.ads.linkedin.com https://secure.gravatar.com https://*.w.org https://cdn-lhgml.nitrocdn.com/; style-src 'self' 'unsafe-inline' blob: https://webassistant.onconverse.app https://*.onconnect.app https://564-SJK-496.mktoweb.com https://rtp-static.marketo.com https://engage.netcall.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://fast.wistia.com https://pro.fontawesome.com https://use.typekit.net https://p.typekit.net https://cdn-labob.nitrocdn.com 'unsafe-eval' https://cdn-lhgml.nitrocdn.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://webassistant.onconverse.app https://*.onconnect.app https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://engage.netcall.com https://564-SJK-496.mktoweb.com https://lonrtp1-cdn.marketo.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://app-lon09.marketo.com https://munchkin.marketo.net https://www.research-tree.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://snap.licdn.com https://geolocation.onetrust.com https://yoast.com/shared-assets/ https://unpkg.com/@dotlottie/ https://js-agent.newrelic.com https://nitropack.io https://nitroscripts.com blob: https://cdn-lhgml.nitrocdn.com/; font-src 'self' data: https://*.onconnect.app https://fonts.gstatic.com https://fonts.googleapis.com https://*.wistia.com https://*.hotjar.com https://*.hotjar.io https://pro.fontawesome.com https://use.typekit.net https://cdn-lhgml.nitrocdn.com/; connect-src 'self' https://webassistant.onconverse.app https://webassist.onconverse.app https://*.onconnect.app https://*.service.signalr.net wss://webassist.onconverse.app wss://*.service.signalr.net https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://px.ads.linkedin.com https://api.nelioabtesting.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://www.google-analytics.com https://*.mktoresp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://yoast.com https://my.yoast.com https://bam.nr-data.net https://nitropack.io https://to.getnitropack.com https://cdn-labob.nitrocdn.com https://cdn-lhgml.nitrocdn.com/; frame-src 'self' blob: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net https://www.research-tree.com https://564-SJK-496.mktoweb.com https://engage.netcall.com https://app-lon09.marketo.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://fast.wistia.com https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://polaris.brighterir.com data:; media-src 'self' data: blob: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; worker-src 'self' blob: https://cdn-lhgml.nitrocdn.com/; object-src 'none'; frame-ancestors 'self' https://nc2-webify-build.oncreate.app https://nc2-webify.oncreate.app https://netcall.showpad.biz https://netcall.showpad.com https://*.netcall.com; child-src 'self' blob: 1
default-src 'self' * 'unsafe-inline' data: ; script-src * 'unsafe-inline' 'unsafe-eval'  1
img-src * data: blob: ; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.marketo.net *.marketo.com *.qualtrics.com *.carfax.com *.googleapis.com *.facebook.net *.demdex.net *.gstatic.com *.newrelic.com bam.nr-data.net storage.googleapis.com *.youtube.com *.aws.carfax.io; style-src 'self' blob: 'unsafe-inline' fonts.googleapis.com *.carfaxforpolice.com *.carfax.com *.aws.carfax.io *.marketo.com *.qualtrics.com; font-src 'self' fonts.gstatic.com data:; connect-src 'self' wss: *.mktoresp.com *.qualtrics.com *.carfaxforpolice.com *.googleapis.com *.carfax.io bam.nr-data.net https://s3.amazonaws.com *.s3.amazonaws.com *.contentful.com *.wistia.net; frame-src 'self' blob: *.carfaxforpolice.com https://www.youtube.com https://www.google.com *.marketo.com *.qualtrics.com vhr.carfax.ca *.carfax.com mailto: *.wistia.net; img-src 'self' data: blob: *.carfaxforpolice.com *.carfax.com *.facebook.com *.googleapis.com *.gstatic.com *.qualtrics.com *.s3.amazonaws.com *.ctfassets.net *.aws.carfax.io *.youtube.com *.wistia.com; object-src 'self' blob: *.carfaxforpolice.com; frame-ancestors 'self' *.crashdocs.org *.carfax.io *.contentful.com *.mycrash.us *.mycrash.ca 1
frame-ancestors https://ffcbusinessolb.com 1
default-src 'none'; script-src 'self'; connect-src 'self' https://api.clearip.com; img-src data: 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' *.trustedshops.com *.trustbadge.com *.api.etrusted.com login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de sgtm.new-energie.de www.googletagmanager.com *.usercentrics.eu *.kameleoon.eu *.kameleoon.io *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud *.google.de *.google.com *.google-analytics.com *.bing.com googleads.g.doubleclick.net *.facebook.net *.facebook.com *.trustedshops.com *.vlink.com *.jquery.com *.cookiebox.pro *.dwin1.com *.friendlycaptcha.com *.obs.eu-de.otc.t-systems.com s2.adform.net server.adform.net analytics.tiktok.com www.redditstatic.com *.ad-srv.net frame-ancestors https://app.contentful.com *.friendlycaptcha.com 'unsafe-eval' 'unsafe-inline'; child-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de; worker-src blob:; style-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de 'unsafe-inline' *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud; img-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de *.google.de *.google.com *.google-analytics.com *.bing.com googleads.g.doubleclick.net *.facebook.net *.facebook.com *.trustedshops.com *.vlink.com *.jquery.com *.cookiebox.pro *.dwin1.com *.friendlycaptcha.com *.obs.eu-de.otc.t-systems.com s2.adform.net server.adform.net analytics.tiktok.com www.redditstatic.com *.ad-srv.net *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud images.ctfassets.net *.usercentrics.eu 'unsafe-inline' data:; font-src 'self' *.vlink.com 'unsafe-inline' data: *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud; frame-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de *.usercentrics.eu *.youtube-nocookie.com *.google.com *.dienetzwerkpartner.com *.ad-srv.net; connect-src 'self' bat.bing.com graphql.contentful.com *.vlink.com *.trustedshops.com *.trustbadge.com *.api.etrusted.com *.friendlycaptcha.com *.algolia.net 0b6beb7ixa-dsn.algolia.net login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de sgtm.new-energie.de www.googletagmanager.com *.usercentrics.eu *.kameleoon.eu *.kameleoon.io *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud *.dienetzwerkpartner.com ; 1
default-src 'self' *.fastly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fastly.com; connect-src 'self' fiddle.fastly.dev log-bin-dot-rd---product.uc.r.appspot.com tachotest.edgecompute.app *.google-analytics.com *.fastly.com; img-src 'self' data: user-images.githubusercontent.com deploy.edgecompute.app *.basemaps.cartocdn.com passkeys.edgecompute.app *.fastly.com; style-src 'self' 'unsafe-inline' *.fastly.com; frame-src *; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com/recaptcha/ *.google.com/recaptcha/api.js *.google-analytics.com connect.facebook.net; frame-src 'self' maps.google.com www.google.com *.youtube.com *.youtube-nocookie.com www.facebook.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.net *.youtube.com *.youtube-nocookie.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://secure.wonderline.eu/reports/csp/ 1
default-src 'self';          frame-src 'self' https://vars.hotjar.com https://media.imi.chat/ https://talkdeskchatsdk.talkdeskapp.com;          manifest-src 'self';          object-src 'self';          connect-src 'self' https://graphql.bidx.com https://endpoint2.us2.sumologic.com  https://*.imi.chat https://*.talkdeskapp.com wss://*.twilio.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://bcdn.infotechinc.com/ https://maps.googleapis.com;          font-src 'self' https://fonts.gstatic.com https://media.imi.chat https://talkdeskchatsdk.talkdeskapp.com https://script.hotjar.com;          img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://sealserver.trustwave.com https://media.imi.chat https://talkdeskchatsdk.talkdeskapp.com data: https:;          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fcgid.rsvpgenius.com https://sealserver.trustwave.com https://media.imi.chat https://talkdeskchatsdk.talkdeskapp.com https://www.google-analytics.com/analytics.js https://maps.googleapis.com/ https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://endpoint2.collection.us2.sumologic.com/ https://bcdn.infotechinc.com/;          style-src 'self' 'unsafe-inline' https://media.imi.chat/ https://talkdeskchatsdk.talkdeskapp.com https://fonts.googleapis.com/ 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-SeH/QHUwnsa9RLtOFo3EaQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.ichbindeinauto.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.gstatic.com https://www.google.com; img-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com; object-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com; frame-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com https://www.google.com; 1
default-src 'none'; base-uri 'none'; connect-src 'self'; font-src 'self' https:; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com https://youtube.com; img-src 'self' https: data:; manifest-src 'none'; media-src 'none'; object-src 'self'; script-src 'self' 'nonce-b220acc3214919f958fc1d2ac597db7c'; style-src 'self' 'unsafe-inline' https:; worker-src 'none'; block-all-mixed-content 1
report-uri https://aldi-sports.de 1
default-src 'self'; style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com www.iitms.co.in use.fontawesome.com cdn.plyr.io player.vimeo.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;font-src 'self' data: fonts.gstatic.com www.iitms.co.in unpkg.com use.fontawesome.com collectcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src 'self' i.ytimg.com www.softwaresuggest.com www.google.co.in www.google.com avatars.collectcdn.com data:;frame-src www.iitms.co.in accounts.google.com app.powerbi.com www.google.co.in www.google.com www.youtube.com www.youtube-nocookie.com;connect-src 'self' www.google-analytics.com load.collect.chat stats.g.doubleclick.net api.collect.chat analytics.google.com ;media-src 'self' www.youtube.com ; 1
default-src 'self' 'unsafe-inline';      script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com https://d3js.org https://maps.googleapis.com https://use.typekit.net https://www.youtube.com https://www.google.com https://www.gstatic.com https://npmcdn.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net https://*.googletagmanager.com;      style-src 'report-sample' 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com;      object-src 'self';      base-uri 'self';      font-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.typekit.net https://fonts.gstatic.com;      frame-src 'self' 'unsafe-inline' https://give.salvationarmyusa.org https://www.youtube.com https://www.google.com;      img-src 'self' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://p.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://tsamm.blob.core.windows.net https://barcode.dataparadigm.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com data:;      manifest-src 'self';      media-src 'self';      worker-src 'self' 'unsafe-inline';      connect-src 'self' 'unsafe-inline' https://maps.googleapis.com https://login.microsoft.com https://tsamm.blob.core.windows.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-c3aa4bfff08b4490987ccd631da36e87' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
script-src 'self' use.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net  'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.googleapis.com *.googleapis.com; connect-src 'self' use.typekit.net cdnjs.cloudflare.com *.cloudfront.net *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.g.doubleclick.net;img-src use.typekit.net cdnjs.cloudflare.com *.cloudfront.net 'self' data: *.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *; font-src data: *; style-src 'self' 'unsafe-inline' *; media-src * 1
default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.addthisedge.com *.googletagservices.com js-agent.newrelic.com service.force.com *.addthis.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com sealserver.trustkeeper.net *.cloudfront.net ajax.aspnetcdn.com cdn.speedcurve.com *.stripe.com *.salesforce.com connect.facebook.com salesforceliveagent.com *.googleadservices.com www.google-analytics.com athletereg.us12.list-manage.com cdn.jsdelivr.net *.addthis.com js.hscollectedforms.net adservice.google.com metarouter-ajs-next-destinations-stage.s3.amazonaws.com es.pinkbike.org *.vercel.com cdn-prod.securiti.ai *.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com service.force.com *.gstatic.com *.cloudfront.net athletereg.my.salesforce.com cdn.jsdelivr.net *.fontawesome.com *.braintreegateway.com *.vercel.com cdn-prod.securiti.ai *.bikereg.com; img-src 'self' data: https: http://www.millenniumrunning.com; connect-src 'self' *.athletereg.com *.hubspot.com *.addthis.com *.braintree-api.com *.facebook.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.trailforks.com *.googlesyndication.com *.hubapi.com *.outsideapi.com outsideapi.com *.rivt.com api.amplitude.com *.googleapis.com *.cloudfront.net	*.nr-data.net *.braintreegateway.com *.gstatic.com *.hsforms.com *.googletagmanager.com use.fontawesome.com js.hs-banner.com *.google.com forms.hscollectedforms.net app.securiti.ai cdn-prod.securiti.ai *.browser-intake-datadoghq.com *.RunReg.com; font-src 'self' data: fonts.gstatic.com *.typekit.net *.sfdcstatic.com use.fontawesome.com static2.sharepointonline.com rwgps-embeds.com *.millenniumrunning.com netdna.bootstrapcdn.com *.braintreegateway.com app.securiti.ai cdn-prod.securiti.ai; frame-ancestors 'self' *.athletereg.com *.bikereg.com *.runreg.com *.trireg.com *.skireg.com *.plegereg.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.outsideonline.com outsideonline.com service.force.com platform.twitter.com *.addthis.com *.salesforce.com *.braintreegateway.com *.trailforks.com/; form-action 'self' *.paypal.com *.pledgereg.com *.facebook.com *.strava.com *.salesforce.com; base-uri 'self'; object-src 'self'; report-uri https://api.athletereg.com/ErrorReport/cspViolation; 1
frame-ancestors https://admin.shopify.com 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-vhXxn0DeQZu0MvotEfIIUY/CU/E/0NMc0JP72lk4lY6bnEQJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; connect-src 'self' *.cloudflare.com *.analytics.google.com *.doubleclick.net *.google.com *.addevent.com *.plyr.io noembed.com www.juicer.io *.googleapis.com createsend.com www.google-analytics.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net *.youtube.com *.plyr.io assets.juicer.io  *.googleapis.com addevent.com *.createsend1.com *.google.com *.gstatic.com *.googletagmanager.com www.google-analytics.com; media-src 'self'; img-src * data: blob: 'unsafe-inline';                 style-src 'self' 'unsafe-inline' *.plyr.io *.cloudfront.net assets.juicer.io fonts.googleapis.com;  font-src 'self' 'unsafe-inline' data: www.gallifordtry.co.uk *.cloudfront.net *.juicer.io fonts.googleapis.com  fonts.gstatic.com; frame-src *.webreality.co.uk 'self' ir.q4europe.com *.google.com *.youtube.com  *.youtube-nocookie.com player.vimeo.com; object-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.createsend.com;  1
frame-src 'self' https://digitalcourage.video https://c3lounge.de https://media.ccc.de https://streaming.media.ccc.de https://media.video.taxi; frame-ancestors 'self' https://*.rc3.world https://*.rc3.cccv.de https://party.tabascoeye.de; 1
default-src 'self' fonts.gstatic.com xpress.jobs static.cloudflareinsights.com use.fontawesome.com stats.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline'  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maxcdn.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maps.googleapis.com maxcdn.bootstrapcdn.com www.googleadservices.com snap.licdn.com googleads.g.doubleclick.net cdnjs.cloudflare.com maps.googleapis.com platform.linkedin.com *.facebook.com connect.facebook.net platform.twitter.com *.google-analytics.com *.googletagmanager.com *.google.lk *.google.com *.gstatic.com; frame-src 'self' platform.twitter.com bid.g.doubleclick.net www.youtube.com sea-hnb-chatbot-webapp-bot-prod.azurewebsites.net *.facebook.com *.google.com; img-src 'self' www.hnb.net maps.gstatic.com *.twitter.com  *.google-analytics.com *.googleapis.com *.google.lk *.google.com *.facebook.com code.jquery.com *.ggpht  data: https:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.tvsquared.com *.doubleclick.net *.cloudfront.net *.careerarc.com *.vimeo.com *.youtube.com *.abrankings.com *.googleapis.com *.unpkg.com unpkg.com; frame-ancestors 'self' *.careerarc.com; img-src https: data: *; style-src 'unsafe-inline' *; connect-src *; font-src https: data: *; child-src *; 1
default-src 'self' *.cotabank.com *.cotabank.com.tw; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cotabank.com *.cotabank.com.tw https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://accounts.google.com; style-src 'self' 'unsafe-inline' *.cotabank.com *.cotabank.com.tw; connect-src 'self'  *.cotabank.com *.cotabank.com.tw wss://127.0.0.1:14700 https://localhost:56355 https://localhost:56375 https://localhost:56395 https://localhost:54355 https://localhost:54375 https://localhost:54395 https://www.google-analytics.com https://stats.g.doubleclick.net blob:; img-src 'self' *.cotabank.com *.cotabank.com.tw https://www.google-analytics.com data: blob:; font-src 'self' data:; frame-ancestors 'self' *.cotabank.com.tw *.cotabank.com 1
default-src 'self' https://themes.googleusercontent.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://pebed.dm-event.net/; frame-src 'self' https://*.dailymotion.com/ https://*.soundcloud.com/; img-src 'self' data: http://logc412.xiti.com https://logc412.xiti.com https://logs1412.xiti.com https://xiti.com/ cdn.ckeditor.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://tag.aticdn.net/ https://www.tag.aticdn.net/ cdn.ckeditor.com https://*.dailymotion.com; style-src 'self' 'unsafe-inline' cdn.ckeditor.com; style-src-attr 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'none'; form-action 'self' https://*.stadtmobil.de https://ewi3-stadtmobil.cantamen.de; style-src 'self' 'unsafe-inline' *.cookiebot.com; script-src 'self' 'unsafe-inline' *.stadtmobil.de statistik.stadtmobil.de *.cookiebot.com maps.googleapis.com www.google.com www.gstatic.com www.meinungsmeister.de; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com *.stadtmobil.de *.cantamen.de www.google.com app.cituro.com www.vvs.de www.meinungsmeister.de *.youtube.com *.vimeo.com *.vimeocdn.com; font-src 'self'; object-src 'self'; img-src 'self' data: maps.googleapis.com maps.gstatic.com www.meinungsmeister.de; connect-src 'self' https://www.stadtmobil.de https://statistik.stadtmobil.de https://mein.stadtmobil.de https://consentcdn.cookiebot.com https://maps.googleapis.com www.meinungsmeister.de; frame-ancestors 'self' https://*.stadtmobil.de https://*.cantamen.de https://*.eifel-carsharing.de https://ewi3-stadtmobil.cantamen.de; 1
frame-ancestors 'self' grn-www.bostonwhaler.com; 1
frame-ancestors 'self'; default-src 'self'; script-src 'self' strict-dynamic https://o80434.ingest.sentry.io https://connect.facebook.net https://jscloud.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://*.hubspot.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://js.usemessages.com https://edge.fullstory.com https://netlify-cdp-loader.netlify.app https://cdn.ownup.com https://bat.bing.com https://*.clarity.ms https://*.quora.com https://*.osano.com 'unsafe-inline' 'unsafe-eval' 'nonce-EdKN6h6Vmn1/cMAS' https://googletagmanager.com https://tagmanager.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://cdn.ownup.com https://*.osano.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://fonts.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hsforms.com https://track.hubspot.com https://rate-quote-static.ownup.com https://cdn.ownup.com https://cdn.sanity.io https://*.bing.com https://*.clarity.ms https://*.quora.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; manifest-src 'self'; connect-src 'self' https://*.osano.com https://www.facebook.com https://o80434.ingest.sentry.io https://*.ownup.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.hubspot.com https://*.iterable.com https://api.yotpo.com https://edge.fullstory.com https://rs.fullstory.com https://jscloud.net https://*.split.io https://bat.bing.com https://*.api.sanity.io https://*.clarity.ms https://*.quora.com; frame-src 'self' https://app.hubspot.com https://app.netlify.com https://ownup-realtor-csma.youcanbook.me https://*.ownup.com https://*.osano.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.ownup.com https://fonts.gstatic.com data:; report-uri https://o80434.ingest.sentry.io/api/6155007/security/?sentry_key=d9f30c4641c04f93abd531b9f8514fff&sentry_environment=prod; worker-src 'self' blob: https://*.osano.com 1
default-src 'none'; connect-src 'self' bbh-preprod-bot.blackbelthelp.com stats.g.doubleclick.net www.google-analytics.com control.resi.io resi.media webevents.livingasone.com bam.nr-data.net bbh-staging-bot.blackbelthelp.com; font-src 'self' fonts.gstatic.com use.fontawesome.com netdna.bootstrapcdn.com; frame-src *; img-src * data:; media-src 'self' blob: www-dev.wvsom.edu www.wvsom.edu resi.media; object-src 'none'; script-src 'self' www.googletagmanager.com www.google-analytics.com control.resi.io js-agent.newrelic.com bam.nr-data.net imageserver.ebscohost.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' bbh-preprod-bot.blackbelthelp.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com control.resi.io js-agent.newrelic.com bam.nr-data.net imageserver.ebscohost.com bbh-staging-bot.blackbelthelp.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com use.fontawesome.com control.resi.io 'unsafe-inline'; style-src-elem 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com control.resi.io netdna.bootstrapcdn.com 'unsafe-inline' 1
default-src 'self' https://matomo.protectuk.police.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.protectuk.police.uk https://cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.protectuk.police.uk https://cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: https://matomo.protectuk.police.uk; media-src 'self'; frame-src 'self' https://*.protectuk.police.uk https://protectuk.police.uk; child-src 'self' https://*.protectuk.police.uk; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://themes.googleusercontent.com; connect-src 'self' https://*.protectuk.police.uk https://bam.nr-data.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors *.ascendi.pt; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.pt maps.googleapis.com cdn.cookielaw.org *.onetrust.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com *.google.com; img-src 'self' data: i.ytimg.com *.googleapis.com *.ggpht.com maps.gstatic.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.pt *.ascendi.pt; script-src 'self' 'unsafe-inline' www.googleadservices.com www.gstatic.com maps.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org privacyportalde-cdn.onetrust.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com; form-action 'self'; base-uri 'self'; 1
default-src 'self' localhost:80 *.snh48.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' https://prousuario.gob.do https://prousuarioportalprod.azurewebsites.net https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://sb.ucontactcloud.com https://analytics.google.com https://www.google.com.do https://maps.googleapis.com https://cdn.userway.org https://api.userway.org https://www.google-analytics.com wss://prousuario.johnny.chat data:;                       style-src 'self' 'unsafe-inline' https://prousuario.gob.do https://fonts.googleapis.com https://assets.calendly.com https://cdn.userway.org;                       font-src 'self' https://cdn.userway.org https://fonts.gstatic.com data:;                       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google.com  https://www.googletagmanager.com https://www.gstatic.com https://sb.ucontactcloud.com https://static.tagshelf.io https://assets.calendly.com https://cdn.userway.org https://certify-js.alexametrics.com https://static.hotjar.com https://unpkg.com https://d3js.org;                       img-src 'self' https://prousuario.gob.do https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://cdn.userway.org https://maps.googleapis.com https://maps.gstatic.com https://assets.calendly.com https://dashboard.umbraco.com https://certify.alexametrics.com https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com https://static.tagshelf.io https://www.google.com.do data: blob:;                       media-src 'self' data:;                       child-src 'self' https://cdn.userway.org https://www.youtube.com https://www.google.com https://sb.ucontactcloud.com https://static.tagshelf.io https://calendly.com blob:;        frame-ancestors 'self';        form-action 'self'; 1
default-src 'self' *.intigral.net *.googleapis.com data: https: wss: 'unsafe-inline'; font-src data: https:; media-src blob: data: https: 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' data: 'unsafe-eval' 'unsafe-inline';img-src 'self' 'unsafe-inline' data: 1
default-src:'self'; 1
script-src 'self' 'nonce-cEvNQruY1De0AVdiFxp7CUwJkqt1snML' https://camperandnicholsons.com/ cdn.jsdelivr.net www.youtube.com www.googletagmanager.com  www.google.com www.facebook.com 'strict-dynamic';font-src 'self' fonts.googleapis.com fonts.gstatic.com;object-src 'none';child-src 'self'  www.youtube.com www.google.com https://www.facebook.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/;connect-src 'self' www.google-analytics.com px.ads.linkedin.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io cdn.linkedin.oribi.io stats.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com https://maps.googleapis.com https://vimeo.com/;media-src 'self';form-action 'self' https://www.facebook.com/tr/ https://go.camperandnicholsons.com/ https://go.pardot.com/;base-uri 'self';img-src 'self' cdn.jsdelivr.net www.google-analytics.com px.ads.linkedin.com maps.gstatic.com maps.googleapis.com www.facebook.com www.google.it www.google.com i.ytimg.com https://i.vimeocdn.com/ data: 1
default-src 'self' *.casinoslists.com *.youtube.com *.firebaseio.com *.getsitecontrol.com *.getsitectrl.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.getsitecontrol.com *.getsitectrl.com;connect-src 'self' *.googletagmanager.com *.google-analytics.com *.firebaseio.com *.doubleclick.net *.datamother.com *.getsitecontrol.com *.getsitectrl.com;img-src 'self' *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self' 1
frame-ancestors 'self'; default-src https://images.saasant.info https://cdn.saasant.info  www.facebook.com 'self' ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:https://www.saasant.com https://cdn.saasant.info  https://images.saasant.info https://cdn.saasant.info  https://images.saasant.info   *.clarity.ms *.omappapi.com *.omwpapi.com  *.woopra.com *.hotjar.com  consent.cookiefirst.com https://googleads.g.doubleclick.net https://analytics.google.com *.saasant.com https://js.stripe.com  https://cdnjs.cloudflare.com *.freshchat.com https://platform.twitter.com https://app.box.com  https://www.paypal.com  https://www.paypalobjects.com  https://www.googleadservices.com https://www.googletagmanager.com *.doubleclick.net  https://cdn.jsdelivr.net  www.facebook.com  https://embed.tawk.to  https://bam.nr-data.net  https://js-agent.newrelic.com  https://apis.google.com  https://www.gstatic.com https://appcenter.intuit.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com  http://local.saasant.com; img-src https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.omwpapi.com *.clarity.ms consent.cookiefirst.com https://www.google.com/ads https://analytics.google.com https://www.google.com/pagead/* 'self' *.saasant.com *.doubleclick.net https://cdn.jsdelivr.net/  https://www.sandbox.paypal.com https://www.paypal.com  https://www.google.com https://www.google.co.in  https://*.tawk.to  ssl.comodo.com  https://appcenter.intuit.com https://www.google-analytics.com https://www.sandbox.paypal.com https://www.paypal.com http://local.saasant.com  https://ssl.gstatic.com  data:; style-src 'self' 'unsafe-inline' https://cdn.saasant.info  https://images.saasant.info  *.omappapi.com  *.omwpapi.com  consent.cookiefirst.com *.freshchat.com  https://cdn.jsdelivr.net  https://fonts.googleapis.com  https://appcenter.intuit.com http://local.saasant.com ; font-src 'self' https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.omwpapi.com https://static-v.tawk.to  https://fonts.gstatic.com  data:; frame-src 'self' https://www.chatbase.co *.hotjar.com  *.freshchat.com https://js.stripe.com/  https://app.box.com/  https://*.facebook.com https://www.sandbox.paypal.com/ https://www.paypal.com/  https://*.tawk.to  https://mp.liferay.com  https://www.google.com https://youtu.be https://www.youtube.com ; connect-src 'self' https://cdn.saasant.info  https://images.saasant.info  *.saasant.com desktop.saasant.com  *.clarity.ms *.cookiefirst.com *.omappapi.com *.omwpapi.com https://consent.cookiefirst.com https://api.cookiefirst.com static.cookiefirst.com https://saasant.com https://stats.g.doubleclick.net https://analytics.google.com *.doubleclick.net https://www.paypal.com  wss://*.tawk.to https://*.tawk.to https://ssl.google-analytics.com https://appcenter.intuit.com https://local.saasant.com https://www.google.com https://www.google-analytics.com 1
1; mode=block 1
frame-ancestors 'self' *.google.com webvisor.com metrika.yandex.ru mc.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.amp.colgate.ru amp.colgate.ru; 1
frame-ancestors https://kooralive-hd.com 1
default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; frame-src 'self' *.google.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com fonts.googleapis.com *.bing.com *.virtualearth.net *.fontawesome.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.bing.com *.fontawesome.com; img-src 'self' *.bluekai.com *.eyeota.net *.adsymptotic.com  data: *.passportcorporate.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.bing.com *.fontawesome.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.passportcorporate.com *.bing.com *.virtualearth.net *.fontawesome.com; base-uri 'self'; form-action 'self' 1
default-src 'none'; base-uri 'self'; connect-src https://studyo.app https://*.studyo.app https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://s3.amazonaws.com https://dc.services.visualstudio.com https://app.termly.io https://www.googleapis.com https://api-js.mixpanel.com https://*.sentry.io https://o187895.ingest.sentry.io; font-src https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com data:; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-ancestors https://studyo.app https://*.studyo.app; frame-src https://studyo.app https://*.studyo.app https://app.termly.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://docs.google.com https://content.googleapis.com; img-src 'self' blob: data: https:; manifest-src 'self'; media-src https://js.intercomcdn.com; object-src 'none'; report-uri https://o187895.ingest.sentry.io/api/4505761414316032/security/?sentry_key=631987797fd8a70a9fead29747f5537e; script-src 'nonce-edb021a3cd823289c0d6acb2aeffa3a4' 'strict-dynamic' https://studyo.app https://*.studyo.app https://*.intercom.io https://js.intercomcdn.com https://app.termly.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://plausible.io https://player.vimeo.com https://js.stripe.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plausible.io https://vimeo.com https://*.craftcms.com; object-src 'self'; font-src 'self' https://s3.eu-west-1.amazonaws.com data:; img-src 'self' https://s3.eu-west-1.amazonaws.com https://d4r8ypmqnkoz0.cloudfront.net https://momu.imgix.net https://*.craft-cdn.com https://g.stripe.com data:; media-src 'self' https://d4r8ypmqnkoz0.cloudfront.net https://momu.imgix.net; frame-src 'self' https://player.vimeo.com https://js.stripe.com https://momuantwerp.typeform.com https://puzzel.org https://tours.momu.be; frame-ancestors 'self' https://www.momu.be https://tours.momu.be; form-action 'self' https://momu.us17.list-manage.com https://library.momu.be; 1
report-uri https://a17kenneth.report-uri.com/r/d/csp/enforce;base-uri 'self';connect-src 'self' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://visualsponline.azurewebsites.net https://translate.googleapis.com https://snap.licdn.com https://listgrowth.ctctcdn.com/v1/a8de2ead6fc0f5433ab4177c50a3190f.json https://stats.g.doubleclick.net https://visitor2.constantcontact.com https://givebutter.com https://www.google.com/recaptcha/api.js https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;default-src 'self';form-action 'self';img-src 'self' data: https: https://jbs-foods.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com android-webview-video-poster: https://px.ads.linkedin.com;media-src 'self' https: data:;object-src 'none';script-src 'self' 'nonce-VwYGhFT31HoyccUqgSHMRxnmmxzymAPT' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://ssl.google-analytics.com/ga.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://visitor2.constantcontact.com https://givebutter.com https://www.google.com/recaptcha/api.js 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' https://*.googletagmanager.com www.google.com;style-src 'self' https://cdn.plyr.io/3.5.2/plyr.css https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css 'unsafe-inline';font-src 'self' https://fonts.gstatic.com chrome-extension: data:;frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://givebutter.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com https://www.google.com https://www.google.co.nz https://www.googleadservices.com https://www.google-analytics.com https://bam.nr-data.net https://js-agent.newrelic.com https://www.gstatic.com https://*.cloudflare.com https://*.googleapis.com https://polyfill.io https://www.youtube.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://api.addressfinder.io https://*.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://formsbyair.com https://*.typeform.com https://cdn.addevent.com https://woobox.com https://*.facebook.com https://*.facebook.net  https://*.hotjar.com https://*.faqbot.nz https://*.faqbot.ai https://*.cognitoforms.com https://*.doubleclick.net ajax.cloudflare.com static.cloudflareinsights.com https://*.clarity.ms/; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.jsdelivr.net https://fonts.googleapis.com https://api.addressfinder.io https://*.cloudflare.com https://cdn-images.mailchimp.com https://*.typeform.com https://*.faqbot.nz https://*.faqbot.ai; img-src 'self' data: https://*.agonline.co.nz https://*.cloudflare.com https://www.google-analytics.com https://*.google.com https://*.google.co.nz https://*.gstatic.com https://*.googleapis.com https://cdn.addevent.com https://*.doubleclick.net https://www.facebook.com/tr/ https://*.google.com.au https://*.faqbot.nz https://*.faqbot.ai https://faqbotprodstorage.blob.core.windows.net https://*.clarity.ms/ https://*.bing.com/; media-src 'self' https://*.agonline.co.nz https://www.youtube.com; frame-src 'self' https://www.google.com https://www.youtube.com https://*.formsbyair.com https://*.typeform.com https://woobox.com https://app.powerbi.com https://*.hotjar.com wss://directline.botframework.com https://www.iheart.com; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://*.faqbot.nz https://*.faqbot.ai; connect-src 'self' https://api.addressfinder.io https://maps.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://bam.nr-data.net https://pggnodeprod.prod.acquia-sites.com/getEmbedToken https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://directline.botframework.com https://directline.botframework.com https://*.faqbot.nz https://*.faqbot.ai https://*.facebook.com https://*.cognitoforms.com cloudflareinsights.com https://*.clarity.ms/ https://*.google.com/; report-uri /report-csp-violation 1
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.pro https://mangaku.in https://manganime.id https://manganime.in 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.xnxxmovies.com/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self' *.smard.de; default-src *.gstatic.com *.googleapis.com 'unsafe-inline' 'self' *.smard.de; img-src data: *.googleapis.com *.gstatic.com 'self' *.smard.de 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.smard.de *.googleapis.com 1
style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; 1
form-action 'self'; img-src 'self' 3a3db55c-6b80-485f-880f-ced12ed4c80d.ams3.cdn.digitaloceanspaces.com; default-src 'self'; script-src 'self' 'nonce-XxqdQ1S9ylWlI6Z3ifBbaQ=='; style-src 'self' 'nonce-XxqdQ1S9ylWlI6Z3ifBbaQ=='; base-uri 'self' 1
report-uri https://gdm.cl 1
default-src 'self'; connect-src * data: blob: filesystem:; style-src 'self' fonts.googleapis.com fast.fonts.net data: 'unsafe-inline'; img-src 'self' www.facebook.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com track.hubspot.com www.google.com www.google.ca 987212875.privacysandbox.googleadservices.com googleads.g.doubleclick.net maps.gstatic.com data: 'unsafe-eval' 'unsafe-inline' image; frame-src 'self' app.hubspot.com forms.hsforms.com www.google.com bid.g.doubleclick.net data:; font-src 'self' fast.fonts.net fonts.gstatic.com data: 'unsafe-inline' 'unsafe-eval'; media-src * data: blob: filesystem:; object-src 'none'; script-src 'self' cdn.bc0a.com connect.facebook.net maps.googleapis.com www.gstatic.com www.google.com fast.fonts.net www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com cdn.jsdelivr.net js.hs-scripts.com js.hsleadflows.net js.hsadspixel.net js.hs-banner.comjs.hs-analytics.net js.usemessages.com u.heatmap.it bid.g.doubleclick.net js.hs-banner.com js.hs-analytics.net js.hsforms.net www.google.ca 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.bc0a.com connect.facebook.net forms.hsforms.com maps.googleapis.com www.gstatic.com fast.fonts.net www.google.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com cdn.jsdelivr.net js.hsforms.net js.hs-scripts.com js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net js.usemessages.com u.heatmap.it bid.g.doubleclick.net js.hs-banner.com js.hs-analytics.net; 1
default-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.abettertomorrow-lidl-ni.co.uk  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.abettertomorrow-lidl-ni.co.uk; img-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com; object-src 'self'  data:  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'; script-src 'self'  blob:  data:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://fast.wistia.net/ https://forms.hsforms.com/ https://s7.addthis.com/ https://platform.twitter.com/ https://www.facebook.com/ https://www.google.com/ https://mozbar.moz.com/ https://td.doubleclick.net/; worker-src blob:; form-action 'self' https: 1
frame-ancestors 'self' https://*.linearmotioneering.com; 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.pe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr; 1
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src https://* wss://api.scaledrone.com/v3/websocket wss://ff.kis.v2.scr.kaspersky-labs.com; frame-src https://* wss://ff.kis.v2.scr.kaspersky-labs.com; object-src 'self'; worker-src https://tetatet-club.ru/ https://www.gstatic.com/ https://mc.yandex.ru https://mc.yandex.com https://an.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://ff.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com/ https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yastatic.net https://an.yandex.ru https://yandex.net https://www.google-analytics.com https://www.googletagmanager.com;img-src * blob: * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com; media-src * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com 1
frame-ancestors 'self' *.authorize.net 1
default-src 'self' *.google-analytics.com *.youtube.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com *.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.googleapis.com connect.facebook.net www.google.co.th www.msig-thai.com cdn-akamai.mookie1.com tags.tiqcdn.com embed.typeform.com *.addthis.com *.zalo.me *.addthisedge.com *.moatads.com *.jsdelivr.net *.newrelic.com *.zdn.vn *.facebook.net https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: www.google-analytics.com *.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com *.facebook.com *.google.co.th *.google.com.sg; frame-src 'self' *.youtube.com *.zalo.me *.google.com tags.tiqcdn.com *.doubleclick.net *.addthis.com *.typeform.com *.facebook.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com; connect-src 'self' browser.pipe.aria.microsoft.com *.zalo.me www.google-analytics.com *.google.com *.google.co.in *.google.co.th *.doubleclick.net *.addthis.com *.newrelic.com *.googleapis.com *.google-analytics.com 1
frame-ancestors 'self' https://patient.ehs.gov.ae https://ppdev.ehs.gov.ae; worker-src 'self' blob:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com *.livechatinc.com; script-src 'unsafe-inline' 'unsafe-eval' http: https:; connect-src 'self' maps.googleapis.com www.google-analytics.com analytics.google.com api.livechatinc.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hubapi.com *.hscollectedforms.net cdn.linkedin.oribi.io; img-src * data:; style-src * 'unsafe-inline';base-uri 'self';form-action 'self' *.facebook.com; font-src * data:; frame-src 'self' *.google.com *.livechatinc.com *.facebook.com *.youtube.com *.vimeo.com *.doubleclick.net; object-src 'none'; 1
frame-ancestors https://www.chemtube3d.com 1
script-src 'self' https://www.google.com/ https://www.gstatic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://ssl.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 1
default-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:; object-src *; script-src * *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data: *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors *.asus.com; 1
frame-ancestors https://*.linc-ed.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' http *.googletagmanager.com *.google.com *.gstatic.com *.polyfill.io polyfill.io *.zoho.com *.zohocdn.com *.zohostatic.com *.facebook.net *.twitter.com *.typekit.net *.omwpapi.com *.jsdelivr.net *.richplugins.com *.widgetpack.com *.facebook.com *.omappapi.com; 1
default-src 'self'; connect-src *;font-src * data:;img-src * data:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 1
frame-ancestors 'self' https://metrofcu.org https://*.metrofcu.org https://www.youtube.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-089327c299626130d688ad24550d0ce5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; font-src 'self'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com; child-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' data: https://webstats.oriented.net https://*.paypal.com https://*.paypalobjects.com; object-src 'none'; script-src 'self' https://webstats.oriented.net https://*.paypal.com https://*.paypalobjects.com 'nonce-b19ba82bfb0a0a7352db40b8f8db988a'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'nonce-b19ba82bfb0a0a7352db40b8f8db988a'; connect-src 'self' https://webstats.oriented.net https://*.paypal.com https://*.paypalobjects.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://elemental.report-uri.io/r/default/csp/enforce  1
default-src 'self'  cdn.infiniteobjects.com fonts.gstatic.com; frame-src 'self' ipfs.io arweave.net *.arweave.net generator.artblocks.io generator-staging-goerli.artblocks.io www.youtube.com www.youtube-nocookie.com verify.walletconnect.com proofxyz.mypinata.cloud *.crossmint.com; connect-src 'self' *.ingest.sentry.io wss://*.infura.io wss://*.walletlink.org wss://*.bridge.walletconnect.org registry.walletconnect.com wss://*.walletconnect.com *.walletconnect.com cloudflare-eth.com *.wallet.coinbase.com api.wallet.coinbase.com mainnet-infura.wallet.coinbase.com *.algolia.net *.algolianet.com generator.artblocks.io generator-staging-goerli.artblocks.io media-proxy-staging.artblocks.io proof-staging.snag-render.com proof.snag-render.com www.googletagmanager.com www.google-analytics.com storage.googleapis.com birdwatching.moonbirds.xyz *.infura.io *.g.alchemy.com *.alchemyapi.io *.infiniteobjects.com *.sandbox.infiniteobjects.com *.myshopify.com graphql.contentful.com goerli---entropyserver-prod-r6hwrvi3xa-uc.a.run.app mainnet---entropyserver-prod-r6hwrvi3xa-uc.a.run.app api.proof.xyz api.proofof.dev birdwatching.moonbirds.xyz api.proof.xyz *.mux.com inferred.litix.io ipfs.io studio.plasmic.app cdn.contentful.com *.crossmint.com arweave.net *.arweave.net; script-src 'self' 'unsafe-eval' www.googletagmanager.com 'unsafe-inline' *.infiniteobjects.com *.sandbox.infiniteobjects.com studio.plasmic.app; script-src-elem 'self' www.googletagmanager.com 'unsafe-inline' *.infiniteobjects.com *.sandbox.infiniteobjects.com studio.plasmic.app cdnjs.cloudflare.com/ajax/libs/p5.js/1.0.0/p5.min.js cdnjs.cloudflare.com/ajax/libs/babylonjs/5.0.0/babylon.js; style-src 'self' 'unsafe-inline' cdn.infiniteobjects.com fonts.googleapis.com studio.plasmic.app; img-src 'self' data: *.proof.xyz pbs.twimg.com live---metadata-5covpqijaa-uc.a.run.app lh3.googleusercontent.com cdn.infiniteobjects.com *.walletconnect.com www.googletagmanager.com cdn.discordapp.com proof-nft-image.imgix.net proof-nft-image-dev.imgix.net proof-xyz.imgix.net moonbirds.imgix.net moonbirds-oddities.imgix.net proof-collective.imgix.net lunar-society.imgix.net mythics-assets.imgix.net mythics-purchase.imgix.net mythics-purchase-dev.imgix.net images.ctfassets.net downloads.ctfassets.net *.mux.com i.ytimg.com placehold.co storage.googleapis.com studio.plasmic.app img.plasmic.app site-assets.plasmic.app www.crossmint.io www.crossmint.com arweave.net *.arweave.net; media-src 'self' data: cdn.infiniteobjects.com storage.googleapis.com proof-nft-image.imgix.net proof-nft-image-dev.imgix.net proof-xyz.imgix.net moonbirds.imgix.net moonbirds-oddities.imgix.net proof-collective.imgix.net lunar-society.imgix.net mythics-assets.imgix.net mythics-purchase.imgix.net mythics-purchase-dev.imgix.net proof.infura-ipfs.io videos.ctfassets.net *.mux.com blob: arweave.net *.arweave.net; worker-src 'self' blob:; form-action 'self'; frame-ancestors studio.plasmic.app 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTk1LDE3Nyw3NSwxNjgsMTM5LDkzLDgxLDIx' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
fonts.googleapis.com fonts.gstatic.com;'unsafe-inline'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://comparadorluz.com/report-uri/enforce 1
frame-ancestors *.speedtest.net:* localhost 1
frame-ancestors 'self' https://flex.twilio.com; 1
frame-ancestors 'self' *.qiscus.com *.midtrans.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'                data:                seal.godaddy.com                stats.g.doubleclick.net      *.doubleclick.net               *.googleapis.com               *.google-analytics.com                www.google.com               kit-pro.fontawesome.com                use.fontawesome.com               code.jquery.com                gitcdn.github.io                cdn.mcauto-images-production.sendgrid.net                *.googletagmanager.com                cdn.jsdelivr.net                fonts.googleapis.com                maxcdn.bootstrapcdn.com                *.gstatic.com                *.servicemacusa-dev.com                *.servicemacusa-test.com                *.servicemacusa.com                myservicemac.com                online.swagger.io                *.google.com               newton.newtonsoftware.com               snap.licdn.com               *.doubleclick.net               px.ads.linkedin.com               recruitingbypaycor.com               *.surveymonkey.com               *.smassets.net               p.adsymptotic.com      player.vimeo.com; 1
default-src 'none'; connect-src 'self' sentry.io *.sentry.io; img-src blob: data: *; media-src data: *; style-src 'self' 'unsafe-inline'; font-src data: 'self'; script-src 'self' 'nonce-2ib0uShLQ9yb3nuKTgVV_'; frame-src js.stripe.com quickley.chat; base-uri https://quickley.chat; frame-ancestors * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.cookielaw.org *.vo.msecnd.net *.ikea.com  dc.services.visualstudio.com secure.gravatar.com view.publitas.com *.onetrust.com vimeo.com player.vimeo.com *.vimeocdn.com yoast.com *.w.org fonts.googleapis.com www.googletagmanager.com; 1
default-src 'self' https://seatable.io https://cloud.seatable.io https://wp-stats.seatable.io https://api.zapier.com https://zapier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wp-stats.seatable.io https://cdn.zapier.com; img-src 'self' https://cdn.weglot.com data: https://zapier-images.imgix.net; style-src 'self' 'unsafe-inline' https://cdn.zapier.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://seatable.io https://cloud.seatable.io https://zapier.com 1
default-src 'none'; child-src 'self' blob: data: api.insurgo.cloud *.api.insurgo.cloud headway-widget.net intercom-sheets.com loom.com www.loom.com; object-src 'self' blob: data: api.insurgo.cloud *.api.insurgo.cloud; script-src 'self' cdn.headwayapp.co app.intercom.io widget.intercom.io js.intercomcdn.com https://eu.posthog.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.intercomcdn.com cdn.headwayapp.co; font-src 'self' data: js.intercomcdn.com fonts.intercomcdn.com fonts.gstatic.com fonts.intercomcdn.com; img-src 'self' data: blob: static.intercomassets.com messenger-apps.intercom.io *.api.insurgo.cloud https:; media-src https:; manifest-src 'self'; frame-ancestors 'self'; form-action 'self' intercom.help intercom.io; base-uri 'self'; connect-src 'self' wss://*.intercom.io *.intercom.io api.insurgo.cloud *.api.insurgo.cloud nominatim.openstreetmap.org wss://*.api.insurgo.cloud uploads.intercomcdn.com wss://*.stream-io-api.com https://*.stream-io-api.com ideen.insurgo.cloud https://eu.posthog.com; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.it https://www.myheritage.it  'nonce-b51c064c849b21e6df16c739aaf58b54' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self' *.surveycto.com 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.fastcdn.co *.instapage.com *.instapagemetrics.com cdnjs.cloudflare.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.clarity.ms *.oribi.io *.marketo.com *.statcounter.com code.jquery.com cdn.amcharts.com player.vimeo.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com j.6sc.co trk.techtarget.com app.secureprivacy.ai a.omappapi.com cdn.jsdelivr.net www.googletagmanager.com match.prod.bidr.io *.google.com *.hotjar.com *.hotjar.io *.marketo.net *.linkedin.com *.googleapis.com d26x5ounzdjojj.cloudfront.net *.3pillarglobal.com p.adsymptotic.com secure.gravatar.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com c.6sc.co *.googleadservices.com; connect-src 'self' *.fastcdn.co *.instapage.com *.instapagemetrics.com *.statcounter.com *.clarity.ms *.techtarget.com *.oribi.io *.google.com *.marketo.com *.6sc.co maps.googleapis.com secure.adnxs.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com *.googleadservices.com yoast.com *.hotjar.com *.g.doubleclick.net *.mktoresp.com api-prod.secureprivacy.ai *.google-analytics.com googleads.g.doubleclick.net soundcloud.com ws:; font-src 'self' https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' *.fastcdn.co *.instapage.com *.instapagemetrics.com https://www.google.ro https://www.google-analytics.com https://www.googletagmanager.com *.clarity.ms *.oribi.io https://optimize.google.com c.statcounter.com s.w.org code.jquery.com maps.gstatic.com cdn.amcharts.com app.secureprivacy.ai *.google.co.in *.google.com cdn.jsdelivr.net *.3pillarglobal.com b.6sc.co *.linkedin.com soundcloud.com apt.techtarget.com *.google-analytics.com secure.gravatar.com p.adsymptotic.com data:; style-src 'unsafe-inline' http: https:; frame-src 'self' *.apple.com *.soundcloud.com *.clarity.ms *.oribi.io https://optimize.google.com www.youtube.com www.slideshare.net vars.hotjar.com *.hotjar.io *.g.doubleclick.net *.3pillarglobal.com player.vimeo.com *.libsyn.com *.secureprivacy.ai; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3pillarglobal.showpad.com 3pillarglobal.showpad.biz; 1
default-src 'self' *.gstatic.com *.lpsnmedia.net *.liveperson.net;media-src *.lpsnmedia.net *.liveperson.net;connect-src 'self' *.lpsnmedia.net *.liveperson.net wss: https:; style-src 'self' unpkg.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' blob https: *.lpsnmedia.net *.liveperson.net; manifest-src 'self';worker-src blob:; img-src 'self' *.google-analytics.com i3.ytimg.com api.mapbox.com unpkg.com https://bopwebsitestorage.blob.core.windows.net/ *.lpsnmedia.net data:; frame-src  *.euroland.com *.openstreetmap.org *.google.com *.youtube.com *.facebook.com *.lpsnmedia.net *.liveperson.net 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-vQWW9+DDm7o5vRen50MHEA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; report-uri https://csp.yahoo.com/beacon/csp?src=syc; 1
default-src 'self' * data: blob: https: *.dnaweekly.com dnaweekly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cheqzone.com *.ostrichesica.com *.peacebanana.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: dnaweekly.com *.dnaweekly.com *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
img-src data: 'self' https://dc.ads.linkedin.com https://maps.googleapis.com https://maps.gstatic.com/ https://*.tile.openstreetmap.org https://www.google-analytics.com https://www.google.nl https://www.google.com https://www.googletagmanager.com;frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://player.vimeo.com https://vars.hotjar.com;script-src 'nonce-nS3q1bys6AeLR0BAu4P9' 'strict-dynamic' ;style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://ajax.googleapis.com/ https://netdna.bootstrapcdn.com;font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com;connect-src 'self' https://www.google-analytics.com https://consentcdn.cookiebot.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://content.hotjar.io;manifest-src 'self';default-src 'self' https://www.odin.nl 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.analytics.tiktok.com https://*.app-us1.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://js.usemessages.com https://js.hsadspixel.net https://*.hscollectedforms.net https://*.mouseflow.com https://*.sc-static.net https://*.segment.com https://analytics.tiktok.com https://sc-static.net https://cdnjs.cloudflare.com https://*.diffbot.com https://*.diffbot.co https://*.youtube.com https://*.hsforms.com https://*.hsforms.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4820107196760064.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-4820107196760064.storage.googleapis.com; img-src 'self' data: https://*.polygence.org https://dpl6hyzg28thp.cloudfront.net https://m0bjmfutxh.execute-api.us-west-1.amazonaws.com https://*.hsforms.com https://*.hubspot.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.hu https://*.ytimg.com https://drive-thirdparty.googleusercontent.com https://www.notion.so app.pendo.io cdn.pendo.io data.pendo.io pendo-static-4820107196760064.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-eu-static-4820107196760064.storage.googleapis.com; media-src 'self' https://*.polygence.org https://dpl6hyzg28thp.cloudfront.net; frame-src 'self' https://*.polygence.org https://*.videoask.com https://*.snapchat.com https://*.facebook.com https://*.youtube.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://calendly.com app.pendo.io app.eu.pendo.io portal.feedback.eu.pendo.io portal.feedback.us.pendo.io; frame-ancestors 'self' app.pendo.io app.eu.pendo.io https://www.maialearning.com; manifest-src 'self' https://*.polygence.org; default-src 'self' https://*.polygence.org; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://at.alicdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-4820107196760064.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-4820107196760064.storage.googleapis.com; connect-src 'self' wss://*.polygence.dev wss://*.polygence.org https://*.polygence.dev https://*.polygence.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://forms.hscollectedforms.net https://*.hubspot.com https://*.sentry.io https://*.segment.io https://*.segment.com https://*.snapchat.com https://*.doubleclick.com https://*.doubleclick.net https://*.tiktok.com https://*.mouseflow.com https://*.diffbot.com https://*.hsforms.com https://*.hsforms.net https://api.hubapi.com https://noembed.com app.pendo.io data.pendo.io pendo-static-4820107196760064.storage.googleapis.com app.eu.pendo.io app.us.pendo.io data.eu.pendo.io data.us.pendo.io api.feedback.eu.pendo.io api.feedback.us.pendo.io pendo-eu-static-4820107196760064.storage.googleapis.com https://*.contentful.com; child-src app.pendo.io app.eu.pendo.io; object-src 'none'; 1
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; 1
script-src-elem https://www.bwi.de https://sc-static.net https://piwik.bwi.de https://connect.facebook.net https://js.adsrvr.org https://snap.licdn.com https://static.ads-twitter.com https://acdn.adnxs.com https://www.googletagmanager.com https://tr.snapchat.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/pagead/1p-conversion/11022211265/ https://www.google.com/pagead/1p-conversion/813917562/ *.www.google.com https://bwi-staging.jweiland-hosting.de https://www.google.de https://match.adsrvr.org 'report-sample'; default-src 'self' https://*.bwi.de https://cdn.linkedin.oribi.io https://tr.snapchat.com https://insight.adsrvr.org https://match.adsrvr.org https://play-workadventure.innoxlab.de/web/; script-src 'self' 'nonce-mwTa1RHvV8HufRSeLgUsnxlClORjOuAmhKbrTQkwUCX2tRhJyBRDKw' 'strict-dynamic' unsafe-inline http: https: https://www.bwi.de https://bwi-staging.jweiland-hosting.de https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/878161939333953 https://bat.bing.com/bat.js https://bat.bing.com/p/action/134601748.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://p.teads.tv/teads-fellow.js https://www.redditstatic.com/ads/pixel.js https://sc-static.net/scevent.min.js https://acdn.adnxs.com/dmp/up/pixie.js https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.googleadservices.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://www.bwi.de https://bwi-staging.jweiland-hosting.de https://messenger.bwi.de https://karriere.bwi.de https://secure.adnxs.com https://bat.bing.com https://*.linkedin.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://ad.doubleclick.net https://adservice.google.com https://adservice.google.de https://alb.reddit.com https://www.facebook.com https://ib.adnxs.com https://px4.ads.linkedin.com https://gtm-t9r5q9m-yja3z.uc.r.appspot.com https://gtm-t9r5q9m-yja3z.uc.r.appspot.com/%2A https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.nl; base-uri 'self'; frame-src https://insight.adsrvr.org https://match.adsrvr.org https://bat.bing.com https://www.googletagmanager.com https://tr.snapchat.com https://td.doubleclick.net; style-src 'self' 'unsafe-inline' 'report-sample'; object-src 'none'; font-src 'self'; worker-src blob:; connect-src https://*.bwi.de https://bwi.ddev.site https://*.jweiland-hosting.de https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://gtm-t9r5q9m-yja3z.uc.r.appspot.com https://tr.snapchat.com https://*.bing.com https://bat.bing.com/%2A https://www.facebook.com https://*.googlesyndication.com https://px.ads.linkedin.com; report-uri https://www.bwi.de/@http-reporting?csp=report&requestTime=1705979792205745 1
default-src 'self' 'unsafe-inline' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net fonts.googleapis.com youtube.com *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://stats.g.doubleclick.net olivia.paradox.ai dokumfe7mps0i.cloudfront.net tupf3ye5m3.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com cdn.rawgit.com otp.tools.investis.com https://sc.lfeeder.com https://staticcontents.investisdigital.com dokumfe7mps0i.cloudfront.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net netdna.bootstrapcdn.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com youtube.com brightcove.hs.llnwd.net; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com otp.tools.investis.com *.dtn.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com dokumfe7mps0i.cloudfront.net; report-uri /report-csp-violation 1
default-src 'self' https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://va.ecitizen.gov.sg https://*.vica.gov.sg wss://chat.vica.gov.sg https://*.faq.vica.gov.sg *.vica.gov.sg webchat.vica.gov.sg/ https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://*.wogaa.sg https://assets.wogaa.sg/ https://www.youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com blob: https://*.wogaa.sg https://*.dcube.cloud https://assets.adobedtm.com/ https://va.ecitizen.gov.sg https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org webchat.vica.gov.sg/ https://assets.wogaa.sg/scripts/wogaa.js faq.vica.gov.sg/static/js/faq.js faq.vica.gov.sg/static/css/faq.css https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://assets.dcube.cloud/fonts/ https://va.ecitizen.gov.sg https://tagmanager.google.com https://fonts.googleapis.com webchat.vica.gov.sg/* webchat.vica.gov.sg/static/css/chat.css faq.vica.gov.sg/static/js/faq.js faq.vica.gov.sg/static/css/faq.css https://assets.wogaa.sg/ https://www.youtube.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://assets.dcube.cloud/fonts/ https://va.ecitizen.gov.sg https://fonts.gstatic.com https://s3-us-west-2.amazonaws.com data: https://assets.wogaa.sg/fonts/ https://www.youtube.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://va.ecitizen.gov.sg https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www-seab-gov-sg-admin.cwp.sg/ *.googleusercontent.com https://docs.google.com https://*.vica.gov.sg https://*.faq.vica.gov.sg *.vica.gov.sg faq.vica.gov.sg/static/js/faq.js faq.vica.gov.sg/static/css/faq.css www.gstatic.com https://www.seab.gov.sg https://www.youtube.com/; media-src 'self' data: blob:; frame-src 'self' www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.onemap.gov.sg/ https://*.wogaa.sg https://assets.wogaa.sg/ https://www.youtube.com/embed/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://wogaa.demdex.net/ https://www.onemap.sg/ *.onemap.gov.sg https://*.wogaa.sg https://assets.wogaa.sg/; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.dcube.cloud https://dpm.demdex.net/ https://www.google-analytics.com https://va.ecitizen.gov.sg https://*.vica.gov.sg wss://chat.vica.gov.sg https://*.faq.vica.gov.sg wss://chat.faq.vica.gov.sg *.vica.gov.sg https://*.wogaa.sg https://assets.wogaa.sg/; 1
default-src 'sha256-yxgLZFePCtAeShTzV7htVjQ1i40EtG1UVGoCG4/CzxI=' https://www.promonatalmms.com.br/ https://promonatalmms.com.br/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/4.7.95/css/materialdesignicons.css; script-src 'nonce-2726c7f26c' https://cdn.jsdelivr.net/ https://promonatalmms.com.br/ https://app.usercentrics.eu/ https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://cdnjs.cloudflare.com/ajax/libs/jScrollPane/2.2.2/script/jquery.jscrollpane.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js https://mpeztrack.com/v1.0.0/eztrack.min.js https://www.googletagstmanager.com/ https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google.com/ https://www.gstatic.com/ https://analytics.google.com/ https://analytics.google.com/g/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/593290475476163 https://www.googletagmanager.com/ https://viacep.com.br/ https://connect.facebook.net/ https://www.promonatalmms.com.br/ https://promonatalmms.com.br/ https://fonts.googleapis.com/; connect-src https://api.usercentrics.eu/ https://google.com/ https://www.promonatalmms.com.br/ https://promonatalmms.com.br/ https://analytics.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://api-js.mixpanel.com/track/ https://api-js.mixpanel.com/engage/; img-src https://www.promonatalmms.com.br/ https://promonatalmms.com.br/ https://www.google-analytics.com/ https://www.facebook.com/ http://www.w3.org/2000/svg/ data: https:; font-src https://www.promonatalmms.com.br/ https://promonatalmms.com.br/ https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/ https://cdn.jsdelivr.net/; frame-src data: https://www.facebook.com/ https://drive.google.com/ https://www.google.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net/; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://ws.pusherapp.com https://sockjs.pusher.com https://d2wy8f7a9ursnm.cloudfront.net https://www.bugherd.com https://analytics-eu.clickdimensions.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://tagmanager.google.com https://www.youtube.com https://connect.facebook.net https://cdn.reactandshare.com https://data.reactandshare.com https://static.ads-twitter.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://d2iiunr5ws5ch1.cloudfront.net;style-src 'self' 'unsafe-inline' https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://www.bugherd.com https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn.reactandshare.com;img-src 'self' https://seafishsa.blob.core.windows.net https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net https://www.bugherd.com https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://cdn.reactandshare.com https://data.reactandshare.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://px4.ads.linkedin.com;media-src 'self';frame-src 'self' https://analytics-eu.clickdimensions.com https://e.issuu.com https://www.google.com https://youtu.be https://m.youtube.com https://www.youtube.com https://www.facebook.com;font-src 'self' data: https://d2iiunr5ws5ch1.cloudfront.net https://www.bugherd.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.reactandshare.com;connect-src 'self' wss://ws.pusherapp.com https://www.bugherd.com https://sockjs.pusher.com https://stats.g.doubleclick.net https://www.google-analytics.com https://data.reactandshare.com https://maps.googleapis.com https://region1.google-analytics.com;child-src 'self';worker-src 'self';upgrade-insecure-requests;block-all-mixed-content;report-uri https://www.seafish.org/Umbraco/Api/BrowserReporting/Csp 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'self' data: *; style-src 'self' data: 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' data: *; frame-src 'self' data: *; font-src 'self' data: *; connect-src 'self' data: * 1
frame-ancestors citizenwatch.eu 'self' *.etracker.com http://192.168.0.3; 1
default-src 'self' data: *.birjand.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.vo.msecnd.net privacyportal.cookiepro.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net www.googletagmanager.com channel.me fonts.googleapis.com code.jquery.com www.google.com fonts.gstatic.com www.gstatic.com www.google-analytics.com; connect-src 'self' *.google-analytics.com privacyportal.cookiepro.com cookie-cdn.cookiepro.com geolocation.onetrust.com www.google-analytics.com dc.services.visualstudio.com auth.prod.tapico.io store.embark.prod.tapico.io services.postcodeanywhere.co.uk api.addressy.com store.scottishwidowsplatform.prod.tapico.io; frame-src 'self' auth.prod.tapico.io identity.embark.prod.tapico.io store.embark.prod.tapico.io *.cybersource.com channel.me www.google.com identity.scottishwidowsplatform.prod.tapico.io store.scottishwidowsplatform.prod.tapico.io; 1
frame-ancestors 'self' https://express.midwestgoods.com 1
frame-src 'self' data: blob: www.youtube.com youtube.com *.youtube.com player.vimeo.com www.testamenttest.nl *.nierstichting.nl *.nierstichting-tools.nl web.abbi-insights.com consentcdn.cookiebot.com staging-nierstichting.plaatjesmaker.nu nierstichting.plaatjesmaker.nu *.doubleclick.net *.pinterest.com; style-src-elem 'self' 'unsafe-inline' cloud.webtype.com cloud.typenetwork.com www.googletagmanager.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' nieren.containers.piwik.pro www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com storage.googleapis.com nieren.piwik.pro connect.facebook.net content.jwplatform.com consent.cookiebot.com pagead2.googlesyndication.com *.squeezely.tech squeezely.tech consentcdn.cookiebot.com *.googleadservices.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net tpc.googlesyndication.com *.pinimg.com *.adnxs.com *.hotjar.com *.hotjar.com *.linkedin.com *.google-analytics.com *.google.com *.google.nl *.youtube.com; img-src 'self' data: pls.webtype.com www.google-analytics.com nieren.piwik.pro www.facebook.com pagead2.googlesyndication.com *.gstatic.com *.squeezely.tech googleads.g.doubleclick.net *.linkedin.com *.adnxs.com *.google.com www.google.com *.google.nl *.pinterest.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' nieren.containers.piwik.pro www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com storage.googleapis.com nieren.piwik.pro connect.facebook.net content.jwplatform.com consent.cookiebot.com pagead2.googlesyndication.com *.squeezely.tech squeezely.tech consentcdn.cookiebot.com *.googleadservices.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net tpc.googlesyndication.com *.pinimg.com *.adnxs.com *.hotjar.com *.hotjar.com *.linkedin.com *.google-analytics.com *.google.com *.google.nl *.youtube.com; style-src 'self' 'unsafe-inline' cloud.webtype.com cloud.typenetwork.com www.googletagmanager.com fonts.googleapis.com; frame-ancestors nierstichting.collecteweb.nl test02-nierstichting.stb.nl cboards.caresharing.eu; default-src 'self' api.storyteq.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.google.com consentcdn.cookiebot.com squeezely.tech *.googleadservices.com static.hotjar.com snap.licdn.com *.youtube.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com; font-src 'self' data: cloud.webtype.com *.typenetwork.com *.gstatic.com; media-src 'self' player.vimeo.com vod-progressive.akamaized.net 1
frame-ancestors 'self' https://www.barnettcatalogs.com 1
base-uri 'self'; child-src 'self' www.google.com www.echs.gov.in www.prpsms.co.in; connect-src 'self'; default-src www.echs.gov.in; font-src fonts.gstatic.com www.echs.gov.in; form-action 'self'; frame-ancestors 'none'; img-src 'self' www.echs.gov.in data:; object-src 'self'; script-src 'self' 'nonce-d49f6329dd171b8723ae51c8' www.echs.gov.in www.google.com www.gstatic.com www.prpsms.co.in strict-dynamic unsafe-hashes 'unsafe-eval'; style-src 'self' 'nonce-b0f3bd5b7862ee4827fbb850' fonts.googleapis.com unsafe-hashes www.echs.gov.in; upgrade-insecure-requests; 1
child-src 'self' ;connect-src 'unsafe-inline' 'self' *.sharethis.com * *;default-src   'self' data:;;font-src *.userway.org 'unsafe-inline' 'self' data:;;frame-ancestors 'self' www.google.com/recaptcha/*  www.gstatic.com/recaptcha/* *.linkedin.com/* ;frame-src 'unsafe-inline' www.google.com/recaptcha/*  www.gstatic.com/recaptcha/* * *;img-src 'unsafe-inline' 'self' * *;media-src 'unsafe-inline' * *;object-src 'unsafe-inline' *;script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com/recaptcha/*  www.gstatic.com/recaptcha/* cdnjs.cloudflare.com html2canvas.hertzen.com *.sharethis.com accessibilityserver.org www.googletagmanager.com *.userway.org ajax.googleapis.com * *;style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com www.google.com/recaptcha/*  www.gstatic.com/recaptcha/* unpkg.com *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.acquia-sites.com cdn.cookielaw.org js-agent.newrelic.com s.go-mpulse.net *.googletagmanager.com unpkg.com cdn.jsdelivr.net snap.licdn.com *.facebook.net static.ads-twitter.com googleads.g.doubleclick.net *.googleadservices.com *.googlesyndication.com cdnjs.cloudflare.com *.acquia.com *.recaptcha.net *.gstatic.com secure.revvity.com www.citeab.com server-side-tagging-ivghevul2a-uc.a.run.app server-side-tagging-preview-ivghevul2a-uc.a.run.app *.surveymonkey.com *.googleapis.com; style-src * 'unsafe-inline'; img-src * data:; media-src *.aprimocdn.net resources.revvity.com; frame-src 'self' cdnapisec.kaltura.com *.doubleclick.net *.youtube.com *.googletagmanager.com *.googlesyndication.com *.facebook.com *.recaptcha.net *.gstatic.com app.fluorofinder.com *.surveymonkey.com; frame-ancestors 'self'; child-src 'self' cdnapisec.kaltura.com *.doubleclick.net *.youtube.com *.googletagmanager.com *.googlesyndication.com *.facebook.com *.recaptcha.net *.gstatic.com; font-src 'self' fonts.gstatic.com data:; connect-src * properties; report-uri /report-csp-violation 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
upgrade-insecure-requests; style-src https://cromwell-intl.com https://alt.cromwell-intl.com https://*.googleapis.com 'unsafe-inline'; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tweesecake.social; img-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social; style-src 'self' https://tweesecake.social 'nonce-fGuBhibtSSRUP4tc2+2R9A=='; media-src 'self' data: https://tweesecake.social https://cdn.tweesecake.social; frame-src 'self' https:; manifest-src 'self' https://tweesecake.social; form-action 'self'; child-src 'self' blob: https://tweesecake.social; worker-src 'self' blob: https://tweesecake.social; connect-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social wss://tweesecake.social; script-src 'self' https://tweesecake.social 'wasm-unsafe-eval' 1
default-src 'self'; font-src 'self';img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; object-src 'none'; script-src 'self' https://chartstatic.com https://chartexchange.com https://chartexchange.local https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://code.jquery.com https://js.stripe.com https://hooks.stripe.com https://stripecdn.com 'nonce-dfd40c7fdee649706844e5ec9dafecfd' 1
frame-ancestors *.juegos123.net juegos123.net; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5fdkdihiqua9e&partner=; 1
connect-src *.echidnaonline.com.au https://maps.googleapis.com https://maps.gstatic.com; base-uri *.echidnaonline.com.au; form-action *.echidnaonline.com.au 1
frame-ancestors 'self' https://labelmaster.applytojob.com https://service.ariba.com https://S3.ariba.com https://www.mycatalogcloud.com https://testing.mycatalogcloud.com http://ebsprdapp.lynden.com https://s1.ariba.com https://*.sciquest.com https://*.jaggaer.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com optimize.google.com *.monsido.com connect.facebook.net *.cloudfront.net api.reciteme.com secure-ds.serving-sys.com bs.serving-sys.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com secure.quantserve.com rules.quantcount.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au *.facebook.com *.sc-static.net maps.googleapis.com sc-static.net *.outbrain.com *.taboola.com *.yahoo.com *.yahooapis.com *.licdn.com *.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io sjs.bizographics.com *.yimg.com *.browsiprod.com *.openforms.com; style-src 'self' 'unsafe-inline' police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au fonts.googleapis.com tagmanager.google.com api.reciteme.com optimize.google.com drwgdblqzrfiz.cloudfront.net *.taboola.com *.licdn.com *.openforms.com; img-src 'self' data: blob: about: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com www.google.com.au *.linkedin.com api.reciteme.com pixel.quantserve.com *.facebook.com www.google.ca i.ytimg.com www.googletagmanager.com www.gstatic.com www.google.co.uk www.google.lu www.google.com.pk www.google.com.ua translate.google.com www.google.be www.google.com.sg www.google.co.bw www.google.co.nz omny.fm secure.adnxs.com optimize.google.com drwgdblqzrfiz.cloudfront.net maps.googleapis.com maps.gstatic.com *.taboola.com *.yahoo.com *.yimg.com ad.yieldmanager.com *.licdn.com *.adsymptotic.com; font-src 'self' data: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au fonts.gstatic.com api.reciteme.com *.taboola.com; frame-src 'self' data: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.issuu.com issuu.com api.reciteme.com www.google.com www.facebook.com maps.google.com www.policecareer.vic.gov.au *.vic.gov.au *.acast.com omny.fm *.doubleclick.net optimize.google.com vicpol.maps.arcgis.com *.taboola.com *.yimg.com *.linkedin.com *.openforms.com embed.podcasts.apple.com podcasters.spotify.com podcasts.google.com; manifest-src 'self'; media-src 'self' api.reciteme.com *.taboola.com *.yimg.com *.licdn.com; connect-src 'self' about: police.vic.gov.au content.police.vic.gov.au *.content.police.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.ipify.org api.reciteme.com drwgdblqzrfiz.cloudfront.net secure-ds.serving-sys.com *.doubleclick.net www.google-analytics.com www.facebook.com *.monsido.com *.sdp.vic.gov.au analytics.google.com bs.serving-sys.com maps.googleapis.com *.outbrain.com *.taboola.com *.yahoo.com *.browsiprod.com *.yimg.com *.linkedin.com *.licdn.com cdn.linkedin.oribi.io; frame-ancestors 'self' *.youtube.com *.taboola.com *.yimg.com *.yahoo.com; base-uri *.taboola.com *.yahoo.com; form-action *.taboola.com apply.policecareer.vic.gov.au; 1
child-src blob; worker-src blob; img-src 'self' *.cloudimg.io *.utax.de *.google-analytics.com *.linkedin.com *.facebook.com *.hubspot.com *.hsforms.com *.cookiebot.com; media-src 'self' *.utax.de; object-src 'self'; script-src 'nonce-qeORh5yvR7PYKhdBFDrYaoBhGnF0zEZO' 'nonce-QXKmeKq6QV8hvK2Ucw8wkWWubhbYrMEx' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-rbvuRQ1hgbw4Bicz8nOsyiEAvHFIipM3BlLCvsa3sH8=' 'self' *.googletagmanager.com *.gtm.js *.cookiebot.com *.hotjar.com *.hs-scripts.com *.licdn.com *.outbrain.com *.facebook.net *.usemessages.com *.hscollectedforms.net *.hs-banner.com *.hubspot.com *.hs-analytics.net *.hsleadflows.net; frame-src 'self' *.googletagmanager.com *.cookiebot.com *.youtube.com *.vimeo.com *.triumph-adler.de *.doubleclick.net *.hs-sites-eu1.com; frame-ancestors 'none' 1
img-src * data:; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com fonts.gstatic.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com analyzer.amedick-sommer.de maps.googleapis.com static.dvinci-easy.com;frame-ancestors 'self'; 1
frame-ancestors *.goalsfootball.co.uk https://www.goalsfootball.co.uk *.studentbeans.com https://*.studentbeans.com localhost:3000 https://polite-youtiao-b0eba4.netlify.app https://www.googletagmanager.com https://www.google-analytics.com https://google.com/pay https://www.google.com https://pay.google.com https://client-event-remote-ag.dojo.tech 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; img-src data: https:; object-src 'none'; script-src 'self' *.sharethis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com adservice.google.com adservice.google.co.uk *.google.com *.googlesyndication.com *.googletagservices.com *.beyondwords.io *.instagram.com *.vimeo.com *.googleapis.com *.onesignal.com onesignal.com *.facebook.net chimpstatic.com *.mailchimp.com *.list-manage.com *.syncfusion.com 'unsafe-inline' 'unsafe-eval' ; connect-src 'self' *.sharethis.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.beyondwords.io *.googleapis.com *.googletagmanager.com onesignal.com; frame-src 'self' *.googlesyndication.com *.google.com *.beyondwords.io *.facebook.com *.vimeo.com *.instagram.com *.youtube.com *.linkedin.com; style-src 'self' fast.fonts.net *.google.com  *.googleapis.com 'unsafe-inline' onesignal.com *.mailchimp.com ; font-src 'self' *.gstatic.com ; upgrade-insecure-requests; 1
frame-ancestors 'self'  *.gator.com; 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net; img-src * data: about:; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1
object-src 'self' *.vimeo.com; style-src 'self' 'unsafe-inline' https://*.appcues.com https://*.googleapis.com https://*.typekit.net https://*.cloudflare.com https://*.stripe.com https://*.google.com; frame-ancestors 'self'; base-uri 'self'; form-action https://*.advsyscon.com https://*.hsforms.com https://*.zendesk.com https://forms.hubspot.com https://10.43.1.114 https://10.44.0.187 http://10.44.0.187 https://local.advsyscon.com http://local.advsyscon.com https://54.83.60.150 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sygnum.com https://*.iubenda.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://snap.licdn.com https://*.ads.linkedin.com https://assets.coingecko.com https://*.linkedin.com https://secure.gravatar.com https://d2etr7o2bnujnh.cloudfront.net https://player.vimeo.com https://www.buzzsprout.com https://ajax.cloudflare.com https://dsxmu6j95x8t1.cloudfront.net https://polygon-mainnet.infura.io https://dsxmu6j95x8t1.cloudfront.net https://cdn.linkedin.oribi.io https://ipinfo.io https://onboarding.api.sygnum.com https://yoast.com https://*.googleapis.com https://www.solwininfotech.com https://*.jquery.com https://www.youtube.com https://*.yoast.com https://*.helpscout.net https://www.cloudflare.com https://*.ipify.org https://i.vimeocdn.com https://fonts.gstatic.com https://*.youtube.com https://i.ytimg.com https://*.googletagmanager.com https://*.cloudfront.net https://*.ads-twitter.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.de https://t.co https://*.twitter.com https://*.doubleclick.net https://*.clarity.ms https://*.developers.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://wt.adctrl.com https://*.adctrl.com https://analytics.google.com https://d1z85o1lt4k8qg.cloudfront.net https://secure-t.sygnum.com https://api.redirect.li https://s.w.org; 1
font-src * data:; img-src *; script-src 'self' embed.tawk.to cdn.jsdelivr.net www.hostworx.co.za cdn.fraudlabspro.com www.google.com www.gstatic.com www.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to; frame-ancestors 'self'; report-uri ; report-to default 1
default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self' 1
frame-src 'self' *.amazon.de *.cookiebot.com *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.curator.io https://api.curator.io https://maps.googleapis.com https://ajax.googleapis.com https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://api-public.addthis.com https://cdn.userway.org/widget.js https://cdn.userway.org http://ajax.googleapis.com https://code.jquery.com/jquery-3.6.0.js https://code.jquery.com/ui/1.13.2/jquery-ui.js embedr.flickr.com widgets.flickr.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com use.fontawesome.com cdn-uicons.flaticon.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.curator.io https://pro.fontawesome.com https://cdn.userway.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.mlsstratus.com photos.v3.mlsstratus.com https://cdnjs.cloudflare.com https://cdn.curator.io https://cdn.userway.org live.staticflicker.com live.staticflickr.com farm66.staticflickr.com https://*.twimg.com https://curatorio.s3.amazonaws.com https://curator-assets.b-cdn.net www.lirealtor.com www.nar.realtor *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.fontawesome.com cdn-uicons.flaticon.com cdnjs.cloudflare.com https://pro.fontawesome.com https://ka-f.fontawesome.com https://cdn.userway.org cdn.jsdelivr.net; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.google.com https://w.soundcloud.com https://www.vimeo.com https://vimeo.com/ https://youtu.be/ https://www.nar.realtor https://s7.addthis.com https://cdn.userway.org https://zoom.us https://services.lirealtor.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://searchblox.lirealtor.com:8443 https://api.curator.io https://ka-f.fontawesome.com https://maps.googleapis.com https://services.lirealtor.com https://data.mlsli.com https://api.userway.org https://cdn.userway.org embedr.flickr.com analytics.google.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self' blob: http://auction.hermann-historica.de/api/ http://auction.local.hermann-historica.de:81/api/ http://auction.hermann-historica.de.adherhi.dev.arrabiata.de/api/ https://*.tokbox.com https://*.opentok.com wss://*.tokbox.com https://cdn.polyfill.io/v2/polyfill.min.js https://maxcdn.bootstrapcdn.com/font-awesome/ https://stackpath.bootstrapcdn.com/font-awesome/ wss://*.bidjs.com *.bidjs.com *.shopware.de  *.shopware.com secure.pay1.de www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.analytics.google.com cdnjs.cloudflare.com analytics.google.com stats.g.doubleclick.net code.jquery.com www.youtube.com www.youtube-nocookie.com https://connect.facebook.net/ https://www.facebook.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: img.youtube.com https://sbp-plugin-images.s3.amazonaws.com/ https://sbp-plugin-images.s3.eu-west-1.amazonaws.com/ https://*.amazonaws.com/sbp-plugin-images/ https://res.cloudinary.com/bidlogix/ https://res.cloudinary.com/bidlogix-test/ https://res.cloudinary.com/bidlogix-staging/ https://brighton-staging.eu-central-1.bidjs.com/ https://media.bidjs.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://www.google.de/ads/ https://ssl.gstatic.com/ https://www.gstatic.com/ https://www.facebook.com/tr/ 1
default-src 'none'; child-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.google-analytics.com https://ssl.google-analytics.com; connect-src 'self' http://www.google-analytics.com https://metrics.articulate.com;font-src 'self' data:;media-src 'self' data:;img-src 'self' data: http://www.google-analytics.com https://ssl.google-analytics.com https://www.creditxpert.com https://cxa.creditxpert.com; style-src 'self' 'unsafe-inline'; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' translate-pa.googleapis.com translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.heerlen.nl siteimproveanalytics.com cloudstatic.obi4wan.com geo.gegevenshuis.nl geocomponent.kaartviewer.nl heerlen.nl m5.mailplus.nl static.mailplus.nl stats.pusher.com www.digitaalpubliceren.com digitaalpubliceren.com;frame-src 'self' www.youtube-nocookie.com https://vimeo.com/ www.youtube.com 0917.ro-viewer.nl *.readspeaker.com www.prettigparkeren.nl player.vimeo.com www.digitaalpubliceren.com digitaalpubliceren.com;style-src 'self' 'unsafe-inline' www.gstatic.com translate.google.com translate.googleapis.com cloud.typography.com www.heerlen.nl  geo.gegevenshuis.nl geocomponent.kaartviewer.nl;img-src 'self' data: localhost:8080 www.gstatic.com s3-eu-west-1.amazonaws.com www.google-analytics.com i.vimeocdn.com *.global.siteimproveanalytics.io geo.gegevenshuis.nl geocomponent.kaartviewer.nl helpdesk.kaartviewer.nl geodata.nationaalgeoregister.nl www.openbasiskaart.nl service.pdok.nl www.digitaalpubliceren.com digitaalpubliceren.com;font-src 'self' data: ;object-src 'self';media-src 'self' *.readspeaker.com 1
default-src 'self' https://live.barcap.com/BC_S/ https://8347051.fls.doubleclick.net/ https://live.barcap.com/consent/; img-src 'self' https://live.barcap.com/BC_S/ https://adservice.google.com/ddm/ blob:; script-src 'self' https://live.barcap.com/BC_S/ https://www.googletagmanager.com/gtag/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://live.barcap.com/BC_S/ 'unsafe-inline' 1
default-src 'self' https://common.websvc.prod.web.it.cuyahoga.cc/ http://hhs.prod.web.it.cuyahoga.cc/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cuyahoga.hawksearch.com/ http://code.jquery.com/jquery-3.1.1.min.js http://code.jquery.com/jquery-3.5.1.min.js https://tagmanager.google.com/ https://www.googletagmanager.com/ https://lusearchapi-na.hawksearch.com/ http://lusearchapi-na.hawksearch.com/ jquery-1.9.1.min.js http://hhs.prod.web.it.cuyahoga.cc https://www.google-analytics.com https://tag.brandcdn.com/autoscript/cuyahogacountydivsradultserv_vfdwsk0wmvvheku9/Cuyahoga_County_Division_of_Senior_and_Adult_Services..js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://lusearchapi-na.hawksearch.com/ https://cuyahoga.hawksearch.com/sites/shared/icons/style.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cuyahoga.hawksearch.com/ https://lusearchapi-na.hawksearch.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com http://manage.hawksearch.com/sites/shared/images/top.png https://lusearchapi-na.hawksearch.com/ http://hhs.cuyahogacounty.us https://www.googletagmanager.com https://insight.adsrvr.org/ https://usermatch.krxd.net; media-src 'self' data: blob:; frame-src https://www.google.com https://maps.google.com/ https://www.youtube.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/maps https://maps.google.com https://platform.twitter.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: filesystem: https://code.jquery.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; img-src 'self' 'unsafe-inline' 'strict-dynamic' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'strict-dynamic' http: https: data: mediastream: https://fonts.googleapis.com; media-src *; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; prefetch-src *; base-uri *; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-downloads allow-popups-to-escape-sandbox 1
connect-src 'self' public.internetude.fr www.facebook.com *.google-analytics.com www.googleadservices.com *.cedexis.com *.cedexis-radar.net *.abtasty.com *.doubleclick.net wss://api.nirror.abtasty.com api.segment.io api-js.mixpanel.com www.google.com *.googlesyndication.com analytics.tiktok.com tr.snapchat.com maps.googleapis.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro *.kinougarde.com; frame-src 'self' *.doubleclick.net *.indeed.com tpc.googlesyndication.com *.facebook.com *.facebook.net www.youtube.com tr.snapchat.com *.tradedoubler.com www.google.com; object-src 'self'; script-src 'self' tag.kinougarde.com 'unsafe-inline' 'unsafe-eval' blob: *.google.fr *.google.com www.googletagmanager.com connect.facebook.net *.facebook.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com tpc.googlesyndication.com bat.bing.com conv.indeed.com radar.cedexis.com public.internetude.com neuvoo.ca *.doubleclick.net *.cloudfront.net s3.amazonaws.com *.appjobs.com sc-static.net cdn3.actito.com cdn.segment.com *.flagship.com cdn.heapanalytics.com cdn.mxpnl.com analytics.tiktok.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro tr.snapchat.com; style-src * 'self' 'unsafe-inline'; 1
default-src 'self' https:; frame-src * 'self' data:;  script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * data: 1
default-src 'self' https://app.powerbi.com/ http://127.0.0.1:5173/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube-nocookie.com/ https://qa.mycommunitydirectory.com.au/ https://www.mycommunitydirectory.com.au/ https://www.google.com https://maxcdn.bootstrapcdn.com https://08ffcdcdbe5649d9a6569f62408d8e7a.ap-southeast-2.aws.found.io:9243/ https://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://www.facebook.com/ https://www.google-analytics.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com/ https://cdn.jsdelivr.net/npm/ https://platform.twitter.com/ http://ajax.googleapis.com/ https://ajax.cloudflare.com https://mc.yandex.ru/ https://qa.mycommunitydirectory.com.au https://www.mycommunitydirectory.com.au https://cdn.datatables.net  https://platform-api.sharethis.com/ https://platform.twitter.com/ https://buttons-config.sharethis.com/ https://z.moatads.com https://en.wikipedia.org https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://www.google.com https://translate-pa.googleapis.com https://www.gstatic.com https://ajax.aspnetcdn.com https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://wchat.freshchat.com https://translate.googleapis.com/ https://go.communityinfo.org.au/ https://pi.pardot.com https://translate.google.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com;      style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://ajax.googleapis.com/ https://translate.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com;      img-src 'self' data: https://dev.visualwebsiteoptimizer.com/ https://mc.yandex.com/ https://classbento.com.au/images/ https://cdn.weatherapi.com/weather/ https://l.sharethis.com/ https://platform-cdn.sharethis.com/ https://www.linkedin.com https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://mc.yandex.ru/metrika/advert.gif https://www.mycommunitydirectory.com.au https://px4.ads.linkedin.com https://px4.ads.linkedin.com https://qadirectorycdn.blob.core.windows.net https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://ajax.googleapis.com https://dummyimage.com https://cdn.eventfinda.com.au https://assets.atdw-online.com.au https://cdnjs.cloudflare.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://p.adsymptotic.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.facebook.com https://mcdcdn.blob.core.windows.net https://maps.gstatic.com https://maps.googleapis.com https://fonts.gstatic.com;      connect-src 'self' https://mc.yandex.com/ https://px.ads.linkedin.com/ http://api.weatherapi.com/v1/ https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://cdn.linkedin.oribi.io https://api.communityinformationexchange.com.au https://mcdcdn.blob.core.windows.net https://api.mycommunitycentral.com https://mc.yandex.ru https://www.mycommunitydiary.com.au https://api-cie.azurewebsites.net https://qaapi.mycommunitycentral.com https://uatapi.mycommunitycentral.com https://www.mcdapi.com https://maps.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://translate.googleapis.com https://l.sharethis.com/; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2FmZjExYTY4MzEzNGZmN2I3MjBiMTM4MDdlODIxMWY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ceu.edu.ph *.googleapis.com *.google.com *.jquery.com *.jsdelivr.net *.cloudflare.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.facebook.net *.twitter.com *.fontawesome.com *.aspnetcdn.com *.youtube-nocookie.com *.bootstrapcdn.com *.ckeditor.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://donphan.social; img-src 'self' data: blob: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com; style-src 'self' https://donphan.social 'nonce-UJZMqrQqHeD1ARqLsAPduA=='; media-src 'self' data: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com; frame-src 'self' https:; manifest-src 'self' https://donphan.social; form-action 'self'; child-src 'self' blob: https://donphan.social; worker-src 'self' blob: https://donphan.social; connect-src 'self' data: blob: https://donphan.social https://pool.jortage.com/donphansocial/ https://blob.jortage.com wss://donphan.social; script-src 'self' https://donphan.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-eval'; font-src 'unsafe-inline' 'self' snackercrackercontest.com fonts.googleapis.com fonts.gstatic.com data:; style-src 'unsafe-inline' 'self' www.gstatic.com fonts.googleapis.com snackercrackercontest.com; img-src www.britannia.co.in 'self' data: w3.org/svg/2000 snackercrackercontest.com; media-src www.britannia.co.in 'self'; connect-src *; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.gstatic.com code.jquery.com cdnjs.cloudflare.com snackercrackercontest.com cdn.jsdelivr.net; frame-src www.youtube.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;frame-src https:;object-src 'none';font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://bs.nakanohito.jp https://analytics.google.com https://www.google-analytics.com https://assets.withdesk.com https://stats.g.doubleclick.net https://ch.zucks.net https://www.google.co.jp https://audiencedata.im-apps.net https://lake.karakuri.ai https://analytics.karakuri.ai https://*.karte.io;media-src 'self'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://varna-airport.bg/bg/report-uri/enforce 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://udongein.xyz wss://udongein.xyz https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src * 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * data: 1
default-src 'self'; frame-src 'self' https://newassets.hcaptcha.com; connect-src 'self' https://api.addsearch.com https://flowcrypt.s3.amazonaws.com; script-src 'self' https://hcaptcha.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self' data:; object-src 'none'; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline'; script-src 'self' translate.google.com *.messagebird.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js-na1.hs-scripts.com *.datatables.net *.clarity.ms maps.google.com player.vimeo.com *.googleapis.com www.google.com.co monmark.bancow.com.co secure.adnxs.com *.doubleclick.net connect.facebook.net *.atento.com.co www.googleadservices.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://yoast.com https://forms.hscollectedforms.net  translate.googleapis.com pagead2.googlesyndication.com www.google.com.co *.messagebird.com bancow.com.co *.clarity.ms maps.googleapis.com *.google.com www.facebook.com www.google-analytics.com api.ipify.org *.doubleclick.net monmark.bancow.com.co 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://forms.hsforms.com https://track.hubspot.com s.w.org c.bing.com *.bancow.com.co *.doubleclick.net *.googleapis.com *.gstatic.com 'unsafe-inline' *.facebook.com *.google.com.co *.google.com *.clarity.ms *.google-analytics.com data: image/*; frame-src 'self' *.messagebird.com *.doubleclick.net bancow.smartdataautomation.com *.youtube.com *.doubleclick.net *.vimeo.com botw.formiik.com *.google.com *.atento.com.co ruth-bot-web-production.azurewebsites.net *.facebook.com; style-src 'self' *.gstatic.com *.googleapis.com *.cloudflare.com cdn.jsdelivr.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; worker-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: 1
frame-ancestors 'self' communico.co *.communico.co communico.tv libnet.info *.libnet.info pgcmls.info; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self' https://*.facebook.com https://*.ups.com, frame-ancestors 'self' https://*.facebook.com https://*.ups.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://h4.io; img-src 'self' https: data: blob: https://h4.io; style-src 'self' https://h4.io 'nonce-twgsjXmvmGAYSYV7R4Pzrg=='; media-src 'self' https: data: https://h4.io; frame-src 'self' https:; manifest-src 'self' https://h4.io; form-action 'self'; child-src 'self' blob: https://h4.io; worker-src 'self' blob: https://h4.io; connect-src 'self' data: blob: https://h4.io https://cdn.h4.io wss://h4.io; script-src 'self' https://h4.io 'wasm-unsafe-eval' 1
script-src: 'self'  unsafe-inline 1
report-uri //report-it 1
frame-ancestors 'lfconnect.com' 'halo.fitness'; 1
default-src 'self' ws: wss: data: https://ecom.payex.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ecom.payex.com https://cdn.jsdelivr.net *.inviewer.se https://maps.googleapis.com https://optimize.google.com https://www.google-analytics.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net *.episerver.net *.bing.com *.virtualearth.net *.googletagmanager.com translate.googleapis.com translate.google.com *.google-analytics.com tracking.emerse.com optimize.google.com storage.googleapis.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ *.snapengage.com *.cookiebot.com https://js.monitor.azure.com *.leadoo.com *.googlesyndication.com https://www.google.com https://static.mediaflowpro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://embed.typeform.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://panelista.com https://js.hsforms.net https://forms.hsforms.com *.hs-scripts.com;style-src 'self' 'unsafe-inline' https://static.mediaflowpro.com https://optimize.google.com https://fonts.googleapis.com *.episerver.net *.bing.com translate.googleapis.com *.leadoo.com;img-src 'self' data: http: https: https://optimize.google.com https://www.google-analytics.com https://storage.googleapis.com/code.snapengage.com/ *.snapengage.com *.cookiebot.com *.leadoo.com *.googlesyndication.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;media-src 'self' *.snapengage.com *.cookiebot.com *.leadoo.com *.googlesyndication.com https://www.google.com;frame-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://ecom.payex.com *.fls.doubleclick.net cdn.emerse.com *.snapengage.com *.cookiebot.com *.leadoo.com https://www.google.com *.googlesyndication.com web103.reachmee.com *.facebook.com *.soundcloud.com https://app.emarketeer.com https://www.youtube.com https://outlook.office365.com https://form.typeform.com https://panelista.com https://www.videoask.com cm.familjensjurist.se;font-src 'self' data: https://static.mediaflowpro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com *.leadoo.com;connect-src 'self' *.snapengage.com *.cookiebot.com *.leadoo.com *.googlesyndication.com https://www.google.com *.facebook.com https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net *.doubleclick.net https://translate.googleapis.com translate.googleapis.com *.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ecom.payex.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com;child-src 'self' w.soundcloud.com *.payex.com *.powerbi.com *.vimeo.com *.youtube.com *.facebook.com cdn.emerse.com *.doubleclick.net *.leadoo.com https: blob:;worker-src 'self' https: blob: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.gravatar.com *.ladesk.com *.addthis.com *.addthisedge.com *.addtoany.com *.cloudflare.com  *.doubleclick.net  *.facebook.com  *.facebook.net   *.gravatar.com *.gstatic.com  *.google.ca  *.google.com  *.googleadservices.com *.googleapis.com  *.googletagmanager.com *.google-analytics.com *.moatads.com *.youtube.com *.youtube-nocookie.com *.inforoutefpt.org inforoutefpt.org *.ifpt.org cdn.forms-content.sg-form.com 1
frame-ancestors https://ccccoursemanager.concept4hosting.co.uk https://www.capitalccg.ac.uk/ 1
default-src 'self'  'unsafe-inline'  cdn.iubenda.com fonts.gstatic.com secure.gravatar.com https://cdn.iubenda.com maps.googleapis.com www.google-analytics.com hits-i.iubenda.com  region1.analytics.google.com www.digicatapult.org.uk analytics.google.com stats.g.doubleclick.net *.google.com region1.google-analytics.com *.youtube.com *.hotjar.io  *.hotjar.com wss://ws.hotjar.com www.google.co.uk digitalcatapult.my.salesforce-sites.com *.doubleclick.net; font-src data: fonts.gstatic.com www.digicatapult.org.uk; img-src 'self' data: secure.gravatar.com  dev-digital-catapult.pantheonsite.io maps.gstatic.com maps.googleapis.com www.google.co.uk  i.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com; script-src-elem 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'unsafe-inline' static.hotjar.com www.googletagmanager.com www.digicatapult.org.uk fonts.googleapis.com cdn-images.mailchimp.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' c.lytics.io *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org cdn.segment.com *.doubleclick.net connect.facebook.net pghub.io c.lytics.io cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net feed.pghub.io consumersupport.pg.com *.jebbit.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io *.mapbox.com *.pricespider.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.analytics.google.com cdn.cookielaw.org match.adsrvr.org *.segment.com *.segment.io *.doubleclick.net *.mapbox.com *.algolia.net *.algolianet.com *.pricespider.com *.pgapi.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nitrocdn.com *.play.ht play.ht *.techvalidate.com *.wistia.com *.realproof.io *.livechatinc.com *.listenlayer.com collect.listenlayer.com *.bing.com *.callrail.com *.pardot.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com *.licdn.com scatec.io *.clickcease.com *.zoominfo.com *.googlesyndication.com info.datavail.com *.ampproject.org ajax.cloudflare.com *.cloudflareinsights.com fast.wistia.net; script-src-elem 'self' 'unsafe-inline' blob: nitroscripts.com *.nitrocdn.com yoast.com *.play.ht play.ht *.techvalidate.com *.cloudfront.net *.wistia.com *.realproof.io *.livechatinc.com *.listenlayer.com collect.listenlayer.com *.bing.com *.callrail.com *.pardot.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com fonts.googleapis.com *.doubleclick.net *.linkedin.com *.licdn.com scatec.io *.clickcease.com *.zoominfo.com *.firebaseio.com *.ampproject.org *.googlesyndication.com info.datavail.com *.parmonic.ai *.bootstrapcdn.com *.helpscout.net *.google.com connect.facebook.net cdnjs.cloudflare.com fast.wistia.net; style-src 'self' 'unsafe-inline' *.nitrocdn.com *.play.ht play.ht *.wistia.com *.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.nitrocdn.com *.play.ht play.ht *.googleapis.com *.ampproject.org *.googletagmanager.com *.cloudflare.com; img-src 'self' data: *.nitrocdn.com *.parmonic.ai *.play.ht play.ht *.doubleclick.net *.akamaihd.net *.wistia.com *.gravatar.com *.linkedin.com *.bing.com *.google.com scatec.io *.google-analytics.com *.googletagmanager.com *.googleapis.com; font-src 'self' data: *.nitrocdn.com *.gstatic.com cdn.livechatinc.com *.wistia.com *.jsdelivr.net *.alicdn.com cdnjs.cloudflare.com *.typekit.net; connect-src 'self' data: blob: ai.elegantthemes.com nitropack.io *.nitrocdn.com *.getnitropack.com *.yoast.com *.cloudflarestream.com *.parmonic.ai *.play.ht play.ht *.litix.io yoast.com *.zoominfo.com *.akamaihd.net *.wistia.com *.livechatinc.com *.linkedin.com *.licdn.com *.cloudflare.com *.bing.com *.google.com *.amazonaws.com *.doubleclick.net *.listenlayer.com collect.listenlayer.com *.callrail.com *.realproof.io *.getrealproof.com scatec.io *.google-analytics.com cdn.linkedin.oribi.io monitor.clickcease.com bat.bing.com *.googletagmanager.com analytics.google.com *.cloudflareinsights.com; media-src 'self' *.nitrocdn.com blob: cdn.livechatinc.com *.googleapis.com *.play.ht play.ht *.akamaihd.net *.wistia.com; object-src 'self' *.nitrocdn.com *.akamaihd.net; child-src 'self'; frame-src 'self' *.nitrocdn.com *.play.ht play.ht *.techvalidate.com *.amazonaws.com *.wistia.com *.livechatinc.com info.datavail.com *.firebaseio.com *.doubleclick.net *.googletagmanager.com *.googlesyndication.com wp-rocket.me fast.wistia.net; worker-src 'self' blob: *.wistia.com; form-action 'self' 1
default-src 'self'; img-src * data: https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ alpha.bsp-auto.com www.bsp-auto.com https://discover.ulysse.com; media-src 'self' https://beacon-v2.helpscout.net; object-src https://beacon-v2.helpscout.net; base-uri https://docs.helpscout.net; style-src 'self' 'unsafe-inline' https://p.typekit.net https://beacon-v2.helpscout.net https://fonts.googleapis.com https://fonts.gstatic.com https://discover.ulysse.com https://storage.googleapis.com/anpan/; font-src 'self' https://use.typekit.net https://beacon-v2.helpscout.net https://fonts.googleapis.com https://fonts.gstatic.com https://discover.ulysse.com; script-src 'self' blob: 'unsafe-inline' https://cdn.checkout.com/js/framesv2.min.js https://cdn.rudderlabs.com/v1/rudder-analytics.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://connect.facebook.net https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://static.hotjar.com https://script.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://analytics.tiktok.com https://*.affilae.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://sdk.joinsherpa.io/widget.js https://discover.ulysse.com https://storage.googleapis.com/anpan/ https://plausible.io/; connect-src 'self' wss://homer.ulysse.com/socket/ https://homer.ulysse.com/socket/longpoll https://ulysse-tooling-api.herokuapp.com/api/ https://bretzel.fly.dev/ https://homer.ulysse.com https://ulysselanoa.dataplane.rudderstack.com https://sothis.ulysse.com https://elytics.ulysse.com https://labs.ulysse.com https://js.checkout.com/framesv2/ https://o83312.ingest.sentry.io https://meili.ulysse.travel https://api.rudderlabs.com https://vitals.vercel-insights.com https://plausible.io/api/ wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.affilae.com https://analytics.tiktok.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com https://*.mapbox.com https://discover.ulysse.com; frame-src https://js.checkout.com https://widget.trustpilot.com https://vars.hotjar.com https://bid.g.doubleclick.net https://beacon-v2.helpscout.net https://apps.joinsherpa.io https://sherpa-widget.joinsherpa.io https://discover.ulysse.com https://ulysse.com; frame-ancestors 'self' 1
img-src https: data: android-webview-video-poster: ; report-uri https://www.kochform.de/csp_transmitterd2000.php 1
frame-ancestors 'self' https://cdn.anglingactive.co.uk; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https://tests.services.druide https://services-tests-tmp.druide.com https://services.druide.com https://www.gravatar.com https://*.googleusercontent.com  https://googleusercontent.com https://*.fbcdn.net https://fbcdn.net https://*.fbsbx.com https://fbsbx.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; connect-src 'self' wss://antidote.app/correcteur/corrigerWS2; object-src 'none'; child-src 'none'; media-src 'self'; manifest-src 'self'; worker-src 'none'; form-action 'none'; upgrade-insecure-requests;report-to 'csp-reports';report-uri /__rapport_csp__ 1
frame-ancestors 'self' ecolo.me staging.ecolo.be piwik.ecolo.be; 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-MRF4RC7C3x5Q2o4DGS9big==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
frame-ancestors 'self' https://*.facebook.com/; frame-src 'self' carbon.theultimatesink.de www.google.com www.youtube-nocookie.com player.vimeo.com snapwidget.com calendly.com connect.guidecom.de; default-src 'self' *.doofinder.com carbon.theultimatesink.de data: 'unsafe-inline' 'unsafe-eval' blob: *.schock.de cart.theultimatesink.de *.googleapis.com *.gstatic.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net www.google.com connect.facebook.net www.facebook.com www.google.de www.googleadservices.com googleads.g.doubleclick.net i.vimeocdn.com img.youtube.com i.ytimg.com www.youtube.com www.gstatic.com cx.atdmt.com www.google.ie cdn.cookielaw.org s.ytimg.com www.youtube-nocookie.com noembed.com cdn.plyr.io vimeo.com code.jquery.com cdnjs.cloudflare.com snapwidget.com privacyportal-eu.onetrust.com assets.calendly.com unpkg.com https://api.friendlycaptcha.com dntfctn.com plausible.io 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' wss: https: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' ; img-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; font-src 'self'; 1
object-src 'none'; frame-ancestors *; report-uri https://nutrilak.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src *; img-src * data:; script-src 'self' 'unsafe-inline' https://js-agent.newrelic.com https://cdn.jsdelivr.net https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://org-75a96c51-2e13-4f44-83ad-766ac2cc2358.salsalabs.org https://default.salsalabs.org https://static.wepay.com https://cdn.siftscience.com https://doublethedonation.com cdn.jsdelivr.net https://cdn.datatables.net https://cdnjs.cloudflare.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://code.jquery.com https://doublethedonation.com https://default.salsalabs.org https://fonts.googleapis.com/ cdn.jsdelivr.net https://cdn.datatables.net https://use.fontawesome.com; frame-ancestors 'self'; report-uri https://www.ecocenter.org/report-uri/enforce 1
default-src 'self' www-tmp-cms.thepalaces.com portal3-cms.thepalaces.com www.thepalaces.com ps.thepalaces.com www-cms.thepalaces.com fonts.gstatic.com google.com google.ca www.google-analytics.com *.worldpay.com *.ladesk.com services.postcodeanywhere.co.uk player.vimeo.com vod-progressive.akamaized.net stats.g.doubleclick.net www.google.com www.google.ca googleads.g.doubleclick.net; img-src 'self' * www-cms-tmp.bingoeireann.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' palac11115.pcapredict.com payments.worldpay.com cdnjs.cloudflare.com www.google-analytics.com *.ladesk.com services.postcodeanywhere.co.uk www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com payments.worldpay.com services.postcodeanywhere.co.uk; 1
default-src 'self' data: https://st.yandexadexchange.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.yandex.ru https://yandex.ru https://yastatic.net https://vk.com googleads.g.doubleclick.net pagead2.googlesyndication.com vk.com *.yandex.ru yandex.ru *.yandex.kz *.yandex.ua *.google-analytics.com yandexadexchange.net *.yandexadexchange.net *.gstatic.com yastatic.net https://kraken.rambler.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yandex.ru https://mc.yandex.ru https://pagead2.googlesyndication.com https://*.google-analytics.com pagead2.googlesyndication.com counter.yadro.ru vk.com yandex.ru yandex.ua yandex.kz *.yandex.ru *.yandex.ua *.yandex.kz *.top.mail.ru *.rambler.ru *.google-analytics.com yastatic.net *.gstatic.com *.googletagmanager.com  st.top100.ru; style-src 'self' 'unsafe-inline'  *.gstatic.com; img-src 'self' data: https://*.yandex.ru https://*.yandex.net yastatic.net *.yandex.ru *.yandex.ua *.yandex.kz counter.yadro.ru *.yandex.net vk.com *.mail.ru *.rambler.ru *.google.ru *.google-analytics.com pagead2.googlesyndication.com *.admitad.com *.gstatic.com; child-src 'self' data: vk.com yandexadexchange.net *.yandexadexchange.net *.yandex.ru *.yandex.ua *.yandex.kz googleads.g.doubleclick.net yastatic.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src *.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com fonts.googleapis.com *.googleapis.com *.google.com *.youtube.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.buddhateas.com *.goldenskytea.com *.twitter.com *.google.com *.youtube.com *.googleapis.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com *.addthis.com *.facebook.com *.twitter.com *.meetanshi.com https://plumrocket.com https://accounts.google.com *.buddhateas.com *.goldenskytea.com *.google.com *.googleapis.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthisedge.com *.twitter.com *.meetanshi.com *.buddhateas.com *.goldenskytea.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com *.googleapis.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.instagram.com *.facebook.com *.cdninstagram.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.arcgis.com *.destini.co maxmind.destinilocators.com cdn.destinilocators.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.meetanshi.com *.tapfiliate.com https://accounts.google.com https://www.gstatic.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.googleapis.com *.myfontastic.com *.bootstrapcdn.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co frstre.com *.frstre.com *.facebook.com unpkg.com *.elfsight.com *.typeform.com *.jsdelivr.net *.klaviyo.com lets.shop *.destini.co *.arcgis.com maxmind.destinilocators.com cdn.destinilocators.com *.ggpht.com *.googleusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com https://accounts.google.com https://www.gstatic.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com fonts.googleapis.com *.myfontastic.com *.bootstrapcdn.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.klaviyo.com *.elfsight.com *.typeform.com *.jsdelivr.net lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com hlc7l6v5w6.execute-api.us-west-2.amazonaws.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com https://accounts.google.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com *.googleapis.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com hlc7l6v5w6.execute-api.us-west-2.amazonaws.com di.rlcdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-540eb6eb8e5e50cbb4b8fabbd269e15a'; 1
font-src fonts.gstatic.com *.fontawesome.com https://api.systempay.fr/static/ https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.avosdim.local www.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.facebook.com ct.pinterest.com secure-gateway.hipay-tpp.com *.hipay.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io 'self' data: blob: *.avosdim.com avosdim.com avosdim.local bo.avosdim.local http://dam.avosdim-web-staging.local www.facebook.com bat.bing.com img.youtube.com ct.pinterest.com www.google.fr files.smartsuppcdn.com widget-v2.smartsuppcdn.com twemoji.maxcdn.com axeptio.imgix.net favicons.axept.io *.gstatic.com *.viamichelin.com *.zopim.io avosdim1060.zendesk.com *.googleusercontent.com *.zdusercontent.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avosdim.com avosdim.local v2.zopim.com chimpstatic.com static.zdassets.com connect.facebook.net bat.bing.com www.clarity.ms *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com s.pinimg.com www.google.com *.viamichelin.com libs.hipay.com secure-gateway.hipay-tpp.com static.axept.io mpsnare.iesnare.com js-agent.newrelic.com downloads.mailchimp.com *.list-manage.com *.hipay.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.avosdim.com avosdim.local *.viamichelin.com fonts.googleapis.com maxcdn.bootstrapcdn.com downloads.mailchimp.com *.fontawesome.com *.hipay.com https://api.systempay.fr/static/ *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com static.zdassets.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com 'self' data: stats.g.doubleclick.net ekr.zdassets.com *.zopim.com wss://widget-mediator.zopim.com region1.analytics.google.com *.clarity.ms *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com/ wss://websocket-visitors.smartsupp.com ct.pinterest.com api-preprod.avosdim.com bat.bing.com *.google.fr *.facebook.com api-adresse.data.gouv.fr api.avosdim.com avosdim1060.zendesk.com *.axept.io *.avosdim.com http://dam.avosdim-web-staging.local ec.europa.eu www.xtento.com bam.nr-data.net *.hipay.com wss://mpsnare.iesnare.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' gestionandote.com www.gestionandote.com software.gestionandote.com francecentral-1.in.applicationinsights.azure.com www.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com ajax.googleapis.com font.googleapis.com gestionandote.com www.gestionandote.com software.gestionandote.com js.monitor.azure.com francecentral-1.in.applicationinsights.azure.com//v2/track; style-src 'self' 'unsafe-inline' gestionandote.com www.gestionandote.com software.gestionandote.com fonts.googleapis.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com gestionandote.com www.gestionandote.com software.gestionandote.com; frame-ancestors 'self'; form-action 'self'; frame-src 'self' youtube.com www.youtube.com *.google.com *.vimeo.com; img-src 'self' www.gestionandote.com gestionandote.com software.gestionandote.com *.google-analytics.com data: w3.org/svg/2000 ajax.googleapis.com; 1
default-src 'self' cdn.go-transcribe.com transcribe.blob.core.windows.net www.google-analytics.com *.in.applicationinsights.azure.com googleads.g.doubleclick.net *.services.visualstudio.com; style-src 'self' 'unsafe-inline' cdn.go-transcribe.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com *.vo.msecnd.net www.googleadservices.com googleads.g.doubleclick.net *.services.visualstudio.com; img-src 'self' data: cdn.go-transcribe.com www.google-analytics.com; font-src 'self' cdn.go-transcribe.com fonts.gstatic.com; form-action 'self'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://preciogas.com/report-uri/enforce 1
default-src 'self' * data: blob: https: *.vpnmentor.com vpnmentor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.googleapis.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hhtpp.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: vpnmentor.com *.vpnmentor.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blog: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
frame-ancestors 'self' https://infortisa.com https://nueva.infortisa.com; 1
frame-ancestors https://*.emarsys.net https://*.emarsys.com https://nutriversum.com https://*.nutriversum.com/ 1
frame-ancestors 'none'; block-all-mixed-content 1
object-src 'self' *; 1
default-src 'self' cdnjs.cloudflare.com api.brightedge.com dev-iis-app-01.careoregon.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/jQuery-Flip/1.1.2/jquery.flip.min.js https://unpkg.com/ www.googletagmanager.com https://unpkg.co https://unpkg.com https://cdnjs.cloudflare.com/ajax/libs/ platform.eventscalendar.co s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://cdn.bc0a.com/autopilot/f00000000189145/autopilot_sdk.js https://d3js.org/d3.v7.min.js https://wsmcdn.audioeye.com/aem.js https://wsv3cdn.audioeye.com https://player.vimeo.com/api/player.js https://translate.google.com careoregon.us10.list-manage.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com cdnjs.cloudflare.com use.typekit.net google.com p.typekit.net https://cdn-images.mailchimp.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net google.com p.typekit.net; img-src 'self' careoregon.org *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com use.typekit.net google.com p.typekit.net https://www.google.com/images/cleardot.gif www.jacksoncareconnect.org jacksoncareconnect.org www.colpachealth.org colpachealth.org www.careoregondental.org careoregondental.org www.careoregonadvantage.org careoregon.org www.careoregon.org googletagmanager.com; media-src 'self' data: blob: youtube.com vimeo.com *.youtube.com *.vimeo.com vimeo.com youtube.com *.vimeo.com *.youtube.com download-video.akamaized.net cdn.bfldr.com; frame-src 'self' *.careoregon.org careoregon.org vimeo.com *.vimeo.com youtube.com *.youtube.com intranet.careoregon.org doubleclick.net *.doubleclick.net inffuse-calendar2.appspot.com/ player.vimeo.com/ http://intranet.careoregon.org/departments/BMC/brand-guide/Pages/default.aspx https://forms.office.com/ https://forms.microsoft.com/ https://wsv3cdn.audioeye.com/ dev-iis-app-01.careoregon.org google.com; frame-ancestors 'self' *.careoregon.org careoregon.org http://intranet.careoregon.org/departments/BMC/brand-guide/Pages/default.aspx intranet.careoregon.org/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com www.google.com https://*.careoregon.org *.doubleclick.net intranet.careoregon.org; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.googleapis.com *.doubleclick.net intranet.careoregon.org stats.g.doubleclick.net *.b0e8.com *.bc0a.com https://analytics.audioeye.com; 1
script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://i.ytimg.com https://imgsct.cookiebot.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com; font-src 'self' data: https://script.hotjar.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://usocial.pro; script-src 'self' 'unsafe-inline' https://yandex.ru https://mc.yandex.ru https://mc.yandex.com https://an.yandex.ru https://yastatic.net https://cdn.ampproject.org https://www.googletagmanager.com https://cdn.ampproject.org https://usocial.pro https://cdn.jsdelivr.net https://informer.yandex.ru; img-src 'self' https://macropod.ru https://yandex.ru https://informer.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://avatars.mds.yandex.net https://favicon.yandex.net https://analytics.google.com https://www.google.ru https://www.google.be data:; connect-src 'self' https://yandex.ru https://an.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com; child-src blob: https://novvedomosti.com/pwa.js https://mc.yandex.ru https://mc.yandex.com; frame-src blob: https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://www.youtube.com https://vk.com; worker-src 'self' https://novvedomosti.com/pwa.js; font-src 'self' https://yastatic.net https://usocial.pro 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.com https://webvisor.com https://*.webvisor.com https://*.telegram.org 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline';  font-src 'self' https: 'unsafe-eval' 'unsafe-inline';  frame-src 'self' https: 'unsafe-eval' 'unsafe-inline';  img-src 'self' https: 'unsafe-eval' 'unsafe-inline';  manifest-src 'self' https: 'unsafe-eval' 'unsafe-inline';  media-src 'self' https: 'unsafe-eval' 'unsafe-inline';  script-src 'self' https: 'unsafe-eval' 'unsafe-inline';  style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-q6tiJQmWmNTEV5eIaE_bfQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' google.com 1
frame-ancestors 'self' https://flexcard.cards; 1
img-src www.topbuild.com cdnjs.cloudflare.com qmod.quotemedia.com app.quotemedia.com browser-update.org www.google-analytics.com google-analytics.com d1io3yog0oux5.cloudfront.net ir.stockpr.com *.equisolve.net hcaptcha.com 'nonce-5e6b6d6da3486f8b0cee7fc8a16be2034660ad95ab761cdc46a4f55e20eb11da' d1io3yog0oux5.cloudfront.net *.globenewswire.com; script-src www.topbuild.com cdnjs.cloudflare.com qmod.quotemedia.com app.quotemedia.com browser-update.org www.google-analytics.com google-analytics.com d1io3yog0oux5.cloudfront.net ir.stockpr.com *.equisolve.net hcaptcha.com 'nonce-5e6b6d6da3486f8b0cee7fc8a16be2034660ad95ab761cdc46a4f55e20eb11da' d1io3yog0oux5.cloudfront.net 1
"frame-ancestors 'self' https://www.perugina.com;" 1
default-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org 'nonce-fa3d6ffeb0cd51f9de94be5cb0be3435' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net ; connect-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com ; frame-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com ; frame-ancestors 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.whipsnadezoo.org https://cms.whipsnadezoo.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk ; upgrade-insecure-requests; 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.youtube.com https://player.vimeo.com https://play.soundsgood.co https://w.soundcloud.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com blob: data:; connect-src 'self' https://www.youtube.com https://*.google.nl https://*.pangle-ads.com https://connect.facebook.net https://www.google.be https://*.tiktok.com https://*.googlesyndication.com https://*.bing.com https://*.mux.com https://adservice.google.com https://*.google.com https://*.google.com https://region1.google-analytics.com https://www.facebook.com https://yoast.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.youtube.com https://player.vimeo.com https://play.soundsgood.co https://w.soundcloud.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com; child-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.youtube.com https://player.vimeo.com https://play.soundsgood.co https://w.soundcloud.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com https://*.googlesyndication.com https://*.doubleclick.net https://www.instagram.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://analytics.tiktok.com https://*.tiktok.com https://*.bing.com  https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://www.instagram.com https://www.googleadservices.com https://connect.facebook.net https://connect.facebook.net https://analytics-eu.clickdimensions.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://code.jquery.com https://fonts.googleapis.com https://cloud.typenetwork.com https://hello.myfonts.net; font-src 'self' https://*.typenetwork.com https://use.typekit.net https://fonts.gstatic.com https://*.typenetwork.com https://use.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://*.list-manage.com https://www.facebook.com https://*.list-manage.com https://www.facebook.com; frame-ancestors 'self' ; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-dnBmeHpBcjZtZDgzV3I1Q1dqazZHMHpPeWlycmthM3VnQUJNa3MwNlNUVT06emZLcHBtYW8zNGgySGV3bE1WMERiem41bmttRjFOV0E2eThDNVAxUmZrYz0=' framasoft.org blob:;style-src 'self' framasoft.org 'unsafe-inline';img-src 'self' data: blob: framasoft.org framablog.org contact.framasoft.org https://*.tile.openstreetmap.org;font-src 'self' data: framasoft.org;connect-src 'self' contact.framasoft.org status.framasoft.org framasoft.org blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self' data:;child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.metagellan.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com ajax.googleapis.com *.googlecode.com *.msecnd.net https://stats.g.doubleclick.net cdnjs.cloudflare.com *.facebook.net *.facebook.com *.bootstrapcdn.com cdn.datatables.net *.tiny.cloud https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.stripe.com *.applicationinsights.azure.com js-eu1.hsforms.net forms-eu1.hsforms.com js-eu1.hscta.net *.hubspot.com cdn.jsdelivr.net;object-src 'none';style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com *.metagellan.com cdnjs.cloudflare.com cdn.tiny.cloud cdn.datatables.net cdn.jsdelivr.net;img-src * data: blob: https://ipfs.io;media-src 'self' blob: *.colleconline.com;frame-src 'self' *.colleconline.com *.metagellan.com *.facebook.net *.facebook.com www.google.com *.stripe.com www.youtube.com forms-eu1.hsforms.com *.bootstrapcdn.com;font-src 'self' *.gstatic.com cdnjs.cloudflare.com;connect-src 'self' blob: *.colleconline.com *.metagellan.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.analytics.google.com *.facebook.net *.facebook.com *.tiny.cloud https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.applicationinsights.azure.com *.stripe.com js-eu1.hsforms.net forms-eu1.hsforms.com *.hubspot.com *.decentraland.org;base-uri 'self';form-action 'self' *.facebook.net *.facebook.com forms-eu1.hsforms.com *.stripe.com;frame-ancestors 'none';manifest-src 'self';worker-src 'self' blob: 1
frame-ancestors 'self' quote.insureandgo.com.au *.insureandgo.com *.insureandgo.com.au *.yieldify.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://*.doubleclick.net https://www.google.com https://cdnjs.cloudflare.com https://script.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://cookiepro.blob.core.windows.net https://code.jquery.com https://cookie-cdn.cookiepro.com https://unpkg.com/friendly-challenge@0.9.4/ https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cookiepro.blob.core.windows.net https://cookie-cdn.cookiepro.com https://www.youtube-nocookie.com; font-src 'self' data: http://localhost:60281; img-src 'self' data: blob: https://*; frame-src 'self' https://www.oeticket.com https://shop.palazzo.org https://palazzo.palboo.de http://palazzo.palboo.de http://palazzo-dinnershow.tickettoaster.de https://palazzo-dinnershow.tickettoaster.de https://www.eventim.nl https://www.eventim.de https://www.palboo.de http://pal-palboo1.wavecloud.de https://www.google.com https://www.sofortueberweisung.de https://checkout.wirecard.com/ https://www.googletagmanager.com https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://www.sofort.com/ https://bid.g.doubleclick.net/ https://drive.google.com/ https://www.youtube-nocookie.com; media-src 'self'; connect-src 'self' https://*.google-analytics.com/ https://sample-api-v2.crazyegg.com/ https://tracking.crazyegg.com/ https://api.friendlycaptcha.com/api/v1/ https://cookie-cdn.cookiepro.com https://www.youtube-nocookie.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mail.ru vk.com *.vk.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com; object-src 'self' *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com; img-src * 'self' data:; child-src 'self' vk.com *.vk.com www.youtube.com *.google.com; frame-src 'self' ok.ru vk.com *.vk.com www.youtube.com *.google.com; font-src 'self' data: *.gstatic.com; connect-src 'self' *.mail.ru *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com wss://toptracker.ru; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 1
image-src 'self' /public/ aviorair.com comunicaciones.avior.com.ve http: https: data: blob: 'unsafe-inline' 1
frame-ancestors 'self' https://zab.pasanja.xyz/ 1
default-src 'self' 'unsafe-inline' data: blob: *.gov.sg *.google.com *.googleapis.com *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net *.onemap.sg *.demdex.net va.ecitizen.gov.sg assets.adobedtm.com cm.everesttech.net *.gstatic.com www2.enets.sg http://localhost:18777; object-src 'none'; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'nonce-mc+5YKboKOKk60o5AbFClA=='; style-src 'self' 'unsafe-inline'; connect-src 'self' https: 1
default-src 'self'; script-src 'self' *.wistia.com *.wistia.net https://*.hcaptcha.com/ https://hcaptcha.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://www.kialo.com/ *.googletagmanager.com *.google-analytics.com 'nonce-b2a7615bc72f689a4e47419819ada78a2b4b499f837c854d232fb95b6818942b'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com/ https://hcaptcha.com/ https://www.kialo.com/; connect-src 'self' https://app.getsentry.com/ *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net/ https://*.hcaptcha.com/ https://hcaptcha.com/ https://syndication.twitter.com/ wss://www.kialo.com/ *.googletagmanager.com *.google-analytics.com; img-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://www.kialo.com https://syndication.twitter.com/ https://web.facebook.com/ https://www.facebook.com/ https://www.kialo.com/ *.googletagmanager.com *.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com *.wistia.com; child-src 'self' blob: https://*.hcaptcha.com/ https://hcaptcha.com/ *.wistia.com *.wistia.net https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://platform.twitter.com/ https://syndication.twitter.com/; frame-src 'self' blob: https://*.hcaptcha.com/ https://hcaptcha.com/ *.wistia.com *.wistia.net https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://platform.twitter.com/ https://syndication.twitter.com/; media-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net; object-src https://embedwistia-a.akamaihd.net; manifest-src 'self' https://www.kialo.com/; report-uri https://www.kialo.com/api/v1/cspreport; report-to default 1
default-src 'self'; img-src 'self' data: https://track.hubspot.com https://forms.hsforms.com https://maps.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline' https://subscriptions.summitpartners.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://extend.vimeocdn.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/collectedforms.js https://maps.gstatic.com https://maps.googleapis.com https://platform.twitter.com https://platform.linkedin.com; connect-src 'self' https://cookie-cdn.cookiepro.com https://forms.hscollectedforms.net https://www.google-analytics.com https://maps.googleapis.com https://www.google.com; frame-ancestors 'self'; frame-src 'self' https://maps.google.com https://player.vimeo.com https://www.googletagmanager.com https://platform.twitter.com https://www.google.com; 1
default-src * data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors * 1
default-src * data: 'self';     style-src * 'unsafe-inline';     script-src * blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://tickets.fmf.md;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com google.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com cdn.ondicomdigital.com www.cbresi.com.au 4779995.fls.doubleclick.net td.doubleclick.net 6325436.fls.doubleclick.net stats.g.doubleclick.net ;      object-src 'none';      frame-ancestors 'self' www.cbresi.com.au ajax.googleapis.com www.googletagmanager.com cdn.ondicomdigital.com maps.googleapis.com www.google-analytics.com;      base-uri 'self';       script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com ajax.googleapis.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com;          script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.cbreresidentialprojects.com.au player.vimeo.com ajax.aspnetcdn.com s7.addthis.com img.en25.com googleads.g.doubleclick.net cdn.cbresi.com.au www.google.com www.gstatic.com connect.facebook.net cdn.ondicomdigital.com ajax.googleapis.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com; img-src * 'self' data: https:; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://framer.com https://*.beta.framer.com https://sites.framer.com; report-uri https://sentry.io/api/2963040/security/?sentry_key=05dcfd8152434a7385d322f28af36f66 1
frame-ancestors https://awards.ratingruneta.ru 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.dmca.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.jivo.ru https://*.jivosite.com https://cdn.jsdelivr.net https://fonts.googleapis.com wss://*.jivosite.com; img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.dmca.com https://*.google-analytics.com https://*.jivo.ru https://*.jivosite.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-sbWqbWR1xnaBDqY9g3hb+hGW' *.cookielaw.org consentag.eu sahpsantaswebsiteliveuks.blob.core.windows.net *.googletagmanager.com cdn.ctnsnet.com *.google.com sdk.joinsherpa.io c0.adalyser.com *.yieldify.com connect.facebook.net www.dwin1.com ict.infinity-tracking.net cdn.livechatinc.com collector-8405.tvsquared.com d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com ads.avocet.io bat.bing.com api.livechatinc.com ads.avct.cloud custom.yieldify.com cdnhpsantaswebsiteliveuks.azureedge.net *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.abtasty.com *.yieldify.com 'unsafe-inline' blob: *.abtasty.com try.abtasty.com i.ctnsnet.com cdn.ctnsnet.com consentag.eu; style-src 'self' *.typography.com data: 'unsafe-inline' *.craftedbeta.co.uk sahpsantaswebsiteliveuks.blob.core.windows.net cdnhpsantaswebsiteliveuks.azureedge.net *.googleapis.com try.abtasty.com *.abtasty.com; img-src 'self' data: *.google.co.uk *.google.com *.google-analytics.com *.gstatic.com *.youtube.com *.umbraco.com *.vimeocdn.com res.cloudinary.com cdn.cookielaw.org secure.adnxs.com bat.bing.com collector-8405.tvsquared.com pixel.mediaiqdigital.com x.bidswitch.net jadserve.postrelease.com *.facebook.com *.doubleclick.net sync.go.sonobi.com us-u.openx.net simage2.pubmatic.com e1.emxdgt.com ce.lijit.com sync.teads.tv public-prod-dspcookiematching.dmxleo.com ads.betweendigital.com cpm.convergeselect.net usersync.gumgum.com eb2.3lift.com sync.search.spotxchange.com pixel.rubiconproject.com ad.360yield.com *.googletagmanager.com onetag-sys.com bh.contextweb.com contextual.media.net dsum.casalemedia.com partners.tremorhub.com s.pubmine.com match.sharethrough.com rtb-csync.smartadserver.com ads.avct.cloud dpm.demdex.net connect.facebook.net ws.sessioncam.com *.google.at c0.adalyser.com sofia.trustx.org sync.bfmio.com *.google.ca *.google.ch *.google.co.in *.google.co.th *.google.com.au *.google.com.mt *.google.com.ph *.google.com.pk *.google.com.tr *.google.com.ua *.google.de *.google.fi *.google.fr *.google.gr *.google.ie *.google.it *.google.kz *.google.se *.google.sk *.yieldify.com *.yieldify-production.com maps.googleapis.com *.engage.app *.eu-west-2.amazonaws.com editor-assets.abtasty.com *.abtasty.comi.ctnsnet.com cdn.ctnsnet.com consentag.eu; frame-ancestors 'self'; connect-src 'self' *.googleapis.com *.google.com *.google.co.uk *.umbraco.com sahpsantaswebsiteliveuks.blob.core.windows.net *.cookielaw.org *.google-analytics.com geolocation.onetrust.com l.getsitecontrol.com ict.infinity-tracking.net ws.sessioncam.com cdnhpsantaswebsiteliveuks.azureedge.net *.g.doubleclick.net *.infinity-tracking.net *.facebook.com *.bing.com *.onetrust.com api.livechatinc.com *.googletagmanager.com *.yieldify.com *.applicationinsights.azure.com c2001.report.gbss.io *.abtasty.com *.yieldify.com *.yieldify-production.com *.infinity-tracking.com wss://stranger.yieldify-production.com *.engage.app i.ctnsnet.com cdn.ctnsnet.com consentag.eu; frame-src 'self' *.google.com *.youtube.com *.vimeo.com *.youtube-nocookie.com consentag.eu apps.joinsherpa.io *.fls.doubleclick.net td.yieldify.com *.facebook.com secure.livechatinc.com *.s3.amazonaws.com bid.g.doubleclick.net *.livechatinc.com; font-src 'self' data: sahpsantaswebsiteliveuks.blob.core.windows.net cdnhpsantaswebsiteliveuks.azureedge.net *.gstatic.com fonts.yieldify-production.com *.yieldify-production.com  fonts.gstatic.com *.livechatinc.com *.abtasty.com; object-src 'self'; media-src 'self' data: res.cloudinary.com; report-uri https://santaslaplnd.report-uri.com/r/d/csp/enforce; 1
base-uri 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.google.com gstatic.com/support/content/resources/prod/js/survey/survey_light_ltr.css *.googletagmanager.com tagmanager.google.com gstatic.com/uservoice/surveys/resources/prod/js/survey/survey_light_ltr.css https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css; connect-src 'self' www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com *.services.google.com *.gstatic.com gstatic.com *.doubleclick.net region1.google-analytics.com https://gweb-gwg-events.appspot.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://pagead2.googlesyndication.com/; frame-ancestors 'self'; frame-src 'self' scone-pa.clients6.google.com www.google.com www.youtube.com *.yourprimer.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.yourprimer.com webapp-dot-gweb-learn10x.appspot.com services.google.com; default-src 'self' *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; img-src * data: blob:; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ fonts.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com *.googletagmanager.com apis.google.com *.googleadservices.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.googleapis.com *.google.com *.yourprimer.com *.ytimg.com *.gstatic.com https://www.googleoptimize.com/ https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/; media-src 'self' storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5arln6diquf9s&partner=; 1
default-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com; script-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-inline'; img-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com *.ytimg.com *.youtube.com data:; frame-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com *.youtube.com; font-src 'self' *.hoechsmann.com *.google.com *.google.de https://*.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com 1
default-src 'self'; img-src * 'self' data:; style-src * 'self' 'unsafe-inline'; font-src * 'self'; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; form-action 'self'; media-src 'self'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.sirv.com https://cdn.soft8soft.com https://*.se.com http://*.usersnap.com https://sisense.dev https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.googleadservices.com https://cdn.behamics.com https://cdn.mouseflow.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 1
default-src 'self';connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;base-uri 'none';font-src 'self' https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com;script-src 'self' 'sha256-Wezgm/yRorRVzqbr6vDdLOJEGKDTVKRuWZ2Yh53e/EU=' 'sha256-/PhlWtWSFKGpnQswrM5AJwZ6WsgKO5Bn3J8jgWZfT4Q=' 'sha256-tXEM7Y+7ipjlM5ZP3uzDVkEnZfYHvPFf2Aux3uiH5ho=' https://www.google-analytics.com https://static.cloudflareinsights.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
frame-ancestors 'none'; form-action https:; upgrade-insecure-requests 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src *; img-src 'self' data: https: http://www.google-analytics.com http://www.googletagmanager.com; base-uri 'self'; frame-ancestors https://*.integra-biosciences.com https://*.ostjob.ch 1
default-src 'self';           script-src 'self' 'unsafe-inline' 'unsafe-eval' *.recaptcha.net/ *.pageuppeople.com/ https://*.hotjar.com/ https://assets.juicer.io/ https://player.vimeo.com/api/player.js https://tools.euroland.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ http://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ *.google-analytics.com;          font-src 'self' data: https://*.hotjar.com/ https://static.juicer.io/ https://use.typekit.net/;           style-src 'self' 'unsafe-inline' https://assets.juicer.io/ https://use.typekit.net/mif5xqr.css https://p.typekit.net/;           connect-src 'self' *.google-analytics.com/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://www.juicer.io/api/feeds/ https://apikeys.civiccomputing.com/ https://clapi.civiccomputing.com/ https://stats.g.doubleclick.net/ *.google-analytics.com/ ;           frame-src  'self' *.recaptcha.net/ https://*.hotjar.com/ https://player.vimeo.com/  https://www.google.com/ https://www.youtube.com/ https://vimeo.com/ https://tools.eurolandir.com/ ;          img-src 'self' data: https://*.juicer.io/ https://*.hotjar.com/ https://i.vimeocdn.com/ *.google-analytics.com/ https://imageproxy.juicer.io/ https://www.juicer.io/api/posts/ https://i.ytimg.com/vi/ https://www.googletagmanager.com/ 1
default-src 'self' *.wirth-horn.de 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://tagmanager.google.com www.googletagmanager.com www.google.com www.gstatic.com https://salesviewer.org; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; 1
frame-src https: 'self' data:; 1
connect-src 'self' novonordiskfonden.matomo.cloud sentry.baernholdt.dev cdn.linkedin.oribi.io www.facebook.com www.gstatic.com translate.googleapis.com infragrid.v.network region1.google-analytics.com analytics.google.com stats.g.doubleclick.net cdn.cookielaw.org; default-src 'self' https://sentry.baernholdt.dev; font-src 'self' data: fonts.gstatic.com cdn.scite.ai api.rabatta.app; frame-src 'self' www.facebook.com player.vimeo.com app.powerbi.com acestream.me www.buzzsprout.com buzzsprout.com; img-src 'self' www.facebook.com px.ads.linkedin.com i.vimeocdn.com data: legacy.novonordiskfonden.dk www.googletagmanager.com cdn.cookielaw.org impact.novonordiskfonden.dk cph-bioscience.com translate.google.com fonts.gstatic.com www.google.rs mstat.acestream.net sciencecluster.dk; media-src 'self'; script-src 'self' cdn.matomo.cloud snap.licdn.com connect.facebook.net cdn.jsdelivr.net cdn.cookielaw.org player.vimeo.com polyfill.io 'unsafe-inline' www.googletagmanager.com www.google-analytics.com 'unsafe-eval' wasm-eval: cdn.linkedin.oribi.io www.vipmeg.com www.foxcoo.com search.evoow.com i.vimeocdn.com conoret.com www.pagespeed-mod.com novonordiskfonden.matomo.cloud; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://sentry.baernholdt.dev/api/7/security/?sentry_key=441d68b27b634e15912cfef2f9bded7a&sentry_environment=production; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-LU4JHT/D3FIVutwED/Voe/v0ZZ1tcgrcT1qRmoLEqZZHVl7X' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
block-all-mixed-content; frame-ancestors *.anhangueraferramentas.com.br 1
default-src 'self' *; object-src 'none'; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' *; frame-ancestors 'self' 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' content.mql5.com https://google.com https://post.foreximf.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://youtube.com https://www.youtube.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/; worker-src 'self' blob:  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://cdn.ampproject.org/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.in4mo.net www.google.com *.bing.com *.virtualearth.net seal.verisign.com *.amazonaws.com *.in4mo.io *.gstatic.com 1
block-all-mixed-content; frame-ancestors *.justapprove.com.br 1
frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://sdk.dcmn.io https://www.facebook.com/ https://sibautomation.com https://ad4m.at https://hal9000.redintelligence.net *.ad-srv.net https://googleanalytics.com https://google-analytics.com https://googleoptimize.com https://googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://widget.trustpilot.com *.studentbeans.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; child-src 'self' https: blob: https://www.youtube.com; script-src 'self' https: 'unsafe-inline' blob: www.saltedge.com; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: ws: wss: 1
frame-ancestors https://*.etracker.com; 1
default-src https:; font-src https: data:; img-src https: data:; media-src https: blob:; script-src https: 'sha256-It93rtWtDIUSyJlGg55zWCuJ5xdIyPxGy8+pMhFzbxE='; style-src https:; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' 'sha256-kDRQ3dagwwb3nrm8xnMC0VgLt6lNN98+2oajznduaKI='; font-src 'self'; img-src data: *; frame-src *; connect-src 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; frame-ancestors 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; 1
default-src 'none'; frame-src 'self' bankid: https://app.bankid.com skolid:; script-src 'self' https://browser.sentry-cdn.com https://az416426.vo.msecnd.net 'nonce-UIhNyg00U/J2qmFzSUJlS/jstiV6o4p/1J/byQHKwTo='; connect-src 'self' https://sentry.ist.com https://dc.services.visualstudio.com https://skolid-mtls.azurewebsites.net; img-src 'self'  'unsafe-inline' www.google-analytics.com data: https://skolidblob.blob.core.windows.net https://skolidlocaldev.blob.core.windows.net https://isthome.blob.core.windows.net https://*.ist.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: 1
block-all-mixed-content; frame-ancestors *.vetoreditora.com.br 1
default-src 'self' 'unsafe-inline' data: https://www.google.com https://www.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.qualtrics.com https://*.siteintercept.qualtrics.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://app.code2order.com https://app.straiv.io; 1
default-src 'self'; font-src data: https://assets.dm.de; child-src 'self' blob:; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.si https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://cdn.loadbee.com/ https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.si https://tags.tiqcdn.com https://www.dm.si; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.si https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://availability.loadbee.com/ https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cart.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.si https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://shopping-list-prod.services.dmtech.com https://signin.dm.si https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.si https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.si https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu; frame-src 'self' https://*.bazaarvoice.com https://*.dm.si https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://rendering.loadbee.com/ https://sandbox.om.dm.de https://service.loadbee.com/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.si https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.si https://signin.dm.si; manifest-src 'self'; report-uri /__csp-reports__;upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.baalajimaestro.me 1
default-src 'self' *.game7athletics.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com *.facebook.com *.paypalobjects.com *.paypal.com *.adyen.com; img-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; style-src 'self' 'unsafe-inline' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; frame-src 'self' https:; connect-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.game7athletics.com.au; 1
default-src 'self' https://www.google-analytics.com https://www.facebook.com/ https://webto.salesforce.com https://www.youtube.com; font-src *; img-src 'self' blob: https://www.ford.com https://www.toyotacr.com https://i.ibb.co https://i.imgur.com https://corporate.ford.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com https://www.google-analytics.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.js https://code.jquery.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://connect.facebook.net https://c1.rfihub.net/js/tc.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://static.site24x7rum.com/beacon/site24x7rum-min.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://platform.linkedin.com/in.js; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com; frame-src 'self' data:  https://td.doubleclick.net https://tpc.googlesyndication.com https://pixel-a.basis.net https://pixel.sitescout.com https://www.google.com https://toyota-la.transparenttestdrive.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://*.rfihub.com; connect-src 'self' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://capig.toyotacr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://col.site24x7rum.com https://maps.googleapis.com https://api-gateway.toyotacr.com https://analytics.google.com https://gtm-w59h9dt-zgnln.uc.r.appspot.com; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' 1
default-src 'self' *.mfcentral.com; script-src 'self'; style-src 'unsafe-inline' 'self' https://fonts.gogleapis.com https://www.gstatic.com ; font-src 'self' https://fonts.gogleapis.com; frame-src https://www.google.com; img-src data: 'self';object-src 'none' 1
frame-ancestors https://obeta.de https://www.obeta.de https://eldis.obeta.de https://www.eldis.obeta.de https://eldis.de https://www.eldis.de https://heinrich-haeusler.de https://www.heinrich-haeusler.de https://testing-www-obeta-de.obeta.io https://shop-next.obeta.de https://shop-next.eldis.de https://shop-next.heinrich-haeusler.de https://shop-support.obeta.io 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-HdKYSHUTcj6LdLoxZddPvQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-f1971946715fbe317ee743530831f3ee'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.com www.youtube.com ergonet.piwik.pro extreme-ip-lookup.com; font-src 'self' data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kohler.com.cn *.jiathis.com *.adobedtm.com *.baidu.com solution.comm100.cn survey.122.2o7.net *.scene7.com *.bdimg.com  *.bdimg.com *.jiathis.com *.kohler.com.cn *.kohler.com *.adobedtm.com *.google-analytics.com *.fugetech.com *.gridsumdissector.com *.webdissector.com *.allyes.com.cn *.aiodt.com 114.80.179.250 *.polyv.net blob:  data: *.videocc.net  ai.glor.cn *.cnzz.com cnzz.mmstat.com *.iperceptions.com *.glor.cn *.kohler.com consent.trustarc.com *.googletagmanager.com *.kohler.com *.scene7.com  *.google-analytics.com *.aiodt.com/ainsight.js *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org *.alicdn.com *.cn.miaozhen.com *.vod2.myqcloud.com *.wx.qq.com kohler.cos.bitbetter.com.cn;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jiathis.com *.wx.qq.com *.cn.miaozhen.com assets.adobedtm.com *.google-analytics.com *.baidu.com solution.comm100.cn survey.122.2o7.net *.scene7.com  *.bdimg.com *.fugetech.com *.gridsumdissector.com *.webdissector.com *.allyes.com.cn *.aiodt.com ai.glor.cn *.cnzz.com *.iperceptions.com *.kohler.com consent.trustarc.com *.googletagmanager.com player.polyv.net v3.jiathis.com s7d4.scene7.com api.map.baidu.com *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org shuyun-flow.kohler.com.cn *.wx.qq.com kohler.cos.bitbetter.com.cn stm-cdn.cn.miaozhen.com;img-src blob: data: *.kohler.com.cn *.kohler.com.cn solution.comm100.cn *.kohler.com *.baidu.com *.scene7.com  *.bdimg.com *.jiathis.com *.gridsumdissector.com *.webdissector.com *.aiodt.com *.cnzz.com cnzz.mmstat.com *.google-analytics.com consent.trustarc.com img.videocc.net s7d4.scene7.com *.v5kf.com *.beats-digital.com *.aliyuncs.com *.amap.com cdn.cookielaw.org kohler.cos.bitbetter.com.cn *.cn.miaozhen.com;style-src 'self' 'unsafe-inline' *.jiathis.com *.kohler.com *.kohler.com.cn *.v5kf.com *.beats-digital.com *.alicdn.com *.amap.com cdn.cookielaw.org;object-src 'self' *.kohler.com.cn *.amap.com cdn.cookielaw.org;media-src 'self' * blob: data: ;worker-src 'self' * blob: ;connect-src 'self' *  ai.glor.cn player.polyv.net static.polyv.net hls.videocc.net *.amap.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.iperceptions.com *.googletagmanager.com  *.adobedtm.com *.aiodt.com *.google-analytics.com assets.adobedtm.com 1.aiodt.com *.google-analytics.com cdn.jsdelivr.net/npm/vue *.kohler.com *.baidu.com *.polyv.net *.jiathis.com *.scene7.com shuyun-flow.kohler.com.cn *.trustarc.com *.v5kf.com *.beats-digital.com *.amap.com cdn.cookielaw.org geolocation.onetrust.com *.wx.qq.com kohler.cos.bitbetter.com.cn stm-cdn.cn.miaozhen.com jic.talkingdata.com;frame-src 'self' *.jiathis.com *.kohler.com *.baidu.com player.polyv.net shuyun-flow.kohler.com.cn *.v5kf.com *.beats-digital.com *.amap.com https://*.qq.com webcompt: 1
default-src 'none'; script-src 'self' https://platform.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://az416426.vo.msecnd.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' https://correo.emvs.es https://www3.emvs.es https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.google.com https://view.genial.ly https://shares.enetres.net https://iframe.dacast.com  'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com; media-src 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.facebook.com/; frame-src 'self' googlevideo.com *.doubleclick.net *.hcaptcha.com www.youtube-nocookie.com www.youtube.com; default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.doubleclick.net *.google.com *.articulate.com *.b-ite.com *.cookiehub.net *.cookiehub.eu *.kaessbohrerag.com *.pistenbully.com *.beach-tech.com *.powerbully.com *.snowsat.com *.proacademy.info *.kcomposites.com fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.com connect.facebook.net www.facebook.com www.google.de www.googleadservices.com i.vimeocdn.com player.vimeo.com img.youtube.com i.ytimg.com www.youtube.com www.gstatic.com cx.atdmt.com www.google.ie cookiehub.net s.ytimg.com www.youtube-nocookie.com noembed.com googlevideo.com cdn.plyr.io jobs.b-ite.com salesviewer.org salesviewer.com https://api.friendlycaptcha.com *.hcaptcha.com blob: 1
default-src https: data: 'image/jpeg'; connect-src https: wss:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data:; 1
frame-ancestors *.mailslurp.com https://*.frontapp.com https://*.frontapplication.com; default-src 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.frontapp.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://plausible.io https://eu.posthost.com plausible.io *.plausible.io https://typesense.mailslurp.biz chat.frontapp.com chat-assets.frontusercontent.com https://www.youtube-nocookie.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.frontapp.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://plausible.io https://eu.posthost.com plausible.io *.plausible.io https://typesense.mailslurp.biz chat.frontapp.com chat-assets.frontusercontent.com https://www.youtube-nocookie.com; object-src 'none'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; style-src blob: 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com unpkg.com; connect-src https://plausible.io/api/event chat-assets.frontapp.com chat.frontapp.com us-west-1-chat-server.frontapp.com us-west-2-chat-server.frontapp.com eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com 'self' *.mailslurp.com https://eu.posthost.com https://typesense.mailslurp.biz; style-src-elem 'self' 'unsafe-inline' unpkg.com fonts.gstatic.com fonts.googleapis.com blob:; img-src https://* 'self' data: *.amazonaws.com *.frontapp.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://plausible.io https://eu.posthost.com plausible.io *.plausible.io https://typesense.mailslurp.biz chat.frontapp.com chat-assets.frontusercontent.com https://www.youtube-nocookie.com; worker-src blob: *.mailslurp.com 1
object-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' https://www.sandbox.paypal.com/ https://analytics.tiktok.com/ https://region1.google-analytics.com https://s3.eu-west-1.amazonaws.com/ctd.combined/ https://invitejs.trustpilot.com https://services.postcodeanywhere.co.uk https://kit.fontawesome.com https://*.googleapis.com https://config1.veinteractive.com https://maps-api-ssl.google.com/ https://www.google.com https://www.google-analytics.com https://www.googleanalytics.com https://optimize.google.com https://www.googleoptimize.com https://*.gstatic.com https://googleads.g.doubleclick.net  https://www.googleadservices.com https://connect.facebook.net analytics.tiktok.com https://api.livechatinc.com https://cdn.livechatinc.com https://*.wufoo.com https://d10lpsik1i8c69.cloudfront.net https://ct.pinterest.com https://settings.luckyorange.net *.trustpilot.com https://s.pinimg.com https://scripts.sirv.com https://c.go-mpulse.net/ https://*.ggpht.com *.googleusercontent.com data:; img-src 'self' https://* https://s3.eu-west-1.amazonaws.com/ctd.combined/ https://*.googleapis.com https://maps-api-ssl.google.com/ https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://*.gstatic.com https://*.google.com *.googleusercontent.com www.googleadservices.com analytics.tiktok.com https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net *.wufoo.com *.trustpilot.com https://cdn.livechatinc.com https://ct.pinterest.com https://www.googleadservices.com/pagead/conversion_async.js https://www.facebook.com data:; style-src 'self' https://* 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net https://ka-f.fontawesome.com https://ctdtiles.sirv.com; object-src 'none';base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com/ https://*.akstat.io/ https://www.sandbox.paypal.com/ https://analytics.tiktok.com/ https://ctdtiles.sirv.com https://googleads.g.doubleclick.net https://api-preview.luckyorange.com https://region1.google-analytics.com/ https://www.justgiving.com https://services.postcodeanywhere.co.uk https://invitejs.trustpilot.com https://s.pinimg.com https://kit.fontawesome.com https://ka-f.fontawesome.com/ https://config1.veinteractive.com https://widget.trustpilot.com https://cdn.livechatinc.com https://ctdtiles.wufoo.com https://static.wufoo.com https://ct.pinterest.com https://settings.luckyorange.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://api.luckyorange.com https://d10lpsik1i8c69.cloudfront.net https://*.googleapis.com https://*.google.com https://*.gstatic.com https://maps-api-ssl.google.com/ https://api.livechatinc.com wss://visitors.live wss://*.visitors.live analytics.tiktok.com https://c.go-mpulse.net/ data: blob:; font-src 'self' data: https://s3.eu-west-1.amazonaws.com/ctd.combined/ https://cdn.livechatinc.com https://fonts.gstatic.com https://use.typekit.net http://www.ctdtiles.co.uk https://www.ctdtiles.co.uk http://fontawesome.io https://fontawesome.com  https://ka-f.fontawesome.com/ https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net/ https://ct.pinterest.com/ https://snapwidget.com/ https://www.sandbox.paypal.com/ https://platform.twitter.com/ https://www.justgiving.com https://www.justgiving.com/fundraising/ https://player.vimeo.com https://vimeo.com https://www.youtube.com https://simplicity.trustpilot.com https://ctdtiles.wufoo.com https://static.wufoo.com https://secure.livechatinc.com https://widget.trustpilot.com https://www.facebook.com https://*.google.com https://ctdtiles.wufoo.eu https://player.vimeo.com/ https://optimize.google.com https://www.pinterest.com bytedance: sslocal:; manifest-src 'self'; media-src 'self' https://v.pinimg.com https://d10lpsik1i8c69.cloudfront.net; worker-src 'self' blob:; 1
frame-ancestors 'self' https://app.storyblok.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdnjs.cloudflare.com https://sentry.io https://payments.worldpay.com https://cdn.sift.com https://verify.sendwyre.com https://pay.sendwyre.com https://ajax.cloudflare.com https://*.crisp.chat https://www.googletagmanager.com; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: https://connect.venly.io https://*.crisp.chat https://payments.worldpay.com https://fonts.googleapis.com; media-src *; font-src 'self' data: https://connect.venly.io https://fonts.gstatic.com https://themes.googleusercontent.com https://*.crisp.chat; frame-src https://connect.venly.io https://login.arkane.network https://login.venly.io https://global.transak.com https://buy.ramp.network https://platform.twitter.com https://help.venly.io https://help.venly.market https://payments.worldpay.com https://*.crisp.chat; object-src 'none'; connect-src 'self' https://events.venly.market https://login.arkane.network https://login.venly.io https://content.arkane.network https://api-wallet.venly.io https://connect.venly.io https://sentry.io https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://api.sendwyre.com wss://*.crisp.chat https://*.crisp.chat https://*.browser-intake-datadoghq.eu; worker-src 'self' blob: 1
frame-ancestors 'self' https://mimun-yashir--devnadlan.sandbox.my.salesforce.com; 1
frame-ancestors 'none'; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.openstreetmap.org; img-src data: blob: * *.momentjs.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.twitter.com *.youtube.com ajax.googleapis.com c.bazo.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com c.bazo.io ; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.instagram.com *.twitter.com ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.momentjs.com momentjs.com *.google.com connect.facebook.net *.instagram.com *.twitter.com *.googletagmanager.com *.hotjar.com *.gstatic.com c.bazo.io *.google-analytics.com *.licdn.com; connect-src 'self' ws: *.openstreetmap.org *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.hotjar.com *.hotjar.io c.bazo.io 1
frame-ancestors 'self' https://*.polfed.org https://polfedportal.microsoftcrmportals.com https://ebillingportal.powerappsportals.com 1
frame-ancestors 'self' https://www.visitdenmark.de https://*.www.visitdenmark.de https://api.www.www.visitdenmark.de 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.horrorhub.club; img-src 'self' https: data: blob: https://social.horrorhub.club; style-src 'self' https://social.horrorhub.club 'nonce-Gr0cGePeW4myBLY0bsNq7Q=='; media-src 'self' https: data: https://social.horrorhub.club; frame-src 'self' https:; manifest-src 'self' https://social.horrorhub.club; form-action 'self'; child-src 'self' blob: https://social.horrorhub.club; worker-src 'self' blob: https://social.horrorhub.club; connect-src 'self' data: blob: https://social.horrorhub.club https://media.horrorhub.club wss://social.horrorhub.club; script-src 'self' https://social.horrorhub.club 'wasm-unsafe-eval' 1
default-src https:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src 'self' *.farmersnational.com farmersnational.com *.union.agency *.fncrealestate.com fncrealestate.com *.fncagstock.com *.fncappraisal.com *.fncenergy.com *.fncforestry.com *.fncinsurance.com *.fncserecon.com *.huntingleasenetwork.com d3kjpy37abehj1.cloudfront.net *.bugherd.com *.marker.io; style-src 'self' 'unsafe-inline' *.typekit.net farmersnational.com unpkg.com cdn.jsdelivr.net *.union.agency *.farmersnational.com *.fncrealestate.com *.fncenergy.com *.fncagstock.com *.fncappraisal.com *.fncforestry.com *.fncinsurance.com *.fncserecon.com *.huntingleasenetwork.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: farmersnational.com unpkg.com *.bugherd.com *.pusher.com www.google.com www.gstatic.com www.googletagmanager.com connect.facebook.net www.facebook.com edge.marker.io polyfill.io *.addtoany.com code.jquery.com *.jsdelivr.net *.openstreetmap.org *.union.agency *.farmersnational.com *.fncrealestate.com *.fncenergy.com *.fncagstock.com *.fncappraisal.com *.fncforestry.com *.fncinsurance.com *.fncserecon.com *.huntingleasenetwork.com *.google-analytics.com; connect-src 'self' search-farmersnational-prod.union.agency search.farmersnational.com *.addtoany.com analytics.google.com *.google-analytics.com api.marker.io *.arcgis.com *.craftcms.com *.cartocdn.com *.openstreetmap.org *.doubleclick.net; img-src 'self' *.farmersnational.com data: d3kjpy37abehj1.cloudfront.net www.facebook.com *.cartocdn.com *.union.agency *.google-analytics.com *.google.com; font-src 'self' data: *.typekit.net *.google-analytics.com; frame-src 'self' *.mapright.com *.union.agency *.youtube.com *.addtoany.com www.facebook.com *.marker.io *.google.com forms.monday.com id.land *.id.land mapright.com *.mapright.com *.fncrealestate.com *.fncinsurance.com player.flipsnack.com 1
frame-ancestors 'self'; script-src *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net *.googletagmanager.com *.googleadservices.com *.blackbaudhosting.com *.actonservice.com *.doubleclick.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.blackbaudhosting.com *.actonservice.com cdn.jsdelivr.net cdnjs.cloudflare.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.doubleclick.net *.google.com *.googletagmanager.com *.blackbaudhosting.com *.vimeocdn.com jelly.mdhv.io jelly-v6.mdhv.io 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cdn.jsdelivr.net; frame-src *.facebook.com *.surveygizmo.com *.youtube.com *.doubleclick.net *.alchemer.coM *.blackbaudhosting.com *.smartsheet.com *.spreaker.com *.vimeo.com *.google.com *.slideshare.net 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.clockwisemd.com *.facebook.com *.actonservice.com analytics.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; sandbox allow-scripts allow-same-origin allow-presentation allow-modals allow-forms allow-popups allow-downloads allow-popups-to-escape-sandbox 'self'; default-src 'self' 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.googlesyndication.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-2Ah75FmgJ2t4LkHASsyVCh8w';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
default-src 'self'; script-src https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://stats.g.doubleclick.net https://ap.gateway.mastercard.com https://wbcfj.gateway.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://maps.google.com https://maps.google.com/maps-api-v3/api/js/41/8/map.js https://maps.google.com/maps-api-v3/api/js/41/8/marker.js https://maps.google.com/maps-api-v3/api/js/41/8/infowindow.js https://maps.google.com/maps-api-v3/api/js/41/8/util.js https://maps.google.com/maps-api-v3/api/js/41/8/common.js https://maps.google.com/maps-api-v3/api/js/41/8/onion.js https://maps.google.com/maps-api-v3/api/js/41/8/stats.js https://maps.google.com/maps-api-v3/api/js/41/8/controls.js https://maps.google.com http://www.w3.org https://maps.gstatic.com https://maps.googleapis.com https://vodafonefiji.elmotalent.com.au https://www.google-analytics.com https://kbs-ap-wrappers.kandy.io/embed/wrapper-min.js https://kbs-ap-wrappers.kandy.io https://webchat.vodafone.com.fj/CustomerChat%20vodafone/Chat/Toolbox https://analytics.google.com https://webchat.vodafone.com.fj https://webchat.vodafone.com.fj/CustomerChat/Chat/Toolbox https://webchat.vodafone.com.fj/CustomerChat/Scripts/Chat/Config.js https://webchat.vodafone.com.fj/CustomerChat/Scripts/chattoolbox.bundle.js https://webchat.vodafone.com.fj/CustomerChat/Scripts/Chat/TemplateDataSource.js *.youtube.com *.stumbleupon.com *.twitter.com *.boostrapcdn.com *.ytimg.com *.doubleclick.com https://snap.licdn.com https://static.hotjar.com https://googleads.g.doubleclick.net https://script.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maps.google.com https://vodafonefiji.elmotalent.com.au vodafonefiji.elmotalent.com.au kbs-ap-wrappers.kandy.io https://vodafonefiji.elmotalent.com.au/theme/vodafonefiji/login_theme.css https://webchat.vodafone.com.fj/CustomerChat/Content/Chat.css https://webchat.vodafone.com.fj/CustomerChat/Content/fontawesome-5.6.1/css/all.min.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com https://maps.google.com http://www.w3.org https://maps.gstatic.com netdna.bootstrapcdn.com data: https://www.vodafone.com.fj https://webchat.vodafone.com.fj; img-src 'self' blob: www.google-analytics.com stats.g.doubleclick.net www.vodafone.com.fj kbs-ap-wrappers.kandy.io https://px.ads.linkedin.com *.google.com *.google.com.au *.google.co.uk *.google.in *.google.co.nz www.facebook.com www.google.com.fj www.google.com data:; media-src 'self' data: blob:; child-src https://ap.gateway.mastercard.com https://wbcfj.gateway.mastercard.com https://pay.mpaisa.vodafone.com.fj 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com vodafonefiji.elmotalent.com.au; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com vodafonefiji.elmotalent.com.au kbs-ap-wrappers.kandy.io stats.g.doubleclick.net https://webchat.vodafone.com.fj https://analytics.google.com https://cdn.linkedin.oribi.io; object-src 'self'; 1
default-src *.tawk.to https://*.tawk.to wss://*.tawk.to https: 'unsafe-inline' 'unsafe-eval'; img-src *.tawk.to https: data:; font-src *.tawk.to https: data: 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://analytics.jbtec.eu; style-src * 'unsafe-inline' ; img-src 'self' https://secure.gravatar.com https://jbtec.eu https://analytics.jbtec.eu; font-src 'self' data: *; connect-src * ; media-src * ; object-src * ; child-src 'self' api-78ac7482.duosecurity.com; frame-ancestors 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock; reflected-xss block; base-uri https://subdomain.innolabs-technologies.net; manifest-src * ; referrer origin; 1
default-src 'none'; connect-src * 'self'; font-src * 'self'; frame-src * 'self'; img-src * 'self' data:; manifest-src * 'self'; object-src * 'self'; prefetch-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; media-src * 'self'; form-action * 'self'; worker-src 'self' 1
upgrade-insecure-requests; default-src 'self'; img-src 'self' *.amazon.com web.archive.org d1y62r8iqkdmlm.cloudfront.net d3rdtowr0c5lpf.cloudfront.net mirrors.creativecommons.org *.eyeem.com moma-teams-photos.corp.google.com www.google.com *.media-amazon.com mirrors.meiert.org images-na.ssl-images-amazon.com stevesouders.com *.tumblr.com pbs.twimg.com junkcharts.typepad.com *.met.vgwort.de www.w3.org upload.wikimedia.org data:; script-src 'self' 'unsafe-inline' d3rdtowr0c5lpf.cloudfront.net; style-src 'self' 'unsafe-inline' d3rdtowr0c5lpf.cloudfront.net www.w3.org; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org https://*.newspointapp.com http://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com https://*.economictimes.com https://*.gadgetsnow.com https://timesxp.com https://www.timesxp.com https://*.timesxp.com https://*.filmipop.com https://www.google.co.in https://*.slike* http*://*.slike* *.sli.ke http*://*.sli.ke https://*.sli.ke 1
frame-src www.google.com;default-src 'self' 1
frame-src 'self' https://www.youtube.com https://www.facebook.com https://maps.google.com.tw https://www.google.com; img-src 'self' www.cna.edu.tw:80 https://cache.addthiscdn.com https://www.google.com https://www.google.com.tw https://www.google-analytics.com http://www.googletagmanager.com https://i.ytimg.com https://i.imgur.com;   1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: app.productfruits.com *.productfruits.com snap.licdn.com *.licdn.com *.fontawesome.com appcenter.intuit.com *.cloudflare.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.gstatic.com *.capterra.com *.tinymce.com *.tiny.cloud *.purechat.com *.googleapis.com *.zoho.eu *.zohocdn.com *.zohostatic.eu *.zohopublic.eu; img-src * 'self' data: blob:; media-src *; style-src 'unsafe-inline' *; font-src * data:; connect-src *; object-src 'self'; frame-src *.google.com *.youtube.com *.zoho.eu *.zohostatic.eu *.zohopublic.eu; frame-ancestors 'none' 1
connect-src 'self' https:;img-src 'self' data: blob: walleyenow-strapi-staging-uploads.s3.amazonaws.com;media-src 'self' data: blob: walleyenow-strapi-staging-uploads.s3.amazonaws.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://mask13.classy.org/' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none' 1
child-src 'self' https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.google.com https://stacc.ee https://public.tableau.com https://tableauapp.tehik.ee; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://maxcdn.bootstrapcdn.com https://embed.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://cdn.reactandshare.com https://data.reactandshare.com https://unpkg.com https://static-v.tawk.to https://public.tableau.com https://tableauapp.tehik.ee https://s3.eu-north-1.amazonaws.com https://ajax.googleapis.com https://www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io npmcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.reactandshare.com https://unpkg.com https://embed.tawk.to https://s3.eu-north-1.amazonaws.com https://translate.googleapis.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com npmcdn.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://www.digilugu.ee/login https://www.facebook.com; frame-ancestors 'self'; report-uri https://tervisekassa.ee/report-uri/enforce; block-all-mixed-content 1
default-src blob: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; font-src 'self' data: https:; worker-src blob: https:; 1
frame-ancestors 'self' *.swtue.de swt.sb-sites.com *.staffbase.com *.eyo.net localhost:* ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN; 1
default-src https: www.google.com www.gstatic.com www.recaptcha.net data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-+tG0oiye0CN7n+H41aWlBw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' editor.unlayer.com cdn.ampproject.org;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: blob: cdn.tools.unlayer.com *.amazonaws.com images.unlayer.com maps.googleapis.com/maps/api/staticmap;media-src 'self';frame-src 'self' editor.unlayer.com www.screencast.com player.vimeo.com data: https://account.asacloud.eu https://login.microsoftonline.com;font-src 'self' data: fonts.gstatic.com;connect-src 'self' ws://localhost:*/ blob: https://account.asacloud.eu https://login.microsoftonline.com;base-uri 'self';worker-src 'self';child-src 'self';frame-ancestors 'self' https://account.asacloud.eu https://login.microsoftonline.com;form-action 'self'; 1
base-uri 'self'; child-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com https://www.google.com https://sniff.visistat.com https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://stats.g.doubleclick.net https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://www.googletagmanager.com/gtm.js https://platform.twitter.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/; connect-src 'self' https://test2-beroesite.beroeinc.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://sniff.visistat.com https://www.facebook.com https://www.linkedin.com https://forms.hubspot.com/ https://api.hubapi.com https://www.beroeinc.com https://api.omappapi.com/ https://www.google.com https://www.googletagmanager.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://stats.g.doubleclick.net https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://ws.sitespeaker.link/ https://www.googleapis.com/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.beroeinc.com https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://consentlog.cookieyes.com/api/v1/log https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/ https://api-js.mixpanel.com/ https://s.clarity.ms/ https://beroeinc.piwik.pro/ https://ipv6.6sc.co/; default-src 'self' https://test2-beroesite.beroeinc.com https://fonts.gstatic.com https://support2.lsdsoftware.com/ https://platform.twitter.com/ https://www.buzzsprout.com https://local.beroeinc.com/; frame-ancestors 'self' https://*.beroelive.ai/; frame-src 'self' https://www.google.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.linkedin.com https://www.gstatic.com https://i.ytimg.com/ https://www.buzzsprout.com https://www.youtube.com/ https://vars.hotjar.com https://*.hotjar.com https://calendly.com https://www.beroeinc.com https://drive.google.com https://js.chargebee.com https://beroeinccorporatewebsite.chargebee.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://www.loom.com/ https://local.beroeinc.com/ https://accounts.google.com/; img-src 'self' https://test2-beroesite.beroeinc.com https://px.ads.linkedin.com/ https://sniff.visistat.com https://track.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://www.beroeinc.com https://www.google.com https://ws-na.amazon-adsystem.com https://ir-na.amazon-adsystem.com https://images-na.ssl-images-amazon.com https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://i.ytimg.com https://www.facebook.com/ https://js.chargebee.com/ https://www.google.co.in/ https://ipinfo.io/ https://js.stripe.com/ https://assets.sitespeaker.link/ https://optimize.google.com https://www.beroeinc.com data: https://local.beroeinc.com/ https://b.6sc.co/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.beroeinc.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://static.woopra.com https://code.jquery.com https://s.adroll.com https://d.adroll.com/ https://a.opmnstr.com/ https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://i.ytimg.com/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ 'nonce-ec3561d3df1b44fab06736fb'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/js/bootstrap-select.min.js https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/; style-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/ 'nonce-379736007d0777a157493321'; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/css/bootstrap-select.min.css https://local.beroeinc.com/; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-531b2de86af44bd582b4afef47be9652' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self'; default-src 'self' www.bossedm.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self' 'unsafe-inline' https://*.facebook.net https://*.facebook.com wss://*.smartsupp.com https://tgscript.s3.amazonaws.com https://trustseals.trust-guard.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.googleapis.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://www.google.be https://v3.be data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.pinterest.com *.jsdelivr.net *.wistia.net https://unpkg.com *.cookiehub.com https://cookiehub.net *.cookiehub.eu *.google.com *.recaptcha.net *.gstatic.com *.omappapi.com *.bing.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com *.google.be  *.googlesyndication.com *.clarity.ms *.plausible.io plausible.io *.googleoptimize.com *.pinimg.com; object-src 'self' https://www.reynaers.com; media-src 'self'; frame-src 'self' *.hotjar.com *.google.com *.youtube.com *.pinterest.com *.wistia.net https://accesscontrolconfig.z6.web.core.windows.net *.vimeo.com *.recaptcha.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://websiteintegration.source.thenbs.com https://indd.adobe.com https://sketchfab.com https://reynaers.digitaal-magazine.nl https://bati-energie.be https://bouw-energie.be https://www.bouw-energie-projects.be https://widget.surveymonkey.com https://www.surveymonkey.co.uk https://open.spotify.com https://my.matterport.com https://www.youtube.com https://issuu.com https://www.reynaers.com; font-src 'self' *.gstatic.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com; connect-src 'self' *.googleapis.com *.google.com *.cookiehub.net *.google-analytics.com *.omappapi.com  *.doubleclick.net *.bing.com *.google.be *.googlesyndication.com *.facebook.com *.googletagmanager.com *.clarity.ms *.plausible.io plausible.io *.pinterest.com; report-uri /report-csp-violation 1
object-src 'self'; child-src http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.at https://*.kruizinga.be https://*.kruizinga.ch https://*.kruizinga.com https://*.kruizinga.cz https://*.kruizinga.de https://*.kruizinga.dk https://*.kruizinga.es https://*.kruizinga.eu https://*.kruizinga.fi https://*.kruizinga.fr https://*.kruizinga.it https://*.kruizinga.lu https://*.kruizinga.pl https://*.kruizinga.pt https://*.kruizinga.se https://www.google.com https://*.ladesk.com https://*.pinterest.com http://*.youtube.com https://*.youtube.com https://*.yout-ube.com https://*.youtube-nocookie.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com http://*.testkruizinga.nl https://optimize.google.com  http://td.doubleclick.net https://*.abtasty.com; frame-ancestors http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.de https://*.kruizinga.fr https://*.kruizinga.com; block-all-mixed-content 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.cookiebot.com https://polyfill.io https://cdn.jsdelivr.net https://*.piwik.pro https://*.cloudflare.com https://*.commerce-connector.com https://*.commerce-connector.de https://googleapis.com https://google.com https://gstatic.com https://unpkg.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://*.googleapis.com https://vjs.zencdn.net https://css-tricks.com https://s.pinimg.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://*.commerce-connector.com https://*.commerce-connector.de https://css-tricks.com https://fonts.net https://gstatic.com https://*.googleapis.com https://*.youtube-nocookie.com https://vjs.zencdn.net https://unpkg.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.commerce-connector.com https://*.commerce-connector.de https://fonts.net https://fonts.gstatic.com https://gstatic.com; img-src 'self' data: blob: https://ct.pinterest.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://*.commerce-connector.de https://*.commerce-connector.com https://imgsct.cookiebot.com; frame-src 'self' https://ct.pinterest.com https://*.cookiebot.com http://googleapis.com https://youtube-nocookie.com http://*.googleapis.com https://*.youtube-nocookie.com; media-src 'self'; connect-src 'self' https://ct.pinterest.com https://consentcdn.cookiebot.com https://*.piwik.pro https://*.commerce-connector.com https://*.commerce-connector.de https://maps.googleapis.com; manifest-src 'self'; worker-src 'self' blob:; 1
frame-ancestors 'self' https://sportfive.com https://sportfive.com.au https://sportfive.sg https://sportfive.kr https://sportfive.jp https://sportfive.cn https://sportfive.hu https://sportfive.pl https://sportfive.nl https://sportfive.de https://sportfive.fr https://sportfive.co.uk https://sportfive.es https://sportfive.us https://sportfive.ch https://*.etracker.com 1
frame-src https://orionvm-com.hs-sites.com 'self'; 1
font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com; default-src 'self' https: 1
frame-ancestors 'self' northampton.gov.uk www.northampton.gov.uk intranet.northampton.gov.uk www.intranet.northampton.gov.uk northamptonpartnershiphomes.org.uk www.northamptonpartnershiphomes.org.uk uat.nph.org.uk www.uat.nph.org.uk nphintranet.co.uk www.nphintranet.co.uk uat.nphintranet.co.uk www.uat.nphintranet.co.uk lovenothampton.co.uk www.lovenothampton.co.uk nph.org.uk www.nph.org.uk northamptonmuseums.com www.northamptonmuseums.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' http://hamptonswebdesign.net https://hamptonswebdesign.net http://www.hamptonswebdesign.net https://www.hamptonswebdesign.net https://www.google.com https://www.gstatic.com https://www.youtube.com/embed https://embed.music.apple.com https://www.googletagmanager.com http://maps.google.com https://maps.google.com *; img-src *; media-src *; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://hamptonswebdesign.net https://hamptonswebdesign.net http://www.hamptonswebdesign.net https://www.hamptonswebdesign.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com http://maps.google.com https://maps.google.com *; frame-src *; 1
frame-ancestors 'self' *.easyshipping.gr 1
default-src 'self' https://* wss://*.hotjar.com *.pusher.com *.pusherapp.com wss://*.pusher.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://cardflip.twistoo.co https://fonts.googleapis.com https://cdn.luigisbox.com https://onesignal.com; img-src 'self' data: https://*; font-src 'self' data: https://fonts.gstatic.com https://cdn.livechatinc.com 1
default-src 'none';script-src 'self' AllowScripts-InCSP.com ajax.aspnetcdn.com *.aspnetcdn.com cdnjs.cloudflare.com *.cloudflare.com www.w3schools.com *.google.com *.gstatic.com vjs.zencdn.net vjs.zencdn.net/* fonts.gstatic.com www.googleadservices.com www.google-analytics.com *.bing.com js.stripe.com www.googletagmanager.com www.clickcease.com static.hotjar.com wss.localhost:44365 script.hotjar.com googleads.g.doubleclick.net cdn.livechatinc.com api.livechatinc.com cdn.livechatinc.com/tracking.js www.clarity.ms m.clarity.ms n.clarity.ms *.clarity.ms wss.localhost:44352 ws.localhost:44352 m.clarity.ms/collect n.clarity.ms/collect www.clarity.ms/collect www.clarity.ms/tag/uet/211012758 www.clarity.ms/eus-f/s/0.6.43/clarity.js ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js cnazone-cnazone2.azurewebsites.net/serviceworker *.licdn.com kit.fontawesome.com *.fontawesome.com kit.fontawesome.com ka-f.fontawesome.com fontawesome.com *.facebook.net *.linkedin.com px.ads.linkedin.com cnazone.com/serviceworker 'unsafe-eval' 'unsafe-inline';style-src 'self' AllowStyles-InCSP.com *.aspnetcdn.com vjs.zencdn.net cdnjs.cloudflare.com/ajax/libs/mdb-ui-kit/6.1.0/mdb.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css cdnjs.cloudflare.com *.cloudflare.com fontawesome.com kit.fontawesome.com *.fontawesome.com www.w3schools.com/w3css/4/w3.css fonts.googleapis.com 'unsafe-inline';child-src AllowChildren-InCSP.com www.gstatic.com www.google.com bid.g.doubleclick.net vars.hotjar.com js.stripe.com bid.g.doubleclick.net player.vimeo.com secure.livechatinc.com localhost:44352/serviceworker cnazone-cnazone2.azurewebsites.net/serviceworker cnazone.com/serviceworker;connect-src 'self' AllowConnections-InCSP.com cdnjs.cloudflare.com *.aspnetcdn.com surveystats.hotjar.io www.google-analytics.com *.google.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ssl.gstatic.com js.stripe.com in.hotjar.com *.clickcease.com wss://ws25.hotjar.com rxce-videos.sfo3.cdn.digitaloceanspaces.com googleads.g.doubleclick.net stats.g.doubleclick.net *.doubleclick.net fonts.googleapis.com static.hotjar.com vjs.zencdn.net vjs.zencdn.net/7.20.3/video.min.js www.googleadservices.com/ cdn.livechatinc.com/tracking.js api.livechatinc.com api.livechatinc.com/v3.6/customer/action/ cnazone.sfo3.cdn.digitaloceanspaces.com content.hotjar.io www.w3schools.com/* wss://localhost:44396/cnaZone_new/ localhost:44352/ localhost:44348/cnaZone_new wss://localhost:44397/cnaZone_new/ wss://localhost:44306/cnaZone_new/ wss://localhost:44302/cnaZone_new/ wss://localhost:44352/cnaZone_new/ wss://localhost:*/cnaZone_new/ wss://localhost:44351/cnaZone_new/ wss://localhost:44379/cnaZone_new/ wss://localhost:44326/cnaZone_new/ ws://localhost:51830/cnaZone_new/ ws://localhost:62998/cnaZone_new/ www.clarity.ms m.clarity.ms n.clarity.ms www.clarity.ms/collect m.clarity.ms/collect n.clarity.ms/collect *.clarity.ms/collect www.clarity.ms/tag/uet/211012758 www.clarity.ms/eus-f/s/0.6.43/clarity.js j.clarity.ms/collect *.licdn.com *.facebook.net *.facebook.com *.bing.com *.linkedin.com *.linkedin.oribi.io px.ads.linkedin.com *.oribi.io/* cnazone-cnazone2.azurewebsites.net/serviceworker cnazone.com/serviceworker kit.fontawesome.com ka-f.fontawesome.com *.fontawesome.com;manifest-src 'self';font-src 'self' fonts.gstatic.com script.hotjar.com cdn.livechatinc.com data: *.cloudfare.com;form-action 'self' AllowFormActions-InCSP.com js.stripe.com fonts.googleapis.com static.hotjar.com;img-src 'self' AllowImages-InCSP.com www.google-analytics.com *.googletagmanager.com/ bat.bing.com www.google.com www.gstatic.com googleads.g.doubleclick.net script.hotjar.com content: data: *.linkedin.com px.ads.linkedin.com c.bing.com www.clarity.ms *.clarity.ms c.clarity.ms/c.gif cnazone-cnazone2.azurewebsites.net cnazone.com cdnjs.cloudflare.com *.cloudflare.com fontawesome.com kit.fontawesome.com *.fontawesome.com *.facebook.com;media-src 'self' AllowAudioAndVideo-InCSP.com cnazone.sfo3.cdn.digitaloceanspaces.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.segment.io https://cdn.segment.com https://d13he6skx5qn9f.cloudfront.net https://sessions.bugsnag.com http://d2wy8f7a9ursnm.cloudfront.net https://notify.bugsnag.com https://app.pendo.io https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-6189065625403392.storage.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com https://tinymce.cachefly.net https://maxcdn.bootstrapcdn.com https://oss.maxcdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://d2zz4thflisoea.cloudfront.net https://dnu7uhq6qumrf.cloudfront.net https://*.namely.com https://s3.amazonaws.com https://namely-additional-pay-import.s3.amazonaws.com/ https://namely-paycheck-notes.s3.amazonaws.com https://sbs-assets.namely.com https://player.vimeo.com; font-src 'self' data: https://f.namely.com https://maxcdn.bootstrapcdn.com https://dzmqh46i6l1ir.cloudfront.net; img-src 'self' data: https://app.pendo.io https://pendo-static-6189065625403392.storage.googleapis.com https://d2zz4thflisoea.cloudfront.net https://dnu7uhq6qumrf.cloudfront.net; report-uri /CSP_Report.aspx; frame-ancestors 'self' https://app.pendo.io; 1
default-src 'self' 'unsafe-inline'; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 'report-sample' cdnjs.cloudflare.com *.dordogne.fr http://* *.googletagmanager.com *.google.com *.gstatic.com *.dordogne.fr dev.virtualearth.net arcgis.com *.arcgis.com ; style-src 'self' data: 'unsafe-inline' 'report-sample' arcgis.com *.arcgis.com srv-odh.dordogne.fr http://* *.googleapis.com *.dordogne.fr; img-src 'self' blob: data: habitat.dordogne.fr tile.openstreetmap.org img.youtube.com i.vimeocdn.com pbs.twimg.com *.ggpht.com *.ytimg.com *.fbcdn.net http://* *.dordogne.fr; font-src * 'self' data: https://fonts.gstatic.com *.dordogne.fr; connect-src *; media-src 'self' maps.google.com; object-src 'none'; child-src 'self'; frame-src 'self' arcgis.com *.arcgis.com *.dordogne.fr *.entrouvert.org *.vimeo.com *.google.com *.calameo.com *.youtube-nocookie.com; worker-src 'self' blob: *.dordogne.fr; form-action 'self' *.dordogne.fr; base-uri 'self'; manifest-src 'self'; 1
frame-ancestors 'self' https://manage.pharmamanufacturing.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self'; form-action 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://WEU-AZ-WEB-FR-CDNEP.azureedge.net/ https://WEU-AZ-WEB-FR-DEV-CDNEP.azureedge.net/ https://WEU-AZ-WEB-FR-UAT-CDNEP.azureedge.net/ https://ivc-dev-ep-01.azureedge.net/  https://fonts.gstatic.com https://fonts.googleapis.com https://az416426.vo.msecnd.net/ https://www.googletagmanager.com/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://static.hotjar.com/ https://stats.g.doubleclick.net/ https://script.hotjar.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.google.nl/ https://in.hotjar.com/ https://vc.hotjar.io/ https://static.elfsight.com/  https://apps.elfsight.com/ https://www.youtube.com/ https://az416426.vo.msecnd.net/ https://service-reviews-ultimate.elfsight.com/ https://js.stripe.com/ https://www.google.com/ https://www.gstatic.com/ https://booking.vetstoria.com/ https://www.google.co.uk/ https://ajax.googleapis.com/ https://docs.google.com/ https://website.captainvet.com/ https://www.captainvet.com/ https://clicrdv-assets.s3.amazonaws.com/ https://eudist.vetstoria.com/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://widget.monrendezvousveto.fr/ https://www.monrendezvousveto.fr/ https://stackpath.bootstrapcdn.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://website.captainvet.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://widget.trustpilot.com/ https://privacyportal-de.onetrust.com/ https://dash.elfsight.com/ https://core.service.elfsight.com/  *.elfsightcdn.com/ *.elfsight.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: wss:; img-src https: data:; font-src https: data:; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.fr 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.fr; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.fr; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.fr images.fashiola.fr cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; connect-src https: wss://websocket-visitors.smartsupp.com 1
default-src 'self'; script-src 'self' ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com connect.facebook.net www.facebook.com d3js.org experian-webchat.gotbot.co.za 'sha256-5Phry0KFWO5ShCB5rru7rOhhNRij/s2wU0Jn3GgOPXk=' 'sha256-9ZckW+lBBjYbwIdCQi3DX0aVT4Pnujj0n54DGUl/FiQ=' 'sha256-MTMznBElLtUpW5rnzHNFF3lV3rsdh9qBHoWD8ouE9Bs='; img-src 'self' www.google-analytics.com stats.g.doubleclick.net data: *.openstreetmap.org https://connect.facebook.net https://www.facebook.com blog.mycreditcheck.co.za https://experian-webchat.gotbot.co.za https://production-webchat.s3.eu-central-1.amazonaws.com; connect-src 'self' www.google-analytics.com https://stats.g.doubleclick.net blog.mycreditcheck.co.za https://experian-webchat.gotbot.co.za; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src https://experian-webchat.gotbot.co.za/; frame-ancestors 'none' 1
block-all-mixed-content; frame-ancestors *.normatel.com.br 1
default-src data: 'self' blob: accounts.google.com cdns.eu1.gigya.com www.googleapis.com ; object-src 'none'; style-src 'self' 'unsafe-inline' *.tawk.to  cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net gyrocode.github.io ; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.tawk.to fonts.gstatic.com ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tawk.to www.google-analytics.com www.googletagmanager.com https://www.googleapis.com/ https://apis.google.com/ code.jquery.com cdnjs.cloudflare.com cdns.eu1.gigya.com cdn.jsdelivr.net gyrocode.github.io connect.facebook.net ; img-src 'self' blob: data: www.google-analytics.com www.yamaha-motor.co.id cdns.eu1.gigya.com img.icons8.com *.yamalubepromo.com www.yamaha-motor.co.jp *.tawk.to cdn.jsdelivr.net tawk.link ; connect-src 'self' wss://*.tawk.to *.tawk.to *.yamalubepromo.com www.google-analytics.com www.googleapis.com accounts.google.com stats.g.doubleclick.net cdns.eu1.gigya.com connect.facebook.net www.facebook.com ; worker-src blob: 'self'; form-action 'self' *.tawk.to; frame-src *.tawk.to *.gigya.com *.google.com *.googleapis.com; 1
default-src 'self'; object-src 'none'; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com www.wiris.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com cdn.cookietractor.com cdn-eu.cookietractor.com https://*.hotjar.com www.wiris.net; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.wiris.net hotjar.io hotjar.com script.hotjar.com about:; connect-src 'self' https://www.pluggakuten.se ws://www.pluggakuten.se wss://www.pluggakuten.se wss://ws.hotjar.com google-analytics.com https://*.google-analytics.com google.com https://*.google.com www.wiris.net wss://ws.hotjar.com hotjar.io https://*.hotjar.io hotjar.com https://*.hotjar.com app.cookietractor.com google.se https://*.google.se https://*.doubleclick.net; ; report-uri https://www.pluggakuten.se/api/errorLogging/csp 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 1
frame-ancestors 'self' www.eands.com.au 1
font-src 'self' data:; img-src 'self' data:; default-src 'unsafe-inline' script-src 'unsafe-eval' https://employwise2.s3.ap-south-1.amazonaws.com https://*.myemploywise.com  https://new.myemploywise.com https://myemploywise.com https://www.smiles.in https://www.chipsoft.in http://www.myemploywise.com https://ssl.google-analytics.com https://beacon.errorception.com https://d36mpcpuzc4ztk.cloudfront.net https://www.google.com https://ps3.pubnub.com https://chat.freshdesk.com https://ps1.pubnub.com https://ps16.pubnub.com https://pubnub.com https://ps19.pubnub.com https://ps5.pubnub.com https://ps12.pubnub.com https://ps18.pubnub.com https://ps17.pubnub.com https://ps2.pubnub.com https://ajax.googleapis.com https://ps13.pubnub.com https://ps8.pubnub.com https://col.site24x7rum.com https://static.site24x7rum.com https://js.braintreegateway.com/v1/braintree.js http://www.adobe.com https://www.myemploywise.com:3000 https://maxcdn.bootstrapcdn.com/font-awesome/2.0/font/ http://code.angularjs.org/1.2.1/angular-animate.js https://cdn.tiny.cloud https://sp.tinymce.com https://www.gstatic.com https://balkangraph.com/export https://ind-balkangraph.azurewebsites.net/api/OrgChartJS https://au-e-balkangraph.azurewebsites.net/api/OrgChartJS https://au-se-balkangraph.azurewebsites.net/api/OrgChartJS https://brs-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-e-balkangraph.azurewebsites.net/api/OrgChartJS https://easia-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-2-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-balkangraph.azurewebsites.net/api/OrgChartJS https://wus-balkangraph.azurewebsites.net/api/OrgChartJS https://w-us-2-balkangraph.azurewebsites.net/api/OrgChartJS https://w-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://w-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://w-c-us-balkangraph.azurewebsites.net/api/OrgChartJS https://us-s-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-n-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-w-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-s-balkangraph.azurewebsites.net/api/OrgChartJS https://s-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://se-asia-balkangraph.azurewebsites.net/api/OrgChartJS https://n-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://kr-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-w-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-e-balkangraph.azurewebsites.net/api/OrgChartJS https://fr-balkangraph.azurewebsites.net/api/OrgChartJS https://balkangraph.com/export/v3 https://unpkg.com/ https://internal.employwise.app/ https://ifsc.razorpay.com/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.reporterlive.com;block-all-mixed-content; 1
default-src https: data: maps.google.com *.doubleclick.net *.googletagmanager.com *.googleapis.com yottlyscript.com hd.koloo.net *.youtube.com *.google-analytics.com cookies.praguebest.cz mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com fonts.gstatic.com 'self' wss://* 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://sparkys.report-uri.com/r/d/csp/enforce 1
connect-src 'self';            script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/;             img-src 'self' https: ;              frame-src 'self' https://youtube.com/ https://www.youtube.com/;            style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://use.fontawesome.com/;            font-src 'self' https://use.fontawesome.com/ data:;            manifest-src 'self';            default-src 'none'; 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.nl *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://maps.googleapis.com simuladores.afi.es https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: openbanksimuladores.afi.es unpkg.com www.googleoptimize.com;  connect-src 'self' *.openbank.nl *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.nl px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com;  media-src 'self' *.openbank.com *.youtube.com; frame-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es *.doubleclick.net blob: openbanksimuladores.afi.es; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es blob: openbanksimuladores.afi.es ;frame-ancestors 'self' api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=antiyoutuber&d=2024-01-23 1
font-src fonts.gstatic.com *.gstatic.com cdn.jsdelivr.net *.sensefuel.live *.almapay.com *.clarity.ms *.cookiebot.com *.facebook.com *.facebook.net https://static.payzen.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com secure.payzen.eu https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widget.trustpilot.com maps.google.com *.clarity.ms *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.doubleclick.net *.sendcloud.sc *.jsdelivr.net https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ js.mollie.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.doubleclick.net *.lorempixel.com *.google.com *.google.be *.gstatic.com *.googleapis.com *.babylux.nl *.babylux.be *.baby-lux.com *.clarity.ms *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.amazonaws.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.mollie.com 'self' data: ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.sensefuel.live *.cloudflare.com *.g.doubleclick.net *.googletagmanager.com *.newrelic.com *.nr-data.net widget.trustpilot.com *.googleapis.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.google.com *.facebook.com *.facebook.net *.cookiebot.com *.pinimg.com *.sendcloud.sc *.jsdelivr.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.avada.io js.mollie.com https://cdnjs.cloudflare.com www.gstatic.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.sensefuel.live *.clarity.ms *.cookiebot.com *.googletagmanager.com *.facebook.com *.facebook.net *.sendcloud.sc *.jsdelivr.net https://static.payzen.eu/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.doubleclick.net *.nr-data.net *.sensefuel.live *.googleapis.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google.com *.pinterest.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://get.geojs.io *.avada.io t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.enamad.ir 1
frame-ancestors 'self' livesale.mnd.cz; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 1231738803.rsc.cdn77.org data: 'self' 'unsafe-inline'; form-action www.facebook.com 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; frame-ancestors 1231738803.rsc.cdn77.org 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://widget.packeta.com https://backup.widget.packeta.com *.google.com *.addthis.com *.pinterest.com *.ladesk.com www.facebook.com view.publitas.com 1231738803.rsc.cdn77.org https://td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.zasielkovna.sk https://files.packeta.com *.openstreetmap.org *.leafletjs.com https://img.youtube.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.google.cz www.facebook.com https://sevt.ladesk.com 1231738803.rsc.cdn77.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.leafletjs.com s7.addthis.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.ladesk.com connect.facebook.net view.publitas.com cdn.jsdelivr.net 1231738803.rsc.cdn77.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com cdn.jsdelivr.net 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; object-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; media-src 1231738803.rsc.cdn77.org https://www.google.sk 'self' 'unsafe-inline'; manifest-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://widget.packeta.com https://backup.widget.packeta.com ekr.zdassets.com/ *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com stats.g.doubleclick.net *.google-analytics.com 1231738803.rsc.cdn77.org https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src 1231738803.rsc.cdn77.org http: https: blob: 'self' 'unsafe-inline'; default-src 1231738803.rsc.cdn77.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 1231738803.rsc.cdn77.org 'self' 'unsafe-inline'; 1
default-src 'self'; img-src https: data:;style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' data.ventesprivees-fr.com 'sha256-DxdO0KMifr4qBxX++GTv0w7cNu8FeArRvitEZf1FSrE='; font-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' data.ventesprivees-fr.com; upgrade-insecure-requests; base-uri 'self'; 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
script-src 'self' https: https://d3e54v103j8qbb.cloudfront.net https://www.googletagmanager.com/ https://cdn.jsdelivr.net https://unpkg.com 1
script-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 1
child-src blob: https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://sibautomation.com https://in-automate.brevo.com https://fonts.gstatic.com https://*.cleverreach.com/ https://*.trustedshops.com http://*.trustedshops.com https://widgets.trustedshops.com https://app-proxy.connect.trustedshops.com https://static-app.connect.trustedshops.com https://www.google.com https://use.fontawesome.com https://cloud-files.crsend.com https://www.google.de https://heidelpay.hpcgw.net; 1
default-src 'self' https://*.conveythis.com https://*.youtube.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://embed.radio.co https://*.sharethis.com https://*.crwdctrl.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://cdn.conveythis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://*.cloudfront.net https://cdn.conveythis.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.sharethis.com; font-src 'self' https://use.typekit.net data:; frame-src 'self' https://*.google.com https://*.youtube.com https://*.sharethis.com https://embed.radio.co; frame-ancestors 'self' 1
default-src 'self' *.google.com www.google-analytics.com stats.g.doubleclick.net www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org ;        script-src 'self' 'unsafe-inline' 'unsafe-eval' *.worlddefenseshow.com *.google.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com snap.licdn.com static.ads-twitter.com *.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com analytics.twitter.com googleads.g.doubleclick.net www.youtube.com tpc.googlesyndication.com tagmanager.google.com https://*.hotjar.com  https://*.hotjar.io https://www.clarity.ms https://wds2024daily.events.lineup.ninja;        style-src 'self' 'unsafe-inline' *.google.com *.worlddefenseshow.com tagmanager.google.com fonts.googleapis.com;        img-src 'self'  *.worlddefenseshow.com *.google.com t.co px.ads.linkedin.com px4.ads.linkedin.com *.googletagmanager.com https://WWW.linkedin.com *.google-analytics.com  i.ytimg.com *.g.doubleclick.net googleads.g.doubleclick.net data: www.gravatar.com umbraco.tv p.adsymptotic.com  analytics.twitter.com *.analytics.google.com www.gstatic.com ssl.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  https://*.hotjar.com  https://*.hotjar.io https://www.circdatasa.com/ eaprodcdn.azureedge.net https://c.clarity.ms https://c.bing.com;        font-src 'self' *.worlddefenseshow.com fonts.gstatic.com  https://*.hotjar.com https://*.hotjar.io;       media-src 'self' *.worlddefenseshow.com;        connect-src 'self' *.worlddefenseshow.com *.google.com *.google-analytics.com cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://z.clarity.ms/collect https://r.clarity.ms/collect https://e.clarity.ms/ *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com px.ads.linkedin.com *.clarity.ms;         frame-src 'self' *.worlddefenseshow.com www.youtube.com https://td.doubleclick.net/ *.google.com bid.g.doubleclick.net *.youtube-nocookie.com tpc.googlesyndication.com aax-eu.amazon-adsystem.com cdn.visioglobe.com creativecdn.com https://*.hotjar.com https://*.hotjar.io http://marketing.worlddefenseshow.com https://wds2024daily.events.lineup.ninja; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.google.com maps.googleapis.com fonts.gstatic.com fonts.googleapis.com 1
default-src 'self' fonts.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com d3js.org cdn.jsdelivr.net cdnjs.cloudflare.com https://code.jquery.com/jquery-3.2.1.min.js; img-src data: 'self' blob: www.gravatar.com secure.gravatar.com raw.githubusercontent.com https://media0.giphy.com https://media1.giphy.com https://media2.giphy.com https://media3.giphy.com https://media4.giphy.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://mailfoogae.appspot.com https://chart.googleapis.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css; font-src data: 'self' fonts.gstatic.com s3.amazonaws.com cdn.jsdelivr.net; frame-src 'self' https://jiraplugin.zendesk.com/; frame-ancestors 'self'; connect-src https://api.giphy.com https://zulip.esss.co https://pingback.giphy.com https://eden.esss.co https://*.esss.co 'self' wss://*.esss.co https://marketplace.atlassian.com;  report-uri /opnsense-report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https://427945.tctm.xyz https://googleads.g.doubleclick.net https://cdn.livechat-files.com https://www.googleadservices.com https://connect.facebook.net https://*.crazyegg.com https://*.sitefinity.com https://*.simpli.fi https://*.mdhv.io *.superiorcu.com wss://*.hotjar.com https://cor-web.mahalocloud.org/ https://link.zixcentral.com https://www.stickleyonsecurity.com  https://insight.adsrvr.org  https://connect.facebook.net https://js.adsrvr.org https://www.nadaguideswindowlink.com https://b2b.nada.com/ https://www.nadaguidesstore.com/ https://www.iheart.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://clients.lk-cs.com https://lkcsunix.com https://*.lk-cs.com https://*.livechatinc.com; frame-ancestors 'self' https://www.youtube.com; 1
script-src-elem * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' about: *.csr-in-deutschland.de  www.etracker.de *.bmas.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org tagmanager.google.com *.googletagmanager.com openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.twitter.com *.twimg.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org *.etracker.com *.etracker.de https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js about: ; object-src 'self'; connect-src 'self' *.etracker.com *.etracker.de streaming.bmas.de; font-src 'self' data: *.podigee.com; media-src 'self' blob: *.youtube.com *.csr-in-deutschland.de streaming.bmas.de; child-src *.google.com cdn.consentmanager.net *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com *.podigee.com *.bmbf.de cdn.jwplayer.com vimeo.com *.video-stream-hosting.de; img-src 'self' data: *.google.com *.gstatic.com fonts.googleapis.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com  *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.delivery.consentmanager.net about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org; frame-src 'self' *.delivery.consentmanager.net *.consentmanager.net; frame-ancestors 'self' *.facebook.com 1
base-uri 'self';connect-src https://api.parkingsnap.com https://translate.googleapis.com https://www.google-analytics.com https://*.amazonaws.com 'self' https://pci-connect.squareupsandbox.com https://pci-connect.squareup.com https://translate.google.com https://squareup.com;default-src *;font-src 'self' https://fonts.gstatic.com https://d1g145x70srn7h.cloudfront.net;frame-src 'self' https://www.trustedsite.com https://www.google.com https://*.formsite.com https://sandbox.web.squarecdn.com https://connect.squareupsandbox.com https://web.squarecdn.com https://connect.squareup.com;form-action 'self';img-src https://www.google.com https://www.google-analytics.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://code.jquery.com https://cdn.ywxi.net blob: 'self' data: 'self' https://translate.googleapis.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com;media-src 'none';object-src 'self' blob:;script-src 'nonce-65af12120878c' 'sha256-BzSkwrbmVvu16J6kfuW+7EvY54W4ed74Mae3NSsoJQQ=' 'sha256-NNiElek2Ktxo4OLn2zGTHHeUR6b91/P618EXWJXzl3s=' 'sha256-rRMdkshZyJlCmDX27XnL7g3zXaxv7ei6Sg+yt4R3svU=' 'unsafe-hashes' 'self' https://translate-pa.googleapis.com https://www.trustedsite.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com  https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://oss.maxcdn.com https://cdn.ywxi.net https://*.amazonaws.com https://*.formsite.com https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://js.squareupsandbox.com https://nd.squarecdn.com https://js.squareup.com;style-src 'self' https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://translate.googleapis.com https://translate.google.com; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.seva.org/site/XFrameViolation 1
frame-ancestors 'self' https://*.habitat.ca https://habitat.ca 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b5ce0ac8f98d59acdb84eaf7054179f6'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-2HEyGvD3YGlELXHVYQLxXw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.mx/report-uri/enforce 1
frame-ancestors support.unionepro.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com 'unsafe-eval' www.youtube.com player.vimeo.com fast.wistia.com static.cloudflareinsights.com www.googletagmanager.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://*.cloudflare.com https://give.unwsp.edu https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.google-analytics.com https://www.googleadservices.com *.journity.com *.licdn.com *.facebook.net; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://fonts.googleapis.com https://give.unwsp.edu maps.googleapis.com *.journity.com; img-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com 2.gravatar.com secure.gravatar.com i.vimeocdn.com fast.wistia.com data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com lastfm.freetls.fastly.net https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://ssl-static.libsyn.com https://*.youtube.com https://www.google.com https://m.media-amazon.com www.google.pl https://*.myktis.com *.journity.com *.libsyn.com https://*.life1019.com https://www.life1071.com *.linkedin.com; font-src 'self' data: https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' vimeo.com pipedream.wistia.com fast.wistia.com distillery.wistia.com embed-cloudfront.wistia.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://give.unwsp.edu *.statik.space wss://myktis.com wss://*.unwsp.edu wss://myfaithmedia.org https://www.google.com https://us-autocomplete-pro.api.smartystreets.com/ https://www.myktis.com/ *.journity.com *.linkedin.com; child-src 'self' www.youtube.com player.vimeo.com https://www.google.com https://*.googlesyndication.com https://*.doubleclick.net *.journity.com; media-src 'self' https://*.streamguys1.com https://*.libsyn.com 1
frame-ancestors 'self' twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.marketo.com https://analytics.twitter.com https://assets.pinterest.com https://apis.google.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://connect.facebook.net https://code.jquery.com https://en.twitter.com https://graph.facebook.com https://googletagmanager.com https://google-analytics.com https://js.facebook.com https://kit.fontawesome.com https://m.youtube.com https://munchkin.marketo.net https://platform.twitter.com https://static.ads-twitter.com https://ssl.google-analytics.com https://t.co https://tagmanager.google.com https://use.fontawesome.com https://vrmgr.worketc.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com *.marketo.com *.marketo.net ajax.googleapis.com code.jquery.com fonts.googleapis.com platform.twitter.com ton.twimg.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com www.youtube.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.twitter.com connect.facebook.net;worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'self' data:; default-src 'self';img-src 'self' data:; 1
frame-ancestors 'self' https://*.myshopify.com https://admin.shopify.com 1
default-src blob: https:; font-src https: data:; img-src blob: data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; 1
default-src 'self' *.sessioncam.com *.cloudfront.net; script-src *.cloudfront.net *.sessioncam.com *.hypemarks.com *.krxd.net 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://www.gstatic.com *.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com *.gigya.com https://bv.js  *.bazaarvoice.com *.amazonaws.com *.adimo.co *.iesnare.com *.polyfill.io *.cdns.eu1.gigya.com https://cdns.eu1.gigya.com *.gigya.com *.nescafe.com *.sitepreview.ws *.nestle.co.uk *.nestle.com *.pinimg.com *.salesforceliveagent.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.amazon-adsystem.com *.yimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.use.fontawesome.com *.bazaarvoice.com *.fontawesome.com *.adimo.co *.nestle.co.uk *.nestle.com *.fonts.net *.amazonaws.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com; img-src *.cloudfront.net *.sessioncam.com *.google.co.in *.nestle.co.uk 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com be.factory.nescafe.com belgium.nestlebeverages.acsitefactory.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.stage4.factory.nescafe.com *.nescafe.com *.adimo.co *.pinterest.com *.force.com *.smababy.co.uk *.cookielaw.org *.onetrust.com *.cookiepro.com *.googletagmanager.com *.rlcdn.com *.yahoo.com *.google.es; media-src 'self' *.amazonaws.com; frame-src *.cloudfront.net *.sessioncam.com *.doubleclick.net 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com www.google.com *.krxd.net www.facebook.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk https://login-eu.nescafe.com/ *.force.com *.baby2body.com *.salesforce.com *.amazon-adsystem.com *.pinterest.com; frame-ancestors 'self'; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com ; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.fonts.net *.sfdcstatic.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.bazaarvoice.com *.evidon.com *.g.doubleclick.net *.nestle-brands.co.uk *.nr-data.net https://api.experianmarketingservices.com/sync/queryresult/EmailValidate/1.0/10773728-4c4d-43e6-959a-dd3889366f85  https://login-eu.nescafe.com/ *.edq.com *.pinterest.com *.cs88.force.com *.secure.force.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.google.com *.yimg.com *.facebook.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; 1
frame-ancestors 'self' *.ndncollective.org *.ndncollective.test; 1
default-src 'self'; frame-src *; connect-src *; img-src * data: blob:; manifest-src 'self'; media-src * data:; object-src 'none'; script-src 'self' 'nonce-XLtRrZwVGtujCchx42ArRA=='; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 1
default-src 'self'; connect-src 'self' https://www.googletagmanager.com https://cognito-identity.eu-west-2.amazonaws.com/ https://sts.eu-west-2.amazonaws.com/ https://dataplane.rum.eu-west-2.amazonaws.com/ https://www.google.com/ https://bat.bing.com  https://www.google-analytics.com https://adservice.google.com https://stats.g.doubleclick.net https://www.snapengage.com https://bam.eu01.nr-data.net https://region1.google-analytics.com https://v.clarity.ms https://analytics.tiktok.com https://ct.pinterest.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://d1jmvtsb5r6qz4.cloudfront.net https://platform.twitter.com https://tagmanager.google.com https://fonts.googleapis.com/ https://ton.twimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d1jmvtsb5r6qz4.cloudfront.net https://client.rum.us-east-1.amazonaws.com https://amplify.outbrain.com https://tr.outbrain.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://s.ytimg.com https://bat.bing.com https://www.youtube.com https://platform.twitter.com https://cdn.syndication.twimg.com https://tagmanager.google.com https://fonts.googleapis.com https://connect.facebook.net https://storage.googleapis.com/code.snapengage.com/js/ https://www.snapengage.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://tpc.googlesyndication.com https://www.clarity.ms https://analytics.tiktok.com https://s.pinimg.com https://sc-static.net https://tr.snapchat.com; img-src 'self' data: https://www.asktheanswer.com https://psychic.hostnetuc.com https://d1jmvtsb5r6qz4.cloudfront.net https://d13uwc2jia4x1e.cloudfront.net  https://connect.facebook.net https://www.googleadservices.com https://tr.outbrain.com https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://www.gstatic.com https://ssl.gstatic.com https://www.facebook.com https://www.snapengage.com https://ton.twimg.com https://c.clarity.ms https://ct.pinterest.com https://tr.snapchat.com; frame-src https://streaming.veristream.co.uk https://devscratch.hostnetuc.com https://scratch.hostnetuc.com https://www.google.com https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://ct.pinterest.com https://tr.snapchat.com; font-src 'self' https://d1jmvtsb5r6qz4.cloudfront.net https://fonts.gstatic.com https://sc-static.net/font/ data:; media-src 'self' https://d1jmvtsb5r6qz4.cloudfront.net https://carousel.hostnetuc.com https://www.snapengage.com ; object-src http://www.youtube.com ; frame-ancestors 'none' ; form-action 'self' https://pp.hostnetuc.com https://ps.hostnetuc.com https://devpaypal.hostnetuc.com https://paypal.hostnetuc.com https://cc.hostnetuc.com https://www.paypal.com https://www.sandbox.paypal.com https://pay.test.netbanx.com https://syndication.twitter.com https://platform.twitter.com https://pay.netbanx.com https://www.facebook.com ;upgrade-insecure-requests ; block-all-mixed-content; 1
frame-src 'self' youtu.be youtube.com www.youtube.com vimeo.com www.vimeo.com hubspot.com forms.hsforms.com js.hsforms.net hsforms.com; frame-ancestors 'self'; 1
script-src 'self' https://js.stripe.com https://maps.googleapis.com https://app.posthog.com; worker-src 'strict-dynamic' 1
default-src 'none': img-src 'self' data: https://cdn.lnmarkets.com: font-src 'self': object-src 'none': manifest-src 'self': frame-ancestors 'self': base-uri 'self': worker-src 'none': media-src 'self': child-src 'self': connect-src 'self' wss://api.lnmarkets.com https://api.lnmarkets.com https://cdn.lnmarkets.com *.tradingview-widget.com *.tradingview.com https://lightning.engineering wss://mailbox.terminal.lightning.today: frame-src *.tradingview.com *.tradingview-widget.com: script-src 'self' 'unsafe-eval' *.tradingview.com *.tradingview-widget.com: style-src 'self' 'unsafe-inline' *.tradingview.com *.tradingview-widget.com: form-action 'self' *.lnmarkets.com; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.rawgit.com *.newrelic.com *.nr-data.net *.mrlender.com *.typekit.net *.facebook.net  *.reviews.co.uk *.mouseflow.com *.google.co.uk *.google.com *.googletagservices.com *.googlesyndication.com *.livechatinc.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://larutadelgin.com/ https://integrationssite.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/:1 *.sleeknote.com; worker-src blob: 'self' 1
frame-src 'self' *.spotify.com videotorium.hu *.videotorium.hu *.vimeo.com *.youtube.com *.google.com; child-src 'self' *.spotify.com videotorium.hu *.videotorium.hu *.vimeo.com *.youtube.com *.google.com; report-uri /report-csp-violation 1
upgrade-insecure-requests;script-src 'self';connect-src 'self' blob: https://yokai.cafe wss://yokai.cafe;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://cutie.city 'wasm-unsafe-eval'; font-src 'self' https://cutie.city; img-src 'self' data: blob: https://cutie.city https://media.cutie.city; style-src 'self' https://cutie.city 'nonce-ocdCk8voPqqwzl329M3oDQ=='; media-src 'self' data: https://cutie.city https://media.cutie.city; frame-src 'self' https:; child-src 'self' blob: https://cutie.city; worker-src 'self' blob: https://cutie.city; connect-src 'self' blob: data: wss://cutie.city https://cutie.city https://media.cutie.city; manifest-src 'self' https://cutie.city; form-action 'self' 1
default-src 'self' https://www.ravenpack.com https://ravenpack.com ; font-src 'self' https://fonts.gstatic.com  data: https://js.intercomcdn.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/fonts/ ; frame-src https://www.googletagmanager.com https://www.youtube.com/ https://player.vimeo.com/ https://www.google.com https://coronavirus.ravenpack.com https://optimize.google.com https://plotly.com/ https://chart-studio.plotly.com http://html5-player.libsyn.com/ https://td.doubleclick.net/ ; object-src  ; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://ajax.googleapis.com https://code.jquery.com webpack: https://widget.intercom.io http://www.googleadservices.com 'unsafe-inline' https://js.intercomcdn.com https://cdn.jsdelivr.net https://gist.github.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net/pagead/ https://snap.licdn.com https://www.gstatic.com/charts/ https://player.vimeo.com/ https://www.youtube.com/ https://sc.lfeeder.com/ https://extend.vimeocdn.com/ga/ https://bat.bing.com/ https://www.clarity.ms/ https://cdn.plot.ly/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ ; worker-src https://ravenpack.com https://www.ravenpack.com ; img-src 'self' data: https://ravenpack.com https://www.ravenpack.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://static.intercomassets.com https://www.google.es/ads/ https://www.google.es/pagead/ https://px.ads.linkedin.com https://googleads.g.doubleclick.net/pagead/ https://i.vimeocdn.com/ https://tr.lfeeder.com/ https://optimize.google.com https://bat.bing.com/ https://c.clarity.ms/ ; style-src 'self' https://ravenpack.com https://www.ravenpack.com 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://github.githubassets.com https://cdn.jsdelivr.net https://code.jquery.com https://www.gstatic.com/charts/ https://optimize.google.com ; media-src 'self' https://js.intercomcdn.com/audio/ ; connect-src 'self' https://ravenpack.com https://www.ravenpack.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://region1.google-analytics.com/ https://cs.lf-discover.com/companies/ https://cdn.linkedin.oribi.io/ https://www.gstatic.com/charts/ https://bat.bing.com/ https://analytics.google.com/ https://region1.analytics.google.com/g/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://px.ads.linkedin.com/wa/ https://a.clarity.ms/collect https://b.clarity.ms/collect https://c.clarity.ms/collect https://d.clarity.ms/collect https://e.clarity.ms/collect https://f.clarity.ms/collect https://g.clarity.ms/collect https://h.clarity.ms/collect https://i.clarity.ms/collect https://j.clarity.ms/collect https://k.clarity.ms/collect https://l.clarity.ms/collect https://m.clarity.ms/collect https://n.clarity.ms/collect https://o.clarity.ms/collect https://p.clarity.ms/collect https://q.clarity.ms/collect https://r.clarity.ms/collect https://s.clarity.ms/collect https://t.clarity.ms/collect https://u.clarity.ms/collect https://v.clarity.ms/collect https://w.clarity.ms/collect https://x.clarity.ms/collect https://y.clarity.ms/collect https://z.clarity.ms/collect ; report-uri  ; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; child-src blob: feed.pghub.io pandg.tapad.com ; media-src * 'self' data: https: blob: ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: https: ; frame-src * ; 1
default-src 'self' https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https: wss:;style-src 'self' https: 'unsafe-inline';object-src 'none';frame-ancestors 'self' https://*.byggtjanst.net/ https://*.byggtjanst.se/ 1
frame-ancestors 'self' https://www.googletagmanager.com 1
defalut-src 'self' 1
script-src 'nonce-d50643521f' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'self';  default-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'self';  script-src-elem 'unsafe-inline'   data:  https://www.analogic.com https://fonts.googleapis.com/ https://fonts.gstatic.com/  https://www.analogic.com/ https://www.googletagmanager.com/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://d.bablic.com/ https://c.bablic.com/  https;  object-src 'none';  base-uri 'none';  child-src  'unsafe-inline'   data:  https://www.analogic.com https://fonts.googleapis.com/ https://fonts.gstatic.com/  https://www.analogic.com/ https://www.googletagmanager.com/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://d.bablic.com/ https://c.bablic.com/  https;  style-src  'unsafe-inline'   data:  https://www.analogic.com https://fonts.googleapis.com/ https://fonts.gstatic.com/  https://www.analogic.com/ https://www.googletagmanager.com/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://d.bablic.com/ https://c.bablic.com/  https;  font-src 'self'   data:  https://www.analogic.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ ;   img-src 'self'    data:  https://www.analogic.com https://fonts.googleapis.com/ https://fonts.gstatic.com/  https://www.analogic.com/ https://www.googletagmanager.com/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://d.bablic.com/ https://c.bablic.com/ ;    report-uri https://www.analogic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com  https://apis.google.com https://www.youtube.com/iframe_api https://s.ytimg.com https://www.youtube.com https://images.mediapro.es https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cloud.typography.com https://images.mediapro.es https://fonts.googleapis.com/css https://mediapro.tv ; font-src 'self' data: blob: https://cloud.typography.com https://fonts.gstatic.com https://mediapro.tv  ; img-src data: blob: * ; media-src 'self' https://www.youtube.com https://youtu.be https://dzyzmb8ilclc3.cloudfront.net https://dxscqeuo31lkw.cloudfront.net https://d204m9ybsjjrnz.cloudfront.net https://urlmaker.overon.es https://www.youtube-nocookie.com 1
img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; 1
default-src 'self'; base-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self' data:; object-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' data: *.gstatic.com *.visualwebsiteoptimizer.com *.google-analytics.com *.hotjar.com *.pixelg.adswizz.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://www.googleadservices.com https://*.trackduck.com http://*.googletagmanager.com http://*.doubleclick.net http://*.visualwebsiteoptimizer.com http://www.gstatic.com http://bat.bing.com https://pixelg.adswizz.com http://*.gigg.com; style-src 'self' 'unsafe-inline' https http://fonts.googleapis.com https: http://hello.myfonts.net; img-src 'self' blob: data: https: *.gravatar.com http://*.visualwebsiteoptimizer.com http://bat.bing.com; font-src 'self' data: https:; connect-src 'self' https://app.trackduck.com wss://app.trackduck.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com http://*.visualwebsiteoptimizer.com *.hotjar.com *.google-analytics.com https://pixelg.adswizz.com https://loadus.exelator.com http://*.gigg.com https://cdn.linkedin.oribi.io https://script.crazyegg.com https://analytics.google.com https://www.google.ca https://adservices.google.com; media-src 'self' https:; object-src 'self'; frame-src 'self' https://app.five9.com/ https://trios.lifecyclesystems.com/ https://mobials.com https://www.youtube.com https://player.vimeo.com https://vimeo.com https://pr.easypromosapp.com/ https://www.google.com https://www.eventbrite.ca https://www.eventbrite.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://bid.g.doubleclick.net https://*.visualwebsiteoptimizer.com *.hotjar.com https://sketchfab.com/ https://12089624.fls.doubleclick.net https://td.doubleclick.net; form-action 'self' https:; report-uri https://df20e771691f9b03eab387e2cb951226.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' https://*.lexus.fi https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' https://api.wpa.org.uk https://apikeys.civiccomputing.com www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://region1.google-analytics.com webchat.botframework.com/api/tokens directline.botframework.com wss://directline.botframework.com maps.googleapis.com https://mcs.us1.twilio.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.eu wss://tsock.us1.twilio.com/v3/wsconnect; img-src 'self' data: blob: https://www.google-analytics.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.eu https://qa-cdn-talkdesk.talkdeskdev.com www.google.com stats.g.doubleclick.net seal.websecurity.norton.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com https://i.vimeocdn.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://lh3.ggpht.com/ https://streetviewpixels-pa.googleapis.com/ https://cdn.jsdelivr.net https://media.us1.twilio.com; media-src 'self'; object-src 'self'; child-src 'self' secure.encoded.co.uk www.youtube.com player.vimeo.com https://talkdeskchatsdk.talkdeskapp.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://talkdeskchatsdk.talkdeskapp.com; frame-ancestors 'none'; upgrade-insecure-requests ; script-src 'sha256-SPFlHRhQXdKKQDDIknbm37pERhKVHOnnAIR+usf7odo=' 'self' 'self' 'nonce-live-chat-starter-commercial' 'nonce-live-chat-starter-retail' 'nonce-live-chat-starter-hp' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' cc.cdn.civiccomputing.com www.googletagmanager.com www.google-analytics.com js.monitor.azure.com/scripts/b/ai.2.min.js talkdeskchatsdk.talkdeskapp.com use.typekit.net az416426.vo.msecnd.net/scripts/b/ai.2.min.js cdn.botframework.com/botframework-webchat/latest/webchat.js maps.googleapis.com 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com/ https://api.reciteme.com/; style-src 'self' 'unsafe-inline' https://api.reciteme.com/; img-src 'self' https://cdn.myclarionhousing.com https://api.reciteme.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ data: https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com/ https://maps.gstatic.com https://maps.googleapis.com; connect-src 'self' https://apikeys.civiccomputing.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://vc.hotjar.io/ https://clariontest.boost.ai/ https://api.puzzel.com/ https://stats.reciteme.com/  https://api.reciteme.com/ https://clapi.civiccomputing.com/ https://analytics.google.com/ https://metrics.hotjar.io/ https://clapi.civiccomputing.com/ https://clarionhousing.boost.ai/ https://org0d996371-crm11.omnichannelengagementhub.com/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.google.co.uk/ https://maps.googleapis.com; font-src 'self' https://api.reciteme.com/  https://fonts.gstatic.com; media-src 'self' https://cdn.myclarionhousing.com https://api.reciteme.com/; frame-src https://www.youtube.com/ https://td.doubleclick.net/ https://www.facebook.com/ https://oc-cdn-public-gbr.azureedge.net/; frame-ancestors https://api.reciteme.com/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://static.hotjar.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://script.hotjar.com/ https://www.googleadservices.com/ https://euwa.puzzel.com/ https://clariontest.boost.ai/ https://api.reciteme.com/ https://www.youtube.com/ https://clarionhousing.boost.ai/ https://oc-cdn-public-gbr.azureedge.net/ https://maps.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://script.hotjar.com/ https://www.googleadservices.com/ https://euwa.puzzel.com/ https://cc.cdn.civiccomputing.com/ https://api.reciteme.com/ https://oc-cdn-public-gbr.azureedge.net/ https://fonts.googleapis.com; 1
default-src  'self' 'unsafe-inline'; font-src data: 'self'; child-src  'self'; connect-src https://*.google-analytics.com/ https://*.readspeaker.com/ https://*.tkbc.nl https://www.google-analytics.com/ 'self'; frame-src https://geoweb.oss.nl/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com 'self'; frame-ancestors  'self'; img-src https://img.youtube.com/ https://*.google-analytics.com/ 'self' data:; media-src  'self'; object-src  'self'; script-src https://cdn1.readspeaker.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.readspeaker.com/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.qualtrics.com https://*.crazyegg.com https://*.cybersource.com https://*.googleoptimize.com https://*.clarity.ms;  img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.google-analytics.com https://*.opentext.com https://*.qualtrics.com; font-src 'self' https://*.gstatic.com data:;style-src 'self' 'unsafe-inline' https://*.googleapis.com;worker-src blob: 1
frame-src 'self' *.amazon.de *.cookiebot.com *.criteo.com *.email.schoeffel.com *.google.com *.hotjar.com *.hotjar.io *.komoot.de *.paypal.com *.pi-asp.de *.podigee-cdn.net *.prismic.io *.riddle.com productfinder.schoeffel.com schoeffel-lowa.de *.schoeffel-teamwear.de *.vimeo.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.3dvista.com *.net-fs.com; upgrade-insecure-requests; 1
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://consumersupport.pg.com https://ct.pinterest.com https://tr.snapchat.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com https://ct.pinterest.com https://tr.snapchat.com https://googleads.g.doubleclick.net https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com https://cdn.rpxnow.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com https://script.crazyegg.com https://quilt-cdn.janrain.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://rpxnow.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://script.crazyegg.com https://widget-cdn.rpxnow.com https://*.cloudfront.net https://c.lytics.io feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
frame-ancestors *.apotheka.ee 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors self https:; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' wss://socket.linkhub.co.kr https://pay.linkhub.co.kr https://partner.linkhub.co.kr https://partner.popbill.com https://www.linkhub.co.kr https://blog.linkhub.co.kr https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://d17ecin4ilxxme.cloudfront.net https://127.0.0.1:17107;frame-ancestors 'none'; 1
script-src 'self' *.googletagmanager.com 'unsafe-eval' *.analytics.google.com *.google-analytics.com stadtmuseum-berlin.matomo.cloud; connect-src 'self' *.algolia.net *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net stadtmuseum-berlin.matomo.cloud; object-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at www.pflegeinfo-ooe.at *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at *.jquery.com; style-src 'self' 'unsafe-inline' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at *.cloudflare.com; frame-ancestors *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';worker-src blob: https://*.ampproject.org/* https://*.gstatic.com/* https://*.addthis.com/* *.zohopublic.com/* https://*.zohocdn.com/* https://*.zoho.com/* 1
frame-ancestors 'self'; report-uri https://airshoppen.report-uri.com/r/d/csp/enforce; report-to default 1
frame-ancestors 'self' revistamedica.com 1
frame-ancestors 'self' https://admin.theatretokens.com 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; 1
connect-src 'self' *.googleapis.com *.clarity.ms bat.bing.com stats.g.doubleclick.net *.affirm.com www.facebook.com www.google-analytics.com *.google.com web.facebook.com; font-src 'self' data: www.affirm.com fonts.gstatic.com svcs.tql.com www.clearplay.com; form-action 'self' *.paypal.com; frame-src *.affirm.com bid.g.doubleclick.net www.google.com www.youtube.com pwm-image.trendmicro.com; img-src 'self' *.clarity.ms *.bing.com data: googleads.g.doubleclick.net www.google-analytics.com *.google.com *.nexcesscdn.net www.googletagmanager.com *.gstatic.com www.facebook.com log.pinterest.com www.shopperapproved.com cdn.honey.io i.ytimg.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.clarity.ms bat.bing.com *.affirm.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.shopperapproved.com *.nexcesscdn.net www.google.com www.gstatic.com *.googleapis.com dv0akt2986vzh.cloudfront.net www.furniturecart.com rialto-gms.s3.amazonaws.com; script-src 'unsafe-eval' 'unsafe-inline' bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.nexcesscdn.net www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com cdn1.affirm.com 'self' connect.facebook.net *.googleapis.com tpc.googlesyndication.com www.shopperapproved.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.nexcesscdn.net *.googleapis.com; child-src bid.g.doubleclick.net www.google.com www.youtube.com www.affirm.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com data: *.nexcesscdn.net www.google-analytics.com www.googletagmanager.com *.google.com *.affirm.com *.doubleclick.net 'self' www.googleadservices.com *.facebook.net *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.nexcesscdn.net cdn1.affirm.com *.googleapis.com; object-src 'self' www.youtube.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.spreadshirt.de https://www.spreadshirt.net https://ludwig-fresenius-schulen.myspreadshop.de https://www.clarity.ms/ https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu https://www.google-analytics.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://www.campusleads.de https://maps.googleapis.com https://*.google.com https://chat.ludwig-fresenius.de https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://bat.bing.com www.campusleads.de; object-src 'none'; style-src 'self' https://www.spreadshirt.de https://ludwig-fresenius-schulen.myspreadshop.de https://chat.ludwig-fresenius.de https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://uct.service.usercentrics.eu https://image.spreadshirtmedia.net https://prd-sql.ludwig-fresenius.de/ https://app.usercentrics.eu https://maps.google.com http://img.youtube.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://www.google.de https://www.google.com https://www.google.pl https://cx.atdmt.com https://chat.ludwig-fresenius.de data: https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com https://bat.bing.com; media-src 'self'; connect-src 'self' https://*.clarity.ms https://aggregator.service.usercentrics.eu https://maps.googleapis.com https://api.spreadshirt.net https://www.spreadshirt.de https://ludwig-fresenius-schulen.myspreadshop.de https://stats.g.doubleclick.net https://consent-api.service.consent.usercentrics.eu https://graphql.usercentrics.eu https://prd-sql.ludwig-fresenius.de https://*.clarity.ms https://privacy-proxy.usercentrics.eu https://api.usercentrics.eu wss://www.campusleads.de; font-src 'self' fonts.gstatic.com; 1
dpu.edu.in ajax.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com blogs.dpuerp.in dpu.edu.in gbsrc.dpu.edu.in google.com youtube.com *dpu.edu.in *.dpuerp.in *.googleapis.com *.bootstrapcdn.com; 1
default-src 'self' https://www.google-analytics.com *.google-analytics.com https://analytics.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mktdplp102cdn.azureedge.net/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.bray.com snap.licdn.com *.sharethis.com *.facebook.com bray.com *.brayfrontdoor.azurefd.net *.bray-frontdoor.azurefd.net debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com braycom.mpeasylink.com analytics.convertlanguage.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://documentcloud.adobe.com/view-sdk/main.js https://documentcloud.adobe.com/ https://www.clarity.ms/ *.dynamics.com/ https://braycdn.azureedge.net/ https://sitefinityhttplogs.blob.core.windows.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://maps.googleapis.com/maps/api/ https://analytics.google.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.bray.com bray.com *.brayfrontdoor.azurefd.net *.bray-frontdoor.azurefd.net debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com braycom.mpeasylink.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com https://documentcloud.adobe.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.google.com.mx web.facebook.com www.facebook.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com platform.twitter.com/css/ *.twimg.com data: blob: *.linkedin.com *.googletagmanager.com *.doubleclick.net *.adsymptotic.com bray.com https://platform-cdn.sharethis.com/ https://l.sharethis.com/ debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com analytics.convertlanguage.com https://documentcloud.adobe.com/ https://braycdn.azureedge.net *.dynamics.com/ https://sitefinityhttplogs.blob.core.windows.net/ https://c.clarity.ms/ https://c.bing.com/ https://tse1.mm.bing.net/th/id/OIP.G4dvQDdiYY8L202JaqMbHgHaHa https://upload.wikimedia.org; media-src 'self' data: blob: bray.com debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com https://documentcloud.adobe.com https://braycdn.azureedge.net; frame-src *.sharethis.mgr *.bray.com brayprod.azurewebsites.net www.google.com/ bray.com https://web.microsoftstream.com/ https://c.sharethis.mgr.consensu.org/ https://www.facebook.com/ debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com brayfrontdoor.azurefd.net bray-frontdoor.azurefd.net braycom.mpeasylink.com https://documentcloud.adobe.com/ *.dynamics.com https://t.sharethis.com *.sharethis.com https://td.doubleclick.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.bray.com *.googletagmanager.com *.sharethis.com *.facebook.com bray.com debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com brayfrontdoor.azurefd.net bray-frontdoor.azurefd.net https://documentcloud.adobe.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.bray.com *.googletagmanager.com *.facebook.com bray.com https://l.sharethis.com/ debrayinternational.convertlanguage.com ptbrayinternational.convertlanguage.com esbrayinternational.convertlanguage.com frbrayinternational.convertlanguage.com zsbrayinternational.convertlanguage.com brayfrontdoor.azurefd.net bray-frontdoor.azurefd.net https://www.google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net https://viewlicense.adobe.io/ https://www.clarity.ms/ https://braycrmformularies.azurewebsites.net/ https://d365ce-webapi-wus.azurewebsites.net/ https://sitefinityhttplogs.blob.core.windows.net/ https://countriesnow.space/api/v0.1/countries/states https://countriesnow.space/api/v0.1/countries/state/cities https://countriesnow.space/api/v0.1/countries/flag/images https://countriesnow.space/api/v0.1/countries/codes https://countriesnow.space/api/v0.1/countries/iso https://cdn.linkedin.oribi.io/ https://braycdn.azureedge.net/public/ https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://maps.googleapis.com/ https://www.google.com.mx/ https://px.ads.linkedin.com/wa/ https://contactformfunctionsprod.azurewebsites.net/api/RequestBackup; 1
default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://*.olark.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://undercity.usejimo.com https://karabor-undercity.usejimo.com/project 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://dashboard.rg-supervision.com https://tagmanager.google.com https://fonts.googleapis.com https://*.olark.com; font-src 'self' https://fonts.gstatic.com data: https://*.olark.com; connect-src 'self' https://*.olark.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.ingest.sentry.io wss://*.rg.gg https://login.microsoftonline.com https://karabor-undercity.usejimo.com; frame-src 'self' https://*.olark.com https://www.youtube.com/ https://login.microsoftonline.com https://*.usesjimo.com https://i.usejimo.com/ https://www.usejimo.com/ https://www.google.com; media-src 'self' https://*.olark.com; manifest-src 'self' 1
frame-ancestors *.tryd.com.br; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
frame-ancestors https://*.felles.firma.no:8200/ https://*.felles.firma.no:8080/ https://asptestagresso.public.cloudservices.no/ https://aspagresso.public.cloudservices.no/ https://*.ariba.com/ https://punchoutcommerce.com/ https://*.punchoutcommerce.com/ 'self' 1
child-src 'self' *.youtube.com; connect-src *; default-src 'self' *.google-analytics.com 'unsafe-inline' *.8x8.com; font-src 'self' data:; frame-src 'self' *.youtube.com *.google.com *.8x8.com *.ibm.com; img-src 'self' 'unsafe-inline' data: *.gravatar.com cldup.com s.w.org tickets.demontforthall.co.uk i.ytimg.com *.google-analytics.com *.8x8.com *.ibm.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.civiccomputing.com ajax.googleapis.com mms.sp-prod.net *.googletagmanager.com *.google-analytics.com code.jquery.com *.google.com *.gstatic.com *.gstatic.com *.8x8.com; style-src 'self' 'unsafe-inline' *.8x8.com; 1
script-src 'self' https://d3js.org https://datamaps.github.io https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 1
frame-ancestors 'self' https://*.trinetx.com; 1
connect-src *; frame-ancestors 'self'; form-action 'self' *.facebook.com; object-src *.googlesyndication.com; base-uri 'self' *.moatads.com; style-src 'self' 'report-sample' 'unsafe-inline' *.typekit.net *.google.com *.bing.com a.omappapi.com translate.googleapis.com www.gstatic.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; worker-src 'self' blob: www.google.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-73vHlvCiPXfam98O4pVJDuJd7glaIK/j11kSvtYlAPxOjoRK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bonn.social; img-src 'self' https: data: blob: https://bonn.social; style-src 'self' https://bonn.social 'nonce-inn7ZIpHPsb3CMGMD2OBWw=='; media-src 'self' https: data: https://bonn.social; frame-src 'self' https:; manifest-src 'self' https://bonn.social; form-action 'self'; child-src 'self' blob: https://bonn.social; worker-src 'self' blob: https://bonn.social; connect-src 'self' data: blob: https://bonn.social https://bonn.social wss://bonn.social; script-src 'self' https://bonn.social 'wasm-unsafe-eval' 1
frame-ancestors 'self'; report-uri https://www.nestlecomvoce.com.br/report-uri/enforce 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://www.google.com https://vimeo.com https://www.facebook.com https://platform.twitter.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-NmQ0YjhiMTAtYzNiOC00Y2Q3LTk1ZjEtOTBhZjQzZTY3NGQ0' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://platform.twitter.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-NmQ0YjhiMTAtYzNiOC00Y2Q3LTk1ZjEtOTBhZjQzZTY3NGQ0' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com 'unsafe-inline'  verwijderen nadat obi4wan in standaard is geimplementeerd.; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' googleadservices.com use.mazemap.com walls.io www.googletagmanager.com matomo.cs2.ch www.google-analytics.com www.youtube.com youtube.com player.vimeo.com snap.licdn.com static.zdassets.com connect.facebook.net assets.juicer.io googleads.g.doubleclick.net v2.zopim.com 1
report-to 'self' ; child-src 'self' ; connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; object-src 'self' ; script-src 'self'  'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ;  upgrade-insecure-requests; 1
default-src 'self' dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com heatmap.visualwebsiteoptimizer.com static.zdassets.com afterpay-de-zendesk-ui.enterprisebot.co ekr.zdassets.com afterpaysupportde.zendesk.com wss://afterpaysupportde.zendesk.com *.zopim.com wss://*.zopim.com arvato.connectel.io:4433 blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.my.riverty.io https://js.monitor.azure.com https://az416426.vo.msecnd.net https://bam.nr-data.net https://js-agent.newrelic.com https://crowdin.com cdn.crowdin.com https://cdn.jsdelivr.net https://ajax.aspnetcdn.com *.google-analytics.com https://cdn.afterpay.io dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com heatmap.visualwebsiteoptimizer.com static.zdassets.com afterpay-de-zendesk-ui.enterprisebot.co ekr.zdassets.com afterpaysupportde.zendesk.com myafterpayac.azureedge.net cdn.myafterpay.com cdn.riverty.com cdn.afterpay.io wss://afterpaysupportde.zendesk.com *.zopim.com wss://*.zopim.com consent.cookiebot.com consentcdn.cookiebot.com sofie-afterpay.enterprisebot.co https://www.googletagmanager.com code.jquery.com *.usercentrics.eu connect.facebook.net arvato.connectel.io:4433 https://trasset.bid-prod.technical-service.net/web-assets/riverty-extern-consent.min.js https://analytics.flow.riverty.com https://analytics.paigo.com; style-src 'self' 'unsafe-inline' https://cdn.crowdin.com https://fonts.googleapis.com https://translate.googleapis.com *.visualwebsiteoptimizer.com sofie-afterpay.enterprisebot.co arvato.connectel.io:4433; connect-src 'self' swish://paymentrequest cdn.my.riverty.io https://crowdin.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://bam.nr-data.net *.google-analytics.com https://cdn.afterpay.io cdn.myafterpay.com cdn.riverty.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com  heatmap.visualwebsiteoptimizer.com static.zdassets.com afterpay-de-zendesk-ui.enterprisebot.coo ekr.zdassets.com afterpaysupportde.zendesk.com wss://afterpaysupportde.zendesk.com *.zopim.com wss://*.zopim.com wss://sofie-afterpay.enterprisebot.co sofie-afterpay.enterprisebot.co *.usercentrics.eu arvato.connectel.io:4433 *.technical-service.net https://region1.analytics.google.com https://analytics.flow.riverty.com https://analytics.paigo.com; img-src * 'self' cdn.my.riverty.io https://stats.g.doubleclick.net https://cdn.crowdin.com https://www.gravatar.com *.google-analytics.com https://cdn.afterpay.io dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com heatmap.visualwebsiteoptimizer.com v2assets.zopim.io static.zdassets.com cdn.myafterpay.com cdn.riverty.com afterpay-de-zendesk-ui.enterprisebot.co data:; font-src 'self' https://fonts.gstatic.com sofie-afterpay.enterprisebot.co data:; frame-src 'self' https://crowdin.com *.visualwebsiteoptimizer.com documents.myafterpay.com documents.riverty.com consentcdn.cookiebot.com consent.cookiebot.com sofie-afterpay.enterprisebot.co arvato.connectel.io:4433;media-src arvato.connectel.io:4433 blob: data:;worker-src 'self' blob:; object-src 'self'; 1
script-src 'report-sample' 'nonce-vLEUUkm3hBfIpR-uiJ4oqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src usim.beprod.entresto.com 'self'; style-src usim.beprod.entresto.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' *.doctor.com; script-src usim.beprod.entresto.com unpkg.com kaltura.com *.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.facebook.net medtargetsystem.com *.medtargetsystem.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doctor.com *.healthgrades.com *.googleapis.com *.pmsrv.co cdn.evgnet.com maps.googleapis.com t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com; child-src blob:; worker-src blob:; object-src 'none'; font-src fonts.gstatic.com *.kaltura.com 'self' data: application: *.doctor.com; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com contextweb.com *.contextweb.com medtargetsystem.com *.medtargetsystem.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' *.doctor.com *.healthgrades.com maps.googleapis.com; connect-src usim.beprod.entresto.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com tagmanager.google.com *.tagmanager.google.com googletagmanager.com *.googletagmanager.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.consumerism.pressganey.com *.doctor.com *.healthgrades.com *.googleapis.com *.tealiumiq.com *.tiqcdn.com maps.googleapis.com cloudflareinsights.com; media-src usim.beprod.entresto.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.entresto.com 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://*.c.mad.interhost.com https://*.metrobilbao.eus wss://client.relay.crisp.chat https://*.crisp.chat https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net; img-src 'self' data: https://*.c.mad.interhost.com https://*.metrobilbao.eus https://*.crisp.chat https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://*.googletagmanager.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.plazahomemortgage.com *.mortgagecalculator.org  *.jquery.com  *.google-analytics.com  *.googletagmanager.com  *.googlecode.com  *.googleapis.com  *.polyfill.io https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsleadflows.net  https://js.hs-banner.com  https://js.hs-analytics.net https://snap.licdn.com   1
base-uri 'none'; object-src 'none'; connect-src 'self' cdn.linkedin.oribi.io ws.zoominfo.com www.google-analytics.com region1.google-analytics.com aorta.clickagy.com hemsync.clickagy.com www.facebook.com; script-src-attr 'unsafe-inline'; script-src 'self' 'unsafe-inline' connect.facebook.net snap.licdn.com tags.clickagy.com ws.zoominfo.com www.google.com www.googletagmanager.com www.gstatic.com wasm-eval 'report-sample'; report-uri https://earthreporturi.report-uri.com/r/d/csp/wizard; 1
script-src 'self' 'unsafe-inline' https://*.google.de https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleapis.com https://cdn.ampproject.org https://connect.facebook.net https://*.daswetter.com; frame-ancestors 'self' https://www.ed-live.de https://www.fs-live.de https://www.fm-live.de; object-src 'none'; 1
frame-ancestors 'self' *.solissecurity.com 1
default-src 'self' 'unsafe-inline' https://mar-billpay-api-prod.lexitaslegal.com https://centralus-2.in.applicationinsights.azure.com https://player.vimeo.com https://public-rest42.bullhornstaffing.com https://*.doubleclick.net https://*.google.com https://*.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://bat.bing.com https://api.herefish.com https://geolocation.onetrust.com https://*.gstatic.com https://*.bluemod.me https://cdn.cookielaw.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://js.monitor.azure.com https://player.vimeo.com https://www.gstatic.com https://www.google.com https://recruitingbypaycor.com https://*.lexitaslegal.com https://*.pardot.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://bat.bing.com https://api.herefish.com https://googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://prodstoragemarketing.blob.core.windows.net https://www.googletagmanager.com https://stagestoragemarketing.blob.core.windows.net https://qastoragemarketing.blob.core.windows.net https://*.bing.com https://*.google.com https://*.linkedin.com https://cdn.cookielaw.org https://*.lexitaslegal.com data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com;base-uri; form-action 'self';frame-src 'self' https://lexitaslegal.my.salesforce-sites.com https://middleware-marketing-prod.azurewebsites.net https://recruitingbypaycor.com https://td.doubleclick.net/ https://directory.resolutesystems.com https://*.googletagmanager.com https://*.bluemod.me https://*.google.com https://*.lexitaslegal.com https://middleware-marketing-qa.azurewebsites.net https://*.sharefile.com https://nextgen.secure.force.com https://player.vimeo.com data:;font-src 'self' data: https://*.gstatic.com https://*.bluemod.me https://cdn.cookielaw.org 1
default-src 'self' https: wss: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' fusedeck.net *.fusedeck.net fusedeck.io *.fusedeck.io *.google-analytics.com *.hs-analytics.net  *.facebook.net js.hubspot.com *.hs-banner.com *.hs-scripts.com *.hsforms.net *.cookielaw.org *.hsleadflows.net beacon.sojern.com *.sentry-cdn.com *.switzerlandtravelcentre.com https://api.switzerlandtravelcentre.com/ forms.hubspot.com googleads.g.doubleclick.net googleadservices.com *.googletagmanager.com polyfill.io script.hotjar.com sentry.io v2.zopim; style-src 'self' 'strict-dynamic' 'unsafe-inline' *.fusedeck.net fusedeck.net fusedeck.io *.fusedeck.io cdnjs.cloudflare.com assets.tripbuilder.app fonts.googleapis.com fonts.gstatic.com; font-src 'self' *.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com cdn.app.sbb.ch; img-src * data:; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com webvisor.com 1
default-src 'self' https://*.zopim.com https://*.zopim.io wss://*.zopim.com;connect-src 'self' https://www.sandbox.paypal.com https://www.paypal.com https://www.google-analytics.com https://links.services.disqus.com wss://localhost wss://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com https://brasstrains.sirv.com https://brasstrains.zendesk.com;font-src 'self' https://fonts.gstatic.com https://*.zopim.com https://fonts.gstatic.com data:;frame-src https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://www.facebook.com https://apis.google.com https://accounts.google.com https://www.google.com https://brasstrains.sirv.com https://livestream.com https://disqus.com https://secure.comodo.com;img-src 'self' data: https://test-images.brasstrains.com https://t.paypal.com https://brasstrains.sirv.com https://badges.instagram.com https://instagramstatic-a.akamaihd.net https://ssl.google-analytics.com https://assets.pinterest.com https://www.paypal.com https://secure.gravatar.com https://images.brasstrains.com https://secure.gravatar.com https://i1.wp.com https://referrer.disqus.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://secure.comodo.com https://www.paypalobjects.com https://www.google-analytics.com https://www.googletagmanager.com https://*.zopim.com https://*.zopim.io https://secure.trust-provider.com;media-src 'self' https://*.zopim.com https://static.zdassets.com;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-Z0pFeDVrcU5oWUJMQUJzdHNKWVdPeU9JcUpObjRDVFM=' https://*.paypal.com https://*.paypalobjects.com https://www.sandbox.paypal.com https://apis.google.com https://www.google.com https://www.gstatic.com https://scripts.sirv.com https://widgets.pinterest.com https://assets.pinterest.com https://log.pinterest.com https://brasstrains.sirv.com https://code.highcharts.com https://livestream.com https://disqus.com https://brasstrains.disqus.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://secure.comodo.com https://www.googletagmanager.com https://www.google-analytics.com https://*.zopim.com https://static.zdassets.com https://ekr.zdassets.com ;style-src 'self' 'unsafe-inline' https://scripts.sirv.com https://a.disquscdn.com https://b.disquscdn.com https://c.disquscdn.com https://fonts.googleapis.com;report-uri /Common/CspReport; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://darmstadt.social; img-src 'self' https: data: blob: https://darmstadt.social; style-src 'self' https://darmstadt.social 'nonce-EH+QVynrPaa9or08ktpBUw=='; media-src 'self' https: data: https://darmstadt.social; frame-src 'self' https:; manifest-src 'self' https://darmstadt.social; form-action 'self'; child-src 'self' blob: https://darmstadt.social; worker-src 'self' blob: https://darmstadt.social; connect-src 'self' data: blob: https://darmstadt.social https://darmstadt.social wss://darmstadt.social; script-src 'self' https://darmstadt.social 'wasm-unsafe-eval' 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://widget02.wolkvox.com https://youtube.com https://www.googleadservices.com https://unpkg.com https://www.facebook.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://googleads.g.doubleclick.net https://trackcmp.net https://www.clickcease.com https://bundle.run https://tweetnacl.js.org https://cdn.jsdelivr.net https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://chat01.wolkvox.com https://widget.manychat.com https://referidos.coomeva.com.co https://chat01.ipdialbox.com  https://www.coomeva.com.co https://cdnjs.cloudflare.com https://code.jquery.com https://core.pengi.co https://core.pengi.co:3001 https://digital.coomeva.com.co *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com; img-src 'self' blob: www.googleadservices.com https://unpkg.com https://www.facebook.com connect.facebook.net botai.smartdataautomation.com https://chat01.ipdialbox.com  https://www.coomeva.com.co https://cdnjs.cloudflare.com https://stats.g.doubleclick.net https://placeholdit.imgix.net https://digital.coomeva.com.co https://platform.bluemessaging.net *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com www.googleadservices.com data: www.googleadservices.com botai.smartdataautomation.com *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' www.googleadservices.com https://www.facebook.com botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co https://cdnjs.cloudflare.com http https://digital.coomeva.com.co *.tableau.com https://www.nexura.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co https://*.bootstrapcdn.com; font-src 'self' data: botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co https://cdnjs.cloudflare.com http www.googleadservices.com https://core.pengi.co https://core.pengi.co:3001 https://digital.coomeva.com.co *.tableau.com https://*.bootstrapcdn.com https://www.nexura.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self' www.googleadservices.com https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co  https://cdnjs.cloudflare.com http ; frame-ancestors 'self' www.googleadservices.com https://botai.smartdataautomation.com https://chat01.ipdialbox.com *.tableau.com https://digital.coomeva.com.co; media-src 'self' blob: https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://www.coomeva.com.co  https://cdnjs.cloudflare.com http www.googleadservices.com http://vozme.com https://digital.coomeva.com.co *.tableau.com http://smartlink.cool *.smartlink.cool; 1
style-src 'self' data: 'report-sample' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; report-to production; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: blob: https://*.google-analytics.com https://web-storage.ascentresources.com https://www.googletagmanager.com https://www.gravatar.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://code.jquery.com/jquery-1.11.3.min.js https://code.jquery.com/jquery-migrate-1.2.1.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com; worker-src 'self'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://web-storage.ascentresources.com https://releases.wagtail.org; default-src 'self' https://web-storage.ascentresources.com; frame-src 'self' https://www.google.com; report-uri https://9d223fa0c21171bca21b1685b84555fb.report-uri.com/r/d/csp/enforce 1
report-uri https://www.publicservicedegrees.org 1
upgrade-insecure-requests;style-src 'self' 'nonce-jzpUT5hmpYpmycO';font-src 'self';script-src 'self' 'nonce-jzpUT5hmpYpmycO' ;connect-src 'self' https://crimew.gay wss://crimew.gay ;media-src 'self';img-src 'self' data: blob:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self' player.vimeo.com *.vimeo.com *.slotsmate.com *.youtube.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com/api/player.js *.vimeo.com *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com ajax.googleapis.com;connect-src 'self' stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com *.firebaseio.com vimeo.com *.vimeo.com;img-src 'self' i.vimeocdn.com *.vimeocdn.com *.vimeo.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self'; 1
default-src 'self' data: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://mpsnare.iesnare.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com api.tiles.mapbox.com *.youtube.com *.google.com static.doubleclick.net *.bazaarvoice.com c.lytics.io pghub.io *.pghub.io cdn.segment.com *.pricespider.com *.facebook.net *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com api.tiles.mapbox.com cdn.pricespider.com display.ugc.bazaarvoice.com c.lytics.io feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://www.facebook.com *.doubleclick.net *.bazaarvoice.com *.cookielaw.org display.ugc.bazaarvoice.com *.pricespider.com cdn.pricespider.co yt3.ggpht.com i.ytimg.com network.bazaarvoice.com match.adsrvr.org c.lytics.io pixel.tapad.com images.ctfassets.net *.google-analytics.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.pricespider.com *.mapbox.com *.google.com jnn-pa.googleapis.com *.google.com googleads.g.doubleclick.net *.bazaarvoice.com *.algolia.net cdn.segment.com api.segment.io match.adsrvr.org cdn.cookielaw.org *.google-analytics.com region1.google-analytics.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-src 'self' *.bazaarvoice.com *.doubleclick.net https://www.facebook.com consumersupport.pg.com *.youtube.com pandg.tapad.com feed.pghub.io ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
default-src 'self';   connect-src 'self'     media.deso.org     node.deso.org     amp.deso.org     bithunt.deso.org     bitclout.com:*     api.bitclout.com     bithunt.bitclout.com     https://altumbase.com     localhost:*     explorer.bitclout.com     heroswap.com     https://api.blockchain.com/ticker     https://api.blockchain.com/mempool/fees     https://ka-f.fontawesome.com/     bitcoinfees.earn.com     api.blockcypher.com     amp.bitclout.com     https://videodelivery.net     https://lvpr.tv     https://upload.videodelivery.net;   script-src 'self'     https://kit.fontawesome.com/070ca4195b.js     https://ka-f.fontawesome.com/;   style-src 'self'     'unsafe-inline'     https://fonts.googleapis.com     https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;   img-src 'self'     data:     i.imgur.com     media.deso.org     images.deso.org     images.bitclout.com     quickchart.io     arweave.net     *.arweave.net     *.pearl.app     *.twimg.com     *.redd.it     cloudflare-ipfs.com     *.mypinata.cloud;   font-src 'self'     https://fonts.googleapis.com     https://fonts.gstatic.com     https://ka-f.fontawesome.com;   frame-src 'self'     localhost:*     identity.deso.org     identity.deso.blue     identity.deso.green     identity.deso.run     identity.bitclout.com     identity.bitclout.blue     identity.bitclout.green     heroswap.com     https://geo.captcha-delivery.com     https://www.youtube.com     https://youtube.com     https://player.vimeo.com     https://www.tiktok.com     https://giphy.com     https://open.spotify.com     https://embed-standalone.spotify.com     https://w.soundcloud.com     https://player.twitch.tv     https://clips.twitch.tv     https://mousai.stream     pay.testwyre.com     pay.sendwyre.com     https://lvpr.tv     https://iframe.videodelivery.net;   frame-ancestors 'self'; 1
frame-ancestors 'self';default-src 'self' plentymarkets-cloud-ie.com;img-src 'self' data: plentymarkets-cloud-ie.com cdn02.plentymarkets.com;script-src 'self' 'unsafe-inline' 1
default-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https:; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; worker-src blob:; 1
img-src 'self' *.demandware.net *.commercecloud.salesforce.com *.melitta-group.com *.avoury.com data: https://*.googleapis.com https://*.gstatic.com https://res.cloudinary.com https://*.google-analytics.com https://*.googletagmanager.com *.google.com *.google.de *.google.at *.google.es *.google.com.gh https://msp-portal.visualforce.com https://msp-portal--c.visualforce.com https://msp-portal--stage--c.visualforce.com https://msp-portal--stage--c.sandbox.vf.force.com https://msp-portal--stage.sandbox.lightning.force.com https://msp-portal--stage.sandbox.my.salesforce.com *.pinimg.com *.facebook.com *.facebook.net *.pinterest.com *.doubleclick.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.demandware.net msp-portal--stage.my.salesforce.com msp-portal--stage.sandbox.my.salesforce-sites.com msp-portal.my.salesforce.com msp-portal.my.salesforce-sites.com chat-mps-portal.secure.force.com *.my.salesforce.com *.avoury.com *.force.com d.la2-c1cs-fra.salesforceliveagent.com *.salesforceliveagent.com storage.googleapis.com https://*.googleapis.com https://*.googletagmanager.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://*.google-analytics.com https://www.googleadservices.com *.google.com *.google.de *.google.at *.google.es *.google.com.gh *.outbrain.com *.doubleclick.net *.facebook.com *.facebook.net *.pinimg.com;frame-src 'self' *.hpcgw.net service.force.com *.google.com localhost *.demandware.net *.msp-sfcc.melitta-group.com *.avoury.com *.mobify-storefront.com *.outbrain.com *.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net;connect-src 'self' *.force.com https://*.googleapis.com *.google.com *.avoury.com *.avoury.at https://*.gstatic.com https://api-sandbox.dhl.com https://api.dhl.com https://api.cquotient.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.outbrain.com *.doubleclick.net msp-portal--stage.sandbox.my.salesforce-sites.com msp-portal.my.salesforce.com msp-portal.my.salesforce-sites.com msp-portal--stage.my.salesforce.com *.pinterest.com https://pagead2.googlesyndication.com;media-src 'self' https://res.cloudinary.com;frame-ancestors 'self' localhost *.demandware.net *.msp-sfcc.melitta-group.com *.avoury.com *.mobify-storefront.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://datascripmall.id https://*.youtube.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.metrovaartha.com https://jionewsdev1.jio.ril.com/ https://jionews.com/;block-all-mixed-content; 1
img-src 'self' https: data: https://www.google.com https://www.google-analytics.com https://www.gstatic.com; connect-src 'self' https: *.onetouchreveal.com; script-src 'self'  https: 'sha256-7d1ykDFwyYFJNYMuEgZdTMKw5ZYlscqNAfwWAjmfPY8=' 'sha256-5jLMoJFJF47wm7JtfcOQg9Lel6/OIW6WM9FJaIkHTx4='; style-src 'self' https: 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com; media-src 'self'; font-src 'self' *.gstatic.com *.bootstrapcdn.com; object-src 'none'; frame-src https://www.google.com; default-src 'none'; 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src * blob:; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; frame-ancestors 'self' *.eq5trck.com *.pulsepoint.com; 1
default-src 'none'; img-src 'self' https://spaceapi.kabelsalat.ch; media-src 'self' https://cdn.media.ccc.de; script-src 'self'; style-src 'self'; frame-src 'self' https://www.openstreetmap.org https://media.ccc.de; frame-ancestors https://*.rc3.world https://play.wa.binary-kitchen.de/; base-uri 'self'; form-action 'self'; connect-src 'self' https://spaceapi.kabelsalat.ch 1
frame-ancestors 'self' https://magic.store https://cms.magic.store 1
form-action 'self';object-src 'none' 1
default-src 'none'; font-src 'self'; child-src blob:; img-src * blob: data:; object-src 'none'; script-src blob: 'self'; connect-src 'self' integreat.github.io maps.tuerantuer.org tiles.ehrenamtskarte.app wohnraum.tuerantuer.org sentry.tuerantuer.org *.wohnraum.tuerantuer.org *.integreat-app.de integreat-demo.translatorswithoutborders.org wss://integreat-demo.translatorswithoutborders.org integreat-prod.tuerantuer.org cms.integreat-app.de admin.integreat-app.de; style-src 'self' 'unsafe-inline'; manifest-src 'self'; report-uri https://csp.tuerantuer.org/integreat.app/ 1
script-src 'self' https://fry-it.atlassian.net https://risr-global.atlassian.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src https://publications.sba-research.org https://www.youtube-nocookie.com https://player.vimeo.com https://mailworx.marketingsuite.info; connect-src 'self' https://plausible.io; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://js-agent.newrelic.com https://bam.nr-data.net 1
frame-ancestors 'self' zoo.waw.pl zaksa.pl kkwloclawek.pl gtk.gliwice.pl tzostrovia.pl mks-kalisz.pl; 1
frame-ancestors 'self'; font-src 'self' blob: data: https://fonts.googleapis.com https://fonts.gstatic.com https://kit.fontawesome.com https://ka-p.fontawesome.com https: ; form-action 'self' connect.facebook.net www.facebook.com ; base-uri 'self' 1
default-src 'self'; child-src 'self' https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.troisdorf.de/; connect-src 'self' https://*.digiaccess.org *.b-ite.com https://buergerservice.ionas.de/ https://statistiken2.regioit.de https://www.troisdorf.de/:sa2-search/de/ https://www.troisdorf.de/sa2-endpoint/bwc/rest/053820068068/search; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' *.google.com https://beteiligung.nrw.de https://buergerservice.ionas.de https://geoportal.troisdorf.de/app.php/application/mobile https://geoportal.troisdorf.de/app.php/application/start https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://player.vimeo.com https://troisdorf.beratungsservice-digital.de https://www.outdooractive.com https://www.troisdorf.de/; img-src 'self' data: *.b-ite.com https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://res.oastatic.com https://statistiken2.regioit.de https://tiles.chamaeleon.de https://www.troisdorf.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.digiaccess.org *.b-ite.com https://beteiligung.nrw.de https://player.vimeo.com https://static.b-ite.com/jobs-api/004/api-v4.js https://statistiken2.regioit.de; script-src-elem 'self' 'unsafe-inline' https://*.digiaccess.org *.b-ite.com https://beteiligung.nrw.de https://player.vimeo.com https://static.b-ite.com/jobs-api/004/api-v4.js https://statistiken2.regioit.de https://www.outdooractive.com; script-src-attr 'self' 'unsafe-inline' https://*.digiaccess.org *.b-ite.com https://static.b-ite.com/jobs-api/004/api-v4.js; style-src 'self' 'unsafe-inline' https://*.digiaccess.org *.b-ite.com; style-src-elem 'self' 'unsafe-inline' *.b-ite.com; style-src-attr 'self' 'unsafe-inline' https://*.digiaccess.org; worker-src 'self' blob: https://*.digiaccess.org; report-to main 1
default-src 'self' *.gov.hk *.google-analytics.com *.googleapis.com *.googletagmanager.com; style-src 'self' *.googleapis.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; script-src 'self' *.one.gov.hk *.gov.hk www.gstatic.com www.recaptcha.net *.google-analytics.com *.googleapis.com *.googletagmanager.com www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; img-src 'self' data: *.google-analytics.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; frame-ancestors 'self'; frame-src 'self' www.recaptcha.net; font-src 'self' fonts.gstatic.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; form-action 'self' *.gov.hk *.suntek.com.hk; base-uri 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-ab7440093d9b29e203773ffd52aaf018'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.cookiebot.com fonts.googleapis.com fonts.gstatic.com snap.licdn.com *.google-analytics.com *.googletagmanager.com px.ads.linkedin.com *.youtube.com *.google.com *.myfonts.net *.secura.com *.craftcms.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; 1
default-src *;style-src 'self' 'unsafe-inline' at.alicdn.com *.spzs.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' ynuf.aliapp.org  cf.aliyun.com  *.tdum.alibaba.com *.spzs.com hm.baidu.com hmcdn.baidu.com dlswbr.baidu.com  api.map.baidu.com map.baidu.com aeis.alicdn.com maponline1.bdimg.com g.alicdn.com res.wx.qq.com acodes.b2b.cn;img-src *  data: blob:;worker-src * blob:;media-src 'self' *.spzs.com blob:;font-src 'self' at.alicdn.com; 1
default-src 'self' blob: youtube.com www.youtube.com www.google.com www.facebook.com gleam.io; manifest-src 'self';  base-uri 'self';  form-action 'self' www.facebook.com; font-src 'self' data: 'unsafe-inline' use.typekit.net;  frame-ancestors 'self';  object-src 'none'; media-src 'self' blob: *.radio.co doo4c423eq1l3.cloudfront.net; img-src 'self' blob: data: data: www.facebook.com getstream.imgix.net www.googletagmanager.com googleads.g.doubleclick.net www.google.com www.google.com.uy www.google-analytics.com cdn.shopify.com user-images.githubusercontent.com api.adorable.io picsum.photos i.picsum.photos sb.scorecardresearch.com pubads.g.doubleclick.net complexland-entities.imgix.net js.gleam.io; connect-src 'self' blob: data: *.ingest.sentry.io cdn.cookielaw.org www.google-analytics.com chat-us-east-1.stream-io-api.com public.radio.co unpkg.com auto.vars.com cognito-idp.us-east-1.amazonaws.com complexland.auth.us-east-1.amazoncognito.com o484811.ingest.sentry.io stats.g.doubleclick.net api.permutive.com *.partner.permutive.app cdn.permutive.com doo4c423eq1l3.cloudfront.net www.facebook.com privacyportal.onetrust.com geolocation.onetrust.com botd.fpapi.io 8qt9ka12ssuubn3abvoac7fap.litix.io ib.adnxs.com *.prmutv.co/ wss://chat-us-east-1.stream-io-api.com wss://prod.complexland.com wss://www.complexland.com wss://complexland.com wss://broadcaster-ws.complexland.com; prefetch-src 'self'; worker-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: onesignal.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.youtube.com pubads.g.doubleclick.net cdn.permutive.com cdn.onesignal.com connect.facebook.net sb.scorecardresearch.com onesignal.com wasm-eval widget.gleamjs.io; frame-src 'self' www.facebook.com www.google.com www.youtube.com gleam.io; style-src-elem 'self' blob: data: 'unsafe-inline' use.typekit.net p.typekit.net; style-src 'self' blob: data: 'unsafe-inline' use.typekit.net p.typekit.net; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 1
base-uri 'self'; default-src d138j1c6jn4qpg.cloudfront.net 'self'; script-src 'nonce-aed32b24-d225-42e2-9241-5954f4515322' 'strict-dynamic' https: 'unsafe-inline'; img-src *; style-src d138j1c6jn4qpg.cloudfront.net 'self' 'unsafe-inline'; connect-src 'self' 1
img-src 'self' yastatic.net data: yandex.ru favicon.yandex.net avatars.mds.yandex.net yabs.yandex.ru mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru;default-src 'none';script-src yastatic.net yandex.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru 'nonce-ADlfqyaCkX01ZFBHm75R4A==';style-src yastatic.net 'unsafe-inline';connect-src yandex.ru yabs.yandex.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;child-src mc.yandex.ru mc.yandex.md;report-uri https://csp.yandex.net/csp?project=morda&from=morda.error404.ru&showid=1705976554983408-6287227002223467126-production-balancer-any-yp-sas-73-BAL&h=stable-portal-any-4.sas.yp-c.yandex.net&yandexuid=9946352521705976554&version=2024-01-21-58 1
frame-ancestors 'self' bblonmobile.bangkoklife.com bblonmobilesituat.bangkoklife.com bblonmobileuat.bangkoklife.com *.bangkoklife.com; 1
default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'self'; base-uri 'self'; require-trusted-types-for 'script'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-wBvAkAFBIXYoUK+wSpDQiUvK4+ypMBjH7z06jqgzPiwb48QH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.santanderforintermediaries.co.uk ajax.googleapis.com ssl.google-analytics.com 2235688.fls.doubleclick.net cdn.mouseflow.com *.youtube.com *.ytimg.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com *.doubleclick.net;    script-src 'unsafe-inline' 'unsafe-eval' www.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com code.jquery.com *.santanderforintermediaries.co.uk;    style-src 'self' 'unsafe-inline' *.santanderforintermediaries.co.uk *.google.com *.googleapis.com *.googletagmanager.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zug.network; img-src 'self' https: data: blob: https://zug.network; style-src 'self' https://zug.network 'nonce-dagU9RIGEcaHdbz1atleLw=='; media-src 'self' https: data: https://zug.network; frame-src 'self' https:; manifest-src 'self' https://zug.network; form-action 'self'; child-src 'self' blob: https://zug.network; worker-src 'self' blob: https://zug.network; connect-src 'self' data: blob: https://zug.network https://zug.network wss://zug.network; script-src 'self' https://zug.network 'wasm-unsafe-eval' 1
frame-ancestors https://www.usetreno.cz https://acc.usetreno.cz https://www.online-pojisteni.cz http://www.cestovani-po-usa.cz https://www.topsrovnani.cz http://www.privetour.cz http://www.top-pojisteni.cz https://www.autodoplnky.cz http://www.bigsnowjam.cz https://skveleceny.cz http://www.aapp.cz http://www.sosatko.cz http://www.fajnpojisteni.cz http://www.cestovani.cz http://www.autodoplnkyfro.cz http://www.smartflyagency.cz http://www.inzertia.cz http://www.hk-leasing.cz https://www.buddymag.cz https://iphone.app http://www.ruceni-povinne.eu https://fin24.cz/ http://www.vas-financni-poradce.cz https://uamk.cz http://www.123zajezdy.cz http://www.obyvatele.cz https://penize.cz http://www.rehurek.cz https://www.autanamiru.cz http://www.acosa.cz http://mediaplanet.com http://www.skrblik.cz http://www.cestovatelskyobchod.cz http://www.flightor.com https://kubicek.cz https://www.kalkulackaruceni.cz http://www.pojisteni-prehledne.cz https://android.app http://www.brnolowcost.estranky.cz https://affilplhalova.cz https://cyklotury.cz/ https://nasetreno.cz https://www.platinum.cz https://usetreno.cz https://www.simonasedlarova.cz http://www.autickar.cz https://www.touria.cz https://top-pojisteni.svetodmen.cz/ http://fijalka.cz/ https://povinkomat.cz/ https://www.tipli.cz http://www.autovesely.cz http://www.bukuj.cz http://kamfit.cz http://rezervace.zlevneneletenky.eu https://tripuj.cz http://www.go-travel.cz https://www.turistika.cz/ https://www.autoservis-garant.cz/ https://cestovia.cz https://autotrip.cz https://trendom.cz https://www.vzvcarservis.cz http://bestzajezdy.cz https://adventureguy.cz/cs/ http://www.top-pojisteni.cz https://www.vipapp.cz https://www.klick.cz http://www.fondik.cz http://realtorify.io https://europetravelagency.cz https://www.cestovatel.cz https://www.vimvic.cz https://entuzio.cz https://www.aquarius-ca.cz http://top-pojisteni.cz https://www.povinneruceni.biz https://www.leadgenje.cool https://www.expresnipojisteni.cz; 1
frame-ancestors 'self' https://recipe.importfood.com 1
script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; default-src 'self' 1
upgrade-insecure-requests; worker-src 'self' blob: ;style-src 'self' 'unsafe-inline' blob:; media-src 'self' ; manifest-src 'self' login.windows.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org *.doubleclick.net connect.facebook.net www.youtube.com script.crazyegg.com www.google-analytics.com; font-src 'self' data: ; frame-ancestors 'none';frame-src 'self' *.doubleclick.net www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com cdn.cookielaw.org i.ytimg.com www.googletagmanager.com *.doubleclick.net www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' *.contentful.com cdn.cookielaw.org *.google-analytics.com *.googlesyndication.com script.crazyegg.com *.doubleclick.net; default-src 'none'; base-uri 'none'; 1
frame-ancestors 'self' https://builder.io; 1
frame-ancestors 'self' *.gulliversfun.co.uk 1
base-uri 'self';connect-src *;form-action *;img-src * data: blob:;media-src 'self';object-src 'none';frame-ancestors 'none' 1
default-src 'self' https://*.googlesyndication.com https://*.google.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.flourish.studio https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.google-analytics.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://*.youtube.com https://*.uri.sh; img-src 'self' data: https://secure.gravatar.com/ https://*.googletagmanager.com/ https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://*.gstatic.com https://*.w.org https://public.flourish.studio; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
default-src 'self' blob: http://localhost:5000 http://localhost:3035 ws://localhost:3035 *.clutchprep.com *.intercomcdn.com; img-src * data: blob: https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.clutchprep.com *.stripe.com *.convertflow.co *.convertflow.com *.intercomcdn.com https://d2yyd1h5u9mauk.cloudfront.net https://web.delighted.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; font-src 'self' data: https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.clutchprep.com releases.flowplayer.org fonts.gstatic.com *.intercomcdn.com *.fontawesome.com *.hotjar.com *.convertflow.co *.convertflow.com *.intercomcdn.com https://web.delighted.com https://*.wistia.com https://d1azc1qln24ryf.cloudfront.net; style-src 'unsafe-inline' 'self' blob: data: https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.reviews.io d1azc1qln24ryf.cloudfront.net *.reviews.co.uk *.clutchprep.com *.stripe.com fonts.googleapis.com https://unpkg.com *.fontawesome.com *.convertflow.co *.convertflow.com *.intercomcdn.com https://d2yyd1h5u9mauk.cloudfront.net https://web.delighted.com https://fast.wistia.com https://cdnjs.cloudflare.com https://*.filestackapi.com https://intercom-sheets.com; connect-src 'self' blob: https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.clutchprep.com https://api.stripe.com https://checkout.stripe.com *.pusher.com *.pusherapp.com ws://*.pusherapp.com wss://*.pusherapp.com *.mixpanel.com *.hotjar.io *.hotjar.com *.intercom.io ws://*.intercom.io wss://*.intercom.io *.google-analytics.com *.pinterest.com *.snapchat.com *.doubleclick.net *.facebook.com *.profitwell.com sentry.io *.algolianet.com *.algolia.net *.nr-data.net *.filepicker.io *.ipdata.co *.convertflow.co *.convertflow.com *.intercomcdn.com wss://*.hotjar.com https://d2yyd1h5u9mauk.cloudfront.net https://web.delighted.com *.litix.io *.sentry.io *.s3.amazonaws.com https://*.wistia.com https://embedwistia-a.akamaihd.net http://localhost:3035 ws://localhost:3035 https://*.filestackapi.com *.fpapi.io https://intercom-sheets.com https://analytics.tiktok.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://c.go-mpulse.net https://*.akstat.io https://*.akamaihd.net; frame-src 'self' https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.clutchprep.com https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com *.filepicker.io *.hotjar.com *.facebook.com *.doubleclick.net *.snapchat.com *.youtube.com recruiterflow.com *.google.com *.ipdata.co *.convertflow.co *.convertflow.com *.intercomcdn.com https://d2yyd1h5u9mauk.cloudfront.net https://web.delighted.com https://fast.wistia.com https://fast.wistia.net https://intercom-sheets.com https://*.statuspage.io; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://eu.api.fpjs.io/ https://api.sjpf.io/ https://api.fpjs.io/ https://cdn.fpjs.io/@2/fp.js https://api.reviews.io *.reviews.io *.reviews.co.uk *.clutchprep.com *.pusher.com *.filepicker.io https://js.stripe.com https://checkout.stripe.com d3qxef4rp70elm.cloudfront.net *.hotjar.com *.googletagmanager.com *.app-us1.com *.mxpnl.com *.intercom.io *.intercomcdn.com *.getvero.com google-analytics.com *.google-analytics.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.facebook.net *.doubleclick.net cdnjs.cloudflare.com *.gstatic.com *.youtube.com *.sentry-cdn.com *.pinimg.com *.outbrain.com sc-static.net *.sc-static.net *.trackcmp.net trackcmp.net *.snapchat.com *.newrelic.com dna8twue3dlxq.cloudfront.net *.ytimg.com *.google.com *.jsdelivr.net *.algolia.net *.nr-data.net *.algolianet.com *.maxcdn.com d2yyd1h5u9mauk.clutchfront.net *.ipdata.co *.convertflow.co *.convertflow.com https://convertflow.co *.googleapis.com *.intercomcdn.com https://d2yyd1h5u9mauk.cloudfront.net https://web.delighted.com https://browser.sentry-cdn.com https://*.wistia.com https://*.wistia.net https://*.filestackapi.com https://intercom-sheets.com https://*.statuspage.io https://analytics.tiktok.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://s.go-mpulse.net; report-uri /csp-violation-report-endpoint 1
default-src 'self' *.dkefe.com *.cloudinary.com *.onetrust.com *.unisvg.com *.simplesvg.com *.graphcms.com *.google-analytics.com *.windows.net *.cloudfront.net *.qzzr.com *.make.com *.amazonaws.com *.riddle.com *.youtube.com ; script-src 'self' *.dkefe.com 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com *.onetrust.com *.amazonaws.com *.riddle.com *.twitter.com *.cloudfront.net *.instagram.com *.youtube.com; style-src 'self' 'unsafe-inline' *.onetrust.com *.riddle.com ; font-src 'self' *.onetrust.com https://fonts.gstatic.com *.riddle.com ; img-src 'self' *.cloudinary.com *.cloudfront.net 'unsafe-inline' *.google-analytics.com data: https://www.media.graphcms.com https://www.res.cloudinary.com https://www.images.unsplash.com *.graphassets.com *.onetrust.com *.riddle.com; 1
font-src 'self' https://widgets.trustedshops.com/ https://cdnjs.cloudflare.com 1
script-src 'self' https: 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com esskay.kiya.ai; report-uri /csp-violation 1
frame-ancestors 'self' samandehi.ir logo.samandehi.ir enamad.ir trustseal.enamad.ir ecunion.ir mediaad.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: * 1
default-src 'self';base-uri 'self';object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;img-src 'self' *.bmsupermercados.es *.uvesco.es *.youtube.com maps.googleapis.com maps.gstatic.com data:  *.google.es *.google.com *.google-analytics.com storage.googleapis.com maps.googleapis.com maps.gstatic.com *.ggpht.com *.googletagmanager.com *.googleapis.com;frame-src 'self' www.youtube.com *.doubleclick.net *.google.com;connect-src 'self' *.analytics.google.com *.google-analytics.com maps.googleapis.com *.doubleclick.net;script-src 'strict-dynamic' 'self' 'nonce-RUwtTk9OQ0UqJkFZQU1BMTU2Njk0NzQ5Mw==' 'unsafe-inline' www.google-apis.com www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleadservices.com www.youtube.com *.google-analytics.com googleads.g.doubleclick.net maps.googleapis.com 1
frame-ancestors 'self' https://manage.rermag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self';     script-src 'self' https://unpkg.com https://www.googletagmanager.com 'sha256-wAfWaOr/A39z7NAInLxj8sNOkn3UeTck0o2seObBiFU=' *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com;     frame-src 'self' https://widget.real-time-reserves.ledgerlens.io;     base-uri 'self';     font-src 'self' data:;     img-src * blog.archblock.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com 'self' data:;     object-src 'none';     script-src-attr 'none';     style-src 'self' https: 'unsafe-inline';     upgrade-insecure-requests;     connect-src 'self' blog.archblock.com ipapi.co api.lever.co *.google-analytics.com *.analytics.google.com *.ledgerlens.io api.github.com *.hscollectedforms.net; 1
frame-ancestors https://www.americanheritagegirls.org https://americanheritagegirls.org https://batchgeo.com https://www.batchgeo.com 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.smartsupp.com:* https://*.smartsupp.com:* https://*.smartsuppchat.com:* https://*.smartsuppcdn.com:* https://*.cdn77.org.com:* https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' data: https:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-XpFjrgSePbltgv5HbLNOwg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' *data: region1.analytics.google.com https://www.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' data:* data* *.google-analytics.com *.google.it https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com https://geoportal.un.org; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
default-src 'self' *.wirth-horn.de https://www.youtube-nocookie.com https://cdn.privacy-mgmt.com https://assets.adobedtm.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 1
default-src  'self' data: ; img-src      'self' data: 'unsafe-inline' 'unsafe-eval' data: i.ibb.co *.youtube.com beyond.3dnest.biz maps.gstatic.com maps.googleapis.com *.datables.net *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datables.net connect.facebook.net *.pagead2.googlesyndic;  script-src   'self' data: 'unsafe-inline' i.ibb.co beyond.3dnest.biz *.youtube.com *.3dnest.biz *.datables.net  'unsafe-eval' *.to *.doubleclick.net *.googlesyndication.com *.googlesyndication.com *.facebook.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  style-src    'self' data: 'unsafe-inline' i.ibb.co beyond.3dnest.biz *.youtube.com *.3dnest.biz *.datables.net  *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com  *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  font-src     'self' data: i.ibb.co  beyond.3dnest.biz *.3dnest.biz *.youtube.com *.datables.net  *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  frame-src    'self' data: i.ibb.co  beyond.3dnest.biz *.3dnest.biz *.youtube.com *.datables.net  *.google.com geolocation-db.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.to *.vimeocdn.com *.vimeo.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  object-src   'self' data: i.ibb.co beyond.3dnest.biz *.3dnest.biz *.youtube.com *.googleapis.com *.datables.net  geolocation-db.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.to apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  connect-src   'self' data: i.ibb.co beyond.3dnest.biz *.3dnest.biz *.youtube.com *.pangle-ads.com *.googleapis.com *.gstatic.com  *.datables.net  *.doubleclick.net *.tiktok.com *.google.com *.googlesyndication.com *.google-analytics.com *.googlesyndication.com geolocation-db.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  1
script-src vitalrecordscontrol.com acsbapp.com  *.googleapis.com/ *.gravatar.com googleads.g.doubleclick.net/ www.google-analytics.com/ snap.licdn.com/ vitalrecordscontrol.com/ *.hotjar.com/ js.hsadspixel.net/ js.hscollectedforms.net/ js.hs-analytics.net/ js.hs-banner.com/ www.googletagmanager.com/ cdnjs.cloudflare.com/ use.fontawesome.com fonts.googleapis.com/ browser.sentry-cdn.com/ js.hs-scripts.com/ https://js.hsforms.net/ https://app.jazz.co/ fonts.googleapis.com/ cdn.nitropack.io nitropack.io cdn-iokbh.nitrocdn.com 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'none' 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com.tr yastatic.net https://yastatic.net ajax.googleapis.com www.google-analytics.com https://www.google-analytics.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com vk.com https://vk.com https://login.vk.com platform.twitter.com https://platform.twitter.com; font-src 'self' data: yastatic.net fonts.gstatic.com https://fonts.gstatic.com; object-src pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prozavr.ru top-fwz1.mail.ru *.yandex.ru https://yandex.ru yandex.ru yandex.com https://yandex.by *.yandex.net https://site.yandex.net https://yandex.st yandex.st yandex.ua https://yastatic.net yastatic.net mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.kg https://cdn.jsdelivr.net/npm/yandex-metrica-watch/ https://conoret.com https://cdn.ampproject.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ajax.googleapis.com  api.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://translate.google.com https://translate.google.cn https://translate.googleapis.com https://translate-pa.googleapis.com https://googleads.g.doubleclick.net www.googletagmanager.com googletagmanager.com www.googletagservices.com https://www.googletagservices.com https://partner.googleadservices.com vk.com platform.twitter.com https://platform.twitter.com https://s.tradingview.com https://s3.tradingview.com https://adservice.google.ru https://adservice.google.com https://adservice.google.co.th https://adservice.google.kz https://adservice.google.co.uz https://adservice.google.co.jp https://adservice.google.kg https://adservice.google.co.kr https://adservice.google.com.vn https://adservice.google.by https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.com.ua https://adservice.google.lv https://adservice.google.pl https://adservice.google.se https://adservice.google.com.tr https://adservice.google.be https://adservice.google.hu https://adservice.google.am https://adservice.google.ge https://adservice.google.bg https://adservice.google.com.tj https://adservice.google.nl https://adservice.google.de https://adservice.google.co.in https://adservice.google.cz https://adservice.google.az https://adservice.google.ee https://adservice.google.com.sg https://adservice.google.lk https://adservice.google.ae https://adservice.google.md https://adservice.google.ca https://adservice.google.com.cy https://adservice.google.sk https://adservice.google.it https://adservice.google.com.eg https://adservice.google.lt https://adservice.google.no https://adservice.google.com.om https://adservice.google.fr https://adservice.google.es https://adservice.google.co.uk https://adservice.google.dk https://adservice.google.fi https://adservice.google.com.mx https://adservice.google.com.lb https://adservice.google.com.hk https://adservice.google.com.pk https://adservice.google.dz https://adservice.google.mn https://adservice.google.iq https://adservice.google.co.za https://adservice.google.me https://adservice.google.is https://adservice.google.com.br https://adservice.google.tm https://adservice.google.rs https://adservice.google.com.qa https://adservice.google.com.ph https://adservice.google.com.my https://adservice.google.com.mt https://adservice.google.pt https://adservice.google.co.nz https://adservice.google.ba https://adservice.google.gr https://adservice.google.mu https://adservice.google.com.cu https://adservice.google.com.au https://adservice.google.jo https://adservice.google.al https://adservice.google.com.kh https://adservice.google.cv https://adservice.google.mk https://adservice.google.sn https://adservice.google.com.pa https://adservice.google.ro https://adservice.google.com.sa https://adservice.google.at https://adservice.google.ch https://adservice.google.tn https://adservice.google.co.ao https://adservice.google.ie https://adservice.google.mv https://adservice.google.com.bd https://adservice.google.co.tz https://adservice.google.com.gt https://adservice.google.com.np https://adservice.google.com.pe https://adservice.google.com.kw https://adservice.google.com.tw https://adservice.google.si https://adservice.google.co.ke https://adservice.google.hr https://adservice.google.com.ar https://adservice.google.ci https://adservice.google.lu https://adservice.google.com.co https://adservice.google.com.bh https://adservice.google.co.ma https://adservice.google.co.zm https://adservice.google.bs https://adservice.google.sc https://adservice.google.com.mm https://adservice.google.cm https://adservice.google.com.na https://adservice.google.la https://adservice.google.com.ec https://adservice.google.co.cr https://adservice.google.ml https://adservice.google.com.af https://adservice.google.com.uy https://adservice.google.rw https://adservice.google.cl https://adservice.google.co.ve https://adservice.google.bf https://adservice.google.mg https://adservice.google.ga https://adservice.google.com.et https://adservice.google.ne https://adservice.google.bj https://adservice.google.com.ng https://adservice.google.sm https://adservice.google.sr https://adservice.google.com.jm https://adservice.google.com.ly https://adservice.google.co.ug https://adservice.google.com.py https://adservice.google.com.sv https://adservice.google.com.pr https://adservice.google.co.mz https://adservice.google.hn https://adservice.google.com.bo https://adservice.google.ps https://adservice.google.tg https://adservice.google.co.zw https://adservice.google.com.bn https://adservice.google.li https://adservice.google.com.gh https://adservice.google.com.bz https://adservice.google.ad https://adservice.google.tt https://adservice.google.vg https://adservice.google.com.ni https://adservice.google.com.gi; img-src 'self' data: https://prozavr.ru top-fwz1.mail.ru *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.kg https://mc.yandex.uz https://mc.yandex.tj https://mc.yandex.md https://mc.yandex.az https://mc.yandex.tm *.yandex.net yandex.st yastatic.net https://yastatic.net clck.yandex.ru https://yandex.ru https://yandex.ua https://www.yandex.ua https://yandex.by https://www.yandex.by https://webmaster.yandex.ru https://www.google.com https://www.google.ru https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz  https://www.google.com.ua https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://www.google.by https://www.google.cz https://www.google.co.uk https://www.google.am https://ssl.google-analytics.com https://*.googleusercontent.com https://tpc.googlesyndication.com pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net gstatic.com https://www.gstatic.com https://translate.googleapis.com https://*.ggpht.com counter.rambler.ru counter.yadro.ru www.google-analytics.com google-analytics.com https://www.google-analytics.com https://vk.com vk.com https://syndication.twitter.com https://twitter.com https://*.userapi.com https://csi.gstatic.com translate.google.com *.ytimg.com img.youtube.com https://*.ytimg.com https://img.youtube.com https://ad.adriver.ru https://ad.doubleclick.net https://wcm-ru.frontend.weborama.fr https://tps.doubleverify.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net yastatic.net *.adfox.ru https://translate.googleapis.com fonts.googleapis.com https://fonts.googleapis.com; connect-src 'self' blob: http://127.0.0.1:* yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.com.ge https://mc.yandex.kg https://mc.yandex.az https://mc.yandex.tm https://www.google.com.ua https://ymetrica1.com https://yandexmetrica.com:* yandex.st https://translate.yandex.net  https://browser.translate.yandex.net https://csp.yandex.net https://favicon.yandex.net https://www.google.ru https://www.google.by https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://stats.g.doubleclick.net https://region1.analytics.google.com https://analytics.google.com www.google-analytics.com https://www.google-analytics.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com https://partner.googleadservices.com https://csi.gstatic.com https://translate.googleapis.com https://adservice.google.com; child-src 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.md googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com awaps.yandex.ru yastatic.net vk.com platform.twitter.com https://login.vk.com https://static.doubleclick.net; frame-src yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru https://mc.yandex.md https://mc.yandex.com https://www.google.com https://recaptcha.google.com https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://yoomoney.ru; media-src blob: data: yastatic.net *.yandex.net *.yandex.ru yandex.ru *.adfox.ru yandex.com; report-uri https://prozavr.ru/temp/csp/errors_csp_writer.php; 1
frame-src 'self' platform.twitter.com syndication.twitter.com www.google.com help.smartertools.com *.i7media.com assets.hcaptcha.com newassets.hcaptcha.com forms.clickup.com 1
object-src 'self' *.vrg.de vrg.de; 1
frame-ancestors 'self' *.priceritemarketplace.com *.brands.wakefern.com 1
frame-ancestors 'self' https://photocar.riteaid.com/ https://chatcar.riteaid.com/ 1
default-src https: 'unsafe-inline';  img-src      'self' https: data: 'unsafe-inline'  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;   script-src   https: blob: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval';   font-src     'self' https: data: 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;   frame-src    'self' https: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;   connect-src  'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.tawk.to; 1
frame-ancestors 'self' bid.g.doubleclick.net; script-src *.clarity.ms *.hs-analytics.net *.hs-banner.com *.hs-scripts.com ajax.googleapis.com bat.bing.com ct.capterra.com googleads.g.doubleclick.net myintervals.cdnedge.bluemix.net www.rapidscansecure.com ssl.google-analytics.com stats.myintervals.com www.clarity.ms www.getapp.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com 'self' 'unsafe-inline'; object-src 'none' 1
default-src 'self';frame-ancestors 'self';object-src 'none' ;child-src 'self' https://cloud.typography.com;frame-src 'self' https://athora.recruitee.com https://consentcdn.cookiebot.com https://vivat3.recruitee.com https://www.youtube.com https://www.google.com;connect-src 'self' https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.applicationinsights.azure.com;font-src 'self' data: data: https://fonts.gstatic.com;img-src 'self' data: data: https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.gstatic.com https://i.ytimg.com https://ssl.gstatic.com https://www.gstatic.com;script-src 'self' 'strict-dynamic' 'nonce-sCGJNF+EsVN3zgc1RLWNRNvO' data: data: https://*.googletagmanager.com https://az416426.vo.msecnd.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.youtube.com https://*.monitor.azure.com;style-src 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://tagmanager.google.com https://www.athora.nl https://www.googletagmanager.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: data:; connect-src wss://www.moneyou.nl https://www.moneyou.nl https://nl-moneyou-rt.collector.snplow.net https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://digitalassistant-signalr-productie.service.signalr.net wss://digitalassistant-signalr-productie.service.signalr.net https://*.clarity.ms https://c.bing.com; worker-src blob:; 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com https://player.vimeo.com/ 'strict-dynamic' 'nonce-qagfH4Gp1lp6mSA8DpunkQ=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.hsappstatic.net cdn2.hubspot.net https://ajax.googleapis.com; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com https://www.google.be; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://www.facebook.com/ https://platform.twitter.com/ https://vimeo.com/ https://player.vimeo.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
default-src 'self'; script-src https://siteimproveanalytics.com https://maps.googleapis.com https://*.youtube.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src https://*.googleapis.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: https://*.ytimg.com https://*.youtube.com https://maps.gstatic.com https://*.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.siteimproveanalytics.io 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' https://fonts.gstatic.com; form-action 'self'; connect-src *.gstatic.com *.googleapis.com https://www.google.com/maps/ https://api.friendlycaptcha.com/api/v1/puzzle 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self'; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ apis.google.com https://www.google.com/ https://www.yourmoney.ch/ym/ext/szkb/ blob: https://datawrapper.dwcdn.net/; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors 'self' https://manage.controldesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.cookielaw.org *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com https://cdn.cookielaw.org *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com https://geolocation.onetrust.com *.cookielaw.org *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
frame-ancestors 'self'; report-uri /pub/csp_reports 1
default-src 'self' ws: wss: https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ *.google.com  *.google.nl *.googletagmanager.com *.google-analytics.com *.googleapis.com  https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://6152012.global.siteimproveanalytics.io/ https://api-gateway.siteimprove.us/ https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ytimg.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.openbasiskaart.nl *.plattegronden.gooisemeren.nl/ https://unpkg.com *.google.com  *.google.nl *.googletagmanager.com *.google-analytics.com *.googleapis.com https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ytimg.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com  *.google.nl *.googletagmanager.com *.google-analytics.com *.googleapis.com https://siteimproveanalytics.com https://6152012.global.siteimproveanalytics.io/ https://api-gateway.siteimprove.us/ https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.openbasiskaart.nl *.plattegronden.gooisemeren.nl/ https://unpkg.com https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; object-src 'none'; media-src 'self'; frame-src 'self' https://gooisemeren.email-provider.nl *.google.com  *.google.nl *.googletagmanager.com *.google-analytics.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ytimg.com https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/; base-uri 'self'; connect-src 'self' ws: wss: https://gooisemeren.proudreports.nl *.google.com  *.google.nl *.googletagmanager.com *.google-analytics.com *.googleapis.com https://acceptatie.kaartviewer.nl https://geodata.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; report-uri https://gooisemeren.proudreports.nl/report.php; 1
default-src 'self'; font-src 'self' data:; script-src 'nonce-V4tHYJT8xTBykJRWY4Oxig==' 'strict-dynamic' 'self'; connect-src 'none'; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' *.youtube-nocookie.com *.ted.com *.vimeo.com *.liveleak.com *.srgssr.ch *.srf.ch *.slideshare.net *.spotify.com *.podcasts.apple.com *.eventbrite.co.uk; frame-ancestors 'none'; base-uri scip.ch 1
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr webvisor.com *.webvisor.com; 1
script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.google.com *.google.co.in *.zohocdn.com *.zohorecruit.com www.youtube.com maillist-manage.com *.clearbitscripts.com *.maillist-manage.com *.zoho.com cdn.pagesense.io *.clearbitjs.com *.google-analytics.com *.instasafe.io *.googletagmanager.com *.googleadservices.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;img-src 'self' https: data: *.google-analytics.com *.instasafe.io *.googletagmanager.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat-widget.imbrace.co/chat.js https://www.clarity.ms/tag/h0kf4zlrjj https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://www.clarity.ms https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.clarity.ms https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.imbrace.co; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://chat-widget.imbrace.co https://td.doubleclick.net; frame-ancestors 'self' https://webapp-wf.prod2.imbrace.co; img-src 'self' data: https://www.imbrace.co https://secure.gravatar.com https://*.clarity.ms https://www.google.com.my https://*.bing.com https://www.google-analytics.com https://graph.facebook.com https://www.googletagmanager.com https://*.fbcdn.net https://*.w.org; manifest-src 'self'; media-src 'self' https://www.imbrace.co; form-action 'self'; report-uri https://656feba373671fbf59c8748e.endpoint.csper.io/?v=2; worker-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gaygeek.social; img-src 'self' https: data: blob: https://gaygeek.social; style-src 'self' https://gaygeek.social 'nonce-sdSWPqWPsRDY4hvOsBlM+g=='; media-src 'self' https: data: https://gaygeek.social; frame-src 'self' https:; manifest-src 'self' https://gaygeek.social; form-action 'self'; child-src 'self' blob: https://gaygeek.social; worker-src 'self' blob: https://gaygeek.social; connect-src 'self' data: blob: https://gaygeek.social https://media.gaygeek.social wss://gaygeek.social; script-src 'self' https://gaygeek.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://repligen.com https://store.repligen.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com cdnjs.cloudflare.com unpkg.com *.fontawesome.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://snap.licdn.com/ https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://cdn.leadchampion.com/leadchampion.js https://mastertag.leadchampion.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://contattachat.bpp.it https://stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com unpkg.com *.fontawesome.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://contattachat.bpp.it https://stackpath.bootstrapcdn.com https://cdn.lineicons.com/3.0/lineicons.css; font-src 'self' *.fontawesome.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.lineicons.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://px.ads.linkedin.com/; media-src 'self' data: blob:; child-src 'self' https://www.google.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com bpponline.bpp.it https://consentcdn.cookiebot.com/ https://contattachat.bpp.it https://recruitingaaf.bpp.it; connect-src 'self' *.google-analytics.com *.fontawesome.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://consentcdn.cookiebot.com/ https://maps.googleapis.com/ ; 1
default-src 'self' segment.okta.com *.oktacdn.com; connect-src 'self' segment.okta.com segment-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com segment.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' segment.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' segment.okta.com *.oktacdn.com; frame-src 'self' segment.okta.com segment-admin.okta.com login.okta.com ok4-devicetrust.okta.com com-okta-authenticator: api-3bdc2f77.duosecurity.com; img-src 'self' segment.okta.com *.oktacdn.com https://ok4static.oktacdn.com/fs/bcg/4/gfs2pudo8tevoBTe31t7 *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' segment.okta.com data: *.oktacdn.com fonts.gstatic.com 1
frame-ancestors 'self' https://gisportalprod01.svo.local/ https://gisportal.skogsstyrelsen.se/ 1
object-src 'self'; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self'; img-src * data:; media-src * blob:; script-src * blob: data: 'unsafe-inline'; style-src * 'unsafe-inline'; font-src * data:; connect-src 'self' *.cloudfront.net *.amazonaws.com *.fontawesome.com av.evertz.com:3000 listgrowth.ctctcdn.com *.constantcontact.com api.livechatinc.com www.google-analytics.com www.youtube.com; frame-src 'self' evertz.applytojob.com instafeed.pixlee.co snapwidget.com secure.livechatinc.com www.google.com www.recaptcha.net www.youtube.com www.youtube-nocookie.com *.twitter.com; frame-ancestors * 1
frame-ancestors 'self' https://hunts.com.mx https://www.hunts.com.mx; upgrade-insecure-requests; 1
default-src 'self' www.openstreetmap.org stats.g.doubleclick.net www.youtube.com www.gravatar.com player.vimeo.com *.vimeocdn.com our.umbraco.com www.google-analytics.com *.google-analytics.com api.pro6pp.nl www.googletagmanager.com *.googletagmanager.com analytics.google.com *.analytics.google.com *.google.com *.google.nl;script-src 'self' api.pro6pp.nl ajax.aspnetcdn.com code.jquery.com ajax.googleapis.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com www.google.com 'nonce-Zz4jN4R7J0VX35HZIpXlgc9Agx/DsqvcJRNewC/gxcM=';style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 'unsafe-inline';font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com;img-src 'self' www.googletagmanager.com *.googletagmanager.com *.google-analytics.com www.google.com data: www.veb.net *.umbraco.io *.umbraco.com *.umbraco.org *.gravatar.com umbraco.tv *.googleapis.com *.staticflickr.com abmfn.com;frame-src *;base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.jarltech.com/piwik_jt/matomo.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://px.ads.linkedin.com https://www.youtube.com magiczoomplus.js magic360.js blob:; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.jarltech.com https://snap.licdn.com https://px.ads.linkedin.com https://www.magictoolbox.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://i.ytimg.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://i.vimeocdn.com https://px.ads.linkedin.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com/ https://vimeo.com/ https://player.vimeo.com/; upgrade-insecure-requests 1
default-src * 'self' data: 'unsafe-inline'; script-src * 'self' data: 'unsafe-inline'; script-src-elem * 'self' data: 'unsafe-inline'; script-src-attr * 'self' data: 'unsafe-inline'; style-src * 'self' data: 'unsafe-inline'; style-src-elem * 'self' data: 'unsafe-inline'; style-src-attr * 'self' data: 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; 1
default-src 'self'; frame-src 'self' https://connect.trezor.io/* https://connect.trezor.io/ https://widget.changelly.com/ https://www.youtube.com/; frame-ancestors 'none'; child-src 'none'; form-action https://formspree.io; base-uri 'none'; connect-src *; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'sha256-hnF01G4lUcBRBGAqTTfng1Jl9ifL4iDk3r3e9AKUsoU=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'; worker-src 'none'; 1
default-src 'self' *.gstatic.com stats.g.doubleclick.net *.google-analytics.com fonts.googleapis.com *.youtube.com *.facebook.com e.infogram.com 'unsafe-inline' 'unsafe-eval' data:; object-src 'none'; report-uri https://audit.vrk.lt/_/csp-report 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https: data:; base-uri 'self'; 1
frame-ancestors 'self' https://www.useberry.com https://app.useberry.com https://brx.getnet.resite.pagonxt.corp 1
default-src 'self' coa.gov.in; script-src-elem 'self' 'unsafe-inline' coa.gov.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' coa.gov.in; style-src 'self' 'unsafe-inline' coa.gov.in; style-src-elem 'self' 'unsafe-inline' coa.gov.in; connect-src 'self' coa.gov.in; media-src coa.gov.in 'self' blob:; worker-src coa.gov.in 'self' blob:; img-src coa.gov.in 'self'; frame-src coa.gov.in 'self'; font-src coa.gov.in 'self' data:; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://www.ozzu.com:6001 wss://www.ozzu.com:6001 https://www.googletagmanager.com https://*.google.com https://www.google-analytics.com https://*.doubleclick.net; base-uri 'none'; form-action 'self'; object-src 'none'; frame-ancestors 'self'; worker-src 'self'; child-src 'self'; frame-src 'self' https://*.google.com https://js.stripe.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://cdn.ozzu.com https://www.google.com https://www.google-analytics.com https://img.youtube.com https://www.google.ca https://www.google.co.uk https://www.google.co.in https://www.google.com.bd data:; style-src 'self' 'unsafe-inline' 'nonce-tG9gkLBjWtmfWViiF7SxoYFRQxFZHHND'; script-src 'self' https://www.googletagmanager.com/gtag/js 'unsafe-inline' 'nonce-tG9gkLBjWtmfWViiF7SxoYFRQxFZHHND' 'strict-dynamic'; report-uri https://unmelted.report-uri.com/r/d/csp/enforce 1
frame-ancestors https://statevitalrecords.org/ https://californiabirthcertificate.org/ https://californiabirthcertificate.wpcomstaging.com/ https://texasbirthcertificateswpcomstaging.wpcomstaging.com/ https://texasbirthcertificates.org/ 1
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; frame-src 'self' https:; sandbox allow-same-origin allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts allow-downloads allow-top-navigation allow-pointer-lock; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' banno.com *.banno.com crownpeak.net *.crownpeak.net *.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.google.com *.vimeo.com *.personalcard.net *.sitescout.com *.zoho.com; img-src 'self' *.google-analytics.com *.googletagmanager.com banno.com *.banno.com *.googleapis.com *.gstatic.com *.google.com *.sitescout.com data: *.banno.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com banno.com *.banno.com crownpeak.com *.crownpeak.com *.pixel.ad *.facebook.net *.banno.com; style-src 'self' 'unsafe-inline'  *.googleapis.com 1
frame-ancestors 'self' https://*.planejativo.com https://planejativo.com 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-KvTW/GnpG5rzD2yy9K0/Zw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-41e2a471c6ecd5ba811917412cd51da4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; form-action 'self' *.custerresorts.com; frame-ancestors 'self' *.custerresorts.com; upgrade-insecure-requests 1
script-src 'self' https://analytics.tim427.net/ https://*.googleapis.com https://maps.gstatic.com https://www.google-analytics.com 1
default-src https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;script-src-attr 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' ws: https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;frame-src 'self' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;manifest-src 'self' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com 1
default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/mustache.js/4.0.1/mustache.min.js; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com analytics.google.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org bankunited.com cms.bankunited.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.hotjar.com bat.bing.com up.pixel.ad cdnjs.cloudflare.com web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net maxcdn.bootstrapcdn.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://delicious.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://bankunited2019.bssdev.com bankunited.com cms.bankunited.com *.dotomi.com *.google.com https://pixel.sitescout.com bat.bing.com clickserv.sitescout.com *.bankunited.com *.doubleclick.net web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cms.bankunited.com bankunited.com maxcdn.bootstrapcdn.com; frame-src 'self' https://pixel.sitescout.com https://bankunited2019.bssdev.com bankunited.com https://sitefinitytest.bankunited.com https://cloud.customer.bankunited.com cms.bankunited.com *.doubleclick.net digital.bankunited.com www.dev-digital.bankunited.com www.uat-digital.bankunited.com www.test-digital.bankunited.com www.digital.bankunited.com www.google.com *.hotjar.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.doubleclick.net *.clarity.ms *.hotjar.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/mustache.js/4.0.1/mustache.min.js analytics.google.com *.googleapis.com *.bankunited.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; frame-ancestors digital.bankunited.com www.dev-digital.bankunited.com www.uat-digital.bankunited.com www.test-digital.bankunited.com www.digital.bankunited.com cms.bankunited.com 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-4e88f549cd1ac4f4feecab7ffc7f3e1c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' data: dezerv-assets.s3.ap-south-1.amazonaws.com dezerv-profile-images.s3.ap-south-1.amazonaws.com dezerv-strapi-integration.s3.ap-south-1.amazonaws.com dezerv-strapi-test.s3.ap-south-1.amazonaws.com t.co analytics.twitter.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.co.in px.ads.linkedin.com facebook.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' widgets.in.webengage.com www.googletagmanager.com https: fc.dezerv.in www.google.co.in facebook.net www.facebook.com;frame-src 'self' inz8261735b.in.webengage.co inzz71680a69.in.webengage.co dezerv-assets.s3.ap-south-1.amazonaws.com www.youtube.com calendly.com td.doubleclick.net facebook.net www.facebook.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontier&region=US&lang=en-US&device=desktop&yrid=7v722r5iqu7i8&partner=ftr; 1
frame-ancestors 'self' https://*.flashbay.com https://*.app.netsuite.com 1
default-src self *.sessioncam.com *.cloudfront.net; script-src *.gbqofs.com *.gbqofs.io *.cloudfront.net *.sessioncam.com *.adimo.co *.usabilla.com *.googleoptimize.com 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.doubleclick.net https://www.gstatic.com *.gigya.com https://bv.js *.bazaarvoice.com *.adimo.co *.nescafe.com *.nestle.com *.google.com http://localhost:3337/app.js *.jsdelivr.net/npm/fraction.js@4.2.0/fraction.min.js *.tintup.com *.tintup.com https://tintup.com/app/dist/embedded.js *.facebook.net *.nr-data.net *.hypemarks.com *.jsdelivr.net unpkg.com *.nestle.co.uk  *.windows.net *.iesnare.com *.qualifio.com *.ownid.com *.cookielaw.org *.segment.com *.amazon-adsystem.com *.adsrvr.org blob: *.googleapis.com *.criteo.com *.serving-sys.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.adimo.co *.cloudfront.net *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com *.google.com *.bazaarvoice.com  *.adimo.co http://localhost:3337/style.css *.jsdelivr.net *.nestle.co.uk; img-src *.cloudfront.net *.sessioncam.com *.google.co.in *.amazonaws.com *.usabilla.com *.adimo.co *.google.com.au *.googletagmanager.com https://nescafefarmersorigins.com/au/*. *.nescafefarmersorigins.com *.nestle.co.uk *.google.com 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com *.nestlebeverages.acsitefactory.com be.factory.nescafe.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.nescafe.com https://optimize.google.com *.pantheonsite.io google.ca *.facebook.com *.jsdelivr.net *.cookielaw.org *.rlcdn.com *.googleapis.com; media-src 'self'; frame-src *.cloudfront.net *.sessioncam.com *.doubleclick.net *.adimo.co 'self' *.youtube.com info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com *.fusepump.com www.google.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk https://login-au.nescafe.com/ *.nescafe.com *.google.com *.facebook.com *.hypemarks.com *.nestlepromotions.com.au *.amazon-adsystem.com *.adsrvr.org *.qualifioapp.com *.criteo.com; frame-ancestors 'self'; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be *.adimo.co info.evidon.com *.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com *.hypemarks.com *.qualifioapp.com blob:; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.cloudflare.com *.fontawesome.com *.nestle.co.uk; connect-src 'self' brand-ecommerce-api.fusepump.com *.sessioncam.com *.amazonaws.com *.adimo.co *.google.com *.cloudfront.net *.google-analytics.com *.amazonaws.com *.bazaarvoice.com *.evidon.com *.g.doubleclick.net *.nestle-brands.co.uk *.nr-data.net *.nescafe.com *.gigya.com *.googletagmanager.com *.usabilla.com *.fusepump.com *.gbqofs.io *.gbqofs.com *.growthbook.io *.nestle.co.uk *.nestle.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.smababy.co.uk *.cookielaw.org *.segment.com *.segmentapis.com *.googleapis.com *.analyze.ly; report-uri /tr/report-csp-violation 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://www.globalhandicaps.com  https://www.globalhdcp.com  https://www.ustrc.com  https://www.wstroping.com; 1
child-src blob:; default-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.qualified.com  wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; upgrade-insecure-requests; 1
default-src 'self';script-src 'self' 'nonce-xNWUVWTqw5MzaAJl+sh82he0' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
frame-ancestors http://mail.elesa.com http://elesa.partcommunity.com https://www.elesa.com https://halder-roemheld.imweb.me https://www.halder-roemheld.co.kr 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com *.mastercard.com  https:; script-src 'self' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.mastercard.com  'unsafe-inline' https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net *.mastercard.com  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com *.mastercard.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net *.mastercard.com  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com *.smooch.io wss:  https:; frame-ancestors 'self' dmp.truoptik.com *.mastercard.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://unicyclist.com/logs/ https://unicyclist.com/sidekiq/ https://unicyclist.com/mini-profiler-resources/ https://cdn.unicyclist.com/assets/ https://unicyclist.com/extra-locales/ https://cdn.unicyclist.com/highlight-js/ https://cdn.unicyclist.com/javascripts/ https://cdn.unicyclist.com/plugins/ https://cdn.unicyclist.com/theme-javascripts/ https://cdn.unicyclist.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://cdn.unicyclist.com/assets/ https://cdn.unicyclist.com/javascripts/ https://cdn.unicyclist.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.tiny.cloud https://*.googletagmanager.com api.reciteme.com *.hotjar.com www.google-analytics.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' cdn.tiny.cloud api.reciteme.com https://*.hotjar.com 'unsafe-inline'; object-src 'none'; base-uri 'self';connect-src 'self' *.applicationinsights.azure.com cdn.tiny.cloud https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.reciteme.com www.google.co.uk stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src fonts.gstatic.com 'self' api.reciteme.com data: https://*.hotjar.com; frame-src 'self'; child-src 'self'; img-src *; manifest-src 'self';media-src 'self' api.reciteme.com; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com 'self' data: *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.exair.com https://www.exair.com/ http://portal.exair.com/ *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.zdassets.com *.userway.org 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.demo.convergepay.com api.convergepay.com google.com gstatic.com *.twitter.com *.facebook.com https://www.traceparts.com https://player.vimeo.com/ https://vars.hotjar.com/ *.userway.org *.doubleclick.net https://calculator.exair.com/cabinetcooler/calculator/index.php 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://bat.bing.com http://t.co/ https://px.ads.linkedin.com http://www.trustlogo.com/ https://ssl.comodo.com https://camo.githubusercontent.com/ https://p.adsymptotic.com/ https://secure.trust-provider.com/ https://c.clarity.ms/c.gif cdn.userway.org *.facebook.net *.facebook.com *.google.com *.google.co.in *.bing.com *.linkedin.com *.google.ca *.twitter.com *.simpli.fi *.doubleclick.net *.tremorhub.com *.3lift.com *.tapad.com *.agkn.com *.intentiq.com *.pubmatic.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pro-market.net *.comodoca.com *.googletagmanager.com *.pippio.com *.sectigo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.demo.convergepay.com api.convergepay.com google.com gstatic.com 'self' data: https://chimpstatic.com http://bat.bing.com/bat.js https://bat.bing.com/p/action/16008447.js *.googletagmanager.com static.ads-twitter.com *.twimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.trustlogo.com *.google-analytics.com *.zdassets.com *.ekr.zdassets.com https://analytics.twitter.com exairhelp.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://secure.trust-provider.com https://libs.fraud.elavongateway.com/sdk-web-js/0.13.8/3ds2-web-sdk.min.js https://www.convergepay.com/hosted-payments/Checkout.js https://demo.convergepay.com/hosted-payments/Checkout.js *.clarity.ms https://static.hotjar.com/c/hotjar-2555992.js https://script.hotjar.com *.hotjar.com https://edge.fullstory.com/s/fs.js *.fullstory.com *.userway.org *.facebook.net *.doubleclick.net *.bing.com *.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.zdassets.com/web_widget* https://static.zdassets.com/ekr/snippet.js/* *.simpli.fi *.cloudflare.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.googletagmanager.com *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com *.zdassets.com *.static.zdassets.com *.ekr.zdassets.com https://static.zdassets.com/web_widget/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://static.zdassets.com/web_widget* 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.demo.convergepay.com api.convergepay.com gstatic.com 'unsafe-inline' data: 'unsafe-inline' blob: *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.facebook.net *.google-analytics.com *.zdassets.com *.ekr.zdassets.com https://analytics.twitter.com exairhelp.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://www.convergepay.com/hosted-payments/service/payment/hpe/process https://demo.convergepay.com/hosted-payments/service/payment/hpe/process https://clarity.microsoft.com/ *.clarity.ms *.hotjar.com *.bing.com *.fullstory.com *.userway.org *.doubleclick.net *.linkedin.com https://static.zdassets.com/web_widget* *.oribi.io *.googleapis.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.onesignal.com use.typekit.net cdn.cookiehub.eu eu2.snoobi.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.cookiehub.eu dash.cookiehub.com; font-src 'self' fonts.gstatic.com use.typekit.net; img-src 'self' data: analytics.fcgtalent.fi p.typekit.net i.ytimg.com dreambroker.com 1
frame-ancestors 'self' https://printedmint.app https://printedmint.com https://www.printedmint.com; 1
connect-src 'self' *.nrw.de; default-src 'self' *.nrw.de; font-src data: *; frame-ancestors 'self' *.nrw.de; frame-src 'self' *.nrw.de; img-src data: *; media-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de; style-src 'self' 'unsafe-inline' *.nrw.de; worker-src 'self' *.nrw.de; upgrade-insecure-requests; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-47ce42a2b88065166da961a46f34ce50'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://federated.press; img-src 'self' https: data: blob: https://federated.press; style-src 'self' https://federated.press 'nonce-VWhNY/pNRjmP8nx1YksYxw=='; media-src 'self' https: data: https://federated.press; frame-src 'self' https:; manifest-src 'self' https://federated.press; form-action 'self'; child-src 'self' blob: https://federated.press; worker-src 'self' blob: https://federated.press; connect-src 'self' data: blob: https://federated.press https://assets.federated.press wss://federated.press; script-src 'self' https://federated.press 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com; object-src 'none'; frame-ancestors 'self' 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src * 'self' data: mediastream: https: animesoul.com google-analytics.com shoob.gg *.animesoul.com *.google-analytics.com *.shoob.gg *.tiny.cloud *.tinymce.com *.tenor.com data: blob: *.tailwindcss.com;object-src 'none';script-src 'self' 'nonce-0Ex7wkd2NKr8ODivuHrixw==' 'unsafe-hashes' data: animesoul.com googletagmanager.com google-analytics.com google.com gstatic.com paypal.com paypalobjects.com shoob.gg twitch.tv youtube.com *.animesoul.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.paypal.com *.paypalobjects.com *.shoob.gg *.tiny.cloud *.tinymce.com *.twitch.tv *.youtube.com *.tenor.com *.tailwindcss.com;script-src-attr 'unsafe-inline';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' data: mediastream: ws://shoob.gg ws://animesoul.com wss://shoob.gg wss://animesoul.com animesoul.com cdn.plyr.io discord.com discordapp.com doubleclick.net googletagmanager.com google-analytics.com paypal.com shoob.gg twitch.tv youtube.com *.animesoul.com *.discord.com *.discordapp.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.paypal.com *.shoob.gg *.tiny.cloud *.tinymce.com *.twitch.tv *.youtube.com *.tenor.com *.tailwindcss.com;frame-src 'self' google.com paypal.com paypalobjects.com player.twitch.tv soundcloud.com spotify.com youtube.com youtu.be *.google.com *.paypal.com *.paypalobjects.com *.soundcloud.com *.spotify.com *.youtube.com *.youtu.be *.tailwindcss.com;media-src * 'self' data: mediastream: https: animesoul.com *.animesoul.com shoob.gg *.shoob.gg *.tenor.com *.tailwindcss.com;script-src-elem 'self' 'nonce-0Ex7wkd2NKr8ODivuHrixw==' data: animesoul.com googletagmanager.com google-analytics.com google.com gstatic.com paypal.com paypalobjects.com shoob.gg twitch.tv youtube.com *.animesoul.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.paypal.com *.paypalobjects.com *.shoob.gg *.tiny.cloud *.tinymce.com *.twitch.tv *.youtube.com *.tenor.com *.tailwindcss.com 1
frame-ancestors schoolofawakening.elizabethapril.com elizabethapril.com dev.elizabethapril.com design.elizabethapril.com shop.elizabethapril.com media.elizabethapril.com new.elizabethapril.com orders.elizabethapril.com; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; worker-src * blob:; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
frame-ancestors 'none', default-src https: https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://cdn.curator.io/; font-src 'self' data: https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com  https://cdn.curator.io https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com https://bettercollect.elucidity.com.au; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://prod-apim-auseast-001.azure-api.net https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/ https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com https://bettercollect.elucidity.com.au https://www.googleadservices.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.google-analytics.com https://*.googletagmanager.com https://bettercollect.elucidity.com.au 1
frame-ancestors 'self' https://*.ringdna.net https://*.force.com; 1
frame-ancestors 'self' *.mellon.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.accessibe.com *.acsbapp.com *.acuityscheduling.com *.appointy.com *.appspot.com *.auspost.com.au *.bing.com *.bokun.io *.brownrice.com *.bubbleapps.io *.campaignmonitor.com *.cellarpass.com *.cincopa.com *.clickdimensions.com *.cloudbeds.com *.communitybenchmark.com *.createsend.com *.curator.io *.docusign.com *.donationx.org *.doubleclick.net *.duda.co *.elfsight.com *.eventbrite.co.nz *.eway.ca *.eway.com *.exploretock.com *.eztexting.com *.facebook.com *.facebook.net *.filesusr.com *.flipsnack.com *.fortsystems.com *.fullstory.com *.godaddy.com *.google-analytics.com *.google.com *.googleapis.com *.gowinecub.com *.grappos.com *.hello.myfonts.net *.helpscout.net *.instagram.com *.issuu.com *.jebbit.com *.jivochat.com *.jotform.com *.kampyle.com *.kazzit.com *.lightwidget.com *.linkedin.com *.lpages.co *.mailchimp.com *.mailmunch.co *.mailmunch.com *.mangomint.com *.monetate.net *.multiscreensite.com *.netbookings.com.au *.newrelic.com *.newtonsoftware.com *.nowbookit.com *.olark.com *.optimizely.com *.premiercellar.com *.purechat.com *.quickbooks.intuit.com *.readytoship.com.au *.referralcandy.com *.rezdy.com *.rfihub.com *.rlets.com *.ryzeo.com *.simpletix.com *.small.chat *.stripe.com *.sumo.com *.tawk.to *.thefork.com.au *.tripleseat.com *.twitter.com *.typekit.net *.ubembed.com *.userway.org *.vinovisit.com *.vintools.co *.vintrace.com *.virtualbctours.com *.visitingmedia.com *.vivino.com *.winepulse.com *.winering.com *.wix.com *.wixapps.net *.yotpo.com *.youcanbook.me *.youriguide.com *.youtube.com *.zoho.com adservices.brandcdn.com app.squarespacescheduling.com apps.wixrestaurants.com assetss3.vin65.com av.ageverify.co book.peek.com c.sharethis.mgr.consensu.org cdn.krxd.net chat.broadly.com consentcdn.cookiebot.com digioh.blob.core.windows.net dotcal.com editmysite.com embedsocial.com fareharbor.com fecdn.user1st.info foleywineclub.co.nz formcrafts.com googletagmanager.com gum.criteo.com insight.adsrvr.org instaembedder.com instansive.com iplayerhd.com js.driftt.com loadbalancer.visitor-analytics.io my.matterport.com mymobileapp.online onelineplayer.com opentable.com paypalobjects.com photos.pixlee.com platform.vinespring.com player.vimeo.com px.owneriq.net s7.addthis.com secure.livechatinc.com snapwidget.com static.parastorage.com t.sharethis.com tableagent.com td.yieldify.com vars.hotjar.com vinoshipper.com weatherwidget.io webform-console.pernod-ricard.io widgets.resy.com yelp.com youtube-nocookie.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1vs1bmhiqug28&partner=; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-jmO9r0qqKarb5w4h93pRwLHrrYYtimjLQ0Jg2SvAChw=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
frame-ancestors sex69hihi.pro sextop10.vip sexnung.cc phimjavhd.cc sextop13x.com sex69ngon.pro sextop3x.pro phimsextop.biz sex3xditnhau.pro sex7.vip phim69x.pro phimxvip.pro khophimhay.biz phimsexhayhd.org sexvuto.vip sexhayhd.pro phim.sexmoihdfull.com xnxx.topsex3x.com x.phimtop1sex.com s.xemlonmup.com xem.3xphimsex.pro phim.sex8xhay.pro phim.sexnung.vip phim.sexdit3x.com phim.sex9x.pro xem.phimsexgaidam.com phim.sex69hdep.com sex.khophimhay.pro phim.sex69ngon.com phim.sexhdmoi.net 3xphimsex.pro pim3x.phimsextop.pro phim.sex3xtop1.pro hd.phimsexful.pro phimsex.phimvip.biz hay.xemsex69.vip xxxpro.sexnung.net xxx.javpornhd.pro phimsex.ditnhau69.pro javhd.sexphim69.com sex.phimjavhd.pro sex9x.pro sexdit3x.com phimxxx.sextop10.pro sexhdmoi.net khophimhay.pro sextube3x.com sexhdxnxx.pro phimvietsex.pro topphimsex.vip phimvip.biz xnxx7.biz sexnung.vip sexnung.net phimsextop.pro phimsex5sao.com sex7.pro sex3xtop1.pro phimsexfull.com sexphim69.com xemsex69.vip sexnunghd.com xnxxvietnam.pro sex2023.pro sex69ngon.com phim.sex69hihi.com sex69hdep.com sex8xhay.pro sexmoihdfull.com xemsexhdhay.com sextructuyen.pro topsex3x.com xemlonmup.com phimtop1sex.com phimsexgaidam.com sexheoxinh.com phimheosex.pro phimsexful.pro sex3xhdhay.com sexnungbim.com phimsexhayhd.pro sexxyz.pro sexeva.pro phimsexso1.pro sexmassage.pro sexsuong.com sexdaythi.pro phimsextinhcam.pro sexchonloc.pro phim18sex.pro sexgai18.pro sexdit.org sexmoi3x.pro sexhd3x.net thichsex.vip olaphim.pro phimhayghe.pro phimhdphe.pro sexhdngon.pro sex5sao.org javgaidep.pro sexchichnhau.pro phimsexcap3.pro sexngan.pro sexhdjav.pro phimsetnhat.pro sexhdnhat.pro phimhdsex.pro phimhaysex.pro sexbaophe.pro vlxxnhanh.pro xnxxnhat.pro vlxxyz.pro haysexngon.pro haysexhihi.pro sexhdnhanh.pro sexhdnhat.com javhdxinh.pro phimxvideos.pro phimvlxz.pro sexvuto.pro sexhan.pro vlxxcom.pro sexvietvn.com ditnhau69.pro sexvietnamnhanh.pro javpornhd.pro phimsexditnhauhay.pro sexprovip.com javstreaming.pro sexdithay.pro sexhdtv.pro so1sex.net javhd-porn.net xemsextv.pro javhd-stream.com xemsexhay.xyz javhdtoday.pro freejavhd.pro sex3xtv.pro sex69tv.pro nghiensexhay.pro phimsex69hay.com phim69sex.com bestjavporn.club javfast.pro phimsexthiendia.pro xemhdsex.pro hayxemsex.pro sexnhanhvl.pro sexnhanh69.com cdx.sexxyz.pro 1
media-src 'self' https://s3.amazonaws.com/mofo-assets/foundation/video/ https://assets.mofoprod.net/static/ https://assets.mofoprod.net/network/media/ https://player.vimeo.com/ https://*.akamaized.net/; frame-src 'self' https://www.youtube.com  https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://devopstypeform.typeform.com https://player.vimeo.com https://mofo-infographics.s3.amazonaws.com  https://form.typeform.com https://js.tito.io https://anchor.fm https://datawrapper.dwcdn.net https://player.simplecast.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com https://logwork.com https://rbsteed.com https://vimeo.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://tagmanager.google.com https://platform.twitter.com https://assets.mofoprod.net/static/ https://cdn.commento.io/css/commento.css https://www.googletagmanager.com/debug/badge.css https://js.tito.io https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/ScrollTrigger.min.js https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css; worker-src 'self'; connect-src *; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; img-src * data: blob: *.fundraiseup.com ucarecdn.com pay.google.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://assets.mofoprod.net/static/ https://cdn.commento.io/fonts/ *.fundraiseup.com *.stripe.com data: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.mofoprod.net/static/ https://embed.typeform.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://tagmanager.google.com *.googletagmanager.com https://cdn.commento.io/js/commento.js https://js.tito.io https://js-plugins.tito.io/gtm.js *.stripe.com m.stripe.network *.fundraiseup.com *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com https://mozillafoundation.tfaforms.net 'unsafe-eval' 'nonce-EUw935pc3oLbmdO9RFTpgw=='; frame-ancestors 'self'; default-src 'none' 1
default-src 'self' 'unsafe-inline' https://*.hacienda.cl https://*.fontawesome.com https://unpkg.com https://*.instagram.com https://*.twitter.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.youtube.com https://*.linkedin.com https://*.jsdelivr.net https://*.google-analytics.com https://*.beta.hacienda.cl; script-src 'self' 'unsafe-inline' https://*.hacienda.cl https://*.googletagmanager.com https://*.twitter.com https://*.instagram.com https://*.google.com https://*.gstatic.com https://*.jsdelivr.net; img-src 'self' data: https://*.hacienda.cl https://*.twitter.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' http: https: data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-unsafe-eval https://assets.innoq.com https://*.assets.innoq.com https://stats.innoq.com https://cdn.ravenjs.com https://cdn.podigee.com https://cdn.podlove.org https://player.podigee-cdn.net https://code.jquery.com https://cdnjs.cloudflare.com https://plausible.io https://comments.innoq.com https://platform.twitter.com; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://cdn.podigee.com https://disqus.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://player.podigee-cdn.net https://platform.twitter.com; frame-ancestors 'self'; connect-src 'self' https://innoq-search-production.herokuapp.com https://comments.innoq.com https://stats.innoq.com https://plausible.io https://api.friendlycaptcha.com; child-src blob: 1
font-src *.gstatic.com *.googleapis.com *.hiperdino.es *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com *.hiperdino.es *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.googleapis.com *.hotjar.com *.paycomet.com *.tiendeo.com *.hiperdino.es c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.amazonaws.com *.facebook.com *.facebook.net *.googleapis.com *.google.com *.google.es *.gstatic.com *.hiperdino.es *.singularfactory.com *.doubleclick.net https://cdn.jsdelivr.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com www.googletagmanager.com *.amazonaws.com *.doubleclick.net *.cloudflare.com *.facebook.net *.googleapis.com *.hotjar.com *.mouseflow.com *.zdassets.com *.tiendeo.com *.hiperdino.es https://cdn.jsdelivr.net https://openfpcdn.io https://intl-tel-input.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.hiperdino.es https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.hiperdino.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com *.doubleclick.net *.googleapis.com *.google.com analytics.google.com *.google.es *.hotjar.com *.zendesk.com *.zdassets.com zendesk-eu.my.sentry.io *.zopim.com wss://widget-mediator.zopim.com *.hiperdino.es https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.hiperdino.es *.singularfactory.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://cdn01.basis.net https://www.clarity.ms https://di.rlcdn.com https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.taboola.com https://ads.linkedin.com https://ajax.cloudflare.com https://analytics.tiktok.com https://analytics.yahoo.com https://app.storyblok.com https://bat.bing.com https://connect.facebook.net https://conv.indeed.com https://fmedsnowplow-js.s3.amazonaws.com https://googleads.g.doubleclick.net https://l.antigena.com https://js.hsleadflows.net https://js.hs-scripts.com https://*.sitescout.com/ https://s.yimg.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.cloudflareinsights.com https://tagmanager.google.com https://*.pixel.ad https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://hsleadflows.net https://js.hscollectedforms.net https://tags.srv.stackadapt.com https://*.hubspot.com/ https://*.doubleclick.net/; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://tags.srv.stackadapt.com; img-src 'self' data: blob: https://api.fusionmarketplace.com/ https://api.fusionmarketplace.com https://cms.blob.fusionmarketplace.com https://cms.fusionmarketplace.com https://di.rlcdn.com https://*.ads.linkedin.com https://*.fls.doubleclick.net https://forms.hsforms.com https://*.google-analytics.com https://*.google.com https://*.storyblok.com https://*.taboola.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://info.fusionmedstaff.com https://p.adsymptotic.com https://pixel.sitescout.com https://sp.analytics.yahoo.com https://ssl.gstatic.com https://static.furnishedfinder.com https://staticproperties.furnishedfinder.com https://www.facebook.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://track.hubspot.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://*.pixel.ad https://*.sitescout.com https://images.surferseo.art https://tags.srv.stackadapt.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://accounts.fusionmarketplace.com/ https://accounts.fusionmarketplace.com https://*.fls.doubleclick.net https://*.google.com https://*.online.tableau.com https://bid.g.doubleclick.net https://pixel.sitescout.com https://www.facebook.com https://td.doubleclick.ne https://www.googletagmanager.com http://app.storyblok.com https://app.storyblok.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://js.hubspot.com/ https://*.doubleclick.net/; form-action 'self' https://www.facebook.com; frame-ancestors 'self' http://app.storyblok.com https://app.storyblok.com 1
script-src www.bristowgroup.com qmod.quotemedia.com *.googletagmanager.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com apps.elfsight.com static.elfsight.com *.equisolve.net d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src www.bristowgroup.com qmod.quotemedia.com *.googletagmanager.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com browser-update.org cdnjs.cloudflare.com apps.elfsight.com static.elfsight.com *.equisolve.net d1io3yog0oux5.cloudfront.net 1
default-src 'none'; script-src 'none'; style-src 'none'; img-src 'none'; font-src 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; child-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri https://urown.net/; manifest-src 'none'; referrer no-referrer;  1
: default-src 'self' 1
base-uri 'self'; default-src 'self'; object-src 'none'; connect-src 'self' *.juicer.io graph.facebook.com; font-src 'self' *.gstatic.com *.juicer.io; script-src 'self' 'strict-dynamic' 'report-sample' 'nonce-0bd887537a7a0e8cbd83621c7a19eb35'; script-src-attr 'none'; script-src-elem 'self' 'strict-dynamic' 'report-sample' 'nonce-0bd887537a7a0e8cbd83621c7a19eb35'; style-src 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.juicer.io *.podigee.io *.podigee-cdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.juicer.io *.twimg.com *.imgur.com *.fbcdn.net *.instagram.com *.cdninstagram.com *.podigee-cdn.net data:; child-src 'none'; frame-src 'self' *.podigee.io *.podigee-cdn.net; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; report-uri /csp-violations 1
default-src 'self'; frame-src 'self' https://ads.kwanzoo.com https://www.facebook.com https://html5-player.libsyn.com https://d.adroll.com https://s.adroll.com https://255-ekd-002.mktoresp.com https://va.tawk.to https://bid.g.doubleclick.net https://static-v.tawk.to https://www.youtube.com https://player.vimeo.com; connect-src 'self' *  https://d.adroll.com  https://segments.company-target.com/ https://www.facebook.com/tr/ https://www.facebook.com https://go.xoriant.com https://255-ekd-002.mktoutil.com https://script.crazyegg.com https://static-v.tawk.to https://va.tawk.to https://www.google-analytics.com https://tracking.crazyegg.com https://api.company-target.com https://stats.g.doubleclick.net https://255-ekd-002.mktoresp.com; script-src 'self' data: * 'unsafe-inline' 'unsafe-eval' https://static-v.tawk.to https://ajax.googleapis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://use.fontawesome.com  https://cdn.jsdelivr.net; img-src 'self' data: * https://static-v.tawk.to https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://use.fontawesome.com https://static-v.tawk.to https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://static-v.tawk.to https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; object-src 'self' data: *; media-src 'self' https://static-v.tawk.to https://d2z6n7frhx0hun.cloudfront.net https://cdn.xoriant.com https://www.xoriant.com; 1
default-src 'self' www.youtube.com apollo-server-landing-page.cdn.apollographql.com; script-src 'self' 'nonce-6sctdYx/YCL9v677lz1NpA==' apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com; script-src-elem 'self' 'nonce-6sctdYx/YCL9v677lz1NpA==' apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com; frame-src 'self' embeddable-sandbox.cdn.apollographql.com sandbox.embed.apollographql.com www.youtube.com https://app.igniteprocurement.com/; connect-src 'self' https://sentry.io https://obosit-dev-connect-fa.azurewebsites.net https://obosit-prod-connect-fa.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: res.cloudinary.com apollo-server-landing-page.cdn.apollographql.com embeddable-sandbox.cdn.apollographql.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://storage.googleapis.com ignite-procurement-production.s3.amazonaws.com *.ignite-procurement-production.s3.amazonaws.com https://cdn.sanity.io https://cdn.sanity.io https://cdn.jsdelivr.net blob:; media-src 'self' res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://cdn.sanity.io; base-uri 'self'; object-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'none'; form-action 'self' innlogging.obos.no; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com *.force.com snap.licdn.com *.leadboxer.com cdn.cookielaw.org *.onetrust.com *.ads.linkedin.com privacyportal-de.onetrust.com stats.g.doubleclick.net www.linkedin.com *.hotjar.com www.youtube-nocookie.com cdn-images.mailchimp.com www.google.com www.google.nl *.adsymptotic.com *.livechatinc.com *.hotjar.io img.youtube.com *.pardot.com ortec.my.salesforce-sites.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com go.ortec.com cdn.linkedin.oribi.io ws.zoominfo.com; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https:; frame-src tel: mailto: https:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: 'unsafe-hashes'; script-src-elem 'unsafe-inline' https:; style-src 'unsafe-inline' 'report-sample' https: 'unsafe-hashes'; style-src-elem 'unsafe-inline' https:; default-src https:; report-uri /.well-known/csp/afc50834-47a9-4f84-b965-04652c70215a 1
default-src 'self'; object-src 'none'; frame-src 'self' https://highradiuseu.thoughtspot.cloud/   https://radiusone.com/ blob: 'self' https://*.highradius.com/ data: https://app.pendo.io/ ; media-src 'self' blob: 'self' https://*.highradius.com/; connect-src  https://bam.nr-data.net/   'self' https://highradiuseu.thoughtspot.cloud/  wss://*.highradius.com/ https://*.highradius.com/ https://www.google-analytics.com/; img-src 'self' blob: https://*.highradius.com/  data: https://www.google-analytics.com https://data.pendo.io https://*.highradius.com/; script-src  'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://*.highradius.com/; script-src-elem   https://js-agent.newrelic.com/  https://bam-cell.nr-data.net/ https://bam.nr-data.net/   'self' 'unsafe-inline' https://cdn.pendo.io/  https://data.pendo.io/ https://app.pendo.io/ https://www.google-analytics.com/ https://*.highradius.com/;style-src  'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;worker-src 'self' https://*.highradius.com/ blob:; 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.es/report-uri/enforce 1
frame-ancestors 'self' *.regmovies.com *.authorize.net 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon-belgium.be; img-src 'self' https: data: blob: https://mastodon-belgium.be; style-src 'self' https://mastodon-belgium.be 'nonce-FsopiVp38TupxR7wUc8NSA=='; media-src 'self' https: data: https://mastodon-belgium.be; frame-src 'self' https:; manifest-src 'self' https://mastodon-belgium.be; form-action 'self'; child-src 'self' blob: https://mastodon-belgium.be; worker-src 'self' blob: https://mastodon-belgium.be; connect-src 'self' data: blob: https://mastodon-belgium.be https://mastodon-belgium.be wss://mastodon-belgium.be; script-src 'self' https://mastodon-belgium.be 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.affino.com *.charitydigital.org.uk charitydigital.org.uk *.charitydigitalexchange.org charitydigitalexchange.org *.comrzdev.com *.techsoupeurope.org; 1
default-src https: 'self' 'unsafe-inline';font-src 'self' data: fonts.gstatic.com pro.fontawesome.com;img-src 'self' data: www.zlate-mince.cz www.prazskamincovna.cz zlatovna.cz www.google-analytics.com stats.g.doubleclick.net c.imedia.cz c.seznam.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org ajax.cloudflare.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com  https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com maps.gstatic.com www.google-analytics.com www.google.com www.gstatic.com recaptcha.net www.recaptcha.net www.googletagmanager.com; img-src 'self' data: maps.gstatic.com www.google-analytics.com www.google.com www.gstatic.com recaptcha.net www.recaptcha.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com; base-uri 'self'; frame-src 'self' www.google.com www.gstatic.com recaptcha.net www.recaptcha.net maps.google.com; frame-ancestors 'self'; form-action 'self'; connect-src 'self' maps.googleapis.com maps.gstatic.com; 1
font-src fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.affirm.com *.hotjar.com *.olark.com data: acsbapp.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.amazon.com *.googletagmanager.com *.affirm.com *.betterbaseball.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.weltpixel.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.facebook.com *.facebook.net *.amazon.com *.googletagmanager.com *.olark.com *.hotjar.com *.microsoft.com *.betterbaseball.com *.wesupply.xyz https://wesupplylabs.com magento-cloudflare.jetrails.com *.google.com/ www.facebook.com platform.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.cloudflare.com *.cloudfront.net *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googletagmanager.com *.googleapis.com *.olark.com *.ytimg.com *.bing.com *.microsoft.com *.clarity.ms *.bolt.com acsbapp.com *.acsbapp.com *.cdn.imgeng.in *.betterbaseball.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.searchspring.net *.searchspring.io *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.olark.com *.hellomedian.com *.googleapis.com *.roirevolution.com *.bing.com *.clarity.ms acsbapp.com *.betterbaseball.com *.datadome.co widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ connect.facebook.net twitter.com platform.twitter.com *.searchspring.net *.searchspring.io https://cdn.searchspring.net/intellisuggest/is.min.js ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.cloudfront.net *.klaviyo.com *.google.com *.gstatic.com *.amazon.com *.payments-amazon.com *.bootstrapcdn.com *.googleapis.com *.olark.com *.bing.com *.googletagmanager.com acsbapp.com *.betterbaseball.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.searchspring.net *.searchspring.io tagmanager.google.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.klaviyo.com *.google.com *.amazon.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.signifyd.com *.olark.com wss://socket.hellomedian.com/ wss://*.hotjar.com/ *.hotjar.io *.zippopotam.us *.hellomedian.com https://bt.signifyd.com:11103/ *.bing.com wss://*.bing.com *.roirevolution.com *.bugsnag.com *.clarity.ms *.acsbapp.com *.betterbaseball.com *.datadome.co widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.searchspring.net *.searchspring.io https://beacon.searchspring.io/beacon *.facebook.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-inline' http: https: www.goodcook.com:443 *.newrelic.com *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' www.goodcook.com:443; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src assets.braintreegateway.com *.pinterest.com *.goodcook.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.vimeo.com widget.trustpilot.com *.bazaarvoice.com *.google.com disqus.com eucs24.ksearchnet.com zendesk.com mailerlite.com *.cybersource.com *.hotjar.com *.adsrvr.org *.gomage.dev *.doubleclick.net; connect-src wss: http: https: bam-cell.nr-data.net; 1
default-src* 1
img-src 'self' ssl.google-analytics.com www.google.com www.google.lt www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://googleads.g.doubleclick.net http://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://s7.addthis.com https://v1.addthisedge.com/live/boost/kilobaitas/_ate.track.config_resp https://m.addthis.com/live/red_lojson/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js 'unsafe-eval' 'unsafe-inline';connect-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com; 1
script-src 'nonce-m+puHT4wP37UPgfXbh25yQ==' 'strict-dynamic' * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://portal.bulkgate.com/api/notification/csp; 1
default-src 'self'; font-src * data:;img-src * data:; script-src *; style-src * 'unsafe-inline'; frame-src *; connect-src *; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-5lIpmv2zSIkVqZYHIgk7yw=='; style-src 'self' www.gstatic.com; font-src 'self'; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://shakedown.social; img-src 'self' https: data: blob: https://shakedown.social; style-src 'self' https://shakedown.social 'nonce-bGocDzoD+6duWxge3s2FZA=='; media-src 'self' https: data: https://shakedown.social; frame-src 'self' https:; manifest-src 'self' https://shakedown.social; form-action 'self'; child-src 'self' blob: https://shakedown.social; worker-src 'self' blob: https://shakedown.social; connect-src 'self' data: blob: https://shakedown.social https://files.shakedown.social wss://shakedown.social; script-src 'self' https://shakedown.social 'wasm-unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src * 'self' data: https:; object-src 'none'; frame-ancestors 'none' 1
default-src 'self' https://iaso.blob.core.windows.net localhost:3000 https://cdn.plyr.io https://e.issuu.com https://iasogroup.us11.list-manage.com https://players.yumpu.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://stats.g.doubleclick.net https://www.google.com *.googletagmanager.com https://download.yourgift.cards https://inbound.giftup.app https://region1.google-analytics.com https://www.googletagmanager.com https://ss.iaso.gr https://analytics.tiktok.com cdn.giftup.app; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://iasogroup.us11.list-manage.com cdn.plyr.io https://players.yumpu.com https://consent.cookiebot.com https://www.googletagmanager.com https://www.googleadservices.com https://consentcdn.cookiebot.com data: https://*.googlesyndication.com *.google.gr cdn.giftup.app https://download.yourgift.cards https://inbound.giftup.app https://ss.iaso.gr https://analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.giftup.app https://download.yourgift.cards https://inbound.giftup.app https://www.googletagmanager.com https://ss.iaso.gr 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://iaso.blob.core.windows.net https://i.ytimg.com *.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.de cdn.giftup.app https://download.yourgift.cards https://inbound.giftup.app https://www.google.gr https://www.googletagmanager.com https://connect.facebook.net https://ss.iaso.gr https://analytics.tiktok.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://consentcdn.cookiebot.com/ http://localhost https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com *.yumpu.com https://www.facebook.com https://www.googletagmanager.com https://ss.iaso.gr cdn.giftup.app download.yourgift.cards inbound.giftup.app 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com cdn.plyr.io https://e.issuu.com https://iasogroup.us11.list-manage.com https://players.yumpu.com https://www.yumpu.com https://stats.g.doubleclick.net https://www.youtube-nocookie.com *.cookiebot.com https://www.googleapis.com https://www.facebook.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://ss.iaso.gr https://analytics.tiktok.com cdn.giftup.app download.yourgift.cards inbound.giftup.app 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://cdn.plyr.io cdn.plyr.io https://iaso.blob.core.windows.net https://googleads.g.doubleclick.net cdn.giftup.app https://download.yourgift.cards https://inbound.giftup.app https://www.googletagmanager.com https://ss.iaso.gr; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com cdn.plyr.io https://e.issuu.com https://iasogroup.us11.list-manage.com https://players.yumpu.com https://www.yumpu.com https://www.googletagmanager.com https://ss.iaso.gr https://analytics.tiktok.com https://googleads.g.doubleclick.net cdn.giftup.app download.yourgift.cards inbound.giftup.app 'self' web-chat.nativechat.com 1
default-src 'self' *.1099pro.com cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com *.force.com *.marketo.net *.mktoresp.com sovos.getfeedback.com https: data: 'unsafe-inline' 'unsafe-eval';worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://skyjake.fi; img-src 'self' https: data: blob: https://skyjake.fi; style-src 'self' https://skyjake.fi 'nonce-BiRVc/0g3yfc6GiJlfNBvg=='; media-src 'self' https: data: https://skyjake.fi; frame-src 'self' https:; manifest-src 'self' https://skyjake.fi; form-action 'self'; child-src 'self' blob: https://skyjake.fi; worker-src 'self' blob: https://skyjake.fi; connect-src 'self' data: blob: https://skyjake.fi https://skyjake.fi wss://skyjake.fi; script-src 'self' https://skyjake.fi 'wasm-unsafe-eval' 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://*.tile.openstreetmap.org/; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' ; object-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com ; font-src fonts.gstatic.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; img-src 'self' blob: data: lachain.io nfttest.lachain.net etherscan.io app.beefy.com cryptologos.cc offchainlabs.com upload.wikimedia.org s2.coinmarketcap.com dfwstrapi.lachain.io ; frame-src 'self' https://lachain.io https://test.lachain.net ; connect-src 'self' ws://next:3000 ws://localhost:3000 https://app.lachain.io https://api-qa.dev3.nekotal.tech https://defiwlt.com https://bridge-balancer1.lachain.io https://test-bridge-balancer1.lachain.io https://cdn.segment.com https://api.segment.io https://poly-mainnet.gateway.pokt.network https://fantom-mainnet.gateway.pokt.network https://mainnet.infura.io https://ropsten.infura.io https://relayer.lachain.io https://rinkeby.infura.io https://mainnet.optimism.io https://evm.cronos.org https://bsc-dataseed.binance.org https://mainnet.optimism.io https://data-seed-prebsc-1-s1.binance.org:8545 https://http-mainnet.hecochain.com https://polygon-rpc.com https://rpc-mainnet.lachain.io https://rpc-testnet.lachain.io https://rpc-devnet.lachain.io https://rpcapi.fantom.network https://http-testnet.hecochain.com https://cronos-testnet-3.crypto.org:8545 https://rpc.testnet.fantom.network https://arb1.arbitrum.io https://api.avax-test.network https://api.avax.network https://matic-mumbai.chainstacklabs.com https://rinkeby.arbitrum.io https://api.harmony.one https://api.s0.b.hmny.io https://nfttest.lachain.net https://bridge1.lachain.io ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js  https://cdn.cookielaw.org 1
frame-ancestors https://*.vaudoise.ch https://associated.ch https://vaudoise.my.salesforce.com 1
base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'none'; img-src 'self'; media-src 'none'; object-src 'none'; worker-src 'none'; form-action 'self'; frame-ancestors 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://www.malwarepatrol.net https://users.malwarepatrol.net https://eval.malwarepatrol.net 1
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob: data: wss: pricespider.com *.pricespider.com mapbox.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src https:; script-src-elem 'self' https://ramboll.containers.piwik.pro 'unsafe-inline' *.googletagmanager.com https://js.hubspot.com/web-interactives-embed.js *.hubspot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://app.kontent.ai/js-api/custom-element/v1/custom-element.min.js https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://script.hotjar.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-banner.com/integrations.js https://js.hs-analytics.net/analytics/1678953600000/7520151.js https://js.hsleadflows.net/leadflows.js https://script.hotjar.com/modules.b58f4dbb50ff88fc1f15.js https://www.googleadservices.com/pagead/conversion/455101059/ https://www.googletagmanager.com/gtm.js; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-01cad2b8-c2ce-4da3-9908-e037fa094a70' https://*.googletagmanager.com https://ramboll.piwik.pro/ppms.js *.hubspot.com https://js.hubspot.com https://consent.cookiebot.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net blob: 'unsafe-eval' https://www.googletagmanager.com/gtm.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ramboll.containers.piwik.pro; connect-src 'self' https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://brandcentral.ramboll.com/ https://api.hubapi.com/forms/v2/forms https://*.googleapis.com *.google.com https://*.gstatic.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data: blob: https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/v1/ https://google.com https://www.microsoft.com/ *.hubspot.com https://js.hubspot.com https://newrelic.com https://*.ramboll.com/ https://www.hotjar.com/ https://soundcloud.com/ https://www.smartrecruiters.com/ https://video.ramboll.com/ https://internalvideo.ramboll.com/ https://www.facebook.com https://www.linkedin.com/ https://*.linkedin.com/ https://forms.hubspot.com/lead-flows-config/v1/config/json https://vc.hotjar.io/sessions/1206552 https://pagead2.googlesyndication.com/pagead/landing https://in.hotjar.com/api/v2/client/sites/1206552/visit-data https://customformsapi.rambolltest.com/documentartifact/Content; frame-src 'self' https://www.linkedin.com/ https://*.linkedin.com/ https://consentcdn.cookiebot.com https://brandcentral.ramboll.com/ *.google.com https://forms.hsforms.com/ https://*.ramboll.com/ https://w.soundcloud.com/ https://open.spotify.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://www.facebook.com/ https://*.hs-sites.com/; img-src 'self' https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.googletagmanager.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data:; media-src 'self' https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://ramboll.containers.piwik.pro; object-src none; block-all-mixed-content; worker-src blob:; frame-ancestors 'self' https://app.kontent.ai; base-uri self; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://www.recaptcha.net https://hcaptcha.com https://*.hcaptcha.com https://platform.linkedin.com https://static.ads-twitter.com https://*.twitter.com https://*.olark.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://*.pardot.com https://www.facebook.com https://www.google-analytics.com https://adinstruments.bamboohr.com https://www.gstatic.com https://app.wistia.com https://ajax.googleapis.com https://*.adinstruments.com https://cdn.ckeditor.com https://src.litix.io https://assets.adobedtm.com https://i.simpli.fi https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://localhost:1234 http://localhost:8083 https://www.adinstruments.com.br https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net https://snap.licdn.com https://www.paypal.com https://cdn.jsdelivr.net/gh/davidjbradshaw/; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com https://fast.fonts.net https://static.olark.com https://fast.wistia.com https://fast.wistia.net https://adinstruments.bamboohr.com https://cdn.adinstruments.com https://cdn.ckeditor.com https://optanon.blob.core.windows.net https://optimize.google.com https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net; font-src 'self' data: https://static.olark.com https://themes.googleusercontent.com https://fonts.gstatic.com https://fast.fonts.net https://fast.wistia.com; img-src 'self' data: *; connect-src 'self' https://adservice.google.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://*.olark.com https://*.kuracloud.com https://*.wistia.com https://fast.wistia.net https://adinstruments.bamboohr.com https://embedwistia-a.akamaihd.net https://connect.facebook.net https://graph.facebook.com https://google-analytics.com https://*.litix.io https://*.google-analytics.com https://*.googletagmanager.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://*.adinstruments.com https://webto.salesforce.com https://px.ads.linkedin.com http://localhost:8083 https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookielaw.org https://geolocation.onetrust.com; frame-src 'self' https://*.spotify.com https://e.issuu.com https://static.olark.com https://hcaptcha.com https://*.hcaptcha.com https://*.adinstruments.com https://static.olark.com https://*.salesforce.com https://fast.wistia.net https://fast.wistia.com https://platform.twitter.com https://*.facebook.com https://connect.facebook.net https://platform.linkedin.com https://*.google.com https://www.recaptcha.net https://www.gstatic.com https://go.pardot.com https://www.slideshare.net https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net https://*.kuracloud.com/ https://www.sandbox.paypal.com https://www.paypal.com https://www.adinstruments.com.br/ https://www.adinstruments.co.jp/; media-src 'self' data: blob: https://*.adinstruments.com https://static.olark.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://*.wistia.com https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net; object-src 'self' https://*.adinstruments.com https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com; frame-ancestors 'self' http://localhost:1234 https://*.adinstruments.com https://www.adinstruments.com.br https://www.adinstruments.co.jp; 1
base-uri 'self'; script-src 'strict-dynamic' 'nonce-3a3039774721532f6449672a35' 'unsafe-inline' http: https: ; object-src 'self' http://fpdownload2.macromedia.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com https://ajax.googleapis.com; img-src 'self' data: https://analytics.twitter.com/ https://t.co/ https://connect.facebook.net/ https://via.placeholder.com/ https://ct.pinterest.com/ https://px.ads.linkedin.com/ https://ajax.googleapis.com https://www.floornature.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.it https://stats.g.doubleclick.net ; media-src 'self'; child-src 'self' https://ct.pinterest.com/ https://www.youtube-nocookie.com/ https://www.pinterest.com/ https://open.spotify.com/ https://widget.spreaker.com/ https://www.facebook.com/ https://e.issuu.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.com https://connect.facebook.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'self' https://*.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://app-lon10.marketo.com https://www.comeet.com https://*.cookiefirst.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com *.abtasty.com *.gstatic.com *.googleapis.com *.typeform.com https://inject.js https://*.google.com *.googletagmanager.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io blob: data: *.abtasty.com *.gstatic.com *.googleapis.com https://acsbapp.com; img-src 'self' data: https://www.datocms-assets.com https://*.cookiefirst.com https://www.facebook.com https://www.linkedin.com https://linkedin.com https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com https://*.hotjar.io https://widget.freshworks.com https://healthyio.freshdesk.com https://*.google-analytics.com https://*.googletagmanager.com https://*.outbrain.com *.pusher.com *.freshworksapi.com blob: *.abtasty.com *.amazonaws.com https://*.adnxs.com https://*.ml-attr.com https://*.ml-api.io https://*.acsbapp.com https://*.gstatic.com https://*.vimeocdn.com https://*.visualwebsiteoptimizer.com; media-src 'self' data: https://www.datocms-assets.com https://stream.mux.com; frame-src 'self' https://player.vimeo.com https://app-lon10.marketo.com https://www.comeet.com https://www.comeet.co https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.typeform.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://cdn.segment.com https://*.segment.io https://connect.facebook.net https://player.vimeo.com https://*.vimeo.com https://vimeo.com https://app-lon10.marketo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.hotjar.com https://*.hotjar.io https://*.outbrain.com https://*.marketo.net *.typeform.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://*.google.com https://*.gstatic.com https://www.comeet.com https://www.comeet.co https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://platform.linkedin.com https://snap.licdn.com blob: *.abtasty.com *.googleapis.com https://acsbapp.com https://*.ip2c.net https://*.zoominfo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self' https://www.kidney.org; connect-src 'self' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://*.vercel.app https://graphql-listen.datocms.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://healthyio.freshdesk.com https://436-TYX-483.mktorest.com https://*.mktoresp.com https://*.linkedin.oribi.io https://*.mktoutil.com https://vimeo.com https://*.acsbapp.com https://*.sentry.io https://*.ip2c.net https://pages.healthy.io https://*.zoominfo.com 1
frame-ancestors 'self' https://mizadmin.de 1
default-src 'none' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vercel.app/ https://*.pointb.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ https://*.ceros.com/ https://vercel.live/ https://player.vimeo.com/ https://d35vb5cccm4xzp.cloudfront.net/ https://api-engage-us.sitecorecloud.io/ https://static.addtoany.com/ https://insights.pointb.com/ https://pi.pardot.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.netlify.app/ https://fonts.googleapis.com/ https://*.vercel.app/ https://*.pointb.com/ ; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vercel.app/ https://discover.sitecorecloud.io/ https://noembed.com/ https://cdn.cookielaw.org/ https://api-engage-us.sitecorecloud.io/ https://vimeo.com/ https://www.google-analytics.com/ https://geolocation.onetrust.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.vercel.app/; frame-src 'self' http://*.pointb.com/ http://pointb.com/ https://*.pointb.com/ https://pointb.com/ https://www.youtube.com/ https://www.google.com/ https://bcove.video/ https://player.vimeo.com/ https://view.ceros.com/ https://static.addtoany.com/; img-src 'self' data: https://edge.sitecorecloud.io/ https://*.vercel.app/ https://*.pointb.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://cdn.cookielaw.org/ https://i.vimeocdn.com; manifest-src 'self' data:; worker-src 'none'; frame-ancestors 'self' https://*.vercel.app/ https://*.pointb.com/ https://cdn.cookielaw.org/; form-action 'self'; media-src https://*.vercel.app/ https://*.pointb.com/ https://player.vimeo.com/ https://vimeo.com/ https://download-video.akamaized.net/ 1
frame-ancestors 'self' http://toolstestdrive.esource.com; 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.adsrvr.org pghub.io *.google.com www.gstatic.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.flashtalking.com *.pghub.io *.adsrvr.org consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.contentful.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' 'unsafe-inline' 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.googletagmanager.com https://sp.tinymce.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.tiny.cloud https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' https://manage.hawksearch.com https://maps.googleapis.com https://snap.licdn.com https://cookie-cdn.cookiepro.com https://px.airpr.com https://analytics.clickdimensions.com https://cookiepro.blob.core.windows.net https://geolocation.onetrust.com https://vjs.zencdn.net https://manage.hawksearch.com https://hexion.hawksearch.com https://go.hexion.com https://www.googletagmanager.com/gtm.js https://fast.fonts.net https://code.jquery.com https://players.brightcove.net https://pi.pardot.com https://api2.fonts.com 'unsafe-inline' 'unsafe-eval' google.com https://www.google-analytics.com/analytics.js apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com https://platform.stumbleupon.com https://dec.azureedge.net munchkin.marketo.net js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org *.brightcove.com *.juicer.io http://www.googletagmanager.com blob: https://mktdplp102cdn.azureedge.net/ https://*.dynamics.com/ https://*.azureedge.net https://*.microsoft.com *.logic.azure.com https://googleads.g.doubleclick.net; style-src 'self' https://cookie-cdn.cookiepro.com https://fonts.googleapis.com https://manage.hawksearch.com https://hexion.hawksearch.com https://www.hexion.com https://cookiepro.blob.core.windows.net https://fast.fonts.net https://api2.fonts.com 'unsafe-inline' netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com *.brightcove.com *.juicer.io; font-src 'self' https://manage.hawksearch.com https://hexion.hawksearch.com https://www.hexion.com https://vjs.zencdn.net https://api2.fonts.com https://fast.fonts.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://hexion.com https://www.hexion.com https://maps.gstatic.com https://maps.googleapis.com https://p.adsymptotic.com https://px.ads.linkedin.com https://secure.adnxs.com https://dpx.airpr.com https://manage.hawksearch.com https://hexion.hawksearch.com https://stats.g.doubleclick.net https://f1.media.brightcove.com https://metrics.brightcove.com https://www.google.com https://www.google.co.in https://www.google.nl https://www.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net pbs.twimg.com platform.twitter.com data: blob: track.hubspot.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://pixel.sitescout.com/ https://assets-usa.mkt.dynamics.com/ https://hexionwebimages.blob.core.windows.net https://www.googletagmanager.com/; media-src 'self' data: blob: https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net http://bcbolt446c5271-a.akamaihd.net; form-action 'self' https://www.facebook.com/; frame-src 'self' *.juicer.io https://pixel.sitescout.com/ https://006a0b8679ff4abf8eb33572a3f236ac.svc.dynamics.com/ *.svc.dynamics.com/ https://www.facebook.com/ https://players.brightcove.net/ *.logic.azure.com; connect-src 'self' https://www.google-analytics.com/ https://cookie-cdn.cookiepro.com/ *.svc.dynamics.com/ https://stats.g.doubleclick.net/ https://edge.api.brightcove.com/ *.logic.azure.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://maps.googleapis.com ; 1
frame-ancestors 'self' *.ispmanager.com *.ispmanager.ru https://mc.yandex.ru https://mc.yandex.com https://yastatic.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hispagatos.space; img-src 'self' https: data: blob: https://hispagatos.space; style-src 'self' https://hispagatos.space 'nonce-4Ywa8izXqheNFdf13v1mKA=='; media-src 'self' https: data: https://hispagatos.space; frame-src 'self' https:; manifest-src 'self' https://hispagatos.space; form-action 'self'; connect-src 'self' data: blob: https://hispagatos.space https://hispagatos.space wss://hispagatos.space; script-src 'self' https://hispagatos.space 'wasm-unsafe-eval'; child-src 'self' blob: https://hispagatos.space; worker-src 'self' blob: https://hispagatos.space 1
form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https: data: blob: *.fls.doubleclick.net *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.twitter.com *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org www.googletagmanager.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com www.google-analytics.com t.co adservice.google.com *.linkedin.com region1.google-analytics.com app.santanderx.com fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net api-manager.universia.net pro-santanderx-images-s3.s3.eu-west-1.amazonaws.com sso.santanderx.com; frame-ancestors 'self' https://*.santanderx.com; report-uri /csp_report 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bet *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.bet; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.bet https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-u+o3qaL0HCtORG8A6nwsA+1cOSwG9pbq/rxPJ+5CeDE=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.bet/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adform.net *.adition.com *.algolianet.com *.bing.com *.criteo.com *.criteo.net *.etracker.com *.etracker.de *.facebook.net *.polyfill.io *.rudderlabs.com *.taboola.com *.visualwebsiteoptimizer.com cdn.cookielaw.org cdn.jsdelivr.net data.de.ivendi.net data: tagmanager.google.com www.google-analytics.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' *.adform.net *.adition.com *.bing.com *.criteo.com *.criteo.net *.etracker.com *.etracker.de *.rudderlabs.com *.taboola.com *.visualwebsiteoptimizer.com cdn.cookielaw.org cdn.jsdelivr.net cdn.polyfill.io connect.facebook.net data.de.ivendi.net data1.mulesto.com gateway.zscaler.net polyfill.io tagmanager.google.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' api.tiles.mapbox.com; style-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com api.tiles.mapbox.com fonts.googleapis.com tagmanager.google.com; img-src 'self' *.adition.com *.bing.com *.doubleclick.net *.etracker.de *.google.co.uk *.google.com *.google.de *.seadform.net *.visualwebsiteoptimizer.com api.mapbox.com blob: cdn.cookielaw.org chart.googleapis.com connect.facebook.net csm.fr3.eu.criteo.net d2bkdfyoj2xgsx.cloudfront.net data.de.ivendi.net data: fonts.gstatic.com gstatic.com stats.g.doubleclick.net trc.taboola.com www.facebook.com/tr/ www.google-analytics.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' *.adform.net *.adition.com *.algolia.net *.algolia.net *.algolianet.com *.criteo.com *.criteo.net *.etracker.de *.google-analytics.com *.taboola.com *.visualwebsiteoptimizer.com analytics.google.com api.mapbox.com api.rudderlabs.com bat.bing.com cdn.cookielaw.org d2bkdfyoj2xgsx.cloudfront.net data.de.ivendi.net events.mapbox.com gateway.zscaler.net geoip-js.com geolocation.onetrust.com insights.algolia.io js.logentries.com newvehicle.info privacyportal-eu.onetrust.com stats.g.doubleclick.net tagmanager.google.com translate.googleapis.com webhook.logentries.com www.facebook.com/tr/ www.googletagmanager.com; worker-src 'self' blob:; frame-src 'self' *.adform.net *.criteo.com *.criteo.net *.doubleclick.net *.fls.doubleclick.net *.visualwebsiteoptimizer.com https://www.facebook.com/; frame-ancestors 'none'; form-action 'self' https://www.facebook.com/tr/; base-uri 'self'; sandbox allow-forms allow-popups allow-same-origin allow-scripts; ;upgrade-insecure-requests;block-all-mixed-content;disown-opener;report-uri https://ivreport.report-uri.com/r/t/csp/enforce 1
script-src 'self'  assets.adobedtm.com cdn.hypemarks.com munchkin.marketo.net connect.facebook.net maps.googleapis.com developer.livehelpnow.net cdn.polyfill.io tags.srv.stackadapt.com app-ab48.marketo.com platform.cloud.coveo.com static.cloud.coveo.com code.jquery.com kit.fontawesome.com ucarecdn.com www.google.com analytics.tiktok.com www.google-analytics.com snap.licdn.com www.gstatic.com www.googletagmanager.com s.adroll.com www.googleadservices.com d.adroll.com googleads.g.doubleclick.net cdn.storelocatorwidgets.com cdn.storelocatorwidgets.com ajax.googleapis.com cdn.bc0a.com cdn1.b0e8.com sa.getroster.com www.tintup.com www.riddle.com woobox.com www.redditstatic.com cdn-cookieyes.com *.pricespider.com *.cloudflare.com *.tiles.mapbox.com 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
default-src 'self' ;	script-src 'self' 'unsafe-inline' active-wow.failbettergames.com 'unsafe-eval' js.stripe.com www.youtube-nocookie.com;    frame-src 'self' js.stripe.com www.youtube-nocookie.com;	font-src data: 'self';	img-src data: 'self' blob: *.ytimg.com *.craft-cdn.com *.craftcms.com active-wow.failbettergames.com;    connect-src 'self' feed-proxy.craftcms.com api.craftcms.com ;    object-src 'none';	style-src 'self' 'unsafe-inline' *.googleapis.com www.youtube-nocookie.com; 1
frame-ancestors 'self' kolaysiparis.com.tr 1
frame-ancestors 'self' https://www.medniekiem.lv 1
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' track.thegundogaffair.com *.hotjar.com cdn.loadbee.com connect.facebook.net cdn.adsdefender.com widget.trustpilot.com *.payengine.de www.paypalobjects.com mc.yandex.ru googleadservices.com rum-static.pingdom.net *.paypal.com *.googletagmanager.com googleadservices.com googleads.g.doubleclick.net *.google.com *.sovido.de *.bing.com cdn.dictum.com tagmanager.google.com pix.hyj.mobi d.hyj.mobi code.etracker.com www.etracker.de *.neocomapp.com; style-src 'unsafe-inline' 'self' vjs.zencdn.net cdn.dictum.com tagmanager.google.com *.rackcdn.com fonts.googleapis.com *.sovido.de *.neocomapp.com; connect-src 'self' track.thegundogaffair.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.adsdefender.com facebook.com availability.loadbee.com stats.g.doubleclick.net mc.yandex.ru *.sovido.de *.tagmanager.google.com www.alphavantage.co *.paypal.com *.payengine.de *.etracker.de *.neocomapp.com *.bing.com *.google.com *.googletagmanager.com *.paypalobjects.com *.rackcdn.com cdn.dictum.com cdn.loadbee.com code.etracker.com connect.facebook.net d.hyj.mobi fonts.googleapis.com googleads.g.doubleclick.net googleadservices.com pix.hyj.mobi rum-static.pingdom.net vjs.zencdn.net widget.trustpilot.com; img-src * data:; font-src 'self' *.google.com tagmanager.google.com *.rackcdn.com vjs.zencdn.net cdn.dictum.com *.paypalobjects.com data:; object-src 'self'; media-src *.dictum.com *.rackcdn.com data: audio/mpeg; frame-src 'self' *.neocomapp.com bid.g.doubleclick.net *.hotjar.com service.loadbee.com www.facebook.com www.paypalobjects.com widget.trustpilot.com *.payengine.de mc.yandex.md *.paypal.com *.youtube.com *.google.com *.youtube-nocookie.com *.vimeo.com *.dailymotion.com *.googletagmanager.com; frame-ancestors 'self' *.youtube.com *.sovido.de *.etracker.com *.neocomapp.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://*.hotjar.com  https://*.clarity.ms maps.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://static.hotjar.com https://*.hotjar.com  https://*.clarity.ms maps.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://*.hotjar.com data:; img-src 'self' https://*.hotjar.com https://c.bing.com https://c.clarity.ms https://connect.facebook.net www.googletagmanager.com *.doubleclick.net https://www.google.mk https://www.google.com.au www.facebook.com bat.bing.com www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; frame-src *.googlesyndication.com *.booki-med.com.au *.googletagmanager.com i-med.com.au *.facebook.com https://*.doubleclick.net; connect-src 'self' https://www.google.com.au https://*.clarity.ms bat.bing.com *.doubleclick.net https://adservice.google.com https://*.analytics.google.com analytics.google.com maps.googleapis.com www.google-analytics.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /csp-report 1
frame-ancestors 'self' sheroes.com *.sheroes.com 1
frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://vcc-na28.8x8.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://maps.google.com https://maps.googleapis.com http://maps.googleapis.com; style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com; object-src 'none'; child-src 'self' *.facebook.com connect.facebook.net embed.windy.com *.google.com *.8x8.com; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net;worker-src 'self'; default-src 'self'; font-src 'self' data: *.gstatic.com; frame-src 'self' *.windy.com *.vimeo.com vimeo.com *.google.com *.8x8.com; connect-src 'self' *.google-analytics.com;img-src 'self' *.adsymptotic.com *.connect.facebook.net https://insight.adsrvr.org *.linkedin.com https://www.facebook.com https://www.google-analytics.com *.doubleclick.net *.8x8.com *.googletagmanager.com https://www.pilotcat.com; 1
default-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* data: 'unsafe-inline' 'unsafe-eval' ; child-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* *.youtube.com data: 'unsafe-inline' 'unsafe-eval' ; connect-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* *.youtube.com data: 'unsafe-inline' 'unsafe-eval' ; font-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* data: 'unsafe-eval' ; form-action 'unsafe-inline' 'self' https://test.checkout.dibspayment.eu/hostedpaymentpage/ https://checkout.dibspayment.eu/hostedpaymentpage/ ; frame-ancestors wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* ; frame-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* *.youtube.com data: wisemoguest: 'unsafe-inline' 'unsafe-eval' ; upgrade-insecure-requests ; worker-src wisemo.com wisemo.com:* *.wisemo.com *.wisemo.com:* wisemo.net wisemo.net:* *.wisemo.net *.wisemo.net:* wisemo.mobi wisemo.mobi:* *.wisemo.mobi *.wisemo.mobi:* wisemo.eu wisemo.eu:* *.wisemo.eu *.wisemo.eu:* wisemo.dk wisemo.dk:* *.wisemo.dk *.wisemo.dk:* data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.google-analytics.com; 
                                        script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.172.105.251.168 *.nse.co.ke *.deveint.live *.deveintapps.com *.google.com *.googleapis.com *.highcharts.com *.twitter.com *.gstatic.com *.twimg.com https://deveint.live *.jquery.com *.aspnetcdn.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://unpkg.com *.mystocks.co.ke;
                                        style-src 'self' 'unsafe-inline' *.172.105.251.168 nse.co.ke *.google-analytics.com *.googleapis.com *.twitter.com https://deveint.live *.cloudflare.com *.highcharts.com *.mystocks.co.ke *.nse.co.ke *.gstatic.com; 
                                        connect-src 'self' https://deveintapps.com *.deveintapps.com *.twitter.com https://deveint.live *.googleapis.com *.google-analytics.com *.mystocks.co.ke *.nse.co.ke; 
                                        font-src 'self' data: *.googleapis.com *.gstatic.com *.172.105.251.168 *.nse.co.ke *.cloudflare.com https://deveintapps.com https://deveint.live; 
                                        object-src 'self'; 
                                        media-src 'self'; 
                                        img-src 'self' data: *.172.105.251.168 *.nse.co.ke https://deveint.live *.deveintapps.com *.google.com *.googleapis.com *.highcharts.com *.twitter.com *.gstatic.com *.twimg.com *.gravatar.com https://ps.w.org *.mystocks.co.ke;
                                        frame-src 'self' *.google.com *.youtube.com *.facebook.com *.twitter.com *.mystocks.co.ke *.pesapal.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rebel.ar; img-src 'self' https: data: blob: https://rebel.ar; style-src 'self' https://rebel.ar 'nonce-6p7zBnDpvAfSVZ/o7GQTCQ=='; media-src 'self' https: data: https://rebel.ar; frame-src 'self' https:; manifest-src 'self' https://rebel.ar; form-action 'self'; child-src 'self' blob: https://rebel.ar; worker-src 'self' blob: https://rebel.ar; connect-src 'self' data: blob: https://rebel.ar https://rebel.ar wss://rebel.ar; script-src 'self' https://rebel.ar 'wasm-unsafe-eval' 1
base-uri none; object-src none 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://mfpembedcdnweu.azureedge.net/mfpembedcontweu/ http://maps.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; frame-src https://www.youtube.com/ https://customervoice.microsoft.com/ https://www.google.com/ 'self' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; connect-src https: wss://www.hirestreetuk.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self' https://hahita.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.youtube.com yastatic.net https://hahita.com; style-src 'self' 'unsafe-inline' https://hahita.com; img-src 'self' counter.yadro.ru data: https://hahita.com; font-src 'self' data: https://hahita.com; frame-src 'self' *.youtube.com api.lessornot.ws mc.yandex.ru www.google.com mcdonell-as.newplayjj.com:9443 https://hahita.com; child-src 'self' *.youtube.com api.lessornot.ws mc.yandex.ru www.google.com mcdonell-as.newplayjj.com:9443 https://hahita.com; object-src 'self' https://hahita.com; connect-src 'self' https://hahita.com; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.cslotv.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.cslotv.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.cslotv.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.cslotv.com 'nonce-WiwEtomQbQlz0Rlw8IyQyJpSytFGLj4L6GsZUr3GXjY=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com https://*.cslotv.com; worker-src 'self' blob:; report-uri https://cslotv.com/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
default-src 'self'; form-action 'self' https://www.grammer.com; style-src 'self' 'unsafe-inline' *.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.grammer.com *.cookiebot.com cdn.jsdelivr.net morra.selbstdenker.com; frame-src 'self' *.grammer.com https://consentcdn.cookiebot.com *.youtube-nocookie.com https://charts3.equitystory.com; font-src 'self'; object-src 'self'; img-src 'self' data: morra.selbstdenker.com api.thegreenwebfoundation.org imgsct.cookiebot.com; connect-src 'self' https://www.grammer.com https://consentcdn.cookiebot.com https://charts3.equitystory.com/api-json/grammer-v31/English https://charts3.equitystory.com/api-json/grammer-v31/English/xetra/ morra.selbstdenker.com; frame-ancestors 'self' https://*.grammer.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https: https: https: https:; img-src 'self' https: data: blob: https:; style-src 'self' https: https: https: https: 'nonce-FDjSUmoRdnDJ24kfBzmQdg=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://chillout.chat; script-src 'self' https:; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self'; connect-src 'self' https://www.mycertiphi.com https://*.verticalscreen.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com https://sig.edpo.brussels; frame-ancestors 'self' https://*.mybig.net https://*.mybig.com https://*.mycertiphi.com https://*.mytruescreen.com; img-src 'self' data: https://www.gstatic.com https://www.mycertiphi.com; object-src 'self' https://sig.edpo.brussels; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mycertiphi.com https://*.verticalscreen.com https://www.gstatic.com https://www.google.com https://sig.edpo.brussels; style-src 'self' https://www.mycertiphi.com 'unsafe-inline' 1
default-src *.cloudflare.com *.powerfulreveal.com *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline';             frame-ancestors 'self' https://app.emlen.io 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gamepad.club; img-src 'self' https: data: blob: https://gamepad.club; style-src 'self' https://gamepad.club 'nonce-IPcCpXexWniKBXLLXJhz3g=='; media-src 'self' https: data: https://gamepad.club; frame-src 'self' https:; manifest-src 'self' https://gamepad.club; form-action 'self'; child-src 'self' blob: https://gamepad.club; worker-src 'self' blob: https://gamepad.club; connect-src 'self' data: blob: https://gamepad.club https://eu-central-1.linodeobjects.com wss://gamepad.club; script-src 'self' https://gamepad.club 'wasm-unsafe-eval' 1
default-src *; font-src * data:;img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src * blob: data:; object-src * data:; 1
frame-ancestors 'self' https://secure.xsolla.com 1
default-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com           https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com        https://*.carewebqi.com      wss://*.myidentifi.com data:  blob: ; style-src 'self' 'unsafe-inline'  https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data: blob:  ; img-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; font-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; connect-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.service.signalr.net wss://*.service.signalr.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com          https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; media-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob: ; child-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; frame-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com           https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2q13ddpiqu5n3&partner=; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net plink-production.s3-eu-central-1.amazonaws.com plink-development.s3-eu-central-1.amazonaws.com; frame-ancestors 'none'; img-src 'self' *.mollie.com *.mollie.localhost *.mollie.dev stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.in www.google.co.ma www.google.co.th www.google.co.uk www.google.com www.google.com.hk www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk play-lh.googleusercontent.com www.google-analytics.com www.gstatic.com www.facebook.com; script-src 'self' www.google-analytics.com www.googleadservices.com ajax.googleapis.com connect.facebook.net 'nonce-CATMJNee60LdOY7UnGdeOg=='; style-src 'self' 'unsafe-inline'; report-uri https://o29109.ingest.sentry.io/api/5384345/security/?sentry_key=70667fd3313e41ae8a6af1ac55828e78&sentry_environment=prod 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://foursixty.com https://*.cloudfront.net https://*.bazaarvoice.com http://*.bazaarvoice.com https://mpsnare.iesnare.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com http://connect.nosto.com https://www.paypal.com/ https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.saba.com.au https://*.pinimg.com https://*.saba.nz http://*.saba.nz http://*.criteo.com http://*.criteo.net https://*.criteo.net https://*.criteo.com https://*.pinterest.com http://*.pinterest.com https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://*.visualwebsiteoptimizer.com https://*.jsdelivr.net https://*.pushcrew.com https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com/ https://*.cardinalcommerce.com/; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://foursixty.com http://foursixty.com https://*.bazaarvoice.com http://*.bazaarvoice.com https://*.googleapis.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com http://connect.nosto.com https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.saba.com.au https://cdn.jsdelivr.net https://*.pushcrew.com https://*.visualwebsiteoptimizer.com https://unpkg.com/cloudinary-video-player@1.9.5/ https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/; font-src 'self' https://themes.googleusercontent.com https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com https://*.webeyez.com https://*.cardinalcommerce.com/ data:; frame-src 'self' https://apps.bazaarvoice.com http://apps.bazaarvoice.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://stg.api.bazaarvoice.com http://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com http://analytics-static.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com http://display.ugc.bazaarvoice.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com http://network-stg.bazaarvoice.com http://network.bazaarvoice.com https://themes.googleusercontent.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://maps.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://brauz-book-a-stylist.netlify.app https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.saba.com.au http://*.fls.doubleclick.net https://*.saba.nz http://*.saba.nz http://*.criteo.com http://*.criteo.net https://*.criteo.net https://*.criteo.com https://www.saba.com.au https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.pinterest.com https://*.contentful.com https://form.typeform.com https://www.google.com/ https://*.webeyez.com https://*.cardinalcommerce.com/; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local https://*.contentful.com https://*.webeyez.com https://*.cardinalcommerce.com/; object-src 'self'; connect-src 'self' ws: wss: https://foursixty.com http://foursixty.com https://metrics.foursixty.com https://recaptcha.net https://dev.visualwebsiteoptimizer.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.algolia.net http://*.nosto.com https://*.getomneo.com https://*.omneoapp.com https://stg.api.bazaarvoice.com https://api.bazaarvoice.com http://apgandcocom.datatoolscloud.net.au https://kleber.datatoolscloud.net.au https://api.brauz.ai https://brauz-api-netlify.netlify.app https://www.paypal.com https://www.sandbox.paypal.com https://static.zdassets.com https://ekr.zdassets.com https://apgandco1642720129.zendesk.com https://*.zopim.com wss://apgandco1642720129.zendesk.com wss://*.zopim.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://*.klaviyo.com http://*.klaviyo.com https://*.rakuten.com http://*.rakuten.com https://*.trendii.com https://*.lexer.io https://*.doubleclick.net https://asia.creativecdn.com https://*.facebook.com https://sgtm.saba.com.au https://*.zendesk.com https://*.pinterest.com http://*.pinterest.com http://*.criteo.com https://*.criteo.com http://*.criteo.net https://*.criteo.net http://*.saba.nz https://*.saba.nz https://*.wonderpush.com https://*.smooch.io/ https://zendesk-eu.my.sentry.io/ https://*.google.com https://*.visualwebsiteoptimizer.com https://*.trackjs.com https://*.algolianet.io https://*.algolianet.com https://*.contentful.com https://form.typeform.com https://*.webeyez.com https://*.cardinalcommerce.com/; media-src 'self' https://media.saba.com.au https://*.cloudinary.com https://static.zdassets.com https://sgtm.saba.com.au https://*.ctfassets.net http://*.cloudinary.com https://*.contentful.com https://*.webeyez.com https://*.cardinalcommerce.com/ 1
frame-ancestors 'self' fusionsys.co.uk *.fusionsys.co.uk; 1
true 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src https:;connect-src https: wss:;base-uri 'self';frame-ancestors 'self';img-src https:;object-src 'none';form-action 'self';script-src 'self' https: 'strict-dynamic' 'nonce-52dc01ec05622633fc58dd83fd4bc8f62ecece3ae5feacfac1150bd5430c4c06' 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';report-uri /_inc/csp_reporting.php; 1
default-src 'self'; connect-src 'self' matomo.sib.swiss; font-src 'self' fonts.bunny.net data:; img-src 'self' matomo.sib.swiss data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss; style-src 'self' fonts.bunny.net 'unsafe-inline'; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com www.google-analytics.com 'unsafe-eval' https://*.googleapis.com/ https://www.google.com/ https://*.gstatic.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com api.scribit.pro  *.siteimprove.com analytics.rijswijk.nl *.google-analytics.com https://analytics.rijswijk.nl/; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://login.microsoftonline.com https://rijswijk.maps.arcgis.com https://www.arcgis.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report *.readspeaker.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com analytics.rijswijk.nl; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com  analytics.rijswijk.nl www.googletagmanager.com 'nonce-TjJJMk5EYzNNRE5rT1RJeE9UbGg=' 'nonce-Tnpsa05tRmhNbU00WlRjMk56Smw=' 'sha256-Grzp6EGtTaqV+EQpxOUu/wP2eFmgh3D+zgUsTxgJEmA=' 'unsafe-inline' https://analytics.rijswijk.nl/; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com  analytics.rijswijk.nl www.googletagmanager.com 'nonce-TjJJMk5EYzNNRE5rT1RJeE9UbGg=' 'nonce-Tnpsa05tRmhNbU00WlRjMk56Smw=' 'sha256-Grzp6EGtTaqV+EQpxOUu/wP2eFmgh3D+zgUsTxgJEmA='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-gqUGh6jnHFTQqrZedSl4aPX1qhL7Teu28dtzCoQNPVQ=' cdn-eu.readspeaker.com; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-gqUGh6jnHFTQqrZedSl4aPX1qhL7Teu28dtzCoQNPVQ='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-gqUGh6jnHFTQqrZedSl4aPX1qhL7Teu28dtzCoQNPVQ=' cdn-eu.readspeaker.com; base-uri 'self'; frame-ancestors 'self' analytics.rijswijk.nl 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net *.intercom.io *.intercomcdn.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.jquery.com *.typekit.net https://fonts.googleapis.com https://cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com *.fontawesome.com; img-src * data: blob:; connect-src 'self' *.cytracom.net *.intercom.io wss://nexus-websocket-a.intercom.io *.kaseya.com *.kaseya.net https://api.vorexlogin.com; font-src 'self' data: *.typekit.net https://fonts.gstatic.com *.bootstrapcdn.com *.intercomcdn.com *.fontawesome.com; frame-src 'self' wss: liveconnect: pwy-rd: https://*.pulseway.com https://*.vsax.net https://fast.wistia.net https://*.customerthermometer.com https://player.vimeo.com/ https://*.adaptivecatalog.com; media-src 'self' *.intercomcdn.com 1
base-uri 'self';default-src 'self' *.kinocheck.de *.kinocheck.com *.youtube.com;script-src 'self' *.kinocheck.de *.kinocheck.com *.youtube.com 'nonce-vemAhBEbJtJ6KExEeMkQFXR/LyI=';style-src 'self' *.kinocheck.de *.kinocheck.com 'nonce-WtneqOmqib+sSbw/WXpQ5funaoc=';frame-src 'self' *.youtube.com;form-action 'self' *.kinocheck.de *.kinocheck.com;object-src 'none' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-MDMzZWFkNDA3OWQ1ZDU3Nw=='; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' https://searchchildcare.org.uk/ 1
default-src 'self' ;  frame-ancestors 'self' *.bellcurve.jp reg31.smp.ne.jp;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.googleadservices.com *.cardservice.co.jp *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com *.globalsign.com ajax.googleapis.com pagead3.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.google.co.jp cse.google.co.jp *.google.com www.google-analytics.com platform.twitter.com jsoon.digitiminimi.com www.facebook.com connect.facebook.net b.st-hatena.com media.line.naver.jp d.line-scdn.net scdn.line-apps.com cdn-ak.b.st-hatena.com media.line.me cdn.mathjax.org cdnjs.cloudflare.com; font-src 'self' fonts.googleapis.com data:;style-src 'self' 'unsafe-inline' *.cardservice.co.jp *.jquery.com  *.google.com fonts.googleapis.com ajax.googleapis.com www.facebook.com d.line-scdn.net platform.twitter.com;img-src * data:;child-src *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com bellcurve.jp apis.google.com accounts.google.com googleads.g.doubleclick.net www.facebook.com platform.twitter.com syndication.twitter.com staticxx.facebook.com timeline.line.me cdn.api.b.hatena.ne.jp jsoon.digitiminimi.com www.slideshare.net;object-src 'self'  *.cloudfront.net *.amazon.co.jp  *.assoc-amazon.com *.amazon-adsystem.com pagead2.googlesyndication.com;media-src 'self' pagead2.googlesyndication.com; connect-src 'self' *.cardservice.co.jp *.cloudfront.net *.amazon.co.jp *.assoc-amazon.com *.amazon-adsystem.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net; frame-src 'self' platform.twitter.com *.bellcurve.jp  bellcurve.jp  *.facebook.com  *.assoc-amazon.com  *.youtube.com *.slideshare.net  *.google.com *.amazon-adsystem.com;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.cookiebot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com analytics.google.com dc.services.visualstudio.com connect.facebook.net *.fls.doubleclick.net www.googleadservices.com adservice.google.com googleads.g.doubleclick.net js.monitor.azure.com service.mtcaptcha.com service2.mtcaptcha.com code.jquery.com netdna.bootstrapcdn.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js *.atria.fi *.atria.se *.atria.com *.atriaammattilaiset.fi *.lihakauppa.fi *.jyvabroiler.fi *.solitaonline.fi; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net consentcdn.cookiebot.com tagmanager.google.com www.googletagmanager.com tools.eurolandir.com tools.euroland.com service.mtcaptcha.com *.atria.fi *.atria.se *.atria.com *.atriaammattilaiset.fi *.lihakauppa.fi *.jyvabroiler.fi *.solitaonline.fi; 1
default-src 'self' *.googletagmanager.com cdn.centralbankbahamas.com *.vimeo.com; script-src 'self' ajax.googleapis.com ckeditor.iframe.ly maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.centralbankbahamas.com *.gstatic.com *.vimeo.com *.vimeocdn.com *.nr-data.net *.googletagmanager.com 'nonce-5J7u987qjYp25XVh29388B2P8q8Jc445RyFR' 'sha256-qEftYzJkik6f2adAHjEOE/NwtbFFj8BA7z+5iOM/ivk='; style-src 'self' 'unsafe-inline' cdn.centralbankbahamas.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com *.vimeocdn.com *.gstatic.com; img-src 'self' cdn.centralbankbahamas.com www.googletagmanager.com *.gstatic.com www.google-analytics.com; font-src 'self' fonts.gstatic.com fonts.google.com cdn.centralbankbahamas.com; connect-src 'self' *.vimeo.com cdn.centralbankbahamas.com; media-src 'self' *.centralbankbahamas.com; object-src 'self' *.centralbankbahamas.com; child-src 'self' www.youtube.com *.vimeo.com *.vimeocdn.com; frame-src 'self' curawebservices.mindscope.com cdn.centralbankbahamas.com *.youtube.com *.vimeo.com cw.na1.hgncloud.com www.google.com; frame-ancestors 'self' cdn.centralbankbahamas.com *.youtube.com *.vimeo.com cw.na1.hgncloud.com; base-uri 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-sIof2wDeBNWZbxZ3AwWu9yXK66zRdnalm9rnlmmDZJrUwRpo' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-wWTVMLPAztvhTAzNE0p6zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1p5to39iqufcc&partner=; 1
frame-src 'self' https://nabortu.ru https://*.nabortu.ru http://www.youtube.com http://docs.google.com https://pobedilovo43.ru; frame-ancestors 'self'; object-src 'self' https://*.nabortu.ru 1
default-src 'self' https://*.googlesyndication.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://*.google.com https://www.googletagmanager.com https://adservice.google.co.jp https://www.googletagservices.com https://www.googleadservices.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://*.g.doubleclick.net https://*.twitter.com https://*.ads-twitter.com https://cdn.syndication.twimg.com https://*.yahoo.co.jp https://*.yimg.jp https://cdn.ampproject.org https://*.i-mobile.co.jp https://liftapi.logly.co.jp https://i.socdm.com/ https://cdn.microad.jp;                     style-src 'unsafe-inline' https:;                     img-src https: data:;                     font-src https: data:;                     connect-src 'self' https://*.googlesyndication.com https://www.googleapis.com https://www.google-analytics.com https://*.g.doubleclick.net https://www.utabito.jp https://www.facebook.com https://*.i-mobile.co.jp https://i.socdm.com/;                     child-src 'self' https://*.googlesyndication.com https://www.google.com https://www.youtube.com https://*.g.doubleclick.net https://*.twitter.com https://www.facebook.com https://*.i-mobile.co.jp https://i.socdm.com/ https://cache.send.microad.jp; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.rawgit.com https://cdn.iframe.ly https://connect.facebook.net https://performance.councilplatform.com https://cdn.syndication.twimg.com https://translate-pa.googleapis.com/ https://websurveys2.govmetric.com https://hitcounter.govmetric.com https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://content.govdelivery.com https://if-cdn.com https://chatbot-platform.prod.inform360.co cdnjs.cloudflare.com https://cdn.botframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://translate.google.com https://translate.googleapis.com https://unpkg.com https://performance.councilplatform.com/; style-src 'self' 'unsafe-inline' https://performance.councilplatform.com https://cdn.syndication.twimg.com https://platform.twitter.com https://ton.twimg.com https://websurveys2.govmetric.com https://fonts.googleapis.com https://www.gstatic.com https://chatbot-platform.prod.inform360.co/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://translate.googleapis.com https://unpkg.com; frame-ancestors 'self' https://performance.councilplatform.com; report-uri https://www.north-herts.gov.uk/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-DpQTVU/gohD4CnQZlUY42qM6RVYxQ8dDkHo5iymGyI9uQDYZ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.in/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com *.gov.cn *.cnzz.com voice.yunmd.net *.govwza.cn *.cnslh.cn http://api.map.baidu.com; object-src 'self';frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-koZ/BanhOxmKY2PSlIwRCN98U7NZ493WWC8ibUYSyMia6Tp9' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self'                    cbsplit.com       thealphatonic.com       thealphatonic-com.cbsplit.com ; 1
default-src 'self' https://*.sofi.com; script-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com https://www.google.com/ads/ga-audiences/ https://www.google.com/pagead/ https://adservice.google.com/pagead/ https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.ca https://stats.g.doubleclick.net https://*.doubleclick.net https://bat.bing.com https://t.co/i/adsct https://analytics.twitter.com https://s.yimg.com/wi/ https://sp.analytics.yahoo.com https://static.ads-twitter.com https://www.facebook.com/tr/ https://www.redditstatic.com/ads/ https://c.conversionlogic.net/track/event/v2/sofi https://api.rollbar.com https://report.sofi.glassboxdigital.io https://sdk.iad-03.braze.com https://sdk.iad-03.appboy.com https://jssdks.mparticle.com https://identity.mparticle.com https://*.sofi.com https://*.datadoghq.com https://rum.browser-intake-datadoghq.com https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/ https://logx.optimizely.com https://errors.client.optimizely.com https://rum.optimizely.com https://analytics.tiktok.com/api/ https://api2.branch.io wss://*.glance.net https://*.glance.net https://d32ijn7u0aqfv4.cloudfront.net https://d3331otr86r7j1.cloudfront.net https://tags.srv.stackadapt.com https://analytics.audioeye.com https://us-central1-adaptive-growth.cloudfunctions.net https://ct.pinterest.com https://cta-service-cms2.hubspot.com https://csmetrics.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://tr.snapchat.com https://track.contently.com https://*.clarity.ms https://translate.googleapis.com https://*.analytics.google.com https://ampcid.google.lt https://*.crazyegg.com https://cdn.linkedin.oribi.io https://stats.addtoany.com https://api.socialsolutionapp.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://privacyportal.onetrust.com https://rts.persado.com https://tapi.optimizely.com https://amplify.review-alerts.com/ https://api.ipify.org ; style-src 'self' https://*.sofi.com 'unsafe-inline' https://use.fontawesome.com https://www.glancecdn.net https://d32ijn7u0aqfv4.cloudfront.net https://s3.amazonaws.com/glancecdn/ https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://embed.typeform.com https://optimize.google.com https://fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' data: https://s3-us-west-2.amazonaws.com/sofi-wordpress-prod/fonts/ https://d32ijn7u0aqfv4.cloudfront.net https://use.fontawesome.com https://fonts.gstatic.com https://wsv3cdn.audioeye.com https://zip.co/static-assets/fonts/ https://cdn.jsdelivr.net; frame-ancestors 'self' *.w3schools.com; object-src 'none'; child-src blob: https://*.sofi.com; worker-src blob: https://*.sofi.com; media-src data: https://*.sofi.com https://d32ijn7u0aqfv4.cloudfront.net; frame-src 'self' https://app.calconic.com/ https://6375438.fls.doubleclick.net https://td.doubleclick.net https://*.sofi.com https://*.sofiatwork.com https://*.online-metrix.net https://di.rlcdn.com https://www.youtube.com https://ct.pinterest.com https://www.facebook.com https://wsv3cdn.audioeye.com https://a10819474327.cdn.optimizely.com https://assets.contently.com https://tpc.googlesyndication.com https://tr.snapchat.com https://vars.hotjar.com https://static.addtoany.com https://boards.greenhouse.io https://pixel.mathtag.com https://d32ijn7u0aqfv4.cloudfront.net https://www.slideshare.net https://filter.techloq.com https://go.pardot.com https://platform.twitter.com https://mozbar.moz.com https://v3.inviteeducation.com https://form.typeform.com https://optimize.google.com https://*.mykukun.com/ https://widget.trustpilot.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.yandex.ru https://*.yandex.md https://*.gosuslugi.ru https://culturaltracking.ru https://*.2gis.com http://*.2gis.com https://*.2gis.ru https://*.jivosite.com http://*.jivosite.com https://*.jivo.ru http://*.jivo.ru wss://*.jivo.ru https://*.googleapis.com https://*.google.com https://*.youtube.com https://vk.com https://*.gstatic.com https://*.wp.com http://*.zencdn.net http://*.gravatar.com https://npmcdn.com https://*.w.org http://ssl.gstatic.com https://app.embed.im/snow.js; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; child-src * blob: ; 1
frame-ancestors 'self' http://teams.microsoft.com https://teams.microsoft.com http://chatsvcagg.teams.microsoft.com https://chatsvcagg.teams.microsoft.com http://dev.teams.microsoft.com https://dev.teams.microsoft.com http://msg.teams.microsoft.com https://msg.teams.microsoft.com http://noam.presence.teams.microsoft.com https://noam.presence.teams.microsoft.com http://notifications.teams.microsoft.com https://notifications.teams.microsoft.com http://presence.teams.microsoft.com https://presence.teams.microsoft.com http://uis.teams.microsoft.com https://uis.teams.microsoft.com http://authsvc.teams.microsoft.com https://authsvc.teams.microsoft.com; 1
default-src    'self'    'unsafe-inline';  base-uri    https://docs.helpscout.net;  child-src    https://www.youtube.com    https://player.vimeo.com    https://fast.wistia.net;  connect-src    'self'    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googleapis.com    https://*.google-analytics.com    https://*.cloudfront.net    https://beaconapi.helpscout.net    https://chatapi.helpscout.net    https://d3hb14vkzrxvla.cloudfront.net    wss://*.pusher.com    https://*.sumologic.com    https://*.postmarkapp.com    https://api.stripe.com;  font-src    'self'    data:    https://beacon-v2.helpscout.net    https://fonts.gstatic.com;  frame-ancestors    'self';  frame-src    'self'    https://hcaptcha.com    https://*.hcaptcha.com    https://*.google.com    https://js.stripe.com    https://hooks.stripe.com    https://beacon-v2.helpscout.net;  img-src    'self'    data:    https://s3.eu-central-003.backblazeb2.com/cdn-assets-servd-host/tender-macaque/    https://*.assets-servd.host    https://ui-avatars.com    https://*.googleapis.com    https://*.gstatic.com    https://*.googletagmanager.com    https://*.google-analytics.com    https://*.usefathom.com    https://beacon-v2.helpscout.net    https://*.gravatar.com    https://d33v4339jhl8k0.cloudfront.net    https://chatapi-prod.s3.amazonaws.com/;  media-src    'self'    https://beacon-v2.helpscout.net;  object-src    https://beacon-v2.helpscout.net;  script-src    'self'    'unsafe-inline'    'unsafe-eval'    https://js.stripe.com    https://unpkg.com    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googleapis.com    https://*.google.com    https://*.gstatic.com    https://*.googletagmanager.com    https://*.usefathom.com    https://*.postmarkapp.com    https://*.getdrip.com    https://*.sleeknote.com    https://beacon-v2.helpscout.net    https://d12wqas9hcki3z.cloudfront.net    https://d33v4339jhl8k0.cloudfront.net    https://*.cloudfront.net;  style-src    'self'    'unsafe-inline'    https://hcaptcha.com    https://*.hcaptcha.com    https://*.googletagmanager.com    https://*.postmarkapp.com    https://beacon-v2.helpscout.net    https://fonts.googleapis.com;  worker-src    'self' 1
font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self' https://www.siteone.cz/ https://www.siteone.at/ https://www.siteone.io/ 1
default-src wss: https: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;frame-src * data:;img-src https: data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' marketing.cresa.com *.cresa.com vimeo.com player.vimeo.com z.moatads.com m.addthis.com v1.addthisedge.com s7.addthis.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com unpkg.com edge.addthis.com www.google.com www.gstatic.com *.addtoany.com; connect-src 'self' vimeo.com player.vimeo.com marketing.cresa.com *.cresa.com m.addthis.com api-public.addthis.com www.google-analytics.com stats.g.doubleclick.net www.mocky.io *.googleapis.com; img-src 'self' data: developers.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com marketing.cresa.com *.cresa.com vimeo.com player.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net;base-uri 'self'; font-src 'self' data: fonts.gstatic.com at.alicdn.com; frame-src www.youtube.com marketing.cresa.com *.cresa.com s7.addthis.com vimeo.com player.vimeo.com edge.addthis.com *.google.com; form-action 'self' marketing.cresa.com 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src data: https: 1
script-src http: https: https://office.watch.de 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://office.watch.de; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: http: https:; frame-src assets.braintreegateway.com *.google.com *.stripe.com *.youtube.com *.youtube-nocookie.com *.youtu.be *.vimeo.com *.criteo.net *.criteo.com 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; object-src 'none' ; base-uri 'self' 1
frame-ancestors *.buyr.online www.iconcompanystore.com; 1
default-src 'self' https://ordin-delta.vercel.app/content/ *.google-analytics.com *.googletagmanager.com https://ordin.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://ordin-delta.vercel.app/content/ *.googletagmanager.com *.google-analytics.com blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://ordin-delta.vercel.app/content/; img-src 'self' ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ data: blob:; frame-src data: 'self' ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/; connect-src 'self' ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.gstatic.com/draco/versioned/decoders/1.5.6/draco_wasm_wrapper.js https://*.gstatic.com/draco/versioned/decoders/1.5.6/draco_decoder.wasm blob: data: ; media-src 'self' ord.io *.ord.io *.google-analytics.com https://ordin-delta.vercel.app *.googletagmanager.com https://ordin.s3.amazonaws.com https://ordin-delta.vercel.app/ blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ordin-delta.vercel.app/content/ *.googletagmanager.com *.google-analytics.com data: blob:; style-src-elem 'self' *.googletagmanager.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://ordin-delta.vercel.app/content/; 1
default-src 'self' cdn.tvrinfo.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookie-cdn.cookiepro.com www.googletagmanager.com platform.twitter.com; style-src 'self' 'unsafe-inline'; img-src 'self' cdn.tvrinfo.ro www.youtube.com secure.gravatar.com cookie-cdn.cookiepro.com  *.fbcdn.net i.ytimg.com www.googletagmanager.com data:; font-src 'self' data:; frame-src 'self' www.agerpres.ro www.youtube.com www.twitter.com www.facebook.com m.facebook.com www.instagram.com platform.twitter.com; object-src 'none'; worker-src 'self' blob:; connect-src 'self' cookie-cdn.cookiepro.com privacyportal.cookiepro.com *.google-analytics.com cdn.tvrinfo.ro; 1
upgrade-insecure-requests;style-src 'self' 'nonce-Qttn5LqLIVeadrU';font-src 'self';script-src 'self' 'nonce-Qttn5LqLIVeadrU' ;connect-src 'self' https://cdrom.tokyo wss://cdrom.tokyo;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.modiface.com *.loreal.io *.fontawesome.com *.livechatinc.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com www.google.com vars.hotjar.com secure.livechatinc.com www.facebook.com socialplugin.facebook.net 'unsafe-inline' duosecurity.com api-37884245.duosecurity.com *.attn.tv *.doubleclick.net https://player.vimeo.com https://www.youtube-nocookie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.cdninstagram.com blueskytechmage.com mageblueskytech.com placehold.jp https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.modiface.com *.loreal.io *.laroche-posay.us *.vichyusa.com scontent-atl3-2.cdninstagram.com/ visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com www.facebook.com pushcrew.com cdn.pushcrew.com tracking.pushcrew.com bat.bing.com *.cloudfront.net google.ca amcglobal.sc.omtrdc.net flagpedia.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.modiface.com *.loreal.io cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com pushcrew.com cdn.pushcrew.com connect.facebook.net static.hotjar.com script.hotjar.com www.clickcease.com visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.cloudfront.net waves.retentionscience.com bat.bing.com www.youtube.com 'unsafe-inline' s7.addthis.com maps.googleapis.com https://player.vimeo.com https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com pushcrew.com cdn.pushcrew.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com *.modiface.com *.loreal.io blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.modiface.com *.loreal.io dc.services.visualstudio.com api.livechatinc.com monitor.clickcease.com visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com in.hotjar.com *.hotjar.io stats.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.facebook.net *.google.com *.attentivemobile.com *.googlesyndication.com ekr.zdassets.com/ www.gstatic.com maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://google.com; report-to report-endpoint; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; base-uri 'self'; 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
frame-ancestors 'self'; frame-src hoppenbrouwerstechniek.nl *.hoppenbrouwerstechniek.nl *.stuurlui.dev *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.ont.stuurlui.dev *.ontw.stuurlui.dev open.spotify.com *.doubleclick.net *.cookiebot.eu 1
default-src 'self'; child-src 'self' https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://*.gt-net.de https://buergerservice.ionas.de/; font-src 'self' data:; frame-ancestors 'self' https://my.appyourself.net; frame-src 'self' https://*.gt-net.de https://buergerservice.ionas.de https://energietools.ea-nrw.de https://gis-kreisgt.maps.arcgis.com https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://iframe.dacast.com https://kb.ionas.de https://kgt.g.geoplex.de https://ratgeber.co2online.de https://www.freinet-online.de https://www.google.com https://www.kununu.com https://www.youtube.com; img-src 'self' data: https://geoportal.kreis-guetersloh.de https://statistiken.gt-net.de https://www.eye-able-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiken.gt-net.de; script-src-elem 'self' 'unsafe-inline' https://app.cituro.com https://cdn.jsdelivr.net https://statistiken.gt-net.de https://www.eye-able-cdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.gt-net.de https://www.eye-able-cdn.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' *.google.com *.googleapis.com *.googlecode.com 'unsafe-inline' 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://connect.facebook.net https://d2xerlamkztbb1.cloudfront.net https://d221oziut8gs4d.cloudfront.net https://d2z0twhaibasxg.cloudfront.net https://d2ichgn6omvugs.cloudfront.net https://d153e9at4fnie6.cloudfront.net https://d1wu4soocuytwy.cloudfront.net https://drwfflduv8b86.cloudfront.net https://d31h7krfuoootc.cloudfront.net https://d39xfemx07z9k2.cloudfront.net https://*.doubleclick.net https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://*.zoomanalytics.co https://*.zoomengage.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://secure.gravatar.com https://*.addiko.com https://fonts.googleapis.com https://abc-mautic.mar.addiko.com https://vidnet.addiko.hr https://vid.addiko.hr https://platform.twitter.com https://virtualnaposlovnica.addiko.hr https://vid.addiko.hr https://www.addiko.hr https://openfpcdn.io https://ebank.addiko.hr https://analytics.google.com https://www.googleoptimize.com https://*.google.com https://*.google.rs https://*.google.hr https://kreditizapoduzetnike.addiko.hr; style-src 'self' 'unsafe-inline' data: https: https://*.addiko.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-src 'self' https://*.doubleclick.net https://www.google.com https://*.addiko.com https://*.youtube.com https://nle.in.rs https://*.facebook.com https://recaptcha.google.com https://dev4.in.rs; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.addiko.com https://cdn.cookielaw.org https://*.onetrust.com https://yoast.com https://www.google-analytics.com https://*.doubleclick.net https://*.youtube.com https://*.zoomanalytics.co https://*.zoomengage.com https://ebank.addiko.hr https://pagead2.googlesyndication.com wss://ebank.addiko.hr wss://virtualnaposlovnica.addiko.hr https://abc-mautic.mar.addiko.com https://vidnet.addiko.hr wss://vidnet.addiko.hr wss://vidnet.addiko.hr:7443 https://vid.net.addiko.hr wss://vid.net.addiko.hr wss://vid.net.addiko.hr:7443 https://vid.addiko.hr wss://vid.addiko.hr wss://vid.addiko.hr:7443 https://ebank.addiko.hr:8086 https://maps.googleapis.com https://virtualnaposlovnica.addiko.hr https://kreditizapoduzetnike.addiko.hr https://web7.addiko.hr https://openfpcdn.io https://www.facebook.com https://analytics.google.com https://*.google.com https://*.google.rs https://*.google.hr wss://vid-t.net.addiko.hr; img-src 'self' data: https://*.w.org https://*.addiko.com https://secure.gravatar.com https://virtualnaposlovnica.addiko.hr https://*.doubleclick.net https://www.googletagmanager.com https://*.yandex.ru https://*.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.rs https://*.youtube.com https://*.gstatic.com https://*.google.com https://maps.googleapis.com https://d2xerlamkztbb1.cloudfront.net https://d221oziut8gs4d.cloudfront.net https://d2z0twhaibasxg.cloudfront.net https://d2ichgn6omvugs.cloudfront.net https://d153e9at4fnie6.cloudfront.net https://d1wu4soocuytwy.cloudfront.net https://drwfflduv8b86.cloudfront.net https://d31h7krfuoootc.cloudfront.net https://d39xfemx07z9k2.cloudfront.net https://maps.google.com https://maps.gstatic.com https://www.addiko.rs https://www.addiko.me https://www.addiko.hr https://www.facebook.com https://*.google.com https://*.google.rs https://*.google.hr https://vidnet.addiko.hr https://vid.addiko.hr https://ebank.addiko.hr https://*.zoomanalytics.co https://*.zoomengage.com https://kreditizapoduzetnike.addiko.hr; manifest-src 'self'; media-src 'self' data: https://*.youtube.com; worker-src 'self' blob://www.addiko.hr; frame-ancestors 'self' https://*.doubleclick.net https://www.google.com https://*.youtube.com; font-src 'self' data: https://*.addiko.com https://*.gstatic.com https://vidnet.addiko.hr https://vid.addiko.hr https://virtualnaposlovnica.addiko.hr https://ebank.addiko.hr; form-action 'self' https://www.facebook.com; 1
script-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ 'unsafe-inline' 'unsafe-eval' blob:;connect-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/;frame-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ mailto:;frame-ancestors https://mytest.efrei.fr https://www.efrei.fr https://*.myefrei.fr/ 'self';worker-src https://*.myefrei.fr/ blob: 'self';img-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ data: blob:;object-src 'self';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-XIMXVMT5DGPCWFkwdPNXHz3G3F0='; style-src 'nonce-XIMXVMT5DGPCWFkwdPNXHz3G3F0=' 1
default-src; base-uri 'none'; connect-src 'self' https://chilebt.com:8443/socket.io/ wss://chilebt.com:8443/socket.io/; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https:; img-src 'self' https:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js 'nonce-d7203c51fedcc8f45d17701e6e5f1ee6'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/css/bootstrap-datetimepicker.min.css; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://cdn.pricespider.com blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; img-src 'self' https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://*.tile.openstreetmap.org data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 1
default-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com static.zdassets.com ekr.zdassets.com littlebigconnection.zendesk.com *.zopim.com  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.littlebigconnection.com www.littlebigconnection.com data: *.littlebigconnection.com *.walkme.com www.googletagmanager.com *.googletagmanager.com www.googleadservices.com www.google.com maps.googleapis.com cdnjs.cloudflare.com client.crisp.chat connect.facebook.net snap.licdn.com www.google-analytics.com cdn.mouseflow.com settings.crisp.chat ajax.googleapis.com gl.hostcg.com cdn4.mxpnl.com assets.calendly.com www.gstatic.com *.agilecrm.com maxcdn.bootstrapcdn.com static.zdassets.com *.littlebigconnection.com code.jquery.com widget-mediator.zopim.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com data.eu.pendo.io littlebigconnection.toucantoco.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net consent.cookiebot.com consentcdn.cookiebot.com unpkg.com *.hs-scripts.com *.hsforms.com  ; style-src 'self' 'unsafe-inline' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com fonts.googleapis.com client.crisp.chat cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.gstatic.com use.typekit.net p.typekit.net use.fontawesome.com cdn.walkme.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com littlebigconnection.toucantoco.com  ; img-src 'self' data: *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com maps.gstatic.com *.linkedin.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com www.google.fr image.crisp.chat s3.walkmeusercontent.com *.walkme.com p.adsymptotic.com v2assets.zopim.io static.zdassets.com gl.hostcg.com *.swagger.io v2uploads.zopim.io static.zdassets.com cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com data.eu.pendo.io littlebigconnection.toucantoco.com api-littlebigconnection.toucantoco.com *.hubspot.com cdn2.hubspot.net *.hsforms.com  ; font-src 'self' data: *.littlebigconnection.com www.littlebigconnection.com data: *.littlebigconnection.com fonts.gstatic.com settings.crisp.chat client.crisp.chat use.fontawesome.com use.typekit.net maxcdn.bootstrapcdn.com littlebigconnection.toucantoco.com  ; connect-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com *.walkme.com *.crisp.chat wss://*.crisp.chat wss://widget-mediator.zopim.com www.facebook.com api-js.mixpanel.com ekr.zdassets.com littlebigconnection.zendesk.com maps.googleapis.com www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com o2.mouseflow.com stats.g.doubleclick.net widget-mediator.zopim.com app.eu.pendo.io data.eu.pendo.io pendo-eu-static-4769335516987392.storage.googleapis.com littlebigconnection.toucantoco.com api-littlebigconnection.toucantoco.com wss://api-littlebigconnection.toucantoco.com *.hubspot.com api.hubapi.com *.usemessages.com *.hsleadflows.net *.hs-banner.com *.hubspotfeedback.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.hsforms.com consentcdn.cookiebot.com  ; media-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com static.zdassets.com v2uploads.zopim.io  ; frame-src 'self' 'unsafe-inline' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com airliquide-test.coupahost.com *.walkme.com calendly.com www.google.com www.googletagmanager.com www.youtube.com www.facebook.com auth.apps.airliquide.com app.eu.pendo.io *.hubspot.com static.hsappstatic.net *.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com consentcdn.cookiebot.com b771aefe.sibforms.com  ; frame-ancestors 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com airliquide.coupahost.com app.eu.pendo.io  ; child-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com app.eu.pendo.io app.hubspot.com *.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com  ; worker-src 'self' *.littlebigconnection.com www.littlebigconnection.com *.littlebigconnection.com  ; form-action 'self' *.littlebigconnection.com littlebigconnection.com *.littlebigconnection.com airliquide-test.coupahost.com fisso-intra-vip.preprod.macif.fr directory-veolia.appspot.com accounts.google.com auth.mantu.com login.corp.ovh.com idpdecathlon.oxylane.com fisso-intra.macif.fr fisso-hub.macif.fr www.facebook.com sso.connect.pingidentity.com portal.sephora.eu smartfed.iis.amadeus.net *.ult-inwebo.com www.myinwebo.com auth.biomerieux.com airliquide.coupahost.com aser0001.ww.faurecia.com aser0002.ww.faurecia.com aser0003.ww.faurecia.com safe.menlosecurity.com auth.apps.airliquide.com iam.sandbox.bouyguestelecom.fr iam.bouyguestelecom.fr www.mon-compte.sandbox.bouyguestelecom.fr www.mon-compte.bouyguestelecom.fr apps4u.valeo.com apps4u-sso.valeo.com my.apps4u.valeo.com sso.apps4u.valeo.com valeo-apps4u.memority.fr login.corp.ovh.com myid.siemens.com *.myid.siemens.com auxmyid.siemens.com smartfed.iis.amadeus.net okta.lvmh.com *.hsforms.com *.hubspot.com uat.cloudgateway.saint-gobain.com pp.websso.saint-gobain.com www.urssaf.fr *.caas.intra.groupama.fr authentification.groupama.com *.caas-nonprod.intra.groupama.fr cloudsso.saint-gobain.com fdj.oktapreview.com fdj.okta-emea.com pp-sso-digitalpassport.hubtotal.net sso-digitalpassport.hubtotal.net  https://login.microsoftonline.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' *.liveperson.net *.teljoy.io *.maids.cc; 1
frame-ancestors 'self' https://*.zappy.dev https://*.zappy.pro https://*.zappysoftware.com; 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-V+GKkVTMtRthAkuqtbwlRw==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-HvvN5yPriLCRgi9bVg0Hozz+q2IBkC2kcKL/3qvA0J8=' 'sha256-xGW3t2xpyqjAcyhMhYMWQzn6m/fL1Wj/aig8sUa54o0=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io 'unsafe-inline'; connect-src 'self' *.fyndiq.se *.cdon-qlty.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.azurewebsites.net https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel:; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; object-src 'self' blob; upgrade-insecure-requests; frame-ancestors 'self' http://heinzmarketing.pathfactory.com https://heinzmarketing.pathfactory.com http://discover.heinzmarketing.com https://discover.heinzmarketing.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://musician.social; img-src 'self' https: data: blob: https://musician.social; style-src 'self' https://musician.social 'nonce-bg5emT3OzQhwTPXXLkMXMQ=='; media-src 'self' https: data: https://musician.social; frame-src 'self' https:; manifest-src 'self' https://musician.social; form-action 'self'; child-src 'self' blob: https://musician.social; worker-src 'self' blob: https://musician.social; connect-src 'self' data: blob: https://musician.social https://cdn.masto.host wss://musician.social; script-src 'self' https://musician.social 'wasm-unsafe-eval' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cutter.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://connect.facebook.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.cutter.com https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://*.cutter.com https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com https://stats.g.doubleclick.net https://www.facebook.com https://*.linkedin.com; frame-src https://*.cutter.com https://www.google.com https://*.youtube.com https://*.vimeo.com https://cutter.actonsoftware.com https://s7.addthis.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.cutter.com https://*.addthis.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.vimeo.com *.facebook.com *.marketo.com *.driftt.com *.zdassets.com *.zendesk.com *.hotjar.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com https://get.sanabenefits.com https://consentcdn.cookiebot.com https://widget.trustpilot.com us01ccistatic.zoom.us 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=46gvcfpiqu9bb&partner=; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-aa54afe1e8e66b52cbec70a86e07f4b9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com https://maps.google.co.in https://*.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://digisaathi.info ajax.cloudflare.com cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://site-assets.fontawesome.com ajax.cloudflare.com cdnjs.cloudflare.com static.cloudflareinsights.com; object-src 'self'; 1
default-src 'self' data: *.yandex.ru *.cloudflare.com *.gstatic.com *.google.com *.bitrix24.ru *.bitrix24.com *.intellectmoney.ru *.rsb.ru *.rsb.ru:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn3.caltat.com *.data-leads.ru manalyticshub.com profilepxl.ru c8tys.tnsis.ru *.intellectmoney.ru intellectmoney.ru *.yandex.ru *.bitrix24.ru *.cloudflare.com *.google.com *.gstatic.com api.flocktory.com dmp.one; connect-src 'self' *.intellectmoney.ru intellectmoney.ru *.doubleclick.net *.qiwi.com *.tildacdn.com profilepxl.ru *.dmp.one tls-eun1.fpapi.io jsonip.com www.google-analytics.com app.comagic.ru *.yandex.ru *.intellectmoney.ru *.bitrix24.ru *.bitrix24.com 3ds.payment.ru app.ecwid.com dmp.one; img-src 'self' blob: *.intellectmoney.ru data: profilepxl.ru acint.net get4click.ru *.hot-wifi.ru whitesaas.com counter.yadro.ru static.tildacdn.com dmp.one api.qrserver.com vk.com cdnjs.cloudflare.com reformal.ru *.google-analytics.com sealserver.trustwave.com *.yandex.ru *.intellectmoney.ru *.cdnvideo.ru *.gstatic.com *.bitrix24.ru *.googleapis.com *.google.com assets.flocktory.com flocktory.com api.flocktory.com intellectmoney.ru; style-src 'self' 'unsafe-inline' *.cloudflare.com intellectmoney.ru *.bitrix24.ru; script-src-elem 'unsafe-inline' *.googletagmanager.com *.tildacdn.com cdn3.caltat.com *.data-leads.ru manalyticshub.com profilepxl.ru c8tys.tnsis.ru dmp.one yastatic.net ajax.googleapis.com app.comagic.ru www.google-analytics.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com www.hCaptcha.com cdn.synergy.ru syn.su media.reformal.ru ssl.google-analytics.com *.intellectmoney.ru intellectmoney.ru *.yandex.ru *.bitrix24.ru *.cloudflare.com *.google.com *.gstatic.com 3ds.payment.ru api.flocktory.com; style-src-elem 'unsafe-inline' *.tildacdn.com maxcdn.bootstrapcdn.com www.hCaptcha.com twitter-widgets.s3.amazonaws.com twitter-widgets.s3.amazonaws.com *.intellectmoney.ru intellectmoney.ru *.yandex.ru *.bitrix24.ru *.cloudflare.com *.google.com *.gstatic.com assets.flocktory.com fonts.googleapis.com; script-src-attr 'unsafe-inline' *.intellectmoney.ru; style-src-attr 'unsafe-inline' *.intellectmoney.ru; frame-src 'self' * ; font-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.tildacdn.com *.intellectmoney.ru intellectmoney.ru maxcdn.bootstrapcdn.com www.hCaptcha.com fonts.gstatic.com; frame-ancestors 'self' * ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ctctcdn.com *.cloudflare.com *.gstatic.com maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' *.ctctcdn.com *.fontawesome.com fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' *.ctctcdn.com maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' *.fontawesome.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' *.constantcontact.com *.ctctcdn.com accounts.google.com *.google-analytics.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ www.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://d3c3cq33003psk.cloudfront.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; object-src 'self'; img-src 'self' data: https://www.facebook.com *.google-analytics.com *.analytics.google.com  https://www.google.com https://www.google.gr; font-src 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net; frame-src 'self' https://6634731.fls.doubleclick.net https://www.google.com https://survey.alchemer.eu https://www.youtube.com; media-src 'self' 1
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src	'self'	'unsafe-inline'	https://*.google-analytics.com/	https://*.addtoany.com	https://*.talentadore.com   https://occhat.elisa.fi   https://embed.typeform.com; script-src	'self'	'unsafe-eval'    'unsafe-inline'	https://*.pingdom.net/	https://*.pinimg.com/	https://static.ads-twitter.com/uwt.js	https://*.pardot.com	http://*.hotjar.com	https://*.hotjar.com	http://*.hotjar.io	https://*.hotjar.io	wss://*.hotjar.com	https://connect.facebook.net	https://js.stripe.com	https://*.google-analytics.com/	https://*.googleoptimize.com	https://tagmanager.google.com	https://*.googletagmanager.com	https://www.googleadservices.com	https://www.google.com	https://www.googleadservices.com	https://googleads.g.doubleclick.net	https://*.pinimg.com	https://policy.app.cookieinformation.com	https://px.ads.linkedin.com	https://s2.adform.net	https://snap.licdn.com	https://track.adform.net	https://ninchat.com	https://ninchat.s3.amazonaws.com	https://api.ninchat.com	http://localhost:8085/banner-contract.js	https://localhost:8085/banner-contract.js	*.addtoany.com	*.ats.talentadore.com	https://secure.gravatar.com	https://*.talentadore.com/	https://*.cloudflare.com/	https://px4.ads.linkedin.com	https://*.pinimg.com	https://translate.googleapis.com	https://px.ads.linkedin.com	https://px4.ads.linkedin.com  https://campaign.aava.fi   https://occhat.elisa.fi    https://embed.typeform.com; img-src	'self'	data:	https://*.linkedin.com	https://t.co	https://*.adform.net	https://www.aava.fi	https://aava.wpengine.com	https://*.pinterest.com/	https://*.w.org	http://*.hotjar.com	https://*.hotjar.com	http://*.hotjar.io	https://*.hotjar.io	https://*.facebook.com	https://*.facebook.net	https://js.stripe.com	https://s3.eu-central-1.amazonaws.com	https://static.paytrail.com/static/	https://*.facebook.com	https://*.google-analytics.com/	https://*.googletagmanager.com/	https://ssl.gstatic.com/	https://*.gravatar.com	https://*.twitter.com	https://*.youtube.com	https://*.adform.net	https://*.g.doubleclick.net	https://*.google.com	https://*.google.ae	https://*.google.at	https://*.google.be	https://*.google.ch	https://*.google.co.uk	https://*.google.com.sg	https://*.google.com.tr	https://*.google.cz	https://*.google.de	https://*.google.dk	https://*.google.ee	https://*.google.es	https://*.google.fi	https://*.google.fr	https://*.google.gr	https://*.google.hu	https://*.google.ie	https://*.google.it	https://*.google.lt	https://*.google.lu	https://*.google.lv	https://*.google.nl	https://*.google.no	https://*.google.pl	https://*.google.pt	https://*.google.ru	https://*.google.se	https://*.google.sk	https://googleads.g.doubleclick.net	https://px.ads.linkedin.com	https://px4.ads.linkedin.com	https://*.googletagmanager.com	https://*.gstatic.com	https://*.google.com	https://*.pinterest.com   https://occhat.elisa.fi; font-src 	'self' 	data:	https://fonts.gstatic.com	https://ninchat.com	https://*.hotjar.com; frame-src	http://*.hotjar.com	https://*.hotjar.com	http://*.hotjar.io	https://*.hotjar.io	https://js.stripe.com	https://ninchat.com	https://policy.app.cookieinformation.com	https://*.addtoany.com	https://*.youtube.com	https://*.youtu.be	https://*.facebook.com	https://*.adform.net/	https://*.pinterest.com	https://bid.g.doubleclick.net	https://www.facebook.com   https://occhat.elisa.fi   https://form.typeform.com; connect-src	'self'	https://*.pingdom.net	https://*.pinterest.com/	http://*.hotjar.com	https://*.hotjar.com	http://*.hotjar.io	https://*.hotjar.io	wss://*.hotjar.com	http://localhost:8085/dist/cabl.json	https://localhost:8085/dist/cabl.json	https://api.ninchat.com	https://consent.app.cookieinformation.com/	https://ninchat.com	https://policy.app.cookieinformation.com	https://*.g.doubleclick.net	https://*.google-analytics.com	https://*.analytics.google.com	https://*.googletagmanager.com	https://*.gravatar.com	https://*.talentadore.com	https://*.google.com	https://*.google.ae	https://*.google.at	https://*.google.be	https://*.google.ch	https://*.google.co.uk	https://*.google.com.sg	https://*.google.com.tr	https://*.google.cz	https://*.google.de	https://*.google.dk	https://*.google.ee	https://*.google.es	https://*.google.fi	https://*.google.fr	https://*.google.gr	https://*.google.hu	https://*.google.ie	https://*.google.it	https://*.google.lt	https://*.google.lu	https://*.google.lv	https://*.google.nl	https://*.google.no	https://*.google.pl	https://*.google.pt	https://*.google.ru	https://*.google.se	https://*.google.sk	https://*.adform.net	https://*.seadform.net	https://*.pinimg.com	https://www.facebook.com	https://connect.facebook.net	https://*.s3.eu-central-1.amazonaws.com   https://occhat.elisa.fi    wss://occhat.elisa.fi 1
frame-ancestors 'self' http://www.jetztspielen.ws 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; img-src 'self' https://cdn.onderwijsportalen.nl https://api.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com https://i.ytimg.com https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onderwijsportalen.nl https://forms.onderwijsportalen.nl  https://api.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://cdn.jwplayer.com https://content.jwplatform.com https://ssl.p.jwpcdn.com; media-src 'self' https://videos-cloudfront.jwpsrv.com https://content.jwplatform.com blob:; worker-src  'self'  blob:; 1
font-src 'self' *.tawk.to fonts.gstatic.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com v2.zopim.com smartsupp-widget-161959.c.cdn77.org data: 1
default-src 'self' cdn.wcc.witt-international.sk https://cdn.wcc.witt-international.sk/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-international.sk fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-international.sk/graphql cdn.wcc.witt-international.sk cdn.witt.info/ images.ctfassets.net te.witt-international.sk tp.witt-international.sk wasp.witt-international.sk wst.witt-international.sk *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-international.sk https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-international.sk www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-international.sk checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-international.sk *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-international.sk cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-international.sk *.dixa.io;    worker-src 'self' cdn.wcc.witt-international.sk blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-9dec39aab8d162200b70d73d4b18e640'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action zed.oneal.eu threedssvc.pay1.de www.sofort.com www.sandbox.paypal.com www.paypal.com google.com www.oneal-b2b.com www.azonic.eu apple-pay-gateway.apple.com apple-pay-gateway-cert.apple.com cn-apple-pay-gateway-cert.apple.com apple-pay-gateway-nc-pod1.apple.com apple-pay-gateway-nc-pod2.apple.com apple-pay-gateway-nc-pod3.apple.com apple-pay-gateway-nc-pod4.apple.com apple-pay-gateway-nc-pod5.apple.com apple-pay-gateway-pr-pod1.apple.com apple-pay-gateway-pr-pod2.apple.com apple-pay-gateway-pr-pod3.apple.com apple-pay-gateway-pr-pod4.apple.com apple-pay-gateway-pr-pod5.apple.com cn-apple-pay-gateway-sh-pod1.apple.com cn-apple-pay-gateway-sh-pod2.apple.com cn-apple-pay-gateway-sh-pod3.apple.com cn-apple-pay-gateway-tj-pod1.apple.com cn-apple-pay-gateway-tj-pod2.apple.com cn-apple-pay-gateway-tj-pod3.apple.com product-configurator.spryker.local routing.eps.or.at idealtest.secure-ing.com gpc-sys.pay1.de www.paydirekt.de banking.volksbank.at www.banking.co.at onlinebanking.hypovbg.at hypoonline.hypotirol.com geb.bankaustria.at eps.bawag.at eps.tst.bawag.at eservice.sparkasse.at eservice.fat.sparkasse.at mein-eps.raiffeisen.at mein-eps.hypo.at banking-oberbank.at banking.schoellerbank.at www.abnamro.nl betalen.rabobank.nl diensten.asnbank.nl diensten.snsbank.nl ideal.triodos.nl diensten.regiobank.nl ideal.ing.nl ideal.knab.nl ideal.vanlanschotkempen.com 'self' 1
frame-ancestors cfeinternet.mx 1
frame-ancestors *.techdata.eu *.techdata.com *.tdworldwide.com *.tdsynnex.eu *.tdsynnex.com *.tdebusiness.cloud 1
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 1
default-src 'self'; script-src 'self'; connect-src *; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'self'; form-action 'self'; frame-src 'self' https://embeds.beehiiv.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.commercetools.com:* https://statamic.commercetoolsstaging.com https://forms.hsforms.com:* https://js.hsforms.net/forms/v3.js https://js.hsforms.net/forms/v2.js https://cdn.cookielaw.org:* https://js.driftt.com:* https://boards-api.greenhouse.io:* https://ajax.googleapis.com:* https://js.hs-scripts.com:* https://app.plant-for-the-planet.org/treecounter-widget/js/pftpTreeCounterWidget https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://*.googletagmanager.com:* https://js.hs-banner.com:* https://js.hsadspixel.net:* https://js.hs-analytics.net:* https://j.6sc.co/6si.min.js https://www.google.com/pagead/conversion_async.js https://static.oktopost.com/oktrk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbds.js https://static.hotjar.com:* https://www.googleadservices.com:* https://www.google-analytics.com/analytics.js https://js.hs-analytics.net/analytics/1616516100000/4784080.js https://googleads.g.doubleclick.net:* https://www.youtube.com:* https://player.vimeo.com:* https://www.plant-for-the-planet.org:* https://app.plant-for-the-planet.org:* https://gofor.super360.de:* https://okt.to:* https://script.hotjar.com:* https://www.google.com/recaptcha/enterprise.js:* https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__en_gb.js https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__en.js https://www.gstatic.com/recaptcha/releases:* https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en_gb.js https://www.google.com/recaptcha/enterprise.js:* https://google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://platform.twitter.com:* https://static.ads-twitter.com/oct.js https://tagmanager.google.com https://www.google.com https://www.gstatic.com:* https://*.bizzabo.com:* https://modern-commerce-day.com:* https://clearout.io:* https://*.clearout.io:* https://*.bing.com:* https://*.clarity.ms:* https://snap.licdn.com:*;connect-src 'self' https://*.commercetools.com:* https://statamic.commercetoolsstaging.com https://boards-api.greenhouse.io:* https://training-booking-system-commercetools.vercel.app:* https://cdn.cookielaw.org:* https://privacyportal-eu.onetrust.com:* https://ipapi.co:* https://api.hubapi.com:* https://api.hubapi.com/hs-script-loader-public/v1/config/pixel:* https://stats.g.doubleclick.net:* https://api.rss2json.com:*  https://in.hotjar.com:*  https://ws3.hotjar.com:* wss://ws3.hotjar.com/api/v2/client/ws wss://ws18.hotjar.com:* wss://*.hotjar.com:* https://*.hotjar.com:* https://hotjar.com:* https://*.hotjar.io:* https://analytics.google.com:* https://gofor.super360.de/license_cusA.json https://hubspot-forms-static-embed.s3.amazonaws.com:* https://secure.adnxs.com:* https://c.6sc.co:* https://forms.hsforms.com:* https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://geolocation.onetrust.com/cookieconsentpub:* https://www.google-analytics.com:* https://www.google-analytics.com/j/collect:* https://*.google-analytics.com https://*.analytics.google.com https://ipv6.6sc.co https://*.googletagmanager.com:* https://*.bizzabo.com/event:* https://*.bizzabo.com/event/unique-name/415171 https://modern-commerce-day.com:* https://clearout.io:* https://*.clearout.io:* https://*.bing.com:* https://*.clarity.ms:* https://snap.licdn.com:* https://pagead2.googlesyndication.com/* https://googleads.g.doubleclick.net/* https://google.com/pagead/* https://px.ads.linkedin.com/* ;img-src 'self' https://*.commercetools.com:* https://statamic.commercetoolsstaging.com https://cdn.cookielaw.org:* https://www.google-analytics.com https://*.googletagmanager.com:* https://optimize.google.com https://facebook.com/tr https://b.6sc.co https://www.google.com https://px4.ads.linkedin.com/collect https://px.ads.linkedin.com/collect https://www.google.de/pagead/1p-user-list/879446983 https://www.google.de/pagead/1p-user-list/881680189 https://www.google.de/ads/ga-audiences https://track.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net data: https:;media-src 'self' https://*.commercetools.com:* https://statamic.commercetoolsstaging.com;style-src 'self' 'unsafe-inline' http://hello.myfonts.net/count/3efac6 https://www.plant-for-the-planet.org:* https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.gstatic.com:* ;base-uri 'self';form-action 'self' https://forms.hsforms.com:*;manifest-src 'self';frame-src 'self' https://*.commercetools.com:* https://statamic.commercetoolsstaging.com https://js.driftt.com:* https://www.youtube.co:* https://www.youtube.com:* https://www.youtube-nocookie.com:* https://app.hubspot.com:* https://player.vimeo.com:* https://api.hubapi.com/hs-script-loader-public/v1/config/pixel:* https://hubs.li:* https://vars.hotjar.com:* https://*.doubleclick.net:* https://forms.hsforms.com:* https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://optimize.google.com https://platform.twitter.com/ https://bid.g.doubleclick.net https://*.bizzabo.com;font-src 'self' https://www.plant-for-the-planet.org:* data: https://cdn.vev.design:* https://fonts.gstatic.com:*; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src 'self' blob:; img-src 'self' blob: data: p.typekit.net 1
frame-ancestors 'self' catalog.coolcat.org sprin-mt.iii.com; 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';  worker-src 'none'; connect-src 'self'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://connect.facebook.net/en_US/fbevents.js https://remote.captcha.com/include.js 1
default-src 'self'; script-src 'self' https://maps.googleapis.com; object-src 'none'; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://maps.googleapis.com  https://maps.gstatic.com data:; media-src 'self'; child-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://maps.googleapis.com; frame-src 'self' https://*.sessionlinkpro.com; frame-ancestors 'none'; form-action 'self'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.cloudflare.com *.attn.tv *.attentivemobile.com fonts.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.ometria.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.xtento.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.criteo.com *.doubleclick.net *.typeform.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.vimeo.com *.moatads.com *.hotjar.com *.pinterest.com *.pinterest.co.uk *.attn.tv *.attentivemobile.com optimize.google.com vimeo.com js.stripe.com hooks.stripe.com https://*.adsrvr.org https://mention-me.com https://*.mention-me.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.ytimg.com/ validator.swagger.io www.apptrian.com store.paradoxlabs.com www.xtento.com cdn.xtento.com https://images.unsplash.com *.facebook.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.criteo.com *.google.co.uk *.twitter.com *.addthis.com *.twimg.com *.paypal.com *.bing.com *.ometria.com *.cloudflare.com *.postcodeanywhere.co.uk *.cloudfront.net *.linksynergy.com *.pinterest.com *.attn.tv *.attentivemobile.com optimize.google.com *.hotjar.com *.mailchimp.com https://layby.flowerbx.com http://dev.flowerbx.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google-analytics.com www.apptrian.com www.xtento.com cdn.xtento.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.rakuten.com *.newrelic.com *.nr-data.net *.cookiepro.com *.criteo.net *.criteo.com *.googlesyndication.com *.typeform.com *.google.com *.addthis.com *.addthisedge.com *.moatads.com *.facebook.com *.facebook.net *.twitter.com *.syndication.twimg.com *.vimeo.com *.cloudflare.com *.bing.com *.polyfill.io *.postcodeanywhere.co.uk *.ometria.com *.edgeme.sh polyfill.io *.hotjar.com *.hotjar.io *.pcapredict.com *.adobedtm.com *.authorize.net *.rmtag.com *.zdassets.com 'self' data: *.pinimg.com *.attn.tv *.attentivemobile.com capig.flowerbx.com capigateway.realtimeagency.com *.googleanalytics.com *.googleoptimize.com optimize.google.com https://pageimprove.io https://*.pageimprove.io js.stripe.com https://*.adsrvr.org https://mention-me.com https://*.mention-me.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googletagmanager.com *.googleapis.com *.cloudflare.com *.twitter.com *.postcodeanywhere.co.uk *.attn.tv *.attentivemobile.com optimize.google.com fonts.googleapis.com *.hotjar.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com *.vimeo.com *.akamaized.net 172vod-adaptive.akamaized.net player.vimeo.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://get.geojs.io *.avada.io *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.akamaized.net 172vod-adaptive.akamaized.net *.vimeo.com *.cookiepro.com *.doubleclick.net *.ometria.com *.addthis.com *.paypal.com *.edgeme.sh *.postcodeanywhere.co.uk *.hotjar.com *.hotjar.io cdn-ometria-com.s3-eu-west-1.amazonaws.com *.cdn-ometria-com.s3-eu-west-1.amazonaws.com *.zdassets.com *.zendesk.com *.onetrust.com *.pinterest.com wss://*.hotjar.com wss://widget-mediator.zopim.com *.attn.tv *.attentivemobile.com capig.flowerbx.com capigateway.realtimeagency.com https://pageimprove.io https://*.pageimprove.io https://*.adsrvr.org https://mention-me.com https://*.mention-me.com *.trustpilot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'  https://ots.lapetite.com https://*.childtime.com https://es.tutortime.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://cdn.segment.com/ https://*.basis.net https://*.sitescout.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.childtime.com https://media.winnie.com https://cdn.segment.com *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.basis.net https://*.sitescout.com ;style-src 'self' 'unsafe-inline' https://*.childtime.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self'  http://* https://* data: ; 1
default-src 'self'; base-uri 'self'; form-action 'self';  script-src-elem https://partenaires.capitol.fr 'self' https://cdn.ampproject.org:443 'unsafe-inline' https://webstats.tradition.ch:443; img-src https://partenaires.capitol.fr 'self' https://webstats.tradition.ch:443; style-src-elem 'self' https://partenaires.capitol.fr 'unsafe-inline'; style-src-attr 'unsafe-inline'; connect-src 'self' https://webstats.tradition.ch:443 https://tradition.com/umbraco/webservices/TreeClientService.asmx/GetInitAppTreeData; script-src 'unsafe-eval'; frame-src 'self' https://partenaires.capitol.fr:443; frame-ancestors 'self'; script-src-attr 'unsafe-inline'; object-src 'none';  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.radisys.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://cdn.sitesearch360.com/ http://ajax.googleapis.com/ https://ajax.googleapis.com/ https://app-abm.marketo.com/ https://www.buzzsprout.com/; style-src 'self' 'unsafe-inline' https://go.radisys.com/ https://use.typekit.net/ https://p.typekit.net/ https://app-abm.marketo.com/; img-src 'self' data: https://www.radisys.com http://www.radisys.com https://radisys.com http://radisys.com https://dev-radisys-cpaas.smarttstage.com/ https://content.cdntwrk.com/ https://www.google-analytics.com/ https://i.ytimg.com https://i.vimeocdn.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src 'self' https://go.radisys.com/ https://www.youtube.com/ https://consentcdn.cookiebot.com/ https://player.vimeo.com/ https://app-abm.marketo.com/ https://www.buzzsprout.com/; font-src 'self' https://use.typekit.net/; child-src 'self'; connect-src 'self' https://consentcdn.cookiebot.com/ https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net; manifest-src 'self'; media-src 'self'; object-src 'self'; worker-src 'self'; 1
block-all-mixed-content; frame-ancestors *.paulinhomotos.com.br 1
report-uri https://www.enerds.com.au 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ntc.party/logs/ https://ntc.party/sidekiq/ https://ntc.party/mini-profiler-resources/ https://ntc.party/assets/ https://ntc.party/extra-locales/ https://ntc.party/highlight-js/ https://ntc.party/javascripts/ https://ntc.party/plugins/ https://ntc.party/theme-javascripts/ https://ntc.party/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://ntc.party/assets/ https://ntc.party/javascripts/ https://ntc.party/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; connect-src 'self' *.readspeaker.com *.google-analytics.com stats.g.doubleclick.net *.googleapis.com https://ipv4.icanhazip.com https://chatbottest.appypie.com https://us-central1-chatbot-production-d6ea3.cloudfunctions.net *.appypie.com  *.aladhan.com; font-src 'self' *.gstatic.com  *.fontawesome.com; frame-src 'self' *.google.com menafn.com *.youtube-nocookie.com *.true-markets.net *.youtube.com *.clutch.co; img-src 'self' data: *.google-analytics.com *.readspeaker.com *.gstatic.com *.google.com *.googleapis.com i.ytimg.com *.google.jo https://chatbot.appypie.com; manifest-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.readspeaker.com *.jsdelivr.net  https://chatbot.appypie.com *.clutch.co; style-src 'self' 'unsafe-inline' *.googleapis.com *.readspeaker.com   https://pro.fontawesome.com/releases/v5.10.0/css/all.css  https://designcloudtest.appypie.com https://chatbot.appypie.com/; media-src 'self' https://chatbot.appypie.com; form-action 'self' ; worker-src 'self'; child-src 'self'; frame-ancestors 'self' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic' 'self'; script-src * data: blob: 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'unsafe-inline' 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src data: * blob: 'unsafe-inline' 'self'; frame-src * data: blob: 'self' web-chat.nativechat.com; connect-src data: * blob: 'unsafe-inline' 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; frame-ancestors * data: blob: 'unsafe-inline' 'self'; child-src web-chat.nativechat.com 'self' 1
frame-ancestors 'self' https://www.skb.net https://pro.skb.net; 1
frame-ancestors 'self' www.furniturelandsouth.com 1
frame-ancestors 'self' *.remscheid.de translate.google.com 1
frame-ancestors 'self' simplepractice.com *.simplepractice.com 1
default-src 'none'; base-uri 'self'; object-src 'self'; media-src 'self'; connect-src 'self'; script-src kuario.com *.kuario.com 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' data: secure.gravatar.com *.kuario.com kuario.com; font-src 'self' *.kuario.com kuario.com data:; frame-src 'self' www.youtube.com status.kuario.com kuario.statuspage.io; style-src 'unsafe-inline' 'self' kuario.com *.kuario.com 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-LaeEx07wGzI3x34gTF+dcw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src  'self' 'unsafe-inline' 'unsafe-eval' data: wss://*.corezoid.com/ws wss://ws.corezoid.com https://fonts.gstatic.com https://*.corezoid.com https://simulator.company https://*.simulator.company https://*.google.com/ https://accounts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://www.youtube-nocookie.com https://www.youtube.com/embed/ https://checkout.stripe.com https://b.stripecdn.com https://q.stripe.com https://*.doubleclick.net https://widget.sender.mobi https://*.sender.mobi  https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.polyfill.io https://*.gstatic.com https://www.googleadservices.com https://www.google.com.ua https://*.hotjar.com https://admin.corezoid.com https://widget.sender.mobi https://*.gravatar.com wss://ws.corezoid.com https://*.sharethis.com https://widget.control.events 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none';base-uri 'none';frame-ancestors 'self' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles allvolleyball.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com searchspring.io api.omappapi.com  api.userway.org api.trstplse.com ev2g0b.a.searchspring.io beacon.searchspring.io personalization-wp-service.cluster.app-us1.com cdn.userway.org *.allvolleyball.com app.omappapi.com www.google.com adservice.google.com payments.amazon.com apay-us.amazon.com api.livechatinc.com cdn.userway.org *.criteo.com *.googleapis.com www.googletagmanager.com s3.amazonaws.com/cv3.customfiles/ *.allvolleyball.com static.klaviyo.com https://manage.kmail-lists.com *.heatmap.com *.websitepolicies.io *.facebook.net *.newrelic.com *.convertcart.com *.typeform.com *.attentivemobile.com *.attn.tv; default-src 'self' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com *.typeform.com; font-src 'self' allvolleyball.commercev3.com s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: use.typekit.net cdn.userway.org *.klaviyo.com *.livechatinc.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com allvolleyball.activehosted.com *.facebook.net; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.criteo.com *.criteo.net secure.livechatinc.com cdn.userway.org www.youtube.com *.google.com *.typeform.com www.googletagmanager.com secure.trust-provider.com payments.amazon.com static-na.payments-amazon.com www.augustasportswear.com *.facebook.net *.doubleclick.net *.allvolleyball.dreamhosters.com allvolleyball.dreamhosters.com *.dreamhosters.com *.issuu.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com cdn.searchspring.net cdn.userway.org images.allvolleyball.com log.pinterest.com ev2g0b.a.searchspring.io pixel.quantserve.com www.upsellit.com px.ads.linkedin.com  secure.trust-provider.com connect.facebook.net trustpulse.s3.amazonaws.com px.ads.linkedin.com a.trstplse.com  clientinstalls.s3.amazonaws.com/All+Volleyball/ d2ldlvi1yef00y.cloudfront.net trustpulse.s3.amazonaws.com *.criteo.net *.gstatic.com s3.amazonaws.com/cdn.allvolleyball.com *.linkedin.com i.ytimg.com *.google.com www.bing.com *.criteo.com *.cloudflare.com *.cloudfront.net *.convertcart.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  www.dwin1.com diffuser-cdn.app-us1.com wpcc.io assets.pinterest.com prism.app-us1.com cdn.searchspring.net a.trstplse.com a.optmnstr.com allvolleyball.postaffiliatepro.com a.optmstr.com edge.quantserve.com snap.licdn.com *.criteo.net cdn.userway.org www.googlecommerce.com www.upsellit.com apis.google.com rules.quantcount.com cdn.jsdelivr.net *.criteo.com www.intellisuggest.com cdnjs.cloudflare.com wpcc.io wp-ui.app-us1.com trackcmp.net secure.trust-provider.com secure.quantserve.com static-na.payments-amazon.com *.typeform.com *.omappapi.com app.upsellit.com d3rxaij56vjege.cloudfront.net prism.app-us1.com allvolleyball.activehosted.com www.websitepolicies.io *.googleapis.com *.google.com prism.app-us1.com static.klaviyo.com https://manage.kmail-lists.com *.heatmap.com *.websitepolicies.io *.facebook.net *.newrelic.com *.convertcart.com *.attn.tv; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  www.dwin1.com diffuser-cdn.app-us1.com wpcc.io assets.pinterest.com prism.app-us1.com cdn.searchspring.net a.trstplse.com a.optmnstr.com allvolleyball.postaffiliatepro.com a.optmstr.com edge.quantserve.com snap.licdn.com *.criteo.net cdn.userway.org www.googlecommerce.com www.upsellit.com apis.google.com rules.quantcount.com cdn.jsdelivr.net *.criteo.com www.intellisuggest.com cdnjs.cloudflare.com wpcc.io wp-ui.app-us1.com trackcmp.net secure.trust-provider.com secure.quantserve.com static-na.payments-amazon.com *.typeform.com *.omappapi.com app.upsellit.com d3rxaij56vjege.cloudfront.net prism.app-us1.com allvolleyball.activehosted.com www.websitepolicies.io *.googleapis.com *.google.com prism.app-us1.com static.klaviyo.com https://manage.kmail-lists.com *.heatmap.com *.websitepolicies.io *.facebook.net *.newrelic.com *.convertcart.com *.attn.tv; style-src 'self' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com 'unsafe-inline' 'unsafe-eval' wpcc.io ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdn.searchspring.net a.omappapi.com *.typekit.net   cdn.userway.org www.websitepolicies.io embed.typeform.com *.googleapis.com *.websitepolicies.io *.klaviyo.com *.googletagmanager.com; style-src-elem 'self' s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com 'unsafe-inline' 'unsafe-eval' wpcc.io ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdn.searchspring.net a.omappapi.com *.typekit.net   cdn.userway.org www.websitepolicies.io embed.typeform.com *.googleapis.com *.websitepolicies.io *.klaviyo.com *.googletagmanager.com; style-src-attr  'unsafe-inline' wpcc.io; media-src 'self' allvolleyball.commercev3.com s3.amazonaws.com/cdn.allvolleyball.com/ cdn.commercev3.net/cdn.allvolleyball.com/ cdn.allvolleyball.com www.bing.com cdn.livechatinc.com cdn.userway.org; 1
'self' default-src data: blob: about:; script-src 'unsafe-inline' 'unsafe-eval' 'nonce-dUFLpPHAkyzVjr014CoN'; frame-src www.google.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.dimml.io https://cdnjs.cloudflare.com https://code.highcharts.com https://player.vimeo.com/api/player.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://growcreate.co.uk; object-src 'none'; base-uri 'self'; connect-src 'self' https://growcreate.co.uk https://invessed-tracking.azurewebsites.net/api/tracker https://invessed-tracking-staging.azurewebsites.net/api/tracker https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.google.com; img-src 'self' data: https://growcreate.co.uk https://i.vimeocdn.com https://www.gravatar.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.plezi.co *.privacy-center.org *.gstatic.com *.clarity.ms *.upela.com *.google.com *.google.fr *.doubleclick.com *.doubleclick.net *.ubembed.com *.bing.com *.facebook.net *.fontawesome.com *.zoho.eu *.hotjar.com *.privacy-center.org *.licdn.com *.trustedshops.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://maillist-manage.eu https://chat-window.kmblabs.com *.sharethis.com; style-src 'report-sample' 'self' 'unsafe-inline' *.privacy-center.org *.gstatic.com *.upela.com *.google.com *.google.fr *.bing.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.privacy-center.org *.gstatic.com *.doubleclick.net *.hotjar.com *.upela.com https://www.google-analytics.com https://google.com *.google.fr *.google.com *.bing.com https://analytics.google.com *.clarity.ms https://ka-f.fontawesome.com *.userpilot.io *.kmblabs.com *.sharethis.com *.trustedshops.com https://cdn.linkedin.oribi.io wss:; font-src 'self' *.privacy-center.org *.gstatic.com *.upela.com *.google.com https://fonts.gstatic.com https://ka-f.fontawesome.com *.kmblabs.com; frame-src 'self' *.privacy-center.org *.gstatic.com *.upela.com *.google.com *.doubleclick.net *.ubembed.com *.hotjar.com https://www.youtube.com https://app.livestorm.co; img-src 'self' data: *.plezi.co *.adsymptotic.com *.bing.com *.linkedin.com *.facebook.com *.upela.com *.googletagmanager.com https://www.google-analytics.com *.clarity.ms https://widgets.trustedshops.com *.google.com *.google.fr *.kmblabs.com *.sharethis.com *.doubleclick.net *.googleadservices.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: w3.org/svg/2000 *.epd.gov.hk *.enb.gov.hk *.youtube.com youtu.be *.addthis.com *.moatads.com www.gov.hk *.search.gov.hk *.recaptcha.net *.google.com *.google.com.hk *.gstatic.com www.wastereduction.gov.hk *.jsdelivr.net *.cloudflare.com unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: w3.org/svg/2000 *.epd.gov.hk *.enb.gov.hk *.youtube.com youtu.be *.addthis.com *.moatads.com www.gov.hk *.search.gov.hk *.recaptcha.net *.google.com *.google.com.hk *.gstatic.com www.wastereduction.gov.hk *.jsdelivr.net *.cloudflare.com unpkg.com; frame-src 'self' data: w3.org/svg/2000 *.epd.gov.hk *.enb.gov.hk *.youtube.com youtu.be *.addthis.com *.moatads.com www.gov.hk *.search.gov.hk *.recaptcha.net *.google.com *.google.com.hk *.gstatic.com www.wastereduction.gov.hk *.jsdelivr.net *.cloudflare.com unpkg.com; frame-ancestors 'self' data: w3.org/svg/2000 *.epd.gov.hk *.enb.gov.hk *.youtube.com youtu.be *.addthis.com *.moatads.com www.gov.hk *.search.gov.hk *.recaptcha.net *.google.com *.google.com.hk *.gstatic.com www.wastereduction.gov.hk *.jsdelivr.net *.cloudflare.com unpkg.com 1
frame-ancestors 'self' https://www.jobs.ch https://ictjobs.ch https://itjobs.ch https://www.pharmapro.ch https://medienjobs.ch https://www.jobbern.ch https://www.jobmittelland.ch https://software-job.ch https://versicherungsjobs-schweiz.ch https://emploi-bancassurance.ch/ https://finews.jobportal.jobchannel.ch/ https://investrends.jobportal.jobchannel.ch/ https://vfcmschweiz.jobportal.jobchannel.ch/ https://kv-stelle.ch/ https://verwaltungs-jobs.ch/ https://emploi-administration.ch/ https://emploi-commercial.ch/ https://buchhalter-jobs.ch/ https://controller-job.ch/ https://finanz-job.ch/ https://data-jobs.ch/ https://crypto-jobs.ch/ https://it-jobs-switzerland.ch/ https://it-security-jobs.ch/ https://java-jobs.ch/ https://software-job.ch/ https://systemingenieur-jobs.ch/ https://emploi-it.ch/ https://projektmanager-jobs.ch/ https://marketing-job.ch/ https://onlinemarketing-stellen.ch/ https://aerzte-jobs.ch/ https://mpa-jobs.ch/ https://pflege-berufe.ch/ https://therapie-jobs.ch/ https://emploi-infirmier.ch/ https://emploi-medecine.ch/ https://business-analyst-jobs.ch/ https://juristen-jobs.ch/ https://treuhand-job.ch/ https://call-center-jobs.ch/ https://kundenberater-jobs.ch/ https://zuercher-jobs.ch/ https://zentralschweiz-jobs.ch/ https://emplois-fribourg.ch/ https://emplois-neuchatel.ch/ https://emplois-vaud.ch/ https://jura-emplois.ch/ https://solothurn-jobs.ch/ https://www.100000jobs.ch/ https://home-office-stellen.ch/ https://www.teilzeitkarriere.ch/ https://www.jobup.ch/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-FbS4WrxB6YRtFjVPbzjbtK4guoxhfUkdiyDqrURsTkVzk14i' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' matomo-test.open-e.com 'unsafe-eval' 'unsafe-inline' test-matomo-cl.open-e.com www.google.com www.google-analytics.com www.googletagmanager.com *.livechatinc.com www.gstatic.com *.addthis.com m.addthisedge.com www.linkedin.com *.facebook.com connect.facebook.net cdnjs.cloudflare.com maps.google.com maps.googleapis.com v1.addthisedge.com use.edgefonts.net ssl.google-analytics.com *.hotjar.com *.hotjar.io snap.licdn.com www.gartner.com www.recaptcha.net; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://api-international.wardahbeauty.com https://www.facebook.com https://z-m-graph.facebook.com https://plugins.makeupar.com https://plugins-media.makeupar.com https://web.facebook.com https://z-p3-graph.facebook.com https://graph.facebook.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com webpack://* data: https://plugins-media.makeupar.com https://cdnjs.cloudflare.com; frame-src accounts.google.com https://demo-app.test.skintelligentlab.com https://app.prod.skintelligentlab.com; img-src 'self' https://api-international.wardahbeauty.com  data: blob: https://fonts.gstatic.com https://www.googletagmanager.com https://wonderly-testing.s3.ap-southeast-3.amazonaws.com https://wardah-international-staging.s3.ap-southeast-1.amazonaws.com https://wardah-international-production.s3.ap-southeast-1.amazonaws.com/ https://web.facebook.com; manifest-src 'self'; media-src 'self' ; object-src data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com accounts.google.com/gsi/client connect.facebook.net/en_US/sdk.js accounts.google.com/gsi/style https://plugins-media.makeupar.com https://demo-app.test.skintelligentlab.com https://app.prod.skintelligentlab.com; style-src 'self' fonts.googleapis.com accounts.google.com/gsi/style 'unsafe-inline' https://www.googletagmanager.com/debug/badge.css https://googletagmanager.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-BkEAv6bBTJ1maug4JGfFLQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' https://*.risevision.com; 1
child-src blob: *.vimeo.com *.vimeocdn.com www.youtube.com; connect-src 'self' *.akamaized.net *.doubleclick.net *.facebook.com *.facebook.net *.global.commerce-connector.com *.google.com *.hs-analytics.net *.hs-scripts.com *.hubspot.com *.licdn.com *.linkedin.com *.sentry.io *.vimeo.com *.vimeocdn.com api.hubapi.com consentcdn.cookiebot.com heatmaps.monsido.com https://toolbox.danthermgroup.com maps.googleapis.com region1.google-analytics.com sentry.io www.google-analytics.com; default-src 'self'; font-src data: 'self' *.global.commerce-connector.com fonts.gstatic.com; form-action 'self' *.facebook.com *.facebook.net; frame-src 'self' *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googletagmanager.com consentcdn.cookiebot.com player.vimeo.com www.youtube.com; img-src blob: data: 'self' *.doubleclick.net *.facebook.com *.facebook.net *.ggpht.com *.global.commerce-connector.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.licdn.com *.linkedin.com *.siteimproveanalytics.io *.ui-avatars.com csi.gstatic.com developers.google.com forms.hsforms.com https://www.danthermgroup.com i.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com ratinglogo.bisnode.com shoplogos.commerce-connector.de stats.g.doubleclick.net tracking.monsido.com www.google-analytics.com; media-src blob: *.akamaized.net *.vimeo.com *.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflareinsights.com *.doubleclick.net *.facebook.com *.facebook.net *.global.commerce-connector.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com *.hs-analytics.net *.hs-scripts.com *.hubspot.com *.licdn.com *.linkedin.com *.sentry-cdn.com *.sentry.io *.vimeo.com *.vimeocdn.com ajax.cloudflare.com app-script.monsido.com consent.cookiebot.com consentcdn.cookiebot.com heatmaps.monsido.com https://polyfill.io js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net maps.googleapis.com sentry.io siteimproveanalytics.com stats.g.doubleclick.net unpkg.com www.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.global.commerce-connector.com *.google.com *.vimeocdn.com fonts.googleapis.com; worker-src blob: 'self'; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' *.europassitalian.com *.teacheracademy.eu; frame-src *.europassitalian.com *.teacheracademy.eu *.livechatinc.com *.google.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' hm.baidu.com www.google-analytics.com https://s3-bucket01-ultd.s3.ap-southeast-1.amazonaws.com/ maps.googleapis.com maps.googleapi.com https://webmedia.nwd.com.hk https://webmediauat.nwd.com.hk www.googletagmanager.com;   script-src-elem 'self' 'unsafe-inline' www.google-analytics.com webmedia.nwd.com.hk webmediauat.nwd.com.hk hm.baidu.com www.googletagmanager.com s3-bucket01-ultd.s3.ap-southeast-1.amazonaws.com;   font-src https: data: 'self' https://use.typekit.net/;   connect-src 'self' https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://viewlicense.adobe.io https://www.facebook.com/ https://region1.analytics.google.com/ maps.googleapis.com;   img-src 'self' https://s3-bucket01-ultd.s3.ap-southeast-1.amazonaws.com webmediauat.nwd.com.hk webmedia.nwd.com.hk maps.gstatic.com maps.googleapis.com data:;   style-src 'self' 'unsafe-inline' fonts.googleapis.com;   frame-src 'self' http://quote.tonghaiir.com/ https://wwwlegacy.nwd.com.hk/ www.facebook.com; 1
upgrade-insecure-requests;style-src 'self' 'nonce-bnPBR7Ypm4T1gGx';font-src 'self';script-src 'self' 'nonce-bnPBR7Ypm4T1gGx' ;connect-src 'self' https://nerdcore.social wss://nerdcore.social;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
frame-ancestors 'self' https://huaweiiranofficial.com 1
frame-ancestors 'self' https://*.comdinheiro.com.br https://*.gstatic.com; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src * ws: wss:; 1
default-src 'self' *.ondonnedesnouvelles.com s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com ondonnedesnouvelles.blob.core.windows.net *.s3.ondonnedesnouvelles.com balthazar.diedm.fr;worker-src 'self' blob:;media-src 'self' s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com ondonnedesnouvelles.blob.core.windows.net *.s3.ondonnedesnouvelles.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;img-src 'self' data: blob: *.ondonnedesnouvelles.com s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com ondonnedesnouvelles.blob.core.windows.net *.s3.ondonnedesnouvelles.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;frame-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;child-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;base-uri 'none';object-src 'none';style-src 'self' 'unsafe-inline' s1.ondonnedesnouvelles.com balthazar.diedm.fr;script-src 'self' 'unsafe-inline' 'unsafe-eval' s1.ondonnedesnouvelles.com balthazar.diedm.fr;font-src 'self' data: fonts.googleapis.com s1.ondonnedesnouvelles.com 1
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://*.livechatinc.com https://*.facebook.net 'self' 'unsafe-inline'; style-src https://www.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://td.doubleclick.net https://*.livechatinc.com https://www.facebook.com/; img-src https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ua https://*.google.nl https://ssl.gstatic.com https://www.gstatic.com https://*.livechatinc.com https://www.facebook.com 'self' https://warehouse.ladyboom.ua data:; connect-src https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ua https://*.google.nl https://*.livechatinc.com https://www.facebook.com 'self' https://warehouse.ladyboom.ua; font-src https://fonts.gstatic.com data: https://*.livechatinc.com 'self'; media-src https://*.livechatinc.com 'self' https://warehouse.ladyboom.ua data:; default-src 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adroll.com https://*.afterpay.com https://*.braintree-api.com https://*.braintreegateway.com https://chimpstatic.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.dca0.com https://*.dinkleboo.com https://photocreate.dinkleboo.com:8734 https://photocreate.dinkleboo.com:8736 https://*.doubleclick.net https://*.ewaypayments.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.gettyimages.com https://*.google.com https://*.google.com.au https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://ajax.googleapis.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://www.instagram.com https://ssl.kaptcha.com https://*.livechatinc.com https://*.paypal.com https://www.paypalobjects.com https://*.pinimg.com https://*.pinterest.ca https://*.pinterest.com https://*.pinterest.com.au https://*.pinterest.co.uk https://*.pinterest.fr https://*.pinterest.ie https://*.pinterest.it https://*.pinterest.nz https://sc-static.net https://*.secure-afterpay.com.au https://*.snapchat.com https://analytics.tiktok.com https://*.trustpilot.com https://*.zdassets.com https://*.zdusercontent.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://challenges.cloudflare.com ; frame-ancestors https://*.dinkleboo.com ; img-src 'self' https: data: blob: ; object-src 'none' ; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://code.jquery.com ; font-src 'self' https://stackpath.bootstrapcdn.com https://fonts.gstatic.com ; report-to default ; report-uri https://fdc125a3b2659642874fdf272105d190.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com applepay.cdn-apple.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.worldpay.com *.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.worldpay.com *.facebook.com https://pay.google.com https://secure-test.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.dunkin.co.uk www.facebook.com *.google-analytics.com *.analytics.google.com *.cloudflare.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.appboycdn.com *.googleapis.com *.cloudfront.net payments.worldpay.com *.hotjar.com *.hotjar.io connect.facebook.net https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jsdelivr.net *.googleapis.com fonts.gstatic.com *.fontawesome.com *.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ideal-postcodes.co.uk sdk.iad-01.braze.com sdk.iad-02.braze.com sdk.iad-03.braze.com sdk.iad-04.braze.com sdk.iad-05.braze.com sdk.iad-06.braze.com sdk.iad-07.braze.com sdk.iad-08.braze.com sdk.fra-01.braze.eu sdk.fra-02.braze.eu *.googleapis.com google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://static.payzen.eu/static/ *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://app.goodays.co https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * maps.google.com maps.googleapis.com critizr.com data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://bat.bing.com https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://c.clarity.ms/c.gif https://px.ads.linkedin.com https://try.abtasty.com https://teddytor.abtasty.com https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ *.google.com *.mageside.com mageside.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.tile.openstreetmap.org *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com appsdev.agapes.fr *.agapes.fr blob: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://partner.flunch-traiteur.fr https://events.sk.ht/flunchtraiteur https://events.sk.ht/flunchtraiteur/lib.js https://bat.bing.com https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://www.clarity.ms/ https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.google.com *.gstatic.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.google.com static.axept.io static.critizr.com secure.authorize.net test.authorize.net data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://cdn.goodays.co https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://static.payzen.eu/static/ unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com static.critizr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com maps.googleapis.com maps.google.com client.axept.io ekr.zdassets.com t.elasticsuite.io data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';script-src https: 'unsafe-inline' 'unsafe-eval';object-src 'none'; connect-src https: wss: data: 'unsafe-inline' blob: javascript:; media-src https: data: 'unsafe-inline' blob:; child-src https: blob:; form-action *; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-DoKhsD5VviQ3Q7W108EcL0QoBNlVgFqfAAQFAzQnKTPz-rSS4iCkfYYInk3XZCd7' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.google.dk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.dk https://m.myprotein.dk https://checkout.myprotein.dk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors self *.noqodi.com *.dubailand.gov.ae *.dubaistore.com *.emaratech.ae *.gdrfad.gov.ae  https://www.mznboutique.com https://dashboard01.mznboutique.com  http://mzn-develop.tradinos.com *.crowdmarket.ae https://crowdmarket.ae https://cmsprime.com https://www.cmsprime.co  https://www.Elzit.com https://www.Elzit.net https://www.Smartgators.com https://www.Smartgators.pk https://www.Quanticco.com https://www.helpwithdebt.ae https://mobseva.com https://www.filpera.com https://www.zajel.com https://www.elzit.com http://staging.deliveritapp-apis.com http://deliveritapp-apis.com http://www.ifalcons.com https://pharmacourses.ae http://dairyondemand.com  https://www.scentube.ae https://www.focaltutor.com https://www.helpwithdebt.ae https://www.helpwithfinance.ae https://cjcmarketsglobal.com https://www.pallapay.com https://www.najmatalfa.com http://heattransfer.com https://www.tezkar.ae https://www.heattransfer.com https://www.meezzaa.com https://meezzaa.com https://revivemarketplace.app https://emplojo.com https://alnaqsh.co https://akwaababites.com https://www.uaeaf.ae 1
block-all-mixed-content; frame-ancestors *.oculosmeninaflor.com.br 1
frame-ancestors https://trustseal.enamad.ir; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://www.google-analytics.com http://192.168.1.24:8080 http://192.168.2.20:8080  http://192.168.1.153:8080 http://api.geonames.org/timezoneJSON 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://dkstatics-public.digikala.com https://dkstatics-public-2.digikala.com https://dkstatics-public-3.digikala.com  https://img.filmkala.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://firebase.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://ajax.googleapis.com https://gstatic.com https://www.gstatic.com *.google-analytics.com https://maxst.icons8.com https://use.fontawesome.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://fcmregistrations.googleapis.com https://code.jquery.com https://polyfill.io https://www.googleapis.com https://apis.google.com https://hominextcom.firebaseapp.com https://securetoken.googleapis.com https://www.google.com https://www.digikala.com https://accounts.google.com https://trustseal.enamad.ir; 1
frame-ancestors amatic365.com www.amatic365.com slotsx.org www.slotsx.org; 1
frame-ancestors 'self' https://help.bikester.it https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self';base-uri 'none';object-src 'none';frame-ancestors *.fg.cz *.cpp.cz;img-src 'self' wss://kc-aibotp.vig.cz wss://kc-aibott.vig.cz kc-aibotp.vig.cz kc-aibott.vig.cz data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.mapy.cz https://ipccchat-cpp.vig.cz https://ipccchat-testcpp2.vig.cz https://c.seznam.cz https://i.cerebroad.com https://recaptcha.net http://cdn.jsdelivr.net https://www.facebook.com;script-src 'self' wss://kc-aibotp.vig.cz wss://kc-aibott.vig.cz kc-aibotp.vig.cz kc-aibott.vig.cz https://stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com www.googletagmanager.com www.google-analytics.com https://c.seznam.cz https://www.gstatic.com https://recaptcha.net *.mapy.cz https://ipccchat-cpp.vig.cz https://ipccchat-testcpp2.vig.cz https://cdn.cerebroad.com https://i.cerebroad.com https://c.imedia.cz https://s2.adform.net https://track.adform.net https://www.googleadservices.com https://tags.crwdcntrl.net https://googleads.g.doubleclick.net 'unsafe-eval' 'unsafe-inline' http://cdn.jsdelivr.net *.smartlook.com *.smartlook.cloud https://connect.facebook.net;font-src 'self' *.mapy.cz fonts.googleapis.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' *.mapy.cz fonts.googleapis.com http://cdn.jsdelivr.net;frame-src 'self' *.mapy.cz *.cpp.cz embeds.audioboom.com/ *.vimeo.com/ 'unsafe-inline' fonts.googleapis.com www.youtube.com www.youtube-nocookie.com recaptcha.net www.gstatic.com cdn.jsdelivr.net https://cpp.infolinky.textcom.cz/ https://www.facebook.com www.google.com;connect-src 'self' wss://kc-aibotp.vig.cz wss://kc-aibott.vig.cz kc-aibotp.vig.cz kc-aibott.vig.cz *.google.com *.google-analytics.com googleads.g.doubleclick.net *.vig.cz wss://ipccchat-cpp.vig.cz wss://ipccchat-testcpp2.vig.cz stats.g.doubleclick.net *.mapy.cz *.cpp.cz *.smartlook.com *.smartlook.cloud https://pagead2.googlesyndication.com https://www.facebook.com 1
default-src 'self' *.constantcontact.com *.bootstrapcdn.com *.ctctcdn.com fast.fonts.net *.libcdn.com *.google-analytics.com *.youtube.com *.stripe.com *.stripe.network *.rhd.org *.googleapis.com *.google.com *.linkedin.oribi.io *.feathr.co airtable.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.stripe.com *.stripe.network *.licdn.com *.ctctcdn.com *.conveythis.com *.googleapis.com *.cloudflare.com *.feathr.co connect.facebook.net *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.youtube.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.ctctcdn.com fast.fonts.net *.libcdn.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com; img-src 'self' 'unsafe-inline' data: *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.gravatar.com *.ytimg.com *.gstatic.com *.conveythis.com *.linkedin.com *.feathr.co *.adsrvr.org *.facebook.com *.googletagmanager.com *.doubleclick.net *.google.com *.clarity.ms *.bing.com; connect-src *.linkedin.com *.googleapis.com *.google.com *.clarity.ms *.feathr.co *.ctctcdn.com *.google-analytics.com *.doubleclick.net *.stripe.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com fonts.gstatic.com fast.fonts.net *.libcdn.com; frame-src *.doubleclick.net *.google.com airtable.com *.rhd.org *.stripe.com *.youtube.com *.wnep.com; worker-src 'self' 'unsafe-inline' blob: rhd.org *.rhd.org 1
default-src 'self' pluga.co *.pluga.co; script-src 'self' pluga.co *.pluga.co *.google.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.cloudflare.com connect.facebook.net static.zdassets.com *.getsitecontrol.com snap.licdn.com d335luupugsy2.cloudfront.net *.getbeamer.com embed.typeform.com cdn.optimizely.com widget-mediator.zopim.com unpkg.com *.clarity.ms iugu.com *.iugu.com *.usetiful.com tally.so cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' pluga.co *.pluga.co *.google.com.br *.gstatic.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com *.facebook.com connect.facebook.net *.webflow.com *.getbeamer.com cdn.usetiful.com *.zopim.io data:; connect-src 'self' pluga.co *.pluga.co *.google.com *.google.com.br *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com pluga.zendesk.com *.firebaseio.com *.rdstation.com.br ekr.zdassets.com cdn.optimizely.com *.clarity.ms iugu.com *.iugu.com *.getbeamer.com widget-mediator.zopim.com viacep.com.br cdn.linkedin.oribi.io *.ads.linkedin.com *.usetiful.com gtm-53rngzh2-mwzln.uc.r.appspot.com api-js.mixpanel.com ws:; style-src 'self' pluga.co *.pluga.co *.gstatic.com fonts.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.getbeamer.com embed.typeform.com *.usetiful.com 'unsafe-inline'; font-src 'self' pluga.co *.pluga.co *.gstatic.com app.getbeamer.com maxcdn.bootstrapcdn.com data:; media-src 'self' pluga.co *.pluga.co static.zdassets.com; frame-src 'self' assets.pluga.co widget.pluga.co *.google.com *.youtube.com *.facebook.com *.getbeamer.com form.typeform.com www.loom.com challenges.cloudflare.com tally.so; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com/ https://sdk.privacy-center.org/ http://js.hs-scripts.com/7025055.js https://js.usemessages.com/ https://tagmanager.google.com/ 'sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw=' 'sha256-/ib1Jy0M7emR/IxUwuaaQSZ8ewTmigh5QNUNb6KH2AE=' 'sha256-mNdvWXrYGgGvDl3bQDR2x+lTSSjodOm1Hs1GxZPzXgk=' 'sha256-NGjKMRFc68GZ1BWJTQVH6+je04moP8wvv7WRgUSJJYI=' 'sha256-sEZQYKudFTMxg0otI/olH3WH5qO6KEwdOU0BSkif3xg=' 'sha256-96ht1sWdUVkrglzfMRivUYUnFdhDGFr6nQzKlYMoJcA=' 'sha256-dV8YVPH+OaFT+n5Ym1DkU3C92WJ3XNk2p2DoryuM2A4=' 'sha256-/4uos7zTJ2Od7fXXr6uFgyEP/RUdfavzbWtlLOOuKc8=' 'sha256-fEkeJ6kv9uUdoQa/hgWBPFKQFbx6kYOqtkgfBqfn9ek=' 'sha256-jdiznyiQC6hl0PHKlPZaeXILv8NlDxKQ/QDw1GKtrPQ=' 'sha256-+hmOJMDVS5jon79DrPDKqo53j5g+x4rPVMLk1uP07vk=' 'sha256-jLvg97UO1NP+0Sci0zkpasz3EdLDpPoP8Bk7UlYTAAI=' 'sha256-A8uaECP46AUCF2fSrFTBMsV1Jzs7LlgmXpJZifrIpyA=' 'sha256-Bh+asGS3qpwQ9Xegeh/Xz7ChV0Lthk/4V2jaj9tu74w=' 'sha256-Iva4zA7qC+aqFd4IMMZmFB7gElFETQIC16/5GYA2hoc=' 'sha256-ictfkX29pW519xzb9/I1wshRiXDiQ3YUTZYVy1TBzuU=' 'sha256-uZ3VMvfk/pIDMtZ0az75Yb0Y0wn0bTDRdVz4L8sn8pI=' 'sha256-L79QSvY0lQ+WRwf4+ccv01pwDOcPgbBf6bxBl2czIf0=' 'sha256-1vcRs7/UDO/0w4nP2lJpEa5iOM+tdo27o1ElyP3Qvb8=' 'sha256-LjG7EOjisUMjsh27LS0s5Z93HK6u0S+Qf6bT4O6Xd/E=' 'sha256-JweYcylwpq5aqcMHsWOoLBbtLmq9CCN2Qh8A/qp0h8Q=' 'sha256-uZ/k27TU1GwwIzMBuef8ZKbmBhcr/LlCZ98MqB15tfI=' 'sha256-0UsPMfr9EWx6Ty0JASMOHZsAGxBVQ6VXUzduIgFrNIs=' 'sha256-+9gca7QCFHGMKjN2HQ7cciJigXqsPz0rH30hTvMQqz4=' 'sha256-FH5nbLyavF2AVeo1NWDQrLo34La2ymj36zpyi2LU1OQ=' 'sha256-Suqq5deHYseEo9Ry1Qc4R6Y5SxwWh0tVEGcm7Kfz2K8=' 'sha256-svMoMQV7IiVhVp8Blx34SaiifSWrIj+fb3+EkCVa1HI=' 'sha256-5yBeQmFNDRcEJOCuSWl8hJAtG+QckX57ZR6Wfif5gK0=' https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://maps.google.fr/maps/api/js https://*.payline.com/ https://www.amcharts.com/lib/3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://pixel.cdnwidget.com/cdn/c.min.js https://www.chapoutier.com/ 'nonce-13e881f895cfe3c97bbba724c3ee09a9' 'nonce-e7a47bedb90e02204a3123b20fb9018f' 'nonce-3cc4deff1ee9c65014d567c2c5dc5345' 'nonce-a9f642be9c8f5ccd5ab42f157ae18c5f' 'nonce-83d5bd861827264ba661b97d64491517' 'nonce-496d158ee648e1cceb946aa74be712de' 'nonce-9903d3a03d88a4af65cc1172428af273' 'nonce-9e438d8a7b036ea9b8d4375377d47e1a' 'nonce-84fa0b8c9d7da99d162659e11c5e4028'; style-src 'self' https://www.chapoutier.com/ 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://*.payline.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/; font-src 'self' https://www.chapoutier.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://*.payline.com/; frame-src 'self' http://*.youtube.com/ https://*.youtube.com/ https://chapoutier.mappavini.com/ https://talents.elsatis.fr/ https://*.google.com/ https://*.hubspot.com/ https://*.facebook.com/ https://*.payline.com/ https://td.doubleclick.net/; connect-src 'self' https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://forms.hscollectedforms.net/ https://region1.analytics.google.com/ https://maps.googleapis.com/ https://*.payline.com/ https://*.hubspot.com/ https://api.privacy-center.org/; img-src 'self' data: https://www.google.fr/ads/ga-audiences https://forms.hsforms.com/ https://track.hubspot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://track.hubspot.com/ https://forms.hsforms.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google.com/pagead/ https://*.gstatic.com/ https://maps.google.fr/ https://www.facebook.com/tr/ https://i.ytimg.com/ https://www.google.fr/pagead/ https://www.google.com/ads/ https://homologation-payment.cdn.payline.com/ https://www.amcharts.com/lib/3/images/ https://www.facebook.com/privacy_sandbox/pixel/ https://www.chapoutier.com/; 1
default-src 'self'; child-src https://flickrembed.com https://maps.google.com https://www.google.com https://connect.facebook.net https://www.youtube.com ; script-src 'self' https://oss.maxcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://stackpath.bootstrapcdn.com https://fonts.gstatic.com; frame-ancestors ; form-action 'self'; base-uri 'self';  object-src;  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://front-end.social; img-src 'self' https: data: blob: https://front-end.social; style-src 'self' https://front-end.social 'nonce-2n6jwDqeh5bVNiW751C+Yw=='; media-src 'self' https: data: https://front-end.social; frame-src 'self' https:; manifest-src 'self' https://front-end.social; form-action 'self'; child-src 'self' blob: https://front-end.social; worker-src 'self' blob: https://front-end.social; connect-src 'self' data: blob: https://front-end.social https://cdn.masto.host wss://front-end.social; script-src 'self' https://front-end.social 'wasm-unsafe-eval' 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.chatsexyonline.com:9080 www.chatsexyonline.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.chatsexyonline.com wss://www.chatsexyonline.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705973115 1
frame-ancestors 'self' https://forms.unibe.edu.do/ 1
default-src 'self' *.hotjar.com *.hotjar.io fonts.gstatic.com; frame-src 'self' form.socialboards.com *.cookiebot.com *.hotjar.com *.hotjar.io youtube.com www.youtube.com youtu.be *.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src *.skyra.no stm.patentstyret.no *.cookiebot.com analytics.google.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net 'self' *.google-analytics.com wss://www.patentstyret.no; script-src  *.googletagmanager.com *.skyra.no *.cookiebot.com 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com *.google.com *.gstatic.com *.hotjar.com *.hotjar.io s.usea01.idio.episerver.net stm.patentstyret.no *.google-analytics.com; img-src 'self' data: *.google-analytics.com *.google.com *.google.no 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; img-src data: blob: 'self' a.tile.openstreetmap.de; font-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com; connect-src 'self'; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://matsci.org/logs/ https://matsci.org/sidekiq/ https://matsci.org/mini-profiler-resources/ https://matsci.org/assets/ https://matsci.org/brotli_asset/ https://matsci.org/extra-locales/ https://matsci.org/highlight-js/ https://matsci.org/javascripts/ https://matsci.org/plugins/ https://matsci.org/theme-javascripts/ https://matsci.org/svg-sprite/ 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY='; worker-src 'self' https://matsci.org/assets/ https://matsci.org/brotli_asset/ https://matsci.org/javascripts/ https://matsci.org/plugins/; frame-ancestors 'self' https://kimreview.org; manifest-src 'self' 1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.0/owl.carousel.min.js https://*.jsdelivr.net https://*.fontawesome.com/ https://www.paypalobjects.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.isotope/2.2.0/isotope.pkgd.js https://*.jquery.com/ https://rms.ups.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.js https://www.paypal.com/ https://*.cloudflare.com/ https://cdn.solar-guitars.com/; img-src 'self' data: https://www.paypalobjects.com/ http://maps.google.com/ https://www.paypal.com/ https://cdn.solar-guitars.com/; object-src 'self' data: https://*.paypal.com/ https://cdn.solar-guitars.com/; frame-src 'self' data: https://*.paypal.com/ https://cdn.solar-guitars.com/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-pkT98wJ6M2mpOpPKIn25aQTo8RVOUBDUaoKS9i/VEDm/ZW3d' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors default-src 'self' https://ikiss.intra.leonberg.de/; 1
img-src 'self' data: cdn.sanity.io *.googleusercontent.com vercel.com; object-src data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live *.googletagmanager.com; frame-ancestors 'self' https://itbolaget.ax; 1
default-src 'self'; connect-src 'self' chat.ace.teliacompany.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ta-survey-v2.herokuapp.com *.azureedge.net cdn.testgjensidige.no cdn.gjensidige.no stats.g.doubleclick.net www.google-analytics.com data.brreg.no nasa.nd.test.nordea.com test1.mistral.mistralnett.com gjensidigecol.cjteradata.com *.ace.teliacompany.com api.bring.com www.googletagmanager.com connect.facebook.net adsby.bidtheatre.com cdn.adt356.com cnv.adt632.com gjensidige.containers.piwik.pro gjensidige.piwik.pro; img-src 'self' data: collect.tealiumiq.com *.gjensidige.io *.cloudfront.net my.tealiumiq.com www.google.se adsby.bidtheatre.com mkt.dep-x.com emailsignature.trustpilot.com *.hotjar.com *.hotjar.io www.webatlas.no *.azureedge.net cdn.testgjensidige.no cdn.gjensidige.no www.gstatic.com wds.ace.teliacompany.com www.google-analytics.com *.doubleclick.net www.google.com www.google.no www.facebook.com log.adtraction.fail pixel.quantserve.com; font-src 'self' data: *.azureedge.net cdn.testgjensidige.no cdn.gjensidige.no *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' *.azureedge.net cdn.testgjensidige.no cdn.gjensidige.no optimize.google.com fonts.googleapis.com; frame-src 'self' tbs.tradedoubler.com *.hotjar.com *.hotjar.io gjensidige.mynewsdesk.com optimize.google.com wds.ace.teliacompany.com *.fls.doubleclick.net csfe.bankid.no applet.danid.dk preprod.signicat.com signicat.gjensidige.no *.dep-x.com lt.morningstar.com www.youtube.com widget.trustpilot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' my.tealiumiq.com *.hotjar.com *.hotjar.io *.azureedge.net cdn.testgjensidige.no widget.trustpilot.com cdn.gjensidige.no preprod.signicat.com signicat.gjensidige.no tdg-shared-test-cdnep.azureedge.net *.callguide.telia.com *.teliacompany.com bankid.no csfe.bankid.no signicat.com id.signicat.com danid.dk applet.danid.dk tiqcdn.com tags.tiqcdn.com *.signicat.com www.googleadservices.com google-analytics.com www.google-analytics.com *.dep-x.com *.godtforberedt.no *.folkforklarer.no *.opplevelseskalkulatoren.no *.hurryharry.no *.roykvarslerdagen.no *.sikkerhetsbutikken.no cjteradata.com gjensidigecol.cjteradata.com gjensidigecol.cjteradata.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.no *.googleadservices.com *.googletagmanager.com *.siteimproveanalytics.com *.siteimprove.com *.taskanalytics.com www.googletagmanager.com connect.facebook.net adsby.bidtheatre.com cdn.adt356.com; script-src-elem 'self' 'unsafe-inline' optimize.google.com my.tealiumiq.com *.hotjar.com mkt.dep-x.com cdn.dep-x.com widget.trustpilot.com www.googleadservices.com www.googletagmanager.com connect.facebook.net *.azureedge.net cdn.testgjensidige.no cdn.gjensidige.no gjensidigecol.cjteradata.com wds.ace.teliacompany.com tags.tiqcdn.com in.taskanalytics.com www.google-analytics.com cdn.adt356.com track.adtraction.com secure.quantserve.com rules.quantcount.com gjensidige.piwik.pro googleads.g.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://drift.skb.net https://park.skb.net https://pen.skb.net https://tri.skb.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; frame-src 'self' https://park.skb.net https://pen.skb.net https://aweucn1.advanced-web-analytics.com https://www.skb.si; font-src fonts.gstatic.com data:; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; report-uri /report/send; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://tooter.in; img-src 'self' https: data: blob: https://tooter.in; style-src 'self' 'unsafe-inline' https://tooter.in; media-src 'self' https: data: https://tooter.in; frame-src 'self' https:; manifest-src 'self' https://tooter.in; connect-src 'self' blob: https://tooter.in wss://tooter.in https://*.gab.com https://api.tenor.com; script-src 'self' https://tooter.in https://*.gab.com 1
default-src 'none'; font-src 'self'; img-src 'self'; media-src 'self' data:; script-src 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; base-uri 'self'; form-action 'none' 1
frame-src *.implantdirect.com *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com widgets.jotform.io submit.jotform.io *.jotform.io *.jotform.us *.jotform.com secure.livechatinc.com youtu.be youtube.com www.youtube.com *.qualtrics.com td.doubleclick.net; report-uri /report-csp-violation 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles genosgarage.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com s3-us-west-2.amazonaws.com rum-e894cb9f-d026-4e2f-acde-38c8c01d5a5c.rapidspike.com *.addthis.com; default-src 'self' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' genosgarage.commercev3.com s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.addthis.com www.youtube.com player.vimeo.com www.instagram.com www.trustlogo.com www.trustedsite.com secure.trust-provider.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com cdn.ywxi.net secure.trust-provider.com www.gstatic.com translate.google.com *.addthis.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com cdn.ywxi.net *.rapidspike.com js.hubspot.com z.moatads.com v1.addthisedge.com *.addthis.com secure.trust-provider.com www.trustedsite.com widgets.pinterest.com www.instagram.com cdn.ywxi.net *.rapidspike.com s7.addthis.com/js/; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com cdn.ywxi.net *.rapidspike.com js.hubspot.com z.moatads.com v1.addthisedge.com *.addthis.com secure.trust-provider.com www.trustedsite.com widgets.pinterest.com www.instagram.com cdn.ywxi.net *.rapidspike.com s7.addthis.com/js/; style-src 'self' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.googleapis.com; style-src-elem 'self' s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.googleapis.com; style-src-attr  'unsafe-inline'; media-src 'self' genosgarage.commercev3.com s3.amazonaws.com/cdn.genosgarage.com/ cdn.commercev3.net/cdn.genosgarage.com/ cdn.genosgarage.com www.bing.com; 1
frame-ancestors 'self' https://www.jobs.ch https://www.jobcloud.ch https://www.jobwinner.ch https://www.jobscout24.ch https://www.jobup.ch https://www.tobjobs.ch https://www.alpha.ch https://www.ostjobs.ch https://www.ictjobs.ch https://www.itjobs.ch; 1
default-src 'self' https://*.facebook.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.youtube-nocookie.com https://*.youtube.com https://*.matterport.com https://snazzymaps.com https://*.snazzymaps.com; block-all-mixed-content; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://*.google-analytics.com https://*.vimeocdn.com https://*.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.vimeo.com 'nonce-6BeUxWfRQZZtMNEevOT4og=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'self' ; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data:  ; block-all-mixed-content 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sauropods.win; img-src 'self' https: data: blob: https://sauropods.win; style-src 'self' https://sauropods.win 'nonce-zOSWGOwRPsDESpL2Zsq3Pg=='; media-src 'self' https: data: https://sauropods.win; frame-src 'self' https:; manifest-src 'self' https://sauropods.win; form-action 'self'; child-src 'self' blob: https://sauropods.win; worker-src 'self' blob: https://sauropods.win; connect-src 'self' data: blob: https://sauropods.win https://cdn.masto.host wss://sauropods.win; script-src 'self' https://sauropods.win 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2srrng9iqu49c&partner=; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.portoseguro.com.br https://*.typekit.net https://*.corretoronlinenoticias.com.br https://*.ytimg.com https://*.soundcloud.com https://*.cinetica.digital https://cinetica.digital:40002 https://*.cinetica.ag https://*.gstatic.com https://*.youtube.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.spotify.com https://*.jmvstream.com https://*.google.com https://instagram.fcgh8-1.fna.fbcdn.net https://code.jquery.com 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: ; style-src 'unsafe-inline' 'self' ; img-src * data: file: https: blob: ; media-src *; worker-src 'self' blob: ; frame-src * ; child-src * blob: ; connect-src 'self' data: ; report-uri ajax.php?action=uf_securitypolicyreport_save 1
frame-ancestors 'self' https://whitespot.ca https://*.whitespot.ca https://tripleos.com https://*.tripleos.com 1
img-src * data:; script-src  'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://www.googletagmanager.com/gtm.js https://bam.nr-data.net https://tagmanager.google.com/debug https://tagmanager.google.com/debug/css.css https://tagmanager.google.com/debug/angular-bundle.js https://cdn.polyfill.io/ https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com;  style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/; font-src 'self' https://fonts.gstatic.com; frame-src *; child-src 'self' https://prtest.paymentsradius.com; default-src 'self'; connect-src 'self'  https://*.radiusone.com/ https://d3ua4cgpi6lo9y.cloudfront.net https://*.highradius.com/ https://www.google-analytics.com/; frame-ancestors 'self' https://*.radiusone.com/ https://*.highradius.com/; 1
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: javascript:; report-uri /cspreport/staticyoutube 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.nrmca.org *.athenaec.com athenaec.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.fontawesome.com *.addthis.com *.moatads.com *.bugherd.com *.gstatic.com *.google-analytics.com *.google.com *.twitter.com *.twimg.com *.cloudflare.com *.facebook.net *.feathr.co tag.simpli.fi https://cdn.syndication.twimg.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.twimg.com *.twitter.com *.bootstrapcdn.com *.cloudflare.com https://cdn.syndication.twimg.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.nrmca.org *.twimg.com *.twitter.com *.gstatic.com *.feathr.co https://cdn.syndication.twimg.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.addthis.com *.google-analytics.com yoast.com api.climateearth.com *.athenaec.com *.feathr.co athenaec.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.slant.co https://cdn.syndication.twimg.com data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' https://cdn.syndication.twimg.com; frame-src 'self' https://s7.addthis.com *.google.com *.twitter.com www2.nrmca.org epdrepository.azurewebsites.net *.naylornetwork.com *.addthis.com *.videodelivery.net *.athenaec.com *.feathr.co athenaec.com *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; report-uri https://www.nrmca.org?gdsih-csp-report; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles ncs.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.yotpo.com beacon.searchspring.io 6dssd5.a.searchspring.io *.acsbapp.com; default-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' ncs.commercev3.com s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com staticw2.yotpo.com mediacdn.espssl.com acsbapp.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com p.yotpo.com seal-westernmichigan.bbb.org d3cgm8py10hi0z.cloudfront.net 6dssd5.a.searchspring.io mediacdn.espssl.com cdn-yotpo-images-production.yotpo.com www.gstatic.com/images/ cdn.searchspring.net *.acsbapp.com s3.amazonaws.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com services.listrak.com staticw2.yotpo.com cdn.searchspring.net seal-westernmichigan.bbb.org www.intellisuggest.com acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com services.listrak.com staticw2.yotpo.com cdn.searchspring.net seal-westernmichigan.bbb.org www.intellisuggest.com acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net seal-blue.bbb.org staticw2.yotpo.com mediacdn.espssl.com; style-src-elem 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net seal-blue.bbb.org staticw2.yotpo.com mediacdn.espssl.com; style-src-attr  'unsafe-inline'; media-src 'self' ncs.commercev3.com s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com www.bing.com; 1
frame-ancestors 'self' habiter-investir.icade-immobilier.com *.hint.icade.fr 1
script-src 'self' 'nonce-e4a1eedea9ce3821360235d3e39ba460' suzukiassociation.org www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com maps.googleapis.com www.google.com translate.google.com translate.googleapis.com translate-pa.googleapis.com ajax.googleapis.com www.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com accounts.google.com; style-src 'self' *.typekit.net cdnjs.cloudflare.com *.googleapis.com accounts.google.com 'unsafe-inline'; img-src 'self' data: x-raw-image mtd.org translate.google.com *.ggpht.com *.googleusercontent.com googleusercontent.com www.gravatar.com www.google.com.pr stats.g.doubleclick.net *.medium.com *.gstatic.com *.ggpht.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.googleusercontent.com www.google.com www.gravatar.com *.umbraco.org; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; connect-src 'self' mtd.org our.umbraco.com *.google.com *.ggpht.com *.googleusercontent.com googleusercontent.com www.gravatar.com *.typekit.net *.mtd.org cdnjs.cloudflare.com accounts.google.com *.gstatic.com www.google-analytics.com *.googleapis.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com www.youtube.com accounts.google.com; worker-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-popups allow-scripts allow-same-origin allow-scripts allow-top-navigation allow-presentation; base-uri https://mtd.org; manifest-src 'self'; object-src 'self'; report-uri https://ridemtd.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: blob: https://*.tzstats.com https://templewallet.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/; media-src data: filesystem: mediastream: blob: https://*.tzstats.com; connect-src 'self' data: https://*.tzpro.io https://*.tzstats.com https://*.sky.papers.tech https://*.staging.tzstats.com https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.tzstats.com; frame-ancestors 'none'; object-src 'none'; form-action 'self' https://*.tzpro.io; report-uri /csplog; 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src  'self' 'unsafe-inline' * 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.pt/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-FXrOdbwmoUdfZ+iRaeN/4VkzHOrCS58Ri6cH/clg4Vv69s3g' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; child-src 'self'; connect-src 'self' sso.sozialversicherung.at analysis.sozialversicherung.at cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at sva-chatbot-prod.azurewebsites.net svs-chatbot-prod.azurewebsites.net europe.directline.botframework.com lf.o-c.io api.o-c.io *.googleapis.com mrtctcrawler.refactory.at *.pagestrip.com pagestrip.com; font-src 'self' *.googleapis.com *.gstatic.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de data: *.pagestrip.com; frame-ancestors 'self' www.meinebvaeb.at www.meinesv.at www.meineoegk.at  *.sozialversicherung.at; frame-src 'self' cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at www.youtube-nocookie.com base.streamdiver.com www.handy-signatur.at service.a-trust.at 127.0.0.1:3496 termine.sozialversicherung.at karriere.pv.at widget.virtualq.de sso.sozialversicherung.at *.svs.at *.onlyfy.jobs esv-newsletter.connexcc-hosting.net; img-src 'self' data: analysis.sozialversicherung.at lf.o-c.io *.googleapis.com *.gstatic.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de *.pagestrip.com; manifest-src 'self'; media-src 'self' data:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' analysis.sozialversicherung.at cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at lf.o-c.io *.googleapis.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de sso.sozialversicherung.at *.onlyfy.jobs *.pagestrip.com; style-src 'unsafe-inline' 'self' lf.o-c.io *.googleapis.com *.pagestrip.com; worker-src 'self';  form-action 'self' secure-zustellung.briefbutler.at www.handy-signatur.at service.a-trust.at 127.0.0.1:3496 *.usp.gv.at *.oesterreich.gv.at  *.adressen.auva.net *.arzneidialog.at *.auva.at *.auva-b.at *.auvab.at *.auva-betreibergmbh.at *.auvagraz.at *.auva.gv.at *.auvalinz.at *.auva.or.at *.auva.org *.auvasalzburg.at *.auvasicher.at *.auv-b.at *.auvb.at *.auv-b.co.at *.auvb.co.at *.bvaeb.at *.bvaeb.sv.at *.cciv.at *.chipkarte.at *.chipkarte.gv.at *.demenz-ooe.at *.demenz-versorgung.at *.e-card.co.at *.e-card.gv.at *.ecard.gv.at *.e-card.or.at *.ecard.or.at *.efz.auva.net *.elda.at *.formulare.auva.net *.forum-gesundheit.at *.forumgesundheit.at *.forum-gesundheit.info *.forumgesundheit.info *.forum-reha.at *.gebietskrankenkasse.at *.geld.auva.net *.gesundheitskasse.at *.gesundmeldung.at *.gibacht.auva.net *.gkk.at *.gubonline.at *.hanuschhof.at *.hanusch-krankenhaus.at *.hauptstelle.auva.net *.ifgp.at *.initiative-patientensicherheit.at *.initiativepatientensicherheit.at *.kfa.co.at *.kfa-salzburg.at *.kfawien.at *.kinder-zahnpaket.at *.kinderzahnpaket.at *.klinikum-peterhof.at *.klinikumpeterhof.at *.kongresse.auva.net *.linzerheim.at *.medieninfo.auva.net *.meinebvaeb.at *.meine-gesundheit.at *.meinegesundheit.at *.meine-oegk.at *.meineoegk.at *.meinesozialversicherung.at *.meinesv.at *.meine-uv.at *.meineuv.at *.mein-uv-service.at *.oegk.at *.oegk.co.at *.oegk.or.at *.pensionsversicherung.at *.pensionsversicherungsanstalt.at *.pensionsversicherungsanstalt.gv.at *.praevention.auva.net *.publikationen.auva.net *.pva.gv.at *.pv.at *.reha-zentren.at *.rztobelbad.at *.selbstverwaltung.auva.net *.sicherheit.auva.net *.sicherheitsschulung.auva.net *.sicherlernen.auva.net *.sozialeunfallversicherung.at *.sozialversicherung.at *.sozialversicherung.co.at *.sozialversicherungen.at *.sozialversicherungen.or.at *.sozialversicherung.gv.at *.sozialversicherung.or.at *.sozvers.at *.statistik.auva.net *.sv-chipkarte.at *.sv-chipkarte.gv.at *.svdgmbh.at *.svs.at *.tisserand.at *.unfallkrankenhaus.at *.www.auva.net *.xn--gk-eka.at *.xn--gk-eka.or.at *.xn--meinegk-e1a.at *.xn--meine-gk-s4a.at  1
frame-ancestors 'self' *.blogsdeportivos.es api.blogsdeportivos.es 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' nonce-3c3f5624-0410-4562-aaea-cbf8186db7d7 http://www.google-analytics.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://api.flickr.com https://rvid.imperium.com http://rvid.imperium.com https://www.google.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://analytics.tiktok.com https://static.ads-twitter.com https://js.go2sdk.com/v2/tune.js http://pixel.mathtag.com/event/js https://surveys.relevantid.com https://rec.smartlook.com;style-src 'self' 'unsafe-inline' https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com;img-src 'self' data: https://images.pexels.com https://www.facebook.com https://www.google.co.in https://www.google.co.au https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://qnabot.com http://www.google-analytics.com https://farm9.static.flickr.com https://farm8.static.flickr.com https://stgadmin.panel-cube.com https://admin.panel-cube.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com.au http://sandbox.giftpay.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://pcqa.blob.core.windows.net https://pcstatic.blob.core.windows.net https://panel-cube.com https://www.virtualrewardcenter.com https://bgsurveys.go2cloud.org https://ssl.google-analytics.com https://pixel.mathtag.com https://designstoreage.blob.core.windows.net https://www.google.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.ionicframework.com;frame-src 'self' http://qnabot.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://portal.qnabot.com https://web.facebook.com https://www.facebook.com https://www.google.com https://magic.veriff.me https://pixel.mathtag.com https://tracking.gopsjump.com.au;frame-ancestors 'self' https://web.facebook.com; 1
default-src 'self' https://api.altrulabs.com https://c.talentplatform.us https://cdn.altrulabs.com https://cdn-us.altrulabs.com https://cdn.usefathom.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://*.juicer.io https://in.hotjar.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net https://usage.altrulabs.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; font-src 'self' data: https://cdn.altrulabs.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://*.juicer.io https://use.fontawesome.com https://intellia.wpenginepowered.com; form-action 'self'; img-src * data:; frame-src 'self' https://app.altrulabs.com https://consentcdn.cookiebot.com https://www.google.com https://intellia-therapeutics.culturehq.com https://intelliatherapeutics.phenompeople.net https://player.vimeo.com https://snazzymaps.com https://vars.hotjar.com; media-src 'self' https://anchor.fm https://cdn.altrulabs.com https://d3ctxlq1ktw2nl.cloudfront.net https://download-video.akamaized.net https://player.vimeo.com https://vod-progressive.akamaized.net https://intellia.wpenginepowered.com; object-src 'none'; script-src 'unsafe-inline' https://ajax.googleapis.com https://analytics.jibecdn.com https://*.juicer.io https://cdn.jsdelivr.net https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://cdn-bot.phenompeople.com https://code.jquery.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://d7pkvxpsevxsc.cloudfront.net https://dp3rlkyi9q6ww.cloudfront.net https://www.google-analytics.com https://kit.fontawesome.com https://script.hotjar.com https://static.hotjar.com https://widget.altrulabs.com https://intellia.wpenginepowered.com https://*.intelliatx.com https://intelliatx.com https://www.googletagmanager.com 'unsafe-eval'; style-src 'unsafe-inline' https://*.juicer.io https://cdn.jsdelivr.net https://cdn-bot.phenompeople.com https://fonts.googleapis.com https://kit.fontawesome.com https://use.fontawesome.com https://intellia.wpenginepowered.com https://*.intelliatx.com https://intelliatx.com;"; always; 1
base-uri 'self'; connect-src 'self' *.wordpress.com; default-src 'self'; font-src 'self'; frame-src 'self' *.youtube.com  *.youtube-nocookie.com *.vimeo.com *.dailymotion.com; img-src 'self' *.wp.com data: w3.org/svg/2000; manifest-src 'self'; media-src 'self' dts.podtrac.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' stats.wp.com; style-src 'self' 'unsafe-inline'; worker-src 'none'; 1
default-src www.google.com www.gstatic.com *.pendo.io pendo-static-4766602228924416.storage.googleapis.com pendo-io-static.storage.googleapis.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: *.pendo.io pendo-static-4766602228924416.storage.googleapis.com; frame-ancestors 'self' https://www.ep.com https://shop.ep.com app.pendo.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.catme.org catme.org www.google-analytics.com www.googletagmanager.com translate.googleapis.com translate.google.com www.youtube.com www.gstatic.com stats.g.doubleclick.net ; 1
connect-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src backend:3002 odiariodemogi.net.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://stats.g.doubleclick.net https://my.localina.com https://www.mylocalina.ch https://api.doctena.ch https://www.medicosearch.ch; worker-src blob:; 1
img-src data: https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://*.inviewer.se/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://webanalytics.inera.se/ 'report-sample' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-fXAvihdjkmVXEHsm1CI8ygBuouJ6u4sNxDVCM3LHGRE=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; style-src-elem 'report-sample' 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; manifest-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; report-uri https://www.vardhandboken.se/api/v1/csp/report; font-src data: 'self'; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
default-src 'self' https://editorajbc.com.br https://*.editorajbc.com.br https://jbchost.com.br https://*.jbchost.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com; script-src 'self' https://editorajbc.com.br https://*.editorajbc.com.br https://jbchost.com.br https://*.jbchost.com.br https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.google.com https://*.googleapis.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src 'self'; style-src * 'unsafe-inline' data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com data:; frame-src *; connect-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.clarity.ms; object-src 'none'; frame-ancestors https://editorajbc.com.br https://*.jbchost.com.br https://*.ohmina.com.br https://*.madeinjapan.com.br; 1
upgrade-insecure-requests;script-src 'self';connect-src 'self' blob: https://stereophonic.space wss://stereophonic.space;media-src 'self' https://stereophonic.space;img-src 'self' data: blob: https://stereophonic.space;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; form-action 'none'; frame-ancestors 'self' 1
default-src 'self' data: gap: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: gap: blob: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js.callrail.com http://js.callrail.com https://connect.facebook.net http://connect.facebook.net https://cdn.callrail.com http://cdn.callrail.com https://www.youtube.com http://www.youtube.com https://my.wpengine.com http://my.wpengine.com http://www.google.com http://google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com http://unpkg.com https://www.googletagmanager.com http://www.googletagmanager.com https://s.btstatic.com http://s.thebrighttag.com http://thebrighttag.com http://www.google-analytics.com http://google-analytics.com http://cdnjs.cloudflare.com https://www.gstatic.com http://www.gstatic.com http://s.btstatic.com http://s.btstatic.com http://static.srcspot.com https://static.srcspot.com; script-src-elem  * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: blob: http://cdnjs.cloudflare.com; connect-src * 'self' data: gap: https://cdn.jsdelivr.net https://js.callrail.com http://js.callrail.com https://my.wpengine.com http://my.wpengine.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com; img-src * 'self' data: gap: https://dify.wpengine.com http://dify.wpengine.com https://www.facebook.com http://www.facebook.com https://s.w.org http://s.w.org http://secure.gravatar.com https://secure.gravatar.com http://gravatar.com http://1.gravatar.com http://1.gravatar.com https://1.gravatar.com http://i.ytimg.com http://ytimg.com https://www.google-analytics.com http://www.google-analytics.com; frame-src * 'self' data: gap: https://js.stripe.com https://www.facebook.com http://www.facebook.com http://youtube.com http://www.youtube.com http://seekbeak.com http://s.thebrighttag.com http://thebrighttag.com https://www.google.com http://www.google.com; style-src * 'self' data: gap: 'unsafe-inline' http://unpkg.com http://code.ionicframework.com http://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.gstatic.com https://code.ionicframework.com https://unpkg.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com; font-src 'self' http://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.gstatic.com http://code.ionicframework.com data: gap: 'unsafe-inline'; frame-ancestors 'self' https://*.mdguidelines.com https://*.alight.com data: gap: blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wehavecookies.social; img-src 'self' https: data: blob: https://wehavecookies.social; style-src 'self' https://wehavecookies.social 'nonce-Ha5qLRbCTe8U64/GAOpLzQ=='; media-src 'self' https: data: https://wehavecookies.social; frame-src 'self' https:; manifest-src 'self' https://wehavecookies.social; form-action 'self'; child-src 'self' blob: https://wehavecookies.social; worker-src 'self' blob: https://wehavecookies.social; connect-src 'self' data: blob: https://wehavecookies.social https://files.wehavecookies.social wss://wehavecookies.social; script-src 'self' https://wehavecookies.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.jsdelivr.net *.guestplan.com *.gstatic.com www.google-analytics.com www.googletagmanager.com *.cloudflare.com *.addtoany.com use.fontawesome.com *.mailchimp.com *.mcusercontent.com *.youtube.com *.ytimg.com *.googleapis.com *.medialoc.eu *.firebasedatabase.app *.ticketengine.nl; style-src 'self' 'unsafe-inline' *.googleapis.com *.mcusercontent.com *.guestplan.com  *.google.com *.jsdelivr.net *.cloudflare.com *.addtoany.com cloud.typography.com *.myfonts.net *.medialoc.eu *.ticketengine.nl *.medialoc.eu; font-src 'self' *.mcusercontent.com *.gstatic.com data:; img-src 'self' data: www.google-analytics.com  *.gstatic.com *.media-imdb.com *.mailchimp.com *.mcusercontent.com mcusercontent.com *.mcusercontent.com stats.g.doubleclick.net *.medialoc.eu; frame-src 'self' *.google.com *.addtoany.com *.guestplan.com *.mcusercontent.com *.youtube.com *.vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com localhost:* *.firebasedatabase.app *.b-cdn.net *.run.app; media-src 'self' *.youtube.com *.vimeo.com *.guestplan.com *.mcusercontent.com *.vimeocdn.com *.akamaized.net blob: 'self' *.b-cdn.net; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl etender-connect.com www.google-analytics.com *.googleapis.com *.googleusercontent.com *.medialoc.eu *.run.app wss://*.europe-west1.firebasedatabase.app *.b-cdn.net *.bitmovin.com blob: data: *.pallycon.com *.google-analytics.com *.doubleclick.net; frame-ancestors ;  1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * blob: 194.30.79.53; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://aipi.social; img-src 'self' https: data: blob: https://aipi.social; style-src 'self' https://aipi.social 'nonce-kQevuU7wPPLKCxHz/knnFg=='; media-src 'self' https: data: https://aipi.social; frame-src 'self' https:; manifest-src 'self' https://aipi.social; form-action 'self'; child-src 'self' blob: https://aipi.social; worker-src 'self' blob: https://aipi.social; connect-src 'self' data: blob: https://aipi.social https://aipi.social wss://aipi.social; script-src 'self' https://aipi.social 'wasm-unsafe-eval' 1
default-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; base-uri 'none'; script-src 'none'; frame-ancestors 'none'; form-action 'none'; sandbox allow-forms allow-orientation-lock allow-pointer-lock allow-presentation allow-scripts allow-same-origin; 1
default-src 'self';object-src 'none';connect-src 'self' https://api.chicoree.ch/v1/api/ https://d365apiprod.chicoree.ch *.getflowbox.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ch *.google.fr *.google.de sentry.io *.sentry.io https://consent.cookiebot.com https://consentcdn.cookiebot.com *.imgix.video https://tiktok.com https://www.tiktok.com/oembed;script-src 'self' blob: https://cdn.jsdelivr.net *.getflowbox.com https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://www.youtube.com/ https://tagmanager.google.com *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://connect.facebook.net 'sha256-0bjqRPbGoMYXSXkBtJ24Kl5BRQrgVCytVTKeM4OsIUk=' pay.datatrans.com pay.sandbox.datatrans.com https://consent.cookiebot.com https://consentcdn.cookiebot.com;style-src 'self' 'unsafe-inline' *.ttwstatic.com https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: *.chicoree.ch https://chicoree-erp.imgix.net https://chicoree-erp-test.imgix.net https://chicoree-staging.s3.eu-central-1.amazonaws.com *.getflowbox.com *.cloudfront.net *.tiktokcdn.com *.facebook.com https://chicoree-master.s3.eu-central-1.amazonaws.com https://chicoree-master-private.s3.eu-central-1.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ch *.google.fr *.google.de;media-src 'self' *.chicoree.ch *.imgix.video blob:;font-src 'self' data: https://fonts.gstatic.com;frame-src *; 1
report-uri enclarapharmacia.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.addthis.com http://trackingdakar.com https://trackingdakar.com http://media.trackingdakar.com https://media.trackingdakar.com https://*.moatads.com https://*.addthisedge.com https://connect.facebook.net https://code.jquery.com/ https://*.googletagmanager.com; connect-src 'self' http://trackingdakar.com https://trackingdakar.com http://media.trackingdakar.com https://media.trackingdakar.com https://m.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' http://trackingdakar.com https://trackingdakar.com http://media.trackingdakar.com https://media.trackingdakar.com https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' http://trackingdakar.com https://trackingdakar.com http://media.trackingdakar.com https://media.trackingdakar.com 'unsafe-inline'; frame-src https://s7.addthis.com/ https://www.facebook.com/; frame-ancestors 'self' http://*.trackingdakar.com https://*.trackingdakar.com; form-action 'self' http://trackingdakar.com https://trackingdakar.com http://media.trackingdakar.com https://media.trackingdakar.com  https://www.paypal.com; base-uri 'none'; 1
default-src 'self'; connect-src 'self' *.google.com *.google.co.uk *.google-analytics.com *.doubleclick.net *.analytics.google.com api.stripe.com maps.googleapis.com; img-src 'self' www.gwrr.com *.googletagmanager.com *.gravatar.com *.google.co.uk *.google.com *.google-analytics.com maps.googleapis.com maps.gstatic.com www.w3.org files.stripe.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; manifest-src 'self'; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.vimeo.com; form-action 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com unpkg.com *.googletagmanager.com maps.googleapis.com *.google-analytics.com; upgrade-insecure-request; worker-src 'none'; 1
script-src 'self' d1hh40g6daqks4.cloudfront.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net use.typekit.net fast.wistia.net snap.licdn.com blob: cc.cdn.civiccomputing.com https://*.hs-scripts.com bat.bing.com https://accounts.google.com/gsi/client www.clarity.ms https://js.hubspot.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hsforms.net js.hubspotfeedback.com 'nonce-26WVPcLlp9SUjxYN9qdyoQ=='; img-src 'self' data: *.linkedin.com *.hubspot.com doubleclick.net forms.hsforms.com kmny6vxx86.execute-api.eu-west-1.amazonaws.com zapworks-home-static.s3.eu-west-1.amazonaws.com px.ads.linkedin.com f.hubspotusercontent30.net www.gstatic.com https:; font-src 'self' fonts.gstatic.com data:; object-src 'none'; base-uri 'none'; style-src 'self' d1hh40g6daqks4.cloudfront.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 'unsafe-inline' fonts.googleapis.com https://accounts.google.com/gsi/style; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com api.hubapi.com stats.g.doubleclick.net forms.hubspot.com apikeys.civiccomputing.com googleads.g.doubleclick.net cdn.linkedin.oribi.io pagead2.googlesyndication.com https://forms.hscollectedforms.net https://accounts.google.com/gsi/ https://r.clarity.ms/collect https://px.ads.linkedin.com https://cta-service-cms2.hubspot.com/; default-src 'self' d1hh40g6daqks4.cloudfront.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' fast.wistia.net www.youtube.com www.google.com www.googletagmanager.com platform.twitter.com player.vimeo.com app.hubspot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://*.g.doubleclick.net webxr.run lbn.zappar.io lbn.webar.run https://accounts.google.com/gsi/ 1
default-src * data: blob: 'self'; script-src 'self' adservice.google.com js.callrail.com cdn.callrail.com google.com pagead2.googlesyndication.com secure.adnxs.com www.instagram.com www.gstatic.com *.anyroad.com maps.googleapis.com gleam.io cdn.privacy-mgmt.com api.omappapi.com a.optnmstr.com my.hy.ly bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* googleadservices.com *.googleadservices.com *.analytics.google.com googlesyndication.com *.googlesyndication.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *; connect-src 'self' adservice.google.com app.callrail.com js.callrail.com cdn.callrail.com google.com pagead2.googlesyndication.com googlesyndication.com *.googlesyndication.com secure.adnxs.com www.instagram.com www.gstatic.com *.anyroad.com maps.googleapis.com gleam.io cdn.privacy-mgmt.com api.omappapi.com a.optnmstr.com my.hy.ly bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.google.com *.googletagmanager.com ajax.googleapis.com *.facebook.com facebook.com; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.sera.de www.google-analytics.com maps.googleapis.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; img-src * 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' stats.sera.de  www.google-analytics.com maps.googleapis.com; font-src 'self' fonts.gstatic.com data:; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src 'self' data: 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: content: https: *.googleapis.com 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles aprilcornell.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com aprilcornellchat.secure.force.com www.google.com adservice.google.com manage.kmail-lists.com www.aprilcornell.ca *.doubleclick.net web1.acsbapp.com www.aprilcornell.com www.googletagmanager.com; default-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' aprilcornell.commercev3.com s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com platform.twitter.com service.force.com view.publitas.com tpc.googlesyndication.com aprilcornellholdings.my.salesforce.com *.facebook.com www.youtube.com *.pinterest.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com syndication.twitter.com log.pinterest.com  www.bing.com web1.acsbapp.com res.cloudinary.com googleads.g.doubleclick.net syndication.twitter.com *.google.com  cdn.aprilcornell.com *.facebook.com www.gstatic.com www.google.ca; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com acsbapp.com *.force.com *.salesforceliveagent.com assets.pinterest.com *.salesforce.com view.publitas.com tpc.googlesyndication.com www.google-analytics.com connect.facebook.net weglot.com secure.comodo.com www.googleadservices.com connect.facebook.net d.*.salesforceliveagent.com *.salesforce-sites.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com acsbapp.com *.force.com *.salesforceliveagent.com assets.pinterest.com *.salesforce.com view.publitas.com tpc.googlesyndication.com www.google-analytics.com connect.facebook.net weglot.com secure.comodo.com www.googleadservices.com connect.facebook.net d.*.salesforceliveagent.com *.salesforce-sites.com; style-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.force.com aprilcornellholdings.my.salesforce.com *.salesforce-sites.com; style-src-elem 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.force.com aprilcornellholdings.my.salesforce.com *.salesforce-sites.com; style-src-attr  'unsafe-inline'; media-src 'self' aprilcornell.commercev3.com s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com www.bing.com; 1
frame-ancestors http://webvisor.com 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.uulacdn.com;object-src 'self';base-uri 'none';worker-src 'self';form-action 'self' *.snapchat.com https://www.facebook.com;script-src 'strict-dynamic' https: 'unsafe-inline' 'sha256-Ns4lsh33b1+XiHkVe5vle9GpwSW+gRcQFiI2NWBvcgg=' 'sha256-0rbYarWanV7eJfsDUY9Zp47gCoQ9ZvCkY6hh8bmyPoc=' 'sha256-uNGOusG+HASI3ESVDKikR/TXeh39c3BS3GzNMIXcdhc=' 'sha256-NqhWjvb2yqXIhpgtVKVMbC7H2hnwIhB6dXMJQSTpHIk=' 'sha256-BASpzbWki4nWBWIsasohus+Q8QaL21zhxLRUKQBZzLQ=' 'sha256-4PC6by7BboZMmTNq/XclY3blFdJnfG6MOtQAfBlNXY8=' 'sha256-HV/hZNW+MPcR1IGFrklq5ROJWZaeLEQ5zzthTXvabUg=' 'sha256-YWf0rK6qIbedchbHyoZr8tdEP/2PNKXWwvFOojGyo8U=' 'nonce-uwT6Nv23Ymf7DzLHKDuVcQ==';style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://www.googletagmanager.com https://*.uulacdn.com;font-src 'self' data: https://*.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://applepay.cdn-apple.com https://*.uulacdn.com;connect-src 'self' https://*.sentry.io https://*.amplitude.com https://conversion.uula.com wss://www.uula.com/backend/cable https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://analytics.tiktok.com https://tr.snapchat.com https://www.facebook.com wss://*.cohere.so https://*.cohere.so https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com https://stats.g.doubleclick.net https://fps.ezdrm.com https://widevine-dash.ezdrm.com https://playready.ezdrm.com https://*.uulacdn.com https://uula-production.s3.ap-south-1.amazonaws.com;img-src 'self' data: blob: https://static.intercomassets.com https://*.intercomcdn.com https://tr.snapchat.com https://www.facebook.com https://analytics.twitter.com https://t.co/i/adsct https://i.ytimg.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.google.com https://www.google.ru https://www.google.com.kw https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.uulacdn.com;media-src 'self' blob: https://*.intercomcdn.com https://*.cohere.so https://*.uulacdn.com;frame-src https://*.snapchat.com https://www.youtube.com/ https://*.cohere.so *.google.com https://td.doubleclick.net/;child-src https://*.snapchat.com https://www.youtube.com/ https://*.cohere.so *.google.com 1
default-src 'unsafe-inline' 'unsafe-eval' abacus.cz *.abacus.cz evolveo.com *.evolveo.com evolveo.eu *.evolveo.eu salente.cz *.salente.cz gls-czech.cz *.gls-czech.cz teamviewer.com *.teamviewer.com secure.skypeassets.com smartlook.cloud *.smartlook.cloud im9.cz *.im9.cz *.doubleclick.net heureka.cz *.heureka.cz *.cdn77.org youtube.com *.youtube.com facebook.com *.facebook.com facebook.net *.facebook.net smartlook.com *.smartlook.com smartsuppchat.com *.smartsuppchat.com smartsup.com *.smartsup.com smartsupp.com *.smartsupp.com *.googleapis.com *.googletagmanager.com *.google-analytics.com google.com *.google.com google.cz *.google.cz *.jquery.com wss://*.smartsupp.com; font-src * 'self' data: 1
default-src http:; script-src http: 'unsafe-inline' 'unsafe-eval' data:; style-src http: 'unsafe-inline'; img-src http: data:; font-src http: data: 1
font-src *.gstatic.com *.cloudflare.com *.olark.com *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net doubleclick.net *.survicate.com survicate.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.authorize.net *.paypal.com paypal.com *.cloudflare.com self www.facebook.com *.olark.com *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net doubleclick.net *.survicate.com survicate.com *.cybersource.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amc.demdex.net *.demdex.net *.cardinalcommerce.com *.authorize.net paypal.com *.paypal.com *.vimeo.com google.com googletagmanager.com *.braintreegateway.com *.google.com *.google.co.in doubleclick.net facebook.com self www.facebook.com *.marketo.com *.vidyard.com *.gordian.com *.datatables.net googleads.g.doubleclick.com googleads.g.doubleclick.net *.amazon-adsystem.com *.olark.com *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net *.survicate.com survicate.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io google.co.in *.google.co.in *.adobedtm.com *.sc.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com googleadservices.com google-analytics.com paypalobjects.com *.paypal.com paypal.com *.sandbox.paypal.com *.stats.paypal.com *.ytimg.com *.swagger.io *.braintreegateway.com self *.bing.com google.com *.google.com www.google.com *.ads.linkedin.com *.clarity.ms facebook.com www.facebook.com www.googletagmanager.com *.adsymptotic.com www.linkedin.com play.vidyard.com *.vidyard.com *.nr-data.net *.marketo.com *.gordian.com *.datatables.net *.olark.com *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net doubleclick.net *.survicate.com survicate.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.cardinalcommerce.com *.authorize.net *.braintreegateway.com paypal.com *.paypal.com *.ytimg.com google.com *.google.com *.sandbox.braintreegateway.com googleoptimize.com googleadservices.com google-analytics.com *.googleoptimize.com googletagmanager.com *.vidyard.com *.callrail.com *.ccdc02.com tags.srv.stackadapt.com *.licdn.com *.bing.com *.marketo.net *.marketo.com *.fullstory.com *.facebook.net connect.facebook.net self play.vidyard.com cdn.callrail.com clarity.ms *.clarity.ms facebook.com google.co.in paypalobjects.com googleapis.com gstatic.com *.cloudflare.com *.newrelic.com *.nr-data.net *.gordian.com *.datatables.net www.rsmeans.com rsmeans.com *.rsmeans.com snap.licdn.com *.olark.com qvdt3feo.com *.mktoutil.com *.capterra.com *.doubleclick.net doubleclick.net *.survicate.com survicate.com https://cdnjs.cloudflare.com h.online-metrix.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.srv.stackadapt.com *.googleapis.com *.cloudflare.com self mcstaging.rsmeans.com rsmeans.com www.rsmeans.com *.datatables.net *.marketo.com *.nr-data.net *.gordian.com *.olark.com *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net doubleclick.net *.survicate.com survicate.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.demdex.net *.cardinalcommerce.com *.google-analytics.com paypal.com *.paypal.com *.braintreegateway.com self *.sandbox.braintreegateway.com *.braintree-api.com doubleclick.net *.google.com tags.srv.stackadapt.com *.callrail.com js.callrail.com facebook.net facebook.com www.facebook.com *.facebook.net *.mktoresp.com *.fullstory.com clarity.ms *.clarity.ms *.nr-data.net *.bing.com *.gordian.com *.datatables.net *.linkedin.oribi.io *.linkedin.com *.olark.com www.google.co.in *.mktoutil.com *.rsmeans.com *.capterra.com *.doubleclick.net *.survicate.com survicate.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' browserclient.twixlmedia.com; 1
default-src 'none'; script-src 'self' 'unsafe-eval' data: legalaid.vic.gov.au content.legalaid.vic.gov.au zchat.vla.vic.gov.au *.content.legalaid.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' www.google.com/recaptcha/api.js maps.googleapis.com https://*.gstatic.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net *.youtube.com ytimg.com *.ytimg.com w.soundcloud.com apps.mypurecloud.com.au *.openforms.com; style-src 'self' 'unsafe-inline' legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au zchat.vla.vic.gov.au fonts.googleapis.com tagmanager.google.com drwgdblqzrfiz.cloudfront.net *.openforms.com; img-src 'self' data: legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au zchat.vla.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.au drwgdblqzrfiz.cloudfront.net; font-src 'self' legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au fonts.gstatic.com; frame-src 'self' lawguru.vla.vic.gov.au legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net https://www.google.com/recaptcha/api2/ maps.google.com.au zchat.vla.vic.gov.au wss://streaming.mypurecloud.com.au *.openforms.com; manifest-src 'self'; media-src 'self' legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au zchat.vla.vic.gov.au; connect-src 'self' legalaid.vic.gov.au content.legalaid.vic.gov.au *.content.legalaid.vic.gov.au https://hotjar.com https://hotjar.io wss://hotjar.com *.sdp.vic.gov.au api.ipify.org drwgdblqzrfiz.cloudfront.net *.doubleclick.net *.google-analytics.com analytics.google.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.au api.mypurecloud.com.au wss://streaming.mypurecloud.com.au; 1
default-src 'self' 'unsafe-inline';script-src 'self' cdnjs.cloudflare.com statistiek.rijksoverheid.nl maps.googleapis.com *.publikaan.nl i.icomoon.io cdn.jsdelivr.net code.jquery.com www.gstatic.com gstatic.com ajax.aspnetcdn.com www.google.com google.com instituut-mijnbouwschade-groningen.onstuimig.nl 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com *.publikaan.nl cdn.jsdelivr.net img.de-publieke-zaak.nl 'unsafe-inline';connect-src 'self' *.publikaan.nl contentanalyzer.azurewebsites.net i.icomoon.io t-ic-products-contentcoach-coach.azurewebsites.net maps.googleapis.com statistiek.rijksoverheid.nl img.de-publieke-zaak.nl;font-src 'self' fonts.gstatic.com *.publikaan.nl cdn.jsdelivr.net img.de-publieke-zaak.nl data:;form-action 'self' accounts.google.com;img-src 'self' data: p-ic-hosting-shared-weu-cdn-img.azureedge.net statistiek.rijksoverheid.nl *.publikaan.nl maps.gstatic.com maps.googleapis.com www.gravatar.com i.vimeocdn.com;media-src 'self' www.youtube.com vimeo.com youtube.com youtube.com;frame-ancestors 'self' www.schadedoormijnbouw.infocaster-cloud.net www.schadedoormijnbouw.nl;frame-src * 1
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.twitter.com *.doubleclick.net *.hotjar.com *.facebook.com *.reebee.com *.pinterest.com *.google.com *.multiluminaire.ca *.google.ca *.flippenterprise.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com google.com gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.ca *.doubleclick.net *.multiluminaire.ca *.googleapis.com *.googletagmanager.com *.bing.com *.zopim.com *.zopim.io *.facebook.com *.sb.scorecardresearch.com *.pinterest.com *.probance.ca 'self' blob: 'self' data: *.flippenterprise.net *.wishabi.com *.wishabi.net *.flipp.com *.flippback.com *.usefathom.com *.gstatic.com *.googlesyndication.com *.privacy-center.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.googletagmanager.com chimpstatic.com trackcmp.net *.google.com *.googleapis.com *.facebook.net *.hotjar.com *.bing.com *.zopim.com *.zdassets.com *.reebee.com *.pinimg.com *.multiluminaire.ca *.flippenterprise.net *.wishabi.com *.flipp.com *.flippback.com 'self' blob: 'self' data: *.usefathom.com *.jsdelivr.net *.privacy-center.org *.clickcease.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com google.com gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.flippenterprise.net *.wishabi.com *.flipp.com *.flippback.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.doubleclick.net *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.google.com *.pinterest.com *.zendesk.com *.multiluminaire.ca *.flippenterprise.net *.wishabi.com *.flipp.com *.flippback.com *.googleapis.com *.privacy-center.org *.googlesyndication.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.gstatic.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://fonts.gstatic.com https://www.google-analytics.com *.googletagmanager.com https://*.vlibras.gov.br https://vlibras.gov.br https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://fonts.gstatic.com https://www.google-analytics.com *.googletagmanager.com https://vlibras.gov.br https://*.vlibras.gov.br https://hcaptcha.com https://www.vlibras.gov.br https://*.hcaptcha.com; worker-src 'self' blob:; img-src 'self' data: https://cdn.jsdelivr.net https://www.google-analytics.com *.googletagmanager.com https://vlibras.gov.br https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://vlibras.gov.br https://*.vlibras.gov.br https://use.typekit.net; frame-src https://www.google.com https://www.google.com.br https://www.youtube.com https://player.vimeo.com https://vlibras.gov.br https://www.google.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://fonts.gstatic.com https://www.google-analytics.com *.googletagmanager.com https://vlibras.gov.br https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://use.typekit.net https://fonts.googleapis.com; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.facebook.net https://*.cookiebot.com https://stackpath.bootstrapcdn.com https://static.addtoany.com https://unes.intervieweb.it https://unpkg.com https://*.gigya.com https://*.us1.gigya.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.turboadv.com https://*.adnxs.com https://*.datafront.co https://*.easyrecrue.com https://*.tncid.app/ https://*.ilviaggiatorgoloso.it https://*.green-oasis.it https://*.adform.net https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://acsbapp.com; frame-ancestors https://*.unes.it https://*.ilviaggiatorgoloso.it https://*.salesforce.com https://webplayer.appicalnow.com; 1
frame-ancestors self www.vix.com.br 1
worker-src * 'self' 'unsafe-inline' blob:; script-src-elem * 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://*.com data:; img-src 'self' data: https: 1
worker-src * blob:; frame-ancestors 'self' https://m.facebook.com/ https://m.me/ https://static.xx.fbcdn.net/; child-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://www.instagram.com/ https://www.google.com/ https://www.googleanalytics.com/ https://www.google-analytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://fonts.googleapis.com/ 1
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com; script-src  'self' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com *.googleoptimize.com *.consentmanager.net 291santanderdk.boost.ai widget.emaerket.dk campaigns.santanderconsumer.dk *.mouseflow.com assets.emaerket.dk dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com https://*.santanderconsumer.dk https://*.santanderconsumer.se https://*.santanderconsumer.no https://*.santanderconsumer.fi https://*.santander.dk https://*.santander.se https://*.santander.no https://*.santander.fi storage.googleapis.com https://bat.bing.com 'sha256-R3r1BBbUqajF92ZtvNhcoXaO1DyvCB5n6RlHZMJNN4Q=' 'sha256-vitIc2uymCl9f6M4oE0lM+hRLG3hY0bvKDdnFnSm/Lw=' 'sha256-qRz8vHFz9Ror3ulXnI8ucDmH61TD/MUIZdpgc1WVzNI=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-ppnuB8t/zFlSL3wef4Y4RUFh5WsVpgiRKHn0VrbbGn8=' 'sha256-aqG6RKLgwY23CqcmJ5zAlZisFs5xK+Ms4Se+yni8ic0=' 'sha256-wVccTMGgyHpF0qjzi8i6TXA+cnPJr5kxJjguXBNl8uo=' 'sha256-y6hoVbXmB19pgCqBsvSizYaH3Sz7pxb1BEoo12F+Gsc=' 'unsafe-eval' 'sha256-xuL3g8xdp2Whkb7FQO1Nw4aAUTnSvCgAWIBfsAUcpsM=' 'sha256-bw5gs5bIeTI7278wrWAEiyNu2RE5qKa/eDIjlvJzZJ0=' 'sha256-zDbK6fQChSitkNX6V98dV9iry9DTomzE9LLQkUoObhc=' 'sha256-QJ0/gTTiupilkW9DootKOpc4QTNrj/RkjuoecJrelwg=' 'sha256-R+eCfgrGG1e6QKnozw24ga+hrd3KgwSluR1UE1kLesc=' 'sha256-XZ/chm1krByQYHsGXeEuvPhhqWNv+XYV72tdweoyVoQ=' 'sha256-csxyHx67/Cz1ssRqgS9ELrBbd4ijWCEfQSXl+SLfNG4=' 'sha256-UBYOLn6lzP24Shdmu1dFgNBGI2Qnx29UKnu9zcOmJRA=' 'sha256-NGpeOZcu7u4P3rq7urYxouH/3w4WzRrfbaDaGSv+XFk=' 'sha256-ElM0Ncbg7nQo4zV991JvGCmOjkdrPSRR0dFjQjRgsvM=' 'sha256-CtSmrudI29LsFi5Qfh7PyHXcN7mp9vl79V94OgT3Jzk=' 'sha256-5vnGc70Jv+yFgNQYMoUakXQSU1epVZmWabC0vliA7/M=' 'sha256-p4gD/hXte09XDyH9dj97FeaWj5K/Kexh5sGrKiAoXrs=' 'sha256-vKX42idkrBkekpROyWmAjTLwVAYtYMHRgGd3j1OISXk=' 'sha256-BnCI3lVEodagWsYSqNkdzI6SuIr0mLIsL/BdFQTi1A8=' 'sha256-VX22EwCSRge22rEHFEAjMOL0mPh/tkdcuxTu53zGokc=' 'sha256-wn9w4k+pdNWh4WVAVBR5pszrUqrM5Dyr8gFaLnF6n38=' 'sha256-ZToFMkf5H4J2SiSd8ptkPhhhmv0e+uxjMDPnpQDSULM=' 'sha256-sciPiePRVvy4tJ2l5q5+u5Fum7xV8mJAcK8uMVxcZBs=' 'sha256-tiMyT2kJWk9gX9jwPW/wO7L5DcHNUh6Sao3AzBx/UWc=' 'sha256-gTNKBW/M/zNBjiqPQwS0ECum+JfiMgJjZmkYVx5OPcw=' 'sha256-reLLWDjxidKAt2zNDRsl+bXkcsCVPX0iKhw4haYBjd0=' 'sha256-cQLxZGpnDbda/6FTEA2mqBA6cbGf3RyDWtodgkrGUwY=' 'sha256-pdwVfY4tvmgrtgDssGR+60TAQIQ2srhDZIb652ri8fs=' 'sha256-lcTx3iFVD7mYp6dVv3qG57diET2+Jx3svPkP8e3tG3Q=' 'sha256-TGg73Jjef3su0lLJf5aeCQhE3BZHqU0Pkeev6VVnHS0=' 'sha256-NA6JekcsRH4MXKKWK8T0fxbhx67iytbQiKUjwphXYZA=' 'sha256-8X9Tmnu7Cm6gEq+/cLhLaTyH/+9S1zfgxXmzEMfDFBc=' 'sha256-rl/Og5sT3562pxn1XvCC8GEFVbiE3QARMjS5OmuOYMk=' 'sha256-rYL1oK2MdVeozKoMK45k1OMcJ9uBeDA4zv5QCyrstbA=' 'sha256-xmLM77SEHEI9B5uZzKfaErfEFk5OocUuej6ITyBmItY=' 'sha256-+Vky7BYRGHruDQzJfQqBTDbuOFmxBGYHmXhbvdmpdCE=' 'sha256-89/0fk1wLiuTVo5U6RbzVYR54EZKTaxBxuv5B8AYx4w=' 'sha256-G9PmJ9lH5czXghV+e2o21oUwYhdFkNNThIALu+kW2No=' 'sha256-Z4n/gJ5EC38lYAI4e/+VWL4Sb5ZjoXymkgPw5ncvoqU=' 'sha256-Ase7fAQ+xgXY1NjG/3qUUeDj4BKh2GPj1U9vcRXd4fY=' 'sha256-M3OI1qX1U3xK0papA5Jmp5dAGsy1x+/wmq+SrkruICs=' 'sha256-WZGEGKe9kMVDKO1IeZtGJrer9D2x2cxq0yBc7phEtMs=' 'sha256-oivKmu/e8xkyxlYZ11c2A+3VypGSPJiApJwIfoGXdW0=' 'sha256-uJsxhHh+CBQQSADuOneF8ld05h0G39igWSOHTD+yElw=' 'sha256-BevxqnWgv+iBKXNpTL2PUL2iYsxPVg7mHT55YoRPpCs=' 'sha256-9gB5s2V9g8bmfvUppQ4yCD4jC1wcdDv4Sp7/zmjGNi4=' 'sha256-6IvDhb1UIS5ovJbVSB76ehDb5mkro3gcaoV0GQtvsRM=' 'sha256-WMrmz7wxPHAwUC3CiiCcWBfvwTxSkMn21kMqvQ4Mmdw=' 'sha256-OrFhJZ4GnF0qoFlTGQqk5r6LHC9PNtYiKQdrnp1l5SM=' 'sha256-cYjMo89fKPIdRVbNdTjrhdsXmU248Z7Cexa4hVNmSyY=' 'nonce-XcOJJmlTY0zNg4R4MqAQgS+X+CyEkym0ZNCgYnjYj6A='; frame-src   'self' https://apim.scb.nu *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com www.googletagmanager.com cdn.consentmanager.net https://*.giosg.com https://*.giosgusercontent.com; child-src   'self' blob: *.hotjar.com blob:; img-src     * 'self' data: blob: *.hotjar.com google-analytics.com optimize.google.com  region1.google-analytics.com region1.analytics.google.com ; style-src   'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com dl.episerver.net https://*.giosg.com https://*.giosgusercontent.com; connect-src https://apim.scb.nu wss://*.santanderconsumer.se wss://*.santander.se *.santanderconsumer.se *.santander.se *.santanderconsumer.dk *.santander.dk *.santanderconsumer.fi *.santander.fi *.santanderconsumer.no *.santander.no https://santanderconsumer.dk https://santander.dk *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.google-analytics.com https://analytics.google.com *.doubleclick.net *.consentmanager.net 291santanderdk.boost.ai *.google.com region1.google-analytics.com region1.analytics.google.com *.mouseflow.com https://*.googlesyndication.com 'self' https://*.giosg.com https://*.giosgusercontent.com data: blob: *.tt.omtrdc.net https://ggsa--sant-dk--pro--87.ew.r.appspot.com ; font-src    'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com cdn.mouseflow.com https://*.giosg.com https://*.giosgusercontent.com; worker-src  'self' blob:; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-XSGiys3VJrsWHvh5HMsnxxrgEtBOMA48JvtfBSmxkXEdILDH9knlF38OqhxAkekN' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src 'self';  script-src 'self' https://checkout.razorpay.com/ https://api.razorpay.com/ https://maps.googleapis.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googletagmanager.com/ http://www.google-analytics.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://salesiq.zoho.com/ https://js.zohocdn.com/ https://js.zohostatic.com/ https://static.zohocdn.com/;  connect-src 'self' https://api-js.mixpanel.com/ https://maps.googleapis.com/ https://cdn.growthbook.io/ https://o69967.ingest.sentry.io/ https://app.thrivenow.in/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.razorpay.com/ https://in.hotjar.com/ https://lumberjack-cx.razorpay.com https://content.hotjar.io/ wss://ws.hotjar.com/ https://salesiq.zoho.com/ wss://vts.zohopublic.com/ https://salesiq.zohopublic.com/ https://analytics.google.com/;  img-src 'self' https://cdn.thrivenow.in/ https://cdn.hashtagloyalty.com/ https://s3.ap-southeast-1.amazonaws.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.in/ https://maps.googleapis.com/ https://hashtagloyaltydev.s3.ap-southeast-1.amazonaws.com/ https://maps.gstatic.com/ https://salesiq.zohopublic.com/ https://css.zohocdn.com/ data:;  script-src-attr 'self' 'unsafe-inline';  media-src 'self' https://static.zohocdn.com; frame-src 'self' https://api.razorpay.com/ https://salesiq.zohopublic.com/;  font-src 'self' https://cdn.hashtagloyalty.com/ https://fonts.gstatic.com/ https://css.zohocdn.com/ data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://css.zohocdn.com/ https://css.zohostatic.com/ https://files.zohopublic.com/;  object-src 'none'; 1
frame-ancestors 'self';style-src 'self' 'unsafe-inline';img-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com http://www.googletagmanager.com 1
worker-src blob: mobelringen.global.ssl.fastly.net; font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' data: data: script.hotjar.com *.typography.com *.intercomcdn.com *.cloudfront.net mobelringen.global.ssl.fastly.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.voyado.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.klarna.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com big.g.doubleclick.net vars.hotjar.com *.authorize.net *.socialboards.com embedsocial.com *.cookieinformation.com *.google.com *.google.lt *.google.no *.ipaper.io *.voyado.com voyado.oculos.no *.doubleclick.net *.adform.net *.facebook.com mobelringen.global.ssl.fastly.net kommunikasjon.ntb.no *.typeform.com go.smoc.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.flbx.io *.klarna.com *.klarnaevt.com *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io *.wpcloud.trollweb.no *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.magentocommerce.com *.paypal.com *.readpeak.com *.adnxs.com *.taboola.com *.ytimg.com storage.googleapis.com img.youtube.com analytics.sleeknote.com *.google.lt *.cloudfront.net *.ipaper.io ipaper.ipapercms.dk *.fbcdn.net *.facebook.com blob: mobelringen.global.ssl.fastly.net *.doubleclick.net *.mobelringen.no *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarna.com *.yotpo.com https://storage.googleapis.com/ https://api.mapbox.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net static.hotjar.com script.hotjar.io *.googleanalytics.com *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.trustpilot.com *.geostag.cardinalcommerce.com *.leaf.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.geoapi.cardinalcommerce.com *.1eafapi.cardinalcommerce.com oc-cookieless-cmp-app.azurewebsites.net sst.mobelringen.no *.readpeak.com *.typeform.com *.songbird.cardinalcommerce.com *.geo.cardinalcommerce.com *.centinelapistag.cardinalcommerce.com *.centinelapi.cardinalcommerce.com *.1eaf.cardinalcommerce.com *.includestest.ccdc02.com *.secure.authorize.net *.test.authorize.net *.paypal.com *.ytimg.com *.js.authorize.net *.jstest.authorize.net *.braintreegateway.com *.signifyd.com widget.intercom.io js.intercomcdn.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com *.googletagmanager.com *.googleoptimize.com browser-update.org script.hotjar.com connect.facebook.net track.adform.net *.mobelringen.no *.googleapis.com *.socialboards.com *.elfsight.com *.cookieinformation.com embedsocial.com bam.nr-data.net js-agent.newrelic.com data: blob: *.facebook.com mobelringen.global.ssl.fastly.net kommunikasjon.ntb.no *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com unsafe-inline *.gstatic.com tagmanager.google.com *.wpcloud.trollweb.no *.typography.com getfirebug.com *.getfirebug.com mobelringen.no *.socialboards.com embedsocial.com mobelringen.global.ssl.fastly.net data: *.googletagmanager.com *.google.com *.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com *.klarnaevt.com *.yotpo.com https://storage.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.doubleclick.net *.klarna.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.cardinalcommerce.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io stats.g.doubleclick.net *.vdc-services.io *.elfsight.com *.cookieinformation.com bam.nr-data.net *.googleapis.com *.mapbox.com *.getflowbox.com *.socialboards.com mobelringen.global.ssl.fastly.net *.sleeknote.com vimeo.com sst.mobelringen.no oc-cookieless-cmp-app.azurewebsites.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com blob: mobelringen.global.ssl.fastly.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
block-all-mixed-content; frame-ancestors *.moveisgruber.com.br 1
default-src 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com; style-src 'self' 'unsafe-inline' *.widgetworks.com.au https://tagmanager.google.com https://fonts.googleapis.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; img-src 'self' data: * www.googletagmanager.com  https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; connect-src 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev *.ingest.sentry.io jsonapi.sajari.net/sajari.api.pipeline.v1.Query/Search vitals.vercel-insights.com analytics.tiktok.com www.google.com.au/pagead/attribution https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com  https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://ct.pinterest.com api.hubapi.com forms.hubspot.com stats.g.doubleclick.net www.googleadservices.com secure-ds.serving-sys.com tr.snapchat.com lm.serving-sys.com/lm/tmd; frame-ancestors 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; font-src 'self' https://fonts.gstatic.com data: 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com; script-src 'unsafe-inline' 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com secure-ds.serving-sys.com js.hs-scripts.com s.pinimg.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com connect.facebook.net https://*.googletagmanager.com www.google-analytics.com www.gstatic.com siteimproveanalytics.com sc-static.net static.ads-twitter.com www.redditstatic.com cdn.sajari.com snap.licdn.com analytics.tiktok.com bs.serving-sys.com analytics.twitter.com https://tagmanager.google.com 1
frame-ancestors 'self' https://mumuchu.com; 1
default-src 'self' blob: data: *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com;script-src 'self' 'unsafe-eval' blob: 'nonce-u/sK7jj1WNqQi2WzQ6/0vg==' 'nonce-IIhNQxf6Uaf3gC7AsReb/g==' 'nonce-LydF4zzBXDTlUlRAB4kkTA==' 'nonce-dCiO52Ql5h8n/Pwi0341hQ==' 'nonce-4V2kyeuhMjPqgSh5wtt7FQ==' 'nonce-1hcolyn8qbg+zOEXpJP+5g==' 'nonce-JiQubdf1550nY8l9xg9H1g==' 'nonce-LShROQ306orE18XgEPSsMg==' 'nonce-Ld93CtA0mh34+892JbiLSw==' 'nonce-msQNWGiI6IoIXCPWJGBCPQ==' 'nonce-MZ/uyU2s2KmZcikE0IoOWg==' *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com;style-src 'self' 'unsafe-inline' *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com;img-src 'self' data: *;frame-ancestors 'none'; 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net;default-src 'self';font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';img-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net data: https://i.ytimg.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com;media-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net https://*.guidingtube.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-pYI2MPbFziJOpu3Yn10cgJYpEcBFvSBN';frame-src 'self' https://w.soundcloud.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.guidingtube.com/;style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 1
default-src https: blob:; connect-src https: wss: blob: track-eu.customer.io eu.customerioforms.com *.api.gist.build *.cloud.gist.build; font-src https: data: fonts.googleapis.com; frame-src https: renderer.gist.build code.gist.build; frame-ancestors 'self' binolla.com; img-src https: blob: data: track-eu.customer.io; media-src https: blob:; object-src https:; script-src 'self' binolla.com google.com www.google.com gstatic.com www.gstatic.com connect.facebook.net www.googletagmanager.com https://cdn.logrocket.io https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://fpnpmcdn.net assets.customer.io code.gist.build eu.customerioforms.com 'unsafe-inline' 'unsafe-eval'; style-src code.gist.build 'unsafe-inline' https:; script-src-elem 'self' binolla.com google.com www.google.com gstatic.com www.gstatic.com connect.facebook.net www.googletagmanager.com https://cdn.logrocket.io https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://fpnpmcdn.net assets.customer.io code.gist.build eu.customerioforms.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' binolla.com cdn.lr-ingest.com customer.io 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.fanplayr.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://d38nbbai6u794i.cloudfront.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.fanplayr.com https://*.googletagmanager.com https://ajax.googleapis.com https://d38nbbai6u794i.cloudfront.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-1105d313-a6fd-4d62-9465d85ec9384901'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.fanplayr.com https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-1105d313-a6fd-4d62-9465d85ec9384901'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.fanplayr.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.fanplayr.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://d38nbbai6u794i.cloudfront.net https://t.co https://tarteaucitron.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://*.fanplayr.com https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
frame-ancestors 'self' file:; 1
default-src *; connect-src *;font-src  https://fonts.gstatic.com * data: blob:; frame-src *; img-src https://optimize.google.com  * data:; media-src *; object-src 'none' ; script-src https://optimize.google.com 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' *; upgrade-insecure-requests 1
font-src 'self' data: *.googleapis.com optimize.google.com cdnjs.cloudflare.com *.mapbox.com atlas.microsoft.com *.gstatic.com; style-src 'self' data: *.adactus.co.uk *.smartq.co.uk *.googleapis.com optimize.google.com cdnjs.cloudflare.com *.mapbox.com atlas.microsoft.com 'unsafe-inline'; frame-ancestors 'self' 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval'; connect-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https:; font-src https: data:; frame-src https: google:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-a3VCcVpkSUxRMDlGd0xvUnYycnVVdUEvUjdSelVvS1lpOG9sTFFVQUYyaz06NXEwak42UjhjQ1kwZ2RScDhBK0NaYmh0RlkwQU1jeXM4NThVZlVsUldTMD0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com geoid.investisdigital.com maps.googleapis.com bam.eu01.nr-data.net *.google-analytics.com cookiemanager.investisdigital.com www.googletagmanager.com *.highcharts.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com maps.googleapis.com bam.eu01.nr-data.net *.highcharts.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.typekit.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com  irs.tools.investis.com www.googletagmanager.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net cdnjs.cloudflare.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-mzf3UtXbwYfnnKP3VEgtye3nTk0xcGXJLGjLmC4y7v4=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-L2Slc+hjgfPR0Q7PEHLXalHE5sLRtxFNIWREBDLnqVU=' 'sha256-HfnQNmJVmBeLeNyjla2aZlXUlQYKZqWl81TdBj5YxcM=' 'sha256-DC/xa4clqDG2m8xUL+0jWRNUk1Py6w2/90aDcF5n220=' 'sha256-2AfYz0WARuNiypO7Ti/gOzUUynrazrHlZWDm75zKnwA=' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://cdn.cookielaw.org blob: *; style-src 'unsafe-inline' *; frame-src blob: *; img-src 'self' data: *; connect-src *; font-src data: *; media-src *; frame-ancestors https://author-prod.bcw-global.com https://www.bcw-global.com; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; frame-ancestors 'self' 1
default-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.disquscdn.com disqus.com; connect-src * data: blob: filesystem: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagservices.com localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr vercel.live vitals.vercel-insights.com script.hotjar.com static.hotjar.com static.cdn.prismic.io stats.qiota.com scripts.qiota.com data.qiota.com static.qiota.com www.qiota.com adservice.google.com www.google.com cse.google.com adservice.google.fr securepubads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google.com/recaptcha www.gstatic.com/recaptcha platform.twitter.com lessor.disqus.com tpc.googlesyndication.com prismic.io; child-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; frame-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr https://rue-bleue.kessel.media ruebleue.lessor.org lessor.prismic.io *.qiota.com www.qiota.com qiota.com *.safeframe.googlesyndication.com vars.hotjar.com https://platform.twitter.co disqus.com www.google.com tpc.googlesyndication.com https://www.youtube.com/ https://platform.twitter.com/ http://www.googletagmanager.com/'; form-action 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; img-src 'self' data: https: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.google.com; style-src 'unsafe-inline' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr www.qiota.com www.google.com disqus.com *.disquscdn.com; media-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; font-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; 1
frame-ancestors www.telwin.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.london; img-src 'self' https: data: blob: https://mastodon.london; style-src 'self' https://mastodon.london 'nonce-RlfPAwJtGfK+hr06XStA1A=='; media-src 'self' https: data: https://mastodon.london; frame-src 'self' https:; manifest-src 'self' https://mastodon.london; form-action 'self'; child-src 'self' blob: https://mastodon.london; worker-src 'self' blob: https://mastodon.london; connect-src 'self' data: blob: https://mastodon.london https://london.s3proxy.de wss://mastodon.london; script-src 'self' https://mastodon.london 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.ci360.sas.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com https://www.googletagmanager.com https://www.google-analytics.com 1
frame-ancestors 'self' https://static-ebcom.mci.ir/ 1
frame-ancestors 'self' https://www.iciformation.fr http://www.iciformation.fr https://preprod.iciformation.fr http://www.le-bilan-de-competences.com/ http://www.outplacement-et-reclassement.com/ http://diplome-vae.fr/ http://www.le-compte-personnel-formation.com/ http://www.imaginetonfutur.com/ http://www.portail-orientation.fr/ https://www.le-bilan-de-competences.com/ https://www.outplacement-et-reclassement.com/ https://diplome-vae.fr/ https://www.le-compte-personnel-formation.com/ https://www.imaginetonfutur.com/ https://www.portail-orientation.fr/ 1
connect-src https://staging3-shop.qa.saeco.com https://www.shop.saeco.com https://shop.saeco.com https://*.saeco.com https://*.vercel.app https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://connect.facebook.net https://dev.product-registration.da.saeco.com https://www.product-registration.da.saeco.com https://api.sendgrid.com https://accounts.saeco.com https://privacyportal-fr.onetrust.com https://analytics.de.algolia.com https://www.cms.ka.philips.com https://o2.mouseflow.com https://saeco.com/api/sendGrid/ https://qa.saeco.com/api/sendGrid/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://stg.api.bazaarvoice.com/ https://api.bazaarvoice.com/ https://stats.g.doubleclick.net/ https://api-cdn.mypurecloud.de/webdeployments/v1/deployments/18c01ab4-eff6-415d-82ba-4d87d80659c7/domains.json https://api-cdn.mypurecloud.de/webdeployments/v1/deployments/18c01ab4-eff6-415d-82ba-4d87d80659c7/config.json wss://webmessaging.mypurecloud.de/v1 https://api.mypurecloud.de/api/v2/webmessaging/messages 'self'; frame-src http://10558670.fls.doubleclick.net/ https://aax-eu.amazon-adsystem.com/ https://www.youtube.com https://www.youtube-nocookie.com https://optimize.google.com https://10558670.fls.doubleclick.net/ https://bid.g.doubleclick.net https://www.facebook.com https://apps.mypurecloud.de/ https://vercel.live/ 'self'; default-src 'self'; img-src https://optimize.google.com https://cdn.cookielaw.org/ https://*.vercel.app https://media.graphcms.com https://media.graphassets.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://images.philips.com https://i.ytimg.com https://img.youtube.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/ https://www.google.dk/pagead https://www.google.nl/ https://network-a.bazaarvoice.com https://network-stg-a.bazaarvoice.com/ https://network-eu-a.bazaarvoice.com https://network-eu-stg-a.bazaarvoice.com/ https://10558670.fls.doubleclick.net/ https://assets.vercel.com/ 'self' data:; font-src https://*.vercel.app https://fonts.gstatic.com https://fonts.googleapis.com 'self' data:; media-src https://*.vercel.app media.graphcms.com media.graphassets.com https://images.philips.com 'self'; manifest-src 'self'; object-src 'none'; script-src https://c.amazon-adsystem.com https://c.amazon-adsystem.com/aat/amzn.js https://www.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://privacyportal-fr.onetrust.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.mouseflow.com https://apps.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com/ https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://apps.mypurecloud.de/genesys-bootstrap/genesys.min.js https://apps.mypurecloud.de/journey/messenger-plugins/offersHelper.min.js https://apps.mypurecloud.de/genesys-bootstrap/plugins/genesysvendors.min.js https://vercel.live/_next-live/feedback/feedback.js https://pzapi-ij.com/b/1011l597/1100l164.js 'unsafe-eval' 'unsafe-inline' 'self'; style-src https://staging3-shop.qa.saeco.com https://www.shop.saeco.com https://shop.saeco.com https://fonts.googleapis.com https://optimize.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.facebook.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com 'self' 'unsafe-inline'; upgrade-insecure-requests; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: blob:; media-src * blob:; connect-src * data: blob:; worker-src * blob:; report-uri https://csp-reporting.mag-news.it 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1
default-src * 'self' blob:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * blob: data:; 1
default-src 'self'; font-src 'self' data:; media-src 'self' blob: https://guardian-mediaconvert-out.s3.us-gov-west-1.amazonaws.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' www.google.com www.state.gov www.microsoft.com https://guardian-mediaconvert-in.s3.us-gov-west-1.amazonaws.com; frame-src 'self'; img-src 'self' data: *.guardian.network; object-src 'self' blob data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' report-to https://ui.masterpassturkiye.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;    img-src 'self' https: data:;    font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://code.jquery.com https://ui.masterpassturkiye.com;    frame-ancestors 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com;   frame-src 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com; 1
script-src 'nonce-+KGLabKl3btSpjUBV+GqFh60AIJ3SOsl/30Yx1/1BQA='  'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'  https://www.hkscan.com https://consent.cookiebot.com https://service.giosg.com *.cdn.jsdelivr.net/ https://old-viewer.paperturn-view.com https://www.paperturn-view.com; font-src 'self' https://dhm5hy2vn8l0l.cloudfront.net https://cdnjs.cloudflare.com/ https://fast.fonts.net/ https://fonts.gstatic.com https://giosg-chat-public-eu.s3.amazonaws.com https://cdn.giosgusercontent.com; style-src 'self' 'unsafe-inline'  https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://fast.fonts.net/ https://fonts.googleapis.com https://cookiehub.net https://cdn.cookiehub.eu/; frame-src 'self' *.hr-manager.net/ https://candidate.hr-manager.net https://www.paperturn-view.com https://www.youtube.com/ https://hkscanfoodservice.slides.com/ https://td.doubleclick.net/ https://track.adform.net/ https://service.giosg.com/ https://www.youtube-nocookie.com/ https://www.google.com/ *.cookiebot.com; 1
default-src 'self' *.jivosite.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.kaspersky-labs.com platform.twitter.com vk.com mc.yandex.ru mc.yandex.md www.google-analytics.com www.googletagmanager.com *.jivosite.com cdn.syndication.twimg.com api-maps.yandex.ru yastatic.net; style-src 'self' 'unsafe-inline' platform.twitter.com *.jivosite.com; img-src * data:; font-src 'self'; connect-src 'self' blob: mc.yandex.md mc.yandex.ru *.jivosite.com wss://*.jivosite.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.dadata.ru; frame-src 'self' platform.twitter.com vk.com *.twitter.com www.youtube.com 1
frame-ancestors 'none'; default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
child-src https://*.nextgenmath.com https://*.google.com https://*.zendesk.com https://*.schoology.com https://*.youtube.com https://*.clever.com https://*.classlink.com; worker-src blob:; 1
default-src 'none'; script-src 'self'; img-src 'self' https://*.lukas1818.de; style-src 'unsafe-inline'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: https://imgs.xkcd.com; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; frame-ancestors 'self'; 1
script-src 'unsafe-inline' https://www.porticolegal.com https://extranet.porticolegal.com *.googlesyndication.com *.google.com *.google.es *.doubleclick.net *.gstatic.com www.googletagmanager.com www.google-analytics.com *.ampproject.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ *.twitter.com *.twitter.com *.twimg.com https://*.newrelic.com https://*.nr-data.net www.google-analytics.com www.googletagmanager.com https://jobs.jobvite.com/__assets__/ https://zoominfo.com/ https://*.zoominfo.com/ https://*.licdn.com/ https://www.googleadservices.com https://www.gstatic.com/ https://*.ads-twitter.com/ https://*.doubleclick.net/ https://*.bing.com/ https://unpkg.com/tippy.js@6.2.6/ https://bureauveritas.accessplanit.com/ https://cdn.jsdelivr.net/; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v16.1.0/ https://cdn.jsdelivr.net/gh/jackocnr/; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://px.ads.linkedin.com https://www.google.co.in/ https://www.google.com/ https://t.co/i/ https://bat.bing.com/ https://p.adsymptotic.com/ https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v16.1.0/build/img/flags.png ; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com https://jobs.jobvite.com/ https://open.spotify.com/ https://bid.g.doubleclick.net/ https://bureauveritas.accessplanit.com/ https://go.us.bureauveritas.com/ https://easternportal.bvna.com/; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam-cell.nr-data.net https://www.googleadservices.com/ https://www.google.co.in https://www.google.co.in/ https://bam.nr-data.net/ ; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; media-src * 'self' https: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self'                    cbsplit.com       getglucotrust.com       getglucotrust-com.cbsplit.com       getglucotrust.one getglucotrust.club getregulated.com balance.pathtogoodness.com balance.blueberrywellbeing.com richie.getglucotrust.com getglucotrust.work ; 1
frame-ancestors 'self'; report-uri https://www.worldmosquitoprogram.org/report-uri/enforce 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com;connect-src 'self' www.google-analytics.com;img-src 'self' data: shielded.co.nz i.ytimg.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:;frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz geonet.org.nz gns-science.github.io dev-app.gns.cri.nz;manifest-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'; 1
default-src 'self'; frame-src 'self' https://iframe.videodelivery.net https://www.youtube.com; frame-ancestors 'self'; form-action 'self' https://website-worker.research.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://blog.cloudflare.com https://raw.githubusercontent.com/ 1
default-src 'unsafe-inline' https: 'self' 'unsafe-eval' data:; upgrade-insecure-requests; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705975927; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-bG5rNUlvUnFqSThZelBWTlZyMzRoMWYyeUtQUHdJdmxWcUUyZGcrTkRvUT06b1FwMUcrWU10ZDUyb0pFRVl1dWYvU0NudSsvOG84SGRPc0psTjBUMGE5UT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.macscripter.net/logs/ https://www.macscripter.net/sidekiq/ https://www.macscripter.net/mini-profiler-resources/ https://www.macscripter.net/assets/ https://www.macscripter.net/brotli_asset/ https://www.macscripter.net/extra-locales/ https://www.macscripter.net/highlight-js/ https://www.macscripter.net/javascripts/ https://www.macscripter.net/plugins/ https://www.macscripter.net/theme-javascripts/ https://www.macscripter.net/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-HZxBMVZe6P3MvHDZlFai9cUmLH+qwX6BNT3qTwNPATg='; worker-src 'self' https://www.macscripter.net/assets/ https://www.macscripter.net/brotli_asset/ https://www.macscripter.net/javascripts/ https://www.macscripter.net/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://goodassur.com/report-uri/enforce 1
default-src dock.ui.bosch.tech  *.hotjar.com wss://*.hotjar.com 'self' https: *.junkers-bosch.es; media-src 'self' https: mycliplister.com; font-src data: *.hotjar.com wss://*.hotjar.com 'self' *.junkers-bosch.es https://fonts.gstatic.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob: https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.junkers-bosch.es https://optimize.google.com https://fonts.googleapis.com; script-src dock.ui.bosch.tech  https: 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com; frame-src mailto: 'self' https: it.documents.junkers.com https://optimize.google.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self'; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.want7feed.com googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js; connect-src 'self' *.millmats.com; style-src 'self' 'unsafe-inline' ; 1
frame-src https://*.konfeo.com https://www.google.com 1
default-src https: 'self'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 1
default-src 'self' 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io; img-src 'self' data: https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io *.google-analytics.com images.ctfassets.net cdn.contentful.com *.cloudfront.net maps.gstatic.com; frame-src *.hotjar.com *.youtube.com 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com * https://gamla.dahl.se; worker-src 'self' blob: https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com; style-src 'self' 'unsafe-inline' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io; font-src 'self' https: fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; script-src-elem 'self' 'unsafe-inline' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; connect-src ws: *.pusher.com *.hotjar.com *.hotjar.io 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; form-action 'self' *; frame-ancestors 'none'; object-src 'none'; base-uri 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io 1
child-src 'self' content.googleapis.com www.googletagmanager.com ;connect-src 'self' blob: eloket.hengelo.nl www.google-analytics.com stats.g.doubleclick.net babm.texthelp.com browsealoud-webservices-8.texthelp.com speechstreamv3-webservices-8.texthelp.com plus.browsealoud.com www.browsealoud.com wikisum.texthelp.com plusqa.browsealoud.com *.speechstream.net hitcounter.servmetric.com ;default-src 'self' ;font-src 'self' data: fonts.gstatic.com ;frame-src 'self' https://eloket.hengelo-test.nl https://eloket.hengelo.nl websurveys2.servmetric.com websurveys2.govmetric.com www.youtube-nocookie.com https://www.arcgis.com www.livebroadcast.nl www.google.com ;img-src 'self' data: eloket.hengelo.nl img.youtube.com nieuwsbrieven.hengelo.nl *.siteimproveanalytics.io plus.browsealoud.com www.browsealoud.com upload.wikimedia.org www.google-analytics.com stats.g.doubleclick.net i.ytimg.com ;media-src 'self' blob: *.speechstream.net ;object-src 'self' ;report-uri /internet.net?id=cspreport ;script-src 'self' 'unsafe-inline' eloket.hengelo.nl websurveys2.servmetric.com hitcounter.servmetric.com www.gstatic.com babm.texthelp.com *.speechstream.net plus.browsealoud.com www.browsealoud.com wikisum.texthelp.com www.google.com fonts.googleapis.com www.googletagmanager.com www.google-analytics.com apis.google.com siteimproveanalytics.com *.govmetric.com ;style-src 'self' 'unsafe-inline' eloket.hengelo.nl websurveys2.servmetric.com plus.browsealoud.com www.browsealoud.com fonts.googleapis.com websurveys2.govmetric.com; 1
default-src 'none'; script-src 'self' https://*.hotjar.com https://appsrv.directcouriers.com.au https://browser-update.org/update.min.js https://images.dmca.com/Badges/DMCABadgeHelper.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://maps.googleapis.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'nonce-eiwIrES9gomlRese481S'; style-src 'self' https://directcouriers.us10.list-manage.com https://*.hotjar.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://cdn.plyr.io/3.7.3/plyr.css https://fast.fonts.net/t/1.css 'nonce-eiwIrES9gomlRese481S'; object-src 'self' https://appsrv.directcouriers.com.au; base-uri 'self' https://appsrv.directcouriers.com.au; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://appsrv.directcouriers.com.au https://www.google-analytics.com https://maps.googleapis.com/ 'nonce-eiwIrES9gomlRese481S'; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fast.fonts.net/t/1.css; frame-src 'self' https://appsrv.directcouriers.com.au https://vimeo.com https://player.vimeo.com https://www.google.com/; img-src 'self' https://*.hotjar.com https://images.dmca.com https://www.google-analytics.com https://maps.gstatic.com/ https://maps.googleapis.com/ data:; manifest-src 'self' https://appsrv.directcouriers.com.au; media-src 'self' https://appsrv.directcouriers.com.au; report-uri https://62e0db94e7a4e344fdd77039.endpoint.csper.io/?v=1; worker-src 'self' https://appsrv.directcouriers.com.au; frame-ancestors 'self' https://appsrv.directcouriers.com.au; form-action 'self' https://appsrv.directcouriers.com.au 'nonce-eiwIrES9gomlRese481S'; upgrade-insecure-requests 1
connect-src 'self' https://analytics.google.com ;default-src 'self' https://behavioruniversity.com https://behavioruniversity.net;frame-ancestors 'self' ;frame-src 'self' *.google.com *.vimeo.com vimeo.com goanimate.com app.vyond.com ;media-src 'self' *.vimeo.com vimeo.com;object-src 'none'; report-uri https://behavioruniversity.com/api/CSP_report.php;script-src 'self' 'unsafe-inline' *.googletagmanager.com ;style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com;font-src 'self' *.gstatic.com *.fontawesome.com;img-src 'self' *.googletagmanager.com *.vimeocdn.com ; 1
frame-ancestors passportcard.co.il *.passportcard.co.il *.passportcard.com; 1
'unsafe-inline' 'unsafe-eval'; img-src *  blob: ;  1
frame-ancestors 'self' *.toppoint.de; 1
default-src 'self' https://code.jquery.com *.cookielaw.org *.onetrust.io *.onetrust.com; object-src 'self'; script-src 'self' https://code.jquery.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com *.cookielaw.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com 'unsafe-inline'; img-src 'self' *.relius.net *.cookielaw.org; font-src 'self'  https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; block-all-mixed-content; frame-src www.google.com 'self' 1
'self' https://www.park-royalhotels.com https://parkroyal-corpo-dot-park-royal-hotels.appspot.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org https://www.youtube.com https://cdn.segment.com https://connect.facebook.net https://pghub.io/ *.bazaarvoice.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org https://www.youtube.com https://cdn.segment.com *.bazaarvoice.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://cdn.cookielaw.org *.bazaarvoice.com *.iesnare.com *.pricespider.com feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://assets.ctfassets.net https://cdn.cookielaw.org data: *.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.cookielaw.org https://images.ctfassets.net https://assets.ctfassets.net https://csapi-nonprod.pg.com https://m.media-amazon.com *.bazaarvoice.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://cdn11.bigcommerce.com/ https://www.google.co.in https://www.google.com https://www.facebook.com *.iesnare.com *.algolianet.com *.algolia.net data: *.pricespider.com feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org *.bazaarvoice.com https://www.youtube.com https://www.youtube-nocookie.com youtu.be https://consumersupport.pg.com https://pgconsumersupport.secure.force.com https://pg-lex.my.salesforce-sites.com https://www.facebook.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.coms feed.pghub.io pandg.tapad.com ; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://cdn.contentful.com https://csapi-nonprod.pg.com https://match.adsrvr.org https://stats.g.doubleclick.net https://cdn.segment.com https://csapi.pg.com https://api.segment.io https://in.au1.segmentapis.com *.bazaarvoice.com *.iesnare.com *.algolianet.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://intahnet.co.uk; img-src 'self' data: blob: https://intahnet.co.uk https://media.intahnet.co.uk; style-src 'self' https://intahnet.co.uk; media-src 'self' data: https://intahnet.co.uk https://media.intahnet.co.uk; frame-src 'self' https:; manifest-src 'self' https://intahnet.co.uk; form-action 'self'; connect-src 'self' data: blob: https://intahnet.co.uk https://media.intahnet.co.uk wss://intahnet.co.uk; script-src 'self' https://intahnet.co.uk; worker-src 'self' blob: https://intahnet.co.uk 1
img-src  'self' code.jquery.com ajax.googleapis.com kit.fontawesome.com netdna.bootstrapcdn.com www.looktour.net www.google.com connect.facebook.net www.facebook.com *.jtbusa.com www.google-analytics.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-235bb5ea65a4883afcb5feedc0ab38e0'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' webvisor.com mc.yandex.ru metrika.yandex.ru *.yandex.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ;script-src * blob: data: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: filesystem: ;  media-src * ; font-src * data: ; connect-src * ;frame-src 'self' https://player.vimeo.com https://*.productreview.com.au *.stackla.com *.wwtqin.com https://bloxm.wufoo.eu https://*.typeform.com https://*.google.com https://*.pre.wendywutours.com https://*.wendywutours.com https://*.wendywutours.co.uk https://*.wendywutours.com.au *.doubleclick.net *.rfihub.com https://*.rfihub.com  https://*.youtube.com https://*.hotjar.com https://*.doubleclick.net https://*.olark.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.wordpress.com https://*.wendywutours.co.uk https://wendywu.radar.ms *.convertexperiments.com *.veinteractive.com *.feefo.com https://app.sli.do https://wendywutoursuk.simplybook.it/;frame-ancestors 'self'; 1
connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com; 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.googleapis.com https://client.inecos.de https://*.arcgis.com; script-src 'self' blob: https://*.usercentrics.eu https://pages.et4.de https://meta.et4.de https://include-ni.zfinder.de https://*.googleapis.com https://client.inecos.de https://*.arcgis.com https://cdn.eye-able.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://pages.et4.de https://include-ni.zfinder.de https://*.googleapis.com https://client.inecos.de https://cdn.eye-able.com 'unsafe-inline'; img-src 'self' data: https://emsland.de https://*.usercentrics.eu https://include-ni.zfinder.de https://i.ytimg.com https://*.googleapis.com https://maps.gstatic.com https://client.inecos.de https://cdn.eye-able.com; font-src 'self' https://pages.et4.de https://client.inecos.de; frame-src 'self' https://*.emsland.de https://h2-region-emsland.de https://pages.et4.de https://include-ni.zfinder.de https://www.youtube.com https://www.youtube-nocookie.com https://komsis.inecos.de https://*.arcgis.com https://service.niedersachsen.de; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-5YK+ri1F/dvwd9xgB3cwmlkt' 'nonce-6Tp7IUtXQmwfEloXRg1QznwS' 'nonce-WAFza9/58/DeD2QFfd3NeMkT' 'nonce-JkHgfps+ZizorMYORy/S/xTK' 'nonce-TyitTv/4GoG84C4qhL2Zq1cw' 'nonce-cB5DJL8WE57WF45coe8QAydk' 'nonce-hczgdUSinwKIdnGS9tL2b1lT' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; font-src * 'self' data: ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.gstatic.com *.google.com; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; report-uri /error/csp-violation 1
default-src https:; connect-src https: wss: http; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
report-uri https://paliznahal.ir 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://sg.zenyum.com https://my.zenyum.com https://hk.zenyum.com https://tw.zenyum.com https://vn.zenyum.com; 1
frame-ancestors 'self' *.hardcorehusky.com hardcorehusky.squarespace.com hardcorehusky.com 1
script-src 'self' 'unsafe-eval' https://www.gstatic.com/ https://www.google.com https://www.paypalobjects.com https://www.paypal.com 'sha256-MJY/+WzQ7zCoCdR6SYTeQOKjvzfm85RLaRatc4j4a2c=';object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src 'self' https://www.gstatic.com/ https://www.google.com https://www.paypalobjects.com https://www.paypal.com;font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://www.paypalobjects.com https://www.paypal.com;base-uri 'self';form-action 'self';frame-ancestors 'self';report-uri https://m3u4u.report-uri.com/r/d/csp/enforce 1
frame-ancestors http://www.discovertunisia.de http://www.discovertunisia.at http://www.discovertunisia.ch 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://awscommunity.social; img-src 'self' https: data: blob: https://awscommunity.social; style-src 'self' https://awscommunity.social 'nonce-Ce6TNiXW/NEVOU2sP/vm1w=='; media-src 'self' https: data: https://awscommunity.social; frame-src 'self' https:; manifest-src 'self' https://awscommunity.social; form-action 'self'; child-src 'self' blob: https://awscommunity.social; worker-src 'self' blob: https://awscommunity.social; connect-src 'self' data: blob: https://awscommunity.social https://cdn.masto.host wss://awscommunity.social; script-src 'self' https://awscommunity.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.mycopilot.net http://yan.mycopilot.clk.dv 1
Content-Security-Policy: 1
frame-ancestors 'self' http://b24-hqcai4.bitrix24.ru ; 1
connect-src 'self' https: api.addressnow.co.uk 1
upgrade-insecure-requests; default-src 'none'; style-src 'unsafe-inline'; img-src calomel.org data: ; frame-ancestors 'none' 1
default-src 'self' static-eu.payments-amazon.com payments.amazon.co.uk payments-uk.amazon.com payments.amazon.com payments-uk-sandbox.amazon.com payments-eu.amazon.com centinelapi.cardinalcommerce.com writer.cardinalcommerce.com geo.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.google-analytics.com www.googletagmanager.com https://stats.tools; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-eu.payments-amazon.com payments-uk-sandbox.amazon.com www.google.com www.gstatic.com songbird.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googletagmanager.com https://data.stats.tools; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; img-src 'self' cdn.kapow.commerce.toby image.kapowtoys.co.uk m.media-amazon.com images-na.ssl-images-amazon.com static-eu.payments-amazon.com d23yuld0pofhhw.cloudfront.net *.google-analytics.com www.googletagmanager.com data: *.gravatar.com translate.google.com www.gstatic.com www.paypalobjects.com www.kapowtoys.co.uk new.kapowtoys.co.uk; media-src 'self'; frame-src 'self' apay-us.amazon.com www.google.com geo.cardinalcommerce.com www.securesuite.co.uk centinelapi.cardinalcommerce.com secure7.arcot.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; report-uri /csp-violation-report.php 1
base-uri 'self'; object-src 'none'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: secure.gravatar.com google-analytics.com; media-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com www.recaptcha.net asia.creativecdn.com tags.creativecdn.com *.ikea.in *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.co.in customer.chat.ikea.in:8443 *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.taskrabbit.com acdn.adnxs.com secure.adnxs.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.pt *.pinterest.com s.pinimg.com api.pinpiaa.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com d.lemonpi.io *.oney.io sondagemikea.wntech.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' *.sciflow.net sciflow.net app.sciflow.net *.intercom.io;script-src 'self' *.sciflow.net sciflow.net app.sciflow.net 'unsafe-inline' *.intercom.io *.intercomcdn.com;style-src 'self' 'unsafe-inline';frame-src youtube.com www.youtube.com;connect-src 'self' *.sciflow.net sciflow.net app.sciflow.net connect.sciflow.net ws: wss: *.intercom.io;img-src 'self' *.sciflow.net https://cms.sciflow.net sciflow.net data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b374d84b7062c4d77917c0cf0d4f4824'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://biccloud.com ; base-uri 'self'; font-src 'self' data: https://biccloud.com ; frame-ancestors 'self'; img-src 'self' data: blob: https://biccloud.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; frame-src 'self' data: blob: https://biccloud.com 1
default-src https: wss://*.hotjar.com;       object-src 'none';       img-src 'self' data: https:;       font-src 'self' data: https://fonts.gstatic.com https://static.leadpages.net https://script.hotjar.com https://use.typekit.net;       script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.datadoghq-browser-agent.com https://players.brightcove.net https://cmp.osano.com https://hoddereducation.lpages.co/ https://hoddereducation.leadpages.co/ https://embed.lpcontent.net/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://static.hotjar.com https://static.doubleclick.net https://js.center.io https://script.hotjar.com https://*.hotjar.com;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.leadpages.net https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://use.typekit.net https://p.typekit.net;      worker-src 'self' data: blob: https:;      media-src data: blob: https:;      frame-ancestors 'self' https://ebooks.boost-learning.co.uk/; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com; form-action *; worker-src * blob:; 1
default-src 'self' *.pantheonsite.io *.unionsavings.com; frame-src 'self' *.pantheonsite.io *.unionsavings.com *.adsrvr.org *.vimeo.com *.youtube.com *.youtu.be *.googletagmanager.com *.fintactix.net fintactix.net *.cloudfront.net *.doubleclick.net *.facebook.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pantheonsite.io *.unionsavings.com *.facebook.com *.facebook.net tenon.io cdn.jsdelivr.net *.adsrvr.org *.livehelpnow.net *.marketo.net *.googletagmanager.com *.bing.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.levelaccess.com *.licdn.com *.googleadservices.com *.googleapis.com *.newrelic.com kit.fontawesome.com cdn.polyfill.io; worker-src 'self' blob: *.pantheonsite.io *.unionsavings.com; img-src 'self' data: *.pantheonsite.io *.unionsavings.com unionsavings.com *.advangelists.com *.bing.com *.googletagmanager.com *.google.com *.google.ro *.livehelpnow.net *.linkedin.com *.doubleclick.net *.google-analytics.com *.ytimg.com secure.gravatar.com *.facebook.com *.gstatic.com *.googleapis.com *.adsrvr.org *.googlesyndication.com content.lemonadelxp.com *.livehelpnow.net; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.unionsavings.com fonts.googleapis.com *.bootstrapcdn.com *.livehelpnow.net; font-src 'self' data: *.pantheonsite.io *.unionsavings.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; connect-src 'self' *.pantheonsite.io *.unionsavings.com *.mktoresp.com *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.linkedin.oribi.io *.linkedin.com bam.nr-data.net *.fontawesome.com *.livehelpnow.net wss://app.livehelpnow.net 1
default-src 'self' 'unsafe-inline' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://js.monitor.azure.com; img-src 'self' data:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src https: ; connect-src https: 'self' wss://nexus-websocket-a.intercom.io; img-src data: https: 'self' ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' ; style-src https: 'self' 'unsafe-inline' ; font-src data: https: 'self' 1
frame-ancestors 'self' https://*.vivactishealthpoint.com 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.eastdevon.gov.uk *.google-analytics.com www.googletagmanager.com *.google.com *.gstatic.com *.siteimprove.com *.mxpnl.com *.govdelivery.com tickets.manorpavilion.com *.strata.solutions *.arcgis.com *.siteimproveanalytics.io *.licdn.com *.arcgisonline.com *.strata.solutions *.ons.gov.uk https://cdn.ons.gov.uk *.electoralcommission.org.uk; object-src 'self'; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.arcgis.com *.govdelivery.com; img-src 'self' *.blob.core.windows.net *.siteimproveanalytics.io data: *.eastdevon.gov.uk *.govdelivery.com *.google-analytics.com *.googletagmanager.com *.siteimprove.com *.arcgis.com *.arcgisonline.com *.strata.solutions *.linkedin.com https://ukelectoralcommission.files.wordpress.com; media-src 'self' data:; child-src 'self' https://new.devon.gov.uk/ https://www.youtube.com/ https://www.google.com/ tickets.manorpavilion.com; font-src 'self'  *.gstatic.com *.arcgis.com data:; connect-src  *.eastdevon.gov.uk 'self' *.google-analytics.com *.siteimprove.com http://api.mixpanel.com *.arcgis.com *.arcgisonline.com *.strata.solutions https://cdn.linkedin.oribi.io; form-action 'self' *.govdelivery.com; frame-ancestors 'self'; frame-src 'self' tickets.manorpavilion.com youtube.com *.youtube.com maps.strata.solutions *.ons.gov.uk; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-fc859d6c-a8da-4f97-b1b7-47a5e35aaf9a' https://www.google.com/recaptcha/api.js; 1
default-src 'none'; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com www.paypal.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline' 'nonce-IuFycVhngbiyPQUqDuYCFY/jol/Bf98jTN1/8wVF2sQ='; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com login.microsoftonline.com *.adform.net *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.google.cz www.googleadservices.com *.googlesyndication.com *.google.cz c.seznam.cz *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
object-src 'none'; style-src 'self' 'unsafe-inline' *.salesforce.com *.salesforce-sites.com; font-src 'self' data: *.sfdcstatic.com *.google.com *.gstatic.com *.salesforce-sites.com; img-src 'self' data: *.google.com *.google.com.au *.gstatic.com *.google-analytics.com *.googletagmanager.com asset.brandfetch.io assets.brandfetch.io assets.cmcmarkets.com *.cmcmarketsinvest.com cmcmarketsinvest.com *.cmclabs.io https://www.facebook.com t.co analytics.twitter.com https://alb.reddit.com *.linkedin.com *.bing.com *.clarity.ms https://cdn-ukwest.onetrust.com https://cdn.braze.eu; report-uri https://report-uri.cmcmarkets.com.au/csp; frame-src 'self' *.cmcmarketsinvest.com uat-ew8.cmcmarketsstockbroking.com.au ew8.cmcmarketsstockbroking.com.au *.salesforce.com cmc-markets.my.salesforce-sites.com service.force.com *.google.com *.gstatic.com *.sharesight.com *.appdynamics.com openid.cmcmarkets.com; manifest-src 'self'; frame-ancestors 'self' *.cmcmarketsinvest.com; script-src 'self' *.fullstory.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com https://cdn.amplitude.com https://connect.facebook.net *.doubleclick.net 'sha256-jNJrNTUZLyDGFJDsnztdIvsJWZf22avMecatyVW6t6s=' 'sha256-cYxFUl7mBOeoUIyimxmFgR9yDu65oUBzP0tPpGLF48c=' 'sha256-qZt+Y07zcYzvM5bNgnOdqKd/MsZ3+pcXpGD9Sg4IWsE=' https://www.googletagmanager.com https://lptag.liveperson.net https://www.facebook.com 'sha256-oyVIco1pYP7FAQyqygurxXi/B+TNLLexFBjb3WTaaY8=' 'sha256-kveqLfh9sFI+wVP5jwKaesEA2b7YvDYo1uOU76ncHkI=' *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com https://static.lightning.force.com 'sha256-3dxvxb8cCZ7bKm0ejmvEs2+720A09ek+Ze7cTG/M63M=' https://www.redditstatic.com https://static.ads-twitter.com https://platform.twitter.com https://snap.licdn.com https://analytics.tiktok.com https://bat.bing.com https://www.googleadservices.com https://www.clarity.ms https://cdn.appdynamics.com 'unsafe-eval' https://cdn-ukwest.onetrust.com 'sha256-9vRW3mftVm+gDfBB94dA64JLeoSrMDEzWZaN6MniQMo=' 'nonce-hVwQrR81zYgVYWPaKcB273RdGfONtljskBEYaXJbRs'; connect-src 'self' *.g.doubleclick.net *.google-analytics.com *.fullstory.com *.cmclabs.io *.invest.cmcmarkets.com.au *.nonprod-invest.cmcmarkets.com.au *.cmcmarketsinvest.com *.mparticle.com *.googletagmanager.com *.braze.eu *.amplitude.com *.cmcmarketsstockbroking.com.au ws://*.cmcmarketsinvest.com ws://*.cmclabs.io localhost *.salesforce-sites.com *.google.com *.gstatic.com cdn.linkedin.oribi.io *.linkedin.com www.facebook.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com *.clarity.ms *.bing.com *.eum-appdynamics.com *.onetrust.com; base-uri 'self'; default-src 'none'; form-action 'self' cmc-markets.my.salesforce-sites.com;  1
default-src 'self'; script-src 'self' *.youtube.com https://unpkg.com vjs.zencdn.net 'unsafe-inline' *.matomo.cloud cdnjs.cloudflare.com; style-src 'self' fonts.googleapis.com *.youtube.com https://unpkg.com 'unsafe-inline' vjs.zencdn.net cdnjs.cloudflare.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com vzvz.dicciswarehouse.nl *.youtube-nocookie.com; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.matomo.cloud; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.youtube.com https://youtu.be/  https://www.googletagmanager.com https://mitestharvestreportkmls.blob.core.windows.net https://mi-harvestreport-mapfiles.azureedge.net dc.services.visualstudio.com *.azure.com *.michigan.gov *.visualstudio.com fonts.gstatic.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net maps.gstatic.com docs.google.com player.vimeo.com youtu.be mdnr-elicense.com *.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.github.io *.googleapis.com *.ggpht.com data:;         child-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com/ https://youtu.be/ https://docs.google.com/  https://player.vimeo.com/; frame-ancestors https://www.youtube.com/ https://youtu.be/;     report-uri https://5fe245c34041edd1b7025602.endpoint.csper.io; 1
font-src *;img-src * data:; style-src * 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://schreibt.jetzt; img-src 'self' https: data: blob: https://schreibt.jetzt; style-src 'self' https://schreibt.jetzt 'nonce-xznKDynqDN3IJCg2yKLk/A=='; media-src 'self' https: data: https://schreibt.jetzt; frame-src 'self' https:; manifest-src 'self' https://schreibt.jetzt; form-action 'self'; child-src 'self' blob: https://schreibt.jetzt; worker-src 'self' blob: https://schreibt.jetzt; connect-src 'self' data: blob: https://schreibt.jetzt https://schreibt.jetzt wss://schreibt.jetzt; script-src 'self' https://schreibt.jetzt 'wasm-unsafe-eval' 1
default-src 'self' *.chamaileon.io *.google.com *.bootstrapcdn.com *.agilebits.com *.gstatic.com *.facebook.net *.facebook.com *.vimeo.com use.fontawesome.com *.zapier.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.datatables.net *.google.com *.bootstrapcdn.com *.agilebits.com *.gstatic.com *.facebook.net *.facebook.com *.chamaileon.io p.odyssey-services.fr *.cloudflare.com use.fontawesome.com *.zapier.com; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datatables.net *.cloudflare.com *.google.com *.bootstrapcdn.com *.agilebits.com *.gstatic.com *.facebook.net *.facebook.com *.chamaileon.io requirejs.org *.highcharts.com *.googleapis.com code.jquery.com p.odyssey-services.fr *.zapier.com zapier.com unpkg.com; connect-src 'self' wss://*.piesocket.com *.chamaileon.io *.zapier.com zapier.com; 1
default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.join.com join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com; connect-src 'self' *.taurusgroup.ch *.youtube.com *.googletagmanager.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com join.com fonts.googleapis.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com  *.hsforms.com *.hubspot.com *.hubapi.com *.cloudflareinsights.com hubspot-forms-static-embed-eu1.s3.amazonaws.com px.ads.linkedin.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com; img-src 'self' data: *.ytimg.com *.googletagmanager.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com *.doubleclick.net *.join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com *.hubspotusercontent-eu1.net px.ads.linkedin.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com  *.join.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com snap.licdn.com *.google.com *.google.ch *.google-analytics.com *.gstatic.com  *.cloudflareinsights.com *.doubleclick.net *.join.com join.com *.hs-scripts.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net; 1
frame-ancestors *.mpt.com.mm mpt.com.mm 1
frame-src 'self' https://teamup.com/ https://massinteract.com/ *.google.com *.twitter.com *.facebook.com *.it-plus.org *.youtube.com *.botframework.com *.programmatictrader.com *.sitescout.com *.campaign-archive.com; frame-ancestors 'self' *.it-plus.org *.coxnext.com *.coxnextcreative.com; 1
default-src 'self' https://liveapi.mygameinfo.com/ https://myweb-data.s3.amazonaws.com/; img-src 'self' data: https://d3uy2ll4dnxh6.cloudfront.net/ https://myweb-data.s3.amazonaws.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https:; media-src 'self' https://nc.compnetgmbh.de ; child-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://cdn.linkedin.oribi.io/partner/1401769/domain/cloudiax.com/token https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://maps.googleapis.com data: 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-4bba2682-f6df-4f8e-87e5-45bb884bd5a4' https://www.google.com/recaptcha/api.js; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.obe.com static.addtoany.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com *.hotjar.com obe.qualtrics.com *.qualtrics.com; style-src https: 'unsafe-inline'; frame-ancestors 'self' obe.qualtrics.com; worker-src https: data: blob:; 1
report-uri https://energynet.report-uri.com/r/t/csp/enforce; connect-src 'self' https://cloudflareinsights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net; frame-src 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' 'sha256-nhcKIbtnzPfcqxIscm5yY3EFpF2JM1Cvqbejg2mgwf0=' 'sha256-IWdTZJ/cxs4GW8VQULTZgBujunCcWbVUSVrANHNHl34=' 'report-sample' https://static.cloudflareinsights.com 'nonce-17677a2b0bc1eed3' https://*.googletagmanager.com https://cdn.jsdelivr.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com 'report-sample' https://use.typekit.net https://p.typekit.net 'unsafe-eval' https://cdn3.devexpress.com https://cdn.jsdelivr.net; worker-src 'self'; 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' https://*.brandmuscle.com; object-src 'self'; base-uri 'self'; 1
default-src 'self'; connect-src 'self' https://region1.analytics.google.com https://cta-eu1.hubspot.com https://pagead2.googlesyndication.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://api-eu1.hubapi.com https://forms-eu1.hscollectedforms.net https://region1.google-analytics.com https://cdn.linkedin.oribi.io https://consent.app.cookieinformation.com/api/consent https://policy.app.cookieinformation.com https://sample-api-v2.crazyegg.com https://script.crazyegg.com www.google-analytics.com stats.g.doubleclick.net; child-src 'self' https://www.google.com https://forms-eu1.hsforms.com https://policy.app.cookieinformation.com platform.twitter.com go.pardot.com pi.pardot.com www2.nixu.com irs.tools.investis.com player.vimeo.com www.youtube.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' https://js-eu1.hscta.net/cta/current.js https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://cta-eu1.hubspot.com https://js-eu1.hsforms.net/forms/embed/v2.js https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-scripts.com/26681525.js https://tr-rc.lfeeder.com https://policy.app.cookieinformation.com https://cdn.syndication.twimg.com https://platform.twitter.com track.adform.net connect.facebook.net https://s7.addthis.com https://tagmanager.google.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com go.pardot.com pi.pardot.com www2.nixu.com www.youtube.com s.ytimg.com script.crazyegg.com https://www.google.com/pagead/conversion_async.js https://www.linkedin.com https://snap.licdn.com/ https://www.googleadservices.com https://s2.adform.net https://googleads.g.doubleclick.net https://sc.lfeeder.com/lftracker_v1_lYNOR8xK3weaWQJZ.js; style-src 'self' https://platform.twitter.com 'unsafe-inline' https://tagmanager.google.com fonts.googleapis.com https://ton.twimg.com https://platform.twitter.com; font-src 'self' data: fonts.gstatic.com https://tagmanager.google.com/debug/gtm.eot; img-src 'self' data: https://26681525.fs1.hubspotusercontent-eu1.net https://www.nixu.com https://track.hubspot.com https://perf-eu1.hsforms.com https://forms.hsforms.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://tr-rc.lfeeder.com https://www.linkedin.com https://www.facebook.com https://mb.cision.com https://www.google-analytics.com www.google.com www.google.fi www.google.se stats.g.doubleclick.net *.gstatic.com maps.googleapis.com https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://ton.twimg.com https://px.ads.linkedin.com https://www.googletagmanager.com https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://tr.lfeeder.com; object-src 'self'; report-uri https://5dd8640d4765034000861fbd41bd79e0.report-uri.com/r/d/csp/reportOnly; 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; img-src 'self' 'unsafe-inline' mediastream: data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypalobjects.com *.paypal.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net d3dc1lgancj6l0.cloudfront.net wss://umd.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com fonts.gstatic.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com *.autoplus.at data: hyundai.azureedge.net *.h-promise.at denzel.piwik.pro denzel.containers.piwik.pro *.ytimg.com *.adform.net *.google.com *.gstatic.com *.googleapis.com *.youtube.com *.youtu.be *.youtube-nocookie.com *.siteimprove.net *.siteimprove.com *.seadform.net *.hyundai.at siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.s3chat.com *.hyundai-promise.at *.canva.com *.umbraco.org 1
default-src 'self' *.nrw.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; font-src data: *; img-src  data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; worker-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; object-src 'self'; connect-src 'self' *.nrw.de svc.webspellchecker.net; media-src *; upgrade-insecure-requests 1
default-src 'self' forms.hscollectedforms.net forms-na1.hsforms.com ps.w.org ajax.googleapis.com bcp.crwdcntrl.net crwdcntrl.net www.google.com www.google.cn sync.sharethis.com cdnjs.cloudflare.com maps.googleapis.com www.google-analytics.com analytics.google.com www.elegantthemes.com content.wuxibiologics.com www.wuxibiologics.com apcn006.wpengine.com online.flippingbook.com flippingbook.com static.hotjar.com elegantthemes.com hotjar.com www.hotjar.com ws.hotjar.com script.hotjar.com d33i2vgywgme2s.cloudfront.net fbo-b.flippingbook.com    collateral.wuxibiologics.com  ws.hotjar.com surveystats.hotjar.io www.google.ca ws.hotjar.com/api/vs/client/ content.hotjar.io wss://ws.hotjar.com/api/v2/client/ws?v=4  metrics.hotjar.io d17lvj5xn8sco6.cloudfront.net bat.bing.com sync.irasia.com js.hsforms.net vc.hotjar.io hm.baidu.com www.googletagmanager.com platform-cdn.sharethis.com js.hs-scripts.com hq.sinajs.cn platform-api.sharethis.com  gdpr-api.sharethis.com api.irasia.com api.corporateshowcase.com 'unsafe-inline' maxcdn.bootstrapcdn.com bshare.optimix.cn static.bshare.cn www.corporateshowcase.com static.bshare.cn buttons-config.sharethis.com code.jquery.com bshare.optimix.cn fonts.gstatic.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com l.sharethis.com c.sharethis.mgr.consensu.org t.sharethis.com app.hubspot.com static.hsappstatic.net js.hs-analytics.net js.hsleadflows.net js.hscollectedforms.net developers.hubspot.com forms.hubspot.com track.hubspot.com js.hs-banner.com pi.pardot.com go.pardot.com stats.g.doubleclick.net fonts.googleapis.com 'unsafe-eval' blob: data: ; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.xlovecam.co.uk:9080 www.xlovecam.co.uk:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xlovecam.co.uk wss://www.xlovecam.co.uk *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705975472 1
script-src 'unsafe-inline' 'self' 1
font-src maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com account.fetchify.com *.facebook.com *.facebook.net *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com https://octave-2061-adswizz.attribution.adswizz.com https://analytics.sleeknote.com https://pixel.tapad.com https://www.google.co.in https://meetanshi.com https://x.klarnacdn.net https://www.apptrian.com https://www.magentocommerce.com *.facebook.com *.facebook.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.instagram.com https://widget.trustpilot.com https://invitejs.trustpilot.com/tp.min.js https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://eu-library.klarnaservices.com https://ecommplugins-trustboxpreview.trustpilot.com https://ecommplugins-scripts.trustpilot.com *.facebook.com *.facebook.net *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io https://ecommplugins-scripts.trustpilot.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net https://invitejs.trustpilot.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.facebook.com *.facebook.net *.meetanshi.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.google.ch www.youtube-nocookie.com *.doubleclick.net *.google.es *.google.it *.hotjar.com www.facebook.com *.google.at *.demdex.net *.usercentrics.eu sympany.enterprisebot.co *.google.li *.google.nl www.kununu.com www.googleadservices.com *.google.de player.vimeo.com cm.everesttech.net *.hotjar.io *.sympany.ch *.google.co.uk assets.adobedtm.com *.googleapis.com *.google.fr *.gstatic.com www.googletagmanager.com *.google-analytics.com *.google.com connect.facebook.net 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZTNkNGZjN2UwYmE2NGZhOWIwOTAwNDNmOTk4YzMwYzE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksvastgoedbedrijf.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.rijksvastgoedbedrijf.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksvastgoedbedrijf.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2pkn9u5iquc8j&partner=; 1
default-src 'self'; img-src 'self' data: https://s7d9.scene7.com/ https://dev-aem-ledcor.ledcor.com/ https://stage-aem-ledcor.ledcor.com/ https://dev.day.com/ https://ledcorprod.112.2o7.net/ https://ledcordev.112.2o7.net/ 'unsafe-inline'; script-src 'self' https://documentservices.adobe.com/ https://assets.adobedtm.com/ https://s7d9.scene7.com/ https://www.googletagmanager.com/ https://dev-aem-ledcor.ledcor.com/ https://stage-aem-ledcor.ledcor.com/ https://dev.day.com/ https://ledcorprod.112.2o7.net/ 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://fast.fonts.net https://s7d9.scene7.com/ 'unsafe-inline'; connect-src 'self' https://ledcorinc.tt.omtrdc.net/ https://viewlicense.adobe.io/ https://s7d9.scene7.com/ https://www.google-analytics.com https://s7mbrstream.scene7.com/ 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://documentservices.adobe.com/ https://www.youtube.com/ https://forms.ledcor.com/ https://formstest.stage-aem-ledcor.ledcor.com/; media-src 'self' https://s7d9.scene7.com/ https://dev-aem-ledcor.ledcor.com/ 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' 'unsafe-inline' data: publiccl1.fidelizador.com fonts.googleapis.com fonts.gstatic.com *.google.com *.google-analytics.com www.gstatic.com *.facebook.com *.facebook.net https://www.youtube.com *.twimg.com *.twitter.com www.google-analytics.com www.googletagmanager.com us.bbcollab.com https://imasdk.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://imasdk.googleapis.com; worker-src 'self' 'unsafe-inline' https://www.ugm.cl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.boldchat.com https://*.abtasty.com https://*.facebook.net https://stg.api.bazaarvoice.com https://*.upc.bazaarvoice.com https://*.qualtrics.com https://*.bazaarvoice.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/ https://www.google.com https://tagmanager.google.com   https://*.crazyegg.com https://xxredda.s3.amazonaws.com https://region1.google-analytics.com https://cdn.cookielaw.org www.facebook.com crestoralbproshop.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https://*.boldchat.com https://*.abtasty.com https://*.facebook.net https://*.moatads.com https://pghub.io https://gateway.zscalertwo.net https://stg.api.bazaarvoice.com https://*.upc.bazaarvoice.com https://www.googleapis.com https://*.qualtrics.com https://secure.addrexx10.com https://*.bazaarvoice.com https://mpsnare.iesnare.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/ https://www.google.com https://tagmanager.google.com https://www.gstatic.com https://ajax.googleapis.com https://xxredda.s3.amazonaws.com https://*.crazyegg.com https://www.youtube.com https://prdapp02.xisecurenet.com https://www.gstatic.com https://cdn.cookielaw.org www.facebook.com crestoralbproshop.azureedge.net; frame-src 'self' https://*.boldchat.com/ https://*.pghub.io https://*.paymetric.com https://*.qualtrics.com https://stg.api.bazaarvoice.com https://*.upc.bazaarvoice.com https://*.bazaarvoice.com https://*.pg.com https://www.google.com/ https://www.youtube.com https://cert-xiecomm.paymetric.com https://pixel.tapad.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.moatads.com https://*.boldchat.com https://crestoralbproshop.com https://*.akamaihd.net https://stg.api.bazaarvoice.com https://*.cookielaw.org https://*.qualtrics.com https://*.upc.bazaarvoice.com https://pixel.tapad.com https://*.bazaarvoice.com  https://www.googleadservices.com https://www.google-analytics.com/collect https://xxredda.s3.amazonaws.com https://meetanshi.com www.facebook.com crestoralbproshop.azureedge.net; worker-src blob:; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src-elem 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://www.redditstatic.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.nextdoor.com https://*.paypal.com https://www.paypalobjects.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://*.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://*.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://*.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net https://click.exacttarget.com https://click.s11.exacttarget.com https://analytics.tiktok.com https://*.liadm.com https://alb.reddit.com/ https://analytics.twitter.com https://*.akstat.io https://www.googleadservices.com https://trkn.us https://*.kaptcha.com https://*.w55c.net https://pixel.rubiconproject.com https://idsync.rlcdn.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://*.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.youtube.com https://x.skimresources.com bytedance: sslocal: https://*.powerbi.com https://www.paypalobjects.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://*.kaptcha.com; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://*.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com https://*.liadm.com/ https://analytics.tiktok.com https://*.snapchat.com https://*.quantummetric.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net https://*.kaptcha.com https://*.googlesyndication.com https://*.microsoftonline.com; 1
default-src https:; worker-src blob:; font-src https: data:; img-src https: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1
connect-src 'self' *.lovetovisit.com *.lovetovisit.net *.seatsio.net appleid.cdn-apple.com accounts.google.com *.analytics.google.com forms.hubspot.com form.jotform.com *.jotformeu.com *.bing.com js.hs-banner.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net *.google-analytics.com *.virtualearth.net api.getaddress.io fonts.googleapis.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com js.monitor.azure.com js.stripe.com cdn.bookingprotect.com dc.services.visualstudio.com *.applicationinsights.azure.com *.virtualearth.net loveto.cloudflareaccess.com analytics.tiktok.com *.doubleclick.net widget.trustpilot.com connect.facebook.net www.google.com www.google.co.uk js-na1.hs-scripts.com track.hubspot.com get.geojs.io www.facebook.com forms.hsforms.com i.ytimg.com www.youtube-nocookie.com i.vimeocdn.com www.googleadservices.com *.clarity.ms *.stagingtixuk.io *.tixuk.io cdnjs.cloudflare.com cdn.seatsio.net fonts.gstatic.com; font-src data: fonts.gstatic.com *.lovetovisit.com *.lovetovisit.net *.jotfor.ms *.stagingtixuk.io *.tixuk.io cdnjs.cloudflare.com; frame-src 'self' accounts.google.com js.stripe.com www.youtube-nocookie.com www.youtube.com youtu.be player.vimeo.com www.facebook.com widget.trustpilot.com form.jotform.com widgets.jotform.io *.jotformeu.com *.seatsio.net; img-src 'self' data: *.lovetovisit.com *.lovetovisit.net *.virtualearth.net track.hubspot.com *.bing.com cdn.bookingprotect.com cdn1.iconfinder.com *.google-analytics.com www.googletagmanager.com *.googleapis.com maps.gstatic.com www.facebook.com forms.hsforms.com www.google.com www.google.co.uk i.ytimg.com i.vimeocdn.com *.clarity.ms *.doubleclick.net *.jotform.com *.jotfor.ms *.jotformeu.com; manifest-src 'self' loveto.cloudflareaccess.com; script-src 'self' *.lovetovisit.com *.lovetovisit.net *.virtualearth.net form.jotform.com *.bing.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.monitor.azure.com js.stripe.com *.virtualearth.net appleid.cdn-apple.com accounts.google.com *.google-analytics.com www.googletagmanager.com maps.googleapis.com widget.trustpilot.com connect.facebook.net analytics.tiktok.com www.googleadservices.com *.clarity.ms cdnjs.cloudflare.com js.jotform.com *.jotfor.ms *.jotformeu.com *.stagingtixuk.io *.tixuk.io *.seatsio.net 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' 'sha256-fNV9UM12Liz2ej9OiEFGty61Xyy45WiumDGRULrmMas=' 'sha256-RsMFjKdD6G6SbypZRyY15y/udfKgefRKApbQ17fTt1A=' 'sha256-pH8ZtgS6Yw1nJ8vSsAs4VG5ymYTiy/9F6Rc/WTvIW/o=' 'sha256-LRJO/cPa6jqGlnpx3VNktmJyhmBbGLLeOUHTR+yuoFE=' 'sha256-D3Q3spg+mp8e0W2whrBhmcri40lFN+CCKrSRBv++DZc=' 'sha256-7TKSX9mLOfam46WWxZrs305ZZEjSItRUYr/zBHLSLtU=' 'sha256-XftMmGwy7WCgpZxWFjqnfbMDJAsef9V+QnGlUwSEbdw=' 'sha256-1fw2c7FNcs76yTVbHEFHCSlY0kf7aVoEdQajrpQ5bm0=' 'sha256-G/Ew3QdUoo9PpcvqvAVvJm78VA3gwggMwC5KnaNahwg=' 'sha256-CsKrQpqLJ8JVnODB1fCcmzC/wfITHnf2MjJq2ksowUA=' 'sha256-Df/bomiC4MxTu59OQQpp7dl7IayQZhPwvhqbUuztOCU=' 'sha256-TtWZJYo9CsnFDflsnKpvMQupYp0SWPUJhncXRWhqHgY=' 'sha256-3yx1MggTDndzcmLHwxFCzn1vj9PupDMDzbf1rxxmVZs=' 'sha256-Iv0PPGMEI0LZDoRiujpPmBVcMcn8MaU7sokBUiZOio0=' 'sha256-sG/XKoCl/NzLxCnmOncNMinSy5y81d9alJI9HxBvPZk=' 'sha256-IPFvm2utq4Ir+EZZM7ksjlezLtXA0NY7hhlwT1ngE1Q=' 'sha256-i5wdQEYWxSf0cisy2nmGBORIOnxxrxn/l1gIqCbATKA='; style-src-elem 'self' 'unsafe-inline' accounts.google.com fonts.googleapis.com *.lovetovisit.com *.lovetovisit.net *.bing.com *.jotfor.ms cdnjs.cloudflare.com *.seatsio.net; worker-src 'self'; object-src 'none' 1
frame-ancestors 'self' https://*.thebancorp.com;  1
connect-src 'self' https://yandex.com/clck mc.yandex.ru mc.admetrica.ru mc.yandex.com mc.admetrica.com; default-src 'none'; script-src 'nonce-g8Oxje6AtXNiD/sN+xESxg==' 'unsafe-eval' 'unsafe-inline' mc.yandex.ru yastatic.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' ir-docs.s3.yandex.net data: avatars.mds.yandex.net avatars.yandex.net mc.yandex.ru mc.admetrica.ru mc.yandex.com mc.admetrica.com yastatic.net; frame-src 'unsafe-inline' www.youtube.com charts3.equitystory.com irpages2.eqs.com forms.yandex.ru s3.mds.yandex.net frontend.vh.yandex.ru datalens.yandex passport.yandex.ru widgets.cbonds.ru widgets.cbonds.com yandex-ru.injector.3ebra.net yandex-en.injector.3ebra.net yastatic.net; font-src data: yastatic.net; manifest-src yastatic.net; frame-ancestors webvisor.com http://webvisor.com; child-src yastatic.net; report-uri https://csp.yandex.net/csp?from=ir-www&project=ir-www&yandex_login=&yandexuid=; 1
frame-ancestors 'self' ostermann.eu *.ostermann.eu 1
default-src 'self'; img-src 'self' blob: data: https://mc.yandex.ru; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'wasm-unsafe-eval' https://mc.yandex.ru/; connect-src 'self' blob: https://mc.yandex.ru/; frame-src blob: https://www.youtube.com https://www.youtube-nocookie.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; style-src 'self' 'unsafe-inline'; img-src https:; object-src 'none'; frame-src https: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://spore.social; img-src 'self' https: data: blob: https://spore.social; style-src 'self' https://spore.social 'nonce-p0syjF5Kc2eIhUXRkzE+Rw=='; media-src 'self' https: data: https://spore.social; frame-src 'self' https:; manifest-src 'self' https://spore.social; form-action 'self'; child-src 'self' blob: https://spore.social; worker-src 'self' blob: https://spore.social; connect-src 'self' data: blob: https://spore.social https://spore.social wss://spore.social; script-src 'self' https://spore.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' railscot.co.uk www.railscot.co.uk *.os.uk *.akamai.net cdnjs.cloudflare.com cdn.jsdelivr.net *.doubleclick.net www.google-analytics.com *.google-analytics.com *.googlesyndication.com *.gstatic.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com *.media-amazon.com *.ssl-images-amazon.com adservice.google.ca adservice.google.com adservice.google.co.uk partner.googleadservices.com pagead2.googlesyndication.com www.googletagservices.com www.googletagmanager.com stats.g.doubleclick.net m.media-amazon.com images-eu.ssl-images-amazon.com www.google.com www.google.co.uk www.google.ca tpc.googlesyndication.com fonts.googleapis.com ajax.googleapis.com *.googleads.g.doubleclick.net fundingchoicesmessages.google.com openspace.ordnancesurvey.co.uk *.twitter.com *.ebay.com *.ebayimg.com *.ebaystatic.com id.rlcdn.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za location.services.mozilla.com adservice.google.co.zm adservice.google.co.zw adservice.google.cat data: blob:; 1
default-src 'none'; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.gstatic.com *.zopim.com cdnjs.cloudflare.com *.adroll.com www.googletagmanager.com *.google.com www.google-analytics.com ajax.googleapis.com *.influ2.com *.zdassets.com *.news3.pw *.tomono.com *.metahash.org *.user-clicks.com *.facebook.net; connect-src 'self' *.googleapis.com *.zopim.com *.adroll.com *.doubleclick.net *.news3.pw wss://*.zopim.com wss://jp06.zopim.com metahash.zendesk.com *.influ2.com news.c8.net.ua *.zdassets.com *.tomono.com *.google-analytics.com *.metahash.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.fontawesome.com *.news3.pw *.metahash.org; font-src 'self' data: use.fontawesome.com *.news3.pw *.zopim.com *.metahash.org; frame-src 'self' *.facebook.com *.youtube.com *.news3.pw; worker-src 'self' *.news3.pw *.zendesk.com; object-src 'self' *.news3.pw 1
default-src 'self'; script-src 'self' blob: 'unsafe-eval' maps.googleapis.com *.wistia.com player.vimeo.com; connect-src 'self' *.wistia.com *.litix.io player.vimeo.com vimeo.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.wistia.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com s3-us-west-2.amazonaws.com *.wistia.com embedwistia-a.akamaihd.net s3.amazonaws.com; media-src 'self' blob: embedwistia-a.akamaihd.net *.wistia.com player.vimeo.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.livingbalancesheet.com player.vimeo.com vimeo.com lbsbeta.emaplan.com; frame-ancestors 'self' analytics.google.com *.livingbalancesheet.com lbsbeta.emaplan.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.critizr.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://snap.licdn.com https://www.youtube.com https://www.google-analytics.com  https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com; style-src 'report-sample'  'unsafe-inline'  'self' https://cdn.goodays.co https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://www.facebook.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://rexel.be https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://app.goodays.co https://www.facebook.com https://maps.google.com  https://www.youtube.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://www.google.com; img-src 'self' blob: https: data: https://*.dynamics.com https://rexel.be https://secure.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.fr https://ps.w.org; manifest-src 'self'; media-src 'self'; report-uri https://63987c5031143db76bd6fd95.endpoint.csper.io/?v=0; worker-src *.rexel.be; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.comparabanques.fr/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://liberdon.com; img-src 'self' https: data: blob: https://liberdon.com; style-src 'self' https://liberdon.com 'nonce-El7wfwrxx8DMAAvSVPM+aQ=='; media-src 'self' https: data: https://liberdon.com; frame-src 'self' https:; manifest-src 'self' https://liberdon.com; form-action 'self'; child-src 'self' blob: https://liberdon.com; worker-src 'self' blob: https://liberdon.com; connect-src 'self' data: blob: https://liberdon.com https://cdn.masto.host wss://liberdon.com; script-src 'self' https://liberdon.com 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.essonne.fr https://www.afm-telethon.fr https://seinesaintdenis.fr https://ville-saint-denis.fr https://www.microdon.org https://engagement.microdon.fr https://www.arkeotopia.org https://www.montreuil.fr; 1
child-src finanswatch.dk *.finanswatch.dk; frame-src https://*; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
;default-src 'self'; script-src https://*.krungsricapital.com https://apis.google.com https://ajax.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookieplus.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' 'self'; connect-src https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://analytics.google.com https://*.krungsricapital.com https://*.settrade.com  'self';style-src https://*.krungsricapital.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' 'self' ;font-src  https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 'self';object-src 'none' ; frame-src https://*.settrade.com https://chart.googleapis.com https://www.facebook.com https://accounts.google.com https://www.youtube.com https://www.cqtraderonline.com https://www2.cqtraderonline.com https://*.krungsricapital.com ;img-src   https://*.krungsricapital.com  https://*.google-analytics.com https://www.google.com https://www.google.co.th https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.settrade.com 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
default-src code.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com *.youtube.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.google.co.jp apis.google.com www.google-analytics.com adservice.google.co.jp ajax.googleapis.com code.jquery.com  yubinbango.github.io adservice.google.com unpkg.com ajaxzip3.github.io *.zdassets.com *.zopim.com *.zendesk.com analytics.google.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net hm.mieru-ca.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com code.jquery.com unpkg.com tagmanager.google.com fonts.googleapis.com;  img-src * data: blob: www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com; child-src www.google.com apis.google.com accounts.google.com googleads.g.doubleclick.net; object-src 'self' pagead2.googlesyndication.com; media-src 'self' pagead2.googlesyndication.com *.zdassets.com; connect-src 'self' *.googleapis.com ws: wss: stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.zdassets.com *.zopim.com *.zendesk.com analytics.google.com; frame-src 'self' *.youtube.com *.google.com bid.g.doubleclick.net; 1
upgrade-insecure-requests;style-src 'self' 'nonce-j_S51IffuKxNwGo';font-src 'self';script-src 'self' 'nonce-j_S51IffuKxNwGo' ;connect-src 'self' https://akko.wtf wss://akko.wtf;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' ssl.google-analytics.com 1
frame-src 'self' https://shoppy.gg https://*.shoppy.gg https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://hcaptcha.com https://*.hcaptcha.com;default-src 'self' https://shoppy.gg https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://hcaptcha.com https://*.hcaptcha.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://shoppy.gg https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://hcaptcha.com https://*.hcaptcha.com;style-src 'self' https://cdn.jsdelivr.net https://unicons.iconscout.com 'unsafe-inline' https://shoppy.gg https://paypal.com https://*.paypal.com https://*.paypalobjects.com https://hcaptcha.com https://*.hcaptcha.com;img-src 'self' https://cdn.glitch.com https://*.com https://bstats.org;font-src 'self' https://*.com data:;connect-src https://hcaptcha.com https://*.hcaptcha.com https://*.paypal.com https://*.paypalobjects.com https://*.shoppy.gg https://*.astroac.cc https://astroac.cc https://shoppy.gg https://paypalobjects.com https://paypal.com https://bstats.org;base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' bigcommerce.okta.com *.oktacdn.com; connect-src 'self' bigcommerce.okta.com bigcommerce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com bigcommerce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bigcommerce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' bigcommerce.okta.com *.oktacdn.com; frame-src 'self' bigcommerce.okta.com bigcommerce-admin.okta.com login.okta.com com-okta-authenticator: api-b4d86248.duosecurity.com; img-src 'self' bigcommerce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bigcommerce.okta.com data: *.oktacdn.com fonts.gstatic.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-AKc_8u9Kn6CceC4JcBY5hA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
Content-Security-Policy: default-src 'self' bmcs.one *.bmcs.one 1
default-src 'self';	script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com;	style-src 'self' 'unsafe-inline' fonts.googleapis.com;	font-src 'self' 'unsafe-inline' data:; 1
default-src *;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src * data:;object-src 'none';script-src 'self' https://*.polyfill.io https://polyfill.io https://*.paypal.com https://www.paypalobjects.com https://widget.trustpilot.com https://connect.facebook.net https://platform.twitter.com https://www.googletagmanager.com https://*.zdassets.com https://button.aftership.com https://cdn.shoppinggives.com https://*.attn.tv https://*.nosto.com https://*.lightboxcdn.com https://js-agent.newrelic.com https://*.newrelic.com https://www.googleadservices.com https://*.cloudfront.net https://*.google.com https://lightboxapi.azurewebsites.net https://*.nr-data.net https://bat.bing.com https://s.pinimg.com https://*.doubleclick.net https://www.google-analytics.com https://*.googleapis.com https://static.criteo.net https://*.criteo.com https://*.jst.ai https://*.braintreegateway.com https://*.noibu.com https://static.cloudflareinsights.com/ https://cdn.smooch.io/ https://sc-static.net/ https://cdnjs.cloudflare.com/ https://*.hotjar.com/ https://*.webeyez.com/ https://*.taboola.com/ https://m.me/ https://www.facebook.com/ https://m.facebook.com/ https://connect.facebook.com https://dadmin-qaz.modli.co/ https://stadmin-qaz.modli.co/ https://pradmin-qaz.modli.co/ https://*.calypsa.com/ https://*.youtube.com http://digicert.com https://*.tiktok.com https://acsbapp.com https://gorgias.chat https://*.gorgias.chat https://bluecore.com https://*.bluecore.com https://*.typeform.com https://*.clarity.ms https://*.digicert.com https://*.dynamicyield.com https://*.pinterest.com https://*.unpkg.com https://*.bridgerpay.com https://*.afterpay.com https://*.pixlee.com https://*.pixlee.co https://*.pxlecdn.com https://*.vimeo.com https://code.jquery.com https://cdn.jsdelivr.net https://*.klaviyo.com https://*.builder.io https://*.redditstatic.com https://*.zencdn.net/ https://*.snapchat.com/ https://*.stackla.com data: blob: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval';script-src-attr 'none';style-src 'self' data: blob: 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://*.googleapis.com https://*.criteo.com https://*.trustpilot.com https://connect.facebook.net https://platform.twitter.com https://*.lightboxcdn.com https://*.noibu.com https://*.jst.ai https://*.braintreegateway.com https://*.attn.tv/ https://static.cloudflareinsights.com/ https://*.webeyez.com/ https://sc-static.net/ https://*.hotjar.com/ https://cdn.smooch.io/whatsapp/ https://*.google.com/ https://*.taboola.com/ https://m.me/ https://www.facebook.com/ https://m.facebook.com/ https://connect.facebook.com https://static.cloudflareinsights.com/ https://*.youtube.com http://digicert.com https://*.tiktok.com https://acsbapp.com https://gorgias.chat https://*.gorgias.chat https://bluecore.com https://*.bluecore.com https://*.typeform.com https://*.clarity.ms https://*.calypsa.com/ https://*.digicert.com https://*.dynamicyield.com https://*.unpkg.com https://*.bridgerpay.com https://*.pixlee.com https://*.pixlee.co https://*.pxlecdn.com https://*.vimeo.com https://*.pinterest.com https://*.klaviyo.com https://cdnjs.cloudflare.com https://*.builder.io https://*.redditstatic.com https://*.zencdn.net/ https://*.snapchat.com/ https://www.googletagmanager.com https://*.stackla.com;upgrade-insecure-requests;frame-src intent: fb-messenger: data: default-src: https://platform.twitter.com https://widget.trustpilot.com https://gum.criteo.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://*.doubleclick.net https://*.jst.ai https://*.noibu.com https://*.paypal.com https://*.braintreegateway.com https://*.attn.tv/ https://static.cloudflareinsights.com/ https://*.webeyez.com/ https://sc-static.net/ https://*.hotjar.com/ https://cdn.smooch.io/ https://static.cloudflareinsights.com/ https://*.snapchat.com/ https://*.google.com/ https://*.taboola.com/ https://m.me https://m.facebook.com https://connect.facebook.com https://*.youtube.com https://*.cloudfront.net http://digicert.com https://*.tiktok.com https://acsbapp.com https://gorgias.chat https://*.gorgias.chat https://bluecore.com https://*.bluecore.com https://*.typeform.com https://*.clarity.ms https://*.calypsa.com/ https://*.digicert.com https://*.dynamicyield.com https://*.pinterest.com https://*.unpkg.com https://*.bridgerpay.com https://*.pixlee.com https://*.pxlecdn.com https://*.pixlee.co https://*.vimeo.com https://*.klaviyo.com https://*.builder.io https://*.stackla.com https://*.redditstatic.com https://*.zencdn.net/ https://www.googletagmanager.com 1
default-src 'self'; object-src 'none'; script-src 'self' www.google-analytics.com www.googletagmanager.com 'sha256-0e4E0uIFrhZPqmdovquJPrrEiIgTvmyNt1VhEQb12so=' 'sha256-+mVeZWJisROJ+zbDVcsiKlTIrBV5gjR6G5amwEdXMG0=' 'sha256-gS3tAP+em0p45VK/AYk8XzvWf2qDy4W4bfBD6rV3+rg=' 'sha256-a4XKOKikGVsTOKjLwsaxxV5wpz/r2aiS5mjhlhYZ6A0='; connect-src self www.google-analytics.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://catcatnya.com; img-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com; style-src 'self' https://catcatnya.com 'nonce-K14SnB7FCY4/QG90oKskSQ=='; media-src 'self' data: https://catcatnya.com https://cdn.catcatnya.com; frame-src 'self' https:; manifest-src 'self' https://catcatnya.com; form-action 'self'; child-src 'self' blob: https://catcatnya.com; worker-src 'self' blob: https://catcatnya.com; connect-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com wss://catcatnya.com; script-src 'self' https://catcatnya.com 'wasm-unsafe-eval' 1
default-src 'none'; default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-N2FlMTM3YjVjNjcwYjY0NQ=='; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.auth.adobe.com *.espncdn.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.idvu.io *.apple.com *.google.com  *.disney.com *.digitalscreeners.com *.telerik.com *.labgency.us *.getbootstrap.com *.jquery.com *.w3.org *.akamaized.net *.blob.core.windows.net *.cloudflare.com *.google-analytics.com *.newrelic.com *.nr-data.net *.idviu.io *.idviu.com *.apivu.io *.apivu.com *.apivu.us *.apivu.io.co *.apivu.nyc *.foxmediacloud.com *.cloudfront.net *.cookielaw.org; img-src * 'unsafe-inline' data:; media-src * blob:;style-src * 'unsafe-inline' data:;font-src * 'unsafe-inline' data:;connect-src * 'unsafe-inline' *.idviu.io *.idviu.com *.apivu.io *.apivu.com *.apivu.us *.apivu.io.co *.apivu.nyc;frame-src * *.google.com   'unsafe-inline'; worker-src * blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://douchi.space; img-src 'self' https: data: blob: https://douchi.space; style-src 'self' https://douchi.space 'nonce-SQUs6z3MhGRRV71BLuOxHQ=='; media-src 'self' https: data: https://douchi.space; frame-src 'self' https:; manifest-src 'self' https://douchi.space; form-action 'self'; child-src 'self' blob: https://douchi.space; worker-src 'self' blob: https://douchi.space; connect-src 'self' data: blob: https://douchi.space https://media.douchi.space wss://douchi.space; script-src 'self' https://douchi.space 'wasm-unsafe-eval' 1
default-src *; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackexchange.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'         static.ads-twitter.com         *.twitter.com         www.youtube.com         www.gstatic.com         www.google.com         cdn.jsdelivr.net         maps.googleapis.com         code.jquery.com         cdnjs.cloudflare.com         stackpath.bootstrapcdn.com         www.googletagmanager.com         connect.facebook.net         snap.licdn.com         *.hotjar.com         www.google-analytics.com         https://optimize.google.com         https://fonts.googleapis.com         www.googleadservices.com         client.crisp.chat         *.doubleclick.net 1
default-src 'self'; script-src https://siteimproveanalytics.com https://developers.google.com http://cdn.searchine.net https://maps.googleapis.com https://api.ipify.org 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com http://*.searchine.net https://consent.cookiebot.com https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.2.4.min.js https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/877188633/ https://script.adcalls.nl https://snap.licdn.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://maps.googleapis.com https://api.adcalls.nl https://*.searchine.net https://consentcdn.cookiebot.com https://our.umbraco.com https://*.analytics.google.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube.com https://td.doubleclick.net; img-src 'self' *.siteimproveanalytics.io https://maps.googleapis.com https://maps.gstatic.com data: https://www.linkedin.com https://dashboard.umbraco.com https://i.vimeocdn.com https://our.umbraco.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.google.nl; manifest-src 'self'; media-src 'self' https://player.vimeo.com *.akamaized.net; report-uri https://642eab3df1e3671a291359ee.endpoint.csper.io/?v=0; worker-src 'none'; 1
frame-ancestors https://* 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-AVkG7nlZfhoVl5lf2dqcYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
referrer always; 1
Access-Control-Allow-Origin: * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://glauca.space 'wasm-unsafe-eval' https://s.as207960.net; font-src 'self' https://glauca.space; img-src 'self' data: blob: https://glauca.space https://mastodon-data.content.as207960.net; style-src 'self' https://glauca.space 'nonce-8NvDZYVk/IeVWsBHp37X0w=='; media-src 'self' data: https://glauca.space https://mastodon-data.content.as207960.net; frame-src 'self' https:; child-src 'self' blob: https://glauca.space; worker-src 'self' blob: https://glauca.space; connect-src 'self' blob: data: wss://glauca.space https://glauca.space https://mastodon-data.content.as207960.net https://s.as207960.net; manifest-src 'self' https://glauca.space; form-action 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; sandbox allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.hongkongers.net; img-src 'self' https: data: blob: https://mastodon.hongkongers.net; style-src 'self' https://mastodon.hongkongers.net 'nonce-9KYnUskBV2fRtsrYI24sbQ=='; media-src 'self' https: data: https://mastodon.hongkongers.net; frame-src 'self' https:; manifest-src 'self' https://mastodon.hongkongers.net; form-action 'self'; child-src 'self' blob: https://mastodon.hongkongers.net; worker-src 'self' blob: https://mastodon.hongkongers.net; connect-src 'self' data: blob: https://mastodon.hongkongers.net https://files.hongkongers.net wss://mastodon.hongkongers.net; script-src 'self' https://mastodon.hongkongers.net 'wasm-unsafe-eval' 1
default-src 'none'; manifest-src 'self'; font-src 'self'; img-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none' 1
default-src 'unsafe-inline' 'self' ajax.cloudflare.com cdnjs.cloudflare.com use.fontawesome.com;upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; img-src 'self' 'unsafe-inline' https: data:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; form-action 'self' https:; font-src 'self' https: data:; frame-src 'self' https: 1
default-src 'self' https:;script-src *.termly.io *.matomo.cloud *.googleapis.com *.signalintent.com *.jquery.com *.destinilocators.com *.facebook.net *.facebook.com *.doubleclick.net 'self' data: 'unsafe-inline' 'unsafe-eval' *.yoast.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.cloudfront.net *.cloudflare.com wpsitesync.com;style-src *.google.com *.signalintent.com *.facebook.net *.facebook.com *.destinilocators.com *.doubleclick.net 'self' 'unsafe-inline' yoast.com *.googleapis.com *.cloudfront.net *.cloudflare.com wpsitesync.com;font-src 'self' data: 'unsafe-inline' *.signalintent.com yoast.com *.gstatic.com *.cloudfront.net *.cloudflare.com wpsitesync.com;img-src destinilocators.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com 'self' s.w.org yoast.com data: *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gravatar.com *.cloudfront.net *.cloudflare.com wpsitesync.com *.google.com i0.wp.com https:;frame-src *.termly.io *.google.com *.facebook.net *.facebook.com *.doubleclick.net destinilocators.com 'self' *.vimeo.com *.youtube.com;form-action *.facebook.com *.icontact.com 'self';base-uri 'self';connect-src 'self' *.termly.io *.matomo.cloud *.herokuapp.com *.signalintent.com yoast.com *.googletagmanager.com yoast.com *.google-analytics.com;frame-ancestors 'self';object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.google.com/ https://*.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.sharethis.com https://*.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.googleusercontent.com https://googleusercontent.com https://*.youtube.com/ https://*.gravatar.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://*.twitter.com/ https://api.instagram.com https://*.cdninstagram.com https://s.w.org https://ps.w.org/ https://api.myparcel.nl/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.google.nl/ https://cdn.datatables.net/ https://wordpress.com https://*.wp.com https://use.fontawesome.com/ https://edgewebpages.com/ https://webchat.missiveapp.com/ http://demo.startup-company.cmsmasters.net/ https://image-proxy.taivas.cloud/ https://www.ipdigital.nl/ 1
frame-ancestors https://*.easyvista-training.com https://*.easyvista.com https://*.hachette-livre.fr https://*.besse.net https://*.paysdaixhabitat.fr/; 1
default-src 'self' 'unsafe-inline' data: https://*.itapteka.pl; style-src 'self' 'unsafe-inline' https://*.itapteka.pl; font-src 'self' http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' data: https://*.itapteka.pl https://*.google-analytics.com https://www.googletagmanager.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-eval'; img-src 'self' 'unsafe-inline' data: *  https://*.itapteka.pl https://*.google-analytics.com https://stats.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com; connect-src 'self' 'unsafe-inline' data: https://*.itapteka.pl https://*.google-analytics.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://*.itapteka.pl https://vars.hotjar.com; 1
font-src 'self' data: https://tools.agencewebcom.com/prod/widgets/be/static/fonts/ https://fonts.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; font-src 'self' data:; frame-src 'self' https://www.youtube.com blob:; upgrade-insecure-requests; block-all-mixed-content; report-to csp-endpoint; report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce; 1
connect-src 'self' analytics.jpmaior.com; font-src 'self'; default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' analytics.jpmaior.com ajax.cloudflare.com static.cloudflareinsights.com; img-src 'self' analytics.jpmaior.com 1
default-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; script-src 'self' 'nonce-Aa27LFuRRs747L9h4gjINb0LjG2b1WOH' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *;frame-ancestors *; 1
object-src 'none';base-uri 'self';script-src 'nonce-iJlEodUbGY4z2gJ8COc3nw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
frame-ancestors https://*.libertech.fr 1
base-uri *.lilly.com; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' *.lilly.it lilly.com *.lilly.com; script-src 'nonce-VVKnYQGTRI3sQyvinbvWhw=='  'sha256-XoJl+UW8f1vDY4q/H2TAQrQXaVIeoQhYAtlocsVAdh0='  'sha256-vSYTn18hS9CSeak8W0iTZ1cwqVN6eRcmy6JTA1qX+Rg='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net *.lilly.it lilly.com *.lilly.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.lilly.it lilly.com *.lilly.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bicomsystems.com/ data: ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.bicomsystems.com/ wss: 1
default-src 'none'; script-src 'unsafe-eval' 'nonce-Cn8S2GohkWt5zMbBNI'; object-src 'none'; img-src 'self' data: https: 'unsafe-inline'; style-src-elem 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; script-src-elem 'self' https: 'unsafe-hashes' 'unsafe-inline'; base-uri 'self' ; frame-ancestors 'none'; script-src-attr 'self' https: 'unsafe-inline'; form-action 'self' http: https: 'unsafe-inline'; media-src 'self' https: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://luc.cat; img-src 'self' https: data: blob: https://luc.cat; style-src 'self' https://luc.cat 'nonce-sJ6Xn/9YDN+wrdWEmtofXw=='; media-src 'self' https: data: https://luc.cat; frame-src 'self' https:; manifest-src 'self' https://luc.cat; form-action 'self'; connect-src 'self' data: blob: https://luc.cat https://luc.cat wss://luc.cat; script-src 'self' https://luc.cat 'wasm-unsafe-eval'; child-src 'self' blob: https://luc.cat; worker-src 'self' blob: https://luc.cat 1
default-src 'self' *.lztr.me/; frame-src 'self' *.youtube.com/ *.spotify.com/; base-uri lztr.me; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; script-src 'self' *.lztr.me/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.lztr.me/ 'unsafe-inline' https:; img-src 'self' data: *; media-src 'self' * 1
font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' https://*.googleapis.com https://maps.gstatic.com https://*.google.com https://*.facebook.net https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.wpmucdn.com https://*.youtube.com https://*.youtube-nocookie.com https://*.googleadservices.com https://*.licdn.com 'unsafe-eval'; 1
default-src * data: blob:;script-src 'self' https://cdn.melhorenvio.com.br https://static.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://consent.cookiefirst.com https://maps.googleapis.com https://www.googletagmanager.com *.google-analytics.com https://www.pagespeed-mod.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://www.googleoptimize.com https://www.youtube.com https://connect.facebook.net https://widget.intercom.io https://js.intercomcdn.com https://melhorenvio49545.activehosted.com *.criteo.com https://www.paypal.com https://www.paypalobjects.com *.clarity.ms https://js.userpilot.io https://www.datadoghq-browser-agent.com https://unpkg.com/ionicons@5.5.2/dist/ionicons/ https://cdn.pn.vg https://prism.app-us1.com *.taboola.com https://bat.bing.com *.pinimg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://trackcmp.net *.googlesyndication.com https://www.googleadservices.com https://cdn.ckeditor.com/4.8.0/ data: 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdn.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://consent.cookiefirst.com https://www.gstatic.com https://fonts.googleapis.com https://cdn.ckeditor.com/4.8.0/ data: 'unsafe-inline';font-src 'self' https://cdn.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://fonts.gstatic.com https://fonts.intercomcdn.com https://use.typekit.net data:;worker-src * blob:;img-src * data: blob: 'unsafe-inline';frame-ancestors 'self' https://app.melhorenvio.com.br;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd1dde361270103c22ae4e4183eba1a75&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amelhor-envio; 1
default-src 'self'; script-src 'self' blob: deploy.mopinion.com v2.zopim.com static.zdassets.com collect.mopinion.com cdn.cookielaw.org www.googletagmanager.com www.google-analytics.com webchat.eazy.im api.eu-1.smooch.io *.kia.com unpkg.com region1.google-analytics.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.mopinion.com 'unsafe-eval' 'unsafe-inline';img-src 'self' data: temp-kia.s3.eu-central-1.amazonaws.com dashboard.umbraco.com media.kia.nl v2assets.zopim.io cdn.cookielaw.org fonts.gstatic.com v2.zopim.com www.google-analytics.com media.eu-1.smooch.io api.eazy.im *.kia.com europe-west1-kia-nl-data.cloudfunctions.net www.google.nl region1.google-analytics.com 'unsafe-eval' 'unsafe-inline';connect-src 'self' api.tomtom.com https://*.api.tomtom.com blob: deploy.mopinion.com ekr.zdassets.com wss://widget-mediator.zopim.com cacheorcheck.mopinion.com cdn.cookielaw.org www.google-analytics.com survey.mopinion.com webchat.eazy.im ai.eazy.im 631f510108081600f31b6c34.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io *.kia.com stats.g.doubleclick.net kdp.nl region1.google-analytics.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline';frame-src 'self' aanvraag.pechhulpnu.nl 'unsafe-eval' 'unsafe-inline';style-src-elem 'self' blob: fonts.mopinion.com www.googletagmanager.com fonts.googleapis.com webchat.eazy.im unpkg.com 'unsafe-eval' 'unsafe-inline';font-src 'self' v2.zopim.com data: gstatic.mopinion.com fonts.gstatic.com webchat.eazy.im *.kia.com 'unsafe-eval' 'unsafe-inline';child-src 'self' blob: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' ;media-src 'self' ;block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://moresci.sale; img-src 'self' https: data: blob: https://moresci.sale; style-src 'self' https://moresci.sale 'nonce-dKZYjb5TejARI+WR0U5LSA=='; media-src 'self' https: data: https://moresci.sale; frame-src 'self' https:; manifest-src 'self' https://moresci.sale; form-action 'self'; connect-src 'self' data: blob: https://moresci.sale https://papers.moresci.sale wss://moresci.sale; script-src 'self' https://moresci.sale; child-src 'self' blob: https://moresci.sale; worker-src 'self' blob: https://moresci.sale 1
default-src 'none'; img-src 'self'; media-src 'self'; style-src 'self'; frame-ancestors 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.vodka; img-src 'self' https: data: blob: https://mstdn.vodka; style-src 'self' https://mstdn.vodka 'nonce-a+QTo60UuMmC043ayb2fNg=='; media-src 'self' https: data: https://mstdn.vodka; frame-src 'self' https:; manifest-src 'self' https://mstdn.vodka; form-action 'self'; child-src 'self' blob: https://mstdn.vodka; worker-src 'self' blob: https://mstdn.vodka; connect-src 'self' data: blob: https://mstdn.vodka https://static.mstdn.vodka wss://mstdn.vodka; script-src 'self' https://mstdn.vodka 'wasm-unsafe-eval' 1
frame-ancestors https://www.shop101.com https://www.myownshop.in https://www.mydash101.com https://www.dash101.com https://app.dash101.com https://shop.roposo.com https://staging-shop.roposo.com https://store.roposo.com 1
default-src 'self' pinned-nerdsonsite:; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://maps.googleapis.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.oceandba.fr *.oceandba.com *.oceandba.es *.wp.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com data: ; style-src 'self' data: 'unsafe-inline' *.jquery.com fonts.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net ; media-src 'self' data: *.youtube.com *.w.org *.soundcloud.com; child-src 'self' www.google.com; object-src 'self' data:; form-action 'self'; img-src 'self' *.gravatar.com *.google.com *.wp.com *.oceandba.com *.oceandba.fr *.oceandba.es data: 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.cookielaw.org https://www.googletagmanager.com connect.facebook.net *.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://use.typekit.net https://www.google-analytics.com https://privacyportalde-cdn.onetrust.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ *.google-analytics.com *.google.com googletagmanager.com *.cookielaw.org *.onetrust.com; object-src 'none'; style-src 'report-sample' 'self' https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://use.typekit.net https://www.google-analytics.com https://privacyportalde-cdn.onetrust.com/ 'unsafe-inline' https://fonts.googleapis.com/ *.google-analytics.com *.google.com googletagmanager.com *.cookielaw.org *.onetrust.com; img-src * data:; media-src 'self'; frame-src 'self' *.doubleclick.net https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://use.typekit.net https://www.google-analytics.com https://privacyportalde-cdn.onetrust.com/; font-src 'self' https://cdn.jsdelivr.net https://use.typekit.net https://fonts.gstatic.com/ *.google-analytics.com *.google.com googletagmanager.com *.cookielaw.org *.onetrust.com; connect-src 'self' https://analytics.google.com https://adservice.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://perrigo-privacy.my.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://use.typekit.net https://www.google-analytics.com https://privacyportalde-cdn.onetrust.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ *.google-analytics.com *.google.com googletagmanager.com *.cookielaw.org *.onetrust.com; report-uri /at/report-csp-violation; upgrade-insecure-requests 1
frame-ancestors *.coupa.com *.ariba.com *.sciquest.com *.punchout2go.com *.tradecentric.com https://portal.tradecentric.com https://portal.punchout2go.com https://stage-portal.punchout2go.com https://dev-portal.punchout2go.com 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com https://connect.facebook.net; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src 'self' ; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; img-src 'self' data:;worker-src blob:; 1
default-src 'self' https://region1.google-analytics.com https://ct.leady.com https://img.quanti.cz https://www.facebook.com https://cdn.linkedin.oribi.io https://staticxx.facebook.com https://web-writer.eu.smartlook.cloud https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://manager.eu.smartlook.cloud; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.co; img-src 'self' https://region1.google-analytics.com https://ct.leady.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://maps.gstatic.com data:; script-src 'self' https://web-sdk.smartlook.com https://ct.leady.com https://www.quanti-web-prod.quanti.cz https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://rec.smartlook.com blob:; style-src 'self' https://hello.myfonts.net https://fonts.googleapis.com https://maps.googleapis.com 'unsafe-inline' 1
frame-src 'self' https://www.gartner.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.clarity.ms https://www.gartner.com https://static.ads-twitter.com https://analytics.twitter.com https://www.gstatic.com/charts/loader.js https://www.gstatic.com/charts/50/loader.js https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/49/loader.js https://www.gstatic.com/charts/50/js/jsapi_compiled_geo_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_geochart_module.js https://cdn.syndication.twimg.com https://www.gstatic.com/charts/51/loader.js https://www.gstatic.com/charts/51/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_graphics_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_geo_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_geochart_module.js https://www.googleoptimize.com/optimize.js https://www.facebook.com/signals/iwl.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/134597088.js https://m.facebook.com/signals/iwl.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.googleadservices.com/ cdn.rawgit.com https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gartner.com/ https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/signals/iwl.js https://m.facebook.com/signals/iwl.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/134597088.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://redpiranha.net/report-uri/enforce 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *.bootstrapcdn.com *.polyfill.io polyfill.io *.googleapis.com *.cloudflare.com *.gstatic.com *.fontawesome.com *.google-analytics.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.w3.org *.google.nl *.cookiebot.com *.onlinesucces.nl *.nc-websites.nl *.google.com *.whappie.nl *.feedlie.nl *.jsdelivr.net *.linkedin.com *.leadinfo.com *.leadinfo.net *.salesfeed.com crmv2.salesfeed.com *.hotjar.io *.hotjar.com *.linkedin.oribi.io  wss://*.hotjar.com *.popupsmart.com *.youtube.com *.youtube-nocookie.com *.licdn.com *.ytimg.com *.unpkg.com unpkg.com data: blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruinous.social; img-src 'self' https: data: blob: https://ruinous.social; style-src 'self' https://ruinous.social 'nonce-uc8tk9pQcUx3D0Wa2D7qHQ=='; media-src 'self' https: data: https://ruinous.social; frame-src 'self' https:; manifest-src 'self' https://ruinous.social; form-action 'self'; child-src 'self' blob: https://ruinous.social; worker-src 'self' blob: https://ruinous.social; connect-src 'self' data: blob: https://ruinous.social https://files.ruinous.social wss://ruinous.social; script-src 'self' https://ruinous.social 'wasm-unsafe-eval' 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://skipthecommericals.xyz:8443/socket.io/ wss://skipthecommericals.xyz:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://socia.dev; img-src 'self' https: data: blob: https://socia.dev; style-src 'self' https://socia.dev 'nonce-+tG3hJUJ2YeZm4y/9e3xtw=='; media-src 'self' https: data: https://socia.dev; frame-src 'self' https:; manifest-src 'self' https://socia.dev; form-action 'self'; child-src 'self' blob: https://socia.dev; worker-src 'self' blob: https://socia.dev; connect-src 'self' data: blob: https://socia.dev https://s3.wasabisys.com wss://socia.dev; script-src 'self' https://socia.dev 'wasm-unsafe-eval' 1
default-src 'none';script-src 'self';connect-src 'self';img-src 'self';style-src 'self'; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob:; font-src 'self' https: data:; img-src 'self' data: https: blob:; child-src https:; object-src https: 1
report-uri https://v2track.com 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' *.facebook.com; frame-ancestors 'self'; img-src 'self' data: res.cloudinary.com recruitee-main.s3.eu-central-1.amazonaws.com vanboxtel.nl www.vanboxtel.nl vanboxtel-website-frontend.onrender.com *.vimeocdn.com *.facebook.com *.licdn.com *.ads.linkedin.com *.iubenda.com www.google.nl www.google.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com recaptcha.net vimeo.com player.vimeo.com fresnel.vimeocdn.com *.hotjar.com *.facebook.net *.facebook.com snap.licdn.com *.ads.linkedin.com *.iubenda.com googleads.g.doubleclick.net; upgrade-insecure-requests; frame-src 'self' vimeo.com player.vimeo.com recaptcha.net *.vimeocdn.com *.facebook.com *.iubenda.com td.doubleclick.net 1
default-src 'self' https://region1.google-analytics.com  https://ekr.zdassets.com https://veichat.zendesk.com https://www.google-analytics.com wss://widget-mediator.zopim.com https://translate.googleapis.com https://stats.g.doubleclick.net https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com  https://themes.googleusercontent.com https://fonts.gstatic.com https://ssl.google-analytics.com  https://s-static.ak.facebook.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://static.zdassets.com https://translate.google.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://translate-pa.googleapis.com https://widget-mediator.zopim.com; img-src 'self' https://secure.gravatar.com https://fonts.gstatic.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.gstatic.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.typekit.net; frame-src https://www.youtube.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.vei.global https://www.google.com; object-src 'none' 1
form-action 'self' *.list-manage.com *.mollie.com; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-QZj0ynC_7YdNKc-Mp5_icw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
frame-ancestors http://voipmonitor.org https://voipmonitor.org http://www.voipmonitor.org https://www.voipmonitor.org 1
child-src 'self' blob: https://*.auth0.com; object-src 'self'; worker-src 'self' blob:; script-src https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; connect-src https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://*.auth0.com https://clouderrorreporting.googleapis.com https://storage.googleapis.com wss://welink-nms.com wss://*.welink-nms.com wss://welink-nms.uk; 1
default-src 'none'; script-src 'unsafe-eval' 'nonce-q36kL9XSgnVc0'; object-src 'none'; img-src 'self' data: https: 'unsafe-inline'; style-src-elem 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; script-src-elem 'self' https: 'unsafe-hashes' 'unsafe-inline'; base-uri 'self' ; frame-ancestors 'none'; script-src-attr 'self' https: 'unsafe-inline'; form-action 'self' http: https: 'unsafe-inline'; media-src 'self' https: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' chat.movidesk.com wiipo.com www.wiipo.com.br wiipo.com www.wiipo.com cookies.senior.com.br snap.licdn.com www.facebook.com forms.hsforms.com googleads.g.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com js.hsforms.net cdn.jsdelivr.net c0.wp.com s0.wp.com stats.wp.com d335luupugsy2.cloudfront.net forms.hsforms.com js.hs-analytics.net cdn.onesignal.com connect.facebook.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net wchat.freshchat.com www.google-analytics.com www.googleoptimize.com endpoint.csper.io cdnjs.cloudflare.com embed.typeform.com www.googletagmanager.com maxcdn.bootstrapcdn.com code.jquery.com js.usemessages.com s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js static.hotjar.com script.hotjar.com; style-src 'self' 'unsafe-inline' chat.movidesk.com cookies.senior.com.br maxcdn.bootstrapcdn.com cdnjs.cloudflare.com c0.wp.com s0.wp.com fonts.googleapis.com wchat.freshchat.com s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css; object-src 'none'; base-uri 'self'; connect-src 'self' content.hotjar.io px.ads.linkedin.com analytics.google.com cdn.app.movidesk.com cdn.linkedin.oribi.io ws40.hotjar.com www.rdstation.com.br in.hotjar.com wss://ws12.hotjar.com ws12.hotjar.com ws27.hotjar.com wss://ws.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com api.hubspot.com forms.rdstation.com.br pageview-notify.rdstation.com.br popups.rdstation.com.br gyruss.rdops.systems cookies.senior.com.br wiipo.com www.wiipo.com static.hotjar.com yoast.com stats.g.doubleclick.net www.google-analytics.com ws.hotjar.com; font-src 'self' data: cdn.app.movidesk.com chat.movidesk.com c0.wp.com s0.wp.com fonts.gstatic.com; frame-src 'self' td.doubleclick.net chat.movidesk.com forms.hsforms.com bid.g.doubleclick.net www.google.com static.hsappstatic.net widgets.wp.com form.typeform.com emprestimo.alicredito.com.br portal-rh.alicredito.com.br gateway.adianta.com.br wiipo.freshdesk.com calendly.com app.hubspot.com vars.hotjar.com www.facebook.com; img-src 'self' data: wiipo.com www.wiipo.com cdn.app.movidesk.com https://s3.amazonaws.com/movidesk-files/18A0E7E6A139556DFE915966DF4246E0 p.adsymptotic.com px.ads.linkedin.com pixel.wp.com static.hsappstatic.net forms-na1.hsforms.com exceptions.hs-embed-reporting.com s0.wp.com c0.wp.com track.hubspot.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net secure.gravatar.com forms.hsforms.com dk9suync0k2va.cloudfront.net cdnjs.cloudflare.com www.google.com.br www.google.com; manifest-src 'self'; media-src 'self' wiipo.com www.wiipo.com; worker-src blob:; frame-ancestors 'self' platform.senior.com.br; form-action 'self' facebook.com www.facebook.com forms.hsforms.com; 1
upgrade-insecure-requests;style-src 'self' 'nonce-z8C_1RLs44MZJJQ';font-src 'self';script-src 'self' 'nonce-z8C_1RLs44MZJJQ' ;connect-src 'self' https://woem.space wss://woem.space ;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
frame-ancestors 'self' https://preview.themeforest.net/; 1
default-src 'self' https://maps.gstatic.com; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com https://www.zambon.com/addresses/office/US https://www.zambon.com/addresses/office/FR https://www.zambon.com/addresses/office/BE https://www.zambon.com/addresses/office/IT https://www.zambon.com/addresses/office/NL https://www.zambon.com/addresses/office/PT https://www.zambon.com/addresses/office/RU https://www.zambon.com/addresses/office/ES https://www.zambon.com/addresses/office/GB https://www.zambon.com/addresses/office/NORDICS https://www.zambon.com/addresses/office/ID https://www.zambon.com/addresses/office/BR https://www.zambon.com/addresses/office/CO https://www.zambon.com/addresses/headquarter/all https://www.zambon.com/addresses/group/all https://www.zambon.com/addresses/plant/all; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com data: https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js cdn.auth0.com https://cdnjs.cloudflare.com https://developers.google.com https://maps.googleapis.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com cdn.auth0.com https://cdnjs.cloudflare.com https://developers.google.com https://maps.googleapis.com; style-src 'self' 'report-sample' https://fonts.googleapis.com https://cdnjs.cloudflare.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; worker-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.zambonpharma.com/it/it/report-uri/enforce 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' script.hotjar.com wave.outbrain.com tr.outbrain.com connect.facebook.net amplify.outbrain.com static.hotjar.com googleads.g.doubleclick.net maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://interact.zonebroadband.co.uk 1
frame-ancestors  https://*.klim.co.nz; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com https://cct.google https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://js.monitor.azure.com https://snap.licdn.com https://policy.cookiereports.com https://view.ceros.com https://www.research-tree.com https://player.vimeo.com https://protect-eu.mimecast.com https://sites-dwf.vuturevx.com https://www.vimeo.com https://vimeo.com https://www.youtube.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://dc.services.visualstudio.com https://policy.cookiereports.com https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com; img-src 'self' data: *.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.vimeocdn.com *.ytimg.com https://www.omnycontent.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://protect-eu.mimecast.com https://sites-dwf.vuturevx.com https://optimize.google.com; base-uri 'self'; object-src 'self'; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://sites-dwf.vuturevx.com; frame-src 'self' player.vimeo.com www.google.com *.googletagmanager.com https://irs.tools.investis.com https://otp.tools.investis.com https://view.ceros.com https://embed.chartblocks.com https://www.research-tree.com https://sites-dwf.vuturevx.com https://cdn.yoshki.com https://www.youtube.com https://www.hapyak.com https://omny.fm https://optimize.google.com; 1
frame-ancestors 'self' *.cnbankpa.com 1
frame-ancestors 'self' http://www.langnese.de http://www.goodhumor.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://okla.social; img-src 'self' https: data: blob: https://okla.social; style-src 'self' https://okla.social 'nonce-4q7jQyUmrA2QHlGonlj9dg=='; media-src 'self' https: data: https://okla.social; frame-src 'self' https:; manifest-src 'self' https://okla.social; form-action 'self'; child-src 'self' blob: https://okla.social; worker-src 'self' blob: https://okla.social; connect-src 'self' data: blob: https://okla.social https://okla.social wss://okla.social; script-src 'self' https://okla.social 'wasm-unsafe-eval' 1
frame-src 'self'; frame-ancestors 'self' https://vision.24-7intouch.com http://localhost:* app://*; object-src 'none'; 1
frame-ancestors 'self' 		https://*.asmark.org 		https://*.signnow.com ; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.blacktube.com/csp-reports; report-to csp-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://darkfriend.social; img-src 'self' https: data: blob: https://darkfriend.social; style-src 'self' https://darkfriend.social 'nonce-MwK7axnUzgjQGlSjhcNN+w=='; media-src 'self' https: data: https://darkfriend.social; frame-src 'self' https:; manifest-src 'self' https://darkfriend.social; form-action 'self'; child-src 'self' blob: https://darkfriend.social; worker-src 'self' blob: https://darkfriend.social; connect-src 'self' data: blob: https://darkfriend.social https://cdn.masto.host wss://darkfriend.social; script-src 'self' https://darkfriend.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.flockler.com *.cloudflareaccess.com *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cloudfront.net *.youtube.com *.vimeo.com vimeo.com *.calendly.com calendly.com *.usemessages.com *.gstatic.com *.oniqa.com *.onistaged.com *.wpengine.com *.hsforms.com *.hsforms.net.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hubapi.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com ws.zoominfo.com hscollectedforms.net js.hscollectedforms.net forms.hscollectedforms.net *.flippingbook.com *.joomag.com *.pubhtml5.com pubhtml5.com *.wistia.net *.wistia.com hsadspixel.net *.hsadspixel.net googleads.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net snap.licdn.com connect.facebook.net facebook.com *.facebook.com px.ads.linkedin.com px4.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com googleadservices.com *.googleadservices.com *.vcita.com vcita.com embedwistia-a.akamaihd.net *.litix.io c15117557.ssl.cf2.rackcdn.com *.onistaged.com *.onenorth.com *.ksmcpa.com data: blob:; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.cloudfront.net data:; frame-ancestors 'self' *.hubspot.com *.flippingbook.com *.pubhtml5.com pubhtml5.com *.joomag.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; frame-ancestors 'self' 1
default-src 'self'; style-src hello.myfonts.net www.google.com 'self' 'unsafe-inline'; img-src www.linkedin.com t.co analytics.twitter.com www.google-analytics.com px.ads.linkedin.com www.facebook.com i.ytimg.com *.google.com www.googleapis.com *.gstatic.com *.aquaamerica.com 'self'; script-src snap.licdn.com connect.facebook.net *.googletagmanager.com code.jquery.com *.google.com 'sha256-TTjHsno0sx9619I6NRc7EQ1tGoydAFT8RWUwD4cz+5o=' 'sha256-ZTCvS4XJ5f2ApU1PhVOdHyZLsln1kVrFjDLqYtKhXM4=' 'nonce-pdcnEe8oUV8IgfkTIHq6k6gs' 'self' 'unsafe-eval' 'unsafe-hashes';  frame-src 52.186.34.239 www.facebook.com *.aquawater.com *.youtube.com *.google.com www.googletagmanager.com 'self'; connect-src www.facebook.com stats.g.doubleclick.net *.oribi.io www.google-analytics.com csp.withgoogle.com 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webplus.info https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://*.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.mixmarket.biz https://*.marketgid.com https://*.herokuapp.com https://vk.com https://connect.ok.ru https://connect.mail.ru https://*.facebook.com https://*.facebook.net https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.mgid.com https://www.chromestatus.com https://*.doubleclick.net https://*.gstatic.com https://*.ampproject.org https://*.criteo.net https://*.amazonaws.com; style-src 'self' 'unsafe-inline' https://webplus.info https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://*.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.mixmarket.biz https://*.marketgid.com https://*.herokuapp.com https://vk.com https://connect.ok.ru https://connect.mail.ru https://*.facebook.com https://*.facebook.net https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.mgid.com https://www.chromestatus.com https://*.doubleclick.net https://*.gstatic.com https://*.ampproject.org https://*.criteo.net https://*.amazonaws.com; img-src 'self' data: https://webplus.info https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://*.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.mixmarket.biz https://*.marketgid.com https://*.herokuapp.com https://vk.com https://connect.ok.ru https://connect.mail.ru https://*.facebook.com https://*.facebook.net https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.mgid.com https://www.chromestatus.com https://*.doubleclick.net https://*.gstatic.com https://*.ampproject.org https://*.criteo.net https://*.amazonaws.com; object-src  'self' https://webplus.info https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://*.google.com.ua https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://ukrbuy.com https://*.mixmarket.biz https://*.marketgid.com https://*.herokuapp.com https://vk.com https://connect.ok.ru https://connect.mail.ru https://*.facebook.com https://*.facebook.net https://www.linkedin.com https://api.pinterest.com https://*.tovarro.com https://*.mgid.com https://www.chromestatus.com https://*.doubleclick.net https://*.gstatic.com https://*.ampproject.org https://*.criteo.net https://*.amazonaws.com 1
default-src 'self' https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.google-analytics.com/ https://analytics.twitter.com/; img-src 'self' https://cdn.cookielaw.org/ data: https://analytics.twitter.com/ https://t.co/ https://www.facebook.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://forms.hsforms.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://forms.hubspot.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://61283073.global.siteimproveanalytics.io https://forms.hubspot.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent00.net https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://track.hubspot.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://forms.hsforms.com data:; object-src 'self'; frame-src 'self' https://forms.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; 1
default-src  'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.unibuddy.co https://cdnjs.cloudflare.com https://i453.fontys.nl/ https://www.googletagmanager.com/ https://www.google-analytics.com https://goto.fontys.nl/ https://www.youtube.com/ https://www.googleadservices.com https://fontys.blueconic.net https://connect.facebook.net https://snap.licdn.com https://sc-static.net/ https://www.clarity.ms https://tr.snapchat.com https://www.google.com/ https://www.gstatic.com/ https://hkl.nl/ https://connect.getflowbox.com/ https://api.fontys.nl/; child-src ; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://tourmkr.com/ https://e.issuu.com/ https://ideal.ing.nl/ https://bankieren.ideal.ing.nl/ https://indd.adobe.com https://*.unibuddy.co/ https://unibuddy.co/ https://fontys-matchingtool.lwprod.nl https://fontys-matchingtool-acc.lwdev.nl https://walkinto.in/ https://content.googleapis.com/ https://*.vimeo.com/ https://*.spotify.com/ https://*.transistor.fm/ https://www.instagram.com/ https://goto.fontys.nl/ https://*.snapchat.com/ https://*.facebook.com/ https://*.youtube.com/ https://*.google.com/ https://www.youtube-nocookie.com/; img-src 'self' data: *; media-src 'self' https://affectivity-storage.lwmicro.com/ https://cdn.flbx.io/; style-src 'self' 'unsafe-inline' https://goto.fontys.nl https://rlb.nuffic.nl https://plugins.blueconic.net https://www.gstatic.com/ https://*.fontys.nl/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com; worker-src 'self'; frame-ancestors 'self' https://open.spotify.com; report-uri /web/reportreceiver; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pnw.zone; img-src 'self' https: data: blob: https://pnw.zone; style-src 'self' https://pnw.zone 'nonce-4i4N722ULsKonymCvECxKA=='; media-src 'self' https: data: https://pnw.zone; frame-src 'self' https:; manifest-src 'self' https://pnw.zone; form-action 'self'; child-src 'self' blob: https://pnw.zone; worker-src 'self' blob: https://pnw.zone; connect-src 'self' data: blob: https://pnw.zone https://files.pnw.zone wss://pnw.zone; script-src 'self' https://pnw.zone 'wasm-unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:; object-src 'none' 1
font-src *.googleapis.com *.gstatic.com data: *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.gstatic.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-ancestors https://jamstackthemes.dev; manifest-src 'self'; connect-src *; font-src 'self'; img-src * data:; script-src 'self' https://*.cactus.chat 'unsafe-inline'; style-src 'self' https://*.cactus.chat 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/ 1
font-src *.lightboxcdn.com *.yotpo.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com channels.magento.com qaapp02.xisecurenet.com *.paymetric.com hottools.us15.list-manage.com www.facebook.com facebook.com *.hottools.com *.fontawesome.com *.bootstrapcdn.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; form-action *.yotpo.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net https://cert-xiecomm.paymetric.com *.paymetric.com *.hottools.com 'self' data: https://hottools.us15.list-manage.com/ *.twitter.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src *.lightboxcdn.com *.yotpo.com ct.pinterest.com  www.google.com/recaptcha/ fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.weltpixel.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com www.facebook.com connect.facebook.net amc.demdex.net *.doubleclick.net vars.hotjar.com checkoutshopper-test.adyen.com qaapp02.xisecurenet.com bid.g.doubleclick.net assets.adobedtm.com www.weltpixel.com www.xtento.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ *.xisecurenet.com *.paymetric.com https://cert-xiecomm.paymetric.com *.trustarc.com imgs.signifyd.com h.online-metrix.net helenoftroy--tst1.custhelp.com helenoftroy--tst3.custhelp.com helenoftroy.custhelp.com *.hottools.com *.sdiapi.com *.twitter.com *.google.com *.addthis.com *.hotjar.com *.adsrvr.org *.cloudfront.net *.cloudflareinsights.com *.oraclecloud.com *.pur.com *.honeywellpluggedin.com *.vickshumidifiers.com *.stingerproducts.com *.febrezeairpurifiers.com *.oxo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.lightboxcdn.com *.yotpo.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.cloudflare.com gethatch.com pixel.quantserve.com stats.g.doubleclick.net *.google.com *.facebook.com *.paypal.com network-eu-stg.bazaarvoice.com checkoutshopper-test.adyen.com www.googleads.g.doubleclick.net www.google.co.in googleads.g.doubleclick.net landofcoder.com cdn.klarna.com www.xtento.com cdn.xtento.com www.magentocommerce.com gallery.mailchimp.com https://www.googletagmanager.com https://qaapp02.xisecurenet.com *.paymetric.com *.trustarc.com imgs.signifyd.com w2txo5aapsvnlbfopfq5kti3furj22hsurgjt6nie6d3a46433edf973sac.d.aa.online-metrix.net https://w2txo5aapsvnlbfopfq5kti3furj22hsurgjt6nib9f626b15f11b117sac.d.aa.online-metrix.net w2txo5aapsvnlbfopfq5kti3furj22hsurgjt6nib9f626b15f11b117sac.d.aa.online-metrix.net consent.truste.com *.d.aa.online-metrix.net *.e.aa.online-metrix.net *.f.aa.online-metrix.net i.ytimg.com *.hottools.com *.cdninstagram.com *.fbcdn.net *.googleadservices.com *.google-analytics.com *.twitter.com t.co *.custhelp.com *.rnengage.com *.omtrdc.net *.trustarc.com *.pinterest.com *.signifyd.com *.doubleclick.net *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src *.azurewebsites.net *.lightboxcdn.com *.yotpo.com *.youtube.com static.doubleclick.net *.ads-twitter.com www.google.com www.googleoptimize.com polyfill.io assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net *.google-analytics.com cdn-scripts.signifyd.com connect.facebook.net googleads.g.doubleclick.net www.facebook.com qaapp02.xisecurenet.com channels.magento.com cdn.wootric.com cdn-assets.rapidspike.com cdnjs.cloudflare.com *.www.googletagmanager.com tagmanager.google.com *.instagram.com *.google.com *.gstatic.com ajax.cloudflare.com js-agent.newrelic.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ s3.amazonaws.com *.oraclecloud.com https://qaapp02.xisecurenet.com *.paymetric.com *.trustarc.com *.nr-data.net imgs.signifyd.com *.sdiapi.com *.hottools.com *.iterable.com *.cloudflare.com *.twitter.com *.ads-twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.facebook.net widgets.pinterest.com *.hotjar.com *.doubleclick.net *.custhelp.com *.rnengage.com *.rapidspike.com *.atgsvcs.com *.trustarc.com *.livelook.com *.newrelic.com *.pinimg.com sc-static.net *.signifyd.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com ajax.googleapis.com https://www.googletagmanager.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.lightboxcdn.com *.yotpo.com getfirebug.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com channels.magento.com tagmanager.google.com *.oraclecloud.com *.mouseflow.com/ cdn-images.mailchimp.com https://qaapp02.xisecurenet.com *.paymetric.com *.hottools.com *.custhelp.com *.google.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.yotpo.com https://magento.com https://devdocs.magento.com *.hottools.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.yotpo.com *.algolia.net api.addressy.com api.iterable.com *.algolianet.com lib-us-1.brilliantcollector.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net www.sandbox.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com data-a495851.data.us2.oraclecloud.com www.google-analytics.com channels.magento.com cdn.wootric.com eligibility.wootric.com wootric-eligibility.herokuapp.com *.rapidspike.com stats.g.doubleclick.net *.oraclecloud.com *.mouseflow.com/ *.instagram.com https://qaapp02.xisecurenet.com *.paymetric.com *.nr-data.net imgs.signifyd.com *.sdiapi.com *.signifyd.com *.trustarc.com *.hottools.com *.hotjar.com *.hotjar.io *.doubleclick.net *.atgsvcs.com *.pinterest.com *.google-analytics.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.googleusercontent.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.googletagmanager.com/ https://pixel.rubiconproject.com/ https://ups.analytics.yahoo.com/ https://sync.search.spotxchange.com/ *.google-analytics.com *.analytics.google.com *.google.com *.permutive.com https://api.permutive.com/ https://e1.emxdgt.com/ https://ping.eeharbor.com/ https://www.facebook.com/ https://cdn.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ https://www.google.ie/ https://curator-assets.b-cdn.net/  data: maps.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' *.google-analytics.com wss://ws40.hotjar.com/ *.analytics.google.com *.google.com  wss://ws.hotjar.com/ https://content.hotjar.io/  wss://ws24.hotjar.com *.hotjar.com https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://updates.expressionengine.com/ https://ib.adnxs.com *.prmutv.co *.permutive.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://vc.hotjar.io/ https://privacyportal.onetrust.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://www.google.com/ https://googleads.g.doubleclick.net/ *.sentry.io; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com https://api.permutive.com/ https://cdn.permutive.com/; frame-src 'self' https://4448103.fls.doubleclick.net/ https://platform.twitter.com/ https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ http://cookies.onetrust.mgr.consensu.org/; worker-src 'self' blob: 1
frame-ancestors 'self' https://smithandcaugheys-cms.solutionists.co.nz/ ; upgrade-insecure-requests 1
frame-ancestors 'self' *.southlondongallery.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wtcb-bim-viewer-git-production-002-prophets.vercel.app apps.mypurecloud.de *.clarity.ms www.gstatic.com www.google.com googleads.g.doubleclick.net www.googleadservices.com js-eu1.hsadspixel.net js-eu1.hs-banner.com js-eu1.hs-analytics.net js-eu1.hscollectedforms.net js-eu1.hs-scripts.com www.google-analytics.com snap.licdn.com connect.facebook.net script.hotjar.com static.hotjar.com *.cookiepro.com www.googletagmanager.com www.youtube.com mktdplp102cdn.azureedge.net genesys.auvious.com;      style-src 'self' 'unsafe-inline' wtcb-bim-viewer-git-production-002-prophets.vercel.app apps.mypurecloud.com *.typekit.net *.googletagmanager.com *.googleapis.com;      img-src * data:; font-src 'self' apps.mypurecloud.com *.typekit.net; object-src 'none';      frame-src 'self' www.buildwise.be auvious.video www.youtube.com vars.hotjar.com www.facebook.com www.google.com;      connect-src 'self' blob: bbriblobprod.blob.core.windows.net wtcb-bim-viewer-git-production-002-prophets.vercel.app wss://streaming.mypurecloud.de api.mypurecloud.de sentry.auvious.com genesys.auvious.com cdn.linkedin.oribi.io www.facebook.com *.onetrust.com *.clarity.ms forms-eu1.hubspot.com api-eu1.hubapi.com *.google-analytics.com stats.g.doubleclick.net *.cookiepro.com in.hotjar.com px.ads.linkedin.com; media-src 'self' bbriblobprod.blob.core.windows.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.adform.net *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.hu *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self'; base-uri 'self'; object-src 'none'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-dilPbyYpeExTMytSOFRVR2lRY3NWKTt6' 'nonce-bT1wJSNSJUV5Mz9ua3d5ZF9nKF81L3Bp' 'nonce-VUBhblJuKDdnQzY1RXo9dXlQLURGSng4' 'nonce-TWZsNSZTKF96RUslRTQoPV93Vj9DNTNk' 'nonce-MFIoKEFUSSVkJWhGKV9uWkZHei8hI0E9' 'nonce-Vyl2OXU1ZDljQG1OMishMmdIS195I0c4'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; worker-src blob: 1
default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; connect-src https: data: 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cdn.schemaapp.com https://*.google.com https://*.googleapis.com https://cdnjs.cloudflare.com wss://*.hotjar.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com https://*.earthmovercu.com; frame-ancestors 'self' https://www.youtube.com; 1
frame-ancestors 'self' *.333office.nl 1
upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; frame-ancestors 'self'; report-uri https://www.evocagroup.com/en/report-uri/enforce 1
frame-ancestors 'self' https://jointest.skyone.org https://estmt.businessdatainc.com https://app.loanspq.com https://apptest.loanspq.com https://dev.skyone.org; 1
default-src 'self' https://maps.google.com https://www.google-analytics.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercomcdn.com *.s3.amazonaws.com/campayn; connect-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://js.intercomcdn.com/ https://www.google.com https://maps.googleapis.com  https://s3.ca-central-1.amazonaws.com https://widget.intercom.io/widget/uwbbdh5l https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://campayn.s3.amazonaws.com/ http://s3.amazonaws.com/s3_campayn.com/ http://s3.amazonaws.com/campayn/ https://s3.amazonaws.com/campayn/ s3.amazonaws.com/campaynnet/ *.staticflickr.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ http://s3.amazonaws.com/s3_campayn-dev.com/ https://s3.amazonaws.com/s3_campayn.com/ data: *.intercomcdn.com *.campayn.test campayn.test *.campayn.com campayn.com alek.campayn.com *.campayn.net campayn.net https://www.gravatar.com/ http://i1.wp.com https://i1.wp.com https://static.intercomassets.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gravatar.com https://fonts.gstatic.com https://assets.zendesk.com; font-src 'self' https://js.intercomcdn.com/fonts/ https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com https://www.google.com/recaptcha/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://secure.rightsignature.com/ https://widget.intercom.io; object-src 'self'; media-src 'self' https://s3.amazonaws.com 1
default-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com; child-src 'self' blob: *.pendo.io stage-vynetrellis.com *.stage-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.stage-vynetrellis.com wss://stage-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.stage-vynetrellis.com stage-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com *.pendo.io; frame-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com previewapp.stage-vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.stage-vynetrellis.com stage-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.stage-vynetrellis.com stage-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
font-src fonts.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com https://seo.mageplaza.com https://plumrocket.com *.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.doubleclick.net happyfoxchat.com *.happyfoxchat.com *.facebook.com www.googletagmanager.com https://www.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com blob: cbadev.vollmilch.ch cbastaging.vollmilch.ch confiserie.ch *.confiserie.ch *.googleapis.com *.amazonaws.com happyfoxchat.com *.facebook.net *.facebook.com *.google.com *.google.ch *.profity.ch *.google-analytics.com www.googletagmanager.com https://i.ytimg.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.doubleclick.net *.scoutsss.com *.google.com *.facebook.net *.facebook.com *.googleapis.com *.amazonaws.com happyfoxchat.com *.happyfoxchat.com *.google-analytics.com www.googletagmanager.com https://www.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.googleapis.com happyfoxchat.com *.happyfoxchat.com *.facebook.com *.google.com *.google-analytics.com www.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.transnox.com *.cloudflare.com 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.camdujour.com:9080 www.camdujour.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.camdujour.com wss://www.camdujour.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705978612 1
img-src data: 'self' *;style-src stackpath.bootstrapcdn.com 'unsafe-inline' *.teamretro.com fonts.googleapis.com beacon-v2.helpscout.net djtflbt20bdde.cloudfront.net style.helpscout.com static.teamretro.com;connect-src tr-production-us-assets-bucket.s3.us-east-1.amazonaws.com *.cardinalcommerce.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.teamretro.com beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com sentry.io plausible.io *.pusher.com wss://ws.pusherapp.com:* wss://*.pusher.com:* api.rollbar.com cdnjs.cloudflare.com;media-src assets.teamretro.com 'self' *.teamretro.com beacon-v2.helpscout.net static.teamretro.com;child-src *.paypal.com assets.braintreegateway.com;frame-src *;script-src js.braintreegateway.com assets.braintreegateway.com *.paypal.com songbird.cardinalcommerce.com 'self' 'unsafe-eval' 'report-sample' cdnjs.cloudflare.com *.teamretro.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net plausible.io *.pusher.com assets.rollbar.com cdn.rollbar.com static.teamretro.com 'nonce-8e4e8e41-4f45-4ac1-a8e0-808587f319b0';default-src data: *;frame-ancestors 'none';report-uri https://groupmap.report-uri.com/r/d/csp/enforce;object-src *.teamretro.com;font-src data: fonts.gstatic.com static.teamretro.com 1
default-src 'self' data: https://*.azurewebsites.net https://s3.amazonaws.com https://*.cloudinary.com https://*.blob.core.windows.net https://grantsconnectui.azureedge.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://*.yourcause.com https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://cdnjs.cloudflare.com https://static.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://sky.blackbaudcdn.net https://static.lightning.force.com https://everfi.my.site.com https://service.force.com *.salesforce.com *.salesforceliveagent.com https://help.everfi.com https://cdn.heapanalytics.com https://heapanalytics.com https://js.monitor.azure.com;img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://fonts.googleapis.com https://host.nxt.blackbaud.com https://service.force.com/ https://everfi.my.site.com https://help.everfi.com https://heapanalytics.com https://cdn.jsdelivr.net;font-src 'self' data: https://fonts.gstatic.com https://grantsconnectui.azureedge.net https://unpkg.com https://host.nxt.blackbaud.com https://service.force.com *.salesforce.com https://heapanalytics.com;frame-src 'self' data: https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com https://service.force.com;connect-src 'self' https://*.azurewebsites.net https://localhost:44392 https://*.blob.core.windows.net https://yc-prod.azurefd.net https://yc-dev-qa.azurefd.net https://dc.services.visualstudio.com https://*.yourcausegrantsqa.com https://grantsconnectui.azureedge.net https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://ekr.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://*.blackbaud.net https://*.signalr.net wss://*.signalr.net https://everfi.my.site.com *.salesforce.com *.salesforceliveagent.com *.sfdc.net https://help.everfi.com https://heapanalytics.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ignitecommunity.com/logs/ https://ignitecommunity.com/sidekiq/ https://ignitecommunity.com/mini-profiler-resources/ https://d2war8rj8bm5io.cloudfront.net/assets/ https://ignitecommunity.com/extra-locales/ https://d13l5tsa9464iu.cloudfront.net/highlight-js/ https://d13l5tsa9464iu.cloudfront.net/javascripts/ https://d13l5tsa9464iu.cloudfront.net/plugins/ https://d13l5tsa9464iu.cloudfront.net/theme-javascripts/ https://d13l5tsa9464iu.cloudfront.net/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://video.ignitecommunity.com/ https://agc-videojs.s3-us-west-2.amazonaws.com/ https://idf.ignitecommunity.com/ https://assets-ignite-agc-prod-us.s3.dualstack.us-west-2.amazonaws.com/; worker-src 'self' https://d2war8rj8bm5io.cloudfront.net/assets/ https://d13l5tsa9464iu.cloudfront.net/javascripts/ https://d13l5tsa9464iu.cloudfront.net/plugins/ blob:; frame-ancestors 'self'; manifest-src 'self' 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.fantasygirlcams.com:9080 www.fantasygirlcams.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.fantasygirlcams.com wss://www.fantasygirlcams.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705979229 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-RQNNRsMzzueG4gJV7d+qkqVWo2+jKpB/TxgiVeDExToRM5lS' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; font-src 'self' data: https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://manage.fleetmaintenance.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
script-src 'self' data: http: http://127.0.0.1:3000 'sha256-ed+M1HBHMGb5t3q8jilsPS/IT5GluoYurIhpJD5wepE=' 'sha256-XBXz0jjkkkGKMqo3SKbvHBFZGqirsIAON+BlYQdpTIw=' http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://js.stripe.com https://sdk.privacy-center.org https://www.googletagmanager.com https://app.mailjet.com/statics/js/widget.modal.js 'nonce-98808f17e4153543b184b43ee81c88df'; style-src 'self' 'unsafe-inline' data: http: https://fonts.googleapis.com https://app.mailjet.com/statics/css/w-popin-less.css; img-src 'self' data: https://www.googletagmanager.com https://www.editis.com/editis-content/themes/editis/dist/assets/imgs/icons/arrow-white.svg https://s3-eu-west-1.amazonaws.com https://scribay.s3.amazonaws.com https://app.mailjet.com/statics/images/w-popin-close.png https://graph.facebook.com https://sdk.privacy-center.org https://scontent-cdt1-1.xx.fbcdn.net https://platform-lookaside.fbsbx.com; frame-src https://app.mailjet.com/ https://js.stripe.com https://vimeo.com https://player.vimeo.com; font-src 'self' http://127.0.0.1:3001 data: https://js.stripe.com https://fonts.gstatic.com http://fonts.gstatic.com 1
default-src 'self' b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com *.googleusercontent.com *.youtube.com *.google.ru; script-src 'self' 'unsafe-inline' gstatic.com www.gstatic.com cdnjs.cloudflare.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; connect-src 'self' b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; img-src 'self' data: *.b2binpay.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com *.googleusercontent.com *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com b2broker.activehosted.com *.ads-twitter.com *.b2broker.net *.b2broker.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.gravatar.com *.facebook.net *.facebook.com *.roistat.com *.twitter.com *.yahoo.com *.yandex.ru *.yimg.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com 1
default-src 'self' *.googletagmanager.com cdn.bma.bm *.vimeo.com; script-src 'self' www.google.com/recaptcha/api.js *.googletagmanager.com ckeditor.iframe.ly maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.bma.bm theweather.com *.gstatic.com static.addtoany.com *.vimeo.com *.vimeocdn.com *.nr-data.net code.jquery.com 'nonce-5J7u987qjYp25XVh29388B2P8q8Jc445RyFR' 'sha256-qEftYzJkik6f2adAHjEOE/NwtbFFj8BA7z+5iOM/ivk='; style-src 'self' 'unsafe-inline' cdn.bma.bm maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com *.vimeocdn.com *.gstatic.com; img-src * data: cdn.bma.bm www.googletagmanager.com *.gstatic.com static.addtoany.com; font-src data: 'self' fonts.gstatic.com fonts.google.com cdn.bma.bm; connect-src 'self' *.vimeo.com cdn.bma.bm static.addtoany.com google-analytics.com; media-src 'self' cdn.bma.bm; object-src 'self'; child-src 'self' www.youtube.com *.vimeo.com *.vimeocdn.com; frame-src 'self' cdn.bma.bm *.youtube.com *.vimeo.com cw.na1.hgncloud.com jobs.jobvite.com *.jobvite.com www.google.com free.timeanddate.com static.addtoany.com *.theweather.com; frame-ancestors 'self' cdn.bma.bm *.youtube.com *.vimeo.com cw.na1.hgncloud.com *.jobvite.com; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vivaenergy.com.au *.gstatic.com *.googleapis.com cdn.linkedin.oribi.io *.linkedin.com *.hotjar.com snap.licdn.com *.doubleclick.net *.google-analytics.com adservice.google.com *.google.com *.google.com.au www.googletagmanager.com *.facebook.net *.facebook.com *.cardapplication.com.au apps.nowwhere.com.au wss://*.hotjar.com *.hotjar.io events.miraqle.com *.youtube.com *.salesforceliveagent.com cdn.optimizely.com *.fls.doubleclick.net ml314.com *.google services.choruscall.com ; report-uri https://reference.elcom.com.au/LogCSP.ashx 1
default-src 'self'; script-src 'self' is.gd v.gd sentry.io blob:; style-src 'self' 'unsafe-inline'; style-src-attr 'self';  img-src 'self' data:; font-src 'self'; frame-src 'self'; connect-src 'self' https: l10n.hexed.it sentry.io 1
default-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline';  img-src 'self'; child-src 'none'; script-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.arcaneodyssey.dev/logs/ https://forum.arcaneodyssey.dev/sidekiq/ https://forum.arcaneodyssey.dev/mini-profiler-resources/ https://forum.arcaneodyssey.dev/assets/ https://forum.arcaneodyssey.dev/brotli_asset/ https://forum.arcaneodyssey.dev/extra-locales/ https://forum.arcaneodyssey.dev/highlight-js/ https://forum.arcaneodyssey.dev/javascripts/ https://forum.arcaneodyssey.dev/plugins/ https://forum.arcaneodyssey.dev/theme-javascripts/ https://forum.arcaneodyssey.dev/svg-sprite/ 'report-sample' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://unpkg.com https: 'unsafe-inline'; worker-src 'self' https://forum.arcaneodyssey.dev/assets/ https://forum.arcaneodyssey.dev/brotli_asset/ https://forum.arcaneodyssey.dev/javascripts/ https://forum.arcaneodyssey.dev/plugins/; report-uri https://forum.arcaneodyssey.dev/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
script-src 'strict-dynamic' 'unsafe-inline' 'self' www.channelengine.net cdn.channelengine.net www.gstatic.com/charts/ https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://*.clarity.ms 'nonce-sv/clz0fEMk5jH+Ci/TcNHHwy+BpVDiIPRUu+I9XqSU='; default-src 'self'; object-src 'none'; img-src * https://*.google-analytics.com https://*.googletagmanager.com 'self' data: https:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://api.powerbi.com https://*.sentry.io https://*.clarity.ms; style-src 'unsafe-inline' 'self' www.channelengine.net cdn.channelengine.net fonts.googleapis.com www.gstatic.com/charts/ https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' www.channelengine.net cdn.channelengine.net fonts.gstatic.com data:; frame-src https://hcaptcha.com https://*.hcaptcha.com https://app.powerbi.com https://app.customgpt.ai https://images.channelengineai.com; frame-ancestors 'none'; base-uri 'self'; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.efdss.org validaid.org embedsocial.com *.joomla.org *.patronbase.com bandcamp.com *.addthisedge.com logwork.com *.logwork.com *.pinterest.com *.google-analytics.com *.instagram.com *.twimg.com *.cloudflare.com *.cloudflareinsights.com *.civiccomputing.com *.pardot.com *.facebook.net *.facebook.com *.myfonts.net *.pcapredict.com *.googletagmanager.com *.postcodeanywhere.co.uk *.facebook.com *.doubleclick.net *.google.com *.google.co.uk *.googleapis.com fonts.gstatic.com *.youtube.com *.youtu.be *.vimeo.com *.spotify.com *.soundcloud.com *.staticflickr.com *.addthis.com *.twitter.com twitter.com *.embedsocial.com *.spektrix.com sysfilessacbe149174fee.blob.core.windows.net *.buzzsprout.com blob:; img-src * data: blob:; font-src fonts.gstatic.com 'self' data:; 1
frame-ancestors 'self' https://*.ahmchealth.com https://*.ahmchealth.org https://*.fastcommand.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.s3licensing.com *.ontario.ca *.google-analytics.com *.qualtrics.com *.doubleclick.net fast.fonts.net  fonts.gstatic.com *.googleapis.com  *.cloudflare.com *.postescanada-canadapost.ca *.bambora.com *.googletagmanager.com *.bootstrapcdn.com code.jquery.com *.vimeo.com *.datatables.net *.gov.on.ca *.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'report-sample'; img-src 'self' https://translate.google.com https://cdnjs.cloudflare.com *.gstatic *.postescanada-canadapost.ca *.datatables.net *.cloudflare.com *.gov.on.ca data:; report-uri https://5f89e2687de178664f37578b.endpoint.csper.io; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; font-src 'self' use.typekit.net https://fonts.gstatic.com/ https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src * data: blob:; connect-src 'self' https://sportsbook.mintdice.com wss://sportsbook.mintdice.com wss://server.mintdice.com https://auth.mintdice.com https://server.mintdice.com https://sportsbook.mintdice.com https://www.mintdice.com https://mintdice.directus.app https://*.google-analytics.com https://www.google.tagmanager.com https://*.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io  wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com vitals.vercel-insights.com https://blockchain.info https://cdn.softswiss.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com/ stackpath.bootstrapcdn.com/ https://www.gstatic.com/recaptcha/ *.cloudfront.net https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://casino.cur.a8r.games/public/sg.js; style-src 'self' use.typekit.net/ p.typekit.net 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' data: https://js.intercomcdn.com; worker-src 'self'; frame-src 'self' data: blob: https://sportsbook.mintdice.com https://www.google.com/recaptcha/ https://int.bgaming-system.com/ https://provider.int.a8r.games/ https://bgaming-network.com/ https://licensing.gaming-curacao.com/ https://player.vimeo.com https://www.youtube.com https://youtube.com; frame-ancestors 'self' 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-2y1ELD0TkxNmdUdeDUV8Ng==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-src 'self'  https://player.vimeo.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'  https://*.ivolunteer.com; 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob: filesystem:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.hotjar.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-eebb5c4918f458242fa5abc3db582932'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' data: *.mandatumlife.fi *.kalevavakuutus.fi *.mandatumtrader.fi *.mandatumlife.lu dl.episerver.net *.dev.visualwebsiteoptimizer.com *.eloqua.com rekry.oikotie.fi cdnjs.cloudflare.com pbs.twimg.com *.force.com *.salesforce.com *.salesforceliveagent.com assets.adobedtm.com dpm.demdex.net *.omtrdc.net snap.licdn.com img06.en25.com *.adform.net connect.facebook.net *.mandatumlife.demdex.net *.linkedin.com *.facebook.com *.visualstudio.com *.msecnd.net *.youtube.com vimeo.com *.vimeo.com *.googletagmanager.com *.episerver.net *.everesttech.net *.demdex.net *.issuu.com *.googleadservices.com *.adsymptotic.com *.doubleclick.net *.google.com *.google.fi *.google.se *.google.no *.google.dk *.google.lu *.saxobank.com saxobank.com web-chat.global.assistant.watson.appdomain.cloud activitymap.adobe.com *.omniture.com omniture.com *.watsonplatform.net *.googleapis.com *.jquery.com *.teamtailor.com *.ads-twitter.com *.teamtailor-cdn.com *.leadfamly.com *.twitter.com t.co *.visualwebsiteoptimizer.com fp.mandatumlife.fi analytics.twitter.com *.cookielaw.org onetrust.com *.onetrust.com fp.kalevavakuutus.fi *.optimizely.com *.demdex.net *.amplitude.com *.saxobank.fi *.viestiseina.com https://viestiseina.com https://playlist.megaphone.fm https://www.vismasignforms.com/ *.vismasignforms.com/ *.zapflow.fi https://www.zapflow.fi/ https://s3.amazonaws.com/vwo-surveys/theme/30185_21217675c4c634ad346bac721fc003d2.css *.smetrics.mandatumtrader.fi https://integrations.eu-de.assistant.watson.appdomain.cloud https://hvk-api-management-prod.azure-api.net *.mandatumam.com *.googlesyndication.com  https://outlook.office365.com/owa/calendar/Varaasijoitustapaaminen@lifefin.onmicrosoft.com/bookings/ https://outlook.office365.com/owa/calendar/Mandatumajanvaraus@lifefin.onmicrosoft.com/bookings/ *.t.eloqua.com https://outlook.office365.com/owa/calendar/Mandatumajanvarausyritysasiakkaat@lifefin.onmicrosoft.com/bookings/ *.ostavakuutus.mandatumlife.fi *.bing.com https://bat.bing.com/bat.js https://outlook.office365.com/owa/calendar/Mandatumbookingsinvestmentexpert@lifefin.onmicrosoft.com/bookings/ https://*.siteimproveanalytics.io https://siteimproveanalytics.com *.mandatum.fi https://fonts.gstatic.com/s/ibmplexsans/ https://fonts.gstatic.com/s/ibmplexmono/ *.cision.com https://www.gstatic.com *.euroland.com https://publish.ne.cision.com  https://www.google.com/recaptcha/ *.eurolandir.com https://kaleva.campaign.playable.com ostavakuutus.mandatum.fi 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.procore.com 1
frame-ancestors https://bdash-cloud.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  *.analytics.tiktok.com *.googleadservices.com *.googletagmanager.com *.gigya.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.krxd.net *.doubleclick.net *.hexagondata.com *.kcmsso.com *.crwdcntrl.net; img-src * 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.gigya.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.krxd.net *.doubleclick.net *.hexagondata.com data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.analytics.tiktok.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.match.hexagondata.com ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.hexagondata.com *.facebook.net *.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.krxd.net *.gigya.com *.crwdcntrl.net *.tiktok.com ; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiktok.com *.doubleclick.net *.hexagondata.com *.facebook.net *.googletagmanager.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleadservices.com *.krxd.net *.gigya.com *.crwdcntrl.net; 1
frame-ancestors 'self' https://manage.processingmagazine.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' data: https://sii.pl/ https://sii.ua/ https://siisweden.se/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://*.clarity.ms https://*.googlesyndication.com https://*.cdninstagram.com https://cdn.linkedin.oribi.io https://www.recaptcha.net https://*.recaptcha.net https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://*.analytics.google.com https://analytics.google.com https://cdn.sii.pl https://*.fontawesome.com https://*.googleapis.com https://*.jquery.com https://*.msecnd.net https://www.eventbrite.com https://*.doubleclick.net https://www.facebook.com https://*.doubleclick.net wss://*.cux.io https://www.google-analytics.com https://*.cux.io https://*.dynamics.com https://*.livechatinc.com https://sii.pl https://*.clickdimensions.com https://secure.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://*.clarity.ms https://*.cloudflareinsights.com https://*.gstatic.com https://*.recaptcha.net https://*.youtube.com https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://maps.google.com https://code.jquery.com https://*.msecnd.net  https://www.eventbrite.com wss://*.cux.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://*.cux.io https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://mktdplp102cdn.azureedge.net https://*.clickdimensions.com https://*.livechatinc.com https://sii.pl https://analytics-eu.clickdimensions.com https://ajax.googleapis.com; img-src 'self' data: https://c.bing.com https://c.clarity.ms https://*.cdninstagram.com https://*.siitest.pl https://*.siidev.pl https://*.sii.pl https://googleads.g.doubleclick.net https://analytics.google.com https://*.clickdimensions.com https://analytics-eu.clickdimensions.com https://i.ytimg.com https://www.google.pl/ https://www.google.com/ https://www.facebook.com https://*.linkedin.com https://www.googletagmanager.com https://www.google-analytics.com https://*.dynamics.com https://cdn.sii.pl https://secure.gravatar.com https://s.w.org https://*.googleapis.com https://*.gstatic.com https://*.sii.pl; 1
frame-ancestors 'self' *.myshopify.com admin.shopify.com 1
frame-ancestors: 'self'; 1
default-src 'self' ; script-src 'nonce-b34e873865ec02756f7c427cfbb3ec87' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' 'sha256-X1lFAezW6vIiGNdZJLnWHeYBR2C0hStXLHNSro9AwPM=' services.postcodeanywhere.co.uk www.googletagmanager.com 'sha256-pHsjbYbHDDj5J+mCm8r96BRqw1DVOTLxvlJOEnK2N2A=' 'sha256-01GYAK3Q/v8IXLmTO/sl4IvbxbrvNom+iUjwz2p2Tvw=' 'sha256-H9WxB8o93BbqS76k+36Gr6ixn5F9bKZQCsGuyYXmlK4=' 'sha256-VqSGQYeeLgiBSEo/mkwxeTXdHxYpvZ1+n3+DlDVleAk=' 'sha256-qkbBGXnVcEPgzawSO0K+hWwmcz1JkGTcKEh9Ev/jLec=' 'sha256-xUn2BEpY3Z3s+5VOAbTgXsUQ6Pu/4TWfQzAmFoh+/p8=' 'sha256-syUnRBPe8IEGzee++pjvSujWss9Nrcgi/ZXbUi6VCSc=' ; connect-src 'self' *.sentry.io *.google-analytics.com player.vimeo.com vimeo.com services.postcodeanywhere.co.uk ip2c.org h.online-metrix.net tm.promotion-cdn.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com services.postcodeanywhere.co.uk ; font-src 'self' data: https: fonts.googleapis.com ; img-src 'self' data: blob: https: services.postcodeanywhere.co.uk tm.promotion-cdn.com ; object-src h.online-metrix.net tm.promotion-cdn.com ; frame-ancestors 'self' ; form-action 'self' ; base-uri 'self' ; report-uri https://69952ade1a0590c68d876b650b061433.report-uri.com/r/d/csp/enforce ; frame-src player.vimeo.com returns.dhl.co.uk vimeo.com h.online-metrix.net tm.promotion-cdn.com dhl-opia-cloud.dev.opiahost.co.uk dhl.opia.cloud ; 1
default-src 'self' api.eloanwarehouse.com 'unsafe-inline' bat.bing.com seal.godaddy.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.five9.com *.ucontactcloud.com *.decisionlogic.com *.ipify.org *.jquery.com *.usaepay.com/ chirp.digital *.paywalletllc.com *.nmi.com *.ninjafetch.com ninjafetch.com *.yodlee.com; style-src 'self' *.five9.com *.googleapis.com *.nmi.com 'unsafe-inline'; img-src 'self' bat.bing.com seal.godaddy.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.decisionlogic.com *.five9.com *.ninjafetch.com ninjafetch.com data: 1
default-src 'self' 'unsafe-eval' filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; connect-src * *.google-analytics.com *.tiktok.com *.google.com *.google.ca *.facebook.com *.sumo.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; media-src 'self' 'unsafe-inline' filesystem:; report-uri 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net *.careerarc.com; worker-src 'self' 'unsafe-inline'; manifest-src 'self'; upgrade-insecure-requests 1
frame-ancestors https://www.symplicity.com/ 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ocko&d=2024-01-23 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rutarget.ru *.adriver.ru cdn.ampproject.org *.googletagservices.com googleads.g.doubleclick.net *.doubleclick.net *.google.ru cdn.jsdelivr.net *.top100.ru *.cloudfront.net *.google.com *.rambler.ru yandex.ru *.yandex.ru yastatic.net *.yandex.net yandex.st *.googleapis.com apis.google.com *.gstatic.com gstatic.com *.googlesyndication.com *.googleadservices.com counter.yadro.ru www.liveinternet.ru vk.com *.vk.com *.mail.ru *.twitter.com cdn.syndication.twimg.com *.facebook.net *.jquery.com; style-src 'self' 'unsafe-inline' google.com www.google.com *.yandex.ru fonts.googleapis.com; font-src 'self' data: *.gstatic.com *.yandex.ru yastatic.net fonts.googleapis.com maxcdn.bootstrapcdn.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gstatic.com/  https://*.googletagmanager.com  https://www.google.com/ https://*.jit.si/ wss://bunker-online.com:1337/ wss://x.bunker-online.com:1337/ 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com  https://www.google-analytics.com https://directed.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://directechs.blob.core.windows.net https://files.directechs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com https://server10gateway.clickandchat.com http://server4gateway.clickandchat.com https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://cdn.rawgit.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://*.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; img-src 'self' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net http://placehold.it https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com  https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; font-src 'self' https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com  https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; frame-src 'self' https://www.vcp.cloud https://dev.vcp-devtest.cloud https://qa.vcp-devtest.cloud https://directechs.blob.core.windows.net https://files.directechs.com http://beta.directechs.com http://new.directechs.com http://www.directechs.com https://www.directechs.com http://www.directed.com https://www.directed.com https://www.youtube.com/user/SnakePitTraining https://fonts.googleapis.com http://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com/groups/directedtechsupport https://www.youtube.com http://www.directeddealers.com http://colt.calamp-ts.com https://colt.calamp-ts.com https://www.directedstore.com http://fonts.gstatic.com https://fonts.gstatic.com http://ssl.google-analytics.com https://ssl.google-analytics.com https://server4gateway.clickandchat.com  http://server4gateway.clickandchat.com  https://server10.clickandchat.com http://server10.clickandchat.com https://cdn.datatables.net https://voxxintl.zendesk.com https://www.googletagmanager.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://directed.zendesk.com wss://widget-mediator.zopim.com; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com http://www.feedhopenow.org; report-uri https://www.feedhopenow.org/site/XFrameViolation 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.cam-x-online.com:9080 www.cam-x-online.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.cam-x-online.com wss://www.cam-x-online.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705976001 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.formstack.com *.buzzsprout.com players.brightcove.net vjs.zencdn.net https://p2a.co/js/embed/widget/civicactioncenter.widget.js https://documentcloud.adobe.com/view-sdk/2.22.1_2.8.2-4a902b3/ViewSDKInterface.js https://documentcloud.adobe.com/view-sdk/main.js https://cdn.curator.io https://www.namic.org https://vjs.zencdn.net https://players.brightcove.net https://namicweb.azureedge.net https://ajax.googleapis.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://acsbapp.com https://www.google-analytics.com;frame-src 'self' mailto: *;style-src 'self' 'unsafe-inline' *.formstack.com https://cdn.curator.io https://namicweb.azureedge.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;worker-src 'self' blob:;prefetch-src 'self' *.boltdns.net;img-src 'self' *.brightcove.com players.brightcove.net *.boltdns.net https://pbs.twimg.com https://az659834.vo.msecnd.net https://www.namic.org https://cf-images.us-east-1.prod.boltdns.net https://namicstorage.blob.core.windows.net https://namicweb.azureedge.net https://6027291.global.siteimproveanalytics.io data: 1
frame-ancestors http://www.asaporg.com https://divcomplatform.s3.amazonaws.com 1
frame-ancestors 'self' https://*.chartres.fr/ https://*.chartres-metropole.fr/; 1
default-src 'self' https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee; connect-src 'self' *.siteimprove.com https://byk.ttja.ee https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee https://region1.google-analytics.com https://stats.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com https://buerokratt.ttja.ee/widget_bundle.js https://search.service.vportal.ee/v1/search/ttja https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/ttja https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://byk.ttja.ee https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee; frame-src 'self' https://jvis.ttja.ee https://byk.ttja.ee http://jvis.ttja.ee https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://*.ttja.ee https://gis.railbaltica.org https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee https://webgate.ec.europa.eu/gpsd/screen/public/home https://ec.europa.eu/safety-gate-alerts/screen/webReport https://gis.railbaltica.org/portal/apps/webappviewer/index.html https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://byk.ttja.ee https://browser-update.org/ https://buerokratt.ttja.ee https://tim.buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://byk.ttja.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://buerokratt.ttja.ee https://tim.buerokratt.ttja.ee cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://byk.ttja.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://buerokratt.ttja.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://jvis.ttja.ee https://byk.ttja.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://jvis.ttja.ee https://byk.ttja.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://buerokratt.ttja.ee https://ruuter.buerokratt.ttja.ee https://tim.buerokratt.ttja.ee cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freemasonry.social; img-src 'self' https: data: blob: https://freemasonry.social; style-src 'self' https://freemasonry.social 'nonce-zWQHTFIrYoMUeqJbrgmF5Q=='; media-src 'self' https: data: https://freemasonry.social; frame-src 'self' https:; manifest-src 'self' https://freemasonry.social; form-action 'self'; child-src 'self' blob: https://freemasonry.social; worker-src 'self' blob: https://freemasonry.social; connect-src 'self' data: blob: https://freemasonry.social https://wos.hostdon.ne.jp wss://freemasonry.social; script-src 'self' https://freemasonry.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.arosuite.com  tcgms.net *.imperialhotels.co.uk;       default-src 'unsafe-inline' 'self' *.arosuite.com ajax.cloudflare.com scdn.aro.ie static.arocdn.com *.cookiebot.com *.typekit.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.akamaized.net squizlabs.github.io *.hijiffy.com;       script-src 'unsafe-inline' 'unsafe-eval' 'self' scdn.aro.ie static.arocdn.com *.cookiebot.com *.cookiebot.eu *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googleapis.com *.gstatic.com *.googlesyndication.com *.facebook.net *.typekit.net squizlabs.github.io *.hotjar.com *.app-us1.com *.hijiffy.com trackcmp.net *.opentable.co.uk cdn.otstatic.com *.resos.com stats.pusher.com onboard.triptease.io        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;       font-src 'unsafe-inline' 'self' data: scdn.aro.ie static.arocdn.com *.googleapis.com *.gstatic.com *.typekit.net *.hijiffy.com;       img-src 'self' scdn.aro.ie static.arocdn.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.googleapis.com *.googlesyndication.com *.facebook.com *.typekit.net *.hijiffy.com messenger-services.com *.amazonaws.com data: snapshot:        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;        frame-src 'self' *.facebook.com *.cookiebot.com *.google.com *.youtube.com *.vimeo.com *.opentable.co.uk atrium-bar.resos.com *.reach-ats.com *.doubleclick.net data: mailto: onboard.triptease.io;       connect-src 'self' *.arosuite.com *.cookiebot.com *.cookiebot.eu *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.facebook.com wss: *.hotjar.com *.hotjar.io *.hijiffy.com onboard.triptease.io        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;       form-action 'self' *.facebook.com *.salesforce.com;       report-to groupName; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' *.presscommtech.com *.googlesyndication.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://cdn.ckeditor.com http://www.w3.org/2000/svg https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net *.google-analytics.com clickio.mgr.consensu.org *.googletagmanager.com https://pagead2.googlesyndication.com ajax.aspnetcdn.com https://www.gstatic.com https://www.google.com https://cdn.ckeditor.com https://momentjs.com https://cdnjs.cloudflare.com https://s10.histats.com https://s4.histats.com; style-src 'self' 'unsafe-inline' data: * securepubads.g.doubleclick.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.ckeditor.com https://rsms.me; font-src 'self' 'unsafe-inline' data: * securepubads.g.doubleclick.net *.googlesyndication.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://rsms.me https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: * google.com securepubads.g.doubleclick.net doubleclick.net 2mdn.net *.googlesyndication.com clickiocdn.com *.ytimg.com https://pagead2.googlesyndication.com http://localhost:3011 https://graphics.gestionaleauto.com https://canavesetoday.it *.fbcdn.net *.quotidianocanavese.it https://cdnjs.cloudflare.com http://localhost:3131 https://images.unsplash.com https://cdn.ckeditor.com https://tailwindui.com https://www.quotidianocanavese.it https://www.torinosud.it https://www.quotidianovenaria.it https://api.trecentodieci.it; connect-src 'self' 'unsafe-inline' data: * *.2mdn.net *.doubleclick.net *.rubiconproject.com *.360yield.com securepubads.g.doubleclick.net https://stats.g.doubleclick.net *.google-analytics.com clickio.mgr.consensu.org *.clickiocdn.com canavesetoday.it pagead2.googlesyndication.com csi.gstatic.com *.googleapis.com api.telegram.org https://api.trecentodieci.it https://*.facebook.com http://localhost:3131; frame-src 'self' 'unsafe-inline' * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net *.rubiconproject.com *.googlesyndication.com youtu.be *.youtu.be *.youtube.com googleads.g.doubleclick.net tpc.googlesyndication.com *.google.com; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: * *.amazon-adsystem.com *.2mdn.net *.doubleclick.net cdn.ampproject.org securepubads.g.doubleclick.net www.googletagservices.com s.clickiocdn.com clickiocdn.com https://www.google-analytics.com clickio.mgr.consensu.org *.youtube.com https://adservice.google.it *.googletagmanager.com https://pagead2.googlesyndication.com ajax.aspnetcdn.com https://www.gstatic.com https://www.google.com https://cdn.ckeditor.com https://momentjs.com https://cdnjs.cloudflare.com https://s10.histats.com https://s4.histats.com *.googleadservices.com https://tpc.googlesyndication.com https://adservice.google.com; 1
frame-ancestors 'self' https://js.stripe.com 1
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://enam.gov.in; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://cdn.siftscience.com alcaldiapereira.agenti.com.co https://checkout.wompi.co/widget.js wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: static.placetopay.com/placetopay-logo.svg https://govco.sedeelectronica.com.co *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' alcaldiapereira.agenti.com.co wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: alcaldiapereira.agenti.com.co *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-32185cc80541060255124e4a080ed2cd'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://www.google.com https://www.google-analytics.com https://livechat.infobip.com https://www.googletagmanager.com https://kit.fontawesome.com https://www.gstatic.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://trc.taboola.com https://js.hscollectedforms.net https://unpkg.com https://cdn.botframework.com https://cdn.taboola.com https://connect.facebook.net https://www.trc.taboola.com 'unsafe-inline' 'unsafe-eval' object-src 'self' blob: 1
script-src https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-bmV0c3BhcmtlciBydWxlcyA7KQ==' 1
frame-ancestors 'self' *.elfbar.com *.elfbar.co.uk http://*.elfbar.de https://*.elfbar.de http://*.elfbar.id elfbar.ae www.elfbar.ae elfbarofficial.sk *.elfbarofficial.sk https://elfbarofficial.sk https://*.elfbarofficial.sk 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.stugsommar.se/pubweb/csp-violation 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.hitmanforum.com/logs/ https://www.hitmanforum.com/sidekiq/ https://www.hitmanforum.com/mini-profiler-resources/ https://www.hitmanforum.com/assets/ https://www.hitmanforum.com/extra-locales/ https://www.hitmanforum.com/highlight-js/ https://www.hitmanforum.com/javascripts/ https://www.hitmanforum.com/plugins/ https://www.hitmanforum.com/theme-javascripts/ https://www.hitmanforum.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://www.hitmanforum.com/assets/ https://www.hitmanforum.com/javascripts/ https://www.hitmanforum.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self';   connect-src 'self'     media.deso.org     node.deso.org     amp.deso.org     pulse.deso.org     bitclout.com:*     api.bitclout.com     pulse.bitclout.com     https://altumbase.com     https://openprosperapi.xyz     api.bitpop.dev     localhost:*     explorer.bitclout.com:*     megaswap.dev     megaswap.xyz     heroswap.com     https://api.blockchain.com/ticker     https://api.blockchain.com/mempool/fees     https://ka-f.fontawesome.com/     bitcoinfees.earn.com     api.blockcypher.com     amp.bitclout.com api.bitclout.green api.bitclout.blue     amp.diamondapp.com     api.bitclout.navy     https://videodelivery.net     https://lvpr.tv     https://upload.videodelivery.net     https://web3setu.co.in     https://api2.amplitude.com/2/httpapi     https://heapanalytics.com     https://*.hotjar.com     https://*.hotjar.io     wss://*.hotjar.com     https://diamondapp.com;   script-src 'self'     https://kit.fontawesome.com/070ca4195b.js     https://ka-f.fontawesome.com/     https://script.hotjar.com/modules.352fddba5b21bbfc3a08.js     https://cdn.heapanalytics.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com;   style-src 'self'     'unsafe-inline'     https://fonts.googleapis.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com     https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;   media-src 'self'     videos.deso.org;   img-src 'self'     data:     i.imgur.com     images.deso.org     media.deso.org     node.deso.org     images.bitclout.com     quickchart.io     arweave.net     *.arweave.net     entre-app-media-dev.s3.us-east-2.amazonaws.com     s3.amazonaws.com     *.pearl.app     *.twimg.com     cloudflare-ipfs.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com     https://icotar.com     *.mypinata.cloud;   font-src 'self'     https://fonts.googleapis.com     https://fonts.gstatic.com     https://heapanalytics.com     https://script.hotjar.com     https://ka-f.fontawesome.com;   frame-src 'self'     localhost:*     identity.deso.org     identity.deso.run     identity.deso.blue     identity.deso.green     identity.bitclout.com     identity.bitclout.blue     identity.bitclout.green     megaswap.dev     megaswap.xyz     heroswap.com     https://geo.captcha-delivery.com     https://www.youtube.com     https://iframe.videodelivery.net/     https://lvpr.tv     https://youtube.com     https://player.vimeo.com     https://www.tiktok.com     https://giphy.com     https://open.spotify.com     https://embed-standalone.spotify.com     https://w.soundcloud.com     https://player.twitch.tv     https://clips.twitch.tv     https://mousai.stream     https://vars.hotjar.com     https://iframe.videodelivery.net;   frame-ancestors 'self'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src *; manifest-src *; media-src *; object-src 'none'; prefetch-src *; worker-src *; script-src * *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline' 'unsafe-eval' data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.consensu.org *.google.com *.google-analytics.com *.pagespeed-mod.com *.etracker.com *.etracker.de *.googletagmanager.com *.eloomi.com *.signalize.com 1
base-uri 'self';           font-src * data:;           frame-ancestors 'self';           object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com 1
connect-src 'self'  wss://*.klassroom.co https://*.com https://*.co https://*.fr https://*.ly https://*.klass.ly http://*.com http://*.co http://*.fr https://*.klassroom.co  data:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-LzJfKDyiYWHzEZpldDYRy6Ef/PJsaSeJSbJ/6ZVsAEWcCR48' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src data: https: *.wtfpeople.com; worker-src blob:; style-src https: *.wtfpeople.com 'unsafe-inline'; script-src https: *.wtfpeople.com 'unsafe-inline'; media-src *; 1
default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; frame-ancestors 'none'; report-to csp; report-uri https://log.steamcore.se/csp; 1
frame-ancestors 'self' https://*.toyota.bg https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com fast.fonts.net az416426.vo.msecnd.net uksouth-1.in.applicationinsights.azure.com *.civiccomputing.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.vimeo.com *.youtube.com *.eurolandir.com *.euroland.com *.umbraco.com *.cloudflare.com *.azurewebsites.net *.comprend-test.com *.licdn.com *.linkedin.oribi.io *.linkedin.com *.azure.com 1
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io *.linkeo.com *.palatine.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr *.epalatine.fr *.palatine.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com *.linkeo.com *.banquepopulaire.fr *.palatine.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.palatine.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.palatine.fr; frame-src https: *; report-uri https://www.csp.bpce.fr/v1/record; 1
default-src 'self' data: *.dollshouse.com *.yimg.com *.googletagmanager.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com *.s3.amazonaws.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.dollshouse.com *.yimg.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; object-src 'self' *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; style-src 'self' 'unsafe-inline' *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; img-src 'self' data: *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com *.s3.amazonaws.com; media-src 'self' *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; frame-src 'self' *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; font-src 'self' data: *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com; connect-src 'self' *.dollshouse.com *.yimg.com *.cloudflare.com *.googleadservices.com *.bing.com *.google-analytics.com *.doubleclick.net *.jsdelivr.net *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.sagepay.com 1
default-src 'none'; script-src 'self' 'wasm-unsafe-eval' cdn.jsdelivr.net blob: 'unsafe-eval'; manifest-src 'self'; frame-ancestors 'none'; worker-src 'self' cdn.jsdelivr.net blob:; connect-src 'self'; base-uri 'self'; form-action 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' https://barclays.touchcast.com https://interactive.barclayslifeskills.com/ https://experience.springpod.co.uk *.crazyegg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.twitter.com connect.facebook.net m.addthis.com s7.addthis.com *.crazyegg.com static.ads-twitter.com www.gstatic.com www.google.com plausible.io https://sdk.touchcast.com  assets.calendly.com 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.comodo.com https: *.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleapis.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleapis.com https://secure.comodo.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' ; upgrade-insecure-requests; reflected-xss 'block'; 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de threedssvc.pay1.de gpc-sys.pay1.de www.paypal.com www.paydirekt.de www.sofort.com ratenkauf.easycredit.de www.mein-gartenshop24.de backoffice.koempf24.de www.btr-tools.com www.compo-gartenpflege.de www.easykauf-koempf.de www.gartengeraete-onlineshop.de www.grills.de www.heissner-teichbau.de www.karibu-onlineshop.de www.koempf-shop.de www.koempf24.ch www.koempf24.de www.mein-biggreenegg.de www.mein-saunashop.de www.mein-wekashop.de www.mein-zaunshop.de www.meister-onlineshop.de www.oase-teichbau.de www.osmo-online.de www.restberry.de www.skanholz-onlineshop.de www.snickers-onlineshop.de www.teichdiscount24.de www.teichitekten24.de www.vitavia-onlineshop.de www.wolff-finnhaus-shop.de www.ximax-onlineshop.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.paydirekt.de https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: data: gap:; object-src 'none' 1
default-src 'self' 'unsafe-inline' pixeon.com *.hotjar.com *.doubleclick.net *.jsdelivr.net *.youtube.com *.vimeo.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.cloudfront.net *.facebook.net *.googletagmanager.com *.tawk.to *.linkedin.com *.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pixeon.com *.zdassets.com *.zendesk.com *.licdn.com *.addtoany.com *.sharethis.com *.hs-scripts.com *.pipedriveassets.com *.pipedrive.com *.firebaseio.com *.googleoptimize.com *.tawk.to *.lfeeder.com *.jsdelivr.net *.linkedin.com *.hotjar.com *.wp.com *.pinterest.com *.instagram.com *.doubleclick.net *.leadster.com.br *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.cloudflare.com *.cloudfront.net *.googleadservices.com *.google.com *.google.com.br *.gstatic.com data:; style-src 'self' 'unsafe-inline' pixeon.com *.googletagmanager.com *.pipedrive.com *.pipedriveassets.com *.tawk.to *.jsdelivr.net *.linkedin.com *.hotjar.com  *.cloudflare.com *.googleapis.com; img-src 'self' 'unsafe-inline' *.amazonaws.com *.ytimg.com *.w.org *.lfeeder.com *.zendesk.com *.cloudflare.com *.gstatic.com *.googleapis.com pixeon.com *.tawk.to tawk.link pixeon.com *.cloudfront.net data: *.tawk.to tawk.link *.linkedin.com *.hotjar.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.gravatar.com *.wp.com *.googletagmanager.com *.doubleclick.net; connect-src 'self' pixeon.com *.google.com yoast.com *.rdops.systems *.lfeeder.com *.crwdcntrl.net cdn.linkedin.oribi.io *.facebook.com *.hotjar.io *.pipedrive.com *.pipedriveassets.com *.firebaseio.com *.zdassets.com *.sharethis.com *.zendesk.com *.googleapis.com *.leadster.com.br *.rdstation.com.br *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.tawk.to wss://*.tawk.to wss://*.firebaseio.com *.linkedin.com *.hotjar.com wss://*.hotjar.com; font-src 'self' data: 'unsafe-inline' *.tawk.to *.googleapis.com *.gstatic.com *.zendesk.com; object-src 'self'; media-src 'self'; form-action 'self' pixeon.com *.pipedrive.com *.pipedriveassets.com *.facebook.com *.googletagmanager.com *.tawk.to *.linkedin.com *.hotjar.com; frame-src pixeon.com *.pixeon.com securityscorecard.com *.securityscorecard.com *.pathfactory.com play.ht *.sharethis.com *.youtube.com *.pipedrive.com *.firebaseio.com *.zendesk.com *.addtoany.com *.tawk.to *.google.com *.hotjar.com *.facebook.com; frame-ancestors 'self' pixeon.com *.securityscorecard.com; report-uri https://www.pixeon.com?gdsih-csp-report; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com blob:; font-src 'self'; img-src 'self' http: https: blob: 'unsafe-inline'; media-src 'self' https://cdn.ych.art blob:; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'sha256-xe/OzeYzMoPAN63Uvl2fqORTe+wuNWy8rqc3YiM3JYU=' 'sha256-voqoKUMrcWk2X/6LHQBhCBIQs4jisisGNsDEfGJUI/8='; style-src 'self' 'sha256-Do/Bu2HU9dgvvDDrPWY8Dx/uhsfevl88VmLJzj3Y9kA=' 'sha256-aABiI/f7CrymsdIHtEfU3tqw8H/Dhsbpn5qcRVQmMHE=' 1
frame-src *.google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net; 1
frame-ancestors 'self' *.mybusiness.it mybusiness.it *.gstatic.com *.tim.it *.google-analytics.com 1
frame-ancestors 'self' withmuu.com *.withmuu.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NGVhYTY0NTM2NDdjNDI5NGFhZDk2Y2I4OGRlOWU4ZjU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ndw.nu; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ndw.nu; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ndw.nu; frame-ancestors 'none'; upgrade-insecure-requests 1
defaut-src'none';script-src'none'frame-ancestors'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com unpkg.com *.newrelic.com *.nr-data.net nr-data.net js.stripe.com pay.google.com outrightinternational.bamboohr.com/js/embed.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js outrightinternational.us5.list-manage.com *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.google.com *.analytics.google.com *.paypalobjects.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com doublethedonation.com *.doublethedonation.com *.mailchimp.com; img-src 'self' data: *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com ucarecdn.com www.gstatic.com resources.bamboohr.com www.google-analytics.com/* pay.google.com *.google.com *.paypal.com *.google-analytics.com *.paypalobjects.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com tgbwidget.com *.tgbwidget.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com *; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com *.stripe.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com *.fundraiseup.com fndrsp.net *.fndrsp.net doublethedonation.com *.doublethedonation.com nr-data.net fndrsp-checkout.net outrightinternational.bamboohr.com bam.nr-data.net *.fundraiseup.com *.stripe.com *.paypal.com *.plaid.com *.mastercard.com *.checkout.visa.com api.addressy.com *.google.com *.analytics.google.com google.com/pay; report-uri /report-csp-violation 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: data: https://*.captrust.com https://www.captrust.com https://*.captrustcommunityfoundation.org https://www.captrustcommunityfoundation.org https://*.google.com https://*.googleapis.com https://*.googleanalytics.com https://*.clickdimensions.com https://*.gstatic.com https://*.stripe.com https://stripe.com http://stripe.com http://*.stripe.com; style-src 'unsafe-inline' http: https: data: https://*.captrust.com https://*.captrustcommunityfoundation.org https://*.googleapis.com https://*.gstatic.com https://*.stripe.com http://*.stripe.com http://stripe.com; img-src http: https: data: https://*.stripe.com www.googletagmanager.com; font-src http: https: data:; object-src 'none'; base-uri * 'self' https://*.stripe.com https://stripe.com http://*.stripe.com http://stripe.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.tiny.cloud https://*.mapbox.com https://cdn.jsdelivr.net https://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' https://www.summitappliance.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://sp.tinymce.com/ https://cdn.tiny.cloud https://google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://api.tiles.mapbox.com https://www.recaptcha.net https://www.gstatic.com https://connect.facebook.net https://*.cloudflare.com https://snap.licdn.com https://s.pinimg.com https://api.paytrace.com https://sealserver.trustwave.com 'nonce-LvqovJfQcUr2l5YYPsIMyw=='; img-src 'self' data: https://sp.tinymce.com/ https://*.cloudfront.net/ https://seal-newyork.bbb.org/seals/blue-seal-293-61-bbb-10186.png https://*.google-analytics.com https://*.doubleclick.net https://i.ytimg.com https://ct.pinterest.com https://px.ads.linkedin.com https://p.adsymptotic.com https://paytrace.com https://sealserver.trustwave.com https://www.googletagmanager.com ; worker-src 'self' blob:; connect-src 'self' https://cdn.tiny.cloud https://*.cloudfront.net/ https://connect.facebook.net/ https://*.google-analytics.com https://*.mapbox.com https://www.recaptcha.net https://www.gstatic.com https://*.googletagmanager.com https://ct.pinterest.com https://stats.g.doubleclick.net https://snap.licdn.com/ https://s.pinimg.com/ https://s.pinimg.com/ct/core.js https://px.ads.linkedin.com/collect https://seal-newyork.bbb.org/seals/blue-seal-293-61-bbb-10186.png https://p.adsymptotic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io/ ; frame-src 'self' https://www.recaptcha.net https://*.youtube.com https://ct.pinterest.com; frame-ancestors 'self'; font-src 'self'; media-src 'self'; base-uri 'self'; form-action 'self' https://summitappliance.us5.list-manage.com/subscribe/post; manifest-src 'self'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.googleapis.com https://*.healthwise.net https://*.gstatic.com https://cdnjs.cloudflare.com https://*.wpmucdn.com https://apps.healthgrades.com https://*.fontawesome.com https://*.wistia.com https://*.gyantts.com https://code.jquery.com https://ajax.microsoft.com https://unpkg.com http://ajax.googleapis.com https://*.facebook.com https://*.facebook.net https://static.xx.fbcdn.net https://twemoji.maxcdn.com https://scan.onlineada.com/webservice/v1/scan https://cdn.jsdelivr.net https://yoast.com; style-src 'self' 'unsafe-inline' https://assetpool.healthwise.net https://hello.myfonts.net https://*.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com https://*.wpmucdn.com https://apps.healthgrades.com https://*.fontawesome.com https://*.gyantts.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.healthwise.net https://*.googleapis.com https://premium.wpmudev.org https://www.google.cz https://secure.gravatar.com https://*.metrohealth.net https://s3.amazonaws.com https://*.gyant.com https://ps.w.org https://*.cloudfront.net https://thefoxwp.com https://i.ytimg.com; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://my.yoast.com https://*.fontawesome.com https://accounts.onlineada.com https://*.gyantts.com https://s3.amazonaws.com wss://*.gyantts.com https://yoast.com https://maps.googleapis.com https://scan.onlineada.com/webservice/v1/scan https://scan.onlineada.com; font-src 'self' data: https://assetpool.healthwise.net https://fonts.gstatic.com https://*.fontawesome.com https://*.gyantts.com; media-src 'self' https://*.healthwise.net; child-src 'self' blob: https://*.youtube.com https://*.vimeo.com https://*.google.com https://media.healthwise.net https://*.facebook.com https://*.facebook.net https://*.elegantthemes.com https://*.uofmhealthwest.org https://uofmhealthwest.org; form-action 'self' https://*.metrohealth.net https://accounts.onlineada.com; object-src 'none' 1
frame-ancestors 'self' hht.fhbrundle.co.uk 1
default-src 'self' data: *;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.ionicframework.com blueimp.github.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.jsdelivr.net embed.tawk.to;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com ssl.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net ajax.googleapis.com snap.licdn.com *.linkedin.com cdnjs.cloudflare.com cdn.ckeditor.com static.doubleclick.net maxcdn.bootstrapcdn.com storage.trafic.ro secure.trafic.ro cdn.jsdelivr.net embed.tawk.to static.hotjar.com script.hotjar.com *.googlesyndication.com *.google.ro *.google.com *.googleadservices.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.ionicframework.com embed.tawk.to;img-src 'self' blob: data: http: https: www.google-analytics.com stats.g.doubleclick.net www.google.com maps.googleapis.com maps.gstatic.com www.google.ro *.facebook.com img.youtube.com i.ytimg.com cdn.ckeditor.com ajax.googleapis.com www.giftseize.io;frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com youtube.com youtu.be *.facebook.com *.facebook.net cdnjs.cloudflare.com cdn.ckeditor.com vars.hotjar.com googleads.g.doubleclick.net tpc.googlesyndication.com *.doubledowncasino2.com *.houseoffuns.com *.slotomania.com doubleucasino.com;connect-src 'self' www.google-analytics.com connect.facebook.net www.facebook.com www.google.com www.google.ro *.youtube.com cdnjs.cloudflare.com cdn.ckeditor.com va.tawk.to embed.tawk.to stats.g.doubleclick.net in.hotjar.com wss://ws7.hotjar.com *.googlesyndication.com *.google.com *.google-analytics.com; 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://ekr.zdassets.com/ https://garminapac.zendesk.com wss://widget-mediator.zopim.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://www.google.co.in; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com; media-src 'self' https://static.zdassets.com; object-src 'none'; upgrade-insecure-requests; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: blob: 'unsafe-inline'; font-src * data:; media-src * blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-eval' *.hs-scripts.com *.iubenda.com http://cdn.hoog.design 'unsafe-inline' exch.hoog.design *.vimeo.com vumbnail.com *.googleapis.com blob: data: *.gstatic.com *.googletagmanager.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com js.hsforms.net unpkg.com cdnjs.cloudflare.com *.google.com *.pinterest.com *.tiktok.com *.youtube.com *.pinimg.com forms.hsforms.com *.hubspot.com *.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com pagead2.googlesyndication.com www.google.nl forms-na1.hsforms.com s3.eu-west-2.amazonaws.com *.google-analytics.com static.hotjar.com cdn.leadinfo.net connect.facebook.com script.hotjar.com collector.leadinfo.net connect.facebook.net api.leadinfo.com www.facebook.com http://yoast.com http://my.yoast.com *.s.w.org *.wp.com *.googleadservices.com; 1
script-src 'self' 'sha256-vrsmLWKJ35+1hfEplxt8Oe+LskRCfiEHjKHsRDK9jnI=' 'sha256-zRhqRkmFE87yOmYoQPgBoUj8NMHjrYc3uo6+Twt9+sw=' *.tiktok.com *.ttwstatic.com; worker-src 'self' blob:; 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss: 1
default-src 'none'; object-src 'self'; font-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.recaptcha.net *.bloomberg.com *.newrelic.com assets.bwbx.io stg-assets-bwbx.bloomberg.com bam.nr-data.net; base-uri 'self'; media-src player.vimeo.com fpdl.vimeocdn.com gcs-vimeo.akamaized.net vod-progressive.akamaized.net; style-src 'self' 'unsafe-inline' *.bloomberg.com assets.bwbx.io fonts.googleapis.com; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.recaptcha.net *.bloomberg.com *.newrelic.com assets.bwbx.io stg-assets-bwbx.bloomberg.com bam.nr-data.net stats.g.doubleclick.net data: blob:; connect-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.recaptcha.net *.bloomberg.com *.newrelic.com assets.bwbx.io stg-assets-bwbx.bloomberg.com bam.nr-data.net stats.g.doubleclick.net; frame-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.recaptcha.net *.bloomberg.com *.newrelic.com assets.bwbx.io stg-assets-bwbx.bloomberg.com bam.nr-data.net player.vimeo.com; script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.gstatic.cn *.recaptcha.net *.bloomberg.com *.newrelic.com assets.bwbx.io stg-assets-bwbx.bloomberg.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-n2HlXVXZ9bqJAHSsqahkBWdycsMOvZ1STZRECtIma3OZqNUQ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors  https://*.toloka.ai https://toloka.ai https://*.toloka-test.ai https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-toloka.com&project=toloka; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.google.com *.doubleclick.net *.ytimg.com *.facebook.com *.facebook.net *.cloudflare.com *.azure.com *.telerik.com *.youtube-nocookie.com *.twitter.com *.ads-twitter.com *.t.co *.googlevideo.com; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-V0UzK2tueUNWRmdrL29qaFRXVHlWMU8xcE9HS0ZFWTFsaDR3c2tNdlBEQT06ZHdESTFCYm1iVEZuc2R5VWRRKzBCeWFlekx2ZU96NTQwMDBiMERBZlhsUT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: nextcloud.emphisia.nl:3478 wss://nextcloud.emphisia.nl;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src  'none'; object-src   'self'; style-src    'self' 'unsafe-inline' blob:; script-src   'self'; connect-src  'self' api.usp.gv.at; child-src    'self' www.handy-signatur.at www.a-trust.at www.youtube.com www.youtube-nocookie.com; img-src      * 'self' data:; font-src     'self'; block-all-mixed-content; 1
default-src 'none'; connect-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua *.bitrix24.com *.bitrix24.com ws: wss *.ittour.com.ua *.tripadvisor.com *.hotellook.com *.travelpayouts.com api.tourspo.com tickets.kiyavia.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.facebook.com *.doubleclick.net *.plerdy.com; script-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua bo.rezonuniversal.com aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua openlayers.org *.tripadvisor.com *.ittour.com.ua api.tourspo.com *.plerdy.com www.google.com tickets.kiyavia.com cdn.nemo.travel code.jquery.com *.googletagmanager.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com connect.facebook.net *.facebook.com *.doubleclick.net stats.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: cdnjs.cloudflare.com office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua openlayers.org unpkg.com *.tripadvisor.com *.ittour.com.ua api.tourspo.com cdn.jsdelivr.net cdn.nemo.travel fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: cdnjs.cloudflare.com office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.uaaviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.tripadvisor.com *.ittour.com.ua fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: * office.iterios.com www.portmone.com.ua agent.kiyavia.com kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua *.ittour.com.ua *.openstreetmap.org openlayers.org *.tile.openstreetmap.org www.googletagmanager.com *.itour.com.ua cdn.tourismcloudservice.com i.travelapi.com *.tripadvisor.com *.goglobal.travel *.contentinn.com *.plerdy.com img.tourspo.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.facebook.com *.doubleclick.net; media-src 'self' office.iterios.com www.portmone.com.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com ; base-uri 'self'; form-action 'self' office.iterios.com www.portmone.com.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com *.tripadvisor.com *.hotellook.com *.facebook.com tickets.kiyavia.com secure.wayforpay.com kiyavia.ua *.liqpay.ua; frame-ancestors 'self'; frame-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net www.youtube.com youtu.be ad.adriver.ru *.tripadvisor.com *.plerdy.com airadvisor.com b2c.amadeusinsurance.com www.portmone.com.ua www.google.com *.facebook.com; manifest-src 'self'; object-src 'self'; 1
frame-src https://*.karls-shop.de https://*.mollie.com https://*.paypal.com https://my.matterport.com https://*.klarna.com https://*.youtube-nocookie.com/ 1
img-src 'self' *.arcgis.com *.mcusercontent.com *.cartocdn.com *.miadi.net *.ecmaps.de *.destination.one *.twimg.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.fliphtml5.com *.cloudfront.net *.kiel.de https://baumgardt-maps.de http://t1.openseamap.org *.livespotting.com  *.et4.de *.eye-able.com; child-src youtube.com *.youtube.com *.mcusercontent.com *.et4.de *.kiel.de *.thinglink.com *.ecmaps.de *.destination.one *.thinglink.me *.youtube-nocookie.com *.youtu.be *.vimeo.com vimeo.com *.manage2sail.com *.eye-able.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.destination.one *.et4.de *.thinglink.me *.thinglink.com *.kiel.de *.cloudfront.net https://baumgardt-maps.de http://t1.openseamap.org *.livespotting.com *.arcgis.com *.eye-able.com; style-src 'self' 'unsafe-inline' *.kiel.de *.cloudfront.net https://fonts.googleapis.com  *.twimg.com *.instagram.com *.cdninstagram.com *.livespotting.com *.arcgis.com *.eye-able.com; object-src 'none' 1
default-src 'self' www.google.com www.youtube.com player.vimeo.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com; font-src * data:;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; style-src * 'unsafe-inline'; object-src 'none' 1
default-src 'self' blob: data:; media-src 'self' blob: data:; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' blob: data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com; connect-src 'self' data: wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src blob: data: www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors https://*.anadolujet.com/ http://*.anadolujet.com *.anadolujet.com;  1
all; upgrade-insecure-requests 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://dc.yieldify.com https://*.cloudfront.net https://scontent.cdninstagram.com https://pbs.twimg.com https://go.flx1.com https://secure.adnxs.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://assets.yieldify.com https://adservice.google.com https://*.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://tags.w55c.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://secure.getprice.com.au https://a.b0e8.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://cx.atdmt.com https://tr.outbrain.com https://r.turn.com *.id.amgdgt.com https://*.yieldify.com https://c.clarity.ms https://pixel.quantserve.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://giftcreation.giftflick.com.au https://gf-cdn.s3-ap-southeast-2.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://a1.b0e8.com; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co  https://cdn.giftflick.com.au/; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.xlovecam-girls.com:9080 www.xlovecam-girls.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xlovecam-girls.com wss://www.xlovecam-girls.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705979950 1
script-src 'nonce-BHVeOyduTS5dpZgMWvSc755ewbqKXJC9TxcbNsu48HS4xKhacxJMna1OFU9ORDZm' 'strict-dynamic' https: 'self' 'unsafe-eval'; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yoshki.com *.googleapis.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.jquery.com *.typekit.net *.googlecode.com *.passle.net *.googletagmanager.com *.google.com *.hotjar.com *.hotjar.io *.wistia.net *.wistia.com *.crazyegg.com *.litix.io *.akamaihd.net *.ubembed.com; img-src * data:; media-src * blob:; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bubbi.ai *.jobylon.com *.here.com *.imbox.se *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.imbox.io *.bing.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.klarna.com *.gstatic.com *.google.com *.mynewsdesk.com *.cookiebot.com;font-src 'self' data:;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.imbox.se *.here.com *.facebook.net *.imbox.io *.bing.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.klarna.com *.gstatic.com *.google.com *.mynewsdesk.com *.cookiebot.com;object-src 'self'; 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://tuclothing.sainsburys.co.uk/csp-report 1
default-src * 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagassistant.google.com/ ajax.googleapis.com player.vimeo.com cdn.ywxi.net/ taxcloud.net/tic/ *.google-analytics.com ssl.google-analytics.com/ code.jquery.com cdn.ywxi.net *.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com/ seal.thawte.com/ connect.facebook.net/ www.bellevilleboot.com bellevilleboot.com use.typekit.net/  acsbapp.com/apps/app/dist/js/; connect-src  *; style-src 'self' 'unsafe-inline' www.googletagmanager.com tagassistant.google.com/ ajax.googleapis.com p.typekit.net/ cdn.ywxi.net/ fonts.googleapis.com code.jquery.com/ cdnjs.cloudflare.com/ taxcloud.net/tic/ use.typekit.net/ https://ssl.google-analytics.com/ acsbapp.com/apps/app/dist/js/; img-src data: *; font-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.ywxi.net/ fonts.googleapis.com fonts.gstatic.com www.bellevilleboot.com bellevilleboot.com use.typekit.net/; frame-src ajax.googleapis.com www.trustedsite.com/ cdn.ywxi.net/ taxcloud.net/tic/  www.facebook.com/ staticxx.facebook.com/ www.mcafeesecure.com/ www.google.com/ player.vimeo.com/  vimeo.com/ www.vimeo.com/ cdnjs.cloudflare.com/ www.bellevilleboot.com  bellevilleboot.com use.typekit.net/ ssl.google-analytics.com/ tagassistant.google.com/ www.googletagmanager.com acsbapp.com/apps/app/dist/js/; object-src 'self' 1
default-src https://drive.google.com *.lfeeder.com *.leadfeeder.com https://www.e-point.pl snitcher.com dbcms.s3.amazonaws.com 'self'; font-src https://fonts.gstatic.com https://www.e-point.pl https://drive.google.com 'self'; style-src https://drive.google.com https://tagmanager.google.com vjs.zencdn.net https://www.e-point.pl https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src http://static.hotjar.com https://www.linkedin.com https://www.e-point.pl https://www.facebook.com https://maps.googleapis.com https://track.hubspot.com https://googleads.g.doubleclick.net https://www.gstatic.com https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://www.google.com https://track-eu1.hubspot.com *.lfeeder.com https://csi.gstatic.com https://www.google.pl https://drive.google.com https://forms.hsforms.com https://maps.gstatic.com https://px.ads.linkedin.com http://www.google-analytics.com https://forms-eu1.hsforms.com https://www.google-analytics.com https://ssl.gstatic.com *.leadfeeder.com https://p.adsymptotic.com https://doc-0k-4o-docs.googleusercontent.com 'self' data:; frame-src https://www.google.com www.facebook.com https://player.vimeo.com https://meetings-eu1.hubspot.com https://vars.hotjar.com https://www.e-point.pl https://widget.clutch.co https://www.facebook.com http://staticxx.facebook.com https://drive.google.com https://tpc.googlesyndication.com https://forms-eu1.hsforms.com https://www.youtube.com 'self'; script-src http://static.hotjar.com https://js.hs-analytics.net https://script.hotjar.com https://www.e-point.pl https://www.googleadservices.com https://js-eu1.hsforms.net https://www.fullstory.com https://widget.clutch.co https://sjs.bizographics.com https://keyword-hero.com https://js.hs-banner.com https://maps.googleapis.com https://static.hsappstatic.net https://js-eu1.hs-analytics.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.gstatic.com https://js.hscollectedforms.net https://js-eu1.hscollectedforms.net https://a-epoint.youlead.pl vjs.zencdn.net https://cdn.jsdelivr.net sc.lfeeder.com https://www.google.com https://tagmanager.google.com *.lfeeder.com http://connect.facebook.net https://js-eu1.hs-banner.com https://js.hs-scripts.com https://m-epoint.youlead.pl https://snap.licdn.com snitcher.com js-eu1.hs-scripts.com https://drive.google.com https://fullstory.com lftracker.leadfeeder.com http://www.google-analytics.com https://skk.erecruiter.pl https://forms-eu1.hsforms.com https://www.googletagmanager.com http://tagmanager.google.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com *.leadfeeder.com https://js-eu1.hscta.net 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://www.e-point.pl https://drive.google.com 'self'; connect-src https://forms-eu1.hscollectedforms.net https://www.e-point.pl https://stats.g.doubleclick.net wss://ws4.hotjar.com https://www.fullstory.com http://graylog.hotjar.com:12080 https://keyword-hero.com https://forms-eu1.hubspot.com https://ws3.hotjar.com https://googleads.g.doubleclick.net https://forms.hubspot.com wss://ws3.hotjar.com https://cdn.linkedin.oribi.io www.google-analytics.com https://ws8.hotjar.com https://tagmanager.google.com https://vc.hotjar.io wss://ws2.hotjar.com https://js-eu1.hs-banner.com http://insights.hotjar.com https://graylog.hotjar.com:12443 https://drive.google.com https://region1.analytics.google.com wss://ws8.hotjar.com https://in.hotjar.com https://fullstory.com wss://ws1.hotjar.com wss://ws5.hotjar.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://rs.fullstory.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com 'self' 1
default-src 'self'; script-src 'self' 'nonce-36de551d45eb27bb164ee637' https://optimize.google.com https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'nonce-36de551d45eb27bb164ee637' https://fonts.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://cdn.jsdelivr.net https://i.vimeocdn.com; frame-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://chat.tkppensioen.nl https://code.jquery.com https://*.tkppensioen.nl; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' http://rutronik.com https://netronik.rutronik.com http://staffbase.com capacitor://netronik.rutronik.com capacitor://staffbase.com; 1
default-src 'unsafe-inline'; worker-src blob: data: *.clarity.ms *.bing.com;media-src 'self' www.kokuyocamlin.com; child-src blob: gap: td.doubleclick.net; connect-src 'self' jsonip.com www.gstatic.com www.google-analytics.com camelwonderland.s3.ap-south-1.amazonaws.com apps.8thwall.com logs.8thwall.com *.clarity.ms *.ding.com stats.g.doubleclick.net blob: data: *.clarity.ms *.bing.com; img-src 'self' 'unsafe-inline' adservice.google.com secure.adnxs.com ad.doubleclick.net www.googletagmanager.com www.google.co.in www.google.com www.facebook.com cdn.8thwall.com camelwonderland.s3.ap-south-1.amazonaws.com www.google-analytics.com blob: data: *.clarity.ms *.bing.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com apps.8thwall.com googleads.g.doubleclick.net connect.facebook.net cdn.8thwall.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com code.jquery.com cdn.datatables.net www.clarity.ms cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' jsonip.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.8thwall.com apps.8thwall.com camelwonderland.s3.ap-south-1.amazonaws.com www.googletagmanager.com googletagmanager.com cdn.datatables.net code.jquery.com unpkg.com d3js.org; style-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net cdn.jsdelivr.net; font-src 'self' 'unsafe-inline' camelwonderland.s3.ap-south-1.amazonaws.com cdn.8thwall.com fonts.googleapis.com fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com; object-src 'none' 1
frame-ancestors 'self' https://goauto.ca https://*.goauto.ca https://*.goauto.io 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.arztnoe.at https://maps.googleapis.com/ https://www.youtube.com/; frame-ancestors 'self' *.dr-preissl.at; frame-src 'self' https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://maps.gstatic.com/ https://maps.googleapis.com/ *.arztnoe.at/; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://maps.googleapis.com/ https://stats.arztnoe.at/; style-src 'unsafe-inline' 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://channels.im; img-src 'self' https: data: blob: https://channels.im; style-src 'self' https://channels.im 'nonce-d1J2HiGtRnR0rk9bjARpbw=='; media-src 'self' https: data: https://channels.im; frame-src 'self' https:; manifest-src 'self' https://channels.im; form-action 'self'; connect-src 'self' data: blob: https://channels.im https://media.channels.im wss://channels.im; script-src 'self' https://channels.im 'wasm-unsafe-eval'; child-src 'self' blob: https://channels.im; worker-src 'self' blob: https://channels.im 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: ; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: ; style-src data: 'unsafe-inline' https: ;  img-src data: https: blob: ; font-src data: https: ; connect-src https: wss: ;media-src https: blob: ; object-src https: ; child-src https: data: blob: ; form-action https: ; block-all-mixed-content 1
frame-ancestors 'self'                    cbsplit.com       pinealxt.com       pinealxt-com.cbsplit.com ; 1
default-src 'self' rual-ws.heyl.nl www.heyl.nl htttps://*.analytics.google.com https://connect.facebook.net; script-src 'self' 'nonce-1LdhvmwZ7Duv3HiPg98YmMHP438=' 'unsafe-inline' rual-ws.heyl.nl www.heyl.nl https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://erp.heyl.nl https://*.analytics.google.com https://connect.facebook.net https://*.pinimg.com https://unpkg.com https://*.doubleclick.net https://*.googlesyndication.com https://cdn.jsdelivr.net https://www.gstatic.com; connect-src 'self' www.heyl.nl wss://rual-ws.heyl.nl https://www.google-analytics.com https://region1.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net  https://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://connect.facebook.net https://*.pinimg.com https://*.pinterest.com/ https://*.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://www.gstatic.com; img-src http: data: https: blob: https://erp.heyl.nl; style-src 'self' https: 'unsafe-inline'; child-src 'self' rual-ws.heyl.nl www.heyl.nl https://www.youtube.com https://*.hotjar.com  https://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com https://*.pinimg.com https://*.pinterest.com/ https://*.doubleclick.net https://*.googlesyndication.com blob:; font-src 'self' https: data: 'nonce-1LdhvmwZ7Duv3HiPg98YmMHP438='  https://db.onlinewebfonts.com https://fonts.gstatic.com; 1
font-src https: data:; upgrade-insecure-requests; 1
default-src *;img-src * 'self' data:;worker-src blob:; script-src blob: https://cdn.jsdelivr.net https://*.googletagmanager.com https://image.sendsay.ru https://*.google-analytics.com https://connect.facebook.net https://cdn.ckeditor.com https://aviata.kz https://epay.kkb.kz https://youtube.com https://registry.yarnpkg.com https://static.opentok.com https://aacsw.3ds.verifiedbyvisa.com https://websdk.altyn-i.kz https://mc.yandex.ru 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' 'unsafe-inline' https://websdk.altyn-i.kz; 1
frame-ancestors 'self'; report-uri https://5eb1e20184090c563b06661b.endpoint.csper.io; 1
frame-ancestors 'self' https://www.visitaarhus.com https://*.www.visitaarhus.com https://api.www.www.visitaarhus.com 1
frame-ancestors 'self' uat-online.nefcu-vsecu.com uat-online.vsecu.com online.vsecu.com online.nefcu-vsecu.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.9/jquery.validate.js s.go-mpulse.net https://tags.crwdcntrl.net/c/12323/cc_af.js www.google-analytics.com static.hotjar.com dev.visualwebsiteoptimizer.com https://sc-static.net/scevent.min.js https://connect.facebook.net/en_US/fbevents.js https://collector-1854.tvsquared.com/tv2track.js https://tags.bkrtx.com/js/bk-coretag.js https://s.yimg.com/wi/ytc.js a.tribalfusion.com *.mastercard.com; img-src data: 'self' uip.semasio.net *.visualwebsiteoptimizer.com sp.analytics.yahoo.com www.google-analytics.com www.google.com; connect-src https://s.yimg.com https://tr.snapchat.com https://c.go-mpulse.net https://stats.g.doubleclick.net *.akstat.io 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://cdn.rtlcss.com/bootstrap/v4.0.0/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css; font-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com; frame-src wvjbscheme: 'self' maps-aws.mcdelivery.co.id mcdelivery.co.id  *.doubleclick.net web.nicepay.co.kr data: blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' data: data.bitstorm.org; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data.bitstorm.org; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://o224348.ingest.sentry.io/api/5373220/security/?sentry_key=ba196a3eefba43bb9747fdf793d32776; worker-src 'self'; 1
frame-ancestors 'self' https://amcsgroup.sharepoint.com/ 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.krxd.net *.typeform.com www.repsol.com www.dev-com.repsol.com www.google.com cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src * 1
frame-ancestors 'self' https://www3.eigendev.com/ https://staging.eigendev.com/ https://www.google.com/; 1
default-src 'self' https://www.google.com/recaptcha/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ccn-cert.cni.es https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://code.jquery.com/jquery-3.6.0.min.js https://ines-bi.ccn-cert.cni.es/; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/releases/v5.14.0/css/all.css https://fonts.googleapis.com/ https:; img-src 'self' https://www.acyba.com data:; connect-src 'self' data: https://*.googleapis.com/ https://www.acyba.com https://api.joomlatools.com; child-src 'self' https://*.ccn-cert.cni.es https://*.google.com/ https://youtube.com https://www.youtube.com; frame-ancestors 'self' https://*.ccn-cert.cni.es; object-src  'self' data:; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com http://themes.googleusercontent.com data:; base-uri 'self'; form-action *; 1
frame-ancestors adidas-emergingmarkets.com 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net *.google.com *.addthis.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com store.paradoxlabs.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io *.authorize.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.authorize.net *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' static.addtoany.com ajax.googleapis.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net unpkg.com public.tableau.com seal.digicert.com chatbot.nopaperforms.com https://www.powr.io https://*.globalsign.com https://chatcdn.npfs.co https://chatbot.in8.nopaperforms.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com  cdn.jsdelivr.net cdnjs.cloudflare.com chatbot.nopaperforms.com; img-src 'unsafe-inline' 'self' data: www.google-analytics.com www.google.co.in www.google.com public.tableau.com seal.digicert.com chatbot.nopaperforms.com gim.ac.in www.facebook.com www.google.co.in https://*.globalsign.com https://chatcdn.npfs.co https://chatbot.in8.nopaperforms.com; frame-src 'self' *.youtube.com *.google.com *.tableau.com static.addtoany.com chatbot.nopaperforms.com www.powr.io https://chatbot.in8.nopaperforms.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com chatbot.nopaperforms.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net chatbot.nopaperforms.com analytics.google.com https://vcdn.powr.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; connect-src 'self' https: wss://*.karte.io; report-uri /csp-violation-report-endpoint 1
block-all-mixed-content; frame-ancestors 'self' fantasticpestcontrol.co.uk cdn.fantasticpestcontrol.co.uk api.fantasticservices.com wss://*.hotjar.com wss://*.hotjar.io cobrowsing.freshchat.com wss://*.pusher.com wss://*.freshworksapi.com https://*.pusher.com https://*.freshworksapi.com; 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.mikescomputerrescue.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-dpKY8L+4+B6Q2P/jCf3f3gbyAuwNW50gut67LRh6nCk+sOSw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-gdy72uYzc3YZLmrBu42sOayEG8w=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' https://www.google.com *.galaxyentertainment.com 'unsafe-inline' 'unsafe-eval' blob: data:;     connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com;     style-src 'self' 'unsafe-inline' *.galaxyentertainment.com https://fonts.googleapis.com https://apis.google.com;     font-src 'self' 'unsafe-inline' https://fonts.gstatic.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://api.corporateshowcase.com https://www.googletagmanager.com;     frame-ancestors 'self';     frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.irasia.com;     object-src 'none'; 1
https: 'unsafe-inline'; frame-ancestors *.boqueria.barcelona; base-uri https://www.boqueria.barcelona; form-action https://www.boqueria.barcelona 1
frame-ancestors 'self' youtube.com; 1
frame-ancestors 'self' www.groz-beckert.com www.groz-beckert.cn one.sitrion.com; 1
frame-ancestors 'self' https://*.zirmed.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-v7U68Dkl9qv8lR1_OMTabA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;img-src 'self' data: https://jira.sehlat.io;frame-ancestors 'self';object-src 'none';script-src 'self' 'unsafe-eval' unsafe-inline;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://login.microsoftonline.com https://dc.services.visualstudio.com https://id.sehlat.io https://minio.sehlat.io;form-action 'self' 1
frame-ancestors *.needmytranscript.com; 1
default-src https:; img-src https: data:; font-src https: data:; frame-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-bOH88DuwwbwV73X3/RSY89YfbqD0h/TO6oo1c69S8FvGjQX8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io ws://*.entur.io ws://*.entur.org wss://*.entur.io wss://*.entur.org https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com https://stats.g.doubleclick.net https://*.tiles.mapbox.com https://api.mapbox.com https://cgchat.callguide.telia.com https://europe-west1-ent-client-nordic-dev.cloudfunctions.net https://search-dot-ent-client-nordic-dev.ew.r.appspot.com https://europe-west1-ent-selvbet-terraform-dev.cloudfunctions.net https://search-dot-ent-selvbet-terraform-dev.ew.r.appspot.com https://europe-west1-entur-dev.cloudfunctions.net https://europe-west1-entur-staging.cloudfunctions.net https://europe-west1-entur-beta.cloudfunctions.net https://europe-west1-entur-prod.cloudfunctions.net https://search-dot-entur-prod.appspot.com https://search-dot-entur-beta.appspot.com https://search-dot-entur-staging.appspot.com https://search-dot-entur-dev.appspot.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://o209253.ingest.sentry.io https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.net/ https://n8p3h7hj.api.sanity.io https://europe-west1-entur-feedback-staging.cloudfunctions.net https://europe-west1-entur-feedback.cloudfunctions.net https://eu.posthog.com https://app.posthog.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com https://apis.google.com https://ajax.googleapis.com https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com https://entur.humany.net https://eu.posthog.com; img-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io https://firebasestorage.googleapis.com https://storage.googleapis.com https://events.mapbox.com https://www.google.no data: blob: https://events.mapbox.com https://www.google.com *.googleusercontent.com *.doubleclick.net https://humany.blob.core.windows.net https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://n8p3h7hj.api.sanity.io https://cdn.sanity.io; style-src 'self' 'unsafe-inline' https://events.mapbox.com https://api.tiles.mapbox.com https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com https://app-static.eu.posthog.com; font-src 'self' https://ace-knowledge-cdn.teliacompany.net https://fonts.gstatic.com https://entur.humany.net; frame-ancestors *; frame-src 'self' https://events.mapbox.com https://www.google.com gstatic.com www.gstatic.com https://wds.callguide.telia.com/ https://traveller.entur.org https://traveller.dev.entur.org https://traveller.staging.entur.org https://traveller.beta.entur.org https://traveller.entur.no https://traveller.dev.entur.no https://traveller.staging.entur.no https://traveller.beta.entur.no https://entur.humany.net https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/ https://wds.ace.teliacompany.com; object-src 'none'; child-src blob:; media-src 'self' entur.no *.entur.no en-tur.no *.en-tur.no entur.org *.entur.org *.entur.io https://api.ace.teliacompany.net https://chat2.ace.teliacompany.net/ https://chat.ace.teliacompany.net/; report-to csp-endpoint; report-uri https://o209253.ingest.sentry.io/api/5375677/security/?sentry_key=f1a2119edc794e3faf68165d5f75e1eb 1
default-src 'self' data: gap: content:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.es https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.de https://*.kaspersky.com.br https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.ru https://*.kaspersky.com.tr https://*.kaspersky.co.za https://*.kaspersky.nl https://*.kaspersky.ca https://*.kaspersky.pt https://*.kaspersky.se https://w.usabilla.com/ https://assets.adobedtm.com/ https://www.google.com/ https://www.gstatic.com/ https://connect.facebook.net https://tag.manager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://app-sj06.marketo.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com/ https://*.kaspersky.com https://sjs.bizographics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/; img-src 'self' data: blob: https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.es https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.de https://*.kaspersky.com.br https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.ru https://*.kaspersky.com.tr https://*.kaspersky.co.za https://*.kaspersky.nl https://*.kaspersky.ca https://*.kaspersky.pt https://*.kaspersky.se https://stats.g.doubleclick.net https://d1kp62tmkcwst6.cloudfront.net https://d3ass165nxjjtc.cloudfront.net https://d2d71ww1r7pqep.cloudfront.net/ https://www.google.com/ https://www.google.ru https://d1umau8mhdr8o0.cloudfront.net/ https://*.omtrdc.net https://media.kasperskycontenthub.com https://media.threatpost.com https://media.kasperskydaily.com https://www.google-analytics.com https://www.facebook.com https://app-sj06.marketo.com https://www.googletagmanager.com/ https://dpm.demdex.net/ https://ssl.gstatic.com/ https://px.ads.linkedin.com/collect https://www.linkedin.com/px/; style-src 'self' 'unsafe-inline' https://go.kaspersky.com https://app-sj06.marketo.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://www.gstatic.com/; connect-src 'self' https://consentcdn.cookiebot.com https://*.kaspersky.com https://*.kaspersky.com.au https://*.kaspersky.es https://*.kaspersky.co.jp https://*.kaspersky.co.uk https://*.kaspersky.de https://*.kaspersky.com.br https://*.kaspersky.fr https://*.kaspersky.it https://*.kaspersky.ru https://*.kaspersky.com.tr https://*.kaspersky.co.za https://*.kaspersky.nl https://*.kaspersky.ca https://*.kaspersky.pt https://*.kaspersky.se https://googleads.g.doubleclick.net https://*.google.com wss://echo.2050.earth:5001 https://echo.2050.earth:5001 https://fonts.gstatic.com/ https://www.gstatic.com/ https://dpm.demdex.net/ https://www.google-analytics.com https://kaspersky.d3.sc.omtrdc.net/;frame-src 'self' https://www.podbean.com/ https://consentcdn.cookiebot.com https://sketchfab.com/ https://www.youtube.com https://go.kaspersky.com https://www.google.com https://app-sj06.marketo.com https://kaspersky.demdex.net https://www.facebook.com/; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; worker-src blob:; child-src blob: gap: 1
frame-ancestors 'self' https://reportgateway.saas.mrisoftware.com; 1
connect-src 'self' ;frame-ancestors 'self' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vran.as; img-src 'self' https: data: blob: https://vran.as; style-src 'self' https://vran.as 'nonce-N3qTsOL+ahFAqYLK9Lu6Kw=='; media-src 'self' https: data: https://vran.as; frame-src 'self' https:; manifest-src 'self' https://vran.as; connect-src 'self' data: blob: https://vran.as https://s3-us-west-1.amazonaws.com wss://vran.as; script-src 'self' https://vran.as; child-src 'self' blob: https://vran.as; worker-src 'self' blob: https://vran.as 1
default-src 'self'; base-uri 'self'; script-src 'nonce-9ea5f815081a262d364754e1575f46d9' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.elitepartner.at https://tms.elitepartner.at https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; child-src 'none'; script-src 'self'; object-src 'self'; frame-ancestors 'none'; 1
frame-ancestors 'self' https://www.topcc.ch; 1
default-src: self 1
frame-ancestors 'self' https://flocktory.com https://*.flocktory.com https://webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
font-src fonts.gstatic.com data: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.bootstrapcdn.com *.g.doubleclick.net *.heatmap.it *.tawk.to *.tawk.link cdn.jsdelivr.net *.klevu.com *.ksearchnet.com wurfl.io *.affirm.com *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.paypal.com *.static.klaviyo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.baindepot.com *.bathdepot.com *.bathdepot.ca *.facebook.com *.hotjar.com *.hotjar.io *.google.com *.google.ca www.googleapis.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.vimeo.com vimeo.com *.affirm.com *.jotform.com *.jotfor.ms *.jotform.io *.canadapost.ca https://sso.epost.ca 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.ytimg.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.google.ca www.googleapis.com www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.affirm.com *.affirm.ca *.booxi.com https: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.online-metrix.net *.addthis.com *.houzz.com *.facebook.com *.facebook.net *.signifyd.com *.moneris.com optimize.google.com *.hotjar.com *.hotjar.io *.heatmap.it heatmap.it *.trackedlink.net *.dotdigital.com *.copami.com ajax.cloudflare.com *.dotdigital-pages.com *.demdex.net *.tawk.to *.tawk.link cdn.jsdelivr.net *.klevu.com *.ksearchnet.com wurfl.io *.g.doubleclick.net *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.dotmailer-surveys.com *.paypal.com *.vimeo.com vimeo.com *.jotform.com *.jotfor.ms *.jotform.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: blob: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com maps.googleapis.com *.affirm.com *.affirm.ca *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.google-analytics.com www.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.facebook.com *.facebook.net *.ggpht.com imgs.signifyd.com *.addthis.com *.online-metrix.net *.abmr.net *.paypalobjects.com *.trackedlink.net online.swagger.io *.heatmap.it *.ytimg.com *.bing.com *.tawk.to *.tawk.link *.jsdelivr.net ajax.cloudflare.com *.klevu.com *.ksearchnet.com wurfl.io *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.dotmailer-surveys.com *.paypal.com *.jotform.com *.jotfor.ms *.jotform.io *.adentifi.com *.klaviyo.com *.static-tracking.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ mageside.com *.canadapost.ca https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com https://www.gstatic.com/recaptcha/ *.google.com *.google.ca *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com maps.googleapis.com developers.google.com *.affirm.com *.affirm.ca 'unsafe-eval' 'unsafe-inline' *.baindepot.com *.bathdepot.com *.bathdepot.ca www.googleadservices.com *.g.doubleclick.net www.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net t.trackedlink.net *.noibu.com *.addthisedge.com *.addthis.com z.moatads.com *.online-metrix.net *.signifyd.com *.trackedlink.net *.trackedweb.net *.heatmap.it *.hotjar.com *.hotjar.io *.bing.com *.dotdigital.com *.comapi.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com *.dotdigital-pages.com *.ksearchnet.com *.klevu.com wurfl.io *.paypal.com *.dotmailer-surveys.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.aptrinsic.com *.jotform.com *.jotfor.ms *.jotform.io *.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms *.trackedlink.net *.trackedweb.net *.ddlnk.net debug-tracking.dotdigital.internal https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.baindepot.com *.bathdepot.com *.bathdepot.ca maxcdn.bootstrapcdn.com *.klevu.com *.google.com *.google.ca fonts.googleapis.com www.googleapis.com *.heatmap.it *.ksearchnet.com *.affirm.com *.jsdelivr.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai wurfl.io *.paypal.com *.aptrinsic.com *.jotfor.ms *.jotform.io *.klaviyo.com https://static.klaviyo.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.affirm.com *.affirm.ca wss: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.g.doubleclick.net *.hotjar.com *.hotjar.io *.noibu.com *.addthis.com *.facebook.com *.facebook.net *.signifyd.com bt.signifyd.com:11103 *.trackedweb.net *.demdex.net *.comapi.com *.tawk.to *.tawk.link *.klevu.com *.ksearchnet.com wurfl.io *.jsdelivr.net *.cloudflare.com bat.bing.com *.google-analytics.com *.google.com *.google.ca www.googleapis.com maps.googleapis.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.paypal.com *.jotform.com *.jotfor.ms *.jotform.io *.trackedlink.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ webchat.dotdigital.com webchat.staging.dotdigital.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl accounts.google.com www.google.com *.googlesyndication.com *.trustpilot.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com https://acdn.adnxs.com *.ampproject.net *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * data: blob: 'self'; script-src * https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 1
block-all-mixed-content; frame-ancestors *.agroline.com.br 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.arthis.it *.accenturehrservices.it;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accenturehrservices.it *.accenture.com *.arthis.it www.googletagmanager.com *.google-analytics.com https://code.jquery.com *.ferrero.com remote.captcha.com *.tiny.cloud https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.datatables.net *.datadoghq-browser-agent.com;img-src 'self' *.accenture.com *.arthis.it *.accenturehrservices.it *.tiny.cloud sp.tinymce.com *.fondogommaplastica.it https://fondofonte.it https://fondopegaso.it https://fondoposte.it https://fonchim.it https://www.fondimatica.it *.ferrero.com data:;connect-src 'self' *.accenture.com *.arthis.it *.accenturehrservices.it *.google-analytics.com *.ferrero.com https://rum.browser-intake-datadoghq.com *.datadoghq.com data:;block-all-mixed-content;upgrade-insecure-requests;font-src 'self' *.accenture.com *.arthis.it *.ferrero.com use.fontawesome.com cdnjs.cloudflare.com *.gstatic.com *.tiny.cloud https://fonts.googleapis.com data:;style-src 'self' 'unsafe-inline' *.accenture.com *.arthis.it *.ferrero.com use.fontawesome.com *.gstatic.com *.tinymce.com *.tiny.cloud webstation3.h3g.it https://fonts.googleapis.com cdnjs.cloudflare.com www.fondimatica.it cdn.datatables.net stackpath.bootstrapcdn.com;frame-src 'self' https://*.microsoftonline.com https://*.accenture.com  lucystarter: frame-ancestors 'none' 1
connect-src 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://app.obi4wan.ai/api/ https://cloudstatic.obi4wan.com/api/ https://chatapi.obi4wan.com/api/ https://*.pusher.com/pusher/ https://sockjs-eu.pusher.com/pusher/ wss://ws-eu.pusher.com/app/ https://obipubvideo.s3.eu-central-1.amazonaws.com https://youtu.be https://youtube.com https://www.youtube.com https://include.timeblockr.com https://*.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com https://nieuwegein.piwik.pro; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://surveys.enalyzer.com https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://geoserver.nieuwegein.nl https://nieuwegein.containers.piwik.pro; img-src 'self' https://cdn-eu.readspeaker.com https://cloudstatic.obi4wan.com https://s3-eu-west-1.amazonaws.com/obipub/ https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://include.timeblockr.com data: https://nieuwegein.piwik.pro; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; script-src 'self' https://cdn-eu.readspeaker.com https://stats.pusher.com/timeline/ https://js.pusher.com/4.1/ https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com/api/ https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://include.timeblockr.com https://shared.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com 'unsafe-eval' 'unsafe-inline' data: https://nieuwegein.piwik.pro https://nieuwegein.containers.piwik.pro 'report-sample'; style-src 'self' https://cdn-eu.readspeaker.com https://fonts.googleapis.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'unsafe-inline' data: 'report-sample'; font-src 'self' https://fonts.gstatic.com https://include.timeblockr.com data:; object-src 'self' https://youtube.com https://www.youtube.com; report-to csp; child-src 'self' blob:; default-src 'self'; frame-ancestors 'self' https://www.nieuwegein.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' ; img-src 'self' data: https:  1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-dc0af3dc8099453e987996254f3c4915' 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://tagmanager.google.com/ https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://www.grantthornton.in/ https://*.googletagmanager.com; img-src 'self' data: https://gjtrack.ucweb.com/ https://assets.grammarly.com/ https://www.moneycontrol.com/ https://www.facebook.com/ https://translate.google.com/ https://www.gstatic.com/  https://px4.ads.linkedin.com https://px.ads.linkedin.com/ https://cdn.shopify.com/ https://user-images.githubusercontent.com/ https://p.adsymptotic.com/ https://www.linkedin.com/ https://app.getsitecontrol.com/ https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://c.clarity.ms/ https://c.bing.com/ https://px.ads.linkedin.com https://ton.twimg.com/ https://www.moneycontrol.com/ https://www.google.com.vn https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://ton.twimg.com/; font-src 'self' data: https://static3.avast.com/ https://at.alicdn.com/ https://fonts.gstatic.com; frame-src https://www.grantthornton.in/ https://mozbar.moz.com/ https://www.googletagmanager.com https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://syndication.twitter.com/ https://flo.uri.sh/ https://anchor.fm/ https://campaign.grantthornton.in/ https://view.ceros.com/ https://www.facebook.com/ https://podcasters.spotify.com/; connect-src 'self' https://maps.googleapis.com/ https://*.analytics.google.com/ https://www.googletagmanager.com/ https://plugin.ucads.ucweb.com/ https://gjtrack.ucweb.com/ https://*.google-analytics.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://extreme-ip-lookup.com https://stats.g.doubleclick.net https://www.clarity.ms/ https://clientapi.passle.net/ https://analytics.google.com/ https://cdn.linkedin.oribi.io/ https://*.googletagmanager.com; 1
frame-ancestors 'self' https://*.shedul.com 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.nl https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-gtm-7a6a5439-6655-4b2b-9691-27e84d8110bc' 'nonce-seed-6f5f07dc-bda6-4902-afad-7adac3c0ea10' 'nonce-prefetech-baab3ce1-dc38-4634-afaa-0ac16783c3b6' 'nonce-tapfiliate-5b3a591b-5939-4bd0-bd50-7ed8a793b674' 'nonce-matomo-3c5cb014-288c-4cb4-b51e-090dd098eaa5' 'nonce-helpscout-663f53d8-4af8-4f98-ad63-a0e15114d5af';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.nl https://matomo.resumedia.com https://*.tapfiliate.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 1
default-src 'self' *.google.com *.bing.com *.clarity.ms *.facebook.com *.facebook.net *.youtube.com *.googleadservices.com *.gstatic.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.i-parcel.com *.fbcdn.net *.hotjar.com *.hotjar.io *.zoominfo.com *.zi-scripts.com *.clickagy.com *.pusher.com *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.ssl-images-amazon.com *.media-amazon.com *.cloudfront.net *.simplifi.io wss://*.hotjar.com wss://*.pusher.com https://in.getclicky.com;script-src 'self' 'unsafe-inline' *.google.com *.bing.com *.clarity.ms *.facebook.com *.facebook.net *.youtube.com *.googleadservices.com *.gstatic.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.i-parcel.com *.fbcdn.net *.hotjar.com *.hotjar.io *.zoominfo.com *.zi-scripts.com *.clickagy.com *.pusher.com *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.ssl-images-amazon.com *.media-amazon.com *.cloudfront.net *.simplifi.io wss://*.hotjar.com wss://*.pusher.com https://in.getclicky.com;child-src 'self' https://mdgcs.com *.google.com *.mdgcs.com *.facebook.com *.youtube.com *.doubleclick.net *.authorize.net *.amazon.com *.payments-amazon.com *.fbcdn.net *.hotjar.com *.hotjar.io *.hs-sites.com *.clickagy.com;frame-src 'self' https://mdgcs.com *.google.com *.mdgcs.com *.facebook.com *.youtube.com *.doubleclick.net *.authorize.net *.amazon.com *.payments-amazon.com *.fbcdn.net *.hotjar.com *.hotjar.io *.hs-sites.com *.clickagy.com;frame-ancestors 'self' *.digiumcloud.net;style-src 'self' 'unsafe-inline' *.google.com *.bing.com *.clarity.ms *.facebook.com *.facebook.net *.youtube.com *.googleadservices.com *.gstatic.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.i-parcel.com *.fbcdn.net *.hotjar.com *.hotjar.io *.zoominfo.com *.zi-scripts.com *.clickagy.com *.pusher.com *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.ssl-images-amazon.com *.media-amazon.com *.cloudfront.net *.simplifi.io wss://*.hotjar.com wss://*.pusher.com https://in.getclicky.com;img-src 'self' data: *.google.com *.bing.com *.clarity.ms *.facebook.com *.facebook.net *.youtube.com *.googleadservices.com *.gstatic.com *.getclicky.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.i-parcel.com *.fbcdn.net *.hotjar.com *.hotjar.io *.zoominfo.com *.zi-scripts.com *.clickagy.com *.pusher.com *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.ssl-images-amazon.com *.media-amazon.com *.cloudfront.net *.simplifi.io wss://*.hotjar.com wss://*.pusher.com https://in.getclicky.com;object-src 'none' 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://dynatraceprd.cpfl.com.br:9999 https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://www.clarity.ms https://v.clarity.ms https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com 1
default-src 'self' https://webx-amegafx-account-develop.lux.kube.xbet.lan http://localhost:3000;base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-8faffddb-eae6-4b00-88b5-b2c8933e90f4' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://*.doubleclick.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://s.adroll.com ajax.cloudflare.com static.cloudflareinsights.com https://*.amega.finance/cdn-cgi/apps/ https://*.amega.finance/cdn-cgi/challenge-platform/ https://feedier.com/js/widgets/   https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.tradays.com https://metatraderweb.app/trade https://d.adroll.com https://widget.trustpilot.com https://a.mgid.com https://my.zadarma.com;connect-src 'self' https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://*.cloudflareinsights.com https://api.feedier.com/v1/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-fr.onetrust.com https://*.doubleclick.net/ https://translate.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://www.facebook.com https://d.adroll.com https://trc-events.taboola.com https://trc.taboola.com https://*.analytics.google.com https://api.iplocation.net/ https://*.eskimi.com wss://api.amega.finance https://api.amega.finance http://col.site24x7rum.eu https://*.google-analytics.com/ https://*.googlesyndication.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartlook.com https://*.smartlook.cloud https://gist-queue-consumer-api.cloud.gist.build https://my.zadarma.com https://app.bugyard.io https://tr-shadow.snapchat.com https://tr.snapchat.com *.snapchat.com;frame-ancestors 'self' https://webx-amegafx-account-develop.lux.kube.xbet.lan http://localhost:3000 https://client.amega.finance;media-src data: 'self' https://js.intercomcdn.com;frame-src 'self' https://*.doubleclick.net/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://fdier.co/ https://metatraderweb.app/trade/ https://www.tradays.com/ https://www.mql5.com/ https://www.googletagmanager.com https://widget.trustpilot.com https://intercom-sheets.com https://app.adroll.com https://www.facebook.com https://metatraderweb.app https://renderer.gist.build https://code.gist.build https://tr.snapchat.com;img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.doubleclick.net/ https://www.google.com https://www.google.by https://ade.googlesyndication.com https://fonts.gstatic.com https://cdn.cookielaw.org/ https://optanon.blob.core.windows.net https://www.amega.blog https://translate.google.com https://my.amega.finance https://ssl.google-analytics.com https://translate.googleapis.com https://ipv4.d.adroll.com https://www.microsofttranslator.com https://www.google.co.jp https://www.facebook.com https://d.adroll.com https://a.mgid.com https://cds.taboola.com https://trc.taboola.com https://secure.adnxs.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://connect.facebook.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://us-u.openx.net https://q.quora.com http://site24x7ru.eu https://track-eu.customer.io https://content.mql5.com https://www.google.com.cy https://*.google-analytics.com/ https://*.googlesyndication.com/ https://sync.srv.stackadapt.com https://my.zadarma.com https://tr.snapchat.com;object-src 'none';report-uri;font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://feedier.com;child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;style-src 'self' 'unsafe-inline' www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://feedier.com/css/ https://cdn.cookielaw.org https://translate.googleapis.com https://my.zadarma.com;manifest-src 'self';worker-src 'self' 1
frame-ancestors https://*.wgihuntsmart.com/ https://*.authorize.net/ https://authorize.net/ 1
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://plausible.io https://*.plausible.io 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://plausible.io https://*.plausible.io; font-src 'self' https://fonts.gstatic.com; img-src * data:; 1
report-uri https://dcri.org 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://ws.botmaker.com/ 1
script-src 'self' *.episerver.net *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.nl *.licdn.com *.hotjar.com *.ipify.org *.doubleclick.net *.linkedin.com *.azure.com *.vimeo.com *.youtube.com *.acast.com *.spotify.com 'unsafe-eval' 'unsafe-inline';img-src 'self' *.google.com *.google-analytics.com *.google.nl *.linkedin.com data: https:;frame-ancestors 'self' *.vimeo.com *.youtube.com *.acast.com *.spotify.comfont-src 'self' data:; 1
frame-ancestors 'self' wa.gov.au www.wa.gov.au 1
frame-ancestors *.intrcity.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline' hello.myfonts.net; img-src 'self' data: www.pdaa.edu.ua gallery.pdaa.edu.ua i.ytimg.com https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'self'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com  *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net static.hotjar.com *.matomo.cloud *.hotjar.com googleads.g.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com cookie-cdn.cookiepro.com www.facebook.com vandemoortele.getbynder.com www.google.com www.google.es www.google.at www.google.it www.google.de www.google.fr www.google.se vandemoortele.matomo.cloud www.google.be px.ads.linkedin.com adservice.google.com www.google.pl www.google.cl *g.doubleclick.net pubads.g.doubleclick.net *amazonaws.com; media-src 'self'; frame-src 'self' *.youtube.com td.doubleclick.net; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' data: cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com privacyportal.cookiepro.com stats.g.doubleclick.net vc.hotjar.io www.google.com google.com www.google.be google.be px.ads.linkedin.com adservice.google.com www.facebook.com cdnjs.cloudflare.com region1.analytics.google.com analytics.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' terapify.com *.terapify.com wss://flash.terapify.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' terapify.com *.terapify.com wss://flash.terapify.com *.stripe.com *.paypal.com *.reamaze.com terapify.reamaze.io wss://ws.reamaze.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.doubleclick.net *.doubleclick.net connect.facebook.net *.posthog.com *.hotjar.com vc.hotjar.io *.clarity.ms *.hubspot.com api.hubapi.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com *.googleadservices.com vercel.live vitals.vercel-insights.com rum-http-intake.logs.datadoghq.com onesignal.com *.onesignal.com *.hsforms.net *.vimeo.com *.youtube-nocookie.com terapify.com *.terapify.com wss://flash.terapify.com slick-font-optimized.vercel.app *.googleapis.com use.fontawasome.com fonts.gstatic.com cdn.reamaze.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleoptimize.com *.googlesyndication.com logs.browser-intake-datadoghq.com;               connect-src 'self' terapify.com *.terapify.com wss://flash.terapify.com *.stripe.com *.paypal.com *.reamaze.com terapify.reamaze.io wss://ws.reamaze.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.doubleclick.net *.doubleclick.net connect.facebook.net *.posthog.com *.hotjar.com vc.hotjar.io *.clarity.ms *.hubspot.com api.hubapi.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com *.googleadservices.com vercel.live vitals.vercel-insights.com rum-http-intake.logs.datadoghq.com onesignal.com *.onesignal.com *.hsforms.net *.vimeo.com *.youtube-nocookie.com terapify.com *.terapify.com wss://flash.terapify.com slick-font-optimized.vercel.app *.googleapis.com use.fontawasome.com fonts.gstatic.com cdn.reamaze.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleoptimize.com *.googlesyndication.com logs.browser-intake-datadoghq.com terapify.com *.terapify.com wss://flash.terapify.com *.hsforms.net *.hsforms.com js.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;               img-src 'self' data: terapify.com *.terapify.com wss://flash.terapify.com terapify-images-resources.s3.us-east-2.amazonaws.com terapify-badges.s3.amazonaws.com terapify.s3.amazonaws.com terapify-enterprises-test.s3.amazonaws.com terapify-enterprises.s3.amazonaws.com terapify-cms.s3.amazonaws.com terapify-cms-dev.s3.amazonaws.com forms.hsforms.com forms-na1.hsforms.com assets.vercel.com cdn.reamaze.com secure.gravatar.com c.clarity.ms *.google.com *.google-analytics.com *.facebook.com track.hubspot.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com perf-na1.hsforms.com;               font-src 'self' terapify.com *.terapify.com wss://flash.terapify.com slick-font-optimized.vercel.app *.googleapis.com use.fontawasome.com fonts.gstatic.com cdn.reamaze.com;               style-src * 'self' 'unsafe-inline' terapify.com *.terapify.com wss://flash.terapify.com terapify.com *.terapify.com wss://flash.terapify.com slick-font-optimized.vercel.app *.googleapis.com use.fontawasome.com fonts.gstatic.com cdn.reamaze.com;               media-src 'self' terapify.com *.terapify.com wss://flash.terapify.com *.reamaze.com;               form-action 'self' terapify.com *.terapify.com wss://flash.terapify.com *.hsforms.net *.hsforms.com js.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;               frame-ancestors 'self' terapify.com *.terapify.com wss://flash.terapify.com *.hsforms.net *.hsforms.com js.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;               frame-src 'self' terapify.com *.terapify.com wss://flash.terapify.com td.dobleclick.ne *.hsforms.net js.hubspot.com vercel.live terapify.reamaze.com td.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; 1
frame-ancestors 'self' https://tablet.leguano.eu https://leguano-tablet.xmnr.net; frame-src *; img-src * data: blob:; upgrade-insecure-requests; 1
font-src *.sagepay.com *.finance-calculator.co.uk https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com ecclients.btrl.ro bofp.erstebank.hu 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sagepay.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com www.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com *.finance-calculator.co.uk *.dekopay.com 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.finance-calculator.co.uk *.dekopay.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline assets.braintreegateway.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com connect.facebook.net graph.facebook.com *.paypal.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.finance-calculator.co.uk *.dekopay.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com  pay.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com pay.google.com *.google.com *.apple.com *.cloudflare.com *.sportsmanguncentre.co.uk *.sharethis.com *.loadbee.com *.matomo.cloud secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.goodrx.com https://leads-api.grxweb.com https://event.formsort.com https://assets.formsort.com https://variant.formsort.com https://flow.formsort.com https://usercontent.formsort.com https://api.flow.formsort.com https://formsort-answers-prod.s3-accelerate.amazonaws.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://cmp.osano.com https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://www.recaptcha.net https://*.segment.com https://*.segment.io https://*.speedcurve.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://sentry.io https://o210177.ingest.sentry.io https://www.grxstatic.com https://www.facebook.com https://connect.facebook.net https://di.rlcdn.com https://www.a3beghatrk.com; report-uri https://o17108.ingest.sentry.io/api/5215720/security/?sentry_key=bfcc0d884fca4a1880e78f18cefd9c21 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-VUNSUUpFMHEwRWk0MmRKMFRFTmRzT0hCR0IyMFI4ZkVpNU8wZ0ZIeTF4cz06RW10bUVoeDk1QkhPcllGQU9BMHRnWXoxTFh6ZWRyM3lzdXJ1MW1MR25ubz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
frame-ancestors 'self' https://stichtsevecht.nl https://kaarten.stichtsevecht.nl; 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' flickr.com accounts.google.com optimize.google.com platform.twitter.com *.cookielaw.org cdn.cookielaw.org www.dev-com.repsol.com  www.repsol.com www.dev-net.repsol.com *.google-analytics.com *.analytics.google.com maps.googleapis.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com www.googleadservices.com googleads.g.doubleclick.net cdn.krxd.net connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com www.google.com www.recaptcha.net www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; child-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
frame-ancestors 'self' www.kingstongrand.ca kingstongrand.ca https://kingstongrand.ca https://secure1.tixhub.com 1
default-src 'self' https://gateway.eiendomsmegler1.no/graphql https://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://*.googleapis.com/ https://www.test.sparebank1.no/api/tracking/webbehavior https://www.sparebank1.no/api/tracking/webbehavior https://services.cicero.no https://www.test.sparebank1.no/personal/banking/consent/cookies/identity https://www.sparebank1.no/personal/banking/consent/cookies/identity; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; script-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com www.googleadservices.com connect.facebook.net/ http://tb.de17a.com/ https://track.adform.net/ https://s2.adform.net/ https://googleads.g.doubleclick.net/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://services.cicero.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://services.cicero.no/sparebank1-calculators/1/content/font-awesome/css/font-awesome.min.css 'unsafe-inline' data:; img-src 'self' https://images.em1.no/ https://images-test.em1.no/ https://images.devaws.em1.no/ https://images.em1.dev https://images.eiendomsmegler1.no www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://www.facebook.com/ https://connect.facebook.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.ggpht.com/ https://www.sparebank1.no/ data:; font-src 'self' https://fonts.gstatic.com https://services.cicero.no/sparebank1-calculators/1/content/font-awesome/fonts/ data:; frame-src *; frame-ancestors 'self' *.eiendomsmegler1.no; 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.webvisor.com webvisor.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.blueghost.cz *.securenet.cz *.google.com *.youtube.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.vimeocdn.com *.gstatic.com *.ytimg.com 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.webcamsliveshow.com:9080 www.webcamsliveshow.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.webcamsliveshow.com wss://www.webcamsliveshow.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705973794 1
default-src 'self' cdn.wcc.heine.at https://cdn.wcc.heine.at/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine.at fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine.at/graphql cdn.wcc.heine.at cdn.witt.info/ images.ctfassets.net te.heine.at tp.heine.at wasp.heine.at wst.heine.at *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine.at https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.heine.at www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.heine.at checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine.at *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.heine.at cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine.at *.dixa.io;    worker-src 'self' cdn.wcc.heine.at blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.yoast.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.pifworld.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.dialogflow.com *.recaptcha.net *.doubleclick.net *.prismic.io prismic.io *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net *.googleadservices.com *.facebook.com *.googleapis.com *.google.com *.gstatic.com *.google.ca blob:; img-src 'self' *.gstatic.com *.prismic.io www.googletagmanager.com fonts.gstatic.com *.recaptcha.net *.doubleclick.net *.bing.com *.google.com *.google-analytics.com *.facebook.com *.amazonaws.com data:; frame-src 'self' *.adsensecustomsearchads.com *.doubleclick.net *.youtube.com *.prismic.io 1
default-src 'self' www.google.com www.youtube.com player.vimeo.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com; font-src * data:;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com maps.gstatic.com unpkg.com www.google.com www.gstatic.com; style-src * 'unsafe-inline'; object-src 'none' 1
frame-ancestors www-dev.redcapcloud.com 1
default-src https: wws: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' customer.canadalife.co.uk; connect-src * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.lgbt; img-src 'self' https: data: blob: https://toot.lgbt; style-src 'self' https://toot.lgbt 'nonce-GZSXOFl0kbvxlmO1trbkuA=='; media-src 'self' https: data: https://toot.lgbt; frame-src 'self' https:; manifest-src 'self' https://toot.lgbt; form-action 'self'; child-src 'self' blob: https://toot.lgbt; worker-src 'self' blob: https://toot.lgbt; connect-src 'self' data: blob: https://toot.lgbt https://media.toot.lgbt wss://toot.lgbt; script-src 'self' https://toot.lgbt 'wasm-unsafe-eval' 1
default-src 'none'; connect-src https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net  https://region1.analytics.google.com https://*.mediarithmics.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.thcdn.com https://asgard.thehut.net https://cpwidgets.thehut.net https://cdn.ampproject.org https://bat.bing.com https://www.facebook.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ampcid.google.com https://adservice.google.com https://the.sciencebehindecommerce.com https://sf-hs-sg.ibytedtos.com https://ct.pinterest.com; font-src 'self' https://blogscdn.thehut.net https://fonts.gstatic.com https://fonts.googleapis.com https://*.thcdn.com; form-action 'self' https://tr.snapchat.com https://connect.facebook.net https://www.facebook.com https://syndication.twitter.com https://survey.g.doubleclick.net; child-src 'self' https://*.contentsquare.net https://sightmill.com https://woobox.com https://ct.pinterest.com https://open.spotify.com https://www.tiktok.com https://widget.trustpilot.com https://gum.criteo.com https://static.criteo.net https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.instagram.com https://www.youtube.com https://vimeo.com https://tr.snapchat.com https://*.doubleclick.net https://www.pinterest.com; img-src https://*.contentsquare.net https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org  https://geolocation.onetrust.com https://sightmill.com https://*.contentsquare.net https://app.contentsquare.com  https://dynamic.criteo.com https://*.mediarithmics.com https://adservice.google.com https://*.ibytedtos.com https://geolocation.onetrust.com https://cdn.ampproject.org https://blogscdn.thehut.net https://*.thcdn.com https://cdn.woobox.com https://analytics.twitter.com/ https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://code.jquery.com/jquery-3.6.0.min.js https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://sc-static.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://static.criteo.net https://static.ads-twitter.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.instagram.com https://www.tiktok.com https://s16.tiktokcdn.com https://survey.g.doubleclick.net https://*.google.co.uk https://s.pinimg.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://blogscdn.thehut.net https://*.thcdn.com https://fonts.google.com https://fonts.googleapis.com https://s16.tiktokcdn.com; frame-ancestors 'self'; media-src 'self'; object-src 'none'; worker-src blob: 'self'; upgrade-insecure-requests; report-uri https://csp.thehut.net/blogs 1
frame-ancestors 'self' maxval.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self'; report-uri https://fsap.report-uri.com/r/t/csp/reportOnly; 1
frame-ancestors cms-api.more-commerce.com cms.more-commerce.com cms-admin.more-commerce.com cms-api.itopplus.com cms.itopplus.com cms-admin.itopplus.com backend.autodigi.net backendtest.autodigi.net 1
default-src 'self' http://*.amazonaws.com https://*.cardinalcommerce.com; script-src 'self' 'unsafe-inline' https://songbirdstag.cardinalcommerce.com https://*.cardinalcommerce.com https://www.google.com https://www.gstatic.com *; style-src 'self' 'unsafe-inline'; img-src 'self' https://whoson.hcportal.co.uk:8443 http://www.w3.org/2000/svg data:; font-src 'self'; frame-src 'self' https://*.cardinalcommerce.com/ https://www.google.com/ *; form-action *; 1
base-uri 'self';default-src 'self' *.kinocheck.de *.kinocheck.com *.youtube.com;script-src 'self' *.kinocheck.de *.kinocheck.com *.youtube.com 'nonce-e0vLbD2DHjPj+daM4U0Re7pNRmo=';style-src 'self' *.kinocheck.de *.kinocheck.com 'nonce-eODBDiIm8FmzirMNF8glfYScqVA=';frame-src 'self' *.youtube.com;form-action 'self' *.kinocheck.de *.kinocheck.com;object-src 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-dcadd32e413ddbb78795143c34d9594d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; img-src 'self' blob: data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http https: *.google.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' data: http: https: *.maphub.net; connect-src 'self' http: https: maps.googleapis.com 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'none'; base-uri 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://raw.githubusercontent.com https://avatars.githubusercontent.com data:; manifest-src 'self'; report-uri https://o4506079462883328.ingest.sentry.io/api/4506079469109248/security/?sentry_key=3a6619f011261703a8753f79cd244ca4; style-src 'self' 'unsafe-inline' 1
object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             blob:             cdn.consentmanager.net             https://delivery.consentmanager.net             https://*.delivery.consentmanager.net             https://*.googletagmanager.com             www.googleadservices.com             www.google.com             https://www.google-analytics.com             https://*.g.doubleclick.net             https://maps.googleapis.com         ;         img-src 'self' data:             cdn.consentmanager.net             https://delivery.consentmanager.net             https://*.delivery.consentmanager.net             https://*.googletagmanager.com             https://*.analytics.google.com             https://*.google.com             https://*.google.de             https://*.google-analytics.com             https://*.g.doubleclick.net             https://maps.googleapis.com             https://maps.gstatic.com             https://*.tile.openstreetmap.org         ;         connect-src 'self'             https://*.delivery.consentmanager.net             https://*.googletagmanager.com             https://*.analytics.google.com             https://*.google.com             https://*.google.de             https://*.google-analytics.com             https://*.g.doubleclick.net             https://maps.googleapis.com         ; 1
default-src 'self' www.bolsasymercados.es 'unsafe-inline' 'unsafe-eval' data: *.typekit.net *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.gstatic.com *.googleapis.com cdn.cookielaw.org *.onetrust.com i1.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.twimg.com *.twitter.com twitter.com https://www.bolsasymercados.es wss://www.bolsasymercados.es;base-uri 'self';form-action 'self' *.twitter.com;frame-ancestors 'self'; 1
frame-ancestors 'self' https://sphere.canamgroupinc.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net http://www.googletagservices.com https://www.googletagservices.com https://www.google-analytics.com/ http://www.google-analytics.com https://ssl.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com http://www.googletagmanager.com http://www.liveinternet.ru https://www.liveinternet.ru http://vk.com https://vk.com https://login.vk.com http://ok.ru https://connect.ok.ru http://graph.facebook.com http://share.yandex.ru https://share.yandex.ru http://connect.mail.ru http://urls.api.twitter.com http://site.yandex.net http://counter.rambler.ru https://yastatic.net https://mc.yandex.ru http://clck.yandex.ru http://mc.yandex.ru https://mc.yandex.ru https://yandex.ru https://yandex.ru/ https://site.yandex.net https://sitesearch-suggest.yandex.ru https://adservice.google.com.ua  https://adservice.google.com  https://adservice.google.com.ru  https://partner.googleadservices.com  https://tpc.googlesyndication.com  https://mc.yandex.ru https://adservice.google.ru  https://pagead2.googlesyndication.com ;child-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net  https://tpc.googlesyndication.com; 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ *.everviz.com/resources/css/ *.everviz.com/static/fonts/;script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com/api/player.js static.ws.apsis.one dev.virtualearth.net siteimproveanalytics.com *.highcharts.com *.everviz.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ polyfill.io/v3/polyfill.min.js cdn.jsdelivr.net/npm/mathjax@3/es5/ online4.superoffice.com;img-src 'self' data: http://mt1.google.com wms.geonorge.no opencache.statkart.no/gatekeeper/gk/gk.open_wmts *.google.com *.openstreetmap.org *.virtualearth.net *.siteimproveanalytics.io https://www.navlab.net/images/ https://avas.aventia.no/;font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/bootstrap/ cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ *.everviz.com/static/fonts/;frame-src 'self' *.vimeo.com https://vimeo.com *.youtube.com *.facebook.com *.soundcloud.com *.everviz.com ffi.easycruit.com https://www.google.com/recaptcha/ https://avas.aventia.no/ form.apsis.one online4.superoffice.com;base-uri 'self';form-action 'self' forsvaretsforskningsinstitutt.mailmojo.no;object-src 'none';connect-src 'self' opencache.statkart.no ogc.ffi.no *.highcharts.com *.everviz.com https://audience.ws.apsis.one/; 1
script-src 'self' 'unsafe-inline' https://api.signalize.com https://static.b-ite.com https://cs-assets.b-ite.com https://www.deutsches-ausschreibungsblatt.de https://maps.niederrhein-tourismus.de https://code.jquery.com cdn.jsdelivr.net code.etracker.com f1-eu.readspeaker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' f1-eu.readspeaker.com 1
default-src 'self' *.marum.de *.youtube.com https://maps.googleapis.com https://www.youtube-nocookie.com https://publications.marum.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.marum.de https://maps.googleapis.com; img-src 'self' https://i.ytimg.com *.googleapis.com *.gstatic.com data: *.google.com; frame-src 'self' *.youtube.com *.marum.de https://www.youtube-nocookie.com; worker-src 'self' blob:; font-src 'self' *.gstatic.com 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline' 'self' 1
default-src 'none'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://cdn.worldpay.com https://eu-prod.oppwa.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://eu-prod.oppwa.com https://fonts.googleapis.com; img-src 'self' blob: https://www.google-analytics.com/collect https://connect-static.s3.eu-west-2.amazonaws.com https://img.parentzone.me false https://api.parentzone.me https://api.iconnectdaily.net data:; connect-src https://api.parentzone.me 'self' blob: https://eu-prod.oppwa.com https://*.google-analytics.com/g/collect https://google-analytics.com/g/collect https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src *; prefetch-src 'self'; manifest-src 'self'; frame-ancestors 'none'; media-src https://api.parentzone.me https://api.iconnectdaily.net 'self' blob: 1
frame-ancestors 'self' http://*.ceca.es https://*.cecabank.es https://*.ceca.es https://*.ticketea.com http://*.ticketea.com http://boteloteppg.com http://*.boteloteppg.com http://botelotenexaautocolor.com http://*.botelotenexaautocolor.com http://botelotemaxmeyer.com http://*.botelotemaxmeyer.com https://www.aosom.es https://aosom.es https://www.contrasena.regaloedenred.es https://contrasena.regaloedenred.es https://www.regaloedenred.es https://regaloedenred.es https://www.bono.regaloedenred.es https://bono.regaloedenred.es https://www.pin.regalopass.es https://pin.regalopass.es https://www.regalopass.es https://regalopass.es https://santacecilia.es https://www.santacecilia.es https://cofre.regalopass.es; child-src 'self' http://*.ceca.es https://*.cecabank.es https://*.ceca.es https://*.ticketea.com http://*.ticketea.com https://youtube.com https://www.youtube.com https://consentcdn.cookiebot.com https://*.vinea.es https://*.redsys.es https://*.cardinalcommerce.com https://www.aosom.es https://aosom.es https://www.contrasena.regaloedenred.es https://contrasena.regaloedenred.es https://www.regaloedenred.es https://regaloedenred.es https://www.bono.regaloedenred.es https://bono.regaloedenred.es https://www.pin.regalopass.es https://pin.regalopass.es https://www.regalopass.es https://regalopass.es https://santacecilia.es https://www.santacecilia.es https://cofre.regalopass.es; 1
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' https://assets.voyado.com https://www.googletagmanager.com https://sst.gullfunn.no https://policy.app.cookieinformation.com https://js.playground.klarna.com https://js.klarna.com https://s.pinimg.com https://gtm.adt313.net https://tb.de17a.com https://cdn.spinnaker-js.com https://sc-static.net https://bat.bing.com/bat.js https://connect.facebook.net https://analytics.tiktok.com https://static.zdassets.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://www.clarity.ms https://bat.bing.com https://tr.snapchat.com https://www.googleadservices.com https://chat.kindlycdn.com;style-src 'unsafe-inline' 'self' https://p.typekit.net;frame-src 'self' https://sst.gullfunn.no https://www.googletagmanager.com https://www.youtube.com https://js.playground.klarna.com https://js.klarna.com/ https://testlogin.gullfunn.no https://login.gullfunn.no https://ct.pinterest.com https://tr.snapchat.com/ https://td.doubleclick.net/ https://www.facebook.com https://policy.app.cookieinformation.com https://www.youtube-nocookie.com/; 1
img-src      'self' blob: https: data: 'unsafe-inline'  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;     script-src 'self' blob: https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval';     connect-src  'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.tawk.to;     frame-src    'self' https: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;     font-src     'self' https: data: 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 1
block-all-mixed-content; frame-ancestors *.thugnine.com.br 1
upgrade-insecure-requests; img-src data: https: ;font-src data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; default-src 'unsafe-inline' https: 1
frame-ancestors 'self' https://www.visitdenmark.dk https://*.www.visitdenmark.dk https://api.www.www.visitdenmark.dk 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.es 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.es; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.es; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.es images.fashiola.es cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors https://*.jusbrasil.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.amildental.com.br https://amildentalvenda.custhelp.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://docs.google.com https://wb.zoss.com.br https://polyfill.io https://go.botmaker.com https://storage.googleapis.com https://twemoji.maxcdn.com https://static.carroporassinatura.net https://cdn.jsdelivr.net wss://ws.botmaker.com https://m-infra.appspot.com https://amildentalvenda--tst1.custhelp.com https://amilsoaprdpub-oci.opc.oracleoutsourcing.com https://amilsoatstpub-oci.opc.oracleoutsourcing.com https://content.hotjar.io https://in.hotjar.com https://p1440786c1prd-store.occa.ocs.oraclecloud.com https://p1440786c1tst-store.occa.ocs.oraclecloud.com https://www.amildental.com.br https://experiments-prod-us.occa.ocs.oraclecloud.com https://visit-prod-us.occa.ocs.oraclecloud.com https://metrics.hotjar.io wss://ws.hotjar.com https://experiments-test-us.occa.ocs.oraclecloud.com https://visit-test-us.occa.ocs.oraclecloud.com https://recs-test.occa.us-phoenix-1.ocs.oraclecloud.com https://amildentalvenda.custhelp.com https://amilsoaprdpub-oci.opc.oracleoutsourcing.com https://analytics.tiktok.com https://analytics.twitter.com https://assets.pinterest.com https://c.oracleinfinity.io https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://dc.oracleinfinity.io https://event.getblue.io https://experiments-prod-us.occa.ocs.oraclecloud.com https://googleads.g.doubleclick.net https://log.pinterest.com https://recs.occa.us-phoenix-1.ocs.oraclecloud.com https://script.hotjar.com https://service.maxymiser.net https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://visit-prod-us.occa.ocs.oraclecloud.com https://widget.getblue.io https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.rnengage.com https://www.facebook.com https://geolocation.onetrust.com https://www.youtube.com https://privacyportal-br.onetrust.com https://ds-aksb-a.akamaihd.net https://vc.hotjar.io https://amildentalvenda--tst1.widget.custhelp.com https://amildentalvenda.widget.custhelp.com https://social-prod-us.occa.ocs.oraclecloud.com https://www.paypalobjects.com https://fonts.googleapis.com https://px.ads.linkedin.com https://info.amildentalvenda.com.br https://analytics.google.com https://www.googleadservices.com https://api.ipify.org https://www.google.com.br https://www.linkedin.com https://www.pagador.com.br https://fonts.gstatic.com data: blob: 1
frame-ancestors 'self' *.e-joburg.org.za; 1
default-src 'self'; img-src 'self' data: https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://pluginicons.craft-cdn.com/ https://embed.tawk.to https://tawk.link https://cdn.jsdelivr.net/emojione; style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.tawk.to; font-src 'self' embed.tawk.to fonts.gstatic.com data:; frame-src 'self' https://js.stripe.com/ https://www.youtube.com/ https://www.youtube.com/embed/ va.tawk.to; media-src 'self' embed.tawk.to tawk.link; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://boards-api.greenhouse.io https://cookie-cdn.cookiepro.com https://feed-proxy.craftcms.com https://api.craftcms.com *.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://js.stripe.com/v2/ https://cookie-cdn.cookiepro.com https://engie-energyaccess.us2.list-manage.com https://s3.amazonaws.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://boards-api.greenhouse.io https://boards.greenhouse.io https://embed.tawk.to https://cdn.jsdelivr.net/emojione/; report-uri https://sentry.payg.ee/api/12/security/?sentry_key=ee6e2e7c537a43c695b2954fed906fc6 1
frame-ancestors http://webvisor.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.ar13.cl https://*.13.cl https://*.t13.cl 1
frame-ancestors https://www.financnykompas.sk/ http://fk.webland.sk/ https://www.partnersinvestments.sk/ http://pi.webland.sk https://partnersinvestments.sk http://financnykompas.local http://kompas.local http://pibg.webland.sk https://partnersinvestments.bg https://www.partnersinvestments.bg https://uzitocna.pravda.sk https://widget.financnykompas.sk 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.pl/pl/report-uri/enforce 1
child-src 'self' ; frame-ancestors 'self';default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://web/imagens/clip_image_new.jpg  https://unpkg.com/ https://maps.googleapis.com https://www.gstatic.com/ https://jall.com.br/web/js/csrf.js https://ajax.googleapis.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://jall.com.br/ https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ https://www.google.com/ ; script-src-elem 'self' 'unsafe-inline' https://web/imagens/clip_image_new.jpg https://jall.com.br/ https://jall.com.br/web/js/csrf.js https://unpkg.com/ https://maps.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/  https://cdnjs.cloudflare.com/ https://www.google.com/  https://www.gstatic.com/ https://ajax.googleapis.com/ https://jall.com.br/ https://www.google-analytics.com/ https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ https://www.googletagmanager.com/; connect-src 'self' https://flashlog.jall.com.br https://maps.googleapis.com/  https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ https://jall.com.br/ https://www.google-analytics.com  ; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://unpkg.com/ https://jall.com.br https://www.googletagmanager.com/ http://levoo.com.b/ http://flashcourier.com.br/ https://fonts.googleapis.com/ https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ ; base-uri 'self'  ; frame-src 'self' 'unsafe-inline' https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ https://jall.com.br/ https://200.155.155.54:8080/ https://pegasus.flashpegasus.com.br/ https://tiflash.flashcourier.com.br/  https://www.google.com/ ;style-src-elem 'self' 'unsafe-inline' https://unpkg.com/ https://code.jquery.com/ https://fonts.googleapis.com/; font-src 'self' https://cdn.jsdelivr.net/  https://fonts.gstatic.com/ ; object-src 'none';report-uri https://csper.io/ ; upgrade-insecure-requests ; form-action 'self'; style-src-attr 'self' 'unsafe-inline' https://web/imagens/clip_image_new.jpg ; img-src 'self' 'unsafe-inline' 'unsafe-hashes' https://www.flashcourier.com.br/ https://chart.apis.google.com/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://openstreetmap.org/ https://c.tile.openstreetmap.org/ https://a.tile.openstreetmap.org/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://beta.jall.com.br/ https://rotas.flashcourier.com.br/ https://jall.com.br/ data: web  1
form-action https:; 1
form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.cloudflare.com imoveisglobal.com.br *.facebook.net *.google.com *.clarity.ms unpkg.com *.webcache.googleusercontent.com https://googlemaps.github.io/ https://fonts.gstatic.com/ https://www.youtube.com https://ajax.cloudflare.com https://www.google-analytics.com https://ajax.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://nominatim.openstreetmap.org 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.at 1
default-src 'self' *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be; form-action * 'self'; script-src * 'self' 'unsafe-inline' mc.yandex.ru static.criteo.net ad.yieldlab.net sync.outbrain.com criteo-partners.tremorhub.com match.sharethrough.com simage2.pubmatic.com jadserve.postrelease.com exchange.mediavine.com matching.ivitrack.com ad.360yield.com id5-sync.com sync-criteo.ads.yieldmo.com gum.criteo.com sslwidget.criteo.com widget.eu.criteo.com *.sinpas.com.tr googleads.g.doubleclick.net cdn.onesignal.com connect.facebook.net cdnjs.cloudflare.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.googleapis.com *.googleapis.com *.gstatic.com; connect-src * 'self' mc.yandex.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.g.doubleclick.net;img-src * 'self' www.facebook.com e1.emxdgt.com cm.g.doubleclick.net ups.analytics.yahoo.com eb2.3lift.com criteo-sync.teads.tv mc.yandex.ru r.casalemedia.com visitor.omnitagjs.com cm.adform.net hb.yahoo.net sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com contextual.media.net ib.adnxs.com x.bidswitch.net *.sinpas.com.tr mc.yandex.com *.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr *.ytimg.com; font-src * 'self' cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr; style-src * 'self' 'unsafe-inline' *.sinpas.com.tr *.google.com *.googleapis.com *.gstatic.com; media-src * 'self';frame-src * 'self' *.google.com gum.criteo.com 1
frame-src https://www.youtube.com; frame-ancestors 'none' 1
script-src-elem 'self' 'unsafe-inline' https://api.mapbox.com https://cdn-eu.readspeaker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 'unsafe-inline' cdn-eu.readspeaker.com; frame-ancestors 'self' 1
default-src 'self' packages.umbraco.org our.umbraco.org cdn-ukwest.onetrust.com googletagmanager.com privacyportal-uk.onetrust.com cookiepedia.co.uk geolocation.onetrust.com *.googletagmanager.com tagmanager.google.com  google-analytics.com *.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk blob:;script-src 'self' ajax.googleapis.com  maps.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net cookiepedia.co.uk geolocation.onetrust.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com  tagmanager.google.com *.google.com google-analytics.com *.google-analytics.com  ssl.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com geolocation.onetrust.com  privacyportal-uk.onetrust.com cdn-ukwest.onetrust.com  googletagmanager.com *.googletagmanager.com www.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com  tagmanager.google.com fonts.googleapis.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com 'unsafe-inline';connect-src *;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com *.onetrust.com privacyportal-uk.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk;img-src 'self' data: via.placeholder.com privacyportal-uk.onetrust.com cookiepedia.co.uk cdn-ukwest.onetrust.com geolocation.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com google-analytics.com *.google-analytics.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk  *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;media-src https://www.googletagmanager.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com googletagmanager.com *.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com;frame-src https://www.googletagmanager.com *.onetrust.com  cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal-uk.onetrust.com googletagmanager.com *.googletagmanager.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com app.vwo.com *.visualwebsiteoptimizer.com;worker-src 'self' packages.umbraco.org our.umbraco.org cdn-ukwest.onetrust.com googletagmanager.com privacyportal-uk.onetrust.com cookiepedia.co.uk geolocation.onetrust.com *.googletagmanager.com tagmanager.google.com  google-analytics.com *.google-analytics.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.clarity.ms c.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com googleads.g.doubleclick.net www.google.co.uk *.google.co.uk widget.trustpilot.com *.trustpilot.com js-eu1.hs-scripts.com *.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.usemessages.com c.clarity.ms *.clarity.ms track-eu1.hubspot.com c.bing.com api-eu1.hubspot.com *.hubspot.com player.vimeo.com *.vimeo.com www.youtube.com *.youtube.com cdn.mouseflow.com *.mouseflow.com blob: 1
base-uri 'self'; object-src 'self'; frame-ancestors 'self'; 1
image-src 'self' data:; 1
font-src *;img-src * data:; 1
default-src 'none'; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://strapiweb-s3-prod-01.s3.amazonaws.com https://c212.net https://www.googletagmanager.com data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; object-src 'none'; frame-src *.google.com; worker-src blob:; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://triumphgroup2020index.q4web.com https://www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-a35291d55d2e42188f8a54f043d76f34' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' www.iespell.com t2b.busybeeschildcare.co.uk busybeeschildcare.co.uk www.busybees.com www.facebook.com facebook.com kids1st.net mybusiness.googleapis.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action www.ost.spryker.local zed.ost.spryker.local iglobuscz-staging-static-files.s3.eu-central-1.amazonaws.com 'self' 1
object-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/gtm.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/gtm.js https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://polyfill.io https://cdnjs.cloudflare.com/ajax/libs/OverlappingMarkerSpiderfier/1.0.3/oms.min.js https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-minicolors/2.3.4/jquery.minicolors.min.js https://www.googletagmanager.com/gtm.js https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdnjs.cloudflare.com/ajax/libs/jquery-minicolors/2.3.4/jquery.minicolors.min.css https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://www.youtube.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleapis.com https://static.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OTBlNWYwNDBhZjg5NGNmOWIzZjA1MGQ5ZGI5YWUyM2U=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.klimaatakkoord.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.klimaatakkoord.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.klimaatakkoord.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' cdn.aframe.io s3.amazonaws.com cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com raw.githack.com aframe.io www.google.com orthos.cimscloud.com; font-src * data:; img-src * blob: data: cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.virtualearth.net raw.githack.com aframe.io www.google.com kit.fontawesome.com cdn.tiny.cloud unpkg.com stats.g.doubleclick.net analytics.google.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net www.gstatic.com www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' www.gstatic.com raw.githack.com aframe.io ajax.googleapis.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com cdn.tiny.cloud www.tiny.cloud www.tinymce.com; connect-src 'self' *.cimscloud.com *.googleapis.com s3.amazonaws.com cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com cdn.aframe.io cimscloud.s3.amazonaws.com  raw.githack.com aframe.io www.googletagmanager.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net www.gstatic.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net cdn.tiny.cloud unpkg.com kit.fontawesome.com ka-p.fontawesome.com www.tinymce.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://sinupret.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' nam02.safelinks.protection.outlook.com *.facebook.com news.vin.com fast.fonts.net cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com belfius.be fonts.googleapis.com *.typekit.net *.blob.core.windows.net linkedin.com *.google.com *.google.be febiac.be fonts.gstatic.com *.azurewebsites.net *.googletagmanager.com cdn.cookielaw.org data: service.force.com *.salesforceliveagent.com *.force.com *.my.site.com *.corona.be *.hotjar.com *.doubleclick.net *.google-analytics.com bat.bing.com privacyportal-eu.onetrust.com *.hotjar.io *.youtube.com *.rockestate.be *.my.salesforce.com *.gstatic.com static.ads-twitter.com snap.licdn.com analytics.twitter.com t.co *.googleadservices.com *.facebook.net cdn.linkedin.oribi.io px.ads.linkedin.com wss://ws.hotjar.com api.corona.be *.analytics.google.com *.belfiusdirect.be code.jquery.com *.taboola.com *.outbrain.com *.teads.tv secure.adnxs.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com *.doubleclick.net *.gstatic.com *.steamlvlup.com extension.steamlvlup.com api.steamlvlup.com *.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com mc.yandex.ru yastatic.net *.steamcommunity.com; object-src 'self'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-GHxdlbD3jsIMIEnMA_l_Wg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
img-src *.google.com data: https://px.ads.linkedin.com 'self';script-src *.cookiebot.com *.google.com *.googletagmanager.com *.gstatic.com https://snap.licdn.com/ 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.fonts.net *.google.com *.gstatic.com *.googleapis.com *.jquery.com *.onenorth.com *.oniqa.com *.onistaged.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.gray.com *.blob.core.windows.net *.visitor-track.com *.onetrust.com *.cookielaw.org *.youtube.com *.youtube-nocookie.com *.cnbc.com *.vimeo.com vimeo.com *.licdn.com cdn.linkedin.oribi.io  *.linkedin.com *.bing.com *.googleadservices.com *.facebook.net geoip-js.com ml314.com *.clarity.ms ; img-src * data:; frame-ancestors 'self' https://gray.cmicpaas.com; font-src 'self' data: *.gstatic.com ; 1
https* 1
default-src 'self' https://*.wogaa.sg;; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ blob: https://*.wogaa.sg 'sha256-PBi1E3fhaRy4XXqf/1UJ9hHbseUGJSu8U8SXatADkZE='; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.wogaa.sg/; img-src 'self'; connect-src 'self' https://*.wogaa.sg;; font-src * data: https://assets.wogaa.sg/fonts/; 1
script-src 'unsafe-inline' 'unsafe-eval' https://www.schwanzvergleich.com/ https://matomo.felixtech.io/ https://static.cloudflareinsights.com/ 1
default-src https://*.storied.co; style-src 'report-sample' 'self' 'unsafe-inline' https:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https://*.storied.co https://*.youtube.com https://*.podbean.com/ https://*.instagram.com; base-uri 'self'; connect-src 'self' blob: https: wss://*.storied.co; font-src 'self' blob: data: https:; frame-ancestors 'self'; frame-src 'self' blob: data: https:; img-src 'self' blob: data: https:; manifest-src 'self'; media-src 'self' https://*.storied.co; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.irasia.com *.ckh.com.hk fonts.googleapis.com fonts.gstatic.com *.addthis.com z.moatads.com v1.addthisedge.com *.vzaar.com *.dacast.com static.cloudflareinsights.com *.llnwi.net; 1
script-src 'nonce-TLwJ6EjlLmhh1N5xLV9EJB7ScYuisoye' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://business.jobs.at https://*.jobs-business.staging.karriere.at https://region-eferding.topicsportal.com;base-uri 'none';object-src 'none' 1
default-src megadepot.com www.google.com bid.g.doubleclick.net www.gstatic.com www.google-analytics.com ajax.googleapis.com             https://*.mylivechat.com https://c.bing.com;         script-src megadepot.com https://*.mylivechat.com connect.facebook.net s.pinimg.com             https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com             https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net             bat.bing.com www.paypal.com www.paypalobjects.com dashboard.stripe.com js.stripe.com polyfill.io             apis.google.com https://www.clarity.ms https://*.clarity.ms static-na.payments-amazon.com mylivechat.com             www.shopperapproved.com seal-boston.bbb.org www.dwin1.com www.paypal.com www.sandbox.paypal.com https://mylivechat.com             'unsafe-eval' www.gstatic.com www.google.com             https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:             'unsafe-inline' www.google-analytics.com *.yotpo.com             code.jquery.com maxcdn.bootstrapcdn.com https://m.stripe.network;         frame-src megadepot.com https://www.youtube.com www.facebook.com www.pinterest.com ct.pinterest.com js.stripe.com             payments.amazon.com static-na.payments-amazon.com apay-us.amazon.com www.paypal.com www.paypalobjects.com             https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net             https://*.mylivechat.com www.sandbox.paypal.com *.google.com;         connect-src megadepot.com ct.pinterest.com https://*.clarity.ms             staticw2.yotpo.com bat.bing.com www.facebook.com payments-sandbox.amazon.com payments.amazon.com apay-us.amazon.com             www.paypal.com www.sandbox.paypal.com wss://*.mylivechat.com             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com             *.google.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com data: blob:;         img-src megadepot.com megadepot.com bat.bing.com bing.com ct.pinterest.com p.yotpo.com https://*.paypal.com             yotpo-editor-production.s3.amazonaws.com www.paypal.com www.paypalobjects.com www.facebook.com https://*.clarity.ms             https://c.bing.com https://i.ytimg.com https://*.cloudfront.net seal-boston.bbb.org https://shareasale.com             https://*.mylivechat.com images-na.ssl-images-amazon.com             *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao             *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be             *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br             *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg             *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr             *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm             *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi             *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi             *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht             *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it             *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg             *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls             *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk             *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx             *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no             *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg             *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py             *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se             *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr             *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn             *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk             *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws             *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat             https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.gstatic.com             https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.g.doubleclick.net             https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:;         style-src megadepot.com https://tagmanager.google.com             'unsafe-inline' https://fonts.googleapis.com             'unsafe-eval' https://*.mylivechat.com fonts.googleapis.com staticw2.yotpo.com maxcdn.bootstrapcdn.com;         font-src megadepot.com https://fonts.gstatic.com data: maxcdn.bootstrapcdn.com staticw2.yotpo.com;         worker-src megadepot.com blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rollenspiel.social; img-src 'self' https: data: blob: https://rollenspiel.social; style-src 'self' https://rollenspiel.social 'nonce-1aPVd5j1t88UkvMXWEfu1A=='; media-src 'self' https: data: https://rollenspiel.social; frame-src 'self' https:; manifest-src 'self' https://rollenspiel.social; form-action 'self'; child-src 'self' blob: https://rollenspiel.social; worker-src 'self' blob: https://rollenspiel.social; connect-src 'self' data: blob: https://rollenspiel.social https://files.example.com wss://rollenspiel.social; script-src 'self' https://rollenspiel.social 'wasm-unsafe-eval' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles wildhorses4x4.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com forms.soundestlink.com www.google.com adservice.google.com  rapid-cdn.yottaa.com; default-src 'self' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com rapid-cdn.yottaa.com; font-src 'self' wildhorses4x4.commercev3.com s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com wwwapps.ups.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com www.youtube.com tpc.googlesyndication.com omniform1.com  rapid-cdn.yottaa.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com *.soundestlink.com sealserver.trustwave.com images-wildhorses4x4-com.s3.amazonaws.com googleads.g.doubleclick.net omnisnippet1.com pagead2.googlesyndication.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com omnisnippet1.com r2-t.trackedlink.net forms.soundestlink.com sealserver.trustwave.com tpc.googlesyndication.com rapid-cdn.yottaa.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com omnisnippet1.com r2-t.trackedlink.net forms.soundestlink.com sealserver.trustwave.com tpc.googlesyndication.com rapid-cdn.yottaa.com; style-src 'self' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-elem 'self' s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-attr  'unsafe-inline'; media-src 'self' wildhorses4x4.commercev3.com s3.amazonaws.com/cdn.wildhorses4x4.com/ cdn.commercev3.net/cdn.wildhorses4x4.com/ cdn.wildhorses4x4.com www.bing.com; 1
default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.app-us1.com https://trackcmp.net/t_prism_sitemessages.php api.tripleseat.com gatherhere.com *.sojern.com *.gstatic.com *.rfihub.net *.doubleclick.net/ https://connect.facebook.net/ https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/TbD3vPFlUWKZD-9L4ZxB0HJI/recaptcha__en.js;style-src 'report-sample' 'self' 'unsafe-inline' *.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' yoast.com *.doubleclick.net https://www.google-analytics.com/;font-src 'self' data: ;frame-src 'self' *.rfihub.net *.rfihub.com https://www.youtube.com/ https://www.facebook.com/ *.doubleclick.net https://www.google.com;img-src 'self' data: match.adsrvr.org ajax.googleapis.com tripleseat-static-production.s3.amazonaws.com secure.gravatar.com *.gstatic.com *.sojern.com *.adnxs.com *.youtube.com *.google.com *.doubleclick.net/ https://www.google-analytics.com/ https://www.facebook.com/ https://*.cloudfront.net;manifest-src 'self';media-src 'self';report-uri https://60e6e57021be247f01bb539c.endpoint.csper.io;worker-src https://www.gratonresortcasino.com/wp-content/plugins/wordpress-seo/js/dist/analysis-worker.js?ver=09c761a74bfdc57095e35baeb7a8d206; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.facebook.com *.clearpay.co.uk *.paypalobjects.com *.doubleclick.net facebook.com *.hotjar.com *.hubspot.com js.stripe.com *.vimeo.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.cloudfront.net *.google.be *.google.com *.google.co.uk *.hubspot.com *.hsforms.com *.wrendaledesigns.co.uk *.wrendaledesigns.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io *.luckyorange.com *.facebook.com facebook.com *.cloudfront.net *.fontawesome.com *.doubleclick.net *.hotjar.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hs-scripts.com *.usemessages.com player.vimeo.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com *.fontawesome.com *.typekit.net *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com https://get.geojs.io *.avada.io *.google.com *.hscollectedforms.net *.clearpay.co.uk *.luckyorange.com *.facebook.com facebook.com *.visitors.live *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hubspot.com *.hubapi.com *.luckyorange.net wss://visitors.live wss://*.visitors.live *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; report-uri https://worldbirdscom.report-uri.com/r/d/csp/enforce; report-to default 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livegirl.fr:9080 www.livegirl.fr:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livegirl.fr wss://www.livegirl.fr *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705975464 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; style-src * 'unsafe-inline'; img-src * 'self' data: https:; media-src *; frame-src *; frame-ancestors 'self' *.hiscox.fr; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src 'self' d1qb6yzwaaq4he.cloudfront.net d2qaalvhz7pyuj.cloudfront.net d37onar3vnbj2y.cloudfront.net d37onar3vnbj2y.cloudfront.net www.globemission.eu 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://resources.fuel50careerdrive.com https://*.fuel50careerdrive.com https://www.google.com https://www.google-analytics.com  https://fuel50-us-east.s3.amazonaws.com https://fuel50-us-west.s3.amazonaws.com https://fuel50-pacific.s3.amazonaws.com https://fuel50-asia.s3.amazonaws.com https://fuel50-sa.s3.amazonaws.com https://fuel50-eu.s3.amazonaws.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io pendo-eu-static-397102f2-b62e-433a-6c13-ab10a4b4f1c4.storage.googleapis.com pendo-eu-static-6455579714125824.storage.googleapis.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-987ea9f9552c7d64494f3e6595c2e433'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src * data: 'unsafe-inline'; 1
frame-ancestors 'self' *.insiderscore.com *.infilings.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com *.youtube.com s.ytimg.com tre.tbe.taleo.net; img-src * 'self' data: https:; style-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com tre.tbe.taleo.net; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.mediaroom.com; connect-src 'self' www.google-analytics.com maps.googleapis.com stats.g.doubleclick.net 1
default-src 'self' ; connect-src 'self' https://matomo.digifinland.fi wss://www.omaolo.fi;script-src 'self' https://matomo.digifinland.fi https://kaytontuki.omaolo.fi;style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://terveysportti.fi https://www.terveysportti.fi https://neuvokasperhe.fi https://matomo.digifinland.fi https://kaytontuki.omaolo.fi; font-src 'self' ; object-src 'self' blob: ; frame-src 'self' data: blob: https://kaytontuki.omaolo.fi;frame-ancestors 'self' https://tunnistautuminen.suomi.fi https://*.tunnistus.fi;form-action 'self' https://sso.omaolo.fi; upgrade-insecure-requests; report-uri /api/csp-report; 1
default-src http https 'self' *.cygnusdvlp.in/ftii *.google.com https://cse.google.com 'unsafe-inline'; script-src 'self' *.google.com *.cse.google.com *.cygnusdvlp.in/ftii 'unsafe-eval' 'unsafe-inline'; style-src http https 'self' *.cygnusdvlp.in/ftii *.google.com https://cse.google.com 'unsafe-inline';object-src 'none'; 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: mfa.gov.tm *.google-analytics.com;  script-src   'self' 'unsafe-inline' 'unsafe-eval' mfa.gov.tm metrics.com.tm *.google-analytics.com *.googletagmanager.com;  connect-src  'self' 'unsafe-inline' 'unsafe-eval' mfa.gov.tm *.metrics.com.tm *.google-analytics.com *.googletagmanager.com;  style-src    'self' 'unsafe-inline' mfa.gov.tm;  font-src     'self' data: mfa.gov.tm;  frame-src    'self' mfa.gov.tm;  object-src   'self' ; 1
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; connect-src 'self' https: wss: ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' https://*.peri.cloud http://*.peri.cloud ; child-src 'self' * ;frame-src 'self' * 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; worker-src * blob:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self' 1
default-src 'self'; connect-src 'self' https://ws.imperialnet.co.uk wss://ws.imperialnet.co.uk sessions.bugsnag.com notify.bugsnag.com o359841.ingest.sentry.io *.google-analytics.com *.analytics.google.com s3.eu-west-1.amazonaws.com/ http://dev.ics-assets.co.uk.s3.amazonaws.com/ s3.ics-assets.co.uk s3.ics-assets.co.uk.s3.eu-west-1.amazonaws.com ics-private-assets.s3.eu-west-1.amazonaws.com/ *.sentry.io https://0cnxufpcdl.execute-api.eu-west-1.amazonaws.com/dev/get-compared-vehicles https://yard.cazoo.co.uk https://cazoo.cloudflareaccess.com *.browser-intake-datadoghq.eu; font-src 'self' data: s3.ics-assets.co.uk s3.ics-assets.co.uk.s3.eu-west-1.amazonaws.com resources.ics-assets.co.uk https://www.imperialnet.co.uk cf.imperialnet.co.uk cf.cazoonet.co.uk imperialnet.co.uk www.imperialnet.co.uk testphp.imperialnet.co.uk; frame-src 'self' https://yard.cazoo.co.uk https://cazoo.cloudflareaccess.com www.google.com; img-src 'self' data: blob: notify.bugsnag.com s3.ics-assets.co.uk s3.ics-assets.co.uk.s3.eu-west-1.amazonaws.com d2wy8f7a9ursnm.cloudfront.net d107eyftzsek17.cloudfront.net https://d22n9hkbynglii.cloudfront.net *.google-analytics.com resources.ics-assets.co.uk https://www.imperialnet.co.uk cf.imperialnet.co.uk cf.cazoonet.co.uk res.cloudinary.com intake.cazoo.co.uk abimg002.imgix.net bcamediaprod.blob.core.windows.net svacdnmedia01.azureedge.net images.manheim.co.uk http://www.manheim.co.uk/ i.atcdn.co.uk m.atcdn.co.uk media.shorehamvehicleauctions.com/ http://code.vostrel.net/jquery.reel-drag.cur www.gstatic.com/images/ www.googletagmanager.com https://d107eyftzsek17.cloudfront.net; media-src 'self' imperials.calltracks.com; object-src 'self'; script-src 'self' https://yard.cazoo.co.uk blob: 'nonce-YzZ5RzVIbGtES0UwVVo0dTNv' resources.ics-assets.co.uk https://www.imperialnet.co.uk cf.imperialnet.co.uk cf.cazoonet.co.uk 'unsafe-eval' https://ws.imperialnet.co.uk/assets/socket.io.js d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.5/clipboard.min.js www.google-analytics.com/analytics.js www.gstatic.com/charts/loader.js www.google.com/jsapi www.google.com/uds browser.sentry-cdn.com; style-src 'self' 'unsafe-inline' resources.ics-assets.co.uk https://www.imperialnet.co.uk cf.imperialnet.co.uk cf.cazoonet.co.uk ajax.googleapis.com/ajax/static/modules/gviz/1.0/core/ www.google.com/uds/api/visualization/1.0/ www.gstatic.com/charts/49/css/; worker-src 'self' resources.ics-assets.co.uk https://www.imperialnet.co.uk cf.imperialnet.co.uk cf.cazoonet.co.uk blob:; frame-ancestors 'self' https://cazoo.cloudflareaccess.com; 1
default-src 'self' *.google.com *.youtube.com *.close-upinternational.com *.slideshare.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com data:; script-src 'self' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.google.com cdnjs.cloudflare.com 'unsafe-inline' data:; connect-src 'self' cdn.datatables.net *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com data:; font-src 'self' *.gstatic.com data:; frame-ancestors 'self'; img-src 'self' * data: blob:; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' natalfwk.gruposancorseguros.com nfapi.gruposancorseguros.com nf-chat.gruposancorseguros.com corporate-site-content.gruposancorseguros.com maps.googleapis.com code.jquery.com/ cdn.jsdelivr.net/ js.hsforms.net/ forms.hsforms.com js.hs-scripts.com go.botmaker.com storage.googleapis.com polyfill.io *.googletagmanager.com tagmanager.google.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.facebook.net www.google.com www.gstatic.com *.smileweb.net *.linkedin.com *.qualtrics.com cdnjs.cloudflare.com js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net js.hs-analytics.net forms.hubspot.com api.hubapi.com snap.licdn.com p.adsymptotic.com static.hotjar.com cdn.embluemail.com widgets-static.embluemail.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com natalfwk.gruposancorseguros.com fonts.googleapis.com tagmanager.google.com maxcdn.bootstrapcdn.com storage.googleapis.com static.smileweb.net;img-src 'self' natalfwk.gruposancorseguros.com cdn.jsdelivr.net cdnjs.cloudflare.com corporate-site-content.gruposancorseguros.com maps.googleapis.com www.facebook.com connect.facebook.net storage.googleapis.com data: unpkg.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.com.ar static.smileweb.net track.hubspot.com *.hsforms.com *.linkedin.com p.adsymptotic.com *.qualtrics.com script.hotjar.com;media-src 'self' https://corporate-site-content.gruposancorseguros.com https://storage.googleapis.com;frame-src nf-viewer.gruposancorseguros.com td.doubleclick.net *.google.com *.smileweb.net *.qualtrics.com *.youtube.com;font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com natalfwk.gruposancorseguros.com maxcdn.bootstrapcdn.com connect.facebook.net static.smileweb.net script.hotjar.com;connect-src 'self' natalfwk.gruposancorseguros.com nf-chat.gruposancorseguros.com wss://*.gruposancorseguros.com corporate-site-content.gruposancorseguros.com maps.googleapis.com api.hubapi.com *.hubspot.com forms.hubspot.com www.google-analytics.com stats.g.doubleclick.net https://go.botmaker.com https://storage.googleapis.com https://m-infra.appspot.com wss://ws.botmaker.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ar *.smileweb.net nf-mock.globallogic.com.ar *.linkedin.com siteintercept.qualtrics.com *.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://surveystats.hotjar.io;child-src www.google.com www.youtube.com data: blob: storage.googleapis.com td.doubleclick.net https://vars.hotjar.com;frame-ancestors 'none';upgrade-insecure-requests;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://hojin.spokyo.jp/; 1
default-src 'self'; report-uri https://cool110.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' *.google-analytics.com analytics.google.com js.zi-scripts.com *.zoominfo.com alarmcomincorporated.api.insent.ai; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src *; img-src * data:; style-src 'self' fonts.googleapis.com 'unsafe-inline' *.cloudfront.net; script-src 'self' *.google-analytics.com analytics.google.com *.googletagmanager.com *.google.com *.gstatic.com *.greenhouse.io *.googleadservices.com *.hotjar.com *.facebook.net *.mathtag.com *.licdn.com *.tvsquared.com *.nextdoor.com 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com alarmcomincorporated.widget.insent.ai alarmcomincorporated.api.insent.ai *.zoominfo.com; frame-ancestors 'self' *.alarm.com *.adt.com adt.com.es www.adt.cl www.adt.co.cr www.adt.co.uk www.adt.com.ar www.adt.com.br www.adt.com.mx www.adt.com.uy www.adt.my www.adtsecurity.com.au www.adtsecurity.co.nz www.secomsmart.com.sg www.sakralarm.se lightfootmechanical.com www.secomsmart.com.my smartsecurity.secom.plc.uk www.secom.co.th smartservices.adt.co.uk smartservices.adt.ie infinitysecurity.ca www.protek.com.py www.nos.pt www.chubbhomesecurity.com.au www.alert360.com www.securityinc.net i-wonder.co.jp iqconnect.qolsys.com www.alltid24.no  www.tutumhome.com vprotectindia.com kizukumo.com www.securitascostarica.com www.connect.securitas.de;frame-src 'self' *.alarm.com *.youtube.com academy-alarm.com *.google.com *.greenhouse.io *.mathtag.com *.hotjar.com alarmcomincorporated.widget.insent.ai alarmcomincorporated.api.insent.ai; 1
default-src *  'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self'; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;  1
default-src *; font-src * 'unsafe-inline'; frame-ancestors 'self'; img-src * data: 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' blob: 1
frame-ancestors 'self' http://intranet/ https://*.reyher.de/ 1
default-src 'self'; frame-src 'self' www.google.com www.gstatic.com; form-action 'self'; object-src 'none'; base-uri 'self'; style-src 'self'; connect-src 'self'; script-src 'nonce-4sClvlKx6QfT' 1
frame-ancestors https://*.menora.co.il https://*.menoramivt.co.il 1
default-src 'self'; script-src 'report-sample' 'self' filesystem: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.cloudfront.net https://cybba-bucket.s3.amazonaws.com https://*.cybba.solutions https://*.cybba.us *.rtb123.com https://voxus.com.br *.voxus.com.br *.voxus.tv https://targeting.voxus.tv https://api.ipify.org https://loggly.co https://*.googleadservices.com https://*.gstatic.com *.google-analytics.com *.artfut.com *.heatmap.it *.google.com *.getblue.io *.facebook.net *.hotjar.com *.doubleclick.net *.googleapis.com *.amazon-adsystem.com *.adnxs.com *.stackadapt.com *.adsrvr.org *.atendimen.to *.tiktok.com https://go2cloud.com *.go2cloud.com http://hasoffers.com *.hasoffers.com * https://d2rp1k1dldbai6.cloudfront.net https://storage.googleapis.com https://c.amazon-adsystem.com https://*.adnxs.com https://*.stackadapt.com https://*.adsrvr.org https://*.facebook.net; script-src-elem 'self' filesystem: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com *.hotjar.com *.heatmap.it *.getblue.io *.artfut.com https://*.rtb123.com https://*.voxus.com.br https://*.doubleclick.net *.atendimen.to https://*.google.com https://*.gstatic.com *.google-analytics.com *.facebook.net *.rtb123.com *.tiktok.com *.googleapis.com *.cybba.solutions *.cloudfront.net https://static.i-goal.com.br; style-src 'report-sample' 'self' 'unsafe-inline' https://pafutos.com https://lenkmio.com https://admitad.com https://asbmit.com https://artfut.com https://bluefit.solutto.com.br https://fera.ag *.fontawesome.com *.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com https://cybba.solutions *.cybba.solutions https://*.cybba.solutions *.solutto.com.br; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://voxus.com.br *.adnxs.com *.voxus.com.br *.voxus.tv https://targeting.voxus.tv https://api.ipify.org https://loggly.com *.loggly.com https://patufos.com https://lankmio.com https://ad.admitad.com https://z.asbmit.com https://a.artfut.com https://afilio.com.br https://a.afilio.com.br https://s.afilio.com.br https://p.afilio.com.br https://maps.googleapis.com *.gstatic.com https://us4.heatmap.it https://www.bluefit.com.br https://googleads.g.doubleclick.net https://cx.atdmt.com https://stats.g.doubleclick.net https://www.google-analytics.com https://conteudo.bluefit.com.br *.google.com https://www.google.com.br https://www.facebook.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.googletagmanager.com *.cloudfront.net *.amazon-adsystem.com *.stackadapt.com *.adsrvr.org *.facebook.net https://pafutos.com *.pafutos.com *.lenkmio.com https://analytics.tiktok.com.br * https://d3u0jcwe5p7qrc.cloudfront.net https://c.amazon-adsystem.com https://*.adnxs.com https://*.stackadapt.com https://*.adsrvr.org https://*.facebook.net; font-src 'self' https://pafutos.com https://lenkmio.com https://admitad.com https://asbmit.com https://artfut.com https://bluefit.solutto.com.br https://fonts.gstatic.com https://themes.googleusercontent.com *.cloudfront.net https://use.fontawesome.com *.fontawesome.com https://use.fontawesome.com/* https://d3u0jcwe5p7qrc.cloudfront.net; connect-src 'self' https://voxus.com.br *.voxus.com.br *.voxus.tv https://targeting.voxus.tv https://api.ipify.org https://loggly.com *.loggly.com https://pafutos.com https://lenkmio.com https://admitad.com https://asbmit.com https://artfut.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net wss://ws1.hotjar.com https://ws1.hotjar.com https://app.vindi.com.br https://viacep.com.br https://integration-healthy.dc.linximpulse.ne https://click.retargeter.com.br https://ckies.net https://poscompra.shopconvert.com.br https://vc.hotjar.io https://in.hotjar.com https://front.shopconvert.com.br https://conteudo.bluefit.com.br https://api.shopback.net https://integration-healthy.dc.linximpulse.net https://bluefit.com.br https://connect.facebook.net https://google.com https://*.facebook.com https://*.google.com *.tiktok.com *.googletagmanager.com *.ip-api.com *.adnxs.com *.solutto.com.br; object-src 'none'; frame-src 'self' https://voxus.tv *.voxus.tv https://pafutos.com https://lenkmio.com https://admitad.com https://asbmit.com https://artfut.com https://event.getblue.io https://www.youtube.com https://cdn.atendimen.to https://www.google.com https://bluefit.movidesk.com https://6746405.fls.doubleclick.net https://bid.g.doubleclick.net https://vars.hotjar.com https://console.dialogflow.com https://www.facebook.com https://s-static.ak.facebook.com https://*.googletagmanager.com *.adsrvr.org *.cybbaview.com * https://*.rtb123.com; base-uri 'none'; block-all-mixed-content 1
base-uri 'none';default-src 'none';form-action 'none';frame-ancestors 'none';sandbox; 1
default-src 'self' wss: 'unsafe-eval' 'unsafe-inline' data: blob: *.youtube.com *.youtu.be *.google.com google.com *.google-analytics.com *.hotjar.com *.googleapis.com *.gstatic.com *.doubleclick.net *.legistar.com *.governmentjobs.com *.soundcloud.com *.vimeo.com *.fontawesome.com *.juicer.io *.googletagmanager.com *.jsdelivr.net *.ctctcdn.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'          kit.fontawesome.com www.googletagmanager.com placehold.it maps.googleapis.com cdn.jsdelivr.net          analytics.silktide.com www.google-analytics.com; 1
default-src https: blob: wss: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
frame-ancestors 'self' http://www.1001spiele.at 1
base-uri 'self'; connect-src 'self' dccdn.de *.amazonaws.com *.userlike.com wss://umd.userlike.com/umd/ *.google-analytics.com cdn.plyr.io noembed.com *.doubleclick.net maps.googleapis.com salesviewer.org www.salesviewer.com *.analytics.google.com *.linkedin.oribi.io userlike-cdn-umm.b-cdn.net; font-src 'self' *.cloudfront.net *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de dccdn.de data: *.gstatic.com userlike-cdn-umm.b-cdn.net; form-action 'self' *.ogone.com *.aral-supercard.de *.aral-supercard.de *.ddev.site aral-supercard-b2b-reload-stage.antwerpes.com; frame-src business-aral-supercard-rebuild.ddev.site customer-aral-supercard-rebuild.ddev.site madmin-aral-supercard-rebuild.ddev.site aral-supercard-b2b-stage.antwerpes.com aral-supercard-b2c-stage.antwerpes.com aral-supercard-madmin-stage.antwerpes.com business.aral-supercard.de www.aral-supercard.de madmin.aral-supercard.de www.youtube-nocookie.com stg.gcs.tp-de.net gcs.tp-de.net www.google.com www.googletagmanager.com business-aral-supercard-reloadable.ddev.site aral-supercard-b2b-reload-stage.antwerpes.com reload.business.aral-supercard.de player.vimeo.com www.youtube.com m.youtube.com anmeldung-businessacceptance.aral-supercard.de anmeldung-business.aral-supercard.de; img-src 'self' *.amazonaws.com stg.gcs.tp-de.net *.ddev.site gcs.tp-de.net *.aral-supercard.de data: blob: www.google-analytics.com *.gstatic.com www.google.com www.google.de dccdn.de *.antwerpes.de www.facebook.com *.antwerpes.com i.vimeocdn.com i.ytimg.com *.ads.linkedin.com www.wgkd.de salesviewer.org userlike-cdn-operators.userlike.com; media-src 'self' *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de dccdn.de userlike-cdn-umm.b-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.userlike.com *.cloudfront.net *.amazonaws.com *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de www.googletagmanager.com www.google-analytics.com www.gstatic.com tagmanager.google.com www.googleadservices.com www.google.com *.doubleclick.net *.googleapis.com dccdn.de connect.facebook.net *.gcs.tp-de.net gcs.tp-de.net code.jquery.com player.vimeo.com www.youtube.com *.adform.net snap.licdn.com polyfill.io userlike-cdn-umm.b-cdn.net; style-src 'self' 'unsafe-inline' 'report-sample' *.amazonaws.com *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de *.google.com *.googleapis.com dccdn.de 1
script-src http: https: https://mysleepyhead.com/ 'unsafe-inline' 'unsafe-eval' *.google.com *.salesforce.com *.force.com *.razorpay.com *.facebook.com *.instagram.com duroflexpvtltd.my.salesforce-sites.com; style-src 'self' blob: https: 'unsafe-inline' https://mysleepyhead.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.salesforce.com *.force.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.salesforce.com *.force.com *.juspay.in *.razorpay.com *.clickpost.ai *.googletagmanager.com public.release.juspay.in tez: phonepe: paytmmp: upi:; 1
connect-src 'self' *.googleusercontent.com *.tus.vimeo.com api.ringgold.com dl.dropboxusercontent.com docs.google.com https://raw.githubusercontent.com/astrothesaurus/UAT/master/UAT.rdf www.googleapis.com www.pnascentral.org; default-src 'self' www.pnascentral.org; font-src 'self' fast.fonts.com fonts.gstatic.com www.pnascentral.org; form-action 'nonce-KPRiKxKvxOZ6fG+ZnUl0Hg' 'self' *.orcid.org api2.copyright.com orcid.org www.pnascentral.org; frame-ancestors 'self' www.pnascentral.org; frame-src 'self' *.google.com content.googleapis.com data: www.pnascentral.org; img-src 'self' files.msubmit.net www.pnascentral.org; script-src 'nonce' 'nonce-KPRiKxKvxOZ6fG+ZnUl0Hg' 'self' 'unsafe-eval' *.dropbox.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.orcid.org www.pnascentral.org; style-src 'self' 'unsafe-inline' fast.fonts.com fonts.googleapis.com www.pnascentral.org 1
frame-ancestors 'self' https://www.sumu-lab.com; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' apps.mypurecloud.com.au *.mastersoftgroup.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com tspl-ase-prod-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cd-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd-staging.azurewebsites.net www.telstrasuper.com.au auth.telstrasuper.com.au tspl-ase-prod-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cm-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm-staging.azurewebsites.net interactive-player.s3-ap-southeast-2.amazonaws.com api.creativa.com.au *.vixverify.com snap.licdn.com connect.facebook.net apps-au.willistowerswatson.com www.googleadservices.com s.yimg.com *.quantserve.com *.quantcount.com *.bing.com *.on24.com apps.willistowerswatson.com *.serving-sys.com; object-src data: 'unsafe-eval'; style-src 'self' 'unsafe-inline' fast.fonts.net tspl-ase-prod-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cd-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd-staging.azurewebsites.net www.telstrasuper.com.au auth.telstrasuper.com.au tspl-ase-prod-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cm-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm-staging.azurewebsites.net *.vixverify.com apps-au.willistowerswatson.com fonts.googleapis.com; img-src * data: stats.g.doubleclick.net www.google-analytics.com tspl-ase-prod-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cd-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd-staging.azurewebsites.net www.telstrasuper.com.au auth.telstrasuper.com.au tspl-ase-prod-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cm-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm-staging.azurewebsites.net apps-au.willistowerswatson.com apps.willistowerswatson.com; media-src 'unsafe-inline' *.s3-ap-southeast-2.amazonaws.com; frame-src 'self' apps.mypurecloud.com.au *.youtube.com *.facebook.com *.sitecore.net *.google.com player.vimeo.com review.money101.com.au vds.issgovernance.com *.on24.com; font-src 'self' tspl-ase-prod-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cd-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd-staging.azurewebsites.net www.telstrasuper.com.au auth.telstrasuper.com.au tspl-ase-prod-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cm-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm-staging.azurewebsites.net *.vixverify.com apps-au.willistowerswatson.com apps.willistowerswatson.com fonts.gstatic.com; connect-src 'self' snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au *.vixverify.com cdnjs.cloudflare.com alcdn.msftauth.net login.microsoftonline.com www.google-analytics.com cloud90.towerswatson.com apps-au.willistowerswatson.com apps.willistowerswatson.com dc.services.visualstudio.com hcbtas-p-pdfservice-au-east.azurewebsites.net stats.g.doubleclick.net cdn.linkedin.oribi.io s.yimg.com google.com analytics.google.com *.serving-sys.com;worker-src tspl-ase-prod-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cd-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cd-staging.azurewebsites.net www.telstrasuper.com.au auth.telstrasuper.com.au tspl-ase-prod-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod-sitecore10-rg01-cm-staging.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm.azurewebsites.net tspl-ase-prod2-sitecore10-rg01-cm-staging.azurewebsites.net blob: 1
default-src 'self' https://www.googletagmanager.com 'unsafe-inline' ;          style-src 'self' 'unsafe-inline' ;          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com ;          img-src 'self' https://prodstoragehelpcentre.z33.web.core.windows.net data: https://*.google-analytics.com https://*.googletagmanager.com ;          connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; img-src 'self' data: *.googleapis.com *.ggpht maps.gstatic.com ssl.gstatic.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.doubleclick.net; connect-src 'self' www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' fonts.gstatic.com; base-uri 'self'; frame-src 'self'; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.agidra.com kx1.co *.google.fr *.google.com *.googletagmanager.com *.jquery.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.fbcdn.net *.googleadservices.com *.bootstrapcdn.com *.ytimg.com *.youtube-nocookie.com *.github.com *.sendinblue.com *.doofinder.com *.linkedin.com *.fontawesome.com *.crazyegg.com *.doubleclick.net *.datatables.net unpkg.com ajax.googleapis.com *.licdn.com cdn.linkedin.oribi.io *.facebook.net  tarteaucitron.io *.tarteaucitron.io *.privacy-center.org 1
frame-ancestors 'self' *.virtualyard.com.au virtualyard.com *.virtualyard.co.uk virtualyard.co.uk *.bydautomotive.com.au 1
frame-ancestors 'self' https://edicola.gazzettaregionale.it https://testbaba.virtualcms.it 1
default-src 'self' 'unsafe-eval' analytics.tiktok.com hotelimages.sunhotels.net sg-api.globaltix.com *.tribecar.com ap-south-1.linodeobjects.com *.ap-south-1.linodeobjects.com cdnjs.cloudflare.com *.freshchat.com *.googletagmanager.com *.facebook.com connect.facebook.net *.google.com tools.applemediaservices.com apple-resources.s3.amazonaws.com www.google-analytics.com connect.facebook.net www.youtube.com *.doubleclick.net redirector.googlevideo.com *.googleapis.com *.google.com.sg i.ytimg.com yt3.ggpht.com *.freshworksapi.com fc-use1-00-pics-bkt-00.s3.amazonaws.com oss.maxcdn.com maxcdn.bootstrapcdn.com *.zopim.com unpkg.com stripe.com *.stripe.com cdn.jsdelivr.net schema.org www.sitemaps.org www.w3.org *.gstatic.com *.newrelic.com i.i-sgcm.com *.googleadservices.com 'unsafe-inline' data: 1
font-src *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com https://g9c2b.emailsp.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sharethis.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com https://maps.googleapis.com *.sharethis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://static.cloudflareinsights.com *.sharethis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://maps.googleapis.com *.doubleclick.net *.sharethis.com https://bcp.crwdcntrl.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src *.googleusercontent.com *.google.com disqus.com *.youtube.com; connect-src 'self' *.worcket.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.zohopublic.com *.linkedin.com data: blob: ws:; default-src 'none'; font-src 'self' *.gstatic.com *.googleapis.com  *.zohocdn.com *.zohostatic.com; form-action 'self'; frame-ancestors 'none'; frame-src *.google.com;; img-src 'self' *.cloudinary.com *.linkedin.com *.google.com *.googleusercontent.com *.google.com.ar *.gstatic.com *.googleapis.com *.facebook.com *.facebook.net *.zohocdn.com *.zohostatic.com data:; media-src 'self' http://*.cloudinary.com res.cloudinary.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.jsdelivr.net *.googletagmanager.com *.youtube.com *.google-analytics.com *.gstatic.com *.licdn.com *.zoho.com *.zohocdn.com *.zohostatic.com *.facebook.com *.facebook.net  unpkg.com *.googleapis.com blob:; style-src 'self' 'unsafe-inline' unpkg.com *.googleapis.com *.gstatic.com  *.zohocdn.com *.zohostatic.com fonts.googleapis.com; worker-src 'self' blob:; 1
frame-ancestors 'self' https://www.mycamu.co.in https://mycamu.co.in; 1
default-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.gr  *.skroutz.gr https://skroutza.skroutz.gr *.contactpigeon.com https://www.clarity.ms *.cloudflare.com *.ubembed.com *.skroutz.gr *.boxnow.gr *.citrusad.com https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://static.addtoany.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' *.contactpigeon.com https://ping.contactpigeon.com *.typekit.net/ https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: *.skroutz.gr *.doubleclick.net https://c.bing.com/c.gif *.c.bing.com https://skroutza.skroutz.gr *.contactpigeon.com https://dimages.contactpigeon.com https://ping.contactpigeon.com *.clarity.ms  https://c.clarity.ms https://static.pharmnet.gr https://www.pharmnet.gr https://pharmnetnew.staginglh.com https://local.pharmnetnew.gr https://pharmnetnew.test.devlh.com https://pharmnet.gr *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: *.typekit.net/ https://fonts.gstatic.com; connect-src 'self' *.facebook.com https://pagead2.googlesyndication.com *.googlesyndication.com *.analytics.google.com https://region1.analytics.google.com *.clarity.ms *.contactpigeon.com  https://ping.contactpigeon.com https://conversionapi.pharmnet.gr *.citrusad.com https://staging-integration.citrusad.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self'; manifest-src *.pharmnet.gr; 1
frame-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://lpcdn.lpsnmedia.net https://lo.msg.liveperson.net https://lo.v.liveperson.net https://lo.idp.liveperson.net https://widget.trustpilot.com; object-src 'none'; frame-ancestors *; report-uri https://prepaypower.ie/report-uri/enforce 1
default-src 'self' https://studio24.bg/ https://*.studio24.bg/ blob:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://tpc.googlesyndication.com https://assets.zendesk.com https://cdn.usefathom.com https://connect.facebook.net https://ajax.googleapis.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/ https://www.google.bg/pagead/ https://googleads.g.doubleclick.net/pagead/ https://www.youtube.com/iframe_api https://www.youtube.com/player_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://cdn.onesignal.com https://onesignal.com https://www.gstatic.com/firebasejs/ https://push-static.dbankcdn.com/hms-messaging.js https://accounts.google.com https://appleid.cdn-apple.com; img-src 'self' data: blob: android-webview-video-poster: https://studio24.bg https://staging.studio24.bg https://ssl.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.usefathom.com https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://www.google.bg/pagead/ https://s-static.ak.facebook.com https://assets.zendesk.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com/rastertiles/voyager/ https://*.ytimg.com https://www.facebook.com/tr/ blob: https://www.facebook.com/platform/ ; style-src 'self' 'unsafe-inline' file: blob: https://cdn.syncfusion.com https://*.peterpro.bg https://*.studio24.bg https://fonts.googleapis.com https://fonts.gstatic.com https://assets.zendesk.com https://onesignal.com https://accounts.google.com ; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://*.peterpro.bg https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/embed/ https://*.studio24.bg https://studio24.bg https://onesignal.com/ https://tpc.googlesyndication.com/ https://accounts.google.com https://web.facebook.com/v18.0/plugins/ ; object-src 'none'; connect-src 'self' mailto: blob:  https://*.peterpro.bg https://*.studio24.bg https://studio24.bg wss://app.peterpro.bg:8443 wss://app.peterpro.bg:8444 https://noembed.com/embed https://onesignal.com https://*.google-analytics.com/ https://firebaseinstallations.googleapis.com/v1/projects/ https://fcmregistrations.googleapis.com/v1/projects/ https://www.facebook.com/tr/ https://revgeocode.search.hereapi.com/v1/revgeocode https://accounts.google.com https://www.google.com/maps/conversion/ https://www.facebook.com/platform/ https://graph.facebook.com/v18.0/ ; manifest-src 'self' blob: ; media-src 'self' https://www.youtube.com https://m.youtube.com ;  1
default-src 'self' www.wiris.net; style-src 'self' 'unsafe-inline' www.wiris.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.wiris.net; frame-src 'self' www.google.com/recaptcha/ www.wiris.net; font-src 'self' www.wiris.net; img-src 'self' www.wiris.net data:; connect-src 'self' www.wiris.net; media-src 'self' www.wiris.net; object-src 'self' www.wiris.net; report-uri /api/CspReport/Log 1
frame-ancestors 'self' *.7riches.club *.ssg-testing.workers.dev stage.myluck.co.za *.idkfa.online  *.mobi-games.co.za mobi-games.co.za homeplay.casino zonkebets.co.za 1
frame-ancestors 'self' https://help.bikester.fi https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'self' https://app.luckia.pt https://m.luckia.pt 1
frame-ancestors 'self' https://www.miracomohacerlo.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.com.sg https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.com.sg https://m.myprotein.com.sg https://checkout.myprotein.com.sg https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
report-uri https://waryashop.org; 1
default-src 'self';  	style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://static.flockler.com https://fl-1.cdn.flockler.com;  	img-src * 'self' data:;  	frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.dailymotion.com https://player.vimeo.com https://www.google.com https://player.twitch.tv https://battlefy.com https://www.recaptcha.net https://e.widgetbot.io;  	font-src 'self' data: https://fonts.gstatic.com;  	script-src * 'self' 'unsafe-inline' 'unsafe-eval';  	connect-src https://iframe.ly https://www.weareplaystation.fr https://noembed.com https://cdn.plyr.io https://region1.google-analytics.com https://www.facebook.com https://graph.facebook.com https://www.google-analytics.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kmy.blue; img-src 'self' data: blob: https://kmy.blue https://media.kmy.blue; style-src 'self' https://kmy.blue 'nonce-I223cVN/WCmwYlcN56VzwA=='; media-src 'self' data: https://kmy.blue https://media.kmy.blue; frame-src 'self' https:; manifest-src 'self' https://kmy.blue; form-action 'self'; child-src 'self' blob: https://kmy.blue; worker-src 'self' blob: https://kmy.blue; connect-src 'self' data: blob: https://kmy.blue https://media.kmy.blue wss://s.kmy.blue; script-src 'self' https://kmy.blue 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.serving-sys.com *.google.com  *.facebook.net *.b-cdn.net *.casinosmash.com *.appspot.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hotjar.com *.consensu.org *.sumo.com *.windows.net *.ibusmedia.com *.slgnt.eu *.polyfill.io *.sentry-cdn.com *.maxmind.com *.ravenjs.com *.webpu.sh *.instagram.com *.tiny.cloud *.cloudflare.com *.co *.quantserve.com *.quantcount.com *.quantcast.com *.affiliatable.io *.cloudflareinsights.com mediaserver.entainpartners.com mediaserver.betmgmpartners.com *.newrelic.com *.nr-data.net 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-26/EpS57loeNG3Ecc+arbNrT' 'unsafe-eval' https://*.umbraco.com https://collect.mopinion.com https://cdn.iubenda.com https://cs.iubenda.com https://www.iubenda.com https://deploy.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://cdn.tiny.cloud https://js.monitor.azure.com https://answers.ourskillsforce.co.uk.pagescdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://js.createsend1.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://fonts.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://cdn.tiny.cloud https://maxcdn.bootstrapcdn.com;img-src 'self' https://*.umbraco.com data: https://sp.tinymce.com https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://stappsnonprodstage.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://ourskillsforce-umbraco-staging.azurewebsites.net/images/ https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com;media-src 'self' https://app.gotomeeting.com;frame-src 'self' https://app.gotomeeting.com https://answers.ourskillsforce.co.uk.pagescdn.com https://sdsnonprod.b2clogin.com https://sdsdigitalaccount.b2clogin.com https://www.youtube.com https://player.vimeo.com https://marketplace.umbraco.com https://bid.g.doubleclick.net https://www.google.com https://app.powerbi.com;font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://gstatic.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://maxcdn.bootstrapcdn.com;connect-src 'self' https://app.gotomeeting.com ws: https://cacheorcheck.mopinion.com https://deploy.mopinion.com https://metrics.mopinion.com https://skillsdevelopment.azure-api.net https://sdsnonprod.b2clogin.com https://dc.services.visualstudio.com https://adult-iag-dev.azurewebsites.net https://webservices.data-8.co.uk https://adult-iag-stg.azurewebsites.net https://adult-iag.azurewebsites.net https://webservices.data-8.co.uk https://hits-i.iubenda.com https://login.microsoftonline.com https://sdsdigitalaccount.b2clogin.com https://createsend.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.mopinion.com;report-uri /report-uri 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://shutts.us12.list-manage.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://shutts.us12.list-manage.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://www.youtube.com https://www.avvo.com/attorney-badges/; font-src 'self' https://assets.avvo.com data:; frame-src 'self' https://anchor.fm https://player.vimeo.com https://podcasters.spotify.com https://www.youtube.com https://www.google.com/maps/embed/; img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://www.google-analytics.com https://www.googletagmanager.com https://translate.google.com https://www.gstatic.com https://www.law360.com/images/; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://csp-reports.firmseek.com/shutts; 1
default-src 'self' *.zlm.nl; script-src 'self' 'unsafe-inline' *.zlm.nl www.youtube.com www.googletagmanager.com www.google-analytics.com https://static.hotjar.com https://script.hotjar.com s.ytimg.com js-agent.newrelic.com 'unsafe-eval' bam.nr-data.net cehute.ramitetuha.com www.googleadservices.com data1.ahjilop.com data1.saliche.com connect.facebook.net najiwu.xeyutezepo.com bat.bing.com tpc.googlesyndication.com diyini.junasonuku.com data1.fedjuh.com googleads.g.doubleclick.net yotejo.cevocoxuhu.com webchat.saysimple.io *.smooch.io https://web-f.insocial.nl; style-src 'self' 'unsafe-inline' www.youtube.com *.zlm.nl translate.googleapis.com webchat.saysimple.io https://static.hotjar.com https://script.hotjar.com; img-src 'self' *.zlm.nl i.ytimg.com www.youtube.com yt3.ggpht.com www.google-analytics.com data: www.gstatic.com translate.google.com www.googletagmanager.com bat.bing.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.nl https://static.hotjar.com https://script.hotjar.com https://i.vimeocdn.com/ region1.google-analytics.com region1.analytics.google.com webchat.saysimple.io blob: https://*.gravatar.com *.smooch.io api.eazy.im; media-src 'self' *.zlm.nl webchat.saysimple.io; frame-src 'self' *.zlm.nl www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com tpc.googlesyndication.com player.vimeo.com https://feedback.insocial.eu; frame-ancestors 'self' *.zlm.nl; font-src 'self' *.zlm.nl data: themes.googleusercontent.com fonts.gstatic.com https://script.hotjar.com webchat.saysimple.io; connect-src 'self' *.zlm.nl https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com surveystats.hotjar.io www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net bat.bing.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com webchat.saysimple.io *.smooch.io wss://api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors *.is0.org https://reflectors.m17.link 1
frame-ancestors 'self' https://*.wiseradvisor.com 1
frame-ancestors *.natagora.be natagora.t3.makemeweb.dev t3.natagora *.aves.be *.life-connexions.eu; 1
default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' *.disqus.com c.disquscdn.com; worker-src https: blob:; child-src https: blob:; style-src https: data: 'unsafe-inline' 'unsafe-eval' c.disquscdn.com; img-src https: data: 'unsafe-inline' https://*.tile.osm.org; font-src https: data:; object-src blob: 'self'; base-uri 'none'; frame-ancestors 'self'; connect-src blob: 'self' *.openstreetmap.org *.pixabay.com pixabay.com *.sharethis.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' vesmir.cz *.youtube.com *.vimeo.com docs.google.com disqus.com *.disqus.com api.mapy.cz www.google.com h.imedia.cz www.seznam.cz www.scribd.com www.send.cz send.cz www.soundcloud.com soundcloud.com; media-src https:;manifest-src 'self'; form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ignitr.com *.doubleclick.net *.gstatic.com widgets.pinterest.com *.youtube.com f.vimeocdn.com w.soundcloud.com player.vimeo.com v1.addthisedge.com *.addthis.com code.jquery.com *.google.com *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.net use.typekit.com kit.fontawesome.com p.typekit.net kit.fontawesome.com www.facebook.com ka-p.fontawesome.com *.googleadservices.com;;img-src 'self' *.ignitr.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.typekit.net *.pinterest.com *.facebook.com data:;font-src 'self' cdnjs.cloudflare.com *.gstatic.com *.typekit.net *.typekit.com *.fontawesome.com; 1
font-src https://* data:; img-src https://* data: 1
default-src 'self' *.wikiforge.net *.wikitide.org;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.wikiforge.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com platform.twitter.com hcaptcha.com *.hcaptcha.com code.jquery.com cdn.jsdelivr.net;  style-src 'self' data: 'unsafe-inline' *.wikiforge.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com;  img-src blob: 'self' data: *.wikiforge.net *.wikitide.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com mirrors.creativecommons.org www.gnu.org cdn.geogebra.org scratchblocks.github.io tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com discordapp.com;  font-src 'self' data: *.wikiforge.net *.wikitide.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org cdnjs.cloudflare.com;  media-src 'self' blob: *.wikiforge.net *.wikitide.org upload.wikimedia.org *.youtube.com *.youtube-nocookie.com;  frame-src 'self' *.wikiforge.net *.wikitide.org www.google.com docs.google.com web.libera.chat *.youtube-nocookie.com www.youtube.com platform.twitter.com discord.com discordapp.com syndication.twitter.com www.gofundme.com archive.org query.wikidata.org www.bing.com hcaptcha.com *.hcaptcha.com player.vimeo.com;  connect-src 'self' *.wikiforge.net *.wikitide.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 1
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; report-uri https://csp-reports.firmseek.com/brickergraydon2; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.cloudflare.com https://www.carmats4u.com *.carmats4u.com *.carmatsandaccessories.com web-sdk.aptrinsic.com assets.adobedtm.com js.stripe.com require.js.org connect.facebook.net v2.zopim.com www.googleadservices.com www.googletagmanager.com fonts.googleapis.com maps.googleapis.com *.reviews.io *.reviews.co.uk www.paypal.com *.craftyclicks.co.uk craftyclicks.co.uk fetchify.com fetchify.co.uk static.zdassets.com googleads.g.doubleclick.net www.google-analytics.com widget.reviews.io https://fetchify.com *.fetchify.com; frame-src 'self' https://securepayments.paypal.com/ connect.facebook.net www.facebook.com js.stripe.com *.reviews.co.uk *.reviews.io v2.zopim.com static.zdassets.com www.paypal.com *.doubleclick.net widget.reviews.io www.uniqueproductsuk.com business.facebook.com *.upsuk-assets.co.uk; 1
Content-Security-Policy 1
default-src 'self'; frame-src 'self' https://*.sampension.dk https://www.sampension.dk https://classic.sampension.dk https://www.arkitektpension.dk https://classic.arkitektpension.dk https://www.pjdpension.dk https://classic.pjdpension.dk https://www.isp.dk https://classic.isp.dk https://www.youtube.com https://sampension.easycruit.com https://career5.successfactors.eu https://www.google.com https://policy.app.cookieinformation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: sha256-i4oVvcRt1OEatioL3sdJl82RFzr/DGDlv358EfMmlVk= https://*.sampension.dk https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://*.netop.com https://*.cookieinformation.com https://euwa.puzzel.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cloud.typography.com https://d2wjm50k7xeuw2.cloudfront.net; img-src 'self' data: https://www.sampension.dk https://www.arkitektpension.dk https://www.pjdpension.dk https://www.isp.dk https://cdn-sampension.dk https://www.linkedin.com https://*.netop.com https://*.google-analytics.com https://*.analytics.google.com https://cookieinformation.com https://px.ads.linkedin.com https://www.facebook.com https://lg-eu-files.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://search-api.swiftype.com https://www.facebook.com https://*.netop.com https://apm.sampension.dk:7002 wss://*.netop.com https://euwa.puzzel.com https://api.puzzel.com; prefetch-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.sampension.dk; object-src 'none' 1
connect-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com ws://suporte.ciberloja.com:* wss://suporte.ciberloja.com:*; frame-ancestors 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com ; frame-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com *.fleeq.io *.mediaservices.windows.net *.metacafe.com *.streaming.azure.net *.vimeo.com *.youtube.com *.youtube-nocookie.com; script-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com 'unsafe-inline' fonts.googleapis.com; report-uri /CspReports.ashx 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.google-analytics.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net; font-src https://files.datathistle.com; img-src https://files.datathistle.com https://*.google-analytics.com https://*.googlesyndication.com; form-action 'self'; frame-ancestors 'none'; frame-src https://*.google.com https://*.googlesyndication.com; manifest-src https://files.datathistle.com; script-src 'nonce-RjVMeWZmc09PR1FhQzQ5QktESmh0dz09' 'strict-dynamic'; style-src https://files.datathistle.com 'unsafe-inline' 1
connect-src 'self' cdn.cookielaw.org www.google-analytics.com yoast.com privacyportal.onetrust.com server.bugreporting.co subwayblaze.com; font-src 'self' use.typekit.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com data: fonts.gstatic.com at.alicdn.com; frame-src www.youtube.com www.google.com 'self' mozbar.moz.com forms.office.com; img-src 'self' www.google-analytics.com p.typekit.net data: secure.gravatar.com about cdn.jsdelivr.net maps.gstatic.com ps.w.org wpstorelocator.co maps.google.com cdn.cookielaw.org i.ytimg.com www.googletagmanager.com www.gstatic.com go.zoominfo.com; script-src-elem 'self' advertising.valuedrugco.com cdn.cookielaw.org cdn.trackduck.com pi.pardot.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com cdn.jsdelivr.net d1ks1friyst4m3.cloudfront.net use.typekit.net 'unsafe-inline' cdnjs.cloudflare.com maps.google.com maps.googleapis.com gc.kis.v2.scr.kaspersky-labs.com widget.bugreporting.co gateway.zscloud.net; style-src-elem 'self' p.typekit.net use.typekit.net cdn.jsdelivr.net maxcdn.bootstrapcdn.com 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com ajax.googleapis.com widget.bugreporting.co gateway.zscloud.net; child-src www.youtube.com; script-src 'self' advertising.valuedrugco.com cdn.cookielaw.org cdn.trackduck.com pi.pardot.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net d1ks1friyst4m3.cloudfront.net self use.typekit.net maps.google.com maps.googleapis.com; style-src 'self' p.typekit.net use.typekit.net 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self' blob:; report-uri https://6ec54b4056637c9e36d70a7606a42836.report-uri.com/r/d/csp/wizard 1
script-src *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.youtube.com www.googletagmanager.com cdn.startbootstrap.com  'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com use.fontawesome.com code.jquery.com fonts.googleapis.com stackpath.bootstrapcdn.com ajax.googleapis.com cdn.jsdelivr.net;connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.youtube.com;img-src * 'self' data: https: www.ozgurpolitika.com maps.googleapis.com  www.w3.org; style-src 'self' 'unsafe-inline' *.ozgurpolitika.com bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.lineicons.com  www.youtube.com; object-src 'none'; frame-src www.youtube.com; font-src 'self' maps.googleapis.com fonts.gstatic.com cdn.lineicons.com stackpath.bootstrapcdn.com www.youtube.com; 1
default-src 'self' https://www.google.com  https://www.widgets.investing.com https://sslcharts.forexprostools.com https://www.googletagmanager.com *.google-analytics.com *.cxense.com *.serving-sys.com *.gemius.pl *.googletagservices.com *.doubleclick.net *.adunity.com *.adform.net *.2mdn.net *.conso.ro 'unsafe-inline';script-src 'self' https://www.google.com https://www.gstatic.com  *.googletagmanager.com *.google-analytics.com *.adunity.com *.serving-sys.com *.mookie1.com *.googletagservices.com *.adocean.pl *.gemius.pl *.adform.net https://code3.adtlgc.com z.moatads.com *.cxense.com synocdn.com *.2mdn.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.adunity.com 'unsafe-inline';img-src 'self' https://www.api.conso.ro *.cxense.com *.serving-sys.com *.adunity.com ad.doubleclick.net *.conso.ro *.mookie1.com *.synoint.com *.moatads.com *.adocean.pl *.adform.net about: data:;base-uri 'self' *.adunity.com *.adform.net 1
script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www.visitcopenhagen.dk https://*.www.visitcopenhagen.dk https://api.www.www.visitcopenhagen.dk 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-NygfjlK2kq6AV9znuvQ3KHqkN7Iv06ddoSmIU03JYLXPAXma' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';script-src 'self' https://policy.cookiereports.com dopomoga-poruch.com 'nonce-K41gq5+p56/ZvKKmUcvvrcOpk7HARyzThsWdjGz6K/c=';style-src * 'self' 'unsafe-inline';connect-src 'self' https://policy.cookiereports.com dopomoga-poruch.com;font-src * 'self' data: dopomoga-poruch.com;img-src * 'self' data: data: blob:;media-src * 'self';frame-ancestors 'none';frame-src https://www.youtube.com;base-uri 'self' 1
frame-ancestors 'self' http://www.gb.se unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' https: data: gap:; font-src 'self' https: data:; img-src https: content: data:; script-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:;media-src * blob:; 1
img-src * data:;base-uri 'self' 1
default-src https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 1
child-src *.tyoelake.fi *.frc.io tyoelake.herokuapp.com tyoelake-staging.herokuapp.com d107h3c3r1aaxa.cloudfront.net cdn.tyoelake.fi *.google.fi *.google.com  *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.youtube.com *.googleusercontent.com *.giosg.com giosg-chat-public-eu.s3.amazonaws.com *.giosgusercontent.com *.interactions.giosgusercontent.com *.clients.giosgusercontent.com apps.mypurecloud.de api-cdn.mypurecloud.de webmessaging.mypurecloud.de etk.containers.piwik.pro etk.piwik.pro *.facebook.net *.facebook.com *.taloustutkimus.fi *.sanomagames.com *.jsdelivr.net *.reactandshare.com *.cookiebot.com analytics.etk.fi analytiikka.ahtp.fi *.riddle.com; object-src 'none'; connect-src  *.tyoelake.fi *.frc.io tyoelake.herokuapp.com tyoelake-staging.herokuapp.com d107h3c3r1aaxa.cloudfront.net cdn.tyoelake.fi *.google.fi *.google.com  *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.youtube.com *.googleusercontent.com *.giosg.com giosg-chat-public-eu.s3.amazonaws.com *.giosgusercontent.com *.interactions.giosgusercontent.com *.clients.giosgusercontent.com apps.mypurecloud.de api-cdn.mypurecloud.de webmessaging.mypurecloud.de *.pingdom.net *.taloustutkimus.fi *.jsdelivr.net *.reactandshare.com *.cookiebot.com analytics.etk.fi analytiikka.ahtp.fi *.riddle.com etk.containers.piwik.pro etk.piwik.pro *.facebook.net *.facebook.com; 1
default-src 'self' https://*.clarity.ms https://c.bing.com *.facebook.net; connect-src *.clarity.ms region1.google-analytics.com 'self' cdn.esales.apptus.com *.api.esales.apptus.cloud *.klarna.com *.klarnaevt.com www.google-analytics.com bat.bing.com stats.g.doubleclick.net at.odla.nu vitals.vercel-analytics.com vitals.vercel-insights.com www.google.com *.freshworks.com *.freshdesk.com *.freshchat.com api.privacy-center.org *.ingrid.com *.cookiebot.com; script-src-elem 'self' 'unsafe-inline' cdn.esales.apptus.com www.googletagmanager.com *.klarna.com *.klarnaevt.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com at.odla.nu bat.bing.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.freshchat.com *.freshworks.com www.gstatic.com tpc.googlesyndication.com sdk.privacy-center.org *.ingrid.com connect.facebook.net www.clarity.ms *.cookiebot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.klarna.com *.klarnaevt.com tagmanager.google.com *.freshchat.com *.freshworks.com; img-src 'self' data: odlanu.cdn.storm.io images.ctfassets.net images.contentful.com *.klarna.com *.klarnaevt.com www.google-analytics.com ssl.gstatic.com www.gstatic.com odlatest.blob.core.windows.net odlaprod.blob.core.windows.net odla.blob.core.windows.net www.nelsongarden.se imgsct.cookiebot.com googleads.g.doubleclick.net www.google.com www.google.se bat.bing.com www.googletagmanager.com 31720125-535806323328999052.preview.editmysite.com www.theorinstradgardar.com d3ulb5sy0crk0x.cloudfront.net s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/data/helpdesk/attachments/production/77024600754/ www.theorinstradgardar.com www.googleadservices.com sdk.privacy-center.org www.facebook.com static.refunder.se c.clarity.ms region1.google-analytics.com; font-src 'self' fonts.gstatic.com *.klarna.com *.klarnaevt.com data:; object-src 'none'; frame-src *.klarna.com *.klarnaevt.com bid.g.doubleclick.net *.freshchat.com *.tradedoubler.com widget.reco.se www.googletagmanager.com www.google.com recaptcha.google.com tpc.googlesyndication.com *.ingrid.com *.cookiebot.com; script-src 'self' 'unsafe-inline' cdn.esales.apptus.com www.googletagmanager.com *.klarna.com *.klarnaevt.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com at.odla.nu bat.bing.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.freshchat.com *.freshworks.com www.gstatic.com tpc.googlesyndication.com sdk.privacy-center.org *.ingrid.com connect.facebook.net www.clarity.ms *.cookiebot.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://countly.merlin-test.rbi.cloud/sdk/web/countly.min.js https://countly.merlin.rbi.cloud/sdk/web/countly.min.js https://googleads.g.doubleclick.net https://assets.zendesk.com https://cookie-cdn.cookiepro.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com https://*.youtube.com https://*.ytimg.com https://www.surveygizmo.eu https://*.google.at https://*.googleapis.com https://*.google.com/ https://www.google-analytics.com https://www.gstatic.com https://*.facebook.net https://*.facebook.com https://ssl.google-analytics.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/; img-src 'self' https://www.cashpresso.com https://*.cashpresso.com https://www.surveygizmo.eu https://cookie-cdn.cookiepro.com/logos/ https://cdn.cookielaw.org/logos/ https://ssl.google-analytics.com https://*.google.com https://*.google.at https://www.google-analytics.com data: https://stats.g.doubleclick.net https://*.facebook.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://www.surveygizmo.eu https://*.cashpresso.com https://npmcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/ https://fonts.googleapis.com https://*.bootstrapcdn.com ; font-src 'self' data: https://*.bootstrapcdn.com/ https://fonts.gstatic.com; object-src data: https://*.cashpresso.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gravatar.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://*.google.com https://www.google.at https://www.google.de https://s.w.org https://*.bootstrapcdn.com; child-src 'self' https://*.facebook.com https://*.facebook.com https://*.youtube.com https://pipedrivewebforms.com https://www.google.com; connect-src https://*.cashpresso.com https://cashpresso.zendesk.com https://countly.merlin-test.rbi.cloud https://countly.merlin.rbi.cloud https://cookie-cdn.cookiepro.com/ https://cdn.cookielaw.org/ https://privacyportal.cookiepro.com/ https://www.facebook.com https://*.google-analytics.com/ 1
frame-ancestors 'self' datwyler.unily.com; 1
frame-ancestors https://www.suitableshop.com https://www.suitableshop.nl 1
upgrade-insecure-requests; child-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com; connect-src 'self' *.blumatica.it *.google-analytics.com *.facebook.net *.facebook.com www.google-analytics.com *.paypal.com *.gstatic.com https://*.cookiebot.com *.google.com *.doubleclick.net https://*.googlesyndication.com; default-src 'self' *.blumatica.it https://www.google-analytics.com 'unsafe-inline' www.safetyware.it *.gstatic.com; font-src 'self' *.blumatica.it *.googleapis.com *.gstatic.com; frame-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com *.google.com https://*.paypal.com assets.braintreegateway.com https://*.cookiebot.com https://td.doubleclick.net; img-src 'self' data: *.blumatica.it http://mailing.blumatica.it *.gstatic.com *.googleapis.com *.doubleclick.net https://www.google-analytics.com *.google.com *.google.it *.googletagmanager.com  *.paypal.com https://stats.g.doubleclick.net *.facebook.net *.facebook.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.youtube.com www.geolive.org *.paypalobjects.com; media-src 'self' *.blumatica.it https://www.youtube.com *.facebook.net *.facebook.com *.gstatic.com; script-src 'self' *.blumatica.it 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.paypal.com *.paypalobjects.com https://www.youtube.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://addsearch.com https://s7.searchcdn.com *.facebook.net *.facebook.com https://static.xx.fbcdn.net https://widget.manychat.com https://manychat.com https://*.hotjar.com https://mccdn.me https://*.cookiebot.com; style-src 'self' *.blumatica.it 'unsafe-inline' *.facebook.net *.facebook.com *.googleapis.com *.gstatic.com *.paypalobjects.com https://app.addsearch.com https://d20vwa69zln1wj.cloudfront.net; 1
frame-ancestors 'self' thankview.com cadets.com visitation.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.christopherobin.co.uk https://m.christopherobin.co.uk https://checkout.christopherobin.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://ln-rules.rewardstyle.com https://apps.storystream.ai http://platform.twitter.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors *.mooninvoice.com *.basecamp.com *.lugx.com.my 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://bolletta-energia.it/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sunbeam.city; img-src 'self' https: data: blob: https://sunbeam.city; style-src 'self' https://sunbeam.city 'nonce-NYySbxBRlxcfeNMFQTeXDg=='; media-src 'self' https: data: https://sunbeam.city; frame-src 'self' https:; manifest-src 'self' https://sunbeam.city; form-action 'self'; child-src 'self' blob: https://sunbeam.city; worker-src 'self' blob: https://sunbeam.city; connect-src 'self' data: blob: https://sunbeam.city https://sunbeam.city wss://sunbeam.city; script-src 'self' https://sunbeam.city 'wasm-unsafe-eval' 1
frame-ancestors y.co *.y.co 1
img-src 'self' blob: data: core-renderer-tiles.maps.yandex.net *.yandex.ru yandex.ru; default-src 'self' cdnjs.cloudflare.com *.yandex.ru yandex.ru *.yandex.net yastatic.net aem-group.ru rutube.ru fonts.gstatic.com player.vimeo.com fonts.googleapis.com unpkg.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors ccclib.org *.ccclib.org ccclib.bibliocms.com *.ccclib.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src ccclib.org *.ccclib.org ccclib.bibliocms.com *.ccclib.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bkk-dachverband.de https://stats.bkk-dachverband.de https://www.ims-cms.net; font-src 'self'; style-src 'self' 'unsafe-inline' https://www.bkk-dachverband.de ; img-src 'self' data: https://www.bkk-dachverband.de https://stats.bkk-dachverband.de; frame-src 'self' https://app.powerbi.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ims-cms.net; connect-src 'self' https://www.bkk-dachverband.de https://stats.bkk-dachverband.de https://www.ims-cms.net; media-src 'self'; 1
base-uri 'self'; default-src * data: blob:; form-action 'self'; frame-ancestors 'none'; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
frame-ancestors 'self' https://signage.vkf-renzel.de https://signage.allnet.de 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://josh.tel; img-src 'self' https: data: blob: https://josh.tel; style-src 'self' https://josh.tel 'nonce-fNDqBLUm6PpGBYyW5Rg8JQ=='; media-src 'self' https: data: https://josh.tel; frame-src 'self' https:; manifest-src 'self' https://josh.tel; form-action 'self'; child-src 'self' blob: https://josh.tel; worker-src 'self' blob: https://josh.tel; connect-src 'self' data: blob: https://josh.tel https://josh.tel wss://josh.tel; script-src 'self' https://josh.tel 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d3sbxpiag177w8.cloudfront.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://cdn.sympahr.net https://cdn-002.sympahr.net https://ekr.zdassets.com/compose/ https://*.zendesk.com/embeddable/ https://*.zendesk.com/ wss://*.zopim.com https://*.zopim.com/client/widget/ https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-002.sympahr.net https://cdn.sympahr.net;img-src 'self' * data:;media-src 'self' https://static.zdassets.com;frame-src 'self' https://sympahrproduction.b2clogin.com https://localhost:* https://www.youtube.com;font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com https://cdn.sympahr.net;connect-src 'self' https://manager-scheduler.sympahr.net https://app-trainingmgmt-8b8cdd2b5da7.azurewebsites.net https://sympahrproduction.b2clogin.com https://sympahr.net https://bam.eu01.nr-data.net wss://www.sympahr.net https://admin.sympahr.net https://datacard.sympahr.net https://cdn.sympahr.net https://dataimport.sympahr.net https://ekr.zdassets.com/compose/ https://*.zendesk.com/embeddable/ https://*.zendesk.com/ wss://*.zopim.com https://*.zopim.com/client/widget/ 1
default-src 'self' *.krxd.net *.visualstudio.com *.incontact.com/ a465.tirerewardcenter.com/ amn-michelin.blueconic.net/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.krxd.net *.msecnd.net *.googleapis.com *.gstatic.com *.google.com *.visualstudio.com *.incontact.com/ a465.tirerewardcenter.com/ amn-michelin.blueconic.net/ ; frame-ancestors 'self'; frame-src 'self' *.google.com/ *.incontact.com/ 1
upgrade-insecure-requests; frame-ancestors 'self' *.teams.microsoft.com *.skype.com; 1
default-src 'self' 'unsafe-inline' https://www.daiict.ac.in/ http://cdn.ckeditor.com https://twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com; img-src data: 'self' 'unsafe-inline' https://www.facebook.com https://www.daiict.ac.in/ http://cdn.ckeditor.com http://c.statcounter.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com; style-src 'self' http://chosen.css/ 'unsafe-inline' https://www.daiict.ac.in/ http://cdn.ckeditor.com http://c.statcounter.com https://fonts.googleapis.com  https://platform.twitter.com; font-src 'self' https://www.daiict.ac.in/ https://fonts.gstatic.com; script-src 'self' https://ajax.googleapis.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/  https://googleads.g.doubleclick.net/pagead/viewthroughconversion/744403828/ http://chosen.jquery.js/ 'unsafe-inline' 'unsafe-eval' https://www.daiict.ac.in/ http://cdn.ckeditor.com http://cdn.ckeditor.com http://c.statcounter.com https://www.youtube.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com; frame-src 'self' https://www.google.com/ https://www.daiict.ac.in/ https://platform.twitter.com https://drsr.daiict.ac.in https://www.youtube.com; object-src 'self' https://www.daiict.ac.in/; 1
default-src 'self' fonts.gstatic.com; base-uri 'self'; img-src 'self' data: stags.bluekai.com ups.analytics.yahoo.com dsum-sec-casalemedia.com ad.360yield.com eu-u.openx.net image2.pubmatic.com ib.adnxs.com cm.g.doubleclick.net pixel.mathtag.com www.facebook.com *.google-analytics.com www.google.com www.google.de maps.gstatic.com maps.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com maps.google.com maps.googleapis.com connect.facebook.net www.google-analytics.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com; connect-src 'self' stats.g.doubleclick.net maps.googleapis.com *.google-analytics.com www.facebook.com consentcdn.cookiebot.co consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com; frame-src 'self' youtube.co youtube.com www.youtube.com consentcdn.cookiebot.com humbaur.financingservices.de kgeltrailet1.valhalla55.stage.jobs2web.com; 1
script-src 'self' 'unsafe-inline' https://code.jquery.com/ https://cdn.jsdelivr.net/npm/ https://d1f8f9xcsvx3ha.cloudfront.net/ https://plausible.io/; sandbox allow-top-navigation allow-scripts allow-same-origin allow-forms allow-downloads; 1
default-src 'nonce-portal-css' 'self'; script-src-elem 'self' 'nonce-portal-css' 'nonce-RelevantID4' 'nonce-globalThis' 'nonce-splashScreen' 'nonce-serviceWorker' export.highcharts.com maps.googleapis.com cdn3.devexpress.com cs.imperium.com rvid.imperium.com code.highcharts.com; style-src-elem 'self' 'nonce-portal-css' 'nonce-dynamicStyle' cdn3.devexpress.com fonts.googleapis.com; style-src 'self' 'nonce-portal-css' 'nonce-dynamicStyle' cdn3.devexpress.com fonts.googleapis.com; connect-src 'self' api-gateway.reviewtrackers.com maps.googleapis.com cs.imperium.com rvid.imperium.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn3.devexpress.com; media-src 'self' acuraclientexperience.com toyotaexperience.ca; img-src 'self' rtx-source-icons.s3.amazonaws.com maps.googleapis.com maps.gstatic.com data: hondacustomerserviceexperience.com *.hondacustomerserviceexperience.com; frame-ancestors *.reflecx.io reflecx.io; trusted-types google-maps-api#html highcharts angular#bundler angular angular#unsafe-bypass angular#unsafe-jit; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.openstreetmap.org https://crm.novometgroup.com https://www.novometgroup.com https://www.gstatic.com/ https://www.youtube.com https://fonts.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://mc.yandex.ru https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google.ru; object-src 'none'; child-src https://www.novomet.ru https://www.novometgroup.com https://www.google.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' calendly.com stripe.com *.google-analytics.com connect.facebook.net recaptcha.net *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.clarity.ms *.googleadservices.com connect.facebook.net googleads.g.doubleclick.net snap.licdn.com web-in21.mxradon.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.cloudfront.net https://bimakavach-v2.s3.amazonaws.com *.bimakavach.com/blog px4.ads.linkedin.com *.google.co.in googleads.g.doubleclick.net www.facebook.com *.clarity.ms https://www.bimakavach.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self'; frame-src 'self' calendly.com; connect-src 'self' api.bimakavach.com *.clarity.ms analytics.google.com *.google-analytics.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' t1.daumcdn.net http://www18.ntis.go.kr https://www18.ntis.go.kr http://www.ntis.go.kr https://www.ntis.go.kr http://www.msit.go.kr https://www.msit.go.kr msip.go.kr filter1.nrf.re.kr cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com code.jquery.com fonts.googleapis.com www.ultraq.net.nz www.thymeleaf.org www.w3.org www.kri.go.kr www.facebook.com www.youtube.com youtube.be www.instagram.com stackpath.bootstrapcdn.com translate.googleapis.com www.google.com maps.googleapis.com maps.gstatic.com search.google.com khms0.googleapis.com khms1.googleapis.com sso.nrf.re.kr api.ebook.co.kr java.sun.com tiles.apache.org www.springframework.org s1.daumcdn.net spi.maps.daum.net map.daum.net www.eprivacy.or.kr www.tiny.cloud rawgit.com fonts.gstatic.com hotline.nrf.re.kr; img-src 'self' data: *; 1
default-src 'self' https://cdn.zp.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.job42.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru googleads.g.doubleclick.net *.gstatic.com https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://stats.seedr.com https.www.googleadservices.com https://hhcdn.ru https://hhcdn.ru https://*.hhcdn.ru https://*.hhcdn.ru https://hh.ru https://img.hhcdn.ru https://feedback.hh.ru data: https://i.giphy.com https://media.giphy.com  https://ad.adriver.ru https://connect.facebook.net https://analytics.google.com https://www.googletagmanager.com https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com https://statad.ru/pixel.gif  https://gum.criteo.com  https://www.journal.zarplata.ru https://*.adfox.ru https://yandex.ru/ https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://*.pyn.ru https://*.hh.ru https://p.adsymptotic.com https://px.ads.linkedin.com https://statsb.nativeroll.tv https://statsa.nativeroll.tv https://*.yandex.ru avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net https://static.zdassets.com  https://stats.seedr.com ; child-src 'self' *.job42.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://optimize.google.com https://yandex.ru https://yastatic.net https://www.youtube.com https://reklama.zp.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://*.adfox.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://cdn01.nativeroll.tv  https://www.google.com/recaptcha/ https://*.fls.doubleclick.net; style-src 'self' https://optimize.google.com https://feedback.hh.ru 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.zp.ru; script-src 'self' https://snap.licdn.com https://apis.google.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.googleadservices.com https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.zp.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net https://statad.ru/tracker.js https://feedback.hh.ru https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com https://*.adfox.ru https://code.createjs.com https://yandex.ru/ads/system/context.js https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.facebook.net https://*.facebook.com https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com https://*.maps.yandex.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' yastatic.net data: https://*.adfox.ru https://fonts.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src 'self' https://sgtm.zarplata.com https://hashproof.zp.ru https://analytics.google.com https://*.zp.ru https://*.zarplata.ru https://sentry.zp.ru https://*.job42.ru https://top-fwz1.mail.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://vk.com/rtrg  'self' https://zarplata.ghost.io https://*.adfox.ru https://api.rabota.ru https://yandex.ru https://stats.g.doubleclick.net https://*.facebook.com https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com https://*.pyn.ru https://*.hh.ru https://api.zarplata.ru https://hr.zarplata.ru https://*.yandex.ru yandex.st yastatic.net  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; upgrade-insecure-requests 1
frame-ancestors 'self' *.bancosantander.es; 1
default-src 'none';base-uri 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://*.helpscout.net https://*.facebook.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://use.fontawesome.com;img-src * data:;font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://use.fontawesome.com;connect-src *;manifest-src 'self';frame-src 'self' https://www.google.com https://td.doubleclick.net https://www.facebook.com;frame-ancestors 'self';report-uri https://logotournament.com/request-error-csp 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.hubspot.com/web-interactives-embed.js https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://www.googletagmanager.com/ https://js.hsforms.net https://cdn.mouseflow.com https://www.clarity.ms https://j.6sc.co/6si.min.js https://bat.bing.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://www.google-analytics.com/analytics.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.googletagmanager.com/gtag/js https://connect.facebook.net/en_US/fbevents.js https://consent.cookiebot.com https://translate-pa.googleapis.com/v1/supportedLanguages https://js.hs-analytics.net https://www.clickcease.com/monitor/stat.js https://fast.wistia.com/assets/external/channel.js https://fast.wistia.net/embed/channel/project/ijfa90r4bh.json https://js.hs-analytics.net/analytics/1670866200000/9360314.js https://js.hs-banner.com/v2/9360314/banner.js https://js.hs-scripts.com/9360314.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hsleadflows.net/leadflows.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.I_n1hHNKRQg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq1BaON9PeD_0qd-QgiiAO9yry5vg/m=el_main https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://translate.googleapis.com https://use.fontawesome.com https://www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com/ https://n2.mouseflow.com/ https://monitor.clickcease.com/ https://app.clearbit.com https://c.6sc.co/ https://api.hubapi.com/ https://forms.hscollectedforms.net/ https://monitor.clickcease.com/https://region1.analytics.google.com/ https://a.clarity.ms/ https://k.clarity.ms/collect https://www.google-analytics.com https://stats.g.doubleclick.net https://epsilon.6sense.com https://googleads.g.doubleclick.net https://ipv6.6sc.co https://secure.adnxs.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google.com/pagead/landing https://consentcdn.cookiebot.com https://www.facebook.com https://cdn.linkedin.oribi.io https://region1.google-analytics.com https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://fast.wistia.net https://forms.hubspot.com https://my.yoast.com https://pipedream.wistia.com https://translate.googleapis.com https://yoast.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fast.wistia.net https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://fast.wistia.com/ https://syniti.wistia.com/ https://www.youtube.com/ https://operations7.syniti.com/ https://syniti.ideas.aha.io/ https://forms.hsforms.com https://www.facebook.com https://consentcdn.cookiebot.com https://static.hsappstatic.net https://www.gartner.com; img-src 'self' data: https://www.google.co.uk/ads/ https://www.google.com/ads/ https://www.googletagmanager.com/ https://bat.bing.com https://www.google.com/ads https://www.google.co.uk/ads https://forms-na1.hsforms.com https://c.clarity.ms https://b.6sc.co https://www.google.com/pagead/landing https://www.google-analytics.com https://www.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://track.hubspot.com https://ajax.googleapis.com https://embed-ssl.wistia.com https://forms.hsforms.com https://reviews.static.gartner.com https://secure.gravatar.com https://www.gstatic.com https://www.solwininfotech.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; form-action 'self' https://crm.zoho.eu/crm/WebToLeadForm 1
frame-ancestors 'self' *.edpenergia.es  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleoptimize.com *.google-analytics.com *.youtube.com track.adform.net s2.adform.net *.facebook.net *.googleapis.com *.captcha.com *.google.com *.edp.pt *.facebook.com *.googletagmanager.com *.linkedin.com *.gstatic.com *.static.hotjar.com *.hotjar.com *.hotjar.io bywe2.byside.com bat.bing.com cdn.cookielaw.org *.onetrust.com *.glancecdn.net s3.amazonaws.com/glancecdn/* *.teads.tv *.licdn.com embed.typeform.com t.helion.exchange secure.adnxs.com ads-engagement.presage.io s.richmediastudio.com *.taboola.com *.clarity.ms c.bing.com *.visualwebsiteoptimizer.com *.vwo.com widget.trustpilot.com cdn.trustindex.io 1
frame-ancestors 'self' *.service.vic.gov.au service.vic.gov.au 1
frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: gap: 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' *.youtube.com *.google.com *.gstatic.com https://www.facebook.com https://pixel.mathtag.com https://*.hotjar.com https://*.hotjar.io https://consentcdn.cookiebot.com https://tsdtocl.com; connect-src 'self' *.google-analytics.com  https://yoast.com https://noembed.com *.plyr.io *.doubleclick.net https://www.facebook.com https://settings.luckyorange.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://www.google.com https://consentcdn.cookiebot.com https://analytics.google.com/ https://trc-events.taboola.com/ https://analytics.tiktok.com/api/v2/pixel https://k.clarity.ms/collect https://trc.taboola.com/ https://pips.taboola.com/ https://cds.taboola.com/ *.clarity.ms/; font-src 'self' data: https://use.typekit.net https://*.hotjar.com https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.w3-edge.com *.google.com *.gstatic.com *.youtube.com *.googletagmanager.com *.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://code.jquery.com https://d10lpsik1i8c69.cloudfront.net https://pixel.mathtag.com https://*.hotjar.com https://*.hotjar.io https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.taboola.com https://www.clarity.ms/ https://analytics.tiktok.com/ https://trc.taboola.com; style-src 'self' 'unsafe-inline' *.gstatic.com https://code.jquery.com; img-src 'self' data: blob: *.google-analytics.com *.w.org *.ytimg.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.br https://p.adsymptotic.com https://secure.gravatar.com https://qr-code.ithemes.com https://code.jquery.com https://www.googletagmanager.com https://cursopoliedro-hm1.websiteseguro.com https://pixel.mathtag.com https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://cds.taboola.com/ https://c.clarity.ms/c.gif https://c.bing.com/; default-src 'self' 1
connect-src *; default-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net; font-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net https://fonts.gstatic.com; img-src * https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com *.reviews.io data: blob:; media-src *.comparaonline.com https://res.cloudinary.com s3.amazonaws.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net *.youtube.com https://comparaonline-design.s3.amazonaws.com; frame-src *.youtube.com *.hotjar.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.facebook.com *.hsforms.com https://www.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.comparaonline.com *.comparaonline.cl https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net client.perimeterx.net *.youtube.com googleads.g.doubleclick.net https://*.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.googletagmanager.com connect.facebook.net bat.bing.com *.hotjar.com *.dwin1.com https://*.google.com https://cdn.segment.com https://purecatamphetamine.github.io http://js.hsforms.net/forms/embed/v2.js *.reviews.io *.visualwebsiteoptimizer.com tracking.bciplus.cl https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net https://optimize.google.com https://fonts.googleapis.com *.reviews.io data:; worker-src blob:; 1
frame-ancestors africarxiv.pubpub.org 1
frame-ancestors https://admin.hri.ie  https://www.hri.ie 1
default-src 'self'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://forms.hsforms.com https://e.issuu.com https://meetings.hubspot.com https://*.figma.com https://td.doubleclick.net https://www.youtube-nocookie.com; frame-ancestors 'self' https://app.contentful.com https://*.paperflite.com https://vital.io https://learn.vital.io; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://fpnpmcdn.net https://fpjscdn.net https://js.hs-scripts.com http://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com ; connect-src 'self' https://*.fptls.com https://*.fptls4.com https://api.fpjs.io https://*.api.fpjs.io https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://forms.hsforms.com https://api.hubapi.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://*.s3-accelerate.amazonaws.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com/wa/ ; worker-src blob:; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: https://forms.hsforms.com https://forms-na1.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
frame-ancestors 'self' https://*.vero.co.nz; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.tascam.eu *.google-analytics.com *.googletagmanager.com *.zdassets.com *.zendesk.com *.facebook.net; img-src data: *.facebook.com blob: 'self' *.tascam.eu *.google-analytics.com; style-src 'self' 'unsafe-inline'; media-src 'self' *.youtube-nocookie.com *.ytimg.com *.tascam.eu; object-src 'self' *.youtube-nocookie.com *.ytimg.com *.tascam.eu; frame-ancestors 'self'; frame-src 'self' *.youtube-nocookie.com *.ytimg.com *.soundcloud.com *.tascam.eu; connect-src 'self' *.facebook.net *.facebook.com *.zdassets.com *.zendesk.com https://wp-tascam *.tascam.eu; 1
frame-ancestors 'none'; report-uri https://612d04a5404dc57901db4f2e.endpoint.csper.io 1
default-src 'self'; frame-src 'self' https://pitc-posa-prod.ocp.cloudscale.puzzle.ch/puzzle/activity https://www.youtube.com https://www.openstreetmap.org https://www.gstatic.com https://www.google.com https://widget.allourideas.org https://unpkg.com https://assets7.lottiefiles.com; font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.puzzle.ch https://www.google.com https://www.gstatic.com https://unpkg.com https://assets7.lottiefiles.com; connect-src 'self' https://unpkg.com https://assets7.lottiefiles.com https://matomo.puzzle.ch; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self';   script-src 'self'  'unsafe-inline' 'unsafe-eval' https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.youtube.com scout-cdn.salesloft.com tools.luckyorange.com https://*.6sc.co trk.techtarget.com tag.clearbitscripts.com https://*.terminus.services https://www.googleoptimize.com x.clearbitjs.com app.clearbit.com reveal.clearbit.com https://*.hubspot.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://connect.facebook.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hscta.net https://*.hsforms.net https://*.hsforms.com https://js.hsleadflows.net https://platform.linkedin.com https://platform.twitter.com https://*.stackadapt.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://vidassets.terminus.services https://www.googletagmanager.com  https://www.google-analytics.com https://cdn2.hubspot.net https://js.hs-scripts.com https://js.hs-banner.net https://static.hsappstatic.net https://js.hubspotfeedback.com https://js.usemessages.com https://*.vidyard.com  https://*.clearbitscripts.com https://*.clearbitjs.com https://ws.zoominfo.com;   style-src 'self'  'unsafe-inline' https://*.stackadapt.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://static.hsappstatic.net;   object-src 'none';   base-uri 'self';   connect-src 'self' https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.stackadapt.com https://*.googleapis.com https://*.visitors.live wss://*.luckyorange.com wss://*.visitors.live https://*.oribi.io https://*.hotjar.io https://*.techtarget.com scout.salesloft.com https://*.luckyorange.com https://secure.adnxs.com https://*.6sc.co https://api.hubapi.com https://cta-service-cms2.hubspot.com/ https://js.hs-banner.com/ https://cp.hubspot.com https://forms.hubspot.com https://*.hotjar.com wss://*.hotjar.com https://feedback.hubapi.com  https://www.googletagmanager.com  https://www.google-analytics.com  https://stats.g.doubleclick.net https://forms.hsforms.com https://lottie.host https://unpkg.com  http://localhost:1442/check-if-local-dev-server https://app.clearbit.com;   font-src 'self' https://fonts.gstatic.com https://*.hubspotusercontent-na1.net https://cdnjs.cloudflare.com;   frame-src 'self' https://*.youtube.com https://forms.hsforms.com https://platform.twitter.com https://player.vimeo.com https://vars.hotjar.com https://*.vidyard.com;   img-src 'self' data: https://*.googletagmanager.com/ https://*.linkedin.com scout.salesloft.com https://*.luckyorange.com https://secure.adnxs.com https://*.6sc.co https://*.techtarget.com https://perf.hsforms.com/ https://p.adsymptotic.com/ https://no-cache.hubspot.com/ https://secure.adnxs.com/ https://s.ml-attr.com/ https://attr.ml-api.io/ https://*.hubspotusercontent-na1.net https://forms.hsforms.com https://*.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://wec-assets.terminus.services https://*.vidyard.com https://www.google-analytics.com https://www.google.com https://match.adsrvr.org https://wec-assets-api.terminus.services;   manifest-src 'self';  media-src 'self'; worker-src ‘self; prefetch-src 'self' https://static.hsappstatic.net https://fonts.googleapis.com https://fonts.gstatic.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' s3-us-west-2.amazonaws.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.animaapp.com; frame-src data: https://www.youtube-nocookie.com ; frame-ancestors 'none' ; connect-src 'self' https://lliam-test.lostlemon.nl https://lliam.lostlemon.nl https://www.google-analytics.com 1
frame-ancestors 'self' https://vle.preprd.sls.ufinity.com https://vle.sandbox.sls.ufinity.com https://vle.learning.moe.edu.sg 1
default-src 'nonce-strict-dynamic' 'unsafe-inline'; style-src 'self' 'unsafe-inline' http: https: ; font-src 'self' 'unsafe-inline' http: http: data:; media-src * blob:; worker-src * 'unsafe-inline'; img-src * blob: data:; form-action 'unsafe-inline' 'unsafe-eval' 'self' https://payment.ipay88.com.ph https://www.facebook.com/tr/; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; frame-src 'self' https://docs.google.com/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://player.vimeo.com https://tags.tiqcdn.com/ https://mookie1.com/ https://cdn-akamai.mookie1.com/ https://www.facebook.com/; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com consent.cookiebot.com *.googleapis.com code.jquery.com maxcdn.bootstrapcdn.com *.cookielaw.org *.onetrust.com str.melitta-group.com; img-src 'self' *.google-analytics.com *.cookielaw.org data: maps.gstatic.com *.googleapis.com *.ggpht.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.onetrust.io *.onetrust.com *.googleapis.com *.cookielaw.org consentcdn.cookiebot.com; frame-src 'self' *.melitta.com str.melitta-group.com 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: teveo.cu cdn.teveo.cu icecast.teveo.cu www.google.com www.gstatic.com fonts.gstatic.com stats.rsa.icrt.cu 1
frame-ancestors 'self' https://codehs.com https://*.codehs.com https://beatsunlocked.fb.com; 1
frame-ancestors 'self' https://*.graceframe.com 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: https://discuss.techlore.tech 'self'; connect-src https://*.techlore.tech https://raw.githubusercontent.com 'self'; frame-src https://www.youtube-nocookie.com https://*.techlore.tech; frame-ancestors 'self'; manifest-src 'self'; 1
default-src 'self' fonts.gstatic.com; img-src * data: blob:; media-src *; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com; frame-src 'self' blob:; connect-src 'self' www.google-analytics.com *.googleapis.com 127.0.0.1:47290 *.sigwebtablet.com:47290 1
report-uri https://petrostar.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://cdn.pubnub.com https://consent.cookiefirst.com; frame-ancestors 'none' 1
form-action *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-XXT2CW25t2CrwGMrgXZhmO9DFr2HjBSfOZllo/HCXP5TkWi5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morainepark.edu cse.google.com partner.googleservices.com www.google.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com tag.simpli.fi www.gstatic.com sc-static.net tr.snapchat.com embedr.flickr.com widgets.flickr.com www.youtube.com tag.brandcdn.com adservices.brandcdn.com polyfill.io use.fontawesome.com secure.adnxs.com player.vimeo.com collector-30227.us.tvsquared.com; frame-src 'self' *.morainepark.edu www.youtube.com www.youtube-nocookie.com player.vimeo.com *.fls.doubleclick.net td.doubleclick.net www.facebook.com www.google.com insight.adsrvr.org *.cloudfront.net adservices.brandcdn.com cse.google.com cdn.yoshki.com community.instructuremedia.com tr.snapchat.com; object-src 'self'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.userzoom.com www.recaptcha.net maps.googleapis.com *.hotjar.com wss://*.hotjar.com *.hotjar.io analytics-au.clickdimensions.com *.adform.net bat.bing.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.com.sg *.salecycle.com *.teads.tv *.yimg.com insight.adsrvr.org js.adsrvr.org secure.quantserve.com api.ipify.org *.visualstudio.com *.adyen.com *.2c2p.com https://libjs.s4mdsp.com/pa.js *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com dc.services.visualstudio.com rt.services.visualstudio.com www.surveygizmo.eu widgixeu-beacon.s3.amazonaws.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com widgets-ssr.photorank.me data.photorank.me *.olapic-cdn.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src https: 'unsafe-hashes';font-src https: data:;img-src https: data:;style-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://cdn.yoshki.com; script-src 'unsafe-eval' 'unsafe-inline' https: https://www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.uk https://*.linkedin.com https://*.episerver.net https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://i.ytimg.com https://*.cloudfront.net; connect-src https: data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://player.vimeo.com https://bid.g.doubleclick.net *.google.com youtube.com www.youtube.com spotify.com podbean.com www.spotify.com www.podbean.com; worker-src 'self' blob: ; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.banq.qc.ca/report-uri/enforce 1
content="default-src https: 'unsafe-eval' 'unsafe-inline'" 1
frame-ancestors https://*.kundelik.kz 1
frame-ancestors 'self' *.mybet.de *.regily.de *.wetten.de wetten.de 1
default-src 'self';   img-src 'self' data: *.google.com www.google-analytics.com *.googleapis.com *.ggpht.com *.gstatic.com *.googleusercontent.com https://stats.g.doubleclick.net http://maps.google.com https://sp-ao.shortpixel.ai https://www.ssa.gov https://secure.gravatar.com www.googletagmanager.com;   style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com https://www.ssa.gov;   font-src 'self' data: *.google.com *.googleapis.com *.gstatic.com https://sp-ao.shortpixel.ai;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.google-analytics.com *.googleapis.com *.ggpht.com *.gstatic.com https://stats.g.doubleclick.net http://maps.google.com/ https://www.ssa.gov www.googletagmanager.com;  connect-src www.google-analytics.com https://stats.g.doubleclick.net;    frame-src 'self' *.google.com www.google-analytics.com *.googleapis.com *.ggpht.com *.gstatic.com https://stats.g.doubleclick.net http://maps.google.com/ *.vimeo.com https://secure.gravatar.com https://www.youtube.com;    object-src 'none';  frame-ancestors 'self';  form-action 'self';  upgrade-insecure-requests;  block-all-mixed-content; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.segment.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.bazaarvoice.com c.lytics.io analytics.tiktok.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com c.lytics.io feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.doubleclick.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com c.lytics.io s.amazon-adsystem.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.doubleclick.net https://pglavenus.jebbit.com consumersupport.pg.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src *.clarity.ms c.bing.com; connect-src *.picturepark.com *.moin.ai *.herofil.es *.oribi.io *.docu.info *.google.com *.usercentrics.eu *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com wss://*.moin.ai *.analytics.google.com *.google-analytics.com *.salesmanago.pl backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com wss://directline.botframework.com directline.botframework.com maps.googleapis.com pixel.mathtag.com scnem3.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com static.mailerlite.com stats.g.doubleclick.net storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com t.leady.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com; font-src 'self' *.moin.ai *.hotjar.com *.hotjar.io fonts.gstatic.com data:; frame-src * *.usercentrics.eu; img-src 'self' *.picturepark.com *.herofil.es data: *.fls.doubleclick.net *.hotjar.com *.hotjar.io *.privacysandbox.googleadservices.com *.usercentrics.eu *.ytimg.com *.salesmanago.pl *.clarity.ms *.moin.ai *.oribi.io *.bing.com 10714483.fls.doubleclick.net backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com c.seznam.cz cbks0.googleapis.com dmp.adform.net facebook.com *.analytics.google.com *.google-analytics.com googleads.g.doubleclick.net lh3.ggpht.com maps.google.com maps.googleapis.com *.gstatic.com maps.gstatic.com pixel.mathtag.com px.ads.linkedin.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com static.mailplus.nl stats.g.doubleclick.net storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com tagmanager.google.com track.mailerlite.com upload.wikimedia.org www.facebook.com www.google.com www.google.de www.google.nl www.googletagmanager.com *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.docu.info *.hotjar.com *.hotjar.io *.usercentrics.eu *.ytimg.com *.clarity.ms *.getsitecontrol.com *.adform.net backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com c.imedia.cz c.bing.com connect.facebook.net *.analytics.google.com *.google-analytics.com googleads.g.doubleclick.net googletagmanager.com maps.googleapis.com pixel.mathtag.com restapi.mailplus.nl s2.adform.net static.mailerlite.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com snap.licdn.com storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com t.leady.com tagmanager.google.com track.adform.net www.seznam.cz www.googleadservices.com www.googletagmanager.com www.salesmanago.pl www.youtube.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com *.seznam.cz *.mailocator.com *.moin.ai bat.bing.com *.oribi.io *.herofil.es; style-src *.moin.ai 'self' 'unsafe-inline' *.mailerlite.com  fonts.googleapis.com static.mailerlite.com www.googletagmanager.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';font-src * data:;img-src * data:;base-uri 'self';manifest-src 'self' blob: 1
block-all-mixed-content; frame-ancestors *.eletrorastro.com.br 1
font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.0/themes/default/assets/fonts/ https://www.exxosforum.co.uk/forum/assets/fonts/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; default-src 'self'  'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://maps.googleapis.com/maps/api/ https://exxosforum.co.uk https://www.exxosforum.co.uk; img-src https://cdn.jsdelivr.net/npm/ https://maps.gstatic.com https://www.amazon.com 'self'  https://exxosforum.co.uk https://www.exxosforum.co.uk https://i.ytimg.com https://twemoji.maxcdn.com github data: ; script-src https://www.gstatic.com/recaptcha/releases/ https://www.recaptcha.net/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'  https://maps.google.com http://ajax.googleapis.com/ http://ajax.microsoft.com/ http://maps.google.com/maps/api/ *.googleapis.com https://js.stripe.com/v3/ ; object-src 'self'; frame-src https://www.recaptcha.net/ https://www.dailymotion.com https://*.assoc-amazon.com 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://vimeo.com/ https://js.stripe.com/v3/ https://store.steampowered.com youtube.com www.youtube.com https://*.github.io/;  1
default-src 'none';       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.infobip.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com cdn.schemaapp.com d2oh4tlt9mrke9.cloudfront.net s.yimg.com connect.facebook.net cdn.clare.ai www.googletagmanager.com www.google.com www.gstatic.com ws.sessioncam.com data.schemaapp.com www.instagram.com ;      connect-src 'self' https://*.infobip.com  wss://*.infobip.com api-staging.clare.ai api-live.clare.ai ws.sessioncam.com www.google-analytics.com *.google.com stats.g.doubleclick.net data.schemaapp.com s.yimg.com;      img-src 'self' data: cdn.clare.ai googletagmanager.com www.google-analytics.com sp.analytics.yahoo.com ws.sessioncam.com www.facebook.com www.google.com www.google.com.my *.cloudfront.net;       style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.clare.ai;       frame-ancestors 'self' https://*.infobip.com;       form-action 'self' www.facebook.com;       font-src 'self' data: fonts.gstatic.com;       media-src 'self' cdn.clare.ai;       manifest-src 'self' cdn.clare.ai;       frame-src 'self' https://*.infobip.com www.google.com www.facebook.com bid.g.doubleclick.net www.youtube.com www.instagram.com td.doubleclick.net 1
frame-ancestors https://*.buxfer.com https://*.flagstoneinitiative.org https://*.duda.co https://*.responsivewebsitebuilder.io 1
connect-src 'self' https://*.googleapis.com https://sse.remotedesk.me https://app.verificient.com https://app.verificient.com:54545 https://*.verificient.com https://www.google-analytics.com https://www.freshbots.ai/ticket/ https://www.freshbots.ai/customer/ https://www.google-analytics.com/ https://rts-us.freshworksapi.com/ wss://rts-us.freshworksapi.com/ wss://ws-mt1.pusher.com/ https://cdn.freshbots.ai/ https://www.googleapis.com/identitytoolkit/ https://*.firebaseio.com/ wss://*.firebaseio.com/ https://securetoken.googleapis.com/v1/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/ wss://sse.remotedesk.me/ws/; font-src 'self' fonts.gstatic.com https://remotedeskstatic.storage.googleapis.com/ https://cdnjs.cloudflare.com/ https://*.bootstrapcdn.com https://cdnjs.cloudflare.com/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; object-src 'none'; img-src https://*.bootstrapcdn.com https://www.google-analytics.com/ https://cdn.freshbots.ai/assets/ https://img.icons8.com https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/ https://*.storage.googleapis.com/ https://storage.googleapis.com/ https://remotedeskstatic.storage.googleapis.com/ https://tracking.leadlander.com/ https://*.amazonaws.com/ https://remotedesk-protected.verificient.com/ 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline' https://*.bootstrapcdn.com https://*.freshchat.com/ https://cdnjs.cloudflare.com/ https://unpkg.com https://cdn.freshbots.ai/assets/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; frame-src 'self' https://www.google.com https://*.firebaseio.com/; default-src 'self' https://sse.remotedesk.me https://*.verificient.com 'nonce-ZYVNUGV4bK1q8gv4'; script-src 'self' 'unsafe-eval' https://cdn.ywxi.net/ https://formalyzer.com/ https://t.sf14g.com/ https://www.google-analytics.com/ https://*.bootstrapcdn.com https://img.icons8.com https://www.google.com https://www.gstatic.com https://cdn.freshbots.ai/assets/share/js/freshbots.min.js https://www.freshbots.ai/customer/v3/combined-init/ http://stats.pusher.com/timeline/v2/jsonp/1 https://js.stripe.com/v3/ https://cdnjs.cloudflare.com/ajax/ https://*.firebaseio.com/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; media-src https://*.storage.googleapis.com/ https://storage.googleapis.com/ https://*.amazonaws.com/ https://remotedesk-protected.verificient.com/ 'self' 1
base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'self'; img-src 'self' *.google-analytics.com/ *.consentmanager.net/; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com/ *.consentmanager.net/ *.googletagmanager.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; frame-src 'self' *.matterport.com/ *.youtube-nocookie.com/ *.consentmanager.net/; connect-src *.google-analytics.com/ 'self'; 1
frame-src 'self' https://promerica.com.do https://www.google.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' analytics.audioeye.com blob: consent.cookiebot.com consentcdn.cookiebot.com fonts.gstatic.com learn.limeade.com info.webmdhealthservices.com secure.gravatar.com wsmcdn.audioeye.com wsv3cdn.audioeye.com www.googletagmanager.com analytics.google.com api.ipdata.co bat.bing.com cdn.bizible.com cdn.bizibly.com cl.qualaroo.com connect.facebook.net js.zi-scripts.com munchkin.marketo.net s.adroll.com scout-cdn.salesloft.com scout.salesloft.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net tag.demandbase.com ws-assets.zoominfo.com ws.zoominfo.com www.clarity.ms www.google-analytics.com www.google.com 269-nzg-444.mktoresp.com adservice.google.com analytics.twitter.com api.company-target.com c.clarity.ms cdn.linkedin.oribi.io d.adroll.com dntcl.qualaroo.com id.rlcdn.com ipv4.d.adroll.com px.ads.linkedin.com t.co www.facebook.com www.google.com.co x.clarity.ms fonts.googleapis.com s3.amazonaws.com turbo.qualaroo.com v.clarity.ms p.clarity.ms r.clarity.ms region1.analytics.google.com self w.clarity.ms www.google.de www.google.ie o.clarity.ms s.clarity.ms u.clarity.ms www.google.co.in www.google.com.au www.google.com.na www.youtube.com y.clarity.ms googleads.g.doubleclick.net segments.company-target.com gtm.limeade.com *.clarity.ms c.bing.com *.googletagmanager.com *.hsforms.com *.tinypulse.com *.hubspot.com *.webmdhealthservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' learn.limeade.com *.googletagmanager.com api.ipdata.co consent.cookiebot.com wsmcdn.audioeye.com wsv3cdn.audioeye.com bat.bing.com cdn.bizible.com cl.qualaroo.com connect.facebook.net consentcdn.cookiebot.com d.adroll.com js.zi-scripts.com lex.33across.com munchkin.marketo.net s.adroll.com scout-cdn.salesloft.com snap.licdn.com static.ads-twitter.com tag.demandbase.com turbo.qualaroo.com ws-assets.zoominfo.com ws.zoominfo.com www.clarity.ms www.google-analytics.com code.jquery.com unpkg.com js.hsforms.net www.youtube.com schedule.zoominfo.com ucads-cdn.ucweb.com js.hscta.net www.googleadservices.com tagmanager.google.com gtm.limeade.com ssl.google-analytics.com www.google.com googleads.g.doubleclick.net d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net www.googleoptimize.com optimize.google.com *.googleapis.com *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hsleadflows.net *.visualwebsiteoptimizer.com app.vwo.com *.webmdhealthservices.com; script-src-elem 'self' 'unsafe-inline' bat.bing.com cdn.bizible.com cl.qualaroo.com code.jquery.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com d.adroll.com js.zi-scripts.com learn.limeade.com info.webmdhealthservices.com munchkin.marketo.net s.adroll.com scout-cdn.salesloft.com snap.licdn.com static.ads-twitter.com tag.demandbase.com unpkg.com ws-assets.zoominfo.com ws.zoominfo.com wsmcdn.audioeye.com wsv3cdn.audioeye.com www.clarity.ms www.google-analytics.com www.googletagmanager.com lex.33across.com turbo.qualaroo.com api.ipdata.co js.hscta.net www.google.com www.googleadservices.com www.youtube.com js.hsforms.net www.googleoptimize.com optimize.google.com *.googleapis.com *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hsleadflows.net *.visualwebsiteoptimizer.com app.vwo.com *.webmdhealthservices.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' learn.limeade.com info.webmdhealthservices.com fonts.googleapis.com unpkg.com wsv3cdn.audioeye.com www.gstatic.com gtm.limeade.com tagmanager.google.com *.googletagmanager.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; style-src-elem 'self' 'unsafe-inline' learn.limeade.com info.webmdhealthservices.com unpkg.com fonts.googleapis.com wsv3cdn.audioeye.com www.gstatic.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; style-src-attr 'unsafe-inline'; img-src 'self' data: analytics.twitter.com bat.bing.com c.clarity.ms cdn.bizible.com cdn.bizibly.com d.adroll.com id.rlcdn.com ipv4.d.adroll.com px.ads.linkedin.com t.co www.facebook.com *.google-analytics.com www.google.com s3.amazonaws.com secure.gravatar.com www.google.com.bd www.google.nl www.google.co.uk www.google.ca www.google.pl c.bing.com www.google.co.ke *.googletagmanager.com cm.g.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com ib.adnxs.com image2.pubmatic.com pixel.rubiconproject.com segments.company-target.com sync.outbrain.com sync.taboola.com ups.analytics.yahoo.com us-u.openx.net www.google.com.au www.google.se x.bidswitch.net www.google.co.id adservice.google.com analytics.google.com forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.ae www.google.ch www.google.co.in www.google.co.tz www.google.co.ug www.google.co.za www.google.com.bn www.google.com.my www.google.com.ng www.google.com.np www.google.com.ph www.google.com.sa www.google.com.sg www.google.de www.google.es www.google.it www.linkedin.com www.google.com.vn www.google.tt px4.ads.linkedin.com translate.google.com www.google.at www.google.be www.google.bf www.google.cn www.google.co.bw www.google.co.jp www.google.co.nz www.google.co.th www.google.com.do www.google.com.eg www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.na www.google.com.pa www.google.com.pk www.google.dk www.google.dm www.google.fr www.google.hn www.google.ie www.google.is www.google.jo www.google.lk www.google.mw www.google.no www.google.pt www.google.rs www.google.ru www.google.si www.gstatic.com mm-static.mustcheck.com scout.us1.salesloft.com www.google.cl www.google.co.cr www.google.co.kr www.google.co.uz www.google.com.bh www.google.com.bo www.google.com.br www.google.com.cu www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mx www.google.com.pe www.google.com.qa www.google.com.tr www.google.com.tw www.google.ee www.google.fi www.google.gy www.google.hu www.google.kz www.google.lt www.google.ro www.google.rw gtm.limeade.com ssl.gstatic.com *.g.doubleclick.net *.google.com s.adroll.com d.adroll.mgr.consensu.org p.adsymptotic.com pixel.advertising.com simage2.pubmatic.com snap.licdn.com trc.taboola.com ads.yahoo.com connect.facebook.net idsync.rlcdn.com fonts.gstatic.com *.tinypulse.com optimize.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; font-src 'self' data: fonts.gstatic.com wsv3cdn.audioeye.com chrome-extension mm-static.mustcheck.com; connect-src 'self' 269-nzg-444.mktoresp.com 269-nzg-444.mktoutil.com analytics.audioeye.com analytics.google.com api.company-target.com cdn.linkedin.oribi.io consentcdn.cookiebot.com js.zi-scripts.com learn.limeade.com info.webmdhealthservices.com n.clarity.ms scout.salesloft.com stats.g.doubleclick.net ws.zoominfo.com www.facebook.com www.google.com adservice.google.com i.clarity.ms www.google-analytics.com bat.bing.com v.clarity.ms p.clarity.ms g.clarity.ms region1.analytics.google.com x.clarity.ms o.clarity.ms q.clarity.ms s.clarity.ms z.clarity.ms u.clarity.ms w.clarity.ms t.clarity.ms e.clarity.ms a.clarity.ms j.clarity.ms r.clarity.ms d.clarity.ms googleads.g.doubleclick.net y.clarity.ms b.clarity.ms forms.hsforms.com h.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms segments.company-target.com www.google.co.uk www.google.com.au www.google.ca www.google.com.vn f.clarity.ms gjtrack.ucweb.com plugin.ucads.ucweb.com www.google.co.id www.google.co.jp translate.googleapis.com www.google.co.za www.google.com.br www.google.com.mx www.google.com.ng www.google.com.tw www.google.es www.google.ie *.google-analytics.com *.analytics.google.com *.googletagmanager.com gtm.limeade.com *.g.doubleclick.net *.google.com www.google.lt *.googlesyndication.com *.demandbase.com *.hubapi.com js.hscta.net *.hs-banner.com *.hubspot.com *.visualwebsiteoptimizer.com app.vwo.com *.linkedin.com; object-src 'self'; child-src consentcdn.cookiebot.com learn.limeade.com info.webmdhealthservices.com wsv3cdn.audioeye.com dntcl.qualaroo.com open.spotify.com www.youtube.com embed.ted.com www.facebook.com null www.googletagmanager.com gtm.limeade.com; frame-src consentcdn.cookiebot.com dntcl.qualaroo.com learn.limeade.com info.webmdhealthservices.com wsv3cdn.audioeye.com www.facebook.com www.googletagmanager.com www.youtube.com embed.ted.com null open.spotify.com www.slideshare.net gtm.limeade.com bid.g.doubleclick.net *.googletagmanager.com *.company-target.com *.hsforms.com optimize.google.com *.hubspot.com *.hs-sites.com app.vwo.com *.visualwebsiteoptimizer.com *.doubleclick.net; worker-src 'self' blob:; form-action 'self' www.facebook.com *.hsforms.com; upgrade-insecure-requests 1
default-src * 'unsafe-inline' data: https:;img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src  'self' 'unsafe-inline' *; 1
frame-ancestors 'self' https://kovcheg.live; 1
default-src 'self'; script-src https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://home-c36.nice-incontact.com https://polyfill.io https://dl.episerver.net https://connect.facebook.net https://snap.licdn.com https://ecommerce-api-uat.versapay.com https://ecommerce-api.versapay.com https://az416426.vo.msecnd.net https://s7.addthis.com https://cdn.jsdelivr.net https://js.zi-scripts.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://www.gstatic.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://apps.elfsight.com https://bat.bing.com https://www.clarity.ms https://static.mobilemonkey.com https://oc-cdn-ocprod.azureedge.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://fast.fonts.net https://fonts.googleapis.com https://i.icomoon.io https://dl.episerver.net https://js.zi-scripts.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://oc-cdn-ocprod.azureedge.net 'self' 'unsafe-inline'; img-src https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.youtube.com https://i.ytimg.com https://*.linkedin.com https://www.facebook.com https://dl.episerver.net https://impressionsmagazine.com https://profilemagazine.com https://www.asicentral.com https://js.zi-scripts.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://m.worldemblem.com https://bat.bing.com 'self' blob: data:; font-src https://i.icomoon.io https://fonts.gstatic.com 'self' data:; media-src data: 'self'; connect-src https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://js.zi-scripts.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://assets-usa.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-usa.mkt.dynamics.com https://*.clarity.ms https://bat.bing.com https://*.omnichannelengagementhub.com 'self' wss:; frame-src https://home-c36.nice-incontact.com https://online.anyflip.com https://www.youtube.com https://www.google.com https://*.versapay.com https://js.zi-scripts.com https://*.zoominfo.com https://td.doubleclick.net https://oc-cdn-ocprod.azureedge.net 'self'; 1
script-src 'strict-dynamic' https: 'self' 'nonce-aWEsehK1dEDlT9c6ZyW5SVoVrlYrl2ZPJpZYafnDz2k='; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors https://www.findmyshift.co.uk 1
default-src 'self';connect-src 'self' app.wealthica.com api.wealthica.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io www.google-analytics.com analytics.google.com stats.g.doubleclick.net www.facebook.com *.wisepops.com desk.wealthica.com app.getwisp.co *.convertbox.com convertbox.com cdn-cookieyes.com log.cookieyes.com;font-src 'self' data: fonts.gstatic.com *.wistia.com *.convertbox.com convertbox.com fonts.bunny.net;frame-src 'self' https://vezgo.com www.facebook.com www.youtube.com desk.wealthica.com app.getwisp.co *.convertbox.com convertbox.com;frame-ancestors 'none';img-src 'self' data: https:;media-src 'self' blob: *.wistia.com embedwistia-a.akamaihd.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.iubenda.com cdn.iubenda.com www.googleoptimize.com *.wistia.com www.google-analytics.com www.googletagmanager.com cdn.mxpnl.com static.ads-twitter.com connect.facebook.net polyfill.io *.wisepops.com app.getwisp.co desk.wealthica.com *.convertbox.com convertbox.com cdn-cookieyes.com;style-src 'self' 'unsafe-inline' www.googleoptimize.com fonts.googleapis.com *.convertbox.com convertbox.com cdn-cookieyes.com fonts.bunny.net;worker-src 'self' blob:;upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: i.ytimg.com www.mcap.com www.youtube.com www.google.de analytics.google.com kraken.rfamortgages.com www.google-analytics.com www.google.co.uk www.google.fr *.facebook.net ajax.aspnetcdn.com *.adobe.com www.google.ca *.gstatic.com *.alicdn.com professor.mcap.com youtube.com mcap.com code.jquery.com www.googletagmanager.com www.google.com browser-update.org img.youtube.com www.google.com.au *.facebook.com mbs.icicibank.ca *.doubleclick.net *.googleapis.com region1.analytics.google.com cdn.honey.io cdn.jsdelivr.net region1.google-analytics.com; frame-ancestors 'self' www.mamaison.mcap.com www.myhome.mcap.com ;  1
frame-ancestors 'self' thmedialtd.com ysense.com easyhits4u.com 10khits.com neobux.com cashtravel.info trafficg.com trafficmonsoon.net; 1
default-src 'self' data: blob: apikeys.civiccomputing.com cloudflareinsights.com player.vimeo.com recruitingbypaycor.com www.google.com formspree.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'  player.vimeo.com vimeo.com cc.cdn.civiccomputing.com static.cloudflareinsights.com blob: afinti.com newton.newtonsoftware.com recruitingbypaycor.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: afinit.com sp-ao.shortpixel.ai i.vimeocdn.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline' data: https://www.hearusa.com *.adsrvr.org *.amazonaws.com *.applicationinsights.azure.com *.azureedge.net *.azurewebsites.net *.clarity.ms *.clickdimensions.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hearusa.com *.mouseflow.com *.newrelic.com *.nr-assets.net *.nr-data.net *.nr-ext.net *.omnichannelengagementhub.com *.pinterest.com *.piwik.pro *.shoeboxonline.com *.sleeknote.com *.trustarc.com *.wsa.com *.youtube.com https://app.sleeknote.com https://cd.wsa-retail.localhost https://cdn.dni.nimbata.com https://cm.wsa-retail.localhost https://maps.googleapis.com https://oc-cdn-ocprod.azureedge.net https://www.wsa-retail.localhost; img-src 'self' data: *.adsrvr.org *.amazonaws.com *.azureedge.net *.clickdimensions.com *.cloudflare.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hearusa.com *.mouseflow.com *.pinterest.com *.piwik.pro *.sleeknote.com *.trustarc.com *.truste.com *.ytimg.com https://bat.bing.com https://cdn.dni.nimbata.com https://www.wsa-retail.localhost; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adsrvr.org *.amazonaws.com *.azureedge.net *.azurewebsites.net *.clickdimensions.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hearusa.com *.mouseflow.com *.newrelic.com *.nr-assets.net *.nr-data.net *.nr-ext.net *.omnichannelengagementhub.com *.pinimg.com *.pinterest.com *.piwik.pro *.sleeknote.com *.trustarc.com *.wsa.com https://bat.bing.com https://cdn.dni.nimbata.com https://oc-cdn-ocprod.azureedge.net shoeboxonline.com; style-src 'self' 'unsafe-inline' https://www.hearusa.com *.azureedge.net *.google.com *.googleapis.com *.hearusa.com *.mouseflow.com *.sleeknote.com https://oc-cdn-ocprod.azureedge.net 1
default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.jnjbrasil.com.br *.cdn.cookielaw.org *.onetrust.com *.pagead2.googlesyndication.com geolocation.onetrust.com *.facebook.net *.google.com.br *.google.com *.doubleclick.net *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com data: *.newrelic.com *.jnjbrasil.com.br *.jnjbrasil.com *.virtualinteractions.com.br *.salesforceliveagent.com *.retargetly.com  *.mathtag.com *.sitescout.com *.doubleclick.net *.tapad.com *.bluekai.com *.adsrvr.org *.adnxs.com *.pubmatic.com *.teads.tv *.smartadserver.com *.dotomi.com *.amazonaws.com *.facebook.com *.nr-data.net *.googlesyndication.com *.googleapis.com *.googleadservices.com *.google.co.in googleads.g.doubleclick.net *.placeholder.com *.google.com.mx *.jquery.com; font-src    https: data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://www.facebook.com/ https://facebook.com/ https://ad.doubleclick.net/ https://analytics.jnjbrasil.com.br/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://google.com/ https://analytics.jnjbrasil.com.br/ https://analytics.google.com/ *.google.com.br https://era-images.s3.amazonaws.com https://via.placeholder.com https://d5k2ho7p0o8vp.cloudfront.net https://analytics.google.com https://server-side-tagging-b4b35m77ha-uc.a.run.app data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net  https://jquery.com/ https://youtube.com/ https://www.youtube.com/ https://www.salesforceliveagent.com/ https://c.la1-c1-frf.salesforceliveagent.com/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://code.jquery.com/ https://connect.facebook.net/ https://facebook.net/ https://johnson.virtualinteractions.com.br https://cdn.cookielaw.org/ https://cookielaw.org/ https://www.google-analytics.com/ https://d.la1-c1-frf.salesforceliveagent.com/ https://d.la3-c1-fra.salesforceliveagent.com/ https://d.la3-c1-fra.salesforceliveagent.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.investis.com *.api.brightcove.com geoid.investisdigital.com cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis.com *.api.brightcove.com otp.tools.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' 'unsafe-inline' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com viz.tools.investis.com http://viz.tools.investis.com vivoenergy.canto.global https://vivoenergy.canto.global/v/photogallery https://d1c96hlcey6qkb.cloudfront.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' *.investis.com *.api.brightcove.com  https://cookiemanager.investisdigital.com https://geoid.investisdigital.com www.google-analytics.com https://region1.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' https://www.youtube.com https://chat.aiaibot.com https://chat-pr823.aiaibot.dev https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://e.issuu.com https://graph.facebook.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/jsapi https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://v1.addthisedge.com https://service.newhome.ch/v1/ortschaften/suche https://siteimproveanalytics.com/js/siteanalyze_6012616.js https://www.riddle.com/files/js/embed.js https://swisspost.opendatasoft.com https://connect.facebook.net https://snap.licdn.com https://goo.gl/xX8pDD https://*.opentok.com https://*.tokbox.com https://unblu.cloud https://zgkbv.unblu.cloud https://zgkbv.acp.unblu-env.com https://www.riddle.com https://p.interacty.me https://cdn.cookielaw.org https://player.vimeo.com https://i.vimeocdn.com *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://unblu.cloud https://zgkbv.unblu.cloud https://www.riddle.com https://chat-pr823.aiaibot.dev https://chat.aiaibot.com https://www.gstatic.com https://zgkbv.acp.unblu-env.com https://p.interacty.me web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' data: blob: https://www.zugerkb.ch https://maps.google.com https://maps.gstatic.com https://www.google.ch https://www.google.com https://www.google-analytics.com https://unblu.cloud https://zgkbv.unblu.cloud https://zgkbv.acp.unblu-env.com https://6012616.global.siteimproveanalytics.io https://www.facebook.com/tr/ https://restcountries.com/data/ https://restcountries.com https://www.cu3.ch/zgkb/ https://px.ads.linkedin.com https://linkedin.com https://ad13.adfarm1.adition.com https://imagesrv.adition.com https://flagcdn.com https://upload.wikimedia.org https://cdn.cookielaw.org https://i.vimeocdn.com/ https://zugerkb.ch *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' data: https://fonts.gstatic.com https://zgkbv.acp.unblu-env.com https://unblu.cloud https://zgkbv.unblu.cloud https://netdna.bootstrapcdn.com/font-awesome/4.7.0/fonts/; connect-src 'self' https://m.addthis.com https://s7.addthis.com https://unblu.cloud https://zgkbv.unblu.cloud wss://unblu.cloud wss://zgkbv.unblu.cloud https://zgkbv.acp.unblu-env.com wss://zgkbv.acp.unblu-env.com https://api.aiaibot.com wss://api.aiaibot.com https://api.aiaibot.dev wss://api.aiaibot.dev https://swisspost.opendatasoft.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tp.srgssr.ch https://sentry.aiaibot.com https://vod.infomaniak.com https://snap.licdn.com https://goo.gl/xX8pDD https://*.tokbox.com https://*.opentok.com wss://*.opentok.com wss://*.tokbox.com https://prod1.solutions.webfg.ch https://api.friendlycaptcha.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://vimeo.com/ https://api.countrylayer.com https://privacyportal-ch.onetrust.com https://webservices.post.ch:17023 https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://unblu.cloud https://zgkbv.unblu.cloud; child-src blob: 'self' web-chat.nativechat.com; frame-src 'self' https://e.issuu.com https://www.youtube.com https://s7.addthis.com https://www.contentupdate.net/zgkb/nlreg.aspx https://www.google.com https://chat.aiaibot.com https://chat.aiaibot.dev https://www.riddle.com https://player.vimeo.com https://b2c-prod.netcetera.ch https://tp.srgssr.ch https://video.eko.com/ https://vod.infomaniak.com https://snap.licdn.com https://goo.gl/xX8pDD https://player.clevercast.com https://www.figma.com https://p.interacty.me https://siegfried-roi.interactivete.ch web-chat.nativechat.com forms.hsforms.com; object-src 'self'; plugin-types application/pdf 'self' 1
frame-ancestors 'self';base-uri 'self'; 1
default-src https:; connect-src https: wss:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
default-src 'self' https://kendo.cdn.telerik.com https://demos.telerik.com https://translate.googleapis.com/element/log https://www.google-analytics.com/analytics.js https://www.google-analytics.com/j/collect https://www.bing.com/api/maps/ https://r.bing.com/rb/3A/ https://www.bing.com/maps/geotfe/comp/ https://t.ssl.ak.tiles.virtualearth.net/tiles/cmd/ https://dev.virtualearth.net/REST/V1/Imagery/Copyright/en-GB/RoadOnDemand/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ https://dev.virtualearth.net/webservices/v1/LoggingService/ https://www.bing.com/fd/ls/ https://r.bing.com/rp/  https://www.bing.com/maps/ https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://chart.googleapis.com https://code.jquery.com https://maps.google.com/maps/api/ https://www.google.com/jsapi https://www.google.com/recaptcha/ https://demo.iconsystem.co.uk https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/ https://translate.googleapis.com/_/translate_http/ https://translate-pa.googleapis.com https://www.googletagmanager.com/gtag/ https://region1.google-analytics.com/ https://developer.api.autodesk.com https://ase-cdn.autodesk.com https://ase.autodesk.com 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.autodesk.com data:; object-src 'none'; img-src * data: https: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.net *.cubepile.com *.dailymotion.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.pubmatic.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.tradingview.com *.tribalfusion.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.vidyome.com *.vimeo.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yieldmo.com *.youtu.be *.youtube.com bs.serving-sys.com cdn.ampproject.org cdn.jsdelivr.net gdetr.hit.gemius.pl google.com googlesyndication.com onesignal.com pagead2.googlesyndication.com pcode.air.tech secure-ds.serving-sys.com trgde.adocean.pl yastatic.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' plugin.skedify.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  api.skedify.io cookie-cdn.cookiepro.com *.innovatio.be *.parentia.be bat.bing.com *.googleapis.com ; style-src 'self' 'unsafe-inline' plugin.skedify.io *.googleapis.com; img-src 'self' data: cookie-cdn.cookiepro.com *.googleapis.com *.gstatic.com *.innovatio.be *.parentia.be parentia-store.ams3.digitaloceanspaces.com parentia-store.ams3.cdn.digitaloceanspaces.com *.doubleclick.net *.google.com *.google.be bat.bing.com; child-src *.parentia.be; font-src 'self' parentia-store.ams3.digitaloceanspaces.com *.gstatic.com parentia-store.ams3.cdn.digitaloceanspaces.com; connect-src 'self' parentia-store.ams3.cdn.digitaloceanspaces.com parentia-store.ams3.digitaloceanspaces.com *.rubico.be *.innovatio.be api.skedify.io parentia.skedify.me *.parentia.be cookie-cdn.cookiepro.com *.googleapis.com geolocation.onetrust.com privacyportal.cookiepro.com bat.bing.com; report-uri https://sentry2.innovatio.be/api/2/security/?sentry_key=e7db14ac1d8b8f3ed0e4b6e2149519fb; frame-src www.youtube.com *.innovatio.be https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 1
frame-ancestors 'self' https://augustatech.blackboard.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://snap.licdn.com https://px.ads.linkedin.com https://*.twitter.com https://code.jquery.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://static.ads-twitter.com https://*.meetami.ai http://*.meetami.ai https://*.liveperson.net https://*.liveperson.com https://*.lpsnmedia.net https://*.liveengage.net https://*.liveengage.com https://*.liveper.sn http://ajax.googleapis.com wss://chat.meetami.ai; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://code.jquery.com https://*.googleapis.com https://*.google.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; frame-src 'self' https://www.youtube.com http://player.vimeo.com https://player.vimeo.com https://www.facebook.com https://*.lpsnmedia.net https://*.liveperson.net https://*.meetami.ai http://*.meetami.ai; font-src 'self' https://fonts.gstatic.com https://*.meetami.ai http://*.meetami.ai; img-src 'self' data: https://www.teacherspensions.co.uk https://i.vimeocdn.com https://img.youtube.com https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://*.google.com http://*.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://secure.adnxs.com https://connect.facebook.net https://t.co https://*.facebook.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai https://s3-eu-west-1.amazonaws.com; connect-src 'self' https://region1.analytics.google.com/ https://*.google-analytics.com https://*.meetami.ai http://*.meetami.ai wss://chat.meetami.ai wss://*.liveperson.net https://cdn.linkedin.oribi.io; media-src 'self' https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.cakecraftcompany.com; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.facebook.com https://www.cardeasy.com https://connect.facebook.net https://*.6sc.co https://kit.fontawesome.com/1235c8a8d3.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.com https://stats.g.doubleclick.net https://www.gstatic.com https://static.licdn.com https://secure.adnxs.com; style-src 'self' 'unsafe-inline' https: https://www.cardeasy.com https://www.gstatic.com https://fonts.googleapis.com https://p.typekit.net https://use.fontawesome.com https://use.typekit.net; connect-src 'self' https: https://www.facebook.com https://www.cardeasy.com https://ga-trak-170814.appspot.com https://*.6sc.co https://ka-f.fontawesome.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://secure.adnxs.com; font-src 'self' data: https: https://www.cardeasy.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' https: data: https://www.cardeasy.com https://www.facebook.com https://www.google.com; img-src 'self' 'unsafe-inline' data: https: https://analytics.twitter.com https://t.co https://*.6sc.co https://px.ads.linkedin.com https://secure.gravatar.com https://t.co https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.gstatic.com https://*.google-analytics.com https://px.ads.linkedin.com https://www.cardeasy.com; media-src 'self' data: https: https://www.cardeasy.com; report-uri https://www.cardeasy.com/wp-json/cardeasy/v1/csp; base-uri 'self'; 1
default-src 'self' https: http:; font-src 'self' https: data: https://js.intercomcdn.com; object-src 'self' https: http:; form-action 'self' https: https://intercom.help https://api-iam.intercom.io; media-src https://js.intercomcdn.com; img-src 'self' http: https: blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; child-src 'self' blob: https: https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'unsafe-eval' 'unsafe-inline' https: http: https://js.stripe.com https://hooks.stripe.com; script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' https: http: https://canny.io/sdk.js https://app.intercom.io https://widget.intercom.io https://api.duosecurity.com https://js.intercomcdn.com https://widget.intercom.io https://js.stripe.com d2iiunr5ws5ch1.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' https: 'unsafe-inline' blob:; connect-src 'self' https: http: data: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://api.stripe.com http://localhost:3035 ws://localhost:3035 1
font-src https://www.callisonrtkl.com https://cdn.crtkl.com data: 1
default-src 'none'; script-src 'nonce-CfSEehvCzlCwtCAq2xZ1ag==' 'self' 'unsafe-eval' 'unsafe-inline' mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz ya.ru *.ya.ru yandex.ru *.yandex.ru yandex.net *.yandex.net www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.adfox.ru yandex.st yastat.net accounts.google.com static.housearch.com *.marquiz.io *.marquiz.ru bat.bing.com; connect-src 'self' data: yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru 127.0.0.1:29009 127.0.0.1:30102 yandexmetrika.com:29010 yandexmetrika.com:30103 ya.ru *.ya.ru yandex.ru *.yandex.ru yandex.net *.yandex.net wss://*.yandex.ru www.google-analytics.com analytics.google.com/ *.adfox.ru yandex.st yastatic.net yastat.net yandex.com yandex.eu yandex.com.tr accounts.google.com static.housearch.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' yastatic.net blob: *.adfox.ru accounts.google.com static.housearch.com; font-src 'self' data: yastatic.net fonts.gstatic.com yastat.net an.yandex.ru static.housearch.com; img-src 'self' data: yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru ya.ru *.ya.ru yandex.ru *.yandex.ru yandex.net *.yandex.net *.admetrica.ru android-webview-video-poster blob: www.googletagmanager.com www.google-analytics.com *.weborama.fr *.doubleclick.net *.adfox.ru yastat.net tps.doubleverify.com pixel.adsafeprotected.com *.verify.yandex.ru verify.yandex.ru yandex.com yandex.eu yandex.com.tr *.housearch.com static.housearch.com; media-src 'self' data: yastatic.net ya.ru *.ya.ru yandex.ru *.yandex.ru yandex.net *.yandex.net blob: *.adfox.ru yandex.st yastat.net static.housearch.com; manifest-src 'self' static.housearch.com; worker-src 'self' data: blob:; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru mc.yandex.md ya.ru *.ya.ru yandex.ru *.yandex.ru yandex.net *.yandex.net *.yandex yastatic.net * *.yandexadexchange.net *.adfox.ru yastat.net creativecdn.com ams.creativecdn.com *.doubleclick.net accounts.google.com *.marquiz.io *.marquiz.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com ya.ru *.ya.ru *.yandex.ru yandex.ru; 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalwebshield.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalwebshield.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalwebshield.com http://url.totalwebshield.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalwebshield.com https://www.google.com/; connect-src 'self' https://my.totalwebshield.com https://ajax.totalwebshield.com https://login.totalwebshield.com https://signup.totalwebshield.com https://my.totalwebshield.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalwebshield.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.openstreetmap.org *.vimeo.com *.frikanalen.no *.nuug.no yewtu.be *.kjemi.uio.no *.oreilly.com *.skolelinux.de *.googleapis.com remarkjs.com *.gstatic.com api.flattr.com;img-src 'self' twitter-badges.s3.amazonaws.com nuug.no; script-src-elem 'self' 'unsafe-inline' yewtu.be remarkjs.com *.flattr.com digg.com; script-src 'self' 'unsafe-inline' yewtu.be report-to default 1
default-src 'self' https://7463.global.siteimproveanalytics.io *.kammarkollegiet.se web103.reachmee.com kammarkollegiet.se *.rek.ai *.sitevision-cloud.se *.sitevision.se https://partiinsynt.kk.local:8443 *.drive.google.com https://docs.google.com *.google-analytics.com *.tagmanager.google.com *.fonts.googleapis.com *.ssl.gstatic.com *.fonts.gstatic.com data: *.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://www.google.com *.googleusercontent.com https://www.anpdm.com *.youtube.com *.youtube-nocookie.com; script-src *.sitevision.se *.sitevision-cloud.se *.kammarkollegiet.se *.rek.ai *.rekai.se *.hotjar.com https://esmaker.net https://siteimproveanalytics.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com web103.reachmee.com 'unsafe-eval' 'unsafe-inline'; style-src 'unsafe-inline' *.kammarkollegiet.se *.sitevision.se *.hotjar.com *.cloudflare.com https://tagmanager.google.com/debug/css.css *.googleapis.com; font-src *.cloudflare.com *.sitevision.se data: *.gstatic.com *.hotjar.com *.kammarkollegiet.se; frame-ancestors *.kammarkollegiet.se web103.reachmee.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://www.google-analytics.com; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.buzzsprout.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://www.buzzsprout.com https://www.youtube.com https://player.vimeo.com https://docs.google.com https://cdn.forms-content.sg-form.com; media-src 'self' https://www.youtube.com; default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.buzzsprout.com; style-src 'self' https://fonts.googleapis.com ; object-src 'none'; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://cawfee.club wss://cawfee.club;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.elitefourum.com/logs/ https://www.elitefourum.com/sidekiq/ https://www.elitefourum.com/mini-profiler-resources/ https://efour.b-cdn.net/assets/ https://www.elitefourum.com/extra-locales/ https://efour.b-cdn.net/highlight-js/ https://efour.b-cdn.net/javascripts/ https://efour.b-cdn.net/plugins/ https://efour.b-cdn.net/theme-javascripts/ https://efour.b-cdn.net/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https: 'unsafe-inline'; worker-src 'self' https://efour.b-cdn.net/assets/ https://efour.b-cdn.net/javascripts/ https://efour.b-cdn.net/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.ethicasigorta.com.tr; 1
frame-ancestors 'self' https://www.myrasecurity.com https://myrasecurity.360learning.com; 1
script-src https://sjgweert.nl 'unsafe-inline' https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com  https://www.google.com https://www.zorgkaartnederland.nl/ https://player.vimeo.com https://www.youtube.be https://www.googletagmanager.com;default-src https://sjgweert.nl 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com/ https://www.google.com data: https://maps.google.com/ https://www.zorgkaartnederland.nl/ https://player.vimeo.com https://www.youtube.be https://www.youtube.com/ 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io assets.targetbarn.com data: stats.g.doubleclick.net verify.authorize.net; manifest-src assets.targetbarn.com www.targetbarn.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.targetbarn.com assets.voyagetext.com blob: code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net verify.authorize.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org 1
default-src 'self' 'unsafe-inline' toiletwar.com mc.yandex.ru;script-src 'self' 'unsafe-inline' toiletwar.com mc.yandex.ru;style-src 'self' 'unsafe-inline' toiletwar.com;img-src 'self' 'unsafe-inline' toiletwar.com mc.yandex.ru *.googleusercontent.com *.userapi.com *.googleapis.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: gap: bam.nr-data.net *.newrelic.com static.doubleclick.net *.azureedge.net *.google-analytics.com www.googletagmanager.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com cdn.jsdelivr.net *.instagram.com *.twitter.com *.cookielaw.org *.onetrust.com *.facebook.net; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com hello.myfonts.net; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; media-src 'self'; frame-src 'self' *.google.com *.svc.dynamics.com *.youtube.com *.facebook.com *.instagram.com *.twitter.com *.facebook.com; frame-ancestors 'self'; child-src 'self' *.google.com *.svc.dynamics.com *.youtube.com *.facebook.com *.instagram.com *.twitter.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' data: bam.nr-data.net *.svc.dynamics.com analytics.google.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net *.cookielaw.org *.onetrust.com; report-uri /report-csp-violation 1
object-src 'none'; script-src 'nonce-M4ARb8TzYXvFk/pmwBUxQQ==' 'unsafe-inline' 'strict-dynamic' https: http:; base-uri 'none'; 1
default-src 'self'; script-src *.ceros.com *.licdn.com *.patrizia.ag 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: gateway.zscloud.net https://www.googleadservices.com https://insights.patrizia.ag https://fml-x.com/ https://*.fml-x.com/ https://ajax.googleapis.com/ https://doo.net/ https://player.vimeo.com https://platform.twitter.com https://www.youtube.com https://maps.googleapis.com https://app.usercentrics.eu https://bat.bing.com https://googleads.g.doubleclick.net https://maps.googleapis.com/maps/api/js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://insights.patrizia.ag/gtm.js; style-src *.patrizia.ag 'report-sample' 'self' 'unsafe-inline' https://news.patrizia.ag https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com/ https://*.usercentrics.eu https://fml-x.com/ https://*.fml-x.com/ https://api.friendlycaptcha.com https://cdn.linkedin.oribi.io https://api.usercentrics.eu https://bat.bing.com https://graphql.usercentrics.eu https://insights.patrizia.ag https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' *.patrizia.ag data: https://fonts.gstatic.com https://news.patrizia.ag; frame-src 'self' https://td.doubleclick.net/ *.ceros.com https://doo.net/ https://*.twitter.com https://10358154.fls.doubleclick.net https://6569926.fls.doubleclick.net https://9643716.fls.doubleclick.net https://app.usercentrics.eu https://charts3.equitystory.com; img-src 'self' https://ad.doubleclick.net/ http://www.patrizia.ag data: *.patrizia.ag https://*.openstreetmap.org https://*.linkedin.com https://*.usercentrics.eu https://bat.bing.com https://fml-x.com/ https://*.fml-x.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.linkedin.com https://insights.patrizia.ag https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://www.google.com https://www.google.de; manifest-src 'self'; media-src 'self' data: blob: *; frame-ancestors 'self' 1
frame-ancestors 'self'; object-src 'none';worker-src 'self' ;manifest-src 'self';base-uri *.whtop.com ;report-uri https://www.whtop.com/utils.csp-report; report-to whtop.com 1
frame-ancestors 'self' promo.alparigroup.com 1
default-src 'self' cdn.wcc.witt-weiden.at https://cdn.wcc.witt-weiden.at/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-weiden.at fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-weiden.at/graphql cdn.wcc.witt-weiden.at cdn.witt.info/ images.ctfassets.net te.witt-weiden.at tp.witt-weiden.at wasp.witt-weiden.at wst.witt-weiden.at *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.at https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-weiden.at www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-weiden.at checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-weiden.at *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-weiden.at cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-weiden.at *.dixa.io;    worker-src 'self' cdn.wcc.witt-weiden.at blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors 'self' https://online.amp.co.nz https://ampwmnz.force.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com/ https://ampwmnz--imozo2.sandbox.my.site.com/ https://ampwmnz.my.site.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--imozo2.sandbox.my.site.com https://ampwmnz--imozo.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com https://ampwmnz--gtan.sandbox.my.site.com https://ampwmnz--gtandev.sandbox.my.site.com https://ampwmnz--iansdev.sandbox.my.site.com https://ampwmnz--nbustillos.sandbox.my.site.com https://ampwmnz--rollup2.sandbox.my.site.com https://ampwmnz--validtn2.sandbox.my.site.com https://ampwmnz--preprod.sandbox.my.site.com 1
default-src 'self' download.audioease.com download2.audioease.com download3.audioease.com download4.audioease.com download5.audioease.com www.youtube-nocookie.com; object-src 'none'; font-src *;img-src * data:; script-src 'unsafe-inline' 'self' download.audioease.com download2.audioease.com download3.audioease.com download4.audioease.com; style-src 'unsafe-inline' 'self'; 1
img-src * data:; font-src * data: unsafe-inline; 1
frame-ancestors 'self'; report-uri https://timeteam.report-uri.com/r/d/csp/enforce; report-to default 1
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; connect-src 'self' https://*.hubspot.com https://*.appsflyer.com https://*.doubleclick.net https://*.clarity.ms https://*.google-analytics.com https://*.lambda-url.ap-northeast-1.on.aws https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://assets.ctfassets.net; font-src 'self' https://*.appsflyer.com https://*.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.hubspot.com https://*.youtube.com; img-src 'self' data: https://*.twitter.com https://aw.dw.impact-ad.jp https://*.clarity.ms https://*.ctfassets.net https://*.onelink.me https://t.co https://tr.lfeeder.com https://*.hubspot.com https://*.google-analytics.com https://*.google.co.jp https://*.google.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.co.jp https://*.a8.net https://*.gstatic.com https://googletagmanager.com; media-src 'self' https://*.paidy-staging.com; script-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.google.co.jp https://*.appsflyer.com https://*.ads-twitter.com https://*.yimg.jp https://*.yahoo.co.jp https://sc.lfeeder.com https://yubinbango.github.io https://*.a8.net https://*.clarity.ms https://*.ebis.ne.jp https://*.impact-ad.jp https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com https://ssl.google-analytics.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com; frame-ancestors 'none'; 1
frame-ancestors 'self' https://u-karty.ru 1
connect-src 'self' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com/ www.google-analytics.com/ analytics.google.com/ stats.g.doubleclick.net/ dc.services.visualstudio.com/;      form-action testsecureacceptance.cybersource.com secureacceptance.cybersource.com;      style-src 'self' 'unsafe-inline' fonts.googleapis.com/;     font-src 'self' fonts.gstatic.com/;     img-src 'self' data: www.google-analytics.com/ www.googletagmanager.com/ www.google.com/ www.facebook.com/ maps.gstatic.com/ maps.googleapis.com/ img.youtube.com/ blob: img.youtube.com/ i.ytimg.com/;                           frame-ancestors 'self';               frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.youtube.com/ marathonconsulting.atlassian.net/; 1
frame-ancestors 'self' https://www.ncver.edu.au https://ncver.edu.au https://www.voced.edu.au 1
font-src *.fontawesome.com https://static.payzen.eu/static/ https://fonts.gstatic.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.facebook.com secure.payzen.eu *.facebook.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; frame-ancestors www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.facebook.com secure.payzen.eu preprod.lm.octopuce.fr www.lematelas.fr www.youtube-nocookie.com play.google.com *.meubles.fr *.trustpilot.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.criteo.com www.instagram.com tpc.googlesyndication.com www.googletagmanager.com td.doubleclick.net hud.crazyegg.com ct.pinterest.com www.powr.io www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.facebook.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.google.com https://www.google.fr https://serv.lematelas.fr https://maps.gstatic.com https://maps.googleapis.com https://www.lematelas.fr/ https://www.lematelas-hotellerie.com/ *.trustpilot.net/ https://c.clarity.ms/ https://c.bing.com https://bat.bing.com https://googleads.g.doubleclick.net https://axeptio.imgix.net *.kelkoogroup.net *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://images.unsplash.com serv.lematelas-hotellerie.com www.google.ro www.google.be www.google.ch connect.facebook.net www.google.dk www.google.bg www.google.com.hk www.google.at www.google.dz www.google.de www.google.ca www.google.es www.google.mg www.google.co.ma www.google.co.uk www.google.lu www.google.tn www.google.it blob cart2quote.zendesk.com www.magentocommerce.com mcusercontent.com www.lematelas.fr v2assets.zopim.io ftrk.crazyegg.com hud.crazyegg.com favicons.axept.io ct.pinterest.com pos.baidu.com lematelas.zendesk.com www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.googletagmanager.com *.facebook.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.trustpilot.com https://www.google.com *.doubleclick.net *.zdassets.com https://maps.googleapis.com data: https://bat.bing.com https://www.clarity.ms https://s.kk-resources.com https://www.youtube.com *.meubles.fr *.axept.io *.abtasty.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.paypal.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.instagram.com tpc.googlesyndication.com bat.bing.com static.zdassets.com widget.trustpilot.com script.crazyegg.com snippet.maze.co www.lematelas-hotellerie.com inline admin.lematelas.fr pixel.nudgify.com s.pinimg.com www.powr.io www.lematelas.fr old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://static.payzen.eu/static/ https://fonts.googleapis.com https://www.googletagmanager.com *.trustpilot.com downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com cdn.jsdelivr.net hud.crazyegg.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; object-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; media-src *.zdassets.com *.zopim.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; manifest-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; connect-src *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ wss://widget-mediator.zopim.com *.zdassets.com *.zendesk.com *.doubleclick.net https://serv.lematelas.fr https://serv.lematelas-hotellerie.com *.trustpilot.com https://sentry.io *.clarity.ms https://www.facebook.com *.google.fr *.google.com https://maps.googleapis.com www.google-analytics.com *.kelkoogroup.net *.axept.io *.imgix.net *.abtasty.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.nr-data.net *.facebook.com *.datatrics.com bat.bing.com serv.lematelas.fr serv.lematelas-hotellerie.com www.google.ch www.google.be www.google.at www.google.dz script.crazyegg.com tracking.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com hud.crazyegg.com app.crazyegg.com prompts.maze.co serv2.lematelas-hotellerie.com data.nudgify.com ct.pinterest.com vcdn.powr.io www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; child-src www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.abtasty.com www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.lematelas.fr www.lematelas-hotellerie.com old.someo-literie.com www.someo-literie.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self' *.kashflowpayroll.com cdnjs.cloudflare.com verify.uk.pt-x.com web-sdk-eu.aptrinsic.com esp-eu.aptrinsic.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.kashflowpayroll.com data:; img-src *; frame-src www.youtube.com/embed/4GzLYxZw2gw 1
img-src https: data:; media-src https:; frame-src https:; child-src https:; connect-src https: 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
default-src 'self' https://maps.gstatic.com https://*.epayments.com; worker-src 'self' https://maps.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://cdn.taboola.com https://maps.gstatic.com https://maps.googleapis.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://js.hs-scripts.com https://*.google.com https://www.googletagmanager.com https://connect.facebook.net https://*.facebook.com https://*.mail.ru https://widget.intercom.io https://mc.yandex.ru https://www.gstatic.com https://www.google-analytics.com https://js.intercomcdn.com https://api.survicate.com https://*.cognitoforms.com https://services.cognitoforms.com https://www.googleadservices.com https://trc.taboola.com https://www.cognitoforms.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://*.cognitoforms.com https://services.cognitoforms.com https://www.cognitoforms.com; img-src 'self' data: https://www.google.co.uk https://*.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google.ru https://track.hubspot.com https://stats.g.doubleclick.net http://*.mzstatic.com https://www.google-analytics.com https://mc.yandex.ru https://*.intercomcdn.com https://*.facebook.com https://static.intercomassets.com https://*.mail.ru https://services.cognitoforms.com https://www.google.de https://www.google.fi; font-src 'self' https://*.intercomcdn.com https://fonts.gstatic.com https://services.cognitoforms.com https://www.cognitoforms.com; connect-src 'self' https://cdn.taboola.com https://trc.taboola.com https://mc.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://*.gstatic.com https://api.exchangeratesapi.io https://api.hubspot.com https://forms.hubspot.com https://freegeoip.net https://*.epayments.com https://*.intercom.io wss://*.intercom.io https://mc.yandex.ru https://api.survicate.com https://api.ratesapi.io https://*.cognitoforms.com https://services.cognitoforms.com https://www.facebook.com https://www.cognitoforms.com; child-src 'self' https://optimize.google.com https://mc.yandex.ru https://connect.facebook.net https://www.facebook.com https://*.epayments.com https://www.google.com https://*.gstatic.com https://app.hubspot.com https://bid.g.doubleclick.net 1
default-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ bam.nr-data.net connect.facebook.net google.com gstatic.com h5api.m.taobao.com platform.linkedin.com platform.twitter.com plugin.ucads.ucweb.com ssl.google-analytics.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
frame-ancestors https://*.gettalong.org/ 1
frame-ancestors *.bolt.com self *.zdassets.com https://growgen.zendesk.com/ 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action https://www.facebook.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * self 'self' 'unsafe-inline'; base-uri https://www.youtube.com/; style-src https://*.sharethis.com/ https://www.youtube.com/ https://web-sdk.aptrinsic.com/ *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.yotpo.com unsafe-inline assets.braintreegateway.com self 'self' 'unsafe-inline'; script-src https://bam.nr-data.net/ https://ws.sharethis.com/ https://newton.newtonsoftware.com/ https://recruitingbypaycor.com/ https://*.sharethis.com/ https://widget-mediator.zopim.com/ https://www.youtube.com/ https://connect.facebook.net/ https://chimpstatic.com/ https://googleads.g.doubleclick.net/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hsadspixel.net/ https://web-sdk.aptrinsic.com/ https://cdn.attn.tv/ https://growgeneration.attn.tv/ https://*.mouseflow.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com self *.tctm.xyz/ *.zdassets.com https://www.google.com/ https://www.gstatic.com/ https://includes.ccdc02.com/cardinalcruise/v1/songbird.js *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net https://growgen.zendesk.com/ api.smooch.io *.adobedtm.com *.simpli.fi *.rumiview.com *.kickfire.com *.callrail.com *.hotjar.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://www.youtube.com/ 'self' 'unsafe-inline'; media-src https://static.zdassets.com/ https://www.youtube.com/ *.adobe.com 'self' 'unsafe-inline'; manifest-src https://www.youtube.com/ 'self' 'unsafe-inline'; img-src https://*.sharethis.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.google.com/ https://www.facebook.com/ https://www.google.com.ua/ https://forms-eu1.hsforms.com/ https://track-eu1.hubspot.com/ https://*.mouseflow.com https://meetanshi.com/media/logo.png assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com self *.everesttech.net *.omtrdc.net *.hsforms.com *.hubspot.com https://growgen.zendesk.com/ *.zdassets.com/ *.flexipim.com *.simpli.fi *.rumiview.com *.kickfire.com https://cm.g.doubleclick.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; frame-src https://newton.newtonsoftware.com/ https://*.sharethis.com/ *.consensu.org https://recruitingbypaycor.com/ https://www.youtube.com/ https://www.facebook.com/ creatives.attn.tv https://*.mouseflow.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self https://www.google.com/ *.demdex.net/ *.zdassets.com https://growgen.zendesk.com/ https://11989942.fls.doubleclick.net/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; font-src https://*.mouseflow.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com self data: 'self' 'unsafe-inline'; connect-src *.sharethis.com wss://widget-mediator.zopim.com/ https://www.youtube.com/ https://amcglobal.sc.omtrdc.net/ https://www.facebook.com/ https://forms-eu1.hubspot.com/ https://api-eu1.hubapi.com/ https://esp-m.aptrinsic.com/ https://events.attentivemobile.com/ https://growgeneration.attn.tv/ https://*.mouseflow.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com self https://widget-mediator.zopim.com/ wss://api.smooch.io https://growgen.zendesk.com/ *.zdassets.com https://formbuilder.online/ *.doubleclick.net/ *.authorize.net/ *.demdex.net/ https://bam.nr-data.net/ https://maps.googleapis.com/ https://insights.algolia.io/ *.hubspot.com/ *.hubapi.com/ *.flexipim.com *.adobedtm.com *.hscollectedforms.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com/ https://analytics.google.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; default-src https://*.mouseflow.com self 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' nitropack.io *.nitropack.io *.getnitropack.com *.nitrocdn.com cdn.skypack.dev facetwp.com googletagmanager.com *.googletagmanager.com *.google.com *.facebook.net *.facebook.com *.gravatar.com *.doubleclick.net *.googlesyndication.com *.google.co.za *.gstatic.com *.googleadservices.com *.g.doubleclick.net cdn.jsdelivr.net *.loom.com npmcdn.com unpkg.com data: *.google-analytics.com *.hotjar.com *.hotjar.io *.googleapis.com *.gstatic.com *.hotjar.io *.nr-data.net *.newrelic.com *.nttgroup.co.za; object-src 'none' 1
frame-ancestors 'self' intranet.swbno.org webadmin.swbno.org *.swbno.org; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.nola.gov *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net *.aspnetcdn.com *.facebook.net *.facebook.com *.office.com *.cloudflare.com webadmin.swbno.org *.swbno.org swbno.maps.arcgis.com *.maps.arcgis.com *.gstatic.com *.accessibe.com *.youtube.com *.userway.org *.powerbi.com *.arcgis.com *.esri.com cdn.jsdelivr.net fonts.googleapis.com *.visualstudio.com cdn.materialdesignicons.com app.purechat.com api.purechar.com platform.twitter.com www.google-analytics.com widgetapi.purechat.com cdn.syndication.twimg.com syndication.twitter.com api-cdn.purechat.com pbs.twimg.com prod.purechatcdn.com syndication.twitter.com *.twitter.com *.purechat.com *.purecharcdn.com *.google.com *.googleapis.com *.google-analytics.com *.twimg.com; font-src * data: blob:; img-src  * data: blob: ; worker-src * blob: ; media-src * blob: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.motortransport.co.uk; 1
default-src 'self' bitrix.info *.gstatic.com yastatic.net www.youtube.com https://www.google.com https://yastatic.net https://yandex.ru https://mc.yandex.ru https://www.youtube.com connect-src 'self' www.google-analytics.com yandex.st https://mc.yandex.ru https://yandex.ru https://yandex.st  https://informer.yandex.ru https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ostankino.ru https://mc.yandex.ru https://yastatic.net 'nonce-<character sequence>' *.yandex.ru *.yandex.net bitrix.info www.googletagmanager.com *.googleapis.com *.google.com www.google-analytics.com html5shiv.googlecode.com https://www.gstatic.com https://api-maps.yandex.ru https://site.yandex.net https://api.vk.com https://informer.yandex.ru https://ajax.googleapis.com https://yastatic.net https://www.google-analytics.com https://mc.yandex.ru yandex.st maps.google.com https://yandex.st https://yandex.ru https://yastatic.net https://www.google-analytics.com; style-src 'self' *.googleapis.com yandex.st https://code.jquery.com https://yastatic.net https://yandex.st 'unsafe-inline' https://yandex.ru; img-src 'self' *.googleapis.com *.gstatic.com *.yandex.ru i.ytimg.com yastatic.net www.google-analytics.com https://i.ytimg.com https://counter.yadro.ru https://site.yandex.net https://yandex.ru https://informer.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://mc.yandex.ru https://yastatic.net https://www.google.ru https://www.google-analytics.com https://clck.yandex.ru data: 'self' https://yandex.ru https://mc.yandex.ru; child-src 'self' yastatic.net *.yandex.ru www.youtube.com www.googletagmanager.com  https://www.google.com https://yastatic.net https://yandex.ru https://www.youtube.com; 1
script-src https http: 'unsafe-inline' 'unsafe-eval' ; style-src https http: 'unsafe-inline'; media-src https http: 'unsafe-inline'; img-src https http: 'unsafe-eval' data: blob:; font-src https http: data: 'unsafe-inline'; connect-src https http: 'unsafe-inline' ; frame-src https http: 'unsafe-inline'; worker-src 'self' blob: ; 1
default-src 'self' *.google.com api.friendlycaptcha.com; font-src *; img-src *; script-src * 'unsafe-inline' 'unsafe-eval' *.facebook.net *.google.com;worker-src blob:; style-src * 'unsafe-inline' 'unsafe-eval'; 1
img-src 'self' https://analytics.freedom.press https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.jsdelivr.net https://media.pressfreedomtracker.us/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; base-uri 'self'; object-src 'self' https://media.pressfreedomtracker.us/; connect-src 'self' https://analytics.freedom.press https://releases.wagtail.io/latest.txt https://cdn.jsdelivr.net https://static.observableusercontent.com/ https://media.pressfreedomtracker.us/; media-src 'self' https://media.pressfreedomtracker.us/; default-src 'self'; script-src 'self' https://analytics.freedom.press https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run; frame-src 'self' https://platform.twitter.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com; form-action 'self'; frame-ancestors 'self'; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
default-src 'self' blob: *.youtube.com *.hotjar.com *.hotjar.io *.greenhouse.io *.wistia.net *.litix.io *.wistia.com *.oribi.io *.yoast.com *.spotnana.com *.chilipiper.com *.marketo.com bat.bing.com analytics.google.com boards-api.greenhouse.io *.doubleclick.net *.linkedin.com *.mktoresp.com *.6sc.co; frame-ancestors 'self'; form-action 'self'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.spotnana.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.6sc.co *.greenhouse.io *.wistia.com yoast.com www.googletagmanager.com googletagmanager.com *.licdn.com bat.bing.com *.hotjar.com *.marketo.net *.doubleclick.net analytics.google.com www.google.com *.chilipiper.com *.spotnana.com *.fullstory.com 'unsafe-eval'; img-src 'self' data: *.6sc.co *.gravatar.com spotnana.com *.spotnana.com *.linkedin.com *.bing.com *.wistia.com *.googletagmanager.com; upgrade-insecure-requests; 1
frame-ancestors none; connect-src 'self' ssl.google-analytics.com; form-action 'self' *.citepayusa.com *.mt.gov app.mt.gov devmtefile.courts.mt.gov mtefile.courts.mt.gov;img-src fonts.gstatic.com 'self' ssl.google-analytics.com data: translate.google.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem *.gstatic.com *.google.com *.cloudflare.com 'self' 'unsafe-inline' ssl.google-analytics.com www.google-analytics.com; script-src www.google.com www.google.com www.gstatic.com 'self' 'unsafe-eval' 'unsafe-inline' ssl.google-analytics.com data:; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline' translate.googleapis.com; default-src *.google.com *.cloudflare.com 'self' 'unsafe-inline' ssl.google-analytics.com 'unsafe-eval' self; font-src fonts.gstatic.com 'self' data: fonts.gstatic.com 1
default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com ipropertyexpress.com virtual-tour.ipropertyexpress.com envisionvr.net https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ https://*.app.trade.me https://vimeo.com https://*.vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://static.instavid360.com/ https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.trademepayments.co.nz:* *.pingauth.trademe.co.nz:* mfa.trademe.co.nz;font-src 'self' data: www.trademe.co.nz fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://api.trademe.co.nz/graphql/ https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz https://images.tmsandbox.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com https://static.instavid360.com/;media-src https://static.instavid360.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-ISSuATRLfaOy0iA3XCsFWeNptayPAYFZbNe+bVBp5LQ=' 'sha256-nLJR3hobId5sFEi+fSoRD+x3EbYu9cAoiIK2HKHZ6i4=' 'report-sample' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com www.gstatic.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.googlesyndication.com cdn.ampproject.org https://www.adsensecustomsearchads.com https://syndicatedsearch.goog *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://api.trademe.co.nz/graphql/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz https://api.trademe.co.nz/graphql/ *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn google.com *.doubleclick.net *.googlesyndication.com https://www.adsensecustomsearchads.com https://syndicatedsearch.goog https://*.afterpay.com api.amplitude.com https://*.app.trade.me https://*.nr-data.net https://api.topsort.com/v2/events;child-src 'self';worker-src 'self';object-src 'none';report-uri https://www.trademe.co.nz/a/csp-report-uri 1
default-src 'none'; connect-src 'self' https:; font-src 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https:; img-src 'self' https: data: blob:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; worker-src blob:; 1
default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wogaa.sg https://assets.adobedtm.com/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.wogaa.sg/fonts/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/; font-src 'self' data: https://fonts.gstatic.com https://assets.wogaa.sg/fonts/; frame-src 'self' https://www.youtube.com https://www.recaptcha.net/recaptcha/; img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://*.wogaa.sg https://dpm.demdex.net/; connect-src 'self' https://*.wogaa.sg https://dpm.demdex.net/; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' *.stripe.com api.mixpanel.com mc.yandex.ru *.intercom.io *.intercomcdn.com *.hotjar.com icm.aexp-static.com stripensrq.global.ssl.fastly.net *.googleadservices.com accounts.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net yastatic.net mcheckout-qa.americanexpress.com cdn.jsdelivr.net *.youtube.com *.ytimg.com *.licdn.com *.wdfl.co *.upscope.io connect.facebook.net *.pinimg.com *.clarity.ms; object-src 'self'; font-src 'self' data: blob: 'unsafe-inline' js.intercomcdn.com fonts.intercomcdn.com fonts.gstatic.com *.hotjar.com 1
script-src 'self' 'strict-dynamic' https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://google.com/ https://www.youtube.com/ https://yubinbango.github.io/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://www.youtube.com/ https://yubinbango.github.io/ ; img-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://www.youtube.com/ ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://stats.g.doubleclick.net/  ; font-src 'self' https://fonts.gstatic.com/ https://www.gstatic.com/; media-src 'self' https://www.youtube.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.com/ https://www.google.co.jp/ ; object-src 'self' https://www.gstatic.com/ ; manifest-src 'self'; worker-src 'self' ; frame-ancestors 'self' https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://www.google.co.jp/ https://www.google.com/ https://www.youtube.com/ https://yubinbango.github.io/ ; form-action 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://www.google.co.jp/ https://www.google.com/ https://www.youtube.com/ https://yubinbango.github.io/ ; frame-src 'self' https://ssl.runon.co.jp/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.google.co.jp/ https://www.google.com/ https://www.youtube.com/ https://yubinbango.github.io/ ; script-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.youtube.com/ https://yubinbango.github.io/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://google.com/  ; script-src-attr 'self' 'unsafe-inline' https://www.youtube.com/ https://yubinbango.github.io/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ https://google.com/  ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.youtube.com/ https://yubinbango.github.io/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ ; style-src-attr 'self' 'unsafe-inline' https://www.youtube.com/ https://yubinbango.github.io/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleapis.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.google.co.jp/ https://www.google.com/ ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=my&region=US&lang=en-US&device=desktop&yrid=0dkqka9iqucic&partner=; 1
default-src 'none'; base-uri 'self'; object-src 'none'; block-all-mixed-content; img-src 'self' * blob: data:; style-src 'self' 'unsafe-inline' breathercom-assets-dev.global.ssl.fastly.net breathercom-assets-prod.global.ssl.fastly.net breather-use1prod-assets.global.ssl.fastly.net unpkg.com github.com fast.fonts.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com/ breather.bamboohr.com; font-src 'self' data: breathercom-assets-dev.global.ssl.fastly.net breathercom-assets-prod.global.ssl.fastly.net breather-use1prod-assets.global.ssl.fastly.net github.com *.googleusercontent.com *.fontawesome.com *.cloudflare.com *.honey.io *.gstatic.com *.zohostatic.com; media-src res.cloudinary.com https://js.intercomcdn.com; frame-src js.stripe.com *.moz.com *.vimeo.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net www.yahoo.com www.facebook.com tpc.googlesyndication.com 86624292f03f4b938f9b6ca0673c9f72.pages.ubembed.com *.qualtrics.com; script-src 'nonce-d3b5180f-f359-4739-8eec-199b06ea6648' 'unsafe-inline' js.stripe.com breathercom-assets-dev.global.ssl.fastly.net breathercom-assets-prod.global.ssl.fastly.net breather-use1prod-assets.global.ssl.fastly.net cdn.segment.com api.segment.com api.segment.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io ipinfo.io *.zopim.io *.zopim.com *.ucweb.com *.adroll.com *.google.com bat.bing.com px.airpr.com *.twitter.com *.opendns.com fast.fonts.net bam.nr-data.net ga.clearbit.com *.linkedin.com *.advertising.com *.doubleclick.net cdn.amplitude.com *.fullstory.com *.ads-twitter.com assets.ubembed.com *.kaspersky-labs.com kaspersky-labs.com pixel.cdnwidget.com *.googleapis.com sjs.bizographics.com connect.facebook.net *.googlesyndication.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com breather.zendesk.com static.zdassets.com ekr.zdassets.com 86624292f03f4b938f9b6ca0673c9f72.js.ubembed.com *.qualtrics.com breather.bamboohr.com sentry.io *.sentry.io; connect-src 'self' https://bapi.breather.com js.stripe.com breathercom-assets-dev.global.ssl.fastly.net breathercom-assets-prod.global.ssl.fastly.net breather-use1prod-assets.global.ssl.fastly.net cdn.segment.com api.segment.com api.segment.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.uc.cn *.ucweb.com *.adroll.com *.bing.com sentry.io *.sentry.io ipinfo.io *.zopim.io *.zopim.com *.linkedin.com *.facebook.com *.cdnbasket.net bam.nr-data.net rs.fullstory.com *.amplitude.com *.doubleclick.net ids.cdnwidget.com *.launchdarkly.com 640-pzg-232.mktoresp.com www.google-analytics.com maps.googleapis.com *.akamaihd.net api.greenhouse.io 86624292f03f4b938f9b6ca0673c9f72.events.ubembed.com static.zdassets.com ekr.zdassets.com breather.zendesk.com wss://breather.zendesk.com wss://*.zopim.com api.vimeo.com *.qualtrics.com breather.bamboohr.com; report-uri /report-violation 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: https://www.googletagmanager.com/; base-uri 'self'; report-uri https://o88274.ingest.sentry.io/api/192214/security/?sentry_key=a0af93cc03a44e39b9cd79d299a8d76d; frame-src 'self' https://app.syncbnb.com   https://js.stripe.com https://www.youtube.com https://www.facebook.com https://intercom-sheets.com https://bid.g.doubleclick.net https://www.googletagmanager.com; frame-ancestors https://app.syncbnb.com https://www.hosthub.com https://js.stripe.com https://www.facebook.com; worker-src 'self' blob: 1
frame-ancestors 'self' http://www.hbicecream.ie unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
worker-src blob:; default-src 'self' blob:; script-src 'self' a1.b0e8.com cdn1.b0e8.com cdn.bc0a.com cdn.brcdn.com acsbapp.com web1.acsbapp.com asset.productmarketingcloud.com connect.facebook.net www.facebook.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com p.brsrvr.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com workforcenow.adp.com www.youtube.com cdn.plyr.io www.youtube-nocookie.com tools.luckyorange.com wc-forms.s3.us-west-2.amazonaws.com view.ceros.com cdn.segment.com/analytics.js/v1/4EIM9QDTm7iYX00nN45ve7VguRGgq1DS/analytics.min.js code.jquery.com ajax.googleapis.com 'nonce-dgUAqZOJ1O9ofXPK0jSzo4DGJaeCNwX58iedMGUSBCU='; frame-ancestors 'self'; form-action 'self'; connect-src 'self' ixfd2-api.bc0a.com cdn.acsbapp.com www.google-analytics.com settings.luckyorange.com api-preview.luckyorange.com wss://realtime.luckyorange.com analytics.google.com pubsub.googleapis.com stats.g.doubleclick.net wss://in.visitors.live in.visitors.live maps.googleapis.com cdn.plyr.io noembed.com owi-production-sharepoint-api-nodejsserver.cfapps.us10.hana.ondemand.com acsbapp.com cdn.cookielaw.org geolocation.onetrust.com; style-src-elem 'self' fonts.googleapis.com cdn.plyr.io wc-forms.s3.amazonaws.com 'unsafe-inline'; style-src 'self' wc-forms.s3.amazonaws.com cdn.plyr.io fonts.googleapis.com wc-forms.s3.amazonaws.com 'unsafe-inline'; img-src 'self' data: asset.productmarketingcloud.com a1.b0e8.com p.brsrvr.com www.facebook.com www.google-analytics.com media.whatcounts.com www.google.com asset-prod1a-use.productmarketingcloud.com maps.googleapis.com maps.gstatic.com i.ytimg.com cdn.cookielaw.org; font-src 'self' data: fonts.gstatic.com acsbapp.com; frame-src 'self' www.google.com www.juicer.io workforcenow.adp.com www.youtube.com www.youtube-nocookie.com view.ceros.com; report-uri https://ef072e48a5d33b7f6eae5b3a176a1b2b.report-uri.com/r/t/csp/enforce; report-to default 1
default-src  'unsafe-inline' ‘self’  fonts.googleapis.com fonts.gstatic.com 1
frame-ancestors 'self' www.lerwick-harbour.co.uk www.livinglerwick.co.uk *.shetland.org 1
frame-ancestors 'self' http://www.philips.com.mx *.philips.com *.philips.com.mx https://philipsigtdpv.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js http://translate.googleapis.com https://translate.googleapis.com http://translate.google.com https://translate.google.com https://*.vizzit.se http://*.vizzit.se http://tag.vizzit.se https://tag.vizzit.se http://apis.google.com https://apis.google.com http://localhost:56870 http://*.google-analytics.com https://*.google-analytics.com http://*.browsealoud.com https://*.browsealoud.com https://*.speechstream.net http://dl.episerver.net https://dl.episerver.net http://maps.googleapis.com https://maps.googleapis.com https://oppnadata.skl.se https://www.google.com/uds/ https://code.jquery.com https://unpkg.com https://js-agent.newrelic.com https://bam.nr-data.net https://policy.app.cookieinformation.com https://mfstatic.com blob: ljungby.se:443;style-src 'self' 'unsafe-inline' http://localhost:* http://ljungby.se https://ljungby.se http://translate.googleapis.com https://translate.googleapis.com https://*.vizzit.se https://www.vizzit.se http://www.vizzit.se http://*.browsealoud.com https://*.browsealoud.com http://fonts.googleapis.com https://fonts.googleapis.com http://dl.episerver.net https://dl.episerver.net https://oppnadata.skl.se https://www.google.com/uds/ https://ajax.googleapis.com https://unpkg.com https://mfstatic.com ljungby.se:443;img-src 'self' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se http://translate.google.com https://translate.google.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://www.vizzit.se https://www.vizzit.se http://*.google-analytics.com https://*.google-analytics.com http://*.browsealoud.com http://*.ggpht.com https://*.ggpht.com http://maps.gstatic.com https://maps.gstatic.com http://*.googleapis.com https://*.googleapis.com https://*.vizzit.se http://csi.gstatic.com https://csi.gstatic.com http://dl.episerver.net https://dl.episerver.net https://oppnadata.skl.se http://tag.vizzit.se https://tag.vizzit.se https://*.mediaflowpro.com http://*.mediaflowpro.com https://*.mediaflow.com http://*.mediaflow.com data: ljungby.se:443;font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com https://mfstatic.com ljungby.se:443;connect-src 'self' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se http://translate.googleapis.com https://translate.googleapis.com http://*.speechstream.net https://*.speechstream.net https://*.texthelp.com http://*.texthelp.com http://localhost:56870 http://*.browsealoud.com https://*.browsealoud.com ws: wss: https://*.vizzit.se https://api.kolada.se https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://*.mediaflow.com/ https://mfstatic.com ljungby.se:443;form-action 'self' ljungby.se:443;report-uri /CspReport/Log 1
default-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co api.ipify.org api.iplocation.net static.hotjar.com *.segmentify.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; style-src 'self' 'unsafe-inline' data: *.segmentify.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.keikei.com *.segmentify.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; img-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co *.segmentify.com api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *; font-src 'self' data: www.keikei.com keikei.com api-test.keikei.com api-prod.keikei.com api-prod.keikei.co www.keikei.co keikei.co api-test.keikei.co *.segmentify.com api.ipify.org api.iplocation.net static.hotjar.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com * 1
img-src 'self' *.queplan.cl queplan.cl  https: data: blob:; connect-src 'self' wss://widget-mediator.zopim.com wss://*.hotjar.com https://*.hotjar.io *.queplan.cl queplan.cl   www.google-analytics.com www.googletagmanager.com  https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net  https: data: blob:; style-src 'self' 'unsafe-inline' *.queplan.cl queplan.cl  https: data: blob:, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.queplan.cl queplan.cl  browser-update.org *.hotjar.com api.kushkipagos.com *.api.kushkipagos.com api-uat.kushkipagos.com *.api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.t.co *.adroll.com https: data: blob: www.google-analytics.com www.googletagmanager.com, script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google.cl www.google.co www.google.pe www.google.com browser-update.org *.queplan.cl queplan.cl  www.google-analytics.com www.googletagmanager.com https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com  *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net https: data: blob:, font-src 'self' fonts.googleapis.com fonts.gstatic.com *.queplan.cl queplan.cl  https: data: blob:; frame-src 'self' *.youtube.com https: data: blob: www.google-analytics.com www.googletagmanager.com; worker-src 'self' *.queplan.cl queplan.cl  https: data: blob:; object-src 'none'; frame-ancestors * 1
default-src 'self' cdn.wcc.witt-international.nl https://cdn.wcc.witt-international.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-international.nl fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-international.nl/graphql cdn.wcc.witt-international.nl cdn.witt.info/ images.ctfassets.net te.witt-international.nl tp.witt-international.nl wasp.witt-international.nl wst.witt-international.nl *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-international.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-international.nl www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-international.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-international.nl *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-international.nl cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-international.nl *.dixa.io;    worker-src 'self' cdn.wcc.witt-international.nl blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors 'self' https://transmountain.com https://*.transmountain.com 1
default-src 'self'; script-src 'self' wa.acxx.de; img-src 'self' img.buymeacoffee.com; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' wa.acxx.de 1
connect-src https://maps.googleapis.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://www.google-analytics.com/ https://ldynamicspublicapi.leadforensics.com/ https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://d10lpsik1i8c69.cloudfront.net https://api-preview.luckyorange.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://visitors.live https://region1.analytics.google.com https://d.adroll.com https://www.google.co.uk wss://visitors.live https://settings.luckyorange.com https://tools.luckyorange.com wss://realtime.luckyorange.com https://in.visitors.live https://analytics.google.com https://info.agas.com/analytics https://pi.pardot.com/ 'self' 'nonce-71JZRaSlEkcPDCSdm5LGjDX/YEU='; default-src blob: 'self'; font-src https://fonts.gstatic.com https://storage.googleapis.com 'self'; frame-src https://www.google.com https://player.vimeo.com https://www.youtube.com 'self'; frame-ancestors 'self' https://www.google.com; img-src https://maps.gstatic.com https://maps.googleapis.com https://cookie-cdn.cookiepro.com https://cookiepro.blob.core.windows.net https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com/ https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com https://d10lpsik1i8c69.cloudfront.net https://www.google.co.uk https://image2.pubmatic.com https://sync.taboola.com https://www.google.com https://cm.g.doubleclick.net https://ups.analytics.google.com https://ups.analytics.yahoo.com https://tools.luckyorange.com https://match.adsrvr.org https://sync.mathtag.com https://googleads.g.doubleclick.net 'self' data:; media-src https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d10lpsik1i8c69.cloudfront.net 'self'; object-src 'self'; style-src https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net https://tools.luckyorange.com https://hello.myfonts.net 'self' 'unsafe-inline'; script-src https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://cookie-cdn.cookiepro.com https://secure.leadforensics.com/ https://webeo-web-content.s3-eu-west-1.amazonaws.com/ http://connect.facebook.net/ https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com https://d10lpsik1i8c69.cloudfront.net https://marvel-b2-cdn.bc0a.com https://tools.luckyorange.com https://www.google-analytics.com https://*.bc0a.com https://info.agas.com/pd.js https://info.agas.com/analytics https://pi.pardot.com/ 'self' 'nonce-71JZRaSlEkcPDCSdm5LGjDX/YEU='; worker-src blob: 'self'; form-action 'self'; 1
default-src 'self' *.exertis.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.exertis.co.uk *.exertis.co.uk *.twitter.com *.googleapis.com www.googletagmanager.com cookie-script.com cdn.cookie-script.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.exertis.co.uk fonts.googleapis.com; img-src 'self' exertis.co.uk *.exertis.co.uk *.twitter.com *.google-analytics.com *.googleapis.com *.gstatic.com data: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: www.exertis.co.uk; connect-src 'self' *.google-analytics.com *.googleapis.com *.exertis.co.uk; frame-src 'self' *.twitter.com *.googleapis.com; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; frame-ancestors 'self' https://cada-prod-renew.ext.ssl-gouv.fr; 1
default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-src 'self'; img-src 'self'  data: *.akamaihd.net *.adobeaemcloud.com *.doubleclick.net www.google-analytics.com *.pathward.com; object-src 'self'; script-src 'self' *.akamaihd.net cyseal.cyveillance.com *.doubleclick.net www.google-analytics.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri /api/ContentSecurity/ 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://masshiway.net; 1
default-src 'self' *.qa-vynetrellis.com qa-vynetrellis.com *.qa-rpractice.com qa-rpractice.com; child-src 'self' blob: *.pendo.io qa-vynetrellis.com *.qa-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.qa-vynetrellis.com wss://qa-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.qa-vynetrellis.com qa-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.qa-vynetrellis.com qa-vynetrellis.com *.qa-rpractice.com qa-rpractice.com *.pendo.io; frame-src 'self' *.qa-vynetrellis.com qa-vynetrellis.com previewapp.qa-vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.qa-vynetrellis.com qa-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.qa-vynetrellis.com qa-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self' *.hrider.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.twitter.com *.facebook.com *.techsmith.com *.windows.net *.stripe.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.linkedin.com *.doubleclick.net *.calendly.com *.cookiehub.com cookiehub.net https://cookiehub.net/c2/526d259b.js https://accounts.google.com/gsi/client https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js snap.licdn.com *.tawk.to *.sharethis.com *.twitter.com *.twimg.com https://cdn.jsdelivr.net/emojione/; img-src * data:; frame-src 'self' *.twitter.com *.google.com *.sharethis.com *.consensu.org *.youtube.com *.spotify.com *.stripe.com *.calendly.com https://calendly.com https://accounts.google.com/gsi/ *.techsmith.com *.ivoox.com *.linkedin.com *.facebook.com *.whatsapp.com https://va.tawk.to *.hrider.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com/gsi/style *.calendly.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com *.tawk.to *.twitter.com *.twimg.com *.windows.net *.cookiehub.com https://cookiehub.net/ *.linkedin.com *.facebook.com *.whatsapp.com https://cdn.jsdelivr.net/emojione/; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.tawk.to https://static-v.tawk.to; connect-src 'self' *.google-analytics.com *.google.com *.bing.com *.facebook.com https://accounts.google.com/gsi/ https://*.tawk.to wss://*.tawk.to *.g.doubleclick.net *.sharethis.com *.linkedin.com *.whatsapp.com *.cookiehub.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.honeybadger.io js.authorize.net jstest.authorize.net cdn.jsdelivr.net assets0.zendesk.com static.zdassets.com pod-19.zendesk.com; style-src 'self' 'unsafe-inline' assets0.zendesk.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline'  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob: *.google.com *.giftup.app; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sciencemastodon.com; img-src 'self' https: data: blob: https://sciencemastodon.com; style-src 'self' https://sciencemastodon.com 'nonce-HBh1hViMPejHfXeALYU9dQ=='; media-src 'self' https: data: https://sciencemastodon.com; frame-src 'self' https:; manifest-src 'self' https://sciencemastodon.com; form-action 'self'; child-src 'self' blob: https://sciencemastodon.com; worker-src 'self' blob: https://sciencemastodon.com; connect-src 'self' data: blob: https://sciencemastodon.com https://cdn.masto.host wss://sciencemastodon.com; script-src 'self' https://sciencemastodon.com 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.sharethis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.cloudflare.com/ https://unpkg.com https://cdnjs.cloudflare.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.linkedin.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://*.surveygizmo.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.youtube.com https://cdn.jsdelivr.net https://*.outbrain.com https://*.licdn.com https://survey.alchemer.eu https://*.gstatic.com https://*.adnxs.com https://trk.adbutter.net https://*.cloudfront.net https://*.googleoptimize.com https://*.piwik.pro https://cdn.cookielaw.org https://*.googleadservices.com https://*.clarity.ms; object-src 'self' https://*.flickr.com; style-src 'self' 'unsafe-inline' https://*.sharethis.com https://*.hotjar.com https://www.surveygizmo.eu https://www.surveygizmo.com https://fonts.googleapis.com https://*.cloudfront.net https://optimize.google.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://*.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.google.com  https://*.google.be https://px.ads.linkedin.com https://*.sharethis.com http://*.sharethis.com https://www.surveygizmo.eu https://www.surveygizmo.com https://tr.outbrain.com https://www.eflavours.be https://*.vimeo.com https://*.vimeocdn.com https://ib.adnxs.com https://secure.adnxs.com https://*.cloudfront.net https://*.gstatic.com https://www.surveygizmo.eu https://cdn.cookielaw.org https://www.googletagmanager.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com; media-src 'self' http://vimeo.com http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://*.youtube.com; frame-src 'self' https://*.nn.be https://*.vimeo.com https://*.youtube.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org https://*.deltalloydlife.be https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.amazon-adsystem.com; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.eflavours.be https://fonts.gstatic.com; connect-src 'self'  https://*.sharethis.com https://*.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://*.google-analytics.com https://*.googlesyndication.com https://*.google.com/pagead/ https://cdn.cookielaw.org https://geolocation.onetrust.com https://region1.analytics.google.com https://nninsurancesbelgium.piwik.pro https://*.clarity.ms https://*.linkedin.com; report-uri /en/report-csp-violation 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://api.reciteme.com/ https://stats.reciteme.com/  *.stghavaspeople.com https://cdn.linkedin.oribi.io/ https://tracking.tribepad.com/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://pagead2.googlesyndication.com/ https://stats.g.doubleclick.net/ https://tracking.tribepad.com/ https://www.google-analytics.com/ https://region1.analytics.google.com/ https://www.tesco-careers.com/ http://gw.oribi.io/ ;  font-src 'self' https://api.reciteme.com/; style-src 'self' 'unsafe-inline' https://api.reciteme.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.reciteme.com/ *.stghavaspeople.com https://tracking.tribepad.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ *.stghavaspeople.com/ https://ajax.aspnetcdn.com/ https://cdnjs.cloudflare.com/ https://px.ads.linkedin.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ http://cdn.oribi.io/ https://cdn.oribi.io/ http://www.google-analytics.com/ https://sjs.bizographics.com/ https://maps.googleapis.com/ https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://player.vimeo.com; frame-src 'self' https://2476867.fls.doubleclick.net/ https://td.doubleclick.net/ https://10220835.fls.doubleclick.net/ http://8984071.fls.doubleclick.net/ https://8984071.fls.doubleclick.net/ https://www.googletagmanager.com/  https://www.youtube.com/; img-src 'self' data: 'unsafe-inline' https://dashboard.umbraco.org/ https://api.reciteme.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://ad.doubleclick.net/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ http://tracking.tribepad.com/ https://tracking.tribepad.com/ https://pixel.mediaiqdigital.com/ http://www.google-analytics.com/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://scontent.xx.fbcdn.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://maps.gstatic.com/;  1
default-src 'self'; frame-ancestors 'none'; form-action 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net dpm.demdex.net *.amazonaws.com *.attn.tv audioeye.com *.audioeye.com *.bing.com *.btttag.com btttag.com certona.net cloudflare.com cdnjs.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com criteo.com criteo.net *.criteo.net *.criteo.com *.facebook.com *.facebook.net *.forter.com forter.com *.google.com *.google.co.uk www.google.ee www.google.ch www.google.cz www.google.ge www.google.by www.google.lv www.google.ca *.google.ie www.google.hr *.google.pl www.google.pt www.google.lu *.google.nl *.google.de *.google.fr www.google.hu *.google.be www.google.es www.google.ru www.google.is www.google.bg www.google.lt www.google.ro www.google.it www.google.jo www.google.no www.google.si www.google.gr www.google.sk *.gstatic.com www.googleadservices.com googleapis.com *.googleapis.com *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.optimizely.com *.paypal.com *.qualtrics.com *.force.com my.salesforce.com *.my.salesforce.com *.salesforceliveagent.com *.salesforce-site.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co techlab-cdn.com p11.techlab-cdn.com cquotient.com *.cquotient.com jsdelivr.net *.katespade.com katespade.eu *.katespade.eu www.katespade.de cookielaw.org cdn.cookielaw.org onetrust.com *.cdnwidget.com *.cdnbasket.net *.onetrust.com *.drivecommerce.com quantummetric.com *.quantummetric.com tag.wknd.ai goqubit.com static.goqubit.com *.qubit.com *.qubitproducts.com trustedshops.com *.trustedshops.com *.linksynergy.com smct.io *.smct.io pippio.com api.addressy.com *.doubleclick.net tapes11111.pcapredict.com services.postcodeanywhere.co.uk *.tangiblee.com *.bounceexchange.com events.bouncex.net *.rakuten.com smct.co *.smct.co api.soreto.com prod-cdn.us.yextapis.com realtimeanalytics.yext.com *.a.bigcontent.io *.adyen.com *.mktgcdn.com *.bluecore.com www.yext-pixel.com snap.licdn.com main-de-coach-com-pagescdn-com.preview.pagescdn.com ct.pinterest.com analytics.tiktok.com s.pinimg.com creativecdn.com *.creativecdn.com www.linkedin.com *.kampyle.com *.medallia.com *.stylitics.com code.jquery.com *.scene7.com tapestry.my.salesforce-sites.com cdn.attn.tv *.upsellit.com *.gocertify.me data: blob:; 1
style-src 'self' 'unsafe-inline' https://lptag.liveperson.net https://www.googletagmanager.com https://lpcdn.lpsnmedia.net https://fonts.googleapis.com 'report-sample'; script-src 'nonce-OyQS/4YTVRhSZCXw9WG8CwAAC5XdQhr4MPcJ0T79dayTFXFTmqwqmSc8ETY4EmNo' 'self' 'report-sample'; script-src-elem 'self' 'nonce-OyQS/4YTVRhSZCXw9WG8CwAAC5XdQhr4MPcJ0T79dayTFXFTmqwqmSc8ETY4EmNo' 'sha256-HRm8H7cOa9LHEbmBTT0FrAqkKp6XUSC2QqSxiUn/bgA=' 'sha256-wPcaQyDp92fJ69WEkzY6H4YGZ2AHAVwXDC40awgDCyI=' 'sha256-ifsaGaoEdPmi6N9GsRmx8PSolqSrGyvDtrWbimsg9Rc=' https://www.googletagmanager.com https://www.googleadservices.com googleadservices.com https://login.zscalerthree.net/ https://fonts.googleapis.com assets.adobedtm.com  https://assets.adobedtm.com https://sales.liveperson.net https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com https://www.linksentr.com https://connect.facebook.net flex.msn.com https://gateway.zscalerthree.net https://cse.google.com bat.bing.com https://lptag.liveperson.net d2oh4tlt9mrke9.cloudfront.net b-code.liadm.com https://www.google-analytics.com https://lpcdn.lpsnmedia.net https://va.v.liveperson.net https://accdn.lpsnmedia.net ; connect-src 'self' https://adservice.google.com googleadservices.com https://analytics.google.com https://col.eum-appdynamics.com https://www.google-analytics.com https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com https://rp.liadm.com https://upspringsmarket.com https://www.dwtrk.com https://convert.aqpyx.com https://www.lnkxfer8.com https://mediaforceltd.go2jump.org/ https://www.kritrk.com https://www.sjetrk.com flex.msn.com https://activping.com https://evestamarketing.go2cloud.org https://ctrackr.com/ https://www.pirolane.com clickserv.sitescout.com https://tracking.lifestylejournal.com https://www.insurescuretrk.com quotelab.com https://www.shmktpl.com https://www.facebook.com cxqfb.com https://secure.marketinghub.hp.com network.adsmarket.com https://www.mitwodotoh.com https://www.dianomi.com https://insuranceclicks.com tracking.admarketplace.net https://www.linksentr.com https://affiliate.gwmtracker.com https://ws.sessioncam.com p.liadm.com https://3952369.fls.doubleclick.net https://aigcom.tt.omtrdc.net https://trc.taboola.com d.adroll.com https://prformc.com https://10585389.fls.doubleclick.net https://login.dotomi.com https://stats.g.doubleclick.net ; img-src 'self' https://sync.outbrain.com https://www.googletagmanager.com https://adservice.google.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://www.google-analytics.com https://io.narrative.io https://image2.pubmatic.com https://beacon.krxd.net https://dpm.demdex.net https://sync.taboola.com https://api.datasteam.io clickserv.sitescout.com https://www.dwtrk.com https://evestamarketing.go2cloud.org https://seal-sandiego.bbb.org https://pippio.com https://stags.bluekai.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://pixel.rubiconproject.com https://ups.analytics.yahoo.com https://va.v.liveperson.net https://api.dtstmio.com https://pixel.adsafeprotected.com https://us-u.openx.net https://x.bidswitch.net https://x.bidswitch.net https://i.pretected.com https://cm.g.doubleclick.net https://idsync.rlcdn.com https://www.nextinsure.com https://ib.adnxs.com tracking.admarketplace.net https://login.dotomi.com network.adsmarket.com https://secure.marketinghub.hp.com https://insuranceclicks.com https://www.dianomi.com cxqfb.com https://www.linksentr.com https://trc.taboola.com  https://www.shmktpl.com p.liadm.com https://data.dianomi.com d.adroll.com https://d.adroll.com cebwa.d2.sc.omtrdc.net https://cebwa.d2.sc.omtrdc.net/ https://login.dotomi.com https://googleads.g.doubleclick.net https://aa.agkn.com https://gateway.zscalerthree.net trc.taboola.com apis.murdoog.com https://bat.bing.com privacy-policy.truste.com https://rp.liadm.com https://www.google.com https://www.facebook.com https://lpcdn.lpsnmedia.net/ 'report-sample'; object-src 'none'; report-to 'none'; form-action 'self' https://giwlb2c.uat.aigdirect.com https://giwlb2c.sit.aigdirect.net https://diy.sit.aigdirect.net https://diy.uat.aigdirect.com https://aigd.uat.aigdirect.com https://www-158.aig.com https://www-402.aigdirect.com; frame-src 'self' https://td.doubleclick.net/ https://gateway.zscalerthree.net/ https://login.zscalerthree.net/ https://va-e.c.liveperson.net/ https://lpcdn.lpsnmedia.net https://www.quotelab.com https://www.quotelab.com https://d1eoo1tco6rr5e.cloudfront.net https://www.2565trk.com https://www.lnkxfer8.com https://convert.aqpyx.com https://mediaforceltd.go2jump.org/ https://www.kritrk.com https://ctrackr.com  flex.msn.com https://activping.com https://www.sjetrk.com https://www.pirolane.com https://upspringsmarket.com https://insight.adsrvr.org https://cxqfb.com https://www.insurescuretrk.com https://affiliate.gwmtracker.com https://bid.g.doubleclick.net quotelab.com https://www.mitwodotoh.com https://tracking.lifestylejournal.com https://10585389.fls.doubleclick.net https://3952369.fls.doubleclick.net https://prformc.com https://4279533.fls.doubleclick.net; base-uri 'self'; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://seal.cafe wss://seal.cafe https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;media-src 'self' https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;img-src 'self' data: blob: https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src 'self' http://streaming.astrakhan.ru http://*.yandex.ru http://yandex.ru http://bitrix.info; media-src 'self' * blob:; font-src * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' http://vk.com http://www.youtube.com https://streaming.astrakhan.ru 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com *.doubleclick.net https://connect.facebook.net https://www.facebook.com *.yandex.ru *.yandex.net https://yandex.ru https://comments.shaik.link https://matomo.shaik.link https://cdn.jsdelivr.net blob: 1
default-src 'self' https://librariadelfin.ro/; connect-src 'self' 'unsafe-inline' https://librariadelfin.ro/ https://*.tawk.to wss://*.tawk.to https://stats.g.doubleclick.net https://www.facebook.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.ro https://event.2performant.com; font-src 'self' https://librariadelfin.ro/ https://static-v.tawk.to https://embed.tawk.to https://fonts.gstatic.com; frame-src https://www.youtube.com https://va.tawk.to https://www.facebook.com https://connect.facebook.net https://event.2performant.com https://vars.hotjar.com/ https://lockerplugin.sameday.ro https://event.2performant.com https://cdn.sameday.ro 'self' https://librariadelfin.ro/ plugin-types application/pdf; frame-ancestors 'self'; img-src 'self' https://librariadelfin.ro/ https://static-v.tawk.to https://tawk.link https://www.facebook.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://www.google.com https://www.google.ro https://www.shopmania.ro https://static.compari.ro https://region1.analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com; manifest-src 'none'; media-src https://static-v.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' https://librariadelfin.ro/ https://connect.facebook.net https://embed.tawk.to https://cdn.jsdelivr.net https://static.hotjar.com https://googleads.g.doubleclick.net https://script.hotjar.com https://www.gstatic.com https://www.google.com https://static-v.tawk.to https://attr-2p.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.sameday.ro; style-src 'self' 'unsafe-inline' https://librariadelfin.ro/ https://cdn.jsdelivr.net https://fonts.googleapis.com https://embed.tawk.to https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://cdn.sameday.ro; worker-src 'none'; 1
default-src 'self' img-src 'self' blob: data: *.publishing.one *.vimeo.com *.googleusercontent.com unpkg.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google.ch *.siteimprove.com *.jsdelivr.net siteimproveanalytics.com *.peoplexs.com *.cloudflare.com *.rawgit.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.unsplash.com *.newsletter2go.com *.solique.ch *.global.siteimproveanalytics.io *.raisenow.com *.raisenow.io *.licdn.com *.ads-twitter.com *.twitter.com https://t.co *.facebook.net *.facebook.com *.linkedin.com *.linkedin.oribi.io *.doubleclick.net *.legal-cdn.com 'unsafe-eval' 'unsafe-inline' data:; 1
frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals; default-src 'self'; base-uri 'none'; script-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: franklin-electric.com  *.franklin-electric.com  *.mouseflow.com corp.local corp.dev *.youtube.com youtube.com *.gstatic.com *.googleapis.com html5shiv.googlecode.com cloud.typography.com otp.tools.investis.com hsprod.investis.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.pingdom.net *.googletagmanager.com *.cloudfront.net *.rdstation.com.br 1
default-src 'self' feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'self' 'unsafe-eval' platform.hireserve.nl http://cdn1.readspeaker.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://browser.sentry-cdn.com https://cdn.plyr.io/ https://*.readspeaker.com https://maps.google.com https://maps.googleapis.com https://s.ytimg.com https://www.googletagmanager.com https://www.youtube.com https://*.google-analytics.com https://*.cookiebot.com https://www.googleadservices.com; style-src 'report-sample' 'unsafe-inline' 'self' platform.hireserve.nl https://cdn1.readspeaker.com https://*.googleapis.com; object-src 'none'; base-uri 'self';connect-src 'self' api.ats-platform.com/v1/ipinfo platform.hireserve.nl https://*.googlesyndication.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.nl https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.facebook.com https://maps.googleapis.com https://*.readspeaker.com https://cdn.plyr.io https://noembed.com https://sentry.io https://consentcdn.cookiebot.com; font-src 'self' data: platform.hireserve.nl https://cdn1.readspeaker.com https://fonts.gstatic.com; frame-src 'self' https://platform.hireserve.nl https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com; img-src 'self' data: platform.hireserve.nl https://*.googlesyndication.com https://*.g.doubleclick.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.fr https://www.google.it https://*.analytics.google.com https://img.youtube.com https://*.googleapis.com https://www.facebook.com https://i.ytimg.com https://maps.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com; media-src 'self'; report-uri /umbraco/api/cspreporting/error; 1
default-src 'none'; script-src 'self'; object-src 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self'; frame-src https://www.youtube.com/; media-src 'self'; connect-src 'self'; manifest-src 'none'; prefetch-src 'none'; worker-src 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; style-src 'self' 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-eval'; connect-src 'self'; object-src 'none'; media-src 'self'; frame-src 'self'; frame-ancestors 'self'; 1
connect-src https: wss: blob:; default-src https:; img-src https: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: blob: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastouille.fr; img-src 'self' https: data: blob: https://mastouille.fr; style-src 'self' https://mastouille.fr 'nonce-xbJaDEF6vRwn+MakmliySQ=='; media-src 'self' https: data: https://mastouille.fr; frame-src 'self' https:; manifest-src 'self' https://mastouille.fr; form-action 'self'; child-src 'self' blob: https://mastouille.fr; worker-src 'self' blob: https://mastouille.fr; connect-src 'self' data: blob: https://mastouille.fr https://mastouille.fr wss://mastouille.fr; script-src 'self' https://mastouille.fr 'wasm-unsafe-eval' 1
default-src https: data: blob: wss: 'unsafe-eval' 'unsafe-inline' options inline-script; img-src * data:; frame-src *; 1
default-src 'self' https://inverse.chat https://opkode.com https://conversejs.org https://www.youtube-nocookie.com; connect-src * 'self' https://conversejs.org wss://conversejs.org; img-src * 'self' blob: data:; style-src 'self' 'unsafe-inline' cdn.conversejs.org fonts.googleapis.com; script-src 'self' 'unsafe-inline' stats.opkode.com cdn.conversejs.org; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.conversejs.org data: 1
default-src 'self';connect-src 'self' mc.yandex.ru yandex.ru *.direct-credit.ru suggestions.dadata.ru *.google-analytics.com *.doubleclick.net media.flixcar.com *.jivosite.com jivosite.com jivo.ru  wss://*.jivosite.com wss://*.jivo.ru *.vsegda-da.com *.2gis.ru *.2gis.com *.sberbank.ru unpkg.com *.jivo.ru qoopler.ru ruperstat.ru *.mail.ru;img-src 'self' data:  *.mega-tehnika.ru yandex.ru *.yandex.ru *.yandex.net *.direct-credit.ru media.flixfacts.com *.flix360.com *.flixcar.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googletagmanager.com *.google.ch *.google.de *.google.am *.google.com.ua *.google.co.kr *.jivosite.com *.jivo.ru *.pp.credit *.l-kredit.ru *.youtube.com *.2gis.ru *.2gis.com ruperstat.ru *.mail.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru api-maps.yandex.ru *.direct-credit.ru media.flixfacts.com t.flix360.com media.flixcar.com cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jivosite.com *.jivo.ru *.pp.credit *.l-kredit.ru yastatic.net *.vsegda-da.com *.2gis.ru *.2gis.com *.sberbank.ru qoopler.ru prostats.info *.onef.pro lpt-crm.online profilepx1.ru *.mail.ru;style-src 'self' 'unsafe-inline' *.direct-credit.ru *.flixcar.com *.flixfacts.com cdn.jsdelivr.net fonts.googleapis.com *.jivosite.com *.jivo.ru;font-src 'self' data: *.flixcar.com *.flixfacts.com *.gstatic.com;media-src 'self' *.jivosite.com *.jivo.ru;frame-src 'self' *.youtube.com *.yandex.ru *.yandex.net *.direct-credit.ru *.flixcar.com *.flixfacts.com *.pp.credit *.l-kredit.ru *.jivosite.com *.2gis.ru *.2gis.com *.jivo.ru;report-uri /csp/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-tz2160VAbXWhwB4KHmLrvQj44rQixjDIxVe3fctQAyb0p8k+' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.pivx.org 1
default-src 'self' www.yidatec.com files.yidatec.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-d0a84619-00d9-4973-a5e8-a3cf0dd28010'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com heapanalytics.com; object-src 'none'; frame-src 'self' *.svc.dynamics.com app.hellosign.com player.vimeo.com www.google.com; frame-ancestors 'self'; child-src 'self' blob:; img-src 'self' data: *.svc.dynamics.com api.swiftype.com cdnjs.cloudflare.com cdn.jsdelivr.net gallery.mailchimp.com i.vimeocdn.com heapanalytics.com; font-src 'self' data:  cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com heapanalytics.com; connect-src 'self' *.bf.dynatrace.com *.centralstatesfunds.org *.pdfjs.express *.svc.dynamics.com cdnjs.cloudflare.com cdn.jsdelivr.net heapanalytics.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self' blob:; 1
font-src 'self' fonts.gstatic.com data: netdna.bootstrapcdn.com https://*.wistia.com; script-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net use.typekit.net snap.licdn.com blob: connect.facebook.net js.hubspotfeedback.com cc.cdn.civiccomputing.com js.hubspotfeedback.com https://*.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hsforms.net *.hsforms.net *.hsforms.com js.hubspotfeedback.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://player.vimeo.com https://js.hubspot.com bat.bing.com analytics.tiktok.com www.clarity.ms 'nonce-tN1Ilcr5uTTzY9Y2b6jsPQ=='; object-src 'none'; default-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; connect-src 'self' *.zappar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com api.hubapi.com stats.g.doubleclick.net forms.hubspot.com apikeys.civiccomputing.com googleads.g.doubleclick.net cdn.linkedin.oribi.io pagead2.googlesyndication.com https://forms.hscollectedforms.net https://cta-service-cms2.hubspot.com https://api.getrewardful.com/referrals/track analytics.tiktok.com https://r.clarity.ms/collect https://px.ads.linkedin.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net; style-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com; base-uri 'none'; img-src 'self' data: https:; frame-src 'self' *.zappar.com fast.wistia.net www.youtube.com platform.twitter.com player.vimeo.com app.hubspot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://*.g.doubleclick.net; media-src 'self' *.zappar.com player.vimeo.com vod-progressive.akamaized.net netdna.bootstrapcdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com download-video.akamaized.net 200vod-adaptive.akamaized.net 1
frame-ancestors 'self' *.letgroup.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://psuwatch.com;block-all-mixed-content; 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-11e9a353-fec5-4f86-b9d6-55222206ff41' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://media.growappy.com https://growappy.s3.amazonaws.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://pagead2.googlesyndication.com https://developers.google.com https://partner.googleadservices.com https://adservice.google.pt https://adservice.google.com https://tpc.googlesyndication.com https://appleid.cdn-apple.com; style-src 'self' 'unsafe-inline' https://growappy.s3.amazonaws.com https://media.growappy.com https://fonts.googleapis.com; img-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google.pt https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://pagead2.googlesyndication.com data: blob:; connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://www.growappy.com wss://www.growappy.com https://s3.eu-west-1.amazonaws.com https://growappy.s3-accelerate.amazonaws.com  https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://l.sharethis.com; font-src 'self' https://growappy-test.s3.amazonaws.com https://media.growappy.com https://fonts.gstatic.com data:; object-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com; media-src 'self' https://growappy.s3.amazonaws.com https://media.growappy.com; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self' https://www.facebook.com; base-uri 'self'; manifest-src 'self'; frame-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.youtube.com https://www.facebook.com  https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://appleid.cdn-apple.com; frame-ancestors 'self' https://www.growappy.com; 1
default-src 'self'; img-src 'self' https://www.bitvtest.de; script-src 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' https://player.vimeo.com 'report-sample'; frame-src 'self' https://player.vimeo.com; style-src 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com 'report-sample'; font-src 'self' fonts.gstatic.com; report-uri https://www.dibt.de/@http-reporting?csp=report&requestTime=1705976990348962 1
frame-ancestors 'self' https://get4click.ru/ http://get4click.ru/ http://webvisor.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; content='style-src-elem 'self' https://fonts.googleapis.com' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://g.recomcdn.com https://www.youtube.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://s.ytimg.com https://recom.componentsearchengine.com https://www.snapeda.com https://marketing.recom-power.com https://www.google-analytics.com https://chat.recom-power.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.tawk.to https://cdn.jsdelivr.net/emojione/ https://cdn.chatvisor.com https://app.chatvisor.com https://bat.bing.com/bat.js https://koi-3qnugl5dmw.marketingautomation.services; connect-src 'self' https://www.snapeda.com https://snapeda.s3.amazonaws.com https://intense-caverns-31061.herokuapp.com https://shop.recom-power.com/cart/ https://marketing.recom-power.com https://*.tawk.to wss://*.tawk.to https://cdn.chatvisor.com https://app.chatvisor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ipinfo.io https://consentcdn.cookiebot.com/consentconfig/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: https://g.recomcdn.com https://static-v.tawk.to https://embed.tawk.to/; frame-src 'self' https://www.youtube.com https://player.bilibili.com/player.html https://player.youku.com/embed/ https://recom.componentsearchengine.com https://intense-caverns-31061.herokuapp.com https://marketing.recom-power.com https://chat.recom-power.com https://www.google.com https://player.youku.com https://vars.hotjar.com https://w.soundcloud.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com/ https://player.bilibili.com/player.html https://3d.snapeda.com https://app-3qnugl5dmw.marketingautomation.services/; img-src 'self' https://g.recomcdn.com data: https://recom.componentsearchengine.com https://www.snapeda.com https://snapeda.s3.amazonaws.com https://intense-caverns-31061.herokuapp.com https://marketing.recom-power.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://static-v.tawk.to https://cdn.jsdelivr.net/emojione/ https://www.digikey.com/ https://embed.tawk.to/; style-src 'self' 'unsafe-inline' https://g.recomcdn.com https://marketing.recom-power.com https://tagmanager.google.com https://cdn.jsdelivr.net/emojione/ https://embed.tawk.to/; media-src 'self' https://g.recomcdn.com https://static-v.tawk.to https://embed.tawk.to/;form-action 'self' 'unsafe-inline' https://news.recom-power.com https://marketing.recom-power.com; object-src 'self' https://g.recomcdn.com ; manifest-src 'self' ; base-uri 'none'; frame-ancestors 'self' ; block-all-mixed-content; 1
default-src https: http://www.qonecta.com http://new.quadis.es data: 'unsafe-inline' 'unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ipb.smct.co https://smct.co wss://*.liveperson.net https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.klaviyo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://checkout.byterry.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://*.klaviyo.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://use.typekit.net https://p.typekit.net https://*.typekit.net https://cdn.parcellab.com https://stackpath.bootstrapcdn.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.engageli.com; upgrade-insecure-requests 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalvpn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalvpn.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalvpn.com http://url.totalvpn.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalvpn.com https://www.google.com/; connect-src 'self' https://my.totalvpn.com https://ajax.totalvpn.com https://login.totalvpn.com https://signup.totalvpn.com https://my.totalvpn.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalvpn.com; frame-ancestors 'self' 1
default-src 'self' www.polyas.de www.polyas.com community.polyas.com configure.polyas.com configure-stage.polyas.com configure-dev.polyas.com www.polyas.it www.polyas.fr www.polyas.ch www.polyas.co.uk www.polyas.at; img-src 'self' * data:; media-src 'self' * data:; frame-src 'self' * data:; script-src * 'self' 'unsafe-inline' data: 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; font-src *; child-src *; object-src 'self' https://www.youtube.com; connect-src *; frame-ancestors * https: data: https://www.youtube.com/; 1
default-src 'self' https://smartcaptcha.yandexcloud.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net https://smartcaptcha.yandexcloud.net https://*.kaspersky-labs.com https://api-maps.yandex.ru https://*.maps.yandex.net ; font-src 'self' data: https://fonts.gstatic.com https://yastatic.net ; img-src 'self' data: kirovipk.ru *.kirovipk.ru https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net https://secure.gravatar.com https://favicon.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net ; media-src 'self' https://code.responsivevoice.org https://rutube.ru https://*.userapi.com ; frame-src 'self' https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://forms.yandex.ru https://vk.com https://*.vk.com https://smartcaptcha.yandexcloud.net https://www.youtube.com ; connect-src 'self' https://stat.sputnik.ru https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.fr https://mc.yandex.kz https://yastatic.net *.kaspersky-labs.com ; report-uri https://kirovipk.ru/sites/csp-report/ ; 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com www.google-analytics.com www.google.com *.cookielaw.org *.facebook.net pghub.io www.gstatic.com *.bazaarvoice.com *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com *.cookielaw.org *.doubleclick.net www.facebook.com *.bazaarvoice.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.cookielaw.org res.cloudinary.com *.tapad.com www.google-analytics.com *.doubleclick.net www.facebook.com *.bazaarvoice.com *.pgsitecore.com www.googletagmanager.com www.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.algolia.net *.bazaarvoice.com *.doubleclick.net feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' 'unsafe-inline' https://servis.mgm.gov.tr https://analytics.google.com https://texttospeech.responsivevoice.org https://code.responsivevoice.org https://www.google-analytics.com https://mc.yandex.ru https://stats.g.doubleclick.net https://in.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://static.hotjar.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net;font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net;frame-src 'self' https://www.youtube.com https://vars.hotjar.com https://kentrehberi.fatih.bel.tr https://fabim.fatih.bel.tr https://www.google.com https://www.youtube-nocookie.com https://my.treedis.com https://my.matterport.com https://my.mekandagez.com https://vr.360gez.com https://app.360gez.com https://docs.google.com https://texttospeech.responsivevoice.org https://responsivevoice.org https://use.typekit.net https://fonts.googleapis.com https://www.googletagmanager.com;img-src 'self' https://i.ytimg.com https://mc.yandex.ru https://www.google-analytics.com https://www.google.com https://www.google.com.tr https://fatihteyasa.com https://img7.mynet.com.tr; 1
frame-ancestors 'self' https://cppe.instructure.com 1
frame-ancestors 'self'; connect-src 'self' www.google-analytics.com https://stats.g.doubleclick.net translate.googleapis.com wss://va.msg.liveperson.net https://*.liveperson.net; object-src 'none'; img-src 'self' nutmegstatefcu.wpengine.com p.typekit.net https://www.google.com www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com www.gstatic.com https://fonts.gstatic.com translate.google.com translate.googleapis.com *.google.com/images/ lpcdn.lpsnmedia.net www.nutmegstatefcu.org nutmegstatefcu.org www.facebook.com facebook.com https://hits.ecdashboard.com https://secure.adnxs.com https://bidagent.xad.com; script-src 'nonce-3ea725adf4' 'strict-dynamic' nutmegstatefcu.org/cdn-cgi/scripts; style-src 'unsafe-inline' 'self' translate.google.com translate.googleapis.com gstatic.com https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.cYEbrOmw59Q.L.W.O/d=0/rs=AN8SPfpU282joXDlbkUblMtWLWoZn4bb2g/m=el_main_css www.gstatic.com; font-src 'self' data: *.typekit.net; frame-src 'self' *.youtube.com lpcdn.lpsnmedia.net https://*.liveperson.net www.facebook.com facebook.com https://www.googletagmanager.com; base-uri 'none'; default-src 'self' lpcdn.lpsnmedia.net 1
default-src 'self' 'unsafe-inline' blob:; 	script-src 		'self' 'unsafe-inline' 'unsafe-eval' blob: 		*.typekit.net *.recaptcha.net www.youtube.com *.primetals.com 		remote.captcha.com app.getresponse.com hm.baidu.com 		*.moatads.com *.newsletter2go.com *.cookiebot.com 		*.googleapis.com www.google.com *.google.at www.googletagmanager.com www.google-analytics.com *.gstatic.com 		*.hotjar.com stats.g.doubleclick.net *.facebook.net *.facebook.com *.thelivechatsoftware.com  		*.linkedin.com snap.licdn.com *.moatoads.com *.typekit.net googleads.g.doubleclick.net; 	connect-src 'self' *.hotjar.com *.hotjar.io *.typekit.net *.newsletter2go.com 	    *.doubleclick.net *.cookiebot.com  *.thelivechatsoftware.com 	    wss://blue.thelivechatsoftware.com thechatsoftware.com *.google-analytics.com 	    www.google.com cdn.linkedin.oribi.io json.geoiplookup.io region1.analytics.google.com 	    api.friendlycaptcha.com maps.googleapis.com pagead2.googlesyndication.com *.linkedin.com; 	frame-src 'self' *.primetalss2.seam.at  *.seam.at *.recaptcha.net remote.captcha.com player.youku.com *.cookiebot.com www.youtube.com www.youtube-nocookie.com player.vimeo.com  		vars.hotjar.com www.google.com  app.getresponse.com v.qq.com td.doubleclick.net; 	img-src 'self' data: *.primetals.com *.googleapis.com *.gstatic.com www.google-analytics.com www.google.com www.google.at *.thelivechatsoftware.com 		*.newsletter2go.com *.linkedin.com *.facebook.com *.doubleclick.net app.getresponse.com *.cookiebot.com hm.baidu.com; 	font-src 'self' *.googleapis.com fonts.gstatic.com *.typekit.net *.thelivechatsoftware.com; 	style-src-elem 'self' 'unsafe-inline' *.primetals.com *.googleapis.com *.hotjar.com  app.getresponse.com; 1
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messengerkids.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.messenger.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: 'self' *.messengerkids.com www.messengerkids.com www.google-analytics.com *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messengerkids.com messengerkids.com blob: *.xx.fbcdn.net https://messengerkids.com https://www.messengerkids.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.messengerkids.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.messengerkids.com blob: *.doubleclick.net; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles diecastdirect.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com  acsbapp.com; default-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' diecastdirect.commercev3.com s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com/apps/app/dist/fonts/ cdn.acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com secure.trust-provider.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com images-diecastdirect-com.s3.amazonaws.com img.icons8.com cdn.datatables.net secure.trust-provider.com www.gstatic.com translate.google.com web1.acsbapp.com/apps/app/dist/media/ cdn.acsbapp.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  secure.trust-provider.com cdn.datatables.net  ssl.google-analytics.com acsbapp.com/apps/app/dist/js/app.js  acsbapp.com/apps/app/dist/js/locale/en-loader.json  acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  secure.trust-provider.com cdn.datatables.net  ssl.google-analytics.com acsbapp.com/apps/app/dist/js/app.js  acsbapp.com/apps/app/dist/js/locale/en-loader.json  acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.datatables.net translate.googleapis.com; style-src-elem 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.datatables.net translate.googleapis.com; style-src-attr  'unsafe-inline'; media-src 'self' diecastdirect.commercev3.com s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com www.bing.com data:; 1
default-src https: http: data: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.passageware.com *.passporthealthusa.com *.passporthealthglobal.com *.outlier.com *.clover.com; 1
default-src 'self' www.wcu.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net use.fontawesome.com *.wave2.io *.poshdevelopment.com *.timevaluecalculators.com *.vimeocdn.com *.cloudfront.net/ www.digindemo.com/ app-wcu-eastus-prod.azurewebsites.net app-wcu-eastus-prod-green.azurewebsites.net *.googletagmanager.com *.licdn.com ws.rightonin.com *.hotjar.com rw1.calls.net s.pinimg.com *.googleadservices.com *.g.doubleclick.net *.wcu.com nexus.ensighten.com tags.srv.stackadapt.com *.vimeo.com *.callrail.com *stackadapt.com 'self' *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.timevaluecalculators.com cdn.datatables.net *.typekit.net/ *.typography.com/ localhost *.cloudfront.net/ www.wcu.com tags.srv.stackadapt.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.kargo.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.timevaluecalculators.com https://localhost/ localhost *.amazonaws.com/ *.cloudfront.net/ www.wcu.com *.ads.linkedin.com *.google.com px.marchex.io ct.pinterest.com p.adsymptotic.com cs.choozle.com tags.bluekai.com idsync.rlcdn.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co trc.taboola.com p.truefitcorp.com aorta.clickagy.com fzlnk.com ums.acuityplatform.com synchroscript.deliveryengine.adswizz.com sync.smartadserver.com mmtro.com live.rezync.com *.typixel.com img.webmd.com sync.1rx.io cm.ctnsnet.com wam.solution.weborama.fr b1sync.zemanta.com ag.innovid.com cm.adgrx.com *.skimresources.com pippio.com segments.company-target.com cmi.netseer.com https://c.us1.dyntrk.com *.insightexpressai.com *.narrative.co *.ispot.tv *.mmsho.com *.postrelase.com *.media6degrees.com *.mediawallahscript.com magnetic.t.domdex.com www.totaljobs.com ardrone.swoop.com tag.crsspxl.com soundwave.bnmla.com *.acxiomapac.com prod.v-medialink.com google.com ad.mrtnsvr.com *.adstir.com *.socdm.com *.doubleclick.net *tags.srv.stackadapt.com 'self' *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net/ *.bugherd.com/ *.cloudfront.net/ app-wcu-eastus-prod.azurewebsites.net app-wcu-eastus-prod-green.azurewebsites.net; frame-src *.vimeo.com vimeo.com *.youtube.com *.cusonet.com *.wave2.io *.bostonsoftware.com *.singlepointrating.com collegeroadmap.communityamerica.com/ *.poshdevelopment.com www.digindemo.com/ vars.hotjar.com www.pinterest.com *.g.doubleclick.net *.google.com insight.adsrvr.org *.cloudfront.net *.doubleclick.net ct.pinterest.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.g.doubleclick.net *.mktoresp.com *.google-analytics.com collegeroadmap.communityamerica.com *.pusherapp.com *.pusher.com/ *.poshdevelopment.com wss://ws.pusherapp.com ct.pinterest.com *.hotjar.com wss://*.hotjar.com tags.srv.stackadapt.com *.facebook.com js.callrail.com analytics.google.com *.oribi.io 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://connect.facebook.net; 1
default-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; connect-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; img-src 'self' data: blob: 'unsafe-inline' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; font-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/; frame-src 'self' https://*.googleapis.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ http://www.kraj-lbc.cz/ http://*.kraj-lbc.cz/ https://www.kraj-lbc.cz/ https://*.kraj-lbc.cz/ http://kraj-lbc.cz/ https://kraj-lbc.cz/ https://*.googletagmanager.com/ https://piwik.uvm.cz/ https://*.hotjar.com/ https://*.hotjar.io/ https://polyfill.io/ https://*.twitter.com/ https://*.twimg.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.youtube.com/ https://*.soundcloud.com/ http://*.kr-liberecky.int/ https://www.publicwire.eu/ https://Lbckraj.proebiz.com/ https://*.reservanto.cz/ https://onemocneni-aktualne.mzcr.cz/ https://unpkg.com/ https://camstreamer.com/ https://*.kadlecelektro.cz/ https://*.spotify.com/ https://*.clarity.ms/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://tw.forumosa.com/logs/ https://tw.forumosa.com/sidekiq/ https://tw.forumosa.com/mini-profiler-resources/ https://forumosauploads-12829.kxcdn.com/assets/ https://tw.forumosa.com/extra-locales/ https://forumosa-12829.kxcdn.com/highlight-js/ https://forumosa-12829.kxcdn.com/javascripts/ https://forumosa-12829.kxcdn.com/plugins/ https://forumosa-12829.kxcdn.com/theme-javascripts/ https://forumosa-12829.kxcdn.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' z-na.amazon-adsystem.com/widgets/q 'unsafe-inline' https:; worker-src 'self' https://forumosauploads-12829.kxcdn.com/assets/ https://forumosa-12829.kxcdn.com/javascripts/ https://forumosa-12829.kxcdn.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://support.mpulsesoftware.com; connect-src 'self' https://support.mpulsesoftware.com wss://; 1
default-src * 'self' ; script-src tagmanager.google.com googletagmanager.com fonts.googleapis.com https://www.googletagmanager.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' *; img-src * 'self' data:; frame-ancestors 'self'; 1
upgrade-insecure-requests 1
frame-ancestors 'self' *.avedaarts.edu *.authorize.net 1
frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com *.storyblok.com 1
default-src 'self' 'unsafe-inline'; media-src 'self' *.livechatinc.com *.livechat-files.com *.cpsserv.com *.veritonic.com *.veritonicmetrics.com; font-src 'self'  data: *.livechatinc.com *.livechat-files.com *.googleusercontent.com *.fortawesome.com *.googleapis.com *.gstatic.com *.typekit.net *.cpsserv.com *.veritonic.com *.veritonicmetrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com optanon.blob.core.windows.net *.feefo.com *.visualwebsiteoptimizer.com *.nr-data.net *.newrelic.com *.sportsbreaks.com *.sportsbreaks.local *.sportsbreaks.dev *.postcodeanywhere.co.uk *.pcapredict.com *.nosto.com *.msn.com *.bing.com *.hotjar.com *.googleadservices.com *.googleapis.com *.doofinder.com *.google.com *.google.co.uk *.gstatic.com *.livechatinc.com *.livechat-files.com *.facebook.com *.twitter.com *.ads-twitter.com *.google-analytics.com *.googletagmanager.com  *.facebook.net *.doubleclick.net *.fortawesome.com *.turn.com *.boldchat.com *.composecontact.co.uk *.cloudflare.com unpkg.com cdn.cookielaw.org cdn.tiny.cloud *.cpsserv.com *.jsdelivr.net *.avocet.io *.avct.cloud *.trak.ee *.clarity.ms *.tiktok.com tiktok.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.impactcdn.com *.loggly.com *.ojrq.net sportsbreakscom.sjv.io destinationsportexperiences.com *.destinationsportexperiences.com *.veritonic.com *.veritonicmetrics.com mention-me.com *.mention-me.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com optanon.blob.core.windows.net *.feefo.com *.visualwebsiteoptimizer.com *.nr-data.net *.newrelic.com *.sportsbreaks.com *.sportsbreaks.local *.sportsbreaks.dev *.postcodeanywhere.co.uk *.pcapredict.com *.nosto.com *.msn.com *.bing.com *.hotjar.com *.googleadservices.com *.googleapis.com *.doofinder.com *.google.com *.google.co.uk *.gstatic.com *.livechatinc.com *.livechat-files.com *.facebook.com *.twitter.com *.ads-twitter.com *.google-analytics.com *.googletagmanager.com  *.facebook.net *.doubleclick.net *.fortawesome.com *.turn.com *.boldchat.com *.composecontact.co.uk *.cloudflare.com unpkg.com cdn.cookielaw.org cdn.tiny.cloud *.cpsserv.com *.avocet.io *.avct.cloud *.jsdelivr.net *.trak.ee *.clarity.ms *.tiktok.com tiktok.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com assets-v2-prod.campaignware.com *.ttwstatic.com *.instagram.com destinationsportexperiences.com *.destinationsportexperiences.com *.impactcdn.com *.loggly.com *.ojrq.net sportsbreakscom.sjv.io *.firstdata.com *.veritonic.com *.veritonicmetrics.com mention-me.com *.mention-me.com *.redditstatic.com; img-src 'self' 'unsafe-inline'  data: *.feefo.com optanon.blob.core.windows.net *.visualwebsiteoptimizer.com *.postcodeanywhere.co.uk *.yieldlab.net *.postcodeanywhere.co.uk *.sportsbreaks.com *.sportsbreaks.local *.sportsbreaks.dev *.placehold.it *.gstatic.com *.boldchat.com *.google.com *.google.co.uk *.bing.com *.nosto.com *.livechatinc.com *.livechat-files.com *.google-analytics.com *.facebook.com *.googleapis.com *.doubleclick.net t.co *.tinymce.com *.cpsserv.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.amazonaws.com *.bidswitch.net *.ojrq.net *.veritonic.com *.veritonicmetrics.com *.reddit.com *.loggly.com; style-src 'self' 'unsafe-inline' optanon.blob.core.windows.net *.postcodeanywhere.co.uk *.sportsbreaks.com *.sportsbreaks.local *.sportsbreaks.dev *.googleapis.com *.fortawesome.com *.google.com *.cloudflare.com *.gstatic.com *.typekit.net cdn.tiny.cloud *.cpsserv.com *.livechatinc.com *.livechat-files.com *.jsdelivr.net *.trak.ee ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.ttwstatic.com *.impactcdn.com *.loggly.com *.ojrq.net sportsbreakscom.sjv.io feefo.com *.feefo.com *.veritonic.com *.veritonicmetrics.com; connect-src 'self' *.feefo.com *.postcodeanywhere.co.uk *.google-analytics.com *.nr-data.net *.nosto.com *.hotjar.com *.hotjar.io *.doofinder.com unpkg.com cdn.cookielaw.org *.googleadservices.com *.google.co.uk *.cpsserv.com *.livechatinc.com *.livechat-files.com *.doubleclick.net *.trak.ee *.clarity.ms ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.tiktok.com *.impactcdn.com *.loggly.com *.ojrq.net sportsbreakscom.sjv.io *.googleapis.com wss://ws40.hotjar.com *.bing.com *.veritonic.com *.veritonicmetrics.com mention-me.com *.mention-me.com wss://ws.hotjar.com *.analytics.google.com; object-src 'self' *.livechatinc.com; child-src 'self' 'unsafe-inline' youtube.com youtu.be *.youtu.be *.youtube.com *.v-psp.com *.ogone.com *.facebook.com *.hotjar.com *.doubleclick.net *.livechatinc.com *.livechat-files.com *.google.com *.composecontact.co.uk *.cpsserv.com *.trak.ee *.tiktok.com photoupload.campaignware.com *.benchvote.com *.instagram.com destinationsportexperiences.com *.destinationsportexperiences.com *.firstdata.com *.veritonic.com *.veritonicmetrics.com mention-me.com *.mention-me.com; frame-ancestors 'self' *.v-psp.com *.livechatinc.com *.cpsserv.com *.tourofbritain.co.uk tourofbritain.co.uk *.womenstour.co.uk womenstour.co.uk *.tourseries.co.uk tourseries.co.uk *.barmyarmy.com barmyarmy.com *.trak.ee *.tiktok.com *.impactcdn.com *.loggly.com *.ojrq.net sportsbreakscom.sjv.io destinationsportexperiences.com *.destinationsportexperiences.com *.veritonic.com *.veritonicmetrics.com mention-me.com *.mention-me.com; 1
report-uri https://www.sdcwa.org?gdsih-csp-report; 1
frame-ancestors ; upgrade-insecure-requests ; connect-src 'self' https://designer-api.hu-manity.co https://forms.hsforms.com https://api.omappapi.com https://api.hubspot.com https://api.hubapi.com https://region1.google-analytics.com https://maps.googleapis.com https://cta-service-cms2.hubspot.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/; default-src 'self'; font-src 'self' data: https://d2fpfnkwjznw4m.cloudfront.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://app.hubspot.com/ https://forms.hsforms.com/ https://app.agroptima.com/ https://www.youtube.com/ https://5282482.hs-sites.com/ https://www.recaptcha.net/; img-src 'self' data: https://d2fpfnkwjznw4m.cloudfront.net https://agroptima-cdn.brutalsys.net/ https://secure.gravatar.com https://tr-rc.lfeeder.com https://forms.hsforms.com https://forms-na1.hsforms.com https://track.hubspot.com https://px.ads.linkedin.com https://www.facebook.com https://s.w.org https://maps.gstatic.com https://maps.googleapis.com https://no-cache.hubspot.com https://perf.hsforms.com https://cdn2.hubspot.net https://f.hubspotusercontent30.net https://www.google-analytics.com https://www.google.com https://www.google.es https://5282482.fs1.hubspotusercontent-na1.net https://perf-na1.hsforms.com https://cta-service-cms2.hubspot.com https://static.hubspot.com https://static.hsappstatic.net https://www.linkedin.com https://cta/default/5282482 https://cdn-agroptima.brutalsys.net https://px4.ads.linkedin.com/; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' data: https://d2fpfnkwjznw4m.cloudfront.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.hu-manity.co https://js.hsforms.net https://a.opmnstr.com https://a.omappapi.com https://js.usemessages.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscta.net https://www.google-analytics.com https://sc.lfeeder.com https://connect.facebook.net https://snap.licdn.com https://maps.googleapis.com https://pxgcdn.com https://cta-service-cms2.hubspot.com https://js.hubspot.com https://www.recaptcha.net https://www.gstatic.com https://js-na1.hs-scripts.com/; style-src 'self' 'unsafe-inline' https://d2fpfnkwjznw4m.cloudfront.net https://cdnjs.cloudflare.com https://a.omappapi.com https://fonts.googleapis.com; 1
default-src 'self' *.timeavenue.ru;                    script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://mc.yandex.ru https://yastatic.net *.jivosite.com *.jivo.ru https://www.googletagmanager.com https://stats.g.doubleclick.net https://connect.facebook.net *.roistat.com https://api-maps.yandex.ru https://*.maps.yandex.net *.maps.yandex.net https://ajax.googleapis.com *.google-analytics.com https://ipinfo.io https://geocode-maps.yandex.ru;                    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.roistat.com *.jivosite.com *.jivo.ru data: blob:;                    font-src 'self' data: https://fonts.gstatic.com;                    img-src 'self' https: data: https://mc.yandex.ru;                    frame-src 'self' https://www.facebook.com https://www.youtube.com https://docs.google.com https://yandex.ru https://api-maps.yandex.ru https://static.inspify.io;                    connect-src 'self' https://mc.yandex.ru stats.g.doubleclick.net *.jivosite.com *.jivo.ru wss: https://www.facebook.com *.timeavenue.ru *.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net;                    object-src 'self' https://docs.google.com;                    media-src 'self' data: *.jivosite.com *.jivo.ru;                    frame-ancestors 'self' http://webvisor.com; 1
base-uri 'none'; default-src 'self'; style-src 'self' 'nonce-440af71db19560369d38eccd9afabe5c' fonts.googleapis.com static.sooqr.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: www.google-analytics.com region1.google-analytics.com pixel.sooqr.com maps.googleapis.com www.google.com maps.gstatic.com www.toegankelijkheidsverklaring.nl; script-src 'self' 'nonce-440af71db19560369d38eccd9afabe5c' www.google-analytics.com region1.google-analytics.com static.sooqr.com dynamic.sooqr.com maps.googleapis.com; connect-src 'self' maps.googleapis.com www.google-analytics.com region1.google-analytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com; form-action 'self' digid.nl secure.ogone.com; frame-src 'self' www.youtube.com www.google.com kaarten.veldhoven.nl; frame-ancestors 'self'; 1
frame-ancestors https://weta365.com https://*.weta365.com https://*.laihua.com https://laihua.com http://aigc.tanyiwise.cn https://videopost.hjananking.com https://videopost-if.hjananking.com http://*.zkyfszr.cn http://zkyfszr.cn http://xingwy.com http://*.xingwy.com https://*.xhsnews.com http://*.xhsnews.com http://ai.hushida.com http://xn.jcyint.cn https://shenggongshuzhi.com https://*.shenggongshuzhi.com http://live.4utech.cn http://ydboem.4utech.com http://*.xxlive.cn http://xxlive.cn https://*.xxlive.cn https://xxlive.cn https://avatar.yuan365.com https://*.yuan365.com http://sibac.net http://www.sibac.net https://yainoo.com https://www.yainoo.com http://digiman.yunbiao.tv http://dh.huizhihuyu.com https://nszr.n.cn http://www.hokooai.com https://human.n.cn https://juliangai.com http://juliangai.com https://www.juliangai.com http://www.juliangai.com http://www.chumenyw.com https://weta.magook.com https://weta.bookan.com.cn https://oa.bookan.com.cn https://public.bookan.com.cn https://weta.bookan.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-LWoVnRHK4L2z1fF_UIxu3w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.jobtensor.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-9v+Uu4HHKP9IqzguLXNAvW/vfN/gfrw7HMckfWEwoO0Mi7qw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *;font-src * data:;media-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *;frame-src *;	frame-ancestors 'self';connect-src *;child-src *; form-action *;style-src 'unsafe-inline' 'self' *;img-src 'unsafe-inline' 'self' * data: 1
manifest-src 'self' https://set-icap.com https://dolar.set-icap.com; default-src 'self' data: set-icap.com; script-src 'self' 'unsafe-eval'; connect-src 'self' https://proxy.set-icap.com https://back.set-icap.com https://hooks.zapier.com https://secure.epayco.co https://apify-private.epayco.co https://checkout.epayco.co https://www.google-analytics.com https://www.gstatic.com https://td.doubleclick.net https://lw.cliengo.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google.com.co https://www.googletagmanager.com https://s.cliengo.com https://maxcdn.bootstrapcdn.com https://www.google.com https://maps.google.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://secure.epayco.co https://maps.google.com https://platform.twitter.com https://s3.tradingview.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://checkout.epayco.co https://www.googletagmanager.com https://www.google-analytics.com https://s.cliengo.com https://lw.cliengo.com https://www.google.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' httpd://dolar.set-icap.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://secure.gravatar.com https://syndication.twitter.com https://www.google-analytics.com https://www.google.com https://www.google.com.co https://set-icap.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com data:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://lw.cliengo.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; frame-src 'self' https://maps.gstatic.com https://maps.google.com https://www.youtube.com https://syndication.twitter.com https://s.tradingview.com https://platform.twitter.com https://secure.epayco.co https://api.stockdio.com https://td.doubleclick.net https://lw.cliengo.com https://www.google.com; frame-ancestors 'self' http://190.144.195.70 http://webmail.set-icap.com https://webmail.set-icap.com; object-src 'none' 1
frame-ancestors 'self' *.lndo.site *.us-2.platformsh.site *.authorize.net multcopets.org *.multcopets.org 1
default-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.trustcommander.net *.commander1.com; connect-src 'self' *.mktoresp.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net cdn.linkedin.oribi.io *.trustcommander.net; font-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.linkedin.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net p.adsymptotic.com; media-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com *.licdn.com *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net connect.facebook.net cdn.tagcommander.com cdn.trustcommander.net; style-src 'self' 'unsafe-inline' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.tagcommander.com cdn.trustcommander.net snap.licdn.com; base-uri 'self'; form-action 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.payrct.fr *.paynum.fr; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tacobelllabs.net; img-src 'self' https: data: blob: https://tacobelllabs.net; style-src 'self' https://tacobelllabs.net 'nonce-5LlaI9cgPMgUI3DxNeO/CA=='; media-src 'self' https: data: https://tacobelllabs.net; frame-src 'self' https:; manifest-src 'self' https://tacobelllabs.net; form-action 'self'; child-src 'self' blob: https://tacobelllabs.net; worker-src 'self' blob: https://tacobelllabs.net; connect-src 'self' data: blob: https://tacobelllabs.net https://media.tacobelllabs.net wss://tacobelllabs.net; script-src 'self' https://tacobelllabs.net 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ajax.googleapis.com ajax.aspnetcdn.com http://www.knhs.nl https://klantenservice.knhs.nl http://platform.twitter.com http://www.google-analytics.com https://googleads.g.doubleclick.net https://static.hotjar.com https://region1.google-analytics.com https://www.google.com https://www.google.nl https://syndication.twitter.com http://maps.googleapis.com http://www.bing.com https://r.bing.com http://maps.gstatic.com https://csmetrics.hotjar.com https://code.jquery.com http://code.jquery.com *.virtualearth.net data:; font-src 'self' data:; 1
frame-ancestors 'self' emaillistverify.com *.emaillistverify.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://a2mi.social; img-src 'self' https: data: blob: https://a2mi.social; style-src 'self' https://a2mi.social 'nonce-ThukNghW9iTkuHJFta9BJw=='; media-src 'self' https: data: https://a2mi.social; frame-src 'self' https:; manifest-src 'self' https://a2mi.social; form-action 'self'; child-src 'self' blob: https://a2mi.social; worker-src 'self' blob: https://a2mi.social; connect-src 'self' data: blob: https://a2mi.social https://files.a2mi.social wss://a2mi.social; script-src 'self' https://a2mi.social 'wasm-unsafe-eval' 1
frame-ancestors https://*.cpcworldwide.com 1
default-src https:; font-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 1
default-src 'self'; script-src 'nonce-1229DFA1B1BC1DBB02104E3D75E534AA' 'sha256-HnqcJKdXH/Sl216fo05VaniEJ1icgxbI07COWTMEo18=' 'self' https://acsbapp.com/ http://tools.euroland.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d3e54v103j8qbb.cloudfront.net/ https://tools.euroland.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.gstatic.com/ https://cc.cdn.civiccomputing.com/ https://player.vimeo.com https://www.googletagmanager.com/ https://www.google.com/; font-src 'self' data: https://acsbapp.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; connect-src 'self' *.google-analytics.com *.webflow.com *.acsbapp.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://clapi.civiccomputing.com/ https://pagead2.googlesyndication.com/ https://apikeys.civiccomputing.com/ https://www.google-analytics.com/  https://www.googletagmanager.com/ https://www.google.com/ https://our.umbraco.com/ *.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.embedly.com/ https://gamma.euroland.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://tools.eurolandir.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://entaingroup.com/ https://www.googletagmanager.com/ https://web1.acsbapp.com/ https://acsbapp.com/ https://uploads-ssl.webflow.com/ https://i.vimeocdn.com/ https://dashboard.umbraco.com/ https://our.umbraco.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.bing.com/ https://www.github.com/ https://github.com/; object-src 'none'; base-uri 'self'; media-src 'self' https://web1.acsbapp.com/; worker-src blob: 'self'; 1
frame-ancestors 'self' *.kakao.com *.kakaocdn.net www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com;object-src 'self' *.kakao.com *.kakaocdn.net  www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kakao.com *.kakaocdn.net  www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com www.googletagmanager.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com t1.daumcdn.net t1.kakaocdn.net developers.kakao.com jsgetip.appspot.com cr.acecounter.com;style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.interactive.de lralb.flip-app.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.at zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
object-src 'none'; default-src 'self'; base-uri 'self'; script-src 'strict-dynamic' https: 'nonce-b7e67cf327c1d6768a61767e6dd8b538'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' https: data:; frame-src https://widget.trustpilot.com/ https://www.youtube.com/; connect-src 'self' http://tr.outbrain.com https://trc.taboola.com https://trc-events.taboola.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; report-uri /content_security_policy_report; upgrade-insecure-requests 1
default-src 'self';         img-src 'self' img.youtube.com i.ytimg.com www.google-analytics.com;         style-src 'self' 'unsafe-inline' fonts.googleapis.com;         font-src 'self' fonts.gstatic.com data: ;         script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com                     static.cloudflareinsights.com ajax.cloudflare.com www.youtube.com;         frame-src www.google.com www.youtube.com;         frame-ancestors 'self';         child-src ;         connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=SG&lang=en-SG&device=desktop&yrid=7f47au1iqu67r&partner=; 1
frame-ancestors 'self' https://swj.format78.de https://vmt.hafas.de 1
default-src 'self' http://* https://* blob: data:; script-src 'self' 'unsafe-inline' http://* https://* blob: 'unsafe-eval' data:; connect-src * 'self' http://* https://* blob: data:; img-src data: 'self' http://* https://* blob:; style-src 'self' 'unsafe-inline' http://* https://* blob: data:; frame-ancestors 'self' http://* https://* blob: data: http://*.webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com https://metrika.yandex.com.tr; 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com jdrf.org.uk www.jdrf.org.uk stats.g.doubleclick.net *.googlesyndication.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src data: jdrf.org.uk www.jdrf.org.uk; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com www.facebook.com challenges.cloudflare.com *.doubleclick.net *.antidote.me antidote.me https://antidote.me/; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com *.co analytics.twitter.com  *.google.com *.facebook.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net ; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net static.hotjar.com *.hotjar.com googleads.g.doubleclick.net static.ads-twitter.com cdn.oribi.io script.hotjar.com challenges.cloudflare.com *.antidote.me antidote.me; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com; worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.igus.eu https://*.igus.de https://*.igus.com https://*.igus.com.ar https://*.igus.at https://*.igus.com.au https://*.igus.be https://*.igus.bg https://*.igus.com.br https://*.igus.by https://*.igus.ca https://*.igus.ch https://*.igus.cl https://*.igus.com.cn https://*.igus.cz https://*.igus.dk https://*.igus.es https://*.igus.com.eg https://*.igus.fi https://*.igus.fr https://*.igus.co.uk https://*.igus.gr https://*.igus.hr https://*.igus.hu https://*.igus.ie https://*.igus.co.il https://*.igus.in https://*.igus.it https://*.igus.co.jp https://*.igus.kr https://*.igus.lt https://*.igus.com.mx https://*.igus.my https://*.igus.nl https://*.igus.no https://*.igus.co.nz https://*.igus.pl https://*.igus.pt https://*.igus.ro https://*.igus.rs https://*.igus.ru https://*.igus.se https://*.igusab.se https://*.igus.sg https://*.igus.si https://*.igus.sk https://*.igus.com.tr https://*.igus.com.tw https://*.igus.com.ua https://*.igus.vn https://*.igus.co.za https://*.igus.co.id https://*.igus.ee https://*.igus.co.th https://igus.lightning.force.com https://*.igus.tools; 1
default-src blob: data: 'self' http://localhost:* ws://localhost:* track.hubspot.com app.hubspot.com google-analytics.com www.google-analytics.com www.googleadservices.com api.hubapi.com assets.prod.validic.com cdn.polyfill.io www.google.com api.hubspot.com api.myhealthcheck360.com googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net forms.hubspot.com js.hsadspixel.net app.validic.com js.usemessages.com js.hs-scripts.com js.hs-banner.com www.googletagmanager.com maxcdn.bootstrapcdn.com 'unsafe-inline' www.healthcheck360.com mhc-stage.healthcheck360.com syncmydevice.com 'unsafe-eval'; report-uri /report-violation; object-src 'none' 1
default-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com; object-src 'none'; font-src 'self'; base-uri 'self'; 1
default-src 'self' lakareutangranser.se *.lakareutangranser.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' lakareutangranser.se *.lakareutangranser.se *.cookielaw.org *.dibspayment.eu connect.facebook.net snap.licdn.com acdn.adnxs.com 510004988.collect.igodigital.com cdn.linkedin.oribi.io polyfill.io cdn.jsdelivr.net cdnjs.cloudflare.com *.lawly.app *.adoveo.com *.prezicdn.net *.bing.com *.mynewsdesk.com *.instagram.com https://lakareutangranser.confetti.events/common/scripts/embed.js https://d3p7p6awqnheqh.cloudfront.net/build/assets/embed-6735a149.js *.google.com *.gstatic.com *.youtube.com *.facebook.net *.adnxs.com *.mookie1.com *.googletagmanager.com *.doubleclick.net; object-src 'self'; style-src 'self' 'unsafe-inline' lakareutangranser.se *.lakareutangranser.se *.typekit.net *.myfonts.net *.dibspayment.eu *.jsdelivr.net *.cloudflare.com *.mynewsdesk.com *.googleapis.com https://d3p7p6awqnheqh.cloudfront.net/build/assets/embed-b2c9b244.css https://lakareutangranser.confetti.events/common/style/embed.css; img-src 'self' lakareutangranser.se *.lakareutangranser.se data: *.cookielaw.org *.facebook.com *.bing.com *.mookie1.com *.adnxs.com *.linkedin.com *.igodigital.com *.openstreetmap.org via.tt.se *.confetticdn.com *.dibs.se *.ytimg.com *.googleapis.com *.mookie1.com; media-src 'self'; frame-src 'self' *.soundcloud.com *.doubleclick.net *.dibspayment.eu *.youtube.com *.facebook.com *.adoveo.com *.mynewsdesk.com *.lawly.app *.instagram.com *.google.com; child-src 'self' *.soundcloud.com *.doubleclick.net *.dibspayment.eu *.youtube.com *.facebook.com *.adoveo.com ; font-src 'self' data: *.typekit.net fonts.gstatic.com; connect-src 'self' lakareutangranser.se *.lakareutangranser.se *.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.confetti.events *.googleapis.com https://px.ads.linkedin.com/wa/ https://glitchtip.digikube.dgstage.se/api/11/store/ https://glitchtip.digikube.dgstage.se/api/11/envelope/; report-uri https://glitchtip.digikube.dgstage.se/api/11/security/?sentry_key=20d9cded8ac14993bf29d0c555f2d266&sentry_environment=PROD 1
default-src 'self' *.googleapis.com *.azurewebsites.net *.bugsnag.com *.pusher.com *.bugherd.com translate.googleapis.com www.google-analytics.com *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com cta-service-cms2.hubspot.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simpli.fi *.googleapis.com *.bugherd.com siteimproveanalytics.com www.googletagmanager.com js.hubspot.com js.hs-banner.com translate-pa.googleapis.com js.hscollections.net js.hscollectedforms.net js.hs-analytics.net js.hs-scripts.com www.youtube.com js.hsforms.net forms.hsforms.com cdn.jsdelivr.net ssl.google-analytics.com ajax.googleapis.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.google-analytics.com;        style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com translate.googleapis.com www.gstatic.com;       img-src 'self' *.gstatic.com etransstorage.blob.core.windows.net data: *.simpli.fi *.googleapis.com *.cloudfront.net *.jtafla.com *.doubleclick.net *.tapad.com *.agkn.com *.tremorhub.com sync.1rx.io *.smaato.net eb2.3lift.com sync.intentiq.com image2.pubmatic.com ads.stickyadstv.com ups.analytics.yahoo.com sync.bfmio.com stags.bluekai.com *.googleadservices.com *.hubspot.com perf-na1.hsforms.com img.evbuc.com ssl.google-analytics.com fonts.gstatic.com forms.hsforms.com forms-na1.hsforms.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net www.google.com translate.googleapis.com translate.google.com cdn.etrans.it www.w3.org *.siteimproveanalytics.io;       font-src 'self' *.typekit.net fonts.gstatic.com;       object-src 'none';        frame-ancestors 'self';        frame-src 'self' www.youtube.com *.hsforms.com sidebar.bugherd.com;       form-action 'self' forms.hsforms.com *.jtafla.com 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.userway.org https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn.userway.org https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' http://int.form.eset.com https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://cdn.userway.org https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://support.eset.com https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.riddle.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.gstatic.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn.userway.org https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn.userway.org https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.riddle.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
font-src *.stripe.com *.google.com *.sagepay.com *.klarnacdn.net https://fonts.gstatic.com/ https://*.hotjar.com/ *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com www.facebook.com https://email-studiospares.com/ 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com/ *.sagepay.com account.fetchify.com *.klarna.com https://9189136.fls.doubleclick.net/ https://*.hotjar.com/ https://js.klarna.com/ https://www.paypalobjects.com/ https://widget.trustpilot.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io cdn.doofinder.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com https://bat.bing.com/ https://c.bing.com/ https://*.clarity.ms/ https://eu1-doofinderuser.s3.amazonaws.com/ https://googleads.g.doubleclick.net/ https://*.hotjar.com/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://9189136.fls.doubleclick.net/ https://ad.doubleclick.net/ https://ade.googlesyndication.com/ https://www.google.com/pagead/1p-user-list/1059523504/ https://www.google.co.uk/pagead/1p-user-list/1059523504/ https://cdn.klarna.com/ https://x.klarnacdn.net/ https://img.youtube.com/ https://i.ytimg.com/ https://www.magecomp.com/media/images/magecomp--extension.png https://cdn.wisepops.com/ https://cdn.wisepops.net/ https://dx4nr741tfc02.cloudfront.net/ https://tracking.wisepops.com/ https://wisp-production-storage.s3.amazonaws.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ www.google.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com/ *.sagepay.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://bat.bing.com/ https://www.clarity.ms/ https://x.klarnacdn.net/ https://app.getwisp.co/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://*.hotjar.com/ https://*.noibu.com/ wss://*.noibu.com/ https://studiospares.postaffiliatepro.com/ https://static.site24x7rum.eu/ https://email-studiospares.com/ https://invitejs.trustpilot.com/ https://widget.trustpilot.com/ https://tpc.googlesyndication.com/ https://cdn.wisepops.com/ https://cdn.wisepops.net/ https://loader.wisepops.com/ https://wisepops.net/ https://embed.tawk.to/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com cc-cdn.com *.klarnacdn.net https://cc-cdn.com/ https://fonts.googleapis.com/ unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://bat.bing.com/ https://*.clarity.ms/ https://api.craftyclicks.co.uk/ https://stats.g.doubleclick.net/ https://app.getwisp.co/ https://google.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com https://*.hotjar.com/ wss://*.hotjar.com/ https://*.hotjar.io/ https://eu.klarnaevt.com/ https://js.klarna.com/ https://x.klarnacdn.net/ https://*.noibu.com/ wss://*.noibu.com/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://activity.wisepops.com/ https://wisepops.net/ https://popup.wisepops.com/ https://tracking.wisepops.com/ https://notifications.wisepops.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
img-src 'self' data: 'unsafe-inline' https://maps.googleapis.com/ https://maps.gstatic.com/ *.metropole-rouen-normandie.fr https://cdn.jsdelivr.net/ https://www.modulesbox.com *.modulesbox.com *.cirkwi.com https://i.ytimg.com *.google-analytics.com *.quadran.eu *.openstreetmap.org *.mapbox.com http://www.toolserver.org https://tiles.wmflabs.org/ *.sibforms.com https://reseau-astuce.fr/ https://unpkg.com  https://cibul.s3.amazonaws.com/ https://public.flourish.studio; script-src 'self' 'unsafe-eval' *.metropole-rouen-normandie.fr *.modulesbox.com 'unsafe-inline' https://maps.googleapis.com/ https://cdn.jsdelivr.net *.modulesbox.com *.cdnjs.cloudflare.com https://cdnjs.cloudflare.com *.fonts.gstatic.com *.google-analytics.com *.quadran.eu *.googletagmanager.com https://www.addtoany.com https://static.addtoany.com/ *.youtube.com *.mapbox.com https://openagenda.com *.google.com *.gstatic.com https://www.weezevent.com https://unpkg.com https://sibforms.com https://public.flourish.studio https://maxcdn.bootstrapcdn.com https://code.highcharts.com/ https://polyfill.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net *.mapbox.com https://www.modulesbox.com *.modulesbox.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.openstreetmap.org https://unpkg.com https://sibforms.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' https://assets.sendinblue.com  https://www.modulesbox.com *.modulesbox.com; frame-src 'unsafe-eval' * 'unsafe-inline' *.sibforms.com  https://static.addtoany.com; object-src 'none'; connect-src 'self' *.metropole-rouen-normandie.fr *.google-analytics.com 'unsafe-inline' *.modulesbox.com *.google-analytics.com *.sibforms.com  https://maps.googleapis.com/; media-src 'self' 'unsafe-inline' *.cirkwi.com https://maps.googleapis.com/; default-src 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=47qrdptiqu9lm&partner=; 1
default-src 'self'; connect-src *; font-src 'self' use.fontawesome.com; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' app.productadvisor.io; style-src 'self' 'unsafe-inline' use.fontawesome.com app.productadvisor.io; frame-src 'self' www.youtube.com www.youtube-nocookie.com app.productadvisor.io; 1
default-src 'self'; script-src 'self' 'sha256-sLU1QYxA52/o693aSUlHcdwCjZ+/hpOPmx2tr57+Lic=' 'sha256-Zk+DYgtdB0vbc/W9IgQuzTQk5zM2Jt/4MFCO4ru717Y=' 'sha256-f2mro/5b+gAbPX7ggwAI7LNJ3FOzQObQz+3vMHCxWYY=' ajax.cloudflare.com static.cloudflareinsights.com https://edu2review.com https://maps.googleapis.com https://apis.google.com https://www.google-analytics.com https://static.cloudflareinsights.com https://www.googletagmanager.com *.facebook.net *.googleadservices.com; child-src https://www.youtube.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://edu2review.com; frame-ancestors 'self'; connect-src https://analytics.google.com *.analytics.google.com cloudflareinsights.com *.facebook.com https://maps.googleapis.com *.googleadservices.com *.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://static.cloudflareinsights.com https://edu2review.com; font-src 'self' https://fonts.gstatic.com; style-src https: 'self' *.googleapis.com 'unsafe-inline'; img-src https: 'self' data: always; 1
default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self';  style-src 'self'; frame-ancestors 'none'; report-uri https://forfun.uriports.com/reports/report; report-to default 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://sakurajima.moe 'wasm-unsafe-eval' use.typekit.net; font-src 'self' https://sakurajima.moe use.typekit.net; img-src 'self' data: blob: https://sakurajima.moe https://us-east-1.linodeobjects.com p.typekit.net; style-src 'self' https://sakurajima.moe use.typekit.net p.typekit.net 'nonce-eyA4LJGieN1g3RxWgMFSaw=='; media-src 'self' data: https://sakurajima.moe https://us-east-1.linodeobjects.com; frame-src 'self' https:; child-src 'self' blob: https://sakurajima.moe; worker-src 'self' blob: https://sakurajima.moe; connect-src 'self' blob: data: wss://sakurajima.moe https://sakurajima.moe https://us-east-1.linodeobjects.com; manifest-src 'self' https://sakurajima.moe; form-action 'self' 1
base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://docs.google.com/spreadsheets/ https://doc-10-1s-sheets.googleusercontent.com/ https://stats.g.doubleclick.net https://www.coloradohistoricnewspapers.org; default-src 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://dp.la/search; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://maps.gstatic.com/ https://maps.google.com/maps/ https://maps.googleapis.com/maps/ https://www.coloradovirtuallibrary.org/ https://www.coloradohistoricnewspapers.org/chnc/ https://secure.gravatar.com/avatar/; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.google.com https://maps.googleapis.com/maps/ https://cdnjs.cloudflare.com/ajax/libs/PapaParse/ https://cdnjs.cloudflare.com/ajax/libs/OverlappingMarkerSpiderfier/ 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; worker-src 'none' 1
default-src data: 'self' gfigroup.com *.gfigroup.com; font-src data: *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' blob:; frame-src data: 'self' *.cantor.com *.google.com; connect-src 'self' www.google-analytics.com; 1
frame-ancestors 'self' *.isubscribe.co.uk; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://storage.googleapis.com https://accounts.google.com; script-src-elem 'unsafe-inline' https:; img-src 'self' https: data: blob:; frame-ancestors 'self' https://app.contentful.com/; worker-src 'self' blob:; 1
frame-ancestors http://*.nielseniq.io:* https://*.nielseniq.io:* 1
frame-ancestors 'self' widget.immobilienscout24.de backend.grandcityproperty.de brame-campaign-data-storage.s3.amazonaws.com live.brame-gamification.com; 1
default-src 'self'; img-src 'self' data: cdn.ckeditor.com *.google-analytics.com api-maps.yandex.ru *.maps.yandex.net mc.yandex.ru *.jivo.ru; object-src 'none'; connect-src 'self' *.jivosite.com *.jivo.ru wss://*.jivo.ru mc.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ckeditor.com *.googleapis.com *.jivosite.com *.jivo.ru mc.yandex.ru api-maps.yandex.ru yastatic.net *.google-analytics.com widget.pochta.ru; style-src 'self' 'unsafe-inline' data: cdn.ckeditor.com *.googleapis.com *.jivo.ru; media-src 'self' *.jivo.ru *.google-analytics.com; frame-src 'self' widget.pochta.ru yandex.ru; font-src 'self' data: *; 1
default-src 'self' *.principledtechnologies.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.googleapis.com metrics.articulate.com principledtechnologies.com www.youtube.com use.typekit.net www.google.com googleads.g.doubleclick.net td.doubleclick.net webxprteast.principledtechnologies.com data: cdnjs.cloudflare.com google.com googletagmanager.com www.googletagmanager.com www.google-analytics.com platform.twitter.com twitter.com facebook.com syndication.twitter.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.principledtechnologies.com www.gstatic.com d3js.org unpkg.com www.googleadservices.com www.googleadservices.com td.doubleclick.net google.com googletagmanager.com www.googletagmanager.com www.google-analytics.com platform.twitter.com twitter.com facebook.com www.google.com code.jquery.com cse.google.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net www.google.com google.com googletagmanager.com www.googletagmanager.com www.google-analytics.com platform.twitter.com twitter.com facebook.com cdnjs.cloudflare.com fonts.googleapis.com; 1
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
frame-ancestors https://www.ludialudom.sk 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2cd3d8liqu8vp&partner=; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' 'unsafe-inline' https://www.youtube.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.co.th https://forms.hsforms.com js.hsforms.net https://www.facebook.com https://td.doubleclick.net/; font-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://investor.siamcitycement.com/ https://cdn.jsdelivr.net https://www.youtube.com/player_api https://maps.googleapis.com https://cdnjs.cloudflare.com js.hsforms.net https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://connect.facebook.net https://www.google.co.th https://www.youtube.com; connect-src 'self' https://maps.googleapis.com https://investor.siamcitycement.com/ https://www.youtube.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com; img-src 'self' 'unsafe-inline' data: http://via.placeholder.com https://maps.gstatic.com https://maps.googleapis.com http://www.w3.org https://forms.hsforms.com https://f.hubspotusercontent30.net https://forms-na1.hsforms.com https://i.ytimg.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.siamcitycement.com https://www.google.co.th https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; base-uri 'self';form-action 'self' 'unsafe-inline' https://forms.hsforms.com https://www.facebook.com https://investor.siamcitycement.com/; object-src 'none'; 1
default-src 'none'; script-src 'self' cdn.tremendous.com *.loginwithamazon.com api.digitaltorana.com 'unsafe-inline' *.go-mpulse.net; connect-src 'self' cdn.tremendous.com *.loginwithamazon.com api.digitaltorana.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.browser-intake-datadoghq.com *.amazonaws.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; base-uri 'self'; form-action 'self' cdn.tremendous.com; frame-ancestors *.tremendous.com *.digitaltorana.com *.choicepay.com; frame-src *.tremendous.com *.digitaltorana.com *.choicepay.com docs.google.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://solarpunk.moe 'wasm-unsafe-eval'; font-src 'self' https://solarpunk.moe; img-src 'self' data: blob: https://solarpunk.moe https://sfo3.digitaloceanspaces.com; style-src 'self' https://solarpunk.moe 'nonce-tJbCbGhAIFgQTiZ8/wdbkQ=='; media-src 'self' data: https://solarpunk.moe https://sfo3.digitaloceanspaces.com; frame-src 'self' https:; child-src 'self' blob: https://solarpunk.moe; worker-src 'self' blob: https://solarpunk.moe; connect-src 'self' blob: data: wss://solarpunk.moe https://solarpunk.moe https://sfo3.digitaloceanspaces.com; manifest-src 'self' https://solarpunk.moe; form-action 'self' 1
frame-ancestors onionleaf.com 1
report-uri https://pestdefense.com 1
frame-ancestors 'self' *.facebook.com *.internalfb.com instagram.com *.newrelic.com *.paypal.com 1
default-src 'self'; connect-src https://*.google.com/ https://*.ip-api.com/ https://*.rdstation.com.br/ https://*.onetrust.com/ https://cdn-ukwest.onetrust.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://ws5.hotjar.com/ https://*.portosegurofaz.com.br/ https://portosegurofaz.com.br/; font-src 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudfront.net/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.portosegurofaz.com.br/ https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data: https://*.doubleclick.net/ https://*.onetrust.com/ https://*.googleapis.com/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.amazonaws.com/ https://*.portosegurofaz.com.br/ https://www.google.com.br/ https://www.google.com/ https://secure.gravatar.com/ https://www.facebook.com/ https://bat.bing.com/ http://www.w3.org/ http://www.w3.org/2000/svg https://static.portosegurofaz.com.br/ https://*.hotjar.com/; script-src-elem 'unsafe-inline' 'unsafe-hashes' https://*.cloudfront.net/ https://*.getblue.io/ https://*.googleapis.com/ https://*.bootstrapcdn.com/ https://*.jsdelivr.net/ https://*.cloudflare.com/ https://*.portosegurofaz.com.br/ https://app.cybba.solutions/ https://googleads.g.doubleclick.net/ https://script.hotjar.com/ https://files1.cybba.solutions/ https://d2rp1k1dldbai6.cloudfront.net/ https://unpkg.com/ https://www.rtb123.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://www.dwin1.com/ https://bat.bing.com/ https://static.hotjar.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.portosegurofaz.com.br/; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://*.portosegurofaz.com.br/ https://fonts.googleapis.com/; frame-ancestors 'self' https://vars.hotjar.com/; frame-src 'self' https://*.getblue.io/ https://*.doubleclick.net/ https://vars.hotjar.com/; 1
default-src 'self' https: 'unsafe-inline';img-src * data:;base-uri 'self';font-src 'self' data: https://fonts.gstatic.com ;frame-src 'self' data: https://www.youtube-nocookie.com https://api.paymentwall.com https://payments.terminal3.com 1
script-src 'unsafe-inline' 'self' data: 'unsafe-eval' blob: www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com players.brightcove.net vjs.zencdn.net connect.facebook.net maps.googleapis.com acdn.adnxs.com;frame-src 'self' www.google.com www.googletagmanager.com outlook.office365.com 10651031.fls.doubleclick.net www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; style-src * 'unsafe-inline'; img-src * 'self' data: https:; media-src *; frame-src *; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com *.hiscoxgroup.com; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com.tr yandex.com yandex.net yandex.uz yandex.fr yandex.kz yandex.ru yandex.by yandex.ua *.yandex.com.tr *.yandex.com *.yandex.net *.yandex.uz *.yandex.fr *.yandex.kz *.yandex.ru *.yandex.by *.yandex.ua *.turbopages.org *.yandex.tld ppc.world *.ppc.world; report-uri https://sentry.elama.zone/api/27/security/?sentry_key=a3b52d3d676c4869bb1798f3ed2753dc; 1
object-src 'none'; frame-ancestors 'self' *.sportsdigita.com; report-uri https://eventsdc.com/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.googletagservices.com *.googlesyndication.com cdn-prod.securiti.ai *.google.com *.hotjar.com *.googleadservices.com *.gstatic.com snap.licdn.com *.doubleclick.net *.imagify.io plugin.handtalk.me; frame-src 'self' td.doubleclick.net *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.hotjar.com *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.imagify.io; object-src 'self'; frame-ancestors 'self' 1
default-src 'self' https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src data: https: 'self' 'unsafe-inline'; connect-src 'self' https: wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io; frame-src data: https: 'self'; media-src data: https: 'self'; img-src data: https: 'self'; font-src https:; 1
default-src 'self'; child-src vars.hotjar.com tpc.googlesyndication.com www.buzzsprout.com www.youtube.com 'self' www.google.com; connect-src analytics.tiktok.com ase-facebooktagging-prod-brazilsouth-002.azurewebsites.net cdn.cookielaw.org geolocation.onetrust.com *.hotjar.com ka-f.fontawesome.com stats.g.doubleclick.net *.hotjar.io www.google-analytics.com 'self' adservice.google.com privacyportal-br.onetrust.com wss://*.hotjar.com www.facebook.com www.google.com yoast.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com cdnjs.cloudflare.com data: use.typekit.net; img-src 'self' data: ps.w.org googleads.g.doubleclick.net px.ads.linkedin.com www.google-analytics.com www.google.com www.google.com.br cdn.cookielaw.org cdnjs.cloudflare.com px4.ads.linkedin.com quintalapsen.com.br www.facebook.com www.google.pt www.googletagmanager.com p.adsymptotic.com web.facebook.com www.aberje.com.br www.extimaapsen.com.br www.linkedin.com adservice.google.com extimaapsen.com.br pagead2.googlesyndication.com secure.gravatar.com translate.google.com www.apsenhomolog2.devfirma.com.br www.gstatic.com; script-src 'self' 'unsafe-eval' cdn.cookielaw.org cdnjs.cloudflare.com connect.facebook.net kit.fontawesome.com script.hotjar.com snap.licdn.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com 'unsafe-inline' ajax.googleapis.com code.jquery.com googleads.g.doubleclick.net tpc.googlesyndication.com unpkg.com www.buzzsprout.com www.youtube.com www.google.com asset data: internet.pf.gov.br obneistu.anoyntha.com proxycp.apsen.com.br self www.google.com.br www.google.pt; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com unpkg.com translate.googleapis.com; form-action 'self' www.facebook.com; media-src 'self' data:; object-src 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://unpkg.com/swiper/swiper-bundle.css https://unpkg.com/swiper/swiper-bundle.min.css https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://stackpath.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://www.apsen.com.br/; frame-ancestors about https://www.apsen.com.br; frame-src https://www.apsen.com.br https://www.youtube.com/ tpc.googlesyndication.com vars.hotjar.com www.google.com bid.g.doubleclick.net m.facebook.com web.facebook.com www.buzzsprout.com www.googletagmanager.com www.facebook.com; script-src-attr 'unsafe-inline'; script-src-elem https://analytics.tiktok.com/ https://googleads.g.doubleclick.net https://unpkg.com/swiper/swiper-bundle.js https://unpkg.com/swiper/swiper-bundle.min.js https://apsen.com.br https://www.apsen.com.br https://www.youtube.com www.youtube.com/iframe_api ajax.googleapis.com www.googleadservices.com 'unsafe-inline' www.googletagmanager.com connect.facebook.net https://*.hotjar.com/ https://www.apsen.com.br/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://snap.licdn.com/; report-uri https://apsen.report-uri.com/r/d/csp/wizard; report-to wizard 1
default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com stat.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src *; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com *.ampproject.org www.googletagmanager.com 1
frame-ancestors 'self' https://help.campz.be https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors *.cylex.com.br 1
frame-src 'self';frame-ancestors 'self'; object-src 'none'; 1
font-src fonts.gstatic.com github.com *.jsdelivr.net cdn.almapay.com assets-staging.oney.io https://fonts.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.perfmaker.net *.facebook.com *.google.com *.doubleclick.net *.weltpixel.com secure-gateway.hipay-tpp.com *.hipay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.perfmaker.net axeptio.imgix.net *.facebook.com *.google.fr *.google.com *.mirakl.net assets.oney.io https://assets.fintecture.com *.alothemes.com *.magepow.com *.mageside.com mageside.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.jsdelivr.net *.axept.io *.facebook.net *.perfmaker.net *.google.com *.google.fr assets-staging.oney.io https://cdn.hero.fr secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.avada.io *.alothemes.com *.magepow.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.perfmaker.net https://fonts.googleapis.com *.hipay.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.getalma.eu *.axept.io *.facebook.com *.analytics.google.com *.doubleclick.net *.perfmaker.net https://api-adresse.data.gouv.fr widget-stg.oney.io *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://manage.hpnonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app   ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://aege.fr/; form-action 'self' https://login.microsoftonline.com/ https://aege.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com   https://dev.oauth2-tester.netanswer.fr/ https://keycloak.aege.fr/ https://*.aege.fr/ https://*.aege.info/ 1
default-src 'self' data:; img-src 'self' data: http: https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://static.axept.io https://browser-update.org/update.js https://www.google-analytics.com https://cdn.ravenjs.com https://sentry.io *.googleapis.com https://www.googletagmanager.com https://g10696554090.co; style-src 'self' https: 'unsafe-inline' blob: *.googleapis.com; connect-src 'self' https: *.googleapis.com; frame-src 'self' data: https://www.google.com https://api.cloudinary.com *.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.wistia.com https://*.wistia.net https://go.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ https://swimlane.widget.insent.ai; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://j.6sc.co https://js.zi-scripts.com https://www.gartner.com https://pi.pardot.com https://cdnjs.cloudflare.com https://*.wistia.com https://src.litix.io https://button.glitch.me data: blob: https://*.wistia.net https://snap.licdn.com https://bat.bing.com https://ws.zoominfo.com https://cmp.osano.com https://*.swimlane.com https://boards.greenhouse.io https://play.goconsensus.com/ https://tracking.g2crowd.com/ https://swimlane.widget.insent.ai https://yoast.com https://my.yoast.com https://fast.wistia.net https://public-profile.whistic.com https://www.whistic.com/ https://form.jotform.com https://*.jotfor.ms https://*.gstatic.com https://swimlane.bamboohr.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.gartner.com blob: https://fast.wistia.com https://button.glitch.me https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://fast.wistia.net https://swimlane.widget.insent.ai https://*.wistia.com https://public-profile.whistic.com https://www.whistic.com/ https://*.gstatic.com https://*.jotfor.ms https://swimlane.bamboohr.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://*.6sc.co https://b.6sc.co https://www.gartner.com https://ad.doubleclick.net https://resources.bamboohr.com https://reviews.static.gartner.com https://avatars0.githubusercontent.com https://cdn.glitch.com https://glitch.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://*.wistia.com data: https://x.bidswitch.net https://cm.g.doubleclick.net https://idsync.rlcdn.com https://us-u.openx.net https://ib.adnxs.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://via.placeholder.com https://bat.bing.com https://px.ads.linkedin.com https://pixel-a.basis.net https://pixel.sitescout.com https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://www.linkedin.com https://px4.ads.linkedin.com https://fast.wistia.net https://swimlane.widget.insent.ai https://www.whistic.com/ https://public-profile.whistic.com https://www.jotform.com https://files.jotform.com https://cdn.jotfor.ms https://events.jotform.com https://swimlane.bamboohr.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://*.6sc.co https://ipv6.6sc.co https://c.6sc.co https://js.zi-scripts.com https://px.ads.linkedin.com https://www.gartner.com https://api.glitch.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.litix.io https://www.youtube-nocookie.com https://cdn.linkedin.oribi.io https://ibc-flow.techtarget.com https://www.google.com https://metrics.swimlane.com https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ https://swimlane.widget.insent.ai https://my.yoast.com https://consent.api.osano.com https://tattle.api.osano.com https://fast.wistia.net https://ws.zoominfo.com https://public-profile.whistic.com https://www.whistic.com/ https://swimlane.bamboohr.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://www.gartner.com https://*.wistia.com data: https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://fast.wistia.net https://swimlane.widget.insent.ai https://public-profile.whistic.com https://www.whistic.com/ https://cdn.jotfor.ms https://swimlane.bamboohr.com fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://www.gartner.com https://www.youtube-nocookie.com https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://fast.wistia.net https://*.wistia.com https://www.whistic.com/ https://public-profile.whistic.com https://swimlane.bamboohr.com; media-src 'self' https://*.6sc.co https://b.6sc.co https://www.gartner.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://*.wistia.com data: blob: https://www.youtube-nocookie.com https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://fast.wistia.net https://www.whistic.com/ https://public-profile.whistic.com https://swimlane.bamboohr.com; frame-src 'self' https://scripts.eight25sites.com  https://byappdirect.com https://td.doubleclick.net https://www.gartner.com https://www.youtube.com https://go.swimlane.com https://boards.greenhouse.io https://fast.wistia.net https://fast.wistia.com data: blob: https://www.youtube-nocookie.com https://cmp.osano.com https://8344960.fls.doubleclick.net https://pixel-a.basis.net https://pixel.sitescout.com https://*.swimlane.com https://play.goconsensus.com/ https://tracking.g2crowd.com/ swimlane.widget.insent.ai https://*.wistia.com https://public-profile.whistic.com https://www.whistic.com/ https://submit.jotform.com https://www.zoominfo.com/ https://swimlane.bamboohr.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com; child-src 'self' blob: www.youtube.com www.googletagmanager.com https://j.6sc.co; upgrade-insecure-requests; block-all-mixed-content ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.fr; img-src 'self' https: data: blob: https://mstdn.fr; style-src 'self' https://mstdn.fr 'nonce-ibVfOl4mKQtj4v817HgPAQ=='; media-src 'self' https: data: https://mstdn.fr; frame-src 'self' https:; manifest-src 'self' https://mstdn.fr; form-action 'self'; connect-src 'self' data: blob: https://mstdn.fr https://static.mstdn.fr wss://mstdn.fr; script-src 'self' https://mstdn.fr 'wasm-unsafe-eval'; child-src 'self' blob: https://mstdn.fr; worker-src 'self' blob: https://mstdn.fr 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://opalstack.social; img-src 'self' https: data: blob: https://opalstack.social; style-src 'self' https://opalstack.social 'nonce-lnA7jtxPFyViaSdMJpLwhA=='; media-src 'self' https: data: https://opalstack.social; frame-src 'self' https:; manifest-src 'self' https://opalstack.social; form-action 'self'; child-src 'self' blob: https://opalstack.social; worker-src 'self' blob: https://opalstack.social; connect-src 'self' data: blob: https://opalstack.social https://opalstack-social.us-southeast-1.linodeobjects.com wss://opalstack.social; script-src 'self' https://opalstack.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; child-src 'self'; 1
base-uri 'none';          child-src 'self';         connect-src https: 'self' www.google-analytics.com google-analytics.com stats.g.doubleclick.net cloudflareinsights.com;         default-src 'none';         font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;         form-action 'self';         frame-ancestors 'self';         frame-src https: 'self';         img-src https: data: 'self' blog.illumineX.com stats.g.doubleclick.net;         manifest-src 'self';         media-src 'self' illumineX.com youtube.com;         object-src 'none';         prefetch-src 'self' fonts.googleapis.com fonts.gstatic.com;         script-src 'self' static.cloudflareinsights.com;         script-src-elem https: 'self' 'unsafe-hashes' 'report-sample' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com 'sha256-oaMqQnI4Y5yWDX3FAKKxJgNvrrMZCq6CIbccIPJwYLo=' 'sha256-NmwhUMG9G8BiI4p6mUmlF69xSeV1CgRMURHeaCubyyw=' 'sha256-7nMSNmHIKT1+IBrTTaPa9K2CqFJlmdIbbvw+5HE/kZg=' 'sha256-D+dEgY9dA0FHa27TsHtmOKG120Nps2L6kSasyghxVsc=' 'sha256-KE/YeycP+iyQ39dYjkuC/UUeEoO+ZE8cN3etPt+JZMo=' 'sha256-SpKNFmGmah1xKZ+WVHLWE3pCJdBx83ne6pkHJJ12vr0=' 'sha256-VWkG3rR92tqWKwxTi7FGCwo0s3+n19OMWDS2+QN0eiU=' 'sha256-efg60kTvOZxSItbxyc9J+fnzqKMTVB1O0s8WUMPdcPk=' 'sha256-jPnfw1MqPzoO6S3Zzjx7gGmnJnGrxCAbqUtFhjIckio=' 'sha256-FOOiU7fFk1CFgFo79Scr+qokIt+NhHIJMiI293lWZ0o=';         style-src 'self' 'unsafe-hashes' cdn.jsdelivr.net fonts.googleapis.com 'sha256-ZTyQD/qmSbcGMW6Nt0uyGpa9DtsQYxTyune9/2iL02w=' 'sha256-vt/nXMU7UySpxKt3RnOwfs74+ydcLQPobGkBPgNLzj0=' 'sha256-7Q0Qy1W7TLp+KHsXZyIuhf/fjd8a9XaWjkUQf3AKidY=' 'sha256-oKaC2hBwptszgRoEx17WNTW45wFET2kxVWihpMb0tq8=' 'sha256-dtH7Fs+tAwZJI4gw9wWo/yi/mAbBFQIsUWmaGcKl+To=' 'sha256-ub3Yw6bVAII5d0IW+g2MPYwIOtkQP6TOQqFshu3zfQM=' 'sha256-HVEvK3ZYr+M7bK+EmCbH1SIXpgdFCHB+MPyt6a+F6TI=' 'sha256-hRZ59ORwMn3T/5SwcV86ynCUNYuk26yUPBKHvBumW/8=' 'sha256-5V3sPwLhLC4E1oiE6yxyjKr3V8hdfAVO/+egYk/iIdo=' 'sha256-D+dEgY9dA0FHa27TsHtmOKG120Nps2L6kSasyghxVsc=' 'sha256-D+dEgY9dA0FHa27TsHtmOKG120Nps2L6kSasyghxVsc=' 'sha256-KE/YeycP+iyQ39dYjkuC/UUeEoO+ZE8cN3etPt+JZMo=' 'sha256-QOHhZWNr81Ck+GEN9rUPdYeWA2wHxSdqTjSQ2OjHlyQ=' 'sha256-TjXhPCdfltqIkF+Tx720zbA8UE21o1d4HZRlKAJihtE=' 'sha256-U8KnzF558nkTOfJTE1K2hoK/mb5FM05jMg0YnfiE14M=' 'sha256-UXlWEgR3gUIzwypZ/ERT8iGdOL+NziwhxrpFwbKd3VU=' 'sha256-VWkG3rR92tqWKwxTi7FGCwo0s3+n19OMWDS2+QN0eiU=' 'sha256-Vaub251C/yHYQtBheMXE5dnwTTpUmybGZ2NDu11Kp2g=' 'sha256-dCeyYKJPIPag3nyiJmz6DbkDyPmBCTPUNYIHjjb4GC0=' 'sha256-h3GAgwX5ix39//efFfc0hfRf4Xwad7tzivMhvhdoY2Q=' 'sha256-hIpAs3gzVkE1pAuxUSm6gDUENxpl13Zfpsjz4PZb4d4=' 'sha256-k4sTbWJmaF5LrABk81rC1T/fljbxn+37Xg4H8GZo0EY=' 'sha256-w8QMjFyj3fa4O51xF1AdaJHh7qdeorkjxaUiy3lZnfU=';         style-src-elem https: 'self' 'sha256-BnApZayPudw3BxTknM2e3ZkfZmLcN9lZXQN+kSdGXbU=' 'sha256-BnApZayPudw3BxTknM2e3ZkfZmLcN9lZXQN+kSdGXbU=' 'sha256-BnApZayPudw3BxTknM2e3ZkfZmLcN9lZXQN+kSdGXbU=''sha256-TQ40FousGcCHjK4qQ6Pu86TZho5ZGV9sITUz+syZoOQ=' 'sha256-TQ40FousGcCHjK4qQ6Pu86TZho5ZGV9sITUz+syZoOQ=' 'sha256-3SLfnx0P1YWGrb8qQP7tSvK4fM04EGTGEmANPIauBGE=' 'sha256-3SLfnx0P1YWGrb8qQP7tSvK4fM04EGTGEmANPIauBGE=' 'sha256-GNYqhcDPDL4cVnjnEeKBBlWIjibpSopD3dvwbqI2xO0=' 'sha256-yE5pha203jK/dofAPKtKwV61D7/wYFUR+x93NqAthjM=' 'sha256-yE5pha203jK/dofAPKtKwV61D7/wYFUR+x93NqAthjM=' 'sha256-yE5pha203jK/dofAPKtKwV61D7/wYFUR+x93NqAthjM=' 'sha256-2UNX6kZbKq/VDAdbdK9ZbHh386WSPVoqJMdocdi6tes=' 'sha256-2q7CrPnA50Pe0pPuiS923ONk94PSRQeepMptn93FnpU=' 'sha256-2t1gczTBLm6usxi/Mnd1DC3x31SBcN8iS7LIaPqe4UY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-4KYh/SJuvoX1RoreWRIt0cO5d7HJ54BeEldejKEHrpU=' 'sha256-4VPiW3qhxH8emF76EKQNCsuYsj7IRkQE2nDsYUWV34Q=' 'sha256-69eW/LudnT+MBtSNmu0IlPpACX1k2J6W6OHJ8bvzeu4=' 'sha256-6UVDmauGpVGtvPNdM0X9VupW18Dtf54yzYcvn5H7XKo=' 'sha256-9GzL2LOSIw691nIjgAN+E76koaSp1ZNvPV5ZsASm/AM=' 'sha256-DphBvbyJDUPeUbwzRUaLc6m+UeCron/Uc5KSkGfSvfM=' 'sha256-FOOiU7fFk1CFgFo79Scr+qokIt+NhHIJMiI293lWZ0o=' 'sha256-GCZt6QsqZ2MYghLaYD4bASAOwvzSh4CWOaofyzeFzb8=' 'sha256-GF4jMmbcKvDjO3ga4Ph5hzgwV+Dt6Iuf64oToyLK56A=' 'sha256-NPxdDchSuP4x5WkXBSD7q/HuhcoChj7hug2Gr5XJJus=' 'sha256-Qcr3C58rQCOnN+1n7rc9YVrqSeGXgRyX2O0EVDXCv5Q=' 'sha256-SDirJsCqFeQ/rJ+OM1p6jzZcaNVR2MqRJ6UGJIYEnQM=' 'sha256-VsFQFRxAcsPJaGWemaxXo0J8dFDmnS0sTx7whycOj34=' 'sha256-YNNA3pBixnTeT7N3ZYTNGgKnevyVGjdMpTciB5J2TRE=' 'sha256-Yepw2WP7tvQrZWGrBzOAjlevsyfdkOKLsykx2FA4mlk=' 'sha256-ZCt+COyp/3cQrbGaNJyfODslKjNbeyi/WAbUXyNdQpY=' 'sha256-bK3b4M1bkLDBJWIrBj9EzffTNvnXOVVXnzFG6TY+e6I=' 'sha256-c1g1P765ZSTZ2BAsOerRz/V6QylOHPiSk/OklwLoITQ=' 'sha256-dDpZ3udElPDPk9lYKOl7QQS8gnodJI10ckbcIiL+V9s=' 'sha256-dgtsLp6XPn1jx4AoPgZsdEwoqIXjH83v1YNo2eTyuPM=' 'sha256-e+BtgQVzb09LFub8GS5CiQI0hvkwn4ll2dWYpGtx7cw=' 'sha256-eCD3UMBIySNh9XLPX04uWmRyyDKlY6YDhWm8mWT8LkU=' 'sha256-fe7yW3UYWOyohmi4UWHWMztWlChbhgkmpr4CJsVZADY=' 'sha256-g0YiA9qIr7kua4aQ9fiVBgqj9cx7TBreDsYrrka6fek=' 'sha256-iJuU7s4WbAKJF+gcg6HGuOG1b5JsQ6mwfCw/9JLTQS4=' 'sha256-mFHpXbaH52rZoHHotcPLoJdbQwccgmNlfCyR2VQVBrQ=' 'sha256-okqqaqwBckeyhvarJicQVXpw62sRgR3HpbXRQ/fhhp4=' 'sha256-qT2oLQf62NgDVLHEYpCfKAbVc+QuyKyLCJpg67dwaE0=' 'sha256-rSxt0h4LEGNRjDLRuHwJ637VFcRP+Te1oFFKzDuHCvs=' 'sha256-tbFxadHMKJV7WVTR6dEAYQww40fox+M+a+Yyd6J+JDg=' 'sha256-tf6I/RQ5GO37Me+DAdoRF/UG2l1a3V4vlMv4bCBdYTE=' 'sha256-u3RohsKVh7uWwhhJ0/JUcu2/nl/TT2vE32ZcBxssThk=' 'sha256-x/ZN8I5LYLyMeQP5wCfIaaOR6yAlV+1lf3oN75Le+hY=' 'sha256-GJ1N7I/ZbuxU+AYwvMoiGd7wV5xTm2+P0ADMEaJ83EI=' 'sha256-IhOA0jJriG3I75skaQ8QaDqB/L4YkKJEFmosk8f9/GY=' 'sha256-J0cr80kawuElIqpX/Y2bA0cLFX9Xth4BeMuGl2xQmYA=' 'sha256-RyOE4k3aZ2aTcoxjXgKxpwtNNwKQPvTrWGb5lDLbWLk=' 'sha256-rUZLLH0sZk4C71nKHOE9Cl76LwLsu7OBoxAWunKrT0g=' 'sha256-3pSIbiUHJpmNy02gIBebnYzo5Z+VO6UTIcvs5vQCLe0=' 'sha256-4fz6CyhaahgIziHcqIxNQSoZ2GteWmffpvJ4wzHmNBw=' 'sha256-6YfkAgI11AJF7i7jpRg8RoTq/8/A481/pthHQKyPJOg=' 'sha256-7YX19ewSNc7Vqx7G+ch58g+sqMEmZ6BE0mxufHRQFAg=' 'sha256-LYiYdRwL/2eZeOh7JsJYhpdrsYQhZiedai6IGMqvOtc=' 'sha256-Q3nEGK8WhNTSyqCy4KZ/A4mFEuBzISODy6Huol87PcA=' 'sha256-QN/AO7BWI3xQJEmkIcP3ndwic0TDFpzOiGmI3JSG81Y=' 'sha256-WI3EP5GBNpOx2mjpPjFZcsujEtEJAxaFixFddq7iL4Y=' 'sha256-WRp9Cl1TuRpbRSB/kYilc19SacymYR3zm0pfy42YfbA=' 'sha256-bnx7MjUcqJ+3EJWtIt6ouKvVkqxbm2GReho+sJ6CW8w=' 'sha256-g+Tt6wQT0EyhQ4cpDk58Sctpjba/DW19BTFWRNSrEbQ=' 'sha256-rlT43nQksQ1hu5yQup15/abip4Ad57BixRQeACl4ewM=' 'sha256-tHVCKLnpbfRH/Jczz1i3JOJzaMUaf3Q1jntEDplW41I=' 'sha256-bYTHObsBIUNfw8AGxtJmpnFuRvPsgZBCmP8bmqD3pVQ=' 'sha256-bYTHObsBIUNfw8AGxtJmpnFuRvPsgZBCmP8bmqD3pVQ=';         upgrade-insecure-requests;         worker-src 'none'; 1
frame-ancestors 'self' rv.local-lb.com responsivevoice.org *.responsivevoice.org; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.in 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.in; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.in; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.in images.fashiola.in cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-0260473032208cc1ccb1e21575d16e0c' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-0260473032208cc1ccb1e21575d16e0c' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' app.hubspot.com 1
default-src 'self' https:; font-src 'self' https: data: https://js.intercomcdn.com http://fonts.intercomcdn.com; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; object-src 'none'; form-action 'self' https: https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: 'unsafe-inline' wss://koningapestaart.be https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://a.tiles.mapbox.com; child-src 'self' https: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' https: https://js.intercomcdn.com; report-uri /csp_reports 1
frame-ancestors 'self' https://matomo.ucanss.fr; 1
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src * 'unsafe-inline' *.easy-myshop.jp; media-src *; img-src * 'self' filesystem: data: blob:; 1
frame-src 'self' *.doubleclick.net cl.avis-verifies.com vars.hotjar.com *.avis-verifies.com *.netreviews.com *.google.com *.crazyegg.com *.vimeo.com *.facebook.com *.easydmp.net *.air360tracker.net *.teads.tv ad4m.at; img-src 'self' *.easydmp.net *.app.smart-tribune.com *.amazonaws.com *.google.fr *.google.com *.facebook.com *.google-analytics.com *.abtasty.com *.bing.com *.advcredirect.com *.w3.org *.doubleclick.net *.metaffiliation.com *.go2cloud.org *.tradedoubler.com *.optimalpeople.fr *.air360tracker.net *.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cdn.segment.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com polyfill.io *.vimeocdn.com *.metaffiliation.com *.easydmp.net *.advcredirect.com ybl.primes-energie.leclerc *.lovvisisintheair.com *.tradedoubler.com *.optimalpeople.fr *.air360tracker.net *.teads.tv ad4m.at bbd-tag.de *.social-media-system.com apptracker.stream https://assets.app.smart-tribune.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.smart-tribune.com https://unpkg.com https://www.google.com try.abtasty.com; style-src 'self' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com *.easydmp.net *.air360tracker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com *.air360tracker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.primes-energie.leclerc/report-uri/enforce; block-all-mixed-content 1
frame-ancestors 'self' *.velocihost.net; 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'nonce-1bdd950146' https://www.gstatic.com/ https://www.google.com/ https://synlab.ee/ https://ssl.google-analytics.com https://cdnjs.cloudflare.com/ https://forms.plumsail.com/ blob:; style-src 'self' 'nonce-1bdd950146' https://synlab.ee/ https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://secure.gravatar.com data:; font-src 'self' https://synlab.ee/ https://fonts.googleapis.com https://fonts.gstatic.com data:; form-action 'self'; base-uri 'self'; frame-src https://synlab.ee/ https://www.google.com https://maps.google.com https://www.youtube.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' c.lytics.io *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org www.google.com cdn.segment.com *.doubleclick.net connect.facebook.net www.gstatic.com c.lytics.io pghub.io *.bazaarvoice.com *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net consumersupport.pg.com *.bazaarvoice.com www.facebook.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io *.bazaarvoice.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.analytics.google.com cdn.cookielaw.org *.adsrvr.org *.googlesyndication.com *.segment.com *.segment.io *.bazaarvoice.com az-apigateway-cs-prod-20180702.azure-api.net *.algolia.net *.algolianet.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com player.vimeo.com www.youtube.com static.cloudflareinsights.com www.googletagmanager.com mktdplp102cdn.azureedge.net www.google-analytics.com snap.licdn.com amplify.outbrain.com js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hscollectedforms.net wave.outbrain.com js.hs-analytics.net tr.outbrain.com maps.googleapis.com 'unsafe-eval' www.gstatic.com www.google.com platform.twitter.com googleads.g.doubleclick.net www.googleadservices.com; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com data: 2.gravatar.com secure.gravatar.com i.vimeocdn.com tr.outbrain.com px.ads.linkedin.com forms.hsforms.com www.google.com www.google.pl track.hubspot.com maps.gstatic.com maps.googleapis.com 7e06571174e74d439ee52aa2e2fff41e.svc.dynamics.com www.google-analytics.com googleads.g.doubleclick.net www.linkedin.com www.googletagmanager.com px4.ads.linkedin.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' vimeo.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com www.google-analytics.com stats.g.doubleclick.net forms.hscollectedforms.net forms.hubspot.com maps.googleapis.com ipapi.co cdn.linkedin.oribi.io tr.outbrain.com region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com *.svc.dynamics.com px.ads.linkedin.com; child-src 'self' www.youtube.com player.vimeo.com platform.twitter.com www.google.com 7e06571174e74d439ee52aa2e2fff41e.svc.dynamics.com td.doubleclick.net blob: www.genoahealthcare.com; media-src 'self' 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-RwQJf7-peolq0CxjdGM_xA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self' *.hyblockcapital.com;script-src 'self' *.hyblockcapital.com *.amazonaws.com *.googletagmanager.com 'unsafe-inline' *.google-analytics.com https://unpkg.com 'unsafe-eval' https://chathyblock.nisa.ai https://hyblockapi.nisa.ai;object-src 'none';style-src 'self' 'unsafe-inline' *.hyblockcapital.com https://unpkg.com;img-src 'self' *.amazonaws.com *.hyblockcapital.com data: blob: *.googletagmanager.com https://hyblockapi.nisa.ai;connect-src 'self' *.amazonaws.com *.hyblockcapital.com *.google-analytics.com *.amazoncognito.com wss://*.hyblockcapital.com https://chathyblock.nisa.ai;frame-ancestors 'self';frame-src 'self' *.coinbase.com blob: https://chathyblock.nisa.ai;media-src 'self' *.amazonaws.com *.hyblockcapital.com;upgrade-insecure-requests 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.pushtech.com https://formbuilder.online https://cdn.polyfill.io https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com https://func-cache-prices-integration-pro-westeurope.azurewebsites.net https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/ https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/ https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net https://pages.psh.pm https://pages.psh.pm/accounts/512a9a21-56b4-47c9-ab92-e5e88de37c49/forms/7dbbf843-4663-4ab0-92d1-4975234f7b0f; img-src 'self' 'unsafe-eval' https://pages.psh.pm 'unsafe-inline' data: https:; font-src 'self' https://pages.psh.pm https://maxcdn.bootstrapcdn.com data:;style-src 'self' https://pages.psh.pm 'unsafe-inline'; 1
connect-src 'self' *.advisorengine.com wss://*.advisorengine.com/hub *.nr-data.net *.launchdarkly.com 3hchf66sphpq.statuspage.io app.pendo.io ka-f.fontawesome.com maps.googleapis.com notify.bugsnag.com sessions.bugsnag.com stats.g.doubleclick.net desk.zoho.com; font-src 'self' ka-f.fontawesome.com kit-free.fontawesome.com use.typekit.net fonts.gstatic.com; form-action 'self' *.advisorengine.com *.advisorengine.com *.advisorengine.net *.schwab.com *.schwab.tech *.dev.schwab.com *.dev.schwab.tech si2.schwabinstitutional.com veoone.tdainstitutional.com advisor.envestnet.com *.advisorchannel.com *.streetscape.com *.wealthscape.com *.precisefp.com pfp.five *.usa-financial.com *.usafinancial.com usafinancial.com *.vanare.com *.regencyinvests.com *.quikformsapp.com *.moxo.com *.grouphour.com; frame-src * data: blob:; img-src 'self' data: *.advisorengine.com jxcloudfilesprd.s3.amazonaws.com app.pendo.io cdn.pendo.io pendo-static-5697874281103360.storage.googleapis.com www.google.com 1dc018be4716da4aaa18-5d73971c6ce0cd6d739efc4134c4b48a.ssl.cf2.rackcdn.com maps.gstatic.com *.ggpht.com *.googleapis.com desk.zoho.com ae-help-center.s3.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.advisorengine.com pendo-io-static.storage.googleapis.com js-agent.newrelic.com pendo-io-static.storage.googleapis.com *.nr-data.net app.pendo.io cdn.pendo.io d2wy8f7a9ursnm.cloudfront.net kit.fontawesome.com maps.googleapis.com pendo-static-5697874281103360.storage.googleapis.com statuspage-production.s3.amazonaws.com www.googletagmanager.com appsforoffice.microsoft.com ajax.aspnetcdn.com mamba.junxurecloud.net mamba.advisorengine.net *.env.advisorengine.net; style-src 'self' 'unsafe-inline' *.advisorengine.com cdn.pendo.io kit-free.fontawesome.com p.typekit.net pendo-static-5697874281103360.storage.googleapis.com use.typekit.net static2.sharepointonline.com fonts.googleapis.com; object-src 'none'; frame-ancestors 'self' *.advisorengine.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' platform.twitter.com; script-src 'self' 'unsafe-inline' acsbapp.com platform.twitter.com cdn.syndication.twimg.com; form-action 'self'; worker-src 'none'; frame-src 'self' player.vimeo.com www.youtube.com youtu.be www.youtube-nocookie.com/ *.podcaster.de www.german-films.de/ platform.twitter.com syndication.twitter.com; img-src 'self' data: web1.acsbapp.com cdn.acsbapp.com platform.twitter.com abs.twimg.com pbs.twimg.com syndication.twitter.com; object-src 'none'; font-src 'self' acsbapp.com cdn.acsbapp.com; connect-src 'self' cdn.acsbapp.com acsbapp.com 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.commerce-connector.com *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; img-src * 'self' data: https:; frame-src *.youtube.com *.youtu.be *.youtube-nocookie.com *.sigel-office.com *.doubleclick.net *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; font-src 'self' *.gstatic.com *.commerce-connector.com; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; report-uri /report-csp-violation 1
block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://vac.bhhsnv.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Kn14_MpfMQQhKgu7gibqIg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net google-analytics.com www.google-analytics.com googletagmanager.com www.googletagmanager.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.google.com use.fontawesome.com fonts.googleapis.com www.googleadservices.com ads.newtarget.com ajax.cloudflare.com form.jotform.com www.cognitoforms.com cognitoforms.com static.cognitoforms.com ntca.realmagnet.land realmagnet.land cdn.curator.io curator.io cdn.jsdelivr.net platform.twitter.com s7.addthis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' connect.facebook.net google-analytics.com www.google-analytics.com googletagmanager.com www.googletagmanager.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.google.com use.fontawesome.com fonts.googleapis.com www.googleadservices.com ntca.realmagnet.land realmagnet.land ads.newtarget.com form.jotform.com www.cognitoforms.com cdn.jotfor.ms cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms www.gstatic.com cdnjs.cloudflare.com ajax.cloudflare.com www.magnetmail.net static.cognitoforms.com cognitoforms.com cdn.curator.io curator.io cdn.jsdelivr.net platform.twitter.com s7.addthis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com jotfor.ms www.cognitoforms.com cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms cdn.curator.io; frame-ancestors 'self'; report-uri https://www.ntca.org/report-uri/enforce 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.chatbot.com https://connect.facebook.net https://googleads.g.doubleclick.net https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://maps.googleapis.com https://sc-static.net https://script.hotjar.com https://static.hotjar.com https://secure.gravatar.com https://ssl.google-analytics.com https://tr.snapchat.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com fonts.googleapis.com secure.gravatar.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.google.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com  https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com 'self' ws:;object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' sc-static.net *.snapchat.com g.alicdn.com s.ytimg.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.youtube.com www.google.com tagmanager.google.com www.googleadservices.com leaderdigital.org srvvtrk.com gsp0.baidu.com gss0.bdstatic.com www.recaptcha.net captcha.gtimg.com *.bdimg.com *.baidu.com *.facebook.net *.serving-sys.com *.licdn.com *.google.com *.doubleclick.net *.go-mpulse.net *.weezevent.com *.eventbrite.fr *.captcha.qq.com *.hotjar.com *.azu.levia.ai *.trustcommander.net *.contentsquare.net *.teads.tv blob: api.map.baidu.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://ssl.captcha.qq.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' sc-static.net *.snapchat.com g.alicdn.com s.ytimg.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.youtube.com www.google.com tagmanager.google.com www.googleadservices.com leaderdigital.org srvvtrk.com gsp0.baidu.com gss0.bdstatic.com www.recaptcha.net captcha.gtimg.com *.bdimg.com *.baidu.com *.facebook.net *.serving-sys.com *.licdn.com *.google.com *.doubleclick.net *.go-mpulse.net *.weezevent.com *.eventbrite.fr *.captcha.qq.com *.hotjar.com *.azu.levia.ai *.trustcommander.net *.contentsquare.net *.teads.tv api.map.baidu.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://ssl.captcha.qq.com maps.googleapis.com; style-src 'self' 'unsafe-inline' g.alicdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.youtube.com fast.fonts.net fonts.googleapis.com captcha.gtimg.com tagmanager.google.com www.googletagmanager.com api.map.baidu.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://widget.azu.levia.ai; style-src-elem 'self' 'unsafe-inline' sc-static.net g.alicdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.youtube.com fast.fonts.net fonts.googleapis.com tagmanager.google.com www.googletagmanager.com api.map.baidu.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://widget.azu.levia.ai 1
default-src 'self' 'unsafe-inline' https: data: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hsforms.net https://*.lightspeed.com https://gtm.lightspeed.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.vimeo.com https://*.usemessages.com https://*.hs-scripts.com https://*.livechatinc.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self'; img-src 'self' unsafe-inline https://*.lightspeed.com https://*.hsforms.com https://*.builder.io https://*.google.com https://*.hubspot.com https://*.facebook.com https://*.doubleclick.net https://*.bing.com https://*.hsforms.com https://*.vimeocdn.com data:; frame-ancestors 'self' https://*.builder.io https://builder.io 1
frame-ancestors https://admin.stlukesbillpay.com http://localhost:6250; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com bat.bing.com code.jquery.com app.responseiq.com maps.googleapis.com wstatic.responseiq.com www.gstatic.com www.google.co.uk www.googleadservices.com googleads.g.doubleclick.net www.google.com a19.responseiq.com fonts.googleapis.com fonts.gstatic.com jqueryjs.googlecode.com maps.gstatic.com ssl.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com fonts.googleapis.com tagcdn.gi-solutionsgroup.com services.postcodeanywhere.co.uk collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js static.cloudflareinsights.com cdn.hu-manity.co tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com; script-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com qvdt3feo.com eu.srv.stackadapt.com fonts.googleapis.com bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com tagcdn.gi-solutionsgroup.com collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js cdn.hu-manity.co; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com tags.srv.stackadapt.com ecommplugins-scripts.trustpilot.com 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com ecommplugins-scripts.trustpilot.com tags.srv.stackadapt.com 'unsafe-eval'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: bat.bing.com r1-t.trackedlink.net stats.g.doubleclick.net www.google-analytics.com www.google.co.uk www.google.com ssl.google-analytics.com www.google.com.np googleads.g.doubleclick.net www.google.it www.googletagmanager.com www.google.es www.google.co.in www.google.co.ma www.google.ro www.gstatic.com www.google.im www.google.be www.google.ie www.awin1.com www.topcashback.co.uk tile.openstreetmap.org a19.responseiq.com app.responseiq.com maps.googleapis.com maps.gstatic.com wstatic.responseiq.com fault.rlets.com cbks0.googleapis.com khms0.googleapis.com khms1.googleapis.com smartslider3.com www.alfatravel.co.uk www.googleadservices.com ssl.gstatic.com tag.gi-solutionsgroup.com www.facebook.com collector-11715.tvsquared.com pubads.g.doubleclick.net dpm.demdex.net region1.analytics.google.com tags.srv.stackadapt.com; font-src 'self' data: app.responseiq.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com www.alfatravel.co.uk; connect-src 'self' in.hotjar.com app.responseiq.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net 49817b22-010e-431a-a361-fe015e221575.rlets.com apgb2b-reachcodeandproxy.gannettdigital.com capture-api.reachlocalservices.com sentry.hotjar.com ws1.hotjar.com localhost ws10.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com ws9.hotjar.com gw.oribi.io ssl.google-analytics.com api.wppopupmaker.com vc.hotjar.io www.googleadservices.com www.google.co.uk www.facebook.com bat.bing.com services.postcodeanywhere.co.uk tvsquared.com maps.googleapis.com tag.gi-solutionsgroup.com hotjar.com designer-api.hu-manity.co region1.analytics.google.com tags.srv.stackadapt.com; media-src 'self' ssl.gstatic.com www.alfatravel.co.uk; child-src 'self' vars.hotjar.com www.google.com; frame-src 'self' vars.hotjar.com staticxx.facebook.com www.googletagmanager.com www.facebook.com web.facebook.com bid.g.doubleclick.net mozbar.moz.com www.google.com 49817b22-010e-431a-a361-fe015e221575.rlets.com onpageload 'unsafe-eval' div.show smartslider3.com https://ecommscript-integrationapp.trustpilot.com/ ecommplugins-scripts.trustpilot.com widget.trustpilot.com; worker-src 'self'; frame-ancestors 'self' 'unsafe-eval'; form-action 'self' news-alfatravel.co.uk www.coachholidays.com www.ipg-online.com; report-uri https://alfatravel.report-uri.com/r/d/csp/enforce 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.hotjar.io *.remus.eu *.remususa.com *.remusaustralia.com.au *.remus.dk *.remus-canada.com *.remus.ru *.remusexhaust.co.za *.remusuk.com *.remus.ch *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.linkedin.com *.batchgeo.com http://batchgeo.com *.vimeo.com *.facebook.com *.google.com *.google.at *.googletagmanager.com *.usercentrics.eu *.hotjar.com *.hotjar.io libs.na.bambora.com *.klarna.com js.mollie.com google.com gstatic.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com maps.googleapis.com maps.gstatic.com https://www.remus.eu https://remus.eu http://www.remus.eu http://remus.eu http://remususa.com http://remusaustralia.com.au http://remus.dk http://remus-canada.com http://remus.ru http://remusexhaust.co.za http://remusuk.com http://remus.ch *.facebook.com *.mailchimp.com mcusercontent.com *.google.com *.google.at *.usercentrics.eu *.hotjar.com *.hotjar.io cdn.na.bambora.com x.klarnacdn.net https://www.mollie.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://www.googletagmanager.com/gtm.js *.googletagmanager.com https://chimpstatic.com/ *.mailchimp.com *.list-manage.com https://ws.sharethis.com/button/buttons.js https://ws.sharethis.com/button/async-buttons.js https://platform.linkedin.com/in.js https://www.linkedin.com/pages-extensions/FollowCompany.js https://static.zotabox.com https://connect.facebook.net *.hotjar.com *.hotjar.io *.usercentrics.eu libs.na.bambora.com x.klarnacdn.net js.mollie.com google.com gstatic.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com https://www.remus.eu https://remus.eu http://www.remus.eu http://remus.eu http://remususa.com http://remusaustralia.com.au http://remus.dk http://remus-canada.com http://remus.ru http://remusexhaust.co.za http://remusuk.com http://remus.ch https://cdnjs.cloudflare.com *.mailchimp.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://stats.zotabox.com *.facebook.com *.doubleclick.net *.google.com *.google.at *.googletagmanager.com *.usercentrics.eu *.hotjar.com *.hotjar.io wss://*.hotjar.com *.klarnaevt.com google.com gstatic.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors mac-jeans.docker.dev.1drop.de mac-jeans.docker *.mac-jeans.com mac-jeans.com consent-api.service.consent.usercentrics.eu consent-rt-ret.service.consent.usercentrics.eu 1
default-src 'none'; base-uri 'self'; form-action 'self' https://dataplane.substack.com; script-src 'self' https://dataplane.substack.com 'sha256-W105M4zyxgBCYaCnpCPTO26mi7o7mStnSulFu4rNgRc=' https://cdnjs.cloudflare.com; style-src 'unsafe-hashes' 'self' 'sha256-6tzo8E2QXk9Q1hPlgW8haLONoOBIfDUVFvsw0LvHiZM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OTeu7NEHDo6qutIWo0F2TmYrDhsKWCzrUgGoxxHGJ8o=' 'sha256-wS7xf+bhXBr5EM064hQkAW0vX3ks5VoxbGn+KQC/Vhk=' 'sha256-fviu5RwuBYFcCd5CDanhy6NCLufcwvCAbm061aSqhoQ=' 'sha256-cxL35Ug49Sl1zHMOdz/r0xinQ6BYGgClHdDCk2XPTzE=' 'sha256-wS7xf+bhXBr5EM064hQkAW0vX3ks5VoxbGn+KQC/Vhk='; img-src 'self'; manifest-src 'self'; frame-src https://dataplane.substack.com; frame-ancestors 'none'; font-src 'self'; 1
script-src 'report-sample' data: 'nonce-211d3dcdb2ecb7839e62c84783e74c92-argus' 'strict-dynamic' 'self' 'unsafe-eval' blob: *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.baidu.com *.byteimg.com; connect-src 'self' *.bytedance.net *.snssdk.com *.zijieapi.com *.byted.org *.ugsdk.cn *.bytedance.com hm.baidu.com *.usergrowth.com.cn *.bytescm.com *.toutiao.com *.yhgfb-cn-static.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytetos.com *.ibytedapm.com *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.byteimg.com; frame-ancestors 'self' *.feishu.cn; report-to slardar-endpoint; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://*.cookiebot.com https://static.cdn.prismic.io https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.ovpay.app https://*.cdn.prismic.io https://*.in.applicationinsights.azure.com https://stdisruptionsprod.blob.core.windows.net https://*.cookiebot.com; img-src 'self' https://*.cdn.prismic.io https://images.prismic.io https://*.cookiebot.com https://i.ytimg.com; frame-src https://*.prismic.io https://*.cookiebot.com https://www.youtube.com 1
frame-ancestors https://indigo.ai https://*.indigo.ai https://netcommforum.liveforum.space; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src wss: blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src wss: 'self' https: *.amazonaws.com *.ggauthx.com *.mapbox.com  data: *.accesso.com *.noibu.com ; img-src 'self' https: data: blob:; font-src 'self' data: https: ; 1
default-src * data: blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; frame-src *;font-src * data: blob:; 1
default-src 'self' https://www.google.com/ https://www.google-analytics.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://optanon.blob.core.windows.net/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/ https://cdn.jsdelivr.net https://code.jquery.com/ https://geolocation.onetrust.com https://www.google.com https://static.addtoany.com https://www.gstatic.com https://vjs.zencdn.net https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net http://www.googletagmanager.com/ https://unpkg.com/; form-action 'self'; style-src 'self' 'unsafe-inline' https://apis.google.com https://optanon.blob.core.windows.net/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/ https://cdn.jsdelivr.net https://code.jquery.com/ https://geolocation.onetrust.com https://www.google.com https://static.addtoany.com https://www.gstatic.com https://vjs.zencdn.net https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com https://pro.fontawesome.com/ https://unpkg.com; font-src 'self' https://pro.fontawesome.com/ https://fonts.gstatic.com/ 1
font-src *; frame-ancestors 'self'  1
require-trusted-types-for 'script';report-uri /_/LabsTailwindMarketing/cspreport 1
script-src 'nonce-YzFjMmYwMTVjOWYzZmNjZg==' 'nonce-N2MxNmMxN2IzYzExODM1Mg==' 'nonce-ZDZjNTgzMzI1ZjE3MTJkNQ==' 'nonce-YzgyMTlmNzQyZjVlYmRjNQ==' 'nonce-NjkyN2EyNDRlZGJmZTRhMA==' 'nonce-ZjMxMjI2ZDM5NThkYzI2MQ==' 'nonce-ODliZTZjOTgyMTE0ODhjNQ==' 1
default-src 'self' www.google.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.google-analytics.com region1.analytics.google.com; img-src 'self' www.google.com www.google.pl maps.googleapis.com maps.gstatic.com secure.gravatar.com s.w.org *.tile.openstreetmap.org www.google-analytics.com region1.analytics.google.com data:; script-src 'unsafe-inline' 'unsafe-eval' al-test.pl aliorleasing.pl www.google-analytics.com skk.erecruiter.pl maps.googleapis.com www.google.com cdnjs.cloudflare.com use.fontawesome.com www.googletagmanager.com *.gstatic.com gstatic.com use.fontawesome.com unpkg.com; style-src 'unsafe-inline' al-test.pl aliorleasing.pl skk.erecruiter.pl fonts.googleapis.com cdnjs.cloudflare.com use.fontawesome.com unpkg.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:;" 1
default-src 'self' https://*.getprintbox.com; connect-src o2.mouseflow.com sumo.com media.sumo.com https://analytics.tiktok.com https://gtm.lalapix.com/ https://api-js.mixpanel.com 'self' blob: lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com pbx2-brian.s3.amazonaws.com pbx2-brian.s3.eu-central-1.amazonaws.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com printbox-js.s3.amazonaws.com https://*.getprintbox.com https://dbg.getprintbox.com:8888 https://*.printboxteam.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.bing.com https://*.olark.com wss://*.zopim.com https://*.zopim.com https://stats.g.doubleclick.net https://www.paypal.com https://*.stripe.com https://*.hotjar.com wss://*.hotjar.com wss://*.getprintbox.com https://*.googleapis.com https://*.smartsupp.com wss://*.smartsupp.com https://api.instagram.com https://graph.instagram.com https://*.facebook.net https://*.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://*.nets.com.sg https://*.enets.sg; script-src *.sumome.com *.sumo.com sumo.b-cdn.net https://cdn.omise.co https://static.ads-twitter.com https://analytics.tiktok.com https://dev-kpaymentgateway.kasikornbank.com 'self' lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8000 https://dbg.getprintbox.com:8888 'unsafe-inline' 'unsafe-eval' https://*.getprintbox.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.google.com https://*.google.pl https://*.google.dk https://*.googleapis.com https://*.googletagmanager.com https://*.bing.com https://*.gstatic.com https://*.google-analytics.com https://cdn.mouseflow.com https://*.facebook.net https://api.instagram.com https://api.flickr.com https://*.twitter.com https://*.pinterest.com https://cdn.klarna.com https://*.stripe.com https://*.olark.com https://chimpstatic.com https://*.zopim.com https://*.bootstrapcdn.com https://cdn.tinymce.com https://www.paypal.com https://www.paypalobjects.com https://*.hotjar.com https://*.prestashop.com https://auth-server.herokuapp.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.ytimg.com/ https://smartsupp-widget-161959.c.cdn77.org https://bootstrap.smartsuppchat.com https://www.smartsuppchat.com https://tagmanager.google.com https://*.enets.sg; img-src https://analytics.tiktok.com 'self' data: blob: https: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com; style-src sumo.b-cdn.net *.sumo.com 'self' 'unsafe-inline' printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://*.olark.com https://*.bootstrapcdn.com https://*.prestashop.com https://cdnjs.cloudflare.com https://smartsupp-widget-161959.c.cdn77.org https://tagmanager.google.com https://*.enets.sg; font-src 'self' data: blob: lalapix.com lalapix.getprintbox.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://*.hotjar.com https://*.prestashop.com https://cdnjs.cloudflare.com https://*.zopim.com https://smartsupp-widget-161959.c.cdn77.org https://*.enets.sg; frame-src https://vault.omise.co/ bytedance: sslocal: 'self' lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com https://*.getprintbox.com https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://cdn.klarna.com https://*.prestashop.com https://*.stripe.com https://*.cardinalcommerce.com https://*.olark.com https://*.twitter.com https://*.hotjar.com https://*.googleapis.com https://bid.g.doubleclick.net; media-src 'self' https://dbg.getprintbox.com:8888 https://*.olark.com https://smartsupp-widget-161959.c.cdn77.org; object-src 'none'; report-uri https://sentry.getprintbox.com/api/48/security/?sentry_key=67bc25495b504a2488cb2aa64ff50c4f; 1
frame-ancestors 'self' https://rbi-okta.read.inkling.com plk.docebosaas.com www.popeyesacademy.com 1
report-uri https://fides.ch 1
default-src 'self' www.google-analytics.com *.honda.com.ar honda.com.ar; img-src 'self' www.google-analytics.com *.afip.gob.ar *.honda.com.ar honda.com.ar; script-src 'self' 'unsafe-inline' www.google-analytics.com unpkg.com www.googletagmanager.com *.honda.com.ar honda.com.ar; style-src 'self' unpkg.com *.honda.com.ar honda.com.ar; base-uri 'self' *.honda.com.ar honda.com.ar; form-action 'self' *.honda.com.ar honda.com.ar; font-src 'self' data: *.honda.com.ar honda.com.ar; style-src-attr 'self' 'unsafe-inline' unpkg.com  *.honda.com.ar honda.com.ar; style-src-elem 'self' 'unsafe-inline' unpkg.com  *.honda.com.ar honda.com.ar; 1
default-src 'self' *.azurewebsites.net *.herokuapp.com *.gob.mx *.googleapis.com *.google-analytics.com sandbox.mifiel.com *.mifiel.co ajax.google-analytics.com *.prodarshield.com 'unsafe-inline' ; font-src *;img-src * *.prodarshield.com data:; script-src code.jquery.com * 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src *.azurewebsites.net wss://ws-portal-federado.herokuapp.com *.herokuapp.com *.google-analytics.com; frame-src * blob: 1
script-src 'report-sample' 'nonce-PUfsYvmF-pVfkGNcF-o5Ww' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src 'none'; script-src 'self' 'nonce-DGNnf18ncaBTfn29fn8e9h3cdfa' https://unpkg.com https://js.stripe.com/v3/ https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.cloudfront.net  https://*.s3.amazonaws.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://unpkg.com https://unpkg.com/flickity@2/dist/flickity.min.css https://unpkg.com/flickity-fade@1/flickity-fade.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.cloudfront.net https://*.s3.amazonaws.com https://stackpath.bootstrapcdn.com https://p.typekit.net https://use.typekit.net; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://*.cloudfront.net; img-src 'self' data: https://secure.gravatar.com https://maps.gstatic.com https://maps.googleapis.com https://*.cloudfront.net https://*.s3.amazonaws.com https://www.google-analytics.com https://mongoose-stock-v2-live-storage.s3.eu-west-2.amazonaws.com https://mongoose-stock-v2-staging-storage.s3.eu-west-2.amazonaws.com; frame-src 'self' https://www.google.com https://js.stripe.com https://www.youtube.com/ https://www.youtube-nocookie.com/; child-src 'self' https://www.google.com https://js.stripe.com https://www.youtube.com/ https://www.youtube-nocookie.com/; object-src 'nonce-DGNnf18ncaBTfn29fn8e9h3cdfa'; frame-ancestors 'self'; base-uri 'none'; form-action 'self'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; 1
frame-ancestors 'self' digi.secure.force.com https://app.storyblok.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.hsforms.net https://polyfill.io https://unpkg.com https://vjs.zencdn.net https://www.google.com maps.google.com; script-src-attr 'none'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self'; report-uri https://havi.com/report-uri/enforce 1
frame-src 'self' insight.adsrvr.org *.hotjar.com *.youtube.com *.google.com *.googlevideo.com *.googleapis.com *.youtube-nocookie.com *.doubleclick.net 1
base-uri 'self' *.addthis.com;connect-src 'self' *.google-analytics.com *.crazyegg.com;default-src 'self';frame-src 'self' *.google.com *.googleapis.com *.twitter.com html5-player.libsyn.com *.addthis.com;font-src 'self' *.cloudflare.com *.bootstrapcdn.com fonts.gstatic.com;script-src *.stroock.com *.herrmanneasyedit.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com unpkg.com *.bootstrapcdn.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com apis.google.com *.google.com *.gstatic.com *.googleapis.com *.crazyegg.com *.twitter.com *.jquery.com *.jsdelivr.net siteimproveanalytics.com *.moatads.com *.addthisedge.com *.addthis.com;style-src *.stroock.com *.herrmanneasyedit.com 'unsafe-inline' *.cloudflare.com unpkg.com *.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net;form-action *.stroock.com *.herrmanneasyedit.com;img-src * 'unsafe-inline' data:;object-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.porn.sc/csp-reports; report-to csp-endpoint 1
default-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.google.co.uk *.realytics.io *.realytics.net cdn.jsdelivr.net *.youtube.com https://*.clarity.ms https://*.bing.com https://*.affilae.com *.facebook.com https://*.google-analytics.com https://*.facebook.net https://*.licdn.com https://*.doubleclick.net *.google.com *.gstatic.com artetfenetres.script.admo.tv; frame-ancestors 'self' http://localhost:3000/ http://localhost:8080 http://configurateur-facade.aetf.noksi.pro/ https://bornes.artetfenetres.com/ https://borne.artetfenetres.com/ https://aetf-borne.local.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.realytics.io *.realytics.net googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.clarity.ms *.affilae.com *.google-analytics.com *.facebook.net *.bing.com *.licdn.com *.privacy-center.org *.googletagmanager.com  artetfenetres.script.admo.tv *.kameleoon.eu *.gstatic.com *.kameleon.com; connect-src *.google.com *.googlesyndication.com google.com *.realytics.io *.realytics.net *.google.co.uk *.google.fr *.ads.linkedin.com *.doubleclick.net *.bing.com *.googleapis.com maps.googleapis.com *.artetfenetres.com *.clarity.ms *.oribi.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.privacy-center.org; img-src 'self' data: 'unsafe-inline' *.ads.linkedin.com *.google.co.uk *.clarity.ms *.linkedin.com *.facebook.com *.bing.com *.google-analytics.com *.googletagmanager.com *.artetfenetres.com *.kameleoon.eu *.doubleclick.net *.kameleoon.com *.google.com *.affilae.com *.tradedoubler.com *.google.fr 1
img-src 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.mailerlite.com ajax.cloudflare.com  https://s.kk-resources.com  https://prod.flixgvid.flix360.io https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://tracking.channelsight.com https://static-v.tawk.to https://media.flixcar.com https://t.flix360.com https://media.flixfacts.com https://eu1-search.doofinder.com https://zurb.com https://*.paypal.com https://*.paypalobjects.com https://*.googleapis.com https://s.ytimg.com https://www.youtube.com https://apis.google.com https://cdn.mailerlite.com https://*.doubleclick.net https://www.googleadservices.com https://djtflbt20bdde.cloudfront.net https://www.google-analytics.com https://cdn.doofinder.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://aplazame.com https://cdn.aplazame.com https://tagmanager.google.com https://www.googletagmanager.com https://static.mailerlite.com https://ssl.google-analytics.com https://statics.lifeinformatica.com https://embed.tawk.to https://connect.facebook.net https://tracker.metricool.com https://*.cs.1worldsync.com https://ws.cnetcontent.com; img-src 'self' data: https://s3.amazonaws.com https://s.kelkoo.com https://s.kelkoogroup.net https://img-prod-cms-rt-microsoft-com.akamaized.net https://cdn.doofinder.com https://chart.googleapis.com https://cc.cs.1worldsync.com https://fonts.gstatic.com https://i.dell.com https://embed.tawk.to https://media.flixfacts.com https://rt.flix360.com https://media.flixcar.com https://www.googletagmanager.com https://www.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com https://www.gigabyte.com https://gethatch.com https://updates.themepunch-ext-b.tools https://img.youtube.com https://images.samsung.com https://www.lenovo.com https://sta3-nzxtcorporation.netdna-ssl.com https://www.google.es https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://www.facebook.com https://track.mailerlite.com https://cdn.jsdelivr.net https://secure.gravatar.com https://s.w.org https://s-static.ak.facebook.com https://blogs.windows.com https://*.lifeinformatica.com https://tracker.metricool.com https://cdn.cs.1worldsync.com https://logo.flix360.io https://eu1-doofinderuser.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.mailerlite.com https://assets.mlcdn.com https://cdn.doofinder.com https://stackpath.bootstrapcdn.com https://cdn.aplazame.com https://embed.tawk.to https://media.flixfacts.com https://media.flixcar.com https://googletagmanager.com https://tagmanager.google.com https://djtflbt20bdde.cloudfront.net https://cdn.jsdelivr.net https://static.mailerlite.com https://statics.lifeinformatica.com https://fonts.googleapis.com https://cdn.cs.1worldsync.com; font-src 'self' data: https://fonts.mailerlite.com https://media.flixcar.com https://media.flixfacts.com https://static-v.tawk.to https://use.fontawesome.com https://statics.lifeinformatica.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.tawk.to https://cdn.cs.1worldsync.com; frame-src 'self' https://va.tawk.to https://static.mailerlite.com https://media.flixcar.com https://docs.google.com https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://checkout.aplazame.com https://cdn.aplazame.com https://tpc.googlesyndication.com https://*.doubleclick.net; connect-src 'self' https://media.flixcar.com https://s.kelkoogroup.net https://region1.analytics.google.com https://region1.google-analytics.com wss://eu1-layer.doofinder.com https://*.doofinder.com https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://*.aplazame.com https://*.yoast.com wss://*.tawk.to https://*.tawk.to https://maps.googleapis.com https://pagead2.googlesyndication.com; media-src 'self' data: https://media.lifeinformatica.com https://cdn.cs.1worldsync.com; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net unpkg.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net ajax.googleapis.com www.googletagmanager.com code.jquery.com cdn.auth0.com stackpath.bootstrapcdn.com polyfill.io *.google-analytics.com bat.bing.com cdn.jsdelivr.net wchat.freshchat.com www.youtube.com s.ytimg.com www.googleadservices.com dl.episerver.net snap.licdn.com connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com *.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/api.js https://www.google.com/pagead/conversion_async.js https://js.monitor.azure.com https://js-eu1.hsadspixel.net/fb.js; style-src 'self' 'unsafe-inline' *.analytics.google.com use.typekit.net p.typekit.net wchat.freshchat.com dl.episerver.net fonts.googleapis.com cdn.jsdelivr.net; img-src * data: blob:; font-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com *.cloudfront.net; connect-src 'self' *.analytics.google.com *.linkedin.com *.auth0.com bat.bing.com *.google-analytics.com *.googlesyndication.com stats.g.doubleclick.net ad.doubleclick.net *.hscollectedforms.net maps.googleapis.com https://*.hotjar.com:* https://vc.hotjar.io:* https://ip2c.org/s https://api.localazy.com:* https://delivery.localazy.com:* wss://*.hotjar.com *.hotjar.io google.com/pagead/landing *.google.com *.google.nl cdn.linkedin.oribi.io googleads.g.doubleclick.net https://api-eu1.hubapi.com *.applicationinsights.azure.com https://www.facebook.com/tr/; object-src youtube.com www.youtube.com; frame-src * https://www.google.com/recaptcha/; frame-ancestors 'self'; form-action 'self' cadac.eu.auth0.com *.cadac.com www.youtube.com wchat.freshchat.com *.buckaroo.nl https://www.facebook.com/tr/; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' https: http: 'nonce-gLtyPgOK43nGRKxo' 'nonce-cZirvszNDztWurno' 'nonce-Sy4n1m09dJQ4IIRM' 'nonce-AroanDGbX1rXo/0G' 'nonce-xct4NHUfyv5onPcS' 'nonce-IYa0a9LYUI5TKHGW' 'nonce-SQEGehDv8X6WS02N' 'nonce-J1ob015Xjh0XV0LN' 'nonce-Fi43Au6evhsjYteU' 'nonce-J6X3k5RmukWsOUN7' 'nonce-wT4YyB+vjkyY8AYx' 'nonce-B/5NMl9fUp7LJZfU' 'nonce-24DNj1/l3OmHWTgM' 'nonce-H5pIqyAMIsJoO9yA' 'nonce-m1lgiFxSYFDn+iKX' 'nonce-pGB0D+/D9RQ12al8' 'nonce-VL17U+H0rjC4FWAR' 'nonce-3qMRWncQg1HiCRdg' 'nonce-8TGH11bN+ESHYbAn' 'nonce-KJF5a0mCQhxmPpPh' 'nonce-bGxOk6NET26UHuxo'; img-src 'self'  https: http: www.gstatic.com; frame-src https:; object-src 'none'; base-uri 'none'; default-src data: https: 'self' https://gusweb.blob.core.windows.net/; worker-src 'self' https: http: data: blob:; style-src 'self' 'unsafe-inline';font-src 'self' https: http: data:,default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';script-src 'self' https: http: 'unsafe-inline'* 1
frame-scr https://library.ymcapps.net 1
default-src 'self'; object-src 'none'; media-src 'self' https://media.nottinghamcollege.ac.uk https://assets.nottinghamcollege.ac.uk; frame-ancestors 'self'; connect-src 'self' https: data: wss:; frame-src 'self' https://www.facebook.com https://platform.twitter.com *.google.com https://bid.g.doubleclick.net https://www.youtube.com https://www.eventbrite.co.uk *.crazyegg.com https://82kn7jb7qx6l.statuspage.io *.livechatinc.com https://discoveruni.gov.uk https://www.recaptcha.net/recaptcha/ https://widget.discoveruni.gov.uk *.chatbot.com; img-src 'self' https: data:; style-src 'self' https://static.nottinghamcollege.ac.uk https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://tagmanager.google.com https://*.crazyegg.com https://script.mocky.com 'unsafe-inline'; script-src 'self' *.nottinghamcollege.ac.uk https://www.googleadservices.com https://googleads.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://connect.facebook.net https://platform.twitter.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://analytics.tiktok.com https://ipmeta.io https://js-agent.newrelic.com https://www.eventbrite.co.uk https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://cdnjs.cloudflare.com https://www.youtube.com https://82kn7jb7qx6l.statuspage.io *.livechatinc.com https://cdn.livechat-static.com https://secure.adnxs.com https://bam.nr-data.net https://bam.eu01.nr-data.net https://bam-cell.nr-data.net https://widget.surveymonkey.com https://static.ads-twitter.com https://r1-t.trackedlink.net *.crazyegg.com https://snap.licdn.com https://www.recaptcha.net/recaptcha/ https://cdn.jsdelivr.net *.chatbot.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://static.nottinghamcollege.ac.uk https://use.typekit.net https://fonts.gstatic.com https://cdn.livechatinc.com; worker-src 'self' blob:; report-uri https://o143267.ingest.sentry.io/api/5547473/security/?sentry_key=b712e6fe58c74f7f8e7561b6e08685b2; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.osii.com https://ajax.googleapis.com https://www.google-analytics.com https://use.typekit.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hci.social; img-src 'self' https: data: blob: https://hci.social; style-src 'self' https://hci.social 'nonce-lM1K1+uVeGJRFAiXpKyJWw=='; media-src 'self' https: data: https://hci.social; frame-src 'self' https:; manifest-src 'self' https://hci.social; form-action 'self'; child-src 'self' blob: https://hci.social; worker-src 'self' blob: https://hci.social; connect-src 'self' data: blob: https://hci.social https://storage.googleapis.com wss://hci.social; script-src 'self' https://hci.social 'wasm-unsafe-eval' 1
frame-ancestors 'self'; object-src *; frame-src *; base-uri *; require-sri-for script 1
object-src 'none';base-uri 'self';script-src 'nonce-DtJGIaSkLiWhWQBDUWcT_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src *; form-action 'self'; 1
base-uri 'self'; connect-src 'self' cdn.jsdelivr.net; default-src 'none'; font-src 'self' cdn.jsdelivr.net; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.selpers.com; 1
frame-ancestors 'self' https://get4click.ru/ http://get4click.ru/ http://webvisor.com https://webvisor.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
default-src 'self' blob: https: wss: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.com www.googletagmanager.com www.youtube.com cdn.jsdelivr.net html5shiv.googlecode.com pi.pardot.com fonts.gstatic.com www.google.com www.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.si go.terme-krka.com wifi.terme-krka.com www.terme-krka.com mailing.terme-krka.si socialplugin.facebook.com s2.adform.net region1.google-analytics.com region1.analytics.google.com socialplugin.facebook.net track.adform.net analytics.tiktok.com s.pinimg.com ct.pinterest.com; 1
frame-ancestors *.cristel.com *.facebook.com 1
default-src 'self' wss://*.hotjar.com www.googletagmanager.com https://open.spotify.com https://embed.podcasts.apple.com https://attestation.android.com w.soundcloud.com *.camoni.co.il *.gstatic.com *.g.doubleclick.net *.onesignal.com onesignal.com *.outbrainimg.com *.outbrain.com youtube.com *.youtube.com *.googlesyndication.com *.google.com *.zoomanalytics.co  *.zoomengage.com       *.google.co.il *.googleadservices.com console.googletagservices.com www.googletagservices.com *.google-analytics.com *.facebook.com *.hotjar.com *.hotjar.io *.addthis.com *.crwdcntrl.net *.vimeo.com *.ted.com *.transistor.fm;;    frame-ancestors 'self' www-ms-israel-co-il.filesusr.com editor.wix.com www-israeli-heart-org.filesusr.com *.israeli-heart.org israeli-heart.org hospitals.clalit.co.il *.clalit.co.il clalit.co.il *.ms-israel.co.il *.camoni.co.il     *.neeman.org.il neeman.org.il *.onesignal.com onesignal.com *.transistor.fm;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.camoni.co.il     d2xerlamkztbb1.cloudfront.net d221oziut8gs4d.cloudfront.net d2z0twhaibasxg.cloudfront.net d2ichgn6omvugs.cloudfront.net d153e9at4fnie6.cloudfront.net d1wu4soocuytwy.cloudfront.net drwfflduv8b86.cloudfront.net d31h7krfuoootc.cloudfront.net d39xfemx07z9k2.cloudfront.net *.defybrick.com *.zoomengage.com     youtube.com *.youtube.com z.moatads.com *.cloudfront.net console.googletagservices.com www.googletagservices.com *.outbrain.com cheqzone.b-cdn.net *.cheqzone.com *.zoomanalytics.co       cdn.onesignal.com onesignal.com *.gstatic.com *.googlesyndication.com *.safeframe.googlesyndication.com *.g.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com       *.crwdcntrl.net *.sekindo.com googleadservices.com *.googleadservices.com *.google.com *.google.co.il *.hotjar.com *.zoomanalytics.co connect.facebook.net cdn.onesignal.com *.addthis.com v1.addthisedge.com;    font-src 'self' *.camoni.co.il fonts.gstatic.com ;    style-src 'self' 'unsafe-inline' *.camoni.co.il onesignal.com fonts.googleapis.com *.gstatic.com;base-uri 'self' *.camoni.co.il;    form-action 'self' *.camoni.co.il www.facebook.com;    img-src 'self' data: *.camoni.co.il *.onesignal.com     d2xerlamkztbb1.cloudfront.net d221oziut8gs4d.cloudfront.net d2z0twhaibasxg.cloudfront.net d2ichgn6omvugs.cloudfront.net d153e9at4fnie6.cloudfront.net d1wu4soocuytwy.cloudfront.net drwfflduv8b86.cloudfront.net d31h7krfuoootc.cloudfront.net d39xfemx07z9k2.cloudfront.net *.zoomengage.com     *.outbrainimg.com *.outbrain.com *.cheqzone.com *.facebook.net *.facebook.com     *.google.com *.google.co.il *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.safeframe.googlesyndication.com     *.sekindo.com *.safeframe.googlesyndication.com *.google-analytics.com *.cloudfront.net *.ytimg.com *.vimeocdn.com *.tedcdn.com; 1
frame-ancestors 'self' https://www.traceinternational.org 1
default-src 'self' 'unsafe-inline' https: wss: data: *; script-src https: wss: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com; object-src 'none'; 1
default-src 'self' https://* wss://*.hotjar.com https://script.hotjar.com *.pusher.com *.pusherapp.com wss://*.pusher.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://cardflip.twistoo.co https://*.twistoo.co https://fonts.googleapis.com https://cdn.luigisbox.com https://onesignal.com; img-src 'self' data: https://*; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdn.livechatinc.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' https:; connect-src 'self' https:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDVjZTcyNzZiZjNhNDA1NDk3MGNlYWQxMjQwN2ZhOWU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.donorregister.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.donorregister.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.donorregister.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' servedby.revive-adserver.net banner.isn.nl fonts.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com code.jquery.com maxcdn.bootstrapcdn.com youtube.com www.youtube.com stats.g.doubleclick.net; img-src * data:; 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'; worker-src 'self'; font-src 'self'; media-src 'self'; frame-src 'self'; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
frame-ancestors 'self' https://livezilla.centerpointe.com; 1
base-uri 'none'; default-src 'none'; script-src 'self' *.sdelkino.com 'unsafe-inline' 'unsafe-eval' *.yandex.ru yastatic.net www.google-analytics.com *.googleapis.com adservice.google.ru adservice.google.com www.googletagservices.com d2wy8f7a9ursnm.cloudfront.net pagead2.googlesyndication.com code.jquery.com cdnjs.cloudflare.com api.mapbox.com partner.googleadservices.com tpc.googlesyndication.com; img-src 'self' *.sdelkino.com www.google.com *.gstatic.com *.googleapis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net notify.bugsnag.com vk.com *.yandex.net *.yandex.ru data: api.mapbox.com; style-src 'self' *.sdelkino.com 'unsafe-inline' *.googleapis.com; connect-src 'self' *.yandex.ru yandex.ru www.google-analytics.com maps.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net tpc.googlesyndication.com; frame-src www.sdelkino.com googleads.g.doubleclick.net yastatic.net st.yandexadexchange.net tpc.googlesyndication.com www.google.com; frame-ancestors *.sdelkino.com vk.com; form-action 'self' money.yandex.ru merchant.roboxchange.com yoomoney.ru; font-src *.gstatic.com 1
frame-ancestors 'self' kiosk.managedway.com; 1
object-src 'none'; frame-ancestors 'self' https://*.apkfree.com/ https://*.apkemulator.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.googleapis.com https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ 1
child-src 'self' blob:; connect-src * data:; default-src 'self' https://*.cashconverters.co.nz https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.apple.com https://*.apple-mapkit.com https://*.bugsnag.com https://*.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.smooch.io https://connect.facebook.net https://fonts.googleapis.com; frame-src https://netverify.com https://creditsense.com.au https://logs.creditsense.io https://*.hotjar.com https://*.doubleclick.net https://www.facebook.com https://*.cashconverters.co.nz https://*.zendesk.com; font-src 'self' https://fonts.gstatic.com https://*.zopim.com https://*.zendesk.com data:; img-src * blob: data:; media-src *; object-src 'none'; prefetch-src 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://creditsense.com.au https://www.googletagmanager.com https://www.google.com https://tagmanager.google.com https://www.googleadservices.com https://connect.facebook.net https://*.doubleclick.net https://s.ytimg.com https://*.google-analytics.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com https://*.smooch.io https://*.hotjar.com https://6dadc58e31982fd9f0be-d4a1ccb0c1936ef2a5b7f304db75b8a4.ssl.cf4.rackcdn.com https://cdn.apple-mapkit.com blob:; style-src * 'unsafe-inline'; report-uri https://cashconverters.report-uri.com/r/d/csp/enforce 1
object-src 'none'; base-uri 'none';; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.companyhero.com https://*.campusinc.com.br https://staging.herosvc.com 1
frame-ancestors 'self' coin.zerodha.com coin.zerodha.net ; 1
default-src 'unsafe-inline' 'unsafe-eval' doronjo.murc.jp milenjo.murc.jp marjo.murc.jp academy.murc.jp murc-kawasesouba.jp www.murc-kawasesouba.jp www.google-analytics.com bizsearch.murc.jp wf.typesquare.com 1
default-src 'self'  'unsafe-inline' 'unsafe-eval'   https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.googleapis.com https://*.gstatic.com https://polyfill.io https://*.cloudflare.com https://*.jsdelivr.net https://*.jquery.com; script-src-elem 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.googleapis.com https://*.gstatic.com https://polyfill.io https://*.cloudflare.com https://*.jsdelivr.net https://*.jquery.com; img-src 'self' 'unsafe-inline' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com https://*.googleapis.com https://*.gstatic.com https://polyfill.io https://*.cloudflare.com https://*.jsdelivr.net https://*.jquery.com 1
default-src 'self'; script-src 'self'  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://e1ec56c97db04b858c134ee6093a77f9.js.ubembed.com https://assets.ubembed.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: http://c.seznam.cz; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://cdn.mundipagg.com https://api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://stats.g.doubleclick.net https://staticfiles.yviews.com.br https://service.yourviews.com.br https://yv-misc.s3.amazonaws.com https://img.youtube.com https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://device.clearsale.com.br https://device.clearsale.com.br/m/cs.js https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com https://cdn.awsli.com.br https://h.online-metrix.net https://commerce.adobedtm.com https://js-agent.newrelic.com/ https://consent.cookiefirst.com/ *.hotjar.com *.hotjar.io *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; object-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; media-src *.adobe.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; manifest-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://api.mundipagg.com https://api.pagar.me api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.hotjar.com *.hotjar.io ws://ws.hotjar.com *.yourviews.com.br *.yviews.com.br *.cloudflare.com https://viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com http: https: blob: 'self' 'unsafe-inline'; default-src https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://commerce.adobedc.net https://commerce.adobedtm.com https://*.gstatic.com https://*.google.com https://*.google.com.br https://*.googleadservices.com https://google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.facebook.com https://*.facebook.com.br https://*.facebook.net https://*.rdstation.com.br https://*.cloudfront.net https://*.amazonaws.com https://gstatic.com https://google.com https://google.com.br https://googleadservices.com https://*.google-analytics.com  https://googletagmanager.com https://googleapis.com https://g.doubleclick.net https://uc.r.appspot.com https://facebook.com https://facebook.com.br https://facebook.net https://rdstation.com.br https://cloudfront.net https://amazonaws.com 'self' data: 'unsafe-inline' data: https://consent.cookiefirst.com/ *.yourviews.com.br *.yviews.com.br *.cloudflare.com 'self' 'unsafe-inline'; 1
report-uri /es/contacto 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';img-src * data: 1
frame-ancestors 'self'  https://flashpegasus.com.br/ https://rotas.flashpegasus.com.br/ https://www.flashpegasus.com.br/  https://flashpegasus.jall.com.br https://pegasus.flashpegasus.com.br/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js  https://xhr.spec.whatwg.org  https://storage.googleapis.com/ ;default-src 'self' https://flashlog.jall.com.br https://127.0.0.1:* wss://127.0.0.1:* https://locker.flashpegasus.com.br https://177.154.146.97/ https://flashpegasus.com.br/ https://pegasus.flashpegasus.com.br/  https://storage.googleapis.com/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://rotas.flashpegasus.com.br/ https://www.google-analytics.com https://www.googletagmanager.com/ pegasus.flashpegasus.com.br/  https://storage.googleapis.com/ ; style-src 'self' 'unsafe-inline'; report-uri csper.io/; object-src 'none'; upgrade-insecure-requests; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://www.gstatic.com/ https://www.google.com/ https://flashpegasus.com.br/ https://www.googletagmanager.com/ https://www.google-analytics.com/ ; connect-src  'self' https://flashlog.jall.com.br/ https://servicosdig.flashpegasus.com.br/ https://127.0.0.1:* wss://127.0.0.1:* https://www.google-analytics.com https://pegasus.flashpegasus.com.br/ https://flashpegasus.com.br/ https://storage.googleapis.com/ ; img-src 'self'  blob: cadastroCourier.xhtml:0 cadastroCourier.xhtml:1 https://pegasus.flashpegasus.com.br https://flashpegasus.com.br https://www.googletagmanager.com/ https://www.google-analytics.com/ https://127.0.0.1:* data: https://storage.googleapis.com/; base-uri 'self' ; frame-src 'self' https://www.google.com/ servicosdig.flashpegasus.com.br https://flashpegasus.com.br/ https://www.flashpegasus.com.br/ https://jall.com.br https://177.154.146.97:8081 https://rotas.flashpegasus.com.br 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://chat.kindlycdn.com 'self' wss://sage.kindly.ai wss://ws-eu.pusher.com wss://streaming.mypurecloud.ie 1
default-src 'self' *.gompels.co.uk;           script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://www.gstatic.com https://static.openreplay.com js.honeybadger.io *.tawk.to fonts.googleapis.com cdn.jsdelivr.net www.youtube.com;           img-src 'self' data: s3-eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com www.googletagmanager.com *.tawk.to cdn.jsdelivr.net tawk.link pclportal.mhra.gov.uk img.youtube.com;           style-src 'self' 'unsafe-inline' *.tawk.to fonts.googleapis.com https://www.gstatic.com cdn.jsdelivr.net;           connect-src 'self' data: *.gompels.co.uk gompelsopencart.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://openreplay-ghc.gompels.com api.ideal-postcodes.co.uk *.tawk.to wss://*.tawk.to;           font-src *.tawk.to fonts.gstatic.com;           frame-src 'self' *.gompels.co.uk gompelsopencart.s3.amazonaws.com *.tawk.to youtube.com www.youtube.com www.youtube-nocookie.com https://www.openstreetmap.org;           frame-ancestors 'self' youtube.com;           worker-src blob:;           object-src 'none'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://lantern.roeyecdn.com https://lantern.roeye.com blob: https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.com.tw https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.tw https://m.lookfantastic.com.tw https://checkout.lookfantastic.com.tw https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://static.thgcdn.cn https://*.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.pelatologio.gr; 1
frame-ancestors 'self' https://www.altays-progiciels.com 1
default-src * data: 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src * blob:; child-src blob: gap:; img-src * blob: data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; object-src * data: 'unsafe-inline'; prefetch-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline'; connect-src * 'self'  blob: data: 'unsafe-inline'; 1
report-uri /csp_error;default-src 'self';connect-src * blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' https://ajax.googleapis.com https://www.facebook.com connect.facebook.net https://stats.g.doubleclick.net https://www.googletagmanager.com *.lfeeder.com tagmanager.google.com https://scripts.simpleanalyticscdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fi;img-src 'self' data: blob: https: www.googletagmanager.com https://queue.simpleanalyticscdn.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com;font-src 'self' data: *.gstatic.com https://assets.sendinblue.com/;style-src 'self' 'unsafe-inline' https://www.facebook.com https://tagmanager.google.com;frame-src 'self' *;media-src 'self' blob:;manifest-src *;object-src 'none';base-uri 'self';worker-src 'self' blob:;child-src blob: 1
upgrade-insecure-requests; frame-ancestors self https://iqos.com https://*.iqos.com; 1
frame-ancestors 'self' https://*.kinderloop.com https://*.v.smartcentral.net; 1
frame-ancestors *.insideevs.fr insideevs.fr 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; worker-src 'self'; 1
frame-ancestors *.myautoloan.com *.carsaver.com 1
default-src 'self' 'unsafe-inline' *.gstatic.com *.google.com stackpath.bootstrapcdn.com *.googleapis.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net *.redditstatic.com snap.licdn.com code.jquery.com *.wallester.com; img-src * data:; media-src 'self' blob: data: 1
frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1
base-uri 'self'; default-src https: wss://*.hotjar.com 'self'; font-src https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com 'self'; form-action https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.sagepay.com 'self'; frame-ancestors 'self'; frame-src https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.freshdesk.com https://*.freshworks.com https://*.google.com https://*.hotjar.com https://*.rsa3dsauth.co.uk https://*.sagepay.com https://*.stripe.com https://*.trustpilot.com https://*.youtube.com 'self'; img-src data: https: 'self'; media-src 'none'; object-src 'none'; script-src https://*.algolia.net https://*.algolianet.com https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.freshdesk.com https://*.freshworks.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googlecommerce.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ideal-postcodes.co.uk https://*.jquery.com https://*.onetrust.com https://*.snapengage.com https://*.stripe.com https://*.tiny.cloud https://*.tinymce.com https://*.trustpilot.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://dhsspares.report-uri.com/r/d/csp/enforce 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de ebikes.us3.list-manage.com *.canadapost.ca https://sso.epost.ca 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.gstatic.com blob: api.demo.convergepay.com api.convergepay.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.gstatic.com https://img.youtube.com mageside.com *.canadapost.ca *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.devdocs.magento.com *.magento.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com api.demo.convergepay.com api.convergepay.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://www.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.devdocs.magento.com *.google-analytics.com https://www.gstatic.com api.demo.convergepay.com api.convergepay.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com 1
frame-ancestors 'self' https://webcargonet.com https://*.webcargonet.com https://freightos.com https://*.freightos.com https://clearit.ca https://*.clearit.ca https://clearitusa.com https://*.clearitusa.com https://7lfreight.com https://*.7lfreight.com https://cotasystems.com/ https://*.cotasystems.com/; 1
script-src 'self' 'sha256-q3WPosO4ONuL9p9ddEof/RtCIL08oBEgIPy68LjtLi8=' 'sha256-tMi+Pw5dWcckZaS5akdDvLbCRNPU47NUC7hBXzfNY9o=' 'sha256-rl5eji7XRCo2LMjj9lSpETeAroYm6eXnYZ57qpVunAQ=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-PjdrWslsi4D6PN2ig+ljhmG5YLxPL647O0B9KAK8+lk=' 'sha256-51q9Jkddg0uc+3FW6ecf6jkMOr8hVAVNsxsw7gNqjjk=' 'sha256-Xh45oAnXb7apbW4QE7QEbCe4zGVzgNybHVUWDG6nMc0=' 'sha256-cWlUrd0XAxbUuEowrgGTAJOgrrFZ+Zg7KoqM0zoJi/c=' 'sha256-DRZpXPn1GCIU7BPkJ/xb/k/iZ9VtNhB0kL+R0rAyVOo=' 'sha256-MlR+o2h5r9m8DdZk1GxjLKOiL57reuEkcKKNf5Q/Xk0=' 'sha256-5z0mqfXoQdaswiTfD0q5tdra5kMX3TaXEcjX8FbSJ9c=' 'sha256-U3i1w5pESFxExrmA/RmoulibY0UtRJ6+N061RYm8GzQ=' 'sha256-iiOEk8AzgueoHkB1wHTEuNyZzJ7PvNGcU8Cf3C6QknM=' 'sha256-P3SvISywA0roA0BYCMQYftzdU53nkW8e/5A/Pqa0Zk4=' 'sha256-USTrNh+UNt+mBiIBvECPo0xWO3Z9yuN4yGO4XXSCqv8=' 'sha256-1OJoWFTRiz5Qn0QNWZG5lJWTi4v5otVmw+QefdOjXOg=' 'sha256-OpsdwbNy6088hMQRrp63vUqHaaEPpgKXuH18niYVZ34=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-sWITfQ9rgDwKqksaLnQ9nrqSB5J+KfaUaMNSgpKYL0Y=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-xV97M+lSIvvvSpx63GR/fApoy8sg47XkGkZkkn7RsaU=' 'sha256-FtmNZCwIPFBoItSYSjqyebn0K4W8YbpzinowGObyiZg=' 'sha256-ei+7cqqHXuFtO9PVrcrvAyAFNah0YT48+ecxANvdaik=' 'sha256-hvnpRxZVTvw5G7LyHI5AF8admAm/kEr0s1SkmYWtcN8=' 'sha256-buShqqvpyfyMytAevbY3Cjy6zZFEooyWtg42vUWrhiw=' 'sha256-pEnT8DjKoi+LpcY3MB2rFTqFbcBwMcR/g+iii2HQ2LM=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-ZP3UmfOigbNFUDcrEIKj8yU0+7jeU/C4qxJ/4n4HRQo=' 'sha256-ETgXJJ3OuVkQgNb5lDzSYwJGbxchLQb3VoGwqsfYIGk=' 'sha256-mZWo2sJSmaBLGkgCpXLPpAnnLbfPaO68xCZUgjaMxVM=' 'sha256-ztI/hQqEXQp1679LG8zjtYNYa2ldiTNQJhKeNFmREiY=' 'sha256-ThwGm6ahqfkxEBtaLrV/Zo+m8ikXvcLQR4xvkp6rmug=' 'sha256-XBKoMsWPfwL9SoDgTp5Lz8RshbkmVaxQ14jQri56NjY=' 'sha256-icc0pV/PKFETIr4EibMH9gavAdBt4iL2Q28lk2GspWQ=' 'sha256-032BSw0ElgNhMyldQkJHl1X+Do+kj2rqiaK7rMQpcDs=' 'sha256-wxLN/Ivd2DLbX9YgtTaC3nt3DyofMHoUSFoaxscfjUE=' assets.adobedtm.com www.youtube.com cdn.cookielaw.org js.hs-scripts.com p.teads.tv js.adsrvr.org js.hsadspixel.net js.hs-banner.com js.hs-analytics.net connect.facebook.net demdex.net www.google.com www.gstatic.com www.googletagmanager.com tags.srv.stackadapt.com zn097ucyqha0b5qpt-aramark.siteintercept.qualtrics.com www.googleadservices.com siteintercept.qualtrics.com tag.demandbase.com privacyportaluat.onetrust.com static.hotjar.com script.hotjar.com hotjar.com platform.twitter.com www.instagram.com srv.stackadapt.com www.stackadapt.com 1
frame-ancestors  'self' https://questionpoint.org; 1
default-src https:; script-src https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src 'self' *.wp.com scontent-ort2-2.xx.fbcdn.net https://facebook.com data:; font-src 'self' *.wp.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com wordpress.com data: 1
frame-ancestors 'self' https://kua.com 1
style-src 'self' 'unsafe-inline' hello.myfonts.net https://*.clickdimensions.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; script-src 'self' 'nonce-BxHxQhGi6vptChI6yjaSVUnJoA+BNO7YfiolCU3Hfik=' 'unsafe-inline' 'unsafe-eval' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com https://*.simpli.fi http://fast.wistia.com src.litix.io https://code.jquery.com https://cdn.jsdelivr.net https://*.wistia.com https://*.formsite.com hello.myfonts.net *.googletagmanager.com *.google-analytics.com tagmanager.google.com https://optimize.google.com fast.wistia.net *.hotjar.com https://connect.facebook.net/en_US/sdk.js *.zdassets.com; connect-src 'self' data: *.wistia.com embedwistia-a.akamaihd.net *.hotjar.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.everence.com https://*.hotjar.io https://*.liti https://*.litix.io blob: *.zdassets.com *.zendesk.com; img-src 'self' https: fast.wistia.com www.googletagmanager.com https://*.formsite.com *.google-analytics.com https://optimize.google.com placehold.it data: blob:; child-src 'self' https://fireside.fm/ https://www.youtube.com https://www.facebook.com https://*.formsite.com fast.wistia.com vds.issgovernance.com everence.locatorsearch.com *.everence.com https://*.calvertimpactcapital.org https://calvertimpactcapital.org https://*.calvertimpact.org https://calvertimpact.org https://*.mortgagewebcenter.com https://forms.joinmycu.com https://optimize.google.com https://*.clickdimensions.com https://*.hotjar.com blob:; font-src 'self' data: fast.wistia.com https://*.simpli.fi https://fonts.googleapis.com https://fonts.gstatic.com https://www.everence.com; media-src 'self' *.akamaihd.net fast.wistia.net *.wistia.com blob: data:; form-action 'self' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src self 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http://malsup.github.io/jquery.cycle2.center.js *.gs1pt.org *.vzaar.com *.youtube.com *.doubleclick.net *.cloudflare.com *.google-analytics.com *.google.com *.googleapis.com *.gravatar.com *.gstatic.com *.recheio.pt *.jmartins.com *.cookielaw.org *.onetrust.com *.appdynamics.com *.crazyegg.com *.eum-appdynamics.com *.in.getclicky.com *.blob.core.windows.net egoi.site cdn-te.e-goi.com egoimmerce.e-goi.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gs1pt.org *.vzaar.com *.youtube.com http://malsup.github.io/jquery.cycle2.center.js *.getclicky.com *.facebook.net *.cloudfront.net *.googleadservices.com *.googletagmanager.com *.cloudflare.com *.google-analytics.com *.google.com *.googleapis.com *.gravatar.com *.gstatic.com *.recheio.pt *.jmartins.com *.doubleclick.net *.google.pt *.cookielaw.org *.onetrust.com *.appdynamics.com *.crazyegg.com *.eum-appdynamics.com *.in.getclicky.com *.blob.core.windows.net egoi.site cdn-te.e-goi.com egoimmerce.e-goi.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.gs1pt.org  *.gravatar.com *.gstatic.com *.recheio.pt *.jmartins.com *.doubleclick.net *.googleapis.com *.cookielaw.org *.onetrust.com *.appdynamics.com *.crazyegg.com *.eum-appdynamics.com *.in.getclicky.com *.blob.core.windows.net egoi.site cdn-te.e-goi.com egoimmerce.e-goi.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data:  *.gs1pt.org  *.facebook.com *.google.pt *.recheio.pt *.doubleclick.net *.cloudflare.com *.google-analytics.com *.google.com *.googleapis.com *.gravatar.com *.gstatic.com *.recheio.pt blob: *.jmartins.com *.cookielaw.org *.onetrust.com *.appdynamics.com *.crazyegg.com *.eum-appdynamics.com *.in.getclicky.com *.blob.core.windows.net egoi.site cdn-te.e-goi.com egoimmerce.e-goi.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.jmartins.com *.gravatar.com *.gstatic.com  *.gs1pt.org  *.recheio.pt data: font-family: *.recheio.pt  *.gs1pt.org *.jmartins.com *.googleapis.com *.cookielaw.org *.onetrust.com *.appdynamics.com *.crazyegg.com *.eum-appdynamics.com *.in.getclicky.com *.blob.core.windows.net egoi.site cdn-te.e-goi.com egoimmerce.e-goi.com; 1
default-src https://*.shelf.io https://*.shelf-ssp.com * 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf.io https://*.shelf-ssp.com * 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com https://*.youtube.com https://*.vimeo.com; connect-src https://*.shelf.io https://*.shelf-ssp.com * 'self'; img-src data: https://*.shelf.io https://*.shelf-ssp.com * 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf.io https://*.shelf-ssp.com * 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf.io https://*.shelf-ssp.com * 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; font-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; frame-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; worker-src https://*.shelf.io https://*.shelf-ssp.com blob: 1
default-src *.edinet.info *.iubenda.com www.google.com www.gstatic.com http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self' *.edinet.info; script-src 'self' *.edinet.info *.iubenda.com *.ampproject.org www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' blob: *.taboola.com *.disqus.com *.disquscdn.com *.facebook.net *.ampproject.org code.jquery.com *.quantcast.com *.quantserve.com *.quantcount.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.doubleclick.net *.twitter.com *.googlesyndication.com *.youtube.com *.youtube-nocookie.com *.googleadservices.com *.criteo.com *.google.it *.google.com *.gleamjs.io *.inmobi.com; 1
default-src 'self'; connect-src https://region1.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://www.gstatic.com https://maps.gstatic.com https://ssl.gstatic.com https://maps.googleapis.com/ https://www.upload.ee https://secure.gravatar.com https://www.google-analytics.com https://lh3.googleusercontent.com https://scontent-ams2-1.xx.fbcdn.net https://fonts.gstatic.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com 'self'; frame-ancestors 'none'; form-action https://connect.smashballoon.com/auth/ig/ 'self'; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com bikems.net golfms.org images.google.fr *.nationalmssociety.org msdinnerauction.com thecliniccolorado.com *.eventsforgood.com  nationalmssociety.org eventsforgood.com; report-uri https://secure.nationalmssociety.org/site/XFrameViolation 1
frame-ancestors 'self'; report-uri https://dy0cz51f3b.execute-api.ap-southeast-2.amazonaws.com/report 1
base-uri 'none'; default-src 'self' data: blob: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://maps.googleapis.com https://www.recaptcha.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.dealer-fp-usa.com/ https://play.webvideocore.net/ *.hotjar.com/ https://www.googletagmanager.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-zI3ZLeie17/mQrOZ90U2/J1ZEt+Cq9uyCT4iQwgE1BFxHGd6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://analytics.google.com wss://localhost:44318/SecondHarvest/  https://www.secondharvest.ca https://www.deuxiemerecolte.ca https://bbox.blackbaudhosting.com https://www.facebook.com https://connect.facebook.net http://localhost:9103 https://localhost:44350 https://secondharvest.ca https://secondharvest.azurewebsites.net https://in.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://m.addthis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://ajax.cloudflare.com https://fonts.googleapis.com https://payments.blackbaud.com;img-src 'self' * data:;frame-ancestors 'self' https://www.deuxiemerecolte.ca http://localhost:9103 http://localhost:44379 https://localhost:44350 https://www.secondharvest.ca https://secondharvest.ca https://web-secondharvest-admin-dev.azurewebsites.net/ https://web-secondharvest-admin.azurewebsites.net/ https://admin-dev.secondharvest.ca https://admin.secondharvest.ca;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.deuxiemerecolte.ca https://bbox.blackbaudhosting.com https://connect.facebook.net http://localhost:9103 http://localhost:44379 https://secondharvest.ca https://secondharvest.azurewebsites.net http://s7.addthis.com https://www.youtube.com https://player.vimeo.com https://script.hotjar.com https://static.hotjar.com https://releases.transloadit.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://unpkg.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ajax.cloudflare.com https://code.jquery.com https://cdn.ckeditor.com https://s7.addthis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://boards.greenhouse.io https://sky.blackbaudcdn.net https://payments.blackbaud.com;style-src 'self' 'unsafe-inline' https://www.deuxiemerecolte.ca https://bbox.blackbaudhosting.com http://localhost:9103 http://localhost:44379 https://secondharvest.ca https://secondharvest.azurewebsites.net https://www.youtube.com https://player.vimeo.com https://releases.transloadit.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://payments.blackbaud.com;frame-src 'self' https://www.secondharvest.ca https://www.deuxiemerecolte.ca https://www.facebook.com https://bbox.blackbaudhosting.com https://batchgeo.com http://localhost:9103 http://localhost:44379 https://secondharvest.ca https://secondharvest.azurewebsites.netlocal https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com https://script.hotjar.com https://s7.addthis.com https://www.google.com https://bid.g.doubleclick.net https://www.youtube.com https://boards.greenhouse.io https://cf-ts.mythinkscape.com https://host.nxt.blackbaud.com https://13056546.fls.doubleclick.net https://payments.blackbaud.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;media-src 'self' data:;object-src 'self'; 1
block-all-mixed-content; frame-ancestors 'self'  https://*.dogbible.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pardot.com https://go.nationalmi.com https://play.vidyard.com https://use.fontawesome.com https://*.wp.com https://ssl.google-analytics.com https://documentcloud.adobe.com/view-sdk/ https://www.timevaluecalculators.com/ https://maps.googleapis.com/ https://*.google.com/ https://www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.bdimg.com;style-src 'self' 'unsafe-inline' ; img-src *;  1
default-src 'self' data: 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com anonyome.us2.list-manage.com; style-src 'self' 'unsafe-inline' 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; connect-src 'self' cognito-identity.us-east-1.amazonaws.com pinpoint.us-east-1.amazonaws.com 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; font-src 'self' data: fonts.gstatic.com 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; object-src cognito-identity.us-east-1.amazonaws.com; upgrade-insecure-requests 1
default-src 'self'  12019440.fls.doubleclick.net www.google-analytics.com www.gravatar.com  player.vimeo.com *.vimeocdn.com  packages.umbraco.org our.umbraco.org ssl.gstatic.com www.google.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.farnboroughairshow.com *.googletagmanager.com bat.bing.com connect.facebook.net www.googleadservices.com  googleads.g.doubleclick.net  www.google.com  www.googleanalytics.com  www.google-analytics.com  www.googletagmanager.com  google-analytics.com www.google.com/recaptcha/  www.gstatic.com/recaptcha/ cdnjs.cloudflare.com  ajax.cloudflare.com  static.cloudflareinsights.com *.hotjar.com *.hotjar.io static.ads-twitter.com track.adform.net *.adform.net diffuser-cdn.app-us1.com snap.licdn.com prism.app-us1.com trackcmp.net *.mapbox.com *.hotelmap.com hotelmap.com fonts.gstatic.com;  style-src 'self' 'unsafe-inline' *.google.com *.farnboroughairshow.com cdnjs.cloudflare.com use.fontawesome.com *.mapbox.com *.hotelmap.com https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/;  img-src 'self' blob: data:  *.farnboroughairshow.com *.google-analytics.com  *.analytics.google.com  *.googletagmanager.com  *.g.doubleclick.net  *.google.com  https://www.google.co.in https://www.google.com https://*.hotjar.com https://*.hotjar.io https://*.adform.net https://t.co/ https://analytics.twitter.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://p.adsymptotic.com/ https://bat.bing.com/ https://www.facebook.com/ http://www.w3.org/20 https://i.ytimg.com https://d2isystems.blob.core.windows.net *.mapbox.com *.hotelmap.com hotelmap.com *.cloudfront.net i.travelapi.com https://ad.doubleclick.net/ https://q-xx.bstatic.com/ ;  worker-src blob: ;  child-src blob: ;  font-src 'self' *.farnboroughairshow.com cdnjs.cloudflare.com use.fontawesome.com *.hotjar.com *.hotjar.io *.mapbox.com *.hotelmap.com hotelmap.com fonts.gstatic.com https://use.typekit.net/;  media-src 'self' *.farnboroughairshow.com ;  connect-src 'self' *.farnboroughairshow.com *.google-analytics.com  *.analytics.google.com  *.googletagmanager.com  *.g.doubleclick.net  *.google.com cloudflareinsights.com bat.bing.com *.hotjar.com *.hotjar.io *.adform.net *.mapbox.com *.hotelmap.com static.licdn.com https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com ; ;   frame-src 'self' *.farnboroughairshow.com www.google.com bid.g.doubleclick.net www.google.com/recaptcha recaptcha.google.com/recaptcha *.hotjar.com *.hotjar.io app.groupize.com youtube.com  www.youtube.com *.adform.net 12019440.fls.doubleclick.net app.smartsheet.com https://www.facebook.com/ player.twitch.tv *.mapbox.com *.hotelmap.com hotelmap.com www.hotelmap.com https://td.doubleclick.net/; 1
default-src 'none'; script-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz 'nonce-Zjk0YzZmZDUtZGE3OS00YmNlLWFjNTEtYzhiNTZiOTk5ZTlm' analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; style-src 'self' yastatic.net 'unsafe-inline'; img-src 'self' blob: data: yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; font-src 'self' data: yastatic.net; object-src 'none'; base-uri 'self' yastatic.net; media-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; frame-src 'self' blob: forms.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; connect-src 'self' mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz uaas.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net; child-src blob: mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; manifest-src 'self' yastatic.net; form-action 'self'; report-uri https://csp.yandex.net/csp?from=yango.delivery&project=static-yango&yandex_login=undefined&yandexuid=undefined; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr metrica.yandex.ru metrica.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; 1
frame-ancestors 'self' https://beacon.aisdevio.com/ https://digital.ais.th/ https://monline.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://witches.live; img-src 'self' https: data: blob: https://witches.live; style-src 'self' 'unsafe-inline' https://witches.live; media-src 'self' https: data: https://witches.live; frame-src 'self' https:; manifest-src 'self' https://witches.live; connect-src 'self' data: blob: https://witches.live https://media.witches.live wss://witches.live; script-src 'self' https://witches.live; worker-src 'self' blob: https://witches.live 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; font-src * data:;img-src * data:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; img-src 'self' blob:; media-src 'self' 1
img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.funcao.com.br *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.googletagmanager.com *.google-analytics.com *.azurewebsites.net ; 1
frame-ancestors 'self' *.isportfoy.com.tr 1
frame-ancestors 'self'; frame-src 'self' youtube.com *.youtube.com *.pinterest.com *.facebook.com *.robinhq.com *.sleeknote.com *.google.com *.gstatic.com *.googleanalytics.com *.google-analytics.com  *.googletagmanager.com *.googleapis.com; 1
default-src 'self' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com/ https://22admedia.com/22rtb/355.js; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://connect.facebook.net/fr_FR/sdk.js https://t.mydialoginsight.com https://api.beeroot.io https://bam.eu01.nr-data.net/1/NRJS-7e7de70efc7604444cc https://bat.bing.com https://cdn.doofinder.com/media/js/doofinder-classic.7.latest.min.js https://cdn.doofinder.com https://cl.avis-verifies.com https://dcniko1cv0rz.cloudfront.net/realytics-1.2.min.js https://eu1-search.doofinder.com https://events.sk.ht/lacompagniedulit/lib.js https://i.realytics.io/tc.js https://tp.realytics.io https://tc-sync.realytics.io https://js-agent.newrelic.com/nr-1216.min.js https://media.lacompagniedulit.com/themes/antadis/js/modernizr.js https://cdn.scaleflex.it https://libs.hipay.com/js/sdkjs.js https://libs.hipay.com/hostedfields/loader.js https://libs.hipay.com https://data.hipay.com https://stage-data.hipay.com https://mpsnare.iesnare.com/general5/wdp.js https://mpsnare.iesnare.com/5.5.0/logo.js https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://s.yimg.com/wi/ytc.js https://script.hotjar.com https://static.hotjar.com/c/hotjar-907938.js https://static.zdassets.com https://t.contentsquare.net https://js-agent.newrelic.com https://www.clarity.ms https://cdn.cartsguru.io https://cdn.cookielaw.org https://*.lacompagniedulit.com/ https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.cookielaw.org https://data.perfmaker.net https://tag.perfmaker.net https://*.useinsider.com https://*.retargeted.co https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.googleapis.com/ https://tagmanager.google.com https://libs.hipay.com/themes/material.min.css https://cdn.doofinder.com https://*.perfmaker.net https://www.googletagmanager.com/debug/badge.css https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; object-src https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; base-uri 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com https://googleads.g.doubleclick.net https://www.google.fr https://www.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://libs.hipay.com https://data.hipay.com https://secure-gateway.hipay-tpp.com https://openfpcdn.io https://ekr.zdassets.com/compose/2f1b04c5-1c22-440d-9212-c9c5da549d3a https://e.clarity.ms/collect https://stage-data.hipay.com/checkout-data https://api.beeroot.io https://api.realytics.io https://bam.eu01.nr-data.net https://bat.bing.com https://*.contentsquare.net https://hotjar.com https://in.hotjar.com https://ekr.zendesk.com https://eu1-search.doofinder.com https://integration.carts.guru https://j.clarity.ms https://lacompagniedulit.zendesk.com https://maps.googleapis.com wss://mpsnare.iesnare.com/star https://region1.google-analytics.com https://s.yimg.com https://sk.ht https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://mtm.lacompagniedulit.com/ https://*.perfmaker.net https://*.useinsider.com wss://*.useinsider.com https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.gstatic.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com https://bid.g.doubleclick.net https://www.youtube.com/ https://www.facebook.com https://libs.hipay.com https://stage-data.hipay.com https://11435458.fls.doubleclick.net https://vars.hotjar.com https://www.youtube-nocookie.com https://*.perfmaker.net https://*.avis-verifies.com/ https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.google-analytics.com https://*.google.com https://*.google.fr https://ib.adnxs.com/getuid https://maps.gstatic.com/mapfiles/ https://www.googletagmanager.com https://*.googletagmanager.com https://*.analytics.google.com https://maps.googleapis.com/ https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.facebook.com https://sp.analytics.yahoo.com https://www.lacompagniedulit.com https://media.lacompagniedulit.com https://static1.lacompagniedulit.net https://contentsquare.net https://l.contentsquare.net https://bat.bing.com https://c.contentsquare.net https://cl.avis-verifies.com https://t.mydialoginsight.com https://www.netreviews.eu https://cdn.cookielaw.org https://i.ytimg.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://images.prismic.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; manifest-src 'self' https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; media-src 'self' https://mpsnare.iesnare.com/time.mp3 data: https://static.zdassets.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; report-uri https://62d537b090d65793425d8b0b.endpoint.csper.io/?v=0 https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; child-src 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-ancestors 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.useinsider.com https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; 1
default-src 'self' http://localhost:3035 https://www.datadoghq-browser-agent.com ws: wss: blob: https: http:; font-src 'self' https: data:; img-src 'self' https: http: data: blob:; object-src 'none'; script-src 'self' http://www.googletagmanager.com http://media.twiliocdn.com http://embed.typeform.com http://cdnjs.cloudflare.com https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' blob: https:; report-uri https://surge.report-uri.com/r/d/csp/reportOnly; frame-ancestors 'self' www.surgehq.ai surgeai.webflow.io mturk.com *.mturk.com amazonaws.com *.amazonaws.com http://localhost:3000 https://beta.surgehq.ai https://beta.dataannotation.tech https://app.surgehq.ai https://app.dataannotation.tech https://www.taskup.ai https://taskup.ai https://www.gethybrid.io https://gethybrid.io 1
frame-ancestors https://*.concilio.com 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com  https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/reportOnly; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mosanweb.com *.googleapis.com *.google-analytics.com *.gstatic.com *.google.com *.gravatar.com; report-uri https://mosanweb.com/submitticket.php?step=2&deptid=4 1
default-src 'self'; base-uri 'self'; script-src 'nonce-2cac977664edcf3da099ea830d56e1dc' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.be https://tms.parship.be https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mailto: ms-word: ms-excel: ms-powerpoint: 1
style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.google.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css netdna.bootstrapcdn.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-rVHoOunizjGhtiuWU/EtXQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' *.sicop.go.cr *.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net *.googleapis.com *.addthis.com *.gstatic.com *.verifika.com *.alignetsac.com *.mtss.go.cr *.cloudflare.com;       img-src 'self' *.mtss.go.cr *.google-analytics.com 'unsafe-inline' data: *.genial.ly *.verifika.com *.alignetsac.com;      script-src 'self' *.googletagmanager.com *.google-analytics.com *.youtube.com *.addthis.com *.addthisedge.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *.verifika.com *.alignetsac.com *.google.com *.gstatic.com z.moatads.com *.cloudflare.com;      style-src 'self' *.googleapis.com 'unsafe-inline' *.verifika.com *.alignetsac.com *.mtss.go.cr;      frame-src 'self' *.sicop.go.cr *.youtube.com *.genial.ly *.verifika.com *.alignetsac.com *.google.com *.addthis.com;      frame-ancestors 'self' *.verifika.com *.alignetsac.com; 1
default-src 'self' data: gap: https://*.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com http://www.w3.org/2000/svg https://*.jquery.com https://www.google.com https://unpkg.com https://www.gstatic.com; connect-src * ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.fontawesome.com/; script-src 'self' 'unsafe-eval' ; font-src 'self' https://*.googleapis.com https://*.gstatic.com; media-src *; img-src * 'self' data: https:; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.giftandwrap.co.uk; base-uri 'self' 1
default-src 'self' https://*.googlesyndication.com https://*.adform.net https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org; font-src * 'unsafe-inline' data: blob: https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://unpkg.com https://*.doubleclick.net https://*.knovvu.com https://*.jsdelivr.net https://*.useinsider.com https://*.pingdom.net https://*.clarity.ms  https://*.googleapis.com https://*.github.io https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org; style-src 'self' 'unsafe-inline'  https://unpkg.com https://*.useinsider.com https://*.jsdelivr.net https://*.googleapis.com https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org https://*.clarity.ms https://*.google.com https://*.googleapis.com https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org  https://*.google-analytics.com; img-src 'self' http: https: data:  https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org  https://*.google.com blob: https:; frame-ancestors 'self' https://*.td.doubleclick.net/ https://*.google.com https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org  https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org  https://*.microsoft.com https://*.youtube.com https://*.google.com https://*.facebook.com; connect-src wss: https://*.googleapis.com https://*.useinsider.com https://*.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.googlesyndication.com https://*.adform.net https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org; frame-src 'self'   https://*.youtube.com/ https://*.spotify.com/ https://*.tani.com.tr https://*.useinsider.com https://*.knovvu.com  https://*.google.com/ https://*.googlesyndication.com https://*.adform.net  https://*.amerikanhastanesi.org https://*.kuh.ku.edu.tr https://*.vetamerikan.org https://*.google.com https://*.doubleclick.net 1
default-src 'self'; script-src 'self' ajax.aspnetcdn.com https://checkout.flutterwave.com cdn.jsdelivr.net https://www.gstatic.com/charts/ https://*.googletagmanager.com https://onesignal.com cdn.onesignal.com cdn.mouseflow.com https://ofgogoatan.com https://www.google-analytics.com *.tawk.to cdn.jsdelivr.net cdn.rawgit.com cdn.datatables.net rawgit.com code.highcharts.com gstatic.com va.tawk.to plausible.io utteranc.es *.cloudflare.com 'unsafe-inline' 'unsafe-eval' plausible.io/js/plausible.js utteranc.es/client.js; style-src 'self' https://www.gstatic.com/charts/ rawgit.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https://file.myfontastic.com https://maxcdn.bootstrapcdn.com cdn.datatables.net  *.cloudflare.com 'unsafe-inline'; img-src 'self' * data:; font-src https://rawgit.com *.tawk.to fonts.gstatic.com https://file.myfontastic.com  https://maxcdn.bootstrapcdn.com  https://file.myfontastic.com 'self' data:; connect-src 'self' api.ravepay.co *.doubleclick.net *.tawk.to wss://*.tawk.to https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com plausible.io/api/event; media-src 'self'; frame-src 'self'  *.f4b-flutterwave.com https://*.zanibal.com https://checkout.flutterwave.com https://meritrade.os.tc https://meritrade.onesignal.com *.tawk.to plausible.io utteranc.es github.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' screenshots.bugherd.com ws.pusherapp.com bugherd-attachments.s3.amazonaws.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net http: https: https://www.hulpmiddelwereld.nl/ https://*.hotjar.com *.google.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' d2iiunr5ws5ch1.cloudfront.net blob: https: 'unsafe-inline' https://www.hulpmiddelwereld.nl/ https://*.hotjar.com *.google.com *.googleapis.com; img-src data: http: https: https://*.hotjar.com *.google.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net https://*.hotjar.com; frame-src app.aiden.cx assets.braintreegateway.com *.youtube.com *.youtu.be https://youtu.be *.vimeo.com https://*.hotjar.com https://www.facebook.com *.google.com consentcdn.cookiebot.com; connect-src 'self' 'unsafe-inline' *.convertexperiments.com www.bugherd.com bugherd-attachments.s3.amazonaws.com ws.pusherapp.com wss://ws.pusherapp.com https://sockjs.pusher.com screenshots.bugherd.com sessions.bugsnag.com ws://api.qooqie.com *.google-analytics.com *.amazonaws.com *.googlesyndication.com squeezely.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.nr-data.net *.google.com *.hulpmiddelwereld.nl *.hulpmiddelwereld.be *.doubleclick.net https://www.facebook.com *.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com consentcdn.cookiebot.com *.googleusercontent.com; 1
default-src 'self' *.facebook.net *.gstatic.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.jsdelivr.net *.googleapis.com *.google-analytics.com *.maps.googleapis.com *.doubleclick.net *.azurewebsites.net 'unsafe-inline'; script-src 'self' *.facebook.net *.gstatic.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.jsdelivr.net *.googleapis.com *.google-analytics.com *.maps.googleapis.com *.azurewebsites.net *.doubleclick.net 'unsafe-inline'; style-src 'self' *.google.com *.facebook.net *.gstatic.com *.facebook.com *.google.co.in *.googletagmanager.com *.jsdelivr.net *.googleapis.com *.google-analytics.com *.azurewebsites.net *.maps.googleapis.com *.doubleclick.net 'unsafe-inline'; font-src 'self' *.facebook.net *.facebook.com *.gstatic.com *.azurewebsites.net *.google.com *.google.co.in *.googletagmanager.com *.jsdelivr.net *.googleapis.com *.google-analytics.com *.maps.googleapis.com *.doubleclick.net 'unsafe-inline'; 1
frame-ancestors 'self' https://letschatmci.com.au/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: * nbcc_cce.informz.net http://localhost:51909 https://cce-global.org cdn.jsdelivr.net player.vimeo.com https://nbcc_cce.informz.net/web_trk/sp.js s6.searchcdn.com https://nbcc_cce.informz.net/web_trk/sp.js www.gstatic.com app.termly.io www.google-analytics.com addsearch.com app.addsearch.com www.google.com nbcc_cce.informz.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' d20vwa69zln1wj.cloudfront.net app.addsearch.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net ; img-src 'self' blob: * data:; connect-src 'self' vimeo.com stats.g.doubleclick.net app.termly.io www.google-analytics.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; object-src 'self'; media-src 'self' data: blob: * media.example.com; frame-src 'self' player.vimeo.com app.termly.io www.google.com www.youtube.com; worker-src 'self' blob: * data:; 1
frame-ancestors www.librarypoint.org *.www.librarypoint.org librarypoint.org *.librarypoint.org librarypoint.bibliocms.com *.librarypoint.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.librarypoint.org *.www.librarypoint.org librarypoint.org *.librarypoint.org librarypoint.bibliocms.com *.librarypoint.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1
default-src 'unsafe-eval' 'unsafe-inline' https://www.bancofie.com.bo https: blob:; style-src 'unsafe-inline' https:; frame-src https://www.bancofie.com.bo https://www.facebook.com https://docs.google.com https://www.google.com https://logo.prismasystems.com.ar https://www.youtube.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://www.bancofie.com.bo https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://docs.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://logo.prismasystems.com.ar https://unruffled-shannon-1a7413.netlify.app https://www.youtube.com blob:; img-src 'unsafe-inline' data: https: blob:; worker-src * 'self' blob:; font-src 'self' data: 1
frame-ancestors 'self' *.elplanteo.com 1
base-uri 'self' *.sitesearch360.com *.bc0a.com; connect-src 'self' *.google-analytics.com *.d41.co *.google.com *.doubleclick.net *.webspellchecker.net *.buzzsprout.com *.sitesearch360.com *.siteimprove.com *.bc0a.com; default-src 'self' *.buzzsprout.com; frame-src 'self' *.google.com *.googleapis.com *.bc0a.com *.sitesearch360.com *.buzzsprout.com bond-email.com email-bond.com *.doubleclick.net *.brandcdn.com *.cloudfront.net *.youtube-nocookie.com *.adsrvr.org *.youtube.com *.vimeo.com; font-src 'self' *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.webspellchecker.net fonts.gstatic.com fonts.googleapis.com; script-src *.bsk.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com unpkg.com *.amazonaws.com *.rlcdn.com *.webspellchecker.net *.brandcdn.com *.d41.co *.buzzsprout.com *.bc0a.com *.bootstrapcdn.com fonts.googleapis.com *.doubleclick.net *.google-analytics.com *.b0e8.com *.googletagmanager.com apis.google.com *.google.com *.gstatic.com *.googleapis.com *.siteimprove.com *.jquery.com *.jsdelivr.net *.licdn.com *.addthisedge.com *.sitesearch360.com;style-src *.bsk.com 'unsafe-inline' *.cloudflare.com *.webspellchecker.net *.sitesearch360.com unpkg.com *.typekit.net *.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net; form-action *.bsk.com bond-email.com *.list-manage.com email-bond.com; img-src * 'unsafe-inline' *.linkedin.com *.bc0a.com *.crwdcntrl.net *.d41.co *.doubleclick.net data:; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MTY5LDIyOCw5Niw2MywyNDksMjEyLDg0LDIwNw==' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://byrslf.co https://*.byrslf.co https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self'; script-src https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com http://www.aramexglobalsolutions.com/ https://apg-prod.azurefd.net https://apgecommerce.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://www.google-analytics.com  https://fonts.googleapis.com https://apg-prod.azurefd.net https://apgecommerce.com 'unsafe-inline' 'self'; connect-src https://region1.google-analytics.com https://www.google-analytics.com http://www.aramexglobalsolutions.com https://stats.g.doubleclick.net 'self'; frame-src https://www.google.com https://www.gstatic.com 'self'; img-src https://www.apgecommerce.com https://apgecommerce.com https://ps.w.org https://www.google-analytics.com/ 'self' data:; font-src https://www.apgecommerce.com http://www.aramexglobalsolutions.com https://fonts.gstatic.com https://apgecommerce.com 'self' data: 1
default-src 'self' https: data:; script-src 'self' *.cloudflare.com *.newrelic.com *.nr-data.net *.contentsquare.net *.abtasty.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.epoq.de *.ensighten.com data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cloudflare.com *.google.com *.abtasty.com *.epoq.de *.google-analytics.com *.doubleclick.net *.contentsquare.net *.ensighten.com *.nr-data.net; worker-src 'self' blob:; style-src 'self' *.abtasty.com 'unsafe-inline'; font-src 'self' *.abtasty.com blob: data:; object-src 'none'; img-src 'self' https: *.abtasty.com *.amazonaws.com data: blob:; upgrade-insecure-requests; 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.googleapis.com *.openstreetmap.org *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com  *.googleapis.com  *.openstreetmap.org; font-src 'self' fonts.gstatic.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src-elem * 'self' 'unsafe-inline'  ; 1
report-uri /-/csp_report?report_only=false; script-src 'self' 'unsafe-inline' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://recordwidget.vimeocdn.com https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com; frame-src 'self' https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://asanaops.wufoo.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://recordwidget.vimeocdn.com https://api.stripe.com https://hooks.stripe.com https://js.stripe.com https://m.stripe.com https://m.stripe.network https://q.stripe.com https://pixel.asana.com https://d17ihzt85nhn2y.cloudfront.net https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=false; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-x34nvislo8cr1l9l95j0ldv6d' 1
script-src 'self' https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://js.quaderno.io https://sandbox-quadernoapp.com https://*.stripe.com https://m.stripe.network https://www.howsmyssl.com https://*.googletagmanager.com https://rum-static.pingdom.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.stripe.com 1
default-src blob: 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://accounts.paytm.com/ https://sig.paytm.com/  insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/ ; img-src * 'unsafe-inline' data:; frame-src data: mailto: tel: 'unsafe-inline' *;font-src * data: 'unsafe-inline' https://fonts.googleapis.com/; style-src-elem * 'unsafe-inline'; connect-src * data: 'unsafe-inline'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.paytm.com/ https://sig.paytm.com/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.googleadservices.com/ fonts.gstatic.com/ insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/  https://static.addtoany.com/ https://cdn.ampproject.org/ https://webappsstatic.paytm.com/ 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src 'self' 'unsafe-inline'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.ae/en/report-uri/enforce 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://utp.to:8443/socket.io/ wss://utp.to:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' https:;object-src 'self';base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com;img-src data: https:;connect-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' everestbankltd.com *.everestbanltd.com *.googleapis.com *.googletagmanager.com *.youtube.com *.facebook.net *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com ;form-action 'self';frame-ancestors 'self'; 1
default-src 'self'; font-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * 'self' https://player.vimeo.com https://www.youtube.com; style-src * 'unsafe-inline';frame-ancestors 'none'; worker-src * blob:; media-src * blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; 1
worker-src 'self';child-src 'self' https://www.chasepaymentechhostedpay.com/ https://*.earthlink.com https://*.elnk.net/ https://*.deltacom.com/ https://*.earthlinkbusiness.com https://*.elnk.us/ https://voip.elnk.us/bg/ https://*.liveperson.net/ https://www.google.com https://mvpn.paetec.net/ https://stats.paetec.com/ https://aar.paetec.net  http://*.windstream.net https://*.windstream.net https://wol.windstreamonline.com/ https://www.windstreamonline.com  http://lg.paetec.net/ https://lptag.liveperson.net/ https://liveengage.liveperson.net/ https://lpcdn-a.lpsnmedia.net/ https://lpcdn.lpsnmedia.net/ https://*.lpsnmedia.net/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://myidentity-edit.windstream.com https://login.windstream.com/ https://authenticator.pingone.com/ https://hostedsecurity.paetec.net/ https://epaytest.windstreamonline.com:8283 https://epaytest.windstreamonline.com:7443 https://epaytest.windstream.com:8283 https://epayuat.gokinetic.com https://epaytest.windstream.com:7443 https://epaytest.windstream.com https://epaytest.windstream.com:8683 https://epaytest.gokinetic.com:8583 https://epay.windstream.com https://epay.gokinetic.com https://epaytest.windstreamonline.com:8683 https://www.osgview.com/ https://wsmeview.osgview.com/ https://bvdevperseusvm:52972/ https://*.broadviewnet.com/ https://*.broadviewnet.net/ https://nyrocpssrspol.windstream.com/ https://*.windstream.com https://aar.paetec.net/ https://*.windstreambusiness.net/ https://player.vimeo.com/ https://windstreamcsr.osgview.com https://windstreamvoip.com/ https://chatbot.windstream.com/ https://bvdevperseusvm.broadviewnet.com:52970/ https://sam.windstream.com/ https://sam2.windstream.com/ https://sam1.windstream-test.com https://*.wordpress.com/ https://*.wpcomstaging.com/ http://*.salesforce.com https://*.salesforce.com http://*.my.salesforce.com https://*.my.salesforce.com http://*.visualforce.com https://*.visualforce.com https://service.force.com https://*.force.com https://windstream.lightning.force.com https://*.lightning.force.com https://kinetic--chatd1.my.salesforce.com/ https://chatd1-kinetic.cs43.force.com/ https://*.medallia.com https://app.pendo.io/; 1
frame-ancestors 'self' multimaps360.de *.multimaps360.de savoyhotel-bad-mergentheim.de *.savoyhotel-bad-mergentheim.de 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com/pagead/; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr/ *.dkms.org; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com/tr/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://www.facebook.com/ https://td.doubleclick.net/; object-src 'none'; form-action 'self' https://www.facebook.com/tr/; 1
default-src https: data: blob:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src https: wss:; frame-src https: twitter:; frame-ancestors https:; media-src https:; object-src https:; style-src 'unsafe-inline' https:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-2bee3da355878515c6f7ba4b11d394f9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self'; report-uri /csp.php; block-all-mixed-content; script-src https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; img-src https://*.ytimg.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.co.uk https://*.google.fr https://*.google.pl https://*.google.cz https://*.google.ua https://*.google.dk https://*.google.se https://*.google.no https://*.google.fi https://*.google.sk https://*.google.be https://*.google.nl https://*.google.it https://*.google.sr https://*.google.kr https://*.google.es https://*.google.pt https://*.google.ie https://*.google.lu https://*.google.lv https://*.google.com.hk https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; frame-src https://*.crefopay.de https://www.youtube.com https://www.youtube-nocookie.com https://*.cookiebot.com https://*.td.doubleclick.net https://td.doubleclick.net https://*.hotjar.com 'self'; connect-src https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.co.uk https://*.google.fr https://*.google.pl https://*.google.cz https://*.google.ua https://*.google.dk https://*.google.se https://*.google.no https://*.google.fi https://*.google.sk https://*.google.be https://*.google.nl https://*.google.it https://*.google.sr https://*.google.kr https://*.google.es https://*.google.pt https://*.google.ie https://*.google.lu https://*.google.lv https://*.google.com.hk https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; font-src https://*.hotjar.com 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-JJlJSEXn52yHiT4g41Kha7Q4Vh35+E9abhTtDKJYiMtdX0Ux' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';img-src 'self' data: https://*.dxdelivery.com https://www.google-analytics.com https://i.ytimg.com https://*.livechatinc.com https://*.livechat-files.com/;media-src 'self' https://*.dxdelivery.com;script-src 'self' 'unsafe-inline' 'nonce-OHVHYVByRmR4cHlEUGRRVQ==' https://*.dxdelivery.com https://*.trustpilot.com https://www.googletagmanager.com https://www.google-analytics.com https://cgtforms.com https://*.livechatinc.com;style-src 'self' 'unsafe-inline' https://*.typekit.net;font-src 'self' data: https://*.typekit.net;connect-src 'self' https://*.dxdelivery.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cgml2.com https://*.analytics.google.com;frame-src https://*.trustpilot.com https://www.youtube.com https://*.livechatinc.com;object-src 'none';worker-src 'none'; 1
default-src 'self'; object-src 'none';script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; style-src 'self' https: 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' blob: data: https:; frame-src 'self' https: blob:; base-uri 'self';form-action 'self'; 1
frame-ancestors 'self' https://plein.blueconic.net https://www.blueconic.com; 1
default-src 'self';script-src-elem 'self' 'sha256-SO/UviG8zb7ssiqGQOnUkHeU0lgUrfTHzk3j9epA5w0=' 'sha256-aI9PXWz1V8Dzp+vwRwi7P6lZgpirFDq9TXag9m2FF6c=' *.twitter.com *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io 122finlandworks.boost.ai *.clarity.ms;object-src 'none';style-src 'self' 'unsafe-inline' *.workinfinland.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;img-src 'self' data: *.magnolia-platform.com *.jobly.fi thehub-io.imgix.net images.prismic.io i.ytimg.com *.cloudfront.net api.mapbox.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.clarity.ms *.bing.com *.doubleclick.net *.linkedin.com *.facebook.com;media-src 'self' *.magnolia-platform.com;connect-src 'self' 122finlandworks.boost.ai api.addsearch.com api.mapbox.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com consentcdn.cookiebot.com *.clarity.ms *.google.com *.doubleclick.net;frame-src 'self' *.youtube.com migri.fi-t.seravo.com api.mapbox.com consentcdn.cookiebot.com;frame-ancestors 'none';script-src 'unsafe-eval' api.addsearch.com *.googletagmanager.com;base-uri 'none';form-action 'none'; 1
font-src fonts.gstatic.com data: 'self'; script-src-elem www.google-analytics.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com www.google.com www.gstatic.com 'self' 'unsafe-inline' ajax.googleapis.com apis.google.com connect.facebook.net gc.kes.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com maps.googleapis.com me.kis.v2.scr.kaspersky-labs.com platform.twitter.com www.youtube.com; child-src consentcdn.cookiebot.com www.google.com; connect-src consentcdn.cookiebot.com www.google-analytics.com yoast.com 'self' maps.googleapis.com translate.googleapis.com; frame-src consentcdn.cookiebot.com www.google.com accounts.google.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: www.google-analytics.com translate.google.com www.googletagmanager.com www.gstatic.com 'self' s.w.org secure.gravatar.com spotmaster.com ssl.gstatic.com syndication.twitter.com ps.w.org; script-src consent.cookiebot.com consentcdn.cookiebot.com www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline'; default-src consent.cookiebot.com consentcdn.cookiebot.com data: fonts.gstatic.com www.google.com www.googletagmanager.com www.gstatic.com 'self' 'unsafe-inline' www.google-analytics.com s.w.org; style-src translate.googleapis.com 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self'; report-uri https://9d82d263b02dd2ef9012d2accaff0ab1.report-uri.com/r/d/csp/wizard 1
default-src *; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com use.fontawesome.com cdnjs.cloudflare.com linkpt.cardservice.co.jp; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.ad-stir.com *.valuecommerce.com *.smartnews-ads.com *.satr.jp *.segs.jp *.bing.com *.hatena.ne.jp *.dmtag.jp track.dm-tagmanager.jp platform.twitter.com *.parrable.com *.taboola.com *.im-apps.net kit.fontawesome.com use.typekit.net linkpt.cardservice.co.jp ajax.googleapis.com *.google.com www.google.co.jp googleads.g.doubleclick.net www.google-analytics.com cdnjs.cloudflare.com analytics.google.com s.yimg.jp statics.a8.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com  www.facebook.com c.bing.com cdn.mouseflow.com connect.facebook.net uh.nakanohito.jp www.clarity.ms static.ads-twitter.com *.yahoo.co.jp *.mieru-ca.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data:; img-src 'self' ajax.googleapis.com *.smartnews-ads.com *.adsrvr.org *.imgvc.com *.valuecommerce.ne.jp *.valuecommerce.com ib.adnxs.com pixel.rubiconproject.com trc.taboola.com bypass.ad-stir.com u.openx.net tg.socdm.com dsum.casalemedia.com xeory.jp www.google.co.jp www.googletagmanager.com *.hatena.ne.jp https://googleads.g.doubleclick.net https://www.google.com *.g.doubleclick.net *.intentiq.com *.satr.jp ups.analytics.yahoo.com *.yahoo.co.jp analytics.google.com www.google-analytics.com www.google.com t.co www.facebook.com connect.facebook.net *.w.org *.gravatar.com *.twitter.com px.a8.net *.cloudflare.com redirect3.03plus.net c.clarity.ms *.bing.com *.im-apps.net data:; 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://www.googletagmanager.com embed.tawk.to https://cdn.jsdelivr.net/emojione/ https://www.google-analytics.com https://ssl.google-analytics.com;img-src data: 'self' 'unsafe-inline' maps.gstatic.com *.googleapis.com *.ggpht.com 3i.ua embed.tawk.to tawk.link cdn.jsdelivr.net/emojione www.googletagmanager.com https://www.google-analytics.com;font-src data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.tawk.to;style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.tawk.to;connect-src 'self' maps.googleapis.com *.tawk.to wss://*.tawk.to https://www.google-analytics.com;frame-src 'self' va.tawk.to https://www.googletagmanager.com; 1
frame-ancestors; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://unpkg.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' wss://amicicz.helpcrunch.com wss://amici.user.com; worker-src 'self' blob: * 1
default-src 'self' blob: data: *.openstreetmap.org *.anakteknik.co.id *.anakteknik.com *.youtube.com *.google.co.id *.googletagservices.com *.googleadservices.com www.googletagmanager.com *.tiktok.com www.google-analytics.com cdn.jsdelivr.net *.facebook.com *.fbcdn.net *.facebook.net *.tawk.to *.google.com *.doubleclick.net *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.b-cdn.net *.openstreetmap.org *.plyr.io maxcdn.bootstrapcdn.com wss: *.tawk.to; img-src * data:; connect-src *.openstreetmap.org *.tiktok.com *.anakteknik.com *.tawk.to *.google-analytics.com www.anakteknik.co.id *.doubleclick.net *.google.com *.gstatic.com *.googlesyndication.com *.google.co.id *.youtube.com *.b-cdn.net *.plyr.io wss: *.tawk.to *.facebook.com *.fbcdn.net *.facebook.net 1
frame-ancestors 'self' https://asansabt.co 1
default-src 'self' blob: unpkg.com *.autofactpro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.autofactpro.com *.gstatic.com static.dialogflow.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net code.highcharts.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/yvNf14d7LXsePM0g/delighted.js https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/3KiQWDl8DfxTxlDn/delighted.js us1.zonka.co https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com flatlogic.github.io https://static.hotjar.com https://script.hotjar.com; img-src 'self' unpkg.com *.autofactpro.com http://*.autofact.qa https://*.billing.autofactpro.com/images/khipu.png *.autofactpro.cl *.autofact.cl data: www.google-analytics.com us1.zonka.co https://static.hotjar.com https://script.hotjar.com; font-src 'self' *.autofactpro.com unpkg.comfonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net https://script.hotjar.com; frame-ancestors 'self' *.autofactpro.com; frame-src 'self' www.youtube.com firma.id.autofact.qa firma.id.autofactpro.com *.autofactpro.com us1.zonka.co; object-src 'self' *.autofactpro.com blob:; connect-src 'self'  web.delighted.com *.autofactpro.com dialogflow.cloud.google.com https://plugin.autentia.mb:7777 https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
connect-src 'self' *.google-analytics.com 1
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net translate.googleapis.com *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com d3gj43804r9iyz.cloudfront.net;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d3gj43804r9iyz.cloudfront.net;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net td.doubleclick.net www.youtube.com consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io bambooloans.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ ad.doubleclick.net translate.google.com imgsct.cookiebot.com images.prismic.io bambooloans.cdn.prismic.io plata.cdn.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com d3gj43804r9iyz.cloudfront.net;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js d3gj43804r9iyz.cloudfront.net;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js d3gj43804r9iyz.cloudfront.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://static.ads-twitter.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://www.google.com/recaptcha/ https://www.gstatic.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://adservice.google.com https://www.linkedin.com/px/ https://www.facebook.com/tr/ https://www.google.com.na/ads/ https://analytics.twitter.com https://t.co https://www.google.com/ads/ https://www.google.com.na/pagead/ https://www.google.com/pagead/ https://px.ads.linkedin.com https://c.clarity.ms/ https://c.bing.com/ https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com data:;font-src 'self' data: https://appsforoffice.microsoft.com https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://s.clarity.ms http://api.ipstack.com/ https://stats.g.doubleclick.net https://analytics.google.com/g/ https://www.google-analytics.com https://r.clarity.ms/ https://maps.googleapis.com https://adservice.google.com;frame-src 'self' https://www.google.com/recaptcha/;object-src 'self' https://www.bankwindhoek.com.na;media-src 'self';child-src 'self' blob: https://www.bankwindhoek.com.na;form-action 'self'; 1
default-src 'self' https://www.google.com; base-uri 'none'; form-action 'self'; connect-src https://yoast.com/ https://blog.belgo.com.br https://*.belgo.com.br https://cdn.cookielaw.org https://www.google-analytics.com https://maps.googleapis.com https://checkip.amazonaws.com/ https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br; script-src 'unsafe-inline' 'unsafe-eval' https://*.belgo.com.br https://www.belgo.com.br https://cdn.cookielaw.org https://checkout.freemius.com https://www.gstatic.com https://www.google.com https://plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://developers.google.com https://connect.facebook.net https://maps.googleapis.com https://www.googletagmanager.com https://unpkg.com; img-src 'self' data: https://blog.belgo.com.br https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://www.facebook.com https://secure.gravatar.com https://s.w.org https://cdn.cookielaw.org; font-src 'self' data: https://s0.wp.com https://fonts.gstatic.com https://use.fontawesome.com; style-src 'self' https://*.belgo.com.br https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline'; frame-ancestors 'none'; report-uri https://belgo.com.br/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' blob: 1
default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
script-src http: https: https://converse.in 'unsafe-inline' *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.crossdevicetracking.com; style-src 'self' blob: https: 'unsafe-inline' https://converse.in; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.myunidays.com *.cdnfonts.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.doubleclick.net *.snapchat.com *.makehook.ws *.crossdevicetracking.com *.facebook.com *.crbug.com; 1
default-src 'none'; connect-src 'self' https://firebase.googleapis.com https://firebasestorage.googleapis.com https://firebaseinstallations.googleapis.com https://northamerica-northeast1-c-pharmacy-prod.cloudfunctions.net https://northamerica-northeast1-c-pharmacy-dev.cloudfunctions.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.googleapis.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com *.cookielaw.org *.onetrust.com https://cloudflareinsights.com/cdn-cgi/rum; font-src https://fonts.gstatic.com; frame-src 'self' mailto: https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://player.vimeo.com/; img-src 'self' data: https://firebasestorage.googleapis.com https://i.vimeocdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookielaw.org; script-src 'self' https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com *.googletagmanager.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://apis.google.com *.cookielaw.org *.onetrust.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
frame-ancestors 'self' dealpang.com *.dealpang.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://api.useinsider.com/; script-src 'self' data: https: wss: about: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.facebook.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://*.iyzipay.com https://devmanextensions.com api.useinsider.com defactofit.api.useinsider.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com api.useinsider.com defactofit.api.useinsider.com; font-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com https://script.hotjar.com https://*.iyzipay.com https://*.fontawesome.com api.useinsider.com defactofit.api.useinsider.com; img-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://static.hotjar.com https://script.hotjar.com https://*.iyzipay.com api.useinsider.com defactofit.api.useinsider.com; connect-src 'self' data: wss: about: 'unsafe-eval' 'unsafe-inline' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.iyzipay.com https://ka-f.fontawesome.com api.useinsider.com defactofit.api.useinsider.com; frame-src 'self' https: data: wss: about: 'unsafe-eval' 'unsafe-inline' https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.facebook.com https://vars.hotjar.com api.useinsider.com defactofit.api.useinsider.com 1
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.google.com; img-src * data: blob: 'unsafe-inline' 'self' www.google.com.uy/ www.google.com.pr/ deshow2.azureedge.net/ www.facebook.com www.google-analytics.com secure.gravatar.com/avatar/ www.google.com/recaptcha/; child-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; base-uri 'self'; 1
default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors *.escutaoveio.com 1
frame-ancestors https://www.transportonline.com https://www.trasporti.it http://www.uominietrasporti.it 1
object-src 'none';base-uri 'self';script-src 'nonce-_Iwi5UW1_HLkLlDp9G2V2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 1
frame-ancestors https://lc.faxcopy.sk https://www.faxcopy.sk https://lc.moduly-faxcopy.sk https://moduly.faxcopy.sk https://printstudio.faxcopy.sk https://www.darcekyodsrdca.sk https://www.dareckyodrdce.cz 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; font-src 'self' fonts.gstatic.com 1
frame-ancestors  https://gap.tw https://oldnavy.gap.tw https://www.gap.tw https://shopkeeper-aws.baozun.com 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com www.google.com.pk www.amcharts.com fonts.googleapis.com fonts.gstatic.com player.vimeo.com scontent.fkhi17-1.fna.fbcdn.net i.vimeocdn.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src http: https: intellyexplorer:; img-src * data:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.gomantaktimes.com https://jionews.com https://jionewsdev1.jio.ril.com;block-all-mixed-content; 1
frame-ancestors 'self' https://*.ubicentrex.net https://ubicentrex.net https://*.teambox.fr https://teambox.fr https://api.mangopay.com 1
frame-ancestors 'self'; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://web-sdk.smartlook.com/ https://s2.adform.net/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://track.adform.net/ https://c.imedia.cz/ https://assets.strossle.com/ https://analytics.tiktok.com/ https://www.clarity.ms/ https://www.smartlook.com/ https://www.googleadservices.com/  https://marketup.shorthandstories.com/testovac-str-nka-shorthand/ https://iframely.shorthand.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://acdn.adnxs.com https://connect.facebook.net https://www.googletagmanager.com https://static.fittingbox.com/ https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://grand-optical.shorthandstories.com/; frame-src 'self' https://www.facebook.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://static.fittingbox.com/ https://vars.hotjar.com  https://www.youtube-nocookie.com/; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://api.luigisbox.com https://pagead2.googlesyndication.com https://www.google.com/pagead/ https://region1.google-analytics.com https://www.huramobil.cz https://widget.packeta.com https://www.google-analytics.com *.doubleclick.net *.twitter.com https://google-analytics.com https://www.facebook.com *.iplatba.cz *.zbozi.cz https://onesignal.com; font-src 'self' data: https://fonts.gstatic.com https://www.fontsaddict.com https://themes.googleusercontent.com; form-action 'self' https://gw1.iplatba.cz https://huramobil.cz https://www.huramobil.cz https://widget.packeta.com https://3dsecure.gpwebpay.com https://www.facebook.com; frame-src  'self' https://www.startupjobs.cz https://www.instagram.com https://widget.packeta.com http://s.imedia.cz https://www.google.cz https://www.google.com https://out.sklik.cz https://sandbox.zbozi.cz https://www.zbozi.cz *.doubleclick.net *.twitter.com https://c.imedia.cz https://accounts.google.com https://staticxx.facebook.com https://onesignal.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: https://via.placeholder.com https://picsum.photos https://i.picsum.photos https://c.seznam.cz https://widget.packeta.com https://www.techarena.cz https://www.heureka.cz https://ssl.heureka.cz https://hit.skrz.cz https://www.srovname.cz https://www.googletagmanager.com https://app.geispoint.cz https://img.onesignal.com https://maps.gstatic.com https://maps.googleapis.com https://c.imedia.cz https://i.ytimg.com https://ssl.gstatic.com *.doubleclick.net *.twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://scripts.luigisbox.com https://cdn.luigisbox.com https://www.startupjobs.cz https://www.instagram.com https://c.seznam.cz https://pagead2.googlesyndication.com https://www.seznam.cz https://widget.packeta.com https://www.googletagmanager.com https://ajax.googleapis.com https://ssl.heureka.cz https://muj.skrz.cz https://out.sklik.cz https://www.srovname.cz https://c.imedia.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://c.imedia.cz https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com https://c.imedia.cz https://cdn.onesignal.com https://connect.facebook.net *.doubleclick.net *.twitter.com https://im9.cz https://onesignal.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.shoproku.cz/js/interstitial.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data:; style-src * 'unsafe-inline'; frame-ancestors *; font-src * 'unsafe-inline'; 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'none' 1
default-src 'self' https: localhost; font-src 'self' https: data:; img-src 'self' http: data: localhost; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' localhost; frame-src 'self' https: pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline'; connect-src 'self' http: ws: localhost; worker-src 'self' http: https: blob: localhost 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://cdn.jsdelivr.net/ https://anchor.fm/ https://trustmate.io/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://cdnjs.cloudflare.com/ https://kit.fontawesome.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://geowidget-app.inpost.pl/* https://geowidget-app.inpost.pl/ https://*.vimeo.com/; img-src 'self' data: https://www.paypalobjects.com/ https://cdn.jsdelivr.net/ https://mateuszostrega.pl/ https://anchor.fm/ https://trustmate.io/ https://cdn.trustmate.io/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/* https://ketocentrum.com/ https://static.przelewy24.pl/ https://*.vimeo.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/ https://geowidget-app.inpost.pl/ https://*.vimeo.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://ketocentrumcom.b-cdn.net/ https://cdn.ketocentrum.com/ https://ssa.ketocentrum.com/ https://ruch-osm.sysadvisors.pl/ https://ketocentrum.com/potwierdzenie/ https://*.inpost.pl/ https://geowidget-app.inpost.pl/ https://*.vimeo.com/; 1
default-src 'self'; manifest-src 'self'; script-src 'self' blob: https: 'unsafe-eval' 'unsafe-inline' https://*.cookiebot.com https://*.jquery.com https://*.googletagmanager.com https://*.google.com https://*.google.com/recaptcha https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.gstatic.com/recaptcha/ https://*.googleapis.com https://*.facebook.net https://youtube.com https://*.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; report-uri https://4edddc3bc595a117fd93e1ef2b05e6ac.report-uri.com/r/d/csp/enforce; frame-ancestors livetest.kuchynelidlu.cz connect.facebook.net; connect-src 'self' consentcdn.cookiebot.com https://*.google-analytics.com; frame-src 'self' consentcdn.cookiebot.com https://*.googletagmanager.com https://*.google.com https://*.google.com/recaptcha https://*.gstatic.com https://*.gstatic.com/recaptcha/ connect.facebook.net https://youtube.com https://*.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net data:; base-uri 'self'; img-src 'self' data: i.ytimg.com img.youtube.com kuchynelidlu.cz https://*.aud-21-2640.vdc.enc-test.de https://*.googletagmanager.com https://*.google-analytics.com; font-src 'self' livetest.kuchynelidlu.cz fonts.gstatic.com use.typekit.net; 1
default-src 'self' connectstoragetst.blob.core.windows.net connectstorageprd.blob.core.windows.net www.google-analytics.com; font-src fonts.gstatic.com use.fontawesome.com; script-src 'self' use.fontawesome.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline'; style-src 'self' use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline'; connect-src 'self' connectlogisticsapiprd.azurewebsites.net connectlogisticsapitst.azurewebsites.net www.google-analytics.com stats.g.doubleclick.net 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 1
default-src 'self' data: 'unsafe-inline' s3-eu-west-1.amazonaws.com lock.me; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com kit.fontawesome.com ka-p.fontawesome.com ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com connect.facebook.net platform.instagram.com www.instagram.com widget.lock.me img.lock.me; style-src 'self' 'unsafe-inline' widget.lock.me img.lock.me; font-src 'self' data: fonts.gstatic.com widget.lock.me img.lock.me; img-src 'self' data: 'unsafe-inline' *.tile.openstreetmap.org maps.googleapis.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net i.ytimg.com s3-eu-west-1.amazonaws.com www.facebook.com ka-p.fontawesome.com widget.lock.me img.lock.me www.gravatar.com; frame-src 'self' www.facebook.com www.youtube.com www.youtube-nocookie.com www.instagram.com player.vimeo.com blackfire.io js.stripe.com hooks.stripe.com *.lock.me; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.stripe.com youtube.googleapis.com ka-p.fontawesome.com kit-uploads.fontawesome.com widget.lock.me img.lock.me lock.me; object-src 'self'; report-uri https://lockme.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: *.lojaepson.com.br *.kalunga.com.br https://www.google-analytics.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.lojaepson.com.br *.kalunga.com.br https://s.go-mpulse.net https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.com.br; img-src 'self' data: *.lojaepson.com.br  *.kalunga.com.br https://www.google-analytics.com https://www.google.com https://www.google.com.br https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.lojaepson.com.br *.kalunga.com.br https://www.googletagmanager.com https://fonts.googleapis.com; object-src 'none'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.gr https://m.lookfantastic.gr https://checkout.lookfantastic.gr https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.migros.com.tr exchange.mediavine.com e1.emxdgt.com *.analytics.yahoo.com sync.outbrain.com trends.revcontent.com match.sharethrough.com criteo-partners.tremorhub.com trends.revcontent.com tazedirekt.webinstats.com macro.webinstats.com *.facebook.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googlesyndication.com https://www.googletagservices.com https://www.google-analytics.com www.googletagmanager.com https://tagmanager.google.com *.googleapis.com *.googleadservices.com https://*.bkmexpress.com.tr https://*.masterpassturkiye.com https://challenges.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://*.segmentify.com https://cdn.sgmntfy.com https://js.go2sdk.com https://cdn.adjust.com https://live.maytap.me https://creativecdn.com https://*.cloudfront.net https://js.go2sdk.com https://tags.bkrtx.com https://static.criteo.net https://connect.facebook.net https://cdn.yapaytech.com https://cdnjs.cloudflare.com https://*.criteo.com *.doubleclick.net affiliate.migros.com.tr tags.bluekai.com *.mncdn.com *.adform.net *.storyly.io cdn.jsdelivr.net https://digiavantaj.cake.aclz.net ; connect-src 'self' www.google-analytics.com analytics.google.com *.googlesyndication.com *.googleadservices.com macro.webinstats.com tazedirekt.webinstats.com fonts.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.masterpassturkiye.com logs.browser-intake-datadoghq.eu *.segmentify.com *.criteo.com *.adjust.com app.adjust.net.in app.adjust.world *.storyly.io *.doubleclick.net maps.googleapis.com *.dahi.ai *.adrttt.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src data: blob: 'self' 'unsafe-inline' https://*.migrosone.com www.google.com www.google.com.tr maps.googleapis.com *.gstatic.com *.googleadservices.com *.visualwebsiteoptimizer.com *.facebook.com www.google-analytics.com *.googlesyndication.com img.youtube.com matching.ivitrack.com stags.bluekai.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com criteo-sync.teads.tv *.criteo.com eb2.3lift.com visitor.omnitagjs.com simage2.pubmatic.com *.ads.yieldmo.com *.doubleclick.net *.taboola.com cm.adform.net *.casalemedia.com id5-sync.com ad.360yield.com jadserve.postrelease.com eb2.3lift.com x.bidswitch.net match.sharethrough.com jadserve.postrelease.com *.emxdgt.com ups.analytics.yahoo.com exchange.mediavine.com sync.outbrain.com trends.revcontent.com criteo-partners.tremorhub.com ad.yieldlab.net *.migros.com.tr magaza-iphone.migros.com.tr *.demdex.net *.krxd.net *.cloudfront.net *.thebrighttag.com *.semasio.net *.dmxleo.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://digiavantaj.cake.aclz.net ; frame-src https://*.youtube.com https://tr.rdrtr.com https://stags.bluekai.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr https://www.linkadoo.co https://linkadoo.co https://channelconnector.smartmessage-connect.com https://*.poltio.com https://*.googlesyndication.com https://console.googletagservices.com https://digiavantaj.cake.aclz.net https://creativecdn.com https://documents.colendilabs.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://*.adjust.com maps.googleapis.com *.adform.net https://wallet.moneypay.com.tr ; style-src 'self' 'unsafe-inline' *.googlesyndication.com www.googletagservices.com fonts.googleapis.com cdn.segmentify.com *.visualwebsiteoptimizer.com maps.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com ;manifest-src 'self' ; worker-src 'self' blob: ;object-src 'none' ; 1
default-src 'self' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ;style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' static.cloudflareinsights.com https://apis.google.com ajax.cloudflare.com script-src 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.medirex.sk https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://apiv2.popupsmart.com https://notify.mdx.sk https://cookiehub.net https://www.recaptcha.net *.quarticon.it *.quarticon.com *.quartic.pl *.luigisbox.com https://conversations.app-us1.com https://prism.app-us1.com https://trackcmp.net https://wp-ui.app-us1.com https://diffuser-cdn.app-us1.com https://qjs.557342f73ecb8f4b.medirex.sk data.medirex.sk medirexgroup.ladesk.com web-sdk.smartlook.com https://www.googleoptimize.com/optimize.js optimize.google.com; upgrade-insecure-requests; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.epichosted.com;frame-src 'self' epichttp: https://www.etz.nl;script-src 'nonce-dbf3c684aeb3465d8efc56b8b12b1338' https://www.mijnetz.nl 'self';img-src 'self' blob: data: https://*.etz.net https://fonts.gstatic.com https://translate.google.com https://www.etz.nl https://www.mijnetz.nl;connect-src 'self' http://translate.googleapis.com;style-src https://www.mijnetz.nl 'self' 'unsafe-inline';font-src 'self' https://fonts.gstatic.com;form-action 'self';media-src 'self' https://www.etz.nl;report-uri https://mijnetznl.report-uri.com/r/t/csp/enforce; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.be https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.be https://m.myprotein.be https://checkout.myprotein.be https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://mc.yandex.ru blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.co.il https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://mc.yandex.ru https://ymetrica1.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.co.il https://m.myprotein.co.il https://checkout.myprotein.co.il https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://mc.yandex.ru https://yastatic.net https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.transunion.co.za *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.adobedtm.com *.handtalk.me *.googleanalytics.com optimize.google.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.transunion.co.za *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src transunion.demdex.net *.handtalk.me *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.transunion.com *.transunion.co.za blob: *.crwdcntrl.net *.hifiona.com *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.tt.omtrdc.net dpm.demdex.net *.handtalk.me wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.transunion.co.za *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com *.transunion.co.za blob: f1.media.brightcove.com; img-src * *.googletagmanager.com blob: *.google-analytics.com optimize.google.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.adobeaemcloud.com fonts.gstatic.com *.transunion.com *.transunion.co.za *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; frame-src * optimize.google.com; style-src * optimize.google.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com *.transunion.co.za; 1
frame-src self *.youtube.com; 1
default-src 'self';             script-src 'self' cdn.ampproject.org 'nonce-Jf53SK326yq+PiF4p1V+015Q'                 'sha256-l9zA43vGCsyV0dZBCL5tw0GJ5ClMZeaW7PX/lXjwX8U='                 'sha256-hwohG/c84cZePIUpNktSO06rdJUCD2Ov/a3yKrDWJxI='                 'sha256-6VZm7EDy2oj9SmrEmuQj8MnpoPRC28h6YQf84C9TvGo='                 'sha256-tA5VQbe08fbvAbI7KZKx/U6QLLLkMTlCiQHA2OMj/Qs='                 'sha256-bAkVFNgZxKBxhYSB47AHyBeA1IChxnR4x4it/ucHw04='                 'sha256-TN6VyTf7KQPpzPPgQv+rOgxOCNCtXk17GXT2rOrBWL0='                 'sha256-rKIl7E5JAu9e43xL5kSoPSeJ5LSDzPj7RmgnZBDNe/8='                 'sha256-pMi7OpWnmqvQ1Ht/khfqy6h+L5zjD9Waogxwmky2uII='                 *.googletagmanager.com *.google.com *.google-analytics.com                 cdnjs.cloudflare.com googleads.g.doubleclick.net                 *.gstatic.com *.googleapis.com snap.licdn.com *.googleadservices.com cdn.cookielaw.org 		*.onetrust.com facebook.com *.linkedin.com *.facebook.net *.hotjar.com *.hotjar.io 		*.kampyle.com *.medallia.eu *.eskimi.com ssgtm.bnpparibas-pf.bg *.dotomi.com ssgtm.pbpf.bg;            style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.googletagmanager.com *.kampyle.com *.medallia.eu *.eskimi.com ;            object-src 'none';            base-uri 'self';            connect-src 'self' cdn.ampproject.org *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net                  *.appspot.com cdn.cookielaw.org *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com 		 *.kampyle.com *.medallia.eu cookies-data.onetrust.io ssgtm.pbpf.bg ssgtm.bnpparibas-pf.bg *.dotomi.com ;            font-src 'self' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu;            frame-src 'self' chatbot.bnpparibas-pf.bg www.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu chatbot.pbpf.bg;            img-src 'self' *.gstatic.com *.googleapis.com *.doubleclick.net *.google.com *.google-analytics.com *.linkedin.com data:                   www.googletagmanager.com www.google.bg cdn.cookielaw.org *.facebook.com *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu *.eskimi.com;            manifest-src 'self';            media-src 'self';             worker-src 'self' blob: cdn.ampproject.org;            form-action 'self' ecg.test.upc.ua secure.kbcbank.bg 3dsgate-dev.borica.bg 3dsgate.borica.bg; 1
default-src 'self' https://www.petas.gr;
		font-src 'self' https://www.petas.gr
		  https://fonts.gstatic.com
		  https://beacon-v2.helpscout.net
		  https://maxcdn.bootstrapcdn.com
		  blob: data:;
		connect-src 'self' https://www.petas.gr
		  wss://*.pusher.com
		  https://*.openpay.mx
		  https://bam.eu01.nr-data.net
		  https://*.luckyorange.com
		  wss://*.luckyorange.com
		  https://bam.nr-data.net
		  https://www.google-analytics.com
		  https://stats.g.doubleclick.net
		  https://googleads.g.doubleclick.net
		  https://www.facebook.com/tr/
		  https://capture.trackjs.com
		  https://d3hb14vkzrxvla.cloudfront.net
		  https://analytics.skyscanner.net
		  https://*.google.com
		  https://www.google.gr
		  https://*.helpscout.net
		  https://*.pusher.com
		  wss://visitors.live
		  wss://*.visitors.live
		  https://pubsub.googleapis.com
		  https://*.sumologic.com
		  blob: data:;
		frame-src 'self' https://www.petas.gr
		  https://*.openpay.mx
		  https://api.opencontrol.mx
		  https://ssl.kaptcha.com
		  https://www.alphaecommerce.gr
		  https://vpos.eurocommerce.gr
		  https://*.test.modirum.com
		  https://mpi.piraeusbank.modirum.com
		  https://acs2.3ds.modirum.com
		  https://beacon-v2.helpscout.net
		  https://www.facebook.com
		  https://go.linkwi.se
		  https://www.google.com
		  blob: data:;
		img-src 'self' https://www.petas.gr
		  https://www.petas.gr
		  https://www.google.com
		  https://www.google.gr
		  https://cdn.klarna.com
		  https://www.sectigo.com
		  https://sectigo.com
		  https://usage.trackjs.com
		  https://www.facebook.com
		  https://affiliate.linkwise.gr
		  https://*.google-analytics.com
		  https://googleads.g.doubleclick.net
		  https://hexagon-analytics.com
		  https://www.googletagmanager.com
		  https://beacon-v2.helpscout.net
		  https://www.googleadservices.com
		  https://*.gravatar.com
		  https://d33v4339jhl8k0.cloudfront.net
		  https://chatapi-prod.s3.amazonaws.com/
		  https://d10lpsik1i8c69.cloudfront.net
		  https://connect.facebook.net
		  blob: data:;
		media-src 'self' https://www.petas.gr
		  https://d10lpsik1i8c69.cloudfront.net
		  https://beacon-v2.helpscout.net
		  blob: data:;
		object-src 'self' https://www.petas.gr
		  https://beacon-v2.helpscout.net
		  blob: data:;
		script-src 'self' https://www.petas.gr 'unsafe-inline' 'unsafe-eval'
		  https://www.trabber.com
		  https://analytics.skyscanner.net
		  https://www.gstatic.com
		  https://beacon-v2.helpscout.net
		  https://bam.eu01.nr-data.net
		  https://js.pusher.com
		  https://www.petas.gr
		  https://www.tripair.com
		  https://www.euroferries.com
		  https://secure.rentalcars.com
		  https://www.googletagmanager.com
		  https://t.skyscnr.com
		  https://mule.airtickets.com
		  https://*.linkwi.se
		  https://affiliate.linkwise.gr
		  https://www.kayak.com
		  https://mule.tripsta.net
		  https://secure.wego.com
		  https://travel.mediaalpha.com
		  https://www.reytrip.com
		  https://*.google.com
		  https://connect.facebook.net
		  https://cdn.siftscience.com
		  https://cdnjs.cloudflare.com
		  https://partner.googleadservices.com
		  https://*.google-analytics.com
		  https://www.googleadservices.com
		  https://js-agent.newrelic.com
		  https://googleads.g.doubleclick.net
		  https://bam.nr-data.net
		  https://capture.trackjs.com
		  https://live.adyen.com
		  https://apis.google.com
		  https://maxcdn.bootstrapcdn.com
		  https://ajax.googleapis.com
		  https://code.jquery.com
		  https://cdn.datatables.net
		  https://*.luckyorange.com
		  https://*.pusher.com
		  wss://*.pusher.com
		  https://d12wqas9hcki3z.cloudfront.net
		  https://d33v4339jhl8k0.cloudfront.net
		  https://d10lpsik1i8c69.cloudfront.net
		  https://*.openpay.mx;
		style-src 'self' https://www.petas.gr
		  https://fonts.googleapis.com
		  https://beacon-v2.helpscout.net
		  https://code.jquery.com
		  https://cdn.datatables.net
		  https://maxcdn.bootstrapcdn.com
		  https://d10lpsik1i8c69.cloudfront.net
		  'unsafe-inline'; 
		worker-src blob:;
		base-uri 'self' https://www.petas.gr
		  https://docs.helpscout.net;
		 1
font-src maxcdn.bootstrapcdn.com data: *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: *.tawk.to v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.pinterest.com *.facebook.com *.vendavalida.com.br shopline.itau.com.br *.geojs.io *.directtalk.com.br *.onesignal.com onesignal.com *.bing.com inspirehome.activehosted.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io *.sunset.systems *.doubleclick.net *.google.com *.vendavalida.com.br api.sunset.system *.geojs.io *.zenaps.com *.directtalk.com.br *.bing.com *.onesignal.com onesignal.com inspirehome-co.os.tc *.clarity.ms 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.mundipagg.com https://api.pagar.me *.cloudflare.com *.ads-twitter.com t.co *.klarna.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.br *.googletagmanager.com *.ebitempresa.com.br *.yourviews.com.br *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.yviews.com.br *.s3.amazonaws.com *.akamaihd.net *.facebook.com s3-sa-east-1.amazonaws.com conectiva.io *.getresponse360.pl s3.amazonaws.com *.pinterest.com *.mercadolibre.com *.mercadolivre.com *.clearsale.com.br *.tawk.to api.amedigital.com api.hml.amedigital.com *.awin1.com *.zenaps.com *.openpix.com.br *.directtalk.com.br *.bing.com *.onesignal.com onesignal.com tpc.googlesyndication.com *.clarity.ms cms.analytics.yahoo.com pixel.mathtag.com *.picpay.com picpay.github.io d226aj4ao1t61q.cloudfront.net *.yahoo.com *.ebit.com.br *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.yourviews.com.br *.yviews.com.br *.ebit.com.br *.google-analytics.com *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.cartstack.com.br *.hotjar.com *.hotjar.io *.newrelic.com conectiva.io *.nr-data.net *.gr-cdn-e.eu *.getresponse360.pl *.cloudflareinsights.com s3.amazonaws.com s.pinimg.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.geojs.io *.tawk.to *.jsdelivr.net *.dwin1.com *.mailclick.me *.jivosite.com *.clearsale.com.br v2.zopim.com rum-static.pingdom.net analytics.tiktok.com the.sciencebehindecommerce.com *.zenaps.com *.azurewebsites.net *.directtalk.com.br *.bing.com *.navdmp.com *.onesignal.com onesignal.com tpc.googlesyndication.com *.clarity.ms egoi.site https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.cloudflare.com *.ads-twitter.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yourviews.com.br *.yviews.com.br s3.amazonaws.com *.tawk.to *.jivosite.com *.directtalk.com.br *.onesignal.com onesignal.com *.ebit.com.br tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.jivosite.com v2.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.mundipagg.com https://api.pagar.me *.googletagmanager.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.paypal.com *.google-analytics.com *.facebook.com *.yourviews.com.br *.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.yviews.com.br conectiva.io *.doubleclick.net *.performa.ai *.nr-data.net *.getresponse360.pl *.cloudflareinsights.com *.reclameaqui.com.br *.pinterest.com *.cartstack.com.br *.cartstack.com *.mercadolibre.com *.mercadolivre.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.datafrete.com.br *.geojs.io *.tawk.to wss://*.tawk.to *.jivosite.com *.mailclick.me rum-static.pingdom.net rum-collector-2.pingdom.net analytics.tiktok.com ekr.zdassets.com the.sciencebehindecommerce.com *.onesignal.com onesignal.com tpc.googlesyndication.com *.bing.com *.clarity.ms *.picpay.com hits-banner-cloud-function.azurewebsites.net edw-2.egoiapp.com *.google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' balumba.es www.balumba.es qualitasauto.com www.qualitasauto.com qautoc.com areacliente.seguroautonaranja.es www.areacliente.seguroautonaranja.es seguroautonaranja.es; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://livechat.infobip.com https://www.google-analytics.com https://www.google.co.id https://analytics.google.com https://stats.g.doubleclick.net https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://livechat.infobip.com; img-src 'self' data: https://www.google-analytics.com https://www.gstatic.com https://maps.gstatic.com https://livechat.infobip.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com  https://maps.googleapis.com https://api.infobip.com https://analytics.google.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com youtube.com https://www.google.com https://livechat.infobip.com; 1
base-uri sagiakos.gr *.sagiakos.gr; default-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr data: blob: 'unsafe-inline' 'unsafe-eval' unhooked.gr *.unhooked.gr unhooked.co *.unhooked.co gambit.ltd *.gambit.ltd googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com; connect-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr unhooked.gr *.unhooked.gr unhooked.co *.unhooked.co gambit.ltd *.gambit.ltd doubleclick.net *.doubleclick.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com https://www.facebook.com/tr/ *.facebook.com *.skroutz.gr *.analytics.google.com *.bestprice.gr socital.com *.socital.com clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/api/v1/apps/ https://onesignal.com/api/v1/players; script-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr data: blob: facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com analytics.skroutz.gr cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' socital.com *.socital.com clicktogo.gr *.clicktogo.gr *.analytics.google.com *.skroutz.gr *.bestprice.gr notispace.gr *.notispace.gr https://plugin.socital.com/static/v1/ *.onesignal.com iplocate.io *.iplocate.io https://onesignal.com/api/ https://onesignal.com/api/v1/players cdn.onesignal.com; style-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr 'unsafe-inline' facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net googleadservices.com *.googleadservices.com apis.google.com *.apis.google.com *.googleapis.com www.google.com cdnjs.cloudflare.com *.onesignal.com https://onesignal.com/api/ *.skroutz.gr *.google-analytics.com *.analytics.google.com socital.com *.socital.com *.bestprice.gr clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/sdks/; form-action sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com; frame-ancestors sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr; font-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr gstatic.com *.gstatic.com fonts.googleapis.com apis.google.com *.apis.google.com *.googleapis.com www.google.com self *.socital.com *.clicktogo.gr *.notispace.gr *.bestprice.gr *.iplocate.io data:; img-src * data: *.piraeusbank.gr sagiakos.gr *.sagiakos.gr blob: facebook.net *.facebook.net facebook.com *.facebook.com apis.google.com *.apis.google.com *.googleapis.com www.google.com; media-src * data: blob: *.piraeusbank.gr sagiakos.gr *.sagiakos.gr apis.google.com *.apis.google.com *.googleapis.com www.google.com; object-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net facebook.com *.facebook.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com apis.google.com *.apis.google.com *.googleapis.com www.google.com audiomack.com *.audiomack.com mixcloud.com *.mixcloud.com; frame-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com analytics.skroutz.gr apis.google.com *.apis.google.com *.googleapis.com www.google.com audiomack.com *.audiomack.com mixcloud.com *.mixcloud.com *.onesignal.com https://onesignal.com/api/ *.skroutz.gr *.google-analytics.com *.analytics.google.com socital.com *.socital.com *.bestprice.gr clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/webPushAnalytics; report-uri https://sagiakos.gr/csp 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cartradeexchange.com *.samil.in *.google-analytics.com *.google.co.in *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.youtube.com https://stats.g.doubleclick.ne; connect-src 'self' maps.googleapis.com www.google-analytics.com https://stats.g.doubleclick.net/j/collect; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' script.hotjar.com c.seznam.cz s2.adform.net track.adform.net www.googleadservices.com connect.facebook.net web-sdk.smartlook.com static.hotjar.com *.teads.tv googleads.g.doubleclick.net tag.aticdn.net www.googletagmanager.com maps.googleapis.com; script-src-elem 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.zbozi.cz script.hotjar.com c.seznam.cz s2.adform.net track.adform.net www.googleadservices.com connect.facebook.net web-sdk.smartlook.com static.hotjar.com *.teads.tv googleads.g.doubleclick.net tag.aticdn.net www.googletagmanager.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com static.hotjar.com script.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' 'unsafe-inline' web-writer.eu.smartlook.cloud assets-proxy.smartlook.cloud manager.eu.smartlook.cloud *.teads.tv googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com ati.sazka.cz  www.google.com capi.sazkamobil.cz pagead2.googlesyndication.com region1.google-analytics.com sentry.cleverlance.com in.hotjar.com *.hotjar.io *.hotjar.com www.google.cz maps.googleapis.com www.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' script.hotjar.com td.doubleclick.net p.teads.tv fledge.teads.tv coverage-sazkamobil.position.cz www.youtube.com www.google.com; img-src 'self' data: res.cloudinary.com *.teads.tv static.hotjar.com script.hotjar.com www.facebook.com c.seznam.cz stats.g.doubleclick.net www.google.cz region1.analytics.google.com www.google.com cdn.sazkamobil.cz static.payu.com res.cloudinary.com maps.gstatic.com maps.googleapis.com; manifest-src 'self'; media-src 'self' res.cloudinary.com; worker-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.najva.com *.iranantiq.com storagespace.ir *.googleapis.com *.gstatic.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.najva.com *.iranantiq.com storagespace.ir; img-src * data: blob: storagespace.ir; 1
form-action 'self' *.systempay.fr 1
img-src https: data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com/player_api pxcdn.uk www.preventx.com pro.fontawesome.com kit.fontawesome.com www.google.com kit-pro.fontawesome.com kit-free.fontawesome.com code.jquery.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com optimize.google.com unpkg.com *.openstreetmap.org player.vimeo.com *.civiccomputing.com stats.g.doubleclick.net cdn.jsdelivr.net ssl.google-analytics.com www.youtube.com platform.twitter.com syndication.twitter.com disqus.com shdotuk.disqus.com c.disquscdn.com links.services.disqus.com launchpad.privacymanager.io launchpad-wrapper.privacymanager.io geo.privacymanager.io app.chatwoot.com static.hotjar.com region1.google-analytics.com *.cloudflare.com; 1
frame-ancestors https://smartpozyczka.pl/ https://finansowepozyczki.pl/ https://www.finansowepozyczki.pl/ https://lewpozyczka.pl/ https://www.lewpozyczka.pl/ https://finansoweposilki.pl/ https://www.finansoweposilki.pl/ 1
default-src 'self' storeplay-public.s3.ap-southeast-2.amazonaws.com *.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://*.tawk.to wss://*.tawk.to *.googleapis.com js.stripe.com *.google-analytics.com *.google.com *.facebook.com cdn.linkedin.oribi.io;script-src 'self' *.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com *.tawk.to *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com connect.facebook.net snap.licdn.com *.googleapis.com js.stripe.com 'unsafe-inline';style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com https://embed.tawk.to 'unsafe-inline';font-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net *.amazonaws.com fonts.gstatic.com https://embed.tawk.to https://js.stripe.com;img-src 'self' https: data: *.googletagmanager.com *.google-analytics.com;frame-ancestors * 1
frame-ancestors 'self' http://www.spilxl.dk 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.gstatic.com *.google.com *.google.de *.google.at *.google.ch *.google.pl *.facebook.com matomo.suedtirolerjobs.it stats.suedtirolerjobs.it api.suedtirolerjobs.it *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.etracker.com *.etracker.de accent.tirolerjobs.at; font-src 'self' fonts.gstatic.com accent.tirolerjobs.at; frame-ancestors 'self' https://newapp.etracker.com; frame-src 'self' tel: mailto: t--1.0.0--i6nnxym9p9wb--f.tirolerjobs.at *.ddev.site *.g.doubleclick.net *.googlesyndication.com *.google.com www.youtube.com www.facebook.com bruttonetto.azurewebsites.net www.calcolastipendionetto.it rechner.cpulohn.at *.etracker.com stats.suedtirolerjobs.it *.spotify.com accent.tirolerjobs.at; img-src www.kaerntnerjobs.at www.steirerjobs.at www.salzburgerjobs.at www.wienerjobs.at www.tirolerjobs.at 'self' data: www.suedtirolerjobs.it www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.googleads.g.doubleclick.net *.g.doubleclick.net *.google.com *.google.de *.google.at *.google.ch *.google.pl px.ads.linkedin.com *.linkedin.com www.suedtirolerjobs.it api.suedtirolerjobs.it accent.tirolerjobs.at; script-src 'self' 'unsafe-eval' *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.google.com *.google.de *.google.at *.google.ch *.google.pl snap.licdn.com connect.facebook.net matomo.suedtirolerjobs.it accent.tirolerjobs.at *.ddev.site *.gstatic.com *.smartsuppcdn.com *.smartsuppchat.com 'sha256-KKuspBIgXnaqoCDnexHdeUfFb31TJgdRpa7fOoUZFhE=' t--1.0.0--i6nnxym9p9wb--f.tirolerjobs.at *.etracker.com *.etracker.de *.spotify.com stats.suedtirolerjobs.it 'unsafe-inline' 'sha256-bG13KcCcZashXEXX5s454oGHJPz3BciuF3jZGH+j1nQ=' 'sha256-pfUotBYtNpUGA2K8nJqwJa26ePbgIHpxhfZUJDTHv8c=' 'sha256-81GMpk5uPm/OchgvQge5js95dcZQdSBYRm+HlGNGmM4=' 'sha256-jXVYiJqrLlxKeqhysondnbTGkGM6tW1ZGa6io5nknno=' 'sha256-VBMBfH1/YqcarQ3K7NBUnQMmA59h0I1/EjtRw4atUa8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-bV3DgFmu031hchZtyCLmgUxySl5N4QSeiFFbheBf2Dw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-h78H8nHVWZsV4nNpT6k0X4x0VZlu5IRZNo7GOODie9s=' 'sha256-61WQbBNPo8TVpYsZUank6vLTXlbtSwWVtcnNGTJAiG8=' 'sha256-RRZ94Wcrh43PSC8Ld54K6tFpvjw7ZtCxZ0x6AO32Xlk='; style-src 'self' 'unsafe-inline' fonts.googleapis.com t--1.0.0--i6nnxym9p9wb--f.tirolerjobs.at accent.tirolerjobs.at *.ddev.site accent.tirolerjobs.at 1
style-src 'self' https://unpkg.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:8080 https://staging.suysing.com https://app-stg.suysing.com https://unpkg.com https://www.googletagmanager.com https://www.googleadservices.com http://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com http://suysing-backend.test https://staging.suysing.com https://app-stg.suysing.com 1
script-src 'self' *.szexneked.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org a.medfoodnetwork.com ad.adverticum.net *.flortrandi.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com connect.facebook.net platform.twitter.com  *.facebook.com www.google-analytics.com *.st-hatena.com *.instagram.com *.cloudflare.com *.youtube.com *.googleapis.com *.mieru-ca.com loka-cdn.akamaized.net *.lokaplatform.com *.ampproject.org *.trendemon.com blob: 1
block-all-mixed-content; base-uri 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; font-src https: data:; form-action 'self'; img-src https: data:; frame-ancestors 'none'; frame-src https:; object-src 'none'; report-uri https://puntapi.com/csp-reporting/capture 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https: blob:; font-src 'unsafe-inline' data: https:; object-src 'none' 1
default-src 'self' www.youtube.com; script-src 'self' 'nonce-FBpSzPU6WC/N3t5lEVt6hg=='; script-src-elem 'self' 'nonce-FBpSzPU6WC/N3t5lEVt6hg=='; frame-src 'self' www.youtube.com player.vimeo.com; connect-src 'self' res.cloudinary.com https://sentry.io blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://cdn.sanity.io i.ytimg.com https://cdn.jsdelivr.net blob:; base-uri 'self'; object-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'none'; media-src 'self' res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com; form-action 'self' innlogging.obos.no; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app-3qnlr5lwvw.marketingautomation.services www.googleadservices.com script.hotjar.com pixel-geo.prfct.co/tagjs tag.perfectaudience.com googleads.g.doubleclick.net snap.licdn.com static.hotjar.com stats.g.doubleclick.net koi-3qnlr5lwvw.marketingautomation.services www.googletagmanager.com sibautomation.com *.sibautomation.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://static.zdassets.com:* https://pod-20.zendesk.com:*; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net  *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' * us-u.openx.net secure.adnxs.com px.ads.linkedin.com pixel-geo.prfct.co www.vidacamara.cl vidacamara.cl www.google.cl www.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://vidacamarasf.lfi.cl:* https://ad.doubleclick.net:* https://www.google.co.ve:* https://www.googletagmanager.com:* https://publicavidacamara.zendesk.com:* https://static.zdassets.com:*; media-src 'self' data: blob:; child-src 'self' www.redsalud.cl redsalud.cl *.google.com www.google.com app-3qnlr5lwvw.marketingautomation.services vars.hotjar.com td.doubleclick.net 10957798.fls.doubleclick.net https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' analytics.google.com zapier.com www.zapier.com hooks.zapier.com adservice.google.com in.hotjar.com www.google.com in-automate.sendinblue.com cdn.linkedin.oribi.io stats.g.doubleclick.net ad.doubleclick.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://ekr.zdassets.com:* wss://ws.hotjar.com:* https://content.hotjar.io:* https://publicavidacamara.zendesk.com:* https://px.ads.linkedin.com:* https://metrics.hotjar.io:* wss://pod-20.zendesk.com:* https://zendesk-eu.my.sentry.io:*; 1
report-uri https://www.videobin.site; 1
default-src * 'unsafe-inline'; worker-src 'self' blob:; script-src * 'unsafe-inline' 'unsafe-eval' 'self' https://js.datadome.co https://valuesportal.com https://cdn.adt389.net https://gtm.adt313.net; script-src-elem * 'unsafe-inline'; script-src-attr * data: 'unsafe-inline'; img-src * data: https://cdn.valuesportal.com https://log.adtraction.fail; style-src * 'unsafe-inline'; connect-src 'self'        https://api-js.datadome.co       https://consentcdn.cookiebot.com       https://maps.googleapis.com       https://stats.g.doubleclick.net       https://ekr.zdassets.com       https://static.zdassets.com       https://nettbuss.zendesk.com       wss://widget-mediator.zopim.com       https://in.hotjar.com        https://id.bus4you.se       https://api.adtraction.net       https://www.google-analytics.com       https://region1.google-analytics.com       https://region1.analytics.google.com/g/collect       https://eu.klarnaevt.com       https://eu.playground.klarnaevt.com       https://recommender.scarabresearch.com       https://cdn.linkedin.oribi.io       https://px.ads.linkedin.com/wa/       https://vc.hotjar.io       https://api.adtraction.net       https://ion.vybuss.no       https://log.adtraction.fail       https://vybuss.containers.piwik.pro/d46ba5b6-1409-46c3-81c0-139ab6a305b2/privacy-templates.json       https://vybuss.containers.piwik.pro/d46ba5b6-1409-46c3-81c0-139ab6a305b2/privacy-widgets.json       https://vybuss.containers.piwik.pro/849706c2-98ed-4022-b8eb-b15a3eb7647f/privacy-templates.json       https://vybuss.containers.piwik.pro/849706c2-98ed-4022-b8eb-b15a3eb7647f/privacy-widgets.json       https://vybuss.containers.piwik.pro/5bd55c9e-3aa9-4a61-8621-fdeeb3ce6f01/privacy-templates.json       https://vybuss.containers.piwik.pro/5bd55c9e-3aa9-4a61-8621-fdeeb3ce6f01/privacy-widgets.json       https://analytics.tiktok.com/api/v2/pixel       https://analytics.tiktok.com/api/v2/pixel/act       https://vybuss.piwik.pro/ppms.php       https://*.clarity.ms/collect 1
object-src 'none'; script-src https://www.google.com/jsapi https://partner.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com  *.googleadservices.com *.googlesyndication.com cdn.xn--8dbbvwj.net *.xn--8dbbvwj.net *.googletagservices.com www.google-analytics.com *.googleapis.com *.google.com *.google.co.il https://*.google.com xn--8dbbvwj.net www.xn--8dbbvwj.net https://*.google.co.il https://www.google-analytics.com https://www.google.co.il www.googleapis.com pagead2.googlesyndication.com https://www.gstatic.com adservice.google.ru adservice.google.ca adservice.google.co.uk adservice.google.cz adservice.google.co.ug www.googletagmanager.com adservice.google.com.cy googleads.g.doubleclick.net https://peulanet.api.oneall.com https://connect.facebook.net *.facebook.net; report-uri https://xn--8dbbvwj.net/cspreport.php; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://tr.snapchat.com; form-action 'self' https://www.facebook.com https://checkout.yourcoca-cola.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.clevernt.com https://*.cleverwebserver.com https://*.cleverlinux.com; object-src 'none'; 1
default-src 'self' staticxx.facebook.com www.facebook.com v1.addthis.com connect.facebook.net api-public.addthis.com cse.google.com www.google.com www.google-analytics.com www.youtube.com s7.addthis.com m.addthis.com; img-src 'self' s7.addthis.com clients1.google.com www.google.com stats.g.doubleclick.net www.google-analytics.com www.youtube.com data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' v1.addthis.com connect.facebook.net cdnjs.cloudflare.com m.addthisedge.com m.addthis.com s7.addthis.com v1.addthis.com v1.addthisedge.com api-public.addthis.com www.gstatic.com www.google.com ajax.googleapis.com cse.google.com www.google-analytics.com www.googletagmanager.com; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com fonts.googleapis.com; 1
frame-ancestors 'self' https://www.quees.com; 1
font-src *.fontawesome.com fonts.gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.przelewy24.pl sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com/ *.addthis.com pay.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io https://images.unsplash.com *.googletagmanager.com *.google.com *.google.pl *.gstatic.com *.googleadservices.com *.google-analytics.com *.linkedin.com www.oferteo.pl static.przelewy24.pl www.gstatic.com gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net *.instagram.com *.cdninstagram.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.licdn.com *.addthis.com *.addthisedge.com *.elfsight.com s7.addthis.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.easypack24.net *.openstreetmap.org *.inpost.pl maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.cardinalcommerce.com 'self' data: *.addthis.com *.elfsight.com ekr.zdassets.com/ sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.openstreetmap.org *.inpost.pl https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://www.uplab.ru https://uplab.ru http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src https://onexstoreclientsapi.azurewebsites.net wss://onexstoreclientsapi.azurewebsites.net https://onexstoreauthapi.azurewebsites.net wss://onexstoreauthapi.azurewebsites.net https://onexstorecmsapi.azurewebsites.net wss://onexstorecmsapi.azurewebsites.net https://onexstorecommonapi.azurewebsites.net wss://onexstorecommonapi.azurewebsites.net https://onexstoreordersapi.azurewebsites.net wss://onexstoreordersapi.azurewebsites.net https://onexstorepaymentsapi.azurewebsites.net wss://onexstorepaymentsapi.azurewebsites.net https://onexstoresalesopportunitiesapi.azurewebsites.net wss://onexstoresalesopportunitiesapi.azurewebsites.net https://onexstoresubscriptionsapi.azurewebsites.net wss://onexstoresubscriptionsapi.azurewebsites.net https://onexstorecspapi.azurewebsites.net wss://onexstorecspapi.azurewebsites.net https://onexstoreblogapi.azurewebsites.net wss://onexstoreblogapi.azurewebsites.net https://onexstorereportsapi.azurewebsites.net wss://onexstorereportsapi.azurewebsites.net  'self' http://localhost:8501 https://secure.payu.com https://disqus.com/ https://c.disquscdn.com/ http://localhost:*; frame-src https://accounts.google.com/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://www.czater.pl/ http://localhost:8501 https://ssl.ceneo.pl/ https://secure.payu.com https://pay.google.com/gp/p/js/pay.js https://pay.google.com/ https://www.gstatic.com/instantbuy/svg/dark/pl.svg https://www.gstatic.com/instantbuy/icons/gpay_32.png https://disqus.com https://www.facebook.com/ https://creativecdn.com/ *.fls.doubleclick.net/ https://creativecdn.com/ https://rent.rentup.pl/ https://tpc.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://td.doubleclick.net/ http://localhost:*; media-src https://www.youtube.com/ http://localhost:8501 https://images.onexstore.pl/images/ https://widget-v2.smartsuppcdn.com/ https://images.centrumxp.pl/ http://localhost:*; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.snrcdn.net https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://www.googleadservices.com/ https://www.google.com/ https://www.google.pl/ https://seq.onxg.pl/ https://apis.google.com http://www.snrcdn.net/ https://tagmanager.google.com/ https://tag.manager.google.com/ https://www.googletagmanager.com/ https://www.snrcdn.net/ https://www.czater.pl/ https://apis.google.com/ https://static.cloudflareinsights.com https://proxy.synerise.com/ https://ssl.ceneo.pl/ https://secure.payu.com https://c.disquscdn.com/ https://https-www-onexstore-pl.disqus.com/ https://onex-store-de.disqus.com/ https://onex-store-en.disqus.com/ https://onex-store-fr.disqus.com/ https://pay.google.com/ https://pay.google.com/gp/p/js/pay.js https://www.gstatic.com/instantbuy/svg/dark/pl.svg https://www.gstatic.com/instantbuy/icons/gpay_32.png https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://geowidget.easypack24.net/ https://ws.zoominfo.com/pixel/collect https://cdn.mouseflow.com/ https://connect.facebook.net/en_US/sdk.js/ https://widgets.trustedshops.com *.trackmytarget.com *.tmtarget.com https://region1.google-analytics.com/g/collect https://www.artfut.com/static/ https://links.services.disqus.com/api/ https://a.artfut.com/linking/ https://ga.getresponse.com/script/ https://us-an.gr-cdn.com/ https://tools.luckyorange.com/core/ https://www.googleoptimize.com/ https://accounts.google.com/gsi/client https://ga2.getresponse.com/ https://www.clarity.ms/ https://us-an.gr-cdn.com/ https://www.smartsuppchat.com/ https://widget-v2.smartsuppcdn.com/ http://widgets.trustedshops.com/ https://centrumxp.disqus.com/embed.js https://www.google-analytics.com/ https://ga.getresponse.com/ https://us-ms.gr-cdn.com/ https://widget-v3.smartsuppcdn.com/ https://snap.licdn.com/ https://pagead2.googlesyndication.com/ https://partner.googleadservices.com/ https://tpc.googlesyndication.com/ https://ustat.info http://localhost:*; style-src https://onexstore.pl/ http://onexstore.pl/ https://www.onexstore.pl/ http://www.onexstore.pl/ https://onexstore.com/ http://onexstore.com/ https://www.onexstore.com/ http://www.onexstore.com/ https://onexstore.fr/ http://onexstore.fr/ https://www.onexstore.fr/ http://www.onexstore.fr/ https://onexstore.de/ http://onexstore.de/ https://www.onexstore.de/ http://www.onexstore.de/ https://lizengo.de/ http://lizengo.de/ https://www.lizengo.de/ http://www.lizengo.de/ https://www.centrumxp.pl/ http://www.centrumxp.pl/ https://www.www.centrumxp.pl/ http://www.www.centrumxp.pl/ https://www.centrumxp.pl/ http://www.centrumxp.pl/ https://www.www.centrumxp.pl/ http://www.www.centrumxp.pl/ 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.czater.pl/ http://localhost:8501 https://ssl.ceneo.pl/ https://www.snrcdn.net https://c.disquscdn.com/ http://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/ https://geowidget.easypack24.net/ https://www.sklep.centrumxp.pl/ https://accounts.google.com/gsi/style https://widget-v3.smartsuppcdn.com/ http://localhost:*; img-src 'self' data: https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.pl/ https://images.onexstore.pl/ https://onexstore.blob.core.windows.net/ https://www.czater.pl/ https://ssl.gstatic.com/ https://www.googletagmanager.com/ https://ssl.ceneo.pl/ http://cdn.viglink.com/ https://c.disquscdn.com/ https://referrer.disqus.com/ https://www.gstatic.com/ https://www.google-analytics.com https://www.facebook.com https://tr.lfeeder.com/ https://px.ads.linkedin.com/ https://geowidget.easypack24.net/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.linkedin.com/ https://osm.inpost.pl/ https://static.easypack24.net/ https://upload.snrcdn.net/ https://widgets.trustedshops.com/ *.trackmytarget.com *.tmtarget.com http://www.logitech.com/assets/ https://9grcfpjg.de/ https://pafutos.com/tt/ https://lenkmio.com/tt/ https://ad.admitad.com/tt/ https://z.asbmit.com/tt/ https://a.artfut.com/linking/ https://rentup.pl/wp-content/uploads/ https://wesub.pl/wp-content/uploads/ https://c.clarity.ms/ https://c.bing.com/ https://widget-v2.smartsuppcdn.com/ https://cdn.jsdelivr.net/ https://files.smartsuppcdn.com/ https://widgets.trustedshops.com/ https://www.centrumxp.pl/api/Images/Publikacje/ https://images.centrumxp.pl/ https://www.google-analytics.com/ https://widget-v3.smartsuppcdn.com/ https://pagead2.googlesyndication.com/ https://ad.doubleclick.net https://ustat.info http://localhost:*; connect-src https://onexstoreclientsapi.azurewebsites.net wss://onexstoreclientsapi.azurewebsites.net https://onexstoreauthapi.azurewebsites.net wss://onexstoreauthapi.azurewebsites.net https://onexstorecmsapi.azurewebsites.net wss://onexstorecmsapi.azurewebsites.net https://onexstorecommonapi.azurewebsites.net wss://onexstorecommonapi.azurewebsites.net https://onexstoreordersapi.azurewebsites.net wss://onexstoreordersapi.azurewebsites.net https://onexstorepaymentsapi.azurewebsites.net wss://onexstorepaymentsapi.azurewebsites.net https://onexstoresalesopportunitiesapi.azurewebsites.net wss://onexstoresalesopportunitiesapi.azurewebsites.net https://onexstoresubscriptionsapi.azurewebsites.net wss://onexstoresubscriptionsapi.azurewebsites.net https://onexstorecspapi.azurewebsites.net wss://onexstorecspapi.azurewebsites.net https://onexstoreblogapi.azurewebsites.net wss://onexstoreblogapi.azurewebsites.net https://onexstorereportsapi.azurewebsites.net wss://onexstorereportsapi.azurewebsites.net  'self' https://stats.g.doubleclick.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.pl/ https://web.snrbox.com/ https://seq.onxg.pl/ https://dc.services.visualstudio.com/v2/track https://rt.services.visualstudio.com/v2/track https://www.snrcdn.net/ http://www.snrcdn.net/ https://proxy.synerise.com/ https://www.googletagmanager.com/ wss://s1.czater.pl https://czater.pl https://monitor.clickcease.com http://localhost:8501 https://ssl.ceneo.pl/ https://secure.payu.com https://links.services.disqus.com https://pay.google.com/gp/p/js/pay.js https://pay.google.com/ https://www.gstatic.com/instantbuy/svg/dark/pl.svg https://www.gstatic.com/instantbuy/icons/gpay_32.png https://cdn.jsdelivr.net/npm/ https://www.google-analytics.com https://tr.lfeeder.com/ https://geowidget.easypack24.net/ https://api-pl-points.easypack24.net/ https://osm.inpost.pl/ https://o2.mouseflow.com/ https://connect.facebook.net/en_US/sdk.js/ https://www.facebook.com/ https://fcm.googleapis.com/fcm/connect/subscribe https://region1.google-analytics.com/ https://ga2.getresponse.com/ https://www.googleapis.com/ https://n.clarity.ms/ https://b.clarity.ms/ https://n.clarity.ms/ https://www.clarity.ms/ https://bootstrap.smartsuppchat.com/ https://widget-v2.smartsuppcdn.com/ https://translations.smartsuppcdn.com/ wss://websocket-visitors.smartsupp.com/ https://files.smartsupp.com/ https://api.trustedshops.com/ https://shops-si.trustedshops.com/ https://api.trustbadge.etrusted.com/ https://trustbadge.api.etrusted.com/ https://logging.trustbadge.com/ https://region1.analytics.google.com/ https://www.google-analytics.com/ https://widget-v3.smartsuppcdn.com/ https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com/ https://analytics.google.com/ http://localhost:*; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://images.onexstore.pl/ https://fonts.gstatic.com data http://localhost:8501 https://geowidget.easypack24.net/fonts/ https://images.centrumxp.pl/ http://localhost:*;  1
frame-ancestors 'self' https://directbox.com https://api.xworks.net 1
frame-src 'self' *.etracker.com *.dev.bosbach.de *.energiedev.de *.energie.de smart-production-stage.energiedev.de *.smart-production-stage.energiedev.de smart-production.de *.smart-production.de *.building-and-automation.de *.adspirit.de *.theadex.com *.enerpedia.info *.enerx.info *.youtube-nocookie.com *.youtube.com; frame-ancestors 'self' *.dev.bosbach.de *.energiedev.de *.energie.de smart-production-stage.energiedev.de *.smart-production-stage.energiedev.de smart-production.de *.smart-production.de *.building-and-automation.de; 1
default-src https://piwik.bzga.de/piwik.js 'self' 'unsafe-inline'; img-src https://piwik.bzga.de/ https://i.ytimg.com/ 'self' data:; connect-src https://piwik.bzga.de/ 'self'; font-src 'self' data:; frame-src https://www.drugcom.de/ https://www.youtube-nocookie.com/ 1
script-src 'self';report-uri /csp-report/ 1
default-src 'self' blob:;connect-src 'self' https://*.google-analytics.com maps.tilehosting.com api.maptiler.com fonts.gstatic.com *.bugsnag.com stats.g.doubleclick.net events.mapbox.com;font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com;frame-src 'self'  https://www.google.com;img-src 'self' data: blob: https://*.googletagmanager.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/;media-src 'self';script-src 'self' 'sha256-1DoW+y0RwKOkb1nKJ643JlA13h6sOVgauVMXCcqydKk=' 'sha256-LS1OBbx9QoROK/AewcRzT+rSXDnnrKHx2kP8EVmUZxE=' 'sha256-0LGa3nbSTLiMnBnJz8CzTLzw7BBUAIak8ageDsZ6idM=' 'sha256-CRDHjstGdqT2g8SO2qc5rq3xpQuP4YAulFcl8z7fDPo=' 'sha256-V0gBgH0Ft/mv1ptuYaEqNim0JDEj1GQNtdUIwGC+tio=' 'sha256-fHRTMfh6rHe/eH9Gx1PU6V4IV/wO5xjwVW0oAKTe3p0=' 'sha256-1DoW+y0RwKOkb1nKJ643JlA13h6sOVgauVMXCcqydKk=' 'sha256-LS1OBbx9QoROK/AewcRzT+rSXDnnrKHx2kP8EVmUZxE=' 'sha256-0LGa3nbSTLiMnBnJz8CzTLzw7BBUAIak8ageDsZ6idM=' 'sha256-CRDHjstGdqT2g8SO2qc5rq3xpQuP4YAulFcl8z7fDPo=' 'sha256-V0gBgH0Ft/mv1ptuYaEqNim0JDEj1GQNtdUIwGC+tio=' 'sha256-fHRTMfh6rHe/eH9Gx1PU6V4IV/wO5xjwVW0oAKTe3p0=' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d2wy8f7a9ursnm.cloudfront.net https://www.google.com https://www.gstatic.com  https://ajax.googleapis.com  https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/ https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl-leaflet/ https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl/ https://cdn.klokantech.com/mapbox-gl-js/;style-src 'self' 'sha256-7HfjXhvU/yrcu6gK2BOlCJcLh746Vdk1TiwMbC5soOU=' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/  https://cdnjs.cloudflare.com/ajax/libs/mapbox-gl/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self'; upgrade-insecure-requests;form-action 'self' slashdot.org slashdot.us15.list-manage.com;frame-src 'self' slashdot.org *.lijit.com *.btloader.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net challenges.cloudflare.com *.recaptcha.net recaptcha.net *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com slashdotmedia.com; object-src http://*.youtube.com;script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.jobbio.com *.script.ac *.defybrick.com *.aniview.com *.vidazoo.com *.pubmatic.com chimpstatic.com *.mailchimp.com mc.us15.list-manage.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com translate.google.cn *.gstatic.cn *.google.com *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.recaptcha.net recaptcha.net *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com adservice.google.ad adservice.google.ae adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.kr adservice.google.co.th adservice.google.co.uk adservice.google.co.zw adservice.google.com.au adservice.google.com.bo adservice.google.com.hk adservice.google.com.mx adservice.google.com.ph adservice.google.com.pk adservice.google.com.sa adservice.google.com.sg adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.hu adservice.google.ie adservice.google.it adservice.google.li adservice.google.lu adservice.google.mu adservice.google.mv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.se adservice.google.sk adservice.google.com.br adservice.google.com.ar adservice.google.cl adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.es adservice.google.hr adservice.google.im adservice.google.lk adservice.google.me adservice.google.mg adservice.google.com.mm adservice.google.com.ng adservice.google.com.np adservice.google.com.pr adservice.google.com.uy adservice.google.co.za adservice.google.jo adservice.google.bs adservice.google.al adservice.google.co.tz adservice.google.rw adservice.google.hn adservice.google.lt adservice.google.iq adservice.google.si adservice.google.bj adservice.google.co.ao adservice.google.com.gh adservice.google.kz adservice.google.com.eg adservice.google.com.ec adservice.google.co.ve adservice.google.com.py adservice.google.lv adservice.google.mn adservice.google.com.bn adservice.google.tn adservice.google.ml adservice.google.is adservice.google.com.sv adservice.google.com.bz adservice.google.az adservice.google.gt adservice.google.sn adservice.google.cm adservice.google.com.kh adservice.google.ge adservice.google.com.et adservice.google.com.pe adservice.google.com.ly adservice.google.co.mz adservice.google.com.bh adservice.google.com.mt adservice.google.ps adservice.google.so adservice.google.bf adservice.google.co.nz adservice.google.com.gt adservice.google.co.zm adservice.google.je adservice.google.cv adservice.google.la adservice.google.bi adservice.google.com.jm adservice.google.tt adservice.google.com.kw adservice.google.cd adservice.google.gy adservice.google.tg adservice.google.com.af adservice.google.com.lb adservice.google.sr adservice.google.com.ni adservice.google.ki adservice.google.com.na adservice.google.ht adservice.google.nr adservice.google.td adservice.google.co.ls adservice.google.gl adservice.google.bt adservice.google.tm adservice.google.com.vc adservice.google.co.bw adservice.google.vg adservice.google.as adservice.google.cg adservice.google.com.ag adservice.google.com.tj adservice.google.dm adservice.google.to adservice.google.dj adservice.google.cf adservice.google.ws adservice.google.st adservice.google.gm adservice.google.fm adservice.google.com.sb adservice.google.com.pg adservice.google.com.gi adservice.google.com.ai adservice.google.co.ck adservice.google.ru adservice.google.nu adservice.google.com.my adservice.google.com.bd adservice.google.ci adservice.google.co.cr adservice.google.co.ke adservice.google.co.ug adservice.google.co.uz adservice.google.co.vi adservice.google.ms adservice.google.com.fj adservice.google.com.om adservice.google.com.pa adservice.google.com.qa adservice.google.ga adservice.google.gg adservice.google.kg adservice.google.md adservice.google.mk adservice.google.mw adservice.google.ne adservice.google.sm adservice.google.tl adservice.google.sc adservice.google.vu 'unsafe-inline' 'unsafe-eval';report-uri https://sourceforge.report-uri.com/r/d/csp/enforce 1
style-src 'unsafe-inline' 'self' *.accesswca.com *.nuance.com *.wellsfargo.com:* *.wellsfargo.net; script-src 'self' 'nonce-22492954-8251-4abf-b714-67ca701bd47e' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.accesswca.com *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net; img-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:;	 default-src 'none'; connect-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:; frame-src 'self' *.wf.com *.advanced-web-analytics.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data: *.accesswca.com; font-src 'self' *.accesswca.com *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net  data:; media-src 'self' *.wf.com *.googleapis.com *.wellsfargo.com *.cdfconnect.com *.financeaccess.com *.wellsfargo.com:* *.accesswca.com *.wellsfargomedia.com *.nuance.com static.inq.com *.wellsfargo.net data:; 1
default-src 'self' *.umbraco.org *.hotjar.com *.googleapis.com *.gstatic.com *.postcodeanywhere.co.uk ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk *.vo.msecnd.net *.services.visualstudio.com ggshopprdsapub.blob.core.windows.net; connect-src 'self' data: *.search.windows.net *.postcodeanywhere.co.uk *.google-analytics.com *.vo.msecnd.net *.services.visualstudio.com *.civiccomputing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.g.doubleclick.net *.verifone.cloud kg668dbov0.execute-api.us-east-1.amazonaws.com *.cardinalcommerce.com *.justshoutgfs.com *.googleapis.com *.onetrust.com *.howuku.com *.pinterest.com *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.postcodeanywhere.co.uk *.google.com *.googleapis.com hello.myfonts.net ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk ggshopprdsapub.blob.core.windows.net www.googletagmanager.com; script-src 'self' 'unsafe-eval' *.googletagmanager.com *.google.com connect.facebook.net 'unsafe-inline' *.hotjar.com *.google-analytics.com *.postcodeanywhere.co.uk *.gstatic.com *.google.com *.googletagmanager.com ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk *.vo.msecnd.net *.services.visualstudio.com *.civiccomputing.com cdnjs.cloudflare.com *.verifone.cloud *.cardinalcommerce.com *.ccdc02.com maps.googleapis.com cdnjs.cloudflare.com *.onetrust.com *.howuku.com *.pinimg.com *.doubleclick.net data:; img-src * data: 'unsafe-inline' *.gstatic.com ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk product.cdn.ggshop.uat.e78.co.uk product-cdn.girlguidingshop.co.uk product-cdn-ggstaging.girlguidingshop.co.uk; font-src 'self' data: ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk fonts.gstatic.com; manifest-src *; frame-src 'self' *.google.com *.youtube.com *.hotjar.com *.3dsecure.net *.arcot.com ggshop-be-dev-cdnms.azureedge.net ggshop-fe-dev-cdnms.azureedge.net media.cdn.ggshop.uat.e78.co.uk media-cdn.girlguidingshop.co.uk media-cdn-ggstaging.girlguidingshop.co.uk *.cardinalcommerce.com https://www.facebook.com *.pinterest.com *.doubleclick.net 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-8DonfKOS3r_z1SnPsc19CA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-38904180-f459-4766-a567-e9913dd434a7' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-38904180-f459-4766-a567-e9913dd434a7' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-38904180-f459-4766-a567-e9913dd434a7' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-38904180-f459-4766-a567-e9913dd434a7' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://cdn.transcend.io; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.danland.dk/pubweb/csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
script-src 'sha256-SlB/xNXgxeFzpF78X0Lq1fGgjtzGnRGIysurbEZr3pw=' 'unsafe-eval' https://static.intsig.net/ 'sha256-tjuO1MtC2VGClAglPFX5GIxHn9LJ+Uw4ni09ikuLg7w=' 'self' https://polyfill.io https://hm.baidu.com/ https://hmcdn.baidu.com/;report-uri /site/csp-report 1
base-uri 'self';connect-src 'self' https://*.criteo.com https://*.livechatinc.com https://*.doubleclick.net https://*.google-analytics.com https://*.mixpanel.com https://*.optimonk.com https://*.linkedin.com data:;default-src 'self' https://*.googleoptimize.com https://*.google-analytics.com http://*.criteo.com https://*.optimonk.com http://*.mxpnl.com https://*.googletagmanager.com https://*.cloudflare.com https://*.facebook.com https://*.facebook.net https://*.jsdelivr.net https://*.google.com https://*.googleapis.com https://*.livechatinc.com https://*.topfx.com.sc;form-action 'self';img-src 'self' https://*.livechat-files.com https://*.googleapis.com https://*.topfx.com.sc https://*.topfx.com https://admin.topfx.com https://*.linkedin.com https://*.doubleclick.net https://*.adnxs.com https://*.media.net https://*.rubiconproject.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.yahoo.net https://*.omnitagjs.com https://*.360yield.com https://*.criteo.com https://*.sharethrough.com https://*.tremorhub.com https://*.yieldlab.net https://*.emxdgt.com https://*.bidswitch.net https://*.adform.net https://*.casalemedia.com https://id5-sync.com https://*.ivitrack.com https://*.mediavine.com https://*.postrelease.com https://*.outbrain.com https://*.yieldmo.com https://*.demdex.net https://*.krxd.net https://*.googletagmanager.com https://*.google.com https://*.pubmatic.com https://*.facebook.com https://*.lijit.com https://*.google.com.pk https://cdnjs.cloudflare.com https://public-prod-dspcookiematching.dmxleo.com data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-phseVr1UPHRPV0npZgPZ2kpPSRalFfVS' 'strict-dynamic' https://ajax.cloudflare.com https://topfx.com.sc/cdn-cgi/scripts/;style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.googleapis.com https://*.jsdelivr.net https://*.facebook.net;frame-src 'self' https://*.criteo.com https://*.criteo.net https://*.livechatinc.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.youtube.com https://*.topfx.com.sc https://*.doubleclick.net;font-src 'self' https://*.cloudflare.com https://*.gstatic.com data: 1
default-src http://www.kikatek.com https://www.kikatek.com *.amazon.com *.facebook.com *.google.com *.google-analytics.com *.squareupsandbox.com *.squareup.com stats.g.doubleclick.net; script-src http://www.kikatek.com https://www.kikatek.com *.amazon.com *.payments-amazon.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.facebook.net *.facebook.com *.twitter.com *.twimg.com *.paypal.com *.paypalobjects.com *.reddit.com *.pinterest.com seal.godaddy.com js.squareupsandbox.com js.squareup.com *.squarecdn.com; img-src * data:; font-src * data:; style-src http://www.kikatek.com https://www.kikatek.com *.amazon.com *.ssl-images-amazon.com *.googleapis.com tagmanager.google.com *.twitter.com ton.twimg.com 'unsafe-inline'; frame-src http://www.kikatek.com https://www.kikatek.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.twitter.com *.google.com *.youtube.com *.paypalobjects.com *.pinterest.com *.squareupsandbox.com *.squareup.com *.nds-sandbox-issuer.com; frame-ancestors http://www.kikatek.com https://www.kikatek.com http://kes.kikatek.net https://kes.kikatek.net 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'self' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://cdn.cookielaw.org https://www.google-analytics.com https://use.typekit.net https://www.bugherd.com/sidebarv2.js https://sidebar.bugherd.com/embed.js https://player.vimeo.com https://www.youtube.com https://carlisle-embedded.partcommunity.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org https://stats.g.doubleclick.net https://geolocation.onetrust.com https://privacyportal.onetrust.com https://analytics.google.com; font-src 'self' data: https://carlisleitstg.wpengine.com https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://td.doubleclick.net https://9575053.fls.doubleclick.net https://sidebar.bugherd.com https://player.vimeo.com https://www.youtube.com https://carlisle-embedded.partcommunity.com; form-action 'self' http://analytics.clickdimensions.com/; img-src 'self' data: https://ad.doubleclick.net https://cdn.cookielaw.org https://p.typekit.net https://i.vimeocdn.com https://secure.gravatar.com https://www.google.co.in; manifest-src 'self'; media-src 'self' https://player.vimeo.com https://www.youtube.com; worker-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis-moto.fr;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis-moto.fr;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src *; script-src 'self' 'unsafe-inline' https://translate-pa.googleapis.com https://www.trustedsite.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com  https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://oss.maxcdn.com https://cdn.ywxi.net https://*.amazonaws.com https://*.formsite.com https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://js.squareupsandbox.com https://nd.squarecdn.com https://js.squareup.com; object-src 'self' blob:; style-src 'self' https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://translate.googleapis.com https://translate.google.com; img-src https://www.google.com https://www.google-analytics.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://s3.us-east-2.amazonaws.com https://code.jquery.com https://cdn.ywxi.net blob: 'self' data: 'self' https://translate.googleapis.com https://translate.google.com https://www.gstatic.com; media-src 'none'; frame-src 'self' https://www.trustedsite.com https://www.google.com https://*.formsite.com https://sandbox.web.squarecdn.com https://connect.squareupsandbox.com https://web.squarecdn.com https://connect.squareup.com; font-src 'self' https://fonts.gstatic.com https://d1g145x70srn7h.cloudfront.net; connect-src https://api.parkingsnap.com https://translate.googleapis.com https://www.google-analytics.com https://*.amazonaws.com 'self' https://pci-connect.squareupsandbox.com https://pci-connect.squareup.com https://translate.google.com https://squareup.com; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'self' scout.org www.scout.org; report-uri /report-csp-violation 1
frame-ancestors beta.lcbcchurch.com rock.lcbcchurch.com www.lcbcchurch.com 1
default-src 'self' *.zywave;script-src 'self' *.zywave.com *.zywave.co.uk www.google.com 'nonce-PMpo2tkwRaJ7tBHuWFDmPnmwD6OwPJD/eZCiaFwQUO4=';style-src 'self' 'nonce-PMpo2tkwRaJ7tBHuWFDmPnmwD6OwPJD/eZCiaFwQUO4=';frame-src 'self' www.google.com;connect-src 'self' www.google-analytics.com;img-src 'self' data: *.zywave.com *.zywave.co.uk www.google-analytics.com;manifest-src *.zywave.com *.zywave.co.uk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wealthbox.com *.wealthbox.com *.typekit.net *.google.com tracking.g2crowd.com fonts.googleapis.com p.typekit.net googletagmanager.com secure.gravatar.com www.googletagmanager.com *.addthis.com platform.twitter.com cdnjs.cloudflare.com calendly.com *.calendly.com maxcdn.bootstrapcdn.com fonts.gstatic.com my.wpengine.com dify.wpengine.com cdn.jsdelivr.net *.w.org z.moatads.com v1.addthisedge.com *.wistia.net www.google-analytics.com snap.licdn.com bat.bing.com cdn.linkedin.oribi.io *.linkedin.com *.wistia.com beacon-v2.helpscout.net www.googleadservices.com *.litix.io d3hb14vkzrxvla.cloudfront.net dna8twue3dlxq.cloudfront.net *.akamaihd.net *.doubleclick.net d33v4339jhl8k0.cloudfront.net *.glitch.com avatars0.githubusercontent.com fcmatch.youtube.com pi.pardot.com connect.facebook.net www.facebook.com *.adroll.com www.gstatic.com x.bidswitch.net sync.outbrain.com pixel.rubiconproject.com ups.analytics.yahoo.com dsum-sec.casalemedia.com us-u.openx.net image2.pubmatic.com sync.taboola.com eb2.3lift.com ib.adnxs.com www2.profitwell.com maps.googleapis.com cdn.vidyard.com play.vidyard.com *.intercom.io wss://nexus-websocket-a.intercom.io js.intercomcdn.com idsync.rlcdn.com static.intercomassets.com blob: data: about:; 1
frame-ancestors 'self' https://local.sfs-intra.net:9002/ https://unishoppimqas.sfs-intra.net/ https://unishoppim.sfs-intra.net/ https://local.sfs.ch:9002/; 1
default-src 'self' data: blob: *.ftitechnology.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.g.doubleclick.net *.adsymptotic.com *.en25.com *.linkedin.com *.licdn.com *.eloqua.com *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.wistia.com *.wistia.net *.en25.com *.linkedin.oribi.io; script-src 'unsafe-inline' 'self'  'sha256-lFClqbG/gSLQRMoof51MvnJ+iHerFSNoUtdBjEyxi4s='  'sha256-BWp4/yZ9/T5EqDjms6uLLHImfzp8FMRpG4T27/8bRYs='  'sha256-Vk11Ik+H6R3D/yW2fRdzWs1PlgOY3nIjUhKssVcuEkY='  'sha256-CfjqJi/kKkZGWcWNU1lP28K0gcJKk8InHnL2/jk+jU8='  'sha256-9Y24fS21uKXVFT3pW9U86pxeaI5gf3xT2QnFDNraogI='  'sha256-wnciApvSyWV9topJIEq/HEIOCxRhLlpCHXTeSEBEBfs='  *.googletagmanager.com *.google-analytics.com *.wistia.com *.wistia.net *.en25.com *.googleadservices.com *.ftitechnology.com *.linkedin.oribi.io googleads.g.doubleclick.net *.licdn.com *.ipinfo.io ipinfo.io; style-src 'self' *.gstatic.com *.google.com *.googletagmanager.com *.googleapis.com *.wistia.net 'unsafe-inline';   report-uri /report-csp-violation; upgrade-insecure-requests; object-src 'none'; 1
font-src fonts.gstatic.com *.googleapis.com *.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.paybright.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net vars.hotjar.com *.addthis.com *.paypal.com *.pinterest.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.bing.com www.facebook.com *.clarity.ms pixel.tapad.com *.cloudfront.net *.zendesk.com *.pinterest.com https://a.klaviyo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.googletagservices.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net connect.facebook.net *.hotjar.com bat.bing.com tags.srv.stackadapt.com acuityplatform.com *.addthis.com *.moatads.com v1.addthisedge.com *.pinterest.com *.pinimg.com static.zdassets.com assets.zendesk.com widget-mediator.zopim.com *.klaviyo.com *.newrelic.com *.clarity.ms analytics.tiktok.com *.nr-data.net *.smooch.io *.noibu.com https://static.klaviyo.com https://fast.a.klaviyo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.google.ca *.googleapis.com tags.srv.stackadapt.com *.typekit.net *.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net *.gstatic.com *.googleapis.com tags.srv.stackadapt.com in.hotjar.com *.addthis.com *.signifyd.com ekr.zdassets.com *.zendesk.com *.nr-data.net widget-mediator.zopim.com wss://widget-mediator.zopim.com *.klaviyo.com *.clarity.ms analytics.tiktok.com *.smooch.io wss://api.smooch.io *.sentry.io *.pinterest.com *.noibu.com wss://input.noibu.com https://static.klaviyo.com https://fast.a.klaviyo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ca61915d282f8b766c2d5f04f059d7d4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://*.revato.com https://www.google.com; connect-src 'self' https://*.revato.com https://*.datahc.com http://www.hotelscombined.co.uk https://*.kayak.com https://bam.nr-data.net https://*.google-analytics.com https://vc.hotjar.io https://in.hotjar.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.revato.com https://www.kayak.com https://*.hotjar.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://bam.nr-data.net https://js-agent.newrelic.com https://www.googleadservices.com https://www.googletagmanager.com; img-src https: data:; media-src https:; style-src 'self' 'unsafe-inline' https://*.revato.com https://fonts.gstatic.com https://*.googleapis.com; font-src 'self' https://*.revato.com https://fonts.gstatic.com https://script.hotjar.com data:; frame-ancestors 'self'; frame-src 'self' https://*.revato.com https://www.google.com https://recaptcha.google.com/recaptcha/; report-uri https://www.hotelscombined.com/s/run/cspreport/revato; report-to csp-endpoint 1
frame-ancestors 'self' magicsearch.org 1
default-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.facebook.com https://forms.hscollectedforms.net https://api-cdn.usw2.pure.cloud https://analytics.google.com https://clients6.google.com https://sumo.com https://corpapi.lhfs.com https://maps.googleapis.com https://corpapi.lhfs.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.userway.org https://cookie-cdn.cookiepro.com https://a2.mylivechat.com https://api.userway.org https://fonts.gstatic.com https://p.typekit.net https://use.typekit.net https://socialsurvey.me https://socialsurvey.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-scripts.com https://apps.usw2.pure.cloud https://www.reddit.com https://api.bufferapp.com https://graph.facebook.com https://api.facebook.com https://widgets.pinterest.com https://reddit.com https://load.sumome.com https://load.sumo.com https://sumo.com https://maxcdn.bootstrapcdn.com https://s2.mylivechat.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://tagmanager.google.com https://www.mylivechat.com https://a2.mylivechat.com https://mylivechat.com https://go.lhfs.com https://www.gstatic.com https://pi.pardot.com https://cdn.userway.org https://socialsurvey.me https://www.socialsurvey.me https://socialsurvey.com https://don7n2as2v6aa.cloudfront.net https://fonts.googleapis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.typekit.net https://a2.mylivechat.com https://www.google-analytics.com https://www.google.com https://ajax.googleapis.com https://www.google-analytics.com https://use.typekit.net https://ajax.googleapis.com https://maps.googleapis.com https://lhfscdn.com https://maps.googleapis.com https://www.google-analytics.com https://ajax.googleapis.com https://seal-goldengate.bbb.org https://use.typekit.net https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://forms-na1.hsforms.com https://track.hubspot.com https://forms.hsforms.com https://analytics.google.com https://sumo.com https://load.sumo.com https://www.googletagmanager.com https://www.facebook.com https://s2.mylivechat.com https://ssl.gstatic.com https://cdn.userway.org https://lhfs.com https://stats.g.doubleclick.net https://don7n2as2v6aa.cloudfront.net https://socialsurvey.me https://socialsurvey.com https://ps.w.org https://secure.gravatar.com https://stats.doubleclick.net https://www.paypalobjects.com https://bizcybercert.us https://www.google-analytics.com https://0.gravatar.com https://www.gstatic.com https://1.gravatat.com https://www.gstatic.com https://cdn.lhfs.com https://micc.us https://seal-goldengate.bbb.org https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://a2.mylivechat.com data:; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.userway.org https://tagmanager.google.com https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.google.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://lhfs.com https://cdn.userway.org https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://themes.googleusercontent.com data:; frame-src https://lhfs.com https://static.hsappstatic.net https://static.hubspot.com https://app.hubspot.com https://cdn.userway.org https://www.google.com https://go.lhfs.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'self'; base-uri 'none' https://lhfs.com; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://androiddev.social; img-src 'self' https: data: blob: https://androiddev.social; style-src 'self' https://androiddev.social 'nonce-Vapsccqa0014hVC2si5oNQ=='; media-src 'self' https: data: https://androiddev.social; frame-src 'self' https:; manifest-src 'self' https://androiddev.social; form-action 'self'; child-src 'self' blob: https://androiddev.social; worker-src 'self' blob: https://androiddev.social; connect-src 'self' data: blob: https://androiddev.social https://cdn.masto.host wss://androiddev.social; script-src 'self' https://androiddev.social 'wasm-unsafe-eval' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles librarystore.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com www.googleadservices.com *.addthis.com www.google.com adservice.google.com www.googletagmanager.com designer.artifi.net s3.amazonaws.com/cv3.customfiles/ chatapi.providesupport.com bam.nr-data.net; default-src 'self' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' librarystore.commercev3.com s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com www.thelibrarystore.com accept.authorize.net; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com s7.addthis.com tls.thelibrarystore.com edge.addthis.com accept.authorize.net api.thelibrarystore.com rewards.thelibrarystore.com thelibrarystore.com www.thelibrarystore.com; frame-ancestors 'self' https://www.thelibrarystore.com/; img-src 'self' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com tls.thelibrarystore.com image.providesupport.com www.gstatic.com s3.amazonaws.com/cv3.customfiles/; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.addthis.com tls.thelibrarystore.com v1.addthisedge.com z.moatads.com cdn.jsdelivr.net image.providesupport.com cdnjs.cloudflare.com designer.artifi.net s7.addthis.com vm.providesupport.com js-agent.newrelic.com bam.nr-data.net; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.addthis.com tls.thelibrarystore.com v1.addthisedge.com z.moatads.com cdn.jsdelivr.net image.providesupport.com cdnjs.cloudflare.com designer.artifi.net s7.addthis.com vm.providesupport.com js-agent.newrelic.com bam.nr-data.net; style-src 'self' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-elem 'self' s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-attr  'unsafe-inline'; media-src 'self' librarystore.commercev3.com s3.amazonaws.com/cdn.thelibrarystore.com/ cdn.commercev3.net/cdn.thelibrarystore.com/ cdn.thelibrarystore.com www.bing.com; 1
frame-ancestors 'self' https://manage.ratchetandwrench.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: 'unsafe-inline' script-src: 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kafeneio.social; img-src 'self' https: data: blob: https://kafeneio.social; style-src 'self' https://kafeneio.social 'nonce-PVNeVnH9/tJ5vT9oc/OIrQ=='; media-src 'self' https: data: https://kafeneio.social; frame-src 'self' https:; manifest-src 'self' https://kafeneio.social; form-action 'self'; child-src 'self' blob: https://kafeneio.social; worker-src 'self' blob: https://kafeneio.social; connect-src 'self' data: blob: https://kafeneio.social https://kafeneio.social wss://kafeneio.social; script-src 'self' https://kafeneio.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://blimps.xyz; img-src 'self' https: data: blob: https://blimps.xyz; style-src 'self' https://blimps.xyz 'nonce-8LZQF5+ehEketYUwXr3d7g=='; media-src 'self' https: data: https://blimps.xyz; frame-src 'self' https:; manifest-src 'self' https://blimps.xyz; form-action 'self'; child-src 'self' blob: https://blimps.xyz; worker-src 'self' blob: https://blimps.xyz; connect-src 'self' data: blob: https://blimps.xyz https://mediacdn.blimps.xyz wss://blimps.xyz; script-src 'self' https://blimps.xyz 'wasm-unsafe-eval' 1
form-action 'self' https://iqtechportal.com http://iqtechportal.com https://vt.iqtechportal.com http://vt.iqtechportal.com http://localhost:4200 https://localhost:44353 https://integration.iqtechportal.com https://pti.iqtechportal.com; object-src 'none'; frame-ancestors 'self' https://iqtechportal.com http://iqtechportal.com https://vt.iqtechportal.com http://vt.iqtechportal.com http://localhost:4200 https://localhost:44353 https://integration.iqtechportal.com https://pti.iqtechportal.com; default-src 'none'; base-uri 'self'; frame-src 'self' https://iqtechportal.com http://iqtechportal.com; img-src 'self' data:; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/; style-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='; script-src 'self' https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 'sha256-fa5rxHhZ799izGRP38+h4ud5QXNT0SFaFlh4eqDumBI=' 'sha256-bBR11t3xOeLLkccl6Pn1hYbkHCL+JE4CLkgBydaPSE0=' 'sha256-yfZgZ1UI5+kFnPD8ZXQ8Lmncb1yHsLCN0dd5H1wSYuM=' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.trustindex.io  googleads.g.doubleclick.net  cdn.popt.in www.googleadservices.com  *.paypalobjects.com  *.paypal.com  static.cloudflareinsights.com  ajax.cloudflare.com  beacon-v2.helpscout.net  fast.wistia.com  *.google.com  cleantalk.org  stats.wp.com  www.googletagmanager.com  www.gstatic.com  ajax.googleapis.com  cdn.syndication.twimg.com  js.authorize.net  platform.twitter.com *.heavydutykits.com  heavydutykits.com *.mxpnl.com  dashboard-assets.skyverge.com  *.ytimg.com  *.vimeo.com *.youtube.com  code.jquery.com cdnjs.cloudflare.com www.google-analytics.com cdn.userway.org;  style-src 'self' 'unsafe-inline' use.fontawesome.com  cdnjs.cloudflare.com  cdn.jsdelivr.net  *.heavydutykits.com www.gstatic.com  ton.twimg.com  ajax.googleapis.com platform.twitter.com  *.bootstrapcdn.com  fonts.googleapis.com cdn.userway.org; connect-src 'self' *.api.userway.org  *.google.com  cdn.userway.org *.paypal.com display.popt.in  *.paypalobjects.com  d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com  distillery.wistia.com  images2.heavydutykits.com   7a55ccz64v-dsn.algolia.net  stats.g.doubleclick.net  www.google-analytics.com  js.authorize.net api2.authorize.net  *.mixpanel.com *.gstatic.com netdna.bootstrapcdn.com fonts.googleapis.com api.userway.org; font-src 'self' data: cdn.trustindex.io  use.fontawesome.com  cdn.jsdelivr.net  *.heavydutykits.com  maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com cdn.userway.org; img-src 'self' blob:  data: cdn.trustindex.io  www.googletagmanager.com t.paypal.com  embed-fastly.wistia.com fast.wistia.com  embedwistia-a.akamaihd.net  wp-rocket.me  *.seopress.org  woocommerce.com  cleantalk.org  pixel.wp.com  pics.ebaystatic.com  i.ebayimg.com  *.googleusercontent.com  s.w.org  www.google.com updates.themepunch-ext-a.tools  ton.twimg.com syndication.twitter.com  platform.twitter.com  pbs.twimg.com abs.twimg.com *.paypalobjects.com *.themepunch.tools *.themepunch-ext-b.tools  wpovernight.com ps.w.org library.elementor.com secure.gravatar.com images.heavydutykits.com images2.heavydutykits.com *.heavydutykits.com  www.google-analytics.com cdn.userway.org *.cloudfront.net ; frame-src 'self' td.doubleclick.net *.googlesyndication.com bid.g.doubleclick.net  *.paypal.com  *.paypalobjects.com  wp-rocket.me  syndication.twitter.com  platform.twitter.com  *.freemius.com  *.searchwp.com searchwp.com *.userway.org *.google.com ; form-action 'self' wpengine.blogvault.net  platform.twitter.com  syndication.twitter.com  *.elementor.com *.heavydutykits.com heavydutykits.com; media-src 'self' fast.wistia.net blob: cdn.userway.org ;  report-uri https://oweux.com/csp/report/gateway.php; 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.gstatic.com https://*.callrail.com https://*.hotjar.com https://bat.bing.com https://cdn.userway.org https://connect.facebook.net https://maps.googleapis.com https://px4.ads.linkedin.com https://s.pinimg.com https://s.yimg.com https://sc-static.net https://snap.licdn.com https://static.doubleclick.net https://tr.snapchat.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://tr.snapchat.com https://cdn.userway.org; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.co.uk *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.reviews.co.uk *.googleapis.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.linkedin.com *.google.co.uk *.bing.com *.googleapis.com *.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.reviews.io *.licdn.com *.clarity.ms *.bing.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.doubleclick.net *.oribi.io *.google-analytics.com *.google.com *.clarity.ms *.googleapis.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *.googlesyndication.com; prefetch-src https:; img-src 'self' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.google-analytics.com *.google.com *.googlesyndication.com *.g.doubleclick.net sb.scorecardresearch.com *.gigya.com *.ytimg.com data:; media-src 'self' mp4: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.google.com *.googlesyndication.com *.google.com.sg *.gstatic.com *.g.doubleclick.net *.youtube.com embedsocial.com cdn.ampproject.org cdns.gigya.com sb.scorecardresearch.com *.ytimg.com; style-src 'self' 'unsafe-inline' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.googleapis.com *.myfonts.net embedsocial.com; object-src 'self'; frame-src 'self' *.spotify.com *.google.com *.googlesyndication.com *.youtube.com embedsocial.com cdns.us1.gigya.com; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.gstatic.com *.g.doubleclick.net *.youtube.com embedsocial.com *.gigya.com; font-src 'self' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.googleapis.com *.gstatic.com *.typekit.net *.myfonts.net data: 'self' 1
default-src 'self'; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-hashes' 'sha256-mown0HwGU3mpZkY2gFb3AtdG/JqqGyAJePYfVfV5Z0M=' 'sha256-e5RZL47shAiYXNOzv5ZatvMhlHt5BoPJ9XoDcrE8gFU=' 'sha256-8MhLfK/XlTXKuR+V1Ekm8KFSq/sxDvXeEj9RYncKcT4=' 'sha256-WIvDSdGqATikMRxazp63exfnXfIWGTeDTqZKMYPOTNU=' 'sha256-ePniVEkSivX/c7XWBGafqh8tSpiRrKiqYeqbG7N1TOE=' 'sha256-RmXzR+QxhYCy36eYk9RnJl0nwp/pag+SyjMLqpt1phg=' https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://maps.googleapis.com https://api.smooch.io https://ekr.zdassets.com https://static.zdassets.com/ekr/sentry-browser.min.js https://knightscope.zendesk.com https://static.zdassets.com https://softvelum.com/player/releases/sldp-v2.24.0.min.js https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.2/semantic.min.js  https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://knightscope.zendesk.com https://api.smooch.io https://ekr.zdassets.com https://*.s3.amazonaws.com https://ws-elb.ksoc.co wss://api.smooch.io/ wss://ksoc.co/jetson wss://ws.ksoc.co/stomp/websocket wss://asterisk.ksoc.co/ws wss://15.205.81.185 wss://ws-elb.ksoc.co; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; form-action 'self' https://login.microsoftonline.com/common/saml2 https://onelogonqa.gap.com/idp/SSO.saml2; frame-src 'self' https://www.google.com; frame-ancestors 'none'; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://static.zdassets.com; manifest-src 'self'; media-src 'self' data: blob:; worker-src 'self' blob:; 1
default-src 'self'; connect-src 'self' https://services.postcodeanywhere.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://logs.browser-intake-datadoghq.com https://widgets.marqeta.com/ https://api.levelcard.co.uk/ https://customer-col.zable.co.uk/ https://cas.zable.co.uk/; script-src 'self' 'nonce-MDhkMGUyM2EtZDdkMi00MTVjLTgxZmMtNDIxZTBlZTVjYzgw' https://widgets.marqeta.com/ https://*.googletagmanager.com; style-src 'self' 'nonce-MDhkMGUyM2EtZDdkMi00MTVjLTgxZmMtNDIxZTBlZTVjYzgw' https://widgets.marqeta.com/; frame-src 'self' 'nonce-MDhkMGUyM2EtZDdkMi00MTVjLTgxZmMtNDIxZTBlZTVjYzgw' https://widgets.marqeta.com/; img-src 'self' https://www.google-analytics.com 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.samson.de 1
frame-ancestors 'self' https://*.mybigcommerce.com https://*.bigcommerce.com https://*.myshopify.com https://*.shopify.com https://*.3dcartstores.com  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tooters.org; img-src 'self' https: data: blob: https://tooters.org; style-src 'self' https://tooters.org 'nonce-cwvdVuDS/3jd7DXEPb2JBQ=='; media-src 'self' https: data: https://tooters.org; frame-src 'self' https:; manifest-src 'self' https://tooters.org; form-action 'self'; child-src 'self' blob: https://tooters.org; worker-src 'self' blob: https://tooters.org; connect-src 'self' data: blob: https://tooters.org https://cdn.masto.host wss://tooters.org; script-src 'self' https://tooters.org 'wasm-unsafe-eval' 1
script-src https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; base-uri 'self'; img-src * data: ; connect-src 'self' wss: ttrcasino.info surf-casino.appspot.com surf-blog.appspot.com onlinecasinoblog.appspot.com casinoblog.appspot.com ttrcasinoblog.azurefd.net *.softswiss.net *.yandex.ru *.onesignal.com onesignal.com blogttrcasino.azurewebsites.net blogttrcasino.azurefd.net 1
base-uri court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz;connect-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz widget.pro.rent mc.yandex.ru https://chatbot.k8s.myafsa.com/api/chatterbot/%27;default-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz;form-action court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz;img-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz data: api-maps.yandex.ru core-renderer-tiles.maps.yandex.net widget.pro.rent prorent.blob.core.windows.net avatars.githubusercontent.com github.com;media-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz;object-src 'none';script-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz api-maps.yandex.ru mc.yandex.ru widget.pro.rent yastatic.net 'unsafe-inline' core-renderer-tiles.maps.yandex.net;style-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz fonts.googleapis.com 'unsafe-inline' widget.pro.rent;font-src court.aifc.kz authority.aifc.kz afsa.aifc.kz iac.aifc.kz tech.aifc.kz bcpd.aifc.kz gfc.aifc.kz expatcentre.aifc.kz aol.aifc.kz itrp.aifc.kz https://aifc.kz fonts.googleapis.com fonts.gstatic.com;frame-src www.youtube.com api-maps.yandex.ru yandex.com yandex.kz ccaf.io yandex.ru 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-SDvUCIKEAJE5+ND69gu059EtT29eFI6EDCJIoMkJed7R9Twv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NmNjODQ1ODY5MGRmNDhmMWJlMTUzMjViOTkyZGJiYTE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.dus-i.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.dus-i.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.dus-i.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors https://gaacork.ie https://corkgaa.ie http://*.kerryladiesfootball.com http://snowsportscotland.org https://snowsportscotland.org  http://www.glenrovers.ie https://www.clontarfhc.com http://www.bandongaa.com https://fsr.sportlomo.com http://*.bantryblues.com https://www.breaffygaa.ie http://*.northtippsfl.com http://northtippsfl.com http://*.leinstercamogie.ie http://leinstercamogie.ie; 1
default-src 'self' 'unsafe-inline'; child-src 'self'; connect-src 'self' *.google-analytics.com splask-analytics.mampu.gov.my; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com cdn.printfriendly.com; frame-src 'self' *.facebook.com *.twitter.com *.youtube.com *.google.com; img-src 'self' *.google-analytics.com *.twimg.com *.twitter.com cdn.printfriendly.com data: splask-analytics.mampu.gov.my; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.printfriendly.com *.googletagmanager.com static.addtoany.com cdn.jsdelivr.net *.google-analytics.com key-cdn.printfriendly.com platform.twitter.com ton.twimg.com cdn.syndication.twimg.com splask-analytics.mampu.gov.my https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com *.twitter.com ton.twimg.com https://unpkg.com; base-uri 'self'; form-action 'self' syndication.twitter.com; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; child-src 'self'; frame-src 'self' https://www.paypal.com/ https://b.sbox.stats.paypal.com/ https://www.sandbox.paypal.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/; frame-ancestors 'self' 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://wa.me/ https://cdn.tiny.cloud/ https://www.ajans.softyrapps.com https://ajans.softyrapps.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://fonts.gstatic.com/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/; 1
frame-ancestors https://doctorunite.com https://generationnp.com https://paunite.com https://pathologistconnect.com https://oncologynation.com https://medicaldirectorsforum.com https://oncologynationsandbox.skipta.com https://www.opdivoclinicaldata.com https://www.opdivoyervoymnsclc.com origin-opdivo-customerconnect-bms-aem-prod.adobecqms.net www.opdivo.com; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;frame-src * data:; 1
default-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; connect-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; media-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; style-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; font-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; frame-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net *.yastatic.net yastatic.net cdn.docdoc.ru ads.adfox.ru *.google-analytics.com *.googletagmanager.com ; img-src * data: ; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors *; 1
default-src 'none'; manifest-src 'self'; script-src 'nonce-0LX/+tdEdbpwk42STbSZX6NTShO6gnzZd4mHWkUeAns=' 'sha256-NPxtanrGj3/JuYjJOsgA0mEkXCCEoEO9Sr64MVsFil8=' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://a.apac01.idio.episerver.net https://forms.hsforms.com https://forms-na1.hsforms.com https://jumbe.zaius.com.au https://maps.googleapis.com https://maps.gstatic.com https://p2.aprimocdn.net https://track.hubspot.com https://www.facebook.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://*.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://fonts.gstatic.com https://site1.lldxp.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://a.apac01.idio.episerver.net https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://api.hubapi.com https://consent.api.osano.com https://dc.services.visualstudio.com https://forms.hsforms.com https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://maps.googleapis.com https://tattle.api.osano.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.doubleclick.net tham.is.tops.com; media-src 'self' https://p2.aprimocdn.net; object-src 'none'; frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://p2.aprimocdn.net https://www.google.com https://*.doubleclick.net https://map.abuzz.tech; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
frame-ancestors 'self'; worker-src 'self' blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' blob: data:;default-src  https: http: data: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.quantserve.com *.quantserve.com/ secure.quantserve.com/quant.js *.teamtailor-cdn.com *.teamtailor-cdn.com/widgets/production/jobs.js *.googleapis.com *.postescanada-canadapost.ca *.postescanada-canadapost.ca/js/ *.googletagmanager.com *.googletagmanager.com/ *.sitesearch360.com *.sitesearch360.com/ *.google.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/ *.paysafe.com https://www.google-analytics.com *.gstatic.com/recaptcha/releases/ *.hotjar.com *.hotjar.com/ https://www.smartsurvey.co.uk *.facebook.net/ *.newrelic.com *.newrelic.com/ *.quantcount.com *.quantcount.com/ *.cloudflareinsights.com *.cloudflareinsights.com/ *.googleadservices.com *.nr-data.net *.googlesyndication.com *.opendns.com *.opendns.com/ gateway.id.swg.umbrella.com/ cdn.jsdelivr.net/gh/jfeltkamp/cookiesjsr@1/ dev.visualwebsiteoptimizer.com/; style-src 'self' 'unsafe-inline' *.fontawesome.com *.fontawesome.com/ *.postescanada-canadapost.ca *.postescanada-canadapost.ca/css/ *.googleapis.com gateway.id.swg.umbrella.com/; img-src 'self' data: *; frame-src 'self' https://www.google.com *.paysafe.com *.doubleclick.net https://www.smartsurvey.co.uk https://embed.acast.com *.umbrella.com *.googlesyndication.com *.googletagmanager.com *.opendns.com *.opendns.com/; font-src 'self' data: https://use.fontawesome.com *.gstatic.com/; connect-src 'self' https://maps.googleapis.com *.paysafe.com *.sitesearch360.com  https://www.google-analytics.com *.doubleclick.net *.g.doubleclick.net/ *.hotjar.io *.adservice.google.com *.teamtailor.com/ *.quantcount.com *.quantcount.com/ *.google-analytics.com *.vc.hotjar.io *.google.com *.nr-data.net *.hotjar.com *.hotjar.com/ *.postescanada-canadapost.ca wss://ws.hotjar.com/api/v2/client/ws gateway.id.swg.umbrella.com/; report-uri /report-csp-violation 1
default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com *.cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com cookiehub.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.twitter.com *.easydmp.net *.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js *.cloudflare.com *.instagram.com/embed.js tr.snapchat.com *.aticdn.net *.adnxs.com *.teads.tv *.licdn.com *.ads-twitter.com *.yahoo.com s.yimg.com sc-static.net *.criteo.com *.criteo.net *.tiktok.com *.tag4arm.com *.hsforms.com img.metaffiliation.com acdn.adnxs.com bat.bing.com geolocation.onetrust.com cdn.cookielaw.org *.gstatic.com *.videopress.com *.google.com *.google.fr *.wp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net connect.facebook.net *.hsforms.net *.tag.aticdn.net *.trk.adbutter.net https://region1.analytics.google.com blob: *.abtasty.com *.googleapis.com ads-twitter.com t.contentsquare.net contentsquare.com *.leocare.eu https://sp.analytics.yahoo.com https://trk.adbutter.net;style-src 'report-sample' 'self' 'unsafe-inline' secure.adnxs.com analytics.tiktok.com *.google.com *.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com tag.aticdn.net *.abtasty.com *.gstatic.com *.googleapis.com ;object-src 'self' ;form-action 'self' *.leocare.eu *.hsforms.com secure.adnxs.com analytics.tiktok.com tr.snapchat.com *.facebook.com; base-uri 'self' ;connect-src 'self' *.googlesyndication.com *.linkedin.com *.criteo.com *.pangle-ads.com *.linkedin.oribi.io *.easydmp.net https://api-public.leocare.eu/api/v1/lead-consent https://googleads.g.doubleclick.net/ ads-twitter.com s.yimg.comtr.snapchat.com *.onetrust.com *.tiktok.com *.facebook.com *.hsforms.com *.tag4arm.com hubspot-forms-static-embed.s3.amazonaws.com cdn.cookielaw.org *.google-analytics.com stats.g.doubleclick.net https://www.tag4arm.com https://stats.g.doubleclick.net https://yoast.com https://www.google-analytics.com *.hsforms.com *.abtasty.com www.google.com adservice.google.com *.contentsquare.net https://s.yimg.com *.trk.adbutter.net https://region1.analytics.google.com; font-src 'self' secure.adnxs.com analytics.tiktok.com *.gstatic.com https://cdnjs.cloudflare.com blob: *.abtasty.com *.gstatic.com *.googleapis.com ;frame-src 'self' *.twitter.com https://qa-assistant.abtasty.com/ https://asset.easydmp.net https://td.doubleclick.net/ secure.adnxs.com analytics.tiktok.com tr.snapchat.com *.facebook.com *.hsforms.com *.criteo.com *.dailymotion.com *.vimeo.com *.google.com https://www.youtube.com https://www.instagram.com *.trustpilot.com ;img-src 'self' *.twitter.com https://t.co *.criteo.com *.bidswitch.net *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.adform.net *.thebrighttag.com *.krxd.net *.demdex.net *.yieldlab.net *.tremorhub.com *.revcontent.com *.sharethrough.com *.pubmatic.com *.yieldmo.com *.emxdgt.com *.3lift.com *.omnitagjs.com *.casalemedia.com https://id5-sync.com *.outbrain.com *.postrelease.com *.mediavine.com *.ivitrack.com *.360yield.com  *.linkedin.com *.hsforms.com *.instagram.com ads-twitter.com data: *.xiti.com *.yahoo.com *.tiktok.com *.cookielaw.org *.tag4arm.com bat.bing.com ib.adnxs.com *.gravatar.com *.wp.com *.w.org *.google.com *.google.fr *.google.es *.google.co.uk *.google.de *.google.nl *.google.be *.google.ch *.google-analytics.com *.facebook.com *.googletagmanager.com twemoji.maxcdn.com *.doubleclick.net data: https://ib.adnxs.com https://www.tag4arm.com https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr tag.aticdn.net *.adnxs.com blob: *.abtasty.com *.amazonaws.com *.contentsquare.net;media-src 'self' secure.adnxs.com analytics.tiktok.com *.w.org ;worker-src 'self' secure.adnxs.com analytics.tiktok.com *.videopress.com *.google.com blob:;default-src 'self' https://api-public.leocare.eu/api/v1/lead-consent t.co *.youtube.com *.ads.linkedin.com *.g.doubleclick.net *.easydmp.net *.googlesyndication.com *.oribi.io *.twitter.com *.crisp.chat; 1
child-src https://www.google.com/ https://cdn.scarabresearch.com/js/1D13C2EC4C9CBF11/scarab-v2.js https://recommender.scarabresearch.com/ https://e.issuu.com/embed.html https://checkoutshopper-test.adyen.com https://www.google-analytics.com https://9644751.fls.doubleclick.net/ https://bid.g.doubleclick.net/ https://www.clarity.ms https://checkoutshopper-live.adyen.com 'self';connect-src https://recommender.scarabresearch.com/ https://checkoutshopper-test.adyen.com https://www.google-analytics.com wss://socket-chat-de1.tidio.co/ https://stats.g.doubleclick.net/ https://archipro.co.nz/ https://ct.pinterest.com/user/ https://ct.pinterest.com/md/ https://www.clarity.ms *.clarity.ms/ https://www.paypal.com *.bing.com https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://checkoutshopper-live.adyen.com https://analytics.tiktok.com 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-ap-prod.cms.commerce.dynamics.com https://images-ap-prod.cms.commerce.dynamics.com https://www.cittadesign.com https://cittadesignprodret.operations.dynamics.com/;font-src https://static2.sharepointonline.com 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-src https://www.google.com/ https://9644751.fls.doubleclick.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://www.pinterest.com/ https://www.pinterest.nz/ *.pinterest.com/ https://www.paypal.com/ https://checkoutshopper-live.adyen.com;img-src https://checkoutshopper-test.adyen.com https://bat.bing.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://www.google.com/ https://static.secure-afterpay.com.au/ https://www.google.co.nz/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://9644751.fls.doubleclick.net/ https://ct.pinterest.com/v3/ https://c.clarity.ms/ *.bing.com https://googleads.g.doubleclick.net https://track.roeye.co.nz https://t.paypal.com https://*.google-analytics.com https://*.googletagmanager.com https://checkoutshopper-live.adyen.com 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-ap-prod.cms.commerce.dynamics.com https://images-ap-prod.cms.commerce.dynamics.com;script-src https://www.google.com/ https://www.gstatic.com/recaptcha/releases/ https://recommender.scarabresearch.com/ https://cdn.scarabresearch.com/js/1D13C2EC4C9CBF11/scarab-v2.js https://cdn.scarabresearch.com/static/inspector/scarab-inspector.min.js https://checkoutshopper-test.adyen.com https://www.googletagmanager.com/ https://portal.afterpay.com/ https://portal.sandbox.afterpay.com/ https://www.google-analytics.com https://www.googleadservices.com/ https://connect.facebook.net/ https://code.tidio.co/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://script.hotjar.com/ https://widget-v3.tidiochat.com/ https://pixel.archipro.co.nz/ap-analytics.js https://cdn.scarabresearch.com/js/1864110F296D6EF7/scarab-v2.js https://cdn.scarabresearch.com/js/1152ED0CC435F8D0/scarab-v2.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.6ae4a9fc.js https://www.clarity.ms *.clarity.ms/ https://s.pinimg.com/ https://track.roeye.co.nz/ https://www.paypal.com/ https://www.bing.com/ *.bing.com https://*.googletagmanager.com https://checkoutshopper-live.adyen.com https://analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://www.cittadesign.com https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src https://checkoutshopper-test.adyen.com *.bing.com https://checkoutshopper-live.adyen.com 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://www.cittadesign.com ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self';object-src 'self';media-src 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-ap-prod.cms.commerce.dynamics.com https://images-ap-prod.cms.commerce.dynamics.com; 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com *.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz cdnjs.cloudflare.com *.maxcdn.com *.heureka.cz www.google.com www.google.cz *.gstatic.com *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com www.facebook.com *.privacysandbox.googleadservices.com www.googleadservices.com *.g.doubleclick.net *.googleapis.com *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.heureka.sk *.clarity.ms *.criteo.com *.daktela.com *.google.com *.luigisbox.com  *.cloudflare.com *.gopay.com *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleapis.com pixel.biano.bg c.imedia.cz *.smartlook.com *.smartlook.cloud *.cloudflare.com *.targito.expedo.bg *.targito.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.luigisbox.com *.analytics.google.com *.daktela.com *.clarity.ms *.google-analytics.com www.facebook.com p.biano.bg *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo.bg *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.targito.com *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.sk *.foxentry.cz *.foxentry.com *.bubbleapps.io; worker-src blob: *.foxentry.cz *.foxentry.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: data:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: 'self' data:; connect-src wss: https:; img-src https: 'self' data:; 1
report-uri CSPReporting 1
script-src http: https: http://localhost/ 'nonce-Te3HHdqzrmSUm6Uy1nlfghx82k1KSjEtKYPOZBl8XRBtp' https://tagmanager.google.com; style-src 'self' blob: https: 'unsafe-inline' http://localhost/; script-src-elem 'self' blob: http: https: 'unsafe-inline'; img-src data: http: https: https://10322115.fls.doubleclick.net; object-src 'none'; base-uri 'none'; child-src 'self'; font-src font 'self' fonts.gstatic.com 'unsafe-eval' 'unsafe-inline'; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com https: https://10322115.fls.doubleclick.net; 1
connect-src 1
base-uri 'self'; 
connect-src 'self' https://forms.hubspot.com; 
default-src 'self'; 
font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; 
frame-src 'self' https://www.facebook.com; 
img-src 'self' https://forms.hsforms.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com; 
manifest-src 'self'; 
media-src 'self';
object-src 'none'; 
script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://js.hs-analytics.net/analytics/1622328600000/7811012.js https://js.hs-banner.com/7811012.js https://js.hs-scripts.com/7811012.js https://js.hscollectedforms.net/collectedforms.js https://maps.googleapis.com/maps/api/js? https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__es.js; 
style-src 'report-sample' 'self' https://ajax.googleapis.com https://fonts.googleapis.com https://use.fontawesome.com; 
worker-src 'none'; 1
frame-ancestors http://localhost:3001 1
frame-ancestors 'self' app.hubspot.com; object-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com static.hsappstatic.net cdnjs.cloudflare.com unpkg.com tr.outbrain.com www.googletagmanager.com wave.outbrain.com ws.zoominfo.com js.hs-banner.com js.hubspot.com js.hsadspixel.net js.collectedforms.net js.hsleadflows.net js.hs-analytics.net snap.licdn.com kit.fontawesome.com cdn.jsdelivr.net app.hubspot.com googleads.g.doubleclick.net j.6sc.co static.ads-twtitter.com widgets.legalmonster.com andreasmb.github.io 'strict-dynamic' 'nonce-vjUjyQtIv+aVppR02VNeyw=='; ; upgrade-insecure-requests; 1
worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.photopea.com; 1
default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com translate.googleapis.com data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com fonts.gstatic.com www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 1
script-src http: https: https://backend-m2.focusgarden.pl 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://backend-m2.focusgarden.pl; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ data: ; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com https://start.paypo.pl/ *.eraty.pl *.santanderconsumer.pl 1
default-src 'self' blob: data: https://www.facebook.com https://web.facebook.com https://graph.facebook.com https://accounts.google.com https://z-p3-graph.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google.com https://www.gstatic.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://connect.facebook.net https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://accounts.google.com; style-src 'self' 'unsafe-inline' blob: data: https://accounts.google.com; 1
default-src 'self'; img-src 'self' data: blob: https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ads.trafficjunky.net https://*.b-cdn.net https://*.hotjar.com https://www.kalhotkomat.cz https://www.google.cz https://files.packeta.com https://www.zasilkovna.cz; media-src 'self' https://*.b-cdn.net ; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com ; style-src 'self' https://*.hotjar.com 'unsafe-inline' ; script-src 'self' 'nonce-a92d96a503de17609939ddff3d78d011' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://widget.packeta.com https://widget3.packeta.com https://partner.kalhotkomat.cz; connect-src 'self' wss://www.kalhotkomat.cz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://logs-01.loggly.com https://api.cognitive.microsofttranslator.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://video.bunnycdn.com/tusupload https://video.bunnycdn.com/tusupload/ https://widget.packeta.com https://widget3.packeta.com; frame-src 'self' https://www.google.com https://recaptcha.google.com/recaptcha/ https://*.hotjar.com https://widget.packeta.com https://widget3.packeta.com https://partner.kalhotkomat.cz; report-uri https://sentry.dracihnizdo.cz/api/5/security/?sentry_key=0680a0639a61480ea3b1dd8431b12a1e 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/  /*.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/  fonts.googleapis.com/ *.google.com/  *.google.com/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/  'unsafe-inline' ;  style-src 'self' fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' *.google-analytics.com/ *.googletagmanager.com/ *.google.com/  *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/  'unsafe-inline'  'unsafe-eval' ; script-src-elem 'self' *.googleadservices.com/  *.googletagmanager.com/ *.google-analytics.com/ *.google.com/  *.gstatic.com/ *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline'; img-src 'self'  data: *.youtube.com *.google.com *.google.com.br *.google-analytics.com  *.onetrust.com *.maternidadebrasilia.com.br  *.jsdelivr.net *.googleapis.com/   1
frame-ancestors https://online-moebel-kaufen.de https://moebel-letz.shop https://letz.my3cx.de 'self'; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: portmvuploads.s3.ap-southeast-1.amazonaws.com; script-src 'self' 'unsafe-inline' https: 'nonce-lrppcow5' 'strict-dynamic'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' 'nonce-lrppcow5' https://www.google.com/; object-src 'none'; base-uri 'self' 1
default-src 'self' https://*.reclutalia.com https://*.amazonaws.com https://*.amazoncognito.com https://*.googleapis.com https://*.zeusgs.com.mx https://purecatamphetamine.github.io https://cdnjs.cloudflare.com https://maps.gstatic.com https://googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; script-src 'self' unsafe-inline strict-dynamic 'unsafe-hashes' 'unsafe-eval' https://maps.googleapis.com *.google.com blob: https://cdnjs.cloudflare.com 'sha256-9ar2VtVK+wduR9XDq5bvsVBsodzGTfYmFnZ4rUVCIKE=' https://www.googletagmanager.com; img-src * data: blob: https://maps.gstatic.com; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src *.google.com https://us-east-1.quicksight.aws.amazon.com/ https://*.quicksight.aws.amazon.com data: blob:; connect-src * data: blob:; 1
frame-ancestors 'self' http://s318850998.onlinehome.fr http://*.speedyrent.fr http://*.rentiles.fr https://*.rentiles.fr http://images.google.fr https://images.google.fr http://hotels.ile-delareunion.com http://www.ile-delareunion.com http://ile-delareunion.com https://www.ile-delareunion.com https://ile-delareunion.com http://www.hotels.ile-delareunion.com http://www.iledelareunion.net http://www.reunion-hebergements.com http://reunion-hebergements.com https://www.reunion-hebergements.com https://reunion-hebergements.com https://m.facebook.com  https://web.facebook.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://*.fbcdn.net http://www.kayak.fr http://kayak.fr https://www.kayak.fr https://kayak.fr https://www.antilleslocation.com 1
default-src 'self' ;script-src 'unsafe-inline'  'self' https://challenges.cloudflare.com static.cloudflareinsights.com; connect-src 'self'  cloudflareinsights.com;img-src  'self'   data: ; frame-src  https://challenges.cloudflare.com ; object-src 'none';style-src 'unsafe-inline' 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.hotjar.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.google.com www.gstatic.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js static.addtoany.com; style-src 'self' 'unsafe-inline' cdn.ckeditor.com; img-src https: data: http:; frame-src 'self' www.google.com www.youtube.com *.hotjar.com public.tableau.com *.sea.gob.cl sea.gob.cl static.addtoany.com; frame-ancestors 'self'; font-src 'self' *.hotjar.com ; connect-src 'self' *.hotjar.com *.hotjar.io *.google-analytics.com stats.g.doubleclick.net analytics.google.com; report-uri /report-csp-violation 1
iframe-src angelinipharma.com *.angelinipharma.com 1
block-all-mixed-content; frame-ancestors *.voceconstroi.com.br 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * 'self' data: blob: *.jumpseat.io *.google.com *.wirelessprocess.net *.pcipalstaging.cloud *.pcipal.cloud *.tiles.mapbox.com api.mapbox.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://wtkora.com;block-all-mixed-content; 1
'self' 'default-src'    1
default-src 'self'; connect-src 'self'  *.azure.com *.appspot.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' player.vimeo.com *.appspot.com; img-src * data: blob:; media-src 'self' ; object-src 'self'; script-src 'self' *.azure.com *.appspot.com *.queue-fair.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com *.appspot.com 'unsafe-inline'; 1
frame-ancestors 'self' https://www.hurrcollective.com 1
default-src 'self';object-src 'self';frame-src 'self' *.youtube.com *.youtube-nocookie.com *.twitter.com https://player.vimeo.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.z-u-g.org/matomo.js https://platform.twitter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://cdnjs.cloudflare.com;style-src 'self' data: 'unsafe-inline' https://cdnjs.cloudflare.com;img-src 'self' data: https://syndication.twitter.com *.tile.openstreetmap.org;font-src 'self' data: 'unsafe-inline';connect-src 'self' https://matomo.z-u-g.org https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;manifest-src 'self';media-src 'self' *.akamaihd.net 1
frame-ancestors 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/ https://prd-shop.bouwcenter.nl https://bouwcenter.piwik.pro/ https://bouwcenter.containers.piwik.pro/ https://www.recaptcha.net https://www.gstatic.com https://prd-www.bouwcenter.nl https://prd-api.bouwcenter.nl https://www.bouwcenter.nl https://shop.bouwcenter.nl/ https://api.bouwcenter.nl/ https://api.pay.nl https://www.youtube.com https://youtube.com https://issuu.com/ https://sentry.issuu.com https://e.issuu.com https://jotform.com/ https://form.jotform.com/ https://jotfor.ms/ https://cdn01.jotfor.ms/ https://cdn02.jotfor.ms https://cdn03.jotfor.ms 1
default-src 'self' https:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
undefined 1
frame-ancestors 'self' https://*.vitaminw.no https://egon.vitaminw.no; 1
default-src 'self'; connect-src 'self' piwik.micropayment.de wss://*.zopim.com *.zdassets.com; img-src 'self' 'unsafe-inline' data: pci.usd.de piwik.micropayment.de https://resources.micropayment.de/ *.zopim.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' piwik.micropayment.de 'unsafe-eval' *.zopim.com *.zdassets.com; font-src 'self' data: *.zopim.com; child-src 'self' piwik.micropayment.de *.youtube.com https://micropayment.jobs.personio.de/; frame-src 'self' piwik.micropayment.de *.youtube.com https://micropayment.jobs.personio.de/; frame-ancestors 'self' https://www.facebook.com/micropayment.GmbH 1
script-src 'self' websdk.appsflyer.com d12f7y5s6kz9k2.cloudfront.net www.googletagmanager.com www.google.com use.fontawesome.com tag.perfectaudience.com www.gstatic.com googleads.g.doubleclick.net  pixel-geo.prfct.co 'sha256-Yysq7EQyYNXrXspo2szTt2NFV06paI1NsAxg8pL/Fo0=' 'sha256-mw9nDfjk4RnUbVt6p/mRrG9ocHkZktYYtEuZRagFEzs=' 'sha256-F3jVCnWXPbEFOSwl+BFcOETXMcv7PsAUMEHaJARkeFQ='; object-src 'self' ;frame-ancestors 'none'; 1
script-src 'unsafe-inline' *.popular.com.sg https://www.facebook.com https://www.google.com https://www.google.com.sg https://d359v1tdoi4bad.cloudfront.net https://ssl.google-analytics.com/ga.js fonts.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com/analytics.js https://www.gstatic.com https://cdn.curator.io https://embedsocial.com 1
frame-ancestors 'self' https://www.chasepaymentechhostedpay.com 1
img-src  brandfolder.com cdn.brandfolder.io *.gtlaw.com.au *.linkedin.com *.google-analytics.com *.facebook.com *.google.com *.google.co.in *.youtube.com *.adsymptotic.com *.blogger.com *.jobadder.com *.bfldr.com  data:; 1
default-src 'self' blob:; script-src 'self' blob: *.youtube.com https://unpkg.com vjs.zencdn.net 'unsafe-inline' *.readspeaker.com *.googleapis.com *.matomo.cloud 'unsafe-eval'; style-src 'self' fonts.googleapis.com *.youtube.com https://unpkg.com 'unsafe-inline' *.readspeaker.com; img-src 'self' data: *.readspeaker.com maps.gstatic.com maps.googleapis.com *.matomo.cloud; media-src 'self' *.youtube.com *.vimeo.com *.readspeaker.com; frame-src 'self' *.youtube.com *.vimeo.com *.readspeaker.com; child-src blob:; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.googleapis.com *.matomo.cloud *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self';form-action 'self';base-uri 'self';frame-ancestors 'none';script-src 'self' data: accounts.google.com https://clients1.google.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://livesupport-app.appspot.com https://app.chatsupport.co https://www.google-analytics.com https://cse.google.com https://www.google.com https://browser.sentry-cdn.com https://connect.facebook.net https://www.gstatic.com/recaptcha/ 'nonce-pez9UdZx53B8ojt0j8SmyD8Wq5HFLQIafNoNwJ3Vhxc=' 'unsafe-eval' 'sha256-7VXTZXBF+7WfAM9WYouLXLhjrj+uTA/AyOSdbCFgxsg=';style-src 'self' accounts.google.com https://www.google.com 'unsafe-inline';font-src 'self' data: https://storage.googleapis.com https://fonts.gstatic.com;img-src * data:;connect-src 'self' accounts.google.com www.google-analytics.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com *.chatsupport.co wss://rtmserver.anywhereworks.com https://*.sentry.io https://stats.g.doubleclick.net https://storage.googleapis.com/fullstorage https://api-dot-live-fullstorage.appspot.com;media-src 'self' https://storage.googleapis.com *.chatsupport.co;frame-src 'self' accounts.google.com https://cse.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;object-src 'none';report-uri https://o151188.ingest.sentry.io/api/5389153/security/?sentry_key=853e987d22bf4ef8a0f79a37685a89b3;sandbox allow-forms allow-modals allow-popups allow-scripts allow-same-origin allow-top-navigation allow-popups-to-escape-sandbox; 1
frame-src https://* 1
frame-ancestors self; style-src 'unsafe-inline' 'self'; 1
child-src 'self'; frame-ancestors 'self' *.firstam.com *.fassnotary.com; frame-src 'self' *.firstam.com *.fassnotary.com; 1
default-src 'none'; img-src 'self' blob: data: https:; script-src 'nonce-common1705973678788001' *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.googleusercontent.com *.rlets.com https://*.linkedin.com https://*.licdn.com https://*.facebook.com 'sha256-dpRN5wXg0YsXnwK77lCEp8q7m97x4vb8lLuG0lEBZ1o=' 'sha256-LN2a4GIUGe4Ra6mMDgHbE0xfL4vuY/3NA8D4bE2yNj8=' 'sha256-aMzyR08pOM+eu29cVHEO0lYHdU3XEUd7Clkim18Np2g=' 'sha256-UEAQMtSbNbCs69PAxDRev/HtpuL5GuBlLnhtQEuE32c=' 'sha256-9mFq8Do02jZYCIJytRmjU4YuzoLYxMvmAyO/iWaiOYA=' 'sha256-urarjhcT7sLfjlqXnrQdNDzLK9XavG0boPuve2xaYVs=' 'sha256-yaNtIbcH0/b8nacvq9Q9mxiYqTGJJbXJDxW9QQpbYok=' 'sha256-aAmy9spd81qfubhI2BmbYjcb43X0/57Xk2jy6bttxHM=' 'sha256-2Pm4atzcG7sS5xpDXxD2B6OzCuRWWA4YlZcspxOrwGw=' 'sha256-QZTtDybMFbW8yKdAi9jWilRnC1bMZb3RlU6NmoTWiKk=' 'sha256-6RVO2SoVtUO2wlt1Becft5RLMguM2zb3ZPCwjPjAYtQ=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-Jc9/AmUp3Qdu+XHSpwBaBor9KXu4SII2eOnNTlldgEc=' 'sha256-Q3gsu546MxEtZrhQ408WLuVXKWrCF8Dh0ozIeOz4t1o=' 'sha256-m5BxL9Zw0qoA5T8wjYblwAPKyyzpmtcDTwXBy/nZ6do=' 'sha256-pIJpf4nTrITcG2uHHMQ8jjn+kWVn0noyC2f/p5r6mvY=' 'sha256-6d1hzb25TU1brqRIbRwKirhRfrWCDVw9XFuzr1aLB6E=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-aDJ5Bql+RjPsQvM2jhkH/Zsvfio3OzAB4a0aMxemTeY=' 'sha256-2e0AMY+1ycioFIohRms0smnxCryLqnpAB19NGfGqjZY=' 'sha256-4ZicTeZZ8TCZbOVR0PR1gRqRUn/OW9OTuI0SjSJLclo=' 'sha256-NQfc27RODJMCUmaqjMwdfn4W0gAOlXht1ZZm3Yldg8E=' 'sha256-KR2YBWdpxtBBN8qBGh5O/DbZILGzyh8O+P+d0nD2xX0=' 'sha256-jpUYaNb0JTirdko6OeYgaFsE5ol9jcPxkoo9eRa/fv4=' 'sha256-8AD5icVKiYWC8MscX0D+ZcmhbLFkB1ppsaHohjXoGtc=' 'sha256-L7viC3kUpXu9uCOi97VqCR2bLlMwSQlmLmSuuQ93ngU=' 'sha256-m7aOxdCZWzGOtpMd1LNlR2yiipYcMEnjiRIW2JlHMSk=' 'sha256-sdhxQKCyrgcV4Z6cDgE0W5OLLHodQDbqRtLgXIw1q9A=' 'sha256-yNN3xGMO89r54DJvxAbqicZvaPgG9GOwOGVygxLZL2A=' *.nextdoor.com *.leadportal.com  https://*.jsdelivr.net https://*.jquery.com https://*.cloudflare.com https://*.nblyprod.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://www.googletagmanager.com https://www.google-analytics.com *.googleapis.com https://*.typekit.net https://*.pagescdn.com https://unpkg.com https://*.youtube.com https://*.sitescdn.net https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.hotjar.com https://*.realpropertymgt.com/ https://*.stackadapt.com https://*.cloudflareinsights.com https://*.facebook.net *.tctm.co *.en25.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.nblytest.com https://*.nblydev.com *.nblytest.com *.nblydev.com https://*.bing.com https://*.marchex.io https://*.oribi.io https://*.googleoptimize.com 'sha256-TKV0/mdWqsd3xcHSJ4tcsF1ws5ChUUqjFr/X1TJ5dS4=' 'sha256-uaN16cZ4MzjDslkWC8qhwWBF199Y8ruzgrLrZf1viz0=' 'sha256-K8P4tVM0YI4k18HG3/r7FWs37+3qsUxcBHJz/RWXobQ=' https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.clarity.ms https://*.neighborlybrands.com https://*.neighborlybrands.com/ bob: 'unsafe-eval' https://*.en25.com *.omtrdc.net 'self' ajax.cloudflare.com https://*.googleadservices.com https://*.doubleclick.net https://*.appfolio.com https://*.adobedtm.com; style-src undefined *.googleapis.com *.gmailapis.com *.jsdelivr.net *.nblydev.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.nblydev.com  https://*.stackadapt.com https://*.nblyprod.com https://*.neighborlybrands.com https://*.neighborlybrands.com/ 'unsafe-inline' https://*.typekit.net https://*.sitescdn.net https://*.nblytest.com; object-src 'none'; connect-src *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.co *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.googleusercontent.com *.rlets.com https://*.marchex.io https://*.stackadapt.com https://*.linkedin.com https://*.licdn.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.mailing.realpropertymgt.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://www.google-analytics.com https://*.demdex.net https://*.realpropertymgt.com https://*.pagescdn.com https://*.addthis.com https://*.crownpeak.net https://*.neighborly.com https://realpropertymgt.com https://liveapi-cached.yext.com https://*.hotjar.com https://*.dwyergroup.com *.tctm.co *.en25.com https://*.nblytest.com  https://*.bing.com https://*.oribi.io https://*.browser-intake-datadoghq.com https://*.clarity.ms https://*.neighborlybrands.com https://testrsid123.112.2o7.net https://*.nblyprod.com https://*.neighborlybrands.com/ https://*.en25.com *.omtrdc.net https://*.doubleclick.net https://*.nblydev.com https://*.yext.com; font-src undefined https://*.gstatic.com *.jsdelivr.net https://*.nblydev.com https://*.nblytest.com https://*.neighborlybrands.com https://*.nblyprod.com https://*.neighborlybrands.com/  https://*.typekit.net; frame-src *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.co *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.googleusercontent.com *.rlets.com https://*.marchex.io https://*.stackadapt.com https://*.linkedin.com https://*.licdn.com https://*.facebook.net https://*.facebook.com *.nextdoor.com *.leadportal.com https://*.en25.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://*.youtube.com https://*.demdex.net https://*.addthis.com https://answers-embed.realpropertymgt.com.pagescdn.com https://*.hotjar.com/ *.tctm.co *.en25.com https://*.nblyprod.com https://*.neighborlybrands.com/  *.omtrdc.net https://*.appfolio.com/ https://*.google.com/ 1
default-src 'self'; form-action 'none'; worker-src blob: ; media-src https://d10lpsik1i8c69.cloudfront.net/sounds/pop.mp3; connect-src 'self' wss://realtime.luckyorange.com/mqtt https://api.parkassist.com/ https://pubsub.googleapis.com/ wss://visitors.live/ https://api-preview.luckyorange.com/ wss://in.visitors.live/ https://settings.luckyorange.com/ https://settings.luckyorange.net/ https://flykc.cdn.prismic.io/ https://stats.g.doubleclick.net https://visitor2.constantcontact.com/ https://listgrowth.ctctcdn.com/ https://flykc-functions.azurewebsites.net/api/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.cognitoforms.com/ https://api.openweathermap.org/ https://kc-airports.cdn.prismic.io/; font-src 'self' https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/ https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net/ https://tools.luckyorange.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com/ https://static.ctctcdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://static.cognitoforms.com/ https://www.cognitoforms.com/ https://static.cdn.prismic.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net https://static.ctctcdn.com/ https://fonts.googleapis.com/ https://p.typekit.net https://use.typekit.net https://cdnjs.cloudflare.com; frame-src https://maps.google.com/ https://www.youtube.com/ https://www.google.com/ https://4475515.fls.doubleclick.net/ https://book.appointedd.com/ https://pcmap-kci-new.netlify.app/ https://flymkc.prismic.io/ https://kc-airports.cdn.prismic.io/; img-src 'self' https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.facebook.com/tr/ https://images.prismic.io https://flymkc.cdn.prismic.io/flymkc/ data: w3.org/svg/2000; frame-ancestors 'none'; 1
form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iterable.com *.brilliantcollector.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src data: *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; font-src cdn.loom.com www.honeywellpluggedin.com s3.lightboxcdn.com chrome-extension: moz-extension: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src helenoftroy--tst3.widget.custhelp.com www.lightboxcdn.com www.honeywellpluggedin.com s3.lightboxcdn.com www.googletagmanager.com optimize.google.com www.pollenapps.com *.adobe.com *.sharethis.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; frame-src public.cobrowse.oraclecloud.com vars.hotjar.com 10164223.fls.doubleclick.net vice01.pur.com insight.adsrvr.org services.sdiapi.com vice01.honeywellpluggedin.com d1eoo1tco6rr5e.cloudfront.net bid.g.doubleclick.net vice01.vickshumidifiers.com helenoftroy.custhelp.com helenoftroy--tst3.custhelp.com share.hsforms.com www.youtube-nocookie.com tpc.googlesyndication.com optimize.google.com *.trustarc.com ct.pinterest.com www.pollenapps.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.brilliantcollector.com *.paymetric.com *.weltpixel.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.trustarc.com www.rnengage.com crrecommendedmark.org www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.vickshumidifiers.com blob: www.honeywellpluggedin.com www.pur.com www.google.co.uk *.trustarc.com www.google.nl www.google.co.za www.google.co.in prod-phoenix-hh.heledigital.com www.lightboxcdn.com s3.lightboxcdn.com ct.pinterest.com www.google.com.hk www.google.com.vn actv.at cdn.jsdelivr.net t.co analytics.twitter.com www.google.ca fonts.gstatic.com www.magentocommerce.com bam.nr-data.net mageside.com www.gstatic.com www.google.de www.activate.social submitcus.lightboxcdn.com submit.lightboxcdn.com stats.g.doubleclick.net d2axdqolvqmdvx.cloudfront.net www.google.ch www.pollenapps.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; connect-src rules.ee.channels.ocs.oraclecloud.com vice-prod.sdiapi.com rules.atgsvcs.com in.hotjar.com ct.pinterest.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com reports.sdiapi.com bam-cell.nr-data.net analytics.google.com crrecommendedmark.org stats.g.doubleclick.net bt.signifyd.com *.trustarc.com data-ejma.app.daas.us-phoenix-1.ocs.oraclecloud.com vc.hotjar.io region1.analytics.google.com www.google.co.in adservice.google.com www.google.com www.honeywellpluggedin.com bam.nr-data.net ws39.hotjar.com ws28.hotjar.com www.google.com.pk ws26.hotjar.com ws5.hotjar.com www.googletagmanager.com ws36.hotjar.com ws23.hotjar.com ws20.hotjar.com ws12.hotjar.com api.addressy.com ws11.hotjar.com ws18.hotjar.com www.google.co.uk ws3.hotjar.com ws2.hotjar.com www.google.ch ws37.hotjar.com ws10.hotjar.com ws24.hotjar.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.iterable.com *.brilliantcollector.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src js.adsrvr.org ee.channels.ocs.oraclecloud.com rules.ee.channels.ocs.oraclecloud.com services.sdiapi.com vice-prod.sdiapi.com static.hotjar.com sc97923419us4.cobrowse.oraclecloud.com cdn-assets.rapidspike.com static.atgsvcs.com public.cobrowse.oraclecloud.com *.trustarc.com helenoftroy--tst3.custhelp.com www.googleoptimize.com script.hotjar.com www.google.com sc-static.net helenoftroy--tst3.widget.custhelp.com js-agent.newrelic.com www.rnengage.com bam-cell.nr-data.net ygscdn.azureedge.net static.ads-twitter.com s.pinimg.com rules.atgsvcs.com ajax.cloudflare.com www.youtube.com www.lightboxcdn.com lightboxapi.azurewebsites.net googleads.g.doubleclick.net connect.facebook.net www.googletagmanager.com tpc.googlesyndication.com www.honeywellpluggedin.com bam.nr-data.net optimize.google.com api.keen.io jsapi.lightboxcdn.com www.pollenapps.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.iterable.com *.brilliantcollector.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'none'; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https: wss:; frame-src 'self' https://*.google.com; 1
frame-ancestors 'self' https://awards.ratingruneta.ru 1
img-src data: https://*; style-src https://* 'unsafe-inline'; script-src https://* 'unsafe-inline'; frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com *.microsoft365.com *.office.com outlook.live.com outlook.office.com outlook.office365.com outlook-sdf.office.com outlook-sdf.office365.com; 1
default-src 'self' cdn.wcc.heine-shop.nl https://cdn.wcc.heine-shop.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine-shop.nl fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine-shop.nl/graphql cdn.wcc.heine-shop.nl cdn.witt.info/ images.ctfassets.net te.heine-shop.nl tp.heine-shop.nl wasp.heine-shop.nl wst.heine-shop.nl *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine-shop.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.heine-shop.nl www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.heine-shop.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine-shop.nl *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.heine-shop.nl cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine-shop.nl *.dixa.io;    worker-src 'self' cdn.wcc.heine-shop.nl blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src https://* 'self' 'unsafe-eval' 'unsafe-inline' https://*.cookiebot.com; object-src 'none'; img-src 'self' https://*.gaissmayer.de https://*.datafarm.de data:; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; form-action 'self'; report-uri https://itechgroup.com/csp/report; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: secure.gravatar.com fonts.gstatic.com d5prod.imgix.net droga5.com *.accenture.com accenture.com *.google-analytics.com *.googleapis.com *.vimeo.com vimeo.com *.vimeocdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.github.io *.googletagmanager.com *.cloudflare.com *.googleapis.com *.vimeo.com vimeo.com fast.fonts.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net *.vimeo.com vimeo.com fast.fonts.net;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com *.njoyn.com *.digicert.com *.bambora.com *.google-analytics.com *.rollbar.com *.googletagmanager.com *.typekit.net *.twitter.com *.twimg.com *.perfectmind.com *.googleapis.com *.gstatic.com *.google.com *.spacelist.ca *.googleadservices.com *.ecdev.org;  img-src * data:; frame-src 'self' *.youtube.com *.bambora.com *.facebook.com *.twitter.com *.perfectmind.com *.isilive.ca *.escribemeetings.com airdrie.maps.arcgis.com *.google.com *.spacelist.ca *.ecdev.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' px.ads.linkedin.com cloudflare.com *.cloudflare.com https://cujo.com/wp-json/wp/v2/posts/ https://static.cloudflareinsights.com/ https://cdn.usefathom.com https://www.google-analytics.com/ https://datawrapper.dwcdn.net/ https://ajax.googleapis.com/ https://yoast.com/ https://www.googletagmanager.com/gtag/ https://cdn.mxpnl.com/libs/ https://cdnjs.cloudflare.com/ https://ajax.cloudflare.com/ https://ajax.cloudflare.com/cdn-cgi/scripts/ https://www.google-analytics.com/ https://www.google-analytics.com/collect https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cloudflareinsights.com/ https://static.cloudflareinsights.com https://n.clarity.ms https://cdn.usefathom.com/; script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com/ https://px.ads.linkedin.com/ https://ajax.cloudflare.com/ https://ajax.googleapis.com/ https://cdn.usefathom.com/ https://cdn.usefathom.com/ https://www.clarity.ms/ https://cloudflareinsights.com/ https://static.cloudflareinsights.com/; frame-src https://www.youtube-nocookie.com/ https://datawrapper.dwcdn.net/ https://static.cloudflareinsights.com/ https://www.google.com/ google.com https://cujo.com/ youtube.com www.youtube.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; style-src-elem 'self' 'unsafe-inline' https://static.cloudflareinsights.com/ https://code.jquery.com/ https://fonts.googleapis.com/css; img-src 'self' https://www.linkedin.com/ https://cdn.usefathom.com/ https://px.ads.linkedin.com/ https://ps.w.org/ https://s.w.org/ https://secure.gravatar.com/ data: https://i.ytimg.com/ https://www.google-analytics.com/; 1
base-uri 'none'; form-action 'self' *.interstates.com; frame-ancestors 'self' *.interstates.com; upgrade-insecure-requests; default-src 'self' https://com-interstates-cdn-2023.s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.interstates.com https://ad.ipredictive.com https://play.libsyn.com https://analytics.twitter.com https://player.vimeo.com https://maps.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org; style-src 'self' *.interstates.com 'unsafe-inline' https://www.socialintents.com https://netdna.bootstrapcdn.com https://ad.ipredictive.com https://fonts.googleapis.com data: blob:; font-src 'self' *.interstates.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; img-src 'self' *.interstates.com https://*.s3.amazonaws.com https://via.placeholder.com https://*.craft-cdn.com https://github.com https://*.githubusercontent.com https://um.simpli.fi https://tag.simpli.fi https://ad.ipredictive.com https://analytics.twitter.com https://d3vfyagh5j3wrg.cloudfront.net https://d17lvj5xn8sco6.cloudfront.net https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://dsum-sec.casalemedia.com https://cdn.cookielaw.org https://khms0.googleapis.com https://khms1.googleapis.com https://i.vimeocdn.com https://optanon.blob.core.windows.net https://i.ytimg.com https://p.adsymptotic.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://pixel.rubiconproject.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://px.ads.linkedin.com https://t.co *.gravatar.com https://insight.adsrvr.org https://ib.adnxs.com https://cm.g.doubleclick.net https://match.adsrvr.org https://ups.analytics.yahoo.com data: blob:; script-src-elem 'self' *.interstates.com 'unsafe-inline' https://chat.socialintents.com https://ajax.googleapis.com https://www.socialintents.com https://www.recaptcha.net https://d33i2vgywgme2s.cloudfront.net https://cdn.polyfill.io https://js.stripe.com https://cdnjs.cloudflare.com https://*.usersnap.com https://polyfill.io https://i.simpli.fi https://tag.simpli.fi https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://player.vimeo.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.googleapis.com data: blob:; style-src-elem 'self' *.interstates.com 'unsafe-inline' https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://www.socialintents.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org data: blob:; frame-src 'self' *.interstates.com https://chat.socialintents.com https://www.socialintents.com https://td.doubleclick.net https://www.recaptcha.net https://js.stripe.com https://play.libsyn.com https://resources.interstates.com https://online.flippingbook.com https://analytics.clickdimensions.com https://interstates-privacy.my.onetrust.com https://player.vimeo.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://www.facebook.com; connect-src 'self' https://pagead2.googlesyndication.com https://widget.usersnap.com https://api.craftcms.com https://play.libsyn.com https://analytics.google.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://www.google-analytics.com https://cookies-data.onetrust.io https://interstates-privacy.my.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.facebook.com file: data: blob: filesystem: url: 1
frame-ancestors 'self' explore.mavenlink.com explore.kantata.com learn.kantata.com app.folloze.com; 1
default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.mittelstand-digital-wertnetzwerke.de 1
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.pigeonhole.at static.pigeonholelive.com static-cloudfront.pigeonhole.at appsforoffice.microsoft.com blob: static-cloudfront.pigeonhole.at; style-src 'self' 'unsafe-inline' static.pigeonhole.at static.pigeonholelive.com static-cloudfront.pigeonhole.at static-cloudfront.pigeonhole.at; img-src * data:; object-src *; media-src *; frame-src *; font-src *; connect-src *; 1
default-src 'self'; script-src 'self' 'nonce-eKb3XSYlMKHXuRWFPaaYgLWoX0iRGy4j' 'sha256-pOMy5zVRJ9uLQCb14Kktf4KESbGZRs4C4I2gfZ1ZKM4=' 'sha256-F63pH4hhuRDQhqLO6iV92Sfozhk1aS2FjvOkgObROBU=' 'sha256-3475GzzKJtJyijG2bG38Ow6TMT5krezIUCcDdjQ7u5Y=' 'sha256-7TNigyWAB9Hjxp6JLKwV7VjpUFb3ut9cXLV2ZtUv/8Q=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'sha256-zp2J6ufGMxGFKz4PMh8P24xWnRSxyNbAKrsz4pNgZ7Y=' https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://d3pkntwtp2ukl5.cloudfront.net https://www.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.iubenda.com https://*.paysafe.com https://cdnjs.cloudflare.com https://admin.typeform.com https://embed.typeform.com https://*.zopim.com https://browser-update.org https://px.ads.linkedin.com https://*.quora.com https://coinzillatag.com https://go.smartvalor.com https://sjs.bizographics.com https://www.linkedin.com https://cdn.mouseflow.com https://pi.pardot.com https://connect.facebook.net https://wchat.eu.freshchat.com https://assetscdn-wchat.eu.freshchat.com/ https://includestest.ccdc02.com https://*.cardinalcommerce.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.adroll.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://simage2.pubmatic.com https://sync.outbrain.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://snap.licdn.com https://d.adroll.mgr.consensu.org https://js.userpilot.io https://smartvalor.com; style-src 'self' 'unsafe-inline' data: https://tagmanager.google.com https://fonts.googleapis.com https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com; connect-src 'self' wss: ws: https://analytics.google.com https://pagead2.googlesyndication.com https://version.smartvalor.com https://news.smartvalor.com https://v2.zopim.com https://www.google-analytics.com https://consent.iubenda.com https://hits-i.iubenda.com https://*.paysafe.com https://*.mouseflow.com https://api.rollbar.com https://stats.g.doubleclick.net https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.cardinalcommerce.com https://request-global.czilladx.com https://min-api.cryptocompare.com wss://analytex.userpilot.io https://*.cloudflarestream.com ; img-src 'self' 'strict-dynamic' data: https://news.smartvalor.com https://assets.jazz.co/ https://s3-eu-west-1.amazonaws.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://*.gstatic.com https://*.zopim.com https://cdn.iubenda.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://avatars.slack-edge.com https://cdn.jsdelivr.net https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com https://*.quora.com https://www.linkedin.com https://www.cryptocompare.com https://dev-sv-strapi.s3.eu-west-1.amazonaws.com https://sv-dev-strapi.s3.eu-west-1.amazonaws.com https://sv-stg-strapi.s3.eu-west-1.amazonaws.com https://stg-sv-strapi.s3.eu-west-1.amazonaws.com https://prod-sv-strapi.s3.eu-west-1.amazonaws.com https://sv-prd-strapi.s3.eu-west-1.amazonaws.com https://*.adroll.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://simage2.pubmatic.com https://sync.outbrain.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://browser-update.org https://*.cloudflarestream.com; frame-src 'self' * data: blob: https://shuftipro.com https://cdn.iubenda.com https://*.smartvalor.com https://hosted.test.paysafe.com https://wchat.eu.freshchat.com https://*.smartvalor.com https://hosted.test.paysafe.com; object-src 'none'; frame-ancestors 'self' https://smartvalor.com; media-src 'self' https://*.cloudflarestream.com https://assetscdn-wchat.eu.freshchat.com; base-uri 'self'; 1
frame-ancestors 'self' yoper.clicdata.com; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.facebook.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.googletagmanager.com/gtag/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://static.licdn.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/; object-src https://*.granicus.com https://*.granicusinternalvideo.net https://www.google.com/ https://*.baldwincountyal.gov http://*.baldwincountyal.gov https://www.facebook.com https://baldwin-co-al.vod.castus.tv/ https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://cloud.castus.tv/; connect-src 'self' accounts.google.com *.gstatic.com *.mktoresp.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://*.granicus.com *.granicusinternalvideo.net https://*.baldwincountyal.gov http://*.baldwincountyal.gov https://www.youtube.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.granicus.com https://*.granicusinternalvideo.net https://www.google.com/ https://*.baldwincountyal.gov https://www.facebook.com https://baldwin-co-al.vod.castus.tv https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ web-chat.nativechat.com; frame-src https://www.facebook.com/ https://cdn.userway.org/ https://radar.weather.gov https://www.youtube.com/ https://baldwin-co-al.vod.castus.tv/ https://www.youtube-nocookie.com/ 'self' https://www.google.com/ https://cloud.castus.tv/ web-chat.nativechat.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freeatlantis.com; img-src 'self' https: data: blob: https://freeatlantis.com; style-src 'self' https://freeatlantis.com 'nonce-rmQUuH/qYNcGrye4U/FLpg=='; media-src 'self' https: data: https://freeatlantis.com; frame-src 'self' https:; manifest-src 'self' https://freeatlantis.com; form-action 'self'; child-src 'self' blob: https://freeatlantis.com; worker-src 'self' blob: https://freeatlantis.com; connect-src 'self' data: blob: https://freeatlantis.com https://files.freeatlantis.com wss://freeatlantis.com; script-src 'self' https://freeatlantis.com 'wasm-unsafe-eval' 1
default-src 'self' cab.de *.cab.de 'unsafe-inline' cab.de 'self'; 		child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net blob:; 		connect-src 'self' analytics.cab.de wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; 		font-src 'self' data: d3dc1lgancj6l0.cloudfront.net; 		frame-src 'self' analytics.cab.de api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com www.youtube-nocookie.com player.vimeo.com; 		img-src 'self' data: cab.tom.webcontact.de cdn.sitesearch360.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com; 		media-src 'self' *.cab.de d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; 		object-src 'none'; 		script-src 'self' *.cab.de 'unsafe-inline' 'unsafe-eval' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com userlike-cdn-umm.b-cdn.net; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' *.googleapis.com *.aspnetcdn.com *.jsdelivr.net *.epa.gov *.usa.gov; object-src 'self'; 1
frame-ancestors 'self' *.datcu.org 1
default-src 'self' data: https://*.assetsadobe.com https://*.cognigy.ai wss://*.cognigy.ai https://*.doubleclick.net https://*.dynamics.com https://*.facebook.com https://*.facebook.net https://*.googleanalytics.com https://*.google-analytics.com https://www.googleoptimize.com https://*.googleusercontent.com https://*.realytics.io https://*.trbo.com https://*.vimeo.com https://*.youtube.com https://*.zurrose.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.addtoany.com https://*.adnxs.com https://*.azureedge.net https://*.cognigy.ai http://*.cloudflare.com https://*.doubleclick.net https://*.dynamics.com https://*.facebook.com https://*.facebook.net https://github.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://objects.githubusercontent.com https://*.realytics.net https://*.realytics.io https://*.trbo.com https://unpkg.com https://*.youtube.com https://*.zurrose.ch https://*.zurrose.ch:35729; style-src 'self' 'unsafe-inline' http://*.cloudflare.com http://*.google.com http://*.googleapis.com; img-src 'self' data: https://*.adnxs.com https://*.cloudflare.com https://*.cognigy.ai https://*.doubleclick.net https://*.dynamics.com https://www.facebook.com https://*.google.ch https://*.google.com https://*.google.de https://*.google-analytics.com https://*.googletagmanager.com https://cdn.pixabay.com https://*.googletagmanager.com https://*.gstatic.com https://*.zurrose.ch; frame-src 'self' https://*.addtoany.com https://*.cognigy.ai wss://*.cognigy.ai https://*.doubleclick.net https://*.dynamics.com https://*.facebook.com https://*.figma.com https://*.google.com https://*.google-analytics.com https://*.trbo.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.zurrose.ch; report-uri /report-csp-violation 1
default-src 'none'; connect-src 'self' https://*.hsforms.com https://vitals.vercel-insights.com https://*.cookiebot.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://merchant.cdn.hoolah.co https://*.hotjar.com wss://*.hotjar.com https://*.facebook.net https://*.hotjar.io https://webto.salesforce.com https://igloohome2--igloodev.my.salesforce.com https://cdn.linkedin.oribi.io https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com ; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://*.hsforms.com https://*.google.com https://*.doubleclick.net https://*.cookiebot.com https://*.facebook.com https://www.youtube-nocookie.com https://*.hotjar.com https://*.hsforms.net https://*.method.ws https://*.freshchat.com https://vercel.live https://a.storyblok.com https://drive.google.com https://*.jotform.com https://jotform.com; img-src 'self' data: https://a.storyblok.com https://img.storyblok.com http://img2.storyblok.com https://img2.storyblok.com https://*.hsforms.com https://*.google-analytics.com https://*.google.com https://*.google.com.sg https://*.google.co.id https://*.google.co.uk https://*.facebook.com https://*.linkedin.com/ https://p.adsymptotic.com/ https://merchant.cdn.hoolah.co https://cdn.hoolah.co https://*.hotjar.com https://*.doubleclick.net https://*.googleadservices.net https://*.adroll.com https://*.vercel.com https://*.com https://*.net; media-src 'self' https://a.storyblok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://app.storyblok.com http://*.hsforms.net https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com https://*.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.facebook.net https://*.licdn.com https://*.hotjar.com https://*.adroll.com https://*.freshchat.com https://vercel.live; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://app.storyblok.com http://*.hsforms.net https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com https://*.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.facebook.net https://*.licdn.com https://*.hotjar.com https://*.adroll.com https://*.freshchat.com https://vercel.live; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com http://app.storyblok.com https://app.storyblok.com https://*.googletagmanager.com https://*.cookiebot.com https://cdn.hoolah.co https://*.freshchat.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com http://app.storyblok.com https://app.storyblok.com https://*.googletagmanager.com https://*.cookiebot.com https://cdn.hoolah.co https://*.freshchat.com; base-uri 'self'; form-action 'self' https://*.hsforms.com https://igloohome.us10.list-manage.com https://igloohome.us8.list-manage.com https://*.facebook.com https://webto.salesforce.com https://igloohome2--igloodev.my.salesforce.com; frame-ancestors 'self' http://app.storyblok.com https://app.storyblok.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'      *.trustarc.com       *.fullstory.com      *.google-analytics.com      *.addthis.com      *.doubleclick.net      *.hulltrains.co.uk      *.googleapis.com      *.clarity.ms      *.twitter.com      *.twimg.com      *.liadm.com      *.googletagservices.com      *.googleadservices.com      *.googlesyndication.com     *.gstatic.com      *.jsdelivr.net      *.daysoutguide.co.uk      *.bootstrapcdn.com      *.cloudflare.com      *.cloudfront.net      *.google.com      *.googletagmanager.com      *.truste.com     *.jquery.com     *.usabilla.com      *.hotjar.com      *.bing.com      *.postcodeanywhere.co.uk      *.pcapredict.com      *.moatads.com      *.addthisedge.com      *.consentric.io     *.googleoptimize.com    *.webtrends-optimize.com   *.matterport.com ;           style-src 'self' 'unsafe-inline'     *.trustarc.com         *.fullstory.com      *.google-analytics.com      *.trustarc.com     *.doubleclick.net      *.hulltrains.co.uk      *.googleapis.com      *.twitter.com      *.twimg.com      *.liadm.com      *.gstatic.com      *.daysoutguide.co.uk      *.bootstrapcdn.com      *.cloudflare.com      *.cloudfront.net      *.google.com      *.googletagmanager.com      *.usabilla.com      *.hotjar.com      *.bing.com      *.clarity.ms      *.postcodeanywhere.co.uk      *.truste.com      *.jquery.com      *.pcapredict.com      *.moatads.com      *.addthisedge.com      *.consentric.io     *.googleoptimize.com   *.webtrends-optimize.com    *.matterport.com;            font-src 'self'       *.fullstory.com      *.google-analytics.com      *.doubleclick.net      *.hulltrains.co.uk      *.googleapis.com      *.twitter.com      *.twimg.com      *.liadm.com      *.gstatic.com      *.daysoutguide.co.uk      *.bootstrapcdn.com      *.cloudflare.com      *.cloudfront.net      *.google.com      *.clarity.ms      *.googletagmanager.com      *.usabilla.com      *.hotjar.com      *.bing.com      *.postcodeanywhere.co.uk      *.truste.com      *.jquery.com      *.pcapredict.com      *.consentric.io      *.googleoptimize.com   *.webtrends-optimize.com    *.matterport.com ;           object-src 'none' ; 1
frame-ancestors 'self' https://ravensburger-spieleland.besuchsplaner.online/ ; 1
frame-ancestors 'self' *.ornc.org; 1
default-src 'self' img-src * data: 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.linkedin.oribi.io *.brightcovecdn.com *.boltdns.net *.brightcove.com https://www.youtube-nocookie.com https://www.youtube.com https://stats.g.doubleclick.net *.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' *.brightcovecdn.com *.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.brightcove.net *.brightcove.com *.cloudflareinsights.com *.addevent.com *.ads-twitter.com *.licdn.com *.glassdoor.com *.glassdoor.co.uk https://sc-static.net *.facebook.net *.instagram.com *.twimg.com *.ytimg.com *.twitter.com *.linkedin.com https://www.youtube.com *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com https://www.imperialbrandsplc.com; img-src 'self' data: *.brightcove.net *.brightcove.com *.addevent.com *.linkedin.com t.co *.ytimg.com *.glassdoor.co.uk *.facebook.com *.doubleclick.net *.cdninstagram.com *.twimg.com *.twitter.com *.fbcdn.net https://www.google.com https://www.google.co.uk *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com; child-src 'self' https://www.google.com; frame-src 'self' https://12546008.fls.doubleclick.net *.connectidfeed.com https://players.brightcove.net secure.flife.de *.investis.com *.glassdoor.co.uk *.linkedin.com *.facebook.com *.twitter.com *.vimeo.com *.google.com https://www.youtube.com https://www.youtube-nocookie.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://translate.googleapis.com https://www.gstatic.com; img-src data: https://*.eprintview.com https://*.gstatic.com https://www.google.com https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com; object-src 'none'; frame-src 'self'; connect-src 'self' https://*.googleapis.com; font-src 'self'; upgrade-insecure-requests 1
default-src 'self';img-src 'self' *.commercecloud.salesforce.com *.demandware.net *.aob.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.gstatic.com *.affirm.com affirm.com data: sfapi.formstack.io formsprod.azureedge.net www.paypalobjects.com cms.grillagrills.com network-stg-a.bazaarvoice.com *.collect.igodigital.com bat.bing.com logs-01.loggly.com www.google.com www.facebook.com c.clarity.ms t.paypal.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com formsprod.azureedge.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com www.youtube.com www.googletagmanager.com tagmanager.google.com *.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com maps.googleapis.com ssl.google-analytics.com *.googleadservices.com capgemini-hxkse.formstack.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com sfapi.formstack.io www.paypal.com www.sandbox.paypal.com apps.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.collect.igodigital.com bat.bing.com googleads.g.doubleclick.net connect.facebook.net www.clarity.ms u.clarity.ms utt.impactcdn.com grillagrills.pxf.io ojrq.net;connect-src 'self' *.commercecloud.salesforce.com *.demandware.net *.aob.com api.cquotient.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com maps.googleapis.com api.iconify.design api.simplesvg.com api.unisvg.com www.google-analytics.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com sfapi.formstack.io www.paypal.com www.sandbox.paypal.com apps.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com analytics.google.com stats.g.doubleclick.net bat.bing.com googleads.g.doubleclick.net connect.facebook.net www.clarity.ms utt.impactcdn.com p.clarity.ms grillagrills.pxf.io ojrq.net;frame-src 'self' www.youtube.com capgemini-hxkse.formstack.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com www.google.com www.paypal.com www.sandbox.paypal.com cloud.mc.grillagrills.com td.doubleclick.net www.facebook.com kingsumo.com;child-src 'self' www.youtube.com *.affirm.com affirm.com;font-src 'self' fonts.gstatic.com data:;upgrade-insecure-requests;frame-ancestors 'self' https://bcnx-002.dx.commercecloud.salesforce.com/ https://bcnx-001.dx.commercecloud.salesforce.com/ https://grillagrills-qa.mobify-storefront.com/ https://development-na01-americanoutdoorbrands.demandware.net/ https://staging-na01-americanoutdoorbrands.demandware.net/ https://grilla-qa.aob.com/;base-uri 'self';block-all-mixed-content;object-src 'none';script-src-attr 'none' 1
default-src 'self' *.aoe.com *.elfsight.com *.cookiepro.com www.google-analytics.com hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com forms.hsforms.com api.hubapi.com js.hs-banner.com stats.g.doubleclick.net www.facebook.com elfsightmail.com maps.googleapis.com svc.webspellchecker.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aoe.com cookie-cdn.cookiepro.com www.googletagmanager.com www.google-analytics.com www.googleoptimize.com www.google.com www.gstatic.com maps.googleapis.com connect.facebook.net snap.licdn.com js.hs-scripts.com js.hsforms.net forms.hsforms.com static.hsappstatic.net *.elfsight.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net *.doubleclick.net www.googleadservices.com secure.kota3chat.com www.eventbrite.de svc.webspellchecker.net www.veranstaltungsticket-bahn.de; img-src 'self' data: *.aoe.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net *.hsforms.com *.hubspot.com www.google.de www.google.com www.googletagmanager.com www.google-analytics.com maps.gstatic.com maps.googleapis.com img.evbuc.com *.linkedin.com www.facebook.com www.youtube.com www.veranstaltungsticket-bahn.de; style-src 'self' 'unsafe-inline' *.aoe.com cdnjs.cloudflare.com use.fontawesome.com svc.webspellchecker.net; font-src 'self' *.aoe.com cdnjs.cloudflare.com use.fontawesome.com svc.webspellchecker.net; frame-src *.aoe.com www.google.com forms.hsforms.com explorer.land www.youtube.com www.youtube-nocookie.com www.facebook.com www.slideshare.net www.eventbrite.de; frame-ancestors *.aoe.com; object-src 'none'; connect-src * data: 'unsafe-inline'; script-src-elem * data: 'unsafe-inline'; 1
default-src 'self' seatgeek.okta.com *.oktacdn.com; connect-src 'self' seatgeek.okta.com seatgeek-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com seatgeek.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' seatgeek.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' seatgeek.okta.com *.oktacdn.com; frame-src 'self' seatgeek.okta.com seatgeek-admin.okta.com login.okta.com com-okta-authenticator: api-680e7385.duosecurity.com; img-src 'self' seatgeek.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' seatgeek.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.groupe-asserdis.com https://fonts.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://www.googleapis.com 1
default-src 'self' 'unsafe-inline' blob: https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://tf9335f17.emailsys1a.net https://fonts.gstatic.com https://fonts.googleapis.com https://analytics.engie-deutschland.de https://www.googletagmanager.com https://*.google-analytics.com https://static.dvinci-easy.com https://eu-api.friendlycaptcha.eu https://job.engie-deutschland.de; object-src 'none'; img-src https: data: ;frame-ancestors 'self';form-action 'self' https://tf9335f17.emailsys1a.net; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles winfield.commercev3.com *.listrakbi.com *.listrak.com *.google-analytics.com  *.powerreviews.com *.doubleclick.net *.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/  *.clarity.ms www.facebook.com *.klaviyo.com www.googletagmanager.com; default-src 'self' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' winfield.commercev3.com s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com www.youtube.com www.mapquest.com; frame-ancestors 'self' www.thewinfieldcollection.com; img-src 'self' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com *.pinterest.com secure.trust-provider.com www.sherwoodonline.com/ www.gstatic.com/ ajax.aspnetcdn.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.pinterest.com secure.trust-provider.com ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.pinterest.com secure.trust-provider.com ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thewinfieldcollection.com; style-src-elem 'self' s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thewinfieldcollection.com; style-src-attr  'unsafe-inline'; media-src 'self' winfield.commercev3.com s3.amazonaws.com/cdn.thewinfieldcollection.com/ cdn.commercev3.net/cdn.thewinfieldcollection.com/ cdn.thewinfieldcollection.com www.bing.com; 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com  https://maps.googleapis.com https://platform.twitter.com https://www.googletagmanager.com https://connect.facebook.net ; img-src 'self' https://ssl.google-analytics.com data:  https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.facebook.com https://platform.twitter.com  https://syndication.twitter.com; connect-src 'self' https://ds1.skillmissionbihar.org https://solarex.mkcl.org; object-src 'self'; 1
script-src 'self' https://checkout.stripe.com https://kit.fontawesome.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; font-src data: https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; object-src 'self'; child-src 'self' https://checkout.stripe.com; connect-src 'self' https://checkout.stripe.com https://*.fontawesome.com 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
frame-ancestors 'self' communico.co *.communico.co communico.tv libnet.info *.libnet.info events.slcpl.org; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://browser-update.org/update.min.js https://www.google-analytics.com/analytics.js ;                    style-src 'self' 'unsafe-inline';                    img-src 'self'  data: blob;                    frame-src https://app.powerbi.com/ https://evercore.mediasterling.com/ https://evercoreisi.mediasterling.com/; 1
default-src https: 'self' cdn-assets.cdasiaonline.com cdn-usercontents.cdasiaonline.com; block-all-mixed-content; connect-src 'self' *.google-analytics.com bam.nr-data.net cloudflareinsights.com  *.ingest.sentry.io; font-src 'self' data: cdn-assets.cdasiaonline.com fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: cdn-assets.cdasiaonline.com cdn-usercontents.cdasiaonline.com *.google-analytics.com bam.nr-data.net stats.g.doubleclick.net; manifest-src 'self'; media-src 'self' data:; object-src 'self' application/x-shockwave-flash application/pdf; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-assets.cdasiaonline.com www.google-analytics.com www.googletagmanager.com *.newrelic.com bam.nr-data.net *.cloudflare.com *.cloudflareinsights.com code.jquery.com *.sentry-cdn.com; style-src 'self' 'unsafe-inline' data: cdn-assets.cdasiaonline.com; upgrade-insecure-requests; worker-src 'self' blob: 1
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self' https://dynavax.sharepoint.com; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: *.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com api.lever.co 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://*.govmetric.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-ODExNzJkOGQtM2FkNi00NWFmLTljNzktMzc1MzRiOTliYjEz' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://meldingen.zeelandveilig.nl https://include.timeblockr.com https://*.timeblockr.com https://*.govmetric.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://meldingen.zeelandveilig.nl https://include.timeblockr.com https://*.timeblockr.com https://*.govmetric.com; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-ODExNzJkOGQtM2FkNi00NWFmLTljNzktMzc1MzRiOTliYjEz' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://include.timeblockr.com https://*.timeblockr.com https://meldingen.zeelandveilig.nl; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://include.timeblockr.com https://meldingen.zeelandveilig.nl;  1
default-src 'self' *.kinandcarta.com *.kinandcarta.local;script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kinandcarta.com https://www.google-analytics.com https://www.google.com *.googleapis.com https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://www.youtube.com/ https://kinandcarta.activehosted.com/ https://d3rxaij56vjege.cloudfront.net/ https://static.elfsight.com/ https://apps.elfsight.com/ https://files.elfsight.com/ https://trackcmp.net/ https://edge.fullstory.com/ https://script.hotjar.com/ https://prism.app-us1.com/ https://j.6sc.co https://snap.licdn.com https://diffuser-cdn.app-us1.com https://tracker.metricool.com *.usabilla.com https://cdn.metarouter.io https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://cookie-cdn.cookiepro.com/ https://cse.google.com/ https://geolocation.onetrust.com/  https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js https://www.gstatic.com https://www.clarity.ms https://cdn.optimizely.com https://*.linkedin.com https://*.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://*.vimeocdn.com https://vimeo.com https://*.clarity.ms https://*.fullstory.com https://wp-ui.app-us1.com https://personalization-wp-service.cluster.app-us1.com https://static.oktopost.com/ https://okt.to/ data:;style-src 'unsafe-inline' 'self' *.kinandcarta.com https://fonts.googleapis.com https://www.google.com/ *.cloudfront.net;font-src 'self' *.kinandcarta.com https://fonts.gstatic.com/ data:;frame-src https://www.facebook.com/ https://www.youtube.com/ https://docs.google.com/  https://player.vimeo.com/ https://omny.fm https://www.google.com/ https://vars.hotjar.com/ *.kinandcarta.com *.cdn.optimizely.com https://boards.greenhouse.io *.doubleclick.net;img-src 'self' *.kinandcarta.com https://px.ads.linkedin.com https://b.6sc.co/ https://tracker.metricool.com https://www.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.google.com/ https://www.google.co.uk/ https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com *.cloudfront.net https://*.linkedin.com https://*.doubleclick.net http://clients1.google.com/ *.usabilla.com https://files.elfsightcdn.com/ https://files.elfsight.com https://c.clarity.ms https://*.googleadservices.com https://c.bing.com https://*.fullstory.com https://cookie-cdn.cookiepro.com data:;connect-src 'self' https://cookie-cdn.cookiepro.com/ https://secure.adnxs.com/ https://secure.adnxs.com https://apps.elfsight.com/ https://*.6sense.com wss://*.hotjar.com https://e.metarouter.io/ https://in.hotjar.com https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.google.com/ https://privacyportal.cookiepro.com/request/v1/consentreceipts https://c.6sc.co/ https://boards-api.greenhouse.io/ https://vc.hotjar.io *.hotjar.com https://player.vimeo.com/ https://logx.optimizely.com https://api.usabilla.com https://*.linkedin.com https://*.doubleclick.net https://personalization-wp-service.cluster.app-us1.com https://*.clarity.ms https://*.onetrust.com https://*.optimizely.com https://*.fullstory.com https://ipv6.6sc.co/ https://cdn.linkedin.oribi.io/;worker-src 'self';media-src https://player.vimeo.com/ https://vod-progressive.akamaized.net/ https://files.elfsightcdn.com/ https://files.elfsight.com;object-src 'self';frame-ancestors 'self' https://kinandcarta.activehosted.com; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://buerokratt.hm.ee/widget_bundle.js https://search.service.vportal.ee/v1/search/hm https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/hm https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://*.hm.ee/ https://vana.hm.ee/ https://koolikaart.hm.ee/ https://vana.hm.ee/et/tasuta-kursused-0 https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee podcasters.spotify.com https://*.google.com https://dok.hm.ee/et/ https://www.google.com/maps/d/embed https://koolikaart.hm.ee/index.php https://docs.google.com/spreadsheets/d/e/2PACX-1vSOu7tLeQdP7sL3tulhQfXHYr8zQjWPZ3Y2TVFXsWWP2zfQd2dQo1RPikxpdCi_74-UUDLkVfXhRmcv/pubchart https://www.google.com/maps/embed https://docs.google.com/forms/d/e/1FAIpQLSdoON1cvPw1hb7LPQrQEzHq0sYtCwTq1DIjFI8vYlkSy94LhQ/viewform https://anchor.fm/iiris-saluri/embed/episodes/Kuhu-liigub-hariduse-tulevik-e200a2t https://podcasters.spotify.com/pod/show/haridusetulevik/embed/episodes/Riiklik-ppekava-suunab-tulevikku-e20db9e https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://ajax.cloudflare.com https://static.cloudflareinsights.com https://buerokratt.hm.ee https://tim.buerokratt.hm.ee buerokratt.edu.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://buerokratt.hm.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://tim.buerokratt.edu.ee https://buerokratt.edu.ee https://ruuter.buerokratt.edu.ee https://buerokratt.edu.ee/ https://buerokratt.hm.ee https://tim.buerokratt.hm.ee https://buerokratt.edu.ee/widget_bundle.js buerokratt.hm.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'self'; script-src * data: blob: 'unsafe-inline' 'self' 'unsafe-eval'; script-src-elem 'unsafe-inline' 'self' https://jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;img-src 'self' data:;frame-src * data: blob:; 1
default-src 'self' data: *;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.ionicframework.com blueimp.github.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.jsdelivr.net embed.tawk.to tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com ssl.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net ajax.googleapis.com snap.licdn.com *.linkedin.com cdnjs.cloudflare.com cdn.ckeditor.com static.doubleclick.net maxcdn.bootstrapcdn.com storage.trafic.ro secure.trafic.ro cdn.jsdelivr.net embed.tawk.to static.hotjar.com script.hotjar.com *.googlesyndication.com *.google.ro *.google.com *.googleadservices.com *.twitter.com *.linkedin.com tagmanager.google.com *.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com *.matomo.cloud *.mouseflow.com *.pinimg.com *.trackify.info www.youtube.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.ionicframework.com embed.tawk.to;img-src 'self' blob: data: http: https: www.google-analytics.com stats.g.doubleclick.net www.google.com maps.googleapis.com maps.gstatic.com www.google.ro *.facebook.com img.youtube.com i.ytimg.com cdn.ckeditor.com ajax.googleapis.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.alphega-farmacie.ro;frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com youtube.com youtu.be *.facebook.com *.facebook.net cdnjs.cloudflare.com cdn.ckeditor.com vars.hotjar.com googleads.g.doubleclick.net tpc.googlesyndication.com *.twitter.com bid.g.doubleclick.net club.alphega-farmacie.ro consentcdn.cookiebot.com *.pinterest.com *.issuu.com *.doubleclick.net;connect-src 'self' www.google.com *.google.com www.google.ro *.google.ro www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.facebook.com *.facebook.com *.facebook.net www.youtube.com *.youtube.com *.cloudflare.com *.tawk.to hotjar.com *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net myaccount.xptsuite.com maps.googleapis.com consentcdn.cookiebot.com *.pinterest.com *.matomo.cloud *.googleapis.com; 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'strict-dynamic' 'sha256-km7Z7Q/deuGnP1CMlC9+RCOTa0uat5E0irIAoiuErFk=' https://www.aparat.com/embed/W4lIv https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://optimize.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js 'nonce-4d88f14a328111d5bc3f2db9698ff4ec0058af9d'; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com/css https://optimize.google.com/; object-src 'none'; base-uri 'self' about:; connect-src 'self' https://www.google-analytics.com/ https://region1.analytics.google.com/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://analytics.google.com/ https://adservice.google.com/ https://stats.g.doubleclick.net/ https://audience.yektanet.com/api/v1/scripts/preview/validate/ https://ua.yektanet.com/__fake.gif; font-src 'self' data: https://fonts.gstatic.com/ https://www.google-analytics.com/ https://s3.ir-thr-at1.arvanstorage.com/fontsfsf/; frame-src 'self' https://www.aparat.com/video/video/embed/videohash/ https://chat.dongi.ir/ https://www.google.com/recaptcha/ https://optimize.google.com/ https://www.googletagmanager.com/ https://tpc.googlesyndication.com/ https://app.didar.me/customer/form/48bd7934-f7be-4ecc-a171-0e8218ed0726 https://ua.yektanet.com/cookie/iframe/ https://mc.yandex.ru/ https://td.doubleclick.net/; img-src 'self' data: blob: https://cdn.dongi.ir/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://trustseal.enamad.ir/ https://cf.ifb.ir/report/ https://analytics.google.com/ https://optimize.google.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://stats.g.doubleclick.net/ https://www.google.com/; manifest-src 'self'; media-src 'self' blob: https://cdn.dongi.ir/; worker-src 'self'; frame-ancestors 'self' https://trustseal.enamad.ir/; report-uri /base/security/csp 1
frame-ancestors 'self' manyo.co.kr *.manyo.co.kr 1
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors verdragonball.online 1
default-src 'self'; script-src 'self' www.googletagmanager.com www.googleadservices.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ appleid.cdn-apple.com analytics.tiktok.com stats.g.doubleclick.net googleads.g.doubleclick.net static.ads-twitter.com platform.iteratehq.com cdnjs.cloudflare.com/ajax/libs/snowplow/ cdn.plaid.com cdn.segment.com edge.fullstory.com api.mapbox.com tagmanager.google.com googletagmanager.com connect.facebook.net *.smooch.io *.verygoodvault.com *.airbridge.io *.gladly.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' static.visible.xyz fonts.googleapis.com tagmanager.google.com *.gladly.com 'unsafe-inline'; img-src 'self' www.google.com www.googletagmanager.com www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net/r/ static.visible.xyz t.co *.twitter.com *.gstatic.com *.walletconnect.com *.amazonaws.com *.smooch.io *.gladly.com blob: data:; connect-src 'self' https://api.rent.app/api/ gladly-production.sinter-collect.com analytics.tiktok.com analytics.google.com iteratehq.com *.auth0.com *.walletconnect.com *.mapbox.com *.segment.io *.segment.com *.browser-intake-us5-datadoghq.com *.airbridge.io *.alchemy.com *.gladly.com *.gladly.chat *.fullstory.com *.google-analytics.com *.smooch.io *.verygoodvault.com ws:; font-src 'self' static.visible.xyz fonts.gstatic.com *.gladly.com; frame-src 'self' www.google.com www.googletagmanager.com verify.walletconnect.com td.doubleclick.net id.abr.ge cdn.plaid.com withpersona.com www.google.com/recaptcha/ *.auth0.com *.verygoodvault.com; object-src 'none'; media-src *.gladly.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; worker-src blob:; block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.garden; img-src 'self' https: data: blob: https://toot.garden; style-src 'self' https://toot.garden 'nonce-1ZaAHtyANwdcajYSUI42Gw=='; media-src 'self' https: data: https://toot.garden; frame-src 'self' https:; manifest-src 'self' https://toot.garden; form-action 'self'; child-src 'self' blob: https://toot.garden; worker-src 'self' blob: https://toot.garden; connect-src 'self' data: blob: https://toot.garden https://cdn.toot.garden wss://toot.garden; script-src 'self' https://toot.garden 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/  https://unpkg.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js https://matomo.finint.com/matomo.js ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline'  https://www.google.com/recaptcha/api.js  https://www.gstatic.com/recaptcha/  https://unpkg.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js https://matomo.finint.com/matomo.js ; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css ; font-src 'self'; frame-src 'self' https://www.youtube.com https://www.google.com/ https://ita.calameo.com/ https://v.calameo.com/ https://serviziweb.finint.com/  1
script-src 'self' https://*.email-provider.nl https://piwik.swis.nl https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: https://kaart.katwijk.nl 'report-sample'; connect-src https://geodata.nationaalgeoregister.nl https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; frame-src 'self' blob: https://*.mappibyswis.nl https://*.geostart.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://kaart.katwijk.nl; img-src 'self' https://piwik.swis.nl https://service.pdok.nl https://geodata.nationaalgeoregister.nl https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; media-src 'self' https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; object-src 'self' https://youtube.com https://www.youtube.com; style-src 'self' https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: 'report-sample'; form-action 'self' https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; font-src 'self' https://fonts.gstatic.com data:; report-to csp; child-src 'self' blob:; default-src 'self'; frame-ancestors 'self' https://extra.katwijk.nl https://www.katwijk.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src 'self'; frame-ancestors 'self'; img-src *; frame-src *; font-src * data:; script-src-elem * 'unsafe-inline'; style-src-elem * 'unsafe-inline' data:; connect-src *; worker-src blob: *; style-src 'unsafe-inline' * data:; script-src 'unsafe-eval' *; 1
frame-ancestors 'self' http://www.lynxformen.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
frame-ancestors 'self' *.cnbc.com *.cnbcevents.com *.cnbccouncils.com *.acorns.com; 1
default-src 'self' https://cdn.wolterskluwer.io https://www.niedersachsen.de; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https://cdn.wolterskluwer.io https://*.wolterskluwer-online.de https://*.wk-onega.com https://www.niedersachsen.de; object-src 'none'; script-src 'self' https:; style-src 'self' 'unsafe-inline' https://cdn.wolterskluwer.io; form-action 'self' https://*.wolterskluwer.eu; report-uri https://wkd0.report-uri.com/r/d/csp/enforce 1
default-src 'self'; media-src *; frame-src *.hsforms.com *.chilipiper.com optimize.google.com *.trustpilot.com vars.hotjar.com; script-src * 'self' 'unsafe-inline'; connect-src *; font-src *; img-src * data:; style-src * 'unsafe-inline'; object-src 'none'; script-src-elem *.chilipiper.com *.hsforms.com *.hsforms.net *.jquery.com *.segment.com *.axept.io *.trustpilot.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.getdrip.com *.bing.com *.googletagmanager.com *.cloudfront.net *.doubleclick.net *.hs-scripts.com *.clarity.ms *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=1rhcughiqubbk&partner=; 1
default-src 'self';  connect-src *; font-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.recaptcha.net *.gstatic.com *.adesa.com app.five9.com openauction.prod.nw.adesa.com www.googletagmanager.com app.five9.com openauction.prod.nw.adesa.com *.cookielaw.org *.acsbapp.com acsbapp.com kit.fontawesome.com kendo.web.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.com data: gap: *.googleapis.com *.google-analytics.com *.recaptcha.net *.gstatic.com https://cdn.cookielaw.org https://acsbapp.com https://kit.fontawesome.com https://appds8093.blob.core.windows.net https://privacyportal-cdn.onetrust.com/ www.googletagmanager.com app.five9.com openauction.prod.nw.adesa.com 1
script-src 'self' 'unsafe-eval' policy.cookiereports.com c.betrad.com optout.betrad.com tagmanager.google.com ajax.googleapis.com info.evidon.com www.visainfinite.ca ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net maps.googleapis.com ds-aksb-a.akamaihd.net g.3gl.net 'unsafe-eval' 'unsafe-inline' ; object-src 'self' 1
default-src 'self';connect-src *;media-src * data: blob:;font-src * data: blob:;img-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 1
style-src 'self' 'unsafe-inline' use.typekit.net cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com optimize.google.com p.typekit.net cookiehub.net www.googletagmanager.com; img-src 'self' mautic.duo.be p.typekit.net data: www.google-analytics.com www.facebook.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net www.google.com https://www.google.be/ads/ga-audiences https://optimize.google.com/optimize/  optimize.google.com *.ads.linkedin.com https://px.ads.linkedin.com https://www.google.nl/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.de/ads/ga-audiences *.ads.linkedin.com *.fonts.gstatic.com *.googletagmanager.com *.linkedin.com *.gstatic.com *.albacross.com *.doubleclick.net; font-src 'self' *.typekit.net data: https:; connect-src 'self' mautic.duo.be www.google-analytics.com performance.typekit.net *.hotjar.com:* wss: https://matomo-test.duo.be/* https://region1.analytics.google.com/* *.google.com *.linkedin.oribi.io *.analytics.google.com *.doubleclick.net *.cookiehub.net *.hotjar.io *.doubleclick.net *.linkedin.com *.albacross.com; report-uri /report-csp-violation 1
default-src api.sarkanniemen-huvipuisto.fi calendar-api.sarkanniemen-huvipuisto.fi 'self' 'unsafe-inline' *.amazonaws.com *.amazoncognito.com *.cookiepro.com *.custobar.com *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.onetrust.com *.sarkanniemen-huvipuisto.fi *.sarkanniemi.fi *.sentry.io *.shoalpeninsula.com *.talentadore.com api.flockler.com cdn.contentful.com hello.myfonts.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com plausible.io www.google-analytics.com checkout.sarkanniemi.fi ; font-src 'self' data:; frame-src 'self' *.hotjar.com *.hotjar.io *.lyyti.fi *.meltwater.com *.panomax.com *.pressify.io *.sarkanniemi.fi *.typeform.com www.youtube.com; frame-ancestors 'none'; img-src api.sarkanniemen-huvipuisto.fi 'self' data: *.adnxs.com *.amazonaws.com *.cdninstagram.com *.cookiepro.com *.ctfassets.net *.fbcdn.net *.flockler.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io cdn.shopify.com data: facebook.com flockler.com https://*.google.com https://*.google.fi https://beacon.krxd.net https://fonts.gstatic.com https://www.google-analytics.com https://www.gstatic.com www.facebook.com www.googletagmanager.com ytimg.com; media-src *.ctfassets.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookiepro.com *.custobar.com *.facebook.net *.google.com *.hotjar.com *.hotjar.io *.onetrust.com *.sarkanniemen-huvipuisto.fi *.sarkanniemi.fi *.talentadore.com api.flockler.com cdnjs.cloudflare.com https://ssl.google-analytics.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.google-analytics.com plausible.io www.googletagmanager.com; 1
default-src 'self' ;    connect-src 'self' maps.googleapis.com stats.g.doubleclick.net vc.hotjar.com in.hotjar.com www.google-analytics.com  vc.hotjar.io m.addthis.com *.readspeaker.com *.hcaptcha.com *.google-analytics.com cdn.linkedin.oribi.io;    font-src 'self' data: fonts.gstatic.com;    frame-src 'self' optimize.google.com www.google.com vars.hotjar.com *.readspeaker.com www.facebook.com sdn.sitecore.net ping.sitecore.com player.vimeo.com frontoffice.paylogic.nl platform.twitter.com widget.guestplan.com s7.addthis.com www.ereserveren.nl app.guestplan.com newassets.hcaptcha.com www.youtube.com *.soundcloud.com *.spotify.com *.docufiller.nl;    img-src 'self' optimize.google.com www.intermetzo.nl px.ads.linkedin.com googleads.g.doubleclick.net *.google-analytics.com *.googleanalytics.com www.google.com www.google.nl *.readspeaker.com maps.gstatic.com maps.googleapis.com www.facebook.com stats.g.doubleclick.net i.vimeocdn.com abs.twimg.com pbs.twimg.com platform.twitter.com maps.google.com ton.twimg.com data:;    media-src 'self' *.readspeaker.com syndication.twitter.com;    object-src 'none';    script-src 'self' 'unsafe-inline' 'unsafe-eval' vars.hotjar.com in.hotjar.com script.hotjar.com connect.facebook.net maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net  www.google.com *.readspeaker.com www.googletagmanager.com code.jquery.com www.googleadservices.com snap.licdn.com stackpath.bootstrapcdn.com static.hotjar.com *.google-analytics.com *.googleanalytics.com optimize.google.com platform.twitter.com maxcdn.bootstrapcdn.com cdn.syndication.twimg.com ajax.googleapis.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com api-public.addthis.com maps.google.com www.gstatic.com js.hcaptcha.com fonts.gstatic.com *.googleoptimize.com blob:;    style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com *.readspeaker.com platform.twitter.com ton.twimg.com optimize.google.com 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fap.bar *.cloudflareinsights.com *.cloudflare.com *.googletagmanager.com perfectdateshere.life;  frame-src sefsdvc.com *.ajrkm.link *.jerkmate.com *.fap.bar chaturbate.com;  child-src *.youtube.com localhost fap.bar;  style-src 'self' 'unsafe-inline' *.googleapis.com onesignal.com;  font-src 'self' fonts.gstatic.com;  img-src * blob: data:;  worker-src localhost:* fap.bar blob:;  media-src *.gfycat.com *.redgifs.com *.redd.it *.imgur.com blob: fap.bar;  connect-src *;  object-src data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.berlin; img-src 'self' https: data: blob: https://mastodon.berlin; style-src 'self' https://mastodon.berlin 'nonce-XwgiSha3q8Mag66uawwesg=='; media-src 'self' https: data: https://mastodon.berlin; frame-src 'self' https:; manifest-src 'self' https://mastodon.berlin; form-action 'self'; child-src 'self' blob: https://mastodon.berlin; worker-src 'self' blob: https://mastodon.berlin; connect-src 'self' data: blob: https://mastodon.berlin https://berlin.s3proxy.de wss://mastodon.berlin; script-src 'self' https://mastodon.berlin 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' https: data:;frame-src 'self' https:;connect-src 'self' https:; 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;  font-src 'self' https://fonts.gstatic.com/ data:; img-src 'self' 'unsafe-inline' data:; 1
default-src 'self' https://*.upbatam.ac.id; style-src 'unsafe-inline' 'self' https://*.upbatam.ac.id https://www.google.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://api.jooble.org https://*.tiktokcdn.com https://*.ttwstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.upbatam.ac.id https://cdnjs.cloudflare.com https://*.google.com https://*.google.co.id https://ajax.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://api.jooble.org https://*.amazonaws.com https://www.tiktok.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.ibytedtos.com; img-src 'self' data: https://*.upbatam.ac.id https://*.google.com https://www.googleapis.com https://*.googlesyndication.com; font-src 'self' https://*.upbatam.ac.id https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https:; connect-src 'self' https://*.upbatam.ac.id https://id.jooble.org https://*.fastly.net https://*.ibytedtos.com https://*.googlesyndication.com; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; style-src 'unsafe-inline' https:;script-src 'unsafe-eval' https: 'self' blob: 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.onelya.ru *.gateline.ru *.yandex.ru; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; worker-src data: 1
script-src 'self';connect-src 'self' blob: https://ryona.agency wss://ryona.agency;media-src 'self' https: http:;img-src 'self' data: blob: https: http:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self' 1
default-src 'self'; font-src 'self' https://fonts.intercomcdn.com; img-src 'self' data: https:; frame-src 'self' https:; media-src 'self' blob: https://player.vimeo.com https://vod-progressive.akamaized.net https://js.intercomcdn.com https://*.akamaized.net https://*.vimeocdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://api-iam.intercom.io https://www.instagram.com https://connect.facebook.net https://boards.greenhouse.io https://edge.fullstory.com https://rs.fullstory.com; connect-src 'self' https://*.starlightglimmer.io https://*.glimmerdojo.io https://*.glimmer.io https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api-iam.intercom.io https://*.ibytedtos.com https://*.ingest.sentry.io https://rs.fullstory.com https://edge.fullstory.com https://player.vimeo.com https://*.akamaized.net https://*.vimeocdn.com wss://nexus-websocket-a.intercom.io; worker-src 'self' blob: 1
base-uri 'self';object-src 'self' blob:;report-uri https://docs.google.com/presentation/cspreport;script-src 'report-sample' 'nonce-x-6io37DeGe7yDDjMPNtgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ottawa.place; img-src 'self' https: data: blob: https://ottawa.place; style-src 'self' https://ottawa.place 'nonce-4PgQs5/QBGpFsqu3wUU2aw=='; media-src 'self' https: data: https://ottawa.place; frame-src 'self' https:; manifest-src 'self' https://ottawa.place; connect-src 'self' data: blob: https://ottawa.place https://assets.ottawa.place wss://ottawa.place; script-src 'self' https://ottawa.place 'wasm-unsafe-eval'; child-src 'self' blob: https://ottawa.place; worker-src 'self' blob: https://ottawa.place 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob: https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://ampcid.google.com.hk https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.abtasty.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.com.hk https://www.lookfantastic.com.hk https://checkout.lookfantastic.com.hk https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://remote.captcha.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
img-src 'self' https://f50ce8b91dd1f94c5ec2-3e285bfa4e7ff77b7136a6d2aeecab08.ssl.cf5.rackcdn.com https://www.google-analytics.com https://photos.edwardsgarment.com https://clickserv.sitescout.com https://vds.sage.net https://pixel.sitescout.com; 1
frame-ancestors 'self' https://livesale.insportline.hu 1
default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src *;object-src 'self';frame-ancestors 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-24090130abdbfd37a9f4088ff46a79a0'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src * 'unsafe-eval' 'unsafe-inline' data: 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com http://linkhelp.clients.google.com https://linkhelp.clients.google.com http://connect.facebook.net https://connect.facebook.net https://graph.facebook.com http://platform.twitter.com https://platform.twitter.com https://syndication.twitter.com http://syndication.twitter.com https://d2zah9y47r7bi2.cloudfront.net https://www.googletagmanager.com https://www.google.com http://www.gstatic.com https://static.aclj.org/ https://apm.thesmg.cloud https://aclj.org; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://static.aclj.org/ https://apm.thesmg.cloud https://fonts.googleapis.com 1
default-src 'self' *.google.com *.cookiebot.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googlesyndication.com *.hotjar.io *.hotjar.com *.licdn.com *.linkedin.com *.treedom.net *.youtube.com *.youtube-nocookie.com; font-src 'self' *.fontawesome.com *.gstatic.com data:; img-src 'self' * data:; script-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.hotjar.com *.licdn.com *.linkedin.com; style-src 'self' *.fontawesome.com *.googleapis.com *.gstatic.com *.intesigroup.com 'unsafe-inline'; base-uri 'self'; form-action 'self' *; frame-ancestors 'self'; object-src 'self'; sandbox allow-downloads allow-forms allow-modals allow-orientation-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation 1
img-src 'self' data:   maps.gstatic.com   maps.googleapis.com   *.google-analytics.com *.clarity.ms *.bing.com www.orangepippin.com www.nationalfruitcollection.org.uk *.usda.gov;                           default-src 'self'  cdn.jsdelivr.net *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.clarity.ms https://www.google.com/recaptcha/  ;                          script-src 'self' 'unsafe-inline'   cdn.jsdelivr.net ajax.aspnetcdn.com www.googletagmanager.com  *.googleapis.com *.google-analytics.com *.gstatic.com  *.clarity.ms https://www.google.com/recaptcha/api.js    ;                          style-src 'self' 'unsafe-inline' cdn.jsdelivr.net ajax.aspnetcdn.com *.googleapis.com  ; 1
upgrade-insecure-requests ;default-src 'none';object-src 'none';base-uri 'none';script-src https: 'nonce-22e5c5f582114149353a1e50de38f54a' 'strict-dynamic';connect-src https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com  *.sumologic.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://api.pwnedpasswords.com 'self';img-src https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://*.ytimg.com data: 'self';frame-src https://www.youtube.com https://youtube.com;media-src https://beacon-v2.helpscout.net 'self';form-action 'self';font-src 'self' https: data:;frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 1
default-src 'none'; object-src 'none'; script-src-attr 'self'; script-src omega365.com/nt/api/scripts/ omega365.com/scripts/ omega365.com/nt/scripts/ omega365.com/service-worker/dependencies/ omega365.com/nt/service-worker/dependencies/ omega365.com/lib/ omega365.com/nt/lib/ 'unsafe-eval' 'wasm-unsafe-eval' blob: https://cdn.omega365.com/libs/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'self' 'unsafe-inline' https:; img-src 'self' https://cdn.omega365.com/libs/ https://*.tile.openstreetmap.org/ blob: data: https://*.omega365.com https:; style-src 'unsafe-inline' 'self' https://cdn.omega365.com/libs/ https://fonts.googleapis.com https:; font-src 'self' data: https://cdn.omega365.com/libs/ https://fonts.googleapis.com https://fonts.gstatic.com https:; form-action 'self' https://login.microsoftonline.com https://*.officeapps.live.com https://dev-test.omega365.com; connect-src https://omega365nodeserviceapp.azurewebsites.net 'self' https://cdn.omega365.com/libs/ https://dc.services.visualstudio.com data: blob: https:; frame-src 'self' blob: https://omega.omega365.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https:; frame-ancestors 'self' https://*.omega365.com; media-src 'self' blob:; base-uri 'self'; child-src 'self'; worker-src 'self' blob:; manifest-src 'self';  1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; script-src 'self' www.googletagmanager.com *.google-analytics.com 'unsafe-eval' https://*.googleapis.com *.typekit.net 'nonce-lUoPEJ4eJ/O/6xyTzOSZww=='; img-src 'self' data: i.ytimg.com i.vimeocdn.com *.cyblog.nl www.googletagmanager.com *.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com *.google.com; connect-src 'self' *.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: performance.typekit.net; base-uri 'self'; font-src 'self' fonts.gstatic.com *.typekit.net; 1
form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'unsafe-eval' https://devirtra.pushandpulltm.com/ 'sha256-nPUb08eVGD0u2SIaHjgt2ZhS+Xr3IyqFc5vkhBO+t6E=' 'sha256-3besV2ic6ZgJHzkbTmficYcQoeJJX1HW8YYaHeGvTr0=' 'sha256-epx0rb7YNqxdavFLi19EcpKFYzi2XAUwNabVKCPv98g=' 'sha256-f4yO48mjAF/H/c27l5NtcQf1b0+XxL2NFLz8Bv/TM+A=' 'sha256-jaz1TDnYTs/WsGBrcxAZFkZutGu8I0yLFmOEGoNchZw=' 'sha256-eLsBlHIRcv9uXXCHWe+/1YvepFUVgActPEcLVhBKGlE=' 'sha256-HU+vB3fUJCe7jxNufYala1TMX4Jye7vjXGMwVoDpuJ8=' 'sha256-KX6yxSdlLRAL2Lg1rtEIYrCIYffhZbFFtiF7tN3hALE=' 'sha256-cwP2ihpnfGr1qFzYmQwE6uL3hqhEHPiNDIKKGC/IC7s=' 'sha256-clCRIP4MpfqBcndvwU6LljUC4NVq5APxNySH48Ahc44=' 'sha256-TfnO/YWhXHuKkH+3x9G+E2h98MIvIkRollxBsmAHwtc=' 'sha256-wrqlGI4AtSGlZ0UWkboIR6Uj7fjxI9kvccHVezSH/js=' 'sha256-Yn1aoMmFqEK0sEhjvxY7JWWdEYxI7PE1r1AEczACX3Y=' 'sha256-46+K8g+ryvmpJJ4R5VpSNmnBp3ho4k5310emkrMNacA=' 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' https://www.gstatic.com  https://www.google-analytics.com 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' 'self' https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://pagead2.googlesyndication.com https://gist.github.com https://web.archive.org https://www.w3counter.com https://ajax.googleapis.com https://google-code-prettify.googlecode.com https://cdn.jsdelivr.net https://www.google.com;  img-src https://www.google-analytics.com https://instagram.fgua5-1.fna.fbcdn.net/ https://instagram.fgua3-1.fna.fbcdn.net/ https://instagram.fgua3-2.fna.fbcdn.net/ 'self' blob: https://seal.beyondsecurity.com https://scontent-iad3-1.cdninstagram.com https://secure.gravatar.com; 1
block-all-mixed-content; default-src https: 'self'; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com/ https://maps.googleapis.com/* https://maps.google.com/* https://www.googletagmanager.com https://submit.jotform.com http://www.youtube.com https://www.google.com https://www.google.com/recaptcha https://www.gstatic.com https://www.google-analytics.com https://region1.analytics.google.com https://www.youtube.com https://www.youtube.com/api https://login.microsoftonline.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://privacyportal-eu.onetrust.com https://www.youtube-nocookie.com; style-src 'report-sample' 'unsafe-inline' 'self'; connect-src 'self' data: https://ws-sharepoint-acteon.azurewebsites.net https://cdn.cookielaw.org https://graphql.contentful.com https://www.google-analytics.com https://region1.analytics.google.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://maps.googleapis.com; frame-src 'self' https://form.jotform.com https://submit.jotform.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com *.googleapis.com/ https://maps.googleapis.com/* https://maps.google.com/* ; worker-src 'none'; object-src 'none'; manifest-src 'self'; media-src 'self' https://www2.cs.uic.edu https://assets.ctfassets.net ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ps.w.org stats.wp.com pixel.wp.com maps.googleapis.com s0.wp.com assets.gumroad.com  s1.wp.com www.youtube.com yt3.ggpht.com www.google.com c0.wp.com i0.wp.com i1.wp.com i2.wp.com www.googletagmanager.com pixel.wp.com stats.g.doubleclick.net googleads.g.doubleclick.net i.ytimg.com www.gstatic.com ajax.googleapis.com apps.appmachine.com cdnjs.cloudflare.com ssl.google-analytics.com stats.g.doubleclick.net stats.wp.com www.google-analytics.com static.doubleclick.net; object-src 'self' admin.ipsc.org yt3.ggpht.com www.google.com c0.wp.com i0.wp.com i1.wp.com i2.wp.com www.googletagmanager.com pixel.wp.com stats.g.doubleclick.net googleads.g.doubleclick.net i.ytimg.com; style-src 'self' 'unsafe-inline' http://yui.yahooapis.com s0.wp.com maxcdn.bootstrapcdn.com www.youtube.com fonts.googleapis.com c0.wp.com; img-src 'self' data: ps.w.org secure.gravatar.com https://www.ipsc.org  https://ssl.google-analytics.com www.google-analytics.com ipscworld.org yt3.ggpht.com www.google.com c0.wp.com i0.wp.com i1.wp.com i2.wp.com www.googletagmanager.com pixel.wp.com stats.g.doubleclick.net googleads.g.doubleclick.net i.ytimg.com; media-src 'self' www.youtube.com yt3.ggpht.com www.google.com c0.wp.com i0.wp.com i1.wp.com i2.wp.com www.googletagmanager.com pixel.wp.com stats.g.doubleclick.net googleads.g.doubleclick.net i.ytimg.com; frame-src 'self' widgets.wp.com www.google.com legacy.ipsc.org www.youtube.com; font-src 'self' data: maxcdn.bootstrapcdn.com s0.wp.com fonts.googleapi3.com fonts.googleapis.com fonts.gstatic.com yt3.ggpht.com www.google.com c0.wp.com i0.wp.com i1.wp.com i2.wp.com www.googletagmanager.com pixel.wp.com stats.g.doubleclick.net googleads.g.doubleclick.net i.ytimg.com; connect-src 'self' admin.ipsc.org www.elegantthemes.com www.google-analytics.com stats.g.doubleclick.net;frame-ancestors 'self' www.ipsc.org admin.ipsc.org legacy.ipsc.org; 1
script-src 'self' 'unsafe-inline' tracking.g2crowd.com tag.clearbitscripts.com x.clearbitjs.com app.factors.ai *.intercom.io *.fullstory.com js.intercomcdn.com js.hscta.net cdn.segment.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.hs-analytics.net *.hubspot.com *.hs-banner.com *.hs-scripts.com; object-src 'none'; report-uri https://upflow.uriports.com/reports/report; report-to csp-report 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-TmKbglrzE7aZbQCRg9eS8Ute3deZiEkvv14ozVBlCDsbt9Ku' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com www.googletagmanager.com; frame-src 'none' widget.changelly.com www.google.com www.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: ik.imagekit.io chart.googleapis.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' fonts.gstatic.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; 1
object-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors http://webvisor.com; report-uri https://sentry.io/api/1058067/security/?sentry_key=acc2a500d4814a2badc04a2884f98093 1
frame-ancestors https://demoshop.hepster-services.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.vimeocdn.com *.youtube.com; connect-src 'self' *.craftcms.com *.presscloud.com *.google-analytics.com *.doubleclick.net; media-src 'self' *.vimeo.com *.akamaized.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.typekit.net; img-src 'self' *.imgix.net *.google-analytics.com *.googletagmanager.com *.ytimg.com *.craft-cdn.com data:; frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com; font-src 'self' *.googleapis.com *.gstatic.com *.typekit.net data:; 1
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src *; connect-src *; frame-src * 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.mt *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.aplay.mt; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.mt https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.aplay.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-sL3mP4j2aTEJpV8mIjD0u1qZvok7nZStO+5k0ssqqxA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.aplay.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://aplay.mt/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 1
font-src *.easypack24.net *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com facebook.net *.dotpay.pl *.facebook.com *.przelewy24.pl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.doubleclick.net opineo.pl *.opineo.pl *.dotpay.pl 'unsafe-inline' data: *.addtoany.com *.buybox.click *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cdninstagram.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.google.com *.google.pl google.com google.pl googletagmanager.com *.doubleclick.net *.google-analytics.com *.criteo.com *.criteo.net https: data: *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl self blob: https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net unpkg.com *.mapbox.com *.jsdelivr.net furgonetka.pl *.openstreetmap.org *.inpost.pl *.doubleclick.net *.criteo.com *.criteo.net *.cloudflareinsights.com *.wp.pl *.clickonometrics.pl *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.facebook.net *.facebook.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.hotjar.com *.payu.com *.clarity.ms *.retargeted.co *.trackmytarget.com *.publitas.com trustmate.io *.tmtarget.com *.wedare.pl *.belboon.com *.cnt.my *.bannercrowd.net *.avada.io *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.easypack24.net *.openstreetmap.org *.cloudflare.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.googletagmanager.com trustmate.io cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net *.openstreetmap.org *.google-analytics.com *.inpost.pl *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.google.pl *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.clarity.ms *.hotjar.com *.hotjar.io *.retargeted.co *.amazonaws.com *.cloudfront.net *.saleago.com *.wedare.pl wss://chat02.salesmanago.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' piwik.roosendaal.nl 1
default-src 'self' data: blob: *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com widget.intercom.io/widget/ cdnjs.cloudflare.com/ajax/libs/handlebars.js/ cdnjs.cloudflare.com/ajax/libs/jquery/ cdnjs.cloudflare.com/ajax/libs/jsoneditor/ cdnjs.cloudflare.com/ajax/libs/vis/ cdnjs.cloudflare.com/ajax/libs/modernizr/ cdnjs.cloudflare.com/ajax/libs/webshim/ cdnjs.cloudflare.com/ajax/libs/jstree/ js.intercomcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' data: blob: www.google-analytics.com cdnjs.cloudflare.com/ajax/libs/handlebars.js/ cdnjs.cloudflare.com/ajax/libs/jquery/ cdnjs.cloudflare.com/ajax/libs/jsoneditor/ cdnjs.cloudflare.com/ajax/libs/vis/ cdnjs.cloudflare.com/ajax/libs/modernizr/ cdnjs.cloudflare.com/ajax/libs/webshim/ cdnjs.cloudflare.com/ajax/libs/jstree/ js.intercomcdn.com downloads.intercomcdn.com static.intercomassets.com; font-src 'self' data: js.intercomcdn.com/fonts/ fonts.gstatic.com; child-src www.youtube.com/; connect-src 'self' *.intercom.io wss://*.intercom.io/ *.tui-destimo.com; frame-ancestors 'self' https://portal.tuipartners.com/ https://group.tui-destimo.com/; 1
default-src * 'self'; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src https://www.google.com https://nexus.ensighten.com https://nexus-test.ensighten.com  https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline';  object-src * 'self'; img-src * 'self' data:;connect-src * 'self';  frame-src * 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://fivem.impulse99.com/logs/ https://fivem.impulse99.com/sidekiq/ https://fivem.impulse99.com/mini-profiler-resources/ https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/extra-locales/ https://fivem.impulse99.com/highlight-js/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/ https://fivem.impulse99.com/theme-javascripts/ https://fivem.impulse99.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
connect-src 'self' https://webmetrics.kisterscloud.de https://apikeys.civiccomputing.com; default-src 'self'; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' https://img.youtube.com data:; media-src 'self' https://www.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webmetrics.kisterscloud.de https://cc.cdn.civiccomputing.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://mitarbeiterapp.kisters.de; 1
frame-ancestors https://*.avisworld.com https://*.rent-at-avis.com 1
default-src 'self' 'unsafe-inline' https://acsbapp.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob:  https://streetviewpixels-pa.googleapis.com https://lh3.ggpht.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.google-analytics.com https://whoson.alfapolicy.com:444 https://usage.trackjs.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; script-src 'self' https://acsbapp.com https://www.google-analytics.com https://www.googleapis.com https://cdn.trackjs.com https://eapi.trexis.com https://portalone.processonepayments.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://eapi.trexis.com https://portalone.processonepayments.com https://cdn.acsbapp.com https://capture.trackjs.com https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://portalone.processonepayments.com https://pronto.alfapolicy.com; object-src 'none'; base-uri 'self'; 1
child-src 'self' https://www.youtube.com https://disqus.com; connect-src *; default-src 'self'; img-src 'self' https://ws-na.amazon-adsystem.com https://ir-na.amazon-adsystem.com https://www.google-analytics.com data: blob: https://referrer.disqus.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; media-src 'self' blob:; manifest-src 'self'; script-src 'self' 'nonce-64cfb847-b4aa-4715-a383-a10198a8958e' 'unsafe-inline' https://cdn.polyfill.io https://www.google-analytics.com https://ainoobcom.disqus.com https://appsforoffice.microsoft.com https://ajax.aspnetcdn.com data:; style-src 'self' 'unsafe-inline' blob: https://cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css https://fonts.googleapis.com https://c.disquscdn.com 1
frame-ancestors 'self' https://newapp.etracker.com/ 1
default-src data: http: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src *.formstack.com *.unityclient.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com *.valleycom.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com billing.valleycom.com 'unsafe-inline' s3.amazonaws.com elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-0dc7944fdd731d2a70f2306860b09a29'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src http: https: 'unsafe-inline' www.trikart.com; style-src 'self' blob: https: 'unsafe-inline' www.trikart.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net; img-src 'self' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://hello.myfonts.net; frame-src 'self' https://login.donjohnston.net https://payment.donjohnston.net;connect-src 'self' wss://quizbot.com; 1
default-src 'self' localhost https data: blob: *;connect-src 'self' localhost https data: blob: *;style-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;script-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;img-src 'self' localhost https data: blob: *;media-src 'self' localhost https data: blob: *;worker-src 'unsafe-inline' 'unsafe-eval' 'self' localhost https data: blob: *;frame-ancestors https://app.crystallize.com https://app-dev.crystallize.digital 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com contents.api.visumo.jp www.visumo.jp zoliqfue6j.execute-api.ap-northeast-1.amazonaws.com static-fe.payments-amazon.com api-sandbox.amazon.co.jp mws.amazonservices.jp payments-amazon.com pt01.mul-pay.jp stg.static.mul-pay.jp fraud-buster.appspot.com d.rcmd.jp origin-na.ssl-images-amazon.com payments-jp-sandbox.amazon.com apac.account.amazon.com www.instagram.com video.visumo.jp fonts.googleapis.com stats.g.doubleclick.net dpolc4ci3j.execute-api.ap-northeast-1.amazonaws.com fonts.gstatic.com assets.pinterest.com platform.twitter.com connect.facebook.net d.line-scdn.net log.pinterest.com checkout-api.worldshopping.jp cdn.mouseflow.com o2.mouseflow.com www.youtube.com *.worldshopping.jp *.worldshopping.global *.worldshopping.biz *.visumo.io hacobune-contents-api-prod.azure-api.net amp.azure.net *.streaming.media.azure.net dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com *.in.applicationinsights.azure.com masvcuploadprod02storage.blob.core.windows.net masvc-prod02-function-outside-accesslog.azurewebsites.net d.rcmd.jp;img-src 'self' data: *.visumo.jp *.visumo.io *.partsclub.jp partsclub.jp www.google-analytics.com masvc-prod02-function-outside-accesslog.azurewebsites.net d.rcmd.jp *.worldshopping.jp *.worldshopping.global *.worldshopping.biz 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.uy; img-src 'self' https: data: blob: https://mastodon.uy; style-src 'self' https://mastodon.uy 'nonce-bNLzgzDtRbp3S+1zw/QIBg=='; media-src 'self' https: data: https://mastodon.uy; frame-src 'self' https:; manifest-src 'self' https://mastodon.uy; form-action 'self'; child-src 'self' blob: https://mastodon.uy; worker-src 'self' blob: https://mastodon.uy; connect-src 'self' data: blob: https://mastodon.uy https://mastodon.uy wss://mastodon.uy; script-src 'self' https://mastodon.uy 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://www.philips.cl *.philips.com *.philips.cl https://philipsigtdpv.com 1
default-src 'self';       style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudflare.com *.cloudfront.net *.helpscout.net webforms.pipedrive.com *.pipedriveassets.com *.lfeeder.com;       font-src 'self' data: fonts.gstatic.com *.cloudflare.com;        img-src 'self' www.google-analytics.com *.lfeeder.com;        connect-src *.cloudfront.net *.google-analytics.com;       media-src 'self' scormfly.blob.core.windows.net;       frame-src www.google.com maps.google.com www.youtube.com scormfly.blob.core.windows.net webforms.pipedrive.com 1
frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 1
default-src  'self' 'unsafe-inline'; font-src data: 'self'; child-src  'self'; connect-src https://translate.googleapis.com https://www.google-analytics.com/ https://*.readspeaker.com/ https://*.google-analytics.com/ 'self'; frame-src https://www.youtube.com/ 'self'; frame-ancestors  'self'; img-src https://translate.googleapis.com https://www.google.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com/ 'self' data:; media-src  'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://www.gstatic.com https://translate.googleapis.com https://*.readspeaker.com/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
frame-ancestors 'self' https://monitor.ngblunetworks.nl; 1
img-src * 'self' data: https:; default-src https: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'self' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors https://myprofile.trimble.com https://stage.myprofile.trimblecloud.com https://myprofile-pt.dev.id.trimblecloud.com https://myprofile-qa.dev.id.trimblecloud.com https://myprofile-qa1.dev.id.trimblecloud.com https://dxdev.my.trimblecloud.com https://dxqa.my.trimblecloud.com https://mytdev.my.trimblecloud.com https://mtqa.my.trimblecloud.com https://dev.my.trimblecloud.com https://sit.my.trimblecloud.com https://uat.my.trimblecloud.com https://my.trimble.com 1
frame-ancestors https://www.sbmania.net https://sbmania.net 1
frame-ancestors 'self' https://firstflight.today; 1
frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 1
frame-ancestors 'self' https://www.clevertouchlive.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ;frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://insight.adsrvr.org/ *.livechatinc.com/ https://www.google.com  *.doubleclick.net/ https://txuenergy.tt.omtrdc.net/ https://match.adsrvr.org/ https://txu.demdex.net/;img-src 'self' https://www.google.com/pagead/ https://txu.sc.omtrdc.net/ https://p.adsymptotic.com/  https://px.ads.linkedin.com/  *.googletagmanager.com *.facebook.com data: https://www.google.co.in/pagead/ https://cm.everesttech.net/ https://px4.ads.linkedin.com/ https://dpm.demdex.net/;style-src 'self' 'unsafe-inline' ;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com ;font-src 'self' 'unsafe-inline' use.fontawesome.com fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;;connect-src 'self' 'unsafe-inline' *.ipify.org *.cloudfront.net *.google-analytics.com *.sessioncam.com *.tt.omtrdc.net https://ipapi.co report.txu.gbqofs.io api.livechatinc.com txu.sc.omtrdc.net *.doubleclick.net/ https://pagead2.googlesyndication.com/ https://c2001.report.gbss.io/ https://px.ads.linkedin.com/wa/ https://dpm.demdex.net/;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudfront.net;script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com apis.google.com www.googletagmanager.com connect.facebook.net www.facebook.com *.google-analytics.com *.cloudfront.net https://snap.licdn.com/  https://js.adsrvr.org/  assets.adobedtm.com *.livechatinc.com *.cloudfront.net cdn2.gbqofs.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.doubleclick.net/ https://txuenergy.tt.omtrdc.net/;worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.icpas.org https://servedbyadbutler.com https://www.votervoice.net https://tracking.magnetmail.net cdnjs.cloudflare.com https://kendo.cdn.telerik.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.googleadservices.com *.doubleclick.net ajax.cloudflare.com static.cloudflareinsights.com https://www.clarity.ms; style-src 'self' 'unsafe-inline' *.icpas.org maxcdn.bootstrapcdn.com cdnjs.cloudflare.com https://fast.fonts.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' *.icpas.org *.cloudfront.net https://servedbyadbutler.com https://addthisevent.com https://www.addevent.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.com https://c.clarity.ms https://c.bing.com https://*.vimeocdn.com; font-src 'self' https://fast.fonts.net https://maxcdn.bootstrapcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://analytics.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.doubleclick.net cloudflareinsights.com https://*.clarity.ms; media-src 'self' data: blob:; child-src 'self' *.google.com https://www.votervoice.net https://html5-player.libsyn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.doubleclick.net https://www.zeitverschiebung.net https://free.timeanddate.com; 1
frame-ancestors 'self' https://*.sprutcam.com 1
default-src 'self'; object-src 'none'; font-src 'self' data: static.criteo.net; style-src 'self' 'unsafe-inline' *.bing.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud www.googletagmanager.com tagmanager.google.com; child-src *.criteo.com *.criteo.net www.googletagmanager.com *.facebook.com connect.facebook.net; media-src static.criteo.net; img-src * data: https://www.bing.com https://*.virtualearth.net https://*.gstatic.com www.googletagmanager.com; frame-src 'self' consentcdn.cookiebot.com *.criteo.com *.criteo.net https://*.lidl-reisen.de https://*.lidl-reisen.at https://www.googletagmanager.com https://211554000000.ferienwohnung-be.de https://lidlreisen.animod.de https://partner.singlereisen.de https://form.lidl.com https://wlv.kreuzfahrt-be.de https://lidl.snowtrex.de https://lidl.snowtrex.at https://*.traffics-ibe.com *.facebook.com connect.facebook.net https://review-service.holidaycheck.com https://review.holidaycheck.com https://www.intersportrent.com; form-action *.facebook.com connect.facebook.net; connect-src 'self' https://storage.googleapis.com https://www.google.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://*.mvp2prd.sit.sys.odj.cloud *.bing.com https://*.virtualearth.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com *.facebook.com connect.facebook.net consentcdn.cookiebot.com *.criteo.com *.criteo.net *.googlesyndication.com https://clouderrorreporting.googleapis.com https://endpoints.lidl-flyer.com https://eum-blue-saas.instana.io https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.bing.com https://r.bing.com https://*.virtualearth.net https://*.cookiebot.com https://*.lidl-reisen.de https://*.lidl-reisen.at https://*.lidl-reisen.ch https://*.lidl-voyages.ch https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.kameleoon.eu https://*.kameleoon.com https://lidlreisen.animod.de https://211554000000.ferienwohnung-be.de https://www.snowtrex.de https://*.criteo.com https://static.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.dwin1.com https://clouderrorreporting.googleapis.com https://*.bd4travel.com https://eum.instana.io https://survey.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.de *.instana.io *.googleadservices.com 1
default-src https: data: https://api.convergepay.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.pusher.com https://*.cybernet.us http://*.cybernet.us https://*.fedex.com 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-gOVN5bi8Ae3bl/cp26gZig=='; 1
object-src 'none'; child-src https: data: blob:; script-src 'self' *.allcomponent.org *.betgames.tv *.google.com *.snippet.antillephone.com *.paygiga.com netent-static.casinomodule.com *.livechatinc.com *.liveperson.net *.lpsnmedia.net *.aitcloud.de *.akamaized.net *.betradar.com *.gstatic.com cdnstatic.thstatic.com  games.spigo.com google-analytics.com virtual.golden-race.net 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-VSy-PnXgnbGkzj1a7ZAHmQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ZklZxOD77lsXsoQcfzlGA55sx1uAj3rE9JyEYDWdev+lq1xk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' wss://ws.hotjar.com *.hotjar.io https://lottie.host *.infinity-tracking.net *.infinity-tracking.com *.lottiefiles.com *.lottie.host *.shoosmiths.com *.shoosmiths.co.uk *.mimecast.com https://unpkg.com *.youtube-nocookie.com *.perfectportal.co.uk *.podbean.com *.cloudflare.com *.juicer.io *.gstatic.com *.cloudflareinsights.com *.onetrust.com *.cookielaw.org *.googletagmanager.com *.google.com *.polyfill.io *.unpkg.com *.passle.net *.typekit.net *.yoshki.com *.vuture.net *.twimg.com *.youtube.com *.google-analytics.com *.hotjar.com *.trustpilot.com *.responsetap.com *.googleapis.com *.appspot.com *.doubleclick.net *.facebook.net *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.infinity-tracking.net *.infinity-tracking.com *.lottiefiles.com *.lottie.host *.youtube.com *.mimecast.com *.unpkg.com https://unpkg.com *.youtube-nocookie.com *.perfectportal.co.uk *.podbean.com *.cloudflare.com *.juicer.io *.cloudflareinsights.com *.facebook.com *.facebook.net *.doubleclick.net *.appspot.com *.googleapis.com *.responsetap.com *.trustpilot.com *.hotjar.com *.google-analytics.com *.google.com *.cookielaw.org *.googletagmanager.com *.polyfill.io; img-src * 'self' data: blob:; frame-ancestors 'self' *.shoosmiths.com *.shoosmiths.co.uk *.ratiopartners.co.uk 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mathjax.rstudio.com server.arcgisonline.com unpkg.com region1.google-analytics.com youtu.be youtube.com ws.hotjar.com region1.analytics.google.com content.hotjar.io planetarysecurityinitiative.org placehold.co p.typekit.net use.typekit.net embed.kumu.io w.soundcloud.com open.spotify.com docs.google.com wss://ws14.hotjar.com syndication.twitter.com ton.twimg.com abs.twimg.com pbs.twimg.com cdn.syndication.twimg.com platform.twitter.com twitter.com surveylegend.com datawrapper.dwcdn.net dwcdn.net www.canva.com piktochart.com *.piktochart.com www.surveylegend.com www.google.com www.gstatic.com cdn.jsdelivr.net static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io maps.gstatic.com spectator.clingendael.org www.clingendael.org maps.googleapis.com www.google.nl https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://static.addtoany.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://fresnel.vimeocdn.com data: https://www.youtube.com https://localfocuswidgets.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-EFZUH1fUrWFEj/ukgxfFhQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://blacktwitter.io; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
frame-ancestors 'self' http://www.philips.lt *.philips.com *.philips.lt https://philipsigtdpv.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';               img-src 'self' data: https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.metro-advertising.de *.metro-advertising.com *.metro-advertising.pl *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl *.metro-gsc.com px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com cdn.euc-freshbots.ai https://www.googletagmanager.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com cdn.euc-freshbots.ai;        font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de maxcdn.bootstrapcdn.com;        frame-src 'self' *.facebook.com www.youtube.com player.admiralcloud.com *.walls.io plugins.flockler.com charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com t.email.metro.de feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de;        upgrade-insecure-requests;               block-all-mixed-content;        script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com  maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com  mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com cdn.euc-freshbots.ai stats.pusher.com;        connect-src 'self' *.google-analytics.com *.qualtrics.com *.twitter.com *.facebook.com bscmiagbot.metro.de www.euc-freshbots.ai wss://rts-euc.freshworksapi.com wss://ws-mt1.pusher.com cdn.euc-freshbots.ai rts-euc.freshworksapi.com sockjs-mt1.pusher.com 1634.global.siteimproveanalytics.io;        frame-ancestors 'self';                   worker-src blob:;        media-src 'self' data:; 1
default-src *;style-src 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'self'; child-src 'unsafe-inline' https://*.cnetcontent.com https://*.google.com ; frame-ancestors 'self'; base-uri 'none'; font-src * data:;img-src * 'self' data: https: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://snap.licdn.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://cxm.merklecxm.ch https://pi.pardot.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://web-sdk.smartlook.com https://js-agent.newrelic.com https://bam.nr-data.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' data: https://www.google-analytics.com https://ssl.gstatic.com https://*.linkedin.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://www.google.ch https://www.facebook.com https://www.google.de https://www.merkle.com https://cdn.cookielaw.org https://www.kununu.com; media-src 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.youtu.be https://www.googletagmanager.com https://www.google.com https://*.fls.doubleclick.net https://www.facebook.com; frame-ancestors 'self' https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://*.impieghi.ch https://*.stellenmarkt.ch; child-src 'self'; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://*.g.doubleclick.net https://*.uc.r.appspot.com https://*.smartlook.cloud https://bam.nr-data.net https://region1.google-analytics.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://www.facebook.com 1
default-src 'self' 'unsafe-inline' blob: data: cibccm.imgix.net manager.cibccm.com search.cibccm.com s3.amazonaws.com image.simplecastcdn.com player.simplecast.com amp.azure.net 44625.tctm.co cdn.polyfill.io plausible.io *.wordpress.com www.googletagmanager.com www.google-analytics.com www.youtube.com i.ytimg.com *.doubleclick.net googleads.g.doubleclick.net cdn.plyr.io video.smith.queensu.ca www.recaptcha.net *.gstatic.com social.networks; frame-ancestors 'self' social.networks; form-action 'self' 1
frame-ancestors 'self';default-src https://*.gruveo.com https://d1qd69efteardb.cloudfront.net https://d1lrv5l6vlxj1g.cloudfront.net;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com https://d1qd69efteardb.cloudfront.net https://d1lrv5l6vlxj1g.cloudfront.net https://www.youtube-nocookie.com https://accounts.google.com https://apis.google.com https://*.gruveo.com;img-src 'self' data: blob: https://s3.amazonaws.com https://cdn.paddle.com https://gruveo-api.s3.amazonaws.com https://gruveo-dev.s3.amazonaws.com https://d1qd69efteardb.cloudfront.net https://d1lrv5l6vlxj1g.cloudfront.net https://*.dl.dropboxusercontent.com https://*.googleusercontent.com https://www.google.com;connect-src 'self' blob: https://*.gruveo.com wss://sig.gruveo.com wss://sig-dev.gruveo.com https://localhost:8083 https://stats.g.doubleclick.net;media-src data: https://*.googleusercontent.com https://*.gruveo.com https://*.dl.dropboxusercontent.com https://gruveo-api.s3.amazonaws.com https://gruveo-dev.s3.amazonaws.com https://drive.google.com https://d1qd69efteardb.cloudfront.net https://d1lrv5l6vlxj1g.cloudfront.net;worker-src 'self' blob: data: https://drive.google.com https://*.gruveo.com;frame-src https://*.gruveo.com https://buy.paddle.com https://docs.google.com https://www.youtube-nocookie.com https://subscription-management.paddle.com https://gruveo-api.s3.amazonaws.com https://*.dl.dropboxusercontent.com https://drive.google.com https://*.googleusercontent.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' data: https://www.fasad.eu https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1
upgrade-insecure-requests;style-src 'self' 'nonce-FiXabNser0RGI-p';font-src 'self';script-src 'self' 'nonce-FiXabNser0RGI-p' ;connect-src 'self' https://seafoam.space wss://seafoam.space;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self' https://disqus.com/ https://*.disquscdn.com 'unsafe-eval';img-src * data: 'unsafe-eval';style-src 'unsafe-inline'  *.typekit.net;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.driftt.com https://*.disqus.com https://*.disquscdn.com https://*.twitter.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.washingtonfrank.com *.nigelfrank.com *.frgconsulting.com https://*.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io http://www.googleadservices.com https://connect.facebook.net http://static.ads-twitter.com https://googleads.g.doubleclick.net *.google.com *.hotjar.com http://*.6sc.co https://jscloud.net/x/11306/inlinks.js https://jscloud.net/x/11310/inlinks.js https://jscloud.net/lze/11308/inlinks.js https://jscloud.net/x/11309/inlinks.js https://jscloud.net/x/11289/inlinks.js https://jscloud.net/lze/11311/inlinks.js https://jscloud.net/x/11307/inlinks.js *.reactful.com http://widget.trustpilot.com blob:;frame-src https://*.driftt.com https://disqus.com https://*.twitter.com https://*.youtube.com  https://*.youtube-nocookie.com/ https://*.vimeo.com https://*.instagram.com https://*.googleapis.com https://*.gstatic.com https://*.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://www.facebook.com https://vars.hotjar.com *.reactful.com https://widget.trustpilot.com;connect-src 'self' https://*.amazonaws.com https://*.amazoncognito.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://*.disqus.com *.facebook.com http://*.6sc.co http://ib.adnxs.com/getuidj https://epsilon.6sense.com http://secure.adnxs.com/getuidj http://visitor.reactful.com https://visitor.reactful.com https://jscloud.net/x/11306/ https://jscloud.net/x/11310/ https://jscloud.net/x/11309/ https://jscloud.net/x/11289/ https://jscloud.net/x/11307/ https://*.doubleclick.net *.hotjar.com *.hotjar.io *.hotjar.is *.reactful.com *.google-analytics.com *.analytics.google.com 1
script-src 'self' 'unsafe-inline' loyserv.com www.loyserv.com 1
default-src * 'unsafe-inline' 'self';form-action * 'self' *.facebook.com connect.facebook.net;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://code.jquery.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://m.youtube.com https://tagmanager.google.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://www.infoniqa.com/* https://pips.taboola.com/ https://cds.taboola.com/ https://www.google.ch/ https://trc.taboola.com/ https://code.jquery.com/ https://www.google.com/ https://cdn.taboola.com/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://www.provenexpert.com/ https://www.gstatic.com/ https://www.googleoptimize.com/ https://www.google-analytics.com/ https://consentcdn.cookiebot.com https://consent.cookiebot.com https://googletagmanager.com https://m.youtube.com https://tagmanager.google.com https://www.youtube.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' code.jquery.com tagmanager.google.com www.googletagmanager.com tagmanager.google.com www.googletagmanager.com http://www.googletagmanager.com https://www.provenexpert.com/;object-src 'none';frame-src * 'self' *.facebook.com connect.facebook.net www.youtube.com www.googletagmanager.com *.youtube.com analytics-eu.clickdimensions.com https://tsdtocl.com/ consentcdn.cookiebot.com www.youtube-nocookie.com www.googletagmanager.com https://www.google.com/;child-src 'self' www.youtube.com www.googletagmanager.com;img-src * data: * *.ytimg.com *.youtube.com www.googletagmanager.com https://www.google.com/ https://px.ads.linkedin.com/ https://www.google.ch/ ;font-src 'self' data:;connect-src *;manifest-src 'self';base-uri * 'self';media-src 'self';worker-src 'self' https://www.infoniqa.com *; 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; default-src 'self'; script-src 'self' https://*.obi4wan.com *.readspeaker.com/ *.google-analytics.com/ https://cdn.talkjs.com/talk.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'sha256-q2v0Do3f3CzSjmdsamWQbyw8M4ilUdXTCkZkB+HJV5I=' 'sha256-oX0THPp0VFn46JJAwjEQYE6+erqPA2MVnz4XfQXeS0M=' 'sha256-lCXVtyWsZ5bYWo8fU1ZoBvTmpNHamKdsHnDnaj2/Zdw=' 'sha256-a3oedt+C5Vcf2pj8DQkc//OGxgFGwaHabZcFgd++Ndg=' 'sha256-lCXVtyWsZ5bYWo8fU1ZoBvTmpNHamKdsHnDnaj2/Zdw=' 'sha256-Os6VNx8Y2eS7KdnKhJjVRx/OjyP9t+9ogG5PgDG7U24=' 'sha256-IAs0g4KzoLHKnFG4QjfBTcdeqg5pEeGKQt/MjnkbUnA=' 'sha256-PbcsH8nOaDD7hJp+sUl+spHMJT0cKjcxdIaICgejnmI=' 'sha256-B7X35g/IfDxD2XCLBNOI+NAYfU+A5Ebd8LTXLMAMCes=' 'sha256-C1j+Q8Rj+elU8pB5EbdIsZKj5dIJpXkZDPlPgPr1LYg=' 'sha256-VhW5mqjuKfbVP8nOrAU9hwQc8YqVNhwq8Kb/TMAztWQ=' 'sha256-sDc6rZRol4wdhwTD6Js57Nts9cm/tzTiRZmbMIq/85o=' 'sha256-nZiYsxKapDdfcr/KURv2Y86CwPbgHXMwS+8GHOzgjWo=' 'sha256-ifLH7GNlIDBK8dcA4mm8mcQaDehmvaqQhTBq4RhzNm8=' 'sha256-JWt1m28kNFB/rFjtbJEOx3yqSxZv6OjgwNLclp75rQ0='; style-src 'self' *.readspeaker.com https://app.talkjs.com https://*.obi4wan.com 'sha256-e3r3ixQznoqeHGStxAKifIhUOzM2CNfI+Hm//mvJutI=' 'sha256-65g+FC5482wkQGpOCQusWgKj6n4laglnmkRPszueGJ4=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-65g+FC5482wkQGpOCQusWgKj6n4laglnmkRPszueGJ4=' 'sha256-4LtAk4PT4j0j/XQTP+1ZN/falZhh4Zg9DTNCCyLgiVY=' 'sha256-32cjKxL0pRuyfPMdufHTBJ2We9qxUPqzj2GxT3uyTkg=' https://cdn.talkjs.com/; object-src 'none'; connect-src 'self' https://*.pusher.com https://*.amazonaws.com https://*.obi4wan.com https://*.readspeaker.com https://app.talkjs.com *.google-analytics.com wss://app.talkjs.com https://geodata.nationaalgeoregister.nl; font-src 'self' data:; frame-src 'self' https://app.talkjs.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.pusher.com https://*.amazonaws.com https://app.talkjs.com https://*.google-analytics.com https://*.obi4wan.com; manifest-src 'self'; media-src 'self' https://app.talkjs.com/ https://cdn.talkjs.com/; worker-src 'none'; child-src 'self'; form-action 'self'; 1
frame-ancestors 'self' api.egmont.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost local.host local.host:3000 192.168.40.155:3333 0.0.0.0:4001 localhost:4001 localhost:8888 127.0.0.1:8888 bankai-revolution.test *.immofinanz.test *.vivo-shopping.com *.vivo-shopping.test *.vivo-shopping.test *.immofinanz.test *.immofinanz.com *.oc-letnany.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.at *.bing.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.googleadservices.com *.facebook.com *.facebook.net *.fonts.net *.hotjar.com *.hotjar.io walls.io *.walls.io *.pushwoosh.com *.pracawcentrumhandlowym.pl cookiepro.com *.cookiepro.com *.pracavnakupnomcentre.sk cdn.polyfill.io cdnjs.cloudflare.com data:; frame-ancestors 'self' *.immofinanz.com local.host localhost *.immofinanz.test *.immofinanz.test *.vivo-shopping.test *.vivo-shopping.com *.vivo-shopping.test localhost:4050 *.pracawcentrumhandlowym.pl; 1
default-src 'self' https://cdn.etrias.nl ; connect-src 'self' https://cdn.etrias.nl  https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.nl https://*.google.be https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://api01.shoppingminds.net https://trkr.shoppingminds.net https://script.shoppingminds.com https://squeezely.tech https://ct.beslist.nl; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://script.shoppingminds.com https://api01.shoppingminds.net https://squeezely.tech 'nonce-u6wbtgPqkVO7Q0vQHGDfwM9vRa5EnYgO'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com; report-uri /_csp/report 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-RxZKc+PJDpJ1q9ia/H8Vn4yG+DC5BLV+K2a3GJMSR0zbhczA' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src data: blob: https: 'unsafe-inline'; script-src 'unsafe-eval' https: 'unsafe-inline' 1
default-src 'none' ;base-uri 'self'; script-src 'self' salesiq.zoho.com snap.licdn.com px.ads.linkedin.com d1zjpfawzj1ph.cloudfront.net openfpcdn.io js.stripe.com assets.ewebinar.com maps.googleapis.com ajax.googleapis.com www.myofferbox.com  myofferbox.com cdn.oribi.io www.gstatic.com gstatic.com www.google.com google.com nrpc.olark.com api.olark.com www.palmagent.com palmagent.com static.olark.com widgets.palmagent.com facebook.com d2zcxiawc2t6cx.cloudfront.net d2w998roo7cij6.cloudfront.net 'unsafe-inline' 'unsafe-eval';font-src 'self' css.zohocdn.com widget.equally.ai www.myofferbox.com  myofferbox.com static.olark.com d2w998roo7cij6.cloudfront.net fonts.gstatic.com www.palmagent.com palmagent.com; connect-src 'self' cdn.linkedin.oribi.io wss://vts.zohopublic.com wss://vts.zohopublic.com salesiq.zohopublic.com vts.zohopublic.com px.ads.linkedin.com salesiq.zoho.com widget.equally.ai api.equally.ai d2w998roo7cij6.cloudfront.net api.ewebinar.com app.ewebinar.com www.myofferbox.com  myofferbox.com  stats.g.doubleclick.net www.google-analytics.com gw.oribi.io  maps.googleapis.com www.palmagent.com palmagent.com nrpc.olark.com widgets.palmagent.com pagead2.googlesyndication.com; img-src 'self' blob: data: fidelityagent.com salesiq.zohopublic.com css.zohocdn.com px.ads.linkedin.com api4-elb.palmagent.com api.equally.ai widget.equally.ai scontent.fmaa6-1.fna.fbcdn.net scontent-iad3-2.cdninstagram.com pbs.twimg.com www.myofferbox.com  myofferbox.com analytics-dashboard.palmagent.com maps.gstatic.com maps.googleapis.com d2zcxiawc2t6cx.cloudfront.net d1zjpfawzj1ph.cloudfront.net palmagent.com palmagentmedia.s3.amazonaws.com one-convert-queue.s3.amazonaws.com www.palmagent.com googleads.g.doubleclick.net stats.g.doubleclick.net log.olark.com images.palmagent.com d2w998roo7cij6.cloudfront.net www.facebook.com www.google.co.in www.google.com pagead2.googlesyndication.com www.google-analytics.com 'unsafe-inline'; style-src 'self' css.zohostatic.com css.zohocdn.com widget.equally.ai www.myofferbox.com  myofferbox.com www.gstatic.com gstatic.com fonts.googleapis.com palmagent.com www.palmagent.com static.olark.com d2w998roo7cij6.cloudfront.net 'unsafe-inline'; script-src-elem  'self' static.zohocdn.com salesiq.zohopublic.com unpkg.com cdnjs.cloudflare.com js.zohostatic.com js.zohocdn.com salesiq.zoho.com snap.licdn.com pa-one-widgets.localhost dwtg366l6biu9.cloudfront.net widget.equally.ai d1zjpfawzj1ph.cloudfront.net openfpcdn.io d2w998roo7cij6.cloudfront.net js.stripe.com assets.ewebinar.com www.myofferbox.com  myofferbox.com code.jquery.com api.ewebinar.com app.ewebinar.com  cdn.oribi.io  www.gstatic.com gstatic.com www.google.com google.com maps.googleapis.com api.olark.com ajax.googleapis.com palmagent.com www.palmagent.com connect.facebook.net assets.olark.com static.olark.com nrpc.olark.com www.googletagmanager.com pagead2.googlesyndication.com adservice.google.com adservice.google.co.in www.google-analytics.com www.googletagservices.com tpc.googlesyndication.com googleads.g.doubleclick.net 'unsafe-inline' widgets.palmagent.com www.googleadservices.com; media-src static.zohocdn.com d2w998roo7cij6.cloudfront.net vimeo.com d2zcxiawc2t6cx.cloudfront.net static.olark.com video-api.palmagent.com palmagentmedia.s3.amazonaws.com; frame-src 'self' blob: salesiq.zohopublic.com app.fidelityagent.com td.doubleclick.net palmagent.com www.palmagent.com one.palmagent.com js.stripe.com d2zcxiawc2t6cx.cloudfront.net d2w998roo7cij6.cloudfront.net d1zjpfawzj1ph.cloudfront.net www.myofferbox.com  myofferbox.com calendly.com www.calendly.com www.youtube.com youtube.com api4-elb.palmagent.com app.ewebinar.com bid.g.doubleclick.net www.google.com google.com static.olark.com widgets.palmagent.com googleads.g.doubleclick.net tpc.googlesyndication.com player.vimeo.com palmagentmedia.s3.amazonaws.com; frame-ancestors * 1
default-src 'self'; media-src 'self' https://api.reciteme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sc.lfeeder.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ http://api.reciteme.com/ https://api.reciteme.com/ https://cc.cdn.civiccomputing.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/  https://cdn.videosync.fi/   https://player.vimeo.com/api/player.js https://code.highcharts.com/ https://vimeo.com/ cdnjs.cloudflare.com https://cdnjs.cloudflare.com/ https://www.vimeo.com/; font-src 'self' data: https://api.reciteme.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; style-src 'self' 'unsafe-inline' https://api.reciteme.com/ https://fonts.googleapis.com/ ;        connect-src 'self' *.google-analytics.com *.analytics.google.com analytics.google.com https://api.reciteme.com/ https://clapi.civiccomputing.com https://apikeys.civiccomputing.com/ https://our.umbraco.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://vimeo.com/ https://region1.google-analytics.com https://stats.reciteme.com/log;     frame-src 'self'  https://api.reciteme.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://w.soundcloud.com/ https://vimeo.com/;       img-src 'self' data: *.google-analytics.com *.analytics.google.com https://ssl.gstatic.com https://tr.lfeeder.com/ https://dashboard.umbraco.com/ https://api.reciteme.com/ https://i.vimeocdn.com/  https://www.google.com/ https://w.soundcloud.com/ https://accounts.google.com https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://i.ytimg.com/; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://c.clarity.ms/ https://cdnjs.cloudflare.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/; font-src 'self' https://pro.fontawesome.com/; frame-src https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://c.bing.com https://c.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.za https://www.facebook.com; connect-src 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net; 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
default-src 'self' www.google-analytics.com www.youtube.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://sbl.onfastspring.com;               connect-src 'self' our.umbraco.com filmimpact.onfastspring.com vimeo.com www.google-analytics.com region1.google-analytics.com www.facebook.com stats.g.doubleclick.net bat.bing.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com;               child-src 'self' filmimpact.onfastspring.com www.youtube.com player.vimeo.com www.google.com www.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.youtube-nocookie.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.cloudfront.net premium.filmimpact.com s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl ajax.aspnetcdn.com vimeo.com www.vimeo.com connect.facebook.net www.googletagmanager.com bat.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://trackcmp.net https://prism.app-us1.com https://sbl.onfastspring.com;               style-src 'self' 'unsafe-inline' https://*.cloudfront.net fonts.googleapis.com https://sbl.onfastspring.com;               img-src 'self' data: *.cloudfront.net services.perplex.eu www.google-analytics.com www.perplex.nl i.vimeocdn.com i.ytimg.com www.facebook.com www.google.com www.google.nl www.googletagmanager.com bat.bing.com http://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.onfastspring.com;               font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;               form-action 'self' secure.ogone.com www.facebook.com premium.filmimpact.com;               upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: onxrp.com *.onxrp.com bidds.com *.bidds.com *.google-analytics.com analytics.google.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net unpkg.com *.jquery.com *.typekit.net *.ckeditor.com cdn.jsdelivr.net onxrp-marketplace.s3.us-east-2.amazonaws.com onxrp-marketplace-test.s3.us-east-2.amazonaws.com ipfs.infura.io:5001 onxrp.infura-ipfs.io *.passbase.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ingest.sentry.io *.youtube.com *.yoti.com *.walletconnect.org *.walletconnect.com *.unixpunks.club *.xpunks.club firestore.googleapis.com firebase.googleapis.com firebaseinstallations.googleapis.com; img-src * data:; media-src * data:; font-src * data:; frame-ancestors *.walletconnect.org *.walletconnect.com *.onxrp.com; 1
script-src 'self' *.arnove.net *.google-analytics.com 'nonce-**CSP**NONCE**'; base-uri 'self'; form-action 'self'; img-src 'self' *.arnove.net; style-src 'self' 'sha256-zdC5y7BsBzHgcAHEfYhsJBJCM2LXnmLtED5fehjlQf4=' 'sha256-CLC1c4VNJL2uHK1VjQZNRXp2weHQdHTmDXMOlGGxhas='; object-src 'none'; connect-src 'self' *.arnove.net; default-src 'none'; report-uri https://arnove.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' 'unsafe-inline'  https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; script-src  'self' 'unsafe-inline' https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; img-src 'self' 'unsafe-inline' data: http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; connect-src 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net;  frame-src http://preprdcarga.indec.gob.ar/ http://www.youtube.com https://www.youtube.com https://app.powerbi.com/ https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar https://indecbeta.shinyapps.io/ https://open.spotify.com/ https://anchor.fm/ https://podcasters.spotify.com/ https://view.genial.ly/ https://www.indec.gob.ar/ https://embed-standalone.spotify.com/ https://shiny.indec.gob.ar/; 1
connect-src * blob:;img-src * data: blob:;frame-src *;script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' www.facebook.com connect.facebook.net *.googletagmanager.com *.google-analytics.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
"frame-ancestors 'self' https://www.buonalavita.it;" 1
default-src 'self' https: 'unsafe-inline' blob: data:; frame-ancestors 'self'; connect-src 'self' https://account.envato.com:* *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googlesyndication.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.btloader.com https://www.facebook.com https://consentcdn.cookiebot.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://c.bing.com https://c.amazon-adsystem.com https://cdn.jsdelivr.net https://*.publisher-services.amazon.dev 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.zakon.org; frame-ancestors 'self' 1
connect-src 'self' *.100gadgets.kz *.100gadgets.by *.100gadgets.ru 100gadgets.ru mc.yandex.ru *.google-analytics.com yandex.ru *.jivosite.com wss://*.jivosite.com *.jivo.ru wss://*.jivo.ru analytics.tiktok.com; 1
font-src *.googleapis.com *.gstatic.com *.klaviyo.com *.userway.org *.kjmotorsports.com *.jotform.com *.jotfor.ms *.sharethis.com submit.jotform.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com www.kjmotorsports.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.googleapis.com *.klaviyo.com *.asana.com *.sharethis.com submit.jotform.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.kjmotorsports.com 'self' 'unsafe-inline'; frame-ancestors www.kjmotorsports.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com www.paypalobjects.com form.jotform.com widgets.jotform.io cdn.userway.org e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.com *.asana.com *.sharethis.com submit.jotform.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.pinterest.com *.weltpixel.com www.kjmotorsports.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net cdn.userway.org cdn.jotfor.ms e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.com *.sharethis.com submit.jotform.com *.youtube.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com www.kjmotorsports.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net cdn.userway.org static-tracking.klaviyo.com form.jotform.com *.jotfor.ms cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms cdnjs.cloudflare.com js.jotform.com cdn.jotfor.ms widgets.jotform.io static.klaviyo.com e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.youtube.com *.sharethis.com submit.jotform.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com www.kjmotorsports.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.googleapis.com *.jotfor.ms e8b2i2g3.stackpathcdn.com *.kjmotorsports.com *.klaviyo.com *.jotform.io *.sharethis.com submit.jotform.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com www.kjmotorsports.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.kjmotorsports.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.gstatic.com *.facebook.com *.facebook.net *.googletagmanager.com *.doubleclick.net static-forms.klaviyo.com socialplugin.facebook.net api.userway.org *.klaviyo.com cdn.userway.org *.kjmotorsports.com *.asana.com *.sharethis.com submit.jotform.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.graph.instagram.com https://www.google-analytics.com www.kjmotorsports.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.kjmotorsports.com http: https: blob: 'self' 'unsafe-inline'; default-src www.kjmotorsports.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' *.gujmedia.hauptsache.net; frame-src 'self' *.gujmedia.hauptsache.net audionow.de *.rtl.de cdn.privacy-mgmt.com *.ad-alliance.de *.brightcove.net *.svc.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com code.jquery.com spex.ad-alliance.de  px2.vtrtl.de  www.googletagmanager.com gdpr-tcfv2.sp-prod.net www.google-analytics.com ssl.google-analytics.com cdn.static-fra.de *.azureedge.net *.aspnetcdn.com *.gujmedia.hauptsache.net audionow.de *.rtl.de cdn.privacy-mgmt.com *.ad-alliance.de *.brightcove.net *.svc.dynamics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com *.ad-alliance.de *.gujmedia.hauptsache.net stackpath.bootstrapcdn.com; img-src 'self' data: ais.rtl.de ais-ori.rtl.de ais-akamai.rtl.de rin-contens.rtlnm.de spex.ad-alliance.de ip-de-bilder.s3.eu-central-1.amazonaws.com px2.vtrtl.de ip-deutschland-cms.netrtl.com www.google-analytics.com stats.g.doubleclick.net ip.de gujims.com *.gujmedia.hauptsache.net gujims.hauptsache.net *.ad-alliance.de; font-src 'self' *.gujmedia.hauptsache.net *.bootstrapcdn.com *.ad-alliance.de; media-src 'self' *.rtl.de *.ad-alliance.de *.amazonaws.com data: vodvmsuso-a.akamaihd.net blob: vodvmsuso-a.akamaihd.net; worker-src 'self' data: vodvmsuso-a.akamaihd.net blob: vodvmsuso-a.akamaihd.net; connect-src * 1
block-all-mixed-content;base-uri 'self' 1
default-src 'self' https://*.mcfapps.com https://www.google-analytics.com/j/ https://stats.g.doubleclick.net/j/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com/bootstrap/ https://*.giftnetonline.com https://ajax.googleapis.com/ajax/libs/jqueryui/ https://*.mcfapps.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://*.mcfapps.com https://code.jquery.com https://ssl.google-analytics.com/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://www.google-analytics.com/analytics.js  https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/bootstrap.min.js https://www.google-analytics.com/analytics.js  https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/j/ https://maxcdn.bootstrapcdn.com/bootstrap/; frame-src 'self'; worker-src 'self'; img-src 'self' data: https://*.mcfapps.com https://ssl.google-analytics.com/ https://www.googletagmanager.com/ https://www.google-analytics.com; media-src 'self' https://*.mcfapps.com https://*.giftnetonline.com/; frame-ancestors 'self' https://*.werecognize.com https://*.mcfapps.com https://*.giftnetonline.com/ https://*.halorecognition.net 1
default-src 'self' https://cdn.cookielaw.org *.onetrust.io https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://platform.twitter.com https://cdn.yoshki.com https://8406858.fls.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk *.gstatic.com https://www.podbean.com https://communications.crsblaw.com https://dc.services.visualstudio.com *.clarity.ms  https://c.bing.com *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: https://platform.twitter.com https://cdn.syndication.twimg.com https://dl.episerver.net *.episerver.net https://sdk.passle.net https://polyfill.io https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com *.gstatic.com https://www.gstatic.com/wcm/loader.js https://www.googleadservices.com https://cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://secure.hiss3lark.com/js/181639.js  https://static.oktopost.com/oktrk.js https://secure.ryke4peep.com/js/199048.js https://okt.to secure.ryke4peep.com https://www.youtube.com/iframe_api https://www.youtube.com *.clarity.ms c.bing.com; style-src 'self' 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com hello.myfonts.net dl.episerver.net; img-src 'self' data: blob: https://charlesrussellspeechlys.vuturevx.com *.idio.episerver.net *.idio.co https://www.google-analytics.com https://cdn.cookielaw.org https://www.google.com https://www.google.co.uk https://images.passle.net *.clarity.ms *.bing.com https://maps.gstatic.com https://maps.googleapis.com *.vimeocdn.com; connect-src 'self' https://googleads.g.doubleclick.net/ https://cdn.cookielaw.org *.onetrust.io https://www.youtube.com https://www.vimeo.com https://vimeo.com/ https://player.vimeo.com https://platform.twitter.com https://cdn.yoshki.com https://8406858.fls.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk *.gstatic.com https://www.podbean.com https://communications.crsblaw.com https://dc.services.visualstudio.com *.clarity.ms  https://c.bing.com *.googlesyndication.com https://idx.liadm.com *.analytics.google.com https://maps.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' i.ytimg.com cdn.jsdelivr.net google-analytics.com www.google-analytics.com facebook.com www.facebook.com kiliassets.speetra.com google.com www.google.com px.marchex.io googletagmanager.com www.googletagmanager.com ssl.google-analytics.com google-analytics.com www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: vjs.zencdn.net fonts.googleapis.com use.fontawesome.com fonts.gstatic.com facebook.com www.facebook.com; media-src 'self' 'unsafe-inline'  'unsafe-eval'  youtube.com player.vimeo.com vimeo.com www.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' vjs.zencdn.net jobs.ourcareerpages.com google-analytics.com www.google-analytics.com www.googletagmanager.com googletagmanager.com 2e8b6dc4c5614098b4f94e52f34f9011.js.ubembed.com static.speetra.com cdn.jsdelivr.net www.googleadservices.com googleadservices.com googleads.g.doubleclick.net cdn.rawgit.com cdnjs.cloudflare.com app.pulsem.me jquery.com connect.facebook.net facebook.com www.facebook.com google.com www.google.com rw1.marchex.io static.ctctcdn.com gstatic.com www.gstatic.com use.fontawesome.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' vjs.zencdn.net jobs.ourcareerpages.com use.fontawesome.com static.speetra.com fonts.googleapis.com cdnjs.cloudflare.com static.ctctcdn.com 2e8b6dc4c5614098b4f94e52f34f9011.js.ubembed.com www.gstatic.com gstatic.com; connect-src 'self' 'unsafe-inline' app.pulsem.me visitor2.constantcontact.com facebook.com www.facebook.com analytics.google.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net listgrowth.ctctcdn.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com facebook.com www.facebook.com app.pulsem.me bid.g.doubleclick.net google.com www.google.com www.youtube.com youtube.com  www.paycomonline.net paycomonline.net player.vimeo.com vimeo.com www.vimeo.com calendar.google.com google.com; prefetch-src 'self' 'unsafe-inline' 'unsafe-eval' 1
script-src 'nonce-1OhmwLC6MvQapqdRcA698C3cs/1ylX0ennlSeNC3JxU=' 'strict-dynamic'; img-src 'self'; child-src 'self' video.wisetechglobal.com www.youtube.com maps.google.com www.google.com/maps; object-src 'none'; base-uri 'self'; 1
default-src 'none'; connect-src 'self' https://www.dst.dk https://apichart.statbank.dk https://api.statbank.dk https://api.cludo.com https://heatmaps.monsido.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-script.monsido.com https://heatmaps.monsido.com; frame-src 'self' mailto: *.statistikbanken.dk *.statistikbank.dk *.statbank.dk; img-src 'self' data: blob: https://tracking.monsido.com https://api.cludo.com https://www.dst.dk *.statistikbanken.dk *.statistikbank.dk *.statbank.dk; style-src 'self' 'unsafe-inline' https://fast.fonts.net; font-src 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src https://subscriptions.heylogin.com; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://*.heylogin.app https://stackreports.heylogin.app; report-uri https://heyloginapp.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self'; img-src 'self' https://cdn.snapschedule.com https://*.snapschedule365.com https://app.snapschedule365.com https://app-us1.snapschedule365.com https://app-uk1.snapschedule365.com https://app-au1.snapschedule365.com https://app.snapschedule365.us; object-src 'self' https://app.snapschedule365.com https://app-us1.snapschedule365.com https://app-uk1.snapschedule365.com https://app-au1.snapschedule365.com https://app.snapschedule365.us; 1
default-src 'self'; img-src 'self' data:; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livenooky.com:9080 www.livenooky.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livenooky.com wss://www.livenooky.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705981987 1
frame-ancestors 'self' http://www.frisko.dk unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.niituniversity.in https://code.responsivevoice.org https://*.youtube.com https://*.licdn.com https://*.zotabox.com https://embed.typeform.com https://www.clarity.ms https://g5y8v8j5.rocketcdn.me https://storage.googleapis.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://script.hotjar.com https://script.hotjar.com https://www.googleadservices.com https://static.hotjar.com https://static.zotabox.com https://connect.facebook.net https://*.niituniversity.in https://*.nopaperforms.com https://*.npfs.co https://fonts.googleapis.com  https://*.marker.io https://ssl.google-analytics.com https://www.google-analytics.com https://widgets.nopaperforms.com https://chatbot.in1.nopaperforms.com https://edge.marker.io https://cdnjs.cloudflare.com https://ajax.cloudflare.com; img-src 'self' data:  https://*.niituniversity.in https://g5y8v8j5.rocketcdn.me https://px.ads.linkedin.com https://c.clarity.ms https://c.bing.com https://wp-rocket.me https://i.ytimg.com https://www.google.com https://www.google.co.in https://www.facebook.com https://secure.gravatar.com https://chatcdn.npfs.co https://*.nopaperforms.com https://*.nopaperforms.com https://*.wp.com https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.niituniversity.in https://g5y8v8j5.rocketcdn.me https://embed.typeform.com https://fonts.googleapis.com; font-src 'self' data: https://*.niituniversity.in https://g5y8v8j5.rocketcdn.me https://fonts.googleapis.com https://estudiar.vamtam.com https://fonts.gstatic.com; connect-src 'self' https://*.google.com https://g5y8v8j5.rocketcdn.me https://www.facebook.com https://cdn.linkedin.oribi.io https://*.zotabox.com https://*.clarity.ms https://d.clarity.ms https://www.google-analytics.com https://*.hotjar.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.marker.io https://www.ticworks.com; frame-src 'self' https://*.nopaperforms.com  https://form.typeform.com https://g5y8v8j5.rocketcdn.me https://*.niituniversity.in https://wp-rocket.me https://vars.hotjar.com https://bid.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.youtube.com https://*.google.com https://youtube.com https://app.essential-addons.com; object-src 'none'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: *.quantserve.com; object-src 'none' 1
default-src * blob: filesystem: about: ws: wss: ;script-src * blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 1
frame-ancestors 'self';    block-all-mixed-content;    default-src 'self';    script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.inmobi.com  https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://googletagmanager.com https://m.youtube.com https://player.vimeo.com https://secure.gravatar.com https://tagmanager.google.com https://www.youtube.com https://www.vimeo.com https://www.clarity.ms https://*.googletagmanager.com https://www.google-analytics.com *.bootstrapcdn.com https://s7.addthis.com;     style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net secure.gravatar.com tagmanager.google.com www.googletagmanager.com *.bootstrapcdn.com;     object-src 'none';     frame-src 'self' *.vimeo.com *.youtube.com vimeo.com www.youtube-nocookie.com https://youtu.be www.googletagmanager.com www.google.com;     child-src 'self' *.vimeo.com vimeo.com www.youtube.com www.googletagmanager.com;img-src 'self' *.vivesceramica.com data: *.clarity.ms *.vimeocdn.com *.vimeo.com *.gravatar.com *.ytimg.com *.youtube.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net *.bing.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;     font-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com;     connect-src 'self'  https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ *.clarity.ms *.gravatar.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';     base-uri 'self';     form-action 'self';     media-src 'self' *.vimeo.com vimeo.com;     worker-src 'self';     report-to default 1
base-uri 'none'; object-src 'none'; script-src 'nonce-4f226fd0d88b425892f4cd455bfab2b6' 'unsafe-inline' https: http: 'strict-dynamic'; style-src 'unsafe-inline' 'self' 'unsafe-eval' https://fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'none' 1
upgrade-insecure-requests, frame-ancestors 1
default-src 'self' 'unsafe-inline'  https://chatbot.giwms.gov.np/webhooks/rest/webhook https://cdnjs.cloudflare.com https://api.giwms.gov.np https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com http://fonts.googleapis.com http://fast.fonts.net https://www.google.com https://ajax.googleapis.com; font-src 'self' 'unsafe-inline' data: https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.ionicframework.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com http://maps.googleapis.com https://cdn.ckeditor.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net; frame-src 'self' https://view.officeapps.live.com https://maps.google.com https://www.youtube.com https://www.google.com; img-src * 'self' data: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.elfsight.com https://*.elfsightcdn.com https://yoast.com *.cloudflare.com https://www.youtube.com https://cdn.jsdelivr.net https://*.kymetacorp.com https://pi.pardot.com https://googleads.g.doubleclick.net https://www.clarity.ms https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.wordpress.com https://*.wp.com https://*.gravatar.com; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.wordpress.com https://*.wp.com; font-src 'self' data: https:; connect-src 'self' blob: https://*.elfsight.com https://*.elfsightcdn.com https://my.wpengine.com https://yoast.com https://analytics.google.com https://stats.g.doubleclick.net https://www.gstatic.com https://*.clarity.ms/collect https://*.wordpress.com https://*.wp.com https://*.google-analytics.com; frame-src 'self' https://*.google.com/ *.wpmet.com https://*.kymetacorp.com https://*.youtube.com https://*.vimeo.com https://*.wordpress.com https://*.wp.com; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https://*.instahelp.me https://cdn.jsdelivr.net; img-src 'self' https: data:; connect-src 'self' https://*.instahelp.me https://maps.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://bat.bing.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google.com https://webto.salesforce.com; font-src 'self' data:; frame-src 'self' https://*.instahelp.me  https://player.vimeo.com https://www.facebook.com https://www.youtube.com https://w.soundcloud.com https://www.google.com https://www.googletagmanager.com; frame-ancestors 'self' https://meetanyway.com; report-uri https://instahelp.me/csp.php; 1
default-src 'self' https://*.google.com https://auroraener7535.jitterbit.cc ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.googletagmanager.com/ https://tagmanager.google.com  https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://*.hsforms.net https://*.hsforms.com https://connect.facebook.net https://www.facebook.com  https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/j/collect https://assets.livehire.com/scripts/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://*.gstatic.com/ https://www.google-analytics.com/  https://stats.g.doubleclick.net/ https://*.google.com.au https://*.google.com https://*.hsforms.net https://*.hsforms.com https://www.facebook.com https://scontent.xx.fbcdn.net https://www.facebook.com/tr/ https://cds.taboola.com/; frame-src 'self'  https://www.youtube.com/ https://www.google.com https://www.googletagmanager.com https://preview.livehire.com/ https://www.livehire.com; frame-ancestors 'self' https://my.auroraenergy.com.au https://my-prerelease.auroraenergy.com.au https://my-uat.auroraenergy.com.au https://my-sit.auroraenergy.com.au https://my-orange.auroraenergy.com.au https://my-teal.auroraenergy.com.au https://my-blue.auroraenergy.com.au https://wfe-uat1.cloud.auroraenergy.com.au https://wfe-sit1.cloud.auroraenergy.com.au https://wfe-orange.cloud.auroraenergy.com.au https://wfe-teal.cloud.auroraenergy.com.au https://wfe-blue.cloud.auroraenergy.com.au https://wfe-ops.cloud.auroraenergy.com.au https://wfe-pre-staging.cloud.auroraenergy.com.au https://wfe-pre.cloud.auroraenergy.com.au https://wfe-prd-staging.cloud.auroraenergy.com.au; child-src 'self'  https://www.youtube.com/ https://www.google.com; font-src 'self' https://themes.googleusercontent.com data:; connect-src 'self' https://auroraener7535.jitterbit.cc https://rs.fullstory.com/rec/page https://graph.facebook.com https://rs.fullstory.com/rec/bundle https://www.facebook.com https://*.taboola.com/ https://www.google-analytics.com/g/collect https://analytics.google.com/g/ https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://www.google-analytics.com/j/collect 1
default-src 'self' https://sielsystems.nl https://*.sielsystems.nl; script-src 'unsafe-inline' 'unsafe-eval' https://sielsystems.nl https://*.sielsystems.nl ; frame-src 'self' https://sielsystems.nl https://*.sielsystems.nl ; style-src 'unsafe-inline' https://sielsystems.nl https://*.sielsystems.nl; 1
frame-ancestors 'self' https://*.adobecqms.net https://*.ceros.com https://*.vonage.co.uk 1
object-src 'none';     script-src 'self' http://www.googletagmanager.com     http://connect.nosto.com     https://cc-cdn.com     https://maps.google.com    https://maps.googleapis.com    http://www.google-analytics.com    https://www.googleadservices.com    https://googleads.g.doubleclick.net    https://*.klaviyo.com    http://loader.wisepops.com    http://tag.rmp.rakuten.com    https://cc.cdn.civiccomputing.com     https://d2bwpebgtyx3c.cloudfront.net    https://like2have.it    https://*.feefo.com     https://*.klarnacdn.net     https://*.stripe.com    https://static.hotjar.com    https://script.hotjar.com    https://cdn.wisepops.com    https://connect.facebook.net    https://static.hotjar.com    https://www.paypalobjects.com    https://www.paypal.com    https://cookie-cdn.cookiepro.com    https://geolocation.onetrust.com    https://www.getback.ch    https://*.google.com    https://*.youtube-nocookie.com    https://*.youtube.com    https://play.google.com     https://loader.wisepops.com     https://app.getwisp.co     https://wisepops.net     https://cdn.wisepops.net    https://activity.wisepops.com     https://popup.wisepops.com     https://tracking.wisepops.com     https://dx4nr741tfc02.cloudfront.net     https://wisp-production-storage.s3.amazonaws.com     https://*.rewardstyle.com 'unsafe-inline' 'unsafe-eval';     base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mdif.org; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data:; connect-src 'self'; media-src 'self'; object-src 'self'; frame-src https://www.mdif.org https://www.youtube.com; form-action 'self' https://www.mdif.org 1
frame-ancestors 'self' hotel.travel.rakuten.co.jp travel.rakuten.co.jp; 1
default-src 'self' https: ; img-src 'self' 'unsafe-inline' data: https: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5dk9kndiqu40n&partner=; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cinema.com.hk http://www2.lb-swireproperties.com *.apple.com placehold.it remote.captcha.com *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com  *.twitch.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com files.chinafy.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io  addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.sharerails.com s3.amazonaws.com https://sdn.sitecore.net http://api.map.baidu.com api.stathat.com z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.ioapi.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com js-agent.newrelic.com bam.eu01.nr-data.net https://bam.eu01.nr-data.net https://js-agent.newrelic.com *.newrelic.com *.nr-data.net *.cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io http://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io https://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io *.cityplaza.com *.elfsightcdn.com *.elfsight.com https://uat-hk1crm.pacificplace.com.hk https://e.issuu.com/ http://www.pacificplace.com.hk https://www.pacificplace.com.hk https://above.pacificplace.com.hk https://cdn.mouseflow.com *.geo0.ggpht.com https://geo0.ggpht.com *.ggpht.com *.sharethis.com; 1
default-src * data: blob: 'self';script-src *.itewb.gov.in 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.itewb.gov.in itewb.gov.in ws://localhost:* blob:  'self';block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' schibsted.okta.com *.oktacdn.com; connect-src 'self' schibsted.okta.com schibsted-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com schibsted.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' schibsted.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' schibsted.okta.com *.oktacdn.com; frame-src 'self' schibsted.okta.com schibsted-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' schibsted.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' schibsted.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' id.codarts.nl; script-src-elem 'self' 'unsafe-inline' id.codarts.nl; script-src 'self' 'unsafe-inline' id.codarts.nl; style-src 'self' 'unsafe-inline'; img-src 'self' id.codarts.nl; font-src 'self'; object-src 'none'; media-src 'self'; child-src 'self'; frame-ancestors 'self'; frame-src 'self' youtube.com https://www.youtube.com https://youtu.be vimeo.com www.vimeo.com; base-uri 'self' id.codarts.nl; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net tps://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://ct.pinterest.com https://*.contentsquare.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.gardenoflife.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://geolocation.onetrust.com https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self'; connect-src 'self' https://api.methodicalmind.com https://msd-prod-data-dumps-us-east-1.s3.amazonaws.com; frame-ancestors 'self' 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-Rdt2aRKoQL7N4weoha24YtgBvHs=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self' https: blob: data: wss://widget-mediator.zopim.com config.gorgias.chat assets.gorgias.chat config.gorgias.io api.gorgias.work us-east1-898b.gorgias.chat storage.googleapis.com wss://us-east1-898b.gorgias.chat; base-uri 'self'; block-all-mixed-content; font-src 'self' data: d2zk4u3pjs0oai.cloudfront.net d1li5og345f2kj.cloudfront.net letote-assets-staging.s3.amazonaws.com config.gorgias.chat assets.gorgias.chat config.gorgias.io api.gorgias.work us-east1-898b.gorgias.chat storage.googleapis.com wss://us-east1-898b.gorgias.chat fonts.gstatic.com; form-action 'self' www.facebook.com; frame-ancestors 'none'; manifest-src 'none'; media-src 'self' static.zdassets.com d2zk4u3pjs0oai.cloudfront.net d1li5og345f2kj.cloudfront.net letote-assets-staging.s3.amazonaws.com config.gorgias.chat assets.gorgias.chat config.gorgias.io api.gorgias.work us-east1-898b.gorgias.chat storage.googleapis.com wss://us-east1-898b.gorgias.chat fonts.gstatic.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'sha256-1rTNIoD+KfkWaRo0s9l8KtmC4yVenZS4d4Vh1Qjybko=' 'nonce-NvnBI+5pDHYzIip6XSK/vQTfWjlG5u9gt03317mfOeM='; style-src 'self' 'unsafe-inline' d2zk4u3pjs0oai.cloudfront.net d1li5og345f2kj.cloudfront.net letote-assets-staging.s3.amazonaws.com config.gorgias.chat assets.gorgias.chat config.gorgias.io api.gorgias.work us-east1-898b.gorgias.chat storage.googleapis.com wss://us-east1-898b.gorgias.chat fonts.gstatic.com; upgrade-insecure-requests 1
frame-ancestors https://rajaview.id; 1
default-src 'none'; img-src 'self' data:; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://jawns.club; img-src 'self' https: data: blob: https://jawns.club; style-src 'self' https://jawns.club 'nonce-kLntr6OhBiMiBlZoVFxvFw=='; media-src 'self' https: data: https://jawns.club; frame-src 'self' https:; manifest-src 'self' https://jawns.club; form-action 'self'; child-src 'self' blob: https://jawns.club; worker-src 'self' blob: https://jawns.club; connect-src 'self' data: blob: https://jawns.club https://cdn.masto.host wss://jawns.club; script-src 'self' https://jawns.club 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'nonce-6tbF4j2U77fQaJfTh5RFChit' 'unsafe-eval' unpkg.com *.googleapis.com *.googletagmanager.com *.google.com *.youtube.com *.ytimg.com *.jquery.com *.bootstrapcdn.com;object-src 'self';style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com;img-src 'self' data: *.google.com *.google.com.tr *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.youtube.com;media-src 'self' *.googleapis.com;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com;font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' localhost:5001 localhost:* *.performans.com *.google-analytics.com *.doubleclick.net;frame-ancestors 'self' *;report-uri /WebResource.axd?cspReport=true 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-V2dDR21vczk4T0s3VHR1UFNCTXFjOVpYNmhjTnUvTEppYytoTElFZzNEOD06Y1d6anpleEhsdFhxWlpYZk1TTjdQck1WbkM4N2xMMzgrS3VSSDlWT3YzWT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' ireland-guide.com *.ireland-guide.com;img-src * data:;script-src * 'unsafe-inline' 'unsafe-eval';frame-src 'self' *;media-src *; object-src *;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';connect-src *;font-src * 1
font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com *.eagenda.com.br *.minhaagendavirtual.com.br https://ka-f.fontawesome.com https://suporte.mupisystems.com.br; default-src 'none' 'nonce-TyJr4IFxcjajSeLw6RF1Iw=='; img-src 'self' data: *.minhaagendavirtual.com.br *.eagenda.com.br https://dwnwuns92srjq.cloudfront.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://nyc3.digitaloceanspaces.com https://cdn.awsli.com.br https://pbs.twimg.com https://abs.twimg.com https://www.google.com https://platform.twitter.com https://ton.twimg.com *.google.com *.google.com.br *.paypal.com https://syndication.twitter.com https://suporte.mupisystems.com.br; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.googleapis.com *.rdstation.com.br https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://ka-f.fontawesome.com https://api.mercadopago.com https://pagead2.googlesyndication.com/ *.mupisystems.com.br ws://suporte.mupisystems.com.br; style-src 'self' 'unsafe-inline' *.minhaagendavirtual.com.br *.eagenda.com.br https://maxcdn.bootstrapcdn.com https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://nyc3.digitaloceanspaces.com https://fonts.googleapis.com https://pro.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.jsdelivr.net/npm https://ton.twimg.com https://hcaptcha.com https://*.hcaptcha.com cdn.jsdelivr.net https://suporte.mupisystems.com.br; base-uri 'self'; frame-src *.google.com https://www.youtube.com/ https://platform.twitter.com *.twitter.com https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://td.doubleclick.net/; script-src 'self' 'unsafe-inline' *.eagenda.com.br *.minhaagendavirtual.com.br https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com *.googletagmanager.com https://www.google-analytics.com https://use.fontawesome.com https://nyc3.digitaloceanspaces.com https://connect.facebook.net https://cdn.ckeditor.com https://platform.linkedin.com https://platform.twitter.com https://cdn.kiprotect.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://google-analytics.com https://unpkg.com *.gstatic.com *.google.com  *.googleadservices.com https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://kit.fontawesome.com https://sdk.mercadopago.com https://suporte.mupisystems.com.br; manifest-src *.eagenda.com.br *.minhaagendavirtual.com.br; frame-ancestors *; form-action 'self' *.twitter.com https://accounts.google.com *.facebook.com/ 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'strict-dynamic' 'nonce-b487130182d7cd210b2f721d1cf19b66' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com 1
default-src brp.experiencecloud.adobe.com *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.appdynamics.com *.brp.com js.logentries.com *.filepicker.io *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com s.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.eum-appdynamics.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com twemoji.maxcdn.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com https://collect.tealiumiq.com/; 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-52dd3be58fe441c19bebc3ac27e28c66' 'self' 'unsafe-eval' 'unsafe-inline' https://s-usc1a-nss-2018.firebaseio.com/ https://s-usc1a-nss-2024.firebaseio.com/ https://daisho.firebaseio.com/ https://static.landbot.io https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://region1.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com; img-src 'self' data: https://static3.avast.com/ https://translate.google.com https://ssl.google-analytics.com/ https://gjtrack.ucweb.com/ https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://mb.com.ph https://wtf2.forkcdn.com/ https://static.landbot.io https://storage.googleapis.com https://www.grantthornton.global/ https://photos.smugmug.com/ https://www.sunstar.com.ph/ https://chats.landbot.io http://s14255.pcdn.co/ http://ialaddin.genieesspv.jp/ http://bworldonline.com/ http://www.bworldonline.com/ http://mindanaotimes.net/ http://media.philstar.com/ http://www.mb.com.ph/ http://businessmirror.com.ph/ http://tribune.net.ph/ http://cdn.manilatimes.net/ http://www.malaya.com.ph/ http://cdn2-img.pressreader.com/ http://farm5.staticflickr.com/ http://business.mb.com.ph/ http://oxfordbusinessgroup.com/ http://assets.rappler.com/ http://www.gti.org/ https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://wtf2.forkcdn.com/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://cdn.landbot.io/ blob: https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://chats.landbot.io https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.landbot.io/  https://static3.avast.com/ https://fonts.gstatic.com; frame-src https://s-usc1a-nss-2018.firebaseio.com/ https://www.grantthornton.com.ph/ https://s-usc1a-nss-2024.firebaseio.com/ https://www.googletagmanager.com https://chats.landbot.io https://view.ceros.com https://social-plugins.line.me/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://flo.uri.sh/; connect-src 'self' https://maps.googleapis.com/ wss://s-usc1a-nss-2018.firebaseio.com/ wss://daisho.firebaseio.com/ wss://s-usc1a-nss-2024.firebaseio.com/ https://www.googleapis.com/ https://analytics.google.com/ https://messages.landbot.io/ https://welcome.landbot.io/ https://storage.googleapis.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://static3.avast.com/ https://gjtrack.ucweb.com/ https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://chats.landbot.io https://642-sde-924.mktoresp.com https://www.clarity.ms/ https://*.googletagmanager.com https://identitytoolkit.googleapis.com/ https://firestore.googleapis.com/; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-f51491f1185851d84bb15aec5ab27311'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' blob: data: 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.zadarma.com *.bootstrapcdn.com *.webvisor.com *.googlesyndication.com *.gstatic.com *.google.ru *.google.com bitrix.info *.bitrix.info *.doubleclick.net *.googletagservices.com *.bitrix24.ru it.era.ee *.goodprogrammist.ru bitrixfunmyvutrn.onion *.yandex.net wss://*.bitrix24.com *.disquscdn.com disqus.com wss://disqus.com *.disqus.com *.cdnvideo.ru *.yandex.ru *.googletagmanager.com *.1c-bitrix-cdn.ru *.google-analytics.com yastatic.net *.yastatic.net *.googleadservices.com *.gravatar.com goodprogrammist.ru *.cloudflare.com *.sendpulse.com *.yandex.md argonizer.ru http://argonizer.ru *.argonizer.ru argo.pro *.argo.pro http://old.argo.vc old.argo.vc *.datatables.net *.argo.vc *.new.rpo.ru new.rpo.ru argo.company *.argo.company *.zyxil.ru *.facebook.net *.vk.com *.mail.ru an.zyxil.ru ap.zyxil.ru *.joxi.net *.youtube.com youtube.com *.vimeo.com *.1c-bitrix.ru *.tinkoff.ru *.kladr-api.ru *.kladr-api.com kladr-api.ru kladr-api.com *.pochta.ru pochta.ru *.telerik.com telerik.com *.pickpoint.ru pickpoint.ru; 1
default-src 'self' 'unsafe-inline' *.tn.gov.in fonts.googleapis.com;” 1
script-src 'self' 'unsafe-inline' https://*.flattr.com 1
frame-ancestors 'self' *.firmenbuchgrundbuch.at *.compass.at *.wirtschaftscompass.at 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://embed.signalintent.com https://play.vidyard.com https://snap.licdn.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://tags.clickagy.com https://*.unbounce.com https://d3pkntwtp2ukl5.cloudfront.net/uba.js https://optimize.google.com https://www.googleoptimize.com https://www.youtube.com https://ws.zoominfo.com https://*.hotjar.com https://www.gstatic.com https://www.google.com https://ajax.googleapis.com https://use.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com https://app-ab23.marketo.com https://siteimproveanalytics.com https://munchkin.marketo.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://gateway.zscloud.net https://maps.googleapis.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://embed.signalintent.com https://optimize.google.com https://p.typekit.net https://use.typekit.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://app-ab23.marketo.com https://use.fontawesome.com; connect-src 'self' https://api.segment.io https://adservice.google.com https://calc-backend-prod.herokuapp.com https://cdn.segment.com https://play.vidyard.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://cdn.cookielaw.org https://aorta.clickagy.com https://hemsync.clickagy.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://ws.zoominfo.com https://d2mefa3mujb0bx.cloudfront.net https://d2idea1kzvufhy.cloudfront.net https://stats.g.doubleclick.net https://use.fontawesome.com https://go.firstbusiness.bank https://880-qno-957.mktoutil.com https://www.google-analytics.com https://www.googletagmanager.com https://880-qno-957.mktoresp.com https://o250803.ingest.sentry.io; img-src 'self' https://cdn.vidyard.com https://play.vidyard.com https://fbb-cms.firstbusiness.bank https://px.ads.linkedin.com https://www.linkedin.com https://ad.doubleclick.net https://adservice.google.com https://cdn.cookielaw.org https://id.rlcdn.com https://aorta.clickagy.com https://optimize.google.com https://ws.zoominfo.com https://media.firstbusiness.bank https://media.firstbusiness.com https://firstbusiness.bank https://stats.g.doubleclick.net data: https://lh3.ggpht.com https://i.ytimg.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://3517.global.siteimproveanalytics.io https://*.gravatar.com https://www.facebook.com; font-src 'self' data: https://embed.signalintent.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://play.vidyard.com https://insight.adsrvr.org https://match.adsrvr.org https://13333447.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com https://*.hotjar.com https://html5-player.libsyn.com https://www.youtube.com https://app-ab23.marketo.com https://www.google.com https://snazzymaps.com https://cdn.jsdelivr.net; media-src 'self' https://ssl.gstatic.com;report-uri https://o250803.ingest.sentry.io/api/6241426/security/?sentry_key=f1a7000fd2f94aedb8e361857307829b 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://google.com/cse/static/ http://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://image.providesupport.com https://www.google.com/cse/static/element/ http://cse.google.com/adsense/search/async-ads.js https://cse.google.com/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/ https://connect.facebook.net/en_US/fbds.js http://clients1.google.com/ https://sealserver.trustwave.com/seal.js *.resellerspanel.com https://secure.resellerspanel.com; frame-ancestors 'self'; 1
default-src 'self'; script-src https://cdnjs.cloudflare.com https://connect.facebook.net https://js-agent.newrelic.com https://static.ads-twitter.com/uwt.js https://ajax.googleapis.com https://*.nr-data.net https://*.blossm.com https://*.www.blossm.com 'unsafe-inline' https://www.googletagmanager.com https://static.zdassets.com https://www.blossm.com 'self' https://challenges.cloudflare.com https://blossm.com 'unsafe-eval' https://www.google.com https://www.google.com/recaptcha/ https://www.google-analytics.com https://*.zendesk.com ;  style-src 'self' data: 'unsafe-inline' https://*.blossm.com https://*.www.blossm.com https://www.blossm.com https://cdnjs.cloudflare.com ; img-src https://*.nr-data.net https://static.zdassets.com https://analytics.twitter.com https://cdnjs.cloudflare.com https://t.co https://www.blossm.com https://www.google-analytics.com https://cbpayouts.s3.amazonaws.com 'self' https://blossm.zendesk.com https://www.facebook.com https://*.blossm.com data: https://blossm.com https://*.www.blossm.com https://cdn.blossm.com https://private-cdn.blossm.com ;  font-src 'self' data: https://*.blossm.com https://www.blossm.com https://*.www.blossm.com https://cdnjs.cloudflare.com ; connect-src https://cbpayouts.s3.amazonaws.com blob: data: https://*.nr-data.net https://*.blossm.com wss://www.blossm.com https://*.www.blossm.com wss://blossm.zendesk.com ws://localhost:* https://www.blossm.com https://blossm.zendesk.com 'self' blob https://www.facebook.com https://ekr.zdassets.com https://blossm.com wss://*.zendesk.com wss://*.blossm.com https://www.google-analytics.com https://cdn.blossm.com https://private-cdn.blossm.com ;  media-src 'self' https://*.blossm.com https://www.blossm.com https://*.www.blossm.com mediasource: blob: data: https://cbpayouts.s3.amazonaws.com https://cdn.blossm.com https://private-cdn.blossm.com https://static.zdassets.com ;  object-src 'self' https://*.blossm.com https://www.blossm.com https://*.www.blossm.com https://cbpayouts.s3.amazonaws.com https://cdn.blossm.com https://private-cdn.blossm.com ; frame-src https://www.google.com/recaptcha/ https://www.blossm.com 'self' https://*.incodesmile.com https://challenges.cloudflare.com https://*.blossm.com https://blossm.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.blossm.com https://blossm.com https://www.blossm.com https://*.www.blossm.com ;  manifest-src 'self' https://*.blossm.com https://blossm.com https://www.blossm.com https://*.www.blossm.com ; 1
default-src 'none'; img-src 'self' blob: data: https://maps.gstatic.com https://maps.googleapis.com https://images.contentstack.io https://*.112.2o7.net https://*.eyemedvisioncare.com https://*.aetnavision.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.mypurecloud.com https://maps.googleapis.com https://dhqbrvplips7x.cloudfront.net https://apps.mypurecloud.com https://assets.adobedtm.com https://*.eyemedvisioncare.com https://*.aetnavision.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.aetnavision.com; font-src 'self' https://fonts.gstatic.com https://*.aetnavision.com; connect-src 'self' https://maps.googleapis.com https://naccapi.luxnacc.com https://images.contentstack.io https://*.112.2o7.net https://widgets.hive.genesys.com https://iw-017-ind.us.caas.hosted-inin.com https://*.eyemedvisioncare.com; frame-src 'self' https://www.youtube.com https://*.eyemedvisioncare.com https://*.aetnavision.com; frame-ancestors 'self' https://*.eyemedvisioncare.com https://*.aetnavision.com 1
object-src 'none'; script-src 'self' 'unsafe-eval' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.premier-stores.co.uk/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.licdn.com *.hotjar.com *.ads-twitter.com *.aspnetcdn.com secure.leadforensics.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com *.googletagmanager.com unpkg.com  https://www.google.com/recaptcha/api.js https://maps.googleapis.com *.gstatic.com *.googleapis.com *.addthis.com *.addthisedge.com *.moatads.com *.cookiebot.com; base-uri 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-ancestors 'self' www.youtube.com fonts.googleapis.com *.vimeo.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://syzito.xyz; img-src 'self' https: data: blob: https://syzito.xyz; style-src 'self' https://syzito.xyz 'nonce-HkgWTPm7O4ziqXOfz17Kuw=='; media-src 'self' https: data: https://syzito.xyz; frame-src 'self' https:; manifest-src 'self' https://syzito.xyz; form-action 'self'; child-src 'self' blob: https://syzito.xyz; worker-src 'self' blob: https://syzito.xyz; connect-src 'self' data: blob: https://syzito.xyz https://syzito.files.fedi.monster wss://syzito.xyz; script-src 'self' https://syzito.xyz 'wasm-unsafe-eval' 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com copeval.local mcstaging.copeval.cl copeval.cl www.copeval.cl mcstaging-empresas.copeval.cl prime.copeval.cl assets.adobedtm.com data:; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com webpay3gint.transbank.cl webpay3g.transbank.cl portalempresas.bancochile.cl www.bancoestado.cl pagos.santander.cl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com cdn.dnky.co webchat.dotdigital.com www.facebook.com player.flipsnack.com www.google.com; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io maps.gstatic.com maps.googleapis.com www.mercadolibre.com www.mercadolivre.com www.mercadopago.com.ar *.google.com www.google.com.ar accounts.google.com www.googletagmanager.com storage.googleapis.com amcglobal.sc.omtrdc.net assets.adobedtm.com www.google.com.mx www.facebook.com connect.facebook.net pos.baidu.com https://cdn.behamics.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://maps.googleapis.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com geolocation.onetrust.com *.google-analytics.com secure.mlstatic.com www.googletagmanager.com copeval.local mcstaging.copeval.cl copeval.cl mcstaging-empresas.copeval.cl prime.copeval.cl www.copeval.cl web-sdk.aptrinsic.com esp-m.aptrinsic.com js-agent.newrelic.com *.fontawesome.com script.crazyegg.com static.hotjar.com script.hotjar.com *.behamics.com www.facebook.com connect.facebook.net ipinfo.io player.flipsnack.com 200.75.7.213 www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com footer.mars.com web-sdk.aptrinsic.com esp-m.aptrinsic.com assets.adobedtm.com fonts.googleapis.com *.behamics.com www.facebook.com 'self' 'unsafe-inline'; object-src esp-m.aptrinsic.com copeval.local mcstaging.copeval.cl copeval.cl www.copeval.cl mcstaging-empresas.copeval.cl prime.copeval.cl bam.nr-data.net js-agent.newrelic.com dpm.demdex.net assets.adobedtm.com script.crazyegg.com www.facebook.com 'self' 'unsafe-inline'; media-src 200.75.7.213 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com rcdfcdn.mars.com geolocation.onetrust.com dev.gtm.southwatts.com *.google-analytics.com secure.mlstatic.com www.googletagmanager.com maps.googleapis.com www.mercadolibre.com www.mercadolivre.com www.mercadopago.com.ar *.google.com stats.g.doubleclick.net www.google.com.ar accounts.google.com getfirebug.com copeval.local mcstaging.copeval.cl copeval.cl www.copeval.cl web-sdk.aptrinsic.com esp-m.aptrinsic.com bam.nr-data.net js-agent.newrelic.com dpm.demdex.net assets.adobedtm.com *.behamics.com www.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' secure.entertimeonline.com; 1
frame-ancestors 'self' https://echobotsales.de/ https://*.echobotsales.de/ https://*.lightning.force.com/ https://*.my.salesforce.com https://*.echobot.de https://d35wjiveis58b7.cloudfront.net/ https://www.dealfront.com 1
default-src 'none'; style-src 'self'; media-src 'self' rtmp:; img-src 'self' https://queer.hacktivis.me/; script-src 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none' 1
default-src 'none'; object-src 'none'; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net *.clarity.ms *.gstatic.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com.tr *.doubleclick.net *.google-analytics.com *.google.com api.abonesepeti.app *.tiktok.com; connect-src 'self' www.encazip.com www.facebook.com connect.facebook.net *.clarity.ms *.gstatic.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com.tr *.doubleclick.net *.google-analytics.com *.google.com api.abonesepeti.app *.tiktok.com; img-src 'self' data: static.encazip.com www.facebook.com connect.facebook.net *.clarity.ms *.gstatic.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com.tr *.doubleclick.net *.google-analytics.com *.google.com api.abonesepeti.app *.tiktok.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com; font-src 'self' *.gstatic.com; frame-src 'self' www.facebook.com www.youtube.com www.google.com *.doubleclick.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lucitt.social; img-src 'self' https: data: blob: https://lucitt.social; style-src 'self' https://lucitt.social 'nonce-+wxzLd2GumlwtHwghvjTRQ=='; media-src 'self' https: data: https://lucitt.social; frame-src 'self' https:; manifest-src 'self' https://lucitt.social; form-action 'self'; child-src 'self' blob: https://lucitt.social; worker-src 'self' blob: https://lucitt.social; connect-src 'self' data: blob: https://lucitt.social https://lucitt.social wss://lucitt.social; script-src 'self' https://lucitt.social 'wasm-unsafe-eval' 1
script-src 'none'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org https://*.newspointapp.com http://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com https://*.economictimes.com https://*.gadgetsnow.com https://timesxp.com https://www.timesxp.com https://*.timesxp.com https://*.filmipop.com https://studio-dev.sli.ke https://studio.sli.ke 1
default-src 'self' *; script-src 'self' 'unsafe-inline' *; object-src *; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: about: *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * https://sentry.in.vardot.com/api/64/store/ https://sentry.in.vardot.com/api/64/envelope/; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ws: wss: blob: 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app  https://www.centraliens-lyon.net/  https://www.technica-magazine.fr/   ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://www.centraliens-lyon.net/; form-action 'self' https://login.microsoftonline.com/ https://netanswer.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com 1
script-src 'unsafe-eval' 'self' 'nonce-D4O5I9tyXlekv2ErnnyZ' cdn-app.impl-peakon.com static.zdassets.com ekr.zdassets.com peakon.zendesk.com peakon1606916913.zendesk.com; style-src 'unsafe-inline' 'self' cdn-app.impl-peakon.com static.peakon.com; connect-src api.impl-peakon.com 'self' cdn-app.impl-peakon.com nw.megaleo.com activity.impl-peakon.com realtime.impl-peakon.com wss://realtime.impl-peakon.com api.rollbar.com peakon-temporary-impl.s3.amazonaws.com peakon-uploads-impl.s3.amazonaws.com slack.impl-peakon.com status.peakon.com sync.impl-peakon.com static.zdassets.com ekr.zdassets.com *.zopim.com peakon.zendesk.com peakon1606916913.zendesk.com wss://peakon.zendesk.com wss://peakon1606916913.zendesk.com wss://*.zopim.com ekr.zendesk.com; default-src 'none'; base-uri 'self'; img-src * cdn-app.impl-peakon.com data: v2assets.zopim.io static.zdassets.com data:; form-action 'self'; font-src 'self' cdn-app.impl-peakon.com static.peakon.com data:; media-src * static.zdassets.com; frame-src training.impl-peakon.com player.vimeo.com; report-uri https://peakon.report-uri.com/r/d/csp/enforce 1
base-uri 'self'; frame-src 'self' *.gravatar.com *.google-analytics.com *.google.com *.hotjar.com *.facebook.com *.youtube.com *.youtube-nocookie.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.facebook.com *.hotjar.com *.ctctcdn.com *.constantcontact.com; font-src 'self' data: *.gstatic.com; script-src 'self' 'unsafe-inline' *.w3-edge.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.hotjar.com static.ctctcdn.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.gstatic.com static.ctctcdn.com; object-src 'none'; form-action 'self' *.mailmunch.co; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src data: 'self' *; worker-src blob:; connect-src *; font-src 'self' *; frame-src 'self' *; media-src 'self' *; 1
frame-ancestors 'self' www.asadventure.fr asadventure.fr product001.asadventure.fr product002.asadventure.fr product003.asadventure.fr product004.asadventure.fr ; 1
base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net http://view.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com; 1
frame-ancestors 'self' https://www.tropmet.res.in; 1
frame-ancestors https://sans-nuage.fr https://arn-fai.net 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; style-src 'self' 'unsafe-inline' *.tarotpolis.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.tarotpolis.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com 1
default-src 'self' 'unsafe-inline' https://www.youtube.com https://player.vimeo.com https://*.harvest.fr https://fonts.googleapis.com www.google.fr www.googletagmanager.com analytics.google.com www.google-analytics.com fonts.gstatic.com vars.hotjar.com in.hotjar.com px.ads.linkedin.com connect.facebook.net stats.g.doubleclick.net unpkg.com secure.gravatar.com player.ausha.co s.w.org ps.w.org https://challenges.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.harvest.fr www.google.com www.googletagmanager.com www.google-analytics.com https://www.gstatic.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com code.jquery.com maps.googleapis.com snap.licdn.com pi.pardot.com connect.facebook.net unpkg.com static.addtoany.com ps.w.org https://challenges.cloudflare.com; frame-ancestors 'self' https://*.harvest.fr 1
font-src maxcdn.bootstrapcdn.com *.googleapis.com *.zopim.com *.hotjar.com *.hotjar.io *.gstatic.com data: *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.issuu.com *.vimeo.com *.facebook.com *.demdex.net *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.paynet.com.mx 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.googleapis.com *.facebook.com *.youtube.com *.zopim.io *.zopim.com *.gstatic.com *.doubleclick.net *.omtrdc.net https://landofcoder.com data: *.googletagmanager.com *.googleusercontent.com *.google.com *.ggpht.com *.never8.com *.unitam.com eadn-wc04-10468518.nxedge.io ce2f80375c.nxcli.io *.postimg.cc 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.hotjar.com *.zopim.com *.bootstrapcdn.com *.zdassets.com *.issuu.com *.googleapis.com *.facebook.net *.googletagmanager.com *.google.com vimeo.com *.magento.com *.s3.amazonaws.com *.openpay.co *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.googleapis.com *.google.com *.fontawesome.com *.magento.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com wss://*.zopim.com wss://*.hotjar.com *.zdassets.com *.hotjar.com *.hotjar.io *.demdex.net *.zopim.com *.omtrdc.net *.google-analytics.com *.doubleclick.net *.magento.com *.googleapis.com *.openpay.mx *.openpay.co 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self style-src 'self' 'unsafe-inline' img-src * 'self' data: https:; 1
img-src blob: https: data:; upgrade-insecure-requests 1
img-src * data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com w.sharethis.com *.sharethis.com optanon.blob.core.windows.net cdn.cookielaw.org code.jquery.com geolocation.onetrust.com munchkin.marketo.net www.youtube.com s.ytimg.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbqofs.io *.gbqofs.com *.googleapis.com *.gigya.com *.sessioncam.com *.rewe-static.de *.rewe.de *.krxd.net *.bkrtx.com *.iesnare.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.google.es *.google.de *.google.com.tr *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com *.cloudflare.com *.fusepump.com *.youtube.com *.ytimg.com *.evidon.com *.jquery.com *.serving-sys.com *.igodigital.com *.facebook.net *.g.doubleclick.net cdn.hypemarks.com cdn.adimo.co google-analytics.com *.nestle.co.uk *.nestle.de *.gstatic.com *.cloudfront.net *.usabilla.com usabilla.com www.googleadservices.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com *.google.com www.google.com www.google.co.uk *.google.es *.google.de *.google.com.tr cdn.adimo.co *.nestle.de *.cloudfront.net *.usabilla.com usabilla.com cloud.typography.com https://use.fontawesome.com *.rewe-static.de *.adimo.co fast.fonts.net; img-src 'self' data: *.googletagmanager.com *.acsitefactory.com *.cloudfront.net *.rewe-static.de *.sessioncam.com *.google.co.in *.adimo.co *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com *.doubleclick.net www.google.com www.google.co.uk *.google.es *.google.de *.google.com.tr *.betrad.com *.pump.to *.amazonaws.com *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.nestle.de bam.nr-data.net *.usabilla.com usabilla.com *.wikimedia.org *.aws.nestle.recipes cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be *.evidon.com *.doubleclick.net *.fusepump.com *.hypemarks.com *.youtube-nocookie.com *.adimo.co *.nestle.de *.nestle.co.uk *.bluekai.com *.shop.rewe-static.de *.google.com www.google.com www.google.co.uk *.google.es *.google.de *.google.com.tr *.cloudfront.net *.usabilla.com usabilla.com *.gigya.com *.sessioncam.com *.bazaarvoice.com *.sitepreview.ws *.krxd.net *.nestle-brands.co.uk *.shopmium.com; frame-ancestors 'self'; child-src 'self' blob: https://www.ernaehrungsstudio.destatic.addtoany.com *.youtube.com *.youtu.be youtu.be *.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net *.nestle.de http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: *.acsitefactory.com *.gbqofs.io *.gbqofs.com  *.rewe-static.de https://cdnjs.cloudflare.com *.nestle.de *.cloudfront.net *.usabilla.com usabilla.com https://use.fontawesome.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com; connect-src 'self' *.krxd.net *.nr-data.net *.acsitefactory.com *.rewe.de *.rewe-static.de *.sessioncam.com *.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.adimo.co *.nestle.de bam.nr-data.net *.evidon.com stats.g.doubleclick.net *.cloudfront.net *.usabilla.com usabilla.com www.google.com googleads.g.doubleclick.net *.bazaarvoice.com  cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com report.nestle.gbqofs.io region1.analytics.google.com; report-uri /report-csp-violation 1
default-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be consentcdn.cookiebot.com; connect-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com stats.g.doubleclick.net https://cognito-identity.eu-central-1.amazonaws.com wss://a3a87qpyvgayr4-ats.iot.eu-central-1.amazonaws.com; img-src 'self' data: www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' www.trappistwestvleteren.be checkout.trappistwestvleteren.be 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleapis.com www.googletagmanager.com maps.google.com; style-src 'self' 'unsafe-inline' ;img-src *; frame-src *.google.com 1
default-src 'self' *   'unsafe-eval' 'unsafe-inline';   style-src 'self'  'unsafe-eval' 'unsafe-inline';   media-src *;   script-src * 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://iframetester.com https://eloomi.com https://logwin.eloomi.com https://app.logwin-logistics.com https://www.logwin-logistics.com 1
default-src 'self'; upgrade-insecure-requests; connect-src 'self' dc.services.visualstudio.com *.pensionpro.com *.applicationinsights.azure.com; style-src 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; style-src-elem 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' appcenter.intuit.com www.googletagmanager.com ajax.googleapis.com cdn.polyfill.io ssl.google-analytics.com cdnjs.cloudflare.com az416426.vo.msecnd.net js.braintreegateway.com *.monitor.azure.com; img-src 'self' *.pensionpro.com kendo.cdn.telerik.com data: ssl.google-analytics.com; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com; 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com;connect-src 'self' *.amazonaws.com  *.linkedin.com *.visualstudio.com stats.g.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: *.linkedin.com www.gravatar.com umbraco.tv www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' fonts.googleapis.com data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com;form-action 'self' *.flutter.com ddlnk.net;frame-src 'self' vimeo.com ir.design-portfolio.co.uk platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net; 1
frame-ancestors 'self' https://orchid.imp.iat.oceanwidebridge.com https://orchid.imp.uat.oceanwidebridge.com https://connect.orchidinsurance.com https://orchid.imp.conf.oceanwidebridge.com 1
frame-src *; frame-ancestors *; report-uri https://gotoltc.edu/report-uri/enforce 1
frame-ancestors 'self' form.jotform.com; 1
default-src 'self' *.omappapi.com; connect-src 'self' crownpeak.net *.crownpeak.net *.google-analytics.com *.doubleclick.net *.omappapi.com *.linkedin.oribi.io *.tvsquared.com https://analytics.google.com https://px.ads.linkedin.com; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://files.marcomcentral.app.pti.com; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.google.com *.vimeo.com *.adsrvr.org *.doubleclick.net https://secure.checkout.visa.com; img-src 'self' *.google-analytics.com *.googletagmanager.com banno.com *.banno.com *.googleapis.com *.gstatic.com *.adsrvr.org *.linkedin.com *.google.com *.facebook.com *.adsymptotic.com *.printable.com https://collector-34104.us.tvsquared.com data:; media-src 'self' https://files.marcomcentral.app.pti.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com banno.com *.banno.com *.omappapi.com *.manychat.com *.google.com crownpeak.com *.crownpeak.com *.facebook.net *.mantl.com *.benchmarkemail.com *.licdn.com *.adsrvr.org https://googleads.g.doubleclick.net https://secure.checkout.visa.com https://widget.ellieservices.com *.ellieservices.com https://collector-34104.us.tvsquared.com/tv2track.js; style-src 'self' 'unsafe-inline'  *.googleapis.com *.omappapi.com 1
frame-ancestors 'self' http://hag-sappoh1.aoc.eu http://hag-sappop1.aoc.eu 1
object-src 'none';base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'              https://secure.qgiv.com/              https://*.pendo.io/              http://www.crimestoppersweb.com/               https://www.paypal.com/               https://*.jotform.com/              https://*.jotfor.ms/              https://*.cloudflare.com/              https://*.jotform.com/              https://*.facebook.net/ http://*.facebook.net/               https://*.p3tips.com/ http://*.p3tips.com/               https://*.googleapis.com/ http://*.googleapis.com/               https://*.amazon.com/ http://*.amazon.com/               https://www.sonars.co/; 1
default-src * 'self' data: https: http: ; img-src * 'self' data: https: http: blob: ; font-src * 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: http: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; 1
default-src: https: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-gurfCs4_b-ETq96g4C9Svg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ironcorelabs.com https://www.googleadservices.com https://www.google.com https://tagmanager.google.com *.luckyorange.com *.hsforms.com *.hsforms.net *.hubspot.com *.hsadspixel.net https://ssl.google-analytics.com www.google-analytics.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hs-banner.com js.hscollectedforms.net px.ads.linkedin.com *.licdn.com js.hsleadflows.net js.usemessages.com static.hsappstatic.com https://www.googletagmanager.com *.embedly.com *.cloudfront.net static.cloudflareinsights.com *.outgrow.co *.outgrow.us gist.github.com cdn.tailwindcss.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com cdn.embedly.com *.hubspot.com *.hsappstatic.net *.cloudfront.net *.outgrow.co *.outgrow.us *.githubassets.com; img-src 'self' blob: data: *; font-src 'self' *.hubspot.com *.cloudfront.net *.hsappstatic.net fonts.googleapis.com fonts.gstatic.com *.embedly.com public.slidesharecdn.com data:; prefetch-src 'self' *; frame-ancestors 'self'; connect-src 'self' *; form-action 'self' *.hsforms.com *.hubspot.com *.hs-scripts.com *.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.usemessages.com static.hsappstatic.com *.outgrow.co *.outgrow.us; base-uri 'self'; manifest-src 'self'; frame-src 'self' *; worker-src 'self' *.ironcorelabs.com blob:; object-src 'none'; upgrade-insecure-requests; report-uri https://ironcorelabs.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-76a3b66886103b784e6cf71f0791dd5f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: 'self' fonts.gstatic.com *.google.com *.googleapis.com *.googleadservices.com *.bigcommerce.com *.gorgias.chat *.ingest.sentry.io api.segment.io *.doubleclick.net *.youtube.com *.googletagmanager.com *.bolt.com prismic-io.s3.amazonaws.com *.google-analytics.com *.attn.tv *.acsbapp.com polyfill.io *.prismic.io *.klaviyo.com *.hotjar.com *.hotjar.io *.bing.com stamped.io *.algolia.net *.algolianet.com *.algolia.io insights.algolia.io *.pinimg.com *.clarity.ms *.attentivemobile.com *.pinterest.com *.facebook.com *.facebook.net *.bugsnag.com *.elfsight.com *.googleusercontent.com *.fbcdn.net *.tripadvisor.com *.vercel-insights.com vitals.vercel-insights.com *.adroll.com *.divers1.com io.clickguard.com *.acuityplatform.com *.affirm.com pixel.admedia.com *.truevaultcdn.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.google.com *.googleapis.com *.googleadservices.com *.bigcommerce.com *.gorgias.chat *.ingest.sentry.io api.segment.io *.doubleclick.net *.youtube.com *.googletagmanager.com *.bolt.com prismic-io.s3.amazonaws.com *.google-analytics.com *.attn.tv *.acsbapp.com polyfill.io *.prismic.io *.klaviyo.com *.hotjar.com *.hotjar.io *.bing.com stamped.io *.algolia.net *.algolianet.com *.algolia.io insights.algolia.io *.pinimg.com *.clarity.ms *.attentivemobile.com *.pinterest.com *.facebook.com *.facebook.net *.bugsnag.com *.elfsight.com *.googleusercontent.com *.fbcdn.net *.tripadvisor.com *.vercel-insights.com vitals.vercel-insights.com *.adroll.com *.divers1.com io.clickguard.com *.acuityplatform.com *.affirm.com pixel.admedia.com *.truevaultcdn.com; style-src https: 'self' 'unsafe-inline' *; img-src https: 'self' data: *.prismic.io *.gorgias.chat *.doubleclick.net *.google.com www.youtube.com www.googletagmanager.com *.bolt.com; object-src https: 'self' *.prismic.io *.gorgias.chat *.doubleclick.net *.google.com www.youtube.com www.googletagmanager.com *.bolt.com; frame-ancestors https: 'self' *.prismic.io *.gorgias.chat *.doubleclick.net *.google.com www.youtube.com www.googletagmanager.com *.bolt.com; connect-src 'self' ws: fonts.gstatic.com *.google.com *.googleapis.com *.googleadservices.com *.bigcommerce.com *.gorgias.chat *.ingest.sentry.io api.segment.io *.doubleclick.net *.youtube.com *.googletagmanager.com *.bolt.com prismic-io.s3.amazonaws.com *.google-analytics.com *.attn.tv *.acsbapp.com polyfill.io *.prismic.io *.klaviyo.com *.hotjar.com *.hotjar.io *.bing.com stamped.io *.algolia.net *.algolianet.com *.algolia.io insights.algolia.io *.pinimg.com *.clarity.ms *.attentivemobile.com *.pinterest.com *.facebook.com *.facebook.net *.bugsnag.com *.elfsight.com *.googleusercontent.com *.fbcdn.net *.tripadvisor.com *.vercel-insights.com vitals.vercel-insights.com *.adroll.com *.divers1.com io.clickguard.com *.acuityplatform.com *.affirm.com pixel.admedia.com *.truevaultcdn.com; font-src https: 'self' data: fonts.gstatic.com *.google.com *.googleapis.com *.googleadservices.com *.bigcommerce.com *.gorgias.chat *.ingest.sentry.io api.segment.io *.doubleclick.net *.youtube.com *.googletagmanager.com *.bolt.com prismic-io.s3.amazonaws.com *.google-analytics.com *.attn.tv *.acsbapp.com polyfill.io *.prismic.io *.klaviyo.com *.hotjar.com *.hotjar.io *.bing.com stamped.io *.algolia.net *.algolianet.com *.algolia.io insights.algolia.io *.pinimg.com *.clarity.ms *.attentivemobile.com *.pinterest.com *.facebook.com *.facebook.net *.bugsnag.com *.elfsight.com *.googleusercontent.com *.fbcdn.net *.tripadvisor.com *.vercel-insights.com vitals.vercel-insights.com *.adroll.com *.divers1.com io.clickguard.com *.acuityplatform.com *.affirm.com pixel.admedia.com *.truevaultcdn.com; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data:; media-src 'self'; frame-src 'self' https://*.healthlogic.com blob: data:; font-src 'self' ; connect-src 'self' https://*.healthlogic.com; worker-src blob:; 1
frame-ancestors 'self' https://timetosignup.com https://www.timetosignup.com; 1
default-src https: data: 'unsafe-inline' 'self' ;script-src 'unsafe-inline' 'unsafe-eval' 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data: fonts.gstatic.com; 1
frame-ancestors 'self' http://mmsstgex.milk.org http://mmsqa-web01.milk.org:8000 http://onscrspwsdev01.milk.org:8000 https://ontario.milk.org http://ontario.milk.org http://staging.local.milk.org https://milk2b.sorger.co; 1
default-src 'self' data: 'unsafe-inline' *.nkolay.com *.efilli.com *.aktifbank.com.tr *.youtube.com *.doubleclick.net *.google.com.tr *.googleoptimize.com *.google.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-eval'  'unsafe-inline' *.nkolay.com *.youtube.com *.efilli.com *.google-analytics.com *.googleoptimize.com *.hotjar.com *.google.com.tr *.google.com *.gstatic.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.hotjar.com *.nkolay.com *.googleoptimize.com *.googleapis.com 1
connect-src api.hubapi.com api.hubspot.com cta-service-cms2.hubspot.com forms.hscollectedforms.net px.ads.linkedin.com snid.snitcher.com w.clarity.ms www.google-analytics.com bat.bing.com content.hotjar.io forms.hsforms.com js.hs-banner.com region1.google-analytics.com v.clarity.ms ws.zoominfo.com wss://ws.hotjar.com 'self' adservice.google.com data: www.facebook.com x.clarity.ms yoast.com metrics.hotjar.io j.clarity.ms q.clarity.ms r.clarity.ms vc.hotjar.io y.clarity.ms z.clarity.ms 1531320666.rsc.cdn77.org a.clarity.ms b.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms h.clarity.ms hubspot-forms-static-embed.s3.amazonaws.com i.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms my.yoast.com n.clarity.ms o.clarity.ms p.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms; font-src 'self' data: fonts.gstatic.com; img-src 'self' bat.bing.com data: forms-na1.hsforms.com forms.hsforms.com perf-na1.hsforms.com px.ads.linkedin.com track.hubspot.com www.facebook.com www.google.co.il www.google.com analytics.twitter.com t.co tr-rc.lfeeder.com www.google.co.uk adservice.google.com www.google-analytics.com ps.w.org s.w.org secure.gravatar.com c.clarity.ms cyberintdev.wpengine.com i.ytimg.com no-cache.hubspot.com blob: c.bing.com cdn.honey.io fonts.gstatic.com region1.google-analytics.com translate.google.com www.google.az www.google.bg www.google.ca www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.com.au www.google.com.ec www.google.com.eg www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.hu www.google.it www.google.mk www.google.mu www.google.no www.google.pl www.google.ro www.google.se www.google.tm www.googletagmanager.com perf.hsforms.com www.google.ae www.google.at www.google.com.bh www.google.com.pk www.google.dk www.google.lk www.google.nl www.google.ru www.google.ch www.google.com.bd www.google.com.gh www.google.com.kw www.google.com.mt www.google.cz www.google.hr; script-src-elem 'self' 'unsafe-inline' bat.bing.com connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hsforms.net sc.lfeeder.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.clarity.ms www.googletagmanager.com cdn.jsdelivr.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hubspot.com js.usemessages.com script.hotjar.com snid.snitcher.com ws.zoominfo.com www.google-analytics.com cdnjs.cloudflare.com js.hs-scripts.com www.google.com www.gstatic.com www.comeet.co www.youtube.com app.hubspot.com yoast.com cta-service-cms2.hubspot.com js.hscta.net; script-src 'unsafe-eval' 'self' js.hsforms.net 'unsafe-inline' bat.bing.com cdn.jsdelivr.net connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hubspot.com js.usemessages.com sc.lfeeder.com script.hotjar.com snap.licdn.com snid.snitcher.com static.ads-twitter.com static.hotjar.com wasm-eval ws.zoominfo.com www.clarity.ms www.comeet.co www.google-analytics.com www.googletagmanager.com www.youtube.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com wowjs.uk cdn.honey.io; frame-src app.hubspot.com td.doubleclick.net forms.hsforms.com static.hsappstatic.net player.vimeo.com www.google.com www.comeet.co www.youtube-nocookie.com www.youtube.com maxblockpage.service.anz www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com; form-action forms.hsforms.com 'self'; worker-src blob: 'self'; script-src-attr 'unsafe-inline'; child-src app.hubspot.com www.comeet.co www.youtube.com; default-src 'self' 'unsafe-inline' adservice.google.com analytics.twitter.com api.hubspot.com app.hubspot.com b.clarity.ms bat.bing.com c.clarity.ms cdn.jsdelivr.net connect.facebook.net content.hotjar.io cta-service-cms2.hubspot.com data: fonts.googleapis.com fonts.gstatic.com forms-na1.hsforms.com forms.hscollectedforms.net forms.hsforms.com googleads.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hubspot.com js.usemessages.com no-cache.hubspot.com perf-na1.hsforms.com px.ads.linkedin.com region1.google-analytics.com sc.lfeeder.com script.hotjar.com secure.gravatar.com snap.licdn.com snid.snitcher.com static.ads-twitter.com static.hotjar.com t.clarity.ms t.co tr-rc.lfeeder.com track.hubspot.com vc.hotjar.io ws.zoominfo.com wss://ws.hotjar.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.google.ie www.google.tm www.googletagmanager.com z.clarity.ms; media-src data: 1
frame-ancestors 'self' https://www.facebook.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTA5LDE3OCwyMjEsNDQsMTI4LDE0OSwxNTgsNzE=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
default-src 'none'; connect-src 'self' *.geraspora.de embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' *.geraspora.de platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline' 'nonce-DMNfV9/xBIEygkucwjYiEBNhWts3m5b7MruDJgAQnC0='; style-src 'self' 'unsafe-inline' *.geraspora.de platform.twitter.com *.twimg.com 1
default-src 'self' *.wilshire.com *.webflow.com info.wilshire.com webflow.com www.webflow.io webflow.io player.vimeo.com cdn.embedly.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net cdn.finsweet.com ajax.googleapis.com www.googletagmanager.com *.cloudfront.net *.wilshire.com www.google-analytics.com googleads.g.doubleclick.net pi.pardot.com assets.website-files.com assets-global.website-files.com; connect-src 'self' *.s3.amazonaws.com api.embed.ly s3.amazonaws.com wss://realtime.webflow.com *.wilshire.com *.webflow.com webflow.com webflow.io assets-global.website-files.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net *.bugsnag.com; img-src data: 'self' blob: data: *.webflow.com *.gravatar.com assets-global.website-files.com *.cloudfront.net i.vimeocdn.com stats.g.doubleclick.net www.google.com www.google-analytics.com stats.g.doubleclick.net; font-src data: 'self' fonts.gstatic.com assets-global.website-files.com assets.website-files.com *.cloudfront.net; style-src 'self' 'unsafe-inline' assets.website-files.com assets-global.website-files.com fonts.googleapis.com *.cloudfront.net;base-uri 'self'; frame-ancestors 'self' *.webflow.com *.webflow.io webflow.com webflow.io 1
frame-ancestors https://hwtreasurymanager.com 1
style-src 'self' 'unsafe-inline' 'unsafe-eval' cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com zencdn.net *.zencdn.net cdn.jsdelivr.net googleapis.com *.googleapis.com bootstrapcdn.com *.bootstrapcdn.com datatables.net *.datatables.net *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com zencdn.net *.zencdn.net cdn.jsdelivr.net https://harvesthq.github.io/chosen/chosen.jquery.js googleapis.com *.googleapis.com googleadservices.com *.googleadservices.com ipay88.com.kh *.ipay88.com.kh doubleclick.net *.doubleclick.net facebook.net *.facebook.net yellowmessenger.com *.yellowmessenger.com googletagmanager.com *.googletagmanager.com licdn.com *.licdn.com tiktok.com *.tiktok.com bootstrapcdn.com *.bootstrapcdn.com datatables.net *.datatables.net *.youtube.com ssl-avd.innity.net https://avd.innity.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://checkout.payway.com.kh/plugins/checkout2-0.js https://checkout.payway.com.kh/plugins/cupertino-pane.js *.payway.com.kh https://harvesthq.github.io/chosen/chosen.jquery.js https://checkout.payway.com.kh/plugins/checkout.prod.js https://code.jquery.com/jquery-3.5.1.js https://avd.innity.net https://www.youtube.com; 1
default-src 'self' http://www.youtube.com;style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google.ru http://google.ru https://google.com http://google.com https://*.google.ru http://*.google.ru https://*.google.com http://*.google.com https://*.googletagservices.com http://*.googletagservices.com http://*.googleadservices.com https://*.googleadservices.com http://a1.vdna-assets.com http://*.googlesyndication.com https://*.googlesyndication.com https://googleapis.com http://googleapis.com https://*.googleapis.com http://*.googleapis.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com https://yandex.ru https://yandex.net http://yandex.ru http://yandex.net https://*.yandex.ru https://*.yandex.net http://*.yandex.ru http://*.yandex.net https://yastatic.net http://yastatic.net https://*.yastatic.net http://*.yastatic.net http://rambler.ru https://rambler.ru http://*.rambler.ru https://*.rambler.ru https://vk.com http://vk.com http://*.zozoter.ru http://*.astro7.ru https://*.zozoter.ru https://*.astro7.ru https://*.vk.com http://*.vk.com https://*.facebook.com http://lc2ads.ru http://ladycash.ru http://faggrim.com http://*.lc2ads.ru http://*.ladycash.ru http://*.faggrim.com http://*.m2corp.ru http://*.pluso.ru http://*.kitbit.net http://*.insigit.com http://*.openstat.net http://*.zatexta.com http://*.addthis.com http://*.yandex.st http://*.facebook.net http://*.twitter.com http://*.userapi.com https://*.yandex.st https://*.facebook.net https://*.twitter.com https://*.userapi.com https://*.github.com https://*.githubusercontent.com http://*.disqus.com/ https://*.gstatic.com http://*.disquscdn.com http://*.lcads.ru http://*.teaser.cc http://*.goroskop.ru https://*.syndication.twimg.com http://*.syndication.twimg.com https://*.goroskop.ru http://goroskop.ru/ http://*.yandex.st/jquery/1.7.1/jquery.min.js http://*.lcads.ru http://*.ladycoin.ru http://*.poketall.ru http://*.cashandfavor.ru https://*.cashandfavor.ru http://*.purecash.ru https://*.busyprice.ru http://*.busyprice.ru http://*.servemoney.ru http://*.levelpay.ru http://*.goodkind.ru http://*.purecapital.ru http://*.cashheaven.ru http://*.payandpray.ru https://*.moneytrap.ru http://*.moneytrap.ru http://*.pandre10.ru https://*.onthe.io http://*.leadiacloud.com https://*.leadiacloud.com https://api.cloudleadia.com http://api.cloudleadia.com http://*.criteo.com/ http://xlog.info http://*.vn-chk123.com/ http://*.users-api.com http://st.ad.smaclick.com https://st.ad.smaclick.com http://*.vn-chk777.com/ http://*.ads1-adnow.com http://*.user-api.com http://*.user-api.com http://*.criteo.com https://*.users-api.com https://xlog.info https://*.vn-chk123.com http://*.users-api.com  http://xlog.info http://*.vn-chk123.com https://securepubads.g.doubleclick.net securepubads.g.doubleclick.net http://*.cdn1now.com https://*.cdn1now.com http://cdn1now.com https://cdn1now.com http://*.cdn2now.com https://*.cdn2now.com http://cdn2now.com https://cdn2now.com http://*.cdn3now.com https://*.cdn3now.com http://cdn3now.com https://cdn3now.com http://*.cdn4now.com https://*.cdn4now.com http://cdn4now.com https://cdn45now.com http://*.cdn5now.com https://*.cdn5now.com http://cdn5now.com https://cdn5now.com http://*.cdn6now.com https://*.cdn6now.com http://cdn6now.com https://cdn6now.com http://*.cdn7now.com https://*.cdn7now.com http://cdn7now.com https://cdn7now.com http://*.cdn8now.com https://*.cdn8now.com http://cdn8now.com https://cdn8now.com http://*.cdn9now.com https://*.cdn9now.com http://cdn9now.com https://cdn9now.com http://*.cdn10now.com https://*.cdn10now.com http://cdn10now.com https://cdn10now.com https://dlogs.info dlogs.info https://n.wondaver.com wondaver.com https://st-n.wondaver.com http://*.videonow.ru https://*.videonow.ru http://videonow.ru https://videonow.ru https://static.videonow.ru https://static.videonow.ru http://static.videonow.ru https://static.videonow.ru https://jsc.adskeeper.com jsc.adskeeper.com https://servicer.adskeeper.com https://cm.adskeeper.com https://cm.adskeeper.com https://s0.2mdn.net https://jsc.adskeeper.com 1
default-src 'self' https://recognitionwall.mcfapps.com https://www.google-analytics.com/j/;  style-src 'unsafe-inline' 'self' https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com/bootstrap/; script-src 'unsafe-inline' 'unsafe-eval'  'self' https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://recognitionwall.mcfapps.com https://code.jquery.com https://code.jquery.com/jquery-3.2.1.slim.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/bootstrap.min.js https://www.google-analytics.com/analytics.js  https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/j/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://ajax.googleapis.com/ajax/; frame-src 'self';frame-ancestors 'self'; worker-src 'self'; img-src 'self' data: https://avya.giftnetonline.com https://avaya.giftnetonline.com https://www.mcfapps.com www.google-analytics.com https://recognitionwall.mcfapps.com; media-src 'self' https://recognitionwall.mcfapps.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.fontawesome.com/ https://unpkg.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://cdn.jsdelivr.net https://*.googleadservices.com https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net; 1
frame-ancestors 'self' https://*.facebook.com/; default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob: fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.google.com connect.facebook.net www.facebook.com www.google.de www.googleadservices.com i.vimeocdn.com player.vimeo.com img.youtube.com i.ytimg.com www.youtube-nocookie.com www.youtube.com www.gstatic.com cx.atdmt.com browser-update.org www.google.ie cookiehub.net *.google.com *.outbrain.com embed.api.video *.cookiehub.com *.cookiehub.eu *.cookiehub.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.googlesyndication.com snap.licdn.com analytics.tiktok.com *.fraud0.com eu.b2c.com *.google.it *.google.hr *.google.hu *.google.pl *.google.si *.google.ua cdn.linkedin.oribi.io *.linkedin.com https://api.friendlycaptcha.com fonts.loli.net gstatic.loli.net 1
frame-ancestors http://www.ironplanet.com.au https://www.ironplanet.com.au 1
frame-ancestors 'self' https://*.lexus.ua https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88 https://toyota-test.crm4.dynamics.com https://toyota.crm4.dynamics.com; 1
connect-src 'self' fadelarc.net ws: wss: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net 1
frame-ancestors 'self' *.doubleclick.net *.googlesyndication.com; object-src 'none'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';               script-src * data: blob: 'unsafe-inline' 'unsafe-eval';               connect-src * data: blob: 'unsafe-inline';               img-src * data: blob: 'unsafe-inline';               frame-src * data: blob: ;               style-src * data: blob: 'unsafe-inline';              font-src * data: blob: 'unsafe-inline';              frame-ancestors * data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu *.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com *.instagram.com/embed.js http://www.googleadservices.com *.hotjar.com https://googleads.g.doubleclick.net *.adform.net https://cdn.jsdelivr.net https://analytics.tiktok.com https://snap.licdn.com https://unpkg.com https://s.pinimg.com *.shoppingminds.com *.shoppingminds.net; object-src 'self'; style-src 'self' 'unsafe-inline'  http://*.altijdlimburg.com http://*.visitlimburg.be cdn.visit-limburg.ddev.site https://fonts.gstatic.com *.googleapis.com https://api.easygis.eu *.cloudflare.com *.ogone.com *.google.com https://cdn.jsdelivr.net; img-src 'self' http://*.altijdlimburg.com http://*.visitlimburg.be cdn.visit-limburg.ddev.site  *.gstatic.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com *.google.com *.google.be *.googletagmanager.com https://server.seadform.net *.linkedin.com *.pinterest.com *.google.nl *.google.lu *.google.fr *.doubleclick.net *.ytimg.com docker.creative-serving.com; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be https://vlaanderenfietsland.azurewebsites.net *.vlaanderen-fietsland.be https://www.nodemapp.com *.instagram.com https://player.kinomap.com *.vimeo.com https://embed.maglr.com *.adform.net *.facebook.com https://*.pinterest.com; frame-ancestors 'self' https://brandedcontent.hln.be; child-src 'self'; font-src 'self' https://fonts.gstatic.com *.googleapis.com data: https://api.easygis.eu; connect-src 'self' http://*.altijdlimburg.com https://public.easygis.eu *.hotjar.com *.hotjar.io *.google-analytics.com https://analytics.tiktok.com *.g.doubleclick.net *.googleapis.com *.pinterest.com *.facebook.com *.google.com *.shoppingminds.net cdn.linkedin.oribi.io; report-uri /report-csp-violation 1
frame-src https://www.adhdfoundation.org.uk https://adhdfoundation.org.uk/ https://*.google.com https://*.youtube.com https://*.vimeo.com https://*.stripe.com https://outlook.office365.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com; 1
frame-ancestors https://www.ottogimall.co.kr 1
frame-ancestors 'self' https://hilfe.campz.at https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
style-src https://www.pciapply.com https://pciapply.com 'self' 'unsafe-inline';script-src https://www.pciapply.com https://pciapply.com https://vcc-na4.8x8.com https://vcc-na4b.8x8.com https://app.iscanonline.com https://api.twilio.com https://js-agent.newrelic.com https://bam.nr-data.net 'self' 'unsafe-eval' 'unsafe-inline';form-action 'self'; 1
connect-src 'none'; default-src 'none'; script-src 'none';                 style-src 'self' 'none'; font-src 'self' 'none'; img-src 'self' 'none'; frame-src 'self' 'none'; 1
frame-ancestors 'self'  https://yukoncollege.sharepoint.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://stats.wp.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://static.wiidatabase.de https://wiki.wiidatabase.de https://i0.wp.com https://i1.wp.com https://i2.wp.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://pixel.wp.com https://secure.gravatar.com; font-src 'self' data:; connect-src 'self'; media-src https://static.wiidatabase.de; frame-src https://www.youtube-nocookie.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'none'; manifest-src 'self' 1
connect-src 'self' esi.evetech.net www.google-analytics.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ajax.aspnetcdn.com www.gstatic.com ajax.googleapis.com cdn.datatables.net data: fonts.googleapis.com fonts.gstatic.com fuzzworkenterprises.disqus.com graph.facebook.com i2.wp.com image.eveonline.com s.w.org secure.gravatar.com ssl.google-analytics.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com; font-src data: 'self' fonts.gstatic.com; form-action 'self'; img-src 'self' www.google-analytics.com i2.wp.com ajax.aspnetcdn.com ajax.googleapis.com community.eveonline.com data: image.eveonline.com imageserver.eveonline.com stats.g.doubleclick.net www.gstatic.com cdn.datatables.net secure.gravatar.com s.w.org images.evetech.net *.wp.com; upgrade-insecure-requests 1
default-src 'self' ;     script-src 'self' 'unsafe-inline' 'unsafe-eval'     	yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com *.yandex.net verify.yandex.ru *.yadro.ru yadro.ru news.mediametrics.ru adriver.ru *.adriver.ru     	*.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com 	doubleclick.net *.doubleclick.net telegram.org t.me smi2.ru *.smi2.ru *.smi2.net stat.media cloudflare-static.com youtube.com *.youtube.com;     style-src 'self' 'unsafe-inline' 'unsafe-eval'     	yastatic.net *.adfox.ru *.yadro.ru yadro.ru news.mediametrics.ru adriver.ru *.adriver.ru         *.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net      	*.google-analytics.com google-analytics.com cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com ;     img-src 'self' data:     	*.yandex.net yastatic.net *.yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com *.yandex.com *.yadro.ru yadro.ru *.mediametrics.ru mediametrics.ru vk.com *.vk.com *.userapi.com *.mycdn.me adriver.ru *.adriver.ru     	*.google.com google.com *.googleapis.com *.gstatic.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com google-analytics.com *.weborama.fr     	cloudflare.com *.cloudflare.com cloudflareinsights.com *.cloudflareinsights.com bigwood.ru *.ytimg.com *.yr.no *.noaa.gov youtube.com *.youtube.com *.smi2.net smi2.ru *.smi2.ru *.smi2cdn.ru;     frame-src 'self' 	yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru rtsp.me *.rtsp.me murmansk-online.ru:8092 moidom.karelia.pro *.i-cam.pro 123streaming.ru yandex.st 	vk.com *.vk.com ok.ru *.ok.ru youtube.com *.youtube.com youtu.be *.youtu.be rutube.ru *.rutube.ru telegram.org t.me google.com *.google.com;     connect-src 'self' blob: yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com *.yandex.com *.moidom-stream.ru *.googleapis.com smi2.ru *.smi2.ru stat.media;     media-src 'self' yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com blob: data: http://www.camera.mels.ru;     font-src 'self' yastatic.net *.gstatic.com data:;     frame-ancestors 'self'; 1
script-src 'nonce-EmyELiPGYE9C08woMbPXqg==' *.ya.ru mc.yandex.com yastatic.net yandex.ru ya.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com ya.ru yabs.yandex.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: favicon.yandex.net avatars.mds.yandex.net blob: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1705974898628898-5789038225315367364-balancer-l7leveler-kubr-yp-vla-65-BAL-9631&h=stable-portal-mordago-275.sas.yp-c.yandex.net&yandexuid=8153673641705974898&&version=2024-01-19-465&adb=0;default-src yastatic.net yastat.net 'self';font-src yastatic.net 1
default-src 'self' https://*.mem.com; style-src 'self' 'unsafe-inline' https://*.mem.com https://*.addthis.com; style-src-elem 'self' 'unsafe-inline' http://*.addthis.com https://*.addthis.com; frame-src 'self' https://*.google.com http://*.addthis.com https://*.addthis.com; img-src 'self' data: https://*.mem.com http://*.mem.com https://*.cloudfront.net https://*.google-analytics.com https://*.addthiscdn.com https://*.addthis.com https://*.amazonaws.com https://*.googleapis.com https://*.paypalobjects.com https://*.paypal.com http://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mem.com https://*.addthis.com https://*.google.com https://*.aspnetcdn.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.newrelic.com https://*.jquery.com https://*.addthisedge.com https://*.moatads.com https://*.paypalobjects.com; connect-src 'self' https://*.nr-data.net https://*.google-analytics.com https://*.addthis.com https://*.paypal.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.mem.com https://*.addthis.com https://*.google.com https://*.aspnetcdn.com http://*.google-analytics.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.jquery.com https://*.moatads.com https://*.addthisedge.com https://*.geonames.net https://*.paypalobjects.com https://*.paypal.com; media-src 'self' http://*.cloudfront.net https://*.cloudfront.net https://*.amazonaws.com; manifest-src 'self' https://*.twitter.com; 1
frame-ancestors 'self' oco.prd.hach.orckestra.cloud easeebuy.cattech.com.au easeetrade.cattech.com.au *.ariba.com *.coupahost.com *.amwater.com *.chemtreat.com *.columbus.gov *.phoenix.gov:* *.niagarawater.com *.sciquest.com *.jaggaer.com *.punchoutcommerce.com punchoutcommerce.com *.aquiire.net; child-src *.marketo.com cdns.us1.gigya.com vars.hotjar.com www.youtube.com; connect-src 'self' *.qualtrics.com www.facebook.com cdn.linkedin.oribi.io *.clarity.ms *.bing.com *.hach.com *.braintree-api.com *.braintreegateway.com maps.googleapis.com account987456.containers.piwik.pro account987456.piwik.pro cdns.us1.gigya.com consent.trustarc.com *.mktoresp.com *.mktoutil.com api.mapbox.com events.mapbox.com in.hotjar.com ocscm.prd.hach.orckestra.cloud stats.g.doubleclick.net vc.hotjar.io ws3.hotjar.com ws5.hotjar.com wss://ws3.hotjar.com wss://ws5.hotjar.com www.google-analytics.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com dhwaterquality-prd-cdn.azureedge.net *.mktoresp.com *.marketo.com cdn.bizible.com cdn.bizibly.com cdns.us1.gigya.com code.jquery.com consent.truste.com fonts.googleapis.com fonts.gstatic.com hachprdimages.blob.core.windows.net images.hach.com images.otthydromet.com images.trojantechnologies.com in.hotjar.com maps.googleapis.com munchkin.marketo.net oco.prd.hach.orckestra.cloud s17-us2.startpage.com script.hotjar.com services.hach-lange.net static.hotjar.com stats.g.doubleclick.net vars.hotjar.com vc.hotjar.io www.google-analytics.com www.googletagmanager.com www.youtube.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com; font-src 'self' account987456.containers.piwik.pro dhwaterquality-prd-cdn.azureedge.net fonts.gstatic.com; frame-src 'self' podcasters.spotify.com anchor.fm www.facebook.com *.braintreegateway.com eig.az1.qualtrics.com consent.trustarc.com consent-pref.trustarc.com consent-or.trustarc.com *.marketo.com cdns.us1.gigya.com fast.wistia.net login.microsoftonline.com player.vimeo.com vars.hotjar.com viqua.com www.google.com www.youtube.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com account987456.containers.piwik.pro account987456.piwik.pro info.hach.com info.otthydromet.com info.trojanuv.com; img-src 'self' cdn.brandfolder.io p.adsymptotic.com www.facebook.com px.ads.linkedin.com *.clarity.ms *.bing.com *.hach.com account987456.containers.piwik.pro account987456.piwik.pro www.google.com consent.trustarc.com dhwaterquality-prd-cdn.azureedge.net cdn.bizible.com cdn.bizibly.com cdns.us1.gigya.com data: hachprdimages.blob.core.windows.net i.ytimg.com images.hach.com images.otthydromet.com images.trojantechnologies.com maps.google.com maps.googleapis.com maps.gstatic.com oco.prd.hach.orckestra.cloud www.google-analytics.com www.googletagmanager.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com cdn.bfldr.com assets2.brandfolder.io; media-src 'self' dhwaterquality-prd-cdn.azureedge.net; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com *.qualtrics.com hach-us.containers.piwik.pro snap.licdn.com connect.facebook.net *.clarity.ms *.bing.com *.braintreegateway.com googleads.g.doubleclick.net www.googleadservices.com consent.trustarc.com dhwaterquality-prd-cdn.azureedge.net ajax.googleapis.com api.tiles.mapbox.com *.marketo.com cdn.bizible.com cdn.pricespider.com cdns.us1.gigya.com code.jquery.com consent.truste.com locate.pricespider.com maps.googleapis.com munchkin.marketo.net script.hotjar.com static.hotjar.com www.google-analytics.com www.googletagmanager.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com account987456.containers.piwik.pro account987456.piwik.pro info.hach.com info.otthydromet.com info.trojanuv.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com *.qualtrics.com hach-us.containers.piwik.pro snap.licdn.com connect.facebook.net *.clarity.ms *.bing.com *.braintreegateway.com www.google.com consent.trustarc.com dhwaterquality-prd-cdn.azureedge.net *.marketo.com cdn.bizible.com cdns.us1.gigya.com code.jquery.com consent.truste.com maps.googleapis.com munchkin.marketo.net script.hotjar.com static.hotjar.com www.google-analytics.com www.googletagmanager.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com account987456.piwik.pro account987456.containers.piwik.pro; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' dhwaterquality-prd-cdn.azureedge.net api.tiles.mapbox.com *.marketo.com cdn.pricespider.com fonts.googleapis.com info.hach.com info.otthydromet.com info.trojanuv.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' info.hach.com dhwaterquality-prd-cdn.azureedge.net *.marketo.com fonts.googleapis.com account987456.containers.piwik.pro; worker-src blob: 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.fontawesome.com https://fonts.gstatic.com *.compassmerchantsolutions.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.compassmerchantsolutions.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.facebook.com *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net blob: https://capris.cr/media/wysiwyg/categoria_sin_imagen.png *.compassmerchantsolutions.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.capris.cr *.magentosite.cloud *.googleapis.com *.google-analytics.com *.googleadservices.com *.addtoany.com *.marketo.net *.botmaker.com *.facebook.net polyfill.io *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.googlesyndication.com *.compassmerchantsolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.fontawesome.com *.compassmerchantsolutions.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; media-src *.adobe.com *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net https://capris.cr/media/wysiwyg/categoria_sin_imagen.png *.compassmerchantsolutions.com 'self' 'unsafe-inline'; manifest-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: *.doubleclick.net *.googleapis.com *.google-analytics.com *.mktoresp.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ fonts.gstatic.com https://bam.nr-data.net http://dpm.demdex.net *.compassmerchantsolutions.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.compassmerchantsolutions.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://nordcloud.com https://*.nordcloud.com https://*.googletagmanager.com https://*.google.com https://*.hubspot.com https://*.vimeo.com https://*.facebook.com; base-uri 'self' https://nordcloud.com https://*.nordcloud.com; object-src 'none'; manifest-src 'self' https://nordcloud.com https://*.nordcloud.com; media-src 'self' https://nordcloud.com https://*.nordcloud.com; connect-src 'self' https://nordcloud.com https://*.nordcloud.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.doubleclick.net https://www.googleadservices.com https://ade.googlesyndication.com https://*.googletagmanager.com https://*.nr-data.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://*.facebook.com https://*.oribi.io https://*.hscollectedforms.net https://*.breezy.hr https://*.zoominfo.com https://*.vimeo.com https://*.googlesyndication.com https://*.openfpcdn.io https://*.clickcease.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.linkedin.com https://*.zi-scripts.com https://*.clickagy.com; frame-src 'self' https://nordcloud.com https://*.nordcloud.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.doubleclick.net https://www.googleadservices.com https://ade.googlesyndication.com https://*.googletagmanager.com https://*.nr-data.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://*.facebook.com https://*.oribi.io https://*.hscollectedforms.net https://*.breezy.hr https://*.zoominfo.com https://*.vimeo.com https://*.googlesyndication.com https://*.youtube.com https://*.spotify.com https://*.canva.com/ https://*.clickagy.com https://calendly.com; img-src 'self' data: https://nordcloud.com https://*.nordcloud.com https://nordcloud.dev https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hubspot.com https://*.doubleclick.net https://*.google.pl https://*.google.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.com https://*.linkedin.com https://*.cartocdn.com https://*.breezy.hr https://*.vimeo.com https://*.vimeocdn.com https://s.w.org https://t.co https://*.twitter.com https://*.facebook.net https://*.google.be https://*.google.nl https://*.tickettailor.com https://*.cdninstagram.com https://*.hubspotusercontent-eu1.net https://*.ytimg.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.fbcdn.net https://*.clickagy.com https://*.demdex.net https://*.openx.net https://*.rlcdn.com https://*.sitescout.com blob:; script-src 'self' https://nordcloud.com https://*.nordcloud.com https://*.hotjar.com https://*.google.com https://*.googletagmanager.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://www.googleadservices.com https://*.doubleclick.net https://*.gstatic.com https://*.pardot.com https://*.hsadspixel.net https://*.zoominfo.com https://*.clickcease.com https://*.licdn.com https://*.linkedin.com https://*.facebook.net https://*.nr-data.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://unpkg.com https://*.breezy.hr https://*.vimeo.com https://*.googlesyndication.com https://*.ads-twitter.com https://*.hsleadflows.net https://*.youtube.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.zi-scripts.com https://*.clickagy.com https://*.calendly.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://nordcloud.com https://*.nordcloud.com https://*.hotjar.com https://*.google.com https://*.googletagmanager.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://www.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://unpkg.com https://*.breezy.hr 'unsafe-inline'; font-src 'self' data: https://nordcloud.com https://*.nordcloud.com https://*.hotjar.com https://*.gstatic.com https://*.google.com; form-action 'self' https://nordcloud.com https://*.nordcloud.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.facebook.com 1
default-src 'none'; script-src 'self'; img-src 'self' https://compliance.conversations.im https://xmpp.net; style-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; 1
default-src 'self' blob:; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' blob: *; script-src 'self' 'unsafe-inline' blob: *; object-src 'self' blob: *; upgrade-insecure-requests; connect-src *; frame-src 'self' blob: data: * 1
connect-src 'self';img-src 'self';media-src 'self';object-src 'self'; 1
frame-ancestors https://bankofguam.com https://www.bankofguam.com https://*.oraclecloud.com 1
default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
font-src maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: *.tawk.to v2.zopim.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.pinterest.com *.facebook.com *.vendavalida.com.br shopline.itau.com.br *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io *.sunset.systems *.doubleclick.net *.google.com *.vendavalida.com.br api.sunset.system *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com https://www.magezon.com https://cdn.mundipagg.com https://api.pagar.me *.cloudflare.com *.ads-twitter.com t.co *.klarna.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.br *.googletagmanager.com *.ebit.com.br *.yourviews.com.br *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.yviews.com.br *.s3.amazonaws.com *.akamaihd.net *.facebook.com s3-sa-east-1.amazonaws.com conectiva.io *.getresponse360.pl s3.amazonaws.com *.pinterest.com *.mercadolibre.com *.clearsale.com.br *.tawk.to api.amedigital.com api.hml.amedigital.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com *.openpix.com.br *.jivosite.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com s7.addthis.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.yourviews.com.br *.yviews.com.br *.ebit.com.br *.google-analytics.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.cartstack.com.br *.hotjar.com *.hotjar.io *.newrelic.com conectiva.io *.nr-data.net *.gr-cdn-e.eu *.getresponse360.pl *.cloudflareinsights.com s3.amazonaws.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.tawk.to *.jsdelivr.net *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com *.mailclick.me *.jivosite.com *.clearsale.com.br *.tiktok.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.cloudflare.com *.ads-twitter.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yourviews.com.br *.yviews.com.br s3.amazonaws.com *.tawk.to *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com ekr.zdassets.com/ https://api.mundipagg.com https://api.pagar.me *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.paypal.com *.google-analytics.com analytics.google.com *.facebook.com *.yourviews.com.br *.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.yviews.com.br conectiva.io *.doubleclick.net *.performa.ai *.nr-data.net *.getresponse360.pl *.cloudflareinsights.com *.reclameaqui.com.br *.pinterest.com *.cartstack.com.br *.cartstack.com *.mercadolibre.com *.mercadolivre.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.datafrete.com.br *.tawk.to wss://*.tawk.to *.jivosite.com wss://*.jivosite.com *.mailclick.me *.tiktok.com *.stape.io *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src   'self' api.loaney.es tracker.loaney.es www.facebook.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com mc.yandex.ru mc.yandex.md mc.yandex.com *.taboola.com *.criteo.com patata.loaney.es; default-src   'self'; font-src   'self' fonts.googleapis.com fonts.gstatic.com; frame-src   api.loaney.es www.googletagmanager.com mc.yandex.ru mc.yandex.md mc.yandex.com www.facebook.com *.criteo.com *.unnax.com; img-src   'self' blob: data: api.loaney.es www.facebook.com misolvencia.es *.google-analytics.com *.google.com *.google.ru mc.yandex.ru mc.yandex.com patata.loaney.es ferrymill.zendesk.com www.gstatic.com www.googletagmanager.com *.zdusercontent.com *.quora.com *.taboola.com *.adxns.com *.microad.jp *.tapad.com *.smaato.net *.criteo.com *.adsrvr.org *.eu-central-1.amazonaws.com; report-uri   https://report-uri.loaney.es/csp-report; script-src   'self' 'unsafe-inline' *.google-analytics.com connect.facebook.net www.googletagmanager.com mc.yandex.ru mc.yandex.com *.taboola.com *.quora.com *.criteo.com *.criteo.net; style-src   'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self'; worker-src 'self' blob:; connect-src 'self' blob: nominatim.openstreetmap.org analytics.google.com *.analytics.google.com *.googleapis.com fonts.cdnfonts.com cdnjs.cloudflare.com *.tile.osm.org www.openstreetmap.org www.facebook.com *.gstatic.com youtube.com youtu.be *.youtube.com *.youtu.be *.facebook.net www.googletagmanager.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google.pl *.clarity.ms *.bing.com; script-src 'self' *.amazonaws.com *.facebook.net *.google.com *.gstatic.com www.googletagmanager.com www.google-analytics.com *.googleapis.com analytics.google.com *.analytics.google.com www.clarity.ms; script-src-elem 'self' blob: *.amazonaws.com *.google.com *.gstatic.com *.facebook.net www.googletagmanager.com 'sha256-0hvy9NOgYmDw0mojwuvBrWJlrQn8BHezGLo/ZB6JCxY=' analytics.google.com *.analytics.google.com www.google-analytics.com *.googleapis.com 'sha256-3hxpmlffsCViLn2hg1N6TeHz4l+7qwI5VXvxaxgFitM=' *.clarity.ms 'sha256-9kwNSYps1AhskL25h/HWiv6j8DO2iVjpGTO9LFw7tQU=' 'sha256-kStw+aYFcVXyhd0kuF4WoKBCvlpmFruHAF+oMCQvX30='; child-src 'self' carq.pl *.google.com youtube.com youtu.be *.youtube.com *.youtu.be www.facebook.com web.facebook.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.cdnfonts.com www.openstreetmap.org cdnjs.cloudflare.com; font-src 'self' *.gstatic.com *.googleapis.com fonts.cdnfonts.com data:; img-src 'self' data: blob: carq.pl *.tile.osm.org www.facebook.com analytics.google.com *.analytics.google.com www.google-analytics.com www.google.com www.google.pl *.gstatic.com *.clarity.ms *.bing.com *.googleapis.com; 1
frame-src 'self' *.paypal.com *.flipsnack.com www.google.com *.libsyn.com *.facebook.com *.facebook.net *.youtube.com *.braintreegateway.com 1
frame-ancestors 'self'  http://www.lux.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors 'self' https://geelongweb.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com twitter.com platform.twitter.com  maps.google.com twittercommunity.com www.google-analytics.com google-analytics.com www.googleadservices.com use.typekit.net www.googletagmanager.com ssl.google-analytics.com ajax.googleapis.com googleads.g.doubleclick.net use.edgefonts.net www.tripadvisor.com www.tripadvisor.com.au static.tacdn.com maps.googleapis.com; style-src 'unsafe-inline' 'self' use.typekit.net p.typekit.net platform.twitter.com ton.twimg.com use.edgefonts.net static.tacdn.com fonts.googleapis.com 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: ;, 1
default-src 'self' data: wss://chatbot.nis.rs/socket.io https://chatbot.nis.rs https://www.youtube.com https://www.airserbia.com https://www.google-analytics.com https://analytics.google.com https://secure.gravatar.com https://img.youtube.com https://yoast.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://chatbot.nis.rs; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chatbot.nis.rs; font-src 'self' data: wss://chatbot.nis.rs/socket.io https://fonts.gstatic.com; connect-src 'self' wss://chatbot.nis.rs/socket.io https://chatbot.nis.rs https://maps.googleapis.com/ https://analytics.google.com; 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 *.trustedshops.com *.typekit.net;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.juicer.io *.trustedshops.com www.dwin1.com bat.bing.com www.googleadservices.com googleads.g.doubleclick.net www.awin1.com *.sovendus.com https://ad4m.at https://api.bounce-commerce.de https://*.hotjar.com *.convertexperiments.com;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com *.juicer.io https://*.typekit.net/ *.trustedshops.com https://www.googletagmanager.com;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com *.juicer.io *.cdninstagram.com *.trustedshops.com www.facebook.com/ www.google.com bat.bing.com www.google.de www.awin1.com press-order-api.sovendus.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://as.ad4m.at https://r.adserver01.de https://ad11.adfarm1.adition.com https://adservice.google.com https://secure.adnxs.com  https://imagesrv.adition.com p.typekit.net https://cm.g.doubleclick.net https://ih.adscale.de https://rtb-csync.smartadserver.com https://simage2.pubmatic.com  https://dsum-sec.casalemedia.com https://a.twiago.com;  font-src 'self' data: use.typekit.net fonts.gstatic.com *.juicer.io *.trustedshops.com;  object-src 'self';  media-src 'self';  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com *.yumpu.com/ ad.ad-srv.net www.google.com www.awin1.com *.sovendus.com https://ad4m.at https://td.doubleclick.net https://www.yumpu.com/de/embed/view/Ie6r4gC08w93NhxV;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com https://www.facebook.com;  frame-ancestors 'self';  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com *.juicer.io *.trustedshops.com maps.googleapis.com stats.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com *.sovendus.com https://api.bounce-commerce.de https://*.hotjar.com https://metrics.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io *.convertexperiments.com; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob:; frame-ancestors * 'self'; report-uri https://acfranchise.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'unsafe-inline' 'self' checkout.stripe.com api.stripe.com js.stripe.com www.googletagmanager.com *.manycontacts.com d1cjvozex12ffa.cloudfront.net;  script-src-elem cdn.manycontacts.com d1cjvozex12ffa.cloudfront.net 'self' checkout.stripe.com js.stripe.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' *.manycontacts.com; connect-src 'self' region1.google-analytics.com *.manycontacts.com d1cjvozex12ffa.cloudfront.net; img-src 'self' www.google-analytics.com *.manycontacts.com cdn.manycontacts.com d1cjvozex12ffa.cloudfront.net data: www.googletagmanager.com *.ytimg.com;base-uri 'self';form-action 'self';font-src fonts.gstatic.com cdn.manycontacts.com d1cjvozex12ffa.cloudfront.net data:;style-src 'self' fonts.googleapis.com cdn.manycontacts.com d1cjvozex12ffa.cloudfront.net 'unsafe-inline';frame-src js.stripe.com app.overloop.com www.youtube.com www.youtube-nocookie.com; media-src 'self' cdn.manycontacts.com d1cjvozex12ffa.cloudfront.net 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.fuck.sc/csp-reports; report-to csp-endpoint 1
frame-ancestors 'self' homedna.com *.homedna.com 1
frame-ancestors 'self' https://gattaca-helix.my.salesforce.com/ 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stratis.fr matomo.blois.fr blois.fr dev.virtualearth.net; style-src 'self' 'unsafe-inline' stratis.fr matomo.blois.fr blois.fr; base-uri 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-4ec4a9489e2677965067f1f90621bc5f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src gnoccaforum.biz google.com 1
frame-ancestors 'self' http://www.philips.gr *.philips.com *.philips.gr https://philipsigtdpv.com 1
default-src 'none'; form-action 'self' 3dsecure.gpwebpay.com test.3dsecure.gpwebpay.com www.facebook.com; font-src 'self' data: fonts.gstatic.com script.hotjar.com *.optimonk.com; frame-ancestors 'self'; frame-src 'self' ehub.cz accounts.google.com *.doubleclick.net c.imedia.cz connect.facebook.net fbrpc://call staticxx.facebook.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.googletagmanager.com www.instagram.com www.youtube.com www.zbozi.cz www.paypal.com www.sandbox.paypal.com *.optimonk.com *.ceneo.pl studentenrabatt.com strava-embeds.com www.tiktok.com; manifest-src 'self'; img-src data: https: script.hotjar.com ssl.gstatic.com www.gstatic.com www.paypal.com www.sandbox.paypal.com *.google-analytics.com; media-src 'self' https:; script-src 'nonce-xZR+G04XJW8zmwrmkiScdg==' 'unsafe-inline' 'unsafe-eval' 'self' ehub.cz browser.sentry-cdn.com js.sentry-cdn.com connect.facebook.net d70shl7vidtft.cloudfront.net googleads.g.doubleclick.net im9.cz platform.instagram.com client.smartform.cz script.hotjar.com static.hotjar.com tpc.googlesyndication.com *.google-analytics.com *.analytics.google.com www.googleadservices.com www.googletagmanager.com www.instagram.com www.zbozi.cz tagmanager.google.com www.paypal.com www.sandbox.paypal.com *.smartlook.com *.smartlook.cloud *.optimonk.com *.bing.com https://accounts.google.com/gsi/client; script-src-attr 'unsafe-hashes'; style-src 'unsafe-inline' 'self' client.smartform.cz tagmanager.google.com fonts.googleapis.com www.paypal.com www.sandbox.paypal.com *.optimonk.com https://accounts.google.com/gsi/style; connect-src 'self' wss: ehub.cz *.hotjar.com:* *.hotjar.io:* api.instagram.com stats.g.doubleclick.net www.facebook.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com www.instagram.com *.sentry.io www.paypal.com www.sandbox.paypal.com analytics.tiktok.com *.smartlook.com *.smartlook.cloud *.optimonk.com *.clarity.ms *.bing.com *.luigisbox.com metrics.aktin.sk https://accounts.google.com/gsi/ api.mapy.cz; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; 1
base-uri 'self'; frame-ancestors 'none'; default-src 'self' *.112.2o7.net *.ads.linkedin.com *.google-analytics.com *.netcentric.biz *.spotify.com  598-xrj-385.mktoresp.com analytics.twitter.com api.liveux.cnwebperformance.biz api.smartrecruiters.com assets.adobedtm.com cdn.linkedin.oribi.io cdn.speedcurve.com cm.everesttech.net connect.facebook.net cookie-cdn.cookiepro.com dpm.demdex.net fast.wistia.net in.hotjar.com liveux.cnwebperformance.biz munchkin.marketo.net netcentric.demdex.net netcentricag.tt.omtrdc.net rum.hlx.page script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com stats.g.doubleclick.net t.co vars.hotjar.com vc.hotjar.io www.careers-page.com www.facebook.com www.google-analytics.com www.google.com www.google.de www.googletagmanager.com www.linkedin.com www.youtube.com https data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ https://pichincha-pe-portal.s3.amazonaws.com analytics.google.com *.hotjar.com wss://ws40.hotjar.com https://googleads.g.doubleclick.net wss://ws37.hotjar.com https://ws37.hotjar.com consentcdn.cookiebot.com wss://ws31.hotjar.com/ https://ws31.hotjar.com maps.googleapis.com zonasegurapichincha.pe pichincha.pe www.youtube.com www.google.com www.pichincha.pe in.hotjar.com vars.hotjar.com bid.g.doubleclick.net hn.inspectlet.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com connect.facebook.net www.google-analytics.com; script-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ v.clarity.ms www.clarity.ms https://api.ipify.org https://www.recaptcha.net consent.cookiebot.com consentcdn.cookiebot.com 'unsafe-inline' 'unsafe-eval' www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com maps.googleapis.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com script.hotjar.com static.hotjar.com detectca.easysol.net www.gstatic.com pichincha.pe imagenes.pichincha.pe www.googletagmanager.com www.google.com www.googleadservices.com googleads.g.doubleclick.net cdn.inspectlet.com hn.inspectlet.com www.facebook.com connect.facebook.net www.gstatic.com www.google-analytics.com ads.us.e-planning.net; style-src 'self' 'unsafe-inline' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ optimize.google.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src 'self' https://www.google.com.ec https://www.google.com https://maps.gstatic.com/ optimize.google.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com googleads.g.doubleclick.net detectca.easysol.net www.google-analytics.com www.financiero.pe www.facebook.com www.google.com.pe www.google.com ads.us.e-planning.net www.pichincha.pe cdn.jsdelivr.net www.googletagmanager.com ofertasfinanciero.pe data:; font-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; form-action 'self' www.facebook.com; base-uri 'self'; frame-src optimize.google.com www.google.com www.pichincha.pe https://www.youtube.com/ https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://www.recaptcha.net/; 1
default-src 'self' *.kampyle.com *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguardinvestor.co.uk *.vanguard.co.uk;base-uri 'self';font-src 'self' https: data: *.vanguard.com:* *.vgcontent.info:*;form-action 'self';frame-ancestors 'self';img-src 'self' data: vanguard.d2.sc.omtrdc.net *.amazon-adsystem.com www.facebook.com *.doubleclick.net www.google.com adservice.google.com *.ytimg.com *.llnw.net sjs.bizographics.com *.linkedin.com snap.licdn.com P.adsymptotic.com *.kampyle.com insight.adsrvr.org *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguard.co.uk *.vanguardinvestor.co.uk;object-src 'none';script-src 'self' 'unsafe-inline' *.vgdynamic.info connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.kampyle.com *.vanguard.com:* *.vgcontent.info:* corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com *.vanguardinvestor.co.uk cdn.botframework.com/botframework-webchat/latest/webchat.js;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' *.kampyle.com *.vanguard.com:* *.vgcontent.info:*;connect-src *.demdex.net vanguard.d2.sc.omtrdc.net *.tt.omtrdc.net *.kampyle.com *.medallia.com *.medallia.eu *.vanguard.com *.vanguard.co.uk static.vgcontent.info cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com corp-pmj.webt.vanguard.com corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com corp.etm.testassets.vgdynamic.info corp.etm.assets.vgdynamic.info corp.at2.assets.vgdynamic.info 'self' *.vanguardinvestor.co.uk *.vanguardinvestor.com directline.botframework.com;frame-src *.demdex.net *.youtube.com *.limelight.com 'self' *.vanguard.com *.kampyle.com insight.adsrvr.org vanguard-pf-git-vgpf-prod-raindrop-tech.vercel.app vanguard-pf-git-vgpf-dev-raindrop-tech.vercel.app;media-src;upgrade-insecure-requests 1
default-src 'self' *.wildentity.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.wildentity.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' 1
frame-ancestors www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca halifaxpubliclibraries.ca *.halifaxpubliclibraries.ca halifax.bibliocms.com *.halifax.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca halifaxpubliclibraries.ca *.halifaxpubliclibraries.ca halifax.bibliocms.com *.halifax.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.addthisedge.com *.googletagservices.com js-agent.newrelic.com service.force.com *.addthis.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com sealserver.trustkeeper.net *.cloudfront.net ajax.aspnetcdn.com cdn.speedcurve.com *.stripe.com *.salesforce.com connect.facebook.com salesforceliveagent.com *.googleadservices.com www.google-analytics.com athletereg.us12.list-manage.com cdn.jsdelivr.net *.addthis.com js.hscollectedforms.net adservice.google.com metarouter-ajs-next-destinations-stage.s3.amazonaws.com es.pinkbike.org *.vercel.com cdn-prod.securiti.ai *.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com service.force.com *.gstatic.com *.cloudfront.net athletereg.my.salesforce.com cdn.jsdelivr.net *.fontawesome.com *.braintreegateway.com *.vercel.com cdn-prod.securiti.ai *.bikereg.com; img-src 'self' data: https: http://www.millenniumrunning.com; connect-src 'self' *.athletereg.com *.hubspot.com *.addthis.com *.braintree-api.com *.facebook.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.trailforks.com *.googlesyndication.com *.hubapi.com *.outsideapi.com outsideapi.com *.rivt.com api.amplitude.com *.googleapis.com *.cloudfront.net	*.nr-data.net *.braintreegateway.com *.gstatic.com *.hsforms.com *.googletagmanager.com use.fontawesome.com js.hs-banner.com *.google.com forms.hscollectedforms.net app.securiti.ai cdn-prod.securiti.ai *.browser-intake-datadoghq.com *.SkiReg.com; font-src 'self' data: fonts.gstatic.com *.typekit.net *.sfdcstatic.com use.fontawesome.com static2.sharepointonline.com rwgps-embeds.com *.millenniumrunning.com netdna.bootstrapcdn.com *.braintreegateway.com app.securiti.ai cdn-prod.securiti.ai; frame-ancestors 'self' *.athletereg.com *.bikereg.com *.runreg.com *.trireg.com *.skireg.com *.plegereg.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.outsideonline.com outsideonline.com service.force.com platform.twitter.com *.addthis.com *.salesforce.com *.braintreegateway.com *.trailforks.com/; form-action 'self' *.paypal.com *.pledgereg.com *.facebook.com *.strava.com *.salesforce.com; base-uri 'self'; object-src 'self'; report-uri https://api.athletereg.com/ErrorReport/cspViolation; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com code.etracker.com www.etracker.de https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://web5.deskline.net/dwutility.js https://resc.deskline.net/DW5/start/KLEVE/eb623e90-4266-4ef2-bc0c-f5838fddeca1/index.js https://resc.deskline.net/DW5/dw-utility.js https://resc.deskline.net/DW5/tag-loader.js https://static.b-ite.com/jobs-api/loader-v1/api-loader-v1.min.js https://cs-assets.b-ite.com/stadt-kleve/jobs-api/main-listing.min.js https://static.b-ite.com/jobs-api/v5/api-v5.min.js https://maps.niederrhein-tourismus.de/de/embed/58830914/js https://maps.niederrhein-tourismus.de/de/embed/53067774/js https://maps.niederrhein-tourismus.de/de/embed/53303156/js https://maps.niederrhein-tourismus.de/de/embed/53275986/js https://maps.niederrhein-tourismus.de/de/embed/67295624/js https://maps.niederrhein-tourismus.de/de/embed/53302785/js https://maps.niederrhein-tourismus.de/de/embed/53279420/js https://resc.deskline.net https://cdnjs.cloudflare.com https://pay.datatrans.com https://js.stripe.com/v3/ https://web5.deskline.net/ https://static.b-ite.com/job-alert/v1/job-alert-v1.min.js https://www.gstatic.com/ https://beteiligung.nrw.de/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com/ https://resc.deskline.net/DW5/vendor.js https://resc.deskline.net/DW5/tags/kleve/eb623e90-4266-4ef2-bc0c-f5838fddeca1/tagcontext.js https://resc.deskline.net/DW5/i18n/locale.de-de.js https://resc.deskline.net/DW5/tag-loader.js https://resc.deskline.net/DW5/fonts https://resc.deskline.net/DW5/design/aaf63de1-df30-4b99-8f77-4ee3eb8c9e81/desklineweb/styles.css https://resc.deskline.net/DW5/design/aaf63de1-df30-4b99-8f77-4ee3eb8c9e81/desklineweb/styles.css.map https://www.gstatic.com/ http://translate.google.com/ https://cdn.jsdelivr.net 1
*://www.f1-consult.com:* 1
frame-src * https://*.hotjar.com https://*.hcaptcha.com renderer.gist.build code.gist.build; default-src none 'self'; script-src 'self' blob: 'report-sample' 'unsafe-inline' https://*.googletagmanager.com https://apis.google.com https://mc.yandex.ru https://mc.yandex.com https://*.hotjar.com https://*.firebasedatabase.app wss://*.firebasedatabase.app https://hexnio-help.freshchat.com https://*.hcaptcha.com https://pay.itez.com https://js.userflow.com wss://*.userflow.com https://sentry.hexn.io/api/embed/error-page/ https://accounts.google.com/gsi/ https://cdn.onesignal.com/ https://onesignal.com/ assets.customer.io code.gist.build eu.customerioforms.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' blob: 'report-sample' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com https://*.hotjar.com https://hexnio-help.freshchat.com https://*.hcaptcha.com https://*.userflow.com https://accounts.google.com/gsi/ https://onesignal.com/ code.gist.build 'unsafe-inline'; worker-src 'self' blob:; connect-src 'self' blob: https://*.hexn.io wss://*.hexn.io https://*.googleapis.com https://*.google-analytics.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.firebasedatabase.app wss://*.firebasedatabase.app https://hexnio-help.freshchat.com https://*.hcaptcha.com wss://*.userflow.com https://accounts.google.com/gsi/ localhost:* https://explorer-api.walletconnect.com wss://relay.walletconnect.com https://rpc.walletconnect.com https://cdn.onesignal.com/ https://onesignal.com/ track-eu.customer.io eu.customerioforms.com *.api.gist.build *.cloud.gist.build; object-src 'none'; child-src 'self'; img-src 'self' blob: data: https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3.eu-central-1.amazonaws.com/public.hexn.io/ https://*.hexn.io https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://mc.yandex.ru https://mc.yandex.com https://yastatic.net https://*.hotjar.com https://*.userflow.com https://translate.google.com https://explorer-api.walletconnect.com track-eu.customer.io; font-src data: 'self' https://*.gstatic.com https://*.googleapis.com https://*.hotjar.com localhost:*; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://sentry.hexn.io/api/2/security/?sentry_key=f4bb5ccf5ac8412a8088f9f1584e90fe 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com static.ctctcdn.com *.youtube.com cdnjs.cloudflare.com *.liveperson.net *.gstatic.com *.lpsnmedia.net; font-src 'self' *.googleapis.com *.gstatic.com *.abcwua.org;  1
default-src 'none'; script-src 'self' https://analytics.benkel.org; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.benkel.org; font-src 'self'; frame-src 'self'; img-src 'self' https://analytics.benkel.org; manifest-src 'self'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' https: wss: *.fontawesome.com *.tawk.to *.googletagmanager.com *.google-analytics.com *.facebook.com; font-src 'self' https: data:; img-src 'self' https: data: *.google-analytics.com *.facebook.com; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' data: https://*.pandalab.fr; script-src 'self' 'unsafe-inline' 'wasm-eval' https://*.pandalab.fr; connect-src 'self' blob: https://*.pandalab.fr:* wss://*.pandalab.fr; img-src 'self' blob: data: https://*.pandalab.fr; style-src 'self' 'unsafe-inline' ; font-src 'self' data: ; object-src blob:; child-src blob: https://*.pandalab.fr; frame-ancestors 'none'; report-uri https://balancer.pandalab.fr/reporting/csp/; report-to csp 1
frame-ancestors 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com *.googleapis.com *.googletagmanager.com *.google.com www.google.com google.com *.google.co.nz gstatic.com www.gstatic.com *.facebook.com facebook.com connect.facebook.net youtube.com *.youtube.com vimeo.com *.vimeo.com s.ytimg.com 1
frame-ancestors 'self' https://www.mpigeneralionline.com https://www.mpigenerali.com; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 'unsafe-inline' 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' *.facebook.com ttcircuit.us3.list-manage.com; frame-ancestors 'self'; img-src 'self' data: blob: res.cloudinary.com ttcircuit.com www.ttcircuit.com tt-assen-frontend.onrender.com *.vimeocdn.com *.facebook.com *.licdn.com *.ads.linkedin.com *.iubenda.com www.google.nl www.google.com www.googletagmanager.com www.google-analytics.com *.youtube.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com recaptcha.net vimeo.com player.vimeo.com fresnel.vimeocdn.com *.hotjar.com *.facebook.net *.facebook.com snap.licdn.com *.ads.linkedin.com *.iubenda.com googleads.g.doubleclick.net; upgrade-insecure-requests; frame-src 'self' vimeo.com player.vimeo.com recaptcha.net *.vimeocdn.com *.facebook.com *.iubenda.com td.doubleclick.net *.youtube.com 1
default-src 'self' 'unsafe-inline' *.targetfurniture.co.nz chatfast.io *.algolia.net *.algolianet.com *.hexa3d.io *.h3dstaging.com *.cdnfonts.com data: *.google.co.nz *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.targetfurniture.co.nz *.facebook.com *.facebook.net *.emarsys.net *.tiktok.com *.pinimg.com *.pagesense.io *.formito.com staticcdn.co.nz *.scarabresearch.com *.hexa3d.io *.h3dstaging.com blob: *.google.co.nz *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net; img-src 'self' *.targetfurniture.co.nz *.algolia.net *.algolianet.com *.cloudfront.net *.formito.com shielded.co.nz staticcdn.co.nz *.emarsys.net *.tiktok.com imgfly.scarabresearch.com *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.hexa3d.io *.h3dstaging.com *.azureedge.net *.pinterest.com data: blob: *.google.co.nz *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.targetfurniture.co.nz *.facebook.com *.facebook.net *.fontawesome.com *.bootstrapcdn.com *.jquery.com *.w3.org *.cdnfonts.com *.google.co.nz *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; child-src 'self' 'unsafe-inline' *.targetfurniture.co.nz *.issuu.com *.h3dstaging.com *.alt-payment.com chatfast.io *.chatfast.io *.pinterest.com blob: data: *.google.co.nz *.google.com *.doubleclick.net *.youtube.com *.facebook.com *.formito.com staticcdn.co.nz; media-src *.targetfurniture.co.nz *.instagram.com *.cdninstagram.com; connect-src 'self' 'unsafe-inline' *.targetfurniture.co.nz *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.facebook.com *.scarabresearch.com *.googlesyndication.com *.zoho.com *.zoho.com.au *.hexa3d.io *.h3dstaging.com *.azureedge.net *.emarsys.net *.tiktok.com *.pinterest.com data: blob: gtm-mkkvtwfx-nzjhy.uc.r.appspot.com; 1
default-src 'none'; style-src 'self'; media-src 'self'; img-src 'self'; font-src 'self';frame-ancestors 'none';base-uri 'none';form-action 'none'; 1
default-src 'self' https://*.ddyun.com http://*.ddyun.com https://*.meiqia.com 'unsafe-inline';connect-src 'self' https://*.meiqia.com wss://*.meiqia.com https://*.baidu.com;script-src 'unsafe-eval' 'unsafe-inline' https://*.meiqia.com https://*.bdstatic.com https://*.ddyun.com https://*.baidu.com http://*.baidu.com;img-src 'self' https://aqyzmedia.yunaq.com https://*.baidu.com https://*.ddyun.com http://*.ddyun.com https://*.meiqiausercontent.com https://*.meiqia.com data: base64;font-src https://at.alicdn.com;form-action 'self';base-uri 'self';object-src 'none';frame-ancestors https://*.ddyun.com; 1
default-src 'none'; font-src 'self' *.fontawesome.com; img-src 'self' *.unsplash.com; style-src 'self' *.fontawesome.com; frame-ancestors 'self'; script-src 'strict-dynamic' 'nonce-devopsDad2021'; form-action 'self'; base-uri 'none'; object-src 'none' 1
default-src 'self' https://*.clarity.ms https://*.bing.com cdnjs.cloudflare.com www.youtube-nocookie.com fonts.googleapis.com td.doubleclick.net googletagmanager.com kuula.co storage.googleapis.com www.google.com www.gstatic.com connect.facebook.net www.youtube.com www.facebook.com forms.hsforms.com wordpress.org blob:; img-src 'self' data: https://*.bing.com https://*.clarity.ms www.google.co.id wpml.org bat.bing.com toolset.com ps.w.org s.w.org i.ytimg.com bat.bing.com api.singpass.gov.sg www.onemap.gov.sg secure.gravatar.com www.google-analytics.com kuula.co s3-ap-southeast-1.amazonaws.com www.facebook.com www.googletagmanager.com secure.adnxs.com fonts.gstatic.com insight.adsrvr.org www.google.com www.google.com.sg www.google.co.in cm.g.doubleclick.net ad.doubleclick.net adservice.google.com ib.adnxs.com no-cache.hubspot.com track.hubspot.com forms.hsforms.com ups.analytics.yahoo.com perf.hsforms.com exceptions.hs-embed-reporting.com static.hsappstatic.net forms-na1.hsforms.com storage.googleapis.com; connect-src 'self' https://*.clarity.ms bat.bing.com www.onemap.gov.sg www.facebook.com developers.onemap.sg yoast.com my.yoast.com kuula.co www.google-analytics.com stats.g.doubleclick.net forms.hubspot.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com api.hsforms.com msportal-api.ntucfirstcampus.com msportal-api-dev.ntucfirstcampus.com; font-src 'self' p.typekit.net use.typekit.net fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com www.clarity.ms yoast.com cdnjs.cloudflare.com bat.bing.com td.doubleclick.net googleads.g.doubleclick.net unpkg.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.google.com seedinstitute.us18.list-manage.com www.gstatic.com  https://connect.facebook.net/ js.adsrvr.org acdn.adnxs.com js.hs-scripts.com js.hscta.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hsforms.net blob:;style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net cdnjs.cloudflare.com fonts.googleapis.com www.googletagmanager.com www.clarity.ms; frame-ancestors 'self' https://*; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'none'; object-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; reflected-xss block; referrer no-referrer; 1
form-action 'self' *.list-manage.com *.mollie.com *.facebook.com; 1
frame-ancestors 'self' https://staging-app.wowfamily.de https://app.wowfamily.de; script-src 'nonce-IirVN9RhDNMldaV+CeV2vWZX3DUrP9GykAfIdGvx90k=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https: http: 'report-sample' https://tagmanager.google.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.sentry-cdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com; form-action 'self' https://*.adyen.com https://*.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; connect-src 'self' localhost:* data: sentry.io *.sentry.io https://*.adyen.com https://*.clarity.ms https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.bing.com plausible.io https://*.myhello.cloud https://myhello.cloud https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu wss://*.intercom.io https://cdn.tiny.cloud; object-src 'self'; base-uri none; report-uri https://o34395.ingest.sentry.io/api/76085/security/?sentry_key=fa5d344f3deb43d4987dfa2c56000ffe&sentry_environment=production&sentry_release=5.0.114 1
block-all-mixed-content; frame-ancestors *.apotiguar.com.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sciences.social; img-src 'self' https: data: blob: https://sciences.social; style-src 'self' https://sciences.social 'nonce-Hfxg9MU93ZsKdMSLL+QgFg=='; media-src 'self' https: data: https://sciences.social; frame-src 'self' https:; manifest-src 'self' https://sciences.social; form-action 'self'; child-src 'self' blob: https://sciences.social; worker-src 'self' blob: https://sciences.social; connect-src 'self' data: blob: https://sciences.social https://cdn.masto.host wss://sciences.social; script-src 'self' https://sciences.social 'wasm-unsafe-eval' 1
default-src 'none'; object-src 'none'; script-src 'nonce-AKNRzUFbZsCCrKoTJGMUNQ==' 'strict-dynamic' 'unsafe-eval' *.google.com *.google.cz *.adform.net *.gstatic.com *.cookiebot.com *.seznam.cz *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com *.googleapis.com *.jsdelivr.net; style-src 'self' 'strict-dynamic' 'unsafe-inline' *.googleapis.com *.net; img-src 'self' data: *.seznam.cz *.google.com *.google.cz *.google-analytics.com *.google.nl *.facebook.com *.cookiebot.com *.googletagmanager.com *.ytimg.com *.googlesyndication.com *.doubleclick.net *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.typekit.net; connect-src 'self' *.googlesyndication.com *.google-analytics.com *.cookiebot.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mora.care *.googleapis.com *.tiktok.com; frame-src 'self' 'strict-dynamic' *.cookiebot.com *.youtube.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.com *.google.com; form-action 'self' *.facebook.com *.mora.care; manifest-src 'self'; media-src 'self'; base-uri 'self'; 1
frame-src 'self' *.facebook.com *.google.com 1
script-src 'unsafe-inline' https: 'self' 'nonce-65af226c43e10' 'strict-dynamic'; object-src 'self'; base-uri 'self'; frame-ancestors 'none'; 1
block-all-mixed-content; object-src 'self' data:; upgrade-insecure-requests; frame-ancestors 'self'; default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; connect-src *; font-src * data:; img-src * data: blob:; 1
frame-ancestors 'self' welcome.espace.link ; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.calameo.com *.criteo.net *.criteo.com *.fls.doubleclick.net *.pwspace.com *.powerspace.com *.tradelab.fr *.classcroute.com www.youtube.com secureaud.solocpm.com www.linkedin.com cdn.linkedin.oribi.io www.mainadv.com *.tradedoubler.com *.avtm.fr *.ad-srv.net tag.azame.net *.adnxs.com uzerly.net *.adsrvr.org *.mathtag.com *.veoxa.com sk.ht *.sk.ht kx1.co px.ads.linkedin.com sjs.bizographics.com snap.licdn.com *.bing.com connect.facebook.net www.facebook.com fonts.googleapis.com *.g.doubleclick.net tag.statshop.fr *.tracktag.sytsem.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.axept.io; img-src 'self' blob: data: http: https: *.classcroute.com; font-src 'self' data: http: https: fonts.googleapis.com  1
default-src 'self' https://w.soundcloud.com/ https://player.vimeo.com/ https://m.facebook.com/ https://www.facebook.com/ https://www.youtube.com https://share.rendia.com/ https://www.theswimguide.org https://cse.google.com https://www.google.com https://www.adsensecustomsearchads.com/; connect-src 'self' https://region1.google-analytics.com https://my.wpengine.com https://yoast.com https://www.google.com https://adservice.google.com https://csp.withgoogle.com https://stats.g.doubleclick.net https://maps.googleapis.com https://www.google-analytics.com; img-src * data:; font-src * data:; style-src-attr 'self' 'unsafe-inline'; style-src 'self' 'nonce-z2LrPtwO1xg54SpnJ9K7JA==' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-3ADkWzrHbVGNqGyGIUksOe3bj1L08JdrkTQZNIncj8k=' 'sha256-Q83dOz3+WGlxf0tuNk+pbzple6B4ZKMf/+GqSD/oP6o=' 'sha256-0+2MAYQgoUxXpH7dZQBM6+bVLYwvT7dtyX3FTtiT0/4=' 'sha256-jQf62Lc8HrnosA7StHSbAkzZjXgtJDoVrwuZrxEzD6c=' 'sha256-fUwbyXtFO1PbTzLRQ7sWygaYGzq99BFSH2ukx+a7Y1E=' 'sha256-IlaC9yPgXnTEQAS0KBdK2W1FWT5vZoWWHbMVcFZSGKA=' 'sha256-YPcephQdqmWemSRPDH0F8Pyl49nbsj+CgOkjwnOFJe0=' 'sha256-xHhX+30Ebo7XZZjIxs8t0x61FuH0xxqXsDLYKQoKuNA=' 'sha256-YvhL8C9Jj++lXY8if+xlDJ28IGVzY0/uZVHI6AftQ78=' 'sha256-7F+E02nUolLzt01R3guE30exYkmFb56M5HgWJVlJi/c=' 'sha256-3NL3I9jVQeZ9keODeMaZKRlb+XfsSyfmN1PbwitqWlg=' 'sha256-godlKedi9OLxcN3dYK8W5XZATloav38IfMHrZ+6RpHk=' 'sha256-dNjyYQkgWnE8iB5kXKp8/y35FXjJiwSBxHhTzBX6hGs=' 'sha256-wLmU0zgf+mGSCa93/tph0kwBRnSPTkTO041irbOjRoA=' 'sha256-BtTNCrZRG1j4ikzvhV4TC945X9C8iOJaPdROcEYUCjo=' 'sha256-MXyhvROK5NPdD/GM8XvD4RINec6NWZGt2IYTCOSA58U=' 'sha256-1CP1kkQZfrvK405I0Ydt9trg9i2VIbBY1IuRptABf8c=' 'sha256-Umf7O0j7hxFmSgacRMTbRq+lPTZDpGPUgzrPCaIXlQc=' 'sha256-TaibW70hCiipPWcK5awrN2SbZwEMFdezOl8NCq4YeiA=' 'sha256-mvYVZQK2T3/UYweFxe8lt33zg9DbBPf7k4Y6eneARwY=' 'sha256-Yb3qCM+SG8KHjB/J2JvbGag+QQ1e4u37r8caYWRV9Xk=' 'sha256-xDcRYV3FVkyWv7wbHo0Va+A64V4vCRw8rBtIK42pCVQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-cUFuwp4e078DeooEUfiR1pq5f2G7IrZQoHa/JYi5B+4=' 'sha256-2dUyfYaYHIVygaN+UViYM/ePGObeMh2vmufwmAWpg+g=' 'sha256-rr1KmbVYybUqLFlXr6sGN41Ewbp0ZvBaRalM1wAbP58=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-EgNBKOia+YkwLJnqORGP1/kLf8CRKfIhJ6yuxB8AU5g=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-zZp8BI/LRCsExnI71KZA79vRfTQ/33qQr5GcSWAOwto=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-Q9miDVY9EmQYHiYVqVW22B4ck3MVy1MYKucyPW6AqWk=' 'sha256-g1+M02rsvlWQa9CjaRfEaZvT//NG7UhCKe8br+KXuF8=' 'sha256-42TFc49ICgM+GPeqISXzBXZ2PDlwMWDC1XsFenbNtBw=' 'sha256-PNsPul0zQFUiYu9XLVKzTdD5Cz5ghp1MT4H5/zAeI3Q=' 'sha256-QuMFxToficzUdLD6/GWANepDD/F9n7nYjzkwhHjP+yY=' 'sha256-ORuKZB3dHBi9O7/3A08h8xLYF7SCk24mVJZrULaM4TY=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' https://maxcdn.bootstrapcdn.com/ https://www.google.com https://fonts.googleapis.com; script-src 'self' 'nonce-z2LrPtwO1xg54SpnJ9K7JA==' 'sha256-/ccftsxRcB+HOwgub/4b0ZRlo1NGPdrFdUDGQSRkenw=' 'sha256-2BqdwMM1Wb+swBSlIW9FTEAYMxKt3JYj09qYdlDNVvM=' 'sha256-SRF8pg2K60qkeNNUHgnbMc5v4mCP9/lulAkjk5Dmsbw=' 'sha256-hTGYkvoORKnbCPI6SBwHGhxCxn469TsS355bF7bx7nw=' 'sha256-s56NP2TOoBR0bmTe+PrDTpv8RR4BNYC4fscANkuh67c=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-xDf50wc3Pjd15QhIFSg3s71d8okgDC8ZbgxvYywHBqc=' https://code.jquery.com/ https://clients1.google.com/ https://connect.facebook.net/ https://partner.googleadservices.com https://maps.googleapis.com https://ajax.googleapis.com https://polyfill.io https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cse.google.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com/; report-uri https://d6cf0415caf1a6d407e10bb14e34ae43.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors 'self' *.avto.net *.porscheinterauto.net porscheholding.sharepoint.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.google-analytics.com *.google.si *.googleapis.com *.ampproject.org *.si21.com *.facebook.net *.googletagmanager.com *.porscheinterauto.net *.google.com ajax.cloudflare.com cdnjs.cloudflare.com *.kabi.si *.kabi.info https://www.instagram.com/embed.js https://eu-prod.oppwa.com https://eu-test.oppwa.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.bootstrapcdn.com *.si21.com *.facebook.net *.porscheinterauto.net *.googletagmanager.com *.kabi.si *.kabi.info https://eu-prod.oppwa.com https://eu-test.oppwa.com; connect-src 'self' *.googleapis.com *.google.com *.google-analytics.com *.doubleclick.net *.kabi.si *.kabi.info *.si21.com https://eu-prod.oppwa.com https://eu-test.oppwa.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.si21.com *.facebook.net *.porscheinterauto.net *.googletagmanager.com *.googleapis.com *.google.com *.kabi.si *.kabi.info; 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net polyfill.io *.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com *.hsforms.net *.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net  unpkg.com  *.usercentrics.eu *.newrelic.com; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com projects.codeaware.at; img-src * 'self' data: https:; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.vimeo.com *.doubleclick.net *.facebook.com *.facebook.net forms.hsforms.com *.usercentrics.eu *.newrelic.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com projects.codeaware.at; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu *.hscollectedforms.net *.newrelic.com *.nr-data.net; report-uri /report-csp-violation 1
frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://app.hellodialog.com/ https://vars.hotjar.com/ https://rijnland.net/ http://www.rijnland.net/ https://hhr-website-acc.fourdigits.nl/ http://hhr-website-acc.fourdigits.nl/ http://127.0.0.1:8000/ https://preserve.archieven.nl/ https://rijnland.maps.arcgis.com/; img-src 'self' data: http://mifiles.archieven.nl/ https://preserve.archieven.nl/ https://files.archieven.nl/l https://files.archieven.nl/ https://www.google-analytics.com/ https://6259186.global.siteimproveanalytics.io/ https://app.cobrowser.com https://unpkg.com/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://www.toegankelijkheidsverklaring.nl/ http://files.archieven.nl/ https://www.gravatar.com/; font-src 'self' data: https://app.cobrowser.com/ http://mifiles.archieven.nl/; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/ https://rijnland.api-a.connexys.nl/ https://rijnland.api.connexys.nl/ http://mifiles.archieven.nl/ http://srv.archieven.nl/ https://app.cobrowser.com/ https://unpkg.com/; connect-src 'self' https://www.google-analytics.com/ https://rijnland.api.connexys.nl/ https://rijnland.api-a.connexys.nl/ https://app.cobrowser.com/ wss://app.cobrowser.com https://services1.acc.enable-u.cloud/ https://services1.prd.enable-u.cloud/ https://rijnland.piwik.pro/ https://region1.google-analytics.com/ https://srv.archieven.nl https://releases.wagtail.io/; object-src 'unsafe-eval'; media-src 'self' https://app.cobrowser.com/; default-src none; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://rijnland.api-a.connexys.nl/ https://rijnland.api.connexys.nl/ https://www.googletagmanager.com https://siteimproveanalytics.com https://static.hotjar.com/ https://script.hotjar.com/ https://www.google-analytics.com/ http://srv.archieven.nl/ http://mifiles.archieven.nl https://app.hellodialog.com/ https://app.cobrowser.com/ http://siteimproveanalytics.com/ https://unpkg.com/ https://services1.acc.enable-u.cloud/ https://services1.prd.enable-u.cloud/ https://rijnland.containers.piwik.pro/ 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org *.securitasmedia.com securitasmedia.com www.googletagmanager.com  i.ytimg.com www.googletagmanager.com i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.gstatic.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src *.youtube.com ;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com ds-onetrust.securitas.com analytics.google.com region1.analytics.google.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-ancestors 'none'; 1
default-src 'self'  https://www.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.tiktok.com/ https://cdn.linkedin.oribi.io/  https://va.tawk.to/ wss://*.tawk.to/ https://embed.tawk.to/ http://rum-collector-2.pingdom.net/  https://28roctd5h5.execute-api.us-west-2.amazonaws.com/ https://ka-f.fontawesome.com/ https://aspaa.uvp.mx/  https://view.genial.ly/  https://heyzine.com/  https://analytics.google.com/  https://www.tomorrow.io/ https://weather-website-client.tomorrow.io/ https://web.facebook.com/ https://kit-pro.fontawesome.com/ ; 
    	font-src *;
    	img-src * data:; 
    	media-src * data: ;
    	script-src 'self' https://embed.tawk.to/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://kit.fontawesome.com/ https://cdn.ckeditor.com/ https://ajax.googleapis.com/ https://www.gstatic.com/firebasejs/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://analytics.tiktok.com/ http://rum-static.pingdom.net/ https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/  https://www.googleadservices.com/  https://heyzine.com/  https://analytics.google.com/ https://www.tomorrow.io/ https://web.facebook.com/ https://kit-pro.fontawesome.com/ https://weather-website-client.tomorrow.io/  'unsafe-inline' 'unsafe-eval' ; 
    	style-src 'self'  https://embed.tawk.to/ http://cdn-h4.occ.com.mx/ https://cdn.ckeditor.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://www.tomorrow.io/ https://web.facebook.com/ https://kit-pro.fontawesome.com/ https://weather-website-client.tomorrow.io/ 'unsafe-inline' 1
frame-ancestors 'self' *.kognitiv.com *.seekda.com 1
font-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://fonts.gstatic.com https://*.hotjar.com https://*.tiktok.com https: data:;img-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://googleads.g.doubleclick.net https://www.facebook.com *.google.com *.google.com.br *.googleusercontent.com https://*.hotjar.com https://*.tiktok.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://*.handtalk.me data: blob:;script-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.hotjar.com https://survey.solucx.com.br https://*.solucx.com.br https://*.tiktok.com https://*.navdmp.com https://connect.facebook.net https://plugin.handtalk.me https://snap.licdn.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net blob:;connect-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br https://*.digital-segurosunimed.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://survey.solucx.com.br https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.tiktok.com https://cdn.linkedin.oribi.io https://*.segurosunimed.tokenlab.dev https://dev-seguros-unimed-geral.firebaseio.com https://prd-seguros-unimed-geral.firebaseio.com https://api.hubapi.com/ https://forms.hscollectedforms.net https://*.handtalk.me https://js.hs-banner.com https://pagead2.googlesyndication.com data: blob:;frame-src 'self' https://*.unimedodonto.com.br https://*.segurosunimed.com.br *.google.com *.youtube.com https://*.hotjar.com https://*.tiktok.com https://www.facebook.com https://*.handtalk.me https://*.hsforms.com https://*.spotify.com https://*.googletagmanager.com https://td.doubleclick.net https://rtorquato.github.io https://survey.solucx.com.br;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://*.tiktok.com https:;worker-src blob:;form-action 'self' https://www.facebook.com;default-src 'self';base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
child-src accounts.google.com apis.google.com platform.twitter.com www.facebook.com www.google.com;connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com api.userway.org cdn.userway.org;default-src 'self' 'unsafe-inline' accounts.google.com apis.google.com connect.facebook.net data: i.ytimg.com platform.linkedin.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com;font-src 'self' fonts.gstatic.com cdn.userway.org;form-action 'self';frame-src accounts.google.com apis.google.com platform.twitter.com www.facebook.com www.google.com www.youtube.com cdn.userway.org;img-src 'self' data: i.ytimg.com syndication.twitter.com t.co www.google-analytics.com www.googletagmanager.com *.gstatic.com cdn.userway.org;script-src-elem 'self' 'unsafe-inline' analytics.twitter.com apis.google.com connect.facebook.net platform.linkedin.com platform.twitter.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com cdn.userway.org;script-src 'self' 'unsafe-eval' 'unsafe-inline' apis.google.com connect.facebook.net platform.linkedin.com platform.twitter.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com tagmanager.google.com *.googletagmanager.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' cdn.userway.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;object-src 'none';report-uri https://opusgroup.report-uri.com/r/t/csp/enforce 1
report-uri https://www.innpulsacolombia.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=484f2e5560 1
script-src 'nonce-R4IasfecKUstLowjzEv6fA==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'self'; block-all-mixed-content 1
default-src 'self' *.rf-news.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net www.youtube-nocookie.com stats.mlpd.de rotefahne.mlpd.de *.rf-news.de; connect-src 'self' 'unsafe-inline' stats.mlpd.de; style-src 'self' 'unsafe-inline' *.rf-news.de; font-src 'self' data: use.typekit.net *.rf-news.de; img-src 'self' i.ytimg.com p.typekit.net rotefahne.mlpd.de *.rf-news.de; frame-src 'self' www.youtube-nocookie.com www.youtube.com rotefahne.mlpd.de *.rf-news.de; 1
child-src  www.paypalobjects.com spilsburybuild.cv3admin.com; connect-src  spilsburybuild.cv3admin.com *.listrakbi.com *.listrak.com *.google-analytics.com *.powerreviews.com *.doubleclick.net *.google.com *.bing.com www.paypal.com *.smartystreets.com *.pinterest.com *.crazyegg.com *.acsbapp.com s.yimg.com *.clarity.ms events.attentivemobile.com spilsbury.attn.tv *.criteo.com *.facebook.com bam.nr-data.net www.spilsbury.com *.hotjar.com *.sharethis.com bcp.crwdcntrl.net  gardensalive.force.com www.googletagmanager.com *.hotjar.io *.hotjar.com gaorder.gardensalive.com wss://*.hotjar.com *.crazyegg.com gardensalive.my.site.com  *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src  spilsburybuild.cv3admin.com h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: www.spilsbury.com acsbapp.com; form-action  'self' www.facebook.com www.paypal.com checkout.sezzle.com www.spilsbury.com webto.salesforce.com spilsburybuild.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.sharethis.com *.criteo.com service.force.com vars.hotjar.com static.criteo.net creatives.attn.tv www.youtube.com view.publitas.com www.googletagmanager.com gardensalive.my.salesforce.com *.azureedge.net; frame-ancestors  ; img-src  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com spilsburybuild.cv3admin.com *.criteo.com ade.clmbtech.com criteo-partners.tremorhub.com www.pages08.net *.yahoo.com h2.commercev3.net tg.socdm.com eb2.3lift.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com simage2.pubmatic.com sync.outbrain.com contextual.media.net exchange.mediavine.com ad.360yield.com pixel.rubiconproject.com jadserve.postrelease.com i.liadm.com matching.ivitrack.com visitor.omnitagjs.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com tapestry.tapad.com trends.revcontent.com h2.commercev3.net/cdn.bitsandpieces.com/ partner.mediawallahscript.com ib.adnxs.com x.bidswitch.net idsync.rlcdn.com *.clarity.ms *.acsbapp.com www.spilsbury.com *.casalemedia.com s.ad.smaato.net *.criteo.com ads.stickyadstv.com *.sharethis.com *.bing.com  spilsbury.attn.tv connect.facebook.net  *.criteo.net *.bluekai.com tracking.searchmarketing.com *.casalemedia.com bam.nr-data.net www.google.co.in; script-src  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv flex.msn.com *.crazyegg.com spilsburybuild.cv3admin.com api.universalcookie.com *.clarity.ms sslwidget.criteo.com *.criteo.com www.sc.pages08.net acsbapp.com ajax.aspnetcdn.com s.yimg.com static.hotjar.com garecommend.gardensalive.com bam.nr-data.net js-agent.newrelic.com *.salesforceliveagent.com service.force.com script.hotjar.com secure.comodo.com adadvisor.net www.spilsbury.com www.google.com *.sharethis.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com view.publitas.com aa.agkn.com gardensalive.my.site.com cdnjs.cloudflare.com www.msn.com *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv flex.msn.com *.crazyegg.com spilsburybuild.cv3admin.com api.universalcookie.com *.clarity.ms sslwidget.criteo.com *.criteo.com www.sc.pages08.net acsbapp.com ajax.aspnetcdn.com s.yimg.com static.hotjar.com garecommend.gardensalive.com bam.nr-data.net js-agent.newrelic.com *.salesforceliveagent.com service.force.com script.hotjar.com secure.comodo.com adadvisor.net www.spilsbury.com www.google.com *.sharethis.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com view.publitas.com aa.agkn.com gardensalive.my.site.com cdnjs.cloudflare.com www.msn.com *.azureedge.net; style-src  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net spilsburybuild.cv3admin.com ajax.googleapis.com service.force.com www.spilsbury.com *.sharethis.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net spilsburybuild.cv3admin.com ajax.googleapis.com service.force.com www.spilsbury.com *.sharethis.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  spilsburybuild.cv3admin.com h2.commercev3.net/cdn.spilsbury.com/ cdn.spilsbury.com www.bing.com *.acsbapp.com www.spilsbury.com; 1
frame-ancestors 'self' *.teamww.com:443; 1
script-src 'self' http://cdnjs.cloudflare.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://uschat3.contivio.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://maps.googleapis.com 'unsafe-inline' blob: 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://pam.mx https://www.pam.mx; upgrade-insecure-requests; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-4f012ae377d2ffbe3ba1acb90143b763'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self'; connect-src 'self' https://api.remotly.com https://fonts.googleapis.com https://fonts.gstatic.com https://gloc-9o9n5sebm.now.sh https://downloads.mirillis.com https://api.allorigins.win https://www.sandbox.paypal.com https://www.paypal.com https://ec.europa.eu; font-src https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kemenpora.go.id *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.jquery.com *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; style-src 'self' 'unsafe-inline' *.youtube.com *.kemenpora.go.id *.googleapis.com *.google.com *.gstatic.com *.amazonaws.com *.bootstrapcdn.com *.jquery.com widget.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; img-src 'self' data: *.kemenpora.go.id *.youtube.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.gravatar.com *.w.org *.creativecommons.org *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; font-src 'self' data: *.kemenpora.go.id *.gstatic.com *.bootstrapcdn.com *.youtube.com; connect-src 'self' *.kemenpora.go.id *.googletagmanager.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; media-src 'self' *.kemenpora.go.id *.w.org *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.youtube.com *.responsivevoice.org; object-src 'self' *.kemenpora.go.id *.responsivevoice.org; child-src 'self' *.googletagmanager.com *.google.com m *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; form-action 'self'; frame-ancestors 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline' https://unpkg.com; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 1
object-src 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com;default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' * data:;worker-src 'self' * data: blob:;media-src 'self' * data:;script-src 'self' 'nonce-OTBFMzQ4ODQxMDdCMjJGNDI0MkFFQzA0RTAzRTg3NzQ' https://www.google-analytics.com https://siteimproveanalytics.com https:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://informatiemodel.istandaarden.nl https://public.tableau.com http://cms.dev.kiesbeter https://cms-o.kiesbeter.nl https://cms-ts.kiesbeter.nl https://cms-ac.kiesbeter.nl https://cms.kiesbeter.nl;connect-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;child-src 'self' https://www.youtube.com https://informatiemodel.istandaarden.nl https://public.tableau.com;font-src 'self' 1
default-src https://*.iamconnected.eu; connect-src https://*.iamconnected.eu https://portbase.okta-emea.com https://global.oktacdn.com https://bam.nr-data.net https://app.getbeamer.com https://backend.getbeamer.com https://cognito-identity.eu-west-1.amazonaws.com/ https://sts.eu-west-1.amazonaws.com/ https://dataplane.rum.eu-west-1.amazonaws.com/appmonitors/ https://challenges.cloudflare.com; font-src https://*.iamconnected.eu https://fonts.gstatic.com https://fonts.googleapis.com https://app.getbeamer.com https://challenges.cloudflare.com; img-src data: https://*.iamconnected.eu https://portbase.okta-emea.com https://www.gstatic.com https://app.getbeamer.com https://challenges.cloudflare.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.iamconnected.eu https://global.oktacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com/recaptcha/ https://app.getbeamer.com https://client.rum.eu-west-1.amazonaws.com https://challenges.cloudflare.com; frame-src https://app.getbeamer.com https://challenges.cloudflare.com; style-src 'unsafe-inline' https://*.iamconnected.eu https://fonts.googleapis.com/icon https://app.getbeamer.com https://challenges.cloudflare.com 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.justflutes.com 1
connect-src 'self' *.google-analytics.com ;default-src 'self';frame-ancestors 'self' *.google.com ogs.google.com ;frame-src 'self' *.google.com *.youtube.com youtu.be ogs.google.com;img-src 'self' *.sonimcloud.com *.s3.amazonaws.com *.google-analytics.com data: w3.org/svg/2000 *.ytimg.com ;media-src 'self' *.sonimcloud.com *.sharepoint.com *.google.com youtu.be *.youtube.com *.amazonaws.com;object-src 'self' *.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.gstatic.com *.sonimcloud.com *.googletagmanager.com *.google-analytics.com *.youtube.com blob: self ;style-src 'self' 'unsafe-inline' *.sonimcloud.com ; 1
default-src 'self'; connect-src https://px.ads.linkedin.com https://o2.mouseflow.com https://cdn.linkedin.oribi.io https://api.leadinfo.com https://collector.leadinfo.net https://pagead2.googlesyndication.com https://region1.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl 'self'; script-src https://cdn.mouseflow.com https://snap.licdn.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.leadinfo.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://ssl.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' data:; img-src https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://px.ads.linkedin.com https://www.linkedin.com https://*.google-analytics.com https://region1.google-analytics.com https://*.google.nl https://*.google.com https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.analytics.google.com 'self'; frame-ancestors 'none'; frame-src https://td.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.google.com https://bid.g.doubleclick.net; style-src https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; font-src https://fonts.gstatic.com 'self' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.builds.gg *.blendbyte.com cdn.onesignal.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.usefathom.com; style-src 'report-sample' 'self' 'unsafe-inline' *.builds.gg; object-src 'none'; base-uri 'self'; connect-src 'self' wss://*.builds.gg *.builds.gg *.blendbyte.com; font-src 'self' data: *.builds.gg fonts.gstatic.com; frame-src 'self' www.google.com www.youtube-nocookie.com iframe.mediadelivery.net; img-src 'self' data: *.builds.gg  *.blendbyte.com www.gstatic.com translate.google.com *.usefathom.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; worker-src 'none'; report-uri https://blendbyte.uriports.com/reports/report; report-to default 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.ensighten.com gateway.zscalertwo.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud youtube.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.rawgit.com *.tools.investis.com *.nexus.ensighten.com nexus.ensighten.com tagmanager.google.com gateway.zscalertwo.net *.google.com youtube.com *.investisdigital.com player.vimeo.com ipapi.connectid.cloud *.onetrust.com *.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.hs.llnwd.net youtube.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com staticxx.facebook.com www.youtube.com gateway.zscalertwo.net youtube.com recruitingapp-4152.de.umantis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.google.com *.doubleclick.net *.connectid.cloud judxu4avx2.execute-api.eu-west-1.amazonaws.com  *.onetrust.com *.execute-api.eu-west-1.amazonaws.com; report-uri /report-csp-violation 1
frame-ancestors https://liveshopping.samoon.com 1
upgrade-insecure-requests  ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com connect.facebook.net pghub.io www.youtube.com *.bazaarvoice.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com vicks.jebbit.com *.bazaarvoice.com www.facebook.com www.facebook.com *.doubleclick.net pandg.tapad.com ; img-src 'self' blob: images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.facebook.com *.doubleclick.net *.bazaarvoice.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.analytics.google.com *.doubleclick.net *.google-analytics.com mw-ar-recom-prod.pgapi.io *.algolia.net *.algolianet.com *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; base-uri 'self' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src 'self' data: ; media-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src * 'unsafe-inline' 'unsafe-eval' blob: 1
default-src 'self' *.dailymotion.com *.youtube.com *.google.com *.amazonaws.com *.amazon.co.uk *.amazon.com *.monitraf.it *.aiteknet.eu; script-src 'self' *.monitraf.it *.aiteknet.eu *.amazonaws.com *.amazon.co.uk *.gstatic.com *.google.com *.loginwithamazon.com *.facebook.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' *.media-amazon.com *.amazon.com *.amazon.it *.monitraf.it *.aiteknet.eu data:; frame-src 'self' *.dailymotion.com *.youtube.com *.google.com; frame-ancestors 'none' 1
default-src 'self' *.hcaptcha.com *.youtube.com *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; img-src https: http: data: *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; worker-src 'self' blob: *.logrocket.io *.firebaseapp.com *.firebasedatabase.app *.appspot.com *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; script-src 'sha256-LOf6eI4feWpGP0xNe/7Bnh9rU7ZZko/nGZMPSC3GWw8=' 'sha256-j3MuDvXUf6bVbb4TEaIYtln93A5Xx7H36CQMzm2I2YQ=' 'self' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'unsafe-eval' strict-dynamic 'nonce-analytics' 'nonce-chat' http: https: sentry.io *.sentry-cdn.com *.logrocket.io *.firebaseapp.com *.firebasedatabase.app *.appspot.com cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; form-action 'self' *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; frame-ancestors 'self' *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; object-src 'self'; base-uri *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net; report-uri *.atso.org.tr atso.org.tr atsovizyon.org.tr chat.atso.org.tr *.google-analytics.com *.googletagmanager.com *.googleapis.com stats.g.doubleclick.net 1
default-src 'self' *.nassau247.com; connect-src *; font-src *;  frame-src *; img-src https://* data:; media-src *;object-src 'none'; script-src * 'self'  'unsafe-inline'  https://www.nassau247.com/scripts/* *.nassau247.com https://ajax.aspnetcdn.com/* https://checkin.purechat.com/api/checkin/;  style-src * 'unsafe-inline'; 1
default-src 'self' https://cdn-eu.readspeaker.com https://app-eu.readspeaker.com https://vttts-eu.readspeaker.com https://region1.google-analytics.com https://maps.googleapis.com https://www.google-analytics.com https://maps.gstatic.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.vimeocdn.compackages.umbraco.org https://our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://cdn-eu.readspeaker.com https://www.googletagmanager.com https://maps.googleapis.com https://www.youtube.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://cdn-eu.readspeaker.com https://fonts.googleapis.com;img-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com  https://umbraco.tv https://www.gravatar.com https://img.youtube.com https://i.ytimg.com data:;font-src 'self' https://hello.myfonts.net https://fonts.gstatic.com data:;frame-src https://www.google.com https://www.ghz.nl https://app-eu.readspeaker.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com;frame-ancestors 'self' 1
default-src 'self' https://*.flypay.com.au; script-src 'self' 'unsafe-inline' https://*.flypay.com.au; connect-src 'self' https://*.flypay.com.au https://cognito-idp.ap-southeast-2.amazonaws.com; frame-src 'self' https://*.flypay.com.au https://*.flybuys.com.au; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors  www.flypay.com.au; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://discourse.weather-watch.com/logs/ https://discourse.weather-watch.com/sidekiq/ https://discourse.weather-watch.com/mini-profiler-resources/ https://discourse.weather-watch.com/assets/ https://discourse.weather-watch.com/extra-locales/ https://discourse.weather-watch.com/highlight-js/ https://discourse.weather-watch.com/javascripts/ https://discourse.weather-watch.com/plugins/ https://discourse.weather-watch.com/theme-javascripts/ https://discourse.weather-watch.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://cloudflareinsights.com https://static.cloudflareinsights.com https://www.googletagmanager.com https: 'unsafe-inline'; worker-src 'self' https://discourse.weather-watch.com/assets/ https://discourse.weather-watch.com/javascripts/ https://discourse.weather-watch.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-84177b55b1aac22c732c16890b3cd581'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors 'self' powerapps.com *.powerapps.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://federate.social; img-src 'self' https: data: blob: https://federate.social; style-src 'self' https://federate.social 'nonce-D5sbEmEENvPLDa0qjayxig=='; media-src 'self' https: data: https://federate.social; frame-src 'self' https:; manifest-src 'self' https://federate.social; form-action 'self'; child-src 'self' blob: https://federate.social; worker-src 'self' blob: https://federate.social; connect-src 'self' data: blob: https://federate.social https://cdn.masto.host wss://federate.social; script-src 'self' https://federate.social 'wasm-unsafe-eval' 1
frame-src 'self' *.ad-srv.net *.adrtx.net *.amazon.de *.awin1.com *.cdnsrv.de *.cookiebot.com *.criteo.com *.ekomi.com *.facebook.com *.google.com *.hotjar.com *.klarna.com *.paypal.com *.pinterest.com *.redintelligence.net *.sovendus.com *.usemaxserver.de *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1
frame-ancestors *.ekomiapps.de 1
child-src self;img-src * data:;frame-src https://www.google.com https://widget.porterbuddy.com https://checkout.dibspayment.eu https://www.facebook.com youtube.com www.youtube.com contactform.sleeknote.com vars.hotjar.com 1
connect-src 'self' public.internetude.fr www.facebook.com *.google-analytics.com www.googleadservices.com bat.bing.com *.cedexis.com *.cedexis-radar.net *.abtasty.com *.doubleclick.net wss://api.nirror.abtasty.com api.segment.io api-js.mixpanel.com *.googlesyndication.com *.google.com *.googleapis.com tr.snapchat.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro *.abtasty.com; frame-src 'self' www.google.com *.doubleclick.net *.indeed.com tpc.googlesyndication.com *.facebook.com *.facebook.net www.youtube.com tr.snapchat.com player.vimeo.com *.clarity.ms *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.google.fr *.google.com www.googletagmanager.com connect.facebook.net *.facebook.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com tpc.googlesyndication.com bat.bing.com conv.indeed.com *.abtasty.com radar.cedexis.com public.internetude.com neuvoo.ca *.doubleclick.net *.cloudfront.net s3.amazonaws.com *.appjobs.com cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js cdn.polyfill.io/v2/polyfill.min.js cdn3.actito.com cdn.segment.com g.microsoft.com *.flagship.com cdn.heapanalytics.com cdn.mxpnl.com sc-static.net *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro; 1
default-src 'self'; script-src 'self' platform.twitter.com plausible.io utteranc.es *.cloudflare.com 'unsafe-inline' 'unsafe-eval' plausible.io/js/plausible.js utteranc.es/client.js privacy.isobar.pt *.youtube.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.tagmanager.google.com *.doubleclick.net connect.facebook.net *.qualtrics.com *.facebook.com *.dynatrace.com maps.googleapis.com *.googlesyndication.com; style-src 'self' *.cloudflare.com 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https: data:; img-src 'self' * data:; font-src 'self' data: use.typekit.net fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' plausible.io/api/event privacy.isobar.pt *.google-analytics.com *.google.com *.qualtrics.com *.facebook.com *.doubleclick.net *.dynatrace.com maps.googleapis.com *.googlesyndication.com; media-src 'self'; frame-src 'self' platform.twitter.com plausible.io utteranc.es github.com *.youtube.com *.vimeo.com *.google.com *.doubleclick.net *.google-analytics.com *.qualtrics.com *.facebook.com *.dynatrace.com maps.googleapis.com; object-src 'none'; base-uri 'self'; worker-src 'self'; 1
script-src 'self' 'nonce-TTarb+CxUOm6DHPbtvsSZA==' 'unsafe-inline' 'unsafe-eval' https://widget.intercom.io https://api-iam.intercom.io https://js.intercomcdn.com; 1
frame-ancestors 'self' https://www.descubrecomohacerlo.com; 1
style-src 'self' 'unsafe-inline' https://*.buybox.click https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://accounts.google.com https://*.klaviyo.com;                             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.buybox.click https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://*.zdassets.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://apis.google.com https://*.youtube.com https://s.ytimg.com https://*.usersnap.com https://www.googletagmanager.com https://cdn.gravitec.net https://*.hotjar.com https://www.google.com/pagead https://s.pinimg.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.klaviyo.com https://accounts.google.com https://*.cookiebot.com;               img-src 'self' data: blob: https://ct.pinterest.com https://*.buybox.click https://*.zopim.io www.googletagmanager.com https://*.hotjar.com https://cdnjs.cloudflare.com https://media.domni.pl https://img.youtube.com https://i.ytimg.com/ http://static-synage.i-g.pl https://cdn.gravitec.net https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://www.googletagmanager.com https://*.gstatic.com https://lh3.googleusercontent.com https://ct.pinterest.com/v3 https://optimize.google.com https://test-media.domni.pl https://*.cloudfront.net https://imgsct.cookiebot.com/;               default-src 'self' https://*.zdassets.com https://*.hotjar.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.facebook.com https://www.googletagmanager.com https://accounts.google.com https://*.youtube.com https://www.pinterest.com https://ad.doubleclick.net;                              frame-ancestors 'none';                             font-src https://fonts.gstatic.com https://*.klaviyo.com;                             frame-src https://www.google.com https://*.pinterest.com https://accounts.google.com https://vars.hotjar.com https://www.youtube.com https://*.facebook.com https://optimize.google.com https://*.cookiebot.com https://td.doubleclick.net/;                             connect-src 'self' https://ct.pinterest.com https://*.buybox.click wss://widget-mediator.zopim.com https://synage.zendesk.com https://*.zdassets.com https://stats.g.doubleclick.net/ https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google.pl/ads/ga-audiences https://*.klaviyo.com https://www.googleapis.com  https://*.googlesyndication.com https://*.googletagmanager.com https://*.google.com https://*.cookiebot.com https://googleads.g.doubleclick.net 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob: 1
script-src 'self' https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; style-src 'self' 'unsafe-inline' http://igree.co https://igree.co http://www.igree.co https://www.igree.co *.igree.co *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytic.com; img-src 'self' http://igree.co https://igree.co http://www.igree.co https://www.igree.co  *.googleapis.com *.gstatic.com *.doubleclick.net *.analytics.com *.google.com *.google.com.br *.googletagmanager.com *.youtube.com *.ytimg.com *.ggpht.com *.google-analytics.com; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://use.typekit.net https://*.jivosite.com wss://*.jivosite.com https://fonts.googleapis.com https://*.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://gyruss.rdops.systems https://www.facebook.com/ https://*.rdstation.com.br https://*.cloudfront.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net https://chat.directtalk.com.br https://*.jivosite.com wss://*.jivosite.com unsafe-inline https://fonts.gstatic.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://h.online-metrix.net https://maps.google.com/ https://chat.directtalk.com.br unsafe-inline https://*.jivosite.com wss://*.jivosite.com https://www.lojaconfiavel.com https://*.hotjar.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://h.online-metrix.net https://fonts.gstatic.com https://stats.g.doubleclick.net http://www.googletagmanager.com https://staticfiles.yviews.com.br https://service.yourviews.com.br https://yv-misc.s3.amazonaws.com https://uploadedfiles.yviews.com.br https://www.google.com https://newimgebit-a.akamaihd.net https://www.ebitempresa.com.br https://empresa.ebit.com.br/ https://chat.directtalk.com.br https://singularbaby.com.br https://*.madeiranit.com.br https://*.jivosite.com wss://*.jivosite.com https://www.google.com.br/ http://www.googleadservices.com http://www.google-analytics.com https://www.facebook.com/ https://*.gstatic.com https://maps.googleapis.com https://*.cloudfront.net/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://h.online-metrix.net https://www.clarity.ms https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://service.yourviews.com.br https://service2.yourviews.com.br https://staticfiles.yviews.com.br https://cdn.siteblindado.com https://api.siteblindado.com https://seal.globalsign.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://imgs.ebit.com.br https://chat.directtalk.com.br https://*.jivosite.com wss://*.jivosite.com https://*.hotjar.com/ https://*.shoptarget.com.br/ https://*.cloudfront.net/ https://*.facebook.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://*.shopback.net/ https://*.shopconvert.com.br/ https://*.rdstation.com.br https://*.cloudfront.net https://cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com http://fonts.gstatic.com https://staticfiles.yviews.com.br https://cdnjs.cloudflare.com https://service.yourviews.com.br https://cdn.jsdelivr.net https://www.google.com https://chat.directtalk.com.br https://*.jivosite.com wss://*.jivosite.com https://fonts.gstatic.com/ https://*.rdstation.com.br https://*.cloudfront.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.jivosite.com wss://*.jivosite.com https://fonts.gstatic.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://h.online-metrix.net https://*.clarity.ms https://service2.yourviews.com.br https://api.siteblindado.com https://seal.siteblindado.com.br https://commerce.adobedc.net https://bam.nr-data.net https://www.google.com https://service.yourviews.com.br https://chat.directtalk.com.br wss://am.freshrelevance.com https://*.jivosite.com wss://*.jivosite.com https://*.shoptarget.com.br/ https://*.rdstation.com.br/ https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.googleapis.com https://*.hotjar.io https://content.hotjar.io/ https://*.retargeter.com.br https://*.madeiranit.com.br/ https://ckies.net/ https://*.openfpcdn.io/ https://www.google-analytics.com https://*.rdstation.com.br https://gyruss.rdops.systems https://www.facebook.com/tr  https://gtm-kq9xxp7-mjg4y.uc.r.appspot.com/g/collect wss://ws.hotjar.com/api/v2/client/ws https://seal.siteblindado.com https://viacep.com.br *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src unsafe-inline https://*.jivosite.com wss://*.jivosite.com https://fonts.gstatic.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests;; upgrade-insecure-requests 1
default-src 'self' https://pwck.hr.nl; script-src 'self' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
default-src 'none'; img-src 'self' https://www.google-analytics.com; style-src 'self'; font-src 'self'; script-src 'self' https://maps-api-ssl.google.com https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: script.hotjar.com *.zopim.com *.googleapis.com *.yotpo.com cdn.prod-b.okonomideler.vdc.dev cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com policy.app.cookieinformation.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.google-analytics.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.okonomideler.vdc.dev *.googleapis.com okodeler-oljehydraulikk.talentlms.com *.zopim.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.dibspayment.eu *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.klarna.com static.hotjar.com script.hotjar.io *.okonomideler.vdc.dev *.googleapis.com *.cloudflare.com *.zopim.com *.zdassets.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.google.com *.okonomideler.vdc.dev cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.googleapis.com t.elasticsuite.io *.okonomideler.vdc.dev *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com cdn.okonomideler.no cdn.okonomi-deler.no policy.app.cookieinformation.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; 1
default-src 'self' https://*.lb.ge; script-src 'self' 'sha256-PZRCtU/wAaLNo4Jego6C7sipvUW3U/e/QpfxaJ9iZvU=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.googletagmanager.com https://*.lb.ge; style-src 'self' https://*.lb.ge https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.lb.ge; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://paygatewayapi.lb.ge https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://c2cproxy.lb.ge https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; 1
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 1
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; connect-src https: 'self' data: wss: ;report-uri /csp-reports 1
frame-ancestors 'self' https://*.frontapp.com https://*.frontapplication.com https://thepackengersapp-demo.fly.dev https://www.thepackengers.com https://app.thepackengers.com https://www.interencheres.com https://mjollnir.pp-indb.io https://mjollnir.int-indb.io https://www.dev-indb.io https://www.pp-indb.io https://www.int-indb.io 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705983008; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.clogauoutlet.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.cuirn1.com https://*.cuircenter.com 1
frame-ancestors https://insportline-pl.livesale.me 1
default-src 'self' eeasy.jp js.eeasy.jp *.googleapis.com *.gstatic.com *.googletagmanager.com pay.veritrans.co.jp *.google-analytics.com *.googleadservices.com connect.facebook.net *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.facebook.com *.google.com *.google.co.jp pagead2.googlesyndication.com *.amazonaws.com *.rollbar.com cdn.jsdelivr.net npmcdn.com data: 'unsafe-inline' 'unsafe-eval' blob: 1
frame-ancestors 'self' https://www.honestdocs.id/ 1
default-src 'self' *.megamedia.cl *.meganoticias.cl *.googleapis.com *.fonts.gstatic.com *.mega.cl mdstrm.com; img-src *; media-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.cdn.s-mdstrm.com mdstrm.com *.cdn.mdstrm.com; script-src 'self' cdn.jsdelivr.net 'unsafe-inline' *.s-mdstrm.com *.mdstrm.com *.mega.cl *.megamedia.cl *.googletagmanager.com https://apis.google.com *.gstatic.com; font-src fonts.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; connect-src 'self' mdstrm.com *.cdn.mdstrm.com https://www.google-analytics.com *.googleapis.com https://sso.mega.cl *.megamedia.cl  *.local-megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.meganoticias.cl *.dps.live *.rudo.video *.cloudfront.net; base-uri 'self'; form-action 'self'; worker-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.local-megamedia.cl; frame-src 'self' *.mega.cl *.megago.cl *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl *.local-megamedia.cl https://megago-751e1.firebaseapp.com https://megago-dev.firebaseapp.com/ https://mdstrm.com; child-src 'self' blob: *.megamedia.cl *.uat-megamedia.cl *.dev-megamedia.cl https://megago-751e1.firebaseapp.com https://megago-dev.firebaseapp.com/ https://mdstrm.com 1
frame-ancestors 'self' *.multiterminais.com.br 1
frame-ancestors 'self'  *.ooredoo.ps 1
connect-src 'self' rt.opcoes.net.br https://rt.opcoes.net.br wss://rt.opcoes.net.br *.instagram.com *.iugu.com *.google-analytics.com; default-src 'self' ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com; font-src 'self' 'unsafe-inline' data: ajax.aspnetcdn.com *.avast.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com *.typekit.net use.fontawesome.com; frame-ancestors 'self' https://opcoes.net.br https://dev.opcoes.net.br https://preview.opcoes.net.br; frame-src 'self' *.opcoes.net.br *.facebook.com *.facebook.net *.google.com *.instagram.com twitter.com *.twitter.com *.youtube.com; img-src 'self' data: ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org images-na.ssl-images-amazon.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com twitter.com *.twitter.com http://* https://*; style-src 'self' 'unsafe-inline' ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com *.typekit.net use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.aspnetcdn.com remote.captcha.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.iugu.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com unpkg.com; worker-src 'self' blob: ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.datatables.net d3js.org *.facebook.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.instagram.com *.linkedin.com oss.maxcdn.com *.twimg.com *.twitter.com; object-src 'none'; report-uri https://opcoes.net.br/csp-reports 1
img-src     'self' data:     *.webqamapps.com     *.pizzacosy.fr     *.pizzacosy.re     *.gravatar.com     *.doubleclick.net     *.gstatic.com     *.google.fr     *.google.com     *.google.nl     *.googleapis.com     *.google-analytics.com     *.googleadservices.com     *.googletagmanager.com     *.googlesyndication.com     *.ytimg.com     *.juicer.io     *.axept.io     *.snapchat.com     *.facebook.com     *.avis-verifies.com     *.linkedin.com     *.myli.io     axeptio.imgix.net     n-app.myli.io   ;   frame-src     'self'     *.sibforms.com     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.google.com     *.google.nl     *.dailymotion.com     *.googletagmanager.com     *.snapchat.com     *.facebook.com     *.googlesyndication.com     *.googleadservices.com   ;   frame-ancestors     'self'     *.sibforms.com     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.google.com     *.google.nl     *.dailymotion.com     *.googletagmanager.com     *.snapchat.com     *.facebook.com     *.googlesyndication.com     *.googleadservices.com   ;   script-src-elem     'self' 'unsafe-eval' 'unsafe-inline' data:     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.gstatic.com     *.google.fr     *.google.com     *.google.nl     *.googleapis.com     *.google-analytics.com     *.googletagmanager.com     *.googlesyndication.com     *.googleadservices.com     *.doubleclick.net     *.axept.io     *.libcdn.com     *.licdn.com     *.snapchat.com     connect.facebook.net     analytics.tiktok.com     sc-static.net/scevent.min.js     widgets.rr.skeepers.io     cdn-app.myli.io     CL.avis-verifies.com   ;   script-src     'self' 'unsafe-eval' 'unsafe-inline' data:     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re   ;   object-src     'self'     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re   ; 1
default-src 'self' *.facebook.com *.monetate.net www.google.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.google.com *.emarsys.net *.onetrust.com *.criteo.net;  script-src 'self' *.colissimo.fr *.mapbox.com *.jquery.com *.googleapis.com *.googletagmanager.com *.cquotient.com *.cloudflare.com unpkg.com *.monetate.net *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com *.webgains.com *.webgains.io *.emarsys.net www.staging.pro-duo.fr www.pro-duo.fr polyfill.io www.instagram.com *.onetrust.com *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' * data:;  font-src 'self' *.googleapis.com *.gstatic.com *.monetate.net *.cdn-apple.com data:;  style-src 'self' 'unsafe-inline' *.colissimo.fr *.mapbox.com *.googleapis.com unpkg.com *.mondialrelay.com *.monetate.net *.worldpay.com;  connect-src 'self' *.onyourmap.com *.google.com *.colissimo.fr *.mapbox.com *.google.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self' 1
default-src 'self' 'nonce-65af1c44e10d0' https://fonts.gstatic.com 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.fr zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
script-src 'self' https://u-static.com https://*.kundo.se https://*.svea.com https://*.ingrid.com https://*.criteo.com https://*.criteo.net https://bat.bing.com https://cm.g.doubleclick.net https://code.jquery.com https://config1.veinteractive.com/tags/50E3D633/4E67/4166/AF03/E49AA50E6C0E/ https://connect.facebook.net https://drs2.veinteractive.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pixel-geo.prfct.co/tagjs https://player.vimeo.com https://s.retargeted.co https://t.adii.io https://tag.perfectaudience.com https://tpc.googlesyndication.com https://track.adrecord.com/track.js https://track.adrecord.com/external/70/ https://translate.google.com/translate_a/ https://translate.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com/gtag/ 'unsafe-inline' 'unsafe-eval' 'nonce-2140117031714223' 'sha256-r9FKTGjT4cDGsWnKdV3/6Sos4WD8jnO/6Ra7W+Bbmic='; base-uri 'self'; block-all-mixed-content; font-src https://u-static.com https://fonts.gstatic.com; frame-ancestors 'self' https://www.upplevelse.com; frame-src 'self' bankid: swish: https://*.upplevelse.com https://*.kundo.se https://*.svea.com https://*.criteo.com https://*.criteo.net https://*.ingrid.com https://*.trustly.com https://bid.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net https://optimize.google.com https://player.vimeo.com https://secure.na1.echocdn.com https://td.doubleclick.net https://trustly.com https://upplevelse.na1.echosign.com https://tpc.googlesyndication.com https://vimeo.com https://www.adsettings.com https://www.facebook.com https://www.google.com/shopping/customerreviews/optin https://www.youtube.com/embed/ https://www.youtube-nocookie.com https://fast.wistia.net; img-src https: data: blob:; manifest-src 'self'; media-src https:; object-src 'self' https://u-static.com; style-src 'self' https://u-static.com https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com/translate_static/css/translateelement.css https://static-chat.kundo.se https://chat.kundo.se 'unsafe-inline'; worker-src 'self' https://u-static.com; report-uri /my_amazing_csp_report_parser 1
default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net www.facebook.com www.google-analytics.com static.criteo.net *.freshchat.com *.criteo.com www.youtube.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.paytrail.com ajax.googleapis.com *.freshworks.com *.google.com *.gstatic.com *.googletagmanager.com *.goodleadservices.com *.handshake.fi *.adii.io *.adii.se *.tiktok.com *.stripe.com omnisnippet1.com *.soundestlink.com *.retargeted.co *.getresponse360.pl *.getresponse.com *.gr-cdn.com *.gr-cdn-e.eu *.bing.com handshakemarketing.fi *.handshakemarketing.fi cdn.mouseflow.com *.paypal.com *.googleadservices.com *.doubleclick.net valostore.fi valostore.fi www.autodude.fi autodude.fi valostore.fi www.valostore.fi valostore.se www.valostore.se valostore.no www.valostore.no autodude.se www.autodude.se autodude.no www.autodude.no metrics.valostore.fi *.piwik.pro https://checkout-cdn.avarda.com/cdn/static/js/main.js *.avarda.com *.avarda.org;connect-src 'self' *.google.fi *.google.se *.google-analytics.com *.analytics.google.com www.facebook.com *.klarnaevt.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.freshworks.com *.freshdesk.com *.g.doubleclick.net *.adii.io *.criteo.com *.tiktok.com *.ingest.sentry.io *.soundestlink.com *.retargeted.co *.getresponse360.pl *.getresponse.com *.getresponse.pl *.pangle-ads.com *.googlesyndication.com properties https://proxy.handshake.fi metrics.valostore.fi *.paypal.com *.avarda.com *.avarda.org;img-src https: data: http: blob:;style-src 'self' https: 'unsafe-inline' fonts.gstatic.com 'unsafe-inline' *.dinox.fi;font-src 'self' https: data: fonts.gstatic.com;frame-src gum.criteo.com *.facebook.com *.youtube.com wchat.eu.freshchat.com *.freshchat.com *.klarna.com *.klarnaservices.com *.google.com *.criteo.com *.criteo.net *.stripe.com *.getresponse360.pl *.getresponse.com *.doubleclick.net metrics.valostore.fi  *.paypal.com;script-src-attr 'unsafe-inline';form-action *.facebook.com;report-uri https://o643929.ingest.sentry.io/api/6318034/security/?sentry_key=161b845227284238b6e4b4969c9d79fe;base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
block-all-mixed-content; frame-ancestors *.estiloeconforto.com.br 1
script-src 'self' hcaptcha.com *.hcaptcha.com www.seznam.cz c.imedia.cz www.zbozi.cz helpdesk.excaliburshop.com www.youtube.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net widget.packeta.com 'nonce-bab4428fa9955ad8ff5f0143c651b2cb' matomo.reklalink.cz 'nonce-f92d511414552fa9d6feff9612b1ae90' www.googletagmanager.com;connect-src 'self' www.facebook.com hcaptcha.com *.hcaptcha.com pagead2.googlesyndication.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com widget.packeta.com google.com *.google.com *.google.cz *.google.sk *.google.at *.google.de *.google.fr *.google.pl matomo.reklalink.cz www.google-analytics.com;img-src 'self' data: fonts.gstatic.com *.seznam.cz *.googletagmanager.com *.google-analytics.com pagead2.googlesyndication.com *.g.doubleclick.net *.analytics.google.com google.com *.google.com *.google.cz *.google.sk *.google.at *.google.de *.google.fr *.google.pl matomo.reklalink.cz;style-src 'self' fonts.googleapis.com hcaptcha.com *.hcaptcha.com *.googletagmanager.com;font-src 'self' fonts.gstatic.com;frame-ancestors hcaptcha.com *.hcaptcha.com helpdesk.excaliburshop.com *.facebook.com *.g.doubleclick.net;base-uri 'self';form-action 'self' *.gpwebpay.com *.paypal.com *.facebook.com;default-src 'none';report-uri https://www.excaliburshop.com/?action=report-to;report-to default;child-src www.youtube.com www.google.com/maps/ helpdesk.excaliburshop.com www.zbozi.cz widget.packeta.com hcaptcha.com *.hcaptcha.com *.facebook.com b2c.cpost.cz www.googletagmanager.com; 1
default-src * 'unsafe-inline' data: blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval';img-src * 'self' data: https:; font-src 'self' fonts.gstatic.com 1
default-src 'self' ;script-src 'unsafe-inline' https://www.youtube.com https://cdn.matomo.cloud/ https://www.ipeca.fr/ https://*.go-mpulse.net https://unpkg.com https://cdnjs.cloudflare.com;style-src 'unsafe-inline' https://www.ipeca.fr/;font-src 'self' ;img-src 'self' data: https://*.akstat.io;frame-src 'unsafe-inline' https://www.youtube.com;connect-src 'self' wss://localhost:* https://ipeca.matomo.cloud/ https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://*.lookfantastic.se https://www.glossybox.se https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://cdn.parcellab.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://www.miliciadaimaculada.org.br 1
frame-ancestors 'self' https://www.nodal-authority.nsws.gov.in https://www.nodal-authority.nsws.gov.in/investorDSC/*/*/ https://www.nodal-authority.nsws.gov.in/investorDSC/*/* https://www.nodal-authority.nsws.gov.in/investorDSC/* https://fonts.gstatic.com https://www.nsws.gov.in https://stats.g.doubleclick.net https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com; 1
frame-ancestors 'self' https://*.toyota.si https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' https://www.fielesadios.org; 1
frame-src http://ipso.localdev:8000/; script-src 'self' https://maps.google.com/ https://*.googleapis.com/ https://js.sentry-cdn.com/ https://polyfill.io/ https://browser.sentry-cdn.com/ https://unpkg.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.datatables.net/ 'sha256-VaHOORYaK/VrKFXwMDDI7/OlPERD6wdgieOtntFC+3k=' 'sha256-7l+gZky45slb7FzjS5NrmkV8PDtfhES3o2rPBYuNfqE=' 'sha256-HTl4/SBLajGsEETS3Fari9prPJEVLwrITRVvo9MQwtc=' 'sha256-Glr2W7ltVX8b0yT13U6kugzjdiHTzfqEkDtpfcvCjH0=' 'sha256-1b6I9juF4B8Bz0hLu+UM0MzipegcYhjH8RQy5E7AqMo=' 'sha256-zmyKz2OZF0mgLk5eLo/9OHN7pCPGUmS1/P27opzLSzc=' 'sha256-ghYbLPtuJ68sWKI07jYa2uS4NMJHAOYa43fCb0nDwLM=' 'sha256-kTuB7UP4LEoomhpw+j4wBSxtOVbUsQej9ciqoqptUW4=' 'sha256-N5tif7y/RxRqUBseGkhodD0vcbR+yzdaNnDsKPydNK8=' 'sha256-hwtkdppvx21qzzjhS8cmPZH5r8RMKh5+8uhrDf2r4oI=' 'sha256-bJogu7e/gLzOkt550ZqRbI9p3MKBDbSDdH6mnOIj4lk=' 'sha256-bu+cJdHmCTxNscgh+C4IXmRl1OBLUb/JT+AfR3+kqS4=' 'sha256-vctCm+lLWKRRNC8xEevuMTs78ekKeqrx9unwQSXE1xM=' 'sha256-ALGB14xFsf//iiTBdO64nPWarY0rJE4N54YhCkWRf68=' 'sha256-TZ6U37wWF/x8bVD1GQcCTWLFKrlIz7de42Ay+V1hpJQ=' 'sha256-1GKCZtAsXvydQ6jbG+25CN61Zs+YD2aRHRWtNYmZfkI=' 'sha256-i6v0OlX8KMxP9JmWK2iHr4R/px4g6X5h4UV5Q9sFPnk=' 'sha256-QG99t1erGt+BDwyAAsdbxxFD7JvcL5hREsab4/UGq4U=' 'sha256-7yYOdKpeGTTSeF4cCpqEW9X7p96yRO2/Y9pEFGSxTAU=' 'sha256-vNeJn1dWp277ekUfozNLfHSdfQAJl3+blrN9XvUsYwE=' 'sha256-pZpFvAa315bpuQozvBYrH6addZ56NqC8Cx5q69rYe/s=' 'sha256-WjcbePKHrc8+6HxqPmhK+ypFoLOPCnwGn3LztbOW21Y=' 'sha256-UEl8AyPL0LZm/miHIEjF/seV7iQo8pcL4xlZOdrGR7c=' 'sha256-J5exb3CTw8qtxlj7YAZyhclsC6LkylMDjEjELvAQ/RM=' 'sha256-oIbrb5N0QI3gwR/9vB7uqS3zpmmgAGwvjXiplvetBuY=' 'sha256-XyafikdYTPGs2sbQYLtKWHWf5aGKocs9qkaYEks6+Mc=' 'sha256-jypv4N8eW7D4pulaV094A3gyRI2viH+PwXJSLixyXdc=' 'sha256-gq8ckm6A2Y40cl7oSbiCyjl2m9eg7sX49IYE9+GwVyM=' 'sha256-fFMex/5hXP0z+T6azadCDW9MS/9MahIxP+WxQ4RaS9I=' 'sha256-6WiTOalOkrI/df2ET9Kt90IgHYzxAbOnTx65qP8Y+Ag=' 'sha256-/bOY8LSZT2CNkpRkEBrYFmtOtpmJfCV6lAAaK9XIr28=' 'sha256-f8WgD97qN8jbmvTQwdV8dURFyKd80saDH6RgQSoG02Q=' 'sha256-JRCMjU7ro44h2Tqb9IwE5gECkpa7Isr7wLVlCNsdr6M=' 'sha256-0KFEZo23O+OrqBasFTqZvYQat50cHZ2aupPhk33x1A8=' 'sha256-wWXhSgVyqslCNv7QQDp+dc8Js0H/k7rVR7oA/PcI7Tc=' 'sha256-jhTSNOsK4Ik3rdZu60Ojyt5ycQ+NibfEFvg98EYPcaY=' 'sha256-P4hlUZS4J5fBIJbtJPORTAm7Vv5D6N+twha6jUR3j8Y=' 'sha256-8cVQc8NSQgOo7q1pDhkaQH2HlaD/CjkLgm+QfZWAY78=' 'sha256-xW0r3Vb5OjWtIIKBNq2rg/iJEfwwFl7HfWN3R0AFOt4=' 'sha256-8oGXWs78jML1jzttHgiLPSzrcYaq457JlsZx20XqnJo=' 'sha256-jYY4A4t5wkxLXOtnotP6IHAe/zTjlUqYKrfONbRp0oY=' 'sha256-0HY4WaBBYHtIDlMA9yKCoGYPDJco0HZm4H4AZxvchSc=' 'sha256-WF7A+jtks+8p5kZ6oXED/nLB1OP+u72gcZoryJCnnbU=' 'sha256-q9iwDfT7uB7JAdMZ9TKMZtP5s31QmgPloybS7MhXNt4=' 'sha256-lyPEyW7loh7r1eq3+8QveNKJNRcliZQu+c/3GYaoFc4=' 'sha256-T5B7D6b3jYua4iLnVQ4RxTPjoTUcmYU/gczDhJxSfng=' 'sha256-mocJ6tMui0B0hOO+cA1Yka5t8GMSH3zQHXNuMW5NiUc=' 'sha256-DE2Hw+NM4raUTTCg7GYVKOP30mFISSWyIOvmVusd1Oo=' 'sha256-osLR31YtalaoIGzd8d1yNY5fdsGc9UvdomhrrYrFhlA=' 'sha256-xDg4a8wwRNTpMaL6RjW0xMi+YZnvMnSl6NZDuxp9pxE=' 'sha256-z/dek4TLomdZYSc4cxPlZiVkN9SKghUkuPSBXjcIm1Y=' 'sha256-3vo4nthxdnlgmcHUqO/Eo3Y0NPYGA76M0IwvLf+/HOQ=' 'sha256-ULb/oy8yoDnoY5aRzi7F++5u6cQDkREDOlH7oJK6eCg=' 'sha256-41GxUTrkQ56y122B13MIAIkzTAFCdUy61hQrtJP4F50=' 'sha256-8fh/IW8i3YA/WjKWUA/WEg6S+wLlIyGGcWBlYzPWyrY=' 'sha256-lTxNkXP5ycBOme5/a19izqnH4LtrDNS35Okw5gZ8OoA=' 'sha256-QqQ7BxGyuW4yoSjnzDiPQ3DK1mC7+yfGspsRmLbYc+Y=' 'sha256-eJXjxvJOMBAEvUBOXHmucctnZEhdEjAZFGmAK58bjrk=' 'sha256-2N1itrDLf3ydaWmX0epnvREU4/aolhfmIIm1YROGV4k=' 'sha256-Pt/l5xg6+oQggrw6xOl/xDkGbLJr/Q1uHEW6qrrcca4=' 'sha256-XmRcIzhcrrmgIOPIpUHt8+4u4CLMPyuuwFHsBHAh3kg=' 'sha256-EsuyvjHTB1znMbVdM1vQYfqB/0JOxL+TiHWqZ96sJ8E=' 'sha256-lJHMXene50qjpbegByh1u4S3tIP9AUroh9VefAa9qFE=' 'sha256-+7je3GFwBgGPkKaMYGpdiWmIRQ4Pto3SKYw6H6cOQu8=' 'sha256-w3YKL9UKnY4UcaOZVaWIDzz945FSzef7Cur7epjImv0=' 'sha256-iUTzStHnvtYnVtf/zllmvyh7tO4ymt0t7sRixAy3VVc=' 'sha256-wVcJSvoHYKvBPVgniX8w3zOL/s6z/61DmXnpVRETX0A=' 'sha256-TuDv4mGOG9ncvrWGpGKnoALmHKxu0UHpGjZXbvkuQgo=' 'sha256-Jcult9OkKM7xHEEnw2qsPcvNocJ7zrvCu68T9u6bY6Q=' 'sha256-CNvhO/4p529vZFQYfc/6Gj0Cw8h1ggBdQaisbFkA/vc=' 'sha256-aR54KJaaAUJyiZIa055qsXYJMpRRikbeCHSk4nCXdQE=' 'sha256-pqSokHNneUPQRdTmknKIY7nBRK+sDuqgUWguQZwsNo0=' 'sha256-3SES2P56XxtbnzDx8k41/UhJsSteiSIwNz/rOwjPJiw=' 'sha256-tcQE3xGoPvjb51+IbImvy2EKHIrhlCKBBSX+u/QsjD0=' 'sha256-CELl6UIjy/430I7BNWkbTQG10b9EPQyYi+fdIUw1Lwk=' 'sha256-r0dUQsHLHB5fDyruvVJG6cZX3woLiLhiAH/HGSh0DJU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Ai5DYvmKvws/DMmM7jHoap7EZ7TU+quWh2EwgLYaZl4=' https://*.ipsosante.fr https://ipsosante.fr 'nonce-efeqGaMTnjhj68NDJac37Q=='; connect-src 'self' *.sentry.io api.jitsi.net maps.googleapis.com; form-action 'self' https://ipsosante.fr https://*.ipsosante.fr https://secure.payplug.com; media-src 'self'; default-src 'self'; worker-src 'self' blob:; report-to csp; img-src 'self' https://maps.google.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://ipsosante-website-prod-data.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com/; base-uri 'self'; style-src 'self' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.datatables.net/ 'sha256-u4zw+EA4PiVCHtUYAVUdqVqH1dSw0eNzH9ygKbl8MvM=' 'sha256-LbOxeTeygTVV9t9RBVtZD1RK+6EhNluxuttKS3SO3EE=' 'sha256-bztL4s6ETJC0Yu3xJor1ChPI44D7xWSfIRlAsA/wezo=' 'sha256-agNaNrqve3B20rk7d2CrcqTp74XS45oefvzdrJOPxi0=' 'sha256-f9TnE/2T+X0U+WxhoMRhitUf3uBcXYC7fhVATzplo/o=' 'sha256-x6v85SqpJ73O57lsqKTheSEtXddTa6pe0SYoGxWoKiA=' 'sha256-GWLOt2Biq8EDutkBHy5YqY9qFehXAjlb1xUGXZPFJSo=' 'sha256-mHRWxebJcb7OH5L8y4EOCDaKVuUZ/bERTwMSKp7dgvc=' 'sha256-MoR1/5pQyU/A3MK6ozmcm2I7JCnWf3zcUdYH8KNZfJA=' 'sha256-rhdvL0KcoP6VP1bIm+MMara1443euZNnoI2PAuydxDM=' 'sha256-f21RqudUd21Hn+tyCwO0y9SOgfmpNPQCdEETa0hQCHc=' 'sha256-0xfjfDrJZPYT6MSCJEcuW/V4rWzmKualFFOBVGrzQ9I=' 'sha256-RIKH+Ud+lXeEIBmWZSZwD3ZmmMiWTY5SBE+nhXdYs3I=' 'sha256-LG7ORfcYefKDKaD9mZZR716VXdbGoNfhyu029OehjHs=' 'sha256-N9EDhDoctnenAJ273Wwd2M6Mzrxq1i15n6Q1rRDi+n8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Ew+ac64tx/Fslcpkd+9dcL+TCbfjaI7sQvlMq2DO3IA=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-8yUmIivg5iGRmZXNOVyxl46RhqlD1zwPvDRfajVQ0Mw=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Zw1VGffbffMnOY2qIZ55MfMDqBWPR9FTGAlOqx9FpEw=' 'sha256-0GPQKZe0omCsfvFF3XfEc3IlzBdxXjxWObFmZom/Zfk=' 'sha256-PNsPul0zQFUiYu9XLVKzTdD5Cz5ghp1MT4H5/zAeI3Q=' 'sha256-R5Fpm/HKT6Ivur4LmLQK2BF5Iof1Bzx2i9FDSngmtR0=' 'sha256-KDfgL/bZPCyJ+tKBm7oRZgFNjm7ZbTFqE5GDZBeX8ms=' 'sha256-vIpHqmTnOfjQWDk0CZfF3QMo1P1aG7x5U5iJMdDsIrI=' 'nonce-efeqGaMTnjhj68NDJac37Q=='; frame-ancestors 'self' 1
reflected-xssblock 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ https://helpdesk.keyinvoice.pt/ https://static.botsrv.com/ https://www.youtube.com/ https://googleads.g.doubleclick.net/; 1
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' *.upsearch.cz *.googletagmanager.com fonts.googleapis.com *.google.com *.cloudfront.net *.foxentry.cz cookies.praguebest.cz 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src https: data:;frame-src 'self' widget.packeta.com tracking.affiliateport.eu tracking.affiliateclub.cz ct.pinterest.com *.google.com *.googletagmanager.com *.youtube.com *.hotjar.com *.facebook.com *.criteo.com *.criteo.net *.foxentry.cz *.imedia.cz *.seznam.cz *.zbozi.cz *.go2cloud.org *.heureka.cz *.creativecdn.com creativecdn.com cookies.praguebest.cz *.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobilesentrix.ca https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.fundboxpay.com https://*.behalf.com https://*.paypal.com https://*.searchanise.com https://*.reamaze.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.kxcdn.com https://*.aspnetcdn.com https://*.rawgit.com https://*.jsdelivr.net https://*.cloudflareinsights.com https://*.crazyegg.com/;style-src 'self' 'unsafe-inline' https://*.mobilesentrix.ca https://*.kxcdn.com https://*.googleapis.com https://*.reamaze.com https://*.braintreegateway.com https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://acsbapp.com;img-src 'self' data: https://*.mobilesentrix.ca https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.alexametrics.com https://*.google.co.in https://*.paypal.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gravatar.com https://*.wp.com https://*.gstatic.com https://*.amazonaws.com https://*.doubleclick.net https://*.reamaze.com https://reamaze.com https://*.paypalobjects.com https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://picsum.photos https://*.picsum.photos https://*.repairdesk.co https://acsbapp.com https://*.acsbapp.com;object-src 'none';connect-src 'self' https://*.mobilesentrix.ca https://*.braintreegateway.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.braintree-api.com https://*.reamaze.com https://*.reamaze.io wss://*.reamaze.com https://*.amazonaws.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://acsbapp.com https://*.crazyegg.com/; 1
default-src 'self'; frame-ancestors *.turtle-doves.co.uk *.dotomi.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com; connect-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com cookie-cdn.cookiepro.com ka-p.fontawesome.com cdn.jsdelivr.net *.googleapis.com *.google.com kit.fontawesome.com; script-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com www.gstatic.com cookie-cdn.cookiepro.com kit.fontawesome.com *.googleapis.com *.google.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com cdn.jsdelivr.net *.googleapis.com *.google.com data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com cookie-cdn.cookiepro.com *.google.com *.gstatic.com data: ; object-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com data: ; font-src 'self' rothstaffing.com www.rothstaffing.com *.rothstaffing.com fonts.gstatic.com ka-p.fontawesome.com data: ; frame-ancestors 'self' rothstaffing.com *.rothstaffing.com *.youtube.com *.google.com; frame-src *.youtube.com *.google.com *.flipsnack.com; 1
script-src https: localhost:8080 my.dev.com:8080 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors 'none';            upgrade-insecure-requests;            default-src 'self';            style-src 'self' 'unsafe-inline';            font-src 'self' data:;            script-src 'self' 'sha256-zB736t7NbCRmG8L7CKvKSlKHzxbV3qI2+yuVEdWN1ng=' 'sha256-pEWie+y9Xg/sQLgxqfRcy8H/F0zyQq+Uxlh1aqzZdV4=' *.googletagmanager.com googletagmanager.com https://www.google-analytics.com/analytics.js *.hotjar.com hotjar.com;            img-src 'self' https://strapi-uploads-bucket.s3.amazonaws.com/ https://www.google-analytics.com/ data:;            connect-src 'self' *.google-analytics.com/ stats.g.doubleclick.net/ *.coingecko.com/api/v3/ *.orionx.com/ticker *.hotjar.io/sessions/ *.hotjar.com/ https://client.orionx.com/graphql;            child-src 'self';            frame-src https://vars.hotjar.com/;            object-src 'none';            worker-src 'self';            form-action 'none';             1
base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://blog.tuev-hessen.de/ https://staging-blog.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; frame-src 'self' https://accounts.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/ https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://blog.tuev-hessen.de/ https://staging-blog.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://tags.clickagy.com https://ws.zoominfo.com https://*.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.google-analytics.com; object-src 'self'; style-src  'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src  'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.jsdelivr.net https://aorta.clickagy.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.planisware.com https://www.gstatic.com https://i.ytimg.com; media-src  'self' 'unsafe-inline'; frame-src  'self' 'unsafe-inline' https://www.youtube.com https://player.vimeo.com https://*.planisware.com https://registration.socio.events; frame-ancestors  'self'; child-src  'self' 'unsafe-inline'; font-src  'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://github.com; connect-src  'self' 'unsafe-inline' https://www.google-analytics.com https://196-nzu-737.mktoresp.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://196-nzu-737.mktoutil.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.planisware.com https://planisware.com https://o15468.ingest.sentry.io/api/4504038672826368/store/ https://o15468.ingest.sentry.io/api/4504038672826368/envelope/; upgrade-insecure-requests 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles totallytomatoes.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.acsbapp.com acsbapp.com; default-src 'self' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' totallytomatoes.commercev3.com s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: cdn.commercev3.net *.acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com/cdn.totallytomato.com/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com www.gstatic.com www.totallytomato.com cdn.commercev3.net *.acsbapp.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com s3.amazonaws.com/cdn.totallytomato.com/ cdn.jsdelivr.net cdnjs.cloudflare.com acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com s3.amazonaws.com/cdn.totallytomato.com/ cdn.jsdelivr.net cdnjs.cloudflare.com acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-elem 'self' s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr  'unsafe-inline'; media-src 'self' totallytomatoes.commercev3.com s3.amazonaws.com/cdn.totallytomato.com/ cdn.commercev3.net/cdn.totallytomato.com/ cdn.totallytomato.com www.bing.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-RryrJpMLa3XQ5hMRvGgsoln6YD3wxD/A8mkT08+K46ZkHOxB' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';font-src 'self' fonts.gstatic.com;img-src * 'unsafe-inline' data:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';object-src 'none';connect-src * 'unsafe-inline';frame-src 'self' * 'unsafe-inline' 'unsafe-eval';media-src 'self' * blob: 1
frame-ancestors *.fifa.gg 1
base-uri 'self'; connect-src 'self' https: wss: https://fonts.googleapis.com https://static.hotjar.com https://www.google-analytics.com https://analytics.google.com; default-src 'self' https:; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://pay.e-ghl.com https://securepay.e-ghl.com https://payment.ipay88.com.my https://www.sandbox.paypal.com https://www.paypal.com https://sandbox.molpay.com https://www.onlinepayment.com.my https://test-gateway.mastercard.com https://ap-gateway.mastercard.com https://paynow.sandbox.uno https://paynow.testing.uno https://paynow.pacificbookstores.com https://pacificeshop-v2.testing.uno https://bts.pacificeshop.com; frame-ancestors 'self'; frame-src 'self' https: https://www.google.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: https://www.recaptcha.net https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.polyfill.io https://rawgit.com https://cdn.ckeditor.com https://code.jquery.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://www.paypal.com https://js.stripe.com https://checkout.razorpay.com https://static.getbutton.io https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' data: https: blob:; block-all-mixed-content; upgrade-insecure-requests; report-uri 1
script-src 'self' 'unsafe-inline' https://www.google-analytics.com  https://www.googletagmanager.com; 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vjs.zencdn.net https://cdnjs.cloudflare.com static.cloudflareinsights.com https://view.ceros.com https://ad.doubleclick.net *.cloudfront.net https://www.googletagservices.com *.yieldify.com *.affiliatefuture.com https://connect.facebook.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ad.doubleclick.net https://www.google-analytics.com https://*.googletagmanager.com https://www.jazzhr.com http://app.jazz.co *.stackla.com https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://accdn.lpsnmedia.net https://va.v.liveperson.net *.knack.com *.cloud-database.co *.youtube.com *.ytimg.com *.moatads.com *.google.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.secure.force.com *.lightning.force.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.gstatic.com https://www.googleoptimize.com https://bat.bing.com https://*.clarity.ms/s/0.6.34/clarity.js https://sdk.joinsherpa.io https://cdn.amplitude.com/ *.tiktok.com *.salesforce-sites.com *.googlesyndication.com *.cookielaw.org https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://trackla.stackla.com http://vjs.zencdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com https://fonts.googleapis.com *.stackla.com https://vjs.zencdn.net *.cloud-database.co *.google.com *.salesforce.com https://service.force.com *.secure.force.com *.salesforce-sites.com; img-src * 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io  https://*.g.doubleclick.net https://*.google.com https://*.google; media-src *; frame-src 'self' https://www.jazzhr.com *.applytojob.com http://app.jazz.co https://lpcdn.lpsnmedia.net *.stackla.com *.yieldify.com *.fls.doubleclick.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://view.ceros.com https://www.facebook.com *.affiliatefuture.com *.liveperson.net *.youtube.com *.knack.com *.newrelic.com *.google.com https://service.force.com https://sdk.joinsherpa.io https://apps.joinsherpa.io/ *.tiktok.com td.doubleclick.net https://topdecktravel.outgrow.us/; child-src 'self' https://www.jazzhr.com *.applytojob.com http://app.jazz.co https://lpcdn.lpsnmedia.net *.stackla.com *.yieldify.com *.fls.doubleclick.net *.hotjar.com https://view.ceros.com https://www.facebook.com *.affiliatefuture.com *.youtube.com *.knack.com *.newrelic.com; font-src 'self' data: *.stackla.com https://fonts.gstatic.com https://fonts.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.cloud-database.co *.sfdcstatic.com; connect-src 'self' *.yieldify.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.doubleclick.net https://*.google.com https://*.google *.facebook.com *.google.com *.secure.force.com https://*.clarity.ms *.tiktok.com *.salesforce-sites.com *.salesforce.com topdeck-server-side-tagging-5oerkrosbq-ew.a.run.app https://bat.bing.com *.google.ie *.cookielaw.org *.onetrust.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' 'unsafe-inline' data:; img-src 'self' blob: data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; font-src 'self'; connect-src 'self' https://sentry.io 1
frame-ancestors 'self' https://orovivo-tablet.vercel.app 1
default-src 'none'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://www.google.com; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; manifest-src 'self' 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.google.co.nz *.doubleclick.net *.demdex.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.littlefarms.com *.emarsys.net *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.co.nz *.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.scarabresearch.com *.emarsys.net *.googleapis.com *.newrelic.com *.google.com *.google.co.nz *.gstatic.com *.facebook.net *.nr-data.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com *.googleapis.com *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.scarabresearch.com *.emarsys.net *.googleapis.com *.doubleclick.net *.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'self' https://*.youtube.com https://youtu.be https://vimeo.com https://*.ads-twitter.com https://*.twitter.com https://*.licdn.com https://*.oribi.io https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.google.it https://*.matomo.cloud https://*.typekit.net https://*.onetrust.com https://cdn.cookielaw.org https://*.cloudfront.net https://*.simest.justbit.it https://*.simest.it; img-src https://*.onetrust.com https://cdn.cookielaw.org https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.google.it https://*.googleadservices.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com data: 'self'; font-src https://*.gstatic.com https://*.typekit.net https://*.onetrust.com https://cdn.cookielaw.org https://*.cloudfront.net https://*.simest.justbit.it https://*.simest.it data: 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bthechange.com https://*.bthechange.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' webvisor.com metrika.yandex.kz metrika.yandex.com metrika.yandex.ru mc.yandex.kz mc.yandex.com mc.yandex.ru; 1
default-src 'self' https://forms.hsforms.com; connect-src 'self' https://forms.hsforms.com https://cdn.linkedin.oribi.io https://region1.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://3424221.fs1.hubspotusercontent-na1.net https://fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com https://forms.hsforms.com; img-src 'self' data: https://forms.hsforms.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://js.hsforms.net https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://track.hubspot.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'none'; base-uri 'self'; report-uri https://www.decos.com/en/report-uri/enforce 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cpr.parts https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.fundboxpay.com https://*.behalf.com https://*.paypal.com https://*.searchanise.com https://*.reamaze.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.kxcdn.com https://*.aspnetcdn.com https://*.rawgit.com https://*.jsdelivr.net;style-src 'self' 'unsafe-inline' https://*.cpr.parts https://*.kxcdn.com https://*.googleapis.com https://*.reamaze.com https://*.braintreegateway.com https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://acsbapp.com;img-src 'self' data: https://*.cpr.parts https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.alexametrics.com https://*.google.co.in https://*.paypal.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gravatar.com https://*.wp.com https://*.gstatic.com https://*.amazonaws.com https://*.doubleclick.net https://*.reamaze.com https://reamaze.com https://*.paypalobjects.com https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://picsum.photos https://*.picsum.photos https://*.repairdesk.co https://acsbapp.com https://*.acsbapp.com;object-src 'none';connect-src 'self' https://*.cpr.parts https://*.braintreegateway.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.braintree-api.com https://*.reamaze.com https://*.reamaze.io wss://*.reamaze.com https://*.amazonaws.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://acsbapp.com; 1
default-src 'none'; object-src 'none'; script-src-attr 'self'; script-src docs.omega365.com/nt/api/scripts/ docs.omega365.com/scripts/ docs.omega365.com/nt/scripts/ docs.omega365.com/service-worker/dependencies/ docs.omega365.com/nt/service-worker/dependencies/ docs.omega365.com/lib/ docs.omega365.com/nt/lib/ 'unsafe-eval' 'wasm-unsafe-eval' blob: https://cdn.omega365.com/libs/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-Ut4BU64uLWrRDmUedeFxF7UtuHGOch'; img-src https://omega.omega365.com 'self' https://cdn.omega365.com/libs/ https://*.tile.openstreetmap.org/ blob: data:; style-src 'unsafe-inline' 'self' https://cdn.omega365.com/libs/ https://fonts.googleapis.com; font-src 'self' data: https://cdn.omega365.com/libs/ https://fonts.googleapis.com https://fonts.gstatic.com; form-action https://omega.omega365.com 'self' https://login.microsoftonline.com https://*.officeapps.live.com; connect-src https://omega.omega365.com https://omega365nodeserviceapp.azurewebsites.net 'self' https://cdn.omega365.com/libs/ https://dc.services.visualstudio.com data: blob:; frame-src https://www.youtube.com https://www.youtube-nocookie.com  https://omega.omega365.com 'self' blob: https://omega.omega365.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-ancestors https://omega.omega365.com 'self' https://*.omega365.com; media-src 'self' blob:; base-uri 'self'; child-src 'self'; worker-src 'self' blob:; manifest-src 'self' 1
default-src 'self' https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://vimeo.com https://*.spotify.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube-nocookie.com https://*.monday.com https://*.doubleclick.net; block-all-mixed-content; img-src data: 'self' https://placeholder.inventis.be https://*.ytimg.com https://*.youtube.com https://*.vimeocdn.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.google.be https://*.google.nl; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.vimeo.com https://*.tiktok.com https://*.snapchat.com https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com 'nonce-UBSxBZ2T1Lbet8IMT0q75Q=='; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com; upgrade-insecure-requests 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com *.dunloptyres.com.au *.yotpo.com *.gstatic.com *.zip.co *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.yotpo.com https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://accounts.google.com www.xtento.com *.trustpilot.com *.doubleclick.net *.paypal.com/ *.adsrvr.org *.sharethis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com https://cdn.klarna.com *.paypal.com *.youtube.com *.usercentrics.eu *.googleapis.com *.dunloptyres.com.au *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.trackjs.com *.doubleclick.net *.google.com *.google.com.vn *.googletagmanager.com *.zipmoney.com.au *.zip.co zip.co *.linkedin.com *.facebook.com *.beaurepaires.com.au *.hotjar.com *.inside-graph.com *.clarity.ms *.crwdcntrl.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.avada.io https://www.google.com https://www.gstatic.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu *.googleapis.com *.dunloptyres.com.au *.youtube.com *.yotpo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://accounts.google.com www.xtento.com cdn.xtento.com *.zipmoney.com.au *.zip.co *.trackjs.com *.convertexperiments.com *.hotjar.com *.clarity.ms *.sharethis.com *.inside-graph.com *.crazyegg.com *.facebook.net *.adsrvr.org snap.licdn.com *.trustpilot.com *.webtrends-optimize.com *.newrelic.com *.crwdcntrl.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.googleapis.com *.dunloptyres.com.au *.yotpo.com unsafe-inline https://accounts.google.com https://www.gstatic.com *.zip.co *.inside-graph.com *.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.dunloptyres.com.au *.yotpo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://accounts.google.com *.zipmoney.com.au *.zip.co *.trustpilot.com *.doubleclick.net *.trackjs.com *.google.com *.sharethis.com *.hotjar.io *.hotjar.com *.inside-graph.com *.linkedin.com *.crazyegg.com *.amplitude.com *.cloudfront.net *.clarity.ms wss: *.crwdcntrl.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.hotjar.io *.hotjar.com *.inside-graph.com wss: *.crwdcntrl.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://academy.editshare.com https://academy.editshare.com 1
frame-ancestors *.smapone.com *.emlen.io 1
default-src 'none';script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-2ee12804916b7de6cbb9bd5f17d03174';script-src-elem 'self' 'unsafe-inline' 'nonce-2ee12804916b7de6cbb9bd5f17d03174' https://www.buzzsprout.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://player.vimeo.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://ad.wsod.com https://polyfill.apps.factset.com https://cdn.factset.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://i.vimeocdn.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://bat.bing.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;connect-src 'self' https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net;font-src 'self' https://cdn.factset.com https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://player.vimeo.com https://www.buzzsprout.com/ https://www.google.com https://www.googletagmanager.com https://ad.wsod.com;object-src 'none';base-uri 'self' 1
frame-ancestors 'self' *.einpresswire.com *.evalueserve.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=20rquf5iqu65b&partner=; 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net; img-src https: www.domaintechnik.at https://stats.ledl.net; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net; frame-ancestors https://stats.ledl.net; frame-src https://stats.ledl.net; connect-src 'self' https://stats.ledl.net; 1
frame-ancestors 'self' https://www.rmmonline.co.uk 1
report-to csp-violations-endpoint ; report-uri https://reports.migros.ch/spaces/koe31g/violations ; default-src 'self' ; frame-src 'self' https://*.migros.ch https://chat140.realperson.de https://*.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.google.com https://player.captivate.fm https://static-raetsel.ateleris.com https://comhouse.ch https://chat140.realperson.de https://e.issuu.com https://issuu.com https://www.googletagmanager.com https://oxovision.ch https://my.3dsixty.ch https://plex.maps.arcgis.com https://webapp.migrosvaud.ch https://www.immoscout24.ch https://kunz.lnk.to https://*.sibforms.com https://my.matterport.com https://mtube.migros.net https://datawrapper.dwcdn.net ; frame-ancestors 'self' https://*.migros.ch ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://*.migros.ch https://chat140.realperson.de https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://*.doubleclick.net https://bat.bing.com https://code.jquery.com https://www.youtube.com https://www.google.com https://www.gstatic.com https://*.qualtrics.com https://www.cincopa.com https://rtcdn.cincopa.com https://static-raetsel.ateleris.com https://comhouse.ch https://restaurant.migrosaare.ch https://plugins.flockler.com https://cdn.jsdelivr.net https://mtube.migros.net ; base-uri 'self' ; style-src 'self' 'unsafe-inline' https://chat140.realperson.de https://fast.fonts.net https://rtcdn.cincopa.com https://fonts.googleapis.com https://static-raetsel.ateleris.com https://comhouse.ch https://restaurant.migrosaare.ch https://sibforms.com https://cdn.jsdelivr.net ; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.migros.ch https://chat140.realperson.de https://*.doubleclick.net https://europe-west6-viseca-cumulus-karte.cloudfunctions.net https://www.google.ch https://www.google.com https://www.google.fr https://www.google.de https://www.google.it https://www.google.at https://www.google.li https://*.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://adservice.google.com https://in.hotjar.com https://viseca-cumulus-karte.oa.r.appspot.com https://bat.bing.com https://*.run.app https://www.facebook.com https://*.qualtrics.com https://rtcdn.cincopa.com https://analytics.cincopa.com https://maps.googleapis.com https://chat.viseca.ch https://api.raetsel.ateleris.com https://static-raetsel.ateleris.com https://comhouse.ch https://restaurant.migrosaare.ch https://cdn.cookielaw.org https://translate.googleapis.com wss://chat140.realperson.de https://csi.gstatic.com https://api.flockler.app https://stats-api.flockler.app ; object-src 'self' ; font-src 'self' data: https://cdn.migros.ch https://fonts.gstatic.com https://rtcdn.cincopa.com https://chat140.realperson.de https://static-raetsel.ateleris.com https://assets.sendinblue.com ; img-src 'self' 'unsafe-eval' data: https://*.doubleclick.net https://cdn.cookielaw.org https://*.migros.ch https://*.rokka.io https://chat140.realperson.de https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://www.google.ch https://www.google.fr https://www.google.de https://www.google.it https://www.google.at https://www.google.li https://bat.bing.com https://www.google.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://*.apple.com https://mediacdn.cincopa.com https://rtcdn.cincopa.com https://maps.googleapis.com https://maps.gstatic.com https://play-lh.googleusercontent.com https://fra1.qualtrics.com https://static-raetsel.ateleris.com https://comhouse.ch https://restaurant.migrosaare.ch https://region1.google-analytics.com https://www.kununu.com https://cdn-icons-png.flaticon.com https://tools.applemediaservices.com https://img.mailinblue.com https://*.cdn.flockler.com https://apple-resources.s3.amazonaws.com https://media-api.flockler.com https://*.cdninstagram.com ; manifest-src 'self' ; media-src 'self' ; worker-src 'self' blob: https://chat140.realperson.de ; child-src https://chat140.realperson.de ; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cloudinary.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com *.hotjar.com *.zoominfo.com api.swiftype.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cloudinary.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudinary.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com api.swiftype.com i.ytimg.com img.youtube.com stats.g.doubleclick.net www.google.ca 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cloudinary.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src https://www.youtube.com https://player.vimeo.com https://gispub.epa.gov www.google.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com https://www.youtube-nocookie.com 'self' cloudinary.com *.cloudinary.com; connect-src accounts.google.com *.mktoresp.com *.visualstudio.com https://www.youtube.com/s/player/02208bb4/www-widgetapi.vflset/www-widgetapi.js *.cloudinary.com *.mapbox.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google.com *.google-analytics.com stats.g.doubleclick.net ws.zoominfo.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com cloudinary.com; media-src 'self' data: blob: *.azureedge.net *.cloudinary.com *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cloudinary.com *.mapbox.com blob: *.cookieyes.com cdn-cookieyes.com *.googletagmanager.com *.google-analytics.com *.google.com cloudinary.com 1
default-src 'self' https://cdn.plaid.com; child-src 'self' *.jotform.com https://d3b3ehuo35wzeh.cloudfront.net app.pendo.io; connect-src 'self' 'unsafe-inline' https://rum-http-intake.logs.datadoghq.com https://logs.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://www.google-analytics.com https://www.googletagmanager.com https://app.launchdarkly.com https://events.launchdarkly.com https://clientstream.launchdarkly.com https://fileengine-us-east-2.s3.amazonaws.com https://fileengine-us-west-2.s3.amazonaws.com https://fileengine.s3.amazonaws.com https://fileengine-us-east-2.s3.us-east-2.amazonaws.com https://fileengine-us-west-2.s3.us-west-2.amazonaws.com https://fileengine.s3.us-east-1.amazonaws.com https://rn-help-sites.s3.amazonaws.com wss://tsock.us1.twilio.com *.youtube.com *.youtu.be *.optimum.net *.hapyak.com *.wistia.com *.wi.st *.jotform.com https://vimeo.com *.litix.io https://d3b3ehuo35wzeh.cloudfront.net https://embedwistia-a.akamaihd.net app.pendo.io data.pendo.io pendo-static-5440245533310976.storage.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d3b3ehuo35wzeh.cloudfront.net https://fast.wistia.com https://*.fontawesome.com https://use.typekit.net data:; frame-ancestors https://looker-dev.relaystaging.com https://looker-qa.relaystaging.com https://looker.relaystaging.com https://looker.relaydemo.com https://looker.relayzone.com *.youtube.com *.youtu.be https://vimeo.com *.optimum.net *.hapyak.com *.wistia.com *.wi.st *.walkme.com app.pendo.io; frame-src 'self' blob: https://cdn.plaid.com https://looker-dev.relaystaging.com https://looker-qa.relaystaging.com https://looker.relaystaging.com https://looker.relaydemo.com https://looker.relayzone.com *.youtube.com *.youtu.be https://vimeo.com *.vimeo.com *.optimum.net *.hapyak.com *.wistia.com *.wi.st players.brightcove.net *.jotform.com https://d3b3ehuo35wzeh.cloudfront.net app.pendo.io; img-src 'self' https://s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com data: https://s2.relayit.com *.youtube.com *.youtu.be https://vimeo.com https://i.vimeocdn.com *.optimum.net *.hapyak.com *.wistia.com *.wi.st *.jotform.com https://d3b3ehuo35wzeh.cloudfront.net https://embedwistia-a.akamaihd.net cdn.pendo.io app.pendo.io pendo-static-5440245533310976.storage.googleapis.com data.pendo.io https://i.ytimg.com; media-src blob: 'self' data: *.youtube.com *.youtu.be https://vimeo.com *.optimum.net *.hapyak.com *.wistia.com *.wi.st https://embedwistia-a.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://app.launchdarkly.com https://clientstream.launchdarkly.com https://s3.amazonaws.com https://media.twiliocdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.datadoghq-browser-agent.com https://cdn.polyfill.io https://events.launchdarkly.com https://static.cdn-apple.com https://cdn.plaid.com https://cdnjs.cloudflare.com https://fast.wistia.com https://d3b3ehuo35wzeh.cloudfront.net https://d3sbxpiag177w8.cloudfront.net *.litix.io *.jotform.com 'unsafe-eval' app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5440245533310976.storage.googleapis.com data.pendo.io *.youtube.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d3b3ehuo35wzeh.cloudfront.net https://use.typekit.net https://p.typekit.net app.pendo.io cdn.pendo.io pendo-static-5440245533310976.storage.googleapis.com https://*.fontawesome.com; worker-src blob: 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self'; object-src 'self'; connect-src: 'self' 1
block-all-mixed-content; frame-ancestors *.shoemix.com.br 1
frame-ancestors 'self' *.iyc.com 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.fanplayr.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://d38nbbai6u794i.cloudfront.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.fanplayr.com https://*.googletagmanager.com https://ajax.googleapis.com https://d38nbbai6u794i.cloudfront.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-b434c329-be7a-4171-a8a75b7f34c05ce7'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.fanplayr.com https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-b434c329-be7a-4171-a8a75b7f34c05ce7'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.fanplayr.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.fanplayr.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://d38nbbai6u794i.cloudfront.net https://t.co https://tarteaucitron.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://*.fanplayr.com https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
frame-src 'self' https://www.google.com https://laboperator.labforward.app https://workflow-editor.labforward.app; 1
default-src 'self'; frame-src 'self' https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://youtube.com/ https://www.youtube.com/ https://youtu.be/ https://www.youtu.be/;script-src 'self' https://ajax.aspnetcdn.com https://*.googletagmanager.com https://player.vimeo.com/api/player.js https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fast.fonts.net;img-src 'self' https://i.vimeocdn.com https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com data: dashboard.umbraco.com;font-src 'self' data:;connect-src 'self' https://noembed.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.plyr.io/3.7.8/plyr.svg; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com/translate_static/css/translateelement.css https://www.gstatic.com/charts/51/css/core/tooltip.css 1
script-src 'nonce-5ixEZ2kfv+juit3cziX5BH8EGcw=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
script-src 'self' blob: 'unsafe-inline' platform.twitter.com cdn.syndication.twimg.com analytics.clickdimensions.com snap.licdn.com cdnjs.cloudflare.com cdn.datatables.net *.googleapis.com *.google-analytics.com exactsciences.containers.piwik.pro *.edgefonts.net unpkg.com *.jquery.com *.newtonsoftware.com *.pardot.com *.wistia.com *.wistia.net *.preventiongenetics.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.gstatic.com connect.facebook.net *.b0e8.com *.bc0a.com; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' detectca.easysol.net googleads.g.doubleclick.net *.ytimg.com *.licdn.com *.pixel.ad *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *cutt.ly *cut.ly cutt.ly cut.ly *demorcs.olimpiait.com*; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' *.g.doubleclick.net *.google-analytics.com; font-src 'self' *.gstatic.com data: ; frame-src 'self' *.g.doubleclick.net *.sitescout.com *.google.com *.youtube.com *cutt.ly *cut.ly https://demorcs.olimpiait.com:6319/#/form-citizen/ad01dbdd-b710-44b3-a339-b36635ea79cc  cutt.ly cut.ly; img-src 'self' data: bancopichincha.com.co https://detectca.easysol.net https://pixel.sitescout.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.google.com.co; manifest-src 'self'; media-src 'self'; report-uri https://5f9c3f3965d1a16209ba9040.endpoint.csper.io/; 1
frame-ancestors 'self' http://*.www.eddyvegas.com.com https://*.www.eddyvegas.com.com ; 1
frame-ancestors 'self' https://oze-cycow.pl https://solary-zwierzyniec.eu; 1
frame-ancestors https://*.kapowcasino.dk 1
frame-ancestors 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data: blob: 'unsafe-inline'; font-src https: data: blob: 'unsafe-inline' 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-9f3ae0a5c32f7981ea6ee04d6697b435' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.clarity.ms *.abtasty.com *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src 'self';script-src 'self' https://checkout.stripe.com https://player.vimeo.com https://maps.googleapis.com https://js.stripe.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-3e09505629084d329ba4214c5dd277b2';img-src 'self' data: https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com https://www.googletagmanager.com https://www.google-analytics.com blob:;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com;frame-src 'self' https://player.vimeo.com https://js.stripe.com https://www.youtube.com https://docs.google.com;connect-src 'self' https://fcmregistrations.googleapis.com https://firebaseinstallations.googleapis.com https://api.postcodes.io https://www.google-analytics.com https://maps.googleapis.com https://firebase.googleapis.com wss://*;worker-src 'self' blob:; 1
frame-ancestors 'self' '*.workanyware.co.uk'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' code.jquery.com www.google.com www.gstatic.com; style-src 'unsafe-inline' 'self' code.jquery.com data:; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' www.google.com; img-src 'self' http://www.w3.org http://jigsaw.w3.org data: ; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://4p41vfxq6c.execute-api.eu-central-1.amazonaws.com/prd/report; 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com *.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz cdnjs.cloudflare.com *.googletagmanager.com *.pinterest.com *.maxcdn.com www.shopalike.hu *.privacysandbox.googleadservices.com www.heureka.cz www.googleadservices.com *.gstatic.com *.g.doubleclick.net *.heureka.sk www.google.com www.google.cz *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com www.facebook.com *.googleapis.com *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.heureka.sk *.pinimg.com *.daktela.com *.clarity.ms *.google.com *.luigisbox.com *.favicdn.net *.cloudflare.com *.criteo.com *.gopay.com *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleapis.com bianopixel.com pixel.biano.hu bianopixel.com www.shopalike.hu c.imedia.cz *.smartlook.com *.smartlook.cloud *.targito.expedo.hu *.targito.com *.cloudflare.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.luigisbox.com *.daktela.com *.pinterest.com *.clarity.ms *.analytics.google.com *.google-analytics.com *.googleapis.com www.facebook.com *.bianopixel.com p.biano.hu partner-events.favi.hu *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo.hu *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.pinterest.com *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.sk *.foxentry.cz *.foxentry.com *.targito.com *.bubbleapps.io; worker-src blob: *.foxentry.cz *.foxentry.com 1
default-src 'unsafe-inline' 'unsafe-eval' wss: http: https: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.pl https://m.lookfantastic.pl https://checkout.lookfantastic.pl https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.toyota.hr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src https://api.callpage.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.callpage.io 'self'; font-src fonts.googleapis.com https://themes.googleusercontent.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com themes.googleusercontent.com https://boxideagetin-prod.ext.e-point.pl xxx.xxx.xx https://admin-boxideagetin-test.ext.e-point.pl https://admin-boxideagetin-prod.ext.e-point.pl 'self'; style-src www.googletagmanager.com https://*.callpage.io www.google.com www.googleapis.com tagmanager.google.com https://www.s.ytimg.com https://www.ytimg.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src myao.adocean.pl ssl.gstatic.com www.s-passets.pinimg.com https://www.facebook.com https://*.googleapis.com stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.com https://*.g.doubleclick.net www.googletagmanager.com https://*.callpage.io www.gstatic.com www.google-analytics.com www.0.s-nk.pl clients1.google.com https://www.google.com https://analytics.google.com www.linkedin.com https://www.i1.ytimg.com https://www.googleapis.com *.ggpht.com https://www.google.pl www.ghmpl.hit.gemius.pl https://region1.analytics.google.com https://maps.gstatic.com https://*.googletagmanager.com www.passets.pinterest.com ghmpl.hit.gemius.pl https://*.google-analytics.com www.s3.cdn03.imgwykop.pl https://www.google-analytics.com https://www.twitter.com www.passets.pinimg.com www.s.c.lnkd.licdn.com https://*.analytics.google.com 'self' data:; frame-src https://consentcdn.cookiebot.com www.wykop.pl www.facebook.com https://signin.kontomatik.com https://ls.hit.gemius.pl https://s-static.ak.facebook.com https://bid.g.doubleclick.net https://www.s-static.ak.facebook.com ls.hit.gemius.pl https://www.facebook.com www.google.com https://www.google-analytics.com static.ak.facebook.com www.youtube.com https://e.ingbank.pl https://www.wykop.pl https://www.youtube.com 'self'; script-src myao.adocean.pl https://signin.kontomatik.com www.widgets.pinterest.com https://consent.cookiebot.com https://www.ssl.gstatic.com https://*.googleapis.com stats.g.doubleclick.net pro.hit.gemius.pl www.google.com https://www.ghmpl.hit.gemius.pl www.gstatic.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com www.myao.adocean.pl www.google-analytics.com www.0.s-nk.pl https://www.google.com www.cdn.api.twitter.com connect.facebook.net *.gstatic.com https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://api.callpage.io adocean-pl.hit.gemius.pl https://api-cdn6.callpage.io https://pro.hit.gemius.pl/ https://www.googleadservices.com https://www.s-static.ak.facebook.com https://core.callpage.io https://www.oauth.googleusercontent.com https://callpage.io tagmanager.google.com https://www.s.ytimg.com https://*.gstatic.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net www.googletagmanager.com https://ghmpl.hit.gemius.pl https://consentcdn.cookiebot.com www.linkedin.com https://www.google.pl https://maps.gstatic.com https://cdn-widget.callpage.io https://www.google-analytics.com www.pro.hit.gemius.pl www.platform.twitter.com https://www.apis.google.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://googleads.g.doubleclick.net 'self'; connect-src https://consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.callpage.io https://*.google-analytics.com https://api.callpage.io https://www.google-analytics.com https://*.analytics.google.com 'self' 1
base-uri 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.google.com  *.google.co.in https://*.plumb5.com *.livserv.in.com *.livserv.in *.jquery.com youtube.com *.youtube.com *.facebook.net *.alexa.com *.gstatic.com *.googleadservices.com *.taboola.com *.alexametrics.com *.google-analytics.com facebook.com *.facebook.com *.googletagmanager.com *.doubleclick.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' survey2connect.com 103.179.48.101 *.nivabupa.com *.w3schools.com 1
frame-ancestors 'self'; default-src 'self' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://www.youtube.com https://*.wivaidev.com; img-src 'self' https://*.demandware.net https://i.ytimg.com https://img.youtube.com https://*.salesforce.net https://*.salesforce.com https://*.apiwivai.com https://metrics.caixabank.es/ data: ; style-src 'self' 'unsafe-inline' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com; font-src 'self' data: ; script-src 'self' 'unsafe-inline' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com https://*.demandware.net https://*.cquotient.com https://tags.tiqcdn.com/; connect-src 'self' https://*.apiwivai.com https://*.wivai.es https://*.wivai.com https://*.wivai.cat https://*.wivaidev.com https://dpm.demdex.net/; form-action 'self' *.redsys.es 1
frame-ancestors 'self' https://www.allsmart.gr/; 1
default-src * 'unsafe-inline' 'unsafe-eval' sensorsanalytics://trackEvent; img-src 'self' data: https: http: blob: ; font-src 'self' data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.sinopac.com www.google-analytics.com  https://www.googletagmanager.com  https://maps.googleapis.com https://maps.gstatic.com https://connect.facebook.net http://tracking.alphaloan.co https://img.scupio.com http://d.line-cdn.net https://googleads.g.doubleclick.net https://d.line-scdn.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.sinopac.com https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' *.sinopac.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googletagmanager.com.br https://www.googletagmanager.com.br https://googletagmanager.com https://www.googletagmanager.com https://chatbot.mundiale.com.br https://*; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://witcraft-config-files.mundiale.com.br https://witcraft-config-lps.mundiale.com.br https://www.google.com.br/ads https://*; font-src 'self'; object-src 'none'; connect-src 'self' https://public-api.mundiale.com.br https://public-api-cloud.mundiale.com.br https://googletagmanager.com.br https://www.googletagmanager.com.br https://google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://*; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src 'self' https://mundiale.chat.blip.ai https://*; 1
default-src 'self' blob:; style-src  'self' 'unsafe-inline' https://www.google-analytics.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ ; font-src 'self'; img-src 'self' data:www.googletagmanager.com www.google-analytics.com blob:; connect-src 'self'; media-src 'self'; object-src 'self' blob:; report-uri /api/CspReport/Log 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self' 1
connect-src https: 'unsafe-inline' 'unsafe-eval'; object-src https: 'unsafe-inline' 'unsafe-eval'; manifest-src https: 'unsafe-inline' 'unsafe-eval'; worker-src https: 'unsafe-inline' 'unsafe-eval'; style-src-elem https: 'unsafe-inline' 'unsafe-eval'; style-src-attr https: 'unsafe-inline' 1
default-src * 'self' ellibertador.co *.ellibertador.co ; font-src 'self' data: *.googleapis.com *.ellibertador.co *.gstatic.com ;  script-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ellibertador.co *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.ellibertador.co; img-src data: 'self' googletagmanager.com *.googletagmanager.com *.cloudfront.net ;  object-src data: 'self' ;  frame-src data: *.google.com *.googletagmanager.com *.ellibertador.co ellibertador.co ; base-uri 'self'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src http: https: ws: wss: blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://www.velez.com.co https://cuerosvelezco.myvtex.com; 1
script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com; worker-src blob: 1
frame-ancestors 'self' https://ohws.prospective.ch https://jobs.vpbank.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.donte.com.br; img-src 'self' https: data: blob: https://masto.donte.com.br; style-src 'self' https://masto.donte.com.br 'nonce-PLUJGsWaWuZ3LS1pE5e0qg=='; media-src 'self' https: data: https://masto.donte.com.br; frame-src 'self' https:; manifest-src 'self' https://masto.donte.com.br; form-action 'self'; connect-src 'self' data: blob: https://masto.donte.com.br https://images.masto.donte.com.br wss://masto.donte.com.br; script-src 'self' https://masto.donte.com.br 'wasm-unsafe-eval'; child-src 'self' blob: https://masto.donte.com.br; worker-src 'self' blob: https://masto.donte.com.br 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-UVJFI/DzYEgxIn7t4oNaGg==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-HvvN5yPriLCRgi9bVg0Hozz+q2IBkC2kcKL/3qvA0J8=' 'sha256-xGW3t2xpyqjAcyhMhYMWQzn6m/fL1Wj/aig8sUa54o0=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io 'unsafe-inline'; connect-src 'self' *.fyndiq.se *.cdon-qlty.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.azurewebsites.net https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel:; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
default-src 'self' blob: *.kampyle.com *.medallia.com http://notify.bluecoat.com/ https://oap7.sprintpcs.com http://oap7.sprintpcs.com https://device.payfone.com:4443 http://device.payfone.com https://auth.svcs.verizon.com:22790 maps.googleapis.com *.iovation.com scripts.neuro-id.com https://cdn.inpwrd.net *.iesnare.com *.adsafeprotected.com l.betrad.com c.evidon.com smartasset.com cdn-assets-prod.s3.amazonaws.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com *.google-analytics.com g.3gl.net *.googletagmanager.com icm.aexp-static.com aeresource.tui.transunion.com *.aexp-static.com *.americanexpress.com *.qualtrics.com *.transunion.com *.truelink.com *.trustev.com *.entrust.net *.googlesyndication.com *.lunametrics.com *.bluecoat.com *.mpsnare.iesnare.com mpsnare.iesnare.com rules.quantcount.com sp.analytics.yahoo.com *.google.ca adservice.google.ca *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.visualwebsiteoptimizer.com *.brightcove.com *.brightcovecdn.com cloudfront.net *.prod.boltdns.net  *.adobedtm.com *.force.com *.my.salesforce.com *.doubleclick.net; frame-src 'self' *.kampyle.com *.medallia.com http://notify.bluecoat.com/ *.iovation.com *.adobedtm.com *.iesnare.com *.adsafeprotected.com l.betrad.com c.evidon.com *.evenfinancial.com aexp.demdex.net cdn-assets-prod.s3.amazonaws.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com *.google-analytics.com g.3gl.net *.googletagmanager.com icm.aexp-static.com aeresource.tui.transunion.com *.aexp-static.com *.americanexpress.com *.qualtrics.com *.chase.creditviewdashboard.com *.creditviewdashboard.com *.mycreditguide.americanexpress.com membership.trueidentity.com membership.tui.transunion.com *.amazon-adsystem.com *.amazon.adsystem.com smartasset.com *.transunion.com *.truelink.com app.optimizely.com *.cdn.optimizely.com *.doubleclick.net *.qnsr.com *.trustev.com *.mediaplex.com *.credit.com *.go2cloud.org *.googlesyndication.com *.cordlessmedia.go2cloud.org *.bluecoat.com *.facebook.com usbank.demdex.net *.google.ca adservice.google.ca sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.google.com *.googletagservices.com transunion.ifgza3.net *.brightcove.net *.force.com *.my.salesforce.com https://directcnstrk.com https://insight.adsrvr.org/ https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-west.medallia.com identity-force.sjv.io canada.pxf.io https://transunion.demdex.net https://p.teads.tv https://fledge.teads.tv; connect-src 'self' blob: wss: https://*.g.doubleclick.net https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com *.kampyle.com *.medallia.com http://notify.bluecoat.com/ maps.googleapis.com mpsnare.iesnare.com *.adobedtm.com *.iovation.com receiver.neuroid.cloud *.iesnare.com *.sundaysky.com x.bidswitch.net tags.srv.stackadapt.com *.taboola.com dev.visualwebsiteoptimizer.com *.google.ca aetracking.tuciservices.com *.evenfinancial.com click.linksynergy.com cdn-assets-prod.s3.amazonaws.com *.mpsnare.iesnare.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com g.3gl.net icm.aexp-static.com aeresource.tui.transunion.com *.aexp-static.com *.qualtrics.com *.mytrueidentity.com mpsnare.iesnare.com *.mycreditguide.americanexpress.com *.americanexpress.com members.transunion.ca translate.googleapis.com *.creditviewdashboard.com offers.creditviewdashboard.com smartasset.com smetrics.usbank.com *.transunion.com *.truelink.com *.logx.optimizely.com *.optimizely.com *.quinstreet.com *.nextinsure.com *.shmktpl.com *.surehits.com *.demdex.net dr5dymrsxhdzh.cloudfront.net *.3gl.net *.smartasset.com api.mixpanel.com *.smrt.as cdn.mxpnl.com *.google-analytics.com *.doubleclick.net *.facebook.net *.myfonts.net *.scorecardresearch.com *.voicefive.com *.chase.com *.googletagservices.com *.googletagmanager.com *.qnsr.com *.trustev.com *.bing.com *.google.com *.gstatic.com *.facebook.com *.smartasset.com smetrics.sdcvisit.com adservice.google.ca sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com transunion.ifgza3.net pagead2.googlesyndication.com *.brightcovecdn.com *.brightcove.com manifest.prod.boltdns.net *.force.com *.my.salesforce.com https://cm.teads.tv https://t.teads.tv https://pixelconnector.pixeltracker.co https://pixelconnector.pixeltracker.co https://resources.digital-cloud-west.medallia.com https://ubt-lb.digital-cloud-west.medallia.com https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.tt.omtrdc.net https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net identity-force.sjv.io canada.pxf.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://api.company-target.com https://transunionprod.112.2o7.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.kampyle.com *.medallia.com https://www.gstatic.com/ http://notify.bluecoat.com/ *.cloudfront.net *.adsafeprotected.com l.betrad.com c.evidon.com *.google.ca cdn-assets-prod.s3.amazonaws.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com *.google-analytics.com g.3gl.net *.googletagmanager.com icm.aexp-static.com aeresource.tui.transunion.com *.aexp-static.com *.americanexpress.com membership.tui.transunion.com membership.trueidentity.com *.chase.creditviewdashboard.com *.transunion.com *.truelink.com 'unsafe-inline' *.myfonts.net *.googleapis.com *.bing.com *.google.com *.trustev.com adservice.google.ca sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.force.com *.my.salesforce.com *.doubleclick.net https://resources.digital-cloud-west.medallia.com https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com; script-src 'self' blob: https://*.googletagmanager.com http://pixel.admedia.com *.kampyle.com *.medallia.com https://static.cdn-apple.com/ http://notify.bluecoat.com/ https://myjobhelper.advertserve.com maps.googleapis.com *.iovation.com scripts.neuro-id.com https://cdn.inpwrd.net *.adobedtm.com *.iesnare.com *.adsafeprotected.com l.betrad.com c.evidon.com play.sundaysky.com tags.srv.stackadapt.com *.taboola.com aetracking.tuciservices.com *.google.ca secure.rspcdn.com www.rsptrack.com *.evenfinancial.com cdn-assets-prod.s3.amazonaws.com *.amazonaws.com rules.quantcount.com sp.analytics.yahoo.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com r.3gl.net aerest.tui.transunion.com g.3gl.net icm.aexp-static.com aeresource.tui.transunion.com *.aexp-static.com *.pulseinsights.com *.qualtrics.com *.mytrueidentity.com *.mycreditguide.americanexpress.com *.dashlane.com *.creditviewdashboard.com *.creditprofile.transunion.ca secure.truecredit.com mycreditguide.americanexpress.com membership.trueidentity.com members.transunion.ca *.chase.creditviewdashboard.com 'unsafe-eval' 'unsafe-inline' *.yahoo.com *.quantcount.com *.americanexpress.com mpsnare.iesnare.com dpm.demdex.net adservice.google.ca *.transunion.com *.truelink.com *.entrust.net *.pulseinsights.com *.doubleclick.net *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.optimizely.com *.optimizely.s3.amazonaws.com *.entrust.net *.pulseinsights.com *.quantserve.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net/js/tu.js *.adsprotection.com *.quinstreet.com *.nextinsure.com nexus.ensighten.com smetrics.usbank.com metrics.usbank.com cas.cluep.com *.trustev.com cdn.mxpnl.com *.myfonts.net *.scorecardresearch.com *.voicefive.com adfarm.mediaplex.com *.dotomi.com *.chase.com *.googletagservices.com *.qnsr.com *.googleapis.com tagmanager.google.com *.google.com *.transunion.ca connect.facebook.net amplify.outbrain.com *.trustev.com *.img-cdn.mediaplex.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.bing.com *.3gl.net *.creditcheckingtoday.com *.googleadservices.com *.googletagservices.com *.ethn.io *.quora.com ethn.io *.googlesyndication.com smartasset.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.visualwebsiteoptimizer.com d.impactradius-event.com *.brightcove.com *.brightcove.net *.cloudfront.net *.d39se0h2uvfakd.cloudfront.net *.force.com *.my.salesforce.com *.salesforceliveagent.com https://p.teads.tv https://tracker.pixeltracker.co https://js.adsrvr.org https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud-west.medallia.com https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://a.smtrk.net/ https://www.upsellit.com https://utt.impactcdn.com https://*.googletagmanager.com tags.tiqcdn.com *.usbank.com *.omtrdc.net *.tt.omtrdc.net *.demdex.net; img-src 'self' data: https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com *.kampyle.com *.medallia.com *.cloudfront.net cdn.wallethub.com goto.eagledata.biz aetracking.tuciservices.com http://notify.bluecoat.com/ https://auth.svcs.verizon.com:22790 https://oap7.sprintpcs.com http://oap7.sprintpcs.com http://device.payfone.com https://device.payfone.com:4443 www.dianomi.com *.googleusercontent.com gwmtracking.com https://auth.svcs.verizon.com oap7.sprintpcs.com device.payfone.com https://afftracr.com maps.googleapis.com *.iovation.com *.adobedtm.com *.iesnare.com *.adsafeprotected.com l.betrad.com c.evidon.com hdr.sundaysky.com play.sundaysky.com srv.stackadapt.com x.bidswitch.net pixel.rubiconproject.com rtb-csync.smartadserver.com i.liadm.com trc.taboola.com *.taboola.com cx.atdmt.com merchant.linksynergy.com adfarm.mediaplex.com cdn-assets-prod.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com g.3gl.net icm.aexp-static.com *.aexp-static.com *.pulseinsights.com aeresource.tui.transunion.com membership.trueidentity.com membership.tui.transunion.com smetrics.usbank.com mycreditguide.americanexpress.com secure.truecredit.com *.chase.creditviewdashboard.com *.creditprofile.transunion.ca *.creditviewdashboard.com *.secure.truecredit.com *.mytrueidentity.com *.mycreditguide.americanexpress.com *.americanexpress.com members.transunion.ca translate.googleapis.com adservice.google.ca offers.creditviewdashboard.com adfarm.mediaplex.com *.demdex.net *.transunion.com *.truelink.com *.e-tui.transunion.com *.entrust.net *.pulseinsights.com *.convertro.com *.krxd.net *.surehits.com *.capitalone.com *.creditcheckingtoday.com *.domdex.com *.doubleclick.net *.ensighten.com *.facebook.com *.fastclick.net *.gofreecredit.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.icclicktracker.com *.media6degrees.com *.msn.com *.naturaltracking.com *.optimizely.com *.outbrain.com *.quantserve.com *.trkot.cake.aclz.net *.tubemogul.com *.turn.com *.yahoo.com *.yimg.com *.yourscoreonline.com *.googletagservices.com hqx-qmp.quinstreet.com imageserver.quinstreet.com *.rlcdn.com cas.cluep.com *.trustev.com dr5dymrsxhdzh.cloudfront.net *.smrt.as *.smartasset.com img.mediaplex.com secure.img-cdn.mediaplex.com *.chase.com *.bing.com *.google.com *.transunion.ca *.adnxs.com *.googletagmanager.com *.emjcd.com *.3gl.net *.admarketplace.net *.adsprotection.com *.adstrackmobile.go2cloud.org *.advertising.com *.amazon-adsystem.com *.commissionsoup.com *.credit.com *.e-tui.transunion.com *.googletagservices.com *.aclz.net *.go2cloud.org *.emjcd.com *.quora.com *.ethn.io *.adstrck.com *.dotomi.com *.android.com *.cdn.optimizely.com *.qnsr.com *.nextinsure.com *.serving-sys.com *.nextinsure.com *.bluecoat.com *.googlesyndication.com *.nextinsure.com *.everesttech.net *.google.ca sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.qualtrics.com *.visualwebsiteoptimizer.com transunion.ifgza3.net www.ojrq.net tapestry.tapad.com logs-01.loggly.com idsync.rlcdn.com *.evenfinancial.com *.visualforce.com *.my.salesforce.com cfstatic.efdevhub.info https://l.teads.tv https://t.teads.tv https://screencaptue-cdn.kampyle.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://insight.adsrvr.org https://aff-tag.evenfinancial.com https://s3.amazonaws.com/images.evenfinancial.com ad.doubleclick.com identity-force.sjv.io canada.pxf.io https://www.ojrq.net https://tapestry.tapad.com https://logs-01.loggly.com https://idsync.rlcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://transunionprod.112.2o7.net https://cm.teads.tv/v3/conversion https://nextinsure.com; font-src 'self' data: *.kampyle.com *.medallia.com http://notify.bluecoat.com/ *.cloudfront.net maps.googleapis.com *.iovation.com *.adobedtm.com *.iesnare.com *.adsafeprotected.com l.betrad.com c.evidon.com *.google.ca cdn-assets-prod.s3.amazonaws.com *.lpsnmedia.net *.liveperson.net stats.g.doubleclick.net omns.americanexpress.com nexus.ensighten.com r.3gl.net aerest.tui.transunion.com *.google-analytics.com g.3gl.net *.googletagmanager.com icm.aexp-static.com aeresource.tui.transunion.com *.creditviewdashboard.com *.creditprofile.transunion.ca *.chase.creditviewdashboard.com *.secure.truecredit.com secure.truecredit.com mycreditguide.americanexpress.com membership.tui.transunion.com membership.trueidentity.com fonts.googleapis.com *.mytrueidentity.com *.mycreditguide.americanexpress.com *.americanexpress.com members.transunion.ca translate.googleapis.com *.aexp-static.com *.transunion.com *.truelink.com *.gstatic.com adservice.google.ca sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.doubleclick.net https://resources.digital-cloud-west.medallia.com https://nebula-cdn.kampyle.com; media-src 'self' blob: data: http://notify.bluecoat.com/ maps.googleapis.com *.iovation.com *.adobedtm.com *.iesnare.com *.lpsnmedia.net *.liveperson.net *.adsafeprotected.com l.betrad.com c.evidon.com *.web.sundaysky.com hdr.sundaysky.com mpsnare.iesnare.com *.google.ca adservice.google.ca stats.g.doubleclick.net sp.analytics.yahoo.com rules.quantcount.com *.quantcount.com *.yahoo.com *.amazon.adsystem.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com *.doubleclick.net; child-src 'self' *.brightcove.net *.transunion.com https://directcnstrk.com 1
object-src 'none' *.aeon.co.id; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src https: 'unsafe-inline'; img-src * data: 1
font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://*.doubleclick.net https://cdn.jsdelivr.net *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.criteo.com https://*.criteo.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.criteo.net data: https://www.google.co.id https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com https://blogspr.mocil.id https://cdn.jsdelivr.net https://s3.amazonaws.com https://code.jquery.com www.gstatic.com/recaptcha https://mocil.id https://storage.googleapis.com https://cm.g.doubleclick.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://adgen.socdm.com https://tg.socdm.com https://cs.adingo.jp https://ad.360yield.com https://s.ad.smaato.net https://ade.clmbtech.com https://ib.adnxs.com https://ups.analytics.yahoo.com https://hb.yahoo.net https://beacon.krxd.net https://*.facebook.com https://*.criteo.com https://criteo-sync.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://*.facebook.net https://*.pusher.com/ https://www.googleadservices.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com https://*.doubleclick.net https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://www.googleadservices.com http://www.googleadservices.com https://cdn.jsdelivr.net https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://static.hotjar.com https://script.hotjar.com https://*.tiktok.com/ https://analytics.tiktok.com https://unpkg.com http://*.criteo.com https://*.criteo.com https://*.criteo.net; style-src 'self' 'unsafe-inline' 'report-sample' https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; worker-src https://www.google-analytics.com blob: 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.ratgeber-herzinsuffizienz.de/report-uri/enforce 1
script-src 'self' https://seycelnw.recargasdemexico.com.mx/ https://seycel.net/chat/ *.google.com https://www.gstatic.com/ apis.googleapis.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net/; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://cdn-cookieyes.com https://*.doubleclick.net https://*.googletagmanager.com/; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 1
frame-ancestors 'self' *.mylsb.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://*.wistia.com https://*.wistia.net https://go.sambanova.ai; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://ws.zoominfo.com https://munchkin.marketo.net https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://ipmeta.io https://connect.facebook.net https://cdn.bizible.com https://snap.licdn.com https://static.ads-twitter.com https://tags.srv.stackadapt.com https://script.hotjar.com https://acsbapp.com https://pi.pardot.com https://sidebar.bugherd.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me https://unpkg.com https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.zi-scripts.com https://yoast.com https://cdn.jsdelivr.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn.jsdelivr.net https://tags.srv.stackadapt.com https://*.qasambanova.wpengine.com https://unpkg.com blob: https://fast.wistia.com https://button.glitch.me https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://cdn.bizible.com https://cdn.acsbapp.com https://d2iiunr5ws5ch1.cloudfront.net https://sidebar.bugherd.com https://www.facebook.com data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://t.co https://analytics.twitter.com https://go.sambanova.ai https://sambanova.ai https://cdn.bizibly.com https://boards.greenhouse.io https://px4.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://connect.facebook.net https://cdn.jsdelivr.net secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://639-jem-474.mktoresp.com https://tags.srv.stackadapt.com https://cdn.acsbapp.com https://in.hotjar.com wss://ws.hotjar.com https://content.hotjar.io https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://ws.zoominfo.com https://csmetrics.hotjar.com https://cdn.linkedin.oribi.io https://sockjs.pusher.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com https://ipmeta.io https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io https://forms.hscollectedforms.net https://forms.hsforms.com https://api.hubapi.com https://track.hubspot.com https://js.zi-scripts.com https://my.yoast.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://cdn.jsdelivr.net data: https://*.wistia.com https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://sambanova.ai https://boards.greenhouse.io https://cdn.jsdelivr.net; frame-src 'self' https://sidebar.bugherd.com https://www.facebook.com https://fast.wistia.com https://fast.wistia.net https://play.libsyn.com https://go.sambanova.ai https://sambanova.ai https://boards.greenhouse.io https://td.doubleclick.net/ *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org pghub.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org www.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;child-src 'none';connect-src 'self' forms.hsforms.com *.backblazeb2.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com app.posthog.com;default-src 'self';font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com;form-action 'self' forms.hsforms.com;frame-ancestors www.youtube.com;frame-src www.youtube.com player.vimeo.com www.youtube-nocookie.com forms.hsforms.com js.hsforms.net/forms/embed/v2.js calendly.com iframe.cloudflarestream.com secure.safewebservices.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;img-src 'self' blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: forms.hsforms.com forms-na1.hsforms.com;manifest-src 'self';media-src 'self';object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com embed.cloudflarestream.com analytics.redballoon.work secure.safewebservices.com app.posthog.com js.hsforms.net/forms/embed/v2.js;style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com 'unsafe-inline' app.posthog.com;worker-src 'self'; 1
img-src * blob: data:;             worker-src 'self' 'unsafe-eval' blob:;              object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.facebook.net *.hotjar.com polyfill.io *.viostream.com ssl.p.jwpcdn.com www.googletagmanager.com https://tagmanager.google.com cdnjs.cloudflare.com www.google-analytics.com https://www.google.com  https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net/ blob:;             default-src 'unsafe-inline' 'unsafe-eval' 'self' uat-sso.esa.edu.au sso.esa.edu.au https://www.google.com www.google-analytics.com *.hotjar.com vc.hotjar.io static.cloudflareinsights.com *.viostream.com www.youtube.com fonts.gstatic.com *.fontawesome.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://g.jwpsrv.com cdnjs.cloudflare.com fonts.googleapis.com  ajax.googleapis.com *.facebook.net https://www.facebook.com www.googletagmanager.com www.gstatic.com http://ssl.p.jwpcdn.com https://stats.g.doubleclick.net https://use.typekit.net https://p.typekit.net/ https://browser-update.org/ blob: data:; 1
default-src 'none'; block-all-mixed-content; script-src 'self' vimeo.com www.googletagmanager.com 'sha256-dnrBbfBeAHejZKU3WHnJyTCKO/sHwHFJXAogExZmFkE='; script-src-elem 'self' 'sha256-VVprJ7SpNifcwga2AZwyS5cTEwNF0xfuAU2O+SZVeZQ=' 'sha256-ka3xBp9kPEdafj6sE97HFhpJY8ZN+Aj6Fv/z1KyWvBQ=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' i.vimeocdn.com cdn.cookielaw.org; font-src 'self' fonts.gstatic.com; manifest-src 'self'; connect-src 'self' immunity-twitter.herokuapp.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com 1
frame-ancestors 'self' *.screen.cloud *.screencloud.com *.firebase.com *.googleapis.com *.gstatic.com *.s3.amazonaws.com *.cloudfront.net *.screencloudapp.com *.imgix.net *.sentry.io *.screencloudapps.com *.api.filepicker.io *.assets.filepicker.io *.filepicker.io *.datadoghq.com https://www.jsfiddle.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.addthis.com *.algolia.net *.algolianet.com *.amazonaws.com *.cloudflare.com *.cloudflareinsights.com *.cloudfront.net *.doubleclick.net *.dropbox.com *.facebook.com *.flourish.studio *.github.com *.global.siteimproveanalytics.io *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io *.infogr.am *.infogram.com *.khorel.com *.mapbox.com *.medium.com *.nr-data.net *.pcdn.co *.randomhow.com *.sciencedirectassets.com *.scite.ai *.sharethis.com *.sites.pressdns.com *.tableau.com *.twitter.com *.unicef.io *.unicef.org *.userway.org *.usrfiles.com *.youtu.be *.youtube.com acaps.org acw.elsevier.com acw.sciencedirect.com advancingnutrition.org aidsinfo.unaids.org alliancecpha.org analytical-framework.netlify.app apps.who.int ars.els-cdn.com arxiv.org assets.adobedtm.com atlas.jifo.co au.int avenirhealth.org bam-cell.nr-data.net benthamscience.com bettercarenetwork.org bit.ly blob: blogs.bmj.com blogs.unicef.org bmcinthealthhumrights.biomedcentral.com bmcpregnancychildbirth.biomedcentral.com bmj.com bsg.ox.ac.uk c.sharethis.mgr.consensu.org cdc.gov cdn-images.mailchimp.com cdn-ukwest.onetrust.com cdn.cookielaw.org cdn.jifo.co cdn.jsdelivr.net cdn.pdst.fm cdn.plu.mx cdn.wfp.org childinfo.org childmortality.org childrenandaids.org collections.plos.org connect.facebook.net cookie-cdn.cookiepro.com crvsgateway.info data2.unhcr.org data2x.org data: dataforchildrencollaborative.com disabilityandhealthjnl.com displacement.iom.int documents.worldbank.org doi.org download.thelancet.com dpm.demdex.net dx.doi.org ec.europa.eu ecdc.europa.eu economist.com en.unesco.org endmalaria.org epidem.org euromomo.eu faculty.washington.edu flo.uri.sh flourish.studio fn.bmj.com fragomen.com gaml.uis.unesco.org gava.org gavi.org gemreportunesco.wordpress.com generationunlimited.org geolocation.onetrust.com gh.bmj.com gigaconnect.org github.com globalbreastfeedingcollective.org globalhealth5050.org globalnutritionreport.org gmdac.iom.int googleads.g.doubleclick.net googletagmanager.com guttmacher.org healthdata.org healthynewbornnetwork.org hrw.org i.ytimg.com ilo.org images.jifo.co infogram.com internal-displacement.org internationaldisabilityalliance.org iom.int itu.int jamanetwork.com journals.plos.org js-agent.newrelic.com link.springer.com livessavedtool.org mailchi.mp map.ox.ac.uk mcusercontent.com measuredhs.com micronutrientforum.org mics.unicef.org migrationdataportal.org migrationpolicy.org mpidr.shinyapps.io nature.com nav.sciencedirect.com ncbi.nlm.nih.gov netdna.bootstrapcdn.com news.un.org nurturing-care.org nytimes.com oecd.org onlinelibrary.wiley.com ourworldindata.org plan-uk.org ploscollections.org population.un.org preventepidemics.org princeton.edu profiles.countdown2030.org publications.iom.int pukerrr.shinyapps.io rdm.unicef.org refugeesmigrants.un.org reliefweb.int reporting.unhcr.org rollbackmalaria.org rum-static.pingdom.net s40505.pcdn.co savethechildren.org.uk scholar.google.com sciencedirect.com script.crazyegg.com sdgs.un.org secure.gravatar.com secure.quantserve.com securepubads.g.doubleclick.net siteimproveanalytics.com static.ads-twitter.com static.doubleclick.net static.polldaddy.com stats.uis.unesco.org stillbirthalliance.org supportunicef.org t.co tandfonline.com tcg.uis.unesco.org thelancet.com thieme-connect.de uis.unesco.org un.org unaids.org undocs.org unesco.org unhcr.org uni-drp-rdm-api-tst.azurewebsites.net uni.cf unicef-dapm.shinyapps.io unicef-irc.org unicef-my.sharepoint.com unicef.org unicef.sharepoint.com unicef.shinyapps.io universal.iperceptions.com unsdg.un.org unstats.un.org unwomen.org ureport.in v1.addthisedge.com washdata.org washingtongroup-disability.com who.int whonutrition.shinyapps.io whqlibdoc.who.int worldbank.org wss: wurfl.io wvi.org yt3.ggpht.com z.moatads.com https://data.unicef.org; connect-src *.algolia.net *.algolianet.com *.azurewebsites.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.shinyapps.io *.unicef.io *.unicef.org *.userway.org analytical-framework.netlify.app vezyzo33u0-3.algolianet.com; upgrade-insecure-requests; report-uri https://data.unicef.org/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=da1d263b64 1
default-src 'self' *.brightcovecdn.com media.idigitalcontents.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' clients.kokodigital.co.uk *.youtube.com *.investis.com www.google.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com *.googleapis.com *.investis.com ; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.googleapis.com www.googletagmanager.com www.google-analytics.com staticcontents.investisdigital.com *.investis.com *.lfeeder.com *.google.com *.gstatic.com ; connect-src 'self' stats.g.doubleclick.net *.investis.com *.googleapis.com www.google-analytics.com *.amazonaws.com edge.api.brightcove.com ; base-uri 'none'; form-action 'self' ; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
default-src * data: mediastream: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.heytelecom.be *.google.es *.google.be *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.doubleclick.net  https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http://www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.heytelecom.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com  https://widgets.pinterest.com; object-src 'self' *.mobistar.be  *.heytelecom.be *.netdna-ssl.com; style-src 'unsafe-inline' https://mvp.orange.be/obe_coverage_map/1.0.0/wcbundler.css https://qelp-static.s3.eu-west-1.amazonaws.com/qc5/hey-be/assets/variables.css 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com  *.heytelecom.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com; img-src * blob: https://optimize.google.com *.heytelecom.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com     *.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com  https://log.pinterest.com; media-src 'self' data: *.mobistar.be  *.heytelecom.be *.netdna-ssl.com https://v.pinimg.com; frame-src 'self'  https://optimize.google.com * emsecure.net  *.heytelecom.be https://assets.pinterest.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.mobistar.be *.customersaas.com  *.heytelecom.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com  *.typekit.net *.fontawesome.com; connect-src 'self' *.teads.tv *.googlesyndication.com https://analytics.pangle-ads.com/api/v2/pangle_pixel https://bat.bing.com *.bat.bing.com https://alb.reddit.com *.alb.reddit.com *.js.adsrvr.org https://js.adsrvr.org https://tr.snapchat.com *.tr.snapchat.com https://sc-static.net *.sc-static.net https://redditstatic.com *.redditstatic.com *.analytics.tiktok.com https://analytics.tiktok.com *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.khoros.com  *.heytelecom.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.khoros.com *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com  *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com *.openstreetmap.org https://browser-update.org maps.googleapis.com fonts.google.com maps.gstatic.com *.qelpcare.com; 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com  https:; script-src 'self' 'nonce-saI89FEeXM6icZ//mmcwig==' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com  https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'nonce-saI89FEeXM6icZ//mmcwig==' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com  https:; frame-ancestors 'self' dmp.truoptik.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://thicc.horse; img-src 'self' https: data: blob: https://thicc.horse; style-src 'self' https://thicc.horse 'nonce-RK/ui9l9KPEFZ1oRbjXVQg=='; media-src 'self' https: data: https://thicc.horse; frame-src 'self' https:; manifest-src 'self' https://thicc.horse; form-action 'self'; child-src 'self' blob: https://thicc.horse; worker-src 'self' blob: https://thicc.horse; connect-src 'self' data: blob: https://thicc.horse https://files.thicc.horse wss://thicc.horse; script-src 'self' https://thicc.horse 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com maps.googleapis.com *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.kr t1.daumcdn.net *.teads.tv *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com fonts.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.nl;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.nl;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-+UUuw186HuhOIFXTxExGrQ=='  'sha256-7kUNrYXt4Vq3kxFTl7ngMuOK8sL/w1Jh4heBndHGhI0='  'sha256-cF/U2U8Gm9jpiAO5v99VeyQY9Z3htWeN95uuF+aI9Nk='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net https://d.turn.com https://bat.bing.com https://embed.myadvocado.com https://t7454449464730821887.id.amgdgt.com https://t3015627776652353033.id.amgdgt.com; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.rlcdn.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.hcaptcha.com api.geetest.com *.googleapis.com fonts.gstatic.com api.geevisit.com static.geetest.com secure.pay1.de www.bahn.de jsctool.com newassets.hcaptcha.com www.gstatic.com monitor.geetest.com; frame-ancestors 'self' threedssvc.pay1.de www.international-bahn.de  1
frame-ancestors 'self' https://manage.stormwater.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src: 'self'; upgrade-insecure-requests; report-uri; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.com http://*.facebook.com https://*.twitter.com http://*.twitter.com https://*.instagram.com http://*.instagram.com https://*.pinterest.com http://*.pinterest.com https://*.google.com http://*.google.com http://*.google-analytics.com https://*.google-analytics.com http://maps.googleapis.com https://maps.googleapis.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.yandex.com https://*.yandex.com https://*.youtube.com http://*.youtube.com; object-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.ergo-versicherung.at *.ergo.cz cdn.cookielaw.org assets.adobedtm.com cdn.jsdelivr.net sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de www.ekomi.de api.ekomi.de widgets.ekomi.com *.gsitrix.com *.skadtec.com *.cnd-motionmedia.de *.taboola.com *.mbww.com adform.net *.adform.net googleads.g.doubleclick.net consentcdn.cookiebot.com *.cookiebot.com www.googleadservices.com connect.facebook.net *.facebook.net t13.intelliad.de *.intelliad.de bat.bing.com try.abtasty.com *.abtasty.com maps.googleapis.com www.googletagmanager.com consent.cookiebot.com www.google-analytics.com snap.licdn.com cdn.storepoint.co ajax.googleapis.com *.hotjar.com optimize.google.com; style-src sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de www.ekomi.de api.ekomi.de widgets.ekomi.com use.fontawesome.com hello.myfonts.net fonts.googleapis.com *.gsitrix.com *.skadtec.com cdn.storepoint.co maxcdn.bootstrapcdn.com www.googleanalytics.com www.googleoptimize.com optimize.google.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src icons.storepoint-icons.com cdn.storepoint.co cdn.cookielaw.org cm.everesttech.net dpm.demdex.net sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de www.ekomi.de api.ekomi.de widgets.ekomi.com *.ekomi.cz *.ergo.cz *.gsitrix.com *.skadtec.com *.cnd-motionmedia.de *.taboola.com *.doubleclick.net *.google.de *.google.at *.google.com *.linkedin.com *.kxcdn.com maps.gstatic.com *.facebook.com bat.bing.com www.google-analytics.com *.google-analytics.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com optimize.google.com cdn.cookielaw.org cm.everesttech.net ergoag.d3.sc.omtrdc.net dpm.demdex.net ergoag.demdex.net 'self' data:; font-src sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de www.ekomi.de api.ekomi.de widgets.ekomi.com use.fontawesome.com cdn.storepoint.co fonts.gstatic.com maxcdn.bootstrapcdn.com 'self'; connect-src *; media-src 'self'; object-src *; child-src *; frame-src *.ergo-versicherung.at.tools.factsheetslive.com ergoag.demdex.net sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de www.ekomi.de api.ekomi.de widgets.ekomi.com optimize.google.com ergo-versicherung-at.tools.factsheetslive.com *.insurances.priips.clever-soft.com *.mbww.com *.doubleclick.net 'self' consentcdn.cookiebot.com *.cookiebot.com www.youtube.com *.youtube.com *.hotjar.com ergo-versicherung.at ergo-austria.com ergo.cz ergo.sk ergo.si ergo.ro ergo.hu ergo-osiguranje.hr ergo-austria.com *.ergo-versicherung.at *.ergo-austria.com *.ergo.cz *.ergo.sk *.ergo.si *.ergo.ro *.ergo.hu *.ergo-osiguranje.hr *.ergo-austria.com *.taboola.com *.mathtag.com facebook.com *.ergo-versicherung.at www.facebook.com; frame-ancestors 'self'; form-action 'self' connect.facebook.net; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' www.openstreetmap.org; 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au https://punchoutcommerce.com 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com www.google.com stats.g.doubleclick.net www.google.ie www.google.co.uk; script-src 'self' https://js.hubspot.com https://js.hsleadflows.net https://connect.facebook.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-scripts.com https://www.googletagmanager.com https://trk.hostingireland.ie https://googleads.g.doubleclick.net https://cdn.iubenda.com 'unsafe-inline' https://c.microsoft.com *.google-analytics.com *.analytics.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://cdn.iubenda.com fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com https://cdn.iubenda.com https://perf-na1.hsforms.com https://www.facebook.com https://forms.hsforms.com https://track.hubspot.com www.google.com www.google.ie *.google-analytics.com *.analytics.google.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk https://trk.hostingireland.ie; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' https://cta-service-cms2.hubspot.com https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.google.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net; child-src https://www.microsoft.com; form-action clients.hostingireland.ie; upgrade-insecure-requests; report-uri https://fwqjdq5k.uriports.com/reports/report; report-to default; frame-src https://www.iubenda.com https://td.doubleclick.net 1
frame-ancestors 'self' https://apps.bluesummitrealty.com; 1
block-all-mixed-content; frame-ancestors *.gelniche.com.br 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://swiss.social; img-src 'self' https: data: blob: https://swiss.social; style-src 'self' https://swiss.social 'nonce-lP4EKwxILJsWsVWqAf+Reg=='; media-src 'self' https: data: https://swiss.social; frame-src 'self' https:; manifest-src 'self' https://swiss.social; form-action 'self'; child-src 'self' blob: https://swiss.social; worker-src 'self' blob: https://swiss.social; connect-src 'self' data: blob: https://swiss.social https://cdn.masto.host wss://swiss.social; script-src 'self' https://swiss.social 'wasm-unsafe-eval' 1
default-src 'self' rainwave.cc *.rainwave.cc;object-src 'none';media-src http://allrelays.rainwave.cc https://relay.rainwave.cc https://relay.rainwave.cc:443 http://allrelays.rainwave.cc http://allrelays.rainwave.cc http://allrelays.rainwave.cc http://allrelays.rainwave.cc;font-src 'self' rainwave.cc data: https://fonts.googleapis.com https://fonts.gstatic.com/;connect-src wss://core.rainwave.cc;style-src 'self' rainwave.cc 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' rainwave.cc *.rainwave.cc https://cdn.discordapp.com 1
script-src https: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com; img-src 'self' *.maytech.net; report-uri /reporting.php; form-action 'self'; object-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self'; frame-src 'self' https://*.google.com https://www.recaptcha.net https://www.youtube.com https://app.livechatoo.com; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mint.sk https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://*.google-analytics.com https://www.recaptcha.net https://www.googletagmanager.com https://app.livechatoo.com 1
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hotjar.com *.googletagmanager.com *.corner.ch bat.bing.com *.adtelligence.de *.snapchat.com *.ads-twitter.com analytics.tiktok.com www.gstatic.com *.google.com *.adform.net *.pinimg.com *.serving-sys.com *.cornercard.ch *.hotjar.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net sc-static.net *.licdn.com *.facebook.net *.adobedtm.com *.adobedc.net *.swiftypecdn.com *.demdex.net https://cdn.cookielaw.org/scripttemplates/ https://geolocation.onetrust.com/cookieconsentpub/v1/; style-src 'self' 'unsafe-inline' *.googleapis.com *.adtelligence.de *.swiftypecdn.com https://www.gstatic.com/recaptcha/ ; img-src 'self' data: *.corner.ch maps.googleapis.com maps.gstatic.com *.everesttech.net bat.bing.com t.co *.twitter.com *.googleadservices.com *.pinterest.com *.pinterest.ch *.doubleclick.net *.w55c.net *.linkedin.com www.google.ch *.facebook.com *.google.it *.google.com *.cornercard.ch *.adobedtm.com *.swiftype.com *.imgix.net https://cdn.cookielaw.org/logos/ ; connect-src 'self' google.com maps.googleapis.com *.demdex.net *.corner.ch google.com *.google.com  *.adobedc.net *.googlesyndication.com *.demdex.net bat.bing.com *.adtelligence.de *.adt659.com analytics.tiktok.com *.onetrust.com *.doubleclick.net www.google.com *.snapchat.com *.facebook.com *.facebook.net *.pinterest.com *.serving-sys.com cornerbanca.data.adobedc.net cornerbanca.tt.omtrdc.net *.swiftypecdn.com *.swiftype.com adobedc.demdex.net *.hotjar.io *.hotjar.com *.cornercard.ch https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://corner-privacy.my.onetrust.com/request/v1/ ; font-src 'self' data: *.corner.ch fonts.gstatic.com; frame-ancestors 'self' ; frame-src 'self' blob: *.demdex.net *.serving-sys.com *.googlesyndication.com *.google.com *.facebook.com *.facebook.net *.pinterest.ch *.pinterest.com *.doubleclick.net *.hotjar.com *.snapchat.com ;  worker-src blob:; block-all-mixed-content; object-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-742dc16b7b48d03e1db218c85b4cc700'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://autistics.life; img-src 'self' https: data: blob: https://autistics.life; style-src 'self' https://autistics.life 'nonce-Kq0fz8RORd7e/5is4K3r0A=='; media-src 'self' https: data: https://autistics.life; frame-src 'self' https:; manifest-src 'self' https://autistics.life; form-action 'self'; child-src 'self' blob: https://autistics.life; worker-src 'self' blob: https://autistics.life; connect-src 'self' data: blob: https://autistics.life https://autistics.life wss://autistics.life; script-src 'self' https://autistics.life 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://asp7.vccondemand.com https://vocalcom.cloud-contact-center.de 1
default-src *.cloudinary.com js.driftt.com d10lpsik1i8c69.cloudfront.net *.meetbreeze.com 'self'; script-src analytics.google.com *.salesloft.com js.alocdn.com *.stripe.com *.vimeo.com *.youtube.com up.pixel.ad js.driftt.com widget.drift.com *.customer.io *.bing.com assets.calendly.com calendly.com *.calendly.com az416426.vo.msecnd.net *.luckyorange.com *.meetbreeze.com d10lpsik1i8c69.cloudfront.net 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.sharefile.com *.forestry.io; style-src *.meetbreeze.com 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.forestry.io; img-src 'self' data: brzprodpublic.blob.core.windows.net brzqapublic.blob.core.windows.net *.cloudinary.com res.cloudinary.com *.alocdn.com img.youtube.com i.ytimg.com pixel.sitescout.com d10lpsik1i8c69.cloudfront.net *.customer.io *.bing.com pixel.locker2.com *.meetbreeze.com *.doubleclick.net *.go2cloud.org p.typekit.net *.facebook.com *.linkedin.com *.google-analytics.com *.adsymptotic.com *.google.com *.googletagmanager.com *.forestry.io; font-src *.meetbreeze.com *.typekit.net *.gstatic.com data:; frame-src *.youcanbook.me *.stripe.com *.vimeo.com *.youtube.com pixel.sitescout.com widget.drift.com js.driftt.com *.infogram.com e.infogram.com *.google.com az416426.vo.msecnd.net 'self' *.meetbreeze.com *.luckyorange.net calendly.com *.calendly.com leveragerx.go2cloud.org *.docusign.com *.docusign.net brz-web-client-app-qa-v2.azurewebsites.net brz-web-client-app-qa.azurewebsites.net *.ftnirdc.com *.facebook.com *.doubleclick.net *.sharefile.com; connect-src api.cloudinary.com *.salesloft.com analytics.google.com brz-web-tina-funcs-qa.azurewebsites.net *.tinajs.io brz-web-cms-funcs-qa.azurewebsites.net *.meetbreeze.com wss://*.luckyorange.com vimeo.com *.googleapis.com visitors.live in.visitors.live wss://visitors.live wss://*.visitors.live az416426.vo.msecnd.net *.luckyorange.net *.luckyorange.com 'self' *.typekit.net *.google-analytics.com *.doubleclick.net *.facebook.com *.forestry.io; worker-src blob: *.meetbreeze.com 'self'; 1
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Kz2sz16FSA+cLjcbkZgJ0IHGQbJrULYDH/gzfq3P7JJRQR2U' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors ilford.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.ssl.google-analytics.com *.js-agent.newrelic.com *.cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.googletagmanager.com cdn.cookielaw.org cdnjs.cloudflare.com cdns.us1.gigya.com js-agent.newrelic.com *.cloudfront.net *.youtube.com *.gbqofs.com *.usabilla.com *.doubleclick.net google.com recaptcha.net *.facebook.net google.com *.recaptcha.net gstatic.com ; style-src 'self' 'unsafe-inline' *.cloudfront.net cdnjs.cloudflare.com k *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.analytics.google.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.google.co.in *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com images.aws.nestle.recipes cdn.cookielaw.org cdns.us1.gigya.com google.com:*  *.cloudfront.net *.facebook.com google.com.ua https://*.maggi.my; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google google-analytics.com *.google-analytics.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org:* cdn.cookielaw.org/ cdn.cookielaw.org/scripttemplates cdn.cookielaw.org/consent cdn.cookielaw.org/logos *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com cdns.us1.gigya.com bam.nr-data.net login.maggi.my *.facebook.net; report-uri /report-csp-violation 1
object-src 'none';    script-src 'self' http://www.googletagmanager.com    https://maps.google.com    https://maps.googleapis.com    http://www.google-analytics.com    https://www.googleadservices.com    https://googleads.g.doubleclick.net    https://widget.trustpilot.com    https://cc-cdn.com    https://platform.twitter.com    https://like2have.it    https://d2bwpebgtyx3c.cloudfront.net    https://cdn.syndication.twimg.com    https://cdn.ometria.com    https://cdn.checkout.com    https://*.klaviyo.com    https://*.stripe.com    https://tag.rmp.rakuten.com    https://cookie-cdn.cookiepro.com    https://*.hotjar.com    https://services.postcodeanywhere.co.uk    https://*.clarity.ms    https://bat.bing.com    https://www.gstatic.com    https://paxto11112.pcapredict.com    https://connect.facebook.net    https://www.paypalobjects.com    https://www.paypal.com 'unsafe-inline' 'unsafe-eval';    base-uri 'self'; frame-ancestors 'self'; 1
frame-src https://www.youtube.com https://www.youtu.be https://www.google.com https://docs.google.com https://maps.google.com https://uod.ac https://www.uod.ac https://portal.uod.ac 1
default-src 'self'; style-src 'self'; script-src 'self'; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; img-src 'self' data: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-QCJomJIdPYXIHyQQZBaegg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self'; report-uri https://wobenzym.ru/report-uri/enforce 1
frame-ancestors 'self' http://app.schoeck.com https://app.schoeck.com http://staffbase.com capacitor://app.schoeck.com capacitor://staffbase.com 1
default-src 'none'; frame-src 'self' *.qualtrics.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.akamaihd.net https://www.googletagmanager.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; img-src 'self' https://images.ctfassets.net https://*.siteintercept.qualtrics.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://*.akamaihd.net https://images.ctfassets.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://goldmansachs.my.sentry.io wss://www.gsmarkets.nl; manifest-src 'self'; worker-src 'self'; report-uri /api/8/security/?sentry_key=45bef1e79c1e4d69b1a6531a757d0a7a; frame-ancestors https://www.flatex.de https://www.flatex.at 1
frame-ancestors 'self' https://cdn.evergage.com; 1
frame-ancestors 'self' https://*.canva.com https://*.canva.cn https://app.flourish.studio; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-dovehair.com https://shop-id-dovehair.com/; 1
default-src 'self'; connect-src 'self' https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.fontawesome.com https://cdn.plyr.io https://*.timeblockr.com https://noembed.com https://*.tawk.to wss://*.tawk.to https://*.facebook.com https://*.facebook.net https://*.leadinfo.net https://*.leadinfo.com https://in.logtail.com https://*.browsealoud.com https://*.speechstream.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.visualstudio.com https://*.clarity.ms https://*.tiktok.com https://*.amazonaws.com https://*.recras.nl https://*.hubspot.com https://*.hubapi.com https://*.hs-banner.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://*.bing.com https://*.cookiebot.com https://*.elfsight.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.linkedin.com https://px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://cdn.trustindex.io https://*.recras.nl https://dashboard.webwinkelkeur.nl https://polyfill.io https://*.hubspot.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.usemessages.com https://*.hs-banner.com https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.fontawesome.com https://connect.facebook.net https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleoptimize.com https://*.googlesyndication.com https://www.youtube.com https://player.vimeo.com https://*.timeblockr.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://*.browsealoud.com https://*.mailplus.nl https://*.leadinfo.net https://chimpstatic.com https://*.cookiebot.com https://*.calendly.com https://*.activehosted.com https://*.typekit.net https://*.hotjar.com https://*.pinterest.com https://*.licdn.com https://*.tiktok.com https://*.bing.com https://*.clarity.ms https://*.redditstatic.com https://*.adsafeprotected.com https://*.elfsight.com https://*.lfeeder.com https://*.app-us1.com data: blob: https://*.eventix.io https://*.trustedshops.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://cdn.plyr.io https://*.recras.nl https://*.timeblockr.com https://*.hotjar.com https://*.cloudflare.com https://*.tawk.to https://*.leadinfo.net https://*.leadinfo.com; font-src 'self' https://fonts.gstatic.com https://cdn.trustindex.io https://*.fontawesome.com https://dashboard.webwinkelkeur.nl https://*.typekit.net https://*.timeblockr.com https://*.tawk.to https://*.hotjar.com https://*.cloudflare.com data: https://*.trustedshops.com; img-src 'self' https://secure.gravatar.com https://*.tawk.to https://*.timeblockr.com https://*.typekit.net https://*.cloudflare.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.ci https://*.google.com https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hu https://*.google.ie https://*.google.is https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sr https://*.google.tn https://*.google.com.bd https://*.google.com.bh https://*.google.com.eg https://*.google.com.et https://*.google.com.mt https://*.google.com.pa https://*.google.com.ph https://*.google.com.py https://*.google.com.tn https://*.google.com.tr https://*.google.com.ua https://*.google.com.vn https://*.google.co.by https://*.google.co.et https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.co.za https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.cdninstagram.com https://*.facebook.com https://cdn.trustindex.io https://*.hotjar.com https://*.linkedin.com https://*.bing.com https://*.trustedshops.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.clarity.ms https://*.reddit.com https://*.mailplus.nl https://i.ytimg.com https://*.lfeeder.com https://*.tiktok.com https://*.amazonaws.com https://cdn.jsdelivr.net data: https://*.leadinfo.net https://*.leadinfo.com http://www.liquit.com; media-src 'self' https://vimeo.com https://player.vimeo.com https://*.akamaized.net blob:; frame-src 'self' https://www.youtube.com https://youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://calendly.com https://*.google.com https://*.googlesyndication.com https://*.doubleclick.net https://dashboard.webwinkelkeur.nl https://*.facebook.com https://consentcdn.cookiebot.com https://*.hubspot.com https://*.hsforms.com https://*.hs-sites.com https://*.klantenvertellen.nl https://open.spotify.com https://*.recras.nl https://*.stager.nl https://*.stager.co blob:; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.make.com https://*.hsforms.com https://*.hubspot.com https://*.mailplus.nl https://*.mollie.com 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; connect-src 'self' https: wss: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src-attr none; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com fonts.gstatic.com secure.gravatar.com pro.fontawesome.com *.youtube.com; report-uri https://984a707993999c976c02673b57c31246.report-uri.com/r/d/csp/enforce; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://az.social; img-src 'self' https: data: blob: https://az.social; style-src 'self' https://az.social 'nonce-TH4tLk9i4xHUZ2VaANsr9g=='; media-src 'self' https: data: https://az.social; frame-src 'self' https:; manifest-src 'self' https://az.social; form-action 'self'; connect-src 'self' data: blob: https://az.social https://az.social wss://az.social; script-src 'self' https://az.social 'wasm-unsafe-eval'; child-src 'self' blob: https://az.social; worker-src 'self' blob: https://az.social 1
default-src 'self' *.kameleoon.eu *.kameleoon.io *.kameleoon.com; script-src 'self' *.liebherr.com bat.bing.com *.clarity.ms *.usercentrics.eu googleads.g.doubleclick.net www.googleadservices.com *.cloudflareinsights.com *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com siteseal.quovadisglobal.com c.evidon.com 'unsafe-inline' *.zencdn.net 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com *.google.com *.gstatic.com *.mds.eu *.youtube-nocookies.com *.cloudflare.com *.paypalobjects.com *.paypal.com aframe.io cdn.jsdelivr.net bing.com; style-src 'self' *.liebherr.com 'unsafe-inline' *.zencdn.net fonts.googleapis.com *.google.com *.gstatic.com *.mds.eu *.cloudflare.com; img-src 'self' *.liebherr.com *.usercentrics.eu googleads.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.google.de *.azurewebsites.net 'self' data: *.gstatic.com *.ytimg.com *.googletagmanager.com images.anythingabout.net *.cloudflare.com *.paypal.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.analytics.google.com; font-src 'self' *.liebherr.com *.bing.com *.clarity.ms *.heidelpay.com *.zencdn.net *.gstatic.com *.cloudflare.com 'self' data:; media-src 'self' *.liebherr.com *.cloudflare.com; connect-src 'self' *.liebherr.com *.clarity.ms maps.googleapis.com *.usercentrics.eu stats.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com *.google-analytics.com *.mds.eu *.mds.eu:3000 *.cloudflare.com *.paypal.com www.google.com www.google.de *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.analytics.google.com; object-src 'self' *.liebherr.com *.cloudflare.com; frame-src 'self' *.liebherr.com *.usercentrics.eu bid.g.doubleclick.net *.heidelpay.com www.youtube.com *.youtube-nocookie.com *.mds.eu *.google.com *.cloudflare.com *.hpcgw.net 1
script-src 'self' 'unsafe-eval' https://*.usajobs.gov/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://gateway.answerscloud.com https://dap.digitalgov.gov https://*.bing.com https://*.virtualearth.net https://cdn.ampproject.org https://go.usa.gov https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com https://*.fr011.ttecfed.com https://*.azure.com https://www.ssa.gov 'nonce-ra4OlNwe8OT7vjVqUIlex+NUJ+RbSdIzD+uywfaA8+4='; form-action 'self' * https://*.usajobs.gov/; object-src 'none'; frame-ancestors 'self'; frame-src 'self' *; img-src 'self' data: https://*.usajobs.gov/ https://*.usajobs.gov https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.bing.com https://*.virtualearth.net https://*.foresee.com https://*.fr011.ttecfed.com; connect-src https://*.usajobs.gov/ https://*.bing.com https://*.dev.virtualearth.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://*.fr011.ttecfed.com https://dap.digitalgov.gov https://*.intelligencecareers.gov https://*.azure.com; font-src 'self' data: https://*.usajobs.gov/ https://cxsurvey.foresee.com2 https://gateway.foresee.com https://*.fr011.ttecfed.com; report-uri https://data.usajobs.gov/csp-report; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' https://edenred.cl data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://analytics.google.com http://ajax.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://assets.loginwithamazon.com https://api-cdn.amazon.com https://storage.googleapis.com https://storage.googleapis.com https://assets.loginwithamazon.com https://api-cdn.amazon.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com https://test.salesforce.com https://webto.salesforce.com; 1
frame-ancestors *.detik.com *.cnnindonesia.com *.cnbcindonesia.com *.haibunda.com *.insertlive.com *.beautynesia.id *.cxomedia.id *.detiknetwork.com 1
worker-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: 1
default-src 'self' nykoping.se *.nykoping.se *.mediaflowpro.com *.inviewer.se *.youtube.com *.youtu.be *.google.com *.googleapis.com *.gstatic.com *.spotify.com *.sms-service.dk *.e-avrop.com recruit.visma.com *.infracontrol.com *.list-manage.com cdn.tiny.cloud *.tromanpublik.se *.episerver.net *.pod.space;   img-src 'self' nykoping.se *.nykoping.se *.mediaflowpro.com *.inviewer.se *.episerver.net *.openstreetmap.org data:;   script-src 'self' nykoping.se *.nykoping.se beta.nykoping.se *.mediaflowpro.com *.inviewer.se *.google.com *.googleapis.com cdnjs.cloudflare.com code.jquery.com cloud.tinymce.com cdn.tiny.cloud docs.netpublicator.com *.episerver.net 'unsafe-inline' 'unsafe-eval';   style-src 'self' nykoping.se *.nykoping.se *.mediaflowpro.com *.inviewer.se 'unsafe-inline' *.googleapis.com *.gstatic.com code.jquery.com cdnjs.cloudflare.com cdn.tiny.cloud *.episerver.net; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-c6314a583cd5de3a7e05f9bef1d2b534' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1166548355272818; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1166548355272818 1
default-src 'self' wss://channels.chattigo.com/ 'unsafe-inline' 'unsafe-eval' https: data: 1
default-src 'self' *.brandes.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com https://pi.pardot.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.brightcove.net *.zencdn.net *.pardot.com go.brandes.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.11/iframeResizer.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.brightcove.com *.boltdns.net; media-src 'self' data: blob:; frame-src 'self' 'unsafe-inline' *.brandes.com *.google.com *.brightcove.net *.filepoint.live *.filepoint.com; child-src 'self' data: blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://www.google.com https://pi.pardot.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.net *.pardot.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com *.brandes.com https://*.dec.sitefinity.com *.mktoresp.com *.brightcove.com manifest.prod.boltdns.net *.akamaihd.net go.brandes.com; 1
default-src 'self';script-src 'self' 'nonce-+t2JG4PMp06xGAJOcZNiWp0Y' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.msecnd.net https://*.cloudflareinsights.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.bing.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://*.dacast.com https://www.facebook.com https://connect.facebook.net https://*.clarity.ms;object-src 'self' https://*.livechatinc.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.livechatinc.com https://*.googletagmanager.com;img-src 'self' https://www.simplydating.com/blog https://img.simplydating.com https://*.vzaar.com https://*.dacast.com https://*.gstatic.com https://*.ytimg.com data: https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://simplydating.blob.core.windows.net https://*.clarity.ms https://www.facebook.com https://*.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;media-src 'self' blob: data: https://*.vzaar.com https://*.dacast.com https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://simplydating.blob.core.windows.net;frame-src 'self' https://*.youtube.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://*.vzaar.com https://*.dacast.com https://www.facebook https://*.livechatinc.com;font-src 'self' https://*.gstatic.com https://*.livechatinc.com;connect-src 'self' https://chat.simplydating.com https://*.signalr.net wss://*.signalr.net https://*.visualstudio.com https://*.bing.com https://google.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.livechatinc.com https://*.livechat-files.com https://*.livechat-static.com https://*.clarity.ms https://*.sentry.io https://img.simplydating.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;child-src 'self' https://*.livechatinc.com;frame-ancestors 'self' 1
frame-ancestors *  https://ipcamlive.com 104.20.205.35; 1
upgrade-insecure-requests; report-uri https://enactus.org 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://catswords.social; img-src 'self' https: data: blob: https://catswords.social; style-src 'self' https://catswords.social 'nonce-E5zeUQtxmjatYeicdaAoZg=='; media-src 'self' https: data: https://catswords.social; frame-src 'self' https:; manifest-src 'self' https://catswords.social; form-action 'self'; child-src 'self' blob: https://catswords.social; worker-src 'self' blob: https://catswords.social; connect-src 'self' data: blob: https://catswords.social https://files.example.com wss://catswords.social; script-src 'self' https://catswords.social 'wasm-unsafe-eval' 1
base-uri 'self'; default-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com *.vimeo.com https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.stripe.com https://www.paypalobjects.com https://*.paypal.com;object-src 'none';img-src 'self' data: https: *.paypal.com https://www.paypalobjects.com https://*.stripe.com *.google-analytics.com *.googletagmanager.com https://www.facebook.com;connect-src 'self' 'unsafe-inline' data: https://stats.g.doubleclick.net https://v.clarity.ms https://google.com https://googleads.g.doubleclick.net https://adservice.google.com https://widget.mondialrelay.com https://mondialrelay.com https://yoast.com *.paypal.com https://www.paypalobjects.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://api.stripe.com https://checkout.stripe.com https://noembed.com https://cdn.plyr.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://www.paypal.com https://www.paypalobjects.com https://checkout.stripe.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com connect.facebook.net https://js.stripe.com/v3/;style-src 'self' 'unsafe-inline' 'unsafe-eval' https:;font-src https: data:;child-src 'self' blob: 'unsafe-inline' https://www.facebook.com *.google-analytics.com *.googletagmanager.com www.paypalobjects.com *.paypal.com https://www.googletagmanager.com; 1
script-src 'self' www.google.com cdnstaticpr.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.mercadopago.com *.mlstatic.com *.githubusercontent.com *.github.com *.googleapis.com *.google.com *.gstatic.com *.google.com.br *.googletagmanager.com *.googleadservices.com *.doubleclick.net megacubo.tv *.megacubo.tv megacubo.net *.megacubo.net *.twitter.com *.api.twitter.com *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com *.userreport.com *.clarity.ms *.youtube.com *.ytimg.com *.google-analytics.com *.sentry.io *.lingotek.com 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl www.bibliotecanacionaldigital.cl www.chileparaninos.cl www.memoriachilena.cl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://www.google.com https://apis.google.com https://www.googleadservices.com https://partner.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.fr https://adservice.google.com https://www.googletagservices.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.facebook.com https://connect.facebook.net https://platform.twitter.com  https://api.payplug.com https://secure.payplug.com https://www.e-payments.oney.com  https://www.paypalobjects.com https://www.paypal.com https://tag.search.sensefuel.live/ https://dfp.sellsecure.com/ https://dfp.api-ot.com/ https://smartforms.ekomi.com/ https://smart-widget-assets.ekomiapps.de/ https://sw-assets.ekomiapps.de/ https://static.fia-net.com/ https://static.zdassets.com/ https://cdn.shipup.co/ https://widget.botmind.io/ https://widget.botmind.ai/ https://api.widget.botmind.io/ https://firestore.googleapis.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.pt *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://maps.googleapis.com simuladores.afi.es https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: openbanksimuladores.afi.es unpkg.com www.googleoptimize.com;  connect-src 'self' *.openbank.pt *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.pt px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com;  media-src 'self' *.openbank.com *.youtube.com; frame-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es *.doubleclick.net blob: openbanksimuladores.afi.es; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es blob: openbanksimuladores.afi.es ;frame-ancestors 'self' api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 1
frame-ancestors 'self' https://www.aftergolf.net https://aftergolf.net https://geo-online.co.jp; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action *.facebook.com https://mycomfort24.us10.list-manage.com/ 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com view.publitas.com publish.folders.eu admin.mycomfort24.be 'self'; frame-src https://www.google.com/ *.doubleclick.net https://www.facebook.com/ *.multisafepay.com https://pay.google.com https://www.kiyoh.com http://www.kiyoh.com view.publitas.com publish.folders.eu admin.mycomfort24.be *.list-manage.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net/ *.googletagmanager.com *.gstatic.com *.multisafepay.com blob: data: http://cm.everesttech.net/ http://amcglobal.sc.omtrdc.net/ https://a5.behance.net/ http://admin.mycomfort24.be/ http://www.mycomfort24.be/ http://mycomfort24.be/ https://admin.mycomfort24.be/ https://www.mycomfort24.be/ https://mycomfort24.be/ http://admin.mycomfort24.docker/ http://www.mycomfort24.docker/ http://mycomfort24.docker/ https://admin.mycomfort24.docker/ https://www.mycomfort24.docker/ https://mycomfort24.docker/ http://admin.mycomfort24.test/ http://www.mycomfort24.test/ http://mycomfort24.test/ https://admin.mycomfort24.test/ https://www.mycomfort24.test/ https://mycomfort24.test/ http://test.admin.mycomfort24.be/ http://test.www.mycomfort24.be/ http://mycomfort24.ve/ https://test.admin.mycomfort24.be/ https://test.www.mycomfort24.be/ https://test.mycomfort24.be/ maps.gstatic.com maps.googleapis.com https://www.google.be/ https://mycomfort24.imgix.net/ http://mycomfort24.imgix.net/ https://mediastore.spott.ai/ https://media.spott.ai/ *.list-manage.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.multisafepay.com https://pay.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/ maps.googleapis.com view.publitas.com publish.folders.eu https://static.spott.ai/ https://s3.amazonaws.com/downloads.mailchimp.com/ chimpstatic.com *.list-manage.com *.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.multisafepay.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.multisafepay.com https://pagead2.googlesyndication.com/ http://dpm.demdex.net/ https://*.g.doubleclick.net/ https://maps.googleapis.com/ *.google.be https://api.spott.ai/ *.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri http://admin.mycomfort24.be/ http://www.mycomfort24.be/ http://mycomfort24.be/ https://admin.mycomfort24.be/ https://www.mycomfort24.be/ https://mycomfort24.be/ http://admin.mycomfort24.docker/ http://www.mycomfort24.docker/ http://mycomfort24.docker/ https://admin.mycomfort24.docker/ https://www.mycomfort24.docker/ https://mycomfort24.docker/ http://admin.mycomfort24.test/ http://www.mycomfort24.test/ http://mycomfort24.test/ https://admin.mycomfort24.test/ https://www.mycomfort24.test/ https://mycomfort24.test/ http://test.admin.mycomfort24.be/ http://test.www.mycomfort24.be/ http://test.mycomfort24.be/ https://test.admin.mycomfort24.be/ https://test.www.mycomfort24.be/ https://test.mycomfort24.be/ 'self' 'unsafe-inline'; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-eval' 'unsafe-inline' 'wasm-eval'; frame-ancestors 'self'; 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src https: 'unsafe-inline'; img-src https: 'unsafe-inline' data:; connect-src 'self'  https: ws:; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-TATV5Nv0alG6jByNfd98SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src https: 'self' https://www.google-analytics.com 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; object-src 'none'; img-src 'self' data: https:; worker-src blob:; 1
connect-src 'self' https://o1055295.ingest.sentry.io https://analytics.google.com;script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://ajax.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com;script-src-attr 'self' 'unsafe-inline';media-src 'self' https://static.nilus.rocks;script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.googletagmanager.com https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://ajax.cloudflare.com;img-src 'self' https://www.google.com.uy;frame-src 'self' https://www.google.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' blob: data: https://www.facebook.com/ https://www.google-analytics.com/ https://dashboard.umbraco.com *.cdninstagram.com secure.adnxs.com *.blob.core.windows.net www.google.com www.google.nl *.figpii.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' trnl-azure-net-sva-ajaxlifeapi-prod.azurewebsites.net https://www.universe.com/embed2.js https://www.google-analytics.com/ www.googletagmanager.com https://www.ajaxlife.nl/ admin.ajaxlife.nl https://www.sporcle.com/ https://platform.twitter.com/ https://www.googletagmanager.com/gtag/ https://connect.facebook.net https://consentcdn.cookiebot.com/ facebook.net/en_US/fbevents.js https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/8b29846d-67c8-46d4-b6a2-4fb5bd0dd7b4/ajaxlife.nl/configuration.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962220290/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js *.figpii.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net *.figpii.com; frame-src ajaxlife.nl admin.ajaxlife.nl *.tresprojecten.nl https://www.sporcle.com/ https://embed.podcasts.apple.com https://platform.twitter.com/  consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com vars.hotjar.com www.facebook.com https://www.universe.com/ https://universe.queue-it.net; connect-src 'self' https://www.facebook.com/tr https://admin.ajaxlife.nl *.azurewebsites.net *.bugsnag.com consentcdn.cookiebot.com ajaxlife.nl *.tresprojecten.nl *.google-analytics.com *.google.com *.google.nl *.googlesyndication.com *.doubleclick.net  *.hotjar.com *.hotjar.io wss://*.hotjar.com *.umbraco.com *.figpii.com; worker-src 'self' blob:; media-src 'self' blob: 1
default-src:https: 1
frame-ancestors 'self' 8x8.com iframe.smartpaymentplan.com; 1
default-src 'none'; img-src https://whatbox.ca 'self'; style-src https://whatbox.ca 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-same-origin allow-scripts allow-forms; script-src https://whatbox.ca 'self'; connect-src https://sentry.io 1
frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data:;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pubeurope.com; img-src 'self' https: data: blob: https://pubeurope.com; style-src 'self' https://pubeurope.com 'nonce-G4UYE6dKeqOmH2q293hcjA=='; media-src 'self' https: data: https://pubeurope.com; frame-src 'self' https:; manifest-src 'self' https://pubeurope.com; form-action 'self'; connect-src 'self' data: blob: https://pubeurope.com https://media.pubeurope.com wss://pubeurope.com; script-src 'self' https://pubeurope.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pubeurope.com; worker-src 'self' blob: https://pubeurope.com 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com/analytics.js https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://adservice.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com; 1
frame-ancestors www.awc-inc.com ww2.awc-inc.com a3im.com www.a3im.com web.awc-inc.com devweb.awc-inc.com webtest.awc-inc.com wwwtest.awc-inc.com suppliers.awc-inc.com localweb.awc-inc.com awc-inc.com; 1
default-src https: *; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https: *; font-src data: https: * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.zecible.fr *.notebleue.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.fontawesome.com; img-src * data:; frame-src *; frame-ancestors 'self' data: blob: *.zecible.fr *.notebleue.com; 1
default-src *; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline' script.crazyegg.com; script-src * 'unsafe-eval' script.crazyegg.com 'sha256-jQGhDqcCq1R32caSsDyMKNfyaIj78MT5ooPm7WXpU9s=' 'sha256-pzcENdZs15H5KmPP8uOhGqtoAD/1bKbY6pcCj6fwX8o=' 'sha256-JaHbEGvgT0xFK297CXVCB09K/OcMGSXS+jgxsw6yO/g=' 'sha256-PJL8V3HvHBO02fb/I8iSbaOKrlGsb7l9O4a+vpEMeIA=' 'sha256-C6V4NlvvjJ/Bh2gXRJo0FDw7KFSYhXTM1LiPk1OjUOU=' 'sha256-ewwoBrmj8m4+F9O57vBWoAUOMCNdwCXLkbC577WI+f0='; script-src-elem * script.crazyegg.com 'sha256-jQGhDqcCq1R32caSsDyMKNfyaIj78MT5ooPm7WXpU9s=' 'sha256-pzcENdZs15H5KmPP8uOhGqtoAD/1bKbY6pcCj6fwX8o=' 'sha256-JaHbEGvgT0xFK297CXVCB09K/OcMGSXS+jgxsw6yO/g=' 'sha256-PJL8V3HvHBO02fb/I8iSbaOKrlGsb7l9O4a+vpEMeIA=' 'sha256-C6V4NlvvjJ/Bh2gXRJo0FDw7KFSYhXTM1LiPk1OjUOU=' 'sha256-ewwoBrmj8m4+F9O57vBWoAUOMCNdwCXLkbC577WI+f0='; worker-src * blob:; font-src * data:; img-src * data:; connect-src * data:; base-uri 'self'; 1
default-src 'none'; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline' 'nonce-7/QTVkLUEBy7i7LVToqn/ogYX7Afm8wPpWffny5u4mo='; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com 1
base-uri 'self';default-src 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://matomo.ingenuitylite.com https://*.paypal.com https://*.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://*.cardinalcommerce.com https://checkout.stripe.com https://api.stripe.com https://www.facebook.com https://facebook.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io;frame-ancestors 'none';font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com;frame-src 'self' https://assets.braintreegateway.com https://*.paypal.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.facebook.com;img-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://assets.braintreegateway.com data: https://checkout.paypal.com https://*.stripe.com https://facebook.com https://www.facebook.com https://*.google.co.uk https://*.google.com;child-src 'self' https://assets.braintreegateway.com https://*.paypal.com;script-src 'self' 'unsafe-eval' 'nonce-782ec7dce114197371ce11985510b7fe' 'strict-dynamic' https://www.googletagmanager.com https://www.google-analytics.com https://matomo.ingenuitylite.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com 'unsafe-inline' https://pay.google.com https://songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://js.stripe.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com;style-src-attr 'self' 'unsafe-inline';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://matomo.ingenuitylite.com https://www.paypal.com https://www.google.com https://www.gstatic.com https://js.stripe.com https://connect.facebook.net;worker-src 'none';media-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com;report-uri https://csp.ingenuitylite.com/ajax/csp-report;report-to csp-endpoint 1
script-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; object-src 'none'; default-src https:; style-src https: 'unsafe-inline'; base-uri 'none'; font-src https: data: 1
default-src 'self'; script-src * 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; img-src data: blob: * 'self'; font-src data: * 'self'; frame-src * 'self'; connect-src * 'self'; media-src * 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com 1
child-src 'self' https://*.hotjar.com; report-uri /csp-report; default-src 'self'; worker-src 'self'; style-src 'self' 'unsafe-inline' https://static.ex4.pl https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'report-sample' https://static.ex4.pl https://cdnjs.cloudflare.com https://*.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.google.pl/ 'nonce-ESP_NONCE-9WErDoCVmPea93ijmusHnMOaReHAGRQkwsjBJtRDdgLe8kRBw8KIEzYq4tGO1knY' https://*.hotjar.com https://www.google.com/ https://www.googletagmanager.com/; object-src 'self'; media-src 'self'; manifest-src 'self'; img-src 'self' https://imge.pl https://static.ex4.pl https://www.google-analytics.com https://www.google.pl https://www.google.com/ads https://leclercbielany.sellasist.pl https://www.google.de https://www.googletagmanager.com/ https://leclerc.com.pl/ https://www.gstatic.com/ https://www.google.com.tr/ https://www.google.com.do/ https://www.google.com https://www.google.be/ https://www.google.lt/ https://www.google.it/ https://www.google.se/ https://www.google.co.uk/ https://www.google.com.ua/ https://www.google.no/ https://www.google.cz/; frame-src 'self' https://*.hotjar.com https://www.google.com https://vars.hotjar.com https://www.youtube.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static3.avast.com; connect-src 'self' https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com https://www.google.pl https://www.google.pl/ads/ https://analytics.google.com/g/ https://www.youtube.com/ https://www.googletagmanager.com https://www.google.com.ua https://www.google.be https://www.google.com.ua https://www.google.co.uk https://www.google.de https://*.google.com 1
report-to csp-violations-endpoint ; report-uri https://reports.migros.ch/spaces/wrf2tz/violations ; default-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * 'unsafe-inline' ; font-src * data: ; frame-src * ; img-src * data: blob: 'unsafe-inline' ; object-src 'self' ; style-src * 'unsafe-inline' ; worker-src 'self' blob: ; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'self'; form-action 'self'; default-scr 'self'; img-src 'self' data: img.youtube.com www.facebook.com www.google.com; object-src 'none'; script-src 'self' 'nonce-3dS2DyOagQVtUrxzvJk7uTUPPFs=' *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.hotjar.com business.facebook.com connect.facebook.net facebook.com graph.facebook.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net maps.googleapis.com s.ytimg.com video.google.com www.facebook.com www.google-analytics.com www.google.com/recaptcha/ www.googleadservices.com www.gstatic.com/recaptcha/ www.youtube.com www.buzzsprout.com/ https://cdn.datatables.net  www.clarity.ms; 1
default-src 'self' *.perthmint.com perthmint.com; base-uri 'none'; style-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com/s/firasans/ *.perthmint.com perthmint.com https://script.hotjar.com; child-src 'self' https://www.googletagmanager.com https://www.google.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com; img-src 'self' https://www.google-analytics.com *.google.com.au google.com.au *.google.co.in *.google.com google.com *.googletagmanager.com googletagmanager.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com *.google-analytics.com *.cloudinary.com cloudinary.com data: blob: *.onetrust.com *.windows.net *.facebook.com *.yahoo.com *.linkedin.com *.cloudfunctions.net *.adsymptotic.com *.px.ads.linked.com *.online-metrix.net *.paypalobjects.com paypalobjects.com *.perthmint.com perthmint.com *.ytimg.com google.co.nz *.google.co.nz *.paypal.com *.hotjar.com; object-src *.onetrust.com *.online-metrix.net; worker-src 'self' blob:; connect-src 'self' ws://*.perthmint.com wss://*.perthmint.com *.perthmint.com perthmint.com *.b2clogin.com b2clogin.com *.google.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.edq.com edq.com *.cloudinary.com cloudinary.com *.dynamics.com dynamics.com *.visualstudio.com visualstudio.com *.msecnd.net msecnd.net *.azure.com *.linkedin.com *.cloudfunctions.net *.adsymptotic.com *.addthis.com *.online-metrix.net *.onetrust.com *.windows.net *.yimg.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://content.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com logx.optimizely.com *.optimizely.com *.tiktok.com https://cdn.linkedin.oribi.io https://*.livehire.com *.livehire.com https://*.facebook.com https://metrics.hotjar.io *.googlesyndication.com https://ask.hotjar.io; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' static.hotjar.com *.amazonaws.com 'nonce-nCklIbShpbW8AW8zpk5AKsAoYToSdkJsX1TV7ss93D8='; media-src 'self' blob: *.cloudinary.com cloudinary.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' *.addthis.com *.dynamics.com *.joomag.com *.online-metrix.net *.onetrust.com *.facebook.com *.paypal.com *.google.com google.com *.doubleclick.net *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com https://vars.hotjar.com *.cdn.optimizely.com cdn.optimizely.com *.amazonaws.com https://livehire.com *.livehire.com https://metrics.hotjar.io; frame-ancestors 'self' *.livehire.com http://livehire.com 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.aptrinsic.com fonts.googleapis.com; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io fonts.gstatic.com; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io *.aptrinsic.com storage.googleapis.com *.typekit.net; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net *.aptrinsic.com; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com *.aptrinsic.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-u2vrU4miXSqI2q93zfuBdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self';connect-src 'self' www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;font-src 'self' data:;frame-src 'self' https://static.addtoany.com/ www.googletagmanager.com;img-src 'self' www.google-analytics.com https://www.google.fr/ads/ga-audiences https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect data: https://*.tile.openstreetmap.fr/osmfr/;script-src 'self' 'unsafe-inline' https://static.addtoany.com/ google-analytics.com https://ssl.google-analytics.com www.google-analytics.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; 1
default-src 'none'; img-src 'self' www.google-analytics.com ; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'none' 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com storage.googleapis.com; object-src 'none' ; script-src 'self' 'unsafe-inline' storage.googleapis.com  bat.bing.com/bat.js bat.bing.com/p/ connect.facebook.net/signals/ https://maps.googleapis.com/  https://connect.facebook.net/en_US/fbevents.js https://tpc.googlesyndication.com  widget.rogervoice.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com;  1
default-src 'none'; child-src 'self' blob:; connect-src 'self' data: https://restcountries.com https://dmogdx0jrul3u.cloudfront.net https://*.cloud.zoom.us wss://*.cloud.zoom.us https://*.meetoo.io wss://*.zoom.us wss://*.vevox.com https://*.vevox.com https://reactorresources.s3.amazonaws.com https://reactorresources.s3.eu-west-1.amazonaws.com wss://qamaster-httpapi.lumidev.net wss://qarel-httpapi.lumidev.net wss://qastaging-httpapi.lumidev.net; font-src 'self' data: https://source.zoom.us; img-src 'self' data: blob: https://images.unsplash.com https://*.vevox.app https://*.lumidev.net https://reactorresources.meetoo.io https://reactorresources.vevox.com https://publicresources.vevox.com https://qaresources.meetoo.io https://vevox-us-resources.vevox.com; script-src 'self' https://res.cdn.office.net https://binaries.webex.com https://source.zoom.us https://dmogdx0jrul3u.cloudfront.net https://zoom.us https://branding.vevox.app blob:; style-src 'self' 'unsafe-inline' https://source.zoom.us; frame-src *; frame-ancestors 'self' *; media-src https://dmogdx0jrul3u.cloudfront.net https://branding.vevox.app https://publicresources.vevox.com https://reactorresources.meetoo.io https://reactorresources.vevox.com https://vevox-us-resources.vevox.com; 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-aae0efd4-fd85-4e0b-a838-0a4821dd7a8d' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-aae0efd4-fd85-4e0b-a838-0a4821dd7a8d' https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://cdn.transcend.io/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-aae0efd4-fd85-4e0b-a838-0a4821dd7a8d' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-aae0efd4-fd85-4e0b-a838-0a4821dd7a8d' https://cdn.transcend.io 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://cdn.transcend.io; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync.transcend.io; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleadservices.com maps.googleapis.com *.facebook.net recaptcha.net secure.avangate.com secure.2checkout.com b.sf-syn.com s7.addthis.com *.jivosite.com *.doubleclick.net *.clarity.ms; frame-src 'self' *.google.com secure.2checkout.com  *.youtube.com recaptcha.net *.doubleclick.net *.gartner.com; connect-src 'self' *.google.com *.google-analytics.com maps.googleapis.com *.doubleclick.net wss://trackabi.com wss://trackabi.com:8880 *.facebook.com wss://chat3.jivosite.com  *.jivosite.com wss://node355.jivosite.com; img-src 'self' 'unsafe-eval' *.google-analytics.com maps.googleapis.com maps.gstatic.com *.facebook.com  *.google.com *.googletagmanager.com secure.avangate.com secure.2checkout.com b.sf-syn.com sourceforge.net goodfirms.s3.amazonaws.com *.getapp.com badges.softwareadvice.com *.capterra.com *.jivosite.com www.softwaresuggest.com *.doubleclick.net data: https://ct.capterra.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jivosite.com; font-src 'self' *.jivosite.com fonts.gstatic.com fonts.googleapis.com data:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' *.jivosite.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-IcXB_LQUOX_2wSk1MBX4Jw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https:;connect-src https: wss:;font-src https: data:;frame-src https:;frame-ancestors https: http: https://webvisor.com http://webvisor.com https://*.webvisor.com http://*.webvisor.com;img-src 'self' https: data:;media-src 'self' https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'unsafe-inline' https:; 1
default-src 'self' https: data: ws: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
default-src 'self' dorlingkindersley.de www.dorlingkindersley.de *.saferpay.com connect.facebook.net connect.facebook.net wss://*.hotjar.com https://*.hotjar.com www.facebook.com graph.facebook.com https://whstatistics-api.wirth-horn.de https://whstatistics-api-test.wirth-horn.de captcha.wirth-horn.de https://cookiemanager.wirth-horn.de https://42ed367f.sibforms.com https://www.google-analytics.com https://region1.google-analytics.com https://docs.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://port-neo.scnem.com/ https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' https://*.addthis.com https://addthis.com https://*.addthisedge.com; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 1
frame-ancestors 'self' shop.ekz.ch 1
default-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' https://ajax.googleapis.com https://maps.googleapis.com https://maps.google.com; connect-src 'self'; img-src 'self' https://csi.gstatic.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://xpd.se https://*.xpd.se https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'none'; form-action 'self'; block-all-mixed-content; report-uri https://xpd.report-uri.com/r/d/csp/enforce; report-to default 1
default-src     'self' https://use.fontawesome.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.paypal.com;style-src       'self' 'unsafe-inline' https://use.fontawesome.com/ https://fonts.googleapis.com https://fonts.gstatic.com;script-src      'self' 'nonce-OS5ov1D8h4HGOMQUyIGvIQBvc8MEXmMJAZnOIxlDEKA=' https://www.google-analytics.com/ https://www.google.com https://www.recaptcha.net https://www.paypal.com  https://www.gstatic.com/;connect-src     'self' https://www.paypal.com ;img-src         'self' https://www.paypalobjects.com https://chart.googleapis.com data: ;frame-src       https://www.paypal.com  https://www.google.com https://www.recaptcha.net; 1
form-action 'self' https://app.icontact.com;object-src 'self';font-src 'self' data: https://fonts.gstatic.com 1
frame-ancestors 'self' www.etjca.it; 1
default-src 'self'; script-src 'self' https://www.google.com/ https://www.gstatic.com https://statistics.cms.garden; connect-src 'self' https://api.siwecos.de https://api.staging.siwecos.de https://statistics.cms.garden; style-src 'self' 'sha256-J81qacJpdjuZYZHBvLbeK5vg9AKFKTTFPYxZfoCEXFw='; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/; img-src 'self' data: https://img.youtube.com https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://siegel.siwecos.de https://statistics.cms.garden; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-0pfJkVsk2R2Ur7MaeW9OX6t7Ed0o1JGdRGmpKEv1vexdYbmk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *.klaviyo.com 'self' blob:; connect-src *.booster.com https://*.booster.com *.customink.com https://www.customink.com http://www.customink.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com bid.g.doubleclick.net www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net action.dstillery.com px.owneriq.net *.criteo.com *.pinterest.com *.media6degrees.com liveapi.yext.com *.crazyegg.com *.optimizely.com api.b-fonline.com *.akamaihd.net *.klaviyo.com *.fullstory.com *.rfihub.net *.rfihub.com secure.quantserve.com *.quantcom.com *.taboola.com *.liadm.com c.hrzn-nxt.com *.steelhousemedia.com resources.digital-cloud-west.medallia.com live.rezync.com rules.quantcount.com *.kampyle.com *.kissmetrics.com *.braintree-api.com *.braintreegateway.com *.justuno.com *.paypal.com *.paypalobjects.com *.cookielaw.org *.onetrust.com *.cookiepro.com api.smartystreets.com bam.nr-data.net distillery.wistia.com embed-e.wistia.com embed.wistia.com embedwistia-a.akamaihd.net freegeoip.net https://api.rollbar.com https://booster-sb.desk.com https://booster.desk.com https://embed-ssl.wistia.com https://stats.g.doubleclick.net international-street.api.smartystreets.com pipedream.wistia.com profile.justuno.com stats.g.doubleclick.net www.customink.com www.facebook.com www.filepicker.io www.juicer.io sentry.io wss://*.liveperson.net; font-src *.booster.com https://*.booster.com *.customink.com https://www.customink.com http://www.customink.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com data: api.cloudsponge.com assets.juicer.io fast.wistia.com photorankstatics-a.akamaihd.net; frame-src *.booster.com https://*.booster.com *.customink.com https://www.customink.com http://www.customink.com bid.g.doubleclick.net www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net platform.twitter.com syndication.twitter.com https://platform.twitter.com https://syndication.twitter.com *.rfihub.net *.rfihub.com *.braintree-api.com *.braintreegateway.com *.doubleclick.net *.facebook.com *.paypal.com *.paypalobjects.com *.cookielaw.org *.onetrust.com *.cookiepro.com api.cloudsponge.com app.jobvite.com dailymotion.com fast.wistia.com fast.wistia.net fbrpc: hire.jobvite.com https://*.facebook.com https://*.liveperson.net https://*.lpsnmedia.net https://a21861540101.cdn.optimizely.com https://a21861540101.cdn-pci.optimizely.com https://app.jobvite.com https://assets.braintreegateway.com https://booster.desk.com https://dialog.filepicker.io https://hire.jobvite.com https://jobs-stg.jobvite.com https://jobs.jobvite.com https://player.vimeo.com https://recruiting.jobvite.com https://staticxx.facebook.com https://vimeo.com https://www.filepicker.io https://www.google.com https://www.jobvite.com https://www.youtube.com https://youtube.com https://www.recaptcha.net jobs-stg.jobvite.com jobs.jobvite.com player.vimeo.com recruiting.jobvite.com stage.wepayapi.com staticxx.facebook.com vimeo.com webviewprogressproxy: wepayapi.com www.dailymotion.com www.giveforward.com www.google.com www.jobvite.com www.youtube.com youtube.com px.owneriq.net dis.us.criteo.com https://ash.creativecdn.com; img-src data: blob: https: http: about: *.cookielaw.org *.onetrust.com *.cookiepro.com app.optimizely.com assets.braintreegateway.com cdn.optimizely.com checkout.paypal.com; media-src *.booster.com https://*.booster.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com embed.wistia.com embedwistia-a.akamaihd.net https://embed-ssl.wistia.com assets.juicer.io https://scontent.cdninstagram.com blob: data: lpcdn.lpsnmedia.net; object-src *.booster.com https://*.booster.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com c.brightcove.com embed.wistia.com embedwistia-a.akamaihd.net https://c.brightcove.com https://embed-ssl.wistia.com; script-src *.booster.com https://*.booster.com *.customink.com https://www.customink.com http://www.customink.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com bid.g.doubleclick.net www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net platform.twitter.com syndication.twitter.com https://platform.twitter.com https://syndication.twitter.com action.dstillery.com px.owneriq.net *.criteo.com *.pinterest.com *.media6degrees.com liveapi.yext.com *.crazyegg.com *.optimizely.com api.b-fonline.com *.akamaihd.net *.fullstory.com *.klaviyo.com *.rfihub.net *.rfihub.com secure.quantserve.com *.quantcom.com *.taboola.com *.liadm.com c.hrzn-nxt.com *.steelhousemedia.com resources.digital-cloud-west.medallia.com live.rezync.com rules.quantcount.com *.kampyle.com 'unsafe-inline' 'unsafe-eval' *.b1js.com *.braintree-api.com *.braintreegateway.com *.criteo.net *.justuno.com *.kissmetrics.com *.paypal.com *.paypalobjects.com *.cookielaw.org *.onetrust.com *.cookiepro.com ajax.googleapis.com api.cloudsponge.com api.filepicker.io api.smartystreets.com app.wistia.com assets.juicer.io autocomplete-api.smartystreets.com b1img.com bam.nr-data.net bat.bing.com cdn.justuno.com cdn.merklesearch.com code.jquery.com connect.facebook.net d137jyf8bmrjar.cloudfront.net distillery-main.wistia.com distillery.wistia.com dnn506yrbagrg.cloudfront.net doug1izaerwt3.cloudfront.net fast.wistia.com fast.wistia.net fbstatic-a.akamaihd.net graph.facebook.com graph2.facebook.com gstatic.com https://*.liveperson.net https://*.lpsnmedia.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://booster-sb.desk.com https://booster.desk.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://connect.facebook.net https://d137jyf8bmrjar.cloudfront.net https://d37gvrvc0wt4s1.cloudfront.net https://graph.facebook.com https://graph2.facebook.com https://gstatic.com https://maps.googleapis.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net international-street.api.smartystreets.com js-agent.newrelic.com pixel.facebook.com profile.justuno.com s.pinimg.com s3.amazonaws.com src.litix.io stats.g.doubleclick.net tagmanager.google.com translate.googleapis.com www.giveforward.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.justuno.com www.youtube.com youtube.com https://us.creativecdn.com; style-src *.booster.com https://*.booster.com *.customink.com https://www.customink.com http://www.customink.com http://booster2-1648883958.us-east-1.elb.amazonaws.com https://booster2-1648883958.us-east-1.elb.amazonaws.com platform.twitter.com syndication.twitter.com https://platform.twitter.com https://syndication.twitter.com 'unsafe-inline' *.braintree-api.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.cookielaw.org *.onetrust.com *.cookiepro.com api.cloudsponge.com assets.juicer.io fast.wistia.net fonts.googleapis.com https://ton.twimg.com tagmanager.google.com ton.twimg.com static.klaviyo.com *.akamaihd.net; 1
frame-ancestors 'self' https://bsd.instructure.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com api-maps.yandex.ru; connect-src 'self'; child-src 'self'; img-src * data:; style-src * 'unsafe-inline'; font-src *; 1
default-src https: wss: blob: data: bluescape:; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-eval' 'sha256-0Y1adEUNePbuEuLtxzU6MYxVtEN1xglSjZnKmNEJ4iI=' 'sha256-WPVLNih/jlQasF0INLInY3U2DXglkILtu79xSkEgFVc=' 'sha256-lHgryqiyITfa3GlKd5zc0Wy+Yz/7MTXFKAHsC/7mOy0=' 'sha256-8VWEfV1MHXcCbi/lcOneF2oDbPdYwskZilS/Xih/+zc='; object-src 'self'; img-src https: http: data: blob:;frame-ancestors 'self' *.apps.us.bluescape.com teams.microsoft.com *.teams.microsoft.com *.skype.com *.webex.com *.popsync.io popsync.io; report-uri https://bluescape.report-uri.com/r/d/csp/reportOnly; 1
default-src https: 'self'; script-src https: https://lugeja.e-tervis.ee/piwik/piwik.js 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'self'; frame-ancestors https: 'self'; font-src https: data: 'self' ; style-src https: 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0jt3egliquf01&partner=; 1
frame-src 'self' www.youtube-nocookie.com platform.twitter.com jetpack.wordpress.com www.google.com www.google.nl media-service.vara.nl *.bnnvara.nl embed.ted.com *.vimeo.com *.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mediawijzer.net cdn.mediaukkies.nl cdn.weekvandemediawijsheid.nl cdn.mediawijsheid.nl cdnjs.cloudflare.com *.pinterest.com *.wp.com *.googletagmanager.com www.google-analytics.com *.googleapis.com platform.twitter.com static.addtoany.com cdn.rawgit.com *.google.com cdn.syndication.twimg.com connect.facebook.net widget.surveymonkey.com *.sogosurvey.com cdn.hoezomediawijs.nl cdn.weekvandemediawijsheid.nl cdn.mediaukkies.nl cdn.mediaukkiedagen.nl www.gstatic.com js-agent.newrelic.com www.instagram.com bam.nr-data.net www.aanmelder.nl cdn.aanmelder.nl cdn.jsdelivr.net *.hotjar.com 1
default-src 'self'; script-src 'self' https://consent.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com https://tagmanager.google.com https://*.googletagmanager.com www.youtube.com s.ytimg.com 'nonce-4739aafdc3a96b2421ab250573986aac' unsafe-inline; script-src-elem https://consentcdn.cookiebot.com https://consent.cookiebot.com https://emplocity.com/apps/widget/wedel.js https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com 'self' https://tagmanager.google.com 'nonce-4739aafdc3a96b2421ab250573986aac' maps.googleapis.com www.youtube.com s.ytimg.com unsafe-inline unsafe-hashes sha256-b12d47f721f5bdd4881683e507272b14d5e931c83b5f1d07e7d5923bdcbc679d; script-src-attr 'self'; style-src 'self' https://tagmanager.google.com 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' https://tagmanager.google.com 'unsafe-inline' fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src * 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com fonts.gstatic.com; connect-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://stats.g.doubleclick.net https://offers.erecruiter.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' data: https://consentcdn.cookiebot.com https://consent.cookiebot.com; object-src 'self'; child-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://bid.g.doubleclick.net https://www.google.com/ https://my.matterport.com/ www.youtube.com; worker-src 'none'; frame-ancestors 'self' portal.wedelpijalnie.pl:*; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://house-stark-staging.herokuapp.com https://account.getstark.co 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms 1
frame-ancestors 'none'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' data:image/svg+xml https://www.youtube.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google-analytics.com https://i.ytimg.com https://secure.gravatar.com https://go.oncehub.com https://wwv.capturepoint.net https://wwv.cp-1.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.livechat-static.com; font-src 'self' data: https://fonts.gstatic.com data:application/font-woff; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io https://www.google.com https://script.hotjar.com https://secure.enterprisingoperation-7.com https://www.googletagmanager.com https://go.oncehub.com https://cdn.oncehub.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://ws.zoominfo.com https://pi.pardot.com https://analytics.google.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' upload.simian.nl *.google-analytics.com www.googletagmanager.com api.test.beterdrukken.nl cdn.simian.nl cdn.simianprint.nl design.simian.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com wss://*.purechat.com *.purechatcdn.com *.amazonaws.com *.reclameland.nl *.tradetracker.net *.twitter.com *.optimizely.com *.google.com www.googleadservices.com office.simian.nl:3030; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.simian.nl cdn.simianprint.nl upload.simian.nl api.test.beterdrukken.nl design.simian.nl www.google-analytics.com www.googletagmanager.com *.trustpilot.com *.hotjar.io *.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com wss://*.purechat.com *.purechatcdn.com *.amazonaws.com *.reclameland.nl *.tradetracker.net *.twitter.com *.optimizely.com *.google.com www.googleadservices.com office.simian.nl:3030; 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/; frame-src 'self' https://*.buildingmanageronline.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline'; img-src 'self' seal.beyondsecurity.com; 1
child-src 'self'; connect-src 'self' data: http://ad.doubleclick.net https://*.clarity.ms https://*.cookiebot.com https://*.crazyegg.com https://*.google.com https://*.googlesyndication.com https://*.wmfts.com https://5cbe1f0c6d3746198ce740c2b65bbd3d.svc.dynamics.com https://adservice.google.com https://adtonus.com https://bat.bing.com https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com/ https://hm.baidu.com https://maps.googleapis.com/ https://px.ads.linkedin.com https://r.clarity.ms https://region1.google-analytics.com https://wmftswebchat.freshchat.com https://www.facebook.com https://www.google-analytics.com https://www.wmfts.com; default-src 'self' blob: cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://*.crazyegg.com https://*.opendns.com https://*.wmfts.com https://esp-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com/ https://web-sdk-eu.aptrinsic.com/ https://www.wmfts.com; font-src 'self' data: https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self' https://*.cookiebot.com https://*.google.com https://*.vimeo.com https://*.youku.com https://5cbe1f0c6d3746198ce740c2b65bbd3d.svc.dynamics.com https://fc-euc1-00-files-bkt-00.s3.eu-central-1.amazonaws.com https://httpswwwwmftscom.eu.webpush.freshchat.com https://td.doubleclick.net https://tpc.googlesyndication.com https://wchat.eu.freshchat.com https://wmftgwebchat.freshworks.com https://wmftswebchat.freshchat.com https://wmgukmarketing530anim.z33.web.core.windows.net https://wmgukmarketingcertaanim.z33.web.core.windows.net; img-src 'self' data: https://*.ads.linkedin.com https://*.bing.com https://*.clarity.ms https://*.cookiebot.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.linkedin.com https://*.opendns.com https://5cbe1f0c6d3746198ce740c2b65bbd3d.svc.dynamics.com https://bat.bing.com https://fonts.gstatic.com https://hm.baidu.com https://i.vimeocdn.com https://maps.googleapis.com https://pos.baidu.com https://px.ads.linkedin.com https://wmftg.com https://www.facebook.com https://www.wmftg.com; object-src 'self' https://wmftgwebchat.freshworks.com https://wmftswebchat.freshchat.com; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net code.jquery.com https://*.clarity.ms https://*.cookiebot.com https://*.crazyegg.com https://*.eu.freshchat.com https://*.freshchat.com https://*.g.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.opendns.com https://*.vimeo.com https://ajax.googleapis.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/axios/ https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://js.monitor.azure.com https://maps.googleapis.com https://maps.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://mktdplp102cdn.azureedge.net https://secure.leadforensics.com https://snap.licdn.com https://unpkg.com https://wchat.eu.freshchat.com https://web-sdk-eu.aptrinsic.com/ https://wmftswebchat.freshchat.com https://www.clarity.ms https://www.googleadservices.com https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bing.com https://*.cookiebot.com https://*.g.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.licdn.com https://*.opendns.com https://*.vimeo.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net https://*.eu.freshchat.com https://*.freshchat.com https://maxcdn.bootstrapcdn.com/ https://wchat.eu.freshchat.com https://web-sdk-eu.aptrinsic.com/ https://wmftswebchat.freshchat.com; style-src 'self' 'unsafe-inline'; worker-src blob:; script-src-attr cdnjs.cloudflare.com; 1
default-src 'self' https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.monsido.com https://connect.facebook.net https://snap.licdn.com https://view.ceros.com https://js.hsleadflows.net https://js.hscta.net https://*.hubspot.com https://static.ads-twitter.com https://js.hs-scripts.com https://siteimproveanalytics.com https://*.allenmatkins.com/ https://video.allenmatkins.com https://report.23video.com https://analytics.twitter.com https://js.hs-analytics.net https://www.youtube.com https://player.vimeo.com https://s.ytimg.com https://analytics.rubensteintech.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s3.amazonaws.com https://*.allenmatkins.com https://*.allenmatkins.com https://video.allenmatkins.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.hs-banner.com https://js.hsadspixel.net; style-src 'self' 'unsafe-inline' https://*.allenmatkins.com https://*.allenmatkins.com https://fonts.googleapis.com https://fonts.gstatic.com https://fast.wistia.com blob:; img-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://hsctaimages.net https://tracking.monsido.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.facebook.com https://*.hubspot.net https://*.hubspot.com https://*.hubspotusercontent10.net https://connect.allenmatkins.com https://track.hubspot.com https://*.siteimproveanalytics.io https://t.co https://analytics.rubensteintech.com https://i.ytimg.com https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://images.unsplash.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://i.vimeocdn.com https://*.allenmatkins.com https://*.allenmatkins.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net data:; media-src 'self' https://*.allenmatkins.com https://*.wistia.com https://*.wistia.net blob: data:; frame-src 'self' https://www.facebook.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://video.allenmatkins.com https://fast.wistia.com https://fast.wistia.net https://view.ceros.com blob:; frame-ancestors 'self' https://*.allenmatkins.com https://*.allenmatkins.com https://events1.social27.com; font-src 'self' https://fonts.gstatic.com https://*.allenmatkins.com https://*.allenmatkins.com https://*.wistia.com data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://maps.googleapis.com https://*.monsido.com https://js.hs-banner.com https://stats.g.doubleclick.net https://cdn.plyr.io https://vimeo.com https://*.allenmatkins.com https://api.hubapi.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://forms.hubspot.com https://www.google-analytics.com; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' *.gosuslugi.ru *.sputnik.ru *.yandex.ru *.моифинансы.рф *.liveinternet.ru *.yadro.ru blob: data: gap:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gosuslugi.ru *.sputnik.ru *.yandex.ru *.моифинансы.рф *.liveinternet.ru *.yadro.ru blob:data: gap:; 1
object-src 'none'; img-src 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com; base-uri 'none'; media-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.googletagmanager.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.logwork.com https://connect.facebook.net https://www.gstatic.com https://fundingchoicesmessages.google.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://unpkg.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com code.jquery.com d10lpsik1i8c69.cloudfront.net unpkg.com;object-src 'none';frame-src 'self';child-src 'self';img-src 'self' *.becn.com code.jquery.com unpkg.com *.jobnimbus.com *.hover.to *.acculynx.com *.edge.com *.sumoquote.com hover.to;font-src 'self' *.bootstrapcdn.com unpkg.com;connect-src 'self' code.jquery.com;manifest-src 'self';base-uri 'self';media-src 'self';worker-src 'self'; 1
script-src 'self' https://www.cai.io/ cai.io *.cai.io *.6sc.co *.6sense.com *.iubenda.com fonts.gstatic.com https://cai-meshprod.azureedge.net/ https://cdn.iubenda.com/ https://unpkg.com/ https://www.googletagmanager.com https://plausible.io/js/script.js https://cdn.matomo.cloud/cai.matomo.cloud/ https://scripts.simpleanalyticscdn.com/latest.js https://script.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://pi.pardot.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/ 'sha256-Xfki8FSlbFiwrpmBUKmzKl96e0xPN0EnugM0QkIs+u0=' https://player.vimeo.com https://cdn.usefathom.com 'sha256-R5uv7loCFPwOrdK3VC1aYAKHtdLy9rJodmuKTj0Nwg8=' 'sha256-l9+PZ6tGTwPpIDGW/GcdRaidAJ1dk0PRZ0VdBsVr02I=' 'sha256-gAH3n1lxGubCh/M3oPcpC2dL03mDutrRnPEWq6+M31c=' 'sha256-yi6dW3eHN2kTGwprlVilmvn4O1lgIfO8FKZa491P7y0=' 'sha256-RfcknUV/kiE3VNYffV8rWFKPrgsjTCDo9CB2iTiaWiQ=' 'sha256-CnP18RyppLbgIWFb8kd+BGymXxHf+eW8oH+NE2eH178=' 'sha256-vGU/TDFm8NAPqwc8nZThBPE02+QBWh2DrPaZ+eHgcWw=' 'sha256-MIrawTPddX8Pict6u9AIun2yTAhxIg/qMplnNxXPFC0=' 'sha256-plpMDUdRhZlfFGMr0rKRwqlbzk6REJ3wtA9t5UxOpxk=' 'sha256-zjbBEO9DZ1p6z5/VWoyxtVmNsQQkpxcE0UJBiOjGhSA=' 'sha256-Q6Z3tznzoqNkgmYIsfE4sGEE7nnVu9JZmDkgMMzabQw=' 'sha256-8dn8FNc5fZiR1DzqjD/GsF2W1zDCYL13dVim9gf0Roc=' 'sha256-NlxnMLY4cy1tErpp+vzBldnEZH9G1Oie3SIUTBYEERI=' 'sha256-RJpIQr6bxkALWnmvs6twlFhPKhqQ79YD6LA03TSDTwY=' 'sha256-iIkJ9j7uQggjwvU6t/FUiiYdAK5kntZNwz0KIL7anyQ=' 'sha256-pN8nK72sCSA/vWL28ZrRX34qhHkAfSzCvH0Fyl4TBPk=' 'sha256-DOXFBGWMAArA9GGLuFk5RVQyWeX3az7AOjvXSCDNfAk=' 'sha256-NbAAMrOpfq9f4WXyJPT2saZSFr6zPpiqzYHbLb9M8rQ=' 'sha256-cslxTNXaHRM2Soeg8Ic3KLLFx1jYKVlRQWt4bYgirXM=' 'sha256-jqCB9Yv4ytqzrFqCDYn89MJYQj4mhLIOzsKNH2Zm3pM=' 'sha256-6OkhPSgKV6DD4GPrvYThIjnPixgniLwxebby/WEIJtA=' 'sha256-f2DBadaDeP63u6z8yOqj6fEFeUCnC6jHVa5a1L/O1Ig=' 'sha256-wkireAXRiMhkrCGbn7jCevqXMy518vc476pdzQB5Ldk=' 'sha256-/T+Gam27Fp741vmU74k2CXTAOcEq4Iu+QPAF2M8jVe8=' 'sha256-fqT0sKNb4Tk/WBn1QnJaUcs1u9ENET1wx1FKGt3v1pA=' 'sha256-otSA2GWiLYn+M5onAF6E41+I0lv4cqE7HcyMHq0Gwsk=' 'sha256-o9GUo16amu/Hdd964VIZ21xkHXfu3GeyjIOCj3+Xxtk=' 'sha256-/fuCPho/tkyp4/5JRes63FUigXDJlAbUCDN2MItAo1w=' 'sha256-X4ihTGpaxoYyCuWQtWtFPc7n/0ekcUZoeNgIyTSsAWE=' 'sha256-sUnJvixowOtxTle2OTZBW2xkFsJMySjZzLLofTexjE4=' 'sha256-9rb0xcWKN6yjYe6h2zqGnQJAsweAvqOLmFYB6zljnjM=' 'sha256-QjbkQ8/7oYvRtIh5IxIMcJbUVWb1HqoVLLLGe7JkH+4=' 'sha256-gUeNejFstRU/LX0LrTiXHAf1EWZ9rNIYb9muFY1MM7o=' 'sha256-pf4krfVp0WBNgCyou17+r4aJ/3ujXZo9P1MzjL/OiwE=' 'sha256-b5W44mtY/tSlcJFB/ZFwM/yzE8T0dMm28K1HAPapfhQ=' 'sha256-tNochN/bCMQn5Ft9q4Eb0vgSaFllggot8EP5fQj09hw=' 1
script-src 'unsafe-eval' 'nonce-MDBiNTI0YTUtZWIwNC00ZjA3LWFlNDYtOWFkY2RmMDNlMjk2' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://dffwhj5kcp83b.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
script-src * 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://www.bmn.nl/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com script.hotjar.com; frame-src https://vars.hotjar.com https://consentcdn.cookiebot.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com; 1
default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline'  https://*.google-analytics.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.storyblok.com/ https://*.bing.com/ https://*.facebook.net/ https://cookiehub.net/ https://js.monitor.azure.com/ https://*.hotjar.com/ https://snap.licdn.com/ https://*.clarity.ms/ https://*.googletagmanager.com/ https://*.redditstatic.com/ https://*.leadinfo.net https://*.hsadspixel.net;style-src 'report-sample' 'self' 'unsafe-inline' https://cookiehub.net/ https://*.googleapis.com/;object-src 'none';base-uri 'self';connect-src 'self' wss://*.hotjar.com/ https://*.hsforms.com/ https://*.s3.amazonaws.com https://*.facebook.com/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.oribi.io/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://*.google.com/ https://*.google.nl/ https://*.googleapis.com https://*.cookiehub.net/ https://*.azure-api.net/ https://*.azurefd.net/ https://*.storyblok.com https://*.bing.com/ https://*.visualstudio.com/ https://*.google-analytics.com/ https://*.clarity.ms/ https://*.leadinfo.net/ https://*.leadinfo.com/ https://*.hubapi.com/ https://*.ordina.com/;font-src 'self' https://*.googleapis.com/ https://*.gstatic.com/;frame-src 'self' https://www.youtube.com/ https://*.vimeo.com/ https://*.hsforms.com/ https://*.companywebcast.com/ https://*.doubleclick.net/;img-src 'self' 'unsafe-inline' https://www.google-analytics.com/ https://googletagmanager.com/ https://*.hubspot.com/ https://*.clarity.ms/ https://www.google.com/ https://www.google.nl/ https://*.hsforms.com/ data: https://*.googleapis.com/ https://*.gstatic.com/ https://a.storyblok.com/ https://*.reddit.com/ https://*.bing.com/ https://*.linkedin.com/ https://www.facebook.com/;manifest-src 'self';media-src 'self' https://a.storyblok.com/;worker-src 'none';frame-ancestors https://*.storyblok.com/; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1c185ccc81f07538fe2376733fbee11d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' schnitzel.stefanjudis.com production-assets.codepen.io static.codepen.io storage.googleapis.com cdn.jsdelivr.net *.carbonads.com *.carbonads.net unpkg.com cdn.skypack.dev netlify-rum.netlify.app; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' data: images.contentful.com avatar.stefanjudis.com downloads.ctfassets.net images.ctfassets.net www.gravatar.com pbs.twimg.com platform-lookaside.fbsbx.com *.carbonads.net *.buysellads.net ad.doubleclick.net pixel.adsafeprotected.com static.adsafeprotected.com tps.doubleverify.com i.ytimg.com api.dicebear.com robohash.org api.lorem.space cdn.lorem.space xsgames.co joeschmoe.io *.flashtalking.com api.multiavatar.com source.boringavatars.com avatars.githubusercontent.com; font-src 'self' data:; connect-src 'self' cdn.contentful.com images.contentful.com videos.contentful.com images.ctfassets.net videos.ctfassets.net graphql.contentful.com schnitzel.stefanjudis.com unpkg.com *.carbonads.net *.nsvcs.net; media-src 'self' videos.contentful.com videos.ctfassets.net; object-src 'self'; frame-src 'self' codepen.io www.youtube.com *.codesandbox.io; frame-ancestors 'self' webweekly.email; worker-src 'self' blob:; block-all-mixed-content; manifest-src 'self'; prefetch-src 'self'; report-uri https://stefanjudis.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; form-action 'self'; object-src 'none'; base-uri 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-e1ZeiJR/4mLJYPyX39B88dJ6dlnXcAdol00DbP8izkoMD1xX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; img-src 'self' blob: * data: *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.facebook.net *.loom3otto.com *.zdassets.com *.licdn.com 1
connect-src 'self' https://forms.hubspot.com https://api.hubapi.com https://collect-eu-central-1.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://osms.carglass.be https://logx.optimizely.com https://ampcid.google.com https://ampcid.google.be https://www.facebook.com https://staticw2.yotpo.com https://w2.yotpo.com https://cdn.cookielaw.org https://conductor.clicktale.net https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://tapi.optimizely.com https://s7.addthis.com https://apollo.carglass.be https://bat.bing.com https://m.addthis.com https://europe-west1-carglass-be-dlp.cloudfunctions.net https://stats.g.doubleclick.net https://privacyportal-eu.onetrust.com https://api.yotpo.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://vimeo.com https://api.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://rum.optimizely.com https://forms.hsforms.com https://api-public.addthis.com *.clarity.ms https://apollo.carglass.be https://cm.teads.tv https://t.teads.tv https://maps.googleapis.com https://geolocation.onetrust.com https://5tyiep8ui4.execute-api.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com https://carglass-be-gtm.ew.r.appspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.freespee.com https://l.sharethis.com *.qualtrics.com https://pagead2.googlesyndication.com https://collect.carglass.be https://*.mypurecloud.de https://*.nr-data.net https://shyrka-prod-euc1.s3.eu-central-1.amazonaws.com https://*.newrelic.com https://*.euc1.pure.cloud wss://*.mypurecloud.de wss://*.euc1.pure.cloud https://*.mypurecloud.ie https://comcluster.cxense.com https://carglass-prd-apim.azure-api.net;default-src  'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://apps.sitecore.net https://carglassdevstoragemedia.blob.core.windows.net;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: https://staticw2.yotpo.com http://script.hotjar.com https://script.hotjar.com https://js.intercomcdn.com;frame-src https://vars.hotjar.com https://dntcl.qualaroo.com https://1377979.fls.doubleclick.net https://www.facebook.com https://www.youtube.com https://carglass930-cm-be.prd.reference.be https://sitecore.carglass.be https://www.google.com https://www.surveygizmo.com https://bid.g.doubleclick.net https://s7.addthis.com https://www.youtube-nocookie.com https://forms.hubspot.com https://e.issuu.com https://player.vimeo.com https://survey.alchemer.com https://alchemer.com *.cxense.com https://intercom-sheets.com https://survey.alchemer.eu *.qualtrics.com https://td.doubleclick.net https://apps.mypurecloud.de;img-src 'self' data: https://www.google.be https://www.google.com *.bing.com https://www.google-analytics.com https://track.hubspot.com https://stats.g.doubleclick.net https://www.facebook.com https://www.carglass.be https://maps.gstatic.com https://maps.googleapis.com https://p.yotpo.com https://carglass-prd-930-images.azurewebsites.net https://carglass930-cd-be.prd.reference.be https://images.carglass.be https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com https://email.carglass.be https://forms.hubspot.com https://no-cache.hubspot.com https://img.youtube.com https://script.google.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://comcluster.cxense.com https://t.teads.tv https://cdn.optimizely.com https://cx.atdmt.com https://secure.adnxs.com https://cdn-yotpo-images-production.yotpo.com https://pubads.g.doubleclick.net https://scomcluster.cxense.com https://www.clarity.ms https://c.clarity.ms https://u360.d-bi.fr https://l.teads.tv https://cm.teads.tv https://p1.zemanta.com *.cookielaw.org https://www.google.nl  https://cdn.cookielaw.org *.privacysandbox.googleadservices *.fls.doubleclick.net carglass-be-gtm.ew.r.appspot.com https://cbks0.google.com  https://cbks0.googleapis.com  https://cbks1.google.com  https://cbks1.googleapis.com  https://cbks2.google.com  https://cbks2.googleapis.com  https://cbks3.google.com  https://cbks3.googleapis.com  https://clients.l.google.com  https://fonts.googleapis.com  https://geo0.ggpht.com  https://geo1.ggpht.com  https://geo2.ggpht.com  https://geo3.ggpht.com  https://googleapis.l.google.com  https://khm.google.com  https://khm.googleapis.com  https://khm.l.google.com  https://khm0.google.com  https://khm0.googleapis.com  https://khm1.google.com  https://khm1.googleapis.com  https://khmdb0.google.com  https://khmdb0.googleapis.com  https://khmdb1.google.com  https://khmdb1.googleapis.com  https://khms0.google.com  https://khms0.googleapis.com  https://khms1.google.com  https://khms1.googleapis.com  https://khms2.google.com  https://khms2.googleapis.com  https://khms3.google.com  https://khms3.googleapis.com  https://lh3.ggpht.com  https://lh3.googleusercontent.com  https://lh4.ggpht.com  https://lh4.googleusercontent.com  https://lh5.ggpht.com  https://lh5.googleusercontent.com  https://lh6.ggpht.com  https://lh6.googleusercontent.com  https://maps.l.google.com  https://mt.l.google.com  https://streetviewpixels-pa.googleapis.com https://static.hotjar.com https://platform-cdn.sharethis.com https://l.sharethis.com *.qualtrics.com https://ad.doubleclick.net https://*.mypurecloud.de https://*.euc1.pure.cloud https://collect.carglass.be;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://ajax.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://s3.amazonaws.com https://bat.bing.com https://js.hs-scripts.com https://enquete.agconsult.com https://cdnssl.clicktale.net https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-analytics.net https://tags.tiqcdn.com https://visitor-service.tealiumiq.com https://visitor-service.tealiumiq.com https://connect.facebook.net https://visitor-service-eu-central-1.tealiumiq.com https://cdn.optimizely.com https://maps.googleapis.com https://staticw2.yotpo.com https://www.google.com https://ipinfo.io https://cdn.cookielaw.org https://cdn3.optimizely.com https://s7.addthis.com https://tagmanager.google.com https://ssl.google-analytics.com https://gstatic.com https://www.gstatic.com https://cdn-assets-prod.s3.amazonaws.com https://app.optimizely.com https://optimizely.s3.amazonaws.com https://apollo.carglass.be https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://forms.hubspot.com https://js.hscta.net https://geolocation.onetrust.com https://www.youtube.com https://cdnjs.cloudflare.com https://widget.intercom.io https://js.intercomcdn.com https://api-iam.intercom.io https://player.vimeo.com https://app.intercom.io https://p.teads.tv https://cta-service-cms2.hubspot.com https://scdn.cxense.com https://polyfill.io *.clarity.ms https://u360.d-bi.fr https://analytics.freespee.com https://id.cxense.com https://cdn.freespee.com https://5tyiep8ui4.execute-api.eu-central-1.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.nl https://optimizely-hrd.appspot.com https://platform-api.sharethis.com https://buttons-config.sharethis.com *.qualtrics.com https://*.mypurecloud.ie https://*.mypurecloud.de https://*.nr-data.net https://*.newrelic.com https://*.euc1.pure.cloud;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticw2.yotpo.com https://tagmanager.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://googletagmanager.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src *; font-src data: https: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://blorbo.social; img-src 'self' https: data: blob: https://blorbo.social; style-src 'self' https://blorbo.social 'nonce-JKtzQfCJar1VOKgUEpDcxQ=='; media-src 'self' https: data: https://blorbo.social; frame-src 'self' https:; manifest-src 'self' https://blorbo.social; form-action 'self'; child-src 'self' blob: https://blorbo.social; worker-src 'self' blob: https://blorbo.social; connect-src 'self' data: blob: https://blorbo.social https://blorbo.social wss://blorbo.social; script-src 'self' https://blorbo.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.facebook.com 1
form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; default-src 'self'; child-src 'none'; connect-src 'self' https://56845.tctm.co/x.json https://56845.tctm.xyz https://apollo.forthepeople.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.google-analytics.com https://settings.luckyorange.net https://stats.g.doubleclick.net/j/collect https://tags.srv.stackadapt.com https://utils.api.forthepeople.com https://www.facebook.com/tr/ https://www.google-analytics.com/j/collect https://analytics.tiktok.com/ *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://fonts.googleapis.com; frame-src https://*.rfihub.com https://a.rfihub.com https://cm.g.doubleclick.ne https://lpcdn.lpsnmedia.net https://platform.twitter.comt https://va.idp.liveperson.net https://www.facebook.com https://www.youtube.com app.vwo.com; img-src 'self' https: data:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://56845.tctm.co/p.js https://56845.tctm.co/t.js https://56845.tctm.xyz https://accdn.lpsnmedia.net https://bam.nr-data.net https://c1.rfihub.net/js/tc.min.js https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/@splidejs/splide@latest/dist/js/splide.min.js https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.js https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js https://cdn.krxd.net/controltag/tn5ihne0x.js https://cdn.luckyorange.com/w.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/es_LA/all.js https://connect.facebook.net/signals/config/771368042989092 https://dev.visualwebsiteoptimizer.com https://geolocation.onetrust.com https://js-agent.newrelic.com https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://js.hs-analytics.net/analytics/ https://lpcdn.lpsnmedia.net https://lptag.liveperson.net https://maps.googleapis.com https://platform.twitter.com/widgets.js https://ssl.luckyorange.com/w.js https://tags.srv.stackadapt.com/events.js https://unpkg.com/quicklink@1.0.1/dist/quicklink.umd.js https://polyfill.io/v3/polyfill.min.js https://publisher.liveperson.net https://static.cdn-apple.com https://va.v.liveperson.net https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://analytics.tiktok.com/ app.vwo.com dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@splidejs/splide@latest/dist/css/ https://fonts.googleapis.com/ https://p.typekit.net/ https://static.forthepeople.com/engineering/icarus/v1.11-latest/themes/default/ https://tags.srv.stackadapt.com/sa.css https://use.typekit.net/ https://www.googletagmanager.com app.vwo.com; worker-src ; upgrade-insecure-requests 1
default-src 'self' https://fonts.gstatic.com/ https://bmtmarketing.azureedge.net https://bmtmarketingdevelopment.azureedge.net https://bmtblobdevelopment.blob.core.windows.net https://bmtblobstaging.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net https://script.hotjar.com https://cdn.videvo.net/videvo_files/video/premium/getty_138/large_watermarked/istock-913511504_preview.mp4; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sharethis.com https://www.google.com https://az416426.vo.msecnd.net https://maps.googleapis.com https://www.googletagmanager.com http://tagmanager.google.com https://www.google-analytics.com https://code.jquery.com https://use.fontawesome.com https://via.bmt.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.gstatic.com https://snap.licdn.com https://*.hs-scripts.com https://js.hsadspixel.net http://js.hsforms.net https://js.hsforms.net https://forms.hsforms.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://js.hscta.net/cta/current.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://unpkg.com/@popperjs/core@2 https://unpkg.com/tippy.js@6 http://cta-service-cms2.hubspot.com https://*.hsadspixel.net https://static.hsappstatic.net https://*.usemessages.com https://*.hsleadflows.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://tagmanager.google.com https://cdn.jsdelivr.net/npm/slick-carousel@1.6.0/slick/slick.css https://cdn2.hubspot.net; img-src https://www.google.com https://www.google.co.uk https://img.youtube.com https://bmtmarketing.azureedge.net https://bmtmarketingdevelopment.azureedge.net https://bmtblobdevelopment.blob.core.windows.net https://bmtblobstaging.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net 'self' data: https://stats.g.doubleclick.net https://mt.google.com/ https://dashboard.umbraco.org https://*.sharethis.com https://maps.googleapis.com https://maps.gstatic.com https://projects.bmtcontent.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads https://www.google.co.uk/ads https://ssl.gstatic.com https://www.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://px.ads.linkedin.com https://p.adsymptotic.com https://forms.hsforms.com https://*.hubspot.com https://www.bmt.org https://demo-au.arlo.co https://picsum.photos https://i.picsum.photos https://i.ibb.co https://wc1.prod3.arlocdn.net https://px4.ads.linkedin.com https://bmteventsproduction.blob.core.windows.net https://no-cache.hubspot.com https://perf.hsforms.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.hubspot.net https://js.hscta.net https://*.hsforms.net https://*.hsforms.com https://i.ytimg.com; frame-src 'self' https://www.youtube.com https://youtu.be https://*.sharethis.com https://c.sharethis.mgr.consensu.org https://www.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bmtblobdevelopment.blob.core.windows.net https://bmtblobproduction.blob.core.windows.net https://bmtblobdraft.blob.core.windows.net https://bmtmarketingcorporatesitedevelopment.azurewebsites.net https://cdn.knightlab.com https://forms.hsforms.com https://www.bmtcontent.com https://duncankitts.github.io/Docs/ https://*.hs-sites.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com; frame-ancestors 'self' my.sharpcloud.com; connect-src 'self' https://stats.g.doubleclick.net https://dc.services.visualstudio.com https://*.sharethis.com https://www.bmtintra.net https://link.socxo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dmtrk.net/signup.ashx https://www.google-analytics.com https://*.hubapi.com https://*.hs-banner.com https://forms.hsforms.com https://www.bmt.org https://*.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google.com/pagead/ https://cta-service-cms2.hubspot.com https://googleads.g.doubleclick.net/pagead/ https://region1.google-analytics.com https://region1.analytics.google.com https://*.hscollectedforms.net https://js.hscta.net https://*.hubspot.com https://*.hsforms.com https://cdn.linkedin.oribi.io; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.hsforms.com;  1
style-src 'self' 'unsafe-inline' https://cdn.yellowmap.de https://privacy.trustcommander.net https://cdn.trustcommander.net https://cdn.consentmanager.mgr.consensu.org https://fonts.googleapis.com; worker-src 'self'; connect-src 'self' https://maps.googleapis.com https://*.commander1.com https://*.trustcommander.net https://*.tagcommander.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' http://www.sparkassen-kundenportal.de https://cdn.yellowmap.de https://fonts.gstatic.com; frame-src 'self' https://*.vkb.de https://*.ukv.de https://www.etermin.net https://cdn.trustcommander.net https://cdn.tagcommander.com; manifest-src 'self';media-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; img-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.yellowmap.de https://www.yellowmap.de https://cdn.tagcommander.com:* https://cdn.trustcommander.net:* https://maps.gstatic.com/:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://www.google-analytics.com:* https://*.googleapis.com:* https://tagmanager.google.com:* https://*.mgr.consensu.org 1
block-all-mixed-content; frame-ancestors 'self' https://www.howardluksmd.com 1
font-src https://fonts.gstatic.com 'self' data: https://cdnjs.cloudflare.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: https: 'self' 'unsafe-inline' *.facebook.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' *.facebook.com *.facebook.net *.amazon-adsystem.com *.adsrvr.org *.doubleclick.net *.googleadservices.com *.wizart.ai *.feefo.com portgk.com porjs.com *.paidonresults.net *.paidonresults.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com https: data: 'self' 'unsafe-inline' *.facebook.com *.doubleclick.net *.googleadservices.com *.craftyclicks.co.uk *.feefo.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://player.vimeo.com https://www.youtube.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.amazon-adsystem.com *.adsrvr.org *.doubleclick.net *.googleadservices.com *.craftyclicks.co.uk *.cloudfront.net *.feefo.com portgk.com porjs.com *.paidonresults.net *.paidonresults.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com https: data: 'self' 'unsafe-inline' *.facebook.com *.craftyclicks.co.uk *.feefo.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' *.facebook.com *.analytics.google.com *.doubleclick.net *.googleadservices.com *.craftyclicks.co.uk *.feefo.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: gap: ws: *.zoho.com *.zohopublic.com;img-src *; frame-src 'self' *.maillist-manage.com *.zohopublic.com ; style-src 'self' 'unsafe-inline' *.googleapis.com *.zohocdn.com *.gstatic.com; font-src 'self' data: *.zohocdn.com *.gstatic.com *.zohostatic.in ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.zoho.com *.zohocdn.com js.zohostatic.com use.fontawesome.com fast.wistia.com maillist-manage.com *.maillist-manage.com  *.googletagmanager.com *.zoominfo.com *.google-analytics.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-bae9f9c992925a0593239027666e42da'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.nnhayatemeklilik.com.tr; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://sc-static.net https://tr.snapchat.com https://tr-shadow.snapchat.com https://pixel.tapad.com https://fonts.googleapis.com/css2 https://sc-static.net/scevent.min.js https://ajax.googleapis.com https://cdnjs.cloudflare.com https://kwlwg11111.pcapredict.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://region1.google-analytics.com https://fonts.cdnfonts.com; img-src https:; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://clar.ke 'wasm-unsafe-eval'; font-src 'self' https://clar.ke; img-src 'self' data: blob: https://clar.ke https://s3.us-west-002.backblazeb2.com; style-src 'self' https://clar.ke 'nonce-6ZmTTHFppC4rM3hCjpzA+g=='; media-src 'self' data: https://clar.ke https://s3.us-west-002.backblazeb2.com; frame-src 'self' https:; child-src 'self' blob: https://clar.ke; worker-src 'self' blob: https://clar.ke; connect-src 'self' blob: data: wss://clar.ke https://clar.ke https://s3.us-west-002.backblazeb2.com; manifest-src 'self' https://clar.ke; form-action 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; form-action 'self' https://www.server-team1.de https://www.server-team3.de; child-src 'self' https://www.google.com https://www.server-team1.de https://www.server-team3.de; frame-ancestors 'self'; connect-src 'self' https://api.imgur.com; report-uri 'self'; report-to 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  * 1
frame-src 'self' map-viewer-acl.be-mobile.biz *.youtube.com *.google.com live.ride2go.com atlas.be-mobile.biz www.alpinresorts.com impfr.tradedoubler.com *.cookiebot.com *.hotjar.com *.typeform.com *.sibforms.com *.issuu.com *.intercom.io intercom-sheets.com *.intercomcdn.com intercom-reporting.com *.vimeo.com *.wistia.net *.intercom.help *.intercomassets.com *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.intercomassets.com https://embedsocial.com/* embedsocial.com https://embedsocial.com/api/pro_hashtag/438a3a2112c9e633aa9f88f6159965b98a5034d3/ *.paperform.co 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cc.eset.es https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://demos.eset.es https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' http://descargas.eset.es https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://backend.eset.es https://bid.g.doubleclick.net https://demos.eset.es https://descargas.eset.es https://download.eset.com https://eset.demdex.net https://formulario.eset.es https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.gstatic.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://demos.eset.es https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://backend.eset.es https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
img-src 'self' 'unsafe-eval' data: https://ct.capterra.com https://cdn-jhjnf.nitrocdn.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sjrstate.edu ; script-src https://platform.twitter.com https://widget.emsicc.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.sjrstate.edu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com https://code.jquery.com/ https://connect.facebook.net/ https://cse.google.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://siteimproveanalytics.com https://www.calendarwiz.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://embedr.flickr.com https://widgets.flickr.com ; style-src 'self' 'unsafe-inline' 'report-sample' https://*.sjrstate.edu https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://www.calendarwiz.com https://www.google.com ; img-src * ; font-src  https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://www.calendarwiz.com ; media-src 'self' ; base-uri 'self' ; manifest-src 'self' ; connect-src 'self' https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://embedr.flickr.com https://analytics.google.com ; frame-src 'self' https://*.google.com https://*.twitter.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com https://widget.emsicc.com https://www.calendarwiz.com https://app.smartsheet.com https://*.doubleclick.net ; prefetch-src https://netdna.bootstrapcdn.com ; 1
default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';connect-src 'self' https://nettskjema.no fonts.gstatic.com;img-src * data: blob:;object-src 'self' http://*.uio.no https://*.uio.no;media-src 'self' blob: http://*.uio.no https://folk.universitetetioslo.no/ https://*.uio.no https://*.oslomet.no https://*.uit.no https://*.uib.no https://*.usn.no https://*.nla.no https://*.inn.no https://*.himolde.no https://*.hiof.no https://*.aho.no https://*.nubu.no https://*.nkvts.no https://*.nmbu.no https://*.nord.no https://*.ntnu.no https://*.hivolda.no https://*.unis.no https://*.ansgarhogskole.no https://*.vid.no https://*.uia.no https://*.khio.no https://*.bi.no https://*.kristiania.no https://*.mf.no https://*.uis.no https://*.phs.no https://*.krus.no https://*.educloud.no https://*.ldh.no https://*.oslonh.no https://*.nmh.no https://*.sikt.no https://*.googleapis.com youtube.com https://insum.r-bup.no https://hioa365.sharepoint.com http://sshf.no https://www.kreftregisteret.no *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com;child-src 'self' http://*.uio.no https://*.uio.no https://folk.universitetetioslo.no/ youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com;frame-src 'self' mailto: https://nettskjema.no http://*.uio.no https://*.uio.no https://folk.universitetetioslo.no/ youtube.com *.youtube.com youtu.be *.youtu.be vimeo.com *.vimeo.com https://app.box.com;frame-ancestors 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://nettskjema.no;upgrade-insecure-requests;report-uri /csp-report 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://flimpie.net 'wasm-unsafe-eval'; font-src 'self' https://flimpie.net; img-src 'self' data: blob: https://flimpie.net; style-src 'self' https://flimpie.net 'nonce-hrpgOT1zsvqwN0zHbJ/wkQ=='; media-src 'self' data: https://flimpie.net; frame-src 'self' https:; child-src 'self' blob: https://flimpie.net; worker-src 'self' blob: https://flimpie.net; connect-src 'self' blob: data: wss://flimpie.net https://flimpie.net; manifest-src 'self' https://flimpie.net; form-action 'self' 1
default-src 'self' blob: https://www.google.com https://admin.hondafcu.org https://hondafcu-prod-admin.azure.silvertech.net https://www.hondafcu.org https://testadmin.hondafcu.org fast.wistia.net *.wistia.com  *.iorad.com embedwistia-a.akamaihd.net; script-src 'self' blob: https://www.hondafcu.org https://admin.hondafcu.org https://hondafcu-prod-admin.azure.silvertech.net https://testadmin.hondafcu.org integration.silvercloudinc.com integration-cdn.silvercloudinc.com maps.googleapis.com siteimproveanalytics.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com fast.wistia.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' https://testadmin.hondafcu.org https://admin.hondafcu.org https://hondafcu-prod-admin.azure.silvertech.net https://www.hondafcu.org data: 'unsafe-inline' *.siteimproveanalytics.io maps.gstatic.com maps.googleapis.com integration.silvercloudinc.com integration-cdn.silvercloudinc.com litho.silvercloudinc.com fast.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com embed-ssl.wistia.com; font-src https://www.hondafcu.org 'self' data: fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com; style-src 'self' https://www.hondafcu.org 'unsafe-inline' integration.silvercloudinc.com integration-cdn.silvercloudinc.com fonts.googleapis.com maxcdn.bootstrapcdn.com; connect-src 'self' https://litho.silvercloudinc.com https://integration.silvercloudinc.com https://integration-cdn.silvercloudinc.com www.google-analytics.com distillery.wistia.com pipedream.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com *.wistia.com *.silvercloud.com maps.googleapis.com; frame-ancestors 'self' https://www.hondafcu.org https://admin.hondafcu.org https://hondafcu-prod-admin.azure.silvertech.net https://testadmin.hondafcu.org; 1
frame-ancestors 'self'  https://*.wzrc.net 1
frame-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru http://*.youtube.com; report-uri https://myklad.org/csp-report.php 1
default-src 'none'; child-src 'self' js.stripe.com hooks.stripe.com www.googletagmanager.com/ns.html www.facebook.com staticxx.facebook.com bid.g.doubleclick.net www.youtube.com player.vimeo.com www.recaptcha.net recaptcha.google.com www.google.com/recaptcha calendly.com *.cloudflarestream.com; connect-src 'self' wss: fonts.googleapis.com fonts.gstatic.com api.stripe.com api.honeybadger.io maps.googleapis.com *.google-analytics.com/ *.analytics.google.com www.facebook.com/tr/ www.googleadservices.com stats.g.doubleclick.net cloudflareinsights.com adservice.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' js.stripe.com hooks.stripe.com www.googletagmanager.com/ns.html www.facebook.com staticxx.facebook.com bid.g.doubleclick.net www.youtube.com player.vimeo.com www.recaptcha.net recaptcha.google.com www.google.com/recaptcha calendly.com *.cloudflarestream.com; img-src 'self' https: data:; form-action 'self' connect.stripe.com pay.gocardless.com pay-sandbox.gocardless.com connect.gocardless.com connect-sandbox.gocardless.com oauth.gocardless.com oauth-sandbox.gocardless.com www.facebook.com accounts.google.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' https:; worker-src 'self' www.recaptcha.net; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com js.honeybadger.io www.googletagmanager.com www.google-analytics.com *.analytics.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google.com/ads/user-list www.google.com/pagead/conversion_async.js bid.g.doubleclick.net tagmanager.google.com www.gstatic.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com www.recaptcha.net www.google.com/recaptcha assets.calendly.com 'nonce-36DSLQ+Z6CaaBjx+TQ6EmA=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com js.stripe.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://wodboard.report-uri.com/r/d/csp/enforce 1
default-src 'self' static.mycity.travel static.montreuxriviera.com * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 1
default-src 'self' blob: https://*.lrs.com:* http://*.lrs.com:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src *.google-analytics.com 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src *.google-analytics.com 'self' data: *; frame-ancestors 'self' https://*.lrs.com:* http://*.lrs.com:*; 1
default-src https: http: blob: data: 'unsafe-inline' 'unsafe-eval'; object-src ceros.com www3.ceros.com view.ceros.com wwwprod.eastdilsecured.com wwwprodbe.eastdilsecured.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; base-uri http: https:; frame-ancestors 'self' eastdil-secured.preview.ceros.com api.ceros.com view.ceros.com www3.ceros.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com ceros.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; 1
default-src 'self' www.youtube.com ga.vyond.com *.hotjar.com *.hotjar.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.gstatic.com cdn.datatables.net *.salesforceliveagent.com connect.facebook.net vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.hotjar.com cdn.cookielaw.org/scripttemplates/ *.onetrust.com/;object-src 'none';style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.gstatic.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com;img-src 'self' data: www.facebook.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.it cdn.cookielaw.org/logos/;media-src 'none';frame-src 'self' www.youtube.com www.google.com ga.vyond.com *.hotjar.com;font-src 'self' fonts.gstatic.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com;connect-src 'self' vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.it *.hotjar.com *.hotjar.io cdn.cookielaw.org *.onetrust.com/ wss://*.hotjar.com wss://*.hotjar.io;frame-ancestors 'self';worker-src 'self' 1
object-src 'none'; default-src 'none'; script-src 'none'; style-src 'sha256-4tRu5hLn7sc3jZbNQDAYWF53Gycp2smsktcXnwmndh8=' 'sha256-ja67PuHLTuoOA5VBPOwrMGOnffWINgPOuWVHg5N4z7A='; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; block-all-mixed-content; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.graphicdesignforum.com/logs/ https://www.graphicdesignforum.com/sidekiq/ https://www.graphicdesignforum.com/mini-profiler-resources/ https://www.graphicdesignforum.com/assets/ https://www.graphicdesignforum.com/brotli_asset/ https://www.graphicdesignforum.com/extra-locales/ https://www.graphicdesignforum.com/highlight-js/ https://www.graphicdesignforum.com/javascripts/ https://www.graphicdesignforum.com/plugins/ https://www.graphicdesignforum.com/theme-javascripts/ https://www.graphicdesignforum.com/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https: 'unsafe-inline'; worker-src 'self' https://www.graphicdesignforum.com/assets/ https://www.graphicdesignforum.com/brotli_asset/ https://www.graphicdesignforum.com/javascripts/ https://www.graphicdesignforum.com/plugins/; report-uri https://www.graphicdesignforum.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru; connect-src 'self' ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru https://translate.googleapis.com an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru; font-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' youtube.com www.youtube.com *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://*.googleadservices.com *.googlesyndication.com https://*.googlesyndication.com *.google.com https://*.google.com https://apis.google.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; img-src 'self' blob: *.1c-bitrix.ru *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.2mdn.net https://*.2mdn.net data: *.doubleclick.net https://*.doubleclick.net *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yastatic.net https://yastatic.net avatars-fast.yandex.net avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; object-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yastatic.net https://yastatic.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru https://apis.google.com top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru; style-src 'self' 'unsafe-inline' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; 1
frame-ancestors https://bookingdemo.housemaster.com 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://alinta-digital-myaccount-frontend-root-config-test.azurewebsites.net https://alinta-digital-myaccount-frontend-root-config-train.azurewebsites.net https://myaccount.alintaenergy.com.au http://www.test.alintaenergy.com.au 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.newmarkhotels.com *.moz.com *.google.com *.gstatic.com https://unpkg.com https://www.youtube.com https://cdnjs.cloudflare.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com https://connect.facebook.net https://www.facebook.com https://booking.profitroom.com https://fonts.profitroom.com/ https://checkout.profitroom.com/ https://upperbooking.com/; img-src 'self' data: https://newmark-prod.s3.amazonaws.com https://www.googleapis.com https://www.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://booking.profitroom.com https://www.facebook.com https://fonts.profitroom.com/ https://checkout.profitroom.com/ https://upperbooking.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' centremanagement.eu 1
default-src 'unsafe-inline' 'self' https://c.bing.com https://*.clarity.ms; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 1
default-src https: blob: ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src blob: https: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.insurads.com wss://*.hotjar.com wss://*.smartadserver.com wss://*.weborama.fr wss://*.adnxs.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://norcal.social; img-src 'self' https: data: blob: https://norcal.social; style-src 'self' https://norcal.social 'nonce-2lYZVyjS7/goU62ocDRweg=='; media-src 'self' https: data: https://norcal.social; frame-src 'self' https:; manifest-src 'self' https://norcal.social; form-action 'self'; child-src 'self' blob: https://norcal.social; worker-src 'self' blob: https://norcal.social; connect-src 'self' data: blob: https://norcal.social https://files.mastodon.norcal.social wss://norcal.social; script-src 'self' https://norcal.social 'wasm-unsafe-eval' 1
default-src data: 'unsafe-inline' 'self' https: pjtpartners.com *.pjtpartners.com *.fictive-pjt.net fictive-pjt-qa.s3.amazonaws.com; upgrade-insecure-requests 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-YzBjMGFiMGQtNGY2NS00YTU5LTliMjUtN2U1ZTk5NjRiMjc1'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://argus2022.wpengine.com 1
frame-ancestors 'self' webgamer.io iframed.page 1
default-src 'self'; img-src 'self'  cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://eupolicy.social; img-src 'self' https: data: blob: https://eupolicy.social; style-src 'self' https://eupolicy.social 'nonce-CgKsLbskU+56A/8WWxERTw=='; media-src 'self' https: data: https://eupolicy.social; frame-src 'self' https:; manifest-src 'self' https://eupolicy.social; form-action 'self'; child-src 'self' blob: https://eupolicy.social; worker-src 'self' blob: https://eupolicy.social; connect-src 'self' data: blob: https://eupolicy.social https://eupolicy.social wss://eupolicy.social; script-src 'self' https://eupolicy.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.cbbd.be www.stripmuseum.be www.comicscenter.net csi.gstatic.com code.jquery.com ajax.googleapis.com img.youtube.com www.youtube.com api-public.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com maps.googleapis.com www.google.com reservation.elloha.com cdn.usefathom.com 1
default-src 'self' ;script-src 'self'  'sha256-cELMPlzOVWb7jPqC+0BRkGamcnOEuA4IgU5s+L2b1kM=' 'sha256-a5vv/GegtF2ZmWXC4cohEATRuM61kd4L/BRgiHEcqsE=' 'sha256-lOcUiK9nCwKGCzWBdpoPeeB0ejlAtDZbLVaAyLnj40Y=' 'sha256-rqX2XMzD1rqTuhGGuvpRuv6A0BPd2ZyhsPSL+bbIaYQ=' 'sha256-BvVxiTx2ttLRg8LlNaRyIUWX5Fq7H1IVPpcFl2CtQiU=' 'sha256-FZEF9ljWOZLxWzDtc1BR5U5P9L4GYP0itcVWv0W4PYc=' 'sha256-3+epbPCdOb1LPhGi0k/JdEqNsKP4pfbD6FOTgbk1iEA=' 'sha256-txpQ06GMOoYYsOPexNp5Yx4g/6F11Sp229pnr1RHIk8=' 'sha256-n3kJmS90fvRo+CNN9MAHKLeLGLMv8JSCmJN8mvb/iU0=' 'sha256-BTmYrbz/Bss9TnW84NWhywcMlr1kJR/HGveBo6NU3/U=' 'sha256-yaHvRfGt23wyOtNTzYbUkAxg1es62CxJAcifbmqvKd8=' https://matomo.holmbank.ee https://accountscoring.com https://*.accountscoring.com https://www.googletagmanager.com https://*.adform.net https://connect.facebook.net https://www.facebook.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://www.googleadservices.com;base-uri 'self';form-action 'self' ;style-src 'self' 'unsafe-inline';connect-src 'self' https://sso.holmbank.ee https://*.holmbank.ee https://*.montonio.com https://accountscoring.com https://*.accountscoring.com https://connect.facebook.net https://www.facebook.com https://*.clarity.ms https://pagead2.googlesyndication.com https://*.bing.com https://google.com https://www.google.com https://www.google.ee https://www.google.lv blob:;media-src https://content.holmbank.ee;img-src 'self' data: https://*.holmbank.ee https://server.seadform.net https://*.bing.com https://www.facebook.com https://google.com https://www.google.com https://www.google.ee https://www.google.lv https://*.clarity.ms https://googleads.g.doubleclick.net;frame-ancestors 'self' https://*.holmbank.ee;frame-src 'self' blob: https://*.holmbank.ee https://*.liisi.ee https://*.typeform.com https://app.recommy.com https://*.doubleclick.net https://*.adform.net;object-src 'self' blob: https://*.holmbank.ee;upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-AUrAbTLN12341' 'unsafe-inline' http: https:;object-src 'self';require-trusted-types-for 'script';base-uri 'https://www.sdi.fi';frame-ancestors 'self';form-action 'self'; 1
default-src 'self' https://www.shepherdsfriendly.co.uk; connect-src *.google.com *.hotjar.com *.yieldify-production.com optimize.google.com stranger.yieldify-production.com ws10.hotjar.com ws11.hotjar.com ws12.hotjar.com ws14.hotjar.com ws15.hotjar.com ws16.hotjar.com ws17.hotjar.com ws18.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com www.google-analytics.com https://*.googleapis.com https://*.gstatic.com http://*.hotjar.com wss://*.hotjar.com https://*.yieldify.com https://api-b.shepherdsfriendly.co.uk https://api.addressy.com https://api.reviews.co.uk https://api.reviews.io https://api.shepherdsfriendly.co.uk https://assets1.lottiefiles.com https://assets10.lottiefiles.com https://assets4.lottiefiles.com https://assets5.lottiefiles.com https://assets6.lottiefiles.com https://bat.bing.com https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://in.hotjar.com https://region1.google-analytics.com https://shepherdsfriendly.blob.core.windows.net https://shepherdsfriendly.involve.me/embed https://shepherdsfriendly.secure.force.com https://shepherdsfriendly.sjv.io https://stats.g.doubleclick.net https://surveystats.hotjar.io https://tracking.sendingads.com https://vc.hotjar.io https://ws10.hotjar.com https://ws11.hotjar.com https://ws12.hotjar.com https://ws14.hotjar.com https://ws15.hotjar.com https://ws16.hotjar.com https://ws17.hotjar.com https://ws18.hotjar.com https://ws2.hotjar.com https://ws3.hotjar.com https://ws4.hotjar.com https://ws6.hotjar.com https://ws7.hotjar.com https://ws8.hotjar.com https://www-b.shepherdsfriendly.co.uk https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shepherdsfriendly.co.uk https://yieldify.connectorengine.com;; font-src 'self' data: https://assets.reviews.io https://cdn.honey.io https://fonts.gstatic.com https://fonts.yieldify-production.com/fonts/369/bf27f6e1-149d-453c-a530-492c74dff6d4.ttf https://maxcdn.bootstrapcdn.com https://pro.fontawesome.com https://script.hotjar.com https://stackpath.bootstrapcdn.com https://static3.avast.com https://www.shepherdsfriendly.co.uk; frame-ancestors 'self' https://www.shepherdsfriendly.co.uk; frame-src optimize.google.com www.google-analytics.com https://*.google.com https://*.opendns.com https://forms.office.com https://js.stripe.com https://mozbar.moz.com https://service.force.com https://shepherdsfriendly.involve.me/ https://smct.co https://td.yieldify.com https://tpc.googlesyndication.com https://tracking.sendingads.com https://vars.hotjar.com https://www.facebook.com https://www.getfeedback.com/ https://www.google.com https://www.google.com.x.80fe432004bb804a1f0b0ca0854aa3f5a792.9270fc47.id.opendns.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.zenaps.com; child-src optimize.google.com www.google-analytics.com https://*.google.com https://*.opendns.com https://forms.office.com https://js.stripe.com https://mozbar.moz.com https://service.force.com https://shepherdsfriendly.involve.me/ https://smct.co https://td.yieldify.com https://tpc.googlesyndication.com https://tracking.sendingads.com https://vars.hotjar.com https://www.facebook.com https://www.getfeedback.com/ https://www.google.com https://www.google.com.x.80fe432004bb804a1f0b0ca0854aa3f5a792.9270fc47.id.opendns.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.zenaps.com; img-src 'self' *.google.com *.googleusercontent.com data: optimize.google.com www.google-analytics.com https://*.google.co.nz https://*.google.com.au https://*.google.it https://*.google.nl https://*.googleapis.com https://*.gstatic.com https://990876471.privacysandbox.googleadservices.com https://analytics.twitter.com https://app.getsentry.com https://assets-v2.yieldify.com https://assets.reviews.io https://assets.yieldify.com https://bat.bing.com https://bat.bing.com/action https://browser-update.org https://cdn.honey.io https://d226aj4ao1t61q.cloudfront.net https://googleads.g.doubleclick.net https://script.hotjar.com https://secure.gravatar.com https://shepherdsfriendly--c.um1.visual.force.com https://shepherdsfriendly.blob.core.windows.net https://shepherdsfriendly.co.uk https://shepherdsfriendly.my.salesforce.com https://t.co https://tracking.sendingads.com https://widget.reviews.co.uk https://www-b.shepherdsfriendly.co.uk https://www.awin1.com https://www.bounty.com https://www.emmasdiary.co.uk https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uk/ads/ga-audiences https://www.google.com https://www.google.com/ads/ga-audiences https://www.google.com.au https://www.google.com.cy https://www.google.com.hk https://www.google.com.my https://www.google.com.ng https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.vn https://www.google.com.x.7727948d06d9304b2709fab0fd13343e5900.9270fc42.id.opendns.com/s/www.google.com/ads/ga-audiences?X-OpenDNS-Session=_7727948d06d9304b2709fab0fd13343e59009270fc42_FukYld6d_t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-36114979-1&cid=1674117314.1669298369&jid=120798283&_u=QACAAEAAQAAAACAEK~&z=1018421228 https://www.google.de https://www.google.es https://www.google.gg https://www.google.ie https://www.google.im https://www.google.it https://www.google.la https://www.google.lv https://www.google.nl https://www.google.pt https://www.google.se https://www.google.si https://www.googletagmanager.com https://www.gstatic.com https://www.usdaw.org.uk https://www.zenaps.com https://www.shepherdsfriendly.co.uk; media-src https://shepherdsfriendly.blob.core.windows.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' optimize.google.com www.google-analytics.com https://*.salesforceliveagent.com https://*.yieldify.com https://ajax.googleapis.com https://analytics.twitter.com http://app.yieldify.com https://app.yieldify.com http://bat.bing.com https://bat.bing.com http://browser-update.org http://cdn.ravenjs.com https://code.jquery.com https://connect.facebook.net https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://js.smct.io https://js.stripe.com https://maxcdn.bootstrapcdn.com https://prism.app-us1.com https://pro.fontawesome.com https://script.hotjar.com https://secure.adnxs.com https://service.force.com https://shepherdsfriendly.involve.me https://shepherdsfriendly.involve.me/embed https://shepherdsfriendly.my.salesforce-sites.com https://shepherdsfriendly.my.salesforce.com https://shepherdsfriendly.secure.force.com http://smct.co https://smct.co https://stackpath.bootstrapcdn.com https://static.ads-twitter.com https://static.hotjar.com https://static.lightning.force.com https://td.yieldify.com http://tpc.googlesyndication.com https://trackcmp.net https://unpkg.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://utt.impactcdn.com https://websites.cdn.getfeedback.com https://widget.reviews.co.uk https://www.dwin1.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.google.com/recaptcha/api.js http://www.googleadservices.com https://www.googleadservices.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com/iframe_api http://www.zenaps.com https://www.shepherdsfriendly.co.uk; style-src 'self' 'unsafe-inline' data: optimize.google.com www.google-analytics.com https://*.honey.io https://ajax.googleapis.com https://assets.reviews.io https://cdn.honey.io http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://pro.fontawesome.com https://service.force.com https://shepherdsfriendly.my.salesforce-sites.com https://shepherdsfriendly.secure.force.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://utt.impactcdn.com https://www.shepherdsfriendly.co.uk 1
default-src 'none'; script-src 'self' blob: 'unsafe-inline' https://livechat.udmedia.de https://www.paypalobjects.com https://www.google.com https://www.gstatic.com 'unsafe-eval'; object-src 'self'; style-src 'self' https://livechat.udmedia.de https://udmedia.de 'unsafe-inline'; img-src 'self' data: https://livechat.udmedia.de https://hilfe.udmedia.de https://udmedia.de https://ssl.lux01.de; media-src 'self' https://livechat.udmedia.de; frame-src 'self' https://www.google.com https://livechat.udmedia.de; font-src 'self' https://www.paypalobjects.com https://livechat.udmedia.de; connect-src 'self' https://livechat.udmedia.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.guidecom.de connect.guidecom.de *.google-analytics.com *.marketo.net *.marketo.com *.app-nld101.marketo.com *.guidecomtest.de *.googletagmanager.com *.usercentrics.eu *.etracker.com *.etracker.de *.jsdelivr.net *.googleapis.com *.lfeeder.com; connect-src 'self' connect.guidecom.de 473-lkh-167.mktoresp.com nld1rtp1.marketo.com *.mktoresp.com *.google-analytics.com *.usercentrics.eu *.etracker.com *.etracker.de *.lfeeder.com; img-src 'self' data: *.usercentrics.eu  *.youtube.com *.google-analytics.com *.ytimg.com *.vimeocdn.com *.lfeeder.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pages.guidecom.de munchkin.marketo.com *.usercentrics.eu *.lfeeder.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com rtp-static.marketo.com pages.guidecom.de; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' 'unsafe-inline' connect.guidecom.de pages.guidecom.de *.youtube-nocookie.com *.youtube.com *.sli.do *.vimeo.com vimeo.com *.meetergo.com *.lamapoll.de *.lfeeder.com; frame-ancestors 'self' *.guidecom.de *.etracker.com *.lfeeder.com; worker-src 'self' blob: *.guidecom.de muuri.js *.lfeeder.com; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' 1
frame-ancestors 'self' https://hyundai-motors.zp.ua/ 1
frame-ancestors www.pcgarage.ro pcgarage.ro www.cardavantaj.ro cardavantaj.ro prod.cardavantaj.ro 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src 'self' data: https://www.google.com https://www.google.com.ec https://googleads.g.doubleclick.net https://v2.zopim.com https://www.cedia.edu.ec; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; connect-src wss://widget-mediator.zopim.com https://ekr.zdassets.com https://www.google-analytics.com https://stats.g.doubleclick.ne https://stats.g.doubleclick.net https://cedia.edu.ec https://maps.googleapis.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ijq-nsuK4X46hDhvr8Qcxw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' trevipay.enablix.com; 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.gstatic.com https://www.youtube.com https://unpkg.com  https://cdnjs.cloudflare.com      https://www.youtube-nocookie.com https://www.recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/      https://*.googletagmanager.com https://*.google-analytics.com;      object-src 'none';      style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com/ https://cdnjs.cloudflare.com;      font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com;      img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com  https://*.tile.openstreetmap.org https://server.arcgisonline.com;      connect-src 'self' https://hr.sabafgroup.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;      frame-src 'self' https://www.recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/      https://www.youtube.com https://www.youtube-nocookie.com https://cdn.knightlab.com https://syndication.teleborsa.it; 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com apps.ticketmatic.com cdn.guestplan.com etender-connect.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net *.amazonaws.com *.browsealoud.com *.speechstream.net *.texthelp.com browsealoud-webservices-eu.texthelp.com *.google.com *.googleapis.com *.spotify.com *.brandloyalty.com smartconnections.crmplatform.nl snap.licdn.com code.jquery.com static.martiniplaza.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.mailchimp.com www.gstatic.com static.martiniplaza.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com cdn.martiniplaza.nl static.martiniplaza.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com gstpln-cdn-img-prod.azureedge.net googleads.g.doubleclick.net www.facebook.com www.google.nl *.browsealoud.nl  *.texthelp.com *.browsealoud.com px.ads.linkedin.com static.martiniplaza.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com youtu.be www.youtube.com subscribe.mailinglijst.nl  *.google.com *.googleapis.com *.spotify.com *.brandloyalty.com static.martiniplaza.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com youtu.be www.youtube.com subscribe.mailinglijst.nl  *.google.com *.googleapis.com *.spotify.com *.brandloyalty.com static.martiniplaza.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net blob: static.martiniplaza.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com apps.ticketmatic.com etender-connect.com stats.g.doubleclick.net *.browsealoud.com *.speechstream.net *.texthelp.com browsealoud-webservices-eu.texthelp.com eur1-wp2-ccpv2-api-acc-as.azurewebsites.net cdn.linkedin.oribi.io static.martiniplaza.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com *.texthelp.com  static.martiniplaza.nl; form-action 'self' *.speechstream.net martiniplaza.crmplatform.nl; worker-src 'self' static.martiniplaza.nl; manifest-src 'self' static.martiniplaza.nl; prefetch-src 'self' static.martiniplaza.nl; frame-ancestors ;  1
default-src  'self'  * data:  'unsafe-eval'  'unsafe-inline'  blob:  *.addtoany.com  *.agitate.ie  *.braintree-api.com  *.braintreegateway.com  *.cookielaw.org  *.double-click.com  *.doubleclick.net  *.facebook.com  *.facebook.net  *.hotjar.com  *.ihfserviceext.com  'unsafe-inline'  *.jsdelivr.net  *.smassets.net  *.googletagmanager.com  'unsafe-inline'  *.google.com  'unsafe-inline'  *.google.ie  'unsafe-inline'  *.google-analytics.com  'unsafe-inline'  *.googleapis.com  'unsafe-inline'  *.googletagmanager.com  'unsafe-inline'  *.gravatar.com  *.gstatic.com  *.paypal.com  *.stripe.com  *.stripe.network  *.surveymonkey.com  *.ytimg.com  *.youtube.com  *.youtube-nocookie.com;        script-src  'self' * 'unsafe-eval'  data:  blob:    *.addtoany.com  *.braintree-api.com  *.facebook.com  *.facebook.net  *.google.com   *.google.ie  'unsafe-inline'  *.googleapis.com  *.hotjar.com  *.ihfserviceext.com  *.paypalobjects.com  *.surveymonkey.com  ajax.googleapis.com  'unsafe-inline'  cdn.cookielaw.org  'unsafe-inline'  cdn.jsdelivr.net    checkout.paypal.com  'unsafe-inline'  code.jquery.com    connect.facebook.net  'unsafe-inline'  js.braintreegateway.com  'unsafe-inline'  js.stripe.com  'unsafe-inline'  www.facebook.com  'unsafe-inline'  www.google.com  'unsafe-inline'  www.google-analytics.com  'unsafe-inline'  www.googletagmanager.com  'unsafe-inline'  www.gstatic.com  'unsafe-inline'  www.youtube.com  'unsafe-inline'  www.double-click.com  vars.hotjar.com;           font-src  'self'  data:  *.google.ie  'unsafe-inline'  *.ihfserviceext.com  *.surveymonkey.com  *.fontawesome.com cdn.jsdelivr.net  'unsafe-inline'  fonts.gstatic.com  'unsafe-inline';         style-src  'self' *.fontawesome.com *.addtoany.com  *.google.ie  'unsafe-inline' *.gstatic.com *.googleapis.com  *.hotjar.com  'unsafe-inline'  *.ihfserviceext.com  *.surveymonkey.com  cdn.jsdelivr.net  'unsafe-inline'  fonts.googleapis.com  'unsafe-inline'  m.stripe.network  'unsafe-inline';   frame-src  'self'  ihfserviceext.com *.ihfserviceext.com *.tryinteract.com *.addtoany.com  *.agitate.ie  *.braintree-api.com  *.flexiquiz.com *.youtube.com *.braintreegateway.com  *.doubleclick.net  *.eventbrite.ie  *.facebook.com  *.facebook.net  *.google.com  *.google.ie  'unsafe-inline'  *.google-analytics.com  *.googleapis.com  *.googletagmanager.com  *.gravatar.com  *.gstatic.com  *.hotjar.com  *.ihfserviceext.com  *.paypal.com  *.paypalobjects.com  *.smassets.net  *.surveymonkey.com  *.youtube-nocookie.com  ajax.googleapis.com  'unsafe-inline'  cdn.cookielaw.org  'unsafe-inline'  cdn.jsdelivr.net    checkout.paypal.com  'unsafe-inline'  code.jquery.com    connect.facebook.net  'unsafe-inline'  gravatar.com  i.ytimg.com  *.ihfserviceext.com  'unsafe-inline'  js.braintreegateway.com  'unsafe-inline'  js.stripe.com  m.stripe.network;     frame-ancestors  'self'  ihfserviceext.com  *.ihfserviceext.com  *.addtoany.com  *.braintree-api.com  *.facebook.com  *.facebook.net  *.google.com    *.google.ie  *.googleapis.com  *.hotjar.com *.paypalobjects.com  *.surveymonkey.com  ajax.googleapis.com  cdn.cookielaw.org  cdn.jsdelivr.net    checkout.paypal.com  code.jquery.com    connect.facebook.net  js.braintreegateway.com  js.stripe.com  www.facebook.com  www.google.com  www.google-analytics.com  www.googletagmanager.com  www.gstatic.com  www.youtube.com www.youtube-nocookie.com.com www.double-click.com  vars.hotjar.com;  connect-src  'self'  *.addtoany.com  *.agitate.ie  *.braintree-api.com  *.braintreegateway.com  *.doubleclick.net  *.facebook.com  *.facebook.net  *.google.com  *.google.ie  'unsafe-inline'  *.google-analytics.com  *.googleapis.com  *.googletagmanager.com  *.gravatar.com  *.gstatic.com  *.hotjar.com  *.paypal.com  *.smassets.net  *.surveymonkey.com  *.youtube-nocookie.com  cdn.cookielaw.org  cdn.jsdelivr.net  checkout.paypal.com  content.hotjar.io  events.hotjar.io  *.hotjar.com  *.onetrust.com *.gravatar.com  i.ytimg.com  'unsafe-inline' *.ihfserviceext.com 'unsafe-inline' ihfserviceext.com  'unsafe-inline'  js.braintreegateway.com  js.stripe.com  m.stripe.network  stats.g.doubleclick.net  surveystats.hotjar.io  vc.hotjar.io  wss://*.hotjar.com  'unsafe-inline'  www.double-click.com  www.google-analytics.com  www.youtube.com; 1
default-src 'self' 'unsafe-inline' https://app.storyblok.com/ https://a.storyblok.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ 1
default-src 'self' https://france-volontaires.org https://*.france-volontaires.org https://cartevsi.gogocarto.fr https://ssl.google-analytics.com https://*.googleapis.com; frame-src 'self' https://france-volontaires.org https://france-volontaires.org https://*.france-volontaires.org https://preprod.france-volontaires.org/ https://netdna.bootstrapcdn.com https://code.jquery.com https://www.facebook.com https://cartevsi.gogocarto.fr https://static.cloudflareinsights.com https://*.france-volontaires.org https://static.addtoany.com https://www.google.com https://www.youtube.com https://embed.acast.com https://3e5d3d20.sibforms.com https://www.youtube-nocookie.com https://open.spotify.com https://*.googleapis.com; style-src 'unsafe-inline' https://france-volontaires.org https://netdna.bootstrapcdn.com https://code.jquery.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' https://france-volontaires.org https://maps.googleapis.com https://ajax.cloudflare.com/ https://www.clarity.ms https://connect.facebook.net https://analytics.tiktok.com https://cdn.jsdelivr.net https://code.highcharts.com https://ajax.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://static.cloudflareinsights.com https://www.google-analytics.com https://static.addtoany.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://*.googleapis.com; font-src https://france-volontaires.org https://fonts.gstatic.com https://*.googleapis.com data:; connect-src https://france-volontaires.org https://www.facebook.com/tr/ https://maps.googleapis.com https://c.clarity.ms https://s.clarity.ms https://connect.facebook.net https://analytics.tiktok.com https://*.google-analytics.com https://*.googleapis.com; img-src 'self' https://france-volontaires.org https://*.france-volontaires.org https://c.clarity.ms https://c.bing.com https://ajax.googleapis.com https://www.facebook.com https://france-volontaires.org https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.googleapis.com data:;object-src 'none'; base-uri 'self' https://france-volontaires.org https://*.france-volontaires.org; worker-src blob:; 1
frame-ancestors 'self' https://*.collierappraiser.com;         default-src 'self' https://*.collierappraiser.com/ http://www.colliertax.com/ https://fonts.gstatic.com/;        style-src 'self' https://*.collierappraiser.com/  https://floridarevenue.com/ https://*.google.com/ https://partner.googleadservices.com/ 'unsafe-inline';        script-src 'self' https://*.collierappraiser.com/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google.com/ https://partner.googleadservices.com/ https://*.googlesyndication.com/ https://ipinfo.io/ http://www.colliertax.com/ 'unsafe-inline'  'unsafe-eval';        frame-src 'self' https://*.collierappraiser.com/ https://www.recaptcha.net/recaptcha/ https://cse.google.com/ https://www.google.com/;        font-src 'self' https://*.collierappraiser.com/ https://fonts.gstatic.com/ data:;        img-src 'self' https://*.collierappraiser.com/ https://floridarevenue.com/ https://*.google.com/ https://*.gstatic.com/ data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://ads.sonataplatform.com https://cf.ignitionone.com https://ucarecdn.com https://*.clarity.ms https://www.googletagmanager.com http://www.googletagmanager.com https://www.clarity.ms/ https://latam-mazda.netmng.com https://live.rezync.com http://apps.storystream.it https://apps.storystream.it http://connect.facebook.net http://platform.twitter.com https://apps.storystream.ai https://snap.licdn.com http://ssl.p.jwpcdn.com https://secure.adnxs.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://analytics.twitter.com *.youtube.com https://s.ytimg.com http://ipinfo.io https://static.ads-twitter.com https://api.ipify.org https://cdnjs.cloudflare.com https://connect.facebook.net https://connect.facebook.net/en_US/sdk.js http://platform.twitter.com/impressions.js https://maps.google.com https://developers.google.com https://maps.googleapis.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://www.wunapps.com https://mazda.us10.list-manage.com http://static.ads-twitter.com/uwt.js http://cdn-akamai.mookie1.com/LB/LightningBolt.js https://secure.adnxs.com https://s.yimg.com http://tags.tiqcdn.com/utag/xaxis/mazdastagegws.club/prod/utag.js http://platform.twitter.com https://cdn.wishpond.net https://embedded.wishpondpages.com/; object-src 'self' data: ; style-src 'self' data: 'unsafe-inline' http://d7c4jjeuqag9w.cloudfront.net https://cloudfront.net https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://ads.sonataplatform.com region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com https://analytics.twitter.com https://cf.ignitionone.com https://ucarecdn.com https://c.bing.com https://s3-eu-west-1.amazonaws.com https://*.clarity.ms https://ib.adnxs.com https://px4.ads.linkedin.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.linkedin.com https://www.google.com.co http://*.cloudfront.net https://p.adsymptotic.com http://p.adsymptotic.com http://d3nlehdvzxvlz6.cloudfront.net https://apps.storystream.ai/app/js/1952190610569.js https://px.ads.linkedin.com http://prd.jwpltx.com https://t.co http://t.co https://cdnjs.cloudflare.com/ *.ytimg.com https://www.google.com https://www.google.co.cr https://cx.atdmt.com http://www.mazda.com.co https://co-gmtdmp.mookie1.com https://ad.doubleclick.net https://adservice.google.com https://t.co https://www.facebook.com http://www.wunapps.com https://www.wunapps.com https://maps.google.com https://maps.googleapis.com https://developers.google.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src blob: 'self' 'unsafe-inline' data: https://download-video.akamaized.net https://vod-progressive.akamaized.net https://player.vimeo.com  https://apps.storystream.ai/app/js/1952190610569.js http://www.mazdastagegws.club http://www.mazda.com.co https://cf.ignitionone.com; frame-src 'self' data: https://www.mazdadirectcredit.co/ http://52.1.141.62/ https://www.getfeedback.com/ netmng.com rezync.com https://apps.storystream.ai/app/js/1952190610569.js  https://www.facebook.com/ *.youtube.com *.google.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://vars.hotjar.com http://cdn-akamai.mookie1.com/ http://e.issuu.com/ https://www.wunapps.com/ http://www.wunapps.com/ https://outlook.live.com/ https://wunapps.com/ http://outlook.live.com/;  frame-ancestors 'self' data: outlook.live.com outlook.live.com/ https://outlook.live.com/ http://outlook.live.com/; font-src 'self' data: http://d7c4jjeuqag9w.cloudfront.net https://fonts.gstatic.com https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-900.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-v4deprecations.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-v4deprecations.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-v4deprecations.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-brands-400.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff2 https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.ttf https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.woff https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.ttf; connect-src 'self' data: http://localhost:3000/api/calculateMonthlyfee https://www.getfeedback.com/ region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com https://live.rezync.com https://latam-mazda.netmng.com https://*.clarity.ms https://analytics.google.com https://maps.googleapis.com http://d7c4jjeuqag9w.cloudfront.net https://d3g5d7323c2i6m.cloudfront.net http://d29qb9vav0xwuc.cloudfront.net http://d29qb9vav0xwuc.cloudfront.net http://cloudfront.net  http://ssl.p.jwpcdn.com https://campanas.mazda.co https://www.google-analytics.com https://stats.g.doubleclick.net https://s.yimg.com https://in.hotjar.com https://vc.hotjar.io https://prospectos.mazda.co https://ka-f.fontawesome.com/ https://apiplayer.enmediolabs.com https://apiplayer.enmediolabs.com:8080/ https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://api.zetaglobal.net https://lightboxcdn.com/ https://boomtrain.com https://d30o4d63vvluug.cloudfront.net https://cf.ignitionone.com https://cdn.linkedin.oribi.io; 1
default-src 'self' *.arendt.com *.googleapis.com *.googletagmanager.com *.hiss3lark.com *.vimeo.com *.gstatic.com *.vimeocdn.com *.ausha.co anchor.fm *.slidesharecdn.com *.youtube.com *.google.com *.maxcdn.com *.sentry.io *.cloudflare.com *.google-analytics.com *.matomo.cloud *.sans.org *.metacompliance.com 'unsafe-inline' 'unsafe-eval' blob: data: 1
object-src 'self';frame-ancestors 'self';base-uri 'self'; 1
frame-ancestors finegael.providentcrm.com www.finegael.ie hpp.realexpayments.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn1.b0e8.com  https://snap.licdn.com https://stats.sa-as.com *.googleapis.com *.google.com *.gstatic.com *.rubensteintech.com *.choate.com *.google-analytics.com *.siteimprove.com *.longtailvideo.com *.typekit.net cdn.bc0a.com *.googletagmanager.com *.youtube.com *.ytimg.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.choate.com; font-src 'self' *.googleapis.com *.gstatic.com *.choate.com *.typekit.net ; frame-src 'self' *.vimeo.com *.google.com *.youtube.com blob: 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NTcyYjRhMjk2ZDE0NGQ4NWE3YjYyN2UwMmM2MDMzNjI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rdi.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.rdi.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rdi.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src https://widget.writesonic.com/CDN/botsonic.min.js https://*.googletagmanager.com https://assets.cello.so https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://js.stripe.com https://js.hsforms.net https://js.hsforms.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net http://js.hs-scripts.com https://www.google-analytics.com https://www.google.com http://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://*.getbeamer.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem https://widget.writesonic.com/CDN/botsonic.min.js https://*.googletagmanager.com https://assets.cello.so https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://js.hsforms.net https://js.hsforms.com https://forms.hsforms.com https://js.hs-scripts.com https://www.google-analytics.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://*.getbeamer.com https://js.stripe.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'unsafe-eval' 'self'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://* blob: data: 'self'; child-src 'none'; frame-ancestors chrome-extension://eimcibccahnifekbdhahgehjockhmocg chrome-extension://dheionainndbbpoacpnopgmnihkcmnkl https://gmelius.com https://mail.google.com 'self'; frame-src https://d2nnr6irhfmb65.cloudfront.net/ https://storage.googleapis.com https://docs.google.com https://bid.g.doubleclick.net https://*.firebaseio.com https://forms.hsforms.com/ https://www.loom.com https://*.typeform.com/ https://www.youtube-nocookie.com/ https://app.getbeamer.com https://news.gmelius.com https://app.hubspot.com/ https://forms.hsforms.com/ https://www.youtube-nocookie.com/ https://help.gmelius.com/ https://push.getbeamer.com/ https://js.stripe.com/ https://track.hubspot.com https://www.google.com https://*.typeform.com/ https://www.loom.com; style-src https://fonts.googleapis.com https://app.getbeamer.com 'unsafe-inline' 'self'; font-src https://fonts.gstatic.com 'self'; connect-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://share.cello.so https://backend.getbeamer.com https://api.gmelius.com https://api-staging.gmelius.com https://www.googleapis.com https://*.google-analytics.com https://forms.hsforms.com/ https://securetoken.googleapis.com https://*.doubleclick.net https://api.hubapi.com wss://*.firebaseio.com https://gml.email https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://storage.googleapis.com/ https://*.clarity.ms https://c.bing.com https://identitytoolkit.googleapis.com; worker-src 'self'; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://akismet.com https://ajax.googleapis.com https://code.jquery.com https://connect.facebook.net https://ssl.google-analytics.com https://dme0ih8comzn4.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://news.kreaturamedia.com https://p.adsymptotic.com https://platform.twitter.com https://px.ads.linkedin.com https://s3.tradingview.com https://script.crazyegg.com https://secure.gravatar.com https://snap.licdn.com https://static.doubleclick.net https://stats.g.doubleclick.net https://syndication.twitter.com https://ts.w.org https://updates.themepunch.tools https://www.facebook.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://yoast.com https://in.hotjar.com https://vc.hotjar.io wss://ws23.hotjar.com https://ws23.hotjar.com wss://*.hotjar.com https://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://news.kreaturamedia.com https://www.facebook.com https://www.google.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://vars.hotjar.com;  img-src 'self' data: https://demo.vegatheme.com https://maps.gstatic.com https://maps.googleapis.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://mt0.googleapis.com https://mt1.googleapis.com https://ps.w.org https://px.ads.linkedin.com https://p.adsymptotic.com https://www.paypal.com https://www.paypalobjects.com https://secure.gravatar.com https://syndication.twitter.com https://s.w.org https://ts.w.org https://updates.themepunch-ext-a.tools https://www.themetechmount.in https://www.google.com https://www.google-analytics.com  https://googleads.g.doubleclick.net; object-src 'none'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://ssl.google-analytics.com https://demo.vegatheme.com https://d3rxaij56vjege.cloudfront.net https://platform.twitter.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://script.crazyegg.com https://snap.licdn.com https://s3.tradingview.com https://www.youtube.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com;  style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://s.ytimg.com https://www.gstatic.com; 1
default-src 'self' nftx.io storage.opensea.io ; frame-src 'self' widget.portis.io 1bzw2g6x5v1d.statuspage.io verify.walletconnect.com; script-src 'self' 'unsafe-inline'  www.googletagmanager.com www.google-analytics.com 1bzw2g6x5v1d.statuspage.io cdn.speedcurve.com https://static.cloudflareinsights.com; connect-src 'self' *.google-analytics.com *.nftx.xyz *.nftx.io gateway.thegraph.com arb1.arbitrum.io *.g.alchemy.com *.algolianet.com *.algolia.net *.wallet.coinbase.com api.thegraph.com api.opensea.io api.covalenthq.com stats.g.doubleclick.net https://eth-goerli.alchemyapi.io https://eth-mainnet.alchemyapi.io cloudflare-eth.com mainnet.infura.io goerli.infura.io arbitrum-mainnet.infura.io wss://www.walletlink.org wss://*.bridge.walletconnect.org wss://bridge.walletconnect.org wss://relay.walletconnect.com registry.walletconnect.org explorer-api.walletconnect.com mainnet-infura.wallet.coinbase.com api.coingecko.com vitals.vercel-insights.com cloudflare-ipfs.com goerli.api.0x.org api.0x.org arbitrum.api.0x.org http://localhost:3001 https://o558645.ingest.sentry.io; img-src * data: blob:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' canny.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.nftx.io; prefetch-src 'self' 'unsafe-inline' *.nftx.io; media-src 'self' https://openseauserdata.com https://storage.opensea.io; manifest-src 'self'; child-src 'self' https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors https://gnosis-safe.io https://app.safe.global/; report-uri https://nftxdao.uriports.com/reports/report; report-to default 1
default-src data: 'self' 'unsafe-inline' https://unpkg.com/js-datepicker https://unpkg.com/js-datepicker/dist/datepicker.min.css https://*.crwdcntrl.net https://www.youtube-nocookie.com https://*.amazonaws.com https://api.tintup.com https://cdn.hypemarks.com https://*.nr-data.net https://*.newrelic.com https://www.tintup.com https://*.facebook.net https://analytics.google.com https://*.analytics.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://*.onetrust.com https://*.sharethis.com https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.bootstrapcdn.com https://*.crowdriff.com https://*.addtoany.com https://*.fontawesome.com https://*.resy.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com; upgrade-insecure-requests 1
default-src www.evalesc.com analytics.evalesc.net 'unsafe-inline'; style-src www.evalesc.com fonts.googleapis.com analytics.evalesc.net 'unsafe-inline'; script-src www.evalesc.com https://analytics.evalesc.net:* 'unsafe-inline' 'unsafe-eval';  font-src www.evalesc.com data: fonts.gstatic.com 'self'; img-src data: www.evalesc.com https://analytics.evalesc.net:* 1
frame-ancestors 'self' https://agbuinnovationstudios.org https://www.agbuinnovationstudios.org; report-uri /report-csp-violation 1
default-src 'self' data: *.zdassets.com; img-src 'self' data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com www.google.ca www.google.com.sg https://*.twitter.com https://*.singpass.gov.sg https://*.zopim.io; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.singpass.gov.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net ajax.cloudflare.com *.twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.google.com *.googleapis.com *.singpass.gov.sg *.zdassets.com *.coinut.com; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.facebook.com *.linkedin.com; font-src 'self' https://*.gstatic.com; connect-src 'self' data: https://*.g.doubleclick.net www.google-analytics.com https://*.google.com https://api.zoomauth.com https://*.facebook.com https://www.tradingview.com https://*.coinut.com https://*.coinut.br.com https://*.coinut.ca https://*.coinut.sg wss://coinut.com wss://*.coinut.br.com wss://*.coinut.com *.singpass.gov.sg *.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com 1
default-src 'self' wss: blob: https://*.googlesyndication.com https://*.google.co.uk *.jquery.com https://heapanalytics.com/ https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ *.google.ca app.vwo.com https://*.paypalobjects.com https://*.paypal.com *.youtube.com https://*.accuride.com/ wss://*.zopim.com https://*.cybersource.com/ *.klarna.com/ *.klarnaevt.com *.klarnacdn.net/ *.onesignal.com/ *.vimeo.com https://*.klarnacdn.net/ https://*.zendesk.com/ *.zopim.com https://*.sentry.io *.visualwebsiteoptimizer.com/ https://onesignal.com/ https://*.bing.com *.zdassets.com/ *.online-metrix.net *.graphcms.com/ https://*.accuride.com/ https://*.google-analytics.com/ *.ytimg.com/* https://*.instagram.com/ http://gifs.com/ *.ipstack.com/ https://*.resultspage.com/ https://*.youtube.com/ https://*.youtube.com/iframe_api *.clarity.ms/ https://*.gstatic.com/* *.pinterest.com *.factors.ai *.factors.ai/assets/v1/factors.js *.jst.ai https://*.oribi.io *.nr-data.net/ *.yotpo.com/ https://*.google.co.in *.hygraph.com/ *.doubleclick.net https://*.googleapis.com/ https://*.google.com/ https://*.accuride.com/ *.addthis.com/ *.jst.ai/ *.callrail.com https://*.google.com/ *.visualwebsiteoptimizer.com/ https://*.accuride.com/graphql *.hygraph.com/ https://*.accuride.com/graphql *.ipgeolocation.io/ *.graphassets.com/ https://*.accuride.com/ *.zdassets.com/ https://*.youtube.com/iframe_api *.online-metrix.net/ *.cardinalcommerce.com/ https://*.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/recaptcha__en.js *.factors.ai/assets/v1/factors.js https://onesignal.com/ https://*.onesignal.com https://okt.to *.doubleclick.net *.justuno.com *.licdn.com *.pinimg.com *.bing.com http://*.resultspage.com *.clarity.ms *.factors.ai *.oktopost.com *.doubleclick.net *.nr-data.net https://*.gstatic.com/ *.newrelic.com/ *.yotpo.com https://*.googleapis.com/ https://unpkg.com/ *.gstatic.com *.moatads.com/ *.addthis.com/ *.addthisedge.com *.addthis.com/ *.jst.ai/ *.onesignal.com/ https://*.google-analytics.com/ https://*.google.com/ *.jst.ai/ *.sli-spark.com/ *.callrail.com/ https://*.google-analytics.com/ *.visualwebsiteoptimizer.com/ *.jst.ai/ http://*.resultsdemo.com/ https://*.googletagmanager.com/ *.callrail.com/ *.callrail.com/ *.yotpo.com/; img-src 'self' https://*.google.co.uk https://*.vimeocdn.com *.jst.ai https://i.vimeocdn.com/video/1089538398-5298c53a793c3ad9efd2bfb3034f21347eb2e8aab02c3a7eb826caa5ef165749-d_640 https://heapanalytics.com/ https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ *.doubleclick.net *.nr-data.net *.visualwebsiteoptimizer.com/ wingify-assets.s3.amazonaws.com app.vwo.com *.google.ca https://*.paypalobjects.com https://*.paypal.com *.youtube.com data: https://*.accuride.com/ https://*.onesignal.com/ *.onesignal.com/ https://*.zendesk.com/ *.zopim.com https://*.accuride.com/ *.vimeo.com *.visualwebsiteoptimizer.com/ *.sli-spark.com/ *.zdassets.com/ *.linkedin.com/ http://*.youtube.com/vi/_dnoi960z1Y/hqdefault.jpg http://*.youtube.com/vi/W5pkjvKge94/hqdefault.jpg http://*.youtube.com/vi/lbsKovM06YY/hqdefault.jpg http://*.youtube.com/vi/m922Nzb4YqY/hqdefault.jpg http://*.youtube.com/ https://*.ytimg.com/ https://*.online-metrix.net *.online-metrix.net/ *.clarity.ms *.bing.com https://*.linkedin.com/ *.ytimg.com/vi_webp/* https://*.graphcms.com https://*.accuride.com *.linkedin.com *.bing.com *.pinterest.com https://*.google.com https://www.google.co.in https://*.gstatic.com/ https://*.googleapis.com/ https://*.googletagmanager.com https://*.yotpo.com/ *.yotpo.com/ https://*.yotpo.com/ https://*.accuride.com/ *.visualwebsiteoptimizer.com/ https://*.google-analytics.com/ https://*.google.co.in/ *.graphassets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.jquery.com https://heapanalytics.com/ https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ app.vwo.com/ https://*.google.co.uk *.google.ca https://*.paypalobjects.com *.youtube.com https://*.paypal.com https://*.accuride.com/ https://*.cybersource.com/ *.klarna.com/ *.klarnaevt.com *.klarnacdn.net/ *.onesignal.com/ *.vimeo.com https://*.klarnacdn.net/ *.zopim.com https://*.zendesk.com/ https://zendesk-eu.my.sentry.io https://onesignal.com/ *.zdassets.com/ *.visualwebsiteoptimizer.com/ https://*.accuride.com/ *.zdassets.com/ https://*.youtube.com/iframe_api *.online-metrix.net/ *.cardinalcommerce.com/ https://*.youtube.com/* https://*.gstatic.com/ https://*.factors.ai https://onesignal.com/ https://*.onesignal.com https://okt.to *.doubleclick.net *.justuno.com *.licdn.com *.pinimg.com *.bing.com http://*.resultspage.com *.clarity.ms *.factors.ai *.oktopost.com *.doubleclick.net *.nr-data.net https://*.gstatic.com/ https://*.yotpo.com/ *.newrelic.com/ *.yotpo.com https://*.googleapis.com/ https://unpkg.com/ *.yotpo.com/ https://*.gstatic.com *.moatads.com/ *.addthis.com/ *.addthisedge.com *.addthis.com/ *.jst.ai/ *.onesignal.com/ https://*.google-analytics.com/ https://*.google.com/ *.jst.ai/ *.sli-spark.com/ *.callrail.com/ https://*.google-analytics.com/ *.visualwebsiteoptimizer.com/ *.jst.ai/ http://*.resultsdemo.com/ https://*.googletagmanager.com/ *.callrail.com/ *.callrail.com/ *.yotpo.com/ *.callrail.com/ https://*.accuride.com/ *.visualwebsiteoptimizer.com/ https://onesignal.com/ *.bing.com *.zdassets.com/ *.online-metrix.net *.graphcms.com/ https://*.accuride.com/ https://*.google-analytics.com/ *.ytimg.com/* https://*.instagram.com/ http://gifs.com/ *.ipstack.com/ https://*.resultspage.com/ https://*.youtube.com/ https://*.youtube.com/iframe_api *.clarity.ms/ https://*.gstatic.com/* *.pinterest.com *.factors.ai https://*.factors.ai/ *.jst.ai https://*.oribi.io *.nr-data.net/ *.yotpo.com/ https://*.google.co.in *.hygraph.com/ *.doubleclick.net https://*.googleapis.com/ https://*.google.com/ *.addthis.com/ *.jst.ai/ *.callrail.com https://*.google.com/ *.visualwebsiteoptimizer.com/ https://*.accuride.com/graphql *.hygraph.com/ https://*.accuride.com/graphql *.ipgeolocation.io/ *.graphassets.com/; script-src-elem 'self' 'unsafe-inline' *.jquery.com https://heapanalytics.com/ https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ https://*.google.co.uk app.vwo.com *.google.ca *.youtube.com *.google.co.in https://*.paypalobjects.com https://*.paypal.com *.klarna.com/ *.klarnacdn.net/ https://*.paypalobjects.com https://*.paypal.com https://*.cybersource.com/ *.vimeo.com *.klarnaevt.com https://*.klarnacdn.net/ *.onesignal.com/ https://*.accuride.com/ *.zopim.com https://*.zendesk.com/ https://*.sentry.io *.visualwebsiteoptimizer.com/ *.zdassets.com/ https://*.youtube.com/iframe_api *.online-metrix.net/ *.cardinalcommerce.com/ https://*.youtube.com/* https://*.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/recaptcha__en.js https://*.factors.ai/assets/v1/factors.js https://onesignal.com/ https://*.onesignal.com https://okt.to *.doubleclick.net *.justuno.com *.licdn.com *.pinimg.com *.bing.com http://*.resultspage.com *.clarity.ms *.factors.ai *.oktopost.com *.doubleclick.net https://*.yotpo.com/ *.nr-data.net https://*.gstatic.com/ *.newrelic.com/ *.yotpo.com https://*.googleapis.com/ https://unpkg.com/ *.yotpo.com/ https://*.gstatic.com *.moatads.com/ *.addthis.com/ *.addthisedge.com *.addthis.com/ *.jst.ai/ *.onesignal.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.jst.ai/ *.sli-spark.com/ *.callrail.com/ https://*.google-analytics.com/ *.visualwebsiteoptimizer.com/ *.jst.ai/ http://*.resultsdemo.com/ https://*.googletagmanager.com/ *.callrail.com/ http://*.callrail.com/ *.yotpo.com/ *.callrail.com/; style-src 'self' 'unsafe-inline' https://heapanalytics.com/ *.jquery.com https://*.google.co.uk https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ *.google.ca *.youtube.com *.nr-data.net *.vwo.com *.amazonaws.com *.google.co.in https://*.paypalobjects.com https://*.paypal.com https://*.yotpo.com/ *.yotpo.com *.klarna.com/ https://*.paypalobjects.com https://*.paypal.com *.klarnaevt.com *.vimeo.com *.cloudflare.com https://*.cybersource.com/ https://onesignal.com/ *.onesignal.com/ https://*.accuride.com/ *.zdassets.com/ https://*.zendesk.com/ *.visualwebsiteoptimizer.com/ *.yotpo.com *.jst.ai https://onesignal.com/ https://*.googleapis.com http://*.googleapis.com/ http://*.cloudflare.com/; style-src-elem 'self' 'unsafe-inline' https://heapanalytics.com/ *.jquery.com https://*.google.co.uk https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ *.google.ca *.youtube.com *.nr-data.net *.visualwebsiteoptimizer.com/ *.vwo.com *.amazonaws.com *.google.co.in https://*.paypalobjects.com https://*.paypal.com https://*.yotpo.com/ *.yotpo.com *.klarna.com/ *.klarnaevt.com *.jst.ai https://*.cybersource.com/ https://onesignal.com/ *.vimeo.com *.onesignal.com/ https://*.accuride.com/ https://*.zendesk.com/ https://*.googleapis.com *.zdassets.com/ *.visualwebsiteoptimizer.com/ http://*.googleapis.com/ http://*.cloudflare.com/; font-src 'self' http://*.gstatic.com/ https://*.google.co.uk https://heapanalytics.com/ https://ipapi.co/ https://*.auryc.com https://*.woopra.com/ https://*.heapanalytics.com/ *.google.ca *.youtube.com *.nr-data.net *.vwo.com *.amazonaws.com *.google.co.in https://*.zendesk.com/ https://*.accuride.com/ https://*.yotpo.com/ https://*.gstatic.com/ http://*.gstatic.com/* https://*.gstatic.com/* http://*.gstatic.com/s/roboto/v30/* *.vimeo.com http://*.gstatic.com/s/* https://*.bootstrapcdn.com/ *.yotpo.com/; base-uri 'none'; frame-src https://*.doubleclick.net *.googletagmanager.com actionlink.com *.twitter.com *.instagram.com/ https://*.online-metrix.net/ *.klarna.com/ https://*.accuride.com/ https://*.jst.ai https://*.pinterest.com *.youtube.com/ *.google.com/ *.vimeo.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fedifriends.social; img-src 'self' https: data: blob: https://fedifriends.social; style-src 'self' https://fedifriends.social 'nonce-2quJ9yHD5OjUSPZJP+IEJg=='; media-src 'self' https: data: https://fedifriends.social; frame-src 'self' https:; manifest-src 'self' https://fedifriends.social; form-action 'self'; child-src 'self' blob: https://fedifriends.social; worker-src 'self' blob: https://fedifriends.social; connect-src 'self' data: blob: https://fedifriends.social https://mastomedia.fedifriends.social wss://fedifriends.social; script-src 'self' https://fedifriends.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://translate.googleapis.com https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://translate.google.com https://www.googletagmanager.com/ https://translate.googleapis.com/ https://www.google-analytics.com/gtag/js https://translate-pa.googleapis.com/ https://www.google-analytics.com/analytics.js; frame-src 'self' 'unsafe-inline' 'unsafe-eval'  https://syndication.twitter.com/ https://www.facebook.com/ https://platform.twitter.com/; object-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com/ https://platform.twitter.com https://platform.twitter.com/widgets.js https://translate.googleapis.com/translate_static/css/translateelement.css; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com/ https://www.google-analytics.com/ ;  font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com/ https://fonts.gstatic.com/; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.occuspace.io *.googleapis.com code.iconify.design *.gstatic.com js.hs-scripts.com *.googletagmanager.com *.lfeeder.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com *.google-analytics.com cdn.loom.com *.hubspot.com stats.g.doubleclick.net rawgit.com dl.airtable.com www.google.com *.retool.com *.hsforms.net *.hsforms.com *.stackadapt.com forms.hscollectedforms.net js.hsleadflows.net occuspace-20482961.hs-sites.com *.opensend.com *.aggle.net *.alocdn.com aggle.net alocdn.com; frame-ancestors 'self' https://*.deervalley.com; 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net; worker-src 'self' blob:; object-src 'none';connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://ipinfo.io https://www.googleapis.com https://data.hockeystack.com; frame-src 'self' blob: https://www.google.com https://td.doubleclick.net; img-src 'self' data: https://secure.gravatar.com https://www.facebook.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io blob:; connect-src 'self' https://api.mapbox.com https://events.mapbox.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.addressy.com https://www.facebook.com https://pagead2.googlesyndication.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.google-analytics.com https://*.google.com https://googleads.g.doubleclick.net https://apikeys.civiccomputing.com; default-src 'self'; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.gstatic.com data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/recaptcha/ https://www.podbean.com https://www.facebook.com; img-src 'self' https://secure.gravatar.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://i.ytimg.com https://i.vimeocdn.com https://*.cloudfront.net http://*.cloudfront.net https://uploads.tickettailor.com https://*.podbean.com https://www.facebook.com https://*.gstatic.com https://googleads.g.doubleclick.net https://cdn-cookieyes.com data: blob:; media-src 'self' https://www.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.mapbox.com https://www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com https://s.ytimg.com https://code.jquery.com https://connect.facebook.net https://www.googleadservices.com https://cc.cdn.civiccomputing.com blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://*.googleapis.com; frame-ancestors 'self'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://registration.checkin.no  wss://ws.checkin.no https://static.checkin.no https://api.checkin.no; 1
default-src 'none'; frame-src 'self' https://js.stripe.com/ https://www.youtube.com/ https://geetoo.zohorecruit.com/ https://recruit.zoho.com/recruit/ https://www.google.com/recaptcha/ ; connect-src 'self' https://yoast.com https://ams.wpml.org ; font-src 'self' https://fonts.gstatic.com data: ; img-src 'self' data: secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com/ https://www.gstatic.com/recaptcha/ https://ams.wpml.org/ https://www.google.com/recaptcha/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://ams.wpml.org ; report-uri https://geetoo.report-uri.com/r/d/csp/wizard 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Zzw3Id7AY-1gfMYjH0GHuw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.hotelwize.com *.hotelwize.gr; 1
frame-ancestors default-src 'self' https://chat.invoxcontact.com; 1
default-src 'none'; frame-src 'self' *.qualtrics.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.akamaihd.net https://www.googletagmanager.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; img-src 'self' https://images.ctfassets.net https://*.siteintercept.qualtrics.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://*.akamaihd.net https://images.ctfassets.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://goldmansachs.my.sentry.io wss://www.gsmarkets.de; manifest-src 'self'; worker-src 'self'; report-uri /api/8/security/?sentry_key=45bef1e79c1e4d69b1a6531a757d0a7a; frame-ancestors https://www.flatex.de https://www.flatex.at 1
default-src 'self';object-src 'self';frame-src 'self' *.youtube.com *.youtube-nocookie.com https://player.vimeo.com https://consentcdn.cookiebot.eu https://umap.openstreetmap.fr https://umap.openstreetmap.de https://start.video-stream-hosting.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.z-u-g.org/matomo.js https://consentcdn.cookiebot.eu https://consent.cookiebot.eu ;style-src 'self' data: 'unsafe-inline' ;img-src 'self' data: ;font-src 'self' data: 'unsafe-inline' ;connect-src 'self' https://matomo.z-u-g.org https://consentcdn.cookiebot.eu;manifest-src 'self' 1
base-uri 'self'; font-src 'self' 'unsafe-inline' data: https://sothebys.test https://sothebys-admin.test https://localhost:3000 https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://cdn.livechatinc.com; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://sothebys.test https://sothebys-admin.test https://uat.cms.nzsir.com https://cms.nzsir.com https://bre-directus-uat.azurewebsites.net https://bre-directus-prod.azurewebsites.net https://www.google.co.nz https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net/ https://www.facebook.com https://img.youtube.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://ik.imagekit.io https://images.nzsothebysrealty.com http://127.0.0.1:*/ https://nzsothebysrealty.com https://www.nzsothebysrealty.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net https://fonts.googleapis.com https://cloud.typography.com https://use.typekit.net https://p.typekit.net https://unpkg.com/sanitize.css https://nzsothebysrealty.com https://www.nzsothebysrealty.com; connect-src 'self' data: https://sothebys.test https://sothebys-admin.test https://uat.cms.nzsir.com https://cms.nzsir.com https://bre-directus-uat.azurewebsites.net https://bre-directus.azurewebsites.net https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://api.hostaway.com https://booking-engine.hostaway.com https://api.raygun.io http://127.0.0.1:*/ ws://localhost:*/ wss://localhost:*/ http://localhost:*/ https://localhost:*/ ws://sothebys.test:*/ ws://local.nzsothebysrealty.com:*/ https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://api.livechatinc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com/recaptcha/api.js https://cdn.raygun.io/raygun4js/raygun.min.js https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.youtube.com https://vjs.zencdn.net https://maps.googleapis.com https://nzsothebysrealty.com https://www.nzsothebysrealty.com https://d2q3n06xhbi0am.cloudfront.net/calendar.js https://js.stripe.com/v3 https://auctionslive.com https://widget.auctionslive.com *.loopaautomate.com *.loopa.net.au looparesources.azureedge.net *.adnxs.com *.taboola.com; 1
upgrade-insecure-requests;     block-all-mixed-content;     default-src 'self';     frame-ancestors 'self';     frame-src 'self' https://heyflow.id https://www.youtube.com *.google.com;     object-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net https://irj27fs462.cloudfront.net https://dq4irj27fs462.cloudfront https://userlike-cdn-umm.b-cdn.net;     font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://irj27fs462.cloudfront.net https://dq4irj27fs462.cloudfront.net https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-regular.17252753a6588430aa1b.woff2 https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-regular.9ffdcf33f4c19919b0bd.woff https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-600.b22d2610327188f07b05.woff2 https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-600.0508b1157aaf7906c4b7.woff https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-700.0e3a2634e88ff1ed63f0.woff2 https://d3dc1lgancj6l0.cloudfront.net/fonts/open-sans-v15-latin_latin-ext-700.d709459ef625e7263ef1.woff https://d3dc1lgancj6l0.cloudfront.net/fonts/NotoColorEmoji.ca6fe1457dbfad67ea7b.ttf https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-regular.17252753a6588430aa1b.woff2 https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-regular.9ffdcf33f4c19919b0bd.woff https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-600.b22d2610327188f07b05.woff2 https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-600.0508b1157aaf7906c4b7.woff https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-700.0e3a2634e88ff1ed63f0.woff2 https://userlike-cdn-umm.b-cdn.net/fonts/open-sans-v15-latin_latin-ext-700.d709459ef625e7263ef1.woff https://userlike-cdn-umm.b-cdn.net/fonts/NotoColorEmoji.ca6fe1457dbfad67ea7b.ttf;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;     img-src 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://api.userlike.com https://irj27fs462.cloudfront.net https://dq4irj27fs462.cloudfront.net https://my.lancom-systems.de https://my.lancom-systems.com https://www.lancom-systems.de https://www.lancom-systems.com;     media-src 'self' https://d3dc1lgancj6l0.cloudfront.net https://irj27fs462.cloudfront.net https://dq4irj27fs462.cloudfront.net;     connect-src 'self' data: blob: wss: https://*.googleapis.com *.google.com https://*.gstatic.com https://www.userlike.com/api/lang/umm/de_DE/ttag https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://chat.userlike.com wss://chat.userlike.com https://api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://www.userlike.com/api/um/media/upload/ https://www.userlike.com/api/um/chat/handle/ https://my.lancom-systems.de https://my.lancom-systems.com https://www.lancom-systems.de https://www.lancom-systems.com;     form-action 'self' *.devicetunnel.lancom-coeo-it.de;     base-uri 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6eXNdgFfGxxuTYfS2H/bL1TXOl0N0x5McFegmxpm8BrJrl4H' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self'; frame-src 'self' 1
default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob:; report-uri 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.google-analytics.com *.analytics.google.com; font-src 'self' data: https:; connect-src 'self' https: *.google-analytics.com *.analytics.google.com; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com static.moliri.dk *.azure.com *.google-analytics.com *.doubleclick.net data: www.gstatic.com statservicefunctions.azurewebsites.net hearingportalfilestorage.blob.core.windows.net cookiecontrol.bleau.dk *.devtunnels.ms api-eu1.cludo.com *.silkeborg.dk *.cdn.septima.dk *.api.cludo.com api.cludo.com https://api.cludo.com customer.cludo.com backend.chatbot.dendigitalehotline.dk app-moliripublic-silkeborgkommune-prod.azurewebsites.net tmsensordata.azurewebsites.net api.dataforsyningen.dk api-eu1.cludo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdhsign.dk cdnjs.cloudflare.com unpkg.com static.moliri.dk customer.cludo.com *.gstatic.com npmcdn.com *.cdn.septima.dk *.silkeborg.dk chatbot.dendigitalehotline.dk;script-src 'self' 'unsafe-inline' *.moliri.dk *.bleau.dk *.cludo.com *.gstatic.com *.monsido.com moliricdn.azurewebsites.net *.azure.com cdn.jsdelivr.net cookiecontrol.bleau.dk *.devtunnels.ms  *.silkeborg.dk *.cdn.septima.dk 'unsafe-eval' *.api.cludo.com api.cludo.com https://api.cludo.com customer.cludo.com blob:;frame-ancestors https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com www.provector.dk app.powerbi.com https://chatbot.dendigitalehotline.dk;frame-src https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com www.provector.dk app.powerbi.com https://chatbot.dendigitalehotline.dk;img-src 'self'  data: hearingportalfilestorage.blob.core.windows.net cdhsign.dk *.cludo.com static.moliri.dk *.monsido.com *.devtunnels.ms moliri.dk *.cdn.septima.dk *.silkeborg.dk services.datafordeler.dk *.cludo.com chatbot.dendigitalehotline.dk app-moliripublic-assenskommune-prod.azurewebsites.net app-moliripublic-silkeborgkommune-prod.azurewebsites.net services.drift.kortinfo.net api.dataforsyningen.dk septima.dk www.septima.dk;media-src 'self' dreambroker.com youtube.com vimeo.com molirivideostorage.blob.core.windows.net cdhsign.dk delivery.twentythree.com cdn.skyfish.com *.cloudfront.net *.devtunnels.ms *.cdn.septima.dk *.silkeborg.dk chatbot.dendigitalehotline.dk; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-AveogE8ZW/47EJoxJepkLg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub849937dfa04b034f76fc653a1f8565c8&dd-evp-origin=content-security-policy&ddsource=csp-report 1
script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-src https://*.punchout2go.com https://*.baycloud.com https://gsk.demdex.net https://dpm.demdex.net https://*.gsk.com https://*.gskdirect.com https://*.medtargetsystem.com https://gskus.az1.qualtrics.com https://aim-tag.hcn.health https://*.tealiumiq.com https://gsk.demdex.net https://*.demdex.net https://gsk-app.quantummetric.com https://glaxosmithklinebeech.tt.omtrdc.net https://gskusp.sc.omtrdc.net https://www.priorix.com https://api.priorix.com https://experience.priorix.com https://assets.gskstatic.com; frame-ancestors https://*.punchout2go.com https://*.ecommerce.gsk.com https://*.gskdirect.com https://gskus.az1.qualtrics.com https://aim-tag.hcn.health https://www.priorix.com https://api.priorix.com https://experience.priorix.com https://assets.gskstatic.com https://gsk.demdex.net; 1
frame-ancestors 'self' https://login.amaseguros.com 1
default-src 'self'; img-src * 'self' data: https:; frame-src https://www.youtube.com https://www.google.com; connect-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' https://secure.want7feed.com/js/213813.js https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://www.kuechen-arena.de; 1
default-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk www.youtube-nocookie.com; script-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk st.nwl.cgov.cuttlefish.com *.sentry-cdn.com *.google-analytics.com static.addtoany.com cdnjs.cloudflare.com dfsrovckda8bt.cloudfront.net connect.facebook.net hitcounter.servmetric.com www.google.com maps.googleapis.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com translate.googleapis.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ *.servmetric.com *.govmetric.com content.govdelivery.com https://platform.twitter.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.nwleics.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.googleapis.com maps.google.com maps.google.co.uk *.googleapis.com *.govmetric.com cdn.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com *.servmetric.com 'unsafe-inline'; img-src 'self' data: www.nwleics.gov.uk st.nwl.cgov.cuttlefish.com *.cuttlefish.com *.google-analytics.com dfsrovckda8bt.cloudfront.net cdnjs.cloudflare.com www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com translate.google.com maps-api-ssl.google.com *.twitter.com *.ytimg.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com cdn.syndication.twimg.com *.twimg.com https://*.ggpht.com *.govmetric.com *.servmetric.com content.govdelivery.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.nwleics.gov.uk st.nwl.cgov.cuttlefish.com *.google-analytics.com maps.googleapis.com translate.googleapis.com *.ingest.sentry.io hitcounter.govmetric.com https://stats.g.doubleclick.net; frame-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk st.nwl.cgov.cuttlefish.com static.addtoany.com *.twitter.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ websurveys2.govmetric.com; media-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk; frame-ancestors 'self' www.nwleics.gov.uk my.nwleics.gov.uk; child-src 'self' www.nwleics.gov.uk; manifest-src 'self' www.nwleics.gov.uk; form-action 'self' www.nwleics.gov.uk my.nwleics.gov.uk pa.nwleics.gov.uk plans.nwleics.gov.uk; report-uri https://o249831.ingest.sentry.io/api/4505674393911296/security/?sentry_key=2fe8f4bdf15c84f69e2774c37d4825ff; 1
default-src * 'self' fmlx.b-cdn.net wcmfmlx.b-cdn.net data:; script-src * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline'; script-src-attr * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline'; style-src * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline'; style-src-elem * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline'; style-src-attr * fmlx.b-cdn.net wcmfmlx.b-cdn.net 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' https://www.google.com https://www.gstatic.com 'unsafe-inline'; img-src 'self' *.teamviewer.com blob: https://st.hzcdn.com www.gravatar.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://feedbackservice.teamviewer.com https://www.google.com; 1
default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/npm/select2@4.0.13/ https://www.gstatic.com/charts/ https://cdn.jsdelivr.net/npm/@mdi/ https://unpkg.com/material-components-web@12.0.0/dist/; img-src 'self' data: https://s3.amazonaws.com/exclaim-product-images/ https://www.gstatic.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://google.com/ https://api.qrserver.com/v1/create-qr-code/ https://www.gravatar.com/avatar/ https://m.media-amazon.com/images/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/npm/@mdi/; connect-src 'self' data: https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.analytics.google.com/; media-src 'self'; child-src 'self' https://www.google.com/; frame-src https://www.google.com/; object-src 'none'; script-src 'self' https://*.googletagmanager.com/ https://cdn.jsdelivr.net/npm/select2@4.0.13/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.com/charts/ https://unpkg.com/material-components-web@12.0.0/dist/ https://unpkg.com/@webcomponents/webcomponentsjs@2.6.0/ 'nonce-e4b130631421cb349a02f933a2dc41f2184e108a'; 1
frame-src youtube.com www.youtube.com https://forms.zohopublic.com https://qcart.app smkts.qcart.app 1
script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.com https://fast.wistia.net https://*.wistia.com static.zdassets.com assets.zendesk.com https://tpc.googlesyndication.com  https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ maxcdn.bootstrapcdn.com maps.gstatic.com *.googleapis.com *.google-analytics.com; frame-ancestors 'self' bo.nlw.us.eleawave.com ;object-src 'self';base-uri 'self' 1
frame-ancestors *.umu.com 1
default-src 'self' *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src 'self' data: w3.org/svg/2000 http: https: *.amazon.com; object-src blob: ; script-src 'self' 'unsafe-inline' *.hiptraveler.com *.googleapis.com *.googletagmanager.com api.openweathermap.org *.google-analytics.com *.youtube.com *.goo.gl blob: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.hiptraveler.com; connect-src 'self' api.openweathermap.org analytics.google.com *.google-analytics.com *.doubleclick.net *.goo.gl *.hiptraveler.com; frame-src 'self' *.hiptraveler.com https://yucatan.hiptraveler.com *.youtube.com; font-src 'self' fonts.gstatic.com data: ; 1
default-src 'self' https://*.valutrades.biz https://*.valutrades.com https://*.valutrades.cc https://*.valutrades.co.uk https://*.valutrades.hk https://*.valutrades.io https://*.valutrades.sc https://*.valu-trades.com https://*.valu-cn.com https://*.valu-cn.co.uk https://*.content-uk.com https://fonts.gstatic.com https://*.googleusercontent.com https://*.google.com https://*.google.co.id https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://youtu.be https://bid.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com https://connect.facebook.net https://www.facebook.com https://*.hubspotusercontent20.net https://track.hubspot.com https://api.hubapi.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://cdn2.hubspot.net js.hs-analytics.net js.hs-banner.com *.zdassets.com *.zendesk.com static.zdassets.com *.tradingview.com *.tradingcentral.com https://metatraderweb.app https://trade.mql5.com/ *.autochartist.com *.tradays.com https://*.vidyard.com https://cdnjs.cloudflare.com https://flareapp.io https://mapi.rrusdt.com https://*.sentry.io https://*.cloudfront.net https://*.cloudflare.com; base-uri 'none'; child-src 'none'; connect-src *; font-src *; form-action *; frame-ancestors 'self' *; frame-src *; img-src * data: blob:; manifest-src *; media-src 'none'; object-src 'none'; report-to 'default'; script-src * 'unsafe-eval' 'unsafe-inline'; script-src-attr *; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src *; 1
frame-src 'self' google.com www.google.com youtube.com www.youtube.com twitter.com platform.twitter.com hotjar.com vars.hotjar.com; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-xPTNIHjVRwVU0ErYagdLAyy/WX2a99vcvacrYyDfOKvf6oiJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com; upgrade-insecure-requests; 1
default-src
			'self'
			'unsafe-eval'
			'unsafe-inline'
			*.api-empleonuevo.io
			*.cloudfront.net
			*.conekta.io
			*.doubleclick.net
			*.empleonuevo.com
			*.google-analytics.com
			*.google.com
			*.google.com.mx
			*.googleadservices.com
			*.googletagmanager.com
			*.gstatic.com
			*.hotjar.com
			*.hotjar.io
			*.opentok.com
			*.tokbox.com
			*.youtube.com
			192.241.202.202
			cdnjs.cloudflare.com
			*.empleonuevo.com
			empleonuevo.com
			wss://*.tokbox.com
			empleonuevo.sfo2.digitaloceanspaces.com
			empleonuevo.s3-us-west-1.amazonaws.com
			*.kaptcha.com
			*.facebook.com
			*.facebook.net
			wss://*.hotjar.com
		;
		img-src
			'self'
			blob:
			data:
			*.api-empleonuevo.io
			*.google-analytics.com
			*.google.com
			*.google.com.mx
			empleonuevo.sfo2.digitaloceanspaces.com
			*.empleonuevo.com
			empleonuevo.com
			*.googletagmanager.com
			googleads.g.doubleclick.net
			ssl.kaptcha.com
			*.facebook.com
			*.bolsauniversitaria.com
			empleonuevo.sfo2.cdn.digitaloceanspaces.com
		;
		style-src
			'self'
			'unsafe-inline'
			*.googleapis.com
			unpkg.com
		;
		font-src
			'self'
			data:
			fonts.gstatic.com
		;
	 1
default-src 'none'; img-src 'self' blob: data: https:; script-src 'nonce-common1705011433945001' https://*.cloudflare.com https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://www.googletagmanager.com https://www.google-analytics.com *.googleapis.com https://*.typekit.net https://*.pagescdn.com https://unpkg.com https://*.youtube.com https://*.sitescdn.net https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.hotjar.com https://*.realpropertymgt.com/ https://*.stackadapt.com https://*.cloudflareinsights.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com 'sha256-MHn/Hks0GgEc+Zilo3/Eb4becrxH9UcUIQJIN4fG5Y0=' 'sha256-i+hvj9cTZ4vQ9QjJYFHFqgdQePBilFtrn41xnl5eqFk=' 'sha256-Bl/zoZ5TJc3P4Vm9zi55j8+cpWYrEVV9lwnXcrl8DQQ=' 'sha256-FopwLmeNBiLLpVuhwJGlnpxQLfhDh2DJ1v7dX4YvYHY=' 'sha256-Drt91cQiFuKb1gDrsk3UQyE3FTyYuMQhXGniT3+AVJ8=' 'sha256-ZERf/xDbkM+tvHUQWxMbcU9w84mW32n1m7rAOlHBEoA=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-0nHBJ1JMFOfh2D7tEJmRNQrnrvshj5S7pBuWIKcMuiY=' 'sha256-xdq+Yc2dkov5X+Cy/7RBA7eN4jB0h7Qtms1yT4/wZok=' 'sha256-6wv2SoKUIA2ZFEXIu5t/wMnVntcHOaVJM1W9RNZSoCo=' 'sha256-Rax3uHwr5dPaKgcgkHEa8WlZ39lBO+YlnUUL0BGYUR4=' 'sha256-4SFsmJhKjc+kVXCeX1o0d4iFwwbYH7wpW093fd6kc94=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-H35mVd0+x+5ZLRhOnFEmVH8+M90gcNEBQ5TxKoLSyK4=' 'sha256-AtztT98yHEpKM0dVyGtb3TG+tahNOgpXBOeVBEdkSa4=' 'sha256-k0cNrleGLTb7A1yJoIyGgHaYXwFfZyvhn6nNFOhaiso=' 'sha256-04eSie37wRnmW35RNq9yluz5ioB9ywqTxe1tSziyjtM=' 'sha256-GBKQLAtuuQQkk0q2NS4YKaWI+YNdtCTvxYUIRLmH6NY=' 'sha256-uaN16cZ4MzjDslkWC8qhwWBF199Y8ruzgrLrZf1viz0=' 'sha256-GEHvDKftLeDaPBVmdzQMXBK74F3ghrvAwGMjRBIRb6c=' 'sha256-TnLEzSLcQjyfKo6bWvO072+q1gWLTma63OtqEtDzijU=' 'sha256-vMcvpZB2qLvlug/3TMCW4RppoHFQ6Tq31TaivHkkFE4=' 'sha256-MwMutdIbx5dyVOqwRSTQgFvwCUv3oTCIiuXL9g0G3Ao=' 'sha256-yJgwczxP+xkTFFqKcrIpkbF+Rkee7/06yohXCrUabGs=' 'sha256-BplHvXS5ltNlp+5KWVfNIKjbAWQ9YrBO+EReBQ7ztDw=' 'sha256-SbeVxNdKxJo1ZQI94ZW4nOQyUSEzu1muBCLMxArrZtQ=' 'sha256-PuYjllI18Vl24wupmBbWs0q/Hg6zoX2QMgZcgk4e0B4=' 'sha256-PwdJJQLBctl0SX5w7d71Yi4O5W4sT0RWo7qLWSEGW6s=' 'sha256-UEAQMtSbNbCs69PAxDRev/HtpuL5GuBlLnhtQEuE32c=' 'sha256-aDJ5Bql+RjPsQvM2jhkH/Zsvfio3OzAB4a0aMxemTeY=' 'unsafe-inline' *.nextdoor.com *.leadportal.com https://*.jsdelivr.net https://*.nblyprod.com https://*.jquery.com https://*.mailing.realpropertymgt.com 'sha256-iwTaSfB8Qg7dd2yoW+VBE+kM3gGPpfXiqqatDbKI1bI=' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com 'nonce-DATADOG_STATIC_NONCE_KEY' https://www.datadoghq-browser-agent.com 'self' 'unsafe-eval'; style-src undefined 'self' *.googleapis.com *.gmailapis.com *.jsdelivr.net *.nblydev.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.nblydev.com https://*.nblyprod.com https://*.typekit.net 'unsafe-inline'; object-src 'none'; connect-src https://*.googleapis.com https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://www.google-analytics.com https://*.demdex.net https://*.realpropertymgt.com https://*.pagescdn.com https://*.addthis.com https://*.crownpeak.net https://*.neighborly.com https://realpropertymgt.com https://liveapi-cached.yext.com https://*.hotjar.com https://*.stackadapt.com https://*.dwyergroup.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com https://*.mailing.realpropertymgt.com https://*.nblytest.com https://*.nblyprod.com wss://*.hotjar.com  https://*.browser-intake-datadoghq.com https://*.amazonaws.com https://*.googlesyndication.com typekit.net https://*.hotjar.io; font-src undefined https://*.gstatic.com *.jsdelivr.net https://*.nblydev.com https://*.nblytest.com https://*.realpropertymgt.com https://*.nblyprod.com https://*.typekit.net; frame-src https://*.gannettdigital.com https://*.omtrdc.net *.rlets.com *.reachlocalservices.com *.rlcdn.com https://*.youtube.com https://*.demdex.net https://*.addthis.com https://answers-embed.realpropertymgt.com.pagescdn.com https://*.hotjar.com/ *.google-analytics.com *.doubleclick.net *.googleadservices.com *.google.com *.co.in *.tctm.co *.en25.com https://*.facebook.net https://*.facebook.com *.nextdoor.com *.leadportal.com https://*.en25.com https://*.nblyprod.com 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-JTMCVkEmRaldhHQN+IM1AA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self' https: wss:;font-src data: https://fonts.gstatic.com https://fonts.googleapis.com;img-src 'self' blob: file: data: https:;object-src 'none';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline' https:;upgrade-insecure-requests;worker-src 'self' wss: https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com maps.googleapis.com form.lidl.com *.lidl.com lidl.media01.eu bat.bing.com analytics.google.com *.clarity.ms *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://connect.facebook.net cdn.cookielaw.org uberall.com *.uberall.com https://www.google.com https://www.gstatic.com snap.licdn.com prezero.com prezero.de prezero.pl prezero.us prezero.es optimize.google.com *.analytics.google.com *.salesviewer.org *.salesviewer.com salesviewer.org salesviewer.com *.virtualearth.net *.bing.com *.hotjar.com; img-src 'self' data: *.object.storage.eu01.onstackit.cloud maps.googleapis.com *.amazonaws.com *.google-analytics.com *.doubleclick.net cdn.cookielaw.org form.lidl.com *.lidl.com *.bing.com *.clarity.ms px.ads.linkedin.com uberall.com *.uberall.com https://s-static.ak.facebook.com *.gstatic.com *.google.de *.google.com www.googletagmanager.com www.facebook.com *.salesviewer.org *.salesviewer.com salesviewer.org salesviewer.com  *.tile.openstreetmap.org *.tiles.virtualearth.net *.bing.com *.ads.linkedin.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com form.lidl.com tagmanager.google.com *.bing.com cdn.fonts.net; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com *.uberall.com; frame-src 'self' https: 'unsafe-inline' www.youtube.com form.lidl.com https://www.facebook.com https://s-static.ak.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com uberall.com *.uberall.com https://www.google.com https://recaptcha.google.com prezero.com prezero.de prezero.pl prezero.us prezero.es; connect-src 'self' *.google.de *.google.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com *.clarity.ms form.lidl.com *.lidl.com lidl.media01.eu uberall.com *.uberall.com prezero.com prezero.de prezero.pl prezero.us prezero.es *.salesviewer.org *.salesviewer.com salesviewer.org salesviewer.com *.analytics.google.com *.openstreetmap.org https://www.bing.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.appspot.com ssgtm.prezero.nl; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.lidl.com *.google-analytics.com prezero.com prezero.de prezero.pl prezero.us prezero.es; 1
default-src * data:; style-src 'self' 'unsafe-inline'       https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css        https://www.googletagmanager.com/debug/badge.css                https://fonts.googleapis.com/icon                https://fonts.googleapis.com/css;                script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/intlTelInput.min.js       https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/utils.js                http://www.google.com       https://consent.cookiebot.com       https://consentcdn.cookiebot.com/       https://googleads.g.doubleclick.net/       https://www.google-analytics.com/                https://www.googletagmanager.com       https://fonts.googleapis.com       https://fonts.gstatic.com                https://securepubads.g.doubleclick.net                https://adservice.google.com                https://adservice.google.gr                https://www.googletagservices.com                https://tpc.googlesyndication.com       https://cdn.stat-track.com       https://snap.licdn.com       https://connect.facebook.net       https://www.clarity.ms       https://www.linkedin.com       https://www.facebook.com       https://www.gstatic.com/recaptcha/       https://www.googleadservices.com;                img-src 'self' data:       https://imgsct.cookiebot.com/1.gif?dgi=e42a80f7-d55b-4af9-b7cf-917cffb8c57d       https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png       https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/img/flags@2x.png https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/img/flags.png       https://securepubads.g.doubleclick.net       https://img.youtube.com/       https://tpc.googlesyndication.com                https://www.googletagmanager.com       https://fonts.googleapis.com       https://fonts.gstatic.com       https://pagead2.googlesyndication.com/       http://www.google.com       https://www.google.com       https://www.google.de       https://www.google.gr/       https://www.google-analytics.com/       https://consent.cookiebot.com/       https://consentcdn.cookiebot.com/                https://api.mapbox.com/       https://px.ads.linkedin.com       https://px4.ads.linkedin.com       https://www.facebook.com       https://www.googleadservices.com       https://c.clarity.ms       https://www.clarity.ms       https://c.bing.com       https://www.linkedin.com       https://googleads.g.doubleclick.net       https://www.googletagmanager.com;       worker-src 'self' blob:; 1
frame-ancestors https://*.procore.com https://*.coupadev.com https://*.coupahost.com http://*.coupacloud.com https://*.roomex.com https://*.roomexbackoffice.com 1
frame-ancestors 'self'; script-src 'self' https: *.veritran.com *.facebook.net 'unsafe-inline'; 1
frame-ancestors https://*.posylka.de 1
default-src 'self' https://*.trafficwatchni.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.trafficwatchni.com https://static.addtoany.com https://maps.googleapis.com https://*.google-analytics.com  https://maps.gstatic.com  https://ajax.googleapis.com blob: https://www.googletagmanager.com/ https://apis.google.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.trafficwatchni.com https://*.googleapis.com https://*.google-analytics.com  https://maps.gstatic.com  https://upload.wikimedia.org https://stats.g.doubleclick.net www.metoffice.gov.uk; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://*.addtoany.com; media-src 'none'; object-src 'self' blob:; child-src 'self' https://static.addtoany.com https://maps.googleapis.com https://*.google-analytics.com  https://maps.gstatic.com https://content.googleapis.com https://www.googletagmanager.com; frame-src 'self' https://cctv.trafficwatchni.com https://static.addtoany.com; worker-src 'none' 1
frame-ancestors www.nma.art buy.nma.art; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' http://maps.google.com 'unsafe-inline' https://ssl.google-analytics.com https://www.google.com https://a.vimeocdn.com https://fonts.googleapis.com https://www.gstatic.com ; img-src 'self' http://maps.gstatic.com http://*.googleapis.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com ; connect-src 'self' ; frame-ancestors 'self' ; base-uri 'self' ; form-action 'self' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; style-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline' ; object-src 'none' 1
frame-src 'self' http://postalytics-customprebuilttemplates.s3.amazonaws.com/ https://postalytics-customprebuilttemplates.s3.amazonaws.com/ http://postalytics-pdfs.s3.amazonaws.com/ https://postalytics-pdfs.s3.amazonaws.com/ http://www.postalytics.com/ https://www.postalytics.com/ https://js.stripe.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://lob-assets.com https://ct.pinterest.com/ https://risemarketing.rise-crm.com https://go.rise-crm.com https://*.gohighlevel.com https://s3.amazonaws.com/postalytics.webapp.pdf/; frame-ancestors 'self' http://p.ostal.us/ https://p.ostal.us/ https://*.postaladmin.com/ http://*.postaladmin.com/ http://vintory.com/ https://vintory.com/ http://vintory.vintory.com/ https://vintory.vintory.com/ http://vintory.casagrow.io/ https://vintory.casagrow.io/ http://designstudio.vintory.com/ https://designstudio.vintory.com/ http://app.vintory.com/ https://app.vintory.com/ http://churchstamp.com/ https://churchstamp.com/ http://app.churchstamp.com/ https://app.churchstamp.com/ http://*.tls.care/ https://*.tls.care/ http://*.heatingdemo.com/ https://*.heatingdemo.com/ http://*.waterheaterplan.com/ https://*.waterheaterplan.com/ http://*.whytradepmr.com/ https://*.whytradepmr.com/ https://*.tryhomebuyer.com/ http://*.tryhomebuyer.com/ https://js.stripe.com/ http://localhost:49995 http://*.thisisadomaintest2.com/ https://*.thisisadomaintest2.com/ http://data.vintory.com/ https://data.vintory.com/ http://*.vintory.com/ https://*.vintory.com/ http://app.casagrow.io/ https://app.casagrow.io/ http://design.casagrow.io/ https://design.casagrow.io/ https://risemarketing.rise-crm.com https://go.rise-crm.com https://*.gohighlevel.com https://s3.amazonaws.com/postalytics.webapp.pdf/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typeform.com fonts.bunny.net *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleadservices.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com wp-rocket.me *.wp-rocket.me *.wistia.com *.helpscout.net *.litix.io 1
default-src 'self' *.google-analytics.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.datatables.net recruitingbypaycor.com cdnjs.cloudflare.com youtube.com *.vimeo.com app.five9.com *.luxsci.com siteimproveanalytics.com *.siteimproveanalytics.com *.vo.msecnd.net www.youtube.com *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net snap.licdn.com js.hsforms.net web-chat.nativechat.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.datatables.net youtube.com *.vimeo.com app.five9.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placehold.it *.global.siteimproveanalytics.io app.five9.com px.ads.linkedin.com *.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.recruitingbypaycor.com recruitingbypaycor.com *.youtube.com player.vimeo.com *.google.com *.luxsci.com apply.indeed.com app.five9.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://amwins-portal-api.azurewebsites.net https://app-amwinsportalapi-dev-uat.azurewebsites.net https://app-amwinsportalui-dev-uat.azurewebsites.net https://portal.amwins.com *.google-analytics.com nia-carrierstatesapi-app.azurewebsites.net *.services.visualstudio.com https://app-clportal-api.azurewebsites.net *.fullstory.com *.hscollectedforms.net forms.hsforms.com px.ads.linkedin.com; media-src 'self' data: blob: youtube.com player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; object-src *.google-analytics.com 'self' 1
frame-ancestors 'self' https://manage.fenderbender.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
worker-src 'self'; frame-ancestors 'self'; 1
base-uri 'none'; block-all-mixed-content; connect-src 'self' *.google-analytics.com maps.googleapis.com smallbusinesssaturdayuk.com *.stripe.com videodelivery.net; default-src 'none'; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.facebook.com *.twitter.com; frame-ancestors none; frame-src 'self' accounts.google.com customer-ca1n3a2ksbdwtz30.cloudflarestream.com *.facebook.com *.stripe.com *.travelsmarter.net *.twitter.com player.vimeo.com *.youtube.com; img-src 'self' data: small-business-saturday.s3-eu-west-1.amazonaws.com *.blogspot.com *.etsystatic.com *.facebook.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.stripe.com *.tripadvisor.com *.twimg.com *.twitter.com videodelivery.net *.videodelivery.net *.vimeocdn.com smallbusinesssaturdayuk.blob.core.windows.net *.ytimg.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'nonce-S2VuTWNDYWxsdW1DU1BOb25jZQ==' blob: *.addthis.com apis.google.com *.facebook.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.jscache.com *.stripe.com *.tacdn.com *.tripadvisor.com *.twitter.com *.twimg.com *.videodelivery.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.myfonts.net *.tacdn.com *.twimg.com *.twitter.com; upgrade-insecure-requests 1
default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net   *.azureedge.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net  *.azureedge.net data:;font-src 'self' *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com  data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com data:;frame-src 'self' 'unsafe-inline' *.gstatic.com  *.google.com  *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com  ; 1
img-src 'self' 'https://fonts.googleapis.com' 'https://maxcdn.bootstrapcdn.com' 'https://www.googletagmanager.com' data: 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.googletagmanager.com;connect-src *;img-src *;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com cdn.hotdices.net;frame-ancestors https://apps.facebook.com 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.hotdiamonds.co.uk; base-uri 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://netgamers.it/logs/ https://netgamers.it/sidekiq/ https://netgamers.it/mini-profiler-resources/ https://netgamers.it/assets/ https://netgamers.it/extra-locales/ https://netgamers.it/highlight-js/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/ https://netgamers.it/theme-javascripts/ https://netgamers.it/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://analytics.netgamers.it:2053 https://platform.twitter.com/; worker-src 'self' https://netgamers.it/assets/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-hXcurSA9dfUjX95W' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; img-src 'self' data: https://cdn.hashnode.com https://googleads.g.doubleclick.net https://track.hubspot.com https://forms.hsforms.com https://*.ads.linkedin.com https://px.ads.linkedin.com https://www.google.com https://www.facebook.com https://widget.squid.cloud; frame-src 'self' https://www.google.com https://td.doubleclick.net https://app.netlify.com https://calendly.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; script-src 'self' 'unsafe-inline' https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.gstatic.com https://js.hs-scripts.com https://connect.facebook.net https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://google.com https://www.google.com https://netlify-cdp-loader.netlify.app https://cdn.segment.com https://www.googletagmanager.com https://widget.squid.cloud; style-src 'self' 'unsafe-inline' https://unpkg.com https://p.typekit.net https://widget.squid.cloud https://fonts.googleapis.com; connect-src 'self' https://forms.hscollectedforms.net https://px.ads.linkedin.com https://stats.g.doubleclick.net https://google.com https://www.google.com https://analytics.google.com wss://*.squid.cloud https://*.squid.cloud https://api.segment.io https://cdn.segment.com https://www.google-analytics.com 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms  *.xlovecam.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com *.xlovecam.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms  *.xlovecam.com; report-uri /err0r/js?ts=1705978932; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
child-src 'self' *.adsrvr.org *.brandcdn.com *.cloudfront.net *.google.com; connect-src 'self' *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.linkedin.com; default-src 'self'; font-src 'self' data: *.fontawesome.com *.gstatic.com; img-src 'self' data: *.adsrvr.org alpixtrack.com *.brandcdn.com *.demdex.net *.facebook.com *.google-analytics.com *.google.com *.gstatic.com *.semasio.net *.wp.com *.mdhv.io *.linkedin.com *.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.brandcdn.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.wp.com *.licdn.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.myfonts.net; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-l60U55qe9GvGq3WDuQp0HjFw5A5fF8C5Do2x68pJZUlHrFNk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src 'self' data: *.usercentrics.eu maps.googleapis.com www.facebook.com www.youtube.com www.google.com google.com *.google.com www.google.de google.de *.google.de rtclauncher.luware.com rtclauncherapi.luware.com maps.gstatic.com *.ressourcenmangel.de ressourcenmangel.de *.google-analytics.com google-analytics.com maps.google.com *.googletagmanager.com googletagmanager.com googleadservices.com googleusercontent.com *.etracker.com etracker.com *.etracker.de etracker.de stats.g.doubleclick.net *.bing.com *.clarity.ms uct.service.usercentrics.eu *.usercentrics.eu; script-src 'self' *.usercentrics.eu tagmanager.google.com www.google.de www.youtube.com *.ytimg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' www.facebook.com connect.facebook.net www.google.com rtclauncher.luware.com maps.gstatic.com *.freegeoip.net freegeoip.net *.googletagmanager.com googletagmanager.com *.etracker.com etracker.com *.etracker.de etracker.de maps.googleapis.com maps.google.com *.google-analytics.com google-analytics.com *.googleoptimize.com *.googleadservices.com *.gstatic.com gstatic.com news.sdk.de bat.bing.com *.clarity.ms *.usercentrics.eu 1
default-src 'none'; script-src 'self' 'nonce-a745OjL45c' https://matomo.3douest.com; connect-src 'self' https://api-utils.3douest.com https://matomo.3douest.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; img-src 'self' data: https://matomo.3douest.com https://connect1.3douest.com https://connectdev.3douest.com; frame-src https://matomo.3douest.com https://map.3douest.com https://www.youtube.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self' 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vkg.nl https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://s.hstatic.nl https://*.cookiebot.com/;style-src 'self' 'unsafe-inline' https://vkg.nl https://code.jquery.com/;img-src 'self' https://vkg.nl https://ps.w.org/ https://secure.gravatar.com/ https://s.w.org/ https://www.google-analytics.com/ data: https://imgsct.cookiebot.com/;font-src 'self' https://vkg.nl data:;frame-src https://www.google.com/ https://9d312d01-12f2-4c1e-9d1c-8791b2265b2f.tools.hypotheekbond.nl/ https://consentcdn.cookiebot.com/ https://www.youtube.com/;manifest-src 'self';frame-ancestors 'none';base-uri 'none';form-action 'self' https://extranet2.vkg.com/ https://www.vkg.com; connect-src 'self' https://www.google-analytics.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://consentcdn.cookiebot.com/ https://www.google.nl/; 1
default-src 'self'; 	style-src 'self' *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.leadfamly.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.live2support.com/ *.bootstrapcdn.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.asksid.ai/ *.danone-dtc.net/ *.sentry.io/ 'unsafe-inline'; 	script-src 'self' *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ https://live2support.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.asksid.ai/ *.danone-dtc.net/ blob: 'unsafe-inline' 'unsafe-eval'; 	img-src 'self' data: *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.digital4danone.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.live2support.com/ *.doubleclick.net/ *.google-analytics.com/ *.danone.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.facebook.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.youtube.com/ *.asksid.ai/ *.danone-dtc.net/; 	frame-src 'self' *.tohklom.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.live2support.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.google-analytics.com/ *.analytics.google.com/ *.google.com/ *.googletagmanager.com/ *.cloudfront.net/ *.asksid.ai/ *.danone-dtc.net/; 	connect-src 'self' *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.digital4danone.com/ *.commander1.com/ *.trustcommander.net/ *.live2support.com/ *.addthis.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.sharethis.com/ *.doubleclick.net/ *.asksid.ai/ *.danone-dtc.net/ *.commercetools.com/ *.botframework.com/ wss://*.botframework.com *.sentry.io/; 	font-src 'self' data: *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/  *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.live2support.com/ *.gstatic.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ https://vjs.zencdn.net/ *.danone-dtc.net/; 	media-src 'self' *.scene7.com/ https://where-to-buy.co/ *.dotdigital.com/ https://digitaalpubliceren.com https://open.spotify.com https://danone-benelux.campaign.playable.com/ *.scene7.com/ *.salesforce-sites.com/ *.gstatic.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.dotdigital.com/ *.leadfamly.com/ *.asksid.ai/ *.danone-dtc.net/ *.hotjar.com/ *.youtube.com/ *.vimeo.com/ *.clarity.ms/ *.trackedweb.net/ *.getflowbox.com/ https://where-to-buy.co/ https://nutricianl.usermd.net https://be.nutricianl.usermd.net https://static.trackedweb.net/js/_dmptv4.js *.leadfamly.com/ *.salesforce-sites.com/ *.gstatic.com/ *.vimeo.com/ *.azure.com/ *.trustcommander.net/ *.services.visualstudio.com/ *.postcodeanywhere.co.uk/ *.channelsight.com/ *.danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.digital4danone.com/ blob: 1
frame-ancestors 'self' https://chocoleite-se.webflow.io/ https://chocolatesnestle.com.br/ https://www.chocolatesnestle.com.br/ https://meeg.app/; report-uri https://www.euqueronestle.com.br/report-uri/enforce 1
frame-ancestors 'self' *.myguardiangroup.com *.myggonline.app;default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob: ws: filesystem: about: *.myggonline.app *.myguardiangroup.com 1
default-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/  ; base-uri https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/  ; frame-ancestors https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/  ; style-src 'unsafe-inline' https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ https://api.addressfinder.io https://tagmanager.google.com https://optimize.google.com https://www.google.com https://www.google.co.nz/ads/ga-audiences ; script-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ 'unsafe-inline' https://api.addressfinder.io https://www.googletagmanager.com https://fonts.googleapis.com https://*.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://staticcdn.co.nz/embed/embed.js 'unsafe-eval' ; img-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ http://www.govt.nz 'self' data: https://*.google-analytics.com https://*.swagger.io https://optimize.google.com https://staticcdn.co.nz/embed/ ; font-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ https://fonts.gstatic.com ; object-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/  ; frame-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ http://www.govt.nz 'self' data: https://*.youtube-nocookie.com https://*.youtube.com https://optimize.google.com https://www.googletagmanager.com/ns.html https://www.google.com/ https://player.vimeo.com https://staticcdn.co.nz/ ; child-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ https://*.youtube-nocookie.com https://*.youtube.com https://optimize.google.com https://www.googletagmanager.com/ns.html ; connect-src https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ https://api.addressfinder.io https://www.google-analytics.com/ https://stats.g.doubleclick.net ; form-action https://www.govt.nz https://*.cwp.govt.nz https://www.govt.nz/ http://www.govt.nz 'self' ; report-uri ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.google.com https://*.googletagmanager.com https://tagmanager.google.com https://*.intercom.io https://*.intercomcdn.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://*.gstatic.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://optimize.google.com https://*.twitter.com https://*.twimg.com https://conduit.mailchimpapp.com https://chimpstatic.com https://*.cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://*.fontawesome.com https://*.klaviyo.com https://*.luckyorange.net https://*.luckyorange.com https://*.stripe.com https://www.facebook.com https://*.civiccomputing.com; img-src 'self' https://*.bigcommerce.com data: https://analytics.google.com https://*.analytics.google.com https://www.youtube.com https://store.jdpipes.co.uk https://*.google-analytics.com https://www.googletagmanager.com https://*.google.co.uk https://s-static.ak.facebook.com https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://*.intercomcdn.com https://*.intercomassets.com https://*.twitter.com https://*.twimg.com https://*.klaviyo.com https://d10lpsik1i8c69.cloudfront.net https://d3k81ch9hvuctc.cloudfront.net https://www.facebook.com https://*.civiccomputing.com; style-src 'self' 'unsafe-inline' https://store.jdpipes.co.uk https://analytics.google.com https://tagmanager.google.com https://www.youtube.com https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://*.fontawesome.com https://*.twitter.com https://*.twimg.com https://d10lpsik1i8c69.cloudfront.net https://*.civiccomputing.com https://*.klaviyo.com; font-src 'self' https://store.jdpipes.co.uk https://analytics.google.com https://*.intercomcdn.com https://*.gstatic.com https://*.fontawesome.com https://cdnjs.cloudflare.com https://s3.amazonaws.com https://*.civiccomputing.com; frame-src 'self' https://analytics.google.com https://www.google.com/recaptcha/ https://optimize.google.com https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://*.twitter.com https://*.stripe.com https://*.civiccomputing.com; object-src 'self' blob:; media-src 'self' https://*.intercomcdn.com https://d10lpsik1i8c69.cloudfront.net; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.intercom.io https://*.intercomcdn.com https://*.klaviyo.com wss://*.intercom.io https://www.youtube.com https://*.google-analytics.com https://pubsub.googleapis.com https://*.luckyorange.net https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.doubleclick.net https://*.civiccomputing.com blob:; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c7212766808476bb68159b7db203203a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-5d32d49f29329627f1889010171a2c53'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://spacey.space; img-src 'self' https: data: blob: https://spacey.space; style-src 'self' https://spacey.space 'nonce-bzJMu6UVkZEFpQM6LbfRZQ=='; media-src 'self' https: data: https://spacey.space; frame-src 'self' https:; manifest-src 'self' https://spacey.space; form-action 'self'; child-src 'self' blob: https://spacey.space; worker-src 'self' blob: https://spacey.space; connect-src 'self' data: blob: https://spacey.space https://cdn.masto.host wss://spacey.space; script-src 'self' https://spacey.space 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com *.gstatic.com *.afterpay.com *.facebook.net *.bing.com *.pdst.fm *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-script.js https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/resources/amplitude/amplitude-injector.js *.wisepops.com *.cfjump.com *.turn.com *.creativecdn.com *.adairs.com.au *.adairs.co.nz *.hotjar.com  *.jquery.com *.cloudfront.net *.pinimg.com  *.igodigital.com *.inside-graph.com foursixty.com *.paypal.com *.msecnd.net *.googletagmanager.com *.yieldify.com *.google.com *.google-analytics.com *.criteo.net *.criteo.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.igodigital.com *.googletagmanager.com *.inside-graph.com *.zipmoney.com.au foursixty.com; font-src 'self' data: *.typekit.net *.gstatic.com *.zipmoney.com.au  *.yieldify-production.com; img-src 'self' data: *; connect-src 'self' vimeo.com *.yieldify.com *.yieldify-production.com wss://*.yieldify-production.com yieldify.connectorengine.com *.pinterest.com *.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.wisepops.com *.google-analytics.com *.googleapis.com maps.googleapis.com *.braintree-api.com  *.braintreegateway.com *.turn.com *.cloudfunctions.net *.amplitude.com *.visualstudio.com *.paypal.com *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-au.html *.afterpay.com wss://stellar-live.inside-graph.com *.inside-graph.com *.doubleclick.net *.inside-graph.com foursixty.com; frame-src 'self' *.google.com adairsmaintenance.s3.ap-southeast-2.amazonaws.com *.exacttarget.com *.flipsnack.com  *.creativecdn.com *.hotjar.com *.youtube.com *.sfmc-content.com *.criteo.com *.myunidays.com *.criteo.net *.yieldify.com *.braintreegateway.com *.paypal.com *.zipmoney.com.au *.optimizely.com *.vimeo.com *.pinterest.com *.zip.co zip.co; worker-src blob:; 1
script-src 'nonce-ANsRszwa51VNGS4GQbXy5CkzdS4qLhVzpmgQPxSizVE=' 'strict-dynamic'; img-src 'self' data:; child-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com 'self' data: fonts.googleapis.com footer.mars.com local.mivetshop.com mcstaging.mivetshop.com.ar www.mivetshop.com.ar assets.adobedtm.com data:; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com mldp.mercadopago.com www.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: cdn.cookielaw.org dev.gtm.southwatts.com www.mercadolivre.com www.mercadopago.com.ar *.google.com www.google.com.ar storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mlstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com http2.mlstatic.com secure.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com *.gstatic.com cdn.cookielaw.org *.mars.com rcdfcdn.mars.com footer.mars.com cookies-data.onetrust.io geolocation.onetrust.com *.google-analytics.com local.mivetshop.com mcstaging.mivetshop.com.ar www.mivetshop.com.ar web-sdk.aptrinsic.com esp-m.aptrinsic.com cm.everesttech.net dpm.demdex.net https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co unsafe-inline *.googleapis.com *.gstatic.com footer.mars.com web-sdk.aptrinsic.com esp-m.aptrinsic.com assets.adobedtm.com 'self' 'unsafe-inline'; object-src footer.mars.com rcdfcdn.mars.com cdn.cookielaw.org secure.mlstatic.com cookies-data.onetrust.io web-sdk.aptrinsic.com esp-m.aptrinsic.com local.mivetshop.com mcstaging.mivetshop.com.ar www.mivetshop.com.ar bam.nr-data.net js-agent.newrelic.com amcglobal.sc.omtrdc.net cm.everesttech.net dpm.demdex.net assets.adobedtm.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobedtm.com commerce.adobedc.net commerce.adobe.io *.mercadopago.com api.comapi.com bam.nr-data.net api.mercadopago.com events.mercadopago.com www.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com cdn.cookielaw.org rcdfcdn.mars.com footer.mars.com cookies-data.onetrust.io geolocation.onetrust.com dev.gtm.southwatts.com secure.mlstatic.com maps.googleapis.com www.mercadolivre.com www.mercadopago.com.ar *.google.com stats.g.doubleclick.net www.google.com.ar accounts.google.com fonts.googleapis.com local.mivetshop.com mcstaging.mivetshop.com.ar www.mivetshop.com.ar web-sdk.aptrinsic.com esp-m.aptrinsic.com js-agent.newrelic.com cm.everesttech.net assets.adobedtm.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com *.nr-data.net *.newrelic.com *.googleapis.com; img-src 'self' *.development.gedak.de data: maps.google.com maps.gstatic.com *.googleapis.com *.ggpht *.amazonaws.com; object-src 'self' 1
script-src 'self' framasoft.org stats.framasoft.org; connect-src 'self' framasoft.org api.gfycat.com wss://framateam.org; style-src 'self' framasoft.org 'unsafe-inline' 1
base-uri 'self';default-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443 www.google-analytics.com data: blob: www.vmathlive.com vml.voyagersopris.com vmathlive.com gpb.vmathlive.com gpa.vmathlive.com gmfb.vmathlive.com gmfa.vmathlive.com gmb.vmathlive.com gma.vmathlive.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443; 1
default-src 'none';frame-ancestors 'none';base-uri 'self';connect-src 'self' www.google.com wss://*.tcsys.org:7443 https://*.googleapis.com;form-action 'self';img-src 'self' data:;media-src 'self';object-src 'none';script-src 'self' www.google.com www.gstatic.com 'nonce-YajnOiwkyaHPY3XLV4V0KTha2hTbyq8A';style-src 'self' fonts.googleapis.com use.fontawesome.com 'nonce-YajnOiwkyaHPY3XLV4V0KTha2hTbyq8A';font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com;frame-src 'self' www.google.com;manifest-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gruene.social; img-src 'self' https: data: blob: https://gruene.social; style-src 'self' https://gruene.social 'nonce-zZBLEhcfuZxM4XnJloO+Cw=='; media-src 'self' https: data: https://gruene.social; frame-src 'self' https:; manifest-src 'self' https://gruene.social; form-action 'self'; child-src 'self' blob: https://gruene.social; worker-src 'self' blob: https://gruene.social; connect-src 'self' data: blob: https://gruene.social https://gruene.social wss://gruene.social; script-src 'self' https://gruene.social 'wasm-unsafe-eval' 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://az416426.vo.msecnd.net/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://identityserver.local:44301/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Z5SxwvRj+UNJSOuZduo9hcr7J1y+0Rp/XE05kVWR68/kWzp6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
default-src 'self' data: https://www.rapidscansecure.com https://p.typekit.net https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://code.jquery.com http://ajax.aspnetcdn.com https://use.typekit.net https://www.rapidscansecure.com https://f.vimeocdn.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; child-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com http://hello.myfonts.net https://fonts.googleapis.com; font-src 'self' https://use.typekit.net http://hello.myfonts.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' http://player.vimeo.com https://www.google.com https://secure.goemerchant.com 1
default-src 'self' data: *.isc.ac http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-47K5ZugOM4LtFlBUolYC1nTsspFZUb3tsyxQWbKtLfV574Fe' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';      connect-src 'self'      analytics.google.com/      maps.googleapis.com/      *.greenhouse.io/      cdn.linkedin.oribi.io/      *.fontawesome.com/      www.google-analytics.com/      stats.g.doubleclick.net/j/      *.addthis.com/      *.disquscdn.com/      disqus.com/      *.disqus.com/      *.hotjar.com/      wss://ws3.hotjar.com/api/;      font-src 'self' data:      *.fontawesome.com/      *.typekit.net/      fonts.googleapis.com/      maxcdn.bootstrapcdn.com/      fonts.gstatic.com/      *.disquscdn.com/;      frame-src 'self'       *.vimeo.com/      *.greenhouse.io/      *.surveymonkey.com/      www.googletagmanager.com/      www.google.com/recaptcha/      www.facebook.com/tr/      *.addthis.com/      disqus.com/      *.disqus.com/      *.hotjar.com/;      child-src www.youtube.com/;      img-src 'self' data: blob:      *.adsymptotic.com/      *.ads.linkedin.com/      www.facebook.com/      analytics.google.com/      www.google-analytics.com/      stats.g.doubleclick.net/r/      www.google.com/ads/      maps.gstatic.com/mapfiles/      maps.googleapis.com/      dashboard.umbraco.org/      umbraco.tv/      cdn.viglink.com/      *.disqus.com/      *.addthis.com/      sync.crwdcntrl.net/map/      tags.rd.linksynergy.com/      ps.eyeota.net/;      media-src 'self';      object-src 'none';      script-src 'self' 'unsafe-inline' 'unsafe-eval'      maxcdn.bootstrapcdn.com/      *.greenhouse.io/      code.jquery.com/      api.mapbox.com/      cdnjs.cloudflare.com/      unpkg.com/      *.fontawesome.com/      www.gstatic.com/recaptcha/      www.google.com/recaptcha/      analytics.google.com/      maps.googleapis.com/      marathonconsulting.atlassian.net/      www.googletagmanager.com/      www.google-analytics.com/      *.addthis.com/      *.addthisedge.com/      snap.licdn.com/      connect.facebook.net/      px.ads.linkedin.com/collect/      disqus.com/      *.disqus.com/      *.disquscdn.com/      www.linkedin.com/      *.hotjar.com/;      style-src 'self' 'unsafe-inline'      *.typekit.net/      cdnjs.cloudflare.com/      api.mapbox.com/      fonts.googleapis.com/      maxcdn.bootstrapcdn.com/      *.disquscdn.com/; 1
default-src 'none' ; style-src 'self' 'sha256-Avl+ScT4jGeaW8pHTDv8KcMb1I0qxEWb3YqO3l3VQ2g='; object-src 'self'; script-src 'self' https://feedback-ws.guichet-entreprises.fr; form-action 'self'; base-uri 'self'; connect-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none' 1
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src 'self' https: data:; img-src https: blob: data:; frame-ancestors *.wisefax.com *.scanwritr.com *.vanaia.com *.googleusercontent.com *.google.com *.dropbox.com *.box.com *.sharepoint.com *.live.com; 1
frame-ancestors 'self' https://paymate.be https://www.paymate.be; upgrade-insecure-requests 1
default-src 'self' http: https: *.google-analytics.com *.gstatic.com *.cookiefirst.com *.atlanticayield.com *.atlantica.com *.googleapis.com *.eurolandir.com;style-src 'unsafe-inline' *.atlanticayield.com *.atlantica.com *.googleapis.com *.cookiefirst.com;script-src 'unsafe-inline' 'unsafe-eval' *.atlanticayield.com *.atlantica.com *.cookiefirst.com *.google-analytics.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob:; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7q7kt81iqu602&partner=; 1
frame-ancestors 'self' http://www.philips.bg *.philips.com *.philips.bg https://philipsigtdpv.com 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://documentcloud.adobe.com https://documentservices.adobe.com https://*.hotjar.com/ *.googletagmanager.com https://maps.googleapis.com https://storage.googleapis.com localhost:*/* https://labs.pathfix.com https://ajax.googleapis.com https://js.pusher.com https://ajax.aspnetcdn.com https://kit.fontawesome.com https://cdn.jsdelivr.net/npm/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://storage.googleapis.com https://*.hotjar.com https://kit.fontawesome.com https://code.ionicframework.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/ https://documentservices.adobe.com;img-src * data: blob: filesystem: *.google-analytics.com *.googletagmanager.com https://*.hotjar.com;media-src 'self' blob: https://s3.amazonaws.com/assets.prod.render.nz/meta/render.nz/ https://s3.amazonaws.com/videos.prod.render.nz/ https://api-v1.prod.render.nz https://api-v1.dev.render.nz https://videos.prod.render.nz https://videos.render.nz https://spw-data.autoplay.co.nz https://data.autoplay.co.nz https://data.autoplayauto.com https://s3-ap-southeast-2.amazonaws.com https://s3-eu-west-2.amazonaws.com;frame-src 'self' blob: https://autoplay-reports.s3.ap-southeast-2.amazonaws.com https://documentcloud.adobe.com https://documentservices.adobe.com https://view.officeapps.live.com https://*.hotjar.com https://docs.google.com https://spw-data.autoplay.co.nz https://data.autoplay.co.nz https://data.autoplayauto.com https://ss-qrcodes.s3-ap-southeast-2.amazonaws.com;font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com https://*.hotjar.com https://code.ionicframework.com https://cdnjs.cloudflare.com;connect-src 'self' https://viewlicense.adobe.io/viewsdklicense/jwt https://spw-data.autoplay.co.nz https://data.autoplay.co.nz https://data.autoplayauto.com https://data.aptest.co.nz https://api.raygun.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://api.siliconlens.com.au https://labs.pathfix.com https://storage.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://ka-p.fontawesome.com https://autoplay-reports.s3.ap-southeast-2.amazonaws.com wss://ws-us2.pusher.com https://kit.fontawesome.com;frame-ancestors 'self' *;report-uri https://report-to-api.raygun.com/reports-csp?apikey=FX08alDhP0tTw8G2Rd7PA 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.odmsoft.com *.cloudflare.com *.googleapis.com *.gstatic.com; img-src https: data:; media-src https:; font-src https: data: 1
frame-ancestors 'self' https://books.wizdi.school https://library.wizdi.school/ 1
frame-ancestors https://koora-live.tv 1
default-src *; script-src-elem * 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' data:; 1
script-src 'self' 'unsafe-inline' wss: https: data: 'unsafe-inline' 'unsafe-eval';worker-src 'self' 'unsafe-inline' * blob: 1
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' wss://*.highmark.com https://*.highmark.com https://*.hmhs.com https://maps.googleapis.com https://www.google-analytics.com https://identitytoolkit.googleapis.com https://siteintercept.qualtrics.com https://*.allmyhealth.com; 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com https://ik.imagekit.io/ https://cdn.snipcart.com https://q.stripe.com https://via.placeholder.com https://img.youtube.com https://i.ytimg.com/ https://placeimg.com/ https://img.thedesignfactory.co.uk/ https://maps.gstatic.com https://embed.widgetpack.com https://*.ggpht.com https://www.facebook.com/ https://cdn.pixabay.com https://*.giphy.com/ https://*.unsplash.com https://*.pexels.com https://ucarecdn.com https://cdn.datatables.net https://cdn-7.com https://loremflickr.com/ http://static.filestackapi.com https://static.filestackapi.com https://cdn.filestackcontent.com/ https://f004.backblazeb2.com/ https://caffe-concerto.s3.us-west-004.backblazeb2.com/ https://2.donedone.com/ https://s3.amazonaws.com/ https://track.mailerlite.com/ https://www.filepicker.io https://maps.googleapis.com/ https://cajjhieqsa.cloudimg.io/ CloudImage https://f004.backblazeb2.com/ https://cdn.scaleflex.it https://*.elfsightcdn.com https://picsum.photos https://*.picsum.photos http://www.pepes.co.uk/ https://www.google.com https://www.google.co.uk https://www.google.com.pk https://cdn2.fouita.com https://cdn.fouita.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com https://donorbox.org https://www.paypalobjects.com https://www.paypal.com https://cdnjs.cloudflare.com https://js.stripe.com/v2/ https://stackpath.bootstrapcdn.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://embed.widgetpack.com https://app.widgetpack.com https://connect.facebook.net http://www.dynamicnumbers.mediahawk.co.uk https://www.dynamicnumbers.mediahawk.co.uk https://postcodes.io https://pi-test.sagepay.com https://ucarecdn.com/ https://cdn.datatables.net https://www.google-analytics.com https://maps.googleapis.com http://static.filestackapi.com https://static.filestackapi.com https://js.stripe.com http://cdn.jsdelivr.net/ https://js.stripe.com/v3/ https://svc.webspellchecker.net https://static.mailerlite.com https://www.gstatic.com https://cdn.snipcart.com https://cdn.scaleflex.it https://www.youtube.com https://*.livechatinc.com https://www.sevenrooms.com https://videos.sproutvideo.com https://maps.google.co.uk https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ https://*.cloudfront.net/ http://www.pepes.co.uk/ https://googleads.g.doubleclick.net/ https://cdn.fouita.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://pro.fontawesome.com https://cdn.jsdelivr.net https://kit-pro.fontawesome.com https://use.typekit.net/ https://p.typekit.net https://embed.widgetpack.com/ https://cdn.datatables.net https://static.filestackapi.com http://cdn.jsdelivr.net https://static.mailerlite.com/ https://fonts.mailerlite.com/ https://www.gstatic.com https://cdn.snipcart.com https://cdn.scaleflex.it https://www.sevenrooms.com http://www.pepes.co.uk/ https://cdn.fouita.com https://cdn2.fouita.com; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://donorbox.org/ https://js.stripe.com/ https://widgets.reputation.com/ https://js.stripe.com/ https://social.uploadcare.com https://cdn.filestackcontent.com/ https://f004.backblazeb2.com https://f004.backblazeb2.com https://www.google.co.uk/ https://*.livechatinc.com/ https://*.snipcart.com/ https://www.sevenrooms.com https://videos.sproutvideo.com/ https://maps.google.co.uk/ https://snazzymaps.com/ http://www.pepes.co.uk/ https://td.doubleclick.net; connect-src 'self' blob: https://api.github.com https://app.snipcart.com https://widgets.reputation.com/ http://www.dynamicnumbers.mediahawk.co.uk https://www.dynamicnumbers.mediahawk.co.uk https://pixabay.com/ https://api.giphy.com/ https://api.unsplash.com https://api.pexels.com https://images.weserv.nl https://api.microlink.io/ https://ws.postcoder.com/ https://postcodes.io https://upload.uploadcare.com ws://ws.pusherapp.com/ https://www.google-analytics.com https://maps.googleapis.com https://ka-p.fontawesome.com https://uploadcare.s3-accelerate.amazonaws.com/ https://upload.filestackapi.com https://cloud.filestackapi.com https://upload-eu-west-1.filestackapi.com/ https://filestack-uploads-persist-production.s3.amazonaws.com https://svc.webspellchecker.net https://*.filestackapi.com/ https://f004.backblazeb2.com/ https://greencocalab1.s3.us-west-000.backblazeb2.com/ https://www.filepicker.io https://api.livechatinc.com/ https://*.snipcart.com/ https://www.sevenrooms.com https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ http://www.pepes.co.uk/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://api.fouita.com https://apps.elfsight.com; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com https://kit-free.fontawesome.com/ https://kit-pro.fontawesome.com https://use.typekit.net/ https://cdn.jsdelivr.net https://ka-p.fontawesome.com http://www.emmabigfestiverest.co.uk/ https://cdnjs.cloudflare.com/ http://static.filestackapi.com https://static.filestackapi.com https://fonts.mailerlite.com/ https://cdn.snipcart.com http://www.pepes.co.uk/; media-src 'self' http://www.printset.co.uk.php73-40.lan3-1.websitetestlink.com/ https://f004.backblazeb2.com https://digimax-x01xo61.vids.io https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ http://www.pepes.co.uk/; object-src 'self' 1
object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://info.smartm.com https://pi.pardot.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://snap.licdn.com 1
default-src 'self' data:; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com ssl.streampartner.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.strozu.com *.readspeaker.com *.speechstream.net; script-src 'self' 'nonce-OWMzNmJiMGItMzFiOS00M2NhLThkNzYtNzgzMWI2N2YxNzY2' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com blob: 'unsafe-inline'; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-OWMzNmJiMGItMzFiOS00M2NhLThkNzYtNzgzMWI2N2YxNzY2' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'none'; img-src * data:; script-src 'nonce-searchG2NEI638415758252999797' 'nonce-datadogNEIScript_70001638415758252999807' 'nonce-gtmNEIScript_70001638415758252999809' 'nonce-LoadScriptJS_STATIC_NONCE_KEY638415758252999810' 'nonce-LoadScript_STATIC_NONCE_KEY638415758252999813' 'self' 'unsafe-eval' 'nonce-LoadFlowbiteScript_STATIC_NONCE_KEY638394109598672226' 'nonce-gtmNEIScript_70001638332442437105913' https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.web-2-tel.com https://*.mrelectric.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com; object-src 'none'; connect-src auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.natpal.com https://*.linkedin.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com; manifest-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.nblyprod.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.cloudfront.net js.hs-scripts.com o26255.ingest.sentry.io online.flippingbook.com fast.fonts.net siteimproveanalytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdnjs.cloudflare.com www.google-analytics.com consent.trustarc.com kit.fontawesome.com acsbapp.com blob:; style-src 'self'  'unsafe-inline' cdn-images.mailchimp.com cdn-images.mailchimp.com cdnjs.cloudflare.com fonts.googleapis.com consent.trustarc.com fast.fonts.net ka-p.fontawesome.com; img-src 'self' *.flippingbook.com *.siteimproveanalytics.io consent.trustarc.com www.google.com www.tenrec.com www.google-analytics.com forms.hsforms.com consent.truste.com data:; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com consent.trustarc.com ka-p.fontawesome.com fast.fonts.net; 1
upgrade-insecure-requests; frame-ancestors https://app.americanbuildings.com https://app.cbcsteelbuildings.com https://app.kirbybuildingsystems.com https://app.nucorbuildingsystems.com https://www.americanbuildings.com https://www.cbcsteelbuildings.com https://www.kirbybuildingsystems.com https://www.nucorbuildingsystems.com https://www.nucorbuildingsgroup.com https://kbstoolbox.revhub.io https://toolbox.kirbybuildingsystems.com https://toolbox.cbcsteelbuildings.com https://toolbox.americanbuildings.com https://toolbox.nucorbuildingsystems.com; 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com https://classic.bimobject.com https://admincontent.bimobject.com https://accounts.bimobject.com https://accounts-dev.ad.bimobject.com https://accounts-staging.ad.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.linkedin.com *.licdn.com *.google.com *.gstatic.com *.googleapis.com *.cloudfront.net *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.cdn.net *.facebook.net *.facebook.com *.umbraco.org *.umbraco.com *.googletagmanager.com *.pardot.com *.reachmee.com *.e-space.se *.clarity.ms *.google.se *.b-cdn.net *.akamaihd.net *.wistia.com *.pingdom.net *.doubleclick.net *.bootstrapcdn.com *.jquery.com *.cloudflare.com *.jsdelivr.net *.ytimg.com *.hotjar.com *.mynewsdesk.com *.raysearchlabs.com *.leadoo.com *.bing.com *.aptrinsic.com *.highcharts.com *.issuu.com *.workbuster.com *.azure.com about: blob:; connect-src 'self' ws://*.com ws://*.se *.akamaihd.net *.wistia.com *.litix.io *.google-analytics.com *.visualstudio.com *.pingdom.net *.umbraco.org *.umbraco.com *.doubleclick.net *.leadoo.com *.oribi.io *.google.com *.hotjar.com *.hotjar.io *.googleapis.com *.clarity.ms *.aptrinsic.com *.cision.com; media-src 'self' blob: *.ibinder.com *.akamaihd.net *.hotjar.com *.hotjar.io *.wistia.com *.b-cdn.net *.leadoo.com; worker-src https: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.torus.gr www.google-analytics.com www.googletagmanager.com *.googleapis.com platform.twitter.com unpkg.com connect.facebook.net; 1
frame-ancestors 'self' https://*.turnoffthelights.com; upgrade-insecure-requests; base-uri 'self'; object-src  'none' 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.facebook.com; object-src 'self'; img-src 'unsafe-eval' 'self' data:  *.google.com *.facebook.com live.adampartridge.co.uk maps.gstatic.com maps.googleapis.com 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasin0.agency wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasin0.agency wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankcasin0.agency wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-OUw7SS2bafnHXT+uC3Ll1w==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankcasin0.agency wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self' https://forms.office.com/ https://player.vimeo.com/ https://www.youtube.com/  https://gamma.euroland.com/  https://fonts.googleapis.com    https://fonts.gstatic.com/    https://clapi.civiccomputing.com/   https://tools.eurolandir.com/ https://www.google.com/;                    script-src 'self' 'unsafe-inline' 'unsafe-eval'   data: https://cdn.jsdelivr.net/npm/google-maps-utility-library-v3-infobox@1.1.14/dist/infobox.js https://maps.googleapis.com https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js  https://www.googletagmanager.com   https://www.google-analytics.com https://www.google.com  https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js  http://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://acsbapp.com/  https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js;                 style-src 'self' 'unsafe-inline'  data: https://www.googletagmanager.com/ https://use.typekit.net/qvy0ouc.css  https://fonts.googleapis.com https://p.typekit.net/p.css;                 img-src 'self' data:  https://www.google.co.uk/ https://www.google.rs/ https://www.google.com.eg/ https://cdn.acsbapp.com/ https://fonts.gstatic.com/ https://acsbapp.com/ https://web1.acsbapp.com/ https://i.vimeocdn.com/ https://maps.googleapis.com/ https://maps.gstatic.com/  https://i.ytimg.com   https://fonts.googleapis.com     https://www.google.co.in        https://www.google-analytics.com        https://www.googletagmanager.com        https://www.google.com        https://dashboard.umbraco.org/     https://stats.g.doubleclick.net/;                    font-src 'self' https://acsbapp.com/ https://fonts.gstatic.com http://fonts.googleapis.com https://fonts.googleapis.com https://use.typekit.net;                      base-uri 'self';                     connect-src 'self' https://accesswidget-log-receiver.acsbapp.com/ https://clapi.civiccomputing.com/ https://region1.google-analytics.com/ https://acsbapp.com/ https://region1.analytics.google.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://apikeys.civiccomputing.com/ https://cdn.acsbapp.com https://web1.acsbapp.com/ 1
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.r1.ddlnk.net/signup.ashx *.emails.buissonniere.com/signup.ashx *.facebook.com *.global-e.com *.bglobale.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.buissonniere.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vimeo.com *.ytimg.com *.addthis.com *.facebook.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com maps.gstatic.com maps.googleapis.com *.trackedlink.net *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.postcodeanywhere.co.uk *.gstatic.com *.googleapis.com *.ytimg.com *.buissonniere.com *.amazonaws.com *.facebook.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.pcapredict.com *.postcodeanywhere.co.uk *.googleapis.com *.ytimg.com *.addthis.com *.moatads.com *.addthisedge.com *.google.com *.facebook.com *.adobe.net *.adobetm.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com *.alothemes.com *.magepow.com *.postcodeanywhere.co.uk *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.alothemes.com *.magepow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.postcodeanywhere.co.uk *.googleapis.com *.ytimg.com *.addthis.com *.global-e.com *.doubleclick.net mcstaging.buissonniere.com *.analytics.google.com *.google.com *.belgium-3ds-bxl.wlp-acs.com *.wlp-acs.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data:; script-src 'self' 'self' 'unsafe-inline' ws-assets.zoominfo.com js.hs-scripts.com www.googletagmanager.com snap.licdn.com secure.visionarybusiness7.com ws.zoominfo.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hsleadflows.net www.emlpayments.com cdn.jsdelivr.net player.vimeo.com js.hubspot.com static.hotjar.com; style-src 'self' 'unsafe-inline' www.emlpayments.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com; img-src https: www.emlpayments.com data: emlpayments-stagingcms.imgix.net emlpayments-stagingcms.bla.bio px.ads.linkedin.com track.hubspot.com forms.hsforms.com; connect-src 'self' ws.zoominfo.com forms.hscollectedforms.net emlpayments-stagingcms.bla.bio api.hubapi.com js.hs-banner.com cdn.linkedin.oribi.io forms.hubspot.com www.google-analytics.com analytics.google.com www.analytics.google.com ipinfo.io 61xeik5j3f.execute-api.ap-southeast-2.amazonaws.com; frame-src 'self' player.vimeo.com; manifest-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; font-src 'self' www.emlpayments.com data: fonts.gstatic.com; worker-src 'self' blob: www.emlpayments.com; report-uri ; media-src 'self' www.emlpayments.com emlpayments-stagingcms.bla.bio 1
frame-ancestors 'self' https://imprumut-acum.ro/ https://credite-imprumut.ro/ http://imprumut.net/ http://imprumut-online.com/ http://kreditta.net/ https://credit-rapid.org/ https://online-credit.ro https://online-imprumut.ro/ https://rapide-imprumuturi.ro/ https://credite-instant.ro https://credite-acum.ro https://credit-rapid.net/ https://hora-credit.ro/ https://imprumut-acum.net/ https://rapid-nebancar.ro/ https://credit-market.ro/ https://credite-nebancare.net/ https://credit-acum.ro/ https://imprumutes.net/ https://imprumutro.net/ https://imprumut-online.ro/ https://onlineimprumut.ro/ https://onlineimprumut.net/ https://onlineimprumut.com/ https://crediteacum.ro/ https://crediteacum.net/ https://informatiidecredit.ro/ https://credite-instant.com/ https://informatii-de-credit.ro/ https://onlineimprumuturi.ro/ https://onlineimprumuturi.net/ https://credit-pusculita.ro/ https://pusculita.net/ https://imprumuttuturor.ro/ https://imprumut-tuturor.ro/ https://online-tuturor.ro/ https://informatii-financiare.ro/ https://pujckavsem.org/ 1
frame-ancestors 'self' 192.168.33.250:10443; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-6VvW87XUdKTvLFQilGv66A=='; 1
default-src 'self' https://*.visitors.live wss://realtime.luckyorange.com wss://in.visitors.live https://*.googleapis.com https://*.luckyorange.com https://*.google-analytics.com https://*.paypal.com https://*.ashtangayoga.info https://*.facebook.com https://*.google.de https://*.google.com https://*.ampproject.org https://*.doubleclick.net wss://localhost:3000 https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tools.luckyorange.com https://*.privacypolicies.com https://*.paypal.com https://*.ashtangayoga.info https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://*.googleapis.com https://connect.facebook.net https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.bootstrapcdn.com https://fonts.gstatic.com data:; object-src 'self'; img-src 'self' 'unsafe-inline' data: blob: https://webapps.ashtangayoga.info https://*.paypal.com https://*.ashtangayoga.info/ https://*.doubleclick.net https://*.vimeocdn.com https://i.ytimg.com https://www.google-analytics.com https://www.google.com https://www.google.de https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://www.facebook.com https://t.co https://*.twimg.com https://www.gravatar.com https://shop.ashtangayoga.info; frame-src 'self' https://*.ashtangayoga.info https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://*.paypal.com https://w.soundcloud.com/ https://yogaeasy.de https://www.yogaeasy.de/ https://ashtanga.yogaeasy.de/; worker-src 'self' blob:; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.oogfonds.nl oogfonds.nl  *.testamenttest.nl *.buckaroo.nl *.googletagmanager.com *.cookiebot.com *.fontawesome.com *.readspeaker.com *.ideal.ing.nl *.pinterest.com *.anbigift.nl widget.scribit.pro/main.js *.adform.net 1
upgrade-insecure-requests; frame-ancestors https://cms-prod.intranet.baywa.com/ 1
frame-ancestors 'self' https://t.bluey.dev 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.christopherobin.fr https://m.christopherobin.fr https://checkout.christopherobin.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://ln-rules.rewardstyle.com https://*.contentsquare.net https://app.contentsquare.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
connect-src 'self' *.icordis.be *.lcp.be burgerprofiel.vlaanderen.be wss://authenticatie.vlaanderen.be wss://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgets.burgerprofiel.vlaanderen.be wss://prod.contactapi.uat-vlaanderen.be https://prod.contactapi.uat-vlaanderen.be https://contactapi.vlaanderen.be *.burgerprofiel.be *.vrijwilligerswerk.be *.algolianet.com *.algolia.net vrijwilligerswerk.be *.facebook.com *.facebook.net *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.analytics.google.com *.readspeaker.com *.giveaday.be https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.topdesk.net *.hcaptcha.com *.matomo.cloud *.hotjar.com; font-src 'self' *.icordis.be *.lcp.be https://ui.vlaanderen.be https://dij151upo6vad.cloudfront.net *.gstatic.com *.curator.io *.vrijwilligerswerk.be vrijwilligerswerk.be *.widget.enviso.io *.enviso.io *.timeblockr.com *.readspeaker.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://kit-pro.fontawesome.com https://apps.ticketmatic.com *.typekit.net *.googleapis.com *.topdesk.net *.hotjar.com; frame-src 'self' *.icordis.be *.lcp.be notfound-static.fwebservices.be stratenplan.gemeentemol.be *.iamfas.belgium.be https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.frontend.burgerprofiel.vlaanderen.be https://authenticatie.vlaanderen.be https://idp.iamfas.belgium.be *.youtube.com youtu.be  www.youtube.com *.soundcloud.com *.curator.io *.vimeo.com *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.gift2give.be *.issuu.com maps.geopunt.be *.maps.geopunt.be *.api.vlaanderen.be *.vlaanderen.be *.geopunt.be *.bizlocator.be *.spotify.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com *.rtv.be app.eaglebe.com *.google.com https://calendar.google.com plugin.routeyou.com www3.sport.vlaanderen https://www.recycleapp.be *.tableau.com *.topdesk.net *.instagram.com *.hcaptcha.com *.waze.com https://indd.adobe.com *.hotjar.com; img-src 'self' *.icordis.be *.lcp.be data: *.amazonaws.com https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgetconfigservice.burgerprofiel.vlaanderen.be data: *.osm.be *.informatievlaanderen.be *.geopunt.be *.tile.openstreetmap.org https://geo.api.vlaanderen.be *.ytimg.com *.google.com *.soundcloud.com *.curator.io *.vimeo.com *.vimeocdn.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net https://scontent-iad3-1.xx.fbcdn.net  *.fbsbx.com *.facebook.com *.facebook.net *.gift2give.be *.issuu.com cdn.syndication.twimg.com *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com *.google.be *.uitdatabank.be  udb-media.imgix.net udb2-media.imgix.net  images-prod-uitdatabank.imgix.net *.westtoer.be *.west-vlaanderen.be *.tile.openstreetmap.fr *.cloudfront.net *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.cdninstagram.com https://squizlabs.github.io *.smassets.net *.waze.com *.matomo.cloud *.hotjar.com; script-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be 'unsafe-eval' https://prod.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.geopunt.be *.youtube.com *.curator.io *.vrijwilligerswerk.be *.algolianet.com vrijwilligerswerk.be *.algolia.net *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.vlaanderen.be *.jobsolutions.be *.3p.eu *.widget.enviso.io *.enviso.io *.adyen.com *.timeblockr.com *.google-analytics.com *.googletagmanager.com *.arcg.is arcg.is *.maps.arcgis.com *.arcgis.com *.readspeaker.com https://geo.api.vlaanderen.be app.eaglebe.com maps.googleapis.com *.giveaday.be openfed.github.io https://apps.ticketmatic.com toegankelijk.vlaanderen.be *.tableau.com *.googleapis.com *.topdesk.net *.instagram.com *.hcaptcha.com https://squizlabs.github.io *.surveymonkey.com *.googleapis.com *.waze.com cdn.matomo.cloud *.vlaanderen.be *.hotjar.com; worker-src 'self' www.gemeentemol.be *.icordis.be *.lcp.be https://prod.widgets.burgerprofiel.vlaanderen.be *.soundcloud.com *.curator.io *.enviso.io *.adyen.com https://apps.ticketmatic.com *.topdesk.net *.hotjar.com; frame-ancestors 'self' https://stats.lcp.be *.enviso.io *.adyen.com https://stats.lcp.be *.topdesk.net; style-src 'self' 'unsafe-inline' *.icordis.be *.lcp.be www.gemeentemol.be fonts.googleapis.com *.vrijwilligerswerk.be vrijwilligerswerk.be *.algolia.net cdn.syndication.twimg.com *.twitter.com *.widget.enviso.io *.enviso.io *.timeblockr.com *.readspeaker.com app.eaglebe.com *.giveaday.be *.googleapis.com https://kit-pro.fontawesome.com fonts.googleapis.com openfed.github.io toegankelijk.vlaanderen.be *.typekit.net *.googleapis.com *.topdesk.net https://squizlabs.github.io *.hotjar.com; object-src  *.hotjar.com; ; report-uri /report-csp-violation 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net *.instagram.com instagram.com *.cdninstagram.com connect.facebook.net *.mhkbd.nrw mhkbd.nrw *.mhkbg.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net *.mhkbd.nrw mhkbd.nrw;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.mhkbd.nrw *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.mhkbd.nrw mhkbd.nrw;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.mhkbd.nrw mhkbd.nrw;    frame-src   'self' *.mhkbd.nrw *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.mhkbd.nrw mhkbd.nrw *.mhkbg.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net *.mhkbg.nrw mhkbd.nrw;    media-src *; upgrade-insecure-requests; 1
frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests 1
default-src 'self' *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.net; style-src 'self' 'unsafe-inline' *.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com; font-src 'self' data:; img-src 'self' *.google-analytics.com www.linkedin.com data: blob: *.facebook.net *.facebook.com; media-src 'self' data: blob:; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/; connect-src 'self' *.google-analytics.com; 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-FjOt5hvMaePfC51isV3+QQ=='; 1
default-src 'self'; img-src 'self' https: *.google-analytics.com *.googletagmanager.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com *.googletagmanager.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' data: https: fonts.googleapis.com fonts.gstatic.com; font-src 'self' data: https: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' https: e.infogram.com; connect-src https: *.google-analytics.com 1
default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self'; object-src 'none'; media-src 'self'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self'; manifest-src 'self' 1
'self' ajax.googleapis.com; 1
default-src data: blob: *; script-src 'self' 'unsafe-inline' blob: data: spb.keram-market.ru *.spb.keram-market.ru spb.keram-market.ru:* *.spb.keram-market.ru:* cdn.keram-market.ru 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net *.fbcdn.net *.facebook.net *.twitter.com mc.yandex.ru api-maps.yandex.ru suggest-maps.yandex.ru *.yandex.net yastatic.net webvisor.com *.webvisor.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.google.com 127.0.0.1:* icasa.ru *.icasa.ru; connect-src 'self' 'unsafe-inline' mc.yandex.ru google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net spb.keram-market.ru:* *.spb.keram-market.ru:* wss://spb.keram-market.ru:* wss://*.spb.keram-market.ru:*; style-src data: blob: 'unsafe-inline' *; font-src 'self' 'unsafe-inline' blob: data: spb.keram-market.ru *.spb.keram-market.ru spb.keram-market.ru:* *.spb.keram-market.ru:* cdn.keram-market.ru 127.0.0.1:* fonts.gstatic.com icasa.ru *.icasa.ru; 1
base-uri https://*.pchome.co.th; 1
default-src 'none'; object-src 'self'; frame-src 'self' https://www.google.com https://maps.google.com https://maps.google.fr https://indd.adobe.com https://quefairedemesdechets.ademe.fr https://*.google-analytics.com https://www.google.com/jsapi https://www.google.com/uds/ https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://*.gstatic.com https://*.googleapis.com https://maps.google.com https://maps.google.fr https://www.googletagmanager.com https://*.apis.google.com https://apis.google.com https://*.ggpht.com https://tagmanager.google.com https://*.googletagservices.com https://*.doubleclick.net https://*.googleadservices.com https://www.google.com/ads/ https://tpc.googlesyndication.com https://analytics.octopoos.com https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.dailymotion.com https://*.vimeocdn.com https://*.vimeo.com https://*.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.google.com/jsapi https://www.google.com/uds/ https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://*.gstatic.com https://*.googleapis.com https://maps.google.com https://maps.google.fr https://www.googletagmanager.com https://*.apis.google.com https://apis.google.com https://*.ggpht.com https://tagmanager.google.com https://*.googletagservices.com https://*.doubleclick.net https://*.googleadservices.com https://www.google.com/ads/ https://tpc.googlesyndication.com https://analytics.octopoos.com https://www.link-page.info https://quefairedemesdechets.ademe.fr/iframe.js https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.dailymotion.com https://*.vimeocdn.com https://*.vimeo.com https://*.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com 'report-sample'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com https://tagmanager.google.com https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.dailymotion.com https://*.vimeocdn.com https://*.vimeo.com https://*.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com 'report-sample'; img-src 'self' https://*.google-analytics.com https://www.google.com/jsapi https://www.google.com/uds/ https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://*.gstatic.com https://*.googleapis.com https://maps.google.com https://maps.google.fr https://www.googletagmanager.com https://*.apis.google.com https://apis.google.com https://*.ggpht.com https://tagmanager.google.com https://*.googletagservices.com https://*.doubleclick.net https://*.googleadservices.com https://www.google.com/ads/ https://tpc.googlesyndication.com https://www.google.com/images/cleardot.gif https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://www.google.com/ads/ https://www.google.fr/ads/ https://www.google.be/ads/ https://www.google.sa/ads/ https://www.google.tn/ads/ https://www.google.de/ads/ https://www.google.dj/ads/ https://www.google.co.ma/ads/ https://www.google.at/ads/ https://www.google.ad/ads/ https://www.google.it/ads/ https://www.google.sn/ads/ https://www.google.mg/ads/ https://www.google.fi/ads/ https://www.google.co.uk/ads/ https://www.google.nl/ads/ https://www.google.cd/ads/ https://www.google.co.in/ads/ https://www.google.cm/ads/ https://www.google.cg/ads/ https://www.google.ci/ads/ https://www.google.com.tr/ads/ https://www.google.ca/ads/ https://www.google.pl/ads/ https://www.google.dz/ads/ https://www.google.es/ads/ https://www.google.tg/ads/ https://www.google.com.cy/ads/ https://www.google.bf/ads/ https://www.google.cz/ads/ https://www.google.se/ads/ https://www.google.lu/ads/ https://www.google.ch/ads/ https://www.google.com.lb/ads/ https://www.google.dk/ads/ https://www.google.bj/ads/ https://www.google.pt/ads/ https://www.google.com.ph/ads/ https://www.google.ee/ads/ https://www.google.com.vn/ads/ https://www.google.co.il/ads/ https://www.google.hr/ads/ https://www.google.com.sg/ads/ https://www.google.ga/ads/ https://www.google.com.ua/ads/ https://www.google.ml/ads/ https://www.google.com.pk/ads/ https://www.google.co.jp/ads/ https://www.google.co.th/ads/ https://www.google.co.ke/ads/ https://www.google.ro/ads/ https://www.google.lt/ads/ https://www.google.com.mx/ads/ https://www.google.sk/ads/ https://www.google.ie/ads/ https://www.google.com.br/ads/ https://www.google.co.id/ads/ https://www.google.md/ads/ https://www.google.ru/ads/ https://www.google.ba/ads/ https://www.google.com.hk/ads/ https://www.google.co.kr/ads/ https://www.google.ne/ads/ https://www.google.com.au/ads/ https://www.google.cf/ads/ https://www.google.com.ar/ads/ https://www.google.ae/ads/ https://www.google.com.ng/ads/ https://www.google.bi/ads/ https://www.google.com.tw/ads/ https://www.google.is/ads/ https://www.google.com.bd/ads/ https://www.google.hu/ads/ https://www.google.cn/ads/ https://www.google.gr/ads/ https://www.google.rs/ads/ https://www.google.td/ads/ https://www.google.com.sa/ads/ https://www.google.co.za/ads/ https://www.google.al/ads/ https://www.google.no/ads/ https://www.google.com.do/ads/ https://www.google.kz/ads/ https://www.google.com.gh/ads/ https://www.google.com.et/ads/ https://www.google.mu/ads/ https://www.google.mk/ads/ https://www.google.si/ads/ https://www.google.bg/ads/ https://www.google.ps/ads/ https://www.google.com.eg/ads/ https://www.google.com.co/ads/ https://www.google.so/ads/ https://www.google.co.mz/ads/ https://www.google.com.mm/ads/ https://www.google.cl/ads/ https://www.google.lv/ads/ https://analytics.octopoos.com https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.dailymotion.com https://*.vimeocdn.com https://*.vimeo.com https://*.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com data: blob: 'report-sample'; font-src 'self' https://*.gstatic.com https://*.googleapis.com https://tagmanager.google.com data: 'report-sample'; connect-src 'self' https://*.google-analytics.com https://*.gstatic.com https://www.google.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.googleapis.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.google.com/ads/ https://www.google.fr/ads/ https://www.google.be/ads/ https://www.google.sa/ads/ https://www.google.tn/ads/ https://www.google.de/ads/ https://www.google.dj/ads/ https://www.google.co.ma/ads/ https://www.google.at/ads/ https://www.google.ad/ads/ https://www.google.it/ads/ https://www.google.sn/ads/ https://www.google.mg/ads/ https://www.google.fi/ads/ https://www.google.co.uk/ads/ https://www.google.nl/ads/ https://www.google.cd/ads/ https://www.google.co.in/ads/ https://www.google.cm/ads/ https://www.google.cg/ads/ https://www.google.ci/ads/ https://www.google.com.tr/ads/ https://www.google.ca/ads/ https://www.google.pl/ads/ https://www.google.dz/ads/ https://www.google.es/ads/ https://www.google.tg/ads/ https://www.google.com.cy/ads/ https://www.google.bf/ads/ https://www.google.cz/ads/ https://www.google.se/ads/ https://www.google.lu/ads/ https://www.google.ch/ads/ https://www.google.com.lb/ads/ https://www.google.dk/ads/ https://www.google.bj/ads/ https://www.google.pt/ads/ https://www.google.com.ph/ads/ https://www.google.ee/ads/ https://www.google.com.vn/ads/ https://www.google.co.il/ads/ https://www.google.hr/ads/ https://www.google.com.sg/ads/ https://www.google.ga/ads/ https://www.google.com.ua/ads/ https://www.google.ml/ads/ https://www.google.com.pk/ads/ https://www.google.co.jp/ads/ https://www.google.co.th/ads/ https://www.google.co.ke/ads/ https://www.google.ro/ads/ https://www.google.lt/ads/ https://www.google.com.mx/ads/ https://www.google.sk/ads/ https://www.google.ie/ads/ https://www.google.com.br/ads/ https://www.google.co.id/ads/ https://www.google.md/ads/ https://www.google.ru/ads/ https://www.google.ba/ads/ https://www.google.com.hk/ads/ https://www.google.co.kr/ads/ https://www.google.ne/ads/ https://www.google.com.au/ads/ https://www.google.cf/ads/ https://www.google.com.ar/ads/ https://www.google.ae/ads/ https://www.google.com.ng/ads/ https://www.google.bi/ads/ https://www.google.com.tw/ads/ https://www.google.is/ads/ https://www.google.com.bd/ads/ https://www.google.hu/ads/ https://www.google.cn/ads/ https://www.google.gr/ads/ https://www.google.rs/ads/ https://www.google.td/ads/ https://www.google.com.sa/ads/ https://www.google.co.za/ads/ https://www.google.al/ads/ https://www.google.no/ads/ https://www.google.com.do/ads/ https://www.google.kz/ads/ https://www.google.com.gh/ads/ https://www.google.com.et/ads/ https://www.google.mu/ads/ https://www.google.mk/ads/ https://www.google.si/ads/ https://www.google.bg/ads/ https://www.google.ps/ads/ https://www.google.com.eg/ads/ https://www.google.com.co/ads/ https://www.google.so/ads/ https://www.google.co.mz/ads/ https://www.google.com.mm/ads/ https://www.google.cl/ads/ https://analytics.octopoos.com https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io 'report-sample'; media-src 'self' data: 'report-sample'; base-uri 'self'; form-action 'self' https://*.twitter.com https://twitter.com https://*.twimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.linkedin.com https://snap.licdn.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io; manifest-src 'self'; report-uri https://cspreport.octopoos.com/; 1
connect-src 'self' ;default-src 'self' https://eldercarebroker.com https://eisapp.com;frame-ancestors 'self' ;frame-src 'self' *.google.com *.vimeo.com vimeo.com ;media-src 'self' *.vimeo.com vimeo.com;object-src 'none'; report-uri https://eldercarebroker.com/api/CSP_report.php;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com;font-src 'self' *.gstatic.com *.fontawesome.com;img-src 'self' https://eldercarebroker.com https://eisapp.com; 1
manifest-src 'self'; frame-ancestors 'none';default-src 'none';media-src 'self'; script-src 'self' 'unsafe-inline' consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com *.google-analytics.com;   connect-src 'self' consentcdn.cookiebot.com *.google-analytics.com; img-src 'self' pics.getynet.com imgsct.cookiebot.com data: *.google-analytics.com;   style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com;base-uri 'self';form-action 'self'; font-src  'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com; frame-src consentcdn.cookiebot.com; 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://www.googletagmanager.com/gtag/js;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com https://*.google-analytics.com https://*.googletagmanager.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com *.google-analytics.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.addtoany.com https://surfly.com *.msecnd.net https://unpkg.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com http://connect.facebook.net https://selfservice.robinhq.com robincontentdesktop.blob.core.windows.net *.hotjar.com http://doubleclick.net kit.fontawesome.com http://player.vimeo.com https://youtube.com https://*.youtube.com; img-src 'self' https://checkoutshopper-live.adyen.com https://vangeldernederland.nl https://www.google.nl https://*.doubleclick.net https://*.vangeldernederland.nl https://*.googletagmanager.com https://*.ytimg.com https://www.google-analytics.com https://*.facebook.com data: https://*.google.com https://*.fbcdn.net https://i.vimeocdn.com/ https://robincontentdesktop.blob.core.windows.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' https://content.hotjar.io *.hotjar.io https://checkoutshopper-live.adyen.com https://*.google-analytics.com https://*.doubleclick.net *.visualstudio.com *.robinhq.com https://www.google-analytics.com sentry.cloudsuite.io *.fontawesome.com *.hotjar.com wss://*.hotjar.com http://surfly.com https://vimeo.com; frame-src 'self' https://shop.yourticketprovider.nl https://www.rsa3dsauth.co.uk *.securesuite.co.uk https://checkoutshopper-live.adyen.com https://e.vangeldernederland.nl https://widget.yourticketprovider.nl https://contact.robinhq.com https://www.youtube-nocookie.com https://*.addtoany.com https://www.youtube.com https://www.google.com http://player.vimeo.com vars.hotjar.com https://www.facebook.com; media-src 'self' https://cdn.flbx.io 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' 49b34enylik2hsggs1g60qr1-wpengine.netdna-ssl.com *.clarity.ms a.omappapi.com www.googletagmanager.com chimpstatic.com seal.digicert.com platform.twitter.com downloads.mailchimp.com mc.us13.list-manage.com www.google.com www.gstatic.com *.google-analytics.com connect.facebook.net bat.bing.com *.googleadservices.com s.pinimg.com googleads.g.doubleclick.net ajax.googleapis.com *.ampproject.org *.clarity.ms js.hsforms.net *.hotjar.com; style-src 'unsafe-inline' 'self' 49b34enylik2hsggs1g60qr1-wpengine.netdna-ssl.com downloads.mailchimp.com fonts.googleapis.com *.omappapi.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.clarity.ms ct.pinterest.com bat.bing.com stats.g.doubleclick.net bat.bing.com *.omappapi.com www.facebook.com forms.hsforms.com *.googlesyndication.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com; font-src 'self' 49b34enylik2hsggs1g60qr1-wpengine.netdna-ssl.com fonts.gstatic.com *.omappapi.com data:; img-src 'self' 49b34enylik2hsggs1g60qr1-wpengine.netdna-ssl.com *.clarity.ms *.bing.com secure.gravatar.com a.impactradius-go.com xoomenergy.sjv.io bat.bing.com www.facebook.com ct.pinterest.com www.google.com www.google.co.in www.google-analytics.com www.googletagmanager.com seal.digicert.com mcusercontent.com www.ojrq.net *.optnmstr.com *.omappapi.com *.doubleclick.net electricplans.wpenginepowered.com data:; media-src 'self' data: blob:; frame-src 'self' platform.twitter.com www.facebook.com www.google.com bid.g.doubleclick.net forms.hsforms.com *.youtube.com *.hotjar.com *.doubleclick.net 1
default-src 'self' https://*.idex-hs.com https://idex-hs.com https://external-idex.premierway.com:543 https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; script-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdn.jsdelivr.net https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com/2021.1.119/js/kendo.all.min.js https://kendo.cdn.telerik.com/2021.1.119/js/kendo.aspnetmvc.min.js https://www.googletagmanager.com https://mktdplp102cdn.azureedge.net https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://code.jquery.com https://cdn.cookielaw.org https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com https://*.brightcove.net/ https://players.brightcove.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.hotjar.com/; style-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.twimg.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; font-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' *.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com data:; img-src 'self' https://*.idex-hs.com https://idex-hs.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com https://www.paypalobjects.com https://*.doubleclick.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com https://cdn.cookielaw.org https://*.photonics.com; media-src 'self' https://*.idex-hs.com https://idex-hs.com data: blob: https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; form-action 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; frame-src 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://*.brightcove.net *.youtube.com *.avr-optics.com https://lt-pd.idex-hs.com https://*.smartercommercecloud.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; frame-ancestors 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; child-src 'self' https://*.idex-hs.com https://idex-hs.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://www.computop-paygate.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; connect-src 'self' https://*.idex-hs.com https://idex-hs.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://ka-p.fontawesome.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cookielaw.org https://*.onetrust.com https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://lt-pd.idex-hs.com https://maps.googleapis.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com wss://ws.hotjar.com/ https://metrics.hotjar.io https://content.hotjar.io/; object-src 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://mktdplp102cdn.azureedge.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' moonlight.com.au *.moonlight.com.au *.americanexpress.com *.android.com *.braintree-api.com *.braintreegateway.com *.byspotify.com *.cardinalcommerce.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.eventcinemas.co.nz *.eventcinemas.com.au *.facebook.com *.fontawesome.com *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.imdb.com *.instagram.com *.kaptcha.com *.movio.co *.mycardsecure.com *.parlourlane.com *.paypal.com *.paypalobjects.com *.quantcount.com *.quantserve.com *.rialto.co.nz *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.spotify.com *.stripe.com *.tiktok.com *.typekit.net *.unpkg.com *.vimeo.com *.wufoo.com *.wufoo.eu *.youtube.com adservice.google.de adservice.google.fr americanexpress.com analytics.tiktok.com android.com attestation.android.com bam.nr-data.net cardinalcommerce.com cdn.honey.io cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net dggwxdl5oqubl.cloudfront.net fontawesome.com google.com googletagmanager.com i.ytimg.com instagram.com js-agent.newrelic.com kg668dbov0.execute-api.us-east-1.amazonaws.com mpsnare.iesnare.com mycardsecure.com parlourlane.com participant.connect.ap-southeast-2.amazonaws.com paypal.com rsa3dsauth.co.uk secure7.arcot.com securepubads.g.doubleclick.net spotify.com stripe.com tiktok.com typekit.net unpkg.com vimeo.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.moonlight.com.au www.surveymonkey.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
script-src 'self' 'nonce-c229226303fa' https://browser.sentry-cdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com;connect-src 'self' ws: *.sentry.io maps.googleapis.com *.google-analytics.com;font-src https://fonts.gstatic.com/;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com goodgym-uploads.s3.eu-west-1.amazonaws.com d2tfd645274ffx.cloudfront.net;style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';style-src-elem self https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';default-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src https://www.neobt.ro https://s1.adform.net https://s2.adform.net https://adform.net https://ib.adnxs.com https://connect.facebook.net https://s2.adform.net wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com https://cdn-api-weglot.com https://*.weglot.com https://urlgeni.us/ https://analytics.tiktok.com https://www.googletagmanager.com https://www.linkedin.com/ https://px.ads.linkedin.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cx.atdmt.com https://www.gravatar.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://*.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ https://hcaptcha.com https://*.hcaptcha.com blob: data:; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src * 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' *.adform.net  https://life.aegon.ro/ https://use.fontawesome.com/ https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data:; object-src 'none' 1
default-src 'self' wipsites.com.br; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src fonts.gstatic.com 'self';child-src 'self' www.google.com; frame-src 'self' youtube.com www.youtube.com e-diploma.com.br www.e-diploma.com.br google.com www.google.com; script-src-elem 'self' cdn.public.n1ed.com www.googletagmanager.com; connect-src 'self' cdn.public.n1ed.com 1
default-src 'self'; frame-src 'self' www.google.com www.youtube.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: cdn.ckeditor.com www.google-analytics.com ws1.postescanada-canadapost.ca 'unsafe-eval' 'unsafe-inline';connect-src 'self' www.google-analytics.com google-analytics.com *.fontawesome.com ws1.postescanada-canadapost.ca 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com ws1.postescanada-canadapost.ca *.fontawesome.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' fonts.googleapis.com ws1.postescanada-canadapost.ca stackpath.bootstrapcdn.com gitcdn.github.io stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.ckeditor.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' gitcdn.github.io kit.fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com www.googletagmanager.com cdn.ckeditor.com ws1.postescanada-canadapost.ca www.gstatic.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self'; frame-src 'self' https://vimeo.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com; 1
base-uri 'self'; script-src 'self' 'unsafe-inline'; object-src 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-9sg0oMHJlbxiOqqCliYmcypPnuA/6VSm2cWPvHlY4JNTOwYy' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com/ https://*.klaviyo.com https://*.livechatinc.com https://*.pinimg.com/ https://checkout-sdk.sezzle.com https://widget.sezzle.com/ https://checkout.clover.com/ https://player.vimeo.com/ https://vimeo.com/ https://*.stripe.com/; style-src 'self' 'unsafe-inline' https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com/ https://*.klaviyo.com https://*.livechatinc.com https://fonts.googleapis.com https://checkout-sdk.sezzle.com https://widget.sezzle.com/ https://checkout.clover.com/ https://player.vimeo.com/ https://vimeo.com/ https://*.stripe.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: d.digionline.de; report-uri /security-report.php 1
default-src form.gov.sg api-cdp.eu01.treasuredata.com *.treasuredata.com *.recaptcha.net *.bellustartokyo.jp *.net-fs.com *.matterport.com *.smartviewmedia.com.au *.sprinklr.com *.zencdn.net *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline'; script-src 'self' *.panpacific.com  *.panomatics.com *.googlesyndication.com messenger.myma.ai *.cookieyes.com cdn-cookieyes.com *.adobedtm.com form.gov.sg *.addtoany.com api-cdp.eu01.treasuredata.com *.treasuredata.com *.gstatic.cn *.cloudfront.net *.usabilla.com *.recaptcha.net *.sojern.com *.gstatic.com *.yimg.jp *.sevenrooms.com *.twitter.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.imenupro.com imenupro.com *.tablecheck.com *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.mynewsdesk.com *.opentable.co.uk *.jscache.com *.tripadvisor.com *.tripadvisor.com.au *.tacdn.com *.abtasty.com *.digicert.com *.titiqcdn.com *.tiqcdn.com *.google.com *.facebook.com *.facebook.net *.youtube.com *.googleapis.com  *.tealiumiq.com  *.usabilla.com *.googletagmanager.com *.enzymic.co *.baidu.com *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com *.everestjs.net *.matomo.cloud *.adform.com *.adform.net *.googleadservices.com *.google.com.sg *.zencdn.net *.doubleclick.net *.clarity.ms *.addthisedge.com *.moatads.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' *.panpacific.com *.panomatics.com *.cloudfront.net *.usabilla.com *.sprinklr.com *.sevenrooms.com *.sprinklr.com *.abtasty.com *.amazonaws.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.bootstrapcdn.com *.tacdn.com *.googleapis.com *.cloudfront.net *.cloudflare.com *.zencdn.net 'unsafe-inline'; font-src 'self' *.cloudfront.net *.usabilla.com *.sevenrooms.com *.abtasty.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.gstatic.com *.panpacific.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net 'unsafe-inline' data: ; img-src 'self' data: *.panpacific.com  *.panomatics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com  *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com bmbuiassetsprod.blob.core.windows.net *.googletagmanager.com *.google.ca *.cloudfront.net *.usabilla.com *.tripadvisor.com *.travelmyth.com *.sojern.com *.sevenrooms.com *.sprinklr.com *.fbcdn.net *.twimg.com *.pphg.com *.google.co.id *.google.com.my *.abtasty.com http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org *.osm.org *.tile.osm.org *.googleadservices.com *.ghadiscovery.com *.nor1upgrades.com *.amazonaws.com *.adsymptotic.com *.demdex.net *.tealiumiq.com *.everesttech.net *.maxcdn.com *.tacdn.com *.tripadvisor.com.au *.facebook.com *.doubleclick.net *.linkedin.com *.bing.com *.google-analytics.com *.google.com *.google.com.sg *.gstatic.com *.googleapis.com *.digicert.com *.maxcdn.com *.baidu.com *.cloudfront.net *.usabilla.com *.clarity.ms *.derbysoftca.com 'unsafe-inline' ; frame-src 'self' panomatics.com *.panomatics.com *.thefork.com messenger.myma.ai *.net-fs.com *.addtoany.com *.cloudfront.net *.usabilla.com *.recaptcha.net *.hotelgroove.jp *.bellustartokyo.jp *.google.com *.dailymotion.com *.vimeo.com *.sevenrooms.com *.matterport.com *.adform.net tablecheck.com *.tablecheck.com *.smartviewmedia.com.au *.demdex.net *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.facebook.com *.mynewsdesk.com *.opentable.co.uk *.doubleclick.net *.trustyou.com *.trustyou.co *.youtube.com *.lafourchette.com 'unsafe-inline' ; connect-src https: http: *.cloudfront.net *.usabilla.com *.abtasty.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://snabelen.no; img-src 'self' https: data: blob: https://snabelen.no; style-src 'self' https://snabelen.no 'nonce-1UhdwNB6dlLGxeTkDHpWQg=='; media-src 'self' https: data: https://snabelen.no; frame-src 'self' https:; manifest-src 'self' https://snabelen.no; form-action 'self'; child-src 'self' blob: https://snabelen.no; worker-src 'self' blob: https://snabelen.no; connect-src 'self' data: blob: https://snabelen.no https://cdn.masto.host wss://snabelen.no; script-src 'self' https://snabelen.no 'wasm-unsafe-eval' 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://vimeo.com; img-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' https://img.youtube.com; frame-src 'self' https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://www.google.com https://play.libsyn.com https://forms-eu1.hsforms.com https://consentcdn.cookiebot.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://translate.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://*.webatlas.no https://unpkg.com https://dl.episerver.net https://www.google-analytics.com https://e.infogram.com https://public.tableau.com https://webchat.stavanger.kommune.no https://script.hotjar.com https://static.hotjar.com https://www.browsealoud.com https://plus.browsealoud.com https://www.googletagmanager.com https://prokomresources.prokomcdn.no https://*.twitter.com https://*.twimg.com https://007prokom.boost.ai/ https://toolbar.speechstream.net https://webchat.stavanger.kommune.no https://*.config.skype.com https://*.cdn.skype.com https://sfbweb1.stavanger.kommune.no https://lyncdiscover.stavanger.kommune.no https://www.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com/goofy/tiktok https://www.instagram.com https://app-script.monsido.com https://heatmaps.monsido.com https://pagecorrect.monsido.com https://*.ttwstatic.com/ https://sortere.no; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-G9Xe8TLyttRGnLmprLQ9vg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.rksk.dk 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-8971eaa300bd3409e957327240d92139'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b4a2c9f447e2a9d7e1339c2e69e76747'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 1
block-all-mixed-content; frame-ancestors *.andaraki.com.br 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri /d2l/csp/report 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' blob: https: 1
default-src 'self'; frame-ancestors *; connect-src 'self' https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/npm/mathjax@3/; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/@mdi/font@5.x/ https://cdn.jsdelivr.net/npm/mathjax@3/; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/npm/mathjax@3/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/@mdi/font@5.x/ 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com *.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz bat.bing.com cdnjs.cloudflare.com *.pinterest.com *.maxcdn.com *.heureka.cz www.google.com www.google.cz *.gstatic.com *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com www.facebook.com *.privacysandbox.googleadservices.com www.googleadservices.com *.g.doubleclick.net *.googleapis.com *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.heureka.sk *.clarity.ms *.daktela.com *.criteo.com bat.bing.com *.pinimg.com *.google.com *.luigisbox.com  *.cloudflare.com *.gopay.com *.favicdn.net *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.targito.expedo.ro *.targito.com *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleapis.com pixel.biano.ro bianopixel.com c.imedia.cz *.smartlook.com *.smartlook.cloud *.cloudflare.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.luigisbox.com *.analytics.google.com *.daktela.com *.clarity.ms *.pinterest.com *.google-analytics.com www.facebook.com p.biano.ro *.partner-events.favi.ro *.bianopixel.com *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo.ro *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.targito.com *.pinterest.com *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.sk *.foxentry.cz *.foxentry.com *.bubbleapps.io; worker-src blob: *.foxentry.cz *.foxentry.com 1
default-src 'none'; block-all-mixed-content; child-src 'self' ps.kuralink.se sts.kuralink.se atlas.microsoft.com kuralink.se; worker-src blob: kuralink.se; connect-src 'self' ps.kuralink.se sts.kuralink.se translate.googleapis.com wss://bokadoktorn-test.net wss://kuralink.se atlas.microsoft.com maps.googleapis.com; font-src 'self' data: fonts.gstatic.com atlas.microsoft.com; frame-ancestors 'self' webdoc.atlan.se vgs2.lfnet.se vgs2.lansforsakringar.se sts.kuralink.se; frame-src 'self' ps.kuralink.se sts.kuralink.se; img-src 'self' www.gstatic.com blob: data: csi.gstatic.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com maps.google.com maps.googleapis.com atlas.microsoft.com sts.kuralink.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com atlas.microsoft.com sts.kuralink.se; style-src 'self' 'unsafe-inline' fonts.googleapis.com atlas.microsoft.com; style-src-elem 'self' 'unsafe-inline' translate.googleapis.com fonts.googleapis.com atlas.microsoft.com; form-action 'self' sts.kuralink.se; base-uri 'self'; navigate-to 'self'; report-uri /api/v1/monitor/cspreport; object-src 'self'; 1
default-src 'none'; script-src 'self' 'nonce-a745OjL45c' https://matomo.3douest.com; connect-src 'self' https://api-utils.3douest.com https://matomo.3douest.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; img-src 'self' data: https://matomo.3douest.com; frame-src https://matomo.3douest.com https://map.3douest.com https://www.youtube.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://tr.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://tr.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn https://*.lookfantastic.ro; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://*.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors self https://dashboard.loon.nl/ http://dashboard.loon.nl/ 1
default-src 'none'; style-src 'self';img-src 'self' ;script-src 'self' 1
base-uri 'self'; child-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; frame-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; connect-src 'self' https://www.google-analytics.com/g/ https://oppwa.com/ https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://lusiadas-staging.agentifai.com/ wss://lusiadas-staging.agentifai.com/ https://exames.maislusiadas.pt/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://region1.google-analytics.com/g/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.google-analytics.com/g/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; default-src 'self' data: gap: https://googletagmanager.com/gtag/js https://maislusiadas.pt https://maps.googleapis.com/maps/api/js https://maislusiadas.pt/favicon.ico https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://storage.googleapis.com/ https://fonts.gstatic.com/ https://exames.maislusiadas.pt/; img-src 'self' data: https://maps.gstatic.com https://maislusiadas.pt/Portal https://oppwa.com/ https://www.facebook.com https://*.googleapis.com https://*.ggpht https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.lusiadas.pt/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD> blob:; script-src 'self' data: https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://signin.apple.com https://appleid.cdn-apple.com https://maps.googleapis.com https://oppwa.com/ https://onlinepayments.pt/ https://connect.facebook.net https://maps.gstatic.com https://www.googletagmanager.com/ https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://exames.maislusiadas.pt/ https://www.googleadservices.com/ https://ads.google.com/ https://www.google-analytics.com/ https://*.googletagmanager.com https://*.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https://oppwa.com/ https://www.google.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://fonts.googleapis.com/ https://exames.maislusiadas.pt/ 'unsafe-inline'; frame-ancestors 'self' data: gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=9vxe0cjXJO4H6sivNIENI3N3nVx%2F78nfd01XTPuFTglgPUiNW5Shptpv4rXIj44MS68mlTGUFUGAZCyj5qgYrg%3D%3D; frame-src 'self' gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https: data: https://www.facebook.com; img-src 'self' data: https:; 1
default-src blob: https: wss: 'unsafe-eval' 'unsafe-inline' 'self'; style-src https: 'unsafe-inline'; frame-src https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.google.com https://*.doubleclick.net 'self'; object-src 'none'; font-src https: data:; img-src https: data:; 1
frame-ancestors veronepiece.xyz 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.googletagmanager.com *.doubleclick.net https://stats.g.doubleclick.net stats.g.doubleclick.net https://consent.cookiebot.eu/uc.js https://consent.cookiebot.com/9d99c50a-3ebd-41d6-a79d-257703f242e7/cc.js https://consent.cookiebot.eu https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://schedule.acibademcityclinic.bg http://maps.googleapis.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://schedule.acibademcityclinic.bg 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://img.youtube.com https://www.google.bg https://www.google.com https://schedule.acibademcityclinic.bg http://maps.googleapis.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://schedule.acibademcityclinic.bg; frame-src https://consentcdn.cookiebot.eu https://www.youtube.com https://www.facebook.com/ https://td.doubleclick.net 'self' web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://schedule.acibademcityclinic.bg http://maps.googleapis.com https://region1.analytics.google.com https://adservice.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://consentcdn.cookiebot.com/ www.google.com https://consentcdn.cookiebot.eu https://www.vbox7.com http://maps.googleapis.com 'self' web-chat.nativechat.com 1
frame-src 'self' https://www.google.com/recaptcha/  https://recaptcha.google.com/recaptcha/ 1
default-src 'self'; img-src 'self' data: blob: https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ads.trafficjunky.net https://*.b-cdn.net https://*.hotjar.com https://www.majtkomat.pl https://www.google.pl https://geowidget.easypack24.net  https://static.easypack24.net https://*.openstreetmap.org https://osm.inpost.pl; media-src 'self' https://*.b-cdn.net ; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://geowidget.easypack24.net; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://geowidget.easypack24.net; script-src 'self' 'nonce-af8db22353e858f50c6a7dad1b0dbc74' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://geowidget.easypack24.net; connect-src 'self' wss://www.majtkomat.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://logs-01.loggly.com https://api.cognitive.microsofttranslator.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://video.bunnycdn.com/tusupload https://video.bunnycdn.com/tusupload/ https://api-pl-points.easypack24.net https://osm.inpost.pl; frame-src 'self' https://www.google.com https://recaptcha.google.com/recaptcha/ https://*.hotjar.com ; report-uri https://sentry.dracihnizdo.cz/api/5/security/?sentry_key=0680a0639a61480ea3b1dd8431b12a1e 1
frame-ancestors https://*.supermaxi.com 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.doubleclick.net *.fls.doubleclick.net googleads.g.doubleclick.net *.whirlpool.com.hk *.gstatic.com *.google.com connect.facebook.net fonts.googleapis.com www.google-analytics.com www.googleadmanager.com www.googleadservices.com www.googletagmanager.com www.google.com.hk www.facebook.com www.youtube.com ; 1
frame-ancestors 'self'; frame-src bij12.nl *.bij12.nl *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.youtube-nocookie.com *.wolvesmap.zoogdiervereniging.nl *.localfocuswidgets.net *.omny.fm omny.fm wolvesmap.zoogdiervereniging.nl localfocuswidgets.net *.topdesk.net *.arcgis.com 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * blob: api.mapbox.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' cdn-api-weglot.com transfertdtf.com google.com *.freshmarketer.eu *.freshchat.com *.freshmarketer.com https://universe-static.elfsightcdn.com/ https://www.facebook.com/ https://dash.elfsight.com https://core.service.elfsight.com *.google-analytics.com https://www.instagram.com https://maps.googleapis.com https://www.youtube-nocookie.com/ https://www.canva.com *.pledg.co *.amazonaws.com https://docs.google.com/ https://audio.buzzsprout.com/ https://episodes.buzzsprout.com/ https://www.buzzsprout.com/ https://eapps-cs.herokuapp.com/https://feeds.buzzsprout.com/ https://eapps-cs.herokuapp.com/ https://feeds.buzzsprout.com/  https://web.facebook.com/ https://data.elfsight.com https://files.elfsight.com/ https://files.elfsightcdn.com/ https://static.cloudflareinsights.com/ https://elfsightmail.com https://www.google.com/ https://en.creadhesif.com https://cdn-api.weglot.com https://cdn.weglot.com/ https://stats.g.doubleclick.net/ https://static.elfsight.com https://bo.creadhesif.com https://www.creadhesif.com https://cdn.creadhesif.com https://apps.elfsight.com https://www.youtube.com https://www.google-analytics.com/ https://www.google.com/maps/ https://www.facebook.com https://staticxx.facebook.com https://eu1-search.doofinder.com https://apis.google.com https://accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' transfertdtf.com *.scalapay.com *.freshchat.com https://www.instagram.com https://universe-static.elfsightcdn.com/ *.fw-cdn.com *.hotjar.com https://maps.googleapis.com https://www.datadoghq-browser-agent.com *.buzzsprout.com https://www.buzzsprout.com canva.com *.pledg.co *.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn-api.weglot.com https://cdn.weglot.com/ https://static.cloudflareinsights.com https://cdn.creadhesif.com https://api.payplug.com/ https://static.elfsight.com https://secure.payplug.com https://payplug.com https://s.ytimg.com https://www.googletagmanager.com https://www.creadhesif.com https://apps.elfsight.com https://storage.elfsight.com https://ajax.cloudflare.com https://www.google.com https://www.youtube.com https://www.googlesapis.com https://connect.facebook.net https://www.google-analytics.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://www.googleapis.com https://apis.google.com https://www.googletagmanager.com; img-src 'self' data: transfertdtf.com *.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com canva.com https://assets.fintecture.com/ https://files.elfsight.com/ https://files.elfsightcdn.com/ https://cdn.creadhesif.com https://u2v7p3j7.stackpathcdn.com https://ssl.gstatic.com https://yt3.ggpht.com https://i.ytimg.com https://www.google.com https://www.google.fr https://www.sawgrassink.com https://www.ankersmit.fr https://www.secabo.com https://cdn.weglot.com/ https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.freshchat.com canva.com https://stackpath.bootstrapcdn.com https://cdn.creadhesif.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.weglot.com/; font-src 'self' canva.com https://cdn.creadhesif.com https://fonts.gstatic.com; object-src 'self' data: canva.com https://cdn.creadhesif.com https://bo.creadhesif.com; 1
block-all-mixed-content; frame-ancestors *.drivepneus.com.br 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' blob:; 1
block-all-mixed-content; frame-ancestors *.loja99oculos.com.br 1
default-src 'self' wss://www.viamedsalud.com:7891 https://stats.g.doubleclick.net https://maps.googleapis.com https://pabloalava.com https://identitytoolkit.googleapis.com https://aseintebi.com/ https://region1.google-analytics.com https://espaciosalud.viamedsalud.com https://www.facebook.com https://app.tuotempo.com https://www.google.es https://www.googleadservices.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://developers.google.com https://region1.analytics.google.com https://cdnjs.cloudflare.com https://espaciosalud.viamedsalud.com https://app.tuotempo.com https://googleads.g.doubleclick.net https://www.google.com https://code.jquery.com https://ajax.googleapis.com https://www.gstatic.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: https://developers.google.com https://pabloalava.com https://aseintebi.com https://www.viamedmontecanal.com https://www.googletagmanager.com https://espaciosalud.viamedsalud.com https://www.viamedsalud.com https://www.viamedsantaangeladelacruz.com https://gestorvia.coonic.com https://www.viamedbahiadecadiz.com https://www.viamedmonegal.com https://www.viamednovo.com https://www.viamedlosmanzanos.com https://img.youtube.com https://www.google.com https://www.google.es https://www.facebook.com https://secure.gravatar.com https://img.mailinblue.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://espaciosalud.viamedsalud.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.zendesk.com https://sibforms.com/forms/end-form/build/sib-styles.css; font-src 'self' https://maxcdn.bootstrapcdn.com https://www.viamedlosmanzanos.com https://www.viamedvirgendelapaloma.com https://espaciosalud.viamedsalud.com https://www.viamedbahiadecadiz.com https://cdnjs.cloudflare.com https://assets.sendinblue.com https://themes.googleusercontent.com https://www.googletagmanager.com https://fonts.gstatic.com data:; frame-src https://roundme.com https://maps.google.com https://www.viamedsalud.com https://viamedsalud.viamedvirgendelapaloma.com https://www.viamedsantaelena.com https://espaciosalud.viamedsalud.com  https://app.tuotempo.com https://youtu.be https://www.youtube-nocookie.com https://roundme.com https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://live.tourdash.com https://www.youtube.com https://static.addtoany.com https://my.matterport.com; object-src 'none' 1
default-src https: 'self' 'unsafe-inline'; img-src data: 'self' https://*.cloudinary.com w3.org/svg/2000 1
default-src 'self' * data: blob: https: *.finmagazin.de finmagazin.de ; script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com *.peacebanana.com *.tctm.co *.ostrichesica.com *.joshuarms.com *.cloudflareinsights.com *.cheqzone.com *.zenimpact.io *.awin1.com *.awinhosting.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org *.thefinancials.com blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: finmagazin.de *.finmagazin.de *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
upgrade-insecure-requests; object-src 'none'; form-action 'self' *.nexi.it; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com code.jquery.com libs.personalwerk.de binder.homepagerecruiter.de maps.googleapis.com https://*.cookiebot.com https://*.crazyegg.com www.facebook.com connect.facebook.net https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://static.hotjar.com https://script.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://binder.homepagerecruiter.de https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com; style-src-elem 'self' 'unsafe-inline' binder.homepagerecruiter.de fonts.googleapis.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hubspot.com https://*.hubapi.com https://*.googleapis.com *.google.com https://google.com https://*.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.g.doubleclick.net https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.crazyegg.com https://js.hs-banner.com https://*.hscollectedforms.net https://*.hotjar.io *.hotjar.com wss://wsp12.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.googlesyndication.com data: blob:; font-src 'self' data: fonts.googleapis.com https://fonts.gstatic.com apis.google.com binder.homepagerecruiter.de; frame-src 'self' https://*.hubspot.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com binder.homepagerecruiter.de *.google.com https://*.cookiebot.com www.facebook.com https://consentcdn.cookiebot.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://*.doubleclick.net; img-src 'self' data: https://*.hsforms.com https://*.hubspot.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.youtube.com https://*.ytimg.com binder.homepagerecruiter.de *.googleusercontent.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.ggpht.com *.googletagmanager.com https://www.binder-world.com https://www.binder-world.cn https://stage.binder-world.cn https://stage.binder-world.com https://*.facebook.com *.crazyegg.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.googleadservices.com https://*.cookiebot.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; manifest-src 'self'; media-src 'self' https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com; worker-src blob:; child-src blob:; report-to https://sentry.711media.de/api/15/security/?sentry_key=dc79941bfda884d4ccbd02d347b626ce; report-uri https://sentry.711media.de/api/15/security/?sentry_key=dc79941bfda884d4ccbd02d347b626ce; 1
frame-src 'self' https://www.google.com;default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' 'unsafe-inline' https: data:;frame-ancestors 'self'; 1
base-uri 'none';frame-ancestors 'self'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sansec.io www.chatbase.co assets.mailerlite.com *.mouseflow.com *.chargebee.com; frame-src 'self' *.chargebee.com www.chatbase.co; object-src 'self'; report-uri https://api.sansec.io/v1/csp-report; 1
default-src 'self';             connect-src 'self' https://*.goedekers.com https://cdn.3cx.com https://*.criteo.com https://1stop.ny.3cx.us:5001 https://*.google-analytics.com https://app.omnisend.com https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://*.paypal.com https://www.gstatic.com https://*.braintree-api.com https://*.braintreegateway.com https://*.pinterest.com https://*.ekomi.com https://*.getbread.com wss://*.bitrix24.com wss://*.iesnare.com https://*.doubleclick.net https://edeskpower.com https://*.equalweb.com https://staff.eshopperpro.com https://*.cnnx.link https://*.bing.com https://*.narrativ.com https://*.bam-x.com https://www.bizrate.com https://*.connexity.net wss://input.noibu.com https://input.noibu.com wss://*.gorgias.chat https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://perfx.eshopperpro.com/ https://*.attn.* https://*.attentivemobile.com;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.3cx.com https://1stop.ny.3cx.us:5001 https://unpkg.com https://staff.eshopperpro.com https://*.goedekers.com https://app.omnisend.com https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://www.googletagmanager.com https://*.google-analytics.com https://ajax.googleapis.com/ https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://www.gstatic.com https://*.comenity.net https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com http://*.facebook.net https://*.pinimg.com https://*.iesnare.com https://*.shopperapproved.com https://*.ekomi.com https://*.criteo.net https://*.criteo.com https://*.bitrix24.com https://*.getbread.com https://*.bazaarvoice.com https://*.bing.com https://*.app-us1.com https://trackcmp.net https://*.xg4ken.com https://*.pinterest.com https://*.houzz.com https://edeskpower.com https://*.equalweb.com https://*.cj.com https://s3.amazonaws.com/idme/ https://checkoutuat.alldata.net https://*.veteransadvantage.com https://*.stripe.com https://*.stripe.network https://*.cnnx.link https://*.bing.com https://*.narrativ.com https://cdn.noibu.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com  https://*.attn.* https://*.attentivemobile.com;             style-src 'self' 'unsafe-inline' https://*.goedekers.com https://www.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.comenity.net https://*.bazaarvoice.com  https://edeskpower.com https://s3.amazonaws.com/idme/ https://checkoutuat.alldata.net https://*.stripe.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com;             img-src 'self' blob: data: https://goedekers.com https://*.goedekers.com https://*.cloudinary.com https://*.appliancesconnection.com https://www.googletagmanager.com https://app.omnisend.com https://omnisrc.com https://omnisnippet1.com https://*.soundestlink.com https://*.google-analytics.com https://www.google.com http://*.youtube.com https://*.doubleclick.net https://*.paypal.com https://*.facebook.com https://*.pinterest.com https://*.emjcd.com https://*.yahoo.com https://*.shopperapproved.com https://*.bazaarvoice.com https://*.bing.com https://*.xg4ken.com https://i.pinimg.com https://*.equalweb.com https://s3.amazonaws.com/idme/  https://*.criteo.com https://*.stripe.network https://*.bam-x.com https://www.bizrate.com https://*.connexity.net https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://*.paypalobjects.com;             frame-src 'self' https://*.google.com https://*.pinterest.com https://*.houzz.com *.doubleclick.net https://*.paypal.com https://*.comenity.net https://comenity.net http://*.youtube.com https://*.facebook.com https://*.getbread.com https://*.criteo.com https://*.criteo.net https://*.ekomi.com https://*.cj.com https://checkoutuat.alldata.net https://*.veteransadvantage.com https://*.bam-x.com https://*.stripe.com https://*.gorgias.chat https://*.gorgias.io https://*.jst.ai https://*.wisepops.com https://perfx.eshopperpro.com/;             font-src data: https://fonts.gstatic.com https://*.goedekers.com https://*.gorgias.chat https://*.gorgias.io https://*.wisepops.com;             media-src 'self' data: https://1stop.ny.3cx.us:5001 https://*.iesnare.com https://staff.eshopperpro.com/ https://*.stripe.network https://*.gorgias.chat https://*.gorgias.io https://*.wisepops.com;             frame-ancestors 'self' https://staff.eshopperpro.com/; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://kazv.moe wss://kazv.moe https://img.kazv.moe https://img.kazv.moe;media-src 'self' https://img.kazv.moe https://img.kazv.moe;img-src 'self' data: blob: https://img.kazv.moe https://img.kazv.moe;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://pythondevs.social wss://pythondevs.social; script-src 'self'; upgrade-insecure-requests; 1
default-src 'self' *.vicinity.com.au;  script-src 'self' *.vicinity.com.au 'unsafe-eval' 'unsafe-inline' *.storyblok.com *.google.com *.gstatic.com *.weblink.com.au *.googleapis.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com;  child-src *.google.com *.weblink.com.au *.youtube.com;  style-src 'self' *.vicinity.com.au 'unsafe-inline' *.storyblok.com fonts.googleapis.com tagmanager.google.com;  img-src 'self' *.vicinity.com.au data: *.trackjs.com *.storyblok.com *.googleapis.com maps.gstatic.com ssl.gstatic.com www.gstatic.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.au *.g.doubleclick.net;  media-src *.vicinity.com.au *.storyblok.com;  connect-src *;  font-src 'self' fonts.gstatic.com data:;  frame-ancestors 'self' *.storyblok.com; 1
frame-ancestors 'self' https://www.katholische-kirche-steiermark.at https://www.kath-kirche-vorarlberg.at https://betacms.kath-kirche-vorarlberg.at https://www.dibk.at https://www.dsp.at https://www.erzdioezese-wien.at http://www.kirchen.net http://kirchen.net https://cms.kath-kirche-vorarlberg.at https://www.meinefamilie.at http://www.eds.at https://www.eds.at https://eds.at https://www.gottesdienst.at https://www.glaubenleben.at; 1
default-src 'self' https://pod-27.zendesk.com wss://pod-27.zendesk.com/sc/faye https://zendesk-eu.my.sentry.io/ https://www.google.com/ https://carrofacilporto.zendesk.com/ https://carrofacilporto.zendesk.com/embeddable/config https://ekr.zdassets.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ wss:; style-src 'self' https://fonts.googleapis.com/css 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' data: https:; font-src 'self' https://fonts.googleapis.com https: data:; script-src 'unsafe-inline' 'unsafe-eval' data: 'self' https://cdn.rawgit.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://pod-27.zendesk.com https://static.zdassets.com/ https://www.followize.com.br/ https://carrofacilseminovos.com.br/  https://www.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://www.google-analytics.com https://code.jquery.com/; media-src * 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.foochia.com;block-all-mixed-content; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-BeeltsnnVbUniXBkgeCnhg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; connect-src *; frame-ancestors 'self' service.eg.be service-acc.eg.be *.youtube.com *.youtube-nocookie.com; font-src 'self' d3e05cea90z4a3.cloudfront.net fonts.googleapis.com netdna.bootstrapcdn.com use.typekit.net fonts.gstatic.com data:; frame-src 'self' vars.hotjar.com analytics-eu.clickdimensions.com *.youtube.com *.fls.doubleclick.net *.doubleclick.net *.youtube-nocookie.com *.facebook.com *.google.com; img-src 'self' d3e05cea90z4a3.cloudfront.net *.juicer.io dashboard.umbraco.org app.usercentrics.eu *.google-analytics.com *.google.co.uk *.google.com maps.gstatic.com maps.googleapis.com *.facebook.com *.xx.fbcdn.net i.ytimg.com img.youtube.com data:; media-src *; object-src *; script-src 'self' d3e05cea90z4a3.cloudfront.net ajax.aspnetcdn.com app.usercentrics.eu maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.facebook.net *.youtube.com cookie-cdn.cookiepro.com secure.adnxs.com *.google.com *.gstatic.com *.elfsight.com *.googleadservices.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src 'self' d3e05cea90z4a3.cloudfront.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://docsapi.tendsign.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.tinymce.com https://www.google.com https://www.gstatic.com https://cdn.wootric.com/wootric-sdk.js https://www.googletagmanager.com https://cdn.amplitude.com https://api.eu.amplitude.com https://t.myvisitors.se;style-src 'self' 'unsafe-inline' https://docsapi.tendsign.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;img-src 'self' https://docsapi.tendsign.com https://docsapireports.tendsign.com data: https://*.triggerbee.com;media-src https://f.hubspotusercontent00.net https://info.mercell.com;frame-src 'self' https://adforms.opic.com https://www.google.com https://online.csign.se https://api.gii.cloud https://ui.csign.se https://www.quicksearch.se https://dm.quicksearch.se https://www.ibinder.com https://docsapi.tendsign.com https://files.opic.com https://w2.brreg.no https://suppliers.opic.com bankid:;font-src 'self' https://docsapi.tendsign.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://docsapi.tendsign.com https://production.wootric.com https://wootric-eligibility.herokuapp.com https://eligibility.wootric.com https://api.eu.amplitude.com https://*.triggerbee.com;report-uri /WebResource.axd?cspReport=true 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com http://code.jquery.com http://connect.facebook.net http://cdnjs.cloudflare.com http://cdn.ckeditor.com http://maxcdn.bootstrapcdn.com http://www.google.com http://www.gstatic.com http://cdn.jsdelivr.net http://stackpath.bootstrapcdn.com 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
default-src https://www.digitania.eu/ https://www.google.com https://www.facebook.com https://connect.facebook.net 'self'; img-src 'unsafe-inline' data: https://*; media-src *; font-src http://* 'self' data:; style-src 'unsafe-inline' 'self' https://*;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https://socialplugin.facebook.net https://www.facebook.com https://sockjs-eu.pusher.com https://graph.microsoft.com wss://ws.pusherapp.com https://js.pusher.com https://sockjs.pusher.com https://pusher.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 1
frame-ancestors 'self' *.facebook.com facebook.com info.feversocial.com info.feversocial.com feversocial.com *.feversocial.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://legalbetby.push4site.com https://push4site.com https://static.cloudflareinsights.com https://*.gr-cdn.com https://*.ytimg.com http://awards.ratingruneta.ru https://cbzxy.com cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; frame-src 'self' https://www.youtube-nocookie.com/  https://*.soundcloud.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.getresponse.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://legalbetby.push4site.com https://push4site.com https://*.getresponse.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/ 1
default-src 'self'; img-src * data: blob: 'unsafe-inline'; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com blob:; style-src 'unsafe-inline' 'self' fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src * data: blob: 'unsafe-inline'; frame-src 'self' www.google.com www.gfaw-thueringen.de https://old.gfaw-thueringen.eu https://hcaptcha.com https://*.hcaptcha.com https://*.aufbaubank.de; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.aufbaubank.de; frame-ancestors 'self' https://*.aufbaubank.de; 1
frame-ancestors 'self' http://www.philips.co.th *.philips.com *.philips.co.th https://philipsigtdpv.com 1
font-src 'self' data: maxcdn.bootstrapcdn.com fonts.gstatic.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.googleapis.com *.google.com assets.pinterest.com services.listrak.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.webtraxs.com/webtraxs.php www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com assets.pinterest.com sca1.listrakbi.com google.co.in www.google.co.in s1.listrakbi.com https://*.hotjar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.webtraxs.com/wt.php https://cdn.listrakbi.com/scripts/  https://s1.listrakbi.com/  https://at1.listrakbi.com/  https://services.listrak.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.googleapis.com assets.pinterest.com js-agent.newrelic.com bam.nr-data.net https://static.hotjar.com https://script.hotjar.com https://*.hotjar.com 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com  https://cdn.listrakbi.com/ maxcdn.bootstrapcdn.com unsafe-inline fonts.googleapis.com https://*.hotjar.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com bam.nr-data.net https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com content.hotjar.io https://*.hotjar.com https://*.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-daaeaf735d03bc3317664a28d31926f0'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' data: 'unsafe-inline' https://*; img-src https://* 'self' data:; font-src 'self' data: https://* 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.prceasyview.com blob:; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.googleapis.com; img-src 'self' *.googletagmanager.com online.swagger.io *.google-analytics.com stats.g.doubleclick.net *.prceasyview.com data:; media-src 'self' *.prceasyview.com; font-src 'self' maxcdn.bootstrapcdn.com data: *.gstatic.com; connect-src 'self' *.google-analytics.com; child-src 'self' player.vimeo.com *.gstatic.com *.google.com *.prceasyview.com blob:; 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-rE+6tqpvWbJWoboCao5j6r8exUzRRloLhc85jHqDaVk=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://fonts.googleapis.com/ https://stats.g.doubleclick.net/ https://www.google.com/recaptcha/ https://cdn.linkedin.oribi.io/ https://gw.linkedin.oribi.io https://sjs.bizographics.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ https://yoast.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com/ https://*.googletagmanager.com/ https://ajax.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.gstatic.com/recaptcha/ https://secure.leadforensics.com/ https://snap.licdn.com/ https://tags.clickagy.com/ https://ws.zoominfo.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ ; img-src 'self' data: https://makonetworks.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://*.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://gw.linkedin.oribi.io https://p.adsymptotic.com/ https://www.linkedin.com/px/ https://secure.gravatar.com/ https://aorta.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ https://wpengine.com/ https://my.wpengine.com/ https://dify.wpengine.com/ ; font-src 'self' data: https://fonts.gstatic.com/ ; frame-src 'self' https://bid.g.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://hemsync.clickagy.com/ https://*.hubspot.net/ https://*.hubspot.com/ https://*.hubspotusercontent00.net/ https://*.hubspotusercontent01.net/ https://*.hubspotusercontent02.net/ https://*.hubspotusercontent03.net/ https://*.hubspotusercontent04.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hs-banner.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hsappstatic.net/ https://*.hubspotfeedback.com/ https://*.hubapi.com/ https://*.usemessages.com/ https://*.vidyard.com/ ; 1
object-src 'none';script-src 'self' 'nonce-60cfb7e9882c45b7b77ef4bba0fd29cb' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://tagmanager.google.com https://www.googletagmanager.com https://www.googlemap.com.om https://google.com https://www.google-analytics.com https://apps.elfsight.com https://static.elfsight.com https://maps.googleapis.com https://static.ads-twitter.com https://snap.licdn.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net ;style-src 'self' 'unsafe-inline' https://unpkg.com https://fonts.googleapis.com https://offerswidget.visa.com;img-src 'self' data:  https://pbs.twimg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://offerswidget.visa.com https://www.visa.com;frame-src 'self' https://track.valueleadme.com https://www.youtube.com https://www.ustream.tv https://www.facebook.com https://player.vimeo.com https://www.google.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://track.valueleadme.com  https://www.googletagmanager.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-bc0fe87ed3512eed499f11bbc50a13d4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com *.cloudflare.com *.wp.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com widgets.wp.com data:; img-src 'self' data: maps.googleapis.com secure.gravatar.com *.w.org widgets.wp.com www.google-analytics.com get.anydesk.com pixel.wp.com stats.wp.com; connect-src 'self'  widgets.wp.com www.google-analytics.com; font-src 'self' data: *.wp.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; child-src 'self'; object-src 'none'; frame-src 'self' *.cloudflare.com; frame-ancestors 'self'; block-all-mixed-content; 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com www.youtube.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; media-src www.youtube-nocookie.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: data: filesystem:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; connect-src http: https: wss://*.jivosite.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.youtube.com https://player.vimeo.com https://snap.licdn.com https://cdn.cookielaw.org https://bat.bing.com https://connect.facebook.net https://static.axept.io https://t.novius.net https://cdn.novius.net; object-src 'self'; worker-src blob: 1
base-uri 'self'; default-src 'self' omni.eckoh.uk bat.bing.com dn.mediahawk.co.uk; script-src 'self' gstatic.com google.com google.co.uk www.google.co.uk google.recaptcha.net/* www.google.com/recaptcha/api.js cookiehub.net/c2/25caf4d9.js 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha/ snap.licdn.com www.dynamicnumbers.mediahawk.co.uk dynamicnumbers.mediahawk.co.uk dn.mediahawk.co.uk unpkg.com/web-vitals bat.bing.com j.6sc.co omni.eckoh.uk pi.pardot.com js.zi-scripts.com px.ads.linkedin.com ipv6.6sc.co www2.eckoh.com www.youtube.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.css omni.eckoh.uk; img-src 'self' data: www.gstatic.com b.6sc.co bat.bing.com www.google.co.uk google.co.uk www.google.com google.com px.ads.linkedin.com i.ytimg.com www.googletagmanager.com googletagmanager.com omni.eckoh.uk www.adservice.google.com adservice.google.com stats.g.doubleclick.net www.linkedin.com linkedin.com; connect-src 'self' google-analytics.com file: ipv6.6sc.co dn.mediahawk.co.uk px.ads.linkedin.com bat.bing.com omni.eckoh.uk region1.analytics.google.com c.6sc.co js.zi-scripts.com ws.zoominfo.com www.youtube.com play.google.com doubleclick.net www.google.co.uk google.co.uk www.google.com google.com www.googletagmanager.com googletagmanager.com adservice.google.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com omi.eckoh.uk; object-src 'self'; media-src 'self' data:; frame-src www.googletagmanager.com www.youtube.com youtube.com www.google.com omni.eckoh.uk; frame-ancestors 'none'; 1
default-src 'self' www.cdcyun.cn 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; worker-src 'none'; block-all-mixed-content; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-niwMwFOTTJnZKEFBqkPrKkZztZasaUN06bfcJ27wsbH9s9tq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' http://www.philips.rs *.philips.com *.philips.rs https://philipsigtdpv.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.syndication.twimg.com 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-D2EIpHH5uxvTzJYKPqUPDA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-WeSE6uG6Vjc6nJ0qsGxpXQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors glowdating.com www.glowdating.com js.stripe.com stripe.com; 1
default-src https://endocatvic.net.au/endoscopy-categorisation/manifest.json; img-src data: https://endocatvic.net.au/endoscopy-categorisation/favicon.png https://endocatvic.net.au/img/favicon.png; script-src 'self' 'sha256-94+lpfS7HZY3933jtX26082FPDxMFtWitjXv6I066vE='; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css; font-src 'self'; connect-src 'self'; object-src 'self'; media-src 'self'; frame-src 'self'; report-uri /ContentSecurityPolicyReporter 1
default-src 'self' *.clearbanc.com *.clear.co *.netlify.app cdn.jsdelivr.net cdn.plaid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.clearbanc.com *.clear.co *.netlify.app static.ada.support static.cdn.prismic.io analytics.twitter.com apis.google.com bat.bing.com cdn.amplitude.com *.iubenda.com cdn.cookielaw.org cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net edge.fullstory.com googleads.g.doubleclick.net maps.googleapis.com pi.pardot.com rs.fullstory.com script.crazyegg.com script.hotjar.com snap.licdn.com snippet.growsumo.com static.ads-twitter.com static.hotjar.com tpc.googlesyndication.com www.google.com www.googleadservices.com *.google-analytics.com www.googleoptimize.com optimize.google.com www.googletagmanager.com acuityplatform.com amplify.outbrain.com s.yimg.com sp.analytics.yahoo.com tr.outbrain.com g.microsoft.com dx.steelhousemedia.com px.steelhousemedia.com cdn.pdst.fm nexus.ensighten.com ww.steelhousemedia.com *.usabilla.com cdn.jsdelivr.net/npm/faunadb@latest/dist/faunadb-min.js www.redditstatic.com mgu-embed.community.com *.googleapis.com prismic.io netlify-cdp-loader.netlify.app w.usabilla.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.tiktok.com use.typekit.net www.iubenda.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com cdn.levelaccess.net d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net cdn.taboola.com player.vimeo.com calendly.com assets.calendly.com unpkg.com/qrcode@1.5.1/build/qrcode.js; style-src 'self' 'unsafe-inline' *.clearbanc.com *.clear.co hello.myfonts.net *.iubenda.com *.usabilla.com optimize.google.com https://fonts.googleapis.com *.google-analytics.com www.googletagmanager.com fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.clearbanc.com *.clear.co prismic.io cdn.jsdelivr.net static.ada.support static.cdn.prismic.io netlify-cdp-loader.netlify.app *.googleapis.com analytics.twitter.com apis.google.com *.lfeeder.com bat.bing.com cdn.amplitude.com *.iubenda.com cdn.cookielaw.org w.usabilla.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com maps.googleapis.com pi.pardot.com rs.fullstory.com script.crazyegg.com script.hotjar.com snap.licdn.com snippet.growsumo.com static.ads-twitter.com tpc.googlesyndication.com *.tiktok.com use.typekit.net www.iubenda.com www.google.com *.google-analytics.com www.googleadservices.com www.googleoptimize.com optimize.google.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com/js/preview2/21116381650.js www.redditstatic.com sp.analytics.yahoo.com amplify.outbrain.com s.yimg.com tr.outbrain.com g.microsoft.com acuityplatform.com static.hotjar.com nexus.ensighten.com cdn.pdst.fm dx.steelhousemedia.com d.adroll.com d.adroll.mgr.consensu.org ww.steelhousemedia.com px.steelhousemedia.com s.adroll.com cdn.levelaccess.net edge.fullstory.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.usabilla.com cdn.taboola.com cdn.jsdelivr.net/npm/faunadb@latest/dist/faunadb-min.js mgu-embed.community.com secure.quantserve.com acdn.adnxs.com *.clearbitjs.com widget.intercom.io js.intercomcdn.com rules.quantcount.com googletagmanager.com player.vimeo.com assets.calendly.com unpkg.com/qrcode@1.5.1/build/qrcode.js www.clarity.ms; connect-src 'self' *.clearbanc.com *.clear.co api.ipify.org api.ipregistry.co rollout.ada.support clearco.ada.support *.litix.io clearbanccom.cdn.prismic.io *.amazonaws.com apis.google.com api.amplitude.com api.hsforms.com api.hubapi.com api.segment.io cdn.segment.com bat.bing.com *.iubenda.com hits-i.iubenda.com cdn.cookielaw.org production.plaid.com rs.fullstory.com sandbox.plaid.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.io *.hotjar.com www.facebook.com www.google.com o26017.ingest.sentry.io us-central1-adaptive-growth.cloudfunctions.net s.yimg.com api.levelaccess.net grsm.io *.google-analytics.com *.analytics.google.com *.usabilla.com geoip-db.com analytics.tiktok.com browser-http-intake.logs.datadoghq.com dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net db.us.fauna.com storage.googleapis.com api.curator.io mgu-embed-config.community.com geolocation-db.com *.clearbit.com vimeo.com googleads.g.doubleclick.net static.ada.support api-iam.intercom.io n.clarity.ms; img-src 'self' *.clearbanc.com *.clear.co data: *.cloudfront.net images.prismic.io prismic-io.s3.amazonaws.com clearbanccom.cdn.prismic.io clearbanccom-staging.cdn.prismic.io *.lfeeder.com alb.reddit.com bat.bing.com *.iubenda.com cdn.cookielaw.org cx.atdmt.com clearco-user-uploads-prod.s3.eu-central-1.amazonaws.com googleads.g.doubleclick.net *.fls.doubleclick.net maps.gstatic.com media0.giphy.com p.adsymptotic.com px.ads.linkedin.com *.ads.linkedin.com rs.fullstory.com stats.g.doubleclick.net t.co www.facebook.com www.linkedin.com www.gstatic.com *.google-analytics.com *.analytics.google.com www.google.ae www.google.bg www.google.bs www.google.ca www.google.cz www.google.de www.google.es www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.mn www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.se www.google.si www.google.co.cr www.google.co.in www.google.co.id www.google.co.il www.google.co.jp www.google.co.kr www.google.co.kz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.co www.google.com.bd www.google.com.br www.google.com.gh www.google.com.gt www.google.com.ni www.google.com.ng www.google.com.my www.google.com.mx www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua www.google.com.vn www.google.com.yu www.googletagmanager.com www.tailwindapp.com optimize.google.com tr.outbrain.com dpm.demdex.net cm.g.doubleclick.net fei.pro-market.net sync1.intentiq.com sync.1rx.io pixel.rubiconproject.com dsum-sec.casalemedia.com fonts.gstatic.com csi.gstatic.com segments.company-target.com cm2.adform.net uipglob.semasio.net rtb-csync.smartadserver.com usermatch.krxd.net ad.360yield.com bh.contextweb.com load77.exelator.com clearbanc.com clear.co beacon.krxd.net x.dlx.addthis.com sync.admanmedia.com ums.acuityplatform.com cs.choozle.com ce.lijit.com pixel.advertising.com sync.intentiq.com prg.kargo.com s.ad.smaato.net match.adsrvr.org insight.adsrvr.org us-u.openx.net googleads.g.doubleclick.net storage.googleapis.com *.usabilla.com sp.analytics.yahoo.com px.steelhousemedia.com pbs.twimg.com via.placeholder.com i.vimeocdn.com ib.adnxs.com pixel.quantserve.com; object-src 'self' *.clearbanc.com *.clear.co *.iubenda.com clearco-user-uploads-prod.s3.eu-central-1.amazonaws.com; media-src 'self' blob: *.clearbanc.com *.clear.co *.netlify.com *.netlify.app *.iubenda.com player.vimeo.com *.akamaized.net video.twimg.com; frame-src 'self' 'unsafe-inline' *.clearbanc.com *.clear.co clearco.ada.support clearbanccom.prismic.io clearbanccom-staging.prismic.io app.netlify.com accounts.google.com app.hellosign.com bid.g.doubleclick.net *.fls.doubleclick.net clearbanc.com clear.co content-people.googleapis.com cdn.plaid.com *.iubenda.com clearco-user-uploads-prod.s3.eu-central-1.amazonaws.com track.hubspot.com tpc.googlesyndication.com optimize.google.com go.pardot.com vars.hotjar.com s.amazon-adsystem.com insight.adsrvr.org *.usabilla.com www.facebook.com player.vimeo.com open.spotify.com w.soundcloud.com www.youtube.com player.vimeo.com mgu-embed.community.com vimeo.com calendly.com; font-src 'self' *.clearbanc.com *.clear.co data: fonts.gstatic.com storage.googleapis.com use.typekit.net *.usabilla.com *.iubenda.com dhm5hy2vn8l0l.cloudfront.net https://fonts.googleapis.com; frame-ancestors 'self' *.clearbanc.com *.clear.co *.mybigcommerce.com *.myshopify.com *.usabilla.com *.iubenda.com clearco.ada.support; 1
connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; script-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: 'report-sample'; frame-ancestors 'self' https://*.dash.simplyadmire.com https://dash.docker https://localhost:8080 https://www.dijkenwaard.nl https://www.heerhugowaard.nl; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com data:; report-to csp; child-src 'self' blob:; default-src 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
upgrade-insecure-requests; default-src 'self' https://*.unigranrio.edu.br/ https://vlibras.gov.br https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://apppravaler.apprbs.com.br/ https://tracking.apprubeus.com.br/ https://www.googletagmanager.com/ https://*.pages.ubembed.com/ https://*.events.ubembed.com/ https://analytics.tiktok.com/ https://landing-vest-unigranrio-api.azurewebsites.net https://use.typekit.net https://capture-api.reachlocalservices.com/ https://liqadprdct-capture-prod-east.gannettdigital.com/ https://static.criteo.net/ https://content.hotjar.io/ wss://ws.hotjar.com/ https://forms.hscollectedforms.net https://fonts.cdnfonts.com https://www.youtube-nocookie.com https://e0ab23c6-afc9-4141-9a0b-fb2fa3d8b121.rlets.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://kit.fontawesome.com https://*.googleapis.com https://*.elfsight.com/ https://gov.br/ https://js.hsforms.net/ https://*.pdcsaude.com.br https://cdn.cookielaw.org https://*.hubapi.com https://*.fontawesome.com https://*.luckyorange.net https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://*.whatsapp.com https://*.hubspot.com https://portal.iteleport.com.br/ https://www.googleservices.com https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://cdn.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://snap.licdn.com https://www.gstatic.com https://*.youtube.com https://js.hs-banner.com https://*.hubspot.com https://fonts.gstatic.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://*.vlibras.gov.br https://*.onetrust.com https://static.hotjar.com https://*.rdstation.com.br https://*.doubleclick.net https://*.hotjar.com https://*.google.com; script-src 'self' https://assets.ubembed.com/ https://unpkg.com/ https://apppravaler.apprbs.com.br/ https://code.jquery.com/ https://tracking.apprubeus.com.br/ https://*.js.ubembed.com/ https://static.criteo.net https://app.shoptarget.com.br/ https://*.simpli.fi/ https://analytics.tiktok.com/ https://cdn.rlets.com/ https://www.googleadservices.com https://3960387.fs1.hubspotusercontent-na1.net https://*.unigranrio.edu.br https://unigranrio.edu.br/  https://*.pdcsaude.com.br https://*.youtube.com https://*.fontawesome.com https://*.luckyorange.net https://*.whatsapp.com https://*.hubspot.com https://cdn.jsdelivr.net/ https://igorescobar.github.io/ https://js.hsforms.net/  https://releases.jquery.com/ https://*.static.elfsight.com/ https://*.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://snap.licdn.com https://www.gstatic.com https://*.googleapis.com https://cdn.cookielaw.org https://*.hubapi.com https://*.hubspot.com https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.rdstation.com.br https://3603d.com.br https://google.com.br https://google.com https://rdstation.com.br https://popups.rdstation.com.br https://track.hubspot.com https://api.hubspot.com https://stats.g.doubleclick.net https://ajax.cloudflare.com https://js.hsleadflows.net https://js.usemessages.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://vars.hotjar.com https://stats.g.doubleclick.net https://static.elfsight.com/platform/ https://js.hs-scripts.com https://*.cloudfront.net https://*.onetrust.com https://*.cloudflareinsights.com https://connect.facebook.net https://www.google-analytics.com https://*.vlibras.gov.br/ https://vlibras.gov.br https://apps.elfsight.com/p/platform.js https://unigranrio.com.br/ https://www.unigranrio.com.br https://apps.elfsight.com/ https://*.criteo.com  https://www.googletagmanager.com https://static.hotjar.com https://js.hs-scripts.com https://www.youtube-nocookie.com https://*.webformscr.com https://login.sendpulse.com https://static.whatshelp.io blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; style-src https: 'unsafe-inline'; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-m7Sl8wKK2EKJyaKdpFnwzdlfUBAq24E4a8CPNRna+w8=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.casino/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasin0.blog wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasin0.blog wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankcasin0.blog wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-42t1mxKlkVWxUxqNcI7s/Q==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankcasin0.blog wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
img-src * data:; style-src 'self' 'unsafe-inline' *.readspeaker.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com *.readspeaker.com matomo.rexx-systems.com;frame-ancestors 'self' www.service-gmbh-schwarzwald.de; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-Zs4Mzpb7zuQ4oQMKKGG0T0Tuej/2FrtzfpkMkgJALwc=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://js.hsforms.net https://acsbapp.com https://js.hs-scripts.com https://snap.licdn.com https://tag.demandbase.com https://js.zi-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net/ https://www.google.com https://www.gstatic.com/ https://yoast.com https://stats.wp.com https://widgets.wp.com https://s0.wp.com https://js.hubspot.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://s0.wp.com https://widgets.wp.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://id.rlcdn.com https://px.ads.linkedin.com https://forms.hsforms.com https://forms-na1.hsforms.com https://segments.company-target.com https://px4.ads.linkedin.com https://track.hubspot.com https://dify.wpengine.com https://pixel.wp.com https://www.linkedin.com https://en.wordpress.com https://static.hsappstatic.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.acsbapp.com/ https://api.company-target.com https://js.zi-scripts.com https://api.hubapi.com https://forms.hscollectedforms.net https://tag-logger.demandbase.com https://yoast.com https://my.wpengine.com https://ws.zoominfo.com https://exceptions.hubspot.com https://segments.company-target.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' ; frame-src 'self' https://static.addtoany.com https://s.company-target.com https://td.doubleclick.net https://www.google.com https://static.hsappstatic.net https://app.hubspot.com https://widgets.wp.com https://forms.hsforms.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.tevora.com?gdsih-csp-report; 1
script-src 'self' https://*.clarity.ms https://bat.bing.com https://r.bing.com https://js.stripe.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://ajax.aspnetcdn.com/ajax/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://assets.calendly.com/ https://tags.srv.stackadapt.com/ https://tracker.clickguard.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://tags.srv.stackadapt.com/ 'unsafe-inline'; frame-ancestors https://taxfolder.com https://www.taxcycle.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.51.la *.thundersoft.com *.googletagmanager.com *.baidu.com googleads.g.doubleclick.net *.google.com *.thundercomm.com *.googleapis.com *.bcebos.com *.bdstatic.com thundercomm.s3.ap-northeast-1.amazonaws.com *.google-analytics.com *.jsdelivr.net wss:; img-src 'self' data: *;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'none'; frame-src 'self' www.google.com youtube.com www.youtube.com; object-src 'self'; img-src 'self' data: https://www.google-analytics.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; connect-src 'self' data: https://www.google-analytics.com;  frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
font-src https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googletagmanager.com *.iadvize.com data: 'self' 'unsafe-inline'; form-action *.twitter.com *.facebook.net *.facebook.com *.iadvize.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com *.twitter.com *.google.com *.googletagmanager.com *.addthis.com *.googleapis.com *.facebook.net *.facebook.com *.iadvize.com *.pinterest.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.fr *.paypal.com *.twitter.com *.gstatic.com *.facebook.com *.pinterest.net *.pinterest.com *.options.net *.iadvize.com *.sentry.io *.options.es *.options.ch data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://player.vimeo.com https://www.youtube.com *.cloudflare.com *.twitter.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com unpkg.com *.pinterest.net *.pinterest.com *.iadvize.com *.sentry.io *.target2sell.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.googletagmanager.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.facebook.com *.iadvize.com *.sentry.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.cloudflare.com *.twitter.com *.paypal.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com unpkg.com *.facebook.com *.iadvize.com *.sentry.io *.target2sell.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://fr-fr.preprod.v9.options.net/; report-to report-endpoint; 1
report-uri /jss/csp_report.phtml;base-uri 'self';default-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com blob:;script-src 'self' 'nonce-4cec8f99-1d7c-474e-8717-dd1a6c7f279d' 'unsafe-eval' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com;style-src 'self' 'unsafe-inline' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;font-src 'self' data: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;frame-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;connect-src 'self' blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io;img-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io ad.doubleclick.net adservice.google.com media0.giphy.com;media-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com;manifest-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self';form-action 'self';script-src-attr 'none' 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' blob: 'unsafe-eval' 'unsafe-inline' data: https: 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com cdn.jsdelivr.net *.cloudfront.net *.yotpo.com square-fonts-production-f.squarecdn.com www.servermonkey.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com cl.s11.exct.net payflowlink.paypal.com *.yotpo.com www.servermonkey.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.servermonkey.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.twitter.com *.google.com maps.googleapis.com lightwidget.com *.maps.gstatic.com tst.kaptcha.com *.doubleclick.net web.squarecdn.com ssl.kaptcha.com payflowlink.paypal.com *.googleapis.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com connect.squareup.com www.servermonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu maps.googleapis.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.maps.gstatic.com *.quantserve.com *.snapengage.com sync.search.spotxchange.com *.clickagy.com p.adsymptotic.com id.rlcdn.com cs.lkgd.net static.ctctcdn.com forms.hsforms.com forms-na1.hsforms.com track.hubspot.com maps.gstatic.com *.yotpo.com pixel.quantserve.com www.google.com.gh curious.servermonkey.com www.google.ca www.google.co.il www.google.com.co cdn.ivaws.com www.servermonkey.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.kaptcha.com s7.addthis.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://apis.google.com *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu cdn.lightwidget.com *.instagram.com *.cdninstagram.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.maps.gstatic.com tst.kaptcha.com *.quantcount.com *.quantserve.com *.doubleclick.net static.site24x7rum.com ws.zoominfo.com maxcdn.bootstrapcdn.com tags.clickagy.com www.snapengage.com static.ctctcdn.com cdn.callrail.com js.callrail.com track.hubspot.com js.hsforms.net js-na1.hs-scripts.com www.clickcease.com js.ipredictive.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net web.squarecdn.com ssl.kaptcha.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com js.squareup.com nd.squarecdn.com staticw2.yotpo.com www.servermonkey.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.maps.gstatic.com static.ctctcdn.com web.squarecdn.com tagmanager.google.com *.yotpo.com www.servermonkey.com 'self' 'unsafe-inline'; object-src www.servermonkey.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.snapengage.com data www.servermonkey.com 'self' 'unsafe-inline'; manifest-src www.servermonkey.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.kaptcha.com ekr.zdassets.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com facebook.net *.maps.gstatic.com tst.kaptcha.com cdn.linkedin.oribi.io *.clickagy.com ws.zoominfo.com js.callrail.com track.hubspot.com forms.hsforms.com pagead2.googlesyndication.com app.callrail.com api.hubapi.com forms.hscollectedforms.net ssl.kaptcha.com https://www.google-analytics.com *.yotpo.com listgrowth.ctctcdn.com pixel.quantcount.com www.google.ca pci-connect.squareup.com www.snapengage.com www.google.co.il www.servermonkey.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.servermonkey.com http: https: blob: 'self' 'unsafe-inline'; default-src www.servermonkey.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.servermonkey.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
frame-ancestors 'self' https://*.epsens.com https://essentiel.local; report-uri /report-csp-violation 1
default-src 'self'; frame-ancestors 'self';upgrade-insecure-requests; block-all-mixed-content;report-uri https://novax.report-uri.com/r/d/csp/enforce;style-src 'self' 'strict-dynamic' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'nonce-8ADzULdKk+yPElZxj5LaNpKqQ4YndFAubUaScDlZy7NqVVA5jBdYmOMCM94c3Cv25sOb6xwXc0Gqwm44sBzV7pY+ZMhB5bXuHo4cTF5zQ7u9Xef5CiIbP2y/NNOTQG2SBk7uoS5F9EZ/0NFE9n/4rdEeLWPXq03oAjVzUAaHqJI=' 'sha256-m/qjSZiGO0wk2IIhc6WAbUQ8N71vMP5CwCDHeXEtEY0=' 'sha256-OCJ/giKp+wvndGwBkIF0+gXp+FXSnzBe7/y9wWJan3I=';object-src 'none'; frame-src 'self';child-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri 'self';form-action 'self';media-src 'self';worker-src 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com;font-src 'self' data: fonts.gstatic.com use.fontawesome.com;img-src 'self' data: *.amazonaws.com *.facebook.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src 'self' https: 'unsafe-inline' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com;connect-src 'self' canjes.puntospoint.com dev.puntospoint.com api-qa.puntospoint.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com *.facebook.com stats.g.doubleclick.net;frame-src 'self' https: 'unsafe-inline';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sempliceai-api.01s.it https://storage.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com https://sempliceai-resource.01s.it https://resources-test.semplicepa.it https://semplice-test.semplicepa.it; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://sempliceai-api.01s.it https://semplice-test.semplicepa.it ; img-src * 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://resources-test.semplicepa.it data:; connect-src 'self' https://sempliceai-dr-backend.01s.it wss://sempliceai-dr-backend.01s.it https://sempliceai-api.01s.it https://semplice-test.semplicepa.it ; 1
default-src *.cajasan.com https://*.youtube.com https://*.openstreetmap.org https://*.gstatic.com stats.g.doubleclick.net  https://*.googleapis.com cdnjs.cloudflare.com ajax.googleapis.com cdn.jsdelivr.net *.google.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' 'self' data:; script-src *.systemico.net  *.cajasan.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com ajax.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 'self'; frame-src *; img-src * 'self' data:; frame-ancestors 'self' 1
frame-ancestors 'self' https://castrofarmacias.com https://farmaciasegura.es https://www.farmaciasegura.es; 1
frame-ancestors 'self'; report-uri /csp-reports 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.hablemosderelojes.com/logs/ https://www.hablemosderelojes.com/sidekiq/ https://www.hablemosderelojes.com/mini-profiler-resources/ https://www.hablemosderelojes.com/assets/ https://www.hablemosderelojes.com/brotli_asset/ https://www.hablemosderelojes.com/extra-locales/ https://www.hablemosderelojes.com/highlight-js/ https://www.hablemosderelojes.com/javascripts/ https://www.hablemosderelojes.com/plugins/ https://www.hablemosderelojes.com/theme-javascripts/ https://www.hablemosderelojes.com/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://www.hablemosderelojes.com/assets/ https://www.hablemosderelojes.com/brotli_asset/ https://www.hablemosderelojes.com/javascripts/ https://www.hablemosderelojes.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors https://*.icopify.com  http://*.icopify.com https://icopify.co  http://icopify.co 1
default-src 'self' https://cdn.etrias.nl ; connect-src 'self' https://cdn.etrias.nl  https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.nl https://*.google.be https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://api01.shoppingminds.net https://trkr.shoppingminds.net https://script.shoppingminds.com https://squeezely.tech https://ct.beslist.nl; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://script.shoppingminds.com https://api01.shoppingminds.net https://squeezely.tech 'nonce-ZCjcQvOBpnGTLONUloTqhSw8XWpxPxV9'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com; report-uri /_csp/report 1
default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com  https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' data:  https://qa.portalempleados.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src * 1
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; script-src 'unsafe-inline' 'unsafe-eval' https: filesystem:; style-src 'unsafe-inline' 'unsafe-eval' https: data: mediastream: blob: filesystem:; img-src https: data: blob: filesystem:; connect-src https: filesystem:; font-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; media-src https: data: mediastream: blob: filesystem:; child-src https: filesystem:; form-action https: filesystem:; frame-ancestors https: data: mediastream: blob: filesystem:; object-src https: data: blob: filesystem:; frame-src https: data: blob: filesystem:; worker-src https: blob: filesystem:; manifest-src https: filesystem:; navigate-to https:; base-uri https:; upgrade-insecure-requests 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://cdn-ukwest.onetrust.com https://plasmon-it.piwik.pro https://*.teads.tv; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.plasmon.it https://connect.facebook.net https://tr.snapchat.com https://*.plasmon.it; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net 'self' https://cdn-ukwest.onetrust.com 'unsafe-inline' 'unsafe-eval' https://plasmon-it.containers.piwik.pro https://plasmon-it.piwik.pro https://p.teads.tv https://static.criteo.net https://*.criteo.com https://*.lytics.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com/ 'self' https://cdn-ukwest.onetrust.com https://*.lytics.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.countrylife.ie https://*.tirlanfarmlife.com 1
script-src self 'unsafe-inline' https://apis.google.com https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cartaocencosud.com.br/ https://www.google-analytics.com https://code.jquery.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://onetrust.com/ https://privacyportal-br.onetrust.com/request/v1/consentreceipts https://privacyportal-br-cdn.onetrust.com/consent-receipt-scripts/scripts/otconsent-1.0.min.js https://connect.facebook.net/; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: static.oct8ne.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.salesmanagoconversions.com sis.redsys.es www.jabonariumshop.com 'self' 'unsafe-inline'; frame-ancestors www.jabonariumshop.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net www.facebook.com cdn.dnky.co *.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com connect.facebook.net graph.facebook.com business.facebook.com https://extranet.gls-spain.es/ *.trbo.com www.youtube.com 1-vbus-de.ladesk.com collect.trbo.com backoffice.oct8ne.com app.jabonariumshop.com rktapps.reskyt.com app.reskyt.com www.salesmanago.pl www.jabonariumshop.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com www.google.es jabonarium.boost.propelbon.com static.oct8ne.com sw-assets.ekomiapps.de collect.trbo.com cdn.reskyt.com app.reskyt.com static.trbo.com c.clarity.ms sis.redsys.es jabonariumshop.com www.xevitools.com www.jabonariumshop.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.paypal.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com *.avada.io jabonarium.ladesk.com cdn.cookie-script.com static.oct8ne.com static.trbo.com api-v4.trbo.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de cdn.reskyt.com www.jabonariumshop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cdn.reskyt.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; object-src www.jabonariumshop.com 'self' 'unsafe-inline'; media-src *.zopim.com www.jabonariumshop.com 'self' 'unsafe-inline'; manifest-src www.jabonariumshop.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://www.sandbox.paypal.com https://www.paypal.com *.doofinder.com wss://*.doofinder.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com graph.facebook.com business.facebook.com wss://*.hotjar.com *.trbo.com *.jabonariumshop.com frontal-usa.oct8ne.com www.google.es consent.cookie-script.com notifications.api.reskyt.com api.ipify.org app.reskyt.com smart-widget-assets.ekomiapps.de rktstats.reskyt.com google.com backoffice.oct8ne.com www.jabonariumshop.com administrator.oct8ne.com www.google.com 'self' 'unsafe-inline'; child-src www.jabonariumshop.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.jabonariumshop.com *.trbo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.jabonariumshop.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
frame-ancestors 'self'; report-uri https://www.avantenestle.com.br/report-uri/enforce 1
default-src 'self'; block-all-mixed-content; form-action 'self'; base-uri 'none'; object-src 'none'; worker-src 'none'; font-src 'self' use.typekit.net fonts.gstatic.com; img-src 'self' www.facebook.com data: www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' connect.facebook.net www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net; frame-ancestors 'self'; child-src corpreports.bcmea.com; frame-src corpreports.bcmea.com www.youtube.com; connect-src www.facebook.com www.google-analytics.com www.bcmea.com stats.g.doubleclick.net; report-uri https://qgnz1x2w.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' https://at-ut-static.oopocket-dev.com https://at-uat-static.oopocket-dev.com https://static.oopocket.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fast.fonts.net themes.googleusercontent.com *.youtube.com *.google.com *.gstatic.com *.googleapis.com; 1
frame-ancestors https://catalogues.emonnaies.fr https://www.emonnaies.fr; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.forumfeminarum.nl/logs/ https://www.forumfeminarum.nl/sidekiq/ https://www.forumfeminarum.nl/mini-profiler-resources/ https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/extra-locales/ https://www.forumfeminarum.nl/highlight-js/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/ https://www.forumfeminarum.nl/theme-javascripts/ https://www.forumfeminarum.nl/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' *.track.cux.io *.google-analytics.com; font-src 'self' data:; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.googletagmanager.com *.googlesyndication.com *.facebook.com *.facebook.net *.google.pl *.doubleclick.net *.googletagservices.com *.google-analytics.com *.google.com https://www.pzu.pl *.google.at; frame-src 'self' https://forms.pzu.pl *.googlesyndication.com https://www.pzu.pl *.youtube.com *.fls.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.googlesyndication.com *.facebook.com *.googleoptimize.com *.cux.io *.facebook.net *.youtube.com *.doubleclick.net *.googletagservices.com *.google-analytics.com *.google.com *.google.at; object-src 'self' *.doubleclick.net *.googletagservices.com *.facebook.com *.google-analytics.com *.google.com *.google.at; connect-src 'self' *.doubleclick.net *.google-analytics.com *.google.com *.track.cux.io; frame-ancestors 'self' https://www.pzu.pl *.youtube.com *.fls.doubleclick.net https://app.cux.io;  1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-36381983bc7a43e1ad506d69029092a3' https://mijnolvg.nl 'self';img-src 'self' blob: data: https://www.mijnolvg.nl https://www.olvg.nl;style-src https://mijnolvg.nl 'self' 'unsafe-inline';form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com  https://maps.googleapis.com https://ws.sharethis.com https://s3.amazonaws.com/downloads.mailchimp.com https://cdn.ckeditor.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ws.sharethis.com https://cdn-images.mailchimp.com https://www.gstatic.com https://cdn.ckeditor.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://l.sharethis.com https://translate.google.com https://fonts.gstatic.com https://www.google-analytics.com https://ws.sharethis.com https://cdn.ckeditor.com https://www.googletagmanager.com; frame-src 'self' https://ws.sharethis.com; font-src *; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com/g/collect https://maps.googleapis.com https://stats.g.doubleclick.net https://l.sharethis.com https://data.stbuttons.click https://translate.googleapis.com https://www.googletagmanager.com https://region1.google-analytics.com; report-uri /es/report-csp-violation 1
frame-ancestors 'self' http://hipwebsite/  http://nyhip/  http://hip/ 1
default-src 'self' data: blob: ws: https://raket.ph https://api.raket.ph https://raketdotph.s3.ap-southeast-1.amazonaws.com https://h5mary7l8x219fq4p-1.a1.typesense.net https://nc1flia93z0h5jgwp-1.a1.typesense.net https://edge-config.vercel.com https://ipapi.co https://*.wistia.com https://litix.io http://*.wistia.net https://*.facebook.com https://*.cloudfront.net;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.socialproofy.io;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://raket.ph http://*.wistia.net https://beacon-v2.helpscout.net https://www.googletagmanager.com https://*.facebook.net https://app.socialproofy.io;      img-src 'self' data: https://*.facebook.com https://cdnjs.cloudflare.com https://raketdotph.s3.ap-southeast-1.amazonaws.com https://*.wistia.com http://*.wistia.net https://*.cloudfront.net https://app.socialproofy.io;      font-src 'self' data: https://raket.ph https://fonts.gstatic.com;      worker-src 'self' https://*.raket.ph;      connect-src 'self' https://api.raket.ph https://api-dev.raket.ph https://h5mary7l8x219fq4p-1.a1.typesense.net https://nc1flia93z0h5jgwp-1.a1.typesense.net http://*.wistia.net https://*.litix.io https://*.wistia.com http://*.wistia.com https://www.google-analytics.com https://ipapi.co https://*.cloudfront.net https://app.socialproofy.io https://api64.ipify.org https://www.iplocate.io;      media-src 'self' https://raketdotph.s3.ap-southeast-1.amazonaws.com blob;      object-src 'none'; 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-89d340d45b4f046cf7b99c399a8934d9' 'nonce-374012dac172287513f56b9311e5d05e' 'nonce-02fef6cd35659e9af56f097efa23f552' 'nonce-996809bd6b944eada363c5e531fe5732' 'nonce-119bf413386e04ba673c5c48ef31235a' 'nonce-8ce93e55754dd1e29c5358c864e9a1dd' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-89d340d45b4f046cf7b99c399a8934d9' 'nonce-374012dac172287513f56b9311e5d05e' 'nonce-02fef6cd35659e9af56f097efa23f552' 'nonce-996809bd6b944eada363c5e531fe5732' 'nonce-119bf413386e04ba673c5c48ef31235a' 'nonce-8ce93e55754dd1e29c5358c864e9a1dd' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' www.agrica.loc www.groupagrica.com https://www.google-analytics.com/analytics.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js; style-src 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/css/wsc.css http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/themes/all.css stackpath.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/prettify.css https://cdn.rawgit.com/google/code-prettify/master/loader/prettify.css; font-src 'self' use.fontawesome.com https://svc.webspellchecker.net/spellcheck31/ https://svc.webspellchecker.net; img-src 'self' data: https://statics.groupagrica.com http://statics.agrica.loc www.agrica.loc www.groupagrica.com http://svc.webspellchecker.net/spellcheck31/ http://img.youtube.com/vi/HR6TarlgwoQ/0.jpg http://img.youtube.com/vi/85Z6PWfXyho/0.jpg http://img.youtube.com/vi/lmor2ctufwM/0.jpg; frame-src 'self' https://www.youtube.com https://agrica-recette.harvest.fr/ https://agrica.harvest.fr https://app.mailjet.com/ https://www.google.com/ https://tracking.wiztopic.com; script-src-elem 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js www.agrica.loc www.groupagrica.com https://www.google-analytics.com/analytics.js  http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js https://www.googletagmanager.com/debug/bootstrap; 1
default-src 'self' data: *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com  *.maw2wheelers.com *.gstatic.com *.google.com *.youtube.com *.facebook.com *.facebook.net analytics.google.com td.doubleclick.net; object-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.maw2wheelers.com *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google.com.np *.google.com *.google-analytics.com *.maw2wheelers.com *.yamaha.com.np yamaha.com.np *.facebook.com *.storeimaging.com *.youtube.com *.ytimg.com c.clarity.ms c.bing.com; connect-src 'self' *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com https://analytics.google.com https://s.clarity.ms https://pagead2.googlesyndication.com; script-src 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.maw2wheelers.com *.googletagmanager.com *.facebook.net *.cloudflare.com *.googleapis.com *.jsdelivr.net googleads.g.doubleclick.net www.clarity.ms; form-action 'self' *.facebook.com; frame-ancestors 'self' 1
default-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net https://*.facebook.com https://*.redditstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net https://*.facebook.com https://*.redditstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com 'unsafe-eval' https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; connect-src * 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net ws://www.vidaplayer.com wss://www.vidaplayer.com https://*.facebook.com https://*.redditstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; img-src data: 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net https://*.facebook.com https://*.redditstatic.com http://* https://* https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net https://*.facebook.com https://*.redditstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; font-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net http://connect.facebook.net https://connect.facebook.net https://*.facebook.com https://*.redditstatic.com data: https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googleusercontent.com http://*.trustpilot.com https://*.trustpilot.com https://*.zopim.com https://*.zdassets.com https://cdn.jsdelivr.net https://*.youtube-nocookie.com https://*.youtube.com http://*.vidaplayer.com https://*.vidaplayer.com https://*.bitnovo.com https://*.checkout.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com https://*.iesnare.com https://*.paypal.com https://www.paypalobjects.com https://tracking.qa.paypal.com https://pay.skrill.com https://www.google.com https://www.gstatic.com https://d2co3i0v91t8ie.cloudfront.net; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors consultaserialaparelho.com.br 1
default-src 'self' 'unsafe-inline' *.mapbox.com *.clarity.ms analytics.google.com digital.promerica.com.sv *.premium.sv capig.pizzahut.com.sv fonts.gstatic.com www.google-analytics.com stats.g.doubleclick.net cloud.kreabit.com pizzahut.com.sv www.googletagmanager.com www.pizzahut.com.sv blob:; img-src * 'self' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-inline' *.clarity.ms ajax.cloudflare.com analytics.google.com connect.facebook.net dev.visualwebsiteoptimizer.com storage.googleapis.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net blob:; frame-ancestors 'self'; form-action 'self' 1
default-src 'self' www.google-analytics.com *.googleapis.com; script-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googleapis.com 'unsafe-inline';style-src-elem 'self' *.government.bg *.nksoftware.net *.googleapis.com 'unsafe-inline';img-src 'self' *.government.bg *.nksoftware.net *.youtube.com *.googletagmanager.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com data:;font-src 'self' *.government.bg *.googleapis.com *.gstatic.com data:; base-uri 'self'; form-action 'self'; frame-src 'self' sportenkalendar.bg *.google.com *.gstatic.com *.government.bg *.youtube.com rtsp.me e.pcloud.link;manifest-src 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' *.wonderz.at *.wonderz.be *.wonderz.ca *.wonderz.ch *.wonderz.cn *.wonderz.co.uk *.wonderz.com *.wonderz.com.au *.wonderz.de *.wonderz.dk *.wonderz.es *.wonderz.fi *.wonderz.fr *.wonderz.gr *.wonderz.it *.wonderz.lu *.wonderz.pt *.wonderz.ru *.wonderz.se support.wonderz.com 1
default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; frame-ancestors 'none'; img-src * blob: data:; style-src 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; object-src 'self'; 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://td.doubleclick.net/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.folio-lesite.fr/report-uri/enforce 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://a-scend.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://a-scend.zendesk.com wss://*.zopim.com; media-src 'self' https://videos.a-scend2.com; connect-src 'self' data: https://api.novu.a-scend2.com wss://ws.novu.a-scend2.com https://edge.fullstory.com https://rs.fullstory.com https://api.sprig.com https://a-scend.zendesk.com https://stats.g.doubleclick.net https://ekr.zdassets.com https://auth.a-scend2.com https://clientstream.launchdarkly.com https://events.launchdarkly.com https://app.launchdarkly.com https://api.knock.app/v1/messages/batch/read https://api.knock.app/v1/messages/batch/archived https://api.knock.app/v1/messages/batch/unread wss://api.knock.app/ws/v1/websocket https://api.knock.app/v1/users/ https://api.knock.app/v1/channels/ https://cloudflareinsights.com https://sentry.io https://o1095476.ingest.sentry.io https://www.google-analytics.com https://analytics.google.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.a-lign.com https://www.a-lign.com/* https://align1.widget.insent.ai https://*.statuspage.io https://cdn.merge.dev https://auth.a-scend2.com https://www.google.com https://a-scend2.com https://a-scend2.com/onlyoffice https://videos.a-scend2.com ; img-src data: blob: 'self' https://fonts.gstatic.com https://www.googletagmanager.com/ https://images.a-scend2.com https://v2assets.zopim.io https://static.zdassets.com https://d3sbxpiag177w8.cloudfront.net https://www.google-analytics.com; style-src https://www.a-lign.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com/ https://www.gstatic.com/charts/; script-src https://www.a-lign.com 'self' 'unsafe-inline' 'unsafe-eval' https://align1.widget.insent.ai https://edge.fullstory.com https://cdn.sprig.com https://status.a-scend2.com https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify-html.min.js https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.2/theme-idle_fingers.js https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.2/mode-html.js https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.4/beautify.min.js https://cdnjs.cloudflare.com/ajax/libs/ace/1.4.2/ace.js https://pi.pardot.com https://go.a-scend2.com https://static.zdassets.com https://a-scend2.com/onlyoffice/ https://cdn.merge.dev https://www.google-analytics.com https://ssl.google-analytics.com https://sentry.io https://o1095476.ingest.sentry.io https://static.cloudflareinsights.com/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.googletagmanager.com/; worker-src 'self' blob: ; 1
base-uri 'self' *.sitesearch360.com; connect-src 'self' *.google-analytics.com *.webspellchecker.net *.crazyegg.com *.sitesearch360.com *.siteimprove.com; default-src 'self'; frame-src 'self' *.google.com *.googleapis.com *.sitescout.com *.sitesearch360.com *.youtube-nocookie.com *.youtube.com *.vimeo.com; font-src 'self' *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.webspellchecker.net fonts.gstatic.com fonts.googleapis.com; script-src *.hallestill.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com unpkg.com *.basis.net *.webspellchecker.net *.edgepilot.com *.crazyegg.com *.bootstrapcdn.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com apis.google.com *.google.com *.gstatic.com *.googleapis.com *.siteimprove.com *.jquery.com *.jsdelivr.net *.licdn.com *.addthisedge.com *.sitesearch360.com;style-src *.hallestill.com 'unsafe-inline' *.cloudflare.com *.webspellchecker.net *.sitesearch360.com unpkg.com *.typekit.net *.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net; form-action *.hallestill.com; img-src * 'unsafe-inline' *.linkedin.com data:; object-src 'none' 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank-casino.live wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank-casino.live wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frank-casino.live wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-Ldp56mLUt/vK1o/FC/ByYg==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frank-casino.live wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://serve.albacross.com https://www.googletagmanager.com https://consent.cookiebot.com https://connect.facebook.net https://static.hotjar.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' data:; connect-src 'self' http: https:; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com; 1
default-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru ;  script-src 'self' http://www.toys-for-kids.ru https://www.toys-for-kids.ru http://www.igrocity.ru https://www.igrocity.ru http://www.hobby365.ru https://www.hobby365.ru http://www.happygift.ru https://www.happygift.ru  http://mc.yandex.ru https://mc.yandex.ru http://site.yandex.net https://site.yandex.net http://yandex.st https://yandex.st http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://yandex.ru https://yandex.ru http://yastatic.net https://yastatic.net http://api-maps.yandex.ru https://api-maps.yandex.ru http://awaps.yandex.ru https://awaps.yandex.ru http://clck.yandex.ru https://clck.yandex.ru http://sitesearch-suggest.yandex.ru https://sitesearch-suggest.yandex.ru http://sitesuggest.yandex.ru https://sitesuggest.yandex.ru http://top-fwz1.mail.ru https://top-fwz1.mail.ru https://pass.yandex.ru http://www.instagram.com https://www.instagram.com  https://www.google-analytics.com https://apis.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net  https://connect.facebook.net http://connect.facebook.net http://vk.com https://vk.com https://code.jivo.ru  'unsafe-inline' 'unsafe-eval' ;  style-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru http://mc.yandex.ru https://mc.yandex.ru http://site.yandex.net https://site.yandex.net http://yandex.st https://yandex.st http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://yandex.ru https://yandex.ru http://yastatic.net https://yastatic.net http://api-maps.yandex.ru https://api-maps.yandex.ru http://clck.yandex.ru https://clck.yandex.ru http://sitesearch-suggest.yandex.ru https://sitesearch-suggest.yandex.ru http://sitesuggest.yandex.ru https://sitesuggest.yandex.ru https://*.jivo.ru  'unsafe-inline' 'unsafe-eval'  ;  img-src * data: ;  frame-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru http://*.youtube.com https://*.youtube.com http://www.youtube.com https://www.youtube.com *.googlevideo.com http://awaps.yandex.ru https://awaps.yandex.ru chromeinvoke: chromenull: chromeinvokeimmediate: mx://res/reader-mode/reader.html https://mc.yandex.ru http://api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://vk.com https://staticxx.facebook.com http://staticxx.facebook.com https://www.facebook.com https://site.yandex.ru http://www.instagram.com https://www.instagram.com https://player.vimeo.com https://www.google.com https://bid.g.doubleclick.net https://ok.ru  https://rutube.ru https://frontend.vh.yandex.ru ;  object-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru http://*.youtube.com https://*.youtube.com *.znatok.ru http://shkola7gnomov.ru http://video.rutube.ru ;  media-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru http://*.jivosite.com https://*.jivosite.com https://*.jivo.ru ;  connect-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru https://vk.com http://mc.yandex.ru https://mc.yandex.ru http://site.yandex.net https://site.yandex.net http://yandex.st https://yandex.st http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://yandex.ru https://yandex.ru http://yastatic.net https://yastatic.net http://api-maps.yandex.ru https://api-maps.yandex.ru http://awaps.yandex.ru https://awaps.yandex.ru http://clck.yandex.ru https://clck.yandex.ru http://sitesearch-suggest.yandex.ru https://sitesearch-suggest.yandex.ru http://sitesuggest.yandex.ru https://sitesuggest.yandex.ru http://www.youtube.com https://www.youtube.com http://top-fwz1.mail.ru https://top-fwz1.mail.ru https://www.google-analytics.com https://www.facebook.com https://*.jivo.ru wss://*.jivo.ru ;  font-src 'self' *.toys-for-kids.ru *.igrocity.ru *.hobby365.ru *.happygift.ru; 1
frame-ancestors 'none'; frame-src https://www.youtube.com; 1
default-src 'none';  script-src 'self' google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net; style-src 'self' data:  ; img-src 'self' google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net ssl.google-analytics.com data: ;  connect-src 'self';  font-src 'self'; media-src 'self'; object-src 'self' www.youtube.com ;  child-src 'self' ;  frame-ancestors 'self' ; manifest-src 'self' ; form-action 'self' ; worker-src 'self' ; base-uri 'none'; report-uri /csp-parser.php ; 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com https://*.twilio.com wss://*.twilio.com https://*.simpli.fi https://*.mrrooter.ca https://*.gstatic.com https://*.liadm.com https://*.yimg.com https://*.adsrvr.org https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://*.mountain.com https://*.brandcdn.com https://*.validate.audio https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.web-2-tel.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.mrrooter.ca blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.here.com https://*.twilio.com wss://*.twilio.com https://*.hereapi.com https://*.doubleclick.net https://*.mrrooter.ca https://*.bing.com https://*.yimg.com https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://*.googlesyndication.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.mrrooter.ca blob: https://*.cloudfront.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.twilio.com https://*.rlets.com  https://*.mrrooter.ca https://*.doubleclick.net https://*.broadly.com https://*.adsrvr.org blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com static.addtoany.com *.sharethis.com kendo.cdn.telerik.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com cdnjs.cloudflare.com cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cdnjs.cloudflare.com platform-cdn.sharethis.com *.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com cdnjs.cloudflare.com *.sharethis.com *.cipf.ca kendo.cdn.telerik.com www.googletagmanager.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com *.cipf.ca; frame-src 'self' static.addtoany.com *.sharethis.com www.google.com open.spotify.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com *.sharethis.com bcp.crwdcntrl.net; 1
default-src *.nsai.ie *.cloudfront.net https://geolocation.onetrust.com/ https://www.linkedin.com/ wss://wsp5.hotjar.com/ wss://ws34.hotjar.com/ wss://ws.hotjar.com/api/v2/client/ws https://platform.twitter.com/ https://*.hotjar.com https://*.hotjar.io *.cookiepro.com *.sibforms.com sibforms.com *.plyr.io *.cloudflare.com *.googleapis.com *.youtube-nocookie.com *.youtube.com *.google.com *.twimg.com *.typekit.net https://pay.realexpayments.com *.realexpayments.com realexpayments.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.loom.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nsai.ie https://platform.twitter.com https://*.hotjar.com  https://*.hotjar.io *.cookiepro.com *.sibforms.com sibforms.com *.plyr.io *.cloudflare.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.gstatic.com *.loom.com *.jquery.com; style-src 'self' 'unsafe-inline' *.nsai.ie *.cookiepro.com *.sibforms.com sibforms.com *.typekit.net *.plyr.io *.cloudflare.com *.googleapis.com *.youtube-nocookie.com *.google.com *.loom.com 1
default-src 'self' webvoto-cfc-prd.azureedge.net;script-src 'self' webvoto-cfc-prd.azureedge.net 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.gstatic.com *.jivosite.com *.webvoto.com.br *.rybena.com.br *.userway.org www.googletagmanager.com;style-src 'self' webvoto-cfc-prd.azureedge.net 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.jivosite.com *.userway.org;img-src 'self' webvoto-cfc-prd.azureedge.net data: cdn.lacunasoftware.com www.gstatic.com www.google-analytics.com www.google.com www.google.com.br *.jivosite.com *.webvoto.com.br *.rybena.com.br *.userway.org;font-src 'self' webvoto-cfc-prd.azureedge.net fonts.gstatic.com cdn.userway.org;frame-src 'self' webvoto-cfc-prd.azureedge.net data: www.google.com *.rybena.com.br cdn.userway.org;frame-ancestors www.eleicaocrc.org.br eleicaocrc.org.br staging.eleicaocrc.org.br homolog.eleicaocrc.org.br;connect-src 'self' webvoto-cfc-prd.azureedge.net www.google-analytics.com stats.g.doubleclick.net dc.services.visualstudio.com rt.services.visualstudio.com *.jivosite.com wss://*.jivosite.com *.rybena.com.br *.userway.org *.applicationinsights.azure.com analytics.google.com;form-action 'self';media-src cdn.webvoto.com.br *.jivosite.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'  https://www.abuseipdb.com data:; object-src 'none'; media-src 'none'; frame-src 'none'; frame-ancestors 'none'; form-action 'none'; connect-src 'self'; 1
base-uri 'self'; connect-src 'self' *.clickdimensions.com *.azureedge.net *.dynamics.com *.azurewebsites.net *.google-analytics.com *.analytics.google.com *.doubleclick.net api.ipgeolocation.io/ipgeo *.google.com *.google.nl *.linkedin.com; default-src 'self'; font-src 'self' *.gstatic.com; form-action 'self' *.clickdimensions.com *.azureedge.net *.dynamics.com *.azurewebsites.net; frame-ancestors 'self' *.perplex.eu *.hso.com; frame-src 'self' *.perplex.eu *.hso.com *.vimeo.com *.youtube.com *.google.com *.clickdimensions.com *.azureedge.net *.dynamics.com *.soundcloud.com *.azurewebsites.net *.doubleclick.net; img-src 'self' data: *.ytimg.com *.google-analytics.com *.googletagmanager.com *.google.nl *.google.com *.linkedin.com *.lfeeder.com *.doubleclick.net; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.clickdimensions.com *.azureedge.net *.dynamics.com *.soundcloud.com *.azurewebsites.net *.google-analytics.com *.analytics.google.com *.salesfeed.com *.wowanalytics.co.uk *.linkedin.com *.licdn.com *.lfeeder.com cdn.jsdelivr.net/npm/ip-geolocation-api-jquery-sdk@1.1.0/ipgeolocation.min.js *.doubleclick.net *.googleadservices.com *.bing.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.clickdimensions.com *.azureedge.net *.dynamics.com *.azurewebsites.net *.soundcloud.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-KUBiRXltBegnXoblVEVeEA=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://haqueers.com; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' blob: *.westlancs.gov.uk;style-src 'self' *.westlancs.gov.uk fonts.googleapis.com *.google.com *.twitter.com *.twimg.com www.browsealoud.com plus.browsealoud.com 'unsafe-inline';script-src 'self' *.westlancs.gov.uk *.westlancsdc.local www.googleapis.com ajax.googleapis.com maps.googleapis.com *.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io www.browsealoud.com plus.browsealoud.com *.speechstream.net wikisum.texthelp.com *.facebook.net *.facebook.com *.ads-twitter.com *.twitter.com *.ucpages.co.uk *.twimg.com 'unsafe-inline' 'unsafe-eval';img-src 'self' *.westlancs.gov.uk www.googleapis.com maps.googleapis.com *.google.com maps.gstatic.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io *.addthis.com data: *.facebook.com t.co *.twitter.com *.ucpages.co.uk *.twimg.com www.browsealoud.com plus.browsealoud.com browsealoud-webservices-8.texthelp.com browsealoud-webservices-eu.texthelp.com data:;connect-src blob: *.westlancs.gov.uk *.westlancsdc.local www.browsealoud.com plus.browsealoud.com wikisum.texthelp.com wiki-summarizer-eu.texthelp.com simplify-us.texthelp.com browsealoud-webservices-8.texthelp.com browsealoud-webservices-eu.texthelp.com babm.texthelp.com *.speechstream.net *.addthis.com www.google-analytics.com;frame-src 'self' *.westlancs.gov.uk *.google.com *.addthis.com *.westlancsdc.local www.youtube.com *.facebook.com *.facebook.net *.twitter.com *.ucpages.co.uk ucpages.co.uk propertytoolkit.evolutive.co.uk *.vimeo.com content.googleapis.com www.googletagmanager.com/ns.html;font-src 'self' *.westlancs.gov.uk fonts.gstatic.com;media-src 'self' blob: *.speechstream.net; 1
default-src https:;connect-src https: wss://*.hotjar.com/api/v2/client/ws wss://directline.botframework.com;font-src https: data:;frame-src https: twitter:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *.cleverwebserver.com *.xgscore.io *.doubleclick.net *.ipify.org *.google-analytics.com *.googletagmanager.com;font-src 'self' fonts.gstatic.com; 1
frame-ancestors https://welock-official.myshopify.com https://admin.shopify.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-kh+rcIXH1ZdmKrZBCLx4BA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data:; img-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: app.usercentrics.eu www.googletagmanager.com maps.googleapis.com matomo.mecklenburgische.de stage.cookiebox.pro; frame-src app.usercentrics.eu; font-src 'self' data: fonts.gstatic.com; connect-src 'self' api.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu *.google-analytics.com *.analytics.google.com maps.googleapis.com matomo.mecklenburgische.de; img-src 'self' data: app.usercentrics.eu www.googletagmanager.com maps.googleapis.com maps.gstatic.com khms0.googleapis.com khms1.googleapis.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com; base-uri 'self'; form-action 'self'; object-src 'none'; media-src 'self'; frame-ancestors 'none'; 1
default-src 'self' data: https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.cz https://*.gstatic.com https://*.youtube.com https://*.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.facebook.com https://c.imedia.cz https://*.seznam.cz https://snap.licdn.com https://*.linkedin.com https://px.ads.linkedin.com https://*.pinterest.com https://cloud.typography.com https://*.smartlook.com https://*.smartlook.cloud http://*.hotjar.com https://*.hotjar.com https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://*.matterport.com https://*.googlesyndication.com https://*.oribi.io https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-aC9HbI61KyE7xAJOGPQ3SA==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
base-uri https:; default-src https: wss:; font-src https: data:; frame-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://3cd6cabc5eb8a8db5c0a95a9ab1f61c5.report-uri.com/r/d/csp/reportOnly; report-to default 1
frame-ancestors 'self'; upgrade-insecure-requests; img-src 'self' data: https://secure.gravatar.com https://log.pinterest.com https://themainemonitor.sidesea-staging.com https://www.google-analytics.com https://dailyyonder.com https://www.googletagmanager.com http://themainemonitor.org https://ps.w.org https://dify.wpengine.com https://www.themainemonitor.org https://www.census.gov https://public.flourish.studio https://wpengine.com https://files.ctctusercontent.com https://i.creativecommons.org https://assets.msn.com https://cdn.honey.io https://i.ytimg.com https://region1.google-analytics.com https://files.constantcontact.com https://mmonitor.wpengine.com https://www.facebook.com https://pixel.propublica.org https://propublica.jotform.com https://awropeik.files.wordpress.com https://really-simple-ssl.com https://translate.google.com https://fonts.gstatic.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://licensebuttons.net https://counter.theconversation.com https://lh3.googleusercontent.com https://bzw5s16w5761b70rja1vwaws-absy16yrju75is4fuwvj.mentionusercontent.net https://bzw5s16w5761b70rj70yiufau0fj.mentionusercontent.net https://s.w.org https://yoa.st https://claritystatic.blob.core.windows.net https://c.clarity.ms https://c.bing.com https://cdn-lbpkl.nitrocdn.com https://img.youtube.com; default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.datatables.net https://connect.facebook.net https://assets.pinterest.com https://www.google-analytics.com https://www.googletagmanager.com https://yoast.com https://www.gstatic.com https://www.buzzsprout.com https://public.flourish.studio https://static.ctctcdn.com https://e.infogram.com https://cdnjs.cloudflare.com https://datawrapper.dwcdn.net https://assets.msn.com https://platform.twitter.com https://me.kis.v2.scr.kaspersky-labs.com https://www.pagespeed-mod.com https://pixel.propublica.org https://propublica.jotform.com https://gc.kis.v2.scr.kaspersky-labs.com https://translate.google.com https://translate-pa.googleapis.com data: https://assets.documentcloud.org https://translate.googleapis.com https://conoret.com https://www.clarity.ms https://www.google.com https://nitroscripts.com https://cdn-lbpkl.nitrocdn.com blob: 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net https://connect.facebook.net https://assets.pinterest.com https://www.google-analytics.com https://www.googletagmanager.com https://yoast.com https://www.gstatic.com https://www.buzzsprout.com https://public.flourish.studio https://static.ctctcdn.com https://e.infogram.com https://cdnjs.cloudflare.com https://datawrapper.dwcdn.net https://assets.msn.com https://platform.twitter.com https://me.kis.v2.scr.kaspersky-labs.com https://www.pagespeed-mod.com https://pixel.propublica.org https://propublica.jotform.com https://gc.kis.v2.scr.kaspersky-labs.com https://translate.google.com https://translate-pa.googleapis.com data: https://assets.documentcloud.org https://translate.googleapis.com https://conoret.com https://www.clarity.ms https://www.google.com https://nitroscripts.com https://cdn-lbpkl.nitrocdn.com blob:; style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.opoint.no https://use.fontawesome.com https://www.gstatic.com https://ajax.googleapis.com https://static.dwcdn.net https://cdn.honey.io https://datawrapper.dwcdn.net https://projects.propublica.org https://propublica.jotform.com https://gc.kis.v2.scr.kaspersky-labs.com https://fonts.bunny.net data: https://bzw5s16w5761b70rj70yiufau0fk.mentionusercontent.net https://cdn-lbpkl.nitrocdn.com blob: 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.opoint.no https://use.fontawesome.com https://www.gstatic.com https://ajax.googleapis.com https://static.dwcdn.net https://cdn.honey.io https://datawrapper.dwcdn.net https://projects.propublica.org https://propublica.jotform.com https://gc.kis.v2.scr.kaspersky-labs.com https://fonts.bunny.net data: https://bzw5s16w5761b70rj70yiufau0fk.mentionusercontent.net https://cdn-lbpkl.nitrocdn.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://my.yoast.com https://yoast.com https://my.wpengine.com https://campaign.constantcontact.com https://datawrapper.dwcdn.net https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://themainemonitor.sidesea-staging.com https://analytics.google.com https://secure.gravatar.com https://www.facebook.com https://api-js.mixpanel.com https://translate.googleapis.com data: https://y.clarity.ms https://u.clarity.ms https://t.clarity.ms https://v.clarity.ms https://q.clarity.ms https://r.clarity.ms https://w.clarity.ms https://s.clarity.ms https://p.clarity.ms https://x.clarity.ms https://k.clarity.ms https://n.clarity.ms https://z.clarity.ms https://e.clarity.ms https://j.clarity.ms https://o.clarity.ms https://i.clarity.ms https://b.clarity.ms https://h.clarity.ms https://l.clarity.ms https://www.clarity.ms https://f.clarity.ms https://a.clarity.ms https://m.clarity.ms https://g.clarity.ms https://d.clarity.ms https://api.mkmediaworks.com https://to.getnitropack.com https://nitropack.io https://cdn-lbpkl.nitrocdn.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com https://use.fontawesome.com https://static.dwcdn.net https://www.slant.co https://assets.propublica.org https://cdn.jotfor.ms https://fonts.bunny.net https://bzw5s16w5761b70rj70yiufau0fj.mentionusercontent.net https://5sfuv6rjt77bab0s8uv6rju75r53cqhfj.mentionusercontent.net https://bzw5s16w5761b70rj70yiufau0f1.mentionusercontent.net chrome-extension https://cdn-lbpkl.nitrocdn.com; frame-src 'self' https://public.tableau.com https://public.tableausoftware.com https://www.youtube.com https://e.infogram.com https://www.buzzsprout.com https://www.google.com https://flo.uri.sh https://docs.google.com kapow https://www.msn.com https://datawrapper.dwcdn.net https://platform.twitter.com https://cdn.knightlab.com https://www.googletagmanager.com https://www.podbean.com https://www.facebook.com https://w.soundcloud.com https://player.vimeo.com https://m.facebook.com https://player.wbur.org https://player.captivate.fm https://themainemonitor.giv.sh https://ourworldindata.org https://accounts.google.com https://static.contextall.com https://backhome.news21.com https://clarity.microsoft.com https://infogram.com https://www.canva.com data:; media-src 'self' data:; worker-src 'self' blob: https://cdn-lbpkl.nitrocdn.com/; child-src 'self' blob: 1
"default-src * 'unsafe-eval' data: blob:" ALLOW-FROM= https://promo.platform.securityhq.com/,https://demo.securityhq.com/,https://qr.platform.securityhq.com,https://qr2.platfrom.securityhq.com; frame-ancestors= 'self', https://promo.platform.securityhq.com/,https://demo.securityhq.com/,https://qr.platform.securityhq.com,https://qr2.platfrom.securityhq.com; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; object-src *; frame-ancestors *; worker-src blob: 1
connect-src 'self' analytics.google.com api-eu1.hubapi.com cdn.linkedin.oribi.io cookie-cdn.cookiepro.com cta-eu1.hubspot.com scout.salesloft.com stats.g.doubleclick.net ws.zoominfo.com www.google.co.il forms-eu1.hsforms.com maps.googleapis.com a.omappapi.com api.hubapi.com api.omappapi.com forms.hubspot.com pagead2.googlesyndication.com upstream.auto www.google-analytics.com www.google.com www.googleadservices.com z.omappapi.com yoast.com geolocation.onetrust.com privacyportal.cookiepro.com region1.analytics.google.com www.google.de consentcdn.cookiebot.com content.hotjar.io forms.hsforms.com in.hotjar.com metrics.hotjar.io region1.google-analytics.com vc.hotjar.io wss://ws.hotjar.com www.facebook.com www.google.co.in www.google.es www.google.gr www.google.nl www.google.pt www.google.ch www.google.co.jp www.google.com.br www.google.com.my www.google.com.tr www.google.fr t.influ2.com; font-src 'self' data: fonts.gstatic.com; form-action www.facebook.com forms-eu1.hsforms.com 'self'; frame-src www.facebook.com forms-eu1.hsforms.com consentcdn.cookiebot.com 26634817.hs-sites-eu1.com 'self' embed-standalone.spotify.com open.spotify.com play.vidyard.com td.doubleclick.net www.comeet.co www.youtube.com 10.112.8.141:9499 en.sapiens.com es.sapiens.com dach.sapiens.com; img-src 'self' analytics.twitter.com cookie-cdn.cookiepro.com cta-eu1.hubspot.com data: perf-eu1.hsforms.com px.ads.linkedin.com t.co track-eu1.hubspot.com trackingapi.trendemon.com www.facebook.com www.google.co.il forms-eu1.hsforms.com forms.hsforms.com maps.googleapis.com maps.gstatic.com a.omappapi.com forms-na1.hsforms.com secure.gravatar.com www.google-analytics.com www.google.com s.w.org www.google.de www.google.pt fonts.gstatic.com www.googletagmanager.com www.google.co.in analytics.google.com cdn.vidyard.com play.vidyard.com stats.g.doubleclick.net track.hubspot.com www.google.at www.google.ch www.google.co.uk www.google.es www.google.nl www.google.pl www.google.ae www.google.cl www.google.co.jp www.google.com.au www.google.com.br www.google.com.my www.google.com.ph www.google.com.tr www.google.com.ua www.google.fr www.google.mk www.google.ro www.google.ru www.linkedin.com en.sapiens.com es.sapiens.com www.google.co.kr www.google.com.tw www.google.cz www.google.si i.ytimg.com; script-src-elem 'self' 'unsafe-inline' assets.trendemon.com connect.facebook.net cookie-cdn.cookiepro.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hubspot.com scout-cdn.salesloft.com snap.licdn.com static.ads-twitter.com trackingapi.trendemon.com ws.zoominfo.com www.googletagmanager.com maps.googleapis.com a.omappapi.com cdn.jsdelivr.net consentcdn.cookiebot.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net script.hotjar.com static.hotjar.com unpkg.com upstream.auto www.google-analytics.com www.gstatic.com js-eu1.hsforms.net consent.cookiebot.com data: play.vidyard.com static.cloudflareinsights.com www.comeet.co www.influ2.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' connect.facebook.net cookie-cdn.cookiepro.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hubspot.com snap.licdn.com static.ads-twitter.com www.googletagmanager.com assets.trendemon.com scout-cdn.salesloft.com trackingapi.trendemon.com ws.zoominfo.com www.influ2.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com a.omappapi.com cdn.jsdelivr.net unpkg.com www.googletagmanager.com; worker-src 'self' blob:; script-src-attr 'unsafe-inline'; child-src 26634817.hs-sites-eu1.com; default-src 'self' 'unsafe-inline' 26634817.hs-sites-eu1.com analytics.twitter.com api-eu1.hubapi.com assets.trendemon.com cdn.linkedin.oribi.io cdn.vidyard.com connect.facebook.net cookie-cdn.cookiepro.com cta-eu1.hubspot.com data: geolocation.onetrust.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hubspot.com open.spotify.com perf-eu1.hsforms.com play.vidyard.com px.ads.linkedin.com region1.analytics.google.com s.w.org scout-cdn.salesloft.com scout.salesloft.com snap.licdn.com static.ads-twitter.com t.co track-eu1.hubspot.com trackingapi.trendemon.com ws.zoominfo.com www.facebook.com www.google-analytics.com www.google.ie www.googletagmanager.com privacyportal.cookiepro.com stats.g.doubleclick.net www.google.fi fonts.googleapis.com static.cloudflareinsights.com; frame-ancestors 'self'; media-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors https://*.clarin.eu; default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://use.fontawesome.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://*.clarin.eu https://cdn.jsdelivr.net https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://stats.clarin.eu https://*.google-analytics.com https://*.googleapis.com; img-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://maps.gstatic.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.clarin.eu https://platform.twitter.com https://abs.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://ton.twimg.com https://*.googleusercontent.com https://i.creativecommons.org https://licensebuttons.net data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://*.clarin.eu https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://npmcdn.com https://az416426.vo.msecnd.net *.cookiebot.com http://acrpt02; img-src 'self' data: https://www.google.com https://accessblob.blob.core.windows.net https://www.google-analytics.com https://www.googletagmanager.com *.cookiebot.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com *.cookiebot.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://vortex.data.microsoft.com *.cookiebot.com; frame-src 'self' https://sendfileweb-dev.filebridge.com https://sendfileweb-test.filebridge.com https://sendfileweb-preprod.filebridge.com https://sendfileweb.filebridge.com https://app.powerbi.com https://casendfileweb.filebridge.com *.cookiebot.com; worker-src 'self' blob:; media-src 'self' https://accessblob.blob.core.windows.net *.cookiebot.com; default-src 'self' 1
default-src 'self'; frame-src 'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com www.quintham.com;  1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-cL6i5SCSoifQ6AYca4JtSg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.casino; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.slotv.casino; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.slotv.casino https://i.checkru.net; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.slotv.casino 'nonce-I4LiapbT7pHklNQDaLfrQpEoPuZ24nBm+22XVr+EK6M=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com https://*.slotv.casino; worker-src 'self' blob:; report-uri https://slotv.casino/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
script-src 'nonce-0qdWS8N3rjrHq0Xa_X_NMg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google; base-uri 'none' 1
default-src 'self';script-src 'self' 'unsafe-eval' *.gralmedical.ro https://assets.privy.com www.oncofort.ro www.gstatic.com www.google.com cdn.ckeditor.com googleads.g.doubleclick.net maps.googleapis.com www.googleadservices.com www.googletagmanager.com connect.facebook.net www.google-analytics.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://intl-tel-input.com/node_modules/intl-tel-input/build/js/intlTelInput.js https://intl-tel-input.com/node_modules/intl-tel-input/build/js/utils.js assets.privy.com/packs/js/* static.hotjar.com script.hotjar.com widget.privy.com/assets/widget.js data: 'unsafe-inline'; style-src 'self' *.gralmedical.ro www.oncofort.ro cdn.ckeditor.com cdnjs.cloudflare.com https://assets.privy.com fonts.googleapis.com https://intl-tel-input.com/node_modules/intl-tel-input/build/css/intlTelInput.css cdn.jsdelivr.net code.jquery.com pro.fontawesome.com data: 'unsafe-inline'; font-src 'self' *.gralmedical.ro www.oncofort.ro fonts.gstatic.com pro.fontawesome.com cdnjs.cloudflare.com data: 'unsafe-inline'; frame-src 'self' *.gralmedical.ro www.oncofort.ro  www.google.com vars.hotjar.com www.facebook.com https://youtu.be www.youtube.com data: 'unsafe-inline'; connect-src 'self' *.gralmedical.ro www.oncofort.ro https://events.privy.com stats.g.doubleclick.net https://api.privy.com region1.analytics.google.com *.hotjar.io api.privy.com/businesses/73AF5C0EF75716E12208D320/campaigns.json wss://*.hotjar.com wss://ws23.hotjar.com/api/v2/client/ws ws23.hotjar.com wss://ws28.hotjar.com *.hotjar.com maps.googleapis.com www.google-analytics.com in.hotjar.com data: 'unsafe-inline'; img-src 'self' *.gralmedical.ro https://gralmedical.ro www.oncofort.ro https://assets.privy.com https://events.privy.com cdnjs.cloudflare.com www.facebook.com www.google.com https://intl-tel-input.com/node_modules/intl-tel-input/build/img/flags.png www.google.ro cdn.ckeditor.com www.gralmedical.ro www.google-analytics.com maps.googleapis.com code.jquery.com maps.gstatic.com img.youtube.com i.ytimg.com www.googletagmanager.com googleads.g.doubleclick.net via.placeholder.com lh3.ggpht.com cbks0.googleapis.com geo0.ggpht.com khms1.googleapis.com khms0.googleapis.com *.ggpht.com stage.gral.develop.eiddew.com blob: 'self' data: 'unsafe-inline';object-src blob: ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-3853966f420f1febefd18f6ce9457c3c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com *.fontawesome.com use.fontawesome.com *.googletagservices.com *.googletagmanager.com https://cdn.feathr.co https://marco.feathr.co https://polo.feathr.co https://stats.g.doubleclick.net https://s0.2mdn.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com *.fontawesome.com use.fontawesome.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com placeimg.com picsum.photos *.picsum.photos *.aanem.org *.abemexam.org *.neuromuscularfoundation.org https://stats.g.doubleclick.net https://cdn.feathr.co https://marco.feathr.co https://polo.feathr.co https://match.adsrvr.org *.guidestar.org; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://www.youtube.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com ad.doubleclick.net https://s0.2mdn.net vimeo.com app.sli.do; connect-src 'self' data: *.google.com *.insight.sitefinity.com *.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com *.fontawesome.com https://polo.feathr.co https://s0.2mdn.net; 1
report-uri https://www.emazzanti.net; prefetch-src 'self' 1
default-src 'self' https://malyish.ru https://*.malyish.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;frame-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;img-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru data: mediastream: blob: filesystem:;font-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru data: mediastream: blob: filesystem:;connect-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;object-src 'none';media-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru; 1
worker-src www.google.com; font-src *.fontawesome.com maxcdn.bootstrapcdn.com nelsonjameson.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.ariba.com ariba.com disdono.com *.eprohub.net eprohub.net nelsonjameson.com 'self' 'unsafe-inline'; frame-ancestors *.ariba.com ariba.com disdono.com *.eprohub.net eprohub.net nelsonjameson.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.trustedsite.com *.fls.doubleclick.net *.simpli.fi www.google.com www.trustedsite.com www.youtube.com certtransaction.hostedpayments.com transaction.hostedpayments.com certservices.elementexpress.com services.elementexpress.com certtransaction.elementexpress.com transaction.elementexpress.com ariba.com *.ariba.com *.goudanough.com goudanough.com *.nelsonjameson.com nelsonjameson.com cheesepedia.com *.cheesepedia.com *.eprohub.net eprohub.net googletagmanager.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validate.fishpig.co.uk https://cdn.ywxi.net code.jquery.com maxcdn.bootstrapcdn.com image-charts.com cdn.ywxi.net cdn.jsdelivr.net www.rumiview.com twin-iq.kickfire.com *.simpli.fi www.google-analytics.com google.com www.google.com googletagmanager.com www.googletagmanager.com www.googleadservices.com cm.g.doubleclick.net eb2.3lift.com simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com image2.pubmatic.com sync.intentiq.com ads.stickyadstv.com loadm.exelator.com ups.analytics.yahoo.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net googleads.g.doubleclick.net d.agkn.com pippio.com sync1.intentiq.com *.algolia.net foodsafetykits.com sync.1rx.io ad.doubleclick.net nelsonjameson.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io https://devdocs.magento.com https://magento.com https://cdn.ywxi.net https://www.trustedsite.com www.google.com www.gstatic.com cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com cdn.ywxi.net www.trustedsite.com www.google-analytics.com www.rumiview.com twin-iq.kickfire.com *.simpli.fi www.googletagmanager.com bam.nr-data.net js-agent.newrelic.com googletagmanager.com tags.srv.stackadapt.com googleads.g.doubleclick.net s3-us-west-2.amazonaws.com www.googleadservices.com sync.1rx.io pippio.com sync.search.spotxchange.com *.algolia.net *.algolia.io nelsonjameson.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net tags.srv.stackadapt.com nelsonjameson.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com nelsonjameson.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://devdocs.magento.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com www.gstatic.com s3-us-west-2.amazonaws.com www.trustedsite.com www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net analytics.google.com tags.srv.stackadapt.com googleads.g.doubleclick.net assets.adobedtm.com sync.1rx.io pippio.com sync.search.spotxchange.com www.googleadservices.com *.algolia.io pagead2.googlesyndication.com nelsonjameson.com 'self' 'unsafe-inline'; child-src nelsonjameson.com http: https: blob: 'self' 'unsafe-inline'; default-src nelsonjameson.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://nelsonjameson.com/csp/endpoint/index; report-to report-endpoint;, upgrade-insecure-requests; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.efp.org/?eID=error 1
default-src blob: cdn.jsdelivr.net ps.w.org *.highcharts.com wss: *.zendesk.com *.oribi.io *.zdassets.com *.opower.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.smeco.coop *.facebook.net electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop billing.smeco.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
frame-ancestors *.myshopify.com https://admin.shopify.com; 1
frame-ancestors 'self' https://chargetrip.com default-src 'self' https://*.chargetrip.com 1
child-src  www.paypalobjects.com; connect-src  mbdesktop.cv3admin.com *.listrakbi.com *.listrak.com *.google-analytics.com *.powerreviews.com *.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com *.pinterest.com *.google.com michiganbulb.attn.tv *.bizrate.com *.acsbapp.com *.clarity.ms *.searchspring.io inbound-analytics.pixlee.com *.powerreviews.com events.attentivemobile.com *.sharethis.com src.apis.discover.com www.facebook.com geoip-js.com *.pingdom.net *.criteo.com *.crazyegg.com s.yimg.com www.michiganbulb.com bcp.crwdcntrl.net content.discovercard.com www.googletagmanager.com gaorder.gardensalive.com gardensalive.force.com maps.googleapis.com gardensalive.my.site.com api.cloudinary.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src  mbdesktop.cv3admin.com h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com www.paypalobjects.com www.michiganbulb.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.michiganbulb.com ct.pinterest.com webto.salesforce.com www.paypalobjects.com mbdesktop.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com *.facebook.com www.pinterest.com www.google.com *.online-metrix.net *.pinterest.com content.discovercard.com *.criteo.com src.mastercard.com srcdcf.americanexpress.com *.sharethis.com service.force.com photos.pixlee.co photos.pixlee.com creatives.attn.tv *.criteo.net *.visa.com *.criteo.com tpc.googlesyndication.com www.michiganbulb.com *.bizrate.com www.googletagmanager.com *.azureedge.net; frame-ancestors  www.michiganbulb.com; img-src  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com *.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net bat.bing.com c.bing.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com ad.360yield.com r.casalemedia.com partner.mediawallahscript.com ib.adnxs.com *.doubleclick.net x.bidswitch.net idsync.rlcdn.com sync-criteo.ads.yieldmo.com ad.tpmn.co.kr tapestry.tapad.com trends.revcontent.com jadserve.postrelease.com i.liadm.com *.criteo.com matching.ivitrack.com visitor.omnitagjs.com mbdesktop.cv3admin.com *.bizrate.com secure.checkout.visa.com www.pages08.net *.powerreviews.com assets.pixlee.com d3cgm8py10hi0z.cloudfront.net *.searchspring.io exchange.mediavine.com contextual.media.net criteo-partners.tremorhub.com ads.stickyadstv.com simage2.pubmatic.com sync.outbrain.com ade.clmbtech.com ups.analytics.yahoo.com eb2.3lift.com tg.socdm.com match.sharethrough.com sync-t1.taboola.com criteo-sync.teads.tv pixel.rubiconproject.com rtb-csync.smartadserver.com seal-cincinnati.bbb.org s3.amazonaws.com/cdn.michiganbulb.com/ s3.amazonaws.com/cdn0.michiganbulb.com/ secure.checkout.visa.com www.michiganbulb.com secure.trust-provider.com res.cloudinary.com *.clarity.ms *.criteo.com *.acsbapp.com s.ad.smaato.net sp.analytics.yahoo.com ads.avocet.io michiganbulb.attn.tv *.sharethis.com content.discovercard.com *.online-metrix.net s3.amazonaws.com/cdn.brecks.com/ connect.facebook.net *.criteo.net *.attentivemobile.com *.searchspring.net maps.gstatic.com assets.secure.checkout.visa.com www.google.co.in t.paypal.com s3.amazonaws.com h2.commercev3.net cdn0.michiganbulb.com h2.commercev3.net/cdn0.michiganbulb.com/; script-src  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.powerreviews.com *.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com *.googleapis.com *.doubleclick.net *.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ *.google.com secure.checkout.visa.com *.criteo.com cdn.attn.tv www.googleoptimize.com mbdesktop.cv3admin.com *.searchspring.net www.sc.pages08.net *.bizrate.com *.clarity.ms api.universalcookie.com *.sharethis.com assets.pixlee.com garecommend.gardensalive.com acsbapp.com ajax.aspnetcdn.com assets.pxlecdn.com js.maxmind.com www.aexp-static.com webapp.src.discover.com src.mastercard.com assets.secure.checkout.visa.com *.salesforceliveagent.com service.force.com secure.comodo.com dnn506yrbagrg.cloudfront.net tag.measured.com *.pingdom.net s.yimg.com *.crazyegg.com *.online-metrix.net content.discovercard.com *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com cdn.searchspring.net mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.cnnx.link *.azureedge.net; script-src-elem  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.powerreviews.com *.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com *.googleapis.com *.doubleclick.net *.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ *.google.com secure.checkout.visa.com *.criteo.com cdn.attn.tv www.googleoptimize.com mbdesktop.cv3admin.com *.searchspring.net www.sc.pages08.net *.bizrate.com *.clarity.ms api.universalcookie.com *.sharethis.com assets.pixlee.com garecommend.gardensalive.com acsbapp.com ajax.aspnetcdn.com assets.pxlecdn.com js.maxmind.com www.aexp-static.com webapp.src.discover.com src.mastercard.com assets.secure.checkout.visa.com *.salesforceliveagent.com service.force.com secure.comodo.com dnn506yrbagrg.cloudfront.net tag.measured.com *.pingdom.net s.yimg.com *.crazyegg.com *.online-metrix.net content.discovercard.com *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com cdn.searchspring.net mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.cnnx.link *.azureedge.net; style-src  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net mbdesktop.cv3admin.com cdn.searchspring.net *.googleapis.com service.force.com *.sharethis.com gardensalive.force.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net mbdesktop.cv3admin.com cdn.searchspring.net *.googleapis.com service.force.com *.sharethis.com gardensalive.force.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  mbdesktop.cv3admin.com h2.commercev3.net/cdn0.michiganbulb.com/ cdn0.michiganbulb.com www.bing.com *.acsbapp.com www.michiganbulb.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-lgL0sprNzu3FrkyAfFMODQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 20230925.v.boomlearning.com 'self'; connect-src 'self' https://login.microsoftonline.com https://translate.googleapis.com https://classroom.googleapis.com https://apm-engine.meteor.com https://www.google-analytics.com https://www.googletagmanager.com wss://managedpiperserver.azurewebsites.net https://www.paypal.com https://engine.montiapm.com/ wss://wow.boomlearning.com https://boom-cards.s3-us-west-2.amazonaws.com *; font-src 'self' data: https://boom-app.s3-us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com http://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.boomlearning.com *; frame-ancestors 'self' https://*.instructure.com https://app.schoology.com https://wow.boomlearning.com https://presencelearning.com http://ally.ac *; frame-src 'self' https://*.stripe.com https://*.vimeo.com https://blog.boomlearning.com https://help.boomlearning.com https://accounts.google.com https://www.youtube-nocookie.com https://learn360.infobase.com https://studio.curriki.org https://screencast-o-matic.com https://assets.braintreegateway.com https://checkout.paypal.com https://pwm-image.trendmicro.com https://www.allfileconverter.net https://wow.boomlearning.com *; img-src 'self' blob: data: https://*.stripe.com https://*.vimeocdn.com https://assets.pinterest.com https://boom-app.s3-us-west-2.amazonaws.com https://boom-app.s3.us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com https://*.microsoft.com https://*.instructure.com https://*.googleusercontent.com https://t.paypal.com https://cdn.boomlearning.com *; media-src 'self' blob: data: https://boom-app.s3-us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com https://cdn.boomlearning.com *; script-src 'self' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://apm-engine.meteor.com https://translate.googleapis.com https://connect.facebook.net https://alcdn.msauth.net https://apis.google.com https://accounts.google.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js https://consent.cookiebot.com https://www.paypalobjects.com https://www.paypal.com 'unsafe-inline' https://www.gstatic.com https://cdn.boomlearning.com *; style-src 'self' blob: data: 'unsafe-inline' https://*.microsoft.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://assets.braintreegateway.com https://www.gstatic.com https://cdn.boomlearning.com *; report-uri /CSPViolation 1
frame-ancestors 'self' d2n7f4cdbqb93g.cloudfront.net 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com ; img-src https: 'self' data:; base-uri https://www.codix.eu 'self'; frame-ancestors https: 'self'; form-action https: 'self'; object-src 'none' 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' https://static2.sharepointonline.com https://*.cdn.office.net; img-src 'self' https://accessibilityinsights.io; 1
default-src 'self' *.md-hq.com *.mdtoolbox.net *.mdtoolboxrx.net *.fxmedsupport.com nutrimentrx.com *.fullscript.com *.fontawesome.com *.payconex.net *.saasconex.net *.saasconexterminal.net *.saasconexterminal.net:10009 *.stripe.com *.typekit.net *.googleapis.com *.gstatic.com *.rupahealth.com *.cardconnect.com 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; img-src * data:; 1
default-src 'self' ws: *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.reactandshare.com;style-src 'self' 'unsafe-inline' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.reactandshare.com;img-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net *.twimg.com *.visitfinland.com vk.com;connect-src 'self' ws: *.addsearch.com *.magnolia-platform.com *.businessfinland.fi *.cookiebot.com *.doubleclick.net *.google-analytics.com *.mapbox.com *.met.no *.oribi.io *.tiktok.com;script-src 'self' blob: 'unsafe-eval';script-src-elem 'self' 'nonce-uq5pqXw+CygsBZSb2mrPyQ==' 'nonce-ygqx/kJ5tBrT/8gtKgN2RQ==' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.twitter.com *.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io *.reactandshare.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.vimeo.com;frame-src https://* *.youtube.com *.tr.snapchat.com; 1
frame-ancestors 'self' *.iconsumer.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://www.youtube.com;worker-src blob:;frame-src 'self' https://www.youtube-nocookie.com https://kpnnl.maps.arcgis.com https://vars.hotjar.com https://www.facebook.com;frame-ancestors 'self'; 1
frame-ancestors https://* file://* 1
upgrade-insecure-requests; frame-ancestors 'self' *.usacrime.com; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src www.google.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' wss https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com;style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net fonts.gstatic.com fast.fonts.net fonts.googleapis.com www.googletagmanager.com;img-src 'self' data: *.googleapis.com *.ggpht.com https://maps.googleapis.com https://maps.gstatic.com www.google-analytics.com www.googletagmanager.com www.gravatar.com ssl.gstatic.com www.gstatic.com;media-src 'self';frame-src 'self' *.youtube.com https://player.vimeo.com https://www.google.com;font-src 'self' data: use.typekit.net fonts.gstatic.com fast.fonts.net;connect-src 'self' wss://localhost:44363 wss https://maps.googleapis.com stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com dc.services.visualstudio.com;base-uri 'self';child-src 'self';worker-src 'self';report-uri https://stormid.report-uri.com/r/d/csp/enforce 1
default-src 'self'; connect-src 'self' ws: wss: *.obi4wan.com *.fourdigits.nl *.pusher.com *.svc.dynamics.com *.amazonaws.com *.matomo.cloud *.sentry.io *.rijnijssel.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.obi4wan.com *.pusher.com *.azureedge.net *.netlify.app *.sentry.io  *.youtube.com *.gstatic.com *.matomo.cloud; img-src 'self' data: *.matomo.cloud *.flbx.io *.ytimg.com *.amazonaws.com *.dynamics.com *.imgix.net; style-src 'self' 'unsafe-inline' *.matomo.cloud *.googleapis.com; font-src 'self' data: 'unsafe-inline' *.matomo.cloud *.gstatic.com *.bootstrapcdn.com *.cloudflare.com; media-src 'self' *.obi4wan.com; frame-src 'self' *.dynamics.com *.youtube.com *.netlify.com *.obi4wan.com; frame-ancestors 'self' *.fourdigits.nl *.netlify.app 1
default-src 'self'; font-src 'self' https: data:; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https: blob: *.xboxlive.com https://img.youtube.com https://i.ytimg.com https://i.imgur.com https://api.merfolkslullaby.com https://cdn.merfolkslullaby.com; script-src 'self' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.googlevideo.com 'unsafe-inline'; connect-src 'self' https://api.merfolkslullaby.com wss://api.merfolkslullaby.com/ws/ https://cdn.merfolkslullaby.com *.xboxlive.com https://trigger.merfolkslullaby.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com *.imgur.com; media-src *.youtube.com *.youtube-nocookie.com; object-src 'none'; frame-src *.youtube.com *.youtube-nocookie.com *.googlevideo.com; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self'; base-uri 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' http://gzw.fujian.gov.cn https://gzw.fujian.gov.cn http://rst.fujian.gov.cn https://rst.fujian.gov.cn http://gat.fujian.gov.cn https://gat.fujian.gov.cn  *.fujian.gov.cn https://ptgl.fujian.gov.cn:8088 http://zwfw.fujian.gov.cn:722 http://www.fujian.gov.cn https://www.fujian.gov.cn  https://zwfw.fujian.gov.cn http://test.fujian.gov.cn  https://test.fujian.gov.cn http://220.160.52.102:33003  http://www.xm.gov.cn https://www.xm.gov.cn http://ptgl.fujian.gov.cn https://ptgl.fujian.gov.cn http://fujian.gov.cn https://fujian.gov.cn http://www.fujian.gov.cn https://www.fujian.gov.cn http://fj.gov.cn https://fj.gov.cn http://www.fj.gov.cn https://www.fj.gov.cn http://fgw.fujian.gov.cn https://fgw.fujian.gov.cn http://fgw.fj.gov.cn https://fgw.fj.gov.cn http://gxt.fujian.gov.cn https://gxt.fujian.gov.cn http://gxt.fj.gov.cn https://gxt.fj.gov.cn http://stream14.fjtv.net https://gat.fujian.gov.cn https://mzzjt.fujian.gov.cn https://rst.fujian.gov.cn https://zjt.fujian.gov.cn https://nynct.fujian.gov.cn https://lyj.fujian.gov.cn https://swt.fujian.gov.cn https://yjt.fujian.gov.cn https://www.ningde.gov.cn http://www.ningde.gov.cn http://lyj.fujian.gov.cn 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://js.stripe.com; connect-src 'self' https://api.stripe.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://player.vimeo.com 1
default-src 'self' http://www.youtube.com;style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google.ru http://google.ru https://google.com http://google.com https://*.google.ru http://*.google.ru https://*.google.com http://*.google.com https://*.googletagservices.com http://*.googletagservices.com http://*.googleadservices.com https://*.googleadservices.com http://*.googlesyndication.com https://*.googlesyndication.com https://googleapis.com http://googleapis.com https://*.googleapis.com http://*.googleapis.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com https://yandex.ru https://yandex.net http://yandex.ru http://yandex.net https://*.yandex.ru https://*.yandex.net http://*.yandex.ru http://*.yandex.net https://yastatic.net http://yastatic.net https://*.yastatic.net http://*.yastatic.net http://rambler.ru https://rambler.ru http://*.rambler.ru https://*.rambler.ru https://vk.com http://vk.com https://*.vk.com http://*.vk.com https://*.facebook.com http://lc2ads.ru http://ladycash.ru http://faggrim.com http://*.lc2ads.ru http://*.ladycash.ru http://*.faggrim.com http://*.m2corp.ru http://*.pluso.ru http://*.kitbit.net http://*.insigit.com http://*.openstat.net http://*.zatexta.com http://*.addthis.com http://*.yandex.st http://*.facebook.net http://*.twitter.com http://*.userapi.com https://*.yandex.st https://*.facebook.net https://*.twitter.com https://*.userapi.com https://*.github.com https://*.githubusercontent.com http://*.disqus.com/ https://*.gstatic.com http://*.lcads.ru http://*.teaser.cc http://*.adsniper.ru http://*.disquscdn.com http://*.ladycoin.ru http://*.poketall.ru http://*.cashandfavor.ru http://*.purecash.ru http://*.busyprice.ru http://*.servemoney.ru http://*.levelpay.ru http://*.goodkind.ru http://*.purecapital.ru http://userapi.com/ http://*.cashheaven.ru http://*.payandpray.ru http://*.moneytrap.ru http://*.pandre10.ru http://zatexta.com http://yandex.st https://yandex.st http://n.adonweb.ru http://kitbit.net/kb.js http://front.facetz.net http://*.criteo.com/ http://st.ad.smaclick.com http://*.vn-chk777.com/ http://*.ads1-adnow.com/ https://*.users-api.com https://xlog.info https://*.vn-chk123.com http://*.users-api.com  http://xlog.info http://*.vn-chk123.com http://*.cdn1now.com https://*.cdn1now.com http://cdn1now.com https://cdn1now.com http://*.cdn2now.com https://*.cdn2now.com http://cdn2now.com https://cdn2now.com http://*.cdn3now.com https://*.cdn3now.com http://cdn3now.com https://cdn3now.com http://*.cdn4now.com https://*.cdn4now.com http://cdn4now.com https://cdn45now.com http://*.cdn5now.com https://*.cdn5now.com http://cdn5now.com https://cdn5now.com http://*.cdn6now.com https://*.cdn6now.com http://cdn6now.com https://cdn6now.com http://*.cdn7now.com https://*.cdn7now.com http://cdn7now.com https://cdn7now.com http://*.cdn8now.com https://*.cdn8now.com http://cdn8now.com https://cdn8now.com http://*.cdn9now.com https://*.cdn9now.com http://cdn9now.com https://cdn9now.com http://*.cdn10now.com https://*.cdn10now.com http://cdn10now.com https://cdn10now.com ;report-uri ../../csp/log.php 1
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'none'; connect-src 'self' https://api.isic.org https://consentcdn.cookiebot.com https://ct.pinterest.com https://maps.googleapis.com https://stats.g.doubleclick.net https://t.leady.com https://www.facebook.com https://www.google-analytics.com https://yoast.com https://my.yoast.com https://*.smartlook.com https://*.google-analytics.com https://*.analytics.google.com https://*.smartlook.cloud; font-src data: 'self' https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://open.spotify.com https://embed-standalone.spotify.com https://www.facebook.com https://www.google.com https://www.pinterest.com https://www.youtube-nocookie.com; img-src data: 'self' https://c.seznam.cz https://cdn.isic.cz https://ct.pinterest.com https://dm.aliveplatform.com https://dmp.adform.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://purecatamphetamine.github.io https://s3-eu-west-1.amazonaws.com https://s.w.org https://secure.gravatar.com https://t.leady.com https://widgets.isic.org https://www.google-analytics.com https://www.google.com https://www.google.cz https://www.facebook.com https://*.amazonaws.com https://*.tile.osm.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.imedia.cz https://c.seznam.cz https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://s.pinimg.com https://t.leady.com https://unpkg.com https://widgets.isic.org https://www.geoplugin.net https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.smartlook.cloud https://*.amazonaws.com https://code.jquery.com https://*.datatables.net https://*.google-analytics.com https://*.smartlook.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.datatables.net https://unpkg.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1
default-src 'self' 'unsafe-inline' *.tiktok.com *.googlesyndication.com apac.api.amplifoninternal.com www.amplifon.com assets-apac.amplifon.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.googlesyndication.com everestjs.net *.everesttech.net *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; img-src 'self' data: *.doubleclick.net *.tiktok.com *.googlesyndication.com *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; connect-src 'self' *.google.com *.tiktok.com *.googlesyndication.com apac.api.amplifoninternal.com *.amplifoninternal.com everestjs.net *.everesttech.net ws: wss: *.execute-api.ap-southeast-2.amazonaws.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; font-src 'self' data: *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; frame-src 'self' *.doubleclick.net *.googlesyndication.com *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; worker-src 'self' *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; media-src 'self' *.execute-api.ap-southeast-2.amazonaws.com *.gstatic.com www.gstatic.com *.googleadservices.com *.privacysandbox.googleadservices.com *.zopim.com *.ytimg.com *.iili.io *.ibb.co *.amplifon.com *.twitter.com www.youtube-nocookie.com *.zopim.io *.hotjar.io www.youtube.com *.day.com *.go2cloud.org *.go2jump.org *.performtracking.com *.steelhousemedia.com *.fls.doubleclick.net www.google.de amplifon.demdex.net cm.everesttech.net www.amplifon.com assets-apac.amplifon.com maps.googleapis.com assets.adobedtm.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com bat.bing.com v2.zopim.com connect.facebook.net jlib.phone-analytics.com static.zdassets.com fonts.googleapis.com www.google.com www.google.it maps.gstatic.com www.facebook.com sp.analytics.yahoo.com mobileb2c.nhc.com.au amplifon.d3.sc.omtrdc.net api.jetinteractive.com.au ekr.zdassets.com dpm.demdex.net amplifongroup.tt.omtrdc.net stats.g.doubleclick.net *.zopim.com fonts.gstatic.com; 1
default-src fonts.gstatic.com  'self' stats.g.doubleclick.net www.google-analytics.com maxcdn.bootstrapcdn.com  *.googleapis.com *.facebook.com client.pay.bka.sh *.jsdelivr.net *.gstatic.com *.cloudflare.com *.eboighar.com unpkg.com *.google.com; img-src 'self' www.google-analytics.com *.eboighar.com *.googleapis.com *.facebook.com *.googletagmanager.com data:;script-src 'self' www.google-analytics.com *.datatables.net *.facebook.net  scripts.pay.bka.sh *.googletagmanager.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fbcdn.net *.facebook.com *.jsdelivr.net unpkg.com *.jquery.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.datatables.net *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net unpkg.com; 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufel.ch zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
frame-ancestors 'self' virtualyard.com *.virtualyard.com.au 1
report-uri https://thebeginningaftertheend.online 1
default-src 'self' https://api.yoando.com.pe; media-src https://storage01.yoando.com.pe https://js.intercomcdn.com https://www.yoando.com.pe https://www.youtube.com; script-src 'self' https://api.yoando.com.pe https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://recaptcha.net https://assets.customer.io https://widget.intercom.io https://js.intercomcdn.com https://optimize.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://detectca.easysol.net https://maps.googleapis.com https://js-cdn.dynatrace.com https://static.hotjar.com https://script.hotjar.com https://www.youtube.com; img-src 'self' blob: data: https://track.customer.io https://www.facebook.com https://static.intercomassets.com https://widget.intercom.io https://js.intercomcdn.com https://static.hotjar.com https://script.hotjar.com https://geo0.ggpht.com/cbk https://cbks0.googleapis.com/cbk https://www.google-analytics.com https://www.google.com https://detectca.easysol.net https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com.pe https://www.youtube.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; frame-src https://consentcdn.cookiebot.com https://recaptcha.net https://intercom-sheets.com https://vars.hotjar.com https://www.google.com https://maps.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com; font-src 'self' https://fonts.intercomcdn.com https://script.hotjar.com https://fonts.gstatic.com https://js.intercomcdn.com data:; child-src https://www.google.com https://maps.googleapis.com https://www.yoando.com.pe https://www.youtube.com; object-src 'none'; connect-src 'self' data: https://api.yoando.com.pe https://consentcdn.cookiebot.com https://ecertic.idcapture.es https://www.google-analytics.com https://api-iam.intercom.io https://in.hotjar.com https://vc.hotjar.io https://content.hotjar.io/ wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://nexus-websocket-a.intercom.io https://www.youtube.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-ByV9PSl61CNJXZDrR3ovgw=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://iys.io; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
frame-ancestors 'self' https://landing.casamiento.com.uy 1
default-src https: ptapp:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: 'self' data:; media-src https: 'self' blob:; font-src https: 'self' data:; connect-src https: 'self' wss:; frame-ancestors 'self' 1
default-src 'self'; script-src 'self'  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: http://c.seznam.cz blob:; connect-src 'self' https: wss: blob:; frame-src 'self' https:; object-src 'none'; 1
default-src 'none'; child-src 'self'; script-src 'self' 'nonce-YzY3ZjFlY2QwNjFiNGU0M2JiNDdlMGRjMTlmYTAzZmZmMmNiZmQxZjI0OTg0MGM0YmVlMmU0NjkzZGVkMDJjZg==' https://www.google.com https://www.gstatic.com https://www.google-analytics.com 'sha256-cZ91PRwheIucR7EHRY7Zdq7LYWEqmX/XjAo433RUStU=' 'sha256-r1qZ70CJAklHGrh5FypsBwI2ZnqWkEXTMv4XV+7ZNQ0=' 'sha256-CFn4zg31ovRq+Jf6dNskFvzuLaM202xFrKnT2eMQ2iU=' 'sha256-GAaP31dVKWNiAN1VRng+Va+Zr3yD92/oEnnvHMZlwCY=' 'sha256-Hy7qfyFZ+LAwRABUHVToUBMPzlzO/MFmeoK4qSbAjZY=' *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.tiktok.com *.facebook.com *.facebook.net; script-src-elem 'self' 'nonce-YzY3ZjFlY2QwNjFiNGU0M2JiNDdlMGRjMTlmYTAzZmZmMmNiZmQxZjI0OTg0MGM0YmVlMmU0NjkzZGVkMDJjZg==' 'sha256-s+YkvAi/vKPevMi3lNz+EnJgLIK/5yJsTV0zilABsT0=' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://s.pinimg.com 'sha256-cZ91PRwheIucR7EHRY7Zdq7LYWEqmX/XjAo433RUStU=' 'sha256-r1qZ70CJAklHGrh5FypsBwI2ZnqWkEXTMv4XV+7ZNQ0=' 'sha256-CFn4zg31ovRq+Jf6dNskFvzuLaM202xFrKnT2eMQ2iU=' 'sha256-GAaP31dVKWNiAN1VRng+Va+Zr3yD92/oEnnvHMZlwCY=' 'sha256-Hy7qfyFZ+LAwRABUHVToUBMPzlzO/MFmeoK4qSbAjZY=' *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.tiktok.com *.facebook.com *.facebook.net; object-src 'none'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://intranet.zenatur.com.br https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com.br https://ct.pinterest.com 'sha256-cZ91PRwheIucR7EHRY7Zdq7LYWEqmX/XjAo433RUStU=' 'sha256-r1qZ70CJAklHGrh5FypsBwI2ZnqWkEXTMv4XV+7ZNQ0=' 'sha256-CFn4zg31ovRq+Jf6dNskFvzuLaM202xFrKnT2eMQ2iU=' 'sha256-GAaP31dVKWNiAN1VRng+Va+Zr3yD92/oEnnvHMZlwCY=' 'sha256-Hy7qfyFZ+LAwRABUHVToUBMPzlzO/MFmeoK4qSbAjZY=' *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.tiktok.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' https://www.google.com https://ct.pinterest.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://ct.pinterest.com https://stats.g.doubleclick.net 'sha256-cZ91PRwheIucR7EHRY7Zdq7LYWEqmX/XjAo433RUStU=' 'sha256-r1qZ70CJAklHGrh5FypsBwI2ZnqWkEXTMv4XV+7ZNQ0=' 'sha256-CFn4zg31ovRq+Jf6dNskFvzuLaM202xFrKnT2eMQ2iU=' 'sha256-GAaP31dVKWNiAN1VRng+Va+Zr3yD92/oEnnvHMZlwCY=' 'sha256-Hy7qfyFZ+LAwRABUHVToUBMPzlzO/MFmeoK4qSbAjZY=' *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.tiktok.com *.facebook.com *.facebook.net; 1
object-src 'none'; form-action 'self'; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com https://kit-free.fontawesome.com https://kit-pro.fontawesome.com https://static.elfsight.com https://cdn.clicassure.com; frame-ancestors http://www.autoaubaine.com/ https://www.autoaubaine.com/ https://*.facebook.com https://www.movingwaldo.ca/ http://assurancelepelco.com https://assurancelepelco.com https://*.lowestratesqc.ca http://*.lowestratesqc.ca https://api-95b4b19f.duosecurity.com https://qc.wawanesa.com https://hardbacon.ca 1
connect-src 'self' *.dokobit.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.net *.cookieinformation.com; font-src 'self' data: *.dokobit.com fonts.gstatic.com *.hotjar.com; frame-src 'self' *.dokobit.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.google.com *.facebook.com *.cookieinformation.com; img-src 'self' data: *.dokobit.com *.hotjar.com *.facebook.com *.google.com *.google.ee *.doubleclick.net *.google-analytics.com *.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dokobit.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.net *.cookieinformation.com; style-src 'self' 'unsafe-inline' *.dokobit.com fonts.googleapis.com; worker-src 'self'; 1
*.cookieyes.com cdn-cookieyes.com 1
base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' *.googleapis.com www.google.com www.google-analytics.com www.gstatic.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net mylivechat.com *.mylivechat.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com static.addtoany.com assets.pinterest.com atratopago.com *.atratopago.com v2.zopim.com widget-mediator.zopim.com tagmanager.google.com static.zdassets.com www.clarity.ms *.clarity.ms; 1
script-src  'self'  'unsafe-inline'   'unsafe-eval'  *.etstur.com  *.otelpuan.com  *.googletagmanager.com  *.hotjar.com  *.facebook.net  *.googleapis.com  *.google-analytics.com  *.googleadservices.com  *.doubleclick.net  *.gstatic.com  *.cloudfront.net  *.cloudflare.com  analytics.tiktok.com  static.cloudflareinsights.com  otelpuan.com  *.efilli.com  otelpuan.webinstats.com  appleid.cdn-apple.com  *.google.com  *.google.com.tr  ;  object-src data: 'unsafe-eval' otelpuan.com *.otelpuan.com ; 1
base-uri 'self'; default-src https: data: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' *.pieddebiche-paris.com fonts.gstatic.com; frame-ancestors 'self' pieddebiche.zendesk.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.gruposancorseguros.com *.google.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net js.hsforms.net forms.hsforms.com code.jquery.com *.chat-tonic.com https://go.botmaker.com https://storage.googleapis.com https://polyfill.io/v3/ *.hotjar.com widgets-static.embluemail.com cdn.embluemail.com *.facebook.com googleads.g.doubleclick.net *.facebook.net *.teads.tv *.smileweb.net *.linkedin.com *.qualtrics.com;object-src 'self' *.gruposancorseguros.com;style-src 'self' 'unsafe-inline' *.google.com *.gruposancorseguros.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.bootstrapcdn.com *.chat-tonic.com *.smileweb.net;img-src 'self' s3.us-east-1.amazonaws.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.gruposancorseguros.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com data: *.hsforms.com web.chat-tonic.com *.smileweb.net *.google.com *.google.com.ar unpkg.com *.hotjar.com *.teads.tv *.qualtrics.com;media-src 'self' *.gruposancorseguros.com *.googleapis.com;frame-src *.gruposancorseguros.com td.doubleclick.net *.google.com *.qualtrics.com *.teads.tv *.debmedia.com *.youtube.com;font-src 'self' fonts.gstatic.com *.gruposancorseguros.com cdn.jsdelivr.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com static.smileweb.net *.hotjar.com;connect-src 'self' *.gruposancorseguros.com *.googleapis.com wss://*.gruposancorseguros.com nf-mock.globallogic.com.ar forms.hubspot.com api.hubapi.com *.chat-tonic.com *.botmaker.com m-infra.appspot.com wss://*.botmaker.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ar *.smileweb.net *.qualtrics.com *.teads.tv;child-src *.google.com *.youtube.com *.facebook.com forms.hsforms.com forms.hubspot.com *.chat-tonic.com data: blob: *.googleapis.com *.debmedia.com *.smileweb.net *.doubleclick.net;frame-ancestors 'none';report-uri /WebResource.axd?cspReport=true 1
script-src stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net www.google.com www.gstatic.com 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'none'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-RCv_Uvz7Wj8vVx5qjDAHFg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.lu 1
frame-ancestors *.omnifurgone.it *.motor1.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com z.moatads.com v1.addthisedge.com s7.addthis.com ssl.google-analytics.com  www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com https://connect.facebook.net https://snap.licdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com cdnjs.cloudflare.com; frame-src youtube.com impact.qual.carbon.click www.youtube.com www.google.com s7.addthis.com 'self'; frame-ancestors 'self' ; img-src 'self' ssl.google-analytics.com *.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com  data: www.google-analytics.com www.facebook.com https://widgets.qual.carbon.click https://widgets.carbon.click ; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net api-public.addthis.com https://cdn.linkedin.oribi.io/; media-src 'self' data: blob:; font-src 'self' data: fonts.gstatic.com; worker-src 'self' data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://intocities.com/ https://*.pipedrive.email https://analytics.tiktok.com https://newsletter.chaesbueb.ch https://issuu.com https://sc-static.net/scevent.min.js https://tr.snapchat.com https://forms.office.com https://emmilangnau.us3.list-manage.com https://eepurl.com https://dialog.scoutsss.com https://business.dialogify.io https://static.dialogify.io https://business.scoutsss.com https://ct.pinterest.com https://s.pinimg.com https://*.freizeitplan.net https://*.eqs.com https://www.facebook.com https://*.gstatic.com https://*.hana.ondemand.com https://*.equitystory.com/ https://siteimproveanalytics.com https://*.emmi.com https://*.clarity.ms https://*.prospective.ch https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.typekit.net https://*.mookie1.com https://connect.facebook.net https://fonts.googleapis.com https://cdn.polyfill.io https://emmi-chatbot.smack.build https://js.frubil.info https://ga-dev-tools.appspot.com https://*.google.com https://*.googleadservices.com https://content.googleapis.com https://ajax.googleapis.com https://www.youtube.com https://youtu.be https://player.vimeo.com https://pano.nautilusstudios.ch http://charts3.equitystory.com https://charts3.equitystory.com http://webservices.newsbox.ch http://live.solique.ch https://www.googletagmanager.com https://*.google-analytics.com https://e3.marco.ch https://embed.eventfrog.ch https://*.spotify.com https://spotify.com https://*.issuu.com https://issuu.com https://*.tiqcdn.com https://*.tiqcdn.cn https://*.tealiumiq.com https://emmi-luzerner-farm-auslastung.vercel.app https://cdnjs.cloudflare.com; img-src 'self' https://s3.eu-west-1.amazonaws.com https://business.scoutsss.com https://*.eqs.com https://*.siteimproveanalytics.io https://www.facebook.com https://emmi-chatbot.smack.build https://*.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.mookie1.com https://*.adnxs.com https://*.google.com https://*.google.at https://*.googleadservices.com https://www.google.ch https://ct.pinterest.com https://embed.eventfrog.ch https://*.doubleclick.net https://c.clarity.ms https://www.google.de data:; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' http://fonts.gstatic.com http://cdn.curator.io http://api.curator.io http://widgets.skyscanner.net http://www.skyscanner.net http://l.sharethis.com http://sentry.tidio.co http://trip-planner.azerbaijan.travel http://mc.yandex.ru http://stats.g.doubleclick.net http://widget-v4.tidiochat.com http://api.userway.org http://www.google-analytics.com wss://socket.tidio.co https://maps.googleapis.com/ https://cdn.userway.org/widgetapp/ http://test.azerbaijan.travel http://analytics.google.com http://bcp.crwdcntrl.net; font-src 'self' http://fonts.gstatic.com http://cdn.curator.io http://api.curator.io http://test.azerbaijan.travel http://cdnjs.cloudflare.com http://widget-v4.tidiochat.com; frame-src http://c.sharethis.mgr.consensu.org http://www.google.com http://cdn.userway.org http://www.youtube.com http://youtube.com http://w.soundcloud.com http://www.yumpu.com https://www.alltrails.com/ https://www.wikiloc.com/ https://t.sharethis.com/ https://widgets.skyscanner.net/ https://maps.google.com/ https://www.facebook.com/; img-src 'self' http://www.google-analytics.com http://www.instagram.com http://cdn.curator.io http://widgets.skyscanner.net http://instagram.fgbb2-1.fna.fbcdn.net http://instagram.fgbb2-2.fna.fbcdn.net http://maps.gstatic.com http://maps.googleapis.com http://twemoji.maxcdn.com http://unpkg.com http://test.azerbaijan.travel data: https: http:; media-src 'self' http://curatorio.s3.amazonaws.com http://widget-v4.tidiochat.com http://207.154.201.48:9000 https://207.154.201.48:9000 http://cdn.userway.org http://curator-assets.b-cdn.net; object-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.cloudflare.com http://www.google.com http://widgets.skyscanner.net http://cdn.curator.io http://api.curator.io http://code.tidio.co http://platform-api.sharethis.com http://www.gstatic.com http://buttons-config.sharethis.com http://widget-v4.tidiochat.com http://count-server.sharethis.com http://trip-planner.azerbaijan.travel http://maps.googleapis.com http://s.inspirockcdn.com http://maps.googleapis.com http://test.azerbaijan.travel data: https: http:; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com http://cdn.curator.io http://api.curator.io http://s.inspirockcdn.com http://js.skyscnr.com http://test.azerbaijan.travel http://cdnjs.cloudflare.com 1
frame-ancestors 'self' ridestyler.com *.ridestyler.com; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://app.storyblok.com/; object-src 'none'; child-src https://www.youtube-nocookie.com https://securityall-8465d383d6c6cf616885062.freshchat.com/ https://td.doubleclick.net/ https://wwwnetworking4allcom.webpush.freshchat.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-0cf6cd08929968783ad58f8dbf2467df'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
child-src https://fast.wistia.net https://intercom-sheets.com https://player.vimeo.com https://www.intercom-reporting.com https://www.youtube.com; connect-src http://localhost:8178 https://bity.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://connect.bity.com https://exchange.api.bity.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://oliver.bity.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com ws://127.0.0.1:8178 wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://relay.walletconnect.com https://explorer-api.walletconnect.com; default-src https://bity.com; img-src 'unsafe-inline' blob: data: https://bity.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://app.mailjet.com https://downloads.intercomcdn.com https://gifs.intercomcdn.com https://js.intercomcdn.com https://messenger-apps.intercom.io https://static.intercomassets.com https://uploads.intercomusercontent.com https://video-messages.intercomcdn.com https://explorer-api.walletconnect.com; font-src https://bity.com https://fonts.gstatic.com https://js.intercomcdn.com; form-action https://api-iam.intercom.io https://intercom.help; frame-ancestors 'none'; frame-src https://verify.walletconnect.com https://bity.com https://app.mailjet.com https://connect.trezor.io https://intercom-sheets.com; media-src https://js.intercomcdn.com; object-src 'none'; script-src 'unsafe-inline' https://bity.com https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://app.intercom.io https://app.mailjet.com https://cdnjs.cloudflare.com https://js.intercomcdn.com https://widget.intercom.io; style-src 'unsafe-inline' https://bity.com https://app.intercom.io https://app.mailjet.com https://fonts.googleapis.com; 1
frame-ancestors 'self' *.download.com.vn download.com.vn *.hoatieu.vn hoatieu.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://tpc.googlesyndication.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.googleadservices.com https://bat.bing.com https://s.adroll.com https://pixel.cdnwidget.com https://static.criteo.net https://sslwidget.criteo.com https://connect.facebook.net https://edge.fullstory.com https://fullstory.com https://d.adroll.com https://*.doubleclick.net https://mmtro.com https://cdn.mmtro.com https://api.neuro-id.com https://logs.neuro-id.com https://scripts.neuro-id.com https://*.optimizely.com https://tags.tiqcdn.com https://deploytealium.com https://*.impactradius-event.com https://www.googletagmanager.com https://www.google-analytics.com https://load.sumo.com https://load.sumome.com https://widget.trustpilot.com https://*.vimeocdn.com https://*.fastcdn.co https://heatmap.services https://hackerone.com https://heatmap-events-collector.instapage.com https://cdn.cookielaw.org https://static.universal-credit.com https://cdn.cookielaw.org; frame-src https://gum.criteo.com https://*.doubleclick.net https://upgrade.pxf.io https://connect.facebook.net https://tpc.googlesyndication.com https://*.vimeo.com https://*.youtube.com https://widget.trustpilot.com https://hackerone.com https://*.universal-credit.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.ebonytube.com/csp-reports; report-to csp-endpoint 1
img-src https://www.abuseipdb.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-464db8dc7fc855a31ce34bda401aedd8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.bite.lt *.manabite.lv manabite.lv *.exacttarget.com 1
default-src 'self'; child-src 'self'; connect-src 'self' *.bing.com *.demdex.net *.doubleclick.net *.google-analytics.com *.omtrdc.net; font-src 'self' data: *.typekit.net use.fontawesome.com; frame-src 'self' *.demdex.net *.doubleclick.net; img-src 'self' *.adsymptotic.com *.bing.com *.everesttech.net *.google-analytics.com *.googletagmanager.com *.linkedin.com *.omtrdc.net www.google.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.onetrust.com assets.adobedtm.com cdn.cookielaw.org fast.wistia.com; style-src 'self' 'unsafe-inline' *.typekit.net cdn.cookielaw.org use.fontawesome.com; worker-src 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-ukwest.onetrust.com *.tiktok.com *.tvsquared.com *.googletagmanager.com *.facebook.net *.jquery.com *.hotjar.com *.google-analytics.com *.cloudflare.com *.trustist.com https://api.mapbox.com *.googleapis.com *.aspnetcdn.com; default-src 'self' data: wss: *.youtube.com *.umbraco.org *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com https://api.mapbox.com *.trustist.com; font-src 'self' data: *.gstatic.com; img-src 'self' data: *.gravatar.com *.umbraco.com *.facebook.com trustist.blob.core.windows.net *.demdex.net *.tvsquared.com *.onetrust.com *.datatables.net *.trustist.com https://cookiesuksouth.blob.core.windows.net *.umbraco.org *.webtype.com *.googleapis.com http://chart.googleapis.com khcdn8f8e95be6a.b-cdn.net maps.gstatic.com umbraco.tv *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.gstatic.com; child-src blob: player.vimeo.com; connect-src 'self' *.onetrust.com *.tiktok.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.analytics.google.com *.google-analytics.com *.trustist.com *.facebook.com *.doubleclick.net *.facebook.net *.mapbox.com *.doubleclick.net *.google.co.uk; frame-src 'self' *.vimeo.com *.google.com *.analytics.google.com https://www.facebook.com *.facebook.com *.youtube.com; media-src 'self' *.vimeo.com *.akamaized.net 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-6KN7YicMxWKbRs8edltgHiwr8FgnML+rCt/UNHbr+LM=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://static.hotjar.com https://script.hotjar.com https://cdn.mouseflow.com https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru https://*.ytimg.com http://awards.ratingruneta.ru https://yandex.ru cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net; frame-src 'self' https://vars.hotjar.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; worker-src 'self' blob: https://*.push4site.com; report-uri /csp-report/; 1
default-src 'self' https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://c.jobcloud.ai https://tags.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://dynamic.criteo.com https://sslwidget.criteo.com https://*.leadforensics.com https://secure.data-insight365.com https://bat.bing.com; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://c.jobcloud.ai https://tags.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://dynamic.criteo.com https://sslwidget.criteo.com https://*.leadforensics.com https://secure.data-insight365.com https://bat.bing.com; object-src 'self' data: blob: https://stage.jobcloud.ai https://qa.account.jobcloud.ai https://qa.hire.jobcloud.ai https://qa.publication.jobcloud.ai https://jobcloud.ai; frame-src 'self' 'unsafe-eval' data: blob: https://stage.jobcloud.ai https://qa.account.jobcloud.ai https://qa.hire.jobcloud.ai https://qa.publication.jobcloud.ai https://jobcloud.ai https://vars.hotjar.com https://test-jobcloud-ai.eu.auth0.com https://jobcloud-ai.eu.auth0.com https://docs.google.com https://view.officeapps.live.com https://jobcloud-api.erecruiter.org https://jobcloud-api-test.erecruiter.org https://www.google.com https://www.google.ca https://zeroheight.com https://auth.test.jobcloud.ai https://auth.stage.jobcloud.ai https://auth.jobcloud.ai https://gum.criteo.com https://static.criteo.net https://fledge.criteo.com https://widget.eu.criteo.com https://td.doubleclick.net; connect-src 'self' 'unsafe-inline' data: blob: http://jobcloud.ai.local:3000 https://stage.jobcloud.ai https://qa.account.jobcloud.ai https://qa.hire.jobcloud.ai https://qa.publication.jobcloud.ai https://jobcloud.ai https://api.test.jobcloud.ai https://api.stage.jobcloud.ai https://api.jobcloud.ai http://jobcloud.ai.local:8000 https://ats-api.stage.jobcloud.ai https://ats-api.jobcloud.ai https://metadata-api-stage.jobcloud.services/api/v1/meta/ https://metadata-api.jobcloud.services/api/v1/meta/ https://graphql.jobcloud.ai https://graphql.jobcloud.ai/graphql https://media.stage.jobcloud.ai/media https://media.jobcloud.ai/media https://middleware.test.jobcloud.ai https://middleware.stage.jobcloud.ai https://middleware.test.joblocloud.ai/graphql https://middleware.stage.joblocloud.ai/graphql https://middleware.jobcloud.ai https://middleware.jobcloud.ai/graphql https://ecommerce.test.jobcloud.ai https://ecommerce.stage.jobcloud.ai https://ecommerce.jobcloud.ai https://media.stage.jobcloud.ai https://media.jobcloud.ai https://test-jobcloud-ai.eu.auth0.com https://jobcloud-ai.eu.auth0.com https://api-iam.intercom.io https://api-iam.eu.intercom.io http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com wss://nexus-websocket-a.intercom.io wss://nexus-europe-websocket.intercom.io https://js.intercomcdn.com/ https://auth.test.jobcloud.ai https://auth.stage.jobcloud.ai https://auth.jobcloud.ai https://uploads.intercomcdn.com/ https://uploads.intercomcdn.eu https://sentry.io https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://*.jobcloud.ai https://*.jobcloud.ch https://auth.jobcloud.ai/oauth/token https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://*.google.com https://*.google.ch https://*.google.de https://*.google.rs https://*.google.fr https://measurement-api.criteo.com https://dynamic.criteo.com https://sslwidget.criteo.com https://cdn.linkedin.oribi.io https://*.ads.linkedin.com https://www.facebook.com https://connect.facebook.net https://collect.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com https://widget.intercom.io https://api.buttercms.com https://cdn.buttercms.com https://snap.licdn.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.leadforensics.com https://idx.liadm.com https://secure.data-insight365.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src * data:; img-src 'self' 'unsafe-eval' data: blob: https://stage.jobcloud.ai https://qa.account.jobcloud.ai https://qa.hire.jobcloud.ai https://qa.publication.jobcloud.ai https://jobcloud.ai https://cdn.buttercms.com https://heapanalytics.com https://*.jobcloud.ch https://media.stage.jobcloud.ai https://media.stage.jobcloud.ai/media https://media.jobcloud.ai https://media.jobcloud.ai/media https://script.hotjar.com http://script.hotjar.com https://js.intercomcdn.com https://jobcloud-api-test.erecruiter.org https://jobcloud-api.erecruiter.org https://stats.g.doubleclick.net https://gifs.intercomcdn.com https://static.intercomassets.com https://static.intercomassets.eu https://www.googletagmanager.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://googleads.g.doubleclick.net https://*.ads.linkedin.com https://www.facebook.com https://e1.emxdgt.com https://*.google.com https://*.google.ch https://*.google.de https://*.google.fr https://*.google.be https://*.google.pt https://*.google.rs https://ad.360yield.com/ https://ice.360yield.com/ https://ad.mail.ru/ https://ad.yieldlab.net/ https://ads.stickyadstv.com/ https://ads.yahoo.com/cms/v1 https://cdn.stickyadstv.com/ https://cm.adform.net/ https://cm.g.doubleclick.net/ https://cm.mgid.com/ https://contextual.media.net/ https://criteo-sync.teads.tv/ https://dis.criteo.com/ https://eb2.3lift.com/ https://gum.criteo.com/ https://i.liadm.com/ https://ib.adnxs.com/ https://ih.adscale.de/ https://jadserve.postrelease.com/ https://match.sharethrough.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://pixel.tapad.com/ https://r.casalemedia.com/ https://rtb-csync.smartadserver.com/ https://s.ad.smaato.net/ https://secure.adnxs.com/ https://simage2.pubmatic.com/ https://sp.analytics.yahoo.com/ https://sslwidget.criteo.com https://sync-criteo.ads.yieldmo.com/ https://sync-t1.taboola.com/ https://sync.e-planning.net/ https://sync.outbrain.com/ https://tg.socdm.com/ https://ups.analytics.yahoo.com/ https://us-u.openx.net/ https://visitor.omnitagjs.com/ https://x.bidswitch.net/ https://p.adsymptotic.com/d/px/ https://uipglob.semasio.net/ https://id5-sync.com https://matching.ivitrack.com https://exchange.mediavine.com https://matching.ivitrack.com https://criteo-partners.tremorhub.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com https://a.twiago.com https://bat.bing.com https://c.bing.com; media-src 'self' https://js.intercomcdn.com; worker-src 'self' blob: https://jobcloud.ai.local https://qa.account.jobcloud.ai https://qa.hire.jobcloud.ai https://qa.publication.jobcloud.ai https://stage.jobcloud.ai https://jobcloud.ai 1
frame-ancestors 'self';  default-src 'self' sinotech.com.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' sinotech.com.tw  ;  connect-src 'self' sinotech.com.tw  ;  frame-src sinotech.com.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
style-src 'self' https://* 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com https://api.permutive.com https://cdn.permutive.com; img-src 'self' https://www.googletagmanager.com https://region1.analytics.google.com *.facebook.com *.bluekai.com *.demdex.net *.rlcdn.com https://api.permutive.com *.permutive.com https://cdn.permutive.com https://cdn.cookielaw.org/ https://pixel.quantserve.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.ie https://curator-assets.b-cdn.net/ https://googleads.g.doubleclick.net https://www.google.de https://www.google.de/ads/ga-audiences https://tr.snapchat.com/; connect-src 'self' https://region1.analytics.google.com *.google-analytics.com *.hotjar.com https://analytics.google.com *.googlesyndication.com *.hotjar.com https://ib.adnxs.com *.prmutv.co *.permutive.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://privacyportal.onetrust.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://www.google.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://tr.snapchat.com/ https://www.google.de/ads/ga-audiences https://content.hotjar.io/ wss://ws.hotjar.com https://analytics.tiktok.com; worker-src 'self' blob: 1
script-src 'self' blob https://tfnalmaad.wpengine.com https://analytics.tiktok.com/i18n/pixel/static/identify_55404.js https://analytics.tiktok.com/i18n/pixel/static/main.MTc3MGUxMzJiMA.js https://tr.snapchat.com https://connect.facebook.net https://sc-static.net/scevent.min.js https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/events.js https://www.google.com/recaptcha/api.js https://action.dstillery.com https://staticxx.facebook.com https://tffl.wpengine.com https://googleads.g.doubleclick.net https://www.youtube.com https://static.ads-twitter.com/uwt.js https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com  https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/signals/config/348076795561919?v=2.9.141&r=stable&domain=tobaccofreeflorida.com https://dashboard.chatfuel.com/integration/fb-entry-point.js https://connect.facebook.net/en_US/fbevents.js https://tag.simpli.fi/sifitag/36640690-0be4-0139-8190-06b4c2516bae https://i.simpli.fi  https://bat.bing.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-0DF5NTeszCKXse02' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.comodo.com *.doubleclick.net *.facebook.net *.google.co.nz *.google.com *.google-analytics.com *.googleadservices.com googleapis.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.patreon.com *.polyfill.io *.twitter.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.polyfill.io *.webspellchecker.net; connect-src 'self' *.addthis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.webspellchecker.net 1
default-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com cdn.jsdelivr.net ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src mms.businesswire.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com *.google.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com youtube-nocookie.com vimeo.com *.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
frame-ancestors 'self' https://istafford.staffordcountyva.gov 1
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://avian.listedcompany.com https://ws.shareinvestor.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://www.google-analytics.com https://avian.listedcompany.com https://ir.listedcompany.com https://ws.shareinvestor.com; font-src 'self' data: https://res-1.cdn.office.net https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://avianbrands.com https://directus.avianbrands.com  https://karir.avianbrands.com https://mobile-vis.avianbrands.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://avian.listedcompany.com https://www.google.co.id  https://connect.facebook.net; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://analytics.google.com https://ipapi.co/json/; frame-src 'self' data: https://www.youtube.com/; 1
frame-ancestors 'self' https://* inline 1
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' oaktrading.com *.oaktrading.com *.admis.com *.admisi.com ws://*.oaktrading.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
default-src 'self'; base-uri 'self' burina.net *.burina.net; connect-src 'self' echo.burina.net:6001 wss://echo.burina.net:6001 google-analytics.com www.google-analytics.com bam.nr-data.net; font-src 'self' burinacdn.com data: fonts.gstatic.com; form-action 'self' burina.net:* *.burina.net:* www.paypal.com bib.eway2pay.com testsecurepay.intesasanpaolocard.com; frame-ancestors 'none'; frame-src 'self' data: sr.burina.net en.burina.net www.google.com; img-src 'self' burinacdn.com cid: data: sr.burina.net en.burina.net secure.gravatar.com www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' burinacdn.com sr.burina.net en.burina.net www.google.com www.gstatic.com www.google-analytics.com ajax.googleapis.com cdn.polyfill.io js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' 'report-sample' burinacdn.com sr.burina.net en.burina.net fonts.googleapis.com; worker-src 'self' burinacdn.com; upgrade-insecure-requests 1
default-src 'self' *.dun.163.com *.weixin.qq.com *.commander1.com *.deep.cartier.cn *.cartier.cn *.akstat.io hm.baidu.com bestcem.com *.bestcem.com cdn.trustcommander.net privacy.trustcommander.net *.go-mpulse.net qiyukf.com *.nstool.netease.com *.qiyukf.com rs0.bestcem.cn *.sprinklr.com *.cnzz.com *.mmstat.com *.googletagmanager.com *.127.net *.126.net richemont.bestcem.com *.qiyukf.net *.akamaihd.net *.mktgcdn.com lf3-data.volccdn.com toblog.ctobsnssdk.com mcs.volceapplog.com cartier-font.oss-cn-beijing.aliyuncs.com cartier-material-oss.oss-cn-shanghai.aliyuncs.com res.wx.qq.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://portaldocliente.tvcabo.mz; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://px.ads.linkedin.cn https://cdn.linkedin.oribi.io https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.ytimg.com https://go.onsemi.com blob: data:  https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://matomojs.trackify.info https://matomo.pernod-ricard.io 'self'; frame-ancestors https://matomojs.trackify.info https://matomo.pernod-ricard.io 'self'; frame-src blob: https://www.google.com https://www.youtube.com 'self' https://saprwwindnkmaps.z8.web.core.windows.net https://www.winning-drinks.com https://stags.bluekai.com/ https://mc9r0b9qpsrtt0j17w1666dz6j81.pub.sfmc-content.com/; worker-src blob: 'self' 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-7n1FhyKhdF2KOQhe7LYYZGwvlOXFtvmmG3yQUaEgWgMFlAhU' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' ws: https://code.jquery.com https://*.fontawesome.com https://app.odicci.com https://plant.moretrees.eco/ https://embed.tawk.to https://campaign.odicci.com  https://tawk.link https://static-ssl.responsetap.com https://*.fonts.net https://*.fonts.com https://*.doubleclick.net https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.responsetap.com https://*.google.com  https://*.google.co.uk wss://ws36.hotjar.com https://*.sitescdn.net https://*.centralengland.coop https://*.facebook.net https://*.avocet.io https://*.jsdelivr.net https://*.twitter.com https://*.facebook.com https://*.trendmicro.com https://ads.avct.cloud https://cdn.syndication.twimg.com https://liveapi-cached.yext.com https://x.bidswitch.net https://match.sharethrough.com https://*.twimg.com https://*.demdex.net https://*.cookiebot.com https://*.feefo.com https://*.yext.com https://*.googleapis.com http://*.angularjs.org http://*.youtube.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://*.pagescdn.com wss://*.hotjar.com https://*.odicci.com https://*.sitescdn.net https://*.jsdelivr.net https://*.tawk.to https://*.aspnetcdn.com https://www.instagram.com/ https://fburl.com/ https://vimeo.com/ https://*.trendmicro.com https://*.hotjar.io/ https://*.muchloved.com/ https://www.ml-dev.com/ https://cdnjs.cloudflare.com/ https://central-england-coop.msgfocus.com https://c1b92dc6.sibforms.com https://answers.yext-pixel.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'  1
script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn1.readspeaker.com https://www.deutsches-ausschreibungsblatt.de https://translate.googleapis.com https://www.gstatic.com 1
default-src https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-eval' https://ajax.googleapis.com cdn.mxpnl.com api-js.mixpanel.com www.google-analytics.com docs.google.com calendar.google.com www.googletagmanager.com  'sha256-NA873dC45BPUIltw0jU+n0ruk2+jONPmJcyl4SBo3g4=' 'sha256-lNcex84UyBcPsRtxOC9W/OGR64xdMRuNcUOAlerAFVs=' 'sha256-y6pA5FCRcyc+97gtaC7vBcHyKxmI+J0dyfCUfauaxGc=' 'sha256-+d5SsXB+CcN7crzReEewJ4ivzmwyjeydRhi4QRBEG1I=' 'sha256-oT370yHceHk5HWteI+JaRBj7ycFEKEWtkkwr5SJEOKw=' 'sha256-JT4a2/oQ9RezHv8G/Q5UNBv8bu14p+tzmNz4n1AelgI=' 'sha256-vSa8Thoj93BYGa9b/HuiQvxvpFMX72qYGJrHEsoSXdc=' 'sha256-W6prqLI4mOF1UxaLkSmUl0htFelNAuCmydpb5ajLLPw=' 'report-sample'; report-uri /csp-violation-report-endpoint/; script-src https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-eval' https://ajax.googleapis.com cdn.mxpnl.com api-js.mixpanel.com www.google-analytics.com docs.google.com calendar.google.com www.googletagmanager.com  'sha256-NA873dC45BPUIltw0jU+n0ruk2+jONPmJcyl4SBo3g4=' 'sha256-lNcex84UyBcPsRtxOC9W/OGR64xdMRuNcUOAlerAFVs=' 'sha256-y6pA5FCRcyc+97gtaC7vBcHyKxmI+J0dyfCUfauaxGc=' 'sha256-+d5SsXB+CcN7crzReEewJ4ivzmwyjeydRhi4QRBEG1I=' 'sha256-oT370yHceHk5HWteI+JaRBj7ycFEKEWtkkwr5SJEOKw=' 'sha256-JT4a2/oQ9RezHv8G/Q5UNBv8bu14p+tzmNz4n1AelgI=' 'sha256-vSa8Thoj93BYGa9b/HuiQvxvpFMX72qYGJrHEsoSXdc=' 'sha256-W6prqLI4mOF1UxaLkSmUl0htFelNAuCmydpb5ajLLPw=' 'report-sample'; style-src 'unsafe-inline' https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-eval' https://ajax.googleapis.com cdn.mxpnl.com api-js.mixpanel.com www.google-analytics.com docs.google.com calendar.google.com www.googletagmanager.com  ; frame-ancestors https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com 'self'; media-src https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com blob:; worker-src https://www.veevashare.com/ https://www.veevashare.com/ https://www.veevashare.com/ https://fonts.googleapis.com v596444-channel-prod.services.veevashare.com wss://v596444-channel-prod.services.veevashare.com https://cdn.veevashare.com/v596444/prod/ vlshare-files-prod.s3.amazonaws.com blob:; img-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.klapty.com/ https://widget.weezevent.com/ https://*.addthis.com http://*.calameoassets.com/ https://*.calameoassets.com/ https://ice.artifica.fr/ http://ice.artifica.fr/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://www.google.com https://static.doubleclick.net https://platform.twitter.com https://www.facebook.com https://www.corsairetv.fr https://www.dailymotion.com/http://www.google-analytics.com https://apis.google.com/ https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://www.youtube.com https://www.corsairetv.fr https://www.dailymotion.com/ https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com https://www.corsairetv.fr https://www.dailymotion.com/; frame-src 'self' https://*.youtube.com https://*.libcast.com https://haltools.archives-ouvertes.fr https://archives-ouvertes.fr https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://www.corsairetv.fr https://www.dailymotion.com/ https://www.carto-cud.fr/ http://www.creacast.com http://umap.openstreetmap.fr/ https://widget.pictoaccess.fr/ https://www.google.com/ https://maps.google.fr/ https://player.vimeo.com/ https://www.tipi.budget.gouv.fr/ https://www.atmo-hdf.fr/ https://atmo-hdf.fr/ https://esii-orion.com/ https://marketplace.awoo.fr/ https://www.corsairetv.fr/ https://player.myvideoplace.tv/ https://v.calameo.com https://view.genial.ly/ https://fr.slideshare.net/ http://fr.slideshare.net/ https://www.dailymotion.com/; img-src 'self' https://gallery.mailchimp.com/ https://www.google-analytics.com data: https://*.google-analytics.com https://www.google.fr/ https://stats.g.doubleclick.net/ https://i.ytimg.com https://syndication.twitter.com https://www.corsairetv.fr https://www.dailymotion.com https://*.google.com http://www.google-analytics.com http://photos.le-sportif.com/ https://photos.le-sportif.com/ https://genially.blob.core.windows.net/ https://www.musees-dunkerque.eu/ https://www.klapty.com/ https://widget.weezevent.com/ https://s7.addthis.com https://s7.addthis.com http://*.calameoassets.com/ https://*.calameoassets.com/; 1
frame-ancestors 'none'; report-uri https://appbot.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' js-agent.newrelic.com cdn.twibooru.org https://cdn.twibooru.org; object-src 'none'; frame-ancestors 'none'; frame-src 'self'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://cdn.twibooru.org camo.twibooru.org; block-all-mixed-content 1
frame-ancestors 'self' *.alliants.app itinerary.mandarinoriental.com thegrandmoosehotel.com; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' *.nist.gov js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net gov-bam.nr-data.net 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com platform.twitter.com siteimproveanalytics.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' *.nist.gov fonts.googleapis.com  *.typekit.net; img-src 'self' 'unsafe-inline' data: *.nist.gov *.google-analytics.com *.googletagmanager.com cdnsecakmi.kaltura.com nist-el-nfrlhrr.s3.amazonaws.com https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/fullscreen@2x.png https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/fullscreen.png api.mapbox.com syndication.twitter.com https://*.siteimproveanalytics.io https://h5p.org https://i.vimeocdn.com; media-src 'self' nist-el-nfrlhrr.s3.amazonaws.com; frame-src 'self' tube.nist.gov sts.nist.gov sts2.nist.gov *.kaltura.com *.youtube.com *.arcgis.com https://platform.twitter.com/ https://mc9br2xjjm7ml7r7vp1hmvs0-s9y.pub.sfmc-content.com/skbtncbuffz https://player.vimeo.com *.bluejeans.com https://vimeo.com/; frame-ancestors 'self'; child-src 'self' blob: tube.nist.gov sts.nist.gov sts2.nist.gov *.kaltura.com *.youtube.com *.arcgis.com; font-src 'self' *.nist.gov fonts.googleapis.com fonts.gstatic.com *.typekit.net data:; connect-src 'self' bam.nr-data.net bam-cell.nr-data.net gov-bam.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' 'unsafe-eval' ws://localhost:* http://localhost:* https://localhost:* *.iubenda.com *.olark.com *.linkedin.com *.liadm.com *.hscollectedforms.net *.azure.com wss://ws.hotjar.com *.hotjar.com *.bamboohr.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.linkedin.oribi.io *.getclicky.com *.liadm.com *.googlesyndication.com *.google.com forms-eu1.hsforms.com; report-uri 'self'  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ocuco.com *.iubenda.com *.olark.com *.intuitive-intuition.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.datatables.net *.jquery.com *.jsdelivr.net *.bamboohr.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.doubleclick.net *.adroll.com *.hotjar.com *.getclicky.co *.facebook.net *.pardot.com *.getclicky.com *.vimeo.com  *.azure.com *.intuitive-intuition.com js-eu1.hsforms.net; style-src 'self' 'unsafe-inline' *.olark.com *.datatables.net *.cloudflare.com *.bamboohr.com; font-src 'self' 'unsafe-inline' *.olark.com *.googleusercontent.com; frame-src 'self' *.ocuco.com *.olark.com *.pardot.com allow-same-origin *.vimeo.com *.youtube.com *.doubleclick.net/ forms-eu1.hsforms.com; img-src 'self' *.w3.org data: *.cloudflare.com *.olark.com *.hsforms.com *.hubspot.com *.google.com *.google.ie *.googletagmanager.com *.facebook.com *.linkedin.com *.vimeocdn.com *.ytimg.com; frame-ancestors 'self' admin.ocuco.continuous.ie admin.ocuco.com http://localhost:* https://localhost:* ; media-src 'self' *.olark.com  ; form-action 'self' forms-eu1.hsforms.com; worker-src 'self' blob:; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru business.tinkoff.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru sentry.tinkoff.ru www.cdn-tinkoff.ru cobrowsing.tinkoff.ru acdn.tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru crmp.tinkoff.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tinkoff.ru id.tinkoff.ru api.mindbox.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru rtb-eu.b.otm-r.com sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com 'self' data: *.tcsbank.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org 'self' blob: data: *.tinkoff.ru *.tcsbank.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: 'self'; default-src * data: blob: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self'; frame-ancestors 'none'; connect-src 'self' https://cloudflareinsights.com; 1
default-src 'self' *.kvhh.net kvhh.net; connect-src 'self' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; font-src 'self' *.kvhh.net kvhh.net; frame-src https://te4d20ff4.emailsys1a.net https://app1.edoobox.com https://www.youtube-nocookie.com/; img-src 'self' data: *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; media-src 'self';script-src 'self' 'sha256-akDN1WUCwEizwXBzlROn8PCav50zeSdx/xBQJkylVUc=' 'sha256-xMOBuoCpPB1Ax3XmTbUO1p+mDL7sKZ0FSjVKwIYlVC4=' https://cdn1.edoobox.com https://kvhh.matomo.cloud/ https://cdn.matomo.cloud/kvhh.matomo.cloud/ *.kvhh.net kvhh.net; style-src 'self' 'unsafe-inline' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; 1
default-src 'self' www.youtube.com;    child-src 'self' *.matterport.com www.youtube.com www.google.com cse.google.com player.vimeo.com www.facebook.com usersync.datatrics.com vars.hotjar.com https://*.visualwebsiteoptimizer.com blob:;    script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://localhost:* https://localhost:* www.googletagmanager.com cdn.polyfill.io s.ytimg.com www.google-analytics.com cse.google.com cse.google.nl www.google.nl www.google.com www.youtube.com www.gstatic.com www.googleapis.com www.perplex.nl connect.facebook.net snap.licdn.com *.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com tr.datatrics.com static.hotjar.com script.hotjar.com https://*.bing.com;    style-src 'self' 'unsafe-inline' wss://localhost:* https://localhost:* www.google.com cse.google.com fonts.googleapis.com tr.datatrics.com;    img-src 'self' wss://localhost:* https://localhost:* betarovcnl.perplex.eu img.youtube.com *.ytimg.com data: services.perplex.eu *.google-analytics.com *.analytics.google.com www.google-analytics.com www.google.com www.googleapis.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.rovc.nl www.perplex.nl www.facebook.com *.doubleclick.net www.google.nl *.visualwebsiteoptimizer.com app.vwo.com tr.datatrics.com px.ads.linkedin.com www.linkedin.com *.google-analytics.com *.analytics.google.com https://*.bing.com https://services.perplex.eu;     connect-src 'self' wss://localhost:* https://localhost:* https://*.mailplus.nl https://ws37.hotjar.com https://content.hotjar.io wss://ws37.hotjar.com content.hotjar.io vc.hotjar.io stats.g.doubleclick.net www.facebook.com *.google-analytics.com *.analytics.google.com www.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com api.datatrics.com *.google-analytics.com *.analytics.google.com in.hotjar.com ws://ws7.hotjar.com https://ws7.hotjar.com wss://wsp9.hotjar.com/ https://wsp9.hotjar.com/ wss://wsp34.hotjar.com https://wsp34.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://csmetrics.hotjar.com/ https://*.linkedin.com;    font-src 'self' data: wss://localhost:* https://localhost:* fonts.gstatic.com;    form-action 'self' *.rovc.nl www.facebook.com;    frame-ancestors 'self';    report-uri https://perplex.report-uri.com/r/default/csp/enforce; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://3ieimpact.org/report-uri/enforce 1
default-src 'self';script-src 'self' cdnjs.cloudflare.com js.monitor.azure.com ajax.aspnetcdn.com *.msecnd.net www.datadoghq-browser-agent.com *.stripe.com 'unsafe-inline';style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline';connect-src 'self' dc.services.visualstudio.com *.applicationinsights.azure.com https://fhir-ehr.sandboxcerner.com https://authorization.sandboxcerner.com https://launch.smarthealthit.org logs.browser-intake-datadoghq.com rum.browser-intake-datadoghq.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' data: *.blob.core.windows.net i.vimeocdn.com;media-src 'none';object-src 'self';frame-ancestors 'self' *.sustainsys.com *.epic.com;frame-src 'self' *.youtube.com *.vimeo.com *.blob.core.windows.net *.stripe.com *.sustainsys.com *.drfirst.com;worker-src 'self' blob:;base-uri 'self';report-uri https://intellicure7.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.ca2013.com;  script-src 'self' https://cdn.pagesense.io https://a.mailmunch.co https://ajax.googleapis.com https://pagesense-collect.zoho.com https://static.zohocdn.com https://analytics.mailmunch.co https://forms.mailmunch.co https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' 'self' *.ca2013.com https://a.mailmunch.co data:;  img-src 'self' *.ca2013.com  https://secure.gravatar.com https://a.mailmunch.co https://pagesense-collect.zoho.com https://a.mailmunch.co https://analytics.mailmunch.co https://zohopagesense.nimbuspop.com/ https://static.zohocdn.com/ data: blob:; font-src 'self'  *.ca2013.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.zohocdn.com/ data: blob: ;  style-src 'self' https://fonts.googleapis.com https://a.mailmunch.co https://pagesense-collect.zoho.com/ https://webfonts.zoho.com/ 'unsafe-inline' 'self' *.ca2013.com;  connect-src 'self' *.ca2013.com https://cdn.pagesense.io https://a.mailmunch.co https://ajax.googleapis.com https://pagesense-collect.zoho.com https://static.zohocdn.com https://analytics.mailmunch.co https://forms.mailmunch.co https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com  https://stats.g.doubleclick.net;  object-src 'self' blob:;  frame-src 'self' *.ca2013.com https://cdn.pagesense.io ;  1
default-src https: *.nationalgypsum.com *.goldbondbuilding.com *.proformfinishing.com *.permabase.com *.askforpurple.com *.bugsnag.com data: 'unsafe-inline' 'unsafe-eval'; frame-src *.nationalgypsum.com *.goldbondbuilding.com *.proformfinishing.com *.permabase.com *.askforpurple.com *.youtube.com forms.hsforms.com *.facebook.com *.doubleclick.net 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com wwwadmin.alger.com; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.packola.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'none'; script-src 'self' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net code.jquery.com; connect-src 'self' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net; img-src 'self' https://i.imgur.com; style-src 'self' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com s7.addthis.com connect.facebook.net code.jquery.com;base-uri 'self';form-action 'self' sis-t.redsys.es:25443 sis-t.redsys.es sis.redsys.es www.paypal.com;font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; media-src 'self' https://player.vimeo.com; frame-src 'self' youtube.com https://www.youtube.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-3030c2d720c44c928aab5971b21a555b' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; script-src *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.linkedin.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com js.bizographics.com sjs.bizographics.com static.ads-twitter.com stats.g.doubleclick.net googleads.g.doubleclick.net analytics.twitter.com px.ads.linkedin.com r1.dotmailer-surveys.com snap.licdn.com servedby.flashtalking.com i.ctnsnet.com ads.avocet.io secure-ds.serving-sys.com bs.serving-sys.com widget.trustpilot.com glassdoor.co.uk *.cookiepro.com geolocation.onetrust.com kmc-3439.twil.io sapphire-turtle-6122.twil.io *.twilio.com cinnabar-catfish-8820.twil.io kmc-3439-serverless.twil.io kmc-1903-serverless.twil.io static.hotjar.com script.hotjar.com www.youtube.com https://*.hotjar.com 'unsafe-inline' https://www.google-analytics.com 'self' 'unsafe-eval' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com fonts.googleapis.com tagmanager.google.com *.cookiepro.com geolocation.onetrust.com kmc-3439.twil.io sapphire-turtle-6122.twil.io cinnabar-catfish-8820.twil.io kmc-1903-serverless.twil.io kmc-3439-serverless.twil.io https://*.hotjar.com 'unsafe-inline' 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src *.gstatic.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.analytics.google.com maps.gstatic.com maps.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com www.glassdoor.co.uk/api/widget *.eloqua.com t.co stats.g.doubleclick.net www.google.co.uk www.google-analytics.com www.google.com servedby.flashtalking.com *.ads.linkedin.com https://googleads.g.doubleclick.net http://demos.telerik.com secure.adnxs.com *.cookiepro.com geolocation.onetrust.com *.twil.io *.gravatar.com analytics.twitter.com https://*.hotjar.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.twil.io https://*.hotjar.com; frame-src 'self' widget.trustpilot.com glassdoor.co.uk static.hotjar.com script.hotjar.com www.google.com www.youtube.com web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.analytics.google.com stats.g.doubleclick.net *.mktoresp.com kenchatbot.azurewebsites.net secure-ds.serving-sys.com *.cookiepro.com geolocation.onetrust.com *.twilio.com kmc-1111.twil.io wss://tsock.us1.twilio.com kmc-3439.twil.io kmc-3439-serverless.twil.io kmc-1903-serverless.twil.io lm.serving-sys.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://region1.google-analytics.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com r1.dotmailer-surveys.com servedby.flashtalking.com widget.trustpilot.com glassdoor.co.uk *.cookiepro.com *.google.com vars.hotjar.com *.analytics.google.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://www.promoplace.com 1
default-src 'unsafe-inline' https: 'self' data:; upgrade-insecure-requests; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.lexus.nl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
connect-src 'self' stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com connect.facebook.net www.facebook.com  www.buzzsprout.com audiostory.buzzsprout.com t.leady.com ct.leady.com; default-src 'self' aricoma.com; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' cms.aricoma.local; frame-src 'self' www.google.com www.gstatic.com www.youtube-nocookie.com www.youtube.com; img-src 'self' aricoma.com www.gstatic.com www.google.com www.google.cz www.googletagmanager.com www.facebook.com data:; media-src 'self' www.buzzsprout.com audio.buzzsprout.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com connect.facebook.net cms.aricoma.local ct.leady.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com;  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.posthog.com boards.greenhouse.io static.hsappstatic.net; style-src 'self' 'unsafe-inline'; img-src 'self' assets.foxglove.dev i.ytimg.com; font-src 'self'; connect-src 'self' app.posthog.com api.hsforms.com boards-api.greenhouse.io; media-src 'self' assets.foxglove.dev; frame-src 'self' www.youtube.com boards.greenhouse.io www.linkedin.com meetings.hubspot.com; 1
default-src https:; img-src https: data: http://gethatch.com; connect-src https: wss://*.hotjar.com; font-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-inline' 'self' https://cd.acesdirect.nl https://acesdirect-marketing.nl https://static.mailplus.nl https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; frame-src 'self' https:; frame-ancestors 'self' peoplesoft.cz.nl peoplesoft-acc.apps.cz.nl *.aces-dev.nl; report-uri https://www.acesdirect.nl/csp_violation/ 1
frame-ancestors 'self' https://redactie.infomil.nl https://iplo.nl https://www.iplo.nl 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.gstatic.com http://*.instagram.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.googletagmanager.com http://*.google-analytics.com https://*.google-analytics.com https://*.bugherd.com https://*.pusher.com https://bugherd-attachments.s3.amazonaws.com https://ws.pusherapp.com https://screenshots.bugherd.com https://app.kontent.ai https://app-sn02.marketo.com https://www.tiktok.com https://*.ttwstatic.com/ https://www.instagram.com https://open.spotify.com/ https://w.soundcloud.com https://twitter.com https://*.linkedin.com https://d3gxy7nm8y4yjr.cloudfront.net/ https://*.avant.org.au/ https://*.doubleclick.net/ https://bat.bing.com https://*.taboola.com https://*.adnxs.com https://snap.licdn.com https://*.serving-sys.com https://connect.facebook.net https://*.adsrvr.org https://*.pixeltracker.co https://*.quantserve.com https://*.quantcount.com https://*.hotjar.com/ https://*.clarity.ms/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://app-sn02.marketo.com https://*.ttwstatic.com/ https://*.avant.org.au/; object-src 'self' data:; base-uri 'self'; connect-src 'self' https://*.google.com https://www.google.com.au https://*.vimeo.com https://vimeo.com https://*.algolianet.com https://V0XNNRGMOX-dsn.algolia.net https://*.google-analytics.com https://*.bugherd.com https://*.pusher.com https://sessions.bugsnag.com https://ws.pusherapp.com https://screenshots.bugherd.com https://sessions.bugsnag.com https://*.ttwstatic.com/ wss://ws-mt1.pusher.com https://*.doubleclick.net/ https://*.googleadservices.com/ https://*.taboola.com https://*.serving-sys.com https://*.pixeltracker.co https://*.quantcount.com https://*.hotjar.com/ wss://ws.hotjar.com/ https://*.hotjar.io/ https://*.linkedin.com https://*.clarity.ms/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.figma.com https://*.google.com https://*.bugherd.com https://*.youtube.com https://youtu.be https://*.vimeo.com http://*.instagram.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://app-sn02.marketo.com https://www.tiktok.com https://www.instagram.com https://open.spotify.com/ https://w.soundcloud.com https://twitter.com https://app.acuityscheduling.com/ https://livequotes.omnilife.com.au/ https://*.avant.org.au/ https://avant-production.netlify.app/ https://*.doubleclick.net/ https://*.adsrvr.org; frame-ancestors 'self' https://app.kontent.ai https://avant-production.netlify.app/; img-src 'self' data: https://picsum.photos https://fastly.picsum.photos https://i.picsum.photos https://via.placeholder.com https://*.youtube.com https://*.ytimg.com https://*.vimeocdn.com https://preview-assets-au-01.kc-usercontent.com https://preview-assets-us-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://assets-au-01.kc-usercontent.com https://assets-us-01.kc-usercontent.com https://assets-eu-01.kc-usercontent.com https://*.google-analytics.com https://*.facebook.com https://stats.g.doubleclick.net https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://app-sn02.marketo.com https://cpd.uat.avant.org.au https://*.linkedin.com https://d2iiunr5ws5ch1.cloudfront.net https://d3gxy7nm8y4yjr.cloudfront.net/ https://*.avant.org.au/ https://*.doubleclick.net/ https://bat.bing.com https://*.adnxs.com https://*.quantserve.com https://*.quantcount.com https://*.clarity.ms/ https://bcp.crwdcntrl.net; manifest-src 'self'; media-src 'self' data: picsum.photos via.placeholder.com https://preview-assets-au-01.kc-usercontent.com https://preview-assets-us-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://assets-au-01.kc-usercontent.com https://assets-us-01.kc-usercontent.com https://assets-eu-01.kc-usercontent.com; report-uri; worker-src 'self' blob: 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' jsbridge: http://*.gtimg.cn https://*.gtimg.cn http://*.gtimg.com https://*.gtimg.com http://*.qq.com https://*.qq.com http://*.idqqimg.com https://*.idqqimg.com;img-src 'self' data: blob: jsbridge: http://*.gtimg.cn https://*.gtimg.cn http://*.gtimg.com https://*.gtimg.com http://*.qpic.cn https://*.qpic.cn http://*.qlogo.cn https://*.qlogo.cn http://*.myqcloud.com https://*.myqcloud.com http://*.tenpay.com https://*.tenpay.com http://*.soso.com https://*.soso.com http://*.weiyun.com https://*.weiyun.com http://*.qzone.com https://*.qzone.com http://*.qq.com https://*.qq.com http://*.tx-livetools.wang https://*.tx-livetools.wang http://*.tx-livetools.cn https://*.tx-livetools.cn http://*.tx-livetools.com https://*.tx-livetools.com;child-src 'self' jsbridge: musicqzone: mqzonev2: mqzonev3: mqzone: mqqzone: mqqapi: tmast: nextradio: mvshow: weixin: mqq: blob: jserror: weishi: qqsweetlaunch: mtt: wvjbscheme: market: mimarket: vivoMarket: http://*.qq.com https://*.qq.com http://*.gtimg.com https://*.gtimg.com http://*.qzone.com https://*.qzone.com;frame-src 'self' jsbridge: musicqzone: mqzonev2: mqzonev3: mqzone: mqqzone: mqqapi: tmast: nextradio: mvshow: weixin: mqq: blob: jserror: weishi: qqsweetlaunch: mtt: wvjbscheme: market: mimarket: vivoMarket: http://*.qq.com https://*.qq.com http://*.gtimg.com https://*.gtimg.com http://*.qzone.com https://*.qzone.com;default-src 'self' 'unsafe-inline' data: ws: wss: blob: http://*.gtimg.cn https://*.gtimg.cn http://*.gtimg.com https://*.gtimg.com http://*.qq.com https://*.qq.com http://*.qq.com:8080 https://*.qq.com:8080 http://*.myqcloud.com https://*.myqcloud.com;report-uri https://h5.qzone.qq.com/csp/report?type=header&enable=1 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bgis.com *.youtube.com maps.gstatic.com *.googleapis.com  *.googletagmanager.com  *.google.com *.gstatic.com  *.google-analytics.com cdnjs.cloudflare.com  connect.facebook.net cdn.amcharts.com cdn.jsdelivr.net unpkg.com  js.stripe.com;  frame-src 'self' *.youtube.com fast.wistia.net *.facebook.com s-static.ak.facebook.com js.stripe.com *.bgis.com *.google.com; object-src 'self' 1
default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' maps.googleapis.com static.hotjar.com script.hotjar.com consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com googletagmanager.com cdnjs.cloudflare.com az416426.vo.msecnd.net;style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com;object-src 'none'; base-uri 'self';connect-src 'self' maps.googleapis.com our.umbraco.com in.hotjar.com *.hotjar.com wss://*.hotjar.com/api/v2/client/ws consentcdn.cookiebot.com *.google-analytics.com google-analytics.com uksouth-1.in.applicationinsights.azure.com ukwest-0.in.applicationinsights.azure.com;font-src 'self' fonts.gstatic.com;frame-src 'unsafe-inline' 'unsafe-eval' 'self' tools.eurolandir.com tools.euroland.com gamma.euroland.com youtube.com www.youtube.com player.vimeo.com vars.hotjar.com consentcdn.cookiebot.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' data: i.vimeocdn.com our.umbraco.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com;media-src 'self'; 1
default-src 'self'; connect-src 'self' *.readspeaker.com *.google-analytics.com stats.g.doubleclick.net *.googleapis.com; font-src 'self' *.gstatic.com data: cdn.jsdelivr.net https://pro.fontawesome.com; frame-src 'self' *.google.com menafn.com *.youtube-nocookie.com *.true-markets.net *.youtube.com *.facebook.com https://platform.twitter.com/widgets.js https://platform.twitter.com/ https://syndication.twitter.com/; img-src 'self' data: *.google-analytics.com *.facebook.com *.readspeaker.com *.gstatic.com *.google.com *.googleapis.com i.ytimg.com *.google.jo https://syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1667917508338%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=bb61f1699fcfae52b627cf24e47dedc5508d15f5; manifest-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.twiiter.com https://platform.twitter.com/widgets.js *.facebook.net https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.readspeaker.com *.jsdelivr.net chatbot.hbtf.com.jo https://platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.readspeaker.com *.jsdelivr.net chatbot.hbtf.com.jo https://pro.fontawesome.com/releases/v5.10.0/css/all.css; media-src 'self'; form-action 'self'; worker-src 'self'; child-src 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.omappapi.com https://analytics.tiktok.com https://cdn.lr-in-prod.com https://cdn.pushcrew.com https://container.pepperjam.com https://dev.visualwebsiteoptimizer.com https://js.stripe.com https://perfalytics.com https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://*.google-analytics.com https://*.netlify.app https://*.klaviyo.com https://static.legitscript.com https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://cdn.pushcrew.com https://p.typekit.net https://use.typekit.net https://*.googleapis.com https://*.omappapi.com; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://analytics.tiktok.com https://*.myalloy.com https://api.omappapi.com https://api.perfalytics.com https://cdn.contentful.com https://cognito-idp.us-east-1.amazonaws.com https://perfalytics.com https://r.lr-in-prod.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.klaviyo.com https://*.google-analytics.com https://*.visualwebsiteoptimizer.com https://*.braze.com; font-src 'self' https://use.typekit.net https://*.myalloy.com; frame-src 'self' mailto: https://js.stripe.com https://message.mdintegrations.com https://message.mdintegrations.xyz app.vwo.com https://*.visualwebsiteoptimizer.com https://*.netlify.com https://*.pepperjamnetwork.com https://www.youtube.com; img-src 'self' blob: data: https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://images.ctfassets.net https://static.legitscript.com https://staging-spilledteaconsulting.com https://*.googletagmanager.com https://*.omappapi.com; manifest-src 'self'; media-src 'self' blob: https://*.ctfassets.net; worker-src blob:; 1
default-src 'self'; img-src 'self' nfts.vechainstats.com data: 'unsafe-inline'; frame-src www.google.com/recaptcha/; script-src 'self' ajax.cloudflare.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline'; connect-src 'self' wss://socket.vechainstats.com; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; block-all-mixed-content 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; worker-src http: https: blob: 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'strict-dynamic' 'nonce-aeb0cce64d231e51ccf33059656e48c0' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;frame-ancestors 'self' https://*.avon.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-7yLe830vZU-VNbELKgjbAw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' *.dns.company dns.company; connect-src 'none'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint 1
default-src 'self' alpacafinance.org *.alpacafinance.org; connect-src 'self' https://bsc-dataseed1.ninicoin.io https://alpaca-static-api.s3.amazonaws.com/v1/landing/summary.json https://alpaca-static-api.alpacafinance.org/ https://www.google-analytics.com/g/collect https://www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect; font-src data: https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com; img-src 'self' data: https://alpaca-app-asset.s3-ap-southeast-1.amazonaws.com https://alpaca-app-asset.s3.ap-southeast-1.amazonaws.com https://alpaca-app-assets.alpacafinance.org https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/r/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://tagmanager.google.com https://googletagmanager.com https://www.googletagmanager.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; 1
frame-ancestors https://*.kbase.us; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com maps.googleapis.com cookies-data.onetrust.io *.ikea.ru www.googleadservices.com *.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.ua yastatic.net code.jquery.com *.g.doubleclick.net *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors 'self' https://aima.gov.pt; 1
default-src 'unsafe-inline' 'unsafe-eval' https:; child-src 'self' https:; connect-src 'self' wss: https:; img-src 'self' data: https:; 1
default-src 'self' 'unsafe-inline';script-src *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.google-analytics.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://libretooth.gr; img-src 'self' https: data: blob: https://libretooth.gr; style-src 'self' https://libretooth.gr 'nonce-GlV0X3QHECBrPoMJt+cEsw=='; media-src 'self' https: data: https://libretooth.gr; frame-src 'self' https:; manifest-src 'self' https://libretooth.gr; form-action 'self'; child-src 'self' blob: https://libretooth.gr; worker-src 'self' blob: https://libretooth.gr; connect-src 'self' data: blob: https://libretooth.gr https://libretooth.gr wss://libretooth.gr; script-src 'self' https://libretooth.gr 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-VpFkdX/xdJOC1euK8xMLPdxs3hA9YVmxjUdfcY8tXs2/5nef' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.doubleclick.net *.google-analytics.com; base-uri 'self'; font-src 'self' data:; form-action 'self' *.paypal.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://pipsc.ca https://ipfpc.ca *.paypalobjects.com *.rumiview.com https://stats.g.doubleclick.net *.google-analytics.com *.googleusercontent.com; frame-src 'self' *.google.com *.doubleclick.net *.soundcloud.com *.123formbuilder.com *.paypalobjects.com *.youtube.com https://engage.newmode.net *.engage.newmode.net; script-src 'self' 'unsafe-inline' *.123formbuilder.com *.doubleclick.net *.kickfire.com *.dialogtech.com assets.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.google-analytics.com *.engage.newmode.net https://engage.newmode.net https://blog.apps.npr.org/pym.js/dist/pym.v1.min.js; object-src 'self' 1
default-src 'self';font-src 'self' *.docdoc.com *.gstatic.com *.hotjar.com *.hotjar.io https://d3c31zpszpp17j.cloudfront.net; frame-src 'self' *.contivio.com *.docdoc.com *.google.com *.hotjar.com *.hotjar.io *.vimeo.com *.youtube.com blob:; img-src *.hotjar.com *.hotjar.io https: data: blob:; script-src 'self' *.hotjar.com *.hotjar.io *.docdoc.com *.jsdelivr.net *.cloudflare.com *.twilio.com *.contivio.com *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.docdoc.com *.contivio.com *.youtube.com *.google.com *.googleapis.com https://d3c31zpszpp17j.cloudfront.net 'unsafe-inline'; media-src https: mediastream:;connect-src *.g.doubleclick.net *.google-analytics.com *.docdoc.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.ytimg.com https://*.twilio.com wss://*.twilio.com https://api.amplitude.com https://vimeo.com https://youtube.com *.amazonaws.com *.googleapis.com 1
frame-ancestors 'self' http://tongji.baidu.com https://tongji.baidu.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; frame-src *; object-src * 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; connect-src https:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://api.kitbuilder.co.uk https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com https://*.attn.tv https://www.pinterest.com https://www.pinterest.co.uk blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://analytics.tiktok.com https://*.attn.tv https://events.attentivemobile.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://m.us.speedo.com https://checkout.us.speedo.com https://us.speedo.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.attn.tv https://apps.storystream.ai https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://ucarecdn.com https://storyboard.storystream.ai https://content.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
upgrade-insecure-requests;     default-src     'none'     ;     connect-src     'self'     https://www.sumida.com     https://products.sumida.com     https://www.google.com     https://cse.google.com     https://www.google-analytics.com     *.onetrust.com     ;     script-src     data:     'self'     'unsafe-eval'     'unsafe-inline'     https://www.sumida.com/scripts/     https://products.sumida.com/ProductsInfo/scripts/     https://products.sumida.com/js/     https://code.jquery.com/     https://fast.fonts.net/jsapi/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://www.google.com/cse/     https://cse.google.com     https://cse.google.com/adsense/search/     https://clients1.google.com/complete/search     https://static.cloudflareinsights.com/     *.cloudfront.net     *.onetrust.com     ;     media-src     'self'     blob:     https://www.sumida.com     https://products.sumida.com     ;     object-src     'self'     https://www.sumida.com     https://products.sumida.com     ;     style-src     data:     'self'     'unsafe-inline'     https://www.sumida.com     https://products.sumida.com     https://fast.fonts.net     https://fonts.googleapis.com     https://www.google.com     *.cloudfront.net     ;     img-src     data:     'self'     'unsafe-inline'     https://www.sumida.com     https://products.sumida.com     https://www.google.com     https://clients1.google.com     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://stats.g.doubleclick.net     https://job.mynavi.jp     *.googleapis.com     *.gstatic.com     *.onetrust.com     *.responsivefilemanager.com     ;     frame-src     data:     'self'     https://www.sumida.com     https://products.sumida.com     https://cse.google.com     ;     font-src     'self'     https://fast.fonts.net     https://fonts.gstatic.com     ;     frame-ancestors     'self'     https://www.sumida.com     https://products.sumida.com     ;     form-action     'self'     https://www.sumida.com     https://products.sumida.com     ; 1
frame-ancestors 'self'; connect-src 'self' *.dukascoin.com *.dukascopy.com *.google-analytics.com *.g.doubleclick.net *.hotjar.io *.hotjar.com *.dukascopy.bank *.analytics.google.com *.visualwebsiteoptimizer.com ipinfo.io wss://ws.dukascopy.com wss://ws.hotjar.com; 1
default-src 'none'; script-src 'nonce-WeTt1KOAkg1OSmKUE5xAf0sArPLzWUMB' 'strict-dynamic' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'self'; connect-src 'self' auth.pureaccess.com https://unpkg.com/@rive-app/; worker-src 'self' blob:; img-src 'self' blob: data: content:; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' auth.pureaccess.com; manifest-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' assurant.okta.com *.oktacdn.com; connect-src 'self' assurant.okta.com assurant-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com assurant.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' assurant.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' assurant.okta.com *.oktacdn.com; frame-src 'self' assurant.okta.com assurant-admin.okta.com login.okta.com ok4-devicetrust.okta.com; img-src 'self' assurant.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' assurant.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://ppp.cnhinsurance.com https://www.afasinc.com https://espp.epgins.com https://www-p.afasinc.com https://afasinc.com 1
default-src 'self' https: data: 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://mijnaansluiting1.expoints.nl https://kendo.cdn.telerik.com; 1
default-src https: data:;frame-src 'self' https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://*.g.doubleclick.net/ https://*.doubleclick.net/ https://www.google.com/recaptcha/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;script-src https: 'sha256-4i212Zl3o+H1Sn5PKwExftVRzB0+ND+WOKWGT/ol4R4=' 'sha256-L9NtTqBLxf1z3sIza7z/JTtm01m91a8xVl07p4WTMYw=' 'strict-dynamic';base-uri 'self';require-trusted-types-for 'script';report-uri https://appn.center/apiv1/csp5; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.datocms-assets.com https://*.mux.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.infogram.com https://player.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://youtube.com/ https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://fonts.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://symbio-main.cloud.symbio.agency https://app.sli.do *.wowza.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uistats.sitevision.se/  https://web103.reachmee.com/ https://cdn-eu.readspeaker.com/script/13954/webReader/ https://m1.analytics.sitevision-cloud.se/ https://static-chat.kundo.se/chat-js/org/ https://static-chat.kundo.se/static/ https://chat.kundo.se/chat/org/ https://chat.kundo.se/chat-js/flens-kommun-yrg9gfey/app.js https://static-chat.kundo.se/; img-src 'self' https://images.unsplash.com https://flens-kommun.sitevision.consid.net/ https://kundo.se https://static.kundo.se https://chat.kundo.se https://kundo-web-uploaded-files-prod.s3.amazonaws.com/; connect-src 'self' https://uistats.sitevision.se https://youtube.com https://cdn-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://m1.analytics.sitevision-cloud.se/ https://vtdnntts-eu.readspeaker.com/ https://org-1339.chat.kundo.se/ https://chat.kundo.se/ https://sentry.kundo.se/api/ wss://ws-eu.pusher.com/app/ https://*.pusher.com/ https://kundo.se/attachment/upload/ https://static.kundo.se/static/; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com/script/13954/webReader/r/r2419/ https://cdn-eu.readspeaker.com/script/ https://chat.kundo.se https://static-chat.kundo.se/static/; object-src 'none' ; base-uri 'self'; font-src 'self' data:; frame-src 'self' https://www.google.com/maps/ https://www.youtube.com/ https://play.quickchannel.com/ https://sverigesradio.se/embed/ https://mpi.mashie.com/public/menu/ https://gis.flen.se/ https://extern.lokalguiden.se/ https://arbetsformedlingen.se/etjanst/rekryteringsguiden/ https://geoflen.maps.arcgis.com/ https://org-1339.chat.kundo.se/ https://chat.kundo.se/ https://sentry.kundo.se/api/ https://mpi.mashie.com/ https://web103.reachmee.com/ mailto: tel: *.reachmee.com; manifest-src 'self'; media-src 'self' https://cdn-eu.readspeaker.com/script/13954/webReader/r/r2419/ https://static-chat.kundo.se/static/; worker-src 'none';   1
object-src 'none'; style-src 'unsafe-inline' 'self' yastatic.net yastat.net 'unsafe-eval' yandex.st banners.adfox.ru content.adfox.ru; script-src mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.kz mc.yandex.ua mc.yandex.uz 'self' 'nonce-lX/+Pj6C0//jgQFZ/+G8Wg==' blob: *.mediavitrina.ru strm.yandex.ru strm.yandex.net *.adfox.ru *.adfox.yandex.ru sso.kinopoisk.ru sso.passport.yandex.ru yastat.net yandex.ru payment-widget.plus.tst.kinopoisk.ru payment-widget.plus.kinopoisk.ru 'unsafe-eval' an.yandex.ru yandex.st banners.adfox.ru ads.adfox.ru ads6.adfox.ru storage.mds.yandex.net; img-src 'self' yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.ua mc.yandex.uz mc.admetrica.ru *.mediavitrina.ru strm.yandex.ru strm.yandex.net *.cdnvideo.ru cdnvideo.ru rgi.io track.rutarget.ru ssl.hurra.com gdeby.hit.gemius.pl st.kp.yandex.net *.adfox.ru *.adfox.yandex.ru amc.yandex.ru avatars.mdst.yandex.net avatars.mds.yandex.net *.cdn.yandex.net clck.yandex.ru ad.doubleclick.net mc.kinopoisk.ru sso.kinopoisk.ru sso.passport.yandex.ru www.tns-counter.ru ar.tns-counter.ru web-metrica.yandex.ru *.weborama.fr wcm.weborama-tech.ru data: files.messenger.yandex.net yandex.ru https://tracking.ott.yandex.net avatars.yandex.net avatars-fast.yandex.net favicon.yandex.net verify.yandex.ru *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.tns-counter.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru *.kinopoisk.ru px.moatads.com gdero.hit.gemius.pl; connect-src yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.ua mc.yandex.uz mc.admetrica.ru 'self' blob: *.mediavitrina.ru api2.branch.io *.ott.yandex-team.ru fairplay-proxy.ott.yandex.ru playready-proxy.ott.yandex.ru drm.yandex-team.ru strm-ott.akamaized.net widevine-proxy.ott.yandex.ru frontend.vh.yandex.ru quasar.yandex.ru strm.yandex.net *.strm.yandex.net *.strm.yandex.ru strm.yandex.ru *.ott.yandex.net *.ott.yandex.ru *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net csp.yandex.net kinopoisk.ru *.kinopoisk.ru api.passport.yandex.ru yastatic.net files.messenger.yandex.net yandex.ru https://tracking.ott.yandex.net an.yandex.ru verify.yandex.ru *.verify.yandex.ru yandex.st matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru wcm-ru.frontend.weborama.fr vi.cdnvideo.ru; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru mc.yandex.md 'self' kinopoisk.ru *.kinopoisk.ru sso.kinopoisk.ru sso.passport.yandex.ru *.mds.yandex.net yastatic.net *.paysys.yandex.net *.paysys.yandex.ru trust.yandex.ru trust.yandex.net forms.yandex.ru yandex.ru payment-widget.plus.tst.kinopoisk.ru payment-widget.plus.kinopoisk.ru yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru yastat.net iddqd.pstv.ru/tv iddqd.pstv.ru/tv/; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; font-src 'self' *.adfox.ru *.adfox.yandex.ru yastatic.net data: an.yandex.ru yastat.net; form-action 'self' sso.kinopoisk.ru sso.passport.yandex.ru; default-src blob:; media-src blob: data: *.mediavitrina.ru strm.yandex.net *.strm.yandex.net *.strm.yandex.ru strm.yandex.ru *.cdnvideo.ru cdnvideo.ru *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net kinopoisk.ru *.kinopoisk.ru yastatic.net *.yandex.net yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net vi.cdnvideo.ru; manifest-src yastatic.net; prefetch-src yastatic.net; report-uri https://csp.yandex.net/csp?from=ru.hd.ott&project=ott&yandexuid=9432245291705978223; 1
default-src 'none';font-src 'self' fonts.gstatic.com yandex.ru www.yandex.ru vk.com data: yastatic.net;script-src 'self' 'unsafe-inline' 'unsafe-eval'  ajax.googleapis.com www.googletagmanager.com www.google-analytics.com vk.com yandex.ru www.yandex.ru an.yandex.ru awaps.yandex.ru export.yandex.ru mc.yandex.ru pass.yandex.ru social.yandex.ru api-maps.yandex.ru ads.adfox.ru adfox.yandex.ru *.adfox.yandex.ru suggest-maps.yandex.ru yastatic.net yandex.st ads6.adfox.ru static.nativerent.ru nativerent.ru 1.yastat.net content.mql5.com;img-src 'self' www.google-analytics.com vk.com verify.yandex.ru *.verify.yandex.ru informer.yandex.ru counter.yadro.ru yandex.ru www.yandex.ru an.yandex.ru *.yandex.net data: awaps.yandex.ru kiks.yandex.ru mc.yandex.ru mc.webvisor.com mc.webvisor.org yabs.yandex.ru clck.yandex.ru api-maps.yandex.ru static-maps.yandex.ru ad.adriver.ru amc.yandex.ru *.adfox.ru mc.admetrica.ru yastatic.net static.nativerent.ru nativerent.ru tms.dmp.wi-fi.ru px.adhigh.net content.mql5.com data:;connect-src 'self' www.google-analytics.com yastatic.net yandex.st yandex.ru strm.yandex.ru www.yandex.ru mc.yandex.ru log.strm.yandex.ru amc.yandex.ru *.verify.yandex.ru mc.webvisor.com mc.webvisor.org *.storage.yandex.net an.yandex.ru mobile.yandex.net csp.yandex.net thunderapi.weather.yandex.net weathermaps.s3.mds.yandex.net weathermaps.s3.yandex.net static-mon.yandex.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru mail.yandex.ru nativerent.ru static.nativerent.ru rt.ad-score.com jstracer.yandex.ru;child-src 'self' www.youtube.com vk.com videoapi.my.mail.ru *.mail.ru awaps.yandex.ru pass.yandex.ru www.yandex.ru awaps.yandex.net banners.adfox.ru mc.yandex.ru api-maps.yandex.ru music.yandex.ru browser.yandex.ru widget.tickets.yandex.ru travel.yandex.ru yandexadexchange.net *.yandexadexchange.net www.youtube.com yastatic.net;frame-src 'self' www.youtube.com vk.com videoapi.my.mail.ru *.mail.ru *.yandex.ru www.yandex.ru pass.yandex.ru yastatic.net awaps.yandex.net banners.adfox.ru mc.yandex.ru api-maps.yandex.ru music.yandex.ru browser.yandex.ru widget.tickets.yandex.ru travel.yandex.ru yandexadexchange.net *.yandexadexchange.net www.youtube.com p.ya.ru yandex.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com fonts.googleapis.com blob: www.yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru nativerent.ru static.nativerent.ru 1.yastat.net; media-src 'self' www.yandex.ru *.video.yandex.ru *.yandex.net yandex.st banners.adfox.ru content.adfox.ru strm.yandex.ru data:;object-src yandex.ru clck.yandex.ru *.yandex.net www.yandex.ru yastatic.net;manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://static.ctctcdn.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://cdnjs.cloudflare.com/ https://cdn.userway.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://static.ctctcdn.com/ https://cdn.userway.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.userway.org; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://www.google.com/images/ https://cdn.userway.org; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-src https://cdn.userway.org https://www.google.com/; child-src 'self' https://outlook.office365.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com https://listgrowth.ctctcdn.com/ https://api.userway.org https://cdn.userway.org https://translate.googleapis.com https://stats.g.doubleclick.net https://visitor2.constantcontact.com/api/v1/signup_forms/4c66a9c1-0238-4f25-a171-a058730907a5; 1
script-src 'self' 'unsafe-inline' https://*.googleapis.com https://forms.eboxentreprise.be https://forms.eboxenterprise.be https://forms.e-boxunternehmung.be https://forms.eboxunternehmung.be https://forms.e-boxonderneming.be https://forms.eboxonderneming.be https://analytics.onss.be https://cdn.matomo.cloud https://www.flexmail.eu openfed.github.io; frame-src 'self' https://forms.eboxentreprise.be https://forms.e-boxunternehmung.be https://forms.eboxunternehmung.be https://forms.e-boxonderneming.be https://forms.eboxonderneming.be https://forms.eboxenterprise.be https://forms.socialsecurity.be https://www.flexmail.eu https://youtube-nocookie.com https://www.youtube-nocookie.com; 1
default-src 'self' wss://s-usc1c-nss-254.firebaseio.com wss://daisho.firebaseio.com wss://*.daisho.firebaseio.com wss://*.s-usc1c-nss-254.firebaseio.com *.albacross.com *.doubleclick.net *.s-usc1c-nss-254.firebaseio.com *.daisho.firebaseio.com *.firebaseio.com *.googleapis.com *.landbot.io *.gstatic.com *.searchiq.co *.facebook.com *.hotjar.com vc.hotjar.io vendorlist.consensu.org l.sharethis.com c.sharethis.mgr.consensu.org *.hotjar.com *.partteams.com *.partteams.com/sales/* https://forms.monday.com/ *.forms.monday.com/* *.monday.com/* *.oemkiosks.com/sales/* *.tawk.to *.cloudflare.com *.licdn.com *.leadboxer.com *.addthis.com partteam-59hvecv.netdna-ssl.com *.google-analytics.com wss://*.tawk.to wss://*.hotjar.com https://snid.snitcher.com/verify; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://time.is *.time.is https://widget.time.is/t.js *.widget.time.is/t.js https://snid.snitcher.com/8422734.js *.snid.snitcher.com *.lfeeder.com *.leadfeeder.com sc.lfeeder.com lftracker.leadfeeder.com *.landbot.io https://www.googletagmanager.com/gtag/js *.firebaseio.com *.cookiebot.com *.gstatic.com *.list-manage.com *.amazonaws.com graph.facebook.com widgets.pinterest.com *.ytimg.com *.searchiq.co *.facebook.com *.youtube.com m.addthisedge.com v1.addthisedge.com *.google.com *.linkedin.com lead.watch c.sharethis.mgr.consensu.org partteam-59hvecv.netdna-ssl.com *.tawk.to *.licdn.com *.adroll.com *.lead.watch *.marinsm.com *.facebook.net *.sharethis.com *.addthis.com *.albacross.com *.leadboxer.com *.hotjar.com *.googleadservices.com *.cloudflare.com *.google-analytics.com wss://*.tawk.to https://cjshare.com *.cjshare.com *.cleverjump.org *.jsdelivr.net https://sharebutton.net *.sharebutton.net *.partteams.com *.partteams.com/sales/ *.oemkiosks.com/sales/  *.unpkg.com; style-src 'self' 'unsafe-inline' *.tawk.to *.googleapis.com *.searchiq.co *.jsdelivr.net partteam-59hvecv.netdna-ssl.com optimize.google.com *.partteams.com  *.partteams.com/sales/* *.oemkiosks.com/sales/* *.mailchimp.com *.amazonaws.com s3.amazonaws.com; img-src data: * blob:; object-src *.tawk.to *.partteams.com *.partteams.com/sales/* *.oemkiosks.com/sales/* ; frame-src https://forms.monday.com/ *.forms.monday.com/* *.monday.com/* *.firebaseio.com *.partteams.com *.partteams.com/sales/* *.oemkiosks.com/sales/* *.facebook.com *.youtube.com *.vimeo.com *.google.com partteam-59hvecv.netdna-ssl.com c.sharethis.mgr.consensu.org t.sharethis.com s7.addthis.com vars.hotjar.com static-v.tawk.to va.tawk.to disqus.com; worker-src blob:;font-src 'self' data: fonts.gstatic.com embed.tawk.to; 1
default-src https://maps.googleapis.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.facebook.com https://www.google-analytics.com https://googleads.g.doubleclick.net 'unsafe-inline' 'self'; frame-ancestors 'none'; child-src www.youtube-nocookie.com uplive.pl www5.cbox.ws podcasters.spotify.com www.facebook.com event.webcaster.pl www.google.com www.youtube.com ; script-src https://www.gstatic.com google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google.com https://connect.facebook.net https://www.google-analytics.com https://static.doubleclick.net 'unsafe-inline' 'self'; style-src 'unsafe-inline' fonts.googleapis.com 'self'; img-src https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://csi.gstatic.com https://www.facebook.com https://i.ytimg.com 'self' data: ; font-src 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com 'self';  1
default-src https: data: 'unsafe-inline'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: mediastream: * 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com qaotp.tools.investisdigital.com www.google-analytics.com stats.g.doubleclick.net cdn.linkedin.oribi.io region1.google-analytics.com bcove.video assets.investisdigital.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com geoid.investisdigital.com cookiemanager.investisdigital.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.recaptcha.net  otp.tools.investis.com www.recaptcha.net players.brightcove.net https://snap.licdn.com  *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net www.googletagmanager.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' * data: edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com brightcove.hs.llnwd.net  house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com players.brightcove.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com api2.fonts.com https://cdnjs.cloudflare.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com app-script.monsido.com connect.facebook.net *.cloudfront.net media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com drive.google.com *.googleusercontent.com docs.google.com web-messenger.ingenious.ai *.smooch.io maps.googleapis.com sc-static.net; style-src 'self' 'unsafe-inline' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au fonts.googleapis.com tagmanager.google.com fast.fonts.net *.openforms.com fontlibrary.org *.googletagmanager.com web-messenger.ingenious.ai *.smooch.io drwgdblqzrfiz.cloudfront.net; img-src 'self' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au dhhs.vic.gov.au www.dhhs.vic.gov.au base.maps.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jp www.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com *.fastly.net cdn.storerocket.io assets.storerocket.io *.gravatar.com *.smooch.io *.ingenious.ai drwgdblqzrfiz.cloudfront.net maps.googleapis.com maps.gstatic.com; font-src 'self' data: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org *.smooch.io *.ingenious.ai; frame-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net livestream.com flo.uri.sh zingtree.com control.5stream.com *.podbean.com lgi-complaint-form-uat.powerappsportals.com www.kuula.co s3-ap-southeast-2.amazonaws.com e.issuu.com deakin.h5p.com padlet.com e.infogram.com fuse.education.vic.gov.au *.arcgis.com ecodev.jotform.com app.vision6.com.au *.formsite.com; manifest-src 'self'; media-src 'self' *.ingenious.ai; connect-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.myvictoria.vic.gov.au discover.data.vic.gov.au directory.data.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au api.go.vic.gov.au *.api.go.vic.gov.au corp-geo.mapshare.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net api.ipify.org *.mapbox.com drwgdblqzrfiz.cloudfront.net iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com *.fastly.net storerocket.io *.storerocket.io analytics.google.com web-messenger.ingenious.ai stat.data.abs.gov.au wss://*.smooch.io *.smooch.io *.au.ingenious.ai *.arcgis.com maps.googleapis.com; frame-ancestors 'self' *.vic.gov.au *.shrine.org.au *.victorianveteranscouncil.org.au; 1
frame-ancestors 'self' https://de-mysql.fredo.co.uk/ https://www.vivara.at/ https://www.vivara.de/ https://www.vivara.pl/ 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com https://www.youtube.com https://www.wfb-bremen.de https://s.ytimg.com https://i.ytimg.com https://www.hanselife.de https://fpdownload3.macromedia.com https://fonts.googleapis.com https://regis.inecos.de https://wfb.inecos.de  https://client.inecos.de https://code.jquery.com https://creator.hosted-pageflow.com https://storify.com https://creator.hosted-pageflow.com https://www.terra-air.com https://maps.googleapis.com https://www.google-analytics.com https://bremen-innovativ.de https://bis-bremerhaven.de https://www.bis-bremerhaven.de https://bremen.de https://medien.bremen.de https://bab-bremen.de https://www.digitalisierung-bremen.de https://www.ueberseestadt-bremen.de https://wfb-bremen.de https://www.starthaus-bremen.de https://bremen-innovativ.de https://www.bremen-innovativ.de https://cdnjs.cloudflare.com https://maps.gstatic.com https://fonts.gstatic.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.gstatic.com https://www.youtube-nocookie.com https://track-bremen.de https://matomo.wfb-bremen.de https://vimeo.com https://player.vimeo.com https://api.deepl.com https://tiles.bremn.de https://player.podigee-cdn.net https://cdn.podigee.com https://start.video-stream-hosting.de https://tiles.stadtbremen.info https://bremen.le-an.de https://vr-easy.com https://www.startups-bremen.de ; 1
frame-ancestors https://anytimeestimate.com https://anytimeestimatedev.com https://*.cleverpreview.com https://www.copyscape.com 1
default-src 'self' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; block-all-mixed-content; img-src 'self' data: *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com 1
frame-ancestors 'self' https://merced.sistersofmercy.org 1
default-src 'self' https://www.google.com; img-src 'self' data:  https://*.roc-nijmegen.nl  https://*.google-analytics.com  https://*.googletagmanager.com  https://*.gstatic.com  https://*.google.com  https://*.google.nl  https://*.googleapis.com  https://*.g.doubleclick.net  https://*.googlesyndication.com  https://*.bing.com   https://i.ytimg.com  https://*.facebook.com  https://static.resengo.com  https://px.ads.linkedin.com  https://c.clarity.ms  https://*.snapchat.com; font-src 'self' data: https://*.roc-nijmegen.nl https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.youtube.com https://polyfill.io https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.roc-nijmegen.nl https://*.pardot.com https://*.facebook.net https://cdn.jsdelivr.net https://code.jquery.com https://*.resengo.com https://*.blackthorn.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://bat.bing.com https://www.clarity.ms https://www.google.nl https://pagead2.googlesyndication.com https://sc-static.net https://tr.snapchat.com; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.g.doubleclick.net https://*.hotjar.io https://*.googleapis.com https://noembed.com https://cdn.plyr.io https://*.facebook.com https://*.resengo.com https://dc.services.visualstudio.com https://pagead2.googlesyndication.com https://www.google.com https://*.analytics.google.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://px.ads.linkedin.com https://*.snapchat.com; style-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.googleapis.com https://*.googletagmanager.com https://*.googleapis.com https://*.roc-nijmegen.nl; frame-src 'self' https://*.youtube-nocookie.com https://www.google.com https://*.facebook.com https://*.roc-nijmegen.nl https://*.blackthorn.io https://td.doubleclick.net https://tr.snapchat.com/; frame-ancestors 'self' https://rocnijmegen.perfectwebteam.nl https://*.blackthorn.io; object-src 'self' 1
frame-ancestors 'self' happeo.com app.happeo.com *.happeo.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=17ig2stiqu9gb&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net static.addtoany.com *.google-analytics.com *.googletagmanager.com *.wistia.com js.hsforms.net www.youtube.com view.ceros.com static.sketchfab.com cdn.jsdelivr.net cdn.datatables.net neversettle.activehosted.com *.googleapis.com translate.google.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net connect.facebook.net cta-service-cms2.hubspot.com js.hscta.net; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: *.googleapis.com code.jquery.com www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com rgsharedweb.s3.amazonaws.com cdn.datatables.net unpkg.com fonts.googleapis.com; img-src 'self' data: blob: www.globusmedical.com *.analytics.google.com *.g.doubleclick.net code.jquery.com gravityforms.s3.amazonaws.com *.gstatic.com *.googleapis.com *.w.org *.wistia.com embedwistia-a.akamaihd.net *.hsforms.com track.hubspot.com *.google-analytics.com *.wpengine.com wpengine.com *.gravatar.com *.googletagmanager.com www.gstatic.com *.ytimg.com no-cache.hubspot.com perf.hsforms.com cdn2.hubspot.net forms.hscollectedforms.net cdn.datatables.net plugins.svn.wordpress.org *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com fast.wistia.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net use.typekit.net; connect-src 'self' translate.googleapis.com *.analytics.google.com *.googletagmanager.com *.wistia.com *.hscollectedforms.net js.hs-banner.com *.google-analytics.com *.g.doubleclick.net forms.hsforms.com maps.googleapis.com yoast.com my.wpengine.com *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com fg8vvsvnieiv3ej16jby.litix.io stats.addtoany.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' blob: *.wistia.com embedwistia-a.akamaihd.net; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; child-src static.addtoany.com view.ceros.com forms.hsforms.com www.youtube.com www.google.com; frame-src 'self' static.addtoany.com www.google.com view.ceros.com globusmedical.wistia.com fast.wistia.net fast.wistia.com forms.hsforms.com www.youtube.com www.brainshark.com www.recaptcha.net sketchfab.com static.hsappstatic.net app.hubspot.com api.wppopupmaker.com wp.freemius.com td.doubleclick.net; worker-src 'self' blob:; form-action 'self' forms.hsforms.com; report-uri https://98a67b2af6240837e6f706a6f03306ad.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jquery.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://unpkg.com https://*.googletagmanager.com https://s3.amazonaws.com https://embed.aidaform.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net data:; connect-src 'self' https://*.loriot.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://api.stripe.com https://*.g.doubleclick.net data:; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' youtube.com www.youtube.com *.google.com https://js.stripe.com https://hooks.stripe.com https://*.aidaform.com; object-src 'none'; media-src 'self'; form-action 'self' https://*.selzy.com; frame-ancestors 'self'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.nixcraft.com/logs/ https://www.nixcraft.com/sidekiq/ https://www.nixcraft.com/mini-profiler-resources/ https://www.nixcraft.com/assets/ https://www.nixcraft.com/extra-locales/ https://www.nixcraft.com/highlight-js/ https://www.nixcraft.com/javascripts/ https://www.nixcraft.com/plugins/ https://www.nixcraft.com/theme-javascripts/ https://www.nixcraft.com/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://plausible.cyberciti.biz/js/script.js https: 'unsafe-inline' https://cmp.quantcast.com; worker-src 'self' https://www.nixcraft.com/assets/ https://www.nixcraft.com/javascripts/ https://www.nixcraft.com/plugins/; report-uri https://www.nixcraft.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://openbiblio.social; img-src 'self' https: data: blob: https://openbiblio.social; style-src 'self' https://openbiblio.social 'nonce-I9A1hxRbX6wK8Gtrlm7TGg=='; media-src 'self' https: data: https://openbiblio.social; frame-src 'self' https:; manifest-src 'self' https://openbiblio.social; form-action 'self'; child-src 'self' blob: https://openbiblio.social; worker-src 'self' blob: https://openbiblio.social; connect-src 'self' data: blob: https://openbiblio.social https://openbiblio.social wss://openbiblio.social; script-src 'self' https://openbiblio.social 'wasm-unsafe-eval' 1
frame-ancestors 'self'  https://hauserkaibling.traumgutscheine.com https://www.skiamade.com ; 1
default-src 'self' dvu.okta.com *.oktacdn.com; connect-src 'self' dvu.okta.com dvu-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com dvu.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' dvu.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' dvu.okta.com *.oktacdn.com; frame-src 'self' dvu.okta.com dvu-admin.okta.com login.okta.com; img-src 'self' dvu.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' dvu.okta.com data: *.oktacdn.com fonts.gstatic.com 1
img-src 'self' *.windows.net  data: blob: *.google-analytics.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.googletagmanager.com; style-src 'unsafe-inline' 'self' *.myfonts.net *.mapbox.com optanon.blob.core.windows.net *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; script-src 'nonce-b0f3aae2-f96f-4766-b958-c09d296d72ee' blob: 'strict-dynamic' https: *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; object-src 'none'; base-uri 'self'; media-src *.vimeo.com *.akamaized.net; default-src 'self' data: *.hcaptcha.com *.mapbox.com blob: *.google-analytics.com *.azure.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com; report-uri https://medlog.report-uri.com/r/d/csp/wizard; report-to default; 1
frame-ancestors 'self' endurancecui.active.com; 1
base-uri 'self' ;connect-src 'self' https://*.moerdijk.nl https://*.googleapis.com https://*.obi4wan.com/ https://sockjs-eu.pusher.com wss://ws-eu.pusher.com/app/ https://cdn-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://siteimproveanalytics.com ;default-src 'self' ;font-src 'self' data: https://fonts.gstatic.com/s/ ;form-action 'self' ;frame-ancestors 'none' ;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://m.youtube.com/ https://youtu.be/ https://cdn-eu.readspeaker.com/ ;img-src 'self' data: https://*.moerdijk.nl https://*.ytimg.com https://s3-eu-west-1.amazonaws.com https://cdn-eu.readspeaker.com/ https://cb.vrmwb.nl//assets/images/ https://www.vrmwb.nl https://www.vrmwb.nl/sluiten.png https://*.siteimproveanalytics.io ;media-src 'self' https://cdn-eu.readspeaker.com/ ;object-src 'self' ;report-uri https://www.moerdijk.nl/cspreport ;script-src 'self' 'nonce-bd0f9cef-6cd6-41f9-82f1-dcc6c5deaacd' https://cloudstatic.obi4wan.com https://stats.pusher.com https://cdn-eu.readspeaker.com/ https://*.vrmwb.nl https://siteimproveanalytics.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-eu.readspeaker.com/ https://*.vrmwb.nl/*.css https://cb.vrmwb.nl//assets/css/; 1
default-src https: http: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.shift4api.net *.ups.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com *.shift4api.net *.shift4test.com *.i4go.com *.youtube.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io maps.googleapis.com *.google.com *.gstatic.com *.shift4api.net *.shift4test.com *.i4go.com *.googleapis.com *.google-analytics.com *.constantcontact.com *.ctctcdn.com *.cloudflare.com *.fontawesome.com *.trustedshops.com 'self' 'unsafe-eval' 'sha256-KVeaWNqWRgFbLbt7kPxynCAOGWP3T7Nh+xdJSXgD0cw=' 'sha256-x5wlRmW2PL9g045UWcf7gZYQYBYaADAnikFaiqP4DoI=' 'sha256-S0dIL3nNpqhbN9MzYBWMnOfdPj41OL1+xCNSQHQ9tco=' 'sha256-/PMCWZKtqJzk3S1+HedAlW8N4KXnW6qHfP0aa7/c6SI=' 'sha256-u8V1rVHy62MPW7Ieda8CBzjmy+Zau53BNJxtjKweO2g=' 'sha256-EYHFoYhOX2arMRAk05cE/RWOCcHDrygB3oSoGfkOQCY=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-VU3qMY/n6k6QtAvAUUFXij37SvZoFtLCc4tE5wM4F44=' 'sha256-TcUB1mzXiQO4GxpTRZ0EMpOXKMU3u+n/q1WrgVIcs1I=' 'sha256-bXWxNSz1UyEfsO4GhVlmoTPqxFTHGQERakowyxjR+K0=' 'sha256-5R3L6HPNzkygXtGT2c02E/ZnH2Bhs/fTkRVRrfN79IU=' 'sha256-8s+OCqTgfizM3+zblmvadGMT7BdSCMsCB+CGF6ww5nw=' 'sha256-n8pnJTEfGYgfoiHd5qKgeOKugJXl/g89j411ycbuCAw=' 'sha256-UPxrYDH2imBGWTHzyhTqNZCXTClji/8LYHDDYHREznU=' 'sha256-awxQffQ+p1m1Tchc3qeqEs69nwMBbrK82EDY+BBaJz4=' 'sha256-48sb4Je7XoTlJimO7pm/+fwXo5BBI6oU4Vci+QqK2/I=' 'sha256-kUdIWiatURyAea1bhLxzW5JgJLFcbPA+HewOl2LIM4I=' 'sha256-pctLFcfSaMlv/d7PO3+XSW5DTwweZ+CSNoI9Vpi/SBA=' 'sha256-x1qki0aBh12oPJ8SVwgYGt0R8O4r3w9lo1EZqiHmaOA=' 'sha256-PU004fzvlK18E13DpFKPBcTM6CG2ZEXfrWArwv/37L4=' 'sha256-M2Qsjkwv/5Nm3EON+m3T8aAomYjPYoXTgkpnzHJPO+E=' 'sha256-TJCCqJ1QU65tUv4WsRFt5Ux9inC0cN36cq9dlFxr5nw=' 'sha256-wn/KnAgJFNrBLPiw46GiAPQLyLX/noVfQIXTlyIgH9I=' 'sha256-8fj5J6Pbg6qvtob4F/PNJvqZlaQpUJzo0y/JqeH5NFI=' 'sha256-25dlPZLjAXJYgjFTliSfU4Hu8e7GdxW4nJ1HDwUZuW4=' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-1MwHIh3Ptob+Jf4GPtJbWuSUqkldq64ffDEKTlSwTDI=' 'nonce-Za81N-LLEAsB-BaC51-t7AAAnio'; style-src unsafe-inline *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.constantcontact.com *.google-analytics.com *.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.johnscheepers.com/fl32csp/report/; 1
form-action 'self' *.paypal.com; object-src 'none'; frame-ancestors 'self' https://player.vimeo.com; upgrade-insecure-requests; report-uri https://saico-sa.uriports.com/reports/enforce; report-to default 1
default-src 'self'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; form-action 'self'; frame-ancestors 'self'; frame-src *.doubleclick.net https://12633760.fls.doubleclick.net/ https://tpc.googlesyndication.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; img-src 'self' data: *.doubleclick.net https://cdn.cookielaw.org https://images.ctfassets.net https://images.static.jeniusbank.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com/; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' https://cdn.cookielaw.org https://cdn.signalfx.com/o11y-gdi-rum/v0.11.4/splunk-otel-web.js https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://d472-187-us-east-1.api.decibel.com 'sha256-r8iciXVgb8d/+JUYhGz0TIZi4KPILLjO8imO7DcHKSc=' 'sha256-Y7lHzw0IA1IYWYMyLQOajRYgKGlIcigWyf8YCFDfk3o=' 'sha256-0eEevXttevAEU7n/dY9lUGNyFf1HPR7V9gPjUwKIZf8='; script-src-attr 'none'; connect-src 'self' https://cdn.cookielaw.org https://assets.static.jeniusbank.com https://geolocation.onetrust.com https://www.google-analytics.com https://rum-ingest.us0.signalfx.com/v1/rum https://adservice.google.com/ https://www.google.com/ https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com https://ubt-lb.digital-cloud.medallia.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://portal.decibel.com https://d472-187-us-east-1.api.decibel.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://fonts.googleapis.com https://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.com https://resources.digital-cloud-west.medallia.com; upgrade-insecure-requests ; worker-src blob: wss://collection.decibelinsight.net https://cdn.decibelinsight.net 1
script-src http: https: https://tsum.ua/ 'nonce-ecO1g2pJ2NF9ICPA3tUofqmqLzw62cRakIV5hatniOeHP' 'sha256-73Q/fS6ha07vycKOASHk/05BSO0mojUV3z74mc/6C78=' 'sha256-u/GCVUeEYtR+f4PVsh3crSmnk/YexKYpKIaqMYbN+EU=' 'sha256-/jqPRbBMu+y/flLsTfUd2ZC44B0pAjfZDT7s8w6NUOo=' 'sha256-nofR8SrGdRa8XK+8OSx+mvHNbmc8iqeLdX00ndiE8pU=' 'sha256-PV4NVdA4XUHCTnCHkPeeTAakP9B+t0jL68eXPN1mV68=' 'sha256-u/QbctPj9kNEkEcW7kmm+CX7SsIHEQdOpDuWnjKaPIc=' 'sha256-zfyx5fmbcoHcf+UvaWCYdptXaRirRBSXM49aoqXTows=' 'sha256-6EcR7jhhbW946M6vnjnjEx3ynTFovLVqPwgfLTsvRxQ=' 'sha256-n25vT7eUVMJVJuI8Mfc8VTYa0Nm6AhXMOl2u4EMFWIA=' 'sha256-oV7OR5ht5YIjCwD9XhB7Crj9w2uTaALyd3bT2NiAh+o=' 'sha256-Ucwh/cbmEnAHpJ7q8Hps5sOX5TFlqzVLGpl0S+gs3sI=' 'sha256-Uvp4r+jzjqa941zDqnfqcNN01wf5mewIcg6dCjxZul4=' 'sha256-lztSjAnYyWTZJmZ2k2xJAXWlauxAteUwk9/qswdjuww=' 'sha256-9J9sAmRpkfASuXf0eZhy30g1HuuHamlc0MdUr5bYHmk=' 'sha256-i6Ps7wQmP8w2hJmdh7RXZD/a2cAZ4HD9Pv/pnEXkU38=' statics.esputnik.com 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' https://tsum.ua/; img-src data: http: https: blob:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: use.typekit.net helpcrunch.com fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.userway.org *.facebook.com td.doubleclick.net; 1
default-src https://www.gmp.de; img-src 'self' data: https://matomo.gmp.de https://static.cookiefirst.com/ https://consent.cookiefirst.com/ https://i.vimeocdn.com; connect-src 'self' data: https://matomo.gmp.de https://static.cookiefirst.com/ https://api.cookiefirst.com/ https://edge.cookiefirst.com https://consent.cookiefirst.com https://api.friendlycaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://consent.cookiefirst.com/; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://consent.cookiefirst.com/ https://ajax.googleapis.com https://matomo.gmp.de/; frame-src data: https://player.vimeo.com https://www.youtube.com https://v.qq.com https://www.google.com; frame-ancestors https://confluence.gmp-architekten.de; script-src-elem data: https://ajax.googleapis.com https://player.vimeo.com 'self' 'unsafe-inline' https://matomo.gmp.de https://consent.cookiefirst.com/; media-src 'self'; worker-src 'self' blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com.sg/ads/ https://tr.line.me/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.google.com/ads/ https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://www.google.co.th/ https://ssl.google-analytics.com https://*.onetrust.com/ https://www.google.com/ https://www.google.com.sg/; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.<TLD> https://api.amplitude.com/ https://browser-http-intake.logs.datadoghq.com wss://*.hotjar.com https://*.hotjar.com:* https://sentry.hotjar.com https://vc.hotjar.io https://*.onetrust.com https://www.facebook.com/; font-src 'self' data: https://script.hotjar.com; worker-src 'self' 'unsafe-inline'; frame-src https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.youtube.com https://vars.hotjar.com/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' js.adsrvr.org tr.line.me d.line-scdn.net d.line-cdn.net connect.facebook.net *.google-analytics.com/analytics.js *.datadoghq-browser-agent.com *.hotjar.com *.onetrust.com *.googleadservices.com/pagead/conversion_async.js *.googletagmanager.com/gtag/js *.doubleclick.net:* *.google.com:* *.gstatic.com:*; object-src 'none'; report-uri /report-csp-violations 1
default-src * 'unsafe-inline' 'self' blob: data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors * unsafe-inline;img-src * 'self' blob: data: data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://drive.google.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cdnjs.cloudflare.com https://cdn.zapier.com https://www.googletagmanager.com https://snap.licdn.com *.google.com *.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net *.googleadservices.com *.clarity.ms https://js-eu1.hs-scripts.com https://web-static.preparing.kdanmobile.com https://web-static.dottedsign.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://cdn.cookielaw.org;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://googleads.g.doubleclick.net https://snap.licdn.com *.googleadservices.com *.google-analytics.com https://connect.facebook.net https://apis.google.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cdn.zapier.com *.clarity.ms https://static.ads-twitter.com https://s.yimg.com https://bat.bing.com https://analytics.twitter.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://web-static.preparing.kdanmobile.com https://web-static.dottedsign.com https://js-eu1.usemessages.com/conversations-embed.js https://js-eu1.hubspot.com https://accounts.google.com/gsi/client *.appcues.com https://tracking.g2crowd.com https://cdn.cookielaw.org;frame-src https://content.googleapis.com https://content-people.googleapis.com https://accounts.google.com https://www.facebook.com/ https://bid.g.doubleclick.net/ *.google.com https://app-eu1.hubspot.com/ https://www.youtube.com/embed/ https://td.doubleclick.net/;connect-src * data: blob: 'unsafe-inline' https://*.googleapis.com *.google.com https://*.gstatic.com https://cdn.cookielaw.org https://geolocation.onetrust.com 1
connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com nominatim.openstreetmap.org;    frame-src 'self' www.google.com www.youtube.com;    base-uri 'none';    script-src 'self' *.googletagmanager.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline';    frame-ancestors 'self';    upgrade-insecure-requests;    object-src 'none';    report-uri https://dts.techniserv.cz/report.php;    style-src 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; connect-src *.google-analytics.com *.akd.hr; font-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' www.akd.hr; style-src 'self' www.akd.hr 'unsafe-inline'; img-src * 'self' 'unsafe-inline' www.akd.hr data:; frame-src 'self' www.akd.hr *.google.com; object-src 'none' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io; frame-src blob: 'self' https://www.google.com https://www.youtube.com; worker-src blob: 'self' 1
default-src https://www.amsive.com 'self' blob: data: https://*.amsive.com https://*.amsivedev.com https://*.leadfeeder.com https://*.lfeeder.com https://amsive.com https://videos.treepodia.com  ;  frame-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://amsive.com https://cmp.osano.com/ https://embed.reddit.com/ https://googleads.g.doubleclick.net/ https://hemsync.clickagy.com/ https://mozbar.moz.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.slideshare.net/ https://www.youtube.com/  ; child-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://amsive.com https://cmp.osano.com/ https://embed.reddit.com/ https://googleads.g.doubleclick.net/ https://hemsync.clickagy.com/ https://mozbar.moz.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.slideshare.net/ https://www.youtube.com/  ; font-src https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://amsive.com https://fonts.gstatic.com/ https://use.typekit.net/  data: ; style-src 'unsafe-inline' https://*.amsive.com https://*.amsivedev.com https://amsive.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/select2/ https://yoast.com/shared-assets/  https://www.amsive.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.adroll.com/ https://*.amsive.com https://*.amsivedev.com https://*.google.com/ https://*.hotjar.com/ https://*.leadfeeder.com https://*.lfeeder.com https://*.vimeo.com/ https://*.wistia.com/ https://amsive.com https://bat.bing.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cmp.osano.com/ https://connect.facebook.net/ https://go.amsivedigital.com/ https://googleads.g.doubleclick.net/ https://js.zi-scripts.com/ https://maps.googleapis.com/ https://munchkin.marketo.net/ https://platform.twitter.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tags.clickagy.com/ https://unpkg.com/alpinejs https://ws.zoominfo.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://yoast.com/shared-assets/  https://www.amsive.com ; script-src-elem https://www.amsive.com 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.amsive.com https://*.amsivedev.com https://*.clarity.ms/ https://*.google-analytics.com/ https://*.google.com/ https://*.hotjar.com/ https://*.klaviyo.com/ https://*.leadfeeder.com https://*.lfeeder.com https://*.osano.com/ https://*.wistia.com/ https://amsive.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://connect.facebook.net/ https://embed.reddit.com/ https://go.amsivedigital.com/ https://googleads.g.doubleclick.net/ https://platform.twitter.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://static.zemanta.com/ https://tpc.googlesyndication.com/ https://translate.googleapis.com/ https://unpkg.com/alpinejs https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://yoast.com/shared-assets/  'unsafe-inline' ; style-src-elem https://www.amsive.com https://*.amsive.com https://*.amsivedev.com https://amsive.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/select2/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://yoast.com/shared-assets/  'unsafe-inline' ; img-src https://www.amsive.com 'self' *.linkedin.com/ http://blogs.ifuelinteractive.com/ https://*.amsive.com https://*.amsivedev.com https://*.google-analytics.com/ https://*.google.com/ https://*.ifuelinteractive.com/ https://*.leadfeeder.com https://*.lfeeder.com https://*.twitter.com/ https://*.wistia.com/ https://amsive.com https://connect.facebook.net/ https://fonts.gstatic.com/ https://googleads.g.doubleclick.net/ https://i.ytimg.com/ https://img.zemanta.com/ https://rubenquinones.com/ https://t.co/ https://via.placeholder.com/ https://www.amsivedigital.com/ https://www.facebook.com/ https://www.googletagmanager.com/  data: ; connect-src https://www.amsive.com *.osano.com/ http://ad.doubleclick.net/ https://*.amsive.com https://*.amsivedev.com https://*.bing.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.googleapis.com/ https://*.hotjar.com/ https://*.mktoresp.com/ https://*.mktoutil.com/ https://*.wistia.com/ https://amsive.com https://analytics.twitter.com/ https://aorta.clickagy.com/ https://capig2.amsivedigital.com/ https://cdn.linkedin.oribi.io/ https://d.adroll.com/ https://hemsync.clickagy.com/ https://pagead2.googlesyndication.com/ https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://vc.hotjar.io/ https://www.facebook.com/ https://www.google.com.bd/ https://www.googletagmanager.com/ wss://*.hotjar.com/  ; object-src https://www.youtube.com/ https://embed-fastly.wistia.com/ 'unsafe-inline' ; worker-src blob: 'self'  ; base-uri https://search.google.com/ https://platform.twitter.com/ 'self' ; frame-ancestors 'self' ; form-action 'self' https://www.facebook.com/  ; report-uri https://www.amsive.com/wp-json/amsivecsp/v1/policy-report 1
frame-ancestors 'self' https://go.tomswatchbar.com/ 1
report-uri https://budu.ru/_csp_report?budub2b; font-src 'self' fonts.gstatic.com; manifest-src 'self' budu.ru; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: prosebya.ru *.prosebya.ru wss://prosebya.ru wss://*.prosebya.ru budu.ru *.budu.ru wss://budu.ru wss://*.budu.ru *.googleapis.com maps.gstatic.com www.gstatic.com ren-health.firebaseio.com www.facebook.com top-fwz1.mail.ru www.google.com www.google.ru www.googletagmanager.com www.google-analytics.com analytics.google.com *.amplitude.com static.doubleclick.net mc.yandex.ru mc.yandex.com mc.yandex.md connect.facebook.net i.ytimg.com googlevideo.com www.youtube.com *.ggpht.com vk.com login.vk.com hybrid.ai *.hybrid.ai ads.betweendigital.com ssp.adriver.ru ssp.bestssp.com x01.aidata.io u.openx.net ib.adnxs.com pixel.onaudience.com dmg.digitaltarget.ru ad.mail.ru an.yandex.ru inv-nets.admixer.net x.bidswitch.net pixel.rubiconproject.com redirect.frontend.weborama.fr sync.1dmp.io rtb-csync.smartadserver.com cm.adform.net ad.360yield.com rtb.gumgum.com *.appsflyer.com *.ops.beeline.ru kraken.rambler.ru *.rutarget.ru st.top100.ru relap.io *.gotechnology.io *.fls.doubleclick.net *.g.doubleclick.net sync-t1.taboola.com wa.onelink.me *.ucweb.com *.yandex.net simage2.pubmatic.com *.dmg.digitaltarget.ru wa.onelink.me *.comagic.ru 1
frame-ancestors 'self' *.radio.com *.audacy.com 1
frame-ancestors https://findmyforevermate.com 1
default-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; connect-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; img-src 'self' data: blob: 'unsafe-inline' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; font-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ ; frame-src 'self' https://*.googleapis.com/ https://kudykvolbam.iprpraha.cz/ https://*.matterport.com/ https://matterport.com/ https://soundcloud.com/ https://*.soundcloud.com/ https://www.google-analytics.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.youtube.com/ https://*.gstatic.com/ https://*.cloudflare.com/ https://*.bootstrapcdn.com/ https://*.klicenka.uvm.cz/ https://*.doubleclick.net/ https://*.mapy.cz/ https://polyfill.io/ https://*.polyfill.io/ https://*.matterport.com/ https://*.mapy.cz/ https://*.praha3.cz/ https://*.praha3.cz:8443/ https://praha3.cz/ http://*.googleapis.com/ http://www.google-analytics.com/ http://*.google.com/ http://*.youtube.com/ http://*.gstatic.com/ http://*.cloudflare.com/ http://*.bootstrapcdn.com/ http://*.klicenka.uvm.cz/ http://*.doubleclick.net/ http://*.mapy.cz/ http://polyfill.io/ http://*.polyfill.io/ http://*.matterport.com/ http://*.mapy.cz/ http://*.praha3.cz/ http://praha3.cz/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.facebook.com/ https://*.spadovostpraha.cz/ https://*.mapotic.com/ 1
default-src * *.coachview.net coachview.net 'unsafe-eval' 'unsafe-inline' 'self' data:; script-src https: coachview.net *.coachview.net *.secure.coachview.net *.clarity.ms https://e.clarity.ms/collect/ https://snap.licdn.com/ optimize.google.com https://www.googleoptimize.com/ https://www.gstatic.com bat.bing.com https://sowiso.nl https://diffuser-cdn.app-us1.com/diffuser/diffuser.js *.youtube.com https://coachview8899.activehosted.com https://coachview.b-cdn.net/ https://d3rxaij56vjege.cloudfront.net/ https://prism.app-us1.com/ https://trackcmp.net/t_prism_sitemessages.php https://outlook.office365.com/ https://calendly.com/ https://assets.calendly.com/ https://calendly.co https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com wchat.freshchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://s.ytimg.com/yts/jsbin/ 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-src https://player.vimeo.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://calendly.com/ https://assets.calendly.com https://mozbar.moz.com/ https://coachview.b-cdn.net/ https://app.livestorm.co/ *.youtube.com *.youtube-nocookie.com https://optimize.google.com/ *.opleidingsportaal.nl https://bid.g.doubleclick.net wchat.freshchat.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://coachview.webpush.freshchat.com/ https://www.google.com/; style-src coachview.net *.coachview.net https://coachview.b-cdn.net/ https://wchat.freshchat.com/ https://calendly.com/ https://assets.calendly.com https://wchat.freshchat.com/widget/css/ https://fonts.googleapis.com/ https://optimize.google.com/ https://tagmanager.google.com https://wchat.freshchat.com/css/widget.css 'unsafe-eval' 'unsafe-inline' 'self' data:; img-src https: coachview.net https://coachview.b-cdn.net/ https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self' data:; connect-src * coachview.net *.coachview.net https://coachview.net *.secure.coachview.net *.clarity.ms https://coachview.net/demo-aanvragen/soap/ https://coachview.b-cdn.net/ https://*.lottiefiles.com https://e.clarity.ms https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/; navigate-to  *.freshchat.com; object-src 'none'; base-uri 'self'; form-action coachview.net *.coachview.net  *.secure.coachview.net https://coachview8899.activehosted.com/ https://www.facebook.com/tr/ 'self'; font-src https: coachview.net https://coachview.b-cdn.net/ http://*.hotjar.com https://fonts.googleapis.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data: 1
frame-ancestors 'self' https://payments.bigcommerce.com/ http://127.0.0.1:3000 https://www.thehumansolutions.com; 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; child-src 'self' https: blob:; frame-src 'self' https: blob: 1
block-all-mixed-content; default-src 'self' https://*.aiaibot.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.aiaibot.com https://*.clientis.ch https://clientis.ch https://*.clientis-newsletter.ch https://assets.adobedtm.com https://maps.googleapis.com/maps/ https://www.googleadservices.com https://www.facebook.com https://maps.googleapis.com/maps-api-v3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://*.aiaibot.com https://www.clientis.ch https://www.google.com/ https://player.vimeo.com https://www.youtube.com https://logismata.sp22.ch/ blob:; style-src 'unsafe-inline' https://*.clientis.ch https://clientis.ch https://*.clientis-newsletter.ch https://fonts.googleapis.com/css; frame-ancestors   https://www.clientis.ch; img-src 'self' data: https://*.clientis.ch https://clientis.ch https://maps.gstatic.com/mapfiles/ https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://maps.googleapis.com https://*.aiaibot.com https://*.clientis.ch https://clientis.ch; 1
default-src * data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src *; 1
report-uri /csp; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://img.shields.io; font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/; object-src 'self'; media-src 'self' https://wise.com; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com; frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com 1
default-src * self blob: data: gap:; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://*.ads-twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.pl/ https://www.google.nl/ https://www.gstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.onboardflow.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://api-js.mixpanel.com https://*.mxpnl.com https://*.hotjar.com wss://*.hotjar.com https://*.getreditus.com https://*.getreditus.net https://*.capterra.com https://snap.licdn.com https://*.bing.com https://*.clarity.ms https://cdn.linkedin.oribi.io;font-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tawk.to;img-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://*.doubleclick.net https://www.google.com https://www.google.pl https://www.google.nl https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://t.co https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://*.getreditus.com https://*.getreditus.net https://*.capterra.com https://*.bing.com https://*.clarity.ms https://*.linkedin.com data:;style-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.facebook.com https://connect.facebook.net https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net;frame-src * 1
frame-ancestors 'self' https: *.2playbook.com *.impulsyn.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastorol.es; img-src 'self' https: data: blob: https://mastorol.es; style-src 'self' https://mastorol.es 'nonce-oftzuSPIbmATg5dPAP5O1g=='; media-src 'self' https: data: https://mastorol.es; frame-src 'self' https:; manifest-src 'self' https://mastorol.es; form-action 'self'; child-src 'self' blob: https://mastorol.es; worker-src 'self' blob: https://mastorol.es; connect-src 'self' data: blob: https://mastorol.es https://media.mastorol.es/mastorol/ wss://mastorol.es; script-src 'self' https://mastorol.es 'wasm-unsafe-eval' 1
base-uri 'self'; child-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; frame-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.nuxeocloud.com https://*.tiny.cloud; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.tinymce.com/ blob:; media-src 'self'; object-src 'self' https://*.tiny.cloud; plugin-types https://*.tiny.cloud; script-src 'self' https://*.civiccomputing.com https://*.tiny.cloud https://*.tinymce.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.tinymce.com https://*.tiny.cloud 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=N1lEIqSI9zW%2BVIbBi9NL6eph6DOidjSSG3MVTvB61%2FoIgBVZF22eN1z%2BRepGKe2tvjGd8zXXkI51p7MgPjvhhg%3D%3D; 1
frame-ancestors www.farmanimalhealth.co.uk devfarmanimalhealth-uk.azurewebsites.net staging.coastalcottages.co.uk www.nadis.org.uk alerts.nadis.org.uk bdaze1efrmpwa01-gwp15nadiswidget.azurewebsites.net farm-portal-qa.elancoapps.com farmanimal.elanco.com *.farm.changeset.elancoapps.com localhost:3000 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-Yzk1MTViZDgzMGY3NGU0NGFkM2JhMTJhZWMyOGE5YjA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.p-direkt.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.p-direkt.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.p-direkt.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-src *;connect-src *;media-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edge.curalate.com *.google.com *.pricespider.com *.hotjar.com; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; img-src 'self' data: https: *.hotjar.com; frame-src 'self' https:; font-src 'self' data: https: *.hotjar.com; connect-src 'self' https: ampcid.google.com.br analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com server-side-tagging-b4b35m77ha-uc.a.run.app; media-src 'self' blob:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https: *.hotjar.com cdn.pricespider.com; 1
default-src 'self' https://beck-elibrary.de https://*.beck-elibrary.de https://consentcdn.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; img-src 'self' https://beck-elibrary.de https://*.beck-elibrary.de 'nonce-UD8Cq4bj3AbCePUSm49H' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; frame-ancestors 'self' https://beck-elibrary.de https://*.beck-elibrary.de https://www.googletagmanager.com; script-src 'strict-dynamic' 'nonce-qEwAMu2zezkgETmi1ZTc'; frame-src 'self' blob: https://beck-elibrary.de https://*.beck-elibrary.de 'nonce-H3jUEWE85csYDDMuyudf' https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://player.vimeo.com/video/; style-src 'self' 'unsafe-inline' https://beck-elibrary.de https://*.beck-elibrary.de https://consentcdn.cookiebot.com; base-uri 'self'; object-src 'none' 1
frame-ancestors 'self'; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' data: https://acsbapp.com https://acsbap.com https://analytics.twitter.com https://bat.bing.com https://cdn.rlets.com https://cdnjs.cloudflare.com https://core.secure.ehc.com https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://i.simpli.fi https://s.pinimg.com https://snap.licdn.com https://static.ads-twitter.com https://tag.simpli.fi https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://maps.googleapis.com https://www.gstatic.com https://acsbapp.com https://*.rlets.com https://www.facebook.com https://rum.corewebvitals.io https://ipinfo.io https://www.youtube.com https://core.ehcstaging.com https://core.ehc.com https://cdn-prod.securiti.ai; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://*.rlets.com https://bid.g.doubleclick.net https://www.google.com https://acsbapp.com https://ct.pinterest.com https://accounts.accessibe.com; 1
frame-ancestors 'self' https://*.lightning.force.com; 1
default-src * 'self'; font-src * 'self' data:; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; connect-src *; frame-src * 'self'; base-uri 'self'; frame-ancestors *; form-action 'self' https://login.microsoftonline.com/ https://kvk.bibliothek.kit.edu/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: gray-robinson.com *.gray-robinson.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com youtube.com *.youtube.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com google.com *.google.com microsoft.com *.microsoft.com foundation.zurb.com *.foundation.zurb.com jquery.com *.jquery.com sizzlejs.com *.sizzlejs.com jsperf.com *.jsperf.com cloudguys.com *.cloudguys.com gmail.com *.gmail.com avvo.com *.avvo.com chambersandpartners.com *.chambersandpartners.com superlawyers.com *.superlawyers.com bestlawyers.com *.bestlawyers.com buzzsprout.com *.buzzsprout.com vimeo.com *.vimeo.com vimeocdn.com *.vimeocdn.com sendthisfile.com *.sendthisfile.com citrix.com *.citrix.com webex.com *.webex.com cisco.com *.cisco.com; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; media-src * data: blob:; 1
script-src 'self' *.cookiebot.com fl-cdn.scdn1.secure.raxcdn.com *.flockler.com *.fil-luge.org 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob:; base-uri 'self';worker-src 'self' blob:; 1
base-uri 'self'; default-src self https://widget-v4.tidiochat.com http://localhost:3000 https://cdn.shopify.com https://www.cognitoforms.com; frame-ancestors none; style-src 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://cdn.jsdelivr.net https://cdn.shopify.com https://monorail-edge.shopifysvc.com https://cdn.shopify.com http://localhost:1337 https://growing-moonlight-c9cb750c3b.strapiapp.com https://growing-moonlight-c9cb750c3b.media.strapiapp.com https://growing-moonlight-c9cb750c3b.strapiapp.comundefined https://cdn.accentuate.io https://vni3zk8nil-2.algolianet.com https://vni3zk8nil-dsn.algolia.net https://vni3zk8nil-1.algolianet.com https://vni3zk8nil-3.algolianet.com https://vni3zk8nil-dsn.algolia.net ws://localhost:8002 https://www.playmakers.com https://cdn.jsdelivr.net wss://socket.tidio.co https://metrics-collector.tidio.co https://www.google-analytics.com; img-src 'self' https://cdn.shopify.com http://localhost:1337 https://growing-moonlight-c9cb750c3b.strapiapp.com https://growing-moonlight-c9cb750c3b.media.strapiapp.com https://growing-moonlight-c9cb750c3b.strapiapp.comundefined https://cdn.accentuate.io ws://localhost:8002 https://www.playmakers.com https://www.brooksrunning.com http://www.w3.org data: https://cdnjs.cloudflare.com https://tidio-images-messenger.s3.amazonaws.com https://avatars.tidiochat.com https://www.keenfootwear.com https://www.birkenstock.com https://images.smartwool.com; frame-src 'self' https://www.youtube.com https://services.cognitoforms.com https://www.cognitoforms.com https://runsignup.com https://calendly.com https://my.matterport.com; script-src https://cdn.shopify.com self http://localhost:3000 https://vni3zk8nil-dsn.algolia.net http://code.tidio.co https://widget-v4.tidiochat.com https://www.googletagmanager.com unsafe-inline 'nonce-cdb2dbf1a8710efe4dd3e63b079fb5c8' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-2g3HTLPze9AEcmkuv46x6dcDHYePvZdqkYkF4zAcBeMpALuH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c573e89fa60682e0956f7e91dbfbed37'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.adform.net *.doubleclick.net *.facebook.com *.facebook.net *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ;report-to csp-endpoint; report-uri https://csp-report.adami.fr/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-eIdLEwc2LQut0ZlvP8gmLAfwwuVjFL9Ul9bbfbqtknswA2Wx' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://friend.camp; img-src 'self' https: data: blob: https://friend.camp; style-src 'self' https://friend.camp 'nonce-OU5AkguGSgEEE8as4K04zA=='; media-src 'self' https: data: https://friend.camp; frame-src 'self' https:; manifest-src 'self' https://friend.camp; connect-src 'self' data: blob: https://friend.camp https://friend.camp wss://friend.camp; script-src 'self' https://friend.camp 'wasm-unsafe-eval'; child-src 'self' blob: https://friend.camp; worker-src 'self' blob: https://friend.camp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; 1
child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.onetrust.com https://dc.services.visualstudio.com https://region1.google-analytics.com; default-src 'self' 'unsafe-eval' cdn.jsdelivr.net dhm5hy2vn8l0l.cloudfront.net https://*.google.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://www.vetcollection.co.uk; font-src 'self' data: dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.google.com; img-src 'self' data: https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.onetrust.com https://*.vetcollection.co.uk https://maps.googleapis.com https://maps.gstatic.com https://www.vetcollection.co.uk; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.msecnd.net https://cdn-ukwest.onetrust.com https://dc.services.visualstudio.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-elem 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.onetrust.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://maps.googleapis.com https://www.googletagmanager.com https://www.vetcollection.co.uk; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn.jsdelivr.net https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://fonts.googleapis.com https://www.vetcollection.co.uk; script-src-attr 'unsafe-eval'; 1
frame-ancestors 'self' https://web.dbuniversity.ac.in https://cdn.jsdelivr.net http://web.dbuniversity.ac.in; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com https://www.googletagmanager.com https://www.tagmanager.google.com https://player.vimeo.com/video/334043103 https://offers.cbhs.com.au/ https://*.abtasty.com/ https://ad.doubleclick.net/ https://secure.adnxs.com https://acdn.adnxs.com/dmp/up/pixie.js https://www.googletagservices.com/ https://websites.cdn.getfeedback.com/embed/sYWuqaB7LH/gf.js https://www.getfeedback.com/e/R3BSQ3B0 https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js https://chatbot.cbhs.com.au/api/directlinetoken https://snap.licdn.com/li.lms-analytics/insight.min.js https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/omrhp.js https://px.ads.linkedin.com/collect https://sslwidget.criteo.com https://gum.criteo.com *.callrail.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://www.googletagmanager.com https://offers.cbhs.com.au/ https://*.abtasty.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.abtasty.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://*.abtasty.com/ https://www.google.com/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://*.doubleclick.net https://px.ads.linkedin.com/collect https://ib.adnxs.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync-t1.taboola.com/ https://sync-criteo.ads.yieldmo.com/ https://criteo-sync.teads.tv/ https://sync.outbrain.com/ ad.360yield.com ad.yieldlab.net ade.clmbtech.com adgen.socdm.com ads.stickyadstv.com adx.dable.io c.bing.com contextual.media.net cs.adingo.jp *.criteo.com eb2.3lift.com idsync.rlcdn.com ih.adscale.de match.sharethrough.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver s.ad.smaato simage2.pubmatic.com sync.aralego.com tg.socdm.com ups.analytics.yahoo x.bidswitch.net p.adsymptotic.com s.ad.smaato.net rtb-csync.smartadserver.com ups.analytics.yahoo.com s.ad.smaato.net rtb-csync.smartadserver.com ups.analytics.yahoo.com tags.bluekai.com beacon.krxd.net cdn.aralego.net cotads.adscale.de cdn.aralego.net cotads.adscale.de usersync.octillion.tv; media-src 'self' data: blob:; frame-src 'self' https://www.nab.com.au https://www.healthshare.com.au https://test.salesforce.com https://www.youtube.com https://cbhs--sit.my.salesforce.com https://www.whitecoat.com.au https://www.ahsa.com.au https://cbhs--uat.my.salesforce.com https://cbhs--uat.cs137.my.salesforce.com https://webto.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8 https://webto.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8 https://www.googletagmanager.com https://www.tagmanager.google.com https://player.vimeo.com https://offers.cbhs.com.au/ https://members.cbhs.com.au/ https://uat.cbhs.com.au/ https://*.doubleclick.net/ https://www.getfeedback.com/* https://www.getfeedback.com/e/* https://www.getfeedback.com/e/bHmYasx3?gf_embed_origin=https%3A%2F%2Fdfs4.cbhs.com.au&gf_multichannel_embed=true&webpage_url=https%3A%2F%2Fdfs4.cbhs.com.au%2Fproduct-results https://www.getfeedback.com/e/R3BSQ3B0 https://*.abtasty.com/ https://chatbot.cbhs.com.au/api/directlinetoken https://gum.criteo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.cbhs.com.au/ https://*.abtasty.com/ https://chatbot.cbhs.com.au/api/directlinetoken; connect-src 'self' https://analytics.google.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://health.cbhs.website:80/I3Root/Server1/websvcs/serverConfiguration https://health.cbhs.website:80/I3Root/Server2/websvcs/serverConfiguration https://ictest.cbhs.com.au/CBHS-ICTEST/ https://www.googletagmanager.com https://offers.cbhs.com.au/77e33a2c4e0120e82889698a199cd1bc.js https://*.abtasty.com/ https://googleads4.g.doubleclick.net/ https://*.doubleclick.net https://www.google-analytics.com https://cgrp-carey-appservice.azurewebsites.net https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js *.botframework.com/v3/directline/conversations* wss://directline.botframework.com https://directline.botframework.com https://*.abtasty.com/ https://chatbot.cbhs.com.au/api/directlinetoken https://dis.criteo.com/ https://visitor-fra02.omnitagjs.com/ https://gum.criteo.com/ https://pagead2.googlesyndication.com/pagead/js/r20220728/r20110914/elements/html/omrhp.js https://*.callrail.com; 1
frame-ancestors 'none'; connect-src 'self' https://google.com/pay  https://api.hkmapservice.gov.hk/ https://www.arcgis.com/ https://api.apitruecaptcha.org/ https://*.iris.gov.hk:8443/rumcollector/rdr; default-src 'self' 'unsafe-inline' https://js.arcgis.com/  https://www.arcgis.com/ https://api.hkmapservice.gov.hk/; script-src 'self' 'unsafe-inline'  'unsafe-eval' 'wasm-unsafe-eval' https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/ https://js.arcgis.com/ https://api.hkmapservice.gov.hk/; style-src 'self' 'unsafe-inline' https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/ https://js.arcgis.com/ https://api.hkmapservice.gov.hk/; frame-src 'self' blob: https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/; img-src 'self' 'unsafe-inline' https://js.arcgis.com/ https://api.hkmapservice.gov.hk/ https://mapapis01.blob.core.windows.net/  data:; object-src 'self' blob: 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://secure.networkmerchants.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.iubenda.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://secure.networkmerchants.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://secure.networkmerchants.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline *.googleapis.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com *.stackadapt.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://secure.networkmerchants.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co wss://socket.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
img-src 'self' data: middlesexhealth.org res.cloudinary.com *.marchex.io *.gstatic.com *.googleapis.com *.ggpht www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googleadservices.com *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.ytimg.com *.hotjar.com *.hotjar.io tags.w55c.net ib.adnxs.com beacon.krxd.net usermatch.krdx.net ads.stickyadstv.com aa.agkn.com sync.search.spotxchange.com *.exelator.com ce.lijit.com x.bidswitch.net *.mookie1.com pixel.advertising.com ups.analytics.yahoo.com ads.scorecardresearch.com us-u.openx.net id5-sync.com analytics.twitter.com eb2.3lift.com image2.pubmatic.com match.sharethrough.com contextual.media.net match.srvr.org ad.sxp.smartclip.net px.britepool.com bh.contextweb.com tags.bluekai.com idsync.rlcdn.com pippio.com pixel.rubiconproject.com pixel.tapad.com match.adsrvr.org dsum-sec.casalemedia.com dpm.demdex.net sync.go.sonobi.com *.google.com.ar d.agkn.com *.google.co.in *.google.com.co *.google.es *.google.com.mx *.google.co.cr *.google.co.ve *.google.com.pe *.google.com.ph rtb-csync.smartadserver.com *.google.com.cu *.google.com.gt *.google.cl *.google.hn *.google.com.ec *.google.com.bo *.google.it *.google.com.sv *.google.com.uy *.google.co.uk *.google.com.do *.google.com.pa *.google.ru *.google.ca *.google.co.ke *.google.com.ni *.google.com.br *.google.co.jp *.google.ro *.google.fr *.google.de *.google.bt *.google.co.il *.google.co.ma *.google.co.uz *.google.com.pr *.google.com.py *.google.im *.google.jo *.google.iq *.google.com.jm *.google.com.tr *.google.nl *.google.co.nz *.google.am *.google.com.pk *.google.ad *.google.ae *.google.be *.google.ch *.google.co.id *.google.co.kr *.google.com.au *.google.com.kw *.google.com.ng *.google.com.qa *.google.com.sg *.google.com.vn *.google.gr *.google.pl *.google.pt *.google.tt *.google.se syndication.twitter.com acsbapp.com *.acsbapp.com usermatch.krxd.net s.amazon-adsystem.com analytics.middlesexhealth.org; connect-src 'self' www.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.net *.facebook.com *.doubleclick.net *.google.com subwayblaze.com stats.g.doubleclick.net maps.googleapis.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org analytics.middlesexhealth.org; base-uri 'self'; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com www.google.com standalonechat.custhelp.com *.facebook.com www.youtube.com platform.twitter.com *.hotjar.com *.hotjar.io *.fls.doubleclick.net tpc.googlesyndication.com widgets.justgiving.com player.vimeo.com docs.google.com s.amazon-adsystem.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com 'nonce-MEQ0NzkxRjItQjgzRC05NkYxLTEyREI4OEQ1MzJFNjg5N0I='; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com use.fontawesome.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com 'unsafe-inline'; script-src 'self' *.marchex.io maps.googleapis.com tagmanager.google.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.google.com *.facebook.net www.youtube.com *.twitter.com *.hotjar.com *.hotjar.io widgets.justgiving.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com analytics.middlesexhealth.org 'sha256-z8HvbL92WDOyxzQMY+yhunyy9G0BtBQw/JKoqAArp4M=' 'sha256-neHSFcGerCjk/f80zRm6wrIkmhJzp5k/e2k1Z43Rf34=' 'sha256-JYPKAdKpmqvinjkdbs61NfJ/z1j4ompNBe6yn50GdE8=' 'sha256-yx51GW2W4+6lhHmmmQBOnWJ84WkQ5BkJmVLsuVvyMCM=' 'sha256-RpEYUDTEwSfM8w+xxGHAamEeB1VXYYzrSmPJlOQf/VI=' 'sha256-4dOjWZLiI2jPrNg0SbxLAcql6pFi0N54lpRMbzjYNk8=' 'sha256-T3f7Y+N5F8hopfT+Q/3n37iMrPOiRG+NNM35BdzVqq8=' 'sha256-M1DEmsewC7IlDEHWd35hsxX7eF4DrCdhnT/mezLByco=' 'sha256-TFkj3JiFJFZ6eMPimcbMkT42KYv6k4TJzo6r/hR5ArY=' 'sha256-EntWS0hFrz2vH7susM+dPUxvHlL6sBswmM8K80E5oUk=' 'sha256-R7/tKi0cGqEEByPtfjDbrPkylAffNU9mwp3FPqYkA/A=' 'sha256-8oRhPVElixy01PFtJM/UB7+cvWhQBKpkvdgL7ARapTQ=' 'sha256-80KNIIf9j0xcqVYELBs9oGlnz61CQiui6pP1GVHqDg8=' 'sha256-j/wa/Cf3wUT+s6GSvm6r6T/d0dKZgySbHl6WNHyH2QA=' 'sha256-8hXF+oX2sXnrVI0KaBT20t4ioBZxC9TKHAcKg7rPGds=' 'nonce-MEQ0NzkxRjItQjgzRC05NkYxLTEyREI4OEQ1MzJFNjg5N0I='; font-src 'self' data: fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.hotjar.com *.hotjar.io acsbapp.com *.acsbapp.com; default-src 'self' www.rnengage.com stats.g.doubleclick.net standalonechat.widget.custhelp.com adservice.google.com; 1
default-src 'self' 'none'; child-src blob:; script-src-elem 'self' 'unsafe-inline' analyzer.amedick-sommer.de www.google-analytics.com *.googleapis.com www.googletagmanager.com www.youtube.com tagmanager.google.com altruja.de usercentrics.eu *.usercentrics.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: analyzer.amedick-sommer.de altruja.de www.google-analytics.com *.googleapis.com www.googletagmanager.com www.youtube.com tagmanager.google.com usercentrics.eu *.usercentrics.eu; img-src * data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' blob:; connect-src 'self' *.evkirchepfalz.de www.portal.kirchenplaner.de analyzer.amedick-sommer.de usercentrics.eu *.usercentrics.eu; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com maps.google.de *.google.com www.youtube.com analyzer.amedick-sommer.de mosaically.com adventskalender.evangelisch.de usercentrics.eu *.usercentrics.eu www.ardmediathek.de www.swr.de; base-uri 'self'; object-src 'self' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.mainehousing.org *.jsdelivr.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com unpkg.com/@frontify/ *.cloudinary.com www.googletagmanager.com cdnjs.cloudflare.com translate.google.com *.tableau.com *.typekit.net *.google *.doubleclick.net https://siteimproveanalytics.com/js/siteanalyze_6010345.js *.siteimproveanalytics.io https://acsbapp.com/apps/app/dist/js/app.js https://cdn.acsbapp.com/ *.acsbapp.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.mainehousing.org *.jsdelivr.net *.bootstrapcdn.com *.tableau.com *.google.com *.doubleclick.net *.siteimproveanalytics.com *.siteimproveanalytics.io *.acsbapp.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.mainehousing.org *.jsdelivr.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.frontify.com *.cloudinary.com www.google.com www.mainehousing.org www.google.bg *.tableau.com *.google.com *.doubleclick.net *.siteimproveanalytics.com *.siteimproveanalytics.io *.adsrvr.org *.acsbapp.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.mainehousing.org *.jsdelivr.net *.google.com *.doubleclick.net *.siteimproveanalytics.io *.acsbapp.com https://acsbapp.com/apps/app/dist/fonts/acsbi.ttf?qj8z5u https://acsbapp.com/apps/app/dist/fonts/acsbi.woff?qj8z5u; frame-src 'self' * web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.mainehousing.org *.mktoresp.com *.frontify.com *.cloudinary.com translate.googleapis.com stats.g.doubleclick.net *.tableau.com *.jsdelivr.net *.google.com *.doubleclick.net *.siteimproveanalytics.com *.siteimproveanalytics.io *.acsbapp.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.mainehousing.org *.frontify.com *.cloudinary.com *.tableau.com *.jsdelivr.net *.google.com *.doubleclick.net *.siteimproveanalytics.com *.siteimproveanalytics.io *.acsbapp.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.mainehousing.org *.google.com *.youtu.be *.frontify.com cloudinary.com *.cloudinary.com *.tableau.com *.jsdelivr.net *.doubleclick.net *.siteimproveanalytics.com *.siteimproveanalytics.io *.acsbapp.com web-chat.nativechat.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-8881a9ceb7ddb9ae10337a1198bbf1f1'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src ka-f.fontawesome.com www.google.com; img-src 'self' data: assets.kbs-services.com assets-dev.kbs-services.com www.kbs-services.com forms.hsforms.com hsforms.com forms-na1.hsforms.com px.ads.linkedin.com px4.ads.linkedin.com track.hubspot.com www.google.com i.vimeocdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com google-analytics.com js.hsadspixel.net snap.licdn.com googletagmanager.com www.googletagmanager.com js.hs-scripts.com kit.fontawesome.com scout-cdn.salesloft.com js.hsforms.net vocalvideo.com player.vimeo.com scout-cdn.salesloft.com unpkg.com acsbapp.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fastly-cloud.typenetwork.com unpkg.com; font-src *; connect-src *; media-src *; frame-ancestors kbs.frb.io kbs-services.com kbs-services.ca ifs-services.com vocalvideo.com; frame-src vocalvideo.com player.vimeo.com forms.hsforms.com; 1
script-src 'self' *.clio-online.de *.paypal.com *.paypalobjects.com *.europa.clio-online.de *.clio-online.de *.geschichte.hu-berlin.de 'unsafe-inline' fonts.gstatic.com *.clio-online.net cdn.jsdelivr.net localhost *.hsozkult.de 'unsafe-eval' 1
frame-ancestors 'self' http://canvas.avallain.net 1
frame-ancestors 'self' https://www.fl3xx.com https://paxtax.eu 1
frame-ancestors 'self' *.promoplace.com; 1
frame-ancestors altmuehlnet.de www.altmuehlnet.de; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://chiaforum.com/logs/ https://chiaforum.com/sidekiq/ https://chiaforum.com/mini-profiler-resources/ https://chiaforum.com/assets/ https://chiaforum.com/brotli_asset/ https://chiaforum.com/extra-locales/ https://chiaforum.com/highlight-js/ https://chiaforum.com/javascripts/ https://chiaforum.com/plugins/ https://chiaforum.com/theme-javascripts/ https://chiaforum.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY='; worker-src 'self' https://chiaforum.com/assets/ https://chiaforum.com/brotli_asset/ https://chiaforum.com/javascripts/ https://chiaforum.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com *.doku.com cdnjs.cloudflare.com/ajax/ *.facebook.net/en_US/sdk.js *.googletagmanager.com assets.pinterest.com/js/ *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/ fonts.googleapis.com dtrust.co.id static.dcloud.co.id *.doku.com; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.google.com *.google.co.id stats.g.doubleclick.net *.dcloud.co.id; font-src 'self' data: fonts.gstatic.com static.dcloud.co.id dtrust.co.id cdnjs.cloudflare.com/ajax/; frame-src 'self' *.youtube.com *.doku.com *.google.com; img-src 'self' *.google.co.id *.google.com dtrust.co.id *.dcloud.co.id secure.gravatar.com *.googleusercontent.com/; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6STA2/xwTLKiqzyV27VKhTKvGy9k2Ehtw7mEXgJckLx2C8kS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; block-all-mixed-content; form-action 'self' https://forms-eu1.hsforms.com; object-src 'none'; sandbox allow-forms allow-downloads allow-scripts allow-popups allow-same-origin; font-src 'self' data: fonts.gstatic.com https://heapanalytics.com; media-src 'self'; img-src 'self' data: www.google-analytics.com www.gstatic.com https://heapanalytics.com *.githubusercontent.com *.googleusercontent.com https://www.googletagmanager.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://translate.google.com; script-src 'self' apis.google.com https://www.google-analytics.com ssl.google-analytics.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://heapanalytics.com https://js-eu1.hsforms.net https://api-eu1.hubspot.com https://forms-eu1.hubspot.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' mondoo.com *.mondoo.com *.google-analytics.com *.googleapis.com sentry.io *.doubleclick.net https://heapanalytics.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hsforms.com https://mondoo.statuspage.io https://status.mondoo.com https://us.api.mondoo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://translate.googleapis.com 1
frame-ancestors 'self' https://xworks.net 1
default-src 'self' https://*.reged.com wchat.freshchat.com https://player.vimeo.com https://www.google.com/ https://www.gstatic.com/recaptcha/ ; img-src * 'self' https://*.reged.com data: wchat.freshchat.com ; font-src 'self' https://*.reged.com data: wchat.freshchat.com ; media-src *; script-src *.google-analytics.com www.googletagmanager.com wchat.freshchat.com seal.thawte.com 'unsafe-inline' 'self' 'unsafe-eval' https://*.reged.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ ; style-src https://*.reged.com 'unsafe-inline' 'self' wchat.freshchat.com; connect-src 'self' https://*.reged.com www.google-analytics.com wchat.freshchat.com https://bam.nr-data.net https://bam-cell.nr-data.net https://player.vimeo.com/api ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com; frame-src *; img-src *  blob: data:; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com data:; media-src * blob:; worker-src blob:; connect-src * 1
base-uri 'self'; default-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://bam.nr-data.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://intercom.help https://api-iam.intercom.io https://js.intercomcdn.com; frame-ancestors 'none'; img-src 'self' https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com blob: data:; media-src 'self' https://js.intercomcdn.com; object-src 'none'; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://app.intercom.io https://widget.intercom.io/ https://js.intercomcdn.com 'nonce-c89998d3905b4657088e0c4a6d4524367e191231baa3a299705b44de78505d00'; style-src 'self' https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css https://fonts.googleapis.com/; report-uri https://staysafeapp.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
font-src static.lipscore.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://static.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://studentbeans.com https://connect.studentbeans.com https://accounts.studentbeans.com https://www.applepay.com https://busyb.us13.list-manage.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://embedsocial.com https://studentbeans.com https://connect.studentbeans.com https://accounts.studentbeans.com https://www.applepay.com https://td.doubleclick.net https://www.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com *.bird.eu https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com blob: img.youtube.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net https://studentbeans.com https://cdnjs.cloudflare.com https://chimpstatic.com https://embedsocial.com https://connect.studentbeans.com https://accounts.studentbeans.com https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://maps.googleapis.com https://pay.google.com *.cloudfront.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.lipscore.com *.googleapis.com *.google.com *.gstatic.com https://www.google.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://www.gstatic.com maps.googleapis.com https://cdn.studentbeans.com https://cdnjs.cloudflare.com https://chimpstatic.com https://embedsocial.com https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://maps.googleapis.com https://pay.google.com https://wisepops.com https://wisepops.net https://loader.wisepops.com https://www.dwin1.com https://m.stripe.network.com https://www.applepay.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com static.lipscore.com https://stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://chimpstatic.com https://connect.facebook.net https://embedsocial.com https://studentbeans.com https://connect.studentbeans.com https://accounts.studentbeans.com https://use.typekit.net https://p.typekit.net https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://maps.googleapis.com https://pay.google.com https://wisepops.com https://wisepops.net https://loader.wisepops.com https://www.dwin1.com https://www.applepay.com https://static-tracking.klaviyo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ wapi.lipscore.com users.lipscore.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.gstatic.com maps.googleapis.com https://studentbeans.com https://connect.studentbeans.com https://accounts.studentbeans.com https://google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://maps.googleapis.com https://pay.google.com https://pagead2.googlesyndication.com https://api-js.datadome.co *.hotjar.com ws://ws.hotjar.com *.hotjar.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
font-src 'self' data: cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://player.vimeo.com/ *.google.com https://googleads.g.doubleclick.net/ https://www.google.nl/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.doubleclick.net 'self' data: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tawk.to tawk.link *.facebook.com *.gravatar.com maps.googleapis.com maps.gstatic.com *.google.com *.google.bg *.facebook.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com https://www.gstatic.com/ cdn.jsdelivr.net *.tawk.to player.vimeo.com http://player.vimeo.com/api/player.js chimpstatic.com https://connect.facebook.net/ https://webchat.saysimple.io/ *.smooch.io https://cdn.pixibo.com/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.jsdelivr.net *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com https://vimeo.com/api/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com 'self' data: *.google-analytics.com *.googleapis.com *.paypal.com *.tawk.to 'self' ws: https://stats.g.doubleclick.net/ https://webchat.saysimple.io/ *.smooch.io *.gravatar.com https://*.pixibo.dev/ *.facebook.com *.facebook.net *.google.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; base-uri 'none'; object-src https://*.pbo-dpb.ca https://pbo-dpb.gc.ca https://*.pbo-dpb.gc.ca https://pbo-dpb.s3.ca-central-1.amazonaws.com; form-action 'self' https://challenges.cloudflare.com; img-src 'self' https://www.google-analytics.com https://*.pbo-dpb.ca https://pbo-dpb.gc.ca https://*.pbo-dpb.gc.ca https://pbo-dpb.s3.ca-central-1.amazonaws.com; script-src 'unsafe-eval' 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://challenges.cloudflare.com https://cdn.tailwindcss.com/ https://pboml.opbo-bdpb.ca 1
default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz datawrapper.dwcdn.net; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.mediaservices.com 1
frame-ancestors 'self'; object-src 'self'; upgrade-insecure-requests 1
default-src 'self' https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*; connect-src 'self' https://* wss://*; style-src 'self' 'unsafe-inline' https://*; frame-src 'self' https://*; child-src 'self' https://*; worker-src 'self' https://*; font-src 'self' data: https://*; img-src 'self' data: https://* http://*.gravatar.com/avatar/; frame-ancestors 'self'; object-src 'none'; report-uri https://zero.report-uri.com/r/t/csp/enforce; report-to default 1
frame-ancestors https://portal.uat.domosfs.com https://portal.domosfs.com 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com matterport.com *.matterport.com hotjar.com *.hotjar.com my.visme.co *.my.visme.co *.spotify.com *.doubleclick.net pixel.mathtag.com ct.pinterest.com 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.cloudflare.com *.doubleclick.net royalfoundation.com *.royalfoundation.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self'  data: royalfoundation.com *.royalfoundation.com *.typekit.net; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com *.twitter.com *.google.com *.youtube.com; media-src 'self' blob: data:; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com  cdn.jsdelivr.net static.hotjar.com script.hotjar.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.typekit.net; worker-src 'self' blob:; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-cc8c08887dddd8452002c7a5c2d92f30' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1073713463274315; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1073713463274315 1
frame-ancestors 'self' airporttransfer.com *.airporttransfer.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-lJ3/EILPhuvjUiIvXlXKIP1R4lFBKigC0lsDxMmv7rBowblR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.mogi.vn 1
default-src 'self' packages.umbraco.org our.umbraco.org;script-src 'self' cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com maps.google.com siteimproveanalytics.com www.googletagmanager.com *.gstatic.com www.google-analytics.com maps.googleapis.com www.youtube.com connect.facebook.net *.civiccomputing.com unpkg.com/@googlemaps/markerclusterer/dist/index.min.js use.typekit.net www.google.com Mailchimp.com www.mailchimp.com static.zdassets.com script.crazyegg.com www.facebook.com static.hotjar.com script.hotjar.com tags.srv.stackadapt.com nottinghillgenesis.zendesk.com ekr.zdassets.com v2.zopim.com s7.addthis.com widget-mediator.zopim.com qvdt3feo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com cdn-images.mailchimp.com use.typekit.net p.typekit.net use.fontawesome.com Mailchimp.com www.mailchimp.com tags.srv.stackadapt.com 'unsafe-inline';connect-src 'self' maps.googleapis.com *.google-analytics.com *.google.com *.civiccomputing.com Mailchimp.com www.mailchimp.com ekr.zdassets.com zendesk-eu.my.sentry.io stats.g.doubleclick.net tags.srv.stackadapt.com nottinghillgenesis.zendesk.com wss://widget-mediator.zopim.com capig.themediapeople.co.uk vc.hotjar.io;font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.typekit.net;img-src 'self' www.google-analytics.com maps.gstatic.com maps.google.com img.youtube.com *.googleapis.com data: *.google.co.uk *.google.com p.typekit.net Mailchimp.com www.mailchimp.com static.zdassets.com tags.srv.stackadapt.com www.facebook.com connect.facebook.net script.crazyegg.com v2.zopim.com v2assets.zopim.io tags.srv.stackadapt.com;media-src 'self' www.youtube.com player.vimeo.com static.zdassets.com;frame-src 'self' www.youtube.com www.google.com player.vimeo.com www.google.com www.google-analytics.com Mailchimp.com www.mailchimp.com app.calconic.com my.matterport.com 1
frame-ancestors 'self' *.adfox.ru *.yandex.ru yandex.ru yandex.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.net; 1
default-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com img.youtube.com www.youtube.com www.vimeo.com player.vimeo.com pr.globenewswire.com ml-eu.globenewswire.com sentry.io cdn.plyr.io www.applytracking.com onetrust.com geolocation.onetrust.com data: *.amazonaws.com;script-src 'self' cdn.ravenjs.com js.hsforms.net cdn.jsdelivr.net www.googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com www.youtube.com geolocation.onetrust.com www.vimeo.com player.vimeo.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com static2.sharepointonline.com;frame-ancestors 'self' www.googletagmanager.com www.youtube.com 1
default-src 'self' https://web-storage.deltadentalok.org; img-src 'self' data: blob: https://*.google-analytics.com https://web-storage.deltadentalok.org https://web-storage.delta-dental-ok.mwf.show https://www.googletagmanager.com https://www.gravatar.com https://pixel.sitescout.com/up/92a10fe33c44cdc9; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://player.vimeo.com/ https://pixel.sitescout.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://web-storage.deltadentalok.org https://web-storage.delta-dental-ok.mwf.show https://releases.wagtail.org; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-migrate-1.12.1.min.js https://code.jquery.com/jquery-migrate-1.4.1.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://player.vimeo.com/api/player.js https://player.vimeo.com/api/player-2.19.0.js https://cdn01.basis.net/assets/up.js; worker-src 'self'; style-src 'self' data: 'report-sample' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css; report-uri https://9d223fa0c21171bca21b1685b84555fb.report-uri.com/r/d/csp/enforce 1
base-uri 'self'; block-all-mixed-content; object-src 'none' 1
default-src 'self'; img-src 'self' https: data: blob:; connect-src 'self' www.google-analytics.com blob:; frame-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fundsxpress.com *.apiture.com https://*.jsdelivr.net *.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://seal.websecurity.norton.com https://*.salemove.com https://*.glia.com https://*.quilocloud.com https://cdn.mxpnl.com; frame-src https: https://*.quilocloud.com; connect-src 'self' wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com; media-src 'self' https://*.salemove.com https://*.glia.com https://*.quilocloud.com; style-src 'self' 'unsafe-inline' *.fundsxpress.com *.apiture.com https://maxcdn.bootstrapcdn.com https://*.jsdelivr.net https://*.cloudflare.com https://fonts.googleapis.com https://*.salemove.com https://*.glia.com https://*.quilocloud.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.quilocloud.com https://fonts.gstatic.com; img-src 'self' blob: data: *.google-analytics.com https://*.salemove.com https://*.glia.com https://maps.gstatic.com *.googleapis.com https://*.quilocloud.com https://*.innovationrefunds.com https://*.printable.com; 1
report-uri /csp/report-to https://www.bakertilly.nl/logging/csp/report-uri;base-uri 'none';connect-src 'self' wss://www.bakertilly.nl:5173 https://www.bakertilly.nl:5173 https://*.fonts.bunny.net https://fonts.bunny.net https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.fontawesome.com https://fontawesome.com https://*.google.com https://google.com https://*.google.nl https://google.nl https://*.googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.stats.g.doubleclick.net https://stats.g.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.hotjar.com https://hotjar.com wss://*.hotjar.com wss://hotjar.com https://*.hotjar.io https://hotjar.io https://*.oribi.io https://oribi.io https://*.piwik.pro https://piwik.pro https://*.vimeo.com https://vimeo.com https://*.ipify.org https://ipify.org;default-src 'none';form-action 'self' https://*.facebook.com https://facebook.com;img-src 'self' data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com lh3.ggpht.com lh4.ggpht.com lh5.ggpht.com lh6.ggpht.com https://*.facebook.com https://facebook.com https://*.google.com https://google.com https://*.google.nl https://google.nl https://*.google-analytics.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.linkedin.com https://linkedin.com https://*.googleapis.com https://googleapis.com https://*.maps.gstatic.com https://maps.gstatic.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com;media-src 'self' https://*.vimeo.com https://vimeo.com;object-src 'none';script-src 'self' 'nonce-g2rGaJ5dFi8DUemFQ4eTnQO1aBOoa6gzrHweVtdD' https://www.bakertilly.nl:5173 wss://www.bakertilly.nl:5173 'unsafe-eval' 'strict-dynamic' https://*.consent.cookiebot.com https://consent.cookiebot.com https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com https://googletagmanager.com https://*.googleapis.com https://googleapis.com;style-src 'self' 'nonce-g2rGaJ5dFi8DUemFQ4eTnQO1aBOoa6gzrHweVtdD' https://www.bakertilly.nl:5173 'unsafe-inline' https://*.fonts.googleapis.com https://fonts.googleapis.com https://*.rsms.me https://rsms.me https://*.googleapis.com https://googleapis.com https://*.typekit.net https://typekit.net;script-src-attr https://www.bakertilly.nl:5173 'self';script-src-elem https://www.bakertilly.nl:5173 'self' 'unsafe-inline' https://*.consent.cookiebot.com https://consent.cookiebot.com https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.facebook.com https://facebook.com https://*.facebook.net https://facebook.net https://*.fontawesome.com https://fontawesome.com https://*.googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.hotjar.com https://hotjar.com https://*.licdn.com https://licdn.com https://*.maglr.com https://maglr.com https://*.piwik.pro https://piwik.pro https://*.spotlerscript.com https://spotlerscript.com https://*.spotlerleads.nl https://spotlerleads.nl https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://*.youtube.com https://youtube.com https://*.cloudflare.com https://cloudflare.com;style-src-attr https://www.bakertilly.nl:5173 'self' 'unsafe-inline';style-src-elem https://www.bakertilly.nl:5173 'self' 'unsafe-inline' https://*.fonts.bunny.net https://fonts.bunny.net;font-src https://www.bakertilly.nl:5173 'self' data: https://*.fonts.bunny.net https://fonts.bunny.net https://*.fontawesome.com https://fontawesome.com https://*.fonts.gstatic.com https://fonts.gstatic.com https://*.rsms.me https://rsms.me https://*.typekit.net https://typekit.net;report-to csp-endpoint;frame-ancestors 'self';manifest-src 'self';frame-src 'self' https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.facebook.com https://facebook.com https://*.hotjar.com https://hotjar.com https://*.maglr.com https://maglr.com https://*.vimeo.com https://vimeo.com https://*.youtube.com https://youtube.com https://*.cloudflare.com https://cloudflare.com;child-src https://*.vimeo.com https://vimeo.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://edit.liburnia.hr https://new-edit.infosit.com; 1
default-src 'self' static.mycity.travel static.nendaz.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 1
default-src 'self' *.genflix.co.id *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://accounts.google.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://storage.googleapis.com https://wzrkt.com https://sg1.wzrkt.com https://d2r1yp2w7bby2u.cloudfront.net https://ajax.googleapis.com https://imasdk.googleapis.com https://static.dable.io https://api.dable.io http://sp-api.dable.io https://websdk.appsflyer.com https://static.airbridge.io https://www.datadoghq-browser-agent.com https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * data: android-webview-video-poster: 'self' blob: data:; font-src 'self' data: https://fonts.gstatic.com; media-src * blob: ; frame-src *; connect-src *; worker-src * data: blob: ; object-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-NRbc0xWq9Eit83H0e73rb/Kxr0PZZoOgnQ7KRg3DEhIZjUlK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com; media-src 'self' *.tutkit.com tutkit.com; base-uri 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com/ *.braintreegateway.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com/ assets.braintreegateway.com *.braintreegateway.com; script-src 'self' 'strict-dynamic' 'nonce-iDhiW9MZMHDwX197ZKGU9w==' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com pay.google.com www.paypal.com www.paypalobjects.com/ t.paypal.com www.gstatic.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com checkout.paypal.com assets.braintreegateway.com www.sandbox.paypal.com fonts.googleapis.com play.google.com songbirdstag.cardinalcommerce.com centinelapistag.cardinalcommerce.com geostag.cardinalcommerce.com cdnjs.cloudflare.com writer.cardinalcommerce.com/ unpkg.com *.cardcomplete.com *.amazonaws.com *.bkm.com.tr; connect-src *; frame-src *; img-src 'self' data: *.tutkit.com images.provenexpert.com via.placeholder.com *.gstatic.com *.paypal.com *.paypalobjects.com *.psd-tutorials.de s.w.org; report-uri /reports/content-security-policy; 1
default-src 'self';script-src 'self' 'nonce-4c6b863d-1634-40fa-b914-9b80123ea890' https://*.googletagmanager.com https://*.pagador.com.br https://h.online-metrix.net https://*.evgnet.com/* https://cdn.evgnet.com/beacon/bradesco/sdboxbragro/scripts/ https://cdn.evgnet.com/beacon/bradesco/sdboxbragro/scripts/evergage.min.js https://*.evergage.com https://connect.facebook.net;connect-src 'self' https://bff.e-agro.com.br/graphql wss://chat.e-agro.com.br https://s3.br-sao.cloud-object-storage.appdomain.cloud https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ns.adobe.com https://adobedc.demdex.net https://commerce.adobedc.net https://edge.adobedc.net https://commerce.adobe.io https://*.pagador.com.br https://*.cieloecommerce.cielo.com.br https://*.evergage.com https://googleads.g.doubleclick.net https://www.google.com;img-src 'self' https://cms-static.e-agro.com.br https://static-aarin-gateway.aarin.com.br https://*.google-analytics.com https://*.googletagmanager.com https://api.marketplace.e-agro.com.br https://bancobradescobr-prod.mirakl.net https://cdn.evgnet.com https://*.evgnet.com/* https://cdn.evgnet.com/beacon/bradesco/sdboxbragro/scripts/ https://cdn.evgnet.com/beacon/bradesco/sdboxbragro/scripts/evergage.min.js https://*.evergage.com https://googleads.g.doubleclick.net https://www.facebook.com https://ad.doubleclick.net https://www.google.com https://www.google.com.br data: blob:;object-src 'none';base-uri 'self';frame-ancestors 'self' *;frame-src *;form-action 'self' https://cms-static.e-agro.com.br https://bff.e-agro.com.br/graphql https://e-agro.com.br https://s3.br-sao.cloud-object-storage.appdomain.cloud https://sso.e-agro.com.br ;media-src 'self' https://cms-static.e-agro.com.br https://api.marketplace.e-agro.com.br;font-src 'self' https: data:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 1
default-src 'self' blob: https://*.proceedo.net https://fra-col.eum-appdynamics.com/ https://col.eum-appdynamics.com/ https://*.visma.net https://*.wootric.com https://snowplow.visma.com https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://*.wootric.eu; style-src 'self' https://*.visma.net https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://cdn.appdynamics.com/ https://*.visma.net https://*.wootric.com 'unsafe-eval' 'unsafe-inline';font-src 'self' https://*.visma.net https://fonts.gstatic.com/ https://font.visma.com data:;img-src * data:; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.inews-ua.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz ; 1
default-src 'self' 'unsafe-inline'  http: https: data: ;           style-src 'self' http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com http://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval';           script-src 'self' https://mapgenie.osi.ie 'unsafe-inline' 'unsafe-eval';           object-src 'self';          img-src 'self' https://mapgenie.osi.ie 'unsafe-inline' 'unsafe-eval' data:  1
frame-ancestors 'self' https://nurture.solarwinds.com https://www.solarwinds.com https://try.solarwinds.com https://support.solarwinds.com https://www.solarwinds.jobs; 1
default-src 'self' https://datacard.encoreanywhere.com:4523/api/mediacard/getproxy;               img-src 'self' data:;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com  https://js-agent.newrelic.com/nr-1123.min.js https://bam.nr-data.net;               style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go.com:* *.mydisneyaccount.com:* mydisneyaccount.com:* *.disneyaccount.com:* *.newrelic.com bam.nr-data.net tags.tiqcdn.com; img-src 'self' *.go.com:* data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.go.com:* *.mydisneyaccount.com:* mydisneyaccount.com:* *.disneyaccount.com:*; object-src 'none'; connect-src 'self' *.go.com:* *.mydisneyaccount.com:* mydisneyaccount.com:* *.disneyaccount.com:* *.newrelic.com bam.nr-data.net *.dpm.demdex.net https://10allzxls3.execute-api.us-west-2.amazonaws.com/ 1
base-uri 'self' data:; connect-src livesupport.hetzner.com matomo.hetzner.com use.hetzner.com https://sentry.hetzner.company/ https://robot-ws.your-server.de 'self' data:; default-src 'self'; font-src livesupport.hetzner.com 'self' data:; frame-ancestors 'self'; frame-src youtube-nocookie.com youtube.com www.youtube-nocookie.com https://files.hetzner.com/ 'self' data:; img-src cdn.hetzner.de img.youtube.com livesupport.hetzner.com 'self' data:; media-src https://cdn.hetzner.de 'self'; script-src 'nonce-r9PGgCHzDHmXw4d3' livesupport.hetzner.com matomo.hetzner.com use.hetzner.com 'self' data: 'nonce-e4b9cf11160189c8'; style-src livesupport.hetzner.com 'self' 'unsafe-inline' data:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://raftaar.in;block-all-mixed-content; 1
default-src 'self' data:              http://*.typekit.net              https://*.typekit.net              https://*.iesnare.com              https://api.greendotonline.com             http://www.youtube.com             https://www.youtube.com             https://*.netverify.com             http://*.netverify.com             https://netverify.com             http://netverify.com             https://*.google.com              https://*.google-analytics.com             http://*.google-analytics.com              https://*.googleadservices.com              https://*.bing.com             https://*.ssl.ak.dynamic.tiles.virtualearth.net             https://*.doubleclick.net             https://*.googleapis.com;                            img-src 'self' file: data: blob: filesystem:             https://localhost             https://*.google-analytics.com             http://*.google-analytics.com             https://*.greendot.com             https://*.doubleclick.net             https://*.google.com             https://*.bing.com             https://*.typekit.net             https://ds.reson8.com             https://*.virtualearth.net;                           child-src 'self'             https://*.google.com             http://www.youtube.com             https://www.youtube.com             https://player.vimeo.com             https://vimeo.com             https://ds.reson8.com             https://*.netverify.com             http://*.netverify.com             https://netverify.com             https://*.bing.com;                           style-src 'self' 'unsafe-inline' 'unsafe-eval'              https://*.greendot.com             https://*.googleapis.com              https://*.typekit.com             https://*.bing.com             https://*.typekit.net             http://*.nextestate.com             https://*.ssl.ak.dynamic.tiles.virtualearth.net             https://*.virtualearth.net;                            script-src 'self' 'unsafe-inline' 'unsafe-eval'              https://*.greendot.com             http://*.google-analytics.com              http://*.googletagmanager.com             https://*.google-analytics.com              https://*.googletagmanager.com             https://*.doubleclick.net             https://*.google.com              https://*.googleapis.com              https://*.googleadservices.com              https://*.iesnare.com              https://*.typekit.com              https://*.gstatic.com             https://*.typekit.net             http://*.typekit.net             http://*.googleadservices.com             https://*.bing.com             http://*.nextestate.com             https://*.virtualearth.net;                           font-src 'self' data:              https://*.typekit.com              https://*.typekit.net             https://*.iesnare.com;              1
frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: tmembassy.gov.tm *.tmembassy.gov.tm mfa.gov.tm *.google-analytics.com *.googletagmanager.com yandex.com api-maps.yandex.ru *.yandex.net;  script-src   'self' 'unsafe-inline' 'unsafe-eval' tmembassy.gov.tm *.tmembassy.gov.tm metrics.com.tm *.google-analytics.com *.googletagmanager.com api-maps.yandex.ru yastatic.net *.yandex.net;  connect-src  'self' 'unsafe-inline' 'unsafe-eval' tmembassy.gov.tm *.tmembassy.gov.tm mfa.gov.tm *.metrics.com.tm *.google-analytics.com *.googletagmanager.com *.doubleclick.net;  style-src    'self' 'unsafe-inline' tmembassy.gov.tm *.tmembassy.gov.tm;  font-src     'self' data: tmembassy.gov.tm *.tmembassy.gov.tm *.gstatic.com;  frame-src    'self' tmembassy.gov.tm *.tmembassy.gov.tm;  object-src   'self' ; 1
frame-ancestors 'self' *.arcgis.com https://nve-cim.no https://abonner.varsom.no; 1
frame-ancestors self cms.zinodavidoff.com *.platform.sh 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lemonway.com *.axept.io unpkg.com *.google.com *.googletagmanager.com *.gstatic.com www.google-analytics.com *.hotjar.com load.sumo.com snap.licdn.com cdnjs.cloudflare.com pi.pardot.com 1
frame-src 'self' https://calendly.com https://cdn.affinipay.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src * 'self' blob: data:; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com pghub.io *.iesnare.com *.bazaarvoice.com www.youtube.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' *.iesnare.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io consumersupport.pg.com www.youtube-nocookie.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.ytimg.com www.googletagmanager.com www.google-analytics.com *.bazaarvoice.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.algolia.net *.algolianet.com *.bazaarvoice.com *.iesnare.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://www.google.com/ https://www.google.com/recaptcha/ 1
default-src 'self' *.digicape.co.za *.datasmart.co.za; style-src 'self' *.digicape.co.za *.datasmart.co.za 'unsafe-inline' *.freshchat.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com embed.payjustnow.com fonts.googleapis.com use.fontawesome.com www.googletagmanager.com; font-src 'self' *.digicape.co.za *.datasmart.co.za cdnjs.cloudflare.com use.fontawesome.com fonts.gstatic.com; script-src 'self' *.digicape.co.za *.datasmart.co.za 'unsafe-eval' 'unsafe-inline' *.freshchat.com *.g.doubleclick.net *.google-analytics.com cdn.jsdelivr.net code.jquery.com connect.facebook.net mobicred.co.za platform.twitter.com script.hotjar.com seal.digicert.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googletagmanager.com; object-src 'self' *.digicape.co.za *.datasmart.co.za seal.digicert.com; frame-src 'self' *.digicape.co.za *.datasmart.co.za *.freshchat.com vars.hotjar.com www.facebook.com www.youtube.com seal.digicert.com *.float.co.za; connect-src 'self' *.digicape.co.za *.datasmart.co.za *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.co.za *.google.com www.googletagmanager.com cdn.linkedin.oribi.io in.hotjar.com mobicred.co.za www.facebook.com; img-src * data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cr8r.gg; img-src 'self' data: blob: https://cr8r.gg https://cdn.cr8r.gg; style-src 'self' https://cr8r.gg 'nonce-3X28aZp8nrWHfu0xSpySVQ=='; media-src 'self' data: https://cr8r.gg https://cdn.cr8r.gg; frame-src 'self' https:; manifest-src 'self' https://cr8r.gg; form-action 'self'; child-src 'self' blob: https://cr8r.gg; worker-src 'self' blob: https://cr8r.gg; connect-src 'self' data: blob: https://cr8r.gg https://cdn.cr8r.gg wss://cr8r.gg; script-src 'self' https://cr8r.gg 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://news.torrentpharma.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://news.torrentpharma.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; object-src 'self' 'unsafe-inline' https://torrentpharma.com; media-src 'self' 'unsafe-inline' https://torrentpharma.com https://news.torrentpharma.com https://www.torrentpharma.com; 1
default-src 'self'  ; frame-src * 'self'  data: blob: ; frame-ancestors 'self' blob: ; ; base-uri 'self' ; ; form-action 'self'  ; script-src * 'unsafe-eval' 'unsafe-inline'  ; object-src * 'self' data: blob: ; img-src * 'unsafe-inline'  data: ; style-src * 'unsafe-inline'  ; font-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epic.com *.epic.com data: blob:; 1
frame-ancestors 'self' https://flo.kentcht.nhs.uk 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://ssl.google-analytics.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com youtu.be *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com blob: feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://assets.ctfassets.net https://*.bazaarvoice.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.crazyegg.com *.jebbit.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://www.google.co.in https://ad.doubleclick.net https://images.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net https://match.adsrvr.org- https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://*.bazaarvoice.com https://connect.facebook.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com data: blob: feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://videos.ctfassets.net *.doubleclick.net https://12432519.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://connect.facebook.net https://stats.g.doubleclick.net https://match.adsrvr.org https://api.segment.io *.pinimg.com *.google.com *.segment.com *.jebbit.com *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com youtu.be blob: feed.pghub.io pandg.tapad.com ; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.contentful.com https://ggogkho1ct-dsn.algolia.net *.contentful.com *.algolianet.com *.jebbit.com *.azure-api.net *.crazyegg.com *.pricespider.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodonczech.cz; img-src 'self' https: data: blob: https://mastodonczech.cz; style-src 'self' https://mastodonczech.cz 'nonce-i5ts1gorkkr24ivw4X2mDQ=='; media-src 'self' https: data: https://mastodonczech.cz; frame-src 'self' https:; manifest-src 'self' https://mastodonczech.cz; form-action 'self'; child-src 'self' blob: https://mastodonczech.cz; worker-src 'self' blob: https://mastodonczech.cz; connect-src 'self' data: blob: https://mastodonczech.cz https://mastodonczech.cz wss://mastodonczech.cz; script-src 'self' https://mastodonczech.cz 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.fifecountry.co.uk/ 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-Q61ZGPLRRuiUdAnwbJ7SMvdE3rqo6VeeuOAPTg5XYcE=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.casino/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
upgrade-insecure-requests;style-src 'self' 'nonce-WNGOIEuP1OHhK0A';font-src 'self';script-src 'self' 'nonce-WNGOIEuP1OHhK0A' ;connect-src 'self' https://norwoodzero.net wss://norwoodzero.net;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self' https://js.web-2-tel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jquery.com/ https://js.web-2-tel.com https://*.salemove.com https://*.glia.com https://*.financialhost.org https://*.fonts.net https://*.googletagmanager.com https://*.bugherd.com https://*.calendly.com https://*.youreallycount.com https://*.opmnstr.com https://*.brandcdn.com https://*.google-analytics.com https://*.googleadservices.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.hotjar.com https://*.licdn.com https://*.g.doubleclick.net https://*.hs-scripts.com https://*.facebook.net https://*.pixel.ad https://*.g.doubleclick.net https://*.adsrvr.org https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.cloudfront.net https://*.bugherd.com https://*.oribi.io https://delivery.datatrac.net; connect-src 'self' https://td.doubleclick.net/ https://js.web-2-tel.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.financialhost.org https://*.twilio.com wss://*.twilio.com wss://ws.pusherapp.com https://*.omappapi.com https://*.google.com https://*.g.doubleclick.net https://*.youreallycount.com https://*.linkedin.oribi.io https://*.google-analytics.com https://*.cloudfront.net https://*.bugsnag.com https://*.bugherd.com https://*.hubapi.com https://*.hotjar.com https://*.hotjar.io https://api.datatrac.net; media-src 'self' https://*.salemove.com https://*.glia.com; style-src 'self' https://*.bootstrapcdn.com/ 'unsafe-inline' https://*.salemove.com https://*.glia.com https://*.calendly.com https://*.fonts.net https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.bugherd.com https://*.omappapi.com; font-src 'self' https://*.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://files.marcomcentral.app.pti.com https://*.fonts.net https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net https://*.bugherd.com data:; img-src 'self' https://*.financialhost.org/ https://lciapi.ninthdecimal.com/ https://tapestry.tapad.com/ https://www.facebook.com https://images.printable.com blob: data: https://*.salemove.com https://*.adsrvr.org https://trkn.us https://*.glia.com https://*.demdex.net https://*.ads.linkedin.com https://*.krxd.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.cloudfront.net https://*.hubspot.com https://*.sitescout.com https://*.bugherd.com https://*.calendly.com https://googleads.g.doubleclick.net; frame-src 'self' https://adservices.brandcdn.com https://*.adsrvr.org https://*.smartsheet.com/ https://*.youtube.com https://*.cloudfront.net https://*.hotjar.com https://*.sitescout.com https://calendly.com https://glcu.locatorsearch.net/ https://www.google.com/ https://sidebar.bugherd.com https://delivery.datatrac.net 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-buavita.com https://shop-id-buavita.com/; 1
default-src 'self';		script-src 'report-sample' 'self' 'unsafe-inline'  https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://io172.infusionsoft.com https://io172.infusionsoft.app https://player.vimeo.com/api/player.js;		style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net;		object-src 'none';		base-uri 'self';		connect-src 'self' https://www.google-analytics.com;		font-src 'self' https://fonts.gstatic.com https://use.typekit.net;		frame-src 'self' https://io172.infusionsoft.com https://io172.infusionsoft.app https://player.vimeo.com/video/;		img-src 'self' https://www.googletagmanager.com;		manifest-src 'self';		media-src 'self';		worker-src 'none';		form-action 'self'; 1
frame-ancestors ‘self’” 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com geoid.investisdigital.com www.google-analytics.com https://cookiemanager.investisdigital.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 1
base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-52Vl217coXvJMM0tjQMwww=='; style-src 'self' www.gstatic.com; font-src 'self'; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com 1
frame-ancestors 'self'; report-uri https://www.movilexito.com/report-uri/enforce 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com embed.typeform.com form.typeform.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com embed.typeform.com www.google-analytics.com; media-src 'self' www.google-analytics.com; font-src 'self'; connect-src 'self' www.google-analytics.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' embed.typeform.com; base-uri 'self' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-afb2df853f190c6fa611f3c45f248027'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://breeze.town; img-src 'self' https: data: blob: https://breeze.town; style-src 'self' https://breeze.town 'nonce-IcYM7GbldSgLNSIA2xu9Dw=='; media-src 'self' https: data: https://breeze.town; frame-src 'self' https:; manifest-src 'self' https://breeze.town; connect-src 'self' data: blob: https://breeze.town https://truevault01.breezetech.solutions:9000/minio/breezetown wss://breeze.town; script-src 'self' https://breeze.town; child-src 'self' blob: https://breeze.town; worker-src 'self' blob: https://breeze.town 1
same-origin 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' https://types.pl 'wasm-unsafe-eval'; font-src 'self' https://types.pl; img-src 'self' data: blob: https://types.pl https://pool.jortage.com https://blob.jortage.com; style-src 'self' 'unsafe-inline' https://types.pl; media-src 'self' data: https://types.pl https://pool.jortage.com https://blob.jortage.com; frame-src 'self' https:; child-src 'self' blob: https://types.pl; worker-src 'self' blob: https://types.pl; connect-src 'self' blob: data: wss://types.pl https://types.pl https://pool.jortage.com https://blob.jortage.com; manifest-src 'self' https://types.pl; form-action 'self' 1
frame-ancestors 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://google-analytics.com https://googletagmanager.com https://m.youtube.com https://rawgit.com https://ssl.google-analytics.com https://tagmanager.google.com https://translate.google.com https://www.youtube.com https://www.edubcn.cat https://www.google-analytics.com https://www.googletagmanager.com https://use.fontawesome.com;style-src 'self' 'report-sample' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com tagmanager.google.com translate.googleapis.com www.gstatic.com www.googletagmanager.com https://use.fontawesome.com;object-src *.googlesyndication.com;frame-src 'self' *.vimeo.com *.youtube.com www.youtube-nocookie.com www.edubcn.cat www.googletagmanager.com app.powerbi.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com www.youtube.com;img-src 'self' data: blob: *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.edubcn.cat www.googletagmanager.com *.basemaps.cartocdn.com *.ytimg.com *.youtube.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.fontawesome.com;connect-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net www.edubcn.cat www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self' formularis.gencat.cat;media-src 'self';worker-src 'self';default-src 'self'; 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-69da95ef8ad441849c3106e55fcfeb81' 'self' 'unsafe-eval' https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://fast.wistia.com/ https://dl.episerver.net/ https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.evidon.com https://region1.google-analytics.com/ https://*.googletagmanager.com; img-src 'self' data: https://pxl.upsales.com/ https://bat.bing.com https://l.evidon.com/ https://c.evidon.com https://l3.evidon.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.linkedin.com  https://www.gstatic.com https://www.facebook.com https://www.google.com/ https://www.google.hr https://www.google.de https://www.google.co.uk https://www.google.dk https://www.google.se/ https://www.google.co.jp/ https://www.google.no/ https://www.google.fi/ https://emergencyresponse.grantthornton.co.uk https://i.vimeocdn.com/ https://l.betrad.com https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://c.clarity.ms/ https://c.bing.com/ https://www.google.com.vn/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fast.wistia.com/ https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://st.getsitecontrol.com/ https://fonts.gstatic.com; frame-src mailto: https://l3.evidon.com https://www.facebook.com https://bid.g.doubleclick.net https://pages.upsales.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://flo.uri.sh/ https://play.quickchannel.com/ https://via.tt.se/ https://12438342.fls.doubleclick.net/ https://view.ceros.com/; connect-src 'self' https://www.facebook.com/ https://*.analytics.google.com/ https://l3.evidon.com https://l.evidon.com/site/v3/userPref/ https://optoutapi.evidon.com https://extreme-ip-lookup.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://*.google-analytics.com/ https://www.clarity.ms https://power.upsales.com https://analytics.google.com/ https://idx.liadm.com/ https://*.googletagmanager.com https://maps.googleapis.com/; report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com;img-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai ajax.aspnetcdn.com cdnjs.cloudflare.com data: https:;font-src 'self' data: https:;connect-src 'self' https://stats.g.doubleclick.net https://region1.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://connect.facebook.net https://az416426.vo.msecnd.net https://trondelagfylke.boost.ai;form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.elasticbeanstalk.com *.jquery.com *.seera.sa *.twitcount.com *.twitter.com *.hotjar.com https: data: wss:; worker-src blob: 1
referrer no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|unsafe-url 1
default-src 'self' * 'unsafe-inline' data:; 1
frame-ancestors 'self' https://login.microsoftonline.com https://vimeo.com https://*.vimeo.com https://*.plane.biz https://*.connections.unum.com https://*.benselect.com https://www.aflacatwork.com https://www.youtube.com https://eoi.accp.voyaemployeebenefits.com https://eoi.voyaemployeebenefits.com;             default-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.plane.biz *.connections.unum.com *.benselect.com www.aflacatwork.com eoi.accp.voyaemployeebenefits.com eoi.voyaemployeebenefits.com staging.xpress-pay.com pay.xpress-pay.com cdn.rawgit.com/google/material-design-icons/;                                                     child-src 'self' 'unsafe-inline' 'unsafe-eval' login.microsoftonline.com vimeo.com *.vimeo.com *.brainshark.com *.scottins.com youtube.com *.youtube.com *.google.com *.gstatic.com *.googleapis.com eoi.accp.voyaemployeebenefits.com eoi.voyaemployeebenefits.com *.plane.biz *.connections.unum.com *.benselect.com staging.xpress-pay.com pay.xpress-pay.com trsmrk-tmkapi-prod1.pegacloud.net www.aflacatwork.com;                       object-src 'self' *.brainshark.com *.scottins.com blob:;                                                     script-src 'self' *.benefitfirst.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com cdn.quilljs.com *.plane.biz *.connections.unum.com eoi.accp.voyaemployeebenefits.com eoi.voyaemployeebenefits.com *.benselect.com staging.xpress-pay.com pay.xpress-pay.com trsmrk-tmkapi-prod1.pegacloud.net www.aflacatwork.com;                                                      img-src 'self' *.benefitfirst.com data: www.w3.org blob:;                                                font-src 'self' use.fontawesome.com fonts.gstatic.com cdn.rawgit.com *.benefitfirst.com data: www.w3.org blob:;         style-src 'self' 'unsafe-inline' *.benefitfirst.com *.googleapis.com *.plane.biz *.connections.unum.com *.benselect.com eoi.accp.voyaemployeebenefits.com eoi.voyaemployeebenefits.com staging.xpress-pay.com pay.xpress-pay.com www.aflacatwork.com; 1
a 1
frame-ancestors 'self' everlineshop.com *.everlineshop.com 1
default-src 'self' data: blob: https://fts-uat.cardconnect.com/ https://web.squarecdn.com/ https://www.google.com https://pci-connect.squareup.com https://connect.squareup.com *.drcvideo.com *.dacast.com *.cardconnect.com https://pay.google.com https://js.stripe.com/ *.jotform.com https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.videojudge.com https://api.convergepay.com/hosted-payments/Checkout.js https://www.googletagmanager.com *.dancebug.com https://web.squarecdn.com/v1/ https://maxcdn.bootstrapcdn.com https://www.google.com https://static.zdassets.com https://www.gstatic.com https://www.google-analytics.com https://ssl.p.jwpcdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://js.squareup.com https://api-square.nd.nudatasecurity.com https://nd.squarecdn.com *.dacast.com https://unpkg.com https://pay.google.com/gp/p/js/pay.js https://appcenter.intuit.com https://q.stripe.com/ https://js.stripe.com/v3/ https://cdn.jsdelivr.net https://form.jotform.com https://browser.sentry-cdn.com *.jotfor.ms https://www.jotform.com https://connect.facebook.net blob: data: blob:; connect-src 'self' data: blob: https://api.convergepay.com/hosted-payments/service/payment/hpe/process wss://dancebug.com:12354 https://www.facebook.com https://ekr.zdassets.com https://dancebughelp.zendesk.com wss://widget-mediator.zopim.com https://pci-connect.squareup.com https://www.google-analytics.com *.dacast.com *.drcvideo.com https://license.theoplayer.com *.mediamelon.com *.akamaihd.net https://dacastmmd.mmdlive.lldns.net https://www.cloudflare.com https://kinesis.us-east-1.amazonaws.com https://127.0.0.1:41951 https://localhost:41951 *.theoplayer.com https://ekr.zendesk.com; img-src 'self' blob: data: https://cdnjs.cloudflare.com https://www.competitivedancer.com https://www.google-analytics.com https://www.videojudge.com https://videojudge.com *.drcvideo.com *.dancebug.com https://dancebug.com https://jwpltx.com https://cdn.datatables.net https://prd.jwpltx.com *.dacast.com https://licensing.theoplayer.com *.adobe.com *.viewdancechallenge.com https://www.gstatic.com https://www.connectsu.com https://appcenter.intuit.com https://cdn.jotfor.ms *.jotform.com https://www.facebook.com; style-src 'self' 'unsafe-inline' *.videojudge.com https://assets.dancebug.com https://web.squarecdn.com/ https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://ajax.googleapis.com https://cdn.datatables.net https://ssl.p.jwpcdn.com *.dacast.com https://vjs.zencdn.net https://www.gstatic.com https://cdnjs.cloudflare.com https://appcenter.intuit.com https://cdn.jsdelivr.net https://cdn.jotfor.ms; font-src 'self' data: https://d1g145x70srn7h.cloudfront.net https://square-fonts-production-f.squarecdn.com/ https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.dancebug.com *.dacast.com https://cdn.jsdelivr.net; media-src 'self' https://f001.backblazeb2.com *.dancebug.com https://static.zdassets.com *.drcvideo.com https://dacastmmd.mmdlive.lldns.net data: blob:; 1
script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://certify-js.alexametrics.com 'unsafe-inline'; object-src 'self' https://www.indonesia.go.id; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.example.com data:; img-src 'self' data: https://indonesia.go.id https://www.indonesia.go.id https://infopublik.id https://img.youtube.com blob:; media-src 'self'; frame-ancestors 'self' https://www.indonesia.go.id; 1
default-src 'self' https://dev.shop.bzga.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bzga.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1
frame-ancestors http://www.truckplanet.com https://www.truckplanet.com 1
frame-ancestors https://liveshopping.taifun.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudflare.com *.cloudflare.com stripe.com *.stripe.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net maps.yandex.net *.maps.yandex.net openstreetmap.org *.openstreetmap.org facebook.com *.facebook.com twitter.com *.twitter.com instagram.com *.instagram.com pinterest.com *.pinterest.com youtube.com *.youtube.com; object-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' 1
default-src 'self' *.coviacorp.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.3blmedia.com *.youtube.com *.twitter.com *.twimg.com *.bootstrapcdn.com *.googleapis.com *.typekit.net *.thunderstone.cloud *.fontawesome.com *.cloudflare.com *.stackadapt.com; font-src 'self' *.3blmedia.com *.youtube.com *.twimg.com *.typekit.net *.cloudflare.com *.gstatic.com *.fontawesome.com *.addthis.com *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webtraxs.com *.simpli.fi *.3blmedia.com *.youtube.com *.twimg.com *.twitter.com *.cloudflare.com *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.thunderstone.cloud *.aspnetcdn.com *.google.com *.gstatic.com *.licdn.com *.crazyegg.com *.stackadapt.com *.addthis.com *.addthisedge.com *.moatads.com; connect-src 'self' *.google.com *.webtraxs.com *.linkedin.oribi.io *.3blmedia.com *.youtube.com *.twimg.com *.twitter.com *.google-analytics.com *.doubleclick.net *.stackadapt.com *.crazyegg.com *.addthis.com *.gstatic.com *.linkedin.com; img-src 'self' data: 'unsafe-eval' *.webtraxs.com *.3blmedia.com *.ytimg.com *.youtube.com *.w3.org *.twimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com *.google.com *.cloudflare.com *.linkedin.com *.simpli.fi *.doubleclick.net *.googleadservices.com *.adsymptotic.com *.gstatic.com *.addthis.com; frame-src 'self' *.gstatic.com *.googletagmanager.com *.3blmedia.com *.youtube.com *.twimg.com *.twitter.com *.google.com *.youtube.com *.vimeo.com *.arcgis.com *.addthis.com *.smaato.net *.1rx.io *.tremorhub.com *.3lift.com *.agkn.com *.tapad.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.adnxs.com *.rubiconproject.com *.openx.net *.pro-market.net; 1
default-src 'self' https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://widget.driftqa.com/ https://*.driftt.com;       img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://localtimes.info https://ajax.googleapis.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://www.gstatic.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://alb.reddit.com data:;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://kit.fontawesome.com https://js.driftt.com https://bat.bing.com https://widget.drift.com https://widget.driftqa.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://localtimes.info https://cdn.datatables.net https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://deathbycaptcha.groovehq.com https://js.driftt.com https://www.redditstatic.com data:;       style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://www.google.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://code.jquery.com;       frame-src https://www.google.com https://js.driftt.com https://widget.drift.com https://bid.g.doubleclick.net https://deathbycaptcha.groovehq.com/ https://widget.driftqa.com https://*.driftt.com https://announcement-tracer.widget.drift.com;       frame-ancestors 'none';       font-src https://static.deathbycaptcha.com https://ka-f.fontawesome.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:;       connect-src https://ka-f.fontawesome.com https://www.google-analytics.com https://*.deathbycaptcha.com       https://deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://bat.bing.com;       object-src 'none';       media-src 'self' https://*.deathbycaptcha.com data: 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-lifebuoy.com https://shop-id-lifebuoy.com/; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ccaac37304ec9cbc3ae0bf99625f3d6c' https://lovehoneyforum.com/logs/ https://lovehoneyforum.com/sidekiq/ https://lovehoneyforum.com/mini-profiler-resources/ https://europe1.discourse-cdn.com/lovehoney/assets/ https://lovehoneyforum.com/extra-locales/ https://dub2.discourse-cdn.com/lovehoney/highlight-js/ https://dub2.discourse-cdn.com/lovehoney/javascripts/ https://dub2.discourse-cdn.com/lovehoney/plugins/ https://dub2.discourse-cdn.com/lovehoney/theme-javascripts/ https://dub2.discourse-cdn.com/lovehoney/svg-sprite/ 'report-sample' https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://tagmanager.google.com https://googletagmanager.com https://google-analytics.com 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net; worker-src 'self' https://europe1.discourse-cdn.com/lovehoney/assets/ https://dub2.discourse-cdn.com/lovehoney/javascripts/ https://dub2.discourse-cdn.com/lovehoney/plugins/; report-uri https://lovehoneyforum.com/csp_reports; manifest-src 'self' 1
default-src 'self' *.avalara.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.everestjs.net/static/st.v3.js www.youtube.com plugin.intuitcdn.net assets.intuitcdn.net; style-src 'self' 'unsafe-inline' plugin.intuitcdn.net assets.intuitcdn.net plugin-qbo.intuitcdn.net; frame-src 'self' https://www.youtube.com/ avalara.demdex.net; font-src 'self'; img-src 'self' plugin-qbo.intuitcdn.net *.avalara.com data:; frame-ancestors https://app.sandbox.qbo.intuit.com/ https://app.qbo.intuit.com/; connect-src 'self' *.avataxforqbo.com *.zrbtt.io *.avlr.sh avalara.tt.omtrdc.net dpm.demdex.net *.avalara.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.xx.fbcdn.net pagecdn.io data:; font-src 'self' fonts.gstatic.com data:; frame-src 'self' pagecdn.io google.com maps.googleapis.com https://www.youtube.com http://www.muzeulgazelor.ro https://www.google.com/ data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://www.romgaz.ro cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.romgaz.ro/report-uri/enforce 1
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://149.202.159.251 http://62.210.201.98 http://195.154.189.204 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-/BlBnNAje35Hi3QwnCzGkw=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://retro.social; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; worker-src 'none' 1
default-src 'self' www.google-analytics.com www.youtube.com;           child-src 'self' www.youtube.com www.youtube-nocookie.com player.vimeo.com www.google.com;     frame-src 'self' www.youtube.com forms.zohopublic.eu zfrmz.eu www.google.com https://recaptcha.google.com/recaptcha/  player.vimeo.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval' www.perplex.nl s.ytimg.com *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.youtube.com player.vimeo.com www.googletagmanager.com;          style-src 'self' 'unsafe-inline';          img-src 'self' data: rating.pegi.info *.google-analytics.com *.analytics.google.com www.perplex.nl i.ytimg.com www.gravatar.com img.youtube.com i.vimeocdn.com vumbnail.com;          font-src 'self' data:;    connect-src 'self' *.google-analytics.com *.analytics.google.com;          form-action 'self' forms.zohopublic.eu;          report-uri https://perplex.report-uri.com/r/default/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MTMyLDE0OSw3MSwyNTIsMTI3LDE0Miw4NSwxMTQ=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
default-src 'self' https: wss://ws.hotjar.com *.mapbox.com; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: blob: wowlavie-aws.hmgcdn.com image-cdn.learnin.tw pgw.udn.com.tw *.mapbox.com; object-src 'self' *.mapbox.com; script-src 'self' https: 'unsafe-inline' http://www.youtube.com www.google-analytics.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' http://fonts.googleapis.com; frame-ancestors 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' *.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' https://unpkg.com http://fonts.cdnfonts.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.cdnfonts.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' *.jotform.com; img-src 'self' *.3cs.website https://storage.googleapis.com https://imagedelivery.net https://www.bw2023.lk; manifest-src 'self'; media-src 'self' storage.googleapis.com imagedelivery.net; 1
frame-ancestors 'self' https://*.enzazaden.com https://*.enzaplaza.com; 1
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://hm.baidu.com https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.cn https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://hm.baidu.com https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1gluha5iqu5g7&partner=; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-489de8cdda2a40649089aefd6fdcd68e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: ; font-src 'self'; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self'; worker-src 'self'; frame-ancestors * 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
connect-src https://*.fptls.com https://*.fptls2.com https://api.fpjs.io https://*.api.fpjs.io https://www.icgp.ie:* https://support.icgp.ie:* https://cdn.jsdelivr.net:*; default-src https://www.icgp.ie:* https://support.icgp.ie:* https://cdn.jsdelivr.net:*; script-src 'unsafe-inline' 'unsafe-eval' https://www.icgp.ie:* https://support.icgp.ie:* https://www.youtube.com:* https://fpjscdn.net:* https://cdn.jsdelivr.net:*; style-src 'unsafe-inline' https://www.icgp.ie:* https://support.icgp.ie:* https://cdn.jsdelivr.net:*; img-src https://*.vimeocdn.com:* https://www.icgp.ie:* https://support.icgp.ie:* https://*.openstreetmap.org:* data:; media-src https://*.youtube.com:* https://*.youtube-nocookie.com:*; object-src https://www.icgp.ie:* https://*.googlevideo.com:* https://*.ytimg.com:* https://*.youtube.com *.youtube-nocookie.com:*; frame-src https://www.icgp.ie:* https://api.occupop.com:* https://vimeo.com:* https://player.vimeo.com:* https://*.youtube.com:* https://*.youtube-nocookie.com:* https://pay.sandbox.realexpayments.com:* https://pay.realexpayments.com:* https://support.icgp.ie:*; frame-ancestors https://www.icgp.ie:* https://support.icgp.ie:*; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.icgp.ie/callbacks/csp.cfm 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.formitable.com *.googleadservices.com *.openstreetmap.org *.openlayers.org www.clarity.ms rtb8.adscience.nl static.hortusleiden.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.formitable.com *.gstatic.com *.openstreetmap.org *.openlayers.org static.hortusleiden.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.hortusleiden.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.openstreetmap.org c.clarity.ms c.bing.com static.hortusleiden.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com subscribe.mailinglijst.nl *.formitable.com *.hortusleiden.nl *.openstreetmap.org *.openlayers.org static.hortusleiden.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com subscribe.mailinglijst.nl *.formitable.com *.hortusleiden.nl *.openstreetmap.org *.openlayers.org static.hortusleiden.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net  static.hortusleiden.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.formitable.com  api.mapbox.com stats.g.doubleclick.net w.clarity.ms static.hortusleiden.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com *.openstreetmap.org *.openlayers.org static.hortusleiden.nl; form-action 'self' payment.preprod.direct.worldline-solutions.com; worker-src 'self' static.hortusleiden.nl; manifest-src 'self' static.hortusleiden.nl; prefetch-src 'self' static.hortusleiden.nl; frame-ancestors 'none';  1
default-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com https://www.googletagmanager.com https://connect.facebook.net https://analytics.tiktok.com https://*.hotjar.com https://www.google.com https://www.gstatic.com https://cdn.segment.com https://cdn.plaid.com https://js.stripe.com https://crypto-js.stripe.com https://cdn.jsdelivr.net/npm/js-confetti@latest/dist/js-confetti.browser.js; child-src royal.io; connect-src 'self' https://royal4034.zendesk.com https://ekr.zdassets.com https://www.instagram.com https://facebook.com https://facebook.net https://www.google-analytics.com https://api.segment.io https://cdn.segment.com https://analytics.tiktok.com https://jobs.lever.co https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ingest.sentry.io https://*.royal.market ws://*.royal.market ws://*.royal.io wss://*.royal.market wss://*.royal.io https://*.royal.io https://royalmarkets-staging-inbox.s3-accelerate.amazonaws.com https://royalio-prod-inbox.s3-accelerate.amazonaws.com https://royal-markets.imgix.net https://royal-io.imgix.net http://p.scdn.co wss://www.walletlink.org/rpc https://matic-mumbai.chainstacklabs.com/ https://rpc.ankr.com/polygon_mumbai https://polygon-mumbai-infura.wallet.coinbase.com/ https://goerli.base.org https://base-goerli.g.alchemy.com https://mainnet.base.org https://base-mainnet.g.alchemy.com https://polygon-rpc.com/ https://rpc.ankr.com/eth_goerli https://cloudflare-eth.com/ https://explorer-api.walletconnect.com/ wss://relay.walletconnect.com/ wss://*.bridge.walletconnect.org/ https://cdn-stage.soundful.us https://cdn.soundful.com; img-src 'self' data: https://www.googletagmanager.com/ https://connect.facebook.net https://*.hotjar.com https://www.facebook.com https://analytics.tiktok.com https://royal-markets.imgix.net https://*.us-east-1.aws.slicknode.com https://royal-io.imgix.net https://cdn-images-1.medium.com https://royalmarkets-staging-storage.s3-accelerate.amazonaws.com https://royalmarkets-vault-storage.s3-accelerate.amazonaws.com https://royalio-vault-storage.s3-accelerate.amazonaws.com https://*.scdn.co i.scdn.co https://api.deezer.com https://e-cdns-images.dzcdn.net https://*.mzstatic.com https://*.cdninstagram.com https://explorer-api.walletconnect.com/ https://cdn-stage.soundful.us/ https://cdn.soundful.com/; media-src 'self' data: blob: https://royalio-prod-storage.s3.us-east-2.amazonaws.com https://royalio-prod-storage.s3-accelerate.amazonaws.com https://royal-io.imgix.net https://royal-io-public-assets.s3.us-east-2.amazonaws.com https://royalmarkets-staging-storage.s3-accelerate.amazonaws.com https://royalmarkets-staging-storage.s3.us-east-2.amazonaws.com https://royalmarkets-vault-storage.s3-accelerate.amazonaws.com https://staging-api.royal.market https://api.royal.io https://royalio-vault-storage.s3-accelerate.amazonaws.com http://p.scdn.co https://cdn-stage.soundful.us/ https://cdn.soundful.com/; frame-src https://laylo.com https://airtable.com https://www.google.com https://open.spotify.com https://www.youtube.com https://*.hotjar.com https://cdn.plaid.com https://saas-onboarding.incodesmile.com/ https://js.stripe.com https://crypto-js.stripe.com https://coinbase.com https://pay.coinbase.com https://verify.walletconnect.com/ https://verify.walletconnect.org/; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.cdnfonts.com; font-src 'self' https://*.hotjar.com https://*.cdnfonts.com; worker-src 'self'; 1
default-src 'none'; connect-src 'self' wss: goerg.piwik.pro; font-src 'self'; frame-src www.podcaster.de; img-src 'self' data: goerg.piwik.pro; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' goerg.containers.piwik.pro goerg.piwik.pro; style-src 'self' 'unsafe-inline'; report-uri https://www.goerg.de/de/report-uri/enforce 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' 1
frame-ancestors 'self' https://substrate-website.netlify.app https://wwww.substrate.io 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://tabletop.social 'wasm-unsafe-eval'; font-src 'self' https://tabletop.social; img-src 'self' data: blob: https://tabletop.social https://storage.gra.cloud.ovh.net; style-src 'self' https://tabletop.social 'nonce-2FCk0TxNNZ6HonhkKx40hQ=='; media-src 'self' data: https://tabletop.social https://storage.gra.cloud.ovh.net; frame-src 'self' https:; child-src 'self' blob: https://tabletop.social; worker-src 'self' blob: https://tabletop.social; connect-src 'self' blob: data: wss://tabletop.social https://tabletop.social https://storage.gra.cloud.ovh.net; manifest-src 'self' https://tabletop.social; form-action 'self' 1
frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://boards.greenhouse.io https://commerce.coinbase.com/; connect-src 'self' https://analytics.freedom.press https://checkout.stripe.com https://cdn.jsdelivr.net https://pressfreedomtracker.us https://media.freedom.press; default-src 'self'; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://pressfreedomtracker.us https://s5-recruiting.cdn.greenhouse.io https://media.freedom.press; frame-ancestors 'self'; object-src 'self' https://media.freedom.press; form-action 'self' https://ipnpb.sandbox.paypal.com https://ipnpb.paypal.com https://checkout.stripe.com; media-src 'self' https://media.freedom.press; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run https://commerce.coinbase.com/ https://boards.greenhouse.io; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://boards.cdn.greenhouse.io https://commerce.coinbase.com/; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.uptolike.com/ http://aj1616.online/  *.formasis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pemsrv.com/ https://*.traffer.net/ http://bc.bebe.pp.ua/ https://formasis.com/ http://formasis.com/ https://grown-t-code.com/ https://*.uptolike.com/ http://*.realsrv.com/ https://goryachie-foto.net/ https://bongacams10.com/ https://*.bcprm.com/ https://bcprm.com/ http://aj1616.online/ https://aj1616.online/ http://adswrapme.click https://syndication.exosrv.com http://qwe.qrrgv.space/ connect.facebook.net http://connect.facebook.net https://www.facebook.com http://facebook.net *.yandex.ru yandex.ru *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com top-fwz1.mail.ru counter.yadro.ru www.google.com advapi.ru   cse.google.com http://10.20.2.42:15871 *.akamaihd.net *.amazonaws.com *.ytimg.com http://*.whisla.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com cse.google.com http://*.uptolike.com https://*.uptolike.com https://*.google.com http://*.google.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.googleapis.com *.doubleclick.net ;object-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com   *.googleapis.com *.vk.com https://*.vk.com vk.com https://vk.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;style-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com http://*.uptolike.com https://*.uptolike.com https://* cse.google.com www.google.com http://netdna.bootstrapcdn.com fonts.googleapis.com *.googleapis.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;img-src * data: *.yandex.ru yandex.ru *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net top-fwz1.mail.ru counter.yadro.ru *.vk.com https://*.vk.com vk.com https://vk.com http://*.uptolike.com https://*.uptolike.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com http://*.gravatar.com/; media-src 'self' * mediastream: *;frame-src 'self' 'unsafe-eval' https://player.vimple.ru/ http://*.bongacams.com/  http://bombler.ru/ https://bngpt.com/ https://*.bongacams22.com/ https://*.bongacams10.com/ https://bongacams10.com/ https://*.bongacams.com/ https://bongacams.com/ http://staticxx.facebook.com/ https://promo-bc.com http://www.facebook.com *.yandex.ru yandex.ru *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net  blocking.stat *.yahoo.com *.uptolike.com vk.com *.hubrus.com www.google.com cse.google.com  http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com top-fwz1.mail.ru counter.yadro.ru http://*.uptolike.com https://*.uptolike.com *.googleapis.com   *.vk.com https://*.vk.com vk.com https://vk.com;font-src 'self' data: *.googleapis.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com http://fonts.gstatic.com:*;connect-src 'self' https://formasis.com/ https://*.pemsrv.com/ http://formasis.com/ *.yandex.ru yandex.ru http://aj1616.online/ https://aj1616.online/ http://adswrapme.click http://w.uptolike.com/ *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net https://www.youtube.com *.googlevideo.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.google-analytics.com;report-uri //formasis.com/csp.php 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://diaspodon.fr; img-src 'self' https: data: blob: https://diaspodon.fr; style-src 'self' https://diaspodon.fr 'nonce-q9OzP9ZcM5UCbTXjhq6GWg=='; media-src 'self' https: data: https://diaspodon.fr; frame-src 'self' https:; manifest-src 'self' https://diaspodon.fr; form-action 'self'; child-src 'self' blob: https://diaspodon.fr; worker-src 'self' blob: https://diaspodon.fr; connect-src 'self' data: blob: https://diaspodon.fr https://diaspodon.fr wss://diaspodon.fr; script-src 'self' https://diaspodon.fr 'wasm-unsafe-eval' 1
frame-ancestors 'self' esswrp.ethicalsuperstore.com esswrp.pointov.com 1
frame-ancestors 'self' cms.cellpointdigital.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com; frame-src 'self' www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; object-src 'none' 1
default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.integratec.com https://code.tidio.co https://cdnjs.cloudflare.com https://snap.licdn.com https://connect.facebook.net https://app.integratec.com https://embed.tawk.to https://ipinfo.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://www.google-analytics.com https://www.googleoptimize.com https://fonts.googleapis.com https://widget-v4.tidiochat.com https://fonts.gstatic.com wss://socket.tidio.co  https://px.ads.linkedin.com https://cdn.vitally.io https://use.typekit.net https://cdn.jsdelivr.net https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com.mx https://www.facebook.com https://metrics-collector.tidio.co https://www.google.com https://cdnjs.cloudflare.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-hFru66MDaNsMc39gZi7kjA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; 1
default-src 'self' blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://cdn.heapanalytics.com https://heapanalytics.com https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.heapanalytics.com https://yoast.com https://cla.co.uk https://www.clarity.ms https://www.google-analytics.com https://cdn.heapanalytics.com https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://m.addthis.com https://pi.pardot.com https://s7.addthis.com https://snap.licdn.com https://v1.addthisedge.com https://w.likebtn.com https://www.googletagmanager.com https://z.moatads.com; style-src 'report-sample' 'self' 'unsafe-inline' https://www.googletagmanager.com https://heapanalytics.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://cla.co.uk https://fonts.googleapis.com https://w.likebtn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.facebook.com https://bat.bing.com *.dl.delivery.mp.microsoft.com https://*.do.dsp.mp.microsoft.com:7680 https://edge.microsoft.com https://api.aadrm.com https://api.aadrm.de https://api.aadrm.cn https://edge.microsoft.com https://clients.config.office.net https://*.smartscreen.microsoft.com https://*.smartscreen-prod.microsoft.com https://*.urs.microsoft.com https://px.ads.linkedin.com https://www.google.co.uk https://google.com https://pagead2.googlesyndication.com https://heapanalytics.com *.visualwebsiteoptimizer.com app.vwo.com https://cla.co.uk https://yoast.com https://my.yoast.com https://m.addthis.com https://region1.analytics.google.com https://region1.google-analytics.com https://w.clarity.ms *.auryc.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data: https://heapanalytics.com *.auryc.com https://cla.co.uk https://fonts.gstatic.com; frame-src 'self' https://www.canva.com https://config.edge.skype.com app.vwo.com *.visualwebsiteoptimizer.com https://td.doubleclick.net https://cla.co.uk https://s7.addthis.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: https://bat.bing.com https://www.googleadservices.com https://www.googletagmanager.com https://c.bing.com https://c.clarity.ms https://www.google-analytics.com https://googleads.g.doubleclick.net https://heapanalytics.com https://www.google.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://cla.co.uk https://secure.gravatar.com https://assets.cla-preprod.hostings.co.uk https://assets.cla.co.uk https://dev.visualwebsiteoptimizer.com https://heapanalytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.co.uk https://td.doubleclick.net https://w.clarity.ms/collect https://www.linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.clarity.ms https://snap.licdn.com https://www.linkedin.com/mob/tracking https://clarity.microsoft.com https://cdn.clarity.ms https://*.clarity.ms https://www.clarity.ms https://c.clarity.ms https://ssl.google-analytics.com https://www.gstatic.com https://s.adroll.com https://d.adroll.com https://dis.criteo.com https://static.criteo.net https://www.alcs.co.uk/alcs-api/sap/user https://cdn-ukwest.onetrust.com/consent//.json https://assets.cla.co.uk/favicon.ico https://pi.pardot.com https://app.pardot.com https://go.pardot.com https://pi-ue1.pardot.com https://pi.demo.pardot.com https://fonts.googleapis.com https://fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob: https://cla.co.uk; 1
frame-ancestors 'self' http://www.kibon.com.br  unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors https://*.dtac.co.th 1
frame-ancestors 'self' *.foodstorm.com 1
font-src 'self' data: fonts.gstatic.com *.fontawesome.com *.avrotros.nl *.avrotros.org; img-src 'self' data: *.avrotros.io *.avrotros.site radar.avrotros.nl *.analytics.google.com *.google-analytics.com *.g.doubleclick.net *.google.com googletagmanager.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.npoplayer.nl *.poms.omroep.nl *.omroep.nl 'report-sample'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.avrotros.nl *.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com *.npo-data.nl *.npo.nl *.facebook.net 'report-sample'; script-src-elem 'self' data: 'unsafe-inline' hcaptcha.com *.npo.nl *.npo-data.nl www.googletagmanager.com www.google-analytics.com cookies.avrotros.nl cookies.avrotros.site *.avrotros.site *.avrotros.nl *.riddle.com *.twitter.com *.instagram.com *.facebook.com *.facebook.net *.tiktok.com *.ttwstatic.com *.uri.sh 'report-sample'; style-src 'self' 'unsafe-inline' ccm.npo.nl 'report-sample' *.ttwstatic.com googletagmanager.com tagmanager.google.com fonts.googleapis.com; media-src 'self'; frame-src 'self' *.avrotros.nl *.avrotros.site www.youtube-nocookie.com *.hcaptcha.com *.calconic.com *.riddle.com *.twitter.com *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com *.uri.sh *.spotify.com *.vimeo.com *.google.com *.google.nl; object-src 'none' 'report-sample'; connect-src 'self' blob: *.avrotros.io *.avrotros.nl *.avrotros.site *.npo.nl *.npo-data.nl *.ent.europe-west4.gcp.elastic-cloud.com *.hcaptcha.com nmonpoendpoint.2cnt.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; base-uri 'self'; form-action 'self' 'report-sample'; report-uri https://europe-west1-avrotros-im-web-2-prod.cloudfunctions.net/csp-reporter 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline'; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' 'burgerking.easycruit.com'; 1
default-src 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.pizzahut.com.bo *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
default-src 'self' https://cdn.competitionsuite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://*.sentry-cdn.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://www.gstatic.com https://*.firebaseio.com https://kendo.cdn.telerik.com https://ajax.googleapis.com www.google-analytics.com ssl.google-analytics.com ajax.cloudflare.com cdn.pubnub.com https://ajax.cloudflare.com https://d3js.org sdk.amazonaws.com beacon-v2.helpscout.net static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com/ unpkg.com; style-src 'self' data: 'unsafe-inline' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.competitionsuite.com https://competitionsuite.com https://cdn.competitionsuite.io https://cdn.competitionsuite.com https://vault.compsuite.io https://competitionsuite.blob.core.windows.net https://s3.amazonaws.com cs-profile-upload.s3.amazonaws.com www.google-analytics.com ssl.google-analytics.com http://kendo.cdn.telerik.com https://*.stripe.com d33v4339jhl8k0.cloudfront.net; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://player.vimeo.com *.firebaseio.com mozilla.github.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://cdn.competitionsuite.com files.competitionsuite.com https://socket.competitionsuite.com https://*.sentry.io wss://socket.competitionsuite.com wss://*.firebaseio.com https://s3.amazonaws.com *.stripe.com *.vimeo.com *.pndsn.com cs-video.s3.amazonaws.com cognito-identity.us-east-1.amazonaws.com www.google-analytics.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net; media-src 'self' http://audio.competitionsuite.com https://audio.competitionsuite.com https://s3.amazonaws.com; report-uri https://sentry.io/api/1333530/security/?sentry_key=db3117a28c894c5ebfcaf7b702a4f22f&sentry_environment=production 1
font-src *.adobe.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com *.assets.adobedtm.com *.addtoany.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://via.pagosbanorte.com/ https://via.banorte.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://via.banorte.com/ https://mcstaging.mueblesplacencia.com/ https://mueblesplacencia.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://via.banorte.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com maps.gstatic.com maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bootstrapcdn.com *.fontawesome.com *.assets.adobedtm.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com http://dpm.demdex.net *.googleapis.com *.addtoany.com https://assets.pinterest.com/js/* *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu js-agent.newrelic.com https://js-agent.newrelic.com/lazy-loader.67423d16-1.231.0.min.js https://static.hotjar.com https://static.hotjar.com/* https://js-agent.newrelic.com/async-api.8f89c105-1.231.0.min.js https://code.jquery.com/jquery-3.6.1.min.js https://via.banorte.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com player.vimeo.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.fontawesome.com https://fonts.googleapis.com *.assets.adobedtm.com *.googleapis.com *.addtoany.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.us-east-1.amazonaws.com/prod/log https://writer.cardinalcommerce.com/prod/log www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://via.banorte.com/secure3d/ 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' data: *; img-src 'self' data: *; 1
default-src 'self' https://nominatim.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net; img-src 'self' data: https://www.facebook.com https://tile.openstreetmap.org;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://style; child-src 'self' staticxx.facebook.com; 1
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com images.ahpc.us www.googletagmanager.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors https://luckycloud.de https://www.luckycloud.de https://storage.luckycloud.de https://support.luckycloud.de 1
upgrade-insecure-requests; img-src 'self' data: ; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.bati-avenue.com *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com media.bati-avenue.com media-preprod.bati-avenue.com medias.dubreuil.dev-003.internetrama.net i.calameoassets.com media.topaz.pro ressources.bati-avenue.com *.google.fr *.facebook.com bat.bing.com *.zendesk.com *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com unpkg.com widget.trustpilot.com static.zdassets.com groupedubreuiln2.matomo.cloud sdk.privacy-center.org topazpro.zendesk.com cdn.cartsguru.io bat.bing.com connect.facebook.net try.abtasty.com via.batch.com *.zopim.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.mastercard.com *.leadplace.fr *.batch.com *.bati-avenue.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; object-src *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com maps.googleapis.com ekr.zdassets.com groupedubreuiln2.matomo.cloud topazpro.zendesk.com wss://widget-mediator.zopim.com *.google.com *.googlesyndication.com googleads.g.doubleclick.net *.abtasty.com bati-avenue.zendesk.com *.zopim.com *.openfpcdn.io *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.batch.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cart-guru.io *.carts.guru *.cartsguru.io http: https: blob: 'self' 'unsafe-inline'; default-src *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';     script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://*.adform.net https://*.webinargeek.com https://www.nvve.nl https://cdnjs.cloudflare.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.nl https://*.mailplus.nl https://*.google.com https://*.analytics.google.com https://*.googleapis.com https://track.adform.net https://www.googleadservices.com;     object-src 'self';     style-src 'self' 'unsafe-inline' https://www.nvve.nl https://cdnjs.cloudflare.com https://www.gstatic.com https://*.googleapis.com https://www.google.nl https://*.google.com;     img-src 'self' https://www.nvve.nl https://www.google-analytics.com https://www.facebook.com data: http://*.vimeocdn.com https://*.googletagmanager.com https://www.google.nl https://*.google.com https://*.googleapis.com https://www.dewebmakers.nl/ https://*.gstatic.com https://*.doubleclick.net;     media-src 'self' blob:;     frame-src 'self' https://customerview.nl/ https://*.soundcloud.com/ https://*.webinargeek.com/ https://vimeo.com https://*.vimeo.com https://staticxx.facebook.com https://www.youtube.com https://www.google.nl https://*.google.com https://waf.dewebmakers.nl https://storage.googleapis.com https://td.doubleclick.net;     font-src 'self' data: https://*.googleapis.com https://fonts.gstatic.com;     connect-src 'self' https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com blob:; 1
block-all-mixed-content; frame-ancestors *.casamattos.com.br 1
frame-ancestors 'self' *.google.com https://cse.google.com 1
font-src https://use.fontawesome.com https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com *.cloudflare.com https://*.cloudfront.net https://www.gstatic.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://ogone.test.v-psp.com https://secure.ogone.com https://*.systempay.fr https://www.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://amc.demdex.net https://*.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://youtu.be https://*.youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://*.a3web.fr https://*.flippingbook.com https://*.sendinblue.com https://in-automate.brevo.com/ https://*.facebook.com https://*.worldline-solutions.com https://*.brevo.com https://sibautomation.com https://*.fls.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://p.typekit.net https://*.a3web.fr https://amcglobal.sc.omtrdc.net https://cm.everesttech.net https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://*.ytimg.com https://ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.gstatic.com https://*.googleusercontent.com https://www.megadental.fr https://www.doctorstrong.fr https://shop.dentalinov.com https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://*.flippingbook.com https://*.cloudfront.net *.cloudflare.com https://paiement.systempay.fr https://www.facebook.com https://retailer.commerce-connector.com https://googleads.g.doubleclick.net https://img.mailinblue.com *.bird.eu https://images.unsplash.com https://*.google.com https://*.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://devdocs.magento.com https://www.megadental.fr https://www.doctorstrong.fr https://shop.dentalinov.com https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://use.typekit.net https://p.typekit.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://www.youtube-nocookie.com https://*.facebook.net https://online.flippingbook.com https://*.cloudfront.net https://static.cloudflareinsights.com https://*.cloudflare.com https://in-automate.brevo.com/ https://*.newrelic.com https://*.nr-data.net https://conversations-widget.sendinblue.com https://*.brevo.com https://tag.beyable.com/ https://front.activation.beyable.com/ https://sibautomation.com/ *.google.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.avada.io https://cdnjs.cloudflare.com *.gstatic.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://use.fontawesome.com https://*.gstatic.com https://tagmanager.google.com *.cloudflare.com https://*.cloudfront.net https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://performance.typekit.net https://devdocs.magento.com https://dpm.demdex.net https://www.googleapis.com https://www.google-analytics.com https://amcglobal.sc.omtrdc.net https://stats.g.doubleclick.net https://*.flippingbook.com *.cloudflare.com https://*.nr-data.net https://in-automate.brevo.com/ https://*.cloudfront.net https://img.mailinblue.com https://*.analytics.google.com https://*.worldline-solutions.com https://www.google.fr t.elasticsuite.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://get.geojs.io *.avada.io *.google-analytics.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src https://www.google.com http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://monecole.fr https://classe-numerique.fr 195.221.81.1; 1
font-src fonts.gstatic.com fonts.googleapis.com *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.useinsider.com *.bambuser.com *.nayomi.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com business.firework.com *.skeleton-websocket.api.useinsider.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.visa.com asset.fwcdn2.com *.asset.fwcdn2.com asset.fwcdn1.com *.asset.fwcdn1.com fireworktv.com *.fireworktv.com p2.fwpixel.com *.p2.fwpixel.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.visa.com *.mastercard.com asset.fwcdn1.com *.asset.fwcdn1.com asset.fwcdn3.com *.asset.fwcdn3.com asset.fwcdn2.com *.asset.fwcdn2.com *.zendesk.com *.zdassets.com *.zopim.com *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn4.fireworktv.com *.cdn4.fireworktv.com *.zdassets.com *.payfort.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org p2.fwpixel.com *.p2.fwpixel.com fireworkapi1.com *.fireworkapi1.com fireworkadservices1.com *.fireworkadservices1.com fireworkanalytics.com *.fireworkanalytics.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src *.payfort.com *.googletagmanager.com *.useinsider.com *.bambuser.com *.cloudfront.net *.mimecast.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.artfut.com *.tiktok.com sc-static.net *.sc-static.net *.snapchat.com *.google.co.in *.admitad.com *.skeleton-websocket.api.useinsider.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors cfeteit.mx 1
frame-ancestors https://*.fsho.st https://fshost.me https://js.stripe.com 1
default-src 'self' www.hsnstore.pt cdn.hsnstore.com hsnstore.com *.redsys.es;form-action *.redsys.es *.amazon.de *.amazon.es bancsabadell.com unicaja.es www.paypal.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.pt cdn1.api.trustedshops.com; img-src * data:;style-src 'self' 'unsafe-inline' *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com;script-src 'unsafe-eval' 'self' 'unsafe-inline' blob *.payments-amazon.com *.payments-amazon.es cdn.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com  maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com static.criteo.net sslwidget.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net www.gstatic.com *.queue-it.net seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com;font-src data: 'self' www.hsnstore.pt cdn.hsnstore.com fonts.gstatic.com  widgets.trustedshops.com cdn1.api.trustedshops.com;connect-src *.google-analytics.com maps.googleapis.com firehose.eu-central-1.amazonaws.com *.saleago.com *.criteo.com *.amazon.com *.amazon.es www.google-analytics.com www.google.com www.salesmanago.pl www.salesmanago.es cdn.hsnstore.com www.hsnstore.pt www.facebook.com *.g.doubleclick.net graph.facebook.com api.trustedshops.com cdn1.api.trustedshops.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com sandbox.sequracdn.com live.sequracdn.com;frame-src *.criteo.com td.doubleclick.net www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.pt live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com gum.criteo.com www.youtube-nocookie.com sandbox.sequrapi.com sandbox.sequracdn.com;object-src *.hsnstore.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.pt https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.pt https://m.myprotein.pt https://checkout.myprotein.pt https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
img-src 'self' data: *.google-analytics.com *.googletagmanager.com bdjogos.com.br *.bdjogos.com.br *.clarity.ms *.bing.com *.ytimg.com ytimg.com *.googlesyndication.com *.google.com *.google.com.br *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com; default-src 'unsafe-inline' 'self' *.bdjogos.com.br bdjogos.com.br *.clarity.ms *.steampowered.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googlesyndication.com *.googletagmanager.com *.g.doubleclick.net *.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' docs.google.com *.clarity.ms cdnjs.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com.br *.google.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com; 1
frame-ancestors 'self' https://sekelskifte.com https://sekelskifte.se https://sekelskifte.de https://sekelskifte.dk https://sekelskifte.fi https://sekelskifte.nu https://sekelskifte.at https://sekelskifte.be https://sekelskifte.fr https://sekelskifte.it https://sekelskifte.uk https://sekelskifte.nl https://sekelskifte.pl https://sekelskifte.starwebserver.se 1
default-src 'self' *.wellupages.eu via.placeholder.com www.placeholder.com placehold.it *.fbcdn.net *.google.pl *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com *.googleapis.com *.google.pl *.google.com www.googletagmanager.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: fonts.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleapis.com; img-src 'self' data: https: vim.placeholder.com www.placeholder.com placehold.it static.wellupages.eu; object-src 'self'; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.mx https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.mx https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.mx;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.mx  https://smetrics.vwfs.mx https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.mx;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.mx https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.mx https://smetrics.vwfs.mx https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.mx http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://vwfms.com;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
frame-ancestors https://www.locize.app/ https://lead360.local.sonarhome.dev https://lead360.staging.sonarhome.dev https://lead360.sonarhome.pl https://lead360.sonarhome.hu https://lead360.sonarhome.ro 'self'; frame-src *; 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://api.payzen.com.br/static/ *.gstatic.com 'self' data: www.sonoma.com.br webfonts.huggy.cloud *.yandex.com *.yandex.ru *.yandex.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://secure.payzen.com.br/vads-payment/ https://api.payzen.com.br/api-payment/ https://api.payzen.com.br/static/ www.sonoma.com.br 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.sonoma.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.googletagmanager.com/ *.mercadolibre.com https://secure.payzen.com.br/vads-payment/ https://api.payzen.com.br/static/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sonoma.com.br cdn.octadesk.com td.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://cdn.mundipagg.com https://api.pagar.me *.caravelx.com https://secure.payzen.com.br/static/latest/images/type-carte/ https://api.payzen.com.br/static/ https://secure.payzen.com.br/vads-payment/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.google-analytics.com ssl.gstatic.com www.gstatic.com www.sonoma.com.br www.sonoma.com.br sonoma.com.br bo-prod-test.sonoma.com.br www.google.com.br ct.pinterest.com google.com.br track.hubspot.com x.bidswitch.net  gum.criteo.com sync-criteo.ads.yieldmo.com criteo-partners.tremorhub.com criteo-sync.teads.tv *.yandex.com *.yandex.ru *.yandex.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.mlstatic.com *.mercadopago.com *.retailrocket.net connect.facebook.net js.huggy.chat https://i.k-analytix.com/ https://secure.payzen.com.br/tras/analyzer/ https://api.payzen.com.br/api-payment/ https://api.payzen.com.br/static/ *.avada.io www.facebook.com graph.facebook.com business.facebook.com tagmanager.google.com www.sonoma.com.br sonoma.com.br s.pinimg.com connect.facebook.net js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hsleadflows.net chat.octadesk.services app.shoptarget.com.br suite.linximpulse.net cdn.octadesk.com static.cloudflareinsights.com googleads.g.doubleclick.net static.doubleclick.net *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net fonts.googleapis.com webfonts.huggy.cloud https://api.payzen.com.br/static/ *.gstatic.com tagmanager.google.com fonts.google.com www.sonoma.com.br *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; object-src www.sonoma.com.br *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.sonoma.com.br www.mktnow.com.br *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; manifest-src www.sonoma.com.br *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.mercadopago.com *.mercadolibre.com https://api.mundipagg.com https://api.pagar.me *.retailrocket.net wss://ct-socket.huggy.app widget.huggy.io viacep.com.br https://i.konduto.com/ https://secure.payzen.com.br/vads-payment/ https://api.payzen.com.br/api-payment/ https://get.geojs.io *.avada.io www.facebook.com graph.facebook.com business.facebook.com t.elasticsuite.io *.analytics.google.com *.googletagmanager.com www.sonoma.com.br analytics.google.com ct.pinterest.com connect.facebook.net forms.hubspot.com api.hubapi.com app.shoptarget.com.br suite.linximpulse.net pagead2.googlesyndication.com *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline'; child-src www.sonoma.com.br *.yandex.com *.yandex.ru *.yandex.net http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.com.br/vads-payment/ https://api.payzen.com.br/api-payment/ https://api.payzen.com.br/static/ *.googleapis.com www.sonoma.com.br *.yandex.com *.yandex.ru *.yandex.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.sonoma.com.br 'self' 'unsafe-inline'; 1
default-src self 'unsafe-inline' data: gap: https://ssl.gstatic.com ; media-src 'self' https://unilabs.sk data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem * https://fonts.googleapis.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://unilabs.bwcdn.net http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jquery.app https://www.jqueryscript.net https://stackpath.bootstrapcdn.com; img-src * 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; connect-src * 'self' 'unsafe-inline' https://unilabs.sk https://maps.googleapis.com https://stats.g.doubleclick.net https://in.hotjar.com; frame-src 'self' 'unsafe-inline' https://player.vimeo.com/ https://www.youtube.com/ https://youtube.com/ https://vars.hotjar.com/ https://www.google.com/ https://maps.google.com/ https://td.doubleclick.net/;; form-action 'self'; 1
default-src data: 'self' 'unsafe-eval' 'unsafe-inline' https://*.metawerx.net https://metawerx.net https://google.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.twitter.com https://*.twimg.com https://*.doubleclick.net https://*.alexa.com https://*.facebook.com https://*.fbcdn.net; img-src data: 'self' https://*.twimg.com https://*.twitter.com https://*.metawerx.net https://*.google-analytics.com; frame-src https://*.metawerx.net https://*.twitter.com; frame-ancestors https://*.metawerx.net; report-to default 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://*.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://*.googletagmanager.com https://www.awin1.com https://googleads.g.doubleclick.net https://*.google.com https://*.google.de https://*.googleadservices.com https://*.facebook.com https://cm.g.doubleclick.net https://x.bidswitch.net https://contextual.media.net https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://*.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://*.criteo.com https://ad.360yield.com https://matching.ivitrack.com/ https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://*.tremorhub.com https://ad.yieldlab.net https://*.yieldmo.com https://e1.emxdgt.com https://ib.adnxs.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com https://*.bing.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.moderne-hausfrau.ch https://walz-prev.checkout.api.scayle.cloud https://*.awin1.com https://td.doubleclick.net https://*.criteo.com https://*.sovendus-benefits.com https://*.sovendus-connect.com https://tbs.tradedoubler.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' https://*.moderne-hausfrau.ch https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://*.sovendus.com; script-src-elem 'self' 'unsafe-inline' https://*.moderne-hausfrau.ch https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://*.criteo.com https://*.sovendus.com https://*.bing.com https://*.hotjar.com https://*.abtasty.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.moderne-hausfrau.ch https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://*.googletagmanager.com https://*.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://*.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.hotjar.com https://*.hotjar.io https://*.abtasty.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
font-src *.klarnacdn.net *.fontawesome.com *.mt66.de *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net *.twimg.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.mt66.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://www.googletagmanager.com/ *.meetanshi.com *.cloudflare.com *.mt66.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.cloudflare.net *.optimonk.com *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com www.google.com.ua https://widgets.trustedshops.com https://integrations.etrusted.com *.googleadservices.com *.twimg.com *.ytimg.com *.usercentrics.eu *.bing.com *.google.com *.google.com.vn *.google.com.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.optimonk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com *.usercentrics.eu *.fontawesome.com *.bing.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.mt66.de cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.twimg.com *.typekit.net *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.optimonk.com *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.twimg.com *.usercentrics.eu www.google.com googleads.g.doubleclick.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mt66.de/; report-to report-endpoint; 1
default-src https://usainteanne.ca https://*.usainteanne.ca https://www.youtube-nocookie.com https://font.googleapis.com https://fonts.gstatic.com https://newassets.hcaptcha.com https://player.vimeo.com https://platform.twitter.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://*.google.com https://www.buzzsprout.com https://www.facebook.com https://*.cdninstagram.com https://feeds.buzzsprout.com https://www.googletagmanager.com https://www.google-analytics.com; style-src https://fonts.googleapis.com 'self' 'unsafe-inline' https://platform.twitter.com; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://cdn.syndication.twimg.com https://platform.twitter.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; img-src https://usainteanne.ca https://*.usainteanne.ca https://pbs.twimg.com https://*.tile.openstreetmap.org https://platform.twitter.com https://syndication.twitter.com https://*.ytimg.com *.cdninstagram.com; frame-ancestors 'self' 1
default-src https://*.googlesyndication.com *.postinext.fi *.posti.fi *.posticloud.fi;       style-src 'unsafe-inline' 'self' *.force.com *.salesforce.com https://*.salesforce-sites.com *.google.com fonts.googleapis.com *.posti.fi *.postinext.fi *.posticloud.fi;       font-src 'self' data: *.force.com *.salesforce.com https://*.salesforce-sites.com fonts.gstatic.com *.posti.fi *.postinext.fi *.posticloud.fi http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       base-uri 'self' resource://pdf.js;       object-src 'none';       plugin-types application/pdf;       form-action 'self';       manifest-src 'self';       media-src 'self';       child-src 'self';       script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' resource://pdf.js *.adform.net *.onetrust.com *.force.com *.salesforce.com https://*.salesforce-sites.com *.google.com *.google.fi *.google.ie www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.nr-data.net *.firebaseio.com *.scorecardresearch.com *.krxd.net *.facebook.net *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com *.postinext.fi *.posti.fi https://*.salesforceliveagent.com *.googleadservices.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com https://*.admob.com *.posticloud.fi js.hs-scripts.com js.usemessages.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       frame-src 'self' *.force.com *.salesforce.com https://*.posti.fi https://*.google.com https://*.google.fi www.googletagmanager.com *.firebaseio.com widgetrender.testi.posti.fi widgetrender.posti.fi *.declaration.postinext.fi *.krxd.net *.googlesyndication.com www.googletagservices.com epayment.nets.eu test.epayment.nets.eu *.postinext.fi https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com https://*.g.doubleclick.net *.posticloud.fi https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       worker-src 'self';       img-src 'self' data: blob: *.force.com *.salesforce.com https://*.documentforce.com *.google.com *.google.fi *.google.ie www.google-analytics.com www.googletagmanager.com *.netposti.fi *.g.doubleclick.net *.google.fi ssl.gstatic.com www.gstatic.com *.scorecardresearch.com *.krxd.net *.facebook.com *.googlesyndication.com *.postinext.fi *.posti.fi https://assets.aftership.com *.posticloud.fi *.onetrust.com *.hubspot.com https://dmp.adform.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       connect-src 'self' data: *.force.com *.salesforce.com *.salesforceliveagent.com https://*.salesforce-sites.com *.nr-data.net www.google-analytics.com https://*.google-analytics.com *.googlesyndication.com wss://*.firebaseio.com *.facebook.com *.g.doubleclick.net *.postinext.fi wss://*.postinext.fi https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com *.posticloud.fi *.posti.fi *.netposti.fi *.onetrust.com *.hubspot.com *.hsforms.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.contentful.com;       prefetch-src 'self' data: *.googlesyndication.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-+DyryZ1L9kj3OUnPM5iAewHDanpwdIHrHOCEo/yaKgkcLrEi' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' icpl.org search.icpl.org newvb.icpl.org contentcafe2.btol.com search.icpl.org ask.icpl.org www.googletagmanager.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' icpl.org search.icpl.org newvb.icpl.org ask.icpl.org cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com static.addtoany.com code.jquery.com addtocalendar.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com addtocalendar.com translate.googleapis.com; img-src 'self' data: icpl.org search.icpl.org ask.icpl.org contentcafe2.btol.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com; frame-src 'self' ask.icpl.org www.google.com www.youtube.com static.addtoany.com www.googletagmanager.com www.youtube-nocookie.com; frame-ancestors www.icpl.org intranet.icpl.org intranet3.icpl.org; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' api.nytimes.com www.google-analytics.com maps.googleapis.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.business.qld.gov.au 1
default-src 'self' maps.googleapis.com api.tumblr.com code.jquery.com www.google.com www.gstatic.com *.google-analytics.com https://www.googletagmanager.com *.googleapis.com ajax.googleapis.com fonts.gstatic.com https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net/ https://*.mailchimp.com/; script-src 'self' maps.googleapis.com api.tumblr.com code.jquery.com www.google.com www.gstatic.com *.google-analytics.com https://www.googletagmanager.com *.googleapis.com ajax.googleapis.com 'unsafe-inline' https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net https://*.agilecrm.com https://*.cloudflare.com/ https://*.mailchimp.com/ https://cdn.jsdelivr.net/npm/js-cookie@rc/dist/js.cookie.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.googleapis.com https://*.fontawesome.com/; frame-src 'self' www.google.com www.gstatic.com https://www.safemedicate.com https://*.cookiebot.com/ https://*.youtube.com/ http://*.trustpilot.com/; img-src 'self' imgsct.cookiebot.com 64.media.tumblr.com maps.gstatic.com maps.googleapis.com data: *.google-analytics.com  maps.gstatic.com *.googleapis.com *.ggpht; frame-ancestors 'self' https://www.safemedicate.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.facebook.com *.episerver.net *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.google.com *.googleapis.com *.infogram.com *.cloudflare.com *.jquery.com *.bootstrapcdn.com *.nyltx.com *.licdn.com *.jsdelivr.net *.facebook.net *.twitter.com *.azureedge.net *.emarketeer.com *.tools.investis.com *.gstatic.com *.fbcdn.net *.jifo.co *.infogram.com *.reachmee.com *.tiktok.com *.upseller.cloud *.giosg.com *.clients.giosgusercontent.com *.siteimprove.net siteimproveanalytics.com *.vo.msecnd.net *.workbuster.com *.typeform.com *.addthis.com *.addthisedge.com *.moatads.com *.inzynk.io googleads.g.doubleclick.net *.clarity.ms *.eventilla.com 1
font-src *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu trustspot.io s3.amazonaws.com trustspot-app-assets.s3.amazonaws.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.vimeo.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu trustspot.io wchat.freshchat.com *.webpush.freshchat.com guarantee-cdn.com gleam.io zamplebox.freshchat.com upcity.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.gstatic.com *.vimeo.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.ywxi.net productphotos.trustspot.io guarantee-cdn.com s3.amazonaws.com verify.authorize.net *.cloudfront.net cdn.klarna.com *.googleusercontent.com *.symantec.com *.magecomp.com shareasale.com js.gleam.io cdn.galleryjs.io bam.nr-data.net trustspot-product-photos.imgix.net *.adroll.com trustspot.io vapecraftinc.com zamplebox.freshchat.com store.paradoxlabs.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: blob: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.gstatic.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu *.google.ca *.google.co.uk *.google.com.au *.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net trustspot.io guarantee-cdn.com static.klaviyo.com static-tracking.klaviyo.com wchat.freshchat.com cdn.jsdelivr.net *.newrelic.com bam.nr-data.net shareasale-analytics.com cdn.galleryjs.io widget.gleamjs.io gleam.io zamplebox.freshchat.com s3.amazonaws.com *.adroll.com connect.facebook.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu fonts.googleapis.com trustspot.io wchat.freshchat.com s3.amazonaws.com static.klaviyo.com static-tracking.klaviyo.com zamplebox.freshchat.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.agechecker.net *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.sandbox.paypal.com *.adobedtm.com *.gstatic.com *.youtube.com *.vimeocdn.com *.twimg.com *.cloudflare.com *.twitter.com *.typekit.net *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.usercentrics.eu trustspot.io a.klaviyo.com static-forms.klaviyo.com stats.g.doubleclick.net bt.signifyd.com:* telemetrics.klaviyo.com bam.nr-data.net assetscdn-wchat.freshchat.com *.adroll.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-9a69f41577364d8dd6962de1d79c6ecb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9325356704334794; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9325356704334794 1
default-src https:; img-src https: data:; connect-src https: 'self' wss://*.iot.ca-central-1.amazonaws.com wss://vts.zohopublic.com; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-src https://www.google.com/ https://www.googletagmanager.com/ https://www.facebook.com/ https://js.stripe.com/ https://www.youtube.com/ https://www.youtube.com/embed/* https://player.vimeo.com/ https://player.vimeo.com/video/* https://forms.zohopublic.com/ https://forms.zohopublic.com/* https://9772645.fls.doubleclick.net/ https://8124348.fls.doubleclick.net/ https://donorbox.org/; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-UAbPURZkrebihYo1vvs8jQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.swissinfo.ch 1
default-src 'self' fonts.gstatic.com *.akamaihd.net fonts.googleapis.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.akstat.io; script-src 'self' 'unsafe-inline' *.go-mpulse.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com www.youtube.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' cdn.ywxi.net static.hotjar.com www.googletagmanager.com script.hotjar.com trustedsite.com; connect-src 'self' connect.facebook.net www.facebook.com  s3-us-west-2.amazonaws.com *.hotjar.com ws8.hotjar.com www.google-analytics.com; img-src 'self' www.google-analytics.com cdn.ywxi.net www.facebook.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src fonts.googleapis.com fonts.gstatic.com 'self' data:; frame-src 'self' www.youtube.com www.google.com vars.hotjar.com; 1
default-src 'self' 'unsafe-inline' https://*; img-src https: data: *; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; 1
frame-ancestors 'self' https://www.goenterit.com/ https://weticketit.com/ https://skyticketit.com/ https://js.stripe.com/; form-action 'self'; 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com staticw2.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net cdn-swell-assets.yotpo.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.twitter.com *.weltpixel.com grandwesternsteaks.attn.tv creatives.attn.tv 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com yt3.ggpht.com grandwesternsteaks.com yotpo-editor-production.s3.amazonaws.com cdn-yotpo-images-production.yotpo.com maps.gstatic.com maps.googleapis.com *.pinterest.com bat.bing.com *.clarity.ms *.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net sandbox-assets.secure.checkout.visa.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com *.bc0a.com https://www.googletagmanager.com https://gtm-krz25q3-yzi5n.uc.r.appspot.com https://gtm-m2bq7fp-oduwm.uc.r.appspot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.mouseflow.com *.callrail.com bat.bing.com unpkg.com maps.googleapis.com cdn.attn.tv s.pinimg.com static-tracking.klaviyo.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net *.algolia.net *.algolia.com *.algolianet.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com https://gtm-krz25q3-yzi5n.uc.r.appspot.com https://gtm-m2bq7fp-oduwm.uc.r.appspot.com https://googleads.g.doubleclick.net https://*.grandwesternsteaks.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ telemetrics.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com a.klaviyo.com api.yotpo.com stats.g.doubleclick.net events.attentivemobile.com *.pinterest.com grandwesternsteaks.attn.tv *.mouseflow.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.newpathlearning.com/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ *.cloudfront.net/cache-js/ *.google.com/ *.gstatic.com/; style-src 'self' 'unsafe-inline' 'report-sample' *.cloudfront.net/; object-src 'self'; frame-src 'self' *.google.com/; child-src 'none'; img-src 'self' data: *; font-src 'self' https://*.cloudfront.net/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com.ua/ https://www.google.com/ https://www.googletagmanager.com/ https://analytics.google.com/; manifest-src https://newpathworksheets.com/; base-uri 'self'; form-action 'self' *.paypal.com/; media-src 'self'; worker-src 'none' 1
script-src 'nonce-jJizSvN5XeCLKNiEXTYsbblGluo6cwwI/kfIUt1aV6I=' 'strict-dynamic' www.youtube.com js.hs-scripts.com js.hsforms.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.usemessages.com static.hsappstatic.net; img-src 'self' data: i.ytimg.com; child-src 'self' blob: *.hubspot.com envasetechnologies.tourial.com tours.envasetechnologies.com www.youtube.com; object-src 'self'; base-uri 'self'; 1
default-src 'self' https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googleanalytics.com https://*.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://googleads.g.doubleclick.net https://webfont.fontplus.jp https://kit.fontawesome.com https://www.googletagmanager.com https://tm.msgs.jp https://*.docodoco.jp https://jsonip.com https://*.eir-parts.net https://accessilens.com https://irpocket.com https://*.irpocket.com https://code.highcharts.com https://*.wovn.io https://asset.fwcdn3.com https://wovn.global.ssl.fastly.net https://*.cybertrust.co.jp https://www.googleadservices.com https://bake.surfpoint.jp https://*.youtube.com  https://platform.twitter.com https://connect.facebook.net https://trusted-web-seal.cybertrust.ne.jp https://v1.chamo-chat.com https://ui.customsearch.ai https://*.clarity.ms https://map.yahooapis.jp; img-src 'self' 'unsafe-inline' data: *; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://optimize.google.com https://ssl4.eir-parts.net https://irpocket.com https://accessilens.com https://*.wovn.io https://hosteduxprod.blob.core.windows.net; frame-ancestors 'self' https://*.youtube.com https://*.vimeo.com https://webfont.fontplus.jp https://www.googletagmanager.com https://*.google-analytics.com https://optimize.google.com https://td.doubleclick.net https://platform.twitter.com https://www.facebook.com https://*.yahoo.co.jp https://*.wovn.io; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://webfont.fontplus.jp https://www.googletagmanager.com https://*.google-analytics.com https://optimize.google.com https://td.doubleclick.net https://platform.twitter.com https://www.facebook.com https://*.yahoo.co.jp https://*.wovn.io; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://webfont.fontplus.jp https://ka-f.fontawesome.com https://wt.msgs.jp https://jsonip.com https://api.ipify.org https://*.eir-parts.net https://irpocket.com https://*.irpocket.com https://accessilens.com https://*.wovn.io https://wovn.global.ssl.fastly.net https://fireworkapi1.com wss://fireworkapi1.com https://p2.fwpixel.com https://cybertrust-eas.azurewebsites.net https://*.cybertrust.ne.jp https://ui.customsearch.ai https://*.clarity.ms; media-src 'self' data:; font-src 'self' https://*.fontawesome.com https://cdn.jsdelivr.net https://webfont.fontplus.jp https://fonts.gstatic.com https://*.amazonaws.com https://*.bootstrapcdn.com; child-src 'self' https://*.wovn.io; 1
default-src 'self' static.mycity.travel static.myvaud.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.static-assets.com blob:; style-src 'self' 'unsafe-inline' *.static-assets.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.lumanox.io; font-src 'self' *.static-assets.com data:; frame-ancestors 'self'; frame-src 'self'; img-src 'self' *.gravatar.com *.wp.com *.static-assets.com data: blob:; manifest-src 'self'; media-src 'self'; worker-src 'self' 'unsafe-inline' blob:; 1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.zendesk.com https://*.cookieseal.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://assets.zendesk.com https://cdn.amplitude.com https://connect.facebook.net https://dbfukofby5ycr.cloudfront.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://img2-digitouch.mncdn.com https://js.bkmexpress.com.tr https://js.facebook.com https://static.zdassets.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://stn-brandroom.mncdn.com https://theme.zdassets.com https://tagmanager.google.com https://v2.zopim.com https://widget-mediator.zopim.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.perzonalization.com https://*.newrelic.com;                      style-src 'self' 'unsafe-inline' *.google.com *.zdassets.com fonts.googleapis.com https://*.cookieseal.com stn-brandroom.mncdn.com www.googletagmanager.com dbfukofby5ycr.cloudfront.net 1865548805.rsc.cdn77.org *.webinstats.com;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net vars.hotjar.com www.googletagmanager.com https://*.rdrtr.com;                      base-uri 'self';                      worker-src 'self' blob: www.google.com;      report-uri /WebResource.axd?cspReport=true; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com connect.facebook.net *.cookielaw.org *.pricespider.com pghub.io *.mapbox.com *.segment.com *.lytics.io feed.pghub.io pandg.tapad.com ; media-src 'self' data: videos.ctfassets.net feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net *.cookielaw.org *.pricespider.com pghub.io www.facebook.com pixel.tapad.com www.facebook.com *.lytics.io www.googletagmanager.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net feed.pghub.io pandg.tapad.com ; frame-src 'self' pandg.tapad.com consumersupport.pg.com feed.pghub.io *.doubleclick.net ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; form-action 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.tapad.com *.cookielaw.org *.google-analytics.com *.doubleclick.net *.contentful.com *.mapbox.com *.segment.com *.segment.io *.adsrvr.org ws: *.pricespider.com *.analytics.google.com feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; base-uri 'self' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors https://www.zu.de/ https://www.zeppelin-university.com/ https://cms.zu.de/ https://staging.zu.de/ https://staging.zeppelin-university.com/ https://cmsstaging.zu.de/ https://zuhause.zeppelin-university.net/ https://zu.coyocloud.com/; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.balluun.com *.balluun365.com www.googletagmanager.com oqs.omeda.com *.embedsocial.com embedsocial.com img07.en25.com *.en35.com *.snapchat.com sc-static.net blue-sky.capital *.elfsight.com *.keen.io *.linkedin.oribi.io *.expocad.com expocad.com cdn.jwplayer.com *.jwplayer.com app.clipr.ai *.clipr.ai *.zdassets.com acbusinessmedia478.outgrow.us *.twitter.com *.intercom.com *.outgrow.us *.outgrow.co *.typeform.com *.googletagservices.com *.googlesyndication.com *.omeda.com *.clarity.ms ironpros.com *.ironpros.com *.parsely.com *.bing.com *.adroll.com *.adroll.mgr.consensu.org *.freshdesk.com *.hotjar.com *.cloudflare.com *.gstatic.com *.google.com *.googleservices.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.com wss://* *.alicdn.com *.tastehit.com *.selligent.com oqs.omeda.com *.intercom.io *.intercomcdn.com *.recurly.com *.paypal.com *.stripe.com *.authorize.net *.licdn.com *.facebook.net *.freshworks.com *.newrelic.com *.nr-data.net embed.podcasts.apple.com *.apple.com js-cdn.music.apple.com *.buzzsprout.com *.zendesk.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.vimeo.com vimeo.com player.vimeo.com *.youtube.com *.youtu.be; img-src * data:; frame-src *.balluun.com *.balluun365.com www.googletagmanager.com *.embedsocial.com embedsocial.com img07.en25.com *.en25.com *.snapchat.com sc-static.net blue-sky.capital *.elfsight.com *.keen.io *.linkedin.oribi.io *.expocad.com expocad.com cdn.jwplayer.com *.jwplayer.com intercom-sheets.com *.outgrow.us app.clipr.ai *.clipr.ai *.zdassets.com *.freshdesk.com *.hotjar.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.facebook.com *.youtube.com *.youku.com *.zoom.com *.vimeo.com vimeo.com youtu.be embed.podcasts.apple.com *.apple.com js-cdn.music.apple.com *.buzzsprout.com exhibitors.informamarkets-info.com *.facebook.com wx.vzan.com players.brightcove.net www.brightcove.com www.google.com player.vimeo.com drive.google.com *.elfsight.com *.instagram.com *.allure.com allure.com *.forconstructionpros.com *.credspark.com *.s3.amazonaws.com 1
frame-ancestors 'self' flex.twilio.com; 1
default-src 'self' https://* 'unsafe-eval'; font-src 'self' https://*; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline'; img-src https://*; connect-src 'self' https://* wss://*; frame-src 'self' https://*; child-src 'none'; 1
default-src 'self' packages.umbraco.org our.umbraco.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://www.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://snap.licdn.com/li.lms-analytics/ https://www.googleadservices.com; script-src-attr 'unsafe-hashes' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.iubenda.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net https://www.google.com/recaptcha/ https://www.google.com/maps/ https://www.gstatic.com/recaptcha/ https://www.iubenda.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads/ https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://dashboard.umbraco.org data: www.gravatar.com umbraco.tv umbraco.org; media-src 'self' https://player.vimeo.com; worker-src 'none'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://int-ecommerce.nexi.it https://ecommerce.nexi.it https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com google-analytics.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://ecommerce.nexi.it *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://int-ecommerce.nexi.it https://ecommerce.nexi.it www.google.com www.gstatic.com s7.addthis.com https://cdn.scalapay.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com downloads.mailchimp.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net google-analytics.com *.google-analytics.com *.analytics.google.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://int-ecommerce.nexi.it https://ecommerce.nexi.it ekr.zdassets.com/ *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d62628bb8c219811b0d51efe106d770b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'self' https://*.paypal.com; connect-src 'self' https://*.braintreegateway.com https://*.braintree-api.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://nexus.ensighten.com https://*.algolianet.com https://*.algolia.net https://insights.algolia.io https://*.qualtrics.com https://www.paypal-experience.com; default-src 'self' https://assets.braintreegateway.com https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com https://*.eloqua.com https://*.paypal-mktg.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://codepen.io/braintree/ https://*.braintreegateway.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://*.qualtrics.com https://*.paypal-support.com https://www.paypal-experience.com/; img-src 'self' https: data:; object-src 'none'; script-src 'nonce-fTKZ7w469qy7EykD4ozZnlUC21W0wZWESiIL+CdZApBVZDRL' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.braintreegateway.com https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src *.tt.omtrdc.net  dpm.demdex.net metrics.nationwide.co.uk smetrics.nationwide.co.uk lo.tokenizer.liveperson.net wss://lo.msg.liveperson.net lo.msg.liveperson.net *.onetrust.com 'self' *.swiftype.com; font-src data: privacyportal-cdn.onetrust.com 'self'; frame-src fast.nationwide.demdex.net nationwide.demdex.net servedby.flashtalking.com lo.tokenizer.liveperson.net lo.idp.liveperson.net lpcdn.lpsnmedia.net lo.msg.liveperson.net lo.msghist.liveperson.net 'self' r1.surveysandforms.com *.youtube.com; frame-ancestors 'self' www.tmwonline.co.uk; img-src dpm.demdex.net cm.everesttech.net metrics.nationwide.co.uk smetrics.nationwide.co.uk ads.avocet.io ads.avct.cloud tags.bluekai.com sync.crwdcntrl.net data: ps.eyeota.net px.ads.linkedin.com lpcdn.lpsnmedia.net cdn-ukwest.onetrust.com 'self' www.linkedin.com; media-src lpcdn.lpsnmedia.net; object-src lo.tokenizer.liveperson.net 'self'; script-src snap.licdn.com *.adobedtm.com data: lo.tokenizer.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net lo.msg.liveperson.net lptag.liveperson.net   https://cdn-ukwest.onetrust.com geolocation.onetrust.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src privacyportal-cdn.onetrust.com 'self' 'unsafe-inline'; 1
script-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: localhost:33209 *.hcaptcha.com; manifest-src 'self' https: localhost:33209; font-src 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: localhost:33209 data: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: localhost:33209; object-src 'self' https: localhost:33209; frame-ancestors 'self' https: localhost:33209; frame-src 'self' https: localhost:33209 *.hcaptcha.com; worker-src 'self' https: localhost:33209; base-uri 'self' https:;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default 1
block-all-mixed-content; frame-ancestors 'self' https://*.univision.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.si; img-src 'self' https: data: blob: https://toot.si; style-src 'self' https://toot.si 'nonce-FCKtEXeZYfY+U65VaW7ymw=='; media-src 'self' https: data: https://toot.si; frame-src 'self' https:; manifest-src 'self' https://toot.si; form-action 'self'; child-src 'self' blob: https://toot.si; worker-src 'self' blob: https://toot.si; connect-src 'self' data: blob: https://toot.si https://cdn.masto.host wss://toot.si; script-src 'self' https://toot.si 'wasm-unsafe-eval' 1
default-src 'self' https://*.plaid.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://static.addtoany.com https://*.doubleclick.net cdn.docucopies.com cdn.jsdelivr.net paypal.adtag.where.com *.paypal.com *.twitter.com https://*.tiny.cloud https://*.tinymce.com https://*.facebook.com https://*.facebook.net https://*.clarity.ms https://*.mastercard.com https://*.americanexpress.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.mastercard.com https://polyfill.app/ https://polyfill.io/ https://*.aexp-static.com https://www.paypalobjects.com https://www.googleadservices.com web-assets-prod.s3.amazonaws.com https://*.docucopies.com https://docucopies.com vjs.zencdn.net https://cdn.datatables.net https://cdnjs.cloudflare.com www.dropbox.com https://js.stripe.com https://*.plaid.com https://seal.alphassl.com https://*.bing.com/ https://*.hotjar.com https://query.yahooapis.com https://*.googleapis.com https://*.visa.com/ *.fontawesome.com https://www.gstatic.com https://bat.r.msn.com d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;font-src 'self' data: cdn.docucopies.com https://*.googleapis.com fonts.gstatic.com vjs.zencdn.net https://*.hotjar.com *.fontawesome.com https://www.paypalobjects.com d2odytsf93727v.cloudfront.net cdn.jsdelivr.net cdnjs.cloudflare.com d1cxl15shl87py.cloudfront.net d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;connect-src 'self' https://syndication.twitter.com https://api.stripe.com https://*.quantumsite.com https://*.doubleclick.net *.paypal.com https://*.google.com https://*.googlesyndication.com https://www.google-analytics.com https://www.paypal.com/ http://127.0.0.1:* https://*.googleapis.com wss://*.hotjar.com *.addtoany.com *.fontawesome.com https://*.clarity.ms https://bat.bing.com https://*.plaid.com https://*.hotjar.com https://*.visa.com https://*.hotjar.io https://*.docucopies.com https://docucopies.com https://*.docucopies.com d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;media-src 'self' d2odytsf93727v.cloudfront.net d38klv7gzwuv7p.cloudfront.net https://*.hotjar.com d1cxl15shl87py.cloudfront.net d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;img-src 'self' data: https://*.docucopies.com https://docucopies.com cdn.docucopies.com https://s3.amazonaws.com https://*.googletagmanager.com d2odytsf93727v.cloudfront.net d38klv7gzwuv7p.cloudfront.net d1cxl15shl87py.cloudfront.net *.paypal.com i2.wp.com https://www.gravatar.com https://akamai.mathtag.com https://ak1s.abmr.net https://*.tinymce.com https://www.paypalobjects.com https://*.clarity.ms *.ups.com web-assets-prod.s3.amazonaws.com *.twitter.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ https://*.google.com api.qrserver.com https://cdn.datatables.net https://seal.alphassl.com https://*.dropbox.com https://www.beanstream.com https://*.doubleclick.net https://*.bing.com https://bat.r.msn.com https://*.facebook.com https://*.facebook.net *.twitter.com https://www.googleadservices.com https://www.google.ca https://api.twilio.com https://media.twiliocdn.com https://www.emjcd.com/ https://*.visa.com/ https://*.online-metrix.net https://cj.dotomi.com https://*.dropboxusercontent.com/ https://*.hotjar.com https://*.intuitcdn.net https://s3-external-1.amazonaws.com d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;style-src 'self' 'unsafe-inline' data: https://*.docucopies.com https://docucopies.com cdn.docucopies.com d1cxl15shl87py.cloudfront.net d2odytsf93727v.cloudfront.net https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com tagmanager.google.com https://cdn.datatables.net *.fontawesome.com vjs.zencdn.net d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;frame-src 'self' data: *.dataleadsonline.com https://static.addtoany.com/ s3.amazonaws.com *.twitter.com https://*.facebook.com https://*.facebook.net *.paypal.com https://www.paypalobjects.com https://*.googleapis.com *.edocbuilder.com https://js.stripe.com https://*.plaid.com https://*.googletagmanager.com https://*.mastercard.com https://*.online-metrix.net https://*.americanexpress.com https://*.docucopies.com https://docucopies.com https://www.beanstream.com https://*.doubleclick.net https://www.youtube.com/ https://*.google.com https://*.visa.com/ https://*.saltcert.com https://*.hotjar.com https://www.google.ca/ d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;object-src 'self' https://*.docucopies.com https://docucopies.com https://*.visa.com/ https://*.hotjar.com d2odytsf93727v.cloudfront.net d38klv7gzwuv7p.cloudfront.net d1cxl15shl87py.cloudfront.net d2mnqbso444yau.cloudfront.net https://*.docucopies.dev https://*.docucopies.com https://*.docucopies.com;report-uri https://docucopies.report-uri.io/r/default/csp/wizard 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com ajax.aspnetcdn.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net foodafactoflife.h5p.com *.youtube.com *.onetrust.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;img-src 'self' *.onetrust.com i.vimeocdn.com *.umbraco.com umbraco.tv *.googleapis.com *.google-analytics.com *.google.co.uk *.google.com googleads.g.doubleclick.net data:;font-src 'self' fonts.gstatic.com;connect-src *;frame-src 'self' *.youtube.com *.youtube-nocookie.com eatwell.foodafactoflife.org.uk foodafactoflife.h5p.com eatwell.digitalsm.co.uk *.google.com forms.office.com player.vimeo.com;manifest-src 'self'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-gqhjcexF_cnNaT1-k8gE8Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-inline'  'unsafe-eval' *.doubleclick.net cdn.jsdelivr.net front.optimonk.com *.digicelinternational.com *.googletagmanager.com googletagmanager.com *.google-analytics.com websdk.appsflyer.com googleapis.com connect.facebook.net static.hotjar.com tags.bkrtx.com script.hotjar.com gs-cdn.optimonk.com googleadservices.com *.api.oneall.com *.google.com *.accdab.net *.gstatic.com *.cdn-net.com *.triple-a.io; style-src 'self' 'unsafe-inline' unsafe-inline  cdn.jsdelivr.net front.optimonk.com *.digicelinternational.com googletagmanager.com  websdk.appsflyer.com googleapis.com google-analytics.com connect.facebook.net fonts.googleapis.com *.api.oneall.com google.com; img-src cdn.jsdelivr.net  self data: https: unsafe-inline front.optimonk.com *.digicelinternational.com *.googletagmanager.com  websdk.appsflyer.com googleapis.com:* google-analytics.com:* *.connect.facebook.net *.api.oneall.com google.com 1
default-src 'self' www.xqfunds.com staticdn.xqfunds.com xq-video2.oss-cn-shanghai.aliyuncs.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6tje8idiqu44d&partner=; 1
connect-src 'self' ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com shops-si.trustedshops.com api.trustedshops.com trustbadge.api.etrusted.com payments.amazon.de www.google.com adservice.google.com www.komar.de www.fototapete.de *.instagram.com platform.instagram.com *.fbcdn.net api.trustbadge.etrusted.com logging.trustbadge.com region1.google-analytics.com; frame-src 'self' gum.criteo.com static.criteo.net *.pinterest.com www.pinterest.de www.pinterest.pt www.pinterest.fr www.pinterest.ie www.pinterest.it www.pinterest.nz www.pinterest.cl www.pinterest.ca www.pinterest.ru www.pinterest.co.uk www.pinterest.ph hu.pinterest.com www.pinterest.com.mx www.pinterest.co.kr www.google.by www.pinterest.ch www.pinterest.es nl.pinterest.com www.pinterest.at www.youtube-nocookie.com www.youtube.com www.google.com tpc.googlesyndication.com www.googletagmanager.com secure.pay1.de payments.amazon.de youtubeanalytics.net www.instagram.com; img-src 'self' a.twiago.com ad.360yield.com ad.as.amanad.adtdp.com ad.sxp.smartclip.net ad.tpmn.co.kr ad.yieldlab.net adgen.socdm.com ads.stickyadstv.com ads.yahoo.com adx.dable.io an.yandex.ru c.bing.com cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp ct.pinterest.com cw.addthis.com data: eb2.3lift.com exchange.mediavine.com gum.criteo.com i.liadm.com i.ytimg.com ib.adnxs.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com dpm.demdex.net match.sharethrough.com matching.ivitrack.com partner.mediawallahscript.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com r.casalemedia.com rtb-csync.smartadserver.com s.ad.smaato.net secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.ad-stir.com sync.e-planning.net sync.outbrain.com tg.socdm.com trends.revcontent.com ups.analytics.yahoo.com us-u.openx.net visitor.omnitagjs.com widgets.trustedshops.com www.google-analytics.com x.bidswitch.net www.googletagmanager.com www.google.com www.google.nl dis.criteo.com sync.taboola.com d.turn.com cotads.adscale.de i6.liadm.com s.amazon-adsystem.com cdn.stickyadstv profile.ssp.rambler.ru cm.meba.kr id5-sync.com idsync.admixer.co.kr sbm.nate.com cdn.stickyadstv.co sync.aralego.com ad.mail.ru trc.taboola.com www.google.de cdn.stickyadstv.com googleads.g.doubleclick.net scontent.cdninstagram.com www.google.pt csm.fr.eu.criteo.net www.gstatic.com *.komar.de *.fototapete.de www.google.fr www.google.hu www.paypal.com payments.amazon.de cdn.pay1.de www.facebook.com www.google.be www.google.ie translate.google.com www.google.co.uk www.paypalobjects.com www.google.si www.google.it www.google.at www.google.lu www.google.ch www.google.cz static.cdninstagram.com csm.nl.eu.criteo.net www.google.gr www.google.co.ma www.google.se www.google.tn www.google.ci www.google.ae www.google.com.mx www.google.cl www.google.ba www.google.es www.google.co.kr www.google.com.ar www.google.co.in www.google.bg www.google.com.et www.google.no www.google.hr www.google.ee www.google.pl www.google.com.pk www.google.com.mt www.google.com.hk www.google.com.tr www.google.co.jp www.google.ru www.google.com.br www.google.rs www.google.dz www.google.co.za www.google.fi www.google.co.id www.google.ro www.google.lv www.google.com.sa www.google.co.th www.google.co.nz www.google.co.uz www.google.co.il www.google.lt www.google.sk www.google.com.vn www.google.ca www.google.com.my www.google.dk www.google.com.cy www.google.com.au www.google.md www.pinterest.com.au log.pinterest.com beacon.krxd.net *.dmxleo.com e1.emxdgt.com www.instagram.com *.fbcdn.net s.thebrighttag.com http://www.komar.de; object-src 'self'; script-src 'unsafe-eval' 'self' 'unsafe-inline' s.pinimg.com sslwidget.criteo.com static.criteo.net widgets.trustedshops.com www.google-analytics.com www.googletagmanager.com secure.pay1.de www.googleadservices.com static-eu.payments-amazon.com www.komar.de www.fototapete.de connect.facebook.net www.gstatic.com www.google.com widget.eu.criteo.com platform.instagram.com www.pagespeed-mod.com www.instagram.com *.fbcdn.net; style-src 'unsafe-inline' 'self' www.komar.de www.fototapete.de fonts.googleapis.com;report-uri https://komar.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-u1NOY4C2hasIbktjxB9Z2Q9oOG5CyKZG' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self' 'nonce-664b44444a326c434a49364f6b5474366444356d5844636a7064746f424d5a32777078635774516d36336b3d' data: https: 'strict-dynamic';script-src 'self' 'nonce-664b44444a326c434a49364f6b5474366444356d5844636a7064746f424d5a32777078635774516d36336b3d' data: https: 'strict-dynamic';style-src 'self' 'unsafe-inline' data: https: 'strict-dynamic'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=53amd41iqu6fo&partner=; 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' https://*.patientnow.com; object-src 'self'; base-uri 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-PH17rJ4+q3sdvJl806rwYVWXczbhINyjMLkxynllDzg9jBN6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' https://www.werkenbijikazia.nl https://www.ikazia.nl; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-WImy4xPBpea026888acJqmBb547TAtl3Wgl5NhT8q3NyZeGG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com/operating-anagram-8280/ https://lh3.googleusercontent.com/ https://stats.g.doubleclick.net/r/collect https://i.ytimg.com/ https://ad.doubleclick.net https://adservice.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com data:; script-src 'self' 'unsafe-eval' 'sha256-If5YkXjOaX9+Y2b1TABwFRqsMHrOMW2l2cQ5lJdj3w8=' https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-animate.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-touch.min.js https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js https://www.googletagmanager.com/gtag/js https://stats.g.doubleclick.net/r/collect https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ https://www.gstatic.com/brandstudio/kato/google_tag_manager_component/google_tag_manager_component.js https://*.googletagmanager.com https://www.gstatic.com 1
default-src 'self';base-uri 'self';form-action 'self' *.vardforbundet.se http://*.ineko.se; worker-src blob:; script-src 'unsafe-eval' 'unsafe-inline' *.youtube.com *.azure.net *.windows.net *.facebook.net *.humany.net *.teliacompany.com *.dreambroker.com *.episerver.com *.episerver.net *.hotjar.com *.cookiebot.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googletagmanager.com *.lightsinline.se *.google-analytics.com *.gstatic.com *.msecnd.net *.soundcloud.com *.vardforbundet.se *.local *.visualstudio.com *.matomo.cloud *.jquery.com *.bootstrapcdn.com *.ineko.se; style-src 'self' * 'unsafe-inline'; font-src data: 'self' *; img-src data: https: 'self' *; media-src *;connect-src 'self' *.lightsinline.se *.humany.net *.teliacompany.com *.teliacompany.net *.episerver.com *.episerver.net *.vardforbundet.se *.imagevault.app *.microsoftonline.com *.hotjar.com *.google-analytics.com *.visualstudio.com *.cookiebot.com *.matomo.cloud *.googleapis.com *.ineko.se *.windows.net; frame-ancestors 'self'; frame-src *.sverigesradio.se *.svt.se *.dreambroker.com  *.humany.net https://dreambroker.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.libsyn.com *.cookiebot.com *.vardforbundet.se *.google.com *.hotjar.com *.imagevault.app *.facebook.com *.local *.ineko.se 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.franker.center wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.franker.center wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.franker.center wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-zzTDNCb+NhGuSHNIEryFyg==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.franker.center wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors *.valordoconhecimento.com.br 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-VMIGmPbZs8NzTP75X7Nkic8pamYQvz1j3T1lq52pMSabLDin' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-3HUfaq+UMEbJoQbznQOPhO6Bhqn9x1zKj2YzrdbcsWHxmU6c' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://*.opsm.co.nz https://*.luxottica.com https://*.essilorluxottica.com; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://payments.google.com https://payments.sandbox.google.com https://clients2.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ShoppingUi/cspreport/allowlist 1
frame-ancestors 'self' http://localhost:8000 https://*.applyflow.site https://*.applyflow.com; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' * https://*.orimon.ai; 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://www.google-analytics.com; worker-src 'self' blob:; object-src 'none';connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://ipinfo.io https://www.googleapis.com https://data.hockeystack.com https://stats.g.doubleclick.net; frame-src 'self' blob: https://www.google.com; img-src 'self' data: https://secure.gravatar.com https://media.publit.io https://www.google-analytics.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://media.publit.io 1
default-src 'self' cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com vs.rupeek.com:446 *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai stats.g.doubleclick.net apis.sharechat.com *.taboola.com bcp.crwdcntrl.net maps.googleapis.com  api2.branch.io; img-src 'self' *.rupeek.com *.amazonaws.com *.facebook.com www.google-analytics.com www.google.co.in ssl.gstatic.com *.google.com d2r1yp2w7bby2u.cloudfront.net www.googletagmanager.com *.facebook.net *.gstatic.com data: googleads.g.doubleclick.net *.taboola.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.fibr.shop cdnjs.cloudflare.com rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.facebook.net www.google-analytics.com static.clevertap.com clevertap-prod.com *.clevertap-prod.com stats.g.doubleclick.net wzrkt.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com d2r1yp2w7bby2u.cloudfront.net *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com googleoptimize.com app.factors.ai sc-events-sdk.sharechat.com www.googleadservices.com *.taboola.com tags.crwdcntrl.net maps.googleapis.com app.link; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.googleapis.com *.google.com *.freshteam.com; frame-src www.youtube.com *.google.com *.hotjar.com *.hotjar.io tsdtocl.com; object-src 'none'; font-src 'self' cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai apis.sharechat.com *.taboola.com bcp.crwdcntrl.net data: maps.googleapis.com 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://j.6sc.co https://www.googletagmanager.com https://acsbapp.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://f.vimeocdn.com https://geolocation.onetrust.com https://player.vimeo.com https://secure.gravatar.com https://www.vimeo.com;style-src 'self' 'report-sample' 'unsafe-inline' privacyportal-cdn.onetrust.com secure.gravatar.com;object-src 'none';frame-src 'self' execinterv.hs.llnwd.net *.vimeo.com www.podbean.com;child-src 'self' blob: https://golubcapital.com/dd851642-085b-4211-986f-bd1aec5773a1 *.vimeo.com vimeo.com;img-src 'self' data: *.6sc.co *.w.org *.vimeocdn.com *.vimeo.com *.gravatar.com 315aed63859a.o3n.io cdn.cookielaw.org dify.wpengine.com golubcapital.com wpmudev.com;font-src 'self' data: golubcapital.com privacyportal-cdn.onetrust.com;connect-src 'self' https://acsbapp.com *.adnxs.com *.google-analytics.com *.google.com stats.g.doubleclick.net *.6sense.com *.6sc.co *.onetrust.com *.gravatar.com cdn.acsbapp.com cdn.cookielaw.org my.wpengine.com vimeo.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self' *.w.org *.vimeo.com vimeo.com; 1
prefetch-src 'none' 1
frame-ancestors miyazaki-city.sakura.ne.jp 1
default-src 'self'; connect-src 'self' https://video.figure.nz https://a.tiles.mapbox.com https://api.rollbar.com https://www.woopra.com; font-src 'self' data:; img-src 'self' data: https://video.figure.nz https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com; media-src https://video.figure.nz; script-src 'self' https://cdnjs.cloudflare.com https://static.woopra.com https://www.woopra.com https://code.jquery.com https://cdn.rawgit.com https://api.mapbox.com 'nonce-nsyWnKnDjWBijvEd'; style-src 'self' 'unsafe-inline' https://api.mapbox.com; worker-src blob:; report-uri https://figurenz.report-uri.com/r/d/csp/enforce 1
default-src 'self' yastatic.net; script-src yastatic.net mc.yandex.ru suggest-maps.yandex.ru www.youtube.com s.ytimg.com; style-src 'unsafe-inline' yastatic.net; img-src 'self' yastatic.net *.mds.yandex.net mc.yandex.ru mc.yandex.by mc.yandex.uz mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.webvisor.com mc.webvisor.org mc.admetrica.ru data:; font-src yastatic.net; connect-src 'self' yandex.ru mc.yandex.ru suggest-maps.yandex.ru mc.admetrica.ru; child-src blob: mc.yandex.ru; frame-src blob: yandex.ru mc.yandex.ru www.youtube.com frontend.vh.yandex.ru; report-uri https://csp.yandex.net/csp?from=poll.production&project=pythia; 1
frame-ancestors 'self' https://www.onsv.org.br https://www.maioamarelo.com https://test-widgrid-mkt.com.br 1
frame-ancestors https://media.caliceo.com 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' data: blob:; frame-ancestors 'self' https://astrabit.io https://*.astrabit.io; frame-src 'self' https://astrabit.io https://*.astrabit.io https://www.google.com https://core.spreedly.com; img-src 'self' data: blob: https://astrabit.io https://*.astrabit.io https://www.googletagmanager.com https://www.google-analytics.com https://upload.wikimedia.org; media-src 'self' https://astrabit.io https://*.astrabit.io; connect-src 'self' wss://api.astrabit.io wss://auth.astrabit.io wss://astrabit.io https://astrabit.io wss://*.astrabit.io https://*.astrabit.io https://fonts.gstatic.com https://www.google-analytics.com https://apiprod.fattlabs.com https://core.spreedly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://ssl.google-analytics.com https://core.spreedly.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' https://leadfoxcloud.com https://vts.seriousfactory.com https://seriousfactory.com https://app.leadfox.co; 1
default-src 'self'  https://*.hotjar.com/ https://*.hotjar.io/ https://www.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://www.google-analytics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://consent.cookiebot.com/ https://consent.cookiebot.com/ http://platform.twitter.com/ https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/ http://pi.pardot.com/ http://cdn.pardot.com/ https://*.hotjar.com/ https://vimeo.com/ https://player.vimeo.com/api/player.js https://platform.twitter.com  http://widget.trustpilot.com/ https://widget.trustpilot.com/ https://cdn.syndication.twimg.com/ https://www2.smartestenergy.com https://syndication.twitter.com https://www.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://www.google.com/ https://www.gstatic.com/;      frame-src 'self' https://vimeo.com/ https://id.stark.co.uk/ https://vars.hotjar.io/ https://vars.hotjar.com/ *.twimg.com  https://twitter.com/ https://www.google.com https://consentcdn.cookiebot.com https://player.vimeo.com/ https://www.youtube.com/  https://www2.smartestenergy.com/ https://platform.twitter.com/ https://uk.trustpilot.com/ https://widget.trustpilot.com/ https://www.buzzsprout.com/ https://syndication.twitter.com/;      connect-src 'self' data: https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://*.hotjar.io/ wss://*.hotjar.io/ wss://hotjar.io wss://hotjar.com wss://*.hotjar.com/ https://*.hotjar.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://vc.hotjar.io/ https://surveystats.hotjar.io;      font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://script.hotjar.io/ https://script.hotjar.com/;       style-src 'self' 'unsafe-inline' data: https://platform.twitter.com/ https://fonts.googleapis.com/ *.twimg.com;      img-src 'self' data:  https://www2.smartestenergy.com/ https://www.google-analytics.com/ https://platform.twitter.com/ *.twimg.com/ https://syndication.twitter.com/ https://www.google.com/ https://accounts.google.com https://dashboard.umbraco.org/ https://i.vimeocdn.com/ https://script.hotjar.com/ https://script.hotjar.io/ https://sto0webseleu.blob.core.windows.net/; media-src 'self' 1
default-src 'self' *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com assets.adobedtm.com players.brightcove.net 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.jsdelivr.net *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://px.ads.linkedin.com/ https://privacyportal-uk.onetrust.com/ https://c1001.report.gbss.io *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com/ *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com data: blob: 'unsafe-inline'; frame-src 'self' https://player.adventr.io/ https://adventr.io/ *.adventr.io/ *.frame.io https://www.youtube.com/ https://8qck26qv.videomarketingplatform.co/ https://video.twentythree.com/ https://player.vimeo.com/ https://landgdevv8.blob.core.windows.net/ https://salandgqa.blob.core.windows.net/ https://landgautv8.blob.core.windows.net/ https://landgv8prod.blob.core.windows.net/ *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co cicero-group.com www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com assets.adobedtm.com *.cloudflare.com players.brightcove.net; style-src 'self' *.fonts.net *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com 'unsafe-inline'; font-src 'self' *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com 'unsafe-inline' data:; script-src-elem 'self' https://snap.licdn.com/ https://polyfill.io https://cdn.gbqofs.com *.jsdelivr.net *.legalandgeneral.com *.gstatic.com *.google.com 8qck26qv.videomarketingplatform.co www.gravatar.com ir.q4europe.com landgbrand.fra1.qualtrics.com maps.gstatic.com maps.googleapis.com cm.everesttech.net legalandgeneral.demdex.net dpm.demdex.net fonts.gstatic.com  cdn-ukwest.onetrust.com fonts.googleapis.com *.cloudflare.com players.brightcove.net assets.adobedtm.com 'unsafe-inline' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-3753e246154a2d38efa044e31231bab8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://cdn.onesignal.com https://c.disquscdn.com https://disqus.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com; frame-src 'self' https://www.youtube.com https://onesignal.com https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://disqus.com https://platform.twitter.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com https://js.stripe.com/ https://checkout.stripe.com/ https://widget.trustpilot.com/ https://www.google.com https://cse.google.es https://secure.trust-provider.com https://www.crowdcast.io https://embed.restream.io https://maxprog.repuso.com https://iframe.videodelivery.net https://cdn.forms-content.sg-form.com https://player.vimeo.com https://vimeo.com https://web.facebook.com https://app.meetedgar.com https://accounts.google.com https://www.videoask.com https://a39a7b1b.sibforms.com https://frn6tt1te6.execute-api.eu-west-1.amazonaws.com https://www.facebook.com https://form.typeform.com https://jmp.sh https://jumpshare.com https://sibautomation.com https://maxprog.thereviewsplace.com https://www.semrush.com https://publer.io https://status.maxprog.com https://www.sandbox.paypal.com https://*.wistia.com https://*.wistia.net https://*.semrush.com https://conversations-widget.sendinblue.com https://conversations-widget.brevo.com https://getbutton.io https://line.me; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://onesignal.com https://cdn.onesignal.com https://platform-api.sharethis.com https://maxprog.disqus.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform.twitter.com https://c.disquscdn.com https://*.cloudfront.net https://api.repuso.com https://repuso.com https://js.stripe.com/v3 https://checkout.stripe.com/v2/checkout.js https://widget.trustpilot.com  https://secure.trust-provider.com https://www.gstatic.com https://clients1.google.com https://*.cloudflare.com  https://static.cloudflareinsights.com https://certify-js.alexametrics.com  https://event.webinarjam.com https://cdnjs.cloudflare.com https://www.bigmarker.com https://a.omappapi.com https://a.trstplse.com https://extend.vimeocdn.com https://plugins.eventable.com https://widgets.thereviewsplace.com http://ajax.googleapis.com https://maxprog.qhub.com https://apis.google.com https://accounts.google.com  https://www.videoask.com https://productquestions-clientstaticfiles.trustpilot.com https://connect.facebook.net https://embed.typeform.com https://vimeo.com https://*.github.io https://cdn.provesrc.com https://apps.elfsight.com https://static.elfsight.com https://sibautomation.com https://chat.sendinblue.com https://www.youtube.com https://*.ytimg.com https://storage.elfsight.com https://cdn.headwayapp.co/ https://links.services.disqus.com https://www.clarity.ms https://widget.manychat.com https://mccdn.me https://www.paypal.com https://recaptcha.net https://*.clarity.ms https://translate-pa.googleapis.com https://static.ads-twitter.com https://*.wistia.com https://*.vimeo.com https://*.vimeocdn.com https://yoast.com https://*.semrush.com https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io  https://tag.clearbitscripts.com https://x.clearbitjs.com https://*.providesupport.com https://conversations-widget.brevo.com https://conversations-widget.sendinblue.com https://*.elfsight.com https://*.elfsightcdn.com https://sbl.onfastspring.com; connect-src 'self' https://api.thereviewsplace.com wss://widget-mediator.zopim.com https://onesignal.com https://l.sharethis.com https://links.services.disqus.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com https://www.google-analytics.com https://stats.g.doubleclick.net https://checkout.stripe.com https://yoast.com https://translate.googleapis.com  https://api.omappapi.com https://*.omappapi.com https://rdp.rhombusads.com https://api.trstplse.com https://app.optmnstr.com https://api-js.mixpanel.com https://api.videoask.com https://cloudflareinsights.com https://www.clarity.ms https://app.omappapi.com https://client-api.provesrc.com https://apps.elfsight.com https://data.elfsight.com https://in-automate.sendinblue.com   https://*.elfsight.com https://chat-operating-back.sendinblue.com wss://chat-messaging.sendinblue.com  https://graph.facebook.com https://www.sandbox.paypal.com https://*.wistia.com https://*.akamaihd.net https://*.litix.io https://api.vimeo.com https://my.yoast.com https://*.semrush.com https://api.amplitude.com wss://www.semrush.com https://fresnel-events.vimeocdn.com  https://geo.privacymanager.io https://bcp.crwdcntrl.net https://secure.archiebot.com  https://app.clearbit.com https://widget.getbutton.io https://in-automate.brevo.com https://*.sharethis.com; img-src 'self' https://repuso.com https://widgets.thereviewsplace.com https://rc.rlcdn.com https://platform-cdn.sharethis.com https://l.sharethis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://checkout.stripe.com https://www.gstatic.com https://syndication.twitter.com https://www.google.es https://www.googleapis.com https://clients1.google.com https://d1f8f9xcsvx3ha.cloudfront.net https://secure.gravatar.com https://q.stripe.com https://cdn.viglink.com https://links.services.disqus.com data: https://secure.trust-provider.com https://translate.googleapis.com https://translate.google.com https://encrypted-tbn3.gstatic.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn2.gstatic.com https://ssl.gstatic.com https://img.onesignal.com https://img.youtube.com https://referrer.disqus.com https://c.disquscdn.com  https://www.googletagmanager.com https://d5ln38p3754yc.cloudfront.net https://optin-monster.s3.amazonaws.com https://a.omappapi.com  https://lh3.googleusercontent.com https://www.gravatar.com https://i.ytimg.com https://www.videoask.com https://www.facebook.com https://*.digitaloceanspaces.com https://*.provesrc.com https://*.amazonaws.com https://*.googleusercontent.com  https://t.co https://chat-public.sendinblue.com https://*.gstatic.com https://*.ggpht.com https://maxprog.thereviewsplace.com  https://*.capterra-static.com https://*.trustpilot.com https://c.bing.com https://files.elfsight.com https://assets.thereviewsplace.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://pbs.twimg.com https://graph.facebook.com https://*.xx.fbcdn.net https://stanbusk.files.wordpress.com *; style-src 'self' 'unsafe-inline' https://*.maxprog.com https://onesignal.com https://c.disquscdn.com https://www.google.com https://translate.googleapis.com https://repuso.com https://repuso.com/widgets/modal.css https://repuso.com/widgets/floating.css https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.clarity.ms https://a.omappapi.com https://translate-pa.googleapis.com https://www.gstatic.com https://sbl.onfastspring.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://repuso.com https://stage.repuso.com data:  https://*.github.io https://assets.sendinblue.com https://maxcdn.bootstrapcdn.com; media-src 'self' blob: https://res.cloudinary.com https://media.videoask.com https://www.youtube.com; object-src 'self' blob: ; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com static.ads-twitter.com analytics.twitter.com siteimprove.com analytics.google.com *.siteimprove.net *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co t.co analytics.twitter.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://www.upmraflatac.com *.siteimprove.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com go.upmraflatac.com *.siteimprove.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 1
frame-ancestors self https://amoozesh.ir https://farayad.org https://www.farayad.org https://demo.farayad.org https://chat.farayad.org https://live1.farayad.org https://live2.farayad.org https://www.googletagmanager.com https://www.google-analytics.com; 1
block-all-mixed-content; frame-ancestors *.backwash.com.br 1
font-src *.gstatic.com data: *.fontawesome.com *.cloudfront.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.amazonaws.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cloudfront.net *.twitter.com *.facebook.com *.sibs.pt *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.yumpu.com *.turbilhao.pt *.cloudfront.net *.amazonaws.com *.doubleclick.net *.facebook.com *.sibs.pt *.freshchat.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.amazonaws.com *.cloudfront.net blob: *.klarnaevt.com *.klarnacdn.net * *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.cloudfront.net *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klarna.com *.klarnaservices.com * *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.trusted.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.freshchat.com *.klarnacdn.net unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudfront.net *.cloudflare.com *.googleapis.com *.analytics.google.com *.twitter.com *.paypal.com *.twimg.com *.klarna.com *.klarnacdn.net *.amazonaws.com *.doubleclick.net *.oribi.io *.tiktok.com *.cardinalcommerce.com *.cookiepro.com *.facebook.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.cetelem.pt *.linkedin.com *.google.com *.klarnaevt.com *.klarnaservices.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.cloudfront.net 'self' 'unsafe-inline'; 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' http://localhost:3000 ws://localhost:3000 1
default-src 'self' *.google-analytics.com; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com www.googletagmanager.com *.google-analytics.com platform.twitter.com connect.facebook.net s7.addthis.com simplify.com; frame-src 'self' *.youtube.com *.facebook.com platform.twitter.com; media-src https://ogilvyone.cachefly.net/cosmotetv/ 1
frame-ancestors databet.ec sb1client-altenar.biahosted.com 1
font-src 'self' data: https://ka-f.fontawesome.com/ https://fonts.gstatic.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/ https://portal.hipp.ua/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net https://cdn.admixer.net/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ http://code.jquery.com http://static.etracker.com/code/e.js https://unpkg.com/share-api-polyfill/dist/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com http://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net/ http://inv-dmp.admixer.net/ https://cdn.admixer.net/ https://analytics.tiktok.com https://www.clarity.ms/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://tagmanager.google.com/ https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js ; img-src 'self' data:  https://www.facebook.com/ https://ssl.google-analytics.com/ http://www.google-analytics.com/ www.youtube-nocookie.com www.youtube.com https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ua https://maps.gstatic.com https://portal.hipp.ua/ https://static.addtoany.com/buttons/; connect-src 'self' https://ka-f.fontawesome.com/ https://kit.fontawesome.com https://www.facebook.com/tr/ https://www.etracker.de https://www.google-analytics.com/ https://analytics.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://portal.hipp.ua/ https://inv-nets-eu.admixer.net/ https://analytics.tiktok.com/ https://b.clarity.ms/ wss://portal.hipp.ua/ wss://rtc-cloud-eu1.bitrix.info; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/ ;  frame-src 'self' https://portal.hipp.ua/ https://www.google.com/recaptcha/ www.youtube.com www.youtube-nocookie.com https://www.facebook.com/ https://bid.g.doubleclick.net/ https://t.me/ https://web.facebook.com/; child-src 'self' https://www.facebook.com/ https://staticxx.facebook.com/ ; object-src 'none' ; 1
default-src 'self' localhost:* *.iding.tw:* boss.mypos.com.tw istore.weibyapps.com:*;connect-src 'self' localhost:* *.iding.tw:* istore.weibyapps.com:* google-analytics.com google.com spay.samsung.com https://www.facebook.com/pay https://www.google-analytics.com https://google.com/pay https://www.google.com/pay https://pay.google.com;frame-src 'self' localhost:* https://pay.google.com https://js.tappaysdk.com;img-src boss.mypos.com.tw data: iding.tw:* *.iding.tw:* istore.laya.com.tw localhost:* weiby-breakfast-store.s3.amazonaws.com weiby-breakfast-store.s3-us-west-2.amazonaws.com https://www.google-analytics.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg www.googletagmanager.com;script-src 'self' 'unsafe-inline' localhost:* *.iding.tw:* pay.google.com https://www.clarity.ms/ https://www.clarity.ms/tag https://www.google-analytics.com https://pay.google.com/gp/p/js/pay.js https://js.tappaysdk.com/tpdirect/v5.12.3 https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; default-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-ancestors 'self' https://trustseal.enamad.ir/ 1
script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.google.com.tw https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://certify-js.alexametrics.com https://*.holmesmind.com; style-src 'self' 'unsafe-inline' data:; 1
frame-ancestors https://lovingthisdress.it https://lovingthisdress.es 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 1
default-src 'self' https://fids.bluedcs.ir https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://www.aparat.com; 1
frame-ancestors https://www.promise.com.hk https://promise.com.hk; 1
default-src 'self' *.rio.bg facebook.com *.facebook.com *.yandex.ru *.criteo.com *.pusher.com *.google.com *.google-analytics.com *.doubleclick.net *.googleapis.com youtube.com *.youtube.com *.youtu.be; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.google.com *.yandex.ru *.criteo.net *.criteo.com facebook.com *.facebook.com *.facebook.net *.cloudflare.com  *.pusher.com *.jsdelivr.net unpkg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com unpkg.com accounts.google.com/gsi/style; font-src * data: 1
frame-ancestors https://passport.tutorjr.com https://www.tutorjr.com https://omsorder.tutorabc.com https://consultant.tutorabc.com https://homework.tutorjr.com 1
default-src 'self'; child-src 'self' data: www.google.com *.soundcloud.com www.youtube.com; object-src 'self' *.soundcloud.com; font-src 'self' data: fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com connect.facebook.net www.gstatic.com www.google-analytics.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com; img-src 'self' www.google.sk www.facebook.com sk.wikipedia.org upload.wikimedia.org http://www1.teraz.sk http://images.swaton.sk http://vedanadosah.cvtisr.sk http://www.zivaspomienka.sk data: blob: csi.gstatic.com maps.gstatic.com maps.googleapis.com maps.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com 1
img-src 'self' *.elasticbeanstalk.com *.amazonaws.com *.googleusercontent.com *.linkedin.com *.google.co.id *.google.com *.facebook.com data: *.gstatic.com *.googleapis.com *.facebook.net *.googletagmanager.com *.ideal.id *.idealindonesia.com *.clarity.ms *.google-analytics.com *.bing.com; frame-ancestors 'self' https://*.google.com/ *.netcorecloud.com https://fullmoon-353203.firebaseapp.com; frame-src 'self' https://*.google.com/ *.netcorecloud.com https://fullmoon-353203.firebaseapp.com *.doubleclick.net; form-action 'self' https://www.facebook.com/; font-src 'self' *.hansel.io *.gstatic.com; media-src 'self' *.gstatic.com; manifest-src 'self' *.netcoresmartech.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.clarity.ms/ https://*.google.com/ *.netcoresmartech.com *.hansel.io https://snap.licdn.com https://www.google-analytics.com https://*.gstatic.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://connect.facebook.net *.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.clarity.ms/ https://*.google.com/ *.netcoresmartech.com *.hansel.io https://snap.licdn.com https://www.google-analytics.com https://*.gstatic.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://connect.facebook.net *.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.hansel.io *.googleapis.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hansel.io *.googleapis.com; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https: blob:; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://counter.top.ge https://connect.facebook.net; img-src https://* data:; style-src 'self' 'unsafe-inline'; child-src https://*.facebook.com; base-uri 'none'; form-action 'self' https://cse.google.com; frame-ancestors 'none'; report-uri /csp-report.php; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: sftworks.jp *.sftworks.jp maps.google.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.googleadservices.com bid.g.doubleclick.net s.dc-tag.jp t.dc-tag.jp sgs-api.interactive-circle.jp analytics.google.com googleads.g.doubleclick.net https://td.doubleclick.net/ *.yahoo.co.jp s.yjtag.jp s.yimg.jp *.criteo.net *.criteo.com delivery.satr.jp satr.jp satori.segs.jp b.st-hatena.com b.hatena.ne.jp platform.twitter.com connect.facebook.net www.facebook.com apis.google.com ajax.googleapis.com code.jquery.com cdn.jsdelivr.net cdn.treasuredata.com in.treasuredata.com app.chatplus.jp appimg.chatplus.jp; img-src * data: 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
default-src 'self' https://*.cliqqgrocery.com https://*.googleapis.com https://*.google-analytics.com;connect-src 'self' https://*.cliqqgrocery.com https://www.google-analytics.com;font-src 'self' https://*.cliqqgrocery.com https://fonts.gstatic.com data:;img-src 'self' https://cliqqshop.imgix.net https://*.cliqqgrocery.com https://*.googleapis.com https://*.google-analytics.com data:;script-src 'self' https://cdn.jsdelivr.net https://*.cliqqgrocery.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.cliqqgrocery.com fonts.googleapis.com 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' www.googletagmanager.com https://fonts.googleapis.com https://polyfill.io https://apps.mypurecloud.com https://www.google-analytics.com www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://noembed.com www.google-analytics.com https://it-crm-p-api-tree-alberatura-fa.azurewebsites.net https://it-crm-p-api-tree-documenti-farmacia-fa.azurewebsites.net https://it-crm-p-api-tree-calendario-farmacia-fa.azurewebsites.net https://it-crm-p-api-tree-vetrine-farmacia-fa.azurewebsites.net https://it-crm-p-api-tree-gestione-ticket-fa.azurewebsites.net https://it-crm-p-api-tree-note-fa.azurewebsites.net https://it-crm-p-api-tree-contratti-fa.azurewebsites.net https://cdn.plyr.io https://region1.google-analytics.com https://interactionservice.comifar.it/ https://docomifar-test.service.docflow.it https://comifar-cdn.fulsvc.com; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; img-src  'self' https://www.google-analytics.com https://comifar-cdn.fulsvc.com www.googletagmanager.com https://i.ytimg.com data:; frame-src 'self' www.youtube-nocookie.com; object-src 'none'; frame-ancestors 'self'; report-to csp-endpoint; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.bg https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.bg https://m.myprotein.bg https://checkout.myprotein.bg https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.google-analytics.com https://surveystats.hotjar.io https://*.hotjar.io gateway.zscloud.net https://plausible.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com www.google.com apis.google.com https://surveystats.hotjar.io connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://extend.vimeocdn.com https://player.vimeo.com google.com/recaptcha/ cdn.userway.org/ gateway.zscloud.net https://kit.fontawesome.com/656696535d.js https://plausible.io/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com cdn.userway.org/ gateway.zscloud.net https://use.fontawesome.com https://plausible.io/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://use.fontawesome.com http://script.hotjar.com https://script.hotjar.com data: cdn.userway.org/ https://ka-f.fontawesome.com/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://services.postcodeanywhere.co.uk https://stsukmpcdnprod001.blob.core.windows.net https://CDN-SUK-MemberPortal-Prod-001.azureedge.net https://cdn.rpmi.co.uk https://script.hotjar.com http://script.hotjar.com cdn.userway.org/ gateway.zscloud.net; media-src 'self' data: blob:; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com/ cdn.userway.org/ https://forms.office.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://services.postcodeanywhere.co.uk https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://directline.botframework.com wss://directline.botframework.com https://api.pwnedpasswords.com api.userway.org/ cdn.userway.org/ https://ka-f.fontawesome.com https://plausible.io/ https://cdn77.api.userway.org/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://static.zdassets.com/ekr/snippet.js https://static.ads-twitter.com/uwt.js https://static.zdassets.com/ekr/sentry-browser.min.js https://script.hotjar.com/ https://static.hotjar.com/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://documentcloud.adobe.com/view-sdk/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ ; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: ; img-src * data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://ekr.zdassets.com/compose/ https://synetiq.zendesk.com/ wss://widget-mediator.zopim.com/ https://s3.eu-west-2.amazonaws.com/assets.synetiq-auctions.co.uk/ https://viewlicense.adobe.io/viewsdklicense/jwt https://vc.hotjar.io/sessions/ https://content.hotjar.io/ wss://ws.hotjar.com ; font-src 'self' data: filesystem: ; frame-ancestors 'self'; frame-src *; media-src 'self' filesystem: https://static.zdassets.com/ ; 1
default-src 'self' static.wp.com wp.com paystack.com file: img-src: * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.synlab.com.ng *.googleapis.com *.gstatic.com *.synlab.com secure.gravatar.com *.facebook.net *.w.org *.facebook.com cdnjs.cloudflare.com *.wp.com *.google.com  *.cloudflareinsights.com  *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com  *.youtube.com *.googletagservices.com *.paystack.co *.paystack.com *.googlesyndication.com  ajax.cloudflare.com frame-src: 'self' *.googlesyndication.com   script-src: 'self' *.googlesyndication.com 1
frame-src https://minun.synlab.fi/ https://qaportal.synlab.fi/ https://player.vimeo.com/ https://static.addtoany.com/ https://www.google.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.youtube.com/ https://ninchat.com/ https://form.apsis.one; upgrade-insecure-requests; 1
frame-ancestors 'self' www.batteriesexpert.com 1
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' *.googleadservices.com *.cloudflare.com *.newrelic.com *.googletagmanager.com *.google.com *.translate.google.com *.googleapis.com *.tinymce.com *.twitter.com *.facebook.net *.gstatic.com *.intercom.io *.google-analytics.com *.nr-data.net *.intercomcdn.com *.tiny.cloud *.clarity.ms *.licdn.com *.googlesyndication.com *.g.doubleclick.net *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.io/api/1455410/security/?sentry_key=d0d6eb54193b4525b8ff364e9d62b192&sentry_environment=production 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src  'self'; script-src  'self' *.googleapis.com *.gstatic.com pagead2.googlesyndication.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com cdn.consentmanager.net *.delivery.consentmanager.net; style-src  'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.delivery.consentmanager.net; font-src  'self' *.googleapis.com *.gstatic.com; img-src  'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ggpht.com *.googletagmanager.com cdn.consentmanager.net *.delivery.consentmanager.net; connect-src  'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.delivery.consentmanager.net; frame-src  'self' https://www.google.com/maps/embed/v1/place https://translate.google.com cdn.consentmanager.net; report-uri /api/1/rest/crashcollector; 1
frame-ancestors 'self' https://scorm.myecampus.com.au 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.hr https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.hr https://m.myprotein.hr https://checkout.myprotein.hr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ng.myschenker.fi; font-src 'self' data 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.psylio.com psylio-staging-documents.s3.ca-central-1.amazonaws.com epsylio-production-documents.s3.ca-central-1.amazonaws.com dfjogbk1v3oj5.cloudfront.net d3oc56gtmg6tf0.cloudfront.net www.googletagmanager.com www.facebook.com *.facebook.net *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.stripe.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io cdn-cookieyes.com directory.cookieyes.com log.cookieyes.com consentlog.cookieyes.com crm.zohopublic.com data: blob:; base-uri 'none'; form-action 'self' crm.zoho.com *.psylio.com www.facebook.com; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.hotjar.com https://www.google-analytics.com https://*.googletagmanager.com https://tpc.googlesyndication.com https://connect.facebook.net https://analytics.tiktok.com https://www.googleadservices.com https://c.imedia.cz https://ac.adlion.jp/ https://jsv3.recruitics.com https://platform.twitter.com https://webevents.kayzen.io https://challenges.cloudflare.com https://static.cloudflareinsights.com https://*.usercentrics.eu;style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.usehurrier.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://analytics.tiktok.com https://errors.syslogistics.io https://*.usercentrics.eu;font-src 'self' https://*.hotjar.com https://fonts.gstatic.com;frame-src 'self' https://www.facebook.com https://challenges.cloudflare.com https://www.youtube.com https://player.vimeo.com;img-src * blob: https://*.hotjar.com https://*.usercentrics.eu;manifest-src 'self';media-src 'self';worker-src 'none';report-uri https://errors.syslogistics.io/api/38/security/?sentry_key=86d334ae9f6e49cd99d39cd9b3849326; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src https://www.google-analytics.com/ 'self' data:; style-src 'unsafe-inline' https:; font-src 'self' https: data:; object-src https://planificador.santillana.com.ec/ 'self'; frame-src https://www.google.com/ https://planificador.santillana.com.ec/ 'self'; media-src 'self'; 1
block-all-mixed-content; frame-ancestors *.saovito.com 1
default-src 'none'; script-src 'self' *.cloudflareinsights.com *.instagram.com unpkg.com *.sharethis.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net *.google.com *.cloudflare.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.crazyegg.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.ttwstatic.com *.addthis.com *.moatads.com *.addthisedge.com; img-src 'self'  *.sharethis.com googleads.g.doubleclick.net www.facebook.com *.google-analytics.com *.google.com *.google.co.id i.ytimg.com data: *.tiktokcdn.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com; connect-src 'self' *.sharethis.com  pagead2.googlesyndication.com adservice.google.com analytics.google.com *.googleapis.com *.doubleclick.net *.crazyegg.com *.google-analytics.com *.addthis.com; font-src 'self' fonts.gstatic.com; object-src 'self'; frame-src 'self' *.sharethis.com *.instagram.com td.doubleclick.net *.youtube.com *.tiktok.com *.addthis.com *.google.com; media-src 'self'; worker-src 'self' blob:; frame-ancestors 'self'; 1
frame-ancestors https://servizioelettricoroma.it 1
frame-ancestors 'self' tallyeducation.com *.tallyeducation.com 1
script-src 'self' *.topsource.in *.topsource.co.uk *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://my.nomeo.com 1
default-src 'self' data: 'unsafe-inline' blob: https://*.lpsnmedia.net;child-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://dam.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net;report-uri https://o624961.ingest.sentry.io;font-src 'self' data: https://static.lexusasia.com;style-src 'self' data: 'unsafe-inline' https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.googleadservices.com https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com https://o624961.ingest.sentry.io wss://api.livechatinc.com  https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com;connect-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io wss://*.liveperson.net https://*.visualwebsiteoptimizer.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com https://o624961.ingest.sentry.io wss://api.livechatinc.com  https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://liveperson-assets.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-src 'self' https://*.fls.doubleclick.net https://*.google.com https://*.liveperson.net https://*.lpsnmedia.net https://tags.tiqcdn.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com ;worker-src 'self' blob:;frame-ancestors https://www.messenger.com https://www.facebook.com; 1
frame-ancestors 'self' movired.cl  https://www.metro.cl https://metroqa.agenciacatedral.com https://www.puntototalredtransaccional.cl 1
default-src 'self' 'unsafe-inline' https: data: blob: intent: fb-messenger:; frame-ancestors self; report-to https://seguranca.ancar.com.br/csp-violation-report-endpoint/; form-action 'self' https://www.facebook.com/; 1
frame-ancestors 'self' https://*.store https://store; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline';font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;; report-uri https://www.ioaffitto.it/csp.report; 1
form-action 'self' https://secure.payzen.eu 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com/pagead/ maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com/gtm.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://embed.tawk.to/ *.google-analytics.com connect.facebook.net https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://kendo.cdn.telerik.com/; connect-src *; img-src 'self' https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ web.facebook.com www.facebook.com maps.googleapis.com *.google-analytics.com https://maps.gstatic.com/mapfiles/ https://core.subwaycostarica.com/ecommerce/Images/Upload/ https://www.subwaycostarica.com/ResourcePackages/ https://azcore.subwaycostarica.com/ecommerce/Images/Upload/ https://www.googletagmanager.com/ data: blob:; font-src 'self' fonts.gstatic.com https://embed.tawk.to/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://embed.tawk.to/ www.google.com; frame-src 'self' https://www.google.com/; base-uri 'self'; form-action 'self' https://credomatic.compassmerchantsolutions.com/ https://www.facebook.com/tr/; media-src 'self' data: blob:; child-src 'self'; https://www.google.com/ https://maps.google.com/ https://www.facebook.com/; object-src 'self'; 1
frame-src 'self' https://www.youtube.com/; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://h.seznam.cz https://ssp.seznam.cz https://csi.gstatic.com https://ssp.imedia.cz https://adservice.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.facebook.com *.iplatba.cz *.zbozi.cz https://onesignal.com; font-src 'self' data: application https://fonts.gstatic.com https://www.fontsaddict.com https://themes.googleusercontent.com; form-action 'self' https://widget.packeta.com https://3dsecure.gpwebpay.com https://www.facebook.com; frame-src  'self' https://ssp.seznam.cz https://h.seznam.cz https://platform.twitter.com https://c-ng.seznam.cz https://c-ng.seznam.cz https://c-ko.seznam.cz https://ssp.imedia.cz https://www.seznam.cz https://h.imedia.cz https://ads.pubmatic.com https://secure.adnxs.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://widget.packeta.com http://s.imedia.cz https://www.google.cz https://www.google.com https://out.sklik.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://googleads.g.doubleclick.net https://c.imedia.cz https://accounts.google.com https://staticxx.facebook.com https://onesignal.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: blob: https://via.placeholder.com https://track.adform.net https://googleads.g.doubleclick.net https://ssp.seznam.cz https://h.seznam.cz https://platform-lookaside.fbsbx.com https://graph.facebook.com https://syndication.twitter.com https://ssp.imedia.cz https://i.seznam.cz https://h.imedia.cz https://www.techarena.cz https://www.huramobil.cz https://pagead2.googlesyndication.com https://widget.packeta.com https://www.techarena.cz https://www.heureka.cz https://ssl.heureka.cz https://hit.skrz.cz https://www.srovname.cz https://www.googletagmanager.com https://app.geispoint.cz https://img.onesignal.com https://maps.gstatic.com https://maps.googleapis.com https://c.imedia.cz https://i.ytimg.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://h.seznam.cz https://code.jquery.com https://partner.googleadservices.com https://platform.twitter.com https://s1.adform.net https://cdn.ampproject.org https://ssp.imedia.cz https://h.imedia.cz https://cdnjs.cloudflare.com https://serve.affiliate.heureka.cz https://adservice.google.cz https://adservice.google.com https://www.googletagservices.com https://connect.facebook.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://widget.packeta.com https://www.googletagmanager.com https://ajax.googleapis.com https://ssl.heureka.cz https://muj.skrz.cz https://out.sklik.cz https://www.srovname.cz https://c.imedia.cz https://sandbox.zbozi.cz https://www.zbozi.cz https://c.imedia.cz https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com https://c.imedia.cz https://cdn.onesignal.com https://connect.facebook.net https://googleads.g.doubleclick.net https://im9.cz https://onesignal.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com https://www.shoproku.cz/js/interstitial.min.js https://pagead2.googlesyndication.com/pagead/js/r20201001/r20190131/show_ads_impl_fy2019.js https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js; style-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://code.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://onesignal.com https://pagead2.googlesyndication.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-pOZcpn9mgUORGRsCWRjKAw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * 1
frame-src 'self' https://www.youtube.com; frame-ancestors 'self'  https://*.defend.net; 1
frame-ancestors 'self' https://privatily.net 1
frame-src data: https://*.nibw.es/ https://api.paycomet.com https://js.stripe.com https://www.google.com https://www.youtube.com https://www.facebook.com https://consentcdn.cookiebot.com/ https://*.hotjar.com https://app.mailjet.com https://pwebnibw.avant2.es/ https://pwebsegurosdvida.avant2.es/ https://llamamegratis.es/ https://*.paypal.com/ https://app.signaturit.com https://sign-app.signaturit.com/ https://form.typeform.com/ https://share-eu1.hsforms.com/ https://spg.qly.site1.sibs.pt 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.co.il https://www.myheritage.co.il  'nonce-861b4fffd68a52ad6151aa240daac54b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors https://*.lg.com.br/ 'self' 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.ar/report-uri/enforce 1
default-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://frontend-cdn.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com https://frontend-cdn.digitalchargingsolutions.com https://*.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.paypal.com ; font-src 'self' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1
default-src 'self' data: www.chguadalquivir.es www.youtube.com www.eltiempo.es *.gstatic.com mappinggis.com *.google.com *.google-analytics.com *.googleapis.com www.flickr.com *.twitter.com *.twimg.com www.colectivosvip.com *.juntadeandalucia.es www.ign.es http://www.ign.es *.ideandalucia.es *.callejerodeandalucia.es gischg.chguadalquivir.es 127.0.0.1:* *.maptiler.com; script-src 'self' www.eltiempo.es *.google.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.juntadeandalucia.es *.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.juntadeandalucia.es; frame-src 'self' *.aemet.es www.youtube.com www.eltiempo.es *.google.com *.gstatic.com gischg.chguadalquivir.es *.meteoblue.com; img-src 'self' data: tile.openstreetmap.org *.google-analytics.com *.googleapis.com *.gstatic.com *.cartocdn.com *.opentopomap.org *.ign.es *.chguadalquivir.es; worker-src blob:; child-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://partner.googleadservices.com ajax.googleapis.com cse.google.com *.moviead55.ru mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru https://cse.google.com vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com  https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net  *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com *.braun634.com *.trafficbass.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru vak345.com *.vak345.com https://sync.dmp.otm-r.com *.adriver.ru https://user91471.clients-cdnnow.ru https://videoroll.net videoroll.net *.videoroll.net playep.pro https://servicer.traffic-media.co.uk https://jsc.traffic-media.co.uk https://cs377.hotkabachok.com https://cs377.tvoimembydni.com https://vidroll.ru *.vidroll.ru https://pub-eu.p.otm-r.com https://cdn.serianta.com https://cse.google.com videosmor.com datalock.ru *.videosmor.com push-centr.net push-plus.net https://farteniuson.com https://*.newsforall.biz fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://play.google.com https://yourbestbro1s.site https://track.analitycs.net https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* mc.yandex.fr yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com datalock.ru https://farteniuson.com https://syndication.twitter.com https://videoroll.net http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: etcodes.com:8040 etcodes.com:8040 ws://etcodes.com:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' data: fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com *.google.com https://code.moviead55.ru vak345.com etcodes.com https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 1
default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pkm.social; img-src 'self' https: data: blob: https://pkm.social; style-src 'self' https://pkm.social 'nonce-2gbBv4n16cbJCRnZetwTnw=='; media-src 'self' https: data: https://pkm.social; frame-src 'self' https:; manifest-src 'self' https://pkm.social; form-action 'self'; child-src 'self' blob: https://pkm.social; worker-src 'self' blob: https://pkm.social; connect-src 'self' data: blob: https://pkm.social https://sb-pkm.b-cdn.net wss://pkm.social; script-src 'self' https://pkm.social 'wasm-unsafe-eval' 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; connect-src * 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.greateasternlife.com *.lifeisgreat.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.juicer.io *.addthis.com *.twitter.com *.demdex.net *.omtrdc.net *.youtube.com *.ytimg.com *.qualtrics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; font-src 'self' fonts.gstatic.com data:; img-src * data: *.qualtrics.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm ade.googlesyndication.com; media-src 'self' *.scene7.com; frame-src 'self' *.google.com *.gstatic.com *.doubleclick.net *.juicer.io *.twitter.com *.addthis.com *.financialexpress.net *.youtube.com *.facebook.net *.facebook.com *.qualtrics.com safe.menlosecurity.com; object-src 'self' *.qualtrics.com; connect-src 'self' *.greateasterngeneral.com *.greateasternlife.com *.addthis.com *.demdex.net *.google-analytics.com *.omtrdc.net *.doubleclick.net *.facebook.net *.facebook.com *.qualtrics.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob: https: 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com *.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz bat.bing.com cdnjs.cloudflare.com *.klarnacdn.net *.pinterest.com *.maxcdn.com *.heureka.cz *.gstatic.com www.ladenzeile.de www.google.com www.google.cz *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com *.googletagmanager.com www.facebook.com *.privacysandbox.googleadservices.com www.googleadservices.com *.g.doubleclick.net *.googleapis.com *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.heureka.sk *.pinimg.com *.daktela.com *.clarity.ms bat.bing.com *.klarnacdn.net *.criteo.com *.google.com *.luigisbox.com  *.cloudflare.com *.gopay.com *.moebel.de www.ladenzeile.de *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleapis.com pixel.biano.ro c.imedia.cz *.smartlook.com *.smartlook.cloud *.targito.expedo-moebel.de *.targito.com *.cloudflare.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.luigisbox.com x.klarnacdn.net js.klarna.com *.klarnaevt.com *.pinterest.com *.daktela.com *.clarity.ms *.analytics.google.com *.google-analytics.com www.facebook.com p.biano.ro *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo-moebel.de *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.klarna.com *.pinterest.com *.targito.com *.moebel.de *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.sk *.foxentry.cz *.foxentry.com *.bubbleapps.io; worker-src blob: *.foxentry.cz *.foxentry.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mspsocial.net; img-src 'self' https: data: blob: https://mspsocial.net; style-src 'self' https://mspsocial.net 'nonce-ndkVodMydypT503m+wfuTg=='; media-src 'self' https: data: https://mspsocial.net; frame-src 'self' https:; manifest-src 'self' https://mspsocial.net; connect-src 'self' data: blob: https://mspsocial.net https://mspimages.sfo2.cdn.digitaloceanspaces.com wss://mspsocial.net; script-src 'self' https://mspsocial.net 'wasm-unsafe-eval'; child-src 'self' blob: https://mspsocial.net; worker-src 'self' blob: https://mspsocial.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.mattrifeofficial.com/ https://*.paypal.com/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.mattrifeofficial.com/ https://*.paypal.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.trenino-rosso-bernina.it/ *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.it *.facebook.net *.facebook.com *.doubleclick.net *.trenino-rosso-bernina.it cdnjs.cloudflare.com *.iubenda.com maxcdn.bootstrapcdn.com *.googlesyndication.com *.ytimg.com *.doubleclick.net *.youtu.be youtu.be *.trenino-rosso-bernina.it *.youtube.com *.hotjar.com *.hotjar.io *.spreaker.com *.doubleclick.net *.youtu.be youtu.be *.optinly.net *.optinly.com *.wisernotify.com *.cloudfunctions.net *.wisermapp.com *.amazonaws.com data: blob: wss:; 1
frame-ancestors  https://hr.steelmint.com https://coalshastra.com https://www.coalshastra.com  https://uat.coalshastra.com https://staging.coalshastra.com  https://coalgenie.com https://www.coalgenie.com  https://steelmintevents.com https://www.steelmintevents.com  https://www.amerikansteels.com/ https://amerikansteels.com/ https://www.mahalaxmitrading.com/ https://mahalaxmitrading.com/ https://www.provisionsourcing.com/ https://provisionsourcing.com/ http://www.spongeironindia.com/ http://spongeironindia.com/ https://www.goindiastocks.com/ https://goindiastocks.com/ https://www.iisssc.org/ https://iisssc.org/ https://www.steelmint.com/ https://steelmint.com/ https://www.nutrishilp.com/ https://nutrishilp.com/ https://www.pmai.co.in/ https://pmai.co.in/ https://www.coalmint.com/ https://coalmint.com/ https://dc.nutrishilp.com/ https://www.dc.nutrishilp/ https://www.steelvia.com/ https://steelvia.com/ https://www.bigmint.co/ https://bigmint.co/ https://www.api.bigmint.co/ https://api.bigmint.co/; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-clear.com https://shop-id-clear.com/; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://popupmaker.com https://*.googletagmanager.com https://*.bronto.com wss://*.hotjar.com https://snapwidget.com https://*.nr-data.net https://*.newrelic.com https://*.calendly.com https://*.flodesk.com https://*.getsitecontrol.com https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com *.tokenex.com https://browser.sentry-cdn.com https://js.sentry-cdn.com *.smartlook.cloud *.hsadspixel.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.doubleclick.net https://*.localizecdn.com https://*.usemessages.com;object-src 'self' https://repzio-azurefunctions-pdfgenerator.azurewebsites.net;style-src 'self' 'unsafe-inline' https://popupmaker.com https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://snapwidget.com https://popupmaker.com https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net https://*.localizecdn.com https://*.junipercdn.com;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com https://repzioproductimages.s3.amazonaws.com;frame-src 'self' https://*.captur3d.io/ https://*.matterport.com/ https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://snapwidget.com https://*.aftermkt.com https://popupmaker.com https://momento360.com https://calendly.com https://kuula.co https://*.activemerchandiser.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com https://repzio-azurefunctions-pdfgenerator.azurewebsites.net *.tokenex.com/ https://*.doubleclick.net https://*.hubspot.com https://*.hsforms.com;font-src 'self' https://b2bbucket.s3.amazonaws.com https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://popupmaker.com https://*.popupmaker.com https://*.flodesk.com https://*.getsitecontrol.com *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net *.sentry.io *.smartlook.cloud *.hsadspixel.net https://*.amazonaws.com https://*.localizecdn.com *.segment.com/ https://api.hubspot.com https://*.hsforms.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' 'unsafe-eval' *.odigo.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.wp.com *.odigo.com *.googleapis.com *.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.vimeo.com *.player.vimeo.com *.jsdelivr.net *.soundcloud.com *.licdn.com *.parsely.com *.youtube.com *.sociabble.com *.wp.com *.matomo.cloud *.hotjar.com *.odigo.com *.licdn.com *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.gaconnector.com *.googleapis.com *.googleadservices.com *.gstatic.com *.cookiebot.com *.doubleclick.net; img-src * data:; connect-src 'self' *.oribi.io *.linkedin.oribi.io *.doubleclick.net *.parsely.com *.matomo.cloud *.google.com *.googleapis.com *.google-analytics.com wss://*.wordpress.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.azureedge.net *.cookiebot.com *.dynamics.com; font-src 'self' *.jsdelivr.net *.googleapis.com *.wp.com *.gstatic.com *.odigo.com data:; frame-src 'self' calendly.com *.calendly.com *.soundcloud.com *.google.com *.googlesyndication.com *.wp.com *.dynamics.com *.hotjar.com *.cookiebot.com *.youtube.com *.vimeo.com *.DoubleClick.net; upgrade-insecure-requests; report-uri https://odigo.mabronet.pl/report.php 1
default-src 'self'; child-src 'self' *.youtube.com *.youtube-nocookie.com *.bambuser.com *.twitter.com *.vimeo.com; script-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com piwik.xnet-x.net *.jsdelivr.net; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net; img-src 'self' piwik.xnet-x.net *.twitter.com i.ytimg.com *.twimg.com *.piwik.xnet-x.net data:; 1
default-src  'self' *.youmecard.jp *.digicert.com *.yjtag.jp *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.co.jp yjtag.yahoo.co.jp seal.verisign.com ogp.me ad.atown.jp *.trendmicro.com *.yimg.jp *.googleadservices.com *.userlocal.jp 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' *.youmecard.jp *.digicert.com *.google.com *.google-analytics.com *.google.co.jp *.yjtag.jp yjtag.yahoo.co.jp seal.verisign.com ogp.me ad.atown.jp *.trendmicro.com *.yimg.jp *.googleadservices.com *.userlocal.jp 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: www.kroschke.com 'self' wss://www.kroschke.com www.kroschke.com fonts.gstatic.com *.googleapis.com *.trustedshops.com *.api.etrusted.com *.etrusted.com *.trustbadge.com *.cloudfront.net cloudstorage.kroschke.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.gstatic.com *.googlecommerce.com *.youtube.com *.g.doubleclick.net *.ampproject.org *.google.de *.google.com tracking-dev.kroschke.com *.jquery.com *.trbo.com *.moin.ai wss://*.moin.ai *.criteo.com *.criteo.net criteo-sync.teads.tv criteo-partners.tremorhub.com sync-criteo.ads.vieldmo.com ib.adnxs.com sync-t1.taboola.com visitor.omnitagjs.com matching.ivitrack.com exchange.mediavine.com sync-criteo.ads.yieldmo.com beacon.krxd.net *.bing.com *.cookiefirsst.com *.cookiebot.com *.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.mouseflow.com *.leadinfo.net *.leadinfo.com linkedin.com *.linkedin.com *.linkedin.oribi.io *.licdn.com px.ads.linkedin.com *.youtube-nocookie.com *.peerius.com *.episerver.net *.facebook.net *.facebook.com *.uptain.de j26jg1ho6j.execute-api.eu-central-1.amazonaws.com *.kroschke.com *.kroschke.at *.hein.eu *.cloudflare.com *.commerce-connector.com *.js.ubembed.com *.ubembed.com *.outbrain.com tracking.kroschke.com *.surveymonkey.com *.teads.tv *.tremorhub.com *.vieldmo.com; base-uri 'self' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-80e8ce5ed2f14486a07db684ad3504af' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
object-src 'none'; script-src 'self' 'unsafe-eval' www.google.com www.gstatic.com cdn.jsdelivr.net www.googletagmanager.com ml314.com code.visitor-track.com connect.facebook.net cse.google.com pagead2.googlesyndication.com www.findberry.com static.addtoany.com connect.facebook.net polyfill.io snap.licdn.com www.google-analytics.com partner.googleadservices.com adservice.google.com tpc.googlesyndication.com www.facebook.com ws.zoominfo.com tags.clickagy.com assets.calendly.com js.zi-scripts.com 1
default-src 'self'; child-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://gateway.zscaler.net https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/exif-js https://cdn.jsdelivr.net/npm/uuid@latest/dist/umd/uuidv4.min.js https://cdnjs.cloudflare.com/ajax/libs/html5-qrcode/1.2.4/html5-qrcode.min.js; img-src 'self' data: https://baggage-files-dev.s3.eu-west-2.amazonaws.com https://baggage-files-qa.s3.eu-west-2.amazonaws.com https://baggage-files-demo.s3.eu-west-2.amazonaws.com https://baggage-files-perf.s3.eu-west-2.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline'  https://cdn.cookielaw.org https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://www.recaptcha.net https://cdn.cookielaw.org; connect-src 'self'  wss: https://www.google-analytics.com https://cdn.cookielaw.org https://s3.eu-west-2.amazonaws.com/baggage-files-dev https://s3.eu-west-2.amazonaws.com/baggage-files-qa https://s3.eu-west-2.amazonaws.com/baggage-files-perf https://s3.eu-west-2.amazonaws.com/baggage-files-demo https://wtss-api.mybag-dev.aero https://wtss-api.mybag-qa.aero https://wtss-api.mybag-demo.aero https://wtss-api.mybag-perf.aero https://kiosk-api.mybag-dev.aero https://kiosk-api.mybag-qa.aero https://kiosk-api.mybag-demo.aero https://kiosk-api.mybag-perf.aero; frame-src 'self' https://fonts.gstatic.com https://google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha; 1
script-src 'self' 'unsafe-eval'  ; report-uri /api/csp; base-uri 'self'; object-src 'none' 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.anchor.fm anchor.fm indd.adobe.com *.sentry-cdn.com *.spotify.com www.platform31.nl *.fontawesome.com concentcdn.cookiebot.com 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src * 'self' data: 1
object-src 'self' https://staging-www.dornbirn.at https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; frame-ancestors 'self' https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https http strict-dynamic https://* data: blob: 1
font-src *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.postfinance.ch 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com checkout.postfinance.ch *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com dampfi.ch *.dampfi.ch red-vape.ch *.red-vape.ch e-zigaretteria.ch *.e-zigaretteria.ch distrocorp.ch *.distrocorp.ch plentymarkets.com *.plentymarkets.com amazonaws.com *.amazonaws.com stats.g.doubleclick.net checkout.postfinance.ch *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com newrelic.com www.google.com www.gstatic.com checkout.postfinance.ch *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com newrelic.com *.google-analytics.com *.google.com checkout.postfinance.ch *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://u-matomo.wcb.ab.ca https://matomo.wcb.ab.ca https://gateway.zscalerthree.net/ https://www.youtube.com/ https://s.ytimg.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com s3.amazonaws.com wcb.us17.list-manage.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; connect-src 'self' https://maps.googleapis.com https://u-matomo.wcb.ab.ca https://matomo.wcb.ab.ca https://gateway.zscalerthree.net/ http://www.assembly.ab.ca https://www.googleapis.com http://servicealberta.ca http://www.finance.alberta.ca http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.google-analytics.com http://www.googletagmanager.com; img-src 'self' data: https://gateway.zscalerthree.net/ https://i.ytimg.com/ https://ssl.gstatic.com/ https://www.gstatic.com https://www.google-analytics.com http://chart.apis.google.com https://maps.googleapis.com https://maps.gstatic.com https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' https://gateway.zscalerthree.net/ https://fonts.googleapis.com https://tagmanager.google.com/ https://fonts.googleapis.com/ cdn-images.mailchimp.com; font-src 'self' fonts.gstatic.com https://gateway.zscalerthree.net/ http://script.hotjar.com https://script.hotjar.com; media-src 'self'; frame-src 'self' https://gateway.zscalerthree.net/ https://www.google.com https://www.gstatic.com https://www.youtube.com/ https://vars.hotjar.com; child-src https://vars.hotjar.com; object-src 'self' https://gateway.zscalerthree.net/ https://www.youtube.com/ 1
default-src *.eversports.nl *.acuityscheduling.com bam.nr-data.net bat.bing.com *.facebook.net *.cookiebot.com *.doubleclick.net *.facebook.com fonts.googleapis.com *.gstatic.com *.formitable.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com *.googletagmanager.com *.googletraveladservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io iframeshop.chipta.com *.instagram.com js-agent.newrelic.com *.loyaltyinabox.com optimize.google.com *.optimole.com player.vimeo.com p.relay-t.io secure.gravatar.com secure-hotel-tracker.com 'self' translate.googleapis.com 'unsafe-eval' 'unsafe-inline' w.soundcloud.com www.mixcloud.com www.w3.org wss: *.youtube.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.spotify.com data: ; 1
default-src 'self'; img-src 'self' *.google-analytics.com pcg-edu-test.oktapreview.com blob: data:; connect-src 'self' *.microsoft.com *.google-analytics.com  blob: data: ; font-src 'self' data: https: *.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.canvasjs.com *.google-analytics.com ajax.googleapis.com tagmanager.google.com *.googletagmanager.com static.pcgeducation.com; style-src 'self' 'unsafe-inline' https: *.fontawesome.com *.googleapis.com static.pcgeducation.com ; object-src 'none' 1
default-src 'none'; frame-src 'self' player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io monitor.omr.de matomo.omr.de cdn.plyr.io player.vimeo.com; font-src 'self' data:; connect-src 'self' matomo.omr.de cdn.plyr.io; img-src 'self' i.vimeocdn.com data:; style-src 'self' 'unsafe-inline' cdn.plyr.io; base-uri 'self'; form-action 'self' export.highcharts.com; manifest-src 'self' 1
block-all-mixed-content; frame-ancestors 'self' fantasticservicesgroup.com.au cdn.fantasticservicesgroup.com.au api.fantasticservicesgroup.com.au obf.fantasticservicesgroup.com.au accounts.fantasticservicesgroup.com.au wss://*.hotjar.com wss://*.hotjar.io cobrowsing.freshchat.com wss://*.pusher.com wss://*.freshworksapi.com https://*.pusher.com https://*.freshworksapi.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-4c832caa1eeee3437ac4c95dd07659ab'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
img-src *.terma.com *.hr-on.com *.hsforms.net *.cludo.com *.hsforms.com *.facebook.com *.bing.com *.linkedin.com *.doubleclick.net *.google.com *.hubspot.com *.google.dk 'self' data:; font-src 'self'  ; default-src 'self' *.cookieinformation.com *.youtube.com *.hsforms.net *.hsforms.com *.cludo.com *.hr-on.com https://hr-skyen.dk https://fast.fonts.net *.googletagmanager.com *.google-analytics.com *.licdn.com *.facebook.net *.bing.com *.linkedin.oribi.io *.hs-scripts.com *.googleadservices.com *.hs-banner.com *.hs-analytics.net *.piwik.pro *.cloudflare.com *.terma.com 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline' data: about: gsa://onpageload 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com *.google-analytics.com https://googleads.g.doubleclick.net phf.tbe.taleo.net *.hotjar.com https://static.hotjar.com *.adform.net https://dec.azureedge.net/ munchkin.marketo.net https://northwestfcs.formstack.com northwestfcs.formstack.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.vimeocdn.com web-chat.nativechat.com unpkg.com/@frontify/ pi.pardot.com https://go.farmcreditwest.com/ https://my.agwestfc.com/ *.cloudinary.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com web.facebook.com www.facebook.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://a1.seadform.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.formstack.com *.adform.net agwestfc.com https://agwestfc.com farmcreditwest.com https://www.farmcreditwest.com phf.tbe.taleo.net https://player.flipsnack.com northwestfcs.formstack.com https://northwestfcs.formstack.com https://*.sfmc-content.com https://player.vimeo.com https://vod-progressive.akamaized.net https://vars.hotjar.com https://bid.g.doubleclick.net digital.nexsitepublishing.com www.buzzsprout.com www.podbean.com www.google.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.mktoresp.com *.frontify.com *.cloudinary.com *.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; frame-ancestors 'self' *.formstack.com NorthwestFCS.formstack.com https://NorthwestFCS.formstack.com highplainsfarmcredit.com www.farmcreditofvirginias.com www.agchoice.com www.agcountry.com www.farmcrediteast.com www.greenstonefcs.com 1
base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io; object-src 'none'; 1
frame-ancestors 'self' *.risevision.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-5450ee102b5b4e34800a564cd82719db' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.gravatar.com use.fontawesome.com fonts.googleapis.com *.google-analytics.com fonts.gstatic.com *.googletagmanager.com *.vimeo.com 1
frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.addthis.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com https://plausible.io https://beacon-v2.helpscout.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com https://plausible.io https://beacon-v2.helpscout.net; font-src https://fonts.gstatic.com https://ka-p.fontawesome.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://website.assets.churchsuite.com https://i.vimeocdn.com https://cdn.churchsuite.com https://d2oqjddkfv895o.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://secure.gravatar.com; frame-src https://player.vimeo.com; connect-src https://kit.fontawesome.com https://ka-p.fontawesome.com https://plausible.io https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://*.churchsuite.co.uk https://*.churchsuite.com https://churchsuite.com; 1
frame-ancestors 'none'; sandbox allow-downloads allow-scripts allow-same-origin; default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; base-uri 'none'; form-action 'none'; media-src 'self' 1
default-src 'none'; font-src https://fonts.gstatic.com; img-src 'self' https://i.creativecommons.org https://licensebuttons.net; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
style-src 'self' blob: https: 'unsafe-inline' https://www.stovesareus.co.uk/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' *.gstatic.com *.klarna.com *.playground.klarna.com *.tawk.to *.klarnacdn.net *.playground.klarnaservices.com *.klarnaservices.com *.typekit.net *.googleapis.com; frame-src 'self' https://www.stovesareus.co.uk/ *.cardinalcommerce.com *.braintreegateway.com  *.trustpilot.com *.youtube.com *.youtu.be *.vimeo.com *.reviews.co.uk *.klarna.com *.playground.klarna.com *.playground.klarnaservices.com *.tawk.to *.klarnaservices.com *.klarnacdn.net *.paypal.com *.dotmailer-surveys.com *.google.com *.gstatic.com; 1
default-src 'self' 'unsafe-eval' http: https: data: script: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.walkme.com https://arn.upraise.io https://cdn.jsdelivr.net https://lp.poweredbyonsite.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://simpleui-test-au.vixverify.com https://code.jquery.com https://gateway.nab.com.au https://cdnjs.cloudflare.com.au https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.gstatic.com https://www.google.com https://paynow.pmnts.io https://app.powerbi.com https://js-agent.newrelic.com https://bam-cell.nr-data.net blob:; frame-src https://pumaenergyqld.safetyhub.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts.io https://player.vimeo.com https://*.avetta.com https://app.powerbi.com https://*.poweredbyonsite.com https://*.ls.poweredbyonsite.com https://cloud.scorm.com https://*.qa.ls.poweredbyonsite.com https://*.dev.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts-sandbox.io https://paynow.pmnts.io https://player.vimeo.com https://*.qa.poweredbyonsite.com https://*.dev.poweredbyonsite.com https://*.avetta.com https://app.powerbi.com https://reports-staging.poweredbyonsite.com https://www.youtube.com https://cloud.scorm.com 'self' blob: data:; frame-ancestors https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://*.poweredbyonsite.com https://poweredbyonsite.com https://*.okta.com; object-src 'self' https://*.ls.poweredbyonsite.com blob:; 1
connect-src 'self' mixpanel-api-proxy-soaps.ondigitalocean.app https://uploads.intercomcdn.com *.stripe.com connect.facebook.net fbcapi.novoresume.io novoresume.com *.pinterest.com api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.google.com vc.hotjar.io *.hotjar.com ws://*.hotjar.com *.doubleclick.net *.clarity.ms cdn.linkedin.oribi.io https://widget.trustpilot.com https://vimeo.com *.novoresume.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: fonts.gstatic.com *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com *.novoresume.com; frame-src 'self' *.stripe.com *.googleapis.com *.pinterest.com d6tizftlrpuof.cloudfront.net *.google.com *.hotjar.com *.novoresume.com https://intercom-sheets.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com; img-src 'self' data: *.novoresume.com https://downloads.intercomcdn.com https://www.googletagmanager.com https://cx.atdmt.com *.clarity.ms *.bing.com csi.gstatic.com www.gstatic.com *.doubleclick.net log.pinterest.com *.google.com connect.facebook.net fbcapi.novoresume.io *.pinterest.com *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com https://optimize.google.com https://bat.bing.com *.linkedin.com https://*.vimeocdn.com *.novoresume.com www.google.us; media-src 'self' js.intercomcdn.com *.novoresume.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.novoresume.com mixpanel-api-proxy-soaps.ondigitalocean.app d6tizftlrpuof.cloudfront.net *.clarity.ms *.google.com *.googleadservices.com connect.facebook.net fbcapi.novoresume.io *.pinimg.com snap.licdn.com assets.pinterest.com www.googletagmanager.com *.doubleclick.net www.facebook.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com *.hotjar.com https://optimize.google.com https://bat.bing.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com www.google.us; style-src 'self' 'unsafe-inline' *.novoresume.com tagmanager.google.com d6tizftlrpuof.cloudfront.net *.googleapis.com https://optimize.google.com *.novoresume.com 1
default-src 'self' data: blob:; frame-src 'self'; script-src 'self' data: blob: https://www.googletagmanager.com; connect-src 'self'; img-src 'self' https://data.ultimate-disassembly.com http://data.ultimate-disassembly.com; style-src 'self'; frame-ancestors 'self'; form-action 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-hGaB4QcaU9BBNxJgur7k4cGuQQPbv2Ojgzoak1A3TkM+XLaz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Pbk27WZ8/OndIGjE8FZUlUZQ0yxGIYMpbsdvnxQOifDbFvDF' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com 1
default-src blob: data: 'self' *.foodcorps.org *.linkedin.com *.newrelic.com *.formassembly.com *.nr-data.net *.oribi.io *.licdn.com *.tiktok.com sdk.classy.org *.classy.org classy.org www.classy.org *.pantheonsite.io http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.w3.org *.gravatar.com *.gstatic.com wss://ws.pusherapp.com *.google.com *.pusher.com *.googleapis.com *.cloudfront.net *.bugsnag.com *.bugherd.com *.google.com.np *.googletagmanager.com *.amcharts.com *.tfaforms.net *.authorize.net *.doubleclick.net foodcorps.tfaforms.net *.tfaforms.com *.facebook.net *.facebook.com *.google-analytics.com *.youtube.com *.pardot.com sample-videos.com *.vimeo.com *.p2a.co http://p2a.co/js/embed/widget/advocacywidget.min.js *.github.io http://s3-us-west-2.amazonaws.com http://p2a.co *.amazonaws.com 'unsafe-inline' 'unsafe-eval';media-src 'self' http://s3-us-west-2.amazonaws.com https://verify.authorize.net http://p2a.co http://p2a.co/js/embed/widget/advocacywidget.min.js *.amazonaws.com *.vimeo.com *.youtube.com *.akamaized.net *.gstatic.com wss://ws.pusherapp.com;frame-ancestors 'self' classy.org *.classy.org;form-action 'self' *.pantheonsite.io *.foodcorps.org *.facebook.com *.tfaforms.net foodcorps.tfaforms.net *.tfaforms.com ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mograph.social; img-src 'self' https: data: blob: https://mograph.social; style-src 'self' https://mograph.social 'nonce-IKJTyAvOG8JHhmmJFYiOvw=='; media-src 'self' https: data: https://mograph.social; frame-src 'self' https:; manifest-src 'self' https://mograph.social; form-action 'self'; child-src 'self' blob: https://mograph.social; worker-src 'self' blob: https://mograph.social; connect-src 'self' data: blob: https://mograph.social https://cdn.masto.host wss://mograph.social; script-src 'self' https://mograph.social 'wasm-unsafe-eval' 1
default-src 'self' www.google-analytics.com cdnjs.cloudflare.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; 1
default-src 'self'; connect-src https: wss:; font-src 'self' data:; frame-src https:; img-src https: data:; media-src https: blob: data:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 1
default-src 'self' telligen.okta.com *.oktacdn.com; connect-src 'self' telligen.okta.com telligen-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com telligen.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' telligen.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' telligen.okta.com *.oktacdn.com; frame-src 'self' telligen.okta.com telligen-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' telligen.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' telligen.okta.com data: *.oktacdn.com fonts.gstatic.com 1
frame-ancestors 'self' https://*.linnovate.net https://*.elementor.cloud https://haretzion.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://az416426.vo.msecnd.net; img-src 'self' data: https://www.google.com/recaptcha https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://vortex.data.microsoft.com; 1
style-src 'self' 'nonce-1dd79311-3bc3-4f01-a798-19df7969593a' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-1dd79311-3bc3-4f01-a798-19df7969593a' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.inovance.com *.baidu.com *.bdimg.com qiyukf.com;font-src 'self' data:;img-src 'self' *.inovance.com *.comein.cn *.bdimg.com *.sinajs.cn *.baidu.com data: 1
default-src 'self' 'unsafe-inline' at.alicdn.com www.googletagmanager.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.geetest.com api.geetest.com monitor.geetest.com res.wx.qq.com www.googletagmanager.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; style-src 'unsafe-inline' at.alicdn.com static.geetest.com dn-staticdown.qbox.me unpkg.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; img-src www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com data: https://viawallet-static.oss-cn-hongkong.aliyuncs.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; font-src 'unsafe-inline' at.alicdn.com data: unpkg.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; connect-src www.google-analytics.com https://analytics.google.com/g/collect stats.g.doubleclick.net false *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com https://api.avax.network/ext/bc/C/rpc https://bsc-dataseed.binance.org https://rpc.coinex.net https://etc.rivet.link https://eth.llamarpc.com/ https://rpcapi.fantom.network https://polygon-rpc.com/; frame-src player.bilibili.com player.vimeo.com www.youtube.com www.ixigua.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; frame-ancestors none 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: *.talenthub.io *.widget.cdn.septima.dk *.search.cdn.septima.dk *.services.datafordeler.dk;worker-src blob:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-RiznITxYhZOuPMXmKvkjkQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https;  font-src 'self' *.gstatic.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com;  style-src 'self' 'unsafe-inline' *.googleapis.com staticcdn.co.nz *.typekit.net *.twitter.com *.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com staticcdn.co.nz code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com  *.govt.nz/_resources/app/javascript/dist/bundle.min.js *.youtube.com youtube.com *.vimeo.com vimeo.com *.player.vimeo.com livestream.com; style-src-attr 'self' 'unsafe-inline' *.govt.nz/_resources/app/javascript/dist/bundle.min.js pbs.twimg.com;  worker-src 'none';  img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com www.google.com www.google.co.nz stats.g.doubleclick.net *.twitter.com pbs.twimg.com i.ytimg.com i.vimeocdn.com shielded.co.nz staticcdn.co.nz;  connect-src 'self' *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.govt.nz/graphql;  frame-src 'self' *.google.com *.youtube.com player.vimeo.com livestream.com *.twitter.com staticcdn.co.nz *.paymentexpress.com *.windcave.com *.govt.nz;  frame-ancestors 'self'; object-src 'none'; form-action 'self' *.twitter.com *.govt.nz http://www.nzlii.org; media-src *.govt.nz *.amazonaws.com *.livestream.com; 1
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.sprinklr.com firestoneindustrial.mpeasylink.com *.googleapis.com *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.twitter.com *.sprinklr.com https://www.google.com/recaptcha/api.js firestoneindustrial.mpeasylink.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' *.gstatic.com *.sprinklr.com data: 1
default-src 'self' stats.g.doubleclick.net ajax.googleapis.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com mms.businesswire.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com use.typekit.net p.typekit.net; font-src 'self' 'unsafe-inline' *.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.youtube.com analytics.imirwin.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com https://sc.lfeeder.com https://connect.facebook.net/en_US/sdk.js; connect-src 'self' stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com analytics.imirwin.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com judxu4avx2.execute-api.eu-west-1.amazonaws.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com irs.tools.investis.com; base-uri 'none'; form-action 'self' 1
frame-ancestors hnitbjoerg.able-group.de hnitbjoerg-live.able-plattform.de                                         hnitbjoerg-test.able-plattform.de; 1
frame-ancestors 'self' https://mycollection.stanleygibbons.com/ 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODhlNWYyNDc0MDg3NGE2ODg5MGE0ZTczZjY4MjJiOGQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.volkshuisvestingnederland.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.volkshuisvestingnederland.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.volkshuisvestingnederland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-93ade15f35c99f260a36264a68fca15e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; connect-src 'self' widget.freshworks.com mademarket.freshdesk.com www.google-analytics.com cdn.linkedin.oribi.io *.googleapis.com *.amazonaws.com *.raygun.io; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.mademarket.co; form-action *; frame-ancestors app.hubspot.com; frame-src 'self' player.vimeo.com js.stripe.com www.google.com; img-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com js.stripe.com code.jquery.com cdn.jsdelivr.net player.vimeo.com widget.freshworks.com cdnjs.cloudflare.com *.mademarket.co *.googletagmanager.com snap.licdn.com *.raygun.io *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net widget.freshworks.com fonts.googleapis.com cdnjs.cloudflare.com *.mademarket.co; worker-src 'self' data: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.qq.com https://*.qq.com http://*.weishi.com https://*.weishi.com http://*.m.tencent.com https://*.m.tencent.com http://*.weixin.qq.com https://*.weixin.qq.com https://midas.gtimg.cn http://vm.gtimg.cn https://vm.gtimg.cn 'nonce-2075619022';style-src 'self' 'unsafe-inline' http://*.qq.com https://*.qq.com http://*.qpic.cn https://*.qpic.cn;object-src 'self' http://*.qq.com https://*.qq.com http://*.qpic.cn https://*.qpic.cn http://*.qlogo.cn https://*.qlogo.cn;font-src 'self' data: http://*.qq.com https://*.qq.com http://fonts.gstatic.com https://fonts.gstatic.com;frame-ancestors 'self' http://wx.qq.com https://wx.qq.com http://wx2.qq.com https://wx2.qq.com https://test-tonghang.woa.com https://tonghang.woa.com http://wx8.qq.com https://wx8.qq.com http://web.wechat.com https://web.wechat.com http://web1.wechat.com https://web1.wechat.com http://web2.wechat.com https://web2.wechat.com http://sticker.weixin.qq.com https://sticker.weixin.qq.com http://bang.qq.com https://bang.qq.com http://app.work.weixin.qq.com https://app.work.weixin.qq.com http://work.weixin.qq.com https://work.weixin.qq.com http://finance.qq.com https://finance.qq.com http://gu.qq.com https://gu.qq.com http://wzq.tenpay.com https://wzq.tenpay.com http://www.tentrees.cn https://www.tentrees.cn http://test.tcp.tencent.com https://test.tcp.tencent.com http://dev.tcp.tencent.com https://dev.tcp.tencent.com http://tcp.tencent.com https://tcp.tencent.com http://mail.qq.com https://mail.qq.com http://wx.mail.qq.com https://wx.mail.qq.com http://iwx.mail.qq.com https://iwx.mail.qq.com http://dev.mail.qq.com https://dev.mail.qq.com http://*.woa.com https://*.woa.com http://file.daihuo.qq.com https://file.daihuo.qq.com http://huxuan.qq.com https://huxuan.qq.com http://test-huxuan.qq.com https://test-huxuan.qq.com http://pre-huxuan.qq.com https://pre-huxuan.qq.com https://ilabel.weixin.qq.com https://search.weixin.qq.com https://mp.weixin.qq.com http://dev.mp.weixin.qq.com:8003; worker-src 'self' blob:;report-uri https://mp.weixin.qq.com/mp/fereport?action=csp_report 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b86288c78e01b4e2a6bb62a642ca4748'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' localhost www.toxlearning.co.uk toxlearning.co.uk 1
default-src 'self' ; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn-cookieyes.com https://analytics.digited.it https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net data:; img-src 'self' https: data:; frame-src 'self' https://campaign.moodle.org; connect-src 'self' https://log.cookieyes.com https://cdn-cookieyes.com https://analytics.digited.it https://directory.cookieyes.com https://api.imunify360.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rC27UY73ZuW392B8U6RHBb70Vg8rMHtMN4flxilx7TgS67CN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.babycare.no *.production.babycare.vdc.dev *.klarnacdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.addwish.com *.facebook.com *.hotjar.com *.ubembed.com *.vimeo.com *.leander.com *.klarnaservices.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.klarna.com *.klarnaevt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.babycare.no *.production.babycare.vdc.dev *.cloudfront.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.es *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.klarna.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com https://widget.postenlabs.no/ *.trustpilot.com *.babycare.no *.production.babycare.vdc.dev cdnjs.cloudflare.com script.hotjar.com *.addwish.com *.cloudfront.net *.googletagmanager.com *.g.doubleclick.net *.static.doubleclick.net *.facebook.net *.connect.facebook.net *.klarnaservices.com *.hotjar.com *.ubembed.com *.chimpstatic.com chimpstatic.com *.zdassets.com widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://widget.postenlabs.no/assets/ *.trustpilot.com *.babycare.no *.production.babycare.vdc.dev *.cloudfront.net *.klarnacdn.net fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.babycare.no *.production.babycare.vdc.dev *.addwish.com *.klarnaservices.com *.hotjar.com *.connect.facebook.net *.analytics.google.com *.googletagmanager.com https://stats.g.doubleclick.net *.facebook.com *.helloretail.com *.ubembed.com *.trustpilot.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action 'self' https://*.bra.gov.bb;frame-ancestors 'self' https://*.bra.gov.bb;block-all-mixed-content 1
frame-src 'self' *.youtube.com *.google.com *.gstatic.com https://vars.hotjar.com https://www.facebook.com https://pixel.mathtag.com https://consentcdn.cookiebot.com; connect-src 'self' *.google-analytics.com https://yoast.com https://noembed.com *.plyr.io *.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com https://www.google.com/ https://analytics.google.com https://content.hotjar.io *.clarity.ms/  *.googlesyndication.com/ https://trc-events.taboola.com/ https://analytics.tiktok.com/api/v2/pixel https://trc.taboola.com/ https://pips.taboola.com/ https://cds.taboola.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.w3-edge.com *.google.com *.gstatic.com *.youtube.com *.googletagmanager.com *.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://pixel.mathtag.com https://static.cloudflareinsights.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.clarity.ms https://cdn.taboola.com https://analytics.tiktok.com/ https://trc.taboola.com; style-src 'self' 'unsafe-inline' *.gstatic.com https://fonts.googleapis.com; img-src 'self' data: *.google-analytics.com *.w.org *.ytimg.com https://poliedroeducacao2.websiteseguro.com https://www.google.com https://www.google.com.br https://www.facebook.com https://www.googletagmanager.com https://colegiopoliedro-1.websiteseguro.com https://qr-code.ithemes.com https://script.hotjar.com *.clarity.ms *.bing.com; default-src 'self' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.deshdoot.com;block-all-mixed-content; 1
frame-ancestors 'self' dollar.dimbuy.com; 1
default-src 'self' www.google.com www.google-analytics.com *.placetopay.com *.google.com *.facebook.com; style-src 'self' 'unsafe-inline' https: cdn-dgbhp.nitrocdn.com use.fontawesome.com cdnjs.cloudflare.com *.placetopay.com maxcdn.bootstrapcdn.com *.nitrocdn.com stackpath.bootstrapcdn.com unpkg.com fonts.googleapis.com *.amazonaws.com *.cardinalcommerce.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: cdn-dgbhp.nitrocdn.com www.google-analytics.com www.gstatic.com www.google.com www.googletagmanager.com *.placetopay.com cdnjs.cloudflare.com *.nitrocdn.com cdn.jsdelivr.net unpkg.com stackpath.bootstrapcdn.com *.amazonaws.com *.cardinalcommerce.com; img-src 'self' https: data: cdn.galileicompara.com static.placetopay.com www.google.com www.google-analytics.com www.google.co.cr www.googletagmanager.com secure.gravatar.com *.nitrocdn.com; font-src 'self' data: fonts.googleapis.com use.fontawesome.com *.gstatic.com maxcdn.bootstrapcdn.com *.nitrocdn.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com *.galileicompara.com *.getnitropack.com *.googleapis.com *.nitrocdn.com *.amazonaws.com *.cardinalcommerce.com *.google.com; frame-src 'self' *.placetopay.com www.google.com; 1
script-src 'nonce-SLnc9kXoe0Aj1ZpUeQvSc/x+5uuPWixD2jab+ISeIS8='  'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'  https://www.hkscan.com https://consent.cookiebot.com https://service.giosg.com *.cdn.jsdelivr.net/ https://old-viewer.paperturn-view.com https://www.paperturn-view.com; font-src 'self' https://dhm5hy2vn8l0l.cloudfront.net https://cdnjs.cloudflare.com/ https://fast.fonts.net/ https://fonts.gstatic.com https://giosg-chat-public-eu.s3.amazonaws.com https://cdn.giosgusercontent.com; style-src 'self' 'unsafe-inline'  https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://fast.fonts.net/ https://fonts.googleapis.com https://cookiehub.net https://cdn.cookiehub.eu/; frame-src 'self' *.hr-manager.net/ https://candidate.hr-manager.net https://www.paperturn-view.com https://www.youtube.com/ https://hkscanfoodservice.slides.com/ https://td.doubleclick.net/ https://track.adform.net/ https://service.giosg.com/ https://www.youtube-nocookie.com/ https://www.google.com/ *.cookiebot.com; 1
frame-ancestors 'self' jakomo.co.kr *.jakomo.co.kr 1
font-src fonts.gstatic.com fonts.googleapis.com use.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.google.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com social-plugins.line.me www.facebook.com www.google.com vars.hotjar.com vault.omise.co secure.authorize.net test.authorize.net www.googletagm cdn.omise.co jaspallynaround.freshdesk.com www.youtube.com https://cdn.omise.co *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.googleapis.com www.w3.org www.google.co.in mcprod.lynaccs.com connect.facebook.net d3k81ch9hvuctc.cloudfront.net api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com https://a.klaviyo.com flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com iubenda.com cdn.iubenda.com a.klaviyo.com static.hotjar.com l.getsitecontrol.com script.hotjar.com bam.nr-data.net s3.amazonaws.com www.iubenda.com js.createsend1.com player.vimeo.com static-tracking.klaviyo.com dynamic.criteo.com https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.typekit.net p.typekit.net static.klaviyo.com s3.amazonaws.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com bam-cell.nr-data.net static-forms.klaviyo.com youtube.com googletagmanager.com paypal.com bam.nr-data.net l.getsitecontrol.com stats.g.doubleclick.net vc.hotjar.io maps.googleapis.com telemetrics.klaviyo.com www.facebook.com a.klaviyo.com hits-i.iubenda.com api-js.datadome.co https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com www.gstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://tpc.googlesyndication.com https://app.trustami.com/ 'nonce-rhQBAOOODf+kkhaTc7uJ/A==' 'strict-dynamic' 'report-sample';style-src 'self' 'unsafe-inline' https://cdn.trustami.com/;img-src 'self' data: https:;frame-src 'self' https://bid.g.doubleclick.net https://*.united-kiosk.de https://*.youtube-nocookie.com https://tpc.googlesyndication.com;object-src 'self';report-uri https://lorenz.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'none' ;font-src 'self' ;img-src 'self' data: 'unsafe-inline';style-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://code.jquery.com ;connect-src 'self' ;media-src 'self' https://assets.ampgroep.nl ;child-src 'self' https://player.vimeo.com  https://www.youtube.com ;object-src 'none' ; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZjNhOTUxMDhjODIwNDUxYWJmODk0NGY4Y2MzNGY0NmI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.mijnpgb.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.mijnpgb.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.mijnpgb.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.percentil.fr; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://static.sbbclub.ir wss://api.raychat.io wss://ws.goftino.com; font-src 'self' https://static.sbbclub.ir https://cdn.goftino.com https://fdn.fontcdn.ir; img-src 'self' https://dl.sbbclub.ir https://static.sbbclub.ir https://trustseal.enamad.ir https://cdn.goftino.com https://fdn.fontcdn.ir https://app.raychat.io https://api.raychat.io https://cdn.raychat.io  https://www.google-analytics.com data:; media-src 'self' https://dl.sbbclub.ir https://static.sbbclub.ir https://cdn.goftino.com https://app.raychat.io; object-src 'self';script-src 'self' www.googletagmanager.com https://www.goftino.com https://cdn.goftino.com https://www.google-analytics.com https://static.sbbclub.ir https://app.raychat.io 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.sbbclub.ir https://www.goftino.com https://cdn.goftino.com https://app.raychat.io https://cdn.fontcdn.ir https://cdn.jsdelivr.net;frame-src 'self' https://player.arvancloud.ir;; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.dashly.app; script-src 'self' 'unsafe-inline' https://*.yandex.ru https://*.dashly.app https://*.facebook.net https://*.googletagmanager.com https://vk.com https://*.googleadservices.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.google.com https://*.roistat.com https://*.gstatic.com; connect-src 'self' https://*.yandex.ru https://*.dashly.app https://*.google.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://*.dashly.app https://*.google.nl https://*.facebook.com https://*.googlesyndication.com https://*.google.ru; img-src 'self' data: https://vk.com https://*.vk.com https://*.google.ru https://*.google.com https://*.google.nl https://*.facebook.com https://*.dashly.app https://*.yandex.ru https://*.googletagmanager.com; frame-src 'self' https://td.doubleclick.net https://*.facebook.com https://*.google.com 1
maps.googleapis.com 1
block-all-mixed-content; frame-ancestors *.surfalive.com.br 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.pl zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://webrecorder.tuwaiqdev.com 'nonce-myjsZ73iNdwp4KsY6jJpOA3pQPQsgUKLtwgt1TRYevg='; upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://tuwaiqdev.com https://tuwaiq.edu.sa https://files.bootcamp.sa https://bootcamp.sa https://www.googletagmanager.com https://www.google-analytics.com/ https://webrecorder.tuwaiqdev.com; connect-src 'self' https://tuwaiqdev.com https://tuwaiq.edu.sa https://files.bootcamp.sa https://bootcamp.sa https://www.googletagmanager.com https://www.google-analytics.com https://safcsp.us18.list-manage.com https://webrecorder.tuwaiqdev.com; object-src 'none'; form-action 'self' https: 'unsafe-inline'; img-src https: 'self' https://tuwaiqdev.com https://tuwaiq.edu.sa https://files.bootcamp.sa https://bootcamp.sa https://www.googletagmanager.com https://www.google-analytics.com https://webrecorder.tuwaiqdev.com https://safcsp.us18.list-manage.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' 'strict-dynamic' https://fonts.googleapis.com https://webrecorder.tuwaiqdev.com; media-src https:; frame-ancestors 'none'; base-uri 'self'; frame-src https://tuwaiqdev.com https://tuwaiq.edu.sa https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com/ https://safcsp.us18.list-manage.com https://webrecorder.tuwaiqdev.com 1
default-src 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.g.doubleclick.net https://*.googletagmanager.com https://bam.nr-data.net https://cdn.lordicon.com https://cdnjs.cloudflare.com https://cse.google.com https://d2wp9ejnfgejdk.cloudfront.net https://e.issuu.com https://f.vimeocdn.com https://player.vimeo.com https://fs27.formsite.com https://i.simpli.fi https://js-agent.newrelic.com https://rules.quantcount.com https://secure.quantserve.com https://ssl.google-analytics.com https://tag.simpli.fi https://www.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.unifiller.com https://partner.googleadservices.com; style-src 'unsafe-inline' https://cdnjs.cloudflare.com https://d2wp9ejnfgejdk.cloudfront.net https://e.issuu.com https://f.vimeocdn.com https://fonts.googleapis.com https://fs27.formsite.com https://hello.myfonts.net https://www.google.com https://www.unifiller.com; connect-src https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.googletagmanager.com https://api.issuu.com https://assets.isu.pub https://bam.nr-data.net https://cdn.lordicon.com https://fresnel.vimeocdn.com https://layers.isu.pub https://reader3.isu.pub https://sentry.issuu.com https://vimeo.com https://www.google-analytics.com https://www.unifiller.com https://csp.withgoogle.com https://d3gc3cmeenq7n0.cloudfront.net; font-src data: https://d2wp9ejnfgejdk.cloudfront.net https://fonts.gstatic.com https://static.isu.pub https://www.unifiller.com; img-src data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.googletagmanager.com https://*.gravatar.com https://aa.agkn.com https://cdn1.unifiller.com https://cdn2.unifiller.com https://cdn3.unifiller.com https://clients1.google.com https://cse.google.com https://d2wp9ejnfgejdk.cloudfront.net https://eb2.3lift.com https://i.vimeocdn.com https://image.isu.pub https://pixel.quantserve.com https://pixel.tapad.com https://simplifi.partners.tremorhub.com https://sync.intentiq.com https://um.simpli.fi https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleapis.com https://www.unifiller.com https://*.gstatic.com https://d3gc3cmeenq7n0.cloudfront.net https://s.ad.smaato.net https://ads.stickyadstv.com https://ce.lijit.com https://bcp.crwdcntrl.net https://stags.bluekai.com https://sync.bfmio.com https://pixel.rubiconproject.com https://ib.adnxs.com https://idsync.rlcdn.com https://sync.1rx.io https://us-u.openx.net https://image2.pubmatic.com https://fei.pro-market.net https://loadm.exelator.com https://ups.analytics.yahoo.com https://aa.agkn.com https://sync.intentiq.com https://d.agkn.com https://x.bidswitch.net; media-src https://player.vimeo.com https://www.unifiller.com; frame-src https://e.issuu.com https://fs27.formsite.com https://player.vimeo.com https://unifillersales.wufoo.com https://unifillersales.wufoo.eu https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cse.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.angularjs.org https://siscrm.blob.core.windows.net/ https://cdn.atendimen.to/ https://cdnjs.cloudflare.com/ajax/libs/angular-ui/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://connect.facebook.net/pt_BR/sdk.js; frame-ancestors 'self' http://seguroslasa.com.br https://seguroslasa.com.br; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src blob: *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' data: blob: *; style-src 'self' 'unsafe-inline' * data: blob:; font-src 'self' 'unsafe-inline' * data: blob:; connect-src 'self' *; frame-src 'self' blob: *; frame-ancestors 'self' *.asdp.id *.indonesiaferry.id; upgrade-insecure-requests; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; frame-src * 1
block-all-mixed-content; frame-ancestors *.construmarques.com.br 1
default-src 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'unsafe-inline' 'unsafe-eval' https: data: https://*.googleapis.com; media-src 'unsafe-inline' 'unsafe-eval' https: data:; report-uri 'unsafe-inline' 'unsafe-eval' https: data:; child-src 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' https:; object-src 'self' https:; frame-src 'self' https:; worker-src 'self' https:; manifest-src 'self' https: https://*.cloudflare.com; base-uri 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content 1
{ value: "default-src 'none'; object-src 'none'; frame-ancestors 'none'"} 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ *.google.com/  *.google.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  style-src 'self' fonts.googleapis.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'; script-src 'self' *.google-analytics.com/ *.googletagmanager.com/ *.google.com/  *.cookielaw.org/ *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'  'unsafe-eval' ; script-src-elem 'self' *.googleadservices.com/ *.yimg.com/ *.yahoo.com/ *.googletagmanager.com/ *.google-analytics.com/ *.google.com/  *.gstatic.com/  *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ *.addthis.com/ 'unsafe-inline'; img-src 'self'  data: *.yahoo.com/   *.youtube.com/ *.google.com *.google.com.br *.google-analytics.com *.hospitalbrasilia.com.br *.onetrust.com *.facebook.net  *.facebook.com *.hospitalbrasilia.com.br/ 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.izidore.com *.fermob.com fermob.com *.gautier.fr gautier.fr *.gautier.fr.wip gautier.fr.wip; 1
img-src https: data:; frame-src https:; form-action https:;  1
frame-ancestors https://*.batmobile.com.tw https://*.meteor.today 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.muuttomaailma.fi https://*.muuttomaailma.com *.kilpailutamuuttopalvelu.fi https://*.facebook.com https://*.facebook.net https://*.zopim.com wss://*.zopim.com https://*.gravatar.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.optimonk.com https://*.g.doubleclick.net https://www.google.com https://www.google.fi https://*.bing.com https://*.adnxs.com https://www.googletagmanager.com https://www.googleadservices.com https://*.googlesyndication.com https://adservice.google.fi https://adservice.google.com https://*.krxd.net https://s3.amazonaws.com https://www.youtube-nocookie.com https://*.adform.net https://c.bannerflow.net https://servedby.revive-adserver.net https://maxcdn.bootstrapcdn.com https://*.ensighten.com https://tagmanager.google.com https://*.gravito.net https://*.almamedia.fi https://*.almamedia.tech https://*.userreport.com https://*.dnt-userreport.com https://d1gw63jeifbb1b.cloudfront.net https://dacvuskohga7w.cloudfront.net https://almacrcommoncontent.net https://*.rubiconproject.com https://*.adnxs-simple.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://*.criteo.com https://*.criteo.net https://*.zdassets.com https://muuttomaailma-almamedia.zendesk.com https://*.permutive.app https://*.permutive.com https://*.prmutv.co; worker-src blob:; frame-src https: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zopim.com https://static.adman.gr/adman.js *.adman.gr *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.newbalance.gr https://newbalance.staginglh.com https://local.newbalance.gr https://newbalance.test.devlh.com https://newbalance.gr *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://www.google.nl https://www.google.ie https://www.googletagmanager.com https://www.google.co.in https://fonts.gstatic.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://pagead2.googlesyndication.com https://adservice.google.com *.facebook.com *.facebook.net *.analytics.google.com https://conversionapi.newbalance.gr https://analytics.google.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self' 1
frame-ancestors 'self' https://*.app.allthings.me 1
script-src 'self' https://www.google-analytics.com 1
style-src 'self' fonts.googleapis.com idash.ifcshop.net 'unsafe-inline'; 1
default-src 'self' *.speisekarte24.de fonts.gstatic.com; img-src 'self' seal.website-check.de *.google.com *.google.de *.gstatic.com maps.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com *.speisekarte24.de data:; connect-src *.speisekarte24.de www.speisekarte24.de maps.googleapis.com; style-src 'unsafe-inline' www.speisekarte24.de fonts.googleapis.com wwww.gstatic.com; script-src 'self' 'unsafe-inline' www.gstatic.com *.google.de *.google.com maps.googleapis.com googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com www.speisekarte24.de analytics.speisekarte24.de; frame-ancestors 'self'; object-src 'none' 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com 'self'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.fr *.google.com *.avis-verifies.com *.sibforms.com *.sibautomation.com sibautomation.com *.monetico-services.com 'self'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.google.fr *.google.com *.gstatic.com *.googleapis.com tarteaucitron.io *.tarteaucitron.io *.clarity.ms maps.googleapis.com maps.gstatic.com 'self' data: data: 'self'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io *.google.fr *.google.com *.matomo.cloud *.googleapis.com *.googletagmanager.com *.gstatic.com *.facebook.net *.sibautomation.com sibautomation.com tarteaucitron.io *.tarteaucitron.io *.skeepers.io *.clarity.ms *.bing.com *.googlesyndication.com s7.addthis.com maps.googleapis.com www.gstatic.com www.google.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src tarteaucitron.io *.tarteaucitron.io *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; manifest-src 'self'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google.fr *.google.com *.matomo.cloud *.googleapis.com *.terranimo.fr stats.g.doubleclick.net tarteaucitron.io *.tarteaucitron.io in-automate.brevo.com *.clarity.ms *.monetico-services.com ekr.zdassets.com/ maps.googleapis.com t.elasticsuite.io *.google-analytics.com 'self'; child-src http: https: blob: 'self'; default-src *.googleapis.com 'self' 'unsafe-eval'; base-uri 'self'; 1
frame-ancestors 'self' https://missiveapp.com https://mail.missiveapp.com https://www.vapeloft.com https://webchat.missiveapp.com 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.playground.klarna.com cdn.klarna.com js.klarna.com youtube.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.cookiebot.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.clerk.io *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.com www.gstatic.com *.googleapis.com vjs.zencdn.net player.vimeo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://widget.postenlabs.no/ use.typekit.net cdn.clerk.io api.clerk.io js.playground.klarna maps.googleapis.com *.hotjar.com *.emailplatform.com *.sleeknote.com *.cookiebot.com *.klarnaservices.com s.zavanna.no bat.bing.com *.googleadservices.com *.paypal.com 1eafapi.cardinalcommerce.com.com widget.postenlabs.no cdn.clerk api.clerk *.gstatic.com *.paypalobjects.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.google-analytics.com *.facebook.com *.facebook.net *.klarnaevt.com *.algolianet.com *.playground.klarnaevt.com www.googletagmanager.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.klarnauserservices.com *.klarnaservices.com *.google.com *.cookiebot.com *.klarna.com s.zavanna.no stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.zavanna.no/ *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com x.klarnacdn.net fonts.gstatic.com data: maxcdn.bootstrapcdn.com s.zavanna.no use.typekit.net data: 'self' 'unsafe-inline'; style-src https://pim.zavanna.no/ *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com tagmanager.google.com fonts.googleapis.com vjs.zencdn.net maxcdn.bootstrapcdn.com unsafe-inline https://widget.postenlabs.no/assets/ x.klarnacdn.net s.zavanna.no 'self' 'unsafe-inline'; img-src https://pim.zavanna.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.klarnaevt.com *.clerk.io cdn.klarna.com *.playground.klarnaevt.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com p.typekit.net eu.playground.klarnaevt.com maps.gstatic.com maps.googleapis.com *.klarnaservices.com s.zavanna.no bat.bing.com *.google.com *.google.pl data: 'self' 'unsafe-inline'; 1
connect-src 'self' *.chatplus.jp *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.google-analytics.com *.clarity.ms stats.g.doubleclick.net *.creativecdn.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' cdn.cookielaw.org maps.googleapis.com www.google.com/recaptcha/api.js www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com polyfill.io; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net maps.googleapis.com www.google.com/recaptcha/api.js www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com polyfill.io; style-src 'self' 'unsafe-inline' cdn.cookielaw.org fonts.googleapis.com www.google.com/recaptcha/api.js www.gstatic.com cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self'; 		img-src * data:; 		script-src 'self' 			'sha256-TVdcHT8YHJfr+RFZswxWg2jOMtTwHg3Lzy3I+lwrt7A=' 			'sha256-7iS8iXa1XUQ25Ijq1B143aqN5HvjUdmmJFoLGyP/bcw=' 			'sha256-4rDymAgOpB6oZ/lwLhwXjubJX77xjP4UeezjVhvL5xQ=' 			'sha256-9KKqm8c6QFytg7rn0rjLN2MtkJB5oIKMhT/YEG6diTQ=' 			'sha256-tYxkTLf4T3ovUPPKvNWqycVNmzqSnoiK7qJTKwlD/gE=' 			'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 			'sha256-ieaZLrU4pWTucc7vMhXKkp7xsQqpAfQaXOLLIAg63LI=' 			www2.gov.bc.ca 			www.google.com/recaptcha/ 			www.gstatic.com/recaptcha/; 		style-src 'self' 'unsafe-inline'; 		connect-src 'self' spt.apps.gov.bc.ca; 		frame-ancestors 'none'; 		frame-src https://www.google.com/; 		object-src 'none'; 		font-src 'self' data: 1
connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://actionbot-proxy-bsbrodnica.14zlh4oa1wbn.eu-de.codeengine.appdomain.cloud/websocket/api https://actionbot-proxy-bsbrodnica.14zlh4oa1wbn.eu-de.codeengine.appdomain.cloud; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://actionbot-proxy-bsbrodnica.14zlh4oa1wbn.eu-de.codeengine.appdomain.cloud; img-src 'self' https://cdn.bsbox.pl https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://www.google.com https://www.google.pl https://*.google.pl https://www.googletagmanager.com https://*.googletagmanager.com https://*.amazonaws.com https://www.gravatar.com https://actionbot-proxy-bsbrodnica.14zlh4oa1wbn.eu-de.codeengine.appdomain.cloud https://twemoji.maxcdn.com https://cdn.jsdelivr.net https://bsb.rocket.chat https://i.ytimg.com data: blob:; default-src 'self'; frame-src 'self' https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.youtube.com https://actionbot-proxy-bsbrodnica.14zlh4oa1wbn.eu-de.codeengine.appdomain.cloud 1
block-all-mixed-content; frame-ancestors *.casaegaragem.com.br 1
default-src 'self' *.chien-perdu.org *.lost-dog.org *.perro-perdido.com *.chat-perdu.org *.lost-cat.org *.gato-perdido.com https; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.facebook.net *.google-analytics.com *.stripe.com *.fullstory.com; style-src 'self' 'unsafe-inline' *.googleapis.com; child-src 'self' *.facebook.com *.stripe.com; connect-src 'self' *.les-chiens.org *.les-chats.org *.google-analytics.com *.fullstory.com maps.googleapis.com; font-src 'self' *.gstatic.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.chien-perdu.org *.lost-dog.org *.perro-perdido.com *.chat-perdu.org *.lost-cat.org *.gato-perdido.com *.google-analytics.com *.facebook.com *.paypal.com *.paypalobjects.com *.googletagmanager.com *.fullstory.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' localhost:* www.google.com *.gstatic.com www.google-analytics.com *.addtoany.com *.youtube.com *.ytimg.com *.googleapis.com *.media-imdb.com *.mailchimp.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.addtoany.com *.typekit.net *.media-imdb.com *.mailchimp.com; font-src 'self' *.gstatic.com *.typekit.net; img-src 'self' data: www.google-analytics.com *.gstatic.com *.media-imdb.com *.mailchimp.com stats.g.doubleclick.net *.adnxs.com www.cinemagouda.nl *.analytics-google.com *.google.nl; frame-src 'self' www.google.com *.addtoany.com *.youtube.com *.vimeo.com *.activetickets.com youtu.be *.cinemagouda.nl; media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net; connect-src 'self' localhost:* wss://localhost:* stats.g.doubleclick.net www.google-analytics.com *.analytics.google.com *.google-analytics.com; frame-ancestors 'self' *.activetickets.com tickets.cinemagouda.nl ;  1
script-src 'self' 'unsafe-inline' https: https://code.jquery.com https://www.youtube.com http://www.google-analytics.com 'unsafe-eval' https: 1
block-all-mixed-content; frame-ancestors *.esportelegal.com.br 1
default-src 'self' 'unsafe-eval' http: https:  wss: data: blob: 'unsafe-inline' 1
img-src 'self' data: blob:; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self' http://localhost:8019 https://localhost:8020 http://164.100.150.126:8080 https://nicdsign.kerala.nic.in https://niccicms.raj.nic.in  ;frame-src 'self' data: blob:; object-src 'self'; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval'; object-src 'none';  img-src https: data: 1
default-src * https: data: blob: media-src: worker-src: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';  style-src 'self' unpkg.com maxcdn.bootstrapcdn.com ;img-src 'self' dw26xg4lubooo.cloudfront.net www.google.com www.google.co.in ; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.googletagmanager.com seal.digicert.com secure.trust-guard.com maxcdn.bootstrapcdn.com unpkg.com  cdnjs.cloudflare.com underscorejs.org unpkg.com seal.digicert.com www.phtracker.com ; font-src 'self'  maxcdn.bootstrapcdn.com unpkg.com ; frame-ancestors 'none';frame-src www.googletagmanager.com td.doubleclick.net www.phtracker.com  1
default-src https: 'unsafe-inline'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.google.co.in https://maps.googleapis.com https://maps.gstatic.com https://www.w3.org https://lh3.googleusercontent.com https://maps.google.com; 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline'  https://barttar.ir https://www.barttar.ir https://www.wiris.net *.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://barttar.ir https://www.barttar.ir https://www.wiris.net https://cdnjs.cloudflare.com https://partner.googleadservices.com https://www.googletagmanager.com *.clarity.ms; font-src 'self'  https://barttar.ir https://www.barttar.ir https://www.wiris.net data:; img-src 'self' data: blob: https://barttar.ir https://www.barttar.ir https://www.wiris.net *.google.com https://www.googleapis.com *.gstatic.com *.clarity.ms https://www.googletagmanager.com/; connect-src 'self' wss://localhost:* https://barttar.ir https://www.barttar.ir https://www.wiris.net *.withgoogle.com/ https://www.aparat.com  https://www.clarity.ms https://www.google-analytics.com *.clarity.ms *.google.com *.doubleclick.net; media-src 'self' https://barttar.ir https://www.barttar.ir; object-src 'self' blob: https://barttar.ir https://www.barttar.ir; report-uri /api/CspReport/Log 1
frame-ancestors 'self' https://www.ruralvia.com https://ruralviasimuladores.afi.es https://bancocooperativosimuladores.afi.es; 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705982823; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'none'; img-src 'self' data: https: 1
default-src 'self';script-src 'unsafe-inline' 'self' www.gstatic.com www.google.com bank.paysera.com cdnjs.cloudflare.com connect.facebook.net forms.soundestlink.com googleads.g.doubleclick.net omnisnippet1.com omnisrc.com soundest.net www.google-analytics.com www.googletagmanager.com www.paysera.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com cdnjs.cloudflare.com;object-src 'self';base-uri 'self';connect-src 'self' stats.g.doubleclick.net forms.soundestlink.com pagead2.googlesyndication.com region1.analytics.google.com www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;frame-src 'self' www.google.com www.facebook.com td.doubleclick.net;img-src 'self' bank.paysera.com www.facebook.com www.google-analytics.com wt.soundestlink.com www.google.com www.google.lt www.paysera.com data:;manifest-src 'self';media-src 'self';worker-src 'self';frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self'  blob: data:   consent.cookiebot.com *.streamingvideoprovider.com *.ravenjs.com *.webvideocore.net ajax.googleapis.com secure.surveymonkey.com surveymonkey.com widget.surveymonkey.com www.gstatic.com cdn.heapanalytics.com static.hotjar.com dc.ads.linkedin.com connect.facebook.net wss://cengine1.hermesonline.com:443/lightstreamer  https://cengine1.hermesonline.com:443 wss://iengine138.hermesonline.com:443/lightstreamer  https://iengine138.hermesonline.com:443 wss://iengine22.hermesonline.com:443 https://iengine22.hermesonline.com:443 wss://iengine23.hermesonline.com:443 https://iengine23.hermesonline.com:443 wss://drengine1.hermesonline.com.hermesonline.com:443/lightstreamer  https://drengine1.hermesonline.com.hermesonline.com:443 wss://drengine2.hermesonline.com.hermesonline.com:443/lightstreamer  https://drengine2.hermesonline.com.hermesonline.com:443  wss://iengine1.hermesonline.com/lightstreamer  https://iengine1.hermesonline.com wss://iengine2.hermesonline.com/lightstreamer  https://iengine2.hermesonline.com wss://iengine3.hermesonline.com/lightstreamer  https://iengine3.hermesonline.com wss://engine.hermesonline.com/lightstreamer  https://engine.hermesonline.com  https://www.google-analytics.com/ http://img.youtube.com/ https://www.youtube.com/embed/ fonts.gstatic.com fonts.googleapis.com maps.gstatic.com maps.gstatic.com maps.googleapis.com maps.googleapis.com www.google.com/maps/embed wss://mobtestwaf.hermesonline.com https://mobtestwaf.hermesonline.com https://172.16.200.159 wss://172.16.200.159/ https://mobtest.hermesonline.com wss://mobtest.hermesonline.com  https://maps.googleapis.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.google.com/maps/ http://192.168.1.115/ http://w.sharethis.com  http://edge.sharethis.com http://seg.sharethis.com http://l.sharethis.com http://google-maps-utility-library-v3.googlecode.com/ https://fonts.googleapis.com https://maps.google.com/ http://csi.gstatic.com/ https://maps.google.com/maps-api-v3/ http://maps.gstatic.com/mapfiles/api-3/ https://developers.google.com/maps/ consentcdn.cookiebot.com 1
connect-src 'self' *.typekit.net *.google.com *.google-analytics.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.at https://www.myheritage.de  'nonce-36d174aa10ef4e5597750a5fc3051408' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.at;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.ve/report-uri/enforce 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; connect-src wss: https:; worker-src 'self' blob: 1
base-uri 'none'; script-src 'self' https://liturgia.silvestrini.org https://apis.google.com https://www.google.com https://cse.google.com/ https://www.google-analytics.com https://oss.maxcdn.com/ https://www.shinystat.it https://www.shinystat.com https://download.skype.com;  object-src 'none'; child-src 'self' https://liturgia.silvestrini.org https://www.google.it https://cse.google.it https://youtube.com; connect-src 'self' https://www.google-analytics.com https://www.shinystat.it https://www.shinystat.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://www.google.com https://download.skype.com; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; 1
'self' default-src data: blob: about:; script-src 'unsafe-inline' 'unsafe-eval' 'nonce-C7hqzEgfSsOvuNLkp4XY'; frame-src www.google.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.thefourthnews.in;block-all-mixed-content; 1
default-src 'self'; object-src 'self' objects.icecat.biz eprel.ec.europa.eu; script-src 'self' 'unsafe-inline'; img-src 'self' objects.icecat.biz eprel.ec.europa.eu *.youtube.com *.ytimg.com *.google.is *.google.com *.googletagmanager.com *.siteimproveanalytics.io bat.bing.com *.hubspot.com *.hsforms.com *.facebook.com *.hubspotusercontent-na1.net *.hubspotusercontent-eu1.net *.hubspotusercontent10.net images.prismic.io data:; script-src-elem * 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; connect-src *; frame-src *; form-action * 'self'; upgrade-insecure-requests; block-all-mixed-content; worker-src blob:; child-src blob: 1
frame-ancestors 'self' https://wundra.link 1
object-src 'self' *.s3.amazonaws.com; frame-ancestors 'self' *.s3.amazonaws.com app.pendo.io; 1
default-src 'self' *.erbutler.com  *.google-analytics.com  *.googletagmanager.com *.vimeo.com *.youtube.com;     img-src 'self' data: *.erbutler.com  *.google-analytics.com  *.googletagmanager.com *.vimeo.com *.youtube.com ;    font-src 'self' data: *.erbutler.com  *.google-analytics.com  *.googletagmanager.com *.vimeo.com *.youtube.com;    prefetch-src 'self' *.erbutler.com https://localhost:4030;     connect-src 'self' ws://localhost:4030 wss://localhost:4030  *.google-analytics.com wss://www.erbutler.com ws://localhost ws://localhost:8000;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.vimeo.com;     style-src 'self' 'unsafe-inline' 'unsafe-eval' 1
report-uri https://flippertesting.report-uri.com/r/d/csp/enforce;base-uri 'self';default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://js.stripe.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com/ https://wbd-api.arkoselabs.com 'strict-dynamic' https://admin.perkins2.test https://cdnjs.cloudflare.com/ https://admin.ucimtbworldseries.com 'nonce-OITvfiBD6GTnXo5YwBH869TqKny2rL31AUljWiqf';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com;img-src https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com 'self' data: https://admin.perkins2.test https://ucimtbworldseries.com https://admin.ucimtbworldseries.com https://devucimtbworldseries.com https://admin.devucimtbworldseries.com https://s3.us-east-1.amazonaws.com https://ewsawsbucket.s3.amazonaws.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com;connect-src https://www.google-analytics.com https://region1.google-analytics.com/ https://*.googleapis.com *.google.com https://*.gstatic.com https://api.stripe.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.onetrust.com 'self' data: blob:;frame-src *.google.com https://www.youtube.com https://js.stripe.com https://hooks.stripe.com https://wbd-api.arkoselabs.com/ 'self';font-src https://fonts.gstatic.com 'self' data: https://ucimtbworldseries.com https://www.ucimtbworldseries.com https://admin.ucimtbworldseries.com https://devucimtbworldseries.com https://www.devucimtbworldseries.com https://admin.devucimtbworldseries.com;frame-ancestors 'self' localhost:8000 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forospyware.com/logs/ https://forospyware.com/sidekiq/ https://forospyware.com/mini-profiler-resources/ https://forospyware.com/assets/ https://forospyware.com/extra-locales/ https://forospyware.com/highlight-js/ https://forospyware.com/javascripts/ https://forospyware.com/plugins/ https://forospyware.com/theme-javascripts/ https://forospyware.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https: 'unsafe-inline'; worker-src 'self' https://forospyware.com/assets/ https://forospyware.com/javascripts/ https://forospyware.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src script.hotjar.com use.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com www.youtube.com vars.hotjar.com www.google.com wppsandbox.mit.com.mx bc.mitec.com.mx *.mit.com.mx *.mitec.com.mx *.e-pago.com.mx *.paynet.com.mx *.americanexpress.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com accounts.google.com *.postimg.cc *.openpay.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com script.hotjar.com static.hotjar.com maxcdn.bootstrapcdn.com maps.google.com maps.googleapis.com static.zdassets.com widget-mediator.zopim.com js-agent.newrelic.com www.google.com www.gstatic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com *.hotjar.com *.paynet.com.mx *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://policy.app.cookieinformation.com/ https://customer.cludo.com/ https://siteimproveanalytics.com/ https://static.rekai.dk/ https://recruit.hr-on.com/; style-src 'self' 'unsafe-inline' https://customer.cludo.com/; font-src 'self'; img-src 'self' data: https://*.global.siteimproveanalytics.io/ https://recruit.hr-on.com/ https://customer.cludo.com/ https://dashboard.umbraco.com/; media-src 'self'; frame-src 'self' https://policy.app.cookieinformation.com/ https://embed.windy.com https://www.weatherlink.com https://www.survey-xact.dk https://recruit.hr-on.com https://www.dreambroker.com https://my2.siteimprove.com/ https://gentofte.23video.com; connect-src 'self' https://policy.app.cookieinformation.com/ https://consent.app.cookieinformation.com/ https://my2.siteimprove.com/ https://id.siteimprove.com/ https://view.rekai.se https://recruit.hr-on.com https://api-eu1.cludo.com/ https://api.cludo.com/;  1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-583f9e0203e38d0cb52f6c8792c2d1fd'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' gethatch.com *.gstatic.com *.googleapis.com *.facebook.com *.google-analytics.com *.analytics.google.com *.google.com *.google.co.uk *.static.zdassets.com *.ekr.zdassets.com *.ekr.zendesk.com *.zendesk.com *.zopim.com *.zendesk-eu.my.sentry.io *.nosto.com;img-src 'self' *.zopim.io *.static.zdassets.com *.nosto.com *.zopim.io *.google-analytics.com *.analytics.google.com *.google.com *.google.co.uk *.facebook.com gethatch.com *.zopim.com *.gstatic.com *.googleapis.com *.postcodeanywhere.co.uk *.bing.com *.pinterest.com *.googletagmanager.com *.cdninstagram.com *.linkedin.com data:; 1
script-src 'self' https://unpkg.com https://noembed.com/embed https://www.youtube.com/iframe_api https://s.ytimg.com/ https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net/pl_PL/sdk.js https://connect.facebook.net/en_EN/sdk.js https://www.gstatic.com https://maps.googleapis.com https://maps.google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://google.com/ads/* www.google-analytics.com https://stats.g.doubleclick.net https://*.youtube.com data:; connect-src 'self' https://noembed.com/embed https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.gstatic.com https://www.gstatic.com https://maps.googleapis.com 1
anyimage.io/storage/cards/11/62/116294/facebook.jpg?1536066534 js.driftt.com/include/1536137100000/xcr5hn44kanz.js 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.treasuredata.co.jp *.treasuredata.co.jp  plazma.au.auth0.com cdn.auth0.com www.google.com www.googletagmanager.com connect.facebook.net www.gstatic.com js-agent.newrelic.com *.cloudfront.net wap.wovn.io static.ads-twitter.com ipt api.docodoco.jp www.google-analytics.com www.google-analytics.com dmp.im-apps.net munchkin.marketo.net *.treasuredata.com sync.im-apps.net bam.nr-data.net *.doubleclick.net *.marketo.com *.cloudflare.com *.brightcove.net *.brightcove.com *.zencdn.net secure.gravatar.com *.line-scdn.net *.microad.jp *.cookielaw.org *.googleoptimize.com s.yimg.jp *.googleadservices.com *.datasign.co *.yahoo.co.jp yubinbango.github.io *.googlesyndication.com; worker-src blob: ; 1
default-src 'self' *.feedr.co *.teamfeedr.com blob:; media-src data:; font-src 'self' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com fonts.gstatic.com *.intercomcdn.com uploads-ssl.webflow.com cdnjs.cloudflare.com data: script.hotjar.com; style-src 'self' 'unsafe-inline' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com fonts.googleapis.com app.posthog.com app-static.posthog.com www.googletagmanager.com app-static-prod.posthog.com global-uploads.webflow.com cdnjs.cloudflare.com accounts.google.com uploads-ssl.webflow.com static.zdassets.com assets-global.website-files.com; script-src 'self' 'unsafe-inline' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com blob: *.segment.com *.stripe.com *.ubembed.com snap.licdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.intercom.io *.intercomcdn.com cdn.amplitude.com connect.facebook.net js.hs-analytics.net *.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net js.hsleadflows.com static.ads-twitter.com *.doubleclick.net analytics.twitter.com app.posthog.com app-static.posthog.com static.cloudflareinsights.com ajax.cloudflare.com ws.zoominfo.com cdn-ukwest.onetrust.com *.hsforms.net *.hsforms.com www.google.com www.gstatic.com app-static-prod.posthog.com app.storyblok.com cdnjs.cloudflare.com global-uploads.webflow.com maps.googleapis.com s3-ap-southeast-2.amazonaws.com/oi.assets/ www.datadoghq-browser-agent.com cdn.iubenda.com d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js ajax.googleapis.com bat.bing.com tag.clearbitscripts.com accounts.google.com d1navat532wvnn.cloudfront.net uploads-ssl.webflow.com static.hotjar.com static.zdassets.com script.hotjar.com x.clearbitjs.com hubspotonwebflow.com assets-global.website-files.com dev.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com data: blob: src: *.linkedin.com connect.facebook.net www.google-analytics.com *.facebook.com *.hubspot.com www.google.com www.google.co.uk *.doubleclick.net js.hscollectedforms.net *.hsforms.com t.co *.stripe.com *.intercomcdn.com *.execute-api.eu-west-2.amazonaws.com fonts.gstatic.com cdn-ukwest.onetrust.com a.storyblok.com feedr.co global-uploads.webflow.com cdnjs.cloudflare.com d3e54v103j8qbb.cloudfront.net d1otoma47x30pg.cloudfront.net analytics.twitter.com bat.bing.com www.googletagmanager.com uploads-ssl.webflow.com maps.gstatic.com img.caterdesk-static.com assets-global.website-files.com dev.visualwebsiteoptimizer.com; connect-src 'self' *.feedr.co wss://*.feedr.co wss://feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com wss://*.eatfirst.com wss://*.eatfirstdev.com *.split.io *.stripe.com *.segment.com api.segment.io *.doubleclick.net *.intercom.io *.hubspot.com wss://*.intercom.io api.amplitude.com *.instagram.com s3.eu-west-2.amazonaws.com *.mapbox.com *.posthog.com *.browser-intake-datadoghq.eu hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.onetrust.com *.google-analytics.com *.auth.eu-west-1.amazoncognito.com cognito-idp.eu-west-1.amazonaws.com vitals.vercel-insights.com feedr.co maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com *.teamfeedr.com ws.zoominfo.com webflow.com region1.analytics.google.com ekr.zdassets.com app.clearbit.com caterdesk-static-images.s3.eu-west-1.amazonaws.com *.google.com *.googlesyndication.com wss://ws.hotjar.com *.hotjar.io in.hotjar.com px.ads.linkedin.com; frame-src *.stripe.com m.stripe.network *.youtube.com *.hsforms.com intercom-sheets.com app.powerbi.com cdn.embedly.com www.google.com d3a7wk1tkorhuk.cloudfront.net *.doubleclick.net; frame-ancestors ; 1
default-src 'self' *.storyblok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: vitals.vercel-insights.com app.usercentrics.eu app.storyblok.com www.googletagmanager.com vercel.live aaa.artefact.com s.pinimg.com bat.bing.com *.etracker.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net *.scarabresearch.com *.amazonaws.com www.googleadservices.com https://www.youtube.com c.amazon-adsystem.com *.google.com www.paypal.com *.dynamicyield.com *.dynamicyield.eu *.criteo.net *.criteo.com api.signalize.com www.etracker.de aaa.medion.com *.doubleclick.net www.paypalobjects.com cdn.parcellab.com; connect-src 'self' vitals.vercel-insights.com sentry.brandung-dev.de vercel.live api.usercentrics.eu www.google.com ct.pinterest.com www.google-analytics.com *.google-analytics.com *.usercentrics.eu *.doubleclick.net *.amazonaws.com *.etracker.de *.dynamicyield.com *.dynamicyield.eu www.paypal.com webshoprain.medion.com *.analytics.google.com webchannel-content.eservice.emarsys.net recommender.scarabresearch.com *.googlesyndication.com *.pusher.com *.fact-finder.de api.signalize.com *.criteo.com *.criteo.net *.run.app api.parcellab.com; style-src 'self' 'unsafe-inline' *.signalize.com *.dynamicyield.com cdn.parcellab.com; img-src 'self' blob: data: app.usercentrics.eu bat.bing.com googleads.g.doubleclick.net www.google.com www.google.de assets.vercel.com *.medion.com www.facebook.com *.outbrain.com *.paypal.com www.paypalobjects.com uct.service.usercentrics.eu www.googleadservices.com cdn.dynamicyield.com www.google-analytics.com *.google.nl www.googletagmanager.com www.google.co.in *.signalize.com ad.doubleclick.net contextual.media.net pixel.rubiconproject.com match.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv eb2.3lift.com cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com ad.yieldlab.net e1.emxdgt.com cm.g.doubleclick.net x.bidswitch.net exchange.mediavine.com simage2.pubmatic.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com gum.criteo.com ups.analytics.yahoo.com ib.adnxs.com jadserve.postrelease.com *.criteo.net icons.parcellab.com; font-src 'self' data: assets.vercel.com www.paypalobjects.com *.signalize.com *.dynamicyield.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https://app.storyblok.com scanblue.com https://www.paypal.com/; frame-src 'self' https://www.paypalobjects.com/ https://www.paypal.com/ https://app.usercentrics.eu/ https://vercel.live/ https://ct.pinterest.com/ *.fls.doubleclick.net https://www.youtube.com *.amazon-adsystem.com https://aax-eu.amazon-adsystem.com *.scanblue.com *.scanblue.cloud www.youtube-nocookie.com gum.criteo.com *.doubleclick.net *.criteo.com www.google.com; 1
"frame-ancestors 'none';" 1
default-src 'self';frame-src 'self' www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com vimeo.com;img-src 'self' 'unsafe-inline' www.google-analytics.com www.google.com www.google.de www.googletagmanager.com maps.gstatic.com maps.googleapis.com maps.gstatic.com maps.googleapis.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' www.youtube.com *.google-analytics.com www.googletagmanager.com maps.googleapis.com www.googleadservices.com;connect-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.google-analytics.com;font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; object-src 'none'; 1
default-src 'self' https://insights.hotjar.com https://hotjar.com www.insights.hotjar.com www.hotjar.com *.hotjar.com *.sitefinity.com *.googletagmanager.com *.google.de static.ex.co; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com *.vev.design *.vev.site *.vev.page *.cloudflare.com *.spotify.com *.hotjar.com qqm8bf7z.cdn.imgeng.in *.bamboohr.com *.formstack.com *.spotifycdn.com *.playbuzz.com *.ex.co snap.licdn.com *.vimeo.com *.fundraisingbox.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.bamboohr.com *.formstack.com *.hotjar.com *.googletagmanager.com static.ex.co 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.commonpurpose.org *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.playbuzz.com *.linkedin.com *.google.co.uk *.google.ie *.google.de *.fundraisingbox.com *.googletagmanager.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in *.googleusercontent.com *.formstack.com *.hotjar.com static.ex.co; frame-src *.uri.sh *.youtube.com *.vimeo.com *.spotify.com *.bamboohr.com *.google.com *.spotifycdn.com *.ex.co *.fundraisingbox.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.typekit.net *.vev.design *.vev.site *.bamboohr.com *.spotifycdn.com *.playbuzz.com *.ex.co *.linkedin.oribi.io *.doubleclick.net *.google.com *.hotjar.io *.hotjar.com *.facebook.com *.linkedin.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com *.youtube.com *.vimeo.com *.vev.design *.vev.site qqm8bf7z.cdn.imgeng.in; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com a-cp.vev.site https://js.vev.design *.frontify.com cloudinary.com *.cloudinary.com *.youtube.com *.vimeo.com *.typekit.net *.vev.design *.vev.site 'self' web-chat.nativechat.com 1
default-src 'self'; img-src github.com cloud.githubusercontent.com avatars.githubusercontent.com github.githubassets.com australiaeast.github-debug.com brazilsouth.github-debug.com centralindia.github-debug.com fra.github-debug.com iad.github-debug.com japaneast.github-debug.com koreacentral.github-debug.com sea.github-debug.com southafricanorth.github-debug.com southeastasia.github-debug.com github-cloud.s3.amazonaws.com github-debug.com data:; script-src 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-KtpvZKK9rV/wFwQpTUSszrAGiKTV4wGtu9IjXYSKW8i/xQwL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://app.adrianflux.co.uk https://www.bikesure.co.uk 1
default-src 'none'; base-uri 'self'; font-src 'self' *.gstatic.com data:; style-src 'self' 'unsafe-inline' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.googleapis.com *.gstatic.com; img-src 'self' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.googleapis.com *.google-analytics.com *.gstatic.com data:; script-src 'self' 'unsafe-inline' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.etracker.com *.etracker.de unpkg.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.podcaster.de; frame-src 'self' *.rkw-bw.net *.youtube.com *.youtube-nocookie.com *.podcaster.de tweedback.de forms.office.com; connect-src 'self' *.etracker.de *.googleapis.com *.google-analytics.com; media-src 'self' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de; frame-ancestors 'self'; manifest-src 'self'; form-action 'self'; object-src 'none' 1
frame-ancestors 'self' https://*.norton.com https://*.nortonlifelock.com; 1
default-src 'self' www.facebook.com *.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.google.com *.imocarwash.us3.list-manage.com *.youtube.com www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googleadservices.com cdn.cookielaw.org forms.contacta.io www.google-analytics.com *.amigodev.io *.amigoclienttesting.io *.getamigo.io https://code.jquery.com/ https://tagmanager.google.com/ https://connect.facebook.net https://www.googletagmanager.com https://imocarwash.us3.list-manage.com *.amazonaws.com www.google-analytics.com www.gstatic.com www.google.com/recaptcha/api.js ajax.aspnetcdn.com cdn.jsdelivr.net *.googleapis.com ssl.google-analytics.com;style-src forms.contacta.io https://tagmanager.google.com/ *.mailchimp.com fonts.googleapis.com 'self' 'unsafe-inline';img-src googleads.g.doubleclick.net www.googletagmanager.com cdn.cookielaw.org *.google.co.uk www.google.fr www.google.com *.getamigo.io *.amigoclienttesting.io *.amigodev.io https://stats.g.doubleclick.net/ https://ssl.gstatic.com https://www.gstatic.com https://tagmanager.google.com/ https://www.facebook.com/tr/ dashboard.umbraco.org maps.gstatic.com maps.googleapis.com *.google-analytics.com 'self' data: www.gravatar.com umbraco.tv;font-src fonts.gstatic.com 'self' data:;connect-src 'self' geolocation.onetrust.com cdn.cookielaw.org stats.g.doubleclick.net www.google-analytics.com *.amigodev.io *.amigoclienttesting.io *.getamigo.io *.contacta.io  maps.googleapis.com *.google.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://www.googletagmanager.com https://goldencrossdata.com https://www.youtube.com https://museumspeelklok.globalticket.nl http://www.youtube.com https://rosaensemble.nl https://www.facebook.com https://www.google.com https://*.spotify.com https://duxmt.eu https://www.youtube-nocookie.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com data:; connect-src 'self' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://*.google.nl https://*.google.com https://www.facebook.com https://*.facebook.com https://facebook.com https://www.google.com http://facebook.com https://connect.facebook.net https://facebook.com https://stats.g.doubleclick.net https://yoast.com https://region1.google-analytics.com https://www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com https://goldencrossdata.com https://www.youtube.com https://museumspeelklok.globalticket.nl http://www.youtube.com https://rosaensemble.nl https://www.facebook.com https://www.google.com https://*.spotify.com https://duxmt.eu https://www.youtube-nocookie.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com; child-src 'self' https://www.googletagmanager.com https://goldencrossdata.com https://www.youtube.com https://museumspeelklok.globalticket.nl http://www.youtube.com https://rosaensemble.nl https://www.facebook.com https://www.google.com https://*.spotify.com https://duxmt.eu https://www.youtube-nocookie.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://google-analytics.com https://segments.optinadserving.com https://www.gstatic.com https://api.w3-edge.com https://www.google.com https://s2.adform.net https://rtb8.adscience.nl https://track.adform.net https://www.google-analytics.com https://*.adscience.nl; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.fonts.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://fast.fonts.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com https://www.facebook.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; form-action 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://connect.facebook.net/; frame-ancestors 'self'; object-src 'none'; report-uri https://6fd0808b3c82be7fae4b5dba95198421.report-uri.com/r/d/csp/enforce 1
default-src *.gstatic.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org hcaptcha.com *.googletagmanager.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org hcaptcha.com *.googletagmanager.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com cloud.typography.com *.cloudfront.net ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com data: ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; img-src *.globenewswire.com *.prnewswire.com pixel.mathtag.com c212.net ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; frame-src *.google.com *.youtube.com youtube-nocookie.com vimeo.com newassets.hcaptcha.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; object-src 'none'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://sincortenohaygloria.com/logs/ https://sincortenohaygloria.com/sidekiq/ https://sincortenohaygloria.com/mini-profiler-resources/ https://sincortenohaygloria.com/assets/ https://sincortenohaygloria.com/brotli_asset/ https://sincortenohaygloria.com/extra-locales/ https://sincortenohaygloria.com/highlight-js/ https://sincortenohaygloria.com/javascripts/ https://sincortenohaygloria.com/plugins/ https://sincortenohaygloria.com/theme-javascripts/ https://sincortenohaygloria.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js https: 'unsafe-inline'; worker-src 'self' https://sincortenohaygloria.com/assets/ https://sincortenohaygloria.com/brotli_asset/ https://sincortenohaygloria.com/javascripts/ https://sincortenohaygloria.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' hyperion-project.org www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ;img-src https: data: ; object-src 'none' 1
img-src * 'self' data: https:; 1
object-src 'none'; script-src 'self' https://cdn.syndication.twimg.com https://platform.twitter.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://cdn.linkedin.oribi.io https://s2.adform.net https://a2.adform.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://use.fontawesome.com maxcdn.bootstrapcdn.com 'sha256-cyxzUI0Nh1951R1ihMxSRZdfWeuduf7j2MZhAbObPR8=' 'sha256-UoJAQg3t0DxQgUH1ARaQF5VLlyTKgzTM+WWC7NrU9eI=' 'sha256-/hWR41NFlPdweJ679itNhlf3Nfh/hXb+jcotgHtNcHk=' 'sha256-K0SIclzrE/O7jthGHI0rzW5GOgMh6bzumQOpZhgtUV4='; script-src-attr 'self'; style-src 'unsafe-inline' 'self' 'unsafe-inline' https://use.fontawesome.com https://platform.twitter.com code.cdn.mozilla.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com; style-src-attr 'unsafe-inline' 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://mpac.report-uri.com/r/d/csp/enforce 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-0d2e2f4a75b91cb1cc83cce764aa12f0'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' c.biztoc.com; font-src 'self' c.biztoc.com; style-src 'self' 'unsafe-inline' c.biztoc.com https://*.typeform.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' c.biztoc.com https://*.typeform.com/ https://appleid.cdn-apple.com/ https://hcaptcha.com/; img-src 'self' data: c.biztoc.com cw.biztoc.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.tiktok.com/ https://rumble.com/ https://embed.ted.com/ https://*.typeform.com/ https://*.hcaptcha.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://bpu.com https://bpu.com http://www.bpu.com https://www.bpu.com http://connect.facebook.net/en_US/all.js http://platform.twitter.com/widgets.js http://script.crazyegg.com/pages/scripts/0030/8357.js https://www.google.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.twitter.com https://apis.google.com/js/plusone.js https://platform.linkedin.com/in.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://static.ak.fbcdn.net https://cdn.syndication.twimg.com  https://connect.facebook.net https://www.gstatic.com https://code.jquery.com https://api.kommunicate.io https://widget.kommunicate.io https://script.crazyegg.com  https://cdn.kommunicate.io/  https://cdn.applozic.com https://www.youtube.com http://bpu.staging.whmi.biz http://www.bpu.staging.whmi.biz ; connect-src 'self' https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://www.facebook.com https://widget.kommunicate.io https://api.kommunicate.io/ https://analytics.google.com https://www.google-analytics.com https://script.crazyegg.com https://stats.g.doubleclick.net https://cdn.kommunicate.io https://chat.kommunicate.io https://bots.kommunicate.io https://cdn.kommunicate.io/applozic/applozic.chat-6.1.1.min.js wss://socket4.kommunicate.io/ws https://secure-a.vimeocdn.com  https://tracking.crazyegg.com wss://socket4.applozic.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com  https://code.jquery.com https://widget.kommunicate.io https://api.kommunicate.io https://cdn.kommunicate.io https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com ;  img-src * data: ; media-src 'self' https://cdn.kommunicate.io ; object-src 'self' ; frame-src 'self' https://www.youtube.com https://i.s-microsoft.com https://platform.twitter.com  https://syndication.twitter.com https://www.facebook.com https://www.google.com https://api.kommunicate.io https://web.facebook.com/; 1
default-src 'self' cteh.com *.cteh.com; script-src 'self' 'unsafe-inline'  *.google-analytics.com *.s3.amazonaws.com *.google.com *.googletagmanager.com unpkg.com *.googleapis.com *.gstatic.com *.olark.com *.typekit.net *.customsearch.ai *.loopanalytics.com *.calltrk.com; object-src 'self'; img-src 'self' data: *.google-analytics.com *.googleapis.com *.cloudinary.com *.olark.com *.s3.amazonaws.com *.mapbox.com maps.gstatic.com *.loopanalytics.com *.calltrk.com js.calltrk.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com tagmanager.google.com bat.bing.com googleadservices.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com bat.bing.com; style-src 'self' 'unsafe-inline' *.googleapis.com unpkg.com *.s3.amazonaws.com *.cloudflare.com *.google.com *.olark.com *.windows.net; frame-src *.google.com *.googletagmanager.com *.olark.com *.mapbox.com bid.g.doubleclick.net *.fls.doubleclick.net;font-src  *.gstatic.com *.s3.amazonaws.com *.cloudflare.com *.olark.com; connect-src *.doubleclick.net *.google-analytics.com *.google.com *.olark.com *.googleapis.com *.customsearch.ai *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; media-src *.olark.com *.google.com; 1
frame-ancestors 'self' *.xsolla.com *.xsollasitebuilder.com *.rustlergame.com *.maximumgames.com *.untilthengame.com 1
default-src 'self'; script-src 'self' http: 'unsafe-inline' https: 'nonce-0bfbb91a-d1e7-41f4-8d56-369402639ab5' 'strict-dynamic'; child-src 'self'; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' ws: *.petinsurance.tech *.pusher.com *.google-analytics.com *.googlesyndication.com *.analytics.google.com *.googleadservices.com adservice.google.com www.google.co.uk https://google.com www.google.com https://www.google-analytics.com analytics.tiktok.com smct.co *.smct.co smct.io *.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com rs.fullstory.com stats.g.doubleclick.net s3.eu-west-2.amazonaws.com https://edge.fullstory.com/ bat.bing.com https://cdn.linkedin.oribi.io *.clarity.ms analytics.pangle-ads.com; media-src 'self' *.waggel.co.uk; style-src-elem 'self' fonts.smct.io 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' *.waggel.co.uk www.googletagmanager.com https://www.google-analytics.com googleads.g.doubleclick.net https://imagedelivery.net/_oAwqhhSlLiLRNppESPDbQ/ https://6za75opzlh.execute-api.eu-west-1.amazonaws.com/ www.facebook.com bat.bing.com www.google.com www.google.co.uk mywebconect.com ts.tradetracker.net quote-link.net smct.co *.smct.co smct.io *.smct.io www.jadpo.co.uk *.amazonaws.com https://px.ads.linkedin.com https://px4.ads.linkedin.com/ *.clarity.ms c.bing.com https://images-static.trustpilot.com/; font-src 'self' *.waggel.co.uk data: smct.co *.smct.co smct.io *.smct.io; frame-src 'self' tpc.googlesyndication.com calendly.com js.stripe.com www.googletagmanager.com smct.co *.smct.co smct.io *.smct.io d2d7do8qaecbru.cloudfront.net td.doubleclick.net; frame-ancestors 'none'; manifest-src 'self' *.waggel.co.uk; base-uri 'self' about:; 1
default-src 'self' https://macrodesign.com https://www.macrodesign.com                   'nonce-GTM-nonce20210615'                   'nonce-GTM-nonce20210616d'                   https://www.phplivesupport.co.uk                   https://www.google-analytics.com                   https://www.googletagmanager.com                   http://www.googleadservices.com                  https://www.googleadservices.com                  https://googleads.g.doubleclick.net                  https://www.google.com                   https://www.google.co.uk                   https://stats.g.doubleclick.net                   https://doubleclick.net                    https://phplivesupport.co.uk                  'sha256-1pQ9l2R8K3djRPC/he+eN4Vp5YWQ7POlFap4+UhRxrw='                  'sha256-qIIs5/izMmrLZDv6y9p2/dv1AQbh3o2lOHqN5Z/NAfI='; 1
frame-ancestors 'self' policy.saintmartinschools.org; 1
default-src 'self' 			*.craftcms.com 			*.sharethis.com 			*.google-analytics.com; 		connect-src 'self' 			*.crwdcntrl.net 			*.googleapis.com 			*.sharethis.com 			*.craftcms.com 			*.google.com 			*.google.co.uk 			*.google-analytics.com 			vimeo.com; 		script-src 'self' 			'unsafe-inline' 			'unsafe-eval' 			*.cloudflareinsights.com 			*.stripe.com 			*.gstatic.com 			*.google.com 			*.facebook.net 			*.ckeditor.com 			*.googletagmanager.com 			*.googleapis.com 			*.sharethis.com 			*.cloudflare.com 			*.youtube.com 			*.vimeo.com 			*.google-analytics.com;		img-src 'self' 			data: 			*.ytimg.com 			*.google.com 			*.google.co.uk 			*.craft-cdn.com 			*.placeholder.com 			*.facebook.com 			*.gstatic.com 			*.googleapis.com 			*.youtube.com 			*.sharethis.com 			*.vimeocdn.com 			*.google-analytics.com;		style-src 'self' 			'unsafe-inline' 			*.googletagmanager.com 			*.sharethis.com 			*.googleapis.com;		font-src 'self' 			data: 			*.gstatic.com;		frame-src 'self' 			youtu.be 			*.youtube.com 			*.inspire.scot 			*.stripe.com 			*.vimeo.com 			*.sharethis.com 			*.facebook.com 			*.google.com;		object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.westlawasia.com/ https://www.legalexecutiveinstitute.com/ https://www.thomsonreuters.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; object-src 'none'; frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-/GOlM68pYvAzYZXZY+wooW+W4TNLTJwId4Cz4JOa/3K74JT2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://*.acdagents.com/ https://vpm.org/ https://www.wgbh.org/ https://www.wqed.org/ https://pledgecart.org/ https://*.kqed.org/ https://www.kqed.org/ https://www.acddirect.com/ https://*.callswithoutwalls.com/ https://reports.callswithoutwalls.com/ https://www.rmpbs.org/ https://www.district5united.org/ https://teamup.com/ https://*.whut.org/ https://*.pbs.org https://*.vpr.org https://primerica-sandbox.atlassian.net https://primerica-acd.atlassian.net 1
upgrade-insecure-requests;, upgrade-insecure-requests; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net bat.bing.com www.isstsgh.hsbc.com.sg connect.facebook.net cdn.appdynamics.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com s.yimg.com cdn-assets-prod.s3.amazonaws.com ups.analytics.yahoo.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com www.isstsgh.hsbc.com.sg http://127.0.0.1:5000 http://127.0.0.1:5000/* www.facebook.com bat.bing.com adservice.google.com manifest.prod.boltdns.net *.brightcove.com ad.doubleclick.net www.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net *.dbankcloud.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.googletagmanager.com www.facebook.com *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.zscaler.net connect.facebook.net; frame-ancestors 'self' www.insurance.hsbc.com.sg; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com cdn.jsdelivr.net *.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self'; img-src 'self' data: https://*.yandex.ru https://*.yandex.net https://yastatic.net https://yandex.ru; script-src 'self' 'unsafe-inline' https://*.yandex.net https://*.yandex.ru https://yastatic.net https://yandex.ru; style-src 'self' 'unsafe-inline'; frame-src *.ivideon.com; connect-src https://mc.yandex.ru https://ymetrica1.com https://ymetrica2.com 'self' 1
default-src 'self' 'unsafe-inline' public.grupoiris.net fonts.googleapis.com fonts.gstatic.com *.grupoiris.net cashierui.test.universalpay.es www.google.es www.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' *.grupoiris.net cashierui.test.universalpay.es www.google-analytics.com; object-src 'self'; frame-src https://www.youtube.com *.grupoiris.net ; frame-ancestors 'self' *.grupoiris.net ;  1
frame-ancestors 'none'; report-uri https://sentry.42he.com/api/2/security/?sentry_key=67cc7afd05ae4e3a807e6f4b8f253483 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'nonce-f4806852c6a90fe4344278ba4aca0777' 'unsafe-eval' 'strict-dynamic' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com  https://td.doubleclick.net *.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com *.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:;  img-src 'self' https: data: blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'self';form-action 'self' 1
font-src *.gstatic.com data: *.fontawesome.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.billigkennzeichen.de *.trustedshops.com *.widgets.trustedshops.com *.cloudflare.com *.sendinblue.com *.sibforms.com *.cookiefirst.com *.cloudfront.net *.etrusted.com *.b-cdn.net *.whistleblowing-compliant.eu uberall.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.facebook.com *.cardinalcommerce.com *.paypal.com *.etrusted.com https://sibautomation.com *.sendinblue.com *.whistleblowing-compliant.eu *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.billigkennzeichen.de *.guenstige-kennzeichen.de *.trustedshops.com *.widgets.trustedshops.com *.ad-srv.net *.webgains.link *.facebook.com *.doubleclick.net *.googlesyndication.com *.cookiefirst.com *.hotjar.com *.in.hotjar.com *.csmetrics.hotjar.com *.hotjar.io *.in.hotjar.io *.csmetrics.hotjar.io *.gstatic.com https://sibautomation.com *.sendinblue.com *.whistleblowing-compliant.eu *.sibforms.com *.moatads.com *.mollie.com *.kroschke.de *.preeco.de *.verivox.de *.vxcp.de https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.billigkennzeichen.de *.guenstige-kennzeichen.de *.kroschke.de *.trustedshops.com *.widgets.trustedshops.com *.google.de *.google.hr *.bing.com *.facebook.com *.cookiefirst.com *.hotjar.com *.in.hotjar.com *.csmetrics.hotjar.com *.hotjar.io *.in.hotjar.io *.csmetrics.hotjar.io *.googlesyndication.com *.etrusted.com https://sibautomation.com *.proof-point.com *.whistleblowing-compliant.eu *.google.com *.cloudfront.net uberall.com *.uberall.com *.preeco.de *.verivox.de *.userlike.com *.ads.linkedin.com *.linkedin.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com https://www.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.justsellingapp.com *.justsellingapp.de *.justselling.de *.kroschke.de *.google-analytics.com *.trustedshops.com *.widgets.trustedshops.com *.cookiefirst.com *.webgains.io *.webgains.link *.ad-srv.net *.polyfill.io *.jsdelivr.net *.etrusted.com sibforms.com *.smarketer.de *.bing.com *.hotjar.com *.in.hotjar.com *.csmetrics.hotjar.com *.hotjar.io *.in.hotjar.io *.csmetrics.hotjar.io *.googleoptimize.com *.matelso.de *.facebook.net *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.de *.billigkennzeichen.de *.b-cdn.net https://sibautomation.com *.adobedtm.com *.sendinblue.com *.assets.adobedtm.com *.whistleblowing-compliant.eu *.cloudflare.com *.moatads.com *.mollie.com uberall.com *.uberall.com *.preeco.de *.verivox.de *.vxcp.de *.licdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.billigkennzeichen.de *.trustedshops.com *.widgets.trustedshops.com *.googleapis.com *.cloudflare.com *.jsdelivr.net *.justsellingapp.com *.sibforms.com https://sibforms.com *.cookiefirst.com *.gstatic.com *.etrusted.com https://sibautomation.com *.sendinblue.com *.whistleblowing-compliant.eu *.hotjar.com uberall.com *.uberall.com *.preeco.de https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.justsellingapp.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.justsellingapp.com *.justsellingapp.de *.justselling.de *.billigkennzeichen.de *.trustedshops.com *.widgets.trustedshops.com *.smarketer.de *.etrusted.com *.cookiefirst.com *.google-analytics.com *.google.com *.google.de *.facebook.com *.doubleclick.net bat.bing.com *.googlesyndication.com *.hotjar.com *.in.hotjar.com *.csmetrics.hotjar.com *.hotjar.io *.in.hotjar.io *.csmetrics.hotjar.io *.gstatic.com *.amazonaws.com *.googleapis.com *.userlike.com wss://umd.userlike.com https://sibautomation.com *.sendinblue.com *.whistleblowing-compliant.eu *.webgains.io *.moatads.com *.sibforms.com uberall.com *.uberall.com *.preeco.de *.verivox.de *.vxcp.de *.licdn.com *.ads.linkedin.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
default-src 'self' *.google-analytics.com *.hotjar.com *.knightlab.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net *.akamai.net *.disqus.com https://disqus.com/ *.disquscdn.com *.techstars.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; frame-src 'self' *.hotjar.com *.knightlab.com *.disqus.com *.disquscdn.com https://disqus.com/ *.techstars.com; 1
default-src 'self'; base-uri 'none'; form-action 'self'; img-src 'self' data:; object-src 'none' 1
default-src 'self';img-src 'self' https: data: blob:;media-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline';connect-src 'self' https: wss:;frame-src 'self' https:;worker-src 'self' https: blob:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'none'; img-src 'self' 1
allow '. HTTP_SERVER. '; frame-src ' . HTTP_SERVER. ' *.youtube.com *.google.com; 1
default-src https: 'unsafe-inline' 'self' data: 1
frame-ancestors https://shop.heise.de https://www.heise.de https://beta.heise.de 1
default-src 'self' *.anthology-digital.com services-staging.anthology-digital.com consent.cookiebot.com consentcdn.cookiebot.com fonts.googleapis.com ajax.googleapis.com google-analytics.com www.google-analytics.com fonts.gstatic.com www.youtube.com trp.paccarpartsloyalty.com sample-api-v2.crazyegg.com d2collectorprod.azurewebsites.net www.gravatar.com player.vimeo.com vimeocdn.com packages.umbraco.org our.umbraco.org tracking.crazyegg.com stats.g.doubleclick.net script.crazyegg.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anthology-digital.com *.bing.com *.clarity.ms consent.cookiebot.com consentcdn.cookiebot.com fonts.googleapis.com ajax.googleapis.com www.googletagmanager.com script.crazyegg.com consentcdn.cookiebot.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net trp.paccarpartsloyalty.com cdn.variametrix.com trp.varia4.com www.googleadservices.com connect.facebook.net snap.licdn.com www.google.com www.gstatic.com blob:; style-src 'self' 'unsafe-inline' *.anthology-digital.com fonts.googleapis.com hello.myfonts.net www.google.com; img-src data: *.anthology-digital.com *.bing.com *.clarity.ms maps.gstatic.com googleapis.com www.googleapis.com maps.googleapis.com ggpht.com img.youtube.com trpparts.com www.trpparts.com mex.trpparts.com can.trpparts.com opc.trpparts.com opc-mex.trpparts.com sa.trpparts.com pr.trpparts.com eng.trpparts.com fra.trpparts.com cloudflare.trpparts.com trpparts.com:448 www.trpparts.com:448 mex.trpparts.com:448 can.trpparts.com:448 opc.trpparts.com:448 opc-mex.trpparts.com:448 sa.trpparts.com:448 pr.trpparts.com:448 eng.trpparts.com:448 fra.trpparts.com:448 trp-assets.anthology-digital.com via.placeholder.com ad.doubleclick.net adservice.google.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.googletagmanager.com media.bondbrandloyalty.com paccar-parts.2gms.com www.facebook.com dashboard.umbraco.org www.gravatar.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com px4.ads.linkedin.com umbraco.tv imgsct.cookiebot.com; object-src 'self'; frame-src 'self' *.anthology-digital.com www.google.com www.youtube.com consentcdn.cookiebot.com trp.paccarpartsloyalty.com bid.g.doubleclick.net www.facebook.com td.doubleclick.net; connect-src 'self' *.bing.com *.clarity.ms analytics.google.com www.google.com script.crazyegg.com tracking.crazyegg.com www.google-analytics.com stats.g.doubleclick.net d2collectorprod.azurewebsites.net collect.variametrix.com consentcdn.cookiebot.com services.anthology-digital.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com maps.googleapis.com googleads.g.doubleclick.net cdn.linkedin.oribi.io trp.varia4.com px.ads.linkedin.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://ajax.googleapis.com  https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com; img-src 'self' https://access.equalweb.com https://www.google-analytics.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com https://s-static.ak.facebook.com https://assets.zendesk.com https://maps.gstatic.com https://*.googleapis.com data: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com  https://themes.googleusercontent.com; frame-src 'self' https://www.youtube.com https://www.google.com https://player.vimeo.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://weatherwidget.io; connect-src 'self' https://*.googleapis.com https://*.googleapis.com https://access.equalweb.com https://www.google-analytics.com https://va.tawk.to https://cdn.equalweb.com; object-src 'none' 1
default-src 'self'; connect-src 'self' https://content.hotjar.io/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ wss://api.smooch.io/ https://api.smooch.io/ https://i.covery.ai/ https://api.covery.ai/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ https://mygenome.zendesk.com/ https://widget-mediator.zopim.com/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.facebook.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://api.genome.eu/ https://ekr.zendesk.com/; script-src 'self' 'unsafe-inline' https://bat.bing.com/ https://api.smooch.io/ https://api.covery.ai/ https://static.zdassets.com/ https://www.google-analytics.com/ https://google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com/gtag/ https://connect.facebook.net/ https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/ https://widget-mediator.zopim.com; img-src 'self' https://bat.bing.com/ https://strapi-store-ew-infra.s3.eu-central-1.amazonaws.com/ https://strapi-store-infra.s3.eu-central-1.amazonaws.com/ https://static.zdassets.com/ https://accounts.zendesk.com/ https://media.smooch.io/ https://support.genome.eu/ https://i.covery.ai/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://px.ads.linkedin.com/ https://t.co/ https://script.hotjar.com https://p.adsymptotic.com data: blob:; frame-src 'self' https://vars.hotjar.com https://google.com/recaptcha/ https://recaptcha.net/; prefetch-src 'self' https://maps.googleapis.com/maps/api/ https://www.google-analytics.com/ https://www.googletagmanager.com/gtag/ https://snap.licdn.com/li.lms-analytics/ https://connect.facebook.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; media-src 'self' blob: https://static.zdassets.com/; font-src 'self' https://fonts.gstatic.com/ https://script.hotjar.com; object-src 'self' blob: 1
default-src 'self' 'unsafe-inline' https: blob: wss: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' data: https: ; font-src 'self' data: https: ; frame-ancestors 'self' https://cms.chanbrothers.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://cubhub.social 'wasm-unsafe-eval'; font-src 'self' https://cubhub.social; img-src 'self' data: blob: https://cubhub.social https://media.cubhub.social media.tenor.com; style-src 'self' https://cubhub.social 'nonce-fB9OQn4OAHq45P0lW8mezA=='; media-src 'self' data: https://cubhub.social https://media.cubhub.social; frame-src 'self' https:; child-src 'self' blob: https://cubhub.social; worker-src 'self' blob: https://cubhub.social; connect-src 'self' blob: data: wss://cubhub.social https://cubhub.social https://media.cubhub.social *.tenor.com; manifest-src 'self' https://cubhub.social; form-action 'self' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.com.pe/report-uri/enforce 1
base-uri 'none'; child-src 'self' blob: data: optifleet.net api.optifleet.net app.optifleet.net; connect-src 'self' *.api.here.com *.api.sanity.io *.apicalsolutions.com *.apicdn.sanity.io *.app.prod.shared.eu.vgtng.volvo.com *.demo.api.here.com *.execute-api.eu-north-1.amazonaws.com *.googleapis.com *.here.com *.hereapi.com *.lottiefiles.com *.ls.hereapi.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us-east-1.prod.aws.vgthosting.net *.prod.shared.us.vgtng.volvo.com *.pusherplatform.io *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com *.youtube.com api.optifleet.net api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.vgcs.volvo.com api.sanity.io api.volvotrucks.com apical.uksouth.cloudapp.azure.com apicdn.sanity.io assets.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gateway-prod.azure-api.net gdsp-resources.azureedge.net https://iot-vgcs-dc-gw.apicalsolutions.com/api/ prod-vgcs-dc-gw.apicalsolutions.com https://qa-vgcs-dc-gw.apicalsolutions.com/api/ login.optifleet.net login.microsoftonline.com login.prod.optifleet.net login.support.na.prod.vg-cs.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net oprepo.prod.shared.eu.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vconnect.sems.ws vfs-customerconnect-api.azurewebsites.net vfsvolvoconnectapidev.azurewebsites.net vg-vfs-volvoconnect-api-dev.azurewebsites.net vgcs-atom.s3.eu-north-1.amazonaws.com vtrucks.prod.sems.ws wss://*.app.prod.shared.eu.vgtng.volvo.com wss://*.app.prod.shared.us.vgtng.volvo.com wss://*.prod.shared.eu.vgtng.volvo.com wss://*.prod.shared.us.vgtng.volvo.com wss://*.pusherplatform.io wss://*.sendbird.com wss://api.optifleet.net wss://oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net wss://sendbird.com www.google-analytics.com www.volvobuses.com wss://57tklffer0.execute-api.eu-north-1.amazonaws.com nln43j2hm8.execute-api.eu-west-1.amazonaws.com vfsvolvoconnectapiqa.azurewebsites.net vfsvolvoconnectapiprod.azurewebsites.net *.vgcs-atom.com wss://logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net *.vgcs-atom.com wss://ws.transport-engine.prod.vgcs-atom.com transport-pattern.prod.vgcs-atom.com wss://*.vgcs-atom.com neuronths.com logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net resources.gdsp.volvo.com qa.natelematics.com *.adobedtm.com *.assetsadobe.com s3-eu.walkmeusercontent.com ec.walkme.com maps.gstatic.com api.natelematics.com us-east-1.quicksight.aws.amazon.com api.natelematics.com privacyportal-de.onetrust.com api.na.vgcs.volvo.com api.optifleet-evol.net demdex.net volvogroup.data.adobedc.net *.demdex.net *.everesttech.net everesttech.net *.adobedc.net adobedc.net api.optifleet.net api.renault-trucks.com *.volvobuses.com s3.eu-west-1.amazonaws.com volvobuses.com api.met.no volvobuses.com de.qa.l-os.com vbap-dev-euw-func-01.azurewebsites.net asddkawasdsdasd api.ko.vgcs.volvo.com *.prod.vg-cs.com wss://api.eu.vgcs.volvo.com wss://api.na.vgcs.volvo.com *.gdsp.volvo.com stage-volvobuses-com.aws.43636.vnonprod.com vbap-prod-euw-func-01.azurewebsites.net sentry.io *.sentry.io s3.eu-central-1.amazonaws.com api.eu.vgcs.volvo.com bbb; default-src optifleet.net; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.optifleet.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.optifleet.net blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.optifleet.net natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net *.gdsp.volvo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.optifleet.net api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.optifleet.net login.prod.optifleet.net oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org tag.manager.google.com tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; font-src 'self' *.googleapis.com *.screencast.com *.sendbird.com *.walkme.com 3b3ehuo35wzeh.cloudfront.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com chrome-extension: data: doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.optifleet.net maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com *.gdsp.volvo.com; form-action 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com optifleet.net api.optifleet.net login.optifleet.net api.na.vgcs.volvo.com api.eu.vgcs.volvo.com; frame-ancestors 'self'; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.optifleet.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.optifleet.net blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.optifleet.net natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net; img-src 'self' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com assets.volvo.com blob: buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d2qhvajt3imc89.cloudfront.net d3b3ehuo35wzeh.cloudfront.net data: dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.optifleet.net maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com ssl.gstatic.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com some.domain.somewhere s3-eu.walkmeusercontent.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.everesttech.net *.demdex.net demdex.net everesttech.net adobedc.net *.adobedc.net *.gdsp.volvo.com s3.eu-central-1.amazonaws.com asd; manifest-src 'self'; media-src assets.volvo.com *.vgcs-atom.com 'self' s3.eu-central-1.amazonaws.com; object-src 'none'; report-to csp-endpoint; report-uri https://55dafc20b00345383dabdc090f37b786.report-uri.com/r/t/csp/enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.optifleet.net api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.optifleet.net login.prod.optifleet.net oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org tag.manager.google.com tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net; style-src 'self' 'unsafe-inline' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.optifleet.net login.prod.optifleet.net oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; upgrade-insecure-requests; worker-src 'self' blob: data: eu-cdn.walkme.com *.walkme.com walkme.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.bundesbots.de ; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' *.itzbund.de ; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de *.youtube.com *.youtube-nocookie.com medien.bkm.bund.de ; frame-src *.youtube.com *.youtube-nocookie.com *.bundesbots.de ; img-src 'self' blob: social.bund.de *.youtube.com *.youtube-nocookie.com ; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' validator.swagger.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser-update.org unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com; img-src 'self' santander-fsl.de unpkg.com validator.swagger.io data: santander-fsl.de; font-src 'self' fonts.gstatic.com; 1
img-src * data: blob: 'unsafe-inline';  1
default-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://popups.landingi.com https://scripts.assets-landingi.com https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://region1.google-analytics.com/ https://grupoanaya.es/; script-src 'self' https://sdk.privacy-center.org/ https://popups.landingi.com https://scripts.assets-landingi.com https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com https://v2.zopim.com https://ajax.googleapis.com https://ssif1.globalsign.com https://seal.globalsign.com https://*.google.com https://www.google-analytics.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; img-src 'self' data: https://*.gstatic.com https://*.zopim.com https://ssif1.globalsign.com https://www.google-analytics.com https://www.nfpa.org https://*.google.com https://www.googleapis.com ; font-src 'self' data: https://*.zopim.com https://fonts.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com https://*.zopim.com https://ajax.googleapis.com https://ssif1.globalsign.com https://seal.globalsign.com https://*.google.com https://www.google-analytics.com https://www.gstatic.com; connect-src 'self' wss://widget-mediator.zopim.com https://ekr.zdassets.com https://www.google-analytics.com; object-src 'self' http://www.fema.gov http://embed.5min.com; child-src 'self' https://www.youtube.com https://maps.google.com https://www.google.com; frame-src 'self' https://www.google.com https://cse.google.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' studio.ellisdon.com ellisdon-studio.netlify.app 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-5zAcPNbekZmcRpV3QGWU6qioWOKnIme/4xHYBaWSdclI3GjL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none'; script-src 'nonce-a7154d06-5162-4e2e-b201-85dcaadf591d' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri /csp-reports 1
frame-ancestors 'self' https://*.hauts-de-seine.fr  1
script-src http: https: 'unsafe-inline' https://www.googletagmanager.com https://www2.stockholmfilmfestival.se/; style-src 'self' blob: https: 'unsafe-inline' https://www2.stockholmfilmfestival.se/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.youtube-nocookie.com consentcdn.cookiebot.com 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src 'self' * https://app-scl.five9.com https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https://*.autumna.co.uk https://metrics.autumna.co.uk https://use.fontawesome.com https://fonts.gstatic.com https://www.youtube.com https://maps.googleapis.com https://www.google-analytics.com https://api-iam.intercom.io;media-src https://*;img-src https://* blob: data: 'unsafe-inline';style-src https://* 'unsafe-inline';script-src https://*.autumna.co.uk https://www.gstatic.com https://www.google.com https://cdn.autumna.co.uk https://metrics.autumna.co.uk https://trackcmp.net https://embed.typeform.com https://*.intercomcdn.com https://*.intercom.io https://*.fontawesome.com https://unpkg.com https://assets.pinterest.com https://assets.calendly.com https://maps.googleapis.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://snap.licdn.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://www.googleadservices.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://*.elfsight.com https://cdn.datatables.net 'unsafe-inline' 'unsafe-eval';font-src 'self' data: https://*.autumna.co.uk https://fonts.gstatic.com https://*.fontawesome.com https://*.intercomcdn.com https://uks8aut8files8dev.blob.core.windows.net;connect-src https://*.autumna.co.uk wss://nexus-websocket-a.intercom.io https://metrics.autumna.co.uk https://maps.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://www.google-analytics.com https://*.fontawesome.com https://cdn.linkedin.oribi.io https://pypi.org https://bat.bing.com https://*.elfsight.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com;frame-src data: https://*.autumna.co.uk https://www.google.com https://moreismarketing.com https://www.facebook.com https://form.typeform.com https://www.youtube.com https://www.youtube-nocookie.com https://moreismarketing.com https://td.doubleclick.net 'unsafe-inline';child-src https://*.autumna.co.uk https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;form-action https://*.autumna.co.uk https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com cdn.jsdelivr.net *.dukhanbank.com *.storerocket.io *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.ads-twitter.com *.g.doubleclick.net *.facebook.net *.euroland.com; object-src 'none'; style-src 'unsafe-inline' *; img-src * data:; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-KefzZaublqRD78xXsGuXdz846E8dHyyxgka+987G7W00VFPc' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; media-src *.cdninstagram.com scontent-pmo1-1.cdninstagram.com scontent-iad3-1.cdninstagram.com 'self'; script-src https: 'self' *.googleapis.com www.google-analytics.com 'unsafe-inline' *.royalreservations.com www.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com *.elfsight.com www.thehotelsnetwork.com d2wy8f7a9ursnm.cloudfront.net cdn.krxd.net connect.facebook.net 'unsafe-eval' c1.rfihub.net script.crazyegg.com; worker-src https: 'self' blob: script.crazyegg.com; style-src https: 'self' *.googleapis.com 'unsafe-inline' tagmanager.google.com *.royalreservations.com; img-src https: 'self' services.royalresorts.com data: royalreservations.com maps.gstatic.com ssl.gstatic.com *.googleapis.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.cdninstagram.com script.crazyegg.com; connect-src https: 'self' *.elfsight.com www.thehotelsnetwork.com www.google-analytics.com stats.g.doubleclick.net wss: streaming.mypurecloud.com; font-src https: 'self' *.googleapis.com fonts.gstatic.com data:; frame-src https: www.thehotelsnetwork.com; 1
frame-ancestors self https://www.memberbenefitlogin.com https://www.memberbenefitlogon.com https://www.benefitharborbenefits.com https://www.powerofready.com https://www.mykemperbenefits.com https://www.mypennonibenefits.com https://www.previewbenefits.com https://www.anthemflexhourplans.com https://www.bcbsgaflexhourplans.com https://www.empireblueflexhourplans.com https://www.mybenefitharbor.com https://tms.benefitharbor.com; 1
script-src http: https: 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; 1
frame-ancestors 'none' default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 1
frame-ancestors 'self' vkplay.com *.vkplay.com store.my.games vkplay.ru *.vkplay.ru 1
block-all-mixed-content; report-uri https://heinztohome.co.uk/cspReport.txt; 1
frame-ancestors 'self' *.myqisites.com 1
default-src 'self' *.sentry.io *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.youtube.com *.yoast.com *.intercomassets.com wss://nexus-websocket-a.intercom.io *.raymondchabot.com *.google.com *.google.ca *.googleoptimize.com optimize.google.com dashboard.engagefront.com *.cloudfront.net *.facebook.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.calltrk.com engagefront.theweathernetwork.com *.callrail.com *.doubleclick.net *.bing.com *.stackadapt.com *.clarity.ms *.intercom.io optimize.google.com *.segmentstream.com *.intercomcdn.com *.intercom.io *.cookiebot.com data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src-elem 'self' 'unsafe-inline' *.raymondchabot.com *.stackadapt.com optimize.google.com fonts.googleapis.com; frame-src https://optimize.google.com *.facebook.com dashboard.engagefront.com *.raymondchabot.com *.cookiebot.com *.youtube.com *.hotjar.com *.google.com *.google.ca; 1
default-src 'self'; script-src an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.commontools.net *.doubleclick.net *.google.com *.google.ru *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com gstatic.com *.facebook.net *.imgsmail.ru *.mail.ru *.ok.ru *.rambler.ru *.twitter.com *.userapi.com userapi.com *.vk.com vk.com https://*.facebook.net https://*.google.com https://*.google.ru https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://gstatic.com https://*.mgid.com/ https://*.ok.ru https://*.scorecardresearch.com/ https://*.top100.ru/ https://*.twitter.com https://*.vk.com https://vk.com https://*.yandex.com https://*.yandex.ru https://yandex.st https://yastatic.net https://*.adhigh.net/ https://*.adriver.ru/ https://*.alfasense.net/ https://*.betweendigital.com/ https://*.buzzoola.com/ https://*.bidswitch.net/ https://*.criteo.net/ https://*.digitalcaramel.com/ https://*.dircont3.com/ https://*.hybrid.ai/ https://*.moatads.com/ https://*.mradx.net/ https://*.otm-r.com/ https://*.rktch.com/ https://*.selcdn.net/ https://*.smi2.net/ https://*.yabidos.com/ 'self' data: 'unsafe-inline' 'unsafe-eval'; object-src *.googlesyndication.com 'self'; style-src yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net *.google.com *.googleapis.com https://*.googleapis.com https://*.mgid.com/ https://*.buzzoola.com/ 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *.doubleclick.net *.facebook.com *.google.com *.mail.ru *.ok.ru *.twitter.com *.vk.com vk.com *.vhod.cc https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.ok.ru https://*.rubiconproject.com/ https://*.vk.com https://vk.com https://*.yandexadexchange.net https://yastatic.net https://*.adhigh.net/ https://*.adriver.ru/ https://*.betweendigital.com/ https://*.bidvol.com/ https://*.buzzoola.com/ https://cdnrtbsape.ru/ https://*.creativecdn.com/ https://*.criteo.com/ https://*.hybrid.ai/ https://*.otm-r.com/ https://*.rktch.com/ https://*.rtb.com.ru/ https://*.rutarget.ru/ https://*.sape.ru/ https://*.selcdn.net/ 'self'; font-src an.yandex.ru *.googleapis.com *.gstatic.com yastatic.net yastat.net https://*.mgid.com/ https://*.buzzoola.com/ 'self' data:; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru https://*.android.com https://adservice.google.com/ https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com https://*.mgid.com/ http://top-fwz1.mail.ru https://*.twitter.com https://*.yandex.com https://*.yandex.ru https://*.adhigh.net/ https://*.adriver.ru/ https://*.betweendigital.com/ https://*.bidvol.com/ https://*.creativecdn.com/ https://*.criteo.com/ https://*.criteo.net/ https://*.mail.ru/ https://*.ntvk1.ru/ https://*.otm-r.com/ https://*.rambler.ru/ https://*.tns-counter.ru/ https://*.weborama.fr/ https://*.whiteboxdigital.ru/ 'self'; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data: 1
base-uri 'self' *.mangelot-hosting.nl; report-uri https://www.mangelot-hosting.nl/csp-report.php; frame-src 'self' data: *.google.com *.google.nl *.googleapis.com *.google-analytics.com *.doubleclick.net *.tinymce.com *.tiny.cloud *.speedtestcustom.com *.mangelot-hosting.nl; connect-src 'self' *.google.com *.google.nl *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.tinymce.com *.tiny.cloud *.bing.com *.clarity.ms *.mangelot-hosting.nl; font-src 'self' *.gstatic.com data: *.googleapis.com *.google-analytics.com *.gravatar.com *.tinymce.com *.tiny.cloud *.linearicons.com *.mangelot-hosting.nl; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.twitter.com *.doubleclick.net connect.facebook.net *.googleadservices.com *.google.com *.google.nl *.bing.com *.linearicons.com *.tinymce.com *.tiny.cloud *.clarity.ms *.mangelot-hosting.nl cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'report-sample' *.google.com *.googleapis.com *.gstatic.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.tinymce.com *.tiny.cloud *.linearicons.com *.mangelot-hosting.nl; img-src https: data: *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.twitter.com *.doubleclick.net *.linkedin.com *.google.com *.google.nl https://installatron.com *.gravatar.com *.tinymce.com *.tiny.cloud *.mangelot-hosting.nl *.installatron.com *.paypal.com; media-src 'self'; object-src 'none'; form-action 'self' *; frame-ancestors 'self'; sandbox allow-forms allow-scripts allow-popups allow-modals allow-top-navigation  allow-same-origin; worker-src blob: 'self'; default-src https: 'self' *.mangelot-hosting.nl 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-eoCZtNI6vYKvCGHyJ6rc0Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1
frame-ancestors 'self' *.davengo.com; 1
default-src 'self'; font-src *;img-src * data:; script-src *; stylesrc *; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1715f6a44cadc41ba65de6fb36a9e323'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; script-src  'self' https://cdn.jsdelivr.net/emojione/ *.tawk.to https://js.live.net/v7.2/OneDrive.js https://apis.google.com ; style-src 'unsafe-inline' ; img-src data: tawk.link blob: 'self' https://*.sharepoint.com *.tawk.to https://cdn.jsdelivr.net/emojione/ https://*.googleusercontent.com https://*.google.com https://*.gstatic.com ; font-src 'self' *.tawk.to https://cdn.jsdelivr.net/emojione/ https://fonts.gstatic.com/ ; connect-src 'self' https://*.sharepoint.com https://*.onedrive.com wss://*.tawk.to *.tawk.to *.glbth.com wss://*.glbth.com *.teacherview.live wss://*.teacherview.live https://graph.microsoft.com/ ; frame-src https://*.google.com https://*.sharepoint.com https://*.live.com wss://*.tawk.to *.tawk.to https://*.googleapis.com  ; style-src-elem *.tawk.to 'unsafe-inline' https://cdn.jsdelivr.net/emojione/ https://*.googleapis.com *.glbth.com *.teacherview.live teacherview.live ; worker-src 'self' blob: ; frame-ancestors 'self' ; 1
default-src 'self' https://drive.google.com https://*.gstatic.com https://*.hotjar.io https://*.googleapis.com https://*.milkmoovement.io wss://*.hotjar.com wss://*.cobrowse.io wss://*.intercom.io https://*.hotjar.com https://*.cobrowse.io  https://*.intercom.io https://*.intercomcdn.com 'unsafe-inline'; frame-src 'self' https://drive.google.com https://*.hotjar.com; img-src 'self' data: https://maps.google.com https://*.gstatic.com https://*.googleapis.com  https://*.intercomcdn.com https://*.intercomassets.com http://milk-moovement.s3-website.ca-central-1.amazonaws.com; script-src 'self' https://*.googleapis.com wss://*.hotjar.com wss://*.cobrowse.io wss://*.intercom.io https://*.hotjar.com https://*.cobrowse.io  https://*.intercom.io https://*.intercomcdn.com https://*.milkmoovement.io 'unsafe-inline'; style-src 'self' https://*.googleapis.com 'unsafe-inline'; object-src 'none'; worker-src 'self' https://storage.googleapis.com 'unsafe-inline' 1
frame-ancestors 'self' https://app.aipo.com/ https://*.app.aipo-platform.com/ 1
default-src 'self'; base-uri 'self'; script-src 'nonce-ed45a2beff9f9f7c8f65b37071dcfd5d' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; connect-src 'self' https://www.googletagmanager.com https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://bat.bing.com/actionp/ https://*.liadm.com https://*.parship.dev; frame-ancestors 'self' https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src 'self' https://support.parship.fr https://tms.parship.fr https://*.greatviews.de https://app.usercentrics.eu https://www.youtube-nocookie.com https://accounts.google.com https://translate.googleapis.com https://*.liadm.com; object-src 'none'; img-src 'self' data: http: https: https://*.instana.io; font-src 'self' data:; style-src 'self' 'unsafe-inline' 'report-sample' https://accounts.google.com/gsi/style https://translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src https: 'unsafe-eval' 'unsafe-inline' blob:; img-src https: data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://piipitin.fi; img-src 'self' https: data: blob: https://piipitin.fi; style-src 'self' https://piipitin.fi 'nonce-eHZR5YH2NCtN0ppOtwRxPw=='; media-src 'self' https: data: https://piipitin.fi; frame-src 'self' https:; manifest-src 'self' https://piipitin.fi; form-action 'self'; child-src 'self' blob: https://piipitin.fi; worker-src 'self' blob: https://piipitin.fi; connect-src 'self' data: blob: https://piipitin.fi https://media.piipitin.fi wss://piipitin.fi; script-src 'self' https://piipitin.fi 'wasm-unsafe-eval' 1
default-src 'self' https://analytics.google.com https://cdnjs.cloudflare.com https://www.recoweb.azurewebsites.net https://recoweb.azurewebsites.net https://recoadmin.azurewebsites.net https://www.recoadmin.azurewebsites.net https://admin.reco.on.ca https://www.reco.on.ca https://reco.on.ca https://in.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://m.addthis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://ajax.cloudflare.com https://fonts.googleapis.com;img-src 'self' * data:;frame-ancestors http://localhost:9100 https://www.recoweb.azurewebsites.net https://recoweb.azurewebsites.net https://recoadmin.azurewebsites.net https://www.recoadmin.azurewebsites.net https://admin.reco.on.ca https://www.reco.on.ca https://reco.on.ca;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recoweb.azurewebsites.net https://recoweb.azurewebsites.net https://recoadmin.azurewebsites.net https://www.recoadmin.azurewebsites.net https://admin.reco.on.ca https://www.reco.on.ca https://reco.on.ca http://s7.addthis.com https://www.youtube.com https://player.vimeo.com https://script.hotjar.com https://static.hotjar.com https://releases.transloadit.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://unpkg.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ajax.cloudflare.com https://code.jquery.com https://cdn.ckeditor.com https://s7.addthis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://unpkg.com https://www.recoweb.azurewebsites.net https://recoweb.azurewebsites.net https://recoadmin.azurewebsites.net https://www.recoadmin.azurewebsites.net https://admin.reco.on.ca https://www.reco.on.ca https://reco.on.ca https://www.youtube.com https://player.vimeo.com https://releases.transloadit.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com;frame-src 'self' https://www.recoweb.azurewebsites.net https://recoweb.azurewebsites.net https://recoadmin.azurewebsites.net https://www.recoadmin.azurewebsites.net https://admin.reco.on.ca https://www.reco.on.ca https://reco.on.ca https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com https://script.hotjar.com https://s7.addthis.com https://www.google.com https://bid.g.doubleclick.net https://www.youtube.com;object-src 'self' 1
frame-src 'self' https://live.lifesizecloud.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com 1
default-src https: 'unsafe-inline';  script-src https: 'unsafe-inline'; img-src https: 'self' data:; 1
frame-ancestors 'self' https://www.ca.kayak.com https://www.kayak.com https://www.momondo.ca https://www.momondo.com https://www.hotelscombined.ca https://www.hotelscombined.com https://www.cheapflights.ca https://www.cheapflights.com https://www.travelsearch.com 1
default-src 'none'; img-src 'self' https://*.leoninedistribution.com data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https:; object-src 'self' https:; media-src 'self' https:; form-action 'self'; base-uri 'self' 1
script-src 'self' 'nonce-as0hStnu6QkKmwLXl2z9fpcI' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
frame-ancestors 'self' https://cms.luckyvoice.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-qGLlrTzdiDfvEN2+6mMd6qIiNccDVAgmTNDF2hB6/HPeN9tr' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.marker.io *.analytics.google.com *.google.de *.hotjar.com data: 'self' 'unsafe-inline'; form-action www.facebook.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.liqpay.ua 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com vars.hotjar.com *.stripe.com www.youtube.com assets.pinterest.com static.addtoany.com *.marker.io www.facebook.com td.doubleclick.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net validator.swagger.io *.cloudflare.com https://cdn.klarna.com www.google.com.ua *.googleusercontent.com www.facebook.com *.paypal.com https://s.ytimg.com log.pinterest.com ebizmarts-website.s3.amazonaws.com *.marker.io oiler.ua *.clarity.ms *.bing.com *.liqpay.ua *.laximo.net *.analytics.google.com *.google.de digital-assets.tecalliance.services *.hotjar.com https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.avada.io *.cloudflare.com www.google.com www.gstatic.com connect.facebook.net static.addtoany.com static.hotjar.com script.hotjar.com graph.facebook.com widgets.pinterest.com *.stripe.com assets.pinterest.com chimpstatic.com *.marker.io *.esputnik.com *.binotel.com *.clarity.ms *.laximo.net *.analytics.google.com *.google.de *.hotjar.com https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' *.laximo.net *.analytics.google.com *.google.de *.hotjar.com 'self' 'unsafe-inline'; object-src https://www.googletagmanager.com/ http://www.googleadservices.com/ 'self' 'unsafe-inline'; media-src *.adobe.com *.marker.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io *.cloudflare.com stats.g.doubleclick.net in.hotjar.com *.paypal.com stats.addtoany.com *.marker.io esputnik.com *.esputnik.com *.binotel.com *.clarity.ms *.analytics.google.com *.google.de *.hotjar.com *.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com:* google-analytics.com:* wistia.com:* *.wistia.com:* googleapis.com:* *.googleapis.com:* twitter.com:* *.twitter.com:* *.googletagmanager.com:* googletagmanager.com:* *.newrelic.com:* newrelic.com:*; style-src 'self' 'unsafe-inline' googleapis.com:* *.googleapis.com:*; img-src 'self' 'unsafe-inline' *.google-analytics.com:* google-analytics.com:* gstatic.com:* *.gstatic.com:* googleapis.com:* *.googleapis.com:* wistia.com:* *.wistia.com:* data:;; media-src 'self' blob:;; frame-src 'self' wistia.net:* *.wistia.net:* appone.com:* *.appone.com:* youtube.com:* *.youtube.com:*; frame-ancestors *; font-src 'self' 'nonce-wM07XA79L5BgwKUE6iP/CyReYk5LKPyapkH1Q8tgumw=' gstatic.com:* *.gstatic.com:* data:;; connect-src 'self' *.google-analytics.com:* google-analytics.com:* googleapis.com:* *.googleapis.com:* wistia.com:* *.wistia.com:* *.nr-data.net:* nr-data.net:* 1
frame-ancestors 'self' https://flschat.eastus.cloudapp.azure.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.cloudapp.azure.com https://*.google.com https://ajax.googleapis.com https://content.linkedin.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://forms.hsforms.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://ml314.com https://platform.linkedin.com https://player.vimeo.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://www.vimeo.com https://www.googleoptimize.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.licdn.com ajax.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.vimeo.com *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com *.facebook.com flschat.eastus.cloudapp.azure.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net vimeo.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: www.google.com 1
report-uri aalogics_csp_reporting; font-src static.olark.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com * *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com www.google.com.pk t.co analytics.twitter.com bat.bing.com px.ads.linkedin.com px4.ads.linkedin.com static.olark.com log.olark.com d10lpsik1i8c69.cloudfront.net *.meetanshi.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ analytics.tiktok.com connect.facebook.net static.olark.com knrpc.olark.com static.ads-twitter.com bat.bing.com js-agent.newrelic.com www.pricepond.com.au snap.licdn.com d10lpsik1i8c69.cloudfront.net www.clickcease.com api.olark.com www.wufoo.com static.wufoo.com s7.addthis.com *.google.com https://www.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.olark.com d10lpsik1i8c69.cloudfront.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com d10lpsik1i8c69.cloudfront.net static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com analytics.tiktok.com knrpc.olark.com google.com nkhfperk.use.stape.io stats.g.doubleclick.net settings.luckyorange.net wss://visitors.live/ wss://in.visitors.live/ bam.nr-data.net api-preview.luckyorange.com cdn.linkedin.oribi.io *.googleapis.com ekr.zdassets.com/ *.google.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-to report-endpoint; 1
frame-ancestors 'self' https://*.salesforce.com https://*.force.com https://*.everyonesocial.app https://*.highspot.com https://*.sharepoint.com https://*.salesloft.com https://*.outreach.io https://*.hellozest.io https://*.everyonesocial.com https://*.eu.ngrok.io https://*.workvivo.com https://*.workvivo.io https://*.chameleon.io; script-src 'self' blob: 'unsafe-inline' https://cdn.segment.com https://embed.redditmedia.com https://embed.reddit.com https://platform.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://*.instagram.com https://*.tiktok.com https://*.tiktokcdn-us.com https://connect.facebook.net https://cdn.userway.org https://*.chameleon.io https://calendly.com https://*.calendly.com; object-src 'none'; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ connect.facebook.net e.issuu.com emailmeform.com facebook.com google.com google-analytics.com gstatic.com https://search.petprofessionalguild.com m.facebook.com platform.linkedin.com platform.twitter.com pressroom.prlog.org sentry.issuu.com socialplugin.facebook.net stats.g.doubleclick.net web.facebook.com widget.apricotmaps.com wildapricot2.uservoice.com www.emailmeform.com www.prlog.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
connect-src https://region1.analytics.google.com 'self' wss://authenticatie.vlaanderen.be wss://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgets.burgerprofiel.vlaanderen.be wss://contactapi.vlaanderen.be https://contactapi.vlaanderen.be 	https://www.google-analytics.com *.vlaanderen.be *.vrijwilligerswerk.be *.algolianet.com *.algolianet.net *.algolia.net *.lcp.be *.genk.be *.embed.deburen.tv *.icordis.be *.flourish.studio *.adobe.com *.curator.io *.cumul.io *.burgerprofiel.be *.matomo.cloud *.wistia.com wistia.com *.glitch.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io ; frame-src  'self' *.icordis.be *.iamfas.belgium.be *.google.com *.vimeo.com  *.youtube.com https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.frontend.burgerprofiel.vlaanderen.be	https://authenticatie.vlaanderen.be	https://idp.iamfas.belgium.be *.flexmail.eu *.vrijwilligerswerk.be *.issuu.com embed.deburen.tv *.genk.be *.flourish.studio *.adobe.com *.soundcloud.com *.curator.io gift2give.be *.cumul.io flo.uri.sh genk.incijfers.be *.chkmkt.com *.facebook.com https://vimeo.com *.matomo.cloud *.wistia.com wistia.com button.glitch.me *.wistia.net https://sketchfab.com; img-src	'self' data: *.genk.be *.matomo.cloud *.tile.openstreetmap.org *.ytimg.com *.icordis.be https://prod.widgets.burgerprofiel.vlaanderen.be https://prod.widgetconfigservice.burgerprofiel.vlaanderen.be	*.google-analytics.com *.google.be *.google.com *.g.doubleclick.net *.algolianet.com *.flourish.studio *.flourish.rocks *.adobe.com *.soundcloud.com *.curator.io gift2give.be *.amazonaws.com  https://scontent-iad3-1.xx.fbcdn.net  *.fbsbx.com *.osm.be *.cumul.io flo.uri.sh genk.incijfers.be https://vimeo.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net wistia.com button.glitch.me; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.genk.be *.lcp.be *.icordis.be *.google-analytics.com *.google.be https://prod.widgets.burgerprofiel.vlaanderen.be *.vrijwilligerswerk.be *.algolianet.com *.algolianet.net *.issuu.com *.flourish.studio *.flourish.rocks *.curator.io *.cumul.io flo.uri.sh genk.incijfers.be connect.facebook.net *.facebook.com  www.googletagmanager.com *.matomo.cloud *.wistia.com wistia.com *.wistia.net button.glitch.me; worker-src 'self' https://prod.widgets.burgerprofiel.vlaanderen.be *.vlaanderen.be *.adobe.com *.soundcloud.com *.cumul.io flo.uri.sh blob: 1
frame-ancestors 'self' concerto.1naturalway.com:8383; 1
frame-ancestors 'self' online.eccmid.org *.eccmid.org; 1
default-src 'self' blob:;connect-src 'self' blob: https://*.firebaseio.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com *.githubusercontent.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.gstatic.com https://*.firebaseapp.com;script-src-elem 'self' 'unsafe-inline' data: https://*.google.com https://www.gstatic.com https://*.firebaseapp.com https://*.googletagmanager.com https://*.google-analytics.com;img-src 'self' blob: data: https://ik.imagekit.io/ *.googletagmanager.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com;frame-ancestors 'self';font-src 'self' https://*.gstatic.com;frame-src 'self' blob: https://*.google.com https://faic-website.firebaseapp.com/;object-src 'self' blob: https://*.google.com https://faic-website.firebaseapp.com/;worker-src 'self' blob:; 1
img-src data: https://*.lrukforums.com https://cdn.jsdelivr.net https://giphy.com https://*.giphy.com 1
base-uri 'self'; frame-ancestors 'self' *.rentsync.com *.rentsync.dev; object-src 'none'; script-src 'self' 'strict-dynamic' 'nonce-hSCzqqzl+hDpkUI9kY4X9Q=='; 1
object-src 'none'; media-src https: data: mediastream: blob: filesystem:; img-src https: data: mediastream: blob: filesystem: 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleadservices.com *.googleads.g.doubleclick.net *.googleoptimize.com *.google-analytics.com *.youtube.com track.adform.net s2.adform.net *.facebook.net *.googleapis.com *.google.es *.facebook.com *.googletagmanager.com *.static.hotjar.com *.hotjar.com *.hotjar.io *.cdn.cookielaw.org *.clarity.ms *.linkedin.com *.vimeo.com *.zohopublic.com *.licdn.com *.zoho.com *.onetrust.com *.zohostatic.com *.zohocdn.com *.cloudflare.com *.cookielaw.org *.microsoft.com *.google.com *.recaptcha.net *.doubleclick.net;object-src 'self' 1
default-src 'self' * data: 'unsafe-eval' 'unsafe-inline' blob:  https://www.googletagmanager.com https://www.google.com/ https://www.google-analytics.com  data: gap: https://ssl.gstatic.com https://www.gstatic.com; script-src 'self' https://cdn.jsdelivr.net https://gd.geobytes.com https://tags.crwdcntrl.net https://www.gstatic.com  https://www.googleoptimize.com https://www.gstatic.com * https://www.google-analytics.com http://cdn.taboola.com http://ajax.googleapis.com https://www.googletagmanager.com https://trc.taboola.com https://www.google.com https://cdnjs.cloudflare.com https://cds.taboola.com *   https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.css 'unsafe-inline' 'unsafe-eval' https://cdn.taboola.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.mahindramanulife.com *.youtube.com *.cdnjs.cloudflare.com https://gd.geobytes.com https://use.fontawesome.com/552df102e9.js https://connect.facebook.net/en_US/fbevents.js https://apis.google.com/js/platform.js http://widgets.in.webengage.com/js/webengage-min-v-6.0.js https://googleads.g.doubleclick.net * https://ajax.googleapis.com https://unpkg.com https://www.googleoptimize.com  https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://sdki.truepush.com https://cdnjs.cloudflare.com http://www.googletagmanager.com http://www.google.com https://pagecdn.io/lib/jquery-cookie/v1.4.1/jquery.cookie.js http://cdnjs.cloudflare.com https://cdn.jsdelivr.net data: blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.googletagmanager.com *.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css https://use.fontawesome.com * http://c.in.webengage.com * https://docs.google.com * docs.google.com * https://wsdk-files.in.webengage.com * https://chatbot.mahindramanulife.com *; worker-src 'self' * data: blob: gap: 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self'  https://tags.crwdcntrl.net https://www.googletagmanager.com  https://sdki.truepush.com https://trc.taboola.com  http://tr.outbrain.com * https://www.google.com https://cdnjs.cloudflare.com https://apis.google.com https://www.google.co.in https://www.google-analytics.com https: data:; media-src 'self' data:; connect-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 1
script-src 'self' assets.ethcocdn.com 'nonce-GpIz7XYMhfp0ujp7Rq2/YeEdlLlj/+kam2yoLvzCHXc=' *.googletagmanager.com a.eth.co js.hcaptcha.com; style-src 'self' assets.ethcocdn.com 'unsafe-inline'; img-src 'self' assets.ethcocdn.com blob: data: *.ethcocdn.com *.google-analytics.com *.googletagmanager.com i.seadn.io pbs.twimg.com https://explorer-api.walletconnect.com eth.info; media-src 'self' assets.ethcocdn.com *.ethcocdn.com; font-src 'self' assets.ethcocdn.com data:; connect-src 'self' assets.ethcocdn.com wss://eth.co *.ethcocdn.com *.xmtp.network *.google-analytics.com *.analytics.google.com *.googletagmanager.com a.eth.co sentry.ethco.us cloudflare-eth.com wss://*.walletlink.org wss://*.walletconnect.org wss://*.walletconnect.com https://explorer-api.walletconnect.com 1
frame-ancestors 'self' https://seekbeak.com https://th-ab.expo-ip.com https://www.profi4project.com https://kundenportal.pass-consulting.com https://mailings.pass-consulting.com https://media.pass-consulting.com; 1
default-src 'self' 'unsafe-inline';img-src 'self' data: *;frame-src 'self' http://* https://* 1
default-src 'self' https://newgofalp.brightpattern.com https://www.google-analytics.com https://*.crazyegg.com https://www.youtube.com https://*.institutoncologicofalp.cl https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ; img-src 'self' https: data: blob ; style-src 'self' 'unsafe-inline' https:;font-src 'self' https:; frame-src https:; object-src 'self'; 1
img-src 'self' https://i3.wp.com; frame-src 'self'; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://cdn.statically.io; script-src 'self'; form-action 'self'; connect-src 'self' https://analytics.assortedscans.com; base-uri 'none'; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.statically.io; manifest-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src 'self' https://use.fontawesome.com data: fonts.gstatic.com use.typekit.net; style-src * 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.google.com *.facebook.com *.google.ro *.googleadservices.com stats.g.doubleclick.net; 1
upgrade-insecure-requests; form-action 'none'; base-uri 'none'; default-src 'none'; frame-ancestors 'none'; frame-src https://pay.abcrcm.com app.pendo.io; connect-src 'self' https://secure.abcrcm.com app.pendo.io data.pendo.io pendo-static-5681528900550656.storage.googleapis.com; font-src https://cdn.abcrcm.com; img-src 'self' https://cdn.abcrcm.com app.pendo.io data.pendo.io cdn.pendo.io; script-src 'strict-dynamic' 'nonce-+LmPofYtqiraFdsBWiV6eg==' 'sha256-Vms/FSTXaPgEZuwDHPTSdIa8XKTN6aGKqZCPhGmz7SI=' 'sha256-wflbf2O0HLqRZsgAquWNorA/8Vkb1/Dp0R/TpPCnGKc=' https://cdn.abcrcm.com; style-src 'self' https://cdn.abcrcm.com app.pendo.io cdn.pendo.io pendo-static-5681528900550656.storage.googleapis.com 'unsafe-hashes' 'sha256-C7vpsE1KLI7RuUgCprJTQZin6dWK+ccynbOx+OqjVow=' 'sha256-tbWZ4NP1341cpcrZVDn7B3o9bt/muXgduILAnC0Zbaw=' 'sha256-Y/huXlwoYkVyQlxwSVcCi1RCDGDCSVBzDt0hYP9qlTc='; manifest-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-7C4vCmyeEitm1Xmq2Rir+GKoRkaLbb5uPFJNDB8S0n+rkti4' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-cab1fc3c84c178103b0654a1ecedde8e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.suporteone.com; script-src 'self' *.suporteone.com https://www.gstatic.com https://www.google.com https://privacidade.widget.milvus.com.br https://chat.api.milvus.com.br https://www.youtube.com https://privacidade.api.milvus.com.br https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.suporteone.com https://cdn.milvus.com.br https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; style-src 'self' *.suporteone.com https://fonts.googleapis.com https://cdn.milvus.com.br 'unsafe-inline'; connect-src https://formoid.net https://stats.g.doubleclick.net https://www.google-analytics.com https://privacidade.api.milvus.com.br; frame-src https://www.google.com https://www.facebook.com https://www.youtube.com https://chat.widget.milvus.com.br; 1
upgrade-insecure-requests;  default-src 'self' https: http:;script-src 'self'  'unsafe-inline' 'unsafe-eval' https: http:;style-src 'self' https: 'unsafe-inline';img-src 'self' https: data: http:;font-src 'self' https: data: http: 'unsafe-inline';connect-src 'self' https: http:;form-action 'self'; object-src 'self';report-uri /WebResource.axd?cspReport=true 1
default-src https://pos.gosuslugi.ru  https://ntagil300.ru https://fonts.bitrix24.ru https://stat.sputnik.ru/ 'self'; script-src https://pos.gosuslugi.ru  https://stat.sputnik.ru/cnt.js https://*.maps.yandex.net https://api-maps.yandex.ru https://*.api-maps.yandex.ru https://yastatic.net/ https://www.youtube.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://pos.gosuslugi.ru https://fonts.bitrix24.ru 'self' 'unsafe-inline'; img-src https://ntagil.org/ https://stat.sputnik.ru/ https://cnt.sputnik.ru/ https://pos.gosuslugi.ru https://*.yandex.ru https://*.maps.ya https://core-renderer-tiles.maps.yandex.net https://yandex.ru/ https://i.ytimg.com/ https://img.youtube.com/ blob: data: 'self'; frame-src https://yandex.ru https://www.ntagil.org https://pos.gosuslugi.ru  https://ntagil300.ru https://www.youtube.com/ https://cam.ntks.ru https://ntagil.org 'self'; font-src https://pos.gosuslugi.ru https://fonts.bitrix24.ru data: 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://amysmartgirls.com https://*.amysmartgirls.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' http://www.cookwithknorr.com forms-us.unileversolutions.com 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com  https://stats.g.doubleclick.net; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self'; img-src 'self' https://translate.googleapis.com https://www.gstatic.com https://www.google.com  https://vortex.accuweather.com  https://www.google.co.in data:;media-src 'self';object-src 'self'; script-src 'self' https://oap.accuweather.com https://www.gstatic.com https://www.accuweather.com https://vortex.accuweather.com https://www.gstatic.com http://www.accuweather.com http://www.google-analytics.com http://translate.google.com https://translate.googleapis.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://translate.googleapis.com https://translate.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://vortex.accuweather.com 'unsafe-inline'; 1
base-uri 'none';connect-src 'self' https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;default-src 'none';form-action 'self';img-src 'self' *.ytimg.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com data: https: https://*.google-analytics.com https://*.googletagmanager.com;media-src 'none';object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;script-src *.youtube.com s.ytimg.com *.youtube-no-cookie.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' https://www.gstatic.com;frame-src *.youtube.com *.youtube-no-cookie.com *.ytimg.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net 'self' https://www.google.com;style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';frame-ancestors 'self';manifest-src 'self' 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
img-src 'self' 'unsafe-inline' data: *.google-analytics.com *.olark.com cpnp.org *.facebook.com s.cpnp.net aapp.org https://aappf.org vimeo.com *.site.com aapp.freestonelms.com *.aapp.org 1
frame-ancestors *.donorlead.net https://crm.aa-naf.net/bbAppFx_Prod/webui/webshellpage.aspx https://idc-bb-prod/bbAppFx/webui/webshellpage.aspx https://idc-bb-dev/bbAppFx/webui/webshellpage.aspx https://host.nxt.blackbaud.com https://dsellucianappprod.dsnxapi.net https://app.donorsnap.com/Login.aspx https://darcrm.miami.edu/bbappfx/webui/webshellpage.aspx https://darcrmstg.miami.edu/bbappfx/webui/webshellpage.aspx; default-src: 'self' 1
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.belmontstakes.com https://belmontstakes.com https://*.belmontstakesbets.com 'self' https://belmontstakesbets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-belmontstakesbets.com https://test02-belmontstakesbets.com https://*.gbe.global https://gbe.global; 1
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval' data:; object-src 'none'; form-action 'self' https://pagos.tarjetasmas.cl https://webpay3g.transbank.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://transbank.webpay.cl https://webpay3g.transbank.cl https://static.hotjar.com *.facebook.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl pagos.tarjetasmas.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' staticresourcesfiles.blob.core.windows.net connect.facebook.net *.hotjar.com *.optimonk.com *.gstatic.com *.google.com *.cloudfront.net *.mypurecloud.com *.googleoptimize.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com *.dynamicyield.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com; img-src 'self' staticresourcerfsc.blob.core.windows.net i.ibb.co www.architecturaldigest.in staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.mypurecloud.com *.agilitycms.com *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com *.dynamicyield.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report-endpoint/ 1
default-src unisys.net.nz *.unisys.net.nz www.mudwigglefarm.com; script-src 'unsafe-inline'; style-src 'unsafe-inline'; worker-src  *.unisys.net.nz www.mudwigglefarm.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com cdn.livechatinc.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.co.uk cdn.livechat-static.com px.ads.linkedin.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2jmgrjdiqudb5&partner=; 1
frame-ancestors 'self' dg-test-cobrowsing.azurewebsites.net dg-prod-cobrowsing.azurewebsites.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: maps.googleapis.com geodata.nationaalgeoregister.nl *.azurewebsites.net http://dg-prod-cobrowsing.azurewebsites.net/lib/component/cobrowsing.client.js *.tile.openstreetmap.org maps.googleapis.com www.youtube.com s.ytimg.com *.googletagmanager.com www.google-analytics.com static.hotjar.com script.hotjar.com tagmanager.google.com www.google.com www.gstatic.com optimize.google.com https://snap.licdn.com https://bat.bing.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://www.googleadservices.com https://googleads.g.doubleclick.net googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.pingvp.com https://connect.facebook.net/en_US/fbevents.js *.facebook.com *.fbcdn.net *.facebook.net https://*.clarity.ms https://c.bing.com  *.goudse.nl *.dezeeuwse.nl meekijken.goudse.nl *.linkedin.oribi.io *.linkedin.com https://connect.facebook.net/.* https://*.clarity.ms;style-src 'self' 'unsafe-inline' geodata.nationaalgeoregister.nl dg-test-cobrowsing.azurewebsites.net dg-prod-cobrowsing.azurewebsites.net *.tile.openstreetmap.org fonts.googleapis.com tagmanager.google.com *.googletagmanager.com/debug www.google.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https://connect.facebook.net/en_US/fbevents.js *.facebook.com *.fbcdn.net *.facebook.net *.pingvp.com *.bing.com *.goudse.nl *.dezeeuwse.nl meekijken.goudse.nl *.linkedin.oribi.io *.linkedin.com https://connect.facebook.net/.* https://*.clarity.ms;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com geodata.nationaalgeoregister.nl maps.googleapis.com dg-test-cobrowsing.azurewebsites.net dg-prod-cobrowsing.azurewebsites.net *.azurewebsites.net *.tile.openstreetmap.org maps.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com *.googletagmanager.com www.google-analytics.com *.google.com ssl.gstatic.com www.gstatic.com optimize.google.com static.hotjar.com script.hotjar.com region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com www.google.nl *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://connect.facebook.net/en_US/fbevents.js https://*.g.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net https://*.clarity.ms https://c.bing.com *.ads.linkedin.com *.linkedin.com *.pingvp.com *.bing.com  *.goudse.nl *.dezeeuwse.nl meekijken.goudse.nl *.linkedin.oribi.io *.linkedin.com https://connect.facebook.net/.* https://*.clarity.ms;connect-src 'self' *.googleapis.com region1.google-analytics.com region1.analytics.google.com *.google-analytics.com *.analytics.google.com *.google.com dg-test-cobrowsing.azurewebsites.net dg-prod-cobrowsing.azurewebsites.net https://*.hotjar.com *.googletagmanager.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://dc.services.visualstudio.com *.visualwebsiteoptimizer.com app.vwo.com stats.g.doubleclick.net https://*.g.doubleclick.net https://connect.facebook.net/en_US/fbevents.js *.linkedin.oribi.io *.facebook.com *.fbcdn.net *.facebook.net *.pingvp.com *.bing.com  *.goudse.nl *.dezeeuwse.nl meekijken.goudse.nl *.linkedin.oribi.io *.linkedin.com https://connect.facebook.net/.* https://*.clarity.ms; 1
frame-ancestors 'self' toyotarp.com www.toyotarp.com; 1
default-src 'self' *.msgfocus.com *.fontawesome.com https://placeimg.com https://digital.autocare.org https://autocarevip.com https://api.mapbox.com https://unpkg.com/ *.autocareadvocacy.org *apps.autocare.org *.hotjar.com *.addevent.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com https://static.elfsight.com; script-src 'self' *.msgfocus.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com *.feathr.co apis.google.com https://snap.licdn.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://kit.fontawesome.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://unpkg.com https://creativecommons.org https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js *.apps.autocare.org https://public.flourish.studio *.hotjar.com https://acsbapp.com https://extend.vimeocdn.com https://apps.autocare.org/iFrameResizer/iframeResizer.min.js https://apps.autocare.org/iFrameResizer/main.js *.autocareadvocacy.org *.addevent.com *acsbapp.com; style-src 'self' *.msgfocus.com 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com https://www.autocare.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://apps.autocare.org/iFrameResizer/style.css https://kit.fontawesome.com/4c9f09c5bb.js *.autocareadvocacy.org *.hotjar.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com; font-src 'self' *.msgfocus.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com *.hotjar.com https://acsbapp.com https://cdn.acsbapp.com; img-src 'self' *.msgfocus.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.linkedin.com *.feathr.co *.adsrvr.org *.adsymptotic.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com *.eloqua.com track.hubspot.com https://api.mapbox.com https://public.flourish.studio/resources/made_with_flourish.svg *.hotjar.com *.acsbapp.com https://acsbapp.com https://cdn.acsbapp.com picsum.photos *.picsum.photos; media-src 'self' *.msgfocus.com data: blob: *.fontawesome.com *.youtube.com https://kit.fontawesome.com/4c9f09c5bb.js; frame-src 'self' *.msgfocus.com *.vimeo.com *.youtube.com https://www.youtube-nocookie.com https://autocare.guerrillaeconomics.net https://autocare-test.guerrillaeconomics.net https://www.autocare.org https://www.google.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://www.autocare.org/externalapps/map/autocarecountries.js https://cdn.knightlab.com/libs/timeline3/latest/embed/index.html https://apps.autocare.org/DataTables/dataTable.html *apps.autocare.org *.autocareadvocacy.org https://sit.autocarevip.com/RepMatch https://kuula.co https://www.autocarevip.com/RepMatch https://flo.uri.sh https://survey.alchemer.com https://public.flourish.studio/resources/embed.js https://apps.autocare.org/DataTables/dataDictionary.html *.hotjar.com https://apps.autocare.org/DataTables/persona.html *.hotjar.com *.addevent.com https://acsbapp.com https://13bae2c7b7ce4384818a2c0b74e79696.elf.site; child-src 'self' *.msgfocus.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org *.addevent.com https://acsbapp.com; connect-src 'self' *.msgfocus.com accounts.google.com *.feathr.co *.doubleclick.net https://*.insight.sitefinity.com https://www.youtube-nocookie.com https://*.dec.sitefinity.com *.mktoresp.com *.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org https://autocarevip.com https://cdn.acsbapp.com *.hotjar.com *.addevent.com *.acsbapp.com https://acsbapp.com; 1
frame-ancestors 'self' https://southernmostresort.hotelwifi.com/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-8wUJ6cWmfEJ87fBijKrLXiTE4q3vh0sMymaldzuSBEsl9jBM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src https://* data: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com w.sharethis.com ws.sharethis.com;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com ws.sharethis.com;img-src 'self' www.google-analytics.com l.sharethis.com ws.sharethis.com;media-src 'none';frame-src 'self' vimeo.com player.vimeo.com ws.sharethis.com c.sharethis.mgr.consensu.org;font-src 'self' fonts.gstatic.com;connect-src 'self' www.google-analytics.com l.sharethis.com;base-uri 'self';child-src 'self';form-action 'self';frame-ancestors 'none';plugin-types application/pdf 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MjQxZGY3ZjFkNGE0NDJlNGI0YmRmNDJlOWE4ZDQ0ZWI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-+d8/2fQJ2CeXwRnfeAz/IbHQP8GANJJrTTeTEb0UDRImRspY' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-request 1
frame-ancestors 'self' https://media.sakky.fi/; report-uri /report-csp-violation 1
connect-src 'self' www.google-analytics.com in.hotjar.com; default-src 'self' www.clinicalskills.net; img-src login.openathens.net 'self' www.clinicalskills.net data:; child-src vars.hotjar.com www.youtube.com; style-src fonts.googleapis.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'self' data: ; script-src www.clinicalskills.net www.google-analytics.com static.hotjar.com script.hotjar.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-WHYJW5Yw2M3dP7fWUcLMTkI4ZZveqEWDrxTZRV4ein6B030C' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors *.sudameapteek.ee 1
style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://chat.vizir.co/ https://widget.parative.com/ https://vfs73ghowd.execute-api.us-west-2.amazonaws.com/;font-src 'self' https://fonts.gstatic.com/ data: blob: 'unsafe-inline';script-src 'unsafe-eval' 'unsafe-inline' 'self' https://platform.twitter.com/ https://chat.vizir.co/ https://widget.parative.com/ https://vfs73ghowd.execute-api.us-west-2.amazonaws.com/ https://tag.aticdn.net/ https://eum.instana.io/ 1
default-src 'self' 'unsafe-inline' https://www.google.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.css https://www.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com http://a.tile.openstreetmap.org http://b.tile.openstreetmap.org http://c.tile.openstreetmap.org https://cms.kftd.co.id https://unpkg.com https://www.googletagmanager.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-cc0d1d100f2efc8345534fd0ce0834f8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; base-uri https://resources.usersnap.com; connect-src 'self' https://widget.usersnap.com 'nonce-AAAAAEjOa2o='; frame-src https://readiant.app; font-src https://static.schoolsupport.nl https://resources.usersnap.com; img-src https://static.schoolsupport.nl https://thumbnails.webforclassrooms.com https://thumbnails.wizenoze.com https://resources.usersnap.com; form-action 'self'; frame-ancestors 'none'; script-src https://static.schoolsupport.nl https://resources.usersnap.com https://widget.usersnap.com 'nonce-AAAAAEjOa2o='; style-src https://static.schoolsupport.nl https://resources.usersnap.com 'nonce-AAAAAEjOa2o=' 1
script-src 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-/DYl551xxB2WLJonQubLsHTvMjBJOkfnD3gBsXl9lKIIGrXN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://code.jquery.com https://cdn.jsdelivr.net  https://*.google.com ; connect-src 'self' https://mc.yandex.ru ; img-src * data: ; font-src * data: ; media-src games.unite-gaming.com 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' data: ; style-src 'self' https://fonts.googleapis.com  https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' https://fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' data:  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nurseryadmin.com *.parentadmin.com *.staffadmin.uk *.googleapis.com *.gstatic.com *.highcharts.com *.gocardless.com *.google-analytics.com *.youtube.com  *.bootstrapcdn.com data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gtm.com *.googletagmanager.com *.jsdelivr.net *.google.com *.gstatic.com *.facbook.com *.facebook.net *.google-analytics.com *.clarity.ms *.kenyt.ai 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com www.gstatic.com connect.facebook.net googleads.g.doubleclick.net td.doubleclick.net www.youtube.com www.googleadservices.com images.dmca.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; img-src 'self' data: www.googletagmanager.com www.google-analytics.com www.google.com www.google.com.vn i.ytimg.com img.youtube.com www.facebook.com images.dmca.com googleads.g.doubleclick.net static.xx.fbcdn.net; frame-src www.googletagmanager.com www.google.com www.youtube.com td.doubleclick.net googleads.g.doubleclick.net www.facebook.com web.facebook.com; font-src 'self'; connect-src 'self' *.google.com google.com *.google.com.vn google.com.vn www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.youtube.com;  style-src 'self' 'unsafe-inline'; object-src 'none'; frame-src 'self' https://www.youtube.com; img-src 'self' https://img.youtube.com/ https://pricing.ittcannon.com https://i.ytimg.com/ https://picsum.photos/ https://ittcannon.canto.com https://d3opzdukpbxlns.cloudfront.net https://www.google-analytics.com https://px.ads.linkedin.com https://www.ittcannon.com https://www.googletagmanager.com data:; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.coM https://snap.licdn.com https://www.youtube.com https://www.googletagmanager.com; connect-src 'self' https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google-analytics.com https://cdn.linkedin.oribi.io; font-src 'self'; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.standard-club.com/?eID=error 1
base-uri 'self'; default-src https: wss://*.hotjar.com 'self'; font-src https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com 'self'; form-action https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com 'self'; frame-ancestors 'self'; frame-src https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.freshdesk.com https://*.freshworks.com https://*.google.com https://*.hotjar.com https://*.stripe.com https://*.trustpilot.com https://*.youtube.com 'self'; img-src https: 'self'; media-src 'none'; object-src 'none'; script-src https://*.algolia.net https://*.algolianet.com https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.freshdesk.com https://*.freshworks.com https://*.google.com https://*.google-analytics.com https://*.googlecommerce.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ideal-postcodes.co.uk https://*.onetrust.com https://*.stripe.com https://*.tiny.cloud https://*.tinymce.com https://*.trustpilot.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://showerspares.report-uri.com/r/d/csp/enforce 1
default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob:; child-src https: blob:; style-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline'; font-src https:; object-src blob: 'self'; base-uri 'none'; frame-ancestors 'self'; connect-src blob: 'self' www.google-analytics.com analytics.metropolnet.cz; frame-src 'self' www.usti.cz *.youtube.com *.vimeo.com *.google.com *.mapy.cz *.usti-nad-labem.cz hlasenirozhlasu.cz *.usti.cz *.strekov.cz *.mag-ul.cz *.matterport.com; 1
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://*.playertec.de https://api.siteimprove.com; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at; frame-ancestors https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; child-src blob:; 1
default-src 'self'; connect-src *; font-src 'self' dmle128v1x6xv.cloudfront.net data:; frame-src 'self' *.youtube.com *.youtube-nocookie.com stadaarz.sharepoint.com login.doccheck.com *.linkedin.com *.google.com; img-src 'self' dmle128v1x6xv.cloudfront.net *.juicer.io dashboard.umbraco.org maps.googleapis.com maps.gstatic.com *.clarity.ms *.bing.com *.google-analytics.com app.usercentrics.eu *.twimg.com *.xx.fbcdn.net *.googletagmanager.com data:; media-src 'self' dmle128v1x6xv.cloudfront.net; object-src *; script-src 'self' dmle128v1x6xv.cloudfront.net  ajax.aspnetcdn.com app.usercentrics.eu maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.clarity.ms *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src 'self' dmle128v1x6xv.cloudfront.net; 1
default-src 'self' 'unsafe-inline' *.earpros.com *.googlesyndication.com www.facebook.com www.youtube-nocookie.com amplifon.demdex.net i.ytimg.com; connect-src 'self' *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.showmetheresource.com *.amplifoninternal.com *.trksis.com aem-americas.earpros.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net aem-apac.earpros.com amplifongroup.tt.omtrdc.net www.facebook.com smetrics.earpros.com www.google-analytics.com stats.g.doubleclick.net trc-events.taboola.com amplifon.d3.sc.omtrdc.net www.youtube-nocookie.com r2---sn-8vq54voxpu-hm26.googlevideo.com r2---sn-hpa7kn7s.googlevideo.com dpm.demdex.net aem-emea.earpros.com bat.bing.com trc.taboola.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.criteo.net *.criteo.com *.trksis.com *.doubleclick.net showmetheresource.com *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net assets.adobedtm.com smetrics.earpros.com www.google-analytics.com bat.bing.com amplify.outbrain.com connect.facebook.net www.googletagmanager.com www.googleadservices.com cdn.taboola.com trc.taboola.com googleads.g.doubleclick.net www.youtube.com www.youtube-nocookie.com www.google.com tr.outbrain.com amplifon.d3.sc.omtrdc.net; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.ub-assets.com fonts.googleapis.com www.youtube-nocookie.com; img-src 'self' *.earpros.com *.keyxel.com *.g2afse.com *.googlesyndication.com maps.googleapis.com maps.gstatic.com *.adnxs.com *.bidswitch.net *.omnitagjs.com *.casalemedia.com *.dmxleo.com *.360yield.com *.criteo.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.advertising.com *.yahoo.com *.yieldlab.net *.criteo.net *.postimg.cc *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.googleadservices.com bat.bing.com tr.outbrain.com p1.zemanta.com www.facebook.com cds.taboola.com www.google.com www.google.it i.ibb.co googleads.g.doubleclick.net www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com cm.everesttech.net dpm.demdex.net www.googletagmanager.com www.google-analytics.com trc.taboola.com data:; frame-src 'self' *.earpros.com *.googlesyndication.com *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com www.youtube-nocookie.com www.google.com amplifon.demdex.net www.facebook.com antevenio-it.com; font-src 'self' *.ub-assets.com fonts.gstatic.com; 1
default-src 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://*.klaviyo.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://*.intellimize.co https://*.google.com https://ajax.googleapis.com https://*.cloudfront.net https://*.tawk.to https://*.hotjar.com https://*.shopperapproved.com https://*.google-analytics.com https://*.facebook.net https://secure.trust-provider.com https://iprecon.iglobalstores.com https://bat.bing.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.sessioncam.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://*.googlesyndication.com https://cdn.cardknox.com https://apis.google.com https://*.klaviyo.com https://*.clarity.ms https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://seal.digicert.com https://static-na.payments-amazon.com; script-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://connect.facebook.net https://secure.trust-provider.com https://bat.bing.com https://*.google-analytics.com https://www.googletagmanager.com https://*.shopperapproved.com https://*.google.com https://iprecon.iglobalstores.com https://*.hotjar.com https://*.tawk.to https://*.cloudfront.net https://ajax.googleapis.com https://maps.googleapis.com https://*.intellimize.co https://www.googleadservices.com https://*.sessioncam.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://platform.twitter.com https://cdn.cardknox.com https://tpc.googlesyndication.com https://*.klaviyo.com https://*.clarity.ms https://www.googleoptimize.com https://optimize.google.com https://seal.digicert.com/seals/cascade/seal.min.js https://static-na.payments-amazon.com https://cdnjs.cloudflare.com https://cdn.usefathom.com https://cdn.equalweb.com https://access.equalweb.com; style-src 'unsafe-inline' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.google.com https://*.typekit.net; style-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.typekit.css https://*.typekit.net https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://access.equalweb.com; connect-src 'self' https://*.tigerchef.com https://bat.bing.com https://*.tawk.to wss://*.tawk.to https://*.intellimize.co https://*.hotjar.com https://*.hotjar.io https://*.sessioncam.com https://*.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.google.com https://ajax.googleapis.com https://*.klaviyo.com https://*.clarity.ms https://maps.googleapis.com https://apay-us.amazon.com https://*.equalweb.com/; img-src 'self' data: blob: https:; font-src 'self' data: https:; frame-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://accessibe.com https://acsbapp.com https://*.acsbapp.com https://acsbap.com https://*.acsbap.com; media-src https://*.tawk.to; child-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://accessibe.com;  report-uri /csp_reporting.php?type=enforce 1
base-uri 'self'; default-src 'self'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com  www.ssa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.ssa.gov *.airtable.com airtable.com *.khronos.org www.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.ssa.gov unpkg.com use.fontawesome.com fonts.googleapis.com *.khronos.org www.googletagmanager.com; frame-ancestors 'self'; img-src data: 'self' www.ssa.gov *.khronos.org *.gravatar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src 'self' airtable.com *.airtable.com www.youtube.com; object-src data:; connect-src blob: 'self' *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net; form-action 'self'; font-src data: 'self' use.fontawesome.com fonts.gstatic.com; connect-src blob: 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 1
default-src 'self' https://www.hofvantwente.nl/;connect-src 'self' https://log.prezi.com/ https://chatapi.obi4wan.com/ https://bots.obi4wan.com/api/public/ https://s3.eu-central-1.amazonaws.com/obistatic/ wss://ws-eu.pusher.com/ https://sockjs-eu.pusher.com https://cloudstatic.obi4wan.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.eu-central-1.amazonaws.com/obistatic/ https://d2y613pujgeg9g.cloudfront.net/ https://js.pusher.com/ https://stats.pusher.com/ https://prezi-a.akamaihd.net/ https://*.google-analytics.com/ https://maps.googleapis.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://cloudstatic.obi4wan.com/ https://public.tableau.com/ https://siteimproveanalytics.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://prezi-a.akamaihd.net/;img-src 'self' data: https://*.google-analytics.com/ https://maps.gstatic.com/ https://*.googleapis.com/ https://csi.gstatic.com/ https://*.static.prezi.com/ https://s3-eu-west-1.amazonaws.com/obipub/ https://public.tableau.com/ https://obistatic.s3.eu-central-1.amazonaws.com/bots/img/ https://*.global.siteimproveanalytics.io/; font-src 'self' https://fonts.gstatic.com/ https://prezi-a.akamaihd.net/; frame-src 'self' https://prezi.com/ https://*.googletagmanager.com/ https://www.google.com/ https://maps.google.com/ https://player.vimeo.com/ https://www.youtube.com https://gem-hvt.maps.arcgis.com/ https://public.tableau.com/; 1
default-src 'self' data: blob: https://vk.com https://informer.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; img-src 'self' data: https://vk.com https://mc.yandex.com https://informer.yandex.ru https://mc.yandex.ru; connect-src 'self' https://mc.yandex.ru https://mc.yandex.com; child-src blob: https://mc.yandex.ru; frame-src blob: https://login.vk.com https://vk.com https://mc.yandex.ru https://mc.yandex.md; script-src 'self' 'unsafe-inline' https://vk.com https://informer.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src *; img-src 'self' https://bat.bing.com https://www.googleadservices.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.at https://www.google.de https://img.youtube.com https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://*.img.eurofunv2-prod.px.at https://img.eurobike.at https://img.eurohike.at https://img.velociped.de https://img.eurofun-touristik.at https://img.eurotrek.ch https://img.activescandinavia.com  data:; script-src 'self' https://booking4.velociped.de https://booking4.eurobike.at https://booking4.eurohike.at https://bat.bing.com https://cdn1.legalweb.io https://*.youtube.com https://www.google.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://booking4.velociped.de https://booking4.eurobike.at https://booking4.eurohike.at https://booking4.eurotrek.ch https://booking4.activescandinavia.com https://cdn1.legalweb.io https://www.facebook.com https://tagmanager.google.com https://www.gstatic.com https://www.google-analytics.com https://fast.fonts.net https://fonts.googleapis.com 'unsafe-inline' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com data:; frame-ancestors 'self' 1
base-uri 'none'; connect-src 'self' https://www.google-analytics.com; default-src 'none'; frame-ancestors 'none'; frame-src https://www.google.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; img-src 'self' https://www.google-analytics.com data:; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js data:; style-src 'self' 'unsafe-inline' 1
default-src 'self';connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.smartlook.com https://*.smartlook.cloud;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://platform.twitter.com https://www.youtube.com https://m.youtube.com;media-src 'self';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://syndication.twitter.com https://seal.godaddy.com https://i.ytimg.com https://img.youtube.com;script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://platform.twitter.com https://seal.godaddy.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-eval';style-src 'self' 'unsafe-inline';object-src 'none';form-action 'self' https://weldersupply.us15.list-manage.com;frame-ancestors 'self';worker-src blob:;manifest-src 'self';upgrade-insecure-requests ; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://noembed.com/embed https://api.marker.io/ https://s3.eu-west-1.amazonaws.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/api2/ https://issuu.com/eurowijs/; form-action 'self'; img-src 'self' data: https://s3.eu-central-1.amazonaws.com/static.eurowijs.nl/ https://static.eurowijs.nl/ https://eurowijs.imgix.net/ https://i.ytimg.com/vi/; manifest-src 'self'; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/npm/lazyframe/dist/lazyframe.min.js https://www.googletagmanager.com/gtm.js 'sha256-CLV0YUlDGt2uW7JfO8qNyI/4GYa7ZeesvgE2e3p3jIU=' 'sha256-+rsKjzctlsbYTs9iJOpHgEeV/bzn+K3ASAUQVQ7A7OY=' 'sha256-UhiPwQwv7ms3ZSgaonxPo+3rvty8lKcIflwh/Jqf9Qk=' 'sha256-9Hxfb+KHbQ5Y+52CWqlfD21nURbKo+oD8tNf4d6R/XU='; style-src 'self' https://cdn.jsdelivr.net/npm/lazyframe/dist/lazyframe.css 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pghub.io https://www.google.com/recaptcha/api.js https://www.gstatic.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * https://pglogin.justsnap.de https://venus.jsnp.io ; frame-src 'self' https://pglogin.justsnap.de https://venus.jsnp.io https://www.google.com https://servedby.flashtalking.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' *.nhs.uk; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' shop.eriks.be *.shop.eriks.be; upgrade-insecure-requests; script-src eriks.be *.eriks.be *.shop.eriks.be *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors www.anythinklibraries.org anythinklibraries.org www.odyssey.stream app.odyssey.stream 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dginfo.com; style-src 'self' http://* 'unsafe-inline'; 1
frame-ancestors 'self' https://www.sporthilfe.de https://www.sportstipendiat.de https://www.hall-of-fame-sport.de https://www.juniorsportlerdesjahres.de https://cloud.3dvista.com https://hautnah.sporthilfe.de; 1
default-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sidebar.bugherd.com https://www.bugherd.com https://clockwisemd.com https://s3-us-west-1.amazonaws.com https://www.clockwisemd.com https://maps.googleapis.com https://www.googletagmanager.com https://cdn.userway.org https://js.eruptr.io http://cdn.calltrk.com https://js.calltrk.com https://img04.en25.com https://www.youtube.com https://doublethedonation.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://cdn.userway.org/ https://doublethedonation.com; img-src 'self' data: blob: https://d2iiunr5ws5ch1.cloudfront.net https://maps.googleapis.com https://maps.gstatic.com http://solutionshealth.site https://slh.saltwaterstage.com/ https://www.bugherd.com https://ad.doubleclick.net https://cdn.userway.org https://www.googletagmanager.com https://doublethedonation.com; object-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com; connect-src 'self' https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://maps.googleapis.com wss: https://api.userway.org https://analytics.google.com https://stats.g.doubleclick.net https://js.calltrk.com https://cdn.userway.org https://cdn77.api.userway.org https://s1764416.t.eloqua.com https://doublethedonation.com; font-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com; frame-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com; media-src 'self' https://sidebar.bugherd.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com https://11861631.fls.doubleclick.net https://td.doubleclick.net https://cdn.userway.org/ https://www.youtube.com http://www.youtube.com https://doublethedonation.com; 1
frame-ancestors 'self'; img-src https://*;object-src data: 'unsafe-eval'; 1
default-src 'self';   connect-src 'self' eastus-8.in.applicationinsights.azure.com/ *.tawk.to/ hubspot-forms-static-embed.s3.amazonaws.com/ *.hsforms.net/ *.hscollectedforms.net/ *.hsforms.com/ *.hubapi.com/ *.hubspot.com/ *.google-analytics.com/ stats.g.doubleclick.net/j/ *.addthis.com/ *.disquscdn.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ maps.googleapis.com/ analytics.google.com/g/ wss: wss://ws3.hotjar.com/api/ *.callrail.com/ *.uverce.com/;   font-src 'self' data: *.tawk.to/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com/ *.disquscdn.com/;   frame-src 'self' bid.g.doubleclick.net/ *.hubspot.com/ *.hsforms.com/ *.hsforms.net/ www.googletagmanager.com/ www.google.com/recaptcha/ www.facebook.com/tr/ *.addthis.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ *.uverce.com/ youtube.com/ *.youtube.com/;   child-src www.youtube.com/;   img-src 'self' data: blob: *.googletagmanager.com/ *.tawk.to/ *.google.com/ *.hsforms.com/ *.hubspot.com/ www.facebook.com/ www.google-analytics.com/ stats.g.doubleclick.net/r/ www.google.com/ads/ maps.gstatic.com/mapfiles/ maps.googleapis.com/ dashboard.umbraco.org/ umbraco.tv/ cdn.viglink.com/ *.disqus.com/ *.addthis.com/ sync.crwdcntrl.net/map/ tags.rd.linksynergy.com/ ps.eyeota.net/ *.uverce.com/;   media-src 'self';   object-src 'none';   script-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net/ *.hsforms.net/ *.tawk.to/ googleads.g.doubleclick.net/ *.googleadservices.com/ *.hscollectedforms.net/ *.hsadspixel.net/ *.hs-analytics.net/ *.hs-banner.com/ *.usemessages.com/ *.hs-scripts.com/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com/ marathonconsulting.atlassian.net/ www.googletagmanager.com/ www.google-analytics.com/ *.addthis.com/ *.addthisedge.com/ snap.licdn.com/ connect.facebook.net/ px.ads.linkedin.com/collect/ disqus.com/ *.disqus.com/ *.disquscdn.com/ www.linkedin.com/ *.hotjar.com/ *.tawk.to/ *.uverce.com/ *.callrail.com/;   style-src 'self' 'unsafe-inline' *.tawk.to/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ cdn.jsdelivr.net cdnjs.cloudflare.com *.disquscdn.com/ *.tawk.to/ *.uverce.com/; 1
default-src 'self' https://www.google.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google-analytics.com https://checkouttoolkit.rapyd.net https://cdnjs.cloudflare.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://www.clarity.ms https://region1.google-analytics.com https://firestore.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vercel.live https://pay.google.com https://www.google.com/pageAd https://www.google.com/pagead https://cdn.deviceinf.com/js/v4/agent.js blob: https://js.dev.shift4.com/shift4.js https://applepay.cdn-apple.com https://*.securionpay.com https://widget.trustpilot.com https://clarity.microsoft.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.deviceinf.com/js/v4/agent.js; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data: https://www.google.com https://www.google.it https://www.google.fr https://www.google.es https://www.google.de https://www.google.pt https://www.google.at https://www.google.be https://www.google.ca https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://assets.vercel.com https://*.clarity.ms https://www.googletagmanager.com https://firebasestorage.googleapis.com/ https://replicate.delivery https://*.replicate.delivery/ https://static.magicstudio.com https://hatscripts.github.io/ https://www.gstatic.com/; frame-src 'self' https://checkouttoolkit.rapyd.net https://checkout.rapyd.net https://vercel.live https://pay.google.com https://js.dev.shift4.com/ https://td.doubleclick.net/ https://*.securionpay.com https://www.vecticon.co/ *; connect-src 'self' https://*.clarity.ms https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://api.rapyd.net https://firestore.googleapis.com https://geolocation-db.com https://adservice.google.com https://api.visitorapi.com https://firebasestorage.googleapis.com https://pay.google.com https://google.com/pay https://*.seondnsresolve.com https://cdn.deviceinf.com/js/v4/agent.js https://fonts.googleapis.com/css2 https://sockjs-us3.pusher.com https://replicate.delivery https://*.replicate.delivery/ https://freeipapi.com https://static.magicstudio.com https://*.securionpay.com https://vercel.live https://*.securionpay.com https://www.googletagmanager.com https://www.google.com https://www.google.it https://www.google.fr https://www.google.es https://www.google.de https://www.google.pt https://www.google.at https://www.google.be https://www.google.ca https://pay.google.com https://www.google.com/pay; media-src https://firebasestorage.googleapis.com/ blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' d21-a.sdn.cz *.seznam.cz *.ttwstatic.com *.tiktok.com onesignal.com *.cloudflareinsights.com *.cloudflare.com *.onesignal.com *.gstatic.com *.fontawesome.com energozrouti.cz *.energozrouti.cz *.google.com imedia.cz seznam.cz *.google-analytics.com *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.sklik.cz *.ads.celtra.com *.imedia.dev.dszn.cz *.googletagmanager.com *.2mdn.net *.seznam.cz code.createjs.com cdn.ampproject.org https://seznam.cz http://seznam.cz platform.twitter.com *.hotjar.com *.google.cz *.googleadservices.com *.google.ca; frame-ancestors 'self' www.energozrouti.cz energozrouti.cz *.energozrouti.cz seznam.cz *.pubmatic.com *.seznam.cz google.cz google.com *.sklik.cz sentry.sklik.cz https://sentry.sklik.cz ssp.imedia.cz ssp.seznam.cz imedia.cz; img-src 'self' data: https:; 1
default-src 'self';                                  script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 img-src data: 'self' blob: data:  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 style-src 'self' 'unsafe-inline'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 font-src 'self'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 frame-src  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d                                 frame-ancestors  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com ;                                 object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://neuromatch.social 'wasm-unsafe-eval' 'nonce-uTpAbcSyCBAXNbhM/WjPTg=='; font-src 'self' https://neuromatch.social; img-src 'self' data: blob: https://neuromatch.social; style-src 'self' https://neuromatch.social 'nonce-uTpAbcSyCBAXNbhM/WjPTg=='; media-src 'self' data: https://neuromatch.social; frame-src 'self' https:; child-src 'self' blob: https://neuromatch.social; worker-src 'self' blob: https://neuromatch.social; connect-src 'self' blob: data: wss://neuromatch.social https://neuromatch.social; manifest-src 'self' https://neuromatch.social; form-action 'self' 1
connect-src 'self' https://billboard-storefrontapi.nftco.com/graphql https://static.nftco.com api2.amplitude.com www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com analytics.tiktok.com api.ipify.org tr-shadow.snapchat.com tr.snapchat.com worldtimeapi.org; img-src 'self' data: asset-vfs.nftco.com general-vfs.nftco.com *.twimg.com ucpfarming-staging.nftco.com static.nftco.com static-staging.nftco.com www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com analytics.twitter.com t.co; media-src 'self' asset-vfs.nftco.com; script-src 'self' strict-dynamic 'sha256-JIpAeVpvRKWDV5Dtov8r2y/KzEdhyraCJzR9Kk9rQLg=' 'sha256-FiQ7rSiD//J6vlDADtpaciPGb8Q9IioZBwYHapsxYKo=' 'sha256-KLp99wml8BEyYSbT5q+qCgY8PPfA/8dgdcN/3R+Qf7w=' 'sha256-Hr7aLgUv7uLcCYF4DQoIIZPSoN/pT9cLp5fJbzsMVeE=' 'sha256-iUjKhtSwh0hJLZVU/jLX3I+hyJK4ZxpvClpteGRZAf8=' 'sha256-AiXrA00CSgO9yQ6mx59WGTZi58Pu6QlpYpiCDlF8u4M=' 'sha256-Eo4U05endpGU+fBQGoZEwd7G3S4QzCiWv6sgCtIBosA=' 'sha256-NIvDOGma9sIO7MqyhxBmdl587Wtj2WRu9ZSfj1rvxJo=' 'sha256-1yKdXKd7lQAir6B5rB6sdO5VpNY2fB5izYvqMlOYp6w=' 'sha256-ru/UnnFVnj6FmXo69GtkUByH2bjLvIQf8/D7u0TvzPw=' 'sha256-xwhETMACHfOZwPWlXK1qXCH+m0Np7CRrAdcSOJtVaTE=' 'sha256-MM5XnkmjKNRG5WnCkYiy27sMaIjzSRzKASqr8teFAbg=' 'sha256-cx9wzJX4xxfgtB6GVSRbh4jyPwwa/1CEVutnd4Brvso=' 'sha256-4dHDp5QBbnyFMuAjraH98JpZFtdJBa5rYAMJ8OIc6J8=' 'sha256-ZW5l6i4efuucucZLSgEmUVexVhVcfMWBmwcZO27ZzL8=' 'sha256-GD6kKpVSZNY4+brkkExyGoLV7geXgSJeBJlGM9Is1ns=' 'sha256-XXHZakqBqCfCbgNrgpmSR9GIuSHjAffNzTZs2Y0ExxE=' 'sha256-oMUtw5o1N10s9EZqNbmE/EOCKHI2fhm5dZBjf/4M7e0=' 'sha256-rEReW3KVCVjoXrwBQ6gNWPmYiO1CqonhXnBwHIp9dUA=' 'sha256-vi1v95kCISrgc0qVGTt9/bJy0VipaJDeFoXkmL/Ad1k=' 'sha256-EfdAmCn7rZyIIW/sm+y65ukevP9hQP6yWfEgvV9bGxk=' 'sha256-9/zE4wrodb+5bSqKfOpFPPoBKftCsEuZPuvgVOD1Rz4=' 'sha256-G2WM4bFqz7cGewCzY5xMkPGeQQaY62nXgeAVZpO/T6k=' 'sha256-CGyVQGei98vWRO/0xpaxrLNHdobRYL9ERMWPVOC+ROI=' 'sha256-0wXzQnT2OmtvfDUB186Z6bXmFMQRxItPtMoVuEga9Gc=' 'sha256-qnO3nNyonBBBGuogl0CKI5d/Up24e96DkqIkD8BFQ1E=' 'sha256-57Rb3yrqdNt3bA0TVcdpCIKeZ8ucqC+kAfpjOGlTRdQ=' 'sha256-Yc8BB4au93qrYIbAtfRUWzr8E9zE45lL1jcRe3hnOCU=' 'sha256-1CHO7YDlTGuTRPinMGSqLHuMrBtpCDFS1VoshmgIWRI=' 'sha256-u6D0NOtiqSXdo44HiBL9gBLeXjRf3EpbOvCt8UJtL0Y=' 'sha256-7dtnXgrWYkYeXrC7bKPJ6PtsBq+BdJaF1U5eeyFi6HY=' 'sha256-O1KgdnEucvKhpBSo2GJ0iuV1J8U1fTJZfq6YHgm7H5M=' 'sha256-p24fpr37tjLUdZ0AqOo8PLf4QMKsz1gWPtIUkg8RSaA=' 'sha256-//x7yZNV+9TU50Ptn5GsW9Ed4n1ZrFphm1ZQ+NYOdpc=' 'sha256-JlGEp/rOYKn0NYKgGBPUjijNEHjDFQYlMNW6c2hF6wU=' 'sha256-EwSmkQ0H1RPhQnqBnOg4nRKeUT/YSvS+4WpaWhhXbhs=' 'sha256-qAUmXHMihlmeeWhPEcuD23qu23t8T/OaLxOLOVmmT8k=' 'sha256-e+BOEWkm1+zsPiDuf/NP3qsg3vEieeedEEdokX2tPgA=' 'sha256-ADhWFlPPlvfKQWzowtWoSgEZCJxj/HNruKGBb18Zcm4=' 'sha256-ba3nvA/M2PNVQcznlZvdu0ICA1Xo5peljXGxb2bMm+I=' 'sha256-Tw3Z91bRdlpczF//AAKUvTqnqxlJCqkV8Dse0YI0SQw=' 'sha256-3WWFtYUd08H5WiEsFyic+uUrLgKEqcW5LRtZ5IH5tr8=' 'sha256-V6r4c+wRHp8m5OjVx8iEYzkIffx0gjTSszLziMuuox8=' 'sha256-xhUcLDVydwUQe7sQ3dP2uUsdGDb27CNtIC7ZA0OGVYY=' 'sha256-uaVfl79UeUJDsEAP72AvIrCxakEKvPoBVfSyYjh32MM=' 'sha256-cGSjK7WtscMOSU0OyoBTdkUM/TKlN5FZkQTDqUkcano=' 'sha256-inDIJULN9rg2ny2SoCM1NFXFNPo1rTgwoThyBcOUJtA=' 'sha256-2cm8bujmsbP0Yrh0Rx3MXGKxYchF21k6vXMLj148OBU=' 'sha256-M7DhZWTfQt7zrG7Qvv139ejFPTAg399vLqJOINPLmto=' 'sha256-T62WIp+uvQZF1FCul1b1nD8o2pB2HRXw89LOavl7pVs=' 'sha256-+Ai7iOyBvUQNxvIs+SCcO9wo9KKoh25FoXYRUUOrmsk=' 'sha256-rhg/Aqw1YWk+lJcMrKxO4IvZ6jvdpTr+nZZcOXia17Y=' 'sha256-v32xSzo3DBB5OdqK2Hg874P4eQY/TSJNJ56X8iyFYEA=' 'sha256-EgPzPNYXYyRQqYy/yAKgNST0/4tAKz1QtLC1SnCqxWE=' 'sha256-ZjcGN0sKtj2hOgzxXED61/tF26KtEBXuMroJ1gMU9ZM=' 'sha256-PrpqsbbNGj1OSzQD6wg1d3nTWAAO5K1dmVqDeCe6EW8=' 'sha256-W2ZarCO5Uj/Qsp3cIaTvKbcuClCZJR6CQOA2P02M0fA=' 'sha256-j9CQlsGLOB75Jt5TENFDHZEDXjnUOgB684am6HnqxFI=' 'sha256-UV2X1qhu5qVPTSPfetwMZMWL1GD75J+/Lum1/VcVAN0=' 'sha256-7foKJstm5KHxFngWS/fGLBSbNgMm7up0ONOM5PWc2A4=' 'sha256-rjLtaLxY1VOabj0NWTvIG673syTdKKDpSqoy+RgUVVo=' 'sha256-b1tKoA0vjWrtmTW0cYBr96zvRk0MHTkCYOX+J/gAxn4=' https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://*.googletagmanager.com www.google-analytics.com analytics.tiktok.com static.ads-twitter.com sc-static.net tr-shadow.snapchat.com tr.snapchat.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://recaptcha.net/recaptcha/ www.facebook.com tr.snapchat.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; default-src 'none'; report-to main-endpoint 1
style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com/ https://www.google.com/ https://vars.hotjar.com https://consent.cookiebot.com/ http://consentcdn.cookiebot.com/ https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://p.typekit.net https://use.typekit.net https://www.youtube-nocookie.com https://w.soundcloud.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'self' https://kupid.com https://www.kupid.com https://m.kupid.com https://mylover.be https://www.mylover.be https://m.mylover.be https://sexi.si https://www.sexi.si https://m.sexi.si; object-src 'none' 1
default-src 'self';      style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com mastersofterp.com www.mastersofterp.com use.fontawesome.com cdn.plyr.io player.vimeo.com cdnjs.cloudflare.com;     font-src 'self' data: fonts.gstatic.com mastersofterp.com www.mastersofterp.com unpkg.com use.fontawesome.com cdnjs.cloudflare.com collectcdn.com;     script-src * 'unsafe-inline' 'unsafe-eval';     img-src 'self' i.ytimg.com data: avatars.collectcdn.com;     frame-src mastersofterp.com www.mastersofterp.com accounts.google.com app.powerbi.com www.youtube.com ;     connect-src 'self' www.google-analytics.com load.collect.chat api.collect.chat;     media-src 'self' www.youtube.com; 1
script-src http: https: https://www.various-brands.ro/ 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/ https://lockerplugin.sameday.ro https://event.2performant.com https://consentcdn.cookiebot.com; style-src 'self' blob: https: 'unsafe-inline' https://www.various-brands.ro/; img-src data: http: https: www.googletagmanager.com https://event.2performant.com https: consentcdn.cookiebot.com https: lockerplugin.sameday.ro; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.hotjar.com *.google.com *.2performant.com lockerplugin.sameday.ro consentcdn.cookiebot.com; 1
base-uri 'self'; default-src * data: blob:; img-src * data: blob:; style-src * 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.ampproject.org/ ajax.cloudflare.com static.cloudflareinsights.com; media-src * data: blob:; worker-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Ima1YgzX5NWYZXpj+Nb7SAaaX/Mn70MJfZbxuelHGR99vE1M' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src 'self' data: *.bar24.by ip24.by *.intex-press.by *.gravatar.com a.disquscdn.com wpsitesync.com favicon.yandex.net ps.w.org lh3.googleusercontent.com avatars.mds.yandex.net w.bookcdn.com storage.mds.yandex.net informer.yandex.ru counter.yadro.ru www.google-analytics.com *.googlesyndication.com *.google.com google.by www.gstatic.com s.w.org www.w3.org thumb.cloud.mail.ru *.datacloudmail.ru *.visicom.ua *.tile.openstreetmap.org makinacorpus.github.io; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.nl/nl/report-uri/enforce 1
default-src 'self'; base-uri 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-qvaU3j/a/5GsQKqg76OEFvAMX+ZiqdjOEd+Wc7GhlfXAseyM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'unsafe-inline' 'unsafe-eval' *.hubspot.com analytics.google.com *.hs-scripts.com ws.zoominfo.com bat.bing.com *.alithya.com *.googletagmanager.com snap.licdn.com *.newrelic.com *.doubleclick.net tags.clickagy.com px.ads.linkedin.com *.miza-alithya.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net *.adsrvr.org js.zi-scripts.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
"block-all-mixed-content" 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: www.google.co.uk www.google.fr www.google.mg www.google.de www.google.es www.google.it www.google.com.br www.google.co.in www.google.co.jp www.google.ca www.google.mu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://www.facebook.com https://res.cloudinary.com https://fastly.picsum.photos https://picsum.photos https://cms-mirage.it https://staging-cms.mirage.it https://mirage-cdn.thron.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' *.cloudinary.com https://cloudinary.com https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com https://cloudinary.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudinary.com *.googletagmanager.com qmod.quotemedia.com unpkg.com cdnjs.cloudflare.com https://confirmsubscription.com https://js.createsend1.com *.bootstrapcdn.com code.jquery.com https://js.hsforms.net //js.hsforms.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudinary.com https://cloudinary.com unpkg.com *.bootstrapcdn.com *.quotemedia.com; font-src 'self' use.typekit.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.quotemedia.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' res.cloudinary.com placeunicorn.com via.placeholder.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.cloudinary.com https://cloudinary.com data: https://forms.hsforms.com; media-src 'self' data: blob: *.cloudinary.com; frame-src 'self' *.cloudinary.com https://cloudinary.com *.youtube.com *.google.com *.salesforce.com https://confirmsubscription.com https://www.createsend.com siebert.com https://forms.hsforms.com/; child-src 'self' blob: https://www.google.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cloudinary.com https://cloudinary.com; connect-src 'self' *.doubleclick.net *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.cloudinary.com https://cloudinary.com *.quotemedia.com *.siebertnet.com https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample https://createsend.com https://forms.hsforms.com https://forms.hubspot.com https://prod-api.siebert.com https://privapi.siebert.com; object-src https://www.siebert.com/blog/wp-content/uploads/ https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample; 1
font-src *.cloudflare.com *.googleapis.com *.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.b-cdn.net https://static.payzen.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com userlike-cdn-umm.b-cdn.net https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.facebook.com *.google.com *.google.ch *.google-analytics.com *.google.fr *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.klarna.com *.lightemporium.com https://meetanshi.com/media/logo.png *.ovh.net *.paypal.com *.twimg.com *.usercentrics.eu *.ytimg.com *.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.beyable.com *.bootstrapcdn.com *.cloudflare.com *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.trustedshops.com *.twimg.com *.usercentrics.eu *.amazonaws.com *.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ https://cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com/aos@2.3.1/dist/aos.css *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustedshops.com *.twimg.com *.typekit.net *.usercentrics.eu https://static.payzen.eu/static/ https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cargo-webproject.com *.cloudflare.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.paypal.com *.twimg.com *.twitter.com *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-web.b-cdn.net blob: https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://dimorder.com; 1
default-src self unsafe-eval unsafe-inline; style-src self unsafe-inline; media-src *; img-src self data: content:; 1
default-src 'self'  ws: wss: data:; script-src 'self' https://www.gstatic.com http://www.google-analytics.com/analytics.js https://static.addtoany.com https://cdnjs.cloudflare.com https://c4energi.matomo.cloud https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://c4energi.matomo.cloud 'unsafe-inline' ; font-src 'self' https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://c4energi.matomo.cloud data:; img-src 'self' http://www.google-analytics.com https://maps.gstatic.com https://resources.mynewsdesk.com https://www.google.com https://www.google.se https://c4energi.matomo.cloud https://maps.googleapis.com data:; connect-src 'self' https://ftp.mirakel.nu https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://c4energi.matomo.cloud ; frame-src 'self' https://static.addtoany.com https://studiorail.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-43599c5874316669d53922b628702add'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self'  https://www.google-analytics.com/analytics.js https://analytics.tiktok.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/i18n/jquery-ui-i18n.min.js https://analytics.tiktok.com/i18n/pixel/events.js https://www.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.tuneprotect.com/wp-content/themes/tuneprotect/js/bootstrap.min.js 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://analytics.google.com https://www.google-analytics.com/j/collect https://analytics.tiktok.com https://maps.googleapis.com https://analytics.tiktok.com/i18n/pixel/events.js https://heatmaps.monsido.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/i18n/jquery-ui-i18n.min.js https://siteimproveanalytics.com https://connect.facebook.net https://stats.g.doubleclick.net/j/collect; script-src-elem 'self' https://script.accesstrade.global/lp.js https://maps.googleapis.com https://analytics.tiktok.com https://unpkg.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.tuneprotect.com https://www.tuneprotect.com/wp-content/themes/tuneprotect/js/bootstrap.min.js https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://analytics.tiktok.com/i18n/pixel/events.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/i18n/jquery-ui-i18n.min.js https://siteimproveanalytics.com https://connect.facebook.net https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.google-analytics.com https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; img-src 'self' https://www.tuneprotect.com https://s3-ap-southeast-1.amazonaws.com https://s3.ap-southeast-1.amazonaws.com https://www.googletagmanager.com https://img.youtube.com https://secure.gravatar.com https://www.google-analytics.com/collect https://www.google.com https://www.google.com.my https://s.w.org https://www.facebook.com/tr/ https://www.google.com/ads/ga-audiences https://tracking.monsido.com data:; media-src * blob:; frame-src 'self' https://esg.churchgatepartners.com/ https://insage.com.my/ https://www.youtube.com/ https://www.google.com/ https://9207186.fls.doubleclick.net/ 1
default-src 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' https://cdn.designhuddle.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hubspot.com https://static.hsappstatic.net https://js.hscollectedforms.net https://js.usemessages.com https://js.hs-banner.com https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' 'unsafe-eval' data: https://showcase.designhuddle.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://*.hubspot.com https://*.hsforms.com https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://ct.capterra.com; frame-src 'self' https://showcase.designhuddle.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://player.vimeo.com https://*.hubspot.com https://designhuddle-20916693.hs-sites.com https://www.facebook.com; connect-src 'self' https://showcase.designhuddle.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.hubspot.com https://forms.hscollectedforms.net; object-src 'none' 1
default-src 'none'; img-src 'self' orchestration-privateid-bucket.s3.us-east-1.amazonaws.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; manifest-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' api.devel.cryptonets.ai api.develv2.cryptonets.ai api.orchestration.private.id api.cryptonets.ai api.prodv2.cryptonets.ai; form-action 'self'; frame-ancestors 'none'; child-src 'self'; 1
default-src 'self' data: https://ajax.googleapis.com https://www.google.com https://www.google.co.nz https://www.google-analytics.com https://stats.g.doubleclick.net https://api.addressfinder.io https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://api.addressfinder.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://oss.maxcdn.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.addressfinder.io https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-BURJ6RVmWkuZxrmguM7HdHd8Nnpaof22k9HtsBffH8pIal3Y' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://xtux.org; img-src 'self' https: data: blob: https://xtux.org; style-src 'self' https://xtux.org 'nonce-BLFc7u7qzNE6SgGDn2LPqA=='; media-src 'self' https: data: https://xtux.org; frame-src 'self' https:; manifest-src 'self' https://xtux.org; form-action 'self'; child-src 'self' blob: https://xtux.org; worker-src 'self' blob: https://xtux.org; connect-src 'self' data: blob: https://xtux.org https://xtux.org wss://xtux.org; script-src 'self' https://xtux.org 'wasm-unsafe-eval' 1
frame-ancestors  'self' https://www.eduleverse.com/  https://eduleverse.com/ https://www.eduleresource.com/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.baalajimaestro.me; 1
default-src 'self' *.wogaa.sg *.demdex.net *.everesttech.net *.omtrdc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.cwp.sg *.cwp.sg *.careers.gov.sg *.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.sharethis.com *.addthis.com *.omtrdc.net *.gstatic.com *.googleapis.com *.wogaa.sg *.adobedtm.com *.doubleclick.net *.bizographics.com *.googleadservices.com *.twitter.com; style-src 'self' 'unsafe-inline' http://*.cwp.sg *.cwp.sg *.careers.gov.sg *.google.com *.googleapis.com *.gstatic.com *.sharethis.com *.wogaa.sg; font-src 'self' data: http://*.cwp.sg *.cwp.sg *.careers.gov.sg *.googleapis.com *.gstatic.com *.googletagmanager.com *.demdex.net *.omtrdc.net *.google.com *.wogaa.sg *.bootstrapcdn.com; img-src 'self' blob: data: http://*.cwp.sg *.cwp.sg http://*.psd.gov.sg *.careers.gov.sg *.facebook.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.ytimg.com *.youtube.com *.sharethis.com *.google.com *.omtrdc.net *.everesttech.net *.demdex.net *.doubleclick.net *.linkedin.com *.google.com *.gov.sg; form-action 'self' 'unsafe-inline' 'unsafe-eval' http://*.cwp.sg *.cwp.sg *.demdex.net http://*.pageuppeople.com *.pageuppeople.com http://*.sharethis.com *.facebook.com https://*.hrp.gov.sg; frame-src 'self' http://*.cwp.sg *.cwp.sg *.careers.gov.sg *.google.com *.sharethis.com *.consensu.org *.addthis.com *.google-analytics.com *.googletagmanager.com *.omtrdc.net *.onemap.sg *.adobedtm.com *.demdex.net *.cwp.gov.sg *.youtube.com *.facebook.com https://form.gov.sg *.doubleclick.net https://forms.office.com *.twitter.com *.onemap.gov.sg; connect-src 'self' http://*.cwp.sg *.cwp.sg *.careers.gov.sg *.sharethis.com *.facebook.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.omtrdc.net *.demdex.net *.onemap.sg *.adobedtm.com *.gstatic.com *.googleapis.com *.wogaa.sg *.doubleclick.net; object-src 'self' http://*.cwp.sg *.cwp.sg *.gov.sg; 1
frame-ancestors 'self' https://*.negocom-atlantique.com, base-uri 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' *.negocom-atlantique.com *.point-sys.com *.googletagmanager.com *.google-analytics.com *.google.fr *.googleapis.com *.youtube.com *.dmcdn.net *.jsdelivr.net 1
frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://ajax.googleapis.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com data:;img-src * data:;worker-src 'self' blob:;media-src * data:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob:; object-src https 'self'; media-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: resource:; frame-ancestors https: 'self' *.facebook.net; base-uri 'self' https: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://greenmoney.ru https://securepay.tinkoff.ru *.jivosite.com  https://*.gstatic.com https://*.google.com http://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googletagmanager.com https://www.googletagmanager.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net http://mc.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/  http://top-fwz1.mail.ru  https://vk.com/  https://connect.facebook.net https://www.facebook.com  https://ajax.googleapis.com  https://*.kaspersky-labs.com  https://score.juicyscore.com/static/  https://score.juicyscore.com/savedata/  https://score.juicyscore.com/saveevent/ https://tagmanager.google.com/; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://greenmoney.ru https://securepay.tinkoff.ru *.jivosite.com  https://*.gstatic.com https://*.google.com http://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googletagmanager.com https://www.googletagmanager.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net http://mc.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/  http://top-fwz1.mail.ru  https://vk.com/  https://connect.facebook.net https://www.facebook.com  https://ajax.googleapis.com  https://*.kaspersky-labs.com  https://score.juicyscore.com/static/  https://score.juicyscore.com/savedata/  https://score.juicyscore.com/saveevent/ https://tagmanager.google.com/; style-src 'self' blob: data: 'unsafe-inline' https://greenmoney.ru https://fonts.googleapis.com  *.jivosite.com  https://*.kaspersky-labs.com https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com/; style-src-elem 'self' blob: data: 'unsafe-inline' https://www.cdn-tinkoff.ru/ https://greenmoney.ru https://securepay.tinkoff.ru https://fonts.googleapis.com  *.jivosite.com  https://*.kaspersky-labs.com https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com/; connect-src  'self'  data:  wss: https://*.tinkoff.ru/ https://greenmoney.ru  https://code.jquery.com  *.jivosite.com  https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.ua  https://suggestions.dadata.ru  http://top-fwz1.mail.ru https://mc.yandex.ru  https://vk.com  https://connect.facebook.net https://www.facebook.com/tr/  stats.g.doubleclick.net https://stats.g.doubleclick.net  https://www.google-analytics.com https://ajax.googleapis.com  https://*.kaspersky-labs.com wss://*.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com wss://gc.kfp.scr.kaspersky-labs.com wss://gc.kis.scr.kaspersky-labs.com wss://gc.kis.v2.scr.kaspersky-labs.com  http://gj.track.uc.cn https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com  https://score.juicyscore.com/static/p.json;frame-src  'self'  blob:  data:  https://greenmoney.ru https://securepay.tinkoff.ru/ https://*.kaspersky-labs.com  *.yandex.com  *.yandex.ru  https://*.google.com  https://mc.yandex.ru https://mc.yandex.com http://webvisor.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net  https://www.googletagmanager.com  https://www.facebook.com  https://api-maps.yandex.ru;child-src  'self'  blob:  https://api-maps.yandex.ru  https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org;font-src  'self'  data: https://www.cdn-tinkoff.ru/ https://greenmoney.ru  https://fonts.gstatic.com http://fonts.gstatic.com http://themes.googleusercontent.com;img-src  'self' https://greenmoney.ru data:  blob: https://securepay.tinkoff.ru/  https://*.maps.yandex.net api-maps.yandex.ru https://yandex.ru https://an.yandex.ru  *.jivosite.com https://jivo-userdata.s3-eu-west-1.amazonaws.com  https://www.facebook.com/  https://*.vk.com https://vk.com https://login.vk.com https://m.vk.com  https://csi.gstatic.com/csi https://maps.googleapis.com  http://www.googletagmanager.com https://www.googletagmanager.com  https://www.google-analytics.com https://stats.g.doubleclick.net   https://www.google.com https://www.google.ru https://www.google.by https://mc.yandex.ru  https://mc.webvisor.org  https://*.kaspersky-labs.com http://trends.revcontent.com https://ssl.gstatic.com/ https://www.gstatic.com;media-src  'self'  https://greenmoney.ru  *.jivosite.com;frame-ancestors  'self'  https://greenmoney.ru greenmoney.ru *.greenmoney.ru  http://webvisor.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net  https://mc.yandex.ru https://mc.yandex.com  https://www.googletagmanager.com/ns.html; report-uri /LoggingReports/CspReport; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; block-all-mixed-content; frame-ancestors 'none'; media-src 'none'; font-src 'none'; object-src 'none'; frame-src 'none' 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
default-src * 'unsafe-eval' 'unsafe-inline' data:; 1
default-src 'self';script-src 'self' https://static.serverhunter.com/ 'sha256-4I5bu4EfLcChhSe+mH/A91FCii4+zKs2F+8LxidpwB4=' https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ static.hotjar.com script.hotjar.com https://*.googletagmanager.com;style-src 'self' https://static.serverhunter.com/ 'unsafe-inline' data:;img-src 'self' https://static.serverhunter.com/ data: script.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com;font-src 'self' https://static.serverhunter.com/ data: https://fonts.gstatic.com/ script.hotjar.com;frame-src 'self' https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ vars.hotjar.com;connect-src 'self' https://sentry.io/ in.hotjar.com wss://*.hotjar.com surveystats.hotjar.com vc.hotjar.com *.hotjar.com:* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;object-src 'self';form-action 'self';manifest-src 'self' https://static.serverhunter.com/;frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content;sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-pointer-lock;report-uri https://www.serverhunter.com/log/report-uri/; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-iVWlES5nBnqRn1LdDIrWNA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.esmeralda-consulta.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com/ https://*.monsido.com https://cdn.syndication.twim https://www.googletagmanager.com https://twittercommunity.com https://www.google.com https://*.facebook.net https://*.twitter.com https://*.google-analytics.com https://www.youtube.com https://www.gstatic.com https://*.twimg.com; img-src 'self' data: https://*.google-analytics.com https://tracking.monsido.com https://*.twimg.com https://*.twitter.com https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.twitter.com www.gstatic.com https://www.google.com; connect-src 'self' https://www.google-analytics.com; style-src-elem 'self' 'unsafe-inline' https://*.twitter.com 1
frame-ancestors 'self' https://*.uscurrencyauctions.com https://pagead2.googlesyndication.com https://www.google.com; 1
default-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            script-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://cdn.ywxi.net http://cdn.saberfeedback.com https://feedback.saberfeedback.com https://www.trustedsite.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline' 'unsafe-eval';            style-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://s3.amazonaws.com https://p.typekit.net https://fonts.googleapis.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            font-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://fonts.gstatic.com https://s3.amazonaws.com  https://use.typekit.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn;            img-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://s3.amazonaws.com https://cdn.ywxi.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn data:;                         connect-src 'self' http://s3-us-west-2.amazonaws.com;            frame-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn; 1
base-uri 'self' *.esm-website.pages.dev; default-src 'self' 'unsafe-inline' *.esm-website.pages.dev https://unpkg.com https://*.iubenda.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://storage.googleapis.com https://gist.github.com https://api.botpoison.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.iubenda.com https://github.githubassets.com; img-src 'self' *.esm-website.pages.dev data: https://www.googletagmanager.com https://live.staticflickr.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src https://maximiliankgel.typeform.com https://*.youtube.com https://*.youtube-nocookie.com 1
default-src 'self'; script-src 'self' https://*.hotjar.com https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com https://*.clickagy.com; connect-src 'self' https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com https://*.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com wss://ws.hotjar.com https://*.hotjar.io; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.klaviyo.com *.iubenda.com *.cloudflare.com *.doubleclick.net *.twitter.com *.facebook.com *.google-analytics.com *.google.com *.gstatic.com *.fontawesome.com *.criteo.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.tradedoubler.com *.googleapis.com *.doubleclick.net *.teads.tv *.rfihub.net *.pinimg.com *.criteo.net; frame-src 'self' *.google.com *.facebook.com *.iubenda.com *.criteo.com *.rfihub.com *.pinterest.com; object-src 'self'  1
frame-ancestors 'none'; upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.14.3/xlsx.full.min.js https://unpkg.com https://www.googletagmanager.com https://code.jquery.com https://www.port-tauranga.co.nz; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://code.ionicframework.com https://p.typekit.net https://www.port-tauranga.co.nz; object-src 'none'; frame-src 'none'; child-src 'none'; img-src 'self' https://secure.gravatar.com https://charts.iguana2.com  https://www.port-tauranga.co.nz data:; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://code.ionicframework.com https://www.port-tauranga.co.nz https://port-tauranga.co.nz data:; connect-src 'self' https://www.google-analytics.com; manifest-src 'none'; base-uri 'none'; form-action 'self' https://www.port-tauranga.co.nz; media-src 'none'; prefetch-src 'none'; worker-src 'none'; 1
frame-ancestors 'self' https://www.youtube.com https://vimeo.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.google-analytics.com https://api.mapbox.com https://cookie-cdn.cookiepro.com https://www.youtube.com https://ad.doubleclick.net https://bat.bing.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://script.infinity-tracking.com https://snap.licdn.com https://static.ads-twitter.com https://tags.srv.stackadapt.com https://unpkg.com https://qvdt3feo.com; style-src 'unsafe-inline' 'report-sample' 'self' https://tags.srv.stackadapt.com; object-src 'none'; child-src blob:; base-uri 'self'; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.co.uk https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com https://8vw7318k.api.sanity.io wss://8vw7318k.api.sanity.io https://api.mapbox.com https://events.mapbox.com https://*.tiles.mapbox.com https://*.infinity-tracking.net https://*.infinity-tracking.com https://uksouth-1.in.applicationinsights.azure.com https://px.ads.linkedin.com https://www.facebook.com https://rum-collector-2.pingdom.net https://bat.bing.com https://tags.srv.stackadapt.com; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net https://my.matterport.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com; img-src 'self' blob: data: https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.de https://*.google.co.uk https://cdn.sanity.io https://cookie-cdn.cookiepro.com https://dc.ads.linkedin.com https://i.ytimg.com https://secure.adnxs.com https://t.co https://tags.srv.stackadapt.com https://www.facebook.com https://*.linkedin.com https://analytics.twitter.com https://bat.bing.com; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
default-src 'self' https://www.distrigazsud-retele.ro;  script-src 'self' 'unsafe-inline' 'unsafe-eval'  http://srv-ccje-b.distrigazsud.ro:5280/ https://*.jquery.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net https://*.cookiepro.com;  style-src 'self' 'unsafe-inline' blob:  https://srv-ccje-b.distrigazsud.ro:5280/ http://srv-ccje-b.distrigazsud.ro:5280/ https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data:  www.distrigazsud-retele.ro https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://maps.google.com  https://*.ggpht.com https://ssl.google-analytics.com https://*.hotjar.com https://*.cookiepro.com;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://*.distrigazsud-retele.ro; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: http://srv-ccje-b.distrigazsud.ro:5280 https://srv-ccje-b.distrigazsud.ro:5280 https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com https://maps.googleapis.com https://*.cookiepro.com https://*.onetrust.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-iDIwYPJMNlCGNdq8JmToWpy1zKxGzbKDs68zkC7b0FxWX9lA' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src 'self' https://dc.services.visualstudio.com https://atlas.microsoft.com https://transportapi.com https://plausible.io; img-src 'self' data: https://huumepublic.blob.core.windows.net https://public-media.azureedge.net https:; font-src 'self' https://atlas.microsoft.com https://public-media.azureedge.net; style-src 'self' 'unsafe-inline'; script-src 'sha256-5bOAybsNooPvwbqgRF84ojP4iEowhQSOFLFVP/WHAlg=' 'self' https://atlas.microsoft.com; base-uri 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; frame-src 'self'; worker-src 'self' blob:; object-src 'none'; report-uri https://huume.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self' https://btbonline.balancetobuy.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com t0-flt.ssl.ak.dynamic.tiles.virtualearth.net fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com dev.virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 1
default-src 'self' https://webstats.cncs.gov.pt https://app.powerbi.com https://*.youtube.com  https://*.google.com https://*.addthis.com https://addthis.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.cncs.gov.pt;style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src 'unsafe-inline' * 'unsafe-eval'; 1
frame-ancestors 'self' https://www.farbdenker.com; 1
frame-ancestors 'self' www.koshervitamins.com *.koshervitamins.com ; 1
base-uri 'self'; font-src 'self' data: https://babywalz.omq.de https://www.paypalobjects.com; form-action 'self' https://checkoutshopper-live.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://a.storyblok.com https://*.vhwmcs.net https://*.cdn.aboutyou.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://sockjs-us3.pusher.com https://*.paypalobjects.com https://t.paypal.com https://x.klarnacdn.net https://cdf6519016.cdn.adyen.com https://babywalz.omq.de https://*.googletagmanager.com https://www.awin1.com https://googleads.g.doubleclick.net https://*.google.com https://*.google.de https://*.googleadservices.com https://*.facebook.com https://cm.g.doubleclick.net https://x.bidswitch.net https://contextual.media.net https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://*.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://*.criteo.com https://ad.360yield.com https://matching.ivitrack.com/ https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://*.tremorhub.com https://ad.yieldlab.net https://*.yieldmo.com https://e1.emxdgt.com https://ib.adnxs.com https://dpm.demdex.net https://beacon.krxd.net https://s.thebrighttag.com https://*.bing.com https://*.bazaarvoice.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://babywalz.omq.de https://www.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.moderne-hausfrau.at https://walz-prev.checkout.api.scayle.cloud https://*.awin1.com https://td.doubleclick.net https://*.criteo.com https://*.sovendus-benefits.com https://*.sovendus-connect.com https://tbs.tradedoubler.com https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' https://*.moderne-hausfrau.at https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://*.sovendus.com; script-src-elem 'self' 'unsafe-inline' https://*.moderne-hausfrau.at https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud https://checkoutshopper-live.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://www.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://www.googleadservices.com https://connect.facebook.net https://*.criteo.com https://*.sovendus.com https://*.bing.com https://*.hotjar.com https://*.abtasty.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; connect-src 'self' https://*.moderne-hausfrau.at https://walz-prev.checkout.api.scayle.cloud https://checkout-cdn.aboutyou.cloud/ https://checkoutshopper-live.adyen.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://api.exponea.com https://*.googletagmanager.com https://*.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://*.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.hotjar.com https://*.hotjar.io https://*.abtasty.com https://*.walz.de; media-src https://a.storyblok.com https://*.walz.de; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' https://buergerservice.ionas.de/ https://statistik.cms21.de http://vimeo.com https://www.kreis-bergstrasse.de/:sa2-search/ https://www.kreis-bergstrasse.de/sa2-endpoint/bwc/rest/06431/search; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https: https://buergerservice.ionas.de https://citywerk.net/piwik/index.php?module=CoreAdminHome&amp;action=optOut&amp;language=de https://cms21-hilfe.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://player.vimeo.com/ https://www.facebook.com/plugins/page.php https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FKreisBergstrasse&tabs=timeline&width=340&height=500&small_header=true&adapt_container_width=true&hide_cover=true&show_facepile=false&appId https://www.youtube-nocookie.com/ https://www.youtube.com/; img-src 'self' data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://i.ytimg.com/ https://img.youtube.com/ https://s.ytimg.com/ https://statistik.cms21.de https://tiles.chamaeleon.de https://www.kreis-bergstrasse.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://statistik.cms21.de https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FKreisBergstrasse&tabs=timeline&width=340&height=500&small_header=true&adapt_container_width=true&hide_cover=true&show_facepile=false&appId https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://player.vimeo.com/ https://s.ytimg.com/ https://statistik.cms21.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://buyerportalservices.impactauto.ca https://tagmanager.google.com/ https://www.googletagmanager.com/ http://www.googletagmanager.com/ https://www.google-analytics.com http://www.google-analytics.com https://maps.googleapis.com https://code.jquery.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://hosted.paysafe.com  https://API.paysafe.com/  https://songbirdstag.cardinalcommerce.com/ https://hosted.test.paysafe.com  https://API.test.paysafe.com/  https://songbirdstag.cardinalcommerce.com/ https://docs.google.com/ https://www.googleadservices.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://gateway.moneris.com ;                                  style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://maps.googleapis.com https://code.jquery.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://hosted.paysafe.com  https://API.paysafe.com/  https://songbirdstag.cardinalcommerce.com/ https://docs.google.com/ https://www.google.com https://www.gstatic.com 1
frame-ancestors: 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Kv7IUbbUlSG6OpuCdeqxAasuoTBOUTpHNhvqGfHGRItYwndV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors grande.be 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-hEM6aaNnq39vPXjcJo0obj/8A7TEqMlisxbGzCZdIMmbGoB5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-RkpOOEhhdEhiV2NxcTlSVndIS2ZteHFqaHh2eFNBbDVBUFpoTCtPV2FFcz06YzlFNWN0c3BKaEpuNElGc2h6N1JxbEhUeTNqRGV6b3NWTDB2R0kydktuZz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' stun.nextcloud.com:443;media-src 'self';frame-src 'self' https://cloud.labsit.com;frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' https://cloud.labsit.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-U10GllfRX/gh5Ugq/wpLVhvMNgiKPhmA0Kxqib4nv954h8Yb' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' kangkas.com *.kangkas.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://hello.myfonts.net https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/ https://view.ceros.com/ ; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://hello.myfonts.net https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com ; font-src 'self' https://hello.myfonts.net https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data: ; img-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data: ; object-src 'self' ; frame-src 'self' https://sites-benesch.vuturevx.com https://www.youtube.com https://player.vimeo.com https://view.ceros.com/ ; 1
object-src 'self'; frame-src 'self'; base-uri 'self';script-src 'self' 'unsafe-inline' *.twitter.com *.googleapis.com;style-src * 'unsafe-inline';img-src * 1
default-src 'none'; base-uri 'self'; form-action 'self'; connect-src 'self' localhost:9000 *.kt.tc *.yandex.net *.yandex.ru *.yastatic.net yandex.ru telegram.org *.googleapis.com *.google-analytics.com; font-src 'self' data: yastatic.net; frame-src 'self' oauth.telegram.org *.yastatic.net yastatic.net mc.yandex.ru mc.yandex.com player.twitch.tv *.twitch.tv twitch.tv; script-src 'self' 'unsafe-inline' *.kt.tc *.cloudflare.com cloudflare.com *.yandex.net *.yandex.ru *.yastatic.net yandex.ru yastatic.net telegram.org *.googleapis.com *.googletagmanager.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; img-src 'self' data: localhost:9000 ik.imagekit.io *.yandex.net *.yandex.ru *.yastatic.net yastatic.net yandex.ru *.googleusercontent.com *.kt.tc; manifest-src 'self'; media-src 'self' *.yandex.ru yandex.ru *.yandex.net yandex.net; object-src 'self'; worker-src 'self'; 1
report-uri https://csp-report.ponderosa.agency/log; base-uri 'self'; connect-src 'self' https://script.crazyegg.com https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; default-src 'self'; font-src 'self' data: *.wp.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; frame-src 'self' *.investis.com *.twitter.com *.wp.com https://facebook.com https://player.vimeo.com https://www.google.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com *.gstatic.com *.twitter.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net/en_GB/sdk.js https://script.crazyegg.com/pages/scripts/0023/1043.js https://stats.wp.com/e-202243.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js; style-src 'report-sample' 'self' 'unsafe-inline' *.wp.com *.typekit.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com/ui/1.13.1/themes/smoothness/jquery-ui.min.css https://fonts.googleapis.com; worker-src *.greencore.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-TNhvNDhWnShC0dAO8jnqvpcrlO1NhNVzhLysvX83IyD9CP/y' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'unsafe-inline' 'unsafe-eval' https: http:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' igorewards.com.hk *.igorewards.com.hk *.hutchgo.com *.google-analytics.com hutchgo.advertserve.com *.googletagmanager.com secure-ds.serving-sys.com connect.facebook.net bs.serving-sys.com s.wego.com *.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.googleadservices.com googleads.g.doubleclick.net recommender.scarabresearch.com cdn.mouseflow.com bat.bing.com maps.google.com maps.googleapis.com developers.google.com www-igorewards-test.hutchgo.com *.hutchgo.com.hk *.hutchgo.com.sg *.hutchgo.com.cn *.hutchgo.com.tw *.google.com analytics.skyscanner.net *.clarity.ms remote.captcha.com 1
frame-ancestors 'self' https://*.wowearn.io https://*.wowearn.com http://47.97.163.143:81 1
default-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://ssl.google-analytics.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 1
upgrade-insecure-requests;frame-ancestors 'self' https:; object-src 'self' icims.com; 1
default-src 'self' https://analytics.tiktok.com wss://socket.tidio.co widget-v4.tidiochat.com *.google.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: twemoji.maxcdn.com https://www.facebook.com *.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com widget-v4.tidiochat.com code.tidio.co code.jquery.com *.google.com *.googleapis.com https://connect.facebook.net https://www.googletagmanager.com *.google-analytics.com http://ajax.microsoft.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://ajax.googleapis.com; media-src 'self' widget-v4.tidiochat.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'              ; img-src 'self' data:                *.fbcdn.net *.ytimg.com *.gstatic.com *.google.com *.placeholder.com *.googleapis.com *.google-analytics.com placehold.it                *.cdninstagram.com i.ytimg.com *.facebook.com *.doubleclick.net *.windows.net *.youtube.com                live2support.com *.live2support.com                *.ctctcdn.com              ; style-src 'self' 'unsafe-inline'                *.googleapis.com                               *.live2support.com                *.ctctcdn.com              ; script-src 'self' 'unsafe-inline' 'unsafe-eval'                *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.instagram.com *.googletagmanager.com *.jquery.com *.gstatic.com                *.facebook.net *.twitter.com *.googleadservices.com *.doubleclick.net                               *.hirebridge.com *.zscalertwo.net                *.digitalthrottle.com                *.live2support.com                *.ctctcdn.com *.cloudflare.com             maps.google.com              ; font-src 'self' data:                *.gstatic.com                               *.live2support.com              ; frame-src 'self'                *.youtube.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net                *.hirebridge.com *.zscalertwo.net                *.fliphtml5.com              ; connect-src 'self' *.windows.net *.google.com                                *.live2support.com                *.ctctcdn.com                *.constantcontact.com       *.googleapis.com       *.google-analytics.com              ; media-src 'self' data:                               *.live2support.com 1
default-src 'self' 'unsafe-eval' https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval https://*; style-src 'unsafe-inline' 'unsafe-eval' https://*;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*;img-src 'self' data: https://*; 1
style-src 'self' fonts.googleapis.com https: blob: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com static.hotjar.com https:; object-src https:; media-src 'self' https: blob:; frame-ancestors 'none'; img-src 'self' blob: https: data: *; default-src 'self' https: wss:; font-src 'self' https: data:; report-uri https://belisha.dealerauction.co.uk/csp-report; report-to csp-report 1
default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self' data: *.rhc.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/ https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' *.resmed.jp *.amazonaws.com 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-5b214e0b681d48cca4e539013c0378b4' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com https://adfs.midden-groningen.nl/ https://adfs.midden-groningen.nl blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com wss://cloudstatic.obi4wan.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com wss://ws-eu.pusher.com https://obipubvideo.s3.eu-central-1.amazonaws.com api.scribit.pro  *.siteimprove.com; font-src 'self' data: *.googleusercontent.com https://cloudstatic.obi4wan.com *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://adfs.midden-groningen.nl/ https://adfs.midden-groningen.nl https://midden-groningen.maps.arcgis.com https://middengroningen.maps.arcgis.com https://melvin.ndw.nu https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report *.readspeaker.com; img-src 'self' data: data https://s3-eu-west-1.amazonaws.com https://obipubvideo.s3.eu-central-1.amazonaws.com https://www.toegankelijkheidsverklaring.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com https://cloudstatic.obi4wan.com https://stats.pusher.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-hashes' https://cloudstatic.obi4wan.com *.readspeaker.com 'unsafe-inline' cdn1.readspeaker.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; style-src-elem 'self' 'unsafe-hashes' https://cloudstatic.obi4wan.com *.readspeaker.com 'unsafe-inline' cdn1.readspeaker.com; base-uri 'self'; frame-ancestors 'self' 1
frame-ancestors 'self' ns1.studio-mt.net autoconfig..studio-mt.net mail..studio-mt.net studio-mt.net www.studio-mt.net; 1
default-src 'self' 'unsafe-inline' data: https://cloud.typography.com/ https://fonts.docomopacific.com/ https://www.google-analytics.com/collect https://maps.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com https://maps.googleapis.com/; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src https://www.google.com/ https://www.youtube.com/ https://tvlistings.gracenote.com/; 1
default-src 'self' data: ws: https://p.typekit.net https://88399.global.siteimproveanalytics.io/ https://stats.g.doubleclick.net/ https://ka-p.fontawesome.com https://kit.fontawesome.com https://info.truitycu.org https://vms.boldchat.com https://visitor-services.boldchat.com https://www.truitycu.org/tether.html https://nr1.s3.amazonaws.com https://s3.amazonaws.com https://urldefense.proofpoint.com/v2/ https://www.youtube.com/embed/8Yl8c84UD9M https://www.youtube.com/embed/vEAdfWiKAVY https://www.youtube.com/embed/Zsk5_AuqmkU https://truity.nanorep.co https://visitor-services.nanorep.com/visitor-token-service/ https://truity.nanorep.co/web/ https://livechat.boldchat.com/aid/ https://ui-avatars.com/api/ https://reviewsonmywebsite.com/images/source-logos/ https://reviewsonmywebsite.com/embed/3r2hxlDCJYNZejQXMBYdJL0kQT5JHcB9yGcmav4jP8ZKW8eSps https://romw-cdn.s3.amazonaws.com/media/ https://cdn-forpci52.actonsoftware.com/acton/attachment/8477/ https://embed.calculoid.com/views/calc-general.html https://embed.calculoid.com/views/fields/html.html https://embed.calculoid.com/views/fields/text.html https://embed.calculoid.com/views/fields/formula.html https://api.calculoid.com/calculator/75572/ https://embed.calculoid.com/views/calc-detail.html https://api.calculoid.com/v2/ping/5acf99d95716f/75572/aHR0cHM6Ly93d3cudHJ1aXR5Y3Uub3Jn https://api.calculoid.com/v2/calculator/5acf99d95716f/75572/aHR0cHM6Ly93d3cudHJ1aXR5Y3Uub3Jn https://api.calculoid.com/geoIP/ https://api.calculoid.com/countries/ http://info.truitycu.org/cdnr/52/acton/attachment/8477/ https://truitycu.org/Media/Images/MortgagesSitesImages/ https://www.google-analytics.com/  https://analytics.google.com/ https://my2.siteimprove.com/overlay/cms/ https://embed.calculoid.com/views/fields/ https://api.calculoid.com/calculator/57104/ https://api.calculoid.com/v2/ping/ https://api.calculoid.com/v2/calculator/ https://api.calculoid.com/calculator/49449/ https://www.googletagmanager.com/ https://www.truitycu.org/Media/Images/Chat/ https://www.truitycu.org/App_Themes/66SiteCSS/ http://cdn.sanmar.com/imglib/catl/ https://marketing.sanmar.com/imglib/catl/ https://amplify.review-alerts.com/ https://rtx-source-icons.s3.amazonaws.com/logos/ http://images.printable.com/imagelibrary/Seller/22953/p1_39875232-4af4-4661-97a8-a38c13d4b91d/images/6206311/src/ https://images.printable.com/imagelibrary/Seller/3374/EarlyWarningHTMLImages_12062017133825_333/images/ https://files.marcomcentral.app.pti.com/earlywarning/marcom/p7/videos/ https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org https://secure.truitycu.org https://hub2.truitycu.org/ https://api-cdn.usw2.pure.cloud/webdeployments/v1/deployments/7b7a70d9-de0a-48fb-86f4-a03ccd4e6cb7/ https://api.usw2.pure.cloud/api/v2/knowledge/guest/sessions/ https://api.usw2.pure.cloud/api/v2/knowledge/guest/sessions https://www.truitycu.org https://api-cdn.usw2.pure.cloud/webdeployments/v1/deployments/ https://fileupload.usw2.pure.cloud/webmessaging/ https://api.usw2.pure.cloud/api/v2/webmessaging/ https://api.usw2.pure.cloud/api/v2/webdeployments/ https://api.usw2.pure.cloud/api/v2/webdeployments/deployments/d41bb4aa-6917-453a-b10d-a2e2412c53e8/cobrowse/ https://app.usw2.pure.cloud/cobrowse-next/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://maps.googleapis.com/maps/ https://api-cdn.usw2.pure.cloud/response-assets/; font-src 'self' data: 'unsafe-inline' https://ka-p.fontawesome.com/releases/v6.2.0/webfonts/ https://kit.fontawesome.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/fonts/ https://embed.calculoid.com/font-awesome/ https://pro.fontawesome.com/releases/v5.8.0/webfonts/ https://pro.fontawesome.com/releases/v5.2.0/webfonts/ https://pro.fontawesome.com/releases/v5.1.0/webfonts/ https://ka-p.fontawesome.com/releases/v6.3.0/webfonts/ https://ka-p.fontawesome.com/releases/v6.2.1/ https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/ https://pro.fontawesome.com/releases/v5.0.13/webfonts/ http://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ https://ka-p.fontawesome.com/releases/v6.4.0/ https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/ https://ka-p.fontawesome.com/releases/ https://files.marcomcentral.app.pti.com/earlywarning/marcom/fonts/ https://www.truitycu.org/App_Themes/Default/Fonts/ https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/pagead/ https://truity.nanorep.co/web/ https://livechat.boldchat.com/aid/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/pagead/ https://info.truitycu.org https://use.typekit.net https://kit.fontawesome.com https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ https://browser-update.org https://vmss.boldchat.com https://vmp.boldchat.com https://vms.boldchat.com https://unpkg.com https://siteimproveanalytics.com/js/ https://www.youtube.com/s/player/a7eb1f5d/www-widgetapi.vflset/www-widgetapi.js https://reviewsonmywebsite.com/js/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/ https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ https://reviewsonmywebsite.com/js/ https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/ https://truity.cudlautosmart.com/ https://embed.calculoid.com/scripts/ https://www.youtube.com/s/player/f96f6702/www-widgetapi.vflset/www-widgetapi.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/ https://use.fortawesome.com/c44ae589.js https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ https://cdnjs.cloudflare.com/ajax/libs/ http://use.typekit.net/one5sdk.js https://cdn.siteimprove.net/cms/overlay.js https://www.youtube.com/s/player/92f199c8/ https://amplify.review-alerts.com/ https://apps.usw2.pure.cloud/genesys-bootstrap/genesys.min.js https://apps.usw2.pure.cloud/genesys-bootstrap/plugins/genesysvendors.min.js https://apps.usw2.pure.cloud/journey/messenger-plugins/offersHelper.min.js https://apps.usw2.pure.cloud/support-center/support-center-plugins/main.min.js http://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js https://app.leadsrx.com/visitor.js https://apps.mypurecloud.com/webchat/ https://apps.usw2.pure.cloud/cobrowse-next/ https://api.usw2.pure.cloud/api/v2/webmessaging/ https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/ https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/ https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.2.5/ https://reviewsonmywebsite.com/css/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/css/ https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.0.3/css/ https://embed.calculoid.com/styles/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ https://pro.fontawesome.com/releases/v5.8.0/css/ https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ https://pro.fontawesome.com/releases/v5.2.0/css/ https://pro.fontawesome.com/releases/v5.1.0/css/ https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ http://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://pro.fontawesome.com/releases/v5.0.13/css/ https://www.truitycu.org/CMSPages/ https://apps.usw2.pure.cloud/support-center/support-center-plugins/main.css https://www.bartlesvillechecking.com https://lawrencechecking.com https://www.lawrencechecking.com https://bartlesvillechecking.com https://houstonchecking.com https://www.houstonchecking.com http://truityeducationfoundation.org http://www.truityeducationfoundation.org https://www.bartlesvillemortgages.com https://bartlesvillemortgages.com https://www.lawrencemortgages.org https://lawrencemortgages.org https://info.truitycu.org/acton/content/; object-src 'self'; frame-src 'self' https://www.youtube.com/embed/AyvVjpRlBUA https://www.youtube.com/embed/OHqGg87jCQI https://www.youtube.com/embed/vEAdfWiKAVY https://www.youtube.com/embed/Zsk5_AuqmkU https://player.vimeo.com/video/348427394 https://info.truitycu.org/acton/media/8477/ https://www.youtube.com/embed/8Yl8c84UD9M https://info.truitycu.org/acton/fs/blocks/ https://bit.ly/3hhRmLN https://bit.ly/3DW2zvj https://www.truitycu.org/mallorybenne https://internal.truitycu.org/ https://truity.banno-preflight.com/ https://api.boldchat.com/aid/471094464640186361/ext/api/ https://secure.truitycu.org/ https://apps.usw2.pure.cloud/messenger/messenger.html https://info.truitycu.org/ https://apps.usw2.pure.cloud/messenger/ https://my2.siteimprove.com; frame-ancestors 'self' https://www.truitycu.org/ https://info.truitycu.org/ https://internal.truitycu.org/ https://truity.banno-preflight.com/ https://secure.truitycu.org; report-uri https://www.truitycu.org/psc; 1
frame-ancestors 'self' https://*.graf.digital https://*.ecobloc-configurator.com https://*.graf-online.de https://*.graf-water.com https://*.graf-water.co.uk https://*.graf.ie https://*.grafplasticsaustralia.com.au https://*.graf.fr https://*.graf-agua.com https://*.grafiberica.com https://*.grafpolska.pl https://*.graf.pt http://*.graf-water.cn https://*.garantia.com https://*.graf.info https://*.4rain.de 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Rd7YvAIUnQXTBvfosjQHtg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src * https; font-src *;img-src * data:; style-src * https: 'unsafe-inline';frame-src *;script-src * https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.mailerlite.com assets.mlcdn.com cristiantela.github.io makemusicdetroit.org *.makemusicdetroit.org maxcdn.bootstrapcdn.com api.flickr.com da7jxvkvc73ty.cloudfront.net *.googleapis.com cdnjs.cloudflare.com *.gstatic.com makemusicday.org code.jquery.com www.google-analytics.com mmd-web-assets.s3.amazonaws.com mmny-web-assets.s3.amazonaws.com www.stlmag.com *.onesolstice.com www.facebook.com *.static.flickr.com *.makemusicday.org *.youtube.com connect.facebook.net staticxx.facebook.com s3.amazonaws.com cdn.plyr.io *.youtube-nocookie.com chimpstatic.com static.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net www.makemusicmiami.org www.makemusicnicosia.com www.makemusicontario.org www.makemusicrosellepark.com www.thedayofmusic.com www.makemusicnewhaven.org www.makemusicroc.org www.makemusicdavis.org www.makemusicseattle.com www.makemusicliberty.org www.makemusicfortwayne.com www.makemusiccolumbia.org www.makemusicphilly.org www.makemusicpittsburgh.org www.makemusicdaypdx.org www.makemusicmadison.org www.makemusicboston.org *.fontawesome.com makingmusicmag.com underscorejs.org *.instagram.com www.google.com docs.google.com www.peytonanderson.org sentry.io unpkg.com chrisgundersen.github.io *.soundcloud.com *.sndcdn.com npmcdn.com cdn.jsdelivr.net player.vimeo.com *.googletagmanager.com googletagmanager.com curator.io *.curator.io makemusicturkey.com *.makemusicturkey.com muzikyapfest.com *.muzikyapfest.com makemusicfest.com *.makemusicfest.com fete40.org www.fete40.org fete40.com www.fete40.com fairelafete.org www.fairelafete.org; style-src * data: 'unsafe-inline'; img-src * data: blob: 1
frame-ancestors https://wp.starterre.fr; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.dogweb.no/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-d22a989a35478b19ebbaae3ac817cd84'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.linkedin.oribi.io analytics.tiktok.com *.google-analytics.com *.doubleclick.net tubear.co https://fonts.googleapis.com https://fonts.gstatic.com https://eager-noether-1aa517.netlify.app/ https://downloads.mailchimp.com https://u.heatmap.it *.userway.org; script-src 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net *.facebook.net *.matterport.com *.googleadservices.com analytics.tiktok.com *.google.com.sg snap.licdn.com *.monsido.com https://www.instagram.com/ https://u.heatmap.it/ https://heatmap.it/api/ https://*.heatmap.it/api/ https://www.gstatic.com *.googletagmanager.com https://s.ytimg.com https://www.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://downloads.mailchimp.com https://mc.us8.list-manage.com *.userway.org https://r.turn.com/server/beacon_call.js 'self'; img-src 'self' *.facebook.com p.adsymptotic.com *.googleadservices.com analytics.tiktok.com *.id.amgdgt.com px.ads.linkedin.com googleads.g.doubleclick.net googleads.g.doubleclick.net r.turn.com data: https://heatmap.it/api/log/ *.monsido.com *.google.com.sg https://u.heatmap.it/img/ https://www.google.com https://www.google-analytics.com https://www.google.co.in https://stats.g.doubleclick.net https://img.youtube.com https://www.instagram.com https://gallery.mailchimp.com *.userway.org; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net *.singaporeartmuseum.sg e.issuu.com tubear.co https://player.vimeo.com https://layerup.singaporeartmuseum.sg/ https://embed.culturalspot.org/ https://*.heatmap.it/ https://www.google.com https://www.gstatic.com https://www.facebook.com/ https://www.youtube.com https://w.soundcloud.com/ https://cdn.knightlab.com/ https://www.instagram.com *.matterport.com https://eager-noether-1aa517.netlify.app/ *.userway.org; object-src 'self'; 1
frame-ancestors 'self' http://www.selectaphilippines.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors 'self' www.nitro.rs www.mein-elektroauto.com *.vergleich.de 1
script-src 'self' www.google-analytics.com ajax.googleapis.com; 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 1
script-src https://www.vdlgroep.com 'unsafe-inline' https://*.googleapis.com https://*.lfeeder.com https://www.google-analytics.com https://www.googletagmanager.com  https://googletagmanager.com https://*.hotjar.com https://*.gstatic.com https://*.leadinfo.com https://*.leadinfo.net https://www.youtube.com https://www.youtube-nocookie.com https://*.cubilis.eu https://*.dealfront.com https://*.vdlgroep.com https://*.vixyvideo.com  https://*.vimeo.com https://vimeo.com https://*.videocdn.com https://www.googletagmanager.com;img-src https://www.vdlgroep.com data: https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://*.lfeeder.com https://*.google-analytics.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com;child-src https://www.vdlgroep.com https://www.youtube.com https://www.youtube-nocookie.com https://*.hotjar.com https://www.google.com https://google.nl https://www.google.nl https://schaeffler.gomexlive.com https://*.vdlgroep.com https://*.google.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com;connect-src https://www.vdlgroep.com https://*.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://*.leadinfo.com https://*.leadinfo.net https://*.hotjar.com https://*.cubilis.eu https://*.gomexlive.com https://*.google.com https://i.ytimg.com https://*.vdlgroep.com https://*.google.com https://*.vixyvideo.com https://*.vimeo.com https://vimeo.com https://*.videocdn.com;default-src https://www.vdlgroep.com 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.posnet.com *.posnet.com.pl www.posnet.com.pl *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.youtube.com *.facebook.net *.facebook.com *.hotjar.com *.doubleclick.net snap.licdn.com *.linkedin.oribi.io *.linkedin.com; style-src 'self' 'unsafe-inline' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.youtube.com *.facebook.net *.bootstrapcdn.com; img-src 'self' *.google.com *.google.pl *.googleapis.com *.gstatic.com *.facebook.com *.linkedin.com data:; font-src 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com; 1
script-src 'self' 'unsafe-inline' https://assets.zendesk.com https://static.zdassets.com; base-uri 'self'; 1
default-src 'self' https://disqus.com https://c.disquscdn.com; base-uri 'self'; script-src 'report-sample' 'self' 'nonce-4DRNZ3d+93n2dTFAhmfLUkTC8uu2Sapea3aRG9PCyDo=' 'unsafe-eval' blob: https://*.tech.io https://coderunner.codingame.com https://www.gstatic.com https://connect.facebook.net https://apis.google.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://query.yahooapis.com/v1/public/yql https://www.slideshare.net https://vimeo.com https://techiotest.disqus.com https://techio.disqus.com https://disqus.com https://c.disquscdn.com https://*.privacymanager.io; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' https://*.tech.io https://fonts.googleapis.com https://c.disquscdn.com; img-src blob: data: https:; font-src https: data:; connect-src 'self' https://*.tech.io https://*.codingame.com wss://*.codingame.com https://push-community.codingame.com https://maps.googleapis.com https://www.facebook.com https://*.clearbit.com https://disqus.com https://geo.privacymanager.io; frame-src blob: https://*.codingame-app.com https://coderunner.codingame.com https://disqus.com https://www.google.com https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self'; media-src https: data: blob:; object-src 'none'; form-action 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1990d17bff20213f8c92c64ac7b34136&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:community-learning%2Cenv:production 1
default-src 'self' fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; frame-src data: 'self' www.google.com; img-src 'self' data: www.gstatic.com maps.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com maps.googleapis.com maps.google.com www.google.com www.gstatic.com; 1
frame-ancestors 'self' https://www.meru.in 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com *.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com www.youtube-nocookie.com www.youtube.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com www.recaptcha.net maps.googleapis.com *.hotjar.com wss://*.hotjar.com *.hotjar.io id5-sync.com cdn.id5-sync.com bcp.crwdcntrl.net tags.crwdcntrl.net *.adform.net *.appier.net *.doubleclick.net staticcdn.enzymic.co static.enzymic.co *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.com.my *.salecycle.com d16fk4ms6rqz1v.cloudfront.net *.yimg.com analytics-au.clickdimensions.com *.2c2p.com *.userzoom.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com dc.services.visualstudio.com rt.services.visualstudio.com www.surveygizmo.eu widgixeu-beacon.s3.amazonaws.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com widgets-ssr.photorank.me data.photorank.me *.olapic-cdn.com *.yieldify.com *.yieldify-production.com wss://stranger.yieldify-production.com fonts.googleapis.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self';  frame-src 'self' https://pay.caetanocity.pt https://pay.caetanoenergy.pt https://pay.caetanogamobarmotors.pt https://pay.caetanocity.pt https://pay.caetanodrive.pt https://pay.caetanopower.pt https://pay.caetanobaviera.pt https://pay.caetanoauto.pt https://pay.caetanogamobarmotors.pt https://pay.caetanocity.pt https://pay.caetanoformula.pt https://pay.caetanoparts.pt https://pay.caetanostar.pt https://pay.carplus.pt; connect-src https://www.facebook.com https://*.cookieyes.com https://cdn-cookieyes.com/ https://caetanoretail.pt https://log.cookieyes.com https://d3hb14vkzrxvla.cloudfront.net https://www.wpo365.com https://maps.googleapis.com https://*.yoast.com https://s.go-mpulse.net https://firestore.googleapis.com/ https://api.gsci.pt https://europe-west2-cretail-prd.cloudfunctions.net https://region1.google-analytics.com;  style-src 'self' https://id.caetanogo.pt https://fonts.googleapis.com/  https://cdnjs.cloudflare.com/ https://unpkg.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';  object-src 'self';  img-src blob: 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com/ https://caetanoretail.pt/ https://static2.sharepointonline.com/ https://spoprod-a.akamaihd.net; script-src 'self' https://connect.facebook.net https://cdn-cookieyes.com https://beacon-v2.helpscout.net/ https://maps.googleapis.com https://ajax.googleapis.com https://yoast.com https://id.caetanogo.pt/ https://media-player.aos.tv https://www.googletagmanager.com https://storage.googleapis.com 'unsafe-eval' 'unsafe-inline' data:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Zkp2NYqB2DOBrgKi9R6y8objG4wZvB+wxDFYnvE5A0ormJNv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' http://www.philips.sa *.philips.com *.philips.sa https://philipsigtdpv.com 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data: *.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
frame-ancestors 'self' https://*.toyota.rs https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://spinster.xyz wss://spinster.xyz https://media.spinster.xyz https://proxy.spinster.xyz;media-src 'self' https://media.spinster.xyz https://proxy.spinster.xyz;img-src 'self' data: blob: https://media.spinster.xyz https://proxy.spinster.xyz;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com typesquare.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com static.hotjar.com script.hotjar.com s.swiftypecdn.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com s.swiftypecdn.com 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com wf.typesquare.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com data: 'self'; media-src 'self' video.cdnvue.com ; frame-src 'self' *.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com vars.hotjar.com nebula-cdn.kampyle.com sec.windcave.com uat.windcave.com oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com l.typesquare.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org cookies-data.onetrust.io geolocation.onetrust.com privacyportal.onetrust.com www.google-analytics.com *.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com  cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com cdn.linkedin.oribi.io api.mapbox.com atentochile.s1gateway.com maps.googleapis.com events.mapbox.com *.coke.com *.coca-cola.com *.prod.tccc-nextgen.com *.test.tccc-nextgen.com *.dev.tccc-nextgen.com *.tncid.app *.yimg.com *.ccnag.com *.ads-twitter.com www.googleadservices.com sc-static.net *.sprinklr.com n2.mouseflow.com *.reciteme.com *.demdex.net *.adobedc.net d1ah6cnxyby52e.cloudfront.net d2v73ohgys1z8q.cloudfront.net fifamx-prod.one-latam.ng.citko.net googleads.g.doubleclick.net unpkg.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net snap.licdn.com *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com unpkg.com atentochile.s1gateway.com  stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com api.tiles.mapbox.com bugcrowd.com assets.bugcrowdusercontent.com js.tncid.app *.salesforceliveagent.com js.adsrvr.org *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com audio4.audima.co cdn.mouseflow.com *.googleadservices.com pixel.mathtag.com cdn.heapanalytics.com sc-static.net *.analytics.yahoo.com *.sprinklr.com *.adobedtm.com *.reciteme.com reciteme.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com www.gstatic.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com atentochile.s1gateway.com *.tiles.mapbox.com *.reciteme.com *.sprinklr.com *.coke.com unpkg.com; font-src 'self' data: use.typekit.net fonts.gstatic.com atentochile.s1gateway.com *.reciteme.com *.sprinklr.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' bugcrowd.com editor.wallboard.info; manifest-src 'self' data:; worker-src blob: 'self'; child-src blob:; 1
frame-src * data: blob: ; img-src *.bing.com *.clarity.ms *.rddonline.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.vimeocdn.com *.gstatic.com *.google-analytics.com *.google.pt *.google.com *.linkedin.com 'self' blob: data:; font-src *.jsdelivr.net *.googleusercontent.com *.gstatic.com *.typekit.net *.typography.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp 'self' blob: data:; media-src *.rddonline.com hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.typography.com blob: 'unsafe-inline' 'unsafe-eval'; default-src *.clarity.ms *.cloudflare.com *.jsdelivr.net *.cookiefirst.com *.google.com *.rddonline.com *.watsonplatform.net *.watson.appdomain.cloud *.youtube.com *.vimeocdn.com *.vimeo.com *.typekit.net hovione.com *.hovione.com hovione.pt *.hovione.pt hovione.co.jp *.hovione.co.jp *.amplitude.com *.hotjar.io *.hotjar.com *.licdn.com *.doubleclick.net *.typography.com *.bootstrapcdn.com *.pardot.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.linkedin.oribi.io 'self' 'unsafe-inline' 'unsafe-eval' ws: 1
default-src 'self' data: *.google-analytics.com cdn.cookielaw.org promolife.matomo.cloud actionapi.highco.be *.fontawesome.com *.fpapi.io eu.api.fpjs.io *.cookiefirst.com *.highco.be maps.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' fpnpmcdn.net/v3/PZ2B2o9KoKgKPsIAoOjH/loader_v3.8.5.js pghub.io actionapi.highco.be cdn.cookielaw.org maps.googleapis.com cdn.matomo.cloud *.fontawesome.com cdnjs.cloudflare.com *.fpapi.io eu.api.fpjs.io ssl.google-analytics.com connect.facebook.net platform.twitter.com www.googletagmanager.com www.google-analytics.com *.addthis.com static.addtoany.com consent.cookiefirst.com *.gstatic.com *.google.com *.highco.be stats.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.cookiefirst.com cdnjs.cloudflare.com fonts.googleapis.com cdn2.hubspot.net; img-src 'self' blob: data: pixel.tapad.com cdn.cookielaw.org promolife.matomo.cloud *.fontawesome.com maps.gstatic.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com eu.api.fpjs.io fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.pghub.io 1
frame-ancestors 'self' *.tsc.k12.in.us tsck12inus.finalsite.com; 1
default-src 'self' https://*.vica.gov.sg https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://www.youtube.com  https://dpm.demdex.net https://va.ecitizen.gov.sg https://wogadobeanalytics.sc.omtrdc.net https://www.onemap.sg https://tools.onemap.sg  'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://www.onemap.sg; img-src 'self' https://*.vica.gov.sg https://i.ytimg.com https://img.youtube.com https://maxcdn.bootstrap.cdn.com https://va.ecitizen.gov.sg data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/; style-src 'self' https://*.vica.gov.sg https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg https://cdn.jsdelivr.net https://cdn.quilljs.com https://cdnjs.cloudflare.com 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; font-src 'self' https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg https://cdnjs.cloudflare.com 'unsafe-inline' https://fonts.gstatic.com data: https://assets.wogaa.sg/fonts/; upgrade-insecure-requests; block-all-mixed-content;script-src 'self' https://*.vica.gov.sg https://www.youtube.com blob: https://*.wogaa.sg https://assets.adobedtm.com/ https://onemap.sg https://assets.adobedtm.com https://va.ecitizen.gov.sg 'unsafe-inline' 'unsafe-eval' https://assets.wogaa.sg/fonts/;script-src-elem 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://*.vica.gov.sg  https://assets.woogaa.sg/sentiments/sentiments.esm.js https://remote.captcha.com https://assets.wogaa.sg/datalayer.min.js https://assets.wogaa.sg/snowplow/2.14.0/sp.js https://assets.wogaa.sg/scripts/wogaa.js https://assets.wogaa.sg/scripts/wogaa.js https://www.youtube.com https://onemap.sg https://assets.adobedtm.com https://va.ecitizen.gov.sg 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wogaa.sg;frame-ancestors 'self' onemap.gov.sg https://tools.onemap.sg;frame-src 'self' https://www.google.com https://www.onemap.gov.sg https://wogaa.demdex.net https://www.youtube.com  https://www.onemap.sg https://tools.onemap.sg; connect-src 'self' https://*.vica.gov.sg   https://*.wogaa.sg https://dpm.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://va.ecitizen.gov.sg wss://chat.vica.gov.sg; media-src 'self' https://www.youtube.com 1
default-src 'self' tgpo.ru techabantu.com *.techabantu.com *.jivo.ru *.jivosite.com wss://*.jivosite.com *.google-analytics.com mc.yandex.ru *.maplibre.org api.maptiler.com; worker-src blob:; script-src 'self' tgpo.ru 'unsafe-inline' 'unsafe-eval' techabantu.com *.techabantu.com cdn.amcharts.com allepro.api.oneall.com cdn.datatables.net *.jivosite.com *.jivo.ru cdn.ckeditor.com ajax.googleapis.com *.google-analytics.com cdn.jsdelivr.net static.addtoany.com mc.yandex.ru yastatic.net *.googletagmanager.com ; img-src 'self' tgpo.ru data: techabantu.com *.techabantu.com platron.ru *.jivo.ru *.jivosite.com cdn.ckeditor.com chart.googleapis.com *.google-analytics.com mc.yandex.ru yastatic.net ; style-src 'self' fonts.googleapis.com tgpo.ru 'unsafe-inline' techabantu.com *.techabantu.com cdn.jsdelivr.net cdn.ckeditor.com cdn.datatables.net *.jivo.ru *.jivosite.com; font-src 'self' fonts.gstatic.com tgpo.ru techabantu.com *.techabantu.com cdn.jsdelivr.net; frame-src 'self' tgpo.ru techabantu.com *.techabantu.com allepro.api.oneall.com static.addtoany.com; object-src 'none'; 1
default-src 'self'; child-src 'self' https://*.youtube.com:* https://*.recaptcha.net:*; connect-src 'self' https://*.google-analytics.com:* https://cookie-cdn.cookiepro.com:* https://geolocation.onetrust.com:*; font-src 'self' https://*.gstatic.com:*; img-src 'self' https://*.google-analytics.com:* https://*.ytimg.com:* https://cookie-cdn.cookiepro.com:* data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://*.googletagmanager.com:* https://*.jquery.com:* https://*.google-analytics.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://*.recaptcha.net:* https://*.gstatic.com:* https://*.cookiepro.com:* https://cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://*.gstatic.com:* https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.financialpartners.com/report-uri/enforce 1
connect-src * blob:; 1
default-src 'none'; worker-src 'self' blob:; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' cdn.shortpixel.ai  *.youtube.com *.gstatic.com *.mouseflow.com *.redditstatic.com *.google.com *.bing.com  *.doubleclick.net *.hsleadflows.net  *.facebook.com *.facebook.net *.addtoany.com cdnjs.cloudflare.com *.vimeo.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.googletagmanager.com *.google-analytics.com snap.licdn.com *.googleapis.com; style-src 'self' 'unsafe-inline' cdn.shortpixel.ai *.addtoany.com *.googleapis.com *.fontawesome.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.fontawesome.com; connect-src *.google.com *.google.ca *.hubspot.com *.bing.com *.facebook.com *.doubleclick.net *.mailchannels.com *.linkedin.oribi.io *.addtoany.com *.googleapis.com hubspot-forms-static-embed.s3.amazonaws.com *.hubapi.com *.linkedin.com *.mouseflow.com analytics.google.com *.google-analytics.com *.hsforms.com; frame-ancestors 'self'; frame-src *.spotify.com *.doubleclick.net *.anchor.fm anchor.fm *.mailchannels.com *.hubspot.com *.google.com *.addtoany.com vimeo.com static.hsappstatic.net forms.hsforms.com *.hsforms.com *.vimeo.com youtube.com *.youtube.com; manifest-src 'self' mailchannels.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://0x00sec.org/logs/ https://0x00sec.org/sidekiq/ https://0x00sec.org/mini-profiler-resources/ https://0x00sec.org/assets/ https://0x00sec.org/brotli_asset/ https://0x00sec.org/extra-locales/ https://0x00sec.org/highlight-js/ https://0x00sec.org/javascripts/ https://0x00sec.org/plugins/ https://0x00sec.org/theme-javascripts/ https://0x00sec.org/svg-sprite/ 'sha256-Gty3/aPWFfSvz7pdT39HY97/+2opLup9V0L19ZF0IwY=' https://s3.amazonaws.com/0x00sec/highlight.pack.js instant.page/3.0.0; worker-src 'self' https://0x00sec.org/assets/ https://0x00sec.org/brotli_asset/ https://0x00sec.org/javascripts/ https://0x00sec.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2JjNzJiNGI3N2U1NDM1MzliN2M4MTcwMTk5OWEyZjU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.royal-house.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.royal-house.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.royal-house.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; connect-src *; font-src *; frame-src https://lawsonstateadmin.in10sityseo.net/ https://www.youtube.com/ https://www.google.com; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.videoask.com https://static.videoask.com https://*.usemessages.com https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://static.hotjar.com https://connect.facebook.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://script.hotjar.com https://js.stripe.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://region1.analytics.google.com https://www.google-analytics.com https://api.videoask.com https://*.linkedin.com https://cdn.linkedin.oribi.io https://script.hotjar.com https://stats.g.doubleclick.net https://api.hubapi.com https://*.hubspot.com https://www.facebook.com https://*.craftcms.com; object-src 'self'; font-src 'self' https://s3.eu-west-1.amazonaws.com data:; img-src * data:; media-src 'self' https://media.videoask.com; frame-src 'self' https://ifmparis.typeform.com https://www.videoask.com https://w.soundcloud.com https://www.youtube.com https://js.stripe.com https://*.hubspot.com; frame-ancestors 'self'; form-action 'self' https://ifm-paris.us1.list-manage.com https://www.facebook.com; 1
frame-src 'self' www.facebook.com *.paypalobjects.com *.paypal.com www.google.com *.doubleclick.net; 1
script-src 'unsafe-eval' 'nonce-YThkMDM3N2MtZGEzOS00MGFlLTgzNmItNjgxNTRjMzZhZjk1' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://dzsn8ly4vj6m.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
default-src 'self' 'unsafe-inline'; connect-src 'self' s3.amazonaws.com www.youtube.com www.google-analytics.com m.addthis.com; script-src 'self' assets.adobedtm.com content.jwplatform.com ssl.p.jwpcdn.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.youtube.com connect.facebook.net *.addthisedge.com *.moatads.com *.addthis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com; font-src 'self' ssl.p.jwpcdn.com data:; img-src 'self' s3.amazonaws.com www.google-analytics.com prd.jwpltx.com jwpltx.com www.youtube.com data: blob:; media-src 'self' s3.amazonaws.com www.youtube.com; frame-src 'self' s3.amazonaws.com s7.addthis.com www.youtube.com; 1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none' 1
default-src 'self' data: blob: www.dordrecht.nl *.youtube.com *.google.com *.google-analytics.com www.googletagmanager.com *.siteimproveanalytics.io *.twimg.com fonts.gstatic.com *.drechtsteden.nl cdn.vanadcloud.com chatapi.eu3.quandago.app *.browsealoud.com speech-eu.speechstream.net drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com geodata.rivm.nl chat.socialedienstdrechtsteden.nl api.eu3.quandago.app embed.email-provider.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.dordrecht.nl www.google.com www.gstatic.com *.google-analytics.com www.googletagmanager.com siteimproveanalytics.com *.drechtsteden.nl cdn.vanadcloud.com *.browsealoud.com drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com chat.socialedienstdrechtsteden.nl api.eu3.quandago.app embed.email-provider.nl blob:; style-src 'self' 'unsafe-inline' www.dordrecht.nl fonts.googleapis.com www.connexys.nl cdn.vanadcloud.com *.browsealoud.com drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com chat.socialedienstdrechtsteden.nl embed.email-provider.nl;  1
font-src 'self' https://*.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self' https://*.freenet.de; object-src 'self'; base-uri 'self'; 1
frame-ancestors bireysel.turktelekom.com.tr www.teknosacell.com gameon.com.tr www.gameon.com.tr corechatbotai.turktelekom.com.tr testcorechatbotai.turktelekom.com.tr 1
default-src 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io 'nonce-aIY0R3EnWlHSSgx+D2Evsck74etVF2x3USXo5VnE/a0='; frame-src 'self' 'strict-dynamic' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io 'nonce-aIY0R3EnWlHSSgx+D2Evsck74etVF2x3USXo5VnE/a0='; style-src 'self' 'unsafe-inline' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; font-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; img-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; media-src 'self' data: https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; script-src 'self' 'unsafe-inline' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; frame-ancestors 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; form-action 'self' https://ethosenergy.com https://careers.ethosenergy.com https://*.ethosenergy.com https://*.oakwoodagency.com https://*.pardot.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.co.uk https://*.googleapis.com https://*.newscred.com https://*.wistia.com https://*.jquery.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.googleadservices.com https://*.zoominfo.com https://*.cookiebot.com https://*.doubleclick.net https://*.linkedin.com https://*.litix.io https://*.akamaihd.net https://*.vimeo.com https://*.livestream.com https://*.vhx.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.vimeo.exstole.com https://*.cart8draw.com https://*.linkedin.oribi.io; upgrade-insecure-requests; object-src 'none'; base-uri 'self' 1
default-src 'self' *.google-analytics.com *.bc0a.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.patton.com *.googletagmanager.com *.bc0a.com *.b0e8.com *.gstatic.com *.youtube.com *.googleapis.com *.bootstrapcdn.com *.google.com *.google-analytics.com *.webtraxs.com *.leadforensics.com *.hs-analytics.net *.ytimg.com *.hubspot.com *.hs-scripts.com *.facebook.net *.twitter.com *.linkedin.com; frame-src 'self' *.google.com *.patton.com *.babytel.net *.youtube.com *.facebook.com *.twitter.com;  img-src 'self' *.patton.com *.telcobridges.com *.bc0a.com *.b0e8.com *.gstatic.com *.youtube.com *.googleapis.com *.bootstrapcdn.com *.google.com *.google-analytics.com *.webtraxs.com *.leadforensics.com *.hs-analytics.net *.ytimg.com *.hubspot.com *.hs-scripts.com *.licdn.com; style-src 'self' 'unsafe-inline'  *.googleapis.com; font-src 'self' *.gstatic.com; frame-ancestors 'none'; 1
default-src 'self' https://api.userway.org https://consentcdn.cookiebot.com https://cdn.plyr.io/ https://www.google-analytics.com https://analytics.google.com https://fonts.gstatic.com/ https://uksouth-1.in.applicationinsights.azure.com/ https://cdn.userway.org https://region1.google-analytics.com/ https://region1.analytics.google.com https://stats.g.doubleclick.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' uksouth-1.in.applicationinsights.azure.com az416426.vo.msecnd.net api.userway.org cdn.userway.org *.consent.cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.plyr.io/ https://player.vimeo.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.youtube.com  https://ajax.aspnetcdn.com/ https://js.monitor.azure.com; style-src 'self' 'unsafe-inline' https://cdn.userway.org/ https://cdn.plyr.io/ https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' https://cdn.userway.org/ www.googletagmanager.com https://www.google-analytics.com https://dashboard.umbraco.com/ https://www.google.nl https://www.google.com blob: https://www.search.co.uk data: https://i.vimeocdn.com/; frame-src 'self' https://cdn.userway.org/ https://consentcdn.cookiebot.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api2/ https://www.youtube-nocookie.com/ https://www.google.com/ https://view.officeapps.live.com/ https://onedrive.live.com; frame-ancestors 'self' https://cdn.userway.org/ https://consentcdn.cookiebot.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api2/ https://www.youtube-nocookie.com/ https://www.google.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-9ee9377678d2278f882f0d9cfbc7b4b6'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
report-uri https://vcti.cloud/report/report-csp.php; upgrade-insecure-requests; default-src 'self' blob:; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' script.hotjar.com static.hotjar.com www.googletagmanager.com api.purechat.com prod.purechatcdn.com app.purechat.com cdn.polyfill.io ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com tag.structuredweb.com www.google-analytics.com; connect-src 'self' wss: api.purechat.com api-cdn.purechat.com widgetapi.purechat.com tag.structuredweb.com www.google-analytics.com; img-src 'self' 'unsafe-inline' www.dandb.com api.purechat.com data: ts.w.org www.google-analytics.com secure.gravatar.com ps.w.org s.w.org platform.twitter.com www.facebook.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; media-src 'self' app.purechat.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' vars.hotjar.com youtube.com www.youtube.com wp-themes.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; 1
frame-ancestors 'self' cc-genuity.gplex.net rndqc.gplex.com genuity.gplex.com csm.gplex.com; 1
default-src 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.trustcommander.net *.commander1.com *.doubleclick.net; connect-src 'self' *.mktoresp.com *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net cdn.linkedin.oribi.io *.trustcommander.net *.commander1.com *.googlesyndication.com; font-src 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.linkedin.com storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net p.adsymptotic.com www.facebook.com www.socotec.com; media-src 'self' *.webnet.fr *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com *.licdn.com *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net connect.facebook.net cdn.tagcommander.com cdn.trustcommander.net; style-src 'self' 'unsafe-inline' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.tagcommander.com cdn.trustcommander.net; base-uri 'self'; form-action 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.payrct.fr *.paynum.fr; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://hydria.se/ https://maps.googleapis.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src *.gstatic.com ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org cdn.sajari.com cdn.sajari.net jsonapi.sajari.net *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.juicer.io juicer.io ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-eval'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org cdn.sajari.com cdn.sajari.net jsonapi.sajari.net *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.juicer.io juicer.io ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-eval'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.juicer.io ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com *.juicer.io ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com *.prnewswire.com prnewswire.com *.c212.net c212.net *.mathtag.com mathtag.com juicer.io *.juicer.io pbs.twimg.com ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.anteroresources.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
script-src  'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.sagepay.com *.paypal.com *.paypalobjects.com *.googleadservices.com *.doubleclick.net static.zdassets.com *.google.com *.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.olefaschool.lu https://www.google.lu https://www.google.com *.gstatic.com https://www.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googleapis.com https://www.youtube.com; connect-src 'self' wss://www.educdesign.lu *.google-analytics.com *.analytics.google.com *.doubleclick.net; img-src 'self' data: blob: https://www.olefaschool.lu https://www.google.lu https://www.google.com https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com; object-src 'none'; base-uri 'none'; report-uri https://educdesign.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-mv3egbq2TIXMwMTPP0a5dA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-R93XVw+MYCaRK3HzM+HTby9di5FHiHKie/6bp4t+tMWL8Ug0' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' intranet.uniqa.hr www.24sata.hr m.24sata.hr showcase.24sata.hr www.index.hr index.hr www.telegram.hr telegram.hr 1
frame-ancestors 'none'; default-src 'self'; object-src 'none'; script-src 'self' stats.mailhardener.com; img-src 'self' data: stats.mailhardener.com; connect-src 'self' stats.mailhardener.com sentry.io https://api.mailhardener.com sentry.io; report-uri https://o226634.ingest.sentry.io/api/4505041461051392/security/?sentry_key=e70454ab4a4d463e82999b7c94880837 1
default-src https: blob: data: 'unsafe-eval' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' ; report-uri /common/csp-report.php 1
default-src 'none' ;manifest-src 'self' ; script-src  'self' 'unsafe-eval' 'nonce-94d7131615705dbbe7394fd2c8732b157d53f30911a4c78b9fca6f71c029359e' https://www.google.com/recaptcha/ ; style-src 'self' 'nonce-94d7131615705dbbe7394fd2c8732b157d53f30911a4c78b9fca6f71c029359e'   https://fonts.googleapis.com; img-src 'self' ; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ; media-src 'none' ; object-src 'none' ; child-src 'none' ; frame-src 'self' https://www.google.com/ https://www.youtube.com ; worker-src 'self' ; frame-ancestors 'none' ; form-action 'self' ; block-all-mixed-content; base-uri 'self'; 1
base-uri 'self' https://myprio.com https://www.myprio.com https://prio.pt https://www.myprio.pt https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com https://tile.openstreetmap.org; child-src 'self' https://www.googletagmanager.com gap:; frame-src 'self' https://www.googletagmanager.com gap:; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap:; default-src 'self' https://shellfirst.pt https://tile.openstreetmap.org https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org data:; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap: data: blob:; media-src https://tile.openstreetmap.org; object-src https://www.googletagmanager.com https://tile.openstreetmap.org; plugin-types https://www.googletagmanager.com; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://tile.openstreetmap.org gap: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tile.openstreetmap.org 'unsafe-inline'; frame-ancestors 'self' https://shellfirst.pt https://www.shellfirst.pt www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com gap:; report-uri 'self' /SecurityUtils/rest/Report/ReportViolations?Params=wqIpYE4EoEzlMSdokwtdMWn70aVbF954qbjVpoTE7ozRFEpsJ56jPtwRchqZ2TSAmKUoKX70JYUDbH96YIt%2BAA%3D%3D; 1
frame-ancestors 'self' *.google.com *.amp.colgate.de amp.colgate.de; 1
frame-ancestors 'self' http://app.storyblok.com https://app.storyblok.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.northcountry.org 1
frame-ancestors www.slpl.org *.www.slpl.org slpl.org *.slpl.org slpl.bibliocms.com *.slpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.slpl.org *.www.slpl.org slpl.org *.slpl.org slpl.bibliocms.com *.slpl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com js.stripe.com stats.encodecloud.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn-cookieyes.com sibautomation.com sibforms.com api.ipify.org meetings.brevo.com; script-src-elem 'self' 'unsafe-inline' stats.encodecloud.net js.stripe.com www.google.com www.googletagmanager.com www.gstatic.com downloads-global.3cx.com cdn-cookieyes.com sibforms.com api.ipify.org sibautomation.com videopress.com meetings.brevo.com conversations-widget.brevo.com gist.github.com/nbwpuk/ challenges.cloudflare.com easydmarc.com/tools/; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' translate.googleapis.com sibforms.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com sibforms.com github.githubassets.com www.gstatic.com  meetings.brevo.com; style-src-attr 'unsafe-inline'; img-src 'self' data: stats.encodecloud.net lh3.googleusercontent.com translate.google.com www.gravatar.com www.gstatic.com cdn-cookieyes.com fonts.gstatic.com i.ytimg.com *.w.org; font-src 'self' fonts.gstatic.com designsystem.brevo.com assets.brevo.com; connect-src 'self' js.stripe.com stats.encodecloud.net cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com consentlog.cookieyes.com in-automate.brevo.com translate.googleapis.com *.sibforms.com; media-src data:; child-src www.google.com www.youtube-nocookie.com; frame-src 'self' challenges.cloudflare.com js.stripe.com m.youtube.com wpmudev.com www.google.com www.youtube-nocookie.com www.youtube.com calendar.google.com encodedothost.github.io premium.wpmudev.org videopress.com meet.brevo.com sibautomation.com conversations-widget.brevo.com wl.hetrixtools.com easydmarc.com/tools/; worker-src 'self'; form-action 'self'; upgrade-insecure-requests; manifest-src 'self'; report-uri https://encodedothost.report-uri.com/r/d/csp/enforce 1
default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline' cdn.cloud.techsmith.com; style-src 'self' 'unsafe-inline' cdn.cloud.techsmith.com; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://infoopkaart.steenwijkerland.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-YjZiZTFkODktNTNhMC00MmFiLTkzZWMtNGE5ZGFkNDE1Njhm' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://button.kcmsurvey.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl https://infoopkaart.steenwijkerland.nl; style-src 'self' data: 'nonce-YjZiZTFkODktNTNhMC00MmFiLTkzZWMtNGE5ZGFkNDE1Njhm' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: 1
default-src 'self'; connect-src 'self' *.vimeocdn.com *.googleapis.com *.crazyegg.com https://www.google-analytics.com *.doubleclick.net *.cookielaw.org *.windows.net *.wistia.com *.onetrust.com *.bing.com; img-src 'self' 'unsafe-inline' assets.si-bone.com *.doubleclick.net *.google.com *.gstatic.com *.googleapis.com *.ytimg.com *.formstack.com *.wistia.com *.typekit.net *.cookielaw.org *.google-analytics.com *.amazonaws.com *.bing.com *.facebook.com *.igodigital.com *.facebook.net *.googletagmanager.com data: *.sitescout.com; frame-src *.greenhouse.io *.youtube.com *.doubleclick.net *.facebook.com *.vimeo.com *.crazyegg.com *.docusign.net *.wistia.com *.wistia.net *.pardot.com; object-src 'unsafe-eval' data:; font-src 'self' 'unsafe-inline' *.gstatic.com *.typekit.net *.formstack.com data:; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.formstack.com *.crazyegg.com *.googletagmanager.com; media-src 'self' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.akamaized.net *.wistia.com; script-src 'self' 'unsafe-eval' *.greenhouse.io *.salesforce-sites.com *.cloudflare.com *.googleadservices.com *.cloudamp.net *.secure.force.com *.formstack.com *.youtube.com *.wistia.com *.wistia.net *.vimeo.com *.vimeocdn.com *.ifbyphone.com *.crazyegg.com *.rackcdn.com *.typekit.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.gstatic.com *.bing.com *.facebook.net *.igodigital.com *.jquery.com *.pardot.com blob: 'sha256-Nkdvt//p0iJtya/+3XBbqzGflIaQ2Dyse8twJ+yZknQ=' 'sha256-hKdJtA+Hr/UNM1iC17X+s4cwJORimWLleyX8oNxo7To=' 'sha256-2ePDWPyy2Z8fWmA3QqbtKb3jS6uSHwdq8bOrBi8Qhpw=' 'sha256-CJFeNjrxHq+ERuNz858QJlxKqr4lvdws0uBNDXOs/UY=' 'sha256-jOhVjvPJ4H9OYW5s3NjuuV5vlkf+g7x0AKvzlvqGSY4=' 'sha256-u3P6YKHIJAxw0M2c787PUnjTIHXjjkYH2iT8W40CYSE=' 'sha256-zvnRTLRyrne0IT5ocBEmJcZzfRlt0F35JsC531bJoo0=' 'sha256-VZXnof2YEoUjKzrKg1SW76a1sodjnHBBxmrzo5rqePc=' 'sha256-LISBPAQUvONKPxqd7vAsYH9YDLQB9lNtvfIscyX9uvc=' 'sha256-S2zZR90G4kkaIgyM/ltC/a4PdW+8UIg+MchgYdNUFDY=' 'sha256-ZvFvRYobr3I4MHX4Et0K50Zz55JHiaXmqn/lwABLfww=' 'sha256-hABKwV6rLopq4uoGsMLUJGOW/FDHZKBbatst6nlaqv4=' 'sha256-MKgzWqcROzlhd2eG914GAHtN/9BhjPZp68Txra+vtPY=' 'sha256-uPobV5xHf70Do1LSMgA4Dg6O3doRTzj7bGzFm8804S0=' 'sha256-cAiA2FUibomroq/uVg6Y1I87tZB89zz4aaP+Q9LSyE8=' 'sha256-sbflpMVaf/aup9a43mh4rjg8S/npi9zuSC4Gj5UlYw8=' 'sha256-rF1HHB/ARSdpROvuQFdrkToJTh2OPCRXYR3Piiy8/oI=' 'sha256-WspGCxgGS2LczGb3peCG+EardG6nG9tL4derGOxcqEw=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-8FM0TdZthieOoZDBnRQaXo8M2BYWx0Ks3wmkLuxBIoM=' 'sha256-V4Yb9OXijMWGCoBKbeAJABLye7U3InF3vmLVD3FdCVU=' 'sha256-bNcrM/rVxdk7HLgwLVHpm9MgzRFKt6p0ORBcRCdXsig=' 'sha256-b9jfLC1T87YgjOyACVFtIZyTPVqhnIBlG3GmsKW0oik=' 'sha256-1NDFZCp72lW9Cas9bFKF6YoIlgG60hue0wpZGeTAQ3A=' 'sha256-Uz0yn00PqpvyPuK+MptaAirzRCPwuCU4Vhj/iAbfJxk=' 'sha256-WhvMkQGIAy6He/YBtnpkJpDOJR2WZmLtYeFXoCcgibA=' 'sha256-KZKyNM7cbkHE09Y3tNBu3rLQKyecaUBoAgIkxpwTEIU=' 'sha256-Td6jy7fwDCGZKGZxm8q6/WNC7nYMNtDPHMduc4F5Aoc=' 'sha256-yvlcB9X1fOzEev4xl54JCzwO2NJ9+oSGtyJmN5EB5Hc=' 'sha256-djX3A7UjfOXXU00elFI65XV3lvCwlS9/JCYWp9VbOuE=' 'sha256-b5AXHeyPoBhjO0lahOh2WrKrNgHaQk2JkebcJkKYCHU=' 'sha256-bzO15BOikQv6RZmju0LdkmGvmK1DYPlRkereT7qcus8=' 'sha256-z/3CSncSCci6pW30NJ9L6ZrMjWU1I8PL6lp7dBwfHF4=' 'sha256-VNuhk7DuDPETd+5dKdjRzu1SsrGmKyNBhbddwnjLaHU=' 'sha256-mCA/UovU4mLlad9F9oQLC+B6ImgETtZxXNmDjzs/Jik=' 'sha256-hmIvh4xh82mv+Vp8YDkHuhaNoPlPXsSb6TzUZkvNOhs=' 'sha256-4I+hjE8Qm6HkaeJKExGiYQpX3x9+w4fRQphzo+0KAeM=' 'sha256-0Dp1093hbby8jq2tYiyBQEytaviAUaQKauOIcVMpmTs=' 'sha256-w83bvF1DVyzC1avclVQDf/ODeU+EM40B6GjXzh9i3FA=' 'sha256-7+BDk2VoY8X6u5chllvrSbnXaSZc05AM8mvChuiml6g=' 'sha256-Y1IoGV5BC3/Y+H5FLU+QoL+ZLZEm59WnlH/dyJDR2C4=' 'sha256-uWzEzj6AW4TRAto4yqcfvNUijWdNXUL2FUSgKAmau/k=' 'sha256-hHNKOvBnPHqcW0tnPL4I9O0K7i3TuKQMsUM4SqAuPG4=' 'sha256-IL+rfFXYWJOxGR7LQkVA95fLGX82OrfyXcQqpMIvRaE=' 'sha256-PtA3aDfjEt+vmPe7SE9qmKA5flFM2mmg6vN3v10XD00=' 'sha256-xUv4snGO0osaqnoNoyCAiMGARnlmVqRJJnQWsSTLxCc=' 'sha256-3CYFIXmXpLySqQXlDbpC01B/91dhvojcnxnAMXAXoYk=' 'sha256-tNPPnGeQAe4AFnKX3F5ncc0DYZ5PEjxsecqs+dVYl3Q=' 'sha256-vs30dqESftECTtA2OrZWF3GROJpwI7SaHKu7qsXBHDY=' 'sha256-dGdJOSk9Wfx8zKmbyquwjQH6lmlNhZ5eOhTrwGiQ+Xw=' 'sha256-cIJxKv/5tIlWBDsdDjPwaVC0B8FE/IRWC73gVooLwjE=' 'sha256-YhiYPoTj9oJQtejLdCGNaiVIB7WCpsHFViUW5FYORBA=' 'sha256-OU4UO3viZOCX9Fe0toXAuOBHpl9qobRSn2bxwJRIdIM=' 'sha256-Xo2fe99dp1UFPZBKN7fOl0LqjHsfqv1czEqW1qeiDuU=' 'sha256-3Yi83845TL+HJ1XWIhSGqgpcCbpm7vbinaS4cfdhl2c=' 'sha256-2KnMDVuqUcVyGkzMFItkwBFukaE5TWqSrgYcwrdE+mw=' 'sha256-hAzmmTV09OQcWid67FdTzK2+yImkqYY1+H3rUoPgzJ0=' 'sha256-rLGmW0+id2fF76FD05TPbF7IYjpwt1poPNsGiEG5O/k=' 'sha256-ye6HUBoDmgPrvGtOlWiX5R8jEsABmQb2KvfmsXKzFog=' 'sha256-pTkEqc/b49QHNPHDlF5gVuSsyBwiUjTY8he4uGBW4dc=' 'sha256-k+GXGyjtqCLBxAMnmQ1SAgZylfAgR6Qh0ro/+soQvQ8=' 'sha256-zzZirpn2cZ/bySnun+ibU37c0nlj0JFcdAmDyXO9R5g='  'sha256-HGkYx4rY3GG9lDcLZHrxdtafHTo4CbdCXeNNbYtGl/E=' 'sha256-dPhMOAS0p/ohoLlmNLZ4dNT3Qu3oo5IlbJzYPr2uPns=' 'sha256-XpPF7smHWMxG2StBwsA6fJtpw1ZfqwkwBX8gSUSkOds='  'sha256-tDf6kNyVUUI4gf5TN6nQyvMCUA4vA9AJpsLL+0QATBs=' 'sha256-iiTKUd2YAALLW3CX1lxhWuu5DKDI85Behz2Bj8rqGwQ=' 'sha256-df1NRtlZuuuBzz90uHfNmfO3bnVx8eSzQ8iJF8iHLkc='; 1
default-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;script-src 'unsafe-inline' 'unsafe-eval' maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;object-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;style-src 'unsafe-inline' maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;img-src data: maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;media-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;font-src data: maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;connect-src 'self' wss: *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;upgrade-insecure-requests 1
script-src 'nonce-bbb197fc28' https: 1
default-src https:; img-src data: https://www.google-analytics.com/analytics.js http://www.google-analytics.com/ga.js https://ssl.google-analytics.com 'self'; script-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; font-src 'self'; connect-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com 'self'; frame-src 'self' https://www.youtube.com/ 1
default-src 'none'; script-src 'self' https://cdn.jsdelivr.net/npm/katex@0.16.8/dist/katex.min.js https://cdn.jsdelivr.net/npm/katex@0.16.8/dist/contrib/auto-render.min.js; style-src 'self' https://cdn.jsdelivr.net/npm/katex@0.16.8/dist/katex.min.css; font-src 'self' https://cdn.jsdelivr.net; img-src 'self' data: https:; connect-src 'self' https://media.paulromer.net; object-src 'none'; media-src https://media.paulromer.net; child-src https://media.paulromer.net; frame-ancestors 'none'; frame-src https://media.paulromer.net; base-uri 'self'; form-action 'self'; report-uri https://paulmromer.report-uri.com/r/d/csp/enforce; 1
default-src 'self' data: 'unsafe-inline' media.grupocdv.com cdnjs.cloudflare.com code.jquery.com *.tripadvisor.com *.google.com *.google.es *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.amazonaws.com *.prismic.io *.youtube.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.jquery.com *.gstatic.com *.prismic.io *.googleapis.com *.google.com *.google.es *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.doubleclick.net; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.grupocdv.com *.gac.travel *.prismic.io *.googleapis.com *.googleapis.com *.google.com *.google.es google.com google.es *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-b1c0acf5bd2ba970b1498d4665f09a97'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://naic.pcl.ac.cn https://shence.heywhale.com https://gudc.icee-edu.com 1
base-uri 'self'; object-src 'none'; script-src https://* 'unsafe-inline' 'nonce-Za8VWXxQt5BuPGQWFbnDEwADGAg' 'strict-dynamic' 1
script-src 'self' 'unsafe-eval' https://cryptonews.com.au https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://cryptonews.com.au https://*.cryptonews.com.au https://yoast.com https://*.wpengine.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com; frame-src 'self' blob: data: https://www.google.com/ https://*.youtube.com https://platform.twitter.com; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com; 1
upgrade-insecure-requests; default-src 'self' *.gstatic.com www.1c-bitrix.ru yastatic.net *.doubleclick.net *.yandex.ru bitrix.info *.bitrix.info *.googleadservices.com *.google-analytics.com *.plyr.io *.bitrix24.ru *.yandexcloud.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *; style-src 'self' 'unsafe-inline' *.roistat.com crm.pearl-water.ru *.bitrix24.ru *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roistat.com *.bitrix24.ru connect.facebook.net yandex.ru *.*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.yandexcloud.net *.google.com yastatic.net crm.pearl-water.ru *.yandex.ru *.jquery.com *.yandex.net *.youtube.com bitrix.info *.doubleclick.net *.mail.ru https://vk.com https://smartcaptcha.yandexcloud.net; img-src * data: blob: 'unsafe-inline'; frame-src * 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline'  *.cloudflare.com *.googleapis.com; img-src 'self' 'unsafe-inline' *.ensa.com.pa data:; media-src 'self'; frame-src 'self' *.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com *.ensa.com.pa *.cloudflare.com *.googleusercontent.com *.googleapis.com; connect-src 'self' adservice.google.com collect.tealiumiq.com mbpasxv7.staticmon.com notify.bugsnag.com opensheet.elk.sh sessions.bugsnag.com  www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';frame-ancestors 'self';script-src 'nonce-ac22897981567bca04b6298017e1e6cd' 'unsafe-eval' 'unsafe-inline' 'self' https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://mc.yandex.com  https://mc.yandex.uz https://www.google.com https://pagead2.googlesyndication.com https://www.google.cz https://www.gstatic.com;script-src-elem 'nonce-ac22897981567bca04b6298017e1e6cd' 'unsafe-inline' 'self' https://trikotazh.by https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://www.google.com https://www.gstatic.com https://data:3001 https://blob:3001;connect-src 'self' https://*.mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.by https://ymetrica1.com https://yandexmetrica.com:*  https://adservice.google.com https://connect.facebook.net https://www.google.com https://www.google.kz https://www.google.by https://www.google.ru https://www.google.fr https://www.google.com.cy https://www.google.com.ua https://www.google.pl https://www.google.de https://www.google.ge https://www.google.co.il https://www.google.com.tr https://www.google.com.hk https://www.google.co.uk https://www.google.nl https://www.google.ee https://region1.analytics.google.com https://vk.com https://ymetrica1.com https://top-fwz1.mail.ru https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://api.carrotquest.app https://api.carrottrack.app https://o4504796596404224.ingest.sentry.io https://*.trikotazh.by https://region1.google-analytics.com https://googleads.g.doubleclick.net http://327.0.0.1:* https://translate.googleapis.com https://www.google.am https://www.google.ch https://www.google.se https://www.google.fi https://www.google.co.uz https://www.google.no https://www.google.md https://www.google.com.mx;report-uri /csp.php 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' pornolive.it:9080 pornolive.it:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://pornolive.it wss://pornolive.it *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705975135 1
frame-ancestors 'self' *.theinspectionhub.com *.authorize.net *.sendgrid.com localhost:3000/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.googletagmanager.com https://static.zdassets.com https://www.youtube.com https://www.google.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://rgsharedweb.s3.amazonaws.com; img-src 'self' https://wpengine.com https://s3.amazonaws.com https://gravityforms.s3.amazonaws.com https://s38924.pcdn.co https://cdn.gravity.com https://www.google.ca https://secure.gravatar.com https://ps.w.org https://s.w.org https://i.ytimg.com https://www.google.co.in https://www.googletagmanager.com data:; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com data:; connect-src 'self' https://analytics.google.com https://ekr.zdassets.com https://smartservehelp.zendesk.com https://stats.g.doubleclick.net https://www.google.co.in https://yoast.com wss://widget-mediator.zopim.com; media-src 'self' https://static.zdassets.com; object-src 'none'; frame-src 'self' https://www.google.com https://www.youtube.com https://api.wppopupmaker.com https://www.integrityadvocateserver.com; frame-ancestors 'self'; worker-src 'self' blob:; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' *.haltian.com https://office.empathicbuilding.com; upgrade-insecure-requests 1
frame-ancestors http://www.acda.com http://www.acdagents.com https://dev.acdagents.com/ https://staging.acdagents.com/ https://www.callswithoutwalls.com/ https://dev.acddirect.com/ 1
style-src 'self' 'unsafe-inline';default-src 'self' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com;object-src 'self' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com;img-src 'self' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com;style-src 'self' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com;connect-src 'self' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.aigens.com *.order.place *.googleusercontent.com *.gstatic.com *.google.com *.googleapis.com *.stripe.com *.googletagmanager.com  *.fullstory.com *.sentry-cdn.com js.appboycdn.com *.google.com.hk *.braze.com *.appspot.com *.googleapis.com *.pizzahut.com.hk *.storellet.com *.hsbc.com.hk order2.pizzahut.com.mo pizzahut.com.mo *.pizzahut.com.mo *.doubleclick.net braze-images.com *.nbc.com.hk *.sentry.io *.ingest.sentry.io *.google-analytics.com *.googleadservices.com connect.facebook.net *.quantserve.com jscdn.appier.net *.quantcount.com *.chinesean.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-I15cYIM83DGJU5tz30x0Aqv3132DvFM1tzbG9j3GHD5AbFyv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://web-cms.espago.com http://127.0.0.1:1337 http://localhost:1337 https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl https://*.linkedin.com https://*.licdn.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.licdn.com https://www.clarity.ms 1
script-src 'self' http://*.radiopresence.com http://stats.web46.fr 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*.catholique.fr https://*.eveche.fr; report-uri https://www.radiopresence.com/spip.php?action=collecteur_csp; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-7055bef54728fd888e275612a5c7c287'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tiny.cloud/1/no-origin/tinymce/6.4.2-17/tinymce.min.js https://unpkg.com/leaflet@1.3.1/dist/leaflet.js  https://*.cloudflare.com www.google-analytics.com/analytics.js https://siteimproveanalytics.com/js/siteanalyze_6002236.js  https://trhbib1.bib.no/cgi-bin/rest_service/copies/1.0/data/  https://code.jquery.com/jquery-1.12.4.min.js  https://cdn.polyfill.io/v2/polyfill.min.js  https://translate.google.com/translate_a/element.js  https://translate.googleapis.com  https://*.prokomcdn.no  https://translate-pa.googleapis.com  https://code.jquery.com/ui/1.12.0/jquery-ui.min.js https://*.trondheim.kommune.no https://code.jquery.com/jquery-1.10.2.min.js https://netdna.bootstrapcdn.com/bootstrap/3.0.2/js/bootstrap.min.js https://cdn.jsdelivr.net/syntaxhighlighter/3.0.83/scripts/shCore.js https://cdn.jsdelivr.net/syntaxhighlighter/3.0.83/scripts/shBrushJScript.js  https://hsk-widget.web.app/embed/hsk.js;  1
default-src 'self' https://*.stepnova.net;script-src 'unsafe-inline' 'unsafe-eval' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;style-src 'unsafe-inline' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;img-src 'self' data: https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;connect-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;font-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;object-src 'self' data: 'unsafe-eval' https://*.stepnova.net;media-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;form-action 'self'; 1
default-src 'self'; media-src 'self' https://d1o72l87sylvqg.cloudfront.net; img-src 'self' https://d1o72l87sylvqg.cloudfront.net data: https://assets.juicer.io https://www.juicer.io https://www.googletagmanager.com https://www.clubforfuture.org https://i.ytimg.com https://assets.vercel.com; script-src 'self' 'unsafe-inline' https://assets.juicer.io https://code.jquery.com https://vercel.live https://www.googletagmanager.com https://platform.twitter.com https://www.instagram.com; connect-src 'self' https://blue-cftf-digital-postcards-input-production.s3.us-west-2.amazonaws.com http://www.juicer.io https://idxsrplmmb.execute-api.us-west-1.amazonaws.com/default https://www.google-analytics.com https://vitals.vercel-insights.com; style-src 'self' 'unsafe-inline' https://assets.juicer.io; frame-src https://forms.office.com https://www.instagram.com https://platform.twitter.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; font-src 'self' https://static.juicer.io; object-src data: 1
connect-src 'self' blob: https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.stripe.com https://*.aultman.com https://*.aultman.org https://*.fontawesome.com; default-src 'self'; form-action 'self' http://*.aultman.com https://*.aultman.com https://*.aultman.org; font-src 'self' data: https://*.aultman.com *.typekit.net  https://*.aultman.org https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com *.youtube.com *.aulthealth.com *.careerarc.com *.adsrvr.org *.facebook.com *.twitter.com https://*.aultman.com https://*.aultman.org https://player.vimeo.com/; frame-ancestors 'self' https://*.aultman.org https://*.aultman.com; img-src 'self' blob: data: www.googletagmanager.com *.doubleclick.net *.typekit.net *.google-analytics.com *.facebook.com  https://*.aultman.com https://*.aultman.org https://*.vimeocdn.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com *.adsrvr.org *.edgefonts.net *.googletagmanager.com *.linkedin.com *.google-analytics.com *.google.com *.facebook.net https://*.aultman.com https://*.aultman.org https://stackpath.bootstrapcdn.com https://code.jquery.com https://*.fontawesome.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.typekit.net *.edgefonts.net https://*.aultman.com https://*.aultman.org https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 1
frame-ancestors 'self' http://www.philips.si *.philips.com *.philips.si https://philipsigtdpv.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.linkedin.com *.snapchat.com *.taboola.com *.prod.mplat-ppcprotect.com tr.line.me d.line-scdn.net *.waldorfastorialoscabospedregal.com app.link *.branch.io pixel.sitescout.com www.dwin1.com up.pixel.ad *.googletagmanager.com consent-pref.trustarc.com hilton.demdex.net servedby.flashtalking.com beam.koddi.com *.cdn.forter.com *.forter.com *.navisperformance.com dpm.demdex.net www.dwin1.com secure.quantserve.com smetric.hilton.com *.cdn4.forter.com prvsz4pe.micpn.com sc-static.net cdn.otstatic.com www.opentable.com.mx consent.trustarc.com *.adsrvr.org *.deliciousbrains.com tr.snapchat.com yoast.com ct.pinterest.com *.sojern.com snap.licdn.com s.pinimg.com s.yimg.com assets.adobedtm.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; font-src 'self' data: *.waldorfastorialoscabospedregal.com consent.trustarc.com cdnjs.cloudflare.com *.gstatic.com *.typekit.net; img-src 'self' data: insight.adsrvr.org tr.line.me *.waldorfastorialoscabospedregal.com pixel.sitescout.com *.awin1.com *.zenaps.com googleads.g.doubleclick.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net px.ads.linkedin.com d3nocrch4qti4v.cloudfront.net *.ispot.tv dpm.demdex.net consent.trustarc.com cm.everesttech.net cdnjs.cloudflare.com *.linkedin.com pixel.sojern.com *.adnxs.com *.googleadservices.com *.google.es *.youtube.com *.analytics.yahoo.com match.adsrvr.org px.ads.linkedin.com ct.pinterest.com theeventscalendar.com *.w.org *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' *.navisperformance.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.typekit.net 'unsafe-inline' *.googleapis.com 1
https://moes.gov.in/; 1
default-src 'self'; img-src 'self' https://nuaire.blob.core.windows.net *.gravatar.com *.google-analytics.com *.google.co.uk *.google.com *.linkedin.com *.twitter.com t.co *.facebook.com i.vimeocdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com https://cdn.jsdelivr.net *.google.com https://maps.google.com https://s7.addthis.com https://code.jquery.com https://cc.cdn.civiccomputing.com *.hotjar.com *.doubleclick.net *.ads-twitter.com *.facebook.net *.licdn.com; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' *.youtube.com *.google.com https://player.vimeo.com https://sketchfab.com *.googletagmanager.com *.facebook.com;connect-src 'self' *.google-analytics.com *.civiccomputing.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com 1
frame-ancestors rextheme.com; 1
upgrade-insecure-requests; img-src data: 'self' 'unsafe-inline' 'unsafe-eval' prezi.com *.prezi.com *.genial.ly *.amazonaws.com *.googleapis.com *.oribi.io *.teads.tv *.ads-twitter.com *.youtube.com *.spotify.com *.googletagmanager.com *.google.com.uy *.google.com *.adsymptotic.com *.google-analytics.com *.linkedin.com googleads.g.doubleclick.net *.facebook.com *.awesome-table.com view-awesome-table.com *.hotjar.com *.avanzauruguay.com unpkg.com www.unpkg.com *.googlecode.com *.jsdelivr.net *.unpkg.com *.newrelic.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.utec.edu.uy *.test-utec.edu.uy *.preprod-utec.edu.uy utec.edu.uy *.addthis.com *.youtube-nocookie.com ; default-src data: 'self' 'unsafe-inline' 'unsafe-eval' prezi.com *.prezi.com *.genial.ly *.amazonaws.com *.googleapis.com *.oribi.io *.teads.tv *.ads-twitter.com *.youtube.com *.spotify.com *.googletagmanager.com *.google.com.uy *.google.com *.adsymptotic.com *.google-analytics.com *.linkedin.com googleads.g.doubleclick.net *.facebook.com *.awesome-table.com view-awesome-table.com *.hotjar.com *.avanzauruguay.com unpkg.com www.unpkg.com *.googlecode.com *.jsdelivr.net *.unpkg.com *.newrelic.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com www.googleadservices.com snap.licdn.com connect.facebook.net *.utec.edu.uy *.test-utec.edu.uy *.preprod-utec.edu.uy googleads.g.doubleclick.net *.googleapis.com *.gstatic.com use.fontawesome.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.googletagmanager.com www.google.com stats.g.doubleclick.net google.com.uy www.google.com.uy p.adsymptotic.com *.linkedin.com utec.edu.uy *.addthis.com *.youtube-nocookie.com blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: d38vrblg2ltm93.cloudfront.net d2sfrdhy6z7f7y.cloudfront.net d1p4zz1tej8o4g.cloudfront.net thewonder.it bandai-a.akamaihd.net image.b-ch.com arc.akitashoten.co.jp *.amazonaws.com *.amazon-adsystem.com cdn.ampproject.org *.ampproject.net cdn.syndication.twimg.com code.createjs.com *.facebook.net *.facebook.com static.xx.fbcdn.net *.google.com *.google.co.jp *.gstatic.com d.line-scdn.net *.line.me *.doubleclick.net *.mieru-ca.com ws://ntjp.mieru-ca.com maxcdn.bootstrapcdn.com assets.phalcon.io *.twitter.com t.co *.yimg.com *.ytimg.com *.twimg.com *.yahoo.com static.ads-twitter.com scratch.mit.edu *.scratch.mit.edu *.typesquare.com typesquare.com wos-owa.arise.co.jp *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com maxcdn.bootstrapcdn.com www.youtube.com www.youtube-nocookie.com *.clarity.ms *.onetrust.com ; 1
frame-ancestors https://*.nederlandseloterij.nl 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-SGg2SCD9+MF6VaKWvmRfJl7wpdWJ7jIHpR8dicsOHy/qIPG6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wa-rekrutacja.awf.edu.pl https://api.userway.org https://cdn77.api.userway.org https://cdn.userway.org prod-eu-central-1.ally.ac https://modernizr.com https://ajax.googleapis.com https://www.googletagmanager.com https://*.google.com https://maps.googleapis.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js; img-src 'self' https://wa-rekrutacja.awf.edu.pl  https://api.userway.org https://cdn77.api.userway.org https://cdn.userway.org prod-eu-central-1.ally.ac https://www.google.com https://www.google.pl https://stats.g.doubleclick.net https://maps.gstatic.com data: https://maps.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' prod-eu-central-1.ally.ac https://maps.googleapis.com https://*.google.com https://fonts.googleapis.com https://wa-rekrutacja.awf.edu.pl https://api.userway.org https://cdn77.api.userway.org https://cdn.userway.org; font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://api.userway.org https://themes.googleusercontent.com https://cdn77.api.userway.org https://cdn.userway.org; worker-src 'self' https://www.gstatic.com/recaptcha/ https://api.userway.org https://cdn77.api.userway.org https://cdn.userway.org https://www.google.com/recaptcha/; frame-src 'self' prod-eu-central-1.ally.ac https://www.gstatic.com/recaptcha/ https://api.userway.org https://cdn77.api.userway.org https://cdn.userway.org https://www.google.com/recaptcha/ https://www.youtube.com/; object-src 'self'; connect-src 'self' maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org prod-eu-central-1.ally.ac wa-rekrutacja.awf.edu.pl wss://wa-rekrutacja.awf.edu.pl 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.voyages.com.au/report-uri/enforce 1
default-src http: blob:; script-src 'self' 'nonce-PIhTV9zSKiwGqbtFKhRbdDRpzL24hJi3+tPhRdbRloCRlkcSbDJinbyq+Xg9EhChY/4Ezy0/+V4iJsvjCkBguPkynLaqGeOmo3M5IhW55gkwBNghvn3aUjymC1JjBEOSDf9F3NtDt37CHNpaMw/Ks2TW1TyfYghULPl/UhQefB0='  https://cdn.eventplanner.be *.eventplanner.lan *.pinkminds.tv *.stripe.com  *.facebook.net *.facebook.com *.google.com *.google.be *.google.it *.google.es *.google.fr *.google.de *.google.it *.google.co.uk *.google.ie *.googletagservices.com *.gstatic.com *.googleapis.com *.doubleclick.net *.googletagmanager.com *.ampproject.org *.googlesyndication.com *.licdn.com *.instagram.com *.twitter.com; font-src 'self' 'unsafe-inline' data: *.eventplanner.lan https://cdn.eventplanner.be *.pinkminds.tv *.gstatic.com *.instagram.com; img-src http: https: blob: data:; style-src 'self' 'unsafe-inline' https://cdn.eventplanner.be *.eventplanner.lan *.pinkminds.tv *.gstatic.com *.googleapis.com; child-src 'self' blob: *.eventplanner.be https://cdn.eventplanner.be *.eventplanner.lan *.eventplannernl.lan *.eventplanner.tv *.eventplanner.net *.healthdev.be *.healthdev.nl *.healthdev.tv *.pinkminds.tv *.stripe.com *.facebook.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.google.be *.google.it *.google.es *.google.fr *.google.de *.google.it *.google.co.uk *.google.ie *.googlesyndication.com *.doubleclick.net; frame-ancestors 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.net *.googlecommerce.com *.moatads.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.afterpay.com *.sagepay.com *.vimeo.com chimpstatic.com sibautomation.com *.dekopay.com *.payments-amazon.com *.chatify.com *.pubble.io *.trustpilot.com *.webgains.io *.googleoptimize.com d16fk4ms6rqz1v.cloudfront.net *.flockr.co *.flixfacts.com *.flix360.io *.flixcar.com *.impactcdn.com *.hotjar.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://track.adform.net https://bam.nr-data.net https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-agent.newrelic.com https://loyaltiistatic.azureedge.net https://pricetag.viabill.com https://track.adform.net https://widget.trustpilot.com https://www.googletagmanager.com http://www.googletagmanager.com https://connect.facebook.net https://maps.google.com https://maps.googleapis.com https://static.hotjar.com https://www.google-analytics.com http://www.google-analytics.com https://rum-static.pingdom.net https://s2.adform.net https://script.hotjar.com https://snap.licdn.com https://ajax.aspnetcdn.com *.sleeknote.com https://sleeknote.com https://js.go2sdk.com https://www.googleadservices.com https://bat.bing.com https://xn--nskeskyen-k8a.dk https://policy.app.cookieinformation.com https://storage.googleapis.com/ https://app.agency360.io http://360service.report360.io 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.cliniquesdeleurope.be/fr/report-uri/enforce 1
frame-ancestors sccld.org *.sccld.org sccl.bibliocms.com *.sccl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src sccld.org *.sccld.org sccl.bibliocms.com *.sccl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
object-src 'none';base-uri 'self';frame-ancestors 'self';script-src 'nonce-0e878526e2243ef3c63982f81849cdb8' 'unsafe-eval' 'unsafe-inline' 'self' https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://mc.yandex.com  https://mc.yandex.uz https://www.google.com https://pagead2.googlesyndication.com https://www.google.cz https://www.gstatic.com;script-src-elem 'nonce-0e878526e2243ef3c63982f81849cdb8' 'unsafe-inline' 'self' https://trikotazh.by https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://www.google.com https://www.gstatic.com https://data:3001 https://blob:3001;connect-src 'self' https://*.mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.by https://ymetrica1.com https://yandexmetrica.com:*  https://adservice.google.com https://connect.facebook.net https://www.google.com https://www.google.kz https://www.google.by https://www.google.ru https://www.google.fr https://www.google.com.cy https://www.google.com.ua https://www.google.pl https://www.google.de https://www.google.ge https://www.google.co.il https://www.google.com.tr https://www.google.com.hk https://www.google.co.uk https://www.google.nl https://www.google.ee https://region1.analytics.google.com https://vk.com https://ymetrica1.com https://top-fwz1.mail.ru https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://api.carrotquest.app https://api.carrottrack.app https://o4504796596404224.ingest.sentry.io https://*.trikotazh.by https://region1.google-analytics.com https://googleads.g.doubleclick.net http://327.0.0.1:* https://translate.googleapis.com https://www.google.am https://www.google.ch https://www.google.se https://www.google.fi https://www.google.co.uz https://www.google.no https://www.google.md https://www.google.com.mx;report-uri /csp.php 1
script-src http: https: 'self' 'unsafe-inline' 'unsafe-eval' https://hendi.com/ *.hotjar.com; style-src 'self' blob: https: 'unsafe-inline' https://hendi.com/ *.hotjar.com; connect-src http: https: 'self' *.hotjar.com *.hotjar.io wss://*.hotjar.com; img-src data: http: https: *.hotjar.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src http: https: 'self' geowidget.easypack24.net fonts.gstatic.com *.hotjar.com *.cdnjs.cloudflare.com; frame-src http: https: *.google.com *.youtube.com *.youtu.be *.vimeo.com *.hotjar.com *.criteo.com *.criteo.net consentcdn.cookiebot.com *.facebook.com js.stripe.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.whatever.cz; img-src 'self' https: data: blob: https://toot.whatever.cz; style-src 'self' https://toot.whatever.cz 'nonce-T/ZwIob75qLO62c+0NCImA=='; media-src 'self' https: data: https://toot.whatever.cz; frame-src 'self' https:; manifest-src 'self' https://toot.whatever.cz; form-action 'self'; child-src 'self' blob: https://toot.whatever.cz; worker-src 'self' blob: https://toot.whatever.cz; connect-src 'self' data: blob: https://toot.whatever.cz https://toot.whatever.cz wss://toot.whatever.cz; script-src 'self' https://toot.whatever.cz 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' data: https:; 1
default-src 'self'  'unsafe-inline' recv1.conac.cn dcs.conac.cn s4.cnzz.com hm.baidu.com qcloud.rtc.qq.com trtc-1252463788.file.myqcloud.com bk.rtc.qq.com pingjs.qq.com 'unsafe-eval' blob: data: ;img-src *; connect-src *; 1
default-src 'self' https: *.cloudfront.net; font-src 'self' https: data: fonts.gstatic.com; frame-src 'self' https: data: conversations.app-us1.com *.nr-data.net; object-src 'none'; script-src 'self' https: blob: ga.jspm.io diffuser-cdn.app-us1.com assets.calendly.com banqer38896.activehosted.com js-agent.newrelic.com *.nr-data.net prism.app-us1.com 'nonce-u5wjO8aIf0bJjlcTj2UQ4Q=='; style-src 'self' https: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' https: data: 1
img-src * data:; font-src * data:; connect-src *; form-action *; frame-ancestors 'self' http://*.antstudio.cz http://*.antstudio.eu https://*.antstudio.cz https://*.antstudio.eu; default-src 'self'; object-src *; media-src *; child-src *; worker-src 'self' blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; 1
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.zencdn.net *.iconscout.com *.youtube.com *.googletagmanager.com *.jquery.com cdn.jsdelivr.net unpkg.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: unicons.iconscout.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=28ccpgliquaqd&partner=; 1
frame-ancestors 'self' *.dunlopcb.com dunlopcb.com gtranslate.io *.gtranslate.io; 1
frame-ancestors 'self' https://manage.ewweb.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-eM48kEM1MS9P2VVIU6kG8kUKRZYEDgHKYrVLjD1hUKAhXuDm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-WxIulZk/eq1Nd4dvHeUbN8u3R+ndZdfMSee0eTVsChAaSuUv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-Qq5Wjefef/3ir+2ARFGTBA=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://norrebro.space; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;style-src 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-c558e26a0649fa5c3cb672581ccfe8e8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.adamsfile.com * flacit.com *.yandex.ru *.yandex.net *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net https://mc.yandex.ru mc.yandex.com www.google-analytics.com *.googletagmanager.com  *.addthisedge.com  http://vk.com *.yandex.ru *.yandex.net  http://graph.facebook.com http://www.odnoklassniki.ru *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yandex.net http://vk.com *.fontawesome.com; img-src 'self' * data: www.google-analytics.com *.jivosite.com http://counter.yadro.ru http://*.hotlog.ru http://vk.com http://*.vk.me http://*.skomplekt.com http://lk.alpindustria.ru *.yandex.net *.yandex.ru; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com *.yandex.ru *.fontawesome.com; connect-src 'self' *.yandex.ru https://mc.yandex.ru mc.yandex.com *.instagram.com *.yandex.net www.google-analytics.com; child-src 'self' http://graph.facebook.com https://mc.yandex.ru *.yandex.net *.yandex.ru *.google-analytics.com www.googletagmanager.com *.youtube.com *.instagram.com *.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.wienerstaedtische.at *.googleadservices.com *.clarity.ms *.pages06.net *.hotjar.com *.hotjar.io *.bing.com *.droidmarketing.com *.facebook.net *.googleapis.com *.trustcommander.net *.tagcommander.com *.kapdion.com *.experta.co.at *.doubleclick.net *.vimeo.com *.youtube.com *.facebook.com *.google.com *.google.at *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com donau-versicherung.jobbase.io bat.bing.com cdn.ampproject.org empathy-portal.de fonts.gstatic.com fast.fonts.net privacy.commander1.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com/pagead/; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr/ *.dkms.org.uk; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com/tr/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.de/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://www.facebook.com/ https://td.doubleclick.net/; object-src 'none'; form-action 'self' https://www.facebook.com/tr/; 1
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline' worldline.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' *.onetrust.com snap.licdn.com cdn.cookielaw.org cdnjs.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.youtube.com *.gstatic.com *.cloudflare.com *.google.com worldline.com cdn.cookielaw.org ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com www.googletagmanager.com *.hotjar.com; font-src *; script-src-elem 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' region1.google-analytics.com *.hotjar.io *.onetrust.com maps.googleapis.com optanon.blob.core.windows.net cookies-data.onetrust.io *.hotjar.com cdn.cookielaw.org www.google-analytics.com; frame-src 'self' 'unsafe-inline' *.typeform.com *.doubleclick.net *.google.com*.typeform.com *.doubleclick.net *.google.com *.hotjar.com *.youtube.com 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://buergerservice.ionas.de/ https://tracking-nc.chamaeleon.de https://v5.newsmailservice.de; font-src 'self' data:; frame-ancestors 'self' https://cqm4.cleverq.de; frame-src 'self' https://advisor.co2online.de/hilden/heizcheck/einstieg/nutzungstyp https://advisor.co2online.de/hilden/moderat/einstieg https://advisor.co2online.de/hilden/wpcheck https://beteiligung.nrw.de/ https://buergerservice.ionas.de https://cqm4.cleverq.de https://daten.hilden.info https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://ip.hilden.info/ https://kb.ionas.de https://www.multibc-pep.de; img-src 'self' data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://it.hilden.de https://tiles.chamaeleon.de https://tracking-nc.chamaeleon.de https://v5.newsmailservice.de https://www.hilden.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beteiligung.nrw.de/ https://tracking-nc.chamaeleon.de; script-src-elem 'self' 'unsafe-inline' https://beteiligung.nrw.de/ https://tracking-nc.chamaeleon.de https://v5.newsmailservice.de; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://v5.newsmailservice.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
img-src https: data: 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com connect.facebook.net *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' www.facebook.com consumersupport.pg.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com *.bazaarvoice.com www.google-analytics.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' az-apigateway-cs-prod-20180702.azure-api.net *.pgapi.io *.bazaarvoice.com *.algolia.net *.algolianet.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://widgets.trustedshops.com themes.googleusercontent.com at.alicdn.com kadax.pl *.cloudflare.com *.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com https://plumrocket.com kadax.pl 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com kadax.pl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co *.hotjar.com *.google.com/ *.facebook.com *.trustpilot.com *.criteo.com *.meetanshi.com www.googletagmanager.com secure.payu.com merch-prod.snd.payu.com https://plumrocket.com https://geowidget-app.inpost.pl/ *.weltpixel.com js-agent.newrelic.com swg-2-rog.gkpge.pl kadax.pl *.addthis.com plumrocket.com *.google.com *.paypo.pl *.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://ssl.ceneo.pl *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://img.youtube.com https://www.magezon.com https://meetanshi.com/media/logo.png *.meetanshi.com *.googleadservices.com *.google-analytics.com quickchart.io img.youtube.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.google.pl blob www.google.de www.google.at bam.eu01.nr-data.net www.google.com.ua www.google.sk www.google.ca www.google.se www.google.ch www.google.no www.google.com.pe www.google.cz www.google.co.uk www.google.fr files.mirasvit.com www.google.co.kr www.google.bg www.google.ie www.google.co.in log.pinterest.com www.google.is www.google.be www.google.com.au www.google.dk www.google.com.my kadax.pl *.rzetelnyregulamin.pl static.paynow.pl *.cloudfront.net *.etrusted.com *.bing.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://ssl.ceneo.pl *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com *.avada.io *.google.com/ *.meetanshi.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com js-agent.newrelic.com kadax.pl *.gdpsystem.eu *.rzetelnyregulamin.pl *.furgonetka.pl https://z.moatads.com *.addthisedge.com *.addthis.com *.cloudfront.net *.bing.com *.payu.com *.tiktok.com *.thulium.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com kadax.pl *.rzetelnyregulamin.pl *.cloudflare.com *.gdpsystem.eu *.cloudfront.net *.etrusted.com 'self' 'unsafe-inline'; object-src kadax.pl *.rzetelnyregulamin.pl 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net kadax.pl *.rzetelnyregulamin.pl *.thulium.com 'self' 'unsafe-inline'; manifest-src kadax.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.analytics.google.com *.googletagmanager.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.trustedshops.com *.etrusted.com https://integrations.etrusted.site www.google.pl www.google.sk www.google.com.pe properties www.google.nl www.google.com.ua www.google.de www.google.ie www.google.co.in www.google.ro www.google.by www.google.hu www.google.be ws.hotjar.com api.edrone.me content.hotjar.io kadax.pl *.gdpsystem.eu *.addthis.com *.google.com *.edrone.me *.cloudfront.net *.ipify.org *.payu.com *.tiktok.com *.thulium.com wss://chat-proxy-service.thulium.com/netfox/panel.io/ wss://ws.hotjar.com/api/v2/client/ * data: 'self' 'unsafe-inline'; child-src kadax.pl http: https: blob: 'self' 'unsafe-inline'; default-src kadax.pl *.rzetelnyregulamin.pl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri kadax.pl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
frame-ancestors *.imu.nl *.phoenixsite.nl apprenticexm.nl  1
frame-ancestors self https://mtt-live.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io 1
frame-ancestors 'self' *.bixoto.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.githubusercontent.com *.crwdcntrl.net *.rlcdn.com *.instagram.com *.taboola.com *.twitter.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net *.google.com *.cloudflare *.highcharts.com *.facebook.com *.youtube.com *.google-analytics.com *.cloudflare.com *.googlesyndication.com *.googletagmanager.com *.google.com.br *.googletagservices.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cleverwebserver.com 1
font-src maxcdn.bootstrapcdn.com *.mimo.com.br *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: *.tawk.to v2.zopim.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mimo.com.br *.twitter.com *.ads-twitter.com *.pinterest.com *.facebook.com *.vendavalida.com.br shopline.itau.com.br 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com https://www.youtube.com *.mimo.com.br *.twitter.com *.ads-twitter.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io *.sunset.systems *.doubleclick.net *.vendavalida.com.br api.sunset.system the.sciencebehindecommerce.com *.zenaps.com *.awin1.com wepowerconnections.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com https://www.magezon.com https://cdn.mundipagg.com *.mimo.com.br *.cloudflare.com *.ads-twitter.com t.co *.klarna.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.br *.googletagmanager.com *.ebit.com.br *.yourviews.com.br *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.yviews.com.br *.s3.amazonaws.com *.akamaihd.net *.facebook.com s3-sa-east-1.amazonaws.com conectiva.io s3.amazonaws.com *.pinterest.com *.mercadolibre.com *.clearsale.com.br *.tawk.to api.amedigital.com api.hml.amedigital.com v2assets.zopim.io v2.zopim.com *.openpix.com.br the.sciencebehindecommerce.com *.zenaps.com *.awin1.com wepowerconnections.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com s7.addthis.com *.google.com *.mimo.com.br *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.yourviews.com.br *.yviews.com.br *.ebit.com.br *.google-analytics.com *.gstatic.com *.youtube.com *.googletagmanager.com *.googleadservices.com toc.googlesyndication.com *.doubleclick.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.cartstack.com.br *.hotjar.com *.hotjar.io *.newrelic.com conectiva.io *.nr-data.net *.gr-cdn-e.eu *.cloudflareinsights.com s3.amazonaws.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.tawk.to *.jsdelivr.net *.dwin1.com *.mailclick.me *.jivosite.com *.clearsale.com.br v2.zopim.com analytics.tiktok.com static.zdassets.com the.sciencebehindecommerce.com *.zenaps.com *.awin1.com wepowerconnections.com d3bo67muzbfgtl.cloudfront.net https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.mimo.com.br *.cloudflare.com *.ads-twitter.com *.googleapis.com *.googletagmanager.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yourviews.com.br *.yviews.com.br s3.amazonaws.com *.tawk.to *.jivosite.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com *.mimo.com.br *.jivosite.com v2.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com ekr.zdassets.com/ https://api.mundipagg.com *.mimo.com.br *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.paypal.com *.google-analytics.com *.google.com *.facebook.com *.yourviews.com.br *.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.yviews.com.br conectiva.io *.doubleclick.net *.nr-data.net *.cloudflareinsights.com *.reclameaqui.com.br *.pinterest.com *.cartstack.com.br *.cartstack.com *.mercadolibre.com *.mercadolivre.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.datafrete.com.br *.tawk.to wss://*.tawk.to *.jivosite.com *.mailclick.me rum-static.pingdom.net rum-collector-2.pingdom.net analytics.tiktok.com ekr.zdassets.com wss://widget-mediator.zopim.com the.sciencebehindecommerce.com *.zenaps.com *.awin1.com wepowerconnections.com api.edrone.me *.stape.io analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.econcordia.com https://*.knowledgeone.ca https://teachingacademy.concordia.ca 1
default-src 'self'; font-src 'self' 'unsafe-inline' *;img-src 'self' 'unsafe-inline' * data:; script-src 'self' 'unsafe-inline' https://cdn.datatables.net https://connect.facebook.net https://platform.twitter.com/ https://cdn.jsdelivr.net https://www.googleadservices.com https://www.emeds.pk https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' https://region1.analytics.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com;frame-src 'self' https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com https://fonts.googleapis.com ; img-src 'self' * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://www.youtube.com https://www.instagram.com; connect-src 'self' https://*.nr-data.net https://www.google-analytics.com https://maps.googleapis.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.nnnconsult.com/ 1
default-src localhost petlja.org ; script-src 'self' 'nonce-By6Z0IKsO9ujL/mrfc0tonusU3FGRHPmkjry2CPUNCw=' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com cdn.ckeditor.com google-analytics.com www.google-analytics.com *.vo.msecnd.net translate.google.com translate.googleapis.com toolness.github.io cdn.jsdelivr.net requirejs.org petljamediastorage.blob.core.windows.net www.googletagmanager.com blob: unpkg.com ; worker-src 'self' blob: ; style-src 'self' 'unsafe-inline' code.jquery.com use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com translate.googleapis.com maxcdn.bootstrapcdn.com openstreetmap.org https://codemirror.net/theme/3024-night.css blob: ; media-src petljamediastorage.blob.core.windows.net petljadevstorage.blob.core.windows.net blockly-demo.appspot.com openstreetmap.org ; object-src 'self' petljamediastorage.blob.core.windows.net ; frame-src 'self' www.youtube.com www.facebook.com pythontutor.com petljamediastorage.blob.core.windows.net petljastorage.blob.core.windows.net scratch.mit.edu phet.colorado.edu toolness.github.io www.geogebra.org www.tiktok.com blob: ; img-src 'self' data: blob: img.youtube.com petljamediastorage.blob.core.windows.net petljadevstorage.blob.core.windows.net www.google-analytics.com stats.g.doubleclick.net code.jquery.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com i.creativecommons.org licensebuttons.net openstreetmap.org https://blockly-demo.appspot.com www.google.rs google.rs ; font-src 'self' data: fonts.gstatic.com use.fontawesome.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ; connect-src 'self' dc.services.visualstudio.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net translate.googleapis.com cdn.plyr.io/3.5.10/ cdn.jsdelivr.net pypi.org/ files.pythonhosted.org https://petljamediastorage.blob.core.windows.net a.tile.openstreetmap.org b.tile.openstreetmap.org analytics.google.com ; frame-ancestors 'self' ; form-action 'self' *.google.com *.facebook.com *.microsoftonline.com ; base-uri 'self' ; report-uri /api/csp; report-to csp-report 1
style-src 'self' fonts.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; media-src *; img-src * data: blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:44399 https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googleadservices.com https://tagmanager.google.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://d3c3cq33003psk.cloudfront.net static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d3c3cq33003psk.cloudfront.net d2r7uc8e08s26x.cloudfront.net messages.qubit.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://bat.bing.com https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://payments.worldpay.com https://hpp.worldpay.com https://ece.equiniti.co.uk; style-src 'self' 'unsafe-inline' https://quotespeed.morningstar.com https://ece.equiniti.co.uk; img-src 'self' data: https://www.equiniti.com https://sso.ops.equiniti.com https://www.google.com https://www.google-analytics.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://rtqimg.morningstar.com https://stats.g.doubleclick.net https://t.co https://www.facebook.com https://bat.bing.com https://ece.equiniti.co.uk; connect-src 'self' https://localhost:44399 wss://localhost:44399 *.qubit.com *.qubitproducts.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://pullqs.morningstar.com https://lt.morningstar.com https://www.google-analytics.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://ece.equiniti.co.uk; child-src 'self' https://sso.ops.equiniti.com https://www.equiniti.com https://apis.google.com https://accounts.google.com https://lt.morningstar.com https://www.facebook.com https://www.youtube.com https://ece.equiniti.co.uk; frame-src 'self' https://sso.ops.equiniti.com https://www.equiniti.com https://apis.google.com https://accounts.google.com https://lt.morningstar.com https://www.facebook.com https://www.youtube.com https://payments.worldpay.com https://hpp.worldpay.com https://hpp-sandbox.worldpay.com https://payments-test.worldpay.com https://ece.equiniti.co.uk; 1
script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com 'nonce-fzeBhRegaNUJzVmftdZJnpyLvDQG4hY2mymu4ZgtJx0=';frame-src 'self' https://hcaptcha.com https://www.google.com/ https://*.hcaptcha.com https://www.youtube.com 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net https://rasawebchatcdnstaticapi.gsan.com.br/cdn/rasa-webchat.js https://botoinject.gsan.com.br/5209390111079/channel-inject.js https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.ima.sp.gov.br ima.sp.gov.br https://*.campinas.sp.gov.br https://campinas.sp.gov.br https://*.youtube.com https://hosted.muses.org https://*.addthis.com https://*.addthisedge.com https://app.powerbi.com https://cdn.userway.org https://api.userway.org https://vlibras.gov.br https://*.vlibras.gov.br https://cdp.cloud.unity3d.com https://*.hotjar.com webpack: blob:; img-src 'self' https://cdn.jsdelivr.net https://*.vlibras.gov.br https://vlibras.gov.br https://script.hotjar.com http://*.ima.sp.gov.br https://*.campinas.sp.gov.br https://*.ytimg.com https://www.google.com https://www.googLeapis.com https://clients1.googLe.com https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://vlibras.gov.br http://*.vlibras.gov.br https://script.hotjar.com; connect-src 'self' https://cdn.jsdelivr.net https://botobucketrestapi.gsan.com.br wss://webchatsocketapi.gsan.com.br/socket.io/?EIO=4&transport=websocket https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://config.uca.cloud.unity3d.com https://cdp.cloud.unity3d.com https://vlibras.gov.br https://*.vlibras.gov.br https://in.hotjar.com https://*.ima.sp.gov.br https://*.campinas.sp.gov.br; frame-src https://*.monday.com https://www.youtube.com https://app.powerbi.com https://vars.hotjar.com https://cse.googLe.com https://*.ima.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com; frame-ancestors 'self' https://*.ima.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' static.wufoo.com ajax.aspnetcdn.com ajax.googleapis.com cdn.calibermind.com cdn.jsdelivr.net extend.vimeocdn.com fast.fonts.net js-na1.hs-scripts.com use.typekit.net vjs.zencdn.net wasm-eval www.visiquate.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net visiquate.bamboohr.com apps.elfsight.com cdn.metarouter.io lftracker.leadfeeder.com player.live-video.net player.vimeo.com scout-cdn.salesloft.com services.cognitoforms.com static.cognitoforms.com www.cognitoforms.com www.google-analytics.com www.googletagmanager.com visiquate.com www.wufoo.com www.paypal.com www.paypalobjects.com connect.facebook.net js.driftt.com kit.fontawesome.com t4.trackalyzer.com googleads.g.doubleclick.net static.hotjar.com web-sdk.smartlook.com; script-src-elem 'self' 'unsafe-inline' visiquate.bamboohr.com performance.radar.cloudflare.com www.googletagmanager.com cdn.metarouter.io ajax.googleapis.com lftracker.leadfeeder.com use.typekit.net fast.fonts.net vjs.zencdn.net ajax.aspnetcdn.com cdn.jsdelivr.net www.google-analytics.com extend.vimeocdn.com scout-cdn.salesloft.com js-na1.hs-scripts.com cdn.calibermind.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net apis.google.com cdnjs.cloudflare.com form.jotform.com gc.kis.v2.scr.kaspersky-labs.com player.vimeo.com t4.trackalyzer.com www.paypal.com browser.sentry-cdn.com cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms js.driftt.com services.cognitoforms.com www.jotform.com www.paypalobjects.com www.visiquate.com www.wufoo.com kit.fontawesome.com www.cognitoforms.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fast.fonts.net visiquate.bamboohr.com vjs.zencdn.net www.cognitoforms.com visiquate.com www.visiquate.com pro.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jotfor.ms; style-src-attr 'unsafe-inline'; img-src 'self' data: files.jotform.com forms.hsforms.com i.vimeocdn.com p.typekit.net resources.bamboohr.com tr.lfeeder.com track.hubspot.com www.google-analytics.com visiquate.com www.visiquate.com www.paypalobjects.com i.ytimg.com t.paypal.com about fast.fonts.net s3-us-west-2.amazonaws.com www.googletagmanager.com dbschema.com region1.google-analytics.com www.dbschema.com benchmark.1e100cdn.net cdnetworks.cedexis-test.com cedexis-test.akamaized.net essl-cdxs.edgekey.net exactly-huge-arachnid.edgecompute.app fastly.cedexis-test.com fastly.jsdelivr.net fonts.gstatic.com jsdelivr.b-cdn.net p17003.cedexis-test.com p29.cedexis-test.com ptcfc.com scout.us2.salesloft.com serverless-benchmarks-js.compute-pipe.com serverless-benchmarks-rust.compute-pipe.com stackpath-map3.cedexis-test.com testingcf.jsdelivr.net translate.google.com uniquely-peaceful-hagfish.edgecompute.app vdms-ssl.cedexis-test.com cdn.honey.io www.cognitoforms.com yastatic.net uploads-ssl.webflow.com cdn.jotfor.ms www.jotform.com events.jotform.com; font-src 'self' data: fast.fonts.net themes.googleusercontent.com use.typekit.net vjs.zencdn.net www.cognitoforms.com pro.fontawesome.com ka-p.fontawesome.com fonts.gstatic.com ms-browser-extension account.affilitizer.com static.hsappstatic.net cdn.jotfor.ms; connect-src 'self' forms.hscollectedforms.net visiquate.bamboohr.com www.cognitoforms.com www.google-analytics.com www.paypal.com scout.salesloft.com region1.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com api.craftcms.com extend.vimeocdn.com js.hscollectedforms.net stats.g.doubleclick.net invalid.rpki.cloudflare.com valid.rpki.cloudflare.com static.hsappstatic.net w88p9x.com analytics.google.com api.jotform.com; object-src 'none'; frame-src 'self' player.vimeo.com visiquate.wufoo.com www.youtube.com www.paypal.com www.paypalobjects.com js.driftt.com www.googletagmanager.com help.visiquate.com 172.25.15.1:8090 auth.grata.com vimeo.com ironweb02.nrhnt.nrh-ok.com submit.jotform.com; base-uri 'self'; report-uri https://visiquate.report-uri.com/r/d/csp/wizard 1
block-all-mixed-content; frame-ancestors 'self' https://*.haravan.com https://*.haravan.app; upgrade-insecure-requests 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-7fff110dac612511d049ce4850c69c07'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; base-uri 'self'; object-src 'none'; frame-src 'self'; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.movesmarter.nl https://*.tile.openstreetmap.org https://*.googleapis.com https://chart.apis.google.com/chart https://maps.gstatic.com https://maps-api-ssl.google.com https://dashboard.situm.es data:; form-action 'self'; script-src 'self' https://maps-api-ssl.google.com 1
connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net http://c.seznam.cz https://region1.analytics.google.com https://q.clarity.ms https://www.facebook.com https://www.google.cz; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://cdn.tiny.cloud/1/ https://fonts.googleapis.com https://unpkg.com/aos@2.3.1/dist/aos.css; img-src 'self' blob: data: https://www.gstatic.com https://sp.tinymce.com https://www.googletagmanager.com https://www.facebook.com https://www.google.com https://www.google.cz http://c.seznam.cz https://google-analytics.com/collect https://www.google-analytics.com/collect https://stats.g.doubleclick.net https://c.clarity.ms https://c.bing.com; script-src 'nonce-nawoQciC+f+5RKHSfq4lHQ==' 'strict-dynamic' 'self' 'unsafe-inline' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.tiny.cloud/1/ https://www.googletagmanager.com/gtag/js https://unpkg.com/aos@2.3.1/dist/aos.js https://code.jquery.com/jquery-3.6.4.min.js; font-src 'self' data: https://fonts.gstatic.com; object-src 'self'; base-uri 'none'; frame-src 'self' https://www.google.com/recaptcha/; media-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-c336hNM+IUG2jhYz1hTAlNrDgNUO0WaAJrXRwlUoxstqFqax' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'unsafe-inline' 'unsafe-eval' *.riw-touristik.de *.trbo.com www.cruiseportal.de *.consensu.org *.consentmanager.net stats.g.doubleclick.net cloud1.tgtptw.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.google.com *.youtube-nocookie.com snap.licdn.com *.facebook.net *.facebook.com *.linkedin.com *.chatwerk.de; font-src * data:; img-src * 'self' data: https:; frame-ancestors 'self' *.riw-touristik.de https://www.cruiseportal.de https://www.mein-schoener-garten.de https://www.netto-reisen24.de *.my-dream-holidays.com *.wherethetrailbegins.com; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.addthis.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cloudflare.com https://cdn.addevent.com https://tools.euroland.com https://sc-static.net https://connect.facebook.net https://maps.googleapis.com https://code.jquery.com https://instagram.com https://cdn.syndication.twimg.com https://s.ytimg.com https://platform.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com  https://www.youtube.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.addthis.com https://*.addthisedge.com https://graph.facebook.com; style-src 'self' 'unsafe-inline' fast.fonts.net https://tagmanager.google.com https://fonts.googleapis.com  https://platform.twitter.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com https://www.facebook.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://*.cdninstagram.com https://*.twimg.com https://*.twitter.com https://*.fbcdn.net https://storify.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com; child-src 'self' https://www.google.com https://*.addthis.com; frame-src 'self' *.euroland.com tools.eurolandir.com https://tr.snapchat.com https://staticxx.facebook.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://*.addthis.com https://player.vimeo.com https://www.google.com https://www.youtube.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.paypalobjects.com *.googletagmanager.com *.googleapis.com *.google-analytics.com  googleads.g.doubleclick.net *.gstatic.com *.facebook.net *.googlecommerce.com *.addthis.com *.addthisedge.com *.paypal.com *.postcodeanywhere.co.uk *.ampproject.org simplybook.it *.zdassets.com *.doofinder.com *.simpli.fi *.sagepay.com *.hotjar.com *.hotjar.io *.pinimg.com *.klaviyo.com *.freedompay.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-+7Br/7JSZCTTAgWIwH5REQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' docs.usablelife.com *.googleadservices.com *.azurewebsites.net script.crazyegg.com tracking.crazyegg.com vimeo.com vimeocdn.com *.vimeo.com *.vimeocdn.com recaptcha.net www.recaptcha.net *.recaptcha.net gstatic.com www.gstatic.com *.gstatic.com www.google.com *.google.com www.googletagmanager.com *.google-analytics.com *.fontawesome.com connect.facebook.net data:; img-src * data:; 1
default-src 'self'; connect-src *; font-src *; frame-src * blob:; img-src * data: blob:; media-src *; object-src 'self' blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
script-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com https://cse.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://platform.twitter.com https://www.google.com/jsapi https://www.gstatic.com/charts/loader.js 'sha256-4pDojRVV9yqHOPnFCBXoIOFErTZacSowk+F7/nJpAmI=' 'sha256-ggjKYEmG17Azw7zb0TPXwBt0RKjvenj2Lk+DmCW57N8=' 'sha256-oFpfmhRF4Es8+OBCayDd8pgdnwKa8k9ZPqQS1g5Ot1s=' 'nonce-qCPPR6gCzn67UgW7KIUTVg=='; style-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com 'unsafe-inline'; frame-ancestors 'self'; default-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net; frame-src https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net; object-src 'none'; img-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com https://i.ytimg.com https://secure.gravatar.com www.googletagmanager.com https://www.google-analytics.com https://www.google.com/pagead/1p-user-list/1038696248/ data:; connect-src https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com 'self' https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com/j/collect https://www.google-analytics.com/g/collect; navigate-to 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net; child-src https://www.youtube.com https://platform.twitter.com https://bid.g.doubleclick.net; media-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net https://www.youtube.com; form-action https://www.paypal.com https://www.paypal.com https://www.paypalobjects.com 'self'; font-src 'self' https://media.peaceopstraining.org https://cdn.peaceopstraining.org https://poti-media.s3.amazonaws.com https://poti-courses.s3.amazonaws.com https://d1quhl37gh6ot5.cloudfront.net https://fonts.gstatic.com; base-uri 'none' 1
default-src https: ws:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://tagmanager.google.com  https://www.gstatic.com https://cig.asp.virtual-call-center.eu maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' https://tagmanager.google.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src  'self' * https://ssl.gstatic.com https://www.gstatic.com/ maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; media-src 'self' data: blob:; child-src 'self' https://cig.asp.virtual-call-center.eu https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.cig.eu; connect-src 'self' *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; 1
connect-src https:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jqueryui/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://usaepay.com/ http://seal-atlanta.bbb.org/logo/ http://cdnjs.cloudflare.com/ajax/libs/summernote/0.8.9/summernote-bs4.js https://bframe.sandbox.repay.io/checkout/merchant/api/v1/ https://www.stratuspayments.net/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-KmeZvOKINJdSalFnp3aJgJilx+d6F9PIbwJ9ywzM5YGAqX0C' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self';  child-src 'none'; object-src 'none'; worker-src 'none'; frame-src 'self' https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.arcgis.com https://www.google.com; default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://maps.googleapis.com https://tagmanager.google.com https://ton.twimg.com; font-src 'self' https://vanilla.co.za https://fonts.gstatic.com https://maps.googleapis.com/maps/api/js; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js https://tagmanager.google.com https://ssl.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://maps.googleapis.com; img-src 'self' www.googletagmanager.com www.google-analytics.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com maps.gstatic.com maps.googleapis.com data:; form-action 'self' mail.vanilla.co.za https://www.google.com/search https://syndication.twitter.com/i/jot data:; 1
default-src 'self' ;															script-src 'self' 'unsafe-inline' 'unsafe-eval'			https://cdn.cookielaw.org			https://prod-druid-api.azurewebsites.net; 		script-src-elem 'self' 'unsafe-inline'			https://www.gstatic.com			https://cdn.cookielaw.org			https://www.googletagmanager.com			https://www.youtube.com			https://ssl.google-analytics.com/ga.js			https://www.google-analytics.com/analytics.js			https://www.google.com/recaptcha/api.js			https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js			https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js			https://prod-druid-apc.azureedge.net; 		font-src 'self' data:  			https://use.fontawesome.com			https://fonts.gstatic.com; 		style-src 'self' 'unsafe-inline'; 						style-src-elem 'self' 'unsafe-inline'  			https://use.fontawesome.com			https://fonts.googleapis.com/css			https://prod-druid-apc.azureedge.net;		object-src 'self'  			https://activex.microsoft.com/activex/controls/mplayer			https://apple.com/qtactivex			https://download.macromedia.com/pub/shockwave/cabs			https://java.sun.com/products/plugin/autodl			https://video.google.com/googleplayer;		frame-src 'self'  			https://www.youtube-nocookie.com			https://www.google.com			https://www.youtube.com; 		connect-src 'self'  			https://www.google-analytics.com			https://stats.g.doubleclick.net			https://cdn.cookielaw.org			https://prod-druid-api.azurewebsites.net			https://directline.botframework.com;					img-src 'self' data: 			https://my.edenred.ro			https://i.ytimg.com			https://ssl.google-analytics.com			https://www.google-analytics.com			https://stats.g.doubleclick.net			https://www.edenred.ro			https://www.google.ro			https://www.google.com			https://cdn.cookielaw.org;	 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5pi2jmtique03&partner=; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6gEtwMH8LDgY+7UdIK8YrgZT6i4l8DR+yP675EYLdnEYKGxC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com static.reservio.com; script-src-elem 'self' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com static.reservio.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com static.reservio.com; font-src fonts.googleapis.com fonts.gstatic.com; img-src https: data:; frame-src 'self' www.facebook.com td.doubleclick.net www.google.com maps.google.com www.youtube-nocookie.com *.youtube.com; connect-src 'self' *.doubleclick.net *.googlesyndication.com *.analytics.google.com *.google-analytics.com; 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com cvdm.nl werkenbijcvdm.nl www.werkenbijcvdm.nl; img-src * data: https://ssl.gstatic.com https://www.gstatic.com; media-src *; script-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com cvdm.nl werkenbijcvdm.nl www.werkenbijcvdm.nl 'unsafe-inline' 'unsafe-eval' https://use.typekit.com https://use.typekit.net https://f.vimeocdn.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://*.googleapis.com https://maps.google.com https://apis.google.com https://player.vimeo.com https://kit.fontawesome.com https://kit-pro.fontawesome.com; font-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com cvdm.nl werkenbijcvdm.nl www.werkenbijcvdm.nl https://use.typekit.com https://use.typekit.net https://fonts.gstatic.com data: https://use.fontawesome.com; style-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com cvdm.nl werkenbijcvdm.nl www.werkenbijcvdm.nl 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://use.fontawesome.com; frame-src https://www.youtube.com https://www.google.com https://player.vimeo.com www.cvdm.nl 1
frame-ancestors 'self' www.kookaburrasport.com.au 1
frame-ancestors 'none'; sandbox allow-scripts allow-same-origin; default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; base-uri 'none'; form-action 'none'; media-src 'self' 1
child-src  www.paypalobjects.com blob: data:; connect-src  brgifts.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms *.acsbapp.com s.yimg.com brecksgifts.attn.tv events.attentivemobile.com src.apis.discover.com bcp.crwdcntrl.net *.sharethis.com inbound-analytics.pixlee.com maps.googleapis.com *.crazyegg.com *.facebook.com www.brecksgifts.com content.discovercard.com *.google.com acsbapp.com gardensalive.force.com gaorder.gardensalive.com *.bizrate.com photos.pixlee.co gardensalive.my.site.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  brgifts.cv3admin.com h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: h2.commercev3.net acsbapp.com www.brecksgifts.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.brecksgifts.com webto.salesforce.com brgifts.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com  www.pinterest.com www.google.com photos.pixlee.co src.mastercard.com secure.checkout.visa.com srcdcf.americanexpress.com *.sharethis.com *.pinterest.com service.force.com creatives.attn.tv *.online-metrix.net  content.discovercard.com *.pixlee.com catalog.brecksgifts.com *.facebook.com www.googletagmanager.com gardensalive.my.salesforce.com oc-cdn-ocprod.azureedge.net; frame-ancestors  ; img-src  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com *.google.com *.googleapis.com ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms sp.analytics.yahoo.com assets.pixlee.com brgifts.cv3admin.com *.checkout.visa.com  *.sharethis.com maps.gstatic.com www.brecksgifts.com *.online-metrix.net content.discovercard.com *.acsbapp.com brecksgifts.attn.tv connect.facebook.net assets.pxlecdn.com h2.commercev3.net/cdn.brecksgifts.com/ www.google.co.in *.bizrate.com www.pages08.net *.bbb.org; script-src  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ *.clarity.ms cdn.attn.tv assets.pixlee.com s.yimg.com cdn.mxpnl.com acsbapp.com api.universalcookie.com brgifts.cv3admin.com ajax.aspnetcdn.com assets.pxlecdn.com secure.checkout.visa.com src.mastercard.com webapp.src.discover.com www.aexp-static.com *.secure.checkout.visa.com *.sharethis.com garecommend.gardensalive.com maps.googleapis.com service.force.com *.crazyegg.com dnn506yrbagrg.cloudfront.net *.salesforceliveagent.com *.google.com *.online-metrix.net content.discovercard.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com  jqueryvalidation.org cdnjs.cloudflare.com view.publitas.com/embed.js  tpc.googlesyndication.com *.bizrate.com www.sc.pages08.net oc-cdn-ocprod.azureedge.net gardensalive.my.site.com cdnjs.cloudflare.com *.bbb.org; script-src-elem  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ *.clarity.ms cdn.attn.tv assets.pixlee.com s.yimg.com cdn.mxpnl.com acsbapp.com api.universalcookie.com brgifts.cv3admin.com ajax.aspnetcdn.com assets.pxlecdn.com secure.checkout.visa.com src.mastercard.com webapp.src.discover.com www.aexp-static.com *.secure.checkout.visa.com *.sharethis.com garecommend.gardensalive.com maps.googleapis.com service.force.com *.crazyegg.com dnn506yrbagrg.cloudfront.net *.salesforceliveagent.com *.google.com *.online-metrix.net content.discovercard.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com  jqueryvalidation.org cdnjs.cloudflare.com view.publitas.com/embed.js  tpc.googlesyndication.com *.bizrate.com www.sc.pages08.net oc-cdn-ocprod.azureedge.net gardensalive.my.site.com cdnjs.cloudflare.com *.bbb.org; style-src  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brgifts.cv3admin.com *.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com oc-cdn-ocprod.azureedge.net gardensalive.my.site.com; style-src-elem  h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brgifts.cv3admin.com *.sharethis.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com oc-cdn-ocprod.azureedge.net gardensalive.my.site.com; style-src-attr  'unsafe-inline'; media-src  brgifts.cv3admin.com h2.commercev3.net/cdn.brecksgifts.com/ cdn.brecksgifts.com www.bing.com *.acsbapp.com *.brecksgifts.com; 1
default-src 'self' https://*.helloumi.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.webquality.it/; style-src 'self' https://www.gstatic.com/ https://*.googleapis.com/ https://consent.cookiefirst.com https://use.fontawesome.com https://cdn.webquality.it/ 'unsafe-inline'; script-src 'self' https://ingestion.webanalytics.italia.it/ https://*.googleapis.com/ https://*.firebaseio.com https://consent.cookiefirst.com https://translate.google.com/  https://*.expertrec.com  https://www.googletagmanager.com/ https://cdn.webquality.it/ 'unsafe-inline' 'unsafe-eval'; img-src https://d20j3a1e4m2ov9.cloudfront.net/ https://ingestion.webanalytics.italia.it/ https://*.giphy.com https://sviluppo.mys.it https://*.googleapis.com/ https://translate.google.com https://translate.googleapis.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://i.ytimg.com https://cdn.webquality.it/ 'self' data: 'unsafe-inline'; connect-src https://csp.withgoogle.com wss://*.firebaseio.com  https://api.cookiefirst.com/ https://translate.google.com/  https://*.googleapis.com/ https://*.expertrec.com *.analytics.google.com *.google-analytics.com https://consent.cookiefirst.com/ https://edge.cookiefirst.com/ https://cdn.webquality.it/ 'self' 'unsafe-inline'; child-src https://e.issuu.com https://www.google.com/ https://cdn.webquality.it/ 'self'  https://player.vimeo.com  https://www.youtube.com/ https://www.youtube-nocookie.com/ https://service.sanita.padova.it/ https://*.firebaseio.com; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' https://placekitten.com; style-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; require-trusted-types-for 'script' 1
default-src https: data: self: 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartlook.cloud *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartlook.com rec.smartlook.com *.googleapis.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com; connect-src 'self' 'unsafe-inline' *.doubleclick.net *.smartlook.cloud *.smartlook.com *.youtube.com *.facebook.com connect.facebook.net; worker-src blob:; frame-src 'self' *.youtube.com *.facebook.com connect.facebook.net; child-src *.youtube.com *.facebook.com connect.facebook.net *.smartlook.cloud *.smartlook.com; 1
upgrade-insecure-requests; default-src 'self' *.zinia.com; script-src 'self' *.zinia.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://maps.googleapis.com https://browseranalytic.com  https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com  *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com  *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com www.googleoptimize.com; connect-src 'self' *.zinia.com *.google-analytics.com  *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io;  style-src 'self' *.zinia.com 'unsafe-inline'; img-src 'self' *.zinia.com px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.ie *.google.com https://aax-eu.amazon-adsystem.com  bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com; media-src 'self' *.zinia.com *.youtube.com;  frame-src 'self' *.zinia.com https://www.google.com *.gstatic.com *.youtube.com *.doubleclick.net blob: ; child-src 'self' *.zinia.com https://www.google.com *.gstatic.com *.youtube.com blob: ;frame-ancestors 'self' *.zinia.com api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 1
'self' https://www.dhaniloansandservices.com/ 1
default-src 'self' https://*.svtrd.com/ https://www.google-analytics.com https://www.facebook.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.youtube.com https://*.google.com;frame-ancestors 'self' https://*.youtube.com https://*.google.com https://*.krungsriautobroker.com https://*.appmanteam.com; object-src 'self'; script-src 'self' https://*.youtube.com https://www.googletagmanager.com http://*.r42tag.com https://*.krungsriauto.com https://*.facebook.net https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com http://*.line-cdn.net http://www.googleadservices.com https://*.doubleclick.net https://*.line-scdn.net https://*.onetrust.com https://*.jquery.com https://*.cloudflare.com https://*.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' https://*.bootstrapcdn.com https://*.krungsriauto.com 'unsafe-inline'; style-src 'self' https://*.krungsriauto.com 'unsafe-inline'; img-src 'self' https://www.krungsriautobroker.com https://*.onetrust.com https://www.google.com https://www.google-analytics.com https://www.google.co.th/ https://www.facebook.com https://*.line.me https://www.facebook.com https://*.svtrd.com https://*.doubleclick.net https://*.adsrvr.org data: 1
default-src 'self' https://www.gstatic.com; font-src 'self' data: http://fonts.googleapis.com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com https://*.google.com https://tagmanager.google.com https://hcaptcha.com https://*.hcaptcha.com; child-src 'self' https://searchwp.com https://www.youtube.com https://www.youtube-nocookie.com https://www.gstatic.com https://*.google.com https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: *; media-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://matomo.casa.or.at http://www.googleadservices.com http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://maps.gstatic.com https://maps.gstatic.com https://www.gstatic.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://polyfill.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' * https://hcaptcha.com https://*.hcaptcha.com; worker-src blob: 1
form-action *.authorize.net 'self';img-src * data:;script-src * 'unsafe-inline';script-src-attr * 'unsafe-inline';connect-src *;frame-src *;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' *.holidayemotions.com *.tawk.to/* *.3cx.gr/*; 1
frame-ancestors 'self' https://*.bndhmo.com/ 1
default-src 'self'; form-action 'self'; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https://*.twitter.com https://pbs.twimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://ton.twimg.com/ https://www.googletagmanager.com https://www.google.co.jp data:; frame-src https://platform.twitter.com/ https://syndication.twitter.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com/; script-src 'self' 'unsafe-eval' 'nonce-8Oula6B7EnIaLvwqpcTSpkamgt8nlWmodqRSt08oxqfiEjicOl+tpj2gvRwOJQ7eDmhHwjHwXk0vt614tMvuKQ==' https://maps.googleapis.com/ https://cdn.syndication.twimg.com/ https://www.gstatic.com/ https://platform.twitter.com/ https://www.google.com/ www.google-analytics.com/ https://www.googletagmanager.com/; connect-src https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://analytics.google.com/ 1
frame-ancestors meteam.org 'self'; 1
font-src 'self' themes.googleusercontent.com data:; frame-src 'self' https://player.vimeo.com/ https://www.dailymotion.com/ https://youtu.be/ https://www.youtube.com/ https://bo-ris.ademe.fr/ http://preprod-ris.ademe.fr/ https://prod-ris.ademe-dri.fr/ https://www3.ademe.fr/ https://geo.dailymotion.com/ https://c1.adform.net/; img-src 'self' data: https://logs1412.xiti.com https://vocalcom01.teleperformance.fr https://cvst.france-renov.gouv.fr https://server.seadform.net https://www.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/ wss://widget-mediator.zopim.com https://static.zdassets.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://static.zdassets.com https://cvst.france-renov.gouv.fr http://et.eulerian.net https://server.adform.net https://s2.adform.net https://www.facebook.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://vocalcom01.teleperformance.fr; style-src-attr 'self' 'unsafe-inline' 1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-omR1r3g4d1Kb+B7tgXQ9cQ==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1705981963405733-16550222896870256294-balancer-l7leveler-kubr-yp-sas-80-BAL-8712&yandexuid=1702562941705981963&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=&yandexuid=; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net ya.ru *.ya.ru; 1
default-src 'self' https://172.16.3.11:8000 https://app-cert-legales-dev.azurewebsites.net https://app-sb-web-prod.azurewebsites.net https://SBWebprod.azurewebsites.net https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://sb.ucontactcloud.com https://maps.googleapis.com https://api.userway.org https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.userway.org https://analytics.google.com wss://prousuario.johnny.chat data:;                       style-src 'self' 'unsafe-inline' https://app-sb-web-prod.azurewebsites.net https://fonts.googleapis.com https://assets.calendly.com https://cdn.userway.org;                       font-src 'self' https://cdn.userway.org https://fonts.gstatic.com data:;                       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.google.com  https://www.googletagmanager.com https://www.gstatic.com https://sb.ucontactcloud.com https://static.tagshelf.io https://assets.calendly.com https://cdn.userway.org https://certify-js.alexametrics.com https://static.hotjar.com https://cdn.jsdelivr.net/npm/chart.js@3.7.1/dist/chart.min.js https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js;                       img-src 'self' https://app-sb-web-prod.azurewebsites.net  https://www.google-analytics.com https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://cdn.userway.org https://maps.googleapis.com https://maps.gstatic.com https://assets.calendly.com https://dashboard.umbraco.com https://certify.alexametrics.com https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com https://static.tagshelf.io https://www.google.com https://www.google.com.do data: blob:;                       media-src 'self' data:;                       child-src 'self' https://cdn.userway.org https://www.youtube.com https://www.google.com https://sb.ucontactcloud.com https://static.tagshelf.io https://calendly.com https://view.genial.ly https://app.powerbi.com https://be.nortic.ogtic.gob.do blob:;        frame-ancestors 'self';        form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.talkjs.com https://app.talkjs.com https://capture.trackjs.com https://www.rovid.nl; img-src 'self' data: https://statistiek.rijksoverheid.nl https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://platform.twitter.com https://ton.twimg.com https://app.talkjs.com https://cdn.talkjs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://app.talkjs.com https://cdn.talkjs.com; font-src 'self' data:; media-src 'self' https://www.rovid.nl https://app.talkjs.com https://cdn.talkjs.com; child-src 'self'; object-src 'self'; frame-src 'self' https://statistiek.rijksoverheid.nl https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://player.vimeo.com https://app.talkjs.com; connect-src 'self' https://app.talkjs.com https://capture.trackjs.com; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 1
default-src 'none';
                script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com/ https://csi.gstatic.com/;
                style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://csi.gstatic.com/;
                object-src 'none';
                frame-ancestors 'self';
                base-uri 'self';
                form-action 'self';
                img-src 'self' https://s3.amazonaws.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://maps.googleapis.com/ https://khms1.googleapis.com/;
                frame-src 'self' https://www.youtube.com/;
                font-src 'self' https://fonts.gstatic.com/;
         1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://transfur.social; img-src 'self' https: data: blob: https://transfur.social; style-src 'self' https://transfur.social 'nonce-0wkE9/tocxZ5uqWX3rWmDg=='; media-src 'self' https: data: https://transfur.social; frame-src 'self' https:; manifest-src 'self' https://transfur.social; form-action 'self'; child-src 'self' blob: https://transfur.social; worker-src 'self' blob: https://transfur.social; connect-src 'self' data: blob: https://transfur.social https://r2.transfur.social wss://transfur.social; script-src 'self' https://transfur.social 'wasm-unsafe-eval' 1
base-uri 'self';frame-ancestors 'self' vivendo.co *.vivendo.co 1
default-src 'self'; script-src 'self' *.googletagmanager.com *.google-analytics.com *.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' *.vimeocdn.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.google.com *.google.de data:; font-src 'self' data:; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.doubleclick.net; frame-src *.umantis.com *.vimeo.com vimeo.com *.matterport.com *.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'none' 1
script-src 'unsafe-inline' 'unsafe-eval' https: filesystem: https://www.bizratings.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co  https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.design; img-src 'self' https: data: blob: https://mastodon.design; style-src 'self' https://mastodon.design 'nonce-CVb+Uc4Yx765JIp3P18zhg=='; media-src 'self' https: data: https://mastodon.design; frame-src 'self' https:; manifest-src 'self' https://mastodon.design; form-action 'self'; child-src 'self' blob: https://mastodon.design; worker-src 'self' blob: https://mastodon.design; connect-src 'self' data: blob: https://mastodon.design https://cdn.masto.host wss://mastodon.design; script-src 'self' https://mastodon.design 'wasm-unsafe-eval' 1
default-src https: wss:;style-src https: data: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: blob: data: 'unsafe-inline';connect-src https: wss: feed: 1
frame-ancestors 'self' https://*.forsikringsforbundet.dk 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com https://ik.imagekit.io/ https://cdn.snipcart.com https://img.youtube.com https://i.ytimg.com/ https://placeimg.com/ https://maps.gstatic.com https://embed.widgetpack.com https://*.ggpht.com https://www.facebook.com/ https://ucarecdn.com https://cdn.datatables.net https://cdn-7.com https://maps.googleapis.com/ https://cathdeuqba.cloudimg.io/ https://*.elfsightcdn.com https://f003.backblazeb2.com https://uploads-ssl.webflow.com https://source.unsplash.com https://*.unsplash.com https://*.cloudfront.net https://www.google.com.pk https://www.google.co.uk https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://ucarecdn.com/ https://cdn.datatables.net https://www.google-analytics.com https://maps.googleapis.com http://static.filestackapi.com https://static.filestackapi.com https://js.stripe.com http://cdn.jsdelivr.net/ https://maps.google.co.uk https://*.elfsight.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com https://svc.webspellchecker.net https://d3e54v103j8qbb.cloudfront.net https://form.questionscout.com http://code.jquery.com https://*.cloudflare.com https://platform.illow.io https://pageimprove.io/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://platform.illow.io; frame-src 'self' https://www.google.com https://form.questionscout.com https://dubble.so https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://f003.backblazeb2.com/ https://challenges.cloudflare.com; connect-src 'self' blob: https://svc.webspellchecker.net https://upload.uploadcare.com https://apps.elfsight.com https://dash.elfsight.com https://platform.illow.io https://api.platform.illow.io https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com/ https://pageimprove.io/; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://platform.illow.io; media-src 'self'; object-src 'self' 1
default-src 'self'; img-src 'self' data: https:; style-src 'self' *.jsdelivr.net cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com ; script-src 'unsafe-eval' *.moengage.com  *.razorpay.com maps.googleapis.com;script-src-elem 'self' 'unsafe-inline' app.digio.in *.razorpay.com maps.googleapis.com *.facebook.net *.cashfree.com  *.quora.com cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com googleads.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.jsdelivr.net *.hotjar.com  code.jquery.com ; connect-src 'self' 'unsafe-inline' 'unsafe-eval'  *.hotjar.com *.hotjar.io *.quora.com *.onemuthoot.com *.razorpay.com *.amazonaws.com analytics.google.com *.googleadservices.com *.google.co.in maps.googleapis.com *.google-analytics.com *.taboola.com *.muthootfincorpone.com stats.g.doubleclick.net wss:; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.amazonaws.com *.razorpay.com *.cashfree.com *.google.com *.youtube.com; worker-src 'self' 1
frame-ancestors 'self';default-src 'self' nrcm.s3.amazonaws.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' nrcm.s3.amazonaws.com data.newsroom.co *.schema.org *.weblication.de iway.ch *.google-analytics.com *.googletagmanager.com maps.googleapis.com *.google.com *.google.ch *.newsroom.com *.move.ch *.ewb.ch *.issuu.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net api.userlike.com *.runmyprocess.com *.facebook.com *.facebook.net;img-src data: 'self' *.fbcdn.net *.xx.fbcdn.net cdn.jsdelivr.net pbs.twimg.com nrcm.amazonaws.com nrcm.s3.amazonaws.com swisspower.ch *.google.com *.google.ch googleads.g.doubleclick.net px.ads.linkedin.com *.linkedin.com *.facebook.com *.weblication.de *.iway.ch maps.gstatic.com *.googleapis.com *.ggpht.com *.google-analytics.com *.googletagmanager.com;frame-src 'self' *.move.ch *.runmyprocess.com *.iway.ch *.weblication.de *.ewb.ch *.issuu.com *.google.com *.google.ch *.vimeo.com *.youtube-nocookie.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css *.weblication.de fonts.googleapis.com e.issu.com;script-src-elem 'self' cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.hotjar.com snap.licdn.com *.b-cdn.net *.cloudfront.net data.newsroom.co *.amazonaws.com *.google.com *.google.ch *.googletagmanager.com *.google-analytics.com *.googleadservices.com maps.googleapis.com *.facebook.net 'unsafe-inline' iway.ch *.weblication.de; connect-src 'self' *.hotjar.com *.hotjar.io wss://ws.hotjar.com/api/v2/client/ws *.userlike.com *.userlike-cdn-umm.b-cdn.net *.amazonaws.com api.newsroom.co cdn.linkedin.oribi.io *.facebook.com iway.ch ewb-integra.ch *.weblication.de *.analytics.google.com *.analytics.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net 1
default-src 'self'; frame-ancestors 'none'; script-src 'unsafe-inline' 1
default-src https://troublefree.nl/ https://www.troublefree.nl/; script-src https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://troublefree.nl/ https://www.troublefree.nl/ https://ssl.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://lcms2.nl/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ 'unsafe-eval' 'unsafe-inline'; style-src https://troublefree.nl/ https://www.troublefree.nl/ https://fonts.googleapis.com/ https://lcms2.nl/ 'unsafe-inline'; font-src https://troublefree.nl/ https://www.troublefree.nl/ https://fonts.gstatic.com/; img-src https://i.ytimg.com/ https://www.google-analytics.com/collect https://troublefree.nl/ https://www.troublefree.nl/ https://stats.g.doubleclick.net/ https://ssl.google-analytics.com/ https://lcms2.nl/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://www.linkedin.com/; upgrade-insecure-requests; frame-ancestors https://troublefree.nl/ https://www.troublefree.nl/; form-action https://www.facebook.com/tr/ https://troublefree.nl/ https://www.troublefree.nl/ https://kennisbank.troublefree.nl/; frame-src https://www.youtube.com/ https://www.facebook.com/ https://troublefree.nl/ https://www.troublefree.nl/ https://www.google.com/ https://recaptcha.google.com/recaptcha/; connect-src https://cdn.linkedin.oribi.io/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://troublefree.nl/ https://www.troublefree.nl/ https://*.google-analytics.com/ self; base-uri https://www.troublefree.nl/; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.lytics.io *.segment.com *.mathtag.com *.doubleclick.net *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.doubleclick.net *.google.com www.google.hr images.ctfassets.net pixel.tapad.com *.lytics.io *.amazon-adsystem.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.mathtag.com *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'none'; frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.amazonaws.com *.youtube.com *.google.com *.doubleclick.net *.ytimg.com *.facebook.com *.facebook.net *.ads-twitter.com irp.atnmo.com sc-static.net *.snapchat.com *.tiktok.com; 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob:; child-src * blob: gap:; img-src * 'self' blob: data: https:; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; font-src * 'self' data: https:; connect-src *; media-src *;  object-src *;  prefetch-src *; base-uri *; 1
font-src fonts.gstatic.com fonts.googleapis.com *.useinsider.com *.cloudfront.net *.fontawesome.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfort.com *.facebook.com *.useinsider.com *.omguk.com *.google-analytics.com *.google.it *.tamara.co *.tabby.ai *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://youtu.be *.criteo.com *.snapchat.com *.useinsider.com *.omguk.com *.doubleclick.net *.google-analytics.com *.google.it *.tamara.co *.tabby.ai *.cloudfront.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.zendesk.com *.google.co.in *.com.sa/west/ *.facebook.com *.facebook.net *.yandex.ru *.doubleclick.net *.criteo.com *.yeldmo.com *.aralego.net *.smaato.net *.bing.com *.pubmatic.com *.mediavine.com *.rlcdn.com *.stickyadstv.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.snapchat.com *.useinsider.com *.omguk.com *.clarity.ms *.yahoo.com *.tamara.co *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.visa.com *.mastercard.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.zendesk.com *.zdassets.com *.zopim.com *.payfort.com *.artfut.com *.facebook.net *.tiktok.com *.criteo.com *.yandex.ru sc-static.net *.go-mpulse.net *.snapchat.com *.useinsider.com *.omguk.com *.yimg.com *.clarity.ms https://webtrafficsource.com *.google-analytics.com *.google.it *.tamara.co *.tabby.ai *.luckyorange.com *.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.useinsider.com *.tabby.ai *.cloudfront.net *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.payfort.com *.zendesk.com *.snapchat.com *.useinsider.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.payfort.com *.googleapis.com *.doubleclick.net *.tiktok.com *.yandex.ru *.criteo.com *.facebook.com *.go-mpulse.net *.snapchat.com *.akstat.io *.akamaihd.net *.useinsider.com *.omguk.com *.clarity.ms https://webtrafficsource.com *.yimg.com *.google-analytics.com *.google.it *.tamara.co *.luckyorange.com wss://realtime.luckyorange.com wss://in.visitors.live *.tabby.ai *.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://www.facebook.com https://*.google.com https://*.google.com.au https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleoptimize.com https://*.googleapis.com https://www.googleadservices.com https://*.hotjar.com https://mermaid.kleenheat.com.au https://dc.services.visualstudio.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://api.productreview.com.au https://vimeo.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com https://kleenheat.zendesk.com; font-src 'self' https://fonts.gstatic.com https://mermaid.kleenheat.com.au https://cdn.productreview.com.au; frame-src 'self' https://www.facebook.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://www.googleoptimize.com https://optimize.google.com https://vars.hotjar.com https://player.vimeo.com; frame-ancestors 'self'; img-src 'self' https://www.facebook.com https://connect.facebook.net https://img.youtube.com https://www.google.com https://www.google.com.au https://www.google-analytics.com https://www.googletagmanager.com data: https://*.doubleclick.net https://i.ytimg.com https://optimize.google.com https://*.privacysandbox.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://secure.gravatar.com https://mermaid.kleenheat.com.au https://*.ads.linkedin.com https://p.adsymptotic.com https://*.bing.com https://*.clarity.ms https://i.vimeocdn.com https://*.zopim.io; manifest-src 'self' https://mermaid.kleenheat.com.au; media-src 'self' https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://unpkg.com https://connect.facebook.net https://*.google.com https://*.google.com.au https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com www.googleadservices.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://static.hotjar.com https://script.hotjar.com https://*.vo.msecnd.net https://mermaid.kleenheat.com.au https://snap.licdn.com https://bat.bing.com https://*.clarity.ms https://cdn.productreview.com.au https://extend.vimeocdn.com https://static.zdassets.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://mermaid.kleenheat.com.au; report-uri /api/util/csp-receiver 1
default-src 'self'; style-src 'self' 'unsafe-inline' dl.episerver.net *.typekit.net; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js unpkg.com *.vo.msecnd.net dl.episerver.net *.tinymce.com www.googletagmanager.com; img-src 'self' data: dl.episerver.net gobiapp.com cloudinary.com *.cloudinary.com *.gobitech.no *.tinymce.com data: blob: www.googletagmanager.com; connect-src 'self' ws: wss: https://api-js.mixpanel.com dc.services.visualstudio.com cloudinary.com *.cloudinary.com gobitech.no *.gobitech.no *.gobistories.co *.gobistories.com *.tinymce.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com http://www.youtube.com https://kommunikasjon.ntb.no http://kommunikasjon.ntb.no/; media-src 'self' blob: *.gobitech.no *.gobistories.co *.gobistories.com *.cloudinary.com; font-src 'self' *.typekit.net *.tinymce.com 1
report-uri //csp.cactus-russia.ru:8080/report/608498467535230608/; connect-src https://*.yandex.ru https://*.yandex.net https://yandex.ru 'self' *.google-analytics.com *.yandex.ru ; child-src 'self' ; font-src static.lc-group.ru 'self' ; form-action 'self' https://*.officeassistant.ru *.cactus-russia.ru ; frame-ancestors webvisor.com *.webvisor.com 'self' ; frame-src https://*.google.com https://*.youtube.com https://youtube.com *.youtube.com 'self' https://yandex.ru *.yandex.ru youtube.com ; img-src static.lc-group.ru https://*.yandex.net https://mc.yandex.ru 'self' data: *.google-analytics.com *.yandex.ru *.yandex.net *.cactus-russia.ru cactus-russia.ru https://*.yandex.ru ; media-src *.cactus-russia.ru static.lc-group.ru 'self' ; object-src *.cactus-russia.ru static.lc-group.ru 'self' ; script-src static.lc-group.ru https://*.yandex.ru https://*.yandex.net 'self' 'unsafe-eval' https://www.googletagmanager.com *.google-analytics.com *.yandex.ru *.yandex.net https://yastatic.net ; style-src static.lc-group.ru 'self' 'unsafe-inline' *.yandex.ru *.yandex.net ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; 1
default-src 'self' https://www.google.com/; connect-src https://stool.synopticom.com 'self' https://reports.synopticom.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/ http://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css; font-src *; img-src 'self' 'unsafe-inline' *.synopticom.com data: https://ssl.google-analytics.com/ http://www.google-analytics.com/; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net 11541986.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com 'strict-dynamic' 'nonce-MmVmMTdmM2YtNTMxNC00NWQzLThkMTUtZjdkYWU1ZjNhNGEx'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'self' ws: wss:; font-src 'self' https://biobestgroup.piwik.pro https://biobestgroup.containers.piwik.pro data:; script-src 'self' https://youtube.com https://www.youtube.com https://netlify-rum.netlify.app https://biobestgroup.piwik.pro https://biobestgroup.containers.piwik.pro https://challenges.cloudflare.com https://snap.licdn.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' data: blob: https://i.ytimg.com https://assets.biobestgroupcdnacc.com https://assets.biobestgroupcdn.com https://api.mapbox.com https://api.cmz4g8wno1-biobestgr1-s1-public.model-t.cc.commerce.ondemand.com https://api.cmz4g8wno1-biobestgr1-p1-public.model-t.cc.commerce.ondemand.com https://*.linkedin.com https://biobestgroup.containers.piwik.pro ; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://biobestgroup.piwik.pro https://biobestgroup.containers.piwik.pro ; connect-src wss: 'self' https://biobestgroup.piwik.pro https://biobestgroup.containers.piwik.pro https://api.mapbox.com https://events.mapbox.com https://wxxsq3bzvj-dsn.algolia.net https://wxxsq3bzvj-1.algolianet.com https://wxxsq3bzvj-2.algolianet.com https://wxxsq3bzvj-3.algolianet.com https://auth.biobestgroup.com https://biobest-preprod.eu.auth0.com https://*.linkedin.com https://*.nsvcs.net; frame-src 'self' https://youtube.com https://www.youtube.com https://auth.biobestgroup.com https://biobest-preprod.eu.auth0.com https://challenges.cloudflare.com https://snap.licdn.com; child-src blob: 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://cse.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com; font-src 'self'; img-src 'self' data: blob: https://www.google-analytics.com https://logo.samandehi.ir https://www.googletagmanager.com https://clients1.google.com https://www.google.com; connect-src 'self' wss://localhost:* https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'self' blob:; report-uri /api/CspReport/Log 1
default-src 'none'; font-src 'self' data: https://dnsl4xr6unrmf.cloudfront.net https://fonts.gstatic.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pmiscience.23video.com https://video.twentythree.net https://video.pmiscience.com https://snap.licdn.com https://pmiscience.videomarketingplatform.co https://live-chat-static.sprinklr.com https://prod-live-chat.sprinklr.com https://prod-live-chat.sprinklr.com https://www.google-analytics.com https://dnsl4xr6unrmf.cloudfront.net https://cdn.cookielaw.org https://www.youtube.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://s3.amazonaws.com https://cdns.gigya.com https://prod-live-chat.sprinklr.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://fonts.googleapis.com https://s3.amazonaws.com https://platform.twitter.com; img-src 'self' data: blob: https://8476719.fls.doubleclick.net https://i.ytimg.com https://sprcdn-assets.sprinklr.com https://cdns1.gigya.com https://www.google.es https://www.google.ch https://i.ytimg.com https://cdns2.gigya.com https://www.google.rs https://jslog.krxd.net https://beacon.krxd.net https://cdns.gigya.com https://cdns3.gigya.com https://www.google.nl https://proserve-microexperiences.s3.amazonaws.com https://www.google.com https://www.google.pl https://www.google-analytics.com https://dev.day.com https://cdn.cookielaw.org https://www.google.com.tr https://www.googletagmanager.com https://s3.amazonaws.com https://cdn.wyng.com https://dnsl4xr6unrmf.cloudfront.net https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://*.gstatic.com; connect-src 'self' *.ltmsphrcl.net *.crwdcntrl.net https://translate.terraprint.co https://*.google-analytics.com https://beacon.krxd.net https://jslog.krxd.net https://prod-live-chat.sprinklr.com https://live-chat-static.sprinklr.com https://cdns.gigya.com https://cdns.eu1.gigya.com wss://prod-lc-mqtt-nike.sprinklr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://services-api.wyng.com https://experiences.wyng.com https://ajax.googleapis.com https://api.offerpop.com https://api.wyng.com https://content-api.wyng.com https://wyng.io https://cdn.cookielaw.org https://*.gstatic.com https://pmi-prod-privacy.my.onetrust.com https://geolocation.onetrust.com; frame-src 'self' https://tags.crwdcntrl.net https://datawrapper.dwcdn.net https://v.pmiscience.com https://video.pmiscience.com https://www.youtube.com https://cdns.gigya.com https://cdns.eu1.gigya.com https://cdn.krxd.net https://8476719.fls.doubleclick.net https://www.youtube-nocookie.com https://cdn.cookielaw.org https://language-mastercomms.23video.com https://pmiscience.23video.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com/ https://pmi-openscience.com/ https://opensciencemakeitlive.auth.eu-west-1.amazoncognito.com/ https://login.microsoftonline.com/; script-src-elem 'self' 'unsafe-inline' https://tags.crwdcntrl.net https://pmiscience.23video.com https://video.twentythree.net https://video.pmiscience.com https://snap.licdn.com https://pmiscience.videomarketingplatform.co https://apis.google.com https://spx-components.cdn.sprinklr.com https://s3.amazonaws.com https://ajax.googleapis.com https://dnsl4xr6unrmf.cloudfront.net https://prod-live-chat.sprinklr.com https://beacon.krxd.net https://live-chat-static.sprinklr.com https://cdns.gigya.com https://consumer.krxd.net https://cdn.krxd.net https://cdn.cookielaw.org https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.twitter.com https://cdn.syndication.twimg.com https://clients1.google.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; media-src 'self' https://proserve-microexperiences.s3.amazonaws.com https://sprcdn-assets.sprinklr.com https://cdn.wyng.com; manifest-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
script-src'self' 1
frame-ancestors 'self' https://www.facebook.com https://webchat.medihelp.co.za https://medical-aid-plans.medihelp.co.za https://medadd.medihelp.co.za https://medadd-elect.medihelp.co.za https://medelect.medihelp.co.za https://medelite.medihelp.co.za https://medmove.medihelp.co.za https://medplus.medihelp.co.za https://medprime.medihelp.co.za https://medprime-elect.medihelp.co.za https://medsaver.medihelp.co.za https://medvital.medihelp.co.za https://medvital-elect.medihelp.co.za 1
default-src data: 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.paypal.com https://t.paypal.com https://www.paypalobjects.com https://www.youtube-nocookie.com https://open.spotify.com https://media.blubrry.com https://content.blubrry.com https://googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://connect.facebook.net https://www.facebook.com 1
default-src 'self' https://*.edifecsfedcloud.com;  font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: https://*.edifecsfedcloud.com;  img-src 'self' https://*.edifecsfedcloud.com http://*.public.auth.edifecsfedcloud.com.s3-website-us-west-2.amazonaws.com https://*.public.auth.edifecsfedcloud.com.s3-website-us-west-2.amazonaws.com;  connect-src 'self' https://*.edifecsfedcloud.com;  script-src 'self' 'unsafe-inline' https://*.edifecsfedcloud.com;  style-src 'self' 'unsafe-inline' https://*.edifecsfedcloud.com https://fonts.googleapis.com;  frame-ancestors 'self' *.edifecsfedcloud.com; frame-src 'self' *.edifecsfedcloud.com; object-src 'none' 1
default-src 'self' https://public.apviz.io; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://public.apviz.io https://api.axept.io https://client.axept.io https://api.hubapi.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubspot.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://3d.apviz.io https://static.apviz.io https://apviz.matomo.cloud; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action https://forms.hsforms.com https://forms.hubspot.com https://codesandbox.io/api/v1/sandboxes/define/ https://jsfiddle.net/api/post/library/pure/; frame-ancestors 'self'; img-src 'self' https://public.apviz.io data: blob: https://axeptio.imgix.net https://www.google-analytics.com https://stats.g.doubleclick.net https://track.hubspot.com https://forms.hsforms.com https://forms.hubspot.com https://perf.hsforms.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.fr https://script.hotjar.com https://3d.apviz.io https://static.apviz.io https://apviz.matomo.cloud; script-src 'self' https://public.apviz.io https://static.axept.io https://www.google-analytics.com 'sha256-N04GtdVU55PDshZl/ihTymBCZGQJqn7VcR0h9wC2TSU=' https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hsforms.com https://js.usemessages.com https://js.hsleadflows.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://3d.apviz.io https://static.apviz.io https://apviz.matomo.cloud; style-src 'self' https://public.apviz.io https://fonts.googleapis.com 'unsafe-inline'; frame-src https://forms.hsforms.com https://forms.hubspot.com https://app.hubspot.com https://www.google.com https://vars.hotjar.com https://www.youtube.com 1
frame-ancestors 'self' https://*.renkulab.io https://renkulab.io 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.co.za https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.co.za https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.co.za;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.co.za  https://smetrics.vwfs.co.za https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.co.za;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.co.za https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.co.za https://smetrics.vwfs.co.za https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.za http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; frame-src 'self' https:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.aexp-static.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com wss://*.tawk.to *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelsavingspassport.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovscruise.com rci.my241cruise.com.au rci.travel theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au wotif.com; block-all-mixed-content; upgrade-insecure-requests; 1
frame-src https://alcina.com https://*.alcina.com https://cdn-eu.pagesense.io https://paypal.com https://*.paypal.com https://docusign.net https://*.docusign.net https://*.youtube.com https://*.vimeo.com https://vimeo.com https://youtube.com https://*.drwolffgroup.com https://*.nervtdichdeinschwitzen.de; 1
default-src 'self' data: http: https: *.gravatar.com  *.better2know.co.uk *.metrics.responsetap.com *.tawk.to *.wp.com *.wordpress.com; connect-src 'self' data: http: https: ws: *.tawk.to wss://vsa86.tawk.to; img-src 'self' data: http: https: *.gravatar.com *.metrics.responsetap.com *.tawk.to *.better2know.co.uk *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.wp.com *.metrics.responsetap.com *.tawk.to *.better2know.co.uk *.wordpress.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com *.metrics.responsetap.com *.tawk.to *.wp.com *.better2know.co.uk *.wordpress.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com *.better2know.co.uk *.metrics.responsetap.com  *.tawk.to *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.wp.com *.better2know.co.uk *.metrics.responsetap.com *.tawk.to *.wordpress.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.cloudfront.net *.afterpay.com *.amazonaws.com s3-us-west-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com *.twitter.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com snapwidget.com *.criteo.com *.sharethis.com nytrng.com *.issuu.com *.pinterest.com *.criteo.net *.paypalobjects.com *.doubleclick.net *.google.co.in https://www.google.com docs.google.com *.tryinteract.com calendly.com *.attn.tv *.attentive.com *.attentivemobile.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net adservice.adswg.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com maps.googleapis.com maps.gstatic.com www.apptrian.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com https://a.klaviyo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.google.com *.googletagmanager.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn1.stamped.io stamped.io cdn.shopify.com *.adroll.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.bing.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.aralego.com *.aralego.net *.yieldmo.com *.openx.net *.taboola.com *.criteo.com *.adgrx.com *.yahoo.net *.pinterest.com *.stackadapt.com *.sharethis.com *.afterpay.com *.stamped.io *.clarity.ms *.liadm.com *.adsnk.com shareasale.com *.amazonaws.com *.google.co.in *.attn.tv *.attentive.com *.attentivemobile.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com djn8t4hz1t3er.cloudfront.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com *.instagram.com *.cloudflare.com *.twitter.com *.google-analytics.com https://www.google.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://static.klaviyo.com https://fast.a.klaviyo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.googletagmanager.com *.googleadservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn1.stamped.io stamped.io data: static.zdassets.com *.adroll.com *.sharethis.com cdn-widgetsrepository.yotpo.com snapwidget.com shop.pe *.shop.pe *.criteo.com js-agent.newrelic.com *.cloudfront.net *.zendesk.com *.amazonaws.com *.tiktok.com *.klaviyo.com *.clarity.ms *.stackadapt.com *.pinimg.com *.dwin1.com *.nxcli.io dunejewelry.com *.tryinteract.com calendly.com *.calendly.com *.attn.tv *.attentive.com *.attentivemobile.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com unsafe-inline cdn1.stamped.io stamped.io *.cloudfront.net *.addshoppers.com *.stackadapt.com *.klaviyo.com *.amazonaws.com s3-us-west-2.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com www.apptrian.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.klaviyo.com https://fast.a.klaviyo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cdn1.stamped.io stamped.io *.fontawesome.com maps.googleapis.com bam.nr-data.net *.sharethis.com ekr.zdassets.com *.zendesk.com *.adroll.com shop.pe *.shop.pe *.stackadapt.com *.pinterest.com *.clarity.ms *.tiktok.com *.amazonaws.com *.google.com *.attn.tv *.attentive.com *.attentivemobile.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn-cookieyes.com https://www.googletagmanager.com https://player.vimeo.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com https://cdn-cookieyes.com https://ps.w.org https://s.w.org https://storage.googleapis.com; connect-src 'self' https://log.cookieyes.com https://consentlog.cookieyes.com https://cdn-cookieyes.com https://region1.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com; base-uri 'self'; upgrade-insecure-requests 1
default-src https:;form-action 'self' www.sassieshop.com;frame-ancestors 'self' https://*.prestomobilesurveys.com;font-src 'self' https://fonts.gstatic.com;script-src 'self' https://apis.google.com https://*.here.com https://www.googletagmanager.com 'nonce-aeb7ecd4';style-src 'self' 'nonce-aeb7ecd4' https://fonts.googleapis.com https://apis.google.com;img-src 'self' *.sassiex.com *.cloudfront.net;connect-src 'self' https://*.here.com;frame-src 'self' https://accounts.google.com https://www.youtube.com;media-src 'self';object-src 'self';manifest-src 'none';worker-src 'self';prefetch-src 'self' 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.pt/report-uri/enforce 1
default-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com *.facebook.com *.ampproject.org *.youtube.com *.twitter.com *.wogaa.demdex.net dpm.demdex.net wogadobeanalytics.sc.omtrdc.net cm.everesttech.net https://ton.twimg.com *.addthis.com *.mccy.gov.sg *.flickr.com https://stats.g.doubleclick.net https://amp-error-reporting.appspot.com *.ytimg.com *.google.com *.gstatic.com https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/;     connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.google.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com wogaa.demdex.net dpm.demdex.net wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.addthis.com *.mccy.gov.sg https://stats.g.doubleclick.net https://amp-error-reporting.appspot.com *.google.com *.gstatic.com https://*.wogaa.sg https://dpm.demdex.net/ https://snowplow-web.wogaa.sg https://lgncclfwsvrimrt.form.io;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com *.google.com z.moatads.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com http://platform.twitter.com connect.facebook.net *.facebook.com *.addthis.com *.syndication.twimg.com *.addthisedge.com *.ampproject.org *.youtube.com *.ytimg.com *.mccy.gov.sg *.wogaa.demdex.net *.gstatic.com https://*.wogaa.sg https://assets.adobedtm.com/ maps.googleapis.com http://www.youtube.com/ https://tagmanager.google.com;      style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/;     font-src 'self' data: https://assets.wogaa.sg/fonts/ https://fonts.gstatic.com/s/googlematerialicons/v30/Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2 https://fonts.gstatic.com/s/materialiconsextended/v64/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Nwp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Bwp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Awp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtwCwZ-Pw.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt8CwZ-Pw.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt9CwZ-Pw.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2   https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVE9eOcEg.woff2 https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVFNeOcEg.woff2   https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVGdeOcEg.woff2 https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2   https://fonts.gstatic.com/s/googlematerialicons/v30/Gw6kwdfw6UnXLJCcmafZyFRXb3BL9rvi0QZG3Q.woff2 https://fonts.gstatic.com/s/materialiconsextended/v64/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2   https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Nwp5MKg.woff2   https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Bwp5MKg.woff2 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Awp5MKg.woff2;     img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.google.com.sg *.crowdtask.gov.sg stats.g.doubleclick.net www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://maps.gstatic.com https://lh3.googleusercontent.com/K4jh901GcFX_SPxeBmdQbVNz38fvlCV5rEJNQy3Joqg1cdRcT0Z54PXVm75GimRvgO2kkUCv_w=w128-h128-e365;  object-src 'none'; frame-src 'self' 'unsafe-inline' https://www.google.com https://form.gov.sg https://www.crowdtask.gov.sg youtube-nocookie.com  https://www.youtube.com  https://www.youtube-nocookie.com; 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: https://static.kensho.com https://f.hubspotusercontent40.net https://forms.hubspot.com/ https://*.medium.com;object-src 'none';script-src 'self' https://plausible.io https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com 'sha256-PKz38cn3FpVf6lThkM/DE5sGsm00cJkvPGitQeZ7+r8=' https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com 'sha256-wz3kVqOSb7sqBnMx0eKhpdwcYsi9VhtmGdI/mwm6yWk=' https://www.googletagmanager.com 'sha256-sBwjlAQIGEiuzj6onYYx9ImeIJJwvn57LfgagKYXzDo=' 'sha256-O2EILMmVkT74UWXLswctn3D/Ty2RhwSgo1eRlzUnH5M=';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://sentry.kensho.com https://api.lever.co https://forms.hsforms.com https://api.hsforms.com https://plausible.io https://api.hubspot.com https://api.hubapi.com https://js.hs-banner.com https://www.google-analytics.com;media-src 'self' https://static.kensho.com data:;frame-src 'self' https://forms.hsforms.com 1
frame-ancestors 'self' https://logitracgps.com https://app.mykaarma.com https://srishti65.mykaarma.dev 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-/+u6HoaYcYB+OPPuWWTIQoKdgAYIzuJOc7j8PuZCIela3OhU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' https: *.talos.com sentry.io widget.intercom.io js.intercomcdn.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https: fonts.googleapis.com; img-src 'self' data: storage.googleapis.com blob: ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' blob: *.talostrading.com *.talos.com ; connect-src wss: sentry.io *.sentry.io *.datadoghq.com *.browser-intake-datadoghq.com *.intercom.io *.mixpanel.com talostrading.com *.talostrading.com 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src * data: https:; font-src 'self' data: https:; object-src 'none'; frame-ancestors 'self'; frame-src * data: https:; 1
frame-ancestors https://*.markoub.ma; base-uri 'self' https://optimize.google.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mirwarso.de; img-src 'self' https: data: blob: https://mirwarso.de; style-src 'self' https://mirwarso.de 'nonce-xJR6lsbpQz6qk/H7GXjqHw=='; media-src 'self' https: data: https://mirwarso.de; frame-src 'self' https:; manifest-src 'self' https://mirwarso.de; form-action 'self'; child-src 'self' blob: https://mirwarso.de; worker-src 'self' blob: https://mirwarso.de; connect-src 'self' data: blob: https://mirwarso.de https://media.social.mirwarso.de wss://mirwarso.de; script-src 'self' https://mirwarso.de 'wasm-unsafe-eval' 1
default-src 'self' *.valsparcoilextrusion.com *.marketo.com *.typekit.net                 maxcdn.bootstrapcdn.com fonts.gstatic.com industrial.sherwin-williams.com stackpath.bootstrapcdn.com *.doubleclick.net *.google-analytics.com ;                 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.valsparcoilextrusion.com nexus.ensighten.com                          *.marketo.com *.jquery.com stackpath.bootstrapcdn.com *.cloudfront.net *.cloudflare.com *.googleapis.com                         *.google-analytics.com *.googletagmanager.com maxcdn.bootstrapcdn.com filesystem:;                 img-src * data:;                 style-src 'self' 'unsafe-inline' *.valsparcoilextrusion.com *.marketo.com *.typekit.net *.cloudfront.net                         maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com code.jquery.com industrial.sherwin-williams.com fonts.googleapis.com ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-1340773a90ed09be7700f584a6909a17'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-XJWgc0qQ7j1qhyFZZoTKshQKCbhXY77WtKemPV3AIk/V4QR6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src *; img-src * data:; script-src *.hypernode.io *.breiwebshop.nl *.google-analytics.com *.googleadservices.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com *.bing.com *.pinterest.com *.mailchimp.com *.list-manage.com connectio.s3.amazonaws.com *.upviral.com *.clarity.ms *.tradetracker.net 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src *; 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval';img-src 'self' data:; frame-src 'self' data:; object-src 'self' data: 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org; connect-src 'self' https://o318158.ingest.sentry.io https://api.digitransit.fi; object-src 'none'; report-uri /api/csp; report-to csp-endpoint; script-src 'self' 'sha256-z1vaAvxob9VDuw7klCB049Y2Xr6lf7KjhDrsLvsvcPU='; frame-ancestors 'none'; form-action 'self'; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; base-uri 'self'; 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com ; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://www.google.co.id; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com; object-src 'none'; upgrade-insecure-requests; 1
form-action 'self';frame-ancestors 'self';block-all-mixed-content 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.hevosurheilu.fi https://subdomain-madrid.fiare.quintype.io https://ratsastus.hevosurheilu.fi;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: maxcdn.bootstrapcdn.com www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com www.youtube.com www.facebook.com connect.facebook.net bat.bing.com  bat.bing.com fast.a.klaviyo.com a.klaviyo.com www.google.de stats.g.doubleclick.net static.klaviyo.com www.google.si www.bugherd.com fonts.googleapis.com assets.adobedtm.com maps.googleapis.com maps.gstatic.com d3iiunr5ws5ch1.cloudfront.net fonts.gstatic.com tagmanager.google.com ssl.gstatic.com lh3.googleusercontent.com liveupdate.pimcore.org pim.iglusport.si www.googleadservices.com googleads.g.doubleclick.net static-tracking.klaviyo.com consent.cookiebot.com consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ https://www.youtube.com rest.cleverreach.com book.timify.com app.leffers.de my.page2flip.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.magezon.com s3.eu-central-1.amazonaws.com styla-prod-us.imgix.net *.styla.com scontent-lax3-2.cdninstagram.com scontent-lax3-1.cdninstagram.com *.cdninstagram.com phosphor.utils.elfsightcdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com test.saferpay.com www.saferpay.com saferpay.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.google.com/ *.modehaus.de *.leffers.de *.instagram.com *.styla.com *.elfsight.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com test.saferpay.com www.saferpay.com saferpay.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.styla.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ *.styla.com brandpages.modehaus.de *.google-analytics.com *.elfsight.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clfldcbprotect.com *.dcbprotect.com *.eyewitness.com *.cachefly.net *.googletagmanager.com *.monitoringservice.co *.google.pt *.googleadservices.com *.tpay.me *.mfilterit.net; base-uri 'self'; media-src 'self' *.cachefly.net always; connect-src 'self' 'unsafe-inline' wss://*.monitoringservice.co wss://ws.dcbprotect.com:8080/ *.clfldcbprotect.com *.dcbprotect.com *.eyewitness.com *.cachefly.net *.google.com *.gstatic.com *.tpay.me *.mfilterit.net *.google-analytics.com *.hotjar.com *.doubleclick.net *.google.pt *.googleadservices.com *.ipify.org *.evina.com *.monitoringservice.co *.asiacell.com; 1
default-src https: blob: mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 1
default-src https://*.mitid.dk https://mitid.dk https://*.danid.dk 'self' about: data:; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src https://*.mitid.dk https://mitid.dk 'self' 'nonce-hcox1NlgoVlSqZ9HAPGVtkUsatGZn50KXyI/qtVh5KA=' ; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'self' ; frame-ancestors 'self' https://www.monespaceconso.com 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.se 1
frame-ancestors 'self' *.lojabrf.com *.brf.force.com 1
frame-ancestors 'self' http://www.philips.sk *.philips.com *.philips.sk https://philipsigtdpv.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com *.shoplongino.it *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.mgfproject.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.hotjar.com www.facebook.com *.shoplongino.it *.salesmanago.pl *.salesmanago.com *.doubleclick.net https://www.googletagmanager.com/ connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.it *.googletagmanager.com www.facebook.com mcusercontent.com *.shoplongino.com *.shoplongino.it *.google.de https://px.ads.linkedin.com *.linkedin.com/ *.trustpilot.com *.google-analytics.com *.longino.it *.shoplongino.hk *.shoplongino.ae http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.safemage.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com *.clerk.io *.cookielaw.org *.onetrust.com *.googletagmanager.com *.magentosite.cloud *.eu-3.magentosite.cloud *.google-analytics.com *.doubleclick.net/ *.google.com *.quantserve.com rules.quantcount.com *.adform.net snap.licdn.com *.nr-data.net *.newrelic.com chimpstatic.com data: *.mailchimp.com www.facebook.com *.facebook.net *.list-manage.com *.hotjar.com *.popupsmart.com https://cdn.jsdelivr.net *.tiktok.com *.tradedoubler.com *.shoplongino.it *.iubenda.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com downloads.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.mailchimp.com *.popupsmart.com *.googleapis.com *.gstatic.com *.shoplongino.it downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookielaw.org *.google-analytics.com *.doubleclick.net *.nr-data.net *.hotjar.com https://api.ipgeolocation.io *.tiktok.com *.zdassets.com *.zendesk.com *.shoplongino.it maps.googleapis.com ajax.googleapis.com *.google.com *.hotjar.io *.iubenda.com *.saleago.com *.linkedin.oribi.io *.googlesyndication.com *.popupsmart.com wss://*.hotjar.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://app.contentful.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.google.com *.googleapis.com *.gstatic.com https://use.fontawesome.com/ https://code.createjs.com/1.0.0/createjs.min.js https://tag.goadopt.io/; 1
font-src * data: *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.tradedoubler.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.gdw.mx *.banorte.com *.criteo.com https://seo.mageplaza.com *.tradedoubler.com 'self' 'unsafe-inline'; frame-ancestors *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.paynet.com.mx *.openpay.mx *.openpay.co *.openpay.pe *.tradedoubler.com *.opencontrol.mx *.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.gdw.mx *.banorte.com *.criteo.com *.postimg.cc *.openpay.mx *.tradedoubler.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.conekta.io conektaapi.s3.amazonaws.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com *.dwin1.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com * *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.tradedoubler.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.conekta.io https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.openpay.mx *.openpay.co *.openpay.pe *.tradedoubler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src * *.disqus.com *.disquscdn.com *.videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: https: *.google.com *.hebcal.com *.hebcal.com *.wp.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; object-src 'none'; report-uri /security/csp-report 1
frame-ancestors 'self' *.googletagmanager.com *.youtube.com;, base-uri 'self'; connect-src *;, font-src data: *;, form-action 'self' *.truyol.com *.redsys.es *.redsys.es:25443 *.paypal.com;, default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;, style-src 'self' 'unsafe-inline' *.truyol.com *.tawk.to *.getprintbox.com *.googleapis.com *.ckeditor.com *.cloudflare.com *.gstatic.com;, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truyol.com *.salesmanago.pl *.googletagmanager.com *.googleapis.com *.hotjar.com *.tawk.to *.getprintbox.com *.facebook.net *.google.com *.trustedshops.com *.paypalobject.com *.ckeditor.com *.metricool.com *.gstatic.com *.cloudflare.com *.clarity.ms *.doubleclick.net *.google-analytics.com *.jsdelivr.net *.youtube.com;, img-src 'self' data: blob: *.truyol.com *.salesmanago.pl *.google-analytics.com *.getprintbox.com *.googleapis.com *.google.com *.google.es *.googletagmanager.com *.trustedshops.com *.linkedin.com *.facebook.com *.ckeditor.com *.metricool.com *.clarity.ms *.bing.com *.doubleclick.net *.tawk.to *.googlesyndication.com *.fbsbx.com *.googleusercontent.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self' https://*.vizmo.in https://pagesense.zoho.com; 1
script-src 'unsafe-eval' 'unsafe-inline' https: 1
default-src * data: blob: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.gstatic.com maps.googleapis.com cse.google.com www.google.com www.youtube.com connect.facebook.net staticxx.facebook.com graph.facebook.com platform.twitter.com  s.ytimg.com static.whatshelp.io certify-js.alexametrics.com cdnjs.cloudflare.com static.getbutton.io js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hscollectedforms.net erxes.bid-finance.mn geo.erxes.io;style-src 'self' 'unsafe-inline' *.sodonsolution.org  *.sodonsolution.com www.gstatic.com cse.google.com www.google.com static.whatshelp.io geo.erxes.io;connect-src 'self' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com connect.facebook.net staticxx.facebook.com graph.facebook.com api.hubspot.com forms.hubspot.com whatshelp.io geo.erxes.io www.membership.mn:8080 *.trademongolia.mn; 1
default-src 'self';   script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://*.abraseuatendimento.com.br/ https://abraseuatendimento.com.br/ https://*.autoglass.com.br https://js.api.here.com/ https://static.cloudflareinsights.com/ https://*.hotjar.com/ https://static.zenvia.com/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://js.api.here.com/v3/3.1/mapsjs-core.js;  style-src 'report-sample' 'self' 'unsafe-inline' https://hml.abraseuatendimento.com.br/ https://fonts.googleapis.com https://static.zenvia.com;   object-src 'none';   base-uri 'self';   connect-src 'self' https://maps.googleapis.com https://*.abraseuatendimento.com.br/ https://abraseuatendimento.com.br/ https://*.autoglass.com.br https://www.google-analytics.com https://stats.g.doubleclick.net https://chat.zenvia.com https://*.hereapi.com https://*.here.com https://vc.hotjar.io/ https://*.hotjar.com wss://ws47.hotjar.com/api/v2/client/ws;   font-src 'self' https://fonts.gstatic.com;   frame-src 'self' https://vars.hotjar.com/ https://chat.zenvia.com/;   img-src 'self' data: https://maps.gstatic.com https://*.googleapis.com https://www.google-analytics.com;   manifest-src 'self';   media-src 'self';   worker-src 'none'; 1
frame-src 'self' data: https://*.vimeo.com https://*.youtube.com https://*.fls.doubleclick.net/ https://www.google.com/ https://*.hubspot.com https://*.facebook.com https://*.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.inventia.biz https://phygital-main.ci.inventiacloud.com https://*.onetrust.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.intercom.io https://js.intercomcdn.com https://cdn.jsdelivr.net https://*.outbrain.com https://www.googleadservices.com https://connect.facebook.net https://snap.licdn.com https://*.youtube.com https://*.bing.com https://*.vimeo.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsforms.com https://*.hsforms.net https://*.cloudflare.com https://*.doubleclick.net/ https://*.usemessages.com; object-src 'none'; base-uri 'self' https://*.inventia.biz; worker-src 'self' blob:; frame-ancestors 'none'; 1
default-src 'self' data: *.alphalabs.ca *.gstatic.com *.googleapis.com chart.apis.google.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net *.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alphalabs.ca *.googleapis.com *.googletagmanager.com *.googletagservices.com *.tagmanager.google.com *.google-analytics.com *.google.com/recaptcha/ *.g.doubleclick.net *.gstatic.com *.facebook.net unpkg.com *.stripe.com;style-src 'self' 'unsafe-inline' *.alphalabs.ca *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net; connect-src 'self' *.visualstudio.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.craftcms.com; object-src 'none'; frame-src 'self' *.alphalabs.ca *.google.com *.youtube.com *.stripe.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com t0-flt.ssl.ak.dynamic.tiles.virtualearth.net fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com dev.virtualearth.net; frame-ancestors 'self'; connect-src 'self' *.bing.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com epaslaugos.lt *.epaslaugos.lt 1
frame-ancestors 'self' app.pendo.io; frame-src 'self' https://intercom-sheets.com/ app.pendo.io; child-src 'self' blob: app.pendo.io; worker-src 'self' blob:; 1
frame-ancestors 'self' https://futbolete.com; 1
default-src 'self' https://fast.wistia.net; script-src * 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com http://*.google.com http://*.gstatic.com https://www.google-analytics.com http://www.google-analytics.com http://*.iubenda.com http://*.bootstrapcdn.com; style-src * 'self' 'unsafe-inline' http://*.iubenda.com https://*.iubenda.com http://*.bootstrapcdn.com http://*.googleapis.com https://*.google.com http://*.gstatic.com; img-src * 'self' data: blob:; font-src * 'self' http://*.gstatic.com https://*.gstatic.com https://*.googleapis.com; connect-src * 'self' http://*.iubenda.com; frame-src * 'self' http://*.iubenda.com http://static.ak.facebook.com https://static.ak.facebook.com https://*.google.com http://*.gstatic.com; child-src * 'self' http://*.iubenda.com http://static.ak.facebook.com https://static.ak.facebook.com http://*.google.com https://*.google.com; object-src 'self'; reflected-xss https://*.google.com http://*.gstatic.com; referrer https://*.google.com http://*.gstatic.com; report-uri https://report-uri.io/report/ac3d791a5d61e37b132fd3a2ce266f4f; 1
default-src https://*.mitid.dk https://mitid.dk https://*.danid.dk 'self' about: data:; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src https://*.mitid.dk https://mitid.dk 'self' 'nonce-F3KqVGXpQUnWBdL+BSMNKVoBQMqKiHall4FNfn1PYq8=' ; 1
default-src 'self' *.gstatic.com *.googleusercontent.com data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com cdn.jsdelivr.net *.google.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.humansoft.pt 1
base-uri 'self' ; default-src 'self' ; script-src 'nonce-5aed8ee26924894c0406085a41759b0c4db4cba82789c2e71a5d28ac885a5c42b2aff768aee0cf22e4333b21c0c0bcc95fd9c12033adb5421647c7ed7eb6b041' 'strict-dynamic' https://*.googletagmanager.com https://connect.facebook.net https://*.hotjar.com ; font-src 'self' https://corissia.com/hotels/ https://*.hotjar.com https://*.tawk.to/ ; img-src 'self' https://corissia.com/hotels/ https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.gr https://www.google.de https://www.google.at https://www.google.ch https://www.google.co.uk https://googleads.g.doubleclick.net https://bat.bing.com/ https://quickchart.io https://www.facebook.com/ https://*.hotjar.com https://*.tawk.to/ https://cdn.jsdelivr.net/ ; media-src 'self' https://corissia.com/hotels/ ; style-src 'self' 'unsafe-inline' https://corissia.com/hotels/ https://*.tawk.to/ ; connect-src https://*.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/ https://geoip-api.cleverpush.com/ https://api.cleverpush.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.tawk.to wss://*.tawk.to https://widgets.skyscanner.net/; frame-src https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.facebook.com/ https://www.youtube-nocookie.com https://www.youtube.com https://corissia.mycleverpush.com/ https://*.livechatai.com https://*.hotjar.com https://widgets.kiwi.com/ https://www.viator.com/ https://widgets.skyscanner.net/ ; worker-src https://corissia.com/cleverpush-worker.js ; object-src 'none' ; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://script.hotjar.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com https://www.googletagmanager.com/ *.meetanshi.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.weltpixel.com vars.hotjar.com https://api.ebanxpay.com *.doubleclick.net api.stripe.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.meetanshi.com https://www.cosmetis.pt *.mcusercontent.com *.cloudflare.com *.gstatic.com *.google.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net ifthenpay.com https://*.clarity.ms https://c.bing.com https://script.hotjar.com https://www.hotjar.com/images/hotjar-logo-small.svg https://content.mercadopago.com https://googleads.g.doubleclick.net https://cosmetis.boost.propelbon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apis.google.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.meetanshi.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com https://www.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com static.hotjar.com script.hotjar.com *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net js.ebanx.com https://cdn.ebanx.com https://content.mercadopago.com x.cnt.my *.x.cnt.my citydsp.com https://*.clarity.ms https://www.googleoptimize.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com https://www.googletagmanager.com 'self' 'unsafe-inline'; object-src https://content.mercadopago.com 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com in.hotjar.com vc.hotjar.com wss://ws.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://surveystats.hotjar.io https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io wss://pod-18.zendesk.com *.ebanxpay.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; connect-src 'self' analytics.google.com stats.g.doubleclick.net https://api.cozo.me; font-src 'self' fonts.gstatic.com; form-action 'none'; frame-ancestors 'none'; frame-src challenges.cloudflare.com; img-src 'self' data: *; script-src 'self' 'unsafe-eval' 'nonce-c73079d5-af2a-473a-a46a-7752fa8ec589' www.google.com www.googletagmanager.com www.gstatic.com challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.ampproject.net *.ampproject.org *.jquery.com *.facebook.com *.youtube.com *.google-analytics.com *.cloudflare.com *.googlesyndication.com *.googletagmanager.com *.google.com.br *.googletagservices.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cleverwebserver.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.thequin.ai https://*.alo-tech.com https://*.nr-data.net https://*.newrelic.com https://*.mobildev.in https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.dynatrace.com https://*.matomo.cloud https://daikin.matomo.cloud https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://analytics.tiktok.com https://cdn-asset.optimonk.com https://content.linkedin.com https://*.facebook.net https://cdn.onesignal.com https://cdnjs.cloudflare.com https://daikin.sortext.com https://daikin-core.cbot.ai https://gs-cdn.optimonk.com https://*.facebook.com https://google-analytics.com https://googletagmanager.com https://matomojs.trackify.info https://maps.googleapis.com https://my.sortext.com https://mc.yandex.ru https://onesignal.com https://pi.pardot.com https://platform.linkedin.com https://static.criteo.net https://sslwidget.criteo.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://st-daikin.mncdn.com https://unpkg.com https://*.youtube.com https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://*.jquery.com https://instant.page http://instant.page https://go.pardot.com htttps://go.daikin.eu;                      frame-src 'self' 'unsafe-inline' https://*.google.com https://*.alo-tech.com https://*.yandex.com st-daikin.mncdn.com https://*.youtube.com https://*.youtube-nocookie.com https://st-daikin.mncdn.com https://go.daikin.eu https://*.youtube.com https://*.criteo.com/ https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.force.com/ https://*.force.com https://*.salesforce-sites.com;       style-src 'self' 'unsafe-inline' https://*.google.com https://*.alo-tech.com https://*.thequin.ai *.google.com *.licdn.com cdnjs.cloudflare.com daikin-core.cbot.ai fonts.googleapis.com onesignal.com st-daikin.mncdn.com unpkg.com www.googletagmanager.com https://go.pardot.com https://go.daikin.eu;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net *.facebook.net vars.hotjar.com www.youtube.com www.googletagmanager.com https://*.youtube-nocookie.com https://go.pardot.com https://go.daikin.eu https://*.force.com/;                      base-uri 'self';       font-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.alo-tech.com https://*.mncdn.com https://*.cbot.ai data:;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true;       upgrade-insecure-requests; 1
base-uri 'self';default-src 'self';media-src 'self';object-src 'none';form-action 'self' https://www.facebook.com;connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.tr https://www.facebook.com https://connect.facebook.net https://cloudflareinsights.com https://capig.dugunbuketi.com https://pagead2.googlesyndication.com https://mtrcs.dugunbuketi.com;img-src 'self' https://*.dugunbuketi.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://*.google.com https://*.google.nl https://*.google.com.tr https://*.google.be;frame-src 'self' https://www.google.com https://www.google.com.tr https://www.youtube.com https://www.googletagmanager.com https://sanal360.dugunbuketi.com https://www.facebook.com https://td.doubleclick.net;script-src 'self' 'unsafe-inline' https://www.google.com https://www.google.com.tr https://www.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://script.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.segmentify.com https://mtrcs.dugunbuketi.com 'nonce-hpFNNMMJqTPdZm9oV7MDhpAJ32EYpWoA';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
media-src 'self';  object-src 'self'; base-uri 'self'; frame-src 'self' www.youtube.com https://connect.facebook.net/ https://www.facebook.com/ 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self' https:; worker-src 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-kK9sbl_NJuCO2VemrDHj5w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.barion.com http://*.barion.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net http://*.twitter.com https://*.twitter.com http://*.google.com http://*.google.hu http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com https://*.google.com https://*.google.hu http://*.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net https://*.googleadservices.com http://*.googleadservices.com http://*.schema.org https://*.schema.org http://*.googletagmanager.com https://*.googletagmanager.com http://*.ampproject.org https://*.ampproject.org http://*.posta.hu https://*.posta.hu http://posta.hu https://posta.hu; style-src 'unsafe-inline' * 1
default-src 'self' www.hsnstore.it cdn.hsnstore.com hsnstore.com *.redsys.es;form-action *.redsys.es *.amazon.it bancsabadell.com unicaja.es www.paypal.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.it cdn1.api.trustedshops.com; img-src * data:;style-src 'self' 'unsafe-inline' *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com;script-src 'unsafe-eval' 'self' 'unsafe-inline' blob *.payments-amazon.com *.payments-amazon.es cdn.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com  maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com widgets.trustedshops.com cdn1.api.trustedshops.com static.criteo.net sslwidget.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net www.gstatic.com *.queue-it.net seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com;font-src data: 'self' www.hsnstore.it cdn.hsnstore.com fonts.gstatic.com  widgets.trustedshops.com cdn1.api.trustedshops.com;connect-src *.google-analytics.com maps.googleapis.com firehose.eu-central-1.amazonaws.com *.amazon.com www.google-analytics.com www.google.com www.salesmanago.pl www.salesmanago.es cdn.hsnstore.com www.hsnstore.it www.facebook.com *.g.doubleclick.net graph.facebook.com api.trustedshops.com cdn1.api.trustedshops.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com sandbox.sequracdn.com live.sequracdn.com;frame-src www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.it live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com www.youtube-nocookie.com sandbox.sequrapi.com sandbox.sequracdn.com live.sequracdn.com;object-src *.hsnstore.com 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-E8871E8880E0A5FEE4C79AC20A8D8097' 'strict-dynamic'; style-src 'self' 'nonce-E8871E8880E0A5FEE4C79AC20A8D8097' translate.googleapis.com; connect-src 'self' https: ; img-src 'self' https: data:; font-src 'none' ; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com td.doubleclick.net; base-uri 'none'; report-uri https://www.huurwoningbemiddeling.nl/API/Site/CspReport 1
script-src 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; img-src http://* https://*; 1
default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com; img-src data: https://*.isidata.net data: https://*.google-analytics.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://*.fontawesome.com; form-action https://*.s3.amazonaws.com https://*.isidata.net 1
frame-ancestors 'self' https://procountor.se/; 1
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://s.go-mpulse.net/boomerang/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.syndication.twimg.com/timeline/ https://code.highcharts.com/ https://connect.facebook.net/it_IT/sdk.js https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://rawgit.com/tyrasd/osmtogeojson/ https://s7.addthis.com/js/300/addthis_widget.js https://use.fontawesome.com/;frame-ancestors 'self' file: *.spaggiari.eu italiascuola.it www.italiascuola.it; 1
script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self';form-action 'self';frame-ancestors 'self';block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
upgrade-insecure-requests; form-action 'self' 1
frame-src https:; img-src http: https: data:; script-src http: https: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; default-src 'self' cdn1.svenskaspel.net;script-src 'self' cdn1.svenskaspel.net api.www.momangcasino.se www.google-analytics.com region1.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net track.adform.net s1.adform.net s2.adform.net https://*.tradedoubler.com assets.adobedtm.com svenskaspelsportcasino.sc.omtrdc.net https://*.hotjar.com gtm.spela.svenskaspel.se https://cdn.cookielaw.org smetrics.spela.svenskaspel.se metrics.spela.svenskaspel.se https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net server.adobedc.net;style-src 'self' 'unsafe-inline' cdn1.svenskaspel.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com https://*.hotjar.com https://*.qualtrics.com;img-src https://api.www.momangcasino.se 'self' data: cdn1.svenskaspel.net api.www.momangcasino.se www.google-analytics.com region1.google-analytics.com https://www.facebook.com track.adform.net ad.doubleclick.net https://*.tradedoubler.com cm.everesttech.net dpm.demdex.net https://*.hotjar.com https://fonts.gstatic.com/ www.googletagmanager.com gtm.spela.svenskaspel.se https://optanon.blob.core.windows.net https://cdn.cookielaw.org smetrics.spela.svenskaspel.se metrics.spela.svenskaspel.se https://siteintercept.qualtrics.com adobedc.demdex.net edge.adobedc.net server.adobedc.net;font-src 'self' cdn1.svenskaspel.net data: fonts.googleapis.com fonts.gstatic.com https://*.hotjar.com https://fonts.gstatic.com;media-src *.svenskaspel.se *.svenskaspel.net *.momangcasino.se *.momangcasino.com *.momangcasino.nu;frame-src 'self' api.www.momangcasino.se https://www.facebook.com https://connect.facebook.net https://*.tradedoubler.com https://*.fls.doubleclick.net svenskaspelsportcasino.demdex.net https://vars.hotjar.com https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net smetrics.spela.svenskaspel.se server.adobedc.net;object-src 'none';frame-ancestors 'none';worker-src *.momangcasino.se:* *.svenskaspel.se:*;connect-src 'self' https://api.www.momangcasino.se cdn1.svenskaspel.net api.www.momangcasino.se wss://api.www.momangcasino.se www.google-analytics.com region1.google-analytics.com www.google.com googleads.g.doubleclick.net dpm.demdex.net svenskaspelsportcasi.tt.omtrdc.net https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com https://*.googletagmanager.com gtm.spela.svenskaspel.se targetsoc.spela.svenskaspel.se https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.qualtrics.com adobedc.demdex.net edge.adobedc.net smetrics.spela.svenskaspel.se server.adobedc.net; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.ae https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.ae https://m.myprotein.ae https://checkout.myprotein.ae https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; img-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://*.wp.com http://www.onlineclinic.com.br https://www.onlineclinic.com.br; object-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; frame-src 'self' data: https://*.web.onlineclinic.com.br http://*.web.onlineclinic.com.br https://*.google.com.br https://*.gravatar.com https://fonts.googleapis.com https://fonts.gstatic.com https://elfsight.com https://*.google-analytics.com http://*.onlineclinic.com.br https://*.onlineclinic.com.br http://*.omappapi.com https://*.omappapi.com https://*.youtube.com https://*.googletagmanager.com https://widgets.wp.com/ http://www.onlineclinic.com.br https://www.onlineclinic.com.br; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.facebook.com *.youtube.com *.google-analytics.com *.ampproject.org *.cloudflare.com *.googlesyndication.com *.googletagmanager.com *.google.com.br *.googletagservices.com cdn.iframe.ly *.facebook.net *.googleadservices.com *.doubleclick.net 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/923720667/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtag/js 'unsafe-inline'; style-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; font-src 'self' https://cdnjs.cloudflare.com; manifest-src 'self'; img-src 'self' https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.in https://www.google.com; media-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; connect-src 'self' https: ; img-src 'self' 'unsafe-inline' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.formstack.com https://*.cognitoforms.com https://optimize.google.com; frame-src 'self' https:; font-src 'self' https:; object-src 'self' *.ms.webaixia.com; frame-ancestors 'none'; 1
img-src https://www.ruangmenyala.com https: blob: data: https://www.youtube.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://www.googletagmanager.com https://www.google.com; worker-src 'self' blob: https://www.ruangmenyala.com; script-src 'sha256-sZaDuTuWC5iskMf+3GpqXX4mSSs+pQ6DUMm9fLxeGqk=' 'nonce-E46ORuPiPeHAsYduoK5_2SSIzDJz5nbB7n9NTuyCt6B59PKvSPFKOiWmjjXou43B' 'strict-dynamic' 'self' 'self' https://www.ruangmenyala.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://graph.instagram.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.gstatic.com; connect-src https://www.ruangmenyala.com *.google-analytics.com *.fonts.googleapis.com *.instagram.com *.higo.id https://www.recaptcha.net https://gp.higo.id https://connect.facebook.net https://static.ads-twitter.com https://banner.appsflyer.com https://c.contentsquare.net https://k-aeu1.contentsquare.net https://analytics.google.com; form-action 'self'; frame-src 'self' https://www.youtube.com https://www.facebook.com https://twitter.com https://www.whatsapp.com https://www.recaptcha.net; frame-ancestors 'none'; object-src 'none'; base-uri https://www.ruangmenyala.com 1
default-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com fonts.gstatic.com https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net/ https://*.mailchimp.com/; script-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com assets.calendly.com calendly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com 'unsafe-inline' https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net https://*.agilecrm.com https://*.cloudflare.com/ https://*.mailchimp.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.fontawesome.com/; frame-src 'self' assets.calendly.com calendly.com https://*.cookiebot.com/ https://*.youtube.com/ http://*.trustpilot.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' imgsct.cookiebot.com https://static.zdassets.com/ 64.media.tumblr.com maps.gstatic.com maps.googleapis.com data: *.google-analytics.com https://www.googletagmanager.com; frame-ancestors 'self' 1
default-src 'self' https://play.vidyard.com *.vidyard.com *.dynamicyield.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.claro.com.co *.claro.com *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com *.amazonaws.com https://s3.amazonaws.com https://static.opentok.com https://device.clearsale.com.br *.montechelo.com.co *.clearsale.com.br https://checkout.wompi.co *.wompi.co https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://widget.sndcdn.com https://cdn.siftscience.com *.siftscience.com *.sndcdn.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://play.vidyard.com *.vidyard.com *.flowai.app https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://code.angularjs.org https://player.vimeo.com *.vimeo.com *.angularjs.org *.browseranalytic.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io *.dynamicyield.com https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net; img-src 'self' data: *.claro.com.co *.claro.com *.cloudfront.net *.flowai.app *.px.ads.linkedin.com *.linkedin.com *.montechelo.com.co *.facebook.com *.amazonaws.com https://device.clearsale.com.br *.clearsale.com.br https://hexagon-analytics.com *.hexagon-analytics.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://vop.sundaysky.com *.sundaysky.com https://s3.amazonaws.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com *.cloudfront.net https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com *.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://i1.sndcdn.com *.sndcdn.com https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self' *.claro.com.co *.claro.com *.googleadservices.com *.grupobancolombia.com *.amazonaws.com *.cloudfront.net https://s3.amazonaws.com https://static.zdassets.com *.flowai.app *.zdassets.com https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data:; frame-src 'self' *.claro.com.co *.claro.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://checkout.wompi.co *.wompi.co https://widget.spreaker.com *.spreaker.com *.flowai.app https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://series1.cma.com.br *.cma.com.br https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; style-src 'self' 'unsafe-inline' *.claro.com.co *.claro.com https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.flowai.app *.bancolombia.com *.dynamicyield.com *.amazonaws.com https://s3.amazonaws.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://cdn2.hubspot.net https://assets.vidyard.com *.vidyard.com *.hubspot.net https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com; connect-src 'self' *.claro.com.co wss://ws.flowai.app *.flowai.app surveystats.hotjar.io *.claro.com https://sessions.bugsnag.com *.bugsnag.com https://gms-digitales.claro.com.co:8443 *.claro.com.co:8443 *.claro.com.co:8030 wss://omni.montechelo.com.co *.dynamicyield.com *.montechelo.com.co https://webrtc.claro.com.co:8030 https://production.wompi.co *.wompi.co *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com https://external.apps.bancolombia.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com *.amazonaws.com https://s3.amazonaws.com *.claro.com.co *.claro.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co *.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co:7002 *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://external-qa.apps.ambientesbc.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; font-src 'self' data: https://www.grupobancolombia.com *.grupobancolombia.com https://script.hotjar.com *.dynamicyield.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com *.flowai.app https://jsbin-user-assets.s3.amazonaws.com *.amazonaws.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.co https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com; object-src 'none'; 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com/ga.js https://ajax.cloudflare.com https://amp.cloudflare.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://www.instagram.com https://platform.instagram.com https://www.redditstatic.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.syndication.twimg.com https://connect.facebook.net https://platform.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://ajax.googleapis.com https://amp.cloudflare.com https://ton.twimg.com https://platform.twitter.com; img-src * data: ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' cloudflareinsights.com *.amp.cloudflare.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://bam.nr-data.net; frame-src 'self' data: blob: https://open.spotify.com https://www.google.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://mobile.twitter.com https://t.co https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com https://m.facebook.com https://static.xx.fbcdn.net https://www.instagram.com https://www.redditmedia.com https://w.soundcloud.com https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.vimeo.com https://dailymotion.com https://www.dailymotion.com *.amp.cloudflare.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ukff.report-uri.com/r/d/csp/enforce; 1
font-src *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.bing.com *.google.com *.google.fr *.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sibautomation.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hipay.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://in-automate.brevo.com *.hipay.com wss://mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.google.com *.doubleclick.net *.google-analytics.com *.hipay-tpp.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self';form-action 'self';base-uri 'self';object-src 'self'; 1
default-src 'self' blob: 'unsafe-inline'; media-src * blob: data: ; style-src 'self' https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://cdn.jsdelivr.net https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com 'unsafe-inline'; font-src data: 'self' https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://app.interakt.ai  https://www.googletagmanager.com https://www.googleanalytics.com https://code.highcharts.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; connect-src data: 'self' blob: 'unsafe-inline' https://translate.googleapis.com https://pagead2.googlesyndication.com https://graph.facebook.com https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://app.interakt.ai https://api.interakt.ai https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net; img-src 'self' data: blob: 'unsafe-inline' https://translate.googleapis.com https://translate.google.com https://fonts.gstatic.com  https://www.gstatic.com https://api.qrserver.com https://xtratrust.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google.com https://stkiwiwebdev.z23.web.core.windows.net https://app.interakt.ai  https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net http://cdnjs.cloudflare.com http://webapplayers.com https://connect.facebook.net https://www.facebook.com; frame-src 'self' blob: https://td.doubleclick.net https://app.interakt.ai  https://www.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.googletagmanager.com https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com; 1
script-src 'nonce-cbd9aa044c' 'unsafe-inline' http: https: method.com;object-src 'none';base-uri 'none' 1
frame-ancestors 'self' landkreis-boerde.de *.landkreis-boerde.de landkreis-boerde.dev *.landkreis-boerde.dev; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vive.im; img-src 'self' https: data: blob: https://vive.im; style-src 'self' https://vive.im 'nonce-7oIK/n7QHMk+No8n0JluYQ=='; media-src 'self' https: data: https://vive.im; frame-src 'self' https:; manifest-src 'self' https://vive.im; form-action 'self'; connect-src 'self' data: blob: https://vive.im https://media.vive.im wss://vive.im; script-src 'self' https://vive.im 'wasm-unsafe-eval'; child-src 'self' blob: https://vive.im; worker-src 'self' blob: https://vive.im 1
default-src 'self' https://www.xxxx.com.au;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.xxxx.com.au https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://www.youtube.com https://tags.tiqcdn.com https://www.googletagmanager.com https://connect.facebook.net https://my.tealiumiq.com https://deploytealium.com;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net;       object-src 'none';       base-uri 'self';       connect-src 'self' https://collect-ap-southeast-2.tealiumiq.com https://www.google-analytics.com;       font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net;       frame-src 'self' https://maps.google.com/ https://www.youtube.com https://www.google.com/ https://www.facebook.com/;       img-src 'self' data: blob: https://secure.gravatar.com https://www.facebook.com https://collect.tealiumiq.com https://scontent-syd2-1.cdninstagram.com;       manifest-src 'self';      media-src 'self' blob:;       worker-src 'self' blob:; 1
default-src 'self' data: https://api.regionaalenergieloket.nl; script-src 'self' https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com https://static.cloudflareinsights.com ajax.cloudflare.com https://*.storelocatorwidgets.com https://*.survicate.com https://scripts.simpleanalyticscdn.com; script-src-elem 'self' 'unsafe-hashes' data: https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com/ https://www.googletagmanager.com/ https://static.cloudflareinsights.com https://*.storelocatorwidgets.com https://*.survicate.com 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' scripts.simpleanalyticscdn.com 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM='; script-src-attr 'self' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-elem 'self' 'unsafe-inline' data: https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-attr 'self' 'unsafe-hashes' data: 'sha256-MRwka0/4j4rDIhqWHKzHVgYCKfmEnNH0AT3nVR928O0=' 'sha256-TbrjG17MSiO8IKSlX/5IHYPweVR4+mHPUuUwZ7a5a2Y=' 'sha256-LZDbS/CUwn+BjQYT2qJ1p7VkcOLJrL0M6KyT1EUYfI4='; img-src 'self' data: https://res.cloudinary.com https://images.ctfassets.net https://*.google-analytics.com https://*.regionaalenergieloket.nl https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com https://*.mux.com; font-src 'self' data: https://fonts.gstatic.com https://*.survicate.com; connect-src 'self' https://*.widget.trengo.eu https://sessions.bugsnag.com https://cdn.contentful.com https://notify.bugsnag.com/ https://*.regionaalenergieloket.nl https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io/ https://*.google-analytics.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://cloudflareinsights.com https://*.survicate.com https://queue.simpleanalyticscdn.com https://*.mux.com; media-src 'self' https://res.cloudinary.com https://*.survicate.com https://*.mux.com blob:; object-src 'none'; child-src 'self' https://*.regionaalenergieloket.nl blob:; frame-src 'self' https://*.hotjar.com https://*.regionaalenergieloket.nl; frame-ancestors 'self' https://*.regionaalenergieloket.nl; form-action 'self' https://*.regionaalenergieloket.nl; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://bleeve.report-uri.com/r/d/csp/enforce; 1
default-src https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.lr-ingest.com https://*.clarity.ms https://*.newrelic.com https://*.emerchantpay.com https://*.ckotech.co https://*.checkout.com https://fpnpmcdn.net https://*.prismic.io https://ipinfo.io https://*.stripe.com  https://*.bing.com https://*.cardinalcommerce.com https://*.cloudflareinsights.com https://*.securetrading.net https://www.gstatic.com https://connect.facebook.net https://www.google.com https://www.google.com.mt https://optimize.google.com https://*.chatra.io https://cdnjs.cloudflare.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net blob:; style-src 'self' data: 'unsafe-inline' https://unpkg.com/ https://optimize.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.chatra.io; img-src 'self' https: data:; media-src 'self' data: https://call.chatra.io; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.chatra.io; connect-src 'self' data: https://ipapi.co https://*.lr-ingest.com https://*.clarity.ms https://*.browser-intake-datadoghq.com https://*.ckotech.co https://*.checkout.com https://*.google-analytics.com https://ipinfo.io https://*.sentry.io https://www.facebook.com https://*.chatra.io https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.g.doubleclick.net https://*.cardinalcommerce.com https://*.amazonaws.com https://*.cloudflarestorage.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://github.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://cosmetics.lk https://www.googletagmanager.com https://stats.wp.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://*.list-manage.com https://*.ggpht.com https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; img-src 'self' data: https://sw-themes.com https://www.paypalobjects.com https://cosmetics.lk https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https://esprechstunde.net wss://esprechstunde.net https://sentry.digineo.de 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://go5.dev; img-src 'self' https: data: blob: https://go5.dev; style-src 'self' https://go5.dev 'nonce-AM4vG9cv1c7BqGZ29okIxA=='; media-src 'self' https: data: https://go5.dev; frame-src 'self' https:; manifest-src 'self' https://go5.dev; form-action 'self'; child-src 'self' blob: https://go5.dev; worker-src 'self' blob: https://go5.dev; connect-src 'self' data: blob: https://go5.dev https://media.go5.dev wss://go5.dev; script-src 'self' https://go5.dev 'wasm-unsafe-eval' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none';  form-action 'self'; base-uri 'self' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' https://alcdn.msauth.net/browser/2.15.0/js/msal-browser.js https://alcdn.msftauth.net/browser/2.15.0/js/msal-browser.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/;img-src 'self' https://refereimages.blob.core.windows.net/sigas/ data: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com/css;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com/css;connect-src 'self' https://login.microsoftonline.com/ https://login.microsoftonline.com/3926151d-405a-4844-829e-7f62e81edd21/v2.0/.well-known/openid-configuration https://www.hdi.com.br/digital2/j_spring_security_check https://corretor.portoseguro.com.br/portal/site/corretoronline/template.LOGIN_ROBO/action.process; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://docs.refere.com.br/ *.mongeralaegon.com.br;frame-ancestors https://docs.refere.com.br/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noitl.space; img-src 'self' https: data: blob: https://noitl.space; style-src 'self' https://noitl.space 'nonce-WgZGDaRC+CVn7nlTRyxFvw=='; media-src 'self' https: data: https://noitl.space; frame-src 'self' https:; manifest-src 'self' https://noitl.space; form-action 'self'; child-src 'self' blob: https://noitl.space; worker-src 'self' blob: https://noitl.space; connect-src 'self' data: blob: https://noitl.space https://files.noitl.space wss://noitl.space; script-src 'self' https://noitl.space 'wasm-unsafe-eval' 1
frame-ancestors https://www.hellebrekers.nl 1
default-src 'self'; child-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/exif-js https://cdn.jsdelivr.net/npm/uuid@latest/dist/umd/uuidv4.min.js https://cdnjs.cloudflare.com/ajax/libs/html5-qrcode/1.2.4/html5-qrcode.min.js; img-src 'self' data: https://baggage-files-stage.s3.eu-west-2.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline'  https://cdn.cookielaw.org https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://www.recaptcha.net https://cdn.cookielaw.org; connect-src 'self'  https://www.google-analytics.com https://cdn.cookielaw.org https://s3.eu-west-2.amazonaws.com/baggage-files-stage https://wtss-api.mybag-stage.aero; frame-src 'self' https://fonts.gstatic.com https://google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ogDJb/amd73tNgBucmeR+qeLeHrhl39bD8CHGzhhAQt2bhO8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https://*.attivo.cloud 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' *.publitas.com connect.facebook.net *.carrefour.tn *.googleapis.com *.google.com *.gstatic.com; script-src-attr 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://connect.facebook.net/ *.carrefour.tn *.googleapis.com; script-src-elem 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' *.publitas.com *.facebook.net *.carrefour.tn *.googleapis.com www.google.com *.gstatic.com *.sharethis.com *.paypal.com *.algolianet.com *.algolia.net *.polyfill.io polyfill.io *.google-analytics.com *.hotjar.com *.googletagmanager.com; style-src 'unsafe-inline' 'report-sample' 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com *.carrefour.tn *.sharethis.com; object-src 'none'; base-uri 'self' *.carrefour.tn; connect-src 'self' wss://*.hotjar.com *.doubleclick.net *.hotjar.com *.googleapis.com *.google-analytics.com *.cdn77.org *.meetlookup.com  *.carrefour.tn *.facebook.com *.sharethis.com *.meetlookup.com *.algolianet.com *.algolia.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com *.carrefour.tn; frame-src 'self' *.publitas.com *.hotjar.com www.google.com *.gstatic.com www.facebook.com online.fliphtml5.com *.youtube.com *.sharethis.com; img-src data: blob: 'self' *.google.tn *.google.com *.google.nl *.googletagmanager.com *.google-analytics.com *.carrefour.tn www.facebook.com *.gstatic.com *.windows.net *.googleapis.com *.xtento.com i.ibb.co i.ytimg.com www.magentocommerce.com *.ggpht.com; manifest-src 'self'; media-src 'self' *.carrefour.tn; report-uri https://satoripop.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com calltouch.ru *.calltouch.ru app.cmd-online.ru balancer.voximplant.com ;style-src 'self' 'unsafe-inline' *.jivo.ru app.cmd-online.ru cdn.materialdesignicons.com cdn.jsdelivr.net ;connect-src 'self' 'unsafe-inline' wss: *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com calltouch.ru *.calltouch.ru app.cmd-online.ru balancer.voximplant.com ;img-src * data: ;frame-ancestors 'self' ;frame-src *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net app.cmd-online.ru;media-src * ;object-src 'none' ; base-uri 'self' ;form-action 'self' ;font-src * ; 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-Jf9rFIUmIIBFiybXDA5YZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.azureedge.net *.googleapis.com *.cloudfront.net *.google-analytics.com *.doubleclick.net; object-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob: https://immer.chat; font-src 'self' data:; connect-src 'self' https://immer.chat; media-src 'self' data: blob:; object-src 'self'; child-src 'self' blob: data:; frame-src 'self' blob: data: https://*.immerda.ch; worker-src 'self'; frame-ancestors 'self' https://immer.chat; form-action 'self'; base-uri 'self'; manifest-src 'self'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' data: *.shariaty.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src  'self';                                       img-src 'self'                                                                data:                  https://www.google.be                   https://*.google-analytics.com                  https://*.googletagmanager.com                  https://www.googletagmanager.com                                      https://www.google-analytics.com                                      https://www.googleadservices.com                                       https://*.gstatic.com                                       https://www.google-analytics.com                                         https://googleads.g.doubleclick.net                                      https://www.google.com                                      https://www.google.co.uk                                       https://stats.g.doubleclick.net                                      https://www.w3.org/                                       https://i.ytimg.com/                                       https://*.twitter.com                                      https://*.twimg.com                                       https://d10lpsik1i8c69.cloudfront.net                                      https://www.facebook.com                                                       http://www.sigmaaldrich.com/content/dam/sigma-aldrich/                                     https://www.sigmaaldrich.com/content/dam/sigma-aldrich/;                                                                connect-src 'self'                  https://www.google.be                  https://*.google-analytics.com                  https://*.analytics.google.com                  https://*.googletagmanager.com                     https://pubsub.googleapis.com                                       https://www.google-analytics.com                                      https://stats.g.doubleclick.net                                      https://settings.luckyorange.net                                         https://api.luckyorange.com                                      wss://*.visitors.live                                         wss://visitors.live                                        https://connect.facebook.net                                     https://www.facebook.com                                      https://ka-f.fontawesome.com;                                                                script-src 'unsafe-inline'                                      'unsafe-eval'                                              'self'                                                                      blob:       https://static.hotjar.com https://consent.cookiebot.com           https://www.google.be                  https://ssl.google-analytics.com                  https://*.googletagmanager.com                   https://www.googletagmanager.com                                      https://*.google-analytics.com                                        https://tagmanager.google.com                                        https://*.googletagmanager.com                                       https://www.google.com                                       https://www.googleadservices.com                                        https://fonts.googleapis.com                                       https://*.g.doubleclick.net                                       https://platform.twitter.com                                      https://*.twimg.com                                       https://d10lpsik1i8c69.cloudfront.net                                      https://connect.facebook.net                                      https://cdnjs.cloudflare.com/ajax/libs/                                     https://kit.fontawesome.com                                       https://ajax.googleapis.com/ajax/libs/jquery/                               https://secure.norm0care.com/;                                                               frame-src https://www.google.com                             https://play.google.com                               https://*.youtube.com                                         https://*.youtube-nocookie.com                                       https://*.twitter.com                                      https://bid.g.doubleclick.net                                       https://www.facebook.com                                     https://eppi.app/;                                                                  style-src 'self'                                            'unsafe-inline';                 style-src-elem 'self' 'unsafe-inline'                                  https://cdnjs.cloudflare.com                      https://cdnjs.cloudflare.com/ajax/libs/foundation/                                      https://platform.twitter.com/css/                                      https://*.twimg.com                                         https://d10lpsik1i8c69.cloudfront.net;                                                                  font-src 'self'                                                   https://ka-f.fontawesome.com;                                                                 child-src blob:; 1
default-src: https: 'unsafe-inline'; frame-ancestors 'self' *.facebook.com 1
frame-ancestors https://*.myrefractiveservices.com/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://appdot.net; img-src 'self' https: data: blob: https://appdot.net; style-src 'self' https://appdot.net 'nonce-Yil4IUxmM/NK6d2aQ/bivw=='; media-src 'self' https: data: https://appdot.net; frame-src 'self' https:; manifest-src 'self' https://appdot.net; form-action 'self'; child-src 'self' blob: https://appdot.net; worker-src 'self' blob: https://appdot.net; connect-src 'self' data: blob: https://appdot.net https://cdn.masto.host wss://appdot.net; script-src 'self' https://appdot.net 'wasm-unsafe-eval' 1
default-src https:; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' yui.yahooapis.com *.google-analytics.com ajax.googleapis.com https:; img-src 'self' data: https:; style-src 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors *.ariba.com *.force.com 1
report-uri https://reports.werft22.net/default; report-to default; default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src nanoo.tv www.nanoo.tv widgets.sociablekit.com; script-src 'self' 'unsafe-inline' code.jquery.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' www.nanoo.tv mailings.nanoo.tv; img-src 'self' data:  1
Content-Security-Policy: default-src f1miamigp.com *.pcdn.co *.okta.com 1
font-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ https://paywall.imoje.pl *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com *.facebook.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://paywall.imoje.pl *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.google.com *.paypal.com https://paywall.imoje.pl www.facebook.com platform.twitter.com *.twitter.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.google-analytics.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.googletagmanager.com *.facebook.com *.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.pl *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com s.ytimg.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl www.gstatic.com *.paypal.com https://paywall.imoje.pl https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudflare.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.pl *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cards-accept.bm.pl cards.bm.pl pay.google.com https://paywall.imoje.pl *.avada.io connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ getfirebug.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com https://paywall.imoje.pl *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net https://stats.g.doubleclick.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://paywall.imoje.pl https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri api/v1/csp_report; img-src * data:; font-src * data:; worker-src 'self' blob:; connect-src *; form-action *; frame-ancestors 'self' http://*.antstudio.cz http://*.antstudio.eu https://*.antstudio.cz https://*.antstudio.eu; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * blob: 'unsafe-inline' data:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-S3nfQ2NhaoyassR3fzsFxQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.visitor.chat; 1
default-src 'self'; object-src 'none'; img-src 'self' data: https://virtuele-gemeente-assistent.nl https:; script-src 'self' https://virtuele-gemeente-assistent.nl  https://cloudstatic.obi4wan.com  https://stats.pusher.com  http://dordrecht.livecom.net ; connect-src 'self' https://virtuele-gemeente-assistent.nl  wss:  https://cloudstatic.obi4wan.com  https://chatapi.obi4wan.com  https://sentry.maykinmedia.nl ; style-src 'self' https://virtuele-gemeente-assistent.nl  https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com  http://dordrecht.livecom.net  'unsafe-inline'; font-src 'self' data: https://virtuele-gemeente-assistent.nl  https://fonts.gstatic.com ; 1
upgrade-insecure-requests;style-src 'self' 'nonce-ophuLWf-Ta2914R';font-src 'self';script-src 'self' 'nonce-ophuLWf-Ta2914R' ;connect-src 'self' https://portend.place wss://portend.place  https://media.portend.place;media-src 'self' https://media.portend.place;img-src 'self' data: blob: https://media.portend.place;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
frame-ancestors 'self', base-uri 'self';connect-src 'self' 'unsafe-inline' https://google.com zeus.jfk.com.co metrics.hotjar.io www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://cooperativajfk.my.salesforce-sites.com https://content.hotjar.io wss://ws.hotjar.com;form-action 'self';img-src 'self' www.googletagmanager.com www.google.com www.google.com.co www.facebook.com googleads.g.doubleclick.net data: blob:;media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.googleadservices.com static.hotjar.com https://script.hotjar.com connect.facebook.net https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js momentjs.com https://zeus.jfk.com.co https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/locale/es.min.js https://cdn.jsdelivr.net/npm/vee-validate@<3.0.0/dist/vee-validate.js https://cooperativajfk.my.salesforce-sites.com/lightning/lightning.out.delegate.js https://cooperativajfk.my.salesforce-sites.com/lightning/lightning.out.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/timepicker/1.3.5/jquery.timepicker.min.css https://cooperativajfk.my.salesforce-sites.com/*;object-src 'self';frame-src 'self' 'unsafe-inline' www.youtube.com www.google.com https://td.doubleclick.net https://next.knryo.com 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.sendcloud.sc *.google.com *.addthis.com *.pinterest.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.google.com *.gstatic.com *.sendcloud.sc *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sundhedsdatastyrelsen.dk  https://polyfill.io/ https://www.streamio.com/; frame-src https://*.sundhedsdatastyrelsen.dk/  https://candidate.hr-manager.net/ https://www.streamio.com/; 1
frame-ancestors 'self' https://*.datocms.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-b995dfe966f64a918875b02159fc073e' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' https://www.kerstpakkettenidee.nl; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; frame-src 'self' data: http: https: google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: ajax.googleapis.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://surfbluewave.com https://*.surfbluewave.com https://www.okacs.com https://*.okacs.com https://www.acornli.com https://acornli.com https://*.acornli.com https://bluewave-attachments.s3.us-west-2.amazonaws.com https://bluewave-equipment-photos.s3.us-west-2.amazonaws.com https://bluewave-badge-photos.s3.us-west-2.amazonaws.com https://bluewave-documents.s3-us-west-2.amazonaws.com https://bluewave-documents.s3.us-west-2.amazonaws.com https://bluewave-message-media.s3-us-west-2.amazonaws.com https://bluewave-message-media.s3.us-west-2.amazonaws.com https://bluewave-photos.s3.amazonaws.com https://bluewave-screenshots.s3-us-west-2.amazonaws.com https://bluewave-screenshots.s3.us-west-2.amazonaws.com https://bluewave-signatures.s3-us-west-2.amazonaws.com https://bluewave-signatures.s3.us-west-2.amazonaws.com https://dropbox-receipts.s3.us-west-2.amazonaws.com https://maxcdn.bootstrapcdn.com https://www.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com; upgrade-insecure-requests; 1
default-src 'self' api.newsletter2go.com *.google-analytics.com *.googletagmanager.com tech-banker.com api.friendlycaptcha.com; font-src 'self' data: player.podigee-cdn.net; style-src 'self' 'unsafe-inline' cdn.podigee.com player.podigee-cdn.net; img-src 'self' data: secure.gravatar.com files.newsletter2go.com ps.w.org www.joomunited.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.podigee.com player.podigee-cdn.net static.newsletter2go.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleapis.com *.youtube.com blob:; frame-src player.podigee-cdn.net player.vimeo.com vimeo.com *.youtube-nocookie.com *.youtube.com 1
script-src self 'strict-dynamic' 'nonce-ijKgcPJmD22S4hyxhivQSKh10MlOSuaV'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com/v3/ https://*.fundraisingbox.com https://*.spendino.de https://*.etracker.com https://*.etracker.de https://widgets.regiondo.net https://js.stripe.com/v3; style-src 'self' 'unsafe-inline' https://*.fundraisingbox.com https://*.spendino.de https://shared-frontend-resources.prod.regiondo.net; img-src 'self' https: data:; font-src 'self' https:; worker-src 'self'; connect-src 'self' https://*.spendino.de https://*.etracker.com https://*.etracker.de https://partner-widgets-editor-backend.prod.regiondo.net https://shopping-experience-api.prod.regiondo.net https://kloster-eberbach.regiondo.de; frame-src 'self' https://*.stripe.com/v3/ https://*.fundraisingbox.com https://*.spendino.de https://*.sibforms.com; object-src 'self' 1
frame-ancestors 'self' www.oxworks.com.au 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://tools.petafuel.de https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://maytrics.marvellousmachine.net https://news.global-konto.com https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ; 1
frame-ancestors craft3-d14ab11d92ad.hyperlane.co 1
default-src data: *.g.doubleclick.net www.facebook.com *.google-analytics.com *.google.com www.gstatic.com connect.facebook.net *.googletagmanager.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src www.google-analytics.com www.google-analytics.co connect.facebook.net cdn.jsdelivr.net www.gstatic.com www.google.com www.googletagmanager.com data: s0.2mdn.net 'unsafe-inline' 'unsafe-eval' 'self'; frame-src www.google.com www.youtube.com www.facebook.com 'self' player.vimeo.com; 1
unsafe-inline; frame-ancestors 'self'; object-src 'self' 1
style-src 'self' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; img-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; connect-src 'self'; style-src-elem 'self' 'unsafe-inline' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; default-src 'self' *.shinywhitebox.com 'nonce-GvlkK07BFzNYr1N0J3DseQ=='; object-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; font-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com; frame-ancestors 'self'; frame-src 'self' *.shinywhitebox.com stripe.com *.stripe.com cdn.paddle.com *.paddle.com code.jquery.com www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com *.ytimg.com *.fontawesome.com 1
font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 1
frame-ancestors 'self' https://give.chalcedon.edu https://www.youtube.com 1
frame-ancestors 'self' https://manage.smartindustry.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodonsweden.se; img-src 'self' https: data: blob: https://mastodonsweden.se; style-src 'self' https://mastodonsweden.se 'nonce-0oFSfqt9q0DNMWy5iBJvWQ=='; media-src 'self' https: data: https://mastodonsweden.se; frame-src 'self' https:; manifest-src 'self' https://mastodonsweden.se; form-action 'self'; child-src 'self' blob: https://mastodonsweden.se; worker-src 'self' blob: https://mastodonsweden.se; connect-src 'self' data: blob: https://mastodonsweden.se https://cdn.masto.host wss://mastodonsweden.se; script-src 'self' https://mastodonsweden.se 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0eerkstiqu4sr&partner=; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-+CJWZnDbMwTbd8CSyYWdCn7ffNZzdLUlOSR/1ytWKCSQvbm9' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.cryptshare.com; font-src 'self' https://*.cryptshare.com; img-src 'unsafe-inline' 'self' data: https://*.cryptshare.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.zdassets.com https://*.bing.com https://*.clarity.ms https://*.google.de https://*.hubspot.com https://*.hsforms.com https://*.linkedin.com https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.cryptshare.com https://*.zdassets.com https://*.zendesk.com https://*.cookiebot.com https://*.googletagmanager.com https://cdn.ampproject.org https://*.google-analytics.com https://optimize.google.com https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.bing.com https://*.clarity.ms https://*.hs-scripts.com https://*.hsforms.net https://*.hscta.net https://*.hsforms.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.usemessages.com https://*.hsleadflows.net https://*.licdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cryptshare.com https://*.zdassets.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.bing.com https://*.clarity.ms https://*.hs-forms.com https://*.hsforms.com https://*.hs-forms.net https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.usemessages.com https://*.hsleadflows.net https://*.licdn.com; style-src 'unsafe-inline' https://*.cryptshare.com https://optimize.google.com https://*.googleapis.com https://*.googletagmanager.com; frame-src https://*.cryptshare.com https://*.cookiebot.com https://optimize.google.com https://*.hubspot.com https://*.hsforms.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.googletagmanager.com; connect-src 'self' https://*.zdassets.com https://cdn.linkedin.oribi.io https://*.smooch.io wss://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://*.cookiebot.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.doubleclick.net https://*.bing.com https://*.clarity.ms 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-wb+yS04i/PMuWm8KfwoPbZsVbowqEJRM+wz+FNWzr84LeQec' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com; 1
default-src 'self';style-src 'self' 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';script-src 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';font-src 'none';object-src 'none';base-uri 'none';form-action 'self' https://www.google.com/search;require-trusted-types-for 'script';upgrade-insecure-requests;worker-src 'none';frame-ancestors 'self';report-to csp; report-uri https://b955d87f46a8787af6cdaec8f56047d8.report-uri.com/r/d/csp/enforce; 1
default-src 'self' *.macgamestore.com *.wingamestore.com; form-action 'self' https://*.paypal.com https://*.apple.com https://*.zendesk.com; frame-src 'self' cdn1.macgamestore.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.google.com *.paypal.com *.braintreegateway.com *.apple.com *.ubisoft.com; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.trustpilot.com *.facebook.com *.braintreegateway.com *.braintree-api.com; script-src 'self' 'nonce-ba298e0aa8c27a359a6783a9fa986dc1d927' appleid.cdn-apple.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.paypal.com *.paypalobjects.com *.braintreegateway.com ubistatic2-a.akamaihd.net; style-src 'self' 'unsafe-inline' accounts.google.com; img-src 'self' data: blob: *.macgamestore.com *.wingamestore.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.googletagmanager.com *.trustpilot.com *.facebook.com *.fbsbx.com *.fbcdn.net *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.akamaized.net *.paypal.com *.braintreegateway.com www.gravatar.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com fontlibrary.org github.com use.typekit.net cdn.honey.io; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com code.jquery.com fonts.gstatic.com  *.githubusercontent.com api.github.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com data: buttons.github.io www.youtube.com *.twitter.com *.twimg.com video.ibm.com https://start.openliberty.io/ gitlab.com starter-staging.rh9j6zz75er.us-east.codeengine.appdomain.cloud https://docs.oracle.com/javase/8/docs/api/ 1
upgrade-insecure-requests;, default-src 'unsafe-eval' 'unsafe-inline' *.dataloop.ai https://ps.w.org https://cookie-cdn.cookiepro.com *.cookie-cdn.cookiepro.com https://fonts.googleapis.com/ https://pages.dataloop.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dataloop.ai https://pages.dataloop.ai https://tracking.g2crowd.com/ https://www.youtube.com *.hsappstatic.net *.hubspot.com *.salesforce.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.com *.hubapi.com *.hs-analytics.net *.hsadspixel.net https://cookie-cdn.cookiepro.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://geolocation.onetrust.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://api.olark.com *.hotjar.com https://region1.google-analytics.com https://www.comeet.co https://pendo-eu-static-4844465084039168.storage.googleapis.com https://tags.crwdcntrl.net https://nrpc.olark.com https://data.eu.pendo.io https://www.clarity.ms https://trc.taboola.com https://googleads.g.doubleclick.net https://tr.outbrain.com https://sc.lfeeder.com https://cdn.eu.pendo.io https://www.googletagmanager.com https://ml314.com https://trk.techtarget.com https://static.olark.com https://www.google-analytics.com https://munchkin.marketo.net https://app-sn03.marketo.com https://js.chilipiper.com https://service.giosg.com https://connect.facebook.net https://cdn.taboola.com https://amplify.outbrain.com https://bat.bing.com https://snap.licdn.com https://www.googleadservices.com https://js-eu1.hsforms.net/forms/embed/v2.js https://wave.outbrain.com/; connect-src 'self' https://px.ads.linkedin.com/ https://tracking.g2crowd.com/ https://pagead2.googlesyndication.com/ *.hubapi.com https://ipapi.co/ https://google.com/ https://gtms.dataloop.ai https://pages.dataloop.ai *.facebook.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://region1.google-analytics.com wss://*.hotjar.com *.hotjar.io *.hotjar.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://api.olark.com https://api.chilipiper.com https://tracking.chilipiper.com https://pips.taboola.com https://cds.taboola.com https://m.clarity.ms https://stats.g.doubleclick.net https://193-hlu-335.mktoresp.com https://trc-events.taboola.com https://service.giosg.com https://www.google-analytics.com https://nrpc.olark.com https://tr.outbrain.com https://forms-eu1.hsforms.com/ https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/ https://cta-eu1.hubspot.com/ https://tr.outbrain.com/; font-src 'self' data:  https://maxcdn.bootstrapcdn.com https://pages.dataloop.ai https://static.olark.com https://fonts.gstatic.com/; img-src 'self' blob: data: *.dataloop.ai *.crocoblock.com *.hubspot.com https://i.ytimg.com/ https://px4.ads.linkedin.com https://ps.w.org https://pages.dataloop.ai https://fonts.gstatic.com https://www.googletagmanager.com https://cookie-cdn.cookiepro.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js.chilipiper.com https://i.vimeocdn.com https://ps.eyeota.net https://tr-rc.lfeeder.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.co.uk https://log.olark.com https://data.eu.pendo.io https://bat.bing.com https://www.facebook.com https://www.google.com https://p.adsymptotic.com https://tr.lfeeder.com https://static.olark.com https://cds.taboola.com https://apt.techtarget.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://q.quora.com https://tr.outbrain.com https://perf-eu1.hsforms.com/ https://forms.hsforms.com/ https://forms-eu1.hsforms.com/;  style-src 'self' 'unsafe-inline' data: https://pages.dataloop.ai *.cookie-cdn.cookiepro.com https://fonts.googleapis.com/ *.dataloop.ai; base-uri 'self'; style-src-elem 'self' 'unsafe-inline' https://pages.dataloop.ai *.cookie-cdn.cookiepro.com *.hsappstatic.net *.hubspot.com *.hs-scripts.com https://pendo-eu-static-4844465084039168.storage.googleapis.com https://storage.googleapis.com https://static.olark.com https://app-sn03.marketo.com https://fonts.googleapis.com https://www.googletagmanager.com; form-action 'self' *.dataloop.ai https://pages.dataloop.ai https://www.facebook.com *.cookie-cdn.cookiepro.com https://dataloop--dlpartial.sandbox.my.salesforce.com/servlet/ https://forms-eu1.hsforms.com/ https://webto.salesforce.com/; frame-src 'self' data: blob: https://docs.google.com/ https://www.youtube.com/ https://td.doubleclick.net/ *.dataloop.ai https://pages.dataloop.ai *.hsappstatic.net *.hubspot.com https://tsdtocl.com https://bid.g.doubleclick.net https://dataloop.chilipiper.com https://player.vimeo.com *.hotjar.com https://app-sn03.marketo.com https://www.facebook.com https://static.olark.com https://www.comeet.co *.cookie-cdn.cookiepro.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://forms-eu1.hsforms.com/; object-src 'self' *.dataloop.ai; media-src 'self' https://pages.dataloop.ai https://static.olark.com https://www.googletagmanager.com *.cookie-cdn.cookiepro.com https://ps.w.org/; sandbox allow-forms allow-scripts allow-popups allow-modals allow-same-origin allow-storage-access-by-user-activation; 1
default-src https:;base-uri 'self';style-src https: 'unsafe-inline' 'self' ;frame-ancestors 'self' https://*.apod.com.au https://apod.com.au; form-action 'self'  https://*.apod.com.au https://apod.com.au https://www.facebook.com ;object-src 'none';img-src https://i.vimeocdn.com https://images.apod.com.au https://cdn.experienceoz.com.au https://www.google.com https://www.google-analytics.com data: 'self' https://www.google.com https://www.google.com.au https://www.facebook.com https://script.hotjar.com;frame-src https://vimeo.com https://player.vimeo.com https://www.google.com https://www.youtube.com https://*.stripe.com data: 'self' https://www.google.com https://vars.hotjar.com https://www.facebook.com; script-src 'strict-dynamic' 'nonce-491334ff5847aef86e959eaf45a9810d0af2d5eea0db82d9ae3b664b51d30726' 'self' https://static.hotjar.com https://script.hotjar.com ; font-src https://script.hotjar.com https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; 1
base-uri 'self'; default-src 'self'; script-src 'self' 'sha256-H40TZZ6/HWrJtCIGoiEXwB9AAWFNT53lo6O+SFTPMrs=' 'sha256-gBontS+wG1dvAVIX1GqQkYX+0+GI7UW0iIUAnAMgjkE=' 'sha256-rtOHWe1ki6nXG3KTkWSu0VygWllP/k4QuRVEfgPnbB0=' 'sha256-fyx0lUuw0J3n9NQ7vd98N/YrDWsNLggBoUjCg3Y+l+0=' 'sha256-KAKi0nlFSTs9uIXud/Wtv5LBsk9n/dc3I6t83YkYjnQ=' 'sha256-F7IdK1nDwoBCkNXeVyiW71fyaulWdGYDC9pUg+kE5J0=' 'sha256-fzk6Qgm/lmTUL0sWtFIxEQ2Lp+r6R9CJ/9nT6n047s4=' 'sha256-05jxDRKxrsJpmItP2yGd8bHBFNGQcGrtRxBAY46OHBQ=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-b0z2S8P8HKU8z8TG7zlObxuSZF7VG/oz85dmu+cQ1lQ=' 'sha256-QK/Po5lDdLecZn8vi2vZA1Z0rkQYo7WK4Dh+DTyPELU=' 'sha256-pKxIgjKjyvFac46hJbVUcM2mZdrM4UfMRVCKlCaY+VE=' 'sha256-lQVfP+wfBTP0BtXLK+tmM9GFbSFJcLHSvWKG15sxLZM=' 'sha256-rDWNpy9BWFh7Z+HXZuzzG0vGmf+quxMC17+5x5YM32c=' 'sha256-6EswWyujUkTgiEA95Jx8nk2zBYByAJaJHDYorhI/oVI=' 'sha256-eaHd32UTCmksGW+Kqja2R1kwrpuiqI4SfApQAkTjcQk=' 'sha256-Kp52hezDHw00E68kWZw7OyiyIl6/ajpQh1d9ts/KQPg=' 'sha256-L5L6tesqNXCsNdAJJTNdDJ8W/q0WtrZL2z9DCNxFEsU='; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self'; img-src 'self'; connect-src 'self'; media-src 'self'; manifest-src 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 1
default-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://c.go-mpulse.net blob:; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com https://c.go-mpulse.net https://173bf104.akstat.io https://stats.g.doubleclick.net https://68794910.akstat.io https://173bf10d.akstat.io https://*.akstat.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://csm01.bancocaribe.com.do:590/ccp/ui/ConnectivityCheck.html https://api.userway.org https://cdn.userway.org https://media.imi.chat https://chat-widget.imi.chat; font-src 'self' https://fonts.gstatic.com https://media.imi.chat; frame-src 'self' 'unsafe-inline' https://8257245.fls.doubleclick.net https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.userway.org https://media.imi.chat; img-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://img.youtube.com https://stats.g.doubleclick.net https://www.google.com https://bcp.crwdcntrl.net https://www.facebook.com https://www.google.com.do https://cdn.userway.org data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com https://tags.crwdcntrl.net https://s.go-mpulse.net https://connect.facebook.net https://wjs.fgptgp.com https://googleads.g.doubleclick.net https://cdn.userway.org https://media.imi.chat; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://cdn.userway.org https://media.imi.chat 1
default-src 'none' ; connect-src https://*.bioserveur.com ; manifest-src https://*.bioserveur.com ; media-src https://*.bioserveur.com ; script-src blob: https://*.bioserveur.com https://*.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; font-src data: https://*.bioserveur.com https://fonts.gstatic.com; img-src data: https://*.bioserveur.com ; style-src https://*.bioserveur.com https://fonts.googleapis.com 'unsafe-inline'; object-src 'none' ; worker-src blob: ; child-src blob: https://*.bioserveur.com ; frame-src blob: https://*.bioserveur.com  https://*.google.com; form-action https://*.bioserveur.com ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 1
script-src-elem 'self' 'unsafe-inline' cdn.matomo.cloud group.us8.list-manage.com unpkg.com cdnjs.cloudflare.com maps.googleapis.com widget.taggbox.com widget-mediator.zopim.com ws.zoominfo.com static.zdassets.com code.jquery.com translate.googleapis.com translate.google.com www.buzzsprout.com www.youtube.com secure.perk0mean.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com maps.google.com www.google.com www.gstatic.com; img-src 'self' 'unsafe-inline' https://* data: maps.googleapis.com www.google.com www.gstatic.com secure.gravatar.com flowbird.group www.caleaccess.com i.ytimg.com www.flowbird.group www.google-analytics.com maps.google.com maps.gstatic.com; media-src 'self' static.zdassets.com; connect-src 'self' nettic.matomo.cloud maps.googleapis.com yoast.com wss://widget-mediator.zopim.com caleamerica.zendesk.com ekr.zdassets.com www.google-analytics.com; font-src 'self' data: parkeon.fireworxlive.com fonts.gstatic.com; frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.taggbox.com secure.perk0mean.com www.google-analytics.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com translate.googleapis.com fonts.googleapis.com; object-src 'none'; frame-src 'self' anchor.fm widget.taggbox.com widget-lite.taggbox.com www.parking-mobility.org www.youtube.com www.youtube-nocookie.com player.vimeo.com www.google.com  www.buzzsprout.com; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tracker.metricool.com https://*.plerdy.com https://maps.googleapis.com https://maps.google.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://cdn.jsdelivr.net https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://packout.milwaukeetool.com https://collect.tealiumiq.com https://www.milwaukeetool.com https://cdnjs.cloudflare.com https://*.hotjar.com https://js.stripe.com https://ws1.postescanada-canadapost.ca 1
frame-src 'self' https://www.google.com https://*.tecsinapse.com.br; frame-ancestors 'self' https://*.cimbb.com.br 1
default-src 'self' http://* https://*; style-src 'self' http://* https://* 'unsafe-inline'; style-src-elem 'self' http://* https://* 'unsafe-inline';  script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* https://* 'unsafe-inline'; media-src 'self' http://* https://* 'unsafe-inline'; frame-src 'self' http://* https://* 'unsafe-inline' content-src 'self' http://* https://* 1
report-uri https://comsatel.com.pe 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://datascene.xyz:8443/socket.io/ wss://datascene.xyz:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://radio.sonicpanel.eu/cp/widgets/player/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://ssl.omegahost.ro/cp/widgets/player/ https://radiodst.dst.appboxes.co/public/radio_dst/; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors https://www.sonichealthplus.com.au https://bookings.sonicvaccinations.com.au https://sonicvaccinations.com.au https://www.sonicvaccinations.com.au https://www.ausskinclinics.com.au https://easyvisitweb.uat.sonichealthcare.com https://web.easyvisit.com.au https://easyvisit.uat.sonichealthcare.com https://www.easyvisit.com.au 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://app.en-courage.com https://abrtp2.marketo.com/gw1/ https://rtp-static.marketo.com/rtp/libs/ https://*.mktoresp.com/ https://*.smartlook.com https://*.smartlook.cloud  https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; img-src * 'nonce-NuPJME4yQFOrsHgess9zdg' blob:; script-src 'self' 'nonce-yQYz7jH1HRrQgZtCGFEfsg' 'strict-dynamic' https://cdn.app.en-courage.com https://abrtp2-cdn.marketo.com/rtp-api/v1/rtp.js https://abrtp2.marketo.com/gw1/ https://rtp-static.marketo.com/rtp/libs/ https://*.smartlook.com https://*.smartlook.cloud  https://www.googletagmanager.com https://b92.yahoo.co.jp https://am.yahoo.co.jp https://pagead2.googlesyndication.com; style-src 'self' 'nonce-LNN32X7Mp0ywI1c38vsYiQ' https://cdn.app.en-courage.com https://rtp-static.marketo.com/rtp/libs/; frame-src 'self' https://www.youtube.com https://googleads.g.doubleclick.net/ https://td.doubleclick.net/; object-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'self';manifest-src 'self' https://cdn.app.en-courage.com; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.esmeralda-voyance.com; 1
style-src https://*.fmz.com https://*.gstatic.com 'self' 'unsafe-inline'; script-src 'self' https://translate.google.com https://*.googleapis.com https://*.aliyuncs.com https://www.googletagmanager.com https://www.google-analytics.com https://*.fmz.com https://*.fmz.cn https://*.tradingview.com blob: 'unsafe-inline' 'unsafe-eval' 127.0.0.1:35720; connect-src 'self' ws: wss: https://*.fmz.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net; font-src https://*.fmz.com 'self' data:;img-src https://*.doubanio.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.fmz.com 'self' data: http://*.google.com.sg https://*.fmz.com https://*.fmz.cn https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://raw.githubusercontent.com http://*.glb.clouddn.com; media-src *; object-src 'self' https://*.fmz.com https://*.fmz.cn; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' wcs.naver.net rum.beusable.net script.beusable.net mgxauaxkqisl514632.cdn.ntruss.com *.beusably.net 'unsafe-eval' sas.nsm-corp.com teralog.techhub.co.kr www.googletagmanager.com;object-src 'self' xv-ncloud.pstatic.net *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com;media-src 'self' *.ncloud.com xv-ncloud.pstatic.net blob:;style-src 'self' 'unsafe-inline' *.beusably.net www.googletagmanager.com fonts.googleapis.com;img-src 'self' data: ssl.pstatic.net *.ncloud.com xv-ncloud.pstatic.net ncloud-cs.static.naver.com i.ytimg.com *.apigw.ntruss.com wcs.naver.com ngc1.nsm-corp.com teralog.techhub.co.kr sync.admixer.co.kr:4450 www.googletagmanager.com fonts.gstatic.com;frame-src nid.naver.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com www.youtube.com xv-ncloud.pstatic.net;connect-src 'self' *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com xv-ncloud.pstatic.net *.naver.com blob: *.google.com wss://rum.beusable.net *.beusably.net ba.beusable.net www.google-analytics.com;font-src 'self' ssl.pstatic.net fonts.gstatic.com 1
frame-ancestors https://admin.intermountainbillpay.com https://dfd.intermountainhealthcare.org https://myhealthplus.intermountainhealthcare.org https://myhealthplus-stage.intermountainhealthcare.org; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browser-update.org https://www.googletagmanager.com https://www.google-analytics.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://browser-update.org https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https: http:;style-src-elem 'self' 'unsafe-inline' https: http:;img-src 'self' https: http: data:;connect-src 'self' https://www.google-analytics.com *;font-src 'self' https: http: data: 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.fr *.gstatic.com *.googleapis.com *.google-analytics.com *.prestashop.com *.doubleclick.net *.googleadservices.com *.avis-verifies.com *.jsdelivr.net *.hipay.com *.iesnare.com cardjs.co.uk *.hipay-tpp.com *.colissimo.fr *.googletagmanager.com *.hotjar.com *.openstreetmap.org; connect-src 'self' *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.hipay-tpp.com *.hipay.com ws:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leet.nl *.leet.ws https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net *.googlesyndication.com www.googletagservices.com fundingchoicesmessages.google.com www.google.com www.gstatic.com apis.google.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.leet.nl *.leet.ws https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com googletagmanager.com; img-src 'self' data: *.leet.nl *.leet.ws www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com https://*.imgur.com https://cdn.discordapp.com *.googlesyndication.com *.doubleclick.net www.google.com www.googleadservices.com; font-src 'self' data: fonts.gstatic.com *.leet.nl *.leet.ws; connect-src 'self' *.leet.nl *.leet.ws https://hcaptcha.com https://*.hcaptcha.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com *.doubleclick.net fundingchoicesmessages.google.com *.googlesyndication.com www.google.com; media-src https://listen.leetmusic.nl; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.leet.nl *.leet.ws *.facebook.com www.google.com www.youtube.com www.offertoro.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.leet.nl *.leet.ws *.facebook.com www.google.com www.youtube.com *.doubleclick.net *.googlesyndication.com;upgrade-insecure-requests; report-uri /csp/report 1
frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-3cDeE49jfYHa7BRbo-I0dA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' blob: cdn.plaid.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapbox.com https://cdn.unstack.com https://js.intercomcdn.com https://cdn.hellosign.com https://widget.intercom.io https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hsappstatic.net https://platform-api.sharethis.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.8/highlight.min.js cdn.spark.app widget.privy.com beacon-v2.helpscout.net *.gstatic.com *.appcues.com *.appcues.net *.hs-analytics.net *.hs-scripts.com *.logrocket.io *.googleapis.com maps.google.com *.plaid.com *.stripe.com *.braintreegateway.com www.paypalobjects.com *.mxpnl.com connect.facebook.net *.googletagmanager.com js.hs-banner.com www.google-analytics.com; font-src 'self' data: https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/icons/ https://res-1.cdn.office.net/files/fabric-cdn-prod_20221201.001/assets/fonts/ https://cdn.unstack.com https://cdn.spark.app https://cloud.typography.com https://*.gstatic.com; connect-src 'self' https://events.mapbox.com https://api.mapbox.com https://notify.bugsnag.com https://analytics.google.com https://sessions.bugsnag.com https://l.sharethis.com https://*.privy.com https://*.googleapis.com wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://analytics.google.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://firestore.googleapis.com https://*.logrocket.io *.mixpanel.com wss://api.appcues.net *.s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data: blob: https://d3h3lpctydzo3v.cloudfront.net https://cdn.unstack.com https://mms.unstack.com https://events.privy.com https://assets.privy.com https://privymktg.com https://cdn.spark.app https://d33v4339jhl8k0.cloudfront.net https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://checkout.paypal.com https://*.s3.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://notify.bugsnag.com https://track.hubspot.com https://www.facebook.com https://d3h3lpctydzo3v.cloudfront.net https://google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://res-1.cdn.office.net/files/fabric-cdn-prod_20221209.001/office-ui-fabric-core/11.1.0/css/fabric.min.css https://cdn.unstack.com https://assets.privy.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.8/styles/github.min.css https://cdn.spark.app https://*.appcues.com https://cloud.typography.com https://d12qcj0uj8d5fb.cloudfront.net https://*.gstatic.com https://*.googleapis.com https://*.google.com; media-src 'self' blob: https://d3h3lpctydzo3v.cloudfront.net; child-src 'self' blob: https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://c.paypal.com; frame-src 'self' https://app.hellosign.com/ https://embedded.hellosign.com/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://www.facebook.com https://meetings.hubspot.com https://c.sharethis.mgr.consensu.org https://*.appcues.com https://*.plaid.com https://*.stripe.com https://*.braintreegateway.com https://c.paypal.com; 1
frame-ancestors *.playox.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: provakil.com *.provakil.com *.cloudfront.net *.razorpay.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.google.com www.googletagmanager.com www.google-analytics.com *.gstatic.com js.driftt.com widget.driftqa.com *.drift.com browser.sentry-cdn.com *.sibautomation.com *.pipedriveassets.com *.pipedrive.com *.clarity.ms  login.microsoftonline.com *.microsoft.com *.live.com ajax.aspnetcdn.com sentry.io *.lfeeder.com *.hotjar.com *.doubleclick.net *.google-analytics.com 1
default-src 'self'; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.zdassets.com *.testrentik.test *.tctm.co *.cookiepro.com *.otovo.com *.nemon2ib.com *.iconnode.com *.tradedoubler.com api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com  www.googleoptimize.com optimize.google.com www.google-analytics.com www.google.com connect.facebook.net googleads.g.doubleclick.net eu5.bookingkit.de www.googleadservices.com ajax.aspnetcdn.com www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development js.mollie.com www.paypal.com  cd.livechatin.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com track.adform.net api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com d2cmqkwo8rxlr9.cloudfront.net static.criteo.net ssl.google-analytics.com tagmanager.google.com ad.doubleclick.net www.youtube.com syndication.twitter.com platform.linkedin.com twimg.com s.ytimg.com publish.twitter.com platform.twitter.com apis.google.com api.livechatinc.com; style-src * 'unsafe-inline'; font-src * data:; connect-src * 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=KSl3sUuG9GxfaFUmbDyRNBtPhUBCR1W%2FCD9TysZFUMDvU3JqlBFVBU12RxMal7dE%2FDCmJS9km1Wmu%2BgOml%2BWZQ%3D%3D; 1
default-src 'self'; frame-src 'self' https://www.google.com https://www.facebook.com https://static.payzen.eu https://vars.hotjar.com https://live.lumiplan.pro https://bulletin.lumiplan.pro https://www.youtube.com https://w.soundcloud.com https://www.calameo.com https://v.calameo.com https://www.komoot.fr https://www.komoot.com https://rive.app https://pv.viewsurf.com https://m.webcam-hd.com https://app.webcam-hd.com https://www.skaping.com https://live.skiplan.com https://*.iadvize.com wss://*.twilio.com https://www.lesarcs.com/ https://www.lesarcs.com/ https://cda-rmdiscount.ctrl-d.fr https://player.vimeo.com https://lumiplan.link https://lumiplay.link/interactive-map/Tignes_ValdIsere/fr https://lumiplay.link/interactive-map/Tignes_ValdIsere/en https://stvi-reload.ctrl-d.fr https://*.ctrl-d.fr; font-src * data: https://*.iadvize.com; img-src * data: blob: https://*.iadvize.com; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; connect-src * data: blob: https://*.iadvize.com wss://*.iadvize.com; worker-src * data: blob:; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubf177c0970f8016f2550b02068ffb602a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afront-vel-b2c%2Cenv%3Aprod 1
img-src * data:; object-src 'self'; font-src 'self'; 1
frame-ancestors *.telmate.com *.telmate.cc *.intelmate.com *.intelmate.net intelmate.net *.telmate.ca secure-synergybc.ca *.ericom-command.com.au *.gtlcommand.com 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.adobedtm.com *.handtalk.me *.googleanalytics.com optimize.google.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src transunion.demdex.net *.handtalk.me *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' dpm.demdex.net *.tt.omtrdc.net *.handtalk.me wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.googletagmanager.com blob: *.google-analytics.com optimize.google.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.adobeaemcloud.com fonts.gstatic.com *.transunionafrica.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; frame-src * optimize.google.com; style-src * optimize.google.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca data:;              style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca;              img-src * data:;  worker-src 'self' blob:; 1
base-uri 'none';child-src 'none';connect-src 'self' api-js.mixpanel.com client.axept.io api.axept.io vitals.vercel-insights.com back.whentocop.fr backend.whentocop.fr whentocop-backend-staging.herokuapp.com wtc-comparator-api.herokuapp.com https://wtc-comparator-api-staging.herokuapp.com www.google-analytics.com www.dwin1.com r.skimresources.com t.skimresources.com stockx.pvxt.net electric-vibrant.whentocop.fr backend-staging.whentocop.fr;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' statics.whentocop.fr static.axept.io client.axept.io axeptio.imgix.net s3.eu-west-3.amazonaws.com www.google.com www.google-analytics.com www.awin1.com t.skimresources.com p.skimresources.com t0.gstatic.com t1.gstatic.com t2.gstatic.com t3.gstatic.com logs-01.loggly.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' static.axept.io client.axept.io vitals.vercel-insights.com api-js.mixpanel.com www.googletagmanager.com www.google-analytics.com www.dwin1.com www.dwin2.com d.impactradius-event.com s.skimresources.com cdn.usefathom.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
frame-ancestors 'self' https://home.wizcloud.co.il https://news.h-erp.co.il; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.xstory.cam:9080 www.xstory.cam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xstory.cam wss://www.xstory.cam *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705982121 1
script-src 'nonce-127f902ac7bdf7211db98bd2934a1170394f39fab0a7e3215f305e51f4ed863b' 'self' https://js.intercomcdn.com https://www.gstatic.com https://www.google.com https://www.clarity.ms https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://roadmap.zapisp.com.br https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://td.doubleclick.net;base-uri 'self'; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 1
default-src 'self'; script-src 'self' 'nonce-zAaIThFPbroXk8XSIO3eaA==' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.smarthome.de  *.adform.net *.cloudflare.com *.cloudfront.net *.facebook.net *.google.de *.google.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.googlevideo.com *.gstatic.com *.intelliad.de *.nuki.io *.telekom.de *.usabilla.com *.wbtrk.net *.youtube-nocookie.com *.ytimg.com applepay.cdn-apple.com pay.google.com tag.contiamo.com empathy-portal.de lpcdn.lpsnmedia.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net cdn.novalnet.de nuki.io webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net s3-eu-west-1.amazonaws.com/dap-prod-dcq/advertisertag-server-code-ee63403fb95864c397%2C082.js; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.smarthome.de  *.cloudfront.net fonts.googleapis.com www.telekom.de webcode.telekom-dienste.de; img-src 'self' data: cdn.smarthome.de  *.adform.net *.brodos.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google.de *.google.com *.googlevideo.com *.gstatic.com *.intelliad.de *.telekom.de *.usabilla.com *.ytimg.com *.youtube-nocookie.com events.contiamo.com empathy-portal.de lptag.liveperson.net lpcdn.lpsnmedia.net tracking.mlsat02.de https://goliath.telekom-dienste.de webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net s3-eu-west-1.amazonaws.com/dap-prod-dctag/i; media-src 'self' cdn.smarthome.de  *.adform.net *.google.de *.google.com *.gstatic.com *.googlevideo.com *.telekom.de *.youtube-nocookie.com *.ytimg.com lptag.liveperson.net lpcdn.lpsnmedia.net tags-eu.tiqcdn.com fbc.wcfbc.net; frame-src 'self' *.facebook.com *.facebook.net/ *.lo.cobrowse.liveperson.net *.paypal.com *.rfihub.com *.usabilla.com *.youtube-nocookie.com *.youtube.com https://d6tizftlrpuof.cloudfront.net email-telekom.de t23.intelliad.de lptag.liveperson.net server.lon.liveperson.net lpcdn.lpsnmedia.net nuki.io ebs08-stg.telekom.de ebs08.telekom.de shopsuche.telekom.de pay.google.com https://13082755.fls.doubleclick.net https://13081291.fls.doubleclick.net; font-src 'self' cdn.smarthome.de  data: *.gstatic.com *.usabilla.com https://ebs10.telekom.de https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.telekom.de/; connect-src 'self' *.paypal.com *.usabilla.com https://ebs10.telekom.de wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net https://ebs02.telekom.de https://events.contiamo.com *.novalnet.de https://google.com/pay; form-action 'self' *.facebook.net *.facebook.com shopsuche.telekom.de; frame-ancestors 'self' https://pano.framework.tv https://telekom-cafe-ape.framework.tv 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.ads.linkedin.com  *.linkedin.com *.adform.net *.adnxs.com *.mookie1.com stats-bfe.begasoft.ch connect.facebook.net www.google.com www.gstatic.com tachionframework.com www.youtube.com maps.googleapis.com; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app   *.opmnstr.com; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://www.kedgebs-alumni.com/; form-action 'self' https://login.microsoftonline.com/ https://bem.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com   https://ravacan.us.auth0.com/ https://dev.oauth2-tester.netanswer.fr/ https://wats4u.edflex.com/ https://wats4u.edflex.com/auth/realms/109272a6-8002-438a-adb6-11e254a59e26/broker/oidc-kedge-netanswer/endpoint 1
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.telekom-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.t-systems-mms.com *.telekom-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net cdn.podigee.com; connect-src 'self' https: *.t-systems-mms.com *.telekom-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com *.telekom-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com *.telekom-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com reclameland.grafiportal.nl reclamelandstaging.grafiportal.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com *.purechatcdn.com wss://*.purechat.com *.amazonaws.com *.reclameland.nl *.tradetracker.net  *.twitter.com *.optimizely.com *.google.com www.googleadservices.com *.simian.nl office.simian.nl:3030 api.test.beterdrukken.nl; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.trustpilot.com *.google-analytics.com www.googletagmanager.com reclameland.grafiportal.nl reclamelandstaging.grafiportal.nl *.hotjar.io *.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com *.purechatcdn.com wss://*.purechat.com *.amazonaws.com *.reclameland.nl *.tradetracker.net *.twitter.com *.optimizely.com *.google.com www.googleadservices.com *.simian.nl office.simian.nl:3030 api.test.beterdrukken.nl; 1
default-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' blob: data: maps.gstatic.com maps.googleapis.com assets.vercel.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js vitals.vercel-insights.com vercel.live https://maps.googleapis.com https://maps.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com/uc.js maps.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com https://www.google.com https://app.storyblok.com/f/storyblok-v2-latest.js https://www.googletagmanager.com/gtm.js *.googletagmanager.com *.klaviyo.com vercel.live www.gstatic.com; img-src 'self' blob: data: https://maps.googleapis.com https://maps.gstatic.com www.google.de imgsct.cookiebot.com; connect-src 'self' https://consentcdn.cookiebot.com vitals.vercel-insights.com vercel.live https://maps.googleapis.com https://api.postmarkapp.com/email *.analytics.google.com *.doubleclick.net *.google-analytics.com; manifest-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com bms.kienast-gruppe.de 1
frame-ancestors 'self';    default-src 'self' data: https://*.google.co.uk https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com  https://*.typekit.net https://i.icomoon.io https://*.investis.com https://*.umbraco.org https://pbs.twimg.com https://*.vimeo.com https://cdn.cookielaw.org https://*.onetrust.com https://stats.g.doubleclick.net https://www.paperturn-view.com https://www.youtube-nocookie.com https://i.ytimg.com https://i.vimeocdn.com https://*.reciteme.com https://*.glassdoor.com https://*.glassdoor.com.au;    style-src 'self' 'unsafe-inline' https://*.typekit.net https://i.icomoon.io https://*.reciteme.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.investis.com https://cdn.cookielaw.org https://*.onetrust.com https://www.paperturn-view.com https://*.reciteme.com https://*.glassdoor.com https://*.glassdoor.com.au; 1
form-action 'self' https://accounts.google.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d7d10150a82f6c1ae9dab3b293278152'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://*.designcrowd.com.au; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Ap4dQWCjsH5Li7/VDJ2KHTi3w1M0wsTZY3AYnaCUbyxAfBej' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-QJ19BWu6m0MujakhWo+DpWlYHY5lqICWOw623RPQBg1VDHoS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data:; frame-ancestors 'self' https://admin-servsafebrands-com.azurewebsites.net https://ahlei.servsafebrands.com/ https://admin-ahlei.servsafebrands.com/; 1
frame-ancestors * ; upgrade-insecure-requests; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-SrdsX8DlFRhi50ipukXihw44QeIU8NvNZd5/7g2/KIf8VhVW' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 442hz.com spellcheck.442hz.com 1
default-src 'self' *.binomotop.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomotop.com *.binomo.com wss://as.binomotop.com:* wss://as.binomo.com:* wss://ws.binomotop.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomotop.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomotop.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomotop.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomotop.com *.binomo.com 1
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
frame-ancestors https://my.bigcartel.com https://www.bigcartel.com https://bigcartel.com https://*.bc-site-staging.pages.dev http://localhost:3000 1
default-src *.msi.com *.msi.cn  https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.msi.com *.msi.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' 1
default-src 'self';connect-src 'self' www.facebook.com www.cloudflare.com cloudflare.com cdn1.api.trustedshops.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com api.trustbadge.etrusted.com www.google-analytics.com region1.google-analytics.com google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.facebook.com connect.facebook.net www.googleadservices.com www.google.com;font-src 'self' data: widgets.trustedshops.com fonts.gstatic.com;frame-src 'self' www.google.com google.com www.facebook.com *.facebook.com connect.facebook.net bid.g.doubleclick.net;img-src 'self' blob: data: widgets.trustedshops.com www.facebook.com www.google-analytics.com google-analytics.com www.google.com google.com www.google.ch google.ch www.googletagmanager.com ssl.gstatic.com www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.facebook.com *.facebook.net *.fbcdn.net googleads.g.doubleclick.net;manifest-src 'self';script-src 'self' www.google.com google.com www.google-analytics.com region1.google-analytics.com google-analytics.com www.googleadservices.com googleadservices.com googleads.g.doubleclick.net www.gstatic.com gstatic.com widgets.trustedshops.com 'unsafe-inline' www.googletagmanager.com connect.facebook.net 'nonce-d45i213ckkP0NYq7' 'strict-dynamic' tagmanager.google.com ssl.google-analytics.com *.googletagmanager.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com;style-src 'self' 'unsafe-inline' widgets.trustedshops.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com;worker-src 'self';media-src 'self';child-src 'self' *.facebook.com connect.facebook.net;object-src 'none';style-src-elem 'self' 'unsafe-inline' widgets.trustedshops.com;base-uri 'none';form-action 'self' www.facebook.com *.facebook.com connect.facebook.net;frame-ancestors 'self';sandbox allow-same-origin allow-scripts allow-forms allow-downloads allow-popups allow-modals allow-popups-to-escape-sandbox; 1
frame-ancestors 'self' https://devportalpy.mitic.gov.py https://devpagos.mitic.gov.py https://www.paraguay.gov.py https://pagos.paraguay.gov.py http://localhost:4400 http://localhost:3000 *.pagopar.local *.h.local 1
frame-ancestors 'self' https://my.isplicense.ru https://my.isplicense.com 1
default-src 'self' * ws: wss: data: blob:; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * ws: wss:; img-src 'self' data: * http: https:; child-src 'self' * blob:; 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io *.zohocdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io *.trustpilot.com *.zohopublic.com *.zohocdn.com *.zoho.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io *.trustpilot.com *.zohocdn.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io http://*.mmtoolparts.com https://*.mmtoolparts.com https://eadn-wc05-2263099.nxedge.io https://eadn-wc02-8258266.nxedge.io *.zohopublic.com *.zoho.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com landofcoder.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googleadservices.com resources.xg4ken.com cdn.krxd.net up.pixel.ad googleads.g.doubleclick.net consumer.krxd.net beacon.krxd.net facebook.com ajax.googleapis.com 1
media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net/ https://cdn.polyfill.io https://ajax.googleapis.com/ https://www.novods.com https://www.google-analytics.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.novocentral.com https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://assets.pinterest.com/ https://cdnjs.cloudflare.com/ https://maps.googleapis.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' data: blob: *; font-src 'self' data: blob: https://fonts.gstatic.com/ https://novodscloud-production.s3.us-west-2.amazonaws.com/ https://novodscloud-production.s3.us-west-2.amazonaws.com/ https://novodscloud-staging.s3.us-west-2.amazonaws.com/ https://novodscloud-develop.s3.us-west-2.amazonaws.com/; frame-src 'self' https://staticxx.facebook.com/ https://www.facebook.com https://www.youtube.com/ https://api.instagram.com/ https://www.instagram.com/ https://platform.twitter.com/ https://syndication.twitter.com/; connect-src 'self' * 1
frame-ancestors https://app.safe.global 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; object-src 'self'; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; frame-ancestors 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://form.typeform.com/ https://forms.hsforms.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rva.nl *.googletagmanager.com  *.google-analytics.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' data: *.rva.nl; img-src 'self' data: *.rva.nl *.google.com *.google-analytics.com *.gstatic.com *.gravatar.com; connect-src 'self' data: *.google.com; font-src 'self' data: *.rva.nl; media-src 'self' data: *.rva.nl; frame-ancestors 'self'; frame-src 'self' data: *.rva.nl *.youtube.com *.google.com; base-uri 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-WN2J5QwjGX8y2WFiT5PzMg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://mc.yandex.ru https://mc.yandex.md https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://www.zenaps.com https://tpc.googlesyndication.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.yandex.ru https://translate.yandex.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ymetrica1.com https://ampcid.google.ru https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn  https://yastatic.net; form-action 'self' https://www.facebook.com https://www.lookfantastic.ru https://m.lookfantastic.ru https://checkout.lookfantastic.ru https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://mc.yandex.ru https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://yastatic.net https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
img-src 'self' 'unsafe-inline' 'unsafe-eval' data: code.jquery.com  counter.yadro.ru  *.yandex.ru googlesyndication.com *.doubleclick.net  securepubads.g.doubleclick.net yandexadexchange.net  *.googlesyndication.com  *.google-analytics.com counter.rambler.ru *.yandex.net yandex.st *.googletagservices.com *.gstatic.com *.googleapis.com *.googleadservices.com  *.yastatic.net vk.com  *.macromedia.com *.adobe.com;report-uri //cspbuilder.info/report/311663785018026830/; 1
default-src 'unsafe-inline' https: data: filesystem: https://s39307.pcdn.co https://fonts.googleapis.com; script-src 'unsafe-inline' filesystem: s39307.pcdn.co www.googletagmanager.com www.clarity.ms maps.google.com; style-src 'unsafe-inline' filesystem: https://s39307.pcdn.co *.googleapis.com *.bootstrapcdn.com *.gstatic.com; img-src 'self' filesystem: *.pcdn.co *.pressdns.com; font-src 'self' 'unsafe-inline' data: filesystem: *.pcdn.co *.googleapis.com *.gstatic.com *.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' 0921.co.kr *.0921.co.kr 1
block-all-mixed-content; report-uri https://www.11degrees.com/cspReport.txt; 1
block-all-mixed-content; report-uri https://www.11degrees.es/cspReport.txt; 1
block-all-mixed-content; report-uri https://www.11degrees.eu/cspReport.txt; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-lR237sAxVPxPnyKVxxR4Pw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'  http://127.0.0.1:*  data: fonts.googleapis.com localhost 3lines.biz  13.235.122.21  'unsafe-inline';script-src 'self' 'unsafe-inline'  'unsafe-eval' inline_script sdk.cashfree.com code.jquery.com use.fontawesome.com 127.0.0.1:* cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com;font-src fonts.googleapis.com cdn.jsdelivr.net fonts.gstatic.com  3lines.biz 3.111.105.73 'self' use.fontawesome.com 'unsafe-inline';connect-src 'self' wss://ws-ap2.pusher.com  http://127.0.0.1:* 1
default-src  data: wss://*.7777gaming.tech:*  https://*.7777gaming.xyz https://7777gaming.xyz https://*.7777gaming.com 'self' 'unsafe-eval' 'unsafe-inline' https://*.7777gaming.tech https://7777gaming.tech https://www.googletagmanager.com/gtm.js?id=GTM-PLJPRV5; frame-ancestors 'self' https://www.casinoreviews.net/ 1
default-src 'self' https://unpkg.com https://html2canvas.hertzen.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com https://ajax.googleapis.com http://localhost:11100 https://www.dreambizbusinesssolutions.com  e-gramam.in https://dreambizbusinesssolutions.com https://checkout.razorpay.com https://api.razorpay.com https://127.0.0.1:8005 https://localhost:11200 https://rupaymitra.com;        img-src 'self' data:;       script-src 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://html2canvas.hertzen.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com https://ajax.googleapis.com http://netdna.bootstrapcdn.com https://api.razorpay.com https://rupaymitra.com https://www.dreambizbusinesssolutions.com  e-gramam.in https://dreambizbusinesssolutions.com https://uat.aathifpay.com https://checkout.razorpay.com https://corp.aathifpay.com https://manage.aathifpay.com  https://aathifpay.com https://test.aathifpay.com https://cdn.datatables.net https://cdnjs.cloudflare.com http://localhost:11100 https://127.0.0.1:8005 https://localhost:11200;        child-src https://unpkg.com https://html2canvas.hertzen.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com https://api.razorpay.com;style-src-elem 'unsafe-inline' https://ajax.googleapis.com http://netdna.bootstrapcdn.com https://rupaymitra.com https://api.razorpay.com https://www.dreambizbusinesssolutions.com  e-gramam.in https://dreambizbusinesssolutions.com https://fonts.googleapis.com https://uat.aathifpay.com https://checkout.razorpay.com https://corp.aathifpay.com https://manage.aathifpay.com https://aathifpay.com https://test.aathifpay.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com;       style-src https://unpkg.com https://html2canvas.hertzen.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com 'self' 'unsafe-inline' 'unsafe-hashes' https://ajax.googleapis.com http://netdna.bootstrapcdn.com https://api.razorpay.com https://rupaymitra.com https://www.dreambizbusinesssolutions.com  e-gramam.in https://dreambizbusinesssolutions.com https://fonts.googleapis.com https://uat.aathifpay.com https://checkout.razorpay.com https://corp.aathifpay.com https://manage.aathifpay.com https://aathifpay.com https://test.aathifpay.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com;       font-src https://unpkg.com https://html2canvas.hertzen.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com 'self' http://netdna.bootstrapcdn.com https://ajax.googleapis.com https://api.razorpay.com https://fonts.gstatic.com https://rupaymitra.com https://www.dreambizbusinesssolutions.com  e-gramam.in https://dreambizbusinesssolutions.com https://cdnjs.cloudflare.com 1
frame-src 'self' https://www.google.com; object-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' abrazandosudesarrollo.com.mx *.abrazandosudesarrollo.com.mx *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.gigya.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.hexagondata.com *.crwdcntrl.net *.hotjar.com *.hotjar.io *.jsdelivr.net *.krxd.net *.pagespeed-mod.com *.scriptcdn.net *.sharethis.com *.sharethis.mgr.consensu.org *.youtube-nocookie.com *.youtube.com cdnjs.cloudflare.com clousc.com code.jquery.com jsclou.in *.polyfill.io data: blob: wss:; img-src * 'self' 'unsafe-eval' 'unsafe-inline' abrazandosudesarrollo.com.mx *.abrazandosudesarrollo.com.mx *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.gigya.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.hexagondata.com *.hotjar.com *.hotjar.io *.jsdelivr.net *.krxd.net *.pagespeed-mod.com *.scriptcdn.net *.sharethis.com *.sharethis.mgr.consensu.org *.youtube-nocookie.com *.youtube.com cdnjs.cloudflare.com clousc.com code.jquery.com jsclou.in *.polyfill.io data: blob:; 1
font-src *.fontawesome.com https://static.lyra.com/static/ *.gstatic.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.avada.io https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://dam.preprod.absolubike.fr https://dam.absolubike.fr cdn.doofinder.com maps.googleapis.com maps.gstatic.com *.google.com https://www.google.fr https://fonts.gstatic.com https://www.facebook.com https://bat.bing.com *.clarity.ms https://c.bing.com *.imgix.net https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ *.gstatic.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com maps.googleapis.com www.gstatic.com www.google.com *.google.com *.gstatic.com *.facebook.com https://bat.bing.com *.clarity.ms *.axept.io https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.facebook.net *.imgix.net *.googletagmanager.com *.doubleclick.net http://cdn.doofinder.com *.googleapis.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com https://static.lyra.com/static/ *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com maps.googleapis.com https://www.facebook.com *.clarity.ms *.axept.io https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ *.facebook.com *.google-analytics.com *.google.com *.doubleclick.net  http://eu1-search.doofinder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.salesforce.com https://*.force.com 1
frame-src https://www.google.com/ 'self'; frame-ancestors 'self' localhost *.sa.gov.au 1
default-src 'none'; script-src 'self' *.acev.fi 'unsafe-inline' https://www.googletagmanager.com; connect-src 'self' blob: https://www.google-analytics.com; img-src 'self' *.acev.fi data: blob: *.openstreetmap.org www.googletagmanager.com https://www.google-analytics.com; style-src 'self' *.acev.fi 'unsafe-inline'; frame-src 'self' *.acev.fi; child-src 'self' *.acev.fi; frame-ancestors 'self' *.acev.fi; object-src 'self' *.acev.fi; manifest-src 'self' *.acev.fi; media-src 'self' *.acev.fi; font-src 'self' *.acev.fi; 1
default-src 'self' https://prod.dsarsa.com https://fra1.digitaloceanspaces.com https://ikfasw.com https://livechat-window.ssg-testing.workers.dev;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io   https://cdnjs.cloudflare.com https://fpjscdn.net https://fpnpmcdn.net https://cdnjs.com https://cdn.jsdelivr.net;font-src fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net fonts.googleapis.com;img-src 'self' https://fra1.digitaloceanspaces.com data: blob:;connect-src 'self' plausible.io https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://fp.acoin.co.za https://*.fptls.com https://*.fptls2.com https://api.fpjs.io https://*.api.fpjs.io wss: 1
script-src 'nonce-4e31vfecc30080he543raydbe7ea78eoai3t' 'strict-dynamic' 'unsafe-eval'; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; frame-ancestors 'self'; 1
frame-ancestors 'self' adaro.com www.adaro.com 1
default-src 'self' *.facebook.com sibautomation.com connect.facebook.net *.google.com *.youtube-nocookie.com *.woowup.com *.youtube.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com connect.facebook.net onesignal.com cdnjs.cloudflare.com uicdn.toast.com *.googleapis.com *.gstatic.com data:; script-src 'self' 'unsafe-eval' *.woowup.com connect.facebook.net googleads.g.doubleclick.net *.googleadservices.com cdn.onesignal.com onesignal.com sibautomation.com connect.facebook.net code.jquery.com uicdn.toast.com blueimp.github.io *.gstatic.com *.googleapis.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.google.com cdnjs.cloudflare.com 'unsafe-inline' data:; connect-src 'self' tracking.woowup.com in-automate.brevo.com connect.facebook.net onesignal.com stats.g.doubleclick.net in-automate.sendinblue.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com data:; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gstatic.com data:; frame-ancestors 'self'; img-src 'self' * data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.prontoavenue.biz/ https://code.jquery.com https://www.vision6.com.au https://s7.addthis.com https://v1.addthisedge.com https://ajax.googleapis.com https://api-public.addthis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com http://code.jquery.com https://m.addthis.com http://maxcdn.bootstrapcdn.com https://z.moatads.com https://test.payment.securepay.com.au https://advancetraders.cloud https://www.youtube.com https://advancetradershelp.zendesk.com https://static.zdassets.com https://vimeo.com https://erk.zdassets.com https://app-sandbox.paydock.com https://www.bugherd.com https://documentation.prontoavenue.biz https://secure.ewaypayments.com https://secure-au.sandbox.ewaypayments.com https://www.gstatic.com https://www.google.com https://encrypted-tbn0.gstatic.com https://fonts.gstatic.com https://t.labs.au.edge.zip.co https://maps.google.com https://maps.googleapis.com https://assets.pinterest.com https://wpp-test.wirecard.com https://api.sandbox.zipmoney.com.au https://js.datadome.co https://zip-indigo-api.prod.au.edge.zip.co https://static.zipmoney.com.au https://my.sandbox.zipmoney.com.au https://account.sandbox.zipmoney.com.au https://api.zipmoney.com.au https://payment.securepay.com.au https://www.googletagmanager.com https://analytics.google.com https://ekr.zdassets.com https://connect.facebook.net; img-src * data: 1
default-src 'self' http: https: data: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wisepops.net *.clarity.ms *.wisepops.net *.cdn.wisepops.com *.loader.wisepops.com *.cdn.wisepops.net *.heatmap.it *.wisepops.com https://chimpstatic.com *.boxnow.gr https://api.livechatinc.com https://greca.adman.gr https://cdn.livechatinc.com https://ajax.googleapis.com https://static.adman.gr https://player.vimeo.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://googleads.g.doubleclick.net *.clarity.ms *.cdn.wisepops.net *.assets.wisepops.net *.cdn.wisepops.com *.googletagmanager.com https://player.vimeo.com https://i.vimeocdn.com/video/  *.vimeo.com *.heatmap.it *.livechat-files.com *.wisepops.com https://greca-obj.adman.gr https://www.aesthet.com https://aesthetnew.staginglh.com https://local.aesthetnew.gr https://aesthetnew.test.devlh.com https://aesthet.com *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://cdn.livechatinc.com https://fonts.gstatic.com; connect-src 'self' *.clarity.ms *.aesthet.com *.wisepops.com https://wisepops.net *.app.getwisp.co *.tracking.wisepops.com https://wisepops.net/my-wisepop *.wisepops.net *.activity.wisepops.com *.popup.wisepops.com *.google.com https://cdn.livechatinc.com *.googlesyndication.com https://api.livechatinc.com https://vimeo.com https://greca.adman.gr wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self' 1
default-src 'unsafe-inline' https://*.sitescout.com *.sitescout.com  http://pixel.mathtag.com *.mathtag.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.weborama.fr *.cloudfront.net *.amazonaws.com https://code.jivosite.com https://node-ya-8.jivosite.com  https://futureistech.io;     style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com  https://t.womtp.com *.womtp.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com unpkg.com *.uinterbox.com *.clinicabaviera.com *.adeslas.es *.cesce.es *.housell.com ofertasexclusivas.es *.ahorraconrepsol.com *.cloudfront.net *.amazonaws.com *.googleapis.com *.cloudfront.net *.amazonaws.com *.t2omedia.com ahorraluzconviesgo.com *.walmeric.com *.repsol.com ahorraconrepsol.com *.google.com *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com *.thyngster.com *.analytics-debugger.com https://code.jivosite.com  https://widget.trustpilot.com https://node-ya-8.jivosite.com  https://futureistech.io;     script-src 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://*.cookiebot.com/uc.js https://consent.cookiebot.com/32ef1922-c658-40a5-b5f4-19b7f8d381bb/cd.js https://*.sitescout.com *.sitescout.com   https://optimize.google.com http://bs.serving-sys.com *.serving-sys.com  http://pixel.mathtag.com *.mathtag.com http://tpc.googlesyndication.com *.googlesyndication.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.ip-api.com/ https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com 'unsafe-eval' https://*.uinterbox.com http://*.uinterbox.com  http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.adform.net *.exelator.com *.teads.tv *.citiservi.es *.rfihub.com *.clinicabaviera.com *.claud-ia.com *.rfihub.net *.google.es *.adeslas.es *.ahorraconrepsol.com *.housell.com *.criteo.com *.cesce.es *.pardot.com unpkg.com *.hotjar.com *.taboola.com *.outbrain.com *.quora.com *.criteo.net *.yahoo.com *.linkedin.com *.usemessages.com *.hs-analytics.net ofertasexclusivas.es *.cloudflare.com *.adrcdn.com *.jquery.com *.googleapis.com *.gstatic.com *.weborama.fr *.googletagmanager.com *.google-analytics.com *.t2omedia.com *.womtp.com *.walmeric.com *.apigurus.com *.tiqcdn.com *.hs-scripts.com *.licdn.com *.yimg.com *.repsol.com *.googleadservices.com *.doubleclick.net ahorraconrepsol.com *.facebook.net *.bing.com *.serving-sys.com *.google.com *.cloudfront.net *.jsdelivr.net *.bootstrapcdn.com *.ads-twitter.com *.twitter.com *.sunmedia.tv *.adnxs.com *.hs-banner.com ofertas.adamo.es www.energiaathleticpetronor.com *.cloudflareinsights.com *.infinity-tracking.net *.krxd.net *.cookielaw.org *.aklamio.com *.thyngster.com *.analytics-debugger.com *.pinimg.com *.distribuidoresfiatchrysler.com *.ditalbots.info *.tiktok.com *.seguroaxa.com.mx seguroaxa.com.mx *.presage.io *.clarity.ms *.googleoptimize.com *.cookielaw.org *.krxd.net *.tibolario *.pixel.ad *.repsol.pt *.aklamio.com *.cdn.cookielaw.org https://www.googleoptimize.com http://www.repsol.pt/PT/scripts/scripts/cookiebot/* https://dynamic.cempeducation.com/ https://www.youtube.com https://code.jivosite.com https://c.amazon-adsystem.com/aat/  https://widget.trustpilot.com https://node-ya-8.jivosite.com https://assets.adobedtm.com https://s.kmtx.io https://tr.outbrain.com https://futureistech.io;     frame-src data: 'self' https://www.google.com http://www.google.com https://*.sitescout.com *.sitescout.com   https://optimize.google.com http://pixel.mathtag.com *.mathtag.com http://tpc.googlesyndication.com *.googlesyndication.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com https://www.googletagmanager.com/ https://antevenio-es.com/ *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com  http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.facebook.com *.exelator.com *.criteo.net *.uinterbox.com *.go2cloud.org *.adstrategysites.com *.youtube.com ofertasexclusivas.es *.tradedoubler.com *.rfihub.com *.criteo.com *.hotjar.com *.amazon-adsystem.com *.cloudfront.net *.amazonaws.com *.weborama.fr *.womtp.com *.doubleclick.net z0euw1csapp002.azurewebsites.net ahorraconrepsol.com *.cookiebot.com *.adform.net *.krxd.net *.aklamio.com *.tibolario.com *.twitter.com https://widget.trustpilot.com  https://futureistech.io https://forms-eu1.hsforms.com;     connect-src 'self' *.yimg.com https://s.yimg.com https://*.sitescout.com *.sitescout.com   wss://ws4.hotjar.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.hotjar.io 35.181.92.51:8555 *.repsol.com *.t2omedia.com https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.claud-ia.com *.hotjar.com *.promocionesexclusivas.es *.housell.com *.doubleclick.net *.taboola.com *.hubspot.com *.cloudfront.net *.amazonaws.com *.t2omedia.com *.google-analytics.com *.indigitall.com *.googlesyndication.com *.google.com secure-ds.serving-sys.com cdn.cookielaw.org ofertas.adamo.es *.infinity-tracking.net *.d1skycrvs9ubse.cloudfront.net *.pinterest.com http://pre.connectors.service.t2omedia.com *.cookiebot.com *.teads.tv *.ditalbots.info *.tiktok.com *.clarity.ms *.onetrust.com *.tibolario.com *.bing.com *.krxd.net *.serving-sys.com *.google-analytics.com *.analytics.google.com repsol.tt.omtrdc.net mboxedge37.tt.omtrdc.net https://code.jivosite.com  https://node-ya17.jivosite.com wss://vi-ya-6.jivosite.com https://telemetry.jivosite.com https://maps.googleapis.com/maps/api/ https://node-ya-8.jivosite.com https://adobedc.demdex.net https://dc.repsol.es https://t.kmtx.io https://tr.outbrain.com https://dc.luzygas.ahorraconrepsol.com https://futureistech.io https://forms-eu1.hsforms.com;     img-src https://*.across.it https://*.neatpowr.com https://*.sitescout.com *.sitescout.com https://*.paisajellanero.com http://*.paisajellanero.com *.paisajellanero.com https://optimize.google.com http://pixel.mathtag.com *.mathtag.com http://affiliation.datawork.fr *.datawork.fr *.afilead.com  https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.antevenio-es.com https://antevenio-es.com http://antevenio-es.com *.ofertasexclusivas.es http://ofertasexclusivas.es https://ofertasexclusivas.es http://ofertasexclusivas.es *.tradedoubler.com *.atdmt.com *.coproit.com 'self'     blob: data: https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.adnxs.com *.exelator.com *.teads.tv *.googletagmanager.com  *.googleapis.com *.claud-ia.com *.taboola.com *.quora.com *.outbrain.com *.housell.com *.hubspot.com *.omtrdc.net *.cloudfront.net *.amazonaws.com *.weborama.fr *.google-analytics.com *.doubleclick.net *.google.com *.google.es *.womtp.com *.walmeric.com *.weborama.com *.t2omedia.com ahorraconrepsol.com  *.yahoo.com *.facebook.com *.bing.com *.gstatic.com https://t.co https://indigitall-cdn.com *.indigitall-cdn.com *.googleusercontent.com *.googlesyndication.com *.smartadserver.com t.co *.addoor.net *.krxd.net *.aklamio.com *.pinterest.com *.clarity.ms *.presage.io *.cookielaw.org *.tibolario.com *.zemanta.com *.fabricadepremios.com *.google-analytics.com *.analytics.google.com *.linkedin.com *.inlsuccess.com *.twitter.com https://code.jivosite.com https://node-ya-8.jivosite.com https://futureistech.io https://forms-eu1.hsforms.com https://imgsct.cookiebot.com;     font-src data: https://*.sitescout.com *.sitescout.com    https://fonts.gstatic.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com http://*.feebbo-adserver.com  *.uinterbox.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.t2omedia.com *.cloudflare.com *.repsol.com ahorraconrepsol.com *.fontawesome.com *.bootstrapcdn.com https://futureistech.io; 1
default-src 'self'; frame-src 'self' www.google.com www.gstatic.com; form-action 'self'; object-src 'none'; base-uri 'self'; style-src 'self'; connect-src 'self'; script-src 'nonce-hT784C3R1FQH' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.addtoany.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/ https://unpkg.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ ; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com.my/ads/ga-audiences https://i.ytimg.com/ data:;; frame-src https://players.brightcove.net/ https://www.jobstreet.com.my/ https://www.youtube.com/ https://static.addtoany.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/; report-uri /report-csp-violation 1
worker-src 'self' blob:; child-src * blob: gap:; img-src 'self' https://maps.gstatic.com/ https://www.googletagmanager.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.google.ae/ https://fonts.gstatic.com/ https://www.gstatic.com/ https://maps.googleapis.com https://img.youtube.com https://mindrocketsinc.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.youtube.com https://cdn.mindrocketsapis.com blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
'self' www.aksandik.org 1
report-uri https://albadrsales.com 1
script-src 'self' https://*.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; connect-src 'self' data:; style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.alkemmarketplace.in; object-src https://api.alkemmarketplace.in; img-src 'self' blob: data: https://api.alkemmarketplace.in https://apptestadmin.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; worker-src blob: https://api.alkemmarketplace.in; 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.alleatiperlasalute.it/report-uri/enforce 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-1ACC58F46156908D984D742939148DFF' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-1ACC58F46156908D984D742939148DFF'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.alleenstaande-mamas.nl/API/Site/CspReport 1
frame-ancestors 'self' allsaints.co.kr *.allsaints.co.kr 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com v2.zopim.com *.gstatic.com *.typekit.net *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.google.ro *.hotjar.com data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sendsms.ro *.recaptcha.net *.googletagmanager.com *.compari.ro *.amasty.com *.euplatesc.ro *.gstatic.com *.facebook.com *.google.ro 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.retargeting.app *.retargeting.biz *.googlesyndication.com *.googletagmanager.com *.compari.ro *.euplatesc.ro *.amasty.com *.demdex.net *.gstatic.com *.google.com *.google.ro *.facebook.com *.hotjar.com *.doubleclick.net data: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com facebook.com google.com *.google.com *.google.ro google.ro *.retargeting.app maps.gstatic.com *.veinteractive.com *.ambra-bijuterii.ro v2.zopim.com *.mobilpay.ro *.klarna.com *.retargeting.biz meetanshi.com *.recaptcha.net *.compari.ro *.euplatesc.ro *.amasty.com *.algolia.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.facebook.net cdn.jsdelivr.net *.cloudflare.com *.googleadservices.com *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app googleads.g.doubleclick.net *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.ambra-bijuterii.ro *.zdassets.com v2.zopim.com *.zopim.com widget-mediator.zopim.com *.mobilpay.ro ambra-bijuterii.zendesk.com *.smartlook.com *.smartlook.cloud *.getsmartlook.com *.kissmetrics.com *.arukereso.hu *.arukereso.com *.googlesyndication.com *.recaptcha.net *.googletagmanager.com *.compari.ro *.amasty.com *.cloudflareinsights.com *.euplatesc.ro *.cloudflare.com *.cloudfront.net *.google-analytics.com *.gstatic.com data: *.google.com *.google.ro *.googleapis.com *.googleadservices.com *.mailchimp.com *.fontawesome.com *.facebook.com *.facebook.net cdn.jsdelivr.net *.googleoptimize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app checkout.buckaroo.nl *.mailchimp.com cdn.jsdelivr.net *.gstatic.com *.yotpo.com *.googleapis.com *.getfirebug.com *.google.com *.google.ro *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com data: 'self' 'unsafe-inline'; object-src *.euplatesc.ro *.compari.ro *.amasty.com *.gstatic.com *.facebook.com data: *.google.ro 'self' 'unsafe-inline'; media-src *.adobe.com *.sendsms.ro *.ambra-bijuterii.ro *.retargeting.app *.retargeting.biz ambra-bijuterii.zendesk.com static.zdassets.com *.recaptcha.net *.compari.ro *.amasty.com *.algolia.com *.demdex.net *.euplatesc.ro *.google.ro *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com tracking.retargeting.biz tracking.retargeting.app *.retargeting.biz *.retargeting.app *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ambra-bijuterii.ro *.zdassets.com wss://widget-mediator.zopim.com v2.zopim.com *.zopim.com *.mobilpay.ro ambra-bijuterii.zendesk.com assets.adobedtm.com *.adobe.com *.smartlook.com *.smartlook.cloud *.getsmartlook.com *.kissmetrics.com *.cloudfront.net *.recaptcha.net *.googletagmanager.com *.compari.ro *.amasty.com *.euplatesc.ro *.cloudflareinsights.com *.magento.com *.sendinblue.com *.gstatic.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googlesyndication.com *.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rzetelnyregulamin.pl  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.mailerlite.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.google.com https://googleads.g.doubleclick.net http://www.googleadservices.com *.twitter.com *.syndication.twimg.com *.twimg.com https://syndication.twitter.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.rzetelnyregulamin.pl  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.mailerlite.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.google.com https://googleads.g.doubleclick.net http://www.googleadservices.com *.twitter.com *.syndication.twimg.com *.twimg.com https://syndication.twitter.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
frame-ancestors 'self' www.amway.com.au www.amway.co.nz www.amway.com.vn www.amway.my www.amway.sg www.amway.com.bn www.amway.com.ph admin.amway.my admin.amway.sg admin.amway.com.bn 1
object-src 'self'; frame-ancestors 'none' 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.geocom.com.uy:9443 *.geocom.com.uy 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.wikimedia.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://devdocs.magento.com https://magento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://www.googletagmanager.com tagmanager.google.com *.adobedtm.com *.growecommerce.uy https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://devdocs.magento.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://s318850998.onlinehome.fr http://*.rentiles.fr https://*.rentiles.fr http://images.google.fr https://images.google.fr http://hotels.ile-delareunion.com http://www.ile-delareunion.com http://ile-delareunion.com http://www.hotels.ile-delareunion.com http://www.iledelareunion.net http://www.reunion-hebergements.com http://reunion-hebergements.com https://www.reunion-hebergements.com https://reunion-hebergements.com https://m.facebook.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://*.fbcdn.net http://www.kayak.fr http://kayak.fr https://www.kayak.fr https://kayak.fr 1
default-src 'self';  style-src 'self' https://client.crisp.chat 'unsafe-inline'; script-src 'self' https://connect.facebook.net  https://www.google-analytics.com    ajax.googleapis.com https://www.googletagmanager.com https://client.crisp.chat/l.js https://client.crisp.chat/static/javascripts/client.js https://client.crisp.chat 'unsafe-inline' 'unsafe-eval';  media-src *; img-src *  'self' data: https:;  font-src 'self' https://client.crisp.chat;connect-src 'self' wss://client.relay.crisp.chat  https://client.crisp.chat https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com ;frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://drive.google.com/ https://www.google.com/; 1
frame-ancestors https://aovivohd.net/ https://detran-br.com/ https://onlinetvhd.net/ https://fotodicas.com/ https://tvdicas.com/ https://search.google.com/ https://apis.google.com 1
geolocation 'self'; iframe-src 'self' 'unsafe-inline' https://maps.google.com/* 1
report-uri https://gate.rapidsec.net/g/r/csp/305c30b0-70f9-4d81-b14c-736bb9b1e1c6/-1/-1/3?sct=182ca942-07ab-48b1-a4cb-9c0083716304&dpos=report;base-uri 'self';block-all-mixed-content;connect-src 'self' https://www.google-analytics.com https://sentry.io https://www.facebook.com https://o112325.ingest.sentry.io https://*.algolianet.com https://*.algolia.net https://stats.g.doubleclick.net *.doubleclick.net *.google.com www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com *.googlesyndication.com www.googletagservices.com about:;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com;form-action 'self' https://www.facebook.com *.google.com *.monri.com;frame-src 'self' *.google.com https://www.facebook.com https://saltcdn2.googleapis.com https://www.googletagmanager.com *.doubleclick.net *.googlesyndication.com;img-src 'self' https://cdn.apotekaviva24.ba data: https://www.google.com https://www.google.de https://www.google.co.in https://www.google.rs/ https://www.google.ba https://www.google.hr https://viva-prod.s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://www.facebook.com https://www.googletagmanager.com https://static.xx.fbcdn.net https://connect.facebook.net https://googleads.g.doubleclick.net;manifest-src 'self';media-src 'self' dai.google.com;object-src 'self' *.googlesyndication.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.google-analytics.com http://tagmanager.google.com https://use.fontawesome.com https://connect.facebook.net https://saltcdn2.googleapis.com https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googletagmanager.com https://translate.googleapis.com https://translate.google.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.googletagmanager.com translate.googleapis.com 1
frame-ancestors 'self' https://*.apple.com; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles accanada.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.weglot.com cdn-api-weglot.com  adservice.google.com manage.kmail-lists.com www.google.com stats.g.doubleclick.net www.googletagmanager.com www.aprilcornell.ca; default-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' accanada.commercev3.com s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com static3.avast.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com *.pinterest.com www.google.com platform.twitter.com  view.publitas.com web.facebook.com www.youtube.com *.googlesyndication.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com ct.pinterest.com syndication.twitter.com log.pinterest.com  www.google.ca www.google.at res.cloudinary.com googleads.g.doubleclick.net adservice.google.com www.google.com www.google.ca www.gstatic.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com weglot.com www.datadoghq-browser-agent.com assets.pinterest.com  secure.comodo.com weglot.com view.publitas.com weglot.com *.weglot.com tpc.googlesyndication.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com weglot.com www.datadoghq-browser-agent.com assets.pinterest.com  secure.comodo.com weglot.com view.publitas.com weglot.com *.weglot.com tpc.googlesyndication.com; style-src 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.weglot.com; style-src-elem 'self' s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.weglot.com; style-src-attr  'unsafe-inline'; media-src 'self' accanada.commercev3.com s3.amazonaws.com/cdn.aprilcornell.ca/ cdn.commercev3.net/cdn.aprilcornell.ca/ cdn.aprilcornell.ca www.bing.com; 1
default-src 'self';  style-src 'self' https://embed.tawk.to https://client.crisp.chat 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net https://embed.tawk.to https://connect.facebook.net  https://www.google-analytics.com    ajax.googleapis.com https://www.googletagmanager.com https://client.crisp.chat/l.js https://client.crisp.chat/static/javascripts/client.js https://client.crisp.chat 'unsafe-inline' 'unsafe-eval';  media-src *; img-src *  'self' data: https:;  font-src 'self' https://client.crisp.chat https://embed.tawk.to;connect-src * 'self' wss://client.relay.crisp.chat  https://client.crisp.chat https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://va.tawk.to wss://vsa39.tawk.to wss://vsa67.tawk.to wss://vsa51.tawk.to;frame-src 'self' https://www.facebook.com/ https://www.youtube.com/ https://drive.google.com/ https://www.google.com/; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.paypalobjects.com; object-src 'none'; connect-src 'self' https://*.paypalobjects.com; font-src 'self'; frame-src 'self'; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self'; form-action https://www.aranycsillag.net https://www.paypal.com; 1
default-src *; img-src * 'self' data: https: blob:; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' self; worker-src 'self' blob: 'self'; object-src 'none'; frame-src * data: blob:; child-src * data: blob:; style-src * 'self' 'unsafe-inline' self 1
upgrade-insecure-requests; frame-ancestors  http://webvisor.com https://www.arispirlanta.com 1
frame-src 'self' 'unsafe-inline' https://my.matterport.com https://player.vimeo.com https://app.retino.com *.mapy.cz *.dhl.com *.ppl.cz *.dpd.cz *.cpost.cz *.zasilkovna.cz *.cloudflare.com *.dratene-kosiky.cz *.heureka.sk *.youtube.com *.youtu.be *.foxentry.cz *.packeta.com *.geoapify.net *.heureka.cz *.facebook.com *.imedia.cz *.zbozi.cz *.google.com *.n1ed.com *.doubleclick.net *.googlesyndication.com 1
frame-ancestors 'self' https://artyferia.pl https://artyferia.pl:3000 1
default-src 'none'; form-action 'self'; frame-ancestors 'self'; style-src 'self' 'nonce-+trAhZZs/wnZafnB05gHIp/KRzD/b53DA5x/K6LBEW28AaZmEkzGjMmO8WbLygjJmpdPSu06c3yIvgTQJq7ITA==' https://dms5yp4uuu488.cloudfront.net/; script-src 'self' 'nonce-+trAhZZs/wnZafnB05gHIp/KRzD/b53DA5x/K6LBEW28AaZmEkzGjMmO8WbLygjJmpdPSu06c3yIvgTQJq7ITA==' https://www.google-analytics.com https://www.googletagmanager.com https://static.line-scdn.net https://dms5yp4uuu488.cloudfront.net/; frame-src 'self' https://dms5yp4uuu488.cloudfront.net/; img-src 'self' data: https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/; worker-src 'self' blob:; font-src 'self' https://dms5yp4uuu488.cloudfront.net/; connect-src 'self' https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/ https://stats.g.doubleclick.net/; media-src 'self' https://dms5yp4uuu488.cloudfront.net/; child-src 'self' blob:; block-all-mixed-content; 1
default-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https://*.algo.website; manifest-src 'self'; img-src 'self' data: https://www.asastats.com/; script-src 'self' 'unsafe-inline'; font-src fonts.gstatic.com; style-src 'self' fonts.googleapis.com; frame-src https://www.youtube.com/; object-src 'none'  1
style-src 'self' 'unsafe-inline'  https://ka-p.fontawesome.com https://960linux.com https://maxcdn.bootstrapcdn.com  https://kit.fontawesome.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://shield.sitelock.com/shield/aseguradorasolidaria.com.co  https://www.youtube.com https://use.fontawesome.com/releases/v5.1.0/css/all.css https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css  https://ajax.googleapis.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googletagmanager.com; child-src 'self' *.facebook.com connect.facebook.net  www.googletagmanager.com https://chat.solidariaautos.com/ https://soliarriendo.aseguradorasolidaria.com.co/mapa https://960tools.com.co/; script-src  'self' 'unsafe-inline'  'unsafe-eval' https://960linux.com  https://www.youtube.com https://shield.sitelock.com/shield/aseguradorasolidaria.com.co https://ajax.googleapis.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://cdn.sitesearch360.com  https://graph.facebook.com  https://google-analytics.com  https://googletagmanager.com https://soliarriendo.aseguradorasolidaria.com.co/mapa https://960tools.com.co/  https://js.facebook.com  https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://youtube.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; frame-ancestors 'self'; frame-src  'self' seguros.likesolidaria.com.co *.youtube.com  www.aseguradorasolidaria.com.co aseguradorasolidaria.com.co chat.solidariaautos.com  960tools.com.co soliarriendo.aseguradorasolidaria.com.co www.youtube-nocookie.com;  1
default-src 'self' fonts.gstatic.com  stats.g.doubleclick.net *.maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' nationstrustbankplc.gateway.mastercard.com test-nationstrustbankplc.mtf.gateway.mastercard.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com gpcbh.gateway.mastercard.com code.jquery.com *.googleadservices.com *.googleads.g.doubleclick.net maps.googleapis.com maps.google.com googleadservices.com ajax.googleapis.com platform.linkedin.com *.facebook.com connect.facebook.net platform.twitter.com *.google-analytics.com *.googletagmanager.com *.google.lk *.google.com *.gstatic.com; frame-src ' self ' *.platform.twitter.com * frame.doc.lk *.youtube.com *.facebook.com *.google.com; img-src 'self' maps.gstatic.com *.twitter.com  *.google-analytics.com *.googleapis.com *.google.lk *.google.com *.facebook.com code.jquery.com *.ggpht  data: https:; frame-ancestors 'self'; 1
default-src 'self' https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com 'unsafe-eval'; connect-src * 'self' ws://ds.asort.com wss://ds.asort.com https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com; img-src * 'self' data: https: https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com; style-src 'self' 'unsafe-inline' https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com; font-src 'self' https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.googleusercontent.com https://*.cdninstagram.com data: https://assets.reactioncommerce.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://enginex.kadira.io https://*.asort.com https://*.amazonaws.com https://*.rtschannel.com https://*.freshchat.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://stats.g.doubleclick.net/r/collect* https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ytimg.com https://*.gravatar.com https://player.vimeo.com https://player.vimeo.com/api/player.js https://*.googleadservices.com/pagead/conversion_async.js blob: https://*.razorpay.com; 1
default-src 'self' *.asst-pavia.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdn.ckeditor.com *.asst-pavia.it; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.ckeditor.com *.asst-pavia.it; img-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ckeditor.com *.asst-pavia.it; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com; connect-src 'self' 'unsafe-inline' www.google-analytics.com *.asst-pavia.it; report-uri /report-csp-violation 1
report-uri https://astel.ir 1
frame-ancestors https://*.astroica.com; 1
frame-ancestors 'self' *.asokodit.fi; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self' https://*.paysera.com; base-uri 'none'; frame-ancestors https://athletics.lv; object-src https://athletics.lv https://i.athletics.lv https://test.athletics.lv 1
script-src 'self' 'unsafe-inline' *.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com; object-src 'none'; base-uri 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; media-src https: data:; 1
img-src 'self' data: https://www.backmarket.co.kr/ 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src https: blob:; connect-src https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: rec.smartlook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net cookies.praguebest.cz; style-src 'self' 'unsafe-inline' widget-v3.smartsuppcdn.com *.google.com fonts.googleapis.com ajax.googleapis.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com cdn.foxentry.cz *.mapy.cz cookies.praguebest.cz www.googletagmanager.com cdn.upsearch.cz cdn2.upsearch.cz; object-src 'self'; img-src 'self' https: data: https://www.google-analytics.com *.gstatic.com; font-src https: data: widget-v3.smartsuppcdn.com *.gstatic.com; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://balshop.report-uri.com/r/d/csp/enforce 1
default-src https://maps.googleapis.com/ https://m.clarity.ms https://www.clarity.ms https://analytics.google.com/ https://stats.g.doubleclick.net/ www.google-analytics.com 'self' https://apify-private.epayco.co https://secure.epayco.co; img-src https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com.co/ https://www.google.com/ https://googleads.g.doubleclick.net/ www.google-analytics.com www.gstatic.com 'self' data: https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/; script-src 'self' https://maps.googleapis.com/ https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.clarity.ms https://www.googletagmanager.com http://www.google.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://checkout.epayco.co 'unsafe-inline' 'unsafe-eval' https://unpkg.com/; style-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ 'unsafe-inline' fonts.googleapis.com https://unpkg.com/; frame-src https://www.google.com/recaptcha/ 'self' https://www.youtube.com/ https://checkout.epayco.co https://apify-private.epayco.co https://secure.epayco.co; frame-ancestors 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; font-src 'self' https://fonts.gstatic.com/; object-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	        https://www.google.com 	        https://ajax.googleapis.com 	        https://www.google-analytics.com 	        https://www.googletagmanager.com 		https://www.googleadservices.com 	        https://use.fontawesome.com/ 	        https://cdnjs.cloudflare.com/                 https://googleads.g.doubleclick.net 	        https://maxcdn.bootstrapcdn.com 		https://browser.sentry-cdn.com 		https://4user.yeskey.or.kr 		https://svc2cdn.minwise.co.kr 		https://svc2cdn.hectoinnovation.co.kr 		https://public-common-sdk.s3.ap-northeast-2.amazonaws.com 		https://rum.beusable.net 		https://cdn.flarelane.com 		https://tenping.kr 		https://script.beusable.net;	    frame-ancestors 'self' 1
font-src *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com https://ipg.monri.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com https://www.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com *.avada.io *.googleapis.com *.gstatic.com *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com https://get.geojs.io *.avada.io *.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.google.com/maps/embed/v1/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl *.socialsmart.tv *.plyr.io *.jsdelivr.net 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://*.bat-czecom2022.cz https://*.salesforceliveagent.com https://*.salesforce-sites.com; frame-ancestors 'self'; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.bat-czecom2022.cz https://ssapi.velo.com https://cdn.cookielaw.org https://tagmanager.google.com https://*.sentry.io https://*.onetrust.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.adform.net https://*.facebook.com https://*.facebook.net https://*.mathtag.com https://*.contentsquare.net https://*.youtube.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.google.cz https://*.google.co.uk https://*.google.com.pk https://*.google.pl https://*.google.nl https://*.google.com.ng https://*.google.com.hk https://*.google.fr https://*.google.es https://*.google.de https://*.google.co.in https://*.google.com.eg https://*.google.co.kr https://*.google.com.au https://*.google.com.br https://*.google.ie https://*.google.com.np https://*.google.it https://*.google.com.sa https://*.google.com.et https://*.google.co.il https://*.google.co.th https://*.google.com.co https://*.google.com.tw https://*.google.com.ph https://*.google.com.my https://*.google.com.bd https://*.google.se https://*.google.com.ua https://*.google.com.gh https://*.tt.omtrdc.net https://*.adobedtm.com https://britishamericansharedservicesgsdlimited.d3.sc.omtrdc.net; 1
frame-ancestors 'self' bbocute.com *.bbocute.com 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-L3FrOUw1NEVLb2lvbVZ3VkdWQUoxUUF4bEhXU0hHNk8ydjM2RUs4TmxiOD06aHVGdlk5cGVST1BnemkwbGZoTmNzbEVENFRLa1RTdkhxTGFWVnRoZm8rVT0=' blob:;script-src-elem 'strict-dynamic' 'nonce-L3FrOUw1NEVLb2lvbVZ3VkdWQUoxUUF4bEhXU0hHNk8ydjM2RUs4TmxiOD06aHVGdlk5cGVST1BnemkwbGZoTmNzbEVENFRLa1RTdkhxTGFWVnRoZm8rVT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org https://nc.welchmeadows.com;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self' nc: https://nc.welchmeadows.com;child-src blob: 'self';frame-ancestors 'self' https://nc.welchmeadows.com;worker-src blob: 'self';form-action 'self' https://nc.welchmeadows.com 1
font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com https://www.beo-car.rs https://beo-car.rs data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com https://www.facebook.com https://www.beo-car.rs https://beo-car.rs https://bib.eway2pay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com https://www.facebook.com https://www.beo-car.rs https://beo-car.rs *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io portal.bulkgate.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com *.b-cdn.net https://beocar.b-cdn.net https://www.beo-car.rs https://beo-car.rs data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ portal.bulkgate.com *.gstatic.com *.avada.io *.googleapis.com *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.beo-car.rs https://beo-car.rs *.hotjar.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com portal.bulkgate.com *.gstatic.com *.fontawesome.com *.googleapis.com https://www.beo-car.rs https://beo-car.rs tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.b-cdn.net https://beocar.b-cdn.net https://www.beo-car.rs https://beo-car.rs 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com portal.bulkgate.com *.gstatic.com https://get.geojs.io *.avada.io *.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.beo-car.rs https://beo-car.rs *.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 1
frame-ancestors 'self' *.berriabikes.com berriabikes.com 1
default-src 'self' *.besteloverzicht.nl; script-src 'self' 'nonce-zbX+n8uKOEhqFdpqq04uahoCAEpIEIbBcEQu0IWuAJs=' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline'; frame-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl; img-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com; frame-ancestors 'self'; connect-src 'self' *.besteloverzicht.nl *.besteloverzicht.dv https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
worker-src blob:; child-src blob: gap:; media-src * data: blob: 'unsafe-inline'; default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' fp.bets4.org socket.bets4.info https://fpcdn.io twitch.tv steamcommunity.com connect.facebook.net cdn.onesignal.com onesignal.com ajax.googleapis.com steampowered.com liveinternet.ru counter.yadro.ru Login4PRO.com steamcommunity.com player.twitch.tv cdnjs.cloudflare.com rawgit.com cdn.datatables.net *.yandex.ru yandex.ru yastatic.net *.vk.com vk.com *.facebook.com facebook.com *.rawgit.com rawgit.com *.google.com google.com *.gstatic.com gstatic.com zurb.com cdn.jsdelivr.net unpkg.com code-sb1.jivosite.com code.jivo.ru www.googletagmanager.com crypto.paydaq.com; frame-src 'self' fp.bets4.org socket.bets4.info twitch.tv connect.facebook.net cdn.onesignal.com onesignal.com ajax.googleapis.com steampowered.com liveinternet.ru counter.yadro.ru Login4PRO.com steamcommunity.com player.twitch.tv cdnjs.cloudflare.com rawgit.com cdn.datatables.net *.yandex.ru yandex.ru yastatic.net *.vk.com vk.com *.facebook.com facebook.com *.rawgit.com rawgit.com *.google.com google.com *.gstatic.com gstatic.com zurb.com cdn.jsdelivr.net unpkg.com code-sb1.jivosite.com steamcommunity.com code.jivo.ru www.googletagmanager.com crypto.paydaq.com; report-uri /scripts/csp.php; 1
frame-ancestors 'self' *.domino.bg teams.microsoft.com *.teams.microsoft.com *.skype.com cmit.bg *.cmit.bg 1
default-src 'self' *.nic.in; img-src * data: blob:; font-src 'self' data:; media-src * 'self' blob:; style-src 'self' 'unsafe-inline' *.nic.in; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.nic.in *.youtube.com; connect-src 'self' blob: https://*.nic.in wss://*.nic.in https://*.cloudfront.net; frame-src 'self' *.nic.in *.youtube.com emantrimandal.uk.gov.in gopan.uk.gov.in staging.ua.nic.in doptonline.nic.in ecabinet.arunachal.gov.in; frame-ancestors 'self' https://*.nic.in emantrimandal.uk.gov.in gopan.uk.gov.in staging.ua.nic.in doptonline.nic.in ecabinet.arunachal.gov.in ecabinet.tripura.gov.in; 1
frame-ancestors 'https://bhavishya.nic.in/' style-src 'self' 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://cdnjs.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.ngrok.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com *.stackpathdns.com widget.trustpilot.com *.google.it 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.google.com *.addthis.com *.pinterest.com *.iubenda.com *.revolut.com *.twitter.com *.paypal.com *.hotjar.com *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.cloudflare.com *.klarna.com *.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.iubenda.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.paypalobjects.com *.google.lk *.google.com *.google.it *.payhere.lk *.stackpathdns.com *.scalapay.com *.trustpilot.com *.ebay.com *.ebayimg.com widget.trustpilot.com *.ngrok.io *.pentagonhosting.co.uk *.miticadesign.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.iubenda.com https://cdnjs.cloudflare.com *.revolut.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.cloudflareinsights.com *.hotjar.com *.stackpathdns.com *.scalapay.com *.trustpilot.com widget.trustpilot.com *.google.it https://cdn.scalapay.com translate.google.com *.ngrok.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.stackpathdns.com *.scalapay.com *.iubenda.com *.addthis.com *.trustpilot.com widget.trustpilot.com *.google.it *.pentagonhosting.co.uk *.miticadesign.com *.ngrok.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.iubenda.com *.twitter.com *.twimg.com *.doubleclick.net *.hotjar.com wss://ws15.hotjar.com/ *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.ngrok.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bicasbia.it/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.bancobic.ao data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com data:; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.bicnet.ao https://bicnet.ao; object-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.bancobic.ao data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com data:; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://bicnetempresas.ao https://www.bicnetempresas.ao; object-src 'self';frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bigmatlaplataforma.es bigmatlaplataforma.es *.publitas.com publitas.com *.flipboxapp.net flipboxapp.net *.erpcloud.info *.bigmat.es *.google.com *.googletagmanager.com *.nexmart.com *.openstreetmap.org *.gstatic.com data:;frame-ancestors 'self' img-src 'self' * data: blob: filesystem:; reflected-xss block; 1
default-src wss: https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' widget.billig-tanken.de googleads.g.doubleclick.net pagead2.googlesyndication.com 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com www.gstatic.com;  connect-src 'self' api.trongrid.io sun.tronex.io bsc-dataseed.binance.org; form-action 'self'; object-src 'none'; 1
child-src  www.paypalobjects.com; connect-src  bitsca.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com bitsandpiecescanada-ca.attn.tv events.attentivemobile.com s.yimg.com *.clarity.ms *.sharethis.com www.bitsandpiecescanada.ca *.google.com bam.nr-data.net bcp.crwdcntrl.net gardensalive.force.com *.googletagmanager.com gaorder.gardensalive.com gardensalive.my.site.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src  bitsca.cv3admin.com h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: www.bitsandpiecescanada.ca; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.bitsandpiecescanada.ca webto.salesforce.com bitsca.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.sharethis.com service.force.com creatives.attn.tv secure.trust-provider.com www.youtube.com gardensalive.my.salesforce.com www.googletagmanager.com view.publitas.com *.azureedge.net; frame-ancestors  ; img-src  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca *.google-analytics.com *.google.com ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ sp.analytics.yahoo.com bitsca.cv3admin.com *.sharethis.com *.clarity.ms www.bitsandpiecescanada.ca www.google.ca secure.trust-provider.com *.gstatic.com bitsandpiecescanada-ca.attn.tv www.google.co.in bam.nr-data.net www.google.co.uk *.attentivemobile.com www.pages08.net; script-src  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv *.clarity.ms bitsca.cv3admin.com s.yimg.com www.google.com api.universalcookie.com ajax.aspnetcdn.com garecommend.gardensalive.com *.sharethis.com secure.comodo.net service.force.com *.salesforceliveagent.com www.bitsandpiecescanada.ca  secure.comodo.com secure.comodo.net bam.nr-data.net js-agent.newrelic.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com www.sc.pages08.net gardensalive.my.site.com view.publitas.com cdnjs.cloudflare.com *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv *.clarity.ms bitsca.cv3admin.com s.yimg.com www.google.com api.universalcookie.com ajax.aspnetcdn.com garecommend.gardensalive.com *.sharethis.com secure.comodo.net service.force.com *.salesforceliveagent.com www.bitsandpiecescanada.ca  secure.comodo.com secure.comodo.net bam.nr-data.net js-agent.newrelic.com gardensalive.my.salesforce.com gardensalive.force.com static.lightning.force.com www.sc.pages08.net gardensalive.my.site.com view.publitas.com cdnjs.cloudflare.com *.azureedge.net; style-src  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com *.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net bitsca.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpiecescanada.ca service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com *.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net bitsca.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpiecescanada.ca service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  bitsca.cv3admin.com h2.commercev3.net/cdn.bitsandpiecescanada.ca/ cdn.bitsandpiecescanada.ca www.bing.com; 1
block-all-mixed-content;frame-ancestors 'none';upgrade-insecure-requests;object-src 'none' 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' * data: blob:; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com; frame-src 'self' https://www.google.com https://www.facebook.com https://www.youtube.com https://blackmores.chakrarewards.com https://*.a.run.app; connect-src 'self' https://analytics.google.com https://www.google-analytics.com  https://*.nr-data.net https://stats.g.doubleclick.net; block-all-mixed-content; upgrade-insecure-requests 1
frame-src 'self' frame-ancestors 'self' 1
frame-ancestors https://anyatalk.blitz.ro 1
frame-ancestors 'self' *.bncd.ca *.ndbd.ca; 1
default-src 'self' 'unsafe-eval' https://storage.googleapis.com https://google.com https://youtube.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://s.imgur.com https://imgur.com https://i.imgur.com https://500px.com https://drscdn.500px.org https://www.reddit.com https://www.flickr.com https://c1.staticflickr.com https://maxcdn.bootstrapcdn.com http://code.ionicframework.com https://cdn.fontawesome.com/; script-src 'self' https://storage.googleapis.com https://api.bniservicerating.com https://api-dashboard.bniservicerating.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; img-src 'self' https://api.squsp-datacenter.com https://api.bniservicerating.com https://api-dashboard.bniservicerating.com data:; connect-src 'self' https://api.bniservicerating.com https://api-dashboard.bniservicerating.com; font-src 'self'; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
default-src 'none'; connect-src 'self' https://*.bonarea-agrupa.com http://*.bonarea-foodservice.com https://*.onetrust.com https://*.cookielaw.org https://*.windows.net https://*.google.com https://*.doubleclick.net https://*.facebook.com http://*.google-analytics.com https://*.googleapis.com; font-src 'self' *; frame-src https://*.facebook.com http://*.bonarea-foodservice.com https://www.google.com https://*.youtube.com; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.bonarea-foodservice.com http://*.booking.com https://*.tacdn.com http://*.jscache.com https://*.tripadvisor.es https://*.tripadvisor.com http://*.google-analytics.com https://*.googleapis.com https://*.cookielaw.org https://*.cloudflare.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.net https://*.bonarea-agrupa.com; style-src 'self' 'unsafe-inline' * 1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cardinalcommerce.com 'self' data: *.aqurate.ai 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.cardinalcommerce.com *.mobilpay.ro http://sandboxsecure.mobilpay.ro *.authorize.net *.aqurate.ai 'self' 'unsafe-inline'; frame-ancestors *.twitter.com *.demdex.net *.google.com www.youtube.com *.googleapis.com *.2performant.com *.aqurate.ai 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.innoship.ro https://www.googletagmanager.com/ *.twitter.com *.demdex.net *.google.com www.youtube.com *.googleapis.com *.2performant.com *.aqurate.ai *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com 'self' data: www.apptrian.com www.facebook.com *.tile.openstreetmap.org *.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.omtrdc.net *.everesttech.net *.facebook.com *.google.ro *.aqurate.ai *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.google.com *.newsman.app http://sandboxsecure.mobilpay.ro *.mobilpay.ro *.cardinalcommerce.com *.authorize.net *.googleadservices.com *.doubleclick.net *.2performant.com attr-2p.com aqurate.ai https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.aqurate.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.demdex.net *.facebook.com 'self' data: *.google.com *.omtrdc.net *.2performant.com attr-2p.com *.aqurate.ai https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 1
base-uri 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://connect.facebook.net https://apis.google.com https://www.gstatic.com http://192.168.1.25:35729 https://cdn.ampproject.org https://cdn.agenceici.com/ https://tarteaucitron.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.tarteaucitron.io https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net 1
default-src 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'none'; script-src 'self' 'report-sample' https://www.gstatic.com https://accounts.google.com http://*.keyring.net https://api.veritrans.co.jp https://*.mul-pay.jp https://*.gakken.jp; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://accounts.google.com http://*.keyring.net; connect-src 'self' https:; img-src 'self' https: blob: data:; child-src 'self' https: blob: data:; media-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; font-src 'self' use.typekit.net 'unsafe-inline' data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self' data: tpc.googlesyndication.com egoi.site api.sibspayments.com  cdn-te.e-goi.com spg.qly.site1.sibs.pt  bricomarchecdnprd.azureedge.net *.google.com *.gstatic.com *.googleapis.com www.googleadservices.com *.addthis.com *.addthisedge.com *.cloudflare.com *.moatads.com *.jsdelivr.net *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.hotjar.com grmtech.net connect.facebook.net secure.adnxs.com bs.serving-sys.com pt-gmtdmp.mookie1.com stats.g.doubleclick.net ad.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net www.facebook.com www.google.pt tracking.adsafety.net assets.ams3.digitaloceanspaces.com stats.wp.com pixel.wp.com fast.wistia.com www.youtube.com www.bricomarche.pt www2.bricomarche.pt wp-rocket.me beacon-v2.helpscout.net public-api.wordpress.com cdn.ss-cdn.com nexus-websocket-a.intercom.io *.intercom.io *.intercomcdn.com *.intercomassets.com woocommerce.com secure.gravatar.com *.pingdom.net *.fls.doubleclick.net ps.w.org js.adsrvr.org insight.adsrvr.org match.adsrvr.org http://www.bricomarche.pt https://portrisa.com *.cookiebot.com egoi.site/219153_www.bricomarche.pt.js edw-2.egoiapp.com/matomo/matomo.php 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.ecozum.com; img-src 'self' *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr; font-src 'self' *.ecozum.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com; frame-src 'self' *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com; child-src 'self' *.ecozum.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://broomees.org https://www.googleadservices.com https://www.googletagmanager.com https://www.facebook.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.youtube.com https://checkout.razorpay.com https://unpkg.com https://www.facebook.net https://www.connect.facebook.net https://connect.facebook.net https://facebook.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://clarity.ms https://www.clarity.ms/ https://doubleclick.net https://pdfmake.js https://formbuilder.online https://cdn.socket.io https://cdn.getsimpl.com https://maps.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.socket.io https://use.fontawesome.com https://fontawesome.com https://cdn.datatables.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.datatables.net https://fonts.googleapis.com https://use.fontawesome.com https://code.jquery.com https://fontawesome.com; img-src * data: https://www.facebook.com https://cdn.imgbin.com; font-src 'self' https://fontawesome.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://razorpay.com  https://api.razorpay.com https://td.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://broomees.org wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://z.clarity.ms https://analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://googleapis.com https://translation.googleapis.com; 1
frame-ancestors 'self' https://www.messenger.com/ https://www.facebook.com/ https://resource01.botoffice.net/ https://www.google-analytics.com/ https://api-public.addthis.com/ https://s7.addthis.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.esputnik.com *.doubleclick.net *.salesdrive.me esputnik.com *.googleadservices.com *.binotel.com *.googletagmanager.com *.youtube.com *.youtu.be maps.gstatic.com *.googleapis.com *.google-analytics.com *.google.com td.doubleclick.net connect.facebook.net; frame-src 'self' td.doubleclick.net *.youtube.com *.doubleclick.net assets.zendesk.com *.youtu.be *.facebook.com s-static.ak.facebook.com; object-src 'self' 1
default-src *;
     style-src 'self' 'unsafe-inline';
     script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' data: 'sha256-K5egDXiZTkZ6WGNt4ba+ZYNaO4cdyhEbn+98gZDa+rc=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.cloudflareinsights.com https://www.youtube.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://sc-static.net https://static.ads-twitter.com 'sha256-po4n2fGDKRAzyqKWAwZRaDIgg2BRdEvY8iuJi/kP3Go=' https://snap.licdn.com https://connect.facebook.net https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://cdn.thinglink.me; connect-src 'self' https://d2uor43xpk77o4.cloudfront.net https://d1lz5ymsljbgdd.cloudfront.net https://cloudflareinsights.com https://static.cloudflareinsights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.gstatic.com https://*.g.doubleclick.net https://cdn.linkedin.oribi.io https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://tr6.snapchat.com https://*.ads.linkedin.com https://*.google.com https://*.google.ae https://*.google.az https://*.google.ca https://*.google.cn https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.co.za https://*.google.com.au https://*.google.com.bh https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.om https://*.google.com.qa https://*.google.com.sa https://*.google.de https://*.google.fr https://*.google.iq https://*.google.jo https://*.google.ru; child-src 'self' https://www.youtube.com https://www.vimeo.com; frame-src 'self' https://www.youtube.com https://www.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://fls.doubleclick.net https://12716691.fls.doubleclick.net https://13866393.fls.doubleclick.net https://tr-shadow.snapchat.com https://tr.snapchat.com https://cdn.thinglink.me https://www.thinglink.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.gstatic.com; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com; object-src 'none'; img-src 'self' 'unsafe-inline' data: https://d2uor43xpk77o4.cloudfront.net https://www.googletagmanager.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://ad.doubleclick.net https://12716691.fls.doubleclick.net https://13866393.fls.doubleclick.net https://t.co https://analytics.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://fonts.gstatic.com https://tr.snapchat.com https://i.ytimg.com https://*.google.com https://*.google.ae https://*.google.az https://*.google.ca https://*.google.cn https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.co.za https://*.google.com.au https://*.google.com.bh https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.om https://*.google.com.qa https://*.google.com.sa https://*.google.de https://*.google.fr https://*.google.iq https://*.google.jo https://*.google.ru; 1
default-src:self; upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'self' data: cakalnedobe.si www.cakalnedobe.si cdn.cakalnedobe.si ads.cakalnedobe.si narocanje.cakalnedobe.si widget.cakalnedobe.si www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ma.medifit.si data.medifit.si cdn.jsdelivr.net static.hotjar.com fonts.googleapis.com booking.eambulanta.si twemoji.maxcdn.com widget-v4.tidiochat.com code.tidio.co widget-v4.tidiochat.com s3.eu-west-1.amazonaws.com static.mailerlite.com cdn.medifit.si track.mailerlite.com tidio-images-messenger.s3.amazonaws.com cdn-cookieyes.com; font-src 'self' fonts.googleapis.com cdn.cakalnedobe.si fonts.gstatic.com widget-v4.tidiochat.com; connect-src sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:; frame-src ads.cakalnedobe.si narocanje.cakalnedobe.si enarocanje.cakalnedobe.si booking.eambulanta.si booking.medifit.si ma.medifit.si www.google.com; 1
upgrade-insecure-requests;, frame-ancestors https://www.campusiesrfa.com https://drive.google.com 1
default-src 'self' https://canariteslearning.com https://cdn.jsdelivr.net https://fonts.googleapis.com/ *.tawk.to wss://*.tawk.to 'unsafe-inline';font-src * data:;script-src 'self' https://cdn.jsdelivr.net https://google.com https://embed.tawk.to 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';img-src * data: blob:;media-src * data:;connect-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://analytics.google.com https://10621748.fls.doubleclick.net https://api.segment.io https://googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.ua https://www.google.ua https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://static.hotjar.com https://cdn.segment.com https://script.hotjar.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.de https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://region1.google-analytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://10621748.fls.doubleclick.net https://api.segment.io https://analytics.google.com https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.ua https://www.google.ua https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://static.hotjar.com https://cdn.segment.com https://script.hotjar.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.de https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://region1.google-analytics.com pagecdn.io; frame-ancestors 'self'; report-uri https://canephron.ua/report-uri/enforce 1
base-uri 'self'; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; frame-ancestors 'none'; object-src 'none'; 1
frame-ancestors 'self' http://power.careserve.fr http://power.careserve.localdev; 1
frame-ancestors 'https://carovnapolicka.sk' 'https://pagead2.googlesyndication.com/' 'https://static.xx.fbcdn.net/' 'https://googleads.g.doubleclick.net/' 'https://googleads.g.doubleclick.net/' 'https://www.facebook.com/'  ; 1
child-src 'self'; connect-src 'self' *.googletagmanager.com wss://station.softmarketing.com.br *.softmarketing.com.br *.google-analytics.com; font-src 'self' data: *.softmarketing.com.br *.gstatic.com; form-action 'self';  frame-src 'self' *.youtube.com *.google.com *.spotify.com *.youtube-nocookie.com; frame-ancestors 'self'; img-src 'self' about: data: *.cartaometrocard.com.br cartaometrocard.com.br *.google-analytics.com *.softmarketing.com.br *.openstreetmap.org *.jav.com.br *.youtube.com *.ytimg.com; manifest-src 'self'; media-src 'self'; navigate-to 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-eval'; script-src-elem 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-inline'; script-src-attr 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-inline'; style-src 'self' *.softmarketing.com.br *.googleapis.com; style-src-elem 'self' *.softmarketing.com.br *.googleapis.com 'unsafe-inline';  style-src-attr 'self' *.softmarketing.com.br *.googleapis.com 'unsafe-inline'; 1
default-src 'self' *.applicationinsights.azure.com *.paypal.com *.sharethis.com;script-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://js.monitor.azure.com *.applicationinsights.azure.com *.paypal.com https://paypalobjects.com *.sharethis.com https://unpkg.com;script-src-attr 'unsafe-inline';img-src 'self' * data:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
script-src 'strict-dynamic' 'nonce-rAnd0m123' https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; report-uri https://www.cartoesmercantildobrasil.com.br 1
frame-ancestors 'self' www.casinopauseandplay.es apuestas.casinopauseandplay.es; 1
default-src 'self' ; base-uri 'self'; form-action 'self';script-src  'nonce-ukNnL6Ubj3v37eOPqWFCNJ+EjTI=' 'self'; img-src  'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' blob: https://fonts.googleapis.com/  https://fonts.gstatic.com/  https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://cdn.datatables.net/ https://code.jquery.com/jquery-3.6.4.jshttps://code.jquery.com/ui/1.13.2/jquery-ui.js http://www.w3.org/2000/svg https://code.highcharts.com/http://127.0.0.1/:12591/signservice/signdata https://127.0.0.1/:13591/signservice/signdatahttp://localhost:12591/signservice/signdatahttps://localhost:13591/signservice/signdatahttp://10.72.167.100/CBN_PAN_WS/validatePan.dohttp://103.255.217.12:15181/BULK_API/InstantJsonPush 'unsafe-inline' 'unsafe-eval' data:; 1
frame-ancestors 'self' consorcio.cl ccbolsa.cl emma.cl bolsadesantiago.com compliance-tracker.cl salesforce.com 1
default-src 'self'; script-src 'self' *.google.com *.googleapis.com *.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://libs.tesla.com.br https://www.googletagmanager.com https://vlibras.gov.br https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://libs.tesla.com.br https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com https://fonts.googleapis.com https://libs.tesla.com.br fonts.gstatic.com; img-src 'self' *.googleusercontent.com https://ssl.google-analytics.com data: https://s3-sa-east-1.amazonaws.com https://libs.tesla.com.br https://vlibras.gov.br https://i.ytimg.com https://cdn.jsdelivr.net; connect-src 'self' https://www.google-analytics.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.zuldigital.com.br https://parceiros.estapar.com.br; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-HyxIAYieOjqIy-Z0YqPTYw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com wss://*.liveperson.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.celio.in/checkout/ https://connect.facebook.net https://tr.snapchat.com https://www.celio.in/; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://*.liveperson.net https://*.lpsnmedia.net https://*.liveperson.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://stackpath.bootstrapcdn.com; report-to report-endpoint 1
style-src 'self' 'unsafe-inline' cgda.nic.in 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.changevivienne.com/ https://tpc.googlesyndication.com https://sw-assets.ekomiapps.de/ https://smart-widget-assets.ekomiapps.de/ https://www.dwin1.com/ https://bat.bing.com/ https://connect.facebook.net/ https://www.google.com/ https://maps.google.com/ https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://vf-js.ekomi.de https://code.tidio.co *.tidiochat.com https://www.googleadservices.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ 1
font-src *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src *.packeta.com www.google.com *.chantallonline.com 'self' 'unsafe-inline'; img-src *.mailchimp.com *.facebook.com *.google-analytics.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; script-src *.packeta.com *.facebook.net *.list-manage.com *.mailchimp.com www.googleapis.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.mailchimp.com *.bootstrapcdn.com fonts.googleapis.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.packeta.com *.facebook.com *.doubleclick.net *.google-analytics.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';; report-uri https://chantall.report-uri.com/r/d/csp/enforce 1
frame-ancestors https://*.facebook.com http://*.facebook.com 1
default-src 'self' 'unsafe-inline' *.gmfinancial.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gmfinancial.com maps.googleapis.com maps.gstatic.com *.liveperson.net *.adobedtm.com *.lpsnmedia.net *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.2o7.net; img-src 'self' data: *.gmfinancial.com assets.adobedtm.com *.sc.omtrdc.net *.tt.omtrdc.net *.demdex.net *.adobedtm.com *.2o7.net *.everesttech.net; frame-src *.demdex.net *.lpsnmedia.net; connect-src 'self' *.demdex.net *.omtrdc.net *.liveperson.net *.adobedtm.com; 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/  'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/  fonts.googleapis.com/ *.google.com/  *.google.com/ *.onetrust.com/  'unsafe-inline' ;  style-src 'self' fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' *.gstatic.com/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/  *.cookielaw.org/ *.onetrust.com/ 'unsafe-inline'  'unsafe-eval' ; script-src-elem 'self' *.googleadservices.com/  *.googletagmanager.com/ *.google-analytics.com/ *.google.com/  *.gstatic.com/  *.cookielaw.org/ *.onetrust.com/ 'unsafe-inline'; img-src 'self'  data: *.youtube.com *.google.com *.google.com.br *.google-analytics.com *.chniteroi.com.br *.onetrust.com *.cookielaw.org/  1
style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 1
frame-ancestors *.civicinfo.bc.ca *.assetmanagementbc.ca *.ubcm.ca  *.fnps.ca  *.google-analytics.com *.analytics.google.com  *.civicstats.ca  'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com ; 1
default-src 'self' code.jquery.com unpkg.com www.mobiledition.com www.lisio-solution.com www.google.com *.addthis.com www.youtube.com player.ausha.co www.marches-publics.info *.habiteo.com *.rhinov.pro *.calameo.com envisite.net *.envisite.net www.youtube-nocookie.com; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.addthis.com unpkg.com www.numanis.net code.jquery.com www.mobiledition.com mobiledition.com www.lisio-solution.com cdnjs.cloudflare.com *.addthis.com www.google.com www.gstatic.com z.moatads.com v1.addthisedge.com *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.mobiledition.com www.lisio-solution.com *.gstatic.com *.googleapis.com;connect-src 'self' *.googleapis.com *.mobiledition.com www.lisio-solution.com *.addthis.com; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twitter.com *.payu.ro *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.matterport.com https://*.sameday.ro c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.tbicp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.google.ro *.google.co.in *.mastercard.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.tbicp.com *.cloudflare.com *.twitter.com *.google.ro *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.hotjar.com https://*.sameday.ro *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com unsafe-inline https://*.sameday.ro maxcdn.bootstrapcdn.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.zendesk.com *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.tbibank.ro https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'self' blob: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'unsafe-inline' 'self' www.clirnet.com cdn.ckeditor.com cdn.datatables.net cdnjs.cloudflare.com partner.googleadservices.com adservice.google.com tpc.googlesyndication.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com www.googletagmanager.com fonts.googleapis.com pagead2.googlesyndication.com www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
default-src 'none'; manifest-src 'self'; img-src 'self' https://club-eni.com/ https://image.flaticon.com/ https://gallery.mailchimp.com/ https://tagmanager.google.com/ https://www.gstatic.com/ https://ssl.gstatic.com/ data: https://www.google-analytics.com/ https://cdn.datatables.net/ https://storage.gra3.cloud.ovh.net/ https://storage.gra.cloud.ovh.net/ https://logs1409.xiti.com/hit.xiti https://picsum.photos/id/1/600/1200.webp https://picsum.photos/id/3/600/1200.webp https://i.picsum.photos/id/3/600/1200.webp https://picsum.photos/id/6/600/1200.webp https://picsum.photos/id/119/200/250 https://picsum.photos/id/2/600/1200.webp; font-src 'self' data: https://tagmanager.google.com/debug/ https://fonts.googleapis.com https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/debug/ https://cdn.datatables.net/ https://fonts.googleapis.com/icon https://fonts.googleapis.com/css; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.fileDownload/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.datatables.net/ https://www.google.com/jsapi https://www.googletagmanager.com/ https://tag.aticdn.net/; connect-src 'self' https://*.google-analytics.com https://www.google-analytics.com/  https://club-eni.com https://admin.club-eni.com; frame-src 'self' https://gridvalley.eu/ https://www.google.com/ https://club-eni.com https://admin.club-eni.com; frame-ancestors 'self' https://club-eni.com https://admin.club-eni.com; form-action 'self' 1
object-src 'none'; script-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self'; frame-ancestors *; report-uri https://www.cof.fr/report-uri/enforce 1
default-src 'self' blob: *.cokebuddy.in *.cokebuddy.my *.coca-cola.com.mm *.bnl.com.np *.sellina.io *.salescode.ai *.sellinademo.io *.segment.io https://analytics.cokebuddy.in https://analytics.cokebuddy.my https://fonts.gstatic.com https://analytics.kbuddy.in https://cdn.segment.com https://cdn.moengage.com https://www.youtube.com lubechat-server.prod.aze.shell.io https://sdk-03.moengage.com https://dev.andromeda-lc.com https://maps.gstatic.com https://cdn.segment.com https://api.segment.io/v1 https://www.andromeda-lc.com https://andromeda-lc.com https://maps.gstatic.com https://cdn.optimizely.com https://lubechat-server.preprod.aze.shell.io https://www.slideshare.net https://lubechat-server.preprod.aze.shell.io https://fcm.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com  https://api.api.ai https://api.cognitive.microsofttranslator.com  https://apptech.blob.core.windows.net https://www.gstatic.com https://www.google-analytics.com https://fonts.googleapis.com https://browser.sentry-cdn.com https://o1280144.ingest.sentry.io https://maps.googleapis.com; img-src 'self' https://d2nvw4ekms3xzy.cloudfront.net  https://dev.andromeda-lc.com https://mdmuploads.s3.ap-south-1.amazonaws.com https://maps.gstatic.com https://sdk-03.moengage.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://image.moengage.com https://moe-email-campaigns.s3.amazonaws.com https://www.google-analytics.com/collect https://www.andromeda-lc.com lubechat-server.prod.aze.shell.io https://dev.andromeda-lc.com https://andromeda-lc.com https://maps.googleapis.com https://image.flaticon.com https://apptech.blob.core.windows.net  https://api-dox.s3.ap-south-1.amazonaws.com https://docs.sellina.io https://o1042875.ingest.sentry.io blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.io https://cdn.jsdelivr.net/ https://unpkg.com https://cdn.jsdelivr.net/ https://unpkg.com/canvaskit-wasm@0.37.1/bin/profiling/canvaskit.js https://cdn.moengage.com https://cdn.quilljs.com/1.3.6/quill.js https://www.googletagmanager.com https://www.google-analytics.com https://o1042875.ingest.sentry.io https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js lubechat-server.prod.aze.shell.io https://sdk-03.moengage.com https://cdn.moengage.com https://dev.andromeda-lc.com https://cdnjs.cloudflare.com https://dev.andromeda-lc.co https://api.linkpreview.net https://cdn.segment.com  https://cdn.segment.com https://www.andromeda-lc.com https://andromeda-lc.com https://browser.sentry-cdn.com https://browser.sentry-cdn.com/7.9.0/bundle.min.js https://browser.sentry-cdn.com/7.9.0/bundle.tracing.min.js https://fcm.googleapis.com https://www.gstatic.com https://www.youtube.com https://www.google-analytics.com http://maps.googleapis.com https://cdn.firebase.com https://*.firebaseio.com https://*.firebaseio.com;style-src 'self' https://cdn.quilljs.com/1.3.6/quill.snow.css https://use.fontawesome.com https://cdnjs.cloudflare.com https://sdk-03.moengage.com https://www.andromeda-lc.com  https://fonts.googleapis.com 'unsafe-inline';font-src 'self' https://fonts.gstatic.com; object-src 'self'; manifest-src 'self' blob:;form-action 'self';frame-ancestors 'self' https://config.sellina.io https://kbuddy.salescode.ai *.cokebuddy.in *.cokebuddy.my *.coca-cola.com.mm *.bnl.com.np *.salescode.ai *.sellina.io *.sellindemo.io;connect-src 'self' blob: *.sellina.io *.sellinademo.io *.salescode.ai *.coca-cola.com.mm *.bnl.com.np https://worldtimeapi.org/api/ip https://www.gstatic.com https://i3.ytimg.com https://api.codemagic.io https://hooks.slack.com https://unpkg.com https://fonts.gstatic.com https://apptech.blob.core.windows.net https://uat.sellina.io https://unnati.sellina.io https://kpi.sellina.io https://prod.sellina.io https://api.sellinademo.io https://demo.salescode.ai https://lubechat-server.preprod.aze.shell.io https://lubechat-server.prod.aze.shell.io https://api.segment.io/v1/m https://api.segment.io/v1/t https://cdn.moengage.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://o1280144.ingest.sentry.io https://www.youtube.com https://cdn.segment.com https://fcm.googleapis.com https://www.google-analytics.com https://browser.sentry-cdn.com https://fcm.googleapis.com/fcm/connect/subscribe https://www.googletagmanager.com https://www.google-analytics.com https://mdmuploads.s3.ap-south-1.amazonaws.com https://analytics.cokebuddy.in https://d2nvw4ekms3xzy.cloudfront.net https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://firebase.googleapis.com https://cdn.optimizely.com https://andromeda-lc.com 1
frame-ancestors 'self' collectionb.cc *.collectionb.cc 1
frame-ancestors *.myshopify.com https://admin.shopify.com http://collivery.net 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.pinimg.com *.teads.tv https://region1.analytics.google.com https://tpc.googlesyndication.com https://skroutza.skroutz.gr https://sslwidget.criteo.com https://www.columbiasportswear.gr https://ping.contactpigeon.com https://static.criteo.net https://ajax.cloudflare.com https://skroutza.skroutz.gr https://www.contactpigeon.com *.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr *.zopim.com *.zdassets.com/ *.hotjar.com *.hotjar.io https://static.adman.gr/adman.js *.adman.gr *.ubembed.com https://360.bestprice.gr https://www.bestprice.gr wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr https://use.typekit.net https://collection.e-satisfaction.com *.cdninstagram.com https://v2.zopim.com https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.contactpigeon.com https://ping.contactpigeon.com https://fonts.googleapis.com https://use.typekit.net https://collection.e-satisfaction.com https://p.typekit.net;object-src 'self';img-src 'self' data: https://cdn.e-satisfaction.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://widget.eu.criteo.com https://www.google.co.uk https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://dis.criteo.com https://ct.pinterest.com *.teads.tv https://dimages.contactpigeon.com https://googleads.g.doubleclick.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://criteo-partners.tremorhub.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://matching.ivitrack.com https://ad.360yield.com https://id5-sync.com https://gum.criteo.com https://r.casalemedia.com https://visitor.omnitagjs.com https://cm.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://googleads.g.doubleclick.net https://ping.contactpigeon.com https://collection.e-satisfaction.com https://collection.e-satisfaction.com https://columbia.staginglh.com https://columbia.test.devlh.com https://static.columbiasportswear.gr https://www.columbiasportswear.gr *.skroutz.gr https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://fonts.gstatic.com  https://www.google.com.tr https://trustmark.gr *.facebook.com *.facebook.net *.analytics.google.com https://img.youtube.com;font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; connect-src 'self' https://adservice.google.com https://ct.pinterest.com *.teads.tv https://region1.analytics.google.com https://ping.contactpigeon.com https://collection.e-satisfaction.com https://ekscapig.sleed.com https://web.facebook.com https://www.facebook.com https://socialplugin.facebook.net https://cdn.e-satisfaction.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app https://ekr.zdassets.com;frame-src *;media-src 'self'; manifest-src 'self' https://www.columbiasportswear.gr 1
default-src 'self' js.stripe.com www.facebook.com syndication.twitter.com www.youtube.com platform.twitter.com ;        script-src 'self' js.stripe.com maps.google.com code.jquery.com s7.addthis.com cdn.jsdelivr.net cdn.rawgit.com connect.facebook.net platform.twitter.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';        style-src 'self'   cdn.jsdelivr.net ajax.googleapis.com cdn.rawgit.com code.jquery.com 'unsafe-inline' fonts.googleapis.com;        connect-src 'self' soccerleagues.comortais.com/MobileService.asmx/getOrgPage www.google-analytics.com maps.googleapis.com;        img-src 'self'  kdul.ie i.imgur.com code.jquery.com comortais.com fbcdn-profile-a.akamaihd.net ajax.googleapis.com www.dlbb.ie  soccerleagues.comortais.com www.comortais.com dev.comortais.com test.comortais.com www.googletagmanager.com syndication.twitter.com data:;        font-src 'self' fonts.gstatic.com; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://comparaiso.cl/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://*.googletagmanager.com https://platform.twitter.com https://vercel.live https://vercel.com https://widget.gleamjs.io; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://*.comprasmartphone.com https://*.digitaloceanspaces.com https://*.ytimg.com https://*.twimg.com https://js.gleam.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.es https://*.google.com.mx https://*.google.com.co https://*.google.com.ar https://*.google.com.pe https://*.google.cl https://*.google.co.ve https://*.google.com.ec https://*.google.com.bo https://*.google.com.cu https://*.google.com.gt https://*.google.com.do https://*.google.co.cr https://*.google.com.sv https://*.google.com.pa https://*.google.com.uy https://*.google.com.py https://*.google.com.ni https://*.google.hn https://*.google.de https://*.google.fr https://*.google.com.br https://*.google.it https://*.google.cz https://*.google.co.uk https://*.google.nl https://*.google.pt https://*.google.ca https://*.google.com.pr https://*.google.co.id https://*.google.ad https://*.google.ch https://*.google.ie https://*.google.co.in https://*.google.be https://*.google.com.au https://*.google.co.ma https://*.google.se https://*.google.ru https://*.google.hu https://*.google.pl https://*.google.at https://*.google.ro https://*.google.co.jp https://*.google.co.nz https://*.google.cn https://*.google.no https://*.google.co.il https://*.google.dk https://*.google.co.th https://*.google.com.tr https://*.google.com.ua https://*.google.fi; object-src 'none'; media-src 'none'; frame-src 'self' https://www.youtube.com https://platform.twitter.com https://gleam.io/; frame-ancestors 'self' https://*.comprasmartphone.com; connect-src 'self' https://*.comprasmartphone.com https://api.tinybird.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; manifest-src 'self'; upgrade-insecure-requests; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; img-src *; frame-ancestors 'none'; 1
frame-ancestors 'self' https://coolcard.se https://coolcard.starwebserver.se 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.copisterialowcost.es 1
default-src 'self' http://* https://* https://script.hotjar.com https://static.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://connect.facebook.net https://www.google-analytics.com https://api.ipify.org https://embed.tawk.to https://static-v.tawk.to https://cdn.jsdelivr.net https://va.tawk.to  https://*.tawk.to https://ksysq58fjg.execute-api.us-west-2.amazonaws.com https://s-usc1c-nss-240.firebaseio.com https://securetoken.googleapis.com https://www.googleapis.com https://apis.google.com https://accounts.livechatinc.com https://cbks0.googleapis.com http://test.nuvem.cloud https://maps.googleapis.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.gstatic.com data: 'unsafe-inline' https://coral-13bc3.firebaseio.com https://s-usc1c-nss-241.firebaseio.com https://*.firebaseio.com http://cdn.livechatinc.com https://*.livechatinc.com wss: https://retail.nuvem.cloud https://u3hg6m2dci.execute-api.us-west-2.amazonaws.com; child-src 'self' http://* https://* https://*.hotjar.com https://staticxx.facebook.com http://nuvemretail-desarrollo.us-east-1.elasticbeanstalk.com https://va.tawk.to https://s-usc1c-nss-240.firebaseio.com https://coral-13bc3.firebaseapp.com http://test.nuvem.cloud https://secure.livechatinc.com https://*.firebaseio.com https://retail.nuvem.cloud https://s-usc1c-nss-241.firebaseio.com; style-src 'self' http://* https://www.promoshoy.com/* https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; img-src https://images.notifications-icommkt.com/logos/coral_h.jpg 'self' https://*  https://www.promoshoy.com/pixelCPL.aspx  https://www.placetopay.com/web/wp-content/uploads/2020/01/Logo-evertec-ptop-2020-sideline.png https://www.datafast.com.ec/images/verified.png https://api.iconify.design/iwwa:close.svg https://coralcentro-imagenes.s3.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://static-v.tawk.to https://cdn.jsdelivr.net https://*.tawk.to https://va.tawk.to https://platform-lookaside.fbsbx.com https://d1d48tvdszr545.cloudfront.net https://d1d48tvdszr545.cloudfront.net https://d17dnq5zq3lium.cloudfront.net https://graph.facebook.com https://maps.gstatic.com https://geo0.ggpht.com https://maps.googleapis.com data: https://secure.livechatinc.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://geo0.ggpht.com  https://cbks0.googleapis.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com; object-src 'self' https://www.promoshoy.com/* https://static-v.tawk.to; script-src 'self' https://www.promoshoy.com/* https://www.coralhipermercados.com/* http://* 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' js.stripe.com www.facebook.com syndication.twitter.com www.youtube.com platform.twitter.com;        script-src 'self' js.stripe.com code.jquery.com s7.addthis.com cdn.jsdelivr.net cdn.rawgit.com connect.facebook.net platform.twitter.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';        style-src 'self' cdn.jsdelivr.net ajax.googleapis.com cdn.rawgit.com code.jquery.com 'unsafe-inline' ;        connect-src 'self' soccerleagues.comortais.com/MobileService.asmx/getOrgPage www.google-analytics.com maps.googleapis.com;        img-src 'self' i.imgur.com code.jquery.com comortais.com fbcdn-profile-a.akamaihd.net ajax.googleapis.com soccerleagues.comortais.com www.comortais.com dev.comortais.com test.comortais.com www.googletagmanager.com syndication.twitter.com data:;        font-src 'self'; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:  https://secure.gravatar.com https://plugins.svn.wordpress.org https://s.w.org https://ps.w.org https://store.tms-plugins.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com fonts.googleapis.com; connect-src 'self' https://yoast.com https://use.fontawesome.com https://fonts.googleapis.com 1
report-uri cp-shop.online 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self'; 1
worker-src blob:; font-src *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.hotjar.com *.icons8.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.google.com *.hotjar.com *.youtube-nocookie.com *.kiyoh.com chat.chatra.io https://td.doubleclick.net https://embed.pakketdienstqls.nl *.googletagmanager.com www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://www.magezon.com https://www.mollie.com *.google.com *.google.nl stats.g.doubleclick.net *.googleadservices.com *.google-analytics.com *.gstatic.com https://www.crcouture.nl/media/wysiwyg/logo_phildar.png https://www.crcouture.nl/media/wysiwyg/logo_zweigart.jpg https://www.crcouture.nl/media/wysiwyg/logos/logo-thea.jpg bat.bing.com phosphor.utils.elfsightcdn.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com js.mollie.com *.facebook.net *.fontawesome.com *.giropay.de *.googleapis.com *.gstatic.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.searchserverapi.com searchserverapi.com static.elfsight.com *.ecookie.nl chat.chatra.io call.chatra.io bat.bing.com ads.creative-serving.com static.zdassets.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.bootstrapcdn.com *.giropay.de *.googleapis.com *.icons8.com https://www.ecookie.nl/build/inject/styles.a2f1759d.css www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.bootstrapcdn.com *.gstatic.com *.googleadservices.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net core.service.elfsight.com storage.elfsight.com bat.bing.com ekr.zdassets.com zendesk-eu.my.sentry.io https://crcouture.zendesk.com/embeddable/config api.amplitude.com stats.g.doubleclick.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com maps.googleapis.com https://*.cloudflareinsights.com/ https://fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' *.google.com https://*.googleapis.com maps.googleapis.com https://*.cloudflareinsights.com/ https://fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com https://*.google.com https://*.google.co.uk *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://d389zggrogs7qo.cloudfront.net https://c906980.ssl.cf3.rackcdn.com/ http://www.creativeglassguild.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com https://*.googleapis.com maps.googleapis.com https://*.unsplash.com https://*.cloudflareinsights.com/ https://*.facebook.com/ t.paypal.com https://www.facebook.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net www.google.com *.doubleclick.net https://*.doubleclick.net https://fast.fonts.net; child-src 'self' *.googleadservices.com *.doubleclick.net https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube.com *.youtube-nocookie.com https://d3ijcis4e2ziok.cloudfront.net https://bufferapp.com 'unsafe-eval' 'unsafe-inline' *.google.com maps.googleapis.com https://*.cloudflareinsights.com/ *.googleadservices.com https://googleadservices.com https://fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com *.googleadservices.com https://googleadservices.com https://*.google.com https://*.google.co.uk *.facebook.net https://www.google.com https://ssl.gstatic.com *.google.com maps.googleapis.com https://*.cloudflareinsights.com/ https://*.googletagmanager.com *.paypal.com *.paypalobjects.com https://www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.googleadservices.com https://googleadservices.com https://fast.fonts.net; font-src 'self' data: *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com *.google.com maps.googleapis.com https://*.cloudflareinsights.com/ https://fast.fonts.net; connect-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com/ https://stats.g.doubleclick.net https://*.cloudflareinsights.com/ https://www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com https://*.facebook.com/ *.paypalobjects.com bid.g.doubleclick.net; image-src 'self' *.googleadservices.com https://googleadservices.com;  report-uri https://ses-failure.evopreview.co.uk/csp-rejection.php; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com https://www.scotiawealthmanagement.com;script-src 'self' 'unsafe-inline'  *.google.com *.google.ca *.google.com.co *.google.com.br *.gstatic.com *.contentsquare.net *.contentsquare.com www.google.com/maps/d/embed www.youtube.com/embed scotiabankfiles.azureedge.net www.facebook.com/ScotiabankColpatria twitter.com/scotiacolpatria www.instagram.com/banco_colpatria www.youtube.com/ScotiabankColpatriaOficial apps.scotiabank.com somniture.scotiabank.com www.googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io assets.adobedtm.com cm.everesttech.net somniture.scotiabank.com tags.bkrtx.com  app.link  www.google-analytics.com  connect.facebook.net cdnssl.clicktale.net www.espn.com.co  cdn.ampproject.org  www.scotiawealthmanagement.com www.scotiabankcolpatria.com;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  *.google.ca  *.google.com.co  *.google.com.br  *.contentsquare.net  *.contentsquare.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  stats.g.doubleclick.net  www.scotiawealthmanagement.com;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  google.com/maps/d/embed *.contentsquare.net *.contentsquare.com youtube.com/embed iabankfiles.azureedge.net facebook.com/ScotiabankColpatria ter.com/scotiacolpatria instagram.com/banco_colpatria youtube.com/ScotiabankColpatriaOficial scotiabankfiles.azureedge.net apps.scotiabank.com somniture.scotiabank.com googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io tags.bkrtx.com  www.scotiawealthmanagement.com www.scotiabankcolpatria.com; 1
default-src * 'unsafe-eval' 'unsafe-inline'  data: filesystem: about: blob: ws: wss: 1
default-src 'self';frame-src 'self' https://www.google.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://kit.fontawesome.com https://kit-free.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'unsafe-inline' 'self' https://kit.fontawesome.com https://kit-free.fontawesome.com https://www.google-analytics.com https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://www.google-analytics.com https://maps.googleapis.com; font-src 'self' https://kit-free.fontawesome.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.google.com; 1
font-src 'self' https://fonts.googleapis.com https://ds6jlmnundspw.cloudfront.net https://fonts.gstatic.com; 1
default-src https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://152.99.172.11 wss://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net https://www.hanshinit.co.kr https://www.cwg.go.kr https://www.epeople.go.kr https://www.data.go.kr https://8oi9s0nnth.apigw.ntruss.com https://www.youtube.com http://service.hanshinit.co.kr https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://pretest.uplus.co.kr:9443 http://pgweb.tosspayments.com:9090 *.daum.net *.kakao.com; style-src 'self' 'unsafe-inline' https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 *.daum.net *.daumcdn.net; img-src 'self' https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 *.daum.net *.daumcdn.net *.naver.net data: *; script-src 'self' https://developers.kakao.com https://t1.kakaocdn.net https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 *.kakao.com *.daumcdn.net *.daum.net dapi.kakao.com wcs.naver.net https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://www.open.go.kr 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.1365.go.kr https://checkout.tosspayments.com https://www.google-analytics.com blob: 10.50.3.172:80 10.1.7.118:389 152.99.88.156:50201 152.99.57.127:389 ap.onepass.go.kr:53010 211.218.53.205:53010 https://xpayvvipclient.tosspayments.com https://xpayclient.lgdacom.net http://xpayclient.lgdacom.net:7080 xpayclient.lgdacom.net:7443 http://www.cwg.go.kr http://council.cwg.go.kr https://council.cwg.go.kr   xpay.lgdacom.net:7443 ws://www.cwg.go.kr:8080 wss://www.cwg.go.kr:8443 ws://www.cwg.go.kr wss://www.cwg.go.kr:443 wss://www.cwg.go.kr https://www.cwg.go.kr https://t1.daumcdn.net https://s1.daumcdn.net http://pgweb.tosspayments.com:9090 https://xpay.lgdacom.net https://xpay.uplus.co.kr https://xpay.uplus.co.kr:9443 https://www.cwg.go.kr https://www.epeople.go.kr *.daum.net; object-src 'self' 1
base-uri 'self';default-src 'self';block-all-mixed-content;frame-ancestors 'self';form-action 'self' ;connect-src 'self' https://resources.chainbox.io cdn.cookielaw.org *.onetrust.com;font-src 'self' https://cdnjs.cloudflare.com;img-src 'self' data: https://resources.chainbox.io https://images.unsplash.com cdn.cookielaw.org;media-src ;object-src 'none' ;script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-Q2WK24K/I0CQkxHrSYGPgwvQy/VQTK4iDaSCCgdVRS8=' cdn.cookielaw.org;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;frame-src 'self' *.cycleservicenordic.com; 1
default-src 'self' 'unsafe-inline' data: blob: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.fbcdn.net *.atdmt.com *.top.ge *.youtube.com *.ytimg.com 1
media-src *; 1
default-src https://www.googletagmanager.com 'self' ka-f.fontawesome.com dakotacargo.co.id 'unsafe-inline';script-src https://www.googletagmanager.com 'self' www.dakotacargo.co.id https://ajax.googleapis.com https://ssl.google-analytics.com https://www.gstatic.com kit.fontawesome.com cdn.syncfusion.com cdnjs.cloudflare.com pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com 'unsafe-inline'; style-src 'self' dakotacargo.co.id www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com www.w3schools.com cdn.syncfusion.com cdn.jsdelivr.net pagead2.googlesyndication.com 'unsafe-inline'; object-src 'self' https://dakotacargo.co.id pagead2.googlesyndication.com 'unsafe-inline';img-src www.googletagmanager.com https://www.google.com 'self' www.w3.org pagead2.googlesyndication.com 'unsafe-inline';base-uri 'self' pagead2.googlesyndication.com;form-action 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com ka-f.fontawesome.com 'unsafe-inline'; frame-src 'self' maps.google.com www.google.com www.youtube.com pagead2.googlesyndication.com https://bid.g.doubleclick.net 'unsafe-inline'; connect-src 'self' dakotacargo.co.id 'unsafe-inline'; 1
script-src 'self' assets.adobedtm.com www.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ 'unsafe-inline' 1
form-action 'self' https://secure.dataservice.org https://login.microsoftonline.com/ https://launchpad.classlink.com/ 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' cdnjs.cloudflare.com code.jquery.com d3js.org https://*.licdn.com/ https://*.zoominfo.com/ https://*.google-analytics.com/ https://tracking.g2crowd.com/ https://unpkg.com/jspdf@latest/dist/jspdf.umd.min.js https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.usemessages.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://cdn.mxpnl.com/ https://www.amcharts.com/ https://www.googletagmanager.com/ *.dasboot.in *.sisense.com dataweave.sisense.com *.google.com *.googleapis.com *.mixpanel.com *.amcharts.com *.dataweave.com; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.dataweave.com/ https://dataweave.com/ https://*.google-analytics.com/ https://forms.hscollectedforms.net/ https://*.hubspot.com/ https://*.zoominfo.com/ https://cdn.linkedin.oribi.io/ https://*.mixpanel.com/; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://auth.dataweave.com/ https://dataweave.sisense.com/ https://app.hubspot.com/ https://*.vimeo.com/ https://*.spotify.com/ https://*.youtube.com/ https://*.zoom.com/ https://*.buzzsprout.com/; img-src * 'self' data: https:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https://*.bigdavi.com https://*.davicloud.com https://*.davidocs.com https://davidocs.com http://*.davisign.com https://*.validate.digital https://*.notificacion.digital http://127.0.0.1:1853 http://127.0.0.1:1854 https://sectigo.com https://secure.trust-provider.com https://www.googletagmanager.com https://www.google-analytics.com https://sandbox-web-plugins.s3.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://sandbox-api.7oc.cl https://sandbox-liveness.tocws.com https://sandbox-capture.toc.ai https://sandbox-webplugins.s3.amazonaws.com https://sibautomation.com https://in-automate.brevo.com https://api.pushowl.com https://cdn.pushowl.com https://www.google.com https://www.gstatic.com 'unsafe-eval' 'unsafe-inline' data:; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://www.clarity.ms https://connect.facebook.net https://www.facebook.com https://securegw.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.polyfill.io https://www.googletagmanager.com https://maps.googleapis.com https://apis.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google-analytics.com; object-src https://myreports.agilus.in https://api.ddrcsrl.com https://api.ddrcagilus.com https://cmsapi.ddrcsrl.com https://cmsapi.ddrcagilus.com https://www.mysrl.in https://srlcare.srl.in:86; img-src 'self' blob: data: https://bat.bing.com https://ddrcsrl.com https://ddrcagilus.com https://ddrcbackend.indusnettechnologies.com/ https://newcmsapi.srlworld.com https://cmsapi.srlworld.com https://srlcare.srl.in:92 https://api.ddrcsrl.com https://api.ddrcagilus.com https://cmsapi.ddrcsrl.com https://cmsapi.ddrcagilus.com https://srlworldstorage.blob.core.windows.net https://staticgw1.paytm.in https://staticgw2.paytm.in https://staticgw3.paytm.in https://staticgw4.paytm.in https://staticpg.paytm.in https://staticgw5.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com/ https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com googleads.g.doubleclick.net https://www.google.co.in https://srlclientsit.ochumanoid.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com; worker-src blob: https://ddrcsrl.com https://ddrcagilus.com; 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.decisioni.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.decisioni.de; style-src 'self' 'unsafe-inline' *.decisioni.de *.addthis.com *.googleapis.com *.facebook.com www.xing-share.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.decisioni.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.stripe.com *.googletagmanager.com platform.twitter.com platform.linkedin.com www.xing-share.com social.xingassets.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.yandex.net *.yandex.ru yastatic.net *.yastatic.net *.facebook.com *.facebook.net *.jquery.com *.googleapis.com *.jivosite.com *.google-analytics.com *.cloudflare.com pupunzi.com *.pupunzi.com *.zendesk.com *.youtube.com *.googleusercontent.com *.netty.az *.gstatic.com *.google.az *.jsdelivr.net *.bootstrapcdn.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.google.com *.addthis.com *.akamaihd.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com unpkg.com *.iadeal.com *.tawk.to *.sop.az *.fontawesome.com *.tiny.cloud *.tinymce.com *.googlead.com *.googleadservices.com turk-evisa.com paytr.com *.paytr.com *.infura.io *.ipfs.io *.infura-ipfs.io  *.gravatar.com *.w.org *.pinata.cloud *.ipfs.io ipfs.io *.iqonic.design *.jivo.ru *.webvisor.com yandex.ru *.seadn.io; 1
default-src 'self';img-src 'self' * data: ;script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js https://staging.ptranz.com https://gateway.ptranz.com ajax.googleapis.com http://connect.facebook.net/en_US/all.js http://secure.saintcorporation.com/CGI-BIN/WEBSAINT/ASV_SEAL.JS https://livechat.chat24.io/ ;style-src 'self' 'unsafe-inline' https://livechat.chat24.io/  ;font-src 'self' 'unsafe-inline' https://livechat.chat24.io/ ;connect-src 'self' https://* ;frame-src 'self' https://* https://staging.ptranz.com https://gateway.ptranz.com ;base-uri 'self'; form-action 'self' 'unsafe-inline' 'unsafe-eval' https://staging.ptranz.com https://gateway.ptranz.com https://ecm.firstatlanticcommerce.com/ https://marlin.firstatlanticcommerce.com/ https://pixelpay.app/; navigate-to 'self' 'unsafe-inline' 'unsafe-eval' https://staging.ptranz.com https://gateway.ptranz.com https://ecm.firstatlanticcommerce.com/ https://marlin.firstatlanticcommerce.com/ https://pixelpay.app/; sandbox allow-popups allow-forms allow-same-origin allow-scripts; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.fontawesome.com https://*.search.windows.net https://*.zdassets.com wss://*.zopim.com https://deprijshamer.zendesk.com https://stats.g.doubleclick.net; font-src 'self' data: https://*.fontawesome.com https://use.typekit.net https://*.zopim.com; object-src 'none'; form-action https:; img-src 'self' https://dashboard.umbraco.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://i.ytimg.com https://vumbnail.com data: https://*.zopim.com https://*.zopim.io https://www.google.nl https://imgsct.cookiebot.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; style-src https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: 'self'; base-uri 'self'; frame-src 'self' https://*.youtube.com https://consentcdn.cookiebot.com https://player.vimeo.com https://maps.google.nl https://www.google.com https://marketplace.umbraco.com https://td.doubleclick.net ; worker-src 'none'; manifest-src 'self'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouseflow.com *.googleapis.com 1
frame-ancestors https://www.deutscher-galopp.de/ https://galopponline.de/ https://3forone.com/ https://duesseldorf-galopp.de/ https://www.duesseldorf-galopp.de/ https://muelheim-galopp.de/ https://www.muelheim-galopp.de/ https://*.hoppegarten.com/ https://*.hamburg-galopp.de/ https://*.galopp-hamburg.de/ https://*.krefelder-rennclub.com/ https://*.krefelder-rennclub.de/ https://*.dortmunder-rennverein.de/ https://*.dortmunder-rennclub.com/; 1
default-src * data: blob:  about: ws: wss: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' https://*.inchcapedigital.com; 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline'; script-src 'nonce-zKXxSxBiY61li5yMrYSrmg=='  'sha256-kAVGvMFWDkuqkyA4xnLi3h5jk8dWz0XiySrLWG+6PjU='  'sha256-Z8tznIo/ThVjx0PDG4uVYOvNf/68gRrDPqd4YwU616s='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net https://s.yimg.jp/images/listing/tool/cv/ytag.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ 1
default-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net/; script-src 'self' https://sdk.privacy-center.org/ https://fonts.googleapis.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com paradospuntos.com *.paradospuntos.com *.dinersclubperu.pe *.cloudflare.com *.gstatic.com *.google.com *.googletagmanager.com *.jquery.com  *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.unpkg.com; frame-src 'self' https://www.google.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.cloudflare.com *.gstatic.com *.googleapis.com paradospuntos.com *.paradospuntos.com *.dinersclubperu.pe; 1
frame-ancestors 'google.com' 'self' 'www.google.com' ; 1
font-src fonts.gstatic.com use.typekit.net data: *.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cookielaw.org d3dc1lgancj6l0.cloudfront.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com webpaypaymentgatewaystage.svea.com webpaypaymentgateway.svea.com cardtest.svea.com card.svea.com checkout.trustly.com *.twitter.com facebook.com www.facebook.com *.cookielaw.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com checkoutapistage.svea.com checkoutapi.svea.com js.playground.klarna.com www.js.playground.klarna.com *.twitter.com facebook.com www.facebook.com js.klarna.com *.consensu.org *.sharethis.com www.youtube.com linkedin.com www.linkedin.com *.google.com *.vimeo.com widget.trustpilot.com ecommscript-integrationapp.trustpilot.com *.cookielaw.org vars.hotjar.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: validator.swagger.io *.gstatic.com *.googleapis.com eu.playground.klarnaevt.com www.eu.playground.klarnaevt.com *.cloudfront.net *.cloudflare.com eu.klarnaevt.com *.google.com *.google.se *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com api.unifaun.com *.googletagmanager.com *.cookielaw.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com connect.facebook.net dashboard.feedbucket.app *.klarnaevt.com *.ggpht.com maps.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkoutapistage.svea.com checkoutapi.svea.com connect.getflowbox.com www.connect.getflowbox.com *.klarna.com www.js.playground.klarna.com cdn.addwish.com www.cdn.addwish.com addwish.com www.addwish.com *.cloudfront.net js.klarna.com chimpstatic.com www.chimpstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.google.com *.sharethis.com platform.linkedin.com www.platform.linkedin.com www.linkedin.com www.ehandelscertifiering.se static.zdassets.com www.static.zdassets.com widget.trustpilot.com www.widget.trustpilot.com invitejs.trustpilot.com www.invitejs.trustpilot.com widget-mediator.zopim.com www.googleanalytics.com www.googleoptimize.com ecommplugins-trustboxpreview.trustpilot.com *.cookielaw.org *.clerk.io core.helloretail.com www.core.helloretail.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com static.hotjar.com script.hotjar.com cdn.feedbucket.app maps.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.bootstrapcdn.com *.cloudfront.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com addwish.com www.addwish.com optimize.google.com *.cookielaw.org assets.mlcdn.com cdn.feedbucket.app fonts.googleapis.com/ maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.zdassets.com *.cookielaw.org 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com eu.playground.klarnaevt.com www.eu.playground.klarnaevt.com addwish.com www.addwish.com core.helloretail.com www.core.helloretail.com eu.klarnaevt.com www.eu.klarnaevt.com *.doubleclick.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com cicptqmkej.execute-api.eu-west-1.amazonaws.com app.getsentry.com terrang.zendesk.com www.terrang.zendesk.com ekr.zdassets.com www.ekr.zdassets.com 9mn3sm7015.execute-api.eu-west-1.amazonaws.com wss://widget-mediator.zopim.com/ *.cookielaw.org europe-west1-bold-sorter-288913.cloudfunctions.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://*.userlike.com facebook.com www.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io dashboard.feedbucket.app cdn.feedbucket.app *.klarnaevt.com maps.googleapis.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cvonline.lt https://cvonline.lt; 1
default-src *.kundo.se; frame-ancestors 'self'; form-action 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src *.kundo.se 'self' 'unsafe-inline'; connect-src *; font-src 'self' data:; object-src 'self'; child-src *; 1
frame-ancestors https://www.pomagamyzwierzakom.pl https://www.dobrazbiorka.pl https://dobryklik.pl https://www.dobryklik.pl https://zwierzoklik.pl https://www.zwierzoklik.pl https://www.test9040.zwierzoklik.pl https://www.test9040.dobryklik.pl https://www.dobryklik.dobrazbiorka.pl https://kociklik.pl https://poomoc.pl https://www.poomoc.pl http://www.psiklik.pl http://psiklik.pl http://poomoc.pl http://www.poomoc.pl https://www.zwierzaki.dobryklik.pl https://zwierzaki.dobryklik.pl; img-src 'self' https://*.xx.fbcdn.net https://graph.facebook.com https://www.facebook.com https://platform-lookaside.fbsbx.com data: https://vignette.wikia.nocookie.net https://scontent.xx.fbcdn.net https://static.xx.fbcdn.net https://secure.tpay.com https://www.google-analytics.com https://*.googlesyndication.com https://www.gstatic.com https://fundingchoicesmessages.google.com; 1
frame-ancestors 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com/ https://*.nr-data.net https://*.newrelic.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://analytics-js.mysz.io https://cookie-cdn.cookiepro.com https://connect.facebook.net https://google-analytics.com https://googleads.g.doubleclick.net https://graph.facebook.com https://googletagmanager.com https://*.bkmexpress.com.tr https://js.facebook.com https://m.youtube.com https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://st-dockers.mncdn.com https://tagmanager.google.com https://www.youtube.com https://widget.mysz.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;      style-src 'self' 'unsafe-inline' *.google.com st-dockers.mncdn.com www.googletagmanager.com;      child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net connect.facebook.net www.youtube.com widget.mysz.io www.googletagmanager.com https://*.bkmexpress.com.tr;      base-uri 'self';      worker-src 'self' blob: www.google.com;      report-uri /WebResource.axd?cspReport=true; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.pt doctoraliaone-pt2-candidate.azurewebsites.net 1
default-src data: 'self' blob: ws: wss: *.doctoridev.com *.doctori.ma https://www.doctori.ma https://doctori.ma https://cdn.doctori.ma https://www.doctoridev.com https://doctoridev.com https://cdn.doctoridev.com *.google.com *.tokbox.com https://tokbox.com https://static.opentok.com https://config.opentok.com https://anvil.opentok.com https://api-standard.opentok.com wss://mantis016-dub.tokbox.com https://paiement.payzone.ma *.payzone.ma *.googletagmanager.com *.tokbox.com *.cdninstagram.com *.gravatar.com *.google-analytics.com *.bootstrapcdn.com *.jquery.com *.googleapis.com *.w3.org *.gstatic.com https://ipinfo.io/ *.pusher.com wss://ws-eu.pusher.com *.youtube.com *.cloudflare.com https://leadbooster-chat.pipedrive.com *.pipedrive.com https://stats.g.doubleclick.net https://www.google.co.ma https://www.youtube-nocookie.com https://widget.intercom.io *.intercom.io https://js.intercomcdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.googletagservices.com https://www.googletagservices.com *.intercomassets.com https://unpkg.com https://fonts.bunny.net https://cdn.plot.ly https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' blob: dorceltv.com;         img-src 'self' 'unsafe-inline' data: www.dorceltv.com ga.dorcel.com maps.gstatic.com maps.googleapis.com www.dorcelvision.com www.google-analytics.com;   style-src 'self' 'unsafe-inline' *.streaming.in2ip.nl ga.dorcel.com fonts.googleapis.com;   base-uri 'self';   form-action 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.dorcelclub.com google-analytics.com *.streaming.in2ip.nl ga.dorcel.com www.account-dorcel.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net track.dorcelcash.com;   font-src 'self' data: ga.dorcel.com fonts.gstatic.com;   connect-src 'self' maps.googleapis.com *.google-analytics.com *.streaming.in2ip.nl stats.g.doubleclick.net;   frame-src 'self' www.dorcelclub.com www.account-dorcel.com;   media-src blob: *.streaming.in2ip.nl; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://interpreter.getbw.me/ https://*.google-analytics.com/ https://ajax.googleapis.com/ https://static.opentok.com/;connect-src blob: 'self' https://*.google-analytics.com/ https://api.tdl.com.ua/ ;img-src 'self' https://*.google-analytics.com/ https://*.ytimg.com/ data: 'self' https://api.tdl.com.ua/ ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://api.tdl.com.ua/ https://cdnjs.cloudflare.com/ ;frame-src 'self' https://www.google.com/ https://www.youtube.com/;font-src 'self' data: https://fonts.gstatic.com/;media-src 'self' https://api.tdl.com.ua/  1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.dreasyfly.com; img-src 'self' data:; 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; connect-src 'self' https: wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com; font-src 'self' https: https://*.smartsuppcdn.com; media-src 'self' https: https://*.smartsuppcdn.com; img-src 'self' https: data: https://*.smartsuppcdn.com; script-src 'unsafe-inline' 'self' https: https://*.smartsuppcdn.com https://*.smartsuppchat.com; style-src 'unsafe-inline' 'self' https: https://*.smartsuppcdn.com; 1
frame-ancestors 'self' https://www.warranty-extra.com https://www.travnicki.info https://www.bugojno-danas.info https://www.kiseljak.info https://radio-busovaca.eu/; 1
script-src http: https: 'unsafe-inline' www.dtalemodern.com; style-src 'self' blob: https: 'unsafe-inline' www.dtalemodern.com; img-src blob: data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com embed.tawk.to *.zohocdn.com; frame-src 'self' assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.facebook.com *.cashfree.com coretest.feelxr.co *.zohocdn.com actuality.live blob: data: gap: intent:; frame-ancestors 'unsafe-inline'; 1
script-src 'self' *.parom.hu *.ducitars.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org *.clarity.ms connect.facebook.net 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: ps.w.org s.w.org secure.gravatar.com; connect-src *; font-src 'self' data: fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' www.youtube-nocookie.com; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/widgets.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/plugins/; img-src 'self' https://emarketing.dxn2u.com/ https://eworld.dxn2u.com/; img-src 'self' data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; style-src 'self' 'unsafe-inline' https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://stats.wp.com/w.js https://boldair.works https://www.youtube.com https://player.vimeo.com/api/ https://libraires-hachette.com https://sdk.privacy-center.org https://prnt.sc/126aahe https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://assets.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.didierfle.fr https://ws-pne.kiosque-edu.com https://api.privacy-center.org https://tpeweb.paybox.com https://ssl.google-analytics.com https://tag.aticdn.net; img-src data: 'self' https://pixel.wp.com https://logs1412.xiti.com/hit.xiti https://region1.google-analytics.com/g/collect https://s.w.org https://scontent-sea1-1.cdninstagram.com *.cdninstagram.com https://log.pinterest.com https://www.google-analytics.com https://www.images.hachette-livre.fr https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://secure.gravatar.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; frame-ancestors 'self' https://player.tactileo.fr https://internal.dev.player.tactileo.fr/ https://external.dev.player.tactileo.fr/ https://edu.tactileo.fr https://tactileo.africa;frame-src 'self' https://libraires-hachette.com https://www.google.com https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://3dsecure.com https://aacsw.3ds.verifiedbyvisa.com;media-src 'self' https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; form-action 'self' https://wwww.didierfle.fr https://tpeweb.paybox.com https://www.didierfle.fr/creation.php https://www.didierfle.fr/creation_en.php https://www.didierfle.fr/modification.php https://www.didierfle.fr/modification_en.php; connect-src 'self' https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://stats.g.doubleclick.net https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://region1.google-analytics.com/g/collect https://region1.google-analytics.com/g/collect https://www.google-analytics.com https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://educadhoc.hachette-livre.fr https://logc412.xiti.com; child-src 'self' https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://wwww.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; object-src 'self'; 1
frame-ancestors https://usabilitytools.com https://www.e-st.lv https://static.e-st.lv https://mans.e-st.lv https://card.e-st.lv https://e-st.lv 1
default-src 'self' 'unsafe-inline'; script-src 'self'  ajax.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:;child-src 'self' 'unsafe-inline' 'unsafe-eval' data:;  frame-ancestors 'self';img-src 'self' data:;object-src 'self' data:; connect-src 'self' http: https: 1
default-src 'self'; child-src data: blob:; connect-src 'self' bam.nr-data.net *.cdnbasket.net payline.com *.payline.com ids.cdnwidget.com *.onconnect-coach.3slab.fr smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com *.qualtrics.com; font-src 'self' data: fonts.gstatic.com payline.com *.payline.com maxcdn.bootstrapcdn.com smartsolution-onconnectcoach.azureedge.net *.suez.com *.qualtrics.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-src data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com; img-src 'self' data: blob: *.cloudfront.net cloudfront.net *.cdnwidget.com *.payline.com payline.com maps.googleapis.com maps.gstatic.com blob: api.cabestan.com smartsolution-onconnectcoach.azureedge.net *.youtube-nocookie.com *.youtube.com cdn1.iconfinder.com www.googletagmanager.com *.suez.com *.qualtrics.com *.cookiebot.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.cabestan.com bam.nr-data.net *.newrelic.com code.jquery.com *.cloudfront.net *.capadresse.com *.capadresse.com:2814 *.cloudfront.net *.payline.com payline.com *.js-agent.newrelic.com maps.googleapis.com *.cdnwidget.com *.aticdn.net *.xiti.com *.bootstrapcdn.com suez-eau-france.dimelochat.com ws.livingactor.com *.google.com *.google.com/maps www.gstatic.com smartsolution-smartcoach.azureedge.net apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 capadresse.apisimulator.toutsurmoneau.test www.googletagmanager.com *.atinternet-solutions.com *.atinternet.io *.ati-host.net *.atinternet.com *.piano.io *.cookiebot.com *.suez.com *.onconnect-coach.3slab.fr *.qualtrics.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com payline.com *.payline.com smartsolution-smartcoach.azureedge.net *.bootstrapcdn.com www.gstatic.com *.googleapis.com *.suez.com *.qualtrics.com; worker-src blob: 1
frame-ancestors https://farmaciamallol.com; 1
frame-ancestors 'self' toledofastfood.ro www.toledofastfood.ro; 1
font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' ajax.cloudflare.com cdn.jsdelivr.net www.google.com www.gstatic.com stackpath.bootstrapcdn.com static.sumsub.com use.fontawesome.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com static.sumsub.com cdn.jsdelivr.net; img-src 'self'; font-src 'self' data: fonts.gstatic.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-src api.sumsub.com www.google.com; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.efpa.cz wss://efpa.cz www.googletagmanager.com app.mluvii.com *.google-analytics.com connect.facebook.net stats.g.doubleclick.net www.facebook.com www.google.com www.google.cz gogo.xcc.cz gogo-devel.xcc.cz www.thepay.cz player.vimeo.com *.vimeocdn.com wss://app.mluvii.com cdnjs.cloudflare.com *.youtube.com *.analytics.google.com 1
frame-ancestors 'self' http://10.249.115.98/ https://10.249.115.98/  http://10.249.115.101:8080/ReportServer/; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: blob: 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; style-src 'self' data: blob: 'unsafe-inline'; 1
default-src https: ; script-src blob: https: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com optimize.google.com; style-src https: 'unsafe-inline' optimize.google.com shop.eismann.de; img-src https: www.google-analytics.com optimize.google.com data: ; font-src https: fonts.gstatic.com; frame-src https: optimize.google.com 1
object-src none; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl *.pixad.com.tr pcode.air.tech yastatic.net 1
font-src *.gstatic.com *.tidiochat.com *.fontawesome.com *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline' data: *.jsdelivr.net *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.billdesk.com *.payu.in 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.indiaewasterecycler.com *.billdesk.com *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com  *.facebook.com *.google.co.in *.google.com *.clarity.ms *.bing.com *.pjr.com *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.tidio.co *.tidiochat.com *.gstatic.com *.facebook.net *.jsdelivr.net *.clarity.ms s7.addthis.com *.mgt.com *.billdesk.com *.meetanshi.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.tidio.co *.socket.io *.google-analytics.com *.googleadservices.com *.googletagmanager.com  *.cardinalcommerce.com *.paypal.com *.meetanshi.com *.googleapis.com wss: 43.250.208.79:7047 *.geojs.io *.whatsapp.com *.google.com *.doubleclick.net *.clarity.ms ekr.zdassets.com/ https://get.geojs.io *.mgt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.addthis.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.elitamoda.com *.plerdy.com; connect-src 'self' *.elitamoda.com *.facebook.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.google.com *.addthis.com *.google.com.ua *.sendpulse.com *.plerdy.com *.googleapis.com *.appspot.com; 1
upgrade-insecure-requests;frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teimg.com *.google.com *.jquery.com *.bik.gov.tr *.bildirt.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googlesyndication.com pagead2.googlesyndication.com  *.googleadservices.com *.optad360.io *.doubleclick.net *.adhouse.pro *.jwpcdn.com *.onesignal.com *.vidyome.com *.tebilisim.com *.tevideo.org *.googleapis.com *.yandex.ru *.yandex.com *.criteo.net *.2mdn.net *.cloudflare.com *.cloudflareinsights.com *.onnetwork.tv *.twitter.com *.instagram.com *.facebook.com *.meta.com *.x.com *.youtube.com *.youtu.be *.linkedin.com *.pinterest.com *.dailymotion.com *.vimeo.com *.admatic.com.tr *.reklamstore.com *.linkwi.se *.makroo.com *.wordego.com *.tradingview.com *.weatherwidget.io *.openweathermap.com *.mgid.com *.themediagrid.com *.amazon.com *.openx.com *.appnexus.com *.districtm.io *.rubiconproject.com *.rhythmone.com *.yahoo.com *.indexexchange.com *.smaato.com *.smartadserver.com *.sovrn.com *.lijit.com *.pubmatic.com *.sharethrough.com *.admanmedia.com *.emxdgt.com *.contextweb.com *.gumgum.com *.yieldmo.com *.ad-generation.jp *.adform.com *.adwmg.com *.idealmedia.io *.admatic.com.tr *.improvedigital.com *.connectad.io *.ibillboard.com *.stroeer.com *.adtarget.com.tr *.33across.com *.admixer.com *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bizzclick.com *.cmcm.com *.coxmt.com *.cubepile.com *.e-planning.net *.engagebdr.com *.exponential.com *.freewheel.tv *.ijit.com *.inmobi.com *.lkqd.com *.lkqd.net *.maple-team.com *.mars.media *.mediabong.com *.newborntown.com *.omnijay.com *.outbrain.com *.peak226.com *.resultsmedia.com *.gamoshi.io *.sabio.us *.smartyads.com *.smrtb.com *.sonobi.com *.spotx.tv *.spotxchange.com *.colossusssp.com *.synacor.com *.thebrave.io *.tribalfusion.com *.ucfunnel.com video.unrulymedia.com *.us.com *.webeyemob.com *.idealmedia.io *.ampproject.org googlesyndication.com onesignal.com *.taboola.com *.finyad.org *.turktelekom.com.tr *.gemius.pl 1
default-src * 'unsafe-inline' blob:; img-src * 'self' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jwplatform.com *.google-analytics.com *.jwpcdn.com *.googletagmanager.com *.gstatic.com *.google.com blob:*; 1
font-src https://fonts.gstatic.com/ fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://accounts.google.com/ https://www.google.com/ https://www.mercadopago.com.br/ https://img.youtube.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.youtube.com/ https://www.youtube.com/iframe_api https://accounts.google.com/ https://www.google.com/ https://www.mercadopago.com.br/ https://mcprod.emcompre.com.br/ https://*.newrelic.com/ *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline https://fonts.googleapis.com/ tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://viacep.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net *.tiktok.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com *.tiktok.com *.cardlink.gr *.eurocommerce.gr *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com analytics.skroutz.gr skroutza.skroutz.gr consentcdn.cookiebot.com www.youtube.com *.tiktok.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com app.findbar.io *.designer-images.net www.basehit.gr www.google.gr www.google.com 360.bestprice.gr *.cloudflare.com trustmark.gr basehit-live.netsteps.net basehit.gr *.cloudfront.net www.emerson.gr cdn.snapppt.com *.cdninstagram.com moosendimages.imgix.net *.tiktok.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com graph.facebook.com business.facebook.com app.findbar.io *.avada.io *.stat-track.com polyfill.io *.moosend.com 'self' data: analytics.skroutz.gr google-analytics.com googleadservices.com googleads.g.doubleclick.net bestprice.gr static.adman.gr *.cloudflare.com greca.adman.gr trustmark.gr *.greekecommerce.gr greekecommerce.gr 360.bestprice.gr skroutza.skroutz.gr go.linkwi.se script.crazyegg.com consent.cookiebot.com consentcdn.cookiebot.com www.youtube.com snapppt.com cdn.snapppt.com api.snapppt.com app.addsauce.com api.addsauce.com cdn.addsauce.com *.tiktok.com cdn.simpler.so button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so sdk.local.simpler.so button.local.simpler.so *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.findbar.io *.fontawesome.com *.moosend.com *.bootstrapcdn.com 'self' data: *.cloudfront.net *.tiktok.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.findbar.io *.cdninstagram.com *.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com app.findbar.io https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com stats.g.doubleclick.net static.adman.gr 360.bestprice.gr *.cloudflare.com script.crazyegg.com *.paypal.com consentcdn.cookiebot.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.emerson.gr snapppt.com app.addsauce.com *.tiktok.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.google.com analytics.skroutz.gr www.facebook.com 360.bestprice.gr app.findbar.io cdnjs.cloudflare.com *.tiktok.com 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://*.googletagmanager.com pay.google.com www.recaptcha.net www.gstatic.com/recaptcha/; connect-src 'self' analytics.google.com region1.analytics.google.com www.google-analytics.com www.googletagmanager.com pay.google.com google.com/pay; style-src 'self' 'unsafe-inline' 'report-sample' fonts.googleapis.com; report-uri /home/errors/csp; base-uri 'self'; frame-ancestors 'none'; frame-src *.xpay.com.ua pay.google.com acs4.privatbank.ua www.youtube.com www.recaptcha.net; child-src 'self'; form-action 'self' www.privat24.ua www.liqpay.ua www.liqpay.ua/api/3/checkout *.privatbank.ua acs-idcheck.acdcproc.com acs.upc.ua 3ds2.ukrsibbank.com easypay.ua www.portmone.com.ua 3ds-test.oschadbank.ua 3ds.oschadbank.ua 3dsecure.ukrsibbank.com energo.volyn.ua www.energo.volyn.ua; upgrade-insecure-requests; worker-src 'none' 1
base-uri 'self'; default-src 'none'; img-src 'self' data: 'unsafe-inline' www.heureka.cz satyr.io c.seznam.cz maps.gstatic.com developers.google.com maps.googleapis.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.cz www.lhinsights.com www.glami.cz c.imedia.cz im9.cz img.onesignal.com d247w4t8j237mt.cloudfront.net cdn.enjoythemovement.cz; manifest-src www.enjoythemovement.cz www.enjoythemovement.local www.enjoythemovement.localhost enjoythemovement.localhost; script-src 'self' 'unsafe-eval' 'unsafe-inline' im9.cz cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com maps.googleapis.com developers.google.com www.google.com www.gstatic.com cdn.onesignal.com connect.facebook.net www.facebook.com onesignal.com www.google-analytics.com *.smartform.cz rec.smartlook.com c.imedia.cz www.lhinsights.com www.glami.cz ssl.heureka.cz widget.packeta.com https://*.smartlook.com https://*.smartlook.cloud; frame-ancestors https://www.google.com https://www.youtube.com https://www.facebook.com https://onesignal.com; frame-src https://c.imedia.cz/ https://www.google.com https://www.youtube.com https://www.facebook.com https://onesignal.com https://staticxx.facebook.com https://*.packeta.com https://*.*.packeta.com https://ssl.heureka.cz https://www.heureka.cz https://web.facebook.com/; form-action 'self' www.facebook.com https://gate.gopay.cz; connect-src https://onesignal.com https://test.enjoythemovement.cz https://www.enjoythemovement.cz https://www.enjoythemovement.local https://enjoythemovement.local https://www.enjoythemovement.localhost https://enjoythemovement.localhost https://manager.smartlook.com https://www.lhinsights.com https://*.smartlook.com https://*.smartlook.cloud https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net onesignal.com *.smartform.cz www.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; worker-src 'self' blob:; 1
default-src 'none'; script-src 'unsafe-hashes' 'self' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; connect-src 'self'; img-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'unsafe-inline'  'self' fonts.googleapis.com; frame-ancestors 'none'; form-action 'self' https://*.epaslaugos.lt; 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data: https://*.hotjar.com https://*.hotjar.io fonts.gstatic.com;frame-ancestors 'none';frame-src 'self' https: https://*.hotjar.com https://*.hotjar.io;img-src 'self' https: data: https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io;object-src 'none';connect-src 'self' onesignal.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.mixpanel.com https://cdn.mxpnl.com;script-src 'self' https: https://www.google-analytics.com https://ssl.google-analytics.com https://*.hotjar.com https://*.hotjar.io 'unsafe-inline';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com;upgrade-insecure-requests;media-src 'self' https: 1
script-src 'self' https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.facebook.com https://connect.facebook.net/ https://twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ http://free.timeanddate.com/ https://www.youtube.com/ http://translate.google.com/ https://translate.googleapis.com/ https://code.jquery.com/ http://code.jquery.com/ http://widget.supercounters.com/ http://www.supercounters.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ http://crypto-js.googlecode.com/ https://translate-pa.googleapis.com/ 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www.salesmanago.pl https://www.salesmanago.com 1
frame-ancestors http://idsplinfo.in/ http://www.idsplinfo.in/ http://idslinfo.in/ http://www.idslinfo.in/ 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.googleapis.com *.gstatic.com maps.google.com www.google.com; 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.esophia.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.esophia.de; style-src 'self' 'unsafe-inline' *.esophia.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.esophia.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.bing.com *.googletagmanager.com 1
frame-ancestors https://estado.sc.gov.br 1
frame-src 'self' https://digitalexpo.e-estonia.com; frame-ancestors 'self' https://digitalexpo.e-estonia.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=496s6n9iqu5v4&partner=; 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.cookie-script.com *.livechatinc.com *.googletagmanager.com *.hotjar.com *.google-analytics.com *.google.com connect.facebook.net *.hotjar.io system3secure.pl *.googleadservices.com *.doubleclick.net *.adform.net; connect-src 'self' wss: *.eultimo.pl *.hotjar.com *.hotjar.io *.doubleclick.net *.cookie-script.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.googleapis.com *.googleadservices.com *.facebook.net *.revhunter.tech *.inistrack.net *.google.pl *.googlesyndication.com *.facebook.com *.adform.net system3secure.pl *.onaudience.com *.bm.pl https://google.com/pay blik.com *.autopay.eu; img-src 'self' blob: data: app.revhunter.tech system360.inistrack.net *.facebook.com ade.googlesyndication.com pixel.onaudience.com platnosci.bm.pl blik.com *.doubleclick.net *.google.com *.google.pl *.gstatic.com *.google-analytics.com *.analytics.google.com *.adform.net *.autopay.eu; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.revhunter.tech system360.inistrack.net fonts.gstatic.com; base-uri 'self'; form-action 'self' *.mojeid.pl; font-src 'self' *.eultimo.pl fonts.gstatic.com *.livechatinc.com; frame-src 'self' vars.hotjar.com *.doubleclick.net *.livechatinc.com *.google.com system3secure.pl *.adform.net; manifest-src 'self'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com https://form.wspay.biz/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com platform.twitter.com https://www.facebook.com *.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com *.cloudfront.net https://assets-jpcust.jwpsrv.com https://cdn.jwplayer.com *.olark.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://get.geojs.io *.avada.io https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net *.olark.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src www.fachkraefte-erzgebirge.de https://www.pitcom.de  https://www.if-6.de https://counter.pitmodule.de/ http://ajax.googleapis.com/ http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://maps.googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ www.fachkraefte-dresden.local www.fachkraefte-leipzig.local www.fachkraft.berlin.local fachkraefte.portal.local dev.fachkraefte-leipzig.de dev.fachkraft.berlin dev.fachkraefte-dresden.de dev.fachkraefte-portal.com dev.unternehmensatlas.de www.unternehmensatlas.de www.unternehmensatlas.local laminas.fachkraefte-dresden.local laminas.fachkraefte-leipzig.local fachkraefte.portal.local laminas.ausbildungsboerse24.local laminas.vogtlandjob.local www.vogtlandjob.local www.fachkraefte-erzgebirge.local laminas.fachkraefte-erzgebirge.local fachkraft.berlin.local laminas.jobportal-region-zwickau.local laminas.unternehmensatlas.local laminas.jobportal-wachstumsregion-dresden.local laminas.jobmanager-cronjob.local dev.fachkraefte-dresden.de dev.jobportal-wachstumsregion-dresden.de dev.fachkraefte-leipzig.de dev.ausbildungsboerse24.de dev.vogtlandjob.de dev.fachkraefte-erzgebirge.de dev.jobportal-region-zwickau.de dev.fachkraft.berlin test.fachkraefte-portal.com test.fachkraefte-dresden.de test.jobportal-wachstumsregion-dresden.de test.fachkraefte-leipzig.de test.ausbildungsboerse24.de test.vogtlandjob.de test.fachkraefte-erzgebirge.de test.jobportal-region-zwickau.de test.fachkraft.berlin test.unternehmensatlas.de www.odbornipracovnici-krusnohori.cz www.specialists-erzgebirge.com dev-upgrade.vogtlandjob.de www.fachkraefte-portal.com www.fachkraefte-dresden.de www.jobportal-wachstumsregion-dresden.de www.fachkraefte-leipzig.de www.ausbildungsboerse24.de www.vogtlandjob.de www.fachkraefte-erzgebirge.de *.fachkraefte-erzgebirge.de www.jobportal-region-zwickau.de www.fachkraft.berlin www.fachkraefte-portal.com www.touvia.de *.google-analytics.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.google.com connect.facebook.net www.facebook.com www.youtube-nocookie.com player.vimeo.com www.pitcom-webanalyse.de stats.g.doubleclick.net wfe-2023.piwik.pro www.landkreis-bautzen.de cookiehub.net ds.cookiehub.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com www.userlike.com umd.userlike.com userlike-cdn-operators.userlike.com wss://umd.userlike.com www.youtube.com lytcs.fachkraefte-erzgebirge.de *.google-analytics.de *.analytics.google.com *.wfe-erzgebirge.de *.b-cdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' www.fachkraefte-erzgebirge.de https://www.pitcom.de https://www.if-6.de https://counter.pitmodule.de/ https://maps.googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ http://ajax.googleapis.com/ www.unternehmensatlas.de www.erzgebirge-gedachtgemacht.de www.wfe-erzgebirge.de www.facebook.com *.pitmodule.de www.google.com maps.google.com www.google.de www.google-analytics.com stats.g.doubleclick.net www.pitcom-webanalyse.de www.googletagmanager.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com stats.g.doubleclick.net lytcs.fachkraefte-erzgebirge.de userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com data: blob:; frame-src 'self' www.fachkraefte-erzgebirge.de https://www.pitcom.de www.google.com www.youtube.com www.touvia.de connect.facebook.net www.facebook.com player.vimeo.com www.youtube-nocookie.com lytcs.fachkraefte-erzgebirge.de; 1
default-src 'self' http: wss: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; connect-src * wss:; img-src * data:; 1
default-src 'self' *.googlesyndication.com; connect-src *.fallimenti.it *.itauction.it *.amazoncognito.com *.amazonaws.com *.freshmarketer.com *.algolianet.com *.algolia.net *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.facebook.com *.cookiebot.com *.ubembed.com *.typesense.net; script-src 'unsafe-inline' 'unsafe-eval' *.fallimenti.it *.recaptcha.net *.freshmarketer.com snap.licdn.com *.jsdelivr.net *.google.it *.google-analytics.com *.google.com *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.facebook.net *.facebook.com *.cookiebot.com *.smartlook.com *.ampproject.org *.ubembed.com; style-src 'unsafe-inline' *.fallimenti.it *.googleapis.com *.google.com *.googletagmanager.com; img-src data: *.fallimenti.it *.quimmo.it *.realestatediscount.it *.itauction.it *.giustizia.it fallimenti-static-assets.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com *.doubleclick.net *.unsplash.com *.linkedin.com *.google.com *.google.it *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.facebook.com *.gstatic.com *.ctfassets.net; frame-src *.recaptcha.net *.google.com *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.cookiebot.com *.ubembed.com 1
frame-ancestors 'self' https://orangeblue-dev.com https://khipu.com; 1
script-src https://res.mobbex.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://widgets-static.embluemail.com https://widgets-api.embluemail.com https://pixeltracking.embluemail.com track.embluemail.com 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-bmV0c3BhcmtlciBydWxlcyA7KQ==' 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css http://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://*.googletagmanager.com; default-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/ http://stackpath.bootstrapcdn.com/bootstrap/3.4.1/fonts/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js http://code.jquery.com/jquery-3.3.1.min.js http://stackpath.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://www.google.com/jsapi https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com; img-src 'self' https://*.googletagmanager.com 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.it 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.it; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.it; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.it images.fashiola.it cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
upgrade-insecure-requests; base-uri 'self' md-scp.kampyle.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdn.polyfill.io coverage.ddc.teliasonera.net cdn.decibelinsight.net collection.decibelinsight.net resources.digital-cloud.medallia.eu *.qelpcare.com wds.ace.teliacompany.com static.customersaas.com fello.humany.net *.zopim.com *.zendesk.com md-scp.kampyle.com *.trustpilot.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleadservices.com *.doubleclick.net *.facebook.net valuesportal.com cdn.adt357.net gtm.adt313.net cnv.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se; style-src 'self' 'unsafe-inline' wds.ace.teliacompany.com fello.humany.net static.customersaas.com md-scp.kampyle.com resources.digital-cloud.medallia.eu tagmanager.google.com *.gstatic.com chat.ace.teliacompany.net; object-src 'self' data: ; font-src 'self' data: static.customersaas.com ace-knowledge-cdn.teliacompany.net fonts.gstatic.com fello.humany.net resources.digital-cloud.medallia.eu; connect-src 'self' 'unsafe-inline' ws: wss: websocket.domain collect.fello.se checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com fello.humany.net *.zopim.com *.zendesk.com *.qelpcare.com static.customersaas.com collection.decibelinsight.net se.trustpilot.com widget.trustpilot.com resources.digital-cloud.medallia.eu chat.ace.teliacompany.net chat2.ace.teliacompany.net api.ace.teliacompany.net udc-neb.kampyle.com md-scp.kampyle.com stats.g.doubleclick.net *.google-analytics.com pagead2.googlesyndication.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu www.facebook.com connect.facebook.net api.adtraction.net cnv.adt644.net log.adtraction.fail *.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se; img-src 'self' data: blob: 'unsafe-inline' *.fello.se esim.teliacompany.com fello.humany.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdf6519016.cdn.adyen.com i.ytimg.com s.ytimg.com udc-neb.kampyle.com md-scp.kampyle.com d35v9wsdymy32b.cloudfront.net resources.digital-cloud.medallia.eu *.googletagmanager.com www.google.com www.google.se translate.google.com www.gstatic.com maps.gstatic.com *.google-analytics.com *.doubleclick.net www.facebook.com log.adtraction.fail cdn.valuesportal.com horizon-cms.s3.eu-central-1.amazonaws.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com coverage.ddc.teliasonera.net wds.ace.teliacompany.com resources.digital-cloud.medallia.eu se.trustpilot.com widget.trustpilot.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.facebook.com *.doubleclick.net; media-src 'self' wds.ace.teliacompany.com data: ; child-src blob: ; report-uri /csp-report/v1/report?teamId=97fa7202-c461a51c-805d1e24 1
object-src 'none'; script-src 'nonce-w0247Td0ua7Ol/JE9CRCotM7iLwTTnr9uVgFgpbQYOI=' 'unsafe-inline' 'strict-dynamic' https: http:; base-uri 'none'; report-to csp; report-uri https://femminicidioitalia.info/share/csp 1
script-src: https://www.google-analytics.com 1
default-src data: * 'unsafe-inline' 'unsafe-eval' 1
prefetch-src 'self' https://finoptim.eu 1
script-src www.googletagmanager.com *.googlesyndication.com https://googletagmanager.com https://tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' static.lipscore.com cdn.jsdelivr.net js.monitor.azure.com *.spark-vision.com *.klarnacdn.net js.klarna.com *.klarnaservices.com cdn.cookielaw.org connect.facebook.net static.zdassets.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io s.pinimg.com bat.bing.com static.hotjar.com script.hotjar.com sc-static.net tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com *.cloudfront.net sleeknotecustomerscripts.sleeknote.com; style-src www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline' static.lipscore.com unpkg.com *.klarnacdn.net cdn.cookielaw.org; img-src www.googletagmanager.com www.google.com www.google.no https://europe-west1-flisekompaniet-no.cloudfunctions.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.gstatic.com *.googleusercontent.com https://13420313.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com 'self' data: static.lipscore.com media.test.bluestonepim.com media.bluestonepim.com cdn.cookielaw.org www.facebook.com v2assets.zopim.io static.zdassets.com ct.pinterest.com bat.bing.com; connect-src *.googlesyndication.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.google.com *.gstatic.com 'self' wapi.lipscore.com dc.services.visualstudio.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com cdn.cookielaw.org *.onetrust.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com ct.pinterest.com bat.bing.com in.hotjar.com *.hotjar.com wss://*.hotjar.com *.hotjar.io tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; font-src https://fonts.gstatic.com data: fonts.gstatic.com 'self' data: static.lipscore.com *.klarnacdn.net cdn.cookielaw.org unpkg.com; frame-src *.google.com youtube.com *.youtube.com youtu.be *.youtu.be https://13420313.fls.doubleclick.net https://td.doubleclick.net https://bid.g.doubleclick.net vimeo.com *.vimeo.com ds.spark-vision.com *.leadsrespons.no *.klarna.com pci-norge.no *.pci-norge.no katalog.flisekompaniet.no www.facebook.com ct.pinterest.com vars.hotjar.com tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; default-src 'self'; frame-ancestors 'self'; media-src static.zdassets.com; 1
frame-ancestors 'self' *.floridaoberta.com ; 1
default-src 'self' https://maps.googleapis.com https: wss: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.maps.api.here.com https://maps.googleapis.com https: wss: data:; style-src 'self' http: https: wss: data: 'unsafe-inline'; img-src 'self' https://*.maps.api.here.com https://maps.googleapis.com http: https: wss: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: cdnjs.cloudflare.com; worker-src 'self' blob:; 1
default-src  *.flowertime.ro *.jquery.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.ro *.googleadservices.com *.googletagmanager.com *.google.com *.moz.com *.facebook.com *.facebook.net blob: data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.facebook.net *.facebook.com *.googleapis.com *.crisp.chat; font-src 'self' *.crisp.chat *.gstatic.com https://use.fontawesome.com/ https://*.typekit.net/ data:;object-src 'none' 1
default-src 'self' skyfire.vimeocdn.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.gstatic.com f.vimeocdn.com cdn.jsdelivr.net;img-src 'self' i.vimeocdn.com videoapi-sprites.vimeocdn.com data:;style-src 'self' 'unsafe-inline' f.vimeocdn.com *.googleapis.com i.vimeocdn.com;font-src 'self' data: fonts.gstatic.com;media-src 'self' blob: cdn.plyr.io;frame-src 'self' player.vimeo.com www.youtube-nocookie.com i.vimeocdn.com player.formacion-incibe.es; 1
frame-ancestors 'self' https://formulapesca.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com *.onesignal.com *.getsitecontrol.com *.getsitectrl.com *.stripe.com *.scalapay.com *.accelasearch.io *.trackedlink.net *.doubleclick.net *.pagespeed-mod.com *.googleapis.com *.tiktok.com tunisiamode.com chimpstatic.com *.trustpilot.com *.googletagmanager.com *.iubenda.com *.zdassets.com *.youtube.com *.facebook.com *.facebook.net *.adobedtm.com *.adobe.com *.authorize.net *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.braintreegateway.com *.paypal.com *.google.com *.cdncloud.services *.gstatic.com; img-src 'self' 'unsafe-inline' data: *.accelasearch.io *.franzysonline.it *.doubleclick.net *.google-analytics.com *.facebook.com *.google.com *.google.it *.cloudfront.net *.paypalobjects.com; connect-src 'self' onesignal.com *.onesignal.com *.getsitecontrol.com *.getsitectrl.com *.googlesyndication.com *.google.com *.accelasearch.io *.facebook.com *.tiktok.com *.google-analytics.com *.zendesk.com *.zdassets.com *.iubenda.com *.googleapis.com *.doubleclick.net *.paypal.com; style-src 'self' 'unsafe-inline' onesignal.com *.onesignal.com *.accelasearch.io *.googleapis.com *.iubenda.com; frame-src 'self'  *.stripe.com *.scalapay.com  *.trustpilot.com *.facebook.com *.paypal.com *.doubleclick.net *.google.com *.gstatic.com; form-action 'self' 'unsafe-inline' *.facebook.com 1
frame-ancestors 'self' www.freedompet.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.credit-agricole.pl  https://*.trafficscanner.pl  https://*.trafficwatchdog.pl  wss://trafficscanner.pl  blob: https://trafficscanner.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net http://www.googleadservices.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.credit-agricole.pl  https://*.trafficscanner.pl  https://*.trafficwatchdog.pl  wss://trafficscanner.pl  blob: https://trafficscanner.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net http://www.googleadservices.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.tw.mawebcenters.com 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; frame-ancestors *.kleecks-cdn.com *.kleecks-stats.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.google.it *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.it *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.iubenda.com *.newrelic.com *.googlesyndication.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://unpkg.com/ http://unpkg.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; object-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; media-src *.adobe.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; manifest-src *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net https://google.com/ https://*.iubenda.com/ https://*.doubleclick.net/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.cloudflare.com/ https://*.paypal.com/ https://*.googleapis.com/ https://*.addthis.com/ https://*.cardinalcommerce.com/ *.graph.instagram.com https://*.google-analytics.com/ https://assets.adobedtm.com/ https://dpm.demdex.net/ https://amcglobal.sc.omtrdc.net/ https://geostag.cardinalcommerce.com/ https://geo.cardinalcommerce.com/ https://1eafstag.cardinalcommerce.com/ https://1eaf.cardinalcommerce.com/ https://centinelapistag.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://analytics.google.com/ https://www.googletagmanager.com/ https://*.snplow.net/ https://commerce.adobedc.net/ https://vimeo.com/ https://api.magento.com/ https://*.adobe.io/ https://performance.typekit.net/ https://www.sandbox.paypal.com/ https://www.paypalobjects.com/ https://www.paypal.com/ https://pilot-payflowlink.paypal.com/ https://commerce.adobe.io/ https://commerce.adobe.net/ https://qa-api.magedevteam.com/ https://*.sentry.io/ https://*.amazon.com/ https://*.amazon.co.uk/ https://*.amazon.co.jp/ https://*.amazon.jp/ https://*.amazon.it/ https://*.amazon.fr/ https://*.amazon.es/ https://*.amazon.de/ https://*.amazonpay.com/ https://*.amazonpay.co.uk/ https://*.amazonpay.co.jp/ https://*.amazonpay.jp/ https://*.amazonpay.it/ https://*.amazonpay.fr/ https://*.amazonpay.es/ https://*.amazonpay.de/ https://mws.amazonservices.com/ https://mws.amazonservices.co.uk/ https://mws.amazonservices.co.jp/ https://mws.amazonservices.jp/ https://mws.amazonservices.it/ https://mws.amazonservices.fr/ https://mws.amazonservices.es/ https://mws.amazonservices.de/ https://*.facebook.com/ https://*.facebook.net/ https://*.google.com/ https://ekr.zdassets.com/ https://api.braintreegateway.com/ https://api.sandbox.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://client-analytics.sandbox.braintreegateway.com/ https://*.braintree-api.com/ https://*.graph.instagram.com/ https://*.kleecks-cdn.com/ https://*.kleecks-stats.com/ https://akoctmvv.euh.stape.net/ https://unpkg.com/ https://ss.gabel1957.com/ https://ss.somma1867.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; default-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://akoctmvv.euh.stape.net/ http://akoctmvv.euh.stape.net/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; 1
default-src 'self'  games-mgh.com apis.google.com accounts.google.com bid.g.doubleclick.net  play.gamepix.com games.gamepix.com; connect-src * ;img-src * data:; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net apis.google.com accounts.google.com track.opticks.io *.doubleclick.net fonts.googleapis.com fonts.gstatic.com api1.moitribe.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com api1.moitribe.com cdnjs.cloudflare.com; frame-ancestors 'self'; form-action 'self' https: *.games-mgh.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
frame-ancestors 'self' https://my.gogoshop.io https://admin.gogoshop.io https://www.facebook.com; script-src 'self' https://www.facebook.com www.facebook.com https://connect.facebook.net connect.facebook.net https://www.google.com www.google.com https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://analytics.google.com analytics.google.com https://cdn.gogoshop.cloud cdn.gogoshop.cloud https://img.gogoshpo.cloud img.gogoshpo.cloud https://chat.sleekflow.io chat.sleekflow.io https://cdn.chichat.tw cdn.chichat.tw https://challenges.cloudflare.com challenges.cloudflare.com https://ajax.cloudflare.com ajax.cloudflare.com https://static.cloudflareinsights.com static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' 1
font-src *.gstatic.com *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.liqpay.ua/api/3/checkout secure.authorize.net test.authorize.net *.twitter.com *.google.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.twitter.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com https://static.liqpay.ua/buttons/p1ru.radius.png t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.youtube.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.google.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com/j/collect www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.google.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.granufink.de; script-src privacyportalde-cdn.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.mookie1.com tr.outbrain.com wave.outbrain.com www.google.com/recaptcha/api.js dynamic.criteo.com amplify.outbrain.com connect.facebook.net bat.bing.com xandr.com groupm.de xaxis.com criteo.com criteo.net js.adsrvr.org s.pinimg.com secure.adnxs.com widget.eu.criteo.com sslwidget.criteo.com p.teads.tv acdn.adnxs.com cdnjs.cloudflare.com cscoreproweustor.blob.core.windows.net cdn.cookielaw.org cdn.channelsight.com js.monitor.azure.com browser-update.org www.google.com stats.wp.com translate.google.com www.gstatic.com/recaptcha/ translate.googleapis.com maps.google.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net unpkg.com www.googletagmanager.com www.google-analytics.com; img-src * data:; style-src 'self' 'unsafe-inline' cdn.channelsight.com fonts.googleapis.com translate.googleapis.com/translate_static/ cdn.jsdelivr.net maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com privacyportalde-cdn.onetrust.com; font-src 'self' https://www.granufink.de/ data: fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.channelsight.com privacyportalde-cdn.onetrust.com; child-src 'self' player.vimeo.com *.pinterest.com *.criteo.net *.criteo.com blob: www.google.com www.googletagmanager.com p.teads.tv fledge.teads.tv insight.adsrvr.org match.adsrvr.org *.fls.doubleclick.net td.doubleclick.net www.youtube.com; connect-src 'self' privacyportalde-cdn.onetrust.com privacyportal-de.onetrust.com tr.outbrain.com *.pinterest.com *.criteo.com widget.eu.criteo.com maps.googleapis.com graph.facebook.com translate.googleapis.com collect.granufink.de cm.teads.tv cdn.cookielaw.org geolocation.onetrust.com measurement-api.criteo.com t.teads.tv api.channelsight.com xandr.com groupm.de xaxis.com criteo.com criteo.net analytics.google.com www.google-analytics.com dc.services.visualstudio.com perrigo-privacy.my.onetrust.com stats.g.doubleclick.net; 1
object-src self; frame-ancestors self; report-uri /report-csp-violation 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.moneytigo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.twitter.com *.vimeo.com *.moneytigo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.ytimg.com *.vimeo.com *.paypal.com *.paypalobjects.com *.twitter.com *.twimg.com *.cardinalcommerce.com *.ccdc02.com *.klarna.com *.lightemporium.com *.usercentrics.eu *.google.it google.it *.google.be *.google.nl *.cookie-script.com *.maps.googleapis.com *.maps.gstatic.com *.grow-shop-italia.com *.growshopitalia.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.cloudflare.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.twimg.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.moneytigo.com *.cookie-script.com *.grow-shop-italia.com *.growshopitalia.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.twimg.com *.bootstrapcdn.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.moneytigo.com *.cookie-script.com *.fontawesome.com *.grow-shop-italia.com *.growshopitalia.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ *.cloudflare.com *.paypal.com *.moneytigo.com *.twitter.com *.twimg.com *.cookie-script.com *.doubleclick.net *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src https: wss://*.smartsupp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org  data: 'unsafe-inline' 'unsafe-eval' blob: ; base-uri 'self' ; frame-ancestors 'self' ; form-action https://www.facebook.com 'self' 1
default-src https://w.soundcloud.com https://eagleapi-stg.ext.e-point.pl https://4832520.fls.doubleclick.net livechatinc.com https://adsearch.adkontekst.pl https://fls.doubleclick.net https://rev.owltrack.com rec.smartlook.com netsprint.eu moventum.com.pl googletagmanager.com https://unpkg.com https://contentvaluer.com popups.landingi.com region1.google-analytics.com google-analytics.com *.landingi.com https://*.sharethis.com https://*.cookieyes.com https://rec.smartlook.com www.snrcdn.net https://www.nntfi.pl https://cdn-cookieyes.com https://api.survicate.com 'self'; font-src https://4832520.fls.doubleclick.net https://themes.googleusercontent.com/ fonts.googleapis.com livechatinc.com https://fls.doubleclick.net https://cdn.livechatinc.com moventum.com.pl https://unpkg.com https://contentvaluer.com region1.google-analytics.com *.landingi.com https://*.cookieyes.com https://rec.smartlook.com https://fonts.gstatic.com themes.googleusercontent.com https://themes.googleusercontent.com https://www.nntfi.pl https://cdn-cookieyes.com 'self'; style-src https://4832520.fls.doubleclick.net livechatinc.com https://adsearch.adkontekst.pl https://fls.doubleclick.net https://stats.g.doubleclick.net moventum.com.pl https://unpkg.com region1.google-analytics.com https://app.getresponse.com code.jquery.com https://rec.smartlook.com www.google.com https://api.survicate.com https://fonts.googleapis.com https://cse.google.com https://tagmanager.google.com https://contentvaluer.com www.googleapis.com http://www.google.com https://*.cookieyes.com https://www.googletagmanager.com https://secure.livechatinc.com https://www.nntfi.pl https://cdn-cookieyes.com https://www.ytimg.com 'self' 'unsafe-inline'; img-src https://fls.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com https://unpkg.com https://*.googleapis.com stats.g.doubleclick.net https://rec.smartlook.com www.google.com https://s3.amazonaws.com www.google-analytics.com googleads4.g.doubleclick.net https://www.i1.ytimg.com https://contentvaluer.com *.gstatic.com https://www.googleapis.com www.ghmpl.hit.gemius.pl googleads.g.doubleclick.net ghmpl.hit.gemius.pl https://secure.livechatinc.com https://www.nntfi.pl https://cdn-cookieyes.com https://www.twitter.com www.s.c.lnkd.licdn.com https://eagleapi-stg.ext.e-point.pl https://4832520.fls.doubleclick.net livechatinc.com https://adsearch.adkontekst.pl https://pagead2.googlesyndication.com www.s-passets.pinimg.com moventum.com.pl https://gtrk.s3.amazonaws.com popups.landingi.com region1.google-analytics.com https://*.gstatic.com https://www.google-analytics.com/ https://*.google.com https://*.sharethis.com www.googletagmanager.com https://api.survicate.com clients1.google.com http://*.google.com https://tagmanager.google.com www.linkedin.com *.ggpht.com https://www.google.pl https://*.cookieyes.com https://*.qualtrics.com https://www.googletagmanager.com https://myao.adocean.pl https://www.google-analytics.com www.passets.pinimg.com 'self' data:; frame-src https://w.soundcloud.com https://eagleapi-stg.ext.e-point.pl https://4832520.fls.doubleclick.net livechatinc.com https://s-static.ak.facebook.com https://adsearch.adkontekst.pl soundcloud.com ls.hit.gemius.pl https://www.s-static.ak.facebook.com netsprint.eu https://www.facebook.com moventum.com.pl https://unpkg.com popups.landingi.com region1.google-analytics.com ent.activeforms.com https://app.getresponse.com https://*.google.com https://*.sharethis.com datastudio.google.com https://rec.smartlook.com www.snrcdn.net www.google.com static.ak.facebook.com www.youtube.com https://api.survicate.com https://www.youtube.com www.facebook.com https://ls.hit.gemius.pl www.google.pl https://bid.g.doubleclick.net rec.smartlook.com https://contentvaluer.com vimeo.com https://*.cookieyes.com https://*.qualtrics.com https://6634205.fls.doubleclick.net https://secure.livechatinc.com player.vimeo.com https://www.nntfi.pl https://cdn-cookieyes.com 'self'; script-src https://w.soundcloud.com myao.adocean.pl https://fls.doubleclick.net https://stats.g.doubleclick.net soundcloud.com netsprint.eu https://unpkg.com https://www.ssl.gstatic.com https://*.googleapis.com stats.g.doubleclick.net pro.hit.gemius.pl https://rec.smartlook.com https://www.gstatic.com www.snrcdn.net cdnjs.cloudflare.com www.google.com app.getresponse.com sharethis.com https://www.ghmpl.hit.gemius.pl https://www.fbstatic-a.akamaihd.net www.myao.adocean.pl https://s3.amazonaws.com www.google-analytics.com https://www.google.com *.googletagmanager.com https://contentvaluer.com *.google-analytics.com www.cdn.api.twitter.com connect.facebook.net www.platform.linkedin.com https://www.googleapis.com www.static.ak.facebook.com http://www.google.com googleads.g.doubleclick.net https://secure.livechatinc.com adocean-pl.hit.gemius.pl https://www.nntfi.pl https://cdn-cookieyes.com https://eagleapi-stg.ext.e-point.pl https://4832520.fls.doubleclick.net https://googleads4.g.doubleclick.net www.googleadservices.com livechatinc.com https://pro.hit.gemius.pl/ https://adsearch.adkontekst.pl https://pagead2.googlesyndication.com https://www.s-static.ak.facebook.com moventum.com.pl https://www.oauth.googleusercontent.com googletagmanager.com popups.landingi.com https://platform-api.sharethis.com region1.google-analytics.com https://www.s.ytimg.com https://ssl.google-analytics.com https://*.sharethis.com code.jquery.com https://buttons-config.sharethis.com www.googletagmanager.com cse.google.com https://ghmpl.hit.gemius.pl https://api.survicate.com https://connect.facebook.net https://ad.doubleclick.net https://tagmanager.google.com https://rev.owltrack.com rec.smartlook.com www.linkedin.com https://script.crazyegg.com cdn.livechatinc.com google-analytics.com https://maps.gstatic.com https://fullstory.com https://*.cookieyes.com https://*.qualtrics.com https://www.googletagmanager.com www.pro.hit.gemius.pl https://www.google-analytics.com www.platform.twitter.com https://mobile.usabilitytools.com https://www.apis.google.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://w.soundcloud.com https://eagleapi-stg.ext.e-point.pl https://4832520.fls.doubleclick.net livechatinc.com https://adsearch.adkontekst.pl netsprint.eu moventum.com.pl https://unpkg.com https://contentvaluer.com region1.google-analytics.com https://*.sharethis.com https://*.cookieyes.com https://rec.smartlook.com www.snrcdn.net https://www.nntfi.pl https://cdn-cookieyes.com https://api.survicate.com 'self'; connect-src https://w.soundcloud.com https://eagleapi-stg.ext.e-point.pl livechatinc.com https://adsearch.adkontekst.pl https://rev.owltrack.com https://stats.g.doubleclick.net soundcloud.com rec.smartlook.com https://www.facebook.com moventum.com.pl https://unpkg.com https://contentvaluer.com popups.landingi.com cdn.livechatinc.com region1.google-analytics.com https://fullstory.com https://*.cookieyes.com https://*.qualtrics.com https://rec.smartlook.com www.snrcdn.net https://www.google-analytics.com https://www.nntfi.pl https://cdn-cookieyes.com https://api.survicate.com 'self' 1
default-src 'self' 'unsafe-inline' googletagservices.com  *.google.com *.google.com.ua *.googletagservices.com *.googlesyndication.com *.googleapis.com *.gstatic.com; img-src 'self' *.gt.kh.ua *.googlesyndication.com play.google.com data:; frame-ancestors 'none'; 1
default-src 'self' *.gula.com.uy https://*.google.com https://*.mlstatic.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.mercadopago.com https://*.mercadolibre.com https://*.ondigitalocean.app https://*.amazonaws.com https://www.google-analytics.com https://fonts.gstatic.com https://*.sentry.io https://*.gula-media.com data:; img-src * 'self' 'unsafe-inline' data: blob: https: gula.com.uy *.gula-media.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://unpkg.com https://www.googletagmanager.com https://*.mercadopago.com https://*.mlstatic.com https://www.google-analytics.com https://secure.mlstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none' 1
default-src 'self' https://www.google-analytics.com; img-src 'self' blob: https://ps.w.org/ https://s.w.org/ https://helen.template.cmsmasters.net/ https://bambini.cmsmasters.net/ data: https://secure.gravatar.com/ https://www.google-analytics.com https://bambini.cmsmasters.net; script-src 'unsafe-inline' 'unsafe-eval' https://gurukelas.id https://www.youtube.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://gurukelas.id https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-elem 'unsafe-inline' https://gurukelas.id/ https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src https://gurukelas.id https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com data: ; frame-src 'self' https://www.google.com https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.ccavenue.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.ccavenue.com *.meetanshi.com www.facebook.com platform.twitter.com detgen.in www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com *.ccavenue.com *.meetanshi.com https://meetanshi.com/media/logo.png www.facebook.com www.freepnglogos.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net maps.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn.side-guard.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com *.ccavenue.com *.avada.io *.meetanshi.com connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com side-guard.com www.apptrian.com *.ccavenue.com *.meetanshi.com maps.googleapis.com www.googletagmanager.com z.clarity.ms 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' https://*.fontawesome.com/ https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://*.cloudflare.com https://unpkg.com https://*.jsdelivr.net https://hcaptcha.com 'unsafe-inline'; object-src 'self' https://www.youtube.com/; style-src 'self' https://fonts.googleapis.com/ https://modernizr.com https://*.cloudflare.com https://*.jsdelivr.net  https://www.youtube.com 'unsafe-inline'; img-src 'self' https://*.google-analytics.com; media-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.google.com https://www.googletagmanager.com https://*.hcaptcha.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: https://fonts.gstatic.com/ https://themes.googleusercontent.com/; connect-src 'self' https://*.fontawesome.com/ https://*.google-analytics.com https://*.hcaptcha.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; script-src 'unsafe-inline' 'unsafe-eval' https: data: mediastream: blob: filesystem: embed.typeform.com; style-src 'unsafe-inline' 'unsafe-eval' https: filesystem:; img-src https: data: blob: filesystem:; connect-src https: filesystem:; font-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; media-src https: data: mediastream: blob: filesystem:; child-src https: filesystem:; form-action https: filesystem:; frame-ancestors https: data: mediastream: blob: filesystem: embed.typeform.com; object-src https: data: blob: filesystem:; frame-src http: https: data: blob: filesystem: embed.typeform.com; worker-src https: filesystem:; manifest-src https: filesystem:; navigate-to https:; base-uri https:; upgrade-insecure-requests 1
img-src https: data:; 1
connect-src 'self' ;frame-ancestors 'self' ;child-src 'self';media-src 'self' ;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
policy-uri /'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src *; media-src * 1
upgrade-insecure-requests; style-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com cdnjs.cloudflare.com momentjs.com hdi-livechat.barantum.com livechat.xeemore.com www.hdindonesia.com fonts.googleapis.com; 1
report-uri https://healthblocks360.report-uri.com/r/d/csp/enforce;base-uri 'self';connect-src 'self' https://cdn.datatables.net/plug-ins/1.10.19/i18n/English.json https://hlg.tokbox.com/prod/logging/ClientEvent https://config.opentok.com/project/47234334/config.json https://anvil.opentok.com https://api-standard.opentok.com https://hlg.tokbox.com wss://*.tokbox.com wss://tokbox.com;default-src 'self';form-action 'self';img-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-hPfmOpGsKTYxVNIJUPd5dQvb4faA2cC8' https://cdn.datatables.net https://use.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/releases/*/recaptcha/api.js https://www.gstatic.com/recaptcha/api.js https://stackpath.bootstrapcdn.com https://cdn.rawgit.com/bpampuch/pdfmake https://cdn.ckeditor.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases https://cdn.jsdelivr.net/gh/bpampuch/pdfmake@0.1.18/build/vfs_fonts.js https://cdn.jsdelivr.net/gh/bpampuch/pdfmake@0.1.18/build/pdfmake.min.js https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/js/bootstrap-datetimepicker.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/2.5.0/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.full.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.10.2/fullcalendar.js https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js https://static.opentok.com/v2/js/opentok.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js https://cdn.datatables.net/rowgroup/1.1.3/js/dataTables.rowGroup.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/11.0.2/bootstrap-slider.min.js;style-src 'self' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://use.fontawesome.com https://google.com/recaptcha https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.css 'unsafe-inline' https://healthblocks360.com/css/adminltev3.css https://healthblocks360.com/css/custom.css https://healthblocks360.com/css/mobile.css https://healthblocks360.com/css/select2.min.css https://healthblocks360.com/css/errors.css https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.10.2/fullcalendar.min.css https://cdn.jsdelivr.net/npm/icheck-bootstrap@3.0.1/icheck-bootstrap.min.css https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/11.0.2/css/bootstrap-slider.min.css;font-src https://fonts.gstatic.com https://use.fontawesome.com;frame-src https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;upgrade-insecure-requests;block-all-mixed-content;frame-ancestors 1
frame-ancestors 'self' https://hthm-canada-cms-production.azurewebsites.net 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline';img-src 'self' https://services.italika.mx/WebVisorArchivosITK/;form-action 'self'; 1
frame-src *.google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; 1
img-src 'self' https://hilarioalves.com https://www.google.pt https://platform-cdn.sharethis.com https://www.googleadservices.com https://www.google-analytics.com data: https://www.google.com https://maps.gstatic.com https://maps.googleapis.com; 1
frame-ancestors 'self' https://hobbyland.se https://hobbyland.starwebserver.se 1
default-src 'self';script-src * https: 'unsafe-inline' 'unsafe-eval';frame-src *;style-src https: 'unsafe-inline';font-src *;img-src * data:;connect-src *; 1
frame-ancestors 'self' wedoehf.zendesk.com; 1
default-src 'self' ws: http: https: data: blob: 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.hotelissima.fr 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www.shuperb.co.uk www1.shuperb.co.uk www.desertboots.com www.houseofslippers.co.uk www.steeltoeboots.co.uk www.schoolshoes.co.uk; base-uri 'self' 1
frame-ancestors 'self' https://jionews.com/ https://jionewsdev1.jio.ril.com/ 1
frame-ancestors 'self' https://hyundaimexico-staging-2301.dotcms.cloud https://hyundaimexico-dev-2301.dotcms.cloud https://hyundaimotormex-leads.com https://www.hyundai.com.mx https://hmm-api.s3.amazonaws.com ; 1
default-src 'self';     script-src 'self' 'unsafe-inline' 'unsafe-eval' *;     style-src 'self' 'unsafe-inline' *;     img-src 'self' *;     font-src 'self' *;     connect-src 'self' *;     media-src 'self' data: blob:;     child-src 'self' *;     frame-src 'self' *; 1
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.silveregg.net ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com storage.googleapis.com api.flipdesk.jp tr.webantenna.info connect.facebook.net www.googleoptimize.com config-code.webantenna.info d.line-scdn.net www.clarity.ms b92.yahoo.co.jp s.yimg.jp googleads.g.doubleclick.net static.ads-twitter.com am.yahoo.co.jp b99.yahoo.co.jp www.googleadservices.com tm.r-ad.ne.jp statics.a8.net t.afi-b.com cdn.jsdelivr.net unpkg.com yubinbango.github.io app-webparts-hrbc.porterscloud.com optimize.google.com cdn.kaizenplatform.net js.sentry-cdn.com browser.sentry-cdn.com af.tosho-trading.co.jp polyfill.io;style-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com api.flipdesk.jp cdn.jsdelivr.net app-webparts-hrbc.porterscloud.com optimize.google.com fonts.googleapis.com; 1
img-src https: data:; report-to 'default' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1
script-src 'report-sample' 'nonce-OB-8-saq_lDjYHryIF8t6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://cdn.ywxi.net https://maps.googleapis.com/ https://polyfill.io/ https://ajax.googleapis.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.serving-sys.com use.fontawesome.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com *.google-analytics.com google.com *.google.com *.googleapis.com *.cloudflare.com *.google-analytics.com *.bootstrapcdn.com  code.jquery.com; connect-src 'self' https://ipapi.co google.com *.google.com *.serving-sys.com; img-src 'self' data: dummyimage.com  code.jquery.com *.serving-sys.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.ihaledergisi.com  code.jquery.com *.ionicframework.com google.com *.google.com googletagmanager.com *.googletagmanager.com *.googleapis.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.ihaledergisi.com  *.jquery.com google.com *.google.com *.googleapis.com googletagmanager.com *.googletagmanager.com *.ionicframework.com;base-uri 'self' *.ihaledergisi.com;form-action 'self' *.ihaledergisi.com; frame-src 'self' api.ihaledergisi.com ihaledergisi.com mobi.ihaledergisi.com www.ihaledergisi.com  code.jquery.com 1
default-src 'self';         connect-src 'self' https://*.readspeaker.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com https://google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://*.livechatinc.com https://*.reco.se https://*.readspeaker.com https://*.klarnaservices.com https://*.klarna.com https://www.googleadservices.com https://www.google.com;         frame-src 'self' https://*.readspeaker.com https://*.livechatinc.com https://*.reco.se https://*.klarna.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com;         style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://use.fontawesome.com https://*.readspeaker.com https://*.klarnacdn.net;         img-src 'self' data: https://*.readspeaker.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com;         font-src 'self' data: https://*.readspeaker.com https://fonts.gstatic.com https://*.livechatinc.com https://use.fontawesome.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.google.com www.googletagmanager.com; 1
default-src 'self' https: data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://sgo.indors.it; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-a6PNcJoRMw6iV33aFSoumw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://www.google-analytics.com https://svc.webspellchecker.net fonts.googleapis.com fonts.gstatic.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/; frame-src https://www.google.com/; report-uri /report-csp-violation 1
default-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.youtube.com *.youtu.be ; font-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com 'unsafe-inline' ; style-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.botnation.ai unpkg.com 'unsafe-inline'; script-src  'self' 'unsafe-eval'  *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com unpkg.com cdnjs.cloudflare.com ssl.google-analytics.com *.doubleclick.net cbassets.botnation.ai chatbox.botnation.ai 'unsafe-inline' ; connect-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai 'unsafe-inline' ; frame-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai  *.youtube.com *.youtu.be 'unsafe-inline' ; img-src 'self' * data: 'unsafe-inline' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://internetencasa.mx/report-uri/enforce 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self';connect-src 'self';style-src 'self' 'unsafe-inline';frame-ancestors 'none'; frame-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
script-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://developers.onemap.sg https://salesiq.zoho.com https://js.zohocdn.com https://desk.zoho.com http://js.zohostatic.com http://d17nz991552y2g.cloudfront.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://css.zohocdn.com http://css.zohostatic.com http://d3el7j01zd7apf.cloudfront.net https://fonts.googleapis.com 'unsafe-inline' ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com; img-src 'self' data: https://*.wp.com; object-src 'self' data: https://*.wp.com; frame-src 'self' data: https://*.wp.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' http://connect.facebook.net https://apis.google.com/ https://www.google-analytics.com/ http://www.google-analytics.com/ http://mc.yandex.ru/metrika/ https://mc.yandex.ru/metrika/ https://mc.yandex.ru/watch/ http://mc.yandex.ru/watch/ http://www.googleadservices.com/ https://www.googleadservices.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ http://ajax.googleapis.com/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://multisearch.io/ https://api2.multisearch.io/ https://api.multisearch.io/ https://app.blinger.io/uploads/widgets2/ https://app.blinger.io/js/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/ https://optimize.google.com https://*.clarity.ms ;style-src 'self' 'unsafe-inline' https://my.novaposhta.ua/public/css/ https://multisearch.io/ https://tagmanager.google.com/debug/ https://fonts.googleapis.com/ https://optimize.google.com https://fonts.googleapis.com ;frame-src 'self' viber: https://www.facebook.com https://vk.com *.youtube.com https://apis.google.com https://googleads.g.doubleclick.net https://login.vk.com https://web.facebook.com https://www.google.com http://www.googletagmanager.com https://m.facebook.com http://staticxx.facebook.com/ https://staticxx.facebook.com/ https://accounts.google.com/o/oauth2/ https://player.vimeo.com/ https://app.blinger.io/js/ https://optimize.google.com ;img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com http://www.google-analytics.com *.youtube.com https://www.fleshlightdistribution.com/ http://www.fleshlightdistribution.com/ https://vk.com/ http://www.isex.com.ua/ https://www.isex.com.ua/ https://www.facebook.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.com.ua/ads/ https://mc.yandex.ru/clmap/ https://mc.yandex.ru/webvisor/ http://csi.gstatic.com/ https://csi.gstatic.com/ https://www.w3.org/ http://www.w3.org/ https://optimize.google.com ;media-src 'self' www.google-analytics.com *.youtube.com/ https://blinger.io/sounds/tap.wav;font-src 'self' https://my.novaposhta.ua/public/css/ https://fonts.googleapis.com/ https://fonts.gstatic.com/s/ https://fonts.gstatic.com ;connect-src 'self' https://stats.g.doubleclick.net/ http://mc.yandex.ru/metrika/ https://mc.yandex.ru/metrika/ https://mc.yandex.ru/watch/ http://mc.yandex.ru/watch/ https://mc.yandex.ru/webvisor/ http://mc.yandex.ru/webvisor/ https://mc.yandex.ru/clmap/ https://mc.yandex.ru/sync_cookie_get https://multisearch.io/ https://api2.multisearch.io/ https://api.multisearch.io/ https://www.google-analytics.com https://analytics.google.com wss://app.blinger.io/livechat/ https://*.clarity.ms;object-src 'self' http://www.youtube.com/ https://www.youtube.com/ ; 1
frame-ancestors 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com;object-src 'none';child-src 'self' blob: *.paypal.com *.googlesyndication.com *.google.com *.doubleclick.net www.paypalobjects.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 1
frame-ancestors 'self' https://jabb.se https://jabb.starwebserver.se 1
default-src https: 'unsafe-inline'; img-src https: data:; frame-ancestors 'self' https://storaensoskog.se 1
default-src 'self'; frame-src 'self' https://www.youtube.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.groupe-kea.fr https://connect.facebook.net https://www.clarity.ms https://js.sddan.com https://www.googletagmanager.com https://cache.consentframework.com https://choices.consentframework.com https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://ct.sddan.com; style-src 'self' 'unsafe-inline' https://fontawesome.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.tiny.cloud https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.sirdata.io; img-src http: https: data: 'self'; connect-src http: https: blob:; 1
default-src 'self' 'unsafe-inline'                https://www.youtube.com                 https://*.theta360.biz                 https://*.theta360.com                 https://*.amazonaws.com                 https://www.googletagmanager.com                 https://fonts.googleapis.com                 https://*.cdninstagram.com                 https://maps.googleapis.com                 https://maps.gstatic.com;     style-src   'self' 'unsafe-inline'                 www.googletagmanager.com                 https://fonts.googleapis.com;     font-src    'self' 'unsafe-inline'                 https://fonts.gstatic.com;     script-src  'self' 'unsafe-inline'                 https://*.theta360.biz                 https://www.google-analytics.com                 https://ssl.google-analytics.com                 https://*.googleapis.com                 https://*.gstatic.com                 *.google.com                 https://*.ggpht.com                 https://www.googletagmanager.com                 *.googleusercontent.com;     connect-src 'self' 'unsafe-inline'                 https://www.google-analytics.com                 https://*.googleapis.com                 *.google.com                 https://*.gstatic.com                 https://stats.g.doubleclick.net                 data:                 https://graph.facebook.com                 blob:;     img-src    'self' 'unsafe-inline'                 https://*.cdninstagram.com                 https://www.google-analytics.com                 https://*.googleapis.com                 https://*.gstatic.com                 *.google.com                 *.googleusercontent.com                 *.google.co.jp                 https://cnt.parkingweb.jp                 data:;     frame-src   'self' 'unsafe-inline'                 https://*.theta360.biz                 www.googletagmanager.com                 https://www.youtube.com                 *.google.com;    1
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
default-src 'none'; base-uri 'self'; script-src 'self' blob: translate.google.com translate.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.wdd.idv.tw www.googletagmanager.com www.google-analytics.com blob: 'unsafe-eval' www.youtube.com 'unsafe-inline' netdna.bootstrapcdn.com connect.facebook.net; child-src 'self' data: blob: www.youtube.com www.google.com player.youku.com valc.atm.youku.com; frame-src 'self' data: blob: www.youtube.com www.google.com player.youku.com valc.atm.youku.com; connect-src 'self' https:; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com; img-src 'self' data: img.youtube.com www.facebook.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.wdd.idv.tw fonts.googleapis.com  netdna.bootstrapcdn.com; frame-ancestors 'none'; form-action 'self' payment-stage.ecpay.com.tw ccore.newebpay.com 1
frame-ancestors 'self' https://www.vayda.online https://*.wix.com https://www.surpriz.in 1
frame-ancestors 'self' https://platform.jioretailer.com 1
object-src=none; frame-ancestors=self; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://jsscriptv1-live.cpx-research.com https://in.hotjar.com https://www.gstatic.com wss://ws-eu.pusher.com https://sockjs-eu.pusher.com https://fn.us.ipqscdn.com; frame-src https://timewall.io https://wss.pollfish.com https://www.googletagmanager.com https://offers.cpx-research.com https://vars.hotjar.com https://js.stripe.com https://www.youtube.com https://web.bitlabs.ai https://surveywall.wannads.com https://earn.wannads.com https://wall.adgaterewards.com https://asmwall.com https://www.ayetstudios.com https://wall.lootably.com https://www.offertoro.com https://wall.revenueuniverse.com https://publishers.revenueuniverse.com https://wall.wannads.com https://pay.neteller.com https://pay.skrill.com https://commerce.coinbase.com https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://www.google.com; img-src 'self' data: https://s3.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://t.paypal.com https://www.gstatic.com https://api.qrserver.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://commerce.coinbase.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://static.hotjar.com https://script.hotjar.com https://www.paypal.com https://www.sandbox.paypal.com https://commerce.coinbase.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cpx-research.com https://pay.skrill.com https://www.paypalobjects.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://js.pusher.com https://www.ipqscdn.com https://unpkg.com https://js-agent.newrelic.com 1
frame-src 'self' *.amazon.de *.google.com *.paypal.com *.prismic.io *.vimeo.com *.criteo.com *.facebook.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src * data: blob: 'media-src' blob: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors https://zep.us https://www.zep.us https://www.k-startup.go.kr https://k-startup.go.kr https://www.k-startup.go.kr:8443 https://k-startup.go.kr:8443 1
default-src 'self' *.crazyegg.com *.analytics.google.com;connect-src 'self' *.analytics.google.com *.popt.in mocky.com google.com data: *.facebook.com *.crazyegg.com *.googlesyndication.com *.google-analytics.com *.cloudfront.net *.sharethis.com cdn.datatables.net *.crazyegg.com *.doubleclick.net;worker-src 'self' blob:;frame-src 'self' api.virtualjog.hu *.youtube.com *.crazyegg.com online.sprinter.hu www.google.com *.doubleclick.net *.crazyegg.com www.facebook.com;frame-ancestors kangaboo.hu kangaboo.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: kangaboo.hu *.mocky.com code.jquery.com cdnjs.cloudflare.com cdn.popt.in cdn.datatables.net *.bootstrapcdn.com *.optimonk.com *.google.com *.gstatic.com *.crazyegg.com www.googleadservices.com www.googletagmanager.com *.doubleclick.net *.sharethis.com connect.facebook.net *.crazyegg.com ajax.googleapis.com kangaboo.ro kangaboo.hu; font-src 'self' *.cloudfront.net *.gstatic.com *.popt.in data: kangaboo.ro maxcdn.bootstrapcdn.com kangaboo.hu; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.mocky.com *.cloudflare.com *.lambda-url.us-west-2.on.aws *.crazyegg.com *.popt.in www.googletagmanager.com maxcdn.bootstrapcdn.com cdn.datatables.net kangaboo.hu kangaboo.ro;img-src 'self' kangaboomail.hu *.google.com *.kangaboomail.hu *.optimonk.com *.crazyegg.com *.gstatic.com data: 'unsafe-inline' kangaboo.ro www.googletagmanager.com *.sharethis.com www.google.hu connect.facebook.net www.facebook.com static.arukereso.hu *.doubleclick.net *.crazyegg.com;child-src blob: *.crazyegg.com 1
frame-ancestors 'self' https://staging.answeringservicecare.com 1
default-src 'self' https:; base-uri 'self'; connect-src https: wss:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'strict-dynamic' https: 'nonce-mzM5Ww4DRQkGTcXPaFN+V5SeiL3FvAEiNW1hqylCmTM=' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' 1
img-src * 'self' data: https:; font-src * 'self' data: https:; media-src * 'self' data: https:; default-src 'self' data: ws: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.fonts-gstatic.com *.cloudflare.com  *.googletagmanager.com *.fontawesome.com *.gstatic.com *.jquery.com *.googleapis.com *.google.com *.facebook.net *.facebook.com *.issuu.com *.tawk.to *.hotjar.io *.luckyorange.com *.youtube.com *.vimeo.com *.datatables.net *.openstreetmap.org *.hotjar.com *.jsdelivr.net *.doubleclick.net gitcdn.github.io oss.maxcdn.com 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.ketonal.pl/report-uri/enforce 1
base-uri 'self'; default-src 'none'; media-src https://*.smartsuppcdn.com https://steamcdn-a.akamaihd.net https://cdn.akamai.steamstatic.com https://cdn.cloudflare.steamstatic.com; img-src 'self' data: 'unsafe-inline' https://optimize.google.com https://*.googleadservices.com *.googletagmanager.com https://cdn.aktivcommunication.cz https://www.facebook.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://www.heureka.cz https://www.heureka.sk https://*.smartsuppcdn.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.seznam.cz https://*.google.com https://*.google.cz https://*.bing.com https://*.hotjar.com https://ssl.gstatic.com https://gstatic.com https://*.google-analytics.com; manifest-src www.key4you.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://c.seznam.cz/js/retargeting.js https://optimize.google.com https://www.googleoptimize.com https://*.hotjar.com https://vc.hotjar.io https://www.reddit.com https://connect.facebook.net https://www.google-analytics.com https://cdn.aktivcommunication.cz https://*.googletagmanager.com https://tagmanager.google.com https://z.moatads.com https://widgets.pinterest.com https://www.google.com https://www.gstatic.com/recaptcha/ https://ssl.heureka.cz/ https://im9.cz https://*.smartsuppchat.com https://*.smartsuppcdn.com https://www.googleadservices.com https://c.imedia.cz https://googleads.g.doubleclick.net https://seznam.cz https://*.seznam.cz https://zbozi.cz https://*.zbozi.cz https://www.google.cz https://*.luigisbox.com https://www.youtube.com https://*.bing.com https://*.googlesyndication.com; frame-src https://*.youtube.com https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://zbozi.cz https://www.seznam.cz https://*.zbozi.cz https://optimize.google.com https://*.googlesyndication.com https://*.doubleclick.net/ https://login.szn.cz/; connect-src https://*.analytics.google.com https://www.key4you.cz https://*.google-analytics.com https://www.google.cz https://*.google.cz https://www.facebook.com/tr/ https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://widget-tracker.smartsupp.com https://*.luigisbox.com wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.googletagmanager.com https://*.google.com https://*.googlesyndication.com https://*.bing.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://*.smartsuppcdn.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://*.smartsuppcdn.com https://*.hotjar.com; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' *.jsdelivr.net www.google-analytics.com www.googletagmanager.com 'unsafe-inline';style-src 'self' https://fonts.bunny.net https://fonts.googleapis.com *.jsdelivr.net 'unsafe-inline';font-src 'self' https://fonts.bunny.net https://fonts.gstatic.com;base-uri  'self';connect-src 'self'  l.dv *.khatm.site *.google-analytics.com *.google.com;img-src 'self' *.google-analytics.com *.google.com data: l.dv *.khatm.site; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.cookielaw.org  *.googletagmanager.com *.googleadservices.com *.googleoptimize.com cdn.nolt.io documentcloud.adobe.com *.hotjar.com snap.licdn.com *.cloudflare.com *.google-analytics.com *.facebook.net *.facebook.com *.stripe.com clientcdn.pushengage.com optimize.google.com *.google-analytics.com *.customer.io apis.google.com js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net app.enzuzo.com *.google.com;  frame-src * data: blob: ;  child-src *.arxiv.org arxiv.org *.googleapis.com googleapis.com *.google.com *.hotjar.com *.youtube.com *.nolt.io  *.adobe.com *.firebaseapp.com *.stripe.com * data: blob: ;  style-src 'self' 'unsafe-inline' b.stripecdn.com *.gstatic.com *.googletagmanager.com *.googleapis.com kimo.pushengage.com optimize.google.com;  img-src * blob: data:;  media-src *;  connect-src *;  font-src 'self'  b.stripecdn.com fonts.gstatic.com *.hotjar.com; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com 1
upgrade-insecure-requests; default-src 'self';img-src registrasi.kki.go.id 'self' data:;form-action 'self';frame-src www.google.com maps.google.com 'self' 'unsafe-inline';frame-ancestors 'self';style-src 'self' 'unsafe-inline' 'self';script-src-elem unpkg.com www.gstatic.com code.jquery.com cdn.datatables.net cdn.jsdelivr.net 'self' 'unsafe-inline';style-src-elem cdn.datatables.net fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net 'self' 'unsafe-inline';script-src www.gstatic.com code.jquery.com cdn.datatables.net cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval';font-src fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' data:;connect-src 'self' 1
default-src 'self'; script-src 'self' https://www.gstatic.com https://cdn.kkutu.io https://browser.sentry-cdn.com https://static.cloudflareinsights.com/beacon.min.js https://t1.daumcdn.net https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://challenges.cloudflare.com/turnstile/v0/api.js 'nonce-tbAXZGg7Jxozw4td6wAzkqXAWMuQXnjY'; style-src 'unsafe-inline' 'self' https://cdn.kkutu.io; object-src https://cdn.kkutu.io; base-uri 'self'; connect-src 'self' https://cdn.kkutu.io https://cloudflareinsights.com https://o1271663.ingest.sentry.io https://stats.g.doubleclick.net wss://ws.kkutu.io:* wss://test.kkutu.io:* https://static.kkutu.io https://www.google-analytics.com https://display.ad.daum.net https://aem-ingest.onkakao.net; font-src 'self' https://cdn.kkutu.io; frame-src 'self' https://cdn.kkutu.io https://static.kkutu.io https://t1.daumcdn.net https://www.google.com https://challenges.cloudflare.com https://youtube.com https://www.youtube.com; img-src 'self' 'unsafe-inline' https://cdn.kkutu.io https://www.google-analytics.com data:; manifest-src 'self' https://cdn.kkutu.io; media-src 'self' https://cdn.kkutu.io 1
default-src *;             frame-ancestors 'self' *.komusg.si https://apps.komusg.si;      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.komusg.si fonts.googleapis.com *.gstatic.com *.typekit.net *.google.com cdn.jsdelivr.net p.typekit.net *.doubleclick.net *.cloudflare.com *.googletagmanager.com s7.addthis.com maps.googleapis.com;      style-src 'self' 'unsafe-inline' *.komusg.si fonts.googleapis.com *.google.com p.typekit.net *.doubleclick.net *.cloudflare.com;      object-src 'self' 'unsafe-inline' *.komusg.si *.google.com p.typekit.net;      child-src 'self' 'unsafe-inline' *.komusg.si *.google.com p.typekit.net;      frame-src 'self' 'unsafe-inline' *.komusg.si *.google.com p.typekit.net *.youtube.com *.youtu.be apps.komusg.si;      img-src 'self' 'unsafe-inline' *.komusg.si p.typekit.net p.typekit.net data:;      connect-src 'self' *.googleapis.com *.google-analytics.com *.komusg.si blob:;                 1
frame-src 'self' www.youtube.com www.slideshare.net https://api.razorpay.com/ https://recaptcha.net/ https://js.stripe.com/; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'self'; media-src 'self' https://dev-media.konfhub.com/ https://media.konfhub.com/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.gstatic.com/charts/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://fonts.googleapis.com; img-src 'self' blob: data: https://cdn.konst.se https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:; media-src 'none'; frame-src 'none'; object-src 'none' 1
frame-ancestors 'self' koreagoldx.co.kr *.koreagoldx.co.kr 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.msecnd.net; img-src 'self' data: ; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com fonts.googleapis.com *.dibspayment.eu; base-uri 'self'; form-action 'self'; font-src 'self' *.bootstrapcdn.com *.gstatic.com; manifest-src 'self'; media-src 'self'; connect-src 'self' *.visualstudio.com *.dibspayment.eu; frame-src *.dibspayment.eu 1
default-src * blob: 'self' data: 'unsafe-inline' 'unsafe-eval' https:; 1
frame-ancestors 'self' https://testbaba.virtualcms.it/ 1
frame-ancestors doradobet.com www.doradobet.com sb1client-altenar.biahosted.com *.virtualsoft.tech https://latinbet.pa 1
frame-ancestors 'self' lavavitae.com 1
base-uri 'self';default - src 'self';img - src data: https:;object-src 'none';script - src 'self';style - src 'self';upgrade - insecure - requests; 1
frame-ancestors 'self' https://www.lekarnaljubljana.si 1
default-src 'self';img-src 'self' https: data: blob:;media-src 'self';frame-src 'self' https://player.vimeo.com/ https://po878e.axshare.com/ https://x.klarnacdn.net/ https://lenderspender.typeform.com/ https://vars.hotjar.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/dragula/ https://cdnjs.cloudflare.com/ajax/libs/viewerjs/ https://code.highcharts.com/ https://downloads.mailchimp.com/ https://player.vimeo.com/api/player.js https://cdn.tiny.cloud/1/ https://x.klarnacdn.net/ https://embed.typeform.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.googleadservices.com/ https://f.vimeocdn.com/ https://googleads.g.doubleclick.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://lenderspender.typeform.com/ https://*.ingest.sentry.io https://sentry.io;frame-ancestors 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/viewerjs/ https://fonts.googleapis.com/ https://cdn.tiny.cloud;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io https://websdk.verifai.com/ data: 1
frame-ancestors 'self' https://*.lexus.com.tr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https://www.google-analytics.com 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com googleads.g.doubleclick.net *.youtube.c *.youtube.com *.googleadservices.com e.issuu.com https://code.jquery.com/jquery-3.6.0.min.js https://cdn.jsdelivr.net https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://www.google-analytics.com www.googletagmanager.com https://ssl.google-analytics.com https://jira.nyx.raiffeisen.net/ https://hcaptcha.com https://*.hcaptcha.com header ajax.googleapis.com connect.facebook.net maps.google.com platform.twitter.com;worker-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-inline';font-src 'self' fonts.gstatic.com;style-src 'unsafe-inline' fonts.googleapis.com 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.gstatic.com;img-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://*.google.com https://*.twitter.com https://www.google.it https://*.googleapis.com https://maps.gstatic.com https://www.facebook.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ blob: data:; frame-src 'self' platform.twitter.com *.facebook.com www.yumpu.com player.vimeo.com www.youtube.com www.youtube-nocookie.com www.google.com e.issuu.com https://hcaptcha.com https://*.hcaptcha.com;connect-src 'self' https://*.google.com maps.google.com maps.googleapis.com https://*.google-analytics.com https://connect.facebook.net www.google-analytics.com https://stats.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self' mapservice.gov.in static.arcgis.com services.arcgisonline.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com rawgit.com cdn.jsdelivr.net momentjs.com js.arcgis.com jtblin.github.io mapservice.gov.in; style-src 'self' 'unsafe-inline' js.arcgis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com rawgit.com cdn.jsdelivr.net;img-src data:image/svg+xml image 'self' cbpssubscriber.mygov.in js.arcgis.com; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com gijgo.min.css js.arcgis.com; frame-src 'self' www.youtube-nocookie.com  1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.libravita.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.libravita.de; style-src 'self' 'unsafe-inline' *.libravita.de *.addthis.com *.googleapis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.libravita.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.paypalobjects.com *.doubleclick.net *.googletagmanager.com *.stripe.com *.youtube.com blob: 1
default-src 'self' 'unsafe-inline' https://lidartsstatic.org https://www.youtube-nocookie.com https://stackpath.bootstrapcdn.com https://jitsi1.lidarts.org https://jitsi.dusk-server.de; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://lidartsstatic.org https://cdn.plot.ly https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://ajax.googleapis.com https://unpkg.com https://meet.jit.si; img-src https://www.lidarts.org https://lidartsstatic.org 'self' data: https: 'unsafe-inline'; style-src 'unsafe-inline' 'self' https://lidartsstatic.org https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net; base-uri 'self'; form-action 'self' https://www.paypal.com; connect-src 'self' wss://lidarts.org wss://www.lidarts.org wss://janus1.lidarts.org https://pypi.org; 1
default-src 'self'; script-src 'self' *.liebherr.com blob: home.liebherr.com bat.bing.com *.clarity.ms *.usercentrics.eu googleads.g.doubleclick.net www.googleadservices.com *.cloudflareinsights.com *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com siteseal.quovadisglobal.com c.evidon.com widget-configurations.s3.eu-central-1.amazonaws.com *.commerce-connector.com 'unsafe-inline' *.zencdn.net 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com *.google.com *.gstatic.com *.mds.eu *.youtube-nocookies.com *.cloudflare.com *.paypalobjects.com *.paypal.com aframe.io cdn.jsdelivr.net bing.com; style-src 'self' *.liebherr.com widget-configurations.s3.eu-central-1.amazonaws.com *.commerce-connector.com 'unsafe-inline' *.zencdn.net fonts.googleapis.com *.google.com *.gstatic.com *.mds.eu *.cloudflare.com; img-src 'self' *.liebherr.com *.bing.com *.clarity.ms *.usercentrics.eu googleads.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.commerce-connector.de *.commerce-connector.com *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.google.de *.azurewebsites.net 'self' data: *.gstatic.com *.ytimg.com *.googletagmanager.com images.anythingabout.net *.cloudflare.com *.paypal.com; font-src 'self' *.liebherr.com *.heidelpay.com *.commerce-connector.com *.zencdn.net *.gstatic.com *.cloudflare.com 'self' data:; media-src 'self' *.liebherr.com *.cloudflare.com; connect-src 'self' *.liebherr.com analytics.google.com *.clarity.ms maps.googleapis.com *.usercentrics.eu stats.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.commerce-connector.com *.google-analytics.com *.mds.eu *.mds.eu:3000 *.cloudflare.com *.paypal.com www.google.com www.google.de; object-src 'self' *.liebherr.com *.cloudflare.com; frame-src 'self' *.liebherr.com *.usercentrics.eu bid.g.doubleclick.net *.heidelpay.com www.youtube.com *.youtube-nocookie.com *.mds.eu *.google.com *.cloudflare.com *.hpcgw.net *.fls.doubleclick.net 1
frame-ancestors 'self' *.plataformaneo.com.br 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.linex-probio.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' data: blob: https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https:; img-src 'self' data: https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' blob: 1
frame-ancestors lmg5.lt youtube.com twitch.com twitch.tv 185.80.129.79:3000 185.80.129.79 http://185.80.129.79:3000 http://185.80.129.79 1
base-uri 'self';frame-ancestors 'none';default-src 'self' *.youtube.com *.googleapis.com *.facebook.com lmpolanco.com *.linkedin.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.mx;style-src lmpolanco.com *.googleapis.com 'unsafe-inline' 'unsafe-hashes';script-src lmpolanco.com *.google.com *.facebook.net *.googletagmanager.com *.gstatic.com *.licdn.com *.google-analytics.com *.googleapis.com 'unsafe-inline';font-src *.googleapis.com *.gstatic.com lmpolanco.com;img-src 'self' data: 'unsafe-eval' *.google.com.mx *.facebook.com *.linkedin.com *.gstatic.com *.googleapis.com;form-action 'self'; 1
base-uri 'self'; img-src * 'self' data: blob:; default-src 'unsafe-eval' http://localhost:5000 https://www.locaisdobrasil.com.br https://*.cleverwebserver.com https://pixbet.com https://br.betano.com https://sender.clevernt.com https://www.google.com https://accounts.google.com https://afs.googlesyndication.com https://tpc.googlesyndication.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://fundingchoicesmessages.google.com https://csi.gstatic.com https://csp.withgoogle.com http://cse.google.com https://cse.google.com https://www.gstatic.com https://openlayers.org https://fonts.gstatic.com https://www.googletagmanager.com https://adservice.google.com.br https://adservice.google.com https://securepubads.g.doubleclick.net https://www.adsensecustomsearchads.com https://viacep.com.br https://cdn.ampproject.org; style-src https://fonts.googleapis.com https://accounts.google.com 'self' 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'sha256-kgPSMq7Eu0ZBbeWTrZMSPZKgFLAanw36pVSmav5UDf4=' 'sha256-I1ZgSU+7Jnjw0hlfR3doHA4rjvEccUnuqy/Q3xMNH58=' 'sha256-G2CvDOSdZeixAGRXwWiD1g5ToAVLsVfFfDsDqC7plk0=' 'sha256-3XRVeqBccGZC1sEZsCJkcQGKlN/NeWPlWQochS1UGbY=' 'sha256-9N6U4rPMf2fgWJZ48ciQ4CC41Xt29GZYo7U3gFqo/UQ=' 'sha256-QDnlDgTVkXaPmHOTrWM29latWMBPQxkmzfv07WQk0Dg=' 'sha256-d1SfhSRBu1hG1ogmwUP0sgHebQYbZSAsbyDeWo88xf8=' 'sha256-IbKuxUx71/mtkC8h7JXFfustAH5lEHHto7/wquf/Ao4=' 'sha256-Qb6BKdOjOWNHB3hVJDX4lnFE3zLjK55aFwIdN5dXbO0=' 'sha256-ys/x9uLDcyuK6UM1xRYrWjKR1q6c1yxswaz6Vn+D7lo=' 'sha256-6iYTHdDAbFpwtSrdH9KLCfYhXhT5w8805NvidqoCcDE=' 'sha256-0IKf4q6H8pEZZxfndORwSJHOA3/gITcWDoVKhvprzXc=' 'strict-dynamic' https: http:;script-src-elem http://localhost:5000 https://www.locaisdobrasil.com.br https://*.cleverwebserver.com https://pixbet.com https://br.betano.com https://sender.clevernt.com https://www.google.com https://accounts.google.com https://afs.googlesyndication.com https://tpc.googlesyndication.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://fundingchoicesmessages.google.com https://csi.gstatic.com https://csp.withgoogle.com http://cse.google.com https://cse.google.com https://www.gstatic.com https://openlayers.org https://fonts.gstatic.com https://www.googletagmanager.com https://adservice.google.com.br https://adservice.google.com https://securepubads.g.doubleclick.net https://www.adsensecustomsearchads.com https://viacep.com.br https://cdn.ampproject.org 'self' 'sha256-kgPSMq7Eu0ZBbeWTrZMSPZKgFLAanw36pVSmav5UDf4=' 'sha256-I1ZgSU+7Jnjw0hlfR3doHA4rjvEccUnuqy/Q3xMNH58=' 'sha256-G2CvDOSdZeixAGRXwWiD1g5ToAVLsVfFfDsDqC7plk0=' 'sha256-3XRVeqBccGZC1sEZsCJkcQGKlN/NeWPlWQochS1UGbY=' 'sha256-9N6U4rPMf2fgWJZ48ciQ4CC41Xt29GZYo7U3gFqo/UQ=' 'sha256-QDnlDgTVkXaPmHOTrWM29latWMBPQxkmzfv07WQk0Dg=' 'sha256-d1SfhSRBu1hG1ogmwUP0sgHebQYbZSAsbyDeWo88xf8=' 'sha256-IbKuxUx71/mtkC8h7JXFfustAH5lEHHto7/wquf/Ao4=' 'sha256-Qb6BKdOjOWNHB3hVJDX4lnFE3zLjK55aFwIdN5dXbO0=' 'sha256-ys/x9uLDcyuK6UM1xRYrWjKR1q6c1yxswaz6Vn+D7lo=' 'sha256-6iYTHdDAbFpwtSrdH9KLCfYhXhT5w8805NvidqoCcDE=' 'sha256-0IKf4q6H8pEZZxfndORwSJHOA3/gITcWDoVKhvprzXc=' ; frame-ancestors https://*.betano.com https://pixbet.com 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.lokshahi.com;block-all-mixed-content; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis-moto.it;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis-moto.it;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.pl;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.pl;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://*.cookiebot.com/ https://*.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.net/ https://*.google.com https://*.youtube.com https://*.google-analytics.com https://*.gstatic.com; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.luvn.fi *.wdr.io; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src blob:; frame-src https: 1
frame-ancestors 'self' 'unsafe-inline' *.m-ihinseiri.jp 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-B96953B05BCE36C1E68AD85A94E5B1B3' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-B96953B05BCE36C1E68AD85A94E5B1B3'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.maatjemeer-match.nl/API/Site/CspReport 1
default-src https:; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com platform.instagram.com www.instagram.com cdn1.developermedia.com cdn2.developermedia.com apis.google.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com az416426.vo.msecnd.net/; 1
default-src 'self' fonts.gstatic.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.enhencer.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net browserLink cdn.taboola.com trc.taboola.com api-maps.yandex.ru yastatic.net mc.yandex.ru www.google.com www.gstatic.com cdnjs.cloudflare.com www.guvendamgasi.org.tr analytics.tiktok.com data:;                       style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;                      img-src 'self' www.google.az www.googletagmanager.com www.google.com.tr www.google.com www.google-analytics.com cds.taboola.com trc.taboola.com www.facebook.com api-maps.yandex.ru data: mc.yandex.ru www.guvendamgasi.org.tr/_logo_js/img/aldi.png;                     connect-src 'self' 'unsafe-inline' collect.enhencer.com collect-web.enhencer.com pips.taboola.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net trc-events.taboola.com www.facebook.com mc.yandex.ru cds.taboola.com www.guvendamgasi.org.tr/_logo_js/client.php analytics.tiktok.com;                     frame-src 'self' bid.g.doubleclick.net yandex.com.tr www.facebook.com www.google.com 1
style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css 'unsafe-inline';           script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://connect.facebook.net/en_GB/sdk.js;           img-src 'self' data: www.w3.org/2000/svg https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/;            font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com;           connect-src https://www.google-analytics.com https://www.malivadhuvar.com;            frame-src https://www.facebook.com;           object-src 'none';            default-src 'self'; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; img-src * data: blob:; font-src *; connect-src * blob:; object-src * blob:; frame-src * blob:; worker-src * blob: 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https: data: blob:; connect-src 'self' https: wss:; frame-src 'self' https:; worker-src 'self' blob: https: 1
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data:; media-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval' blob: 1
base-uri 'self'; connect-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.timify.com https://*.timify.com/; img-src 'self' data: https://*.timify.com https://*.timify.com/; object-src 'self' data: https://*.timify.com https://*.timify.com/; frame-src 'self' data: https://*.timify.com https://*.timify.com/; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gtm.com *.googletagmanager.com *.jsdelivr.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.clarity.ms *.kenyt.ai googleads.g.doubleclick.net *.googleapis.com cdn.scaleflex.it cdnjs.cloudflare.com *.datatables.net *.chat360.io *.googleadservices.com 1
default-src 'self'; connect-src *; font-src * 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://www.mate-tee.de/ 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-bn1IGHPZali5udd8kee4XQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.matrasdirect.nl http://*.matrasdirect.nl 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.youtube.com https://www.gstatic.com; child-src 'self' https://*.facebook.net https://*.facebook.com https://*.google.com https://*.youtube.com https://*.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://*.mastercard.com https://*.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googleadservices.com https://*.doubleclick.net https://fonts.googleapis.com https://*.facebook.net https://*.fbcdn.net https://*.fbsbx.com https://*.facebook.com; frame-src wvjbscheme: 'self' https://*.mastercard.com https://*.doubleclick.net https://*.facebook.com; connect-src 'self' https://*.analytics.google.com https://*.google.com https://www.google-analytics.com https://*.doubleclick.net https://*.analytics.google.com https://www.google.com/pay https://*.facebook.net https://*.facebook.com; img-src 'self' data: https://*.google.hu https://www.google-analytics.com https://www.google.com https://*.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://*.facebook.net https://*.facebook.com; 1
frame-ancestors admin.bookingeuro.it 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: 'self'; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://www.immoneuf.com; 1
font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; frame-src *; report-uri https://prodoctorov.ru/cspreport/ 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-2B8232E25D3002CE7EB466DA563BFB1F' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-2B8232E25D3002CE7EB466DA563BFB1F'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.metjou.nl/API/Site/CspReport 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zdassets.com *.smooch.io *.vimeo.com *.moatads.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.googlecommerce.com *.addthis.com *.addthisedge.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.feefo.com *.hotjar.com *.hotjar.io 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.stagingcheckout.psigate.com *.psigate.com cdn.3dsintegrator.com api-sandbox.3dsintegrator.com api.3dsintegrator.com *.3dsintegrator.com 'self' 'unsafe-inline'; frame-ancestors cdn.3dsintegrator.com api-sandbox.3dsintegrator.com api.3dsintegrator.com *.cardinalcommerce.com *.3dsintegrator.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com sealserver.trustwave.com *.trustlogo.com secure.trust-provider.com s7.addthis.com response.3dsintegrator.com *.fast.amc.demdex.net cdn.3dsintegrator.com api-sandbox.3dsintegrator.com api.3dsintegrator.com *.3dsintegrator.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.stagingcheckout.psigate.com *.psigate.com sealserver.trustwave.com secure.trust-provider.com services.tochat.be cdn.tochat.be 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.stagingcheckout.psigate.com *.psigate.com sealserver.trustwave.com *.trust-provider.com secure.trust-provider.com *.trustlogo.com widget.tochat.be *.googletagmanager.com cdnjs.cloudflare.com services.nofraud.com s7.addthis.com cdn.3dsintegrator.com api-sandbox.3dsintegrator.com api.3dsintegrator.com *.cardinalcommerce.com *.3dsintegrator.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.stagingcheckout.psigate.com *.psigate.com cdnjs.cloudflare.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stagingcheckout.psigate.com *.psigate.com sealserver.trustwave.com *.trustlogo.com secure.trust-provider.com s7.addthis.com widget.tochat.be services.tochat.be api.3dsintegrator.com d-ipv6.mmapiws.com cdn.3dsintegrator.com api-sandbox.3dsintegrator.com *.cardinalcommerce.com ekr.zdassets.com/ *.3dsintegrator.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.useinsider.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfort.com *.facebook.com *.useinsider.com *.omguk.com *.google-analytics.com *.google.it *.tamara.co *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://youtu.be *.criteo.com *.snapchat.com *.useinsider.com *.omguk.com *.doubleclick.net *.google-analytics.com *.google.it *.tamara.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.visa.com *.zendesk.com *.google.co.in *.com.sa/west/ *.facebook.com *.facebook.net *.yandex.ru *.doubleclick.net *.criteo.com *.yeldmo.com *.aralego.net *.smaato.net *.bing.com *.pubmatic.com *.mediavine.com *.rlcdn.com *.stickyadstv.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.snapchat.com *.useinsider.com *.omguk.com *.clarity.ms *.yahoo.com *.tamara.co www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.visa.com *.mastercard.com *.zendesk.com *.zdassets.com *.zopim.com *.payfort.com *.artfut.com *.facebook.net *.tiktok.com *.criteo.com *.yandex.ru sc-static.net *.go-mpulse.net *.snapchat.com *.useinsider.com *.omguk.com *.yimg.com *.clarity.ms https://webtrafficsource.com *.google-analytics.com *.google.it *.tamara.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.useinsider.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.payfort.com *.zendesk.com *.snapchat.com *.useinsider.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.payfort.com *.googleapis.com *.doubleclick.net *.tiktok.com *.yandex.ru *.criteo.com *.facebook.com *.go-mpulse.net *.snapchat.com *.akstat.io *.akamaihd.net *.useinsider.com *.omguk.com *.clarity.ms https://webtrafficsource.com *.yimg.com *.google-analytics.com *.google.it *.tamara.co api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' *.youtube.com *.vimeo.com https://www.google.com *.livechatinc.com *.readspeaker.com https://www.readspeaker.com; form-action 'self' https://*.readspeaker.com https://www.readspeaker.com https://*.abnamro.nl https://www.abnamro.nl https://*.asnbank.nl https://asnbank.nl https://*.bunq.com https://bunq.com https://*.ing.nl https://ing.nl https://*.knab.nl https://knab.nl https://*.n26.com https://n26.com https://*.nn.nl https://www.nn.nl https://*.rabobank.nl https://rabobank.nl https://*.regiobank.nl https://regiobank.nl https://*.revolut.com https://revolut.com https://*.snsbank.nl https://snsbank.nl https://*.triodos.nl https://triodos.nl https://*.vanlanschotkempen.com https://vanlanschotkempen.com https://*.bitsafe.com https://bitsafe.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl *.sharethis.com *.youtube.com *.vimeo.com *.vimeocdn.com *.amazonaws.com *.futy.io *.easycruit.com *.readspeaker.com *.googleapis.com *.google.com *.google.nl https://stats.g.doubleclick.net *.doubleclick.net wss://api.qooqie.com *.bing.com *.leadinfo.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.bind.com *.rawgit.com *.jsdelivr.net use.fontawesome.com *.livechatinc.com *.placeholder.com *.gstatic.com *.postcodeapi.nu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl *.googleapis.com *.sharethis.com *.amazonaws.com *.easycruit.com *.futy.io *.readspeaker.com *.rawgit.com https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://extreme-ip-lookup.com https://stats.g.doubleclick.net *.doubleclick.net wss://api.qooqie.com *.bing.com *.leadinfo.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google - analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.bind.com *.livechatinc.com; object-src 'self' *.speakdemo.nl *.kredietbanknederland.nl *.mijnbankgemak.nl *.zakelijkbankgemak.nl *.ping.nl wss://api.qooqie.com *.bing.com *.leadinfo.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.cloudflare.com *.googletagmanager.com *.google - analytics.com *.qooqie.com *.leadinfo.net *.clarity.ms *.bind.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' data: https://static.anwb.nl https://google-analytics.com  https://maps.gstatic.com https://maps.googleapis.com *.google-analytics.com *.googletagmanager.com https://script.hotjar.com http://script.hotjar.com; connect-src 'self' https://api.anwb.nl/v1/case-status-updates/ sst.online-pub-prd.aws-public.anwb.cloud *.anwb.nl analytics.anwb.nl maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; object-src 'none'; frame-src https://vars.hotjar.com; font-src 'self' https://static.anwb.nl https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-hashes' ; img-src * blob: data: ; font-src * data: ; connect-src *; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; frame-src 'self' youtube.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com/ https://www.facebook.com/ https://maps.google.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' mileroticos.de *.mileroticos.de putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
block-all-mixed-content; frame-ancestors *.minibelas.com.br 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-IUPt_4AaJ6E36qEOoRLxXQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: data: wss: *.bing.com www.mirjan24.pl *.mirjan24.pl mirjan24.pl googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com biano.sk *.biano.sk biano.cz *.biano.cz biano.hu *.biano.hu biano.ro *.biano.ro biano.hr *.biano.hr prefixbox.com *.prefixbox.com gstatic.com *.gstatic.com novynabytok.sk *.novynabytok.sk hezkynabytek.cz *.hezkynabytek.cz zondo.hu *.zondo.hu zondo.ro *.zondo.ro zondo.hr *.zondo.hr *.zdassets.com *.zopim.com prefixbox.com *.prefixbox.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms *.doubleclick.net chimpstatic.com google.com *.google.com google.sk *.google.sk google.cz *.google.cz google.hu *.google.hu google.ro *.google.ro google.hr *.google.hr googleadservices.com *.googleadservices.com *.zopim.io *.imedia.cz *.seznam.cz chimpstatic.com facebook.net *.facebook.net nabytok-mirjan24.sk *.nabytok-mirjan24.sk mirjan24.cz *.mirjan24.cz facebook.com *.facebook.com meblemirjan.pl *.meblemirjan.pl youtube.com *.youtube.com creativecdn.com *.creativecdn.com https://*.bootstrapcdn.com https://chimpstatic.com; 1
frame-ancestors 'self' misope.co.kr *.misope.co.kr 1
default-src 'self' * script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://*; font-src * data:; frame-src https://www.facebook.com https://youtube.com https://www.youtube.com http://www.youtube.com http://www.google.com  ;img-src * 'self' data: https: ; child-src 'none';   connect-src 'self' https://* wss: ws:; 1
connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com ebbot-v2.storage.googleapis.com *.ebbot.app/api/asyngular/ wss://v2.ebbot.app/api/asyngular/ wss://v2.ebbot.app v2.ebbot.app translate.googleapis.com *.sundsvall.se https://org-967.chat.kundo.se/ https://chat.kundo.se/ https://sentry.kundo.se/api/ wss://ws-eu.pusher.com/app/ https://socksjs-eu.pusher.com/ https://kundo.se/attachment/upload/ https://static.kundo.se/static/;default-src 'self' ebbot-v2.storage.googleapis.com *.ebbot.app/api/asyngular/ wss://v2.ebbot.app/api/asyngular/ *.chat.kundo.se *.kundo.se *.pusher.com sentry.io wss://ws-eu.pusher.com wss://*.pusher.com https://*.pusher.com translate.googleapis.com *.sundsvall.se;font-src 'self' fonts.gstatic.com fonts.googleapis.com ebbot-v2.storage.googleapis.com;frame-ancestors 'self';frame-src 'self' *.youtube.com https://www.google.com/ https://my.matterport.com/ kundpoangen.trimma.se org-967.chat.kundo.se trackmyelectricity.com newsletter.paloma.se public.wec360.se https://chat.kundo.se/* https://sentry.kundo.se/api/;img-src 'self' *.eniro.no ebbot-v2.storage.googleapis.com *.googleapis.com *.ggpht.com maps.gstatic.com csi.gstatic.com *.google-analytics.com *.googletagmanager.com data: cdnjs.cloudflare.com/ajax/libs/leaflet/ stats.g.doubleclick.net static.kundo.se chat.kundo.se kundo-uploads.s3.amazonaws.com kundo.se kundo-web-uploaded-files-prod.s3.amazonaws.com *.gstatic.com/ *.google.com/ *.google-analytics.com *.sundsvall.se;script-src 'self' 'unsafe-inline' 'unsafe-eval' ebbot-v2.storage.googleapis.com maps.googleapis.com csi.gstatic.com leaflet.eniro.com attributionservice.enirocdn.com tileversion.eniro.com cdnjs.cloudflare.com/ajax/libs/leaflet/ *.google-analytics.com *.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ static-chat.kundo.se chat.kundo.se ajax.aspnetcdn.com *.pusher.com translate.google.com translate.googleapis.com translate-pa.googleapis.com *.googleapis.com *.sundsvall.se;style-src 'self' 'unsafe-inline' ebbot-v2.storage.googleapis.com fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/leaflet/ static-chat.kundo.se chat.kundo.se translate.googleapis.com www.gstatic.com; 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-7TUQg0oT5YocN49whMHEJA'; style-src 'self' https://apis.google.com/* 'nonce-7TUQg0oT5YocN49whMHEJA'; img-src * data: 1
default-src 'none';base-uri 'self';connect-src 'self' blob:;form-action 'self';img-src 'self' data: blob: *.ytimg.com;font-src 'self' data: *.gstatic.com;frame-src *.youtube-nocookie.com *.google.com https://challenges.cloudflare.com;media-src 'self';object-src 'none';script-src https: 'strict-dynamic' 'unsafe-inline' 'nonce-oEA03iSjGNeAI58Y26oWklcivKpaRHYs';style-src 'self' 'unsafe-inline' *.googleapis.com;manifest-src 'self';worker-src 'self';frame-ancestors 'none' 1
frame-ancestors uatcms-rsxlfpvfdt.molhem.ml testcms-m6a3efm4aw.molhem.ml cms.molhem.com cmsnew.molhem.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dpm.demdex.net *.telus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: telus.122.2o7.net 1
frame-ancestors 'self' www.clubvet.fr pro.rec.clubvet.fr pro.clubvet.fr olympe.rec.clubvet.fr; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' moomooz.co.kr *.moomooz.co.kr 1
frame-ancestors 'self' https://poinplus.bni.co.id 1
frame-ancestors 'self';img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://i0.wp.com https://pixel.wp.com;object-src 'none';report-uri /; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.facebook.net/ https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://*.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://tagmanager.google.com; img-src 'self' secure.gravatar.com https://www.facebook.com https://*.facebook.net ps.w.org https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com data:; font-src 'self' fonts.gstatic.com data:; object-src 'none'; frame-src 'self' https://morinaga.morigro.id https://www.youtube.com https://www.google.com; 1
default-src 'self' https://static.zohocdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://css.zohocdn.com https://css.zohostatic.com https://files.zohopublic.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://css.zohocdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://js.rfp.fout.jp https://www.googletagmanager.com https://www.google.com https://unpkg.com https://salesiq.zoho.com https://salesiq.zohopublic.com/widget https://www.google-analytics.com https://connect.facebook.net https://cdn.adbro.me https://googleads.g.doubleclick.net https://td.doubleclick.net https://js.zohocdn.com https://js.zohostatic.com https://tag.adbro.me https://code.jquery.com https://www.clarity.ms https://static.zohocdn.com; connect-src 'self' https://*.clarity.ms https://stats.g.doubleclick.net https://analytics.google.com https://salesiq.zohopublic.com https://www.google-analytics.com wss://vts.zohopublic.com https://pagead2.googlesyndication.com wss://apis.adbro.me https://www.google.com; frame-src 'self' https://www.facebook.com https://td.doubleclick.net https://www.google.com https://www.youtube.com https://*.morinaga.id https://*.usetada.com https://salesiq.zohopublic.com https://download.zohopublic.com https://vts.zohopublic.com https://salesiq.zohopublic.com https://js.zohostatic.com https://wms.zohopublic.com https://media.zohostatic.com https://dyjgaef5vuq51.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://js.zohocdn.com https://css.zohocdn.com https://img.zohostatic.com https://media.zohostatic.com https://fonts.zohostatic.com 1
frame-ancestors 'self' https://motekas.sharepoint.com ; 1
default-src 'self' blob: https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://fonts.gstatic.com https://code.jquery.com/ https://www.google.com/ https://www.gstatic.com/ https://mozilla.github.io/ https://cdn.datatables.net https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googletagservices.com/;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.datatables.net https://code.jquery.com/;      img-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://pagead2.googlesyndication.com/;                 font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com https://code.jquery.com/ https://www.google.com/ https://www.gstatic.com/ https://mozilla.github.io/ https://cdn.datatables.net https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googletagservices.com/ https://adservice.google.com/ https://adservice.google.com.my/ https://googleads.g.doubleclick.net/;     connect-src 'self' https://pagead2.googlesyndication.com;     worker-src 'self' blob:;     frame-src 'self' blob: https://www.google.com https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.youtube.com;      1
default-src 'self';            script-src https://www.movie.com.uy https://movieprodwebsite-staging.azurewebsites.net/ http://movieprodwebsite-staging.azurewebsites.net/ https://connect.facebook.net https://cdnjs.cloudflare.com https://www.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net *.google-analytics.com 'unsafe-inline' https://analytics.tiktok.com;           style-src 'unsafe-inline' https://www.movie.com.uy https://movieprodwebsite-staging.azurewebsites.net/ http://movieprodwebsite-staging.azurewebsites.net/ https://fonts.googleapis.com/;            font-src https://www.movie.com.uy https://movieprodwebsite-staging.azurewebsites.net/ http://movieprodwebsite-staging.azurewebsites.net/ https://fonts.gstatic.com;             img-src https://www.movie.com.uy https://movieprodwebsite-staging.azurewebsites.net/ http://movieprodwebsite-staging.azurewebsites.net/ https://movietestportalstoweb.blob.core.windows.net https://fonts.googleapis.com https://movieprodportalstoweb.blob.core.windows.net https://stats.g.doubleclick.net *.google-analytics.com https://www.facebook.com https://www.google.com.uy;             connect-src https://movieprodportalapi.azurewebsites.net/ https://movieprodwebapi-staging.azurewebsites.net/ https://movieprodwebapi-visanet.azurewebsites.net/ https://api.movie.com.uy/ https://movieprodwebapi.azurewebsites.net/ https://www.google-analytics.com http://www.google-analytics.com https://analytics.google.com;             media-src *.youtube.com *.youtube-nocookie.com;            object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com;            child-src 'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com https://h.online-metrix.net/; 1
img-src 'self' https: data:;frame-src 'self' https: data: 1
strict-origin 1
default-src 'self'; script-src 'self' *.cloudflare.com *.google.com cdn.datatables.net maps.googleapis.com www.gstatic.com cdn.jsdelivr.net www.youtube.com *.aichat.site www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.datatables.net *.cloudflare.com fonts.googleapis.com unpkg.com *.aichat.site 'unsafe-inline'; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com *.aichat.site; connect-src 'self' maps.googleapis.com *.facebook.com socialplugin.facebook.net; media-src 'self'; frame-src 'self' *.facebook.com *.google.com plugins.flockler.com mrdiy.listedcompany.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' https://medi-ent.co.jp/  https://www.medi-ent.co.jp/;    1
script-src 'self' 'unsafe-eval' 'unsafe-inline' file.unica.vn www.googletagmanager.com connect.facebook.net web.facebook.com www.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com translate.google.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io za.zdn.vn embed.tawk.to cdn.tailwindcss.com ipinfo.io *.googleapis.com apis.google.com *.edubit.vn www.wiris.net edubit.live www.pdftron.com fchat.vn cdn.fchat.vn embed.ybai.me salekit.page player.vimeo.com livechat.fpt.ai www.misa.vn a.pancake.vn api.webcake.io zigzag.vn; worker-src 'self' blob:; 1
default-src *.msw-modelle.com msw-modelle.com lkw-modelle.de lkw-modelle.com 'self' data: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors https://www.multicert.dev https://*.bpn.com https://*.bancobic.net https://www.unibanco.pt https://my.universo.pt https://wallet.universo.pt https://piloto.universo.pt https://piloto-wallet.universo.pt https://localhost:8448 https://api.zoomauth.com 'self'; upgrade-insecure-requests; script-src 'self' https://static.opentok.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://api.zoomauth.com/ https://*.tokbox.com wss://*.opentok.com https://*.opentok.com wss://*.tokbox.com 'self' blob:; img-src 'self' data: blob:; font-src 'self' data:; 1
default-src 'self' object-src data: 'unsafe-eval' https: 'unsafe-inline' 'unsafe-eval' google-analytics.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://www.google.cl https://www.google.com;
       font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com;
       style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;
       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/j/collect https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/khH7Ei3klcvfRI74FvDcfuOo/recaptcha__es.js https://acdn.adnxs.com https://connect.facebook.net https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__es.js;
       object-src 'none';
       frame-src 'self' https://www.google.com https://player.vimeo.com https://app.gerty.com https://open.spotify.com https://8875027.fls.doubleclick.net/activityi;
       form-action 'self';
       worker-src 'self' blob:;
       upgrade-insecure-requests;
       frame-ancestors 'self';
       base-uri 'self';
       manifest-src 'self';
       media-src 'self';
       #report-uri /csp-violation-report-endpoint/;
       img-src 'self' https://www.googletagmanager.com/td https://www.facebook.com/tr/?id https://www.googletagmanager.com/a https://www.google.cl/ads/ga-audiences https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://www.google-analytics.com/collect https://www.google.com/ads/ga-audiences https://ib.adnxs.com/pixie;
       connect-src 'self' https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect; 1
frame-ancestors 'self' https://www.municipalidadantofagasta.cl/ https://www.municipalidaddeantofagasta.cl/ https://municipalidadantofagasta.cl/ https://municipalidaddeantofagasta.cl/ 1
frame-ancestors 'self' https://mutue.ao 1
img-src * 'self' data:;  default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.ch https://www.myheritage.de  'nonce-156d3b5fb3160403febafe593e55f95b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.ch;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.gr https://www.myheritage.gr  'nonce-266899e9ed68b7d231e9290ced00e9a0' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.gr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.hu https://www.myheritage.hu  'nonce-f6d4628798ab7c55f060882e9d5b2c15' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.hu;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.sk https://www.myheritage.sk  'nonce-ffa0dd53255cbb179e916132c71ee4ca' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.sk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sa.gov.au dit.sa.gov.au *.dptiapps.com.au dptiapps.com.au analytics.google.com *.google-analytics.com google-analytics.com *.gstatic.com *.googleapis.com *.googlevideo.com *.google.com secure-ds.serving-sys.com www.googletagmanager.com googletagmanager.com www.googleadservices.com googleadservices.com googleads.g.doubleclick.net *.hotjar.com ws.hotjar.com *.hotjar.io *.crazyegg.com *.monsido.com monsido.com *.serving-sys.com *.fontawesome.com www.youtube.com youtube.com vstream.command.verkada.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com js.arcgis.com *.facebook.net *.facebook.com facebook.com siteimproveanalytics.com unpkg.com *.typekit.net dit.api.consultationmanager-preview.com *.arcgis.com *.createsend1.com *.verkada.com blob: 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-eval' *.sa.gov.au dit.sa.gov.au *.dpti.sa.gov.au *.dptiapps.com.au dptiapps.com.au img.youtube.com *.facebook.com *.gstatic.com *.google.com *.monsido.com www.googletagmanager.com googletagmanager.com *.googleapis.com *.google.com.au *.ytimg.com; 1
frame-ancestors https://beamish-yeot-0af3c3.netlify.app 1
default-src 'self' https://*.getprintbox.com; connect-src https://myprintpix.daktela.com https://hostedmax.comm100.com https://smbmaxservice.comm100.com https://smbchatserver.comm100.com https://vc.hotjar.io/ cdn.trustindex.io online.gls-hungary.com https://api.virtualjog.hu *.criteo.com 'self' blob: myprintpix.hu printpix.getprintbox.com printpix-pbx2.getprintbox.com pbx2-brian.s3.amazonaws.com pbx2-brian.s3.eu-central-1.amazonaws.com pbx2-printpix.s3.eu-central-1.amazonaws.com pbx2-printpix.s3.eu-central-1.amazonaws.com printbox-js.s3.amazonaws.com https://*.getprintbox.com https://dbg.getprintbox.com:8888 https://*.printboxteam.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.bing.com https://*.olark.com wss://*.zopim.com https://*.zopim.com https://stats.g.doubleclick.net https://www.paypal.com https://*.stripe.com https://*.hotjar.com wss://*.hotjar.com wss://*.getprintbox.com https://*.googleapis.com https://*.smartsupp.com wss://*.smartsupp.com https://api.instagram.com https://graph.instagram.com https://*.facebook.net https://*.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://*.nets.com.sg https://*.enets.sg; script-src https://myprintpix.daktela.com https://hostedmax.comm100.com https://hostedmax.comm100.com https://*.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://standby.comm100vue.com https://vue.comm100.com/ cdn.trustindex.io https://api.virtualjog.hu *.criteo.com 'self' myprintpix.hu printpix.getprintbox.com printpix-pbx2.getprintbox.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8000 https://dbg.getprintbox.com:8888 'unsafe-inline' 'unsafe-eval' https://*.getprintbox.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.google.com https://*.google.pl https://*.google.dk https://*.googleapis.com https://*.googletagmanager.com https://*.bing.com https://*.gstatic.com https://*.google-analytics.com https://cdn.mouseflow.com https://*.facebook.net https://api.instagram.com https://api.flickr.com https://*.twitter.com https://*.pinterest.com https://cdn.klarna.com https://*.stripe.com https://*.olark.com https://chimpstatic.com https://*.zopim.com https://*.bootstrapcdn.com https://cdn.tinymce.com https://www.paypal.com https://www.paypalobjects.com https://*.hotjar.com https://*.prestashop.com https://auth-server.herokuapp.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.ytimg.com/ https://smartsupp-widget-161959.c.cdn77.org https://bootstrap.smartsuppchat.com https://www.smartsuppchat.com https://tagmanager.google.com https://*.enets.sg; img-src 'self' data: blob: https: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com; style-src cdn.trustindex.io 'self' 'unsafe-inline' printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://*.olark.com https://*.bootstrapcdn.com https://*.prestashop.com https://cdnjs.cloudflare.com https://smartsupp-widget-161959.c.cdn77.org https://tagmanager.google.com https://*.enets.sg; font-src https://*.facebook.net https://chatserver.comm100.com/ https://vue.comm100.com cdn.trustindex.io 'self' data: blob: myprintpix.hu printpix.getprintbox.com pbx2-printpix.s3.eu-central-1.amazonaws.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://*.hotjar.com https://*.prestashop.com https://cdnjs.cloudflare.com https://*.zopim.com https://smartsupp-widget-161959.c.cdn77.org https://*.enets.sg; frame-src https://salesautopilot.s3.amazonaws.com/ https://sw.marketingszoftverek.hu/ https://api.virtualjog.hu *.criteo.com 'self' myprintpix.hu printpix.getprintbox.com printpix-pbx2.getprintbox.com https://*.getprintbox.com https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://cdn.klarna.com https://*.prestashop.com https://*.stripe.com https://*.cardinalcommerce.com https://*.olark.com https://*.twitter.com https://*.hotjar.com https://*.googleapis.com https://bid.g.doubleclick.net; media-src 'self' https://dbg.getprintbox.com:8888 https://*.olark.com https://smartsupp-widget-161959.c.cdn77.org; object-src 'none'; report-uri https://sentry.getprintbox.com/api/48/security/?sentry_key=67bc25495b504a2488cb2aa64ff50c4f; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://ampcid.google.pl https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.pl https://m.myprotein.pl https://checkout.myprotein.pl https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.oct8ne.com *.transbank.cl *.api.useinsider.com *.useinsider.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl app.beetrack.com *.dispatchtrack.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.api.useinsider.com *.useinsider.com *.dispatchtrack.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.oct8ne.com *.useinsider.com *.transbank.cl *.google.com *.api.useinsider.com maps.googleapis.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.facebook.com *.retailrocket.ru *.retailrocket.net *.myscrubs.cl *.oct8ne.com *.cloudfront.com *.cloudfront.net *.transbank.cl *.api.useinsider.com *.useinsider.com maps.googleapis.com maps.gstatic.com *.googleadservices.com s3.amazonaws.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.com.ar *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.googleapis.com *.oct8ne.com *.retailrocket.ru *.retailrocket.net *.newrelic.com *.nr-data.net *.useinsider.com *.transbank.cl *.api.useinsider.com maps.googleapis.com app.beetrack.cl *.googleadservices.com beetrack-general.s3-us-west-2.amazonaws.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com fonts.googleapis.com maps.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.retailrocket.net *.transbank.cl *.api.useinsider.com *.useinsider.com app.beetrack.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.net *.facebook.com *.googleapis.com *.oct8ne.com *.retailrocket.ru *.retailrocket.net *.newrelic.com *.nr-data.net *.useinsider.com *.transbank.cl *.api.useinsider.com *.googleadservices.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com fonts.googleapis.com maps.google.com maps.googleapis.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com stats.g.doubleclick.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'self'; script-src pagead2.googlesyndication.com cdn.az.ciam.nestle.com cdnjs.cloudflare.com maps.googleapis.com 4378738.fls.doubleclick.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.youtube.com tagmanager.google.com www.google.com snap.licdn.com d22xmn10vbouk4.cloudfront.net cdn.krxd.net connect.facebook.net googleads.g.doubleclick.net www.facebook.com consumer.krxd.net beacon.krxd.net youtube.com/iframe_api https://ncc.shortlyst.com www.gstatic.com sdk.shortlyst.com cdns.us1.gigya.com shortlyst.com js-agent.newrelic.com bam.nr-data.net cdn.cookielaw.org cookie-cdn.cookiepro.com onetrust.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' *; img-src * 'self' data:; frame-src * 'self'; frame-ancestors 'self' 1
default-src 'self' *.zurich.com *.google-analytics.com https://resources.digital-cloud.medallia.com https://udc-neb.kampyle.com https://md-scp.kampyle.com ; img-src 'self'  *.zurich.com https://i.imgur.com *.google-analytics.com data: https://resources.digital-cloud.medallia.com https://udc-neb.kampyle.com https://md-scp.kampyle.com  ;style-src 'self'  *.zurich.com 'unsafe-inline' https://resources.digital-cloud.medallia.com https://udc-neb.kampyle.com https://md-scp.kampyle.com ; script-src  *.zurich.com 'self' 'unsafe-inline' *.zurich.com *.googletagmanager.com *.google-analytics.com https://resources.digital-cloud.medallia.com https://udc-neb.kampyle.com https://md-scp.kampyle.com  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: data: wss: *.bing.com www.mirjan24.pl *.mirjan24.pl mirjan24.pl googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com biano.sk *.biano.sk biano.cz *.biano.cz biano.hu *.biano.hu biano.ro *.biano.ro biano.hr *.biano.hr prefixbox.com *.prefixbox.com gstatic.com *.gstatic.com novynabytok.sk *.novynabytok.sk hezkynabytek.cz *.hezkynabytek.cz zondo.hu *.zondo.hu zondo.ro *.zondo.ro zondo.hr *.zondo.hr *.zdassets.com *.zopim.com prefixbox.com *.prefixbox.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms *.doubleclick.net chimpstatic.com google.com *.google.com google.sk *.google.sk google.cz *.google.cz google.hu *.google.hu google.ro *.google.ro google.hr *.google.hr googleadservices.com *.googleadservices.com *.zopim.io *.imedia.cz *.seznam.cz chimpstatic.com facebook.net *.facebook.net nabytok-mirjan24.sk *.nabytok-mirjan24.sk mirjan24.cz *.mirjan24.cz facebook.com *.facebook.com meblemirjan.pl *.meblemirjan.pl youtube.com *.youtube.com creativecdn.com *.creativecdn.com vub.sk *.vub.sk ahojsplatky.sk *.ahojsplatky.sk; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src *; connect-src https: ws:; frame-src https: 1
font-src *.fontawesome.com https://static.lyra.com/static/ maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com www.google.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com https://flagcdn.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com cdn.weglot.com www.google.fr mcusercontent.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.google.com www.gstatic.com cdn.weglot.com/ static.zdassets.com connect.facebook.net data: apis.google.com static.hotjar.com script.hotjar.com maps.googleapis.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com downloads.mailchimp.com cdn.weglot.com *.fontawesome.com https://static.lyra.com/static/ maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com *.doofinder.com wss://*.doofinder.com cdn.weglot.com ekr.zdassets.com nautisports.zendesk.com wss://widget-mediator.zopim.com region1.google-analytics.com eu1-search.doofinder.com ekr.zendesk.com region1.analytics.google.com vc.hotjar.io https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' *.youtube.com *.baluarte.com *.twitter.com *.youtube-nocookie.com navarra360.com www.google.com;  1
frame-ancestors 'self' https://www.netutor.co.kr/ https://beta.nernter.com/ https://www.nernter.com/ https://nt.mojont.com/  https://nt-beta.mojont.com/ 1
default-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 1
frame-ancestors doradobet.com www.doradobet.com sb1client-altenar.biahosted.com *.virtualsoft.tech https://casinogranpalaciomx.com https://casinomiravallepalace.com https://casinointercontinentalmx.com https://netabet.com.mx https://casinoastoriamx.com https://winbet.la https://ecuabet.com https://eltribet.mx https://eltribet.com https://mobile.justbetja.com 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.si 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.tw 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' * data: https:; font-src 'self'  data: https:; connect-src 'self' https:; media-src 'self' https:; frame-src 'self' https:; object-src 'self' blob https:; worker-src 'self' blob: https:; base-uri 'self'; report-uri 1
connect-src *; font-src *; frame-src *; media-src *; object-src *;  1
frame-ancestors 'self' nightmall.co.kr *.nightmall.co.kr 1
frame-ancestors  https://b3live.com https://vyr.nitco.in 1
default-src 'self' https://*.njindiaonline.com https://*.njindiaonline.in https://*.njinsure.in http://localhost:8080 https://*.razorpay.com ; img-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.facebook.com https://*.googleadservices.com https://*.google.co.in https://*.google.com https://googleads.g.doubleclick.net blob: data: https://*.razorpay.com;child-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com ;style-src 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googleapis.com https://*.njindiaonline.in https://*.razorpay.com;worker-src https://*.njindiaonline.com https://*.njinsure.in http://localhost:8080 ; connect-src http://localhost:8080 https://*.njindiaonline.com https://*.njindiaonline.in https://*.google-analytics.com https://*.njtechdesk.com https://*.njinsure.in ;font-src http://localhost:8080 https://*.njinsure.in https://*.gstatic.com https://*.njindiaonline.com https://*.njindiaonline.in;object-src https://*.digicert.com https://*.njinsure.in https://*.njindiaonline.com 1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.newrelic.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.scarabresearch.com https://connect.facebook.net https://cdnjs.cloudflare.com https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://https https://*.bkmexpress.com.tr https://js.facebook.com https://js.maxmind.com https://static.criteo.net https://sslwidget.criteo.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://stn-nocturne.mncdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms https://*.segmentify.com https://*.sgmntfy.com;                      style-src 'self' 'unsafe-inline' *.google.com cdnjs.cloudflare.com fonts.googleapis.com stn-nocturne.mncdn.com www.googletagmanager.com https://*.segmentify.com https://*.sgmntfy.com;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net connect.facebook.net www.googletagmanager.com https://*.bkmexpress.com.tr;                      base-uri 'self';                      worker-src 'self' blob: www.google.com;      report-uri /WebResource.axd?cspReport=true; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net static.klaviyo.com *.app.cookieinformation.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.svea.com https://*.vipps.no https://*.trustly.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com https://*.facebook.com *.app.cookieinformation.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.svea.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ mcprod.norsegear.com chat.frontapp.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk https://*.facebook.com fonts.gstatic.com *.app.cookieinformation.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.frontapp.com https://*.googletagmanager.com https://*.facebook.net *.app.cookieinformation.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.svea.com https://widget.postenlabs.no/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.klarnacdn.net https://static.klaviyo.com blob: *.klaviyo.com *.frontapp.com *.typekit.net https://*.googletagmanager.com *.app.cookieinformation.com unsafe-inline assets.braintreegateway.com https://widget.postenlabs.no/assets/ *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ chat-assets.frontapp.com chat.frontapp.com us-west-1-chat-server.frontapp.com us-west-2-chat-server.frontapp.com eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com *.browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk *.app.cookieinformation.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.google-analytics.com *.googlesyndication.com *.doubleclick.net fonts.gstatic.com www.clarity.ms *.mouseflow.com *.facebook.net *.facebook.com *.soundestlink.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com app.toyboxsystems.com toybox-public.s3.amazonaws.com app.certainly.io *.dixa.io wss://sockets.dixa.io; frame-src 'self' *.facebook.com *.hotjar.com *.youtube.com *.youtube-nocookie.com *.google.com app.certainly.io td.doubleclick.net; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com fonts.googleapis.com; img-src * data:; child-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' cdnjs.cloudflare.com cdn.mouseflow.com omnisrc.com *.facebook.net *.google-analytics.com *.soundestlink.com *.googletagmanager.com *.googleadservices.com *.clarity.ms *.hotjar.com *.youtube.com *.youtube-nocookie.com googleads.g.doubleclick.net *.omnisend.com *.google.com *.manychat.com *.gstatic.com *.omnisnippet1.com omnisnippet1.com *.cloudfront.net app.toyboxsystems.com *.certainly.io widget.dixa.io cdn.polyfill.io;worker-src 'self'; 1
frame-ancestors scanpack.com www.scanpack.com 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-5AFD52909D434D986EAAB0C8569DDA1A' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-5AFD52909D434D986EAAB0C8569DDA1A'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.novamora.be/API/Site/CspReport 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:;object-src * 'self' https:; frame-ancestors * 'self' https:; 1
default-srcself; 1
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline'  1
script-src 'unsafe-inline' 'self' *.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net ; img-src 'self' *.google.com www.googletagmanager.com https://www.google.es/ https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://fonts.gstatic.com/ data: https: ; style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ ; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' *.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.es/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ ; frame-src 'none' ; object-src  'self' 1
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com; img-src * 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://secure.gravatar.com; script-src 'self' https://www.google.com https://accounts.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com 'sha256-cueLIjf7+saT+qlPuHeFx6d9eEbuC4uiq1aRQOb3VGU='; frame-src 'self' https://www.facebook.com https://web.facebook.com https://www.youtube.com https://platform.twitter.com https://www.google.com https://accounts.google.com https://docs.google.com https://staticxx.facebook.com https://syndication.twitter.com blob:; report-uri /cspreport.php 1
frame-ancestors 'self' https://catalog.omfal.ro; 1
default-src 'self'; style-src 'self' 'unsafe-inline' unpkg.com https://*.stripe.com; font-src 'self' data:; img-src 'self' i.vimeocdn.com https://www.googletagmanager.com https://*.googlesyndication.com http://*.googlesyndication.com https://*.google-analytics.com https://*.google.com https://i.ytimg.com https://bat.bing.com https://www.google.it *.doubleclick.net https://www.facebook.com https://*.stripe.com https://*.linkedin.com data:; media-src 'self' player.vimeo.com vod-progressive.akamaized.net https://*.google-analytics.com; connect-src 'self' wss://ominee.com vimeo.com nominatim.openstreetmap.org https://*.google-analytics.com *.doubleclick.net wss://*.ominee.com https://*.ominee.com https://*.bing.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.google.com https://*.gstatic.com https://cdn.ampproject.org https://www.googletagmanager.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com www.googletagmanager.com https://*.google-analytics.com blob: https://connect.facebook.net https://*.google.com https://www.gstatic.com https://bat.bing.com http://bat.bing.com https://*.google.it https://partner.googleadservices.com https://*.googlesyndication.com https://cdn.ampproject.org https://*.stripe.com https://*.licdn.com 'nonce-8eHeI9pmcVwAQeNeJyFWXw'; frame-src self https://www.youtube.com http://www.youtube.com https://player.vimeo.com https://www.google.com/ https://googleads.g.doubleclick.net https://*.googlesyndication.com *.doubleclick.net https://www.facebook.com https://*.stripe.com; report-uri /csp_report 1
connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-7451651ABACF2B3D4511AEDB96D7B13D' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-7451651ABACF2B3D4511AEDB96D7B13D'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.ondeugend-daten.be/API/Site/CspReport 1
default-src data: https: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' *.facebook.com *.youtube.com *.google-analytics.com *.google.com stats.g.doubleclick.net *.cinetpay.com; img-src 'self' *.google-analytics.com *.openstreetmap.org i.imgur.com stats.g.doubleclick.net *.cinetpay.com data:; object-src *; script-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.6.0/dist/leaflet.js *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.jquery.com *.unpkg.com *.kommunicate.io *.openstreetmap.org *.gstatic.com  *.cinetpay.com; font-src 'self' *.googleapis.com *.gstatic.com *.cinetpay.com; style-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.6.0/dist/leaflet.css *.googleapis.com *.cinetpay.com cdn.jsdelivr.net 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://tools.petafuel.de https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://blog.onlinekonto.de https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;  1
default-src 'self';connect-src *; font-src *; frame-src *; img-src * data:; media-src *;object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self' https://onrangetout.matomo.cloud; 1
default-src 'self'; connect-src *; manifest-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * data:; style-src * 'unsafe-inline'; form-action *; font-src *; frame-src *; object-src info.paynet.md;media-src paynet.md data: 1
script-src  'unsafe-inline' 'unsafe-eval' http: https: 1
default-src 'unsafe-inline' 'self'; connect-src 'self' https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: maps.gstatic.com *.googleapis.com *.ggpht.com 'self' data:; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: ; 1
frame-ancestors 'self' https://ormskirk.lancs.sch.uk https://admin.schudio.com http://admin.schudio.local https://ormskirk-school.schudio.com http://ormskirk-school.schudio.local https://schudiotv.com https://www.schudiotv.com 1
default-src 'self' https://*.google.com/ https://*.google-analytics.com https://*.orszagospanel.hu/; img-src 'self' 'nonce-WvplqhwKcLpR9R555guw9w==' data: cid: http://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.cz https://*.gstatic.com https://*.googleusercontent.com https://www.facebook.com blob: http://*.nms.cz http://*.nms-mr.com https://storage.enp.world https://storage.panelx.app 'self' 'nonce-WvplqhwKcLpR9R555guw9w==' data: https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.cz https://*.gstatic.com blob: https://www.facebook.com https://thor.enp.world https://admin.enp.world https://*.narodnipanel.cz https://*.panelnarodowy.pl https://*.narodnypanel.sk https://*.nacionalenpanel.bg https://*.orszagospanel.hu https://*.panelulnational.ro https://panelulnational.ro https://imrworldwide.com https://*.imrworldwide.com https://mookie1.com https://*.mookie1.com www.orszagospanel.hu:443; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'nonce-WvplqhwKcLpR9R555guw9w==' 'strict-dynamic' https: https://*.googletagmanager.com https://*.google.com 'unsafe-eval' https://imrworldwide.com https://*.imrworldwide.com https://mookie1.com https://*.mookie1.com www.orszagospanel.hu:443; frame-ancestors 'self' https://*.google.com/; frame-src 'self' data: https://*.google.com; form-action 'self' https://thor.enp.world https://admin.enp.world https://*.narodnipanel.cz https://*.panelnarodowy.pl https://*.narodnypanel.sk https://*.nacionalenpanel.bg https://*.orszagospanel.hu https://*.panelulnational.ro; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.analytics.google.com https://www.facebook.com blob: https://*.sentry.io wss://swoole.enp.world https://thor.enp.world https://admin.enp.world https://*.narodnipanel.cz https://*.panelnarodowy.pl https://*.narodnypanel.sk https://*.nacionalenpanel.bg https://*.orszagospanel.hu https://*.panelulnational.ro; font-src 'self' https://*.google.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; connect-src 'self' wss: maps.googleapis.com anvil.opentok.com api-enterprise.opentok.com api-standard.opentok.com config.opentok.com hlg.tokbox.com mantis005-pdx.tokbox.com mantis014-pdx.tokbox.com; font-src 'self' fonts.gstatic.com orbisv4head.blob.core.windows.net; frame-src 'self' s7.addthis.com static.addtoany.com www.google.com gateway.moneris.com gatewayt.moneris.com www.youtube.com www.youtube-nocookie.com; img-src 'self' blob: data: s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com orbisv4head.blob.core.windows.net stoccprod001.blob.core.windows.net test4cc.blob.core.windows.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com s7.addthis.com v1.addthisedge.com static.addtoany.com cdnjs.cloudflare.com maps.googleapis.com www.google.com www.gstatic.com code.highcharts.com gateway.moneris.com gatewayt.moneris.com orbisv4head.blob.core.windows.net www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com orbisv4head.blob.core.windows.net; worker-src 'self' blob:; 1
font-src * *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu 'unsafe-inline' data:; style-src * *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu blob: data: 'unsafe-inline' *.googleapis.com; connect-src *.otpip.hu wss://*.otpbank.hu wss://*.hotjar.com *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu *.googleapis.com www.google-analytics.com 'self' 'unsafe-inline' *.doubleclick.net; img-src * *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.googleapis.com *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu snap.licdn.com *.gstatic.com 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cv.ee https://cv.ee; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.meetanshi.com https://lpsolar.ourolux.com.br http://lpsolar.ourolux.com.br https://controled.ourolux.com.br https://meufinanciamentosolar.com.br http://cdn.mcauto-images-production.sendgrid.net https://app.powerbi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.paypal.com *.ytimg.com *.usercentrics.eu https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com https://*.gstatic.com https://*.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://cdn.dnky.co http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.meetanshi.com https://unpkg.com/html5-qrcode https://go.botmaker.com https://storage.googleapis.com https://polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://d335luupugsy2.cloudfront.net/js/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.soundjay.com/buttons/beep-01a.mp3 https://storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.comapi.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com *.meetanshi.com https://go.botmaker.com wss://ws.botmaker.com https://stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://pageview-notify.rdstation.com.br/ https://popups.rdstation.com.br/ https://event-api.rdstation.com.br/v2/form_integrations *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.daum.net *.daumcdn.net *.google-analytics.com https://*.akamaihd.net http://*.akamaihd.net http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com http://*.goorm.io https://*.goorm.io;object-src 'self';img-src * data:;media-src 'self';frame-src 'self' http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;connect-src 'self' https://*.daum.net http://*.daum.net http://www.googleapis.com https://www.googleapis.com http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;style-src 'self' 'unsafe-inline' 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' www.oportunidades.com.co pagoalafija.com; 1
default-src 'self' *.pagofacil.de imspagofacil.es imsolutionspci.es *.google.com *.googleapis.com *.gstatic.com *.surveymonkey.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'none'; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.flowmedik.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://beacon-v2.helpscout.net/ https://js.live.net/v7.2/ https://www.dropbox.com/static/ https://apis.google.com/js/api.js https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google-analytics.com https://static.addtoany.com/menu/ https://phhyky.echat.fi/ https://cdnjs.cloudflare.com/ajax/ https://fl-1.cdn.flockler.com/assets/ https://unpkg.com/alpinejs@3.x.x/ https://unpkg.com/@alpinejs/  *.flockler.com/embed/; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net/ https://fonts.googleapis.com/ https://d1800jcr87x5eo.cloudfront.net/ui/ https://fl-1.cdn.flockler.com/assets/ https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/releases/; img-src 'self' data: *.vimeocdn.com/ *.terveystalo.com/ https://www.akuutti24.fi/ https://login.microsoftonline.com/ https://login.windows.net/ https://play-lh.googleusercontent.com/ https://www.kuntarekry.fi/ https://deva.adkioski.fi/ https://phsotey.sharepoint.com/ https://www.phhyky.fi/ https://meltwater-apps-production.s3.eu-west-1.amazonaws.com/ https://translate.google.com/ http://link.mediaoutreach.meltwater.com/ https://www.gstatic.com/images/ https://region1.google-analytics.com/g/ https://www.googletagmanager.com/ https://fl-1.cdn.flockler.com/ *.youtube.com/vi/ https://cdnjs.cloudflare.com/ajax/ https://secure.gravatar.com/avatar/ https://s.w.org/images/ https://pbs.twimg.com/profile_images/ https://media-api.flockler.com/ https://scontent-frt3-1.xx.fbcdn.net/v/ https://fl-1.cdn.flockler.com/embed/ *.facebook.com *.facebook.net *.fbcdn.net *.cdninstagram.com/v/ https://www.google-analytics.com/ https://i.ytimg.com/ ; connect-src 'self' https://api.flockler.app/ https://www.googletagmanager.com/ https://vc.hotjar.io/sessions/ https://in.hotjar.com/api/ https://d3hb14vkzrxvla.cloudfront.net/ https://plugins.flockler.com https://region1.google-analytics.com/g/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/j/ https://www.facebook.com/; font-src 'self' data: *.bootstrapcdn.com/ https://www.flowmedik.com/ https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.gstatic.com/; media-src 'self' https: mediastream: https://media-api.flockler.com/twitter/*; frame-src 'self' https://player.vimeo.com/ https://www.flowmedik.com/ *.eu.research.net/ https://www.googletagmanager.com/ https://vars.hotjar.com/ https://enlapser.cloud/ https://phhyky-julkaisu.tweb.fi/ https://www.youtube.com/ https://fl-1.cdn.flockler.com/embed/ https://phhyky.echat.fi/ https://static.addtoany.com/ https://www.facebook.com/ https://app.powerbi.com/; report-uri 'self' https://423c50d1eb7734335f906eb779fbf23e.report-uri.com/r/d/csp/enforce; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com e-payment.postfinance.ch *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net 3ds.nexigroup.com 3ds.redsys.es 3ds.sia.eu esecure.sia.eu 3ds.vinea.es 3dsecure.ing.ro 3dsecure.landbank.com 3dsmethod.eewosecure.com pay.eewosecure.com *.sibs.ro acs.mercurypaymentservices.it acs.netsgroup.com *.cic.fr *.creditmutuel.fr *.3ds.modirum.com geoissuer.cardinalcommerce.com *.secure.lcl.fr *.arcot.com tdschmut.monext.fr www.securesuite.co.uk *.wlp-acs.com acssv.otpbank.hu acs.3ds-hanseaticbank.de 3ds.abanca.com acs.revolut.com acs.apata.io 3ds.pl.ing.com 3dsecure.psa.at3dsecure.psa.at acs.stripeauthentications.com www.secure22gw.ro e-banking.winbank.gr openbank.piraeusbank.gr www.rsa3dsauth.co.uk 3ds-challenge.n26.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.panini.com.gr/shp_grc_el/webformat_csptools/report/; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com *.addthis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com data: https://e.issuu.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://www.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com https://www.google.com *.gstatic.com *.fbcdn.net https://ads.paolinestore.it  https://ebizmarts-website.s3.amazonaws.com/ https://www.facebook.com *.addthis.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.google.it blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io 'self' data: https://ads.paolinestore.it https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://*.paolinestore.it https://chimpstatic.com https://*.addthis.com https://googleads.g.doubleclick.net/ https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://tagmanager.google.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io data: https://ads.paolinestore.it https://*.addthis.com https://api-public.addthis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.paolinestore.it https://www.facebook.com/tr/ https://stats.g.doubleclick.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv  data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv  *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com ; 1
default-src 'self' blob: data: media.tenor.com *.facebook.com *.doubleclick.net *.googlesyndication.com *.youtube.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.gstatic.com *.google.com; child-src 'self' *.braintreegateway.com *.paypal.com *.facebook.com *.doubleclick.net *.youtube.com *.google.com *.cardinalcommerce.com; frame-src *; font-src 'self' fiilrcdn.com *.gstatic.com http://fonts.gstatic.com; object-src 'self' *.googlesyndication.com; manifest-src 'self' fiilrcdn.com; img-src 'self' data: blob: paratlan.hu fiilrcdn.com media.tenor.com www.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.ytimg.com *.gstatic.com *.googleapis.com maps.google.com *.fbcdn.net android-webview data:; connect-src 'self' wss://paratlan.hu api.tenor.com *.facebook.com *.cardinalcommerce.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: fiilrcdn.com *.cardinalcommerce.com *.ccdc02.com *.facebook.com *.facebook.net *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googletagservices.com *.googletagmanager.com *.ampproject.org *.googlesyndication.com *.google.dz *.google.me *.google.tg *.google.sc *.google.com.sa *.google.iq *.google.dk *.google.ee *.google.com.mx *.google.es *.google.co.nz *.google.com.lb *.google.com.qa *.google.com.gh *.google.com.tr *.google.com.vn *.google.com.eg *.google.si *.google.no *.google.ru *.google.ie *.google.co.il *.google.com.ng *.google.hr *.google.bg *.google.ca *.google.hu *.google.sn *.google.pl *.google.gr *.google.nl *.google.com.au *.google.be *.google.cz *.google.fr *.google.se *.google.it *.google.de *.google.at *.google.ch *.google.rs *.google.co.uk *.google.ro *.google.sk *.google.ci *.google.com.ua *.doubleclick.net *.gstatic.com *.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' fiilrcdn.com *.googleapis.com *.braintreegateway.com; worker-src 'self' blob: data:; report-uri https://paratlan.hu/csp_report.php; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.google-analytics.com *.googletagmanager.com www.youtube.com js.adsrvr.org insight.adsrvr.org connect.facebook.net; img-src 'self' data: cdn.cookielaw.org www.lidl.de www.lidl.nl www.lidl.be www.lidl.fr www.lidl.hu www.lidl.pl www.lidl.es www.lidl.sk www.lidl.cz www.lidl.si *.google-analytics.com *.object.storage.eu01.onstackit.cloud assets.parkside-diy.com *.google.com www.google.de www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.fonts.net; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' *.youtube-nocookie.com insight.adsrvr.org; connect-src 'self' cdn.cookielaw.org *.google-analytics.com *.onetrust.com stats.g.doubleclick.net live.api.schwarz; frame-ancestors 'self' *.googletagmanager.com *.google-analytics.com; 1
base-uri 'self' https://*.google.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.news-voyance.com https://*.addtoany.com; child-src 'self' https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; object-src 'self' https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; form-action https://*.google.com https://*.news-voyance.com https://*.addtoany.com; style-src 'self' 'unsafe-inline'; font-src 'self'; 1
default-src 'self'; frame-src 'self' www.google.com www.gstatic.com; form-action 'self'; object-src 'none'; base-uri 'self'; style-src 'self'; connect-src 'self'; script-src 'nonce-SxbPJsbSiyzq' 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://connect.podium.com https://sync.taboola.com https://image2.pubmatic.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.payu.in 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.affirm.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.meetanshi.com https://meetanshi.com/media/logo.png https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://assets.podium.com http://www.shopperapproved.com https://event.webcollage.net https://event.syndigo.cloud https://content.syndigo.com https://sync.taboola.com https://image2.pubmatic.com *.tawk.to cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.googleapis.com *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.adobed.com *.tawk.to *.jsdelivr.net *.cloudflare.com *.payu.in *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net http://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com http://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com http://a.mailmunch.co *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://connect.podium.com https://stats.g.doubleclick.net http://www.shopperapproved.com https://ajax.googleapis.com https://seal.geotrust.com https://scontent.webcollage.net https://syndi.webcollage.net https://content.syndigo.com https://cdn1.affirm.com https://sync.taboola.com https://image2.pubmatic.com checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.chimpstatic.com *.adobedtm.com *.doubleclick.net *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.vimeo.com *.addthis.co *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com unsafe-inline *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.tawk.to *.cardinalcommerce.com *.podium.com *.mailmunch.co *.taboola.com *.pubmatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.googleapis.com *.gstatic.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com wss://*.tawk.to *.cloudflare.com *.twitter.com *.twimg.com *.google.com *.google.co.in *.facebook.com http://forms.mailmunch.co https://mind-flayer.podium.com http://a.mailmunch.co https://stats.g.doubleclick.net https://d.adroll.com https://www.affirm.com https://tracker.affirm.com https://content.syndigo.com *.tawk.to *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com https://sync.taboola.com https://image2.pubmatic.com autocomplete2.postdirekt.de lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.payu.in *.cardinalcommerce.com *.googletagmanager.com *.braintreegateway.com *.youtube.com *.vimeocdn.com *.vimeo.com *.ytimg.com *.paypalobjects.com *.ccdc02.com *.doubleclick.net *.adobe.com *.chimpstatic.com *.adobedtm.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://tel.search.ch app.pepsimmo.ch https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' app.pepsimmo.ch; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: app.pepsimmo.ch; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
Add 'default-src `self`' 1
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *; 1
default-src 'none';form-action 'self';frame-ancestors *.cookiebot.com https://consentcdn.cookiebot.com;frame-src 'self' *.youtube.com *.cookiebot.com https://consentcdn.cookiebot.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.cookiebot.com https://consentcdn.cookiebot.com;style-src 'self' 'unsafe-inline';script-src 'self' 'nonce-R/ATNmzLzIJ+H9WLCj46W42zBGY=' https://*.googletagmanager.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.cookiebot.com 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';img-src 'self' data: *.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com *.googleapis.com *.piearsta.lv;font-src 'self'; 1
script-src 'self' https://maps.googleapis.com https://cdnmira.com.br https://www.googletagmanager.com https://www.google.com https://www.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://bam-cell.nr-data.net/; style-src 'self' 'unsafe-inline' https://cdnmira.com.br https://fonts.googleapis.com https://use.fontawesome.com; 1
default-src 'self'; img-src 'self' 'unsafe-inline' data: *.fbcdn.net https://*.cdninstagram.com https://*.chitika.net https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://cdn.jsdelivr.net https://www.google.com https://*.wlmediahub.com https://*.imlmediahub.com https://cdn.wdrimg.com https://*.twitter.com https://*.facebook.com https://*.imgur.com https://pixel.wp.com  https://*.sharethis.com https://*.giphy.com https://*.gravatar.com https://*.google-analytics.com https://*.doubleclick.net https://s.w.org https://wordpress.org https://ps.w.org data:; font-src data: 'self' https://s0.wp.com https://cdn.wdrimg.com https://*.bootstrapcdn.com wordpress.com https://*.gstatic.com; object-src 'none'; script-src 'self' https://*.chitika.net https://cdn.taboola.com https://mc.yandex.ru https://cdn.ampproject.org https://cdn.jsdelivr.net https://*.pinterest.com https://*.googletagmanager.com https://*.cloudflare.com https://cdn.wdrimg.com https://*.facebook.com https://*.addthis.com  https://*.addthisedge.com https://*.wp.com https://*.gravatar.com https://*.googleapis.com https://*.facebook.net https://*.pinterest.com https://*.twitter.com https://www.google-analytics.com https://*.google.com https://*.sharethis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'  https://s0.wp.com https://cdn.jsdelivr.net https://cdn.wdrimg.com https://*.gravatar.com https://*.bootstrapcdn.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://ws.sharethis.com; connect-src 'self'  https://www.instagram.com/ https://*.addthisedge.com https://*.addthis.com https://*.facebook.com https://l.sharethis.com wss://kittpress.com https://mc.yandex.ru; child-src 'self'; frame-src https: gstatic.com 1
default-src blob: data: 'self' tvpuls.pl *.tvpuls.pl puls2.pl *.puls2.pl *.streamlock.net npmcdn.com vjs.zencdn.net cdn.jsdelivr.net fonts.gstatic.com googleapis.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.ckeditor.com *.jquery.com cdn-cookieyes.com *.googletagmanager.com *.s73cloud.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://www.pngbet.com https://preprod.pngbet.com 1
report-uri https://caffe.coffeetf.com/csp_report; 1
frame-ancestors *; report-uri https://www.pornann.com/report-uri/enforce 1
default-src 'self';img-src https: 'self' www.pos.tw; frame-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; 1
default-src 'self';                     script-src  'self' 'unsafe-inline' 'unsafe-eval';                     style-src   'self' 'unsafe-inline' 1
frame-ancestor 'self' 1
frame-ancestors https://www.youtube.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' boletin.preparadas.es *.google-analytics.com *.analytics.google.com maps.googleapis.com *.doubleclick.net; connect-src 'self' wss: boletin.preparadas.es *.google-analytics.com *.analytics.google.com maps.googleapis.com *.doubleclick.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' recaptcha.net *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.net *.freshworks.com;script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' recaptcha.net *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com *.freshworks.com *.facebook.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.freshworks.com;object-src 'self' *.test.hyperativa.net scanned-pdb-staging.storage.googleapis.com;connect-src 'self' *.test.hyperativa.net *.google-analytics.com *.freshworks.com *.freshdesk.com *.facebook.com;frame-src 'self' scanned-pdb-staging.storage.googleapis.com recaptcha.net *.google-analytics.com *.google.com *.facebook.com *.youtube.com;img-src 'self' *.googleapis.com *.facebook.com *.facebook.net data:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.propcert.co.uk 1
img-src * 'self' data: https:; font-src * 'self' data: https:; media-src * 'self' data: https:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.fonts-gstatic.com *.cloudflare.com  *.googletagmanager.com *.fontawesome.com *.gstatic.com *.jquery.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.datatables.net *.openstreetmap.org *.hotjar.com *.jsdelivr.net *.doubleclick.net gitcdn.github.io oss.maxcdn.com 1
default-src 'self'; script-src 'self' assets.nsd.co.id; style-src 'self' assets.nsd.co.id; img-src 'self' assets.nsd.co.id; font-src 'self' fonts.googleapis.com; 1
default-src 'none'; img-src * data: blob:; script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: http: 'nonce-GB5KIeFX4WawhovOLnrcDw=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net https://assets.pupilfirst.com; connect-src 'self' https://api.rollbar.com *.cloud.vimeo.com *.tus.vimeo.com; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net https://assets.pupilfirst.com; child-src https://www.youtube.com; frame-src 'self' data: https://www.google.com https://www.youtube.com https://player.vimeo.com slideshare.net *.slideshare.net speakerdeck.com *.speakerdeck.com google.com *.google.com https://www.facebook.com https://www.recaptcha.net https://scribehow.com; media-src 'self' https://s3.amazonaws.com/private-assets-sv-co/ https://public-assets.sv.co/ https://s3.amazonaws.com/uploads.pupilfirst.com/ * blob:; object-src 'self'; worker-src 'self'; manifest-src 'self' 1
default-src 'self' https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://www.google.com https://www.facebook.com https://platform.twitter.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://i.icomoon.io;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.co.cr https://www.google.com https://googleads.g.doubleclick.net https://res.cloudinary.com https://www.facebook.com/ https://www.google.co.cr/ads/ga-audiences https://www.google.com/ads/ga-audiences https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com/widgets.js https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.materialdesignicons.com https://i.icomoon.io https://cdn.jsdelivr.net; connect-src 'self' https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.willistowerswatson.com https://dpm.demdex.net https://sp.analytics.yahoo.com https://insight.adsrvr.org https://www.linkedin.com https://qsuper.qld.gov.au https://www.googletagmanager.com https://googleads.g.doubleclick.net https://p.typekit.net https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com *.cloudfront.net https://www.google.com https://www.google-analytics.com https://www.google.com.au data:; style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.cloudfront.net *.willistowerswatson.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com; font-src 'self' 'unsafe-inline' *.usabilla.com https://fonts.googleapis.com *.cloudfront.net *.willistowerswatson.com https://use.typekit.com https://fonts.gstatic.com; frame-src 'self' *.usabilla.com *.megaphone.fm *.cloudfront.net https://tpc.googlesyndication.com https://match.adsrvr.org *.amazonaws.com https://www.facebook.com *.widgetworks.com.au https://insight.adsrvr.org *.deloitte.com.au https://www.youtube.com *.fls.doubleclick.net; script-src-elem 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://code.jquery.com https://cdn.jsdelivr.net https://hcbtas-p-calc-qsuper.azurewebsites.net *.willistowerswatson.com https://tpc.googlesyndication.com https://api.swiftype.com https://use.typekit.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://apps.mypurecloud.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://www.google-analytics.com https://w.usabilla.com *.widgetworks.com.au https://googleads.g.doubleclick.net https://js.adsrvr.org *.amazonaws.com https://www.googleadservices.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.towerswatson.com *.willistowerswatson.com https://bat.bing.com https://di-app-api-gw-np.qsuper.com.au https://di-app-api-gw.qsuper.com.au https://api.edq.com www.google.com.au/ads/ https://stats.g.doubleclick.net www.google-analytics.com *.widgetworks.com.au https://cdn.linkedin.oribi.io https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; 1
block-all-mixed-content; frame-ancestors *.qvestido.com.br 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.rajexpress.co;block-all-mixed-content; 1
Header Value: frame-ancestors 'self' {*backoffice.ralleventas.com} 1
default-src 'none'; font-src 'self' https://cf.evrest.mobi; img-src 'self' data: https://cf.evrest.mobi; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cf.evrest.mobi https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://cf.evrest.mobi; frame-src 'self' https://www.google.com; frame-ancestors 'self'; connect-src 'self' wss://*.ratendate.com:58001 wss://*.pocketflirt.com:58001 wss://*.pocketcafe.mobi:58001 wss://*.pocketcafe.co.za:58001 wss://*.pocketflirt.co.za:58001 wss://*.ratendate.co.za:58001 wss://*.ratendate.mobi:58001; 1
default-src 'self'; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' http://www1.rbb-online.de; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://interpreter.getbw.me/ https://*.google-analytics.com/ https://ajax.googleapis.com/ https://static.opentok.com/;connect-src blob: 'self' https://*.google-analytics.com/ https://api.tdl.com.ua/ ;img-src 'self' https://*.google-analytics.com/ data: 'self' https://api.tdl.com.ua/ ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://api.tdl.com.ua/ https://cdnjs.cloudflare.com/ ;frame-src 'self' https://www.google.com/ ;font-src 'self' data: https://fonts.gstatic.com/;media-src 'self' https://api.tdl.com.ua/  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com www.paypal.com www.google-analytics.com js.braintreegateway.com pay.google.com www.gstatic.com play.google.com assets.adobedtm.com *.cloudfront.net *.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com https://*.hotjar.com *.redeem-with-us.co.uk; img-src * data:; frame-src 'self' *; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' google.com https://*.google.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.braintreegateway.com payments.braintree-api.com *.paypal.com *.cloudfront.net *.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com origin-analytics-sand.sandbox.braintree-api.com api.sandbox.braintreegateway.com dpm.demdex.net swa.wowcher.co.uk wowcherlimited.tt.omtrdc.net payments.sandbox.braintree-api.com *.hotjar.com; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-905ABE27DC89F9778F388FCBD497C91C' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-905ABE27DC89F9778F388FCBD497C91C'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.regiosexcontact.nl/API/Site/CspReport 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-EB41D9ED2AB594C8CADDB59A6A26AA17' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-EB41D9ED2AB594C8CADDB59A6A26AA17'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.regioswingers.be/API/Site/CspReport 1
default-src 'self' 'unsafe-inline' https://*.hacienda.cl https://*.fontawesome.com https://unpkg.com https://*.instagram.com https://*.twitter.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hacienda.cl https://*.googletagmanager.com https://*.twitter.com https://*.instagram.com https://*.google.com https://*.gstatic.com; img-src 'self' data: https://*.hacienda.cl https://*.twitter.com 1
child-src *; worker-src blob: rehabilitacionpremiummadrid.com 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com s7.addthis.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com ekr.zdassets.com/ *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://analytics.tiktok.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://checkout.revolutionbeauty.com.au https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://analytics.tiktok.com https://*.ibytedtos.com https://ln-rules.rewardstyle.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self' blob: data: 1
default-src * gap://ready file:; worker-src blob:; child-src blob: gap:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * 'self' data: blob: cdvfile:; connect-src * 'unsafe-inline'; font-src 'self' data: *; frame-src *;media-src * blob:; 1
default-src 'none'; style-src 'unsafe-inline' 'self' ; script-src 'self'; connect-src 'self'; img-src * data: blob: 'unsafe-inline'; form-action 'self'; frame-src www.youtube.com youtube.com; object-src 'none'; manifest-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'self' 1
default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-C78535BFDBF7228A342C47B618AD5AC6' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-C78535BFDBF7228A342C47B618AD5AC6'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.safedatingnetworks.com/API/Site/CspReport 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	        https://svc3cdn.minwise.co.kr 	        https://svc3cdn.hectoinnovation.co.kr 	        https://www.google.com 	        https://ajax.googleapis.com 	        https://www.google-analytics.com 	        https://www.googletagmanager.com 		https://www.googleadservices.com 	        https://use.fontawesome.com/ 	        https://cdnjs.cloudflare.com/                 https://googleads.g.doubleclick.net 		https://public-common-sdk.s3.ap-northeast-2.amazonaws.com 		https://script.beusable.net 		https://rum.beusable.net 		https://tpc.googlesyndication.com 	        https://maxcdn.bootstrapcdn.com ; 	    frame-ancestors 'self' 1
script-src https: 'unsafe-inline' 'unsafe-eval';               style-src https: 'unsafe-inline' 'unsafe-eval';               img-src https: data:;               font-src https: data:; 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://bootswatch.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://fra1.digitaloceanspaces.com/ https://m1-chirho.praind.media/ https://nyc3.digitaloceanspaces.com https://safetyrecordchirho.nyc3.cdn.digitaloceanspaces.com https://devsafetyrecordchirho.nyc3.cdn.digitaloceanspaces.com https://main-safetyrecordchirho.fra1.cdn.digitaloceanspaces.com https://main-safetyrecordchirho.fra1.digitaloceanspaces.com https://dev-safetyrecordchirho.fra1.cdn.digitaloceanspaces.com https://m1dev-chirho.praind.media/ https://www.paypalobjects.com/ https://www.paypal.com/ https://www.coinpayments.net/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://www.gstatic.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* https://v1chirho.safety-record.com/ data:; frame-ancestors 'self'; frame-src https://youtube.com/ https://www.youtube.com/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://v1chirho.safety-record.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* http://localhost:8070; child-src https://youtube.com/ https://www.youtube.com/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://v1chirho.safety-record.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* http://localhost:8070 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5rkloktiquea7&partner=; 1
script-src-elem 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.cloudfront.net hcaptcha.com *.hcaptcha.com ajax.googleapis.com www.gstatic.com www.google.com www.google-analytics.com www.googletagmanager.com *.helpscout.net analytics-eu.clickdimensions.com; report-uri https://redwing.report-uri.com/r/d/csp/enforce 1
default-src 'self' www.sanskrit.nic.in; script-src-elem 'self' 'unsafe-inline' www.sanskrit.nic.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sanskrit.nic.in https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' www.sanskrit.nic.in; style-src-elem 'self' 'unsafe-inline' www.sanskrit.nic.in; connect-src 'self' www.sanskrit.nic.in; media-src www.sanskrit.nic.in 'self' blob:; worker-src www.sanskrit.nic.in 'self' blob:; img-src www.sanskrit.nic.in 'self'; frame-src www.sanskrit.nic.in https://www.google.com https://www.youtube.com 'self'; font-src www.sanskrit.nic.in 'self' data:; 1
frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; 1
base-uri 'self' 'unsafe-inline' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.com.ar/report-uri/enforce 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.com.co/report-uri/enforce 1
object-src 'none';frame-ancestors 'self' *; 1
'unsafe-inline''unsafe-eval''self'; 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.gstatic.com/recaptcha https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/  ; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ https://unpkg.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google-analytics.com https://www.googletagmanager.com https://*.facebook.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/  https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com  https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in www.facebook.com www.google.com *.google.com https://www.google.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' data: blob:; frame-src https://www.google.com ; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
'self' https://ajax.googleapis.com https://mcslogin.hp.gov.in;img-src * data:; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-in-3roses.com https://shop-in-3roses.com/; 1
block-all-mixed-content; frame-ancestors *.shopdoscristais.com.br 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Cj-KMzeORyyedZSE0dtoCw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'  https://*  data:;  img-src * 'self' data: https:; style-src 'self' http://* https://* 'unsafe-inline'; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval'; 1
default-src *; connect-src *;font-src *; img-src * 'self' data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *; 1
frame-src 'self' www.youtube.com youtube.com 1
default-src 'self' http: https: 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline';connect-src *; 1
connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com ebbot-v2.storage.googleapis.com *.ebbot.app/api/asyngular/ wss://v2.ebbot.app/api/asyngular/ wss://v2.ebbot.app v2.ebbot.app translate.googleapis.com *.googleapis.com;default-src 'self' ebbot-v2.storage.googleapis.com *.ebbot.app/api/asyngular/ wss://v2.ebbot.app/api/asyngular/ *.addthis.com translate.googleapis.com maps.googleapis.com;font-src 'self' fonts.gstatic.com fonts.googleapis.com ebbot-v2.storage.googleapis.com;frame-ancestors 'self';frame-src 'self' *.youtube.com https://www.google.com/ https://my.matterport.com/ *.addthis.com *.vimeo.com www.anpdm.com skebo.varbi.com *.varbi.com aptportal.skebo.se;img-src 'self' *.eniro.no ebbot-v2.storage.googleapis.com *.googleapis.com *.ggpht.com maps.gstatic.com csi.gstatic.com *.google-analytics.com *.googletagmanager.com data: cdnjs.cloudflare.com/ajax/libs/leaflet/ *.addthisedge.com *.google.com stats.g.doubleclick.net www.gstatic.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' ebbot-v2.storage.googleapis.com maps.googleapis.com csi.gstatic.com leaflet.eniro.com attributionservice.enirocdn.com tileversion.eniro.com cdnjs.cloudflare.com/ajax/libs/leaflet/ *.google-analytics.com *.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.addthis.com *.addthisedge.com *.google.com stats.g.doubleclick.net translate.googleapis.com  translate-pa.googleapis.com *.googleapis.com;style-src 'self' 'unsafe-inline' ebbot-v2.storage.googleapis.com fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/leaflet/ translate.googleapis.com www.gstatic.com; 1
default-src https:; script-src 'self' *.googletagmanager.com *.citruspay.com 'unsafe-inline' 'unsafe-eval' 'checkout.citruspay.com'; frame-ancestors 'self'; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: data:; 1
base-uri 'self' ;connect-src 'self' wss://*.qld.gov.au *.doubleclick.net *.seek.com *.google-analytics.com *.googleapis.com maps.googleapis.com;default-src 'self' *.gstatic.com *.addtoany.com *.google.com *.seek.com.au *.qgov.net.au data:;font-src 'self' *.gstatic.com *.bootstrapcdn.com *.qgov.net.au *.qld.gov.au data:;form-action 'self' *.qld.gov.au;frame-src 'self' *.youtube.com youtube.com *.qld.gov.au *.vimeo.com *.google.com;frame-ancestors 'self' ;img-src 'self' *.amazonaws.com *.google-analytics.com *.seek.com.au *.longtailvideo.com *.googleusercontent.com *.qgov.net.au *.qld.gov.au *.doubleclick.net *.google.com *.googletagmanager.com *.edu.au maps.gstatic.com maps.googleapis.com data:;block-all-mixed-content;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dropbox.com *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.vimeo.com *.google-analytics.com *.addtoany.com *.facebook.net seekcdn.com *.linkedin.com *.qgov.net.au *.qld.gov.au *.monsido.com *.youtube.com;style-src 'self' 'unsafe-inline' seekcdn.com *.googleapis.com *.bootstrapcdn.com *.qgov.net.au *.qld.gov.au; 1
base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=GxpI7Jvb8m7Jda22HliVsY22W7zb3t%2FC6X%2BAUeCIJkI2s8WWyu4HB8nE%2B%2FN7pFz%2Bo3uHdwxDeS7vhmD3whAG8g%3D%3D;  1
frame-ancestors 'self' ipv4.studio-mt.be studio-mt.be www.studio-mt.be; 1
default-src 'none';font-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://cdnjs.cloudflare.com data:;img-src 'self' data: https://cdn.datatables.net https://cdnjs.cloudflare.com www.google.com.br;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://www.tinymce.com https://www.tiny.cloud https://code.jquery.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.googleapis.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://viacep.com.br;connect-src 'self' https://ka-f.fontawesome.com https://www.google-analytics.com analytics.google.com;frame-src 'self' data: https://www.google.com;worker-src 'self' blob:; 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vams.es www.google-analytics.com tag.manager.google.com www.googletagmanager.com *.googleapis.com data: tagmanager.google.com data: www.google.es cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.datatables.net *.vams.es;style-src 'self' data: 'unsafe-inline' fonts.googleapis.com addons.cdn.mozilla.net www.googletagmanager.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com *.vams.es;connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com data:;img-src 'self' data: blob: *.vams.es stats.g.doubleclick.net www.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com *.vams.es;media-src 'self' player.vimeo.com *.vams.es;object-src 'self' player.vimeo.com *.vams.es;worker-src 'none' ;frame-src 'self' player.vimeo.com *.vams.es www.googletagmanager.com;frame-ancestors 'self' player.vimeo.com *.vams.es;form-action 'self' ;upgrade-insecure-requests;block-all-mixed-content;base-uri www.soyestrella.com; 1
default-src 'self'; script-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://maps.googleapis.com 'unsafe-inline'; img-src 'self' https://* www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; frame-src https://www.youtube.com/ https://* *.google.com; connect-src https://* wss://*.hotjar.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' https://*; font-src https://*; media-src https://sasoytest.blob.core.windows.net 1
default-src 'self' https://api.vspagy.com https://vspagy.com https://dashboard.vspagy.com https://vmediadatav2.s3.ap-south-1.amazonaws.com https://www.google-analytics.com file: data: blob: filesystem:;media-src 'self' * file: data: blob: filesystem:;object-src 'self' 'unsafe-inline' file: data: blob: filesystem:; img-src * blob: data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';font-src * https://pro.fontawesome.com; 1
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://apis.google.com/js/platform.js https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.highcharts.com/ https://code.jquery.com/ https://connect.facebook.net/it_IT/sdk.js https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://f.vimeocdn.com/js/ https://ianlunn.co.uk/plugins/jquery-parallax/scripts/ https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://player.vimeo.com/api/ https://rawgit.com/tyrasd/osmtogeojson/ https://stackpath.bootstrapcdn.com/bootstrap/ https://s.ytimg.com/yts/jsbin/ https://unpkg.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/;frame-ancestors 'self' file: *.spaggiari.eu; 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.spiritane.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.spiritane.de; style-src 'self' 'unsafe-inline' *.spiritane.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.spiritane.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com  *.paypalobjects.com piwik.flexcom.de 1
default-src 'self' http: https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-inline'; img-src 'self' http: https: data:; frame-src 'self' http: https:; 1
default-src 'self' sportowetalenty.gov.pl www.youtube.com player.vimeo.com cdn.jsdelivr.net maps.googleapis.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' blob: data: sportowetalenty.gov.pl i.ytimg.com img.youtube.com maps.gstatic.com maps.googleapis.com; script-src 'self' 'unsafe-eval' cdn.amcharts.com code.jquery.com cdnjs.cloudflare.com www.youtube.com player.vimeo.com cdn.jsdelivr.net maps.googleapis.com; style-src 'self' 'unsafe-inline' cdn.amcharts.com cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' data: cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com; 1
form-action 'self'; base-uri 'none'; default-src 'self' googleads.g.doubleclick.net googleads.g.do pagead2.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com www.dailymotion.com www.vimeo.com player.vimeo.com www.youtube.com www.google.com maps.google.fr analytics.crealinks.net; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src fonts.gstatic.com; script-src 'self' code.jquery.com www.google.com www.gstatic.com analytics.crealinks.net pagead2.googlesyndication.com pagead2.googlesyndication.com fundingchoicesmessages.google.com tpc.googlesyndication.com partner.googleadservices.com; img-src 'self' www.morinfrance.com pagead2.googlesyndication.com; frame-ancestors 'self' www.chienplus.com chienplus.com 1
frame-ancestors https://particulares.bancosantander.es/; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' *.google.com *.gstatic.com  *.google-analytics.com *.googletagmanager.com polyfill.io *.googleapis.com; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src  *.google.com *.doubleclick.net *.google-analytics.com *.openstreetmap.org *.googleapis.com 'self'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' *.doubleclick.net *.google.com; img-src 'self' *.google.tn *.tile.osm.org star.com.tn *.star.com.tn  *.google-analytics.com *.satoripop.io *.gravatar.com  *.gstatic.com *.googleapis.com data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' https://www.googleapis.com https://firebasestorage.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' data: https://unpkg.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com 1
default-src 'none';connect-src 'self' vimeo.com *.google-analytics.com api.stock-ath.be;font-src 'self' cdn.stock-ath.be fonts.gstatic.com;frame-src player.vimeo.com www.google.com www.youtube.com/;img-src 'self' data: cdn.stock-ath.be *.google-analytics.com i.ytimg.com https://ik.imagekit.io/stockath/;script-src 'self' 'unsafe-inline' cdn.stock-ath.be www.gstatic.com www.googletagmanager.com *.google-analytics.com www.google.com www.youtube.com s.ytimg.com https://static.addtoany.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.stock-ath.be; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost local.host local.host:3000 192.168.40.155:3333 0.0.0.0:4001 localhost:4001 localhost:8888 127.0.0.1:8888 bankai-revolution.test *.stop-shop.com *.stop-shop.test *.immofinanz.test *.immofinanz.test *.immofinanz.com *.oc-letnany.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.at *.bing.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.googleadservices.com *.facebook.com *.facebook.net *.fonts.net *.hotjar.com *.hotjar.io walls.io *.walls.io *.pushwoosh.com *.vivo-shopping.com cookiepro.com *.cookiepro.com *.pracavnakupnomcentre.sk cdn.polyfill.io cdnjs.cloudflare.com data:; frame-ancestors 'self' *.immofinanz.com local.host localhost *.immofinanz.test *.stop-shop.test *.stop-shop.com localhost:4050 *.immofinanz.test; 1
src 'self' 'unsafe-inline' https://opusconsulting.stratemis.com fonts.googleapis.com;” 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://subangjayamedicalcentre.com https://livechat.infobip.com/widget.js https://www.ramsaysimedarby.com https://unpkg.com https://www.google.com https://streetview.my https://cdn.ampproject.org https://ajax.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://cdnjs.cloudflare.com https://www.gstatic.com https://unpkg.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css https://ajax.googleapis.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-a1nOKnCFrJr4ojyHF8HzpQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net stackpath.bootstrapcdn.com; font-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; style-src 'self' stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com www.google-analytics.com maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src 'self' 'sha256-tTmYrnxe8LUqak82dY6RR0cpJ4pHDsKC6nBsQNaecqU=' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net www.google-analytics.com *.google.com www.googletagmanager.com 'unsafe-eval' https://ajax.googleapis.com www.google-analytics.com *.google.com www.googletagmanager.com stats.g.doubleclick.net; connect-src 'self' www.google-analytics.com *.google.com *.sunshineonline.com.au dev.sunshineonline.com.au:5001; frame-src player.vimeo.com *.flipsnack.com; frame-ancestors 'none'; form-action 'self' library.sunshineonline.com.au 1
frame-ancestors 'self' https://surtigas.com.co/ https://surtigas.co/; 1
frame-ancestors 'self' *.console.aws.amazon.com 1
script-src 'self' *.google-analytics.com *.googletagmanager.com *.facebook.net *.jquery.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' 1
font-src *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.worldpay.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.analytics.google.com stats.g.doubleclick.net www.google.co.uk *.facebook.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.onetrust.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.googletagmanager.com *.facebook.net *.avada.io *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.onetrust.com *.klarnaevt.com *.analytics.google.com stats.g.doubleclick.net *.klarnaservices.com *.google-analytics.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' track.hubspot.com *.hubspot.com *.hotjar.com *.google-analytics.com *.hscollectedforms.net secure.gravatar.com player.vimeo.com *.g.doubleclick.net *.hubapi.com *.googletagmanager.com  *.fontawesome.com *.jsdelivr.net *.hs-scripts.com  *.jquery.com *.api.hsforms.com *.whatsapp.com *.messenger.com; connect-src 'self' *.s.w.org *.wordpress.org track.hubspot.com secure.gravatar.com player.vimeo.com *.hubspot.com *.api.hsforms.com *.hsforms.com api.hsforms.com *.hotjar.com *.fontawesome.com *.hubapi.com *.google-analytics.com *.hscollectedforms.net *.g.doubleclick.net *.hotjar.io *.api.hsforms.com *.whatsapp.com *.messenger.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wordpress.com *.s.w.org *.youtube.com www.synlab.pe track.hubspot.com *.hubspot.com connect.facebook.net *.googleoptimize.com *.hs-analytics.net js.hs-analytics.net js.hsadspixel.net googleoptimize.com js.hs-banner.com *.hotjar.com *.google-analytics.com secure.gravatar.com player.vimeo.com *.api.forms.com  *.hscollectedforms.net *.g.doubleclick.net *.hubapi.com *.googletagmanager.com *.fontawesome.com *.jsdelivr.net *.hs-scripts.com  *.jquery.com *.whatsapp.com *.messenger.com ;object-src 'self' *.api.hsforms.com secure.gravatar.com player.vimeo.com *.messenger.com *.api.whatsapp.com *.hsforms.com *.whatsapp.com *.hs-scripts.com *.google.com *.facebook.com *.instangram.com *.googleapis.com *.fontawesome.com *.jsdelivr.net *.jquery.com *.googletagmanager.com *.api.hsforms.com ;img-src 'self' *.google.com secure.gravatar.com player.vimeo.com googleads.g.doubleclick.net *.google.com.pe forms.hsforms.com track.hubspot.com www.facebook.com www.google-analytics.com *.hsforms.com *.hubspot.com  data:; frame-ancestors 'none' ;style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net fonts.googleapis.com *.jsdelivr.net ; font-src 'self' fonts.gstatic.com ka-p.fontawesome.com  data:; form-action 'self' *.api.hsforms.com *.hsforms.com www.facebook.com www.googletagmanager.com *.whatsapp.com *.messenger.com; frame-src static.hsappstatic.net js.stripe.com www.google.com www.facebook.com www.googletagmanager.com;base-uri 'self' secure.gravatar.com player.vimeo.com; report-to default; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';base-uri 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://*.googletagmanager.com  https://ajax.googleapis.com code.jquery.com https://cdn.datatables.net https://cdn.iubenda.com https://d3e54v103j8qbb.cloudfront.net https://google-analytics.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://synlab.milklab.it https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.youtube.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.iubenda.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/ translate.google.com https://translate.googleapis.com;style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com ajax.googleapis.com cdn.iubenda.com cdn.datatables.net fonts.googleapis.com unpkg.com https://fonts.googleapis.com code.jquery.com https://cdn.jsdelivr.net/npm/ https://translate.googleapis.com;object-src 'none';frame-src 'self' *.youtube.com www.youtube-nocookie.com *.google.com;frame-ancestors 'self';child-src 'self' www.youtube.com;img-src 'self' data: blob: *.google-analytics.com *.google.com https://aaa.bisnode.si/ *.ytimg.com *.youtube.com ajax.googleapis.com fonts.gstatic.com unpkg.com translate.google.com https://www.google.com https://translate.googleapis.com https://www.gstatic.com;font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/ unpkg.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://*.google-analytics.com https://*.googletagmanager.com;connect-src 'self' https://*.googleapis.com *.google.com *.iubenda.com ajax.googleapis.com fonts.gstatic.com fonts.googleapis.com stats.g.doubleclick.net www.google-analytics.com https://*.gstatic.com data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.googleapis.com;manifest-src 'self';form-action 'self';media-src 'self';worker-src 'self' blob:; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://unpkg.com/leaflet@1.7.1/ https://unpkg.com/leaflet-gesture-handling/dist/; img-src https://* data:; child-src 'none'; frame-src https://www.youtube.com/ https://www.flightradar24.com/ https://*; 1
default-src 'self' 'unsafe-inline' *.yandex.ru https://*  *.jivosite.com  wss://*;  script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com  *.googleapis.com  *.yandex.ru googletagmanager.com yastatic.net  *.jivosite.com https://* wss://* ; object-src 'self' *.jivosite.com; style-src 'self' 'unsafe-inline'  https://*; img-src *  data:; frame-src 'self'  1
frame-ancestors https://rebako.io/ 1
default-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://sc-static.net https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://ajax.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://sc-static.net https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com; connect-src 'self'  https://yoast.com https://www.facebook.com https://haccms.ibex.co https://www.google-analytics.com https://tr.snapchat.com; img-src 'self' https://*.googleusercontent.com https://*.ytimg.com https://drive.google.com https://secure.gravatar.com https://www.google.com.pk https://px.ads.linkedin.com https://www.facebook.com https://p.adsymptotic.com https://www.google.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://tr.snapchat.com; frame-src 'self' https://www.youtube.com https://www.google.com https://tr.snapchat.com https://bid.g.doubleclick.net https://www.facebook.com; object-src 'none'; media-src 'self' https://www.youtube.com 1
font-src *.gstatic.com *.fontawesome.com 'self' data: data: script.hotjar.com *.tawk.to *.cookiebot.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.sblizingas.lt *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.klarna.com big.g.doubleclick.net vars.hotjar.com *.facebook.com *.soundcloud.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com www.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.lt *.google.dk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.tawk.to *.paysera.lt *.paysera.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google-analytics.com *.googleadservices.com *.klarna.com *.tawk.to static.hotjar.com script.hotjar.io *.jsdelivr.net/ cdnjs.cloudflare.com *.googleapis.com *.cookiebot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.tawk.to tagmanager.google.com *.cookiebot.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com data: *.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ *.google-analytics.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com wss://*.tawk.to *.facebook.com *.tawk.to *.cookiebot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' https://u.clarity.ms https://analytics.tiktok.com *.google-analytics.com  *.yandex.md *.yandex.ru *.taboola.com *.doubleclick.net https://d2941uvtj8higz.cloudfront.net *.tarfin.com https://www.facebook.com https://mc.yandex.com; default-src 'self' https:; font-src 'self' data: *.gstatic.com; frame-src 'self' *.yandex.md *.youtube.com *.google.com; img-src * 'self' data: https://mc.yandex.com https://tarfinprod.s3.eu-central-1.amazonaws.com https://tarfinprod-public.s3.eu-central-1.amazonaws.com https://d2941uvtj8higz.cloudfront.net *.tarfin.com *.gstatic.com *.yandex.md *.googleapis.com *.facebook.com *.taboola.com *.google-analytics.com *.google.com *.google.com.tr; manifest-src 'self' https://d2941uvtj8higz.cloudfront.net *.tarfin.com; media-src 'self'; object-src 'none'; script-src 'self' https://www.clarity.ms https://yastatic.net *.yandex.md *.yandex.ru *.jsdelivr.net *.taboola.com *.facebook.net *.googletagmanager.com https://unpkg.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.google.com *.googleadservices.com https://d2941uvtj8higz.cloudfront.net *.tarfin.com https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.jsdelivr.net https://d2941uvtj8higz.cloudfront.net *.tarfin.com 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livehelperchat.com *.zopim.com *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' *.livehelperchat.com https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.taxiarchis.com https://taxiarchis2020.staginglh.com https://local.taxiarchis2020.gr https://taxiarchis2020.test.devlh.com https://taxiarchis.com *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://taxshop.livehelperchat.com https://fonts.gstatic.com; connect-src 'self' https://taxshop.livehelperchat.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self' 1
frame-ancestors 'self';  default-src 'self' tcmg.com.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tcmg.com.tw  ;  connect-src 'self' tcmg.com.tw  ;  frame-src tcmg.com.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7uhknmhiqu73g&partner=; 1
base-uri 'self'; block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self' https://*.techminis.com  https://*.bigshyft.com *.google.com http://*.infoedge.com;script-src 'self' *.googlesyndication.com *.googleadservices.com *.google.co.in *.ampproject.org *.google.com *.gstatic.com accounts.google.com *.facebook.net *.youtube.com *.facebook.com *.googletagmanager.com *.inspectlet.com 'unsafe-inline' 'unsafe-eval';worker-src 'self' https://*.sentry.io blob:;img-src * data:;object-src 'self' data:;script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';media-src * data: 1
base-uri 'self'; frame-ancestors 'none'; default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com; media-src https://*.cloudflareinsights.com https://*.cloudflare.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google.com; 1
frame-ancestors 'self' https://tehusetjava.se https://tehusetjava.de https://tehusetjava.dk https://tehusetjava.no https://tehuset-java.se https://tehusetjava.com https://tehusetjava.co.uk https://lundablandning.se https://lundablandning.com https://teahousejava.co.uk https://teahousejava.com https://ilovetea.se https://alltomte.com https://alltomte.se https://tehuset-java.starwebserver.se 1
object-src * data:;default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://seal.godaddy.com/*; font-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://telerad.biz/RemotEye/neologica.utils.js https://seal.godaddy.com/getSeal; frame-src * data: 'self' https://telerad.biz https://telerad.biz:4006; connect-src 'self' https://api.ipify.org https://telerad.biz/TeleRadService/ServiceTWP.svc https://telerad.biz/DeleteFolderService/DeleteFolderService.svc https://telerad.biz:401/MailService.svc/SendMail https://telerad.biz:400/SMSService.svc/SendSms https://ka-f.fontawesome.com https://127.0.0.1:* 1
default-src * 'self' data: blob:;script-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
img-src 'self' data: *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net https://www.googleapis.com https://*.appgrade34.it/ https://www.googletagmanager.com https://*.googleapis.com *.gstatic.com *.iubenda.com *.zopim.com *.zdassets.com *.linkedin.com *.bing.com *.clarity.ms *.facebook.com https://light.appgrade34.it/ https://www.termesangiovanni.it/ https://www.termesangiovanni.it/;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.iubenda.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com *.google.com *.google.it *.googleadservices.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com;script-src-elem 'self' 'unsafe-inline' *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.iubenda.com https://www.googletagmanager.com https://*.googleapis.com https://*.stripe.com *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com;script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com *.iubenda.com;connect-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://light.appgrade34.it/ https://*.zendesk.com https://*.iubenda.com https://*.zdassets.com https://*.clarity.ms https://*.addthis.com ws:;frame-src 'self' https://*.google.com https://*.google.it https://*.stripe.com https://*.facebook.com https://*.youtube.com https://*.youtube-nocookie.com/ https://*.addthis.com;frame-ancestors 'self' https://light.appgrade34.it/;media-src 'self' https://light.appgrade34.it/;form-action 'self' https://*.facebook.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.be zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.es zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; form-action teufelaudio.it zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 1
default-src  'self' www.google.com; script-src   'self' 'unsafe-inline' 'unsafe-eval' www.tezpatrika.com www.google.com www.gstatic.com code.jquery.com cdn.jsdelivr.net www.googletagmanager.com in.getclicky.com static.getclicky.com clicky.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com pagead2.googlesyndication.com maxcdn.bootstrapcdn.com www.google-analytics.com ajax.googleapis.com aff.bstatic.com adservice.google.com adservice.google.co.in partner.googleadservices.com www.googletagservices.com tpc.googlesyndication.com www.clarity.ms cdn.webpushr.com cdn.izooto.com izooto.com enp.izooto.com lvi.izooto.com zeeker.com scriplib.zeeker.com securepubads.g.doubleclick.net *.mgid.com; connect-src 'self' www.google-analytics.com in.getclicky.com static.getclicky.com stats.g.doubleclick.net pagead2.googlesyndication.com csi.gstatic.com www.clarity.ms bot.webpushr.com analytics.webpushr.com analytics.google.com cdn.izooto.com izooto.com enp.izooto.com lvi.izooto.com csc.izooto.com google.co.in geolocation-db.com api.zeeker.com nhwimp.izooto.com nhwopn.izooto.com clk.izooto.com imp.izooto.com med.dtblt.com c.mgid.com *.mgid.com ; img-src 'self' data: www.google-analytics.com www.google.com www.google.co.in secure.gravatar.com ps.w.org s.w.org static.getclicky.com pagead2.googlesyndication.com www.googletagmanager.com *.mgid.com; style-src 'self' 'unsafe-inline'  stackpath.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com static.getclicky.com;base-uri 'self';form-action 'self';font-src data: cdnjs.cloudflare.com www.tezpatrika.com fonts.gstatic.com stackpath.bootstrapcdn.com;frame-src  'self' 'unsafe-inline' 'unsafe-eval' www.tezpatrika.com pagead2.googlesyndication.com cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com tpc.googlesyndication.com cdn.izooto.com securepubads.g.doubleclick.net widget2.zeeker.com; script-src-elem: zeeker.com scriplib.zeeker.com securepubads.g.doubleclick.net 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' *.the-connection.com *.theconnectioncc.com; frame-ancestors 'self' *.the-connection.com *.theconnectioncc.com; 1
font-src *.thebodyshop.gr data: *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self' 'unsafe-inline'; frame-ancestors *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://widget.boxnow.gr *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.thebodyshop.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net *.polyfill.io *.designer-images.com https://snapppt.com *.addsauce.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.digitalup.gr/domain/endpoint; report-to report-endpoint; 1
worker-src blob:; font-src maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.yieldify-production.com fonts.gstatic.com *.serving-sys.com *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.serving-sys.com *.localhost.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.cardinalcommerce.com *.authorize.net *.sharethis.mgr.consensu.org *.sharethis.com *.doubleclick.net *.gateway.mastercard.com data: 'self' *.yieldify.com *.facebook.com *.google.com *.googletagmanager.com *.pinterest.com *.serving-sys.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com *.localhost.com *.paymentexpress.com *.windcave.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.cake.nz *.doubleclick.net *.pinterest.com *.topbuzz.com *.facebook.com *.cloudfront.net *.google.com *.google.com.au *.google.com.bd *.adroll.com *.yieldify.com *.yieldify-production.com *.googletagmanager.com *.serving-sys.com https://a.klaviyo.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.assets.adobedtm.com *.sharethis.com *.googleadservices.com *.google.com *.gstatic.com *.bronto.com *.googleapis.com *.googletagmanager.com *.brontops.com *.cardinalcommerce.com *.signifyd.com *.adform.net *.pinimg.com *.tiktok.com *.yieldify.com *.ibytedtos.com *.ipstatp.com *.facebook.com *.facebook.net googleads.g.doubleclick.net *.adroll.com *.google-analytics.com *.adroll.mgr.consensu.org *.mastercard.com *.klaviyo.com *.serving-sys.com *.pingdom.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.sharethis.com *.klaviyo.com *.serving-sys.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.cardinalcommerce.com *.bronto.com *.brontops.com *.doubleclick.net *.pinterest.com *.tiktok.com *.google-analytics.com *.adform.net *.facebook.net *.klaviyo.com *.yieldify.com *.yieldify-production.com *.google.com *.googleapis.com *.connectorengine.com *.facebook.com wss://stranger.yieldify-production.com/ *.serving-sys.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://thecheesecakeshop.co.nz/; report-to report-endpoint; 1
frame-ancestors 'self' *.venditan.com *.venditan.io 1
'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
script-src 'self' assets.adobedtm.com 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com https://js.hsforms.net forms.hsforms.com js.hsforms.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com load.sumo.com https://alpunto.activehosted.com https://fonts.googleapis.com https://js.hsleadflows.net/leadflows.js https://cdn.mouseflow.com/projects/20ab6ab6-6978-43ee-bdae-75a6900e2588.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://unpkg.com/intl-tel-input@17.0.18/build/css/intlTelInput.min.css https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://static.payzen.eu/static/ *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com www.toutpourlesongles.com *.onlinewebfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.toutpourlesongles.com 'self' 'unsafe-inline'; frame-ancestors www.toutpourlesongles.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co *.hotjar.com *.google.com/ *.facebook.com *.trustpilot.com *.criteo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.toutpourlesongles.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.magezon.com www.toutpourlesongles.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ s7.addthis.com *.avada.io *.google.com/ https://cdnjs.cloudflare.com www.toutpourlesongles.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://static.payzen.eu/static/ maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com www.toutpourlesongles.com 'self' 'unsafe-inline'; object-src www.toutpourlesongles.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.toutpourlesongles.com 'self' 'unsafe-inline'; manifest-src www.toutpourlesongles.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com www.facebook.com graph.facebook.com business.facebook.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ ekr.zdassets.com/ https://get.geojs.io *.avada.io www.toutpourlesongles.com 'self' 'unsafe-inline'; child-src www.toutpourlesongles.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.toutpourlesongles.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.toutpourlesongles.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self' 'unsafe-inline' data: *.toyota.com.mk *.bootstrapcdn.com *.googletagmanager.com googleads.g.doubleclick.net *.google.mk *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.fbcdn.net *.facebook.com *.facebook.net *.pinterest.com *.youtube.com 1
default-src https: wss://widget-mediator.zopim.com 'unsafe-inline'; img-src http: data: 'unsafe-inline' blob: https://www.toyota.com.ar ; script-src https://www.toyota.com.ar https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://api.retargetly.com https://urldefense.proofpoint.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://p.teads.tv/ https://www.google-analytics.com https://www.google.com/pagead/1p-conversion/ https://ssl.google-analytics.com https://maps.googleapis.com https://static.zdassets.com https://widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: ; style-src https: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' http://cloud.toyotadobrasil.com.br/ https://cloud.toyotadobrasil.com.br/ 1
default-src 'self'; script-src 'self' ssl.google-analytics.com maxcdn.bootstrapcdn.com code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com framework-gb.cdn.gob.mx www.google-analytics.com 'unsafe-inline' 'unsafe-eval';  style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com framework-gb.cdn.gob.mx 'unsafe-inline'; font-src 'self' framework-gb.cdn.gob.mx fonts.gstatic.com maxcdn.bootstrapcdn.com; worker-src 'self' blob:; connect-src 'self' www.google-analytics.com;  frame-src 'self' www.youtube.com; img-src 'self' ssl.google-analytics.com framework-gb.cdn.gob.mx data: 1
default-src 'self' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:* https://pagead2.googlesyndication.com:* https://www.youtube.com:* https://adservice.google.com.au:* https://s.ytimg.com:* about; style-src 'self' https://cdn.rawgit.com/michalsnik/aos/2.1.1/dist/aos.cs https://tickets.4talent.cl:* data: 'unsafe-inline' https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:*; img-src 'self' data: https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://maps.gstatic.com:* https://maps.googleapis.com:* https://www.google-analytics.com:* https://a.impactradius-go.com:* https://www.paypalobjects.com:* https://namecheap.pxf.io:* https://www.paypalobjects.com:* https://stats.g.doubleclick.net:* https://*.doubleclick.net:* https://stats.g.doubleclick.net:* https://www.ojrq.net:* https://ak1s.abmr.net:* https://*.abmr.net:*; font-src 'self' data: https://ka-f.fontawesome.com:* https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://cdn.joinhoney.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:*; connect-src 'self' https://tickets.4talent.cl:* https://ka-f.fontawesome.com/ https://video.4talent.cl/ https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; media-src 'self' blob: https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://www.google-analytics.com:*; object-src 'self' ; child-src 'self' https://player.vimeo.com https://fearby-com.exactdn.com:* https://www.youtube.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; frame-src 'self' https://www.youtube.com:* https://googleads.g.doubleclick.net:* ; worker-src 'self' https://sqm.hiringup.com/* https://video.4talent.cl/* blob: mediastream: ; frame-ancestors 'self' ; form-action 'self' https://fearby.com:* https://fearby-com.exactdn.com:* https://fearby-com.exactdn.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://www.google-analytics.com:*; upgrade-insecure-requests; block-all-mixed-content; base-uri https://fearby.com:*; manifest-src 'self' 'self' 'self'; report-uri https://fearby.report-uri.com/r/d/csp/enforce; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' https://media.licdn.com www.trabajito.com.bo 1
frame-ancestors https://www.trackandtrail.in https://tii.in/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1
font-src googleapis.com *.googleapis.com gstatic.com *.gstatic.com cdn1.stamped.io fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ w2.countingdownto.com google.com *.google.com google.fi *.google.fi google.se *.google.se *.klarna.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.criteo.com *.klarnaservices.com policy.app.cookieinformation.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ gymstick.fi www.gymstick.fi gymstick.com www.gymstick.com gymstick.se www.gymstick.se sportics.se www.sportics.se ad.360yield.com ad.yieldlab.net beacon.krxd.net cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-sync.teads.tv criteo-partners.tremorhub.com eb2.3lift.com exchange.mediavine.com ib.adnxs.com id5-sync.com pixel.rubiconproject.com match.sharethrough.com matching.ivitrack.com rtb-csync.smartadserver.com ups.analytics.yahoo.com visitor.omnitagjs.com r.casalemedia.com s.thebrighttag.com secure.adnxs.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync.outbrain.com sync-t1.taboola.com x.bidswitch.net googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com *.gstatic.com google.com *.google.com google.fi *.google.fi google.se *.google.se facebook.com *.facebook.com bat.bing.com googlesyndication.com *.googlesyndication.com jadserve.postrelease.com e1.emxdgt.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.kxcdn.com *.ytimg.com cdn.stamped.io stamped.io https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.criteo.com *.criteo.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarnaservices.com license.mediastrategi.se unifaunonline.se www.unifaunonline.se flagpedia.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com googleadservices.com *.googleadservices.com google.com *.google.com google.fi *.google.fi google.se *.google.se *.bing.com connect.facebook.net *.klarna.com *.klarnacdn.net cdn.pji.nu googleapis.com ajax.googleapis.com cdn1.stamped.io https://api.unifaun.com youtube.com www.youtube.com *.criteo.com *.criteo.net chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarnaservices.com policy.app.cookieinformation.com api.unifaun.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com cdn1.stamped.io fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ google.com *.google.com *.analytics.google.com googleads.g.doubleclick.net googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net bing.com *.bing.com facebook.com *.facebook.com *.klarnaevt.com api.schibsted.com *.a.run.app stamped.io googleapis.com www.googleapis.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klarnauserservices.com policy.app.cookieinformation.com consent.app.cookieinformation.com www.gstatic.com maps.googleapis.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' localhost:12719 *.cloudfront.net *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.googlecommerce.com *.moatads.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.afterpay.com *.sagepay.com *.vimeo.com chimpstatic.com sibautomation.com *.dekopay.com *.payments-amazon.com *.klaviyo.com 1
frame-ancestors 'self' https://*.turksandcaicosgames.com https://*.decta.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.facebook.net https://*.adform.net/ https://*.google.com/ https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.test-kolaygiris.turktelekom.com.tr 1
frame-ancestors 'self' https://*.turtlemint.com https://*.turtlemintmoney.com 1
"default-src 'self' 'unsafe-inline' *.fontawesome.com  *.googleapis.com  uala.com.co *.google-analytics.com ;" 1
img-src 'self' * blob: data:;script-src 'self' 'unsafe-eval' blob:;default-src 'self' api-v2.psg777.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net www.googletagmanager.com maps.googleapis.com www.google-analytics.com gstatic.com; object-src 'self' 1
default-src 'self'; connect-src 'self' https: wss:; img-src 'self' 'unsafe-inline' https: http: data: blob:; script-src 'self' https://apis.mapmyindia.com https://*.firebaseio.com; script-src-attr 'self' 'unsafe-inline' ; frame-src https: http: https://*.firebaseio.com; style-src 'self' 'unsafe-inline' https://apis.mapmyindia.com; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
default-src 'self' data: 'unsafe-inline' https://i.vimeocdn.com/ https://corsi.studioeco.net/ https://player.vimeo.com/ https://media.edapp.com/ https://img.youtube.com/ https://www.youtube.com/ https://youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com/api/ https://www.youtube.com/ https://youtube.com/ https://ajax.googleapis.com/  https://player.vimeo.com/ https://corsi.studioeco.net/; style-src 'self' 'unsafe-inline' https://corsi.studioeco.net/ https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://corsi.studioeco.net/ data: https://fonts.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net https://www.youtube.com https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https://assets.msd-animal-health.com https://www.msd-animal-health.com https://secure.gravatar.com https://pixel.wp.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://policy.privacyandcookies.eu https://www.facebook.com data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default goog#html; 1
default-src 'self' https://www.google.es https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.onetrust.com data: 'unsafe-inline'; script-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.onetrust.com 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src 'self' https://*.google-analytics.com https://*.scandit.com https://*.mirasense.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' https://*.google-analytics.com https://cdn.cookielaw.org data:; child-src 'self' https://www.google.com blob:; worker-src 'self' blob:; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self'; 		 frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com/; 		 style-src 'self' 'unsafe-inline' https://*.fontawesome.com; 		 font-src 'self' https://*.fontawesome.com; 		 img-src 'self' data: https://upagostatic.global.ssl.fastly.net/ https://*.fontawesome.com https://www.google.cl; 		 connect-src 'self' https://*.fontawesome.com https://www.google-analytics.com/ https://analytics.google.com/ https://stats.g.doubleclick.net; 		 object-src 'none'; 		 base-uri 'none'; 		 frame-ancestors 'none'; 		 script-src 'self' https://www.googletagmanager.com/ 'nonce-NmNmY2Q2NWQtZTg4ZC00YmViLThkZjAtOTExZjgyNjgzNWVm' 1
script-src 'self' 'unsafe-eval' *.googleapis.com analytics.skroutz.gr vivapayments.com www.google-analytics.com www.googletagmanager.com connect.facebook.net 'nonce-0SD99aTNy6X6mozTHSYwj3y94wNcpWCO' 1
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.uzo.pt https://api.botschool.ai wss://api.botschool.ai https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://api.conveythis.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://www.google.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://services.sapo.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://*.uzo.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.uzo.pt https://*.byside.com https://www.facebook.com https://gateway.zscaler.net; frame-ancestors 'self' https://en.uzo.pt; frame-src 'self' https://*.meo.pt https://*.uzo.pt https://s1.byside.com https://www.facebook.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://gateway.zscaler.net; img-src 'self' data: https:; media-src 'self' data: https://*.uzo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/1kqJ23iNdD/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.byside.com https://cdn.conveythis.com https://www.datadoghq-browser-agent.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://cdn.weglot.com https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.byside.com https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 1
script-src  'self' 'sha256-PyG/wmI27ih5mh97hhDGJLPpOwR801s8mSynPadmvNw=';frame-ancestors 'none';base-uri 'none';connect-src ws: wss: 'self';style-src 'sha256-G68kpb/pk8uALHF9aiadwwGFjPPXHS9Xv9cQsEY2tjw=';object-src 'none';default-src 'self' 1
default-src 'none'; manifest-src 'self'; img-src 'self' region1.analytics.google.com region1.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.br https://img.youtube.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; script-src 'self' static.cloudflareinsights.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com google.com  https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com/; form-action 'self' pagseguro.uol.com.br ws.pagseguro.uol.com.br pagamento.pagseguro.uol.com.br https://pagamento.pagseguro.uol.com.br https://pagseguro.uol.com.br/ https://ws.pagseguro.uol.com.br/ https://pag.ae https://pagamento.pagbank.com.br/; media-src 'none'; frame-src https://www.youtube.com; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' cloudflareinsights.com region1.google-analytics.com region1.analytics.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com; worker-src 'none'; report-uri 'none'; base-uri 'none'; 1
default-src 'self' https://*.vanguardmexico.com https://*.americas.vanguard.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';frame-src 'self' 'unsafe-inline' https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://www.youtube.com https://*.doubleclick.net https://*.omniture.com https://activitymap.adobe.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://sc5.omniture.com https://insight.adsrvr.org https://*.kampyle.com https://*.doubleclick.net https://cdnapisec.kaltura.com https://*.medallia.com https://*.vanguard.com https://*.auth0.com https://*.vanguardmexico.com https://*.americas.vanguard.com;connect-src 'self' https://*.demdex.net https://vanguard.d2.sc.omtrdc.net https://*.api.company-target.com https://*.tt.omtrdc.net https://*.doubleclick.net https://*.kampyle.com https://*.medallia.com https://*.vanguard.com https://*.auth0.com https://*.vanguardmexico.com https://*.americas.vanguard.com;img-src 'self' data: https://*.vgdynamic.info https://vanguard.d2.sc.omtrdc.net https://sjs.bizographics.com https://*.vanguardmexico.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://P.adsymptotic.com https://www.google.com https://assets.adobedtm.com https://*.kampyle.com https://*.linkedin.com http://localhost:8080 https://*.doubleclick.net https://*.medallia.com https://*.vanguard.com https://sjs.bizographics.com https://adservice.google.com https://*.americas.vanguard.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vgcontent.info https://*.vanguardmexico.com https://*.doubleclick.net https://*.demdex.net https://*.vgdynamic.info https://*.omniture.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://assets.adobedtm.com https://*.kampyle.com https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com http://localhost:8080 https://*.medallia.com https://*.vanguard.com https://*.auth0.com https://*.vanguardmexico.com https://*.americas.vanguard.com;style-src 'self' https: 'unsafe-inline' https://*.vanguardmexico.com https://*.kampyle.com https://*.medallia.com https://*.vanguard.com https://*.vanguardmexico.com https://*.americas.vanguard.com;upgrade-insecure-requests 1
frame-ancestors 'self' *.taboola.com https://*.creativecdn.com;                      script-src 'self' 'unsafe-inline' 'unsafe-eval' instant.page https://*.nr-data.net https://*.creativecdn.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.cf2.rackcdn.com https://*.google.com *.taboola.com https://analytics.tiktok.com https://bam.eu01.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.taboola.com https://cdn-ukwest.onetrust.com https://cdn.scarabresearch.com https://connect.facebook.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://*.newrelic.com https://js.facebook.com https://maps.googleapis.com https://mc.yandex.ru https://maps.google.com https://njot1.vans.com https://static.criteo.net https://sslwidget.criteo.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://st-vans.mncdn.com https://trc.taboola.com https://tags.bkrtx.com https://tagmanager.google.com https://use.typekit.net https://www.gstatic.com https://www.google-analytics.com https://www.vans.com https://www.googletagmanager.com https://unpkg.com https://*.monetate.net https://www.clarity.ms/  https://*.vans.eu https://*.jquery.com https://*.creativecdn.com http://*.criteo.net http://*.scarabresearch.com;                      frame-src 'self' 'unsafe-inline' st-vans.mncdn.com https://st-vans.mncdn.com https://*.youtube.com https://*.criteo.com/ https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.force.com/ https://*.force.com https://*.google.com https://*.creativecdn.com https://www.masterpassturkiye.com;       style-src 'self' 'unsafe-inline' *.google.com *.taboola.com https://*.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com privacyportal-cdn.onetrust.com st-vans.mncdn.com www.googletagmanager.com https://unpkg.com  https://*.vans.eu https://*.jquery.com https://*.creativecdn.com;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net connect.facebook.net vars.hotjar.com www.googletagmanager.com https://*.youtube.com https://*.monetate.net https://*.creativecdn.com https://*.youtube-nocookie.com https://*.google.com https://*.creativecdn.com;                      base-uri 'self' *.taboola.com;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true 1
script-src 'self' https: *.google.com https: *.googleapis.com https: *.cloudflare.com 'nonce-YjkwNDFjYjktOGFiMi00YzJmLWJjNzMtNjAzYTA2NDhjNTlj'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 1
frame-ancestors 'self' https://verktygsvaruhuset.se https://verktygsvaruhuset.starwebserver.se 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.azureedge.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.oct8ne.com *.hotjar.com *.google.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.oct8ne.com *.azureedge.net grwapi.net *.google.com *.google.es *.doubleclick.net *.twitter.com *.pinterest.com t.co *.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.cookiebot.com *.oct8ne.com grwapi.net *.jquery.com *.doubleclick.net *.ads-twitter.com *.pinimg.com *.hotjar.com *.licdn.com *.clarity.ms *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com grwapi.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.oct8ne.com grwapi.net *.cookiebot.com *.doubleclick.net *.pinterest.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io *.clarity.ms *.tiktok.com *.google.com *.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'  videos-mgh.com apis.google.com accounts.google.com bid.g.doubleclick.net; connect-src * ;img-src *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net apis.google.com accounts.google.com track.opticks.io *.doubleclick.net ; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' https: *.videos-mgh.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /crs_csp_report_parser; 1
frame-ancestors 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com apis.google.com ajax.googleapis.com connect.facebook.net platform.twitter.com test-script.dotmetrics.net script.dotmetrics.net script.dotmetrics.rocks w.sharethis.com ws.sharethis.com wd.sharethis.com t.sharethis.com www.gstatic.com www.youtube.com tagmanager.google.com s.ytimg.com count-server.sharethis.com www.googleapis.com api.instagram.com sprymedia.co.uk adex.dotmetrics.net i.tryinteract.com cdn.cookielaw.org geolocation.onetrust.com unpkg.com cdnjs.cloudflare.com erato.hr s0.2mdn.net; report-uri https://cvoke.report-uri.io/r/default/csp/enforce 1
style-src 'unsafe-inline' https: https://www.vos-reves.com; script-src 'unsafe-eval' 'unsafe-inline' https: https://www.vos-reves.com *.google.fr *.google.com www.google-analytics.com ajax.googleapis.com *.googlesyndication.com; child-src 'self' blob: https: https://www.vos-reves.com *.doubleclick.net; connect-src https: https://www.vos-reves.com www.google-analytics.com *.googlesyndication.com wss://*.coinhive.com; default-src data: https: https://www.vos-reves.com www.google-analytics.com *.googlesyndication.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.iyzipay.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.iyzipay.com ; frame-ancestors *; 1
worker-src blob:; font-src fonts.gstatic.com *.fontawesome.com *.kxcdn.com http://unlimited-12ca8.kxcdn.com https://media.wamia.tn https://www.google.com.tr https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net/ http://unlimited-12ca8.kxcdn.com https://media.wamia.tn https://www.google.com.tr https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net https://googleads.g.doubleclick.net http://unlimited-12ca8.kxcdn.com https://media.wamia.tn https://www.google.com.tr https://www.google.tn https://capi.wamia.tn https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com *.google.com *.gstatic.com www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://www.google.com.tn https://www.google.tn https://media.wamia.tn https://capi.wamia.tn https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com http://unlimited-12ca8.kxcdn.com https://media.wamia.tn https://www.google.com.tr https://capi.wamia.tn https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io https://analytics.google.com https://media.wamia.tn https://stats.g.doubleclick.net https://capi.wamia.tn https://fonts.bunny.net https://cdn1.avada.io https://images1-focus-opensocial.googleusercontent.com https://wamia-media.s3.eu-west-1.amazonaws.com/ https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src api.ebizcharges.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint;, upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com; img-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.googleapis.com *.google-analytics.com data: ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com data:; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; connect-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' style-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src 'self' telmac.co.in drstech.co.in *.googleapis.com; style-src 'self' 'unsafe-inline' telmac.co.in drstech.co.in *.googleapis.com *.cloudflare.com code.jquery.com *.bootstrapcdn.com; font-src 'self' *.googleapis.com *.gstatic.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' telmac.co.in drstech.co.in *.googleapis.com *.google.com *.cloudflare.com code.jquery.com *.bootstrapcdn.com; img-src 'self' telmac.co.in drstech.co.in *.google.com *.googleapis.com code.jquery.com data: *.gstatic.com *.histats.com; object-src *.histats.com; frame-src 'self' www.youtube.com *.google.com maps.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typeform.com fonts.bunny.net *.tiktok.com ct.pinterest.com *.pinimg.com *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se *.wd40.es *.tiktok.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se wp-rocket.me *.wistia.com *.helpscout.net *.litix.io 1
frame-ancestors 'self' https://*.sanook.com/ 1
default-src 'self'; img-src 'self' https://www.google.com https://www.google.ie https://www.google-analytics.com data: 'self'; style-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com https://*.vo.msecnd.net/ http://*.vo.msecnd.net/ 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com  https://*.vo.msecnd.net/ http://*.vo.msecnd.net/ https://www.gstatic.com https://www.google.com/recaptcha/ https://js.monitor.azure.com/ https://*.hotjar.com/ 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com https://*.google-analytics.com/ https://stats.g.doubleclick.net https://*.in.applicationinsights.azure.com/; frame-src https://www.google.com https://auth.mywelfare-nonprod.ie/ https://www.ros.ie/ https://*.ros.ie/  1
base-uri 'self';default-src 'self';block-all-mixed-content;frame-ancestors 'self';form-action 'self' ;connect-src 'self' https://maps.googleapis.com https://dealer-locator-api.service.chainbox.io https://static.chainbox.io https://gateway.getflowbox.com https://a.getflowbox.com https://experience.getflowbox.com https://*.google-analytics.com https://*.analytics.google.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https://resources.chainbox.io https://maps.gstatic.com https://maps.googleapis.com https://*.cloudfront.net https://connect.getflowbox.com https://images.unsplash.com https://*.google-analytics.com https://*.analytics.google.com;media-src ;object-src 'none' ;script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-Z75HzvTNM1J2A1LrN2v61m6gMpkr+wcX2xmfpgTTNKI=' https://maps.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src 'self' ; 1
default-src 'self' *.whatthemovie.net; script-src 'self' *.whatthemovie.net *.google-analytics.com *.recaptcha.net *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.whatthemovie.net fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.whatthemovie.net s3-eu-west-3.amazonaws.com gravatar.com *.wp.com *.google-analytics.com data:; font-src fonts.gstatic.com *.whatthemovie.net; child-src *.recaptcha.net; frame-src *.youtube.com youtube.com *.recaptcha.net 'self'; connect-src 'self' youtube.com; 1
frame-ancestors https://wieczniezywechoinki.pl https://timelesschristmastrees.com; 1
default-src 'self' *.tiktok.com *.wonderbra.ca; img-src 'self' *.wonderbra.ca data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' *.facebook.com *.doubleclick.net *.google.com player.vimeo.com www.youtube.com vod-progressive.akamaized.net *.bazaarvoice.com *.cybersource.com *.cyberimpact.com *.pinterest.com; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.wonderbra.ca; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-R4C-OClnvYgMlLHGVdfJJA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://wrangler.in/ https://checkout.razorpay.com/ https://maps.googleapis.com/ https://*.googletagmanager.com/ https://bat.bing.com/ https://static.getclicky.com/ https://*.clarity.ms/ https://unpkg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/  https://*.googletagmanager.com/; frame-src 'self' https://api.razorpay.com/ https://www.myunidays.com/; font-src 'self' https://*.doubleclick.net/ https://fonts.gstatic.com/ https://wrangler.in/; media-src 'self' https://static.aceomni.cmsaceturtle.com/; object-src 'self'; manifest-src 'self'; worker-src blob: 'self';img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cmt-tool-images.s3.ap-south-1.amazonaws.com/ https://*.bing.com/ https://wrangler.in/ https://static.aceomni.cmsaceturtle.com/ https://maps.gstatic.com/ https://*.googleapis.com/ https://media.giphy.com/ https://s3.ap-south-1.amazonaws.com/ https://app-aceomni.s3.ap-south-1.amazonaws.com/ https://*.bing.com/ https://www.google.co.in/ https://*.clarity.ms/; connect-src 'self' https://*.clarity.ms/ https://*.api.webshop-prod.aceturtle.in/ https://*.googleapis.com/ https://*.razorpay.com/ https://*.browser-intake-datadoghq.com/ https://*.bing.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.in; form-action 'self' https://api.razorpay.com/; default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline'; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-9979D4F1D38AA42B6DFBC33E135820C8' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-9979D4F1D38AA42B6DFBC33E135820C8'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.wytegearre.nl/API/Site/CspReport 1
frame-ancestors  x-reload.com; upgrade-insecure-requests; frame-src www.facebook.com 'self' https://www.youtube.com/ secure.authorize.net test.authorize.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com; default-src   'self'  *.x-reload.com; script-src cdn.x-reload.com/static/ https://www.gstatic.com/recaptcha/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://www.google.com/recaptcha/ https://translate.google.com/ https://ipinfo.io/ https://js.authorize.net/ https://verify.authorize.net/ https://stats.g.doubleclick.net/ https://connect.facebook.net/ https://assets.adobedtm.com/ https://chimpstatic.com/mcjs-connected/js/  https://www.google-analytics.com/ cdn.x-reload.com/static/ 'unsafe-inline' 'unsafe-eval'; worker-src   'none'; style-src cdn.x-reload.com/static/ www.gstatic.com  translate.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src https://www.youtube.com/embed/; img-src 'self' verify.authorize.net translate.google.com translate.googleapis.com www.google.com cdn.x-reload.com/static/ cdn.x-reload.com/media/ https://www.gstatic.com/images/ https://www.facebook.com/tr/ data: https://www.google-analytics.com; font-src 'self' cdn.x-reload.com/static/ maxcdn.bootstrapcdn.com fonts.gstatic.com; base-uri 'self' cdn.x-reload.com/static/; form-action 'self' https://www.facebook.com/tr/ secure.authorize.net; connect-src 'self' csp.withgoogle.com translate.googleapis.com cdn.x-reload.com/static/ https://chimpstatic.com/mcjs-connected/ https://api2.authorize.net/ https://stats.g.doubleclick.net/ www.google-analytics.com/ https://js.authorize.net/ 1
default-src 'self' 'unsafe-inline' *.xcustomer360app.com *.placehold.it *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.xcustomer360.com 'unsafe-eval' *.xcustomer360app.com *.google.com *.googleapis.com *.gstatic.com *.xcustomer360app.com *.xcustomer360.com www.googletagmanager.com; img-src 'self' data: https://storage.cloud.google.com/xc360-content-reg/ https://storage.googleapis.com/xc360-content-reg-p/ *.googleusercontent.com/download/storage/v1/b/xc360-content-reg/; connect-src 'self' https://export.xcustomer360app.com https://apireport.xcustomer360app.com/api/reports https://apireport.xcustomer360app.com/api/statisticssurvey https://apireport.xcustomer360app.com/api/reportsdetail https://apireport.xcustomer360app.com/api/jobinformes https://apisurvey.xcustomer360app.com/api/surveyclick https://apifile.xcustomer360app.com/api/file/ *.google-analytics.com; frame-ancestors 'self' xcustomer360.com *.xcustomer360.com *.experiencialacardio.org experiencialacardio.org serviciositaucompra.alwayson.cl seguros.itau.co *.sxkm.co *.construyendo.ec construyendo.ec audifarma.com.co *.audifarma.com.co transac.globalseguroscolombia.com paprspruebas.audifarma.com.co:8080 pruebasgl3.audifarma.com.co:9091 somosbelleza.com cda1d7.myshopify.com https://dacg.app www.cpo.com.co cpo.com.co  1
default-src 'self' https:; img-src https://* 'self' data:; style-src 'unsafe-inline' https: 'self'; script-src data: https: 'self' 'unsafe-inline'; font-src data: https: 'self'; connect-src http://logs-01.loggly.co http://logs-01.loggly.com 'self' https: 1
frame-ancestors 'self' yohopowernewsite.cyberbiz.co; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantserve.com *.tarteaucitron.io *.doubleclick.net cdn.ampproject.org *.twimg.com *.twitter.com connect.facebook.net *.googleadservices.com *.google.fr *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com; base-uri 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7ke0mipiqu6i2&partner=; 1
frame-ancestors 'self';  script-src 'nonce-ecf6907f7efd4e25ad72444e9334fe01' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; 1
base-uri 'self'; connect-src 'self' blob: *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fontawesome.com *.froala.com *.jsdelivr.net *.youtube.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cloudflare.com unpkg.com; default-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fontawesome.com *.froala.com *.jsdelivr.net *.youtube.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cloudflare.com unpkg.com; style-src 'unsafe-inline' data: blob: *; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com ; frame-ancestors *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.wp.com *.saleago.com *.doubleclick.net *.clarity.ms *.google.pl *.klaviyo.com *.wp.com *.gravatar.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.jquery.com *.salesmanago.pl *.googletagmanager.com *.google-analytics.com *.gdpsystem.eu *.gstatic.com *.googlesyndication.com trafficscanner.pl *.trafficscanner.pl *.rzetelnyregulamin.pl cdnjs.cloudflare.com d3k81ch9hvuctc.cloudfront.net *.jsdelivr.net data: wss://trafficscanner.pl blob:; block-all-mixed-content; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://apis.google.com https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn.decibelinsight.net https://www.googleoptimize.com; 1
frame-ancestors 'self'                    cbsplit.com       hardwoodtonic.co       hardwoodtonic-co.cbsplit.com ; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-INiK305oEQgWahuSXMqlAnwPKUI='; style-src 'nonce-INiK305oEQgWahuSXMqlAnwPKUI=' 1
frame-ancestors localhost:5080 redef.co netdj.co; upgrade-insecure-requests 1
default-src 'self' ; worker-src 'self' https://www.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://nmas.nowmedia.co.za https://*.effectivemeasure.net https://ftwonline.disqus.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.disquscdn.com ; connect-src 'self' https://maps.googleapis.com https://nmas.nowmedia.co.za https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://stats.g.doubleclick.net https://*.effectivemeasure.net ; img-src 'self' 'unsafe-inline' blob: data: https://ssl.google-analytics.com https://*.openstreetmap.org https://nmas.nowmedia.co.za https://*.effectivemeasure.net https://*.disquscdn.com https://*.ytimg.com https://*.disqus.com/ https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://themes.googleusercontent.com data: ; media-src 'self' data: ; frame-src 'self' https://datastudio.google.com https://ad.doubleclick.net https://www.google.com https://nmas.nowmedia.co.za https://disqus.com https://www.youtube.com/ data: ; prefetch-src 'self' https://disqus.com https://*.disquscdn.com data:  1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' booking-widget.quandoo.com ajax.googleapis.com maps.googleapis.com kit.fontawesome.com code.jquery.com joblink.allibo.com connect.facebook.net www.google-analytics.com cdn.jsdelivr.net consentcdn.cookiebot.com www.googletagmanager.com cdnjs.cloudflare.com consent.cookiebot.com; style-src 'unsafe-inline' 'self' joblink.allibo.com cdnjs.cloudflare.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' 9110-api.quandoo.com www.google-analytics.com maps.googleapis.com ka-p.fontawesome.com joblink.allibo.com consentcdn.cookiebot.com; font-src 'self' ka-p.fontawesome.com fonts.gstatic.com; frame-src 'self' www.quandoo.it www.google.com consentcdn.cookiebot.com; img-src 'self' www.google-analytics.com imgsct.cookiebot.com maps.googleapis.com data: www.sebeto.com; manifest-src 'self'; media-src 'self' www.rossopomodoro.cloud; worker-src 'none'; 1
Content-Security-Policy default-src 'self' data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.juicer.io https://js.stripe.com https://js.callrail.com http://js.callrail.com https://connect.facebook.net http://connect.facebook.net https://cdn.callrail.com http://cdn.callrail.com https://www.youtube.com http://www.youtube.com https://my.wpengine.com http://my.wpengine.com http://www.google.com http://google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com http://unpkg.com https://www.googletagmanager.com http://www.googletagmanager.com https://s.btstatic.com http://s.thebrighttag.com http://thebrighttag.com http://www.google-analytics.com http://google-analytics.com http://cdnjs.cloudflare.com https://www.gstatic.com http://www.gstatic.com http://s.btstatic.com http://s.btstatic.com http://static.srcspot.com https://static.srcspot.com;connect-src https://www.juicer.io https://www.suffolk.com https://cdn.jsdelivr.net https://js.callrail.com http://js.callrail.com https://my.wpengine.com http://my.wpengine.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com data: 'unsafe-inline';img-src 'self' https://media.licdn.com https://www.juicer.io https://assets.juicer.io https://dify.wpengine.com http://dify.wpengine.com https://www.facebook.com http://www.facebook.com https://s.w.org http://s.w.org http://secure.gravatar.com https://secure.gravatar.com http://gravatar.com http://1.gravatar.com http://1.gravatar.com https://1.gravatar.com http://i.ytimg.com http://ytimg.com https://www.google-analytics.com http://www.google-analytics.com data: 'unsafe-inline';frame-src https://www.juicer.io https://js.stripe.com https://www.facebook.com http://www.facebook.com http://youtube.com http://www.youtube.com http://seekbeak.com http://s.thebrighttag.com http://thebrighttag.com https://www.google.com http://www.google.com data: ;style-src 'self' data: 'unsafe-inline' https://www.juicer.io http://unpkg.com http://code.ionicframework.com http://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.gstatic.com https://code.ionicframework.com https://unpkg.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com;font-src 'self' https://static.juicer.io http://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.gstatic.com http://code.ionicframework.com data: 'unsafe-inline';frame-ancestors 'self' data: blob:;form-action 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' https://graphql-listen.datocms.com https://vitals.vercel-insights.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors https://cms.aptosfoundation.org https://plugins-cdn.datocms.com;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://platform.twitter.com;img-src 'self' data: https://media.aptosfoundation.org https://aptosfoundation-proxy.imgix.net https://*.googleusercontent.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://platform.twitter.com https://va.vercel-scripts.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src 'none'; child-src blob: https://mc.yandex.ru; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://mc.yandex.ru; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru blob: https://mc.yandex.ru; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://mc.yandex.ru https://secure.gravatar.com https://ps.w.org; object-src ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://mc.yandex.ru https://api-maps.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-LZKKkmZ+N393EsqVTiv6LuhJMMoGe6pRIsq+Hn26qu89vUm2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; form-action 'self' https://*.facebook.com https://*.createsend.com; frame-ancestors 'self'; connect-src 'self' https://*.gstatic.com https://*.tiktok.com https://*.facebook.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://stats.g.doubleclick.net  https://*.google-analytics.com https://rum-collector-2.pingdom.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  https://*.createsend.com https://createsend.com; default-src 'none'; font-src data: 'self' https://*.googleapis.com https://*.gstatic.com; frame-src 'self' http://blog.heyday.xyz https://*.googleadservices.com https://blog.usejournal.com https://*.tiktok.com https://*.simplecast.com https://*.instagram.com https://*.vimeo.com https://*.soundcloud.com https://*.youtube.com *.safeframe.googlesyndication.com https://*.googlesyndication.com https://*.facebook.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.createsend.com; img-src data: 'self' https://cdn-images-1.medium.com https://*.facebook.net https://*.thebigidea.nz https://*.google.com https://*.googleusercontent.com https://theregister.co.nz https://*.files.wordpress.com https://*.wordpress.com https://*.wp.com https://stoppress.co.nz https://a.tangible.net.nz https://b.tangible.net.nz https://c.tangible.net.nz https://secure.gravatar.com https://securepubads.g.doubleclick.net https://res.cloudinary.com https://pixel.wp.com https://tpc.googlesyndication.com https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://idealog.co.nz https://www.google.co.nz https://www.facebook.com https://ams-pageview-public.s3.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; media-src https://res.cloudinary.com; object-src 'self' https://*.cloudinary.com; script-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.ttwstatic.com https://*.instagram.com https://*.vimeo.com https://*.twitter.com https://*.tiktok.com https://*.facebook.com https://*.instagram.com  https://*.tangible.net.nz https://*.wp.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.googletagmanager.com https://htlbid.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://rum-static.pingdom.net https://*.googleapis.com https://*.createsend1.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://*.ttwstatic.com https://*.wp.com https://*.googleapis.com https://htlbid.com ; 1
frame-ancestors https://www.razer.com; 1
default-src 'self';style-src 'self'  'unsafe-inline';frame-ancestors 'self' 1
frame-src https://widget.trustpilot.com https://js.stripe.com;script-src https://widget.trustpilot.com https://js.stripe.com 'self' 'nonce-7Gigw+O+S/5RTwXIcQ/hh/WBZmsDSfE29kQgmJoVpkc=';img-src http://*.steampowered.com https: blob: data: 'self';connect-src 'self' https: wss: *.gladiator.tf:2083 gladiator.tf:2083;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org; img-src 'self' data: *.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com cdn.cookielaw.org; connect-src 'self' *.google-analytics.com https://api.lever.co cdn.cookielaw.org geolocation.onetrust.com 1
default-src 'self' http: https: data: blob: ws: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://metrika.yandex.ru http://metrika.yandex.by http://metrica.yandex.com http://metrica.yandex.com.tr https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com https://webvisor.com https://*.webvisor.com https://*.hh.ru; 1
default-src 'self' *.dev-vynetrellis.com dev-vynetrellis.com *.dev-rpractice.com dev-rpractice.com; child-src 'self' blob: *.pendo.io dev-vynetrellis.com *.dev-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.dev-vynetrellis.com wss://dev-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.dev-vynetrellis.com dev-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.dev-vynetrellis.com dev-vynetrellis.com *.dev-rpractice.com dev-rpractice.com *.pendo.io; frame-src 'self' *.dev-vynetrellis.com dev-vynetrellis.com previewapp.dev-vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.dev-vynetrellis.com dev-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.dev-vynetrellis.com dev-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
default-src 'self' blob: data: cytokineticsde.wpengine.com cytokinetics.com *.cytokinetics.com *.wpengine.com *.googleapis.com *.fontawesome.com secure.gravatar.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://script.hotjar.com https://static.hotjar.com https://www.googletagmanager.com cytokineticsde.wpengine.com cytokinetics.com *.cytokinetics.com *.wpengine.com *.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com https://www.recaptcha.net https://www.gstatic.com https://www.google-analytics.com https://ws.sharethis.com *.sharethis.com;  style-src 'self' 'unsafe-inline' *.wpengine.com fonts.googleapis.com *.fontawesome.com player.vimeo.com *.sharethis.com;  font-src 'self' data: *.wpengine.com use.fontawesome.com fonts.gstatic.com;  frame-src blob: player.vimeo.com *.sharethis.com https://www.youtube.com;  media-src 'self' data: *.vimeo.com vod-progressive.akamaized.net *.sharethis.com;  connect-src 'self' blob: *.crwdcntrl.net https://o197999.ingest.sentry.io https://www.google-analytics.com *.sharethis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.recaptcha.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://boards-api.greenhouse.io; img-src 'self' data: www.googletagmanager.com secure.gravatar.com; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' translate.googleapis.com hello.myfonts.net www.google.com api.tiles.mapbox.com; img-src 'self' um.simpli.fi translate.googleapis.com translate.google.com t.co peoples-gas.com www.peoples-gas.com *.adsymptotic.com t.co www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com www.googletagmanager.com connect.facebook.net i.ytimg.com insight.adsrvr.org analytics.twitter.com googleads.g.doubleclick.net www.google.com www.googleapis.com clients1.google.com *.gstatic.com speedpay.walletron.com cse.google.com data: blob:; form-action 'self' www.facebook.com; frame-ancestors 'none'; frame-src 'self' tpc.googlesyndication.com www.youtube.com *.adsrvr.org www.google.com www.facebook.com cse.google.com peoplesgas.maps.arcgis.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' i.simpli.fi ranslate.googleapis.com translate.google.com js.adsrvr.org analytics.twitter.com tpc.googlesyndication.com www.youtube.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.adsrvr.org connect.facebook.net static.ads-twitter.com bat.bing.com script.crazyegg.com analytics.twitter.com www.google.com www.gstatic.com cdn.jsdelivr.net www.googleadservices.com platform.twitter.com cse.google.com adservice.google.com api.tiles.mapbox.com tag.simpli.fi; connect-src 'self' translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com script.crazyegg.com bat.bing.com www.googletagmanager.com www.google.com *.mapbox.com adservice.google.com cdn.linkedin.oribi.io; worker-src blob:; report-uri https://reporting-dev.breilabs.com/ 1
frame-ancestors 'self' https://*.mybigcommerce.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://procursus.social; img-src 'self' data: blob: https://procursus.social https://assets.procursus.social; style-src 'self' https://procursus.social 'nonce-e7j395hqWbYTj2L4KbEftw=='; media-src 'self' data: https://procursus.social https://assets.procursus.social; frame-src 'self' https:; manifest-src 'self' https://procursus.social; form-action 'self'; child-src 'self' blob: https://procursus.social; worker-src 'self' blob: https://procursus.social; connect-src 'self' data: blob: https://procursus.social https://assets.procursus.social wss://procursus.social; script-src 'self' https://procursus.social 'wasm-unsafe-eval' 1
default-src 'self'; connect-src 'self' properties: *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.yoast.com yoast.com stats.g.doubleclick.net ad.doubleclick.net; font-src data: *; frame-src 'self' *.google.com *.googletagmanager.com www.youtube.com *.facebook.com platform.twitter.com bundaberg.elmotalent.com.au elmosoftware.com.au *.fls.doubleclick.net td.doubleclick.net; img-src data: *; media-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com connect.facebook.net platform.twitter.com/widgets.js s.tribalfusion.com/displayAd.js a.tribalfusion.com bundaberg.elmotalent.com.au elmosoftware.com.au dnn506yrbagrg.cloudfront.net/pages/scripts/0011/9541.js static.hotjar.com/c/hotjar-97405.js static.hotjar.com/c/hotjar-816256.js cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com connect.facebook.net platform.twitter.com/widgets.js s.tribalfusion.com/displayAd.js a.tribalfusion.com bundaberg.elmotalent.com.au elmosoftware.com.au dnn506yrbagrg.cloudfront.net/pages/scripts/0011/9541.js static.hotjar.com/c/hotjar-97405.js static.hotjar.com/c/hotjar-816256.js cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fast.fonts.net hello.myfonts.net cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.css maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com fast.fonts.net hello.myfonts.net cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.css maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css; worker-src 'self' blob:; block-all-mixed-content; report-uri https://o4505866301014016.ingest.sentry.io/api/4505866305470464/security/?sentry_key=a9ec51ce1077c75a0398df9a35bb46b6&sentry_environment=production 1
script-src 'self' https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.facebook.com https://connect.facebook.net/ https://twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ http://free.timeanddate.com/ https://www.youtube.com/ http://translate.google.com/ https://translate.googleapis.com/ https://code.jquery.com/ http://code.jquery.com/ https://www.googletagmanager.com/ https://counter.websiteout.net/  'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e24b19d7f31073e95bae8909c158aa32'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pubsub.fun; img-src 'self' https: data: blob: https://pubsub.fun; style-src 'self' https://pubsub.fun 'nonce-iUuB7ipCf8PYjYrhoigrxg=='; media-src 'self' https: data: https://pubsub.fun; frame-src 'self' https:; manifest-src 'self' https://pubsub.fun; form-action 'self'; connect-src 'self' data: blob: https://pubsub.fun https://pubsub.fun wss://pubsub.fun; script-src 'self' https://pubsub.fun 'wasm-unsafe-eval'; child-src 'self' blob: https://pubsub.fun; worker-src 'self' blob: https://pubsub.fun 1
default-src 'self' google-analytics.com https://cdn.webgift.eu api.userway.org cdn.userway.org https://maps.googleapis.com google.com www.google.com google.lt widget-v4.tidiochat.com  wss://socket.tidio.co www.google.lt stats.g.doubleclick.net analytics.google.com fonts.gstatic.com youtube.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.webgift.eu google-analytics.com cdn.userway.org code.tidio.co widget-v4.tidiochat.com maps.googleapis.com google.com www.google.com www.gstatic.com gstatic.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://cdn.webgift.eu cdn.userway.org fonts.googleapis.com stats.g.doubleclick.net analytics.google.com; img-src 'self' https://cdn.webgift.eu cdn.userway.org https://s3.eu-west-1.amazonaws.com https://unpkg.com twemoji.maxcdn.com google.lt www.google.lt data: google-analytics.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net analytics.google.com; object-src 'none' 1
frame-ancestors 'self' https://www.justsunnies.com.au https://js21-fe-git-development-justsunnies.vercel.app https://justsunnies.au.ngrok.io https://sunglassconnection.au.ngrok.io https://www.sunglassconnection.com.au https://sc21-fe.vercel.app 1
connect-src 'self' https://api.deepquote.ai/v1/predict/work-type https://fortnox.piwik.pro https://fortnox.containers.piwik.pro https://fortnox.piwik.pro/consent/collect https://*.freshchat.com https://*.offerta.se https://*.hotjar.com/ http://*.hotjar.com/ https://*.hotjar.io http://*.hotjar.io wss://*.hotjar.com https://*.linkedin.oribi.io https://px.ads.linkedin.com/wa https://connect.facebook.net https://www.facebook.com https://*.offertadev.se/ https://sitegainer.com https://*.sitegainer.com https://cdn-sitegainer.com https://*.cdn-sitegainer.com https://*.symplify.com https://*.pro.ip-api.com wss://*.sitegainer.com https://*.sentry.io; frame-src https://offerta.se https://*.offerta.se https://*.offertadev.se https://www.youtube.com https://fortnox.containers.piwik.pro https://*.freshchat.com https://*.hotjar.com/ https://www.facebook.com/ https://*.googlesyndication.com https://sitegainer.com https://td.doubleclick.net; report-uri /api/cspreport 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.createjs.com https://polyfill.io https://*.omappapi.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com http://ajax.googleapis.com https://chimpstatic.com https://downloads.mailchimp.com *.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://connect.facebook.net https://www.youtube.com https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://static.ads-twitter.com https://analytics.twitter.com https://bat.bing.com https://secure.adnxs.com https://jobadder.com https://apps.jobadder.com https://ajax.cloudflare.com https://*.afterpay.com https://analytics.tiktok.com *.criteo.com *.criteo.net https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://tagmanager.google.com https://cdn-images.mailchimp.com https://downloads.mailchimp.com https://*.omappapi.com *.criteo.com *.criteo.net https://tags.srv.stackadapt.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.com.au https://maps.googleapis.com https://maps.gstatic.com http://maps.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.ytimg.com https://*.omappapi.com https://bat.bing.com https://t.co https://analytics.twitter.com https://apps.jobadder.com https://*.afterpay.com https://gallery.mailchimp.com *.krxd.net *.bluekai.com sync-criteo.ads.yieldmo.com *.clmbtech.com *.smaato.net *.pubmatic.com *.bing.com exchange.mediavine.com *.rlcdn.com *.stickyadstv.com *.adingo.jp *.dable.io *.casalemedia.com *.socdm.com *.emxdgt.com *.analytics.yahoo.com *.aralego.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.360yield.com *.media.net eb2.3lift.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com criteo-sync.teads.tv *.criteo.com *.criteo.net *.aralego.net *.simpli.fi *.paypal.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.omappapi.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://analytics.google.com https://*.analytics.google.com https://*.google.com.au https://www.sandbox.paypal.com https://www.paypal.com https://bat.bing.com https://analytics.tiktok.com https://tags.srv.stackadapt.com; media-src 'self'; object-src 'self'; frame-src 'self' https://www.facebook.com https://bid.g.doubleclick.net https://*.gstatic.com https://*.google.com https://www.youtube.com https://js.stripe.com https://*.afterpay.com https://apply.jobadder.com *.criteo.com *.criteo.net *.paypal.com *.paypalobjects.com; worker-src 'self' https://*.gstatic.com https://*.google.com; frame-ancestors 'self'; form-action 'self' *.paypal.com https://www.facebook.com; block-all-mixed-content ; upgrade-insecure-requests ; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; frame-ancestors 'self' https://karriere.pneu.com; font-src https: data: 1
img-src 'self' http://48gmy284.tinifycdn.com https://www.snapengage.com *.google.com *.google.nl *.doubleclick.net *.googleadservices.net *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.be *.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com data:; object-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://p.typekit.net *.typekit.net *.typekit.net/* https://web.keesing.com https://fonts.mopinion.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self'; report-uri https://ledenvereniging.nl/report-uri/enforce 1
default-src https://cativa.net:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443; img-src 'self' https://www.google-analytics.com:443 https://cloud.cativa.net:443 https://www.linuxcounter.net:443; font-src 'self' https://fonts.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'none'; connect-src 'self' https://www.google-analytics.com:443; report-uri 'none'; object-src 'none'; script-src-elem 'self' https://www.google-analytics.com:443; 1
default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1
frame-ancestors 'self' *.shoplineapp.com *.facebook.com 1
frame-ancestors 'self'; script-src 'self' https://*.roamright.com http://*.roamright.com http://*.google.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com https://*.youtube.com https://*.bing.com https://*.amazonaws.com https://*.ywxi.net https://*.cloudfront.net http://*.cloudfront.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.incontact.com https://*.roamright.com https://*.incontact.com https://*.trustedsite.com https://*.trustpilot.com https://*.telerik.com http://*.telerik.com https://*.cdn.telerik.com https://*.googleadservices.com https://*.facebook.net https://*.pinterest.com https://*.unpkg.com https://unpkg.com https://wurfl.io/ https://*.wurfl.io/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://*.googletagmanager.com https://*.roamright.com https://*.incontact.com https://*.telerik.com http://*.telerik.com https://*.cdn.telerik.com https://*.jquery.com http://*.jquery.com https://*.unpkg.com https://unpkg.com 'unsafe-inline'; 1
default-src 'self' https:; frame-ancestors *.cribl.io *.cribl-staging.cloud *.cribl.cloud http://localhost:27015 ; frame-src vercel.live vercel.com vars.hotjar.com *.cribl-staging.cloud *.cribl.cloud *.cribl-dev.cloud player.vimeo.com ; img-src 'self' 'unsafe-inline' vercel.live vercel.com sockjs-mt1.pusher.com heapanalytics.com s.gravatar.com *.wp.com; connect-src 'self' ws: wss: cribl.io *.cribl.io fxw3r7gdm9.execute-api.us-east-1.amazonaws.com *.heapanalytics.com *.launchdarkly.com *.hotjar.com *.mktoresp.com www.google-analytics.com cdn.segment.com api.segment.io *.cribl-staging.cloud *.cribl.cloud *.cribl-dev.cloud cribl-cloud-dev.us.auth0.com cribl-cloud-staging.us.auth0.com cribl-cloud-prod.us.auth0.com vercel.com sockjs-mt1.pusher.com ws-mt1.pusher.com vercel.live vitals.vercel-insights.com vimeo.com ; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com script.hotjar.com munchkin.marketo.net www.google-analytics.com www.googletagmanager.com vercel.live vercel.com static.hotjar.com cdn.segment.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://cheeseburger.social 'wasm-unsafe-eval'; font-src 'self' https://cheeseburger.social; img-src 'self' data: blob: https://cheeseburger.social https://s3.wasabisys.com; style-src 'self' https://cheeseburger.social 'nonce-N9JAfjbBuwDlI6ONbDm3uA=='; media-src 'self' data: https://cheeseburger.social https://s3.wasabisys.com; frame-src 'self' https:; child-src 'self' blob: https://cheeseburger.social; worker-src 'self' blob: https://cheeseburger.social; connect-src 'self' blob: data: wss://cheeseburger.social https://cheeseburger.social https://s3.wasabisys.com; manifest-src 'self' https://cheeseburger.social; form-action 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agricharts.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.polyfill.io code.jquery.com cdn.datatables.net *.googletagmanager.com twitter.com *.twitter.com *.windy.com *.financialcontent.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com media.agricharts.com; object-src 'self' s3.amazonaws.com media.agricharts.com; frame-src 'self' *.youtube.com *.facebook.com www.google.com twitter.com *.twitter.com *.windy.com www.screencast.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com; frame-ancestors 'self'; 1
default-src 'self' *.binomo-brokers.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo-brokers.com *.binomo.com wss://as.binomo-brokers.com:* wss://as.binomo.com:* wss://ws.binomo-brokers.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo-brokers.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomo-brokers.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo-brokers.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo-brokers.com *.binomo.com 1
frame-ancestors 'self' https://app.kontent.ai; 1
frame-ancestors 'self'; default-src 'self' *.transunion.com *.transunion.hk *.transunion.ph *.akamai.net *.akamaiedge.net *.a-msedge.net *.chinesean.com *.cloudapp.azure.com *.cloudapp.net *.e-msedge.net *.fbcdn.net *.google.com *.google.com.hk *.google.com.ph *.google-analytics.com *.googleapis.com *.googletagmanager.com *.mathtag.com *.msftncsi.com *.optimizely.com *.trustev.com *.yahoodns.net *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com; script-src 'self' *.adobedtm.com *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net app.trustev.com pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline'; child-src transunion.demdex.net *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com players.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.tt.omtrdc.net dpm.demdex.net *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com;         media-src 'self' *.transunion.com blob: f1.media.brightcove.com; img-src * data:; font-src data: *.adobeaemcloud.com 'self' *.transunion.hk *.transunion.ph *.transunion.com fonts.gstatic.com api.company-target.com edge.api.brightcove.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; 1
frame-ancestors 'self' *.tar.mx *.eltiempomonclova.mx eltiempomx.com *.facebook.com 1
default-src https: data: wss://widget-mediator.zopim.com http://213.98.113.217:3002 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' http://connect.facebook.net https://cdn.consentmanager.net https://c.delivery.consentmanager.net https://img.onesignal.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google.com https://www.google.pl https://googletagmanager.com http://apima.nursing.pwn.pl https://www.google-analytics.com https://google-analytisc.com https://script.crazyegg.com https://r2.pwn.net.pl http://cdn.embedly.com https://b.delivery.consentmanager.net https://cdn.onesignal.com https://onesignal.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://nursing.com.pl;style-src 'self' 'unsafe-inline' https://nursing.com.pl:4200 https://img.onesignal.com  https://nursing.com.pl:80 https://cdn.jsdelivr.net https://fonts.googleapis.com https://apima.nursing.pwn.pl https://vjs.zencdn.net https://onesignal.com;img-src 'self' data: https://cdn.consentmanager.net https://img.onesignal.com https://upload.snrcdn.net https://emp-scs.img-osdw.pl https://b.delivery.consentmanager.net https://www.facebook.com https://facebook.com https://www.google.com https://www.google.pl https://www.google-analytics.com https://googleads.g.doubleclick.net https://nursing.com.pl;connect-src 'self' https://www.googletagmanager.com https://delivery.consentmanager.net https://pagead2.googlesyndication.com https://cdn.consentmanager.net https://www.google.com https://www.google.pl https://www.facebook.com https://www.googleadservices.com https://r2.pwn.net.pl https://google-analytics.com https://script.crazyegg.com https://www.google-analytics.com https://nursing.com.pl https://nursing.com.pl https://stats.g.doubleclick.net https://region1.analytics.google.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://onesignal.com https://apima.nursing.pwn.pl;frame-src 'self' https://r2.pwn.net.pl https://cdn.consentmanager.net https://img.onesignal.com https://www.youtube.com https://www.facebook.com https://td.doubleclick.net https://www.facebook.com/ https://www.youtube.com/ https://docs.google.com/;worker-src 'self' blob: https://nursing.com.pl;media-src 'self' https://edumedia.pzwl.pl;font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://img.onesignal.com  data: 1
frame-ancestors https://vk.com https://*.vk.com https://ok.ru https://*.ok.ru 'self';     script-src 'self' 'unsafe-inline' https://vk.com https://*.vk.com https://ok.ru https://*.ok.ru https://ajax.googleapis.com https://mc.yandex.ru 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com  https://ajax.aspnetcdn.com https://www.googleadservices.com https://tags.crwdcntrl.net https://static.ads-twitter.com https://connect.facebook.net https://sc-static.net https://analytics.twitter.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://img06.en25.com https://tags.bkrtx.com https://assets.voxcinemas.com https://cdn.curator.io https://cdnjs.cloudflare.com; 1
default-src 'self' *.cookielaw.org *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookielaw.org *.googletagmanager.com *.google-analytics.com; img-src 'self' data: *.google.nl *.cookielaw.org *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.cookielaw.org *.googletagmanager.com *.google-analytics.com; font-src 'self' data: *.cookielaw.org *.googletagmanager.com *.google-analytics.com; connect-src 'self' *.cookielaw.org *.googletagmanager.com *.google-analytics.com https://region1.analytics.google.com; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.polyfill.io/ https://cdn.polyfill.io/ https://cgtforms.com/ https://t.gatorleads.co.uk/ https://googleads.g.doubleclick.net/ https://okt.to/ https://www.google-analytics.com/ https://snap.licdn.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://t.gatorleads.co.uk/Scripts/ssl/ https://static.oktopost.com/ https://www.google.com/; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://beacon-v2.helpscout.net/ https://cdnjs.cloudflare.com/ajax/libs/vue/2.5.16/vue.min.js https://cgtforms.com/ribinternationallz/smartforms/3d90ac61-00bf-4271-af51-d2ef971ed488.js https://code.jquery.com/jquery-2.2.4.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/936683490/ https://okt.to/ping https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.oktopost.com/oktrk.js https://t.gatorleads.co.uk/Scripts/ssl/08fb0aa4-6a4b-4b95-99e4-cfb07bd94c6b.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js; style-src 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.cgtforms.com/ https://yoast.com/ https://d3hb14vkzrxvla.cloudfront.net https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://go.ribccs.com https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://www.youtube.com; img-src 'self' data: https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://p.adsymptotic.com/d/px/ https://www.linkedin.com/ https://px.ads.linkedin.com https://s.w.org https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://www.google.com.hk https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://6260f79e063b0bf3ec04054f.endpoint.csper.io/?v=1; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com *.google-analytics.com https://syndication.twitter.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://w3.cdn.anvato.net/ https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://support.doctorpodcasting.com https://tenethealth.outgrow.us/ https://dyv6f9ner1ir9.cloudfront.net/* https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com https://optimize.google.com https://tagmanager.google.com platform.twitter.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com *.twimg.com data: blob: https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.google-analytics.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com platform.twitter.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://fast.wistia.com https://embed-ssl.wistia.com https://embed-fastly.wistia.com https://photos.officite.com https://www.vitals.com https://connect.facebook.net https://pc-hmt-collect.tealiumiq.com *.tealiumiq.com *.tiqcdn.com https://tags.tiqcdn.com/* 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.gstatic.com https://fonts.googleapis.com https://fast.wistia.com/; frame-src *.marketo.com *.sitefinity.xyz *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://vimeo.com/ https://ondemand.viewmedica.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net *.mktoresp.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://maps.gstatic.com https://siteimproveanalytics.com https://www.googletagmanager.com https://px.marchex.io https://my2.siteimprove.com https://munchkin.marketo.net https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://68956.global.siteimproveanalytics.io *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/ https://i.vimeocdn.com https://cdn.perfdrive.com https://cas.avalon.perfdrive.com https://validate.perfdrive.com https://cdnjs.cloudflare.com https://support.doctorpodcasting.com https://assets-usa.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net public-usa.mkt.dynamics.com https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-fastly.wistia.com https://vimeo.com/ https://fast.wistia.com https://pc-hmt-collect.tealiumiq.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://media.tenethealth.com https://fast.wistia.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://vimeo.com/ 'self' web-chat.nativechat.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'self'; script-src  'nonce-25743d86f41b45f09374e4c43b946489' 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adoberesources.net https://documentcloud.adobe.com https://www.youtube.com https://st.getsitecontrol.com https://c.evidon.com https://www.gstatic.com https://www.google.com https://widgets.getsitecontrol.com https://region1.google-analytics.com https://snap.licdn.com https://dl.episerver.net https://munchkin.marketo.net https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://app-sn01.marketo.com https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://static.oktopost.com https://*.googletagmanager.com; img-src 'self' data: https://www.google.com.vn https://www.gstatic.com https://assets.adoberesources.net https://lh3.googleusercontent.com https://okt.to/c https://app.getsitecontrol.com https://c.bing.com  https://px4.ads.linkedin.com https://px.ads.linkedin.com/ https://c.clarity.ms/ https://ton.twimg.com/ https://www.google.com/ https://app-sn01.marketo.com https://p.adsymptotic.com/ https://ssl.gstatic.com https://www.linkedin.com https://stats.g.doubleclick.net https://www.facebook.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://images.passle.net https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://px.ads.linkedin.com https://go.grantthornton.com.au https://www.grantthornton.global https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://go.grantthornton.com.au https://*.typekit.net https://ton.twimg.com https://tagmanager.google.com https://app-sn01.marketo.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://sdk.passle.net https://fonts.googleapis.com https://clientapi.passle.net https://rtp-static.marketo.com/; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; frame-src  'self' https://go.grantthornton.com.au https://documentcloud.adobe.com https://bid.g.doubleclick.net https://syndication.twitter.com https://app-sn01.marketo.com https://www.facebook.com https://www.google.com https://platform.twitter.com https://www.passle.net https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://webplayer.whooshkaa.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://flo.uri.sh/ https://www.wevideo.com/  https://playlist.megaphone.fm https://z6z.co; connect-src 'self' https://px.ads.linkedin.com/ https://maps.googleapis.com/ https://www.alskd34.com/js/219353.js https://cdn.linkedin.oribi.io https://analytics.google.com https://*.analytics.google.com https://dc.services.visualstudio.com https://www.passle.net https://clientapi.passle.net https://az416426.vo.msecnd.net https://*.google-analytics.com/ https://www.facebook.com/ https://extreme-ip-lookup.com https://584-mfv-920.mktoresp.com/ https://stats.g.doubleclick.net https://www.clarity.ms/ https://idx.liadm.com/ https://snrtp1.marketo.com/ https://*.googletagmanager.com https://*.adobe.io wss://*.adobe.io; 1
frame-ancestors 'self' https://*.colgatetalks.com https://www.colgateprofessional.ro 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://freebox-news.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' https://www.aibach.de https://www.passiontec-e.de https://passiontec-e.de https://fonts.gstatic.com https://www.passiontec.video https://g.jwpsrv.com https://ssl.p.jwpcdn.com https://www.netadam.de https://ajax.googleapis.com https://www.google.com https://geizhals.de https://geizhals.at https://www.billiger.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.passiontec-e.de https://passiontec-e.de https://www.netadam.de https://www.aibach.de https://*.usercentrics.eu https://apis.google.com https://ajax.googleapis.com https://bat.bing.com https://ssl.p.jwpcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://geizhals.de https://geizhals.at https://www.billiger.de; connect-src 'self' 'unsafe-inline' https://www.aibach.de https://*.usercentrics.eu https://www.passiontec-e.de https://passiontec-e.de https://*.googlesyndication.com https://*.google.com https://*.doubleclick.net https://www.netadam.de https://geizhals.de https://geizhals.at https://www.billiger.de https://bat.bing.com; img-src 'self' https://www.passiontec.de https://www.aibach.de https://barcode.aibach.de https://www.passiontec-e.de https://passiontec-e.de https://*.usercentrics.eu https://www.netadam.de https://www.google.de https://prd.jwpltx.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://apis.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://img.idealo.com https://geizhals.de https://geizhals.at https://www.billiger.de https://img.billiger.de; object-src 'self' https://*.usercentrics.eu https://www.passiontec-e.de https://passiontec-e.de; frame-src 'self' https://www.passiontec-e.de https://passiontec-e.de https://www.aibach.de https://www.netadam.de https://bid.g.doubleclick.net https://www.google.com https://geizhals.de https://geizhals.at; style-src 'self' 'unsafe-inline' https://www.passiontec-e.de https://passiontec-e.de https://fast.fonts.net https://geizhals.de https://geizhals.at https://www.billiger.de; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' ggnome.com *.ggnome.com *.gstatic.com *.googleapis.com *.cloudflare.com *.gravatar.com *.vimeo.com *.youtube.com *.stripe.com *.paypal.com *.paypalobjects.com http://127.0.0.1:*; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vimeo.com vimeo.com *.vimeocdn.com www.gstatic.com *.bidr.io *.contanuity.com *.jsdelivr.net snap.licdn.com ws.zoominfo.com scout-cdn.salesloft.com abm-tracking.demandscience.com www.google-analytics.com *.6sc.co *.omappapi.com *.mouseflow.com consent.cookiebot.com consentcdn.cookiebot.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com player.vimeo.com *.comeet.co www.googletagmanager.com *.tagembed.com; child-src 'self' consentcdn.cookiebot.com online.earnix.com player.vimeo.com *.comeet.co *.tagembed.com; style-src 'self' 'unsafe-inline' unpkg.com a.omappapi.com *.googleapis.com *.vimeocdn.com *.comeet.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: *.6sc.co *.vimeocdn.com *.google-analytics.com *.omappapi.com *.eloqua.com *.linkedin.com earnix-asset-stg.imgix.net vumbnail.com dummyimage.com earnnix.com cms.earnix.com earnix.com www.earnix.com *.us-2.platformsh.site i.vimeocdn.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' data: blob: player.vimeo.com download-video.akamaized.net; object-src 'self' data:; connect-src 'self' scout.salesloft.com ws.zoominfo.com cdn.linkedin.oribi.io *.akamaized.net *.vimeocdn.com *.noembed.com noembed.com *.adnxs.com *.google.com *.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com *.6sc.co *.omappapi.com *.mouseflow.com cms.earnix.com/graphql earnix.com/indexes/pages/search earnix.com/indexes/jobs/search vimeo.com *.vimeo.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.contanuity.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-IvBjDYn5dXBJIE1+7EmHJOsBzjHbAq63PY4HrHOgNEAB6OqE' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-requests; frame-ancestors 'self' *.pcc-cic.org.uk; default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob:; style-src https: 'unsafe-inline'; report-uri https://pcc.report-uri.com/r/d/csp/enforce 1
default-src 'self'; frame-src 'self' *.youtube.com youtu.be *.smartertools.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 1
default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'self';  connect-src data: ws: wss: http: https:; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://help.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' data: blob: https://*.synology.com https://*.synology.cn https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn http://global.synologydownload.com https://global.synologydownload.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://global.download.synology.com https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://i.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.googleapis.com https://*.google.com http://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; media-src 'self' data: about: https://*.synology.com https://help.synology.cn;  script-src 'self' 'unsafe-eval' data: blob: https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://help.synology.com https://help.synology.cn https://maps.google.com https://maps.googleapis.com https://*.google.com https://*.googleapis.com https://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.googleapis.com https://*.googleapis.com https://api.map.baidu.com; 1
default-src 'self' www.youtube.com youtube.com www.facebook.com facebook.com player.vimeo.com *.vimeocdn.com www.google-analytics.com *.typekit.net stats.g.doubleclick.net 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com ajax.aspnetcdn.com cdnjs.cloudflare.com *.facebook.net *.typekit.net *.googleapis.com ajax.googleapis.com s3.amazonaws.com/downloads.mailchimp.com/ *.list-manage.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com *.typekit.net *.bootstrapcdn.com cdn.jsdelivr.net *.mailchimp.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com ajax.googleapis.com stats.g.doubleclick.net *.wpengine.com code.jquery.com; connect-src 'self' *.facebook.com *.facebook.com/tr/ analytics.google.com www.google-analytics.com google-analytics.com stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' s.w.org i.ytimg.com *.cdninstagram.com *.google.com *.google.ca www.google-analytics.com www.youtube.com *.typekit.net *.googleapis.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com ontarioplace.submittable.com facebook.com www.facebook.com *.facebook.net stats.g.doubleclick.net *.fbcdn.net *.gravatar.com data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net data: ; frame-src 'self' *.vimeo.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net video.fyka1-1.fna.fbcdn.net secure.campaigner.com *.youtube.com * www.google.com; object-src 'self'; form-action 'self' *.facebook.com ontarioplace.us15.list-manage.com; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6SbND+yX1p/yi/YXdJT/xYn2uQ/MUATBM12LgEil0v+yByfk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: 'unsafe-inline' mieventool.com *.mieventool.com cdn.tinymce.com *.gstatic.com *.googleapis.com cdn.tiny.cloud *.miwebtool.com; img-src 'self' data: mieventool.com *.mieventool.com *.tinymce.com *.gstatic.com *.google.com *.miwebtool.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' mieventool.com *.mieventool.com cdn.tinymce.com *.googleapis.com *.google.com *.gstatic.com cdn.tiny.cloud *.miwebtool.com www.googletagmanager.com; 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://lh3.ggpht.com img-src 'self' data: https://www.co-opfs.org/ https://fonts.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://developers.google.com https://maps.gstatic.com https://www.googletagmanager.com https://www.youtube.com https://www.onlinebanktours.com/ 1
: frame-src 'self' 'https://iframe.punchh.com', : frame-ancestors 'self' 'https://iframe.punchh.com' 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1
font-src fonts.gstatic.com data: https://client.crisp.chat *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.tawk.to *.crisp.chat *.hotjar.com *.smartlook.com *.smartlook.cloud maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com js.stripe.com api.razorpay.com *.twitter.com *.google.com *.addthis.com *.doubleclick.net *.flexiquiz.com/ *.hotjar.com *.smartlook.com *.demdex.net www.facebook.com platform.twitter.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://image.crisp.chat *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net *.google.com *.ccavenue.com *.doubleclick.net *.hotjar.com *.magentocommerce.com *.magecomp.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.facebook.com *.googletagmanager.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com https://client.crisp.chat *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com embed.tawk.to cdn.jsdelivr.net *.razorpay.com *.crisp.chat *.cloudflareinsights.com *.google.co.in *.google.com *.newrelic.com *.nr-data.net *.cloudfront.net *.hotjar.com *.fraudblocker.com *.googleadservices.com *.smartlook.com *.smartlook.cloud connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline https://client.crisp.chat *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.google.com *.crisp.chat 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.twimg.com *.tawk.to *.doubleclick.net *.crisp.chat *.nr-data.net *.google.com *.hotjar.com *.smartlook.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.musicpointofsalesoftware.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tiggi.es; img-src 'self' https: data: blob: https://tiggi.es; style-src 'self' https://tiggi.es 'nonce-pmxfe6GQlZDxqrxAeXQK5Q=='; media-src 'self' https: data: https://tiggi.es; frame-src 'self' https:; manifest-src 'self' https://tiggi.es; form-action 'self'; child-src 'self' blob: https://tiggi.es; worker-src 'self' blob: https://tiggi.es; connect-src 'self' data: blob: https://tiggi.es https://tiggi.es wss://tiggi.es; script-src 'self' https://tiggi.es 'wasm-unsafe-eval' 1
default-src https: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; img-src * data:; frame-ancestors 'self' 1
default-src https: data: blob: *.google.com *.gstatic.com https://s7.addthis.com analytics.clickdimensions.com *.googletagmanager.com snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net *.clarity.ms *.webtraxs.com; style-src 'self'  'unsafe-inline' *.google.com *.googleapis.com https://s7.addthis.com https://s7.addthis.com analytics.clickdimensions.com *.googletagmanager.com snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net *.clarity.ms *.webtraxs.com; frame-src 'self' https://s7.addthis.com https://www.google.com https://td.doubleclick.net/ https://www.youtube.com;img-src 'self'  https://dytran.com https://c.bing.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.webtraxs.com  https://c.clarity.ms/c.gif; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.clickdimensions.com/tsr.js https://gc.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/806555904/ https://m.addthis.com/live/red_lojson/300lo.json https://s7.addthis.com/js/300/addthis_widget.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://v1.addthisedge.com/live/boost/ra-512b2e2c79d15127/_ate.track.config_resp https://www.clarity.ms/tag/3vmib017o4 https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js https://www.webtraxs.com/wt.php https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://www.clarity.ms https://s7.addthis.com/js/300/addthis_widget.js  https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js    https://www.gstatic.com/recaptcha/releases/u35fw2Dx4G0WsO6SztVYg4cV/recaptcha__en.js *.gstatic.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://romancelandia.club; img-src 'self' https: data: blob: https://romancelandia.club; style-src 'self' https://romancelandia.club 'nonce-ZctZbEAFI/+Essc8smQiTQ=='; media-src 'self' https: data: https://romancelandia.club; frame-src 'self' https:; manifest-src 'self' https://romancelandia.club; connect-src 'self' data: blob: https://romancelandia.club https://romancelandia.club wss://romancelandia.club; script-src 'self' https://romancelandia.club 'wasm-unsafe-eval'; child-src 'self' blob: https://romancelandia.club; worker-src 'self' blob: https://romancelandia.club 1
default-src 'none';img-src 'self';style-src 'self' 'unsafe-inline' 'sha256-MP68GN2dbfqmG/DR9zI48LyvLfFnpMPz+Un/zv90Hu4=';connect-src 'self';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri https://blueimp.report-uri.com/r/d/csp/enforce 1
default-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com cscglobal-marketing-website-chatbot-app-service.azurewebsites.net wss://directline.botframework.com directline.botframework.com *.botframework.com *.oribi.io *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net; script-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com; worker-src mydev.cscglobal.com blob:; script-src-elem 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com *.licdn.com *.facebook.net *.youtube.com *.googlesyndication.com 'sha256-6NQCqzNsx7vstjQE9WO42yGZXgPx1tXt6Rdq20/JMcM=' 'sha256-X+VoNadZj+Xzp0u9tnegPi7vKIOHP3pswNacAa+Mn7E=' 'sha256-ekhDb1Bz75WquXMdEJ0dx7Rsrt8GqoS4WJipo56varU=' *.cookielaw.org *.zscalertwo.net *.googleoptimize.com 'sha256-1StDmEQrlOGbwAYhCZXOWWSFjJNTYE8AfBRRM25oQtg='; style-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.hsforms.com *.linkedin.com *.facebook.com *.doubleclick.net *.cookielaw.org *.crazyegg.com; font-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.facebook.com *.verse.com *.hsforms.com *.doubleclick.net *.googlesyndication.com; object-src 'none' 1
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; 1
default-src https: wss://*.hotjar.com wss://*.adobe.io wss://*.adoberesources.net *.adobe.io *.adoberesources.net *.typekit.net wss://*.zohopublic.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' *.ign.com *.ampproject.org *.zdbb.net *.disqus.com widgets.ign.com; 1
default-src 'self' https://*.adform.net https://*.turktraktor.com.tr https://*.foreks.com; font-src * 'unsafe-inline' data: blob: https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googleapis.com https://*.github.io https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.turktraktor.com.tr; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.turktraktor.com.tr; connect-src wss: https://*.googleapis.com https://*.turktraktor.com.tr https://*.doubleclick.net https://*.google-analytics.com; img-src 'self' http: https: data:  https://*.foreks.com https://*.turktraktor.com.tr https://*.google.com blob: https:; frame-ancestors 'self' https://*.google.com https://*.turktraktor.com.tr;frame-src 'self' https://*.turktraktor.com.tr https://*.foreks.com https://*.microsoft.com https://*.youtube.com https://*.google.com https://*.vimeo.com https://*.facebook.com ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-76a99d195e5903593f90919f1b5dddd6'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.prinas.de 1
default-src 'self' ou.okta.com *.oktacdn.com; connect-src 'self' ou.okta.com ou-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com ou.kerberos.okta.com ou.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' ou.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' ou.okta.com *.oktacdn.com; frame-src 'self' ou.okta.com ou-admin.okta.com login.okta.com; img-src 'self' ou.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' ou.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' info.saltonline.org *.google-analytics.com *.googletagmanager.com *.googleadservices.com connect.facebook.net *.googleapis.com *.efilli.com googleads.g.doubleclick.net; frame-src 'self' *.youtube.com *.vimeo.com *.google.com *.soundcloud.com *.fls.doubleclick.net www.facebook.com td.doubleclick.net; connect-src 'self' *.google-analytics.com *.googleapis.com analytics.google.com *.googlesyndication.com info.saltonline.org stats.g.doubleclick.net europe-west1-valuezon.cloudfunctions.net *.efilli.com; font-src 'self' fonts.gstatic.com; img-src 'self' http://saltonline.org *.vimeocdn.com *.google-analytics.com www.facebook.com *.doubleclick.net *.ytimg.com *.google.com *.google.com.tr www.gravatar.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 1
default-src 'self'; script-src-elem 'self' 'sha256-Laf3624d494HEBVtsy2eIn13R2SqcYtJ5H9ULXk4pdk=' 'sha256-dV/DZaiCXBsv1mujhnM42wGh0ydz9IYjblSRa+MzAu0=' 'sha256-0MYbXZMQqSt5a0AKyFdtCqq/d6+N94aP7KG2Bkcv18E=' 'sha256-41rQfQhABFXeAFzImdXsY4wzhFtKnu9TE1aMED3p/9s=' 'sha256-ennXcgWrgCeWSzcF+/FBfrAM4RwzscBvKfE9qqP7ui0=' https://googleads.g.doubleclick.net https://sc.lfeeder.com/ https://*.pagesense.io/ https://snap.licdn.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://js.hsadspixel.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://*.hscollectedforms.net/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://*.hsforms.com/ https://*.revenuehero.io/ https://*.schedulehero.io/; img-src 'self' https://tr.lfeeder.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.google.co.uk/ https://www.google.com/ https://*.googletagmanager.com/ https://*.vimeocdn.com/ https://logo.clearbit.com/ https://*.hubspot.com/ https://*.hsforms.com/ https://*.cookiebot.com/ data: ; connect-src 'self' https://pagesense-collect.zoho.eu/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://*.doubleclick.net/ https://*.revenuehero.io/ https://*.hscollectedforms.net/ https://*.cookiebot.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.analytics.google.com/ https://api.hubapi.com/ ; style-src 'self' 'unsafe-inline'; frame-src 'self' https://player.vimeo.com/ https://consentcdn.cookiebot.com/ https://popup.schedulehero.io/ https://cdn-eu.pagesense.io/ https://td.doubleclick.net/; base-uri 'none'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=MtpX5h8IivBL0jYQly2w; report-to csp-endpoint 1
img-src * 'self' data:;script-src 'self' http://www.google-analytics.com       https://fonts.shopifycdn.com        https://www.gstatic.com https://maps.googleapis.com https://code.jquery.com https://www.googleadservices.com       https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net        https://unpkg.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.googletagmanager.com        https://connect.facebook.net https://www.google.com https://www.facebook.com https://googleads.g.doubleclick.net/        https://www.google.com.tr 'unsafe-eval' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vallentunakommun.liveagent.se https://webapp.vallentuna.se https://stats.vallentuna.se https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://oppnadata.skl.se https://siteimproveanalytics.com https://cdn.siteimprove.net https://artvise.vallentuna.se; style-src 'self' 'unsafe-inline' https://plus.browsealoud.com https://webapp.vallentuna.se https://stats.vallentuna.se https://artvise.vallentuna.se; img-src * 'self' data: https://vallentunakommun.liveagent.se https://images.vallentuna.se https://browsealoud-webservices-8.texthelp.com https://plus.browsealoud.com; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' blob: filesystem:; object-src 'self'; child-src 'self'; frame-src 'self' https://vallentunakommun.liveagent.se https://vallentuna.mynewsdesk.com https://externkarta.vallentuna.se kommunkarta.vallentuna.se https://images.vallentuna.se https://*.siteseeker.se https://dreambroker.com https://2-vbus-de.ladesk.com/; worker-src 'self'; frame-ancestors 'self' https://stats.vallentuna.se; form-action 'self' https://newsletter.paloma.se; base-uri 'self'; manifest-src * 'self' 1
frame-ancestors localhost:3333 *.wedodata.dev  *.cookiebot.com *.googletagmanager.com *.google.com *.youtube.com blob: *.herokuapp.com *.taxobservatory.eu *.everviz.com  *.shinyapps.io; frame-src *.wedodata.dev  *.cookiebot.com *.googletagmanager.com *.google.com *.youtube.com blob: *.herokuapp.com *.taxobservatory.eu *.everviz.com  *.shinyapps.io; child-src *.wedodata.dev localhost:3333 *.cookiebot.com connect.facebook.net staticxx.facebook.com facebook.com youtube.com player.vimeo.com www.google-analytics.com google.com apis.google.com tagmanager.google.com www.googletagmanager.com blob:  *.herokuapp.com *.taxobservatory.eu *.everviz.com  *.shinyapps.io; 1
font-src 'self' https://static.qmsystems.de;frame-src 'self' ;frame-ancestors 'self';object-src 'none';style-src 'self' https://static.qmsystems.de 'unsafe-inline' https://www.openstreetmap.org;script-src 'self' https://static.qmsystems.de 'unsafe-inline' https://www.openstreetmap.org;worker-src 'self' https://static.qmsystems.de 'unsafe-inline' blob: data: 1
default-src https: data: blob: 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com; object-src 'none'; 1
default-src *.drk-rlp.de *.drk.de *.emailsys1a.net; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.drk-rlp.de *.drk.de; style-src 'self' *.emailsys1a.net 'unsafe-inline'; img-src 'self' *.drk-rlp.de *.drk.de data:; font-src 'self' data:; report-uri https://www.drk-rlp.de/typo3/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://honeysucklewhite.com https://shadybrookfarms.com https://*.wpengine.com https://*.trustarc.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.2o7.net https://*.omtrdc.net https://*.adobe.com https://*.omniture.com https://*.adsrvr.org https://*.ensighten.com https://*.facebook.com https://*.facebook.net https://*.pinterest.com https://*.pinimg.com https://*.tiktok.com https://*.reddit.com https://*.redditstatic.com https://*.stackadapt.com https://qvdt3feo.com https://*.cloudfront.net *.youtube.com *.youtube-nocookie.com https://*.ytimg.com https://cargillprotein.tfaforms.net https://*.bazaarvoice.com https://*.iesnare.com https://destinilocators.com https://*.emplifi.io https://*.astutebot.com https://*.fonts.net https://cloud.typography.com data:; form-action 'self' https://cargillprotein.tfaforms.net https://*.bazaarvoice.com https://*.emplifi.io https://*.facebook.com; 1
frame-ancestors 'self' https://*.vancouverconventioncentre.com https://vancouverconventioncentre.com https://visitingmedia.com https://*.visitingmedia.com http://lot185.com http://*.lot185.com; base-uri 'self'; form-action 'self'; object-src 'self'; 1
script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.googleadservices.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-scripts.com https://blobps2020prod.blob.core.windows.net https://*.tiktok.com https://*.pinimg.com https://*.smooch.io https://web-messenger-v5.ingenious.ai https://www.youtube.com https://maps.googleapis.com/ https://*.hsforms.net/ https://cdn.sajari.com/ https://script.crazyegg.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://use.fontawesome.com/ https://staging.kaboodle.com.au https://staging.kaboodle.co.nz https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://js.createsend1.com https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://aus-widget.freshworks.com https://www.google.com/recaptcha http://app.storyblok.com https://www.clarity.ms https://snap.licdn.com https://*.clarity.ms https://*.facebook.net https://documentcloud.adobe.com https://*.pinterest.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/; style-src 'self' 'unsafe-inline' https://web-messenger-v5.ingenious.ai https://www.kaboodle.com.au/fonts/613481/1CB21C5988BC1926E.css https://kaboodle.com.au/fonts/613481/1CB21C5988BC1926E.css https://cloud.typography.com/6340332/677266/css/fonts.css https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://www.googletagmanager.com https://aus-widget.freshworks.com https://s3.amazonaws.com; img-src 'self' data: https://*.doubleclick.net https://*.bing.com https://*.google.com https://www.google.com https://*.hubspot.com https://kaboodle-projects-prod.2020-platform.com https://*.pinterest.com https://media.au.ingenious.ai https://media.smooch.io https://web-messenger-v5.ingenious.ai https://i.ytimg.com https://kaboodlenz-projects-staging.2020-platform.net https://kaboodle-projects-staging.2020-platform.net https://www.googletagmanager.com https://i.pinimg.com https://*.hsforms.com https://maps.googleapis.com https://maps.gstatic.com https://px4.ads.linkedin.com https://i.vimeocdn.com https://www.google-analytics.com https://a.storyblok.com https://www.google.com.au https://www.google.co.nz https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://www.clarity.ms https://*.clarity.ms https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/; frame-src https://*.doubleclick.net https://www.facebook.com https://kaboodle.com.au https://kaboodle.co.nz https://www.kaboodle.com.au https://www.kaboodle.co.nz https://*.pinterest.com/ https://www.youtube.com/ https://auth.kaboodle.com.au/ https://auth.kaboodle.co.nz/ https://*.kaboodle.com.au https://*.kaboodle.co.nz https://auth-staging.kaboodle.com.au/ https://auth-staging.kaboodle.co.nz/ https://*.hsforms.com/ https://blue-coast-09bb7e400-stagingnz.eastasia.2.azurestaticapps.net/ https://blue-coast-09bb7e400-stagingau.eastasia.2.azurestaticapps.net/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net/ https://player.vimeo.com/ https://player.vimeo.com/ https://app.storyblok.com/ https://documentcloud.adobe.com; media-src 'self' https://web-messenger-v5.ingenious.ai https://a.storyblok.com; font-src 'self' https://web-messenger-v5.ingenious.ai https://fonts.gstatic.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ data:; default-src 'self'; connect-src 'self' https://*.googlesyndication.com https://*.hscollectedforms.net https://*.hubapi.com https://*.tiktok.com wss://api.smooch.io https://*.smooch.io https://*.config.smooch.io https://web-messenger-v5.ingenious.ai https://protect-au.mimecast.com https://js.instantgeo.info/json https://*.hsforms.com https://maps.googleapis.com https://s3.amazonaws.com https://www.google-analytics.com https://*.azurewebsites.net/ https://stats.g.doubleclick.net https://*.clarity.ms https://*.brilliantcollector.com https://*.segment.com https://analytics.google.com https://api-js.mixpanel.com https://app.storyblok.com https://api.storyblok.com https://*.pinterest.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ 1
frame-ancestors 'self' https://www.visitaarhus.dk https://*.www.visitaarhus.dk https://api.www.www.visitaarhus.dk 1
default-src https://registration.checkin.no wss://ws.checkin.no https://api.checkin.no/graphql https://logging.checkin.no/api/ https://sv.hypersys.no/ https://calendar.google.com https://*.google-analytics.com  https://stats.sv.no 'self'; script-src https://registration.checkin.no https://tr.apsislead.com/track_v2.js https://s3-eu-west-1.amazonaws.com/apsis-forms-published-settings/js/ https://*.sv.no https://www.sv.no *.google-analytics.com https://*.leseweb.dk 'unsafe-inline'; style-src https://registration.checkin.no https://*.sv.no https://www.sv.no 'unsafe-inline'; img-src https://*.google-analytics.com https://*.fbcdn.net https://www.sv.no/tromsogfinnmark/wp-content/uploads/ 'self' data:; child-src https://calendar.google.com https://sv.hypersys.no *.leseweb.dk https://*.anpdm.com https://*.ustream.tv *.youtube.com 'self'; media-src *.leseweb.dk *.youtube.com https://player.vimeo.com https://svtolk.kg5.no https://svs.kg5.no 'self'; frame-src https://calendar.google.com https://sv.hypersys.no/ https://*.youtube.com/ https://*.ustream.tv http://www.youtube-nocookie.com https://player.vimeo.com https://svtolk.kg5.no https://svs.kg5.no https://forms.office.com https://api.vipps.no https://e.issuu.com https://trell.unicornis.no/ https://www.loom.com/ 1
img-src * 'self' data: https:; font-src * 'self' data:; script-src-elem * 'self' 'unsafe-inline' data:; default-src wss: 'unsafe-inline' 'unsafe-eval' https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'none'; report-uri https://mediafellows2production.report-uri.com/r/d/csp/enforce; 1
default-src 'self' player.vimeo.com;connect-src api.lever.co *.sentry.io restcountries.com/v2/all api.hsforms.com 'self' www.google-analytics.com *.akamaized.net vimeo.com *.vimeo.com *.vimeocdn.com *.algolia.net *.algolianet.com; img-src vision-fund-assets.imgix.net i.vimeocdn.com visionfundassetsstagesa.z19.web.core.windows.net visionfundassetsstagesa.z19.web.core.windows.net www.google-analytics.com *.usefathom.com 'self' data:; script-src 'unsafe-eval' player.vimeo.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.usefathom.com 'unsafe-inline' 'self' blob:; script-src-attr 'unsafe-inline'; style-src cdn.plyr.io 'unsafe-inline' 'self'; font-src 'self' data:; frame-src youtube.com www.youtube.com player.vimeo.com open.spotify.com w.soundcloud.com embed.podcasts.apple.com; media-src * blob: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.scotlandscensus.gov.uk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://use.typekit.net https://www.youtube.com https://*.vo.msecnd.net https://atlas.microsoft.com https://code.highcharts.com;style-src 'self' 'unsafe-inline' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net https://fonts.googleapis.com https://fast.fonts.net https://www.googletagmanager.com https://tagmanager.google.com https://atlas.microsoft.com;img-src 'self' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net https://fonts.gstatic.com https://www.google-analytics.com https://p.typekit.net https://atlas.microsoft.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://www.gravatar.com https://umbraco.tv;media-src 'self' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net blob:;font-src 'self' https://www.scotlandscensus.gov.uk https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com;connect-src 'self' https://www.scotlandscensus.gov.uk https://dc.services.visualstudio.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://datastudio.google.com;frame-ancestors 'self';report-uri https://stormid.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://franklin.instructure.com; 1
default-src 'self' 'unsafe-inline' https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.analytics.google.com https://*.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://api.mapy.cz https://fonts.googleapis.com https://*.youtube.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.facebook.com; img-src *; media-src *; 1
frame-ancestors 'self'; script-src 'unsafe-inline' https://www.klinikumdo.de; object-src 'none'; img-src 'self' data:; 1
frame-ancestors 'self' https://*.xibo.org.uk https://*.xibosignage.com 1
default-src 'self' adamtotal.co.il *.adamtotal.co.il webcand.com *.webcand.com *.sisense.com googleapis.com *.googleapis.com *.bootstrapcdn.com facebook.com *.facebook.com google.com *.google.com *.matav.org.il *.paldi.solutions *.admweb.co.il admweb.co.il tinyurl.com *.tinyurl.com self blob: data: gap:; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; font-src 'self' https://* 1
frame-src *.uitagendarotterdam.nl *.youtube.com *.spotify.com *.snapchat.com *.pinterest.com *.cookiebot.com *.vimeo.com *.robinhq.com *.windows.net *.issuu.com *.google.com;frame-ancestors *.uitagendarotterdam.nl *.youtube.com *.spotify.com *.snapchat.com *.pinterest.com *.cookiebot.com *.vimeo.com *.robinhq.com *.windows.net *.issuu.com *.google.com; 1
default-src 'self';                                         child-src www.youtube-nocookie.com www.dgho.de;                                         style-src 'self' 'unsafe-inline';                                         script-src 'self';                                         img-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com; child-src 'self' https://www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https: 'unsafe-inline';frame-ancestors 'self'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com mapi.alipay.com unitradeadapter.alipay.com excashier.alipay.com *.qualtrics.com *.alipay.com *.alipaydev.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ *.componentsearchengine.com player.youku.com *.qualtrics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net validator.swagger.io *.componentsearchengine.com download.siliconexpert.com hm.baidu.com www.google.com www.google.com.sg static4.arrow.com 6216.xg4ken.com www.arrow.com static6.arrow.com maxcdn.bootstrapcdn.com images.arrow.cn *.qualtrics.com *.alicdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.componentsearchengine.com hm.baidu.com www.google.com www.googletagmanager.com services.xg4ken.com player.youku.com *.siteintercept.qualtrics.com *.qualtrics.com *.alicdn.com *.googleadservices.com *.gstatic.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com player.youku.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net hm.baidu.com *.qualtrics.com *.t.eloqua.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: 'self'; form-action 'self' https://largemp3.speechstream.net https://eigenhaard.betaalmachtiging.nl https://www.facebook.com/tr/; connect-src 'self' 'unsafe-eval' https://*.texthelp.com https://largemp3.speechstream.net https://speech.speechstream.net https://*.browsealoud.com https://*.ingest.sentry.io wss://*.hotjar.com https://*.cookiebot.com api.pro6pp.nl https://*.google-analytics.com https://*.hotjar.com cdnjs.cloudflare.com https://*.googleapis.com https://*.hotjar.io https://*.doubleclick.net https://*.mixpanel.com https://api.parley.nu https://api.segment.io https://noembed.com https://cdn.plyr.io; frame-src 'self' https://content.googleapis.com https://apis.google.com my.matterport.com https://*.youtube.com https://www.youtube-nocookie.com eigenhaard.bbvms.com https://eigenhaard.mwm2.nl https://*.hotjar.com https://consent.azureedge.net https://*.cookiebot.com https://*.facebook.com https://www.onl.st https://onl.st; font-src 'self' data: https://*.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' data: blob: https://*.browsealoud.com https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.google-analytics.com www.facebook.com https://*.akamaihd.net https://*.doubleclick.net https://*.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.browsealoud.com https://browser.sentry-cdn.com https://bam.nr-data.net https://*.gstatic.com *.google.com *.google.nl https://*.googleapis.com https://*.google-analytics.com api.pro6pp.nl script.crazyegg.com https://*.hotjar.com https://*.googletagmanager.com https://*.cookiebot.com https://*.cookieinfo.net https://consent.azureedge.net https://*.mxpnl.com https://*.segment.com https://*.youtube.com https://connect.facebook.net https://cdn.plyr.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-ancestors 'self'; base-uri 'self' 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.myc3.dev *.cloudfront.net/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://www.youtube.com; img-src 'self' data: *.hotjar.com https://img.youtube.com/ https://i.ytimg.com/ https://www.google.com/ https://www.google.de/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com/ https://analytics.google.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://syndication.twitter.com/; media-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://platform.twitter.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' *.liquidambient.com https://recruitingapp-5466.de.umantis.com/ https://www.youtube-nocookie.com/ https://data.panorama-services.de/; child-src https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://img.youtube.com https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; connect-src 'self' wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.myc3.dev *.analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net/; manifest-src 'self'; form-action 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://web.inxmail.com/; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-TzFLx6w4lvmE9BLjt5tCcnZl1WjAv25Gg5fUtXNVXaOeIyLP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' cellularsales.okta.com *.oktacdn.com; connect-src 'self' cellularsales.okta.com cellularsales-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com cellularsales.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cellularsales.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' cellularsales.okta.com *.oktacdn.com; frame-src 'self' cellularsales.okta.com cellularsales-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' cellularsales.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' cellularsales.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
frame-ancestors 'self' mntc.edu; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-FPvzJq/JvhQpmytzjhwa+sg67oh0jNrkvZNyGO8RvLyks44W' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 1
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';require-trusted-types-for 'script'; 1
default-src 'self' 'unsafe-inline'; object-src 'none'; media-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nytedu.com https://*.pardot.com https://*.iubenda.com https://*.youtube.com https://*.facebook.net https://*.doubleclick.net https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com; img-src 'self' data: https://*.nytedu.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleanalytics.com; connect-src 'self' https://*.nytedu.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.iubenda.com https://*.doubleclick.net https://*.google-analytics.com https://*.google-analytics.com; frame-src 'self' https://*.nytedu.com https://*.youtube.com https://*.iubenda.com https://*.doubleclick.net https://*.facebook.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://glammr.us; img-src 'self' https: data: blob: https://glammr.us; style-src 'self' https://glammr.us 'nonce-VmxPHdxGuIGLgMv0RqYxzQ=='; media-src 'self' https: data: https://glammr.us; frame-src 'self' https:; manifest-src 'self' https://glammr.us; form-action 'self'; child-src 'self' blob: https://glammr.us; worker-src 'self' blob: https://glammr.us; connect-src 'self' data: blob: https://glammr.us https://cdn.masto.host wss://glammr.us; script-src 'self' https://glammr.us 'wasm-unsafe-eval' 1
object-src 'self'; script-src 'self' https://www.giftcalcs.com https://bbox.blackbaudhosting.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://connect.facebook.net https://www.timevaluecalculators.com https://s.ytimg.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://radiomd.com https://d2ybmd3wevur4k.cloudfront.net https://www.findhelp.org 'unsafe-inline' 'unsafe-eval' https://woobox.com cdn.calltrk.com *.moatads.com code.jquery.com *.eruptr.io tags.srv.stackadapt.com *.googleadservices.com *.google-analytics.com *.addthis.com *.addthisedge.com googleads.g.doubleclick.net *.google.com *.clockwisemd.com *.callrail.com *.facebook.com *.bootstrapcdn.com *.tagmanager.google.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-pGrMf+6FOEQd6iNZceNxuJjrEEW5H+h6rv8HUSy4zWoaV7PC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' airb.prodg.bcdtriptech.com; img-src 'self' data: airb.prodg.bcdtriptech.com d2p3d64ud0ufix.cloudfront.net d24r9kohqmdk4r.cloudfront.net d2rt8rtfvj8wfa.cloudfront.net hotel-images-cdn.bcdtriptech.com duz58me6irf24.cloudfront.net d241getrai15av.cloudfront.net d1x7xiofbuqz3n.cloudfront.net hyatt-media-cdn.agentsourcebooking.com d29qi0qtsx04yy.cloudfront.net stadler.bcdtriptech.com *.googleapis.com *.gstatic.com heapanalytics.com http://*.map.bdimg.com https://*.map.bdimg.com airline-logos.bcdtriptech.com car-images.bcdtriptech.com *.sabre.com *.broadstreetads.com https://multimedia.amadeus.com/ https://d13cihc9138cdj.cloudfront.net *.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' airb.prodg.bcdtriptech.com d21aybnyzxx5uf.cloudfront.net midas-fe.bcdtriptech.com d29qi0qtsx04yy.cloudfront.net stadler.bcdtriptech.com *.googleapis.com bam.nr-data.net *.broadstreetads.com cdn.heapanalytics.com heapanalytics.com mercure.prod.bcdtriptech.com *.azureedge.net; style-src 'self' 'unsafe-inline' airb.prodg.bcdtriptech.com *.googleapis.com heapanalytics.com *.azureedge.net; frame-src 'self' customervoice.microsoft.com; font-src 'self' data: airb.prodg.bcdtriptech.com duz58me6irf24.cloudfront.net d241getrai15av.cloudfront.net d1x7xiofbuqz3n.cloudfront.net hyatt-media-cdn.agentsourcebooking.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com heapanalytics.com; connect-src 'self' airb.prodg.bcdtriptech.com wss://fasttrace.prod.bcdtriptech.com wss://admin.prod.bcdtriptech.com/chsk wss://admin.prodg.bcdtriptech.com/chsk d29qi0qtsx04yy.cloudfront.net stadler.bcdtriptech.com *.googleapis.com https://sentry.infrastructure.bcdtriptech.com heapanalytics.com *.broadstreetads.com wss://mercure.prod.bcdtriptech.com https://midas-be.prod.bcdtriptech.com https://shackleton.staging.bcdtriptech.com/; frame-ancestors 'none'; 1
default-src 'self' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; script-src 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; style-src 'unsafe-inline' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com;img-src data: * blob: *; font-src data: 'self'; connect-src 'self' api.raygun.io http://localhost:* *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net *.applicationinsights.azure.com wss://localhost:* *.igniterecognition.com igniterecognition.com wss://*.igniterecognition.com wss://igniterecognition.com api.pwnedpasswords.com; child-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com http://localhost:* *.azurestaticapps.net 1
object-src 'none'; form-action https:; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com:* https://fonts.googleapis.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://bat.bing.com:* https://googleads.g.doubleclick.net:* https://s.pinimg.com:* https://static.hotjar.com:* https://script.hotjar.com:* https://test-www2.bouwgarant.nl:* https://www.google.nl:* https://www.google.com:* https://ct.pinterest.com:* https://region1.analytics.google.com:* https://stats.g.doubleclick.net:* https://www.youtube.com:* https://static.mailplus.nl:* https://m8.mailplus.nl:* https://ssl.google-analytics.com:* https://www.pagespeed-mod.com:* 1
default-src *.yandex.ru yastatic.net yandex.ru googleads.g.doubleclick.net  *.googlesyndication.com https://fonts.gstatic.com https://yandex.st/share/share.js  wss://chat-ru1.jivosite.com wss://*.jivosite.com/cometcn  http://*.jivosite.com http://code.jivosite.com https://api-maps.yandex.ru/ https://mc.yandex.ru https://www.youtube.com/ https://www.googletagmanager.com https://www.google.com/ http://esapi.siteheart.com http://static.siteheart.com ws://client.siteheart.com http://client.siteheart.com 'self'; script-src  openstat.net yandex.ru *.google.ru *.google.com *.googleadservices.com *.yandex.ru *.googletagservices.com  *.googlesyndication.com  http://site.yandex.net/ https://cdn.onthe.io cdnjs.cloudflare.com  googleadservices.com  googleads.g.doubleclick.net  googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com  https://www.google-analytics.com http://*.jivosite.com https://code.jquery.com/ https://api-maps.yandex.ru https://ajax.googleapis.com https://mc.yandex.ru http://yandex.st http://widget.siteheart.com ipt http://mc.yandex.ru  http://yastatic.net ipt http://static.siteheart.com http://client.siteheart.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src  *.googleapis.com fonts.googleapis.com https://cdnjs.cloudflare.com http://code.jquery.com https://yandex.st http://static.siteheart.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src * *.gorodnews.ru *.googlesyndication.com  https://site.yandex.net data: bs.yandex.ru http://counter.yadro.ru  self https://www.google-analytics.com https://api-maps.yandex.ru  https://*.maps.yandex.net http://static.siteheart.com https://mc.yandex.ru http://esapi.siteheart.com http://yastatic.net 'self' 1
base-uri 'self' ;connect-src 'self' *.youtube.com consentcdn.cookiebot.com www.googletagmanager.com *.google-analytics.com *.googlesyndication.com securepubads.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.raicore.com snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu stats.g.doubleclick.net www.google.com www.google.rs *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com * cdn.linkedin.oribi.io;default-src 'self' ;font-src 'self' fonts.gstatic.com cdn.jsdelivr.net *.raicore.com data: kit.fontawesome.com ka-p.fontawesome.com ;frame-ancestors 'self' stachanov.com;frame-src consentcdn.cookiebot.com *.youtube.com preferencecenter.metstrade.com *.googlesyndication.com www.google.com www.google.rs *.vimeo.com *.vimeocdn.com snapwidget.com consent.cookiebot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com connect.facebook.net *.facebook.com snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io e.issuu.com frame.grip.events preferencecenter.horecava.nl maps.google.com mijn.horecava.nl shop.paylogic.com *.doubleclick.net assets.pinterest.com;img-src 'self' *.google-analytics.com *.googlesyndication.com ep.rai.nl *.vimeo.com *.vimeocdn.com data: www.google.com www.google.rs *.raicore.com connect.facebook.net *.facebook.com www.google.nl snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com *.cookiebot.com p.adsymptotic.com *.doubleclick.net www.awin1.com;script-src 'self' www.googletagmanager.com *.google-analytics.com consentcdn.cookiebot.com *.googleadservices.com code.jquery.com cdn.jsdelivr.net unpkg.com 'unsafe-inline' 'unsafe-eval' services.crmservice.eu snapwidget.com *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu www.googletagservices.com consent.cookiebot.com stats.g.doubleclick.net securepubads.g.doubleclick.net adservice.google.com adservice.google.nl adservice.google.rs *.doubleclick.net connect.facebook.net *.facebook.com *.googlesyndication.com snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.raicore.com  stats.g.doubleclick.net *.doubleclick.net securepubads.g.doubleclick.net www.dwin1.com *.hotjar.com *.hotjar.io *.hotjar.com 'unsafe-inline';style-src 'self' cdn.jsdelivr.net 'unsafe-inline' fonts.googleapis.com *.raicore.com kit.fontawesome.com ka-p.fontawesome.com ; 1
default-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://team-stg.firebaseapp.com https://team-prod.firebaseapp.com *.doubleclick.net *.google.co.jp *.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.manalink.jp *.microcms.io *.pay.jp *.sentry.io *.sentry-cdn.com *.youtube.com *.facebook.com *.twitter.com *.mieru-ca.com; img-src * blob: data:; script-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://team-stg.firebaseapp.com https://team-prod.firebaseapp.com *.doubleclick.net *.google.co.jp *.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.manalink.jp *.microcms.io *.pay.jp *.sentry.io *.sentry-cdn.com *.youtube.com *.facebook.com *.twitter.com *.mieru-ca.com blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://polyfill.io https://www.googletagservices.com https://s.ytimg.com https://www.googleadservices.com https://connect.facebook.net statics.a8.net https://sitest.jp; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; connect-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://pagead2.googlesyndication.com https://team-stg.firebaseapp.com https://team-prod.firebaseapp.com *.doubleclick.net *.google.co.jp *.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.manalink.jp *.microcms.io *.pay.jp *.sentry.io *.sentry-cdn.com *.youtube.com *.facebook.com *.twitter.com *.mieru-ca.com blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://polyfill.io https://www.googletagservices.com https://s.ytimg.com https://www.googleadservices.com https://connect.facebook.net statics.a8.net https://sitest.jp wss: 1
script-src 'unsafe-eval' 'nonce-NTAxZmUxMTctMmQwOC00NGJmLWJkMDMtYjBjNmJhOGFlMzQ1' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://dqsyen9l8iyxe.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
font-src fonts.gstatic.com/ static.unzer.com data: https://static.unzer.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com test.frankana.tdintern.de amc.demdex.net *.vimeo.com payment.unzer.com *.heidelpay.com https://payment.unzer.com/ https://payment.heidelpay.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googletagmanager.com *.google-analytics.com blob: *.google.com *.googleapis.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net static.unzer.com *.magentocommerce.com *.ytimg.com cdn.cookielaw.org cdn.frankana.tdintern.de ff.cdn.bloodstream.cloud https://static.unzer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: b2b.frankana.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com maps.google.com maps.googleapis.com tagmanager.google.com www.gstatic.com static.unzer.com cdn.cookielaw.org *.onetrust.com *.googleapis.com https://static.unzer.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.google.com *.google.de *.gstatic.com cdn.cookielaw.org *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com t.elasticsuite.io *.google-analytics.com *.doubleclick.net payment.unzer.com api.unzer.com *.heidelpay.com *.demdex.net *.omtrdc.net cdn.cookielaw.org maps.googleapis.com https://payment.unzer.com https://payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com geolocation.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src api.unzer.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://cdn.mxpnl.com; img-src 'self' data: https://api.adorable.io https://chart.googleapis.com https://cdn.mxpnl.com; connect-src 'self' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com wss://triggers.hawkeye.care; font-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-4pO5dBwZw9iO+x27Hfzp83ueH+SFTDWigdemWaYNUrQuV9vU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; frame-ancestors 'self' *.cortrustbank.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://maps.googleapis.com https://*.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.n1ed.com https://n1ed.com  https://*.flmngr.com https://flmngr.com https://stackpath.bootstrapcdn.com/bootstrap/ https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com/bootstrap/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.doubleclick.net https://n1ed.com https://*.flmngr.com https://flmngr.com https://maps.googleapis.com https://*.n1ed.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com/bootstrap/; frame-src 'self' https://*.google.com https://www.youtube.com/; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://n1ed.com; media-src 'self'; worker-src 'none';frame-ancestors 'none'; 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval' 'self' stats.addtoany.com talkify.net www.facebook.com stats.g.doubleclick.net hubspot-forms use.typekit.net static.addtoany.com www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com connect.facebook.net facebook.com *.3qsdn.com; img-src 'self' img.youtube.com maps.gstatic.com maps.googleapis.com perf.hsforms.com www.google-analytics.com www.facebook.com track.hubspot.com *.ads.linkedin.com *.3qsdn.com data:; script-src 'self' 'unsafe-inline' js.hsleadflows.net maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com www.googletagmanager.com snap.licdn.com forms.hsforms.com js.hsforms.net static.addtoany.com js.hs-scripts.com cdnjs.cloudflare.com js.hs-analytics.net js.hs-banner.com *.youtube.com connect.facebook.net player.3qsdn.com playout.3qsdn.com *.3qsdn.com; object-src 'none'; 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https://clarity.ai/ https://*.clarity.ai/ https://static.clarity.ai/ https://developer.clarity.ai/ https://*.hcaptcha.com/ https://*.weglot.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://secure.gravatar.com/ https://regulations-funds-demo.clarity.ai/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://cdn.simplelocalize.io/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://td.doubleclick.net/ https://*.linkedin.com/ https://www.google.com/ https://*.googlesyndication.com/ https://stats.g.doubleclick.net/ https://datawrapper.dwcdn.net/ https://*.crazyegg.com/ https://pi.pardot.com/ https://www.googleadservices.com/ https://cdn.jsdelivr.net/ ; img-src 'self' https: data: 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcfservices *.wcfservices2 *.strataaddresslookup *.wcfservicest *.arcgis.com https://www.teignbridge.gov.uk http://serverapi.arcgisonline.com *.teignbridgetest.gov.uk *.teignbridge.gov.uk *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.siteimprove.com https://siteimproveanalytics.com https://content.govdelivery.com https://maps.strata.solutions *.whoson.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.arcgis.com http://serverapi.arcgisonline.com https://maps.strata.solutions; img-src 'self' data: *.wcfservices *.wcfservices2 *.strataaddresslookup *.wcfservicest https://www.teignbridge.gov.uk *.teignbridgetest.gov.uk *.teignbridge.gov.uk  *.google-analytics.com *.google.com *.gstatic.com *.arcgis.com https://content.govdelivery.com http://serverapi.arcgisonline.com https://maps.strata.solutions *.siteimproveanalytics.io *.siteimprove.com *.siteimproveanalytics.com https://siteimproveanalytics.com *.whoson.com; media-src 'self'; font-src 'self'; connect-src *.wcfservices *.wcfservices2 *.strataaddresslookup *.wcfservicest *.teignbridgetest.gov.uk https://www.teignbridge.gov.uk *.teignbridge.gov.uk https://myaccount.teignbridgetest.gov.uk 'self' *.google-analytics.com *.siteimproveanalytics.io *.siteimprove.com *.siteimproveanalytics.com https://siteimproveanalytics.com *.whoson.comb https://maps.strata.solutions; form-action 'self' *.teignbridge.gov.uk https://www.teignbridge.gov.uk; frame-ancestors 'self' *.teignbridge.gov.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.pantheonsite.io *.skfoodgroup.com live-skfoodgroup.pantheonsite.io vimeo.com *.cloudfront.net olivia.paradox.ai *.paradox.ai https://olivia.paradox.ai/ cloudfront.net fontawesome.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' olivia.paradox.ai *.cloudfront.net *.paradox.ai cloudfront.net https://use.fontawesome.com https://kit.fontawesome.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.cloudfront.net *.fontawesome.com cloudfront.net *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: live-skfoodgroup.pantheonsite.io *.cloudfront.net fontawesome.com cloudfront.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.paradox.ai *.fontawesome.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: *.fontawesome.com cloudfront.net data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' *.cloudfront.net cloudfront.net; frame-src 'self' *.cloudfront.net *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; 1
frame-ancestors 'self'; frame-src 'self' blob: https://view.officeapps.live.com/ https://docs.google.com/ https://vars.hotjar.com/ https://www.youtube.com/ https://*.hubspot.com https://*.ooona.net/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data:  https://www.google.com/pagead/ https://www.google.co.il/pagead/ https://ooona.net/ https://*.ooonatools.tv/ https://chart.googleapis.com/ https://*.hsforms.com https://*.hubspot.com; default-src 'self' file: data: blob: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.dropbox.com/static/api/ https://www.youtube.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://*.hubspot.com https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://forms.hsforms.com https://*.usemessages.com; connect-src * blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; media-src * file: data: blob: filesystem: 1
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.perriconemd.it https://checkout.perriconemd.it https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net tpc.googlesyndication.com tags.tiqcdn.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.qualtrics.com adservice.google.com *.googleapis.com www.google.com www.googletagmanager.com *.dbankcloud.com analytics.google.com *.doubleclick.net www.google-analytics.com *.demdex.net *.omtrdc.net http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net tpc.googlesyndication.com *.zscloud.net sts-aad.auth.hsbc.com www.youtube.com; frame-ancestors 'self' www.hsbc.co.mu; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://www.aparat.com; 1
frame-ancestors 'self' *.google.com *.googleusercontent.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.ggpht.com *.google-analytics.com *.googleapis.com *.gstatic.com http://*.wolterskluwer.ro https://*.wolterskluwer.ro http://*.sintact.ro https://*.sintact.ro  *.getsentry.com  https://player.vimeo.com http://eur-lex.europa.eu http://cdn.wolterskluwer.io https://www.wolterskluwer.io https://www.googletagmanager.com tagmanager.google.com https://*.appspot.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://vimeo.com https://*.vimeocdn.com ; font-src 'self' 1
font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.ravenjs.com data:; worker-src 'self'; default-src 'self'; media-src 'self' static.zdassets.com; connect-src 'self' www.google-analytics.com ekr.zdassets.com maps.googleapis.com teamnest.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com sentry.io zendesk-eu.my.sentry.io analytics.google.com cdn.linkedin.oribi.io pagead2.googlesyndication.com stats.g.doubleclick.net wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.rawgit.com cdn.jsdelivr.net www.gstatic.com; manifest-src 'self' teamnest.com; object-src 'self'; base-uri 'self'; frame-src 'self' td.doubleclick.net; img-src 'self' www.google-analytics.com raw.githubusercontent.com googleads.g.doubleclick.net internal.localhost:8001 cdn.datatables.net maps.gstatic.com teamnest.com data: s3.ap-south-1.amazonaws.com px.ads.linkedin.com www.google.com www.google.co.in tr-rc.lfeeder.com www.googletagmanager.com maps.googleapis.com maps.google.com; script-src 'self' 'unsafe-inline' static.zdassets.com cdn.ravenjs.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com 'unsafe-eval' assets.zendesk.com www.googletagmanager.com snap.licdn.com www.google-analytics.com www.googleadservices.com static.hotjar.com sc.lfeeder.com googleads.g.doubleclick.net script.hotjar.com maps.google.com; frame-ancestors 'self' 1
script-src 'nonce-gzP2IUDU960mvOPD7Esby1qs+Fy4cU8cTmuyJewhXfs=' 'strict-dynamic'; img-src 'self' data:; child-src 'self'; object-src 'none'; base-uri 'self'; 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data:; worker-src blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ydVjIdjsM0TO3WS6rK869Ddz9ixRGyv3bt6CmBfvvpvEk5fd' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-L2T4juqJfLvbm4IB4PSE3v3ImZdpeRt18oTLey3QEt7G7L+U' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src https://kit-pro.fontawesome.com https://use.fontawesome.com https://ka-p.fontawesome.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action https://www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net wm-livechat-2-prod-dot-watermelonmessenger.appspot.com *.multisafepay.com https://pay.google.com https://www.google.com https://www.gstatic.com https://vars.hotjar.com https://borduurpakkettenwinkel.nl https://ct.pinterest.com https://www.facebook.com *.weltpixel.com *.google.com *.addthis.com *.pinterest.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.google.co.in *.google.com google.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com static.spotlersearch.com happycrafts.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com https://widgets.magentocommerce.com https://www.googleadservices.com https://www.google.com https://www.google.nl https://www.paypal.com https://www.paypalobjects.com https://fpdbs.paypal.com https://fpdbs.sandbox.paypal.com https://*.vimeocdn.com https://s.ytimg.com blob: https://borduurpakkettenwinkel.nl https://www.facebook.com https://www.google-analytics.com https://www.google.ro https://www.google.de https://www.google.be https://bat.bing.com https://beacon.krxd.net https://secure.adnxs.com *.pinterest.com https://c.clarity.ms https://mcusercontent.com *.sooqr.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.cdninstagram.com *.facebook.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com spotlersearchanalytics.com static.spotlersearch.com dynamic.spotlersearch.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://www.clarity.ms https://googleads.g.doubleclick.net https://www.googleadservices.com https://chimpstatic.com https://s.pinimg.com https://bat.bing.com https://static.hotjar.com https://devdocs.magento.com https://magento.com https://www.google.com https://www.gstatic.com https://kit.fontawesome.com https://use.fontawesome.com https://cdnjs.cloudflare.com   https://www.google-analytics.com https://script.hotjar.com https://vars.hotjar.com https://borduurpakkettenwinkel.nl *.facebook.com *.trustpilot.com https://www.googleoptimize.com *.sooqr.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src wm-livechat-2-prod-dot-watermelonmessenger.appspot.com static.spotlersearch.com downloads.mailchimp.com *.multisafepay.com https://kit-pro.fontawesome.com https://use.fontawesome.com https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://borduurpakkettenwinkel.nl *.sooqr.com *.googleapis.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com wm-backend-prod-dot-watermelonmessenger.appspot.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io vc.hotjar.io *.google.com google.com region1.analytics.google.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com *.multisafepay.com https://bat.bing.com https://ct.pinterest.com https://ka-p.fontawesome.com *.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.com wss://ws4.hotjar.com https://ws8.hotjar.com wss://ws8.hotjar.com https://ws32.hotjar.com wss://ws32.hotjar.com wss://ws46.hotjar.com wss://ws31.hotjar.com https://ws4.hotjar.com https://ws46.hotjar.com https://ws31.hotjar.com https://borduurpakkettenwinkel.nl wss://ws23.hotjar.com https://ws23.hotjar.com https://m.clarity.ms https://f.clarity.ms *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://cdn.outfunnel.com https://reports.hrmdirect.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com https://reports.hrmdirect.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.google.com https://www.youtube.com https://eganco.hrmdirect.com https://www.surveymonkey.com/; frame-ancestors 'self'; object-src 'none'; manifest-src 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-9UhpOqYft+ZQJWbpQqEniOtmm3v7N6PwxgFR0VQ/uORw75AR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: sdk.cxengage.net *.amazonaws.com www.gravatar.com blob: media.smooch.io https://assets.maccarianagency.com; frame-src 'self' https://*.google.com youtube.com www.youtube.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.iconify.design sdk.cxengage.net https://*.config.smooch.io api.smooch.io wss://api.smooch.io; style-src 'unsafe-inline' https://fonts.googleapis.com  https://*.gopioneer.com https://gopioneer.com https://sdk.cxengage.net; script-src https://cdnjs.cloudflare.com 'self' *.googleapis.com *.simplesvg.com sdk.cxengage.net 61ccd061ec0aec00eb1a1a8b.config.smooch.io api.smooch.io; font-src 'self' https://fonts.gstatic.com sdk.cxengage.net; worker-src blob:; default-src 'none'; media-src https://gopioneer.com; 1
default-src 'self';base-uri 'self';font-src 'self' https: data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'self';frame-src 'self' https://www.youtube.com/ https://youtube.com/ https://www.youtube-nocookie.com/ https://youtube-nocookie.com/ https://www.google.com https://*.authorize.net;object-src 'none';script-src 'self' 'wasm-unsafe-eval' 'nonce-3TuOb6UniJy1hc/87DMbLQ==' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://*.authorize.net;script-src-attr 'none';worker-src 'self' blob:;img-src 'self' blob: data: https://*.googleapis.com *.google.com https://*.gstatic.com;connect-src 'self' data: blob: https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.authorize.net;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https://tol-app-prod.firebaseapp.com/ https://tol-app-82e72.firebaseapp.com/ https://googleads.g.doubleclick.net/ https://*.google.com/ https://*.googlesyndication.com/ https://www.youtube.com/ https://api.pay.jp/ https://js.pay.jp/ https://js.stripe.com/; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src 'self' https://*.googlesyndication.com/ https://*.googleadservices.com/ https://adservice.google.co.in/ https://adservice.google.co.jp/ https://adservice.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://*.pay.jp/ https://*.stripe.com/ 'unsafe-eval' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' https://*.google.com/ https://*.google.co.jp/ https://*.googleadservices.com/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://vercel.live/ https://*.pay.jp/ https://*.stripe.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; connect-src 'self' https://*.tol-app.jp https://*.googleapis.com/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://*.sentry.io/ https://*.pay.jp/; style-src 'self' https: 'unsafe-inline'; style-src-elem 'self' http://fonts.googleapis.com https: 'unsafe-inline'; upgrade-insecure-requests ; 1
frame-ancestors 'self' https://www.madnawatlaw.com https://app.casefox.com; 1
default-src *.jsdelivr.net *.commentportal.com commentportal.com *.arcgis.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.touchstoneenergy.com *.azgt.coop; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-U3IGEy8Q2ylNUvynO0C83tV3QaG3GFK3af41I19LovGuLr+i' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 shop.multiplex-rc.de www.multiplex-rc.de https://www.juicer.io/api/feeds/ https://www.juicer.io/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com shop.multiplex-rc.de www.multiplex-rc.de https://*.usercentrics.eu https://assets.juicer.io/embed.js *.juicer.io;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com shop.multiplex-rc.de www.multiplex-rc.de https://*.google-analytics.com https://assets.juicer.io/embed.css *.juicer.io;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com shop.multiplex-rc.de www.multiplex-rc.de https://*.usercentrics.eu https://*.google-analytics.com https://www.juicer.io/ *.juicer.io;  font-src 'self' data: use.typekit.net fonts.gstatic.com shop.multiplex-rc.de www.multiplex-rc.de *.juicer.io;  object-src 'self' shop.multiplex-rc.de www.multiplex-rc.de;  media-src 'self' shop.multiplex-rc.de www.multiplex-rc.de;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com shop.multiplex-rc.de www.multiplex-rc.de;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com shop.multiplex-rc.de www.multiplex-rc.de;  frame-ancestors 'self' shop.multiplex-rc.de www.multiplex-rc.de;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com shop.multiplex-rc.de www.multiplex-rc.de https://*.usercentrics.eu https://*.google-analytics.com *.juicer.io; 1
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-a4504083d6bd561bdc5aff63bab34bc8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.directcapital.com www.google.com *.google.com www.gstatic.com sdks.shopifycdn.com www.youtube.com;style-src 'self' 'unsafe-inline' *.directcapital.com *.googleapis.com *.gstatic.com; connect-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.directcapital.com monorail-edge.shopifysvc.com xpane.myshopify.com; img-src *; font-src https: data:; frame-src data: *.directcapital.com www.google.com *.facebook.com http://youtube.com https://youtube.com https://*.youtube.com http://*.youtube.com www.youtube.com www.youtube-nocookie.com; 1
default-src 'self';  script-src 'unsafe-inline' 'unsafe-eval' 'self' js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.usemessages.com *.zscloud.net *.usercentrics.eu *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net munchkin.marketo.net *.serving-sys.com *.googleadservices.com googleads.g.doubleclick.net *.akamaihd.net secure.comodo.com www.trustlogo.com seal.verisign.com seal.websecurity.norton.com *.digicert.com www.googletagmanager.com optimize.google.com *.google-analytics.com *.richrelevance.com js.hsforms.net forms.hsforms.com *.hubspot.com services.cognitoforms.com www.google.com www.google:* www.gstatic.com *.googleapis.com cloud.github.com code.jquery.com connect.facebook.net static.ak.fbcdn.net *.hscollectedforms.net widgets.twimg.com www.dentapure.com www.google.com tagmanager.google.com volusionchat.appspot.com cloud.github.com vp.dentrek.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com *.youtube.com *.licdn.com bing.com facebook.net hs-scripts.com hs-banner.com hsadspixel.net hs-analytics.net linkedin.com cdn.linkedin.oribi.io adservice.google.com clarity.ms *.clarity.ms js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net blob: data:;  connect-src 'self' *.hubapi.com *.hubspot.com *.usercentrics.eu *.akstat.io *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com services.cognitoforms.com optimize.google.com *.google-analytics.com ssl.google-analytics.com *.clarity.ms js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com stats.g.doubleclick.net cdn.linkedin.oribi.io adservice.google.com *.hscollectedforms.net *.google.com *.googletagmanager.com;  img-src 'self' *.youtube.com *.hubspot.com *.usercentrics.eu *.henryschein.com *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com googleads.g.doubleclick.net *.akamaihd.net placeholder.com via.placeholder.com secure.comodo.com www.trustlogo.com seal.websecurity.norton.com *.digicert.com www.google:* www55.caligor.com optimize.google.com *.google-analytics.com *.henryschein.fr placehold.it www.servertastic.com *.clarity.ms localhost www.gstatic.com media.corporate-ir.net volusionchat.appspot.com *.googleapis.com ssl.gstatic.com www.google.com media.istockphoto.com js.hsforms.net *.facebook.com *.bing.com www.googletagmanager.com stats.g.doubleclick.net *.ads.linkedin.com *.adsymptotic.com *.atdmt.com *.commerce-connector.com linkedin.com *.hscollectedforms.net *.google.it *.hsforms.com *.linkedin.com forms.hsforms.com data:;  style-src *.zscloud.net *.kampyle.com *.google-analytics.com optimize.google.com 'unsafe-inline' 'self' *.googleapis.com services.cognitoforms.com tagmanager.google.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com fonts.gstatic.com;  font-src 'self' *.kampyle.com sxt.cdn.skype.com *.googleapis.com fonts.gstatic.com themes.googleusercontent.com services.cognitoforms.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com data:;  frame-src 'self' *.youtube-nocookie.com *.hs-ecom.com *.hubspot.com *.kampyle.com bid.g.doubleclick.net *.google-analytics.com optimize.google.com cdn.pendo.io app.pendo.io www.trustlogo.com secure.comodo.com www.googletagmanager.com cdn.livechatinc.com secure.livechatinc.com app.usercentrics.eu www.youtube.com player.vimeo.com media.corporate-ir.net vimeo.com *.facebook.com www.google.com volusionchat.appspot.com js.hsforms.net *.henryschein.fr *.henryschein.com *.bing.com connect.facebook.net forms.hsforms.com *.doubleclick.net data:;  media-src 'self' *.kampyle.com media.istockphoto.com js.hsforms.net volusionchat.appspot.com *.henryschein.fr *.henryschein.com *.facebook.com *.bing.com www.dentapure.com;  report-uri /webservices/JSONRequestHandler.ashx?from=csp;   1
default-src 'self'; worker-src blob:; connect-src wss: *.pusher.com https: *.codicadev.net *.ipinfo.io *.sentry.io *.w3.org *.pipedrive.com px.ads.linkedin.com www.google.com.ua *.google.com *.googletagmanager.com savjee.report-uri.com *.facebook.com snap.licdn.com stats.g.doubleclick.net; script-src https: *.codicadev.net 'unsafe-eval' *.pipedrive.com *.googletagmanager.com connect.facebook.com snap.licdn.com *.ipinfo.io 'unsafe-inline'; style-src 'self' *.googletagmanager.com *.codica.com *.googleapis.com *.codicadev.net 'unsafe-inline'; font-src https: data: *.codicadev.net *.pipedrive.com font.gstatic.com 'unsafe-inline'; img-src https: data: *.codicadev.net *.pipedrive.com *.google.com *.facebook.com px.ads.linkedin.com images.dmca.com 'unsafe-inline'; frame-src https: *.codicadev.net *.google.com *.facebook.com www.googletagmanager.com; object-src https: ; 1
frame-ancestors 'self' cdp.mydatalakes.com console.mydatalakes.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://qlytics.qreserve.com/ https://embed.qreserve.com/; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.qreserve.com https://qlytics.qreserve.com; font-src 'self' https://fonts.gstatic.com https://github.com/google/fonts data:; frame-src 'self' https://accounts.google.com https://calendar.google.com https://embed.qreserve.com https://www.youtube.com; frame-ancestors https://my.qreserve.com https://www.artintheworkplace.ca; img-src 'self' data: https://assets.capterra.com https://capterra.s3.amazonaws.com https://qlytics.qreserve.com; manifest-src 'self'; media-src 'self'; report-uri https://s.qreserve.com/api/8/security/?sentry_key=4e4f2ebe21f949688f9f6238c8883d5e; worker-src 'none'; 1
default-src 'self' blob: meteor:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' https://player.vimeo.com https://*.typeform.com https://gutterstar.bizland.com https://whatsock.github.io https://cdnjs.cloudflare.com https://r.wdfl.co todesktop-internal:; connect-src * 'self' blob: https://api.amplitude.com https://strummachine.com https://*.strummachine.com https://validator.fovea.cc https://api.getrewardful.com ws: wss:; img-src data: 'self' blob: https://www.google.com https://*.g.doubleclick.net https://storage.googleapis.com https://res.cloudinary.com https://*.mzstatic.com https://*.ggpht.com https://*.googleusercontent.com https://*.scdn.co https://*.sndcdn.com https://*.ssl-images-amazon.com https://*.ytimg.com https://*.vimeocdn.com; style-src 'self' 'unsafe-inline' blob: https://accdc.github.io; font-src 'self' blob: data:; media-src 'self' blob: data: https://*.dropbox.com https://*.dropboxusercontent.com https://storage.googleapis.com; frame-src 'self' blob: https://www.youtube-nocookie.com https://*.spotify.com https://clyp.it https://*.soundcloud.com https://*.vimeo.com https://app.termly.io https://docs.google.com https://*.typeform.com; report-uri https://strummachine.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://db-eco.com https://db-engineering-consulting.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com https://assets.bahn-x.de https://app.usercentrics.eu https://dbwas.service.deutschebahn.com https://ajax.googleapis.com https://www.youtube.com; img-src 'self' https://db-engineering-consulting.com https://app.usercentrics.eu https://uct.service.usercentrics.eu https://privacy-proxy-server.usercentrics.eu https://i.ytimg.com https://secure.gravatar.com data:; style-src 'self' 'unsafe-inline'; connect-src https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://consent-layer.analytics.bahn-x.de https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://dbwas.service.deutschebahn.com https://csp.bahn-x.de https://db-eco.com https://db-engineering-consulting.com https://yoast.com; font-src 'self' data:; object-src 'none'; frame-ancestors 'self' https://world-of.db-eco.com; frame-src https://www.youtube-nocookie.com/ 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-885EhZaam825LTfjE929Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src 'self';            script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.gstatic.com https://*.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com;            script-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.google-analytics.com https://siteimproveanalytics.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://*.twitter.com https://cdn.syndication.twimg.com;            style-src 'self' 'unsafe-inline' https://*.myfonts.net https://*.bootstrapcdn.com;            style-src-elem 'self' 'unsafe-inline' https://*.browsealoud.com https://*.googleapis.com https://*.myfonts.net https://*.bootstrapcdn.com https://*.twitter.com https://*.twimg.com;            img-src * data:;            font-src * data:;            connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.browsealoud.com https://stats.g.doubleclick.net https://*.speechstream.net;            media-src * blob: data:;            frame-src 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.youtube.com https://*.google.com https://waterschap-limburg.vergunningen.info https://*.maps.arcgis.com https://*.arcgis.com https://*.twitter.com https://*.vimeo.com https://www.waterstandlimburg.nl https://*.doubleclick.net https://*.googletagmanager.com;            frame-ancestors 'self' https://*.iprox.nl https://*.waterschaplimburg.nl https://www.geleenbeekdal.nl https://www.waterleeftinbeek.nl https://www.wbl.nl https://www.zuidelijkmaasdal.nl https://wblnl.sharepoint.com;            report-uri https://infoprojects.report-uri.com/r/d/csp/enforce 1
script-src 'nonce-6xlBctBq1yPp' 'strict-dynamic' 'report-sample' 'self' https://static.furkot.com; worker-src 'self' https://static.furkot.com; style-src 'self' https://static.furkot.com; base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; report-uri https://zsyp.code42day.com/csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.bakeryinfo.co.uk; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-vLSr5A1gMek61U5THIDQrlEZIZCUfHFJk2CMidwih8DTSOEC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://statistik.green-zones.eu/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-/1XoVpVWZTBIdWx9cvj1mNP19tVQNuWtaFDYHe2ErRK5Ztl1' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
require-trusted-types-for 'script'; report-uri https://grepular.report-uri.com/r/d/csp/enforce; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src data: blob: https: wss://*.viverse.com 'self'; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; child-src data: https: tel: blob:; frame-src data: https: tel: https://*.marketo.net https://*.marketo.com; worker-src https://*.viverse.com blob:; upgrade-insecure-requests; frame-ancestors https://*.viverse.com; 1
default-src https: data: blob: 'unsafe-inline'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https:; base-uri 'self';  upgrade-insecure-requests; report-uri /csp.cgi 1
default-src 'self'; script-src 'self' https://plausible.io https://www.youtube.com; object-src 'none'; style-src 'self' 'nonce-montix_nonce'; img-src 'self'; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.openstreetmap.org; font-src 'self'; connect-src 'self' https://plausible.io; frame-ancestors 'none'; base-uri 'self' www.espritscholen.nl; form-action 'self' 1
script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' gateway.zscloud.net blob:; frame-src 'self' gateway.zscloud.net www.google.com app.eu.pendo.io; child-src 'self' gateway.zscloud.net app.eu.pendo.io; frame-ancestors 'self' gateway.zscloud.net app.eu.pendo.io *.datadoghq.com; font-src 'self' data: https://*; media-src 'self' blob: https://* data:; style-src 'self' gateway.zscloud.net *.googleapis.com landingpad.me *.landingpad.me 'unsafe-inline' app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; script-src 'self' landingpad.me *.landingpad.me gateway.zscloud.net 'unsafe-inline' 'unsafe-eval' app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io *.amazonaws.com snap.licdn.com static.zdassets.com *.zendesk.com cdn2l.ink www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com blob: resource:; connect-src 'self' https://* blob: wss: ws: app.eu.pendo.io data.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; img-src 'self' blob: https://* data: landingpad.me *.landingpad.me cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io; object-src 'none' 1
frame-ancestors 'self' ec.hk.bankcomm.com ec.bankcomm.com.hk eb.hk.bankcomm.com stapp.hk.bankcomm.com mbapp.hk.bankcomm.com https://mbanktest.bankcomm.com:31888 https://edm.bocommuat.com.hk:31901 *.bankcomm.com:* *.bocommuat.com.hk:*; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper&d=2024-01-23 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' ajax.googleapis.com www.recaptcha.net  cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com mdbootstrap.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com js.hs-scripts.com js.hsforms.net businessdecision.matomo.cloud www.youtube.com www.gstatic.com forms.hsforms.com googletagmanager.com www.googletagmanager.com snap.licdn.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net googleads.g.doubleclick.net www.recaptcha.net cdn-eu.clickdimensions.com analytics-eu.clickdimensions.com  cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://www.google.com mdbootstrap.com unpkg.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com js.hs-scripts.com businessdecision.matomo.cloud www.youtube.com www.recaptcha.net cdn-eu.clickdimensions.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com unpkg.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.businessdecision.com/fr-fr/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://policies.ttprivacy.com http://mycliplister.com http://*.mycliplister.com; media-src 'self' http://mycliplister.com http://*.mycliplister.com; img-src 'self'  http://*.mycliplister.com http://mycliplister.com data: blob: 1
connect-src 'self' *.hotjar.com/api/v2/client/ws *.hotjar.io *.trengo.eu https://*.analytics.google.com https://*.chatservice.co/ https://*.cookiepro.com https://*.google-analytics.com https://*.google.co.uk https://*.googletagmanager.com https://*.livechatinc.com https://*.mapbox.com https://*.onetrust.com https://*.snapchat.com https://*.tiktok.com https://stats.g.doubleclick.net https://tcs-analytics-tracker.now.sh https://tcs-analytics-tracker.vercel.app https://vitastudent-develop.go-vip.net https://www.facebook.com/tr https://www.google.co.uk wss://ws.hotjar.com/api/v2/client/ws; frame-ancestors 'self' https://*.mapbox.com https://www.google.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.trengo.eu *.vitastudent.com https://*.chatservice.co https://*.hotjar.com https://*.livechatinc.com https://*.snapchat.com https://*.wp.com https://analytics.tiktok.com https://api.mapbox.com/* https://cdn-ukwest.onetrust.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://dist.chatservice.co/latest/customerService.js https://googleads.g.doubleclick.net https://js.chatservice.co/v0/switch.js https://r1-t.trackedlink.net https://s0.wp.com https://sc-static.net https://ssl.google-analytics.com https://static.ads-twitter.com https://static.srcspot.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vitastudent.com https://www.youtube.com; worker-src blob: 'self' 'unsafe-inline' https://vitastudent.com https://www.vitastudent.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodonbooks.net; img-src 'self' https: data: blob: https://mastodonbooks.net; style-src 'self' https://mastodonbooks.net 'nonce-8N2RAbNEt9VoT90ZKz57lQ=='; media-src 'self' https: data: https://mastodonbooks.net; frame-src 'self' https:; manifest-src 'self' https://mastodonbooks.net; form-action 'self'; connect-src 'self' data: blob: https://mastodonbooks.net https://s3.us-east-1.wasabisys.com/mastodon-books/ wss://mastodonbooks.net; script-src 'self' https://mastodonbooks.net 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodonbooks.net; worker-src 'self' blob: https://mastodonbooks.net 1
connect-src 'self' https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
default-src 'self' cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'  cdnjs.cloudflare.com; 1
img-src data: 'self' http://realityripple.com http://*.realityripple.com; object-src 'none'; frame-src 'none'; base-uri 'self' http://realityripple.com http://*.realityripple.com; form-action 'self' http://realityripple.com http://*.realityripple.com; frame-ancestors 'none'; script-src 'sha256-pzz+uUmFSRPIFsb+F1giq+z5vKGzIO3iRpIFAmbTCrA=' 'sha256-nZTo1STXYIWiQ9zjsGWrMAxCxNguutSxjmwwDqclLOg=' 'self' http://realityripple.com http://*.realityripple.com https://realityripple.com; default-src 'self' http://realityripple.com http://*.realityripple.com 1
default-src 'self' 'unsafe-inline' www.google-analytics.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-pQqLeoONRW1Y0YzWGNjSTbWY/aEvJpzR4+3mNUjDHqlO7lOw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; img-src 'self' data: https://consent.trustarc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://consent.trustarc.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.googleapis.com/icon https://fonts.gstatic.com/s; frame-src 'self' https://iframe.videodelivery.net/  https://consent-pref.trustarc.com/ https://www.google.com https://*.vancopayments.com; font-src 'self' https://consent.trustarc.com/get https://fonts.gstatic.com; 1
frame-ancestors *.signalsight.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' analytics.google.com *.google-analytics.com *.doubleclick.net *.wistia.com https://js.hsforms.net/forms/v2.js *.salesforceliveagent.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' insights.spacesaver.com *.doubleclick.net www.google-analytics.com google-analytics.com analytics.google.com https://*.wistia.com https://*.litix.io https://forms.hsforms.com api.widencollective.com; font-src 'self' data: https://fast.wistia.com; frame-src 'self' td.doubleclick.net forms.hsforms.com https://spacesaver.widen.net; img-src 'self' data: spacesaver.com www.googletagmanager.com www.google-analytics.com *.widencdn.net www.google.com https://embed-ssl.wistia.com https://fast.wistia.com https://forms-na1.hsforms.com https://forms.hsforms.com https://insights.spacesaver.com https://spacesaver.widen.net; manifest-src 'self'; media-src 'self' blob: fanciful-cheesecake-8b9517.netlify.app blob: www.spacesaver.com; worker-src 'none'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-vOvz9zEa1iospuVnQ-R4Zg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-s5Soy2TKWH2Figu4t4RwxRgwhyVeHo/W7Y7P1L7raiFJbXYm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors trl.org *.trl.org timberland.bibliocms.com *.timberland.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src trl.org *.trl.org timberland.bibliocms.com *.timberland.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com; img-src 'self' data: *.bilzin.com https://www.linkedin.com https://bilzin.vuturevx.com https://p.typekit.net https://www.google-analytics.com  https://*.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://p.adsymptotic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; font-src 'self' 'unsafe-inline' https://use.typekit.net; frame-src 'self' 'unsafe-inline' *.bilzin.com https://player.vimeo.com https://www.youtube.com https://w.soundcloud.com https://cdn.flipsnack.com https://legaltalknetwork.com https://*.hotjar.com https://*.hotjar.io https://player.flipsnack.com; connect-src 'self' 'unsafe-inline' https://analytics.google.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://www.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://stats.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-pzXv9w21MmnW36TC1TP16b2+OnHEsWzwMYBThELsh3AsoSOH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.housingtoday.co.uk; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.slotex.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.slotex.pl https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' *.slotex.pl https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' *.slotex.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' *.slotex.pl https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; style-src 'self' 'unsafe-inline' *.slotex.pl; 1
default-src 'self' *.mpwik.com.pl *.google.com *.google.pl *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.youtube.pl chat.mpwik.com.pl:5600; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 1
default-src 'self' data: *.google.com *.googleapis.com *.gstatic.com *.gravatar.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.youtube.com *.cookiepro.com *.onetrust.com m6widgetlive.rezcomm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.cookiepro.com *.jsdelivr.net m6widgetlive.rezcomm.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; 1
script-src: 'self' 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.bike; img-src 'self' https: data: blob: https://toot.bike; style-src 'self' https://toot.bike 'nonce-lsztEXFY7RXnx8/+dGojvA=='; media-src 'self' https: data: https://toot.bike; frame-src 'self' https:; manifest-src 'self' https://toot.bike; form-action 'self'; connect-src 'self' data: blob: https://toot.bike https://toot.bike wss://toot.bike; script-src 'self' https://toot.bike 'wasm-unsafe-eval'; child-src 'self' blob: https://toot.bike; worker-src 'self' blob: https://toot.bike 1
frame-ancestors technori.com www.hrai.ca www.nbcot.org webstage.nbcot.org badgecert.com preprod.badgecert.com  www.raps.org test.raps.org leia.e-learndesign.scot http://leia.e-learndesign.scot https://leia.e-learndesign.scot 51.195.213.69 learn.inspire-university.com dev.inspire-university.com dev.raps.org staging.raps.org demo4xperience13.raybiztech.com stage.raps.org qa.raps.org; 1
default-src 'self' websensystems.nl 1
default-src 'self' https://player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com https://f.vimeocdn.com https://t.sharethis.com https://ws.sharethis.com https://connect.facebook.net https://platform.twitter.com https://maps.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://translate.google.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://player.vimeo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org; img-src 'self' data: *.bunge.com *.bunge.com.br *.azurewebsites.net https://bmsi-p-001.sitecorecontenthub.cloud https://vumbnail.com https://l.sharethis.com https://i.vimeocdn.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://translate.googleapis.com https://www.google.com https://www.google-analytics.com https://api.mapbox.com https://cdn.cookielaw.org https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://ws.sharethis.com https://hello.myfonts.net http://netdna.bootstrapcdn.com https://translate.googleapis.com https://fonts.googleapis.com https://fast.fonts.net https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com; font-src 'self' http://netdna.bootstrapcdn.com https://hello.myfonts.net https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://themes.googleusercontent.com; connect-src 'self' https://l.sharethis.com https://www.google-analytics.com https://translate.googleapis.com https://stats.g.doubleclick.net https://api.mapbox.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com; media-src 'self' https://vod-progressive.akamaized.net https://player.vimeo.com; frame-src 'self' https://bungeloders.maps.arcgis.com https://bungeloders.com *.bungeloders.com https://t.sharethis.com https://ws.sharethis.com https://player.vimeo.com https://platform.twitter.com https://otp.tools.investis.com http://www.investis.com; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-vUnl33BKCPrSn5vL7d5qNmHsKUiH1GDLKqGDQVpIYPuBGxAm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/beacon.min.js/; connect-src 'self' https://region1.google-analytics.com/; img-src 'self' https://www.google-analytics.com/; frame-src 'self' data: https://www.google.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ archive.org bam.nr-data.net connect.facebook.net data maps.googleapis.com translate.googleapis.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
frame-ancestors 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net tarteaucitron.io *.tarteaucitron.io *.google-analytics.com *.addthis.com *.googletagmanager.com *.matomo.cloud *.addtoany.com *.infisecure.com *.flippingbook.com *.cloudfront.net;report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/violation/report?paid=16904&v=v2.0&payload=4WYoMhfdVCP2B7qOENGWa5LMJJKatrl_Rc-kFZo6c5cDDNAZ6rbhAxzxG915WTZQsNwY4B4krDda6gHMZt8HtsliMwDjdnCPvZiuYlBPtfJdrfxGlHJu65-bVcfHuvrgO8HGZBNfCCP8fIpraRizsRt9boB689wy25bLb7xSZL536zi0UUGar_vLKI3SkebP;worker-src 'self' *.flippingbook.com *.cloudfront.net blob:; 1
object-src 'none'; default-src 'self' https://asset.uncletopia.com; style-src 'self' 'unsafe-inline' https://fonts.cdnfonts.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.cdnfonts.com; img-src 'self' data: https://*.tile.openstreetmap.org https://*.steamstatic.com http://localhost:9000 https://asset.uncletopia.com; base-uri 'self' 1
original-policy 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OTcyNGMwYzQ4YmYxNGM2NmEwZGNhNDc5NTZhNmU5MDk=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.raadrvs.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.raadrvs.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.raadrvs.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; child-src 'self' blob: *.ikvs.de https://*.deskline.net/ https://bad-duerkheim.reservix.de https://client.rlpdirekt.de/ https://karelkunc.musikschul-anmeldung.de/ https://kb.ionas.de/ https://kvhs-duew.de/ https://maps.google.de https://ratsinfo.desvdue2.de/buergerinfo/info.asp https://res.oastatic.com/partner/outdooractive-black.png https://stadtbuecherei-bad-duerkheim.bibliotheca-open.de/ https://www.drk-blutspende.de https://www.facebook.com/ https://www.google.com/ https://www.outdooractive.com https://www.reservix.de/ https://www.reservix.de/tickets-limburg-sommer/t11839 https://www.vrn.de; connect-src 'self' https://*.deskline.net/ https://*.facebook.net/ https://buergerservice.ionas.de/ https://cms-sv-bad-duerkheim.ionas.de/:oa-search https://maps.feratel.com https://region1.google-analytics.com https://res.oastatic.com/partner/outdooractive-black.png https://www.bad-duerkheim.de/:sa2-search/ https://www.bad-duerkheim.de/sa2-endpoint/bwc/rest/073320002002/search https://www.chamaeleon-hosting.de https://www.facebook.com/ https://www.google-analytics.com https://www.outdooractive.com https://www8.chamaeleon.de/; font-src 'self' data: https://*.deskline.net/ https://fonts.gstatic.com https://res.oastatic.com/partner/ https://res.oastatic.com/partner/outdooractive-black.png https://www.facebook.com/ https://www.outdooractive.com; frame-ancestors 'self'; frame-src 'self' *.ikvs.de https://*.deskline.net/ https://api.trustyou.com https://bad-duerkheim.reservix.de https://badduerkheim.musikschul-anmeldung.de/aufnahmeantrag https://client.rlpdirekt.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://karelkunc.musikschul-anmeldung.de/ https://kb.ionas.de https://kvhs-duew.de/ https://maps.google.de https://ratsinfo.desvdue2.de/buergerinfo/info.asp https://res.oastatic.com/partner/outdooractive-black.png https://stadtbuecherei-bad-duerkheim.bibliotheca-open.de/ https://weatherwidget.io/ https://www.chamaeleon-hosting.de https://www.drk-blutspende.de https://www.eTermin.net/bad-duerkheim https://www.facebook.com/ https://www.google.com https://www.google.com/ https://www.outdooractive.com https://www.reservix.de/ https://www.youtube.com/; img-src 'self' data: blob:https://www.bad-duerkheim.de https://*.deskline.net/ https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://img.oastatic.com/img/ https://region1.google-analytics.com https://res.oastatic.com/partner/ https://res.oastatic.com/partner/outdooractive-black.png https://www.bad-duerkheim.de https://www.chamaeleon-hosting.de https://www.facebook.com/ https://www.outdooractive.com https://www8.chamaeleon.de/; manifest-src https://res.oastatic.com/partner/outdooractive-black.png https://www.facebook.com/ https://www.outdooractive.com; media-src 'self' https://*.deskline.net/ https://res.oastatic.com/partner/outdooractive-black.png https://www.bad-duerkheim.de https://www.facebook.com/ https://www.outdooractive.com; object-src https://res.oastatic.com/partner/outdooractive-black.png https://www.facebook.com/ https://www.outdooractive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.deskline.net/ https://*.facebook.net/ https://ajax.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://res.oastatic.com/partner/outdooractive-black.png https://unpkg.com https://weatherwidget.io/ https://weatherwidget.io/js/widget.min.js https://www.chamaeleon-hosting.de https://www.facebook.com/ https://www.google-analytics.com https://www.outdooractive.com https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.deskline.net/ https://*.facebook.net/ https://ajax.googleapis.com/ https://api.trustyou.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://res.oastatic.com/partner/outdooractive-black.png https://unpkg.com https://weatherwidget.io/ https://weatherwidget.io/js/widget.min.js https://www.chamaeleon-hosting.de https://www.facebook.com/ https://www.outdooractive.com https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.deskline.net/ https://res.oastatic.com/partner/outdooractive-black.png https://weatherwidget.io/ https://www.facebook.com/ https://www.outdooractive.com; style-src 'self' 'unsafe-inline' https://*.deskline.net/ https://res.oastatic.com/partner/ https://res.oastatic.com/partner/outdooractive-black.png https://weatherwidget.io/ https://www.facebook.com/ https://www.outdooractive.com; style-src-elem 'self' 'unsafe-inline' https://*.deskline.net/ https://cdnjs.cloudflare.com https://fonts.googleapis.com https://res.oastatic.com/partner/outdooractive-black.png https://unpkg.com https://weatherwidget.io/ https://www.facebook.com/ https://www.outdooractive.com; style-src-attr 'self' 'unsafe-inline' https://*.deskline.net/ https://res.oastatic.com/partner/outdooractive-black.png https://weatherwidget.io/ https://www.facebook.com/ https://www.outdooractive.com; worker-src 'self' blob: https://*.deskline.net/ https://www.outdooractive.com; report-to main 1
base-uri 'none';             default-src 'self';             connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net;             child-src https://www.facebook.com/ https://staticxx.facebook.com/;             font-src 'self';             form-action 'self' https://connect.facebook.net;             frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://embed.ted.com https://freestompboxes.api.oneall.com https://w.soundcloud.com https://s9e.github.io https://player.twitch.tv;             img-src 'self' https: data:;             media-src 'self' https:;             object-src 'none';             script-src 'self' https://connect.facebook.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://freestompboxes.api.oneall.com/ 'unsafe-inline';             style-src 'self' 'unsafe-inline' https:;             worker-src 'self';             upgrade-insecure-requests; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-28865a70e0e8fb0e0341741b38f25d8e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://heads.social; img-src 'self' https: data: blob: https://heads.social; style-src 'self' https://heads.social 'nonce-JZhHGigUrArvBGDPC17BKw=='; media-src 'self' https: data: https://heads.social; frame-src 'self' https:; manifest-src 'self' https://heads.social; form-action 'self'; child-src 'self' blob: https://heads.social; worker-src 'self' blob: https://heads.social; connect-src 'self' data: blob: https://heads.social https://cdn.masto.host wss://heads.social; script-src 'self' https://heads.social 'wasm-unsafe-eval' 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' data: *; frame-ancestors 'self' 1
script-src 'unsafe-inline' 'unsafe-eval' https: 'self'; 1
default-src  'self' 'nonce-foK8HuwxaNx5rYQSVgYhfFy9ItKwI7dfi78HWdIP'; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com  https://region1.google-analytics.com https://stats.g.doubleclick.net  https://pagead2.googlesyndication.com/ https://region1.analytics.google.com/ ; img-src  'self' https://www.googletagmanager.com https://www.google-analytics.com  https://www.google.com https://www.google.pl  https://www.facebook.com https://i.ytimg.com/  data:; font-src 'self'  https://geowidget.easypack24.net/fonts/ ; style-src 'self' 'unsafe-inline'  https://cdnjs.cloudflare.com/  ; script-src 'self' 'nonce-foK8HuwxaNx5rYQSVgYhfFy9ItKwI7dfi78HWdIP' https://www.googletagmanager.com   https://connect.facebook.net  https://code.jquery.com https://cdnjs.cloudflare.com  https://www.google-analytics.com/ https://www.youtube.com/ https://s.ytimg.com https://www.google.com/recaptcha/ 'sha256-M0atE/cxaUTExXmrfMXHVgOeP3D4nt6D+VNnOm/x/2s=' 'sha256-o1Tjc9zLayW0M0WQp2zwD/s6TilzgqLXOntoeXRYr44='  ; frame-src 'self' 'nonce-foK8HuwxaNx5rYQSVgYhfFy9ItKwI7dfi78HWdIP' https://www.google.com/  https://td.doubleclick.net/ https://forms.freshmail.io https://www.youtube.com/ https://www.facebook.com https://web.facebook.com/ https://open.spotify.com ; block-all-mixed-content; upgrade-insecure-requests; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ ; 1
default-src 'self';               frame-src 'self' https://socialsurvey.me https://www.youtube.com https://player.vimeo.com;               media-src 'self' https://content.nlcapp.com/ https://images.nlcapp.com;              connect-src 'self' https://www.google-analytics.com https://maps.google.com https://secure.velocify.com https://api.urlmeta.org https://maps.googleapis.com;               script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net;               font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://static2.sharepointonline.com https://spoprod-a.akamaihd.net;               style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;               img-src 'self' data: https://nlcloans.com https://nlcloans.sharepoint.com https://www.google-analytics.com https://stats.g.doubleclick.net https://scontent-ort2-1.cdninstagram.com https://www.google.com https://images.nlcapp.com https://content.nlcapp.com https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com 1
default-src 'self' cdn.plaid.com code.jquery.com; img-src 'self' data: ; font-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.plaid.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.bonsecours.ie; 1
frame-ancestors 'self' gf.dev papajohns.com.ec 1
default-src 'self' *.zdassets.com *.zendesk.com *.zopim.com https://*.zopim.com wss://unity3d.zendesk.com wss://*.zopim.com ; font-src 'self' 'unsafe-inline' *.unity.com *.unitychina.cn *.unity3d.com *.cloudfront.net fonts.gstatic.com heapanalytics.com *.hotjar.com storage.googleapis.com gen-as-admin-int.storage.googleapis.com gen-as-admin-stg.storage.googleapis.com gen-as-admin-prd.storage.googleapis.com unity-assetstorev2-stg.storage.googleapis.com unity-assetstorev2-prd.storage.googleapis.com data: ; connect-src 'self' *.windows.net *.onetrust.com *.onetrust.io *.sentry.io tools.conversion.com *.doubleclick.net *.zdassets.com *.zendesk.com *.zopim.com https://*.zopim.com wss://unity3d.zendesk.com wss://*.zopim.com cdn.cookielaw.org privacyportal-eu.onetrust.com *.google-analytics.com analytics.google.com *.s3.amazonaws.com *.sleeknote.com *.unity3d.com *.unitychina.cn *.cdp.internal.unity3d.com *.optimizely.com heapanalytics.com *.adroll.com *.hotjar.com *.hotjar.io ws://*.hotjar.com wss://*.hotjar.com *.resonai.com *.qualtrics.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.clarity.ms fonts.googleapis.com bat.bing.com *.intercom.io *.amplitude.com *.wootric.com wootric-eligibility.herokuoapp.com tr.snapchat.com *.teads.tv pagead2.googlesyndication.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sleeknote.com *.unity.com *.unitychina.cn *.unity3d.com *.cloudfront.net optimize.google.com cdnjs.cloudflare.com heapanalytics.com storage.googleapis.com gen-as-admin-int.storage.googleapis.com gen-as-admin-stg.storage.googleapis.com gen-as-admin-prd.storage.googleapis.com unity-assetstorev2-stg.storage.googleapis.com unity-assetstorev2-prd.storage.googleapis.com *.resonai.com ; img-src * blob: data: ; media-src * data: ; script-src 'self' 'nonce-yZ0mS3GlpkYW7jG9' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.unity.com *.unitychina.cn *.unity3d.com *.zdassets.com *.zendesk.com *.zopim.com https://*.zopim.com wss://unity3d.zendesk.com wss://*.zopim.com *.cloudfront.net *.google-analytics.com geolocation.onetrust.com cdn.cookielaw.org www.googletagmanager.com www.google.com tagmanager.google.com optimize.google.com cdnjs.cloudflare.com d6tizftlrpuof.cloudfront.net *.optimizely.com cdn.heapanalytics.com heapanalytics.com *.adroll.com *.hotjar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.resonai.com storage.googleapis.com gen-as-admin-int.storage.googleapis.com gen-as-admin-stg.storage.googleapis.com gen-as-admin-prd.storage.googleapis.com unity-assetstorev2-stg.storage.googleapis.com unity-assetstorev2-prd.storage.googleapis.com *.naver.net *.bizographics.com prf.hn *.qualtrics.com *.amplitude.com tag.demandbase.com ; child-src 'self' *.unity.com *.unitychina.cn youtube.com www.youtube.com *.twitch.tv youtu.be *.soundcloud.com sketchfab.com player.vimeo.com *.mixcloud.com v.qq.com *.hotjar.com www.facebook.com *.doubleclick.net ; frame-src 'self' *.qualtrics.com gen-as-admin-prd.storage.googleapis.com *.adsrvr.org unity-assetstorev2-prd.storage.googleapis.com *.simmer.io *.unity.com *.unitychina.cn *.twitch.tv www.youtube.com youtube.com youtu.be *.soundcloud.com subscribe.sleeknote.com optimize.google.com sketchfab.com player.vimeo.com *.mixcloud.com v.qq.com *.cdn.optimizely.com *.hotjar.com www.facebook.com *.doubleclick.net *.assetstore.unity3d.com docs.google.com tr.snapchat.com ; frame-ancestors 'self' *.twitch.tv ; manifest-src 'self' unity-assetstorev2-prd.storage.googleapis.com unity-assetstorev2-stg.storage.googleapis.com ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6m95kndique3v&partner=; 1
default-src 'self' https://infonotary.com https://*.infonotary.com  https://www.google-analytics.com:* https://ssl.google-analytics.com:* http://repository.infonotary.com https://repository.infonotary.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.google.com:*  https://fonts.gstatic.com 'unsafe-inline' img-src 'self' data: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-qVtlnwljYTk3boqIScpc7NQu0N+/qSI92KccZgal3sxCuC+G' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.homemasters.ru homemasters.ru https://homemasters.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://homemasters.ru top-fwz1.mail.ru imgsmail.ru *.imgsmail.ru google.ru *.google.ru  google.com *.google.com *.google-analytics.com *.googletagmanager.com vk.com *.vk.com facebook.net *.facebook.net facebook.com *.facebook.com gstatic.com *.gstatic.com googleads.g.doubleclick.net *.googleadservices.com twitter.com *.twitter.com *.twimg.com *.googleapis.com *.googlesyndication.com *.googletagservices.com ok.ru *.ok.ru *.odnoklassniki.ru counter.rambler.ru st.top100.ru  keycaptcha.com *.keycaptcha.com click-stroy.ru *.click-stroy.ru  pinterest.com *.pinterest.com s3.amazonaws.com mixmarket.biz *.mixmarket.biz *.adriver.ru *.instagram.com yastatic.net banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.yandex.ru yandex.st site.yandex.net https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://telegram.org; child-src 'self' https://homemasters.ru *.google.com *.googleadservices.com *.googlesyndication.com twitter.com *.twitter.com  facebook.com *.facebook.com vk.com *.vk.com yandex.ru *.yandex.ru *.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net gstatic.com *.gstatic.com googleads.g.doubleclick.net youtube.com *.youtube.com *.googleapis.com *.ok.ru *.odnoklassniki.ru keycaptcha.com *.keycaptcha.com player.vimeo.com coub.com *.instagram.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net banners.adfox.ru yastat.net chromenull; frame-src 'self' https://homemasters.ru *.google.com *.googleadservices.com *.googlesyndication.com twitter.com *.twitter.com  facebook.com *.facebook.com vk.com *.vk.com yandex.ru *.yandex.ru *.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net gstatic.com *.gstatic.com googleads.g.doubleclick.net youtube.com *.youtube.com https://*.youtube-nocookie.com/ *.googleapis.com *.ok.ru *.odnoklassniki.ru keycaptcha.com *.keycaptcha.com player.vimeo.com coub.com *.instagram.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net banners.adfox.ru yastat.net https://*.tiktok.com/ https://rutube.ru https://oauth.telegram.org/ chromenull; connect-src 'self' https://homemasters.ru translate.googleapis.com adservice.google.com *.googlesyndication.com *.gstatic.com pipe.skype.com google-analytics.com *.google-analytics.com *.googlevideo.com *.youtube.com rutube.ru graph.facebook.com *.twitter.com http://kraken.rambler.ru top-fwz1.mail.ru yandex.ru *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru ads.adfox.ru ads6.adfox.ru yastat.net https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.homemasters.ru homemasters.ru https://homemasters.ru *.bootstrapcdn.com *.googleapis.com fonts.googleapis.com *.gstatic.com s3.amazonaws.com *.twitter.com *.twimg.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net https://*.tiktokcdn.com/; font-src 'self'  data: https://homemasters.ru *.bootstrapcdn.com  *.googleapis.com  *.gstatic.com yandex.ru *.yandex.ru yastatic.net yastat.net; object-src 'self' https://homemasters.ru googleads.g.doubleclick.net *.googlesyndication.com googlevideo.com *.googlevideo.com ytimg.com *.ytimg.com youtube.com *.youtube.com yandex.ru *.yandex.ru *.gstatic.com *.keycaptcha.com keycaptcha.com video.rutube.ru; media-src 'self' https://homemasters.ru data: mediastream: *.yandex.net yandex.ru *.yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; img-src 'self' data: https: avatars-fast.yandex.net favicon.yandex.net yandex.ru *.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net; 1
frame-ancestors 'self' http://*.rugvista.hu:* https://*.rugvista.hu http://*.rugvista.cz:* https://*.rugvista.cz http://*.rugvista.ro:* https://*.rugvista.ro http://*.rugvista.es:* https://*.rugvista.es http://*.rugvista.pt:* https://*.rugvista.pt http://*.rugvista.pl:* https://*.rugvista.pl http://*.rugvista.fi:* https://*.rugvista.fi http://*.rugvista.no:* https://*.rugvista.no http://*.rugvista.dk:* https://*.rugvista.dk http://*.rugvista.nl:* https://*.rugvista.nl http://*.rugvista.be:* https://*.rugvista.be http://*.rugvista.ie:* https://*.rugvista.ie http://*.rugvista.fr:* https://*.rugvista.fr http://*.rugvista.it:* https://*.rugvista.it http://*.rugvista.de:* https://*.rugvista.de http://*.rugvista.co.uk:* https://*.rugvista.co.uk http://*.rugvista.ch:* https://*.rugvista.ch http://*.rugvista.se:* https://*.rugvista.se http://*.rugvista.hr:* https://*.rugvista.hr http://*.rugvista.at:* https://*.rugvista.at http://*.rugvista.com:* https://*.rugvista.com https://*.vercel.app https://www.alleszumteppich.de https://www.alltommattor.se https://www.carpetencyclopedia.com https://www.toutsurlestapis.fr https://www.tuttosuitappeti.it https://www.encyklopediadywanow.pl https://xn--encyklopediadywanw-61b.pl https://www.tapijtencyclopedie.nl https://www.carpetencyclopedia.jp https://www.enciclopedia-de-la-alfombra.es https://admin1.carpetvista.com https://admin.carpetvista.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.t1t.be *.santanderconsumerbank.be *.corp *.fontawesome.com *.bootstrapcdn.com *.googletagmanager.com *.googleadservices.com *.cookielaw.org *.google-analytics.com *.surge.sh/js/main.js *.spaargids.be *.wistia.com *.wistia.net *.doubleclick.net *.onetrust.com *.google.be *.google.com *.google.es *.google.fr *.google.tr *.google.pl *.google.de *.google.lu *.google.nl snap.licdn.com *.infinity-tracking.net *.facebook.net *.facebook.com *.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.dwin1.com *.linkedin.com *.cloudflare.com px.ads.linkedin.com *.zenaps.com *.jsdelivr.net *.googlesyndication.com https://unpkg.com *.sharethis.com embedwistia-a.akamaihd.net the.sciencebehindecommerce.com *.litix.io *.gstatic.com *.awin1.com https://localhost:10443 *.inbenta.com *.inbenta.io *.inbenta.chat *.inbenta.chat:8000 wss://hyperchat-eu.inbenta.chat:8000  https://unpkg.com *.sharethis.com embedwistia-a.akamaihd.net the.sciencebehindecommerce.com *.litix.io https://localhost:10443 https://t1c.t1t.io:51883 https://t1c.t1t.io:51983 https://t1c.t1t.io:55000 *.inbenta.com *.inbenta.io *.inbenta.chat *.inbenta.chat:8000 https://t1c.t1t.io* https://t1c.t1t.io:61879/device-key https://t1c.t1t.io:61879/info https://t1c.t1t.io:61879 https://t1c.t1t.io:61879/v3/modules/beid/apps/token/readers/66a70ac1a92e2415/verify-pin https://t1c.t1t.io:61879/v3/modules/beid/apps/token/readers/66a70ac1a92e2415/biometric https://t1c.t1t.io:61879/v3/modules/beid/apps/token/readers/66a70ac1a92e2415/address https://t1c.t1t.io:*   https://www.financeads.net  https://www.clarity.ms https://o.clarity.ms; 1
frame-ancestors 'self' sandbox-admin.cloudhi.io 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-29eade1aa0da254b3a5e67ab0bf6d813'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none';font-src cdn.jsdelivr.net *.typekit.net *.periscope.com data: 'self';script-src *.linkedin.com snap.licdn.com cdn.optimizely.com sjs.bizographics.com script.crazyegg.com *.youtube.com *.vimeo.com cdn.jsdelivr.net *.google-analytics.com *.googleapis.com *.googletagmanager.com 'unsafe-eval' 'unsafe-inline' *.periscope.com 'self';frame-src *.tfaforms.com *.formassembly.com *.youtube.com *.vimeo.com 'self';connect-src graph.facebook.com stats.g.doubleclick.net *.linkedin.com *.google-analytics.com *.periscope.com 'self';img-src *.linkedin.com *.google-analytics.com secure.gravatar.com *.periscope.com cdn.jsdelivr.net data: 'self';style-src hello.myfonts.net *.typekit.net cdn.jsdelivr.net 'unsafe-inline' *.periscope.com 'self';worker-src *.periscope.com 'self';media-src *.periscope.com 'self';base-uri *.periscope.com 'self';form-action *.periscope.com 'self' 1
default-src 'self' 'unsafe-inline' https: data: http://d1yjxx0wdvhvfv.cloudfront.net http://images.simplycast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mefi.social; img-src 'self' https: data: blob: https://mefi.social; style-src 'self' https://mefi.social 'nonce-9PRu01rP78pnG+NBdJchwg=='; media-src 'self' https: data: https://mefi.social; frame-src 'self' https:; manifest-src 'self' https://mefi.social; connect-src 'self' data: blob: https://mefi.social https://mefisocial.files.fedi.monster wss://mefi.social; script-src 'self' https://mefi.social 'wasm-unsafe-eval'; child-src 'self' blob: https://mefi.social; worker-src 'self' blob: https://mefi.social 1
default-src 'self'; base-uri 'self' areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com; connect-src areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com https://bot.unique.ai/ https://*.fontawesome.com https://yoast.com https://maps.googleapis.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect; font-src areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com data: fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com; frame-src https://carriere.mytalentplug.com/  https://bot.unique.ai/ www.googletagmanager.com https://*.cloudflare.com https://*.vimeo.com youtube.com www.youtube.com areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com; img-src 'self' areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com i.ytimg.com https://s3.eu-west-1.amazonaws.com/ data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com lh3.ggpht.com lh4.ggpht.com lh5.ggpht.com lh6.ggpht.com secure.gravatar.com yoast.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/; script-src 'self' areas.com us.areas.com it.areas.com latam.areas.com pt.areas.com es.areas.com de.areas.com fr.areas.com https://maps.googleapis.com/ https://bot.unique.ai 'unsafe-eval' https://basetis.atlassian.net 'unsafe-inline' https://use.fontawesome.com/* https://kit.fontawesome.com https://ka-p.fontawesome.com google-analytics.com https://ssl.google-analytics.com/* www.google-analytics.com/* tagmanager.google.com ajax.googleapis.com/ajax/libs/jquery/ maps.googleapis.com/* googletagmanager.com/* www.googletagmanager.com/* code.jquery.com stats.g.doubleclick.net; style-src 'self' https://bot.unique.ai/ 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com ajax.googleapis.com/ajax/libs/jqueryui/ fonts.googleapis.com code.jquery.com; report-uri https://trgdfhhdfg.report-uri.com/r/d/csp/reportOnly 1
img-src * data:; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
frame-src data: https://www.youtube.com; frame-ancestors 'none'; default-src 'self'; object-src 'none'; font-src 'self' data: https://careerminds.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://js.hs-banner.com  https://js.hubspot.com https://snap.licdn.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://cta-service-cms2.hubspot.com  https://js.hs-scripts.com https://js.hscta.net/cta/current.js https://googleads.g.doubleclick.net https://connect.facebook.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://perf-na1.hsforms.com https://www.google.com https://www.facebook.com https://px4.ads.linkedin.com https://www.googletagmanager.com  https://www.google.co.in https://cdn2.hubspot.net https://3044396.fs1.hubspotusercontent-na1.net https://f.hubspotusercontent40.net https://no-cache.hubspot.com/ https://px.ads.linkedin.com https://secure.gravatar.com https://ps.w.org https://www.linkedin.com https://track.hubspot.com https://perf.hsforms.com https://no-cache.hubspot.com https://i.ytimg.com; connect-src 'self' data: https://www.google.co.in https://forms.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://px.ads.linkedin.com https://analytics.google.com https://js.hs-banner.com https://cta-service-cms2.hubspot.com https://api.hubapi.com; 1
default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.google.com; frame-ancestors 'self'; 		script-src 'self' https://code.jquery.com https://mosparo.promatrix.ch https://maxcdn.bootstrapcdn.com 'sha256-8qxtbYF+H2B/ccM+GUIGxFPG87TjzEmXeCz4w8bQ+VQ='; 		style-src 'self' https://fonts.googleapis.com https://mosparo.promatrix.ch; 		font-src 'self' https://fonts.gstatic.com; 		connect-src 'self' https://mosparo.promatrix.ch; 1
default-src 'self' *.msxi.com *.vimeo.com i.vimeocdn.com *.vimeocdn.com *.youtube.com *.google.com *.youtube-nocookie.com *.licdn.com i.ytimg.com *.buzzsprout.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com stats.g.doubleclick.net msxi.us12.list-manage.com cdn-images.mailchimp.com *.sliderrevolution.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com www.googletagmanager.com www.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.onetrust.com *.cookielaw.org *.google.com *.gstatic.com utt.pm cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.adition.com *.loyjoy.com;   frame-ancestors 'self';   form-action 'self';   frame-src 'self' *.schoenlecker.com *.cookiebot.com www.youtube-nocookie.com player.vimeo.com *.facebook.net *.facebook.com d24061fjqcam00.cloudfront.net d24061fjqcam00.cloudfront.net/202208-melitta-toppits/index.html; 1
Content-Security-Policy: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src 'self' data: blob: https://*.video-cdn.net https://content.internet.center ; script-src 'self' 'unsafe-inline' blob: https://*.video-cdn.net https://*.arbeitsagentur.de; script-src-elem 'self' 'unsafe-inline' blob: https://*.video-cdn.net https://79423.analytics.edgekey.net https://*.arbeitsagentur.de https://mima.movingimage.com ; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://*.video-cdn.net ; img-src 'self' data: https://sso.arbeitsagentur.de:443 https://*.arbeitsagentur.de https://*.video-cdn.net https://content.internet.center https://mima.movingimage.com ; connect-src 'self' https://sso.arbeitsagentur.de:443 https://*.bitmovin.com https://*.video-cdn.net https://*.arbeitsagentur.de  https://content.internet.center https://79423.analytics.edgekey.net ; base-uri 'self' ; 1
base-uri 'self'; connect-src 'self' adservice.google.com stats.g.doubleclick.net www.google.com https://*.clarity.ms ccr.agritrader.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com maps.googleapis.com; default-src 'self' 'unsafe-inline'; font-src 'self'; frame-src ccr.agritrader.nl www.google.com; img-src 'self' 'unsafe-eval' data: blob: * 'unsafe-inline' ssl.gstatic.com googleads.g.doubleclick.net www.google.com https://c.bing.com https://c.clarity.ms ccr.agritrader.nl *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net maps.googleapis.com s3-eu-west-1.amazonaws.com media.agritrader.nl; script-src 'self' 'unsafe-eval' 'report-sample' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.clarity.ms https://ipinfo.io ccr.agritrader.nl *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'report-sample' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; report-uri /csp-reports 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* data: 'unsafe-inline' 'unsafe-eval' https://*.authorize.net/ https://*.paypal.com/ https://www.paypalobjects.com/ https://js.stripe.com/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://*.authorize.net/ https://forms.hsforms.com/ https://taoglas.jobs.personio.de/ https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ https://js.stripe.com/ https://www.paypal.com/ https://player.captivate.fm/ https://static.hsappstatic.net/ https://*.hubspot.com/ 1
default-src *; font-src *; media-src *; img-src * https://i.postimg.cc data; script-src * https://www.google.com https://www.gstatic.com 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' shop.eriks.com *.shop.eriks.com; upgrade-insecure-requests; script-src eriks.com *.eriks.com *.shop.eriks.com *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.schrack-seconet.com *.fonts.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.google.com *.gstatic.com *.jquery.com *.addtoany.com *.myfonts.net *.sagedpw.at *.licdn.com *.hiro.ki; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://econtwitter-media.mwt.me; img-src 'self' https: data: blob: https://econtwitter-media.mwt.me; style-src 'self' https://econtwitter-media.mwt.me 'nonce-eX0bIQs6BA9O02/fM69oQQ=='; media-src 'self' https: data: https://econtwitter-media.mwt.me; frame-src 'self' https:; manifest-src 'self' https://econtwitter-media.mwt.me; form-action 'self'; child-src 'self' blob: https://econtwitter-media.mwt.me; worker-src 'self' blob: https://econtwitter-media.mwt.me; connect-src 'self' data: blob: https://econtwitter-media.mwt.me https://econtwitter-media.mwt.me wss://econtwitter.net; script-src 'self' https://econtwitter-media.mwt.me 'wasm-unsafe-eval' 1
base-uri 'self';connect-src 'self';default-src 'self';font-src 'self' use.typekit.net;form-action 'self';frame-src 'self' challenges.cloudflare.com player.vimeo.com youtube-nocookies.com;img-src 'self' data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-mxcWkFk418RDci3W87xynGQgQNsNUVix' challenges.cloudflare.com/turnstile/;style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net;frame-ancestors 'none' 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-3b5cc6dcecfb19f8473ebe709bc6abd8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' http://www.philips.com.ph *.philips.com *.philips.com.ph https://philipsigtdpv.com 1
frame-ancestors 'self' https://manage.iands.design  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' shopify.okta.com *.oktacdn.com; connect-src 'self' shopify.okta.com shopify-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com shopify.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' shopify.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' shopify.okta.com *.oktacdn.com; frame-src 'self' shopify.okta.com shopify-admin.okta.com login.okta.com com-okta-authenticator: api-044b9941.duosecurity.com; img-src 'self' shopify.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' shopify.okta.com data: *.oktacdn.com fonts.gstatic.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: unpkg.com *.googletagmanager.com *.google-analytics.com *.pricespider.com pghub.io *.doubleclick.net *.facebook.net *.youtube.com *.bazaarvoice.com cdnjs.cloudflare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; frame-src 'self' *.tapad.com *.doubleclick.net *.facebook.com *.youtube.com consumersupport.pg.com feed.pghub.io ; img-src 'self' data: images.ctfassets.net *.tapad.com *.facebook.com *.ytimg.com *.pricespider.com *.bazaarvoice.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; connect-src 'self' *.doubleclick.net *.google-analytics.com *.bazaarvoice.com *.ctfassets.net *.pricespider.com blob: feed.pghub.io pandg.tapad.com ; media-src *.ctfassets.net feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; connect-src 'self' blob: api.1brd.com  https://auth.1brd.com https://analytics.services.1brd.com https://reporting.1brd.com https://services.1brd.com https://*.services.1brd.com https://shop.api.1brd.com https://1brd.ly https://integrations.1brd.com https://*.referral.1brd.com https://*.referral.qa-1brd.com https://*.referral.staging-1brd.com https://api.appcues.net https://*.stream-io-api.com https://browser-http-intake.logs.datadoghq.eu https://fcm.googleapis.com https://*.googleapis.com https://cdn.crowdin.com fast.appcues.com faye.getstream.io wss://api.appcues.net wss://faye.getstream.io wss://*.stream-io-api.com; font-src 'self' data: https://cdn.qa-1brd.com; frame-src 'self' https://my.appcues.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://youtube.com https://player.vimeo.com ; img-src * blob: data:; media-src https://cdn.qa-1brd.com https://cdn.staging-1brd.com https://cdn.1brd.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://fast.appcues.com https://faye.getstream.io https://*.stream-io-api.com https://www.google.com/recaptcha/ https://www.gstatic.com https://cdn.crowdin.com https://crowdin.com analytics.services.1brd.com analytics.staging-1brd.com; style-src 'self' 'unsafe-inline' https://1brd.com https://fast.appcues.com https://cdn.crowdin.com; frame-ancestors 'none'; 1
default-src 'self';connect-src 'self' blob: https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://google-analytics.com https://*.google-analytics.com https://*.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.com https://google.com https://doubleclick.net https://*.doubleclick.net https://rcdfcdn.mars.com https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.google-analytics.com https://*.mars.com https://cdn.cookielaw.org https://royalcaninaccesprofessionnel.etocrm.fr;img-src blob: data: 'self' https://cdn.cookielaw.org https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://www.google.fr https://*.google.fr https://*.google.com https://google.com https://*.blob.core.windows.net https://*.royalcanin.fr/ https://*.google-analytics.com https://royalcaninaccesprofessionnel.etocrm.fr; style-src 'self' 'unsafe-inline' https://google.com https://*.google.com https://googleapis.com https://*.googleapi.com https://optanon.blob.core.windows.net https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.mars.com https://cdn.cookielaw.org https://royalcaninaccesprofessionnel.etocrm.fr; font-src 'self' data: https://gstatic.com https://*.gstatic.com https://fonts.gstatic.com https://*.mars.com https://*.bootstrapcdn.com; frame-src 'self' https://doubleclick.net https://*.doubleclick.net https://*.vimeo.com https://royalcaninaccesprofessionnel.etocrm.fr; object-src 'self' 1
frame-ancestors 'self';     report-to 'none';     report-uri 'none';     form-action 'self';     base-uri 'self';     upgrade-insecure-requests;     default-src 'none';     script-src     'self'     'report-sample'     'nonce-M2EzMTQzMTQtMjVmYS00YzJjLWJlNGItM2I3NDc4MDQwZTEx'     'nonce-e539f86df0cee681c349a0ebf8381ea2'     'sha256-3OlFiWv0WtMCE9KeFg9lqXHtIT89PCWMaz3okJm3lIU='     'sha256-RSzR8dyl3P+kJgfwZQVl6pw53WtkDsKGMO0d+ZifjX0='     'sha256-0InJbNxU6QQrLjT44//WZnC3/14yeAfsYTaW+9UmM9w='     'sha256-DiWU82cFIBGH7Ne2frmS4x7VCHwEoh4eM70g23XHRCc='     https://www.google-analytics.com;     object-src 'none';     worker-src 'none';     manifest-src 'self';     media-src 'self';     prefetch-src 'self';     frame-src 'self';     child-src 'self';     connect-src     'self'     *.santanderglobalconfirming.com https://cib-gtb-confirming-core.scib.gs.corp;     style-src     *.santanderglobalconfirming.com https://cib-gtb-confirming-core.scib.gs.corp     'self'     'report-sample'     'nonce-e539f86df0cee681c349a0ebf8381ea2'     'sha256-DiWU82cFIBGH7Ne2frmS4x7VCHwEoh4eM70g23XHRCc='     'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='     'sha256-czXgeg/0LyE1K2bGciMUUofC3UpFjMV6hP3ftENgPB8='            'sha256-s6pvTzrJkzDdmT05Lr0cJZo1Wig9m5AC8Il63ucl31U='             'sha256-RQvFvTbXc2xbQ7Nw6YY7tReRz+eFDwRQIy7FEK7Za10='     'sha256-7QhpLc2haPabLLUbdBc4+w+P2eKt0lMKGu8gDIDJMwk='     'sha256-VYjlZb7xFv75ApR7CUG4t7GseB4nAQnPXc7ahSQXEcI='     'sha256-RfArpP7YVKZK2GwjlAw5YsYwZkO2mOUnJGizYsRuK1o='     'sha256-Sii0QzNsQJQwCjn3+0uS4E8PGcWc5/7oeuTuQ3HAt+8='     'sha256-ng5B75YPyBQ9Ptx6Ezr2oDPNaORtzAMZUaXiVET957A='     'sha256-iOinLFGkpoQW2/XgknY2GiohQ4O+eedFC9kiTIK2bp0='     'sha256-jFlbl55O8qTRpiCgdOoozZxfHwjUrCXjeHkkdBkqYVQ='     'sha256-jMmulz6YbHhJF8FDwpWb6KFKHFq6T8fmxYHIj4uzzoA='     'sha256-RSzR8dyl3P+kJgfwZQVl6pw53WtkDsKGMO0d+ZifjX0='     'sha256-0InJbNxU6QQrLjT44//WZnC3/14yeAfsYTaW+9UmM9w='     'sha256-TH1ryBJR2V14dYBDPvIe9BJen0rfJ6JhEP3OqDsbMWw='     'sha256-5dGuQsFvWztBf9S6iyvR86pweEcXzvMDvxrQwmjZ+G8='     https://fonts.googleapis.com     https://fast.fonts.net;     img-src     'self'     data:     *.santanderglobalconfirming.com https://cib-gtb-confirming-core.scib.gs.corp;     font-src     'self'     https://at.alicdn.com     https://stordatamiupc.blob.core.windows.net     https://fonts.gstatic.com     https://fast.fonts.net 1
default-src 'self' *.zywave;script-src 'self' *.zywave.com *.zywave.co.uk www.google.com 'nonce-/r616VfXOC1h+rq71G8WgsTRpqcKpyY3cpsCRv1LqHY=';style-src 'self' 'nonce-/r616VfXOC1h+rq71G8WgsTRpqcKpyY3cpsCRv1LqHY=';frame-src 'self' www.google.com;connect-src 'self' www.google-analytics.com;img-src 'self' data: *.zywave.com *.zywave.co.uk www.google-analytics.com;manifest-src *.zywave.com *.zywave.co.uk 1
frame-ancestors https://app.contentful.com https://qunomedical.my.salesforce.com https://qunomedical--fullcopysb.sandbox.my.salesforce.com 1
block-all-mixed-content ; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://app.watermelon.co https://wm-backend-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.maps.arcgis.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: 'report-sample'; frame-ancestors 'self' https://*.dash.simplyadmire.com https://dash.docker https://localhost:8080 https://www.zeist.nl; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com data:; report-to csp; child-src 'self' blob:; default-src 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
frame-ancestors 'self' https://metrika.yandex.ru http://metrika.yandex.ru https://webvisor.com http://webvisor.com; 1
frame-ancestors=self 1
base-uri 'none'; object-src 'none'; script-src https://www.debian-fr.org/logs/ https://www.debian-fr.org/sidekiq/ https://www.debian-fr.org/mini-profiler-resources/ https://www.debian-fr.org/assets/ https://www.debian-fr.org/brotli_asset/ https://www.debian-fr.org/extra-locales/ https://www.debian-fr.org/highlight-js/ https://www.debian-fr.org/javascripts/ https://www.debian-fr.org/plugins/ https://www.debian-fr.org/theme-javascripts/ https://www.debian-fr.org/svg-sprite/; worker-src 'self' https://www.debian-fr.org/assets/ https://www.debian-fr.org/brotli_asset/ https://www.debian-fr.org/javascripts/ https://www.debian-fr.org/plugins/ 1
default-src * data: 'unsafe-inline' 'unsafe-eval' telrock.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ws-assets.zoominfo.com js.zi-scripts.com s3.amazonaws.com *.linkedin.oribi.io *.fontawesome.com www.google.com tags.srv.stackadapt.com *.facebook.com *.linkedin.com *.facebook.net bat.bing.com snap.licdn.com ws.zoominfo.com *.callrail.com cdnjs.cloudflare.com *.doubleclick.net translate.googleapis.com *.pomeroy.com yoast.com secure.gravatar.com *.gtranslate.net *.bootstrapcdn.com fonts.googleapis.com *.gstatic.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com data: ws:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://liberal.city; img-src 'self' https: data: blob: https://liberal.city; style-src 'self' https://liberal.city 'nonce-/5AkaUb2F1ku/KS2NCU4iw=='; media-src 'self' https: data: https://liberal.city; frame-src 'self' https:; manifest-src 'self' https://liberal.city; form-action 'self'; child-src 'self' blob: https://liberal.city; worker-src 'self' blob: https://liberal.city; connect-src 'self' data: blob: https://liberal.city https://cdn.masto.host wss://liberal.city; script-src 'self' https://liberal.city 'wasm-unsafe-eval' 1
default-src https: 'self' 'unsafe-inline' *.facebook.net ;             script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.reconyx.com *.jquery.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.fontawesome.com *.cloudflare.com *.vimeo.com *.authorize.net *.gstatic.com *.labelwriter.com *.facebook.com *.facebook.net *.bootstrapcdn.com *.jsdelivr.net *.youtube.com;             connect-src 'self' 'unsafe-inline' *.fontawesome.com *.google.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net properties connect.facebook.net/signals/config/834476951382890 *.authorize.net;             style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.authorize.net *.jquery.com *.reconyx.com;             font-src https: data: 'self' fonts.gstatic.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.authorize.net *.vimeo.com;             img-src http: https: data: 'self' blob: images.reconyx.com;             report-uri https://www.reconyx.com/log/csp?src=www; report-to csp-endpoint;            media-src reconyx.com *.reconyx.com data:  1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.amcharts.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.amcharts.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/releases/ https://cdn.jsdelivr.net/npm/masonry-layout@4.2.2/dist/masonry.pkgd.min.js https://unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://in.hotjar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://yoast.com; font-src 'self' data:; frame-src 'self' https://vars.hotjar.com https://www.google.com; img-src 'self' data: https://secure.gravatar.com https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://62b083fc5a9e55900da77abc.endpoint.csper.io/?v=1; worker-src 'none'; 1
base-uri 'self'; frame-ancestors 'self' https://*.life.church https://*.lifechurch.io; upgrade-insecure-requests; 1
default-src https:; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-SF8z5PijO51fVmdqtrLP3A=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com downloads.mailchimp.com fonts.googleapis.com *.p1.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.usercentrics.eu www.googletagmanager.com downloads.mailchimp.com cdnjs.cloudflare.com *.list-manage.com www.google-analytics.com www.googleadservices.com connect.facebook.net bat.bing.com rec.smartlook.com *.doubleclick.net maps.googleapis.com www.google.com www.gstatic.com *.cupo.nl *.hotjar.com *.p1.nl; img-src 'self' data: app.usercentrics.eu www.google-analytics.com *.doubleclick.net www.facebook.com bat.bing.com www.google.com www.google.nl gallery.mailchimp.com maps.gstatic.com maps.googleapis.com *.ytimg.com *.p1.nl *.ggpht.com *.tradetracker.net; font-src 'self' fonts.gstatic.com; frame-src 'self' app.usercentrics.eu *.youtube.com www.facebook.com www.google.com *.hotjar.com www.tangram-tis.nl *.p1.nl; connect-src 'self' *.usercentrics.eu *.googleapis.com pagead2.googlesyndication.com *.google.com *.doubleclick.net bat.bing.com *.smartlook.cloud *.cupo.nl *.hotjar.com *.hotjar.io *.p1.nl www.google-analytics.com api.usercentrics.eu 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.energy; img-src 'self' https: data: blob: https://mastodon.energy; style-src 'self' https://mastodon.energy 'nonce-ifnuQWXVPOv522PbdXKujQ=='; media-src 'self' https: data: https://mastodon.energy; frame-src 'self' https:; manifest-src 'self' https://mastodon.energy; form-action 'self'; child-src 'self' blob: https://mastodon.energy; worker-src 'self' blob: https://mastodon.energy; connect-src 'self' data: blob: https://mastodon.energy https://sfo3.digitaloceanspaces.com wss://mastodon.energy; script-src 'self' https://mastodon.energy 'wasm-unsafe-eval' 1
default-src 'self' https://cdn.dogonews.com;img-src 'self' data: https://*.dogomedia.com https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.googlesyndication.com https://*.gstatic.com https://www.mailjet.com https://i.ytimg.com https://i.vimeocdn.com;style-src 'self' https://cdn.dogonews.com https://fonts.googleapis.com https://www.googletagmanager.com https://accounts.google.com/gsi/style 'unsafe-inline';connect-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://js.stripe.com https://noembed.com/embed https://cdn.plyr.io https://accounts.google.com/gsi/;frame-ancestors 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.dogogames.com https://*.dogonews.co.kr https://dogonews.co.kr https://partner.googleadservices.com https://*.googlesyndication.com https://admanager.google.com https://*.sanako.com https://accounts.google.com/gsi/;frame-src *;script-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://js.stripe.com https://static.cloudflareinsights.com https://www.youtube.com https://teams.microsoft.com https://player.vimeo.com https://console.googletagservices.com https://accounts.google.com/gsi/client 'unsafe-eval' 'unsafe-inline';font-src https://fonts.gstatic.com;media-src 'self' https://cdn.dogonews.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://furries.club; img-src 'self' https: data: blob: https://furries.club; style-src 'self' https://furries.club 'nonce-8/shj9h6iLm+O/e2Y6Grcg=='; media-src 'self' https: data: https://furries.club; frame-src 'self' https:; manifest-src 'self' https://furries.club; form-action 'self'; child-src 'self' blob: https://furries.club; worker-src 'self' blob: https://furries.club; connect-src 'self' data: blob: https://furries.club https://furries.club wss://furries.club; script-src 'self' https://furries.club 'wasm-unsafe-eval' 1
default-src 'self'; img-src 'self' https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.google.com.tw https://i.ytimg.com; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com https://static.cloudflareinsights.com http://source.as-creative.com.tw https://www.facebook.com https://www.googletagmanager.com https://connect.facebook.net http://translate.google.com https://*.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com http://source.as-creative.com.tw https://fonts.googleapis.com https://translate.googleapis.com; frame-src https://goo.gl https://www.youtube.com https://www.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com.tw; font-src https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://socialplugin.facebook.net https://stats.g.doubleclick.net https://translate.googleapis.com https://www.facebook.com; frame-ancestors 'self' https://www.facebook.com https://www.google.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://static.cdn.bolha.one; img-src 'self' https: data: blob: https://static.cdn.bolha.one; style-src 'self' https://static.cdn.bolha.one 'nonce-mATLYfnDW5ioosRqnqIVOA=='; media-src 'self' https: data: https://static.cdn.bolha.one; frame-src 'self' https:; manifest-src 'self' https://static.cdn.bolha.one; form-action 'self'; child-src 'self' blob: https://static.cdn.bolha.one; worker-src 'self' blob: https://static.cdn.bolha.one; connect-src 'self' data: blob: https://static.cdn.bolha.one https://media.cdn.bolha.one wss://bolha.one; script-src 'self' https://static.cdn.bolha.one 'wasm-unsafe-eval' 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.sequentra.net *.mapbox.cn *.mapbox.com maps.googleapis.com resource: mailto:; img-src data: * blob: *; worker-src blob: 1
default-src 'self' *.iposo.de iposo.de dc.services.visualstudio.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net dc.services.visualstudio.com; frame-src *.iposo.de iposo.de dc.services.visualstudio.com majorel.softgarden.io *.plm.majorel.de; img-src *.iposo.de iposo.de 'self' data: blob: dc.services.visualstudio.com; font-src *.iposo.de iposo.de 'self' data:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-AxZOqyUyDi1Q28Qg+1GbYcHAUTsKHz1ofScFWr8EUoj84vS0' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors *; img-src *; media-src * 1
img-src 'self' data: 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors: 'self' www.jackjaffa.com *.jackjaffa.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://secure.petafrance.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-e4ebc05b8582b473948d8ce95ea61ccd'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' https://www.pluscard.de/; frame-ancestors 'self' https://www.s-id-check.de/ https://www.mein-transakt.de/ https://www.mein-fido.de/ https://www.online-zahlen-mit-fido.de/ https://www.pluscard.de/ 1
default-src 'self' wss://vts.zohopublic.com wss://widget-mediator.zopim.com *.zendesk.com *.zopim.com *.zohocdn.com *.zohopublic.com *.zdassets.com *.google-analytics.com *.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://vts.zohopublic.com wss://widget-mediator.zopim.com *.zendesk.com *.zopim.com *.zohocdn.com *.zohopublic.com *.zdassets.com *.google-analytics.com *.cookielaw.org; style-src 'self' *.zohocdn.com *.zohostatic.com 'unsafe-inline'; img-src data: *; object-src 'none' 1
default-src 'none'; object-src 'self'; media-src 'self' data: ; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; connect-src 'self' wss: app.leadrebel.io analytics.tiktok.com metrics.articulate.com www.google-analytics.com stats.g.doubleclick.net www.clarity.ms app.lea-software.com cdp.cloud.unity3d.com config.uca.cloud.unity3d.com *.lf-discover.com cdn.plyr.io maps.googleapis.com cdn.linkedin.oribi.io https://px.ads.linkedin.com https://marketing-test.sennebogen.com/services/rest/questionnaire_rest; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.youtube.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com app.leadrebel.io analytics.tiktok.com siteimproveanalytics.com connect.facebook.net snap.licdn.com www.clarity.ms secure.easy7bear.com https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdn.jsdelivr.net/npm/marked/marked.min.js https://unpkg.com/survey-jquery; img-src data: 'self' maps.gstatic.com *.googleapis.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.google.com/ads/ga-audiences www.google.de/ads/ga-audiences fonts.gstatic.com lh3.googleusercontent.com *.ggpht *.ytimg.com *.facebook.com *.doubleclick.net app.leadrebel.io *.linkedin.com www.youtube.com www.youtube-nocookie.com c.clarity.ms/c.gif c.bing.com; frame-src 'self' *.sennebogen.com www.youtube.com www.youtube-nocookie.com *.facebook.com; frame-ancestors 'self' *.sennebogen.com *.articulate.com http://localhost:8100 capacitor://localhost http://localhost; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://unpkg.com/survey-jquery/; form-action 'self' www.sennebogen.com *.facebook.com; base-uri 'self'; 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' snap.licdn.com *.google.com *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com *.linkedin.com doubleclick.net *.spcr.cz; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com https://*.googletagmanager.com www.google.com www.gstatic.com ssl.google-analytics.com connect.facebook.net www.facebook.com cdn.quantummetric.com unitedft-app.quantummetric.com dev.unitedaviate.com qa.unitedaviate.com uat.unitedaviate.com www.unitedaviate.com *.unitedaviate.com https://*.unitedaviate.com  https://cdn.jsdelivr.net https://*.451.io https://unitedaviate.api.451.io https://embed-forms.451.io; img-src 'self' data: www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com ssl.google-analytics.com https://*.451.io https://unitedaviate.api.451.io https://embed-forms.451.io 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.451.io https://unitedaviate.api.451.io https://embed-forms.451.io unitedft-app.quantummetric.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; font-src 'self' fonts.gstatic.com/;frame-src 'self' www.google.com youtube.com www.youtube.com https://unitedaviate.messenger.451.io/ *.451.io *.quantummetric.com https://cdn.quantummetric.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google-analytics.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src 'self' 'unsafe-inline' *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google-analytics.com 1
default-src 'self'; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.google-analytics.com; font-src 'self'; frame-src 'self' youtube.com www.youtube.com https://www.google.com/maps/embed; img-src 'self' data:; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' ;upgrade-insecure-requests; img-src 'self' data: https://secure.gravatar.com  https://www.googletagmanager.com  https://cdn.shopify.com  https://www.facebook.com  https://engagefront.theweathernetwork.com  https://ct.pinterest.com  https://www.google-analytics.com  https://app.careerbeacon.com  https://cdn.honey.io  android-webview-video-poster  https://pos.baidu.com  https://fonts.gstatic.com  blob:  https://translate.google.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://ajax.cloudflare.com  https://www.googletagmanager.com  https://www.google.com  https://www.google-analytics.com  https://sc-static.net  https://www.gstatic.com  https://tr.snapchat.com  https://s.pinimg.com  https://connect.facebook.net  https://dashboard.engagefront.com  https://tags.srv.stackadapt.com  https://widget.alongside.com  https://qvdt3feo.com  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://ajax.cloudflare.com  https://www.googletagmanager.com  https://www.google.com  https://www.google-analytics.com  https://sc-static.net  https://www.gstatic.com  https://tr.snapchat.com  https://s.pinimg.com  https://connect.facebook.net  https://dashboard.engagefront.com  https://tags.srv.stackadapt.com  https://widget.alongside.com  https://qvdt3feo.com  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com ; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com  https://cdn.honey.io  https://www.gstatic.com  data:  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://tags.srv.stackadapt.com  https://cdn.honey.io  https://www.gstatic.com  data:  https://me.kis.v2.scr.kaspersky-labs.com  https://gc.kis.v2.scr.kaspersky-labs.com ; connect-src 'self' https://o187655.ingest.sentry.io  https://tr.snapchat.com  https://tags.srv.stackadapt.com  https://www.google-analytics.com  https://www.facebook.com  https://moosehead.ca  https://stats.g.doubleclick.net  https://ct.pinterest.com  https://tr6.snapchat.com  https://region1.google-analytics.com  https://api.trongrid.io  data:  properties  https://mooseheadbeershop.ca;  font-src 'self' data:  https://www.slant.co  https://api.rabatta.app  https://sc-static.net  https://static.zip.co  https://fonts.gstatic.com;  frame-src 'self' https://www.google.com  https://tr.snapchat.com  https://dashboard.engagefront.com  https://ct.pinterest.com  https://www.facebook.com  https://www.googletagmanager.com;  worker-src 'self' blob:;  media-src 'self' data:; 1
frame-ancestors 'self' https://tfgroupllc.com/ https://taylor-equipment.com/ http://ccse.biz/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6f/fhtI61r0DKZ+tPCMNGKtTz6LzsUqKowlmDIvJE8VlKea7' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.valspar.com  *.youtube.com *.google-analytics.com *.doubleclick.net hosted.meetsoci.com                 nexus.ensighten.com *.google.com cdn.hypemarks.com *.mktoresp.com;         script-src 'unsafe-inline' 'unsafe-eval' *.houseofkolor.com *.google.com www.gstatic.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com                 nexus.ensighten.com code.jquery.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.doubleclick.net *.fontawesome.com                 www.tintup.com cdn.hypemarks.com *.marketo.net *.googletagmanager.com filesystem:;         img-src * data:;         font-src 'self' *.typekit.net *.bootstrapcdn.com *.fontawesome.com ;         style-src 'self' 'unsafe-inline' *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.googleapis.com ;  1
default-src 'self' 'unsafe-inline' data: gap: https://ssl.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem * https://fonts.googleapis.com httpfs://static.addtoany.com/https://cdn.cookielaw.org https://www.googletagmanager.com/  https://www.google-analytics.com/ https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://widget.moin.ai https://css.zohocdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jquery.app https://www.jqueryscript.net https://stackpath.bootstrapcdn.com; img-src * 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://widget.moin.ai https://se-content-b.psplugin.com https://content.psplugin.com https://css.zohocdn.com; connect-src * 'self' 'unsafe-inline' https://unilabs.com https://maps.googleapis.com https://api.moin.ai https://cdn.cookielaw.org https://region1.google-analytics.com https://pagead2.googlesyndication.com https://h.clarity.ms/collect https://stats.g.doubleclick.net https://in.hotjar.com; frame-src 'self' 'unsafe-inline' https://www.facebook.com https://static.addtoany.com https://player.vimeo.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://www.google.com/; 1
default-src https: wss:; script-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com *.columbiainet.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net billing.columbiainet.com *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
frame-ancestors 'self' aviles.es *.aviles.es aytoaviles-my.sharepoint.com *.insuit.local *.insuit.eu *.insuit.net insuit.local insuit.eu insuit.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://google.fr https://*.google.fr  https://googletagmanager.com https://*.googletagmanager.com  https://googleadservices.com https://*.googleadservices.com https://*.g.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://*.gravatar.com https://www.gravatar.com https://*.facebook.com https://*.cloudflare.com https://*.fontawesome.com https://*.facebook.net https://*.googleapis.com https://www.google-analytics.com https://sibautomation.com https://*.sendinblue.com https://ws.colissimo.fr https://*.gstatic.com https://*.bootstrapcdn.com https://*.google.com https://*.fontawesome.com https://stats.perfumist.fr https://pfo.vgz.fr https://*.aws.cloud.es.io:9243 https://*.digitaloceanspaces.com https://*.perfumist.net https://www.galimard.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.cloudfront.net https://www.youtube.com https://*.woosuite.com https://*.wpswings.com https://*.freemius.com https://woocommerce.com https://*.w.org https://*.twitter.com https://wp-rocket.me https://*.wistia.com https://*.helpscout.net https://*.litix.io https://facetwp.com https://unpkg.com https://js.stripe.com; 1
frame-ancestors 'self' https://*.facelift-cloud.com; 1
frame-ancestors 'self' https://*.storyblok.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-6beda077a0e50e96fff83fbb76b9bb9d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://tr.snapchat.com https://tr6.snapchat.com https://www.shoplooks.com https://api.bam-x.com https://www.pinterest.com blob: https://*.abtasty.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://events.attentivemobile.com https://connect.facebook.net https://*.baidu.com https://lookfantastic.attn.tv https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://events.release.narrativ.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.abtasty.com https://*.rlcdn.com https://storyboard.storystream.ai https://content.storystream.ai; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://us.lookfantastic.com https://m.us.lookfantastic.com https://checkout.us.lookfantastic.com https://www.glossybox.com https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://*.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://s.pinimg.com https://static.narrativ.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: content: data: https://players.brightcove.net https://edge.api.brightcove.com ; script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com https://apis.google.com https://players.brightcove.net https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.google-analytics.com https://www.youtube.com/ https://vjs.zencdn.net/ https://s.ytimg.com/ https://ajax.googleapis.com/ ;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com ;img-src 'self' 'unsafe-inline' https://www.google.co.in/ https://www.googletagmanager.com https://metrics.brightcove.com/ https://cf-images.us-east-1.prod.boltdns.net/ https://f1.media.brightcove.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.nl/ https://www.sadara.com/ ;font-src 'self' 'unsafe-inline' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com ; connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://bcbolt446c5271-a.akamaihd.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://secure.brightcove.com/ https://edge.api.brightcove.com/ https://hls.cf.brightcove.com/ https://f1.media.brightcove.com/ ; media-src 'self' blob: https://www.sadara.com/ https://sadara.com/ ; worker-src blob: https://www.sadara.com/ https://sadara.com/ ; object-src 'none' ; form-action 'self' blob: https://webto.salesforce.com/servlet/servlet.WebToCase ; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.mailinglijst.nl api.pro6pp.nl www.google-analytics.com v2.zopim.com *.newrelic.com bam.nr-data.net beacon-v2.helpscout.net; style-src 'self' 'unsafe-inline' cdn.mailinglijst.nl fonts.googleapis.com cdn.materialdesignicons.com staging.subscribe.mailinglijst.nl subscribe.mailinglijst.nl www.mailinglijst.nl mailinglijst.nl cdn.jsdelivr.net; object-src 'self'; img-src data: *; frame-ancestors 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-9cccfe27049aeed1458fbbdc5d1b3edc'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; blob: 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://*.googletagmanager.com/ https://*.myfonts.net/ https://*.cookiebot.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.facebook.com/ https://*.klarnaevt.com/ https://*.googletagmanager.com/ https://ssl.gstatic.com/ https://*.gstatic.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.cookiebot.com/ https://px.ads.linkedin.com/ https://pixel.rubiconproject.com/ https://ad.360yield.com/ https://sync.search.spotxchange.com/ https://ib.adnxs.com/ https://ads.stickyadstv.com/ https://ad.sxp.smartclip.net/ https://cm.adform.net/ https://cm.g.doubleclick.net/ https://simage2.pubmatic.com/ https://um.simpli.fi/ https://match.adsby.bidtheatre.com/ https://match.prod.bidr.io/ https://www.google.se/ https://syndication.twitter.com/ https://img.youtube.com https://match.adsrvr.org https://wt.rqtrk.eu https://rtb-csync.smartadserver.com  https://*.ytimg.com https://www.linkedin.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.typekit.net/ https://fonts.gstatic.com/ data: https://*.myfonts.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://buttons.github.io/ https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net/ https://static.hotjar.com/ https://*.facebook.net/ https://*.klarna.com/ https://*.algolianet.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://*.googleapis.com/ https://www.google.com/ https://*.cookiebot.com/ https://*.licdn.com/ https://*.bidtheatre.com/ https://platform.twitter.com/ https://plausible.io/ https://widgets.getsitecontrol.com https://*.azureedge.net https://zammadberling.xzakt.com https://hello.myfonts.net https://www.youtube.com  https://www.google.se https://issuu.com/ https://*issuu.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://liveupdate.pimcore.org/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net/ https://api.bring.com/ https://*.klarnaevt.com/ https://*.algolianet.com/ https://*.algolia.net/ https://www.google-analytics.com/ https://*.googletagmanager.com/ https://*.googleapis.com/ https://*.cookiebot.com/ https://*.doubleclick.net/ https://plausible.io/ https://region1.google-analytics.com  https://skitkgpy.eun.stape.io https://cdn.linkedin.oribi.io https://*.svc.dynamics.com/ wss://zammadberling.xzakt.com https://www.verbum.se/api/cart https://*.google.com https://*.googlesyndication.com https://px.ads.linkedin.com  https://www.facebook.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.klarna.com/ https://bid.g.doubleclick.net/ https://*.youtube.com/ https://*.cookiebot.com/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://www.google.com/ https://docs.google.com/ https://platform.twitter.com/ https://e.issuu.com/ https://player.vimeo.com/ https://*.soundcloud.com/ https://forms.apsisforms.com https://plausible.io/ https://www.spotify.com/ https://*.spotify.com/ https://*.dynamics.com/ https://accounts.google.com/ https://docs.google.com/ https://td.doubleclick.net/ https://*issuu.com/ https://issuu.com/; 1
default-src 'self'; child-src 'self' https://*.trustcommander.net *.kameleoon.com https://*.facebook.com/ https://*.green-connector.com/ https://*.kameleoon.eu/ https://*.tellja.de/ https://*.tellja.eu/ https://cdn.tagcommander.com/ https://client.rlpdirekt.de/ https://evm.viewer.cit-fusion.com/ https://kb.ionas.de/ https://privacy.commander1.com https://wb.messengerpeople.com/ https://widget.msgp.pl/; connect-src 'self' blob: https://*.trustcommander.net https://*.webinargeek.com https://*.zenloop.com *.kameleoon.com https://*.amazonaws.com/ https://*.analytics.google.com/ https://*.azurewebsites.net/ https://*.bing.com/ https://*.clarity.ms/ https://*.doubleclick.net/ https://*.evm.de/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.googleadservices.com/ https://*.gstatic.com/ https://*.kameleoon.eu/ https://*.outbrain.com/ https://*.plusportal.de/ https://*.vlink.com/ https://buergerservice.ionas.de/ https://directline.botframework.com wss://directline.botframework.com https://directline.botframework.com/ wss://directline.botframework.com/ https://maps.googleapis.com https://o445690.ingest.sentry.io/ https://privacy.commander1.com https://tpc.googlesyndication.com/ https://wb.messengerpeople.com/ https://www.google.com https://www.google.de; font-src 'self' data: https://*.amazonaws.com/ https://*.analytics.google.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleadservices.com/ https://*.gstatic.com/ https://*.plusportal.de/ https://*.vlink.com/ https://directline.botframework.com/ https://privacy.commander1.com https://tpc.googlesyndication.com/; frame-ancestors 'self' https://8pia.evm.de/ https://db-test.evm.de/ https://messecom-sued.expo-ip.com/ https://pia.evm.de/ https://www.bdew.de/; frame-src 'self' https://*.trustcommander.net https://*.amazonaws.com/ https://*.azurewebsites.net/ https://*.doubleclick.net/ https://*.epilot.io/ https://*.evm.de/ https://*.facebook.com/ https://*.green-connector.com/ https://*.purpleview.de/ https://*.surveymonkey.com/ https://*.tellja.de/ https://*.tellja.eu/ https://*.trio-service.de/ https://*.vlink.com/ https://cdn.tagcommander.com/ https://evm-dia.innoloft.com/ https://evm-gruppe.softgarden.io/ https://evm.viewer.cit-fusion.com/ https://gebaeudeenergiegesetz.bm1.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://infoportal.smartmacher.com/ https://kb.ionas.de https://lademap.ladenetz.de/ https://survey.lamapoll.de/ https://widget.msgp.pl/ https://www.energieausweis-online-erstellen.de/ https://www.google.com https://www.google.de https://www.youtube-nocookie.com/ https://www.youtube.com/ mailto:; img-src 'self' blob: data: https://*.googleapis.com https://*.trustcommander.net https://*.webinargeek.com https://*.zenloop.com https://*.adition.com/ https://*.analytics.google.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.doubleclick.net/ https://*.evm.de/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.googleadservices.com/ https://*.gstatic.com/ https://*.surveymonkey.com/ https://*.t-systems.com/ https://*.tellja.de/ https://*.tellja.eu/ https://*.vlink.com/ https://*.ytimg.com/ https://evm.247grad.de https://privacy.commander1.com https://tagmanager.google.com/ https://tpc.googlesyndication.com/ https://www.evm.de https://www.google.com https://www.google.de https://www.googletagmanager.com/ https://www.googletagmanager.com/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.trustcommander.net https://*.webinargeek.com https://*.adition.com/ https://*.amazonaws.com/ https://*.analytics.google.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.doubleclick.net/ https://*.epilot.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.googleadservices.com/ https://*.green-connector.com/ https://*.gstatic.com/ https://*.outbrain.com/ https://*.purpleview.de/ https://*.surveymonkey.com/ https://*.tellja.de/ https://*.tellja.eu/ https://*.vlink.com/ https://*.ytimg.com/ https://cdn.tagcommander.com/ https://privacy.commander1.com https://tagmanager.google.com/ https://tpc.googlesyndication.com/ https://www.google.com https://www.google.de https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.trustcommander.net https://*.webinargeek.com https://*.adition.com/ https://*.amazonaws.com/ https://*.analytics.google.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.doubleclick.net/ https://*.epilot.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.googleadservices.com/ https://*.green-connector.com/ https://*.gstatic.com/ https://*.outbrain.com/ https://*.plusportal.de/ https://*.purpleview.de/ https://*.surveymonkey.com/ https://*.tellja.de/ https://*.tellja.eu/ https://*.vlink.com/ https://*.ytimg.com/ https://cdn.tagcommander.com/ https://gebaeudeenergiegesetz.bm1.de https://privacy.commander1.com https://survey.lamapoll.de/ https://tagmanager.google.com/ https://tpc.googlesyndication.com/ https://www.google.com https://www.google.de https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://evm.247grad.de https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/*; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.green-connector.com/ https://*.plusportal.de/ https://evm.247grad.de https://fonts.googleapis.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/*; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.khazad.fr https://*.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.gravatar.com https://i.ytimg.com/ https://*.khazad.fr https://*.googletagmanager.com https://*.google-analytics.com; object-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.khazad.fr https://*.googletagmanager.com https://*.google-analytics.com; frame-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.youtube.com https://*.khazad.fr https://*.googletagmanager.com https://*.google-analytics.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://unpkg.com https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com https://www.google-analytics.com https://snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s0.wp.com https://s1.wp.com https://s2.wp.com https://script.hotjar.com https://static.hotjar.com https://stats.wp.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self' https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com https://fonts.googleapis.com https://s0.wp.com https://s2.wp.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://data-api-demo.expandresearch.com https://api-sisense-demo-beta.expandresearch.com https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://in.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://s0.wp.com https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com; frame-src 'self' https://data.expandresearch.com https://www.data.expandresearch.com https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com https://sisense.expandresearch.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vars.hotjar.com https://widgets.wp.com https://www.google.com; img-src 'self' data: https://www.google-analytics.com https://pixel.wp.com https://expandresearch-cdn-1.s3.eu-west-2.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src https://www.expandresearch.com/wp-content/plugins/wordpress-seo/js/dist/analysis-worker-1760.js; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors *; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;img-src 'self' blob: data: https://ir-staging.bombayrunning.com/ https://staging-registration-cdn.bombayrunning.com https://strapi-staging-media-test.s3.ap-south-1.amazonaws.com https://strapi-qa-media-test.s3.ap-south-1.amazonaws.com https://strapi-production-media-test.s3.ap-south-1.amazonaws.com https://race-registration-staging-media.s3-ap-south-1.amazonaws.com https://race-registration-qa-media.s3-ap-south-1.amazonaws.com https://race-registration-cdn.indiarunning.com https://race-registration-production-media.s3-ap-south-1.amazonaws.com https://race-registration-production-media.s3.ap-south-1.amazonaws.com https://d12ax8orblguxz.cloudfront.net;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://strapi-staging.bombayrunning.com https://ir-api-staging.bombayrunning.com https://ir-api-staging.bombayrunning.com https://staging-registration-api.bombayrunning.com https://ir-api-qa.bombayrunning.com https://qa-registration-api.bombayrunning.com https://registrations-api.indiarunning.com https://content-api.fitpage.in https://registrations-api.indiarunning.com https://race-registration-production-media.s3-ap-south-1.amazonaws.com https://race-registration-staging-media.s3-ap-south-1.amazonaws.com https://race-registration-qa-media.s3-ap-south-1.amazonaws.com https://analytics.google.com http://localhost:3000/;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none';block-all-mixed-content;upgrade-insecure-requests 1
script-src data: https: wss: about: blob: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com 1
default-src 'self' https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://*.clarity.ms https://c.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://score.juicyscore.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.google.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://yastatic.net https://tengo.com.ua https://pango.com.ua *.ampproject.org *.adpartner.pro connect.facebook.net ajax.cloudflare.com static.cloudflareinsights.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.appdynamics.com; img-src 'self' https://*.clarity.ms https://c.bing.com *.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com https://id.bank.gov.ua https://www.google-analytics.com https://www.google.com https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://www.gstatic.com https://www.facebook.com https://www.google.ru https://www.google.pl https://www.google.com.cy stats.g.doubleclick.net https://stats.g.doubleclick.net https://static.liqpay.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua blob: data:; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com fonts.googleapis.com *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua; font-src 'self' https://optimize.google.com fonts.gstatic.com data: blob:; frame-src 'self' https://optimize.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adpartner.pro atlassian-companion: data: blob:; object-src 'self' data: blob:; connect-src https://*.clarity.ms https://c.bing.com https://score.juicyscore.com https://*.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://correctme.com.ua stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua https://pango.com.ua https://analytics.goo *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua *.hotjar.com *.hotjar.io wss://*.hotjar.com *.carrotquest.app pdx-col.eum-appdynamics.com *.appdynamics.com *.bank.gov.ua https://www.liqpay.ua *.liqpay.ua https://www.portmone.com.ua *.portmone.com.ua https://p2y.com.ua *.p2y.com.ua https://fondy.io *.fondy.eu https://easypay.ua *.easypay.ua 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com *.trafficfactory.biz www.iwanttodeliver.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri http://www.vidz.com/csp-reports; report-to csp-endpoint 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.william-consulente.com; 1
frame-ancestors 'self';block-all-mixed-content; default-src 'self' *.doubleclick.net *.google-analytics.com *.kyruus.com; frame-src 'self' *.google.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net; img-src 'self' *.kyruus.com *.google-analytics.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.googletagmanager.com *.addthis.com *.googleapis.com *.kyruus.com *.fontawesome.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://chat.stjosephshealth.org https://www.facebook.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://graph.facebook.com https://getk2.org https://google-analytics.com https://js.facebook.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://use.fontawesome.com *.kyruus.com https://www.google-analytics.com; font-src 'self' chat.stjosephshealth.org *.jsdelivr.net *.gstatic.com *.fontawesome.com *.kyruus.com; connect-src 'self' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.google-analytics.com doctors.stjosephshealth.org *.fontawesome.com chat.stjosephshealth.org *.facebook.com; style-src 'self' 'report-sample' 'unsafe-inline' chat.stjosephshealth.org *.kyruus.com *.fontawesome.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com;object-src 'none';child-src 'self' *.rlets.com https://www.youtube.com https://www.google.com *.facebook.com connect.facebook.net;base-uri 'self';form-action 'self' *.facebook.com connect.facebook.net;worker-src 'self'; 1
base-uri 'self'; default-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/react-router/4.3.1/; style-src 'self'; font-src 'self'; worker-src 'self'; img-src 'self'; connect-src 'self'; media-src 'self'; manifest-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none'; frame-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.theidol.com cdn.theidol.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com p.typekit.net use.typekit.net d2oh4tlt9mrke9.cloudfront.net *.freshmarketer.com ws.sessioncam.com hit.uptrendsdata.com; style-src 'self' 'unsafe-inline' www.theidol.com cdn.theidol.com www.google.com www.googletagmanager.com www.google-analytics.com fonts.googleapis.com maps.googleapis.com tagmanager.google.com/debug/ fonts.googleapis.com toolbar.freshmarketer.com p.typekit.net use.typekit.net; img-src 'self' data: maps.gstatic.com maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk www.googletagmanager.com stats.g.doubleclick.net toolbar.freshmarketer.com hit.uptrendsdata.com; font-src 'self' www.google.com use.typekit.net toolbar.freshmarketer.com d15qjtw2mfbt44.cloudfront.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com *.freshmarketer.com cdn.theidol.com player.vimeo.com; connect-src 'self' https://hit.uptrendsdata.com https://performance.typekit.net/ *.google.co.uk www.google.com *.performance.typekit.net https://sentry.theidol.com *.freshmarketer.com; frame-ancestors 'none' 1
child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io blob:; connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://*.greenhouse.io http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.mixpanel.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/recaptcha/; img-src 'self' https://tw-job-site-cms-service-production.s3.eu-central-1.amazonaws.com https://secure.gravatar.com https://*.cdninstagram.com https://www.instagram.com https://*.fbcdn.net https://www.glassdoor.co.uk https://www.glassdoor.com https://*.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://i.ytimg.com https://www.facebook.com https://pubads.g.doubleclick.net https://alb.reddit.com https://t.co https://cx.atdmt.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://px.ads.linkedin.com https://www.linkedin.com https://*.linkedin.com https://analytics.twitter.com https://wise.com data: blob:; media-src 'self' https://www.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://transferwise.com https://wise.com https://api.mapbox.com https://www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.indeed.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://www.redditstatic.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://snap.licdn.com https://redditstatic.s3.amazonaws.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' https://www.cv.ee https://cv.ee https://www.cvonline.lt https://www.cv.lv; report-uri https://twjobs.report-uri.com/r/t/csp/enforce 1
default-src 'self'; script-src 'self' *.google.com *.googleapis.com *.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdnjs.cloudflare.com https://maps.maplink.global 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' *.googleapis.com https://fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' *.googleusercontent.com data: https://ssl.google-analytics.com http://www.google-analytics.com https://www.facebook.com https://maps.maplink.global https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://api.maplink.global; frame-src 'self' https://www.google.com; worker-src 'self' blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-asNQ+ZfXtiLspYqZ2fbMlk237fbDT++PJ/gUswCmYy+vuHxm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://www.google.com/recaptcha/api.js https://www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com analytics.clickdimensions.com use.typekit.net *.clarity.ms d1l6p2sc9645hc.cloudfront.net https://www.clarity.ms/tag/55etgeiru6 data2.gosquared.com chat.gosquared.com data.gosquared.com maps.googleapis.com https://www.googletagmanager.com/gtm.js https://ws.zoominfo.com/pixel/626321488a50a40012f52f07 http://web.valin.com https://secure.east2pony.com/js/263140.js https://secure.east2pony.com/Track/Capture.aspx https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; report-uri /report-csp-violation 1
font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www.shuperb.co.uk www1.shuperb.co.uk www.desertboots.com www.houseofslippers.co.uk www.steeltoeboots.co.uk www.schoolshoes.co.uk www1.shuperb.co.uk; base-uri 'self' 1
frame-ancestors 'self' https://tourpoules.nl https://tourdefrancespellen.nl https://cyclingstartlist.com https://ek-poules.nl https://wk-poules.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cdn.friendsofdesoto.social; img-src 'self' https: data: blob: https://cdn.friendsofdesoto.social; style-src 'self' https://cdn.friendsofdesoto.social 'nonce-MPyj7KLIAX19rwmP2y7nyw=='; media-src 'self' https: data: https://cdn.friendsofdesoto.social; frame-src 'self' https:; manifest-src 'self' https://cdn.friendsofdesoto.social; form-action 'self'; child-src 'self' blob: https://cdn.friendsofdesoto.social; worker-src 'self' blob: https://cdn.friendsofdesoto.social; connect-src 'self' data: blob: https://cdn.friendsofdesoto.social https://media.friendsofdesoto.social wss://friendsofdesoto.social; script-src 'self' https://cdn.friendsofdesoto.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://imgsct.cookiebot.com https://px4.ads.linkedin.com https://hub.titan-intl.com https://t.co https://analytics.twitter.com https://ad.doubleclick.net https://www.facebook.com https://secure.adnxs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://px.ads.linkedin.com https://cdn.sitesearch360.com/sitesearch360.svg https://sitesearch360.com/cdn/sitesearch360.svg data: https://s.gravatar.com https://*.wp.com/cdn.auth0.com/avatars https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net/count/*; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://code.jquery.com https://ajax.googleapis.com https://*.sitesearch360.com/* https://sitesearch360.com/cdn/sitesearch360-v7.min.js https://*.cookiebot.com/* https://analytics.imirwin.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/38eca28d-583d-43a2-9085-e3c20f4396d8/ https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://consent.cookiebot.com https://cdn.sitesearch360.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com/consentconfig/38eca28d-583d-43a2-9085-e3c20f4396d8/settings.json https://global.sitesearch360.com/sites https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://analytics.imirwin.com https://googleads.g.doubleclick.net; frame-src 'self' https://docs.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://6602182.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com; object-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; upgrade-insecure-requests; 1
default-src 'self' https://btcpay.openprivacy.ca; font-src 'self'; img-src 'self' https://btcpay.openprivacy.ca; object-src 'none'; script-src https://btcpay.openprivacy.ca/ 'self' 'unsafe-inline'; style-src 'self' https://btcpay.openprivacy.ca 'unsafe-inline'  ; media-src 'self' 1
default-src    'self'    *.googleapis.com    cdn.choosecolorado.com;  script-src    'self'   'unsafe-inline'   'unsafe-eval'   cdn.choosecolorado.com   js.hs-analytics.net   js.hs-banner.com   js.hs-scripts.com   *.google-analytics.com   *.google.com   *.googletagmanager.com   www.youtube.com   snap.licdn.com   static.hotjar.com   script.hotjar.com   resources.zoomprospector.com;  script-src-elem   'self'   'unsafe-inline'   www.google-analytics.com   cdn.choosecolorado.com   js.hs-analytics.net   js.hs-banner.com   js.hs-scripts.com   www.google-analytics.com   www.google.com   www.googletagmanager.com   www.youtube.com   snap.licdn.com   static.hotjar.com   script.hotjar.com   resources.zoomprospector.com;  connect-src   'self'   www.google-analytics.com   www.google.com   www.googletagmanager.com   www.youtube.com   stats.g.doubleclick.net   avalanche.rootsrated.com   blog-app.springbot.com;  style-src   'self'   'unsafe-inline'   cdn.choosecolorado.com;  style-src-elem   'self'   data:   'unsafe-inline'   cdn.choosecolorado.com   hello.myfonts.net   fonts.googleapis.com;  img-src   'self'   choosecolorado.com   cdn.choosecolorado.com   secure.gravatar.com   *.hubspot.com   *.ads.linkedin.com;  font-src   'self'   data:   *.gstatic.com   cdn.choosecolorado.com   hello.myfonts.net;  frame-src   'self'   *.gisplanning.com   www.googletagmanager.com   properties.zoomprospector.com   siteselection.com   vars.hotjar.com   player.vimeo.com   www.youtube.com;  frame-ancestors   'none';  upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-6GBSvAh5/Fphome/dCx6BaUEFWrGpInAqrWu4nVD+A38Y/1U' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dair-community.social; img-src 'self' https: data: blob: https://dair-community.social; style-src 'self' https://dair-community.social 'nonce-7Dy62QzDunh9qcQ/nK6x7g=='; media-src 'self' https: data: https://dair-community.social; frame-src 'self' https:; manifest-src 'self' https://dair-community.social; form-action 'self'; child-src 'self' blob: https://dair-community.social; worker-src 'self' blob: https://dair-community.social; connect-src 'self' data: blob: https://dair-community.social https://cdn.masto.host wss://dair-community.social; script-src 'self' https://dair-community.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' *.topofart.com *.google.com *.googletagmanager.com *.google-analytics.com *.chatra.io player.vimeo.com fonts.googleapis.com ajax.googleapis.com *.paypal.com *.paypalobjects.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://js.stripe.com/v3/ *.mollie.com *.list-manage.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com; img-src 'self' data: *.topofart.com t.paypal.com i.vimeocdn.com i.ytimg.com *.mollie.com *.googletagmanager.com; frame-src https://player.vimeo.com https://chat.chatra.io/ *.mollie.com https://www.paypal.com/ https://www.paypalobjects.com/ https://www.google.com/ https://js.stripe.com/ assets.braintreegateway.com api.sandbox.braintreegateway.com *.youtube.com *.cardinalcommerce.com *.topofart.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pone.social; img-src 'self' https: data: blob: https://pone.social; style-src 'self' https://pone.social 'nonce-8eZ/pK1L6Mx4+/dcKlgbow=='; media-src 'self' https: data: https://pone.social; frame-src 'self' https:; manifest-src 'self' https://pone.social; form-action 'self'; child-src 'self' blob: https://pone.social; worker-src 'self' blob: https://pone.social; connect-src 'self' data: blob: https://pone.social https://treebrary.pone.social wss://pone.social; script-src 'self' https://pone.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://code.jquery.com/jquery-3.6.0.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css  https://cdn.cookielaw.org  https://*.stripe.com https://*.googleapis.com https://cdnjs.cloudflare.com https://*.zopim.com https://cdn.quantummetric.com https://static.zdassets.com https://*.pendo.io https://assets.loginwithamazon.com https://legalzoom.atlassian.net; upgrade-insecure-requests; frame-src 'self' https://*.stripe.com https://*.pendo.io https://*.account.amazon.com https://legalzoom.atlassian.net blob:; child-src 'self' blob: 1
default-src 'self' https: wss:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https: data: 'self'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' 1
script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
default-src 'none';script-src 'self' 'nonce-7be244a9fc306bdbe37589793e785a43' 'unsafe-eval' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://ebsco.us1app.churnzero.net https://*.osano.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;img-src 'self' data: https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://*.ebsco.com https://*.ebsco.zone https://*.ebscohost.com https://p.typekit.net https://*.cloudflare.com https://mobile.micromedexsolutions.com https://cmp.osano.com https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png https://linkmaker.itunes.apple.com/en-us/badge-lrg.svg https://ebsco-dev.us1app.churnzero.net https://ebsco.us1app.churnzero.net;connect-src 'self' https://*.osano.com https://*.amplitude.com https://*.ebsco.com https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://dd.devqa.eismedi.com https://www.cloudflare.com https://rum.browser-intake-datadoghq.com https://use.typekit.net https://apis.ebsco.com https://login.ebsco.zone https://logon.ebsco.zone https://findmystacks.ebscomedical.com https://myaccount.ebsco.healthcare https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://resources.integration.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net https://analytics.churnzero.net;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;object-src 'self';media-src 'self' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com;manifest-src 'self';frame-src *;base-uri 'self';frame-ancestors *;form-action 'self';worker-src blob: 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vietnamhoinhap.vn https://vietnamhoinhap.vn 1
base-uri 'self'; default-src 'none'; img-src 'self' https://www.googletagmanager.com https://via.placeholder.com https://region1.google-analytics.com https://*.google-analytics.com https://cdn.gigaplaces.com https://platform-cdn.sharethis.com https://*.sharethis.com data: blob: 'unsafe-inline' https://placeholder.com maps.gstatic.com www.gstatic.com www.yr.no ssl.gstatic.com developers.google.com maps.googleapis.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.cz www.gigaplaces.com gigaplaces.com gigaplaces:8890 pagead2.googlesyndication.com khms0.googleapis.com khms1.googleapis.com openweathermap.org https://gigaplaces; manifest-src www.gigaplaces.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform-api.sharethis.com https://*.sharethis.com https://buttons-config.sharethis.com cdn.jsdelivr.net cdn.speedcurve.com tagmanager.google.com aff.bstatic.com https://www.facebook.com/tr/ *.googlesyndication.com code.jquery.com stackpath.bootstrapcdn.com maps.googleapis.com developers.google.com www.google.com www.gstatic.com cdn.onesignal.com connect.facebook.net onesignal.com www.google-analytics.com secure.smartform.cz https://pagead2.googlesyndication.com cdnjs.cloudflare.com adservice.google.com https://cdn.gigaplaces.com/ rec.smartlook.com adservice.google.cz www.googletagservices.com cdn.ampproject.org maps.google.com www.googletagmanager.com https://gigaplaces:8890 *.moatads.com *.pinterest.com *.facebook.com https://partner.googleadservices.com https://static.cloudflareinsights.com/; frame-ancestors https://www.google.com https://www.youtube.com https://www.facebook.com https://onesignal.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com; frame-src https://www.google.com https://td.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://onesignal.com https://googleads.g.doubleclick.net https://embed.windyty.com https://embed.windy.com https://www.booking.com https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net; form-action 'self' www.facebook.com connect.facebook.net; connect-src 'self' data: blob: 'unsafe-inline' https://www.googletagmanager.com https://region1.analytics.google.com https://l.sharethis.com https://*.sharethis.com https://*.analytics.google.com https://*.googleapis.com https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://onesignal.com https://*.smartlook.com https://gigaplaces https://www.gigaplaces.com https://placeholder.com https://*.smartlook.cloud https://cdn.ampproject.org https://adservice.google.com https://*.ampproject.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.cz https://csi.gstatic.com https://*.facebook.com/* https://www.facebook.com/tr; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net onesignal.com tagmanager.google.com https://cdn.gigaplaces.com/; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com pghub.io mpsnare.iesnare.com *.bazaarvoice.com www.youtube.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' mpsnare.iesnare.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com www.pgerase.com www.youtube-nocookie.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.google-analytics.com *.bazaarvoice.com *.ytimg.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.contentful.com *.google-analytics.com *.doubleclick.net *.algolia.net *.algolianet.com *.bazaarvoice.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://*.readspeaker.com/ https://api.service-digitale-verwaltung.de https://buergerservice.ionas.de/ https://nominatim.openstreetmap.org/ https://tracking-nc.chamaeleon.de; font-src 'self' data: http://www.minden.de; frame-ancestors 'self'; frame-src 'self' https://*.readspeaker.com/ https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://www.google.com/; img-src 'self' blob: data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://tiles.chamaeleon.de https://tracking-nc.chamaeleon.de https://www.dwd.de/ https://www.minden.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com/ https://tracking-nc.chamaeleon.de; script-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com/ https://api.service-digitale-verwaltung.de https://tracking-nc.chamaeleon.de; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.readspeaker.com/; style-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com/ https://api.service-digitale-verwaltung.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; style-src 'self' 'unsafe-inline' https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://stats.wp.com/w.js https://boldair.works https://www.youtube.com https://player.vimeo.com/api/ https://libraires-hachette.com https://sdk.privacy-center.org https://prnt.sc/126aahe https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://assets.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.didierfle.fr https://ws-pne.kiosque-edu.com https://api.privacy-center.org https://tpeweb.paybox.com https://ssl.google-analytics.com https://tag.aticdn.net; img-src data: 'self' https://pixel.wp.com https://logs1412.xiti.com/hit.xiti https://region1.google-analytics.com/g/collect https://s.w.org https://scontent-sea1-1.cdninstagram.com *.cdninstagram.com https://log.pinterest.com https://www.google-analytics.com https://www.images.hachette-livre.fr https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://secure.gravatar.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; frame-ancestors 'self' https://player.tactileo.fr https://internal.dev.player.tactileo.fr/ https://external.dev.player.tactileo.fr/ https://edu.tactileo.fr https://tactileo.africa;frame-src 'self' https://libraires-hachette.com https://www.google.com https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://3dsecure.com https://aacsw.3ds.verifiedbyvisa.com;media-src 'self' https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; form-action 'self' https://wwww.didierfle.fr https://tpeweb.paybox.com https://www.didierfle.fr/creation.php https://www.didierfle.fr/creation_en.php https://www.didierfle.fr/modification.php https://www.didierfle.fr/modification_en.php; connect-src 'self' https://crgrlvp.pa-cd.com  https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://stats.g.doubleclick.net https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://region1.google-analytics.com/g/collect https://www.google-analytics.com https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://educadhoc.hachette-livre.fr https://logc412.xiti.com; child-src 'self' https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://wwww.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; object-src 'self'; 1
default-src 'self' 'unsafe-inline' *.sealswcc.com *.formsite.com *.navyleapfrogs.com *.navy.com acsbapp.com *.amazonaws.com *.googleapis.com *.youtube.com *.bing.com *.google.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com; connect-src https:; img-src 'self' data: * acsbapp.com *.bing.com *.googleapis.com *.google.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.sealswcc.com *.formsite.com *.navyleapfrogs.com accessibe.com *.youtube.com *.google.com *.googleoptimize.com *.googletagmanager.com *.facebook.com *.facebook.net; frame-ancestors 'self' *.sealswcc.com *.formsite.com *.navyleapfrogs.com; font-src 'self' *.sealswcc.com *.formsite.com *.navyleapfrogs.com *.fontawesome.com acsbapp.com *.googleapis.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' *.sealswcc.com *.formsite.com *.navyleapfrogs.com z.moatads.com *.googletagmanager.com *.bootstrapcdn.com *.gstatic.com  *.googletagmanager.com *.highcharts.com *.fontawesome.com acsbapp.com *.google.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.google-analytics.com *.googleapis.com *.linkedin.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sealswcc.com *.formsite.com *.navyleapfrogs.com *.googletagmanager.com *.fontawesome.com acsbapp.com *.google.com *.googleoptimize.com *.googletagmanager.com *.googleapis.com *.bootstrapcdn.com *.cloudfront.net; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.jsdelivr.net 1
frame-ancestors *.metal100.ru 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-WUyHvjbiVpQ1Q3Aq2Uyqvw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src-elem 'unsafe-inline' 'unsafe-eval' http: https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fikaverse.club; img-src 'self' https: data: blob: https://fikaverse.club; style-src 'self' https://fikaverse.club 'nonce-XE6KP2Ca+vQvSlH1IWxbgg=='; media-src 'self' https: data: https://fikaverse.club; frame-src 'self' https:; manifest-src 'self' https://fikaverse.club; form-action 'self'; child-src 'self' blob: https://fikaverse.club; worker-src 'self' blob: https://fikaverse.club; connect-src 'self' data: blob: https://fikaverse.club https://cdn.masto.host wss://fikaverse.club; script-src 'self' https://fikaverse.club 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-NTMsMjE4LDEzMCw2OCw5NSwxMTksMTkwLDM1' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/; 1
default-src 'self'; script-src 'self' 'nonce-rnd225533' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.google.com;object-src 'self'; img-src 'self'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c82f16fdb9b3d36434db39b068021992'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.gstatic.com *.googleapis.com *.apis.google.com *.google.com *.google.nl *.cloudfront.net *.bing.com *.facebook.com *.linkedin.com *.googleadservices.com *.doubleclick.net *.instantmagazine.com *.visualwebsiteoptimizer.com *.addthis.com *.gravatar.com *.hotjar.com *.hotjar.io *.adcalls.nl *.superfont.nl *.matterport.com *.manychat.com *.omappapi.com *.clarity.ms snap.licdn.com ssl.p.jwpcdn.com jwpltx.com connect.facebook.net px.ads.linkedin.com pixel.mathtag.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com www.lt45.net lt45.net www.kiyoh.nl www.kiyoh.com hello.myfonts.net player.vimeo.com www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; connect-src 'self' ws: wss: https:; 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com  https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.nblyprod.com https://*.web-2-tel.com https://*.groundsguys.com https://*.licdn.com https://*.convertexperiments.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.groundsguys.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
frame-ancestors https://punchoutcommerce.com https://*.openordering.de https://openolat.akad.ch https://*.unibas.ch https://s1-eu.ariba.com https://*.es.srgssr.ch 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dizl.de; img-src 'self' https: data: blob: https://dizl.de; style-src 'self' https://dizl.de 'nonce-sMJRoevIa8UdESdmRufFKg=='; media-src 'self' https: data: https://dizl.de; frame-src 'self' https:; manifest-src 'self' https://dizl.de; form-action 'self'; child-src 'self' blob: https://dizl.de; worker-src 'self' blob: https://dizl.de; connect-src 'self' data: blob: https://dizl.de https://media.dizl.de wss://dizl.de:4000; script-src 'self' https://dizl.de 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-nEBUcygAxrstglp7GMFiL0my2QrlgSyCFjKdmVHTxQVcA4wg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors www.facebook.com accounts.google.com s7.addthis.com www.catholicfaithstore.com 1
script-src 'nonce-iKfa2DlpPEH4Iq6M0Y8saq8jIr8=' 'self' mijncdnpartner.nl www.googletagmanager.com www.smartsuppchat.com smartsuppcdn.com *.smartsuppcdn.com d10lpsik1i8c69.cloudfront.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /v1/csp/reports 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c7e6917fbc68c9d5faddce5512f26213'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.azureedge.net *.google.com *.google-analytics.com *.fontawesome.com; script-src 'self' 'nonce-65af3b6d6bd7f' *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.azureedge.net *.fontawesome.com *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.azureedge.net *.fontawesome.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.azureedge.net *.gravatar.com; frame-src 'self' *.google.com; font-src 'self' data: *.gstatic.com *.azureedge.net *.fontawesome.com; connect-src 'self' *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.azureedge.net *.fontawesome.com; prefetch-src 'self' *.google.com *.fontawesome.com; worker-src 'self' blob: *.google.com; frame-ancestors 'self' *.google.com 1
default-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; 1
default-src 'self' https://*.dcube.cloud/ https://*.wogaa.sg/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/; base-uri 'self'; child-src 'self' https://fast.wistia.net/ https://www.google.com/recaptcha/ https://www.jusfeedback.asia/Community/; connect-src 'self' https://dpm.demdex.net/ https://www.onemap.gov.sg/ https://api.sgsmil.es/satisfaction https://stg-api.sgsmil.es/satisfaction https://va.ecitizen.gov.sg/flexAnsWS/ifaqservice.asmx/ https://ifaqs.flexanswer.com/FlexWS/ifaqservice.asmx/ https://www.google-analytics.com/ https://www.googleapis.com/ https://*.dcube.cloud/ https://*.wogaa.sg/ https://cm.everesttech.net/ https://assets.dcube.cloud/scripts/wogaa.js https://assets.wogaa.sg/scripts/wogaa.js https://wogadobeanalytics.sc.omtrdc.net/ https://wogaa.demdex.net/; font-src 'self' https://fonts.gstatic.com https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/fonts/ https://s3-us-west-2.amazonaws.com/s.cdpn.io/93/ https://va.ecitizen.gov.sg/ data: https://assets.dcube.cloud/fonts/ https://assets.wogaa.sg/fonts/; form-action 'self'; frame-ancestors https://fast.wistia.net/ https://fast.wogaa.demdex.net/; img-src 'self' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://ssl.gstatic.com https://www.gstatic.com https://assets.adobedtm.com/ https://wogaadev.112.2o7.net/ https://wogaaprod.112.2o7.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.wolframalpha.com/ data: https://cm.everesttech.net/ https://dpm.demdex.net/; media-src 'self'; object-src 'self'; script-src 'self' https://*.wogaa.sg/ blob: https://*.dcube.cloud/ https://assets.adobedtm.com/ https://*.wogaa.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://tagmanager.google.com/ https://va.ecitizen.gov.sg/cfp/va/bgp/js/custom_widget.js https://va.ecitizen.gov.sg/CFP/VA/ https://wogaadev.112.2o7.net/ https://wogaaprod.112.2o7.net/ https://www.adobetag.com/ https://*.demdex.net/ https://*.everesttech.net/ 'nonce-TgBITgh7bgLZVFLVZatzBfnJkx31rO5U2KE2dYLt8uM='; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com https://va.ecitizen.gov.sg/ https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/ https://assets.wogaa.sg/fonts/ https://assets.dcube.cloud/fonts/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css 1
frame-ancestors 'self'       *.interactivebrokers.com       *.interactivebrokers.ca       *.interactivebrokers.com.hk       *.interactivebrokers.hk       *.interactivebrokers.ch       *.interactivebrokers.eu       *.interactivebrokers.com.sg       *.ibkr.com.sg       *.interactivebrokers.ch       *.interactivebrokers.co.uk       *.interactivebrokers.com.au       *.interactivebrokers.co.jp       *.interactivebrokers.co.in       *.ibkram.com       *.interactiveadvisors.com       *.clientam.com       *.ibkr.info       *.interactivebrokers.info       *.youtube.com       *.ibkr.com       *.ibkr.com.cn       *.clientam.com       *.clientam.ch       *.clientam.com.hk       *.covestor.com       *.go-mpulse.net       *.akstat.io       IBKR.docebosaas.com       *.doubleclick.net; 1
default-src 'self' data:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://www.googletagmanager.com http://platform.twitter.com/widgets.js http://www.google-analytics.com/analytics.js https://apis.google.com/js/plusone.js https://platform.twitter.com/js/button.63c51c903061d0dbd843c41e8a00aa5a.js https://www.balbooa.com/updates/bagallery/galleryApi/galleryApi.js https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/ https://www.walkersglobal.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.walkersglobal.com http://fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/; object-src  'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com/wa/ https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com/maps/api/mapsjs/; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://accounts.google.com https://apis.google.com https://platform.twitter.com https://player.vimeo.com https://syndication.twitter.com https://www.balbooa.com https://www.google.com/recaptcha/ https://www.walkersglobal.com https://share.transistor.fm; img-src 'self' https://px.ads.linkedin.com/ https://www.balbooa.com https://maps.googleapis.com/maps/ StaticMapService.GetMapImage https://maps.gstatic.com/ http://maps.google.com/mapfiles/ms/icons/ data: https://www.walkersglobal.com; manifest-src 'self';media-src 'self';worker-src 'none'; 1
default-src 'none'; img-src 'self' data: https://img.shields.io; font-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io; object-src 'self'; media-src 'self'; frame-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; frame-src *; frame-ancestors 'self' https://*.fluke.com; child-src * blob: 'unsafe-inline' 'unsafe-eval'; font-src * data:; connect-src * 'unsafe-inline'; report-uri /en-us/report-csp-violation 1
frame-ancestors http://*.bikernet.com https://*.bikernet.com http://bikernet.com https://bikernet.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.boldyn.com www.googletagmanager.com static.userback.io cdn-cookieyes.com *.pardot.com sc.lfeeder.com cdnjs.cloudflare.com *.hotjar.com *.gstatic.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-lKI6hTUYtPgay6k92g7aTkeKP2r1MZrIg35t0pqgfGWUdz+w' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.visualforce.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://cdn.datatables.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js  https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com www.googletagmanager.com www.googleadservices.com connect.facebook.net maps.google.com https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://tagmanager.google.com/debug/css.css; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.datatables.net https://ajax.googleapis.com http://ajax.googleapis.com maps.google.com https://tagmanager.google.com/debug/css.css https://9150198.fls.doubleclick.net/ https://googleads.g.doubleclick.net/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com maps.google.com data: https://googleads.g.doubleclick.net/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net ajax.googleapis.com maps.google.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://9150198.fls.doubleclick.net/ https://px.ads.linkedin.com/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com maps.google.com; connect-src 'self' accounts.google.com https://cdn.datatables.net https://cdn.datatables.net https://*.dec.sitefinity.com *.mktoresp.com www.facebook.com *.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com/ https://cdn.linkedin.oribi.io/; 1
default-src 'self' *.vimeo.com extend.vimeocdn.com static.klaviyo.com *.klaviyo.com; style-src 'unsafe-inline' data: *; font-src 'self' data: *.googleapis.com *.typekit.net fonts.gstatic.com *.vimeo.com vimeo.com extend.vimeocdn.com www.screaminsicilian.com screaminsicilian.com api-js.datadome.co insight.adsrvr.org *.screaminsicilian.com; img-src 'self' data: https: about: *.facebook.com *.typekit.net *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.amazonaws.net placeholdit.co *.placeholdit.co *.doubleclick.net *.bing.com *.vimeo.com vimeo.com extend.vimeocdn.com static.klaviyo.com tracking.klaviyo.com *.klaviyo.com screaminsicilian.com www.screaminsicilian.com admin.screaminsicilian.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.facebook.net *.bing.com *.yimg.com *.analytics.yahoo.com *.typekit.net cdn.polyfill.io cdnjs.cloudflare.com digitalhub.atlassian.net *.youtube.com *.youtu.be *.vimeo.com vimeo.com extend.vimeocdn.com www.googleadservices.com js.adsrvr.org destinilocators.com googleads.g.doubleclick.net static.klaviyo.com tracking.klaviyo.com *.klaviyo.com; frame-src 'self' *; media-src 'self' *.vimeo.com *.youtube.com *.youtu.be vimeo.com extend.vimeocdn.com static.klaviyo.com tracking.klaviyo.com *.klaviyo.com; connect-src 'self' * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://swiss-talk.net; img-src 'self' https: data: blob: https://swiss-talk.net; style-src 'self' https://swiss-talk.net 'nonce-FvVsz1ZS9SDknSEDLMRrLQ=='; media-src 'self' https: data: https://swiss-talk.net; frame-src 'self' https:; manifest-src 'self' https://swiss-talk.net; form-action 'self'; child-src 'self' blob: https://swiss-talk.net; worker-src 'self' blob: https://swiss-talk.net; connect-src 'self' data: blob: https://swiss-talk.net https://swiss-talk.net wss://swiss-talk.net; script-src 'self' https://swiss-talk.net 'wasm-unsafe-eval' 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wdgtsrc.com https://*.dmca.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.jivo.ru https://*.jivosite.com https://cdn.jsdelivr.net https://fonts.googleapis.com wss://*.jivosite.com; img-src 'self' data: https://pay.store24.services https://pop-ups.sendpulse.com https://*.cdn77.org https://*.google.com https://*.gstatic.com https://*.dmca.com https://*.google-analytics.com https://*.jivo.ru https://*.jivosite.com; 1
frame-ancestors https://travel.rakuten.co.jp/ 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' dev0235.hq.tbc:8002 dev0235.hq.tbc:8102 ws.test.loc:8010 ws.test.loc:28102 localhost:44398 shopshop.ge newstaging.shopshop.ge tbccredit.ge; default-src 'self' 'unsafe-inline'; img-src 'self' data: https:; script-src 'self' https://www.google-analytics.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com https://www.googletagmanager.com 360.tbcconnect.ge https://www.google.com https://www.gstatic.com/ https://analytics.google.com *.googleadservices.com *.g.doubleclick.net 'unsafe-inline'; script-src-elem 'self' https://www.google-analytics.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com https://www.googletagmanager.com 360.tbcconnect.ge https://www.google.com https://www.gstatic.com/ https://analytics.google.com *.googleadservices.com *.g.doubleclick.net 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com https://www.googletagmanager.com 360.tbcconnect.ge https://www.google.com https://www.gstatic.com/ https://analytics.google.com *.googleadservices.com *.g.doubleclick.net 'unsafe-inline'; frame-src 'self' *.facebook.com https://chat.tbcbank.ge https://www.google.com tbccredit.ge shopshop.ge newstaging.shopshop.ge; worker-src 'self' *.visualwebsiteoptimizer.com blob:; 1
frame-ancestors 'self' *.partyrentalltd.com *.authorize.net 1
default-src 'none';  img-src *; object-src 'self'; child-src 'self' *.twitter.com *.twimg.com google.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com;script-src 'unsafe-inline' 'self' 'unsafe-eval' *.twitter.com *.twimg.com maps.google.com www.sdcers.org ajax.googleapis.com apis.google.com developers.google.com maps.gstatic.com maps-api-ssl.google.com sdcers.org maps.googleapis.com cdnjs.cloudflare.com code.jquery.com ssl.google-analytics.com ;style-src 'self' sdcers.org *.twitter.com *.twimg.com fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com 'unsafe-inline';media-src 'self' wr.ispeech.org 'unsafe-inline';frame-src 'self' www.youtube.com board.sdcers.org www.facebook.com wr.ispeech.org ssl.google-analytics.com *.twitter.com *.twimg.com 'unsafe-inline';connect-src 'self' 1
default-src https: 'unsafe-inline'; img-src https: 'unsafe-inline' data: 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6abup49iquacv&partner=; 1
default-src 'self' https://kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kuluttaja.fi https://production.kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org/;connect-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.schibsted.com https://*.kxcdn.com https://*.stellate.sh https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-de.onetrust.com/;img-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.schibsted.com https://*.kxcdn.com https://cdn.cookielaw.org/;frame-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org/;form-action 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io;font-src 'self' https://fonts.gstatic.com;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-OTI0OTBmNzYtMDMxNS00MzQ5LThjMGUtOGJkODgzMjE3OTMw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://forms.hsforms.com https://fast.wistia.com https://j.6sc.co https://snap.licdn.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com https://secure.adnxs.com https://www.gstatic.com https://js.hs-scripts.com/729699.js https://scout-cdn.salesloft.com/sl.js https://j.6sc.co/6si.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ws.zoominfo.com/pixel/6132cd398e3c0a0014b6ab26 https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://www.comeet.co https://www.pardot.com https://www.go.nano.com https://www.go.pardot.com https://go.nano-di.com https://cdn2.hubspot.net https://go.pardot.com platform.instagram.com www.instagram.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn2.hubspot.net https://go.pardot.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://cdn2.hubspot.net https://fast.wistia.com https://embedwistia-a.akamaihd.net https://2biy4djn37s2xoe622u8h9g1-wpengine.netdna-ssl.com https://ws.zoominfo.com https://snap.licdn.com https://j.6sc.co https://b.6sc.co https://px.ads.linkedin.com https://p.adsymptotic.com https://secure.adnxs.com https://perf.hsforms.com https://px4.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com https://forms-na1.hsforms.com https://pos.baidu.com https://go.pardot.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://pipedream.wistia.com https://secure.adnxs.com https://c.6sc.co https://b.6sc.co https://www.google-analytics.com https://ws.zoominfo.com https://www.gstatic.com https://www.google.com https://ipv6.6sc.co https://api.hubapi.com https://forms.hubspot.com https://scout.salesloft.com https://epsilon.6sense.com https://cdn.linkedin.oribi.io https://embed-cloudfront.wistia.com https://px.ads.linkedin.com https://go.pardot.com https://go.nano-di.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://cdn2.hubspot.net https://go.pardot.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://fast.wistia.com https://forms.hsforms.com https://secure.adnxs.com https://go.pardot.com; media-src 'self' https://fast.wistia.com blob: https://forms.hsforms.com https://secure.adnxs.com https://go.pardot.com https://cdn2.hubspot.net; frame-src 'self' https://www.youtube-nocookie.com https://fast.wistia.com https://w.soundcloud.com https://forms.hsforms.com https://secure.adnxs.com https://www.google.com https://www.gstatic.com https://www.essemtec.com https://td.doubleclick.net https://player.vimeo.com/ https://www.comeet.co https://fast.wistia.net https://go.pardot.com https://go.nano-di.com www.instagram.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; report-uri https://www.nano-di.com?gdsih-csp-report; 1
default-src 'self' *.jquery.com *.googletagmanager.com *.hs-sites.com *.google-analytics.com *.google.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.ironchip.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.w3.org *.unpkg.com *.licdn.com *.hsforms.net *.hsforms.com *.hscta.net *.hubapi.com *.hsadspixel.net *.usemessages.com *.hs-scripts.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net *.hubspotusercontent00.net *.hubspotusercontent01.net *.hubspotusercontent02.net *.hubspotusercontent03.net *.hubspotusercontent04.net *.hubspotusercontent05.net *.hubspotusercontent06.net *.hubspotusercontent07.net *.hubspotusercontent08.net *.hubspotusercontent09.net *.hubspotusercontent10.net *.hubspotusercontent11.net *.hubspotusercontent12.net *.hubspotusercontent13.net *.hubspotusercontent15.net *.hubspotusercontent16.net *.hubspotusercontent17.net *.hubspotusercontent18.net *.hubspotusercontent19.net *.hubspotusercontent20.net *.hscollectedforms.net *.ipinfo.io *.s3.amazonaws.com *.snap.licdn.com 'unsafe-inline';  img-src 'self' *.hsforms.com *.hsappstatic.net *.hubspot.com *.linkedin.com data: *.ironchip.com; connect-src 'self' *.geoplugin.net *.hscollectedforms.net *.allorigins.win *.hsforms.com *.hubspot.com *.hs-banner.com *.hubapi.com hubspot-forms-static-embed.s3.amazonaws.com *.google-analytics.com *.oribi.io *.linkedin.com *.ironchip.com; frame-ancestors 'self' *; form-action *.ironchip.com *.hsforms.com *.unpkg.com 1
default-src 'none'; script-src 'self' https://silverorange.applytojobs.ca; font-src https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com https://silverorange.applytojobs.ca; connect-src https://silverorange.applytojobs.ca; img-src 'self' 1
font-src data: *; img-src data: * blob:; default-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' blob: mailto: https://instawidget.net/ *.twitter.com/ *.facebook.com/ https://static.addtoany.com/ https://customer-g49kpte2lt5550qs.cloudflarestream.com/ *.ncpc.gov/ http://arcgis.com *.arcgis.com/ *.googleapis.com *.google.com https://google.com *.youtube.com/ api.ncpc.gov; media-src blob: *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-viquJL3488foXof/QjBB619eajuF6kCECkl2sNAQCIMkGyBF' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-BR9OFMTGSDKcd1TU9GmV0DaPlx8='; style-src 'nonce-BR9OFMTGSDKcd1TU9GmV0DaPlx8=' 1
default-src 'self'; script-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.hotjar.com https://player.vimeo.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://www.google-analytics.com https://ssl.google-analytics.com https://wchat.freshchat.com https://www.googletagmanager.com https://www.googletagmanager.com 'unsafe-inline' https:; img-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.googlesyndication.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.hotjar.com https://*.clarity.ms https://www.google.hr https://images-20210209174033434400000001.s3.eu-north-1.amazonaws.com https://www.facebook.com https://*.bing.com https://cdn.nettbil.no https://*.doubleclick.net https://st4gcdn.skybil.no https://www.google.no https://www.google.com https://www.googletagmanager.com https://da0zw1zvl4zsg.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://i.fuelapi.com https://www.google.com https://www.google.no https://www.google.se https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.snapchat.com https://googleads.g.doubleclick.net https://*.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://policy.app.cookieinformation.com https://*.bing.com https://*.clarity.ms https://*.snapchat.com https://*.googlesyndication.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://cdn.growthbook.io https://www.google-analytics.com https://*.skybil.no https://*.nettbil.no https://wchat.freshchat.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.sfdcstatic.com https://*.hotjar.com https://fonts.gstatic.com https://wchat.freshchat.com data:; frame-src https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.google.com https://www.facebook.com https://wchat.freshchat.com https://nettbil.webpush.freshchat.com https://player.vimeo.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.snapchat.com https://*.skybil.no; style-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.hotjar.com https://fonts.googleapis.com https://*.freshchat.com 'unsafe-inline'; style-src-elem 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.hotjar.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.freshchat.com blob: 'unsafe-inline'; worker-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.hsforms.net/ https://use.typekit.net/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/maps/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.google-analytics.com/ https://maps.googleapis.com/maps-api-v3/api/  https://js-agent.newrelic.com/ https://js-na1.hs-scripts.com/ https://js.hs-banner.com/v2/ https://bam.nr-data.net/1/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://track.hubspot.com/ https://p.typekit.net/ https://www.google-analytics.com/ https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://no-cache.hubspot.com/; frame-src 'self' https://forms.hsforms.com/; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/; connect-src 'self' https://maps.googleapis.com/maps/api/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/j/ https://bam.nr-data.net/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/; report-uri /report-csp-violation 1
default-src 'self' *.epicenter.works 'unsafe-inline' data: 1
frame-ancestors 'self' http://www.philips.ie *.philips.com *.philips.ie https://philipsigtdpv.com 1
default-src 'self' *.atlas-elektronik.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.atlas-elektronik.com *.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com translate.google.com hello.myfonts.net platform.linkedin.com www.xing-share.com www.linkedin.com netdna.bootstrapcdn.com use.typekit.net; style-src 'self' 'unsafe-inline' *.atlas-elektronik.com fonts.googleapis.com use.typekit.net p.typekit.net translate.googleapis.com translate.google.com hello.myfonts.net www.xing-share.com; img-src 'self' data: *.atlas-elektronik.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com csi.gstatic.com maps.gstatic.com translate.google.com www.google.com/images/ www.gstatic.com/images/ static.licdn.com www.linkedin.com p.typekit.net; font-src 'self' data: use.typekit.net fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' *.atlas-elektronik.com *.googleapis.com www.youtube.comuse.typekit.net; object-src 'self' *.atlas-elektronik.com www.youtube.com; frame-src 'self' *.atlas-elektronik.com apis.google.com accounts.google.com www.youtube.com www.facebook.com platform.linkedin.com platform.twitter.com www.xing-share.com; upgrade-insecure-requests 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.largo.com  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://static.ctctcdn.com https://cdn.jsdelivr.net;  style-src * 'unsafe-inline'; font-src https://*.largo.com https://*.revize.com data: 1
default-src 'self' 'unsafe-inline'; img-src 'self' * data: 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; worker-src 'none'; script-src 'self' https://www.google-analytics.com https://edge.fullstory.com https://widget.intercom.io https://ok1static.oktacdn.com https://az416426.vo.msecnd.net https://maps.google.com https://static.zdassets.com https://assets.zendesk.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://ok1static.oktacdn.com https://fonts.gstatic.com data: 'unsafe-inline'; style-src 'report-sample' 'self' https://newtaxi-login.corcoran.com https://ok1static.oktacdn.com https://cloud.typography.com https://fonts.googleapis.com 'unsafe-inline' ; report-uri https://620eef3a8fbf6d96ac8e965b.endpoint.csper.io/?v=1 'unsafe-inline'; connect-src 'self' https://mediaapp.vestahub.com https://securityapi.vestahub.com https://api-my.citihabitats.com https://corcoranit.zendesk.com https://ekr.zdassets.com https://maps.googleapis.com https://api-act.vestahub.com https://newtaxi-dataapi.corcoran.com https://newtaxi-login.corcoran.com https://newtaxi.corcoran.com https://newtaxi-searchapi.corcoran.com https://presentationsservice.corcoranlabs.com *.visualstudio.com 'unsafe-inline'; frame-ancestors 'self' *; 1
default-src 'self' https://bos.shantitravel.com;frame-src *;img-src * data:;media-src * data:;style-src * 'unsafe-inline';font-src * 'unsafe-inline';script-src * 'unsafe-inline';connect-src *; 1
frame-ancestors 'self' www.roomsurf.com; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://js-eu1.hsforms.net https://www.google.com https://www.gstatic.com https://matomo.bartec.com https://*.googletagmanager.com https://c.leadlab.click https://www.youtube.com; connect-src 'self' https://*.hsforms.com https://matomo.bartec.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://t.leadlab.click/; img-src 'self' https://*.hsforms.com https://*.google-analytics.com https://*.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com *.bartec.de *.bartec.com https://support.pixavi.com https://pixavi.freshworks.com; font-src 'self' data:; media-src blob: 'self' 1
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.applysq.com cdn.applysquare.net ana.applysquare.com pingjs.qq.com hm.baidu.com *.map.baidu.com *.map.bdimg.com res.wx.qq.com s13.cnzz.com c.cnzz.com cdn.bootcss.com cdn.staticfile.org static.bcedocument.com img.baidu.com doc.baidubce.com static.exp.bcedocument.com *.google-analytics.com *.google.com maps.gstatic.com *.amap.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com cdn.applysquare.net/a2/lib assets-cli.s2.udesk.cn 1372979.s2.udesk.cn basevistor.s2.udesk.cn js.intercomcdn.com widget.intercom.io cdn.jsdelivr.net cdn.bootcdn.net; style-src 'self' 'unsafe-inline' 1372979.s2.udesk.cn static.bcedocument.com img.baidu.com doc.baidubce.com static.exp.bcedocument.com cdn.applysq.com cdn.applysquare.net cdn.staticfile.org cdn.bootcss.com *.amap.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com cdn.applysquare.net/a2/lib cdn.jsdelivr.net cdn.bootcdn.net *.easyliao.com; font-src * data:; img-src * data: blob:; connect-src * data: 1
base-uri 'self' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.vimeocdn.com *.vimeo.com *.youtube.com *.facebook.com *.twitter.com *.twimg.com *.t.co *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.google.com *.gstatic.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.google.com *.google-analytics.com *.ads-twitter.com *.youtube.com *.vimeo.com *.vimeocdn.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.twitter.com *.twimg.com *.t.co t.co *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com cdn.jsdelivr.net *.jsdelivr.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com; style-src 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.twitter.com *.twimg.com *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.google.com *.gstatic.com *.googleapis.com *.fonts.net *.osano.com; default-src blob: 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.facebook.com *.twitter.com *.twimg.com *.t.co t.co *.linkedin.com linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com google.com *.gstatic.com *.googleapis.com *.gravatar.com *.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.w.org *.searchcdn.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com data: 1
default-src 'self' data: *.atolcd.com maps.google.com *.gstatic.com *.googleapis.com *.youtube.com pbs.twimg.com *.google-analytics.com *.twitter.com tarteaucitron.io; script-src 'self' 'unsafe-eval' *.atolcd.com *.googleapis.com html5shim.googlecode.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.twitter.com maps.google.com cdnjs.cloudflare.com *.tarteaucitron.io 'unsafe-inline'; frame-src 'self' *.atolcd.com *.twitter.com *.youtube.com app.livestorm.co *.slideshare.net *.google.com playerbeta.octopus.saooti.com; style-src 'self' *.atolcd.com *.googleapis.com *.tarteaucitron.io 'unsafe-inline' 1
frame-ancestors 'self' go.unitedcredit.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-54fc8b6fd83044f20408585da567ca0c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ books.google.com www.paypalobjects.com *.soundcloud.com embed.exacteditions.com anchor.fm c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com books.google.com www.hackettpublishing.com hackettpublishing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com books.google.com www.hackettpublishing.com hackettpublishing.com www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com www.hackettpublishing.com hackettpublishing.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.google-analytics.com https://www.google.com https://secure.epsilon.jp https://*.hs-scripts.com  https://*.hs-analytics.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'  https://tools-edanzgroup-com.s3.amazonaws.com  https://qa-tools-edanzgroup-com.s3.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net  https://portal.referralcandy.com https://sdk.form.run https://edanzgroup.activehosted.com https://typesquare.com https://*.edanzgroup.com https://js.stripe.com https://*.edanz.com https://*.google.com https://*.hs-scripts.com  https://*.hs-analytics.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com https://*.visualwebsiteoptimizer.com https://app.vwo.com blob: https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.2/min/tiny-slider.js; object-src https://tools-edanzgroup-com.s3.amazonaws.com https://*.edanz.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.edanzgroup.com https://cdn.ckeditor.com https://svc.webspellchecker.net  https://*.google.com https://www.gstatic.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.s3.amazonaws.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.3/tiny-slider.css; img-src 'self' * https://www.edanz.com https://www.googletagmanager.com https://www.google-analytics.com  https://tools-edanzgroup-com.s3.amazonaws.com https://images-edanzgroup-com.s3-ap-southeast-1.amazonaws.com https://edanz.com https://q.stripe.com *.edanzgroup.com *.edanzediting.com https://cdn.ckeditor.com https://www.gstatic.com data: https://qa-jp.edanz.com  https://*.google-analytics.com https://stats.g.doubleclick.net https://ieeexplore.ieee.org https://www.google.com https://www.google.com.bd https://www.google.co.jp https://www.google.co.in https://c.clarity.ms/c.gif https://c.bing.com/c.gif https://*.edanz.com https://b99.yahoo.co.jp https://*.hs-scripts.com  https://*.hs-analytics.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chart.googleapis.com https://*.wingify-assets.s3.amazonaws.com https://s3-ap-southeast-1.amazonaws.com/images-edanzgroup-com/websites/Route.png; frame-src 'self' https://*.cloudfront.net https://edanz.referralcandy.com https://portal.referralcandy.com *.edanz.jp https://www.youtube.com https://player.rss.com https://js.stripe.com *.google.com https://form.run/ https://tools-edanzgroup-com.s3.amazonaws.com https://*.edanz.com https://td.doubleclick.net https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://api.referralcorner.com; frame-ancestors *.edanz.com https://*.edanz.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://*.edanzgroup.com https://svc.webspellchecker.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://*.clarity.ms https://*.userguiding.com https://pagead2.googlesyndication.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.google.co.jp https://api-js.mixpanel.com; report-uri https://www.edanz.com/report-csp-violation 1
object-src 'none'; frame-ancestors 'self' https://sleeplife.geckoview.com 1
worker-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
child-src https://*.zscalerthree.net play.vidyard.com secure.livechatinc.com; connect-src https://*.zscalerthree.net 'self' wss://data.upscope.io api.livechatinc.com play.vidyard.com region1.google-analytics.com wss://data--ap-southeast.upscope.io wss://data--eu-central.upscope.io wss://data--eu-west.upscope.io wss://data--sa-east.upscope.io wss://data--us-east.upscope.io wss://data--us-west.upscope.io www.google-analytics.com; default-src https://*.zscalerthree.net 'self' 'unsafe-eval' 'unsafe-inline' api.livechatinc.com cdn.livechatinc.com cdn.vidyard.com code.jquery.com code.upscope.io fonts.gstatic.com js.upscope.io play.vidyard.com secure.livechatinc.com wss://data--us-east.upscope.io wss://data--us-west.upscope.io www.google-analytics.com www.googletagmanager.com extreme-ip-lookup.com client-data.knak.io; font-src https://*.zscalerthree.net 'self' data: cdn.livechatinc.com fonts.gstatic.com; form-action 'self'; frame-ancestors https://*.zscalerthree.net 'self'; frame-src https://*.zscalerthree.net 'self' play.vidyard.com secure.livechatinc.com play.vidyard.com.x.37f7620000a8b0469c0b2400d47d38b98e4d.9270f859.id.opendns.com play.vidyard.com.x.d6f6a8920e76a04b3e0bcd507a8a246c8510.9270fa5d.id.opendns.com; img-src https://*.zscalerthree.net 'self' data: cdn.vidyard.com fonts.gstatic.com play.vidyard.com www.google-analytics.com www.googletagmanager.com www.gstatic.com client-data.knak.io www.republicindemnity.com; media-src https://*.zscalerthree.net 'self' data: cdn.livechatinc.com; object-src https://*.zscalerthree.net 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' api.livechatinc.com cdn.livechatinc.com code.jquery.com code.upscope.io js.upscope.io play.vidyard.com www.googletagmanager.com extreme-ip-lookup.com; script-src https://*.zscalerthree.net 'self' 'unsafe-eval' 'unsafe-inline' api.livechatinc.com cdn.livechatinc.com code.jquery.com code.upscope.io js.upscope.io play.vidyard.com www.googletagmanager.com extreme-ip-lookup.com wasm-eval; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' data: www.gstatic.com; style-src https://*.zscalerthree.net 'self' 'unsafe-inline'; report-uri https://wwwrepublicindemnity.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' https://manage.foundrymag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' https://helpdesk.vodafonekabelforum.de; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-zJ/IROzaSv9r+Vma3QOLzw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self';base-uri https://www.cabotfinancial.co.uk/;frame-ancestors 'self' https://*.force.com https://*.cabotfinancial.co.uk;object-src 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.cabotfinancial.co.uk/csp;script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'sha256-zNy05XVRrarDECpDQcf4AZ1et8iPi4muu7CSBFlExbM=' 'sha256-lUNepec9kVSprWoNOZPpKsPttrd/p784gwgTMtQ1Aj8=' 'nonce-rm6krlqW84RMfQ0LqhKp1U8pAlMyTiB2' https://*.google-analytics.com https://ajax.googleapis.com https://*.googletagmanager.com https://*.sagepay.com https://*.google.com 'sha256-U+DCZ9+3gbhe2T4z10Gbfe7V4JZu66qOVGKkOPEd+90=' https://*.branch.io https://app.link https://cdn.branch.io https://bnc.lt 'sha256-vUcT9hG3o2H/FpWK75JCWJcaVW7dL5UCzmaaTprIf1o=' 'sha256-KflzNftO8MgNVrSolPYVTb79gLMAAfKEFjSWEot/5LM=' 'sha256-mZhbMBfPEIl5z5PuRkPvnfwJsYdnd3dZc0hrEJil0YM=' 'sha256-K5eTFmjoQzLg+b8TPZq/S7Gr/fRhd5qilrQqoO/sRjQ=' https://www.googletagmanager.com https://www.google-analytics.com https://*.force.com https://*.gstatic.com https://*.cookiepro.com https://*.youtube.com https://*.hotjar.com https://*.ytimg.com https://*.sentry-cdn.com https://*.googleadservices.com 'sha256-5kzA3c2WFW10TOIoQA4dEradt1ByfchBzQdq/5CIVEg=' https://*.salesforce.com https://*.salesforceliveagent.com https://*.doubleclick.net https://sentry.io https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com https://*.force.com https://help.cabotfinancial.co.uk https://sentry.io;frame-src 'self' https://app.acuityscheduling.com/ https://youtube-nocookie.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.google.com https://www.facebook.com https://*.force.com https://*.doubleclick.net https://sentry.io https://channel-cards-html.lloydsbankinggroup.com https://optimize.google.com;img-src 'self' data: https://*.google-analytics.com https://stats.g.doubleclick.net https://*.branch.io https://www.cabotfinancial.co.uk https://*.gstatic.com https://*.rackcdn.com https://www.google.com https://www.google.co.uk https://tagmanager.google.com https://*.cabotfinancial.co.uk https://image.emails.cabotfinancial.com https://*.googletagmanager.com https://*.bing.com/ https://www.facebook.com https://*.force.com https://webfiles.cabotfinancial.co.uk https://sentry.io https://*.cookiepro.com;font-src 'self' https://fonts.gstatic.com data: https://sentry.io;media-src 'self' https://*.rackcdn.com https://*.cabotfinancial.co.uk https://webfiles.cabotfinancial.co.uk https://sentry.io;connect-src 'self' https://*.sagepay.com https://*.api.branch.io https://*.branch.io https://*.thunderhead.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com/api/ wss://ws10.hotjar.com/ https://*.hotjar.com https://*.force.com https://*.hotjar.io https://*.cookiepro.com https://*.sentry.io https://cookie-cdn.cookiepro.com https://help.cabotfinancial.co.uk https://www.facebook.com https://sentry.io https://cabotcm.germany-2.evergage.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.onetrust.com 1
script-src 'self' https://web1.gsc.local 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.hams.social; img-src 'self' https: data: blob: https://mastodon.hams.social; style-src 'self' https://mastodon.hams.social 'nonce-xx+lpI/4wRtdjYOfY6Dbjw=='; media-src 'self' https: data: https://mastodon.hams.social; frame-src 'self' https:; manifest-src 'self' https://mastodon.hams.social; form-action 'self'; connect-src 'self' data: blob: https://mastodon.hams.social https://mastodon.hams.social wss://mastodon.hams.social; script-src 'self' https://mastodon.hams.social 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodon.hams.social; worker-src 'self' blob: https://mastodon.hams.social 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.mt *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.mt; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.mt https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-2pk783gARHks1SMTt/rCSJ/J2q3/T3chM8ylalgDl20=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.mt/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au *.zipmoney.com.au *.myfreshworks.com *.punchoutcommerce.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-25cc9d296f279fa77af0b761f7459753'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors https://www.QCOMX.com https://QCOMX.com https://suebhatia.com https://www.suebhatia.com https://roseint.com https://www.roseint.com 'self' 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.com.ar; script-src *.openbank.com.ar *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com www.googleoptimize.com;  connect-src 'self' *.openbank.com.ar *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' *.openbank.com https://fonts.googleapis.com; img-src 'self' *.openbank.com.ar px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com;  media-src 'self' *.openbank.com.ar *.openbank.com *.youtube.com; frame-src *.openbank.com.ar https://www.google.com *.gstatic.com *.youtube.com  *.doubleclick.net blob: ; font-src 'self' *.openbank.com *.openbank.com.ar maxcdn.bootstrapcdn.com data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: ;frame-ancestors 'self' api.paycomet.com https://www.paytpv.com https://openbank.campaign.adobe.com; 1
frame-ancestors 'self' *.maiscrm.com http://local-frontend.maiscrm.com:8000 nwplatform.com.cn *.nwplatform.com.cn xigmapas.com *.xigmapas.com 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: *.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.magento.com *.revlonhairtools.com fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.iterable.com *.authorize.net *.cardinalcommerce.com *.heledigital.com *.facebook.com *.facebook.net *.signifyd.com *.braintree-api.com *.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.xtento.com *.paymetric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.authorize.net *.signifyd.com *.online-metrix.net *.paypal.com *.facebook.com *.facebook.net *.demdex.net *.doubleclick.net *.hotjar.com *.adyen.com *.xisecurenet.com *.adobedtm.com *.weltpixel.com *.google.com *.custhelp.com *.oraclecloud.com *.trustarc.com *.googletagmanager.com *.revlonhairtools.com *.sdiapi.com *.braintree-api.com *.braintreegateway.com curv.net *.wesupply.xyz *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.ytimg.com *.heledigital.com *.cloudflare.com *.gethatch.com *.quantserve.com *.doubleclick.net *.google.com *.facebook.com *.omtrdc.net *.demdex.net *.everesttech.net *.bazaarvoice.com *.adyen.com *.landofcoder.com *.klarna.com *.xtento.com *.gstatic.com *.cdninstagram.com *.rnengage.com *.trustarc.com *.co.in *.truste.com *.signifyd.com *.online-metrix.net curv.net *.pinimg.com *.fbcdn.net maps.googleapis.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net *.lightboxcdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.iterable.com www.xtento.com cdn.xtento.com *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.adobedtm.com *.authorize.net *.cardinalcommerce.com *.ccdc02.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.ytimg.com *.vimeo.com *.signifyd.com *.youtube.com *.heledigital.com *.googletagmanager.com *.facebook.net *.facebook.com *.doubleclick.net *.xisecurenet.com *.magento.com *.wootric.com *.rapidspike.com *.cloudflare.com *.instagram.com *.oraclecloud.com *.atgsvcs.com *.rnengage.com *.custhelp.com *.rightnowtech.com *.newrelic.com *.nr-data.net *.trustarc.com *.sdiapi.com *.co.in *.braintree-api.com curv.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com lightboxapi.azurewebsites.net *.lightboxcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline *.getfirebug.com *.heledigital.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bootstrapcdn.com *.magento.com *.custhelp.com *.googletagmanager.com curv.net fonts.googleapis.com tagmanager.google.com *.yotpo.com *.lightboxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.magento.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.iterable.com *.brilliantcollector.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.signifyd.com *.cardinalcommerce.com *.facebook.com *.facebook.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.oraclecloud.com *.google-analytics.com *.demdex.net *.omtrdc.net *.magento.com *.wootric.com *.herokuapp.com *.rapidspike.com *.doubleclick.net *.nr-data.net *.atgsvcs.com *.sdiapi.com *.braintreegateway.com *.trustarc.com curv.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com https://imgs.signifyd.com api.addressy.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform-api.sharethis.com buttons-config.sharethis.com *.hotjar.com maps.googleapis.com js.stripe.com widget.mondialrelay.com *.gstatic.com *.recaptcha.net *.googletagmanager.com widget.trustpilot.com tagmanager.google.com *.google-analytics.com *.analytics.google.com *.google.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.com *.facebook.net static.noukies.akretion.com *.noukies.com z.moatads.com *.youtube.com  static.klaviyo.com static-tracking.klaviyo.com static.target2sell.com  *.dwin1.com *.zenaps.com widgets.pinterest.com s.pinimg.com *.awin1.com tpc.googlesyndication.com  *.kadolog.com pagead2.googlesyndication.com js.sentry-cdn.com static.noukies.com checkout.stripe.com ajax.googleapis.com; img-src 'self' data: blob: *.noukies.com platform-api.sharethis.com l.sharethis.com platform-cdn.sharethis.com widget.mondialrelay.com *.tile.osm.org *.googletagmanager.com ssl.gstatic.com *.gstatic.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net *.google.com strapi.noukies.akretion.com strapi.noukies.com static.noukies.akretion.com cdn.noukies.akretion.com cdn.noukies.com *.awin1.com *.zenaps.com maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com ct.pinterest.com *.google.be *.google.fr *.google.nl *.google.lu *.google.ch *.google.de *.google.it *.google.at *.google.se noukies.akretion.com adservice.google.com translate.google.com analytics.google.com collect.noukies.com *.googleadservices.com *.facebook.com static.noukies.com; style-src 'self' 'unsafe-inline' platform-api.sharethis.com *.hotjar.com static-tracking.klaviyo.com tagmanager.google.com fonts.googleapis.com static.noukies.akretion.com *.noukies.com static.klaviyo.com translate.googleapis.com *.gstatic.com static.noukies.com *.kadolog.com; font-src 'self' platform-api.sharethis.com *.hotjar.com fonts.gstatic.com data: static.noukies.akretion.com *.noukies.com static.noukies.com; connect-src 'self' noukies-frbe.backend.verbolia.com noukies-nlbe.backend.verbolia.com collect.noukies.com l.sharethis.com *.hotjar.com wss://*.hotjar.com *.hotjar.io gtm-57jqsvx-ogi2z.uc.r.appspot.com *.facebook.com *.google-analytics.com *.analytics.google.com *.google.be *.google.fr *.google.nl *.google.lu *.google.ch *.google.de *.google.it *.google.at *.google.se search.noukies.akretion.com search.noukies.com strapi.noukies.akretion.com strapi.noukies.com api.noukies.akretion.com api.noukies.com fast.a.klaviyo.com static-forms.klaviyo.com serv-api.target2sell.com reco.target2sell.com auth.noukies.akretion.com auth.noukies.com stats.g.doubleclick.net telemetrics.klaviyo.com api.target2sell.com a.klaviyo.com ip2c.org widget.trustpilot.com maps.googleapis.com o57577.ingest.sentry.io ct.pinterest.com *.googletagmanager.com *.google.com googleads.g.doubleclick.net translate.googleapis.com adservice.google.com noukies.babyboom.link static.noukies.com *.ci-akretion.com cdn.noukies.akretion.com; frame-src 'self' collect.noukies.com *.facebook.com js.stripe.com *.recaptcha.net bid.g.doubleclick.net auth.noukies.akretion.com auth.noukies.com *.youtube.com widget.trustpilot.com *.zenaps.com idp.noukies.akretion.com ct.pinterest.com *.awin1.com *.googletagmanager.com tpc.googlesyndication.com; worker-src 'self'; object-src 'self' data:; base-uri 'self'; manifest-src 'self'; media-src 'self' cdn.noukies.akretion.com cdn.noukies.com *.noukies.com; report-uri https://o57577.ingest.sentry.io/api/6134629/security/?sentry_key=a7c60343cdd54fc3a86d1feb9b8fb0fe 1
script-src *.iag.bg *.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' packages.umbraco.org our.umbraco.org static.addtoany.com player.vimeo.com *.googleapis.com *.youtube.com *.google.com *.dev.csioffice.co.uk *.abercrombiekent.com *.abercrombiekent.com:8095 *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com;script-src 'self' *.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net s7.addthis.com player.vimeo.com z.moatads.com static.addtoany.com *.google.com *.youtube.com *.gstatic.com  *.dev.csioffice.co.uk *.abercrombiekent.com *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com 'unsafe-eval' 'unsafe-inline';style-src 'self' *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com p.typekit.net *.youtube.com static.addtoany.com  *.dev.csioffice.co.uk abercrombiekent.com *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com 'unsafe-inline';font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com use.typekit.net *.youtube.com static.addtoany.com  *.dev.csioffice.co.uk abercrombiekent.com *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com;img-src 'self' data: res.cloudinary.com *.cdninstagram.com player.vimeo.com *.googleapis.com *.gstatic.com *.cloudflare.com *.youtube.com static.addtoany.com  *.dev.csioffice.co.uk abercrombiekent.com *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com;media-src 'self' data: *.cdninstagram.com player.vimeo.com *.youtube.com static.addtoany.com  *.dev.csioffice.co.uk *.googletagmanager.com *.googletagmanager.co.uk *.google-analytics.com *.facebook.net *.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.dvinci-easy.com https://jobs.gmh-gruppe.de https://app.usercentrics.eu https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.dvinci-easy.com https://fonts.googleapis.com; img-src 'self' data: https://app.usercentrics.eu https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://*.ytimg.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self'; frame-src 'self' https://www.youtube.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://jobs.gmh-gruppe.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://www.google-analytics.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com; manifest-src 'self'; frame-ancestors 'self' http://gmh-gruppe.de https://news.app.gmh-gruppe.de http://staffbase.com capacitor://gmh-gruppe.de capacitor://staffbase.com localhost:*; base-uri 'self'; form-action 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.youtube.com *.newsletter2go.com; style-src 'unsafe-inline' 'self'; img-src data: blob: 'self' *.ytimg.com *.newsletter2go.com *.thueringen.de;font-src data: 'self';frame-src *.youtube.com *.youtube-nocookie.com *.3qsdn.com *.nc3-cdn.com *.thlt.de *.thueringen.de *.thueringer-landtag.de; media-src 'self'; connect-src 'self' *.newsletter2go.com 1
default-src 'self' https: data: https://apptutorials.martinbaileyphotography.com/ https://www.martinbaileyphotography.com/ https://dffc2294.rocketcdn.me/ https://www.paypal.com https://vimeoshowcase.com/ https://app.fusebox.fm/; manifest-src 'self' https: data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://martinbaileyphotography.com/ https://cdn.paddle.com/ https://www.google.com https://www.googletagmanager.com/ https://js.stripe.com/ https://js.squareup.com/ https://c6.patreon.com/ https://app.termly.io/ https://assets.calendly.com/ https://ssl.google-analytics.com/ga.js https://kit.fontawesome.com/; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https: data: blob: https://pro.fontawesome.com/ https://c6.patreon.com/ https://assets.calendly.com/ https://www.gstatic.com/ ; font-src 'self' https: data: blob: filesystem: https://pro.fontawesome.com/ https://wordpress.com/ https://kit.fontawesome.com/ ; frame-src 'self' https://www.martinbaileyphotography.com/ https://web.squarecdn.com/ https://traffic.libsyn.com/ https://wp-rocket.me/ https://wp.freemius.com/ https://td.doubleclick.net/ https://www.paypal.com https://akismet.com/ https://www.patreon.com/ https://app.fusebox.fm/ https://dl.fusebox.fm/ https://buy.paddle.com/ https://create-checkout.paddle.com/ https://create-checkout.paddle.com/ https://cdn.wpdownloadmanager.com/ https://app.termly.io/ https://rcm-na.amazon-adsystem.com/ https://ws-na.assoc-amazon.com/ https://flexiaddons.com/ https://mozbar.moz.com/ https://nlsdt.com/ https://widgets.wp.com/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://pci-connect.squareup.com/ https://connect.squareup.com/ https://pci-connect.squareupsandbox.com/ https://connect.squareupsandbox.com/ https://player.vimeo.com/ https://library.elementor.com/ https://calendly.com/ https://djtflbt20bdde.cloudfront.net https://sibautomation.com/ https://player.vimeo.com/ https://vimeo.com/ https://mer54715.datafeedfile.com/ https://syndication.twitter.com/ https://yoa.st https://www.facebook.com/ https://www.google.com/ https://*.paypal.com/ https://www.paypalobjects.com/ https://sibautomation.com/ https://www.speakpipe.com/ https://player.vimeo.com/ https://*.youtube.com/ https://platform.twitter.com/ https://staticxx.facebook.com/ https://smartslider3.com/ https://ws-na.amazon-adsystem.com/; form-action 'self' https://mbp.ac/ https://secure.2checkout.com/ https://akismet.com/ https://dffc2294.rocketcdn.me/ https://syndication.twitter.com/ https://www.patreon.com/ https://platform.twitter.com/ https://mc.us1.list-manage.com/ https://accounts.google.com; connect-src 'self' https: data: wss://chat-messaging.sendinblue.com/; upgrade-insecure-requests; report-uri /csp-report.php; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://esq.social; img-src 'self' https: data: blob: https://esq.social; style-src 'self' https://esq.social 'nonce-1MIvXmND4IKEQXlSishXKQ=='; media-src 'self' https: data: https://esq.social; frame-src 'self' https:; manifest-src 'self' https://esq.social; form-action 'self'; child-src 'self' blob: https://esq.social; worker-src 'self' blob: https://esq.social; connect-src 'self' data: blob: https://esq.social https://sb-esq-social.b-cdn.net wss://esq.social; script-src 'self' https://esq.social 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-oZBF+LgzpW6nGr20QnZ1myhdZ5+zto3fjfaPNdnmq8uT+RAJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.aliran.com aliran.com https: data:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aliran.com aliran.com  ajax.cloudflare.com *.cloudflareinsights.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com *.wp.com *.youtube.com *.bfm.my *.omny.fm *.facebook.com *.tiktok.com *.ttwstatic.com *.twitter.com *.instagram.com; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-fz33n45I8SGPQ/hn0Mlq4yqHL0E='; style-src 'nonce-fz33n45I8SGPQ/hn0Mlq4yqHL0E=' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' base-uri: 'self' 1
default-src 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self' *.stripe.com *.getrewardful.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com wss://*.intercom.io *.googleapis.com *.google.com *.gstatic.com data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net; child-src *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; form-action 'self' intercom.help *.intercom.io; font-src d1dfgjtvrwaror.cloudfront.net fonts.gstatic.com *.intercomcdn.com; img-src https: blob: data: ; manifest-src d1dfgjtvrwaror.cloudfront.net; media-src *.intercomcdn.com; frame-src *.stripe.com app.getbee.io *.doubleclick.net *.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com d1dfgjtvrwaror.cloudfront.net; script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-83782e849e8d1ee3cde24cfa46435222' 'strict-dynamic'; upgrade-insecure-requests; report-uri /console/report/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.eskinstore.com https://eskinstore.com https://www.eskincarestore.com https://eskincarestore.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.ywxi.net https://secure.comodo.com https://sealserver.trustwave.com https://www.trustedsite.com https://bat.bing.com https://s3-us-west-2.amazonaws.co https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://cdn.jsdelivr.net https://assets.zendesk.com https://static.zdassets.com https://apis.google.com https://www.paypal.com https://www.paypalobjects.com https://www.instagram.com https://0.r.msn.com https://www.clarity.ms https://cdn1.affirm.com https://cdn1.affirm.ca 1
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: blob: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval' 1
default-src vat9eh4iwa.execute-api.us-east-2.amazonaws.com analytics.google.com *.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' builder.lift.acquia.com connect.facebook.net snap.licdn.com tags.tiqcdn.com unruffled-shannon-1a7413.netlify.app www.google-analytics.com www.googleadservices.com www.googletagmanager.com endpoint2.mathilde-ads.com *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com pixel.sitescout.com; object-src 'none'; style-src 'self' 'unsafe-inline'  fonts.googleapis.com ftp.mathilde-ads.com *.cloudfront.net *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net cdn.linkedin.oribi.io  vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com; img-src 'self' data: www.google.com.pa www.multibank.com.pa googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com ftp.mathilde-ads.com *.cloudfront.net *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com googletagmanager.com; media-src 'self'; frame-src 'self' *.mathilde-ads.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com www.multibank.com.pa; connect-src 'self' adservice.google.com collect.tealiumiq.com mbpasxv7.staticmon.com notify.bugsnag.com opensheet.elk.sh sessions.bugsnag.com us-east-1-decisionapi.lift.acquia.com www.google-analytics.com stats.g.doubleclick.net endpoint2.mathilde-ads.com lv5wzylf7h.execute-api.us-east-2.amazonaws.com cdn.linkedin.oribi.io vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com region1.analytics.google.com analytics.google.com/g/collect; report-uri /es/report-csp-violation 1
default-src 'none'; 
		base-uri 'self';
		script-src 'self' 'unsafe-inline' 'unsafe-eval' *.berlinale-talents.de *.newsletter2go.com *.kbb.eu *.jsdelivr.net cdnjs.cloudflare.com *.zencdn.net maps.googleapis.com *.vimeo.com *.podigee-cdn.net media.pay-link.eu; 
		style-src 'self' 'unsafe-inline' *.jsdelivr.net *.zencdn.net; 
		img-src 'self' *.kbb.eu data: *.newsletter2go.com maps.gstatic.com *.googleapis.com *.ggphti media.pay-link.eu *.flickr.com; 
		connect-src 'self' *.vimeo.com vimeo.com *.podigee.io *.kbb.eu *.top-ix.org *.newsletter2go.com *.staticflickr.com; 
		font-src 'self' *.gstatic.com data:; 
		object-src 'none'; 
		manifest-src 'self';
		media-src 'self' *.top-ix.org *.kbb.eu; 
		form-action 'self';
		frame-src 'self' *.vimeo.com *.kbb.eu *.youtube.com *.serve-u.de *.podigee-cdn.net *.top-ix.org berlinale-talents.pay-link.eu; 
		frame-ancestors 'self' *.vimeo.com, *.top-ix.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; 1
frame-ancestors https://identity.jeeveslms.nl 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-fdabbc254495118a98ce3657d901a853'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
connect-src 'self' *.source.thenbs.com https://login.thenbs.com asset.source.thenbs.com stats-collection.source.thenbs.com www.google-analytics.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com geolocation.onetrust.com *.hotjar.com *.hotjar.io wss: heapanalytics.com bat.bing.com c.bing.com *.clarity.ms; default-src 'self'; font-src 'self' use.typekit.net *.hotjar.com *.hotjar.io heapanalytics.com; frame-src 'self' https://login.thenbs.com asset.source.thenbs.com *.hotjar.com *.hotjar.io *.youtube.com *.vimeo.com; img-src 'self' asset.source.thenbs.com p.typekit.net *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com *.hotjar.com *.hotjar.io heapanalytics.com bat.bing.com c.bing.com *.clarity.ms secure.gravatar.com *.youtube.com i.ytimg.com *.vimeocdn.com; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-Tcq+i85MmiyI6o7t35263g==' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' www.google-analytics.com ajax.googleapis.com *.googletagmanager.com cdn.cookielaw.org cdn-ukwest.onetrust.com cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.hotjar.com *.hotjar.io cdn.heapanalytics.com heapanalytics.com 'unsafe-eval' bat.bing.com c.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net heapanalytics.com; worker-src 'none'; base-uri 'self'; 1
img-src * data: maps.gstatic.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com 1
frame-ancestors 'self' www.deubner-recht.de www.deubner-steuern.de www.deubner-verlag.de www.deubner-akademie.de www.deubner-online.de stage.deubner-recht.de stage.deubner-steuern.de stage.deubner-verlag.de stage.deubner-akademie.de; 1
default-src https: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;img-src 'self' data: https://ps.w.org https://www.googletagmanager.com https://www.google-analytics.com https://secure.gravatar.com https://wpmudev.com ;connect-src 'self' api.divigear.com https://stats.g.doubleclick.net https://www.google-analytics.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com ;object-src 'self';media-src 'self';frame-src 'self' https://www.youtube.com https://jobs.localjobnetwork.com https://www.localjobnetwork.com https://www.google.com https://www.elegantthemes.com;form-action 'self' https://wpmudev.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gfdrr.org http://www.geonode-gfdrrlab.org https://api.mapbox.com; connect-src 'self' https://www.google-analytics.com 1
default-src 'self'  https://dsa.piwik.pro/ ; frame-src * 'self'  data: blob: ; frame-ancestors 'self' blob: ; ; base-uri 'self' ; ; form-action 'self'  ; script-src * 'unsafe-eval' 'unsafe-inline'  ; object-src * 'self' data: blob: ; img-src * 'unsafe-inline'  data: ; style-src * 'unsafe-inline'  ; font-src * data: 1
frame-ancestors 'self' https://*.arcgis.com 1
default-src * data: blob: 'self'; script-src *.arena.com.tr *.kommunicate.io *.pencere.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.com *.kartega.com localhost:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *; connect-src *.arena.com.tr *.pencere.com *.kommunicate.io *.kartega.com *.google-analytics.com wss://*.kommunicate.io *.doubleclick.net localhost:*; 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com; connect-src 'self'  https://seapsession-corp.nlbproklik.com.mk https://seapin-corp.nlbproklik.com.mk https://seapasset-corp.nlbproklik.com.mk https://seapsession.nlbklik.com.mk https://seapin.nlbklik.com.mk https://seapasset.nlbklik.com.mk https://seapin.nlbproklik.com.mk https://maps.googleapis.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mari.netbanking.mk https://nano.netbanking.mk https://seapsession.nlbklik.com.mk https://seapsession.nlbproklik.com.mk  https://night.silkroad.24x7.com.mk https://sun.silkroad.24x7.com.mk https://rock.silkroad.24x7.com.mk https://luck.silkroad.24x7.com.mk  maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://www.24x7.com.mk data: maps.gstatic.com *.googleapis.com *.ggpht; style-src-elem 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; style-src-attr 'self' 'unsafe-inline'; frame-src 'self' https://www.google.com/recaptcha/ blob: https://www.youtube.com https://nlb.mk  https://mari.netbanking.mk https://nano.netbanking.mk https://night.silkroad.24x7.com.mk https://sun.silkroad.24x7.com.mk https://rock.silkroad.24x7.com.mk https://luck.silkroad.24x7.com.mk https://seapsession.nlbklik.com.mk; 1
default-src 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline';script-src 'self' 'nonce-c9e8c7c6f2e16321a8434e3e6a914c9ab3234f96' https://analytics.groupoffice.net; child-src 'none'; connect-src 'self' http://localhost https://intermesh.group-office.com https://analytics.groupoffice.net; img-src data: blob: 'self' http://localhost https://intermesh.group-office.com https://www.bestpractices.dev/projects/3248/badge; base-uri 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://js.stripe.com http://*.googlesyndication.com https://*.googlesyndication.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://img06.en25.com https://*.youtube.com https://cdn.cookielaw.org; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://img06.en25.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://clientes.cigna.es https://directorio-medico.cigna.es https://projects-live.phemium.com; report-uri https://www.cignasalud.es/report-uri/enforce 1
frame-ancestors 'self' *.alexander-buerkle.com service.ariba.com; report-uri https://e65f337e351d9e4b996a4e1ac0ba1846.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-dKn74hiLe0wqQlzQVRhj7NbadCn7sutNSM0pu9RDC5BeYGLS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://yourfilestore.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com https://csgcreative.com/ csgcreative.com https://optinmonster.com https://a.omappapi.com/ *.typekit.net use.typekit.net https://onpeak.s3.amazonaws.com feathr.co *.feathr.co; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.omappapi.com *.typekit.net use.typekit.net *.google-analytics.com *.libsyn.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: *.typekit.net use.typekit.net *.libsyn.com; img-src 'self' *.gstatic.com *.googleapis.com *.libsyn.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com picsum.photos *.picsum.photos https://optinmonster.com https://a.omappapi.com feathr.co *.feathr.co *.libsyn.com; media-src 'self' data: blob: https://www.youtube.com https://libsyn.com *.libsyn.com; form-action 'self' https://optinmonster.com https://a.omappapi.com/ *.libsyn.com; frame-src 'self' https://www.youtube.com https://optinmonster.com https://libsyn.com https://a.omappapi.com/ csgcreative.com giphy.com https://onpeak.s3.amazonaws.com *.libsyn.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com https://csgcreative.com https://giphy.com https://optinmonster.com https://a.omappapi.com/ https://onpeak.s3.amazonaws.com *.libsyn.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com apps.elfsight.com *.elfsight.com https://optinmonster.com *.omappapi.com https://onpeak.s3.amazonaws.com feathr.co *.feathr.co *.libsyn.com plugin-types 'self' https://optinmonster.com https://a.omappapi.com/ *.libsyn.com https://onpeak.s3.amazonaws.com *.libsyn.com; 1
frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; 1
default-src 'self' 'unsafe-inline' *.mobilecoach.org *.googleapis.com *.gstatic.com *.vimeo.com 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             js.hs-scripts.com 			js.hsforms.net             js.hsadspixel.net             js.hs-analytics.net             js.hs-banner.com             a.opmnstr.com             *.hotjar.com             *.salemove.com             *.glia.com             redbook.listerhill.com             connect.facebook.net             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             *.typeform.com             *.newtonsoftware.com             *.google-analytics.com 			*.analytics.google.com             *.googletagmanager.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com 			snap.licdn.com 			*.buzzsprout.com             *.banzai.org             banzai.org 			polyfill.io;         object-src 'self' data:;         style-src 'self' data: 'unsafe-inline' 			a.omappapi.com 			www.gstatic.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.groovecar.com             listerhill.groovecar.com             *.salemove.com             *.glia.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com;         img-src 'self' data: 			forms.hsforms.com 			forms-na1.hsforms.com 		    *.craft-cdn.com             www.facebook.com             *.googletagmanager.com             maps.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             i.ytimg.com             i.vimeocdn.com             *.mapbox.com             *.doubleclick.net             *.google.com             *.google-analytics.com 			*.analytics.google.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			px.ads.linkedin.com 			www.linkedin.com 			p.adsymptotic.com 			track.hubspot.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         media-src 'self' data:             vimeo.com             youtube.com             *.youtube.com             vimeocdn.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         frame-src data:             *.hotjar.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             listerhill.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com             *.vimeo.com             youtube.com             *.youtube.com             newton.newtonsoftware.com 			*.buzzsprout.com             *.typeform.com             *.salemove.com             zlcuma.secure.fundsxpress.com             zlcuma.banking.apiture.com             learnbanzai.com             banzai.org             banking.apiture.com;         font-src 'self' data:             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.salemove.com             *.glia.com             fonts.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             banzai.org             *.googleapis.com;         connect-src 'self' wss:			analytics.google.com 			forms.hsforms.com 			hubspot-forms-static-embed.s3.amazonaws.com 			*.craftcms.com             *.salemove.com             *.glia.com             *.twilio.com             vc.hotjar.io             api.opmnstr.com             ssl.gstatic.com             *.omappapi.com             *.hotjar.com             *.google-analytics.com 			*.analytics.google.com             stats.g.doubleclick.net 			api.hubapi.com 			api.craftcms.com 			translate.googleapis.com             maps.googleapis.com 1
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' *.manchester.ac.uk 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://app.posthog.com https://*.drift.mt *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.drift.mt; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.drift.mt https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://app.posthog.com https://*.drift.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-RMN+v5G/LwjvV/OT5quDDbOlY6z2s4Z0sIgq4MpenEk=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.drift.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://drift.mt/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://connect.facebook.net/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://bat.bing.com/bat.js https://cdn.matomo.cloud/ https://cegos.matomo.cloud/; object-src 'self'; base-uri 'none'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZGVhZjY3YjFmYjcyNGQ0NmFlZWNkMmQyODEzNTFkZDM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://oliphant.social; img-src 'self' data: blob: https://oliphant.social https://media.oliphant.social; style-src 'self' https://oliphant.social 'nonce-dgqWH6WaWdKWNEfv65sL0g=='; media-src 'self' data: https://oliphant.social https://media.oliphant.social; frame-src 'self' https:; manifest-src 'self' https://oliphant.social; form-action 'self'; child-src 'self' blob: https://oliphant.social; worker-src 'self' blob: https://oliphant.social; connect-src 'self' data: blob: https://oliphant.social https://media.oliphant.social wss://oliphant.social; script-src 'self' https://oliphant.social 'wasm-unsafe-eval' 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com maps.gstatic.com https://*.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval'  az416426.vo.msecnd.net *.addthis.com z.moatads.com v1.addthisedge.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com web-chat.global.assistant.watson.appdomain.cloud https://*.hotjar.com *.google.com *.gstatic.com *.shareaholic.net *.shareaholic.com *.openshareweb.com px.owneriq.net ml314.com *.tynt.com;frame-src 'self' w.soundcloud.com s7.addthis.com player.vimeo.com www.youtube.com share.transistor.fm z.moatads.com https://*.hotjar.com https://*.doubleclick.net *.google.com px.owneriq.net;font-src 'self' data: fonts.gstatic.com https://*.hotjar.com *.google.com *.openshareweb.com;connect-src 'self' dc.services.visualstudio.com m.addthis.com vimeo.com www.google-analytics.com api-public.addthis.com stats.g.doubleclick.net integrations.eu-gb.assistant.watson.appdomain.cloud api.amplitude.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.doubleclick.net *.shareaholic.net *.shareaholic.com;img-src 'self' data: i.vimeocdn.com maps.gstatic.com maps.googleapis.com www.google-analytics.com becaai.auto.facilitytwin.com https://*.hotjar.com sb.scorecardresearch.com px.owneriq.net *.tynt.com *.eyeota.net *.crwdcntrl.net;object-src 'none';frame-ancestors https://*.azurewebsites.net https://*.beca.com https://beca.com; 1
default-src 'self' index.html; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.stripe.com www.youtube.com *.onesignal.com *.googleapis.com *.cloudflare.com googletagmanager.com *.google-analytics.com s.reembed.com cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com fonts.gstatic.com cdn.onesignal.com *.googletagmanager.com *.google-analytics.com s.reembed.com fonts.googleapis.com cdn.jsdelivr.net; img-src s.w.org ps.w.org 'self' data: *.gstatic.com *.gravatar.com *.onesignal.com *.googletagmanager.com *.google-analytics.com *.global.ssl.fastly.net s.reembed.com fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' data: *.onesignal.com *.gravatar.com s.reembed.com fonts.googleapis.com cdn.jsdelivr.net fonts.gstatic.com 'unsafe-inline'; connect-src 'self' https: *.yoast.com; frame-src 'self' *.youtube.com *.test.wildsea.nl *.google.com; block-all-mixed-content; base-uri 'self'; frame-ancestors 'self' wildsea.nl www.hartstichting.nl www.omroepgelderland.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://col.social; img-src 'self' https: data: blob: https://col.social; style-src 'self' https://col.social 'nonce-8m/Hj73x1yLJU8eONu7PSA=='; media-src 'self' https: data: https://col.social; frame-src 'self' https:; manifest-src 'self' https://col.social; form-action 'self'; child-src 'self' blob: https://col.social; worker-src 'self' blob: https://col.social; connect-src 'self' data: blob: https://col.social https://media.col.social wss://col.social; script-src 'self' https://col.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com translate.google.com translate.googleapis.com ajax.googleapis.com code.jquery.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com www.google.com www.gstatic.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-BC2MwGMuDZwEKi3o3l66mX8Kd92g/cPP89rs/5+GqAJMnJk+' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' https://*; img-src 'self' data: https://*; 1
frame-ancestors 'self' https://*.stage-plus.com 1
default-src https://*.gentlent.com https://*.gentcdn.com 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src blob: data: https://*.gentlent.com https://gentlent.com https://*.stripe.com https://*.paddle.com https://*.google.com https://challenges.cloudflare.com 'self'; img-src https: blob: data: 'self'; manifest-src 'self'; media-src https: blob: 'self'; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors https://*.gentlent.com 'self'; object-src 'none'; base-uri https://*.gentlent.com 'self'; prefetch-src https:; form-action https: 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.de *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.de; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.de https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.de *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-qrgLLztrGC27gvarprS0Ag5OTLvGC4Kmx8LC4gBQ/AI=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.de *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.de/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/sagetv-web 1
default-src 'self' *.storyblok.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline'  *.storyblok.com wirewheel-p3-public-storage-datamanagement.s3.us-east-1.amazonaws.com datamanagement.wirewheel.io *.googletagmanager.com *.google-analytics.com app.termly.io snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io *.google.com *.gstatic.com cdn.resonate.com vercel.live assets.vercel.com *.hotjar.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net; frame-src 'self' *.storyblok.com *.youtube.com *.vimeo.com *.google.com *.gstatic.com *.spotify.com vercel.live assets.vercel.com; font-src 'self' *.googleapis.com *.gstatic.com; img-src 'self' data: a.storyblok.com storage.googleapis.com s3.amazonaws.com *.googletagmanager.com *.google-analytics.com app.termly.io snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io maps.googleapis.com i.ytimg.com *.hubspot.com *.hsforms.com vercel.live assets.vercel.com; media-src 'self' data: *.storyblok.com; connect-src 'self' *.storyblok.com wirewheel-p3-public-storage-datamanagement.s3.us-east-1.amazonaws.com datamanagement.wirewheel.io *.googletagmanager.com *.google-analytics.com app.termly.io snap.licdn.com *.linkedin.com cdn.linkedin.oribi.io *.reson8.com *.hscollectedforms.net *.hubapi.com; frame-ancestors 'self' *.storyblok.com 1
frame-ancestors 'self' https://hotelnetsolutions.de 1
frame-ancestors 'self' storymaps.arcgis.com 1
default-src 'self'; object-src a.storyblok.com a2.storyblok.com; media-src blob: data: a.storyblok.com storyblok.com *.wistia.com wistia.com wistia.net embedwistia-a.akamaihd.net;frame-src 'self' *; img-src 'self' data: *; script-src talk.hyvor.com 'self' 'unsafe-eval' 'unsafe-inline' * blob:; style-src 'self' 'unsafe-inline' *.formstack.io fonts.googleapis.com; connect-src 'self' *; font-src 'self' data: * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://theres.life 'wasm-unsafe-eval'; font-src 'self' https://theres.life; img-src 'self' data: blob: https://theres.life https://s3.us-west-1.wasabisys.com; style-src 'self' https://theres.life 'nonce-gOeWdowFhohj8QzKfa/UAw=='; media-src 'self' data: https://theres.life https://s3.us-west-1.wasabisys.com; frame-src 'self' https:; child-src 'self' blob: https://theres.life; worker-src 'self' blob: https://theres.life; connect-src 'self' blob: data: wss://theres.life https://theres.life https://s3.us-west-1.wasabisys.com; manifest-src 'self' https://theres.life; form-action 'self' 1
default-src 'self'; img-src 'self' data: https://chart.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com; report-uri https://cspreport.chainbox.io/report; 1
default-src 'self' blob: data: *.vervetx.com; script-src 'self' 'unsafe-inline' *.vervetx.com *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.vimeo.com *.greenhouse.io *.jsdelivr.net; style-src 'self' 'unsafe-inline' *.vervetx.com; img-src 'self' 'unsafe-inline' data: *.vervetx.com *.vimeocdn.com; media-src 'self' 'unsafe-inline' *.vervetx.com *.youtube-nocookie.com; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com https://snazzymaps.com *.vimeo.com *.greenhouse.io; child-src 'self' *.vervetx.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: *.vervetx.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com analytics.google.com *.googleapis.com *.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'none'; style-src 'self' 'nonce-9Vn9lGqhxSwDNunZMNjVcMBY7GmutqHc' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-vO+jyafX5NcIY3Pov/PIsnz5KbWf9+OauM9hnSEz33uSkXbm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-15HUfd4yADMwcNm3zc8Olpn2ruk='; style-src 'nonce-15HUfd4yADMwcNm3zc8Olpn2ruk=' 1
default-src 'self' *.aiaibot.com; block-all-mixed-content ; base-uri 'self'; frame-ancestors 'self' https://www.shkb.ch; img-src 'self' https://www.shkb.ch data: shkb-dev.rokka.io shkb-live.rokka.io image.shkb.ch shkb.containers.piwik.pro shkb.piwik.pro cdn.cookielaw.org; worker-src 'self' https://www.shkb.ch; style-src 'self' https://www.shkb.ch 'unsafe-inline' *.google.com *.googleapis.com shkb.containers.piwik.pro; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'  https://www.shkb.ch shkb.containers.piwik.pro shkb.piwik.pro chat.aiaibot.com cdn.cookielaw.org unpkg.com; connect-src 'self' https://www.shkb.ch shkb.containers.piwik.pro shkb.piwik.pro api.aiaibot.com cdn.cookielaw.org *.onetrust.com wwwsec.shkb.ch; frame-src 'self' *.vimeo.com https://www.shkb.ch *.aiaibot.com; manifest-src 'self'; media-src 'self' https://www.shkb.ch; font-src 'self' data: shkb.containers.piwik.pro shkb.piwik.pro; form-action 'self'; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'             maps.gstatic.com               dashboard.umbraco.org               cdn.cookielaw.org               youtube.com               cognito-identity.eu-central-1.amazonaws.com               *.azurewebsites.net               fonts.googleapis.com               unpkg.com               cdnjs.cloudflare.com               maps.googleapis.com               cdn.jsdelivr.net               fonts.gstatic.com               static.sooqr.com               www.youtube.com               www.facebook.com               *.google-analytics.com               www.googletagmanager.com               www.google.com               www.google.nl               www.gstatic.com               google-analytics.com               cdn.gethatch.com               gethatch.com               papi.gethatch.com               dynamic.sooqr.com               static.sooqr.com               firehose.eu-central-1.amazonaws.com               privacyportal.onetrust.com               stats.g.doubleclick.net               facebook.com               connect.facebook.net               data: 1
frame-ancestors 'self'; report-uri https://www.seattlesbest.com/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-e6wYgS5kW1+m9LuVq5I2ldJkrznb98fB6UAHFqKWn34am7TZ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' systrum.net systrum.net:8443; img-src 'self'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'self'; base-uri 'self'; form-action 'self'; script-src 'self' 'unsafe-inline'; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.siinergy.net themes.googleusercontent.com *.typekit.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tagmanager.google.com www.google.com linkedin.com px.ads.linkedin.com snap.licdn.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://js.hsforms.net; worker-src blob:; report-uri https://sii-group.com/en-GB/report-uri/enforce 1
default-src 'self'; style-src * 'unsafe-inline'; media-src *; connect-src *; img-src * data:; font-src *; script-src https://* 'unsafe-inline' 'unsafe-eval'; frame-src https://*.google.com https://player.vimeo.com https://careers.sacmigroup.com https://d29adx25r2x8c0.cloudfront.net https://*.facebook.com https://www.youtube.com https://e.issuu.com 'self'; 1
default-src 'self'; style-src 'self'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; base-uri 'self'; 1
connect-src 'self' www.google-analytics.com; default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' youtube.com www.youtube.com www.google.com nata.com.au; img-src 'self' 'unsafe-inline' www.google-analytics.com img.youtube.com maps.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com cdn.jsdelivr.net snap.licdn.com connect.facebook.net nata.app.axcelerate.com js-agent.newrelic.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 1
connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com siteintercept.qualtrics.com *.visualwebsiteoptimizer.com app.vwo.com ct.pinterest.com; frame-src 'self' https://8818680.fls.doubleclick.net https://vars.hotjar.com https://insight.adsrvr.org https://bid.g.doubleclick.net/ https://match.adsrvr.org https://www.youtube.com https://www.google.com optimize.google.com https://*.hotjar.com listen.caresuper.com.au app.vwo.com *.visualwebsiteoptimizer.com ct.pinterest.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net googletagmanager.com https://*.hotjar.com https://www.facebook.com siteintercept.qualtrics.com sg-widgets-delivery.s3.ap-southeast-2.amazonaws.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ct.pinterest.com syd1.qualtrics.com www.caresuper.com.au data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://use.typekit.net https://static.cloudflareinsights.com https://www.googleanalytics.com https://www.google-analytics.com https://www.google.com https://static.hotjar.com https://bs.serving-sys.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://js.adsrvr.org https://p.typekit.net https://googleads.g.doubleclick.net https://script.hotjar.com https://px.ads.linkedin.com https://in.hotjar.com https://vc.hotjar.io https://cdn.pdst.fm https://static.ads-twitter.com https://us-central1-adaptive-growth.cloudfunctions.net https://analytics.twitter.com https://t.co https://stats.g.doubleclick.net https://www.google.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googleadservices.com 8818680.fls.doubleclick.net s.yimg.com typekit.com adservice.google.com r.turn.com sp.analytics.yahoo.com d3640472395795663314-t8741237922140982281.id.amgdgt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://www.gstatic.com/recaptcha/releases/ optimize.google.com googleoptimize.com https://*.hotjar.com zn6xtmlei0rdwhynk-caresuper.siteintercept.qualtrics.com siteintercept.qualtrics.com sg-widgets-delivery.s3.ap-southeast-2.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s.pinimg.com ct.pinterest.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' optimize.google.com fonts.googleapis.com https://*.hotjar.com sg-widgets-delivery.s3.ap-southeast-2.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self' https://8818680.fls.doubleclick.net https://vars.hotjar.com https://insight.adsrvr.org 1
default-src https: https://*.definition6.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://*.definition6.com; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data: 1
child-src blob:; connect-src 'self' https://www.google-analytics.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net; default-src 'self' https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://*.wistia.com; frame-src https://fast.wistia.com https://fast.wistia.net; img-src 'self' data: https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://*.wistia.com https://*.wistia.net https://src.litix.io; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com; worker-src 'self' blob:; 1
report-uri https://www.cpo.lt 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://*.mypurecloud.ie https://*.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; img-src * blob: data:; 1
upgrade-insecure-requests; frame-ancestors 'self' http://whova.com https://*.events.whova.com https://whova.me:* https://*.whova.me; report-uri https://whova.com/_csp 1
upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' mailto: *; font-src 'self' data: * ; img-src 'self' data: blob: * ; object-src 'none'; form-action 'self' 1
img-src * 'self' data:; font-src * 'self' data:; base-uri 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' google-analytics.com https://api.giphy.com https://*.google.com https://*.sentry.io cloudflareinsights.com ws://api.rememo.io http://api.rememo.io https://strapi.rememo.io *.googlesyndication.com; default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com *.googlesyndication.com googletagmanager.com googleadservices.com partner.googleadservices.com; frame-src *.googlesyndication.com googleads.g.doubleclick.net www.google.com; 1
default-src 'self' spirion.com *.spirion.com crazyegg.com *.crazyegg.com 'unsafe-inline' 'unsafe-eval' https: data:; img-src * data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-698d1df745d1164633c92be9209ff78f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors self boschenlinea.com:* *.boschenlinea.com:* rbmxdevcommerce.com:* *.rbmxdevcommerce.com:*; 1
frame-ancestors 'self' *.instructure.com canvas.kings.edu.au canvas.parra.catholic.edu.au canvas.barker.college canvas.au.oneschoolglobal.com; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://systemweakness.com https://*.systemweakness.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
worker-src blob: 'self'; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.bootstrapcdn.com *.zopim.com *.zopim.io data: cdn.e-satisfaction.com collection.e-satisfaction.com *.hotjar.com *.hotjar.io maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com *.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.vivapayments.com www.facebook.com *.eurocommerce.gr collection.e-satisfaction.com *.cardlink.gr 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.skroutz.gr www.skroutz.gr skroutz.gr linkwi.se go.linkwi.se *.bestprice.gr googleads.g.doubleclick.net *.facebook.com google.gr www.google.gr www.google.com trustmark.gr *.hotjar.com *.hotjar.io *.contactpigeon.com *.vimeo.com https://www.googletagmanager.com/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com www.facebook.com scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com www.google.gr www.google.com *.bestprice.gr *.google-analytics.com https://meetanshi.com/media/logo.png https://mageside.com/skin/frontend/rwd/mageside_shop/images/logo.png https://cdn.klarna.com/1.0/shared/image/generic/badge/en_us/pay_later/descriptive/pink.svg stats.g.doubleclick.net trustmark.gr *.contactpigeon.com *.pinterest.com analytics.skroutz.gr skroutza.skroutz.gr skroutz.gr *.zopim.com *.zopim.io www.glami.gr googleads.g.doubleclick.net cdn.e-satisfaction.com collection.e-satisfaction.com *.linkedin.com *.hotjar.com *.hotjar.io *.bitmyjob.gr bitmyjob.gr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com google.com *.gstatic.com www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.cloudflare.com *.google-analytics.com *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com *.chimpstatic.com *.mailchimp.com https://chimpstatic.com *.googletagmanager.com *.skroutz.gr www.skroutz.gr skroutz.gr *.bestprice.gr r1-t.trackedlink.net *.doubleclick.net *.adman.gr trustmark.gr *.contactpigeon.com *.pinimg.com *.e-satisfaction.com *.cloudflareinsights.com *.pinterest.com *.zopim.com *.zdassets.com www.glami.cz snap.licdn.com *.hotjar.com *.hotjar.io https://static.hotjar.com/c/hotjar-2174914.js https://go.linkwi.se *.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.e-satisfaction.com https://collection.e-satisfaction.com *.contactpigeon.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.apptrian.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger *.kxcdn.com dpm.demdex.net www.bestprice.gr *.google-analytics.com *.doubleclick.net *.e-satisfaction.com *.pinterest.com www.facebook.com *.zdassets.com *.zopim.com wss://*.zopim.com *.contactpigeon.com *.adman.gr *.instagram.com *.hotjar.com *.hotjar.io wss://*.hotjar.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.dev-qa.servicase.com/ https://www.servicase.com/ 1
default-src 'self' *.crazyegg.com data: ;   connect-src 'self' *.crazyegg.com data: https: wss: ;   font-src 'self' data: chrome-extension: https: ;   img-src 'self' *.crazyegg.com data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' inline 'unsafe-inline' 'unsafe-eval' *.crazyegg.com about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' about: https: data: ;   style-src 'self' 'unsafe-inline' *.crazyegg.com https: ;   style-src-elem 'self' 'unsafe-inline' https: data: ;   style-src-attr 'self' 'unsafe-inline' https: ;   media-src 'self' data: https: ;   worker-src 'self' 'unsafe-inline' blob: https: ;   frame-ancestors 'self' https: ;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 1
script-src https://app.usercentrics.eu/ https://www.vms.de/ 'self' 'nonce-WmE4ZG5UT1RPLW9hS1BXeTVSYXBQQUFBQUFV' 'unsafe-eval'; object-src 'none'; base-uri 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ylVbkglwBvwlkFlnBIpoQ24KS/hMIQqMAIk5Jmgt1YeIpstq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://*.funtap.vn https://*.playfun.vn https://thuthanhawaken.vn https://ngaothekiemthan.vn thanthuafk.vn https://event.9pay.vn 1
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*.visableleads.com https://*.matomo.cloud https://*.cookielaw.org https://*.facebook.com https://*.hotjar.com https://*.licdn.com https://reservations.tablebooker.com https://*.doubleclick.net https://www.googleadservices.com https://static.addtoany.com https://*.tiktok.com https://embed.typeform.com https://cdn.syndication.twimg.com https://*.twitter.com https://*.getclicky.com https://chat.sendinblue.com https://sibautomation.com https://code.createjs.com https://use.typekit.net https://vjs.zencdn.net https://*.cookiebot.com https://cdn.jsdelivr.net https://s7.addthis.com https://*.googleapis.com https://*.list-manage.com https://unpkg.com https://code.jquery.com https://js.stripe.com https://ws.sharethis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google-analytics.com https://cdn.ckeditor.com https://policy.app.cookieinformation.com https://s3.amazonaws.com https://player.vimeo.com https://i.vimeocdn.com https://fast.wistia.com https://www.youtube.com https://s.ytimg.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com; connect-src 'self' https://*.onetrust.com https://*.matomo.cloud https://*.cookielaw.org https://*.facebook.com https://*.googleapis.com https://*.hotjar.com https://*.linkedin.oribi.io https://*.analytics.google.com https://*.google-analytics.com https://*.tiktok.com https://*.getclicky.com https://*.sendinblue.com wss://chat-messaging.sendinblue.com https://consentcdn.cookiebot.com https://*.app.cookieinformation.com https://*.sharethis.com https://*.openstreetmap.org https://stats.g.doubleclick.net https://www.facebook.com https://vimeo.com ;  frame-ancestors 'self'; form-action 'self' https://checkout.stripe.com https://syndication.twitter.com https://*.list-manage.com https://www.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.grotekerk-alkmaar.nl.local https://*.theaterenkerkalkmaar.nl.local https://*.grotekerk.local https://*.theaterdevest.nl https://grotekerk-alkmaar.nl.local https://theaterenkerkalkmaar.nl.local https://theaterdevest.nl.local https://grotekerk-alkmaar.nl.local:* https://theaterenkerkalkmaar.nl.local:* https://theaterdevest.nl.local:* https://*.formitable.com https://*.jsdelivr.net https://*.youtube.com https://*.youtube-nocookie.com https://*.spotify.com https://*.ytimg.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.nl https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.adform.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cx.atdmt.com https://tagmanager.google.com https://www.googletagmanager.com https://i.vimeocdn.com https://player.vimeo.com https://*.vimeo.com https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://use.typekit.net; frame-src 'self' https://*.local https://*.botest.nl https://*.basicorange.nl https://*.theaterdevest.nl https://*.grotekerk-alkmaar.nl https://*.theaterenkerkalkmaar.nl https://*.spotify.com https://vars.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.vimeo.com https://*.adform.net https://*.formitable.com https://bid.g.doubleclick.net https://view.genial.ly/ https://player.vimeo.com/; 1
script-src 'self' https://js.stripe.com https://www.google.com https://www.gstatic.com https://js.hs-scripts.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com; img-src 'self' data: https://s3.amazonaws.com https://api.qrserver.com https://d1tjhalb21ij3m.cloudfront.net https://track.hubspot.com https://forms.hsforms.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; default-src 'self'; object-src 'none'; base-uri https://*.metronomesoftware.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1tjhalb21ij3m.cloudfront.net; connect-src 'self' https://js.stripe.com https://s3.amazonaws.com https://api.hubapi.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com; frame-src 'self' https://js.stripe.com https://www.youtube.com https://www.google.com https://app.hubspot.com 1
default-src 'self' player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.dtnr.nl; connect-src 'self' piwik.dtnr.nl; img-src 'self' data: https: s.w.org ps.w.org secure.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.addtoany.com *.createsend1.com *.flourish.studio; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.ytimg.com *.openstreetmap.org *.flourish.studio; media-src 'none'; frame-src 'self' *.addtoany.com *.vimeo.com *.youtube.com flo.uri.sh; frame-ancestors 'none'; child-src 'none'; font-src *.gstatic.com; connect-src 'self' *.google-analytics.com *.googleapis.com createsend.com *.addtoany.com ; upgrade-insecure-requests 1
default-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.vo.msecnd.net https://ajax.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://r.bing.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.pinimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.civiccomputing.com https://www.youtube.com https://script.crazyegg.com https://cdn.jsdelivr.net https://code.jquery.com https://maps.googleapis.com *.sharethis.com dl.episerver.net; connect-src 'self' *; style-src 'self' 'unsafe-inline' *.licdn.com *.google.com *.bing.com ajax.googleapis.com www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com; object-src *.googlesyndication.com; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org https://ssl.google-analytics.com https://www.google-analytics.com https://*.linkedin.com https://bat.bing.com https://*.google.com https://www.google.pl https://ct.pinterest.com https://shoplogos.commerce-connector.de https://*.doubleclick.net https://*.googletagmanager.com https://i.ytimg.com https://*.gstatic.com https://*.googleapis.com https://platform-cdn.sharethis.com *.facebook.com *.spotify.com *.twitter.com *tiktok.com *instagram.com; frame-src 'self' https://td.doubleclick.net https://ct.pinterest.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; worker-src 'self' blob: www.google.com 1
frame-ancestors 'none'; frame-src 'self' https://www.facebook.com https://tpc.googlesyndication.com https://www.youtube.com https://qa.infotorg.no https://app.infotorg.no https://app-test.infotorg.no https://www.infotorg.no https://widget.trustpilot.com https://intercom-sheets.com/; object-src 'none'; base-uri 'none'; report-uri /report 1
frame-ancestors 'self' *.arosuite.com;       default-src 'unsafe-inline' 'self' *.arosuite.com ajax.cloudflare.com scdn.aro.ie static.arocdn.com *.cookiebot.com *.typekit.net *.googleapis.com *.googletagmanager.com *.vimeo.com *.akamaized.net squizlabs.github.io booking.resdiary.com widgetthemes-live.azureedge.net;       script-src 'unsafe-inline' 'unsafe-eval' 'self' scdn.aro.ie static.arocdn.com *.cookiebot.com *.cookiebot.eu *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net *.typekit.net squizlabs.github.io *.hotjar.com e.issuu.com bda.bookatable.com booking.resdiary.com js.stripe.com        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;       font-src 'unsafe-inline' 'self' data: scdn.aro.ie static.arocdn.com *.googleapis.com *.gstatic.com *.typekit.net booking.resdiary.com;       img-src 'self' data: snapshot: scdn.aro.ie static.arocdn.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.googleapis.com *.facebook.com *.typekit.net resdiary.blob.core.windows.net widgetthemes-live.azureedge.net        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;        frame-src 'self' data: mailto: *.facebook.com *.cookiebot.com *.google.com *.youtube.com *.vimeo.com js.stripe.com www.skylinewebcams.com *.issuu.com;       connect-src 'self' *.arosuite.com *.cookiebot.com *.cookiebot.eu *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.facebook.com wss: *.hotjar.com sentry.issuu.com booking.resdiary.com        *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;       form-action 'self' *.facebook.com;       report-to groupName; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-x1kxc81r0O+2mCrpD5JofQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://assemblag.es; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankmilliongames.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankmilliongames.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankmilliongames.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-kNV+NSwcEUlv9ZrRHffXaA==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankmilliongames.com wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-cf680257fe8128f951dc30abddd66b65'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
object-src *; img-src *; frame-src * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ani.work; img-src 'self' https: data: blob: https://ani.work; style-src 'self' https://ani.work 'nonce-mhnjUbB3hP7VS0uHn5kGZw=='; media-src 'self' https: data: https://ani.work; frame-src 'self' https:; manifest-src 'self' https://ani.work; form-action 'self'; connect-src 'self' data: blob: https://ani.work https://cdn.ani.work wss://ani.work; script-src 'self' https://ani.work 'wasm-unsafe-eval'; child-src 'self' blob: https://ani.work; worker-src 'self' blob: https://ani.work 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-63953e3a16df58eebac8ed3252901031'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.travelcheck.de *.snowtrex.de *.snowtrex.com *.ypsilon.net *.ferienwohnung-be.de *.meine-landausfluege.de *.facebook.net fonts.gstatic.com *.ameropa.de *.google-analytics.com *.google.com planetandyou.de *.planetandyou.de ibe-staging.traffics.de travelcheck.visa-gate.com *.visa-gate.com *.auswaertiges-amt.de auswaertiges-amt.de profewo.de *.profewo.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.travelcheck.de *.amazonaws.com *.snowtrex.de *.snowtrex.com *.ypsilon.net *.ferienwohnung-be.de *.meine-landausfluege.de *.facebook.net *.googletagmanager.com *.google-analytics.com *.planetandyou.de profewo.de *.profewo.de; style-src 'self' 'unsafe-inline' *.travelcheck.de fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: *; frame-ancestors 'self' fmo.de *.fmo.de fmo2022.flughafen-fmo.de airport-pad.com *.airport-pad.com *.planetandyou.de 1
report-to default;report-uri https://alphawave.uriports.com/reports/report 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ExLeckjRxykuzwW-uXXfMA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' secure.id.dbsdigibank.com;default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: impressions.onelink.me http://sin-col.eum-appdynamics.com http://cdn.appdynamics.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd sin-col.eum-appdynamics.com cdn.appdynamics.com secure.id.dbsdigibank.com analytics.tiktok.com advertiser.inmobiapis.com offers-mobavenue.affise.com uads.infomo.net insight.adsrvr.org *.tt.omtrdc.net www.trinaxmind.com *.appsflyer.com  *.licdn.com  *.inmobicdn.net *.criteo.com *.criteo.net *.infomo.com *.torcai.com api-us.faceplusplus.com maps.gstatic.com *.googleapis.com *.ggpht.com v1.addthisedge.com v1.addthis.com tags.tiqcdn.com cdn-akamai.mookie1.com s7.adskom.com www.dbs.com dbsweb-u02-dbs8.uat.dbs.com  dbs.demdex.net dpm.demdex.net pixel.tapad.com tagmanager.google.com ssl.google-analytics.com ssp.adskom.com tag.perfectaudience.com js.adsrvr.org *.fls.doubleclick.net googleads.g.doubleclick.net secure-ds.serving-sys.com www.google-analytics.com analytics.google.com bs.serving-sys.com bcp.crwdcntrl.net www.googletagmanager.com stats.g.doubleclick.net www.googleadservices.com tags.crwdcntrl.net www.gstatic.com www.dbs.com.sg s.go-mpulse.net c.go-mpulse.net www.dbs.com maps.googleapis.com maps.gstatic.com chart.googleapis.com assets.adobedtm.com m.addthisedge.com s7.addthis.com graph.facebook.com www.linkedin.com api-public.addthis.com m.addthis.com www.dbs.com ds-aksb-a.akamaihd.net px.ads.linkedin.com sjs.bizographics.com cdnjs.cloudflare.com connect.facebook.net www.google.com fonts.googleapis.com bid.g.doubleclick.net dbs.sc.omtrdc.net www.youtube.com www.google.com.sg fonts.gstatic.com dbs.112.2o7.net www.facebook.com www.google.co.id ssl.gstatic.com *.fls.doubleclick.net *.akstat.io dpm.demdex.net dbs.sc.omtrdc.net http://www.dbs.com http://wwwak.dbs.id http://www.dbs.id data:; 1
default-src 'self' analytics.ifm-bonn.org ; script-src 'self' 'unsafe-eval' analytics.ifm-bonn.org 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.ifm-bonn.org typo3conf 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-bd7c3be105224e7374a502731e45f6c4'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kinkyelephant.com; img-src 'self' https: data: blob: https://kinkyelephant.com; style-src 'self' https://kinkyelephant.com 'nonce-WVp1SVd1Ht+Vgz2xSN2B5Q=='; media-src 'self' https: data: https://kinkyelephant.com; frame-src 'self' https:; manifest-src 'self' https://kinkyelephant.com; form-action 'self'; child-src 'self' blob: https://kinkyelephant.com; worker-src 'self' blob: https://kinkyelephant.com; connect-src 'self' data: blob: https://kinkyelephant.com https://cdn.masto.host wss://kinkyelephant.com; script-src 'self' https://kinkyelephant.com 'wasm-unsafe-eval' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 1
default-src 'self'; base-uri 'none'; child-src 'self' blob:; form-action 'self' https://www.google.com; font-src 'self' data:; frame-ancestors 'none'; object-src 'none'; worker-src 'self' blob:; img-src 'self' blob: data: https://cdn.usefathom.com https://cdn.sanity.io; script-src 'self' 'unsafe-inline' https://cdn.usefathom.com https://js.stripe.com https://platform.twitter.com https://sentry.io https://*.sentry.io https://o70939.ingest.sentry.io; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.usefathom.com https://api.stripe.com https://api.mapbox.com https://events.mapbox.com https://platform.twitter.com https://sentry.io https://*.sentry.io https://o70939.ingest.sentry.io https://resistbot.report-uri.com https://cdn.sanity.io https://fj76bufg96.execute-api.us-west-2.amazonaws.com https://8qidifgfmb.execute-api.us-west-2.amazonaws.com; frame-src https://js.stripe.com https://hooks.stripe.com https://platform.twitter.com https://airtable.com https://static.airtable.com; report-uri https://resistbot.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src 'self'; img-src * blob: data:; child-src www.google.com blob:; connect-src 'self' m.addthis.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.wistia.com *.litix.io *.akamaihd.net; base-uri 'self'; form-action 'self'; object-src 'self'; media-src 'self' *.wistia.com *.akamaihd.net data: blob:; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: www.potteranderson.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; report-uri https://csp-reports.firmseek.com/potter; 1
default-src 'self'  https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://*.yandex.ru https://*.yandex.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-7814c749f6ed4f1daab1c7ba22078043' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js *.myheritage.com.hr https://www.myheritage.com.hr  'nonce-6c5bf1163b7b639e6447b1953ce43f81' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.hr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.livechatinc.com www.zettagrid.id secure.livechatinc.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com www.gstatic.com forms.hsforms.com js.hsforms.net *.zettagrid.com *.zettagrid.id www.googleadservices.com js.hsadspixel.net js.hs-banner.com js.usemessages.com www.googletagmanager.com www.googleadmanager.com www.googleadservice.com www.google.com.au www.google.com *.google-analytics.com track.hubspot.com secure.gravatar.com js.usermessages.com hs-banner.com *.g.doubleclick.net js.hs-analytics.net js.hscollectedforms.net js.hs-scripts.com secure.livechatinc.com cdn.livechatinc.com stats.g.doubleclick.net api.livechatinc.com *.zettagrid.id snap.licdn.com static.zdassets.com pod-25.zendesk.com cdnjs.cloudflare.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-f7d567cf5b51899d9d08870ff72b834b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.doubleclick.net *.onetrust.com *.diageoagegate.com *.diageoplatform.com *.cloudfunctions.net *.googlesyndication.com *.google-analytics.com *.mapbox.com *.diageohorizon.com *.fontawesome.com *.cloudflare.com *.typekit.net data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; object-src 'none' ; base-uri * 1
media-src  cdn.flowplayer.com; default-src https: 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://res.onlinetravel.es; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://elekk.xyz 'wasm-unsafe-eval'; font-src 'self' https://elekk.xyz; img-src 'self' data: blob: https://elekk.xyz https://pool.jortage.com https://blob.jortage.com; style-src 'self' https://elekk.xyz 'nonce-H4q6YNE7BqhoaX13IVd/aQ=='; media-src 'self' data: https://elekk.xyz https://pool.jortage.com https://blob.jortage.com; frame-src 'self' https:; child-src 'self' blob: https://elekk.xyz; worker-src 'self' blob: https://elekk.xyz; connect-src 'self' blob: data: wss://elekk.xyz https://elekk.xyz https://pool.jortage.com https://blob.jortage.com; manifest-src 'self' https://elekk.xyz; form-action 'self' 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-84d15d8dcaed49498a793b65f302a975' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bne.social; img-src 'self' https: data: blob: https://bne.social; style-src 'self' https://bne.social 'nonce-WEE/beV14i2JNPoVQ/XXOw=='; media-src 'self' https: data: https://bne.social; frame-src 'self' https:; manifest-src 'self' https://bne.social; form-action 'self'; child-src 'self' blob: https://bne.social; worker-src 'self' blob: https://bne.social; connect-src 'self' data: blob: https://bne.social https://assets.bne.social wss://bne.social; script-src 'self' https://bne.social 'wasm-unsafe-eval' 1
default-src 'self' *.tusass.gl; img-src 'self' *.tusass.gl data: mkjobtelepost.azurewebsites.net; form-action 'self' *.tusass.gl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tusass.gl challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *.tusass.gl; connect-src 'self' *.tusass.gl *.algolia.net; frame-src 'self' *.tusass.gl player.vimeo.com www.youtube-nocookie.com mkjobtelepost.azurewebsites.net tusass.speedtestcustom.com telepost.speedtestcustom.com challenges.cloudflare.com; frame-ancestors *.tusassmusic.gl; upgrade-insecure-requests 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-XkFuTHcc92NmAEs5oKbiSYn9RTc='; style-src 'nonce-XkFuTHcc92NmAEs5oKbiSYn9RTc=' 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://*.googleapis.com; font-src 'self' data: https://*.gstatic.com/ https://maxcdn.bootstrapcdn.com/bootstrap/; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://*.ksgn.com; base-uri 'self'; frame-src 'self' https://www.imagerecycle.com https://www.youtube.com https://maps.google.com https://docs.google.com https://accounts.google.com https://apis.google.com https://platform.twitter.com https://staticxx.facebook.com https://www.facebook.com https://player.vimeo.com/ https://www.google.com/ https://tunein.com/ https://vimeo.com/ https://streams.radiomast.io/; img-src 'self' data: https://*.ksgn.com https://www.imagerecycle.com/images/ https://play.google.com https://tools.applemediaservices.com/api/ https://apple-resources.s3.amazonaws.com/ https://maps.google.com https://*.googleapis.com https://*.gstatic.com https://syndication.twitter.com https://www.google-analytics.com https://sealserver.trustwave.com https://m.media-amazon.com/images/ https://extensionscdn.joomla.org/; script-src 'self' 'unsafe-inline' https://*.ksgn.com/ https://code.jquery.com/ui/ https://cdnjs.cloudflare.com/ajax/libs/mediaelement/4.2.9/mediaelement-and-player.min.js https://*.googleapis.com/ https://apis.google.com https://connect.facebook.net/en_US/sdk.js https://maps.google.com/maps/ https://maps.google.com/maps-api-v3/ https://platform.linkedin.com/in.js https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://sealserver.trustwave.com https://code.jquery.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment.min.js https://cdn.jsdelivr.net/jquery.slick/1.6.0/slick.min.js https://maxcdn.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/bootstrap/ https://appscdn.joomla.org/webapps/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/mediaelement/4.2.9/mediaelementplayer.min.css https://maxcdn.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/jquery.slick/; media-src 'self' https://dts.podtrac.com/ https://*.libsyn.com https://*.cloudfront.net https://streams.radiomast.io/ https://*.radiomast.io/ 1
default-src 'self' googleads.g.doubleclick.net platform.twitter.com syndication.twitter.com pagead2.googlesyndication.com tpc.googlesyndication.com *.force.com *.salesforce-sites.com www.youtube.com gumroad.com *.gumroad.com *.gstatic.com www.google-analytics.com docs.google.com *.google.com gum.co forms.gle;script-src-elem 'self' 'unsafe-inline' platform.twitter.com cdnjs.cloudflare.com *.googletagmanager.com partner.googleadservices.com adservice.google.it adservice.google.com www.google-analytics.com *.amazon-adsystem.com www.googletagservices.com cdn.syndication.twimg.com pagead2.googlesyndication.com tpc.googlesyndication.com gumroad.com *.gumroad.com cdn.organizer.solutions *.google.com static.cloudflareinsights.com fundingchoicesmessages.google.com www.gstatic.com;script-src 'self' 'unsafe-inline' platform.twitter.com cdnjs.cloudflare.com *.googletagmanager.com partner.googleadservices.com adservice.google.it adservice.google.com www.google-analytics.com *.amazon-adsystem.com www.googletagservices.com cdn.syndication.twimg.com pagead2.googlesyndication.com tpc.googlesyndication.com cdn.organizer.solutions;object-src 'none';font-src 'self' data: fonts.gstatic.com cdn.organizer.solutions assets.gumroad.com;img-src 'self' data: https: *.amazon-adsystem.com *.googlesyndication.com abs.twimg.com cdn.organizer.solutions;style-src 'self' https: 'unsafe-inline' *.cloudflare.com fonts.googleapis.com cdn.organizer.solutions cdn-images.mailchimp.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: 1
frame-ancestors 'self' https://www.seda.com.br unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-ancestors 'self' *.unav.es *.unav.edu 1
frame-ancestors 'none'; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' https://cdn.denomatic.com https://googleads.g.doubleclick.net https://app.termly.io https://customs.affilired.com https://cdn.onesignal.com/sdks/OneSignalSDKWorker.js https://www.googletagmanager.com https://static.archipelagointernational.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.termsfeed.com https://challenges.cloudflare.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app.termly.io https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://fonts.googleapis.com https://static.archipelagointernational.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com/css2 https://accounts.google.com; object-src 'none'; frame-src 'self' https://app.termly.io https://*.doubleclick.net https://customs.affilired.com https://ovs-gadget.tour-list.com https://challenges.cloudflare.com https://accounts.google.com https://apis.google.com https://*.googleapis.com; img-src 'self' data: blob: https://images.archipelagohotels.com https://www.googletagmanager.com https://*.tile.openstreetmap.org https://static.pbahotels.com https://static.astonhotelsinternational.com https://google.com/favicon.ico https://*.googleusercontent.com https://csi.gstatic.com https://www.google.com/favicon.ico https://imageresizer.arch.software; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://adservice.google.com https://app.termly.io https://www.google-analytics.com https://www.termsfeed.com https://fonts.gstatic.com https://*.openstreetmap.org https://*.archipelagointernational.com https://www.googletagmanager.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://static.astonhotelsinternational.com https://static.pbahotels.com https://imageresizer.arch.software https://cdnjs.cloudflare.com https://www.googleapis.com/oauth2/v3/userinfo blob: https://accounts.google.com https://apis.google.com; manifest-src 'self'; base-uri 'none'; form-action 'self' https://www.simplebooking.it; media-src 'self'; worker-src 'self'; report-to default; 1
frame-ancestors 'self' *.kurs.software *.gemnova.at 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-de1a0c79c163a9a1ac5f14333bd8de31' https://supportgroups.com/logs/ https://supportgroups.com/sidekiq/ https://supportgroups.com/mini-profiler-resources/ https://supportgroups.com/assets/ https://supportgroups.com/extra-locales/ https://supportgroups.com/highlight-js/ https://supportgroups.com/javascripts/ https://supportgroups.com/plugins/ https://supportgroups.com/theme-javascripts/ https://supportgroups.com/svg-sprite/ https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js https: 'unsafe-inline'; worker-src 'self' https://supportgroups.com/assets/ https://supportgroups.com/javascripts/ https://supportgroups.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
script-src ‘unsafe-inline’ 1
default-src 'self' https://*.alude.com.br https://*.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.alude.com.br https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://ssl.google-analytics.com https://static.zdassets.com/ https://*.zendesk.com/ https://*.livechatinc.com/ https://*.facebook.net/ https://*.hotjar.com/ https://accounts.google.com/gsi/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://player.vimeo.com/ https://js.refiner.io/; style-src 'self' 'unsafe-inline' https://*.alude.com.br https://*.google.com; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.alude.com.br https://www.google-analytics.com https://*.sanity.io https://*.zopim.com/ wss://*.zopim.com/ wss://*.zendesk.com/ https://*.zdassets.com https://*.zendesk.com https://api.livechatinc.com https://www.facebook.com https://*.hotjar.com https://*.s3.amazonaws.com https://cdn.plyr.io https://api.pagar.me https://*.sentry.io https://*.hotjar.io wss://*.hotjar.com https://*.segment.io data: https://*.refiner.io/; font-src 'self' https://*.alude.com.br https://*.livechatinc.com; frame-src 'self' https://*.alude.com.br https://*.google.com https://*.livechatinc.com https://*.hotjar.com https://player.vimeo.com https://js.refiner.io/ https://calendly.com/; img-src 'self' https://* data:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' code.jquery.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.azureedge.net *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss *.svc.dynamics.com s1.adform.net; frame-ancestors 'self' *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss; report-uri https://cms1.app.e-galexis.com/csp-report.php; 1
script-src: https://*.aptelink.pl 1
frame-ancestors 'self' https://adm.prologapp.com/ 1
default-src 'self' *.scodle.com scodle.com data: blob:; connect-src 'self' *.scodle.com scodle.com data: blob: browser-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com use.typekit.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' *.scodle.com scodle.com data: blob: 'unsafe-inline' 'unsafe-eval' use.typekit.net www.datadoghq-browser-agent.com cdnjs.cloudflare.com; style-src 'self' *.scodle.com scodle.com data: blob: 'unsafe-inline' use.typekit.net fonts.googleapis.com fonts.gstatic.com; font-src 'self' *.scodle.com scodle.com data: blob: use.typekit.net fonts.typekit.net fonts.googleapis.com fonts.gstatic.com; img-src 'self' *.scodle.com scodle.com data: blob: p.typekit.net; frame-ancestors 'self' *.scodle.com scodle.com http://localhost:*; report-uri //beta.scodle.com/system/seclog.php 1
default-src 'self'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://*.mapbox.com  https://www.googletagmanager.com https://axeptio.imgix.net https://www.google.com https://*.verdie-voyages.com https://www.google-analytics.com https://www.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://*.axept.io https://www.msccruisespartners.com https://connect.facebook.net https://www.youtube.com https://welkom-editor.io; frame-src *; frame-ancestors 'self'; connect-src 'self' https://*.verdie-voyages.com https://*.axept.io https://www.google-analytics.com https://region1.google-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.pipe.co/ https://widget.trustpilot.com/ https://www.google.com/ https://www.gstatic.com/ https://chat.purely.group/ https://client.crisp.chat https://settings.crisp.chat https://app.sgwidget.com/; img-src 'self' data: https://app.pipe.co/ https://secure.gravatar.com/ https://chat.purely.group/ https://client.crisp.chat/ https://image.crisp.chat/ https://storage.crisp.chat/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://client.crisp.chat/; font-src 'self' data: https://fonts.gstatic.com/ https://client.crisp.chat/; frame-src 'self' https://www.google.com/ https://chat.purely.group/ https://game.crisp.chat/; object-src 'none'; connect-src 'self' https://app.pipe.co/ https://client.crisp.chat/ https://storage.crisp.chat/ wss://client.relay.crisp.chat/ wss://stream.relay.crisp.chat/ https://app.sgwidget.com/ 1
frame-ancestors 'self' https://www.orkla.com https://one.orkla.com https://sh4-one.orkla.com https://sh3-one.orkla.com https://s1-2-eu.ariba.com http://nktcables-c1.procurement-2-eu.ariba.com https://nktcables-c1.procurement-2-eu.ariba.com https://northvolt-buyer.ivalua.app https://ivalua.app; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
frame-ancestors 'self' ;script-src 'strict-dynamic' 'nonce-rAnd0m123'; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; 1
origin 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.nordic-t.co/logs/ https://forum.nordic-t.co/sidekiq/ https://forum.nordic-t.co/mini-profiler-resources/ https://forum.nordic-t.co/assets/ https://forum.nordic-t.co/extra-locales/ https://forum.nordic-t.co/highlight-js/ https://forum.nordic-t.co/javascripts/ https://forum.nordic-t.co/plugins/ https://forum.nordic-t.co/theme-javascripts/ https://forum.nordic-t.co/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://apis.google.com/js/api.js https://apis.google.com/js/api.js; worker-src 'self' https://forum.nordic-t.co/assets/ https://forum.nordic-t.co/javascripts/ https://forum.nordic-t.co/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com testbutterfieldonline.com  *.media.brightcove.com cdn.jsdelivr.net met.police.uk www.met.police.uk geoid.investisdigital.com otp.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' edge.api.brightcove.com viz.tools.investis.com testbutterfieldonline.com  *.media.brightcove.com cdn.jsdelivr.net met.police.uk *.police.uk *.investisdigital.com otp.tools.investis.com *.google-analytics.com *.investisdigital.com  *.cloudflare.com unpkg.com googletagmanager.com * maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com googletagmanager.com https://www.googletagmanager.com/ tags.srv.stackadapt.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com *.testbutterfieldonline.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com testbutterfieldonline.com staticxx.facebook.com www.youtube.com player.vimeo.com butterfieldonline.com td.doubleclick.net; frame-ancestors butterfield-corp-d9.pid2-e1.investis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' butterfieldonline.com geoid.investisdigital.com cookiemanager.investisdigital.com stats.g.doubleclick.net judxu4avx2.execute-api.eu-west-1.amazonaws.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com bam.nr-data.net forms-eu1.hu maps.googleapis.combspot.com js-eu1.hs-banner.com https://forms-eu1.hscollectedforms.net tupf3ye5m3.execute-api.eu-west-1.amazonaws.com *.investisdigital.com maps.googleapis.com pagead2.googlesyndication.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com tags.srv.stackadapt.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.subscribers.com *.cloudflare.com *.hellobar.com *.groovehq.com *.google.com *.gstatic.com *.google-analytics.com 1
default-src 'self' https://calendly.com https://assets.calendly.com https://s3.amazonaws.com https://maps.googleapis.com https://www.google.com https://fast.wistia.com https://fast.wistia.net https://www.google-analytics.com https://www.youtube.com https://google.com https://youtube.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://assets.calendly.com *.kioskassist.com https://fast.wistia.net/assets/external/iframeApi.js https://fast.wistia.net/assets/external/E-v1.js https://www.gstatic.com https://www.youtube.com https://www.google.com https://pathwayport.com https://d.adroll.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://a.omappapi.com https://s.adroll.com https://*.kioskassist.com; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://assets.calendly.com https://kioskassist.com https://fonts.googleapis.com; img-src 'self' blob: data: https://www.google.rs https://assets.calendly.com https://maps.googleapis.com https://maps.gstatic.com http://s3.amazonaws.com *.kioskassist.com https://images.pexels.com https://pathwayport.s3.ca-central-1.amazonaws.com *.pathwayport.com https://pathwayport.com https://cm.g.doubleclick.net https://a.omappapi.com https://campayn.s3.amazonaws.com https://*.ytimg.com https://d.adroll.com https://s3.amazonaws.com; connect-src 'self' *.google.com https://assets.calendly.com https://ipinfo.io https://www.pathwayport.com https://maps.googleapis.com https://www.google-analytics.com wss://tsock.us1.twilio.com/v3/wsconnect https://sentry.io https://www.google-analytics.com https://a.omappapi.com https://api.omappapi.com https://pathwayport.com *.kioskassist.com; font-src 'self' data: https://assets.calendly.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' *.antwerpen.be;frame-ancestors 'self' perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be;connect-src *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be soundcloud.com;img-src 'self' *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com data: server.arcgisonline.com tile.informatievlaanderen.be tiles.arcgis.com ytimg.com;frame-src 'self' facebook.com *.facebook.com instagram.com soundcloud.com *.soundcloud.com spotify.com *.spotify.com tiktok.com *.tiktok.com twitframe.com vimeo.com *.vimeo.com www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.antwerpen.be www.google-analytics.com www.googletagmanager.com www.youtube.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data  https://*.trustarc.com https://*.youtube.com https://*.cloudflare.com https://*.cloudfront.net https://*.usabilla.com https://*.google-analytics.com https://www.google-analytics.com *.akamaihd.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data *.trustarc.com *.google-analytics.com w.usabilla.com *.akamaihd.net; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: *; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com https://w.usabilla.com *.trustarc.com https://www.youtube-nocookie.com/ https://push.getbeamer.com https://*.cloudfront.net *.darwin.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob blob: data: https://fonts.googleapis.com https://vimeo.com https://aegis.qq.com https://be.cognizant.com https://consent-reporting.trustarc.com darwin.report-uri.com *.akamaihd.net *.google-analytics.com *.youtube.com *.trustarc.com *.perquisite.net *.tobdarwin.com *.getbeamer.com; font-src 'self' data data: https://consent.trustarc.com/v2/asset/latin.woff2 https://at.alicdn.com/t/font_148784_v4ggb6wrjmkotj4i.woff https://at.alicdn.com https://fonts.gstatic.com https://fonts.googleapis.com *; object-src 'none'; report-uri https://darwin.report-uri.com/r/t/csp/reportOnly 1
connect-src https://vk.com https://*.vk.com https://hd.ddix.ru rutube.ru *.google-analytics.com 'self' *.yandex.ru https://*.yandex.ru video.f1cd.ru ; child-src 'self' ; font-src https://vk.com https://*.vk.com static.lc-group.ru 'self' oklick.ru fonts.gstatic.com ;form-action https://vk.com https://*.vk.com https://hd.ddix.ru 'self' ; frame-ancestors https://vk.com https://*.vk.com webvisor.com *.webvisor.com 'self' ; frame-src https://vk.com https://*.vk.com *.oklick.ru https://*.googletagmanager.com 'self' *.yandex.ru yastatic.net video.f1cd.ru https://www.youtube.com https://www.youtube-nocookie.com ; img-src https://vk.com https://*.vk.com data: *.merlion.ru static.lc-group.ru *.oklick.ru https://*.yandex.net 'self' ferralabs.ru www.f1cd.ru *.yandex.net support.ddix.ru *.merlion.com merlion.com *.yandex.ru https://*.yandex.ru *.google-analytics.com yastatic.net ;media-src https://vk.com https://*.vk.com *.oklick.ru static.lc-group.ru 'self' ; object-src static.lc-group.ru *.oklick.ru 'self' *.rutube.ru *.f1cd.ru ; script-src https://vk.com https://*.vk.com https://hd.ddix.ru static.lc-group.ru *.oklick.ru https://*.googletagmanager.com https://yastatic.net https://*.yandex.net 'unsafe-eval' https://*.google-analytics.com *.google.com 'self' ajax.googleapis.com *.yandex.ru https://*.yandex.ru *.google-analytics.com yastatic.net support.ddix.ru www.google-analytics.com ; style-src https://vk.com https://*.vk.com static.lc-group.ru *.oklick.ru 'unsafe-inline' 'self' fonts.googleapis.com support.ddix.ru ; default-src 'none' ; 1
object-src players.brightcove.net www.kigo.net s.kigo.net vjs.zencdn.net; frame-ancestors 'self'; 1
frame-ancestors 'self';frame-src 'self' https://google.com https://www.google.com https://www.googletagmanager.com https://*.gstatic.com https://cdnjs.cloudflare.com https://rtpos.com 1
default-src https:; script-src https://seal.thawte.com https://maps.google.de https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maps.googleapis.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.google-analytics.com https://www.facebook.com data: 'self'; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-wceIR9dam3sd9CKXPSDEAU3GhSE='; style-src 'nonce-wceIR9dam3sd9CKXPSDEAU3GhSE=' 1
data: 1
default-src cdnrtbsape.ru https://yandex.ru *.acint.net  https://yastatic.net/ https://an.yandex.ru  https://*.googlesyndication.com  https://pagead2.googlesyndication.com/ http://smolensk-auto.ru/ http://www.smolensk-auto.ru https://googleads.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://yandex.st/share/share.js  https://api-maps.yandex.ru/ https://mc.yandex.ru https://www.youtube.com/ https://www.googletagmanager.com https://www.google.com/  'self'; script-src self  *.acint.net *.adfox.ru *.sape.ru https://yandex.ru  https://*.googlesyndication.com  https://partner.googleadservices.com/   https://*.google.ru https://www.googletagservices.com https://code.createjs.com/ http://tools.spylog.ru http://site.yandex.net http://smolensk-auto.ru/ http://www.smolensk-auto.ru/  https://adservice.google.com/ http://an.yandex.ru http://pagead2.googlesyndication.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com  https://www.googleadservices.com https://googleads.g.doubleclick.net  https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com  https://www.google-analytics.com https://code.jquery.com/ https://api-maps.yandex.ru https://ajax.googleapis.com https://mc.yandex.ru http://yandex.st  ipt http://mc.yandex.ru  http://yastatic.net ipt  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.smolensk-auto.ru https://yastatic.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://code.jquery.com https://yandex.st  'self' 'unsafe-inline' 'unsafe-eval'; img-src * self https://www.google-analytics.com https://api-maps.yandex.ru    https://mc.yandex.ru http://yastatic.net 'self' 1
frame-ancestors 'self' viewer.ipaper.io https://*.eva.ua; 1
frame-ancestors https://www.urbaninsight.com 1
script-src 'self' https://analytics.skyevg.systems/skyevglytics.js; style-src 'self'; img-src 'self'; connect-src https://analytics.skyevg.systems/api/skyevglytics; default-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: http://localhost:1337 https://iapro.com https://www.iapro.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:1337 https://iapro.com https://www.iapro.com; frame-src https://forms.zohopublic.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-uqViBpM0cV+6NQ+gX9nYb7lZQH1+cmGxIUYeK1MKT+fbKpDT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; 1
frame-ancestors 'self'; report-uri https://ecmdi.report-uri.com/r/t/csp/enforce 1
script-src 'self';object-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' https://doulamatch.net data: https://m.doulamatch.net;frame-src 'self';font-src 'self';form-action 'self';upgrade-insecure-requests;block-all-mixed-content;report-uri https://doulamatch.net/api/cspreport 1
frame-ancestors 'self' *.google.com *.amp.colgate.fr amp.colgate.fr; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'sha256-42zcKPWDZOaN8n8wocQD0WXYDyjdRNfIFxzUDYE7Xrw=' 'sha256-RpHOUsjSXT9eLBP9itvy93PUJa/IJMsqih5WrgPLlu4=' 'sha256-sviqhLDYJee9jvDDd9GCIiHIv0cxlKKiJ9Tqy7eOa9s=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'nonce-NDdjMjc2Yjc1NjJhZjVjMw==' https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://static.hotjar.com https://www.google-analytics.com https://tracker.pixeltracker.co https://w.soundcloud.com https://www.google.com https://script.hotjar.com https://www.gstatic.com https://s.adroll.com/ https://d.adroll.com https://lex.33across.com https://assets.pixlee.com https://assets.pxlecdn.com https://securepubads.g.doubleclick.net https://assets.pinterest.com https://s.pinimg.com; connect-src 'self' https: https://www.googletagmanager.com https://www.youtube.com https://connect.facebook.net https://static.hotjar.com https://www.google-analytics.com https://tracker.pixeltracker.co https://w.soundcloud.com https://analytics.google.com https://content.hotjar.io https://pixelconnector.pixeltracker.co https://www.google-analytics.com wss://ws.hotjar.com https://stats.g.doubleclick.net https://www.google.com https://www.facebook.com https://region1.analytics.google.com https://metrics.hotjar.io https://vc.hotjar.io https://shop.famsf.org https://translate.googleapis.com https://www.google.co.uk https://www.google.com.au https://www.google.it https://www.google.de https://www.google.gg https://www.google.com.pk https://www.google.com.br https://www.google.es https://www.google.co.in https://www.google.gr https://www.google.at https://www.google.fr https://www.google.cz https://www.google.co.za https://www.google.ch https://www.google.com.sg https://www.google.nl https://www.google.com.ph https://www.google.co.nz https://www.google.co.th https://www.google.com.br https://s.pinimg.com; font-src 'self' https: data:; img-src https: data: blob: http://famsf.emuseum.com; manifest-src 'self'; media-src 'self' https: data: blob:; frame-src https:; report-uri https://a17famsf.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-UgnCf3GoVf+JH5X8UUL1jA=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://bigshoulders.city; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/;img-src 'self' data: https://code.jquery.com/;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-3.6.1.min.js https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru/metrika/tag.js https://googleads.g.doubleclick.net https://bitrix.info/ba.js https://www.googletagmanager.com https://yastatic.net https://api-maps.yandex.ru https://platform-api.sharethis.com https://www.google-analytics.com; img-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; connect-src *; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' yoast.com js-eu1.hubspot.com/web-interactives-embed.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/  script.hotjar.com static.hotjar.com www.google-analytics.com  js-eu1.hs-analytics.net cdn.linkedin.oribi.io px.ads.linkedin.co googleads.g.doubleclick.net snap.licdn.com www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net js-eu1.hs-analytics.nt js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hsleadflows.net js-eu1.usemessages.com static.hsappstatic.net static.smartrecruiters.com www.smartrecruiters.com ; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' region1.analytics.google.com/g/collect content.hotjar.io wsp6.hotjar.com wsp24.hotjar.com in.hotjar.com stats.g.doubleclick.net cdn.linkedin.oribi.io www.google-analytics.com api-eu1.hubspot.com api-eu1.hubapi.com js-eu1.hs-banner.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com forms-eu1.hubspot.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' app.hubspot.com static.hsappstatic.net www.gstatic.com/recaptcha/  app-eu1.hubspot.com player.vimeo.com www.facebook.com mktg.blueoptima.com www.youtube.com forms-eu1.hsforms.com; img-src 'self' data: www.google.ie/ads/ga-audiences www.google.com www.google.co.in px.ads.linkedin.com  www.facebook.com forms-eu1.hsforms.com forms.hsforms.com i.ytimg.com track-eu1.hubspot.com ; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
strict-origin-when-cross-origin 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-wSFdkTIDTHRZ02FR3TYyvQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://maly.io; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
script-src 'self' https://*.email-provider.nl https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://veenendaal.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; frame-src 'self' blob: https://*.maps.arcgis.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; connect-src https://youtu.be https://youtube.com https://www.youtube.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://veenendaal.piwik.pro https://veenendaal.containers.piwik.pro 'self'; img-src 'self' https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://veenendaal.piwik.pro https://veenendaal.containers.piwik.pro data:; media-src 'self' https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; object-src 'self' https://youtube.com https://www.youtube.com; style-src 'self' https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com https://veenendaal.containers.piwik.pro 'unsafe-inline' data: 'report-sample'; font-src 'self' https://fonts.gstatic.com https://veenendaal.containers.piwik.pro data:; form-action 'self' https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; report-to csp; child-src 'self' blob:; default-src 'self'; frame-ancestors 'self' https://prod.veenendaal.simplyadmire.com https://www.veenendaal.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; form-action 'self' mobirise.com; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-Q72k/AmfIm0IOihK4P8HPPM6ojg='; style-src 'nonce-Q72k/AmfIm0IOihK4P8HPPM6ojg=' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com https://cdn.productreview.com.au cdn.ampproject.org ajax.aspnetcdn.com kendo.cdn.telerik.com www.youtube.com s.ytimg.com maps.googleapis.com https://cdnjs.cloudflare.com releases.transloadit.com api2.transloadit.com connect.facebook.net www.google.com www.gstatic.com wchat.freshchat.com js.adsrvr.org api.addressfinder.io kit.fontawesome.com cdn.jsdelivr.net players.brightcove.net vjs.zencdn.net share.9cdn.net assets.adobedtm.com ads.adaptv.advertising.com au-script.dotmetrics.net brandedcontent.nine.com.au unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com kendo.cdn.telerik.com releases.transloadit.com www.gstatic.com wchat.freshchat.com api.addressfinder.io brandedcontent.nine.com.au share.9cdn.net; font-src 'self' cdn.productreview.com.au fonts.gstatic.com data: kendo.cdn.telerik.com ka-f.fontawesome.com brandedcontent.nine.com.au; img-src 'self' data: blob: i.ytimg.com maps.gstatic.com maps.googleapis.com www.google.com www.google.com.au www.google.co.nz www.googletagmanager.com www.facebook.com fujitsucdn.azureedge.net www.google-analytics.com connect.facebook.net 9235443.fls.doubleclick.net fujitsucdn.azureedge.net brandedcontent.nine.com.au metrics.brightcove.com cf-images.ap-southeast-2.prod.boltdns.net files.helpdocs.io; media-src 'self' data: blob:; frame-src 'self' https://captur3d.io https://www.google.com 9235443.fls.doubleclick.net https://www.youtube.com www.facebook.com www.googletagmanager.com wchat.freshchat.com wwwfujitsugeneralcomau.webpush.freshchat.com insight.adsrvr.org match.adsrvr.org app.tango.us nd.demdex.net; child-src 'self' www.youtube.com blob:; connect-src 'self' https://api.productreview.com.au *.transloadit.com wss://*.transloadit.com www.google-analytics.com *.google.com stats.g.doubleclick.net www.facebook.com maps.googleapis.com api.addressfinder.io fga2021.blob.core.windows.net ka-f.fontawesome.com fujitsucdn.azureedge.net edge.api.brightcove.com manifest.prod.boltdns.net nine-commercial-vod.ffx.io dpm.demdex.net somni.nine.com.au; 1
report-uri www.espaciomarvelita.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-BtaW2ERIEeeEE5KuP1qra7/Pk0Y='; style-src 'nonce-BtaW2ERIEeeEE5KuP1qra7/Pk0Y=' 1
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
frame-ancestors azersu.az 1
default-src *; frame-src *; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.mapbox.com *.cloud; style-src 'self' 'unsafe-inline' *.com *.cloud ; img-src 'self' *.vietqr *.io *.vn *.com data: blob:; font-src 'self' *.com data: blob: 1
default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net www.facebook.com www.google-analytics.com static.criteo.net *.freshchat.com *.criteo.com www.youtube.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.paytrail.com ajax.googleapis.com *.freshworks.com *.google.com *.gstatic.com *.googletagmanager.com *.goodleadservices.com *.handshake.fi *.adii.io *.adii.se *.tiktok.com *.stripe.com omnisnippet1.com *.soundestlink.com *.retargeted.co *.getresponse360.pl *.getresponse.com *.gr-cdn.com *.gr-cdn-e.eu *.bing.com handshakemarketing.fi *.handshakemarketing.fi cdn.mouseflow.com *.paypal.com *.googleadservices.com *.doubleclick.net valostore.no valostore.no www.autodude.fi autodude.fi valostore.fi www.valostore.fi valostore.se www.valostore.se valostore.no www.valostore.no autodude.se www.autodude.se autodude.no www.autodude.no metrics.valostore.no ;connect-src 'self' *.google.fi *.google.se *.google-analytics.com *.analytics.google.com www.facebook.com *.klarnaevt.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.freshworks.com *.freshdesk.com *.g.doubleclick.net *.adii.io *.criteo.com *.tiktok.com *.ingest.sentry.io *.soundestlink.com *.retargeted.co *.getresponse360.pl *.getresponse.com *.getresponse.pl *.pangle-ads.com *.googlesyndication.com properties https://proxy.handshake.fi metrics.valostore.no *.paypal.com;img-src https: data: http: blob:;style-src 'self' https: 'unsafe-inline' fonts.gstatic.com 'unsafe-inline' *.dinox.fi;font-src 'self' https: data: fonts.gstatic.com;frame-src gum.criteo.com *.facebook.com *.youtube.com wchat.eu.freshchat.com *.freshchat.com *.klarna.com *.klarnaservices.com *.google.com *.criteo.com *.criteo.net *.stripe.com *.getresponse360.pl *.getresponse.com *.doubleclick.net metrics.valostore.no  *.paypal.com;script-src-attr 'unsafe-inline';form-action *.facebook.com;report-uri https://o643929.ingest.sentry.io/api/6318034/security/?sentry_key=161b845227284238b6e4b4969c9d79fe;base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.cybersim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.cybersim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.cybersim.de https://umfrage.cybersim.de https://pts.cybersim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.cybersim.de https://stats.cybersim.de https://imagepool.cybersim.de https://pts.cybersim.de https://analytics.tiktok.com https://umfrage.cybersim.de; script-src 'strict-dynamic' 'nonce-c824abf9a79c8aef046ca20c1b54fc2c' 'nonce-3aa82de7c56552f41accc02d82ff4e42' 'nonce-3e58ed214c36a3c033185d118bf28644' 'nonce-942ce2d6f207c8cde5581869f9cffda7' 'nonce-1a6791d37954c3918f921dc55bc110f1' 'nonce-d05e9c23fa9d7588544610c45c155675' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.cybersim.de https://umfrage.cybersim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c824abf9a79c8aef046ca20c1b54fc2c' 'nonce-3aa82de7c56552f41accc02d82ff4e42' 'nonce-3e58ed214c36a3c033185d118bf28644' 'nonce-942ce2d6f207c8cde5581869f9cffda7' 'nonce-1a6791d37954c3918f921dc55bc110f1' 'nonce-d05e9c23fa9d7588544610c45c155675' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3.amazonaws.com/ https://cdn.ckeditor.com/;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' 'unsafe-inline' https://www.youtube.com/ https://api.euro17.com.br/ https://homolog.api.euro17.com.br/ wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://api.frentecorretora.com.br/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://popups.rdstation.com.br/ https://www.google.com.br/ https://iosite.reclameaqui.com.br/ https://homolog.euro17.com.br/ https://euro17.com.br/;img-src 'self' 'unsafe-inline' https://img.youtube.com/ https://i.ytimg.com data: https://api.euro17.com.br/ https://homolog.api.euro17.com.br/ https://s3.amazonaws.com/ https://www.google.com.br/ https://www.google.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://cdn.ckeditor.com/;script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://cdn.jsdelivr.net https://d335luupugsy2.cloudfront.net/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://cdn.octadesk.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://cdn.ckeditor.com/ https://s3.amazonaws.com/;frame-src 'self' 'unsafe-inline' https://www.youtube.com/ https://www.googletagmanager.com https://td.doubleclick.net/ https://cdn.octadesk.com/ 1
default-src 'self';style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.quilljs.com fonts.googleapis.com code.jquery.com maps.googleapis.com fonts.gstatic.com csi.gstatic.com cdnjs.cloudflare.com cdn.quilljs.com unpkg.com;connect-src 'self' browser-update.org cdn.quilljs.com maxcdn.bootstrapcdn.com fonts.googleapis.com code.jquery.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com fonts.gstatic.com csi.gstatic.com cdnjs.cloudflare.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' browser-update.org cdn.quilljs.com maxcdn.bootstrapcdn.com unpkg.com fonts.googleapis.com code.jquery.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com fonts.gstatic.com csi.gstatic.com cdnjs.cloudflare.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com code.jquery.com maps.googleapis.com fonts.gstatic.com csi.gstatic.com cdnjs.cloudflare.com;img-src 'self' data: * blob: * maxcdn.bootstrapcdn.com fonts.googleapis.com code.jquery.com maps.googleapis.com *.gstatic.com csi.gstatic.com cdnjs.cloudflare.com;worker-src blob: *;child-src blob: *;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.facebook.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kampyle.com *.medallia.com assets.adobedtm.com www.kgieworld.com.tw www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net d.line-scdn.net googleads.g.doubleclick.net activitymap.adobe.com img.scupio.com dmp.eland-tech.com cm.g.doubleclick.net cdn.jsdelivr.net js.hs-scripts.com snap.licdn.com bat.bing.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net www.clarity.ms js.adsrvr.org s.yimg.com sync.aralego.com ups.analytics.yahoo.com rec.scupio.com; frame-ancestors 'self' *.kgibank.com *.kgi.com.tw *.kgieworld.com.tw; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://unpkg.com https://api.ipify.org https://connect.facebook.net https://z.moatads.com https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; base-uri 'self' feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacyportal-eu.onetrust.com https://maps.googleapis.com https://consent-api.onetrust.com https://stats.g.doubleclick.net https://q3iz626c1j-dsn.algolia.net https://q3iz626c1j-1.algolianet.com https://q3iz626c1j-2.algolianet.com https://q3iz626c1j-3.algolianet.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com feed.pghub.io pandg.tapad.com ; frame-src 'self' https://pandg.tapad.com https://www.google.com/ feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.confianzaonline.es/ https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; worker-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:*; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-5f68f871b06fb1820e8ae974dc48f453'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://twiukraine.com; img-src 'self' https: data: blob: https://twiukraine.com; style-src 'self' https://twiukraine.com 'nonce-jTNMiB+ZhZvZcVYjIgvrVw=='; media-src 'self' https: data: https://twiukraine.com; frame-src 'self' https:; manifest-src 'self' https://twiukraine.com; form-action 'self'; child-src 'self' blob: https://twiukraine.com; worker-src 'self' blob: https://twiukraine.com; connect-src 'self' data: blob: https://twiukraine.com https://s3.eu-central-2.wasabisys.com wss://twiukraine.com; script-src 'self' https://twiukraine.com 'wasm-unsafe-eval' 1
frame-ancestors 'self' sdrock.com *.sdrock.com;object-src 'none';base-uri 'none';script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: http: 'nonce-Y4zUHLfQX7X5nGByu1KAXw41rE41rpx2PsPhYEFZ' 1
frame-ancestors https://rexona-studio-gb.netlify.app/ https://rexona-studio-gb-staging.netlify.app/ 1
default-src 'self' localhost https: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://sneffr0.sharepoint.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.cookiebot.com *.googleapis.com *.facebook.net *.facebook.com secure.payengine.de;   frame-src 'self' *.cookiebot.com www.youtube-nocookie.com player.vimeo.com *.facebook.net *.facebook.com secure.payengine.de 1
frame-ancestors 'self' https://www.flextel.ltd.uk https://www.flextel.com http://*.flextel.net https://*.flextel.net; 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io http://www.aparat.com https://www.aparat.com http://shenoto.com/ https://youtube.com/ https://telewebion.com https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org http://www.aparat.com https://www.aparat.com http://shenoto.com/ https://youtube.com/ https://telewebion.com; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://amazonfiretv.blog https://*.amazonfiretv.blog https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self'; script-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' *.abuseipdb.com *.gnupg.org; 1
frame-ancestors *.taoke.com *.91pxb.com *.91mbt.com *.91pxb.net *.taoke.com.cn *.taoke.net 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-pwVqhG+aiePyfUgG7uOPkqrgNw8='; style-src 'nonce-pwVqhG+aiePyfUgG7uOPkqrgNw8=' 1
connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com 'unsafe-inline' https://*.qualtrics.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-lXEayZ70q/ZMK1RQq6VcBeth11kxXpX3ilShsgWpzVzRr8gP' 'self' https://*.paypal.com https://*.paypalobjects.com https://pypd.paypal-mktg.com 'unsafe-inline'; img-src https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.youtube-nocookie.com https://*.paypal-mktg.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com https://*.eloqua.com https://*.paypal-mktg.com; base-uri 'self' https://*.paypal.com; style-src 'self' https://*.paypalobjects.com 'unsafe-inline'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors transparentdata.pl transparentdata.eu http://transparentdata.pl http://transparentdata.eu https://transparentdata.pl https://transparentdata.eu www.transparentdata.pl www.transparentdata.eu http://www.transparentdata.pl http://www.transparentdata.eu https://www.transparentdata.pl https://www.transparentdata.eu; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://scripts.simpleanalyticscdn.com https://connect.facebook.net https://*.adform.net https://www.linkedin.com; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.google.com https://*.google.lu https://*.gstatic.com https://*.g.doubleclick.net https://queue.simpleanalyticscdn.com; img-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.google.lu https://*.g.doubleclick.net https://www.facebook.com *.tile.osm.org *.tile.openstreetmap.org https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' blob: youtube.com www.youtube.com player.vimeo.com e.issuu.com www.linkedin.com widgets.sociablekit.com; media-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-HfuRKMQAF6j8zSkjrgzywrUraSE='; style-src 'nonce-HfuRKMQAF6j8zSkjrgzywrUraSE=' 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-OWRkN2I3NjItODEyMi00ZjJmLTg1YTgtMjg2MjE2OGI0YzFm'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' 'unsafe-inline' *.ocbc.com *.iocbc.com; script-src 'self' 'unsafe-inline' *.iocbc.com *.ocbc.com  src.litix.io fast.wistia.net ssl.google-analytics.com *.google-analytics.com *.googletagmanager.com fast.wistia.com src.litix.io fast.wistia.net pipedream.wistia.com distillery.wistia.com fg8vvsvnieiv3ej16jby.litix.io embed.wistia.com cdn.flipsnack.com embedwistia-a.akamaihd.net *.adobedtm.com *.licdn.com *.googleadservices.com *.facebook.net *.outbrain.com *.youtube.com *.googleapis.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co data:;font-src * data:; connect-src 'self' *.google-analytics.com *.doubleclick.net *.demdex.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co; media-src * blob:; img-src * data:; frame-src 'self' cdn.flipsnack.com *.iocbc.com *.ocbc.com fast.wistia.com cdn.flipsnack.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.youtube.com; 1
frame-src 'self' mailto: tel: consent-pref.trustarc.com kinectrics.com *.kinectrics.com *.craftcms.com sketchfab.com fast.wistia.com fast.wistia.net js.driftt.com newassets.hcaptcha.com www.youtube.com www.youtube-nocookie.com www.google.com td.doubleclick.net bid.g.doubleclick.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com kinectrics.com *.kinectrics.com *.motumdev.com *.wistia.com *.wistia.net js.driftt.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com unpkg.com *.clarity.ms *.actonsoftware.com pi.pardot.com js.hcaptcha.com tags.tiqcdn.com tag.aticdn.net cdn.cookielaw.org snap.licdn.com code.jquery.com www.google.com www.youtube.com static.sketchfab.com googleads.g.doubleclick.net cdn.jsdelivr.net www.gstatic.com widget.intercom.io bat.bing.com connect.js.intercomcdn.com cdnjs.cloudflare.com www.googleadservices.com *.trustarc.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' blob: kinectrics.com *.kinectrics.com *.wistia.com *.wistia.net fonts.googleapis.com cloud.typography.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; object-src 'self'; base-uri 'self'; media-src 'self' blob: data: 'unsafe-inline' kinectrics.com *.kinectrics.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; font-src 'self' data: kinectrics.com *.kinectrics.com *.wistia.com fonts.gstatic.com fonts.intercomcdn.com *.trustarc.com https://script.hotjar.com; connect-src data: 'self' kinectrics.com *.kinectrics.com cdn.cookielaw.org *.tealiumiq.com *.onetrust.com *.motumdev.com www.google-analytics.com maps.googleapis.com maps.google.com *.wistia.com *.akamaihd.net stats.g.doubleclick.net *.clarity.ms *.craftcms.com cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
child-src 'self' www.googletagmanager.com; connect-src 'self' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: https://bam.nr-data.net; font-src 'self' data: https://fonts.gstatic.com privacyportal-cdn.onetrust.com https://fonts.googleapis.com; frame-src 'self' www.googletagmanager.com *.youtube.com https://www.google.com; img-src 'self' data: blob: www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com https://analytics.twitter.com https://t.co https://bat.bing.com https://di.rlcdn.com https://www.facebook.com https://www.google.com.br img.youtube.com https://i.ytimg.com google.com google.ad google.ae google.com.af google.com.ag google.com.ai google.al google.am google.co.ao google.com.ar google.as google.at google.com.au google.az google.ba google.com.bd google.be google.bf google.bg google.com.bh google.bi google.bj google.com.bn google.com.bo google.com.br google.bs google.bt google.co.bw google.by google.com.bz google.ca google.cd google.cf google.cg google.ch google.ci google.co.ck google.cl google.cm google.cn google.com.co google.co.cr google.com.cu google.cv google.com.cy google.cz google.de google.dj google.dk google.dm google.com.do google.dz google.com.ec google.ee google.com.eg google.es google.com.et google.fi google.com.fj google.fm google.fr google.ga google.ge google.gg google.com.gh google.com.gi google.gl google.gm google.gr google.com.gt google.gy google.com.hk google.hn google.hr google.ht google.hu google.co.id google.ie google.co.il google.im google.co.in google.iq google.is google.it google.je google.com.jm google.jo google.co.jp google.co.ke google.com.kh google.ki google.kg google.co.kr google.com.kw google.kz google.la google.com.lb google.li google.lk google.co.ls google.lt google.lu google.lv google.com.ly google.co.ma google.md google.me google.mg google.mk google.ml google.com.mm google.mn google.ms google.com.mt google.mu google.mv google.mw google.com.mx google.com.my google.co.mz google.com.na google.com.ng google.com.ni google.ne google.nl google.no google.com.np google.nr google.nu google.co.nz google.com.om google.com.pa google.com.pe google.com.pg google.com.ph google.com.pk google.pl google.pn google.com.pr google.ps google.pt google.com.py google.com.qa google.ro google.ru google.rw google.com.sa google.com.sb google.sc google.se google.com.sg google.sh google.si google.sk google.com.sl google.sn google.so google.sm google.sr google.st google.com.sv google.td google.tg google.co.th google.com.tj google.tl google.tm google.tn google.to google.com.tr google.tt google.com.tw google.co.tz google.com.ua google.co.ug google.co.uk google.com.uy google.co.uz google.com.vc google.co.ve google.vg google.co.vi google.com.vn google.vu google.ws google.rs google.co.za google.co.zm google.co.zw google.cat; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://maps.googleapis.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com *.youtube.com www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://service.force.com https://www.google.com maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://www.google-analytics.com https://cdn.di-capt.com https://static.ads-twitter.com https://bat.bing.com https://websdk.appsflyer.com https://www.gstatic.com *.newrelic.com https://unpkg.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-4bc5e5a98a50ea39bab978b4f60ebb02'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles teachdisctest.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com shop.pe app.shop.pe shopper.shop.pe ka-f.fontawesome.com s.swiftypecdn.com api.livechatinc.com www.googletagmanager.com a.omappapi.com api.omappapi.com; default-src 'self' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' teachdisctest.commercev3.com s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com ka-f.fontawesome.com s3.amazonaws.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com teachersdiscovery.lpages.co promo.teachersdiscovery.com www.youtube.com www.aedownload.net secure.livechatinc.com useast-www.securly.com useast2-www.securly.com *.v1api.securly.com ct.pinterest.com cas.zma.gs cnc-api.zmags.com zmags.com a.omappapi.com *.flangoo.com; frame-ancestors 'self' www.teachersdiscovery.com; img-src 'self' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com analytics.twitter.com t.co aedownload.net cache.addthiscdn.com i.liadm.com cc.swiftype.com img.youtube.com shopper.shop.pe ct.pinterest.com log.pinterest.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com shopper.shop.pe addshoppers.s3.amazonaws.com shop.pe d3rr3d0n31t48m.cloudfront.net static.ads-twitter.com trackcmp.net www.dwin1.com cdn.mouseflow.com kit.fontawesome.com s.swiftypecdn.com loader.wisepops.com teachersdiscovery.activehosted.com a.omappapi.com  ajax.googleapis.com d2mjzob2nc713b.cloudfront.net teachersdiscovery.cdn1.safeopt.com *; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com shopper.shop.pe addshoppers.s3.amazonaws.com shop.pe d3rr3d0n31t48m.cloudfront.net static.ads-twitter.com trackcmp.net www.dwin1.com cdn.mouseflow.com kit.fontawesome.com s.swiftypecdn.com loader.wisepops.com teachersdiscovery.activehosted.com a.omappapi.com  ajax.googleapis.com d2mjzob2nc713b.cloudfront.net teachersdiscovery.cdn1.safeopt.com *; style-src 'self' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net ajax.googleapis.com s.swiftypecdn.com a.omappapi.com fonts.googleapis.com; style-src-elem 'self' s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net ajax.googleapis.com s.swiftypecdn.com a.omappapi.com fonts.googleapis.com; style-src-attr  'unsafe-inline'; media-src 'self' teachdisctest.commercev3.com s3.amazonaws.com/cdn.teachersdiscovery.com/ cdn.commercev3.net/cdn.teachersdiscovery.com/ cdn.teachersdiscovery.com www.bing.com aedownload.net cdn.livechatinc.com; 1
default-src 'self' 'unsafe-inline' https: wss: blob:; font-src 'self' 'unsafe-inline' https: data:; img-src 'self' 'unsafe-inline' https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; style-src 'self' 'unsafe-inline' https:; 1
base-uri 'self'; default-src 'self'; script-src 'nonce-vUyhlbJAP2BwwqHzQWMRdWRcfU9OWp1H' 'strict-dynamic' 'unsafe-inline' https: http:; object-src 'none'; img-src 'self' data: https://*.googleapis.com https://maps.gstatic.com https://www.google.com https://*.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://storage.googleapis.com https://*.ggpht.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.googleapis.com https://securetoken.googleapis.com https://accounts.google.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://policies.google.com https://*.doubleclick.net; media-src 'self'; report-uri https://csp.withgoogle.com/csp/gweb-prod-campus-k-frontend/c0e91e5f; 1
default-src 'self';script-src 'report-sample' 'self' https://www.google-analytics.com/analytics.js;style-src 'report-sample' 'self' https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self';font-src 'self' https://fonts.gstatic.com;frame-src 'self';img-src 'self';manifest-src 'self';media-src 'self' https://bct-website.s3-ap-southeast-2.amazonaws.com;worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.t1t.be suressedirektbank.de *.suressedirektbank.de *.santanderconsumerbank.be *.corp *.fontawesome.com *.bootstrapcdn.com *.googletagmanager.com *.googleadservices.com *.cookielaw.org *.google-analytics.com *.surge.sh/js/main.js *.spaargids.be *.wistia.com *.wistia.net *.doubleclick.net *.onetrust.com *.google.be *.google.com *.google.es *.google.fr *.google.tr *.google.pl *.google.de *.google.lu *.google.nl snap.licdn.com *.infinity-tracking.net *.facebook.net *.facebook.com *.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.dwin1.com *.linkedin.com *.cloudflare.com px.ads.linkedin.com *.zenaps.com *.jsdelivr.net *.googlesyndication.com https://unpkg.com *.sharethis.com embedwistia-a.akamaihd.net the.sciencebehindecommerce.com *.litix.io *.gstatic.com *.awin1.com https://localhost:10443 *.inbenta.com *.inbenta.io *.inbenta.chat *.inbenta.chat:8000 https://test.webid-solutions.de/api/v2 https://webid-gateway.de/api/v2  https://www.financeads.net  https://www.clarity.ms https://o.clarity.ms; 1
base-uri 'self'; connect-src https://api.theexpert.com blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.klaviyo.com *.doubleclick.net *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.pinterest.com *.google.com vz-b2ccc378-ec3.b-cdn.net theexpert.pxf.io *.algolia.net *.algolianet.com *.algolia.io *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.linkedin.com *.hubspot.com; script-src 'unsafe-eval' 'nonce-c635e6121cff4c26b66a931ff1072fdf' 'sha256-dAMs3/Yp2SSUrhzjwbwLmPPB0soj/thHemUrM4u00O8=' 'sha256-LpbIjB3I3pI4DEnmOf6PMZo029m05Ps+6FG96t3garo=' 'sha256-7O4uLQPCNj/lyDbPxKrH0Iu6QaYJXxQDs2eG0fQM1z4=' 'sha256-tHG/Uxbt2FMkx+ushG0/oNVchbJwaNUVHFdpzVIz3iU=' 'sha256-Tr4YwhZJI9KdH2U0u6hYlOMK0Lnp2jDiDirGkxHgJpQ=' 'sha256-WTHfrMfzFGsSdgx6n9hpWAZVz/KGampARTvu0/o3nC8=' https://api.theexpert.com 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.googleadservices.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net *.facebook.com *.klaviyo.com *.pinimg.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.viralsweep.com *.bing.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.stripe.com *.pinterest.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.com.bz *.google.ca *.google.cd *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.sm *.google.sr *.google.com.sv *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.cat *.google.com unsafe-inline *.impactcdn.com loggly.com impact.com theexpert.pxf.io *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hubspot.com; script-src-elem 'unsafe-eval' 'nonce-c635e6121cff4c26b66a931ff1072fdf' 'sha256-dAMs3/Yp2SSUrhzjwbwLmPPB0soj/thHemUrM4u00O8=' 'sha256-LpbIjB3I3pI4DEnmOf6PMZo029m05Ps+6FG96t3garo=' 'sha256-7O4uLQPCNj/lyDbPxKrH0Iu6QaYJXxQDs2eG0fQM1z4=' 'sha256-tHG/Uxbt2FMkx+ushG0/oNVchbJwaNUVHFdpzVIz3iU=' 'sha256-Tr4YwhZJI9KdH2U0u6hYlOMK0Lnp2jDiDirGkxHgJpQ=' 'sha256-WTHfrMfzFGsSdgx6n9hpWAZVz/KGampARTvu0/o3nC8=' https://api.theexpert.com 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.googleadservices.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net *.facebook.com *.klaviyo.com *.pinimg.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.viralsweep.com *.bing.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.stripe.com *.pinterest.com *.google.com unsafe-inline *.impactcdn.com loggly.com impact.com theexpert.pxf.io *.licdn.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com polyfill.io *.sovrn.com; style-src 'unsafe-inline' https://api.theexpert.com 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.googleadservices.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net *.facebook.com *.klaviyo.com *.pinimg.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.viralsweep.com *.bing.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.stripe.com *.pinterest.com; style-src-elem 'unsafe-inline' https://api.theexpert.com 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.klaviyo.com; style-src-attr 'unsafe-inline' https://api.theexpert.com 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com; child-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com; font-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com *.klaviyo.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.com.bz *.google.ca *.google.cd *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.sm *.google.sr *.google.com.sv *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.cat *.google.com; frame-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com *.viralsweep.com *.stripe.com *.pinterest.com *.google.com airtable.com theexpert.pxf.io *.hubspot.com; img-src blob: https: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com *.hubspot.com; manifest-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com; media-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com; prefetch-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com; worker-src blob: 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.googleadservices.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net *.facebook.com *.klaviyo.com *.pinimg.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.viralsweep.com *.bing.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.stripe.com *.pinterest.com *.impactcdn.com loggly.com impact.com theexpert.pxf.io; script-src-attr 'self' data: wss: *.theexpert.com *.firebaseapp.com *.googleapis.com api.mapbox.com *.sentry.io theexpert-production.b-cdn.net api-theexpert-production-checkouts.onrender.com *.gstatic.com *.intercomcdn.com cdn-cookieyes.com heapanalytics.com *.heapanalytics.com *.auryc.com *.googleadservices.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net *.facebook.com *.klaviyo.com *.pinimg.com cdn.jsdelivr.net d3k81ch9hvuctc.cloudfront.net *.doubleclick.net *.viralsweep.com *.bing.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.intercom.io *.viglink.com *.stripe.com *.pinterest.com *.google.com *.impactcdn.com loggly.com impact.com theexpert.pxf.io; object-src theexpert.pxf.io; 1
default-src 'self' *.hcaptcha.com *.edelmaenner.net data:; script-src 'self' hcaptcha.com *.edelmaenner.net 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; style-src 'self' *.hcaptcha.com *.edelmaenner.net 'unsafe-inline'; font-src 'self' *.edelmaenner.net; frame-src *.hcaptcha.com 'self' *.edelmaenner.net; object-src 'none' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-hfXLzB38AD9JYkGy/bLGnA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://providers.ccbh.com https://members.ccbh.com https://www.ccbh.com https://fast.fonts.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://www.gstatic.com https://www.ccbh.com/ https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.fusionbot.com/ https://cdn.jsdelivr.net https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://i.ytimg.com https://feed-proxy.craftcms.com https://api.craftcms.com https://fast.wistia.net 1
connect-src https://maps.googleapis.com https://geolocation.onetrust.com https://pubsub.googleapis.com https://cdn-ukwest.onetrust.com https://region1.google-analytics.com https://in.hotjar.com/api/v2/client/sites/1965345/visit-data https://www.google-analytics.com/analytics.js https://content.hotjar.io/ https://metrics.hotjar.io/ wss://ws.hotjar.com/api/v2/client/ws https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://privacyportal-uk.onetrust.com/ https://privacyportal-uk.onetrust.com/request/v1/consentreceipts https://metrics.articulate.com https://vc.hotjar.io/sessions https://region1.analytics.google.com https://stats.g.doubleclick.net 'self' 'unsafe-inline' ws://localhost:62058 ws://localhost:62058/Website/ https://localhost:44399 ws://localhost:44399 wss://localhost:59119/Website/ wss://localhost:44399 ws://localhost:50770/Website/; default-src 'self'; font-src data: 'self' https://use.typekit.net; frame-src https://www.google.com https://www.youtube.com/ https://player.vimeo.com/ https://download-video.akamaized.net https://www.podbean.com/ 'self'; img-src https://maps.gstatic.com https://maps.googleapis.com https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk data: 'self'; media-src data: 'self' https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self'; style-src https://fonts.googleapis.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; script-src https://www.google.com https://maps.googleapis.com https://www.facebook.com https://cdn-ukwest.onetrust.com https://www.gstatic.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com 'self' 'unsafe-inline' https://localhost:44342 https://localhost:44399; worker-src 'self'; 1
default-src 'self' *.sumsmanagement.com *.cloudfront.net eu.snapengage.com drive.google.com api.reciteme.com *.sums.su *.b-cdn.net yusu.org 2d53b4ae7710437ef402-16882fd0dd682351953626dbea9fe405.ssl.cf3.rackcdn.com wss://*.hotjar.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: ajax.googleapis.com *.cloudflare.com *.jsdelivr.net cdn.quilljs.com *.google.com *.googletagmanager.com c.ststat.net lincolnsu.com *.lincolnsu.com rawgithub.com *.rawgithub.com *.rawgit.com rawgit.com *.hotjar.com *.facebook.com *.facebook.net ussu-web.s3.eu-west-2.amazonaws.com yusu.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com pi-live.sagepay.com *.google-analytics.com emailmeform.com *.emailmeform.com *.gstatic.com *.tawk.to *.bootstrapcdn.com web-cdn.fixr.co use.fontawesome.com unpkg.com diffuser-cdn.app-us1.com *.reciteme.com cdn.curator.io *.twitter.com *.fontawesome.com mentimeter.com *.lightwidget.com *.datatables.net api.mapbox.com openstreetmap.org *.thunderforest.com box.com boxcdn.net justgiving.com *.justgiving.com rss2json.com hullstudent.co.uk *.atlassian.com *.addthis.com vuejs.org *.moatads.com *.popupsmart.com *.addthisedge.com code.jquery.com *.live.com prism.app-us1.com eu.snapengage.com js-agent.newrelic.com trackcmp.net bam.nr-data.net uksu.activehosted.com *.placeholder.com *.surveymonkey.com d3rxaij56vjege.cloudfront.net cdn.ckeditor.com *.designmynight.com *.typeform.com actionnetwork.org *.browsealoud.com ysjsu.com *.juicer.io reclaimhub.com *.appzi.io manchesterstudenthomes.com embedsocial.com *.clarity.ms woxo.tech snapwidget.com s3.amazonaws.com *.civiccomputing.com *.freshworks.com *.us1.list-manage.com plausible.io calendar.zoho.eu opinionstage.com *.browsealoud.com *.googleadservices.com *.fatsoma.com *.mapbox.com documentservices.adobe.com gen.sendtric.com public.flourish.studio *.eusa.ed.ac.uk *.youtube.com freddyfeedback.com *.termsfeed.com ucarecdn.com uploadcare.com *.uploadcare.com native.fm *.native.fm *.moneyadviceservice.org.uk *.moneyhelper.org.uk facebook.com *.facebook.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jsdelivr.net cdn.quilljs.com *.cloudflare.com lincolnsu.com *.lincolnsu.com ussu-web.s3.eu-west-2.amazonaws.com yusu.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudfront.net *.bootstrapcdn.com *.google.com hello.myfonts.net *.fontawesome.com *.typekit.net *.popupsmart.com *.tawk.to *.gstatic.com unpkg.com *.reciteme.com cdn.ckeditor.com *.designmynight.com actionnetwork.org ysjsu.com *.curator.io *.juicer.io *.jquery.com danny-husu.github.io embedsocial.com cdn-images.mailchimp.com *.typeform.com *.freshworks.com *.mapbox.com *.fatsoma.com su.imgix.net native.fm *.native.fm *.rawgithub.com facebook.com *.facebook.com;img-src 'self' data: *.facebook.com nusdigital.s3-eu-west-1.amazonaws.com ussu-web.s3.eu-west-2.amazonaws.com yusu.s3.eu-west-2.amazonaws.com bgsumsassets.s3.eu-west-2.amazonaws.com nusdigital.s3.amazonaws.com su.imgix.net lincolnsu.com *.lincolnsu.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.cloudflare.com *.cloudfront.net *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.google.co.uk *.justgiving.com *.googletagmanager.com *.tawk.to *.tile.thunderforest.com maps.gstatic.com *.ytimg.com *.reciteme.com cdn.ckeditor.com *.glassdoor.co.uk *.designmynight.com *.gstatic.com actionnetwork.org ysjsu.com *.netlify.app *.b-cdn.net *.curator.io *.browsealoud.com *.texthelp.com *.ibb.co *.lincolnsu.com *.airtable.com minisite.ticketline.co.uk *.juicer.io *.cdninstagram.com *.appzi.io *.clarity.ms *.freshworks.com fixr-cdn.fixr.co *.mapbox.com dummyimage.com *.sendtric.com *.airtableusercontent.com public.flourish.studio *.youtube.com *.fatsoma.com native.fm *.native.fm *.hotjar.com *.moneyhelper.org.uk facebook.com *.facebook.com;font-src 'self' data: lincolnsu.com *.lincolnsu.com font.googleapis.com *.sumsmanagement.com *.sums.su *.rackcdn.com *.gstatic.com *.jsdelivr.net *.cloudfront.net *.bootstrapcdn.com *.fontawesome.com *.hotjar.com *.cloudflare.com fonts.googleapis.com *.tawk.to ussu-web.s3.eu-west-2.amazonaws.com *.reciteme.com ysjsu.com *.netlify.app *.juicer.io dev-ysjsu.netlify.app *.appzi.io *.freshworks.com use.typekit.net su.imgix.net native.fm *.native.fm facebook.com *.facebook.com;connect-src 'self' 'unsafe-inline' lincolnsu.com *.lincolnsu.com *.airtable.com *.hotjar.com *.google-analytics.com *.facebook.com *.sums.su *.hotjar.io wss://*.tawk.to *.tawk.to *.atlassian.com *.doubleclick.net *.fontawesome.com *.googleapis.com bam.nr-data.net *.addthis.com *.rss2json.com *.reciteme.com submit-form.com *.designmynight.com *.typeform.com *.botpoison.com *.browsealoud.com eu.snapengage.com ysjsu.com *.curator.io *.speechstream.net *.texthelp.com wss://*.hotjar.com *.sums.dev *.juicer.io *.appzi.io *.clarity.ms *.civiccomputing.com *.freshworks.com *.freshdesk.com plausible.io *.withgoogle.com *.eusa.ed.ac.uk freddyfeedback.com native.fm *.native.fm uploadcare.com *.uploadcare.com *.google.com facebook.com *.facebook.com;frame-src 'self' data: lincolnsu.com *.lincolnsu.com *.hotjar.com *.google.com *.youtube.com *.openstreetmap.org *.rackcdn.com *.addthis.com *.box.com *.kaltura.com *.lightwidget.com *.opinionstage.com prezi.com *.youtube-nocookie.com *.surveymonkey.com *.emailmeform.com *.reciteme.com *.live.com *.office.com *.nottingham.ac.uk *.facebook.com snapwidget.com *.typeform.com ussu-web.s3.eu-west-2.amazonaws.com *.sumsmanagement.com www.mentimeter.com *.vimeo.com ysjsu.com *.jotform.com *.jotformeu.com *.googleapis.com *.sums.su *.issuu.com *.airtable.com *.york.ac.uk *.ystv.co.uk *.ury.org.uk *.twitter.com login.microsoftonline.com login.windows.net manchesterstudenthomes.com *.sharepoint.com reclaimhub.com open.spotify.com w.soundcloud.com embedsocial.com *.sheffield.us1.list-manage.com *.instagram.com *.freshworks.com fixr.co calendar.zoho.eu *.google.co.uk *.yumpu.com *.fatsoma.com kuintranet.co.uk *.kuintranet.co.uk wix.com *.wix.com wixapps.net *.wixapps.net public.flourish.studio flo.uri.sh v5.airtableusercontent.com forms.microsoft.com *.eusa.ed.ac.uk *.sums.digital *.canva.com freddyfeedback.com hullstudent.co.uk native.fm *.native.fm *.moneyadviceservice.org.uk lincolnsu.com *.lincolnsu.com facebook.com *.facebook.com *.cloud.microsoft;child-src 'self' ;media-src 'self' blob: assets-cdn.sums.su *.sumsmanagement.com api.reciteme.com livemanchesterac.sharepoint.com *.tawk.to native.fm *.native.fm;worker-src 'self' thevenuekent.co.uk; 1
default-src 'self' https://*.yieldbroker.com https://analytics.google.com;  frame-ancestors 'self' https://*.yieldbroker.com:*;  frame-src 'self' https://*.yieldbroker.com:* https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.figma.com ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.yieldbroker.com https://www.googletagmanager.com *.google-analytics.com https://snap.licdn.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://cdn.matomo.cloud/; style-src 'self' 'unsafe-inline' blob:  https://*.yieldbroker.com https://www.gstatic.com/charts/ https://fonts.googleapis.com;  font-src 'self' data: https://*.yieldbroker.com https://analytics.google.com https://www.google-analytics.com https://fonts.gstatic.com;  img-src 'self' data: blob: https://*.yieldbroker.com https://analytics.google.com https://www.google-analytics.com https://marketplace-cdn.atlassian.com;  object-src 'self' https://*.yieldbroker.com;  manifest-src 'self' blob: https://*.yieldbroker.com;  connect-src 'self' https://*.yieldbroker.com https://analytics.google.com https://www.google-analytics.com https://marketplace.atlassian.com;  1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com https://maps.gstatic.com https://*.gstatic.com https://*.contacta.io https://*.googleapis.com https://www.instagram.com https://www.twitter.com https://www.youtube.com https://cdn.jsdelivr.net https://google.com https://deliveroo.co.uk https://goo.gl https://www.tiktok.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://analytics.tiktok.com https://forms.contacta.io https://script.crazyegg.com https://bat.bing.com https://www.googletagmanager.com https://dev-shakeshack.pantheonsite.io https://www.shakeshack.co.uk https://fonts.googleapis.com https://secure.gravatar.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://js-agent.newrelic.com https://region1.analytics.google.com https://script.crazyegg.com https://analytics.tiktok.com https://script.hotjar.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://forms.contacta.io; img-src 'self' data: https://imgsct.cookiebot.com https://secure.gravatar.com https://bat.bing.com https://www.google.co.uk https://www.google.com https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://*.gstatic.com https://*.contacta.io https://*.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://consentcdn.cookiebot.com; worker-src 'self' blob:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://script.crazyegg.com https://analytics.tiktok.com https://consentcdn.cookiebot.com https://bam.nr-data.net https://maps.googleapis.com https://googleapis.com https://imgsct.cookiebot.com https://cookiebot.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; 1
frame-ancestors 'self' https://fleets.firststoptools.com https://fleets-taller.firststoptools.com 1
base-uri 'none'; default-src 'self' https://* data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://* https://*; style-src 'self' 'unsafe-inline' http://* https://*; img-src data: *; 1
child-src blob:; connect-src 'self' https://*.independer.be https://*.independer.nl https://*.independer-blog.be https://www.google-analytics.com https://ampcid.google.com https://ampcid.google.nl https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://*.mopinion.com https://*.contentsquare.net https://www.facebook.com https://www.googletagmanager.com https://*.analytics.google.com https://*.clarity.ms https://bat.bing.com; default-src 'self'; font-src 'self' data: https://independer.be https://*.independer.be https://fonts.gstatic.com https://*.mopinion.com; frame-src 'self' https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://infogram.com https://localfocuswidgets.net https://localfocus2.appspot.com https://optimize.google.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://*.mopinion.com https://www.facebook.com; img-src 'self' data: blob: https://independer.be https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.independer.be https://www.independer.nl https://independer-static.nl https://*.independer-static.nl https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://*.privacysandbox.googleadservices.com https://googleads.g.doubleclick.net https://*.fls.doubleclick.net https://adservice.google.com https://pagead2.googlesyndication.com https://fonts.gstatic.com https://www.google.com https://www.google.nl https://www.google.be https://*.mopinion.com https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://dashboard.trustprofile.io https://bat.bing.com https://www.clarity.ms https://*.analytics.google.com https://c.clarity.ms; manifest-src 'self' https://*.independer.be; object-src 'self'; report-uri https://staging.independer.be/insurance/api/client-log/csp-report; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.independer.be https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.independer.nl https://*.independer-blog.be https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.mopinion.com https://connect.facebook.net https://t.contentsquare.net https://*.contentsquare.com https://bat.bing.com https://www.clarity.ms https://*.analytics.google.com; style-src 'self' 'unsafe-inline' https://*.independer.be https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://*.mopinion.com https://*.analytics.google.com; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com consent.cookiebot.com cdn.cookielaw.org fonts.gstatic.com footer.mars.com 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ cdn.syndication.twimg.com chrome-extension connect.facebook.net diigo.com google.com google-analytics.com googletagmanager.com gstatic.com https://www.diigo.com region1.google-analytics.com stats.g.doubleclick.net teachpsych.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src * data: blob: 1
default-src 'self' blob: https://*.summize.com *.google-analytics.com https://*.linkedin.com https://assets-global.website-files.com https://stats.g.doubleclick.net https://uploads-ssl.webflow.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com; script-src 'unsafe-inline' 'self' https://*.summize.com https://*.clarity.ms https://*.hotjar.com https://*.leadoo.com https://ajax.googleapis.com https://assets-global.website-files.com https://bat.bing.com https://cdn.calconic.com https://code.jquery.com https://connect.facebook.net https://cdn.finsweet.com https://cdn.jsdelivr.net https://cdn.leadinfo.net https://cdnjs.cloudflare.com https://d3e54v103j8qbb.cloudfront.net https://forms.hsforms.com https://global-uploads.webflow.com https://googleads.g.doubleclick.net https://www.gstatic.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.usemessages.com https://js.zi-scripts.com https://tools.refokus.com https://sc.lfeeder.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hsappstatic.net https://summize.bamboohr.com https://tagmanager.google.com https://tools.refokus.io https://uploads-ssl.webflow.com https://widgets.sociablekit.com https://ws.zoominfo.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.youtube.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.summize.com https://*.leadoo.com https://*.sociablekit.com https://assets-global.website-files.com https://fonts.googleapis.com https://global-uploads.webflow.com https://maxcdn.bootstrapcdn.com https://uploads-ssl.webflow.com https://tagmanager.google.com; font-src 'self' data: https://*.summize.com https://*.leadoo.com https://fonts.gstatic.com https://js.hs-banner.com https://maxcdn.bootstrapcdn.com https://uploads-ssl.webflow.com; img-src 'self' data: https://*.summize.com https://googleads.g.doubleclick.net https://www.linkedin.com https://px.ads.linkedin.com/collect https://ssl.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com www.googletagmanager.com *; frame-src https://*.summize.com https://*.doubleclick.net/ https://*.hotjar.com/ https://*.leadoo.com https://app.hubspot.com https://bid.g.doubleclick.net https://cdn.embedly.com https://dev-938782.oktapreview.com https://embed.podcasts.apple.com https://forms.hsforms.com https://iframe.videodelivery.net https://meetings.hubspot.com https://open.spotify.com https://webflow.com https://w.soundcloud.com https://www.facebook.com https://www.google.com https://www.youtube.com; connect-src https://*.summize.com https://*.analytics.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.leadoo.com https://*.ads.linkedin.com https://analytics.google.com https://api.hubapi.com https://api.hubspot.com https://api.leadinfo.com https://app.calconic.com https://bat.bing.com https://bot.leadoo.com https://cdn.linkedin.oribi.io https://collector.leadinfo.net https://editor-api.webflow.com https://forms.hscollectedforms.net https://forms.hsforms.com https://forms.hubspot.com https://global-uploads.webflow.com https://google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hs-banner.com https://js.zi-scripts.com https://notify.bugsnag.com https://sessions.bugsnag.com/ https://statistics-dot-calconic-app.appspot.com https://stats.g.doubleclick.net https://summize.bamboohr.com https://webflow.com https://ws.zoominfo.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk; report-uri https://summize.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.facebook.net *.facebook.com *.googletagmanager.com *.episerver.net route-finder.now.sh routefinderapp.azureedge.net routefinderapp.azurewebsites.net routefinderapptest.azurewebsites.net *.pardot.com *.reachmee.com *.extellio.com *.google.se *.pingdom.net *.cookiebot.com *.adform.net *.doubleclick.net *.videomarketingplatform.co *.ytimg.com *.licdn.com *.linkedin.com *.envirotainer.com about:; connect-src 'self' ws://*.com ws://*.se *.visualstudio.com *.pingdom.net *.google-analytics.com *.doubleclick.net *.cookiebot.com *.adform.net m.extellio.com; frame-ancestors 'self' 1
default-src 'none'; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' *.disqus.com c.disquscdn.com; worker-src https: blob:; child-src https: blob:; style-src https: data: 'unsafe-inline' 'unsafe-eval' c.disquscdn.com; img-src https: data: 'unsafe-inline' http://*.tile.osm.org; font-src https:; object-src blob: 'self'; base-uri 'none'; frame-ancestors 'self'; connect-src blob: 'self' *.openstreetmap.org *.disqus.com *.pixabay.com pixabay.com *.addthis.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.opava-city.cz *.youtube.com *.vimeo.com docs.google.com disqus.com *.disqus.com *.opava-city.cz e.issuu.com *.addthis.com api.mapy.cz www.google.com opava360.panovision.cz; media-src https: 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data:; font-src https: data:; frame-src https:; connect-src https: wss:; worker-src https: blob:; media-src https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com https://tagmanager.google.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cba.informz.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com cba.informz.net https://stats.g.doubleclick.net prod.ctbar.org; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' *.doubleclick.net *.informz.net *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.com.hk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.com.hk https://m.myprotein.com.hk https://checkout.myprotein.com.hk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://content.benefitsaccess.org https://www.google-analytics.com https://*.online-metrix.net; script-src 'self' https://content.benefitsaccess.org https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://127.0.0.1:* https://content.benefitsaccess.org https://www.google-analytics.com; img-src 'self' https://*.benefitsaccess.org https://*.wespath.org data: https://content.benefitsaccess.org https://*.online-metrix.net https://www.google-analytics.com https://*.doubleclick.net; frame-src https://www.youtube.com/ https://content.benefitsaccess.org/; worker-src blob: 1
frame-ancestors growcurriculum.org admin.stuffyoucanuse.org curriculum.stuffyoucanuse.org 1
default-src 'self' https://www.fulltextarchive.com;connect-src 'self' https://www.fulltextarchive.com https://matomo.fulltextarchive.com https://matomo-cdn.fulltextarchive.com https://api.rankmath.com https://rankmathapi.com https://headlines-api.coschedule.com https://headlines.coschedule.com;font-src data: 'self' https://cdn.fulltextarchive.com https://matomo.fulltextarchive.com https://cdn.jsdelivr.net https://s0.wp.com;style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://cdn.fulltextarchive.com https://matomo.fulltextarchive.com https://cdn.jsdelivr.net;img-src data: blob: 'self' https://image.thum.io https://t0.gstatic.com https://s.w.org https://www.fulltextarchive.com https://cdn.fulltextarchive.com https://secure.gravatar.com https://matomo.fulltextarchive.com https://matomo-cdn.fulltextarchive.com https://ps.w.org https://charts.rankmath.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://fulltextarchive.us10.list-manage.com https://matomo.fulltextarchive.com https://matomo-cdn.fulltextarchive.com https://cdn.fulltextarchive.com https://cdnjs.cloudflare.com https://www.google.com/jsapi/;script-src-elem 'self' 'unsafe-inline' https://cdn.fulltextarchive.com https://matomo-cdn.fulltextarchive.com https://www.google.com/jsapi 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-/sTiDaBBAyOTwlhb2gbZUw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://maps.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com  https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://script.hotjar.com *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://promociones.travers.com.mx *.olark.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com https://translate.googleapis.com https://script.hotjar.com https://www.facebook.com *.olark.com https://beta.travers.com.mx *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net *.youtube.com *.olark.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.gstatic.com *.olark.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ http://static.olark.com/jsclient/sounds/olark-chimes.ogg 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://bam.nr-data.net https://translate.googleapis.com https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com *.hotjar.com *.hotjar.io *.olark.com wss://ws.hotjar.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.rayonier.com https://landing.rayonier.com/; 1
frame-ancestors 'self' *.donorperfect.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.ca *.videopress.com *.google.com *.wp.com *.youtu.be *.googleapis.com *.google-analytics.com *.fontawesome.com *.gstatic.com *.donorperfect.net *.youtube.com *.vimeo.com *.googletagmanager.com *.googleadservices.com *.twitter.com *.facebook.net *.facebook.com *.ceros.com cdnjs.cloudflare.com static.ads-twitter.com static.ctctcdn.com static.ctctcdn.com; worker-src 'self' blob: 1
default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'nonce-syeU2OX5nLp8Hda8osh6BUROjNbBUIv2'; frame-ancestors 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.parsely.com/keys/merck-animal-health.com/p.js https://cdnmc1.vod309.com/multichannel/veeva/js/externalrequest/embed-multichannelmessage.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://cdn.pricespider.com https://player.quadia.net https://pym.nprapps.org/ blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://mc-01-app-us.veevacrm.com https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; img-src 'self' https://assets.msd-animal-health.com https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 1
frame-ancestors 'self'    *.entendiendomisfinanzas.pe qasegurossura.qiip.com.mx qamiplanfinanciero2021.proteccion.com list-preview.qiip.com.mx 1
default-src 'self' *.dynatrace.com; media-src 'self' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.bing.com *.ensighten.com *.choozle.com * *.adsrvr.org *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.google.com *.bing.com *.ensighten.com *.choozle.com *.adsrvr.com *.cookielaw.org; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.bing.com *.ensighten.com *.choozle.com *.adsrvr.org *.cookielaw.org; style-src 'self' 'unsafe-inline' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; frame-src 'self' *.google.com *.youtube.com *.adsrvr.org *.cloudfront.net; object-src 'self' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; connect-src 'self' *.dynatrace.com *.google-analytics.com *.googletagmanager.com *.google.com *.cookielaw.org *.onetrust.com; 1
default-src 'self';        frame-ancestors 'self';        img-src 'self' 'unsafe-inline' *.ytimg.com *.gravatar.com  *.googleapis.com  *.linkedin.com  *.smushcdn.com *.facebook.com  *.google.com *.google-analytics.com  *.gstatic.com data: ;        frame-src 'self' 'unsafe-inline' *.hdn.nl *.facebook.com *.vimeo.com *.youtube.com *.youtube-nocookie.com  *.google.com *.hotjar.com  data: ;        script-src 'self' 'unsafe-inline' *.youtube.com  *.gstatic.com *.wisernotify.com *.facebook.net  *.licdn.com *.jsdelivr.net *.googleapis.com *.google.com  *.googletagmanager.com  *.getclicky.com  *.google-analytics.com *.getclicky.com  *.hotjar.com *.wpmucdn.com ;        connect-src 'self' 'unsafe-inline' *.azurewebsites.net *.hotjar.com *.wisermapp.com *.googleapis.com  *.googletagmanager.com  *.getclicky.com  *.google-analytics.com   wss: *.hotjar.com ;        style-src 'self' 'unsafe-inline' *.gstatic.com *.wisernotify.com *.googleapis.com  *.wpmucdn.com  *.cloudflare.com *.jsdelivr.net ;        font-src 'self' 'unsafe-inline' data: *.hdn.nl *.gstatic.com *.cloudflare.com ;        media-src 'self' 'unsafe-inline' data: *.hdn.nl hdn.nl ;        object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://beekeeping.ninja; img-src 'self' https: data: blob: https://beekeeping.ninja; style-src 'self' https://beekeeping.ninja 'nonce-q/CT/wtAfKk0FXe7jpOtHA=='; media-src 'self' https: data: https://beekeeping.ninja; frame-src 'self' https:; manifest-src 'self' https://beekeeping.ninja; form-action 'self'; child-src 'self' blob: https://beekeeping.ninja; worker-src 'self' blob: https://beekeeping.ninja; connect-src 'self' data: blob: https://beekeeping.ninja https://beekeeping-cdn.autonomy.ninja wss://beekeeping.ninja; script-src 'self' https://beekeeping.ninja 'wasm-unsafe-eval' 1
require-trusted-types-for 'script';report-uri /_/ChromeWebStoreConsumerFeUi/cspreport 1
frame-ancestors 'none'; object-src 'none'; script-src 'self' https://static.glitch.social; base-uri 'none'; 1
frame-ancestors 'self' https://*.cle-international.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.recreateyourself.co.nz https://m.recreateyourself.co.nz https://checkout.recreateyourself.co.nz https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
block-all-mixed-content;form-action 'self' https://secure.ogone.com/ https://*.google-analytics.com/;default-src 'self'; base-uri 'self';worker-src 'self';object-src 'self';frame-ancestors 'self';frame-src 'self' https://geoviewer.windinternet.nl/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://vimeo.com/ https://player.vimeo.com/ https://api.pdok.nl/ https://geodata.hoogeveen.nl/;script-src 'self' https://siteimproveanalytics.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ 'sha256-wYmRW19DHAh+3AHqNG4hSeJi05TjJ6pjb0owArDerBQ=' 'sha256-Dj9IW03ZOsC1YxJzjTvhlAPI9+u7uRqans/HKncQ3pM=' 'sha256-jb6au6ozgVvwRjq43nI4UqXCs6TMocbYkOK+OeJOQDQ=' 'sha256-a3PYyvWVmngo3YLpz17qTk6Yhsalc4ysV07ms29IGIQ=';style-src 'self' 'report-sample';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.global.siteimproveanalytics.io/;child-src 'self';media-src 'self' data:;font-src 'self' data:;connect-src 'self' https://geodata.hoogeveen.nl/ https://api.pdok.nl/ https://geoviewer.windinternet.nl/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles secretsinlace.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com pro.ip-api.com forms.soundestlink.com; default-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' secretsinlace.commercev3.com s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: fonts.soundestlink.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com ct.pinterest.com player.vimeo.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com *.soundestlink.com omnisnippet1.com i.vimeocdn.com/video/; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com cdn.jsdelivr.net omnisnippet1.com forms.soundestlink.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com cdn.jsdelivr.net omnisnippet1.com forms.soundestlink.com; style-src 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-elem 'self' s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-attr  'unsafe-inline'; media-src 'self' secretsinlace.commercev3.com s3.amazonaws.com/cdn.secretsinlace.com/ cdn.commercev3.net/cdn.secretsinlace.com/ cdn.secretsinlace.com www.bing.com; 1
default-src 'self'; script-src 'self'; script-src-elem 'self' https://code.jquery.com 'unsafe-inline'; style-src 'self' https://code.jquery.com 'unsafe-inline'; style-src-attr 'self' https://code.jquery.com 'unsafe-inline'; img-src 'self' data: https://www.vmr.gov.ua https://i.ibb.co https://themes.googleusercontent.com; font-src 'self'; media-src 'self'; frame-src 'self' https://www.google.com; object-src 'self'; form-action 'self'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' wss://*.hotjar.com  localhost data: *.advocadoapp.com *.advocado.app *.advo.to   *.survicate.com *.hotjar.com *.hotjar.io *.doubleclick.net www.google.com.vn  *.google.com.vn  *.fbsbx.com *.facebook.com *.line-scdn.net *.line.me *.googleapis.com *.checkout.com *.line-website.com *.googletagmanager.com *.google-analytics.com *.stripe.com *.google.com *.amazonaws.com *.gstatic.com unpkg.com  geolocation-db.com 'unsafe-inline'; img-src 'self'  *.googleusercontent.com      *.google.com.vn   *.advocado.app  *.advo.to  *.google-analytics.com *fbcdn.net *.amazonaws.com *.fbsbx.com *.google.com *.survicate.com *.facebook.com *.line-scdn.net data:; style-src 'self' *.advocado.app *.advo.to *.googleapis.com *.google.com *.advocado.app *.advo.to *.hotjar.com *.survicate.com 'unsafe-inline'; 1
default-src 'self' https://media.kulturbanause.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com data:; img-src 'self' https://secure.gravatar.com https://ssl-vg03.met.vgwort.de https://www.google-analytics.com https://www.googletagmanager.com https://s.w.org https://wordpress.org https://ps.w.org https://stats.g.doubleclick.net https://maps.googleapis.com https://media.kulturbanause.de https://kulturbanause.de https://caniuse.bitsofco.de https://res.cloudinary.com https://vg06.met.vgwort.de/ https://vg02.met.vgwort.de data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-src 'self' https://media.kulturbanause.de https://player.vimeo.com/ https://amazon.com https://animoto.com https://blip.tv https://cloudup.com https://collegehumor.com https://crowdsignal.com https://www.dailymotion.com https://www.facebook.com https://www.flickr.com https://www.funnyordie.com https://giphy.com https://www.hulu.com https://imgur.com https://instagram.com https://issuu.com https://www.kickstarter.com https://meetup.com https://mixcloud.com https://photobucket.com https://reddit.com https://reverbnation.com https://www.scribd.com https://www.slideshare.net https://www.smugmug.com https://soundcloud.com https://speakerdeck.com https://www.spotify.com https://www.ted.com https://www.tumblr.com https://twitter.com https://videopress.com https://vimeo.com https://vine.co https://wordpress.org/plugins-wp https://wordpress.tv https://www.youtube.com https://www.youtube-nocookie.com https://caniuse.bitsofco.de; worker-src 'self'; connect-src 'self' https://www.google-analytics.com; report-uri https://kulturbanause.de/wp-content/themes/kulturbanause/security-report.php 1
frame-ancestors 'self' https://nationalbroadbandireland.lightning.force.com/ 1
frame-ancestors 'self' *.717cu.com *.connectfssonline.com *.myappro.com:* *.personalcard.net:* www.sscuonline.net; report-uri https://zagreports.report-uri.com/r/t/csp/enforce; 1
frame-ancestors 'self' https://www.lenderclose.com https://secure.lenderclose.com https://www.hayfordroadstorage.com https://www.snapdiagnostics.org https://www.airportdepotselfstorage.com https://ecom.quikstor.com https://batinternet.speedpay.com https://dev.merchify.com http://www.ruralins.com http://www.caregiver.com http://www.pathforward-financial.com https://www.ovidlife.com https://www.facebook.com http://ovidlife-staging.herokuapp.com https://khopkins-laptop.local http://www.terrykaycabinrentals.com https://previewondemand.eoriginal.com https://supportondemand.eoriginal.com https://thepollinationproject.org https://www.affiliatefundingplatform.com https://www.callthegeekguy.com https://www.youruma.com https://psychicoz.com https://www.wooglobe.com https://www.axe-mobile.com https://bs-sng-notary.com https://marylandmobilenotary.net/ https://www.facebook.com https://signaturenotaryllc.com https://taxandnotarysigning.com/ https://www.SignHereFromThere.com https://www.dock610.com https://testmes.phorest.com https://www.reformcph.com https://HadRachInc.com https://www.loansigner.net https://www.hmobilenotary.com https://expedite550.uat.bkfstest.com https://www.thiinkbiiginc.com https://www.redirectcandc.com https://www.notaryrusllc.com/ https://harrisnotaryservices.net/ https://www.domain.com https://www.signingagent.com https://www.taskq.biz https://abmobilenotary.com/ https://www.poppinnotary.com/ https://www.NwnServices.com https://api.docverify.com https://ourmeernotary.com/ https://nonanotary.com/ https://angelmorris0218.wixsite.com https://www.artsnotaryservicesoftx.mysite.com https://www.thiinkbiigsigningservicesllc.com https://www.rmremoteservices.com https://www.newholland.law https://www.southtexasnotary.com https://www.gatsbycourtservices.com https://clairekurio.wixsite.com https://www.notary-now.com https://heatherdenee.com/ron/ https://www.brisknotary.com https://www.sandamobilenotaryservices.com https://www.sjwinjurylaw.com/ https://www.access365notarysvc.com https://websites.godaddy.com https://www.lmnotary.net https://www.slcombine.com https://businesssolutionzllc.com https://www.jwmsns.com https://editor.wix.com https://www.eliteparalegalandnotaryllc.com https://www.danasnotaryservices.net https://www.delnotaryservices.com https://www.mccraymobilenotary.com/ https://www.brinoble.com https://www.jmtlegacynotaryservices.com https://spmnotary.com/ https://goatlivescan.com https://signedmeeklyunique.com/ https://moowaysigningservices.com/ https://internet.speedpay.com/ https://portal.reliablesigningsllc.com https://api.speedpay.com https://demo.lenderclose.com/ https://app.coviance.com https://self-storagenashville.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.adsymptotic.com adsymptotic.com *.amazonaws.com amazonaws.com app.revelian.com bettermedical.com.au email.bfjmedia.com.au *.bfjmedia.com.au bfjmedia.com.au cdn.hotdoc.com.au cdnjs.cloudflare.com *.doubleclick.net doubleclick.net email.bfjmedia.com.au *.facebook.com facebook.com *.facebook.net facebook.net *.google.com google.com *.google.com.au google.com.au *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.gstatic.com gstatic.com halaxy.com *.hotdoc.com.au hotdoc.com.au *.hotjar.com hotjar.com *.linkedin.com linkedin.com cdn.linkedin.oribi.io maps.googleapis.com maxcdn.bootstrapcdn.com *.myhealth1st.com.au myhealth1st.com.au sc.lfeeder.com *.lfeeder.com smartclinics.com.au snap.licdn.com youtube.com data: ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com; font-src 'self' http://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
frame-ancestors 'self' https://admin.lamedicale.fr 1
default-src 'self' https://* s3.us-west-1.amazonaws.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com anchor.fm www.googletagmanager.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;frame-ancestors 'self' https://*.mybigcommerce.com;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; 1
connect-src https://maps.googleapis.com https://geolocation.onetrust.com https://pubsub.googleapis.com https://cdn-ukwest.onetrust.com https://region1.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://privacyportal-uk.onetrust.com/request/v1/consentreceipts https://region1.analytics.google.com https://stats.g.doubleclick.net https://integration.hotelmap.com https://hotelmap.com https://api.membershipworks.com 'self' 'unsafe-inline' ws://localhost:62058 ws://localhost:62058/Website/ https://localhost:44399 ws://localhost:44399 wss://localhost:59119/Website/ wss://localhost:44399 ws://localhost:50770/Website/; default-src 'self'; font-src data: https://fonts.gstatic.com https://use.typekit.net 'self'; frame-src https://www.youtube.com/ https://www.google.com https://player.vimeo.com/ https://download-video.akamaized.net https://www.podbean.com/ http://www.eje-online.org https://td.doubleclick.net 'self'; frame-ancestors https://www.youtube.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net http://www.eje-online.org https://ese-vnext-web-prelive.digitalconnect.co.uk/ www.ese-hormones.org; img-src https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://cdn-ukwest.onetrust.com data: https://d2lroniprg4xr2.cloudfront.net https://hotelmap.com https://www.googletagmanager.com https://www.facebook.com https://www.google.pl https://cdn.membershipworks.com https://www.google-analytics.com 'self'; media-src https://www.youtube.com https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net data: 'self'; object-src 'self'; style-src https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://integration.hotelmap.com https://www.hotelmap.com https://use.typekit.net https://p.typekit.net https://cdn.membershipworks.com 'self' 'unsafe-inline'; script-src https://www.google.com https://maps.googleapis.com https://www.facebook.com https://cdn-ukwest.onetrust.com https://www.gstatic.com https://www.youtube.com https://hotelmap.com https://integration.hotelmap.com https://data-api.hotelmap.com https://stats.g.doubleclick.net https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk https://connect.facebook.net https://www.google-analytics.com https://cdn.membershipworks.com 'unsafe-eval' https://www.googletagmanager.com 'self' 'unsafe-inline' https://localhost:44344 https://localhost:44399; worker-src 'self'; 1
connect-src 'self' https://mcshop.us16.list-manage.com/ http://www.trustmarkthai.com/callbackData/initialize.php https://api.mcshop.com https://api.cms.mcshop.com r.logrocket.io http://*.facebook.net https://*.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.googletagmanager.com https://www.trustmarkthai.com https://vghk5qmwml.execute-api.ap-southeast-1.amazonaws.com https://www.priceza.com/  http://www.priceza.com/ https://*.facebook.com https://vimeo.com/api/oembed.json https://ekr.zdassets.com/* https://www.google-analytics.com *.clarity.ms d.line-scdn.net *.tiktok.com  https://www.googleadservices.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com; script-src 'self'  'unsafe-inline' https://mcshop.us16.list-manage.com/ https://www.facebook.com/tr/ https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/6.23.0/polyfill.min.js http://*.facebook.net *.facebook.com https://*.zopim.com https://*.zendesk.com https://www.googletagmanager.com http://www.google-analytics.com https://tagmanager.google.com https://pgw.2c2p.com https://t.2c2p.com https://demo2.2c2p.com https://2c2p.com https://cdn.omise.co https://cdn.logrocket.com https://connect.facebook.net https://staticxx.facebook.com https://graph.facebook.com https://z-m-graph.facebook.com www.googletagmanager.com https://www.trustmarkthai.com maps.google.com maps.googleapis.com https://www.priceza.com/js/tracking.js http://www.priceza.com/js/tracking.js https://*.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflA_CqEQ/www-widgetapi.js https://player.vimeo.com/api/player.js https://static.zdassets.com http://tagmanager.google.com *.accesstrade.in.th *.clarity.ms d.line-scdn.net *.tiktok.com https://www.googleadservices.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com; default-src 'self' https://mcshop.us16.list-manage.com/; worker-src blob: data:; font-src * data:; style-src * 'unsafe-inline'; img-src * data:; frame-src https://*.youtube.com https://*.youtube.com/* https://web.facebook.com https://www.facebook.com/* http://staticxx.facebook.com https://www.googletagmanager.com https://www.priceza.com/ http://www.priceza.com/ https://player.vimeo.com/ https://www.facebook.com/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' images.unsplash.com via.placeholder.com *.linkedin.com *.licdn.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.cookiebot.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.cdn.net *.facebook.net *.facebook.com *.umbraco.org *.umbraco.com *.googletagmanager.com *.pardot.com *.reachmee.com *.e-space.se *.google.se *.b-cdn.net *.akamaihd.net *.wistia.com *.office.se *.freshworks.com *.pingdom.net *.reshworks.com *.doubleclick.net *.ytimg.com *.mynewsdesk.com *.amazonaws.com about: blob:; connect-src 'self' ws://*.com ws://*.se *.akamaihd.net *.wistia.com *.litix.io *.freshworks.com *.google-analytics.com *.cookiebot.com *.visualstudio.com *.pingdom.net *.umbraco.org *.umbraco.com *.oribi.io *.freshdesk.com *.doubleclick.net;media-src 'self' blob: *.akamaihd.net *.wistia.com *.b-cdn.net; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src             'self' aj-mm.de *.aj-mm.de *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net *.google-analytics.com *.analytics.google.com             www.facebook.com https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         style-src             'self' 'unsafe-inline' aj-mm.de *.aj-mm.de aj-matomo-int1.mm-df1.net *.mm-rh3.net *.googleapis.com *.google.com             https://analytik-jena.ladesk.com             *.ytimg.com *.analytik-jena.com *.analytik-jena.de;         img-src             'self' data: *.ytimg.com *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com             www.facebook.com *.mm-df1.net *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local             aj-mm.de *.aj-mm.de https://a.visitorqueue.com https://px.ads.linkedin.com https://www.linkedin.com             https://analytik-jena.ladesk.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net             userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;         script-src             'self' 'unsafe-inline' 'unsafe-eval' aj-mm.de *.aj-mm.de *.youtube.com *.ytimg.com *.google.com             *.google-analytics.com *.googletagmanager.com connect.facebook.net *.mm-df1.net *.mm-rh3.net             *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local aj-upgrade.local https://pi.pardot.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net             https://t.visitorqueue.com https://snap.licdn.com https://www.googleadservices.com;         font-src             'self' aj-matomo-int1.mm-df1.net *.gstatic.com *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de             https://analytik-jena.ladesk.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com;         frame-src             'self' *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net www.youtube-nocookie.com player.vimeo.com www.facebook.com www.youtube.com player.vimeo.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net;         connect-src             'self' data: blob: *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net             https://www.facebook.com *.google-analytics.com *.analytics.google.com https://cdn.linkedin.oribi.io             https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com             https://www.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com wss://umd.userlike.com             umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com             https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         worker-src             blob: 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-VXFpQXl6OGhlSGoxQW1DcWp0MWdJN0ZsNzRoTkxoeEdGL0hZQWZFOC9FOD06Tlp2NG5FMVVJRmVnVkNYWnVJZ3JaL3M4dk1zOUh6Y3dJSnozTWFWUGxndz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-src https://challenges.cloudflare.com/ www.youtube.com www.google.com https://win-home-inspection.atlassian.net/ win-home-inspection.atlassian.net vimeo.com player.vimeo.com; child-src intranet.wini.com www.youtube.com www.google.com vimeo.com player.vimeo.com; style-src 'self' 'unsafe-inline' intranet.wini.com cdnjs.cloudflare.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com intranet.wini.com; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-3b8A5TXMmiMerkCwrEhcERqyFbk='; style-src 'nonce-3b8A5TXMmiMerkCwrEhcERqyFbk=' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xlbygg.getadigital.cloud https://*.googletagmanager.com https://*.cookieinformation.com https://*.google-analytics.com https://*.googleadservices.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.vimeocdn.com https://*.vimeo.com https://*.snapchat.com https://*.visualwebsiteoptimizer.com https://*.mapbox.com; style-src 'self' 'unsafe-inline' https://*.xlbygg.getadigital.cloud https://*.googleapis.com https://*.google.com https://*.mapbox.com; img-src 'self' data: https://*.xlbygg.getadigital.cloud https://*.facebook.com https://*.google-analytics.com https://*.snapchat.com https://*.google.com https://*.google.no https://*.sanity.io https://gcc-mestergruppen.s3.eu-west-1.amazonaws.com https://*.visualwebsiteoptimizer.com https://*.googletagmanager.com; font-src 'self' data: https://*.xlbygg.getadigital.cloud https://*.gstatic.com; connect-src 'self' blob: https://*.xlbygg.getadigital.cloud https://*.cookieinformation.com https://*.snapchat.com https://*.google-analytics.com https://*.doubleclick.net https://*.mapbox.com https://*.sanity.io https://*.google.com https://*.facebook.com https://*.sentry.io; base-uri 'self'; frame-ancestors 'self' https://xlbygg.sanity.studio https://studio.xlbygg.getadigital.cloud; frame-src 'self' https://*.cookieinformation.com https://*.snapchat.com https://*.facebook.com https://*.youtube.com; form-action 'self' https://*.snapchat.com https://*.facebook.com; manifest-src 'self'; media-src 'self'; object-src 'self'; child-src 'self' blob:; worker-src blob:; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' https://musiciansaustralia.org 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-d72c0d8361f237833c800a7b9f3999d9'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'report-sample' 'self' https://kit.fontawesome.com https://maps.googleapis.com 'sha256-MJfITEiaOcC/v54GIEIISGoo/eQdyTaTJEGDq9CBeCo='; style-src 'report-sample' 'self' 'unsafe-hashes' https://fonts.googleapis.com 'sha256-xzH/NHpPLA9f0k5pofVoiZoEYXKj/Xs3s5Jaf8raGvA=' 'sha256-ZL58hL5KbUHBRnMK797rN7IR+Tg9Aw61ddJ/rmxn1KM=' 'sha256-bepHRYpM181zEsx4ClPGLgyLPMyNCxPBrA6m49/Ozqg=' 'sha256-uCITVBkyNmwuSQXzSNUuRx7G7+1kS2zWJ9SjHF0W2QA='; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-f.fontawesome.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost data: *.googletagmanager.com *.googleapis.com *.google-analytics.com www.google.com *.gstatic.com *.cookieinformation.com *.youtube.com *.cookiebot.com *.adnxs.com *.licdn.com *.facebook.net *.doubleclick.net *.raffle.ai *.bing.com *.aws.dk *.monitor.azure.com *.applicationinsights.azure.com *.emaerket.dk;object-src 'none';style-src 'self' 'unsafe-inline' data: *.typekit.net *.gstatic.com *.youtube.com *.googleapis.com;img-src 'self' data: *.umbraco.com www.google.com *.google.dk *.linkedin.com *.facebook.com *.facebook.net github.com www.github.com *.bing.com *.google-analytics.com *.youtube.com *.appspot.com *.adnxs.com *.googletagmanager.com *.azureedge.net *.aof.dk aof.dk;media-src 'self' data: *.umbraco.com www.google.com github.com www.github.com www.bing.com *.google-analytics.com *.youtube.com;frame-src 'self' *.cookieinformation.com www.google.com *.ritzau.dk *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.doubleclick.net *.bing.com *.applicationinsights.azure.com *.canva.com;font-src 'self' data: *.typekit.net *.youtube.com *.gstatic.com;connect-src 'self' localhost ws: wss: *.cookieinformation.com *.raffle.ai *.aws.dk *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.google.com *.oribi.io *.google.dk *.bing.com *.azure.com;frame-ancestors 'self' www.google.com *.ritzau.dk;upgrade-insecure-requests;block-all-mixed-content 1
img-src 'self' data: blob: https://www.facebook.com https://syndication.twitter.com https://s3.amazonaws.com https://captchas.net https://image.backup.captchas.net https://image.captchas.net; base-uri 'self';connect-src https://www.parliament.gh 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.hdrmaps.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/; img-src 'self' data: https://www.paypalobjects.com/ https://*.paypal.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.paypalobjects.com/ https://www.youtube.com/ https://connect.facebook.net/en_US/fbevents.js https://www.recaptcha.net/ https://www.gstatic.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.paypalobjects.com/ https://www.youtube.com/ https://connect.facebook.net/en_US/fbevents.js https://www.recaptcha.net/ https://www.gstatic.com/; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; object-src * 'unsafe-inline'; media-src * data:; frame-src *; worker-src *; manifest-src *; base-uri *; form-action *; frame-ancestors *; 1
connect-src 'self' login.vanin.be login.microsoftonline.com sanomalearning.piwik.pro sanomalearning.containers.piwik.pro col.site24x7rum.com www.geogebra.org www.knooppunt.net cds.knooppunt.net accessboardbooks.vanin.be boardbooks.vanin.be silverpoint.knooppunt.net snowplow-collector.stor.snmdt.io:9090; font-src 'self' data: sanomalearning.containers.piwik.pro fonts.gstatic.com use.typekit.net; style-src-elem fonts.googleapis.com 'self' 'unsafe-inline' f1-eu.readspeaker.com use.typekit.net p.typekit.net sanomalearning.containers.piwik.pro; frame-src 'self' diddit.be udiddit.be app.explorit.nl app.readspeaker.com nvetts.readspeaker.com player.vimeo.com actts.readspeaker.com rstts.readspeaker.com www.geogebra.org tube.geogebra.org www.bookwidgets.com; img-src 'self' data: f1-eu.readspeaker.com sanomalearning.containers.piwik.pro sanomalearning.piwik.pro www.google.be www.google.com www.gstatic.com ssl.gstatic.com lh3.googleusercontent.com www.bookwidgets.com blob: diddit.sowiso.nl www.vanin-methodes.be latex.codecogs.com i.vimeocdn.com; manifest-src 'self'; media-src 'self' app.readspeaker.com nvetts.readspeaker.com actts.readspeaker.com rstts.readspeaker.com media.readspeaker.com; script-src-elem code.angularjs.org ajax.googleapis.com sanomalearning.piwik.pro sanomalearning.containers.piwik.pro 'unsafe-inline' 'self' f1-eu.readspeaker.com alcdn.msauth.net static.site24x7rum.com d1lc13lc73nc74.cloudfront.net polyfill.io data:; style-src-attr 'unsafe-inline'; worker-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com 1
default-src 'self' blob: data: gap: ajax.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com js.hsforms.net; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src 'self' blob: gap:; object-src 'none'; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap:; script-src-elem * 'self' 'unsafe-inline'; 1
frame-ancestors https://*.sumuun.net; 1
img-src https: data:; default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src https://connect.facebook.net/ https://jadserve.postrelease.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://manulifefinancial.sc.omtrdc.net https://assets.adobedtm.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://manulife.122.2o7.net https://www.facebook.com https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://bat.bing.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://sit.igoinsured.com https://sitmlex.pci.manulife.com https://uat.igoinsured.com https://www.igoinsured.com https://uatmlex.pci.manulife.com https://6104928.fls.doubleclick.net/ https://mlex.pci.manulife.com https://gateway.zscloud.net/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://esqa.moneris.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' geolocation.onetrust.com *.recaptcha.net cdn.cookielaw.org *.google.com *.moodys.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.qualtrics.com *.webtrendslive.com *.webtrends.com *.salesforceliveagent.com *.force.com *.salesforce.com *.adobedtm.com *.gstatic.com *.walkme.com *.cloudfront.net *.go-mpulse.net *.akstat.io *.vimeocdn.com acsbapp.com about.moodys.io moodysabout.webflow.io munchkin.marketo.net *.mktoweb.com https://static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com activitymap.adobe.com *.googleadservices.com googleads.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://challenges.cloudflare.com https://js.adsrvr.org/up_loader.1.1.0.js; worker-src 'self' blob: https://cdn.walkme.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests; 1
frame-src 'self' https://www.googletagmanager.com https://widget.trustpilot.com   http://widget.trustpilot.com https://www.emjcd.com https://service.force.com https://vinesse-preview.secure.force.com bid.g.doubleclick.net vars.hotjar.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.facebook.com app.termly.io cdnjs.cloudflare.com 1
default-src 'self' empfangscheck.freenet.tv; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ioam.de empfangscheck.freenet.tv; style-src 'self' 'unsafe-inline'; 1
default-src 'self';			worker-src blob:;			script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js https://media.afi.es 'unsafe-inline' 'unsafe-eval' https://*.vo.msecnd.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com data:;			style-src 'self' 'unsafe-inline' https://media.afi.es https://*.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap-icons@1.9.1/font/bootstrap-icons.css;			img-src 'self' data: https:;			font-src 'self' https://*.gstatic.com;			connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://dc.services.visualstudio.com;			frame-src 'self' https://*.youtube.com https://*.vimeo.com;			object-src 'none';			base-uri 'self';			form-action 'self';			frame-ancestors 'self' *.afi.es; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
object-src 'self'; frame-ancestors 'self' *.topasweb.com *.topassellconnect.com *.custom.sellingplatformconnect.amadeus.com *.topas.net www.valueofficepro.com http://*.topasweb.com https://*.topasweb.com https://*.topassellconnect.com https://*.custom.sellingplatformconnect.amadeus.com http://*.topas.net https://*.topas.net https://mobile.topas.net:444 https://www.valueofficepro.com 1
default-src 'self' *.googleapis.com ; connect-src 'self' data: *.googlesyndication.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.amazonaws.com *.akamaihd.net *.google.com *.googleapis.com *.googleusercontent.com *.hubspot.com *.youtube.com *.vimeo.com *.bat.bing.com *.clarity.ms *.omappapi.com *.crazyegg.com *.purechat.com acsbapp.com stats.g.doubleclick.net *.acsbapp.com *.akstat.io *.adroll.com *.demdex.net *.everesttech.net *.vizergy.com *.hospitalitysem.com https://www.google-analytics.com https://bat.bing.com https://api.omappapi.com https://c.go-mpulse.net https://pro.ip-api.com https://www.facebook.com/tr/ ; script-src 'self' *.opentable.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.usemessages.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.purechatcdn.com *.appspot.com *.purechat.com *.akamaihd.net *.amazonaws.com *.cloudflare.com *.cloudfront.net *.crazyegg.com *.doubleclick.net *.facebook.net *.jquery.com *.sdlmedia.com *.youtube.com *.vimeo.com *.clarity.ms *.googleapis.com *.google.com *.googletagmanager.com acsbapp.com *.acsbapp.com beacon.sojern.com *.adroll.com *.demdex.net *.everesttech.net *.vizergy.com *.hospitalitysem.com http://bat.bing.com http://www.googleadservices.com http://www.tripadvisor.com https://ds-aksb-a.akamaihd.net https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://a.optmnstr.com/ http://pi.pardot.com/ https://cdn.pardot.com/ http://cdn.pardot.com/ https://s.go-mpulse.net https://storage.googleapis.com https://pi.pardot.com https://track.searchignite.com https://live.rezync.com/sync 'unsafe-inline' 'unsafe-eval' ; style-src 'self' *.amazonaws.com *.googletagmanager.com *.cloudflare.com *.cloudfront.net *.googleapis.com *.brewerdigitalmarketing.com *.sdlmedia.com use.fontawesome.com 'unsafe-inline' ; img-src 'self' *.hsforms.com *.hsforms.net *.openstreetmap.org *.hubspot.com *.gravatar.com *.wp.com *.bing.com *.clarity.ms *.googleusercontent.com *.akamaihd.net *.amazonaws.com *.doubleclick.net *.facebook.com *.google.co.in *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.netmng.com *.sdlmedia.com *.youtube.com *.vimeo.com *.cloudflare.com track.searchignite.com www.google-analytics.com placeimg.com bosunagency.com acsbapp.com *.acsbapp.com *.adroll.com *.demdex.net *.everesttech.net *.vizergy.com *.hospitalitysem.com http://bat.bing.com http://www.tripadvisor.com https://pixel.sojern.com http://pixel.sojern.com https://ib.adnxs.com https://secure.ace-tag.advertising.com/ https://match.adsrvr.org data: ; media-src 'self' tourmkr.com *.tourmkr.com *.bayoucity360.me *.akamaized.net *.sdlmedia.com *.youtube.com acsbapp.com *.acsbapp.com *.googleusercontent.com *.vimeo.com; ; frame-src 'self' tourmkr.com *.tourmkr.com *.bayoucity360.me *.sevenrooms.com *.hsforms.com *.hsforms.net *.hs-scripts.com google.com *.google.com myhoustonian.com *.myhoustonian.com opentable.com *.opentable.com vimeo.com *.vimeo.com *.hubspot.com *.doubleclick.net *.facebook.com *.facebook.net *.youtube.com *.demdex.net *.everesttech.net *.vizergy.com *.hospitalitysem.com www.tamgrt.com https://accessibe.com/ https://www.emjcd.com/; ; font-src 'self' acsbapp.com *.acsbapp.com *.cloudfront.net *.cloudflare.com *.youtube.com *.vimeo.com use.fontawesome.com https://fonts.gstatic.com *.googleapis.com data: ; 1
frame-ancestors 'self' *.derbytheatre.co.uk; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://utter.online; img-src 'self' https: data: blob: https://utter.online; style-src 'self' https://utter.online 'nonce-KzD0p0GUNY7QQ5cNFL4d9Q=='; media-src 'self' https: data: https://utter.online; frame-src 'self' https:; manifest-src 'self' https://utter.online; form-action 'self'; child-src 'self' blob: https://utter.online; worker-src 'self' blob: https://utter.online; connect-src 'self' data: blob: https://utter.online https://cdn.utter.online wss://utter.online; script-src 'self' https://utter.online 'wasm-unsafe-eval' 1
frame-ancestors www.viajeseroski.es www.facebook.com raw2.statichtmlapp.com 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-BYyvOLgR1BlcLBrstcNVzpN7H9k='; style-src 'nonce-BYyvOLgR1BlcLBrstcNVzpN7H9k=' 1
default-src 'none'; img-src 'self' data: blob:; media-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' data:; font-src 'self' data: blob:; object-src 'self'; base-uri 'self'; connect-src 'self'; form-action 'self'; frame-ancestors 'self' frarsan.cat 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ZDBhOGJlMTgtNTUwOC00ZmZhLWJhNjEtNDhhOWMwNjRkNzRh' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-ancestors 'self' 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://performance.typekit.net https://*.nr-data.net; font-src 'self' data: https://fonts.typekit.net https://use.typekit.net; frame-src 'self' https://*.google.com https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.typekit.net https://*.ytimg.com https://cdn.jsdelivr.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://use.typekit.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://tokybd.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-k+VW2k596kJo2bd6Ei6EWb0DtlU='; style-src 'nonce-k+VW2k596kJo2bd6Ei6EWb0DtlU=' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://togart.de; img-src 'self' https: data: blob: https://togart.de; style-src 'self' https://togart.de 'nonce-d7A6soI9DrqEJ/edJlNJ+Q=='; media-src 'self' https: data: https://togart.de; frame-src 'self' https:; manifest-src 'self' https://togart.de; form-action 'self'; child-src 'self' blob: https://togart.de; worker-src 'self' blob: https://togart.de; connect-src 'self' data: blob: https://togart.de https://togart.de wss://togart.de; script-src 'self' https://togart.de 'wasm-unsafe-eval' 1
base-uri *.dcement.com *.dcement.cn;child-src *.dcement.com *.dcement.cn *.weixin.qq.com https://sugar.aipage.com/ http://quote.eastmoney.com/qihuo/FG406.html;upgrade-insecure-requests 1
style-src * 'self' 'unsafe-eval' 'unsafe-inline'; font-src *; frame-ancestors 'self'; img-src * 'self' https://*.divio-media.org https://www.google.com/ https://www.google-analytics.com/ *.crazyegg.com data:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com blob: data:; default-src * 'self' *.crazyegg.com blob:; media-src * 'self' https://*.divio-media.org data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-godnFVwiw8pRrhTCQSit1A=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://enchanted.social; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
img-src 'self' *.google-analytics.com *.googletagmanager.com https://cdn.datatables.net data:; frame-src 'self' https://js.stripe.com/; script-src 'self' https://stackpath.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/ https://code.jquery.com https://cdn.jsdelivr.net/npm/popper.js@1.16.1/ https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://cdnjs.cloudflare.com/ajax/libs/chartjs-adapter-moment/1.0.0/ https://cdn.jsdelivr.net/npm/chartjs-adapter-date-fns@next/ https://cdnjs.cloudflare.com/ajax/libs/date-fns/ https://www.google-analytics.com https://cdn.datatables.net https://js.stripe.com *.googletagmanager.com https://cdn.datatables.net 'nonce-tgOmD3FeNo7/RRQxkesAHg=='; connect-src 'self' https://stats.g.doubleclick.net https://api.stripe.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; default-src 'none'; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.datatables.net/ https://fonts.googleapis.com/; base-uri 'self' 1
default-src 'self' http: https: data: blob: 'unsafe-inline' script-src 'unsafe-eval' 1
default-src 'self' cloudfront.globalmcs.net *.stripe.com *.elegantthemes.com fonts.gstatic.com data:; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudfront.globalmcs.net *.stripe.com www.google.com maps.googleapis.com developers.google.com cdnjs.cloudflare.com; img-src https: data:; style-src 'self' 'unsafe-inline' cloudfront.globalmcs.net fonts.googleapis.com; 1
report-uri https://o531082.ingest.sentry.io/api/5659019/security/?sentry_key=6e8a8a6993ca42c998cb6f0ac41bf0fc 1
default-src 'self' *.userway.org cdn.userway.org; frame-src 'self' dashboards.webreality.co.uk https://*.userway.org https://*.hotjar.com https://*.doubleclick.net https://*.vimeo.com https://*.google.com/ https://*.vuture.net https://cdn.yoshki.com/ https://*.spreaker.com; form-action 'self' https://*.vuture.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.avct.cloud https://*.avocet.io https://*.hotjar.com https://*.crazyegg.com https://*.userway.org https://edge.marker.io https://unpkg.com/ https://*.cookiescan.com  https://d3e85ikkjrhqme.cloudfront.net/ https://*.google.com/ https://*.gstatic.com/ https://ajax.aspnetcdn.com/ https://cdn.addevent.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.vuture.net/ https://siteimproveanalytics.com https://*.spreaker.com;  img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://*.userway.org https://*.typekit.net/ https://d3e85ikkjrhqme.cloudfront.net/ https://cdn.cookiescan.com/; frame-ancestors 'self'; connect-src 'self' *.analytics.google.com analytics.google.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com/ https://*.userway.org *.doubleclick.net https://*.cookiescan.com https://*.marker.io https://s3.eu-west-1.amazonaws.com/ https://ajax.aspnetcdn.com/ https://*.google-analytics.com/; font-src 'self' https://*.hotjar.com d3e85ikkjrhqme.cloudfront.net *.typekit.net *.userway.org cdn.userway.org; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' http://cdn.permutive.com/8a2c2f13-f564-4fff-8d22-177534028b95-1.0.js ; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-pAuhj6mzSrFTVgmt2HDUHYpULn8='; style-src 'nonce-pAuhj6mzSrFTVgmt2HDUHYpULn8=' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.eu-central-1.amazonaws.com https://www.youtube-nocookie.com https://www.google.com;     script-src 'unsafe-inline' 'unsafe-eval' https://www.d-fine.com https://www.googletagmanager.com https://*.google-analytics.com https://static.dvinci-easy.com;       font-src 'self'; style-src 'unsafe-inline' https://www.d-fine.com https://hello.myfonts.net https://assets.kununu.com https://static.dvinci-easy.com;      img-src 'self' https://www.d-fine.com https://assets.kununu.com https://*.google-analytics.com data:;         connect-src https://www.d-fine.com https://*.google-analytics.com https://jobs.d-fine.com https://*.doubleclick.net https://*.google-analytics.com 1
default-src 'self'; media-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: ajax.googleapis.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'none'; connect-src 'self' *.googleapis.com; font-src 'self' *.gstatic.com; frame-src 'self' *.google.com *.s-bausparkasse.at *.youtube-nocookie.com; img-src 'self' blob: data: *.googleapis.com *.gstatic.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-d3e0ef62faf5f01d46a20d197166b9b8' *.google.com *.gstatic.com *.googleapis.com *.s-bausparkasse.at; style-src 'self' 'unsafe-inline' *.googleapis.com 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data:; object-src *; media-src *; connect-src *; frame-src * 1
object-src https://www.juaneda.es;  style-src https: 'unsafe-inline' 1
default-src 'self' menuonline.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' menuonline.fr www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' menuonline.fr; img-src 'self' data: menuonline.fr www.google-analytics.com https://lebistrotdyves.com https://lesolferinoparis.com https://larcole.com https://bistrolinette.fr https://lebistrodelaferme.com https://restaurantlejardindu16.com https://lasuiteversailles.fr https://atlantique-montparnasse.fr https://piccolinoparigi.fr https://brasserielegrandpalais.fr https://lecoucou.paris; frame-src 'self' menuonline.fr www.openstreetmap.org; connect-src 'self' menuonline.fr www.google-analytics.com; object-src 'none'; frame-ancestors 'none' 1
script-src 'report-sample' 'nonce-0Ex3iBjXqZNSyb4eLXxigA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
"default-src 'self';", "img-src *.ctfassets.net;" 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://in.eset.pl https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://sklep.eset.pl https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.dagma.com.pl https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://wydarzenia.dagma.eu; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' https://*.ovice.in; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://mitsubishi-les.piwik.pro/ https://mitsubishi-les.piwik.pro/ppms.php https://mitsubishi-les.containers.piwik.pro/ *.google.de *.doubleclick.net https://st-eu.dynamicyield.com https://privacy.cookiebox.pro https://cdn-eu.dynamicyield.com https://www.googleadservices.com https://www.google.com https://api.privacyhub.pro/privacy https://app.usercentrics.eu/browser-ui/ https://www.youtube.com/ https://user.mitsubishi-les.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://*.googletagmanager.com/ https://maps.googleapis.com https://www.google-analytics.com https://region1.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bat.bing.com; connect-src 'self' 'unsafe-inline' https://mitsubishi-les.piwik.pro/ppms.php https://www.melcohit.com https://wcf.melcohit.com https://cdn.dynamicyield.com/ https://consent-api.service.consent.usercentrics.eu https://rcom-eu.dynamicyield.com https://opt-eu.euc1.dynamicyield.com https://gw-metadata.euc1.dynamicyield.com https://adm.dynamicyield.eu https://aggregator.service.usercentrics.eu/ uct.service.usercentrics.eu graphql.usercentrics.eu api.usercentrics.eu app.usercentrics.eu https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://www.mitsubishi-les.com https://consentcdn.cookiebot.com/consentconfig/ https://maps.googleapis.com/ https://bat.bing.com; img-src 'self' *.google.de https://mitsubishi-les.containers.piwik.pro/ https://cdn-eu.dynamicyield.com https://googleads.g.doubleclick.net https://*.google.com https://uct.service.usercentrics.eu/ https://app.usercentrics.eu/ https://www.mitsubishi-les.com https://i.ytimg.com https://bat.bing.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com *.ggpht.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com data: ; frame-src 'self' https://www.waermepumpe.de/ https://www.mitsubishi-les.info/ *.gotowebinar.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://www.mitsubishi-les.com/ https://mitsubishi-les.piwik.pro/ https://mitsubishi-les.containers.piwik.pro/ https://cdn-eu.dynamicyield.com https://fonts.googleapis.com https://fast.fonts.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com ; 1
frame-ancestors corbado.com *.corbado.com corbado.io *.corbado.io 1
default-src 'self' https://identity.netlify.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube-nocookie.com https://js.hubspot.com;connect-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://consent.cookie-script.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com *.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.g.doubleclick.net https://www.youtube-nocookie.com https://maps.googleapis.com https://maps.gstatic.com https://script.google.com  https://script.googleusercontent.com https://platform-cdn.sharethis.com https://l.sharethis.com https://identity.netlify.com https://www.unicomgov.com https://stoic-albattani-0510ae.netlify.app *.cloudfront.net;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.cloudfront.net https://www.youtube-nocookie.com https://maxcdn.bootstrapcdn.com;frame-src 'self' https://c.sharethis.mgr.consensu.org https://www.youtube-nocookie.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://track.hubspot.com https://maps.gstatic.com https://l.sharethis.com images.ctfassets.net *.cloudfront.net *.googleapis.com *.ggpht;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://maps.googleapis.com https://platform-api.sharethis.com https://identity.netlify.com https://script.google.com https://script.googleusercontent.com https://maxcdn.bootstrapcdn.com https://identity.netlify.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://js.hs-scripts.com https://js.hubspot.com https://www.unicomgov.com https://stoic-albattani-0510ae.netlify.app *.fontawesome.com *.cloudfront.net;manifest-src 'self' https://www.unicomgov.com https://stoic-albattani-0510ae.netlify.app 1
default-src 'self' wogadobeanalytics.sc.omtrdc.net dpm.demdex.net *.cwp-stg.sg *.cwp.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.hotjar.com *.wogaa.sg *.dcube.cloud *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org api-public.addthis.com assets.adobedtm.com s7.addthis.com ajax.googleapis.com www.google-analytics.com *.cwp-stg.sg *.cwp.sg https://m.addthisedge.com https://m.addthis.com https://stage4a.flexanswer.com; style-src 'self' 'unsafe-inline' *.wogaa.sg *.dcube.cloud *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com fonts.googleapis.com *.cwp-stg.sg *.cwp.sg https://stage4a.flexanswer.com; font-src 'self' assets.wogaa.sg fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://stage4a.flexanswer.com https://s3-us-west-2.amazonaws.com; img-src 'self' https://www-mot-new-gov-sg.cwp-stg.sg/ cm.everesttech.net dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com https://stage4a.flexanswer.com www.googletagmanager.com; media-src 'self' data: blob:; frame-src 'self' *.shorturl.at shorturl.at www.facebook.com form.gov.sg www.youtube.com www.onemap.sg fast.wogaa.demdex.net wogaa.demdex.net www.google.com tools.onemap.sg forms.cwp.gov.sg *.cwp-stg.sg *.cwp.sg https://s7.addthis.com tools.onemap.gov.sg www.onemap.gov.sg; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' *.wogaa.sg *.dcube.cloud wogadobeanalytics.sc.omtrdc.net dpm.demdex.net accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://m.addthis.com; object-src 'self' *.cwp-stg.sg *.cwp.sg;frame-ancestors 'self' https://forms.cwp.gov.sg/; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-2bASzsdAxbMWKiJH/Fla3jDWyUM='; style-src 'nonce-2bASzsdAxbMWKiJH/Fla3jDWyUM=' 1
default-src 'self'; script-src 'self' 'nonce-c4d8dbaa0b66131b55af62c02d59cf86' blob: https://*.visualvest.de https://*.usercentrics.eu https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net; img-src 'self' data: https://*.visualvest.de https://images.ctfassets.net https://*.usercentrics.eu https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.facebook.com https://i.ytimg.com; frame-src 'self' https://bid.g.doubleclick.net https://www.youtube.com https://*.usercentrics.eu; connect-src 'self' https://*.visualvest.de https://images.ctfassets.net  https://*.usercentrics.eu https://www.google.com https://googleads.g.doubleclick.net visualvest.secure.force.com uat-visualvest.cs101.force.com wss://*.visualvest.de/; style-src 'self' 'unsafe-inline' *.visualvest.de 1
upgrade-insecure-requests;default-src 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at;connect-src 'self' *.google-analytics.com www.google.com adservice.google.com *.googletagmanager.com *.googlesyndication.com maps.googleapis.com *.instagram.com *.facebook.com *.facebook.net api-pl-points.easypack24.net stats.g.doubleclick.net osm.inpost.pl credible-opinion.opineo.pl affiliacje.ddw.pl bat.bing.com *.clarity.ms;frame-ancestors 'self';frame-src 'self' *.googletagmanager.com widget.trustpilot.com *.facebook.com *.google.com tpc.googlesyndication.com *.youtube.com/embed/ secure.payu.com parcelshop.dhl.pl bid.g.doubleclick.net browser.sentry-cdn.com bat.bing.com docs.google.com;object-src 'self';report-uri https://www.muscle-zone.pl/csp-report.php;script-src 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com www.googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bh *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mk *.google.mn *.google.mu *.google.mv *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.tn *.google.tt widget.trustpilot.com *.instagram.com connect.facebook.net *.googlesyndication.com *.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.gstatic.com geowidget.easypack24.net maps.googleapis.com secure.payu.com browser.sentry-cdn.com bat.bing.com *.clarity.ms docs.google.com;script-src-elem 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com www.googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bh *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mk *.google.mn *.google.mu *.google.mv *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.tn *.google.tt widget.trustpilot.com connect.facebook.net *.googlesyndication.com *.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.gstatic.com geowidget.easypack24.net maps.googleapis.com connect.facebook.net secure.payu.com browser.sentry-cdn.com bat.bing.com *.clarity.ms docs.google.com;style-src 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at 'unsafe-inline' translate.googleapis.com fonts.googleapis.com geowidget.easypack24.net *.googletagmanager.com;font-src 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at data: fonts.gstatic.com geowidget.easypack24.net;img-src 'self' *.muscle-zone.pl *.muscle-zone.com *.m-z.pl *.mz-store.pl *.mz-store.com *.mz-store.co.uk *.mz-store.de *.mz-store.it *.mz-store.at data: *.gstatic.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com www.googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bh *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mk *.google.mn *.google.mu *.google.mv *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.tn *.google.tt *.cdninstagram.com *.instagram.com stats.g.doubleclick.net *.facebook.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com *.googlesyndication.com *.tile.openstreetmap.org osm.inpost.pl geowidget.easypack24.net connect.facebook.net *.ytimg.com static.payu.com bat.bing.com gen.sendtric.com; 1
script-src 'report-sample' 'nonce-MDOPqrGL-iL3b9DXHHWn-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-bnwmuUAmSQllNLcJjsOXTQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://masto.bike; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
frame-ancestors 'self' *.angeltrack.com; img-src 'self' *.angeltrack.com data: 'unsafe-inline'; media-src 'self' *.angeltrack.com; script-src 'self' *.angeltrack.com *.fontawesome.com blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com; 1
frame-ancestors 'self' letmespeak.org *.letmespeak.org *.lms.team 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.adform.net *.instagram.com platform.twitter.com cdn.bannerflow.com cdn.syndication.twimg.com www.google.com www.gstatic.com s.ytimg.com www.youtube.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com connect.facebook.net maps.gstatic.com ; connect-src 'self' https://*.google-analytics.com https://*.adform.net https://tracker.bannerflow.com https://www.google-analytics.com https://stats.g.doubleclick.net wss://cracovia.pl:4200 noembed.com cdn.plyr.io *.tracker.bannerflow.com; img-src 'self' https://www.googletagmanager.com https://server.seadform.net cracovia.pl scontent.cdninstagram.com i.ytimg.com *.twimg.com *.twitter.com www.google-analytics.com maps.googleapis.com maps.gstatic.com www.facebook.com data:; media-src 'self'; style-src 'self' p.typekit.net use.typekit.net platform.twitter.com 'unsafe-inline' fonts.googleapis.com/css; font-src 'self' use.typekit.net/yco1qlz.css use.typekit.net fonts.gstatic.com fonts.googleapis.com data: ; frame-src https://embed.mls.mycujoo.tv https://*.adform.net www.ekstraklasa.tv www.google.com www.youtube.com *.twitter.com www.facebook.com www.instagram.com cdn.bannerflow.com video-widget.oz.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-aba1becae19a6c6477ca65cea8b03d8d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://*.lesmills.co.nz; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net googleadservices.com *.googleadservices.com googlesyndication.com ajax.googleapis.com aax-eu.amazon-adsystem.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de smartforms.ekomi.com stats.schulte.de userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net api.userlike.com www.userlike.com userlike-cdn-umm.b-cdn.net d3dc1lgancj6l0.cloudfront.net widget.trustpilot.com connect.facebook.net static-eu.payments-amazon.com www.paypal.com widgets.trustedshops.com s.kk-resources.com bat.bing.com g.microsoft.com https://t.adcell.com cdn.jsdelivr.net player.vimeo.com/api/ https://static.unzer.com https://maps.googleapis.com; img-src 'self' *.ggpht.com *.googleusercontent.com data: www.facebook.com connect.facebook.net img.youtube.com i.ytimg.com www.userlike.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net userlike-store-media-files.s3.amazonaws.com sw-assets.ekomiapps.de connect.ekomi.de www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com d23yuld0pofhhw.cloudfront.net images-na.ssl-images-amazon.com m.media-amazon.com t.paypal.com widgets.trustedshops.com s.kelkoogroup.net bat.bing.com stats.schulte.de https://maps.gstatic.com https://t.adcell.com www.google.be www.google.fr www.google.nl www.google.de www.google.lu www.google.at; frame-ancestors 'self' https://hellweg-os4-stg-de.twt.hosting https://hellweg.de https://hellweg.at https://baywa-baumarkt.de https://www.banemo.de; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com widget.trustpilot.com aax-eu.amazon-adsystem.com www.facebook.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com player.vimeo.com static-eu.payments-amazon.com payments.amazon.de payments.amazon.fr www.paypal.com t.paypal.com www.sandbox.paypal.com smartforms.ekomi.com stats.schulte.de https://payment.heidelpay.com https://payment.unzer.com https://sbx-payment.heidelpay.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net *.doubleclick.net; style-src 'self' 'unsafe-inline' sw-assets.ekomiapps.de fonts.googleapis.com widgets.trustedshops.com https://static.unzer.com googletagmanager.com; connect-src 'self' data: smart-widget-assets.ekomiapps.de www.google-analytics.com stats.g.doubleclick.net payments-de.amazon.com payments-de-sandbox.amazon.com payments.amazon.de payments.amazon.fr www.paypal.com www.sandbox.paypal.com s.kelkoogroup.net www.userlike.com api.userlike.com chat.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net shops-si.trustedshops.com api.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com gw1.api.trustedshops.com www.facebook.com smartforms.ekomi.com stats.schulte.de bat.bing.com https://t.adcell.com https://maps.googleapis.com; media-src 'self' d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com; font-src 'self' data: fonts.gstatic.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net widgets.trustedshops.com https://static.unzer.com; 1
report-uri https://www.prubeneficial.cm/ 1
script-src 'self' 'sha256-OUKhNgbY1fG+R4RQh2q3dBH54nPBtQpn1bFsdjT/2W8=' 'sha256-1c3594OZW4s2WpfYA7BDahQdQkeqXwxOythsJknM6EI=' www.google-analytics.com www.google.com maps.googleapis.com; frame-ancestors 'self' https://cms.webhare.dev 1
; script-src 'self' 'unsafe-inline' 'unsafe-eval' cxppusa1formui01cdnsa01-endpoint.azureedge.net www.googletagmanager.com www.google.com www.google.ie www.gstatic.com www.tagassistant.google.com apis.google.com www.google-analytics.com *.hotjar.com	*.hotjar.io	unpkg.com sem-o.com *.analytics.google.com unpkg.com; img-src 'self' www.eirgridgroup.com *.siteimproveanalytics.io *.ytimg.com www.google.ie www.google-analytics.com data: maps.gstatic.com *.googleapis.com; frame-src www.youtube-nocookie.com www.candidatemanager.net www.google.com; font-src 'self' use.typekit.net; worker-src blob:; style-src 'self' 'unsafe-inline' *.typekit.net; 1
frame-ancestors 'self' webvisor.com *.webvisor.com http://webvisor.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-9J4Q7y0Qw9ADRdGF8LDikA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.landkreiskassel.de citycall.kassel.de 1
default-src *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *;font-src 'self' data: * 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
frame-ancestors barkingdagenhamcollege.ac.uk 1
child-src 'self' blob:; connect-src 'self' https://*.intercom.io https://*.mapbox.com https://*.mixpanel.com https://*.sparelabs.com https://sentry.io wss://*.intercom.io wss://*.sparelabs.com https://*.hubspot.com https://*.hubapi.com https://o79040.ingest.sentry.io https://api.mapbox.com https://*.hsforms.com https://sentry.io https://6xsct86j.api.sanity.io https://hubspot-forms-static-embed.s3.amazonaws.com https://46lg3svv.api.sanity.io https://6xsct86j.apicdn.sanity.io https://46lg3svv.apicdn.sanity.io https://gksilpp4.api.sanity.io https://gksilpp4.apicdn.sanity.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net https://widget.freshworks.com https://sparelabs.freshdesk.com; default-src 'self'; font-src 'self' data: https://*.intercomcdn.com https://*.loom.com https://fonts.gstatic.com; frame-src 'self' https://*.hubspot.com https://js.hsforms.net https://*.hsforms.com https://portal.productboard.com https://*.youtube.com https://intercom-sheets.com https://preview.pitch.com https://pitch.com https://flo.uri.sh https://calendly.com https://www.google.com; img-src 'self' blob: data: https://*.intercomassets.com https://*.intercomcdn.com https://*.nyc3.digitaloceanspaces.com https://*.sparelabs.com https://sparelabs.com wss://*.sparelabs.com https://cdn.sanity.io https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://*.hubspotusercontent-na1.net https://i.ytimg.com https://www.linkedin.com https://preview.pitch.com https://pitch.com https://public.flourish.studio https://messenger-apps.intercom.io https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net https://widget.freshworks.com; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com https://cdn.sanity.io https://www.youtube.com; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com wss://*.intercom.io https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsforms.net https://snap.licdn.com https://api.mapbox.com https://widget.intercom.io https://js.hs-scripts.com https://js.intercomcdn.com https://translate.googleapis.com https://connect.facebook.net https://public.flourish.studio https://assets.calendly.com https://js.hsleadflows.net https://www.googletagmanager.com https://tagmanager.google.com *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://widget.freshworks.com https://sparelabs.freshdesk.com; style-src 'self' 'unsafe-inline' https://*.tiles.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com https://widget.freshworks.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://forms.hsforms.com; frame-ancestors https://spare-japan.sanity.studio https://sparelabs.sanity.studio; report-uri https://o79040.ingest.sentry.io/api/6300108/security/?sentry_key=ad81dfedecd14fef9dced2074eb9cdc3; 1
connect-src 'self' *.google.com uzu.satfaq.app *.typekit.net *.google-analytics.com *.typekit.net stats.g.doubleclick.net 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-O0ou0qV3I1SjyCD5r0uoeguWTo6nsWeW8BL5iYlxaBNYe7VR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:;        object-src 'none';        base-uri 'none'; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://wespathorg-live.ae-admin.com/ https://wespathorg-cms.ae-admin.com https://wespathcom-cms.ae-admin.com; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443; font-src 'self' https://fonts.gstatic.com:443; connect-src 'self' https://www.google-analytics.com:443; img-src 'self' data: https://a18814.actonsoftware.com:443 https://www.wespath.org:443 https://www.wespath.com:443; frame-src 'self' https://www.youtube.com:443 https://www.google.com:443; child-src https://www.youtube.com:443 https://www.google.com:443; object-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' *.intsercom.cl https://intsercom.cl 1
font-src *.kxcdn.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com fonts.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.google.com *.postcodeanywhere.co.uk *.clarity.ms *.loyaltylion.net searchserverapi.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com data: www.searchanise.com *.searchserverapi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.postcodeanywhere.co.uk searchserverapi.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.searchanise.com *.searchserverapi.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.postcodeanywhere.co.uk *.doubleclick.net *.clarity.ms searchserverapi.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com *.weltpixel.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.kxcdn.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.klarna.com *.lightemporium.com *.paypal.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.google.com *.postcodeanywhere.co.uk *.g.doubleclick.net *.loyaltylion.net *.clarity.ms bat.bing.com *.google.co.uk searchserverapi.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net business.facebook.com moogento.com *.moogento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.kxcdn.com *.cloudflare.com *.fontawesome.com *.google-analytics.com *.gstatic.com *.pcapredict.com *.trackedlink.net *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.google.com *.postcodeanywhere.co.uk *.g.doubleclick.net *.loyaltylion.net *.clarity.ms searchserverapi.com www.facebook.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com maps.googleapis.com chart.googleapis.com l2.moogento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.kxcdn.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.google.com *.postcodeanywhere.co.uk *.loyaltylion.net *.clarity.ms searchserverapi.com *.vimeo.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com ton.twimg.com tagmanager.google.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.kxcdn.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.sandbox.paypal.com *.trackedlink.net *.twimg.com *.twitter.com *.google.com *.postcodeanywhere.co.uk *.clarity.ms *.loyaltylion.net www.facebook.com searchserverapi.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.wepowerconnections.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com api.amplitude.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5elo34liquchp&partner=; 1
frame-ancestors 'self' view.ceros.com; 1
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; frame-ancestors 'self' skmmall.17life.com app-mall.skm.com.tw; 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org widget-mediator.zopim.com wss://widget-mediator.zopim.com/ *.googleapis.com adservice.google.com bam.nr-data.net bid.g.doubleclick.net buttons-config.sharethis.com cdn.datatables.net cdn.jsdelivr.net cdn.shopify.com cdn.syndication.twimg.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net count-server.sharethis.com ekr.zendesk.com facebook.com google.com googleads.g.doubleclick.net google-analytics.com googletagmanager.com gstatic.com heyzine.com kenwheeler.github.io l.sharethis.com m.facebook.com maps.googleapis.com maxcdn.bootstrapcdn.com pagead2.googlesyndication.com platform.linkedin.com platform.twitter.com platform-api.sharethis.com play.google.com sewausa.wildapricot.org slapp.sevagarden.org slappwa.zenseva.in stats.g.doubleclick.net syndication.twitter.com translate.google.com translate.googleapis.com waproxy.appspot.com youtube.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
base-uri 'self'; default-src 'self' 'nonce-94a16dde87e6b52243652c09c7fdbfde' https://cdn.shopify.com https://shopify.com; frame-ancestors https://app.contentful.com; style-src 'self' https://unpkg.com/@shopify/polaris@12.0.0/build/esm/styles.css 'unsafe-inline' https://cdn.shopify.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; connect-src 'self' ws://localhost:8002/socket https://www.google-analytics.com https://analytics.google.com https://monorail-edge.shopifysvc.com https://pagead2.googlesyndication.com https://hubspot-forms-static-embed.s3.amazonaws.com js.hscta.net facebook.com google.com google.ca *.facebook.com *.google.com *.google.ca *.g.doubleclick.net *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.mapbox.com; img-src 'self' https://images.ctfassets.net https://imagedelivery.net https://cdn.shopify.com https://www.googletagmanager.com facebook.com google.ca google.com *.facebook.com *.google.com *.google.ca cdn2.hubspot.net no-cache.hubspot.com js.hscta.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.com *.hubspot.net *.hsforms.net *.hsforms.com *.hsappstatic.net data:; media-src 'self' https://videos.ctfassets.net https://cdn.shopify.com facebook.com google.ca google.com *.facebook.com *.google.ca *.google.com; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://cdn.shopify.com feedback.hubapi.com js.hscta.net facebook.com google.ca google.com *.facebook.com *.google.com *.google.ca *.hsappstatic.net *.hubspot.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.g.doubleclick.net *.gstatic.com *.hsadspixel.net *.hsforms.net *.hsforms.com *.hsleadflows.net *.hs-analytics.net *.hs-scripts.com *.hs-banner.com *.hubspotfeedback.com *.usemessages.com *.hscollectedforms.net *.mapbox.com 'nonce-94a16dde87e6b52243652c09c7fdbfde'; frame-src 'self' https://fast.wistia.net https://td.doubleclick.net https://player.vimeo.com play.hubspotvideo.com youtube.com facebook.com google.com google.ca *.youtube.com *.facebook.com *.google.com *.google.ca *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.net *.hsforms.com *.mapbox.com; child-src *.hsforms.com; worker-src blob: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.se https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data:; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.se https://m.myprotein.se https://checkout.myprotein.se https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.translate.naver.net https://*.trustpilot.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://*.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
img-src *.qianliao.net qianliao.net *.nicebooker.com *.qlchat.com *.aliyuncs.com *.qlogo.cn *.snssdk.com *.baidu.com *.qianliaowang.com *.baidu.com *.weixin.com *.qq.com *.pstatp.com *.alicdn.com data:; object-src *.qianliao.net qianliao.net *.nicebooker.com *.qlchat.com *.aliyuncs.com *.qlogo.cn *.snssdk.com *.baidu.com *.qianliaowang.com *.baidu.com *.weixin.com *.qq.com *.pstatp.com *.alicdn.com; style-src *.qianliao.net qianliao.net *.nicebooker.com *.qlchat.com *.aliyuncs.com *.qlogo.cn *.snssdk.com *.baidu.com *.qianliaowang.com *.baidu.com *.weixin.com *.qq.com *.pstatp.com *.alicdn.com 'unsafe-inline' 'unsafe-eval'; script-src *.qianliao.net qianliao.net *.nicebooker.com *.qlchat.com *.aliyuncs.com *.qlogo.cn *.snssdk.com *.baidu.com *.qianliaowang.com *.baidu.com *.weixin.com *.qq.com *.pstatp.com *.alicdn.com 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-MrxcBeruMn+CNOKPeePOOCEd+AwqdG81YE7VdZFbEV5GK0Rk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none'; frame-ancestors 'self'; report-uri http://umassfive.coop/report-uri/enforce 1
default-src 'self' verndale.verndale-local.com verndale.verndale-qa.com verndale.com *.verndale.com fonts.googleapis.com logx.optimizely.com fonts.gstatic.com i.vimeocdn.com data: *.cdn.optimizely.com cdn.optimizely.com cdn.pardot.com *.crazyegg.com;            style-src 'self' 'unsafe-inline' *.verndale.com *.googleapis.com tagmanager.google.com fonts.googleapis.com *.crazyegg.com;            script-src 'self' 'unsafe-inline' 'unsafe-eval' *.verndale.com *.zoominfo.com api-us.boxever.com js-agent.newrelic.com *.crazyegg.com *.nr-data.net *.clickagy.com *.quantserve.com *.addthis.com *.addthisedge.com *.twitter.com *.doubleclick.net *.facebook.net *.google-analytics.com www.googletagmanager.com *.google.com *.gstatic.com cdn.optimizely.com cdn.pardot.com go.pardot.com *.pardot.com player.vimeo.com cloudfront.net snap.licdn.com unpkg.com rules.quantcount.com *.cloudfront.net js.driftt.com scout-cdn.salesloft.com *.zaius.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleads.g.doubleclick.net www.google-analytics.com blob:;            img-src 'self' data: *;            connect-src 'self' api.verndale-local.com api.verndale-qa.com api.verndale.com cm.api.verndale-qa.com cm.api.verndale-prod.com cdn.linkedin.oribi.io api-us.boxever.com *.nr-data.net *.addthis.com *.google-analytics.com *.doubleclick.net logx.optimizely.com vimeo.com scout.salesloft.com s3.amazonaws.com *.zoominfo.com *.clickagy.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com *.crazyegg.com px.ads.linkedin.com;            frame-src 'self' *.addthis.com *.facebook.com *.google-analytics.com *.google.com *.doubleclick.net player.vimeo.com *.cdn.optimizely.com hemsync.clickagy.com js.driftt.com *.crazyegg.com bid.g.doubleclick.net; 1
frame-ancestors keycloak.ewcs.ch accounts.ewcs.ch accountsssc.ewcs.ch openacct.safeswisscloud.ch 1
frame-ancestors https://adoptaclassroom-shop.herokuapp.com https://dashboard.adoptaclassroom.org https://adoptaclassroom.cs36.force.com https://qa-adoptaclassroom.cs36.force.com https://prep.shopbecker.com https://inte.shopbecker.com https://www.shopbecker.com https://bess01mstr2p65a3prod-slot.dxcloud.episerver.net 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-p72rG8lJnplDiFMJOJufuWj3S5cprqG4KwLOQwiunBb6bJhR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.fastpathassure.com wss://*.fastpathassure.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fastpathassure.com https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/6.26.0/polyfill.js https://cdn.raygun.io/raygun4js/raygun.min.js https://analytics.churnzero.net; style-src 'self' 'unsafe-inline' https://*.fastpathassure.com https://fonts.googleapis.com/css https://*.us1app.churnzero.net; connect-src 'self' https://*.fastpathassure.com https://*.oktapreview.com https://dc.services.visualstudio.com/v2/track wss://*.fastpathassure.com https://*.raygun.io https://*.us1app.churnzero.net https://analytics.churnzero.net; font-src 'self' https://*.fastpathassure.com https://fonts.gstatic.com https://*.us1app.churnzero.net data:; img-src 'self' https://*.churnzero.net https://*.blob.core.windows.net https://*.fastpathassure.com data:; frame-src 'self' https://*.fastpathassure.com https://*.us1app.churnzero.net https://analytics.churnzero.net; report-uri https://fastpathassure.report-uri.com/r/d/csp/enforce 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; 1
frame-ancestors http://*.prosites.com https://*.prosites.com http://*.lifelearn.ca https://*.lifelearn.ca 1
default-src 'self'; script-src 'self' https://api.theoriego.nl https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'sha256-SuptQxa5cvHMHArYXIQ4rcSFBMgbX8ZiKCruhn/fxNA=' 'nonce-2af4eb10-093b-4fcc-94e0-1c185633059f'; style-src 'self' 'unsafe-inline'; img-src 'self' https://assets.theoriego.nl data: https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' data:; connect-src 'self' https://api.theoriego.nl https://assets.theoriego.nl https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' https://assets.theoriego.nl; object-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; form-action 'none'; upgrade-insecure-requests ; block-all-mixed-content ; manifest-src 'none'; 1
frame-ancestors 'self' 'revionics.com' 'go.revionics.com' 'revionics.staging.neboagency.com' 1
base-uri 'none'; object-src 'none'; script-src 'nonce-aqC2w6kuoPyms-AspiN-tnVxIovuwQE1FwPTjOtjq83RJX5S-kmnnBv239-duzFR' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://static.tugraz.at *.vimeo.com https://*.googleapis.com https://*.youtube.com https://*.ytimg.com https://tube.tugraz.at https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.mathworks.com https://backpack.openbadges.org https://*.phaidra.univie.ac.at https://phaidra.univie.ac.at https://moodalis.oncampus.de; img-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at *.vimeo.com https://*.googleapis.com https://*.youtube.com https://*.ytimg.com https://tube.tugraz.at https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.mathworks.com https://backpack.openbadges.org https://*.phaidra.univie.ac.at https://phaidra.univie.ac.at https://moodalis.oncampus.de https://h5p.org; child-src 'self' blob: https://sso.tugraz.at https://online.tugraz.at https://*.youtube.com https://*.ytimg.com https://tube.tugraz.at *.slideshare.net https://slideshare.net *.vimeo.com https://*.mathworks.com https://backpack.openbadges.org https://*.prezi.com https://prezi.com https://learningapps.org https://*.phaidra.univie.ac.at https://phaidra.univie.ac.at https://www.geogebra.org https://makecode.calliope.cc https://makecode.microbit.org https://scratch.mit.edu 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.21/lodash.min.js; img-src 'self' data: blob: https://lp.cexpense.com/; object-src 'self' data: blob: ; frame-src 'self' data: blob: ; 1
default-src 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src 'none' 1
script-src-attr 'none';base-uri 'self';font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';form-action 'self' *.facebook.com;frame-src 'self' https://htmx.org https://challenges.cloudflare.com https://www.facebook.com https://js.stripe.com/;object-src 'none';upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://circumstances.run 'wasm-unsafe-eval'; font-src 'self' https://circumstances.run; img-src 'self' data: blob: https://circumstances.run; style-src 'self' https://circumstances.run 'nonce-4xeVoQBoENUqRpJGLete6A=='; media-src 'self' data: https://circumstances.run; frame-src 'self' https:; child-src 'self' blob: https://circumstances.run; worker-src 'self' blob: https://circumstances.run; connect-src 'self' blob: data: wss://circumstances.run https://circumstances.run; manifest-src 'self' https://circumstances.run; form-action 'self' 1
script-src 'unsafe-eval' 'self' 'nonce-AStla1dsICO5CKTxfIbE' cdn-app.demo-peakon.com static.zdassets.com ekr.zdassets.com peakon.zendesk.com peakon1606916913.zendesk.com; style-src 'unsafe-inline' 'self' cdn-app.demo-peakon.com static.peakon.com; connect-src api.demo-peakon.com 'self' cdn-app.demo-peakon.com nw.megaleo.com activity.demo-peakon.com realtime.demo-peakon.com wss://realtime.demo-peakon.com api.rollbar.com peakon-temporary-demo.s3.amazonaws.com peakon-uploads-demo.s3.amazonaws.com slack.demo-peakon.com status.peakon.com sync.demo-peakon.com static.zdassets.com ekr.zdassets.com *.zopim.com peakon.zendesk.com peakon1606916913.zendesk.com wss://peakon.zendesk.com wss://peakon1606916913.zendesk.com wss://*.zopim.com ekr.zendesk.com; default-src 'none'; base-uri 'self'; img-src * cdn-app.demo-peakon.com data: v2assets.zopim.io static.zdassets.com data:; form-action 'self'; font-src 'self' cdn-app.demo-peakon.com static.peakon.com data:; media-src * static.zdassets.com; frame-src training.demo-peakon.com player.vimeo.com; report-uri https://peakon.report-uri.com/r/d/csp/enforce 1
default-src 'none'; img-src 'self' uploads-ssl.webflow.com; script-src 'self' ajax.googleapis.com d3e54v103j8qbb.cloudfront.net www.googletagmanager.com flowbase.s3-ap-southeast-2.amazonaws.com 'sha256-G8Th/FgKUVHSzcYcwCsqZDp4DxbB3uuou+VpYoVXcYE=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-5Itx2ub/C4ZEeDwiNMMOJF+d1YzBgXYWkNMkSA866Wk=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-G3YTzLSQsz/qQ8iUj1T1dZ0cA7jwIhf0icKBh3hnB/8=' 'sha256-GMwu3tmxCNPN0EVKortGPts6rN9QyDm0WM0Ofdy/5xU=' 'sha256-3WpJZpuJTTPVdVqTf561c2H3tWs/SatVuugdsb/RD1s=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI='; style-src 'self' www.googletagmanager.com fonts.googleapis.com 'sha256-InzV3AaMTxZMjdArs/PQvg7QVKh9BJGW+SpDiR05dM8=' 'sha256-MFh8Vms2/UD1bP/KYHoVP4yuqXCBKYjfy6vGuzGOyEY=' 'sha256-rXPbZr56nIG/YLWiZqXjQz2wCUSDtDrW0kI46eCdGF0=' 'sha256-LRiihaTHKOtSN5Ua72Hrqca4QNTIcbPrY5lEOljZfyg=' 'sha256-bqgVFAGoMCIH3uPI1x7WULXrgg2i8CUGiR8IDU1plKc=' 'sha256-qsp6oLur8yj8HQHcNzYMiW9JYUWaAU9E8vvN4CHrLlE=' 'sha256-XzESg1MV9xr5LI2DWRrmtnuMCW36kgLO1TH+c7mg42E=' 'sha256-rMyTktBF+XY5xZq7SXRA3vsf0aAV3B4f0EJZ4Bh/xqM=' 'sha256-dgOrRcyTPAZycoXnq4bmXJX2FN76ED0xTRrqGh+2TGc=' 'sha256-FYXEZVMnK7sZ3BEoDTMVB3gRvBU8YuRzruGARw7xJtI=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-o8fpIbA6HCvczFEPWD4Irhums8Qw7cib0sygBDHeYSM=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-tTgjrFAQDNcRW/9ebtwfDewCTgZMFnKpGa9tcHFyvcs=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE='; object-src 'none'; font-src 'self' data: fonts.gstatic.com 1
script-src 'self' https://www.googletagmanager.com/ https://docs.google.com/ https://www.google-analytics.com/ https://assets.adobedtm.com/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.panerabread.com https://*.paneracloud.com https://assets.adobedtm.com https://panera.sc.omtrdc.net https://*.adobe.com; 1
frame-ancestors https://*.jivosite.com/; 1
default-src 'self' www.luminategroup.com ; object-src 'none'; connect-src 'self' www.luminategroup.com luminategroup.matomo.cloud use.fontawesome.com; img-src 'self' data: www.luminategroup.com *.vimeocdn.com; font-src 'self' www.luminategroup.com *.fontawesome.com; style-src 'self' www.luminategroup.com *.fontawesome.com 'unsafe-inline'; manifest-src 'self' www.luminategroup.com; frame-ancestors 'none'; form-action 'self'; script-src 'self' www.luminategroup.com luminategroup.matomo.cloud https://cdn.matomo.cloud/luminategroup.matomo.cloud/matomo.js https://cdn.jsdelivr.net/npm/mobile-detect@1.4.3/mobile-detect.min.js 'unsafe-inline' 'unsafe-eval'; frame-src https://player.vimeo.com https://www.youtube.com 1
default-src 'self' teams.microsoft.com  app.sli.do www.youtube.com www.google.fr www.google.at www.google-analytics.com www.google.com region1.analytics.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com 'unsafe-inline'; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; img-src 'self' www.unjspf.org www.google.fr www.google-analytics.com stats.g.doubleclick.net via.placeholder.com elements.oxy.host www.google.co.in www.google.com www.google-analytics.com www.google.ch 'unsafe-inline' ; media-src 'self' www.unjspf.org 'unsafe-inline' ; script-src 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline'; script-src-attr 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com 'unsafe-inline'; script-src-elem 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com 'unsafe-inline'; style-src 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' ; style-src-attr 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com 'unsafe-inline' ; style-src-elem 'self' www.unjspf.org maxcdn.bootstrapcdn.com fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 'unsafe-inline'; report-uri /csp-report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri https://d6tizftlrpuof.cloudfront.net/; frame-src 'self' https://*.contentsquare.net/ https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net; frame-ancestors 'self'; img-src 'self' https://d6tizftlrpuof.cloudfront.net/ https://*.contentsquare.net/ https://*.tile.openstreetmap.org https://www.msd-animal-health.com https://secure.gravatar.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://assets.msd-animal-health.com https://assets.merck-animal-health.com https://policy.privacyandcookies.eu data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net/ fonts.googleapis.com; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types forceInner default; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net   1
frame-ancestors 'self'; default-src 'self' data: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://www.userlike.com https://api.userlike.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com https://userlike-cdn-widgets.userlike.com https://userlike-cdn-umm.b-cdn.net wss://umd.userlike.com umd.userlike.com userlike-cdn-web.b-cdn.net userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com https://c.leadlab.click https://oxomi.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com http://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.google.de https://maps.googleapis.com https://www.youtube-nocookie.com https://i.ytimg.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=lifestyle&region=US&lang=en-US&device=desktop&yrid=4f5q115iqu856&partner=; 1
worker-src blob:; script-src 'self' *.unpkg.com *.salesforce-sites.com *.calendly.com *.episerver.com *.cloudfront.net *.episerver.net *.mapbox.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.google.nl *.intercom.io *.intercomcdn.com *.licdn.com *.hotjar.com *.ipify.org *.doubleclick.net *.linkedin.com *.azure.com *.vimeo.com *.youtube.com *.acast.com *.spotify.com *.msecnd.net *.facebook.com *.facebook.net *.visualstudio.com *.gstatic.com *.jquery.com *.jsdelivr.net *.criteo.com *.criteo.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' *.google.com *.google-analytics.com *.google.nl *.linkedin.com *.mediabank-collection.com *.facebook.com *.criteo.com googleads.g.doubleclick.net blob: https: data:; frame-ancestors 'self' https://royalahrend--dev202303.sandbox.my.salesforce-sites.com royalahrend--dev202303.sandbox.my.salesforce-sites.com *.salesforce-sites.com *.tno.nl *.prd.corp *.vimeo.com *.youtube.com *.acast.com *.spotify.com *.tblox.com *.2dela.nl *.ariba.com *.pcon-solutions.com; frame-src 'self' https://royalahrend--dev202303.sandbox.my.salesforce-sites.com/ *.salesforce-sites.com *.prd.corp *.calendly.com https://calendly.com/ *.cookiebot.com *.tno.nl *.episerver.net *.criteo.com *.criteo.net *.google.com *.hotjar.com *.pcon-solutions.com 'unsafe-inline'; font-src 'self' *.episerver.net *.hotjar.com *.myfonts.net *.typekit.net *.bootstrapcdn.com *.intercomcdn.com data:; style-src-elem 'self' *.episerver.net *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com *.myfonts.net *.typekit.net 'unsafe-inline'; style-src 'self' *.typekit.net *.myfonts.net *.bootstrapcdn.com 'unsafe-inline' data:; media-src 'self' *.cloudfront.net; 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
style-src 'self' blob: https: 'unsafe-inline' https://www.brothers.se/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.klarna.com *.cookiebot.com *.imbox.io *.doubleclick.net *.snapchat.com *.facebook.com; 1
frame-ancestors 'none'; default-src 'none'; frame-src https://*.learnosity.com; img-src 'self' data: https://*.learnosity.com; media-src https://*.learnosity.com; script-src 'self' https://*.learnosity.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com https://cdn.ingest-lr.com; style-src 'self' 'unsafe-inline' https://content-elevate.s3.amazonaws.com https://*.learnosity.com; object-src 'none'; connect-src ws: wss://realtime.ably.io https://*.ably.com https://*.ably.io https://prod-rsi-elevate-public.s3.us-east-1.amazonaws.com https://prod-rsi-elevate-rostering.s3.us-east-1.amazonaws.com https://*.auth.us-east-1.amazoncognito.com https://cognito-idp.us-east-1.amazonaws.com https://*.riversideelevate.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com https://*.lr-ingest.com https://*.ingest-lr.com; font-src 'self' https://*.ably.com https://*.learnosity.com; manifest-src 'self'; form-action 'none'; base-uri 'self'; worker-src 'self' blob:; 1
frame-ancestors self *.uhg.com *.optumcare.com *.optum.com *.uhc.com; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * id.buchner.de *.googletagmanager.com *.buchner.de buchner2.printformer.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com buchner2.printformer.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com js.stripe.com https://consentcdn.cookiebot.com https://consent.cookiebot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * g16.wufoo.eu vars.hotjar.com www.google.com g16.wufoo.com cloud.newsletter.buchner.de *.printformer.net *.printformer.com buchner2.printformer.com *.aws.rissc.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: maps.gstatic.com www.google.de bat.bing.com c.clarity.ms www.google.pl *.collect.igodigital.com *.kxcdn.com *.imgix.net *.gstatic.com *.buchner.de *.buchner-digital.de addserver.buchner-infos.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com https://consentcdn.cookiebot.com https://consent.cookiebot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com maps.googleapis.com www.bugherd.com bat.bing.com static.hotjar.com d.clarity.ms script.hotjar.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net *.collect.igodigital.com *.printformer.net secure.wufoo.com static.wufoo.com *.googlesyndication.com www.google-analytics.com/analytics.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.buchner-digital.de addserver.buchner-infos.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.clarity.ms bam.nr-data.net https://maps.googleapis.com/ *.analytics.google.com consentcdn.cookiebot.com wss://*.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com addserver.buchner-infos.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com,form-action 'self',frame-ancestors deny,frame-src same-origin https://platform.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://cdn.facil-iti.app/ https://web-service.facil-iti.app/,img-src 'self' data: w3.org/svg/2000 https://widgets.custplace.com/ https://www.carac.fr https://unpkg.com https://tile.openstreetmap.org https://img.youtube.com,script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://widgets.custplace.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tag.aticdn.net https://cdn.facil-iti.app https://connect.facebook.net https://platform.twitter.com,style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://fonts.googleapis.com  1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.com *.intercom.io *.intercomcdn.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net; font-src 'self' http://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; connect-src 'self' *.wiremock.cloud *.auth0.com *.browser-intake-datadoghq.com wss://*.intercom.io *.segment.com *.segment.io *.google-analytics.com *.googlesyndication.com *.google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://api.wiremock.cloud; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google-analytics.com; frame-src https://www.youtube.com *.vimeo.com *.doubleclick.net *.googlesyndication.com; worker-src 'self' blob:; media-src https://js.intercomcdn.com; 1
frame-ancestors 'self' http://localhost:3000 https://app-dev-edb.decision-science.agency https://*.singaporeglobalnetwork.gov.sg https://app-dev-edb.local:3000 1
default-src *.equisolve.net *.gstatic.com *.vimeocdn.com s3.amazonaws.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com browser-update.org platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com l.sharethis.com t.sharethis.com website-search.ent.us-east-1.aws.found.io hcaptcha.com bcp.crwdcntrl.net *.juicer.io *.vimeo.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com browser-update.org platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com l.sharethis.com t.sharethis.com website-search.ent.us-east-1.aws.found.io hcaptcha.com bcp.crwdcntrl.net *.juicer.io *.vimeo.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src *.equisolve.net fonts.googleapis.com *.gstatic.com *.typekit.net *.juicer.io ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com use.typekit.net *.juicer.io data: ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; img-src *.equisolve.net *.vimeocdn.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.googleapis.com *.cloudfront.net sync.sharethis.com juicer.io *.juicer.io data: ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; frame-src *.google.com youtube.com youtube-nocookie.com *.vimeo.com vimeo.com c.sharethis.mgr.consensu.org t.sharethis.com *.hcaptcha.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; object-src *.equisolve.net *.gstatic.com *.vimeocdn.com s3.amazonaws.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; 1
default-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org faro01.atlassian.net; frame-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org faro01.atlassian.net login.eu.farosphere.com mailto: tel:; script-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org app.box.com www.dropbox.com apis.google.com *.statcounter.com *.pingdom.net faro01.atlassian.net 'unsafe-inline'; style-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org 'unsafe-inline'; img-src * data:; connect-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org *.statcounter.com *.pingdom.net login.eu.farosphere.com dh-pr-entitydata.s3.amazonaws.com dh-pr-entitydata.s3-eu-west-1.amazonaws.com dh-pr-entitydata.s3.eu-west-1.amazonaws.com; font-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org data:; frame-ancestors 'self' www.farosphere.com insight.b360.autodesk.com insight.b360.eu.autodesk.com acc.autodesk.com acc.autodesk.eu e-volvestudios.com www.newtonmicro.com www.danmeierwaldorf.com www.danmeierarchitects.com 3dscan.lasco.com m3dsurveys.com vmlive.net mods.solutions *.mods.solutions r1132101108901-us1-ifwe.3dexperience.3ds.com 3dexperience.3ds.com re360am-3d.cu.rzvivavis.com www.yamaichi-techno.jp petrofacva.vmlive.net virtualasset.vmlive.net aim.dynamicmaps.co.uk www.scanstudios.tech evogenesys.com innovhomes.com primaveracloud-sales-us.oraclecloud.com us02.procore.com dev.pim-ltd.com www.mbplan.ch www.digital-twins-data.co.uk www.meniervenues.com www.leesassociates.com www.uigmbh.de www.crt.state.la.us forteandtablada.com www.qualiomeco.fr www.elbo-engineering.com *.bim.cloud *.hdc.cloud *.hyperhouse.se tdla.notion.site jer.studio ib24.pl us.opencitiesplanner.bentley.com www.artmastersarchive.com www-artmastersarchive-com.filesusr.com jeremiah-thies.squarespace.com *.vertikaliti.com tdla.pro *.tdla.pro ib24.ie 3dlasersurveying.ie virtualplant.com.br www.strategic-cad.com landsec.resolutionlive.uk dhaelt4p91lnz.cloudfront.net; report-uri /core/csp/blocked; 1
default-src 'self' fonts.googleapis.com *.saferpay.com; script-src 'self' 'unsafe-inline' stats.echonet.life; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' stats.echonet.life; connect-src 'self' stats.echonet.life; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self';media-src 'self'; frame-src 'self' www.facebook.com v.calameo.com; form-action 'self' *.saferpay.com; 1
default-src 'none'; frame-src *.yandex.net *.yandex.ru yastatic.net; child-src forms.yandex.ru video.yandex.ru; object-src yandex.st; script-src 'unsafe-inline' 'nonce-eRyysCgUy/iST4UzCYkiBQ==' 'unsafe-eval' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; style-src 'unsafe-inline' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; connect-src 'self' yandex.st *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; font-src yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; img-src 'self' data: *.yandex.net yandex.st yastatic.net a.tile.openstreetmap.org *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; report-uri https://csp.yandex.net/csp?from=promo-metrika-2016&yandex_login=undefined&yandexuid=4742579861705981536; 1
default-src 'self'; frame-src 'self' *.youtube.com; connect-src 'self' *.yandex.ru *.google-analytics.com *.google.com *.gigabyte-data.com; img-src 'self' data: *.google-analytics.com static.gigabyte-data.com *.gigabyte.com *.ytimg.com; font-src *; style-src 'unsafe-inline' *; media-src 'self' static.gigabyte-data.com *.gigabyte.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com static.gigabyte-data.com *.gigabyte.com *.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.unpkg.com unpkg.com; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' https://www.google-analytics.com https://api.github.com 'nonce-11c450951b3e1888c0b5b382fcdf3e21a836d66f'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-report 1
base-uri 'none';default-src 'none';frame-ancestors 'self'; frame-src 'self' https://microsoft.qualtrics.com https://login.microsoftonline.com/;form-action 'none';upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.css;script-src 'self' 'nonce-MTQ2NzcyMzM3OTEwMDUzNDQyNzIzMTE4ODE1NDE2OTE4MjM5NjIxNDY=' 'report-sample' 'unsafe-inline' *.azurewebsites.net https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/base/worker/workerMain.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/loader.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.nls.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/basic-languages/csharp/csharp.js;font-src 'self' * data: https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/base/browser/ui/codicons/codicon/codicon.ttf https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20210407.001/assets/icons/fabric-icons-13-c3989a02.woff https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20210407.001/assets/icons/fabric-icons-3-089e217a.woff https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20210407.001/assets/icons/fabric-icons-8-6fdf1528.woff;img-src * data:;connect-src *.exp-tas.com *.azure.com *.cognitive.microsofttranslator.com *.microsoft.com *.microsoftonline.com *.blob.core.windows.net management.azure.com consentreceiverfd-prod.azurefd.net dc.services.visualstudio.com *.luis.ai language.azure.com language.cognitive.azure.com *.cognitive.microsoft.com *.cognitiveServices.azure.com https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/loader.js *.cognitiveservices.azure.com;media-src 'self';script-src-elem 'self' 'nonce-MTQ2NzcyMzM3OTEwMDUzNDQyNzIzMTE4ODE1NDE2OTE4MjM5NjIxNDY=' 'report-sample' *.azurewebsites.net *.googleapis.com https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/base/worker/workerMain.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/loader.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.nls.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/basic-languages/csharp/csharp.js;worker-src 'self' 'nonce-MTQ2NzcyMzM3OTEwMDUzNDQyNzIzMTE4ODE1NDE2OTE4MjM5NjIxNDY=' 'report-sample' * blob: https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/loader.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/editor/editor.main.nls.js https://cdn.jsdelivr.net/npm/monaco-editor@0.33.0/min/vs/basic-languages/csharp/csharp.js 1
block-all-mixed-content; upgrade-insecure-requests; script-src-elem unpkg.com/ vru.piwik.pro/ vru-prd-minio.fourdigits.nl/ 'unsafe-inline' https: hcaptcha.com/ 'self' vru.containers.piwik.pro/; default-src vru-prd-minio.fourdigits.nl/ https: 'self' minio.fourdigits.nl/; frame-src https: 'self' mailto: www.youtube-nocookie.com/ tel: newassets.hcaptcha.com/ vru-prd-minio.fourdigits.nl/ minio.fourdigits.nl/; img-src unpkg.com/ i.ytimg.com/ vru-prd-minio.fourdigits.nl/ api.mapbox.com/ data: 'self' blob: minio.fourdigits.nl/ www.gravatar.com/ https:; style-src-elem unpkg.com/ vru-prd-minio.fourdigits.nl/ 'unsafe-inline' https: 'self'; connect-src vru.piwik.pro/ api.mapbox.com/ 'self' vru.containers.piwik.pro/ newassets.hcaptcha.com/ events.mapbox.com/ vru-prd-minio.fourdigits.nl/ https: minio.fourdigits.nl/; style-src unpkg.com/ 'report-sample' vru-prd-minio.fourdigits.nl/ 'unsafe-inline' api.mapbox.com/ https: 'self' minio.fourdigits.nl/ 'unsafe-hashes'; script-src unpkg.com/ 'unsafe-eval' vru.piwik.pro/ 'report-sample' vru-prd-minio.fourdigits.nl/ 'unsafe-inline' api.mapbox.com/ https: hcaptcha.com/ 'self' minio.fourdigits.nl/ vru.containers.piwik.pro/ 'unsafe-hashes'; font-src vru-prd-minio.fourdigits.nl/ https: data: 'self' minio.fourdigits.nl/; worker-src blob: unpkg.com/ 'unsafe-eval' vru.piwik.pro/ 'report-sample' vru-prd-minio.fourdigits.nl/ 'unsafe-inline' api.mapbox.com/ https: hcaptcha.com/ 'self' minio.fourdigits.nl/ vru.containers.piwik.pro/ 'unsafe-hashes'; frame-ancestors https: 'self'; report-uri /.well-known/csp/18782b72-ffb0-4f75-a71f-5ef5403ba42f 1
default-src 'self' *.ods.cz www.google.com cse.google.com csp.withgoogle.com *.google-analytics.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com *.googlevideo.com *.mailchimp.com stats.g.doubleclick.net www.facebook.com www.youtube.com www.ods.local *.spotify.com open.scdn.com; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' data: *; connect-src 'self' *.ods.cz www.google.com cse.google.com csp.withgoogle.com *.google-analytics.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com *.googlevideo.com *.mailchimp.com stats.g.doubleclick.net www.facebook.com www.youtube.com www.ods.local *.spotify.com open.scdn.com; img-src 'self' data: * maps.gstatic.com *.mailchimp.com; base-uri 'self'; form-action 'self' *.list-manage.com www.facebook.com 1
default-src 'self' *.iubenda.com www.googletagmanager.com *.google-analytics.com code.jquery.com hello.myfonts.net www.youtube.com iubenda.mgr.consensu.org cdn.ckeditor.com *.googleapis.com cdn.jsdelivr.net *.addthis.com *.moatads.com *.addthisedge.com fonts.gstatic.com *.google.com maps.gstatic.com *.gstatic.com *.youtube-nocookie.com *.cookiebot.com play.google.com *.curator.io *.sharethis.com *.b-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.iubenda.com www.googletagmanager.com *.google-analytics.com *.googleapis.com code.jquery.com iubenda.mgr.consensu.org cdn.ckeditor.com *.googleapis.com cdn.jsdelivr.net *.addthis.com  *.moatads.com *.addthisedge.com fonts.gstatic.com *.google.com maps.gstatic.com *.gstatic.com *.cookiebot.com  *.youtube-nocookie.com  play.google.com *.curator.io *.sharethis.com *.b-cdn.net; style-src 'self' 'unsafe-inline' hello.myfonts.net cdn.ckeditor.com *.googleapis.com cdn.jsdelivr.net *.addthis.com  *.moatads.com *.addthisedge.com fonts.gstatic.com *.google.com maps.gstatic.com *.gstatic.com fonts.googleapis.com play.google.com *.curator.io *.sharethis.com  *.b-cdn.net; img-src * 'self' data: https:;; font-src * 'self' data: https:;; report-uri /en/report-csp-violation 1
frame-ancestors https://www.recticelinsulation.com https://www.bouwpunt.be https://www.botha.be https://www.bouwpuntdeckers.be https://www.ovb.be https://www.droogmansbouw.be https://www.stals.be http://www.vandenberghe.be https://www.ottevaere.be https://www.kwanten.com http://www.deketelaere-bouw.be https://www.vandergucht.be https://www.bouwpuntjorissen.be https://www.bouwpuntwetteren.be https://www.defrancq.be https://www.youbuild-mpro.be https://www.gedimat-bouwmaterialen.be; 1
: default-src 'self' 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dpa-infocom.net *.dpa.com; style-src 'unsafe-inline' 'self'; img-src data: blob: 'self' a.tile.openstreetmap.de;font-src 'self';frame-src 'self' *.youtube-nocookie.com *.vimeo.com *.blitzvideoserver.de intocities.com *.dpa-electionslive.com eveeno.com; connect-src 'self' 1
base-uri 'self';connect-src 'self' https://*.yandex.ru http://*.yandex.ru https://*.google-analytics.com wss://*.pusher.com wss://*.sochain.com wss://*.chain.so https://*.pusher.com http://*.pusher.com https://*.sochain.com http://*.sochain.com https://*.chain.so http://*.chain.so *.lottiefiles.com wss://*.jivosite.com https://*.jivosite.com http://*.jivosite.com https://*.jivo.ru wss://*.jivo.ru http://*.jivo.ru;font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com;style-src 'self' fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com 'unsafe-inline' *.jivosite.com *.jivo.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.yandex.ru *.pusher.com unpkg.com *.jivosite.com *.jivo.ru;form-action 'self' *.advcash.com payeer.com perfectmoney.is qiwi.com *.yandex.ru;img-src * *.yandex.ru 'unsafe-inline' data:;object-src 'none' 1
default-src 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com; object-src 'none'; form-action 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com; frame-ancestors 'self' www.southerncompany.com ua.southerncompany.com author.southerncompany.com author-stage.southerncompany.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://thepit.social; img-src 'self' https: data: blob: https://thepit.social; style-src 'self' https://thepit.social 'nonce-2unBOE+oa3TAPgy/iJrSvw=='; media-src 'self' https: data: https://thepit.social; frame-src 'self' https:; manifest-src 'self' https://thepit.social; form-action 'self'; child-src 'self' blob: https://thepit.social; worker-src 'self' blob: https://thepit.social; connect-src 'self' data: blob: https://thepit.social https://cdn.masto.host wss://thepit.social; script-src 'self' https://thepit.social 'wasm-unsafe-eval' 1
default-src * 'self' data:; script-src * 'self' 'unsafe-inline' data:; img-src 'self' 'unsafe-inline' * data:; connect-src 'self' data:; style-src * 'self' 'unsafe-inline' 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.chatenlive.com:9080 www.chatenlive.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.chatenlive.com wss://www.chatenlive.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705980307 1
frame-ancestors bitrix24.kz bitrix24.ru *.bitrix24.kz *.bitrix24.ru sendapi.net app.botcorp.io 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://y.clarity.ms https://*.clarity.ms https://*.googlesyndication.com https://balingwiredirect.s3.amazonaws.com https://tpc.googlesyndication.com https://identitytoolkit.googleapis.com https://s3.amazonaws.com https://td.doubleclick.net data: https://tr-rc.lfeeder.com https://adservice.google.com https://cdn.linkedin.oribi.io https://m.clarity.ms https://web-writer.us.smartlook.cloud https://assets-proxy.smartlook.cloud https://cardboardbalingwire.s3.us-west-1.amazonaws.com https://cardboardbalingwire.com https://www.recaptcha.net https://manager.eu.smartlook.cloud https://web-sdk.smartlook.com https://connect.facebook.net https://balingwiredirect.s3-us-west-2.amazonaws.com https://*.klaviyo.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io ws://ws5.hotjar.com wss://*.hotjar.com www.google.ca www.google.com www.clarity.ms tr.lfeeder.com *.linkedin.com app.balingwiredirect.com static.hotjar.com play.google.com vars.hotjar.com script.hotjar.com bid.g.doubleclick.net *.adsymptotic.com *.hotjar.com www.youtube-nocookie.com maps.googleapis.com nocookie.sandbox.balingwiredirect.com shop.balingwiredirect.com www.google-analytics.com nocookie.balingwiredirect.com www.googleadservices.com webhooks.remarkety.com www.facebook.com analytics.google.com fonts.googleapis.com  maps.googleapis.com h.clarity.ms a.clarity.ms googleads.g.doubleclick.net api.livechatinc.com bat.bing.com connect.facebook.net d3ryumxhbd2uw7.cloudfront.net static-tracking.klaviyo.com www.googleadservices.com www.google-analytics.com snap.licdn.com www.gstatic.com sc.lfeeder.com v4.balingwiredirect.com d.clarity.ms webhooks.remarkety.com cdn.livechatinc.com static.klaviyo.com www.googletagmanager.com nocookie.sandbox.balingwiredirect.com fonts.googleapis.com fonts.gstatic.com webhooks.remarkety.com stats.g.doubleclick.net secure.livechatinc.com f.clarity.ms www.shopperapproved.com j.clarity.ms https://cdn.jsdelivr.net https://c.clarity.ms https://c.bing.com https://o1377968.ingest.sentry.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; font-src 'self' data: 'unsafe-inline' https://*; connect-src 'self' https://*; object-src 'self' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss *.facebook.net *.galenica.com *.google-analytics.com *.googleapis.com *.gstatic.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.px.ads.linkedin.com *.solique.ch *.vimeo.com *.weblication.de *.youtube.com *.ytimg.com analytics.google.com bat.bing.com bt.fraud0.com charts3.equitystory.com ir-api.eqs.com ir.tools.investis.com static.hotjar.com stats.g.doubleclick.net tools.cms-eqs.com vimeo.com weblics.de www.facebook.com www.google.ch www.google.com www.googletagmanager.com www.youtu.be www.youtube-nocookie.com www.youtube.com youtu.be; frame-ancestors 'self' *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss; report-uri https://cms1.app.e-galexis.com/csp-report.php; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
upgrade-insecure-requests;block-all-mixed-content;base-uri 'self';script-src 'nonce-qCX66w9HQQlARVR7krM130bmhPRWChXb' https://d1e9uma8p87lzg.cloudfront.net/1f4ddaf6-ca38-4dd1-ae11-03a08d66955d/ 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com *.google-analytics.com *.googletagmanager.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.paypal.com *.blookanoo.com www.google.com www.gstatic.com *.millicast.com;style-src https://d1e9uma8p87lzg.cloudfront.net/1f4ddaf6-ca38-4dd1-ae11-03a08d66955d/ 'unsafe-inline' fonts.googleapis.com assets.braintreegateway.com *.paypal.com *.blookanoo.com;font-src data: https://d1e9uma8p87lzg.cloudfront.net/1f4ddaf6-ca38-4dd1-ae11-03a08d66955d/ fonts.gstatic.com;form-action https://phasemedical.us5.list-manage.com/ *.paypal.com *.blookanoo.com;img-src * 'unsafe-inline' data: assets.braintreegateway.com checkout.paypal.com blookanoo.com;frame-src https://d1e9uma8p87lzg.cloudfront.net/1f4ddaf6-ca38-4dd1-ae11-03a08d66955d/ vapor-theriaults-production.s3.amazonaws.com *.google.com *.youtube.com *.vimeo.com assets.braintreegateway.com tst.kaptcha.com *.paypal.com *.blookanoo.com *.millicast.com *.jotform.com *.oktium.com;child-src blob: assets.braintreegateway.com;object-src * https://d1e9uma8p87lzg.cloudfront.net/1f4ddaf6-ca38-4dd1-ae11-03a08d66955d/;connect-src * 'unsafe-inline' data: ws-mt1.pusher.com *.pusher.com wss://ws-mt1.pusher.com maps.googleapis.com api.sandbox.braintreegateway.com *.braintree-api.com client-analytics.sandbox.braintreegateway.com *.millicast.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-k6KBQ3MW6Vcjlo/Gd0BLQFLRxgUsUqFcQbtAOlf5nVfbMFFg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dancenter.se/pubweb/csp-violation 1
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 1
frame-ancestors 'self' https://*.investmentdominator.com http://localhost:3000 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' https://*.b-ite.com/ https://buergerservice.ionas.de/ https://i.ytimg.com/; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://www.google.com https://www.youtube-nocookie.com/ https://www.youtube.com/; img-src 'self' data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://i.ytimg.com/ https://s.ytimg.com/ https://www.erkelenz.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://*.b-ite.com/ https://i.ytimg.com/ https://s.ytimg.com/ https://www.vergaben-wirtschaftsregion-aachen.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' metrics.rant.li; connect-src 'self' metrics.rant.li; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline'; frame-src http: https:; 1
default-src 'none'; media-src 'self'; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' *.rekai.se/ https://m1.analytics.sitevision-cloud.se/matomo.php; img-src 'self' data: https://bolle.sporthallen.nu/; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; font-src 'self'; frame-src 'self' https://bollnas.varbi.com https://play.mediaflowpro.com https://www.temperatur.nu; script-src-elem 'self' * 'unsafe-inline' https://static.rekai.se/ https://m1.analytics.sitevision-cloud.se/; frame-ancestors 'self' https://mediaflow.com/sv-SE/; script-src 'unsafe-eval'; 1
worker-src blob: ; font-src data: https://fonts.gstatic.com/ https://g2u-wp-prod.s3-ap-southeast-2.amazonaws.com https://maxcdn.bootstrapcdn.com/ 'self' ; img-src data: https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google-analytics.com/ https://*.googletagmanager.com/ https://bat.bing.com/ https://c.bing.com https://chart.apis.google.com https://cm.g.doubleclick.net/ https://g2u-wp-prod.s3-ap-southeast-2.amazonaws.com https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://maps.gstatic.com https://q.quora.com/ https://ssl.gstatic.com https://static.addtoany.com/ https://stats.g.doubleclick.net/ https://vxml4.plavxml.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com.au/ https://www.google.com/ https://www.gstatic.com/ https://s.w.org 'self' ; connect-src https://*.analytics.google.com https://*.clarity.ms https://*.doubleclick.net/ https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.googletagmanager.com/ https://api.geeks2u.com.au https://bat.bing.com/ https://c.bing.com https://auth.geeks2u.com.au https://api.psma.com.au/ https://cdn.pdst.fm/ https://us-central1-adaptive-growth.cloudfunctions.net/ https://www.facebook.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ 'self' ; script-src https://*.clarity.ms https://*.google-analytics.com/ https://*.googletagmanager.com/ https://a.quora.com/ https://ajax.googleapis.com/ https://api.w3-edge.com/ https://bat.bing.com/ https://www.bpoint.com.au https://c.bing.com https://cdn.jsdelivr.net https://connect.facebook.net/ https://diffuser-cdn.app-us1.com/ https://g2u-wp-prod.s3-ap-southeast-2.amazonaws.com https://googleads.g.doubleclick.net/ https://googleapis.com/ https://maps.googleapis.com/ https://prism.app-us1.com/ https://s.adroll.com https://ssl.google-analytics.com https://static.addtoany.com/ https://tagmanager.google.com https://trackcmp.net/ https://vxml4.plavxml.com/ https://web-call-analytics.com/ https://cdn.pdst.fm/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.gstatic.com/ 'self' 'unsafe-eval' 'unsafe-inline' ; frame-src https://*.doubleclick.net/ https://app.tinypulse.com/ https://bid.g.doubleclick.net/ https://www.bpoint.com.au https://auth.geeks2u.com.au https://static.addtoany.com/ https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ 'self' ; style-src https://ajax.googleapis.com/ https://fonts.googleapis.com https://g2u-wp-prod.s3-ap-southeast-2.amazonaws.com https://maxcdn.bootstrapcdn.com/ https://tagmanager.google.com 'self' 'unsafe-inline' ; default-src 'none' ; manifest-src 'self' ; object-src 'self' ; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-KCsyIEm1JpuO+h8CW49Gpc4+J+uAg5GkaPttNZKYIC6UbAJ2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src 'self' https://static.cloudflareinsights.com; connect-src https://cloudflareinsights.com; img-src 'self' https://img.shields.io; style-src 'self'; font-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content 1
default-src 'self'; script-src 'self' www.googletagmanager.com maps.googleapis.com www.google-analytics.com https://apis.google.com https://browser-update.org; style-src 'self' 'unsafe-inline'; connect-src 'self' login.bjootify.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' login.bjootify.com; img-src 'self' dvipccprod.blob.core.windows.net www.google-analytics.com data: 'unsafe-eval'; frame-ancestors 'self' login.bjootify.com 1
frame-ancestors 'self' https://assets.braintreegateway.com; 1
default-src 'none'; font-src 'self' *.wuzhuiso.com; connect-src 'self' *.wuzhuiso.com; media-src 'self' *.wuzhuiso.com;; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.wuzhuiso.com ; img-src data: 'self' *.wuzhuiso.com ; style-src 'unsafe-inline' 'self' *.wuzhuiso.com ; object-src 'self' *.wuzhuiso.com; worker-src 'self' *.wuzhuiso.com; frame-src blob: 'self' *.wuzhuiso.com; frame-ancestors 'self' *.wuzhuiso.com; base-uri 'self' *.wuzhuiso.com ; 1
default-src 'none'; script-src 'self' 'nonce-t15q0GGV354ZnFVxsgTpuQqmMA40Xj4oUBQ7baTS+rs=' https://static.addtoany.com/menu/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/place/js/AutocompletionService.GetPredictions https://maps.googleapis.com/maps/api/place/js/PlaceService.GetPlaceDetails https://nodejs.youtropolis.com:8080/socket.io/socket.io.js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/widgets.js https://platform.twitter.com/js/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.gstatic.com/charts/; img-src 'self' data: https://maps.gstatic.com https://chart.googleapis.com/chart https://help.yahoo.com https://support.content.office.net https://syndication.twitter.com/i/jot/embeds; form-action 'self' https://www.paypal.com/cgi-bin/webscr; frame-src 'self' https://player.vimeo.com https://static.addtoany.com/menu/ https://www.youtube.com https://www.google.com https://w.soundcloud.com https://platform.twitter.com; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://stats.addtoany.com/menu https://maps.googleapis.com/maps/api/mapsjs/ https://nodejs.youtropolis.com:8080/socket.io/ wss://nodejs.youtropolis.com:8080/socket.io/; worker-src blob:; base-uri 'self'; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://beta-api.scrivito.com https://assets.scrivito.com https://c.leadlab.click https://cdn.popt.in/pixel.js https://cdn.segment.com https://cdnjs.cloudflare.com https://cdn.iubenda.com https://cs.iubenda.com https://www.iubenda.com https://js.intercomcdn.com https://rum-static.pingdom.net https://snap.licdn.com https://tagmanager.google.com https://widget.intercom.io https://www.eventbrite.com/static/widgets/eb_widgets.js https://www.google-analytics.com https://www.googletagmanager.com https://www.woorank.com/de/widget/script https://www.woorank.com/en/widget/script; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.com.pl; img-src 'self' https: data: blob: https://mastodon.com.pl; style-src 'self' https://mastodon.com.pl 'nonce-k0YTZJA9IWESQvPcx8KhGA=='; media-src 'self' https: data: https://mastodon.com.pl; frame-src 'self' https:; manifest-src 'self' https://mastodon.com.pl; form-action 'self'; child-src 'self' blob: https://mastodon.com.pl; worker-src 'self' blob: https://mastodon.com.pl; connect-src 'self' data: blob: https://mastodon.com.pl https://mastodon.com.pl wss://mastodon.com.pl; script-src 'self' https://mastodon.com.pl 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.talent-soft.com *.akka-technologies.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MTIxLDY1LDEwNCwyMzksMjU0LDE5NSwyMDAsMTYx' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://lgbt.io 'wasm-unsafe-eval'; font-src 'self' https://lgbt.io; img-src 'self' data: blob: https://lgbt.io; style-src 'self' https://lgbt.io 'nonce-JEZlWSGH2NEw8eSw1IZWMA=='; media-src 'self' data: https://lgbt.io; frame-src 'self' https:; child-src 'self' blob: https://lgbt.io; worker-src 'self' blob: https://lgbt.io; connect-src 'self' blob: data: wss://lgbt.io https://lgbt.io; manifest-src 'self' https://lgbt.io; form-action 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-McSWGn5gLS4DdQo5arAhSn4J04zIke91prxBXqmu4GI7YUWM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-JOkKHV1ZWNkLJyKFEVPX/w=='; 1
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
default-src 'self' https://www.audit-scotland.gov.uk blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.browsealoud.com https://www.google-analytics.com https://apis.google.com https://public.tableau.com https://mathjax.rstudio.com; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://www.google-analytics.com https://public.tableau.com; frame-src 'self' https://www.youtube.com https://www.google.com https://public.tableau.com https://app.powerbi.com/; font-src 'self' data: https://themes.googleusercontent.com https://cdnjs.cloudflare.com; connect-src 'self' data: https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com/js/urlinfo/www.audit-scotland.gov.uk.js https://region1.google-analytics.com https://plus.browsealoud.com/ https://speech.speechstream.net https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=10maak1iqu59p&partner=; 1
www.lifeatworkportal.com 1
object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: 'nonce-MDc1NmM4OTUtMjJiZi00NjI0LWE1N2ItMGUxYzJjNTQ5NDVk' 'sha256-LuGOMByQ9nZ9QE4aXKj4cWEuWuzD2m4r7iGrO5mjGOU=' 'strict-dynamic'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-7aiKdVS8VcesiHpyr6GXSA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-BGGvMZGEnGHCtIqBZFrxYWaAe0IJyygSIn+KjvFeQYKu0wvD' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://us-west-2.quicksight.aws.amazon.com/ *.pendo.io data:;  media-src 'self' *.pendo.io  *.responsivevoice.org; frame-ancestors 'self' https://*.quicksight.aws.amazon.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval';  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kit-free.fontawesome.com/releases/latest/css/ https://www.gstatic.com/firebasejs/5.5.8/ https://www.gstatic.com/firebasejs/5.5.8/ https://unpkg.com/amazon-quicksight-embedding-sdk@1.0.15/dist/quicksight-embedding-js-sdk.min.js *.pendo.io; style-src 'self' 'unsafe-inline' *.fontawesome.com https://kit-free.fontawesome.com/releases/latest/css/ *.pendo.io https://cdn.pendo.io;   style-src-elem 'self' 'unsafe-inline' *.fontawesome.com https://kit-free.fontawesome.com/releases/latest/css/ *.pendo.io;  font-src 'self' *.fontawesome.com https://fonts.gstatic.com https://use.typekit.net;  connect-src 'self' https://*.quicksight.aws.amazon.com/ *.fontawesome.com https://*.vstalert.com https://*.vst-one.com https://kit-free.fontawesome.com/releases/latest/css/ https://fcm.googleapis.com/fcm/connect/subscribe https://test.vstalert.com/Newui/Scripts/* https://www.gstatic.com/firebasejs/5.5.8/;             img-src 'self' https://via.placeholder.com/ https://placehold.co/ https://assets.vstalert.com https://test-assets.vstalert.com https://i.imgur.com/ https://imgur.com/ *.pendo.io/ data:; 1
default-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl https://*.e.ce-analytics.com https://*.facebook.com https://*.google.com https://*.google.nl https://*.googleusercontent.com; style-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl https://*.googleapis.com https://*.datatrics.com https://*.photoslurp.com https://*.cloudflare.com https://*.mailplus.nl 'unsafe-inline'; img-src * data:; media-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl data: https://fonts.gstatic.com https://ma-fonts.s3.eu-west-1.amazonaws.com https://*.photoslurp.com https://*.datatrics.com; script-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl https://*.googleoptimize.com https://*.facebook.net https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.trustpilot.com https://*.mailplus.nl https://*.smartsuppcdn.com https://*.photoslurp.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.youtube.com https://*.youtu.be 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl https://*.datatrics.com wss://*.datatrics.com https://*.photoslurp.com wss://*.photoslurp.com https://*.google.com wss://*.google.com https://*.google-analytics.com wss://*.google-analytics.com https://*.doubleclick.net wss://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.io https://*.googlesyndication.com wss://*.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://*.google.com wss://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com; frame-src 'self' https://*.media-artists.nl https://*.bigcheese.site https://www.cdn-1.discus.nl https://www.cdn-2.discus.nl https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.datatrics.com https://*.doubleclick.net https://*.doubleclick.net 1
frame-ancestors deliveru.jp admin.deliveru.jp nodejs.deliveru.jp 172.20.20.29 shop.deliveru.jp www.bc-seminar.jp 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com *.fm www.stevigouderschap.nl *.ncj.nl ncj.nl *.stevigouderschap.nl podcasters.spotify.com eenvandaag.avrotros.nl/embed/541994/ 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.no https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.comi https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.comi *.zohocdn.com; 1
report-uri https://apps.netbit.com.br/csp-report/parser.php;       default-src 'self';       base-uri 'self';       connect-src 'self' https://www.google-analytics.com;       font-src 'self' https://cdnjs.cloudflare.com;       form-action 'self';       frame-ancestors 'self';       frame-src 'self' https://challenges.cloudflare.com https://www.google.com;       img-src 'self' data: https://cdnjs.cloudflare.com;       media-src 'self';       script-src 'report-sample' 'unsafe-inline' 'self' https://cdnjs.cloudflare.com/ https://challenges.cloudflare.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ https://*.googletagmanager.com;       style-src 'report-sample' 'unsafe-inline' 'self' https://cdnjs.cloudflare.com;       object-src 'none'; manifest-src 'self'; worker-src 'none'; 1
default-src 'none'; font-src 'self' https: data: sh24.org.uk sh24.ie sexualhealth24.org.uk; img-src 'self' https: data: sh24.org.uk sh24.ie sexualhealth24.org.uk; object-src 'none'; script-src 'self' https: http: sh24.org.uk sh24.ie sexualhealth24.org.uk google-analytics.com cloudfront.net www.googletagmanager.com 'nonce-IUW0beySiOoBXVb+uFCrBg=='; style-src 'self' https: 'unsafe-inline' sh24.org.uk sh24.ie sexualhealth24.org.uk; connect-src 'self' https: sh24.org.uk sh24.ie sexualhealth24.org.uk; frame-src 'self' https: 1
default-src 'self' cdnjs.cloudflare.com www.youtube.com; script-src 'self' 'unsafe-inline' www.youtube.com apis.google.com maps.googleapis.com www.google.com www.gstatic.com cdn.rawgit.com accounts.google.com connect.facebook.net cdn.jsdelivr.net www.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com accounts.google.com; object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com ka-f.fontawesome.com accounts.google.com; frame-src 'self' www.youtube.com www.google.com accounts.google.com; img-src palace-amusement-dev.s3.amazonaws.com stage-palaceamusement.s3.amazonaws.com prod-palaceamusement.s3.amazonaws.com www.facebook.com 'self' blob: data: maps.gstatic.com maps.googleapis.com;connect-src www.google-analytics.com firebaseinstallations.googleapis.com firebase.googleapis.com dev-palace-amusement-api.myamberinnovations.com stage-palace-amusement-api.myamberinnovations.com newapi.palaceamusement.com ka-f.fontawesome.com accounts.google.com 1
default-src 'self' blob:; script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net up.pixel.ad *.googleapis.com *.google-analytics.com http://static.cdn.prismic.io https://boards-api.greenhouse.io https://boards.greenhouse.io https://px.ads.linkedin.com https://wroom.io https://prismic.io https://snap.licdn.com https://www.googletagmanager.com https://connect.facebook.net https://html2canvas.hertzen.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: ; font-src 'self' data:; img-src 'self' googleads.g.doubleclick.net pixel.sitescout.com *.prismic.io *.gstatic.com *.googleapis.com *.google.com *.googleusercontent.com *.facebook.com www.diversityjobs.com *.google-analytics.com https://stats.g.doubleclick.net data: blob:; connect-src 'self' ws: *.googleapis.com stats.g.doubleclick.net pixel.sitescout.com https://cityblock.cdn.prismic.io https://cityblock.prismic.io https://images.prismic.io https://boards-api.greenhouse.io https://www.google-analytics.com; frame-ancestors 'self'; frame-src www.cdc.gov https://td.doubleclick.net https://bid.g.doubleclick.net pixel.sitescout.com cityblockhealth.qualtrics.com https://boards.greenhouse.io https://player.vimeo.com https://cityblock.prismic.io https://accounts.google.com/ https://secureform.luxsci.com/; media-src 'self' blob:; 1
default-src 'self';script-src 'report-sample' sentry.io 'unsafe-eval' 'self' 'unsafe-inline' tagmanager.google.com/ www.googletagmanager.com storage.googleapis.com maps.googleapis.com www.google-analytics.com widget.taggbox.com static.cdn.prismic.io prismic.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-banner.com track.hubspot.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.googleadservices.com snap.licdn.com googleads.g.doubleclick.net;style-src 'report-sample' 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;object-src 'none';connect-src 'self' sentry.io images.prismic.io fonts.googleapis.com exscientia.cdn.prismic.io tagmanager.google.com/ storage.googleapis.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com api.lever.co forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com api.hubapi.com exscientia.workable.com sandlane.workabledemo.com forms.hscollectedforms.net cdn.linkedin.oribi.io *.google-analytics.com stats.g.doubleclick.net vimeo.com;font-src 'self' fonts.gstatic.com;frame-src 'self' cabinpanda.com widget.taggbox.com player.vimeo.com *.youtube.com vimeo.com exscientia.prismic.io forms.hsforms.com;img-src 'self' maps.gstatic.com images.prismic.io data: blob: 'unsafe-inline' www.googletagmanager.com ssl.gstatic.com/ storage.googleapis.com www.google-analytics.com maps.googleapis.com media-exp1.licdn.com exscientia.cdn.prismic.io forms.hubspot.com track.hubspot.com *.ads.linkedin.com *.google.com *.google.co.uk lite-vimeo-embed.now.sh forms.hsforms.com lite-vimeo-embed.vercel.app;media-src 'self' exscientia.cdn.prismic.io media-exp1.licdn.com;worker-src 'self' www.googletagmanager.com ssl.gstatic.com/ storage.googleapis.com www.google-analytics.com maps.googleapis.com exscientia.cdn.prismic.io images.prismic.io 1
frame-ancestors https://*.growthinstitute.com; 1
img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' www.royalcanin.com d3moonnr9fkxfg.cloudfront.net www.google-analytics.com www.googletagservices.com footer.mars.com www.google-analytics.com cdn.cookielaw.org ; 1
img-src * 'self' data:; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ *.intercomcdn.com ; default-src 'self' https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ https://vimeo.com/ https://js.hsforms.net/ https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google.com https://www.gstatic.com *.hubspot.com *.cookiebot.com *.google-analytics.com *.stripe.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.googleapis.com *.relyonnutec.com *.umbraco.com *.nimbata.com *.hotjar.com *.licdn.com *.hiss3lark.com *.facebook.net *.intercomcdn.com *.hs-scripts.com https://js.hscta.net *.sleeknote.com *.intercom.io *.hsadspixel.net *.hs-analytics.net *.facebook.net *.appspot.com *.hs-banner.com *.hscollectedforms.net *.hubapi.com *.intercom.io wss://nexus-websocket-a.intercom.io *.hotjar.io *.googleadservices.com *.bing.com *.doubleclick.net *.google-analytics.com tagmanager.google.com *.googleusercontent.com *.google.com *.youtube.com https://6kkzqr57d9.execute-api.us-east-1.amazonaws.com https://dev.visualwebsiteoptimizer.com *.pardot.com *.visualwebsiteoptimizer.com *.clarity.ms 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' https://api.qrserver.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://validator.swagger.io data: ;  script-src 'self' 'nonce-fc47ed7a' 'strict-dynamic' https://api.qrserver.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://validator.swagger.io data: ; 1
frame-ancestors forever-cockpit.com *.forever-cockpit.com *.be-forever.com be-forever.com youtube.com *.flp.com flp.com socialsales.io *.socialsales.io 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://include.timeblockr.com https://shared.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com https://cdn.matomo.cloud 'unsafe-eval' 'unsafe-inline' data: https://houten.analytics.opengemeenten.nl 'report-sample'; connect-src 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://include.timeblockr.com https://*.api.timeblockr.com https://shared.signalr.timeblockr.com wss://shared.signalr.timeblockr.com https://*.matomo.cloud https://houten.analytics.opengemeenten.nl https://maxcdn.bootstrapcdn.com; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.webgispublisher.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://include.timeblockr.com https://*.matomo.cloud data: https://houten.analytics.opengemeenten.nl; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'unsafe-inline' data: https://maxcdn.bootstrapcdn.com 'report-sample'; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://include.timeblockr.com data: https://maxcdn.bootstrapcdn.com; report-to csp; child-src 'self' blob:; default-src 'self'; frame-ancestors 'self' https://www.houten.nl; style-src-attr 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://include.timeblockr.com 'unsafe-inline' data: 'report-sample'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com https://workforyourworld.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.outbrain.com *.googlesyndication.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com map.euroguss.de preview.inforomap.de *.tile.openstreetmap.org *.inforomap.de data: ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: connect.facebook.net www.facebook.com *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com map.euroguss.de preview.inforomap.de *.tile.openstreetmap.org *.inforomap.de data: na11.de ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com https://workforyourworld.com *.outbrain.com map.euroguss.de preview.inforomap.de *.tile.openstreetmap.org *.inforomap.de data: ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://mydent24.ru http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' https: blob:; 1
script-src 'strict-dynamic' 'nonce-YWE1ZWE1ZjItY2IxYy00ODcxLWEzNWMtMjY4OGMyZDdhMjdj' 'unsafe-inline' https: http:;object-src 'none';base-uri 'none';report-uri /api/v2/report-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://genart.social; img-src 'self' https: data: blob: https://genart.social; style-src 'self' https://genart.social 'nonce-dRwhe36MyGWzCjKa5THxyg=='; media-src 'self' https: data: https://genart.social; frame-src 'self' https:; manifest-src 'self' https://genart.social; form-action 'self'; connect-src 'self' data: blob: https://genart.social https://files.genart.social wss://genart.social; script-src 'self' https://genart.social 'wasm-unsafe-eval'; child-src 'self' blob: https://genart.social; worker-src 'self' blob: https://genart.social 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-ffe1c98a8f616511116789fd54416012'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://iosdev.space; img-src 'self' https: data: blob: https://iosdev.space; style-src 'self' https://iosdev.space 'nonce-mtEr7bTm86T+4aF6OqtVGw=='; media-src 'self' https: data: https://iosdev.space; frame-src 'self' https:; manifest-src 'self' https://iosdev.space; form-action 'self'; child-src 'self' blob: https://iosdev.space; worker-src 'self' blob: https://iosdev.space; connect-src 'self' data: blob: https://iosdev.space https://cdn.masto.host wss://iosdev.space; script-src 'self' https://iosdev.space 'wasm-unsafe-eval' 1
connect-src 'self'; img-src 'self'; base-uri 'self';form-action 'self'; report-to csp-reporting-endpoint 1
default-src 'self'; script-src 'self' https://integration.financepartners.com *.google.com *.hsforms.com *.hubspot.com 'unsafe-inline' 'unsafe-eval' https://d.adroll.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com https://js.hsforms.net https://bat.bing.com https://static.ads-twitter.com https://s.adroll.com https://js.hs-banner.com https://forms.hsforms.com https://snap.licdn.com https://www.googleapis.com https://d.adroll.mgr.consensu.org https://analytics.twitter.com; style-src 'self' *.google.com *.hsforms.com *.hubspot.com 'unsafe-inline' *.googleapis.com *.gstatic.com net dna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com https://www.googleapis.com https://www.youtube.com/watch?v=p8kFTFzG434 https://www.youtube.com/watch?v=WXz-iV82DAk; font-src 'self' *.google.com *.hsforms.com *.hubspot.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com; img-src 'self' *.google.com *.hsforms.com *.hubspot.com https://d.adroll.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://ascentiumcapital.com https://seal.entrust.net https://bat.bing.com https://www.google.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.googleapis.com https://t.co https://p.adsymptotic.com *.youtube.com *; media-src 'self' *.google.com *.hsforms.com *.hubspot.com data: blob: https://www.youtube.com https://.youtube.com/watch?*; child-src 'self' *.google.com *.hsforms.com *.hubspot.com *.twitter.com *.vimeo.com *.soundcloud.com *.facebook.com *.stumbleupon.com *.youtube.com *.google-analytics.com *.doubleclick.net *.adroll.com *.gstatic.com ajax.aspnetcdn.com *.ytimg.com *.twimg.com *.linkedin.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com https://js.hsforms.net https://bat.bing.com *.ads-twitter.com https://js.hs-banner.com https://forms.hsforms.com https://snap.licdn.com *.googleapis.com https://d.adroll.mgr.consensu.org *.youtube-nocookie.com/ https://www.youtube.com/watch?v=p8kFTFzG434 https://www.youtube.com/watch?v=WXz-iV82DAk; connect-src 'self' *.google.com *.hsforms.com *.hubspot.com https://*.dec.sitefinity.com *.mktoresp.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.adroll.com *.gstatic.com ajax.aspnetcdn.com *.youtube.com *.twitter.com https://s.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com https://js.hsforms.net https://bat.bing.com *.ads-twitter.com https://js.hs-banner.com https://forms.hsforms.com https://snap.licdn.com https://d.adroll.mgr.consensu.org https://www.youtube.com/watch?v=p8kFTFzG434 https://www.youtube.com/watch?v=WXz-iV82DAk; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.ubembed.com/ https://js.hsadspixel.net/ https://js.zi-scripts.com/ https://js.hs-banner.com/ https://www.youtube.com/ https://js.hsforms.net/ https://js.hs-analytics.net/ https://snap.licdn.com/ https://js.hs-scripts.com/ https://connect.facebook.net/ https://dyv6f9ner1ir9.cloudfront.net/ https://translate-pa.googleapis.com/ https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://www.gstatic.com/ https://translate.google.com/ https://googleads.g.doubleclick.net/ https://translate.googleapis.com/ https://ajax.googleapis.com/  https://ssl.google-analytics.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com/;  style-src 'self' 'unsafe-inline' https://meduitrcm.com/ https://www.stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.gstatic.com/ https://fonts.googleapis.com/ *.s.w.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com/ https://forms.hsforms.com/ https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://translate.googleapis.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hubapi.com/; font-src 'self' https://fonts.gstatic.com data: https://use.fontawesome.com *.cloudfront.net;  frame-src 'self' https://td.doubleclick.net/ https://app.outgrow.co/ https://www.facebook.com/ https://www.google.com https://www.vimeo.com https://www.youtube.com https://meduit.outgrow.us; img-src 'self' https://meduitrcm.com/ https://www.meduitrcm.com/ https://forms-na1.hsforms.com/ https://px4.ads.linkedin.com/ https://forms.hsforms.com/ https://www.google.com/pagead/ https://px.ads.linkedin.com/ https://fonts.gstatic.com/ https://track.hubspot.com/ https://www.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/tr/ https://secure.gravatar.com https://www.google.com/ads/ga-audiences data: https://www.google-analytics.com *.cloudfront.net; manifest-src 'self';  media-src 'self'; worker-src 'none' 1
frame-ancestors bibliocms.com *.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src bibliocms.com *.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src * data: 'nonce-a039710a03538f27f4a445cfaf77f09e' magazito.com google.com google.com.ua *.googletagmanager.com stats.g.doubleclick.net pay.fondy.eu connect.facebook.net;script-src 'strict-dynamic' 'unsafe-inline' 'nonce-a039710a03538f27f4a445cfaf77f09e' magazito.com google.com google.com.ua *.gstatic.com *.googletagmanager.com *.google.com stats.g.doubleclick.net pay.fondy.eu connect.facebook.net;style-src data: 'self' 'nonce-a039710a03538f27f4a445cfaf77f09e' magazito.com google.com google.com.ua *.gstatic.com *.googletagmanager.com fonts.googleapis.com stats.g.doubleclick.net pay.fondy.eu connect.facebook.net;object-src data: https://cdn.magazito.com.ua;base-uri 'self';frame-ancestors 'none';report-uri https://magazito.report-uri.com/r/d/csp/reportOnly 1
script-src 'strict-dynamic' 'nonce-NjViMTU4YWMtMDI5Yy00OTlkLTgxZDAtZWM2OWZiZTI4NzQ4' 'unsafe-inline' https: http:;object-src 'none';base-uri 'none';report-uri /api/v2/report-violation 1
default-src 'self' https://static.nkdev.io https://use.fontawesome.com 'unsafe-inline'; img-src 'self' *.nkdev.io www.paypalobjects.com www.coinpayments.net data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.nkdev.io https://ajax.googleapis.com https://code.highcharts.com; style-src 'self' 'unsafe-inline' *.nkdev.io *.bootstrapcdn.com *.fontawesome.com 1
frame-ancestors 'self' *.downsizing.com.au 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-nglMyZu/+tsHBeQsqQXTTWdPE979VzMGQv8OjAyXc1mMD4xU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' ws: wss: *.remesh.chat *.google.com *.wootric.com *.userpilot.io *.driftt.com *.vimeo.com *.typeform.com *.gstatic.com fullstory.com *.fullstory.com *.zdassets.com *.zendesk.com *.zopim.com *.smooch.io *.twilio.com https://zendesk-eu.my.sentry.io; img-src blob: data: 'self' *.googleapis.com *.gstatic.com *.wootric.com *.userpilot.io *.driftt.com *.vimeo.com *.google.com *.zendesk.com *.zdusercontent.com https://media.smooch.io https://v2assets.zopim.io https://static.zdassets.com; media-src blob: data: 'self' *.googleapis.com *.driftt.com *.zdassets.com; style-src 'self' rsms.me fonts.googleapis.com *.google.com *.wootric.com *.userpilot.io *.driftt.com *.vimeo.com *.zdassets.com 'unsafe-inline'; connect-src 'self' ws: wss: *.remesh.chat *.googleapis.com *.google.com *.wootric.com *.heapanalytics.com *.userpilot.io *.driftt.com *.vimeo.com *.typeform.com fonts.gstatic.com rsms.me fullstory.com *.fullstory.com *.zdassets.com *.zendesk.com *.zopim.com *.smooch.io *.twilio.com https://zendesk-eu.my.sentry.io https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com; worker-src blob: 'self' *.remesh.chat; font-src rsms.me fonts.googleapis.com fonts.gstatic.com; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; script-src 'self' *.remesh.chat https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.wootric.com *.userpilot.io *.driftt.com *.vimeo.com *.typeform.com fullstory.com *.fullstory.com *.raygun.io *.zdassets.com *.zendesk.com *.zopim.com *.smooch.io *.twilio.com https://zendesk-eu.my.sentry.io 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://*; sandbox allow-same-origin allow-scripts allow-forms allow-modals allow-popups allow-downloads; 1
default-src uniroyaltires.prod-ncus-dcadcx.michelin.fr 'self' *.windows.net maps.googleapis.com https://api.privacy-center.org/ https://sdk.privacy-center.org/ *.google-analytics.com www.google-analytics.com api.bazaarvoice.com; style-src 'unsafe-inline' uniroyaltires.prod-ncus-dcadcx.michelin.fr *.salesforce.com *.salesforceliveagent.com *.force.com *.michelin.fr *.windows.net cxf-prod.azureedge.net fonts.googleapis.com *.salesforce-sites.com www.googletagmanager.com ; script-src 'unsafe-inline' 'unsafe-eval' uniroyaltires.prod-ncus-dcadcx.michelin.fr *.salesforce.com *.salesforceliveagent.com *.force.com *.michelin.fr *.windows.net cxf-prod.azureedge.net https://www.google.com/ *.googleapis.com https://www.gstatic.com/ https://sdk.privacy-center.org/ https://www.youtube.com *.google-analytics.com *.googletagmanager.com https://developers.google.com/ *.hotjar.com *.clic2buy.com 'self' *.salesforce-sites.com apps.bazaarvoice.com mpsnare.iesnare.com *.mouseflow.com apis.google.com; font-src uniroyaltires.prod-ncus-dcadcx.michelin.fr 'self' cxf-prod.azureedge.net *.windows.net fonts.gstatic.com apps.bazaarvoice.com data: *.mouseflow.com; frame-src 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.youtube.com https://vars.hotjar.com https://www.google.com *.clic2buy.com https://util.michelintruck.com *.util.michelintruck.com intent: data: *.mouseflow.com; connect-src 'self' *; img-src 'self' *.windows.net *.youtube.com *.google-analytics.com *.gstatic.com https://i.ytimg.com *.googleapis.com *.azureedge.net *.force.com network-stg-a.bazaarvoice.com network-a.bazaarvoice.com photos-uat-us.bazaarvoice.com data: *.mouseflow.com www.googletagmanager.com ; worker-src 'self' https://service.force.com/ data: 1
frame-ancestors 'self' *.sciquest.com *.ncsu.edu *.vinimaya.com *.ariba.com *.ashleyfurniture.com http://search.roccommerce.com  1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Pq2gzCpgYBHFT2U/qufDWQZtSJP342GVzcTpQC8cq3mNwdeK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *; img-src data: *; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.userway.org https://p.typekit.net https://use.typekit.net https://code.jquery.com https://schema.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.userway.org https://p.typekit.net https://use.typekit.net https://code.jquery.com https://schema.org 1
default-src 'self' *.casinopro.co.za *.youtube.com *.firebaseio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.getsitecontrol.com *.getsitectrl.com *.google-analytics.com Hosted Libraries  |  Google Developers ;connect-src 'self' *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com *.firebaseio.com;img-src 'self' *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com;style-src 'unsafe-inline' 'self';base-uri 'self';form-action 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.saarland; img-src 'self' https: data: blob: https://social.saarland; style-src 'self' https://social.saarland 'nonce-E7XhLJTKwlrFT42mA4JGUg=='; media-src 'self' https: data: https://social.saarland; frame-src 'self' https:; manifest-src 'self' https://social.saarland; form-action 'self'; child-src 'self' blob: https://social.saarland; worker-src 'self' blob: https://social.saarland; connect-src 'self' data: blob: https://social.saarland https://cdn.masto.host wss://social.saarland; script-src 'self' https://social.saarland 'wasm-unsafe-eval' 1
default-src 'self'; base-uri 'self'; img-src 'self' data: https://assets-prod.routedurhum.com *.ytimg.com *.youtube.com *.cdninstagram.com; media-src 'self' https://assets-prod.routedurhum.com *.ytimg.com *.youtube.com *.cdninstagram.com; connect-src 'self' https://logs4.xiti.com https://assets-prod.routedurhum.com https://noembed.com https://backend-prod.routedurhum.com; prefetch-src 'self'; font-src fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /api/report-csp; object-src 'none'; worker-src 'none'; frame-src 'self' *.youtube.com www.youtube-nocookie.com carto-prod.routedurhum.com *.facebook.com; child-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' 'report-sample'; script-src 'self' https://connect.facebook.net https://tag.aticdn.net https://www.youtube.com https://m.youtube.com https://tag.aticdn.net; script-src-elem 'self' https://connect.facebook.net https://tag.aticdn.net https://www.youtube.com https://m.youtube.com https://tag.aticdn.net 'report-sample'; 1
frame-src *.ormco.com ormco.com google.com *.google.com *.fls.doubleclick *.walls.io.net *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com forms.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.basejumphq.com *.qzzr.com qzzr.com *.riddle.com riddle.com *.12news.com 12news.com *.lura.live  *.widencdn.net *.qualtrics.com td.doubleclick.net *.walls.io; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.hessenmice.net; default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles pageneralstore.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com pgs.attn.tv events.attentivemobile.com cdn.acsbapp.com api.livechatinc.com secure.addrexx10.com tags.wdsvc.net/; default-src 'self' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' pageneralstore.commercev3.com s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: cdn.livechatinc.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com  secure.livechatinc.com  creatives.attn.tv secure.trust-provider.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com d.adroll.com adroll.com *.adroll.com *.agkn.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com *.liadm.com dye1fo42o13sl.cloudfront.net cdn.doordash.com  aa.agkn.com secure.trust-provider.com  s3.amazonaws.com connect.facebook.net *.attn.tv aa.agkn.com insight.adsrvr.org; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  cdn.attn.tv xxredda.s3.amazonaws.com/pageneralstore/ cdata.mpio.io cdn.jsdelivr.net acsbapp.com s.adroll.com d.adroll.com rdata.mpio.io aa.agkn.com a.adroll.com  secure.trust-provider.com s3.amazonaws.com/downloads.mailchimp.com/ secure.addrexx10.com pageneralstore.us1.list-manage.com cdn.polyfill.io tags.wdsvc.net/; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  cdn.attn.tv xxredda.s3.amazonaws.com/pageneralstore/ cdata.mpio.io cdn.jsdelivr.net acsbapp.com s.adroll.com d.adroll.com rdata.mpio.io aa.agkn.com a.adroll.com  secure.trust-provider.com s3.amazonaws.com/downloads.mailchimp.com/ secure.addrexx10.com pageneralstore.us1.list-manage.com cdn.polyfill.io tags.wdsvc.net/; style-src 'self' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn-images.mailchimp.com xxredda.s3.amazonaws.com/pageneralstore/; style-src-elem 'self' s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn-images.mailchimp.com xxredda.s3.amazonaws.com/pageneralstore/; style-src-attr  'unsafe-inline'; media-src 'self' pageneralstore.commercev3.com s3.amazonaws.com/cdn.pageneralstore.com/ cdn.commercev3.net/cdn.pageneralstore.com/ cdn.pageneralstore.com www.bing.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ksbJU94FuSdmAr/aS8NiMjgIzwH4wMf8qQuVBJZhKRypFOGV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: ; connect-src https: wss: 1
frame-ancestors 'self' http://localhost:* https://localhost:* https://celo-development.sanity.studio 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.eus; img-src 'self' https: data: blob: https://mastodon.eus; style-src 'self' https://mastodon.eus 'nonce-0/03cgEqRYj0kPHeWFzcEQ=='; media-src 'self' https: data: https://mastodon.eus; frame-src 'self' https:; manifest-src 'self' https://mastodon.eus; form-action 'self'; child-src 'self' blob: https://mastodon.eus; worker-src 'self' blob: https://mastodon.eus; connect-src 'self' data: blob: https://mastodon.eus https://mastodon.eus wss://mastodon.eus; script-src 'self' https://mastodon.eus 'wasm-unsafe-eval' 1
base-uri 'self' *; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com bat.bing.com connect.facebook.net s.pinimg.com swb-spree-west.s3.us-west-1.amazonaws.com www.googletagmanager.com static.cloudflareinsights.com cdn.callrail.com js.callrail.com widget.gleamjs.io app.termly.io localhost:3000 *.googleapis.com *.azureedge.net *.southwestboulder.com ws://localhost:3035 localhost:3035 *.stamped.io *.google.com analytics.google.com *.akamai.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' data: googleads.g.doubleclick.net cdn.stamped.io *.gleam.io *.facebook.com *.pinterest.com s.pinimg.com bat.bing.com *.southwestboulder.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com pagead2.googlesyndication.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.stamped.io cdn.stamped.io fonts.googleapis.com; connect-src 'self' www.google-analytics.com *.ingest.sentry.io rum.cronitor.io cdn.callrail.com js.callrail.com *.pinterest.com www.southwestboulder.com www.facebook.com maps.googleapis.com stamped.io beta.southwestboulder.com localhost:3035 ws://localhost:3035 chat.southwestboulder.com app.termly.io pagead2.googlesyndication.com *.doubleclick.net *.google.com; frame-src www.facebook.com www.googletagmanager.com *.youtube.com app.termly.io gleam.io www.southwestboulder.com *.pinterest.com *.google.com beta.southwestboulder.com challenges.cloudflare.com googletagmanager.com localhost:3000 chat.southwestboulder.com *.doubleclick.net tpc.googlesyndication.com; worker-src 'self' 'unsafe-inline' blob: *.southwestboulder.com 1
style-src 'self'; font-src 'self'; frame-src 'none'; script-src 'self'; default-src 'self'; frame-ancestors 'none'; worker-src 'none'; object-src 'none'; connect-src 'none'; media-src 'none'; require-sri-for script style; form-action 'self'; img-src 'self' https://github.com data: 1
img-src 'self' data: https:; default-src 'self' data: *.force.com *.salesforce-sites.com *.salesforceliveagent.com *.salesforce.com *.ionorchard.com *.ionorchard.wearesection.com 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn-akamai.mookie1.com https://geolocation-db.com https://www.instagram.com https://uat.ion-server-staging.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gstatic.com https://staging-web.ionorchard.wearesection.com; form-action 'self'; object-src 'none'; report-to default; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dju.social; img-src 'self' https: data: blob: https://dju.social; style-src 'self' https://dju.social 'nonce-zkKMacsDCu0UVCUA6F6lvA=='; media-src 'self' https: data: https://dju.social; frame-src 'self' https:; manifest-src 'self' https://dju.social; form-action 'self'; child-src 'self' blob: https://dju.social; worker-src 'self' blob: https://dju.social; connect-src 'self' data: blob: https://dju.social https://dju.social wss://dju.social; script-src 'self' https://dju.social 'wasm-unsafe-eval' 1
frame-ancestors https://mmrgrp.com https://mmrgrp.docebosaas.com https://mmru.docebosaas.com https://mmru.mmrgrp.com; 1
frame-ancestors 'self' https://apps.mypurecloud.de https://login.mypurecloud.de 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kirche.social; img-src 'self' https: data: blob: https://kirche.social; style-src 'self' https://kirche.social 'nonce-29pXk7Wtv8bqn/F/nuw28w=='; media-src 'self' https: data: https://kirche.social; frame-src 'self' https:; manifest-src 'self' https://kirche.social; form-action 'self'; child-src 'self' blob: https://kirche.social; worker-src 'self' blob: https://kirche.social; connect-src 'self' data: blob: https://kirche.social https://kirche.social wss://kirche.social; script-src 'self' https://kirche.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 local.harridev.com:9002 localhost.harridev.com:9001; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=5hqjo2piqu4r0&partner=; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-YmYxZHZOcVlwYlJmZytIQkJQdmhvN3VMNGhHMTRGTmFtTkNmZ0E4Nm1NWT06STdZVitiSFRuWVFRd05lbFBJaXF6ZW04c25EYW1HVU8zTGZYMDE1QTlaYz0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://user-images.githubusercontent.com https://collabora.horwood.biz https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: vps01.horwood.biz:3478 wss://owncloud.horwood.biz;media-src 'self' blob:;frame-src prezi.com player.vimeo.com vine.co www.youtube.com 'self' nc: https://collabora.horwood.biz data:;child-src blob: 'self';frame-ancestors 'self' https://collabora.horwood.biz;worker-src blob: 'self';form-action 'self' https://collabora.horwood.biz 1
frame-ancestors 'self' *.tv.grupovisabeira.com https://tv.grupovisabeira.com *.recursoshumanos.grupovisabeira.com https://recursoshumanos.grupovisabeira.com; 1
default-src https: http: data: blob: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://utveckla.re; img-src 'self' https: data: blob: https://utveckla.re; style-src 'self' https://utveckla.re 'nonce-2qwYMiet+tkT8tinPdRLsQ=='; media-src 'self' https: data: https://utveckla.re; frame-src 'self' https:; manifest-src 'self' https://utveckla.re; form-action 'self'; child-src 'self' blob: https://utveckla.re; worker-src 'self' blob: https://utveckla.re; connect-src 'self' data: blob: https://utveckla.re https://utveckla.re wss://utveckla.re; script-src 'self' https://utveckla.re 'wasm-unsafe-eval' 1
default-src 'self' http://* https://*; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' http://* https://* *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' http://* https://* accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://teamup.com https://www.google.com https://tpc.googlesyndication.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com forms.office.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://cdn.app.cfigroup.com https://e.app.cfigroup.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.cdn.mozilla.net https://code.ionicframework.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net https://p.typekit.net http://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com/; media-src 'self' data:; frame-src 'self' https://myrec.smarthub.coop https://player.vimeo.com https://www.youtube.com https://rappahannock.upgrade.guide https://outlook.office365.com https://ws-na.amazon-adsystem.com https://chat.myrec.coop https://www.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://myrec.smarthub.coop; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://acsbapp.com; connect-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://cdn.acsbapp.com https://stats.g.doubleclick.net https://bam.nr-data.net https://accesswidget-log-receiver.acsbapp.com https://acsbapp.com https://chat.myrec.coop https://backend.acsbapp.com; report-uri https://coopwebbuilder.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
child-src 'self'; default-src 'self' https://*.google.com https://*.googleapis.com https://*.stripe.com https://sc-static.net https://tr.snapchat.com; frame-src 'self' https://*.stripe.com https://*.google.com https://consentcdn.cookiebot.com https://*.sj.se https://tr.snapchat.com; worker-src 'self' blob:; connect-src 'self' ws://localhost:* http://localhost:4000/graphql https://*.bestwestern.se/graphql https://*.bestwestern.com https://content.web.bwhhotelgroup.com/stripe-pk.json https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://consentcdn.cookiebot.com https://*.clarity.ms/ https://*.bing.com https://api.maptiler.com https://sc-static.net https://tr.snapchat.com; font-src 'self' data: https://*.typekit.net https://*.gstatic.com; img-src 'self' data: https://*.bestwestern.se https://*.bestwestern.no https://*.bestwestern.dk https://*.gstatic.com https://maps.googleapis.com https://images.ctfassets.net https://*.google.se https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.bing.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.clarity.ms https://api.maptiler.com https://tr.snapchat.com; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'self' https://*.stripe.com https://*.google.com https://*.gstatic.com https://*.bing.com https://*.sj.se https://sc-static.net https://tr.snapchat.com 'sha256-WSl+Du3mm+r58Ry48GRv75iRCOE35yxFCVDQZEdPbH4='; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.googleadservices.com https://connect.facebook.net https://bat.bing.com https://*.clarity.ms https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.stripe.com https://*.cookiebot.com https://*.sj.se https://sc-static.net https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googleapis.com https://*.googletagmanager.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
frame-src 'self' consentcdn.cookiebot.com www.facebook.com gvb.demdex.net www.youtube.com www.google.com newassets.hcaptcha.com form.typeform.com typeform.com www.typeform.com bid.g.doubleclick.net activitymap.adobe.com vars.hotjar.com optimize.google.com gvb.ch gvb-privatversicherungen.ch hausinfo.ch wetteralarm.ch alarmemeteo.ch allarmemeteo.ch *.doubleclick.net *.demdex.net;   child-src blob:;   object-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval' gvbtest.b-cdn.net gvb.b-cdn.net gvba.b-cdn.net consent.cookiebot.com consentcdn.cookiebot.com hcaptcha.com newassets.hcaptcha.com assets.adobedtm.com dpm.demdex.net www.googletagmanager.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com embed.typeform.com activitymap.adobe.com www.youtube.com www.googleoptimize.com static.hotjar.com script.hotjar.com optimize.google.com snap.licdn.com *.fusedeck.net *.demdex.net cm.everesttech.net assets.adobedtm.com 'unsafe-inline';  frame-ancestors 'self' wetterhuette.ch ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https://trustseal.enamad.ir/; img-src 'self' data: *; default-src 'self' 'unsafe-inline' * 1
default-src 'self' google-analytics.com viz.tools.investis.com maps.google.com *.googleapis.com otp.tools.investis.com www.connectidfeed.com s.go-mpulse.net cookiemanager.investisdigital.com code.jquery.com chrome-extension://* cdnjs.cloudflare.com www.google.com qfx.tools.investis.com viz.tools.investis.com/* cdn.jsdelivr.net irs.tools.investis.com; img-src 'self' 'unsafe-inline' * data: www.w3.org cdn.jsdelivr.net irs.tools.investis.com; frame-src 'self' viz.tools.investis.com www.google.com maps.google.com *.googleapis.com www.connectidfeed.com s.go-mpulse.net cookiemanager.investisdigital.com code.jquery.com cdnjs.cloudflare.com qfx.tools.investis.com viz.tools.investis.com/* www.youtube.com otp.tools.investis.com cdn.jsdelivr.net irs.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com viz.tools.investis.com www.google.com maps.google.com *.googleapis.com www.connectidfeed.com assets.investisdigital.com s.go-mpulse.net cookiemanager.investisdigital.com code.jquery.com cdnjs.cloudflare.com qfx.tools.investis.com viz.tools.investis.com/* cdnjs.cloudflare.com cdn.jsdelivr.net irs.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' otp.tools.investis.com www.googletagmanager.com assets.investisdigital.com google-analytics.com www.google-analytics.com viz.tools.investis.com www.google.com maps.google.com *.googleapis.com www.connectidfeed.com s.go-mpulse.net cookiemanager.investisdigital.com code.jquery.com cdnjs.cloudflare.com qfx.tools.investis.com viz.tools.investis.com/* cdn.jsdelivr.net irs.tools.investis.com; connect-src 'self' *.akstat.io *.akamaihd.net viz.tools.investis.com 0217991a.akstat.io c.go-mpulse.net www.google.com maps.google.com *.googleapis.com www.connectidfeed.com s.go-mpulse.net cookiemanager.investisdigital.com code.jquery.com cdnjs.cloudflare.com qfx.tools.investis.com viz.tools.investis.com/* otp.tools.investis.com cookiemanager.investisdigital.com assets.investisdigital.com google-analytics.com www.google-analytics.com cdn.jsdelivr.net irs.tools.investis.com geoid.investisdigital.com; base-uri 'none'; form-action 'self'; 1
style-src 	'self' 'unsafe-inline' https://google.com https://*.google.com https://googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.gstatic.com http://mars.com http://*.mars.com https://mars.com https://*.mars.com https://*.windows.net https://*.jquery.com https://*.onetrust.com https://s3-eu-west-1.amazonaws.com https://*.facebook.net https://d1a19ys8w1wkc1.cloudfront.net ; default-src 'self' 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://googleapis.com https://*.googleapis.com http://mars.com http://*.mars.com https://mars.com https://*.mars.com https://windows.net https://*.windows.net https://jquery.com https://*.jquery.com https://cdn.cookielaw.org https://onetrust.com https://*.onetrust.com https://amazonaws.com https://*.amazonaws.com https://facebook.net https://*.facebook.net https://cloudfront.net https://*.cloudfront.net https://d1a19ys8w1wkc1.cloudfront.net ; script-src 	'self' 'unsafe-eval' 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.com https://google.com https://doubleclick.net https://*.doubleclick.net http://mars.com http://*.mars.com https://mars.com https://*.mars.com https://cdn.cookielaw.org https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://windows.net https://*.windows.net https://jquery.com https://*.jquery.com https://onetrust.com https://*.onetrust.com https://amazonaws.com https://*.amazonaws.com https://facebook.net https://*.facebook.net https://cloudfront.net https://*.cloudfront.net ; img-src 	'self' data: https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://doubleclick.net https://*.google.com https://google.com https://* ; font-src 	'self' https://gstatic.com https://*.gstatic.com https://mars.com https://*.mars.com ; frame-src 	'self' 'unsafe-eval' 'unsafe-inline' https://doubleclick.net https://*.doubleclick.net ; connect-src 'self' 'unsafe-eval' 'unsafe-inline' https://cookielaw.org https://*.cookielaw.org https://google-analytics.com https://*.google-analytics.com https://google.com https://*.google.com https://doubleclick.net https://*.doubleclick.net 1
script-src 'self' 'unsafe-inline' https://*.pantheonsite.io https://*.lillibridge.com https://*.lillibridge.com https://themes.googleusercontent.com https://ir.ventasreit.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.google-analytics.com https://*.arcgis.com https://*.arcgisonline.com https://*.vimeo.com https://*.vimeocdn.com https://*.newrelic.com https://bam.nr-data.net  https://www.googletagmanager.com; object-src 'none'; frame-src https://vtr.maps.arcgis.com https://player.vimeo.com https://*.pantheonsite.io https://*.ventasreit.com; frame-ancestors https://*.pantheonsite.io https://*.ventasreit.com; child-src https://vtr.maps.arcgis.com https://player.vimeo.com https://*.pantheonsite.io https://*.ventasreit.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' http://bim.wienerberger.be/ https://wienerberger.staging.dev.thorbiq.com https://wienerberger.staging.preprod.thorbiq.com 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.shift4api.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com *.shift4api.net *.shift4test.com *.i4go.com *.youtube.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.vanengelen.com *.johnscheepers.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io maps.googleapis.com *.google.com *.gstatic.com *.shift4api.net *.shift4test.com *.i4go.com *.googleapis.com *.google-analytics.com *.constantcontact.com *.ctctcdn.com *.cloudflare.com *.fontawesome.com *.trustedshops.com 'self' 'unsafe-eval' 'sha256-x5wlRmW2PL9g045UWcf7gZYQYBYaADAnikFaiqP4DoI=' 'sha256-9Hm8pVuds+EJ7s+wpyFKy2cSBXl3iQ4qNaUqXo6hxBc=' 'sha256-MJCCy2h2TvZB29kcr47VCeUBU4jOZtkUP+KyDEtyK08=' 'sha256-/PMCWZKtqJzk3S1+HedAlW8N4KXnW6qHfP0aa7/c6SI=' 'sha256-A9A2LY2DOQ+cZoLlX9cf5HigjLFL74LCe25vdawkm+E=' 'sha256-WbbM1qEMIpgn1Vse/YiNsgxblkf2d6KJ+bfiwW+3GvI=' 'sha256-FTaIn1s7JjDWgtrCB2Jn1mqBw3fQPIlvd9sEplckyT8=' 'sha256-/wbAVwICWw+1yyVj4nwjwhVR76CoVjWQu9rSx65PWfQ=' 'sha256-bx1DRWdI9QFxp1lMapJ2sciZCzupGC4UfhUP+PCHEi8=' 'sha256-jcZb/nilkGuSiI7wkH82APP8aoToiiErqjnAxn19tuc=' 'sha256-EYHFoYhOX2arMRAk05cE/RWOCcHDrygB3oSoGfkOQCY=' 'sha256-e6KFuv24l7U/5yRpz0cA25zzUQpTY3SW9ukKcWh/CMI=' 'sha256-LosLJFSGffLT4SscVnfrKn/Gdmw3FpfQrj4kyyXUQ+Y=' 'sha256-TcUB1mzXiQO4GxpTRZ0EMpOXKMU3u+n/q1WrgVIcs1I=' 'sha256-HLJUFDpE8lRQnsd7AAkEJiTMQmzRhjtVhbF546xTT4w=' 'sha256-y/1MfFa++dxZerBwl08bBTra0FXVPWF0k183LGQjss8=' 'sha256-5R3L6HPNzkygXtGT2c02E/ZnH2Bhs/fTkRVRrfN79IU=' 'sha256-erBTvqzHO4Mv8TFLrbZVFwyUcKbuQ1mS5Fb6AIFfcBo=' 'sha256-awxQffQ+p1m1Tchc3qeqEs69nwMBbrK82EDY+BBaJz4=' 'sha256-9N89WMndeXJQQmez3zcXupuWhb0jRtPuHYgRtBa1Cjo=' 'sha256-ep7JvCuuQ4be9Vp9OKtDdwj49sqI8lV+Yx+FUBvq2Jc=' 'sha256-leE4prUyHsDzcA6Biz3f1igabYJIPK4dMreDT+Z52LY=' 'sha256-n8pnJTEfGYgfoiHd5qKgeOKugJXl/g89j411ycbuCAw=' 'sha256-VU3qMY/n6k6QtAvAUUFXij37SvZoFtLCc4tE5wM4F44=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-48sb4Je7XoTlJimO7pm/+fwXo5BBI6oU4Vci+QqK2/I=' 'sha256-kUdIWiatURyAea1bhLxzW5JgJLFcbPA+HewOl2LIM4I=' 'sha256-pctLFcfSaMlv/d7PO3+XSW5DTwweZ+CSNoI9Vpi/SBA=' 'sha256-x1qki0aBh12oPJ8SVwgYGt0R8O4r3w9lo1EZqiHmaOA=' 'sha256-M2Qsjkwv/5Nm3EON+m3T8aAomYjPYoXTgkpnzHJPO+E=' 'sha256-g32oJbUKM5RAl34yxm56fUeE7+e+jomzHQwFY6Nn5OA=' 'sha256-Ashl1NSdjTw80JvPAn2qUH1ey3d1cz5N1JTRi+Ee5y8=' 'sha256-qihyWeWqWO/3ElDzNDeoJ9exazoKkrcPC4aXkk2Kc2E=' 'sha256-9tWi/+N9lX/ZW1/NpynzS3P1FJMKTQGR6N+fTLyfJ6w=' 'sha256-e/mz5B9RDARbUm1NYu5T3O//oNo4xJdwno17NgTuXqw=' 'sha256-xphUFTAmZZm81/LLmmDl3zka55/2Gf75HL0M+5JXrlw=' 'nonce-Za81seLLEAsB-BaC51-2IAAAfAU'; style-src *.adobe.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.constantcontact.com *.google-analytics.com *.cloudflare.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.kitchengardenseeds.com/fl32csp/report/; 1
frame-ancestors 'self' https://manage.wqpmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: data: 'self' style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kanoa.de; img-src 'self' https: data: blob: https://kanoa.de; style-src 'self' https://kanoa.de 'nonce-Gb335OdoSvIAJ0Rq8ZbZbg=='; media-src 'self' https: data: https://kanoa.de; frame-src 'self' https:; manifest-src 'self' https://kanoa.de; form-action 'self'; child-src 'self' blob: https://kanoa.de; worker-src 'self' blob: https://kanoa.de; connect-src 'self' data: blob: https://kanoa.de https://media.kanoa.de wss://kanoa.de; script-src 'self' https://kanoa.de 'wasm-unsafe-eval' 1
default-src 'self' https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://www.paypal.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://www.paypal.com https://fonts.googleapis.com 'unsafe-inline'; img-src * data: blob:; media-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src * 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; frame-ancestors 'self' https://corretraites-prod-renew.ext.ssl-gouv.fr; 1
default-src 'self'; connect-src 'self' https://yourir.info https://www.facebook.com https://track.funnelytics.io https://*.hotjar.com wss://*.hotjar.com https://us-central1-adaptive-growth.cloudfunctions.net https://bat.bing.com https://trc-events.taboola.com https://www.google-analytics.com https://api.productreview.com.au https://tags.srv.stackadapt.com https://stats.g.doubleclick.net https://dsp-ap.eskimi.com https://dsp-trk.eskimi.com https://www.googleadservices.com https://analytics.google.com https://www.google.com.au; form-action 'self' https://connect.facebook.net https://www.facebook.com; img-src 'self' data: https://cdn.unifii.net https://static.dev.unifii.net https://ping.alkhemy.co https://www.facebook.com https://www.google.com.au https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://bat.bing.com https://*.adnxs.com https://pixel.mediaiqdigital.com https://i.ytimg.com https://p.adsymptotic.com http://trc.taboola.com https://cds.taboola.com; media-src 'self' https://cdn.unifii.net  https://static.dev.unifii.net; style-src 'self' 'unsafe-inline' https://yourir.info https://tagmanager.google.com https://embedsocial.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' https://judobank.elmotalent.com.au https://yourir.info https://assets.alkhemy.co https://calltracker.alkhemy.co https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://connect.facebook.net https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://www.googleadservices.com https://cdn.funnelytics.io http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bat.bing.com https://code.jquery.com https://js.adsrvr.org https://acdn.adnxs.com http://cdn.taboola.com https://trc.taboola.com https://tags.srv.stackadapt.com https://tags.crwdcntrl.net https://embedsocial.com https://cdn.productreview.com.au https://tags.srv.stackadapt.com https://googleads.g.doubleclick.net https://dsp-media.eskimi.com https://dsp-trk.eskimi.com; frame-src 'self' https://judobank.elmotalent.com.au https://www.facebook.com https://www.google.com https://www.youtube.com https://*.hotjar.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://embedsocial.com; font-src 'self' data: https://cdn.productreview.com.au 1
frame-ancestors 'self' https://manage.bulktransporter.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' 'unsafe-inline' localhost *.inbhive.com inbhive.com fonts.googleapis.com fonts.gstatic.com dc.services.visualstudio.com *.msecnd.net *.analysis.windows.net app.powerbi.com ; img-src blob: 'unsafe-eval' 'self' localhost *.inbhive.com data: https://renderapi.s3.amazonaws.com/ ; script-src 'self' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://unpkg.com/es-module-shims@1.3.6/dist/es-module-shims.js https://unpkg.com/three@0.141.0/build/three.module.js https://unpkg.com/three@0.141.0/examples/jsm/loaders/GLTFLoader.js 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://fonts.googleapis.com https://fonts.gstatic.com ; connect-src 'self' localhost:* *.inbhive.com ws: wss: dc.services.visualstudio.com https://render.readyplayer.me/render https://d1a370nemizbjq.cloudfront.net/ https://models.readyplayer.me/ blob: ; frame-src 'self' 'unsafe-inline' https://demo.readyplayer.me/ https://app.powerbi.com/ blob: ; report-uri https://api.inbhive.com/v3/diagnostics/content 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https:; frame-ancestors 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://analytics.google.com https://forms.fivision.com https://*.simpli.fi https://trkn.us https://*.segmint.net https://*.rlets.com https://*.facebook.com https://*.googlesyndication.com https://www.googleadservices.com https://loadm.exelator.com https://*.bfmio.com https://*.ad.smaato.net https://*.lijit.com https://*.rlcdn.com https://*.crwdcntrl.net https://fei.pro-market.net https://liqadprdct-capture-prod-east.gannettdigital.com https://*.glia.com https://*.salemove.com https://*.twilio.com wss://*.salemove.com wss://*.twilio.com wss://*.glia.com https://newbritainmortgage.mortgagewebcenter.com  https://snazzymaps.com https://*.onlinebanktours.com https://*.oectours.com wss://*.hotjar.com https://*.youtube-nocookie.com https://images.printable.com https://forms.fivision.co https://*.facebook.net https://bat.bing.com https://abe-embedded-web.s3.amazonaws.com/ https://*.g.doubleclick.net https://td.doubleclick.net https://capture-api.reachlocalservices.com https://app.loanspq.com https://*.formstack.com https://msdfcu.locatorsearch.com https://oac.fmsiportal.com https://campaign.documatix.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com https://*.nativechat.com; frame-ancestors 'self' https://www.youtube.com; 1
default-src 'self' http://public.tableau.com/ https://www.youtube.com/ https://www.onemap.sg/ https://ncss.aichat.site/ https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation https://*.vica.gov.sg/; script-src 'self' blob: https://assets.adobedtm.com https://www.googletagmanager.com  'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cse.google.com code.jquery.com static.addtoany.com *.wogaa.sg va.ecitizen.gov.sg https://public.tableau.com/javascripts/api/viz_v1.js https://ncss.aichat.site https://www.menti.com https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation https://*.vica.gov.sg/ https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com va.ecitizen.gov.sg https://ncss.aichat.site/ https://*.vica.gov.sg/; font-src 'self' fonts.gstatic.com https://assets.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ncss.aichat.site/; img-src 'self' *.gstatic.com https://wogadobeanalytics.sc.omtrdc.net *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com va.ecitizen.gov.sg https://public.tableau.com/ https://www.google.com https://padlet.net/ https://cm.everesttech.net https://dpm.demdex.net/ https://www.menti.com https://www.ncss.gov.sg/ https://*.vica.gov.sg/; media-src 'self' data: blob:; frame-src 'self' https://www.menti.com https://ncss.padlet.org https://www.youtube.com https://www.youtube-nocookie.com https://form.gov.sg https://ncss.aichat.site https://www.onemap.sg https://www.onemap.gov.sg https://public.tableau.com https://padlet.com https://www.gstatic.com/recaptcha https://google.com/recaptcha https://www.google.com/; child-src 'self' https://platform.twitter.com/ https://ncss.aichat.site/ https://form.gov.sg/ https://www.onemap.sg/ https://www.onemap.gov.sg/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://ncss.padlet.org https://public.tableau.com https://wogaa.demdex.net https://www.menti.com https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation; connect-src 'self' accounts.google.com https://va.ecitizen.gov.sg https://snowplow-web.wogaa.sg https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation wss://*.vica.gov.sg/ https://*.vica.gov.sg/; 1
TravkaAPI 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com static-eu.payments-amazon.com cdn.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.behamics.com *.taboola.com glamipixel.com *.b-cdn.net *.dognet.sk *.eckerle.de *.google.de google.de *.app.baqend.com *.recova.ai hirmercesky.sjv.io tracking.s24.com; img-src 'self' data: * *.app.baqend.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.parcellab.com *.hcaptcha.com *.googletagmanager.com *.fitanalytics.com *.behamics.com *.app.baqend.com; font-src 'self' https://themes.googleusercontent.com data: *.gstatic.com *.fitanalytics.com *.app.baqend.com; frame-src 'self' www.google.com book.timify.com/services cdn.lightwidget.com *.usercentrics.eu *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.behamics.com *.adform.net *.eckerle.de *.b-cdn.net *.google.de *.recova.ai google.de hirmercesky.sjv.io; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *.hirmercdn.de hirmercdn.de *.hirmerservice.de *.algolianet.com *.algolia.net *.algolia.io algolia.net maps.googleapis.com www.google.com www.gstatic.com static-eu.payments-amazon.com payments-eu.amazon.com api.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.behamics.com *.taboola.com *.google.de google.de *.eckerle.de *.b-cdn.net *.app.baqend.com *.recova.ai hirmercesky.sjv.io; media-src 'self' *.hirmercdn.de hirmercdn.de hirmer-muenchen.de www.hirmer-muenchen.de 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.at/en/report-uri/enforce 1
upgrade-insecure-requests;frame-ancestors 'self' ; 1
frame-ancestors 'self' https://apotheek.nl 1
frame-ancestors 'self' https://manage.locksmithledger.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-U/H4bwnKG+gM2yOzuwAw+2qi' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' 'nonce-h0Xf+fM9usPE05NXjwU/IAca' *.google.com https://fonts.googleapis.com/css;img-src 'self' https://www.trustmarksolutions.com https://i.vimeocdn.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.linkedin.com *.adsymptotic.com *.bc0a.com *.b0e8.com *.ytimg.com;media-src 'self' dai.google.com;frame-src 'self' https://www.trustmarkins.com *.trustmarkbenefits.com *.pegacloud.net *.doubleclick.net *.google.com *.googlesyndication.com *.vimeo.com *.youtube.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com;connect-src 'self' *.trustmarkbenefits.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com www.googleadservices.com wss://*.visitors.live wss://*.luckyorange.com *.luckyorange.com *.luckyorange.net wss://*.lottiefiles.com *.lottiefiles.com *.lottiefiles.net https://www.google-analytics.com https://public-auth-dot-lucky-orange.appspot-preview.com https://in.visitors.live https://cdn.linkedin.oribi.io;base-uri 'self';child-src *.doubleclick.net *.google.com *.googlesyndication.com;form-action 'self' *.google.com webto.salesforce.com;frame-ancestors 'self' https://www.trustmarkins.com *.trustmarkbenefits-qa.com.bizstreamdev03.com/ *.trustmarkbenefits.com;worker-src blob: www.google.com 1
default-src 'self'; frame-src 'self' accounts.google.com www.youtube-nocookie.com www.loom.com player.vimeo.com; connect-src 'self' api.aysr.io api.revenuehero.io api.askoperator.io cloud.axiom.co vercel.live stream.mux.com inferred.litix.io *.fastly.mux.com *.cfcdn.mux.com; font-src 'self'; img-src 'self' image.mux.com logo.clearbit.com app-data-development.s3.us-east-1.amazonaws.com app-data-development.s3.amazonaws.com app-data-staging.s3.us-east-1.amazonaws.com app-data-staging.s3.amazonaws.com rh-app-data-prod.s3.us-east-1.amazonaws.com rh-app-data-prod.s3.amazonaws.com blob: data: *.aysr.io *.revenuehero.io; media-src 'self' blob: image.mux.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://app-v2a-ch-prod.apps.external.ocp4.porscheinformatik.cloud https://cms.porschebank.com https://www.porschebank.com https://www.flottenmanagement.at https://www.porschebank.at https://www.porschebank.ro https://ro.porschebank.at https://www.porschefinance.hu https://www.porschefinance.hu https://hu.porschebank.at https://www.porschefinance.hu https://www.porschefinance.hu https://www.porschefinance.ro https://www.porschefinance.ro https://www.managementdeflote.ro https://www.porschefinance.ua https://www.porschefinance.ua https://www.porscheleasing.bg https://www.porscheleasing.bg https://www.porsche-movilidad.co https://www.porscheleasing.com.hr https://www.porscheleasing.rs https://www.porscheleasing.si https://www.porscheleasing.si https://www.porschemobiliti.com.hr https://www.porschemobility.at https://www.porsche-mobility.at https://www.porsche-mobility.at https://www.porscheosiguranje.com.hr https://www.porschezastupanje.com.hr https://www.pvwsf.cl https://www.vvd.at; 1
style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com data:; font-src 'self' data: *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.livechatinc.com *.facebook.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: blob: *.facebook.com *.googleadservices.com *.google-analytics.com *.transmart.co.id *.paypal.com *.paypalobjects.com *.googletagmanager.com/ *.gstatic.com https://www.google.com/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://maps.googleapis.com data: https://placehold.co https://allofresh.id *.allofresh.id allofresh.local 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.livechatinc.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline' data: *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.nr-data.net *.google-analytics.com *.livechatinc.com *.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net *.googleapis.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fundacionvodafone.es s.w.org code.createjs.com cdnjs.cloudflare.com *.vodafone.es www.googletagmanager.com code.jquery.com region1.google-analytics.com www.google-analytics.com; frame-ancestors 'self' ;  1
frame-ancestors 'self' *.autoinfo.com.au; 1
worker-src blob:; font-src *.cloudflare.com *.bootstrapcdn.com *.cloudfront.net *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.meetanshi.com *.cloudflare.com *.magentocommerce.com *.paypal.com *.vimeo.com *.youtube.com *.cloudfront.net https://www.google.com *.typekit.net *.doubleclick.net *.d41.co https://d10lpsik1i8c69.cloudfront.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.adobetm.com *.cardinalcommerce.com *.ccdoc02.com *.authorize.net *.paypal.com *.ytimg.com https://www.google.com *.youtube.com *.braintreegateway.com *.signifyd.com *.cloudfront.net *.pricespider.com *.zdassets.com *.callrail.com *.randallreilly.com *.googleadservices.com *.jsdelivr.net *.chimpstatic.com *.d41.co *.braintree-api.com *.bing.com *.facebook.net https://d10lpsik1i8c69.cloudfront.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.mailchimp.com *.cloudfront.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.meetanshi.com *.google-analytics.com https://www.google-analytics.com *.cloudflare.com *.cardinalcommerce.com *.cloudfront.net *.zdassets.com *.callrail.com *.doubleclick.net *.zendesk.com *.d41.co *.braintreegateway.com *.braintree-api.com *.rrsnowplow.com https://settings.luckyorange.net *.googleapis.com https://pubsub.googleapis.com wss://*.visitors.live wss://visitors.live https://api.luckyorange.com https://api-preview.luckyorange.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline'; default-src 'self' blob: data: https://upl01-01.picxpress.com/Upload/UploadFile https://upl01-01.picxpress.com/Upload/GetUID https://upl01-01.picxpress.com/Token https://upl01-02.picxpress.com/Upload/UploadFile https://upl01-02.picxpress.com/Upload/GetUID https://upl01-02.picxpress.com/Token https://upl01-03.picxpress.com/Upload/UploadFile https://upl01-03.picxpress.com/Upload/GetUID https://upl01-03.picxpress.com/Token https://upl01-04.picxpress.com/Upload/UploadFile https://upl01-04.picxpress.com/Upload/GetUID https://upl01-04.picxpress.com/Token 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.theceo.in;block-all-mixed-content; 1
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: ws: wss: 1
default-src * 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' admin.jw.local *.jameswalker.biz jw-cms-uat.hosted.positive.co.uk jw-cms-uat2.hosted.positive.co.uk jw-cms-prod.hosted.positive.co.uk;img-src 'self' data:  admin.jw.local jw.local jw-cms-prod.hosted.positive.co.uk jw-cms-uat.hosted.positive.co.uk jw-cms-uat2.hosted.positive.co.uk jw-prod.hosted.positive.co.uk *.jameswalker.biz jameswalker.biz *.comm100.io *.cookielaw.org *.google-analytics.com *.doubleclick.net embedsocial.com *.careinspectorate.com *.youtube-nocookie.com *.google.com *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.cqc.org.uk *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.comm100vue.com *.comm100.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com *.interactive-img.com;worker-src 'self' blob: *.jameswalker.biz; 1
font-src fonts.gstatic.com *.gstatic.com data: https://api-sogecommerce.societegenerale.eu/static/ https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.fintecture.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.avis-verifies.com ct.pinterest.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.prediggo.net *.prediggo.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com bat.bing.com *.cazabox.com *.youpalo.com *.domotelec.com *.domotelec.fr qerysstockage.blob.core.windows.net https://sdk.privacy-center.org *.scarabresearch.com *.emarsys.net *.facebook.com *.fintecture.com *.google.com *.google.fr *.googlesyndication.com *.google-analytics.com *.analytics.google.com *.kelkoogroup.net img.metaffiliation.com action.metaffiliation.com *.lgw.io *.linkedin.com cl.avis-verifies.com www.netreviews.eu *.tile.openstreetmap.org *.tile.openstreetmap.fr *.pinterest.com *.twitter.com t.co https://sogecommerce.societegenerale.eu/static/latest/images/type-carte/ https://api-sogecommerce.societegenerale.eu/static/ https://sogecommerce.societegenerale.eu/vads-payment/ *.prediggo.net *.prediggo.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ bat.bing.com *.cazabox.com *.youpalo.com *.domotelec.com *.domotelec.fr https://sdk.privacy-center.org *.scarabresearch.com *.emarsys.net connect.facebook.net *.google.com https://www.googletagmanager.com https://polyfill.io s.kk-resources.com action.metaffiliation.com *.lgw.io snap.licdn.com *.linkedin.com cl.avis-verifies.com widgets.rr.skeepers.io js-agent.newrelic.com *.nr-data.net *.pinimg.com *.doubleclick.net *.analytics-helper.com *.smartlook.com *.ads-twitter.com https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.prediggo.net *.prediggo.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googletagmanager.com https://api-sogecommerce.societegenerale.eu/static/ https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.cazabox.com *.youpalo.com *.domotelec.com *.domotelec.fr https://api.privacy-center.org *.scarabresearch.com *.emarsys.net *.facebook.com *.google-analytics.com *.analytics.google.com *.oribi.io *.linkedin.com s.kelkoogroup.net action.metaffiliation.com *.nr-data.net *.pinterest.com *.google.fr *.google.com *.doubleclick.net *.googlesyndication.com *.smartlook.cloud *.analytics-helper.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ *.prediggo.net *.prediggo.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'none'; connect-src 'self' https://*.googleapis.com *.googleapis.com; font-src 'self' https://*.gstatic.com *.gstatic.com; frame-src 'self' https://*.google.com *.google.com; img-src 'self' https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com data:; manifest-src 'self'; script-src 'self' 'nonce-EjzwU2Qo1THtd5iqw9LVf1ib' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.googleapis.com *.googleapis.com 'unsafe-inline'; 1
frame-ancestors 'self' https://sites.google.com https://gotujpohiszpansku.pl https://*.ibericam.com/ fundacjaproaktywni.pl sites.google.com https://sites.google.com/llanosdelhospital.com https://sites.google.com/llanosdelhospital.com/test *.googleusercontent.com www.gstatic.com https://www.llanosdelhospital.com https://hospital-de-benasque-2000-sl.odoo.com/; 1
default-src 'self'; font-src 'self' *; style-src 'unsafe-inline' 'self' *; img-src https://*.googletagmanager.com/* 'self' * blob: data: image; connect-src https://*.intuit.com ws://packsizenow.com wss://packsizenow.com 'self'; script-src 'self' 'nonce-33N21oZe28hpgQ'; 1
default-src 'self';    frame-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.axept.io https://*.wespring.com https://*.googletagmanager.com https://bat.bing.com https://*.gorgias.chat http://*.affilae.com https://*.klaviyo.com https://*.hotjar.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.klaviyo.com;    img-src * blob: data:;    media-src 'self' https://*.cloudinary.com;    connect-src *;    font-src 'self' https://fonts.gstatic.com https://cdn.shopify.com https://res.cloudinary.com https://static.klaviyo.com; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com www.youtube.com youtube.com fonts.googleapis.com fonts.gstatic.com netdna.bootstrapcdn.com ajax.googleapis.com secure.gravatar.com 1
frame-ancestors chat.rockrms.com dakboard.com/ 1
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.criteo.net *.addthisedge.com *.ads-twitter.com  *.infogram.com *.adnxs.com *.optimalworkshop.com *.botrecruiter.com  *.audioboom.com  secure-ds.serving-sys.com  secure.adnxs.com  *.acsbapp.com  acsbap.com  *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com  *.d3fw5vlhllyvee.cloudfront.net *.criteo.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com  prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 1
frame-ancestors 'self' *.wish1075.com *.safeframe.googlesyndication.com upgrade-insecure-requests:; 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://appvizer.one/ariadne/ https://googleads.g.doubleclick.net/  https://www.googleadservices.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net/ https://www.youtube.com/ https://www.googletagmanager.com/ https://s.ytimg.com/ https://e.issuu.com/ https://malsup.github.io/ https://code.jquery.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://vicopo.selfbuild.fr; style-src 'self' data: 'unsafe-inline' https://code.jquery.com https://fonts.googleapis.com/ https://unpkg.com https://pro.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/semantic.min.css https://cdn.datatables.net/1.10.25/css/dataTables.semanticui.min.css ; img-src 'self' data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.googletagmanager.com/ https://www.google.com/pagead/ https://www.google.fr/pagead/ https://www.google.fr/ads/  https://googleads.g.doubleclick.net/pagead/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://*.openstreetmap.fr https://static.teamviewer.com https://blog.macompta.fr; font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://pro.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/; connect-src 'self' data: https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net/g/ https://api.macompta.fr/ https://blog.macompta.fr  https://region1.analytics.google.com/ https://www.google-analytics.com/ https://appvizer.one/ https://cdn.datatables.net; media-src 'self' data: https://js.intercomcdn.com; object-src 'self' data:; frame-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://e.issuu.com/ https://www.googletagmanager.com/ https://www.youtube.com; frame-ancestors 'self' https://pro.macompta.fr/  https://backoffice.macotisation.fr/ https://www.bred.fr/  https://bredfr.recette.local https://bredfr.recette.local:9292; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com thumbor.impstudio.id www.google-analytics.com connect.facebook.net www.gstatic.com stackpath.bootstrapcdn.com www.google.com ajax.googleapis.com cdn.jsdelivr.net maps.googleapis.com cdn.tailwindcss.com unpkg.com gyrocode.github.io;object-src 'self' 1
default-src *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mookie1.com *.amazon-adsystem.com *.facebook.com *.google.com *.google.co.in *.cloudflare.com *.w3.org *.adsrvr.org *.newrelic.com *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.analytics.tiktok.com *.p.teads.tv *.snapchat.com *.pricespider.com *.videoamp.com *.pixel.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.pricespider.com *.googleoptimize.com *.googletagmanager.com *.twitter.com *.facebook.net *.nr-data.net *.ads-twitter.com *.google-analytics.com *.googleadservices.com *.googleanalytics.com *.doubleclick.net *.cloudflare.com *.opendns.com *.adsrvr.org *.newrelic.com *.google.com *.mapbox.com *.serving-sys.com *.igodigital.com *.teads.tv *.videoamp.com *.pixel.tapad.com *.tiktok.com *.abtasty.com *.snapchat.com https://www.youtube.com https://cdn.cookielaw.org https://sc-static.net/scevent.min.js; object-src 'self'; style-src 'self'  'unsafe-inline' *.jsdelivr.net *.pricespider.com *.cloudflare.com *.opendns.com *.newrelic.com *.twitter.com *.nr-data.net *.ads-twitter.com *.google.com *.googleapis.com *.mapbox.com *.abtasty.com; img-src 'self' *.adsrvr.org *.google-analytics.com *.twitter.com *.facebook.com *.google.com *.google.co.in *.googletagmanager.com *.mookie1.com *.amazon-adsystem.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.w3.org data: *.insight.adsrvr.org/track/pxl/ *.sc-static.net *.teads.tv *.pricespider.com *.videoamp.com *.pixel.tapad.com *.snapchat.com *.doubleclick.net *.analytics.yahoo.com *.adnxs.com *.abtasty.com *.adxcel-ec2.com https://di.rlcdn.com https://ad.ipredictive.com https://cdn.cookielaw.org https://dpm.demdex.net/; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.flashtalking.com *.abtasty.com; frame-ancestors 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com; child-src 'self' *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.google.com *.adsrvr.org *.teads.tv *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com blob:; font-src 'self' *.jsdelivr.net *.gstatic.com *.google.com *.pricespider.com *.abtasty.com; connect-src 'self' *.doubleclick.net *.google-analytics.com *.mapbox.com *.nr-data.net *.serving-sys.com *.igodigital.com *.teads.tv *.pricespider.com *.videoamp.com *.pixel.tapad.com *.sc-static.net *.snapchat.com *.onetrust.com *.abtasty.com *.tiktok.com https://cdn.cookielaw.org https://bam.nr-data.net 1
frame-ancestors 'self' https://*.screencloud.com https://*.screen.cloud 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://cdn.jsdelivr.net/npm/search-insights@2.6.0/dist/search-insights.min.js *.hubspotusercontent-eu1.net *.algolia.net *.pusher.com *.googletagmanager.com *.cookiebot.com *.dtc-lease.nl stream.mux.com vercel.live dtc-import.clweb.nl *.b-cdn.net *.vercel.com vercel.com *.facebook.com *.facebook.net *.google-analytics.com *.stape.net stats.g.doubleclick.net *.gstatic.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io wss: wsp23.hotjar.com ws-us3.pusher.com *.googleadservices.com *.hs-scripts.com *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.hsleadflows.net *.hs-analytics.net *.hubapi.com *.hubspot.com tpc.googlesyndication.com *.doubleclick.net *.hsforms.com *.prepr.io *.hs-sites-eu1.com *.cdn.dealertotaalconcept.nl cdn.dealertotaalconcept.nl *.googlesyndication.com https://va.vercel-scripts.com/v1/script.debug.js ws://127.0.0.1:58761 https://*.algolia.io https://tracking.prepr.io/ https://*.algolianet.com https://*.algolia.net *.google.nl *.dt bat.bing.com https://www.clarity.ms; worker-src 'self' blob:; child-src 'self' blob: *.cookiebot.com vercel.live *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.hs-sites-eu1.com dealer.dtc-lease.nl; frame-src 'self' blob: *.cookiebot.com vercel.live *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.hs-sites-eu1.com dealer.dtc-lease.nl; report-uri https://o4505516027412480.ingest.sentry.io/api/4506228804681728/security/?sentry_key=f6e55e18842f4cdb6403025f1bf2429d; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.salesforce-sites.com *.iesnare.com *.typekit.net *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.jsdelivr.net/npm/ https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.pricespider.com *.mapbox.com *.force.com *.salesforceliveagent.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.cookielaw.org *.doubleclick.net *.crazyegg.com *.trackjs.com *.yimg.com *.bing.com *.amazon-adsystem.com *.adsrvr.org unpkg.com *.youtube.com *.googleoptimize.com *.google.co.in *.pinimg.com *.juicer.io *.cloudflare.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.salesforce-sites.com *.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.pricespider.com *.mapbox.com *.force.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.typography.com *.cloudfront.net *.myfonts.net *.juicer.io; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: d3f8e2yx8gxglk.cloudfront.net *.azureedge.net *.typekit.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.gpdigital.biz *.pricespider.com *.bazaarvoice.com https://d3f8e2yx8gxglk.cloudfront.net www.google.com *.yahoo.com *.bing.com *.trackjs.com *.ytimg.com *.googletagmanager.com *.cookielaw.org *.google.co.in *.pinterest.com *.juicer.io juicer.io https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net *.cloudfront.net *.juicer.io; frame-src 'self' *.qpleshq.com *.vimeo.com *.youtube.com *.force.com *.mapbox.com *.bazaarvoice.com *.salesforce.com *.pricespider.com *.google-analytics.com *.amazon-adsystem.com *.adsrvr.org *.facebook.com *.doubleclick.net *.pinterest.com; connect-src 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.bazaarvoice.com *.force.com *.pricespider.com *.mapbox.com *.google-analytics.com wss: *.yimg.com *.crazyegg.com *.sitefinity.com *.trackjs.com *.doubleclick.net *.facebook.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.salesforce-sites.com *.bing.com *.googleoptimize.com *.google.co.in *.pinterest.com *.juicer.io *.google.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; frame-ancestors 'self' *.salesforce.com 1
default-src * 'unsafe-inline' 'unsafe-eval';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.outbrain.com *.taboola.com connect.facebook.net www.googletagmanager.com s.go-mpulse.net snap.licdn.com px.ads.linkedin.com www.google-analytics.com www.facebook.com p.adsymptotic.com c.go-mpulse.net www.youtube.com amplify.outbrain.com s.ytimg.com cdnjs.cloudflare.com www.googleadservices.com maps.googleapis.com bringthemhomenow.net;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.outbrain.com *.taboola.com connect.facebook.net www.googletagmanager.com s.go-mpulse.net snap.licdn.com px.ads.linkedin.com www.google-analytics.com www.facebook.com p.adsymptotic.com c.go-mpulse.net www.youtube.com amplify.outbrain.com s.ytimg.com cdnjs.cloudflare.com www.googleadservices.com maps.googleapis.com googleads.g.doubleclick.net bringthemhomenow.net;  img-src 'self' data: maps.gstatic.com www.google-analytics.com maps.googleapis.com www.facebook.com *.outbrain.com *.taboola.com *.adnxs.com *.linkedin.com; 1
frame-ancestors 'self' https://*.a8silo.com https://a8silo.com 1
default-src https:; font-src data: https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://*.facebook.com https://*.youtube.com https://googleads.g.doubleclick.net https://static.doubleclick.net; style-src * 'unsafe-inline' 1
default-src *.stippensioen.nl; frame-ancestors *; frame-src https://*.stippensioen.nl https://oc-cdn-public-eur.azureedge.net https://www.googletagmanager.com https://www.youtube.com; script-src * 'unsafe-eval'; connect-src 'self' ws https://api.stippensioen.nl https://www.stippensioen.nl https://oc-cdn-public-eur.azureedge.net https://org70515ea7-crm4.omnichannelengagementhub.com https://edge.skype.com https://*.communication.azure.com https://cdn.botframework.com https://pggm-stipp.cxcompany.com https://api.digitalcx.com *.analytics.google.com *.google-analytics.com; style-src https://api.stippensioen.nl https://www.stippensioen.nl https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net 'unsafe-inline'; img-src data: blob: data: 'self' *.analytics.google.com *.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src https://*.stippensioen.nl; 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https: ; img-src 'self' *; style-src 'self' *  'unsafe-inline' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-M/wLd0LcycLncwjVnw2wUw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
upgrade-insecure-requests;        default-src 'self' https: 'unsafe-eval' 'unsafe-inline' s3.walkmeusercontent.com *.walkme.com https://maps.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.walkme.com;       img-src * data: blob: 'unsafe-inline';       object-src *.bootstrapcdn.com;       media-src 'self' sucuri.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zendesk.com https://static.zdassets.com s3.walkmeusercontent.com *.walkme.com https://www.google-analytics.com https://rum-static.pingdom.net sucuri.net cdn.jsdelivr.net cdnjs.cloudflare.com https://player.vimeo.com/api/player.js https://jqueryvalidation.org https://jsfiddle.net https://momentjs.com https://maps.googleapis.com *.googleapis.com https://www.fedex.com https://maps.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googletagmanager.com/gtm.js/ https://*.googletagmanager.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha *.googleapis.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 *.walkme.com;       font-src 'self' 'unsafe-inline' s3.walkmeusercontent.com *.walkme.com fonts.gstatic.com fonts.google.com cdn.jsdelivr.net cdnjs.cloudflare.com https://maps.googleapis.com https://www.telerik.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:;       style-src 'self' 'unsafe-inline' s3.walkmeusercontent.com *.walkme.com fonts.googleapis.com *.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com https://maps.googleapis.com https://maps.google.com https://www.telerik.com;       base-uri 'self';       form-action 'self' 'unsafe-inline' https://export.highcharts.com https://*.billtrust.com;       connect-src 'self' 'unsafe-inline' wss://*.zendesk.com https://*.zendesk.com https://ekr.zdassets.com s3.walkmeusercontent.com *.walkme.com https://*.algolia.net https://*.algolianet.com algoliasearch-lite.umd.js htps://*.algolianet.com https://insights.algolia.io https://rum-collector-2.pingdom.net https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com https://www.telerik.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.google.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 *.googleapis.com https://*.gstatic.com; 1
frame-ancestors 'self'; frame-src *.topofminds.com topofminds.com code.jquery.com *.jsdelivr.net *.cookiebot.com *.googletagmanager.com *.google.com *.linkedin.com *.adform.net *.vimeo.com *.youtube.com *.vimeocdn.com *.akamaized.net *.googleapis.com *.google-analytics.com youtube.com *.youtube.com 1
script-src 'self' https://cdn.jsdelivr.net/ https://telusprensa.redcuba.cu/ https://cdn.iframe.ly https://iframe.ly https://ckeditor.iframe.ly https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://*.instagram.com https://*.youtube.com https://*.vimeo.com https://*.pinterest.com https://analitica.cip.cu 'unsafe-inline' https://telusprensa.redcuba.cu/tracker/telus.min.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/fotorama/4.6.4/fotorama.js; 1
frame-ancestors 'self' https://www.medact.org https://peopleshealthhearing.org https://patientsnotpassports.co.uk https://health4gnd.uk; worker-src 'self' blob: https://stat.medact.org https://www.medact.org; img-src 'self' data: https://*; connect-src 'self' https://stat.medact.org https://www.medact.org https://www.medact.org https://io.medact.org https://cloudflareinsights.com https://pl.medact.org https://maps.googleapis.com; script-src 'self' 'unsafe-inline' https://www.medact.org https://stat.medact.org https://io.medact.org https://patientsnotpassports.co.uk https://health4gnd.uk https://peopleshealthhearing.org https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://s0.wp.com  https://www.mapquestapi.com https://apis.google.com https://maps.googleapis.com 'unsafe-eval' https://pl.medact.org https://mat.medact.org https://civi.medact.org https://cafdonate.cafonline.org 1
frame-ancestors 'self' https://*.nexon.net https://*.nexon.com; 1
default-src https: 'self'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline'; 1
object-src * 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; base-uri 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/debug/ https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com data: https://fonts.gstatic.com; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://widgets.nrel.gov/tada/analytics/ https://www.google-analytics.com https://ssl.google-analytics.com https://public.govdelivery.com 'nonce-ByySWrnyOshvfXFKr92+cQ=='; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://public.govdelivery.com; frame-src 'self' https://www.googletagmanager.com/ https://public.govdelivery.com 1
default-src 'self';connect-src 'self' https://* https://app.getgrasp.com:9081;img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* http://cdn.jsdelivr.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* https://api.addressnow.co.uk http://cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' https://* data: https://api.addressnow.co.uk;frame-src 'self' https://* http://www.youtube.com/ https://www.youtube.com/;frame-ancestors 'self' https://* http://www.youtube.com/ https://www.youtube.com/;font-src 'self' https://* data: 1
frame-ancestors 'self' getrentacar.com cdn.getrentacar.com aeroflot.getrentacar.com ratehawk.getrentacar.com travelpeople.getrentacar.com ppl.travel 1
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 1
default-src 'self' https://secure.gravatar.com https://static.addtoany.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com http://connect.facebook.net https://connect.facebook.net https://www.google.com https://staticxx.facebook.com/ https://www.facebook.com/ https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://difl3vniyrx1b.cloudfront.net https://www.gstatic.com https://www.youtube.com https://learntolivecom.mpeasylink.com https://es.learntolive.com https://estest.learntolive.com https://www.learntolive.com http://www.learntolive.com https://analytics.convertlanguage.com https://fonts.googleapis.com https://fonts.gstatic.com https://resources.learntolive.com https://pi.pardot.com 'unsafe-inline' 'unsafe-eval' data: 1
style-src *.vixverify.com cloud.typography.com *.walkme.com *.rejoiner.com *.datacash.com *.optimizely.com fonts.googleapis.com ajax.aspnetcdn.com hello.myfonts.net 'unsafe-inline' 'self'; script-src http://metrics.mastercard.com https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://itunes.apple.com https://www.googleadservices.com https://sp.analytics.yahoo.com https://s.yimg.com https://cdn.branch.io https://go.affec.tv https://secure.adnxs.com https://cdn.walkme.com https://mastercard.demdex.net https://smetrics.mastercard.com https://rules.quantcount.com *.vixverify.com ipac.ctnsnet.com www.gstatic.com www.google.com secure.quantserve.com  cashpassport.rurl.me *.cfjump.com  *.optimizely.com *.walkme.com *.rejoiner.com *.datacash.com *.auspost.com.au *.omtrdc.net *.demdex.net *.effectivemeasure.net assets.adobedtm.com d3b3ehuo35wzeh.cloudfront.net *.fullstory.com www.googleadservices.com connect.facebook.net app.rejoiner.com pixel.mathtag.com *.taboola.com benchtag.co www.googletagmanager.com *.rfihub.net *.rfihub.com *.serving-sys.com s3.amazonaws.com tinymce.cachefly.net ajax.googleapis.com www.google-analytics.com ajax.aspnetcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; img-src https://www.mastercard.us https://cdn.cookielaw.org/ https://dpm.demdex.net https://www.google.co.in  https://sp.analytics.yahoo.com/ https://smetrics.mastercard.com *.vixverify.com pixel.quantserve.com *.optimizely.com *.walkme.com *.rejoiner.com *.datacash.com australiapost.122.2o7.net s.effectivemeasure.net *.auspost.com.au *.facebook.com load.s3.amazonaws.com *.openx.net *.bluekai.com *.adnxs.com *.exelator.com *.casalemedia.com *.pubmatic.com *.360yield.com *.btrll.com *.twitter.com *.mathtag.com *.taboola.com *.g.doubleclick.net app.rejoiner.com www.google.com www.google.com.au www.googleadservices.com www.gravatar.com www.google-analytics.com 'self' data:; font-src *.vixverify.com *.optimizely.com *.walkme.com *.optimizely.com *.rejoiner.com *.datacash.com fonts.gstatic.com 'self' data:; default-src https://privacyportal.onetrust.com/ https://geolocation.onetrust.com http://metrics.mastercard.com %0d%0ahttps://www.onetrust.com%0d%0ahttps://onetrust.com%0d%0ahttps://smetrics.mastercard.com https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://s.yimg.com https://www.google-analytics.com https://ssl.o.auspost.com.au https://mastercard.tt.omtrdc.net/m2/mastercard/mbox/json https://mastercard.demdex.net https://dpm.demdex.net https://australiapost.tt.omtrdc.net *.vixverify.com *.optimizely.com 'self';%0d%0a 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com *.anyclip.com blob: ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net localhost wss://*.wbx2.com https://*.wbx2.com *.wbx2.com wss://*.wbx.com *.webex.com *.code.s4d.io *.ciscospark.com *.webexcontent.com *.giphy.com https://*.clouddrive.com wss://*.ciscospark.com code.s4d.io *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com *.anyclip.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.google.com *.google.de *.googlesyndication.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.webexcontent.com code.s4d.io 'unsafe-inline' https://code.s4d.io *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.adition.com *.adfarm1.adition.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.anyclip.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.anyclip.com ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.adition.com *.adfarm1.adition.com *.webexcontent.com code.s4d.io 'unsafe-inline' https://code.s4d.io *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.anyclip.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.webexcontent.com code.s4d.io 'unsafe-inline' https://code.s4d.io *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.anyclip.com ; 1
frame-ancestors 'self' http://my.conning http://portaluat.net.conning.com https://my.conning.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.conning.com www.googletagmanager.com tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ *.google-analytics.com *.analytics.google.com app-ab20.marketo.com munchkin.marketo.net snap.licdn.com pixel.mathtag.com https://cdn.jsdelivr.net https://www.bugherd.com https://fast.wistia.com https://cdn.cookielaw.org; frame-src 'self' https://www.google.com/recaptcha/ https://app-ab20.marketo.com/ https://pixel.mathtag.com/ https://players.brightcove.net/ https://app.powerbi.com https://go.conning.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.wpenginepowered.com *.wpengine.com *.google-analytics.com *.gravatar.default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.wpengine.com *.google-analytics.com *.gravatar.com *.twimg.com *.jsdelivr.net *.youtube.com *.google.com *.googletagmanager.com *.yt.com *.vimeo.com *.cfmaeroengines.com; object-src 'none'; frame-ancestors 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.friedrichsdorf.de https://www.google.com https://www.gstatic.com https://votemanager-da.ekom21cdn.de 1
default-src  'self' 'unsafe-inline'; font-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://*.sirv.com https://fonts.gstatic.com/ data: 'self'; child-src https://*.mouseflow.com 'self'; connect-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://*.ingest.sentry.io/ https://*.hotjar.com https://*.hotjar.io https://console.autochat.ai/ wss://*.hotjar.com https://cdn.linkedin.oribi.io/ https://region1.google-analytics.com https://ct.pinterest.com/ https://region1.google-analytics.com/  https://*.sirv.com https://c200.a-point.nl https://maps.googleapis.com/ https://api.salesfeed.com https://a-point.blueconic.net https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://www.a-point.nl https://api.salesfeed.com/ https://www.google-analytics.com https://*.analytics.google.com https://a-point.gxcloud.net/ https://www.a-point.com https://a-point.blueconic.net/ 'self'; frame-src https://*.mouseflow.com https://ct.pinterest.com/ https://c200.a-point.nl https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://t.svtrd.com/ https://vars.hotjar.com/ https://consentcdn.cookiebot.com/ https://www.plan-it-online.nl/ https://www.youtube.com/ 'self'; frame-ancestors  'self'; img-src https://*.mouseflow.com https://autochat.s3.eu-west-2.amazonaws.com/ https://www.googletagmanager.com/ https://ct.pinterest.com/ https://region1.google-analytics.com/ https://*.sirv.com https://c200.a-point.nl https://www.linkedin.com/ https://www.facebook.com/ https://www.google.com https://www.google.nl https://px.ads.linkedin.com/ https://www.google-analytics.com https://maps.gstatic.com/ https://maps.googleapis.com/ blob: 'self' data:; media-src https://download-video.akamaized.net/ https://player.vimeo.com 'self'; object-src  'self'; script-src https://*.mouseflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://c200.a-point.nl/ https://*.sirv.com https://fonts.googleapis.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src *;img-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; frame-src * blob: data:; 1
default-src 'self' https:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline'; font-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; connect-src 'self' blob: https: https://api.ipify.org; media-src 'self' blob: https:; object-src 'none'; worker-src blob:; child-src blob:; frame-src 'self' https:; frame-ancestors 'self' https: 1
default-src 'self' data: 'unsafe-inline' paritaetnrwdev.matomo.cloud; frame-src 'self' www.youtube-nocookie.com player.vimeo.com www.manual.paritaet-nrw.dev; font-src 'self'; img-src 'self' data: 'unsafe-inline' paritaetnrwdev.matomo.cloud; object-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn.matomo.cloud; style-src 'self' data: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-Rrk2NyP++UbA7S35B6mJVQ=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://dads.cool; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self' 'unsafe-inline' *.adform.net *.adsrvr.org *.adspirit.de *.bing.com *.clickdimensions.com *.cookiefirst.com *.corussoft.de iba-tradefair.com *.iba-tradefair.com *.doubleclick.net *.event-cloud.com *.facebook.com *.facebook.net *.google.com *.google.de *.google.cz *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com id5-sync.com *.instagram.com *.licdn.com *.linkedin.com myconvento.com *.myconvento.com *.outbrain.com *.oribi.io *.pinterest.com *.vimeo.com *.sascdn.com s3-eu-central-1.amazonaws.com s3-eu-west-1.amazonaws.com *.siteground.com *.smartadserver.com *.twitter.com *.youtube.com *.youtube-nocookie.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.adform.net *.adsrvr.org *.adspirit.de *.bing.com *.clickdimensions.com *.cookiefirst.com *.corussoft.de iba-tradefair.com *.iba-tradefair.com *.doubleclick.net *.event-cloud.com *.facebook.com *.facebook.net *.google.com *.google.de *.google.cz *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com id5-sync.com *.instagram.com *.licdn.com *.linkedin.com myconvento.com *.myconvento.com *.outbrain.com *.oribi.io *.pinimg.com *.vimeo.com *.sascdn.com s3-eu-central-1.amazonaws.com s3-eu-west-1.amazonaws.com *.siteground.com *.smartadserver.com *.twitter.com *.youtube.com *.youtube-nocookie.com; media-src 'self' *.corussoft.de iba-tradefair.com *.iba-tradefair.com *.event-cloud.com *.vimeo.com *.youtube-nocookie.com; font-src 'self' data: *.adform.net *.adsrvr.org *.clickdimensions.com *.cookiefirst.com *.corussoft.de iba-tradefair.com *.iba-tradefair.com *.event-cloud.com *.siteground.com; object-src 'none'; img-src 'self' data: *  1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' *.sleeknote.com https://www.google.com https://www.youtube.com; worker-src blob: 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://allthingstech.social; img-src 'self' https: data: blob: https://allthingstech.social; style-src 'self' https://allthingstech.social 'nonce-kngg0I4P8AZZ+UCkCYlLAw=='; media-src 'self' https: data: https://allthingstech.social; frame-src 'self' https:; manifest-src 'self' https://allthingstech.social; form-action 'self'; child-src 'self' blob: https://allthingstech.social; worker-src 'self' blob: https://allthingstech.social; connect-src 'self' data: blob: https://allthingstech.social https://cdn.masto.host wss://allthingstech.social; script-src 'self' https://allthingstech.social 'wasm-unsafe-eval' 1
form-action https: 'self'; script-src https: 'self' unsafe-eval *.vimeo.com; script-src-elem https: 'self' 'unsafe-inline' *.vimeo.com *.youtube.com *.mailplus.nl *.googletagmanager.com; font-src https: 'self' data: *.gstatic.com; frame-src https: 'self' *.kpserver.io *.spotify.com *.topsectorenergie-visuals.nl *.youtube.com *.vimeo.com; connect-src 'self' vimeo.com *.google.com *.google-analytics.com wss://ws.hotjar.com *.hotjar.io *.leadinfo.net *.leadinfo.com; img-src https: 'self' *.vimeocdn.com *.youtube.com *.google.nl; style-src https: 'self' 'unsafe-inline' *.mailplus.nl; default-src 'none' 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'none'; 1
frame-ancestors https://www.google.com https://mfinanse.pl https://vars.hotjar.com ; block-all-mixed-content;  default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/Scripts/widget.min.js https://consent.cookiebot.com/Scripts/widgetIcon.min.js https://consent.cookiebot.com/logconsent.ashx https://consent.cookiebot.com/111f5663-b98b-4eec-86b7-a60d1f578d53/cc.js https://consentcdn.cookiebot.com/consentconfig/111f5663-b98b-4eec-86b7-a60d1f578d53/state.js https://consent.cookiebot.com/uc.js https://kalkulator-hipoteczny.online/js/app.js https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://m.youtube.com https://skk.erecruiter.pl https://www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' translate.googleapis.com *.google.com skk.erecruiter.pl fonts.googleapis.com www.gstatic.com; object-src *.googlesyndication.com; frame-src consentcdn.cookiebot.com vars.hotjar.com *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.youtube.com www.youtube-nocookie.com www.googletagmanager.com m.me maps.google.com maps.googleapis.com; child-src blob: *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.hotjar.com *.googlesyndication.com www.youtube.com www.googletagmanager.com; img-src 'self' data: blob: *.facebook.com *.facebook.net *.fbcdn.net script.hotjar.com translate.google.com translate.googleapis.com www.gstatic.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.ytimg.com *.youtube.com www.googletagmanager.com *.google.com.mx www.google.pl google.pl  static.mfinanse.pl maps.googleapis.com s3.eu-central-1.amazonaws.com maps.gstatic.com *.googleapis.com maps.google.com *.ggpht.com fonts.gstatic.com; font-src 'self' data: script.hotjar.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' consentcdn.cookiebot.com https://consentcdn.cookiebot.com/consentconfig/111f5663-b98b-4eec-86b7-a60d1f578d53/settings.json https://consentcdn.cookiebot.com/widgetcontent/111f5663-b98b-4eec-86b7-a60d1f578d53/widgetcontent_pl.json api.calculator.speedfin.pl api.calculator.zaufanyposrednik.pl *.facebook.com connect.facebook.net *.hotjar.com wss://*.hotjar.com *.hotjar.io translate.googleapis.com translate.google.com www.gstatic.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.google.com fonts.googleapis.com fonts.gstatic.com; manifest-src mfinanse.pl; base-uri 'self'; form-action *.facebook.com connect.facebook.net *.google.com mfinanse.pl; media-src data: dai.google.com;  worker-src blob: www.google.com; report-uri https://62bc87e55a9e55900da78780.endpoint.csper.io/?v=2; 1
default-src 'self' https://uploads-ssl.webflow.com; script-src 'self' 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm' 'strict-dynamic' '' ; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; img-src 'self' blob: data: 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm' https://uploads-ssl.webflow.com; font-src 'self' 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm'; frame-src https://www.youtube.com https://www.youtube-nocookie.com 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm'; object-src 'none'; base-uri 'self' 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm'; form-action 'self' 'nonce-OGM0MmU2NTItMzlhYS00YjFlLTk2OGMtMTMzNjcyM2FiODdm'; frame-ancestors 'none' ; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://www.formica.ai; 1
default-src 'self'  https://*.narkasa.com wss://*.narkasa.com 'unsafe-inline'; script-src 'self' https://www.google-analytics.com https://static.zdassets.com https://ekr.zdassets.com https://narkasa.zendesk.com wss://narkasa.zendesk.com wss://*.zopim.com  https://mc.yandex.ru https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://static.zdassets.com https://ekr.zdassets.com https://narkasa.zendesk.com wss://narkasa.zendesk.com wss://*.zopim.com https://monitor.geetest.com https://api.geetest.com https://static.geetest.com https://bakapi.gtapp.xyz 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.geetest.com; connect-src 'self' https://*.narkasa.com wss://*.narkasa.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://static.zdassets.com https://ekr.zdassets.com https://narkasa.zendesk.com wss://narkasa.zendesk.com wss://*.zopim.com; font-src 'self'; frame-src 'self' https://www.google.com https://www.youtube.com; object-src 'none' 1
default-src *; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' * 'self'; 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src * blob: data: https://thumbor-api.gynzy.com; connect-src 'self' blob: https://*.gynzy.com wss://*.gynzy.com https://tools.gynzykids.com https://*.bugsnag.com https://*.google.com; frame-ancestors https://*.gynzy.com; form-action 'none'; frame-src https://puzzles.gynzykids.com; manifest-src 'self'; media-src * blob: data:; report-uri https://event-publisher-api.gynzy.com/reporting-api/main; report-to main-endpoint 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-eOYPZpAGj-HfAPKVxRV--w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-Qi9BRkYrTHpWSUNLdzVwZ1lxUkg3enhFL0p6cTNrTEN6ZjNZQlpWQkgxST06VjZsT1lNbUVPYkxacHRFcE1jWjFnd2h6anN1UHJpNmp1NnkvVE45cVdtYz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self' data:;child-src 'self';frame-ancestors 'self';form-action 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://frontrange.co; img-src 'self' https: data: blob: https://frontrange.co; style-src 'self' https://frontrange.co 'nonce-4ols27d855cwfO9pZmtdkA=='; media-src 'self' https: data: https://frontrange.co; frame-src 'self' https:; manifest-src 'self' https://frontrange.co; form-action 'self'; child-src 'self' blob: https://frontrange.co; worker-src 'self' blob: https://frontrange.co; connect-src 'self' data: blob: https://frontrange.co https://files.frontrange.co wss://frontrange.co; script-src 'self' https://frontrange.co 'wasm-unsafe-eval' 1
default-src 'self';frame-ancestors 'self'; form-action 'none' 1
frame-ancestors https://admin.leopardstown.com https://www.leopardstown.com 1
default-src 'self' app.safello.com safello.com;object-src 'self' safello.com;script-src 'self' 'unsafe-inline' safello.com app.safello.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com docs.google.com docs.google.com widget.trustpilot.com app.intercom.io widget.intercom.io js.intercomcdn.com;connect-src 'self' app.safello.com widget.trustpilot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com api.blockchair.com node.algoexplorerapi.io pingpayments.com;child-src share.intercom.io intercom-sheets.com www.intercom-reporting.com widget.trustpilot.com www.youtube.com player.vimeo.com *.typeform.com fast.wistia.net api.blockchair.com node.algoexplorerapi.io;img-src 'self' blob: data: safello.com widget.trustpilot.com *.google-analytics.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.googletagmanager.com mb.cision.com api.blockchair.com node.algoexplorerapi.io;style-src 'self' 'unsafe-inline' safello.com;frame-src 'self' app.safello.com docs.google.com widget.trustpilot.com www.youtube.com player.vimeo.com *.typeform.com pingpayments.com;font-src 'self' js.intercomcdn.com www.googletagmanager.com;frame-ancestors 'self' safello.com *.safello.com;form-action safello.com intercom.help api-iam.intercom.io; media-src js.intercomcdn.com 'self' app.safello.com; base-uri 'none'; 1
default-src 'self' data: *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; connect-src 'self' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net; frame-src 'self' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com;style-src 'self' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; font-src 'self' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; frame-ancestors 'self' *.cookiebot.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; 1
connect-src 'unsafe-inline' https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://sihot.com 1
frame-ancestors www.daytonmetrolibrary.org *.www.daytonmetrolibrary.org daytonmetrolibrary.org *.daytonmetrolibrary.org dayton.bibliocms.com *.dayton.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.daytonmetrolibrary.org *.www.daytonmetrolibrary.org daytonmetrolibrary.org *.daytonmetrolibrary.org dayton.bibliocms.com *.dayton.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'none'; connect-src 'self'; font-src 'self' https://themes.googleusercontent.com; frame-src https://platform.twitter.com https://syndication.twitter.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://s1795.t.eloqua.com https://smtrcs.redhat.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.syndication.twimg.com https://img.en25.com https://platform.twitter.com https://secure.eloqua.com https://secure.p01.eloqua.com https://static.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com 1
default-src 'self' https://www.consoleconnect.com  https://player.vimeo.com https://play.vidyard.com/ https://*.nitrocdn.com/ https://nitropack.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/  https://play.vidyard.com/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://trk.techtarget.com/ https://snap.licdn.com/ https://d2oh4tlt9mrke9.cloudfront.net/ https://cdn.jsdelivr.net/ https://*.outbrain.com/ https://js.usemessages.com/ https://*.hs-scripts.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.google.co.in/  https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://www.googleadservices.com/ https://*.google.com/ https://fast.wistia.com/ https://cdn.mxpnl.com/ https://*.helpscout.net/ https://js.hsleadflows.net/ https://www.clickcease.com/ https://cse.expertrec.com/  https://www.gstatic.com/ https://unpkg.com/ https://static.zdassets.com/ https://nitropack.io/ https://*.nitrocdn.com/ https://unpkg.com/ https://assets.freshsales.io/ https://webform.freshsales.io/ https://dev.visualwebsiteoptimizer.com/ https://www.clarity.ms/ https://secure.venture365office.com/ https://ams.wpml.org/ https://www.google.co.uk/ https://nitroscripts.com/ https://js.hubspot.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://fonts.bunny.net/ https://use.fontawesome.com/ https://cdn-images.mailchimp.com/ https://*.nitrocdn.com/ https://webnus.net/ https://code.ionicframework.com/ https://*.cloudfront.net/ https://ams.wpml.org/; img-src 'self' data: https://www.consoleconnect.com/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://consoleconnect.com/ https://forms.hsforms.com/ https://tr.outbrain.com/ https://secure.gravatar.com/ https://apt.techtarget.com/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net https://www.google.co.in/ https://www.google.com/ https://www.google-analytics.com/ https://forms.hubspot.com/ https://track.hubspot.com/ https://www.googletagmanager.com/ http://themenectar.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://*.linkedin.com/ https://p.adsymptotic.com/ https://i.vimeocdn.com/ https://*.w.org/ https://www.webdesi9.com/ http://*.hubspot.net/ https://wp-rocket.me/ https://s3.envato.com/ https://resources.spacexchimp.com/ https://embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com/ https://fast.wistia.com/ https://www.spacexchimp.com/ https://ws.sessioncam.com/ https://3076203.fs1.hubspotusercontent-na1.net/ https://www.wpmart.org/ https://blog.depositphotos.com/ https://wpmudev.com/ https://premium.wpmudev.org/ https://1025290.smushcdn.com/ https://*.smushcdn.com/ blob: https://www.consoleconnect.com/ https://*.cloudfront.net/ https://*.consoleconnect.com/ https://forms-na1.hsforms.com/ https://embed-ssl.wistia.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ http://img.flippercode.com/ https://*.googleapis.com/ https://*.ggpht.com/ https://*.nitrocdn.com/ https://webnus.net/ https://dev.visualwebsiteoptimizer.com/ https://c.clarity.ms/ https://c.bing.com/ https://*.google-analytics.com/ https://*.hsforms.com/; font-src 'self'  https://cdn.rawgit.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: https://cdn.jsdelivr.net/ https://gcs.raspi0124.dev/ https://wp-rocket.me/ https://cdnjs.cloudflare.com/ https://fonts.bunny.net/ https://use.fontawesome.com/ https://fast.wistia.com/ https://*.nitrocdn.com/ https://code.ionicframework.com/ https://*.cloudfront.net/ https://assets.freshsales.io/; connect-src 'self' https://maps.googleapis.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://api.hubspot.com/ https://ws.sessioncam.com/ https://forms.hubspot.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://forms.hsforms.com/ https://yoast.com/ https://resources.spacexchimp.com/ https://distillery.wistia.com/ https://pipedream.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://*.cloudfront.net/ https://*.helpscout.net/ https://embed-fastly.wistia.com/ https://exceptions.hubspot.com/ https://demo.tcsesoft.com/ https://wpmudev.com/ https://cdn.linkedin.oribi.io/ https://ibc-flow.techtarget.com/ https://*.expertrec.com/ https://*.lottiefiles.com/ https://fast.wistia.com/ https://ekr.zdassets.com/ https://*.nitrocdn.com/ https://nitropack.zendesk.com/ https://nitropack.io/ https://to.getnitropack.com/ https://js.hsforms.net/ https://webnus.freshsales.io/ https://ams.wpml.org/ https://tr.outbrain.com/ https://w.clarity.ms/ https://idx.liadm.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://px.ads.linkedin.com/ https://*.hubspot.com/; media-src 'self' https://fast.wistia.net/ https://*.helpscout.net/; frame-src 'self' data: *.vidyard.com https://forms.hsforms.com/ https://app.hubspot.com/ https://platform.twitter.com/ https://www.facebook.com/ https://player.vimeo.com/ https://www.useloom.com/ https://wp-rocket.me/ https://www.loom.com/ https://www.google.com/ https://static.hsappstatic.net/ https://www.consoleconnect.com/ https://www.youtube.com/ https://forms.hubspot.com/ https://wp.freemius.com/ https://*.nitrocdn.com/; frame-ancestors 'self' https://info.consoleconnect.com/ https://stgpccwglobal.zinfi.net/ https://partnerconnect.app.consoleconnect.com/; 1
default-src 'unsafe-inline' 'unsafe-eval' https://www.youtube-nocookie.com https://www.youtube.com;     script-src 'unsafe-inline' 'unsafe-eval' https://www.asyl.net https://www.youtube.com/ https://piwik.asyl.net; font-src 'self'; style-src 'unsafe-inline' https://www.asyl.net; img-src 'self' https://www.asyl.net; connect-src https://www.asyl.net https://piwik.asyl.net 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://js.stripe.com https://app.posthog.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.iicj.net https://region1.google-analytics.com https://authjs.dev; media-src 'none'; frame-src https://js.stripe.com; font-src 'self'; connect-src 'self' https://region1.google-analytics.com https://app.posthog.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-jcHILxpqWfhC6YYPMpClcWmhYsEK6Jm8pJ9FIlizveAqB+Iw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src 'self' *.obos.no *.snapchat.com *.apicdn.sanity.io *.api.sanity.io *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org wss://*.hotjar.com https://*.amplitude.com https://*.googlesyndication.com https://*.clarity.ms https://*.sentry.io https://*.google.no https://*.bing.com https://youtube.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/ https://surveystats.hotjar.io https://cookies-data.onetrust.io/bannersdk/ https://www.facebook.com/tr dc.services.visualstudio.com *.obos.se *.linkedin.com https://ct.pinterest.com *.triggerbee.com; frame-src 'self' www.youtube.com https://vars.hotjar.com https://*.snapchat.com *.doubleclick.net https://ct.pinterest.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; font-src 'self' script.hotjar.com https://fonts.gstatic.com https://*.triggerbee.com; img-src 'self' 'unsafe-inline' data: blob: *.obos.no *.doubleclick.net *.google-analytics.com *.hotjar.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org res.cloudinary.com www.googletagmanager.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.adnxs.com https://*.mookie1.com https://*.facebook.com https://*.linkedin.com https://*.snapchat.com https://*.episerver.net https://*.bing.com https://www.google.no https://optanon.blob.core.windows.net *.obos.se https://*.casalemedia.com https://*.t.eloqua.com https://*.bing.com https://ct.pinterest.com https://ads.stickyadstv.com https://rtb-csync.smartadserver.com https://synchroscript.deliveryengine.adswizz.com https://pr-bh.ybp.yahoo.com https://ad.sxp.smartclip.net https://cm.adform.net https://simage2.pubmatic.com https://pixel.rubiconproject.com https://ad.360yield.com https://sync.search.spotxchange.com https://match.adsby.bidtheatre.com https://match.adsrvr.org https://match.prod.bidr.io https://*.triggerbee.com; media-src 'self' blob: res.cloudinary.com *.gobistories.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.obos.no *.doubleclick.net *.youtube.com *.googletagmanager.com *.gstatic.com static.hotjar.com *.analytics.google.com https://*.google-analytics.com https://*.clarity.ms https://*.episerver.net https://*.adnxs.com https://*.amplitude.com https://*.snapchat.com https://cdn.cookielaw.org https://script.hotjar.com https://cdn.mookie1.com/ https://connect.facebook.net https://siteimproveanalytics.com https://snap.licdn.com https://sc-static.net/ https://bat.bing.com https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.7.1/dist/index.js *.obos.se t.myvisitors.se adsby.bidtheatre.com https://s.pinimg.com https://img06.en25.com https://assets.strossle.com https://*.t.eloqua.com https://pixels.lemonpi.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; 1
frame-ancestors https:; report-uri https://api.jeurissen.co/reports/csp/playxylo.com; report-to csp-endpoint 1
frame-ancestors 'self' https://training.simons-voss.com 1
frame-ancestors 'none'; img-src 'self' data:; default-src 'self'; script-src 'self' 'wasm-unsafe-eval' blob:; base-uri 'self'; connect-src 'self' https: wss://*; style-src 'self' 'sha256-0ToNEl+FyDGmNiSGfBrDBfSxaDrkGgxG4WrkbTJQuy8='; block-all-mixed-content; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-mbe26rT7RCr1GLA/VzhyQs/0/Am5zaEghOOTVK7br0w1CduU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.sexcamly.net:9080 www.sexcamly.net:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.sexcamly.net wss://www.sexcamly.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705977751 1
upgrade-insecure-requests;default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://our.umbraco.com;font-src 'self' https://*.telerik.com data:;frame-ancestors 'self' https://www.google.com;frame-src 'self' https://marketplace.umbraco.com https://www.google.com;img-src 'self' https://code.jquery.com https://www.gravatar.com https://*.umbraco.com https://www.google-analytics.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://code.jquery.com https://ajax.aspnetcdn.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.seaportglobal.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://*.telerik.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com *.gstatic.com www.gstatic.com https://fs4.formsite.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' img.youtube.com i.ytimg.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; frame-src 'self' www.youtube.com www.google.com www.youtube-nocookie.com  https://fs4.formsite.com; connect-src 'self' www.google-analytics.com; 1
upgrade-insecure-requests;style-src 'self' 'nonce-9UrDzSnA6TBXpxR';font-src 'self';script-src 'self' 'nonce-9UrDzSnA6TBXpxR' ;connect-src 'self' https://iscute.moe wss://iscute.moe;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
connect-src 'self' services.google.com https://preview.contentful.com www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com; default-src 'self'; font-src 'self'; frame-src www.youtube.com https://embed.music.apple.com/ https://embed.podcasts.apple.com/ https://open.spotify.com/ content.googleapis.com accounts.google.com; img-src 'self' https://lh3.googleusercontent.com https://images.ctfassets.net https://www.google.com data: https://i.ytimg.com https://is2-ssl.mzstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect *.google-analytics.com *.googletagmanager.com *.analytics.google.com; media-src https://kstatic.googleusercontent.com https://videos.ctfassets.net/; script-src 'self' 'unsafe-inline' www.youtube.com https://open.spotify.com/ https://open.spotifycdn.com www.gstatic.com apis.google.com https://www.googletagmanager.com https://www.gstatic.com/brandstudio/kato/google_tag_manager_component/google_tag_manager_component.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js *.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
frame-ancestors 'self' *.alamode.com *.certmail.com; 1
default-src 'self'; script-src https://*.go-mpulse.net 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com app-script.monsido.com heatmaps.monsido.com extend.vimeocdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src https://*.akstat.io 'self' data: www.google-analytics.com www.googletagmanager.com www.gstatic.com tracking.monsido.com asos-12954-s3.s3.eu-west-2.amazonaws.com; font-src 'self' fonts.gstatic.com; connect-src https://*.go-mpulse.net https://*.akstat.io 'self' stats.g.doubleclick.net www.google-analytics.com consentcdn.cookiebot.com heatmaps.monsido.com; media-src 'self' player.vimeo.com vod-progressive.akamaized.net; object-src 'none'; frame-src 'self' consentcdn.cookiebot.com ir.design-portfolio.co.uk opensupplyhub.org; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://designportfolio.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://digestpublishing.com https://dailyprofitcycle.com https://resourcestockdigest.com 1
script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com;  img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;  connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com;  object-src 'none';  frame-src https://hcaptcha.com https://*.hcaptcha.com;  style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-paEr7iQVsYOqstHBiXYUWg=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; form-action 'self'; connect-src 'self' data: blob: https: https: wss://gameliberty.club; script-src 'self' https:; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
default-src 'self'; base-uri 'self'; img-src 'self' data: i.kiserai.net www.magelocdn.com rift.dc.magelocdn.com licensebuttons.net i.creativecommons.org; frame-src youtube.com www.youtube.com; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com; script-src 'report-sample' 'self' ajax.cloudflare.com static.cloudflareinsights.com www.magelocdn.com rift.magelo.com; form-action 'self'; object-src 'none'; style-src 'report-sample' 'self' www.magelocdn.com 'unsafe-inline'; connect-src cloudflareinsights.com; 1
frame-ancestors 'self' https://*.vimeo.com https://*.dropbox.com https://*.ec2software.com https://*.ec2softwareservices.com https://*ec2clouds.com;upgrade-insecure-requests; 1
default-src 'self' content.novabase.com data:; object-src 'self' content.novabase.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; form-action 'self'; script-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com htmx.org www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com region1.analytics.google.com; frame-ancestors 'self' https://www.novabase.com; img-src 'self'  data: content.novabase.com www.googletagmanager.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' content.novabase.com https://region1.google-analytics.com https://region1.analytics.google.com; frame-src 'self' content.novabase.com https://www.google.com; 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'nonce-bzQb+x4q2sIK0QpRs/ho' 'unsafe-eval' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.google-analytics.com https://go.trimble.com https://*.gstatic.com https://*.googleapis.com https://*.wistia.com https://*.google.com https://*.addthis.com https://*.addthisedge.com https://*.googletagmanager.com https://*.litix.io https://*.kxcdn.com https://*.hotjar.com https://cdn.jsdelivr.net https://*.pardot.com https://*.visualwebsiteoptimizer.com wss: https://optanon.blob.core.windows.net https://*.onetrust.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://go.stabiplan.com https://fast.wistia.com https://*.jquery.com https://*.aptrinsic.com https://edge.fullstory.com https://cdn.segment.com https://*.cloudfront.net https://*.omappapi.com https://*.6sc.co;object-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.akamaihd.net blob: https://*.jquery.com https://*.aptrinsic.com http://127.0.0.1:* https://*.omappapi.com https://*.6sc.co;style-src 'self' 'unsafe-inline' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://go.trimble.com https://*.mepcontent.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.kxcdn.com https://pushcrew.com https://optanon.blob.core.windows.net https://*.onetrust.com https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;img-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.visualwebsiteoptimizer.com https://*.litix.io https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google.com https://*.google.com.bn https://*.google.com.mx https://*.google.com.vn https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.az https://*.google.by https://*.google.cl https://*.google.de https://*.google.es https://*.google.fr https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.se https://*.google.sk https://*.google.tn https://*.google.tr https://*.gstatic.com https://*.doubleclick.net https://*.googleapis.com https://*.akamaihd.net https://*.wistia.com https://*.ggpht.com https://*.pushcrew.com https://pushcrew.com https://static.hotjar.com https://*.addthis.com https://*.bing.com https://*.pingdom.net https://*.adnxs.com https://*.linkedin.com https://*.tradeservice.com data: blob: https://localhost:* http://127.0.0.1:* https://content2:* https://optanon.blob.core.windows.net https://*.onetrust.com https://www.facebook.com https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;media-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.akamaihd.net https://*.wistia.net https://*.wistia.com blob: https://*.jquery.com https://js.intercomcdn.com https://*.aptrinsic.com http://127.0.0.1:* https://*.omappapi.com https://*.6sc.co;frame-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://go.trimble.com https://*.wistia.com https://*.addthis.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.facebook.com https://*.hotjar.com https://*.doubleclick.net https://*.cloudfront.net https://*.jquery.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;font-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.gstatic.com https://*.wistia.com cdnjs.cloudflare.com data: https://*.jquery.com https://*.aptrinsic.com https://*.hotjar.com https://*.omappapi.com https://*.6sc.co;connect-src 'self' https://localhost:* https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.google.com https://*.google-analytics.com https://*.akamaihd.net https://*.wistia.com https://*.addthis.com/ https://sumome.com https://*.hotjar.com https://*.hotjar.io https://sumo.com https://*.litix.io/ https://*.pingdom.net https://*.herokuapp.com https://*.mixpanel.com wss: https://*.jquery.com https://app.getsentry.com https://*.aptrinsic.com http://127.0.0.1:* https://stats.g.doubleclick.net https://api.segment.io https://*.fullstory.com data: https://*.omappapi.com https://*.6sc.co;child-src 'self' https://*.blob.core.windows.net https://*.azurewebsites.net https://*.mepcontent.eu https://*.mepcontent.com https://*.wistia.com https://*.addthis.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.facebook.com https://*.hotjar.com blob: https://*.jquery.com https://player.vimeo.com https://*.aptrinsic.com https://*.omappapi.com https://*.6sc.co;upgrade-insecure-requests;report-uri /WebResource.axd?cspReport=true 1
reflected-xss 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sonomu.club; img-src 'self' https: data: blob: https://sonomu.club; style-src 'self' https://sonomu.club 'nonce-vvT7VGZJaGhxVnbgkLEORw=='; media-src 'self' https: data: https://sonomu.club; frame-src 'self' https:; manifest-src 'self' https://sonomu.club; form-action 'self'; child-src 'self' blob: https://sonomu.club; worker-src 'self' blob: https://sonomu.club; connect-src 'self' data: blob: https://sonomu.club https://cdn.masto.host wss://sonomu.club; script-src 'self' https://sonomu.club 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' https://www.megt.com.au  https://megt.jobreadygateway.com.au https://www.googletagmanager.com/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au https://*.happyfoxchat.com/*  https://megt.jobreadygateway.com.au https://www.googletagmanager.com/* *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://www.megt.com.au ; media-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google.com https://tpc.googlesyndication.com https://www.googleadservices.com https://www.gstatic.com https://iframe.ly https://unpkg.com https://cdnjs.cloudflare.com *.google.com *.youtube.com *.googleapis.com *.sociablekit.com *.googletagmanager.com https://analytics.twitter.com https://bat.bing.com https://script.hotjar.com https://static.hotjar.com https://static.ads-twitter.com https://connect.facebook.net *.happyfoxchat.com https://www.google-analytics.com https://ssl.google-analytics.com *.clarity.ms *.licdn.com  https://megt.jobreadygateway.com.au; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.happyfoxchat.com/* https://www.megt.com.au https://megt.jobreadygateway.com.au https://www.googletagmanager.com/* *; frame-ancestors https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au; child-src https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au blob:; font-src 'self' 'unsafe-inline' https://www.megt.com.au *.googleusercontent.com/static/fonts/* https://megt.jobreadygateway.com.au *; connect-src 'self' 'unsafe-eval' https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au *; report-uri /report-csp-violation 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-1a2741d433bece5a897090e8b7e05c45'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
frame-ancestors 'self' https://dashboard.vidy.com; 1
default-src 'self' *.nlb.me http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-rBjPtVJPwHMpIPrj4EmY6A==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-YYWOlkZ8zpGl40nXMgoKYJG2W4/1gpdAcWAiWbSOP7lWNdRy' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://www.iqmetrix.com https://iqmetrix.com https://admin.iqmetrix.com 1
default-src 'none';             script-src-elem 'self' 'unsafe-inline' tpc.googlesyndication.com www.googleadservices.com c.delivery.consentmanager.net googleads.g.doubleclick.net delivery.consentmanager.net delivery.consentmanager.com cdn.consentmanager.net bat.bing.com js-eu1.hsadspixel.net google-analytics.com www.google-analytics.com www.googletagmanager.com storage.googleapis.com js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hs-analytics.net js-eu1.hscollectedforms.net;             style-src 'self' www.googletagmanager.com fonts.googleapis.com;             style-src-elem 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;             style-src-attr 'unsafe-inline';             img-src 'self' data: www.google-analytics.com googleads.g.doubleclick.net bat.bing.com c.delivery.consentmanager.net cdn.consentmanager.net fonts.gstatic.com www.googletagmanager.com www.google.com www.google.de forms-eu1.hsforms.com track-eu1.hubspot.com;             font-src 'self' fonts.gstatic.com;             connect-src 'self' www.google.com adservice.google.com c.delivery.consentmanager.net google.com pagead2.googlesyndication.com api-eu1.hubapi.com bat.bing.com forms-eu1.hscollectedforms.net region1.analytics.google.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net forms-eu1.hubspot.com api.hsforms.com;             object-src 'none';             worker-src 'self';             frame-ancestors 'none';             frame-src 'self' tpc.googlesyndication.com td.doubleclick.net cdn.consentmanager.net;             form-action 'self';             base-uri 'none';             manifest-src 'self' 1
default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com; connect-src https: 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src https: 'self' https://*.hotjar.com; font-src https: 'self' https://*.hotjar.com; style-src https: 'self' 'unsafe-inline' https://*.hotjar.com; img-src https: 'self' data: https://*.hotjar.com; 1
upgrade-insecure-requests;style-src 'self' 'nonce-nw5J7It7j3aKqi2';font-src 'self';script-src 'self' 'nonce-nw5J7It7j3aKqi2' ;connect-src 'self' https://suya.place wss://suya.place  https://media.suya.place;media-src 'self' https://media.suya.place;img-src 'self' data: blob: https://media.suya.place;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
script-src 'unsafe-inline' https://*.mymoneysense.com https://mymoneysense.com https://*.googletagmanager.com https://*.googleapis.com https://*.sharethis.com https://*.google-analytics.com https://*.sharethis.mgr.consensu.org https://rbs.qumucloud.com https://cdn.cookielaw.org https://connect.facebook.net https://*.doubleclick.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://cdn.parsely.com https://vars.hotjar.com https://static.hotjar.com https://script.hotjar.com; frame-ancestors https://moneysensegames.azurewebsites.net https://*.mymoneysense.com https://jb-emailmanager-external.azurewebsites.net; child-src https://natwest.mymoneysense.com https://www.youtube.com https://rbs.qumucloud.com https://www.facebook.com https://jb-emailmanager-external.azurewebsites.net; frame-src https://moneysensegames.azurewebsites.net https://*.mymoneysense.com https://www.youtube.com https://player.vimeo.com https://rbs.qumucloud.com https://www.facebook.com https://jb-emailmanager-external.azurewebsites.net https://www.google.com https://vars.hotjar.com; form-action 'self' https://*.mymoneysense.com https://jb-emailmanager-external.azurewebsites.net/; 1
frame-ancestors 'self' *.stedi.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://anticapitalist.party; img-src 'self' https: data: blob: https://anticapitalist.party; style-src 'self' https://anticapitalist.party 'nonce-J6TyCqaH34g+g2YCbkklZw=='; media-src 'self' https: data: https://anticapitalist.party; frame-src 'self' https:; manifest-src 'self' https://anticapitalist.party; form-action 'self'; child-src 'self' blob: https://anticapitalist.party; worker-src 'self' blob: https://anticapitalist.party; connect-src 'self' data: blob: https://anticapitalist.party https://cdn.masto.host wss://anticapitalist.party; script-src 'self' https://anticapitalist.party 'wasm-unsafe-eval' 1
default-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk *.umbraco.org *.sharethis.com *.gstatic.com *.googleapis.com *.google.com wchat.freshchat.com *.youtube.com *.doubleclick.net *.google-analytics.com *.visualstudio.com www.vflive.co.uk stats.g.doubleclick.net *.sendinblue.com sibautomation.com *.brevo.com bcp.crwdcntrl.net data.stbuttons.click *.pendo.io *.cookielaw.org *.onetrust.com;img-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk data: umbraco.tv *.gstatic.com *.googleapis.com *.google.com *.google.co.in *.sharethis.com *.youtube.com *.google-analytics.com *.cloudfront.net *.ggpht.com *.pendo.io *.cookielaw.org *.onetrust.com;script-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk 'unsafe-inline' 'unsafe-eval' sibautomation.com *.gstatic.com *.googleapis.com *.google.com cdn.polyfill.io *.sharethis.com *.youtube.com wchat.freshchat.com *.googletagmanager.com *.msecnd.net *.google-analytics.com *.doubleclick.net *.pendo.io *.cookielaw.org *.onetrust.com;style-src 'self' *.testvenuedirectory.com *.stagingvenuedirectory.com *.venuedirectory.com *.tvdsandbox.co.uk 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com wchat.freshchat.com *.doubleclick.net *.pendo.io *.cookielaw.org *.onetrust.com;frame-src 'self' *.google.com sibautomation.com *.pendo.io *.youtube.com *.cookielaw.org *.onetrust.com *.freshchat.com; 1
frame-ancestors 'none' uat-admin.rugbyxplorer.com.au admin.rugbyxplorer.com.au 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Qss0A8Fi0A0M2+jWdRb34g=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data: 1
base-uri 'self'; child-src https://plusone.google.com https://facebook.com https://platform.twitter.com 'self'; connect-src 'self' https://apis.google.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com data:; script-src 'self' https://apis.google.com https://platform.twitter.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com 'unsafe-inline' https://gpm.srv01.dnv.vps.curity.eu; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' https://gpm.srv01.dnv.vps.curity.eu; img-src 'self' *.gravatar.com https://ssl.google-analytics.com https://gpm.srv01.dnv.vps.curity.eu; media-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'none'; 1
default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://apis.google.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com;img-src 'self' https://copfsprodweb.blob.core.windows.net https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk;media-src 'self';frame-src 'self' https://youtu.be https://m.youtube.com https://www.youtube.com https://datastudio.google.com https://content.googleapis.com https://www.googletagmanager.com https://www.google.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk;child-src 'self';worker-src 'self';upgrade-insecure-requests;block-all-mixed-content;report-uri https://www.copfs.gov.uk/Umbraco/Api/BrowserReporting/Csp 1
style-src 'unsafe-inline' *.dnocs.gov.br; 1
default-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://*.globalrewardsolutions.com https://*.gstatic.com https://code.jquery.com https://*.marketo.net https://*.marketo.com https://www.googletagmanager.com https://*.typekit.net https://*.carlton.ca https://*.carltonone.com https://cdn.jsdelivr.net www.w3.org https://*.freshbots.ai https://*.bootstrapcdn.com https://*.mktoresp.com https://*.vimeo.com wss://*.pusher.com https://*.pusher.com https://*.buttercms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.usemessages.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hs-analytics.net https://*.hs-banner.com https://evergrow.app https://api-ms.internal.p2motivate.com https://api-ms.p2motivate.com data: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://witter.cz; img-src 'self' https: data: blob: https://witter.cz; style-src 'self' https://witter.cz 'nonce-tnRxeXXaGwOToTNN8PndaQ=='; media-src 'self' https: data: https://witter.cz; frame-src 'self' https:; manifest-src 'self' https://witter.cz; form-action 'self'; child-src 'self' blob: https://witter.cz; worker-src 'self' blob: https://witter.cz; connect-src 'self' data: blob: https://witter.cz https://witter.cz wss://witter.cz; script-src 'self' https://witter.cz 'wasm-unsafe-eval' 1
default-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com; img-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://chart.apis.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://adservice.google.com https://ajax.googleapis.com https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://use.fontawesome.com https://cdnjs.cloudflare.com; font-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://use.fontawesome.com https://fonts.googleapis.com; frame-src 'unsafe-inline' 'self' https://*.fileyourtaxes.com https://www.google.com https://td.doubleclick.net; 1
frame-ancestors 'self' http://www.signalweb.cz unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' vileda.com *.vileda.com; script-src 'self' 'unsafe-inline' vileda.com *.vileda.com *.googlesyndication.com  *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.go-mpulse.net; style-src 'self' 'unsafe-inline' vileda.com *.vileda.com; connect-src 'self' vileda.com *.vileda.com *.googlesyndication.com *.google-analytics.com *.go-mpulse.net *.akstat.io; img-src 'self' vileda.com *.vileda.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net 1
default-src 'self'; font-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
object-src blob: 'self' *.exlibrisgroup.com *.exlibrisgroup.com.cn www.google-analytics.com stats.g.doubleclick.net https://youtube.com artic.contentdm.oclc.org saltresearch.org www.saltresearch.org; worker-src blob: 'self' *.exlibrisgroup.com *.exlibrisgroup.com.cn www.google-analytics.com stats.g.doubleclick.net https://youtube.com artic.contentdm.oclc.org saltresearch.org www.saltresearch.org; upgrade-insecure-requests; report-uri /infra/CSPReportEndpoint.jsp; report-to csp-report-endpoint;  1
default-src 'self' https://isso.lord.re; script-src 'self' https://isso.lord.re 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' *.facebook.com *.facebook.net *.fbsbx.com player.vimeo.com www.youtube.com www.youtube-nocookie.com; img-src 'self' blob: data: *.facebook.com *.fbsbx.com facebook.net facebook.com dmp.adform.net dpm.demdex.net graph.facebook.com raiffeisen.demdex.net statistics.raiffeisen.ch statisticssta.raiffeisen.ch scontent.xx.fbcdn.net i.ytimg.com stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.ch www.google.de platform-cdn.sharethis.com s3.amazonaws.com www.raiffeisen.ch https://media.userpilot.io https://uploads.userpilot.io https://gifs.userpilot.io https://videos.userpilot.io; style-src 'self' 'unsafe-inline' facebook.net facebook.com fonts.googleapis.com cdn.tt.omtrdc.net www.raiffeisen.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.raiffeisen.ch ajax.googleapis.com cdnjs.cloudflare.com connect.facebook.net facebook.net facebook.com google-analytics.com storage.googleapis.com www.google.com www.gstatic.com www.google-analytics.com assets.adobedtm.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net count-server.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com https://js.userpilot.io https://deploy.userpilot.io cdn.tt.omtrdc.net; connect-src 'self' blob: dpm.demdex.net dmp.adform.net fonts.googleapis.com google-analytics.com graph.facebook.com statistics.raiffeisen.ch statisticssta.raiffeisen.ch www.google.com www.gstatic.com l.sharethis.com raiffeisen.tt.omtrdc.net https://api.userpilot.io wss://api.userpilot.io https://find.userpilot.io https://find-x.userpilot.io https://find-y.userpilot.io https://find-z.userpilot.io https://find-w.userpilot.io https://uploads.userpilot.io wss://analytex.userpilot.io wss://analytex-us.userpilot.io wss://analytex-eu.userpilot.io wss://analytex-in.userpilot.io https://analytex.userpilot.io https://analytex-us.userpilot.io https://analytex-eu.userpilot.io https://analytex-in.userpilot.io https://reporting.userpilot.io wss://reporting.userpilot.io https://playground.userpilot.io https://*.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com https://fonts.userpilot.io; frame-src 'self' *.secupay.ag connect.secucard.com *.secupay-ag.de test.saferpay.com saferpay.com www.saferpay.com raiffeisen.demdex.net *.facebook.com *.facebook.net player.vimeo.com www.google.com www.youtube.com www.youtube-nocookie.com c.sharethis.mgr.consensu.org sharethis.mgr.consensu.org; frame-ancestors 'self' raiffeisen.experiencecloud.adobe.com experience.adobe.com; child-src 'self' www.google.com test.saferpay.com saferpay.com www.saferpay.com raiffeisen.demdex.net *.facebook.com *.facebook.net www.youtube-nocookie.com player.vimeo.com www.youtube.com; object-src data:; media-src 'self' https://js.userpilot.io 1
frame-ancestors https://*.crazygames.com https://*.1001juegos.com https://*.crazygames.co.id https://*.crazygames.nl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/; frame-src 'self' data: https://*.paypal.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://out.ruin.io; img-src 'self' https: data: blob: https://out.ruin.io; style-src 'self' https://out.ruin.io 'nonce-kQHMd5vZQaLdZtpEydP5Mw=='; media-src 'self' https: data: https://out.ruin.io; frame-src 'self' https:; manifest-src 'self' https://out.ruin.io; form-action 'self'; child-src 'self' blob: https://out.ruin.io; worker-src 'self' blob: https://out.ruin.io; connect-src 'self' data: blob: https://out.ruin.io https://mastodon-files.ruin.io wss://out.ruin.io; script-src 'self' https://out.ruin.io 'wasm-unsafe-eval' 1
object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self'; 1
default-src 'nonce-2lmbW2HX+D+vexjDVQ+NeA==' 'self' cdn11.bigcommerce.com https://bigcommerce.com *.bigcommerce.com *.storyblok.com https://vercel.app https://vercel.live https://secure.giftcards.co.uk/graphql giftcards-7m5nsy63k-makerstreet.vercel.app https://api.bigcommerce.com/stores/7xoe19g5xl https://cadeauconcepten.mybigcommerce.com www.googletagmanager.com www.google-analytics.com https://secure.giftcards.co.uk px.ads.linkedin.com *.google.com *.google.nl *.googleapis.com *.gstatic.com *.doubleclick.net https://tpc.googlesyndication.com https://www.giftomatic.io/ https://www.giftomatic.io https://vitals.vercel-insights.com; frame-ancestors 'self' *.giftcards.co.uk *.storyblok.com; connect-src 'self' www.google-analytics.com https://get.geojs.io *.execute-api.eu-central-1.amazonaws.com *.clarity.ms *.vercel-insights.com *.doubleclick.net *.analytics.google.com https://cdn.linkedin.oribi.io *.googleapis.com https://api.storyblok.com google.com https://analytics.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net *.googleapis.com https://www.google.com https://*.doubleclick.net https://*.google-analytics.com https://maps.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.clarity.ms *.cloudfront.net https://snap.licdn.com http://app.storyblok.com/f/storyblok-v2-latest.js https://www.googleadservices.com https://tpc.googlesyndication.com https://www.giftomatic.io/dist/linkoptimizer.js https://www.giftomatic.io/dist/websnippet.js; style-src 'self' 'unsafe-inline' data: *.googleapis.com; font-src 'self' *.gstatic.com; img-src 'self' *.storyblok.com *.bigcommerce.com data: www.googletagmanager.com www.google-analytics.com *.googleapis.com www.google.com www.google.nl google www.google.co.za https://googleads.g.doubleclick.net www.google.co.uk *.linkedin.com www.facebook.com *.gstatic.com https://c.clarity.ms https://c.bing.com https://www.google 1
frame-ancestors 'self'            https://*.aaenmaas.nl            https://*.iprox.nl 1
script-src 'self' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' https://api.2fa.directory https://cdnjs.cloudflare.com/ajax/libs/flag-icons/; font-src https://cdnjs.cloudflare.com; block-all-mixed-content; report-uri https://2factorauth.report-uri.com/r/d/csp/enforce; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.maritimejournal.com; 1
default-src 'self'; img-src 'self' data: https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline'; 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.driftt.com *.pingdom.net 7ixtke6ehh.execute-api.us-east-1.amazonaws.com www.linkedin.com *.google-analytics.com *.google.com *.g.doubleclick.net *.hotjar.com; media-src 'self' ce-staging-website-media.s3.eu-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.clickagy.com *.adroll.com *.marketo.com munchkin.marketo.net get.niceincontact.com *.google.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com *.googleadservices.com *.google-analytics.com *.contactengine.com *.g.doubleclick.net *.driftt.com *.pingdom.net *.websuccess-data.com a1webstrategy.com *.bizographics.com vimeo.com *.vimeo.com *.linkedin.com *.roar9beer.com *.licdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.zoominfo.com; style-src 'self' 'unsafe-inline' *.marketo.com *.marketo.net get.niceincontact.com *.googleapis.com cdnjs.cloudflare.com;  connect-src 'self' *.googlesyndication.com *.analytics.google.com *.mktoresp.com *.marketo.com *.linkedin.com *.clickagy.com *.g.doubleclick.net *.pingdom.net *.bugsnag.com 7ixtke6ehh.execute-api.us-east-1.amazonaws.com *.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: *.agkn.com *.crwdcntrl.net *.sitescount.com *.openx.net *.adroll.com *.adroll.mgr.consensu.org *.casalemedia.com *.3lift.com *.g.doubleclick.net *.adsymptotic.com *.ads.linkedin.com *.advertising.com *.rubiconproject.com *.pubmatic.com *.licdn.com *.outbrain.com *.taboola.com *.yahoo.com *.analytics.yahoo.com *.facebook.com *.facebook.net *.rlcdn.com *.adnxs.com x.bidswitch.net *.clickagy.com *.prod.bidr.io get.niceincontact.com *.vimeocdn.com www.gravatar.com umbraco.tv *.googleapis.com *.google-analytics.com *.g.doubleclick.net  *.google.com *.google.co.uk *.linkedin.com *.ads.linkedin.com common.nemisys.uk.com segment.prod.bidr.io http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' *.doubleclick.net *.marketo.com get.niceincontact.com *.linkedin.com *.google.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 1
object-src 'none'; script-src 'self' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www1.aesargentina.com.ar/es/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.averbeporto.com.br *.ghsix.com.br *.googleapis.com *.gstatic.com data:; img-src * data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-ancestors 'self' *.averbeporto.com.br *.ghsix.com.br 1
style-src 'self' fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval' 1
default-src cdn.cookie-script.com 'self'; script-src cdn.polyfill.io cdn.cookie-script.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com *.twitter.com *.twimg.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'unsafe-eval' 'self' 'unsafe-inline'; style-src cdnjs.cloudflare.com fonts.googleapis.com 'self' 'unsafe-inline' ; font-src data: cdnjs.cloudflare.com fonts.gstatic.com 'self'; frame-src www.youtube.com *.twitter.com *.googletagmanager.com 'self'; img-src data: *.twimg.com *.twitter.com *.google-analytics.com *.googletagmanager.com www.gstatic.com *.hsforms.com *.hubspot.com 'self'; style-src-elem cdnjs.cloudflare.com hello.myfonts.net *.twitter.com *.twimg.com unpkg.com 'self' 'unsafe-inline'; connect-src consent.cookie-script.com *.google-analytics.com *.hubspot.com *.hubapi.com *.hscollectedforms.net 'self'; script-src-elem cdn.polyfill.io cdn.cookie-script.com *.googletagmanager.com cdnjs.cloudflare.com *.google-analytics.com *.twimg.com *.twitter.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'self' 'unsafe-inline'; report-uri https://dcvc.report-uri.com/r/d/csp/enforce 1
base-uri 'self';connect-src 'self' https://*.yandex.ru http://*.yandex.ru https://*.google-analytics.com wss://*.pusher.com wss://*.sochain.com wss://*.chain.so https://*.pusher.com http://*.pusher.com https://*.sochain.com http://*.sochain.com https://*.chain.so http://*.chain.so *.lottiefiles.com wss://*.jivosite.com https://*.jivosite.com http://*.jivosite.com https://*.jivo.ru wss://*.jivo.ru http://*.jivo.ru;font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com;style-src 'self' fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com 'unsafe-inline' *.jivosite.com *.jivo.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.yandex.ru *.pusher.com unpkg.com *.jivosite.com *.jivo.ru;form-action 'self' *.advcash.com payeer.com perfectmoney.is qiwi.com *.yandex.ru;img-src * *.yandex.ru 'unsafe-inline' data:;object-src 'none' 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; 1
style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com 1
default-src 'self' https://mc.yandex.ru 'unsafe-inline'; img-src 'self' https://mc.yandex.ru data:; script-src 'self' https://mc.yandex.ru 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forums.mediaspy.org/logs/ https://forums.mediaspy.org/sidekiq/ https://forums.mediaspy.org/mini-profiler-resources/ https://forums.mediaspy.org/assets/ https://forums.mediaspy.org/extra-locales/ https://forums.mediaspy.org/highlight-js/ https://forums.mediaspy.org/javascripts/ https://forums.mediaspy.org/plugins/ https://forums.mediaspy.org/theme-javascripts/ https://forums.mediaspy.org/svg-sprite/ 'report-sample' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https: 'unsafe-inline'; worker-src 'self' https://forums.mediaspy.org/assets/ https://forums.mediaspy.org/javascripts/ https://forums.mediaspy.org/plugins/; report-uri https://forums.mediaspy.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
content-security-policy: block-all-mixed-content; frame-ancestors 'self' acdivoca.org; default-src acdivoca.org; object-src 'none'; img-src 'self' acdivoca.org blob: data: https:; media-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' acdivoca.org blob: data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' acdivoca.org data: https:; frame-src 'self' https:; connect-src 'self' acdivoca.org https:; base-uri 'self'; form-action 'self' https:; access-control-allow-origin: https://acdivoca.org 1
frame-ancestors *.screenhubb.com 1
default-src 'self'; connect-src 'self' crownpeak.net *.crownpeak.net *.google.com *.google-analytics.com *.doubleclick.net *.googleapis.com; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.doubleclick.net; frame-ancestors 'self' https://www.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com *.vimeo.com *.adsrvr.org *.doubleclick.net *.googletagmanager.com *.googleapis.com *.printable.com *.bvs.com *.elocallink.tv *.youtube-nocookie.com *.acuityscheduling.com elocallink.tv; img-src 'self' *.google-analytics.com *.googletagmanager.com *.cloudinary.com banno.com *.banno.com *.googleapis.com *.gstatic.com *.adsrvr.org *.linkedin.com *.twitter.com *.google.com *.facebook.com *.ytimg.com *.vimeocdn.com *.ggpht.com *.doubleclick.net *.printable.com *.placeholder.com data: *.banno.com banno.com; media-src 'self' *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com banno.com *.banno.com  *.google.com crownpeak.com *.crownpeak.com *.facebook.net *.facebook.com  *.doubleclick.net *.simpli.fi *.ellieservices.com *.doubleclick.net *.fls.doubleclick.net *.vimeocdn.com *.gstatic.com *.youtube.com *.googleapis.com *.acuityscheduling.com *.banno.com banno.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.doubleclick.net 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-wiPBCfl+I5L/QYR/bznzdg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-src https://*; media-src https://*; frame-ancestors 'self' hireez.com *.hireez.com; 1
object-src 'none';         script-src * 'unsafe-inline' 'unsafe-eval';         base-uri 'none'; 1
default-src 'self'; object-src 'none'; script-src 'self' https://stackpath.bootstrapcdn.com https://cdn4.mxpnl.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.recaptcha.net *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net 'unsafe-inline' *;style-src 'self' https://stackpath.bootstrapcdn.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline' *;connect-src 'self' *.visualstudio.com https://api.mixpanel.com *;font-src https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com;img-src 'self' https://cdnjs.cloudflare.com * data:; frame-src https://www.google.com https://stackpath.bootstrapcdn.com https://www.recaptcha.net 1
default-src 'self' https://editorajbc.com.br https://*.editorajbc.com.br https://jbchost.com.br https://*.jbchost.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com; script-src 'self' https://editorajbc.com.br https://*.editorajbc.com.br https://jbchost.com.br https://*.jbchost.com.br https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src 'self'; style-src * 'unsafe-inline' data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com data:; frame-src *; connect-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.clarity.ms; object-src 'none'; frame-ancestors https://editorajbc.com.br https://*.jbchost.com.br https://*.ohmina.com.br https://*.madeinjapan.com.br; 1
frame-ancestors 'self' https://t.ambdoc.ru 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; img-src 'self' https://*.facebook.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src 'self' *.youtube.com *.google.com; connect-src 'self' https://bankmas.co.id https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://fonts.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.neuland.technology; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self'; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; child-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; base-uri 'self'; report-to default; report-uri https://aylett.report-uri.com/r/d/csp/enforce 1
default-src 'none'; script-src *.kexin001.com *.babytree.com *.babytreeimg.com *.qq.com *.miaozhen.com *.admaster.com.cn *.geetest.com hm.baidu.com sofire.bdstatic.com cpro.baidustatic.com pos.baidu.com 'unsafe-inline' 'unsafe-eval'; style-src *.kexin001.com *.babytree.com *.babytreeimg.com *.geetest.com 'unsafe-inline'; connect-src *.babytree.com *.babytreeimg.com sofire.baidu.com *.baidu.com; img-src *.kexin001.com *.babytree.com http://*.babytreeimg.com https://*.babytreeimg.com *.meituncdn.com open.weixin.qq.com *.miaozhen.com *.admaster.com.cn *.geetest.com sofire.baidu.com eclick.baidu.com hm.baidu.com *.baidu.com data:; font-src *.babytree.com *.babytreeimg.com data:; media-src *.babytree.com http://*.babytreeimg.com https://*.babytreeimg.com http://*.meituncdn.com https://*.meituncdn.com *.clouddn.com; manifest-src *.babytree.com *.babytreeimg.com; frame-src *.kexin001.com *.babytree.com *.babytreeimg.com babytree://* lama://* market://* bbtrp://* wvjbscheme://* pos.baidu.com; child-src *.kexin001.com *.babytree.com *.babytreeimg.com babytree://* lama://* market://*  bbtrp://*; frame-ancestors *.kexin001.com *.babytree.com *.babytreeimg.com babytree://* lama://* market://* bbtrp://* pos.baidu.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' https://goflo.nl; img-src * data: blob: 1
report-uri https://97f598ab67904ebe52e9ac7fbe0cbf3a.report-uri.com/r/d/csp/enforce;script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.tinymce.com/ cdnjs.cloudflare.com/ajax/libs/ckeditor/ http://cdnjs.cloudflare.com/ajax/libs/summernote/ https://cdn.ampproject.org/ https://cdn.jsdelivr.net/npm/bootstrap@4.1.0/ https://cdn.jsdelivr.net/npm/jquery-ui-dist@1.12.1/ https://cdn.jsdelivr.net/npm/jquery@3.2.1/ https://cdn.jsdelivr.net/npm/pace-js@latest/ https://cdn.jsdelivr.net/npm/popper.js@1.12.3/ https://cdn.tailwindcss.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js https://code.jquery.com/ https://d1h95qqs8448e.cloudfront.net/CUB/production/textParser.prod.js https://d1h95qqs8448e.cloudfront.net/shared/js/fp3.3.4.js https://images.dmca.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://www.googletagmanager.com/ https://a.omappapi.com/ https://static.cloudflareinsights.com/ https://www.google-analytics.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.cloudflare.com/cdn-cgi/scripts/ 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://app.upserve.com *.google-analytics.com *.googletagmanager.com https://code.jquery.com vimeo.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://oss.maxcdn.com https://cdn.jsdelivr.net https://acsbapp.com https://static.addtoany.com; connect-src 'self' https://cdn.acsbapp.com https://www.google-analytics.com https://acsbapp.com https://en.wikipedia.org https://accesswidget-log-receiver.acsbapp.com https://web1.acsbapp.com; img-src 'self' data: https://app.upserve.com https://acsbapp.com https://web1.acsbapp.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com https://i.ytimg.com/vi/CcPS_9CR7Fk/mqdefault.jpg; style-src 'unsafe-inline' 'self' https://app.upserve.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://acsbapp.com; frame-src 'self' https://app.upserve.com https://www.youtube.com https://static.addtoany.com https://player.vimeo.com https://www.google.com; base-uri 'self'; object-src 'self'; 1
default-src 'self' data: https://directed.api.servicetarget.com http://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://cdn.servicetarget.com https://cdn.acsbapp.com https://web1.acsbapp.com https://stage.directed.com ws://stage.directed.com https://www.directed.com ws://www.directed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.servicetarget.com https://stage.directed.com https://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; style-src 'self' 'unsafe-inline' http://stage.directed.com https://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; img-src 'self' 'unsafe-inline' data: https://directed.api.servicetarget.com https://cdn.servicetarget.com http://stage.directed.com ws://stage.directed.com https://www.directed.com ws://www.directed.com https://ssl.google-analytics.com http://stage.directed.com https://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; font-src 'self' 'unsafe-inline' data: https://directed.api.servicetarget.com http://stage.directed.com https://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; frame-src 'self' 'unsafe-inline' http://core.directed.com http://core.directed.com/Pages/Default.aspx http://stage.directed.com https://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com 1
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src blob: *;frame-ancestors 'self' https://webs.taraenergy.com https://websdev.taraenergy.com; 1
child-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com *.in.applicationinsights.azure.com live.applicationinsights.azure.com rt.applicationinsights.microsoft.com rt.services.visualstudio.com https://stats.g.doubleclick.net  https://*.google-analytics.com  https://*.google.analytics.com https://www.google.com/ads https://in.hotjar.com  https://vc.hotjar.io https://*.clarity.ms/collect https://www.clarity.ms/eus2/collect https://s7.addthis.com/  https://api.carriere.nu/ https://ekr.zdassets.com/ https://*.facebook.com/ https://*.analytics.google.com https://cdn.linkedin.oribi.io wss://widget mediator.zopim.com; default-src 'self'; font-src 'self' data:  https://cdn.bluebillywig.com/fonts/ https://*.zopim.com; frame-ancestors https://*.nevi.nl; frame-src 'self' https://*.businessmonitor.nl https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.google.com/ https://e.issuu.com/ https://issuu.com/ https://embed.webinargeek.com/ https://*.vimeo.com/ https://vimeo.com/ https://*.youtube.com https://gstatic.com/ https://www.gstatic.com/:1; img-src 'self' data:  https://*.fls.doubleclick.net https://nevi.bbvms.com  https://stats.bluebillywig.com  https://www.facebook.com  https://px.ads.linkedin.com  https://*.google-analytics.com  https://*.google.analytics.com  https://www.google.com/ads/  https://www.google.nl/ads/  https://*.clarity.ms  https://i.vimeocdn.com/  https://*.bing.com  https://myalbum.com/  https://thumbs-eu-west-1.myalbum.io/  https://*.analytics.google.com https://*.zopim.com; media-src 'self' data:  https://d1h0q85m11w2jc.cloudfront.net/nevi/media/  https://nevi.bbvms.com/ https://*.vimeo.com; object-src 'none'; script-src 'self' 'unsafe-inline'  'unsafe-eval' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com *.in.applicationinsights.azure.com live.applicationinsights.azure.com rt.applicationinsights.microsoft.com rt.services.visualstudio.com az416426.vo.msecnd.net/scripts/a/ai.0.js https://www.googletagmanager.com https://www.google-analytics.com https://cdn.bluebillywig.com  https://zendesk.nl https://webinargeek.com  https://addthis.com https://hotjar.com  https://static.hotjar.com https://script.hotjar.com https://clarity.microsoft.com  https://*.clarity.ms https://mailchimp.com  https://snap.licdn.com https://connect.facebook.net https://www.google.com https://www.gstatic.com/recaptcha/ https://embed.webinargeek.com/ https://s7.addthis.com  https://v2.zopim.com https://nevi.bbvms.com/  https://cdn.oribi.io/ https://static.zdassets.com/ https://www.google.com/recaptcha/ https://widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' hello.myfonts.net/count/3a8b67  https://cdn.bluebillywig.com 1
frame-ancestors 'self' atmunhost.com.br *.atmunhost.com.br 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.instagram.com connect.facebook.net; frame-ancestors 'self' www.youtube.com www.facebook.com; img-src 'self' data: www.google-analytics.com www.facebook.com placehold.jp i.ytimg.com 1
font-src 'self' ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com; object-src 'none'; 1
default-src 'self' https://*.lupapiste.fi https://widget-telwin.getjenny.com https://storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget-telwin.getjenny.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.lupapiste.fi https://lupapiste.fi;font-src 'self' data: https://fonts.gstatic.com;frame-ancestors 'self'; 1
object-src 'self' 'unsafe-inline' 'unsafe-eval' login.prenotazionepasti.it ogs.google.com www.gstatic.com ssl.gstatic.com www.googletagmanager.com www.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://webforms.aboportal.nl; frame-src * 'self' 'unsafe-inline' 'unsafe-eval' https://webforms.aboportal.nl; script-src 'self' https://webforms.aboportal.nl 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src https: wss: 'self' https://webforms.aboportal.nl; frame-ancestors 'self'; img-src * data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src * data: blob: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://*.brighttalk.com https://*.hsappstatic.net https://unpkg.com https://s3.amazonaws.com/downloads.mailchimp.com https://*.osano.com https://*.lfeeder.com https://*.leadfeeder.com https://*.pardot.com https://*.digitalasset.com https://*.simpleanalyticscdn.com https://cdnjs.cloudflare.com https://redditstatic.s3.amazonaws.com https://recaptcha.net https://*.googlesyndication.com https://*.ampproject.org https://bat.bing.com https://gist.github.com/da-blog/ https://gist.github.com/nemanja-da/ https://gist.github.com/OliviaY2/ https://*.fontawesome.com https://*.ads-twitter.com https://d20519brkbo4nz.cloudfront.net https://*.driftt.com https://*.luckyorange.com https://*.facebook.net https://*.twitter.com https://*.hscta.net https://*.hubspot.com https://*.hubspot.net https://*.googletagmanager.com https://js.hs-scripts.com https://*.hsforms.net  https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.jquery.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://*.hs-banner.com https://*.licdn.com https://*.googleadservices.com https://*.doubleclick.net https://*.hsadspixel.net https://*.greenhouse.io https://*.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net https://*.gstatic.com https://*.redditstatic.com https://7528304.fs1.hubspotusercontent-na1.net;style-src 'self' 'unsafe-inline' 'report-sample' https://unpkg.com https://cdn-images.mailchimp.com/ https://*.digitalasset.com https://*.jsdelivr.net https://*.googletagmanager.com https://github.githubassets.com/ https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn2.hubspot.net https://*.hsappstatic.net https://d10lpsik1i8c69.cloudfront.net https://*.twitter.com;img-src 'self' data: https:;connect-src 'self' https://*.linkedin.com https://*.hscollectedforms.net https://*.osano.com https://*.oribi.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.simpleanalyticscdn.com https://*.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.hs-banner.com https://*.bing.com https://pubsub.googleapis.com/v1/projects/lucky-orange/ https://*.fontawesome.com https://pubsub.googleapis.com https://public-auth-dot-lucky-orange.appspot-preview.com/ https://www.facebook.com https://*.google.com https://*.hubspot.com https://cdn.contentful.com https://*.daml.com https://*.google-analytics.com https://*.sitesearch360.com https://*.hubapi.com https://*.hubspot.net https://p.adsymptotic.com https://*.daml.com https://daml.com wss://*.luckyorange.com https://*.luckyorange.com https://*.luckyorange.net wss://*.visitors.live https://*.digitalasset.com https://*.doubleclick.net https://*.ucweb.com;font-src 'self' data: https://*.fontawesome.com https://*.digitalasset.com https://*.gstatic.com https://cdnjs.cloudflare.com https://*.hubspot.net;media-src https://d10lpsik1i8c69.cloudfront.net;frame-src 'self' https://*.brighttalk.com https://*.canton.network https://streamyard.com/ https://*.digitalasset.com https://*.hubspot.com https://*.googletagmanager.com https://*.googlesyndication.com https://play.instruqt.com https://www.google.com https://*.facebook.com https://digitalasset.zoom.us https://*.driftt.com https://*.hsforms.com https://*.vimeo.com https://*.daml.com https://*.twitter.com https://*.doubleclick.net https://*.jsdelivr.net https://*.greenhouse.io https://fireside.fm https://player.fireside.fm https://*.youtube.com;manifest-src 'self';child-src 'self';worker-src 'self' blob:;object-src 'none';form-action 'self' 'unsafe-inline'  https://*.facebook.com;frame-ancestors 'self' https://*.digitalasset.com;base-uri 'self' https://*.digitalasset.com;report-uri https://report-uri.digitalasset.com/report-uri;upgrade-insecure-requests 1
default-src 'none'; form-action 'self'; connect-src 'self' https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'none';frame-src 'self'  https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn-hedd.prospects.ac.uk ; img-src https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com 'self' https://cdn-hedd.prospects.ac.uk https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://cdn-hedd.prospects.ac.uk https://fonts.googleapis.com https://cdnjs.cloudflare.com ; script-src 'self'  'unsafe-inline' 'unsafe-eval' 'report-sample' https://cdn-hedd.prospects.ac.uk https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com;  report-uri /csp-report; upgrade-insecure-requests; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com/api/player.js https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.bootstrapcdn.com https://code.jquery.com https://js.stripe.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.bootstrapcdn.com; img-src 'self' data: https://i0.wp.com https://blog.recipero.com https://d2pr8nqihcsukr.cloudfront.net https://i.vimeocdn.com https://syndication.twitter.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk; font-src 'self' https://*.bootstrapcdn.com https://cdnjs.cloudflare.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://api.stripe.com https://maps.googleapis.com; media-src 'self'; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://www.google.com https://js.stripe.com https://hooks.stripe.com; worker-src 'none'; base-uri 'self'; manifest-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com script.crazyegg.com www.googleoptimize.com www.googletagmanager.com static.ads-twitter.com static.oktopost.com wasm-eval googleads.g.doubleclick.net okt.to scout-cdn.salesloft.com snap.licdn.com www.google-analytics.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net connect.facebook.net js.hsforms.net; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com googleads.g.doubleclick.net js.hsforms.net scout-cdn.salesloft.com script.crazyegg.com snap.licdn.com static.ads-twitter.com static.oktopost.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com okt.to www.googleadservices.com www.comeet.co blob: cdn-fmjbh.nitrocdn.com static.addtoany.com maps.googleapis.com trackingapi.trendemon.com www.aidoc.com assets.trendemon.com connect.facebook.net cookie-cdn.cookiepro.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net script.hotjar.com static.hotjar.com js.hscollectedforms.net js.hsleadflows.net static.ads-twitter.com; script-src-attr 'unsafe-inline'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn-fmjbh.nitrocdn.com www.aidoc.com www.comeet.com wowjs.uk data: www.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: px4.ads.linkedin.com px.ads.linkedin.com analytics.twitter.com forms-na1.hsforms.com forms.hsforms.com secure.gravatar.com t.co www.google-analytics.com www.google.co.il www.google.com www.googletagmanager.com www.google.de googleads.g.doubleclick.net www.google.co.in www.google.com.ph cdn-fmjbh.nitrocdn.com s.w.org pic.trendemon.com t.influ2.com trackingapi.trendemon.com www.aidoc.com ps.w.org track.hubspot.com www.google.co.nz www.google.com.au dify.wpengine.com cookie-cdn.cookiepro.com perf-eu1.hsforms.com track-eu1.hubspot.com www.facebook.com www.google.com.tr www.google.ie www.google.co.uk www.google.se www.google.co.ve www.google.ee www.google.cz www.google.fr www.google.nl www.google.si www.google.com.ec www.google.com.ua www.google.ca i.ytimg.com scout.us2.salesloft.com www.google.com.my www.google.com.pe www.google.mn www.google.pt www.google.ru www.google.com.ar www.google.com.eg adservice.google.com analytics.google.com stats.g.doubleclick.net www.google.at www.google.ch www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.za www.google.com.br www.google.com.co www.google.com.lb www.google.com.ly www.google.com.sa www.google.com.vn www.google.es www.google.it www.linkedin.com; font-src 'self' data: fonts.gstatic.com cdn-fmjbh.nitrocdn.com www.aidoc.com; connect-src 'self' analytics.google.com forms.hsforms.com script.crazyegg.com cdn.linkedin.oribi.io scout.salesloft.com stats.g.doubleclick.net www.google-analytics.com www.google.co.il region1.analytics.google.com adservice.google.com to.getnitropack.com www.google.com.ph maps.googleapis.com region1.google-analytics.com ws.zoominfo.com content.hotjar.io in.hotjar.com wss://ws.hotjar.com bat.bing.com www.aidoc.com www.google.co.nz my.wpengine.com yoast.com api-eu1.hubapi.com cookie-cdn.cookiepro.com csmetrics.hotjar.com cta-eu1.hubspot.com js.hs-banner.com privacyportal.cookiepro.com t.influ2.com vc.hotjar.io www.facebook.com forms.hscollectedforms.net forms.hubspot.com api.hsforms.com api.hubapi.com www.google.ie www.google.se www.google.co.uk pagead2.googlesyndication.com www.google.com.ua www.google.ca www.google.fr www.google.com www.google.cz www.google.de www.google.mn www.google.com.my www.google.com.pe www.google.ru www.google.co.in www.google.co.ke www.google.com.co www.google.com.vn www.google.co.ve www.google.com.br www.google.ee; frame-src td.doubleclick.net forms.hsforms.com www.youtube.com www.comeet.co static.addtoany.com app.hubspot.com static.hsappstatic.net 'self'; worker-src blob: 'self'; form-action forms.hsforms.com www.aidoc.com aidoc.com 'self'; default-src content.hotjar.io in.hotjar.com wss://ws.hotjar.com; child-src www.youtube.com 1
default-src 'self' analytics.google.com *.google-analytics.com *.google.com *.facebook.net *.facebook.com *.youtube.com *.hotjar.com *.hotjar.io challenges.cloudflare.com bemyfortunes.com cash4wins.com sat.nupitruspe.net; script-src 'unsafe-inline' 'self' 'unsafe-eval' analytics.google.com *.google-analytics.com *.google.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.facebook.net *.facebook.com *.datatables.net *.jquery.com certify.gpwa.org *.hotjar.com *.hotjar.io *.amplitude.com challenges.cloudflare.com *.jsdelivr.net cash4wins.com sat.nupitruspe.net https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net; style-src 'unsafe-inline' 'self' analytics.google.com *.google-analytics.com *.googleapis.com *.facebook.net *.datatables.net; font-src 'unsafe-inline' 'self' data: analytics.google.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.zopim.com; img-src * data: blob: sat.nupitruspe.net https://v2assets.zopim.io https://static.zdassets.com; connect-src 'unsafe-inline' 'self' *.facebook.com *.hotjar.com *.hotjar.io analytics.google.com *.google-analytics.com *.doubleclick.net *.amplitude.com api.lb.casinosgamblingreviews.com sat.nupitruspe.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io 1
object-src 'none'; frame-ancestors * localhost:3000; report-uri https://www.ahaspeed.com/zh-hans/report-uri/enforce 1
default-src https:; connect-src https: wss:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors 'none' 1
default-src 'self' 'strict-dynamic'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://privacyportal-de.onetrust.com https://*.nr-data.net https://*.doubleclick.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://stage.zhinst.com https://www.zhinst.com; frame-src 'self' https://www.youtube.com https://www.youku.com https://player.youku.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.zhinst.com https://www.google.com https://*.doubleclick.net; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://player.youku.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://hm.baidu.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://player.youku.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://js-agent.newrelic.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://hm.baidu.com https://*.nr-data.net https://static.cloudflareinsights.com https://www.youtube.com https://snap.licdn.com https://stage.zhinst.com https://www.zhinst.com https://bat.bing.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://player.youku.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://player.youku.com https://www.googletagmanager.com https://stage.zhinst.com https://www.zhinst.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZWJkMDlhMWI3ZDUzNDc1OGI5NzgwOWQ4ZDk1YjMwODE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-UnZtcnArYjFBS1JZSXVzcEtiUklVZ2I4Mnl6emE2aXA4YTNodVBFbitEUT06SE5iNjhaS2xVY29iV0pwTVE5d1NIR3FxcjN1Q0o4ZWF0SjJRODZocmsyWT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
"sandbox allow-forms 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fulda.social; img-src 'self' https: data: blob: https://fulda.social; style-src 'self' https://fulda.social 'nonce-CvVCKZjmXf3p8+KeTKtV1w=='; media-src 'self' https: data: https://fulda.social; frame-src 'self' https:; manifest-src 'self' https://fulda.social; form-action 'self'; child-src 'self' blob: https://fulda.social; worker-src 'self' blob: https://fulda.social; connect-src 'self' data: blob: https://fulda.social https://files.example.com wss://fulda.social; script-src 'self' https://fulda.social 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-Dln6mCTLtd9MmqstvGFWDq99LQyOFse+CVz9aZ+caiqpBB2W' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' blob: data: www.googletagmanager.com www.google-analytics.com www.google.com www.google.nl analytics.google.com ajax.googleapis.com *.g.doubleclick.net www.youtube.com *.prismic.io www.gravatar.com dpdk.com form.typeform.com *.cookiebot.com *.googlesyndication.com go.sightdx.com *.google-analytics.com *.google.com google.co; 1
default-src 'self' sso.rolex.com *.sso.rolex.com; script-src 'self' sso.rolex.com *.sso.rolex.com 'unsafe-inline'; style-src 'self' sso.rolex.com *.sso.rolex.com 'unsafe-inline' 'unsafe-hashes'; font-src 'self' data: sso.rolex.com *.sso.rolex.com; img-src 'self' data: sso.rolex.com *.sso.rolex.com; frame-src 'self' sso.rolex.com *.sso.rolex.com; upgrade-insecure-requests 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://vac.bhhsaz.com; 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; default-src 'self'; font-src 'self' data:; child-src 'self' https://www.youtube.com/; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.google.com/ https://player.vimeo.com/; img-src 'self' data: https://*.ytimg.com/ https://*.youtube.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://toegankelijkheidsverklaring.nl/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'sha256-cJc93onTFGyKyVoxUKBNAwTAMCvUjSfESBJdzLrjgWw=' 'sha256-JWt1m28kNFB/rFjtbJEOx3yqSxZv6OjgwNLclp75rQ0=' 'sha256-B7X35g/IfDxD2XCLBNOI+NAYfU+A5Ebd8LTXLMAMCes=' https://*.youtube.com/ https://*.readspeaker.com/ https://*.google-analytics.com/; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' 'sha256-7Wj4JppQPW/r0fhp+Y3lFnfwMGJjSJYaErRdXi/jGxw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' https://*.readspeaker.com/; connect-src 'self' https://*.readspeaker.com/ https://*.google-analytics.com/ https://*.doubleclick.net/; worker-src 'none'; form-action 'self' https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.adroll.com *.aimbase.com https://www.googletagmanager.com *.clarity.ms *.vimeo.com *.acsbapp.com *.doubleclick.net *.gstatic.com *.formilla.com *.pingdom.net *.googleapis.com www.google.com www.formilla.com cdn.acsbapp.com www.google-analytics.com ws.aimbase.com bat.bing.com www.clarity.ms *.clarity.ms cse.google.com; frame-src 'self' 'unsafe-inline' chriscraftinventory.azurewebsites.net https://www.googletagmanager.com platform.twitter.com player.vimeo.com *.adroll.com *.clarity.ms *.doubleclick.net *.gstatic.com *.formilla.com *.pingdom.net *.googleapis.com; connect-src 'self' www.formilla.com *.vimeo.com chris-craft.aimbase.com https://analytics.google.com/ www.analytics.google.com cdn.acsbapp.com www.google-analytics.com chriscraftinventory.azurewebsites.net *.avalastaging.com *.adroll.com *.clarity.ms *.doubleclick.net *.gstatic.com *.formilla.com *.pingdom.net *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cse.google.com *.adroll.com *.clarity.ms *.doubleclick.net *.gstatic.com *.formilla.com *.aimbase.com *.pingdom.net *.vimeo.com *.googleapis.com googleads.g.doubleclick.net www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net ws.aimbase.com acsbapp.com s.adroll.com www.gstatic.com platform.twitter.com assets.pinterest.com www.formilla.com *.clarity.ms; img-src 'self' ws.aimbase.com www.facebook.com bat.bing.com www.google.com *.vimeo.com *.adentifi.com *.stackadapt.com *.google-analytics.com *.mxptint.net *.simpli.fy *.company-target.com *.sitescout.com *.walmart.com *.crwdcntrl.com *.rfihub.com *.apxlv.com *.w55c.net *.turn.com *.scorecardresearch.com *.clarity.ms *.adroll.com chriscraftinventory.azurewebsites.net *.adsymptomatic.com *.exelator.com *.everesttech.net *.pippio.com *.clarity.ms *.doubleclick.net *.gstatic.com *.formilla.com *.pingdom.net *.googleapis.com *.bing.com *.casalemedia.com *.rubiconproject.com *.advertising.com *.pippio.com *.outbrain.com *.pubmatic.com *.yahoo.com *.vindicosuit.com *.sharethis.com *.taboola.com m1314.com *.choozle.com *.jivox.com *.spotify.com *.videoamp.com *.rezync.com *.ownerig.net bttrack.com *.agkn.com *.co.uk *.cardlytics.com *.tapad.com *.addthis.com chris-craft.aimbase.com pippio.com *.3lift.com *.bidswitch.net *.adnxs.com *.rlcdn.com www.googletagmanager.com *.openx.net data: 1
frame-ancestors https://nethighest.com; 1
img-src *; default-src 'self' *.one.network https://ukwest-0.in.applicationinsights.azure.com//v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com *.google-analytics.com *.analytics.google.com https://cdn-ukwest.onetrust.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=33ps72piqu56i&partner=; 1
script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 1
default-src 'self';      script-src 'self' 'unsafe-inline'        https://www.google-analytics.com        https://www.googletagmanager.com        https://www.google.com/recaptcha/        https://www.gstatic.com/recaptcha/        https://www.youtube.com        https://s.ytimg.com        https://maps.googleapis.com        https://maps.gstatic.com        https://maps.google.com        https://cdn.robee.tech/v1/u/-1aVVYAMysw.js        https://cdn.syncsearch.jp/keyrank/QLSYLABJ/1/ranking_result_utf8.js        https://cdn-au.onetrust.com/scripttemplates/        https://cdn.robee.tech/v1/sdk.js        https://sync.im-apps.net/imid/segment        https://dmp.im-apps.net/scripts/im-uid-hook.js        https://dmp.im-apps.net/sdk/im-uid.js        https://track.robee.tech/v1/        https://cdn.robee.tech/v1/popup-image-sdk.js        https://cdn.robee.tech/v1/chatbot-base-sdk.js        https://cdn.robee.tech/v1/chatbot-form-sdk.js        https://svss.tv/        https://ircms.irstreet.com/        https://cdn.syncsearch.jp/keyrank/QLSYLABJ/2/ranking_result_utf8.js;      img-src 'self'        data:        https://www.google-analytics.com        https://www.googletagmanager.com        https://www.gstatic.com        https://www.youtube.com        https://s.ytimg.com        https://maps.gstatic.com        https://maps.google.com        https://cdn-au.onetrust.com/logos/static/        https://cdn-au.onetrust.com/logos/bcf87330-20b3-4e22-aaf0-4d915673751b/        https://dimg.stockweather.co.jp/sw_dimg/ferrotec_real.ashx        https://track.robee.tech/v1/        https://cdn.robee.tech/v1/        https://s3-ap-northeast-1.amazonaws.com/robee-production/uploads/chatbot/        https://svss.tv/        https://i.ytimg.com/        https://dimg.stockweather.co.jp/sw_dimg/ferrotec_real_en.ashx;      style-src 'self' 'unsafe-inline'        https://fonts.googleapis.com        https://use.fontawesome.com/releases/v5.8.1/css/all.css        https://svss.tv/;      font-src 'self'        https://fonts.gstatic.com        https://fonts.googleapis.com        https://use.fontawesome.com/releases/v5.8.1/;      frame-src 'self'        https://www.google.com/        https://www.google.com/recaptcha/        https://www.youtube.com        https://maps.google.com        https://parts.stockweather.co.jp/;      connect-src 'self'        https://www.google-analytics.com        https://www.googletagmanager.com        https://maps.googleapis.com        https://analytics.google.com        https://cdn-au.onetrust.com/consent/        https://cdn-au.onetrust.com/logos/static/        https://cdn-au.onetrust.com/scripttemplates/202312.1.0/assets/        https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location        https://c-c00.ma-tag.com/        https://c-c01.ma-tag.com/        https://c-c02.ma-tag.com/        https://c-c03.ma-tag.com/        https://c-c04.ma-tag.com/        https://c-c05.ma-tag.com/        https://c-c06.ma-tag.com/        https://c-c07.ma-tag.com/        https://c-c08.ma-tag.com/        https://c-c09.ma-tag.com/        https://c-c10.ma-tag.com/        https://c-c11.ma-tag.com/        https://c-c12.ma-tag.com/        https://c-c13.ma-tag.com/        https://c-c14.ma-tag.com/        https://c-c15.ma-tag.com/        https://ivs.ma-tag.com/v1/echo        http://ma-tag.com/v1/identify        https://track.robee.tech/v1/        https://audiencedata.im-apps.net        https://svss.tv/;      media-src 'self'        https://svss.tv/;      object-src 'none'; 1
frame-ancestors 'self' https://*.vipspel.com https://*.decta.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; font-src 'self'; frame-src 'self'; img-src * data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src 'self' https://js.monitor.azure.com 'unsafe-inline'; connect-src 'self' https://northeurope-0.in.applicationinsights.azure.com/; 1
frame-ancestors 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com hire.withgoogle.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com www.google.com maps.googleapis.com *.google-analytics.com www.gstatic.com hire.withgoogle.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com andreasmb.github.io code.jquery.com www.googletagmanager.com snap.licdn.com *.typeform.com *.googleadservices.com *.demandbase.com *.company-target.com; img-src 'self' data: *.linkedin.com *.google-analytics.com www.google.fr www.google.com www.valiantys.com i.ytimg.com maps.googleapis.com maps.gstatic.com *.gravatar.com px.ads.linkedin.com id.rlcdn.com *.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com hire.withgoogle.com cdnjs.cloudflare.com; frame-src 'self' www.google.com hire.withgoogle.com www.youtube.com www.youtube-nocookie.com *.typeform.com *.company-target.com *.doubleclick.net; connect-src 'self' noembed.com cdn.linkedin.oribi.io *.google-analytics.com stats.g.doubleclick.net cdn.plyr.io ipapi.co api.lever.co *.company-target.com *.demandbase.com px.ads.linkedin.com 1
default-src 'none';script-src 'self' 'nonce-2518c59ef1df788b31f5a954d902254c' 'unsafe-eval' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://ebsco.us1app.churnzero.net https://*.osano.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;img-src 'self' data: https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://*.ebsco.com https://*.ebsco.zone https://*.ebscohost.com https://p.typekit.net https://*.cloudflare.com https://mobile.micromedexsolutions.com https://cmp.osano.com https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png https://linkmaker.itunes.apple.com/en-us/badge-lrg.svg https://ebsco-dev.us1app.churnzero.net https://ebsco.us1app.churnzero.net;connect-src 'self' https://*.osano.com https://*.amplitude.com https://*.ebsco.com https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://dd.devqa.eismedi.com https://www.cloudflare.com https://rum.browser-intake-datadoghq.com https://use.typekit.net https://apis.ebsco.com https://login.ebsco.zone https://logon.ebsco.zone https://findmystacks.ebscomedical.com https://myaccount.ebsco.healthcare https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://resources.integration.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net https://analytics.churnzero.net;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;object-src 'self';media-src 'self' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com;manifest-src 'self';frame-src *;base-uri 'self';frame-ancestors *;form-action 'self';worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://static.keiser.com https://d1qhf9137peimx.cloudfront.net https://www.googletagmanager.com https://*.quantserve.com https://public.tockify.com https://script.hotjar.com https://static.hotjar.com https://fe.sitedataprocessing.com https://keiser.ladesk.com https://www.youtube.com https://s.ytimg.com https://consent.cookiebot.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://checkout.stripe.com https://cdn1-sandbox.affirm.com https://sandbox.affirm.com https://cdn1.affirm.com https://cdn.curator.io https://assets.juicer.io https://www.google-analytics.com; style-src 'self' data: 'unsafe-inline' https: https://static.keiser.com https://d1qhf9137peimx.cloudfront.net https://cdn.curator.io https://assets.juicer.io https://cloud.webtype.com; img-src 'self' data: blob: https: https://static.keiser.com https://d1qhf9137peimx.cloudfront.net https://www.google-analytics.com https://pls.webtype.com; font-src 'self' data: https: https://static.keiser.com https://d1qhf9137peimx.cloudfront.net https://*.googleusercontent.com https://cloud.webtype.com; connect-src 'self' data: https: https://tracker.affirm.com https://api-cf.affirm.com https://www.affirm.com https://rtosxmj4ji-3.algolianet.com https://8143g4pk99.execute-api.us-west-2.amazonaws.com https://www.google-analytics.com https://q.stripe.com https://checkout.stripe.com https://*.affirm.com https://affirm.com https://*.hotjar.com https://hotjar.com wss://*.hotjar.com; media-src 'self' https: https://static.keiser.com https://d1qhf9137peimx.cloudfront.net; object-src 'none'; frame-src 'self' https: https://m.stripe.com https://vars.hotjar.com https://*.ladesk.com https://www.affirm.com https://*.fls.doubleclick.net https://www.youtube.com; worker-src 'self' https: blob:; frame-ancestors https://www.keiser.com; upgrade-insecure-requests; report-uri https://bf0c2b94be02a099f594b34b70949254.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' cdn.polyfill.io maps.googleapis.com cdn.emailjs.com cdn.optimizely.com cdn.mxpnl.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net bat.bing.com static.ads-twitter.com analytics.twitter.com platform.twitter.com www.google-analytics.com ssl.google-analytics.com js.hs-scripts.com js.hs-analytics.net snap.licdn.com px.ads.linkedin.com www.linkedin.com sjs.bizographics.com; img-src 'self' https: data:; object-src 'self'; base-uri 'self'; upgrade-insecure-requests;report-uri https://console.snips.ai/report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://4bear.com; img-src 'self' https: data: blob: https://4bear.com; style-src 'self' https://4bear.com 'nonce-pPX8KY/18+LDFYse53zP0w=='; media-src 'self' https: data: https://4bear.com; frame-src 'self' https:; manifest-src 'self' https://4bear.com; form-action 'self'; child-src 'self' blob: https://4bear.com; worker-src 'self' blob: https://4bear.com; connect-src 'self' data: blob: https://4bear.com https://sfo3.digitaloceanspaces.com wss://4bear.com; script-src 'self' https://4bear.com 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://localhost:3333 https://menguin.sanity.studio 1
frame-ancestors 'self' wphost.me my.wphost.me; 1
frame-ancestors billie.io *.billie.io 1
frame-ancestors 'self' https://kicking-horse-coffee-ca-studio.netlify.app https://staging-ca--kicking-horse-coffee-ca-studio.netlify.app https://kicking-horse-coffee-us-studio.netlify.app https://staging-us--kicking-horse-coffee-us-studio.netlify.app https://kicking-horse-coffee-dev-studio.netlify.app 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.garanti.com.tr *.yandex.com *.bkm.com.tr *.mastercard.com.tr *.payten.com.tr *.yandex.ru *.youtube.com *.google-analytics.com *.googleapis.com *.tarsicam.com *.theasys.io *.ziraatbank.com.tr prdcbotwidgetwebvip.zb *.gstatic.com data: 3dsecure.garanti.com.tr acs.bkm.com.tr goguvenliodeme.bkm.com.tr acs.qnbfinansbank.com 3dsecure.akbank.com.tr go.albarakaturk.com.tr acs.yapikredi.com.tr maxinet.isbank.com.tr; connect-src 'self' wss://livechat.ziraatbank.com.tr https://api.ziraatbank.com.tr *.googleapis.com zbmatomoapp.ziraatbank.com.tr 1
default-src 'self' https://vochlea.b-cdn.net; font-src https://vochleaapp.b-cdn.net https://fonts.gstatic.com https://*.klarnacdn.net data:; connect-src 'self' https://api.vochlea.com https://vochlea.b-cdn.net   https://shop.vochlea.com https://vochlea-test.myshopify.com https://vochleaapp.b-cdn.net https://*.google-analytics.com https://analytics.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://stats.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://api.rollbar.com https://cdn.mxpnl.com https://*.mixpanel.com https://*.klarnaservices.com https://*.blackcrow.ai https://*.klaviyo.com https://triplewhale-pixel.web.app https://*.config-security.com https://js.klarna.com https://dev.visualwebsiteoptimizer.com https://*.gorgias.chat wss://*.gorgias.chat https://*.amplitude.com https://storage.googleapis.com/gorgias-chat-attachments-production/ https://app.adbeacon.com; script-src 'self'  'unsafe-inline' https://vochlea.b-cdn.net https://www.googletagmanager.com https://*.google-analytics.com *.googleadservices.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://connect.facebook.net https://analytics.tiktok.com https://*.hotjar.com https://*.hotjar.io *.youtube.com https://cdn.rollbar.com cdn.mxpnl.com cdn4.mxpnl.com https://*.klarnaservices.com https://*.blackcrow.ai *.klaviyo.com https://cdnjs.cloudflare.com/ajax/libs/p5.js/1.5.0/p5.min.js https://www.redditstatic.com https://dev.visualwebsiteoptimizer.com http://app.vwo.com https://*.gorgias.chat https://*.amplitude.com https://polyfill.io https://www.gstatic.com https://app.adbeacon.com; img-src * https://res.cloudinary.com data: https://www.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://vochlea.b-cdn.net https://fonts.googleapis.com https://*.klarnacdn.net; manifest-src 'self'; frame-src https://*.facebook.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net https://*.klarnaservices.com https://td.doubleclick.net https://www.google.com/; media-src 'self' https://vochlea-website-media.s3.eu-west-2.amazonaws.com https://vochleaapp.b-cdn.net https://vochleaapp.b-cdn.net https://res.cloudinary.com/dfxpdvvqd/ https://cdn.vochlea.com; worker-src 'self' blob:; object-src 'none'; form-action 'self' https://api.vochlea.com https://*.facebook.com; frame-ancestors https://*.facebook.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src * blob:; 1
frame-ancestors 'self' https://*.mr63.ca; 1
default-src 'self' *.googletagmanager.com;script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' snap.licdn.com cdn.cookielaw.org *.googleadservices.com googleads.g.doubleclick.net *.stobag.com app.friendlyanalytics.ch plausible.io www.youtube.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.googleapis.com *.pinimg.com *.adform.net;style-src 'unsafe-inline' 'report-sample' 'self' *.stobag.com *.googleapis.com;object-src 'none';base-uri 'self' *.stobag.com;connect-src 'self' ct.pinterest.com cdn.linkedin.oribi.io pagead2.googlesyndication.com cdn.cookielaw.org googleadservices.com google.ca *.google-analytics.com plausible.io app.friendlyanalytics.ch *.onetrust.com *.google.com *.g.doubleclick.net api-eu-central-1.graphcms.com/v2/ *.execute-api.eu-central-1.amazonaws.com maps.googleapis.com *.stobag.com;font-src 'self' insights.stobag.com data: fonts.gstatic.com;frame-src 'self' td.doubleclick.net track.adform.net www.youtube.com ct.pinterest.com *.office365.com;frame-ancestors 'self' www.stobag.com;img-src 'self' *.linkedin.com www.google-analytics.com cdn.cookielaw.org *.stobag.com googleads.g.doubleclick.net *.google.com *.google.pl *.google.de *.google.ch *.google.at *.google.ca www.googletagmanager.com www.facebook.com img.youtube.com i.ytimg.com data: ct.pinterest.com google-analytics.com maps.gstatic.com media.graphassets.com media.graphcms.com maps.googleapis.com media.stobag.com;manifest-src 'self';media-src 'self' media.graphassets.com;report-uri https://6231c7455ed9d70485bf199c.endpoint.csper.io/?v=0;worker-src 'self' 1
frame-ancestors https://www.petsdrool.com https://healthierpetveterinarycare.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://podcastindex.social; img-src 'self' https: data: blob: https://podcastindex.social; style-src 'self' https://podcastindex.social 'nonce-MkBDdSkK3exiXwJcMWFnoA=='; media-src 'self' https: data: https://podcastindex.social; frame-src 'self' https:; manifest-src 'self' https://podcastindex.social; form-action 'self'; child-src 'self' blob: https://podcastindex.social; worker-src 'self' blob: https://podcastindex.social; connect-src 'self' data: blob: https://podcastindex.social https://cdn.masto.host wss://podcastindex.social; script-src 'self' https://podcastindex.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hometech.social; img-src 'self' https: data: blob: https://hometech.social; style-src 'self' https://hometech.social 'nonce-WOvXVcODqq4/MBp38hCydg=='; media-src 'self' https: data: https://hometech.social; frame-src 'self' https:; manifest-src 'self' https://hometech.social; form-action 'self'; connect-src 'self' data: blob: https://hometech.social https://assets.hometech.social wss://hometech.social; script-src 'self' https://hometech.social 'wasm-unsafe-eval'; child-src 'self' blob: https://hometech.social; worker-src 'self' blob: https://hometech.social 1
default-src https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self';	style-src 'self' 'unsafe-inline'         https://*.googleapis.com https://*.browsealoud.com        https://static.abfallplus.de https://api.abfall.io        https://www.biwapp.de         https://*.b-ite.com        https://api.service-digitale-verwaltung.de;	img-src 'self' 'unsafe-inline' data: *.active-city.net *.active-city.de         media.lk-goerlitz.active-city.net        *.ytimg.com         https://maps.gstatic.com https://*.ggpht.com         https://*.browsealoud.com https://www.google-analytics.com        https://www.google.com https://csi.gstatic.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com        https://static.abfallplus.de        https://*.b-ite.com        https://www.biwapp.de;	script-src 'self' 'unsafe-inline' *.active-city.net *.active-city.de         https://piwik.lk-goerlitz.active-city.net         media.lk-goerlitz.active-city.net        https://*.browsealoud.com https://www.google-analytics.com         https://maps.googleapis.com https://www.googletagmanager.com https://apis.google.com         https://*.b-ite.com        https://api.abfall.io https://static.abfallplus.de        https://www.biwapp.de        https://api.service-digitale-verwaltung.de;	media-src 'self' data: blob:        *.active-city.net *.active-city.de;	frame-src 'self' *.active-city.net *.active-city.de         www.youtube.com www.youtube-nocookie.com         player.vimeo.com        katstab.blogspot.de         www.blitzvideoserver.de         firmen.standort-sachsen.de immobilien.standort-sachsen.de        publikationen.strategie-planung.landkreis.gr publikationen.kreis-goerlitz.de         publikationen.tourismus-marketing.landkreis.gr         lk-goerlitz.active-city.net media.lk-goerlitz.active-city.net        www.yumpu.com        https://dk2wss784le25.cloudfront.net/player/e1686127920500/default/embed        https://content.googleapis.com;     frame-ancestors 'self'         www.kreis-goerlitz.de         intranet        http://*.landkreis.gr https://*.landkreis.gr        http://xn--kreis-grlitz-bjb.de https://xn--kreis-grlitz-bjb.de http://www.xn--kreis-grlitz-bjb.de https://www.xn--kreis-grlitz-bjb.de        https://*.landkreis.tips;    font-src 'self'         https://fonts.gstatic.com;    connect-src 'self'         https://piwik.lk-goerlitz.active-city.net         https://*.browsealoud.com https://speech.speechstream.net https://*.texthelp.com        https://www.google-analytics.com https://stats.g.doubleclick.net         https://*.b-ite.com        https://api.abfall.io        https://www.biwapp.de        https://api.service-digitale-verwaltung.de;    report-uri https://sentry.zmart-ivent.de/api/25/security/?sentry_key=423799354ea44b2999c8fa073f59950f 1
default-src 'self' 'self' https://res.electrocd.com https://electropresence.com https://*.vimeo.com https://*.youtube.com; font-src 'self' *; img-src 'self' *; script-src 'self' 'nonce-Q3VDZ2p1amVfUlJxejMzMXZNbnN2UVc3OlZvT1ZZdVNid2NKTyNjQ044OkQ7Kk5wNi5tI1k0a2dsP0pwXnc3Ug=='; style-src 'self' 'nonce-Q3VDZ2p1amVfUlJxejMzMXZNbnN2UVc3OlZvT1ZZdVNid2NKTyNjQ044OkQ7Kk5wNi5tI1k0a2dsP0pwXnc3Ug=='; worker-src 'self' 'nonce-Q3VDZ2p1amVfUlJxejMzMXZNbnN2UVc3OlZvT1ZZdVNid2NKTyNjQ044OkQ7Kk5wNi5tI1k0a2dsP0pwXnc3Ug=='; frame-ancestors 'self' 1
default-src 'self' https://*.google.com https://www.youtube.com; media-src 'self' https://grupofuertes.com https://bodegasluzon.com; font-src * data:; img-src https://* data: blob:; script-src * 'unsafe-inline' https://*.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.google.com blob:; style-src * 'unsafe-inline';frame-src 'self' https://*.elpozo.com https://*.google.com https://*.google.es https://*.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; connect-src 'self' https://*.google.com https://*.youtube.com https://*.google-analytics.com https://*.nitrocdn.com https://*.tiktok.com https://forms.hscollectedforms.net https://forms.hubspot.com https://*.getnitropack.com https://apir.nixi1.com https://api.1millionbot.com https://*.doubleclick.net wss://socket.1millionbot.com; 1
default-src 'self' 'unsafe-inline' https: investpsp.com  d1r5dcn0jf9md3.cloudfront.net geolocation.onetrust.com cookie-cdn.cookiepro.com maps.googleapis.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://s.ytimg.com https://i.ytimg.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://maps.googleapis.com data: https://investpsp.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://www.youtube-nocookie.com https://www.google-analytics.com  https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://platform.linkedin.com https://s7.addthis.com https://platform.twitter.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://maps.googleapis.com https://www.gstatic.com https://s.ytimg.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://investpsp.com ; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: https://investpsp.com 1
frame-ancestors https://consumerportaladmin.ltcg.com; img-src * 'self' blob: data:; default-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://dev-960481.oktapreview.com https://ltcgextsso.oktapreview.com https://ltcgextsso.okta.com https://ok1static.oktacdn.com https://cdn.jsdelivr.net https://pro.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://fonts.gstatic.com blob: data: gap: content: 1
default-src 'self'; base-uri 'none'; object-src 'none';frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; font-src 'self' data:; upgrade-insecure-requests; 1
frame-ancestors 'self' https://rtspro.com https://www.rtspro.com https://rtspro.dev https://www.rtspro.dev; report-uri https://www.rtsinc.com/report-uri/enforce 1
font-src 'self' data: https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';  frame-src 'self' https://*.googleapis.com/ https://www.google-analytics.com https://www.google.com/ https://accounts.google.com/; base-uri 'self';child-src 'self';frame-ancestors ;block-all-mixed-content;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com/ https://www.google-analytics.com http://cdnjs.cloudflare.com/  https://www.googletagmanager.com/  https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/  https://www.facebook.com/ https://maps.googleapis.com; connect-src 'self' https://*.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app;  style-src 'self' 'unsafe-inline' *.googleapis.com cdn.jsdelivr.net;  img-src * blob: data:;  media-src 'self' static.mitchellh.com;  connect-src *;  font-src 'self' fonts.gstatic.com cdn.jsdelivr.net;  frame-src giscus.app 1
frame-ancestors 'self' *.aws.sfdc.cl *.exacttarget.com *.marketingcloudapps.com *.marketingclouddevapps.com *.marketingcloudqaapps.com *.marketingcloudtestapps.com *.marketingcloudstageapps.com *.marketingcloudapps.local *.marketingcloudapps.local.sfdc.net *.local.sfdc.net *.exct.net *.salesforce.com *.aws-dev2-uswest2.aws.sfdc.cl 1
base-uri 'self';connect-src 'self' ws: https://*.westtoer.be https://vimeo.com https://*.vlaanderen.be https://tris.westtoer.be https://geoserver.westtoer.be https://*.google-analytics.com https://bam.nr-data.net https://westtoer-winrecommender-prod.ausy.solutions https://*.analytics.google.com https://stats.g.doubleclick.net;default-src 'self' https://*.ausy.solutions https://*.westtoer.be https://*.vimeo.com;form-action 'self' https://*.list-manage.com;img-src 'self' data: https://*.ausy.solutions https://*.westtoer.be https://*.openstreetmap.org https://*.openstreetmap.be https://tris.westtoer.be https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com https://www.facebook.com https://www.google.be/ads/ga-audiences;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.fontawesome.com https://*.googletagmanager.com https://*.juicer.io https://*.jsdelivr.net https://connect.facebook.net https://*.newrelic.com https://*.cumul.io https://apps.elfsight.com https://s3.amazonaws.com/downloads.mailchimp.com;style-src 'self' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.mailchimp.com;font-src 'self' https://www.dekust.be;frame-src https://www.youtube.com https://proximusanalytics.cumul.io https://player.vimeo.com https://*.spotify.com https://*.issuu.com https://www.google.com https://cms.westtoer.be https://*.nodemapp.com https://www.routechirurg.be https://westtoer.virtualtour.poppr.be;frame-ancestors 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss://*.tawk.to:* 1
frame-ancestors 'self'; report-uri https://www.powerconstruction.net/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ajax.googleapis.com www.google.com www.gstatic.com fonts.googleapis.com fast.wistia.com beacon-v2.helpscout.net googletagmanager.com https://www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com; img-src 'self' data: www.gstatic.com embedwistia-a.akamaihd.net embed-fastly.wistia.com wp-rocket.me fast.wistia.com secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net; connect-src 'self' pipedream.wistia.com d3hb14vkzrxvla.cloudfront.net distillery.wistia.com beaconapi.helpscout.net https://www.google-analytics.com www.google-analytics.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none' ; media-src 'self' fast.wistia.net blob;; frame-src 'self' data: www.google.com wp-rocket.me www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.sydneypropertyvaluation.com.au?gdsih-csp-report; 1
default-src https: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; report-to default 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.ytimg.com *.youtube.com *.gravatar.com *.yoast.com yoast.com cdnjs.cloudflare.com github.com brainstormforce.github.io googleads.g.doubleclick.net google-analytics.com *.google-analytics.com *.google.com.br *.twillio.com *.cloudfront.net *.rdstation.com.br 1
default-src 'self' https://gridradar.net/; font-src *; img-src * data:; script-src 'unsafe-inline' https://gridradar.net/ https://notstromdiesel.com/; style-src 'unsafe-inline' https://gridradar.net/ https://notstromdiesel.com/; frame-ancestors 'self' https://notstromdiesel.com https://www.netzfrequenzmessung.de https://netzfrequenzmessung.de; 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; report-uri https://c.dwm.si/reports; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-to reppoint 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.eu; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.googletagservices.com www.google.com pagead2.googlesyndication.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info auth.airnewzealand.co.nz auth.airnewzealand.eu ssl.google-analytics.com cdnjs.cloudflare.com res.levexis.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' video.cdnvue.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.eu identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-ddd16e6a4072b6c16becd6f0fd1463fe'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://www.google-analytics.com https://matomo-01.smply.gd.codes/ https://swarmcrawler.datareporter.eu/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://code.jquery.com https://webcache.datareporter.eu/ https://matomo-01.smply.gd.codes/ https://www.googletagmanager.com/ https://swarmcrawler.datareporter.eu/; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://webcache.datareporter.eu/; form-action 'self'; base-uri 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://origin.acuityplatform.com https://e.acuityplatform.com https://secure.adnxs.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://ums.acuityplatform.com https://connect.facebook.net https://tpc.googlesyndication.com https://tr.contextweb.com https://bh.contextweb.com https://epidiolex-medinfo-c.uat.v3.chat.conversationhealth.com https://epidiolex-medinfo-c.prod.v3.chat.conversationhealth.com https://aim-tag.hcn.health https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://origin.acuityplatform.com https://e.acuityplatform.com https://secure.adnxs.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://ums.acuityplatform.com https://connect.facebook.net https://tpc.googlesyndication.com https://tr.contextweb.com https://bh.contextweb.com https://epidiolex-medinfo-c.uat.v3.chat.conversationhealth.com https://epidiolex-medinfo-c.prod.v3.chat.conversationhealth.com https://aim-tag.hcn.health https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net http://hello.myfonts.net https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.epidiolex.com/report-uri/enforce 1
default-src 'self' https:; font-src 'self' https: data: data://* use.typekit.net; img-src 'self' https: data: my.raspberrypi.org profiles-production.s3.eu-west-1.amazonaws.com p.typekit.net images.ctfassets.net; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com use.typekit.net tagmanager.google.com https://*.cookiebot.com; style-src 'self' https: 'unsafe-inline' use.typekit.net; connect-src 'self' https://api.postcodes.io https://*.google-analytics.com https://*.typekit.net https://api-cdn.embed.ly https://*.stripe.com https://*.cookiebot.com; frame-ancestors 'self' https://trinket.io https://*.trinket.io 1
default-src 'self' blob: *.onlineumfragen.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.onlineumfragen.com www13.onlineumfragen.com:85 https://www.googletagmanager.com https://www.google-analytics.com ajax.googleapis.com www.googleadservices.com platform.twitter.com translate.google.com translate.googleapis.com www.google.com www.gstatic.com code.highcharts.com *.cloudflare.com extreme-ip-lookup.com https://embed.tawk.to https://cdn.jsdelivr.net https://salenti.de global.localizecdn.com https://polyfill.io https://cdn.jsdelivr.net/npm/mathjax@3/ https://cdn.mathjax.org https://cdn.datatables.net https://assets.adobedtm.com cdn.3cx.com; connect-src 'self' www.onlineumfragen.com cust.onlineumfragen.com https://www5.onlineumfragen.com http://*.amazonaws.com https://*.amazonaws.com translate.googleapis.com translate.google.com extreme-ip-lookup.com https://salenti.de global.localizecdn.com https://*.tawk.to wss://*.tawk.to seal.beyondsecurity.com *.twitter.com www13.onlineumfragen.com:85 *.onlineumfragen.com https://www.googletagmanager.com https://www.google-analytics.com maps.google.ch www.googleadservices.com http://92.42.184.213 *.cloudflare.com ups.xplosion.de *.doubleclick.net *.googlesyndication.com www.gstatic.com www.google.com www.evu-benchmarking.ch chart.googleapis.com api.qrserver.com https://bildungsplan-bw-ext.pirobase.de https://cdn.datatables.net; img-src 'self' data: blob: http://localhost www.onlineumfragen.com cust.onlineumfragen.com http://*.amazonaws.com https://*.amazonaws.com seal.beyondsecurity.com *.twitter.com www13.onlineumfragen.com:85 *.onlineumfragen.com https://www.googletagmanager.com https://www.google-analytics.com maps.google.ch www.googleadservices.com http://92.42.184.213 *.cloudflare.com ups.xplosion.de *.doubleclick.net *.googlesyndication.com salenti.de translate.googleapis.com translate.google.com www.gstatic.com www.google.com www.evu-benchmarking.ch chart.googleapis.com api.qrserver.com global.localizecdn.com https://bildungsplan-bw-ext.pirobase.de https://cdn.datatables.net https://embed.tawk.to https://privacy-seal.heydata.eu; media-src 'self' blob: www.onlineumfragen.com cust.onlineumfragen.com *.sensiqol.ch; style-src 'self' 'unsafe-inline' www.onlineumfragen.com cust.onlineumfragen.com fonts.googleapis.com translate.googleapis.com https://cdn.datatables.net https://embed.tawk.to; frame-src 'self' www.onlineumfragen.com cust.onlineumfragen.com *.twitter.com www.youtube.com maps.google.ch www.google.com *.onlineumfragen.com www.facebook.com https://salenti.de; font-src 'self' data: blob: www.onlineumfragen.com cust.onlineumfragen.com fonts.gstatic.com https://cdn.jsdelivr.net/npm/mathjax@3/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://cdn.mathjax.org https://embed.tawk.to; object-src 'self' blob: www.onlineumfragen.com cust.onlineumfragen.com www.youtube.com; 1
frame-ancestors 'self' https://*.fingerhaus.de https://*.insignio-online.de; 1
frame-ancestors https://*.vgn.at https://*.tv-media.at https://*.news.at https://*.trend.at https://*.woman.at https://*.yachtrevue.at https://*.gusto.at https://*.lustaufsleben.at https://autorevue.at https://*.autorevue.at; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://na2.visioncritical.com https://*.na2.visioncritical.com https://na2.alida.com https://*.na2.alida.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.conveniencestore.co.uk; 1
default-src data: https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: https://d10lpsik1i8c69.cloudfront.net/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.azurewebsites.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.azurewebsites.net; font-src 'self' *.azurewebsites.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.azurewebsites.net; media-src 'self' data: blob:; child-src 'self' *.cowmanager.com *.spotify.com https://www.buzzsprout.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.selectsires.com *.addthis.com *.issuu.com *.cognitoforms.com; connect-src 'self' *.microsoftonline.com *.microsoftonline.us *.windows.net accounts.google.com https://www.google-analytics.com https://*.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.azurewebsites.net https://dc.services.visualstudio.com wss:; frame-ancestors 'self' *.selectsires.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-hC0T6S5T7NQA69AULfevK7SEXKUQjBN19EFUXMVAJo40njtp' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
upgrade-insecure-requests; block-all-mixed-content; disown-opener; referrer no-referrer-when-downgrade; default-src https://parked-domain.net; style-src https://parked-domain.net 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://schleuss.online; img-src 'self' https: data: blob: https://schleuss.online; style-src 'self' https://schleuss.online 'nonce-uWBxUH0St9TpN8GutJb9vw=='; media-src 'self' https: data: https://schleuss.online; frame-src 'self' https:; manifest-src 'self' https://schleuss.online; form-action 'self'; child-src 'self' blob: https://schleuss.online; worker-src 'self' blob: https://schleuss.online; connect-src 'self' data: blob: https://schleuss.online https://schleuss.online wss://schleuss.online; script-src 'self' https://schleuss.online 'wasm-unsafe-eval' 1
default-src 'self';script-src  'report-sample' 'self'  'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tagmanager.google.com cookie-cdn.cookiepro.com  geolocation.onetrust.com https://www.google-analytics.com/ https://cdn.jsdelivr.net/ https://bam.nr-data.net/ https://bam-cell.nr-data.net/1/75e26b1af6 https://cdnjs.cloudflare.com/ajax/libs/svg.js/2.6.3/svg.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.js https://js-agent.newrelic.com/ http://static.hotjar.com/c/hotjar-1304386.js https://script.hotjar.com/ https://static.hotjar.com/c/hotjar-1304386.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://*.googletagmanager.com/ https://www.gstatic.com/;style-src 'report-sample' 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';connect-src 'self' wss://*.hotjar.com/ https://*.hotjar.io/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.google.dz cookie-cdn.cookiepro.com privacyportal.cookiepro.com geolocation.onetrust.com https://bam.nr-data.net https://bam-cell.nr-data.net https://in.hotjar.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.google-analytics.com;font-src 'self' https://fonts.gstatic.com data: https://cdn.jsdelivr.net  https://themes.googleusercontent.com;frame-src 'self' https://vars.hotjar.com https://www.google.com;img-src 'self' data: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.google.dz cookie-cdn.cookiepro.com https://www.google-analytics.com/ ;manifest-src 'self';media-src 'self';report-uri https://621367c35ba895d32b8a7882.endpoint.csper.io/?v=2;worker-src 'none'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' data:  cdn.jsdelivr.net code.jquery.com  cdnjs.cloudflare.com  cdn.datatables.net www.google.com www.google-analytics.com/analytics.js api.bigzeta.com cdn.bigzeta.com www.gstatic.com www.googletagmanager.com cdn.paddle.com store.tms-plugins.com  www.googletagmanager.com www.gstatic.com/recaptcha emails.micross.com maps.googleapis.com www.google.com/* www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js *.gstatic.com/feedback/ www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js www.gstatic.com/recaptcha/releases/6TWYOsKNtRFaLeFqv5xN42-l/recaptcha__en.js ajax.googleapis.com; style-src 'self' 'unsafe-inline'  cdn.datatables.net  https://code.jquery.com https://fonts.googleapis.com https://www.google.com https://hello.myfonts.net/count/35217e store.tms-plugins.com; font-src 'self' data: *; default-src 'self' * 127.0.0.1; img-src 'self' https: data:; child-src data:; media-src data: *; frame-src 'self' www.google.com/ analytics.clickdimensions.com/microsscom-afkiz/ www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-NmxISnNCcWN2akkyK3lCMVNlMmYyOW5wNWR4LzRxM1NZUUVydm0xZHMxND06MlRlUXhsYmIra3Bhd210TmZZaW5qT0d1cTVvMG9jempEVElZMlNvTjZSVT0=' blob:;script-src-elem 'strict-dynamic' 'nonce-NmxISnNCcWN2akkyK3lCMVNlMmYyOW5wNWR4LzRxM1NZUUVydm0xZHMxND06MlRlUXhsYmIra3Bhd210TmZZaW5qT0d1cTVvMG9jempEVElZMlNvTjZSVT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: pve.ziroh.be;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
upgrade-insecure-requests; default-src 'self' https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.cloudflare.com https://*.jquery.com https://*.datatables.net https://*.fontawesome.com/ https://*.squareup.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.cloudflare.com https://*.jquery.com https://*.datatables.net https://*.fontawesome.com/ https://*.squareup.com; style-src 'self' 'unsafe-inline' https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.cloudflare.com https://*.jquery.com https://*.datatables.net https://*.fontawesome.com/ https://*.squareup.com; img-src 'self' data: https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.cloudflare.com https://*.jquery.com https://*.datatables.net https://*.fontawesome.com/ https://*.squareup.com; connect-src 'self' https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.cloudflare.com https://*.jquery.com https://*.datatables.net https://*.fontawesome.com/ https://*.squareup.com; font-src 'self' https://*.onlineordersnow.com https://*.onlineordersnow.net https://*.customer2you.com https://*.customer2you.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com  https://*.datatables.net https://*.fontawesome.com/; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
frame-ancestors self cms.semper.se cms.semper.dk cms.semper.fi cms.semper.no *.platformsh.site 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru https://*.ytimg.com http://awards.ratingruneta.ru cdn3.caltat.com https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.legalcdn.org https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net; frame-src 'self' https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net; object-src 'self' https://*.legalcdn.com http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; worker-src 'self' blob:; report-uri /csp-report/; 1
script-src 'self' www.youtube.com www.google.com/maps/ hcaptcha.com *.hcaptcha.com maps.googleapis.com *.seznam.cz c.imedia.cz www.zbozi.cz www.googletagmanager.com www.youtube-nocookie.com pixel.biano.cz bianopixel.com cz.bianopixel.com im9.cz connect.facebook.net *.google.com *.gstatic.com *.ppl.cz *.mapy.cz https://postback.affiliateport.eu/track.js https://tracking.affiliateport.eu/ https://tracking.affiliateclub.cz/ 'nonce-fc9a78c52dc2d7329ee182945b1f480d' www.roomvo.com partner-events.favicdn.net 'nonce-2b96054c0abc425bcc72893b6fef830f' matomo.reklalink.cz 'nonce-ade54a8a8ec235e9e7ea89a7104a4841' *.googletagmanager.com *.google-analytics.com *.doubleclick.net 'nonce-e5a0389e967fa8aa90729fa7d263949e' https://*.smartsuppchat.com https://*.smartsuppcdn.com;connect-src 'self' hcaptcha.com *.hcaptcha.com maps.googleapis.com *.facebook.com stats.g.doubleclick.net pagead2.googlesyndication.com google.com *.google.com *.google.cz googleads.g.doubleclick.net p.biano.cz cz.bianopixel.com im9.cz *.dhl.com *.mapy.cz affiliateport.scaletrk.com www.roomvo.com partner-events.favi.cz partner-events.favi.sk matomo.reklalink.cz *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.smartsupp.com wss://*.smartsupp.com;img-src 'self' data: maps.gstatic.com *.seznam.cz *.googletagmanager.com *.google.com *.google.cz *.google.sk *.google.at *.google.de *.google.hu *.google.com.tr *.heureka.sk pagead2.googlesyndication.com googleads.g.doubleclick.net *.youtube.com *.googleapis.com www.facebook.com *.mapy.cz *.ppl.cz *.heureka.cz matomo.reklalink.cz *.google-analytics.com *.googletagmanager.com *.gstatic.com https://*.smartsuppcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com hcaptcha.com *.hcaptcha.com *.mapy.cz *.ppl.cz *.googletagmanager.com https://*.smartsuppcdn.com https://*.smartsuppchat.com;font-src 'self' fonts.gstatic.com data: *.mapy.cz *.ppl.cz;frame-ancestors hcaptcha.com *.hcaptcha.com *.facebook.com www.roomvo.com;base-uri 'self';form-action 'self' *.csob.cz *.facebook.com *.paypal.com;report-uri https://www.vavex.cz/?action=report-to;report-to default;default-src 'none';child-src www.youtube.com www.google.com/maps/ hcaptcha.com *.hcaptcha.com widget.packeta.com www.zbozi.cz *.facebook.com maps.gls-czech.cz www.youtube-nocookie.com *.google.com b2c.cpost.cz kolekce.vavex.cz seznam.cz www.roomvo.com *.googletagmanager.com;media-src https://*.smartsuppcdn.com; 1
block-all-mixed-content; frame-ancestors *.ccm.net.br 1
style-src 'self' ir.ebaystatic.com https://cdn.jsdelivr.net/ 'nonce-oYnqKDh5bSt8pDqtHyGyaQ=='; default-src 'self' ir.ebaystatic.com https://cdn.jsdelivr.net/; frame-ancestors 'self'; form-action 'self' https://www.ebay.fr/ https://signin.ebay.fr; img-src 'self' ir.ebaystatic.com https://cdn.jsdelivr.net/ data: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.google.es 'nonce-oYnqKDh5bSt8pDqtHyGyaQ=='; connect-src 'self' ir.ebaystatic.com https://cdn.jsdelivr.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src 'self' ir.ebaystatic.com https://cdn.jsdelivr.net/ https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com 'nonce-oYnqKDh5bSt8pDqtHyGyaQ==' 1
block-all-mixed-content; frame-ancestors *.i2go.com.br 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * data: 'unsafe-inline'; frame-src *; font-src https://fonts.gstatic.com data: 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.quadia.net/quadia.player.min.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://cdn.pricespider.com blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; img-src 'self' https://assets.msd-animal-health.com https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 1
font-src *.gstatic.com *.typekit.net 'self' data:; script-src *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.google.pl *.typekit.net *.facebook.net *.livechatinc.com *.adform.net *.3destate.pl *.cookiepro.com *.odysseycrew.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com *.typekit.net 'self' 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors *.cylex-belgie.be 1
img-src * data: *; 1
default-src 'self' danq.me *.danq.me *.wp.com public-api.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' danq.me *.danq.me *.wp.com; style-src 'self' 'unsafe-inline' *.wp.com; img-src * 'self' data: *.wp.com; font-src 'self' data:; frame-src 'self' danq.me *.danq.me www.youtube-nocookie.com w.soundcloud.com embed.ted.com *.wp.com videopress.com map.geohashing.site; worker-src 'self' danq.me; report-uri https://danq.report-uri.com/r/d/csp/enforce 1
default-src 'none'; script-src https: 'unsafe-inline'; connect-src *; img-src https: data:; style-src https: 'unsafe-inline'; font-src *; base-uri 'self'; form-action 'self'; child-src https:; frame-src https: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google.com https://platform.twitter.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.xj-storage.jp/public-graph/table/AS02420/ https://www.xj-storage.jp/public-graph-at/table/AS02420/ https://www.xj-storage.jp/public-list/ https://cache.dga.jp/s/sanyodk/ https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/ https://platform.twitter.com/widgets.js https://www.clarity.ms/ https://extend.vimeocdn.com/ga/ https://cdn.cookie.sync.usonar.jp/ https://ip2c.landscape.co.jp/lbcapi/ https://apis.usonar.jp/alog/ https://partner.googleadservices.com/ https://cookie.sync.usonar.jp/v1/ https://www.gstatic.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-c65bf73144e96337d549b9f5995fba41'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' cdn.pricespider.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.pricespider.com pghub.io *.doubleclick.net connect.facebook.net js.adsrvr.org apps.bazaarvoice.com www.google.com *.doubleclick.net *.gstatic.com *.youtube.com cdnjs.cloudflare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' td.doubleclick.net insight.adsrvr.org www.facebook.com pandg.tapad.com pgconsumersupport.secure.force.com pg-lex.my.salesforce-sites.com *.youtube.com feed.pghub.io ; img-src 'self' data: images.ctfassets.net *.cloudinary.com www.google-analytics.com pixel.tapad.com www.facebook.com *.pricespider.com *.ytimg.com *.bazaarvoice.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.doubleclick.net www.facebook.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ladesk.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://static.zdassets.com https://widget-mediator.zopim.com https://media.twiliocdn.com https://sdk.twilio.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data:  https://feedback-api.mendix.com https://fonts.gstatic.com https://fonts.googleapis.com https://ekr.zdassets.com https://portmaster.zendesk.com https://id.zopim.com https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://eventgw.twilio.com https://media.twiliocdn.com wss://voice-js.ashburn.twilio.com https://eventgw.us1.twilio.com wss://widget-mediator.zopim.com wss://portmaster.zendesk.com wss://voice-js.roaming.twilio.com wss://localhost.qz.io:8181 wss://localhost.qz.io:8282 wss://localhost.qz.io:8383 wss://localhost.qz.io:8484 wss://localhost:8181 wss://localhost:8282 wss://localhost:8383 wss://localhost:8484; font-src 'self' data:  https://fonts.gstatic.com; frame-src 'self' https://*.ladesk.com https://www.google.com; img-src 'self' data: https://*.ladesk.com *.portmaster.net https://portmaster.zendesk.com; manifest-src 'self'; media-src 'self' mediastream https://media.twiliocdn.com https://sdk.twilio.com https://static.zdassets.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://wasm.vendidero.de; 1
default-src 'self' data: https://framacarte.org https://umap.openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framacarte.org https://umap.openstreetmap.fr; object-src 'self'; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' 1
frame-src https://*.google.com https://*.kudoscasino.com https://*.redcherry.casino https://*.youtube.com https://*.vimeo.com https://lobby.kudoscasino.com:3072 https://cdk.redcherry.casino:2072 https://plugins.tawk.to https://embed.tawk.to 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.onlinebanktours.com https://cdn.oectours.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://secure.adnxs.com https://analytics.google.com https://*.lkcsmap.com https://*.app-us1.com https://trackcmp.net https://*.schemaapp.com https://*.ascensus.com https://*.atandotech.com wss://*.hotjar.com https://mycfcu.lkcsproof.com/ https://mycfcu.locatorsearch.net https://secure.na1.echosign.com https://mycfcu.na1.echosign.com https://*.youtube-nocookie.com https://*.formstack.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com https://*.nativechat.com; frame-ancestors 'self' https://www.youtube.com; 1
frame-src 'self' *.vimeo.com *.youtube.com *.e-nautadutilh.com; img-src 'self' *.vimeocdn.com *.youtube.com; style-src-elem 'self' 'nonce-HYwnXBHfGwJPTluboajYWA=='; script-src-elem 'self' *.vimeo.com *.youtube.com *.nautadutilh.com 'nonce-HYwnXBHfGwJPTluboajYWA=='; style-src 'self' *.myfonts.net; default-src 'none'; connect-src 'self' vimeo.com *.nautadutilh.com; media-src 'self' *.vimeo.com *.vimeocdn.com; font-src 'self' data:; form-action 'self'; script-src 'self' *.vimeo.com 1
default-src 'self' nytimesineducation.com; style-src 'self' netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com 'unsafe-inline' ajax.googleapis.com; img-src 'self' 5290727.fls.doubleclick.net data: www.facebook.com www.google-analytics.com www.nytimes.com secure.gravatar.com www.gstatic.com www.googletagmanager.com; media-src 'self' data: ssl.gstatic.com; font-src 'self' data: www.slant.co maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com a1.nyt.com nytimesineducation.com www.google-analytics.com www.googletagmanager.com connect.facebook.net; connect-src 'self' nytimesineducation.com stats.g.doubleclick.net purr.nytimes.com www.google-analytics.com; object-src 'none'; upgrade-insecure-requests; report-uri https://csp.hullforge.com/d64a3 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-+Gt1phPBcCBxU/xtYdtpCg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' https://commonstock.com https://commonstock.dev https://beta.commonstock.com https://staging.commonstock.dev https://blackbird.staging.commonstock.com https://sentry.commonstock.com https://sentry.io https://o106819.ingest.sentry.io https://cdn.plaid.com https://www.googletagmanager.com https://www.google-analytics.com http://region1.google-analytics.com/ http://region1.analytics.google.com https://canny.io https://www.redditstatic.com https://www.googleadservices.com https://connect.facebook.net https://www.youtube.com/ 'sha256-7ZXHE8n0LNDPCpgeQjY2vgJpnWprfRwlC9Xc+FLAd24=' 'sha256-HbLmw0evtlmsWK5AqYlt2KFB8gw3LYsr9UUrcdxNzRQ=' 'sha256-kDYFuORVbh4PdSMf5e8Yz5E1Kh5Fhso5/L9U7VbZ3FE=' 'sha256-OrG+ErCxdskL21YLD117Yg8zkYeBVVwZ2MNJogatg9E=' 'sha256-0dzH8GYRgFy/elrK8/2X5CJuvXgT0RLdNY7mbOI10ew='; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.commonstock.com https://commonstock.com https://*.auth0.com wss://*.sendbird.com wss://*.commonstock.com https://*.sendbird.com https://*.herokuapp.com https://api-js.mixpanel.com https://*.giphy.com https://o106819.ingest.sentry.io https://api.allorigins.win https://sentry.io vitals.vercel-insights.com https://*.split.io https://*.canny.io https://www.google-analytics.com http://region1.google-analytics.com http://region1.analytics.google.com https://www.googletagmanager.com https://lh3.googleusercontent.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; report-uri https://o106819.ingest.sentry.io/api/5532799/security/?sentry_key=839f322960d6466bb8503aa7fc848157; 1
frame-ancestors 'self' https://*.veniocrm.com https://*.empeo.com https://*.myempeo.com https://*.gofive.co.th https://*.etaxgo.com https://*.tks.co.th; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self'; script-src 'self' veeva.link *.veeva.link cookiebot.com *.cookiebot.com platform.twitter.com *.platform.twitter.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://connect.facebook.net http://www.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net http://*.addthis.com http://*.addthisedge.com http://*.facebook.com https://*.facebook.com http://*.linkedin.com https://*.linkedin.com https://*.googletagmanager.com http://bat.bing.com https://bat.bing.com http://tagmanager.google.com https://tagmanager.google.com https://widget.trustpilot.com https://partners.bymiles.co.uk https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net blob: https://api.luckyorange.com https://api-preview.luckyorange.com https://www.google.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hscollectedforms.net https://www.googleoptimize.com https://static.zdassets.com https://widget-mediator.zopim.com https://cdn-cookieyes.com https://js.appboycdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://optimize.google.com https://www.googleoptimize.com https://d10lpsik1i8c69.cloudfront.net https://*.zendesk.com wss://widget-mediator.zopim.com https://bymiles.zendesk.com https://v2assets.zopim.io https://*.zdusercontent.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: http://www.iconj.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://*.google.com https://stats.g.doubleclick.net http://www.googleadservices.com http://googleads.g.doubleclick.net http://www.google.com https://ssl.gstatic.com https://gstatic.com http://bat.bing.com https://bat.bing.com https://www.facebook.com https://www.gstatic.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net https://www.googletagmanager.com https://*.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://cdn-cookieyes.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu; frame-src 'self' http://*.addthis.com http://*.addthisedge.com https://*.doubleclick.net http://widget.trustpilot.com https://widget.trustpilot.com https://optimize.google.com https://www.facebook.com; connect-src 'self' https://pubsub.googleapis.com https://settings.luckyorange.net https://api.luckyorange.com https://api-preview.luckyorange.com https://bat.bing.com https://*.google-analytics.com https://www.google.com https://tagmanager.google.com http://*.facebook.com https://*.facebook.com wss://in.visitors.live wss://visitors.live/socket.io/ wss://*.visitors.live https://*.doubleclick.net https://*.browser-intake-datadoghq.com https://*.browser-intake-datadoghq.eu https://*.zendesk.com wss://widget-mediator.zopim.com https://id.zopim.com https://widget-mediator.zopim.com https://*.zdassets.com https://checkout.test.bymiles.co.uk https://checkout.bymiles.co.uk https://cdn-cookieyes.com https://log.cookieyes.com https://directory.cookieyes.com https://consentlog.cookieyes.com https://*.googlesyndication.com https://sdk.fra-02.braze.eu; media-src 'self' https://d10lpsik1i8c69.cloudfront.net https://static.zdassets.com; worker-src 'self' blob: 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https: my-hr.co my-hr.co.il meku-app.co.il;object-src 'self' 'unsafe-inline' data: blob: https: my-hr.co my-hr.co.il meku-app.co.il;style-src 'unsafe-inline' https:;style-src-elem 'unsafe-inline' https: https://fonts.googleapis.com;img-src 'self' blob: data: https://maps.gstatic.com https://maps.googleapis.com https://mekusharim-storage-staging.s3.eu-central-1.amazonaws.com https://mekusharim-storage-pre-production.s3.eu-central-1.amazonaws.com https://mekusharim-storage.s3.eu-central-1.amazonaws.com https://mekusharim-storage-pre-prod.s3.eu-central-1.amazonaws.com;worker-src blob: https:;frame-src blob: data: https:; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: 1
font-src *;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'unsafe-inline' *; 1
default-src 'self' *.le-choix-funeraire.com; connect-src 'self' *.googleapis.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleadservices.com *.clarity.ms *.bing.com https://choixfuneraire.matomo.cloud https://api.privacy-center.org https://api.websitecarbon.com *.fontawesome.com; font-src 'self' data: *.le-choix-funeraire.com https://use.typekit.net https://fonts.googleapis.com *.gstatic.com *.fontawesome.com; frame-src 'self' https://www.google.com https://form.sorenir.app *.cybille.fr *.precom-obseques.fr *.doubleclick.net; img-src 'self' *.le-choix-funeraire.com 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.doubleclick.net *.bing.com *.clarity.ms *.precom-obseques.fr https://sdk.privacy-center.org https://choixfuneraire.matomo.cloud https://cdnjs.cloudflare.com; script-src 'self' *.le-choix-funeraire.com blob: 'unsafe-inline' 'unsafe-eval' https://cdn.dexem.net https://cdnjs.cloudflare.com https://sdk.privacy-center.org https://cdn.matomo.cloud https://unpkg.com *.bing.com *.clarity.ms *.precom-obseques.fr https://choixfuneraire.matomo.cloud *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.g.doubleclick.net *.googleadservices.com *.fontawesome.com; style-src 'self' *.le-choix-funeraire.com 'unsafe-inline' https://use.typekit.net https://p.typekit.net *.googleapis.com *.gstatic.com *.google.com *.precom-obseques.fr https://cdnjs.cloudflare.com 1
trusted-types goog#html; require-trusted-types-for 'script'; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; img-src 'self' https://www.google-analytics.com https://*.googleusercontent.com;connect-src 'self' https://www.google-analytics.com 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'sha256-+2CQsTBmL67wIZZdKLkHd5fqi2sZzI2oje6jIl84Txo=' 'sha256-HLBQn1sNU4DhemgxIF48K//FJCA9ScvZK2X8MOFpMl8=' 'sha256-Mn9a+A0kOH5TiTLQ1uueoNyM4W2h6gIiZ83loH+7WXk=' 'sha256-Q8JR3i2ipOVz+Q/KRoGDD+eObsDDIRqy2e0iWHWxxrw=' 'sha256-hqosPtP6ock2E4RAliLTSTF484oqKApsWrzaXn0k7eY=' 'sha256-rgwfwD3lNNIs5rlVRGasM07ZUOoG7O5BY9RQzEVN6Uw=' 'sha256-syei7sDTFcWhkJymWBTgelPMthd62urDy1o+ZErvmrY=' 'sha256-zXghGTnbqX2NF/X2kCaqO7D+GBfb5sWnclvtj7CaIhY=' 'report-sample' 'unsafe-inline' https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com;object-src 'none';frame-src 'self' www.google.com www.googletagmanager.com;child-src 'self' www.googletagmanager.com;img-src 'self' data: blob: *.google.com *.google-analytics.com www.googletagmanager.com;font-src 'self' data:;connect-src 'self' *.google.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self' content.futurefund.gov.au;worker-src 'self'; 1
frame-ancestors http://localhost:3000 http://dev.looka.com https://looka.com/ www.emcits.com 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com s88570519.t.eloqua.com/e/f2; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com ps-resources.github.io/es-offerings-site-feed; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
frame-ancestors 'self' https://*.force.com https://*.salesforce.com https://*.cloudforce.com https://*.visualforce.com https://*.crm.dynamics.com https://*.formstack.com https://*.my.site.com https://*.site.com 1
frame-ancestors self https://hpl-acceptance-app-portal.azurewebsites.net *.azurewebsites.net *.locaties.nl *.platform.sh 1
base-uri 'self'; default-src 'none'; connect-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net; font-src 'self' https: data: fonts.gstatic.com; form-action 'self' payment-webinit.sogenactif.com; frame-ancestors 'none'; frame-src www.youtube.com www.canva.com datawrapper.dwcdn.net *.timeanddate.com service.mtcaptcha.com service2.mtcaptcha.com; img-src 'self' https: data: ssl.gstatic.com www.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net service.mtcaptcha.com service2.mtcaptcha.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: gap: https://app.communiapp.de/ http://app.communiapp.de/ https://analytics.communiapp.de/ https://communiapp.de http://communiapp.de/ https://www.youtube.com/  https://socket.tidio.co https://socket.tidio.co wss://socket.tidio.co https://widget-v4.tidiochat.com https://code.tidio.co https://euc-widget.freshworks.com https://communi.freshdesk.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  https://zapier.com/ https://cdn.zapier.com https://api.zapier.com https://assets.zeeg.me https://api.zeeg.me/ https://zeeg.me/';  font-src 'self' data:;  frame-src 'self' https://zeeg.me/ https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/; img-src https://zapier-images.imgix.net https://secure.gravatar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https://communiapp.de http://communiapp.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ 1
default-src 'self' cycognito.com *.cycognito.com data: blob:; img-src data: * blob:; media-src 'self' cycognito.com *.cycognito.com youtube.com *.youtube.com vidyard.com *.vidyard.com       qualified.com *.qualified.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com; style-src 'self' 'unsafe-inline' cycognito.com *.cycognito.com mktoweb.com *.mktoweb.com vidyard.com *.vidyard.com *.comeet.co       mitre-attack.github.io app.getreprise.com *.brighttalk.com use.typekit.net p.typekit.net; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' cycognito.com *.cycognito.com *.bizible.com js.zi-scripts.com ws-assets.zoominfo.com       schedule.zoominfo.com clearbitjs.com *.clearbitjs.com clearbitscripts.com *.clearbitscripts.com clearbit.com *.clearbit.com       marketo.com *.marketo.com marketo.net *.marketo.net mktoweb.com *.mktoweb.com 6sc.co *.6sc.co googletagmanager.com       *.googletagmanager.com google-analytics.com *.google-analytics.com qualified.com *.qualified.com sentry.io *.sentry.io       vidyard.com *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com; connect-src 'self' ws: cycognito.com *.cycognito.com js.zi-scripts.com ws.zoominfo.com api.schedule.zoominfo.com *.algolia.net       *.algolianet.com *.algolia.io adnxs.com *.adnxs.com 6sc.co *.6sc.co mktoresp.com *.mktoresp.com qualified.com *.qualified.com       sentry.io *.sentry.io *.qualified.com clearbit.com *.clearbit.com *.algolia.net *.algolianet.com *.algolia.io       vidyard.com *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com google-analytics.com       *.google-analytics.com *.doubleclick.net; frame-src 'self' blob: cycognito.com *.cycognito.com qualified.com *.qualified.com mktoweb.com *.mktoweb.com *.youtube.com vidyard.com       *.vidyard.com *.comeet.co mitre-attack.github.io app.getreprise.com *.brighttalk.com; font-src 'self' data: cycognito.com *.cycognito.com use.typekit.net p.typekit.net; frame-ancestors cycognito.com *.cycognito.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-ul5u7maYIVtIpVuQc9QuYUVDEG41Hie5KLPNBXYGDTJhdTox' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: filesystem: https://cdn.allcorrectgames.com/ 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://assets.anadoluyatirim.com.tr 1
default-src https://p.phcdn.net; img-src https://p.phcdn.net data:; style-src https://p.phcdn.net 'unsafe-inline'; script-src https://p.phcdn.net; connect-src 'self'; frame-src 'self' https://www.youtube.com; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none' 1
connect-src 'self' matomo.com; default-src 'none'; font-src 'self'; frame-src 'self'; img-src 'self' data: secure.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://*.mapbox.com https://wbede1.res-online.net https://*.plazanet.de https://my.matterport.com https://*.plaza-premium.de https://*.dialogshift.com https://*.hotelpartner-ym.com; script-src 'self' 'unsafe-inline' https://*.mapbox.com https://wbede1.res-online.net https://*.plazanet.de https://my.matterport.com https://*.plaza-premium.de https://*.dialogshift.com https://*.hotelpartner-ym.com; worker-src blob: ; child-src https://my.matterport.com https://*.plaza-premium.de https://*.dialogshift.com https://*.hotelpartner-ym.com blob: ; img-src 'self' https://storage.googleapis.com/res-online-public/pictures/ https://*.hotelpartner-ym.com data: blob: ; connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://wbede1.res-online.net https://*.plazanet.de https://my.matterport.com https://*.plaza-premium.de https://core.prod.co25.net https://*.hotelpartner-ym.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' *.canopen.info *.can-cia.org *.gstatic.com *.google-analytics.com; img-src * 'unsafe-inline' data:; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com; media-src 'self' *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' cdn.datatables.net *.google.com *.gstatic.com *.googleapis.com; font-src 'self' s3.eu-central-1.amazonaws.com fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.canopen.info *.can-cia.org cdn.datatables.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com code.jquery.com *.google-analytics.com 1
manifest-src 'self' prodcd1.columbuschildrens.net prodcd1.onoursleeves.org; report-uri https://cahg.nationwidechildrens.org/CAHubGateway/api/Hub/ContentSecurityPolicyReport 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; base-uri 'self'; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-vT10o+po/lNGMDzwF2aLnA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://fgc.network wss://fgc.network;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io blob: feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgconsumersupport.secure.force.com pg-lex.my.salesforce-sites.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com cdn.cookielaw.org *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com; connect-src 'self'  *.doubleclick.net *.googleapis.com *.google-analytics.com; img-src data: *; style-src 'self' 'unsafe-inline' *.googleapis.com; form-action 'self'; frame-ancestors 'self' ; base-uri 'self'; frame-src 'self' *.gstatic.com *.google.com; media-src *; font-src * data:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-b66fcc8934aef5f3bb53087741bb9509'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' *.fons.app; child-src 'self' blob: intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net; connect-src 'self' *.fons.app www.google-analytics.com bam.nr-data.net *.plaid.com api.stripe.com *.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.smartlook.com *.smartlook.cloud *.amplitude.com *.bugsnag.com; font-src 'self' *.intercomcdn.com; form-action 'self' intercom.help api-iam.intercom.io calendly.com; frame-src cdn.plaid.com intercom-sheets.com js.stripe.com www.google.com; frame-ancestors https:; img-src https: blob: data:; media-src 'self' js.intercomcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d2wy8f7a9ursnm.cloudfront.net www.google.com www.google-analytics.com www.googletagmanager.com *.gstatic.com bam.nr-data.net cdn.plaid.com cdn.polyfill.io js.stripe.com *.intercom.io js.intercomcdn.com *.smartlook.com *.smartlook.cloud; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self' blob:; 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.youtube.com cdn.cookielaw.org *.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com ;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ;frame-ancestors 'none' 1
default-src 'self' https://player.vimeo.com/ https://*.formsite.com/ https://www.weezevent.com/ https://*.twitter.com/ https://staticxx.facebook.com/ https://www.facebook.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://services.ch-poitiers.fr/ https://connect.facebook.net/ https://*.twitter.com/ https://*.twimg.com/ https://*.formsite.com/ https://www.weezevent.com/ https://maps.googleapis.com/; connect-src 'self'; img-src 'self' data: https://secure.gravatar.com/ https://services.ch-poitiers.fr/  https://maps.googleapis.com/ https://maps.gstatic.com/ https://*.twitter.com/ https://*.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com https://*.twimg.com; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/ https://player.vimeo.com https://*.twitter.com https://www.facebook.com/; #child-src: 'self' https://player.vimeo.com/; 1
default-src  'self' https://files.urlfilterdb.com;                           img-src 'self' https://files.urlfilterdb.com https://sourceforge.net;  			 font-src https://files.urlfilterdb.com;  			 script-src 'self' 'unsafe-eval' 'unsafe-inline';  			 style-src 'self'  'unsafe-inline';  			 report-uri https://cgibin.urlfilterdb.com/cgi-bin/report-uri.pl 1
frame-ancestors https://portal.lendingusa.com/ https://www.personifyfinancial.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pagan.plus; img-src 'self' https: data: blob: https://pagan.plus; style-src 'self' https://pagan.plus 'nonce-IRdOitCTMN3Fv8adkRGupw=='; media-src 'self' https: data: https://pagan.plus; frame-src 'self' https:; manifest-src 'self' https://pagan.plus; connect-src 'self' data: blob: https://pagan.plus https://sb-pagan-plus.b-cdn.net wss://pagan.plus; script-src 'self' https://pagan.plus 'wasm-unsafe-eval'; child-src 'self' blob: https://pagan.plus; worker-src 'self' blob: https://pagan.plus 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-ig9gHb6ViBpLkLA1Yh8C5azxoJ70Qo7i7SGpPnZjRUQ=' 'nonce-Kt8QrxSZCm10/dQ+oxwjSg=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com https://www.googletagmanager.com aspire.qa; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src 'self' https://ucarecdn.com https://*.billionsofwindows.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' https://ucarecdn.com https://ajax.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://js.stripe.com https://ajax.aspnetcdn.com http://ajax.aspnetcdn.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; child-src 'self' https://*.youtube.com; base-uri 'self'; report-uri /csp-reports-fuckoff 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.square-enix.com *.onetrust.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net; img-src 'self' data: web3auth.io *.web3auth.io *.square-enix.com *.onetrust.com *.symbiogenesis.app authjs.dev blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.square-enix.com *.onetrust.com *.tor.us; object-src 'none'; frame-src 'self' *.symbiogenesis.app *.openlogin.com *.tor.us https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net; base-uri 'self'; form-action 'self' *.discord.com *.symbiogenesis.app *.square-enix.com; font-src 'self' fonts.gstatic.com; worker-src 'self' blob:; 1
object-src 'none'; script-src 'strict-dynamic' https: 'unsafe-inline' 'nonce-25TZ3wKOS5nnX-Vrhm_6eBxYoLkatvPx'; base-uri 'none' 1
frame-ancestors 'self' test-ui.cyclos.org demo-ui.cyclos.org demo-ui-bar.cyclos.org ui.testcyclos.circuitnederland.nl 1
base-uri 'self'; object-src 'none'; script-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gooogle.com https://snap.licdn.com https://www.google.com 'strict-dynamic' 'nonce-a8711f0dc1'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com bam.nr-data.net *.ytimg.com via.placeholder.com *.twitter.com *.twimg.com *.google.com *.gstatic.com *.googleapis.com *.idenet.se *.google-analytics.com *.msecnd.net *.rabaldermedia.se *.youtube.com *.vimeo.com https://vimeo.com *.vimeo.com *.licdn.com *.linkedin.com *.vimeocdn.com *.facebook.net *.quickchannel.com *.facebook.com *.polyfill.io polyfill.io *.googletagmanager.com *.microsoftstream.com *.episerver.net *.reachmee.com *.e-space.se *.google.se *.energiforetagen.se *.energi.se *.ebre.se http://ebr.nu http://www.svenskenergi.se rumbletalk.com *.rumbletalk.net *.cloudflare.com *.typeform.net *.typeform.com *.hotjar.com *.svenergi.se *.pingdom.net *.doubleclick.net *.ads-twitter.com t.co about: *.cookiebot.com *.cookiebot.eu *.jsdelivr.net *.cloudfront.net *.aptrinsic.com *.azure.com *.extellio.com *.rekai.se; connect-src 'self' ws://*.com ws://*.se *.google.com *.hotjar.com *.rabaldermedia.se *.visualstudio.com *.pingdom.net *.google-analytics.com *.cookiebot.com *.cookiebot.eu *.doubleclick.net *.extellio.com *.oribi.io *.facebook.com *.aptrinsic.com *.hotjar.io *.rekai.se *.linkedin.com; frame-ancestors 'self' *.energiforetagen.se *.energi.se *.ebre.se *.svenergi.se; 1
default-src 'self' https: data:;      font-src 'self' https://fonts.gstatic.com data:;      img-src 'self' https://www.facebook.com https://www.gstatic.com https://translate.google.com data:;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d3e54v103j8qbb.cloudfront.net https://connect.facebook.net;      style-src 'self' 'unsafe-inline';      block-all-mixed-content;      form-action https:;      upgrade-insecure-requests;      report-uri https://8c789fb4e29917cb33314fb438b3b6f5.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://raw.githubusercontent.com https://yoast.com https://www.google-analytics.com https://salesiq.zoho.com https://stats.g.doubleclick.net wss://vts.zohopublic.com; img-src 'self' data: http: https: *.gravatar.com *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com *.googleusercontent.com *.wp.com *.wordpress.com https://embed.youcanbook.me https://www.youtube.com/iframe_api blob:; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com; form-action 'self'; base-uri 'self' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-685252ef-8f4b-4e80-b065-089a5884dcf7' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'self'; frame-src *; font-src * data:; connect-src 'self' *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src *  'unsafe-inline'; child-src 'self' * 1
worker-src blob:; frame-src 'self' *.hellendoorn.nl *.youtube.com *.issuu.com *.adobe.com *.office.com *.storing24.nl *.spotify.com *.facebook.com *forms.office.com *vimeo.com *forms.office.com sdk.companywebcast.com; script-src 'self' *.hellendoorn.nl ssl.google-analytics.com maps.googleapis.com maps.google.com sdk.companywebcast.com *.readspeaker.com; style-src 'self' *.hellendoorn.nl fonts.googleapis.com *.readspeaker.com; default-src 'self' *.hellendoorn.nl fonts.gstatic.com; img-src 'self' *.hellendoorn.nl data: ssl.google-analytics.com pbs.twimg.com *.tile.openstreetmap.org; connect-src 'self' *.hellendoorn.nl *.readspeaker.com; font-src 'self' *.hellendoorn.nl *.readspeaker.com data: fonts.gstatic.com; frame-ancestors 'self' *.organisatie.tld sdk.companywebcast.com; form-action 'self' secure.ogone.com; 1
default-src https: http: data: wss: blob: 'unsafe-inline'; object-src 'none'; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' https: http: data: blob: 1
default-src 'self' data: https://directed.api.servicetarget.com https://cdn.servicetarget.com https://w.sharethis.com/ https://i3.ytimg.com http://www.google-analytics.com https://maps.googleapis.com https://cdn.acsbapp.com https://web1.acsbapp.com http://stage.directed.com ws://stage.directed.com http://www.directed.com ws://www.directed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.servicetarget.com https://w.sharethis.com/ http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://cdn.syndication.twimg.com/ https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; style-src 'self' 'unsafe-inline' http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; img-src 'self' 'unsafe-inline' data: https://www.alarms.com https://directed.api.servicetarget.com https://i3.ytimg.com https://stats.g.doubleclick.net https://cdn.servicetarget.com http://stage.directed.com ws://stage.directed.com http://www.directed.com ws://www.directed.com https://ssl.google-analytics.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; font-src 'self' 'unsafe-inline' data: https://directed.api.servicetarget.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com; frame-src 'self' 'unsafe-inline' http://core.directed.com http://core.directed.com/Pages/Default.aspx http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com  https://player.vimeo.com https://maps.google.com ; object-src 'self' https://www.youtube.com/ 1
dstyle-src 'unsafe-inline'*.jivosite.com; connect-src*.jivosite.com; script-src'unsafe-inline' 'unsafe-eval'*.jivosite.com; report-uri/csp.php; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'self'; frame-src https://player.vimeo.com https://www.youtube.com https://www.google.com/recaptcha/; report-uri https://munisense.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://*.amazonaws.com/; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://*.stripe.com https://*.freshworks.com https://*.freshdesk.com https://bam.eu01.nr-data.net https://*.stafiz.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.stripe.com https://www.google-analytics.com/ https://www.googletagmanager.com https://cdn.datatables.net/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://euc-widget.freshworks.com/ https://momentjs.com/ https://cdn.jsdelivr.net/ https://js-agent.newrelic.com/ https://*.stafiz.net/; worker-src https://*.stafiz.net; script-src-elem 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://www.google-analytics.com/ https://*.amazonaws.com/ https://stafiz.net https://*.stripe.com https://www.googletagmanager.com https://cdn.datatables.net https://*.freshworks.com https://*.freshdesk.com; media-src 'self' https://*.amazonaws.com/; frame-src 'self' https://*.amazonaws.com/ https://*.stripe.com https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com/ https://stackpath.bootstrapcdn.com/ https://cdn.jsdelivr.net/ 1
child-src 'self' *.whatchado.com *.youtube.com *.youtube-nocookie.com *.w24.at *.google.com; default-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ytimg.com blob: data: ; media-src 'self' *.lfrz.gv.at; script-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com *.google.com; 1
default-src 'self' https://static.dataminer.io;font-src 'self' https://fonts.gstatic.com https://static.dataminer.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'unsafe-inline' https://www.gstatic.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.dataminer.io;img-src 'self' data: https://via.placeholder.com https://*.stripe.com https://*.google.com https://www.google-analytics.com https://analytics.google.com https://googletagmanager.com https://www.googletagmanager.com https://static.dataminer.io;connect-src https://checkout.stripe.com https://api.stripe.com https://q.stripe.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://stage5.dataminer.io https://dataminer.io https://stage.run.dataminer.io https://run.dataminer.io https://dev.dataminer.io:5443 https://static.dataminer.io wss://dev.dataminer.io:5443 wss://stage.run.dataminer.io wss://run.dataminer.io;frame-src https://ausi.github.io https://stage5.dataminer.io https://dev.dataminer.io:6443 https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.emailmeform.com https://www.youtube.com https://docs.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ausi.github.io https://js.stripe.com https://checkout.stripe.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://analytics.google.com https://googletagmanager.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com https://cdn.datatables.net https://static.dataminer.io;frame-ancestors chrome-extension://nndknepjnldbdbepjfgmncbggmopgden chrome-extension://llokfbfbhdgcigbmplogjkbmanlobofd chrome-extension://nikadbgbkmnkfdpbemongigjifmfmpll chrome-extension://adkblnlgljbfodiofibbjflfdmpbhnlo chrome-extension://kedjhkoicnbnfamjmccofgkknoofhglf ;object-src 'none';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://unpkg.com/htmx.org@1.9.5 https://cdn.jsdelivr.net/npm/vanilla-lazyload@17.8.4/dist/lazyload.min.js https://unpkg.com/htmx.org/dist/ext/loading-states.js  https://www.google.com/ https://accounts.google.com/gsi/client https://www.gstatic.com/ https://accounts.google.com/ https://connect.facebook.net/; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; img-src 'self' blob: https://storage.googleapis.com/; font-src 'self' data:; connect-src 'self' https://unpkg.com/@rive-app/canvas@1.2.4/rive.wasm https://accounts.google.com/gsi/; frame-src 'self' https://www.google.com/ https://accounts.google.com/gsi/; 1
default-src http: https: ws: 'unsafe-inline' 'unsafe-eval'; script-src bankid: https://www.akavia.se https://www.akaviaaspekt.se https://www.jusek.se gomonday.se https://*.gomonday.se https://gomonday.formstack.com https://dl.episerver.net https://consentcdn.cookiebot.com https://via.tt.se https://tr.snapchat.com https://10124707.fls.doubleclick.net https://www.youtube.com https://www.facebook.com https://e.infogram.com https://optimize.google.com https://cdnjs.cloudflare.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://az416426.vo.msecnd.net https://consent.cookiebot.com https://www.googleoptimize.com https://bat.bing.com https://connect.facebook.net https://snap.licdn.com https://sc-static.net https://analytics.tiktok.com https://app.kollektivavtalskollen.se https://*.hotjar.io https://*.hotjar.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; frame-src bankid: https://www.akavia.se https://www.akaviaaspekt.se https://www.jusek.se https://td.doubleclick.net https://app.kollektivavtalskollen.se gomonday.se https://*.gomonday.se https://gomonday.formstack.com https://via.tt.se https://vars.hotjar.io https://vars.hotjar.com https://consentcdn.cookiebot.com https://tr.snapchat.com https://10124707.fls.doubleclick.net https://www.youtube.com https://www.facebook.com https://e.infogram.com https://optimize.google.com; style-src https://www.akavia.se https://www.akaviaaspekt.se https://www.jusek.se https://dl.episerver.net https://optimize.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src http: https: data: https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; font-src http: https: data: https://dl.episerver.net https://fonts.gstatic.com; report-uri /api/csp-report 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cart.guidap.net https://apiguidap.com/public/account https://snapwidget.com/js/snapwidget.js https://statistiques.alpi40.fr/matomo.js tarteaucitron.js tarteaucitroninit.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ tracking.js https://statistiques.alpi40.fr https://maps.google.com/maps-api-v3/api/js/47/2/intl/fr_ALL/common.js https://maps.google.com/maps-api-v3/api/js/47/2/intl/fr_ALL/util.js https://chatbot.alpi40.fr/assets/modules/channel-web/inject.js https://use.fontawesome.com/010db549e2.js https://apis.google.com/js/plusone.js https://connect.facebook.net/fr_FR/sdk.js https://*.readspeaker.com https://maps.google.com/maps/api/js https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://platform.twitter.com/widgets.js https://www.google.com/recaptcha/api.js https://*.publidata.io https://statistiques.alpi40.fr https://www.pigma.org; style-src 'report-sample' 'self' 'unsafe-inline'  https://cart.guidap.net https://apiguidap.com/public/account https://chatbot.alpi40.fr  https://use.fontawesome.com http://fonts.googleapis.com https://*.readspeaker.com https://fonts.googleapis.com https://www.pigma.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://cart.guidap.net https://apiguidap.com/public/account https://maps.googleapis.com https://statistiques.alpi40.fr https://www.pigma.org https://*.readspeaker.com; font-src 'self' data: https://cart.guidap.net https://apiguidap.com/public/account https://use.fontawesome.com https://fonts.gstatic.com; frame-src 'self' https://www.tf1.fr https://www.igecom40.fr https://snapwidget.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/  https://www.helloasso.com/ https://view.genial.ly https://www.ina.fr https://www.openstreetmap.org https://umap.openstreetmap.fr https://foad.alpi40.fr  https://chatbot.alpi40.fr https://*.medialandes.fr  https://portailfamille.coeurhautelande.fr https://www.dailymotion.com https://calendar.google.com https://www.youtube.com https://www.youtube-nocookie.com https://accounts.google.com https://apis.google.com https://flickrembed.com https://maps.google.fr https://v.calameo.com https://platform.twitter.com https://www.facebook.com https://www.google.com https://app.panneaupocket.com https://carto-einclusion.alpi40.fr/ https://*.publidata.io https://airesuradour.medialandes.fr https://www.pigma.org https://syndication.alpi40.fr/mpe/xml/getListing.php https://wcf.tourinsoft.com https://docs.google.com/spreadsheets/ https://*.readspeaker.com https://carte.seignanx.com; img-src 'self' data: https://www.xn--mto-bmab.fr https://cdt40.tourinsoft.com https://www.alpi40.fr https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://syndication.twitter.com https://statistiques.alpi40.fr https://www.sydec40.fr https://extranet.sydec40.fr https://intranet.sydec40.fr https://www.herm.fr https://www.sietomdechalosse.fr https://www.mairie-ychoux.com https://www.roquefort40.fr https://www.pigma.org; manifest-src 'self'; frame-ancestors 'self'; media-src 'self' https://www.alpi40.fr; worker-src 'none'; 1
child-src 'self' ; connect-src 'self'  'unsafe-inline'  'unsafe-eval'  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.cookiebot.com *.cloudfront.net *.google.cz *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io ; default-src 'self' ; font-src 'self'  *.gstatic.com *.bootstrapcdn.com *.typekit.net *.cookiebot.com *.cloudfront.net *.gstatic.com *.bootstrapcdn.com data: ; form-action 'self' upcz.us19.list-manage.com ; frame-src 'self'  *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.cookiebot.com *.cloudfront.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline'  'unsafe-eval' 'unsafe-hashes' *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.cookiebot.com *.cloudfront.net *.google.cz *.seznam.cz *.linkedin.com *.linkedin.oribi.io *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.list-manage.com data: ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.googleadservices.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.cookiebot.com *.cloudfront.net *.licdn.com *.seznam.cz *.imedia.cz *.google.cz *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.googleadservices.com *.google-analytics.com *.licdn.com *.imedia.cz *.doubleclick.net *.google.com *.seznam.cz *.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval'  *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src 'self'  'unsafe-inline'  'unsafe-eval'  *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.googleadservices.com *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline' *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com *.googleadservices.com; worker-src 'self' ; 1
connect-src 'self' https://multi-item-broker.flippback.com https://sentry.io https://ws2.bullseyelocations.com https://maps.googleapis.com https://aq.flippenterprise.net https://p.flipp.com https://sfml.flippback.com https://dam.flippenterprise.net cdn-gateflipp.flippback.com https://cdn.contentful.com https://preview.contentful.com https://stats.g.doubleclick.net https://assets.ctfassets.net https://analytics.google.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca; default-src 'self'; font-src 'self' https://cdn.fonts.net https://assets.beautyboutique.ca https://fonts.gstatic.com https://api2.fonts.com data:; frame-src https://bid.g.doubleclick.net bid.g.doubleclick.net; img-src 'self' data: https://f.wishabi.net https://dis-prod.assetful.loblaw.ca https://a.wishabi.com https://aq.flippenterprise.net https://cdn.flippenterprise.net https://maps.googleapis.com http://images.ctfassets.net https://images.ctfassets.net https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://fonts.gstatic.com https://www.google.ca https://www.google.com https://analytics.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://aq.flippenterprise.net https://cdn.fonts.net https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s7d1.scene7.com https://dis-prod.assetful.loblaw.ca https://aq.flippenterprise.net https://maps.googleapis.com https://www.google.com https://www.googleadservices.com http://tagmanager.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com data: blob:; 1
default-src 'self' *.google-analytics.com and *.analytics.google.com; connect-src *; img-src * data: blob: https:; font-src * data:; frame-src *; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.william-consultation.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://www.google-analytics.com/analytics.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; connect-src 'self' https://content.sunrice.com.au https://vitals.vercel-analytics.com https://vercel.live https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://sunrice-strapi4-images.s3.ap-southeast-2.amazonaws.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' https://sunrice-strapi4-images.s3.ap-southeast-2.amazonaws.com; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://form.formcan.com https://vercel.live; 1
default-src 'self' *.benenden.co.uk *.zendesk.com *.zdassets.com *.zopim.com api.smooch.io *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com https://zendesk-eu.my.sentry.io app.vwo.com *.visualwebsiteoptimizer.com; media-src 'self' https://js.intercomcdn.com; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' *.amazonaws.com *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.doubleclick.net *.hotjar.com *.simplybook.it app.vwo.com *.visualwebsiteoptimizer.com *.twitter.com *.facebook.com *.mediahawk.co.uk https://www.benendenhospital.org.uk https://marketing.benendenhospital.org.uk https://www.youtube.com  https://simplybook.it https://optimize.google.com https://www.google.com/ https://www.dynamicnumbers.mediahawk.co.uk/mhct.min.js http://go.pardot.com/ https://go.demo.pardot.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.fontawesome.com *.twitter.com *.gstatic.com *.simplybook.it *.visualwebsiteoptimizer.com app.vwo.com *.doctify.com *.hotjar.com *.mediahawk.co.uk https://benenden-global-assets-cdn.azureedge.net https://benendenglobalassets.blob.core.windows.net https://storage.googleapis.com https://simplybook.it https://fonts.gstatic.com https://www.dynamicnumbers.mediahawk.co.uk/mhct.min.js https://cdnjs.cloudflare.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://fast.wistia.net https://www.doctify.com data: ; connect-src 'self' *.benenden.co.uk *.perfdrive.com *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.doubleclick.net *.fontawesome.com *.google-analytics.com *.twitter.com *.hotjar.io *.hotjar.com *.googleapis.com *.doubleclick.net *.simplybook.it *.visualwebsiteoptimizer.com app.vwo.com *.dynamicnumbers.mediahawk.co.uk *.adservice.google.com *.google.com *.google-analytics.com *.doctify.com  *.zendesk.com *.zdassets.com *.zopim.com *.mediahawk.co.uk *.outbrain.com https://cdn.linkedin.oribi.io https://api.smooch.io https://zendesk-eu.my.sentry.io wss://*.zendesk.com wss//*.zopim.com https://www.gravatar.com/  https://vc.hotjar.io https://www.google-analytics.com https://app.responseiq.com https://www.facebook.com https://simplybook.it https://www.dynamicnumbers.mediahawk.co.uk *.clarity.ms wss://*.hotjar.com *.bing.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://benenden-privacy.my.onetrust.com  https://geolocation.onetrust.com https://benendenglobalassets.blob.core.windows.net *.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com; style-src 'self' *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.twitter.com *.googleapis.com *.simplybook.it *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.doctify.com *.mediahawk.co.uk http://hello.myfonts.net https://benendenglobalassets.blob.core.windows.net https://benenden-global-assets-cdn.azureedge.net https://seal.godaddy.com https://static.responseiq.com https://simplybook.it https://optimize.google.com https://fonts.googleapis.com https://www.dynamicnumbers.mediahawk.co.uk/mhct.min.js https://cdnjs.cloudflare.com *.hotjar.com 'unsafe-inline'; img-src 'self' *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.twimg.com *.twitter.com *.gstatic.com *.googleapis.com *.simplybook.it *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.hotjar.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googletagmanager.com https://benenden-hospital-cdn.azureedge.net/ *.ytimg.com *.google.com *.google.co.uk https://bgukshospitalstr01.blob.core.windows.net *.mediahawk.co.uk https://umbraco.tv https://www.synthetix-ec1.com https://www.facebook.com https://seal.godaddy.com https://secure.surveymonkey.com https://static.responseiq.com https://api.responseiq.com/ https://simplybook.it https://optimize.google.com https://www.dynamicnumbers.mediahawk.co.uk *.bing.com https://px.ads.linkedin.com *.linkedin.com c.clarity.ms c.bing.com https://cdn.cookielaw.org optanon.blob.core.windows.net https://v2assets.zopim.io https://static.zdassets.com https://t.co https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com *.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com blob: data: ; script-src 'self' *.surveymonkey.com *.surveymonkey.net *.research.net *.outbound.surveymonkey.com *.surveymonkeyuser.com *.smassets.net surveymonkey-assets.s3.amazonaws.com sm-fileupload.s3.amazonaws.com cdn.signalfx.com *.doubleclick.net *.fontawesome.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.hotjar.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.simplybook.it *.dynamicnumbers.mediahawk.co.uk *.cloudflare.com *.code.jquery.com *.twitter.com *.twimg.com *.clarity.ms *.ads-twitter.com *.zendesk.com *.zopim.com *.zdassets.com *.mediahawk.co.uk *.outbrain.com https://cdn.perfdrive.com https://unpkg.com https://pi.pardot.com https://static.ads-twitter.com/uwt.js https://seal.godaddy.com http://www.googleadservices.com https://connect.facebook.net https://www.youtube.com https://www.google.com https://widgets.doctify.com https://app.responseiq.com https://widget.surveymonkey.com https://static.responseiq.com https://s.ytimg.com/ https://simplybook.it http://simplybook.it/v2/widget/widget.js https://optimize.google.com https://www.dynamicnumbers.mediahawk.co.uk/mhct.min.js https://code.jquery.com/ui/1.13.0/jquery-ui.min.js https://polyfill.io https://www.gstatic.com/recaptcha/ *.bing.com https://snap.licdn.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.adnxs.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://zendesk-eu.my.sentry.io wss://*.zendesk.com wss//*.zopim.com *.intercom.io wss//*.intercom.io wss://*.hotjar.com *.hotjar.io https://js.intercomcdn.com https://marketing.benendenhospital.org.uk 'unsafe-inline' 'unsafe-eval' data:; 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.glgenv.com *.azurewebsites.net *.akamaized.net www.we-worldwide.com.au www.we-worldwide.de; frame-src 'self' tr.snapchat.com tr-shadow.snapchat.com www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org www.youtube.com www.bing.com *.glgenv.com *.azurewebsites.net pixel.mathtag.com www.facebook.com www.linkedin.com platform.twitter.com www.youtube.com www.google.com *.doubleclick.net *.adsrvr.org *.twitter.com www.we-worldwide.com.au www.we-worldwide.de; connect-src 'self' tr.snapchat.com tr-shadow.snapchat.com px.ads.linkedin.com cdn.linkedin.oribi.io www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org  www.youtube.com *.glgenv.com *.azurewebsites.net script.crazyegg.com www.google-analytics.com stats.g.doubleclick.net www.bing.com dc.services.visualstudio.com tracking.crazyegg.com analytics.google.com www.we-worldwide.com.au www.we-worldwide.de *.google-analytics.com *.analytics.google.com; script-src 'self' 'nonce-sv3U3GMHiB/vDb6Wl0+eHSRDC2thx4x5YUrzeSyC908=' 'sha256-23/G/jH7GIXjR+s560Raq7nDr7XDdrvwS7ZB2OBR5FA=' 'sha256-+iPf5O4vA0X0q8ICWn1CDHrnKbwQkY0LHupMbrwSCi0=' 'sha256-F5Uutk9KeiiAXbrYW8kWB0/z6sRI2VFzQ8Q2papaqh4=' 'sha256-wlJ1DJlBenX01T42RT6BGSw44OPO5qlxlmUMJr+GDv4=' 'sha256-9TZyENjL5UDXYGUcZAbRMkdfV7t8cWwezBPuYijg2lM=' 'sha256-wYZKsfdusAbGgZBaBOEHyElHtJzZHS2Dg+6T0vLDhMs=' 'sha256-65CE2FOJFBHue4CcyglEEakRkPVPm79q3605/6psvkk=' 'sha256-s6Oez+phkPFa5P3DD86VyAU6kYhVVnbXE9b3FjfyONE=' 'sha256-WdYM1wLgU3YJUhL+Aefw550iDxMELcx9TmqbMWZkedw=' 'sha256-S75C8LLlkEisP+c/g2JbABC4PhD0/OUKK8Od2HYV2vA=' 'sha256-wCuQr29Rw10jA6OuzRgViIXPh6S/rsGQJusK61Pgz98=' 'sha256-Y+FCYR/H64Az6VbgGY9vi6N5M4dupMJJJCXtB0kbV0w=' 'sha256-Y+FCYR/H64Az6VbgGY9vi6N5M4dupMJJJCXtB0kbV0w=' 'sha256-BgCZo223e7nUWEcXRdjPiMgozoruA5sOT8aCLJykPNI=' 'sha256-aKgiDryiSjRqA+cE3w841qtmyZz3iG22zSDfwFOAXGc=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-fIcg+NW+9yJLydgSqGdZv7TRVIOo1cipU/Y5W8mv0/c=' 'sha256-BeBLPDd8nC/9TOCOlcTJ0fSqZVk+vmMzI5+jOrlb1bw=' tr.snapchat.com tr-shadow.snapchat.com sc-static.net player.vimeo.com ajax.aspnetcdn.com script.crazyegg.com www.googletagmanager.com www.google-analytics.com platform.twitter.com pixel.mathtag.com connect.facebook.net snap.licdn.com static.ads-twitter.com analytics.twitter.com *.msecnd.net *.glgenv.com d.turn.com *.azurewebsites.net *.bing.com platform.instagram.com www.youtube.com www.instagram.com *.virtualearth.net www.google.com www.gstatic.com www.googleadservices.com googleads.g.doubleclick.net *.adsrvr.org *.twimg.com api.map.baidu.com www.we-worldwide.com.au www.we-worldwide.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net *.glgenv.com *.azurewebsites.net *.bing.com *.twitter.com *.twimg.com www.we-worldwide.com.au www.we-worldwide.de; img-src 'self' *.linkedin.com www.googletagmanager.com i.vimeocdn.com data: r.bing.com www.gravatar.com umbraco.tv *.googleapis.com *.staticflickr.com www.facebook.com www.google-analytics.com px.ads.linkedin.com match.adsrvr.org t.co pixel.mathtag.com p.adsymptotic.com *.glgenv.com www.google.com *.azurewebsites.net syndication.twitter.com *.virtualearth.net connect.facebook.net *.twitter.com *.twimg.com www.we-worldwide.com.au www.we-worldwide.de *.google-analytics.com *.analytics.google.com; font-src 'self' fonts.gstatic.com use.typekit.net data: *.glgenv.com *.azurewebsites.net www.we-worldwide.com.au www.we-worldwide.de; frame-ancestors 'self' www.linkedin.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-DdOLqbHU0SP66RHqTRNU9YG4FZJFFxmUZyTY7p1So8tpeLA5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' https://cdn.etrias.nl ; connect-src 'self' https://cdn.etrias.nl  https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.nl https://*.google.be https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://api01.shoppingminds.net https://trkr.shoppingminds.net https://script.shoppingminds.com https://squeezely.tech https://ct.beslist.nl; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://script.shoppingminds.com https://api01.shoppingminds.net https://squeezely.tech 'nonce-mUkUwbqKt3yENp1Cai9k0FEg9HwDHDrC'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com; report-uri /_csp/report 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; img-src http: https: data:; object-src 'none'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: wss://mqtt-emqx.haptik.me mqtt-emqx.haptik.me *.googlesyndication.com *.w3-edge.com *.gstatic.com p.relay-t.io *.hotjar.io wss://*.hotjar.com *.hotjar.com *.crazyegg.com *.tiktok.com pixel.sitescout.com up.pixel.ad *.triptease.io connect.facebook.net use.typekit.net static.triptease.io secure-hotel-tracker.com www.google-analytics.com yoast.com capture.duettoresearch.com toolassets.haptikapi.com wss://haptik-us-prod-mqtt.haptikapi.com *.haptikapi.com toolassets.haptikapi.com *.ingest.sentry.io *.sentry-cdn.com *.clarity.ms 73r4.com *.thehotelsnetwork.com mbrfp.meetingbroker.com js.sentry-cdn.com thehotelsnetwork.com *.thehotelsnetwork.com https://tcgms.net *.tcgms.net *.pinterest.com *.pinimg.com *.googleadservices.com *.pcibooking.net bat.bing.com *.azds.com *.equinox-hotels.com dev.visualwebsiteoptimizer.com bam.nr-data.net js-agent.newrelic.com www.facebook.com beacon.sojern.com sp.analytics.yahoo.com *.doubleclick.net *.facebook.net *.yimg.com *.googletagmanager.com maps.googleapis.com *.google-analytics.com *.google.com d39dm0btjth4kj.cloudfront.net beacon.sojern.com *.facebook.net bat.bing.com; font-src 'self' data: d1t1qzzb2zwrre.cloudfront.net *.hotjar.com dbmajt85xhr99.cloudfront.net *.pcibooking.net at.alicdn.com toolassets.haptikapi.com *.thehotelsnetwork.com *.azds.com *.gstatic.com *.typekit.net; img-src c1.adform.net perfmatters.io *.hotjar.com *.crazyegg.com pixel.sitescout.com *.tcgms.net capture.duettoresearch.com ad.doubleclick.net linkcenterus.derbysoftca.com wpmudev.com *.w.org 'self' data: *.haptikapi.com *.bing.com *.clarity.ms *.thehotelsnetwork.com *.googletagmanager.com *.youtube.com *.azds.com *.cloudfront.net *.pinterest.com *.analytics.yahoo.com *.googleapis.com *.gstatic.com bat.bing.com cdn4.equinox-hotels.com secure.gravatar.com hospitalityebusiness.112.2o7.net connect.facebook.net *.doubleclick.net ib.adnxs.com match.adsrvr.org *.google-analytics.com *.google.com *.facebook.com pixel.sojern.com *.google.es; style-src 'self' *.hotjar.com *.crazyegg.com *.tcgms.net toolassets.haptikapi.com *.thehotelsnetwork.com *.azds.com *.typekit.net 'unsafe-inline' fonts.googleapis.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.myclique.io/ http://*.myclique.io/ https://www.googletagmanager.com https://www.google-analytics.com; frame-src 'self'; child-src 'self'; frame-ancestors 'self'; 1
default-src 'self' ; script-src-elem 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com ; style-src-elem 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com ; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com ; img-src * data: ; media-src 'none' ; object-src 'self' ; frame-src https://*.googletagmanager.com https://www.stratapay.com.au ; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com ; 1
frame-ancestors *.imu.nl *.phoenixsite.nl plugandpay.com  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://better.boston 'wasm-unsafe-eval'; font-src 'self' https://better.boston; img-src 'self' data: blob: https://better.boston https://files.better.boston; style-src 'self' https://better.boston 'nonce-2hi1pKQWPEREbhWUx8YQAw=='; media-src 'self' data: https://better.boston https://files.better.boston; frame-src 'self' https:; child-src 'self' blob: https://better.boston; worker-src 'self' blob: https://better.boston; connect-src 'self' blob: data: wss://better.boston https://better.boston https://files.better.boston; manifest-src 'self' https://better.boston; form-action 'self' 1
frame-ancestors 'self' https://*.pccmarkets.com 1
object-src 'self'; img-src 'self' data: https:; media-src 'self'; font-src 'self' https://herthundbuss.com/; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com/ https://herthundbuss.com/; 1
default-src 'none'; script-src https://www.gstatic.com/ https://www.google.com/ https://*.hubspot.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://*.hs-scripts.com/ https://*.headspixel.net/ https://*.hscollectedforms.net/ https://forms.hsforms.com/ https://*.usemessages.com/ 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://alcdn.msauth.net/ https://www.googleapis.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://matomo.formind.fr/ https://cdn-cookieyes.com/ https://log.cookieyes.com/api/v1/log https://www.google-analytics.com/; img-src https://*.hsforms.com/ https://*.hubspot.com/ https://*.hsappstatic.net/ 'self' data: https://maps.googleapis.com/ https://matomo.formind.fr/ https://cdn-cookieyes.com/ https://log.cookieyes.com/api/v1/log https://maps.gstatic.com/ https://www.google-analytics.com https://secure.gravatar.com/ https://p.w.org; font-src 'self' data: https://fonts.gstatic.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/; connect-src 'self' https://yoast.com/ https://maps.googleapis.com/ https://consentlog.cookieyes.com/ https://*.hubspot.com/ https://*.hscollectedforms.net/ https://*.hubapi.com/ https://matomo.formind.fr/ https://cdn-cookieyes.com/ https://log.cookieyes.com/api/v1/log https://www.google-analytics.com/; object-src 'none'; form-action 'self'; base-uri 'self'; frame-src https://www.google.com/ https://www.recaptcha.net/ https://*.hubspot.com/ https://*.hsappstatic.net/ 'self'; frame-ancestors 'self' 1
base-uri 'none'; connect-src 'self' https://*.folio.no https://*.google-analytics.com https://*.google.com https://*.google.no https://*.doubleclick.net https://*.googlesyndication.com https://*.snapchat.com; default-src 'self'; form-action 'self' https://*.folio.no https://folio.us18.list-manage.com; frame-ancestors 'none'; frame-src https://*.folio.no https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube-nocookie.com https://*.snapchat.com; img-src 'self' data: https:; script-src 'nonce-ZjFlNTE0ODUtNjRjNC00NDVhLWFlYjctMGQ4ZTk2OGU4MDkz' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; report-uri https://sentry.folio.no/api/12/security/?sentry_key=9ba1c2e80ff946dd9293c2c202b2c63d; report-to sentry-endpoint 1
default-src 'none'; img-src *; media-src *; style-src 'unsafe-inline'; script-src 'sha256-5LHjQRW/545MJZfQlsky0iG7knEJINRxFfkDaEbvTpc=' 1
frame-ancestors 'self' https://*.bankacilikurunvehizmetucretleri.org.tr https://bankacilikurunvehizmetucretleri.org.tr; 1
default-src 'self' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru; img-src 'self' data: b2b-russia.ru all-gorod.ru https://all-gorod.ru *.all-gorod.ru *.gstatic.com https://*.gstatic.com maps.google.com *.googleapis.com www.google-analytics.com https://*.google-analytics.com *.ggpht.com https://yandex.ru https://yandex.net https://yastatic.net https://*.yandex.ru https://*.yandex.net https://*.yastatic.net yandex.ru yandex.net yastatic.net avatars-fast.yandex.net favicon.yandex.net *.yandex.ru *.yandex.net *.yastatic.net d4.c0.be.a1.top.mail.ru top-fwz1.mail.ru unpkg.com www.decoreview.org *.verify.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru *.jivosite.com *.jivo.ru top-fwz1.mail.ru https://www.google.com https://www.gstatic.com www.google-analytics.com https://*.google-analytics.com maps.google.com maps.googleapis.com ajax.googleapis.com https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.maps.yandex.net yandex.ru yastatic.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru *.yandex.ru https://use.fontawesome.com https://www.youtube.com www.youtube.com vkontakte.ru cdnjs.cloudflare.com unpkg.com www.decoreview.org *.verify.yandex.ru; style-src 'self' blob: 'unsafe-inline' b2b-russia.ru all-gorod.ru https://all-gorod.ru *.all-gorod.ru *.gstatic.com https://*.gstatic.com fonts.googleapis.com https://yandex.ru https://*.yandex.ru yandex.ru yandex.st yastatic.net *.yandex.ru *.jivosite.com *.jivo.ru https://use.fontawesome.com unpkg.com www.decoreview.org *.verify.yandex.ru; font-src 'self' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru https://*.gstatic.com *.gstatic.com fonts.gstatic.com https://*.google-analytics.com https://use.fontawesome.com https://sxt.cdn.skype.com unpkg.com www.decoreview.org *.verify.yandex.ru; frame-src 'self' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru https://yandex.ru https://yandex.net https://yastatic.net https://yandexadexchange.net https://*.yandex.ru https://*.yandex.net https://*.yandexadexchange.net yandex.ru yandex.net yastatic.net awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandex.ru *.yandex.net *.yandexadexchange.net https://www.google.com google.com https://www.youtube.com *.verify.yandex.ru; connect-src 'self' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://an.yandex.ru https://mc.yandex.ru an.yandex.ru mc.yandex.ru yastatic.net yandex.st https://www.google-analytics.com https://ssl.google-analytics.com www.google-analytics.com *.jivosite.com *.jivo.ru wss://*.jivosite.com wss://*.jivo.ru unpkg.com www.decoreview.org *.verify.yandex.ru; media-src yandex.net yandex.st yastatic.net *.yandex.net *.jivosite.com *.jivo.ru *.verify.yandex.ru; object-src 'self' b2b-russia.ru all-gorod.ru https://all-gorod.ru https://*.all-gorod.ru *.all-gorod.ru https://yandex.net https://*.yandex.net yandex.net *.yandex.net *.verify.yandex.ru; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-EnUJ30JW0axAX2BowpkoQV/1cSlWjT0P6OnEApQKM+ia4WVa' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com/ *.instantsearchplus.com/ *.akamaized.net/ 'unsafe-inline' data: cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com *.twitter.com *.gstatic.com *.facebook.com *.facebook.net *.geotrust.com *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com/ https://foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.duosecurity.com/ *.echosign.com/ *.paycomonline.net/ *.instantsearchplus.com/ https://foursixty.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com www.xtento.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.linkedin.com/ *.adsymptotic.com/ *.klaviyo.com/ *.cloudfront.net/ *.facebook.com/ *.akamaized.net/ *.instantsearchplus.com/ https://foursixty.com/ cdn.marmishoes.com/ shareasale.com *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com store.paradoxlabs.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.paypal.com *.facebook.com *.twitter.com *.facebook.net *.ytimg.com *.geotrust.com *.cdninstagram.com *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com www.xtento.com cdn.xtento.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com/ api.fastsimon.com/ fastsimon-grid.akamaized.net *.bootstrapcdn.com *.facebook.net/ *.klaviyo.com/ *.searchspring.net/ *.linkedin.com/ *.adsymptotic.com/ *.cloudflare.com *.cloudflareinsights.com/ *.licdn.com/ *.googletagmanager.com/ *.gstatic.com *.google-analytics.com *.doubleclick.net/ *.googleadservices.com/ *.akamaized.net/ *.marmishoes.com/ https://foursixty.com/ *.rewardstyle.com/ cdn.marmishoes.com/ www.dwin1.com *.run.app *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.twitter.com *.userway.org *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.fontawesome.com *.geotrust.com *.google.com *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com www.xtento.com cdn.xtento.com *.authorize.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com/ *.facebook.net/ *.klaviyo.com/ *.searchspring.net/ *.linkedin.com/ *.adsymptotic.com/ *.akamaized.net/ *.instantsearchplus.com/ https://foursixty.com/ cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com https://static.klaviyo.com *.cloudflare.com *.twitter.com *.gstatic.com *.google.com *.fontawesome.com *.cdninstagram.com *.geotrust.com *.facebook.net *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net *.cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bootstrapcdn.com *.facebook.net/ *.facebook.com/ *.klaviyo.com/ *.searchspring.io/ *.linkedin.com/ *.adsymptotic.com/ *.cloudflare.com *.google.com/ *.doubleclick.net/ *.google-analytics.com/ *.googleadservices.com/ https://static-forms.klaviyo.com/ *.akamaized.net/ *.instantsearchplus.com/ https://foursixty.com/ *.paypal.com api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.twitter.com *.facebook.com *.google.com *.facebook.net *.cdninstagram.com *.geotrust.com *.userway.org *.payments-amazon.com *.amazon.com *.trustwave.com *.doubleclick.net cdn1.marmishoes.com *.appspot.com *.googleapis.com *.fastly.net *.lr-ingest.io *.googleusercontent.com *.kamaized.net *.maps.gstatic.com *.authorize.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com/ https://foursixty.com/ *.rewardstyle.com/ api.fastsimon.com/ cdn.marmishoes.com/ *.fastsimon.com/ ln-rules.rewardstyle.com *.rewardstyle.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; object-src https://*.parallelmarkets.com; img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'none'; font-src https: data: 1
frame-ancestors 'self' https://*.wiseradvisor.com http://www2.wiseradvisor.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fluidigm.com *.standardbio.com https://assets.calendly.com *.clarity.ms *.hsforms.com https://calendly.com *.hsforms.net snap.licdn.com *.cookielaw.org acsbapp.com apis.google.com *.pimcore.org *.jsdelivr.net *.nr-data.net js-agent.newrelic.com *.go-mpulse.net *.icims.com www.google-analytics.com assets.calendly.com *.wistia.com *.hsforms.net *.hsforms.com pi.pardot.com bat.bing.com *.bioz.com code.jquery.com cookie-cdn.cookiepro.com *.cookiepro.com js.qualified.com *.vidyard.com www.googletagmanager.com www.gstatic.com *.pardot.com *.google.com; style-src 'self' 'unsafe-inline' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com *.icims.com *.vidyard.com *.bioz.com fonts.googleapis.com; object-src 'self' *.bioz.com; base-uri 'self'; connect-src 'self' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.clarity.ms *.wistia.com *.hsforms.net *.litix.io *.hsforms.com *.onetrust.com *.cookielaw.org *.acsbapp.com *.googleapis.com *.pimcore.org *.nr-data.net *.go-mpulse.net *.vidyard.com *.bioz.com *.google.com *.pardot.com *.google.com.ar app.qualified.com bat.bing.com *.cookiepro.com cookie-cdn.cookiepro.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com wss://ws.qualified.com; font-src 'self' *.fluidigm.com *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com acsbapp.com *.bioz.com fonts.gstatic.com; frame-src 'self' *.linkedin.com *.pardot.com *.google.com *.fluidigm.com *.standardbio.com https://assets.calendly.com https://calendly.com *.wistia.com *.hsforms.net *.hsforms.com hdmz-internal.firebaseapp.com *.icims.com app.qualified.com go.fluidigm.com play.vidyard.com *.bioz.com; img-src 'self' * data: ; manifest-src 'self' *.standardbio.com assets.calendly.com *.calendly.com *.hsforms.net *.hsforms.com *.fluidigm.com; media-src 'self' *.standardbio.com assets.calendly.com *.calendly.com *.wistia.com *.hsforms.net *.hsforms.com *.fluidigm.com *.vidyard.com *.qualified.com blob: ; worker-src 'none'; 1
default-src 'self';  base-uri https://www.hif.com.au;  frame-ancestors 'none';  upgrade-insecure-requests;  form-action 'self' 'unsafe-inline';  script-src 'self' https://*.hif.com.au https://cdn.mintox.com.au https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://*.google.com https://optimize.google.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.facebook.net https://*.zopim.com https://pixel.roymorgan.com https://d10lpsik1i8c69.cloudfront.net https://*.typekit.net https://*.fortawesome.com https://*.zdassets.com https://*.doubleclick.net https://*.moatads.com https://*.addthis.com https://*.addthisedge.com https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com https://bat.bing.com https://js.adsrvr.org 'unsafe-eval' 'unsafe-inline';  style-src 'self' https://*.hif.com.au https://use.fortawesome.com https://cdn.mintox.com.au https://access.equalweb.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';  img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data:;  font-src 'self' https://*.hif.com.au https://cdn.mintox.com.au https://*.typekit.net https://*.zopim.com https://fonts.gstatic.com data: 'unsafe-inline';  connect-src 'self' https://*.hif.com.au https://cdn.mintox.com.au https://*.luckyorange.net https://*.zdassets.com https://*.doubleclick.net wss://*.zopim.com https://*.addthis.com https://www.google-analytics.com https://*.google.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.equalweb.com https://access.equalweb.com https://ocr.equalweb.com;  child-src 'self' https://*.hif.com.au https://transact.nab.com.au https://cdn.mintox.com.au https://*.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.facebook.net https://*.addthis.com https://www.google.com https://*.google.com https://www.ahsa.com.au https://youtube.com https://*.youtube.com;  object-src 'none';  frame-src 'self' https://*.hif.com.au https://transact.nab.com.au https://cdn.mintox.com.au https://*.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.facebook.net https://*.addthis.com https://www.google.com https://*.google.com https://www.ahsa.com.au https://youtube.com https://*.youtube.com https://insight.adsrvr.org; 1
frame-ancestors 'self' *.google.com *.gstatic.com ; 1
frame-ancestors 'self' www.allseasonsuniforms.com 1
default-src 'self' 'strict-dynamic' blob: https://static.ferreyros.com.pe; img-src 'self' https://www.google.com.pe https://www.google.com https://api.retargetly.com https://www.facebook.com https://googleads.g.doubleclick.net https://s7d2.scene7.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://static.ferreyros.com.pe https://www.google-analytics.com https://script.hotjar.com https://www.ferreycorp.com.pe https://www.googletagmanager.com https://*.clarity.ms https://*.yandex.ru https://*.ytimg.com https://c.clarity.ms https://cm.mgid.com https://optimize.google.com https://pixel.tapad.com https://fcsadevferreyros01.blob.core.windows.net https://widgets-static.embluemail.com https://widgets-api.embluemail.com/api/v1/ *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.ferreyros.com.pe; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com data: https://fonts.gstatic.com; script-src 'self' 'strict-dynamic' 'sha256-KKgIqgLyWkSjN3eaZ5BgFEunKT2o2M3YZq8Bo8DlzJg=' https://translate.googleapis.com https://translate.google.com https://www.google.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://djtflbt20bdde.cloudfront.net https://www.google.com.pe https://www.googletagmanager.com https://app.retargetly.com https://www.ferreycorp.com.pe https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com www.facebook.com connect.facebook.net https://optimize.google.com https://static.ferreyros.com.pe *.visualwebsiteoptimizer.com app.vwo.com '' 'nonce-89bf11ddf5bd54cc8ab2b77da3c804ca'; connect-src 'self' stats.g.doubleclick.net https://rt.idx.lat https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com https://*.yandex.ru https://*.clarity.ms https://www.ferreycorp.com.pe https://www.facebook.com/tr/ https://static.ferreyros.com.pe *.visualwebsiteoptimizer.com app.vwo.com https://pdp-service.retargetly.com/; style-src 'self' 'strict-dynamic' https://fonts.googleapis.com https://www.ferreycorp.com.pe https://*.embluemail.com https://use.fontawesome.com https://tagmanager.google.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com  https://www.googletagmanager.com/debug/badge.css https://static.ferreyros.com.pe *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; script-src-elem 'self' https://www.youtube.com https://unpkg.com https://connect.facebook.net https://api.retargetly.com https://resources-rt.idx.lat https://maps.googleapis.com https://www.ferreycorp.com.pe https://*.yandex.ru https://*.clarity.ms https://script.hotjar.com 'sha256-5I0j8pHz26Fu+ubLnT+L41RovDHxdcD3h4s/BRtuOjc=' https://www.google-analytics.com https://widgets-api.embluemail.com https://widgets-static.embluemail.com https://www.googletagmanager.com 'sha256-4uBjY6o9xzOBdDB21wB2W/GjGfv3+zOw981Porw9Oa4=' 'sha256-nYtVjQTQAI9JK+xjlBeDXdPHRUr2Y+tvFiQawRAGnmM=' 'sha256-AO7wCCFWeFkcYmcMBAx9fo6zcOKEkC/dIxX8Xq/re8E=' 'sha256-wsUfuf081tYMfQcj3CSQfG2m6mgzw0uoQ197vxz7ivA=' 'sha256-oZ6iRq8rjLPw1nJV1JTMuVjfNDzmKIscMCx9Vi1qYjs=' 'sha256-DC7LJNlxZzQs/rvBxh0+RUFMHRPh0Gvad6CnegzlW38=' 'sha256-QcETKruGPShqa6tZx03FDiwym1uHwSQz7ezvj8AGuF8=' 'sha256-4CWBFYW6ipq+B5Th8TQ+5MmUpLQdYzzqDdhI977lHNw=' 'sha256-JWuBhLTXnmzKwVvLXLwEEigoQGWXAEpMRX0FdJjFe1c=' 'sha256-iMOh4cEDq86mstcCtxjEbCJc3yKMUm7icZqJmgN9wuk=' *.visualwebsiteoptimizer.com app.vwo.com https://pdp-cdn.retargetly.com/ 'sha256-jIS2BcMuMRIg5oYGzdaKZPzd9CHpOBYTeh58c4Ptum8=' 'sha256-wM0nydRwFrhqYantd/3RACPgzEyBmK7cZRKqxzB3JCg=' 'nonce-89bf11ddf5bd54cc8ab2b77da3c804ca'; frame-src 'self' https://api.retargetly.com https://resources-rt.idx.lat https://fcsadevferreyros01.blob.core.windows.net https://resources-rt.idx.lat https://vars.hotjar.com https://www.youtube.com https://bid.g.doubleclick.net www.facebook.com https://www.videoask.com https://optimize.google.com https://static.ferreyros.com.pe https://s7d2.scene7.com https://www.youtube-nocookie.com app.vwo.com *.visualwebsiteoptimizer.com https://mc.yandex.ru/ https://static.ferreyros.com.pe; object-src https://www.youtube.com https://*.ferreyros.net.pe https://*.ferreyros.com.pe https://*.blob.core.windows.net https://www.facebook.com https://connect.facebook.net/en_US/fbevents.js https://app.powerbi.com/; base-uri 'self'; ; upgrade-insecure-requests; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-np0l_Ijst5fIl7Okzlcv9A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.deltastock.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ard.social; img-src 'self' https: data: blob: https://ard.social; style-src 'self' https://ard.social 'nonce-3bnB60wE7VaSGdtKZFM79A=='; media-src 'self' https: data: https://ard.social; frame-src 'self' https:; manifest-src 'self' https://ard.social; form-action 'self'; connect-src 'self' data: blob: https://ard.social https://storage.googleapis.com wss://ard.social; script-src 'self' https://ard.social 'wasm-unsafe-eval'; child-src 'self' blob: https://ard.social; worker-src 'self' blob: https://ard.social 1
frame-ancestors 'self' https://uncached.gamemonetize.co/ https://gamemonetize.com/ https://html5.gamemonetize.co/ 1
default-src 'self';           script-src             'sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4='             'sha256-ZMsR6ypSN8vh4FzPJazv7tV48y0aaSPVjeNcigFF6M0='             'self' 'nonce-OHc5WmRVbXFPQ01nKzNwMkF5YUZEdz09' 'strict-dynamic' 'unsafe-eval' https://ajax.cloudflare.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://optimizely.lebeau.ca https://optimizely.speedyglass.ca;           style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.googletagmanager.com https://tagmanager.google.com https://ajax.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com;           base-uri 'self';           font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:;           img-src 'self' data: https: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://cdn.optimizely.com;           frame-src https://www.youtube.com https://www.google.com https://*.doubleclick.net https://a24401730579.cdn.optimizely.com https://a24401730579.cdn-pci.optimizely.com https://api.byscuit.com/data/client/A985CB9B-A6D2-4155-A2BA-570E6F916530/script/script.js https://optimizely.lebeau.ca https://optimizely.speedyglass.ca;           connect-src 'self'             https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com             https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com             https://*.googlesyndication.com https://*.clarity.ms https://cdn.cookielaw.org https://api.byscuit.com https://connect.facebook.net https://c.az.contentsquare.net/ https://*.google.ca https://k-us1.az.contentsquare.net https://logx.optimizely.com https://*.optimizely.com;           object-src 'none'; 1
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 1
default-src 'self' https:; base-uri 'self'; object-src 'none'; report-uri /umbraco/api/cspreport/cspreport; manifest-src 'self'; script-src 'strict-dynamic' 'nonce-2HzO+sIz2yjxKwu2NbSmJr45E7fb/Z0YYXRSaqoF+Uo=' 'unsafe-inline' *.lmiforall.org.uk *.flickr.com *.facebook.net *.discoveruni.gov.uk discoveruni.gov.uk *.twimg.com *.twitter.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; script-src-elem 'self' 'strict-dynamic' 'nonce-2HzO+sIz2yjxKwu2NbSmJr45E7fb/Z0YYXRSaqoF+Uo=' 'unsafe-inline' *.lmiforall.org.uk *.flickr.com *.discoveruni.gov.uk discoveruni.gov.uk *.twitter.com *.tawk.to *.googletagmanager.com *.google-analytics.com *.twimg.com *.jsdelivr.net *.googleapis.com *.facebook.net; media-src 'self' *.lmiforall.org.uk *.tawk.to *.vimeo.com *.akamaized.net; connect-src 'self' apikeys.civiccomputing.com maps.googleapis.com embedr.flickr.com prod-discoveruni.azure-api.net *.google-analytics.com *.tawk.to wss://*.tawk.to *.doubleclick.net; img-src 'self' data: *.lmiforall.org.uk *.staticflickr.com *.facebook.com *.twimg.com *.google.com *.google.co.uk *.tawk.to *.twitter.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; frame-src 'self' *.tiktok.com *.lmiforall.org.uk avlive.apprenticeships.org.uk *.google.com *.youtube.com *.youtube-nocookie.com *.twitter.com *.tawk.to *.facebook.com *.vimeo.com horsemonkey.com; style-src 'self' 'unsafe-inline' *.lmiforall.org.uk *.googleapis.com *.tawk.to *.twimg.com; style-src-elem 'self' 'unsafe-inline' *.ttwstatic.com *.lmiforall.org.uk *.googleapis.com *.tawk.to *.twitter.com *.twimg.com; font-src 'self' *.lmiforall.org.uk *.tawk.to *.gstatic.com; frame-ancestors 'self'; form-action 'self' *.lmiforall.org.uk *.twitter.com; 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com blob: data:; connect-src 'self' https://view.publitas.com https://*.run.app https://*.google.nl https://*.facebook.com https://yoast.com https://*.google.com https://*.hotjar.io https://*.doubleclick.net https://*.plyr.io https://noembed.com https://*.formitable.com https://*.googletagmanager.com https://*.google-analytics.com; frame-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com; child-src 'self' https://longjohns.nl https://*.doubleclick.net https://*.publitas.com https://*.facebook.com https://*.formitable.com https://*.google.com https://*.youtube.com https://*.spotify.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-eval' https://*.youtube.com https://*.lfeeder.com https://*.hotjar.com https://*.facebook.net https://*.formitable.com https://*.publitas.com https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.formitable.com https://*.googleapis.com; font-src 'self' https://*.faceworks.nl https://*.googleapis.com https://*.gstatic.com data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self' ; 1
worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.hof.de www.google.com https://www.gstatic.com form.hof.de https://api-free.deepl.com https://unpkg.com https://corona-zahlen-heute.de https://www.stadt-hof.org web22.hof.de https://matomo.hof.de/ https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu https://api.usercentrics.eu https://diginights.com/; frame-ancestors 'self' 1
default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com policy.cookiereports.com visauniversity.rev-na.demo.vbrick.com https://media.eu.vbrickrev.com https://visauniversityvod.rev.vbrick.com https://media.us.vbrickrev.com https://visatv.visa.com; style-src 'self' 'unsafe-inline'  https: googleapis.com; frame-src 'self' https://visauniversity.rev-na.demo.vbrick.com https://media.eu.vbrickrev.com https://visauniversityvod.rev.vbrick.com https://media.us.vbrickrev.com https://www.youtube.com https://visatv.visa.com https://www.google.com/  https://player.vimeo.com 1
default-src 'self' *.cndns.com *.idccenter.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cndns.com *.cnzz.com *.idccenter.net;style-src 'self' 'unsafe-inline' *.cndns.com *.idccenter.net;img-src * 'self' data: https: blob:;frame-src 'self' *.idccenter.net 1
img-src 'self' data: images.ctfassets.net *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co click2cart.com *.click2cart.com 2cart.net haircodeassetsprod.azureedge.net haircodestorageprod.blob.core.windows.net *.adsrvr.org feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.highdegree.io *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co click2cart.com *.click2cart.com 2cart.net *.iesnare.com *.adsrvr.org feed.pghub.io pandg.tapad.com ; connect-src 'self' kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co click2cart.com *.click2cart.com 2cart.net *.haircode.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co click2cart.com *.click2cart.com 2cart.net pgconsumersupport.secure.force.com *.youtube.com *.adsrvr.org pg-lex.my.salesforce-sites.com consumersupport.pg.com feed.pghub.io ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.stripe.com 'self' 'unsafe-eval' 'unsafe-inline' https://checkout.stripe.com 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline' https://mc.yandex.ru 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.twitter.com 'self' 'unsafe-eval' 'unsafe-inline' https://widget.intercom.io 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net 'self' 'unsafe-eval' 'unsafe-inline' https://js.intercomcdn.com 'self' 'unsafe-eval' 'unsafe-inline' https://load.sumo.com 'self' 'unsafe-eval' 'unsafe-inline' https://sumo.b-cdn.net 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.coview.com/ 'self' 'unsafe-eval' 'unsafe-inline' https://*.tildacdn.com 'self' 'unsafe-eval' 'unsafe-inline' https://experts-browse.standuply.com 'self' 'unsafe-eval' 'unsafe-inline' https://public-ask.standuply.com 'self' 'unsafe-eval' 'unsafe-inline' https://experts-carousel.standuply.com 'self' 'unsafe-eval' 'unsafe-inline' https://experts.standuply.com 'self' 'unsafe-eval' 'unsafe-inline' https://customers-app.standuply.com 1
img-src 'self' 'unsafe-inline' *.nsimg.net pic.aebn.net www.google.com www.google-analytics.com stats.g.doubleclick.net tagmanager.google.com www.googletagmanager.com *.gstatic.com ssl.gstatic.com data: *.google.com *.google.ca *.google.de *.google.com.tw *.google.com.br *.google.com.fr *.google.co.uk *.google.co.in *.google.fr *.google.com.mx *.google.ch *.google.com.au *.google.es *.stats.g.doubleclick.net *.google.it *.google.nl *.google.ru *.google.no *.google.co.jp *.google.com.pe *.google.be *.google.at *.google.se *.google-analytics.com *.google.dk *.google.ie *.google.co.kr *.google.cl *.google.fi *.google.com.ph *.google.cz *.googletagmanager.com *.google.com.ua *.google.co.il *.google.com.ar *.google.gr *.google.sk *.google.com.pk *.google.com.co *.google.co.nz *.google.com.mm *.google.com.eg *.google.com.sg *.google.com.hk *.google.co.id *.google.ro *.google.co.za *.google.is *.google.com.pr *.google.pt *.google.pl *.google.co.th *.google.com.uy *.google.kz *.google.co.tz *.google.hr *.google.com.my *.google.ae  *.google.cat optimize.google.com *.clarity.ms c.bing.com;style-src 'self' 'unsafe-inline' pic.aebn.net fonts.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com c.clarity.ms d.clarity.ms c.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms c.bing.com data: www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com tagmanager.google.com translate.googleapis.com optimize.google.com www.googleoptimize.com c.clarity.ms d.clarity.ms c.bing.com;object-src 'self' 'unsafe-inline';frame-ancestors www.googletagmanager.com;font-src 'self' fonts.gstatic.com;frame-src optimize.google.com www.google.com 1
default-src 'none'; connect-src https://miedge.net https://www.google-analytics.com https://stats.g.doubleclick.net; img-src * data:; style-src 'unsafe-inline' https://miedge.net https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' https://miedge.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com; font-src https://miedge.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://miedge.net ; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none' 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-Neh8YEINbf2MU45euMefZQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
media-src 'self' https://*.tidiochat.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://code.tidio.co https://js.stripe.com https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://*.tidiochat.com https://*.mygivingcircle.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.openreplay.com https://*.paypal.com;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' 'unsafe-inline' data: blob: https://mgc-app.s3.amazonaws.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.facebook.com *.facebook.net *.fbcdn.net https://*.paypalobjects.com https://*.paypal.com;frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://bid.g.doubleclick.net https://www.google.com *.facebook.com https://connect.facebook.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io fbrpc://call https://*.paypal.com;connect-src 'self' https://mygivingcircle.org https://*.mygivingcircle.org https://mgc-app.s3.amazonaws.com ws: wss: https://www.google-analytics.com https://stats.g.doubleclick.net https://fonts.googleapis.com *.facebook.com https://connect.facebook.net https://api.stripe.com https://*.sentry.io https://*.mygivingcircle.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.openreplay.com https://*.paypal.com;font-src 'self' https://fonts.gstatic.com data: https://mgc-app.s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src blob: *.facebook.com https://connect.facebook.net;worker-src 'self' blob: https://*.mygivingcircle.org https://*.openreplay.com;form-action 'self' https://*.facebook.com;default-src 'self';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://a.clickcertain.com https://www.cirrusmd.com https://www2.cirrusmd.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://www.bugherd.com https://snap.licdn.com https://connect.facebook.net https://static.hotjar.com https://ws.zoominfo.com https://a.remarketstats.com https://sc.lfeeder.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://a.clickcertain.com https://www2.cirrusmd.com https://www.cirrusmd.com https://ws32.hotjar.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.hubspot.com/ https://app.hubspot.com/ https://tribl.io/ https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsforms.net/ https://form.jotform.com/jsform/ https://*.jotfor.ms/ https://www.jotform.com/ https://cdnjs.cloudflare.com/ https://*.jotform.com/ platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://a.clickcertain.com https://www.cirrusmd.com https://ws32.hotjar.com https://www2.cirrusmd.com https://cdn01.jotfor.ms/ https://form.jotform.com/jsform/ https://www.jotform.com/ https://*.jotfor.ms https://cookie-cdn.cookiepro.com https://snap.licdn.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://i.vimeocdn.com https://connect.facebook.net https://static.hotjar.com https://ws.zoominfo.com https://a.remarketstats.com https://sc.lfeeder.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://a.clickcertain.com https://www2.cirrusmd.com https://p.adsymptotic.com https://tr.lfeeder.com https://www.facebook.com https://www.cirrusmd.com https://ws32.hotjar.com https://px4.ads.linkedin.com https://storage.pardot.com https://app.hubspot.com/ https://www.hubspot.com/ https://*.hsforms.com https://*.hubspot.com http://tribl.io/ https://cdn.jotfor.ms/ https://www.jotform.com/ https://*.jotfor.ms/ https://cookie-cdn.cookiepro.com https://snap.licdn.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://snap.licdn.com https://connect.facebook.net https://static.hotjar.com https://ws.zoominfo.com https://a.remarketstats.com https://sc.lfeeder.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://a.clickcertain.com https://www2.cirrusmd.com https://in.hotjar.com https://www.cirrusmd.com wss://ws32.hotjar.com https://ws32.hotjar.com https://vc.hotjar.io https://www.facebook.com wss://ws6.hotjar.com https://ws6.hotjar.com wss://ws2.hotjar.com https://ws2.hotjar.com wss://ws13.hotjar.com https://ws13.hotjar.com https://*.hubspot.com https://*.hubapi.com https://forms.hsforms.com/ https://ws35.hotjar.com/ https://cdn.linkedin.oribi.io/ wss://ws35.hotjar.com https://www.jotform.com/ https://*.hscollectedforms.net *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://www.cirrusmd.com https://ws32.hotjar.com https://www2.cirrusmd.com https://cdn.jotfor.ms/ https://www.jotform.com/ https://cookie-cdn.cookiepro.com https://snap.licdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://a.clickcertain.com https://www.cirrusmd.com https://ws32.hotjar.com https://www2.cirrusmd.com https://www.youtube.com; media-src 'self' https://www.cirrusmd.com https://www2.cirrusmd.com https://www.youtube.com https://*.jotform.com/ https://cookie-cdn.cookiepro.com https://snap.licdn.com; frame-src 'self' https://vars.hotjar.com https://a.clickcertain.com https://www.facebook.com https://www.cirrusmd.com https://www2.cirrusmd.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.hubspot.com https://js.hsforms.net https://forms.hsforms.com https://www.jotform.com/ https://*.jotform.com/ vimeo.com https://vimeo.com/ www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; object-src 'none';  script-src 'self' https://faraway.com https://static.site24x7rum.eu 'unsafe-eval'  https://reactjs.org/docs/error-decoder.html 'unsafe-inline' https://www.googletagmanager.com 1
frame-ancestors museumssonntag.berlin *.museumssonntag.berlin ynm.studio *.ynm.studio 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.com 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.com; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.com images.fashiola.com cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';img-src 'self' 1
default-src *  'unsafe-inline' ;  img-src * 'self' data:  ; font-src * 'self' data:; script-src *  'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; report-uri https://servion.com/ 1
upgrade-insecure-requests;
               script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.bing.com https://dev.virtualearth.net https://ajax.googleapis.com https://ajax.aspnetcdn.com https://r.bing.com 'unsafe-inline' 'unsafe-eval';
               style-src 'self' https://r.bing.com https://www.bing.com https://ajax.googleapis.com 'unsafe-inline';
               font-src 'self' https://fonts.gstatic.com https://r.bing.com https://www.bing.com;
               connect-src 'self' https://www.google-analytics.com https://www.bing.com https://api.weather.com https://r.bing.com https://dev.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net;
               img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.bing.com https://dev.virtualearth.net https://ajax.googleapis.com https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net data:;
               frame-src 'self' https://www.hydropoint.com https://www.baselinesystems.com https://hydropoint.sharepoint.com https://www.weathertrak.net;
               frame-ancestors 'self';
               object-src 'none' 1
report-to default; default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; frame-ancestors 'self'; form-action 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://shoddy.site 'wasm-unsafe-eval'; font-src 'self' https://shoddy.site; img-src 'self' data: blob: https://shoddy.site; style-src 'self' https://shoddy.site 'nonce-cSFdsiswkdwJ8dOx+B5J6Q=='; media-src 'self' data: https://shoddy.site; frame-src 'self' https:; child-src 'self' blob: https://shoddy.site; worker-src 'self' blob: https://shoddy.site; connect-src 'self' blob: data: wss://shoddy.site https://shoddy.site; manifest-src 'self' https://shoddy.site; form-action 'self' 1
base-uri 'self' https://hcaptcha.com https://*.hcaptcha.com; child-src https://*.craigslist.org; connect-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; font-src data:; form-action https://*.craigslist.org; frame-ancestors 'self'; frame-src https://*.craigslist.org https://duckduckgo.com/search.html; media-src data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; style-src 'unsafe-inline' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1705972772; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src 'self'; img-src 'self' data: media.notebookinfo.local media.notebookinfo.uk-local media-uk.notebookinfo.de media.notebookinfo.de media.your-perfect-laptop.co.uk media.laptopinfo.de https://www.google-analytics.com https://www.google.com https://www.google.de https://stats.g.doubleclick.net; style-src 'self' data: 'unsafe-inline' https://fast.fonts.net; font-src https://www.notebookinfo.de; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de; object-src 'none'; connect-src https://www.notebookinfo.de https://www.google-analytics.com https://www.google.com https://www.google.de https://stats.g.doubleclick.net; frame-src 'self'; base-uri www.notebookinfo.de 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; object-src 'none'; script-src 'self' https:; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; 1
frame-ancestors http://www.iofm.com https://divcomplatform.s3.amazonaws.com 1
default-src 'self' ; connect-src 'self'  *.google-analytics.com https://livesub.gemeenteoplossingen.nl/public ; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://static.gemeenteoplossingen.nl  https://ssl.google-analytics.com https://www.googletagmanager.com https://sjs.bizographics.com https://www.google.com https://api.salesfeed.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://static.gemeenteoplossingen.nl https://fonts.googleapis.com https://fonts.gstatic.com data:; font-src 'self'  https://static.gemeenteoplossingen.nl https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' https://static.gemeenteoplossingen.nl *.google-analytics.com https://i.ytimg.com/ https://pbs.twimg.com/  https://ssl.google-analytics.com; frame-src 'self'  *.youtube.com/embed/ ; media-src 'self'  ; object-src 'none'; frame-ancestors 'self' ; 1
base-uri 'self' ;connect-src 'self' *.youtube.com consentcdn.cookiebot.com www.googletagmanager.com *.google-analytics.com *.googlesyndication.com securepubads.g.doubleclick.net *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu stats.g.doubleclick.net www.google.com www.google.rs *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.raicore.com snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io cdn.linkedin.oribi.io  *.hotjar.io *.pinterest.com lantern.roeyecdn.com;default-src 'self' ;font-src 'self' fonts.gstatic.com cdn.jsdelivr.net data: *.raicore.com kit.fontawesome.com ka-p.fontawesome.com ;frame-ancestors 'self' ;frame-src consentcdn.cookiebot.com *.youtube.com preferencecenter.metstrade.com *.googlesyndication.com www.google.com www.google.rs *.vimeo.com *.vimeocdn.com snapwidget.com consent.cookiebot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com connect.facebook.net *.facebook.com snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io *.pinterest.com frame.grip.events maps.google.com preferencecenter.negenmaandenbeurs.nl  maps.google.com mijn.negenmaandenbeurs.nl tickets.negenmaandenbeurs.nl *.doubleclick.net shop.paylogic.com;img-src 'self' *.google-analytics.com *.googlesyndication.com ep.rai.nl *.vimeo.com *.vimeocdn.com data: www.google.com www.google.rs connect.facebook.net *.facebook.com www.google.nl snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io www.googletagmanager.com *.raicore.com consent.cookiebot.com consentcdn.cookiebot.com *.cookiebot.com p.adsymptotic.com *.doubleclick.net www.awin1.com *.pinterest.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.jsdelivr.net *.raicore.com unpkg.com snapwidget.com consent.cookiebot.com consentcdn.cookiebot.com *.cookiebot.com stats.g.doubleclick.net *.doubleclick.net securepubads.g.doubleclick.net *.googleadservices.com adservice.google.com adservice.google.nl adservice.google.rs *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu snap.licdn.com *.ads.linkedin.com cdn.linkedin.oribi.io connect.facebook.net *.facebook.com *.google-analytics.com www.google.com www.google.rs www.google.nl www.googletagmanager.com www.googletagservices.com *.googlesyndication.com *.googleapis.com *.gstatic.com ajax.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.dwin1.com *.pinimg.com *.roeyecdn.com *.adform.net lantern.roeyecdn.com;style-src 'self' cdn.jsdelivr.net 'unsafe-inline' fonts.googleapis.com *.raicore.com kit.fontawesome.com ka-p.fontawesome.com ; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=052p4mhiqu7im&partner=; 1
default-src 'self'; img-src 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://oslo.town; img-src 'self' https: data: blob: https://oslo.town; style-src 'self' https://oslo.town 'nonce-CN5BmwIHGzJc2fKfv7Bdtg=='; media-src 'self' https: data: https://oslo.town; frame-src 'self' https:; manifest-src 'self' https://oslo.town; form-action 'self'; child-src 'self' blob: https://oslo.town; worker-src 'self' blob: https://oslo.town; connect-src 'self' data: blob: https://oslo.town https://cdn.masto.host wss://oslo.town; script-src 'self' https://oslo.town 'wasm-unsafe-eval' 1
default-src 'self'; style-src https://cdn-eu.clickdimensions.com 'unsafe-inline' 'self' https://cdn.plyr.io https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem https://cdn-eu.clickdimensions.com 'self' https://cdn.plyr.io https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline' https://www.gstatic.com; script-src 'unsafe-eval' https://player.vimeo.com https://cdn-eu.clickdimensions.com https://az551914.vo.msecnd.net https://www.gstatic.com https://www.google.com 'self' 'unsafe-inline' https://cdn.plyr.io https://cdnjs.cloudflare.com https://www.googletagmanager.com https://analytics-eu.clickdimensions.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://googleads.g.doubleclick.net; script-src-attr 'unsafe-inline'; script-src-elem https://cdn-eu.clickdimensions.com https://az551914.vo.msecnd.net https://player.vimeo.com https://www.gstatic.com https://www.google.com 'self' https://maps.googleapis.com https://analytics-eu.clickdimensions.com 'unsafe-inline' https://cdn.plyr.io https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://consent.cookiebot.com https://googleads.g.doubleclick.net; img-src https://pagead2.googlesyndication.com https://www.googletagmanager.com https://analytics-eu.clickdimensions.com https://stats.g.doubleclick.net https://analytics.google.com data: 'self' https://maps.gstatic.com https://maps.googleapis.com https://www.google.it https://www.deda.group https://translate.google.com https://fonts.gstatic.com https://cdn-eu.clickdimensions.com https://imgsct.cookiebot.com https://www.google.com; font-src data: 'self' https://fonts.gstatic.com; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://region1.google-analytics.com https://analytics.google.com https://analytics-eu.clickdimensions.com https://www.google.it https://region1.analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://region1.google-analytics.com; child-src 'none'; frame-src https://noop.style https://www.youtube.com https://player.vimeo.com https://www.google.com https://consentcdn.cookiebot.com https://www.googletagmanager.com; manifest-src 'none'; media-src data:; object-src 'none'; worker-src 'none'; upgrade-insecure-requests; report-to https://4p41vfxq6c.execute-api.eu-central-1.amazonaws.com/prd/report; report-uri https://4p41vfxq6c.execute-api.eu-central-1.amazonaws.com/prd/report 1
default-src 'self' blob: *.senado.gov.br:* *.senado.leg.br:* wss://*.senado.gov.br:* wss://*.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net www.recaptcha.net use.typekit.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com grafana.com cdn.jsdelivr.net www.facebook.com connect.facebook.net cdn.datatables.net m.addthis.com s7.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br graph.facebook.com www.facebook.com connect.facebook.net apis.google.com *.googleapis.com apex.oracle.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com maps.google.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net www.googletagmanager.com code.getmdl.io code.highcharts.com unpkg.com cdn.jsdelivr.net *.addthis.com z.moatads.com; style-src 'self' 'unsafe-inline' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com translate.google.com stats.g.doubleclick.net ampcid.google.com recaptcha.net use.typekit.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net code.getmdl.io cdn.quilljs.com ajax.aspnetcdn.com unpkg.com cdn.jsdelivr.net; img-src 'self' data: blob: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.interlegis.leg.br *.googleapis.com *.ggpht.com maps.google.com translate.google.com maps.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gravatar.com fonts.gstatic.com www.google-analytics.com ssl.google-analytics.com google-analytics.com analytics.google.com stats.g.doubleclick.net ampcid.google.com p.typekit.net recaptcha.net www.recaptcha.net www.gstatic.com www.google.com/recaptcha/ *.ytimg.com *.youtube.com cdn.datatables.net www.facebook.com web.facebook.com img.youtube.com validator.swagger.io online.swagger.io grafana.com *.tile.openstreetmap.org tiles.maps.opensearch.org maps.opensearch.org www.googletagmanager.com unpkg.com cdn.jsdelivr.net www.addthis.com; font-src 'self' data: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.googleapis.com fonts.gstatic.com *.fontawesome.com use.typekit.net *.bootstrapcdn.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net; object-src 'self' *.senado.gov.br:* *.senado.leg.br:*; frame-src 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br vlibras.gov.br *.vlibras.gov.br *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com *.youtube.com www.youtube-nocookie.com www.youtube.com accounts.google.com www.facebook.com web.facebook.com m.facebook.com *.addthis.com; worker-src 'self' blob: *.senado.gov.br:* *.senado.leg.br:*; frame-ancestors 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br; form-action 'self' *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br senado.zoom.us; block-all-mixed-content; base-uri 'self' *.senado.gov.br:* *.senado.leg.br:*; manifest-src 'self' data: *.senado.gov.br:* *.senado.leg.br:* *.congressonacional.leg.br *.lexml.gov.br *.normas.leg.br *.camara.leg.br; upgrade-insecure-requests; report-uri https://adm.senado.gov.br/csp-report-collector/collect 1
connect-src 'self' ws: wss: http: https:; child-src 'self'; default-src 'none'; script-src 'self' blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self' https://*.duosecurity.com/; font-src 'self' data:; media-src 'self' data:; object-src 'none'; img-src 'self' data: blob:; frame-ancestors 'self'; frame-src 'self' https://www.google.com/ blob: https://www.cybelesoft.com; worker-src 'self' data: blob: 1
default-src 'self'; style-src 'self' https://*.bing.com 'unsafe-inline' hiddenlayer.app cdn.hiddenlayer.app https://*.virtualearth.net; font-src 'self' data: cdn.hiddenlayer.app; img-src 'self' data: *.hiddenlayer.app hiddenlayer.app img.youtube.com https://*.google-analytics.com https://*.googletagmanager.com *.giphy.com https://www.googletagmanager.com https://*.virtualearth.net https://*.bing.com; connect-src 'self' hiddenlayer.app/api/graphql https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.browser-intake-datadoghq.com api.giphy.com upload.imagedelivery.net https://*.virtualearth.net https://*.bing.com https://api.stripe.com https://maps.googleapis.com; script-src 'self' https://cdn.hiddenlayer.app hiddenlayer.app https://*.googletagmanager.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://*.bing.com https://*.virtualearth.net https://js.stripe.com https://maps.googleapis.com; worker-src 'self' blob: https://hiddenlayer.app; frame-src youtube.com www.youtube.com docs.google.com https://js.stripe.com https://hooks.stripe.com; object-src 'none'; report-to browser-intake-datadoghq 1
default-src https:; img-src 'self' https: data: blob: https://vercel.live/ https://vercel.com https://*.pusher.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.encore.dev *.segment.com *.googletagmanager.com https://assets.calendly.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vercel.live/ https://vercel.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com; connect-src 'self' https://*.encore.dev wss://*.encore.dev https://google.com https://pagead2.googlesyndication.com https://api.segment.io https://cdn.segment.com https://*.algolia.net https://*.algolianet.com http://localhost:7000 ws://localhost:7000 https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/; font-src 'self'; frame-src https://calendly.com https://*.youtube.com https://*.doubleclick.net/ https://vercel.live/ https://vercel.com 1
frame-ancestors 'self' https://*.marketron.com https://*.emarketron.com 1
frame-ancestors 'self' www.asadventure.nl asadventure.nl product001.asadventure.nl product002.asadventure.nl product003.asadventure.nl product004.asadventure.nl ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.education; img-src 'self' https: data: blob: https://mastodon.education; style-src 'self' https://mastodon.education 'nonce-ItFfXp3fg4IW4jPpsqgN9w=='; media-src 'self' https: data: https://mastodon.education; frame-src 'self' https:; manifest-src 'self' https://mastodon.education; form-action 'self'; child-src 'self' blob: https://mastodon.education; worker-src 'self' blob: https://mastodon.education; connect-src 'self' data: blob: https://mastodon.education https://mastodon.education wss://mastodon.education; script-src 'self' https://mastodon.education 'wasm-unsafe-eval' 1
frame-ancestors https://www.facebook.com/; 1
script-src 'self' 'unsafe-inline' 'nonce-ZGVjM2VmYzkzM2EwNmM4MWYyMzU2Nzg3YzVlYjU5MzM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tgbwidget.com https://payments.worldpay.com https://platform.twitter.com https://cdn.worldpay.com https://www.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://optimize.google.com https://tagmanager.google.com  https://www.googletagmanager.com https://ssl.google-analytics.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://www.googleadservices.com/ https://connect.facebook.net https://www.mytennights.com https://zakatcalculator.co.uk https://*.hotjar.com https://bat.bing.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.usemessages.com https://js.hs-analytics.net https://js.hs-banner.com https://googleads.g.doubleclick.net https://mytendays.com/ https://*.quantserve.com https://*.quantcount.com https://*.tvsquared.com; object-src 'self' 1
default-src 'self' data: https:; script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' dev.visualwebsiteoptimizer.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' tagmanager.google.com tagmanager.google.co fonts.googleapis.com; img-src 'self' data: app.usercentrics.eu graphql.usercentrics.eu uct.service.usercentrics.eu www.gstatic.com ssl.gstatic.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com www.google.de api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net maps.googleapis.com privacy-proxy-server.usercentrics.eu; media-src 'self' data: dq4irj27fs462.cloudfront.net; child-src 'self' data: 39835.online-adventskalender.de 52939.online-adventskalender.de www.youtube.com certificate.softgarden.io www.googleadservices.com bid.g.doubleclick.net www.youtube-nocookie.com; font-src 'self' data: dq4irj27fs462.cloudfront.net d3dc1lgancj6l0.cloudfront.net fonts.gstatic.com; connect-src 'self' data.hmmh.de region1.google-analytics.com www.googleadservices.com www.google-analytics.com stats.g.doubleclick.net privacy-proxy.usercentrics.eu data: consent-api.service.consent.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu www.google.com www.google.de wss://chat.userlike.com chat.userlike.com aggregator.service.usercentrics.eu api.userlike.com cdn.cookielaw.org userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.userlike.com wss://umd.userlike.com 1
frame-ancestors 'self' travelportal.livesale.me 1
default-src 'self'; script-src 'sha256-2vVsOjhXBckbN0aewBWjylfuYnuG8ZxbI0LxA4pKvN8=' 'sha256-j3MuDvXUf6bVbb4TEaIYtln93A5Xx7H36CQMzm2I2YQ=' 'self' 'self' https://www.gstatic.com/ *.googletagmanager.com *.google-analytics.com *.theblock.co munchkin.marketo.net *.cookielaw.org 'sha256-lcNApV0Y+N57oXHJX66jPZeUrp5+FM46RhoanDDZTto=' 'sha256-dAMs3/Yp2SSUrhzjwbwLmPPB0soj/thHemUrM4u00O8=' 'sha256-F9ObixXPylg+8MSiSGY2B4BFTAOT2y777wLB260ViI8=' 'sha256-mqtfLGSX8EqLYqclHOTrD7LHI4Y8GTdCbMn6s5b09wk=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' 'sha256-3WtDtSDeN5naoW84YaOHXs+G05gnMhLrpiVjT3lfyd8=' 'sha256-aJK45+MZFuClzUGCSZwqJ8EYbwbxNyCyBJxG6xkc80g=' 'sha256-qKmaUtS8hmhf+Y2hbLiowxVjOTxoOCrUv3JYSDnTTvw=' 'sha256-V5z4qmQqnES/V17IBKHaBeu9ivE1EezvF9KPL9+bQKU=' 'sha256-tIgCSmbfFZXY5ggLYcm/pWjiiWavRcK9uB+uG5b3OCc=' 'sha256-jJqw22SkhwU6Y2StJ9PuAUiNvFQqqEe9+U3yQ4/ksxs=' 'sha256-FN8rBQd6091oMFTO8YG8e3hcnHuqNgocRlw3tt3XJuE=' 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-NpFxYLDGdO+4lEC2b/WM2si5SdqM6cFaDKdcAX9ndeM=' 'sha256-QrB5fkaACooVLTM0y/IpJfgv6TB4iCBUC8CnKsRBcp4='; frame-src 'self' *.megaphone.fm *.theblockcrypto.com *.theblock.co; style-src 'self' 'unsafe-inline' *.theblock.co; connect-src 'self' *.google.com *.onelogin.com https://api.coingecko.com *.theblockcrypto.com wss://ws-feed.exchange.coinbase.com/ *.google-analytics.com https://webto.salesforce.com *.doubleclick.net *.theblock.co *.mktoresp.com *.cookielaw.org *.onetrust.com; img-src 'self' *.tbstat.com data: *.sendgrid.net *.s3.amazonaws.com *.google-analytics.com *.google.com *.zoominfo.com *.theblock.co *.cookielaw.org 1
frame-ancestors 'self' https://*.cowbell.insure; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/; object-src 'none'; connect-src 'self' *; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.google.com/  https://www.googletagmanager.com/ https://td.doubleclick.net/; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://towardsdev.com https://*.towardsdev.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com.ar https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com.ar https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com.ar;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com.ar  https://smetrics.vwfs.com.ar https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ar;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com.ar https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com.ar https://smetrics.vwfs.com.ar https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ar http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com api.scribit.pro  *.siteimprove.com; font-src 'self' data: *.googleusercontent.com; frame-src 'self' *.youtube.com https://login.microsoftonline.com  https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com  'sha256-+lbh8rb4q0nwNbHBKpR8xf0i/ZIW0gZDphqHg7cYIvE='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-YhvKtGagROAPfJDPR5yN2VPHqqDGeFmm4J/Bg/S8QC4=' 'sha256-+lbh8rb4q0nwNbHBKpR8xf0i/ZIW0gZDphqHg7cYIvE=' ; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-YhvKtGagROAPfJDPR5yN2VPHqqDGeFmm4J/Bg/S8QC4='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-YhvKtGagROAPfJDPR5yN2VPHqqDGeFmm4J/Bg/S8QC4=' 'sha256-+lbh8rb4q0nwNbHBKpR8xf0i/ZIW0gZDphqHg7cYIvE=' ; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OTI5NzE5Nzc1NTE5NDQ3MTk3YjVjN2QxMzI1Yzg0MDA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.igj.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.igj.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.igj.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' applet.danid.dk appletk.danid.dk stats.g.doubleclick.net api.livechatinc.com secure.livechatinc.com www.youtube.com widget.trustpilot.com *.lendme.dk www.google-analytics.com; connect-src *.lendme.dk lendme.dk *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.sentry.io *.contentful.com *.penni-connect.io dawa.aws.dk *.ap3prod.com *.analytics.google.com *.google-analytics.com; img-src 'self' blob: static.lendme.dk data: www.google-analytics.com www.google.com www.google.dk www.facebook.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com analytics.tiktok.com images.ctfassets.net *.ortto.app; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lendme.dk www.google-analytics.com www.googletagmanager.com cdn.livechatinc.com secure.livechatinc.com api.livechatinc.com connect.facebook.net www.google.com *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.sentry.io *.penni-connect.io cdn3l.ink; worker-src 'self' blob:; frame-src lendme.dk *.lendme.dk *.danid.dk app.vwo.com *.visualwebsiteoptimizer.com youtube.com www.youtube.com secure.livechatinc.com 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://buergerservice.ionas.de/ https://www.herzogenrath.de/:sa2-search/ https://www.herzogenrath.de/sa2-endpoint/bwc/rest/053340016016/search; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de; img-src 'self' blob: data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://tiles.chamaeleon.de https://www.herzogenrath.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'none'; base-uri 'none'; font-src 'self'; style-src 'self'; script-src 'self'; object-src 'none'; form-action 'none'; manifest-src 'self'; img-src 'self' matrix.cactus.chat:8448; connect-src 'self' matrix.cactus.chat:8448 *.snopyta.org *.lunar.icu *.artemislena.eu *.tiekoetter.com *.rtrace.io; worker-src 'self' blob: *.snopyta.org *.lunar.icu *.artemislena.eu *.tiekoetter.com *.rtrace.io; media-src 'self' *.snopyta.org *.lunar.icu *.artemislena.eu *.tiekoetter.com *.rtrace.io; child-src 'self' *.snopyta.org *.lunar.icu *.artemislena.eu *.tiekoetter.com *.soundcloud.com *.owncast.online *.rtrace.io; frame-src 'self' *.snopyta.org *.lunar.icu *.artemislena.eu *.tiekoetter.com *.soundcloud.com *.owncast.online *.rtrace.io; 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://use.typekit.net https://*.googletagmanager.com;      style-src 'report-sample' 'self' 'unsafe-inline';      object-src 'none';      base-uri 'self';      connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;      font-src 'self' https://use.typekit.net;      frame-src 'self';      img-src 'self' https://p.typekit.net https://*.google-analytics.com https://*.googletagmanager.com;      manifest-src 'self';      media-src 'self';      worker-src 'none'; 1
default-src 'self' *.atlantic-pros.fr ibexa4.atlantic-pros.fr *.formview.io *.google-analytics.com *.clarity.ms *.cookiebot.com *.groupe-atlantic.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://fonts.googleapis.com *.contentsquare.net https://fonts.gstatic.com *.kameleoon.eu *.kameleoon.com *.youtube.com https://*.google.com https://*.google.com:* app.contentsquare.com *.form.io *.jsdelivr.net *.dqe-software.com *.algolianet.com *.algolia.net *.raptorsmartadvisor.com *.notices-produits.fr; script-src 'self' https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://code.jquery.com *.groupe-atlantic.com https://www.googletagmanager.com t.contentsquare.net *.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob: *.clarity.ms *.cookiebot.com *.hotjar.com *.hotjar.io https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://maps.googleapis.com *.kameleoon.eu *.kameleoon.com *.youtube.com https://*.google.com https://*.google.com:* https://googleads.g.doubleclick.net t.contentsquare.net https://t.contentsquare.net app.contentsquare.net https://app.contentsquare.net *.contentsquare.net https://*.contentsquare.net app.contentsquare.com *.form.io *.dqe-software.com https://az19942.vo.msecnd.net/script/raptor-3.0.min.js *.algolianet.com *.algolia.net *.raptorsmartadvisor.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.form.io; frame-src 'self' https://consentcdn.cookiebot.com https://www.facebook.com https://bart.climatic.io https://www.atlantic-thermor-prescription.fr https://player.vimeo.com *.vimeo.com vimeo.com https://maps.googleapis.com *.kameleoon.eu *.kameleoon.com *.youtube.com https://youtube.com https://formulaires-de-contact.fr https://documents.atlantic-pros.fr https://appshaker.net *.form.io *.dqe-software.com https://www.formulaires-de-contact.fr https://formulaires.atlantic-pros.fr https://www.vectary.com https://notices.atlantic.fr *.notices-produits.fr; img-src 'self' *.atlantic.fr https://i.ytimg.com *.atlantic-pros.fr https://www.facebook.com https://docga.plateforme-services.com https://groupe-atlantic.ephoto.fr https://i.vimeocdn.com https://tracking.groupe-atlantic.com *.google-analytics.com *.clarity.ms http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.contentsquare.net data: https://c.bing.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.fr *.google.be *.vimeocdn.com *.vimeo.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com *.kameleoon.eu *.kameleoon.com *.contentsquare.net *.picsum.photos *.form.io *.dqe-software.com *.cookiebot.com; frame-ancestors 'self' *.atlantic-pros.fr; child-src blob:; worker-src blob:; connect-src 'self' *.contentsquare.net https://*.contentsquare.net *.google-analytics.com *.formview.io *.cookiebot.com *.groupe-atlantic.com https://www.facebook.com *.doubleclick.net *.clarity.ms *.google.com *.form.io *.dqe-software.com *.algolianet.com *.algolia.net *.raptorsmartadvisor.com https://cdn.plyr.io/3.7.8/plyr.svg; 1
frame-ancestors 'self' https://help.campz.dk https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'self' *.thinqpet.lge.com *.bemypet.kr *.mypetlife.co.kr *.nyangpunch.com nyangpunch.com; 1
object-src 'none'; script-src 'nonce-Jn6U0lHkGEBgdozarsiJ4JXN' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; 1
worker-src ; connect-src 'self' blob: https://gcp.api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://aws.api.snapchat.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.snapchat.com https://app.snapchat.com https://sentry.sc-prod.net https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://staging-web-gcp.snap-dev.net https://web.snapchat.com https://accounts.snapchat.com ws: wss: https://static.snapchat.com https://sentry.sc-prod.net https://cdn.contentful.com https://story.snapchat.com https://app.snapchat.com https://s.sc-cdn.net https://bolt-gcdn.sc-cdn.net ws: wss: https://cf-st.sc-cdn.net https://us-east-1.webattachments.sc-prod.net; img-src 'self' blob: data: https://support-tools.storage.googleapis.com https://www.snapchat.com https://story.snapchat.com https://cf-st.sc-cdn.net https://*.google-analytics.com https://*.googletagmanager.com data: https://www.google.com https://www.google.co.uk https://www.google.com.sa https://www.google.ca https://www.google.fr https://www.google.com.no https://www.google.com.au https://static.snapchat.com https://images.bitmoji.com https://impala-media-production.s3.amazonaws.com https://bolt-gcdn.sc-cdn.net https://app.snapchat.com https://lens-storage.storage.googleapis.com https://community-lens.storage.googleapis.com https://lens-preview-storage.storage.googleapis.com https://feelinsonice-hrd.appspot.com; media-src https://bolt-gcdn.sc-cdn.net https://static.snapchat.com https://s.sc-cdn.net https://cf-st.sc-cdn.net blob: 'self' https://lens-storage.storage.googleapis.com https://community-lens.storage.googleapis.com https://s.sc-cdn.net https://bolt-gcdn.sc-cdn.net https://cf-st.sc-cdn.net blob:; script-src 'self' https://static.snapchat.com https://www.google-analytics.com https://*.googletagmanager.com 'sha256-dQJQsgrl3uMVvy2BJYsaNKb5aPwwZP1Hxm/h8nPMYU8=' 'sha256-W180Lw4gMizxEUHmEThR7QFnAWtmFgcFnXafbGOe27I=' 'sha256-T+mJpzkspYbS2c9j2qrgyezx0+bxueaYNJwVB75pe3Y=' 'sha256-5rMxh1U6sIDlVjmobBQY89QTC9nNeK3hd9dsXpD2AYE=' 'sha256-SlyXqNpddFY9lxbguST5m22HifGELYV1FYec8XhHUkk=' 'sha256-FhUvlSz0BXj4r8M1nXAkVXmbcxiWrUXB6vNbCZ8A0Zk=' 'sha256-2LmOILM2HIS9pJC380owRlOYo+c5WOuuNL7oEMLss2I=' 'sha256-MNn0HyJxuyKnyn0lPM1hCzPzycraTm0TXEqX1khh/7k='; style-src 'self' https://static.snapchat.com 'unsafe-inline'; default-src 'self'; font-src 'self' https://snap-design-system.storage.googleapis.com https://ads-interfaces.sc-cdn.net https://static.snapchat.com; object-src 'self' data:; frame-ancestors 'none'; report-uri ; report-to 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MjBlODliZGMtODc0Yi00N2RiLTk2YjUtMzgwMjAyYjA4ODJi' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-MjBlODliZGMtODc0Yi00N2RiLTk2YjUtMzgwMjAyYjA4ODJi' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
frame-ancestors 'self' https://tm5-live-cms.hs.com.au/; 1
frame-ancestors 'self' *.agora.co.il; 1
default-src 'self' *.sanity.io cdn.plyr.io *.ssf.solutions ssf.no *.ssf.no *.frende.no chat.puzzel.com; object-src 'none'; img-src data: *; font-src 'self' *.ssf.solutions fonts.gstatic.com chat.puzzel.com data: cdn.frende.no; style-src 'self' 'unsafe-inline' fonts.googleapis.com chat.puzzel.com www.youtube-nocookie.com *.frende.no *.ssf.solutions; script-src 'self' 'unsafe-inline' 'unsafe-eval' chat.puzzel.com www.youtube.com s.ytimg.com www.youtube-nocookie.com *.frende.no *.taskanalytics.com *.plausible.io plausible.io; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.sb1finans.no ssf.no *.ssf.no *.ssf.solutions *.dacast.com dacast.com frende.no www.frende.no www.sparebank1.no *.norne.no norne.no *.bankid.no; frame-ancestors *.ssf.no *.ssf.solutions; connect-src *.sanity.io cdn.plyr.io chat.puzzel.com www.noembed.com noembed.com data.brreg.no ssf.no *.ssf.no *.ssf.solutions *.frende.no ta-survey-v2.herokuapp.com *.plausible.io plausible.io wss://external.ssf.solutions; form-action ssf.no *.ssf.no *.ssf.solutions *.frende.no nettbank.edb.com; report-uri https://ssfpublictest.report-uri.com/r/d/csp/enforce 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com  https://*.googlesyndication.com https://www.zenaps.com  https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.provenance.org https://www.provenance.org https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://analytics.tiktok.com https://api.provenance.org https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://checkout.loveamika.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://analytics.tiktok.com https://*.ibytedtos.com https://unpkg.com/@provenance/ https://api.provenance.org/ https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://drj5wi2x4lz96.cloudfront.net/css/embed.css https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://berliner-stadtmission.onlyfy.jobs https://stats.berliner-stadtmission.de https://api.spendino.de https://piwik.berliner-stadtmission.org https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:;img-src 'self' https://*.berliner-stadtmission.de https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; frame-src https://embed.acast.com https://sm-britz.church.tools https://berliner-stadtmission.onlyfy.jobs https://*.vimeo.com https://www.youtube-nocookie.com/ https://api.spendino.de https://sm-friedrichshagen.church.tools *.google.com; connect-src 'self' https://*.berliner-stadtmission.de https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src data: https://www.berliner-stadtmission.de https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.com.br 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.com.br; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.com.br; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.com.br images.fashiola.com.br cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
Content-Security-Policy: "default-src 'self'" 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.stonehenge.co.uk 1
frame-ancestors 'self' *.ouest-france.fr *.opera-rennes.fr opera-rennes.fr lestrans.com www.lestrans.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.usa-ctc.com fonts.googleapis.com fonts.gstatic.com secure.gravatar.com data: loxo.co s.w.org; 1
default-src * data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
script-src 'report-sample' 'nonce-Cf5SEnWJOn5ZIHZNMAAlYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-6aID++dycu7o3t+fG4R5Og==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sdfjp.org; img-src 'self' https: data: blob: https://sdfjp.org; style-src 'self' https://sdfjp.org 'nonce-Y1pQqvaIcUDaizOt248lqg=='; media-src 'self' https: data: https://sdfjp.org; frame-src 'self' https:; manifest-src 'self' https://sdfjp.org; form-action 'self'; child-src 'self' blob: https://sdfjp.org; worker-src 'self' blob: https://sdfjp.org; connect-src 'self' data: blob: https://sdfjp.org https://sdfjp.org wss://sdfjp.org; script-src 'self' https://sdfjp.org 'wasm-unsafe-eval' 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-glowandlovely.com; 1
default-src https:;connect-src https:;font-src https: data:;frame-src https:;img-src https: data:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;media-src https:;style-src 'unsafe-inline' https:;report-uri /csp/report; 1
default-src 'self' www.congressweb.com calendly.com fonts.gstatic.com; frame-src 'self' www.google.com google.com www.youtube.com youtube.com calendly.com www.congressweb.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' onesignal.com cdn.onesignal.com www.congressweb.com congressweb.com p.csshero.org csshero.org assets.calendly.com calendly.com stats.wpmucdn.com ssl.google-analytics.com hb.wpmucdn.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net; connect-src 'self' onesignal.com cdn.onesignal.com www.google-analytics.com maps.googleapis.com googleapis.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' ble-t.org typekit.net use.typekit.net p.typekit.net onesignal.com cdn.onesignal.com bunny.net fonts.bunny.net p.csshero.org www.csshero.org hb.wpmucdn.com fonts.googleapis.com; img-src 'self' www.csshero.org csshero.org secure.gravatar.com gravatar.com onesignal.com img.onesignal.com maps.googleapis.com maps.gstatic.com ble-t.org bletndsite.blet.org stats1.wpmudev.com i1.ytimg.com i.imgur.com p.csshero.org ssl.google-analytics.com 620835.smushcdn.com data:; base-uri 'self';form-action 'self';font-src 'self' typekit.net use.typekit.net fonts.gstatic.com bletndsite.blet.org data:; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ALcWOLSGivuTdTX3J6_QPw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' http: https: data:; 1
default-src www.youtube.com osadl.org www.osadl.org 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net; img-src osadl.org www.osadl.org 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src osadl.org www.osadl.org 'self' 'unsafe-inline'; form-action osadl.org www.osadl.org 'self'; frame-ancestors osadl.org www.osadl.org 'self' 1
default-src 'none'; script-src 'self' 'sha256-CC38pRZKNQ/7uTF/orNX4hyiFg6ng/B8juXkUmRHGCA=' https://matomo.fancy.org.uk; style-src 'self' https://maxcdn.bootstrapcdn.com; img-src 'self' https://matomo.fancy.org.uk; font-src https://maxcdn.bootstrapcdn.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.evoindia.com;block-all-mixed-content; 1
default-src 'unsafe-inline' 'unsafe-eval' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.tradingview.com *.aptrinsic.com *.azure.com *.newsletter2go.com *.acsbapp.com *.sirv.com *.surveymonkey.com littlegiant.com *.littlegiant.com littlegiantbrasil.com *.littlegiantbrasil.com franklinwater.com *.franklinwater.com ffsbrasil.com *.ffsbrasil.com *.typography.com *.visualstudio.com *.widencdn.net *.widen.net secure.keep0push.com *.omappapi.com *.googletagmanager.com chat.franklin-electric.com *.addsearch.com addsearch.com *.perk0mean.com *.typekit.net *.msecnd.net *.cloudflare.com *.episerver.net  *.cloudfront.net *.searchcdn.com franklinfueling.com *.franklinfueling.com franklingrid.com *.franklingrid.com *.youtube.com youtube.com *.gstatic.com *.googleapis.com html5shiv.googlecode.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.pingdom.net *.myfonts.net *.opmnstr.com *.optnmnstr.com *.optnmstr.com *.mstrlytcs.com *.doubleclick.net *.pardot.com google.com *.google.com *.googleadservices.com *.doubleclick.net acsbapp.com code.jquery.com *.optmnstr.com *.facebook.com *.facebook.net *.twitter.com youtu.be i.ytimg.com cdn.datatables.net cdn.jsdelivr.net *.whizeo.com secure.intelligentdatawisdom.com secure.intelligententerpriseacumen.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://pesacheck.org https://*.pesacheck.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
img-src * data:;connect-src https://akio-25-52.akio.cloud/ https://event/ https://*.analytics.google.com/ https://*.xiti.com/ https://adservice.google.com/ https://maps.googleapis.com/ https://*.matomo.cloud https://www.clarity.ms https://*.clarity.ms https://stats.g.doubleclick.net https://dev.reparstores-iris.com/ https://www.google-analytics.com https://www.facebook.com/tr/ https://m.realytics.io https://api.realytics.io http://*.reparstores.com https://*.reparstores.com https://i.realytics.io https://cdn-eu.realytics.net;default-src https://tpc.googlesyndication.com/ https://akio-25-52.akio.cloud/ https://td.doubleclick.net/ https://github.com/ http://www.youtube-nocookie.com https://i.realytics.io https://cdn-eu.realytics.net https://www.youtube.com/ wss://*.zopim.com https://*.zopim.com http://*.zopim.com https://fonts.googleapis.com https://stats.g.doubleclick.net http://www.avis-verifies.com/ https://www.youtube-nocookie.com http://*.reparstores.com https://*.reparstores.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.gstatic.com https://www.google.com http://www.googletagmanager.com http://bat.bing.com http://connect.facebook.net http://*.reparstores.com http://*.facebook.com https://*.facebook.com http://cl.avis-verifies.com;script-src https://akio-25-52.akio.cloud/ http://*.reparstores.com https://*.reparstores.com http://www.google-analytics.com http://www.youtube-nocookie.com 'self' https://www.google.fr https://tp.realytics.io https://i.realytics.io https://cdn-eu.realytics.net https://apis.google.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.zopim.com http://*.zopim.com https://maps.google.com/ https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com http://www.googletagmanager.com http://bat.bing.com http://connect.facebook.net 'unsafe-inline' 'unsafe-eval' data: http://*.reparstores.com https://*.reparstores.com http://cl.avis-verifies.com/; script-src-elem https://tpc.googlesyndication.com/ https://akio-25-52.akio.cloud https://*.avis-verifies.com/ https://*.googleapis.com/ https://*.aticdn.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://*.googletagmanager.com https://*.matomo.cloud https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.realytics.net https://*.realytics.io https://www.clarity.ms https://*.clarity.ms 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline'; base-uri 'self' 1
default-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:  https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.cookiebot.com https://*.lfeeder.com https://*.licdn.com https://*.google.com https://*.pardot.com https://*.opuscapita.com https://*.doubleclick.net https://*.googleadservices.com https://bot.leadoo.com; style-src 'self' 'unsafe-inline'  https://*.leadoo.com; font-src 'self' data:  https://*.leadoo.com; connect-src 'self'  https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.google.com wss://ws.hotjar.com/api/v2/client/ws https://googleads.g.doubleclick.net https://*.leadoo.com https://px.ads.linkedin.com; img-src 'self' data:  https://s.w.org https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.linkedin.com https://tr-rc.lfeeder.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.fi https://*.leadoo.com; media-src 'self'  https://*.leadoo.com; frame-src 'self'  https://consentcdn.cookiebot.com https://go.opuscapita.com https://www.youtube-nocookie.com https://www.youtube.com https://*.youtube.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; report-uri https://glitchtip.jco.fi/api/16/security/?glitchtip_key=4599ecb8a9554ad785469f68618ebfcc; report-to glitchtip 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ckeditor.com *.cookielaw.org *.freshchat.com *.freshmarketer.com *.freshworks.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.myfonts.net *.newrelic.com *.nr-data.net *.onetrust.com *.stripe.com *.zdassets.com optanon.blob.core.windows.net 1
default-src 'self'; frame-src youtube.com www.youtube.com www.googletagmanager.com www.googleapis.com www.google-analytics.com *.google.com *.facebook.com *.insideone.net *.hotjar.com *.doubleclick.net; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src 'self' www.google-analytics.com www.googleapis.com *.google.com *.insideone.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-/QKxbpm5Nz8QxydPqRaCaA=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-d70b1c7ea42611434582bdb7ccd1f50e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors https://*.innovatrics.com 1
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn *.aliyuncs.com *.aliyun.com *.ctcn.com.cn *.globaltextiles.com *.qfcgroup.com 1
default-src ‘self’; frame-ancestors ‘self’; form-action ‘self’; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://cdnjs.cloudflare.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.naturefund.de api.openrouteservice.org; font-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src https://www.youtube-nocookie.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fedisabled.social; img-src 'self' https: data: blob: https://fedisabled.social; style-src 'self' https://fedisabled.social 'nonce-TC757k2hoLQEdHOAKoCc8A=='; media-src 'self' https: data: https://fedisabled.social; frame-src 'self' https:; manifest-src 'self' https://fedisabled.social; form-action 'self'; child-src 'self' blob: https://fedisabled.social; worker-src 'self' blob: https://fedisabled.social; connect-src 'self' data: blob: https://fedisabled.social https://fedisabled.social wss://fedisabled.social; script-src 'self' https://fedisabled.social 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-3qmgsJ/xSDlSi75Js5yShGe2TgbSTDxzPB+Z+cN8+0MQt5ok' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-f69ec057124200926cbc3d816bbe898d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://apps.elfsight.com https://storage.elfsight.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://note.com https://www.facebook.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am.yahoo.co.jp https://note.com https://apps.elfsight.com https://www.googletagmanager.com https://static.elfsight.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://s.yimg.jp https://bat.bing.com https://www.googleadservices.com https://b98.yahoo.co.jp https://www.clarity.ms https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://am.yahoo.co.jp; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://scp2.elfsightcdn.com https://www.google.com https://www.google.co.jp https://www.facebook.com https://phosphor.utils.elfsightcdn.com https://am.yahoo.co.jp  https://b98.yahoo.co.jp https://bat.bing.com https://googleads.g.doubleclick.net https://c.clarity.ms https://adservice.google.com https://c.bing.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://stats.g.doubleclick.net https://apps.elfsight.com https://storage.elfsight.com https://u.clarity.ms https://y.clarity.ms https://www.facebook.com https://adservice.google.com https://analytics.google.com https://pagead2.googlesyndication.com https://s.clarity.ms; 1
default-src 'self'; script-src 'self' 'nonce-azg4V0ttY3ZpQWFQOTdTVGJpVnNVcTFvQUNMdmJLZWd6emZCRXZPOUZmQT06L3Y5aWV3SjF1a2ZJay9QOEMxUllQOTBDV2xHbkx0N0grQUtzVThQM2ZaRT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
default-src 'self' use.fontawesome.com/ https://www.lda.fr; font-src 'self' data: font-woff fonts.gstatic.com use.fontawesome.com https://www.lda.fr; frame-src https://www.youtube.com; child-src https://www.youtube.com; img-src 'self' data: http://0.gravatar.com https://code.jquery.com https://secure.gravatar.com https://www.lda.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.fontawesome.com https://www.lda.fr; style-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com use.fontawesome.com https://www.lda.fr; report-uri https://www.lda.fr/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=4877418c35 1
default-src 'self';style-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;object-src * data:;img-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;connect-src 'self' *;worker-src blob:;frame-ancestors 'self' 1
default-src 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: https: src:; script-src 'self' app.intercom.io widget.intercom.io js.intercomcdn.com js.stripe.com consent.cookiebot.com www.googletagmanager.com *.analytics.google.com *.google-analytics.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; connect-src 'self' api.stripe.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net o177043.ingest.sentry.io api-js.mixpanel.com analytics.google.com public.sifts.io app.redsift.cloud iam.redsift.cloud *.iam.redsift.cloud sync.redsift.cloud *.sync.redsift.cloud *.google-analytics.com sentry.io ws:; frame-src 'self' js.stripe.com hooks.stripe.com consentcdn.cookiebot.com outlook.office365.com blob: mailto: public.sifts.io hardenize.app.redsift.cloud; object-src 'self' data:; child-src 'self' blob:; report-uri https://o177043.ingest.sentry.io/api/6232422/security/?sentry_key=4e16dbb518eb4e41961159d22fccfea2 1
frame-ancestors *.coupa.com *.sciquest.com *.punchout2go.com https://portal.punchout2go.com https://stage-portal.punchout2go.com https://dev-portal.punchout2go.com 1
default-src 'none'; script-src 'nonce-2GdLEj7pXz71mRR9Veyb1Le2AhRMsX5/SiByukspjBE=' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http:;script-src-elem 'self';object-src 'none';style-src 'self';base-uri 'none';img-src 'self';report-uri https://csp.withgoogle.com/csp/StratoZone/4.15; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-JII6tdYUg4k2qExfyFW6CQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubyapps.io https://gateway.on24.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app-script.monsido.com/v2/ https://cdn.monsido.com/ https://pagecorrect.monsido.com/; style-src 'self' 'unsafe-inline' https://analytics.rubyapps.io https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://analytics.rubyapps.io https://forms.hsforms.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://forms.hscollectedforms.net/ https://pagecorrect.monsido.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://analytics.rubyapps.io https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://perf.hsforms.com https://tracking.monsido.com/ https://cdn.monsido.com/; object-src 'self'; frame-src 'self' https://analytics.rubyapps.io https://anchor.fm https://gateway.on24.com https://forms.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.hsforms.net https://podcasters.spotify.com/; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-q/9PiANnuY+MgEmwq4xdbA=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gtmadapter-node-cbjg5cz5hq-ew.a.run.app https://analytics.tiktok.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://optimize.google.com https://connect.facebook.net www.google-analytics.com https://www.googletagmanager.com https://chimpstatic.com https://dt.hybridmarketeer.com https://connect.facebook.net https://consent.cookiebot.com https://static.hotjar.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://consentcdn.cookiebot.com tr.datatrics.com https://bam.nr-data.net https://script.hotjar.com https://assets.datatrics.com https://ssl.google-analytics.com *.ubembed.com *.googleapis.com https://www.googleadservices.com https://platform.twitter.com *.visualwebsiteoptimizer.com *.youtube.com *.ytimg.com *.getsitecontrol.com https://snap.licdn.com; report-uri https://www.pelckmans.be/csp-reporting.php 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=3ck7jfliqubg3&partner=; 1
default-src 'self'; script-src 'self' http://mikrohalo.hu code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' inline 'unsafe-eval' https://static.axept.io https://www.googletagmanager.com https://www.youtube.com https://maps.googleapis.com https://www.openstreetmap.org https://snap.licdn.com https://tracking1.force24.co.uk https://mirabaud.matomo.cloud; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://mkt.mirabaud-am.com	 https://static.axept.io https://www.googletagmanager.com https://maps.googleapis.com https://www.youtube.com https://snap.licdn.com https://connect.facebook.net https://mirabaud.matomo.cloud https://cdn.matomo.cloud https://tracking1.force24.co.uk https://static.ads-twitter.com; script-src-attr 'self' 'unsafe-inline' inline; style-src 'self' 'unsafe-inline' https://*.googleapis.com; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://client.axept.io/ https://api.axept.io https://static.axept.io https://www.google-analytics.com https://axeptio.imgix.net https://maps.googleapis.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.net https://www.facebook.com https://mirabaud.matomo.cloud https://cdn.matomo.cloud https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.googletagmanager.com https://www.facebook.com https://mirabaud.qumucloud.com https://www.six-dochub.com https://vds.issgovernance.com; img-src 'self' data: https://image.shutterstock.com https://axeptio.imgix.net https://t0.gstatic.com/ https://t1.gstatic.com/ https://t2.gstatic.com/ https://t3.gstatic.com/ https://favicons.axept.io/ https://activity-websites.data-crypt.com https://www.google.com https://translate.google.com https://www.gstatic.com https://maps.gstatic.com https://www.googletagmanager.com https://i.ytimg.com https://px.ads.linkedin.com https://www.facebook.com https://analytics.twitter.com https://t.co https://*.googleapis.com; manifest-src 'self'; media-src 'self'; worker-src 'none' 1
default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://api.amplitude.com https://webvisor.com https://top-fwz1.mail.ru https://sentry.io https://api.coinmarketcap.com https://mc.yandex.ru https://*.zdassets.com https://kickico.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://notify.kickex.com wss://gate.kickex.com/ws https://gate.kickex.com https://www.facebook.com https://www.tradingview.com https://api.usedesk.ru wss://pubsubsec.usedesk.ru https://pubsubsec.usedesk.ru wss://pubsubsec2.usedesk.ru https://pubsubsec2.usedesk.ru https://secure.usedesk.ru https://api.rss2json.com/v1/ blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net https://tagmanager.google.com https://cdn.amplitude.com https://vk.com https://top-fwz1.mail.ru https://optimize.google.com https://connect.facebook.net https://*.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://cdn.jsdelivr.net https://static.zdassets.com https://widget-mediator.zopim.com https://lib.usedesk.ru blob:; img-src 'self' https://* data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://assets.zendesk.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.jsdelivr.net; frame-src https://optimize.google.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://mc.yandex.ru https://*.kickex.com https://kickex.com; object-src 'none' 1
frame-ancestors 'self' http://www.philips.co.kr *.philips.com *.philips.co.kr https://philipsigtdpv.com 1
base-uri 'self'; form-action 'self' data: *.mucf.se trk.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.cloudnet.cloud *.vimeo.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud ungidag.se *.ungidag.se *.mucf.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se *.mucf.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se ungidag.se *.ungidag.se; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.underground-england.com; 1
script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data:; 1
base-uri 'self'; default-src 'self' https:; img-src 'self' https: data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.livechatinc.com data:; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com:* *.google-analytics.com:* *.googletagmanager.com:* *.googleadservices.com:* *.gstatic.com:* *.doubleclick.net:* *.youtube.com:* bat.bing.com:* www.clickcease.com:* cdn.searchkings.ca:* *.livechatinc.com:* *.ml314.com ml314.com/tag.aspx ml314.com/utsync.ashx ml314.com/imsync.ashx *.tctm.co:*; style-src 'self' fonts.googleapis.com *.google.com 'unsafe-inline'; 1
default-src 'self' http: https: data: blob: wss: 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://* http://* data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://*.amazonaws.com;img-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://* https://*;frame-src 'self' data: blob: http://* https://* 1
frame-ancestors 'self' *.creativemail.com; 1
upgrade-insecure-requests; default-src 'self' https://kerned.com *.kerned.com; connect-src 'self' https://kerned.com *.kerned.com maps.googleapis.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.addthis.com; font-src 'self' https://kerned.com *.kerned.com https://*.typekit.net https://fonts.gstatic.com data:; media-src 'self' https://kerned.com *.kerned.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kerned.com *.kerned.com https://cdn.addevent.com https://connect.facebook.net https://cdn.cookielaw.org https://maps.googleapis.com https://code.jquery.com https://instagram.com https://cdn.syndication.twimg.com https://s.ytimg.com https://platform.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com  https://www.youtube.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.addthisedge.com https://graph.facebook.com; style-src 'self' 'unsafe-inline' https://kerned.com *.kerned.com https://cloud.typography.com https://*.typekit.net https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://platform.twitter.com; img-src 'self' data: https://cdn.addevent.com https://kerned.com *.kerned.com https://www.addevent.com https://www.facebook.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://*.cdninstagram.com https://*.twimg.com https://*.twitter.com https://*.fbcdn.net https://storify.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com; child-src 'self' https://kerned.com *.kerned.com https://www.google.com https://*.addthis.com; frame-src 'self' https://kerned.com *.kerned.com https://gamma.euroland.com *.media-server.com https://webcast.treetop.tv *.investis.com *.eurolandir.com *.connectidfeed.com https://staticxx.facebook.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://player.vimeo.com https://www.google.com https://www.youtube.com 1
default-src 'self' https://www.scukcalculator.co.uk https://widget.scukcalculator.co.uk https://www.google.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.scukcalculator.co.uk https://*.widget.scukcalculator.co.uk https://widget.scukcalculator.co.uk https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com www.google-analytics.com https://www.googletagmanager.com https://www.google.com; img-src 'self' https://*.rackcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; object-src https://www.scukcalculator.co.uk 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.mx 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.mx; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.eu01.nr-data.net *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.mx; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.mx images.fashiola.mx cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors drp.davcor.com.au beta.freshware.com.au www.freshware.com.au new.daveweb.com.au https://*.frontapp.com https://*.frontapplication.com; 1
default-src 'none';  script-src 'self' 'unsafe-eval' https://ajax.googleapis.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://cdn.heapanalytics.com;  font-src 'self' https://fonts.gstatic.com;  connect-src 'self' ws: wss: https://bbm-user-data-stag.s3.amazonaws.com https://bbm-user-data-prod.s3.amazonaws.com https://testvets.eu.auth0.com https://cognito-identity.eu-west-1.amazonaws.com https://in.hotjar.com https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://csmetrics.hotjar.com  https://o23349.ingest.sentry.io https://ekr.zdassets.com  https://vetportal.zendesk.com https://zendesk-eu.my.sentry.io/ https://graphql.manyvets.com https://graphql.testvets.xyz https://*.launchdarkly.com https://*.appsync-api.eu-west-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://manyvetsupload185509-prod.s3.eu-west-1.amazonaws.com https://manyvetsupload151026-stag.s3.eu-west-1.amazonaws.com https://heapanalytics.com https://*.algolia.net https://*.algolianet.com;  img-src 'self' data: https://heapanalytics.com  https://secure.gravatar.com https://s.gravatar.com https://*.wp.com;  style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;  frame-src  https://testvets.eu.auth0.com https://vars.hotjar.com;  frame-ancestors 'self'; form-action 'self';  report-uri https://o23349.ingest.sentry.io/api/6235110/security/?sentry_key=55f6f4fcd87a4cbc9fbcc2ebea4b91e0&sentry_environment=production; 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app  https://www.ponts.org/  https://www.unipef.org/  https://www.aigpef.org/  https://www.ponts.org/   ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self'  https://www.ponts.org/ https://www.unipef.org/ https://www.aigpef.org/ https://www.ponts.org/; base-uri https://www.ponts.org/; form-action 'self' https://login.microsoftonline.com/ https://ponts.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com  https://www.ponts.org/ https://www.unipef.org/ https://www.aigpef.org/ https://www.ponts.org/ 1
font-src *.googleapis.com *.twitter.com *.gstatic.com *.cloudflare.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com *.redsys.es payments.epdq.co.uk *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.twitter.com *.vimeo.com *.trustpilot.com *.instagram.com *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.ytimg.com *.doubleclick.net *.mastercard.com *.pinterest.com *.google.com *.facebook.com d3k81ch9hvuctc.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.stripe.com *.fontawesome.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.clickcease.com *.gstatic.com *.twitter.com *.trustpilot.com *.tiktok.com *.facebook.net *.pinimg.com *.doubleclick.net *.instagram.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net sandbox-assets.secure.checkout.visa.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com unsafe-inline assets.braintreegateway.com *.fontawesome.com fonts.googleapis.com static.afterpay.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com region1.analytics.google.com *.doubleclick.net *.pinterest.com *.tiktok.com *.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://denhelder.maps.arcgis.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-YzI0NTZhZTYtOTA1ZC00ODk4LTg3NDMtY2U4N2U2YjU1ZTI3' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://vttts.readspeaker.com; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-YzI0NTZhZTYtOTA1ZC00ODk4LTg3NDMtY2U4N2U2YjU1ZTI3' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src 'self' 'unsafe-inline' *.spring-gds.com spring-gds.containers.piwik.pro spring-gds.piwik.pro *.sentry.io open.spotify.com www.ivoox.com; img-src 'self' data: *.spring-gds.com www.gravatar.com 'unsafe-inline' 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://static.ads-twitter.com  'nonce-YmJlZGFiNmYtZGY3Yy00ZmM3LTljNjUtN2ZkMzAyNmI1NWQ3'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-488299fee7f820336cbfe496448e4bc2'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://benhollis.net https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://benhollis.net; connect-src 'self' https://cloudflareinsights.com; img-src 'self' data: https://benhollis.net; child-src 'self'; frame-src 'self'; prefetch-src 'self'; object-src 'self'; manifest-src 'self'; font-src 'self' data: https://benhollis.net; 1
default-src 'self' 'unsafe-inline'; media-src 'self' *.livechatinc.com *.cpsserv.com; font-src 'self'  data: *.livechatinc.com *.googleusercontent.com *.fortawesome.com *.googleapis.com *.gstatic.com *.typekit.net *.cpsserv.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com optanon.blob.core.windows.net *.feefo.com *.visualwebsiteoptimizer.com *.nr-data.net *.newrelic.com *.barmyarmy.com *.sportsbreaks.local *.sportsbreaks.dev *.sportsbreaks.com *.postcodeanywhere.co.uk *.pcapredict.com *.nosto.com *.msn.com *.bing.com *.hotjar.com *.googleadservices.com *.googleapis.com *.doofinder.com *.google.com *.google.co.uk *.gstatic.com *.livechatinc.com *.facebook.com *.twitter.com *.ads-twitter.com *.google-analytics.com *.googletagmanager.com  *.facebook.net *.doubleclick.net *.fortawesome.com *.turn.com *.boldchat.com *.composecontact.co.uk *.cloudflare.com unpkg.com cdn.cookielaw.org cdn.tiny.cloud *.cpsserv.com *.jsdelivr.net *.avocet.io *.avct.cloud *.trak.ee *.clarity.ms *.tiktok.com tiktok.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com optanon.blob.core.windows.net *.feefo.com *.visualwebsiteoptimizer.com *.nr-data.net *.newrelic.com *.barmyarmy.com *.sportsbreaks.local *.sportsbreaks.dev *.sportsbreaks.com *.postcodeanywhere.co.uk *.pcapredict.com *.nosto.com *.msn.com *.bing.com *.hotjar.com *.googleadservices.com *.googleapis.com *.doofinder.com *.google.com *.google.co.uk *.gstatic.com *.livechatinc.com *.facebook.com *.twitter.com *.ads-twitter.com *.google-analytics.com *.googletagmanager.com  *.facebook.net *.doubleclick.net *.fortawesome.com *.turn.com *.boldchat.com *.composecontact.co.uk *.cloudflare.com unpkg.com cdn.cookielaw.org cdn.tiny.cloud *.cpsserv.com *.avocet.io *.avct.cloud *.jsdelivr.net *.trak.ee *.clarity.ms *.tiktok.com tiktok.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com assets-v2-prod.campaignware.com *.ttwstatic.com *.instagram.com destinationsportexperiences.com *.destinationsportexperiences.com; img-src 'self' 'unsafe-inline'  data: *.feefo.com optanon.blob.core.windows.net *.visualwebsiteoptimizer.com *.postcodeanywhere.co.uk *.yieldlab.net *.postcodeanywhere.co.uk *.barmyarmy.com *.sportsbreaks.local *.sportsbreaks.dev *.placehold.it *.gstatic.com *.boldchat.com *.google.com *.google.co.uk *.bing.com *.nosto.com *.livechatinc.com *.google-analytics.com *.facebook.com *.googleapis.com *.doubleclick.net t.co *.tinymce.com *.cpsserv.com ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.amazonaws.com *.bidswitch.net placeholder.com *.placeholder.com; style-src 'self' 'unsafe-inline' optanon.blob.core.windows.net *.postcodeanywhere.co.uk *.barmyarmy.com *.sportsbreaks.local *.sportsbreaks.dev *.googleapis.com *.fortawesome.com *.google.com *.cloudflare.com *.gstatic.com *.typekit.net cdn.tiny.cloud *.cpsserv.com *.livechatinc.com *.jsdelivr.net *.trak.ee ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.ttwstatic.com feefo.com *.feefo.com; connect-src 'self' *.feefo.com *.postcodeanywhere.co.uk *.google-analytics.com *.nr-data.net *.nosto.com *.hotjar.com *.hotjar.io *.doofinder.com unpkg.com cdn.cookielaw.org *.googleadservices.com *.google.co.uk *.cpsserv.com *.livechatinc.com *.doubleclick.net *.trak.ee *.clarity.ms ibytedtos.com *.ibytedtos.com tiktokcdn.com *.tiktokcdn.com *.tiktok.com *.analytics.google.com; object-src 'self' *.livechatinc.com; child-src 'self' 'unsafe-inline' youtube.com youtu.be *.youtu.be *.youtube.com *.v-psp.com *.ogone.com *.facebook.com *.hotjar.com *.doubleclick.net *.livechatinc.com *.google.com *.composecontact.co.uk *.cpsserv.com *.trak.ee *.tiktok.com photoupload.campaignware.com *.benchvote.com *.instagram.com destinationsportexperiences.com *.destinationsportexperiences.com spotify.com *.spotify.com; frame-ancestors 'self' *.v-psp.com *.livechatinc.com *.cpsserv.com *.tourofbritain.co.uk tourofbritain.co.uk *.womenstour.co.uk womenstour.co.uk *.tourseries.co.uk tourseries.co.uk *.trak.ee *.tiktok.com; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-c869599745ec466a876f4900d3025e9c' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.investisdigital.com google-analytics.com google-analytics.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investisdigital.com otp.tools.investis.com cdn.rawgit.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com www.recaptcha.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
frame-ancestors 'self'  https://spark-cms.com  https://www.spark-cms.com https://cdn-ukwest.onetrust.com http://localhost:8080 https://www.tedbingo.com https://www.vegasspins.com https://www.bootybingo.com https://www.bingoextra.com https://www.givebackbingo.com https://www.moongames.com https://www.xlcasino.com https://www.twofatladies.co.uk https://www.velvetbingo.com https://www.wickedjackpots.com https://www.loonybingo.com https://www.luckypence.com https://www.tiptopbingo.com https://www.cupcakebingo.com https://www.divabingo.com https://www.pickmeupbingo.com https://www.chatmagbingo.com https://www.womanbingo.com https://www.womansown-bingo.co.uk https://www.bingogiving.com https://www.gossipbingo.com https://www.silkbingo.com https://www.slotahoy.com https://www.moonbingo.com https://www.robinhoodbingo.com https://www.glitterbingo.com https://www.lippybingo.com https://www.wewantbingo.com https://www.gloriousbingo.com https://www.spectrabingo.com https://www.neonbingo.com https://www.slotranch.com https://www.onceuponabingo.com https://www.bingoirish.com https://www.polobingo.com https://www.sugarbingo.com https://www.bingolicious.com https://www.slotsofdosh.com https://www.solarspins.com https://www.genieriches.com https://www.jackpotcafe.co.uk https://www.jackpotliner.co.uk https://www.kingjackpot.co.uk https://www.rubyriches.co.uk https://www.dublinwins.com https://www.irishspins.com https://www.cherrywins.com https://www.alohaslots.com https://www.favbingo.com https://www.slotheroes.com; 1
object-src 'none'; base-uri 'self'; img-src 'self' https://www.nextseed.com https://prod-cdn-us-east-1.nextseed.com blob: data: https://*.froala.com https://maps.gstatic.com https://static.intercomassets.com https://js.intercomcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://rs.fullstory.com https://bat.bing.com https://www.facebook.com https://intercom.help https://downloads.intercomcdn.com https://px.ads.linkedin.com https://p.adsymptotic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src blob: 'self' 'unsafe-inline' https://code.ionicframework.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://code.ionicframework.com https://fonts.gstatic.com https://js.intercomcdn.com https://nextseed.account.box.com https://cdnjs.cloudflare.com; frame-ancestors 'self' https://*.docusign.net; form-action 'self' https://www.facebook.com https://intercom.help; upgrade-insecure-requests; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-ZWd+2uTVc0stX1KqPo6K3Q==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MTA4ZGNkYWU0MTEyNDVhYmIwNzYzMjljNjI4NzhkMDc=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.onderwijsinspectie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.prontocasino.com https://*.prontocasino.se https://*.premierlivecasino.com https://*.premierlivecasino.se https://livecasino.prontocasino.com https://livecasino.premierlivecasino.com https://livecasino.oddsextra.com https://premiergaming-static.casinomodule.com https://premiergamingse-static.casinomodule.com https://premiergaming-livegame.casinomodule.com https://*.yggdrasilgaming.com https://bmtcw.playngonetwork.com https://nolimitjs.nolimitcdn.com https://d1k6j4zyghhevb.cloudfront.net https://trustly.com https://*.trustly.com https://*.zendesk.com https://*.go2cloud.org https://*.johnslots.com https://slotsia.com https://slotsia.com/* 1
frame-ancestors: none 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jobylon.com ajax.aspnetcdn.com connect.facebook.net *.hotjar.com *.g.doubleclick.net s.yimg.com bat.bing.com snap.licdn.com www.youtube.com www.gstatic.com cdn.cookielaw.org dl.episerver.net hello.myfonts.net www.google.com www.google.se *.google-analytics.com ajax.googleapis.com *.googletagmanager.com *.outlook.com adtr.io cdn.feedbackify.com *.webserviceaward.com *.matomo.cloud  *.rekai.se s3.amazonaws.com code.jquery.com netdna.bootstrapcdn.com ledsf.my.site.com; connect-src 'self' *.facebook.com cnv.adt659.com *.onetrust.com bat.bing.com *.hotjar.io *.hotjar.com cdn.linkedin.oribi.io s.yimg.com cdn.cookielaw.org *.google-analytics.com stats.g.doubleclick.net ledarnas.matomo.cloud  view.rekai.se predict.rekai.se ledsf.my.salesforce-scrt.com;img-src 'self' www.ledarna.se *.ledarnaweb.kundtest.se ledarna.se *.facebook.com *.cloudfront.net *.ytimg.com *.vimeocdn.com bat.bing.com px.ads.linkedin.com sp.analytics.yahoo.com cdn.cookielaw.org *.google-analytics.com www.google.com www.google.se resources.mynewsdesk.com cdn.feedbackify.com www.w3.org/2000/svg;style-src 'self' 'unsafe-inline' custom-joblist.s3.amazonaws.com netdna.bootstrapcdn.com ledsf.my.site.com;base-uri 'self';form-action 'self' ledarna.se *.facebook.com *.ledarna.se login.grandid.com; frame-ancestors 'self'; frame-src 'self' dreambroker.com *.soundcloud.com *.facebook.com embed.acast.com www.google.com www.youtube.com vars.hotjar.com player.vimeo.com ledsf.my.site.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.thenmusa.org https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://rtd-tm.everesttech.net https://*.everestjs.net https://*.googleadservices.com https://code.jquery.com; img-src 'self' data: https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://*.everesttech.net https://www.facebook.com https://secure.gravatar.com *.doubleclick.net https://*.pubmatic.com https://arttrk.com; style-src 'self' 'unsafe-inline' https://*.thenmusa.org https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://*.fls.doubleclick.net https://pixel.everesttech.net https://www.everestjs.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://artsandculture.google.com https://*.knightlab.com https://matterport.com https://prezi.com https://omeka.org https://vimeo.com https://player.vimeo.com/ https://prezi.com/ https://my.matterport.com/ https://video.thenmusa.org https://videocenter.nmusa-blue.net; object-src 'none'; connect-src 'self' https://*.thenmusa.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://*.thenmusa.org blob:; worker-src blob: 1
default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.addtoany.com  https://*.ads-twitter.com https://*.adsymptotic.com  https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.buzzsprout.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://code.createjs.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.fullstory.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com  https://*.gravatar.com https://*.gravityforms.com  https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.imagify.io https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.netdna-ssl.com https://*.newrelic.com https://*.pardot.com https://*.paypalobjects.com https://*.ravenjs.com https://*.sharethis.com https://*.soundcloud.com  https://*.tablepress.org https://*.tablepress.org https://*.tandf.co.uk https://*.tandfonline.com  https://*.taylorandfrancis.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.yoast.com https://*.youku.com https://*.youtube.com https://*.yumpu.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://imagify.io https://placehold.it https://*.regionalstudies.org https://regionalstudies.us3.list-manage.com https://regionalstudies.org https://t.co https://tandfapi.co.uk https://wpengine.com https://wpmudev.com https://yoast.com 1
frame-ancestors 'self'; script-src 'nonce-b22c0b6c12fd61334cd75706021022c3' 'strict-dynamic' 'unsafe-eval'; base-uri 'self'; object-src 'self'; 1
default-src 'self' 'unsafe-inline' https: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-rkkLvnu9B/M92BgNy7zTPQZub+eJDjDgaY6XxKqHB+HAwdoq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.gstatic.com https://static.payzen.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://vars.hotjar.com *.mb-1830.com *.google.com *.skeepers.io https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.google.com https://www.google.fr https://cl.avis-verifies.com https://axeptio.imgix.net *.mb-1830.com *.google.com *.skeepers.io *.axept.io https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://unpkg.com *.axept.io https://static.hotjar.com https://script.hotjar.com *.mb-1830.com *.google.com *.skeepers.io https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com *.mb-1830.com *.google.com *.axept.io https://static.payzen.eu/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mb-1830.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net *.axept.io *.mb-1830.com *.google.com *.google.fr https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://www.tradingview-widget.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://stats.wp.com https://www.google.com/recaptcha/api.js https://s3.tradingview.com/external-embedding/embed-widget-single-quote.js https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js https://static.tradingview.com/static/bundles/embed/runtime-embed_single_quote_widget.2b9ac25ef7e11123b0d7.js;style-src 'self' 'unsafe-inline' http://netdna.bootstrapcdn.com http://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self'  data: 'unsafe-inline' https://fonts.googleapis.com/css https://fonts.googleapis.com http://netdna.bootstrapcdn.com https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2; img-src 'self' data: 'unsafe-inline' http://pixel.wp.com/g.gif https://cbpssubscriber.mygov.in https://www.bharatforge.com;  1
default-src 'none'; connect-src 'self' https://*.sentry.io https://analytics.google.com https://www.google-analytics.com; font-src 'self' https://cdn.matsurihi.me https://fonts.gstatic.com; img-src 'self' data: https://storage.matsurihi.me; script-src 'self' https://cdn.matsurihi.me 'strict-dynamic' 'nonce-xFrkcqz+dRT+dVYcvjBC8lYIIkywJapYKOpKaHzexcg='; style-src 'self' https://cdn.matsurihi.me https://fonts.googleapis.com; base-uri 'none'; report-uri https://o4504033107902464.ingest.sentry.io/api/4504139779473408/security/?sentry_key=9bef1105ad3e498db440f362c1fce637&sentry_environment=prod&sentry_release=welcome-js%406251f68; 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
default-src 'self' https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net *.googletagmanager.com *.imi.chat *.googleapis.com https://www.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net/ https://www.google.com/ *.fontawesome.com https://apikeys.civiccomputing.com/ *.hotjar.com https://vc.hotjar.io/ https://www.facebook.com/ *.career-pathways.co.uk/ *.issuu.com *.apprenticeships.org.uk https://www.fejobs.com https://player.vimeo.com; script-src 'unsafe-inline' 'unsafe-eval' *.career-pathways.co.uk/ *.fontawesome.com https://unpkg.com https:; style-src 'unsafe-inline' https://fonts.googleapis.com https:; img-src 'self' data: https:; font-src 'self' https://fonts.googleapis.com data: https:; connect-src 'self' wss: https:; 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: ajax.aspnetcdn.com https://nqc-content.azureedge.net *.gstatic.com *.googleapis.com *.supplierassurance.com supplierassurance.com *.tinymce.com *.tiny.cloud *.google-analytics.com *.googletagmanager.com *.azureedge.net *.azure.net www.google.com www.youtube.com *.nqc.com services.nvd.nist.gov *.stripe.com d3js.org *.cloudflare.com www.gdacs.org https://unpkg.com/deck.gl@8.9.0/dist.min.js *.gravatar.com accounts.google.com www.recaptcha.net assets.calendly.com https://calendly.com https://8x8.vc/vpaas-magic-cookie-2260f21c7717499eb85eeeb427bd35b2/external_api.js https://8x8.vc/ 1
default-src 'self'  https://*.wogaa.sg https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.onemap.sg/ https://*.youtube.com https://*.youtube-nocookie.com https://cdn.embedly.com https://*.googletagmanager.com https://*.vica.gov.sg/ https://va.ecitizen.gov.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.wogaa.sg https://*.dcube.cloud https://assets.adobedtm.com/ https://www.google-analytics.com https://*.onemap.sg/ https://cdn.embedly.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg https://*.vica.gov.sg/ https://*.googletagmanager.com https://cdn.jsdelivr.net/ https://*.google.com/ https://google.com/recaptcha/ https://*.gstatic.com/; img-src 'self' data: https://analytics.google.com/ https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net  https://*.onemap.sg/ https://i.ytimg.com/ https://*.ytimg.com/  https://cdn.embedly.com https://*.vica.gov.sg/ https://www1.bca.gov.sg https://cdn.jsdelivr.net/ https://bucket-common.vica.gov.sg/ https://file.go.gov.sg/ https://s3-va-vica-common.s3.ap-southeast-1.amazonaws.com/ https://*.ecitizen.gov.sg/ https://www.bcaa.edu.sg/ https://www.googletagmanager.com/; connect-src 'self' https://analytics.google.com/ https://*.wogaa.sg https://*.dcube.cloud/ https://dpm.demdex.net/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net  https://*.onemap.sg/ https://cdn.embedly.com wss://*.vica.gov.sg/ https://*.vica.gov.sg/ https://bucket-vica.vica.gov.sg/ wws://*.vica.gov.sg/ https://api-vica-bp.vica.gov.sg/ https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com/ ; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/ https://assets.dcube.cloud/fonts/ https://*.googleapis.com  https://*.onemap.sg/ https://cdn.embedly.com https://*.vica.gov.sg/ https://cdn.jsdelivr.net/; font-src 'self' data: https://assets.wogaa.sg/fonts/ https://assets.dcube.cloud/fonts/ https://fonts.gstatic.com  https://*.onemap.sg/ https://cdn.embedly.com https://*.vica.gov.sg/; frame-src 'self' http://fast.wogaa.demdex.net/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://www.onemap.sg/ https://*.onemap.sg/ https://cdn.embedly.com https://*.gstatic.com/recaptcha https://google.com/recaptcha https://*.google.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://beach.city; img-src 'self' https: data: blob: https://beach.city; style-src 'self' https://beach.city 'nonce-VXmSChWRBi52TSzNkHkAyA=='; media-src 'self' https: data: https://beach.city; frame-src 'self' https:; manifest-src 'self' https://beach.city; form-action 'self'; connect-src 'self' data: blob: https://beach.city https://beach.city wss://beach.city; script-src 'self' https://beach.city 'wasm-unsafe-eval'; child-src 'self' blob: https://beach.city; worker-src 'self' blob: https://beach.city 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com http: https: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http: https: 'self' 'unsafe-inline'; frame-ancestors www.virtuo-reality.com yulvr.ca virtuo.trevi.com magasin360.trevi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * http: https: www.google.com yulvr.ca virtuo.trevi.com magasin360.trevi.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca *.bird.eu *.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com http: https: amasty.com static.hsappstatic.net track.hubspot.com forms.hsforms.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.affirm.com *.affirm.ca *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.google.com/ https://gatewayt.moneris.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com http: https: demandesdefinancementapiqa.trevi.ca connect.facebook.net www.gstatic.com googletagmanager.com script.hotjar.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hsforms.net js.hs-scripts.com js-na1.hs-scripts.com static.hsappstatic.net www.youtube.com magasin360.trevi.com yulvr.ca www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com http: https: www.gstatic.com static.hsappstatic.net hello.myfonts.net 'self' 'unsafe-inline'; object-src magasin360.trevi.com yulvr.ca 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com http: https: wss: www.google.com hotjar.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com magasin360.trevi.com yulvr.ca http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-4cf20d2d3007473eaf9fcbc906e60edc' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com www.domtoren.nl *.checkoutshopper-test.adyen.com https://checkoutshopper-test.adyen.com *.adyen.com https://checkoutshopper-live.adyen.com 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com static.moliri.dk *.azure.com *.google-analytics.com *.doubleclick.net data: www.gstatic.com statservicefunctions.azurewebsites.net hearingportalfilestorage.blob.core.windows.net cookiecontrol.bleau.dk *.devtunnels.ms api-eu1.cludo.com *.fredensborg.dk *.ritzau.dk *.cdn.septima.dk *.chatbot.dendigitalehotline.dk *.plandata.dk api.dataforsyningen.dk api.cludo.com api-eu1.cludo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdhsign.dk cdnjs.cloudflare.com unpkg.com static.moliri.dk customer.cludo.com *.gstatic.com npmcdn.com *.fredensborg.dk *.ritzau.dk *.cdn.septima.dk *.plandata.dk api.dataforsyningen.dk chatbot.dendigitalehotline.dk player.skyfish.com;script-src 'self' 'unsafe-inline' *.moliri.dk *.bleau.dk *.cludo.com *.gstatic.com *.monsido.com moliricdn.azurewebsites.net *.azure.com cdn.jsdelivr.net cookiecontrol.bleau.dk *.devtunnels.ms  *.fredensborg.dk *.ritzau.dk 'unsafe-eval'   cdn.skyfish.com *.cdn.septima.dk *.plandata.dk api.dataforsyningen.dk api.cludo.com chatbot.dendigitalehotline.dk player.skyfish.com  code.jquery.com;frame-ancestors https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com *.youtube.com https://chatbot.dendigitalehotline.dk via.ritzau.dk player.skyfish.com;frame-src https://admin.moliri.dk https://admin-beta.moliri.dk https://localhost:5001 https://localhost:44337 *.videotool.dk *.vimeo.com *.youtube.com https://chatbot.dendigitalehotline.dk via.ritzau.dk player.skyfish.com;img-src 'self'  data: hearingportalfilestorage.blob.core.windows.net cdhsign.dk *.cludo.com static.moliri.dk *.monsido.com *.devtunnels.ms moliri.dk *.fredensborg.dk *.ritzau.dk  cdn.skyfish.com player.skyfish.com *.cdn.septima.dk chatbot.dendigitalehotline.dk *.plandata.dk api.dataforsyningen.dk services.datafordeler.dk b0902-prod-dist-app.azurewebsites.net naturarealdatageo.miljoeportal.dk septima.dk;media-src 'self' dreambroker.com youtube.com vimeo.com molirivideostorage.blob.core.windows.net cdhsign.dk delivery.twentythree.com cdn.skyfish.com *.cloudfront.net *.devtunnels.ms cdn.skyfish.com player.skyfish.com https://media.videotool.dk; 1
frame-ancestors http://www.commercialuavnews.com https://divcomplatform.s3.amazonaws.com 1
frame-ancestors 'self'; default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://runningfree.com:3000 https://runningfree.com:3000 https://www.google-analytics.com https://rum-collector-2.pingdom.net; 1
default-src 'self';object-src 'none';base-uri 'none';connect-src 'self' *.meilisearch.com *.meilisearch.io *.vercel-insights.com *.vercel.app *.qogita.com api.addressy.com api.segment.io api.smooch.io wss://api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com fonts.googleapis.com media.smooch.io app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu browser-intake-datadoghq.eu hooks.zapier.com *.hubapi.com *.hs-banner.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.facebook.com bat.bing.com *.clarity.ms *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googlesyndication.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com translate.google.com translate.googleapis.com www.gstatic.com vitals.vercel-insights.com prod-private-documents-qogita.s3.eu-central-1.amazonaws.com;form-action 'self' *.facebook.com *.hsforms.com;frame-src 'self' *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.doubleclick.net *.facebook.com widget.trustpilot.com *.googlesyndication.com sas.selleramp.com *.typeform.com;frame-ancestors 'self';img-src 'self' data: blob: *.qogita.com *.meilisearch.com *.meilisearch.io *.vercel-insights.com *.vercel.app api.addressy.com api.segment.io api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com media.smooch.io js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com px.ads.linkedin.com *.linkedin.com *.facebook.com *.clarity.ms *.bing.com *.google.com google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g.doubleclick.net *.analytics.google.com *.googletagmanager.com *.google-analytics.com  fonts.googleapis.com translate.google.com translate.googleapis.com fonts.gstatic.com www.gstatic.com *.google-analytics.com;script-src 'self' *.qogita.com *.hsadspixel.net *.hs-analytics.net js.hscta.net static.hsappstatic.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com connect.facebook.net bat.bing.com *.clarity.ms snap.licdn.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com www.google.com *.google.com *.doubleclick.net widget.trustpilot.com *.cloudflareinsights.com 'sha256-mxax+/JBnCCPAXWfE0JH5W+Rwvj+FX3HWBcv+XYEHlE=' 'sha256-2WVULmC8EPYkJi8doaKPjZuLvjm6McZ1LMrFwe1LOaM=' 'sha256-yMMCBP0mrmNvJUPtOL1vmNgX+K0SePEVWjWNF3ViPbI=' 'report-sample';style-src 'self' 'unsafe-inline' *.meilisearch.com *.meilisearch.io *.vercel-insights.com *.vercel.app *.qogita.com api.addressy.com api.segment.io api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com fonts.googleapis.com media.smooch.io translate.google.com translate.googleapis.com www.gstatic.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net 'report-sample';style-src-elem 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com 'report-sample';style-src-attr 'self' 'unsafe-inline' 'report-sample';child-src *.hsforms.com;media-src 'self' data: qogita-prod.imgix.video stream.media.imgix.video;font-src data: fonts.gstatic.com github.com *.qogita.com admin.fbamultitool.com fonts.cdnfonts.com;worker-src 'self' blob: *.hsforms.net *.hsforms.com;report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub49c2e7225909645d16c0e630b821edff&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awww.qogita.com%2Cenv%3Aprod 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' static.b-ite.com cs-assets.b-ite.com https://translate.googleapis.com https://translate.google.com https://translate-pa.googleapis.com https://api.signalize.com https://www.deutsches-ausschreibungsblatt.de https://code.jquery.com https://abfallnavi.de https://player.podigee-cdn.net https://www.meldooplus.de http://translate.google.com cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com www.etracker.de; style-src 'self' 'unsafe-inline' static.b-ite.com cs-assets.b-ite.com https://translate.googleapis.com https://www.gstatic.com http://translate.google.com 1
frame-ancestors 'self' https://reg18.smp.ne.jp; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.dk https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.dk https://m.lookfantastic.dk https://checkout.lookfantastic.dk https://www.glossybox.dk https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://remote.captcha.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors summitchurch.com dev.summitchurch.com www.summitchurch.com app.signnow.com 1
default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://eutils.ncbi.nlm.nih.gov http://eutils.ncbi.nlm.nih.gov eutils.ncbi.nlm.nih.gov; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org data:; media-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net 'unsafe-inline' 1
default-src 'self' data: https://felibs.dev.cglcloud.in https://felibs.mycargill.com https://www.cargill.com https://recaptcha.net https://www.google.com https://demo.barchart.com https://www.google.com  https://recaptcha.net https://www.gstatic.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://global.oktacdn.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://*.2o7.net https://felibs.dev.cglcloud.in https://assets.flex.twilio.com https://*.mycargill.com https://activitymap.adobe.com https://www.google-analytics.com https://www.googletagmanager.com https://*.salesforceliveagent.com https://www.cargill.com https://ajax.cloudflare.com https://static.cftest5.cn https://static.cloudflareinsights.com https://leapfull-leapfull.cs123.force.com https://service.force.com https://cargillleap--csstedev.my.salesforce.com https://csstedev-cargillleap.cs44.force.com https://static.lightning.force.com https://d.la2-c1cs-ia2.salesforceliveagent.com https://cargillleap--leapfull.cs123.my.salesforce.com https://d.la1-c1cs-ia4.salesforceliveagent.com https://recaptcha.net https://code.jquery.com https://demo.barchart.com https://cargillinc.sc.omtrdc.net https://assets.adobedtm.com https://data.cmcore.com https://tmscdn.coremetrics.com https://data.coremetrics.com https://libs.coremetrics.com https://s7d2.scene7.com https://rsna1.cargill.com https://*.qualtrics.com https://consent-pref.trustarc.com https://cargill.secure.force.com https://service.force.com https://d.la2-c2-ia2.salesforceliveagent.com https://cargillleap.my.salesforce.com https://recaptcha.net https://www.google.com https://www.adobetag.com https://cdn.syndication.twimg.com https://platform.twitter.com https://consent.truste.com https://*.s3.amazonaws.com https://d96y3rjfk5o7l.cloudfront.net https://maps.googleapis.com https://zn5o7t0cdo93pinrh-cargillfeedback.siteintercept.qualtrics.com https://storage.googleapis.com https://www.gstatic.com https://assets.adobedtm.com https://data.coremetrics.com https://libs.coremetrics.com https://data.cmcore.com https://tmscdn.coremetrics.com https://rsna1.cargill.com https://cargillinc.sc.omtrdc.net https://*.qualtrics.com https://s7d2.scene7.com https://ok1static.oktacdn.com https://consent.truste.com https://consent.trustarc.com https://consent-pref.trustarc.com https://demo.barchart.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://felibs.dev.cglcloud.in https://*.mycargill.com https://www.cargill.com https://leapfull-leapfull.cs123.force.com https://service.force.com https://csstedev-cargillleap.cs44.force.com https://fast.fonts.net https://fonts.googleapis.com https://demo.barchart.com https://service.force.com https://cargill.secure.force.com https://cargillleap.my.salesforce.com https://fast.fonts.net https://www.google.com https://platform.twitter.com https://rsna1.cargill.com https://s7d2.scene7.com https://*.qualtrics.com https://demo.barchart.com; img-src 'self' data: https://khms1.googleapis.com https://khms0.googleapis.com  https://miappstorage.dev.cglcloud.in https://img.youtube.com https://www.weatheronline.co.uk https://*.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://*.mycargill.com https://www.cargill.com https://consent-or.trustarc.com https://consent-pref.trustarc.com https://cm.everesttech.net https://www.cargillag.ca https://beta.cargillag.com https://www.cargillag.com https://seeklogo.com https://maps.gstatic.com https://pbs.twimg.com https://syndication.twitter.com https://recaptcha.net https://www.gstatic.com https://s7d2.scene7.com https://recaptcha.net https://platform.twitter.com https://data.cmcore.com https://maps.googleapis.com https://www.gstatic.com https://data.coremetrics.com https://tmscdn.coremetrics.com https://s7d2.scene7.com  https://cargillinc.sc.omtrdc.net https://*.qualtrics.com https://consent.trustarc.com https://*.s3.amazonaws.com blob: https://www.google-analytics.com; connect-src 'self' https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://maps.googleapis.com https://fields-boundaries-api.prod-dp.onesoil.ai  https://*.2o7.net https://mcs.us1.twilio.com https://felibs.dev.cglcloud.in https://api.country.is https://global.oktacdn.com https://fast.fonts.net https://felibs.mycargill.com  https://iam.twilio.com https://flex-api.twilio.com https://assets.flex.twilio.com wss://tsock.us1.twilio.com https://*.mycargill.com https://activitymap.adobe.com https://d96y3rjfk5o7l.cloudfront.net https://consent-or.trustarc.com https://fonts.gstatic.com https://fonts.googleapis.com https://beta.cargillag.com https://dpm.demdex.net https://api-stage.stage.cglcloud.com.cn https://leapfull-leapfull.cs123.force.com https://csstedev-cargillleap.cs44.force.com https://cargillleap--leapfull.cs123.my.salesforce.com https://cargillinc.sc.omtrdc.net https://browser-http-intake.logs.datadoghq.com https://www.cargillag.ca https://www.cargillag.com https://beta.cargillag.com https://recaptcha.net https://www.cargillag.com wss://wsqs-e-barchart.aws.barchart.com https://instruments-prod.aws.barchart.com https://webapp-proxy.aws.barchart.com https://barchartwidgets.websol.barchart.com https://cargillus.websol.barchart.com https://cargillag.websol.barchart.com https://api.cglcloud.com https://cargillcustomer-uat.oktapreview.com https://*.s3.amazonaws.com https://rum-http-intake.logs.datadoghq.com https://cargill.secure.force.com https://recaptcha.net https://browser-http-intake.logs.datadoghq.com https://www.google.com https://www.gstatic.com https://assets.adobedtm.com https://zn5o7t0cdo93pinrh-cargillfeedback.siteintercept.qualtrics.com https://storage.googleapis.com https://cargillcustomer-uat.oktapreview.com https://api.cglcloud.com https://cargillcustomer.okta-emea.com https://s7d2.scene7.com https://s7mbrstream.scene7.com https://*.qualtrics.com https://consent.truste.com https://consent.trustarc.com https://consent-pref.trustarc.com https://trackerapi.trustarc.com https://*.s3.amazonaws.com https://www.cargillag.ca https://www.cargillag.com https://beta.cargillag.com  https://cargillag.com wss://wsqs-e-barchart.aws.barchart.com https://instruments-prod.aws.barchart.com https://webapp-proxy.aws.barchart.com https://barchartwidgets.websol.barchart.com https://cargillus.websol.barchart.com https://cargillag.websol.barchart.com https://www.google-analytics.com; frame-src 'self' https://app.truelook.cloud https://players.brightcove.net https://forms.office.com https://activitymap.adobe.com https://www.youtube.com https://www.youtube-nocookie.com https://app.powerbi.com https://submit-irm.trustarc.com https://recaptcha.net https://cargillinc.demdex.net https://cloud.info.cargill.com https://pages.info.cargill.com https://beta.cargillag.com https://beta.cargillag.com https://service.force.com https://cargillleap--csstedev.my.salesforce.com https://www.cargillag.ca https://www.cargillag.com https://beta.cargillag.com https://www.cargillag.com https://syndication.twitter.com https://service.force.com https://cargillleap.my.salesforce.com https://www.google.com https://platform.twitter.com https://www.google.com https://cargill.tfaforms.net https://*.qualtrics.com https://consent.trustarc.com https://consent-pref.trustarc.com https://www.cargillag.ca https://www.cargillag.com https://beta.cargillag.com https://cargillag.com https://cargillcustomer.okta-emea.com blob:; media-src 'self' data: https://s7mbrstream.scene7.com https://s7d2.scene7.com  https://*.s3.amazonaws.com blob:; worker-src 'self' blob:; object-src 'self' blob:; 1
base-uri 'none'; object-src 'none'; script-src https://bbs.powerapple.com/logs/ https://bbs.powerapple.com/sidekiq/ https://bbs.powerapple.com/mini-profiler-resources/ https://bbs.powerapple.com/assets/ https://bbs.powerapple.com/brotli_asset/ https://bbs.powerapple.com/extra-locales/ https://bbs.powerapple.com/highlight-js/ https://bbs.powerapple.com/javascripts/ https://bbs.powerapple.com/plugins/ https://bbs.powerapple.com/theme-javascripts/ https://bbs.powerapple.com/svg-sprite/; worker-src 'self' https://bbs.powerapple.com/assets/ https://bbs.powerapple.com/brotli_asset/ https://bbs.powerapple.com/javascripts/ https://bbs.powerapple.com/plugins/ 1
default-src 'self'; connect-src *; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' blob: data: https://*.hostserver.de/ https://www.w3.org/ https://www.hosttest.de/images/ https://s.w.org/ https://ps.w.org/ https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.jsdelivr.net/npm/ https://platform.twitter.com/widgets/widgets.js https://www9.hostserver.de/piwik/piwik.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/webfont/; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com/; object-src 'self'; base-uri 'self'; frame-src 'self' https://www9.hostserver.de/ https://www.google.com/recaptcha/; worker-src https://www.google.com/recaptcha/; report-uri /csp/report.php 1
frame-ancestors apps.leisink.net; default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://stats.pusher.com/timeline/ https://js.pusher.com/4.1/ https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com/api/ https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://app.obi4wan.ai/api/ https://cloudstatic.obi4wan.com/api/ https://chatapi.obi4wan.com/api/ https://*.pusher.com/pusher/ https://sockjs-eu.pusher.com/pusher/ wss://ws-eu.pusher.com/app/ https://obipubvideo.s3.eu-central-1.amazonaws.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://subscriber.e-mark.nl; img-src 'self' https://cdn-eu.readspeaker.com https://cloudstatic.obi4wan.com https://s3-eu-west-1.amazonaws.com/obipub/ https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://fonts.googleapis.com https://youtube.com https://www.youtube.com https://tagmanager.google.com 'unsafe-inline' data: 'report-sample'; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.dash.simplyadmire.com https://dash.docker https://localhost:8080 https://www.medemblik.nl; object-src 'self' https://youtube.com https://www.youtube.com; report-to csp; child-src 'self' blob:; default-src 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; connect-src 'self' wss: https:; font-src 'self' https: data:; frame-src 'self' https: data: 'unsafe-inline'; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'self' https: data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://tools.euroland.com/;  font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; connect-src 'self' https://www.google-analytics.com/ https://apikeys.civiccomputing.com/ https://clapi.civiccomputing.com/; frame-src 'self' https://player.castr.com/ https://vimeo.com/ https://player.vimeo.com/ https://www.youtube.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/;             img-src 'self' https://dashboard.umbraco.org/ http://www.w3.org https://emperor.works/; 1
default-src 'self' *.criticalstart.com data: 'unsafe-inline'; script-src * 'self' data: 'unsafe-inline'; script-src-elem * 'self' data: 'unsafe-inline'; script-src-attr * 'self' data: 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; frame-src * 'self' 1
default-src 'self';img-src 'self' data:;object-src 'none';media-src *; block-all-mixed-content;style-src 'self' 'unsafe-inline';script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; 1
script-src 'self' https://www.telkomsigma.co.id/ 'unsafe-inline' 'unsafe-eval';  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://open-source-eschaton.net; img-src 'self' https: data: blob: https://open-source-eschaton.net; style-src 'self' https://open-source-eschaton.net 'nonce-/mA8m2b5T5HyUxuE/VKBiQ=='; media-src 'self' https: data: https://open-source-eschaton.net; frame-src 'self' https:; manifest-src 'self' https://open-source-eschaton.net; form-action 'self'; child-src 'self' blob: https://open-source-eschaton.net; worker-src 'self' blob: https://open-source-eschaton.net; connect-src 'self' data: blob: https://open-source-eschaton.net https://sb-enhpikondx.b-cdn.net wss://open-source-eschaton.net; script-src 'self' https://open-source-eschaton.net 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com https://www.google.com https://www.gstatic.com https://apis.google.com https://connect.facebook.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com https://www.google.com https://www.gstatic.com https://apis.google.com https://connect.facebook.net ; frame-src 'self' https://www.google.com https://www.gstatic.com https://bs.serving-sys.com https://accounts.google.com ; child-src 'self' ; frame-ancestors 'self' ;   1
default-src * data: https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' vv1a3ga23f.execute-api.us-east-1.amazonaws.com *.google.com fonts.gstatic.com  www.google-analytics.com ajax.googleapis.com www.googletagmanager.com webelb-1005694512.us-east-1.elb.amazonaws.com fe.sitedataprocessing.com *.competiscan.com assets.calendly.com fonts.googleapis.com; 1
frame-ancestors 'self'; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.google.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://v1.addthisedge.com https://s7.addthis.com https://z.moatads.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://m.addthisedge.com https://m.addthis.com https://api-public.addthis.com https://pagead2.googlesyndication.com https://adservice.google.co.uk https://adservice.google.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://www.googletagservices.com https://tpc.googlesyndication.com https://partner.googleadservices.com http://cdnjs.cloudflare.com http://az416426.vo.msecnd.net http://pagead2.googlesyndication.com http://www.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com https://html5shim.googlecode.com https://v1.addthisedge.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com; img-src 'self' data: https://www.fotosizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://m.addthisedge.com https://pagead2.googlesyndication.com https://v1.addthisedge.com http://pagead2.googlesyndication.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://s7.addthis.com https://googleads.g.doubleclick.net https://www.google.com https://platform.twitter.com/ https://tpc.googlesyndication.com http://www.facebook.com; connect-src 'self' https://dc.services.visualstudio.com https://m.addthis.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com 1
form-action https:; connect-src https: wss:; upgrade-insecure-requests 1
default-src * http: https: *.googlesyndication.com *.planyo.com data: blob:; script-src 'self' data: http: https: *.googlesyndication.com *.list-manage.com *.mailchimp.com *.honlapbirodalom.hu *.twitter.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.googleadservices.com *.getsmartlook.com *.mailchimp.com *.list-manage.com *.planyo.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: *.googlesyndication.com *.mailchimp.com *.list-manage.com *.honlapbirodalom.hu *.gstatic.com *.googleapis.com *.google.com *.cdn.mozilla.net www.facebook.com/plugins/like/connect *.planyo.com 'unsafe-inline' data: blob:; connect-src 'self' *; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-bec67e75fcb64b38bab34d11a4a23bbe' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.argos.ie https://m.argos.ie; report-uri https://www.argos.ie/csp-report 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://techforgood.social; img-src 'self' https: data: blob: https://techforgood.social; style-src 'self' https://techforgood.social 'nonce-Ky7Qvc3rk+Uvc9rozW1rbQ=='; media-src 'self' https: data: https://techforgood.social; frame-src 'self' https:; manifest-src 'self' https://techforgood.social; form-action 'self'; child-src 'self' blob: https://techforgood.social; worker-src 'self' blob: https://techforgood.social; connect-src 'self' data: blob: https://techforgood.social https://cdn.masto.host wss://techforgood.social; script-src 'self' https://techforgood.social 'wasm-unsafe-eval' 1
style-src player.podigee-cdn.net 'self' 'unsafe-inline' 'unsafe-eval' *.google.com fonts.googleapis.com *.googletagmanager.com optimize.google.com; child-src *.googlesyndication.com *.google.com *.googletagmanager.com *.doubleclick.net 'self' blob: *.facebook.com connect.facebook.net; base-uri 'self'; script-src script.hotjar.com static.hotjar.com *.migros.ch player.podigee-cdn.net connect.facebook.net graph.facebook.com js.facebook.com www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval' *.siteintercept.qualtrics.com siteintercept.qualtrics.com cdn.cookielaw.org *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googleanalytics.com *.googletagmanager.com maps.google.com maps.googleapis.com tagmanager.google.com *.googleoptimize.com optimize.google.com *.doubleclick.net *.gstatic.com gstatic.com; worker-src 'self' blob: www.google.com; object-src *.googlesyndication.com; form-action 'self' *.facebook.com connect.facebook.net *.google.com www.xcampaign.ch; frame-src webapp.migrosvaud.ch vars.hotjar.com player.podigee-cdn.net podigee.io cdn.cookielaw.org player.vimeo.com 'self' data: www.youtube.com www.google.com optimize.google.com *.facebook.com *.migros.ch; frame-ancestors 'self'; img-src *.qualtrics.com *.facebook.com 'self' data: cdn.cookielaw.org *.rokka.io *.migros.ch *.googletagmanager.com *.google-analytics.com *.google.com *.google.ch *.gstatic.com *.googleapis.com optimize.google.com; default-src *.migros.ch *.qualtrics.com 'self' cdn.cookielaw.org *.analytics.google.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.rokka.io *.onetrust.com www.facebook.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com player.podigee-cdn.net 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net;        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com;        media-src 'self';        frame-src https://www.google.com;        img-src 'self' data: https://www.google-analytics.com;        font-src 'self' data:  https://fonts.gstatic.com;        style-src-elem 'self' data: https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self' about:                  https://bam.nr-data.net https://js-agent.newrelic.com                  https://api-59081883.duosecurity.com                  https://secure.na1.echosign.com                  https://dncvmwin07.netchemistry.com https://pncvmwin09.netchemistry.com                  *.vimeo.com https://vimeo.com http://www.youtube.com https://www.youtube.com                  https://www.google.com;       script-src 'self' about: 'unsafe-inline' 'unsafe-eval'                  https://bam.nr-data.net https://js-agent.newrelic.com                  https://api-59081883.duosecurity.com                  https://secure.na1.echosign.com                  https://dncvmwin07.netchemistry.com https://pncvmwin07.netchemistry.com                  https://www.gstatic.com                  https://www.google.com;        style-src 'self' 'unsafe-inline'                  https://www.gstatic.com                  https://f.vimeocdn.com                  https://*.googleapis.com;          img-src 'self' blob: data: about:;         font-src 'self' data: about: 	         https://fonts.gstatic.com;        frame-src 'self'                  https://player.vimeo.com https://vimeo.com http://www.youtube.com https://www.youtube.com                  https://www.google.com;      form-action 'self';        report-to cspLogger;       report-uri /public/apps/cspLogger.mpl; 1
script-src http: https: https://m.quipply.com  'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.googleanalytics.com www.google-analytics.com bam.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' https://m.quipply.com; img-src data: http: https: google-analytics.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com *.zohocdn.com www.google-analytics.com www.googletagmanager.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.paypal.com cdn.justuno.com static.olark.com *.hotjar.com cdn.relets.com *.klaviyo.com *.zoho.com *.zohopublic.com *.zohocdn.com *.zohostatic.com dtzpfzv31buvf.cloudfront.net dyjgaef5vuq51.cloudfront.net cdn.jst.ai www.facebook.com *.rlets.com consentcdn.cookiebot.com 1
default-src 'self' https://*.stripe.com http://127.0.0.1:10000 https://*.dmds.com wss://*.dmds.com https://*.google-analytics.com fasp://* https://local.connectme.us:* https://v5media.dmds.com https://proddmdsstorage.blob.core.windows.net https://*.jwpcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com/ https://app.powerbi.com/ 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru analytics.tiktok.com acdn.tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru business.tinkoff.ru sentry.tinkoff.ru www.cdn-tinkoff.ru forma.tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru suggest-maps.yandex.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.youtube.com sf16-muse-va.ibytedtos.com s0.ipstatp.com static.bytedance.com sf19-scmcdn-va.ibytedtos.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru rtb-eu.b.otm-r.com sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com 'self' data: *.tcsbank.ru business-sg.topbuzz.com analytics.tiktok.com business.topbuzz.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org 'self' blob: data: *.tinkoff.ru *.tcsbank.ru https://www.youtube.com bytedance.com; font-src *.cdn-tinkoff.ru 'self' *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/pwacredit/log/csp-error?appName=pwacredit&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 1
default-src 'self' https:; object-src 'none'; img-src 'self' https: data:; script-src 'self' https://maps.googleapis.com 'nonce-AXA/SHfXudM7maduF4euvg=='; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; connect-src 'self' https: wss://www.latvijasnotars.lv wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src *; connect-src *; font-src *; frame-src *; img-src 'self' data: https:; manifest-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; media-src *; form-action *; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; base-uri 'none'; block-all-mixed-content; child-src 'self'; connect-src 'self' data: blob: nzcp.identity.health.nz o74861.ingest.sentry.io lilregie-attendee-file.s3.ap-southeast-2.amazonaws.com lilregie-events.s3.ap-southeast-2.amazonaws.com *.stripe.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.googleapis.com *.gstatic.com *.intercom.io *.intercomusercontent.com *.gensentry.com wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu connect.facebook.net; font-src 'self' data: *.typekit.net *.gstatic.com *.intercomcdn.com; form-action 'self' *.stripe.com *.paypal.com *.xero.com intercom.help *.intercom.io; frame-ancestors 'self'; frame-src 'self' *.stripe.com *.doubleclick.net *.google.com *.recaptcha.net *.intercom.io intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; img-src * data: data: blob: data:; manifest-src 'self'; media-src data: *.intercomcdn.com; object-src 'none'; script-src 'strict-dynamic' https: http: *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net blob: *.intercom.io *.intercomcdn.com 'nonce-/YtnFhddgtDSF6vxM8ovg8D1P7B/FHcjlVSWzhBmY0c=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: *.typekit.net *.google.com *.googleapis.com; upgrade-insecure-requests; worker-src 'self' blob: *.intercom.io intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://open.spotify.com https://www.congressweb.com https://d.adroll.mgr.consensu.org  https://static.addtoany.com https://www.google.com https://googleads.g.doubleclick.net  https://www.googleadservices.com https://www.google-analytics.com https://*.gstatic.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com/iframe_api https://s.ytimg.com https://static.ads-twitter.com https://platform.twitter.com https://publish.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com https://connect.facebook.net https://platform.linkedin.com https://px.ads.linkedin.com https://dc.ads.linkedin.com https://snap.licdn.com https://bat.bing.com https://js.hs-analytics.net ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://d.adroll.com https://s.adroll.com;style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com/css https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com;img-src 'self' https://napeo.blob.core.windows.net https://www.googletagmanager.com https://www.google.com https://tagmanager.google.com https://*.g.doubleclick.net https://images.membersuite.com https://*.cloudfront.net https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com https://t.co *.gstatic.com *.googleapis.com *.google-analytics.com platform.twitter.com/css/ *.twimg.com data:;font-src 'self' https://*.typekit.net https://fonts.gooleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:;connect-src 'self' https://napeo.blob.core.windows.net https://www.googleadservices.com https://www.google-analytics.com; media-src 'self' https://napeo.blob.core.windows.net data:;frame-src 'self' https://open.spotify.com https://www.congressweb.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.youtube.com https://www.youtub.com https://player.vimeo.com https://www.google.com;child-src 'self' player.vimeo.com; 1
default-src 'self' https://*.securetrustbank.com https://*.googletagmanager.com;; connect-src 'self' https://*.securetrustbank.com https://stats.g.doubleclick.net https://*.google-analytics.com https://cdn.cookielaw.org https://*.feefo.com;; img-src 'self' https://*.securetrustbank.com data: https://*.google-analytics.com https://cdn.cookielaw.org https://*.google.com https://*.google.co.uk https://*.feefo.com htps://*.googletagmanager.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.securetrustbank.com https://*.googletagmanager.com https://static.srcspot.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.feefo.com;; style-src 'self' 'unsafe-inline' https://*.securetrustbank.com https://*.feefo.com;; font-src 'self' https://*.securetrustbank.com;; frame-src 'self' https://*.securetrustbank.com https://ir.tools.investis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.investis.com;; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://climatejustice.global; img-src 'self' https: data: blob: https://climatejustice.global; style-src 'self' https://climatejustice.global 'nonce-nSXUwbj/cjrg3LiRcaE/yg=='; media-src 'self' https: data: https://climatejustice.global; frame-src 'self' https:; manifest-src 'self' https://climatejustice.global; form-action 'self'; child-src 'self' blob: https://climatejustice.global; worker-src 'self' blob: https://climatejustice.global; connect-src 'self' data: blob: https://climatejustice.global https://climatejustice.global wss://climatejustice.global; script-src 'self' https://climatejustice.global 'wasm-unsafe-eval' 1
default-src * 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; frame-ancestors 'none' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://die-partei.social; img-src 'self' https: data: blob: https://die-partei.social; style-src 'self' https://die-partei.social 'nonce-JuhCjmnGw5/YExikE4vE8Q=='; media-src 'self' https: data: https://die-partei.social; frame-src 'self' https:; manifest-src 'self' https://die-partei.social; form-action 'self'; child-src 'self' blob: https://die-partei.social; worker-src 'self' blob: https://die-partei.social; connect-src 'self' data: blob: https://die-partei.social https://die-partei.social wss://die-partei.social; script-src 'self' https://die-partei.social 'wasm-unsafe-eval' 1
frame-ancestors https://*.protegez-vous.ca https://*.dev.lepv.toumoro.com 1
default-src 'self' 'unsafe-inline' *.newstartmobile.com *.googleapis.com *.gstatic.com 1
default-src 'self' wogadobeanalytics.sc.omtrdc.net dpm.demdex.net *.cwp-stg.sg *.cwp.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org api-public.addthis.com assets.adobedtm.com ajax.googleapis.com www.google-analytics.com *.cwp-stg.sg *.cwp.sg https://www.googletagmanager.com https://va.ecitizen.gov.sg https://assets.wogaa.sg https://www.onemap.gov.sg; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com fonts.googleapis.com *.cwp-stg.sg *.cwp.sg https://assets.wogaa.sg https://assets.wogaa.sg/fonts https://assets.wogaa.sg/fonts/opensans; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://assets.wogaa.sg data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://www.mnd.gov.sg data: blob: *.eloqua.com https://cm.everesttech.net https://dpm.demdex.net https://wogadobeanalytics.sc.omtrdc.net; media-src 'self' data: blob:; frame-src 'self' www.youtube.com www.onemap.sg fast.wogaa.demdex.net wogaa.demdex.net www.google.com tools.onemap.sg forms.cwp.gov.sg *.cwp-stg.sg *.cwp.sg https://youtu.be https://tools.onemap.gov.sg https://www.onemap.gov.sg https://form.gov.sg https://www.form.gov.sg https://www.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://dpm.demdex.net https://wogadobeanalytics.sc.omtrdc.net https://snowplow-web.wogaa.sg https://snowplow-sentiments.wogaa.sg https://www.google-analytics.com https://snowplow-sentiments.wogaa.sg/com.snowplowanalytics.snowplow; object-src 'self' *.cwp-stg.sg *.cwp.sg; 1
base-uri 'none';child-src 'none';connect-src 'self' region1.google-analytics.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' www.google.com;img-src 'self' storage.googleapis.com;manifest-src 'self';media-src 'self' storage.googleapis.com;object-src 'none';script-src 'self' www.googletagmanager.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1
frame-ancestors self https://*.tldev2.com https://*.winmo.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com https://kochdev.service-now.com/* pip.molex.com pip-qa.molex.com pip-dev.molex.com https://tableaudev.kochind.com https://molex*.mevisio.com http://myhranalyticsdev.kochind.com https://myhranalyticsdev.kochind.com https://tableaudev.molex.com https://tableauprod.molex.com https://mingle-extensions.inforcloudsuite.com https://mingle-portal.inforcloudsuite.com https://qlikanalyticsprod.gapac.com https://auth.kochid.com https://twinmaker.dtinet.net https://*.guardian.com https://*.gapac.com https://*.mypurecloud.com https://*.usw2.pure.cloud https://*.mypurecloud.de https://gpbp.lightning.force.com https://mingle-stage01-portal.inforcloudsuite.com https://mingle-stage01-extensions.stage.inforcloudsuite.com https://gppro--gpproqa2.sandbox.lightning.force.com https://gppro--gpproqa2--c.sandbox.vf.force.com https://gppro.lightning.force.com https://gppro--c.vf.force.com  https://kochind.sharepoint.com https://tableauprod.molex.com/* https://molex.ease.io/* https://molex.i-nexus.com/* https://*.gpfiori.com ; 1
default-src 'self' 'unsafe-inline' ; img-src 'self' data: https://seal.websecurity.norton.com/getseal; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.websecurity.norton.com/getseal; frame-ancestors 'self';  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dotnet.social; img-src 'self' https: data: blob: https://dotnet.social; style-src 'self' https://dotnet.social 'nonce-z9KSKHxbXLTWbmwiVaV5qA=='; media-src 'self' https: data: https://dotnet.social; frame-src 'self' https:; manifest-src 'self' https://dotnet.social; form-action 'self'; child-src 'self' blob: https://dotnet.social; worker-src 'self' blob: https://dotnet.social; connect-src 'self' data: blob: https://dotnet.social https://dotnet.social wss://dotnet.social; script-src 'self' https://dotnet.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zhub.link; img-src 'self' https: data: blob: https://zhub.link; style-src 'self' https://zhub.link 'nonce-KuqiOjzr+XTfCmTMoj4fkg=='; media-src 'self' https: data: https://zhub.link; frame-src 'self' https:; manifest-src 'self' https://zhub.link; form-action 'self'; child-src 'self' blob: https://zhub.link; worker-src 'self' blob: https://zhub.link; connect-src 'self' data: blob: https://zhub.link https://zhub.link wss://zhub.link; script-src 'self' https://zhub.link 'wasm-unsafe-eval' 1
frame-ancestors 'self' api.s1esp.com 1
script-src 'self' https://www.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://secure.gravatar.com https://www.google.com/ https://hcaptcha.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://secure.gravatar.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://ssl.google-analytics.com https://hello.myfonts.net; img-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://secure.gravatar.com https://ssl.gstatic.com/ data: ; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; frame-src https://www.google.com/; object-src 'none'; frame-ancestors 'self'; default-src 'none';base-uri 'self'; 1
default-src 'self' 'unsafe-inline' myricoh.com my.ricoh-usa.com www.googletagmanager.com *.googleapis.com *.liveperson.net *.hotjar.com img.en25.com fonts.gstatic.com *.lpsnmedia.net *.qualtrics.com *.eloqua.com www.google.com www.gstatic.com www.google-analytics.com reveal.clearbit.com munchkin.marketo.net app.five9.com helpcenter.myricoh.com *.paymetric.com *.clarity.ms 'unsafe-eval' quickresp.widget.custhelp.com stats.g.doubleclick.net quickresp.custhelp.com gtm.js; 1
default-src*; 1
style-src 'unsafe-inline' https://www.groupeclarins.com; script-src 'unsafe-inline' 'unsafe-eval' https://www.groupeclarins.com https://cdn.matomo.cloud https://cdn.facil-iti.app/; object-src 'none'; base-uri 'self'; 1
default-src 'self' *.mdm.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org *.medallia.ca https://ws1.postescanada-canadapost.ca https://gateway.answerscloud.com vimeocdn.com https://extend.vimeocdn.com *.foresee.com *.kampyle.com www.brainshark.com https://www.youtube.com https://www.googleadservices.com https://analytics.twitter.com https://rules.quantcount.com https://optimize.google.com https://*.googletagmanager.com https://www.google-analytics.com *.nr-data.net *.mdm.ca *.googleapis.com *.gstatic.com  www.google.com https://*.google-analytics.com apis.google.com https://tagmanager.google.com static.ads-twitter.com sjs.bizographics.com secure.quantserve.com bat.bing.com connect.facebook.net ajax.aspnetcdn.com vimeocdn.com www.brainshark.com https://www.youtube.com/iframe_api https://widget.intercom.io https://js.intercomcdn.com https://js-agent.newrelic.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://polyfill.io https://snap.licdn.com https://scdn.snapapp.com *.mktoweb.com; style-src 'self' 'unsafe-inline' *.medallia.ca *.kampyle.com https://ws1.postescanada-canadapost.ca https://gateway.answerscloud.com *.foresee.com https://optimize.google.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net *.mdm.ca *.mktoweb.com; img-src 'self' https://cdn.cookielaw.org *.medallia.ca *.kampyle.com *.mdm.ca https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ws1.postescanada-canadapost.ca https://marketing.md.ca https://i.vimeocdn.com https://www.google.com https://www.google.ca *.foresee.com https://gateway.answerscloud.com https://optimize.google.com https://i.ytimg.com https://content.cdntwrk.com/files/ https://mdbroadsword.staging.iconicgroup.net/ ssl.gstatic.com *.gstatic.com *.googleapis.com *.google-analytics.com https://bat.bing.com https://*.g.doubleclick.net https://pixel.quantserve.com https://px.ads.linkedin.com https://p.adsymptotic.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://t.co/i/adsct *.mktoweb.com; font-src 'self' https://gateway.answerscloud.com *.foresee.com https://optimize.google.com tagmanager.google.com fonts.googleapis.com *.mdm.ca js.intercomcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.typekit.net data:; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.foresee.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://app.launchdarkly.com https://events.launchdarkly.com https://itinternal2.cmamdm.enterprise.corp *.mdm.ca *.medallia.ca *.kampyle.com *.doubleclick.net  blob: *.foresee.com https://ws1.postescanada-canadapost.ca https://survey.foreseeresults.com *.nr-data.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com https://scdn.snapapp.com; media-src 'self' data: blob:; child-src 'self' blob: *.mdm.ca https://platform.twitter.com/ https://syndication.twitter.com/ www.brainshark.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com; frame-src 'self' 'unsafe-inline' *.medallia.ca https://xapi.snapapp.com *.mdm.ca *.doubleclick.net https://accounts.google.com https://content.googleapis.com https://optimize.google.com www.brainshark.com https://player.vimeo.com/ www.youtube.com www.google.com https://www.buzzsprout.com https://www.facebook.com blob: *.mdm.ca/ https://mdm.ca *.mktoweb.com; frame-ancestors 'self'; 1
default-src 'unsafe-inline' https: wss: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; font-src data: https:; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; img-src 'self' data: http: https: 'unsafe-inline'; style-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: http: https: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.airportvanrental.com 1
default-src 'self' img.desktopwallpapers.ru yastatic.net yandex.ru *.kavanga.ru *.yandex.ru *.yandex.net *.adriver.ru counter.rambler.ru data: counter.yadro.ru connect.odnoklassniki.ru vk.com platform.twitter.com *.google.com *.gstatic.com https://login.vk.com yandexadexchange.net st.yandexadexchange.net *.tns-counter.ru; style-src 'unsafe-inline' img.desktopwallpapers.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.desktopwallpapers.ru yastatic.net *.kavanga.ru *.yandex.net *.yandex.ru *.adriver.ru *.google.com vk.com platform.twitter.com https://login.vk.com; report-uri /dk/rec.php; 1
default-src 'self'; img-src 'self' data: imgs.xkcd.com; style-src 'self' 'unsafe-inline'; report-uri https://brazzy.de/csp.php; report-to csp-endpoint 1
default-src 'self'; connect-src *; img-src 'self' data: stract.com 0.0.0.0:3000 localhost:3000; script-src 'self' 'nonce-H4P46TtEF7G7Mp4vMJYHyQ=='; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://*.globalchristianrelief.org https://globalchristianrelief.org; 1
default-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://wwww.google.com https://fonts.googleapis.com script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' ; img-src 'self' https:; font-src 'self' https: 1
default-src 'self' *.powerbi.com;script-src-elem 'self' 'unsafe-inline' https://cdn-cookieyes.com https://www.youtube.com https://cdnjs.cloudflare.com https://connect.facebook.net/ https://d335luupugsy2.cloudfront.net/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://editoradialetica.com https://dev.editoradialetica.com http://dev.editoradialetica.com https://www.editoradialetica.com https://snap.licdn.com https://cdn.jsdelivr.net https://ajax.cloudflare.com *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://connect.facebook.net/en_US/fbevents.js https://d335luupugsy2.cloudfront.net/js/loader-scripts/0c737860-7794-4598-b63d-f2f59a87f7f2-loader.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/IqA9DpBOUJevxkykws9RiIBs/recaptcha__pt_br.js;style-src 'self' 'unsafe-inline' https://editoradialetica-wp-uploads.s3.amazonaws.com https://fonts.googleapis.com https://www.editoradialetica.com https://editoradialetica.com http://editoradialetica.com http://dev.editoradialetica.com https://dev.editoradialetica.com;object-src 'none';base-uri 'self';connect-src 'self' *.rdstation.com.br *.rdops.systems cdn-cookieyes.com *.cookieyes.com rdstation.com.br analytics.google.com stats.g.doubleclick.net https://analytics.google.com *.google-analytics.com google-analytics.com www.google.com.br/ads/ga-audiences cdn.linkedin.oribi.io *.linkedin.com *.clarity.ms;font-src 'self' data: https://fonts.gstatic.com;frame-src 'self' clarity.microsoft.com https://www.facebook.com https://www.youtube-nocookie.com https://www.google.com/ https://app.powerbi.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/;img-src 'self' data: claritystatic.blob.core.windows.net *.google-analytics.com cdn-cookieyes.com https://i.ytimg.com https://px.ads.linkedin.com http://18.230.62.252 http://www.editoradialetica.com https://www.editoradialetica.com https://editoradialetica.com https://dev.editoradialetica.com http://dev.editoradialetica.com http://editoradialetica.com https://editoradialetica-wp-uploads.s3.amazonaws.com https://secure.gravatar.com https://www.facebook.com https://www.googletagmanager.com https://d335luupugsy2.cloudfront.net https://dk9suync0k2va.cloudfront.net https://px.ads.linkedin.com *.linkedin.com *.google.com.br;manifest-src 'self';media-src 'self';worker-src 'none'; 1
default-src 'self'  'unsafe-inline' 'unsafe-eval' ;script-src 'self' https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net  'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://www.facebook.com *.fbcdn.net  data:;connect-src 'self' https://www.facebook.com https://graph.facebook.com *.googleapis.com  data:;worker-src *;frame-src *; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://acsbapp.com https://netlify-cdp-loader.netlify.app; object-src 'none'; block-all-mixed-content 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://tr.snapchat.com https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.popinabox.us https://m.popinabox.us https://checkout.popinabox.us https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self';   default-src 'self'    'unsafe-inline'    'unsafe-eval'    data:    blob:      *.addthis.com      *.acquire.io      *.akamaihd.net      *.channeladvisor.com               *.cnnx.io      *.datasteam.io                                         *.convertexperiments.com      *.hrdirect.com      *.hrdirectapps.com      *.linksynergy.com      *.litix.io      *.google-analytics.com      *.posterguard.com      *.wistia.com      aa.agkn.com      ajax.googleapis.com      alert.scansafe.net      analytics.google.com      analytics.twitter.com      api.cartstack.com      api.dtstr.com      api.statistinamics.com      api.traversedlp.com      bat.bing.com      *.cartstack.com      cl.exct.net      connect.facebook.net      fonts.googleapis.com      fonts.gstatic.com      gateway.zscloud.net      googleads.g.doubleclick.net      graph.facebook.com      idsync.rlcdn.com      linkedin.com      mocadi.wisoyekivo.com      navink.navitor.com                                         ufpfilemanagersvc.navitor.com      ndn.statistinamics.com      nypi.dc-storm.com      optimize.google.com      p.adsymptotic.com      pi.pardot.com               platform.twitter.com      px.ads.linkedin.com      s3.amazonaws.com      *.crazyegg.com      seal.digicert.com      secure.orders.com      snap.licdn.com       static.ads-twitter.com      static.statistinamics.com      static.traversedlp.com      stats.g.doubleclick.net      stage.secure.orders.com      t.co      tag.rmp.rakuten.com           tpc.googlesyndication.com       ut.ra.linksynergy.com      v1.addthisedge.com      wss://*.acquire.io      www.bizrate.com      www.facebook.com      www.google.com       www.google-analytics.com      www.googletagmanager.com      www.googleadservices.com      www.gstatic.com      www.priceblink.com      www.youtube.com      www2.hrdirectapps.com      www.googleoptimize.com                                         tag.simpli.fi                                         nexus.ensighten.com      z.moatads.com ; 1
script-src 'nonce-nI0jeu45OaHpM3tbRxhNqQ==' 'self' cdn.cookielaw.org ajax.googleapis.com www.google-analytics.com cmp.springernature.com www.googletagmanager.com; object-src 'none'; base-uri 'none' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.adyen.com https://*.typeform.com blob:; script-src 'self' * https://chat-assets.frontapp.com https://*.adyen.com https://*.typeform.com https://js.stripe.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * https://*.craftcms.com https://sessions.bugsnag.com https://chat.frontapp.com; object-src 'self'; font-src 'self' https://s3.eu-west-1.amazonaws.com data:; img-src 'self' * https://s3.eu-west-1.amazonaws.com https://dandoy.s3.amazonaws.com https://*.craft-cdn.com https://g.stripe.com data:; media-src 'self' https://dandoy.s3.amazonaws.com; frame-src 'self' * https://js.stripe.com; frame-ancestors 'self'; form-action 'self' *; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
referrer no-referrer; frame-ancestors 'none'; default-src 'none' https://t-b.nl/images/; object-src 'none'; base-uri 'self'; frame-src 'self'; form-action 'self'; 1
default-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-attr * 'self' 'unsafe-inline' 'unsafe-hashes'; style-src * 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; worker-src 'self'; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/recaptcha/releases/ https://appscdn.joomla.org/webapps/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://cdn.onesignal.com/ https://onesignal.com/ https://maps.googleapis.com/ https://s3.amazonaws.com/downloads.mailchimp.com https://connect.facebook.net https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pi.pardot.com/ https://go.machadomeyer.com.br/ https://www.google.com/ https://www.gstatic.com/ https://netdna.bootstrapcdn.com/ https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://www.google.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://www.googleoptimize.com/ https://ipinfo.io/ https://appscdn.joomla.org/webapps/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://cdn.datatables.net/ https://onesignal.com/ https://cdn.onesignal.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://code.jquery.com/ https://connect.facebook.net https://www.googletagmanager.com/ https://pi.pardot.com/ https://go.machadomeyer.com.br/ https://www.google.com/ https://www.gstatic.com/ https://netdna.bootstrapcdn.com/ https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://www.google.com/recaptcha/; script-src-attr 'self' 'unsafe-inline' https://geolocation.onetrust.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net https://www.googletagmanager.com/ https://pi.pardot.com/ https://go.machadomeyer.com.br/ https://www.google.com/ https://www.gstatic.com/ https://netdna.bootstrapcdn.com/ https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://onesignal.com/ https://fonts.googleapis.com/ https://netdna.bootstrapcdn.com/font-awesome/4.2.0/css/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://hello.myfonts.net/count/; style-src-elem 'self' 'unsafe-inline' https://cdn.datatables.net/ https://onesignal.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://hello.myfonts.net/ https://netdna.bootstrapcdn.com/font-awesome/4.2.0/css/; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://netdna.bootstrapcdn.com/ https://open.scdn.co/cdn/fonts/ https://use.typekit.net/; connect-src 'self' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://pi.pardot.com/ https://machadomeyer.my.salesforce.com/ https://go.machadomeyer.com.br/ https://login.salesforce.com/ https://onesignal.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://www.google.com/recaptcha/; media-src 'self'; frame-src 'self' https://www.google.com/ https://embed-standalone.spotify.com/ https://go.machadomeyer.com.br/ https://www.youtube.com/ https://anchor.fm/ https://open.spotify.com https://s3-sa-east-1.amazonaws.com/frame-image-br/ https://www.google.com/recaptcha/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://login.microsoftonline.com/ https://go.machadomeyer.com.br/; base-uri 'self' 1
default-src *.google-analytics.com *.mikle.com *.twimg.com https://boothco.vbth.app https://vimeo.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com *.trac.jobs *.doubleclick.net nhft.vocoll.com nhft0-19.vocoll.com *.googleapis.com speechstreamv3-webservices-8.texthelp.com babm.texthelp.com *.browsealoud.com  www.google-analytics.com *.speechstream.net stats.g.doublick.net 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mikle.com *.twimg.com maps.googleapis.com translate-pa.googleapis.com *.trac.jobs connect.facebook.net nhft.vocoll.com nhft0-19.vocoll.com *.speechstream.net wikisum.texthelp.com www.google.com www.gstatic.com *.ytimg.com translate.google.com *.google.com *.googletagmanager.com translate.googleapis.com platform.twitter.com use.typekit.net www.google-analytics.com connect.facebook.net *.browsealoud.com www.cqc.org.uk services.postcodeanywhere.co.uk 'unsafe-inline';   style-src 'self' *.gstatic.com *.twimg.com *.cqc.org.uk *.trac.jobs cqc.org.uk services.postcodeanywhere.co.uk nhft.vocoll.com nhft0-19.vocoll.com fonts.googleapis.com platform.twitter.com translate.googleapis.com cgc.org.uk 'unsafe-inline';   img-src 'self' * data:;    media-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com;   object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com;   frame-src 'self' blob: *.mikle.com *.adobe.io https://express.adobe.com https://boothco.vbth.app *.timeanddate.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.twitter.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com 'unsafe-inline';   form-action 'self' *.ebscohost.com;   frame-ancestors 'none';   base-uri 'self';   font-src 'self' *.nhs.uk use.typekit.net fonts.gstatic.com;   worker-src 'none'; 1
worker-src 'self'; script-src 'nonce-XZPH656WWLyj6MBcqAfchw==' 'unsafe-hashes' https://static.hotjar.com https://script.hotjar.com https://www.gstatic.com/ https://www.googletagmanager.com/; object-src 'none'; base-uri 'none' 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaart.pdok.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-ZmM0ODdlMDctNzc2Zi00OGEzLWIyNTQtNDhiMDJjYjFkYTM3' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://nl.postex.com https://meldingen.zeelandveilig.nl; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaart.pdok.nl; style-src 'self' data: 'nonce-ZmM0ODdlMDctNzc2Zi00OGEzLWIyNTQtNDhiMDJjYjFkYTM3' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://berichten.postex.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
frame-ancestors 'self' https://www.ab-in-den-urlaub.de; 1
default-src 'none'; style-src 'unsafe-hashes' 'self' 'nonce-oPheiphiewa9' 'nonce-yu3phig4Thah' 'nonce-AiQuareng4Ua' 'nonce-Quohque4iofo' 'nonce-hipoojoh3Cae' 'sha256-fVPuFfwNG53Zgt4FScG5/DIP9HbYX1MufMHvKanMktA=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-7gMlY+szP7xGywYBqbdaTg1DGtynSMqXo2c5oLq+GJ0=' 'sha256-8qor27/40uWQGPvNSzPlsJN+Xw/55+yVpf6A8Zjx/hk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-tr7JoRdPSYR6Y6Au2mFaQ+BrtMJoOQ60JfSVgUH5cqw=' 'sha256-NnMP34zNrtajs6icIVvmvm3aVvOlQPw3Ryulnj2YJ8U=' 'sha256-ICa0DhwZQJsOd/Rn0N8H6FdQ71GfNL+op2zhAQ+Y4mM=' 'sha256-ZD0chCyBaNHl+4UwQHJIHGoYhKwMeyCXGgJTKW5/67E=' https://*.cookiefirst.com https://static.dvinci-easy.com https://assets.calendly.com; img-src 'self' data: https://img.youtube.com https://i.ytimg.com https://www.google-analytics.com https://*.facebook.com https://*.bing.com https://*.linkedin.com https://*.google.com https://*.google.de https://www.googletagmanager.com; font-src 'self'; manifest-src 'self'; script-src 'self' 'nonce-uchaiph0Baed' 'nonce-Keke2ohd8ahv' 'sha256-H8TZtED49SrEhc+WRC6ExdYis/pf4H2EjlKPm9R3OEA=' 'sha256-YKTW+WGf2rsBTE1hxB/6atUmlggWg3YnfQ2zBYvKtKk=' 'sha256-am7bplaL8qS2nUERJ/fNSaDftZIolpHBqsSKzDad4Po=' 'sha256-1TSafFSBEEWxoR/IPV8pnwTlfYiLVVUBzbVPXIPyOjY=' 'sha256-j6tnV0AzYO2Qo5bp7qxX9vIGaRUaCuysDXE6lC4b9iI=' https://www.youtube.com https://*.cookiefirst.com https://www.googletagmanager.com https://*.facebook.net https://*.bing.com https://*.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.dvinci-easy.com https://assets.calendly.com; media-src 'self' blob:; frame-src 'self' https://jobs.guidecom.de https://*.force.com https://hauckaufhaeuser.my.salesforce-sites.com https://www.youtube-nocookie.com https://*.tourdash.com https://*.perbit-job.de https://calendly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://portal.uilabs.de/ https://playout.3qsdn.com; connect-src 'self' https://*.cookiefirst.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://recruitment.hal-privatbank.com https://cdn.linkedin.oribi.io; frame-ancestors 'none'; base-uri 'none'; 1
default-src 'none'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' 1
frame-ancestors https://*.99fund.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.elfsightcdn.com *.elfsight.com *.onetrust.com *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com *.clarity.ms *.sites-appleby.vuturevx.com *.doubleclick.net *.googleadservices.com *.licdn.com *.userway.org *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com *.tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com *.cookiepro.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com *.tagmanager.google.com *.fonts.net *.userway.org ; font-src 'self' *.fonts.net *.gstatic.com *.userway.org data: ; img-src 'self' clarity.ms *.clarity.ms *.cdninstagram.com *.elfsightcdn.com *.onetrust.com *.adsymptotic.com *.linkedin.com *.google.je *.google.com *.googletagmanager *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net *.userway.org data: ; connect-src 'self' *.elfsight.com *.clarity.ms *.onetrust.com *.cookiepro.com *.sejda.com *.oribi.io *.doubleclick.net *.google-analytics.com *.algolia.net *.algolianet.com *.userway.org data: ; frame-src 'self' *.google.com *.vimeo.com *.youtube.com *.buzzsprout.com *.vuturevx.com *.brightcove.net *.userway.org data: ; media-src  *.cdninstagram.com *.userway.org; 1
frame-src self * 1
default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:; 1
frame-ancestors https://www.int.com https://*.int.com; 1
frame-ancestors 'self' *.mhplus-app.de analytics.mhplus.de; 1
frame-src 'self' google.com *.google.com klarna.com *.klarna.com klarnaservices.com *.klarnaservices.com youtube.com *.youtube.com vimeo.com *.vimeo.com paypal.com *.paypal.com studentbeans.com *.studentbeans.com facebook.com *.facebook.com stripe.com *.stripe.com stripe.network *.stripe.network googletagmanager.com *.googletagmanger.com klaviyo.com *.klaviyo.com webgains.io *.webgains.io evri.com *.evri.com facetwp.com *.facetwp.com e-bedding.co.uk *.e-bedding.co.uk ebedding-cdn.co.uk *.ebedding-cdn.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; 1
default-src https: 'self' data: blob: *.schulungstool.de *.schulungscdn.de *.youtube-nocookie.com img.youtube.com *.vimeo.com; frame-ancestors 'self' *.schulungstool.de; form-action 'self'; script-src 'unsafe-inline' 'self' *.schulungstool.de schulungscdn.de www.schulungstool.de *.stripe.com cdn.cookielaw.org; style-src 'unsafe-inline' 'self' *.schulungstool.de www.schulungstool.de schulungscdn.de; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.embedsocial.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https:; img-src data: https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https:; form-action 'self'; frame-ancestors 'self' www.youtube.com; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.blackoncam.com:9080 www.blackoncam.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.blackoncam.com wss://www.blackoncam.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1705976123 1
font-src 'self' data: default-src 'self' 'script-src' 'unsafe-inline' *.hsleadflows.net maxcdn.bootstrapcdn.com *.hs-scripts.com *.typekit.net code.jquery.com cdnjs.cloudflare.com cookie-cdn.cookiepro.com www.googleoptimize.com salesiq.zoho.eu cdn.linkedin.oribi.io forms.hubspot.com www.googletagmanager.com cdn.jsdelivr.net unpkg.com unpkg.com *.google-analytics.com pro.ip-api.com *.birdseed.io *.gstatic.com bat.bing.com snap.licdn.com *.zohocdn.com *.zohostatic.eu js.hs-analytics.net js.hs-banner.com *.zohopublic.eu stats.g.doubleclick.net *.googleadservices.com *.google.co.uk thrive-website.azurewebsites.net thrive-website-staging.azurewebsites.net *.google.com api.craftcms.com *.stripe.com  *.vimeo.com ws:; img-src * 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * blob: data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://www.slipcase.com/ https://marketplace.marsh.com/ https://www.qbe-fastflow.acturis.com/ 1
frame-ancestors 'self' https://*.tick-ts.de https://*.tick-ts.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://uwu.social; img-src 'self' https: data: blob: https://uwu.social; style-src 'self' 'unsafe-inline' https://uwu.social; media-src 'self' https: data: https://uwu.social; frame-src 'self' https:; manifest-src 'self' https://uwu.social; connect-src 'self' data: blob: https://uwu.social https://files.uwu.social wss://uwu.social; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://uwu.social; worker-src 'self' blob: https://uwu.social 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.lightsonline.com; style-src 'self' blob: https: 'unsafe-inline' https://www.lightsonline.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self' blob: https:; worker-src 'self' blob: https:; font-src 'self' data: fonts.gstatic.com *.livechatinc.com members.cj.com use.typekit.net cdnjs.cloudflare.com *.affirm.com; frame-src *.instagram.com *.paypal.com *.paypalobjects.com td.doubleclick.net assets.braintreegateway.com *.google.com *.livechatinc.com members.cj.com *.youtube.com *.youtu.be *.vimeo.com lightsonline.ladesk.com *.affirm.com 1-vbus-us-tx.ladesk.com secure.safewebservices.com *.facebook.com *.facebook.net www.emjcd.com cj.dotomi.com *.pinterest.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' global.oktacdn.com secure.loginpreview.spglobal.com secure.login.spglobal.com ajax.googleapis.com www.google-analytics.com *.vidyard.com optanon.blob.core.windows.net code.jquery.com geolocation.onetrust.com www.googletagmanager.com cdn.cookielaw.org 1
default-src 'self' https: data:; style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; 1
report-uri /csp 1
default-src 'self'; object-src 'none'; manifest-src 'self'; form-action 'self' forms.hsforms.com; frame-ancestors 'none'; frame-src 'self' forms.hsforms.com www.google.com www.gstatic.com www.youtube-nocookie.com meetings.hubspot.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' vercel.live js.hsforms.net forms.hsforms.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.hs-scripts.com js.hscta.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net forms.hscollectedforms.net js.hubspot.com js.hsadspixel.net googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' googletagmanager.com data:; font-src 'self' use.typekit.net data:; img-src 'self' https://blog.casperlabs.io forms.hsforms.com forms-na1.hsforms.com i.ytimg.com www.google-analytics.com www.google.com www.googletagmanager.com cdn-scaliomcms-test.s3.amazonaws.com cdn-scaliomcms-prod.s3.amazonaws.com cdn-scaliomcms.s3.amazonaws.com cdn-scaliomcms-stage.s3.amazonaws.com https://*.ads.linkedin.com data: www.google.com www.linkedin.com www.google.com track.hubspot.com perf.hsforms.com perf-na1.hsforms.com; connect-src 'self' analytics.google.com mcms-api.test.scaliolabs.com mcms-api.stage.scaliolabs.com api.cms.casperlabs.io forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com www.google-analytics.com https://cdn.linkedin.oribi.io stats.g.doubleclick.net forms.hscollectedforms.net cta-service-cms2.hubspot.com api.hubapi.com; 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com https://cdn.linkedin.oribi.io https://id.dokobit.com;default-src 'self';form-action 'self' https://www.facebook.com;img-src 'self' data: https://img.birojs.lv https://s.hestio.lv https://dy20oi6kmprnu.cloudfront.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.lv https://www.facebook.com https://img.youtube.com https://imgsct.cookiebot.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://id.dokobit.com https://assets.hestio.lv;media-src 'self' data: https://s.hestio.lv;object-src 'none';style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline' https://id.dokobit.com https://assets.hestio.lv;font-src 'self' https://cdnjs.cloudflare.com https://id.dokobit.com https://assets.hestio.lv;upgrade-insecure-requests;block-all-mixed-content;frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://conversations-widget.brevo.com/ https://www.youtube.com https://consentcdn.cookiebot.com/;script-src https://www.youtube.com 'strict-dynamic' 'nonce-4wkHH4qKrDB9GlVCMsksRzQT7ZDZXKLg' 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob:; upgrade-insecure-requests 1
frame-ancestors 'self' http://www.linic.pt  unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'unsafe-inline' 'self' *.cookieinformation.com *.sleeknote.com *.facebook.com *.google.dk *.google.com *.cdninstagram.com *.sleeknote.com; frame-src 360vr.dk *.issuu.com *.youtube.com *.cookieinformation.com *.cdninstagram.com *.fbcdn.net; frame-ancestors 'self'; connect-src *.google-analytics.com *.g.doubleclick.net *.cookieinformation.com *.sleeknote.com *.googleapis.com plausible.io *.plausible.io; font-src *.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net; script-src 'unsafe-inline' 'self' *.cloudflare.com *.cookieinformation.com *.googletagmanager.com *.youtube.com *.sleeknote.com *.google-analytics.com *.facebook.net plausible.io *.plausible.io *.cdninstagram.com  *.fbcdn.net; style-src 'unsafe-inline' 'self' *.googleapis.com *.cookieinformation.com *.cdninstagram.com *.fbcdn.net data:; img-src 'unsafe-inline' 'self' *.facebook.com *.google.com *.google.dk *.sleeknote.com *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.fbcdn.net data: blob:; 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-d1TPC92wqXx083ADtKCfxQ2l8tzhG+bAWq5KVhaO2d/HH3QN' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com; frame-src 'self' *.youtube-nocookie.com 1
script-src 'nonce-ruyL8L0M8NJyt2xKZZFTSQ==' 'self' https://*.awswaf.com; style-src 'nonce-ruyL8L0M8NJyt2xKZZFTSQ==' 'self' https://*.awswaf.com; font-src 'self'; img-src 'self' data:; connect-src https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com 'self' https://dataplane.rum.us-east-1.amazonaws.com https://*.awswaf.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev; upgrade-insecure-requests; default-src 'self' 1
default-src 'none'; script-src 'self' https://matomo.museum-digital.org; img-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'; base-uri 'none'; form-action 'self' https://global.museum-digital.org; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' https://global.museum-digital.org https://matomo.museum-digital.org; 1
font-src data: *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.facebook.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.unisender.com *.amazonaws.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.unisender.com *.amazonaws.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com mc.yandex.ru www.facebook.com/ www.google.com.ua quickchart.io data: img.youtube.com 'self' data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com *.unisender.com *.amazonaws.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://madmimi.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ mc.yandex.ru www.googletagmanager.com *.doubleclick.net connect.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.unisender.com *.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com mc.yandex.ru www.googletagmanager.com www.google-analytics.com *.doubleclick.net *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com *.unisender.com *.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' viewing.nyc *.viewing.nyc cdn.jsdelivr.net csi.gstatic.com pagead2.googlesyndication.com; font-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev fonts.gstatic.com data:; form-action 'self'; frame-ancestors *; frame-src 'self' https:; img-src 'self' viewing.nyc *.viewing.nyc *.viewingnyc.dev s3.amazonaws.com pagead2.googlesyndication.com *.amazon-adsystem.com *.google-analytics.com *.ssl-images-amazon.com *.media-amazon.com *.assoc-amazon.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com data:; manifest-src 'self'; media-src utoob.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.googletagservices.com *.googleadservices.com *.googlesyndication.com adservice.google.com googleads.g.doubleclick.net *.amazon-adsystem.com *.twimg.com *.twitter.com *.instagram.com *.facebook.com *.facebook.net gleam.io js.gleam.io lightwidget.com *.lightwidget.com; style-src 'self' 'unsafe-inline' viewing.nyc *.viewing.nyc *.viewingnyc.dev *.twitter.com *.instagram.com *.facebook.com fonts.googleapis.com gleam.io *.gleam.io; upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://boiaxamf.blob.core.windows.net/boiblob/assets/js/vendor.js https://maps.googleapis.com/maps/api/js https://www.norton.com/ https://in.norton.com/ https://seal.websecurity.norton.com/getseal https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/charts/45.2/loader.js http://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js; script-src-elem 'report-sample' 'unsafe-inline' 'self' https://boiaxamf.blob.core.windows.net/ https://www.norton.com/ https://www.gstatic.com/charts/45.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/45.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/ https://in.norton.com/ https://seal.websecurity.norton.com/getseal https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/charts/45.2/loader.js http://ajax.googleapis.com/ajax/libs/webfont/1.6.16/webfont.js https://maps.googleapis.com; style-src 'report-sample' 'unsafe-inline' 'self' https://www.gstatic.com http://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' http://boiaxauat.blob.core.windows.net https://boiaxamf.blob.core.windows.net/boiblob/assets/ProductNavDetail/ProductFundNav.json https://maps.googleapis.com https://fonts.gstatic.com/ https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.co.in https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 https://fonts.gstatic.com/;frame-src 'self' https://www.youtube.com; img-src 'self' https://www.google-analytics.com https://maps.googleapis.com/maps/api/js https://www.google.co.in https://www.googletagmanager.com/ https://maps.gstatic.com https://www.google.com data: https://maps.googleapis.com/maps/vt; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self';object-src 'none';script-src 'self' *.googleapis.com *.ip-api.com *.fullsteampay.net *.google.com *.gstatic.com *.gstatic.cn *.recaptcha.net 'nonce-sso' 'nonce-delayed';style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.fullsteampay.net *.google.com *.gstatic.com;img-src 'self' data: *.gstatic.com *.googleapis.com;font-src 'self' data: *.fontawesome.com *.gstatic.com;connect-src 'self' maps.googleapis.com;frame-src 'self' *.fullsteampay.net *.recaptcha.net *.google.com;frame-ancestors 'none';upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' unpkg.com content.hotjar.io *.accuweather.com *.hotjar.com wss://*.hotjar.com d.adroll.com *.clarity.ms api.ipify.org *.akamaized.net app.anyvision.com anyvision.vrglobal.com widgets.resy.com s.adroll.com zbf3t54l4l.execute-api.us-west-2.amazonaws.com reztrip.admind.io widgets.gtsgig.com api.instagram.com cdn.jsdelivr.net *.clickguardian.app *.gtsgig.com *.sojern.com *.voyat.com *.gtsgapps.com *.vimeo.com *.youtube.com *.cloudflare.com *.otstatic.com *.tacdn.com *.tripadvisor.com *.jscache.com *.opentable.com https://snap.licdn.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; font-src 'self' data: theknickerbocker.com *.theknickerbocker.com code.ionicframework.com maxcdn.bootstrapcdn.com *.gstatic.com *.typekit.net; img-src 'self' data: *.accuweather.com *.youtube.com *.w.org wpmudev.com match.adsrvr.org ib.adnxs.com pixel.sojern.com *.tacdn.com *.tripadvisor.com *.instagram.com *.linkedin.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' cdn.jsdelivr.net *.accuweather.com code.ionicframework.com maxcdn.bootstrapcdn.com *.otstatic.com https://static.tacdn.com *.typekit.net 'unsafe-inline' *.googleapis.com 1
default-src 'self' ws: wss: *.googletagmanager.com *.google-analytics.com *.cloud-iam.com *.brittanyferries.io *.hotjar.com *.hotjar.io *.reciteme.com *.onetrust.com *.doubleclick.net *.google.com *.google.fr *.google.co.uk *.google.es *.clarity.ms *.sentry.io *.contentful.com *.quantummetric.com *.googleadservices.com *.facebook.net *.facebook.com *.qualtrics.com *.bing.com *.infinity-tracking.net *.infinity-tracking.com *.googleapis.com *.onetrust.io *.googlesyndication.com *.matomo.cloud *.teads.tv *.sncf-connect.com *.piwik.pro *.mypurecloud.de;base-uri 'self' 'self' *.matomo.cloud;font-src 'self' https: data:;form-action 'self' *.sips-services.com *.facebook.net *.facebook.com *.qualtrics.com;frame-ancestors 'self' *.youtube.com *.sips-atos.com *.sips-services.com *.googletagmanager.com *.reciteme.com *.hotjar.com *.hotjar.io *.onetrust.com *.cloud-iam.com *.brittanyferries.io *.brittanyferries.com *.brittany-ferries.fr *.clarity.ms *.quantummetric.com *.googleadservices.com *.facebook.net *.facebook.com *.qualtrics.com *.matomo.cloud;img-src 'self' * data: 'self' *.matomo.cloud 'self' *.piwik.pro;object-src 'none';script-src 'unsafe-eval' 'strict-dynamic' 'nonce-b7e627e7bf6a4f0f494d6cda9e58ccd2' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=';script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' * blob:;script-src-elem 'strict-dynamic' 'nonce-b7e627e7bf6a4f0f494d6cda9e58ccd2' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.leadinfo.net *.google-analytics.com https://plausible.io https://snap.licdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net https://www.suss.com 1
frame-ancestors 'self' *.youtube.com *.youtube-no-cookie.com *.vimeo.com *.staticcdn.co.nz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.fontawesome.com *.monsterinsights.com *.staticcdn.co.nz *.addthis.com *.addthisedge.com *.moatads.com https://staticcdn.co.nz *.getclicky.com *.clicky.com *.jquery.com *.workplan.org.nz *.static.hotjar.com *.browser-update.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.google.com *.googleapis.com *.jquery.com *.workplan.org.nz *.static.hotjar.com *.browser-update.org; base-uri 'self'; object-src 'self'; form-action 'self'; 1
default-src 'self'; script-src https://www.youtube.com https://cdn.jsdelivr.net https://www.gstatic.com https://front.optimonk.com https://gs-cdn.optimonk.com https://onsite.optimonk.com/ https://cdn-account.optimonk.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://js.stripe.com https://api.ipify.org https://cdn.inspectlet.com 'unsafe-inline' 'self'; style-src https://cdn.jsdelivr.net https://cdn-asset.optimonk.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; img-src https: data: 'self'; font-src https://cdn.jsdelivr.net https://cdn-custom.optimonk.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self'; frame-src https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com https://support.stivasoft.com https://js.stripe.com 'self'; connect-src https://jfapiprod.optimonk.com https://cdn-content.optimonk.com https://cdn-renderer.optimonk.com https://cdn-account.optimonk.com https://front.optimonk.com https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://maps.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://hn.inspectlet.com wss://ws.inspectlet.com 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.probikekit.de https://m.probikekit.de https://checkout.probikekit.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.contentsquare.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.de https://m.thehut.de https://checkout.thehut.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://google.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://ka-f.fontawesome.com   https://sitesotreq.manacadigital.com.br https://sotreqseminovos.com.br  https://www.google-analytics.com https://frontend.workspace.dev.br https://portalelo.com.br/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.tiles.mapbox.com https://ajax.googleapis.com https://apis.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.navdmp.com https://cdn.rawgit.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://js.hubspot.com https://kit.fontawesome.com https://leads.acessomarketing.tech https://portalelo.com.br https://px.ads.linkedin.com https://script.hotjar.com https://snap.licdn.com https://sotreq-ims.jcr.net.br:3006 https://static.hotjar.com https://tag.navdmp.com https://unpkg.com https://usr.navdmp.com https://www.clarity.ms https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://js.hsforms.net; img-src 'self' https://sotreq.com.br https://c.clarity.ms https://px4.ads.linkedin.com https://perf-na1.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com https://sotreq-ims.jcr.net.br:3006 https://s7d2.scene7.com  https://sitesotreq.manacadigital.com.br https://sotreqseminovos.com.br https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.br https://imgseminovos.nyc3.cdn.digitaloceanspaces.com https://imgseminovos.nyc3.digitaloceanspaces.com https://www.facebook.com/ https://cdn.rawgit.com/ https://portalelo.com.br/ https://www.googletagmanager.com  https://a.tiles.mapbox.com https://cdnjs.cloudflare.com https://api.tiles.mapbox.com https://forms-na1.hsforms.com data:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://sotreq-ims.jcr.net.br:3006 https://cdn.jsdelivr.net/gh/igorlino/ https://fonts.googleapis.com/ https://fonts.googleapis.com/  https://ka-f.fontawesome.com/ https://cdn.rawgit.com https://portalelo.com.br/ https://a.tiles.mapbox.com https://cdnjs.cloudflare.com; font-src 'self' https://sotreq-ims.jcr.net.br:3006  https://forms.hsforms.com https://sotreq-ims.jcr.net.br:3006  https://cdnjs.cloudflare.com https://cdn.jsdelivr.net  https://ka-f.fontawesome.com https://fonts.gstatic.com https://portalelo.com.br/; connect-src 'self' 'unsafe-inline' https://q.clarity.ms https://i4gy3qeokf-dsn.algolia.net https://i4gy3qeokf-2.algolianet.com https://i4gy3qeokf-1.algolianet.com https://i4gy3qeokf-3.algolianet.com https://s.clarity.ms  https://r.clarity.ms https://lahswjuooc-3.algolianet.com https://lahswjuooc-2.algolianet.com https://lahswjuooc-1.algolianet.com https://lahswjuooc-dsn.algolia.net https://sotreq-ims.jcr.net.br:8080 https://www.facebook.com https://www.google.com.br wss://sotreq-ims.jcr.net.br:442 wss://ws.hotjar.com https://px.ads.linkedin.com https://z.clarity.ms https://api.hubapi.com https://a.tiles.mapbox.com https://pagead2.googlesyndication.com https://analytics.google.com https://cta-service-cms2.hubspot.com https://perf-na1.hsforms.com https://cdn.linkedin.oribi.io https://content.hotjar.io https://csmetrics.hotjar.com https://forms.hscollectedforms.net https://in.hotjar.com https://ka-f.fontawesome.com https://portalelo.com.br https://portalelo.com.br https://sitesotreq.manacadigital.com.br https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://u.clarity.ms https://x.clarity.ms; object-src 'none'; frame-src 'self' https://www.youtube.com https://m.youtube.com https://youtube.com https://accounts.google.com https://www.google.com https://www.facebook.com https://td.doubleclick.net https://forms.hsforms.com; 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com *.fg.cz *.warehouse1.cz *.cigarhouse1.cz *.zbozi.cz;connect-src  'self' *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.smartlook.com *.smartlook.cloud https://ehub.cz *.notifikuj.cz *.googlesyndication.com *.luigisbox.com *.zbozi.cz *.seznam.cz *.notifikuj.cz:8080 *.notifikuj.cz:3000 wss://appi.notifikuj.cz:3000;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.warehouse1.cz *.cigarhouse1.cz *.google.com *.google.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.gstatic.com *.adform.net *.seznam.cz *.doubleclick.net www.instagram.com *.smartlook.com *.smartlook.cloud *.facebook.net *.imedia.cz https://im9.cz *.cloudfront.net https://ehub.cz *.notifikuj.cz https://cdn.polyfill.io https://get.geojs.io *.luigisbox.com  *.googleoptimize.com *.googleadservices.com *.glami.cz *.licdn.com *.linkedin.com *.heureka.cz appi.notifikuj.cz *.zbozi.cz *.seznam.cz;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com *.google.com *.fliphtml5.com fliphtml5.com *.facebook.com *.imedia.cz https://ehub.cz *.zbozi.cz *.doubleclick.net *.iplatba.cz *.essox.cz;worker-src  'self' blob: www.youtube.com *.google.com *.fliphtml5.com fliphtml5.com *.facebook.com *.imedia.cz https://ehub.cz *.zbozi.cz *.doubleclick.net *.iplatba.cz *.essox.cz;frame-ancestors  'self' ;img-src  'self' data: blob: *.fg.cz *.warehouse1.cz *.cigarhouse1.cz *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.pl *.google.nl *.google.ie *.facebook.com *.imedia.cz *.heureka.cz *.seznam.cz *.adnxs.com https://ehub.cz *.cloudfront.net *.glami.cz secure.adnxs.com https://im9.cz *.zbozi.cz https://files.packeta.com;style-src  'self' 'unsafe-inline' *.fg.cz *.warehouse1.cz *.cigarhouse1.cz *.googleapis.com *.google.com *.gstatic.com *.zbozi.cz;object-src  'self' 1
script-src 	'self' 'unsafe-inline' 'unsafe-eval' 	bat.bing.com *.clarity.ms 	cdnjs.cloudflare.com 	*.cloudfront.net 	connect.facebook.net 	cdn.doofinder.com cdn.ebi.cloud 	*.googleapis.com *.googlesyndication.com *.googletagmanager.com maps.google.co.uk *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net 	*.jotform.com secure.jotformpro.com widgets.jotform.io 	code.jquery.com 	*.livechatinc.com 	js.squareup.com 	rec.smartlook.com         web-sdk.smartlook.com 	s7.addthis.com         embed.typeform.com         widget.trustpilot.com 	; 	worker-src blob: 1
block-all-mixed-content; frame-ancestors *.espacoprime.com.br 1
script-src 'self' 'nonce-env' wcpstatic.microsoft.com 1
frame-ancestors 'self' app2.konvertica.com 1
frame-ancestors 'self' https://*.game-consign.com; 1
font-src *.googleapis.com *.gstatic.com data: connect.podium.com *.jaybro.com.au *.wistia.com searchserverapi.com *.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com searchserverapi.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com searchserverapi.com *.google.com/ www.searchanise.com *.searchserverapi.com *.twitter.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com www.eway.com.au avatars.podium.com podium-prod.s3.amazonaws.com *.wistia.com *.jaybro.com.au searchserverapi.com https://www.magezon.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ munchkin.marketo.net connect.podium.com *.hotjar.com fast.wistia.com fast.wistia.net secure.ewaypayments.com *.jaybro.com.au *.workable.com *.insightech.com *.clickcease.com searchserverapi.com cdn.amplitude.com *.avada.io *.google.com/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com landofcoder.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com connect.podium.com *.jaybro.com.au searchserverapi.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.jaybro.com.au blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com 839-myy-399.mktoresp.com stats.g.doubleclick.net *.analyticspodium.com mind-flayer.podium.com *.hotjar.io *.hotjar.com wss://*.hotjar.com o1081911.ingest.sentry.io *.wistia.com *.litix.io *.insightech.com *.googlesyndication.com searchserverapi.com https://get.geojs.io *.avada.io api.amplitude.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 1
default-src 'self' speedtest.avantiplc.com;img-src 'self';script-src 'self' code.highcharts.com 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;report-uri /csp-report; 1
default-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-hashes' 'unsafe-inline'; 1
default-src 'self'  *.munite.com *.microsoft.com *.google-analytics.com *.clickdimensions.com *.msecnd.net *.hotjar.com *.vimeo.com *.jquery.com *.ajax.googleapis.com *.googletagmanager.com *.cloudflare.com *.gstatic.com *.google.com *.cloudfront.net *.bootstrapcdn.com *.doubleclick.net *.hotjar.io *.aspnetcdn.com *.telerik.com *.pfm.com *.ipify.org blob: ;font-src 'self' data: fonts.gstatic.com;img-src 'self' data: blob: ; style-src 'self' 'unsafe-inline' *.munite.com *.google-analytics.com *.microsoft.com *.googleapis.com *.msecnd.net *.clickdimensions.com *.cloudfront.net *.jquery.com *.bootstrapcdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/css/bootstrap-multiselect.css https://www.google.com/recaptcha/api.js https://www.gstatic.com *.munite.com *.microsoft.com *.www.google-analytics.com *.clickdimensions.com *.hotjar.com *.msecnd.net *.vimeo.com *.jquery.com *.bootstrapcdn.com http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.googletagmanager.com/gtag/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/js/bootstrap-multiselect.min.js?packageBootstrap4' *.www.google.com  *.d1f69o4buvlrj5.cloudfront.net *.googleads.g.doubleclick.net *.aspnetcdn.com *.hotjar.io *.telerik.com *.pfm.com https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.18/jquery.touchSwipe.min.js; 1
default-src 'self' *.tc.edu *.tc.columbia.edu; font-src *; frame-ancestors 'self' *.tc.edu *.tc.columbia.edu; frame-src *; img-src * data: blob:; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; object-src 'none'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-DYFp9baETzGlpD0z4-M55w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de  www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src  *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de; worker-src 'self' *.dehst.de; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://queer.af 'wasm-unsafe-eval'; font-src 'self' https://queer.af; img-src 'self' data: blob: https://queer.af https://queer-af.catgirldelivery.network; style-src 'self' https://queer.af 'nonce-MsN1GVnh1YHYtF3lZ/FJJg=='; media-src 'self' data: https://queer.af https://queer-af.catgirldelivery.network; frame-src 'self' https:; child-src 'self' blob: https://queer.af; worker-src 'self' blob: https://queer.af; connect-src 'self' blob: data: wss://queer.af https://queer.af https://queer-af.catgirldelivery.network; manifest-src 'self' https://queer.af; form-action 'self' 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net *.worldchangers.reviews *.guildgiving.org wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net *.googletagmanager.com www.gstatic.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss:; img-src https: data:; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adroll.com *.brightcove.com *.brightcove.net *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.google-analytics.com *.kampyle.com *.marketo.com *.marketo.net *.qualtrics.com *.sharethis.com *.twimg.com analytics.twitter.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org connect.facebook.net platform.twitter.com resources.digital-cloud-west.medallia.com snap.licdn.com static.ads-twitter.com tr.outbrain.com vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.clarity.ms www.google.com www.googletagmanager.com www.gstatic.com ;  connect-src 'self' *.akamaihd.net *.apolloplatform.com *.clarity.ms *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.google-analytics.com *.kampyle.com *.marketo.com *.mktoresp.com *.onetrust.com *.onetrust.io *.qualtrics.com *.widen.net *.widencdn.net bat.bing.com cdn.cookielaw.org dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io resources.digital-cloud-west.medallia.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.clearbridge.com www.fti.wallst.com ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.boltdns.net *.brightcove.com *.clearbridge.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.google.co.in *.google.co.uk *.google.com *.google.pl *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.sharethis.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net bat.bing.com c.bing.com c.clarity.ms platform.twitter.com resources.digital-cloud-west.medallia.com syndication.twitter.com t.co ;  font-src 'self' data: *.ftsites.com cdn.fonts.net fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com *.sharethis.com cdn.fonts.net fonts.googleapis.com fonts.gstatic.com platform.twitter.com ;  worker-src blob: ; 1
frame-ancestors 'self' https://www.schoolnutritionandfitness.com; 1
frame-ancestors 'self' catalonia.us catalonia.de catalonia.fr catalonia.cn catalonia.kr catalonia.jp suppliers.catalonia.com startupshub.catalonia.com forms.catalonia.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pretix.eu/ https://cdn.plyr.io https://www.youtube.com https://s.ytimg.com https://stats.jobrouter.com/ https://static.hsappstatic.net https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://connect.facebook.net https://sjs.bizographics.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://pretix.eu/ https://stats.jobrouter.com https://cdn.plyr.io https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://forms-eu1.hscollectedforms.net https://i.ytimg.com https://stats.jobrouter.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.google.de https://region1.google-analytics.com https://www.facebook.com/tr/ https://connect.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com/px/ https://bat.bing.com; font-src 'self' https://stats.jobrouter.com https://fonts.gstatic.com data:; connect-src 'self' https://stats.jobrouter.com/ https://px.ads.linkedin.com https://pretix.eu/ https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://forms-eu1.hubspot.com https://www.google.com https://adservice.google.com https://region1.google-analytics.com/ https://pagead2.googlesyndication.com  *.hotjar.io *.hotjar.com wss://*.hotjar.com https://www.google-analytics.com vc.hotjar.io https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://bat.bing.com https://cdn.plyr.io https://noembed.com; child-src 'self' https://stats.jobrouter.com https://portal.jobrouter.com https://pretix.eu https://meetings-eu1.hubspot.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.facebook.com/ https://tpc.googlesyndication.com https://vars.hotjar.com/ https://insights.hotjar.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://sentry.jobrouter.cloud/api/8/security/?sentry_key=c671b2d59eb44102bcf7c6b534d6c86b 1
frame-src 'self' 'unsafe-inline' 'unsafe-eval' videoportal.klinikum-oldenburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.klinikum-oldenburg.de; script-src-elem 'self' 'unsafe-inline'  www.klinikum-oldenburg.de www.google-analytics.com www.googletagmanager.com connect.facebook.net; frame-ancestors 'self' www.klinikum-oldenburg.de; media-src 'self' videos.klinikum-oldenburg.de 1
script-src-elem 'self' 'unsafe-inline' https://*.marketo.net https://js-agent.newrelic.com https://herodigital.piwik.pro https://*.mktoweb.com https://boards.greenhouse.io/ https://hemsync.clickagy.com/ https://assets.adobedtm.com https://player.vimeo.com https://cdn.heapanalytics.com http://cdn.heapanalytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://pi.pardot.com https://cdn.pardot.com http://pi.pardot.com http://cdn.pardot.com https://snap.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://connect.facebook.net https://ws.zoominfo.com http://j.6sc.co http://a.adroll.com https://googleads.g.doubleclick.net https://tags.clickagy.com https://s.adroll.com https://d.adroll.com http://go.herodigital.com http://s.adroll.com https://*.jsdelivr.net https://*.amplitude.com https://*.heap-api.com https://*.assets.listenlayer.com; 1
default-src 'self' porno365.name www.porno365.name porno-24.pro *mega-porno* *.5porno.club *.mega-porno.online *.24xxx.club *.big-boss.cc *.xrest.mobi *.5xxx.tv *.mega-xxx.pro http://ssl.p.jwpcdn.com http://jwpltx.com advrich.com *.advertserve.com mp-b.info *.vids69.com http://counter.rambler.ru my2.imgsmail.ru www.gstatic.com yandex.st an.yandex.ru *.google.com pagead2.googlesyndication.com www.youtube.com vk.com cdn.connect.mail.ru *.gstatic.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' http://www.siskipiski.tv http://siskipiski.tv data: 0.gravatar.com http://0.gravatar.com/ 1.gravatar.com http://1.gravatar.com/ an.yandex.ru/count http://an.yandex.ru/count/ favicon.yandex.net http://favicon.yandex.net avatars-fast.yandex.net http://avatars-fast.yandex.net/ vk.com yastatic.net counter.rambler.ru top-fwz1.mail.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com yastatic.net http://yastatic.net/ connect.mail.ru an.yandex.ru www.youtube.com googleads.g.doubleclick.net vk.com userapi.com site.yandex.net yastatic.net https://yastatic.net http://site.yandex.net https://site.yandex.net *.gstatic.com https://vk.com fonts.googleapis.com mc.yandex.ru *.gstatic.com 1
frame-ancestors 'self'  https://www.youtube.com;block-all-mixed-content;frame-src https://www.google.com youtube.com www.youtube.com https://player.vimeo.com https://bid.g.doubleclick.net  https://web.facebook.com https://m.facebook.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://secure.trust-provider.com;script-src 'self'  'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.norton.com https://unpkg.com https://chimpstatic.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://www.gstatic.com https://connect.facebook.net https://checkout.stripe.com https://js.stripe.com https://seal.websecurity.norton.com https://graph.facebook.com https://js.facebook.com https://js.stripe.com  https://secure.trust-provider.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com checkout.stripe.com  https://www.gstatic.com fonts.googleapis.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.stripe.com *.doubleclick.net connect.facebook.net;base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
default-src 'self' cdn.wcc.heine.ch https://cdn.wcc.heine.ch/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine.ch fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine.ch/graphql cdn.wcc.heine.ch cdn.witt.info/ images.ctfassets.net te.heine.ch tp.heine.ch wasp.heine.ch wst.heine.ch *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine.ch https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.heine.ch www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.heine.ch checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine.ch *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.heine.ch cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine.ch *.dixa.io;    worker-src 'self' cdn.wcc.heine.ch blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
default-src 'self' cdn.wcc.witt-weiden.ch https://cdn.wcc.witt-weiden.ch/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-weiden.ch fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-weiden.ch/graphql cdn.wcc.witt-weiden.ch cdn.witt.info/ images.ctfassets.net te.witt-weiden.ch tp.witt-weiden.ch wasp.witt-weiden.ch wst.witt-weiden.ch *.analytics.google.com  *.facebook.com *.contentsquare.net *.my.onetrust.eu *.google-analytics.com bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net www.google-analytics.com www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ *.creativecdn.com *.googlesyndication.com *.optimizely.com https://ct.pinterest.com http://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-weiden.ch https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io api.sovendus.com benefits.sovendus.com identification-api.sovendus.com integration-api.sovendus.com press-tracking-api.sovendus.com https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-weiden.ch www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' d.witt-weiden.ch checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-weiden.ch *.awin1.com *.criteo.net *.criteo.com *.adrtx.net *.contentsquare.net www.googletagmanager.com www.facebook.com www.youtube.com dmp.theadex.com 5127363.fls.doubleclick.net 12769738.fls.doubleclick.net www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io https://api.sovendus.com https://www.sovendus-connect.com https://www.sovendus-benefits.com https://gui.display.prod.app.funnelplus.com/;    media-src 'self' cdn.wcc.witt-weiden.ch cdn.witt.info/ images.ctfassets.net videos.ctfassets.net www.youtube.com witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-weiden.ch *.dixa.io;    worker-src 'self' cdn.wcc.witt-weiden.ch blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
child-src energiwatch.dk *.energiwatch.dk; frame-src https://*; 1
default-src 'self'; style-src 'self' 'unsafe-inline'  fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net stackpath.bootstrapcdn.com tagmanager.google.com fonts.cdnfonts.com; font-src 'self' data: cdnjs.cloudflare.com fonts.cdnfonts.com fonts.googleapis.com fonts.gstatic.com stackpath.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://connect.facebook.net; frame-ancestors 'none'; frame-src 'none'; connect-src 'self' data: www.google-analytics.com stats.g.doubleclick.net; img-src 'self' data:  www.google-analytics.com  www.googletagmanager.com www.facebook.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.facialco.com.au https://m.facialco.com.au https://checkout.facialco.com.au https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors http://www.4manalytics.com https://www.4manalytics.com http://everything-utilities.4manalytics.com https://everything-utilities.4manalytics.com 1
script-src 'unsafe-inline' 'unsafe-eval'  https://www.novelan.com https://region1.google-analytics.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.youtube-nocookie.com https://fonts.gstatic.com https://jnn-pa.googleapis.com https://i.ytimg.com https://yt3.ggpht.com https://www.google.com https://www.google.se https://play.google.com https://*.googlevideo.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fast.fonts.net https://www.waermepumpe.de https://www.youtube.com https://static.doubleclick.net https://translate.googleapis.com https://assets.novelan.com 1
default-src 'self';script-src 'self' 'unsafe-eval' https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet-cdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://secure.gravatar.com https://*.grantstreet.com:* https://localhost:* 'unsafe-eval' 'unsafe-inline';connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://payment-express.net https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://www.google-analytics.com https://grantstreet-public.oktapreview.com https://grantstreet-public.okta.com https://global.oktacdn.com;style-src 'self' 'unsafe-inline' https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://fonts.googleapis.com;font-src 'self' https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://fonts.gstatic.com;frame-ancestors 'self' https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.netlify.app https://*.grantstreet.com:*;img-src 'self' data: https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://*.county-taxes.com https://mkt-prod-gsg-wordpress.s3.amazonaws.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://fonts.googleapis.com https://www.gstatic.com/ https://bodrumarchlib.blob.core.windows.net www.googletagmanager.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fmi.ch https://code.jquery.com https://fonts.googleapis.com https://pro.fontawesome.com *.twitter.com *.twimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com data:; connect-src https://*.google-analytics.com; frame-ancestors *.fmi.ch *.jobs.ch; frame-src *.fmi.ch www.youtube.com platform.twitter.com syndication.twitter.com www.google.com *.issuu.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-AyDua1O4cHfZ_qPkvi8zhw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://bat.bing.com/bat.js https://connect.facebook.net/en_US/sdk.js https://go.affec.tv/j/5ac4e6e29a7ccc000965fd3f https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969925855/ https://rules.quantcount.com/rules-p-8bvyQ54symtXP.js https://script.hotjar.com/modules.8b26e228a400adf6a3ea.js https://secure.adnxs.com/px https://secure.quantserve.com/quant.js https://static.hotjar.com/c/hotjar-618622.js https://td.yieldify.com/yieldify/code.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/s/player/248ded94/www-widgetapi.vflset/www-widgetapi.js 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com connect.facebook.net myplans.scottishfriendly.co.uk performance.radar.cloudflare.com polyfill.io script.hotjar.com self ssl.google-analytics.com static.hotjar.com td.yieldify.com unpkg.com widget.trustpilot.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.scottishfriendly.co.uk www.youtube.com go.affec.tv googleads.g.doubleclick.net rules.quantcount.com secure.adnxs.com secure.quantserve.com; script-src-elem 'unsafe-inline' bat.bing.com connect.facebook.net script.hotjar.com www.google-analytics.com www.googletagmanager.com www.youtube.com 'self' apis.google.com cdnjs.cloudflare.com myplans.scottishfriendly.co.uk performance.radar.cloudflare.com polyfill.io ssl.google-analytics.com static.hotjar.com td.yieldify.com unpkg.com widget.trustpilot.com www.google.com www.gstatic.com www.scottishfriendly.co.uk go.affec.tv googleads.g.doubleclick.net rules.quantcount.com secure.adnxs.com secure.quantserve.com; script-src-attr 'unsafe-inline'; style-src 'self' https://cloud.typography.com 'unsafe-inline' cloud.typography.com data: secure.scottishfriendly.co.uk self; style-src-elem 'unsafe-inline' cloud.typography.com 'self' data: fonts.googleapis.com secure.scottishfriendly.co.uk www.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com www.googletagmanager.com analytics.google.com bat.bing.com connect.facebook.net data: fonts.gstatic.com marketplace.concretecms.com mm-static.mustcheck.com region1.analytics.google.com region1.google-analytics.com ssl.google-analytics.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.gstatic.com www.scottishfriendly.co.uk pixel.quantserve.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' https://adservice.google.com https://bat.bing.com https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com content.hotjar.io pixel.quantcount.com wss://wsp11.hotjar.com www.facebook.com ad.doubleclick.net adservice.google.com analytics.google.com bat.bing.com cloud.typography.com csmetrics.hotjar.com data: metrics.hotjar.io region1.analytics.google.com region1.google-analytics.com secure.scottishfriendly.co.uk signal-scf.zendesk.com ssl.google-analytics.com stats.g.doubleclick.net vc.hotjar.io wss://ws.hotjar.com wss://wsp37.hotjar.com wss://wsp45.hotjar.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com www.scottishfriendly.co.uk; media-src 'self' data:; object-src 'none' 'self'; frame-src 'self' https://8759738.fls.doubleclick.net https://players.brightcove.net https://servedby.flashtalking.com connect.facebook.net instagram.com m.youtube.com widget.trustpilot.com www.google.com www.googletagmanager.com www.instagram.com www.youtube.com 8759738.fls.doubleclick.net 8759738.fls.doubleclick.net.x.67d211e00752c047860aa6409462a509771c.d045227d.id.opendns.com td.doubleclick.net; worker-src 'self' myplans.scottishfriendly.co.uk; base-uri 'self'; manifest-src 'self'; report-uri https://b6e2b0e42d8112cf0989b3c4b8cf0b6d.report-uri.com/r/d/csp/wizard 1
base-uri 'self'; frame-ancestors https://*.etracker.com 'self' https://*.etracker.com https://*.etracker.de ; connect-src 'self' https://cloud.ccm19.de https://*.etracker.de; frame-src 'self' https://www.youtube-nocookie.com; img-src 'self' https://cloud.ccm19.de https://tank.rast.de data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://cloud.ccm19.de/app.js https://*.etracker.com https://*.etracker.de https://cloud.ccm19.de/js/frontend/ccm19.components.min.js https://cloud.ccm19.de/plugins/Ccm19ScriptPlaceholder/module.js 'sha256-ViJzkadKgBa4dc/FQQNR8L89ZAeo5x86ra//Yb4YLMw=' 'sha256-/fAG+ctzWZwE06KAR4ydQZk8ee2r6DxFXoJELdVp/h8=' 'sha256-RvN1gOqdX3O/tBey9+VVx0aQBRg6miYA6mHH7/cn1p4=' 'sha256-RM7nBpDeXR/1aSJec3S2cnfLuVPooIkgLClbg16IPPg=' 'sha256-skrgB0VGLGOFRmvC1lgqU7f4cz2md2ohVfqUdFvS3AI=' 'sha256-YwbZP/sPdguXEmOD6Ok4kO4coryDtgQqYH9Pqr9iJbU=' 'sha256-Bg79w2AdGsZSTlR5Rslc4QoleQypyJLg5aZth92aCRQ=' 'sha256-mdQ9lWCRmmVVN867uLdZycpVpmc2y/u7HFHoWkHry5c=' 'sha256-r7KyHynNXX/FtjqOoC7OlklgO55joq+lWSfFCDReHuc=' 'sha256-8LS4OEASWMt8yCSwXOPyen7KfSVLw8k4LqojxPjZsTs=' 'sha256-IxOaSgBjYoUMmVbY27VEV+VrQrkhayppxvYgieg8oV0=' 'sha256-GUU2B6en97Ej8sg2sOuKKAbdqzh4r5hk9yRJ+WDTqNQ=' 'sha256-77ISGrG0nInrR8RPSiF4nIbpKKTVlKxSZtnpU+Byonc=' 'sha256-lyXpvvixDX5h8dJX0vKhrHD7Bo1DdHyaRJOVBHyFpJQ=' 'sha256-XkrWLr61deXjy13AI4misPgu+DLf8yy1eoh/HMpS4B4=' 'sha256-hPnbct+H2uwUiwoh3kect6TJt4waDlLPfj47TO58lXc=' 'sha256-80Mr5Xc2f6hVSJwvFRRcNjAI9RMcnuTVAIzr6pIQswI=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-GpvcNg2UAO42oLxEk3DqRULeUWnXrCwl8bnBSrLC6GI=' 'sha256-enMa+yV8FVuUv8O48ZHQb5cKb3r4ueE6E7b/KfMk0kw=' 'sha256-dUFvlfpotB2XHBoT/NHtxl4nd4jKT9gG9mPLzqHCOuE=' 'sha256-I5fgwekzfpkEu+UqWu9oY47w9pdunW9uO91Dk5keQBY=' 'sha256-rCMyM+e8r4BgQbJDV4+rCB3O2KBF2agnVkENqeojgqE=' 'sha256-tgPnZiw1W1g3Qlq9T6BDF/up5ah2f9AVESn4Qcq0zl4=' 'nonce-2b407cbe358' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cloud.ccm19.de; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src-elem * 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https:; img-src 'self' https: data: blob: https:; style-src 'self' https: 'nonce-NZfRtxY4YDjNm9RzXRJnFw=='; media-src 'self' https: data: https:; frame-src 'self' https:; manifest-src 'self' https:; connect-src 'self' data: blob: https: https: wss://dragon.style; script-src 'self' https: 'wasm-unsafe-eval'; child-src 'self' blob: https:; worker-src 'self' blob: https: 1
connect-src 'self' https://dpm.demdex.net/ https://collect-us-east-1.tealiumiq.com/ https://gskusp.sc.omtrdc.net/ ;img-src 'self' https://sb.scorecardresearch.com/ https://gskusp.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data ; 1
default-src 'self' *.klauke.com https://*.ridgidapps.com https://*.cybersource.com https://*.bazaarvoice.com *.google-analytics.com www.facebook.com www.google.com data: *.pricespider.com *.googleapis.com https://cdn.cookielaw.org *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chasepaymentechhostedpay.com *.klauke.com maps.google.com *.googleapis.com www.googletagmanager.com *.pricespider.com cdnjs.cloudflare.com www.googleadservices.com https://*.bootstrapcdn.com https://*.bazaarvoice.com connect.facebook.net *.google-analytics.com https://googleads.g.doubleclick.net www.youtube.com https://s.ytimg.com https://*.ridgidapps.com www.google.com https://www.gstatic.com https://tagmanager.google.com https://tpc.googlesyndication.com https://img.en25.com blob: https://cdn.cookielaw.org *.onetrust.com;style-src 'self' 'unsafe-inline' *.klauke.com *.googleapis.com https://*.bazaarvoice.com https://*.bootstrapcdn.com https://*.pricespider.com https://*.ridgid.com https://tagmanager.google.com https://cdn.cookielaw.org *.onetrust.com;img-src 'self' *.klauke.com *.google-analytics.com *.youtube.com www.googletagmanager.com https: data: blob: https://cdn.cookielaw.org *.onetrust.com;frame-src 'self' https://www.chasepaymentechhostedpay.com *.klauke.com www.youtube.com https://bid.g.doubleclick.net https://*.bazaarvoice.com https://www.facebook.com https://orchardproject.net https://www.orchardproject.net https://www.orchardcore.net https://*.cybersource.com www.google.com www.googletagmanager.com https://*.fls.doubleclick.net https://tpc.googlesyndication.com data: mailto: https://cdn.cookielaw.org *.onetrust.com;font-src 'self' *.klauke.com fonts.gstatic.com https://fonts.googleapis.com https://*.bootstrapcdn.com greenlee.com data: https://cdn.cookielaw.org *.onetrust.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.elta.lt 1
default-src 'self' wss://*.isaaccomputerscience.org https://*.isaaccomputerscience.org https://*google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.gstatic.com; object-src 'none'; frame-src 'self' https://*.isaaccomputerscience.org  https://www.youtube-nocookie.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://*.isaaccomputerscience.org https://*.google-analytics.com https://*.googletagmanager.com https://*.tile.openstreetmap.org https://developers.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://*.isaaccomputerscience.org https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Ms8qdQ3xt2IaOg9c-ybskQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src *; frame-ancestors 'self' https://*.10005.elluciancloud.com https://*.elluciancloud.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' https://maxcdn.bootstrapcdn.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com use.typekit.net; script-src 'strict-dynamic' 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ=' 'self' *.youtube.com *.googletagmanager.com *.demandbase.com *.licdn.com *.cloudfront.com *.cloudfront.net *.mktoutil.com assets.adobedtm.com *.wipro.com *.woolmagazine.com match.prod.bidr.io google-analytics.com analytics.twitter.com static.ads-twitter.com *.twitter.com t.co *.marketo.com *.marketo.net geolocation.onetrust.com https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com ssl.p.jwpcdn.com content.jwplatform.com *.encoretheme.com use.typekit.net; connect-src 'self' https://www.google-analytics.com/ https://823-vdb-175.mktoresp.com wss://ws16.hotjar.com wss://*.hotjar.com wss://ws8.hotjar.com *.mktoutil.com *.wipro.com *.hotjar.com d.adroll.com *.hotjar.io api.company-target.com 921-uou-112.mktoresp.com *.sc.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com https://dpm.demdex.net https://privacyportal-apac.onetrust.com https://wiprolimited.tt.omtrdc.net https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ=' cdn.linkedin.oribi.io https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.appirio.com https://maxcdn.bootstrapcdn.com https://go.wipro.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com fonts.googleapis.com stackpath.bootstrapcdn.com *.encoretheme.com use.typekit.net p.typekit.net https://app-static.turtl.co/embed/turtl.embed.v1.css; frame-src 'self' *.vimeo.com *.appirio.com share.transistor.fm go.wipro.com spark.adobe.com *.hotjar.com *.demdex.net www.google.com *.doubleclick.net *.youtube-nocookie.com *.youtube.com https://app-ab39.marketo.com https://www.facebook.com assets.adobedtm.com https://explore.wipro.com/ 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ='; img-src 'self' data: *.demdex.net *.wipro.com stage2.wipro.com cm.everesttech.net https://i.ytimg.com/ https://prd.jwpltx.com https://www.google.com https://www.facebook.com app-ab39.marketo.com www.google.co.in https://wiprolimited.sc.omtrdc.net p.typekit.net http: https:; form-action facebook.com app-ab39.marketo.com 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ='; object-src *.wipro.com 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ=' ; media-src 'self' *.youtube.com blob: 'nonce-MTcwNTk4MDk0NDUwMDAuMTI5NjE5NTQyMzY5Nzc1MjQ=';base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';      img-src 'self' https://px.ads.linkedin.com https://placehold.jp https://www.facebook.com https://i.ytimg.com https://www.googletagmanager.com https://api.map.baidu.com https://www.google.com.hk https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://miao.baidu.com data:;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://linkreit.gti.com.hk;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn/recaptcha/ https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://api.map.baidu.com https://dlswbr.baidu.com https://maponline2.bdimg.com https://maponline1.bdimg.com https://maponline0.bdimg.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://analytics.google.com;      font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.gstatic.cn data:;      frame-src 'self' https://view.genial.ly/ https://www.linkreit-aws.hk/ https://view.vzaar.com/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://recaptcha.google.com/recaptcha/ https://api.irasia.com https://www.facebook.com https://socialplugin.facebook.net https://iframe.dacast.com https://www.youtube.com https://channel823.linkreit.com;      frame-ancestors 'self' https://uat-cd.linkreit.com/ https://pre-cd.linkreit.com/ ;        connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.linkedin.oribi.io https://maps.googleapis.com https://www.google-analytics.com https://socialplugin.facebook.net https://stats.g.doubleclick.net https://analytics.google.com https://iframe.dacast.com https://www.youtube.com https://miao.baidu.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-f5ea0dfdfd5129d4ee9ad7bdfa8ad85c'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self';  script-src 'unsafe-inline' 'unsafe-eval' 'self' *.norton.com *.opendns.com js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.usemessages.com *.usercentrics.eu *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net *.zscloud.net munchkin.marketo.net *.serving-sys.com *.googleadservices.com googleads.g.doubleclick.net *.akamaihd.net secure.comodo.com www.trustlogo.com seal.verisign.com seal.websecurity.norton.com www.googletagmanager.com optimize.google.com *.google-analytics.com media.richrelevance.com js.hsforms.net forms.hsforms.com *.hubspot.com services.cognitoforms.com www.google.com www.google:* www.gstatic.com *.googleapis.com cloud.github.com code.jquery.com connect.facebook.net static.ak.fbcdn.net *.hscollectedforms.net widgets.twimg.com www.dentapure.com www.google.com tagmanager.google.com volusionchat.appspot.com cloud.github.com vp.dentrek.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.youtube.com *.licdn.com *.trustpilot.com service.force.com *.salesforce.com  *.force.com  *.salesforceliveagent.com *.salesforce-sites.com bing.com facebook.net hs-scripts.com hs-banner.com hsadspixel.net hs-analytics.net linkedin.com cdn.linkedin.oribi.io adservice.google.com clarity.ms *.clarity.ms js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net blob: data:;           connect-src 'self' *.hubapi.com *.hubspot.com *.usercentrics.eu *.akstat.io *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com services.cognitoforms.com optimize.google.com *.google-analytics.com ssl.google-analytics.com *.clarity.ms js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk stats.g.doubleclick.net *.trustpilot.com *.googletagmanager.com service.force.com salesforce.com  salesforceliveagent.com *.salesforce-sites.com cdn.linkedin.oribi.io *.hscollectedforms.net *.google.com adservice.google.com;  img-src 'self' *.zscloud.net *.hubspot.com *.usercentrics.eu *.henryschein.com *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com googleads.g.doubleclick.net *.akamaihd.net placeholder.com via.placeholder.com secure.comodo.com www.trustlogo.com seal.websecurity.norton.com www.google:* www55.caligor.com optimize.google.com *.google-analytics.com *.henryschein.co.uk placehold.it www.servertastic.com *.clarity.ms localhost www.gstatic.com media.corporate-ir.net volusionchat.appspot.com *.googleapis.com ssl.gstatic.com www.google.com media.istockphoto.com js.hsforms.net *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk www.googletagmanager.com stats.g.doubleclick.net *.ads.linkedin.com *.adsymptotic.com *.atdmt.com *.commerce-connector.com *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com linkedin.com *.hscollectedforms.net *.google.it *.hsforms.com *.linkedin.com forms.hsforms.com data:;  style-src *.zscloud.net *.kampyle.com *.google-analytics.com optimize.google.com 'unsafe-inline' 'self' *.googleapis.com services.cognitoforms.com tagmanager.google.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com fonts.gstatic.com service.force.com salesforce.com  salesforceliveagent.com *.salesforce-sites.com;  font-src 'self' *.kampyle.com sxt.cdn.skype.com *.googleapis.com fonts.gstatic.com themes.googleusercontent.com services.cognitoforms.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com *.sfdcstatic.com data:;  frame-src 'self' *.hubspot.com *.kampyle.com *.hs-ecom.com bid.g.doubleclick.net *.google-analytics.com optimize.google.com cdn.pendo.io app.pendo.io www.trustlogo.com secure.comodo.com www.googletagmanager.com cdn.livechatinc.com secure.livechatinc.com app.usercentrics.eu www.youtube.com player.vimeo.com media.corporate-ir.net vimeo.com *.facebook.com www.google.com volusionchat.appspot.com js.hsforms.net *.henryschein.co.uk *.henryschein.com *.bing.com *.kentexpressdentalsupplies.co.uk connect.facebook.net forms.hsforms.com *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com *.doubleclick.net data:;  media-src 'self' *.kampyle.com media.istockphoto.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com www.dentapure.com; service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com  report-uri /webservices/JSONRequestHandler.ashx?from=csp;   1
default-src 'self'; connect-src 'self' matomo.sib.swiss noembed.com cdn.plyr.io sentry-dev.vital-it.ch www.vital-it.ch; font-src 'self' fonts.bunny.net cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com data: ; img-src 'self' www.sib.swiss matomo.sib.swiss data: i.ytimg.com wayf.switch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss cdn.plyr.io www.youtube.com wayf.switch.ch cdnjs.cloudflare.com code.jquery.com static.filestackapi.com cdn.datatables.net ajax.googleapis.com player.vimeo.com; style-src 'self' 'unsafe-inline' cdn.plyr.io fonts.bunny.net wayf.switch.ch cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com cdn.datatables.net; frame-src 'self' www.youtube-nocookie.com player.vimeo.com; frame-ancestors 'self' https://sibcloud.sharepoint.com/ https://intranet.sib.swiss/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://physfluids.fr; img-src 'self' https: data: blob: https://physfluids.fr; style-src 'self' https://physfluids.fr 'nonce-RazS8KZkq5hHGH/UZQx1HA=='; media-src 'self' https: data: https://physfluids.fr; frame-src 'self' https:; manifest-src 'self' https://physfluids.fr; form-action 'self'; child-src 'self' blob: https://physfluids.fr; worker-src 'self' blob: https://physfluids.fr; connect-src 'self' data: blob: https://physfluids.fr https://physfluids.fr wss://physfluids.fr; script-src 'self' https://physfluids.fr 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com code.jquery.com *.cloudinary.com cdn.cookielaw.org pr.globenewswire.com *.trustpilot.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.google-analytics.com *.youtube.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn https://static.meiqia.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.googleapis.cn pr.globenewswire.com *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com 'self' 'unsafe-inline' web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png platform.twitter.com/css/ *.twimg.com data: blob: img.youtube.com hms-networks.com *.hms-networks.com *.intesis.com *.ixxat.com *.ewon.biz *.anybus.com *.sitefinity.cloud *.livechat-static.com *.livechat-files.com *.livechatinc.com *.cloudinary.com *.dynamics.com *.windows.net *.cookielaw.org pr.globenewswire.com ml-eu.globenewswire.com https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.azureedge.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com *.googletagmanager.com *.wistia.net *.hms-networks-data.com *.zdusercontent.com *.meiqia.com *.meiqiausercontent.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: fonts.gstatic.cn *.googleapis.cn cdnjs.cloudflare.com pr.globenewswire.com *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.alicdn.com; frame-src 'self' *.dynamics.com *.livechatinc.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com api.stockdio.com *.intesis.com www.google.com www.bihl-wiedemann.de pr.globenewswire.com *.trustpilot.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com *.azureedge.net *.google-analytics.com *.youtube.com cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com *.msecnd.net *.googletagmanager.com *.hms-networks.com *.wistia.net *.hms-networks-data.com *.swwtech.cn *.zendesk.com *.zdusercontent.com *.qq.com *.youku.com hms.neckarfreunde.net *.jacando.io *.cloudinary.com cloudinary.com licensing.bihl-wiedemann.de web-chat.nativechat.com; connect-src 'self' accounts.google.com cdn.linkedin.oribi.io cdnjs.cloudflare.com *.cloudinary.com *.onetrust.com cdn.cookielaw.org pr.globenewswire.com *.windows.net *.dynamics.com api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn *.meiqia.com wss://*.meiqia.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net; media-src 'self' data: blob: *.cloudinary.com pr.globenewswire.com ml-eu.globenewswire.com t2mstatus.com api.stockdio.com *.hms-networks.com *.azureedge.net *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com console.cloudinary.com cloudinary.com blob: *.youku.com pr.globenewswire.com *.trustpilot.com hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com *.dynamics.com *.google.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net *.hms-networks-data.com *.matomo.cloud *.swwtech.cn media.hms-networks.com 'self' web-chat.nativechat.com; frame-ancestors 'self' *.bihl-wiedemann.de *.hms-networks-data.com hms-stg.sitefinity.cloud *.hms-networks.com hms-local.sitefinity.cloud *.zendesk.com *.zdusercontent.com 1
upgrade-insecure-requests; default-src 'self'; base-uri 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data:; style-src 'unsafe-inline' 'unsafe-eval' 'self' data: 1
default-src * 'self' data: blob:; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' data: blob: *.painters-online.co.uk *.wgp-cdn.co.uk *.cloudflare.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com *.jsdelivr.net *.maxcdn.com *.youtube.com *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com *.googlesyndication.com *.google-analytics.com *.pbstck.com https://*.consensu.org *.skimresources.com *.trackedlink.net *.clarity.ms https://*.fontawesome.com *.trackedweb.net automatad-d.openx.net bid.contextweb.com ap.lijit.com *.omnitagjs.com *.smartadserver.com *.33across.com *.g.doubleclick.net *.analytics.google.com *.google.com *.g.doubleclick.net *.gstatic.com *.cmp.quantcast.com *.quantcast.com *.tagdeliver.com *.inmobi.com; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.zalad.io https://cdn.ravenjs.com https://ajax.cloudflare.com; frame-src 'self' https://discordapp.com/ https://verify.walletconnect.com/ https://www.google-analytics.com/; font-src 'self' data: https://oddslingers.com; connect-src 'self' wss://oddslingers.l wss://virtue-poker-production.monadical.io/ wss://virtue.poker/ https://sentry.io https://mainnet.infura.io/v3/8be0fdaa05684254a7792e0dbe773959 https://api.opensea.io/api/ https://nft.api.infura.io https://polygon-mainnet.g.alchemy.com/nft/ https://registry.walletconnect.com wss://relay.walletconnect.org/ https://explorer-api.walletconnect.com/ https://verify.walletconnect.com/ https://www.google-analytics.com/ wss://*.bridge.walletconnect.org https://radial-young-season.solana-mainnet.quiknode.pro/51bb17bebe0b0462ad2da1d9fb3c5368b6f750fe/ https://arweave.net/ https://*.arweave.net/ https://nftstorage.link/ https://*.nftstorage.link/  https://*.irys.xyz/ https://api.coingecko.com/api/v3/ wss://relay.walletconnect.com/ https://verify.walletconnect.com/ https://www.google-analytics.com/ wss://ingest.prod.verisoul.ai/ https://net.prod.verisoul.ai/ wss://net.prod.verisoul.ai https://api.scan.pulsechain.com/api/; media-src 'self' blob:; img-src * 'unsafe-inline' data: https://analytics.zalad.io https://registry.walletconnect.com wss://relay.walletconnect.org/ https://explorer-api.walletconnect.com/ https://verify.walletconnect.com/ https://www.google-analytics.com/ blob:; object-src 'none'; worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.googletagmanager.com https://js.verisoul.ai wss://net.prod.verisoul.ai https://api.scan.pulsechain.com/api/ 1
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net http://dev-aesearch.americaneagle.com/ https://dev-aesearch.americaneagle.com/ https://search.roccommerce.com https://rocsearch.roccommerce.com/ http://rocsearch.roccommerce.com/ 1
base-uri 'self';connect-src 'self' https://sentry.io https://*.sentry.io https://stats.g.doubleclick.net/j/collect https://webstat.erasmusmc.nl https://www.google-analytics.com/j/collect;default-src 'self';font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com data:;form-action 'self' https://*.list-manage.com;frame-src 'self' https://embed.podcasts.apple.com/ https://player.vimeo.com/ https://open.spotify.com/ https://widget.spreaker.com/ https://www.youtube.com/;img-src 'self' data: https://*.amazonaws.com https://img.youtube.com https://via.placeholder.com https://www.google-analytics.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://webstat.erasmusmc.nl 'nonce-DUDuLooPveKDKq64lnYFUDeXEnSYnAnh';style-src 'self' 'unsafe-inline' https://consent.23g.io https://fonts.googleapis.com 1
default-src 'self' *.speechstream.net *.doubleclick.net *.google.com *.browsealoud.com *.google-analytics.com *.trac.jobs;   script-src 'self' map.footways.london *.google.com *.trac.jobs *.speechstream.net *.google-analytics.com *.syndication.twimg.com *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com www.google.com www.gstatic.com *.ytimg.com translate.google.com translate.googleapis.com 'unsafe-inline';   style-src 'self' *.trac.jobs *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com fonts.googleapis.com platform.twitter.com translate.googleapis.com 'unsafe-inline';   img-src * data:;   media-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com blob:;   object-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com;   frame-src 'self' map.footways.london *.google.com *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.twitter.com player.vimeo.com 'unsafe-inline';   form-action 'self';   frame-ancestors 'none';   base-uri 'self';   font-src 'self' *.twitter.com *.browsealoud.com *.cqc.org.uk *.googletagmanager.com fonts.gstatic.com;   worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.net *.facebook.com www.google.com www.gstatic.com  *.treasuredata.com *.jquery.com *.pinterest.com *.iesnare.com *.yotpo.com js.adsrvr.org cdnjs.cloudflare.com *.resonate.com js.monitor.azure.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.facebook.net *.facebook.com *.yotpo.com *.fonts.net *.cloudflare.com *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.liquidapp.cloud *.liquidcheckout.com *.iesnare.com *.facebook.net *.facebook.com *.reservebar.com *.diageohorizon.com *.iesnare.com *.yotpo.com ds.reson8.com dc.services.visualstudio.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self'  *.yotpo.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.typekit.net; frame-src 'self' *.facebook.net *.facebook.com www.google.com *.closeby.co *.youtube.com *.vimeo.com vimeo.com *.adsrvr.org *.anyroad.com where-to-buy.co *.doubleclick.net *.vtinfo.com; img-src 'self' *.facebook.net *.liquidcheckout.com *.facebook.com placehold.co *.shopify.com  *.diageoagegate.com *.yotpo.com *.onetrust.com *.googletagmanager.com *.doubleclick.net *.juicer.io *.mapbox.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.facebook.net *.facebook.com *.iesnare.com ; worker-src blob:; 1
frame-ancestors 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.acbcoop.com https://acbrebaterequest.com *.acbrebaterequest.com www.google-analytics.com www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://c.bing.com https://ws.zoominfo.com https://*.clarity.ms https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com; style-src 'self' 'unsafe-inline' *.acbcoop.com https://acbrebaterequest.com *.acbrebaterequest.com fonts.googleapis.com tagmanager.google.com fonts.googleapis.com *.licdn.com; img-src 'self' data: blob: https://acbrebaterequest.com *.acbrebaterequest.com *.acbcoop.com www.google-analytics.com https://www.googletagmanager.com analytics.google.com ssl.gstatic.com www.gstatic.com https://avatars.githubusercontent.com https://bat.bing.com https://*.clarity.ms https://c.bing.com *.linkedin.com *.licdn.com https://p.adsymptotic.com; font-src 'self' data: fonts.gstatic.com;  connect-src 'self' blob: https://acbrebaterequest.com *.acbrebaterequest.com *.acbcoop.com *.google-analytics.com https://api.github.com https://www.githubstatus.com/api/v2/components.json https://*.clarity.ms *.linkedin.com *.licdn.com analytics.google.com cdn.linkedin.oribi.io; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.linkedin.com; media-src 'self' media.licdn.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; child-src zitadel.com; style-src 'self' 'unsafe-inline' zitadel.com; font-src 'self'; object-src 'none'; frame-src https://www.youtube.com/ https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: img.shields.io 1
base-uri 'self' 'unsafe-eval'; default-src 'self' www.visura.it tinextagroup.my.site.com *.salesforceliveagent.com *.force.com *.salesforce.com www.googletagmanager.com *.google-analytics.com static.hotjar.com script.hotjar.com ws.hotjar.com content.hotjar.io integrations.us-east.assistant.watson.appdomain.cloud web-chat.global.assistant.watson.appdomain.cloud www.google.com www.gstatic.com www.privacylab.it bnr.elmobot.eu cns.elmobot.eu tinexta.intervieweb.it cdnjs.cloudflare.com fonts.gstatic.com connect.facebook.net www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' https://tinextagroup.my.site.com *.force.com https://fonts.googleapis.com 'unsafe-inline';media-src *;frame-ancestors 'self';font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' *.force.com  https://www.visura.it https://www.lextel.it https://www.sferabit.com https://www.google.com https://www.youtube.com/embed/ https://maps.google.com/ https://tinexta.intervieweb.it/ https://*.comark.it/ https://www.facebook.com ;img-src 'self' http://bizicorpwp.radiantthemes.com  www.facebook.com  data: *.gravatar.com; connect-src https://www.lextel.it https://www.visura.it https://tinextagroup.my.site.com https://cns.elmobot.eu https://content.hotjar.io wss://ws.hotjar.com *.google-analytics.com ; worker-src 'self' https://www.visura.it https://www.lextel.it  ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca implicit.harvard.edu app.powerbi.com www.gstatic.com fonts.googleapis.com ajax.googleapis.com ssl.google-analytics.com www.google-analytics.com apis.google.com www.googletagmanager.com www.google.com platform.twitter.com syndication.twitter.com www.youtube.com www.sciod.ca data:; style-src 'self' https://use.fontawesome.com https://cloud.typenetwork.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com 'unsafe-inline'; img-src 'self' stats.g.doubleclick.net thumbs.gfycat.com *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca fonts.googleapis.com ssl.google-analytics.com  data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ubuntu.social; img-src 'self' https: data: blob: https://ubuntu.social; style-src 'self' https://ubuntu.social 'nonce-iR6bRioAZhbZu5QT17Pugg=='; media-src 'self' https: data: https://ubuntu.social; frame-src 'self' https:; manifest-src 'self' https://ubuntu.social; form-action 'self'; child-src 'self' blob: https://ubuntu.social; worker-src 'self' blob: https://ubuntu.social; connect-src 'self' data: blob: https://ubuntu.social https://ubuntu.social wss://ubuntu.social; script-src 'self' https://ubuntu.social 'wasm-unsafe-eval' 1
default-src 'none';script-src 'self' 'unsafe-eval' 'nonce-N0ljNOeAOtQKvkV4oQzAnw==' *.teamviewer.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;connect-src 'self';media-src 'self';style-src data: 'self' 'unsafe-inline' *.teamviewer.com https://optanon.blob.core.windows.net;img-src data: blob: 'self' *.teamviewer.com https://optanon.blob.core.windows.net https://cdnjs.cloudflare.com;child-src 'self' *.teamviewer.com teamviewer8: https://www.google.com/recaptcha/;frame-src 'self' *.teamviewer.com teamviewer8: https://www.google.com/recaptcha/;font-src data: 'self' *.teamviewer.com *.sharepointonline.com *.azureedge.net; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://selectbutton.net/logs/ https://selectbutton.net/sidekiq/ https://selectbutton.net/mini-profiler-resources/ https://selectbutton.net/assets/ https://selectbutton.net/extra-locales/ https://selectbutton.net/highlight-js/ https://selectbutton.net/javascripts/ https://selectbutton.net/plugins/ https://selectbutton.net/theme-javascripts/ https://selectbutton.net/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://www.youtube.com/; worker-src 'self' https://selectbutton.net/assets/ https://selectbutton.net/javascripts/ https://selectbutton.net/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googletagmanager.com https://fonts.googleapis.com worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googletagmanager.com blob:;img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com data: blob:; font-src 'self' data: https://fonts.gstatic.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googletagmanager.com; 1
connect-src 'self' https://storage.googleapis.com/alantra-web-pro-wp-uploads/ https://www.google-analytics.com https://stats.g.doubleclick.net https://investmentdesktop.fundslibrary.net https://dc.services.visualstudio.com https://323-hqu-719.mktoresp.com/ https://region1.analytics.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net ajax.googleapis.com *.yandex.ru www.googleadservices.com googleads.g.doubleclick.net vk.com www.google-analytics.com bitrix.info; frame-ancestors 'self'; object-src 'none';  1
default-src 'self' ; img-src *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.g.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.facebook.com https://actega.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com 'self' *.ggpht.com *.google.com *.google.com.mx *.google.de *.googleapis.com *.gstatic.com *.consentmanager.net data: https://www.linkedin.com https://px.ads.linkedin.com https://app.easy-feedback.com ; script-src https://www.googleoptimize.com https://*.thinglink.me *.privacymanager.io *.bizographics.com *.actega.com actega.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.googleapis.com *.google.com *.consentmanager.net 'self' 'unsafe-eval' *.gstatic.com *.google-analytics.com *.googletagmanager.com 'unsafe-inline' *.faktor.io cdn.inspectlet.com cdn.mouseflow.com https://indivsurvey.de https://snap.licdn.com/li.lms-analytics/insight.min.js https://embed.clickmeeting.com https://app.easy-feedback.com ; style-src 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com 'self' ; connect-src * ; frame-src https://cdn.consentmanager.net/ https://actega-metal-print.com/ https://outlook.office365.com/ https://*.thinglink.com https://altana.clickmeeting.com https://widgets.clickmeeting.com https://www.linkedin.com https://www.youtube-nocookie.com/ https://cmp-consent-tool.privacymanager.io/ *.google-analytics.com *.googletagmanager.com 'self' *.google.com https://cw.choice.faktor.io https://cmp.fa https://cmp.faktor.mgr.consensu.org https://cmp.choice.faktor.io https://easy-feedback.de https://indivsurvey.de *.saferpay.com https://gdpr.privacymanager.io https://gdpr-consent-tool.privacymanager.io https://app.easy-feedback.com https://surveys.altana.com/ https://snap.licdn.com/li.lms-analytics/insight.old.min.js ; font-src 'self' data: *.gstatic.com ; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * blob: data:; font-src * data:; connect-src *; media-src * blob: data:; object-src *; prefetch-src *; child-src * blob:; frame-src *; worker-src 'self' blob:; frame-ancestors 'self' https://blockclubchicago.org; upgrade-insecure-requests; report-uri https://caf4d89311def727c14a23e8d7e3619c.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.cookielaw.org https://browser-update.org https://polyfill.io https://consent.cookiebot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://viewmedica.com *.sharethis.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com img.youtube.com *.doubleclick.net *.cookielaw.org *.google.com *.google.ie *.googletagmanager.com *.sharethis.com https://connect.facebook.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src *.google.com *.youtube.com *.soundcloud.com *.doubleclick.net 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.cookielaw.org https://materprivate.arekibo.com *.doubleclick.net *.onetrust.com maps.googleapis.com *.onetrust.io https://*.analytics.google.com *.sharethis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com open.spotify.com https://viewmedica.com https://forms.office.com *.cookiebot.com *.doubleclick.net *.viewmedica.com 'self' web-chat.nativechat.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com https://6386697.fls.doubleclick.net; script-src 'nonce-doJrw5EL3HGv9naZkjDpQqY18oCDWl2T+vHlAfj660aTBac5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.nextdirect.com/kz/ru 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.grcworldforums.com https://eme.abacusemedia.com; 1
upgrade-insecure-requests; default-src 'self' ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.staging.ziftone.com *.ziftone.com *.google-analytics.com *.wistia.com *.wistia.net blob: ; img-src 'self' http: https://*.trychameleon.com https://*.chmln-cdn.com https: ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com  *.ziftsolutions.com s3.amazonaws.com *.google-analytics.com *.wistia.com *.wistia.net data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.trychameleon.com checkout.stripe.com *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.getbee.io *.googleapis.com *.google-analytics.com *.zdassets.com *.googletagmanager.com *.google.com *.pendo.io browser-update.org static.zdassets.com s3.amazonaws.com *.zopim.com *.churnzero.net *.marketo.com *.wistia.com *.wistia.net data: ; connect-src 'self' https: wss://grid.meya.ai wss://partnerapps.eu.qlikcloud.com https://*.trychameleon.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.ziftone.com *.zift123.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.churnzero.net *.getbee.io *.google-analytics.com *.wistia.com *.wistia.net *.litix.io data: ; style-src 'self' 'unsafe-inline' blob: https: fast.wistia.com https://*.trychameleon.com; font-src 'self' https: https://*.chmln-cdn.com fast.wistia.com fast.wistia.net https://*.chmln-cdn.com data:; media-src 'self' https: ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com *.lenovo.com *.wistia.com *.wistia.net blob: data: ; object-src 'self' https: *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com; frame-src 'self' https: https://*.trychameleon.com https://*.trychameleon.com https://*.chmln-cdn.com *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.staging.ziftone.com *.ziftone.com *.looker.com *.ziftmarcom.com *.getbee.io *.getbee.com; frame-ancestors 'self' https: *.onserro.com *.onserrodemo.com ziftsolutions.ccindex.cn *.eu.ziftsolutions.com *.eu.ziftone.com *.eu.zift123.com *.eu.ziftmarcom.com *.ziftsolutions.com *.zift123.com *.ziftone.com *.looker.com *.ziftmarcom.com www.sandlerportalmarketing.com http://transform.cisco.com https://transform.cisco.com https://*.lookbookhq.com https://*.pathfactory.com http://*.lookbookhq.com http://*.pathfactory.com; worker-src 'self' blob: ; 1
default-src * data:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
frame-ancestors www.fulcolibrary.org *.www.fulcolibrary.org fulcolibrary.org *.fulcolibrary.org fulcolibrary.bibliocms.com *.fulcolibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.fulcolibrary.org *.www.fulcolibrary.org fulcolibrary.org *.fulcolibrary.org fulcolibrary.bibliocms.com *.fulcolibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.tapsuk.com; base-uri 'self' 1
child-src mediawatch.dk *.mediawatch.dk; frame-src https://*; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://melonbread.dev wss://melonbread.dev;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com/ data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com; object-src data:; frame-src 'self' *.krone-dev.cybob-one.com *.krone-agriculture.com https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com; script-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net; connect-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.gal; img-src 'self' https: data: blob: https://mastodon.gal; style-src 'self' https://mastodon.gal 'nonce-MbKcmc/5vYK/lKbl0VBzBg=='; media-src 'self' https: data: https://mastodon.gal; frame-src 'self' https:; manifest-src 'self' https://mastodon.gal; form-action 'self'; child-src 'self' blob: https://mastodon.gal; worker-src 'self' blob: https://mastodon.gal; connect-src 'self' data: blob: https://mastodon.gal https://static.mastodon.gal wss://mastodon.gal; script-src 'self' https://mastodon.gal 'wasm-unsafe-eval' 1
frame-ancestors https://connect.paysalia.com https://studio.swapcard.com 1
base-uri 'self'; default-src 'self' 'nonce-6e7382957f21a30ed537c148932fbcdf' https://cdn.shopify.com https://shopify.com; frame-ancestors none; style-src 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://a.klaviyo.com ws://localhost:8002 https://ssutpbbucket.s3.ap-southeast-1.amazonaws.com; font-src 'self' https://cdn.shopify.com data:; script-src 'self' https://thepaperbunny.us7.list-manage.com https://cdn.shopify.com https://static.klaviyo.com https://static-tracking.klaviyo.com 'nonce-6e7382957f21a30ed537c148932fbcdf' 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
default-src 'self';    script-src 'self' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com connect.facebook.net cdn.matomo.cloud nb.matomo.cloud nbstats.co.uk;    style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.gstatic.com;    img-src 'self' data: https:;    connect-src 'self' https:;    font-src 'self' data: https:;    object-src 'self';    media-src 'self' data: www.youtube.com vimeo.com;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com www.youtube.com player.vimeo.com w.soundcloud.com www.surveymonkey.co.uk      ipieca-timeline.netlify.app www.google.com uk.surveymonkey.com;    form-action 'self' *.list-manage.com;    base-uri 'self';    worker-src blob:;    frame-ancestors 'self';    report-uri https://nbcom.report-uri.com/r/d/csp/enforce 1
default-src 'self' data: ;   connect-src 'self' data: https: wss: ;   font-src 'self' data: chrome-extension: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' about: https: data: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: data: ;   style-src-attr 'self' 'unsafe-inline' https: ;   media-src 'self' data: https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https: ;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 1
default-src 'self'; frame-src https://webchat.clustaar.io https://v.calameo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://api.clustaar.io https://webchat.clustaar.io/ https://stats.bpcemutuelle.fr https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com  https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/; img-src 'self' https://i.vimeocdn.com; connect-src 'self' https://api.clustaar.io https://stats.bpcemutuelle.fr 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * 'self' data: blob:; 1
frame-ancestors 'self' *.alamode.com *.titanappraisal.com titanappraisal.com; connect-src 'self' *.alamode.com *.titanappraisal.com titanappraisal.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.googletagmanager.com *.heapanalytics.com *.mouseflow.com *.tiny.cloud *.googleapis.com *.gstatic.com *.google-analytics.com embed.tawk.to cdn.jsdelivr.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.clarity.ms https://*.tidio.com/ https://*.firebaseio.com https://connect.livechatinc.com https://api.livechatinc.com https://cdn.livechat-static.com https://cdn.livechatinc.com/ https://client.crisp.chat https://www.gstatic.com https://code.tidio.co/ https://*.serviceform.com/ https://serviceform.com/ https://widget-v4.tidiochat.com https://cdn.jsdelivr.net https://googletagmanager.com/ data: https://embed.tawk.to  https://*.google.co.uk https://*.klarna.com/ https://static-tracking.klaviyo.com https://static.klaviyo.com https://*.ukrsolution.com https://*.googletagmanager.com/ https://tagmanager.google.com/ https://*.klarnacdn.net https://google.com/ https://*.google.com/ https://www.google-analytics.com/ https://td.doubleclick.net/ https://connect.facebook.net/ https://*.tawk.to https://www.googletagmanager.com https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://stats.wp.com/ https://cdnjs.cloudflare.com; img-src 'self' data: https://googletagmanager.com https://cdn.livechat-static.com https://cdnjs.cloudflare.com https://ucarecdn.com  https://app.serviceform.com https://cdn.serviceform.com https://img.youtube.com https://*.paytrail.com https://*.amazonaws.com https://*.clarity.ms https://*.bing.com https://ps.w.org https://embed.tawk.to https://*.google.co.uk https://*.wp.com https://*.klarnacdn.net https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://*.google.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.fi/; object-src 'self' data: https://*.youtube.com/ https://embed.tawk.to https://*.google.co.uk https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://connect.facebook.net/ https://www.facebook.com/; frame-src 'self' data: https://*.youtube.com/ https://secure.livechatinc.com https://connect.livechatinc.com https://td.doubleclick.net/ https://*.firebaseio.com https://*.tidio.com/ https://priceinfo.resurs.com https://*.youtube-nocookie.com/ https://*.google.co.uk https://embed.tawk.to https://youtu.be/ https://www.google.com https://*.klarna.com/ https://*.vimeo.com/ https://connect.facebook.net/ https://www.facebook.com/; 1
script-src 'self' https://tpc.googlesyndication.com/ https://cdnjs.cloudflare.com/ https://www.gartner.com https://unpkg.com/ https://i.tryinteract.com/embed/app.js https://fast.wistia.net https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://tagmanager.google.com https://cdn.usefathom.com https://snap.licdn.com https://munchkin.marketo.net https://*.hotjar.com https://js.driftt.com https://ws.zoominfo.com https://*.6sc.co https://www.clickcease.com https://www.google.com/recaptcha https://smartpeople.secure.force.com https://cdn.cookielaw.org https://s3-us-west-2.amazonaws.com https://scale.smartcommunications.com https://bat.bing.com https://js.acq.io https://static.ads-twitter.com https://tag.demandbase.com https://*.g.doubleclick.net https://www.gstatic.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://smartpeople.my.salesforce-sites.com/ 'unsafe-inline' 'unsafe-eval' data:; font-src 'self' data: https:; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; object-src 'none'; base-uri 'none'; report-uri https://www.smartcommunications.com/; worker-src 'self' 1
default-src 'self' *.google.com *.vimeo.com *.google-analytics.com *.googletagmanager.com *.qualico.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com player.vimeo.com *.sharethis.com code.jquery.com *.hotjar.com *.hs-scripts.com *.usemessages.com *.hs-banner.com *.hsadspixel.net *.licdn.com cdn.bannersnack.com komito.net *.qualico.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.sharethis.com *.google.ca *.google.com *.linkedin.com *.adsymptotic.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com cdn.bannersnack.com *.hubspot.com *.qualico.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com twilio.qualico.com *.google-analytics.com *.doubleclick.net *.hubapi.com *.hubspot.com *.qualico.com; 1
default-src 'self'; upgrade-insecure-requests; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://api.pirsch.io; font-src 'self' data: https://wp-static.assets.sh; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.youtube.com/; img-src 'self' data: https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://afterall-wp.imgix.net https://i.ytimg.com https://i.vimeocdn.com; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://download-video.akamaized.net https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://player.vimeo.com https://vimeo.com https://vod-progressive.akamaized.net; object-src 'self'; script-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://api.pirsch.io https://*.g.doubleclick.net https://player.vimeo.com https://s.ytimg.com/ https://www.youtube.com/iframe_api https://s3.amazonaws.com https://afterall.us14.list-manage.com; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh; worker-src 'self' https://wp-static.assets.sh; frame-ancestors 'none'; form-action 'self' https://afterall.us14.list-manage.com; report-uri https://mrhenry.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net www.youtube.com cse.google.com s.ytimg.com apis.google.com www.google.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net partner.googleadservices.com pym.nprapps.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com player.vimeo.com www.youtube.com static.cloudflareinsights.com munchkin.marketo.net cdn-ukwest.onetrust.com pages.lasalle.com widget.tagembed.com maps.googleapis.com 'unsafe-eval' www.cloudflare.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com snap.licdn.com static.ads-twitter.com static.hotjar.com connect.facebook.net lltrck.com www.clarity.ms yoast.com kit.fontawesome.com cdn.tagembed.com googleads.g.doubleclick.net www.googleadservices.com; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com fonts.googleapis.com pages.lasalle.com www.gstatic.com widget.tagembed.com s3.us-west-1.wasabisys.com cdn.tagembed.com; img-src 'self' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com data: 2.gravatar.com secure.gravatar.com i.vimeocdn.com pages.lasalle.com cdn-ukwest.onetrust.com maps.gstatic.com maps.googleapis.com www.lasalle.com *.google-analytics.com *.googletagmanager.com t.co analytics.twitter.com www.facebook.com connect.facebook.net px.ads.linkedin.com lltrck.com c.clarity.ms c.bing.com s.w.org www.linkedin.com media.tagembed.com media.licdn.com pbs.twimg.com cdn.tagembed.com www.google.com www.google.pl googleads.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com ka-f.fontawesome.com widget.tagembed.com cdn.tagembed.com s3.us-west-1.wasabisys.com; connect-src 'self' vimeo.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com lasalle.tt.omtrdc.net cdn-ukwest.onetrust.com 160-bqd-171.mktoresp.com maps.googleapis.com mboxedge37.tt.omtrdc.net www.cloudflare.com www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net cdn.linkedin.oribi.io s.clarity.ms ka-f.fontawesome.com yoast.com my.yoast.com t.clarity.ms web.tagembed.com s3.us-west-1.wasabisys.com *.clarity.ms px.ads.linkedin.com; child-src 'self' data: www.youtube.com player.vimeo.com pages.lasalle.com widget.tagembed.com www.google.com www.facebook.com td.doubleclick.net; media-src 'self' 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
report-uri https://indicodata.ai 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; img-src https: data:; 1
connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com https://*.qualtrics.com; script-src 'nonce-tBBJJ5h28+V/qC0VCTVSkfc1QFfANXcqQ7kaeIjMYpqDMbwL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; media-src 'self' https://*.paypal.com https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/; img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.gstatic.com/ data:; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://fonts.gstatic.com/ data:; 1
